Repository: yandex-cloud/yc-solution-library-for-security Branch: master Commit: c69eb859248f Files: 940 Total size: 97.3 MB Directory structure: gitextract_eoozv27b/ ├── .gitignore ├── CATALOG.md ├── README.md ├── README_EN.md ├── auditlogs/ │ ├── _use_cases_and_searches/ │ │ ├── README.md │ │ ├── README_RU.md │ │ ├── Use-casesANDsearches.docx │ │ └── Use-casesANDsearches_RU.docx │ ├── cilium-s3/ │ │ ├── Dockerfile │ │ ├── Dockerfile old │ │ ├── README.md │ │ ├── cmd/ │ │ │ └── cilium-exporter/ │ │ │ └── main.go │ │ ├── config.yaml.example │ │ ├── go.mod │ │ ├── go.sum │ │ ├── internal/ │ │ │ ├── hubble/ │ │ │ │ └── observer.go │ │ │ └── s3/ │ │ │ └── sender.go │ │ └── kubernetes/ │ │ └── cilium-s3-chart/ │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── cilium-s3-chart-0.1.0.tgz │ │ ├── index.yaml │ │ ├── templates/ │ │ │ ├── deployment.yaml │ │ │ └── secret.yaml │ │ └── values.yaml │ ├── export-auditlogs-to-ArcSight/ │ │ ├── README.md │ │ ├── README_RU.md │ │ ├── Use-cases.docx │ │ ├── arcsight_content/ │ │ │ ├── README.md │ │ │ ├── YandexCloud.arb │ │ │ ├── flex/ │ │ │ │ ├── map.0.properties │ │ │ │ └── yc.jsonparser.properties │ │ │ ├── samples/ │ │ │ │ ├── 041738547.json │ │ │ │ ├── 042624546.json │ │ │ │ ├── 134730901.json │ │ │ │ ├── 151859118.json │ │ │ │ └── 155732665.json │ │ │ └── Поля ArcSight_JSON.docx │ │ └── images/ │ │ ├── arcsight.drawio │ │ └── arcsight_2.drawio │ ├── export-auditlogs-to-ELK_k8s/ │ │ ├── README.md │ │ ├── examples/ │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ ├── provider.tf │ │ │ ├── terraform.tfvars.example │ │ │ └── variables.tf │ │ ├── images/ │ │ │ ├── Logo-scheme.drawio │ │ │ └── Tech_scheme.drawio │ │ ├── k8s-events-siem-worker/ │ │ │ └── 2.0.0/ │ │ │ ├── Dockerfile │ │ │ ├── Dockerfile.old │ │ │ ├── README.md │ │ │ └── function/ │ │ │ ├── main.py │ │ │ └── requirements.txt │ │ └── modules/ │ │ ├── 00-sa-and-bucket.tf │ │ ├── 01-function-and-mq.tf │ │ ├── 02-worker.tf │ │ ├── 03-infra.tf │ │ ├── 04-audit-export.tf │ │ ├── 05-falco.tf │ │ ├── 06-kyverno.tf │ │ ├── Readme.md │ │ ├── chart/ │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates/ │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── _server.tpl │ │ │ │ ├── server-cm.yaml │ │ │ │ ├── server-deploy.yaml │ │ │ │ └── server-secret.yaml │ │ │ └── values.yaml │ │ ├── function/ │ │ │ ├── Makefile │ │ │ ├── main.py │ │ │ ├── requirements.txt │ │ │ └── test.py │ │ ├── outputs.tf │ │ ├── pusher/ │ │ │ ├── Makefile │ │ │ ├── main.py │ │ │ ├── requirements.txt │ │ │ └── test.py │ │ ├── templates/ │ │ │ ├── auditlog-worker-limits.yaml │ │ │ ├── falco-base.yaml │ │ │ ├── falco-worker-limits.yaml │ │ │ ├── falcosidekick-base.yaml │ │ │ ├── kubeconfig-template.yaml.tpl │ │ │ ├── kyverno-base.yaml │ │ │ ├── kyverno-worker-limits.yaml │ │ │ ├── policy-reporter-base.yaml │ │ │ └── yc-mk8s.ca │ │ ├── variables.tf │ │ └── versions.tf │ ├── export-auditlogs-to-ELK_k8s_old/ │ │ ├── README.md │ │ ├── README_RU.md │ │ ├── example/ │ │ │ ├── README.md │ │ │ ├── README_RU.md │ │ │ ├── main.tf │ │ │ └── provider.tf │ │ ├── images/ │ │ │ ├── Logo-scheme.drawio │ │ │ └── Tech_scheme.drawio │ │ ├── security-events-to-siem-importer/ │ │ │ ├── 01-function-and-mq.tf │ │ │ ├── 02-coi-worker.tf │ │ │ ├── README.md │ │ │ ├── pusher/ │ │ │ │ ├── Makefile │ │ │ │ ├── main.py │ │ │ │ ├── requirements.txt │ │ │ │ └── test.py │ │ │ ├── variables.tf │ │ │ ├── versions.tf │ │ │ └── worker/ │ │ │ ├── Dockerfile │ │ │ ├── cloud-init.tpl.yaml │ │ │ ├── docker-compose.yml │ │ │ ├── docker-declaration-auditlog.yaml │ │ │ ├── docker-declaration-falco.yaml │ │ │ ├── docker-declaration-kyverno.yaml │ │ │ └── function/ │ │ │ ├── main.py │ │ │ └── requirements.txt │ │ └── security-events-to-storage-exporter/ │ │ ├── 00-infra.tf │ │ ├── 01-audit-export.tf │ │ ├── 02-kubernetes-falco.tf │ │ ├── 03-kyverno.tf │ │ ├── README.md │ │ ├── example/ │ │ │ ├── main.tf │ │ │ └── provider.tf │ │ ├── function/ │ │ │ ├── Makefile │ │ │ ├── main.py │ │ │ ├── requirements.txt │ │ │ └── test.py │ │ ├── outputs.tf │ │ ├── templates/ │ │ │ ├── falco-base.yaml │ │ │ ├── falcosidekick-base.yaml │ │ │ ├── kubeconfig-template.yaml.tpl │ │ │ └── yc-mk8s.ca │ │ ├── variables.tf │ │ └── versions.tf │ ├── export-auditlogs-to-ELK_main/ │ │ ├── AUTHORS │ │ ├── CONFIGURE-HA.md │ │ ├── CONFIGURE-HA_RU.md │ │ ├── LICENSE │ │ ├── README.md │ │ ├── README_RU.md │ │ ├── backup/ │ │ │ ├── ECS-mapping_new.docx │ │ │ ├── curl_play with elk.sh │ │ │ ├── kms_decrypt_cmds.sh │ │ │ ├── last_backup/ │ │ │ │ ├── falco_pipeline_backup.json │ │ │ │ ├── k8s-mapping-ba.json │ │ │ │ ├── k8s_audit_dashboard-back.ndjson │ │ │ │ ├── k8s_audit_dashboard-future.ndjson │ │ │ │ ├── k8s_audit_detections-back.ndjson │ │ │ │ ├── k8s_dashboard.ndjson │ │ │ │ └── trails_dashboard-backup.ndjson │ │ │ ├── mapping6.json │ │ │ └── objects/ │ │ │ ├── dashboard.ndjson │ │ │ ├── dashboard_backup.ndjson │ │ │ ├── detections.ndjson │ │ │ ├── filters.ndjson │ │ │ ├── filters_backup.ndjson │ │ │ ├── kibana_index_pattern.ndjson │ │ │ ├── kibana_search2.ndjson │ │ │ ├── pipeline3.json │ │ │ ├── searches.ndjson │ │ │ └── searches_backup.ndjson │ │ ├── docker/ │ │ │ ├── Dockerfile │ │ │ └── docker-compose.yml │ │ ├── functions/ │ │ │ ├── main.py │ │ │ └── requirements.txt │ │ ├── images/ │ │ │ └── elastic.drawio │ │ ├── papers/ │ │ │ ├── ECS-mapping.docx │ │ │ ├── Описание объектов eng.docx │ │ │ └── Описание объектов.docx │ │ ├── terraform/ │ │ │ ├── README.md │ │ │ ├── README_RU.md │ │ │ ├── example/ │ │ │ │ ├── README.md │ │ │ │ ├── README_RU.md │ │ │ │ ├── main.tf │ │ │ │ ├── provider.tf │ │ │ │ └── variables.tf │ │ │ └── modules/ │ │ │ ├── yc-elastic-trail/ │ │ │ │ ├── cloud-init_lin.tpl.yaml │ │ │ │ ├── docker-declaration.yaml │ │ │ │ ├── main.tf │ │ │ │ ├── variables.tf │ │ │ │ └── versions.tf │ │ │ └── yc-managed-elk/ │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── update-elk-scheme/ │ │ │ ├── Dockerfile │ │ │ ├── README.md │ │ │ ├── function/ │ │ │ │ ├── main.py │ │ │ │ └── requirements.txt │ │ │ └── include/ │ │ │ ├── audit-trail/ │ │ │ │ ├── backup/ │ │ │ │ │ ├── detections.ndjson │ │ │ │ │ └── filters.ndjson │ │ │ │ ├── dashboard.ndjson │ │ │ │ ├── detections.ndjson │ │ │ │ ├── filters.ndjson │ │ │ │ ├── index-pattern.ndjson │ │ │ │ ├── index-template.json │ │ │ │ ├── mapping.json │ │ │ │ ├── pipeline.json │ │ │ │ └── search.ndjson │ │ │ ├── k8s-audit/ │ │ │ │ ├── dashboard.ndjson │ │ │ │ ├── detections.ndjson │ │ │ │ ├── filters.ndjson │ │ │ │ ├── index-pattern.ndjson │ │ │ │ ├── index-template.json │ │ │ │ ├── mapping.json │ │ │ │ ├── pipeline.json │ │ │ │ └── search.ndjson │ │ │ ├── k8s-falco/ │ │ │ │ ├── detections.ndjson │ │ │ │ ├── filters.ndjson │ │ │ │ ├── index-pattern.ndjson │ │ │ │ ├── index-template.json │ │ │ │ ├── mapping.json │ │ │ │ ├── pipeline.json │ │ │ │ └── search.ndjson │ │ │ └── k8s-kyverno/ │ │ │ ├── dashboard-back2.ndjson │ │ │ ├── dashboard-backup.ndjson │ │ │ ├── dashboard.ndjson │ │ │ ├── detections-back.ndjson │ │ │ ├── detections.ndjson │ │ │ ├── filters-back.ndjson │ │ │ ├── filters.ndjson │ │ │ ├── index-pattern.ndjson │ │ │ ├── index-template.json │ │ │ ├── mapping.json │ │ │ ├── pipeline.json │ │ │ └── search.ndjson │ │ └── workshop-guide/ │ │ ├── README.md │ │ ├── example/ │ │ │ ├── audit_trails_demo/ │ │ │ │ ├── main.tf │ │ │ │ ├── provider.tf │ │ │ │ └── variables.tf │ │ │ ├── k8s_demo/ │ │ │ │ ├── README.md │ │ │ │ ├── example/ │ │ │ │ │ ├── README.md │ │ │ │ │ ├── main.tf │ │ │ │ │ └── provider.tf │ │ │ │ ├── images/ │ │ │ │ │ ├── Logo-scheme.drawio │ │ │ │ │ └── Tech_scheme.drawio │ │ │ │ ├── security-events-to-siem-importer/ │ │ │ │ │ ├── 01-function-and-mq.tf │ │ │ │ │ ├── 02-coi-worker.tf │ │ │ │ │ ├── README.md │ │ │ │ │ ├── pusher/ │ │ │ │ │ │ ├── Makefile │ │ │ │ │ │ ├── main.py │ │ │ │ │ │ ├── requirements.txt │ │ │ │ │ │ └── test.py │ │ │ │ │ ├── variables.tf │ │ │ │ │ ├── versions.tf │ │ │ │ │ └── worker/ │ │ │ │ │ ├── Dockerfile │ │ │ │ │ ├── cloud-init.tpl.yaml │ │ │ │ │ ├── docker-compose.yml │ │ │ │ │ ├── docker-declaration-auditlog.yaml │ │ │ │ │ ├── docker-declaration-falco.yaml │ │ │ │ │ ├── docker-declaration-kyverno.yaml │ │ │ │ │ └── function/ │ │ │ │ │ ├── main.py │ │ │ │ │ └── requirements.txt │ │ │ │ └── security-events-to-storage-exporter/ │ │ │ │ ├── 00-infra.tf │ │ │ │ ├── 01-audit-export.tf │ │ │ │ ├── 02-kubernetes-falco.tf │ │ │ │ ├── 03-kyverno.tf │ │ │ │ ├── README.md │ │ │ │ ├── charts/ │ │ │ │ │ └── policy-reporter/ │ │ │ │ │ ├── Chart.yaml │ │ │ │ │ ├── charts/ │ │ │ │ │ │ ├── kyvernoPlugin-0.5.2.tgz │ │ │ │ │ │ ├── monitoring-1.4.2.tgz │ │ │ │ │ │ └── ui-1.8.5.tgz │ │ │ │ │ ├── config.yaml │ │ │ │ │ ├── templates/ │ │ │ │ │ │ ├── _helpers.tpl │ │ │ │ │ │ ├── clusterrole.yaml │ │ │ │ │ │ ├── clusterrolebinding.yaml │ │ │ │ │ │ ├── deployment.yaml │ │ │ │ │ │ ├── prioritymap.yaml │ │ │ │ │ │ ├── role.yaml │ │ │ │ │ │ ├── rolebinding.yaml │ │ │ │ │ │ ├── service.yaml │ │ │ │ │ │ ├── serviceaccount.yaml │ │ │ │ │ │ └── targetssecret.yaml │ │ │ │ │ └── values.yaml │ │ │ │ ├── example/ │ │ │ │ │ ├── main.tf │ │ │ │ │ └── provider.tf │ │ │ │ ├── function/ │ │ │ │ │ ├── Makefile │ │ │ │ │ ├── main.py │ │ │ │ │ ├── requirements.txt │ │ │ │ │ └── test.py │ │ │ │ ├── outputs.tf │ │ │ │ ├── templates/ │ │ │ │ │ ├── falco-base.yaml │ │ │ │ │ ├── falcosidekick-base.yaml │ │ │ │ │ ├── kubeconfig-template.yaml.tpl │ │ │ │ │ └── yc-mk8s.ca │ │ │ │ ├── variables.tf │ │ │ │ └── versions.tf │ │ │ └── modules/ │ │ │ └── yc-elastic-trail/ │ │ │ ├── cloud-init_lin.tpl.yaml │ │ │ ├── docker-declaration.yaml │ │ │ ├── main.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ └── preparation/ │ │ ├── folders.txt │ │ ├── main.tf │ │ ├── provider.tf │ │ └── variables.tf │ ├── export-auditlogs-to-Opensearch/ │ │ ├── CONFIGURE-HA.md │ │ ├── CONFIGURE-HA_RU.md │ │ ├── README.md │ │ ├── README_EN.md │ │ ├── deploy-of-opensearch/ │ │ │ ├── docker-compose.yaml │ │ │ └── opensearch_dashboards.yml │ │ ├── functions/ │ │ │ ├── Dockerfile │ │ │ ├── main.py │ │ │ └── requirements.txt │ │ ├── images/ │ │ │ └── elastic.drawio │ │ ├── terraform/ │ │ │ ├── README.md │ │ │ ├── backup_README.md │ │ │ ├── main.tf │ │ │ ├── modules/ │ │ │ │ └── yc-opensearch-trail/ │ │ │ │ ├── cloud-init_lin.tpl.yaml │ │ │ │ ├── docker-declaration.yaml │ │ │ │ ├── main.tf │ │ │ │ ├── variables.tf │ │ │ │ └── versions.tf │ │ │ ├── provider.tf │ │ │ ├── terraform_tfvars │ │ │ └── variables.tf │ │ └── update-opensearch-scheme/ │ │ ├── content-for-transfer/ │ │ │ ├── dashboard.ndjson │ │ │ ├── filters.ndjson │ │ │ ├── monitor.json │ │ │ ├── search.ndjson │ │ │ └── trigger_action_example.json │ │ └── include/ │ │ └── audit-trail/ │ │ ├── alert.json │ │ ├── dashboard.ndjson │ │ ├── detections.ndjson │ │ ├── filters.ndjson │ │ ├── index-pattern.ndjson │ │ ├── index-template.json │ │ ├── ism-policy.json │ │ ├── mapping.json │ │ ├── pipeline.json │ │ └── search.ndjson │ ├── export-auditlogs-to-Splunk/ │ │ ├── README.md │ │ ├── README_RU.md │ │ ├── docker/ │ │ │ ├── Dockerfile │ │ │ └── docker-compose.yml │ │ ├── functions/ │ │ │ ├── main.py │ │ │ └── requirements.txt │ │ ├── images/ │ │ │ └── splun.drawio │ │ └── terraform/ │ │ ├── example/ │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ ├── provider.tf │ │ │ └── variables.tf │ │ └── modules/ │ │ └── yc-splunk-trail/ │ │ ├── cloud-init_lin.tpl.yaml │ │ ├── docker-declaration.yaml │ │ ├── main.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── export-auditlogs-to-wazuh/ │ │ ├── README.md │ │ ├── README_RU.md │ │ ├── packer/ │ │ │ ├── README.md │ │ │ ├── ansible/ │ │ │ │ ├── ansible.cfg │ │ │ │ ├── playbook.yaml │ │ │ │ └── roles/ │ │ │ │ └── wazuh/ │ │ │ │ ├── files/ │ │ │ │ │ ├── configs/ │ │ │ │ │ │ ├── local_internal_options.conf │ │ │ │ │ │ └── ossec.conf │ │ │ │ │ ├── decoders/ │ │ │ │ │ │ └── local_decoder.xml │ │ │ │ │ ├── local_internal_options.conf │ │ │ │ │ ├── shared/ │ │ │ │ │ │ ├── agent-template.conf │ │ │ │ │ │ ├── ar.conf │ │ │ │ │ │ └── default/ │ │ │ │ │ │ ├── agent.conf │ │ │ │ │ │ ├── bpfdoor_check.yml │ │ │ │ │ │ ├── cis_apache2224_rcl.txt │ │ │ │ │ │ ├── cis_debian_linux_rcl.txt │ │ │ │ │ │ ├── cis_mysql5-6_community_rcl.txt │ │ │ │ │ │ ├── cis_mysql5-6_enterprise_rcl.txt │ │ │ │ │ │ ├── cis_rhel5_linux_rcl.txt │ │ │ │ │ │ ├── cis_rhel6_linux_rcl.txt │ │ │ │ │ │ ├── cis_rhel7_linux_rcl.txt │ │ │ │ │ │ ├── cis_rhel_linux_rcl.txt │ │ │ │ │ │ ├── cis_sles11_linux_rcl.txt │ │ │ │ │ │ ├── cis_sles12_linux_rcl.txt │ │ │ │ │ │ ├── cis_win2012r2_domainL1_rcl.txt │ │ │ │ │ │ ├── cis_win2012r2_domainL2_rcl.txt │ │ │ │ │ │ ├── cis_win2012r2_memberL1_rcl.txt │ │ │ │ │ │ ├── cis_win2012r2_memberL2_rcl.txt │ │ │ │ │ │ ├── log4j_check.yml │ │ │ │ │ │ ├── merged.mg │ │ │ │ │ │ ├── rootkit_files.txt │ │ │ │ │ │ ├── rootkit_trojans.txt │ │ │ │ │ │ ├── system_audit_rcl.txt │ │ │ │ │ │ ├── system_audit_ssh.txt │ │ │ │ │ │ ├── win_applications_rcl.txt │ │ │ │ │ │ ├── win_audit_rcl.txt │ │ │ │ │ │ └── win_malware_rcl.txt │ │ │ │ │ └── wodle/ │ │ │ │ │ ├── yandex/ │ │ │ │ │ │ └── yandex │ │ │ │ │ └── yandex-clamav/ │ │ │ │ │ ├── yandex-clamav │ │ │ │ │ └── yandex-clamav.py │ │ │ │ ├── handlers/ │ │ │ │ │ └── main.yml │ │ │ │ ├── tasks/ │ │ │ │ │ └── main.yml │ │ │ │ ├── templates/ │ │ │ │ │ ├── freshclam.j2 │ │ │ │ │ └── ossec.j2 │ │ │ │ └── vars/ │ │ │ │ └── main.yml │ │ │ └── template.pkr.hcl │ │ └── terraform/ │ │ ├── deployment/ │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── profile.tftpl │ │ │ └── variables.tf │ │ └── modules/ │ │ ├── s3/ │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── terraform.tf │ │ │ └── variable.tf │ │ ├── vm/ │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── terraform.tf │ │ │ └── variables.tf │ │ └── vpc/ │ │ ├── README.md │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── terraform.tf │ │ └── variables.tf │ ├── export-k8s-to-s3/ │ │ ├── README.md │ │ └── terraform/ │ │ ├── 00-sa-and-bucket.tf │ │ ├── 03-infra.tf │ │ ├── 04-audit-export.tf │ │ ├── function/ │ │ │ ├── main.py │ │ │ └── requirements.txt │ │ ├── provider.tf │ │ └── variables.tf │ ├── export-k8s-to-s3-cloud-logging/ │ │ ├── README.md │ │ └── terraform/ │ │ ├── function/ │ │ │ ├── main.py │ │ │ └── requirements.txt │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── provider.tf │ │ └── variables.tf │ ├── export-k8s-to-yds/ │ │ ├── README.md │ │ └── terraform/ │ │ ├── 00-sa-and-bucket.tf │ │ ├── 03-infra.tf │ │ ├── 04-audit-export.tf │ │ ├── function/ │ │ │ ├── main.py │ │ │ └── requirements.txt │ │ ├── provider.tf │ │ ├── terraformrc │ │ └── variables.tf │ ├── trail_monitoring/ │ │ ├── README.md │ │ └── README_RU.md │ └── trails-function-detector/ │ ├── README.md │ ├── README_RU.md │ ├── example/ │ │ ├── README.md │ │ ├── README_RU.md │ │ ├── main.tf │ │ └── provider.tf │ ├── function/ │ │ ├── main.py │ │ └── requirements.txt │ ├── images/ │ │ ├── Logo-scheme.drawio │ │ └── Tech_scheme.drawio │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── auth_and_access/ │ ├── ad-sync/ │ │ ├── README.md │ │ └── Sync-YCLDAPUsers-v2.ps1 │ ├── iam/ │ │ ├── .gitignore │ │ ├── .pre-commit-config.yaml │ │ ├── README.md │ │ ├── examples/ │ │ │ ├── custom roles/ │ │ │ │ ├── README.md │ │ │ │ ├── cloud.tf │ │ │ │ ├── organization.tf │ │ │ │ ├── projects.tf │ │ │ │ ├── terraform.tfvars.example │ │ │ │ ├── variables.tf │ │ │ │ └── versions.tf │ │ │ ├── organization/ │ │ │ │ ├── README.md │ │ │ │ ├── main.tf │ │ │ │ ├── variables.tf │ │ │ │ └── versions.tf │ │ │ ├── small/ │ │ │ │ ├── README.md │ │ │ │ ├── main.tf │ │ │ │ ├── outputs.tf │ │ │ │ ├── variables.tf │ │ │ │ └── versions.tf │ │ │ ├── use usernames/ │ │ │ │ ├── README.md │ │ │ │ ├── main.tf │ │ │ │ ├── variables.tf │ │ │ │ └── versions.tf │ │ │ └── webinar_example/ │ │ │ ├── README.md │ │ │ ├── dev/ │ │ │ │ ├── main.tf │ │ │ │ ├── variables.tf │ │ │ │ └── versions.tf │ │ │ ├── iam_mgmt/ │ │ │ │ ├── main.tf │ │ │ │ ├── outputs.tf │ │ │ │ ├── variables.tf │ │ │ │ └── versions.tf │ │ │ ├── modules/ │ │ │ │ ├── iam/ │ │ │ │ │ ├── .gitignore │ │ │ │ │ ├── .pre-commit-config.yaml │ │ │ │ │ ├── README.md │ │ │ │ │ ├── examples/ │ │ │ │ │ │ └── dev_folder/ │ │ │ │ │ │ ├── main.tf │ │ │ │ │ │ ├── outputs.tf │ │ │ │ │ │ ├── variables.tf │ │ │ │ │ │ └── versions.tf │ │ │ │ │ ├── main.tf │ │ │ │ │ ├── outputs.tf │ │ │ │ │ ├── variables.tf │ │ │ │ │ └── versions.tf │ │ │ │ └── networking/ │ │ │ │ ├── .gitignore │ │ │ │ ├── .pre-commit-config.yaml │ │ │ │ ├── README.md │ │ │ │ ├── main.tf │ │ │ │ ├── outputs.tf │ │ │ │ ├── variables.tf │ │ │ │ └── versions.tf │ │ │ └── prod/ │ │ │ ├── main.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── keycloak/ │ │ ├── README.md │ │ ├── examples/ │ │ │ ├── README.md │ │ │ ├── env-yc.sh │ │ │ ├── install.sh │ │ │ ├── keycloak-config/ │ │ │ │ ├── main.tf │ │ │ │ └── sync.sh │ │ │ └── keycloak-deploy/ │ │ │ ├── main.tf │ │ │ └── variables.tf │ │ ├── keycloak-config/ │ │ │ ├── README.md │ │ │ ├── federation.tf │ │ │ ├── keycloak-config.tf │ │ │ ├── providers.tf │ │ │ ├── variables.tf │ │ │ └── yc-root.crt │ │ └── keycloak-deploy/ │ │ ├── README.md │ │ ├── dns-cm.tf │ │ ├── kc-setup.sh │ │ ├── kc-vm-init.tpl │ │ ├── keycloak-vm.tf │ │ ├── postgress.tf │ │ ├── providers.tf │ │ ├── variables.tf │ │ └── vpc.tf │ ├── org_iac_iam/ │ │ ├── README.md │ │ ├── cloud-level-state/ │ │ │ ├── README.md │ │ │ ├── folders_and_bindings.tf │ │ │ ├── provider.tf │ │ │ ├── terraform_tfvars │ │ │ ├── variables.tf │ │ │ └── vpc.tf │ │ ├── images/ │ │ │ └── iam_iac.drawio │ │ ├── module_keycloak/ │ │ │ ├── federation.tf │ │ │ ├── kc-le-cert.sh │ │ │ ├── kc-setup.sh │ │ │ ├── kc-users-gen.sh │ │ │ ├── keycloak.tf │ │ │ ├── postgress.tf │ │ │ ├── realm.json │ │ │ ├── user-resources.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── org_level_clouds_and_fed.tf │ │ ├── org_level_folders.tf │ │ ├── org_level_grant_viewer.tf │ │ ├── org_level_groups_and_users.tf │ │ ├── org_level_prepare_users.tf │ │ ├── org_level_security_provis.tf │ │ ├── provider.tf │ │ ├── terraform_tfvars │ │ └── variables.tf │ └── scripts/ │ ├── README.md │ ├── list_Ips.sh │ ├── list_ips.ps1 │ └── yc_list_roles.ps1 ├── configuration/ │ └── hardening_bucket/ │ ├── README.md │ ├── README_RU.md │ ├── images/ │ │ └── Схема.drawio │ ├── main.tf │ ├── variables.tf │ └── versions.tf ├── encrypt_and_keys/ │ ├── encrypt_disk_VM/ │ │ ├── README.md │ │ ├── README_RU.md │ │ ├── cloud-init_lin.tpl.yaml │ │ ├── images/ │ │ │ └── Схема.drawio │ │ ├── main.tf │ │ ├── provider.tf │ │ ├── script.sh │ │ └── variables.tf │ ├── manage_secrets/ │ │ ├── terraform+KMS+COI/ │ │ │ ├── README.md │ │ │ ├── README_RU.md │ │ │ ├── cloud-init_lin.tpl.yaml │ │ │ ├── docker/ │ │ │ │ ├── Dockerfile │ │ │ │ └── functions/ │ │ │ │ ├── main.py │ │ │ │ └── requirements.txt │ │ │ ├── docker-declaration.yaml │ │ │ ├── main.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── terraform-lockbox-vm-credentials/ │ │ │ ├── 00-provider.tf │ │ │ ├── 01-vpc.tf │ │ │ ├── 02-service-account.tf │ │ │ ├── 03-kms-and-ssh-keys.tf │ │ │ ├── 04-lockbox-secret.tf │ │ │ ├── 05-postgres.tf │ │ │ ├── 06-kc-vm.tf │ │ │ ├── README.md │ │ │ ├── kc-install.yml │ │ │ ├── openssl.cnf │ │ │ ├── terraform.tfvars.example │ │ │ └── variables.tf │ │ └── windows-vm-secure-passwords/ │ │ ├── README.md │ │ ├── init-example.ps1 │ │ └── terraform-example/ │ │ ├── 00-provider.tf │ │ ├── 01-vpc.tf │ │ ├── 02-kms-and-ssh-keys.tf │ │ ├── 03-service-account.tf │ │ ├── 04-lockbox-secret.tf │ │ ├── 05-windows-vm.tf │ │ ├── init.ps1 │ │ ├── terraform.tfvars.example │ │ └── variables.tf │ └── vault2lockbox/ │ ├── readme.md │ ├── requirements.txt │ └── vault_to_lockbox_migrator.py ├── kubernetes-security/ │ ├── auth_and_access/ │ │ └── role-model-example/ │ │ ├── README.md │ │ ├── README_RU.md │ │ ├── end/ │ │ │ └── README.md │ │ ├── kubernetes/ │ │ │ ├── README.md │ │ │ ├── bad-pods/ │ │ │ │ ├── deployments/ │ │ │ │ │ ├── everything-allowed-exec-deployment.yaml │ │ │ │ │ ├── hostipc-exec-deployment.yaml │ │ │ │ │ ├── hostnetwork-exec-deployment.yaml │ │ │ │ │ ├── hostpath-exec-deployment.yaml │ │ │ │ │ ├── hostpid-exec-deployment.yaml │ │ │ │ │ ├── nothing-allowed-exec-deployment.yaml │ │ │ │ │ ├── priv-and-hostpid-exec-deployment.yaml │ │ │ │ │ └── priv-exec-deployment.yaml │ │ │ │ └── pods/ │ │ │ │ ├── everything-allowed-exec-pod.yaml │ │ │ │ ├── hostipc-exec-pod.yaml │ │ │ │ ├── hostnetwork-exec-pod.yaml │ │ │ │ ├── hostpath-exec-pod.yaml │ │ │ │ ├── hostpid-exec-pod.yaml │ │ │ │ ├── nothing-allowed-exec-pod.yaml │ │ │ │ ├── priv-and-hostpid-exec-pod.yaml │ │ │ │ └── priv-exec-pod.yaml │ │ │ ├── gatekeeper-policies/ │ │ │ │ ├── disallow-host-namespaces.yaml │ │ │ │ ├── disallow-host-network.yaml │ │ │ │ ├── disallow-privileged-containers.yaml │ │ │ │ ├── disallow-proc-mount.yaml │ │ │ │ ├── restrics-host-path.yaml │ │ │ │ └── restrict-sysctls.yaml │ │ │ └── kyverno-policies/ │ │ │ ├── disallow-adding-capabilities.yaml │ │ │ ├── disallow-host-namespaces.yaml │ │ │ ├── disallow-host-path.yaml │ │ │ ├── disallow-host-ports.yaml │ │ │ ├── disallow-privileged-containers.yaml │ │ │ ├── disallow-proc-mount.yaml │ │ │ ├── disallow-selinux.yaml │ │ │ ├── restrict-apparmor-profiles.yaml │ │ │ └── restrict-sysctls.yaml │ │ └── terraform/ │ │ ├── iam/ │ │ │ ├── .gitignore │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── modules/ │ │ │ └── iam/ │ │ │ ├── .pre-commit-config.yaml │ │ │ ├── README.md │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ └── staging/ │ │ ├── .gitignore │ │ ├── 01-network.tf │ │ ├── 02-kubernetes.tf │ │ ├── README.md │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── choice_of_solutions/ │ │ └── Сравнение функций k8s решений.docx │ ├── cve-quickfix/ │ │ ├── CVE-2021-4034/ │ │ │ ├── CVE-2021-4034-fix-ds.yaml │ │ │ └── Readme.md │ │ └── CVE-2022-0185/ │ │ ├── CVE-2022-0185-fix-ds.yaml │ │ └── Readme.md │ ├── encrypt_and_keys/ │ │ └── secret-management/ │ │ ├── README.md │ │ └── README_RU.md │ ├── kyverno-custom-policies/ │ │ ├── README.md │ │ ├── allow-actions-with-policys-only-silo-sa.yaml │ │ ├── deny-attach-by-pod-and-container.yaml │ │ ├── mutate-securitycontext-seccomp-deployment.yaml │ │ ├── mutate-securitycontext-seccomp-pod.yaml │ │ └── restrict-image-registries.yaml │ ├── osquery-kubequery/ │ │ ├── Docker/ │ │ │ └── Dockerfile │ │ ├── README.md │ │ ├── README_RU.md │ │ ├── filebeat-helm/ │ │ │ └── values.yaml │ │ ├── fluentsplunk-helm/ │ │ │ └── values.yaml │ │ ├── kubequery/ │ │ │ ├── kubequery-with-elastic-filebeat/ │ │ │ │ ├── configmap-filebeat.yaml │ │ │ │ └── deployment.yaml │ │ │ └── kubequery-with-splunk/ │ │ │ ├── configmap-fluentd.yaml │ │ │ └── deployment.yaml │ │ └── osquery-install-daemonset/ │ │ ├── configmap-config.yaml │ │ ├── configmap-pack_conf.yaml │ │ ├── daemonset.yaml │ │ ├── helm-charts/ │ │ │ └── osquery-ds-yc/ │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── osquery-ds-yc-0.1.0.tgz │ │ │ ├── templates/ │ │ │ │ ├── _helpers.tpl │ │ │ │ ├── configmap-config.yaml │ │ │ │ ├── configmap-packs.yaml │ │ │ │ ├── daemonset.yaml │ │ │ │ ├── network-policy-egress.yaml │ │ │ │ └── network-policy-ingress.yaml │ │ │ └── values.yaml │ │ ├── instruction.sh │ │ ├── network-policys.yaml │ │ └── ns.yaml │ ├── starboard_and_yc-cr/ │ │ └── README.md │ └── use-cases-k8s/ │ └── README.md ├── malware-defense/ │ └── kaspersy-install-in-yc/ │ ├── README.md │ ├── README_RU.md │ ├── cloud-init_lin.tpl.yaml │ ├── cloud-init_win.tpl.yaml │ ├── docker-declaration.yaml │ ├── images/ │ │ └── Kaspersky.drawio │ ├── network.tf │ ├── updates/ │ │ ├── kesl-11.2.0.4528/ │ │ │ ├── akinstall.sh │ │ │ ├── autoinstall.ini │ │ │ ├── kesl-gui_11.2.0-4528_amd64.deb │ │ │ ├── kesl.kud │ │ │ ├── kesl_11.2.0-4528_amd64.deb │ │ │ ├── kpd.loc/ │ │ │ │ ├── de.ini │ │ │ │ ├── en.ini │ │ │ │ ├── fr.ini │ │ │ │ ├── ja.ini │ │ │ │ └── ru.ini │ │ │ ├── ksn_license.de │ │ │ ├── ksn_license.en │ │ │ ├── ksn_license.fr │ │ │ ├── ksn_license.ja │ │ │ ├── ksn_license.ru │ │ │ ├── license.de │ │ │ ├── license.en │ │ │ ├── license.fr │ │ │ ├── license.ja │ │ │ └── license.ru │ │ └── klcfginst.msi │ ├── variables.tf │ ├── versions.tf │ └── virtual_machines.tf ├── network-sec/ │ ├── checkpoint-1VM/ │ │ ├── README.md │ │ └── README_RU.md │ ├── checkpoint-2VM_active-active/ │ │ ├── README.md │ │ ├── README_RU.md │ │ ├── check-init-sms.yaml │ │ ├── check-init_gw-a.yaml │ │ ├── check-init_gw-b.yaml │ │ ├── cloud-init_win.tpl.yaml │ │ ├── folders.tf │ │ ├── images/ │ │ │ ├── network_diagram_backup.drawio │ │ │ └── network_diagram_final.drawio │ │ ├── network.tf │ │ ├── provider.tf │ │ ├── variables.tf │ │ └── vms.tf │ ├── checkpoint-2VM_active-passive/ │ │ ├── README.md │ │ ├── README_RU.md │ │ ├── check-init-sms.yaml │ │ ├── check-init_gw-a.yaml │ │ ├── check-init_gw-b.yaml │ │ ├── cloud-init_win.tpl.yaml │ │ ├── folders.tf │ │ ├── images/ │ │ │ └── network_diagram_final.drawio │ │ ├── modules/ │ │ │ ├── multi-vpc-infra/ │ │ │ │ ├── .gitignore │ │ │ │ ├── .pre-commit-config.yaml │ │ │ │ ├── README.md │ │ │ │ ├── main.tf │ │ │ │ ├── outputs.tf │ │ │ │ ├── variables.tf │ │ │ │ └── versions.tf │ │ │ └── multi-vpc-protected-network/ │ │ │ ├── .gitignore │ │ │ ├── checker_function.tf │ │ │ ├── functions/ │ │ │ │ ├── checker_function/ │ │ │ │ │ ├── main.py │ │ │ │ │ └── requirements.txt │ │ │ │ └── switcher_function/ │ │ │ │ ├── main.py │ │ │ │ └── requirements.txt │ │ │ ├── main.tf │ │ │ ├── switcher_function/ │ │ │ │ ├── main.py │ │ │ │ └── requirements.txt │ │ │ ├── switcher_function.tf │ │ │ ├── templates/ │ │ │ │ └── route.switcher.tpl.yaml │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── network.tf │ │ ├── provider.tf │ │ ├── route-switcher.tf │ │ ├── variables.tf │ │ └── vms.tf │ ├── ipsec-sgw/ │ │ ├── README.md │ │ ├── compute.tf │ │ ├── examples/ │ │ │ ├── .gitignore │ │ │ ├── env-yc.sh │ │ │ ├── main.tf │ │ │ └── variables.tf │ │ ├── ipsec-configs.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── samples/ │ │ │ ├── cisco-asa-sample.txt │ │ │ ├── cisco-iosxe-sample.txt │ │ │ ├── mikrotik-chr-sample.txt │ │ │ ├── unknown-sample.txt │ │ │ └── yc-strongswan-sample.txt │ │ ├── sgw-vm-init.tpl │ │ ├── templates/ │ │ │ ├── ipsec-cisco-asa.tpl │ │ │ ├── ipsec-cisco-iosxe.tpl │ │ │ ├── ipsec-mikrotik-chr.tpl │ │ │ ├── ipsec-unknown.tpl │ │ │ └── ipsec-yc.tpl │ │ ├── variables.tf │ │ └── vpc.tf │ ├── remote-access-vpn/ │ │ ├── README.md │ │ ├── firezone/ │ │ │ ├── compute.tf │ │ │ ├── network.tf │ │ │ ├── output.tf │ │ │ ├── postgress.tf │ │ │ ├── provider.tf │ │ │ ├── security.tf │ │ │ ├── templates/ │ │ │ │ └── cloud-init_firezone.tpl.yaml │ │ │ └── variables.tf │ │ ├── keycloak-config/ │ │ │ ├── keycloak-config.tf │ │ │ ├── main.tf │ │ │ ├── output.tf │ │ │ └── provider.tf │ │ ├── keycloak-deploy/ │ │ │ ├── cert-manager.tf │ │ │ ├── kc-config.tf │ │ │ ├── keycloak-vm.tf │ │ │ ├── network.tf │ │ │ ├── output.tf │ │ │ ├── provider.tf │ │ │ ├── security.tf │ │ │ ├── templates/ │ │ │ │ ├── kc-config.tpl │ │ │ │ └── kc-vm-init.tpl │ │ │ └── variables.tf │ │ ├── main/ │ │ │ ├── main.tf │ │ │ └── output.tf │ │ └── settings/ │ │ └── outputs.tf │ ├── segmentation/ │ │ ├── README.md │ │ ├── README_RU.md │ │ ├── SG.tf │ │ ├── VM.tf │ │ ├── cloud-init-bastion.tpl.yaml │ │ ├── cloud-init.tpl.yaml │ │ ├── output.tf │ │ ├── provider.tf │ │ ├── sa_and_key/ │ │ │ ├── sa.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ ├── terraform.tfvars_example │ │ ├── variables.tf │ │ ├── versions.tf │ │ └── vpc.tf │ └── vpn/ │ ├── README.md │ ├── README_RU.md │ ├── SG.tf │ ├── backend.tf │ ├── cloud-init.tpl.yaml │ ├── docker-compose.yaml │ ├── docker-declaration.yaml │ ├── frontend.tf │ ├── ipsec-init.tpl.yaml │ ├── output.tf │ ├── provider.tf │ ├── remote-init.tpl.yaml │ ├── remote.tf │ ├── sa.tf │ ├── terraform.tfvars.example │ ├── variables.tf │ ├── versions.tf │ ├── vpc.tf │ └── vpn.tf ├── secure_ci_cd/ │ ├── devsecops-scale/ │ │ └── README.md │ └── secure_ci_cd_with_webinar/ │ ├── README.md │ ├── free_secure_ci_cd/ │ │ ├── .gitlab-ci.yml │ │ ├── .push_to_prod_registry.yml │ │ ├── README.md │ │ ├── dast-config/ │ │ │ ├── log4shell.conf │ │ │ └── log4shell.yaml │ │ ├── k8s-manifest.yaml │ │ └── log4shell-vulnerable-app/ │ │ ├── Dockerfile │ │ ├── LICENSE │ │ ├── README.md │ │ ├── build.gradle │ │ ├── gradle/ │ │ │ └── wrapper/ │ │ │ ├── gradle-wrapper.jar │ │ │ └── gradle-wrapper.properties │ │ ├── gradlew │ │ ├── gradlew.bat │ │ ├── settings.gradle │ │ └── src/ │ │ └── main/ │ │ ├── java/ │ │ │ └── fr/ │ │ │ └── christophetd/ │ │ │ └── log4shell/ │ │ │ └── vulnerableapp/ │ │ │ ├── MainController.java │ │ │ └── VulnerableAppApplication.java │ │ └── resources/ │ │ └── application.properties │ ├── gitlab_instance_sec_checklist/ │ │ ├── README.md │ │ └── gitlab_instance_isolate.md │ └── ultimate_secure_ci_cd/ │ ├── .gitlab-ci.yml │ ├── .push_to_prod_registry.yml │ ├── README.md │ ├── k8s-manifest.yaml │ └── log4shell-vulnerable-app/ │ ├── Dockerfile │ ├── LICENSE │ ├── README.md │ ├── build.gradle │ ├── gradle/ │ │ └── wrapper/ │ │ ├── gradle-wrapper.jar │ │ └── gradle-wrapper.properties │ ├── gradlew │ ├── gradlew.bat │ ├── settings.gradle │ └── src/ │ └── main/ │ ├── java/ │ │ └── fr/ │ │ └── christophetd/ │ │ └── log4shell/ │ │ └── vulnerableapp/ │ │ ├── MainController.java │ │ └── VulnerableAppApplication.java │ └── resources/ │ └── application.properties ├── terraform-sec/ │ ├── checkov-yc/ │ │ ├── .gitlab-ci(audit_mode).yml │ │ ├── .gitlab-ci(blocking_mode).yml │ │ ├── .gitlab-ci(blocking_mode_with_specific_checks_in_audit).yml │ │ ├── README.md │ │ └── README_RU.md │ └── remote-backend/ │ └── README.md ├── vuln-mgmt/ │ ├── anti-ddos-lt/ │ │ ├── README.md │ │ └── README_RU.md │ ├── unmng-waf-ptaf-cluster/ │ │ ├── README.md │ │ ├── README_RU.md │ │ ├── images/ │ │ │ └── ha-proxy.drawio │ │ ├── main/ │ │ │ ├── cloud-init_lin.tpl.yaml │ │ │ ├── cloud-init_lin.tpl_1.yaml │ │ │ ├── cloud-init_lin.tpl_2.yaml │ │ │ ├── function/ │ │ │ │ └── handler.sh │ │ │ ├── functions.tf │ │ │ ├── network.tf │ │ │ ├── variables.tf │ │ │ ├── versions.tf │ │ │ └── vms.tf │ │ └── prepare/ │ │ ├── README.md │ │ ├── app_vms.tf │ │ ├── declaration.yaml │ │ ├── network.tf │ │ ├── variables.tf │ │ └── versions.tf │ └── vulnerable-web-app-waf-test/ │ ├── README.md │ ├── README_RU.md │ ├── cloud_config.yaml │ ├── declaration.yaml │ ├── network_tasks.tf │ ├── output.tf │ ├── provider.tf │ ├── variables.tf │ └── vm_tasks.tf └── yandex-Cloud-Security-Checklist/ └── README.md ================================================ FILE CONTENTS ================================================ ================================================ FILE: .gitignore ================================================ # Apple temporary .DS_Store # Word temporary ~$*.doc* # Compiled files *.tfstate *.tfstate.backup *.tfstate.lock.info *.tfvars .terraform.lock.hcl # logs *.log *s3cfg # zip files *.zip *gatekeeper-library/ # Directories .terraform/ .vagrant/ # SSH Keys *.pem key.json sa-key.json # Backup files *.bak # Ignored Terraform files *gitignore*.tf # Ignored vscode files .vscode/ # Ignore Any Generated JSON Files operations/automation-script/apply.json operations/automation-script/configversion.json operations/automation-script/run.template.json operations/automation-script/run.json operations/automation-script/variable.template.json operations/automation-script/variable.json operations/automation-script/workspace.template.json operations/automation-script/workspace.json operations/sentinel-policies-scripts/create-policy.template.json operations/sentinel-policies-scripts/create-policy.json operations/variable-scripts/variable.template.json operations/variable-scripts/variable.json *.kubeconfig* .idea/ default/var/wazuh-install-files.tar default/var/wazuh-install-files rules/ !shared/default/ ================================================ FILE: CATALOG.md ================================================ # 🔐 Yandex.Cloud Security Solution Library **Yandex.Cloud Security Solution Library** — это набор примеров и рекомендаций, собранных в публичном репозитории на GitHub. Они помогут компаниям, которые хотят построить безопасную инфруструктуру в Облаке и соответствовать требованиям различных регуляторов и стандартов. Команда Yandex.Cloud проработала самые распространённые задачи, которые возникают при построении безопасности в облаке, протестировала и подробно описала необходимые сценарии. #### Вводный вебинар [![image](https://user-images.githubusercontent.com/85429798/146542425-b250c494-9a3c-4744-897d-5f65849355d5.png)](https://www.youtube.com/watch?v=WZOB9ow0WrA) #### ☑️ Стандарт по защите облачной инфраструктуры Yandex Cloud 1.0 Чеклист по безопасности в облачной инфраструкутре Yandex Cloud https://cloud.yandex.ru/docs/security/standard/all # Список решений - 🕸 Сетевая безопасность - [Пример настройки Security Groups (dev/stage/prod): Terraform](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/network-sec/segmentation/README_RU.md) - [Пример установки 1 ВМ-Межсетевой экран (NGFW): Checkpoint](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/network-sec/checkpoint-1VM/README_RU.md) - [Пример установки 2 ВМ NGFW Checkpoint: **Active-Active**](https://github.com/yandex-cloud/yc-solution-library-for-security/blob/master/network-sec/checkpoint-2VM_active-active/README_RU.md) - [Пример установки 2 ВМ NGFW Checkpoint: **Active-Passive**](https://github.com/yandex-cloud/yc-solution-library-for-security/blob/master/network-sec/checkpoint-2VM_active-passive/README_RU.md) - [Пример создания site-to-site VPN соединения с Yandex Cloud: Terraform](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/network-sec/vpn/README_RU.md) - 🔑 Аутентификация и управление доступом - [Развертывание и управление организацией и правами доступа через IaC terraform](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auth_and_access/org_iac_iam) - [Развёртывание федерации удостоверений в Yandex Cloud на базе решения Keycloak](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auth_and_access/keycloak) - [IAM модуль (с примерами использования)](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auth_and_access/iam#identity-and-access-management-iam-terraform-module-for-yandexcloud) - [Скрипт синхронизации пользователей и групп LDAP](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auth_and_access/ad-sync) - 🦠 Защита от вредоносного кода - [Развертывание Kaspersky Antivirus в Yandex.Cloud (Compute Instance, COI)](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/malware-defense/kaspersy-install-in-yc/README_RU.md) - 🐞 Управление уязвимостями - [Отказоустойчивая эксплуатация PT Application Firewall на базе Yandex.Cloud](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/vuln-mgmt/unmng-waf-ptaf-cluster/README_RU.md) - [Установка уязвимого веб приложения (dvwa) в Яндекс Облаке (с помощью terraform) для тестирования managed WAF](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/vuln-mgmt/vulnerable-web-app-waf-test/README_RU.md) - [Тестирование AntiDDos системы с помощью Yandex Load Testing](https://github.com/yandex-cloud/yc-solution-library-for-security/blob/master/vuln-mgmt/anti-ddos-lt/README_RU.md) - 🔏 Шифрование данных и управление ключами/секретами - [Шифрование секретов средствами KMS при передачи их в контейнер ВМ COI Yandex.Cloud:Terraform](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/encrypt_and_keys/manage_secrets/terraform%2BKMS%2BCOI) - [Шифрование диска ВМ в Облаке с помощью YC KMS](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/encrypt_and_keys/encrypt_disk_VM) - [Vault-to-Lockbox Migrator](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/encrypt_and_keys/vault2lockbox) - [Lockbox Безопасная передача паролей в Windows](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/encrypt_and_keys/manage_secrets/windows-vm-secure-passwords) - [Использование Lockbox для получения паролей в VM](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/encrypt_and_keys/manage_secrets/terraform-lockbox-vm-credentials) - 🔎 Сбор, мониторинг и анализ аудит логов - [Сбор, мониторинг и анализ аудит логов Yandex Cloud в Yandex Managed Opensearch](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-Opensearch/README.md) - [Сбор, мониторинг и анализ аудит логов в Yandex Managed Service for Elasticsearch (ELK)](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-ELK_main/README_RU.md) - [Сбор, мониторинг и анализ аудит логов во внешний SIEM ArcSight](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-ArcSight/README_RU.md) - [Сбор, мониторинг и анализ аудит логов во внешний Splunk](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-Splunk/README_RU.md) - [Сбор, мониторинг и анализ аудит логов во внешний Wazuh](https://github.com/yandex-cloud/yc-solution-library-for-security/blob/master/auditlogs/export-auditlogs-to-wazuh/README_RU.md) - [Use cases и важные события безопасности в аудит логах](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/_use_cases_and_searches/README_RU.md) - [Trails-function-detector: Оповещения и реагирование на события ИБ Audit trails с помощью Cloud Logging/Cloud Functions + Telegram](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/trails-function-detector/README_RU.md) - [Мониторинг Audit Trails и событий в Yandex Cloud Monitoring](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/trail_monitoring/README_RU.md) - 👮 Безопасная конфигурация - [Пример безопасной конфигурации Yandex Cloud Object Storage: Terraform](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/configuration/hardening_bucket/README_RU.md) - (Скоро) запрет доступа к метадате ## Kubernetes logo
- Безопасность Kubernetes - Аутентификация и управление доступом Managed Kubernetes: - [Пример настройки ролевых моделей и политик в Managed Service for Kubernetes](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/kubernetes-security/auth_and_access/role-model-example/README_RU.md) - Сбор, мониторинг и анализ аудит логов: - [Анализ логов безопасности k8s в ELK: аудит-логи, policy engine, falco](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-ELK_k8s) - [Экспорт Cilium Flow Logs в Object Storage(s3)](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/cilium-s3) - [Экспорт k8s аудит логов в s3/object storage](https://github.com/yandex-cloud/yc-solution-library-for-security/blob/master/auditlogs/export-k8s-to-s3/README.md) - [Экспорт k8s аудит логов в Yandex Data Streams/Kinesis Data Streams](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-k8s-to-yds) - Шифрование данных и управление ключами/секретами Managed Kubernetes - [Управление секретами c SecretManager(Lockbox,Vault)](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/kubernetes-security/encrypt_and_keys/secret-management/README_RU.md) - Безопасная конфигурация Managed Kubernetes: - [osquery и kubequery в k8s: osquery (защита k8s nodes), kubequery (анализ конфиг. всего k8s) ](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/kubernetes-security/osquery-kubequery/README_RU.md) - CVE mitigations: - [CVE-2022-0185](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/kubernetes-security/cve-quickfix/CVE-2022-0185) - [CVE-2021-4034](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/kubernetes-security/cve-quickfix/CVE-2021-4034) - [Таблица сравениня функций решений по безопасности k8s](https://github.com/yandex-cloud/yc-solution-library-for-security/blob/master/kubernetes-security/choice_of_solutions/Сравнение_функций_k8s_security.pdf) - [Интеграция Starboard с Yandex Cloud Container Registry с целью сканирования запущенных образов](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/kubernetes-security/starboard_and_yc-cr/README_RU.md) ## Kubernetes logo
- CI/CD Security - Secure CI/CD на базе Managed GitLab: - [Вебинар+материалы:Обнаружение Log4shell и др. уязвимостей в CI/CD на базе Managed GitLab](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/secure_ci_cd/secure_ci_cd_with_webinar): - [Обнаружение уязвимостей в CI/CD (Ultimate лицензия)](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/secure_ci_cd/secure_ci_cd_with_webinar) - [Обнаружение уязвимостей в CI/CD (Free лицензия)](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/secure_ci_cd/secure_ci_cd_with_webinar) - [Security in Gtilab instance check-list](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/secure_ci_cd/secure_ci_cd_with_webinar/gitlab_instance_sec_checklist/README_RU.md) - [Выступление про комплаенс и devsecops](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/secure_ci_cd/devsecops-scale/README.md) # Kubernetes logo
- Безопасность Terraform - [Сканирование tf файлов с помощью checkov](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/terraform-sec/checkov-yc) - [Хранение состояния Terraform в Yandex.Cloud Object Storage](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/terraform-sec/remote-backend) # Kubernetes logo
# Обратная связь и пожелания - Доработки, ошибки, contribute: Заводите, пожалуйста с помощью github issue/pr - Вопросы, пожелания, консультации: Пишите нам в телеграм https://t.me/YandexCloudSecurity #### Референсная архитектура ![Refer_arc](https://user-images.githubusercontent.com/85429798/132501079-0bd89876-2cc9-405b-aac3-ea65ac1fb6d2.png) ================================================ FILE: README.md ================================================ # Yandex Cloud Security Solutions Library This repo contains Security Solutions from Yandex Cloud Team. The repository is Archived. 🚚 Solutions from this repository has been moved to https://github.com/yandex-cloud-examples/yc-security-solutions-library ================================================ FILE: README_EN.md ================================================ # 🔐 Yandex.Cloud Security Solution Library **Yandex.Cloud Security Solution Library** is a set of examples and recommendations collected in a public repository on GitHub. Its purpose is to help companies build a secure infrastructure in the cloud and meet the requirements of various regulators and standards. Yandex.Cloud team has selected the most common tasks that arise when building security in the cloud. They have tested and described relevant scenarios in detail. #### Brief webinar [![image](https://user-images.githubusercontent.com/85429798/146542425-b250c494-9a3c-4744-897d-5f65849355d5.png)](https://www.youtube.com/watch?v=WZOB9ow0WrA) #### ☑️ Yandex.Cloud Security Checklist Checklist for security in the Yandex.Cloud infrastructure https://cloud.yandex.com/en/docs/overview/security/domains/checklist # List of solutions - 🕸 Network security - [Example of setting up Security Groups (dev/stage/prod): Terraform](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/network-sec/segmentation) - [Example of installing a VM instance with a firewall (NGFW): Check Point](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/network-sec/checkpoint-1VM) - [Example of installing two VM instances with an NGFW Check Point: **Active-Active**](https://github.com/yandex-cloud/yc-solution-library-for-security/blob/master/network-sec/checkpoint-2VM_active-active/README.md) - [Example of installing two NGFW Check Point VMs: **Active-Passive**](https://github.com/yandex-cloud/yc-solution-library-for-security/blob/master/network-sec/checkpoint-2VM_active-passive/README.md) - [An example of creating a site-to-site VPN connection to Yandex.Cloud: Terraform](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/network-sec/vpn) - 🔑 Authentication and access control - [Развертывание и управление организацией и правами доступа через IaC terraform](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auth_and_access/org_iac_iam) - [IAM module with usage examples](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auth_and_access/iam#identity-and-access-management-iam-terraform-module-for-yandexcloud) - [LDAP user and group synchronization script](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auth_and_access/ad-sync) - 🦠 Protection against malicious code - [Deploying Kaspersky Antivirus in Yandex.Cloud (Compute Instance, COI)](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/malware-defense/kaspersy-install-in-yc) - 🐞 Vulnerability management - [Fault-tolerant operation of PT Application Firewall based on Yandex.Cloud](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/vuln-mgmt/unmng-waf-ptaf-cluster) - [Installing a vulnerable web application (DVWA) in Yandex.Cloud using Terraform for Managed WAF testing](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/vuln-mgmt/vulnerable-web-app-waf-test) - [Testing AntiDDos system using Yandex Load Testing](https://github.com/yandex-cloud/yc-solution-library-for-security/blob/master/vuln-mgmt/anti-ddos-lt/README.md) - 🔏 Data encryption and key and secret management - [Encrypting secrets with KMS when transferring the keys to the COI VM container Yandex.Cloud: Terraform](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/encrypt_and_keys/terraform%2BKMS%2BCOI) - [Encrypting a VM disk in the cloud using YC KMS](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/encrypt_and_keys/encrypt_disk_VM) - [Yandex Cloud Lockbox password solution](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/encrypt_and_keys/terraform-lockbox-vm-credentials) - 🔎 Collecting, monitoring, and analyzing audit logs - [Collecting, monitoring and analyzing audit logs in Yandex Managed Opensearch](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-Opensearch/README_EN.md) - [Collecting, monitoring and analyzing audit logs in Yandex Managed Service for Elasticsearch (ELK)](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-ELK_main) - [Collecting, monitoring, and analyzing audit logs in an external SIEM ArcSight](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-ArcSight) - [Collecting, monitoring, and analyzing audit logs in an external Splunk](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-Splunk) - [Collecting, monitoring, and analyzing audit logs in an external Wazuh](https://github.com/yandex-cloud/yc-solution-library-for-security/blob/master/auditlogs/export-auditlogs-to-wazuh/README.md) - [Use cases and important security events in audit logs](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/_use_cases_and_searches) - [Trails-function-detector: Alerts and response to Information Security events in Audit Trails using Cloud Logging and Cloud Functions + Telegram](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/trails-function-detector) - [Monitoring Audit Trails and events in Yandex Cloud Monitoring](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/trail_monitoring) - 👮 Secure configuration - [Example of a secure configuration for Yandex Cloud Object Storage: Terraform](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/configuration/hardening_bucket) ## Kubernetes logo
- Kubernetes security - Authentication and access control in Managed Kubernetes: - [Example of setting up role-based models and policies in Yandex Managed Service for Kubernetes](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/kubernetes-security/auth_and_access/role-model-example) - Collecting, monitoring, and analyzing audit logs: - [Analyzing K8s security logs in ELK: audit logs, Policy Engine, Falco](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-ELK_k8s) - [Exporting Cilium Flow Logs to Object Storage (S3)](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/cilium-s3) - [Export of kubernetes audit logs to s3/object storage](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-k8s-to-s3) - [Export of kubernetes audit logs to Yandex Data Streams/Kinesis Data Streams](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-k8s-to-yds) - Data encryption and key/secret management in Managed Kubernetes - [Secret Management with Secret Manager (Lockbox, Vault)](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/kubernetes-security/encrypt_and_keys/secret-management) - Secure configuration of Managed Kubernetes: - [Osquery and kubequery in K8s: Osquery (protecting K8s nodes), kubequery (analyzing the configuration of the entire K8s)](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/kubernetes-security/osquery-kubequery) - CVE mitigations: - [CVE-2022-0185](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/kubernetes-security/cve-quickfix/CVE-2022-0185) - [CVE-2021-4034](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/kubernetes-security/cve-quickfix/CVE-2021-4034) - [Feature comparison table of k8s security solution](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/kubernetes-security/choice_of_solutions) - [Starboard integration with Yandex Cloud Container Registry to scan running images](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/kubernetes-security/starboard_and_yc-cr) ## Kubernetes logo
- CI/CD Security - Secure CI/CD on Managed GitLab: - [Webinar+materials: Detection of Log4shell and other vulnerabilities in CI / CD based on Managed GitLab](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/secure_ci_cd/secure_ci_cd_with_webinar): - [Vulnerability detection in CI/CD (Ultimate license)](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/secure_ci_cd/secure_ci_cd_with_webinar/ultimate_secure_ci_cd) - [Vulnerability detection in CI/CD (Free license)](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/secure_ci_cd/secure_ci_cd_with_webinar/free_secure_ci_cd) - [Security in Gtilab instance check-list](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/secure_ci_cd/secure_ci_cd_with_webinar/gitlab_instance_sec_checklist) - [Speech about compliance and devsesop](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/secure_ci_cd/devsecops-scale/README.md) ## Kubernetes logo
- Terraform security - [Scan tf manifests with checkov](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/terraform-sec/checkov-yc) - [Terraform state in Yandex.Cloud using Object Storage](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/terraform-sec/remote-backend) # Kubernetes logo
# Feedback - Improvements, bugs, contribute: Please start using github issue/pr - Questions, wishes, consultations: Write to us in telegram https://t.me/YandexCloudSecurity #### Reference architecture ![Refer_arc](https://user-images.githubusercontent.com/85429798/132501079-0bd89876-2cc9-405b-aac3-ea65ac1fb6d2.png) ================================================ FILE: auditlogs/_use_cases_and_searches/README.md ================================================ # Use cases and important security events in audit logs This section contains use cases and important security events on the Yandex.Cloud platform. Actual Use Cases and important security events are collected in the repository file here.[Use-casesANDsearches.pdf](https://github.com/yandex-cloud/yc-solution-library-for-security/blob/master/auditlogs/_use_cases_and_searches/Use-casesANDsearches.pdf) You can ship audit logs from the service [Audit Trails](https://cloud.yandex.ru/docs/audit-trails/) in [Cloud Logging](https://cloud.yandex.ru/docs/audit-trails/operations/export-cloud-logging) or in [Yandex Managed Service for Elasticsearch (ELK)](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-ELK_main) or in your [other own SIEM](https://cloud.yandex.ru/docs/audit-trails/concepts/export-siem) ## Syntax of file Event analysis expressions are prepared in KQL (ElsticSearch) and CloudLogging to choose ![image](https://user-images.githubusercontent.com/85429798/185589916-ffe26b9b-fec4-489c-ae18-72835bfd5b91.png) ## Example Analysis of Events in Cloud Logging ![Screen Shot 2022-02-15 at 17 11 06](https://user-images.githubusercontent.com/85429798/154079879-db576283-3afb-4bc5-a1d7-4e7de9dcb987.png) ## An example of event analysis in ELK ![image](https://user-images.githubusercontent.com/85429798/154079995-10c9d330-3e2e-4b7e-bc97-31a8b71611db.png) ## An example of event analysis in YQ ![image](https://user-images.githubusercontent.com/85429798/185590295-e556e9b9-721b-419f-a864-179b0c2d42ad.png) ================================================ FILE: auditlogs/_use_cases_and_searches/README_RU.md ================================================ # Use cases и важные события безопасности в аудит логах В данном разделе собраны use cases и важные события безопасности платформы Yandex.Cloud. Актуальные Use cases и важные события безопасности собраны в файле репозитория здесь [Use_Cases.pdf](https://github.com/yandex-cloud/yc-solution-library-for-security/blob/master/auditlogs/_use_cases_and_searches/Use-casesANDsearches.pdf) Вы можете отгружать аудит логи из сервиса [Audit Trails](https://cloud.yandex.ru/docs/audit-trails/) в [Cloud Logging](https://cloud.yandex.ru/docs/audit-trails/operations/export-cloud-logging) или в [Yandex Managed Service for Elasticsearch (ELK)](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-ELK_main) либо в ваш [собственный SIEM](https://cloud.yandex.ru/docs/audit-trails/concepts/export-siem) ## Синтаксис файла Выражения по анализу событий подготовлены на языке KQL(ElsticSearch) и Cloudlogging на выбор ![image](https://user-images.githubusercontent.com/85429798/154081374-843f5c6d-a881-404a-b618-3693f1d3a11b.png) ## Пример анализа событий в Cloud Logging ![Screen Shot 2022-02-15 at 17 11 06](https://user-images.githubusercontent.com/85429798/154079879-db576283-3afb-4bc5-a1d7-4e7de9dcb987.png) ## Пример анализа событий в ELK ![image](https://user-images.githubusercontent.com/85429798/154079995-10c9d330-3e2e-4b7e-bc97-31a8b71611db.png) ================================================ FILE: auditlogs/cilium-s3/Dockerfile ================================================ FROM golang:1.16-alpine AS build ## ## Build ## WORKDIR /cilium-splunk COPY go.mod ./ COPY go.sum ./ RUN go mod download COPY ./cmd/cilium-exporter ./cmd/cilium-exporter COPY ./internal ./internal COPY ./config.yaml.example ./ RUN go build -o /cilium-exporter ./cmd/cilium-exporter/main.go ## ## Deploy ## #FROM golang:1.16-alpine FROM alpine:3.14 WORKDIR / COPY --from=build /cilium-exporter /cilium-exporter ENTRYPOINT ["/cilium-exporter"] ================================================ FILE: auditlogs/cilium-s3/Dockerfile old ================================================ FROM golang:1.16-alpine WORKDIR /cilium-splunk COPY go.mod ./ COPY go.sum ./ RUN go mod download COPY ./cmd/cilium-exporter ./cmd/cilium-exporter COPY ./internal ./internal COPY ./config.yaml.example ./ RUN go build -o /bin/cilium-exporter ./cmd/cilium-exporter/main.go CMD [ "/bin/cilium-exporter" ] ================================================ FILE: auditlogs/cilium-s3/README.md ================================================ # "cilium-s3" Export flow logs of Cilium to Yandex Cloud Object Storage Снимок экрана 2021-10-23 в 20 40 23 Снимок экрана 2021-10-23 в 20 38 08 Снимок экрана 2021-10-23 в 20 38 08 # Version **Version-1.0** - Changelog: - First version - Docker images: - `cr.yandex/sol/cilium-s3:1` - Helm chart: - `cr.yandex/sol/cilium-s3-chart:0.1.0` ## Solution Description Connects via gRPC to hubble-relay and sends netflow events to Object Storage Then you can pick up these events from Object Storage to any SIEM using [GeeseFS](https://cloud.yandex.ru/docs/storage/tools/geesefs) or other aws compatible plugins Or using prepared Object Storage integrations in the following SIEMs: - [Object storage to Splunk](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-Splunk) - Cilium flow logs to Elasticsearch Скоро!!! ## Installing with helm #### Prerequisites - :white_check_mark: Yandex Managed Service for Kubernetes® [with Cilium CNI enabled](https://cloud.yandex.ru/docs/managed-kubernetes/quickstart#kubernetes-cluster-create) - :white_check_mark: [Object Storage Bucket](https://cloud.yandex.ru/docs/storage/quickstart) - :white_check_mark: [Created static keys for service account](https://cloud.yandex.ru/docs/iam/operations/sa/create-access-key) - :white_check_mark: [Installed Helm client](https://helm.sh/ru/docs/intro/install/) #### Install helm-chart Install helm hart by replacing the values with your own (specified in the prerequisites) ```Python helm install cilium-s3-chart oci://cr.yandex/sol/cilium-s3-chart --version 0.1.0 --namespace cilium-s3 --create-namespace \ --set yandex.secretaccesskey= \ --set yandex.bucket= \ --set yandex.accesskeyid= \ --set yandex.prefix= (например:k8s-cilium-flow-logs/cluster-id-1232145gfg) ``` ``` Helm values: yandex: - accesskeyid: "" # yandex access key - secretaccesskey: "" # yandex secret access key - bucket: "" # Yandex storage, bucket name - hubble_url: "hubble-relay.kube-system.svc.cluster.local:80" # Hubble-url - prefix: "k8s-cilium-flow-logs/" # Prefix of bucket folder - region: "ru-central1" # region of S3 - endpoint: "https://storage.yandexcloud.net" # endpoint of S3 ``` ================================================ FILE: auditlogs/cilium-s3/cmd/cilium-exporter/main.go ================================================ package main import ( "cilium-splunk/internal/hubble" "cilium-splunk/internal/s3" "context" "flag" "os" "os/signal" "syscall" "time" "github.com/aws/aws-sdk-go/aws" observerpb "github.com/cilium/cilium/api/v1/observer" "github.com/heetch/confita" "github.com/heetch/confita/backend/env" "github.com/heetch/confita/backend/file" "go.uber.org/zap" "go.uber.org/zap/zapcore" "golang.org/x/sync/errgroup" ) type S3Config struct { Region string `config:"S3_REGION,backend=env"` Endpoint string `config:"S3_ENDPOINT,backend=env"` Bucket string `config:"S3_BUCKET,backend=env"` Prefix string `config:"S3_PREFIX,backend=env"` AccessKeyID string `config:"S3_ACCESS_KEY_ID,backend=env" yaml:"access-key-id"` SecretAccessKey string `config:"S3_SECRET_ACCESS_KEY,backend=env" yaml:"secret-access-key"` } type Config struct { //Old string // HubbleRelayUrl string `config:"hubble-relay-url,required" yaml:"hubble-relay-url"` //Есть сомнения, что так заработает (надо сделать чтобы через env) HubbleRelayUrl string `config:"hubble-relay-url,required,backend=env"` S3 S3Config `config:"s3"` } var workerPoolSize = 1 var cfg = &Config{ S3: S3Config{ Region: "ru-central1", Endpoint: "https://storage.yandexcloud.net", }, HubbleRelayUrl: "hubble-relay.kube-system.svc.cluster.local:80", } var logger *zap.Logger var debug bool func init() { configPath := flag.String("config", "config.yaml", "Path to config file") flag.BoolVar(&debug, "debug", false, "Debug logger") flag.Parse() var level zapcore.Level = zapcore.InfoLevel if debug { level = zapcore.DebugLevel } logger = zap.New(zapcore.NewCore( zapcore.NewJSONEncoder(zap.NewProductionEncoderConfig()), zapcore.Lock(os.Stdout), zap.NewAtomicLevelAt(level), )) err := confita.NewLoader( file.NewOptionalBackend(*configPath), env.NewBackend(), ).Load(context.Background(), cfg) if err != nil { logger.Fatal(err.Error()) } logger.Debug("Config loaded", zap.Any("config", cfg)) } func main() { defer logger.Sync() ctx, done := context.WithCancel(context.Background()) g, gctx := errgroup.WithContext(ctx) g.Go(func() error { signalChannel := make(chan os.Signal, 1) signal.Notify(signalChannel, os.Interrupt, syscall.SIGTERM) select { case sig := <-signalChannel: logger.Info("Received signal", zap.Any("signal", sig)) done() time.AfterFunc(3*time.Second, func() { logger.Sync() logger.Fatal("Exit deadline exeeded") }) case <-gctx.Done(): logger.Info("Closing signal goroutine") return gctx.Err() } return nil }) senderChan := make(chan observerpb.GetFlowsResponse) observer := hubble.NewObserver(&senderChan, cfg.HubbleRelayUrl, logger) awsConfig := aws.NewConfig() if debug { awsConfig.WithLogLevel(aws.LogDebug) } sender := s3.NewSender(&senderChan, s3.S3Config{ Region: cfg.S3.Region, Endpoint: cfg.S3.Endpoint, Bucket: cfg.S3.Bucket, Prefix: cfg.S3.Prefix, AccessKeyID: cfg.S3.AccessKeyID, SecretAccessKey: cfg.S3.SecretAccessKey, }, awsConfig, logger) g.Go(func() error { gctx := gctx return observer.Start(gctx) }) for i := 0; i < workerPoolSize; i++ { g.Go(func() error { gctx := gctx return sender.Worker(gctx) }) } if err := g.Wait(); err == nil || err == context.Canceled { logger.Info("Finished clean") } else { logger.Error("Error while waiting for goroutines", zap.Error(err)) } } ================================================ FILE: auditlogs/cilium-s3/config.yaml.example ================================================ s3: bucket: "k8s-logs" prefix: "k8s/b1gnusj8glj1pkr3ru0e/b1gpl1hi60t84gv7gg8o/catfr1ki8briuhgra3qm" access-key-id: "..." # Can be set using S3_ACCESS_KEY_ID env secret-access-key: "..." # Can be set using S3_SECRET_ACCESS_KEY env hubble-relay-url: "hubble-relay.kube-system.svc.cluster.local:80" # Defaults to "hubble-relay.kube-system.svc.cluster.local:80" ================================================ FILE: auditlogs/cilium-s3/go.mod ================================================ module cilium-splunk go 1.17 require ( github.com/aws/aws-sdk-go v1.41.1 github.com/cilium/cilium v1.10.4 github.com/heetch/confita v0.10.0 go.uber.org/zap v1.19.1 google.golang.org/grpc v1.41.0 ) require ( github.com/BurntSushi/toml v0.4.1 // indirect github.com/pkg/errors v0.9.1 // indirect go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.7.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect ) require ( github.com/golang/protobuf v1.5.2 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect golang.org/x/net v0.0.0-20211011170408-caeb26a5c8c0 // indirect golang.org/x/sync v0.0.0-20210220032951-036812b2e83c golang.org/x/sys v0.0.0-20211013075003-97ac67df715c // indirect golang.org/x/text v0.3.7 // indirect google.golang.org/genproto v0.0.0-20211013025323-ce878158c4d4 // indirect google.golang.org/protobuf v1.27.1 // indirect ) ================================================ FILE: auditlogs/cilium-s3/go.sum ================================================ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/Azure/azure-sdk-for-go v54.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= github.com/Azure/go-autorest/autorest v0.11.12/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw= github.com/Azure/go-autorest/autorest v0.11.17/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw= github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0= github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= github.com/Azure/go-autorest/autorest/adal v0.9.11/go.mod h1:nBKAnTomx8gDtl+3ZCJv2v0KACFHWTB2drffI1B68Pk= github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= github.com/Azure/go-autorest/autorest/azure/auth v0.5.7/go.mod h1:AkzUsqkrdmNhfP2i54HqINVQopw0CLDnvHpJ88Zz1eI= github.com/Azure/go-autorest/autorest/azure/cli v0.4.2/go.mod h1:7qkJkT+j6b+hIpzMOwPChJhTqS8VbsqqgULzMNRugoM= github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= github.com/Azure/go-autorest/autorest/validation v0.2.0/go.mod h1:3EEqHnBxQGHXRYq3HT1WyXAvT7LLY3tl70hw6tQIbjI= github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v0.4.1 h1:GaI7EiDXDRfa8VshkTj7Fym7ha+y8/XxIgD2okUIjLw= github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/datadog-go v2.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg= github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0= github.com/aliyun/alibaba-cloud-sdk-go v1.61.957/go.mod h1:pUKYbK5JQ+1Dfxk80P0qxGqe5dkxDoabbZS7zOcouyA= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-metrics v0.0.0-20190430140413-ec5e00d3c878/go.mod h1:3AMJUQhVx52RsWOnlkpikZr01T/yAVN2gn0861vByNg= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.34.28/go.mod h1:H7NKnBqNVzoTJpGfLrQkkD+ytBA93eiDYi/+8rV9s48= github.com/aws/aws-sdk-go v1.41.1 h1:TR9j7i73tzV8ELPMc0LkImSRLljRJ+gQeArKBC7IfVE= github.com/aws/aws-sdk-go v1.41.1/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/aws/aws-sdk-go-v2 v1.3.2/go.mod h1:7OaACgj2SX3XGWnrIjGlJM22h6yD6MEWKvm7levnnM8= github.com/aws/aws-sdk-go-v2 v1.3.3/go.mod h1:7OaACgj2SX3XGWnrIjGlJM22h6yD6MEWKvm7levnnM8= github.com/aws/aws-sdk-go-v2/config v1.1.6/go.mod h1:Kx90DDOgkMpRfSkzGbF13AVXHHfBNct1liO+95KxXsU= github.com/aws/aws-sdk-go-v2/credentials v1.1.6/go.mod h1:q1wQ5jHdFNhc4wnNcOEpnovs4keJA5Ds+qESCnfEsgU= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.0.6/go.mod h1:0+fWMitrmIpENiY8/1DyhdYPUCAPvd9UNz9mtCsEoLQ= github.com/aws/aws-sdk-go-v2/service/ec2 v1.5.0/go.mod h1:3iBezuZtNxZnKX7Zv2JB/lGyGCSYOES8TMq4WSXPBl0= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.0.6/go.mod h1:L0KWr0ASo83PRZu9NaZaDsw3koS6PspKv137DMDZjHo= github.com/aws/aws-sdk-go-v2/service/sso v1.1.5/go.mod h1:bpGz0tidC4y39sZkQSkpO/J0tzWCMXHbw6FZ0j1GkWM= github.com/aws/aws-sdk-go-v2/service/sts v1.3.0/go.mod h1:ssRzzJ2RZOVuKj2Vx1YE7ypfil/BIlgmQnCSW4DistU= github.com/aws/smithy-go v1.3.1/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E= github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/cilium/cilium v1.10.4 h1:xW56mkiRhxshPcS30IhsCBPwSFEgV3xcQSWMZyg8oq4= github.com/cilium/cilium v1.10.4/go.mod h1:lWTUj3a9NwQKl+6wUCt0iVPySWpsAqm+1lfAXyig1LI= github.com/cilium/customvet v0.0.0-20201209211516-9852765c1ac4/go.mod h1:MEn5V1CejgUNFP3Y1JKmBC6Mb9TuK53ecHG9lffctFg= github.com/cilium/deepequal-gen v0.0.0-20200406125435-ad6a9003139e/go.mod h1:c4R5wxGyXhbM6zyKeRKNIc9aab5EZi4z4oOSZvUMvZA= github.com/cilium/ebpf v0.5.1-0.20210421150058-a4ee356536f3/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs= github.com/cilium/ipam v0.0.0-20201106170308-4184bc4bf9d6/go.mod h1:Ascfar4FtgB+K+mwqbZpSb3WVZ5sPFIarg+iAOXNZqI= github.com/cilium/proxy v0.0.0-20210511221533-82a70d56bf32/go.mod h1:mvauc94lqkyJunRsU9Ef5FIsixi8vBeDoxuMYoGBemk= github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201211205326-cc1b757b3edd/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= github.com/containernetworking/plugins v0.9.0/go.mod h1:dbWv4dI0QrBGuVgj+TuVQ6wJRZVOhrCQj91YyC92sxg= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.3+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ= github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s= github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8= github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/libnetwork v0.0.0-20190128195551-d8d4c8cf03d7/go.mod h1:93m0aTqz6z+g32wla4l4WxTrdtvBRmVzYRkYvasA5Z8= github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/eapache/channels v1.1.0/go.mod h1:jMm2qB5Ubtg9zLd+inMZd2/NUvXgzmWXsDaLyQIGfH0= github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.4.2-0.20210105193028-872b28c45782/go.mod h1:xL5IroIBOR+aTp0IZk48epGwBV3+LcuaosPL0pr0hE0= github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.4.10-0.20200417215612-7f4cf4dd2b52/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= github.com/go-ldap/ldap v3.0.2+incompatible/go.mod h1:qfd9rJvER9Q0/D/Sqn1DfHRoBp40uXYvFoEVrNEPqRc= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-ole/go-ole v1.2.4/go.mod h1:XCwSNxSkXRo4vlyPy93sltvi/qJq0jqQhjqQNIwKuxM= github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI= github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= github.com/go-openapi/analysis v0.18.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= github.com/go-openapi/analysis v0.19.2/go.mod h1:3P1osvZa9jKjb8ed2TPng3f0i/UY9snX6gxi44djMjk= github.com/go-openapi/analysis v0.19.4/go.mod h1:3P1osvZa9jKjb8ed2TPng3f0i/UY9snX6gxi44djMjk= github.com/go-openapi/analysis v0.19.5/go.mod h1:hkEAkxagaIvIP7VTn8ygJNkd4kAYON2rCu0v0ObL0AU= github.com/go-openapi/analysis v0.19.10/go.mod h1:qmhS3VNFxBlquFJ0RGoDtylO9y4pgTAUNE9AEEMdlJQ= github.com/go-openapi/analysis v0.19.16/go.mod h1:GLInF007N83Ad3m8a/CbQ5TPzdnGT7workfHwuVjNVk= github.com/go-openapi/errors v0.17.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0= github.com/go-openapi/errors v0.18.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0= github.com/go-openapi/errors v0.19.2/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94= github.com/go-openapi/errors v0.19.3/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94= github.com/go-openapi/errors v0.19.6/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.19.7/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= github.com/go-openapi/jsonpointer v0.18.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= github.com/go-openapi/jsonreference v0.17.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= github.com/go-openapi/jsonreference v0.18.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= github.com/go-openapi/loads v0.17.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= github.com/go-openapi/loads v0.18.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= github.com/go-openapi/loads v0.19.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= github.com/go-openapi/loads v0.19.2/go.mod h1:QAskZPMX5V0C2gvfkGZzJlINuP7Hx/4+ix5jWFxsNPs= github.com/go-openapi/loads v0.19.3/go.mod h1:YVfqhUCdahYwR3f3iiwQLhicVRvLlU/WO5WPaZvcvSI= github.com/go-openapi/loads v0.19.4/go.mod h1:zZVHonKd8DXyxyw4yfnVjPzBjIQcLt0CCsn0N0ZrQsk= github.com/go-openapi/loads v0.19.5/go.mod h1:dswLCAdonkRufe/gSUC3gN8nTSaB9uaS2es0x5/IbjY= github.com/go-openapi/loads v0.19.6/go.mod h1:brCsvE6j8mnbmGBh103PT/QLHfbyDxA4hsKvYBNEGVc= github.com/go-openapi/loads v0.19.7/go.mod h1:brCsvE6j8mnbmGBh103PT/QLHfbyDxA4hsKvYBNEGVc= github.com/go-openapi/loads v0.20.0/go.mod h1:2LhKquiE513rN5xC6Aan6lYOSddlL8Mp20AW9kpviM4= github.com/go-openapi/runtime v0.0.0-20180920151709-4f900dc2ade9/go.mod h1:6v9a6LTXWQCdL8k1AO3cvqx5OtZY/Y9wKTgaoP6YRfA= github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt4sK4FXt0O64= github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4= github.com/go-openapi/runtime v0.19.15/go.mod h1:dhGWCTKRXlAfGnQG0ONViOZpjfg0m2gUt9nTQPQZuoo= github.com/go-openapi/runtime v0.19.16/go.mod h1:5P9104EJgYcizotuXhEuUrzVc+j1RiSjahULvYmlv98= github.com/go-openapi/runtime v0.19.24/go.mod h1:Lm9YGCeecBnUUkFTxPC4s1+lwrkJ0pthx8YvyjCfkgk= github.com/go-openapi/runtime v0.19.26/go.mod h1:BvrQtn6iVb2QmiVXRsFAm6ZCAZBpbVKFfN6QWCp582M= github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY= github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo= github.com/go-openapi/spec v0.19.5/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk= github.com/go-openapi/spec v0.19.6/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk= github.com/go-openapi/spec v0.19.8/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk= github.com/go-openapi/spec v0.19.15/go.mod h1:+81FIL1JwC5P3/Iuuozq3pPE9dXdIEGxFutcFKaVbmU= github.com/go-openapi/spec v0.20.0/go.mod h1:+81FIL1JwC5P3/Iuuozq3pPE9dXdIEGxFutcFKaVbmU= github.com/go-openapi/spec v0.20.3/go.mod h1:gG4F8wdEDN+YPBMVnzE85Rbhf+Th2DTvA9nFPQ5AYEg= github.com/go-openapi/strfmt v0.17.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU= github.com/go-openapi/strfmt v0.18.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU= github.com/go-openapi/strfmt v0.19.0/go.mod h1:+uW+93UVvGGq2qGaZxdDeJqSAqBqBdl+ZPMF/cC8nDY= github.com/go-openapi/strfmt v0.19.2/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6+bY1AVL9LU= github.com/go-openapi/strfmt v0.19.3/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6+bY1AVL9LU= github.com/go-openapi/strfmt v0.19.4/go.mod h1:eftuHTlB/dI8Uq8JJOyRlieZf+WkkxUuk0dgdHXr2Qk= github.com/go-openapi/strfmt v0.19.5/go.mod h1:eftuHTlB/dI8Uq8JJOyRlieZf+WkkxUuk0dgdHXr2Qk= github.com/go-openapi/strfmt v0.19.11/go.mod h1:UukAYgTaQfqJuAFlNxxMWNvMYiwiXtLsF2VwmoFtbtc= github.com/go-openapi/strfmt v0.20.0/go.mod h1:UukAYgTaQfqJuAFlNxxMWNvMYiwiXtLsF2VwmoFtbtc= github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= github.com/go-openapi/swag v0.18.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.7/go.mod h1:ao+8BpOPyKdpQz3AOJfbeEVpLmWAvlT1IfTe5McPyhY= github.com/go-openapi/swag v0.19.9/go.mod h1:ao+8BpOPyKdpQz3AOJfbeEVpLmWAvlT1IfTe5McPyhY= github.com/go-openapi/swag v0.19.12/go.mod h1:eFdyEBkTdoAf/9RXBvj4cr1nH7GD8Kzo5HTt47gr72M= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4= github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA= github.com/go-openapi/validate v0.19.3/go.mod h1:90Vh6jjkTn+OT1Eefm0ZixWNFjhtOH7vS9k0lo6zwJo= github.com/go-openapi/validate v0.19.5/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4= github.com/go-openapi/validate v0.19.10/go.mod h1:RKEZTUWDkxKQxN2jDT7ZnZi2bhZlbNMAuKvKB+IaGx8= github.com/go-openapi/validate v0.19.12/go.mod h1:Rzou8hA/CBw8donlS6WNEUQupNvUZ0waH08tGe6kAQ4= github.com/go-openapi/validate v0.19.15/go.mod h1:tbn/fdOwYHgrhPBzidZfJC2MIVvs9GA7monOmWBbeCI= github.com/go-openapi/validate v0.20.1/go.mod h1:b60iJT+xNNLfaQJUqLI7946tYiFEOuE9E4k54HpKcJ0= github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0= github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY= github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg= github.com/gobuffalo/envy v1.6.15/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI= github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI= github.com/gobuffalo/flect v0.1.0/go.mod h1:d2ehjJqGOH/Kjqcoz+F7jHTBbmDb38yXA598Hb50EGs= github.com/gobuffalo/flect v0.1.1/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI= github.com/gobuffalo/flect v0.1.3/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI= github.com/gobuffalo/flect v0.2.0/go.mod h1:W3K3X9ksuZfir8f/LrfVtWmCDQFfayuylOJ7sz/Fj80= github.com/gobuffalo/genny v0.0.0-20190329151137-27723ad26ef9/go.mod h1:rWs4Z12d1Zbf19rlsn0nurr75KqhYp52EAGGxTbBhNk= github.com/gobuffalo/genny v0.0.0-20190403191548-3ca520ef0d9e/go.mod h1:80lIj3kVJWwOrXWWMRzzdhW3DsrdjILVil/SFKBzF28= github.com/gobuffalo/genny v0.1.0/go.mod h1:XidbUqzak3lHdS//TPu2OgiFB+51Ur5f7CSnXZ/JDvo= github.com/gobuffalo/genny v0.1.1/go.mod h1:5TExbEyY48pfunL4QSXxlDOmdsD44RRq4mVZ0Ex28Xk= github.com/gobuffalo/gitgen v0.0.0-20190315122116-cc086187d211/go.mod h1:vEHJk/E9DmhejeLeNt7UVvlSGv3ziL+djtTr3yyzcOw= github.com/gobuffalo/gogen v0.0.0-20190315121717-8f38393713f5/go.mod h1:V9QVDIxsgKNZs6L2IYiGR8datgMhB577vzTDqypH360= github.com/gobuffalo/gogen v0.1.0/go.mod h1:8NTelM5qd8RZ15VjQTFkAW6qOMx5wBbW4dSCS3BY8gg= github.com/gobuffalo/gogen v0.1.1/go.mod h1:y8iBtmHmGc4qa3urIyo1shvOD8JftTtfcKi+71xfDNE= github.com/gobuffalo/logger v0.0.0-20190315122211-86e12af44bc2/go.mod h1:QdxcLw541hSGtBnhUc4gaNIXRjiDppFGaDqzbrBd3v8= github.com/gobuffalo/mapi v1.0.1/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc= github.com/gobuffalo/mapi v1.0.2/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc= github.com/gobuffalo/packd v0.0.0-20190315124812-a385830c7fc0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4= github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4= github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ= github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0= github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw= github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo= github.com/google/gops v0.3.18/go.mod h1:Pfp8hWGIFdV/7rY9/O/U5WgdjYQXf/GiEK4NVuVd2ZE= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/renameio v1.0.0/go.mod h1:t/HQoYBZSsWSNK35C6CO/TpPLDVWvxOHboWUAweKUpk= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.8.6/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI= github.com/hashicorp/go-hclog v0.8.0/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.3.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-msgpack v0.5.5/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-plugin v1.0.1/go.mod h1:++UyYGoz3o5w9ZzAdZxtQKrWWP+iqPBn3cQptSMzBuY= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= github.com/hashicorp/go-retryablehttp v0.5.4/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-rootcerts v1.0.1/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A= github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= github.com/hashicorp/memberlist v0.1.7/go.mod h1:MS2lj3INKhZjWNqd3N0m3J+Jxf3DAOnAH9VT3Sh9MUE= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hashicorp/vault/api v1.0.4/go.mod h1:gDcqh3WGcR1cpF5AJz/B1UFheUEneMoIospckxBxk6Q= github.com/hashicorp/vault/sdk v0.1.13/go.mod h1:B+hVj7TpuQY1Y/GPbCpffmgd+tSEwvhkWnjtSYCaS2M= github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/heetch/confita v0.10.0 h1:00V4eQPDU71v9nZD7N/DsSb9cnPJh59CjrpQPfln47A= github.com/heetch/confita v0.10.0/go.mod h1:W6GDCVPvi2LpvdEriwZTu2fyxuK+Grx1vY302gtWfvM= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= github.com/iancoleman/strcase v0.0.0-20180726023541-3605ed457bf7/go.mod h1:SK73tn/9oHe+/Y0h39VT4UCxmurVJkR5NA7kMEAOgSE= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= github.com/ishidawataru/sctp v0.0.0-20180213033435-07191f837fed/go.mod h1:DM4VvS+hD/kDi1U1QsX2fnZowwBhqD0Dk3bRPKF/Oc8= github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= github.com/jeremywohl/flatten v1.0.1/go.mod h1:4AmD/VxjWcI5SRB0n6szE2A6s2fsNHDLO0nAlMHgfLQ= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/josharian/native v0.0.0-20200817173448-b6b71def0850/go.mod h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/jsimonetti/rtnetlink v0.0.0-20190606172950-9527aa82566a/go.mod h1:Oz+70psSo5OFh8DBl0Zv2ACw7Esh6pPUphlvZG9x7uw= github.com/jsimonetti/rtnetlink v0.0.0-20200117123717-f846d4f6c1f4/go.mod h1:WGuG/smIU4J/54PblvSbh+xvCZmpJnFgr3ds6Z55XMQ= github.com/jsimonetti/rtnetlink v0.0.0-20201009170750-9c6f07d100c1/go.mod h1:hqoO/u39cqLeBLebZ8fWdE96O7FxrAsRYhnVOdgHxok= github.com/jsimonetti/rtnetlink v0.0.0-20201216134343-bde56ed16391/go.mod h1:cR77jAZG3Y3bsb8hF6fHJbFoyFukLFOkQ98S0pQz3xw= github.com/jsimonetti/rtnetlink v0.0.0-20201220180245-69540ac93943/go.mod h1:z4c53zj6Eex712ROyh8WI0ihysb5j2ROyV42iNogmAs= github.com/jsimonetti/rtnetlink v0.0.0-20210122163228-8d122574c736/go.mod h1:ZXpIyOK59ZnN7J0BV99cZUPmsqDRZ3eq5X+st7u/oSA= github.com/jsimonetti/rtnetlink v0.0.0-20210212075122-66c871082f2b/go.mod h1:8w9Rh8m+aHZIG69YPGGem1i5VzoyRC8nw2kA8B+ik5U= github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4= github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA= github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/keybase/go-ps v0.0.0-20190827175125-91aafc93ba19/go.mod h1:hY+WOq6m2FpbvyrI93sMaypsttvaIL5nhVR92dTMUcQ= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.9.5/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= github.com/lyft/protoc-gen-star v0.5.1/go.mod h1:9toiA3cC7z5uVbODF7kEQ91Xn7XNFkVUl+SrEe+ZORU= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= github.com/mailru/easyjson v0.7.1/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE= github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/mdlayher/arp v0.0.0-20190313224443-98a83c8a2717/go.mod h1:eOj1DDj3NAZ6yv+WafaKzY37MFZ58TdfIhQ+8nQbiis= github.com/mdlayher/ethernet v0.0.0-20190313224307-5b5fc417d966/go.mod h1:5s5p/sMJ6sNsFl6uCh85lkFGV8kLuIYJCRJLavVJwvg= github.com/mdlayher/ethernet v0.0.0-20190606142754-0394541c37b7/go.mod h1:U6ZQobyTjI/tJyq2HG+i/dfSoFUt8/aZCM+GKtmFk/Y= github.com/mdlayher/ethtool v0.0.0-20210210192532-2b88debcdd43/go.mod h1:+t7E0lkKfbBsebllff1xdTmyJt8lH37niI6kwFk9OTo= github.com/mdlayher/genetlink v1.0.0/go.mod h1:0rJ0h4itni50A86M2kHcgS85ttZazNt7a8H2a2cw0Gc= github.com/mdlayher/ndp v0.0.0-20190419144644-012988d57f9a/go.mod h1:KcNh3mzU4B90fthp1xbbYGrdpDyoU/qJHJMR/0gLueU= github.com/mdlayher/netlink v0.0.0-20190409211403-11939a169225/go.mod h1:eQB3mZE4aiYnlUsyGGCOpPETfdQq4Jhsgf1fk3cwQaA= github.com/mdlayher/netlink v1.0.0/go.mod h1:KxeJAFOFLG6AjpyDkQ/iIhxygIUKD+vcwqcnu43w/+M= github.com/mdlayher/netlink v1.1.0/go.mod h1:H4WCitaheIsdF9yOYu8CFmCgQthAPIWZmcKp9uZHgmY= github.com/mdlayher/netlink v1.1.1/go.mod h1:WTYpFb/WTvlRJAyKhZL5/uy69TDDpHHu2VZmb2XgV7o= github.com/mdlayher/netlink v1.2.0/go.mod h1:kwVW1io0AZy9A1E2YYgaD4Cj+C+GPkU6klXCMzIJ9p8= github.com/mdlayher/netlink v1.2.1/go.mod h1:bacnNlfhqHqqLo4WsYeXSqfyXkInQ9JneWI68v1KwSU= github.com/mdlayher/netlink v1.2.2-0.20210123213345-5cc92139ae3e/go.mod h1:bacnNlfhqHqqLo4WsYeXSqfyXkInQ9JneWI68v1KwSU= github.com/mdlayher/netlink v1.3.0/go.mod h1:xK/BssKuwcRXHrtN04UBkwQ6dY9VviGGuriDdoPSWys= github.com/mdlayher/netlink v1.4.0/go.mod h1:dRJi5IABcZpBD2A3D0Mv/AiX8I9uDEu5oGkAVrekmf8= github.com/mdlayher/raw v0.0.0-20190313224157-43dbcdd7739d/go.mod h1:r1fbeITl2xL/zLbVnNHFyOzQJTgr/3fpf1lJX/cjzR8= github.com/mdlayher/raw v0.0.0-20190606142536-fef19f00fc18/go.mod h1:7EpbotpCmVZcu+KCX4g9WaRNuu11uyhiW7+Le1dKawg= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/mikioh/ipaddr v0.0.0-20190404000644-d465c8ab6721/go.mod h1:Ickgr2WtCLZ2MDGd4Gr0geeCH5HybhRJbonOgQpvSxc= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.3.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= github.com/moby/term v0.0.0-20201216013528-df9cb8a40635/go.mod h1:FBS0z0QWA44HXygs7VXDUOGoN/1TV3RuWkLO04am3wc= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc= github.com/onsi/gomega v1.10.5/go.mod h1:gza4q3jKQJijlu05nKWRCW/GavJumGt8aNRxWg7mt48= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/optiopay/kafka v0.0.0-20171218140449-a1e0071f1ce8/go.mod h1:+j8QXtnwphDeotPJadizkD7zY32Aa0/017iz+r4ToEQ= github.com/osrg/gobgp v2.0.0+incompatible/go.mod h1:vGVJPLW6JFDD7WA1vJsjB8OKmbbC2TKwHtr90CZS/u4= github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.4.0/go.mod h1:PN7xzY2wHTK0K9p34ErDQMlFxa51Fk0OUruD3k1mMwo= github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE= github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5/go.mod h1:jvVRKCrJTQWu0XVbaOlby/2lO20uSCHEMzzplHXte1o= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM= github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.9.0/go.mod h1:FqZLKOZnGdFAhOK4nqGHa7D66IdsO+O441Eve7ptJDU= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.1-0.20200623203004-60555c9708c7/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.15.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/sasha-s/go-deadlock v0.2.1-0.20190427202633-1595213edefa/go.mod h1:F73l+cr82YSh10GxyRI6qZiCgK64VaZjwesgfQ1/iLM= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/servak/go-fastping v0.0.0-20160802140958-5718d12e20a0/go.mod h1:udnTWkGp1ZiRsEU6rPpITf4oM2aLVcoGY/Z100KY4zY= github.com/shirou/gopsutil/v3 v3.21.2/go.mod h1:ghfMypLDrFSWN2c9cDYFLHyynQ+QUht0cv/18ZqVczw= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4= github.com/spf13/afero v1.3.4/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= github.com/spf13/viper v1.7.1/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tklauser/go-sysconf v0.3.4/go.mod h1:Cl2c8ZRWfHD5IrfHo9VN+FX9kCFjIOyVklgXycLB6ek= github.com/tklauser/numcpus v0.2.1/go.mod h1:9aU+wOc6WjUIZEwWMP62PL/41d65P+iks1gBkr4QyP8= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw= github.com/vishvananda/netlink v1.0.0/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= github.com/vishvananda/netlink v1.1.1-0.20210510164352-d17758a128bf/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= github.com/vishvananda/netns v0.0.0-20190625233234-7109fa855b0f/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI= github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= github.com/vishvananda/netns v0.0.0-20201230012202-c4f3ca719c73/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I= github.com/xdg/stringprep v0.0.0-20180714160509-73f8eece6fdc/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xlab/treeprint v1.0.0/go.mod h1:IoImgRak9i3zJyuxOKUP1v4UZd1tMoKkq/Cimt1uhCg= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= gitlab.com/golang-commonmark/puny v0.0.0-20180912090636-2cd490539afe/go.mod h1:P9LSM1KVzrIstFgUaveuwiAm8PK5VTB3yJEU8kqlbrU= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg= go.etcd.io/etcd v0.5.0-alpha.5.0.20201125193152-8a03d2e9614b/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg= go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= go.mongodb.org/mongo-driver v1.1.2/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= go.mongodb.org/mongo-driver v1.3.0/go.mod h1:MSWZXKOynuguX+JSvwP8i+58jYCXxbia8HS3gZBapIE= go.mongodb.org/mongo-driver v1.3.4/go.mod h1:MSWZXKOynuguX+JSvwP8i+58jYCXxbia8HS3gZBapIE= go.mongodb.org/mongo-driver v1.4.3/go.mod h1:WcMNYLx/IlOxLe6JRJiv2uXuCz6zBLndR4SoGjYphSc= go.mongodb.org/mongo-driver v1.4.4/go.mod h1:WcMNYLx/IlOxLe6JRJiv2uXuCz6zBLndR4SoGjYphSc= go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/goleak v1.1.11-0.20210813005559-691160354723 h1:sHOAIxRGBp443oHZIPB+HsUGaksVCXVQENPxwTfQdH4= go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.7.0 h1:zaiO/rmgFjbmCXdSYJWQcdvOCsthmdaHfr3Gm2Kx4Ec= go.uber.org/multierr v1.7.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.19.1 h1:ue41HOKd1vGURxrmeKIgELGb3jPW9DMUDGtsinblHwI= go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI= go.universe.tf/metallb v0.9.6/go.mod h1:mJnnUITBIRREP/BMjZWxa6K2Rh8QA1zJZEhuBD9pf5M= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= golang.org/x/crypto v0.0.0-20190506204251-e1dfcc566284/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190530122614-20be4c3c3ed5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210503195802-e9a32991a82e/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.1-0.20200828183125-ce943fd02449/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190313220215-9f648a60d977/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190320064053-1272bf9dcd53/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190419010253-1f3472d942ba/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191007182048-72f939374954/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201010224723-4f7140c49acb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201216054612-986b41b23924/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210224082022-3d97a244fca7/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210504132125-bbd867fde50d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211011170408-caeb26a5c8c0 h1:qOfNqBm5gk93LjGZo1MJaKY6Bph39zOKz1Hz2ogHj1w= golang.org/x/net v0.0.0-20211011170408-caeb26a5c8c0/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190129075346-302c3dd5f1cc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190321052220-f7bb7a8bee54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190411185658-b44545bcd369/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190418153312-f0ce4c0180be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190419153524-e8e3143a4f4a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190508220229-2d0786266e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190516110030-61b9204099cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606122018-79a91cf218c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201118182958-a01c418693c7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201214210602-f9fddec55a1e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201218084310-7d0127a74742/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210110051926-789bb1bd4061/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210123111255-9b0068b26619/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210216163648-f7da38b97c65/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210217105451-b926d437f341/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210309040221-94ec62e08169/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210503173754-0981d6026fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211013075003-97ac67df715c h1:taxlMj0D/1sOAuv/CbSD+MMDof2vbyPTqz5FNYKpXt8= golang.org/x/sys v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190125232054-d66bd3c5d5a6/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190329151228-23e29df326fe/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190416151739-9c9e1878f421/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190420181800-aa740d480789/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200324175852-6fb6f5a9fc59/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200522201501-cb1345f3a375/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200616195046-dc31b401abb5/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.zx2c4.com/wireguard v0.0.0-20210427022245-097af6e1351b/go.mod h1:a057zjmoc00UN7gVkaJt2sXVK523kMJcogDTEvPIasg= golang.zx2c4.com/wireguard/wgctrl v0.0.0-20210506160403-92e472f520a5/go.mod h1:+1XihzyZUBJcSc5WO9SwNA7v26puQwOEDwanaxfNXPQ= google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190404172233-64821d5d2107/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20211013025323-ce878158c4d4 h1:NBxB1XxiWpGqkPUiJ9PoBXkHV5A9+GohMOA+EmWoPbU= google.golang.org/genproto v0.0.0-20211013025323-ce878158c4d4/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.22.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.41.0 h1:f+PlOh7QV4iIJkPrx5NQ7qaNGFQ3OTse67yaDHfju4E= google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20190905181640-827449938966/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.18.2/go.mod h1:SJCWI7OLzhZSvbY7U8zwNl9UA4o1fizoug34OV/2r78= k8s.io/api v0.20.2/go.mod h1:d7n6Ehyzx+S+cE3VhTGfVNNqtGc/oL9DCdYYahlurV8= k8s.io/api v0.21.3/go.mod h1:hUgeYHUbBp23Ue4qdX9tR8/ANi/g3ehylAqDn9NWVOg= k8s.io/apiextensions-apiserver v0.18.2/go.mod h1:q3faSnRGmYimiocj6cHQ1I3WpLqmDgJFlKL37fC4ZvY= k8s.io/apiextensions-apiserver v0.21.3/go.mod h1:kl6dap3Gd45+21Jnh6utCx8Z2xxLm8LGDkprcd+KbsE= k8s.io/apimachinery v0.18.2/go.mod h1:9SnR/e11v5IbyPCGbvJViimtJ0SwHG4nfZFjU77ftcA= k8s.io/apimachinery v0.20.2/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.21.3/go.mod h1:H/IM+5vH9kZRNJ4l3x/fXP/5bOPJaVP/guptnZPeCFI= k8s.io/apiserver v0.18.2/go.mod h1:Xbh066NqrZO8cbsoenCwyDJ1OSi8Ag8I2lezeHxzwzw= k8s.io/apiserver v0.21.3/go.mod h1:eDPWlZG6/cCCMj/JBcEpDoK+I+6i3r9GsChYBHSbAzU= k8s.io/client-go v0.18.2/go.mod h1:Xcm5wVGXX9HAA2JJ2sSBUn3tCJ+4SVlCbl2MNNv+CIU= k8s.io/client-go v0.20.2/go.mod h1:kH5brqWqp7HDxUFKoEgiI4v8G1xzbe9giaCenUWJzgE= k8s.io/client-go v0.21.3/go.mod h1:+VPhCgTsaFmGILxR/7E1N0S+ryO010QBeNCv5JwRGYU= k8s.io/code-generator v0.18.2/go.mod h1:+UHX5rSbxmR8kzS+FAv7um6dtYrZokQvjHpDSYRVkTc= k8s.io/code-generator v0.21.3/go.mod h1:K3y0Bv9Cz2cOW2vXUrNZlFbflhuPvuadW6JdnN6gGKo= k8s.io/component-base v0.18.2/go.mod h1:kqLlMuhJNHQ9lz8Z7V5bxUUtjFZnrypArGl58gmDfUM= k8s.io/component-base v0.21.3/go.mod h1:kkuhtfEHeZM6LkX0saqSK8PbdO7A0HigUngmhhrwfGQ= k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200114144118-36b2048a9120/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200205140755-e0e292d8aa12/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v0.3.1/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.8.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM= k8s.io/kube-openapi v0.0.0-20210305001622-591a79e4bda7/go.mod h1:wXW5VT87nVfh/iLV8FpR2uDvrFyomxbtb1KivDbvPTE= k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/goversion v1.2.0/go.mod h1:Eih9y/uIBS3ulggl7KNJ09xGSLcuNaLgmvvqa07sgfo= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7/go.mod h1:PHgbrJT7lCHcxMU+mDHEm+nx46H4zuuHZkDP6icnhu0= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.19/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/controller-tools v0.3.1-0.20200716001835-4a903ddb7005/go.mod h1:G9rHdZMVlBDocIxGkK3jHLWqcTMNvveypYJwrvYKjWU= sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= ================================================ FILE: auditlogs/cilium-s3/internal/hubble/observer.go ================================================ package hubble import ( "context" "time" observerpb "github.com/cilium/cilium/api/v1/observer" "go.uber.org/zap" "google.golang.org/grpc" ) type Observer struct { logger *zap.Logger url string senderChan chan observerpb.GetFlowsResponse } func NewObserver(senderChan *chan observerpb.GetFlowsResponse, url string, logger *zap.Logger) *Observer { return &Observer{ logger: logger.Named("observer"), url: url, senderChan: *senderChan, } } func (o *Observer) Start(ctx context.Context) error { dialCtx, cancel := context.WithTimeout(ctx, 5*time.Second) defer cancel() conn, err := grpc.DialContext(dialCtx, o.url, grpc.WithInsecure(), grpc.WithBlock()) if err != nil { return err } defer conn.Close() client := observerpb.NewObserverClient(conn) flows, err := client.GetFlows(ctx, &observerpb.GetFlowsRequest{ Follow: true, }) if err != nil { return err } o.logger.Info("Observer started") for { flow, err := flows.Recv() if err != nil { return err } o.logger.Debug("Flow received", zap.Any("flow", flow)) o.senderChan <- *flow } } ================================================ FILE: auditlogs/cilium-s3/internal/s3/sender.go ================================================ package s3 import ( "bytes" "context" "fmt" "time" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/s3" observerpb "github.com/cilium/cilium/api/v1/observer" "go.uber.org/zap" ) type S3Config struct { Region string Endpoint string Bucket string Prefix string AccessKeyID string SecretAccessKey string } type Sender struct { logger *zap.Logger senderChan chan observerpb.GetFlowsResponse s3Config S3Config awsConfig *aws.Config } func NewSender(senderChan *chan observerpb.GetFlowsResponse, s3Config S3Config, awsConfig *aws.Config, logger *zap.Logger) *Sender { return &Sender{ senderChan: *senderChan, s3Config: s3Config, logger: logger.Named("sender"), awsConfig: awsConfig, } } func (s *Sender) Worker(ctx context.Context) error { cfg := &aws.Config{ Region: aws.String(s.s3Config.Region), Endpoint: aws.String(s.s3Config.Endpoint), Credentials: credentials.NewStaticCredentials(s.s3Config.AccessKeyID, s.s3Config.SecretAccessKey, ""), } s3Session, err := session.NewSession(cfg, s.awsConfig) if err != nil { return err } s3Client := s3.New(s3Session) s.logger.Info("Sender started") for { select { case flow := <-s.senderChan: j, err := flow.MarshalJSON() if err != nil { return err } t := time.Now() key := fmt.Sprintf("%s/%s.json", s.s3Config.Prefix, t.UTC().Format(time.RFC3339Nano)) _, err = s3Client.PutObject(&s3.PutObjectInput{ Bucket: aws.String(s.s3Config.Bucket), Key: aws.String(key), Body: bytes.NewReader(j), }) if err != nil { return err } s.logger.Info("Event sent", zap.String("key", key)) case <-ctx.Done(): s.logger.Info("Context done, exiting...") return nil } } } ================================================ FILE: auditlogs/cilium-s3/kubernetes/cilium-s3-chart/.helmignore ================================================ # Patterns to ignore when building packages. # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. .DS_Store # Common VCS dirs .git/ .gitignore .bzr/ .bzrignore .hg/ .hgignore .svn/ # Common backup files *.swp *.bak *.tmp *.orig *~ # Various IDEs .project .idea/ *.tmproj .vscode/ ================================================ FILE: auditlogs/cilium-s3/kubernetes/cilium-s3-chart/Chart.yaml ================================================ apiVersion: v2 name: cilium-s3-chart description: A Helm chart for Kubernetes # A chart can be either an 'application' or a 'library' chart. # # Application charts are a collection of templates that can be packaged into versioned archives # to be deployed. # # Library charts provide useful utilities or functions for the chart developer. They're included as # a dependency of application charts to inject those utilities and functions into the rendering # pipeline. Library charts do not define any templates and therefore cannot be deployed. type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) version: 0.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. appVersion: "1.16.0" ================================================ FILE: auditlogs/cilium-s3/kubernetes/cilium-s3-chart/index.yaml ================================================ apiVersion: v1 entries: {} generated: "2021-10-23T19:09:38.012479+03:00" ================================================ FILE: auditlogs/cilium-s3/kubernetes/cilium-s3-chart/templates/deployment.yaml ================================================ apiVersion: apps/v1 kind: Deployment metadata: labels: app: cilium-s3 name: cilium-s3 spec: replicas: 1 selector: matchLabels: app: cilium-s3 template: metadata: labels: app: cilium-s3 spec: containers: - env: - name: S3_REGION value: {{ .Values.yandex.region }} - name: S3_ENDPOINT value: {{ .Values.yandex.endpoint }} - name: S3_BUCKET value: {{ .Values.yandex.bucket }} - name: S3_PREFIX value: {{ .Values.yandex.prefix }} - name: S3_ACCESS_KEY_ID value: {{ .Values.yandex.accesskeyid }} - name: hubble-relay-url value: {{ .Values.yandex.hubble_url }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" securityContext: runAsUser: 1234 runAsNonRoot: true privileged: false allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: - all envFrom: - secretRef: name: s3-secret-cilium name: cilium-s3-deployment resources: limits: memory: "128Mi" cpu: "500m" ================================================ FILE: auditlogs/cilium-s3/kubernetes/cilium-s3-chart/templates/secret.yaml ================================================ apiVersion: v1 data: S3_SECRET_ACCESS_KEY: {{ .Values.yandex.secretaccesskey | b64enc }} kind: Secret metadata: name: s3-secret-cilium ================================================ FILE: auditlogs/cilium-s3/kubernetes/cilium-s3-chart/values.yaml ================================================ # Default values for cilium-s3-chart. # This is a YAML-formatted file. # Declare variables to be passed into your templates. replicaCount: 1 image: repository: cr.yandex/crpjfmfou6gflobbfvfv/cilium-s3 pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. tag: "latest" imagePullSecrets: [] nameOverride: "" fullnameOverride: "" serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" podAnnotations: {} podSecurityContext: {} # fsGroup: 2000 securityContext: {} # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true # runAsUser: 1000 service: type: ClusterIP port: 80 ingress: enabled: false className: "" annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: chart-example.local paths: - path: / pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi yandex: accesskeyid: "" # yandex access key secretaccesskey: "" # yandex secret access key bucket: "" # Yandex storage, bucket name hubble_url: "hubble-relay.kube-system.svc.cluster.local:80" # Hubble-url prefix: "k8s-cilium-flow-logs/" # Prefix of bucket folder region: "ru-central1" # region of S3 endpoint: "https://storage.yandexcloud.net" # endpoint of S3 ================================================ FILE: auditlogs/export-auditlogs-to-ArcSight/README.md ================================================ # Collecting, monitoring, and analyzing audit logs in an external SIEM ArcSight ![Dashboard](https://user-images.githubusercontent.com/85429798/128209194-bc4eb274-1b97-4271-a712-e00a5f3f9b84.png) ![Scenarios](https://user-images.githubusercontent.com/85429798/128209212-a705f950-4eea-4305-8f21-decfc2ab7af0.png) ## Table of Contents - [Collecting, monitoring, and analyzing audit logs in an external SIEM ArcSight](#) * [Solution description](#solution-description) * [Two log shipping scenarios](#two-log-shipping-scenarios) * [Solution diagram](#solution-diagram) * [Security Content](#security-content) * [Long-term storing of logs in S3](#long-term-storing-of-logs-in-s3) * [Instructions for scenarios](#instruction-for-scenarios) - [Prerequisites for scenarios](#prerequisites-for-scenarios) - [Scenario #1: Uploading log files to ArcSight from a server located inside the infrastructure of the customer's remote site](#prerequisites-for-scenarios) - [Scenario #2: Uploading log files to ArcSight using a VM located in Yandex.Cloud](#prerequisites-for-scenarios) * [Support and consulting services](#supportconsulting-services) ## Solution description The current version of Security Content is available [here]([https://gitlab.ast-security.ru:14855/rodion/yandexcloudflex](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-ArcSight/arcsight_content)). Our support partner is ATB. The solution lets you collect, monitor, and analyze audit logs in Yandex.Cloud from the following sources: - [Yandex Audit Trails](https://cloud.yandex.ru/docs/audit-trails/) ## Two log shipping scenarios - [x] Uploading log files to ArcSight from a server located inside the infrastructure of the customer's remote site - [x] Uploading log files to ArcSight using a VM located in Yandex.Cloud ## Solution diagram #### Scenario #1: Uploading log files to ArcSight from a server located inside the infrastructure of the customer's remote site Description: - JSON files with logs are stored in S3. - The s3fs utility is installed on a server in the customer's infrastructure, which allows you to mount an S3 Bucket as a local folder in your OS. - A standard ArcSight Connector is installed on a server in the customer's infrastructure. - Security content is loaded from the current repository. - ArcSight Connector uses security content to read files, parses the files, and sends them to the ArcSight server. ![Diagram](https://user-images.githubusercontent.com/85429798/128553857-a6837742-8e63-4d8c-967a-be92454a0cb0.png) #### Scenario #2: Uploading log files to ArcSight using a VM located in Yandex.Cloud ![Diagram](https://user-images.githubusercontent.com/85429798/128553811-2d25dcc7-0500-446b-96ea-35a8fe8959ba.png) ## Security Content Security Content - ArcSight objects that are loaded according to the instructions. All the content has been developed together with our partner ATB, leveraging the long-term expertise of the Yandex.Cloud Security team and our cloud customers. The current version of Security Content is available [here](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-ArcSight/arcsight_content). The solution contains the following Security Content: - Parsing file (and map file). - Dashboard that shows useful statistics. - A set of Filters, Active channels, Active lists. - A set of correlation Rules. [Detailed description of the list of correlation rules](./Use-cases.docx ) (the client should specify the alert destination). All relevant event fields have been converted to a [Common Event Format](https://community.microfocus.com/cyberres/productdocs/w/connector-documentation/38809/arcsight-common-event-format-cef-implementation-standard). For a detailed description of field mapping, see the file [Поля ArcSight_JSON.docx](https://gitlab.ast-security.ru:14855/rodion/yandexcloudflex/blob/master/Поля%20ArcSight_JSON.docx). ## Long-term storage of logs in S3 By default, these instructions suggest deleting files after reading, but you can both store Audit Trails audit logs in S3 on a long-term basis and send them to ArcSight. For this you need to create two Audit Trails in different S3 buckets: - The first bucket will be used only for storage. - The second bucket will be used for integration with ArcSight. ## Instructions for scenarios #### Prerequisites for scenarios - :white_check_mark: Object Storage Bucket for Audit Trails ([instructions](https://cloud.yandex.ru/docs/storage/quickstart)). - :white_check_mark: Audit Trails service enabled in the UI ([instructions](https://cloud.yandex.ru/docs/audit-trails/quickstart)). #### Scenario #1: Uploading log files to ArcSight from a server located inside the infrastructure of the customer's remote site 1) Install the s3fs utility on the server inside the remote site infrastructure and prepare it for operation [follow the instructions](https://cloud.yandex.ru/docs/storage/tools/s3fs). Result: an Object Storage Bucket mounted as a folder and hosting Audit Trails JSON files. For example, `/var/trails/`. 2) Install ArcSight SmartConnector (FlexAgent — JSON Folder Follower) software on your server [follow the official instructions](https://www.microfocus.com/documentation/arcsight/arcsight-smartconnectors/AS_smartconn_install/). 3) During the installation, select *ArcSight FlexConnector JSON Folder Follower* and specify the previously mounted `/var/trails/` folder. 4) Specify the JSON configuration filename prefix: `yc`. 5) Complete the connector installation. 6) Download all Security Content files from [here](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-ArcSight/arcsight_content). 7) Copy the yc.jsonparser.properties file to the `/current/user/agent/flexagent`. 8) Copy the file map.0.properties in `/current/user/agent/map`. 9) Edit the file `/current/user/agent/agent.properties`: ``` agents[0].mode=DeleteFile agents[0].proccessfoldersrecursively=true ``` 10) Start the connector and make sure that events are arriving ![Events](https://user-images.githubusercontent.com/85429798/128209247-c1582fc9-ea2a-4908-9c95-618ac1a097ee.png) ## Support and consulting services Our support partner, ATB, provides the following services on a paid basis: - Installing and configuring the connector. - Connecting new data sources with security events. - Developing new correlation rules and visualization tools. - Developing mechanisms for responding to incidents. Partner's contact details: +7 (499) 648-75-48 info@ast-security.ru ![image](https://user-images.githubusercontent.com/85429798/128419821-aa2a4c85-7c67-4173-b21b-f0ec6b96e9e3.png) ================================================ FILE: auditlogs/export-auditlogs-to-ArcSight/README_RU.md ================================================ # Сбор, мониторинг и анализ аудит логов во внешний SIEM ArcSight ![Дашборд](https://user-images.githubusercontent.com/85429798/128209194-bc4eb274-1b97-4271-a712-e00a5f3f9b84.png) ![Сценарии](https://user-images.githubusercontent.com/85429798/128209212-a705f950-4eea-4305-8f21-decfc2ab7af0.png) ## Содержание - [Сбор, мониторинг и анализ аудит логов во внешний SIEM ArcSight](#) * [Описание решения](#описание-решения) * [Два сценария отгрузки логов](#два-сценария-отгрузки-логов) * [Схема решения](#схема-решения) * [Security Content](#security-content) * [Долгосрочное хранение логов в S3](#долгосрочное-хранение-логов-в-s3) * [Инструкция для сценариев](#инструкция-для-сценариев) - [Пререквизиты для сценариев:](#пререквизиты-для-сценариев) - [Сценарий №1 - Загрузка лог файлов в ArcSight с сервера, который находится внутри инфраструктуры удаленной площадки Заказчика](#пререквизиты-для-сценариев) - [Сценарий №2 - Загрузка лог файлов в ArcSight с помощью ВМ, которая находится в Yandex Cloud "](#пререквизиты-для-сценариев) * [Поддержка/Консалтинговые услуги](#поддержкаконсалтинговые-услуги) ## Описание решения Актуальная версия Security Content находится [здесь](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-ArcSight/arcsight_content) сервис партнёр по поддержке ООО «АТБ» Решение позволяет собирать, мониторить и анализировать аудит логи в Yandex.Cloud со следующих источников: - [Yandex Audit Trails](https://cloud.yandex.ru/docs/audit-trails/) ## Два сценария отгрузки логов - [x] Загрузка лог файлов в ArcSight с сервера, который находится внутри инфраструктуры удаленной площадки Заказчика - [x] Загрузка лог файлов в ArcSight с помощью ВМ, которая находится в Yandex.Cloud ## Схема решения #### Сценарий №1 - Загрузка лог файлов в ArcSight с сервера, который находится внутри инфраструктуры удаленной площадки Заказчика Описание: - JSON файлы с логами хранятся в S3 - На сервер в инфраструктуре заказчика устанавливается утилита s3fs, которая позволяет монтировать S3 bucket, как локальную папку в ОС - На сервер в инфраструктуре заказчика устанавливается стандартный ArcSight Connector - Загруается security content из текущего репозитория - ArcSight Connector с помощью security content вычитывает файлы, парсит и отправляет на сервер ArcSight ![Схема](https://user-images.githubusercontent.com/85429798/128553857-a6837742-8e63-4d8c-967a-be92454a0cb0.png) #### Сценарий №2 - Загрузка лог файлов в ArcSight с помощью ВМ, которая находится в Yandex Cloud ![Схема](https://user-images.githubusercontent.com/85429798/128553811-2d25dcc7-0500-446b-96ea-35a8fe8959ba.png) ## Security Content Security Content - объекты ArcSight, которые загружаются по инструкции. Весь контент разработан совместно с командой партнером ООО «АТБ» с учетом многолетнего опыта Security команды Yandex.Cloud и на основе опыта Клиентов облака. Актуальная версия Security Content находится [здесь](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-ArcSight/arcsight_content) Содержит следующий Security Content: - Parsing file (+map file) - Dashboard, на котором отражена полезная статистика - Набор Filters, Active channels, Active lists - Набор Правил корреляции (Rules). [Подробное описание списка правил корреляции](./Use-cases.docx) (Клиенту самостоятельно необходимо указать назначение уведомлений) - Все интересные поля событий преобразованы в формат [Common Event Format](https://community.microfocus.com/cyberres/productdocs/w/connector-documentation/38809/arcsight-common-event-format-cef-implementation-standard) Подробное описание мапинга полей в файле [Поля ArcSight_JSON.docx](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-ArcSight/arcsight_content) ## Долгосрочное хранение логов в S3 По умолчанию данная инструция предлагает удалять файлы после вычитывания, но вы можете одновременно хранить аудит логи Audit Trails в S3 на долгосрочной основе и отсылать в ArcSight. Для этого необходимо создать два Audit Trails в разных S3 бакетах: - Первый бакет будет использоваться только для хранения - Второй бакет будет использоваться для интеграции с ArcSight ## Инструкция для сценариев #### Пререквизиты для сценариев - :white_check_mark: Object Storage Bucket для Audit Trails ([инструкция](https://cloud.yandex.ru/docs/storage/quickstart)) - :white_check_mark: Включенный сервис Audit Trails в UI ([инструкция](https://cloud.yandex.ru/docs/audit-trails/quickstart)) #### Сценарий № 1 - Загрузка лог файлов в ArcSight с сервера, который находится внутри инфраструктуры удаленной площадки Заказчика 1) Установите на сервер внутри инфраструктуры удаленной площадки и подготовьте к работе утилиту s3fs [согласно инструкции](https://cloud.yandex.ru/docs/storage/tools/s3fs). Результат: смонтированный в качестве папки Object Storage бакет, в котором находятся json файлы Audit Trails. Например: `/var/trails/` 2) Установите на ваш сервер ПО ArcSight SmartConnector (FlexAgent - JSON Folder follower) [согласно официальной инструкции](https://www.microfocus.com/documentation/arcsight/arcsight-smartconnectors/AS_smartconn_install/) 3) При установке выбирете *ArcSight FlexConnector JSON Folder Follower* и укажите примонтированную папку ранее `/var/trails/` 4) Укажите JSON configuration filename prefix - `yc` 5) Завершите установку connector 6) Скачайте все файлы Security Content [здесь](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-ArcSight/arcsight_content) 7) Скопируйте файл `yc.jsonparser.properties` в `<папку установки агента>/current/user/agent/flexagent` 8) Скопируйте файл `map.0.properties` в `<папку установки агента>/current/user/agent/map` 9) отредактируйте файл `<папку установки агента>/current/user/agent/agent.properties` следующим образом: - `agents[0].mode=DeleteFile` - `agents[0].proccessfoldersrecursively=true` 10) Запустите коннектор и убедитесь, что события поступают ![События](https://user-images.githubusercontent.com/85429798/128209247-c1582fc9-ea2a-4908-9c95-618ac1a097ee.png) #### Сценарий №2 - Загрузка лог файлов в ArcSight с помощью ВМ, которая находится в Yandex.Cloud - ручное - пререквизиты, что должен быть впн или интерконнект - через терраформ пример с установкой VPN соединения ## Поддержка/Консалтинговые услуги Компания сервис партнёр по поддержке – ООО «АТБ» готова оказывать следующие услуги на платной основе: - Установка и настройка коннектора - Подключение новых источников данных о событиях безопасности - Разработка новых правил корреляции и средств визуализации - Разработка механизмов реагирования на возникающие инциденты Контактные данные партнёра: - +7 (499) 648-75-48 - info@ast-security.ru ![image](https://user-images.githubusercontent.com/85429798/128419821-aa2a4c85-7c67-4173-b21b-f0ec6b96e9e3.png) ================================================ FILE: auditlogs/export-auditlogs-to-ArcSight/arcsight_content/README.md ================================================ # YandexCloudFlex ArcSight FlexAgent for YandexCloud (JSON Folder follower) ================================================ FILE: auditlogs/export-auditlogs-to-ArcSight/arcsight_content/flex/map.0.properties ================================================ event.name,set.event.deviceFacility,set.event.deviceAction,set.event.name,set.event.priority yandex.cloud.audit.resourcemanager.CreateCloud,resourcemanager,CreateCloud,Создание облака,8 yandex.cloud.audit.resourcemanager.CreateFolder,resourcemanager,CreateFolder,Создание каталога,5 yandex.cloud.audit.resourcemanager.DeleteCloud,resourcemanager,DeleteCloud,Удаление облака,8 yandex.cloud.audit.resourcemanager.DeleteFolder,resourcemanager,DeleteFolder,Удаление каталога,8 yandex.cloud.audit.resourcemanager.UpdateCloud,resourcemanager,UpdateCloud,Изменение облака,8 yandex.cloud.audit.resourcemanager.UpdateCloudAccessBindings,resourcemanager,UpdateCloudAccessBindings,Обновление привязок прав доступа для облака,5 yandex.cloud.audit.resourcemanager.UpdateFolder,resourcemanager,UpdateFolder,Обновление каталога,5 yandex.cloud.audit.resourcemanager.UpdateFolderAccessBindings,resourcemanager,UpdateFolderAccessBindings,Обновление привязок прав доступа для каталога,5 yandex.cloud.audit.iam.AddFederatedUserAccounts,iam,AddFederatedUserAccounts,Добавление пользователя в федерацию,5 yandex.cloud.audit.iam.CreateAccessKey,iam,CreateAccessKey,Создание ключа доступа,8 yandex.cloud.audit.iam.CreateApiKey,iam,CreateApiKey,Создание API-ключа,8 yandex.cloud.audit.iam.CreateCertificate,iam,CreateCertificate,Добавление сертификата для федерации,8 yandex.cloud.audit.iam.CreateFederation,iam,CreateFederation,Создание федерации,8 yandex.cloud.audit.iam.CreateIamCookieForSubject,iam,CreateIamCookieForSubject,Вход федеративного пользователя,3 yandex.cloud.audit.iam.CreateKey,iam,CreateKey,Создание пары ключей для сервисного аккаунта,8 yandex.cloud.audit.iam.CreateServiceAccount,iam,CreateServiceAccount,Создание сервисного аккаунта,8 yandex.cloud.audit.iam.DeleteAccessKey,iam,DeleteAccessKey,Удаление ключа доступа,8 yandex.cloud.audit.iam.DeleteApiKey,iam,DeleteApiKey,Удаление API-ключа,8 yandex.cloud.audit.iam.DeleteCertificate,iam,DeleteCertificate,Удаление сертификата для федерации,8 yandex.cloud.audit.iam.DeleteFederation,iam,DeleteFederation,Удаление федерации,8 yandex.cloud.audit.iam.DeleteKey,iam,DeleteKey,Удаление пары ключей для сервисного аккаунта,8 yandex.cloud.audit.iam.DeleteServiceAccount,iam,DeleteServiceAccount,Удаление сервисного аккаунта,8 yandex.cloud.audit.iam.UpdateAccessKey,iam,UpdateAccessKey,Обновление ключа доступа,8 yandex.cloud.audit.iam.UpdateApiKey,iam,UpdateApiKey,Обновление API-ключа,8 yandex.cloud.audit.iam.UpdateCertificate,iam,UpdateCertificate,Обновление сертификата,8 yandex.cloud.audit.iam.UpdateFederation,iam,UpdateFederation,Обновление федерации,8 yandex.cloud.audit.iam.UpdateKey,iam,UpdateKey,Обновление пары ключей,8 yandex.cloud.audit.iam.UpdateServiceAccount,iam,UpdateServiceAccount,Обновление сервисного аккаунта,8 yandex.cloud.audit.iam.UpdateServiceAccountAccessBindings,iam,UpdateServiceAccountAccessBindings,Обновление списка привязок прав доступа,8 yandex.cloud.audit.compute.AddInstanceOneToOneNat,compute,AddInstanceOneToOneNat,Добавление публичного IP-адреса виртуальной машине,8 yandex.cloud.audit.compute.AttachInstanceDisk,compute,AttachInstanceDisk,Подключение диска к ВМ,3 yandex.cloud.audit.compute.CreateDisk,compute,CreateDisk,Создание диска,5 yandex.cloud.audit.compute.CreateImage,compute,CreateImage,Создание образа диска,3 yandex.cloud.audit.compute.CreateInstance,compute,CreateInstance,Создание ВМ,5 yandex.cloud.audit.compute.CreateSnapshot,compute,CreateSnapshot,Создание снимка диска,3 yandex.cloud.audit.compute.DeleteDisk,compute,DeleteDisk,Удаление диска,5 yandex.cloud.audit.compute.DeleteImage,compute,DeleteImage,Удаление образа диска,3 yandex.cloud.audit.compute.DeleteInstance,compute,DeleteInstance,Удаление ВМ,8 yandex.cloud.audit.compute.DeleteSnapshot,compute,DeleteSnapshot,Удаление снимка диска,3 yandex.cloud.audit.compute.DetachInstanceDisk,compute,DetachInstanceDisk,Отключение диска от ВМ,3 yandex.cloud.audit.compute.RemoveInstanceOneToOneNat,compute,RemoveInstanceOneToOneNat,Удаление публичного IP-адреса ВМ,3 yandex.cloud.audit.compute.RestartInstance,compute,RestartInstance,Перезагрузка ВМ,3 yandex.cloud.audit.compute.StartInstance,compute,StartInstance,Запуск ВМ,3 yandex.cloud.audit.compute.StopInstance,compute,StopInstance,Остановка ВМ,3 yandex.cloud.audit.compute.UpdateDisk,compute,UpdateDisk,Изменение диска,3 yandex.cloud.audit.compute.UpdateImage,compute,UpdateImage,Изменение образа диска,3 yandex.cloud.audit.compute.UpdateInstance,compute,UpdateInstance,Изменение ВМ,3 yandex.cloud.audit.compute.UpdateInstanceMetadata,compute,UpdateInstanceMetadata,Изменение метаданных ВМ,5 yandex.cloud.audit.compute.UpdateInstanceNetworkInterface,compute,UpdateInstanceNetworkInterface,Изменение сетевых настроек ВМ,5 yandex.cloud.audit.compute.UpdateSnapshot,compute,UpdateSnapshot,Изменение снимка диска,3 yandex.cloud.audit.compute.instancegroup.CreateInstanceGroup,compute,CreateInstanceGroup,Создание группы ВМ,3 yandex.cloud.audit.compute.instancegroup.DeleteInstanceGroup,compute,DeleteInstanceGroup,Удаление группы ВМ,8 yandex.cloud.audit.compute.instancegroup.StartInstanceGroup,compute,StartInstanceGroup,Запуск группы ВМ,3 yandex.cloud.audit.compute.instancegroup.StopInstanceGroup,compute,StopInstanceGroup,Остановка группы ВМ,3 yandex.cloud.audit.compute.instancegroup.UpdateInstanceGroup,compute,UpdateInstanceGroup,Изменение группы ВМ,3 yandex.cloud.audit.compute.instancegroup.UpdateInstanceGroupAccessBindings,compute,UpdateInstanceGroupAccessBindings,Назначение роли на группу ВМ,5 yandex.cloud.audit.kms.CancelDeleteSymmetricKey,kms,CancelDeleteSymmetricKey,Отмена ранее запланированного уничтожения ключа,8 yandex.cloud.audit.kms.CancelSymmetricKeyVersionDestruction,kms,CancelSymmetricKeyVersionDestruction,Отмена ранее запланированного уничтожения версии симметричного ключа,8 yandex.cloud.audit.kms.CreateSymmetricKey,kms,CreateSymmetricKey,Создание симметричного ключа,8 yandex.cloud.audit.kms.DeleteSymmetricKey,kms,DeleteSymmetricKey,Удаление симметричного ключа,8 yandex.cloud.audit.kms.RotateSymmetricKey,kms,RotateSymmetricKey,Ротация симметричного ключа,8 yandex.cloud.audit.kms.ScheduleSymmetricKeyVersionDestruction,kms,ScheduleSymmetricKeyVersionDestruction,Запланирование уничтожения версии симметричного ключа,8 yandex.cloud.audit.kms.SetPrimarySymmetricKeyVersion,kms,SetPrimarySymmetricKeyVersion,Выбор основной версии симметричного ключа,5 yandex.cloud.audit.kms.SetSymmetricKeyAccessBindings,kms,SetSymmetricKeyAccessBindings,Выбор привязок прав доступа для симметричного ключа,8 yandex.cloud.audit.kms.UpdateSymmetricKey,kms,UpdateSymmetricKey,Изменение симметричного ключа,8 yandex.cloud.audit.kms.UpdateSymmetricKeyAccessBindings,kms,UpdateSymmetricKeyAccessBindings,Обновление привязок прав доступа для симметричного ключа,8 yandex.cloud.audit.storage.BucketAclUpdate,storage,BucketAclUpdate,Изменение ACL бакета,8 yandex.cloud.audit.storage.BucketCorsUpdate,storage,BucketCorsUpdate,Изменение конфигурации CORS бакета,8 yandex.cloud.audit.storage.BucketCreate,storage,BucketCreate,Создание бакета,5 yandex.cloud.audit.storage.BucketDelete,storage,BucketDelete,Удаление бакета,8 yandex.cloud.audit.storage.BucketHttpsUpdate,storage,BucketHttpsUpdate,Изменение HTTPS-конфигурации для бакета,8 yandex.cloud.audit.storage.BucketLifecycleUpdate,storage,BucketLifecycleUpdate,Изменение жизненного цикла объекта в бакете,5 yandex.cloud.audit.storage.BucketPolicyUpdate,storage,BucketPolicyUpdate,Изменение политик доступа бакета,8 yandex.cloud.audit.storage.BucketUpdate,storage,BucketUpdate,Изменение бакета,3 yandex.cloud.audit.storage.BucketWebsiteUpdate,storage,BucketWebsiteUpdate,Изменение конфигурации веб-сайта,3 yandex.cloud.audit.storage.ObjectCreate,storage,ObjectCreate,Создание объекта в бакете,3 yandex.cloud.audit.storage.ObjectDelete,storage,ObjectDelete,Удаление объекта в бакете,5 yandex.cloud.audit.storage.ObjectUpdate,storage,ObjectUpdate,Изменение объекта в бакете,3 yandex.cloud.audit.network.CreateNetwork,network,CreateNetwork,Создание облачной сети,8 yandex.cloud.audit.network.CreateRouteTable,network,CreateRouteTable,Создание таблицы маршрутизации,3 yandex.cloud.audit.network.CreateSecurityGroup,network,CreateSecurityGroup,Создание группы безопасности,8 yandex.cloud.audit.network.CreateSubnet,network,CreateSubnet,Создание облачной подсети,5 yandex.cloud.audit.network.DeleteNetwork,network,DeleteNetwork,Удаление облачной сети,8 yandex.cloud.audit.network.DeleteRouteTable,network,DeleteRouteTable,Удаление таблицы маршрутизации,5 yandex.cloud.audit.network.DeleteSecurityGroup,network,DeleteSecurityGroup,Удаление группы безопасности,8 yandex.cloud.audit.network.DeleteSubnet,network,DeleteSubnet,Удаление облачной подсети,5 yandex.cloud.audit.network.MoveNetwork,network,MoveNetwork,Перемещение облачной сети в другой каталог,5 yandex.cloud.audit.network.MoveRouteTable,network,MoveRouteTable,Перемещение таблицы маршрутизации в другой каталог,3 yandex.cloud.audit.network.MoveSecurityGroup,network,MoveSecurityGroup,Перемещение группы безопасности в другой каталог,8 yandex.cloud.audit.network.MoveSubnet,network,MoveSubnet,Перемещение облачной подсети в другой каталог,5 yandex.cloud.audit.network.UpdateNetwork,network,UpdateNetwork,Изменение облачной сети,5 yandex.cloud.audit.network.UpdateRouteTable,network,UpdateRouteTable,Изменение таблицы маршрутизации,5 yandex.cloud.audit.network.UpdateSecurityGroup,network,UpdateSecurityGroup,Изменение группы безопасности,8 yandex.cloud.audit.network.UpdateSubnet,network,UpdateSubnet,Изменение облачной подсети,5 ================================================ FILE: auditlogs/export-auditlogs-to-ArcSight/arcsight_content/flex/yc.jsonparser.properties ================================================ #Yandex Cloud Cloud Trail JSON log parser #Author: Rodion Chekharin rch@ast-security.ru trigger.node.location=/ token.count=22 token[0].name=event_id token[0].type=String token[0].location=event_id token[1].name=event_type token[1].type=String token[1].location=event_type token[2].name=event_time token[2].type=String token[2].location=event_time token[3].name=authentication_subject_name token[3].type=String token[3].location=authentication//subject_name token[4].name=authentication_subject_id token[4].type=String token[4].location=authentication//subject_id token[5].name=authentication_subject_type token[5].type=String token[5].location=authentication//subject_type token[6].name=event_source token[6].type=String token[6].location=event_source token[7].name=event_status token[7].type=String token[7].location=event_status token[8].name=request_metadata_remote_address token[8].type=String token[8].location=request_metadata//remote_address token[9].name=request_metadata_user_agent token[9].type=String token[9].location=request_metadata//user_agent token[10].name=request_metadata_request_id token[10].type=String token[10].location=request_metadata//request_id token[11].name=details token[11].type=String token[11].format=__uri() token[11].location=details token[12].name=authentication_authenticated token[12].type=String token[12].location=authentication//authenticated token[13].name=authorization_authorized token[13].type=String token[13].location=authorization//authorized token[14].name=resource_metadata token[14].type=String token[14].format=__uri() token[14].location=resource_metadata token[15].name=rm_0_resource_type token[15].type=String token[15].location=resource_metadata//path[0]//resource_type token[16].name=rm_0_resource_id token[16].type=String token[16].location=resource_metadata//path[0]//resource_id token[17].name=rm_0_resource_name token[17].type=String token[17].location=resource_metadata//path[0]//resource_name token[18].name=rm_1_resource_type token[18].type=String token[18].location=resource_metadata//path[1]//resource_type token[19].name=rm_1_resource_id token[19].type=String token[19].location=resource_metadata//path[1]//resource_id token[20].name=rm_1_resource_name token[20].type=String token[20].location=resource_metadata//path[1]//resource_name token[21].name=error_message token[21].type=String token[21].location=error//message event.name=event_type event.sourceUserName=authentication_subject_name event.sourceUserId=authentication_subject_id event.sourceUserPrivileges=authentication_subject_type event.sourceServiceName=event_source event.requestClientApplication=request_metadata_user_agent event.sourceHostName=request_metadata_remote_address event.requestContext=request_metadata_request_id event.deviceCustomString1=details event.deviceCustomString1Label=__stringConstant("details") event.deviceCustomString2=resource_metadata event.deviceCustomString2Label=__stringConstant("resource_metadata") event.deviceCustomString3=authentication_authenticated event.deviceCustomString3Label=__stringConstant("authenticated") event.deviceCustomString4=authorization_authorized event.deviceCustomString4Label=__stringConstant("authorized") event.deviceCustomString5=event_status event.deviceCustomString5Label=__stringConstant("event_status") event.deviceCustomString6=error_message event.deviceCustomString6Label=__stringConstant("error_message") event.fileName=rm_0_resource_name event.filePath=rm_0_resource_id event.fileType=rm_0_resource_type event.oldFileName=rm_1_resource_name event.oldFilePath=rm_1_resource_id event.oldFileType=rm_1_resource_type event.endTime=__parseMultipleTimeStamp(__regexTokenFindAndJoin(event_time,"(.*?)T(.*?)\\..*"," ","",""),"yyyy-MM-dd HH:mm:ss") event.externalId=event_id event.flexString1=event_time event.fileId=__regexTokenNoWarning(details,".*?/details/source_uri:\\"(.*?)\\?.*") event.deviceVendor=__stringConstant("Yandex Cloud") event.deviceProduct=__stringConstant("Yandex Cloud") ================================================ FILE: auditlogs/export-auditlogs-to-ArcSight/arcsight_content/samples/041738547.json ================================================ [{"event_id":"874ac94d-bf3e-412f-ab04-9e7bd47bf61c","event_source":"storage","event_type":"yandex.cloud.audit.storage.ObjectCreate","event_time":"2021-04-29T04:22:27.169917133Z","authentication":{"authenticated":true,"subject_type":"SERVICE_ACCOUNT","subject_id":"yc-sa-audit-trails","subject_name":"yc-sa-audit-trails"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gjoqo9kp7mobp93hd9","resource_name":"audit"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"daa4e14d0fd7de64"},"event_status":"DONE","details":{"bucket_id":"audit-logs","object_id":"trail/cnpkffff46r2h10pb82c/2021/04/29/041238068.json"}}, {"event_id":"aje6ldosda99st3oio2d","event_source":"iam","event_type":"yandex.cloud.audit.iam.CreateServiceAccount","event_time":"2021-04-29T04:26:11Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gjoqo9kp7mobp93hd9","resource_name":"audit"}]},"request_metadata":{"remote_address":"::1","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2220 Yowser/2.5 Safari/537.36","request_id":"1976ee53-3f27-4d7b-af58-d24ef531bb3a"},"event_status":"DONE","details":{"service_account_id":"ajeda6948lbej3igb69r","service_account_name":"sa-test"}}, {"event_id":"dbf67de6-3a14-40fe-9a14-07a25dd0f4d4","event_source":"storage","event_type":"yandex.cloud.audit.storage.ObjectCreate","event_time":"2021-04-29T04:26:08.524607868Z","authentication":{"authenticated":true,"subject_type":"SERVICE_ACCOUNT","subject_id":"aje40000000000000003","subject_name":"billing"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gjoqo9kp7mobp93hd9","resource_name":"audit"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"1a2a3d82c01f4c60"},"event_status":"DONE","details":{"bucket_id":"audit-logs","object_id":"billing/20210429.csv"}}, {"event_id":"ajevjbguvsdcbskurq6e","event_source":"iam","event_type":"yandex.cloud.audit.iam.UpdateServiceAccount","event_time":"2021-04-29T04:26:18Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gjoqo9kp7mobp93hd9","resource_name":"audit"}]},"request_metadata":{"remote_address":"::1","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2220 Yowser/2.5 Safari/537.36","request_id":"7e9e9e11-a0fe-4197-8ec2-ee3271a21873"},"event_status":"DONE","details":{"service_account_id":"ajeda6948lbej3igb69r","service_account_name":"sa-test"}}] ================================================ FILE: auditlogs/export-auditlogs-to-ArcSight/arcsight_content/samples/042624546.json ================================================ [{"event_id":"aje66ojt2ru8be4qvvc3","event_source":"iam","event_type":"yandex.cloud.audit.iam.UpdateServiceAccount","event_time":"2021-04-29T04:26:27Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gjoqo9kp7mobp93hd9","resource_name":"audit"}]},"request_metadata":{"remote_address":"::1","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2220 Yowser/2.5 Safari/537.36","request_id":"81cfc91a-c74e-4216-b563-4ae6fbbd9f26"},"event_status":"DONE","details":{"service_account_id":"ajeda6948lbej3igb69r","service_account_name":"sa-test"}}, {"event_id":"ajedu7ib44d33q42939u","event_source":"iam","event_type":"yandex.cloud.audit.iam.CreateAccessKey","event_time":"2021-04-29T04:26:33Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gjoqo9kp7mobp93hd9","resource_name":"audit"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"fad9630a-c889-43c4-8efc-5e195fb4a772"},"event_status":"DONE","details":{"access_key_id":"aje1ioo1iumrvtf6nbk5","service_account_id":"ajeda6948lbej3igb69r","service_account_name":"sa-test"}}, {"event_id":"ajer1icc05tj228np91e","event_source":"iam","event_type":"yandex.cloud.audit.iam.CreateApiKey","event_time":"2021-04-29T04:26:37Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gjoqo9kp7mobp93hd9","resource_name":"audit"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"87a37458-e161-444d-b3e2-372f6cc5118c"},"event_status":"DONE","details":{"api_key_id":"ajelu9qiafn3fsrj69v9","service_account_id":"ajeda6948lbej3igb69r","service_account_name":"sa-test"}}, {"event_id":"aje1lboe103c6kg8gi8d","event_source":"iam","event_type":"yandex.cloud.audit.iam.CreateKey","event_time":"2021-04-29T04:26:43Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gjoqo9kp7mobp93hd9","resource_name":"audit"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"7ea65922-0f5b-4c1c-9e7d-23e22d1dd638"},"event_status":"DONE","details":{"key_id":"aje33tslrc0t0cv56lre","service_account_id":"ajeda6948lbej3igb69r","service_account_name":"sa-test"}}, {"event_id":"aje70pp45v9b4p7juft4","event_source":"iam","event_type":"yandex.cloud.audit.iam.DeleteKey","event_time":"2021-04-29T04:26:47Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gjoqo9kp7mobp93hd9","resource_name":"audit"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"debc2e80-3296-4570-a32c-226a05f0167f"},"event_status":"DONE","details":{"key_id":"aje33tslrc0t0cv56lre","service_account_id":"ajeda6948lbej3igb69r","service_account_name":"sa-test"}}, {"event_id":"ajepebaq5t49e8hsfva2","event_source":"iam","event_type":"yandex.cloud.audit.iam.DeleteAccessKey","event_time":"2021-04-29T04:26:51Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gjoqo9kp7mobp93hd9","resource_name":"audit"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"bd776fba-cd74-4d63-93b9-712eaefe12be"},"event_status":"DONE","details":{"access_key_id":"aje1ioo1iumrvtf6nbk5","service_account_id":"ajeda6948lbej3igb69r","service_account_name":"sa-test"}}, {"event_id":"ajeq5fphq87330jhbgku","event_source":"iam","event_type":"yandex.cloud.audit.iam.UpdateServiceAccount","event_time":"2021-04-29T04:26:57Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gjoqo9kp7mobp93hd9","resource_name":"audit"}]},"request_metadata":{"remote_address":"::1","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2220 Yowser/2.5 Safari/537.36","request_id":"0d4d3570-de6b-411e-b663-f1cc726aa7ff"},"event_status":"DONE","details":{"service_account_id":"ajeda6948lbej3igb69r","service_account_name":"sa-test-up"}}, {"event_id":"ajel3fis2u6n0ia9mu8k","event_source":"iam","event_type":"yandex.cloud.audit.iam.DeleteApiKey","event_time":"2021-04-29T04:27:01Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gjoqo9kp7mobp93hd9","resource_name":"audit"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"f117bd83-b785-4099-8be3-9e5603708dfb"},"event_status":"DONE","details":{"api_key_id":"ajelu9qiafn3fsrj69v9","service_account_id":"ajeda6948lbej3igb69r","service_account_name":"sa-test-up"}}, {"event_id":"aje92902anari50idj8r","event_source":"iam","event_type":"yandex.cloud.audit.iam.DeleteServiceAccount","event_time":"2021-04-29T04:27:03Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gjoqo9kp7mobp93hd9","resource_name":"audit"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"5cd8db2c-95d5-4618-b8f1-210f75d97cc2"},"event_status":"STARTED","details":{"service_account_id":"ajeda6948lbej3igb69r","service_account_name":"sa-test-up"}}, {"event_id":"aje9fd8qu32ipinqcvee","event_source":"iam","event_type":"yandex.cloud.audit.iam.DeleteServiceAccount","event_time":"2021-04-29T04:27:03Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gjoqo9kp7mobp93hd9","resource_name":"audit"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"5cd8db2c-95d5-4618-b8f1-210f75d97cc2"},"event_status":"DONE","details":{"service_account_id":"ajeda6948lbej3igb69r","service_account_name":"sa-test-up"}}, {"event_id":"b1go6jvil3f5app5p9cs","event_source":"resourcemanager","event_type":"yandex.cloud.audit.resourcemanager.CreateFolder","event_time":"2021-04-29T04:27:12Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gmoeqbv0aa83himv8c","resource_name":"new"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"2a146c02-a07f-4113-b333-1bc83f24a11d"},"event_status":"DONE","details":{"folder_id":"b1gmoeqbv0aa83himv8c","cloud_id":"b1gmgc24pte847evspva","folder_name":"new","cloud_name":"cloud"}}, {"event_id":"enp87nq2crcrk7jpp4dr","event_source":"network","event_type":"yandex.cloud.audit.network.CreateSubnet","event_time":"2021-04-29T04:27:13Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gmoeqbv0aa83himv8c","resource_name":"new"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"bd341908-9c4d-4057-aa1e-05af4d178f90"},"event_status":"DONE","details":{"subnet_id":"b0clg23fplkdrk0r1q7l","subnet_name":"default-ru-central1-c","network_id":"enpi4e0naj24ggb1q2km","network_name":"default","zone_id":"ru-central1-c","v4_cidr_blocks":["10.128.0.0/24"]}}, {"event_id":"enpqq60vedi4ck3inh8i","event_source":"network","event_type":"yandex.cloud.audit.network.CreateNetwork","event_time":"2021-04-29T04:27:13Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gmoeqbv0aa83himv8c","resource_name":"new"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"bd341908-9c4d-4057-aa1e-05af4d178f90"},"event_status":"DONE","details":{"network_id":"enpi4e0naj24ggb1q2km","network_name":"default"}}, {"event_id":"enpe30to9aul4s6s0ajj","event_source":"network","event_type":"yandex.cloud.audit.network.CreateSubnet","event_time":"2021-04-29T04:27:13Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gmoeqbv0aa83himv8c","resource_name":"new"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"bd341908-9c4d-4057-aa1e-05af4d178f90"},"event_status":"DONE","details":{"subnet_id":"e2lq5i79g5onohkjr5gc","subnet_name":"default-ru-central1-b","network_id":"enpi4e0naj24ggb1q2km","network_name":"default","zone_id":"ru-central1-b","v4_cidr_blocks":["10.129.0.0/24"]}}, {"event_id":"enprjv2ltsfcjbj6har0","event_source":"network","event_type":"yandex.cloud.audit.network.CreateSubnet","event_time":"2021-04-29T04:27:13Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gmoeqbv0aa83himv8c","resource_name":"new"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"bd341908-9c4d-4057-aa1e-05af4d178f90"},"event_status":"DONE","details":{"subnet_id":"e9b762klkvfmroi0u3m3","subnet_name":"default-ru-central1-a","network_id":"enpi4e0naj24ggb1q2km","network_name":"default","zone_id":"ru-central1-a","v4_cidr_blocks":["10.130.0.0/24"]}}, {"event_id":"b1gkhf79i0hhsn3b86ua","event_source":"resourcemanager","event_type":"yandex.cloud.audit.resourcemanager.UpdateFolder","event_time":"2021-04-29T04:27:22Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gmoeqbv0aa83himv8c","resource_name":"new"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"5b4e78b1-9b95-49c0-a2e8-4e0966e59d94"},"event_status":"DONE","details":{"folder_id":"b1gmoeqbv0aa83himv8c","cloud_id":"b1gmgc24pte847evspva","folder_name":"new-up","cloud_name":"cloud"}}, {"event_id":"acd76842-a6ea-4c6d-a47b-1caf200deb55","event_source":"storage","event_type":"yandex.cloud.audit.storage.ObjectCreate","event_time":"2021-04-29T04:27:27.346029728Z","authentication":{"authenticated":true,"subject_type":"SERVICE_ACCOUNT","subject_id":"yc-sa-audit-trails","subject_name":"yc-sa-audit-trails"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gjoqo9kp7mobp93hd9","resource_name":"audit"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"809bbed6462b926c"},"event_status":"DONE","details":{"bucket_id":"audit-logs","object_id":"trail/cnpkffff46r2h10pb82c/2021/04/29/041738547.json"}}, {"event_id":"enpcfdk7ggev9v5qbo8q","event_source":"network","event_type":"yandex.cloud.audit.network.CreateRouteTable","event_time":"2021-04-29T04:28:35Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gmoeqbv0aa83himv8c","resource_name":"new"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"56331cec-14a5-4c74-ae88-1943a733d708"},"event_status":"DONE","details":{"route_table_id":"enpddf5j1h98pse5ne9i","route_table_name":"test-route","network_id":"enpi4e0naj24ggb1q2km","network_name":"default","static_routes":[{"destination_prefix":"10.128.0.0/16","next_hop_address":"10.129.0.0"},{"destination_prefix":"10.129.0.0/16","next_hop_address":"10.130.0.0"}]}}, {"event_id":"enp8r4h8j50r5b7v2eed","event_source":"network","event_type":"yandex.cloud.audit.network.UpdateRouteTable","event_time":"2021-04-29T04:28:41Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gmoeqbv0aa83himv8c","resource_name":"new"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"2c70a9f7-5fb3-4946-846f-10521b730508"},"event_status":"DONE","details":{"route_table_id":"enpddf5j1h98pse5ne9i","route_table_name":"test-route","network_id":"enpi4e0naj24ggb1q2km","network_name":"default","static_routes":[{"destination_prefix":"10.128.0.0/16","next_hop_address":"10.129.0.0"}]}}, {"event_id":"enpr5hrrvq7c7232okv7","event_source":"network","event_type":"yandex.cloud.audit.network.UpdateSubnet","event_time":"2021-04-29T04:29:37Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gmoeqbv0aa83himv8c","resource_name":"new"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"020a477b-ce3b-4a3d-899e-9d1b16b9a85b"},"event_status":"DONE","details":{"subnet_id":"b0clg23fplkdrk0r1q7l","subnet_name":"default-ru-central1-c","network_id":"enpi4e0naj24ggb1q2km","network_name":"default","zone_id":"ru-central1-c","v4_cidr_blocks":["10.128.0.0/24"],"dhcp_options":{"domain_name_servers":["10.130.0.5"],"domain_name":"fqdn.ya","ntp_servers":["10.128.0.1"]}}}, {"event_id":"enp4pfqpo8omu6761s4l","event_source":"network","event_type":"yandex.cloud.audit.network.DeleteSubnet","event_time":"2021-04-29T04:29:54Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gmoeqbv0aa83himv8c","resource_name":"new"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"652df7e4-6fbe-405a-bcab-0fd7f18ec35d"},"event_status":"STARTED","details":{"subnet_id":"e2lq5i79g5onohkjr5gc","subnet_name":"default-ru-central1-b","network_id":"enpi4e0naj24ggb1q2km","network_name":"default"}}, {"event_id":"enpro6esaaa6mfn50h8h","event_source":"network","event_type":"yandex.cloud.audit.network.UpdateSubnet","event_time":"2021-04-29T04:29:49Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gmoeqbv0aa83himv8c","resource_name":"new"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"ba701584-66e6-45d4-9582-7d4eb7c02a36"},"event_status":"DONE","details":{"subnet_id":"e9b762klkvfmroi0u3m3","subnet_name":"default-ru-central1-a","network_id":"enpi4e0naj24ggb1q2km","network_name":"default","zone_id":"ru-central1-a","v4_cidr_blocks":["10.130.0.0/24"],"route_table_id":"enpddf5j1h98pse5ne9i","route_table_name":"test-route","dhcp_options":{}}}, {"event_id":"enpf1lujt36ujl37rfpo","event_source":"network","event_type":"yandex.cloud.audit.network.DeleteSubnet","event_time":"2021-04-29T04:29:58Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gmoeqbv0aa83himv8c","resource_name":"new"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"652df7e4-6fbe-405a-bcab-0fd7f18ec35d"},"event_status":"DONE","details":{"subnet_id":"e2lq5i79g5onohkjr5gc","subnet_name":"default-ru-central1-b","network_id":"enpi4e0naj24ggb1q2km","network_name":"default"}}, {"event_id":"enpfsc3hbav8s9iteuih","event_source":"network","event_type":"yandex.cloud.audit.network.CreateSubnet","event_time":"2021-04-29T04:30:14Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gmoeqbv0aa83himv8c","resource_name":"new"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"99bf3fc6-e832-4867-83bc-92ea759b360d"},"event_status":"DONE","details":{"subnet_id":"b0cbiuhk8vm72lh31046","subnet_name":"new","network_id":"enpi4e0naj24ggb1q2km","network_name":"default","zone_id":"ru-central1-c","v4_cidr_blocks":["10.131.0.0/16"],"dhcp_options":{}}}, {"event_id":"enpqpvmqn4vou0868krr","event_source":"network","event_type":"yandex.cloud.audit.network.DeleteSubnet","event_time":"2021-04-29T04:30:21Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gmoeqbv0aa83himv8c","resource_name":"new"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"93750938-d9ad-4780-949f-876690447a9b"},"event_status":"STARTED","details":{"subnet_id":"e9b762klkvfmroi0u3m3","subnet_name":"default-ru-central1-a","network_id":"enpi4e0naj24ggb1q2km","network_name":"default"}}, {"event_id":"enpqpt6nkauq5vgii6b6","event_source":"network","event_type":"yandex.cloud.audit.network.DeleteSubnet","event_time":"2021-04-29T04:30:24Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gmoeqbv0aa83himv8c","resource_name":"new"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"44fc29fb-a4af-4dfe-b2aa-da457a020872"},"event_status":"STARTED","details":{"subnet_id":"b0clg23fplkdrk0r1q7l","subnet_name":"default-ru-central1-c","network_id":"enpi4e0naj24ggb1q2km","network_name":"default"}}, {"event_id":"enp069irh1ae9s659qru","event_source":"network","event_type":"yandex.cloud.audit.network.DeleteSubnet","event_time":"2021-04-29T04:30:28Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gmoeqbv0aa83himv8c","resource_name":"new"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"1b2d4b2e-b04e-4b0f-8337-c2b54e9681af"},"event_status":"STARTED","details":{"subnet_id":"b0cbiuhk8vm72lh31046","subnet_name":"new","network_id":"enpi4e0naj24ggb1q2km","network_name":"default"}}, {"event_id":"enps9fv4bj2s93fbgabr","event_source":"network","event_type":"yandex.cloud.audit.network.DeleteSubnet","event_time":"2021-04-29T04:30:26Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gmoeqbv0aa83himv8c","resource_name":"new"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"93750938-d9ad-4780-949f-876690447a9b"},"event_status":"DONE","details":{"subnet_id":"e9b762klkvfmroi0u3m3","subnet_name":"default-ru-central1-a","network_id":"enpi4e0naj24ggb1q2km","network_name":"default"}}, {"event_id":"enp3p7rc8p929u32un4o","event_source":"network","event_type":"yandex.cloud.audit.network.DeleteSubnet","event_time":"2021-04-29T04:30:29Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gmoeqbv0aa83himv8c","resource_name":"new"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"1b2d4b2e-b04e-4b0f-8337-c2b54e9681af"},"event_status":"DONE","details":{"subnet_id":"b0cbiuhk8vm72lh31046","subnet_name":"new","network_id":"enpi4e0naj24ggb1q2km","network_name":"default"}}, {"event_id":"enpam0appkiuqeeu28kh","event_source":"network","event_type":"yandex.cloud.audit.network.DeleteSubnet","event_time":"2021-04-29T04:30:31Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gmoeqbv0aa83himv8c","resource_name":"new"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"44fc29fb-a4af-4dfe-b2aa-da457a020872"},"event_status":"DONE","details":{"subnet_id":"b0clg23fplkdrk0r1q7l","subnet_name":"default-ru-central1-c","network_id":"enpi4e0naj24ggb1q2km","network_name":"default"}}, {"event_id":"enp1t3bvtr33go6957um","event_source":"network","event_type":"yandex.cloud.audit.network.CreateSubnet","event_time":"2021-04-29T04:31:01Z","authentication":{"authenticated":true,"subject_type":"YANDEX_PASSPORT_USER_ACCOUNT","subject_id":"aje9gjkm722tas3pf0cm","subject_name":"xseiko"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1gmgc24pte847evspva","resource_name":"cloud"},{"resource_type":"resource-manager.folder","resource_id":"b1gmoeqbv0aa83himv8c","resource_name":"new"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"bae7b3aa-b950-482f-9e1a-aa2b37854ad8"},"event_status":"DONE","details":{"subnet_id":"b0c3jbhbrj3h2u3fgpo7","subnet_name":"a","network_id":"enpi4e0naj24ggb1q2km","network_name":"default","zone_id":"ru-central1-c","v4_cidr_blocks":["10.128.0.0/16"],"route_table_id":"enpddf5j1h98pse5ne9i","route_table_name":"test-route","dhcp_options":{}}}] ================================================ FILE: auditlogs/export-auditlogs-to-ArcSight/arcsight_content/samples/134730901.json ================================================ [{"event_id":"ffb497d2-ec5f-4d81-ade0-4a587c9fb7ff","event_source":"storage","event_type":"yandex.cloud.audit.storage.BucketAclUpdate","event_time":"2021-06-23T13:45:33.776046961Z","authentication":{"authenticated":true,"subject_type":"FEDERATED_USER_ACCOUNT","subject_id":"ajesnkfkc77lbh50isvg","subject_name":"mirtov8@yandex-team.ru"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1g3o4minpkuh10pd2rj","resource_name":"arch"},{"resource_type":"resource-manager.folder","resource_id":"b1gci8pu7s2seup3mpor","resource_name":"mirtov-terraform-play"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"58cf8e77-3eb8-44d1-9855-87df7b6ad7ed"},"event_status":"DONE","details":{"bucket_id":"audittrail8","rule":"{\"Grants\":[{\"Permission\":\"WRITE\",\"GrantType\":\"allAuthenticatedUsers\",\"GranteeID\":\"\"},{\"Permission\":\"READ\",\"GrantType\":\"allAuthenticatedUsers\",\"GranteeID\":\"\"}]}"}}, {"event_id":"fd8df7emt6fss18tnima","event_source":"compute","event_type":"yandex.cloud.audit.compute.CreateInstance","event_time":"2021-06-23T13:46:45.152652818Z","authentication":{"authenticated":true,"subject_type":"FEDERATED_USER_ACCOUNT","subject_id":"ajesnkfkc77lbh50isvg","subject_name":"mirtov8@yandex-team.ru"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1g3o4minpkuh10pd2rj","resource_name":"arch"},{"resource_type":"resource-manager.folder","resource_id":"b1gci8pu7s2seup3mpor","resource_name":"mirtov-terraform-play"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"ea23bbcd-950e-4d10-9a53-f75d20e13191"},"event_status":"STARTED","details":{"instance_id":"fhm1k8t2unq06o39iusm","instance_name":"mirtov-vm","zone_id":"ru-central1-a","platform_id":"standard-v2","metadata_keys":["serial-port-enable","user-data","ssh-keys"],"metadata_serial_port_enable":"1","network_settings":{"type":"STANDARD"},"placement_policy":{},"os":{"type":"LINUX"},"product_ids":["f2efrqfcllr7ns1o7b1t"],"resources_spec":{"memory":"2147483648","cores":"2","core_fraction":"100"},"boot_disk_spec":{"auto_delete":true,"disk_spec":{"type_id":"network-hdd","size":"13958643712","image_id":"fd83klic6c8gfgi40urb"}},"network_interface_specs":[{"subnet_id":"e9boih92qspkol5morvl","primary_v4_address_spec":{"one_to_one_nat_spec":{"ip_version":"IPV4"}}}],"hostname":"mirtov-vm"}}, {"event_id":"fd8jslbueee64v1iou55","event_source":"compute","event_type":"yandex.cloud.audit.compute.CreateDisk","event_time":"2021-06-23T13:46:50.344308340Z","authentication":{"authenticated":true,"subject_type":"FEDERATED_USER_ACCOUNT","subject_id":"ajesnkfkc77lbh50isvg","subject_name":"mirtov8@yandex-team.ru"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1g3o4minpkuh10pd2rj","resource_name":"arch"},{"resource_type":"resource-manager.folder","resource_id":"b1gci8pu7s2seup3mpor","resource_name":"mirtov-terraform-play"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"ea23bbcd-950e-4d10-9a53-f75d20e13191"},"event_status":"STARTED","details":{"disk_id":"fhmi0a0i0lndgkcijp5k","type_id":"network-hdd","zone_id":"ru-central1-a","size":"13958643712","block_size":"4096","source_image_id":"fd83klic6c8gfgi40urb"}}, {"event_id":"fd89rad1190vkl7bac83","event_source":"compute","event_type":"yandex.cloud.audit.compute.CreateDisk","event_time":"2021-06-23T13:47:19.373076665Z","authentication":{"authenticated":true,"subject_type":"FEDERATED_USER_ACCOUNT","subject_id":"ajesnkfkc77lbh50isvg","subject_name":"mirtov8@yandex-team.ru"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1g3o4minpkuh10pd2rj","resource_name":"arch"},{"resource_type":"resource-manager.folder","resource_id":"b1gci8pu7s2seup3mpor","resource_name":"mirtov-terraform-play"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"ea23bbcd-950e-4d10-9a53-f75d20e13191"},"event_status":"DONE","details":{"disk_id":"fhmi0a0i0lndgkcijp5k","type_id":"network-hdd","zone_id":"ru-central1-a","size":"13958643712","block_size":"4096","source_image_id":"fd83klic6c8gfgi40urb"}}, {"event_id":"fd8q73fvd2hgeuaamgbu","event_source":"compute","event_type":"yandex.cloud.audit.compute.CreateInstance","event_time":"2021-06-23T13:47:24.958241213Z","authentication":{"authenticated":true,"subject_type":"FEDERATED_USER_ACCOUNT","subject_id":"ajesnkfkc77lbh50isvg","subject_name":"mirtov8@yandex-team.ru"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1g3o4minpkuh10pd2rj","resource_name":"arch"},{"resource_type":"resource-manager.folder","resource_id":"b1gci8pu7s2seup3mpor","resource_name":"mirtov-terraform-play"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"ea23bbcd-950e-4d10-9a53-f75d20e13191"},"event_status":"DONE","details":{"instance_id":"fhm1k8t2unq06o39iusm","instance_name":"mirtov-vm","zone_id":"ru-central1-a","platform_id":"standard-v2","metadata_keys":["serial-port-enable","ssh-keys","user-data"],"metadata_serial_port_enable":"1","network_settings":{"type":"STANDARD"},"placement_policy":{},"os":{"type":"LINUX"},"product_ids":["f2efrqfcllr7ns1o7b1t"],"resources":{"memory":"2147483648","cores":"2","core_fraction":"100"},"boot_disk":{"mode":"READ_WRITE","device_name":"fhmi0a0i0lndgkcijp5k","auto_delete":true,"disk_id":"fhmi0a0i0lndgkcijp5k"},"network_interfaces":[{"index":"0","mac_address":"d0:0d:1a:23:a2:f5","subnet_id":"e9boih92qspkol5morvl","primary_v4_address":{"address":"10.128.0.38","one_to_one_nat":{"address":"217.28.229.41","ip_version":"IPV4"}}}],"fqdn":"mirtov-vm.ru-central1.internal"}}] ================================================ FILE: auditlogs/export-auditlogs-to-ArcSight/arcsight_content/samples/151859118.json ================================================ [{"event_id":"enpp3pi7h4l4b0m24ue4","event_source":"network","event_type":"yandex.cloud.audit.network.CreateSubnet","event_time":"2021-06-23T15:17:02Z","authentication":{"authenticated":true,"subject_type":"FEDERATED_USER_ACCOUNT","subject_id":"ajesnkfkc77lbh50isvg","subject_name":"mirtov8@yandex-team.ru"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1g3o4minpkuh10pd2rj","resource_name":"arch"},{"resource_type":"resource-manager.folder","resource_id":"b1gci8pu7s2seup3mpor","resource_name":"mirtov-terraform-play"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"79884134-4361-46ee-a9a2-65e9fcb35e85"},"event_status":"DONE","details":{"subnet_id":"b0ch23oq7rtm0lm492f2","subnet_name":"network2-ru-central1-c","network_id":"enpts3d6kimgeqsnbava","network_name":"network2","zone_id":"ru-central1-c","v4_cidr_blocks":["10.130.0.0/24"]}}, {"event_id":"enpk7uj6kfqk19ngkanf","event_source":"network","event_type":"yandex.cloud.audit.network.CreateSubnet","event_time":"2021-06-23T15:17:02Z","authentication":{"authenticated":true,"subject_type":"FEDERATED_USER_ACCOUNT","subject_id":"ajesnkfkc77lbh50isvg","subject_name":"mirtov8@yandex-team.ru"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1g3o4minpkuh10pd2rj","resource_name":"arch"},{"resource_type":"resource-manager.folder","resource_id":"b1gci8pu7s2seup3mpor","resource_name":"mirtov-terraform-play"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"79884134-4361-46ee-a9a2-65e9fcb35e85"},"event_status":"DONE","details":{"subnet_id":"e2ltt46g6q53bhla216h","subnet_name":"network2-ru-central1-b","network_id":"enpts3d6kimgeqsnbava","network_name":"network2","zone_id":"ru-central1-b","v4_cidr_blocks":["10.129.0.0/24"]}}, {"event_id":"enplo8bn7tc9a61k6mie","event_source":"network","event_type":"yandex.cloud.audit.network.CreateSubnet","event_time":"2021-06-23T15:17:01Z","authentication":{"authenticated":true,"subject_type":"FEDERATED_USER_ACCOUNT","subject_id":"ajesnkfkc77lbh50isvg","subject_name":"mirtov8@yandex-team.ru"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1g3o4minpkuh10pd2rj","resource_name":"arch"},{"resource_type":"resource-manager.folder","resource_id":"b1gci8pu7s2seup3mpor","resource_name":"mirtov-terraform-play"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"79884134-4361-46ee-a9a2-65e9fcb35e85"},"event_status":"DONE","details":{"subnet_id":"e9bseb3ka2rfnkscjh5h","subnet_name":"network2-ru-central1-a","network_id":"enpts3d6kimgeqsnbava","network_name":"network2","zone_id":"ru-central1-a","v4_cidr_blocks":["10.128.0.0/24"]}}, {"event_id":"enp0tkpbd0gtndcc0346","event_source":"network","event_type":"yandex.cloud.audit.network.CreateNetwork","event_time":"2021-06-23T15:17:01Z","authentication":{"authenticated":true,"subject_type":"FEDERATED_USER_ACCOUNT","subject_id":"ajesnkfkc77lbh50isvg","subject_name":"mirtov8@yandex-team.ru"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1g3o4minpkuh10pd2rj","resource_name":"arch"},{"resource_type":"resource-manager.folder","resource_id":"b1gci8pu7s2seup3mpor","resource_name":"mirtov-terraform-play"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"79884134-4361-46ee-a9a2-65e9fcb35e85"},"event_status":"DONE","details":{"network_id":"enpts3d6kimgeqsnbava","network_name":"network2"}}, {"event_id":"fd87murm7oqgvg5b44rg","event_source":"compute","event_type":"yandex.cloud.audit.compute.CreateInstance","event_time":"2021-06-23T15:17:50.281547936Z","authentication":{"authenticated":true,"subject_type":"FEDERATED_USER_ACCOUNT","subject_id":"ajesnkfkc77lbh50isvg","subject_name":"mirtov8@yandex-team.ru"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1g3o4minpkuh10pd2rj","resource_name":"arch"},{"resource_type":"resource-manager.folder","resource_id":"b1gci8pu7s2seup3mpor","resource_name":"mirtov-terraform-play"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"763a4da3-8c2e-4817-b9b5-579204174e18"},"event_status":"STARTED","details":{"instance_id":"fhmkf7a1fdt7a1vead5o","instance_name":"testvm-1","zone_id":"ru-central1-a","platform_id":"standard-v2","metadata_keys":["user-data","ssh-keys"],"network_settings":{"type":"STANDARD"},"placement_policy":{},"os":{"type":"LINUX"},"product_ids":["f2efrqfcllr7ns1o7b1t"],"resources_spec":{"memory":"2147483648","cores":"2","core_fraction":"100"},"boot_disk_spec":{"auto_delete":true,"disk_spec":{"type_id":"network-hdd","size":"13958643712","image_id":"fd83klic6c8gfgi40urb"}},"network_interface_specs":[{"subnet_id":"e9bseb3ka2rfnkscjh5h","primary_v4_address_spec":{}},{"subnet_id":"e9boih92qspkol5morvl","primary_v4_address_spec":{"one_to_one_nat_spec":{"ip_version":"IPV4"}}}],"hostname":"testvm-1"}}, {"event_id":"fd8lcdmv6nrv99sql62h","event_source":"compute","event_type":"yandex.cloud.audit.compute.CreateDisk","event_time":"2021-06-23T15:17:58.705112302Z","authentication":{"authenticated":true,"subject_type":"FEDERATED_USER_ACCOUNT","subject_id":"ajesnkfkc77lbh50isvg","subject_name":"mirtov8@yandex-team.ru"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1g3o4minpkuh10pd2rj","resource_name":"arch"},{"resource_type":"resource-manager.folder","resource_id":"b1gci8pu7s2seup3mpor","resource_name":"mirtov-terraform-play"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"763a4da3-8c2e-4817-b9b5-579204174e18"},"event_status":"STARTED","details":{"disk_id":"fhmrbqfra0hhshklpan6","type_id":"network-hdd","zone_id":"ru-central1-a","size":"13958643712","block_size":"4096","source_image_id":"fd83klic6c8gfgi40urb"}}, {"event_id":"fd88suird4lbid8jf9pl","event_source":"compute","event_type":"yandex.cloud.audit.compute.CreateInstance","event_time":"2021-06-23T15:18:17.728252180Z","authentication":{"authenticated":true,"subject_type":"FEDERATED_USER_ACCOUNT","subject_id":"ajesnkfkc77lbh50isvg","subject_name":"mirtov8@yandex-team.ru"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1g3o4minpkuh10pd2rj","resource_name":"arch"},{"resource_type":"resource-manager.folder","resource_id":"b1gci8pu7s2seup3mpor","resource_name":"mirtov-terraform-play"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"31d33f4c-3620-46b3-a514-3b5a9ea8d287"},"event_status":"STARTED","details":{"instance_id":"fhmqsba32d4jnjm9njoc","instance_name":"testvm-2","zone_id":"ru-central1-a","platform_id":"standard-v2","metadata_keys":["user-data","ssh-keys"],"network_settings":{"type":"STANDARD"},"placement_policy":{},"os":{"type":"LINUX"},"product_ids":["f2efrqfcllr7ns1o7b1t"],"resources_spec":{"memory":"2147483648","cores":"2","core_fraction":"100"},"boot_disk_spec":{"auto_delete":true,"disk_spec":{"type_id":"network-hdd","size":"13958643712","image_id":"fd83klic6c8gfgi40urb"}},"network_interface_specs":[{"subnet_id":"e9bseb3ka2rfnkscjh5h","primary_v4_address_spec":{}}],"hostname":"testvm-2"}}, {"event_id":"fd8ub74dksq0tn2gtve1","event_source":"compute","event_type":"yandex.cloud.audit.compute.CreateDisk","event_time":"2021-06-23T15:18:22.478080617Z","authentication":{"authenticated":true,"subject_type":"FEDERATED_USER_ACCOUNT","subject_id":"ajesnkfkc77lbh50isvg","subject_name":"mirtov8@yandex-team.ru"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1g3o4minpkuh10pd2rj","resource_name":"arch"},{"resource_type":"resource-manager.folder","resource_id":"b1gci8pu7s2seup3mpor","resource_name":"mirtov-terraform-play"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"31d33f4c-3620-46b3-a514-3b5a9ea8d287"},"event_status":"STARTED","details":{"disk_id":"fhm16l5iq7j2vrd5uojp","type_id":"network-hdd","zone_id":"ru-central1-a","size":"13958643712","block_size":"4096","source_image_id":"fd83klic6c8gfgi40urb"}}, {"event_id":"fd8iiuolqlqcdhr1dqfs","event_source":"compute","event_type":"yandex.cloud.audit.compute.CreateDisk","event_time":"2021-06-23T15:18:25.013041715Z","authentication":{"authenticated":true,"subject_type":"FEDERATED_USER_ACCOUNT","subject_id":"ajesnkfkc77lbh50isvg","subject_name":"mirtov8@yandex-team.ru"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1g3o4minpkuh10pd2rj","resource_name":"arch"},{"resource_type":"resource-manager.folder","resource_id":"b1gci8pu7s2seup3mpor","resource_name":"mirtov-terraform-play"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"763a4da3-8c2e-4817-b9b5-579204174e18"},"event_status":"DONE","details":{"disk_id":"fhmrbqfra0hhshklpan6","type_id":"network-hdd","zone_id":"ru-central1-a","size":"13958643712","block_size":"4096","source_image_id":"fd83klic6c8gfgi40urb"}}, {"event_id":"fd8ts0dk0vk5fq5rdmp9","event_source":"compute","event_type":"yandex.cloud.audit.compute.CreateInstance","event_time":"2021-06-23T15:18:32.321366622Z","authentication":{"authenticated":true,"subject_type":"FEDERATED_USER_ACCOUNT","subject_id":"ajesnkfkc77lbh50isvg","subject_name":"mirtov8@yandex-team.ru"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1g3o4minpkuh10pd2rj","resource_name":"arch"},{"resource_type":"resource-manager.folder","resource_id":"b1gci8pu7s2seup3mpor","resource_name":"mirtov-terraform-play"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"763a4da3-8c2e-4817-b9b5-579204174e18"},"event_status":"DONE","details":{"instance_id":"fhmkf7a1fdt7a1vead5o","instance_name":"testvm-1","zone_id":"ru-central1-a","platform_id":"standard-v2","metadata_keys":["ssh-keys","user-data"],"network_settings":{"type":"STANDARD"},"placement_policy":{},"os":{"type":"LINUX"},"product_ids":["f2efrqfcllr7ns1o7b1t"],"resources":{"memory":"2147483648","cores":"2","core_fraction":"100"},"boot_disk":{"mode":"READ_WRITE","device_name":"fhmrbqfra0hhshklpan6","auto_delete":true,"disk_id":"fhmrbqfra0hhshklpan6"},"network_interfaces":[{"index":"0","mac_address":"d0:0d:14:79:d4:17","subnet_id":"e9bseb3ka2rfnkscjh5h","primary_v4_address":{"address":"10.128.0.18"}},{"index":"1","mac_address":"d0:1d:14:79:d4:17","subnet_id":"e9boih92qspkol5morvl","primary_v4_address":{"address":"10.128.0.37","one_to_one_nat":{"address":"84.201.133.218","ip_version":"IPV4"}}}],"fqdn":"testvm-1.ru-central1.internal"}}, {"event_id":"fd8invafhc3f6u1nrglc","event_source":"compute","event_type":"yandex.cloud.audit.compute.CreateInstance","event_time":"2021-06-23T15:18:56.162775830Z","authentication":{"authenticated":true,"subject_type":"FEDERATED_USER_ACCOUNT","subject_id":"ajesnkfkc77lbh50isvg","subject_name":"mirtov8@yandex-team.ru"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1g3o4minpkuh10pd2rj","resource_name":"arch"},{"resource_type":"resource-manager.folder","resource_id":"b1gci8pu7s2seup3mpor","resource_name":"mirtov-terraform-play"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"31d33f4c-3620-46b3-a514-3b5a9ea8d287"},"event_status":"DONE","details":{"instance_id":"fhmqsba32d4jnjm9njoc","instance_name":"testvm-2","zone_id":"ru-central1-a","platform_id":"standard-v2","metadata_keys":["ssh-keys","user-data"],"network_settings":{"type":"STANDARD"},"placement_policy":{},"os":{"type":"LINUX"},"product_ids":["f2efrqfcllr7ns1o7b1t"],"resources":{"memory":"2147483648","cores":"2","core_fraction":"100"},"boot_disk":{"mode":"READ_WRITE","device_name":"fhm16l5iq7j2vrd5uojp","auto_delete":true,"disk_id":"fhm16l5iq7j2vrd5uojp"},"network_interfaces":[{"index":"0","mac_address":"d0:0d:1a:e2:d4:31","subnet_id":"e9bseb3ka2rfnkscjh5h","primary_v4_address":{"address":"10.128.0.22"}}],"fqdn":"testvm-2.ru-central1.internal"}}, {"event_id":"fd8mdilhut48vgqjer7c","event_source":"compute","event_type":"yandex.cloud.audit.compute.CreateDisk","event_time":"2021-06-23T15:18:49.153523493Z","authentication":{"authenticated":true,"subject_type":"FEDERATED_USER_ACCOUNT","subject_id":"ajesnkfkc77lbh50isvg","subject_name":"mirtov8@yandex-team.ru"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1g3o4minpkuh10pd2rj","resource_name":"arch"},{"resource_type":"resource-manager.folder","resource_id":"b1gci8pu7s2seup3mpor","resource_name":"mirtov-terraform-play"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"31d33f4c-3620-46b3-a514-3b5a9ea8d287"},"event_status":"DONE","details":{"disk_id":"fhm16l5iq7j2vrd5uojp","type_id":"network-hdd","zone_id":"ru-central1-a","size":"13958643712","block_size":"4096","source_image_id":"fd83klic6c8gfgi40urb"}}] ================================================ FILE: auditlogs/export-auditlogs-to-ArcSight/arcsight_content/samples/155732665.json ================================================ [{"event_id":"aje08icd1utpv6sdut0s","event_source":"iam","event_type":"yandex.cloud.audit.iam.CreateAccessKey","event_time":"2021-06-23T15:56:06Z","authentication":{"authenticated":true,"subject_type":"FEDERATED_USER_ACCOUNT","subject_id":"ajesnkfkc77lbh50isvg","subject_name":"mirtov8@yandex-team.ru"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1g3o4minpkuh10pd2rj","resource_name":"arch"},{"resource_type":"resource-manager.folder","resource_id":"b1gci8pu7s2seup3mpor","resource_name":"mirtov-terraform-play"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"145de09e-f419-41b4-9e05-ee6dd4e21d71"},"event_status":"DONE","details":{"access_key_id":"ajen8cbt6s3100qlq2eo","service_account_id":"ajebn2q9kbq1nnmtukjv","service_account_name":"sa-ta"}}, {"event_id":"ajehpht38uh1q0povo7j","event_source":"iam","event_type":"yandex.cloud.audit.iam.CreateApiKey","event_time":"2021-06-23T15:57:22Z","authentication":{"authenticated":true,"subject_type":"FEDERATED_USER_ACCOUNT","subject_id":"ajesnkfkc77lbh50isvg","subject_name":"mirtov8@yandex-team.ru"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1g3o4minpkuh10pd2rj","resource_name":"arch"},{"resource_type":"resource-manager.folder","resource_id":"b1gci8pu7s2seup3mpor","resource_name":"mirtov-terraform-play"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"f66ff0de-53c1-4345-9c52-f3fd8dbdca04"},"event_status":"DONE","details":{"api_key_id":"aje9egud0e2a3206nv67","service_account_id":"ajebn2q9kbq1nnmtukjv","service_account_name":"sa-ta"}}, {"event_id":"ajelp2ual7c97ilksh3a","event_source":"iam","event_type":"yandex.cloud.audit.iam.CreateKey","event_time":"2021-06-23T15:57:29Z","authentication":{"authenticated":true,"subject_type":"FEDERATED_USER_ACCOUNT","subject_id":"ajesnkfkc77lbh50isvg","subject_name":"mirtov8@yandex-team.ru"},"authorization":{"authorized":true},"resource_metadata":{"path":[{"resource_type":"resource-manager.cloud","resource_id":"b1g3o4minpkuh10pd2rj","resource_name":"arch"},{"resource_type":"resource-manager.folder","resource_id":"b1gci8pu7s2seup3mpor","resource_name":"mirtov-terraform-play"}]},"request_metadata":{"remote_address":"cloud.yandex","user_agent":"Yandex Cloud","request_id":"892c12c6-ad02-426b-b375-38de7fdb6190"},"event_status":"DONE","details":{"key_id":"ajeq63no01b6p83mtt7s","service_account_id":"ajebn2q9kbq1nnmtukjv","service_account_name":"sa-ta"}}] ================================================ FILE: auditlogs/export-auditlogs-to-ArcSight/images/arcsight.drawio ================================================ 7L1Z16M4sjb6a3qtcy66F6Mxl2LGNpOZDDdnMZnRYAM2w68/ku23MrMqu7v27qre/e3PXvkmICQhRYQingjC8l9I/jLLfXQttC7Nmr8QWDr/hRT+QhA4SePwgEqWVwmLsa+CvC/Td6VvBXa5Zu9C7F16L9Ns+KHi2HXNWF5/LEy6ts2S8YeyqO+76cdq56758anXKM9+U2AnUfPbUr9Mx+Jdim/YbzeUrMyL96O3BPO6cYm+Kr9nMhRR2k3fFZHiX0i+77rxdXaZ+axBxPuiy6ud9Hfu/jKwPmvH39PgSOBj7wbnSakMLraDqHD+v7++e3lEzf094fdgx+WLAn13b9MMdYL/heSmohwz+xol6O4EeQ7LivHSvG//MkkMXuRNNAzv86HOxqR4X5y7dnyzGt/A66hPvi7R7SgeuuY+ZuBbMWpUNg3fNV0Pr9uuzVCnY9/Vv/CF+KXkq9pfCJLBGHaLOv0tub7mnvVjNn9X9CafnHWXbOwXWOV9d0O9WfmW5V9YO32TDJp8lxXfCQW9fRdGb2nMf+n7G8PgyZtnP+efNZiDndatGU5V4wEHWybvr1/S9n80A79j1/mcxlT6U9b+AQzE2X/OQHLzZzHQtCp5NoSB3/+1v3h+8fBX9a/b37ArS6ECel92/Vh0eddGjfitlPvGUETsb3UOXXd907rKxnF50z66j92PTM7mcjyh5n/bYNv3dfDdPWF+9/28WL4uWjjh01c1dBE8+6C/Lr81e159tfsNkzlWxAD9UyajB5pZX0LiZv27/d9l/NDd+yT7B6uDeivpMerzbPwHapB+1UOk/4dy1GdNNJaPH23Dz2Ti3dTsSjjmb/IHVcgPAojjv5Kr10jfzX4lWr+M43dJ28/VPfU/K24M/W+QtqgfAbL836sZWCaViFbvFulXjQSpuDJ5Fb6r4P9Fof1jBfTnFck/WkL/JbPzNe7/LWbn7zCX/GPMDkv/aHao31odgv6J1cGpPws2UL9l179VD/x+NfBnLefN8/NzG/Sleb5TNsEPuubnmue/rwa+Kv5qdf8OvUBs/xRDtSWJHySWZv40O/UPCfK/Rb/Q0C88n/8sWLthf+QWwf4E1pLb3yqYX7TOv6JgsOqvj4uq7gKObdSYk3wptP76P4oz8O+0yzdd809gBvaXfw3UYhjLYtg/YPFvFvd/CzD8Xr3whwBYqFWj5bsKV7Teh7+vNn5xk5Yvwdx+L0n/tD6F07+SvNcI/lDdQn1Uy+9XLQSz+ZGjGPu3N5O+1y6/ONY/wBdm+yfBF/I3LDTiCkX/CMweux6F9H7NUsilKzotL8+AH4dIUCZQuURx1pjdUI5l18L7cTeO3eW7CqApc3RjREqIezYHw/UVanxy7uviXM5IZLj3E4Q0GqO/kOB1SUjDI/8Lwc1QbAjeVHQiXDgq9ud7smJlpByxROgeBzIl04UmtYV+JJfkoVVg0nh2TS9JqSrpNVSOnWmrq1aqeSR715AosK/r9NI0KbZ7ZAJWajyYVEFbnn8ld4n8eTDt3T0m6EatqItKFoWxzlNwOnaqbLFqjcH6ImGtINcXatYrDdN5QB4qkdBWC1MFkGtOkGtSMFmrih2qfNUreM0D+Ozv66FnioRXob7Q+Xd1K+tuCBqhl8828/PYBKtWa79qD76vO33158M5hpdmiOH81NVdDGEnH0v1YZZBlckiYypckcr5qw6PL6k/N3DOTXrx4LyPNaRDFcvNdDjt8Fh2WfXiEaFPP0LZKt80WOC4KDg/OIbkDue/aDZFwHM4HjHXsXzWXG3WeAp7ljlPWsFzEY6x8DWHU7Vq5xvSVdcqDd7fCa+j+OqrRH2JM6QJotFsw3bWWqN7s2YDGpUdKis3bHjdBLMu5ouGB/D8qqMy3YXXmLZoC4XDujiiLTqiNhr6c0IfPl94nlfqHdIO1YXPVNevP1toBOM5fnSdf9Wj0JhePINljovGRD37ddzneHQPzslB/cI5OoWgOfldt2H/cOzovmE/x4TmQFvr8/hun6P+Z4N//4k5nBek4Ytu8Lni+q0uolUjvI71s92rnopk4Hn8XgZSorimslse1i95nh4JGbZmjhY8+veDzqX/GH1I0vSP+pBgfqYPv+Dz9+rwq+wP14a/wxf/L2u/Bt3goqTOn7bwhwgt+vxdBflzdfiDxvw7CvLaQgXJlx5nHCdsL+cdgB/ddgvRzeEZ+gMq4IEGj4JwLR0VlQBS523PUnlQxZQLu3nW40+c6p9gTaV7AMBtDpN4hvfOjx26K5+Okq8cnZgIsZSQltDioOJN7pFP9wmhF4ns3mNy116gwqa2Mupx4ixHOkqIUV//wOfz+Xw+/1d++MUgKQuemCzm1rQDgAghlyVxeaLyVncQAGYIMziKheZKx+Akc3Ukz1OqFNtctdVqx7uX3ZJf9+UwHGzqoQniAgEQrlcJZTgdY0JFSXAmxnFWrYtHN1Rssdnb2Kw7NWu53s7xJM/38CL0mzE5efQ5kKUyII5NeEm7yL/2sYxDHcbNSatj6SkkM6XZZOTMnlvYMciDvVCovlxQ5a7s7loVbMx6J9s1bXvNNQsu4S1ud0TWbviiuxn1NYra2/5yu22Wsb/BHqYh3q/jwSdGpqTv/X37iKGjIE2awk9bR5qHs7ok/WHVSGNlhSM2mi6exidCbyMC4llyRJqayg4VbZwu0H5y1XVzfwxMxjy2prJAx0FycPZxhs4ad+4ZeGlC0M9tpirUId1leL7bHUXJzfR+JE+XXGjcMzTwkrCSRnq/H0qK7Xdyl+R3D/Oiwx6PaM69FvZ8zFLvUDK+e5WSQ1nb+3APO6sb3q5vNOiGi0+nN2oklVNmwhvdSNNruA5LmGUhvT7OJE3il/Vxo9dVX+nrtBZauV9axC//wDTFPqRoY91ddGMFjXi3Ozio4MYr8L4yeT1xe3iwxPWVto4esJUk6Sp12jzYsUiFCl77LOc0GWU+qD7DO4yk6FP3tDjc7oDprqx5gwRcb9r6SaIsXR7w0YZwZ2DoMaITLmHDpdXKVuTWk2nNsB0EkUwg9aJm+ltXGew1lx72Q7DE+cz7QZ5tcPGIBtKrPLGRFpw7Ldyj8SJrr6wb6dZw6SJCuBFP2rg1z6a/Nip1bkINmFuXEnOna3eaawyMqhIPWtb37Ap7o90bfs6tMJEcw8GtaPI3ZJ9zd1quaff+MqE7I/bvnDCu0mm2E0to8bg7bTR4x2MICrhiC+w9vaksDuws0bmnNw/kvMcd1oNnUyGQLBuuRQNotgGt/MRBV4eDCMGa+FmFVrsFe1W0RBCAJnfIYOAnAOwJHOIOb4DF5UIgiAOsNwAxb3IX5BwGu4KVZNiVhHFABqalTXv4jBjIOw/ijoA78hXIBaB3QoAgAJsr4hUeRQCsclKBBY5AABC78CIY7AQAzQLzDvbJAVGUBx5WdC11gjiEK8BBbGCfIkhsF40f8LyPxi9OsAnsUwGyqsDxU2AGKwJAagKCGlYVcknkNQSF5lzP4XoQDNiH+OzDBs8+ZNgHAkgn2Mc5R33QAIczBbsEdA0GwAH2YbioDzw3ch/2cQeujcOBW3AcEWfxcB7c8QD7uAJePcE+VJDCPuDcxBr2Aceh5by4d9GcItgHGtgCRLtBffA8ePbhwD72zz72qon64FAfNWwL+6gx1Icsys8+NrAP+9mHayNaT7AMg6MBh4kTa3jcQtqyiA4yPFNhWxOo1sGC0+Qf8Lk71EYQOYyHz2NgmwK14Tigozb8ljuqImrjWiaQgMqTkKAQHcIqBWS8JeR6wAMkI+skij48ZgDBPF8ThgxwFgj4OUclFXBhez7gp5zPodBUIDZ5sAd8rgEkK2fA5YcLV8uAcwEnwUGYuTzBZhwhAl6ANMH15phmWwrRQRzAeXCYwOIsuQOEYgkudwMsl8P/t4XOTXwD/IrBcg5ElhDBHi0Z4y4mAJ3gCn3HR3BMnHqPPXUOYqi7/B63AijUbk6DS0ade4eweqKNcoSO7yUmpD1SuKvNatjBf6xTQ524SQLXpgO3nI2aE8uN+eMA6zTrql62/mknsM7GuB3nBXiNWgDObwfDLI/Eg/Efsk2weby1G0/NyVy+uOCqIrW94Ahyc9Cf4h450vctT4P15u5qcD7aXCKMM+n0sHyzmCwc+DgdlbibunyfuMDha+vw0no0bW6hyZESqPQl+1ALqPODCn1uOwedrhsTOPa0d8f5uxtCZ4kT1DbJuczLJbBp+oq7V1ef8eMIqk59doEo0SWWC9U5ehA5EbOabJTQhZKUKD9E+F1d2n3O5SeBz8o4WfbbYDhvb9Yqn7bxfRIyAeTsVpH47brHrASYatcPWzIyY2Qs0IxPWdhEFiMGgBKxQT9j/MXYVY/zPW4uR0XNOUp0smB89A+zpbha5xaMOWBcDh5yS6R++GhH08apxjMvGmPauYr4myphr9Uk/sho+urDp2jlaJgTbymbu0aQD2YRnfNtZm7D0pqDKDDixIH06uiI/LA6I0wZ7pT+sbQP1wqjVleBi1krDaXtR3OfJOXJcpUoIfcC8IHsKEG/8Yb15qiahRvILS1jywXEmUW2iOesc9Xtjo2jUbmXwDWwdEt7ni+66u7V+MRUd6iCkMEWasqf9hhniGvfOiYIhGSjkY0uIBGRou16rMQdMByZ5zetMalip0JCSst6dMHKh8umgUzmxbv2AAqcUTysrdLfbFU7kbEpEag/X+PgAqfcXDglE1b/S7iu5Gxw5w4zXMe3XFBZCRkqEz+rZj8XAVqbYOY2rIrkpbmWmgNX2mxxaGWF1z2TnmXY0s3V1NC2bVNZUJCEDrBKFG+sASxQXh9NAieyxaFu8wAi7C2+36Z9TkGtyE23rSIfOg1aEQxE0wQUdasgLdLAuW1MdwP1DpebaFUkyxaKTAeKtpwwJwFHToYqCVk6Ayoi/iKDXSBY4AbNTMHLSITAHtbfJ0rMQmGDVVx9sKYDBtdDDkqmLDIkZtfYSTe4m8wz1iwG3j6AxdOTT/IDi9N+p2ngsFamdqFjqW+ByN0ZWYPWnhuvtH9XHizCNislH07bM7vcIhfqxElNmPvikNnRv+FrlgvRva5mEp9vI7TrYbPuQsfZOydVSM9XFCi9DqKBXbYdpEJ7rPZh5tzCrJkVUrn2dnvZDXJ/PiEOXGUV4K0WjifjFOzOFQtIcN7u7/XtsW8ytlYhC3kaj9llTHZNW2DTYPs4WqKhf9txJ+YRQliSm+1WODB8XxhsxG7O+0lfmpUpYb0CNx+k2pBQ5QKpPbbmlr/wWEW6Oxwt98rta2mOF9oeQcJZklqHD34kKFHcL0xT0mUItfhi3c80k7R1DlGGcd/ip5CChmpX5hqtvxannbNI6A13x18cC5rfs0yRxVARk2tMmrdxMfJcggSMzAs23R86WZWuKOQC7SE0ni9Yx+X7sWMj857QwzxlT4C9bWUkwFuImgQFO/Ez0sJmvO5VDn6iDnErSH2yAhrHXSWSWfJNdXGG1D4K1bZZBKrYZEn9oKFMTUqYYlnbhuvDiBJ7aqZgmneXk0HGj82aMTgSdjnx24iLjifHyIF0IPzCYyMIbga18psOC25SJmOtfArTxkwhYMA2xXbpVX2cg/0BWv7BP135DcWBg9Zv7O3ok9y5yQTCxFqa7A9bA9fAJJQbv4/PWNrVi6Qs4XaIkEmm6KLBT7dWvko5grN16jUnCmIQLdikEkUTTJNb7O0SRjgvIstkwVmT24EoGTIsDtubQrpdEYwQEXVLU7AgtjVIN49tHi4FbaOmrql3TUBlmUjNz/5wyNV9mcsgOE0u7SRcsXOSULgYOeyEIqtgWwa3gbihuD/DdsXF1UkIRCiqiOH8YaGx7ZQ7cjKcBq/NECKpXGxdU36EOaQ+V5yBoz3siMBUsKuk2E2GC8lNgYl42vqnEMFstwIyN+/X6nQrFNPL25tACc3e4KNlyoEvRtVj1Mh2lfq5djnOEZJeF9p0O4W42JdRLwXtvPNHIxyZeSKiYY4BC11ESQ/mixYSIbHxCDtrzvp01fgO7+MT5wz7cRKBtO0bJD9xiEFXxK+XgzMZTHzT7zcVIHMotefOsdqRGdUj1wRuUWTnTs/uRQLBy3nvnTB12rcNVAS9ih32RyY6eSxlIlv/0Kn9WLRZ70tepCidxuzI1FRrSKv7A3/QZ7IF3SggHDNC43uaAKZs+kXZlVoIjGPCEWstr2nnYsZt4yE6eRBZqnwaoUhjPPp3amO721Pq0QJ2HUC+n4Pp7q0+dIKFYzxgqzMSkhpSWL+NDW6EKDQ/ZD3qCGdxch+Fmuk85nB1TsbWaRLhDEirhDbvodeIKD3XI+Qy7NAKkxky2fQa8u22F0AJInThGvYguMgnJMJDox/obUc2Ew9mOR+y1aZOfezGWbJJ7qcegtdFXelz0nqtprUsxW/oHVPKN2gj3M6IYyRBHpIJmxh2g3HnxlAeEvwIUXrNXXsiQD5gQnuJm1HxNZJ7VtjYLEb1EBjr8f3ERt55p2fanhxwLysfIW0GfK7PgWqm535/SiRcyMeT+K+FTH7Xh3/ZqWt2Zgug5gvYy06sdB5c3g2QLbpmIQjIuT045yY8x6A9PFjGzvTkq7LkPPBzTn2E08FFgqFCGwvdYvsevNTmICDc5EKk34Ad94wxsPvoTjbQX+KFC3q2RD+mk9laBXdylJowd7COyjHQ87mfZWP3OMun027qKSQIoiXU860Aj/U2XB4I5Y6Nplvc9n4lRA4M3EMSOg5Ko8wtm7ayWg6iWnPPks4bG6kkO+5lbnNG+gGxSGWhBwd57Z+W5UYGrrB5MI6xx6gY4pza1zoSKgwiz6oXMH6ssdUfWdUSJoTJrhbGOLujbSIRt1qTznJ3NfXeMl3g8asl0gI7baxMsE2c75upjZA5OUVotbcPjYCjYrXKrhaTLgJwzHbpSF/PIsPU2wb6Gthmvwln4xaZY7ZdhWWl+lkGooCohmT9MiyIzsTWOZVNsg2lKMAIF0yqQeHRqo8e0nMI863UbhM2WRhARp7n3r/0iHgQIcf3sLkfc0jXabfrLxfHY04XBTkID+KwD3iFBxA7oyWoEwxBx6xnLE7SzzN0MyVGCg+GjMiYxmO0JfbbaA898enA7ZHLli1sQ2EMdsWvkNvbklUvLLVjz/uRuA+1FCCnUaLlwd3CvjfXmHXvQZvj9wddQhuQHccpyJnYPGTH8wMq+UaWMhE6nm2dnlCoSqEwh4GwHHk70kbfqJU1WeCslTiJQitc2pXEPmnNckAk35xZaTxjQ550gD802KE6b8lBOJXX84HmaGU88+QmdWVLrFgsdZgHmtadak3dJukpOMfMDl8fKWv0EFxa7uUxlRVGX27hNcRjQjg3Z3ZF+mDVVQgN0SMHM5bCQlGVHKhqYIv2mDGDS4lhZ27l1HtEDTJS7rUWckPl/g0L/d/z0ToknrK6m65nSr1BZ5sTD/9Kh+vEJ5YJgYvlg70vByKFXg5Z4PkqCh2eShIdUAzi+8OTqM8DavH9wYIHyrNu1r24zxaYljBaM5zmB+jVCSE01Kyijfg2RQFGRzmWftJsOGs820gqKhRBTDORQW7ZFbvvr3sNAk0F45A6u4IHct3APlnWqj0/9qgwyXDiMAhlVPSREZctpu/iqO5uDC6Hp07DVQiMCkD0hlLtYi0+0sgeu5U5ntq+k6kFSTn9UHykPy+nA7b4Se+HzCwpuGxPcDoSV01N64QhROZsj6ot5LypL06obszDvbNyM+CAkiuqodBn7e4N83AfaGm8m+mxJCzD5LiFq3kGOilb0HBVHxANtk3tXtERrI0NvdADIp3C3LGg2wwUC+GQJR3PuokWYRimMaOH5+rhkRZvGYMGdhSQZbvHmP3eJ04hs6vG6pgbuOLygQxtjYnYxzLnc6R5AUW2qTIc8eDATTwWThIwO47ZEiQOhQmFv6WUSSiLCNaGGSYNnHFLBHoN/LEaRkpEQzifdvjWKkdqgA/GNhD6yyKKZxxP7Xk8QERFnsxSXlVPgJRwdRAAw+I3SFWd9LQ5kG2F08dUNoUH1fgn5WXAeked4/PrHPGbVUzFPCG8cZlotkWMIkpkTNo4cLmIHyD4vYHhMcu+V69Mz0w0wywPf8Cc9J4Fuz48Jme6h24DUhG7mVxGOR4NWsJyh7sJKZjAAtz1oiG3TCOJG36SodVQbfFx3ynVkdoNWIoT2jbV3W0yIW92B2XctDiFINItMp4hfQ9o5kQRk74dqe520oOtW0uMKpp8DitCbxWSPr2EC5ofMor1bXlA7/mS6Fzfxwl6XUFdl/suX/NUgIgGhPmhJa0p3RlJfS3j5WjIKJaAjwQ4GxG1L6eDdYVYAC70KwKIpUBUj/3GYbVtwiYxtN/QZQmoowS53uIQWdj54dEFS7BZyryo5zaPfG+T8ellkouDzdlgLCawA3LeTofxkKmdSgZqoK7S9mgEFDuogAUbuOgTYBidxdJLM0pkKoZMz5VecKXCcxkYgZiUUAo4badtaIFG0M85FjyaHkMfL6a2N5hmgmbWpHQgqeAsYqk7NkezMrszlOh2lqFQME0KcdgOG4QcMsffFLPvnqE1yu6byyMyjDSib5v5LkC9ghCQh6LOlgih83xud7uxAAOLxLejz5tQy8Qps9IJEgB6d61wqy9XfRjHQ2jKa3/dZ+HWTWegX204eQhArrgtDMo9tC/J2pxIPQzxrFyT/HYALHeHqIoEYngs1vWu7s7xxpsvRDWPY0hkWp5NOlwiJ7iO7COxHMolW+Yyzterxu7h4whVmaTNpbEgJpAHwGRFhaJpbWs9tn3LGMz2th3as1QaE3c5J+qglYMEZIprtM0F8tMVt1h9cakcAaFohyIZxc5WJAJISxSsCHpA5csDrWBYUTygxJt72KFlSh9GcT7bO5wuuImjm1N788AASLDLZ1I+ScXpUMjt3PahqYi3M6ENEGLufGcWgQX15OLzywktOQjtHYXVGz3esZRMkmXGBKBWKF+YoT7lCuCt8cN0sl0o7s6X7BweyLwxxuzMWDJ0MwLrTNUKis1T1/NaEuyeSJALi8zXeNdBtSHW1VFygRjrU89P4A5Cfrl4K1EwfXC2b9Zxt6WOG45CL7Mq5kgPYOEOmxhLD0DlDoA/piEBH/l4jGQK1pNtLR3UQml4woHu7JA22VJCLiRg5M7KIVqPm71uyr2zY7DOPczkRtJ6AhwBeQGZykJmHhKwiFU6nCOkPaLlULub8/Z6BFtvUzgbvJIwLmqGWpTQmxlVwPYsaBKFz/GzjUwZsSbr8SGilz321WMHadrj/L2goJRoE6k/ikUyUQIGps46LaZc0CukfjhHxQgmWC5h7ZrJcM3hQDkIYmAofZ0oFwrThRswH42cZxLZucwj5AbeUD0M6QhobZ1ctrQuZrKZ7CNydhZtUqJlth67+xhSbgh4QXPvjjBbAlJk/P1ihaJXXO+iUmdmD7XAQQpmqhKOCXB3aYhisZYNoNG1+N7Q5t107ioOWpxgg410RxSjaZ9EaPjpkm3NKwRsC1yUtnm9Qee3Z4NM4VhduVqDy2DMBtepEqKW6TIrJhQvGoCS3q5ZJZ8KjwXM43hksQET5vtotGQ58Lmw7hqDjuAKFXPNIcl98qBUIbtc5st5uhxH/6Qx51m3ct5OR/XcB4OA3t7wYp3dkD1K2eWSno7sXVMwIpx7ofe3eQXkyVyQt0QStYxeCKl7J8AkfQOqwyERE6LrWMq/cdQKSHHnq2ARzhqLa3tIBwGi1ohQ9E1JyhSwpEuepEFur51uN5HtikAIi3jy0JsgDahHt6XPIt9eDHNfI7tm1m6eYydMfMgTRFVL411sj6vBFbqDV62+9M1K46ugzDoyigW9PezQmwq5vXLGEciuieEv76gUoV4L4WTP9ZCfqutdsWXKyoYrS112tAZ9tQBwl3IbaBZAr6l4USd0D7owXDZ3Ex/30ZHcuOlDvrW7FWgXZhNsVwg3cnni6VLHuIQ7rpN+j5DOOUmrZgItg36iRlzv+R6kgK+J3VljjtGa7su4df0sq6WHs0ESM4TQc1Wi3TZmePj0FIhNGd4PZ/vEJrA/7oJBi4FcvG5ygEgEpbtCvj2juLtdFgj9A7pg+OYUMbcg7rooPpeQmozWy8OccLkyAVpxb5dzFjroNQ69A+6JcBdMaAjqlsA1pjlD6lACesnmqocN31TGWbhZ68W3VveoYPuEpaGFuW9tLBAoKLMpuPHpg6Bzsyd2l0jvt9y5TM0b4VsTL7FEc4EKERqSJT9fziFmHy6dK6U+diHCfZAWxcQHxvYC1+sBmI62zgftur1r9D0LuVgbFkOQNCcAhaCCSdEAq+/n/T0WtPNj6PlhPMPal5hlwd6igVlthYT3qxMeW1IS7x11XeJIbqHwDZMAVhQlIuVJcHEVr0jtrPXXrVI29eWixBpZW6U/gVsLcRuS/wKChPZm7GVztZHLZNPbU3s88Z5Z1GUxgFWOoNkSSDoVd5sZC2LxtN2nmjJBOUyI2460dl0/707QZhtAFe4iv0lpnlH4VDpkYjxx6zG3kYOLjNDJy9WHjqFXHNzGmCCcsQSLJ4KqSH1D3Kgtw54cI9vFjs9XtVmFqy6eRRpahTG68nuemwN6aFwqPOyoY5X2dFOzDNEfGn2uNf6gnxjrdI2hhDI0a4Fa4MM74XCXQDnIka0r+Wjju0e5Yjl1r3cg0nFkX3aZJU/UYRG24PTolq2FAzPGm6UDGUScukxeARad2K51CNtiNkeWqsIAv14P4TWzMKNoWW+NLozMrzLaFEEK0Uxl/5muobk1n8t961m6RW1gSYyKF6k9He93TB8fF90xpUY1N1Kri+TBZx09ks8gQO5r+Kx6XQesQPgOb3svTRSCkrI+DofJjIFWHm65TAXqXXyoy4loNLV8nE9+xl112USIEsFK6iGfWPZAKcR9IvzurBcDeoXoskYgRELlIx9JVVYbqnHJYnZcBAy6rZDbzCRpiLSkT/eu+ZA5BCfD0Sw1S9Lq0wPcaJp8sHEPceOdclUvMxnjKh+2ji7KbcJ4eo5QOmzE4xIyetuLkgZ0oJSJAoxLIak81tHXnAFrKJer5dyeIZS0dwTShfaf0+Ly4HRVr6b6KS9cm83S9LG0zpIZLaPfPCa+X/GLV0INTQXYDULjC/FgI58yXK4b6ro1Uj+S70YZJrfcxEsIHBg1qDSLyMcTd3BWbr9pjaNnUGSPRek52DfEhcEvVXcExhTvZTWwTJXAzsw5bO2HQrKRuvMK7+F3o+h3nvE4iNcaRHe7AzdhMDXl9UJjY4Sut9M5b0cTTFdGx5rf2AR5vkwDRAJptkZ+P0nRmUdQQKIyjaNwhsCo+s5k6eVmDeOVzBneKmVXuLnBSQYZk8X9vRnpaosNMW769aOGHrE0xrlEswsdb3wCh1jTlYFgHzdNC2JkB0Y9xVvaxRz4LEW471aevd7Xwy7fEI89o2aIyemi1SLYhg8vK+YtcRL6nlIePj5cEkZv9sWWlG5X6NtwUS1dh7Z5hM1FWzwO7G09eWjcpceJZb9cdXYudrRkDfiZkPfpUds/icElqhs5Wo456P01En9tHK+Lts+VQZQfGlT/NblBGqJgHjhJVqlJoPdCtE463t3AUVoVE7TINkZX5lbsuyhAEru/OSTUdJJQCNYObMrni6BI68RbilxCjqaQtBaEaJ6dtr1Vzb682lUyaI/uGD+jCSdNNNAi6ZqreyhuJ+W+af1rYGan+FBQyHtz7LNq9CY7bC6mx0m6enIFSWTDVtg75l2ajkBh5drvdYJJb/5BT9RT1vDH7JGJTdQenH2RjCkRXTPCgQhAra5RJv6OGAnPcScw34fofBfKHCi3MkJBhF2bi1K9k/nHQ6zcSuX5moshyziTpEBqRn4JV7B9ujpbJ9asNn8mDBwvk0vs4eMKuVQnzUZpLbeKCDSntTXQcbfIdIrj4aie1M3jyNTyDj/KtHyH2CJn9yx09vL9cYzMJp8PUb3oizXWZ4dbzOhIXNUgjyMzz2eV3JnXmBY2WPK02o/cZcvlDhYVoU4P+McDZ0vQzemKAbofjRiQVk22XaEVEnk1ihIp4iRqaxTJOPJXQ88XXt22y7K9WVIqqnnnN+ieKsKKt9thnnkk/nla4JtOvnE7Pm/Jg2ic4G2uPTB1nYNgPHD1yp4lzb8Pcb/oPUpSSy2uwap+fGw5GsjQleSOh9srumW7nnHc03ygqq8E+j/iC0Tsj18ggij3Zwnz1E++P/Snffv5a9OFT8b8J2P+8/l8Pp8///PJmP9kzH8y5j8Z85+M+U/G/Cdj/pMx/8mY/2TMfzLmPxnzn4z5T8b8J2P+kzH/yZj/730+GfOfjPlPxvwnY/4P+nwy5j8Z85+M+U/G/Cdj/pMx/8mY/2TMfzLmPxnzn4z5T8b8J2P+kzH/yZj/ZMx/MuY/GfOfjPk/NWP+l5/M/U/KmP8dv8f0yZj/ZMx/Pp/P5/PHfD4Z85+M+U/G/Cdj/pMx/8mY/2TMfzLmPxnzn4z5T8b8J2P+kzH/yZj/ZMx/MuY/GfP/vc8nY/6TMf/JmP9kzP9Bn0/G/Cdj/pMx/8mY/2TMfzLmPxnzn4z5T8b8J2P+kzH/yZj/ZMx/MuY/GfOfjPlPxvwnY/6TMf+nZsxT2P/oHvNY9dfHRVV3Acc2asxJvhRafyV/kx+fpXlmvy+7fiy6vGujRvxWyj3T4FFC+zOF/VudQ4fS3gUcFlbZOC52uaJOovvYwaJivDTvu9lcjifU/G/0+yr47o4wv3t+XixfFy2c7neN0GXw/b1vzZ5XX+1e80OT+oFrP2Hk0N37JPtH3y54E2uM+jwb/0FF6udi0GdNNJaPHwfyx38Hgvzn34H4xkFE9Kkox8y+Rs/JT310/ZFbQxGl3fQmZ95Ew/A+H+psTIr3xblrxzfDoZ4muahPvi7R7SgeuuY+ZuBbMWpUNs3X9ynarkXCNYx9V2fffcmCJrbE80sWrzv+e6EQf9C3WH61JqkN9psFiZM/WZE4/qd9iYX6DQPBPS1Hp4/K5l//OsvPv6vy26+m/PzbK7/9rsrwQPG1GYoLwZuKToQLR8X+fE9WrIyUI5YI3eNApmS60KS20I/kApFCBSaNZ9f0kpSqkl5D5diZtrpqpZpHsncNiQL7uk4vTZNiu0cmYKXGg0kVtOX5V3KXyJ8H097dY4Ju1Iq6qGRRGOs8Badjp8oWq9YYrC8S1gpyfaFmvdIwnQfkoRIJbbUwVQA59LVyTdQWnacobQ2IZ9mqfl8fjgPMeq2h43f1VOxQ5ateBc/6z37WnfCrdtMP9XjYT9OVqhxeY3li1VLDtSpfjnVQHtafjn82eAqHc8CsVaQPlQbdQws+C/5VaOzaHT6bgs9aUN9aSeHWqqI5z4cqIJ9jcuqvOrNmg6/+Ztgf+a0OCpkk6HjXq2TW0XyXr/5EEtZfvz07+VaH/6U/zIe8Ci/NEEM+pURxTWX3784J9jvBfmjU7lABWq+OguaocJwajvqENJ7gOeSzuMAxQl7lrzlD8Kg5qK6LxkBoy2sMkOaUXoloHATk7aRVyXOchlOvaB5wjKQuBMtrzu4C+QPv5/C+OL3mCp9XaZCnIv3qw4X3G/gc667BMT77sBE9YN2Sog3BXdHYXuP30NjzZ901wF5jBq9+eWrRqvqrbNbX+lVPqAld+k4O2rSLTsdGLbfICy11KnCGbSJLWMRzNZRwHc0GjgTSBHLaRiNQSTgbONIc01Y420pEs8XeIyT0VYXUUJdfZlPtnhQ2BJFEUgz/oDQluC5YM5r1AUkslATDpmYoWauBqGpDqgouXD35XYd1jOcsg7u+AgJKEgXbQWrmE+QAOqctxCU4Dn0NnlzR0OzX/LlSkAShIxwzpFgAxwylrrKe/WnOk7qLtsD6wotzv57r75OuJzXHpPWG0MHK8BQ28YWtQ17NA2K+Jjy+pP7cQHo26cWDWuNYQy3yom8F4DjqSXtyGs7bQVoD0UXEnvSCUq6v7tecSU1A4xdf9EBjdzUk1TSaC5wnoilahRTkOgX5AuuBJ+d1VO9Fm3ddJBn1DOebP2leotVUCM/xCDltPOmsImmbvuppT+l99rU8V0CJNA6SSBX2pZGv1YJWKZSNFw1X/blyocQLkM/ihGhN6s5TRqCmcHHt+UwN3q8p/dWGMBy0AlW48msKSuxLxoScePa5IL4A+vVMQOlr+Grv5NOTlyUFtUVOv9rDeSC+ViqUo/zdZwI1n/sqq1Q4JjQXioB0XV59JoSOVjHsUxcA+e4TymNAvtpDDwZprQrJtEXocKaI/oZjvdvn2Ks97H+t8Xd7Emph8nU/wAwn+e75E+LxbDhgfa2HHNecMHIc9dsqr9QXXR2NRKsbygkO1x6S7+nbOuMEpJWRtvlFK9tPDfOuK87ftIb40rivujOcP4bGoiJav+SKfsmgu8I1lb/mgPr7qvfL2KLvrCEZyQ0W2urDLIMqk0XGfFla5IL/iNPoP+qbwNu/0T+iqO1vURRJ/BZEfZX94RjqC/P+AII3DXwsl5aPHxDU5nbvxichvjvL38dnC0Qy2OQcJT+2KLLmkSEs9febDleUU/STp6E+/zo8+QBgBZy+zj/pBQIxgKP/OfovEDBDqqJz4ocS4lnIMs/CVwXw3TnzrPa6u/3h7nuIzzRjNMofRw6LX/P+TfGTgF+lv0KjUGLGf+5RRG/omUCZy/o/RgiZL5YvXz/o9lsRJJjtT2Twz8LxxPbjiP1+/m2YHx0xmvmJCtlQv+UfgRFf2ucPZ+GXbPyh+wl8HLCfOGBSMEHH5XtHCTlP39V7OgOEV6G+nrDkW93KQrCGgCb55aihYxOsWq39qj34vu701d/30FJdXQhbdvKx/M58KlyRyvmrzs8hZBXLzXQ47fBYdln14hGhTz9C2SrfNEAwgLYhbPEqdYHHyasaCC2eDgS8FvFXubjA8Sx+jT1hJryeX+WFrzkpqv90mOznuJ/1aVj/nzhe0yMhw9bMn1FM4aer9/vF//2uFn+EVsZ+varJv223/7PYgPzZJiHfYYP/FONPbKIL0gxtPFyf19h/apGd9VAk/pcBis0Xhv0S3Z9g2l9Axr8FUJC/NT7/ocH6YYz6EfT9E60kCKmUyVexVDa/dN2mX5XeoAOWvO9jP4Mgm+fnvwZB/mlY/0sf/NOw/lfFX71M+J8K9JO/A1/+rwIn+q/Aif5zcEI8//4pOPkXYkVO/ooYLxStre4TrEBAgWI9hP46nw1RQ8d3HQRSUDRSw1/jEyl0RHE1TQjeZeCrzuvcKQTY71efr6P9BC2wLfedv69WuqNSWh3KP40ePmv9HJroQ3QCP6VACKn5gifPSAzuPOPJNW28Y8zaKr3itQLAv+LE2ppQX3HOZ0QS3tcdC9OecVMUX1XfZd6rbVW/ox/gHcXIESxDkTHsFTFDUSwA79c0hIbw+eIT3v1yH0WGVkC+Yt3W9IzSQWqjSMn72bTzijwuKIKiecErAuRqr8gMimChiGYl3rX1OVf8RV0Vf0cpKTjfRX/Ffb/Vf7ZBUSUPRYdQnH3VX9FLOK4jihKhiCb+ilJpaP7ouZiO5gPHrP0SdaqpVx0w6fUzekUZz6giimghWiLa18QrWkuRELa+7jk1/ubLa048NWvOMzoFx+Si6ON0gPDwGaVDfBHQeAGa47ud+oqG8dT6Gq+IIo3Eq92ThyjiROuvOvQvvIB9wHP6FXW2ph/vWyiWjn3XB4rwva81Whe1Z3TL+OU52qw/3zdAelTW8o6wLnAOy6stmN5lcG5H7VlPANgv88ae/U2vlYXmna+vduL8njelP6Og6P3IMyL7RWfUDtdfUdQXL5xn1BP7jl8obg9dC+sdfaxR1BqHdEPyj/hMPaOwKELnJMs7uk29o9uQdtaCIqiv6B/1jla+I+OV9pYLi9alq/6NnyhSXNM6Hjyjudpbjl78RPRWl7ccvPiJouariH3HT9TuV/xE7X7g5+vdxS9rK/g1P7+7/8XPZx/k890HihjzX8/R31HOnPoqg22wFw9U7PVOCY6xUqd32+mLZnDNr843HqN3M/CZ4ftdy9d4g+c93UZR8q93XfkruvqKjM+vqCtaf/WM9JJho+jx92vkRVNDCt7PSJ/R3CedXzxGZf5TV6yp8GoXvN85JfOT18816b70yVM2n5Fj+qmnym/rXRfct+7T3lF48fkmQUOReaf+jvfvd0Mo2s2jCPtbBz51wS+y84zwGk8e5W8dWVMvPrnkVwT4dd+9a6/6xOv6V++g3Ke8U4bz0omw/nttul96eX3p4a91gtpZ9Ht9zYZgvenhEpDXr3pCvrznRkCdhv+yXl/9kXrV+C/5qdeXHgUkmhPkJZJJ/PkW43VNPyPw73nA+iR6d4neJjzX4Nf955sttL5Q2+B7/mJPXjbBFy9/fxT83+sE0/TfmB8D5AxO/CS69RNfYvNngUf2Ax4/4PEDHj/g8QMeP+DxAx4/4PEDHv8jweMWZ/7jwCP1f9tr0Q94/IDHD3j8gMcPePyAxw94/IDH/2PAI/OfF3mkfsdv9PwfmRb5R0SKqd/yC/vJF9K2P0k72fxZaSfUb79QGPUxLPh/EkhTONn/9z+Wfz8y683BX603jhUx8AdlwjOb3/BvQ/2Ef//WH8WiNj9ZcP84Fx5lXf31nVSFMtS+y6vCfp28tr3Of/lH2fO/Owvun3X0X8rE+xeeF0RQdue/8U13T/958trfSXX713PangL/bvTL9Vu0t3+MuJLEj9mZxE9k9d+a4Ub9GSlN/3m/36ah/wSVf+2VWRpVi37ipFuxRrS8I9UaM2tTUz3TbaawJw9tbtm2D/UsyCe1q+piT/MbnLpcJUYzgd9QakTmpj4GaAc9gqNihmEe/JkJioqYTolQ5M9ffFPBOEmFOvR4dljWXW3m1i5UoySpikQMVow1HbR9fXvfuJlUhxfPPyoz2lB5b/b7/n679KyqDGgbBzitavPa0QPtWYJ2DlFLA+1nI124Il3RFhVbR9v3WrSbH5neqM3ccV47ENPI36PiFDF4Hz4OdGs7bWJYIQ/Ze7nklDgDCpMrtFMEl3HGZdejLWcuF20ywk2KNpA+7vzL/oDGqbV6UjMqnm/lLY12xcnwQEoZxwsZXzukcXBTWB1tY3T172jjxDury1JCh9f4jH4CxQjQlhhnm0DTmTJ1WEWGn67tQM/2vJNsD2+th09u1+fPLnGebWPWkbFbVrBG7+4nbK2eldn1+URd9y1vEZF0y7nWefScGs3DxGuHYLlPGhhP6yXcHke0YZUH+735EitfpuauLrkx1mfWElyLde/xiHOVcsqp8iBwIa+1Bdd65rXg8YBEFN7eD9q+oYN1Ryimc9mhLSYx9DNH3FF9wMJulxdotyfgnZxNlhBHA49uzSLt9GT0HtVk7UNFStJbmB0E/VxRhzvaXavbbKvsJlK3FO1Xg5P2nciq+62SZ1JRR/rQVmq3P8iBREyBbtz29GS441he51oJANrHR9G7mEzO5wdFxwbjpgHa6kVP90tNkRi2c0XPupjRo4pHi7qA1peMZPJMSz77Z2DdMvFG1evy2GA+aXZ8+og2SXeQ2lx77jmUdTsbI9GuzCLZ71V/YY+gtdHmnspghn3tZT1biJaVnCzsNLuad2qNDCyiFm9brKhC93qcg5eU5rvIPtmSa7hr097NqSZ9Qa/RNmLxw7mIXlQI007IzwK2oRVbWOxJOs/MjY7JvVYWW2PI17A3z4vk9PpNy7br+RFM5/Fau72v5IYf28Nh392mWPJXC21tc+08VTPjw2Ck/Ip2oaFywOm7Qio89NsD+O0MBgXtmNwpsXAse1tZtgD9ega54QxzF/s6aOJSXeXl2KGFXWrauZOMXWrZKuvfCU+/FBGX8rMKXelDN1bDEiy7GHe2bPQU+/Jm3NyhQRvjuHERh7t9PAmcL8RKI418V0Xl0cEKqqtN93C/bONDoVcmBxQJCrU9g7ybhebk1tBOykTOnepdShaxP0tnXGdZMBAFQ6Ujbpx4Puj5Ku5VVu0PeNBLQrvmPnsbbL+wz/FseIs0e4HF9GuZlntWP/RSamOGtI7GOFeAURqtuWj3fo1CyaKJZjKugdrTitHMzpWTmdY/3h3iehEO/IG4+YMiDCC4V3JLF3k0nE7pxsrTwtzt+POcAFDLOi7dfbtMncf+Ouxm7jzRvXf2uUfS48foirbzua9SI1hm0rdoi64NG3teIDoSsBir8CyBcy5dxklUOQHS2KwrL8sTmcx9eRs6Rtp0dYg2ayQcnd/l0sgMO0VocAGuFMOZkO3jjgbi2dbqNhU/69GSHZ3sMdlNlu3TIkDb19RlHpcb/A72yWBshZEqOOHOjWupgqNFiw7peW4HunPeTgCLBzlFe2ti/qhfgrbtBB2ndtHAAJIstzHUdtBwSLvQ6dx9OXOhLFn10mt1Xhs92OF9YG7AY0denfLEC7P0OJpaWsHF3lIERsp8Yuy1zlvLXgZj3xw9IAXOLd3sko3Bq3dToeIDZyqbgo6pc4HFWznwdDcfjWGr31lkBnKNGTrr1N1MbPv8QVDvGDUclSXbzXqL4hO/ULf81s3+ABRbuXAH2bh3+sbf9fw1WrELuaHcYK+64k6S6cwSJmO2grS2VLNuHu65T3cPGaPwPJ4qcjwND8dqGCsSG9Op83bGC+PW4Mqd5OaDSEf38Ch0t94BlTGJpFrPHa4Gm3Yto06ro3a3OHpb7CNREolm1ytDcDjGatJuyJKe8ms5l3qzvezvE3QXbmNMZeMkK17sFXKrd8NNPvP+jRUA+bg+eBJpOx+0mzHjNb6MzV3jo32HmHF49Fn88AkSbfS+hR1n/IoEoxq5/mQeOW4woW2u5e4Q+aKOy9POzR1ewA9uN953vHLFFPe4R+bPBdnRPXeJibXEhWHyCO32OCm9cWjXyfMaOcMvbm6DiSzlJSsfHfpFwPgqYuQ1bcJT5Ri5hfbJ5wL1Pi4KaTdV4zJeTI5WcFDaO6O3VRCpWr3bculD5fu9sHfypvQ7uxxGcumk4+Cszq1z85mfkb3M+eZRXLnn9s/cXlv3K+kn5zC+tkqDbEJxrpMugaZEbc47NeWMvTvikt0CzqbxpDywxd3x5cC5h4bOOKtXMYM8U4JnnNSoP/rI4vpo58IzcTtpxl1ums7HD16VbnqBn4UiOWlrzW/TGG9StUeG8PmzFhhq0wiFzGH7XMpT3QouM+UfGoPe18yGO0uZ+hgue/nISRtNKYu5Q68tliMheqCkX4BmIcNqZBKD9bxqF1Joq1S/O7PTKgg+MDJjGsh+e0gcMV3AKfzLawNq88Ftblu0qpnjxkIrf/WtoxfLs5UHlQuVpoN2TVsbbbwCzUBt/OFEZNRK6L2uKUdYIB03gwjZOql0tDWbPYv29z4g7cR7NKNnjySVqytPXoGwuK5nkouZqregw3fEUFURtVVqzbPsqZHp43yNMKBmW6bTvHSjtbVLjWnajfFJay32cBHGOc3j03gpyfM938aIhLyO8NW+vwU8r4l2Wda8aYsD7wYn97I/O+eG5/bFNegc6Q6NB3FvdreWZw9YPaeEFjuCGJPeRWL0jQE9lbJKT1UrktW6c3eHvaVHuioVaP+/lACVgDYDFC1gCNAKNL6yLwewpyyHDYVbYI+HHeHifKbm1wmkga0v81VljW25RcIXGtwtVDZE07DnWOKvy7lYxjb3tQvjcsWBKm/76+Fqsol723fLkcsheG1vATVsW8/Z27Zbn84Mi7DPvDPZG9SOj12MKd44Dial3Zbr5rEp9j2BB9XgQU2sIVCdtNSmvw3z7G0qTnooEIbTR2tmjnPkbWhzM6ynNaFzJsms49nU6GDzKEZqucAuT7Rv8dq+vneHQWEDtzoS6hUX9tlNlYK9N3sx3xHNZunlsnRTjxuJS3nxerRgpYK4T+P1hK9ttMl4o/GYCIqxtir1TSXsJXh4ezfDjhfjlD6mRrnfogpKvtduPJl1ZsuUnf1Q2P4Ja20r62+nG3JOTG/doTndN0f0Wwobr/cZnp/PMbEVB+6670FjSxhorbkHp8RB+utMMtENw6YK0kW+HWV63VSBlUPQMjlTGDZrb52oW9gEvptCY7MKJ/R7GvxxythIMMyx9Q8lUYeS3GBetenkMqyFsTGjq/UYJ+9STCBqC3xQvZvEH4IkpeztzetvYSStM30JDjeSGOE63qbXORwOtStmdY+JnlaXbXpEO4iiQVbB0iRFsh79feB0tDYSNnbhImqQXEeaw3rfB76CthAUjqS7yArGPvouvUC7N1ei5m3OdNm6Unj3tdY3Vt0RQ0PycbroQqxSb5v67m8jZxS39cIvUpRMfM6Y6i5GMi0Id7qhZGhNZLB18ltRkmjHTnA40hPBJ7Zlr0oHS7PO3Wyu+/mYDaPps961FjzqKCMtNLXJvd0uQaBm/t1j7weI2VSptWN2PaDtuW3f9WUN17soY277gyTRhlgxVC+RskuvhHyQPOXaXoYHMj8VmaM+a90xlGUfXFxp3gs7Ti7t7n6d58G3kl6R8JCZUbV8XpX9LdR2Endq2LzsknVqNfIUKMijwyhZRVsjnvbXMknncU+b05TaVINlKeWx14qyZjdC2lO6uKKTpanjHYj56ETsML1/H1zR494p88Df3cOnd5fVskLqJmYcpWRWBUHzldt9X0+nzEstb74Rs+JwQscgPQFFG9tu7XIidmsWrTz6YSdj0rSSeiyNes+KkA32fmnn92EqDmI6H+OzhPGWT22fP+TGYoy52+d6R6FQKjfrAnsCQXpVb/rFrluLqRrZynbXB806IgadJS2+Xc9ic91jvYajTQY79lEFhUoT8800Di87kSfXmLYn/3zrnCaONrxO7x/uUviQ3uConM7+hPs9dyLhSlp3BwLxUHvu49pJsiB2cAVrV64sCfm6R75OeRAdbuKoUaAs2E9VSAFR4UPoA/3SZnTL3FZyTqlKu7Bna1pK4YwN+CM5SHerOPHu0fNDE/PtKzVHZa/0YVLF6McXhJRlkXNciFNdRMcmLZu9YpBcjttMjR+0CWigsqz9Vd1zl0M9DlGmtVzJHwfOR7+nQXb8k4WcICYdl7XH8XS5li2JMDSakuXSkur7cGEOE6mUq4/bUs4CqiW6wAWzvD+IHmX0sCb6tZrq6Wxr7Byd2rECPX+bgJHLzTYE5R5cufUZQxAy07SV8DB7h9Q8Hu83Ywi5rF/uXVeP7RJC9umPx9Yx1IW9VOler/xMmI92fwWery4+vRZaVyktZk7D1pN3nuTMib1guKrKp35f6rOP4lTyTUBWCKlC6Ay3ggQdc6KlXUO46Fa+7Dc3bLrOLhHw96jmb4NUAkmRNIgdyq5IypvmifiIo+Wv0+aSe55Da15FG0l1m3ZVsLvMWtTuVQbsilkUVei6Ri1/GaUmMPaF0yz8dUMBnw2v3cVdxzONFSDyWAdteytSAbTCipT//+T91470SrMlCD5RARTBIHlJrbXmHbXWQfn0Tc/911/nnKquGcxMYxroDWwg88sgw93cxFpm7m7RwPWaunZeEWLzxVZJb2MuH9QSYjHfnx4GeMwMr6od/yxSUkSi+y11Ny72TXw0z89BuqZzAzWbP9kq/Z5TvGL9Dbo8z6vn6lhoLS/bHgY2SbJrVl4chtgKXCPb72B4bjUT6/QPCvIinIqb9CGyFdgkr0hLKydgrJ4T1jZMx2MIUhwAm5aLhaOwAGmkeVlKRSkREJKiU1ahKhAiT9JHYGU3F5VhC+RyVPSt/OY9mZn2ao17kSM5BRARGYn3ypWuNdD2NiNCLyXNC5KDs3k+QKe5IX2waIC5WexFlF2vTqLiC1bWmERw9p7S4eLKAKmFrWR/r9hYqB6t4vV5Zrj9HsuJfrPIGuS480M1dajSvvwm7okmGNCj50C97tumrOFCphwz2w/BXOaZtOlXVxtzmTKhLc4nfWP9lPxd57yLPbAKFH5uU2/TW9ezGVXUJdpjRniRjPUc6SZrqzw8F8x0KAR9kTy8fsX6a784I2bFdQI3iglou9EOu1OfJhGP7mNupfZpwohYBF/hC9skz27Bu7+7peEy4BF2AgNYPbc2401wg85nuaVmShSrzZx45L5wPoISckI41vnpYmpELVzt98S3Wgx07LgFOxbouvIB+7xAOM98SFZYPpoJ38oDd2rHoVKWRr5W/kWEqS325VorFpbtboQPWZndlkijio2V3DOyx31bQoosyGyet/Sjfdl/jtrpitfTGRFmgxt9D6CwmvUDyQnx0JlJj39UOcnqoFkjAWuZK7cmsQJUrzBC6KZRBRqvpPB60bUWwebay2kMsprnuqqxlyay3F9J1EVs+b5mVpdtCyrCK+nbgSAoCnFhgSRZceR0nN0zHPiafl3TAzdcKmRPEvqonIbx+4tQJf84eAoAv7x68qIGI/5QBUn+9RCCafQ51CsyLp9dU1GvovppiPqyY9JlWg0sobbSGXMV2eQfDxh3E0MgLNsKzlz0+uqHesEcjhMme6G/A/lmiIDikwn1k3vQj0AnseU+AWiGFuES5WF6vtG2vwqdJpUrdNVShJEQba6Xu3yDeqt2lXj5oMv/k+oaIkHeiCzFQeqrhYw3kPEhLUFGxGjimJ7e/BsfzGUjfWymtUYd5Y3oXs+lq2aW/npcAV6hmNIn2eM9TIoScdp+xBX+sslVgixEWKKfnBPm5OsVnAxZEiMXX0pqhOLKqtwTYChM08+aqwSBUKFkSi62nvBfAJwh3fUMGNxFzuD4Cd7OPxsy9ilMiufXhJp0fQm1k1A9S7mk+HtaWy4cfn85FN9jLQ0iKLoa3ktbhoYy2coJJJ9CehcwNQbuHxNcdl3Ga5d6X9o/Unw5P8JUjW/AZ1RSaUfa8fJgi8TPTg6JKXiIvxAviL+vqQJNh/oltTekHhMa0uTisADHI9rjvNvgJVvA0BxcTVn8vrCPW4iQrr54Ccxn4s/nO1pYPu2Eb8er/6mpuSfYXwAdPaGrPpwHk1oWF/qPgjHwfOdZZyArDTDFFwbLhV2JF8x5+Jhqsa6de3ycGE4d2hyErYb54EP9suzle5/irHrSBx2l6BE93fIg4XwVw+KIJzZMEeknK5fXXbLOSYSyfQ2IDKz4cDwEmFyRSDA66AmDZgWZvmz+d8CgySsDgN5ZFzv5De+aPPIXjhqOwxNOZltAgVmeU3K15o22y6mJC6TuS8SXojjfS9Va/Hfg1KNbLxsACU/aLK9/4tJV/8jUUNv9ApjCUX8MjhFSngbuEBRCHge4TkZTj2U2s80CFv0IhjUwNlWaw2QLTaGXlfoXlAQtJqoWwASA+xM5AVbysA9k9u5oOFIvWS/Y4QzM/+YT/iFHk8iyLFKPz20HInERp0+XejzhZNLg+b0dqQBmTv/d/v1pDXMeVjsiQhA3CU3XsFqWJUobJy7GPK1MNmn6eDk5yAdT+l7d7c4cPfFCtQEFscAhxSAM6vGxgfGV6G8K22cvdzvnepvGpFmD3PMRJWXlsUDve63/NWcuecjRyz83E2G7GmNEBMMhxEwc/4D1pJmLZ9sncTyESXwDgWE++7d8yboBRygqs5MANrua9IvPjun1BgYYCad9DlHYW3wsBixnvBKnd/QDo3OFtjuK07gTJzAqbCfT6umXMVEg1ePak+EDlJ6U/pE4jCLG5V6E9f3MLXpIxhWbjhXQdVmnwoXajUkKidD79v4NFqLiiSfYGwYMAHIhgvKTPR2yaHFFGtQnFjAh/WkikSM3d0CT9oOujy/1NMr2H0AbcdDwgF1+tj79HsTxsKH5fCP0cLMNtO5+jLEg6hnHrSUeEmsFrSuSAf56QOVE8Gz+yPqKYMg+ufmgBz/07tI1f+CYYHfSenE19THo/eOfoHkkTk7dn8fQcCY2lc33eTZi1AedWYAASvjkZggeX7bZ+fkBr+u3TxFUxb/U8QjOXQKQ3eUo+N5P46lDNrqcl8LDL28F46qWX/IMJjyOxxQH44b7LjDZ0gNI4UjRpxkspnnJLfzppzznOpySXrudrGmwBh4CPSTWjOqYw/ax/rFX1FC9dk/TPPzl5i3a26b+bv73/Rb+rUvlUWnXRx+EX6Z2E2gsXDzUrpal1S0jzfpIWqHDjEsxg+yuTG+yYzMrSq6gXgD/1JkD6YHCDdVO7Mj6/vOobQkxwQNiYYi/Ep19IrlhSMtGBOh3w9/18EqdFCOFykew6PVQzGOB5IjvCkzczWtG3Bn18e821whN3a2oBC/O9OvC0xEKcWykmgOdVtHf2dnDjr/s2AgLk3gAgE78wi/+YFB6FmJmkFf8RRqLxqCypz1eEpFuxOQ+puAxSfDG9TmQ/Zzx3QD1LKXy/upI98Jq6iysxcaEmrCrVnAbQv+Cd9Uo/QJc1Mbvuf6ddT60UFDy5F+eX8jhGn1WfAMwRGDnLCNBEo+EmXCv9O+FpitE9y+LITQuuTwR7mW0feEZ70QXGyfYWhb9vYYxHoMqUyYEY4eIBiUQl4MHp8ZUz/eI+Y9SzBm/YgjiQeXR3BG93FabDlbjmYaLp806Mzv63WYUmaUcWqbNaSBD3O7oafyyrDGZAvAEqlFKSAjUehR3vhvr5/tHENaL1C7+1GxtpQWFyL4YXoG9qgqjwo7Yvtvmryx9i+2v/0uiewEv/rXpXZ9gch0SIP1F/aCyOz6n7iSkKvevCW7NY5IFLkSn/YK4XeFGy2pc0ipRcjD8IWzwprkuAy2I7vthdvxwboz/PAJadC3mS78c1Udmfi4t/Z62RJbxx8w4MwcdroqaywygHl7Y7qS2mT6eeJejif0XxXkBr9Y1A+2UgcUiCgmM70HiMGbzDLRwpVGI47cdvjKvbkFt7dnDb/63NYT+JxLh8o/73a8B5zwUbYCNb/GWt78S2ICFh6Bbbgio6gUmHzx/zLf2Nba7v72ZUQYw9DRPSYQlvy/3EOeGLyVgzabJJn3ucX3Dnm1kdn3oA7DAyWWBO14UUx5uunMdJH1ZZqNMdt9f91OxOHXEJG1VtL9ANyTkIm00Mm+rOMxP5+Ss1fuUbaflx4cII1D29K9VDwaGPufWjjyOlgOzU/X7znKlT3WRtmdJtYc5uKNTB1VuJk2kb24GBCzIJe4Ck7hHrKoQDXQPg20y1zBOdMrZ53KAHxM1hQ95U64dyn4Z92k96pztYdFOYdLFqSAbYftCOSDzwHSMeXjXfU/+KuWokUc99qt5K1eWLNHPOfXE7HEqxSLPGq6oyZf3Z1q+4Tpp0J1B5HEdR6ufwF6BBCDRI1w00fCQZslTdD5qH4zjD+4QbjtG1fGsND9y9pLs2keuUFIPc+WP0kfXTf/rc/OJ5SlYWSSCcIANJGpCF353tCsWWaBa1cvcm4ba9I/+yehbNxy0+yjEuN0t8B0maCIZdzf6+ad7Ft/T+qIjW9Bn0iVJ6OWqDnqvG5mWEhIaiKZJqnor0nl27QzF7hS3oGC9FeVfQeAArxMUNuqD36ePpqrRJ3fUQpbN3pHqh9KhP4/doyl2a6TLxD7L1KzC1msUmOsIm2HHyxHakYkGq7yYhDYezxrYs4eYlw4muGyjoWv7oSWJe69+btjLSxMEzsg4pUzvQtu53qsNDfg1XGW+OopqIHMJfKtNiJ4/+f6iuSAjLmu8sMgfKxpCsjrA8M1sOrmf6xWm3CAscTREXmgReDb/4ds/uSGQQ/nDZUspwoiyhH475c0jnhfAmvPzEDnQwmwXQPa1w8HTjHCkPac6UtS7/st76XRaIuVqBRBJ6R1T56Uq2CNk6znwm3TM0GRb8qYAJZ64DNcQUlE2H9rcFe9L1Bwb+imd/bn9Fb9erqxjof9Xcy9PFP1Q/wwT7BsgV6TGd/jWvHU6v1Mp8YbGJzG1tHSjSVlWSD0gKr8q4l/caea4khOkRqI1mQ9givtp/r1lY5V32bSvKxA93K53RMrM6S8BsX2RRHWoiZDuAxS0Gj4OSm8HrWJRjvjHCRl/zQzF13uj+UHigozOE8Q6eyTFrSFPXB2Jfv6XB+KZToc9qE+6TeBeXKjNH+ZaD3/EzWEcCRVFJ5BxIXAQmXwdqPeOOx05goxbQmhwwt3KYWyrtiQPM1HXpg7qITcTRI3UHXJcldQEZuPYXxfORrQfJsQ/JlA1vt1N5OUYXjGcPmqdXijDhsMzWoOf/YeoNq9Fddx/ybop187LeOxe+0WPy38muwREqqReQGIBBmBWwLAN36SRjZx7Jx3vgHGRWqaIyZoXpR8WZu5x2SrjMi2MO46ZJBkFhcCC+AwdWxhYIRZJV/sT20ZQ9T8MihYIAuqEJfvrinXNBeGLjEN40ks9IticcGc/WWXeigtSLGY/7aI1xN6AO1OGWL7Lk3Sa1jVaXusIF6f9LWcOgayK5oUEgB5FBR9oN23m1kMki+itnNQfTgn/aZi+zIv3i26bXVb2jXdQL2OqbGgAgtJrY/SjSvFqy0gd2NSxA2j1Tw60cn8pIHyEIFLPfKMq9OtPZaUutBi/IyEBNfXnDcbg16peiqxzW3rynCzyMFVJfkg/myVk13c73X86Wz9ZhXtAAp0yogNWkGFElmRFVo7AfYMIXV6oU1zFG4YM0x5X9ksz+pQLgmQH0hooKGQ14giXwScz8E2VaBzATkOfsO8WutemN7HiNuzRelnVRIKKMCaH960Ka5NkgAjMpfvrMQdN0rZtVVTponDmdSgM72NFPelg0QyfLAwCMXVci3WDhMsGbpWZrENCDSniQEsBgTLWse7lBNRj/LqPUlDdaHycsaFRlGaX8CXyoKkaffYE9ikv56n0uLqyA2Z2IYsIeMbZBp5/9l5+WDUkY3bXGBKU3B80x0YtciTOd4BT2JQfGvs+yiW4sWDktHOjE87dzvISVH3wSlj1nvd/6zTv7m1ME5P5jc8oI8hJXlHErppIIHojI8wvPC97lcup+ihSq7GF+sLGhXLGFk4Xsgds5otz9RyqQzFVUol9g+qWpPAiVrFHE/HjHfSF0H8kT/zajpzPC4aMx32MG5tJHdTPVP2I/lEUOWDOBEdZnylpFTbPBX+sdHHHjjRMOzic7Q24FuITQbXfDOuYAI1TCLkbFMlXkd66NN9Z+qD2bd4cgoP+VssJSH2jDgJc7+f8I/y4YIRRufpUGLgcrukWYF8Hzc3qyZSstbEgmBQ8chJ+dy9G3OrbYrPXWoDjoY8dIypIH4Yy/c7eUHjeolPZfhofi0SKy+KlxFP1qn0RbcJNejvrIcJIZ5yDbLw5ft44/v4ggbo3uvGq6NMYsQnVj/ewBH967PiSoEeaNx7imqphNWk+bvpK2nzknJ34hvGJF+TMPRrVblqllfAF4/prwgY2BKQTT+d+kDJGHOlfP9bbhVMoNkYEaWYmXbh5WXZ7q+g4P2W+5HDQdkqlOO6Fyy4VZjTgdUy/fKeqbZCEGjylXagbxhN8VIcekfWmvefXZ5cKdRWvZtl55CBl1doHERUlrJ590RSnD2vxS5j1BaPXBImMqZMVf/8yu8yX0/V7HjSD7LEsmp/JXYAqI8fJN+2RbQs+12kq5F50/6YG7koFij1EmUzasjdZ1TzLOyQHl6+8JaZgR4zvZC1ziJLyfJUMw7MUU/HBlyq+yrbYtEly07Bs8gsYm2J+glCcv8Kq8CK9wnCduO/COYfZP9uMSKDSE3UQcS5oBMPtbPNhhHV4oMA24+weffkUvuRvZMEPfGm20vnzTICY8JoJVjc4Y0oIvsyw1q7vW8pK9xwWnstkdrPkNHV8cIW/41navLF35EHsM1hNBgmJKXFl14QwoBa4oKuFcid1+fXGVQyWrRtQsUZe5zjqim11Dt5Om7e2SWnNzSt7FAM7aBibHKUdOnRv50pDI/m6rpVWKb+7+xVfoiLWPYeoazY1dBaS0Q7q4tnRsEEB0kI0wcHRxOO6WzKyEoIdP3eDfa7ZNe9jmLJR380dIpLkKX8xw3Ay3DWa0Cqv09Q+TSnPh7IH6/vpRFsdoRjLS3Y87P4C/Fx/xbP7a5SWbweTTKWWibv3Uu4PCOgx25iMIUuebHvF1/yrhg4IeuAV7nslTv7yCsR5bD4KkMPSulayUcbR6oKF4Sm+JrrpX78wu1/D7xxjkJpd+8E3H+zfXNmBLRnnWpb3GPhMVs6bCIphXq77MG+E7xA4/StgpvGbwO7jsFp6OzK0FjEwOtm0Gcm+xKiPHwAT39FZdGjrRHgqYL15l3zn4y9gYwnd38MCMY0ofGAJ/puE/11c9hC8R04xZC4r0i6fv9Ks1t2wU9CuRFzzt17ghlMXYaGmrXu8yJtt1jUVoaqNTs6zOZNCkJjgWQTwO1/8lIyoaJuenNwk/W3DVsOXi/vJN4Cd35fJw1x3GDQA4pb3VckXFZ2hPDp+B9veH3MS0ZlZL9jDAQRsmxiZMzvgQMjwr4pW6+/UQALdG4lnBJHPzZ7gfy/Gjq8qHrDDaIz13hbTVb7aP27HJyL9EWiGmEMb8be85IYfPfuUyjztpxFhvlZsL7yGzE7dKbFn5RgE9fma6oPJQVuN0LdfuLalQG/qHFNKWvvSvvJi8k0sI7+YbA6vSFlye2q8/cPA94Z0zNbBvHt8oM9VI2GGcQWP+DYjPwKj+tQMwp8rFdhQ70vVwA1NOctRdkntNEe+FIgNKuauNHSwXpYWF8TjbAVPGUWvI/4yiLBdGxTyQb0M4cN7he5jVKtU/WhNFJS9tqScQvzSRWtBxOoXHCcxmtgJsNo8RwA/P9jZqbEt8oEv9UV2paxX036wT0+J5YYVUHf380pxfyCoK7I97YVbKHBk3VAtHl9sM6eWZzBdMAfM9AndNU/p83LRenXoVIP7cCif30aeRjvTkgur+/STFeJlhAee0Fvcy7v4oV/myWDf5Y/nBc1AnPHJ4JQovMy7VwQpP0k8ZgymVHvAB9HeroImq6Vr4Gqbd+zboHZ0AnIq9X2oXQ99o0BZIZX3MWDS8YXw21HjoOm51rAG/VNXnm/C0Y+OtF6qRSHrT7MzDn5gzJz4FO+OaZksap8W5lkkw6eQHBWoNd1geWUc0XwP1uMzFuP5M0QmSoIoUtej8RUAOqVk4w+XIcxLQi1eONcf6YHafRyawnklHhMIXewjkzJHHgewHNM0wy0IJXR0cmp2xFv2X/1F7z35Ba6bvHZ9xYYqzU211G2cLrN8hr5fXGi+HwPpPHFjrhAPZ49JQ0k2jDVSme5WB6Yl93L4OpefstQ3Om6CbHPKi+N90JuTfmzuippFeYHubZFSYoffsuS0FZBBjtUVtcEpiIZLIz4IWLi7Hi60x7Tv3ZnbDIByIuXHYf7juwNIsRdTRNGXYMiOQCluPfKECTc9ilccYGhDn3EC+dO7uTC4JmQhscG10/R8mOgGN4IFUJbzeHScADMLs+BOfH6zc6TZ9UVDzMfY8BbvrkGt5Wkg6s+0Oit5NeHn03JEMOfGfv3SG2xokMo3/qwzImZp5jZDcSoa1LCezdSaXqJh0qrEZ90c0E+bL4JP+/lQF9UEwy1rL9XhBC22EM8ewUIJcrphxwG8Og8WFy7c7U4STYEZbHh2nJIYXFPU/AYpvzY22PDLgUwQ2IeOrE6epw/f1NQips8tUdEPLpU+8wX8bnLSGK+dT1NC/YeDnmFW2CAE0NoniH9bvg9beDe1oClkBnGpPRP7nMcKAPi/YRf1cfEG8m+zVTe9ji/d1My8C8z82qzsDvIL9TFcciAQMINMeVm3vgLPyYXoDbhJEhMnwWK230RVaj5DcDZybUkubhfl9UmD9DFxJ/rJs9H9/haZOL/WlKztHi130Vu8RVviLHIjZ/0w+CGD+vst7rseizMPfo/8WQOUhV63Z2qL4bbW89UuI05XHOVUwbH2p4l43GXAsVa+h1B4ypEJg7lFAaUqvgwu2GBz49N8TALuvMLIfprtbxETBNiOJyc7xAMQGz9gGX3kZDAyx57jbYvLvPlVqjKYwymDV5LWUj/6KcqFR2fAcz7vtapnZaflWROWUPblfRzGY4ig0roo9nKn8HjoDFgutiudyHExgtHbQJpxzSQICaPTUquG/tWjZU1X7v9YmaWFmCAc28zA6hGxRX3Cr9cPmJz0lAhZAYL6XU0vy1zvNCFqO7AH3BGW2hBHihU4/GsSE8obxdCOMH0fiFsfdWL1RB8TlCJ/NR1wsIinjJmu+mWi5fWuQH7ArY5GCIlb3H1Bvs3mudEf3Jq9EMqpZkbpdjGqKUbN+NwXy6Zdr6usoFxiTRG3IWmGJIFA3ZXLT9c1pCgd+cSQnZjNL/KGo3BNWMGD3mGzU5i5C3UwYXzTwgcSZq3/JiUiSdQV7cTLLwKpmWVp5Y11RGVC9idKZqdhkrqlThf2qr4htck5vshl5Lw8PdEPP6eV9qpk1Wghdu54yj5x2sKcVTFIuSZhu1R41xRqCZ/vdf0l15eGUNeI6wTOWNXtKMvS1mJFfVOg751mMuyCJ3mgrToeZJtWf5yONlVtbvGauEQ12NRgRQgZxBWD8j/WNgW8QOe7INN+sly0hHW3uTxdjelSUatrisHeNPm0W8KO/cZx9VeonplaZLNDDX9rVsUE9PxNJ5yGJeuVctL0/NWXJtlLsvuzonAvQuXAayo43GizE8396s8PChaUXWOF+XAvX+wCwwgLVHTBap70oKLFx95yH+yKL02KNDlRFyS8Xi+QGCYCVQpuMyihNZHzw8yvlfqRbQzgcf6bAmerpExzNh7retofraPnJM1Tsq9he4P/t2tRCUTiVOD1SdRgxW9OQIRlemot1/6ODRR+OQmIMl5RWt3IKRAfaAKOme28I7qLRm6T0+pqwKPz4seJ5RizLTWKAzZwwBMV/aCN+YfHkapvOSrYYPb7iTJN6mnqNlWcKbxpDEAwfX5wXVkpaVN+GJ5EK4PiZoVfQtRMzEQ5tKY1MBcq1J8f3tXX5R+SnbXI56z53UdgH0oc9MPQn3zaH9zxLj+dlDzvpcMOPs5H+Fa9/tqyWffD2DRt85AZWeX6T+f9ox5qm9GeBoMidnw636JjS7woSpH2szBf7m6OgS19IlgN+oBDvhPZkcSir/4PinVQFuFKlnzplnuy8Tfq10WObdPRMOMUcMpmEYN73ClIOp0gayUrRllGUktBhFFWEcOsWIYsnskhss2xKhrCCO65XtCSCGL6sbs2BKXjzTkk8/RE/pHIexf6Tf8NC6xnZXUN/qRXlenoRtRd+Eb3n4OijWKFLlFhK9dqqwAt/O9Yji6k4LtIL/nyLoti39E4OeHaMU/wozxQWZgg1GO3D1qNjoT/bObTOY4p6bcrsxGc7ddUiyAVYvJx94RrdJmgMzTIB2vEyQQYye8STRyy1W25pAoGyC0i0Tg3iDRk25i0kLRq12fx9AvDWrasL+8HltNTB1ENWMN7I4B6e1gLNKL6rFr80vIMYTV3KHAtFX3Z2H8wItGNoNYVgYybyrEIvuc5P4Ou5EX3oSvubydnv5D1NDgyyC8hTT8BqivddoqGjyt/xgyM2ngWBnfRyPy4eYwDQkBJ2e9u9UDx6qQulBy/F2biKDh5TbXG6wMm7SRFUQ+pg5AvQRmBsqh/Za9JdS5g6YvNIJcODpBS9EsLMW7t5Kr6H+1d/n9wLBiGIOJ/vobgfzoZjP0vTgZj/1edDMb+XzRt+X//EPv/de1a/j/tF3Nn/+3v8oJmGv9b36Rrst7/rZzW/7a9BGhtfvf/bQ6h/3+vWuR/16P/3ijw/989VTDk/xEnzgnwux7+c+Kcbsg/AABOovNIz1owLVuQVnmifIBGUi+ipBxp8P0zjzyiC8b+5zBU9+Mobp7cnC7msABgPGK0jvIUuaNpD9eaphp+tG3525dapGrY6FiBo02lpECl/sjWy7btTNV7t5glZl9R9CiB2wTpGNQcRhbgVMPt0YHiKShe/DFGZKUSrCsjfJtKv5qhudw8dOY7GZFnKH5hLkSTN/zTSB5F97gJo0WYqUFnYGkzGP+cgwU0KvAM/6yFk+qoXe7amcnpkrcpkYbzNar4k2YM0kof7dD5Xaubd6wdQ1H2C7u8rx+F0e3OYeNcTPSF6rxRT1by6VjtqIWq5grVQJY5Z3Ztatg+IZ6OeBXN58T9hOAqawySNZluTW6cawZHcmOQFGte4vTDWvnz8PGq25eqwbw0gFTa2FJ4h4OgzN8PKO5hyebqYiQc8+npGmfFYjMKYv7yyqGeqosvJHD6xXDOTKp9ScW5D9RuV1nvQ1NN9gBo502n33OeaLqipo/KElbDBu/I63tqr37g075jGxDJUFvjsT1TLU0+j8He1mZCR+JRaSuILz/Jn0pLbxZkERxTWHX5Y3mcdZ446yLJC+JycK4okEewwaC9opheX4Y+P1SrdC6AMQ/Qg8fNt4eLqqa2H31yP2k0VRIvL9W3H5msvM/liVStTzY6O1fyhr4MM6tXavJZIrajWGUmSsz2ebJzVv7dRSCcxUtwYxfjB3+0t3bbbDR7NFpKYuSyCIVYWLHE+yeKdOkbAdznBL7WxsJO3sRXb+T4PmHOYsabFhGK4exHjhhMovHbOJMYwFQ5h+SKOSuK6ajme/bCKJiG1Gno82kpFfuAtKm0c9QH37N2KALGVMDWMm35+mYDvyZrIS4AwzYVY8wo+eun/n6E66OMMHYihmrs2h6JsH6lfAB205kCZ2mSvOgEQrPw3J8MxR5g12jNfORN3S79+YBl7QkGKj7OUP/t3ZQy2bQcvGKjjXMd24lh+ype7yFi3Sut0mUSSrhxWa4fibsE8oy2MaXKkEZvmryva/jIK8vhATegazU+GkQnKzkq9DqSCxKY388Yv/jEbBWyWgem+lw8cVTH5/ntZKB5YHTkckni0dHEb/PDiEtO3fj88qvDKjdi5DFLki1Mt5luzJyQXMcptNWO5k8c0aB8xAqp8qwrVWzmvzIUercjx1oXZ/+AcgL/XKAgQuE6utOVXCT9dkD1ul39NWox/NOj35wgT0VLOp7O/iEKnxdGQlHk4/icbR/qw0uvXo1lzpwsJf2VrCJQnMTnw/iw/gbKnh41GlfXnDbmzfDHOCOwtjTJcuHHFzpKFCjaHSTil1H2flLHp/p2lcg5LM1Sqd+eesyJBkFQzUafXmUrpzicAhZQI0Lpy8nxp8A6oApMU9tONXvVYSdH3myZc2Y4UTVBfTWJqhlrqCQx56mc5tqLUi47Pu3XakvG85rOsjrG64GEpEoKImezuMXyFitDItSTVqK5MOG5haBj8IElGY69haPjPkvt85YPe4kOZcMEMtSLXi+s/WVOiM9gmiB5JmeQL5/ADPtl9C8/Qso4ubj3kjRNi07DuuglEYNANQaGCNrGb5S4ooKP5EeIH/F+Yv4ysAWWdtegOeFGRLnG3Yp4Z8LtcSiCHsrWKCunpOCi/ZVVW9ag1s2uRQ1Qeh2eHVTVKV3ttMIwKcfBkky89KtmVcbcpOuswg9avuS5FuQ3Hti1UXEHsXFRO19SyOmZu19V2AgI5xMufQ6dVyUytTvGPWQXo/bdNEsIVImOkstoAlgsVBW3yQ9hym2GxBTg7HJhMVndY0AHO2+PD6Jlz2a+7VE2soW/cbHzt+oHYfsK3yrKBli5dnbTqnxtyEaTJJ2Hxe6vVxfFziby7g/MCHuy8EH+XgWn7ZzwBjk137xBPdlJ/76q0f06mN+IFRqztEzJd/Rh1vTeqITq9KoPRsw7X7eHfqmTDOOYUOQsXu7E9JFyWlNWJ57CW4vO/CBFvcKelyDvsP0R1KqitW+6wkvvwVCqbkacDVMOzuuXxld4KFR6MfGbeB3uVlS+2Zy+qA3ssLvjIhyVxvKjC+wI5CNMmbKp6ENtAUnPLkIjdneQ0vVJFoWAAwK1ZDiQlyZZzmSdlyZYaNjDfan0fN3d4ED1seXnLzLsfRG/YgVd0BjD3SLsGkRBJYKBISv3YPJTXu7SAx6zKQgeI6d1CY2+IAMVBqg2Sb/yiQz1Sgr1Fgmtk+g0tnzmdRxyDcaGdoNUpHqBhJN/2cQ2U/7z2QU5x31LDY2fo4DtpTuErIHwCwOIwoPnl+bzSGoFLIhTYQzdF3kcI/GeiTtCMmf7b4A7ZoLiNGzo3wzVYgHrxyEzvsE408Ugk2K65kWjf+VjAj6qCr9sOZkPUwlslc50vWlDBQus6unxNexacz4Hs3fxbW+wkEB20uqLiV5NKmRZtLbxro3YPg3nqx3y4Q35ic5x/x32JPLnsXillhjxrx8ECP0+tvjYqAYR5/ooZDzRicG3t4rbcd6djRsy6SXDvv5dhRfIzek77iAo41hLLma1lm1YrsJtk2xkawzsAHOQGyTbf2JyPmuZv3PW7S3uFw9h3egwE/h3B6n/qwvCMOI6r34kuDHm6x+RR8LoF+CVABL3TYNqzDNWCytFGcroCIfbSjfqDpPd2TfM7Ls8tWgk2HnsNp2V/B3s8wUGULTLV17X4tfC6pOrv/MGReAAN2es1j4eDtATHVw7/sFvFEGLLyFCtylHWC6u36KQif25D8PuP1x4IXsJP/oBfB0J4adZqCiylRZQ1At9QAUHX7/qEZGfT4m9XAfMHA0/4FqDFgBkucTN87FYqNIXaouY0ZJCuv7IU2XxtAJJSTUG7Bu5/TM1WddPirVZipxdGN6WCq9uIVW3zqBWc9NKfGNM4wsxiXNqgRYHPIUzFaGh9V8NQZNGqSnrnzHy38t0lK9HtKkjhXYa81BiDraBmEVd/jgcAvuL+q+WROc0t36ghfGQCuCKIPoBZrjrygc9WpmIjna940k+qBch6PKrXACeXYoIsrutibB3W35T9lGU+Ick8SNP/6o6yNuTD/EGNpwYXvyww6h1TUx5PQ7w6dfV1pEPeaH7GO6CaeKg4ttanCHKEIb8hln4QtNmRINoxp1hVAjYRWEJmSlkKJLAn6vnKsN2PPxwBgux4RB5jbWQe/GE9ddgwTGm3N1q6AQffoR/ch9XNqbjg6FxHyBWGJflsBvx9tSdU1MtwthirQr886JVAlsd1eXAjqumXG/TlBaifbkJBqOxit+liRNkFQ4MHB2FHJUd8L2qNZ51gYirtML8fZWwWsbFIW7y1tiYU/yc6hvwoFKyh7TzXYPXwY+rSJCnulY/hfndR+OvlpfU2a6gDwF2ENNm7nmKHSnNOPvvvxb72ZeXPwbbr9/JtAzDqMOv3lbXblWcBzmi5IsTqWk+8EyK8DfZcL8ddwEXi10GS3LMqfCcKCxboGxJJ6H5+3zSwGxlcFqjgw8d7EiLS3XUjuEZ+W0KoDgt1oRPBzyL0x4AKDzUseAYdQZU0ZS6W373L3jBUf78xvIg9Nk+YB2PidFw8d9nR/CD/T15IPiZnybizuTHQxrkFh5pOQLzmMOkxNavUwK7WQAHCsgXAMEYsufJcKAg2Q+X/qcMmmIS2O0kIHG08FdPjyAk8SoWLKKrM66GvhJZduiXzN22y4zNxm4Ttj+I4dffVrx/r4uYQp36wLMbwnqTQfmFlMV6w1eC9ohABgcclBD7szNf/WHq7Pa8wc9QbGIYUZizTsYHvX1/o7iGeoJjiGqiJQDopvuIdv4ig/sriOwVyj/QYpXuVXzOjVBMyNK8wSbEYflgoUBuOTjFzZOvXPDNwsV2i1f3VyQGDL0BYhleVLGQf7dqFSQK8oWbl55usaPVjSOht2K/9DfOHXmkGfYDyKe80+f5DniBxjwO6pAfF69BVccTZ4vs2TXKgSY/Jm5DxhEVuGquQBtIL3faAgDYuIUJgnNxDAVm8unNBMLlcd/IdfxtpMlSlpabn+vvGhNQvSK7w64SUALsQXwFRE3pv9neluhIwu7HM0lAJp2DXkgzSPRrPhaw8SY5EChv63/tu2TwFc1a/FMRifh3sN0YSeB/Lhf95qP053C7BwY6N4gw0DZ7vckSm+C9nvTuoLr65DW2tXraosI+Yy1up+JPblBMpUDrHto0O5e+wIBN4TwDHXts0ye9mBEjCVFMKeLZqhLLNoa0lNTPHGexOEXvGTDi5pwoGrK19QJev1qmJkVbJyeq4ydwCoORItFGY7Ndv7FDdMVZUNozOgZGRo1JEwf0I8bT/ZneWgF01o25B68ftsoj+C/lKr/aGmcnRfGNR1F01L9e0ZFN8CdrSHw7yvlad9m5TRFojwL7iAZvLwT4pP75jyjY+ZOG9C8O7VoS618qYI8xVqQ08F2KyL0xvL8PcJ8L3CE19McY618m2qvpyJHrU5WFkHfsULDaWrvGAP7LNFQlsdcdC9HX62zhf7xV7uL2f9PrwO0wwyFOrSFurYHB878M7fdc4D9qgD3S/e+3M//jG2zBfyJUnt8xzSnyqbLBHoyBb1LUB50Rmn9//r///+/R2HM8RO88aygXqa96k3t2Y3UskE3sYEBeRy70Q9wQl9pSh1RN//k9zH/v3jD3xfu5Vx5TLtqn0RBHOmr/lnWEkD8V8T9JEB2a8znVW1L+83uo6l2P7X3mGwvafxzPmYcvuR5e+d5kF91knwr+Lw4wKLvBmLj/3ZjeNaX+t3MrBP5UH+5dM6Ix//N7iL95t7MTh/qRij6UBOTuB9ics5/bZMj393gwernPkNcFhUDumJ8OPfR/8h42ReAzG/wnQ/ojbT/wv9/Rve8P6fv9ngd8x//J85H3PpsiF/z+Dp6/dNYiVPRv/d5I+B/H8fmPGvKPlvzrm8j7jfVAl/5mY7bcv9/gvtoDpBr979/Q9/9JHu8bIJ09j3+NMf4vY/xPa2wKf+v/9YT+EwdXZAs9WMd/5tx2qPa+Jw7r+X2PlYR1n/I1lwRwn476/3pEfxr3Jz2BvD2UriMERHnN/fd7XplfR9brZxTo/X+V63/+rv6/fJfBemCF/vmOnp4Lwd8C75XNK79/reB/mZ3dGqMOR8PcR6j1X0f7H2zVQ/xLff7L08yr28/8hnV5iQP9f9Ih4KuMF0/E72gKz65z4W+mLXXpz3Rq7fR3S7zh/v0MAUn+r5/4LxIE9vG1ULl/V/2Vk32kCIiT/1qh39+/NtSjttGrJ6/HY2f21eD3XeTtC2/AZP/HLN4Z/K880b894Xn8+aRe5uxXcu+n//Ghwp9PBZ8CpTlfviGK4ijK8WzaFysal1G9sG25x+MUJ+6CPzeOX+q+itccl6ytUmMqkgSLdig1YU5Kpdnv2o+au1XMlKNbIkFsCSJMjnq+bcJD/LpiWya+2C9illVrP7tHvuxHG13o7wBW/g+yBT8R4FYB7h1MzYA48gYaTrLAFaVWSyhQNmAURzPvn//j30umoA4lKsHnOOkNRX9/qimJ3v856cY//9wJwpcl4kqtdNbvB6R/HgYf16xhM8sfgpcRLVQkeL6yOe54YXY25ujvaevn+fcYzQcDuQtlNfdmZZsX0oUvb8SfT1KiLLiElCd/4x+BzJp/P4QeIeBuZF6O0me2XoT1BTNXnazViH9GwjMeZSpfhf/c9UlxQyOckIaq0tG6M0Tm1BWVwzCa5uWTpJ6XJIKCk2+8g9Lm+s8eyxXslOVncBCBv7l/ZEBpNCZ6QvMuF2U1kLWzy7ebfdx+NOhnfoMrddfUaooHCtuDBc9/0PvpvhH7irnyKa7Ti/rh4FayGaai3efJYH3GvnhJipZ3gsP+q9qBWT8lLcP6J2s+nGS8S2KqyRH1s0RZBAfXATTD5v6DpnZPN9gcCKxYAuwHyhL0mYnGT86Ub3X+yb44328t4y6WapqhrWaiuJ8S+V+wO4l0/KaduZ12NxiV0ha2XOyg1p9rhVJBM6ylV2KX58cfPI2sjLsrArpU6z6oCTO9tj7WXRgdxIclJlLTLfZnobKqjTupIoW1inhXQ2MymnWPjdr9fvnbvq3rDzwld3PxVEbnrENEViVRMrXVK4ckFVczkuNRSTBqlvEIv+d5gbwx7Tm/J8EpZjaIhRJHgfEZYHzFFszmx0qkgRp104Fg1el+7jf5jgusekHlYeMXHLnT+9i9197bMA/oPCvZFY2NFtQLHrCRTVYMm3X6xQmAJTvwdbgZTTHCOVaI/pXqSHvHSV9gnJ8zaYqanrqOGhdwqOn2RHLZKt4DZ4hFfRseT+kliqF9S5W+sNeUUkbRuiRJyujuIh8Ik8BH8FEj1Zq4285tN7CzxpMkhlA7wTcZzqotxjGmpU/T3L2BX3ttbvaOAZbTTIHTfFeQjqto6pWBVT0QVEkx41ScsZjiQ4Cc4+uqFL/vZYY2f+8ywWzyvtrpnP6VuEZN1Nau4DYwVhIqWnXZ5np88TXITpmHYlAt90e/hHHPpWfPW2/H9eJnh2cDuRaNoWlKLizENbViTehSL9MW2EZkKdxSZcioLihMlPwNSawiAt8iUaqU4BP9rtrJnVwGAzpQf6QNp3rE+40Wog4w+lt8mlNfvRX732WrHgWwzcwsfufAf6fqIR0hdYWGmNyqpRDcGdLlM+Qolvda2OvGXlFcOgVxp5IyTmPtvem/XrIYJaV9/05Z7JyWr29XEAm3RH2WXm315Igi1mkLUUWsOIgZE+ABPuDKcJ7n4d/2ST2mUmEmtAC/Eb3vjuJzT1U0o1Z1pV5IBE0JNYk5zbP+fg029XffB9i4oRpznQN47zIMc8wk24bU6zcs2kejJF8Uj6Rm1CiPdBv8KN/8DE8q6zXTqq/UE0nqZqEjcabVNW6miZIS7Gt0181w32o4s3nMIAHXeJzaEPF8NfU2trrnKrbKIilXNV9OznR5Sr+OaIza6424k6aqmWg82bsY32lRmoQxSlVE64GuiLu8wjH6osBeP/eqfSfJoJsvb/ZgD31qwlGgMWz3evmBkyUwRXaYv2Ar881TieqVAak4dNVNoeK6iPMs8JeFF1Z6dYSmwrqknSWyFk6nLIe9/VSzXRpNekqhy0rJbyFyYpboy8mn6FdXvmcdzBNaMFqdo1ZAfyUD/f24gmFtw1K5RoW/hKdTr2o+guqNsBTTBiUO+TN9HslnSsrAQeZgO2fOkmfacDWzhcg4CWxdXDI6EgbGYY7hico+IhmL13zs7645EI0iHd+nSV6KPKxeLdv2+AnTNdwv2bips6Fe6dWvDDq+Uis52dZFpbBhpWZLfaOEJpP0z/1oT/HMcjbRFHc6FgwhUePNwmuJIOldrL5CPj4XvL4bKLUDaa6YVkmH3qmjVTX1octOj18ksUaSQuHdZ5eZzGG2MEBVTbcE6uikWx5zO0ieeAT3uyyGxVGeBiKM0HK8X9WGBbz2CtRYvn/8pKMUNpVNxRo4WLiVv4BOfsgm6X9TP1H0ygQHmeCFAlMnwzG1MOkb5c1ivBp+2LJcbH2phSps2M9Pj564lzXa0XqytXK6zGulCFxPbWPcpxgxQnEr1GHGnZuvDktxzCpvF28HvCV6DLNtf7uYtlZVt29BLZzFRq/2/jZFe9Wr014veb+fk3SaYahbiUxLoXPgrfIBFh97a0/t4a/qEnKHryqNfWM64auLFHdUuli1V1GSUNMyG1rQYLOVKtM0G9xF9eEs6RWTKCefQJVUdWZpeqot9t5rX/UyAujE67qttI8SyrFUgKX21Rxb6AncbaEtDlR53zEdJv4qOmHdXEVFMfTCu55+UZBKzeu9mHDG5Z0qiTdVcRxzCztrL7yS2joVqPnPRCbzFZzkCPbKg2SJnMqpkm58BrNcBuRryKb7ESWO09MekaXnlcIJajLbr4gzymLeOVfrDUeVO0EuxKp4CgO1jVXykTdUphDKkrT36U4XJmgx7hfRifEeyXM4VOwayNngvvHyjQAWVatxs42BMmIsN2vC6yIn542KoW0dQ7gNlcoiKY8m72ojjMtem4fgXvA7gGzR5lJAqnuyCrPcR/vimTXZvevu/7AjXb/BObhrXGtky1Y4ji76L62M8+f1HScZYAViZZRNReMGf8kywf3NRpBGsempIsCeG2Sphl/kvMFDKc3xNffdlcE0SzPzp3SjYh8gvbxmrU70P4XZ4jhOPLEBVVcGVgaicNTfp90du4je3b0csfvUPj8B+VEdI1k1tF1YLLNv7A2GjnrjdHK+AqMWgXEBAIRS+lreiUvsu+DGgbYRzXtVrUkfhhi3xNxgyJW0J/mF/Sy+oZsb6LmLXq9FoD7wLcttjCcdSSA3HOQHp4jKVWezY/8hZrVluLo7UBT3R628MFhIXruP6Iqe28j4QM7yLo/HJkpsyZNZq5ERoVrCTPxJs05p0wZMZjnFEziiq5VCpU/ou7TrMBqng9zW9cQb6v0aHZbz5YXEDCfXyktY3BkGVQgQfPFtsfvLfCMgQRH0C+eAozDB9hC9ErCMB8FVGaNwMr13cjvF5mGLzN+gv1/3w+Bs/xJlyaHLX6ZsQegcYvSzvXdu0xsZ39DS6k9EI15YdUN3Uptd0I/2eUokPrWQvwpTbEnx/2DqO5YdV3Zlv+bN6UQzpPdWpGhmdKL3nl9/WVq9T7xZh0K9VBbIBBIo34KtUjzsgldEeuzt+SHdG1NojTxOX6NL28JKcRXCrhhL6RgzofBaJ7bgHwPvFz4jrg/CDwl1ar2y4CVGoIN6uZQGipyGNUW3W9fwGy3muymKhxMwrFOoCq9oakSWtUPNzkt/8CPlv/nIoB/EGR5G521qsTws5tRtBX/QiXl375Uhn1NZAztR+5qXUR7dzv3HFQWAlt46QpM/9Fbyik7nxjMud9x63mcm7AbZ4N6AZNrzn81Mw1Xy6tekxjx4peOxMFLtxNtojzUWL3b7WXiSIZIM2EdYxC7ag0tY+GUnIcKs7ONHbko2ocm1Km/vp4c5OTq/EVHoukRe6TVmkd7IJlxNVsd/WMvxMA0uHvZgvm2sh/SpeTZKC3Ref34pDb0Pa8906jOqocTE/b5fzdj9UTnu6EO2sxQ875fpy9mYbItsRj8f9HYrIVVCC3r8GITvKtss4xTlcE0GkvvOi+CBe/dnvmHyD/kxwthTepAl+u5of5d7g47uY4SenX8stVmYb9jhEi2k9K+sMfrjxylXtizOsexijVWm4qtF5N1y6n85C9CQxa2QyiHfSfdajrdYDsjxDp81Aaq9uKTAbcYPxb4SeaPtzrm7NlvhUq2gvThCXQIUlsBjCpRKEv4dfCOmCoa6e6Vkq5ttmVZBckaSUOLbPL086Ct/aM9+TpsBBvAFA8DYYfKdPLR1HqNzH01twdmZ43Hxz5KcpytKUY3l9sXc80Y2eqHRbxSGTIWfh6AI9o4u0FMfL26VaRW3GXsg9+cwQeL4fuDhDjAD+lpFnGnTdpypfqLLVePl4u1Hgd2PZf7emvKl1OARhEj+fPNdXUsl5e6v0qEfV/W8+osiRLb4PeQntncK9+N/gnFBeSdIHZ7b8NF0+UtdDUIqETpkAXNsltdlYfkHcraC4IZmylAlaeFh21SZyUihNgAg5BUW+TzADltQqwZaaYyR+RD4BD2/l+n1+cftwRJI0/nrW/CMoRMxydRiOMmvfBRQ6Y3Yk9y1Yr8QIBWgJOWZNt+V5a1kduFBYJfL4ILx4b8y4L+Ny3MG77/9UfKRWu5sYR2xomABH+z9LP7LREzWSsk1wsOaOorrr2LrNSY9nKEZalzQL34RibaR13QTQDORi5CDyRSj0MH+rTAv0xjJ1qIzrpXQ0j9l+hrBbmu4AGZOfG83bSXrU3oA/z4sQIAuFtnx6L07e77e69pXOjdoiAPwj/xqiChJruoW2wkJhhx7/F8cBk09cVz3doKGvZAx6UDXyl/M4UV2kVO0NHdLIRSX3fSRw4cPLg8As3QHUtf+WdHuoNq3W8yvRnW3DxecUgVHSbNm20G/cf+meC++HjTQH8SkdkDEOSApCyVhQ5P9oIBuacLK+7Q/3I9zV0/n1xjrbAxbeF/avNktxGf7G8m09LnA13r7U7tQ5IlPmOofHcBhXcq4BIuxD/ZOnbRWiJfm5d2ebnGlDH1UwYpkQDpoTdlCv9tyUzIRSUfXXJv6E9SadzSa74HqAJquHwjYhs2gLctyFjMJSnRNqw6hdmL9paHsG+KcdJxipC3cCXZtVgk9w5id+Zbi9P2S7gScvnWD3KVP9HB3Jmrwa3+a4/hcxw8UslW5OfeYxNEgrbXgGFH6IZ0Hfg8cIM3srpNyM+EN3+ke1sacQqKC192O9n59Ykem5Hiz3snSXiAUN6tfPWUavn5LIP4QLAgJj3VUC/hSXWYMmtP4huH5VuhokbhhMj8nrQB1nya5JZCGM++2KGJWEd05435c93xOHCkvTp0DoTMze7+4mKDgWlx7/Grgbw0aE2Dv9/oEmbEP7s05wyj1bjK0d0VD8TDR7WiuXCWbxSm+vvPxCF1UCfdTDwkNdYRwu3OJEF23CryLVCuFqXjxeH7uQ4U8xgpnGuRVikUHNOSHzHwsj8+VMy5lNkUy6GvOi4xeU7TUDCKkh+eN//Fm7es0tDm+0j24JjptF7Yel7ZQByQ+h2kFfatIQCEL/ZXrYj8UcLLCFm6WooxGnDptD+jPE4gtVRJmH/b/plF1S3c74T+vNqzme0GASXmgqa+/DV6hskZSo5nuhd/NYBfHFl4B3UAneygxiKIlyrMQOPFGTFLnr8LHDJ7/cHj36reI8Dj7ufCcW+ACAiQLbbmPcv5ewb+b/RMOa0mM88f/ZRuZQjkejOC9Ht9eKraWokmahzr0vdQmKZDE6L31g7/hbWE4VbRFiM37AAnAYx0CaX/niMrEHp7z7s52t6EsD2xrZ9G1bh8P6ALCB7RTP6pvbpswWyuX+DiLI/7CJsfyFmcv80/GsmM3GQ05G/gIo4QPWEyqnKxghslbXr3exXoF3ADAcVLgP6KGMt3eWdqmvithDGz5AVy3/YZL4XPqvFem5JjCykDvZrtgXSw6pn4cAxCQmW+lBvgj353BFqa3Lf661i6gZQfjo8VeJBfftAn+QsDXXiGCNOxrIpZXdVfSM+ICjl4mLX6RTI7blKLpLGhf10+SHadE02MeTdaD5tRa9G64PSg992hccQ45oOU9BJQK7kXNmoGO7scaIveHRZH+07GHlxNgllmH1oOY/Lqb5A+ugS+IYXr32VCzlZef2iRdw72zWToAf2PzKv/is7qFHKSKboU/1BfgvumLb/oXKV90z8816KHDu9IxBkaAYyIQIvAeB0+0yjnc0BsdHglldyoTjEhfsWse83kMADervPbqZJ3ddKcpogVmj3Z24O9Qb/Uwf25VsxvOXZ4hzDi+DfUbK4NEdR8bUw9OtSLsXEkfPmhyKF95BMe9aSNDT3GPKUUgVYZbWtKLIWbf4sGHbFreQ9zPKLGiYnC3YY9xJJMfhHeShGJjJamSZeUVXBHy/KreMJbzJX82ElZNsUtLftd5ux2yiLZM0W3qdqOtnk3dzyL+ovELATlVaR4kgnysNNa87XE1ry6GauEoNTo/UZ+yHjM2YUCOFjXdK64zofSko95dRapSRhYYhq41aXiPn0p+PQQNHctoucr2Id4NxTImwIFFC2mFg9R513+sOdAWJl7PttPGSHS/mO0znI1MVvzw8IOgfXtzCXlIgZJcRy1mpE74Fw14h6no5XTgWyL5nmz/IZxpm2k+Z9yLzWTL4NJJoWV2j/NRTnYPLBKYhkP6d6N02ikBTlpjjAD1Hls1rkf3Bw9q3xl3CkxeiO85VUOPpY9yUBtTLLX21n4AFMz93dduxHpleWH5Gn236wVd4sN6hd8sy1x5LEQhYn01ByR+KlnMCMV7ZKLxGiTapJXLgMoSB5mNB+U+pnN1F0KpLMVtWoCaFUyrDc2FAwmiQxcK8nQSDolmK/MuZ35qHFEMBn7Kj6MpZiy/5c2z6A28oiMMhnB6pIxj06HaAyvaRbHUBu3qj4WNYLXe9QvMPMLoULMXH1PXPQ2fA5vHHisLKcNw4MaYt5fd+/wpUKq638DtMbj9oFJKj85lYJIPGqFFPV8LPXKFKrAaN4aXCILUWTu93/5r+e4uyS78Uj64s8skvG65VfoY+KUuMaV2Gl17csjJ82K8Nsf2qFo2rDUtC+3aDqJ/ebtzeehuLb2gS55ezeZ6jKUt37xHNx8k2hkbQe7Rj0qcNE0HJmnsmKz+DYOuALkFGhQybGi8G6Rg6RwhJ8snMzZ/UFDeA0acOAwdGTn0QDQYVsOb0OBPg/bNMnJBEwOkOJnwgENimFY2bt676zAn0I2dx3LZOns7rP2C5MBat+lzPwB6XthIngdgWXC7pRjTST3vkL8bMJNO3f5iXiCf2K4WDsWGZLpyzQHGzEHsL+6uA869EesMTO1owE4loNH7JT7GdT+nzYS93eVZENfcuYMX4UywLOYIpRwIpWazmsPtGntd9tn0MB6y/3wamJ50HfLy1j9EMOK98I2pkeQ+jylFP9w5jfEnhJlqzvyIrz9epX+csYQVcXc/RaErMeNQlD9/HmwgQIYlGzBGDzPTwBTXb/c5orLI0OHjfzHrKO2Vf3jnpHvtbHm+/7OgvvNtXTO0YyWnLaOJ5frvPSTBKDceuwNJ/qwoz66fXwfFxgjX7l8jAZBWuU8GJUDTAvDCg3B9pWhBMhywB7ZDKe4E7c5Afu9TNIPfHOBNPkE91P61UC6ITb0uzr6zsV+zJtX0tqYPkYTPrXA4rElihAov2VWNLzLgej3l8/e7b2vASA1H8z+RilmEny4nrJ3IUcpYKLoi8l72p8LnTHHhlnKOjjiDmQui3g6JQFTXveo1sQqBLrnQ9djtU0HbyFE81b1CDDaLRU9vDDsy4MfMgwMT/TR3nNtFlVl5XIHXMqFWUO04sSe2EHWWfVzHcxs+S7OFovzJim5uLEV6zuivi9HzByCVVSRwZJYMtTavGFRG8fzPAwZw/5fjtU7D5qSIXztsSQz04epINr0dHXGmEHHB+lIwskoB4k4sbCcgZjEDGeiE3Mv14Vja7iEVsWevfx9u+5h/HD22U5aRXKbu6aKSn77V5ktNYx87bgzsZKZwd7jNK502kF2rFn41JwE1yoXSKjbKleBrFC4dKLhzcHuWV7nM+PK6ECEwNW/o++/liT1/vWJz0z96o4I1ffOcxrPNv17695KY5i7xR13QJFE7az87HJ0TEKsYTBD7myFjfBxo1Zi3+Zx/kSVqoVCnWo6m1Zlh3tK457Yrtekr0vDegXtvaU+0IEEu5as9UNNu197Qvj7qGJYwu2alvBeQ11tsF8pVSqjG+jKVJDl3eyBkODS5KgUREpP9aeDcAPBj021OniKiDlHQ5VYTzHXzNqw9ruBli80KJZE+tY34eNvjNjQQ7BEeSMzu9KvPZ1j8vQl4a0ISCHz8quAiUehV1weeZiT5gd7Grxjt1PPHo/OYR/W+FEpKHYv6DsXmmlJrjOevma20xDwjgwTjD+g3lAIFnZi3ydaRLzc5dMiGQG0w0BEwqqTKziEt2TO9Ab9uMZrNUGNqhaFlW+URmvOri1fC5PXVrqaoaY3j6kjWUPOB/GuAufpbcusYyu5eiF0yk7nyOUe0x6J2CLGdOXtKUss7o5tutG1xUu5vQoJbzszntE1i6DxaNvOnTYXnt69idWt/phuYX1+gwSseTPgRHTyCaWu7gXiR2cFsIobjaQWbf/FbsYMoNE2kk8wAKcDNdXzpDfOzuBhzB64X36mwrt6ONIhCAr9xepidxHA0sJaK05v9qiAmcXF7H4kAuZ5D2y0sUb3tl2TLdqeIdK+S70q8T1P3eIJJz/KDQ+nRmKlPnAdpcGGjvpP32deYDZuvowen2+FZnqPFQnwtiYcYy44o2SpQpnO/XTzjsYcaSPuKZAzeYD7yLOKBcldVEpHJLJUCIoe2LavpasnnrFBXHDscvDPG0vUpItt0X+2oMz5ceaoLY+9a/wqNugsgeN69ZvHtFftpJF7Vu/A83PS5yHEJk5GMqmrRcIsgryisbzy+AgdeWqT9GNLDG6HMVWh3sGlGGYpDUyiPvHk3CNXdrnt5IjO/7ff5yyQKVcEd6Q2Zflauykmq84xX0nnDCEdB2V9114k2IvapvV7CwpdocaxZXM5ou83XnEuFwl012zB0SR/vhq588rXQjfe+LevPcwRb+b4rx0MPF6zTNb8G/HbuuG1nutHekMT7DMsVBU+j6EsUFsfQVRCK8JOSVBRUVZNDk2NwZRDYPQCzNELltb41L+ZrmbUZKf7lbDdWrD6KEHrvhOlWogMEoYGwFtZT/qKxU25P431OCGpupCB1Eeg4dP/y6Y/3AAKPFWfjgzeLiy2T+A5JH48teQPZOj17zdwV+yDjCk7pNUY4F489v4cv6fCNk2HpQlpYv6PMIaviegMVN6PTJJO2KAlG3mT/toWvFhe/6M1jYF5QEqwPQ34MObvuS+7ryQfzDoyXDfpNf9sq88iXWY/TlCk3DH9AXOjhpOhyZiw5oXbBvJLUe1/fwPbv8yWOilWjSRXuPhXTSL87QAj0FnmEM/ZNXISq/e79rRBByfxaXkghSCwkREEvgqup3wnojo1jCKo3UM9Ux5abgzVxUrPs2vsOO/EIjMjXmiw1OjjdiIO0uLJcbdClZ3wuUaPKge945wAUMMyhpHtAvCGSRI06/Iq/FlrcqnmeMa1O+87WrXizNnQlI55d3VINo6fg/M65+iC5EGxSC2KSPpKw0S//onDP7sbVElnup4masYDI/jjvSNhAHGUpKAgZp9Yuwr/238lKHpiYVmr0E0S5D8Iq0OFT8mtDfRXCOisD9+J29s6RxMTnEh5vwRDb0TrLeeymE0e96V76T4aOtkjbBaaQLA9kJrzYPth4Og/ThSjVBXFfEPuPPOz14AdqmyniE5Mnf26zrDo0y1uMZeu8hdQi/fUzxB/Hsa4Xx/RwehcJfZPmdhT8TcR3SDKCz8NreZ8kmb6Wn2mD1BCjvg8j609iI8wvbPbrh1b/LlaCtB0IXkFXgeRufMIXEtV249I4DH+lS19LQq46+2c9zlIbqBFxBMRaqkx6L0fJGPJjyoaNDCYW8IBGCFR3+3K3+B7n/KYN0vbUNwPUIA1/0lLb+fzZshzQOz1sFQAYqGL3juBH80VaeuR3Tc2N6VEMUPNTqT3en/41jjLXtkayDhw8AoJ8BY731Ee7tkidfD5owM9Gv7X7MHaGjY/p0jVNzmzZ95/OTRZ1hnORZdVudyTiGIpcu0+7BytYgFcy2y1fWuC+Dc3PG1SxZpuwoz8dnU03rDhILerTr8bBkXSP7wAdLAkBgb1fH6JVhJ0SjPIk0Y5s3JhyFi1AhHy1zul/+jSzMF++ZtRB/fpS0L6/cmv45D4ad+0ftvkqIhL1X1GqzJMWSEuScBaM3lNMmmijN8KlqHF7WhIvCxnx1oZDuEctPN2cq/uAKdx5G97rYQVash0pxH45GLDNZ/y8/DAfW8vSSl4QI+eCDw8Ryjc/yK/hkuW84YkHDycOIzH67a2gpgPsNYf0y9OfNWBCJeTYoPIvakcrrJGZ2t8kM2dVEKWfuMcuBFMrhrCoInnhr5pPckLB4MNPQxcqH3okWKseXr93iDjCOt4QJE/sX3Wu8Dp30mQdkAUTB1f8Lusxx9tIWjskgx04bJP7aQa/QLNye4zJZRkNgS3f5xjTPwM0gi571D3IZ3RF2SUFpiShbZkkSOQ9xuzg5Y31iww74iWDkASeuRf/dcHWjWMesEgAcsGoiXhpARPYhfh5sBDyFTZAkUpjzJ/35r1soIQbwDzLyMxTOYCDWL3t+QaTrKsBMTjkh9NqRt1Ug0c/BHhaBT2LC/lPVVnocsN6FxfpyCww8ltVP8D4+YVpGvwCsnPlkbbTDW7GgeQ4u64vqTR/Sk2pZiymTG7dBnkJeI0AExDq+UAiXhhjOH6hXWGt1kfUmJ98sYDogVH9y3ipqLd2IUVlcTzoeXyYm1cmD+dGW1SN5sqmb99pzgHHHjQLVE48W2gP3uA94fk9O0pxDAm7Hpc1KVCWW3r3R3J/OZBXQxPqgU8E5HBFWoJjvvIl3bczKxupcd4jhUNXbO3yd6aXX+k15PGW1lyOxdpraJDu3xEg/+lDqX+JpDXAU/n8WzKIfY6SVxugzGXHSN+sqTflgYb8AvUThX7uH5+h2g3kOfQO0QuRta+BQ2E6TTAPsa2+FQiYg9mKJN+p+cuOPzdiO94yv7aDSSUjglWAJ/AleS6mkFQIUtDYBD3oiC/+HEDKV4wSGVcwUyp0x19bJvvRPJBW6BeLs0mF/XRn4X8eZ4fLDRjtrIZTMDsYbtZt9BjX9KfF9Y5yELSJ2ODdDP1PvJvY2IEz5SoZc6iLj/RG7UWY31/dZ56a6QZcPxkh/Dn/xO8aOKMXsjLzsj58oRjmh6zha6Yx1V0CBd59uFCXB248twVKnM/w3hULpD3bL2p+0ZX4l3lCH5rRMAVQ0cmYOU/TaqloQr7hfUhOTyCacv1SLFx6DCwMesD/snqc9lbXAPk2WYB239dXBgmKBc83o66611KDV0CFYKIQZBSF1whoItzbviGlsbPg7MPZWG9VLhMUwfEZn1i/bvbr/JX63HGRN9hB3/WExHQmFGmm7Dd1FuSH6cl9f+Ck8o8v6N29B7NwUfkMDCeaQu5nIypMFdIvFydvVNFituqdEpWFxtX5B6AR9LsfnyEmV15vM3xSBLcdcBB6VDNIEAvTbL+3skAm8gDUHkIott4nrVFEykhdiOFwtKCkUI8OJoJfvuZxLlfnwCbhZSPM/vSIbKnatCnvxjvrW5x3znRd0j3dCyOhPKf8dcDmF0K/2+aVh5lmg511YU5P3tU+/x5e4iebEPfZ/jRoRz8c+QKaUXUjVEalMZbni07mu9WIMOLtIsEH9xX9E/NGxo3kW4/WhHS1i9zP1PlulwqxUpsh5LScWsbuD3rdCW3Oi8C52q+hvvIEnNIay00PC4DJcBfebP2V/gALI3Tzp6SNBFLtTnCNuogqwazK6plntQn2gojKIkVcEGKt8QZS7YB576fmGIv94PpjN/F5zBUNPNimBCZcknhOijx3PvacB3HdeEaeQaiTADGx6J8OQm9u5pDQpRkmekyuMmPVjG9xFQVY24uo/uB+8NpHv20rUatnDVpnt4C4BrrQnJ2NEM0B8TLM8sXniwQAnE4cI6oZ/2Bj8pc1SMiBrRchXeIANuYxiUjCLn6dj3eYkfUckiYjuFalQvRBlKR10T1u6/y8V85wNnory5TZsR7kbQDUBKoT+ITRhzdEn8Ic+ruXagvwCdWvih022shi25kqom+eOp5ZfbOHreY7ZPgZ9JK8tiH4N3prQ4HpXJwvQBrIVlPWW7skOQlUTiy09tptNTpt143y/tMSJkb3GrSCv5b9RdAPkqL0yJjGY1uwmdv/7jczt371klXJNvivZsTOpgKkea3PNUBgSYDtaYETskcPTJZSS4WHGPbgxwFc/ov2zPfN9mntW8lHpn1bLaKHPQr15xeeUec52ecWR114LZldYy9tO9FhCh1qugLvSLTkiwfkCpy9cMmFrrB+eclv6jH5HSEnF8SSDf7BhAekYQ2duQclIsXzjTBNmED2aJuHinIQje+HegjCgcZSJvUpRIHI1wW3F+KN7t2q0OEpDyO5Ri+DizOu31Ghgd9kV90GGefa3yUv2bDKD6mJAcZg7O4MMQlihauoHhsG40OGe+vxoZzwLBzrcnghxfqQ97JcJOcem12U3wuOkl1e0w8RfO+pSXJOIXFz2Q+769egl0AEl95B5BXG0HVb8+VOfed1653p8UUZ0psko2Ve7E0Evnq8yqn6YLWumD0+tyA6PPFmR4mWOT2IHjG36xLWKFPlpUyoqz3yavNozbLPYYkhNWWHABhdBoFLzt5fgTa6hWzwDm1uCTC+xvXtVj4xY9SGX3T5EfyX6Tr5kiG6p9mwRfhrMsavdRQyCg8SdBmq4dURsJosj8dp4ezIYsbC9s7kq5ed078qDO9BA4zfz9Zn/2YJMRoELCc6aKfJ/QTDKbq+k1R3W6mrje9BD64kaMe1upBw5yXz0Y/YAam+1377MbiYucWf4/qF71cUubNc+ZSY5HMA116q44w2K9UxCGSAvlaqwM0M/iQeYs6U7mpKXrXXoCNjaMCGZ+QfVHVWefPna/yYxPoydp9fv1ogbCR9oQE4EExvJEYShO6ZV/TZzE0jC7n86ZJDEK0svBJh14Lhh+OBxqMRxZfzgFGXGq2FMw32HbYHUIyCOs46e7dLh/UB2sSGjHRn6qEj98mcFt7xewF6E0Yqh+iotOwFrbevYicd2g1DBTX8PeZZaJGTE+fidGMd/7yFVTO8viBBr0qYOjw4RCnIspjiIVxCNC0QW1u9Hx0IaBtxBLESjiBu/p1hTIjx91T2cojGSsS+leNhiS2z10S/N/XNMAt0LvywwHFOuHUmZO9n7qvXk/xOySvyGHwt6LPXkn4TfeitCd0M1QippVbmByioGEvtJ20/rFmtJAYmSYfIJzlmlrETR6tAJy3GolDTiTYuPsebr7M0p1/iYzz5+kKJnGAxIxeK7/fVcgaMn1L5TZ2GQ4uqypTwcL2J8lHfNnLajg3fx8dtmBsofeejrTsWIetr588yTt4+lDJJiIqr6PFp4ECj8HH1LgrNeOuIe4j8vKNyJ7d7V7CWQaN32vaiCc7d7Jpmg4PmcBIcbZ4roc1JDOut2KtndC9q66UEwIzj2xh2STB77fpJ5j8AOtTzTjHSZ7Te7QiXuSUZS0l6S8IYbwmOjEhDP+XDUuaJDHqhJodYISRFg8fEmCLY1yQRLvsHn9GebL6nKJW+r24bPbVx808gPsc4njSfuOdoi8cgu9bmjcD9/Tp0+cPGBTcdcJ8F0gGsgzVRB7wFoLdZZ97ZTpWyza+0d0vB1icC8JKEEf1aUTia9F5zrfaVI1Dr4vyIOKlabg3yr1762PpKKpBQyQy+2B+EFD+4yjfdj1fX1bmGghnXkqI8U+zK+fFOyADePBGMcHuheadXKGFv9dpDEf2W7jfQx552+6Kt8O1dCknKEevQz182EQnPBbMvMRcAGtyfp3vFvHWOgmxVC+02w4t6JaGucQ1aUSUvlsSd514j88FuE6rzGM1GwbnOjhXwPI8gIeRsbp1pv0bgqXUo3dkRudctlAzjMXK9rvT4+nuxKFqqAXlfeGOuHTAzlHt6xgrvpXv9HhmD3DV6aGzuPLZYRtuTbqfVFQTdtHSx2KOTfS+D/i2facrlLfEpYn5nhTdyADU43cOtLeJeiFUA9RbbacsZ00Vm++picIQv4o0GvQv8RateahrG6zo6SLCy4s8hw9jRnXuJ+cyc5xfSO8LLWsMXnqI0Wr2jbaN68taR7OGOqNSD3iTyZBwhRjLOOlSMNoy1XmlLQFNcMC9Gar0P0SK+RA9d5qokplezLl6T3xpDDF1TPQrtmob6NeFXNk2Q6Mp4uYWKJ5ZPjxgvj6jHfkAZ/i0Sm7hQuT4Xnx9ReAMIA3o/mC6sCPvgu/0ld6/tGcBmDmJvkkjlgX4CDC4p9s3u24HMz6RBIVIKc2TkmoPZx6+YitpCzMkJbiwp3UFd3XfvAl1rncdGh28eF+PdOEPX/3qDcePqY7e1TOv3BKHa90MO32xxfhdPX12caGSFAy81TFyOGg9Hg3Ou3HGQ/U5G4+UVJ6hLERI/Q8+X+8aNEc46Zk+0pltbLJUfbns4Jfx7MnOC57V1xrO0ZjPig0n4AmqDkN+/u59vMpp+DurV+6/Kzec4q1f9Jt6Zfn8MhOQnmNzIyEOjzGrk/qUrbxMZS6JQrjKVrqT+hQ9XwFH4pfzCIOYn849t2dxR9tNyjdJfYli90YaHqYtuMEaxdtoJFPK+xrNjrDH6BHFcHu/vhZC1dkEraL4PDtEVffZXrZ3mKjiHGsd2jJKuWQbJoV3282l5Ic3b5uHFTy77HhbptXggBPi2zxX/UN8C2z9aBW0cMc+n1TKLj7qs2WcppdEc5U+Z97b8PXtYoq9O8NvMhxJfrExGxVauoI+MQGvpI6OzSVMxn6ah9ay9qCZBDd/3a+RAM3mGzwDsBSJRkKCMmCiTc1ckdjcefFVU/FUSpmwh2tv+vfJZL0MZimrkUhnxOm53R3WhJ8ujml0/RJkHeDrbsjzQ7NvRq7baceB0v21Ey7VZ8AH6PDbgIR5aPRh47Xyw41mHBJi8TrxY0s1QF49BnCHIEEOrqkbM25YDFFjg3NvyKk1vN9Yntot1gSyVqQdcd14Ypau77sQPKUXCuoGpb5CNOONQDvF5boUcfjPVO4Mxvaf7FBHAYyP/4cV5TcR8sq5XkO9fyM9xkwfiY2ZGROsvjMWxi//eIddFqFiLjCoBWU/fa1GxHxykFcvAeZ8uz6CZ2kEEyFHt29cBNzX7NjeqxPkJI83YN9ZHCsbRGdD6WF9qwtgReoAYr90FzxmVQB4yAbDmNvgWHz37i+uywQiaOQ9fjluZh9HVvuZ/cqbgvMlzGy3xg+DEZ5hNJ4Eg3h2lLNM3KGtz5hUWa3zcXXwbTDXTRB+s1fwhgC6WOUUB1zAErt/rKJNpMR3lP5KOP5SibagvKvn9g3WgAKFKa11PtsACWBYCNkkl79kvASC1JvwWVw+rev6qf29ktZaDIvR0LmOvCXgsDh61XH/CXwGebma+BdTk9eUFPhPtb/vrNZTvI563VwgZFNXB0UVB79xFTXObxiEm9FcaTUnmnIsyqvcDoS4iBKGpT5Pf35dkfB0odvQQdK8Spu1jJdWWRd+tfIMLyH0cHkrUn2hosgUiEIPP+nWn9R1ZHhLAHJHUnqLgOhAF+YyHEvhYvyY86kbfqfazfnOf0NBk3SVhk1Iu/6s8l2hQ836KHpJtsSu6yU17+O13ow+wtBtTZt+hBCeHit2p2RKxIz2yn/giVXDvtP1lO0NxEJc+fjsotHr7yO/Cla5juqhaEuilTtqd/KFN3IDDBgJdomAaBG6iUq7BQzYJc10Gc7om+VhyYnyhH1BLmmir8lXC1icjViFLWhZsxnS/n+ztE1csSfkXDppyZyUogWEgYBE6f7W7ZObRuIwhSG3C3ZkFZBD/VZq7bGqHn/ZNfLqyJSTXd/2gQEPaM7ZkQhNX8KKcu9XfS5Qf/IWzzV4qoznUgDpY6wSwdeLH9Pa+XeoQ/tWgBwxr8/d3mUcqtgxc4KJ1ZCwFb9SepZqFesCpUmFosTm9B0MNDwp3FIZpdBw0gqLmsX/RLLk+VCBxwjK6ZZxCfw/MzNsa8byVl7m2G+4x/KJ3vMTwtvWFOpav0tKt3ursN5EUmDA7a8TvfgeKJA/kTzbUaM3XB3ojSaTk7ld53+jKyQh5Xnlz6SJehRuQXvMmIc6IIxC7DR49YkTxa/t+6OCVqse50oJQsh7Rzx64Feu1kHRTie+6DasF8JmmQBQzh+hjfRyqpzwNPhPMc3+J/bgSyt/To0jcqjGoZwOzsI6a5xjRmYq+BUXrK2iMz0zfxsioSzTxef+iFGYuwqr0OYpzf70CgINltLd6yUsAJDsXkiC7lorM7kQWKFlhXPjzuNUgy/CJri5/qVlqkvKqesW3/Rf9bOxebmInclZexnR2C9HnnnwSU/+ggT/zA8aGl9jhCFUAX/Jfj4HxcCqnmeXCgW8VuJV4d8rXHrWIa+QwXE2qmUULUdhpaf/qfkRbv9bVdbW3ZBpHWb8ILFIxh2b9dR4uczdKMMvep1TnXPVT/BcTZungUEoQ39OeeWSHmJ8oQRHlwb5w44G8P//26Y8NC+XSV8PhdSMGBzp/0vZfhL9+fp1BRP9IEd4jzOcc0jABbyFnkeFbSMxClWT5r8dCTvKGqQ8YT4ymxmpUtzfUe8zZfLMkoPfdpB2MpP+i1v7ZQqr5y0cdQsimNS1wjMQUCQLbEPgyHXRUVTMFzHlaEFMIPb+4X5cGnm7ocUQFgXkYchOSD8vsA9zYLVwBQecxOtRyTj4EzB8gg/W/LhCy7EDmVcf6WoBgrW4/9nbonqX7HnICSQFFGM1N1X+meHKsg7F/v0bS45xJAHw70wWZuHhWPPn9uCM3gpOm4QxZ0XO3+NtG6Deq8taFcdbf3OT3xgWg0wPzua7Ww1GhEG4ZJfdBQmjya00VAAzfIseU51p6AeguiV7157l/IiEc/N98IbqfFMlHTPkgFn6E0vyLcPj+Ew+H5E672DncIt34TfW3Z5Uus2zgEfYqm07YSuvJsOabq0DVJ5Y0lboNG1yc8luknVR+v//rjxE+l4GvKNgcjCa7NTg8tF3DExK4LmaMnjkWgL/YA1Wz8l8vDvA8NkP7WtN2kJdEoIvI5qScu63p2tfITdYzAZVn4H93X7Rl8DvPLhq8x+TauQP687UeBha9qzxqAi5Cq18SEngjyhvwxw5HvdOVVDbUJNxV39s8F1gyfPGXR3wGwW0nG8pGUxHg1Lwys3d/dQff41Ult++e39pPUpQ768Gt/3KwssvThN04yW8Dsw3NHS3CUSKt5wBXKV7kn5FdAa/9KmLtlGdpTGFgGYruUN+TSaNgrjyV515kQbWlFuz0UHcPMb+YXHJMwwK5ElYJIM9u/2raV9jGdgXJekC7eklyXnXR6RsG5R94FbOHw6UYhkEBR+R+/Skw9nflBbo2TtEml1Lwp0BMfckRtiZXrWw8SV37tZBrrVkC9UtMbyNHy5AIBz8j+XRjskWEjJMPi7Ex9jGNAg0UWJrT6/KbsCm5f64aCN4pwDMw4BVUPGq0tSgJ4wOw5RQ2TF6TihAWJX0wJgMiui6JKsgZv0ZPEThCkfJfPoSHx7x8Dc109nZX5NmYmdhNu1btbTdUFbIt0s++J/S3mUpJm5cmI76infx+NstLalSdSag3lSC0o6+4fX8Bza1ssiFNG8WOSm1PT/AFXZCQBfgMahyQGD5fUjrCc9pEDHiPFgouHgPXZ/7//rdVuJsppq0g+LCz/p61cvntpP4SRuGKJY/LpoTqC45tbokdJdjWrFE5rJUf8X4hGPVQt2wKS/onGQCWgWGxXcOa/CEQvpxM+LZO0c2nrPGJqaPJkqhrBc+k4IkrJmrko1zsBL+HR5kx37b9l6dzLs7jq4fgzAqLvt65BAv5RH75yr6c6AF9XfjASEOUaEh0uN8JDGn4F7UE1HvIeX9KKIE7dV7HD7WA+NyDH+fuBG/HDDelx9YqbkGXg2Jhh0+c+YSNE54+nHFn2J68BuPtK0mcCR8hjyFUStwqldIMttKpyFVKwt7y+dMfHQyHojQRjyJt0q8lzlebWOoS9Rn56rnL76H2XvXQyzJuHgRBbHFLa7mDfixnxZv0rxjDmz39tZgGDw3EREP6u3xZQfod1Hl7TjbJXGJ7YNftYtzv1D+T5r4qpPIpovy/f+1ymHIXStLOik99+aMeG06DVCZ8BiH53B91r7xnAzAUAmuLH+7xi33CIVtI2VTD3pIgpUJAS+7AvYCzODH1AFR/yYfmdAyISQlgZ4AEqEgl5sZi2B2F4XM9To7RY4g4Iy1I3wqXCkgfgLgUqfBofbbNY53ZmrEef8Q0W10YCUR5P5NW2U7VX34oNVl0KvWDuJuLGl+Sd5kN/rgGJ1Z0tngwDOzRxPIA+XUMfLH2U6FZc2yuvwhNYxtPss4CXdx9/mmpHkvS8GR2/o1LdB1FesYVwtg8mht9+e7Fv9OoEXuQ+0pTPtMoOqi+ifGyOZMkvDX/dTaUlEoAA0NaaJhewbbX4Uydy/mAZ8v+y0+X86aUw14fYsxiVLXxzUOqsEY/Ao+iCiV0gYmlohFSHFA3HD02Us6T2Agxrjs6UyZWtZKa9R1Tal02mjL4AOuaeN9hMFF/XTGSOdD9hpFFYK8RD6B3rQ3uv6up9S3e+Yt46qlDgnqzn7ZnRfDC9Ztr4T13Nz4TSJVlBQ5cKIp/gq2uOUSjntt/Wtzff+kJkAH95fFzVi3WF3y9g3GCPufafKwO38ZpXpW57Vfqm0IaOkigDf+zIq8kNYcJ+VrBJj5YMgQCn83FMml8keYOcBV9yHqmdbqo54zkpzEI3ACSgX2oh842ppViINPA9NRekxLWWMClfen5d69omgveWP1uiX/ZLaG/FviymsdYfVodE6icefVeLp3kzDW+/x34Lue8waZA3f3Gupwdue/nYL3aW4eXTy/5pvLa6O17mQ91xHlxI/KHozaFWc1CSeVLOfAFB8QHDyIZcLksjuFCmsNIlvyI9PudCF++pCG0DgRMwu3vu5jvTqTqmrkSbr4ftKQ3BS3z/vPb/OshLX3rs6bWydzZh+nr1vCLo2S9fNglY0VQL2LQ4Nei/bjAOlR02m4paLPfIbYUHHIoRO1/Xn93e7fHo9eCruWdlzrkiJrfivEwSbJK9urCLtpmebGSCxOLNUAfffTzOtexUPgyPZYww9o1Y/KC3XCsDw4tccn8tcikcQLVR2w/XyvtK3hxz0xl1ueeU3t+L019QI2cyAc2z3mX7i6009K7MkQke3y+JrI5TaiiXeyOZfeGwHbRrhoL/j7JPkTTcUZcgoVePmQkAEI06PpnqrCOtEy0P3DyzzIItbBGd1nU1VFc58tS/e+mBIEjRzruxKl6yIFwZn8l8eZDYkAPtEvFeiQ8e+FFOGtZKUudrlWbXWpOwgvtyK7CbzhXl0oNjhu6m7ATh3ZE2HkF+hIBYZ5KJyM/EJLqc4nK6TsPUNsHlUfiMMPer+Z9IUBjEHXn178atK8yovofesx1fjW/8fVK9/qTX1A+Kw9LKcFr46DUbyZGiHp8rzR1ACszlAJsyj2iiIrmmSHiKeBkK/+hv4ONJhQOffK0i8u1qc4+U4EoPbrTl3OrMYEiXuvY+ij47uLAQaq8xerEInhgNal9xiKLbFoxUu60CRJg9uPGMgXPv9vHDpr8ANxlP6mvO76Ap4BCKbrSSfnth1U49E8jufLfmqJASq8tu2u+92iekNbhP8lQnfTYGHfUGF8FN0NSTys39QMeFcOJxtMHNjFFViiXKtbDgSM26tBOslq/xXSgjoB3lCB+Xbnu1D2HWqofQyZc8AknD26IfcOzRHtbrZn8qH7Y7dKv9AbwsqBohx9ZaV9xEMAL+tGKT/lLPH5v+IP3gfbde+jhvHxFxyFKoD5/KY/hOEwo85QvcT8YA71tuP51TQF6OIsxbMb0X7qFoGmCz+FWmJcpz/M7L4jzAWRJ73s8UsaT2FmramS2xzyHrmO9QsOAKvkW4v0MR2ET2rk++aq6IwS8TCIwcrAS+bkneB4XSv2ZMntB7IVqPdk3l48ja+ODqw+w5+ABY2afH9QOppIk0Cfbhr0DKj80mTxc7k45W0ZzVh8aWiph4E9QlgAk+JwGO4+glyXWiQ6YecAIBaXGVCTf1SFD1V4KOLPzOG1s6cjHxCfuLzh7Q7PX+rXr8aCvGUX3AyF2jkXcE1JpLAfElXwJVn17q2izigi1jMrGdasrx8SawuP7iLbvHXCcwhwAZxk0SRzPEGD/hF84cl1CEOeL6G3lgd8c9bBFKpjZb3BQ87bD0ngijgALBMS59+Ytv3jIjCk85wfP7j2n5eZL/ERF4XvlM/zqh9fgdSY4QQ9QUVYrcZ//On90f/z1c2OG6qBLuewfNPA1/xzDToiuDnVKQCAyz796olmDfX63yz25Yln9vMqwZuEsqVQ9ePWP6zIhb/B11bS33Vn1Y2KNRMMeAAP3o8I/fyFXhso+I/0Nf41TsS1EQkv5cVo/rRxTdPYzimWBxv7svq9mpJiBgh/bloG4rz1/Ms0VZz0dEOprde9FoRdFfwhvyR2uzfQOSxD4gt7L4z7T7dPpwMDM07UlQrTNn+b5/e8u81a+t9uY0tKgh/B2mVMxAsad8gwd4uBMSJzTUFWMZQ/3rx6HCQcPcyaYeXjhB6g124xj+v4rxfrusIpZH37Bp68lEaRvUeYtf13Z/vVzLAdht4gcWg2cGwUQR4JwQwINFaCvfneHFRsXnpyYBiPSr1XJV7p1SEvSmAIl1DyUh+eA3KDq5PFHMp+27febzQB5iFVIdHOucAFRoSBKMI4pMYqC1YM7cKTNfDfKcTkhiLQZhcXfFdpnJ5ba3xlN3fv4nYbK+OufwMjSpXDtvC5H92XtUi1Se+DB7z5WVTDa8wuqsvU8s/mGCC0AHhgG5seoxK1RJKnXTFES5MhxU/uaFhHwi8RiG0e84iuHIEpzVAND+swoOy+YxXqPJVZKIF8RFn7d7pUExCHuKJDFmJV2JvigLWxHFl7YbAhA1xItx29LcF3ujf6tfGFT5IZxOUnf6TpTGPWY+L3cg7Z+b8A43hVcymfzF49iStOm9ZHb7nLj4u7Bp0w+/OSfdRRnO1wAFKXEH2LfPek5olRMEGpRpy34PP+RdZhtmhL0wnnWpLZd8yYp6kbdGDEnkqEQ4jYOwrK/SEkkrRE9mIaEUqPsiR5LYctGpAd7q7zBEQejRefSu9/gknOERxaALZA9UOVtanf0cuayuJfz3Fz8DXwK6N0ElPHsvw6ksf2GLuz0D74gWsLgD+uLy/6U5UUlJutKuL4tW0klFcarpvZbdf+pPxuepVdMViAlskgH+g77c9eGsiGGpF2DBTjTGWNbMo/58X/8x9StoBU/NL/lYBfSZxf8ss3AF+wHlpsdJO4tKj9/ASwSiJ6SIseQ9ax+UufhWSPFFcGf9ptkmLXITQ4glnQGVLgSqde6AnMT2FpDeYy9RobiEyBg8KkVaHYI4cLbJh+PX/xmAKkommJ07QFHNQ6q3IDoV9h1kGtlth3xgv0OyTWT0AeU/zSeAvr9NuvWcQgHT5sXINwa43cBKvOAzXx46i0yycDX2GD5jx0hLR56LS/H7XYimfZvmOU83FyK7Tjqa14tzyuUQ/upsdmUQUMPPv1Pr5fKovAMefHh0hc4ok4UBbIuyYP8X1ed8D8u6eA9vfzsnEzz1ULnLDLWOoWh+QrVD4dhP8WzcsKb7vYdFKriw1C1dSrA6Mc5Otv8rQGrF8wdTurcAMoCMoNCaT2mvDP3r53ly2vVyYFtYy4RVtb/3kPzlzLg2PSwpFMP9BTceyN+x43AmQ8PgFNz25vYsi78DZLcMEE+pBrXa7g4FRFcpcaBhGTEpVr7YRtZYbh/5k8tiHRRlZ6V2X19dhDczRuK3yTVITf6wJQ64Pva5u7EULHUCX+3J6Jlfdf74dfWYPt6G9x70a7XJc97+47OaIIkkcjDj81BVjONzU9PSDE7/xP3W1xZM34R/42FYfMSng45pu+IzEeDQomY1Sg0HJ978dqiLp9zpAsfhMIbyfhqRVCFLrZ9WkZ/nZpY2+XpmLczRKwhqnOOVFLfv5Y45OLYsBB0XWEFzRrfnQlSM15WfT6QKXGkPemDcf/16NQVnr5wvgM0zqEgjEwlSs13KV7mAIhAmYHg3yVOZyM2oEfvxmj0lgv+tx584UDAukZUfGHM/JACCgJxgnSiBhcmiG9Zgxq8N5Mkg8tmH8TU3PYXk0aeHyS1K6u4sGu00/fMWuzPI6VYFJRKFQi/m0QPKO4nOH32VASSTV3o6xC4yGPlyRa/ig6SMd26Ys7BPPwuPHIEe7WXeaF5P59IwsIpfO8EToZ8zkPIfzruIhp4UZ7dmAM5fyrfFBW50+j/yHqPRUeBJVv0l/CIId474ZnhvRVG8PWP1K5zuvu+SQ1KwIbMjIi1wg7WhRw57+tlGBhLBayY/QlTNIEfG+NsCv3Pl47TlTvPqQCTGmLyx7A+e/Gc0563fTvoNO7o692FMXL7KsorsU2X2q2+DezE/PzVcnSKCBZboD6dQoIgHLNxJkwUQAk9+vOTdlugk1g6m6LiQ+xi4GJbmr9uZgqb07Rxib0mccMtfRa0hD/tWrYkXI7+K38HgiO+ZS/9dqDM1BZprAIZSsBzqDhpV2EGyOUT1lgztAjUTj5AFV1k0jz2yg382HjAiVt4M6gtE8NPQDh/XZAnhmUAcHrsVY2bEfthnmMCSDjKggf6RpNPQ3AYhRne4qkAJZzQuqhd3Hsfae9XT8DTPOLwLw6c48rYdiPObgRJu74wycQGIZ19AfrZANKFjXJndvpl83/+v0rWAfuWsg/9Jcm31O+oor7y4NV+8zwENsABCGjWsw2urviBBH9IxrT7yfI5SsnQ+2yeVyemLP3mDjhaVsqDvx3Zr3UZW4Qkm6yx08DG/taOEenqNtmSzq+Tk46NL2zyAScknCR/3w4NhhXCEAIcNa9q+4r1rv90Vty4YIdbZX79hgq2m2JuoDI+AAFlNLBJLC48tMqjlw8uJLoED9H2lDZ31kHFFskwTQkhF0/fuzG8kHuYpbBdAw+79iVUyxEPdHzbbf1Pn8vM90t8m+BNuGOWlTscnQN0q5ZCiHhPfL9w6RVexde90zYQbp+/zoCPDqFkunu+bE3oFj6MlN3bdM8vEn+B7tog/qmHUeS11hm9SuuLk8Le/TxDtkondBmrDsRRhCG2O7mTNWMaIyEr8T5Z32aPN3Q1CoAQKK0+gFtH7OAUovL7h1guTjZASvOv3lNmGfPDT2ETMKjcvi253y7xkOrmoXAiT7NHk6gR78zQXz1YZ9Ncbiuv9Yd8VFXepE19ro8/QlaG3kd7lDTt9YjA0tRmgs6qD6s1eIsj7rWbSj0rjFfOpoMZJvxzYFFMfvf4QSoZxXx9TCoewni+jHICMTqm6jCuE0QLDgxDDodNhLfmHrrGOrR4UhZK29v6ORd4ZmAz0sRR62R/lbZNrVQ7T9IEFTCkH8qpa3wf2LCucPotan8jEDhuW6OIX4Ks/HqxPygL5V742mUmQMXHwzmFPI1qcOK+xeb7Ipl5GaHDUPjt2o7/q+h2z7px7Jw99UObVQNe8CoMjjyECqnG91VCVwbuAkMX2QLdSDbI/3QnDfopRnamha0mOxS6R7t2vXLrvj6DhjEkGYZf/MevQ8iwnAPBREC/6fAEZD68MQHE+mQ6p+c1ISzPDGv3OjOBgcp7vNrbAykimYhrfvj2wirPZJ9cvVtROdAmAfjkENZlJoVq5eU+5S1WQFxM0BLi0UWgGvIzRk4Vl90yxeAt6oCvFPrX2TBicClgw/RWK/jRh+GQQ5Z1j6b2u63nYuizk4J5MvYl/XSAUHUV/+pOZy7w7OEwj1JtvdhKQK/G12MPYRBv97SGOkIUIgQReGmCZE/GPX9xfOi+FuGvBm+lN3B4S6cua02iZqnpyhhDl6E2R/12qyNM5jUPLciI2+9JvGTRVLo3xv4Vn7zZ2n53UwL3HNWQun0oomt+NaCcKbVZkQS6J0rASPuUVXf663XOgl5jkdofeiIVUhCt8xHt640kVZ+Bz92orMje373JG776aeqTmRiL1RXhEAlrdLJ7YPJwfE6PgJUuo4tdIY6FhAZiR9D9z33lJEBJMeBxIELW1Ae3VNh2S2S2P2ev6B8LU8vSTOzTgjlfs7L/uIRoDyfW62yp/hIBlsPKDZQHsTulDUxZpVZPjfR/swaiAaKzGvFFqCc4EBBQP3fwaO51exGDR1Ky/VUfafErOfv79odTR1woUIIwpEcmtrDpkvS+wkDZUuFMEb4BTaxw/z2fmXqezrw4fNsC0dszh/GGBd6Jg/ZNG7Gbu8Y5sB1SpqL4Zn6WnFtBPw72nUJi5y7QgBAp6I/vvsaF2lvCLCSo0x5+IjN550Xxfyxq8KsWNb8FHnp2jPdzUaCgsJpB4aHrImtKSn53WIkm+L/1fSegn5+7sp5PdPZX6Iegx8Zczwb3EIj77QjANDispi/273PsVgeV2WPE5QR27LKCMpv2fV6Pgcx3hkUFHRXYqhmBK9oN/W/aQqR8hcHUEgpuJ8J8DfEku2VHld8gMwegy63ijxzdAKEhdrximnwbYiUtYGjAg+0Nma+aYYJ6GBp3xtZ/zjV0p9YNC0sXHfbwJj8fEVdONK1fLS7Rla//NInBT3Qdw5WpFPXMCzuhPkzSz9tzC6dX/c7gizScRQfecIzRHs1ItclcZkTlmdpMNT4MY76Qk2tt7nzmdoy45D+09eFNOnJvRmgIChxPrXowJBa/rbTPcyasXx8RsyzkrE5teLUn+scz3TdTifzr5ClyZcRadFd+XTGIvnrMOP47FYH+Jy0vZn2uYy38N6ZAJs71w5WIwUzv9C3aC6P4n99Tc7vmPcHuHQ7HXirDb4c1EG5I5PiwhOFAhfwHHWFkj4pRNFub/zdfQ+WjplpAf3wQ2aDbmp5jIS9exDvFOrl3/9ckjeChvvpxJoULjxRq4TN/VFT8zZtVrv8zxcN9CyeRwvtVqUqfhuthE9cKRKJB3cr4n5ke0sEIX+LXImNf1zsl3wX52uY+o9sCMIQ8FGiE/8/8D5xVaeqewitbcUQJw/750FH0WODu6ZdNQv/lO0zKiz5R0C14/I1K3493kSIPWQa8jERJnNKpqmB+bX1Kq7Uj3Rv8TzeQ0WAsI0egG/6YPnmiq78vvmqp4uZWhHcvf1krgax5iy4tigx+1+iHr1KP2Xr9oebfCoC4eFw2ZxFeQnYEBrscPXFM+GodzO2h8SLX/51f4n54nqaQlBNfyiOxWHINc+OwSTMz95T9m3FS/Vr+MI6l1SDnbFumh/ngrPuIsS6Kb2XS/uVf2AO/0nNY0796gU2YT+s/v/xlKD0Yhnb04jfuUZTZgGzc6tWH4t0n7u8qmb4fPDkkdgyL75uF9UfftxysKdlak+x4G+/9LLv/Pi2i3xkzFVgvjZqUmxNFrVT0Qi6urPT/85dNVqwEASej6OAi/r+zW8DvLB/Sy6M59nAHnRmEjJwSLBBBr+M/rTy5OtPH5ujDvt+3SqDp5DTvn89mG51lLPCtwtqEZaaUFPkl/MMNIiucBfrwKoNvZdyfl+8iT2v6mfOpAekpe8yBnvzG2l+Koldf/V9VcEMPCHvB/l0wEooyhMXIWZ9D5qX8x28b75v4df7n/XX+Q7OB9ECvz1Kvd/Fu0jvLCTm2YzX/z1n/daGl7Tsf4+lhfQfsDxmJ8OwPXf7nGlFnpO+hY87r3mr/oqf/PeemU3bmwl6p3srfPoaFQoRMb76nXaBSpcLi7Hfpb8W4yH2MTpkWt15O2us5L1FSBf97zSue1YBd0fxpCxXI4iqS3eJO/KFu6aHMmndIzODO+zlEglAk3/2Nvv1Ds/0jXx4AqbG3WtqYcD7P0rkPI7RkNE1KyE8ycFJsUaC44Xj/GMgma2lMaLb2ngVkEv5n3Uh6jt50WB9H7tvW/zsLyK/qiBLwNPJ06n++7V95uiKDjrGdrijc/5nx81gIE3TFDCMg+sB/8b+nCMniG3y1jIlv6f/c9fy8fX6TIxj08xqJ5lFDB9wpVBCKTYdTufWntx6gw3Km4bqm44yfzX9gS7A1zRE6pI6j2vvqPFQ9UAbPakes1z8WozFcJQqvpoEzaNRnqo5/95QgH8fWDO4GeRX/8y4cLZ3is2tTGfsT1GUM6MErQIhu5yboKPaHarqz1V/ySGgrDzEFjORm8/6/65c+gHKlkAfJWc8nJ3nxcM00+kNsLsbUh/KyjntqwZyQuGfLOxAyaujDoHqYsGzXJ0cX382GqGd7cS6k6P/finXyb8XuyXHaqbJNriJUHGief126GbvRuTfki/WodwHdRs8KUxsy+cn6VqoQx315vKT/vrNOd3ThwE5q2IvrgT5XsMJcf7X1dMQwBzfn21qiv+aarNt7oN/9OokJhWiumlobHjoi/u8UCA8Xxwzzq9+P8H7MxHTY46+33/+dCoWDatPb00sAuQk9gpEQmA6J2cJ6kp6ziikfmrY2hPhDGtCt1zUy8Z2Rwb+KBfy1+KKekJosuda/jvsVpnQ0YAo1RKD/MgGknlD2t/3r1V7PCzvPfGUION/i5s/vzdElbacgayuv3QcngNlId6aW3sd+Pzi3CUTzj9eKD2qjRZLnBacVAfJ2Q08AaZ3/66Rjjw185B6o+RyBOhlK0bhxapAnN/KyLrnSx/W28M2eqkrFqCTUUot9eIJpNcOq9F/3c35gOQYyEBFkNc8hJMWidahkOV3Vt7O5d4GNlUlD7L9Xj/Y9b1Ny7tAvyk3riaBv2AGguxxHoBKG8TPj5dc6S6dv4h/flfeHXUH7ba9tMY2Vdu84bm0+nHxGmXAM7P6XT/IgxwyseOlWwJFHUOLfWnag2rGJtwusJScQ/2stpYdythn8WCylA6duNJ4L2ks5c8mG1BZRfpzrOSfAZ4O01m9AbPXrtxxjbwtKdAWjvbiNTvdvdthXqrTCfJHiiHPd34yZcQb1R3F0dqc3vfr3+Jd5rX81WrnltpSX4lmnq+hSTOCQBPReMzjF/PMX/3Z7+7fbM9jt/IaW8vOx7WjJMke+of9KevKTdGVUZPY11iCp7R29holHCuoo0TdIuBDZf9LvKQhdDwcIMwqGr0ALc//t8l/EAQRD0PiojLVpNL/Cxc3R6y48Sdri7z8i8OFFFb+RTOxriX60VRRsV3MIeNjSpxuwJXCTyEaZXt8/PdM+sryLpJcJbxJMvaKAFAosSOO3l7WauT+P5EJH6epLagbf58ONw1uZ7uDRUupb0zEy8mjmoUenxOWLKU7UaD/yf8ycPtRqJYkE6PBtnz8vm1qJIgG/r9HIXmAmifL+677FFEXZe5Pq6TdzeiLtbwr/F4WA3EhldkSqvdKVmebH4HEXJJP9s1DD+dGPJqUNoyfo6acbWsaoJh2fZIB8gC/QvNNsWtEh7y0xyZXOn8hY+1DyBDQ2j4F8J4pIKny7PJLeyN+s7V92U4DGHXRbGULt6TgNs2Q4RjpQh+sHM5GtGHEJxoBZ6s9WCI/RE4x8FZyrBzz3l2ENNu61+5pKennA/2Br5jQUulRRPqs4oATsoICoJZRL74MJqvyflkP4hJbDKR1St3XkCkpbs4j9d6FffvNtyffbEF/5cLOuYDu/vOaIrs0lzWuyBADcNiMvHA1ST+vSfQ/ORz0iasl9gFo6yI7k1kzYJHh/KvkDz8F79+GtTENNbgARcjUHPu6QOV9FrF/2+p95ffSH4TLs48WsECuZgjV8e4tzLMZheOyF66/mTmIKcLUWbXqstvljzjTLZYQpLnC/USdVPQyeQLOx3+cQfqmI/9WPZ2Ht7J90AeNvp+PBxaf6xrNvRR8IhUwPld3l+VV/FJ4GWQT1f3vQ6OyLYfYc2BbfJBgwpQGdg0gU80M9fTsFueUH/kJdVOX+IbqZ0dwT7I2Yeye7g/q5z0XV60GlS518vyB/t7i0QyeLPGrPCyO8X1jMrnW54C6qhYTLet9hgmX2fsOUjDPcQ1/eEfM9mHf8mrxf/OQtg/Bqlypo19oSI1vRUYD2Sur1FZ3obvXiq6vPR1RBJOvsdzS+YSO7h8PWXdLn2S6TeVZ3lE+oOvV2agxgbNR0b9TAr79ah7mqJ1uKSg/+lDt/fMFfeS6KSOjwnPDBWUVv4JpS3smO+bN0Ant8MX+tjgzYCNV2WumysCLvIfaknhwBV2t9cWh6vdpGouOVXnW2/ZNeztYwk1Tcdxt3b3gaf+XAsJQRnjct9DixpRVugTqWV/3PgxPZNiRoG+rYWGsnU/6Ak88ybGG47voSerGdhq0OML0AIpuE85rO+YeodNp8uIxgnjTwmBRfx+hsmdaidcUtYioDN1TxwnQ3qC26tzT5Iw6dwk/bi2c78XxUpJBxz257ydFMidFLQDtKRi/17hLQ+Th1WpX9Q6MYDUADg8XzXQ8RkxcFfEHvdFAZhxgE4lUI/BSTqvAPheYM0/D5pagg1Ytzii9cZw+EfG1rz8njP8CwQyx2/ZrTdw/Q3fqPBBQ9sOmd/8OitMeKI9a+DcusjnUnByLImh6SK/F50tI/XKwHYaqW1+Z2zYV0uqDAKf9TSfDhTvNcw0W399i2CgIWKFkymp7CVz1U8CVwkNJXkOb4ki+TYaBlyJh/yLJ5duTFKNiY1TuMdHLdIzxpESZFLkjqn/un11NsSS+Ku0Veeymcnv1rLeZUVV6sJnFWWyDExdfTf953CUkpXQU+xlB9lM0vHBeS5HhVq5wFqPqrCgAyC6oSKFETOlOumytSzp4nD+ArYHjM5JqI8da3vVLgZPoycCG9mpjAxIhJ6TY/uYT7TehJKtktWIWUL9jzv1rlc53kya7+LP+Jf3q41KLn4UD/gVy03ugNm/b+/EJMfTXUlJw+7aWUpLvZcw+2S6EAPwvsTy/9hOHWYvSwKicL5BHTjyqeP0FBEKq4hFUjycRJur/9gZdw2kqF7XxpiMT4l/jv18fOrHwl/mIm9MRwaVyklOF+TJsQiMFufhG/55+4CeCLoOBbvsEpgjyy+CSvUKiEy9fxP1/9GcblTsNE/xikFWrhEWQH4oWE7VTYmuTD/vo6nQxuP5eZBZk+jwU4uTAPxlT++ip/EYlFkeuDzdD4hXd1BmevGhWqGLEU96+KImADmkAX35GlI3we9RKwkGDP9vN6k9Zbjq7yNVS0ma4V/YuvSbTw8wmHkTYqA1R8hKYGSz1YccESrTYnP5K948nDSDf43Ul5fyDTGoG1XBmJyWFS9Byis2NDWKk3t4K1pPGj6ui55U/yw870DHw3LF/RMOrl06X7xEjvvjzDRQLDcLXApYF/iqJ3K/dlkvRiq7YM+ksJtJHDUmiQgv18HRA134mf9UgID/YVTO2h3ttp0JCJ9fTO+dW52c/vb/QucDQM5KKofdX+JQ9GdNjn9f0xSW7Jfl2XgIPseb7hbGQYexaJBrC2Ou0PSzKyTxwjgw6rhd3cfi8X29mP3Tt/++GGrlyry+TgHmQQaEq91DiG+gDtcQkgGGZkvdXD+8l+rSuBbK5fKomYwg2PIKFHstQwfRGQC89Uo5wnEPn5HDBT3Y7Vnq9cHc42OMyWQ5l9/QYg6FgiVCsjCI8HmbvGpP6b8GnVZzbKV3EH058eExA2/f4nmUUgQeevDQbOlW1YN88aZ7b5Gm7aokiwPQaPCA7YIUKOiJAvEPGcnwirRdCg9Wfmz5NK0fbVJvu8xIc+cYc37N+RQ6p6sWGY5FYS2vfbIEcKjyr3v4CWt6z7DTJVsOYfO7UeBWWys5zaIw2u65WC8aWGPUB6e+IuaY9vURkSSLEc2Z6taM2kFdVDivzL4x51dvWJl7wn+ByRd2gEXagun1+8Kfa/ezpgqhj7H+MrV2/RboUKB1mtNsGKVZhccMTXFj2Sqgum8DYzOdbRRTGL/lGEjYb19HCwQh6PDN0IkRigdEc4o8Jn70EFf11qYJb4l3U4QY4nNLKljtmMLL/y8GKuz1cJN9c36IfaH98T6DX7rIOugRARGG6yesTWMOxbj/54BMPGoLuRBNQZm/prAHQNB9ryHb+hAgUrJFtAH0KqUc+XetYx3vmD1l37gEvSYd//yY9/Fpeb2FoOdag2gZbdkNe9WCncjcnDYIq10GB1WwMEO7P4671lLKlEYKuEjl2Z6OqR4d9d7NqDLUtsoyhQGI/dkLCPtJj3N4Y5ssjxPBw9f00Hgddvp20GJtipTJA94YNtx9sFbSh3gG/8FMvG4L8y/V4eFf3QY48W+Tr7juLL3bYVJZ3UR3rul3sToSNYKWFN4L3QJTZ/7ntOFx2B+1Rwn46v3CcrjU/MpYgoga8iAAF+FO0ytgnStzX5gC8FVl+S1358vf81TfzlFMuJqOq4OOTjsTQ0cDAzKXx6izDFoISJYsVDSKjDJ7eUJW60GVYplzhKziyJmPw3xP+HeWB/CCDeDNCArFWjDePSG1F3gTC71/3ghBWd0MTggT633mkzEzIPqxRkPqyBUf6yVxJZo0Ft2t9kwoFolguaCLiy5IT8UPAqbIeG6Z9tj8uFiNOmGB86AhwV4CilP9btV/zYwuS8+Wy0hnEgfvLmFA9pUwvpIY4PwvgS18qu6IdIFKRE1y8+wZv2WI+J+Yu8wjQovcHXLU3gACrWNqBPrB+5tGjGq6j3uPhkuUVyQXU3uGLASS6b8UhD8a++U2z0SgYY5vtSdzkAZ8BI7I5ZWffdNezXT724WEi/gIEJCRf7G5tDa7iSw73yVUoGtQP+noeisairvOg8sOz3hgu2zoR5uYQOqiSvsobRytTkL7R/hEl+iwGxGhVYeKDmWk9OWNKFbtg7y+MlyNmFsZGUnP1zbiO7x0vWhsogujqYNbNvW3lbLdweDYH8g4mO01rFZtQ3EzOOmPaVxy02p91WmPGMYWXwrNz4QkrjIb/zYhl7z69/2cadnOhe1++SxoQGYU14b/Nf/Ch/88tnNFFMbvyvBixKrv5VgvdCgAuy15cWSmyhWj9UkrM5Pf/XMYSicIz/UaOfLQ5tJVGxobe7KwaaRRHlT+71oeLPjZgPyaFcS9aTpActRhHH5DJJoAAHj/frgFPV8bByi5f1PTeg8To90OkbdvOZu3qla4R8k0KapHSy0bJ+hfP2q55pR8X0dxGTxB14t4YR1wz8R/er/QMNB0aj4CSr2xdVAISziuOmaEX2YKLjHH5WFX4RB/rAaUsqgMC0NPssN0HyQs0RhqCCmkZuYo743aZTz8h3F9AyQU0HlC9JGCWkz2swbXJgrciBcvf1BEY+PoQ3SHGP3ZWyfh4BlDoykfAc74d36bOXg9sMM4ddh0/nCbsCh3N31rWHFCq1hp1NXg2I0cR0UQ0hGYA/UIS/WP/re6AWo/gNmERYVC7E7uS/SsV8ItD12VW3+6UM/oDPo9mHMRq0b9CiXqbsL6ALhlX3RP27AsYdcdL3lQUqVOT/uMooy0OLFQewvylwv3LaSNsZ6Dm6ckxPrBbpjesXBria2cVFMn+j40e1/2iBrNaxXQ6Xwv5xwdgepy0+WOSliQeeCMPVo1/QxJS5GOSwwnF7OIhqG0w5V3vwCLoNqWcl7Odqz7EOvhGlHYj+pdbCg1TeeykGzm+YFPhiCuAF0h5TpP49C17M8KttpLxvisC9sCOEt5xAt16piaoDlbZdJsXIXIUYZKQiGJ3xAA3g8YgkcrlD8GW3H5lChLRLhpHmpXFOaHeqhK7RuzEQ+1qqhTFpG+pK6Xodmr/A+XfYvrvzRUuKQa2eORyUWlwYWfxfdt7LO2rUlepNgaa8OUKS2hcd94RfFjuwsCwZI6WSQ3EnSVVeMiYiPoh+RYkzlW5SM+vOg/FXoAkncIAynL5qkUJPpw1R8HTANUYV2xtY38TwAzInV3SvLxyg+DlfzWNbusNKKce0SX4A1dbn/hio5o4Hne0sWsKEPQ42JBZv7bPiB0USPfIhCnhr9jY6ENJEN83FAIu8OAk4lNFtTQ3xHTQm061GMbzv79kg8wTZOu/TL4iNntOmypX+G8ncfiOQ/KbVwWCOz9Wc+967hxVuGfy9tC8xG+TOpXZ5Fc8HqZjxqdFbejRwrcyP9EGMmUAwDbkWtTy/z9eWJwaq8Sy3E6QvwrsPkxg6KXI5rcO7qhbN5srSiz8WgWMS/1fdI7BZayjyMIgOIziXdNvV+wWcyM0bJlA1AfITRL8MAftjxGNwkgYZIblau5Lqg7ydNyu9nxdB9OgbtzuRomVioaSt59C+JX1eACTFpJHt1a/n6IOkknswUKO9XLGdH+rrxOlQwMC7LTZmxWp2JkxoTAY+u3/2FaytXyEAOxGfWNoEdX31CwVpGffLaOejtuAcieJg3oeFh8TMpiGdIQZqUUGWomh3k9k3xdCGqC2OuZcsH8QFCbjf9AhwzCA52riQo3wM6uu4owThNkoRjG7WTu8rr9iHTbZKpz+M5chrh5pGLFehmNYjidr5n3IpYmDMXXdKIW8bGjgKcV/yjIc0ed9f19+rx1wNBPyl5pLJ5yXvZxFHcyPaBEqe94SY7wnm/MrCmnb5zolfIHzh9RzesOr0hOrxdTXEVG/LEEFnrtRerwBAJVDycJmJrrKzQ7+7/c4gLnrTYCK5iL2nTjhPsnDbP9OV7O60I/6Qr4FArNSKl7YFMqiL4D3O6pbxqJ/sqVQeI7r+3SGeeh+oFUbfdD2Vm+6M0qcGHZaZJAsCuMrQu0TN4Ru6OQ1iOcxLEmNZqcXBh6pb4K83bvdTCWWxgAv52Nr9Y7u+dK0FYt1B1tEUIeVED4PyfTz1bxcuyz2+HkuPKgPIZviUZQjoi93KqNo7h8cW15ba8viwNhKwtj2SE4to3pWlaBik480s1a78ziTqsY84aiX+ViQoJgH8u7I/6F7H7/kjAo/0gOAz797x/d4dpqOrPqKLj7YLdt6w+tuvQcZviR8LvIoDdvdNnUEpqA/gsLLDGmt5A9NzF15ZPB+wOj0+edFSxz7Ih3JqJapl9VUcgcoGfO/EBzBar9cfOrjs6yvb/dVnbOEjxSu1HVSj5GFKJYQaVHCu5kCAhK649Y2MJPo+XYhYA+3jRB4uZue4UrPxN62ttPbX+9vvWBoeYO4IQh0AAksxehYbPsZUWSBHmL4n5RSFSFy+wYlKfxE282u6f/g1oKWZ7H/DGyhi9fwAdnbgoJXqKbCOzYmsi4NLMRljrL3l5ISdYy2XTruCi0vTGo4WpRewHC1+/btCEDvKHYrbdAIv17Xdq0c1Zc3xrnPJBM5abHv59KKOxrd1EDdDjQtkE77e3l+lqu5IkhGo65Dayat+QMxniRwYH12BS+Bufinrr/Pgc4tZNh75KSmOzDfyAsYW1pZrVRmFFuGG3Hf19JBWgjEycRBYAznBlBYD4g3Pe1IiRBNR+1VOLrjV41HKaIjd7N907ckq+3aTOdmuOb/rQJ3OJmU4h0aIb7T2ywxkp1SvDhgqaX0M5PySDUdZG1hMDw/+jfHSGrt5ETocWz0BxJBibn0NmnyZmLU1osdmf2HzsfcV57E3jlEQqX8zhwtITtHKNwAkJdeCV3PfmhXrWgyc49BIMdSPP4zl1leaU9eQwBL9NBHDsyGzY/jNR0RuGOtr+8ofskGAAhKAV1o/flUe3TKms8PVGrQCcre4gagLmxasmRukmAy9UNXkg0eObzO9NZe42LzLq1Zse2Pd7rnXtNHToV7GYaoIh/gowXvqmzNpwMUcn+2UEtnm8aeys0X99e+iRajtOdq6tma1fFoIC0lLccutZvtR8Wg4yNd261HhKW5X38cM1Z5Jjy5OegdPqXdwjHWwJMeQuvNc9DlGqGVelNXOjjgUmSAIodIK8bWgAoLSD+HUS/RW1lKIuwYE5wZiGRwzBSdsyFtGhrSQscrCRHar7lUCzBwIuqCnINrZmi8P7MqdY7YVpfUNLKnTjQYt5bnqLFsYwbbDxd9bGMVifQjC5niu4+m4YaQY4WIMy0AcNwLY9FmucSAO1xom5VBbne4/VRciQW/kVqKHsfPIgzb5mrevMxTKdFdBDD+Z3aicUzAMbP05PI12Qlbe57xogDhmo9BOoAVKuETixKQaunWfJM9fmetmQ+i/GO/mT5wA/lgliPnX3nEQqCPYDVeX5D3mFUfwUexN8RXv7kzVb+2XfSXdkilGM11st2br8eupSbY2cVKyTq6nSewM0q8o33IavAvfxwAPA7AqwiDPen85iXuyxb5vNtf8pEIInzWrP/wNgkO5rA2bSKK/3n/56b4K9QWT+j4/arnoCaerjq+OFlxnkckJReNgQhOsL1Tjg7x/enYhVcDGljerDH7Pfg5YVY37VbZ/84UAM+S/OSky2RJt+Ed4SBLrSzf8ERoiJgr9OjEPOlJEZUe4az0TIT+4uOPDCc0C9hDixCN1q+dO9mS0/NKme8ZFU+Jb+w1dd5pioeHfKv1Bgka7qvxBM692lZAWqN5JnT5gho6rfrHKCl4oKJSahVsLBueHc4A7oKiari9+CNGwCxhPPWl6PkrzXr2Clt9Hq2D1xJh3JtH7g7g+Bep6agz6BC9ktzl3bbU4n6YOvi9Obns2HKV42/eCUhHRgHs1aIf/G/5jYhDsYIfM0IpDPybr2WPw/++N/s0ZERVWYHpHG1+amW8gQ9DvqtcDndVZ/HL1BJVRXjZ4wI6m0z4gcHPgZOkz+dYa7MFhNqK8Lf8tKfZKfORvTLBeUaqTvhVWDi3CsJKgE0S0Jxk3CQvDuPCsYB8/Rynf2cNqkl1IR2XL5gNo64cIVEUXxFlZzVem4CbCtHUJ37NV/kY4UK8wFDlC7epUgA0c+XIrofXbG4AiVUTKfCf2PJ4fagQMJY50wBMqGHD8AhzgYqvxveYMhMttUe/EyygK/6hdn9DaLvapW2yHjzPzcvMKHSFMq8nwKejDMGr1kaw45wGQGQOKlNP2IHdCHHkveXDks03MciToMhoWAcJcGyUsc6dPj+0MSrcXUmgkjtXdRNBNJxgBAt1nO1ypX/gu7S8cOMa0ZCVrKq6NfBMT54u3AhfFFezNiJzkS4BTSWZlu4gBHthsNu47b54zk2ic73Z8Lnigvk4nlZNb49qE4xxRZWqhDFZewZrfFK4rsPgCRUQBh89J8ZkU+sNikwoSaNLP9Loaelx371MCVrR50oOPg9hqbRuiC71HBTBFXbouq7iRDVNzm+FcVXpjxT68rs7hKWWMppXyEy6zg1qALEAQgGX5TWeWQxvX0Of0iLQqWCnQpH2218BWMZA0kDm4krl7yNgsJJsT33cwKBlBRkgQw6DYh0p6g2PV0/5opgd3q6CPeH/HAI0OHNnnkRMp1AA3di7JhK6zK4B2ssYhC/RGFDL8OcXXwAlp/KDHeRuSebOmT6y9zR6vwQlS9gD0qDiZ59NAmW4Ci83iNN5iI2/ZgoPy1c4y/htnqNpxSAjHkbFUcWjsGTEvtaAgSHuTjxXMF233NqQArgc5w4I0sYnkgp7DKxEQufHlY40Mg5zeC6xsXvaGJJBPJVjfF8yOhpKnxKtUUIJWjnVPfXX/umG1lbUF9zmIUzhCa4H3+yxeNV0vl2KiiR3qQySKqJtIYA6W2E2z7xJApJ/Ig2SL1AdRVuWeuYBWk19obybSA6c+hgusBpCulepXT61YPo4I+PQ+iD/JkYF/8vTwrYYi0A+SknmbKbpvuh1mx6KJB95RIr5wvF32MV4GROUiNouei7If/TegYIbTk4etrqWsEwyjaN6oth7vKNydaVtpCIU8jQK7vPsLHtmER7U4XFC3XwjxXaibRrDf/VtNTtKyahUSD407q0eHMwnXuB5LQFprDLdtCM4syTzobSZIiofFa4RkYbbvlP/5tJy5q1aBDuWOQJvs8c1H8ep34JnBw58EeJKHmAq7CXHgnJ/whLT7I910XF3TJeRMHJX9ejb8V/tzPAy1Vo08LwDD2rzGiTifY/iQK0Kn8sq1BFF4UGTQbF8jsKaiw9a1TEkSwKw7NJysdX36in/AkPjgJyzVj17e0Ahzxa3Jpw/7wiWrHc0KN/l3ALMOwrIbbqQCC3w3ijCH+ya37hCWBpMSmO9T+paQTGbcWKqotCljYwDJn6Q673GN5d14gYAEYUTWkGZDTxOMXdmQK/YOEPPP6BRIfB0HJ/uoDHBQ/nw+4CHsYuIKkubJ/YvkPjzyC1lEovLQGCi39bWDqc/uhzH0ibknJ797sP9AgDqdNIMnXpNDs2YtSqYo8t07+PmMnHtFw2zMBUSpvaT3VsocS+KNNFmFEzDIsQGsdWG220a2lIG0b9E9qNmlq0a44EhUvmkvd9NrBjyR9+8waojvWagIeOGl+GtlxMDhgVrWLOwN0w3zJgpofHI7sl/4Y4mB6o3npQnrgzHJkBxdKpq41IdM8jrx5EVw0V6Pajyzss+ajx4IN9v2kXGuNFTeV8hn7lllNGU257XY25QIoHkfHprvduWWCUH7q4vBVo0wT0frtYtQzzCe4GwxoNcJAfcS8+Y9MZxv69FZMY1NYZQj5iqhodx8X+VjMGbIbuJrvkMiUzQbYWPT8y55kzzXTwKHtd82Qo+2qXufymF3IMy8JS/NRXHu+MmzXH70TNjDeVwIvRkbiEzSoW/5QMGaZL4/vw71C0qaWp+DROm1wKAtKUBeFWYS5DraSDEaHRSPemGNZ3R6D+SVXH6gyNr6Dcqk4OlTrbcJmcEWGGG9tUXktcS2BwRqbzk4VtrMmBAx89tMsCuC3J9AQuOEWkxYpPdV5FMHRmqcdwYEyj4awxv4msXCLzKeUDtj6SCLJPJud7RXg/jG8MMsiGC9SECdjvytBHRPoh+iMsoGgoFY2gUVvBYT8datOsMw27Tx29UXDw+xSAvVpXxoDBIJ0SIDvT6MguUHx33OfFfMcoGcw2cuXgOo05+btT+/i7uwH/ZzhxcOeIIyajt9dpdYNqSsR8jg3XlmGpMK9yb8nMN7OwVwM6xV9HOgiB5CFEI68U+X54YPOrCGaCR27sD2zPxJH0WrmVBePGrz3c9v/Vgoy/EI9Tu9x9JGm2dX4UF9FJGUb9mEDrty11041/XaO+Ncus35TpjUXX6ZK/BRsBZs6LY0KjVnE7vxqKT3nnbkex/iLEeIj5jYNbEKTGgUCazXF4wYZP52jy1tJ7yGu8V5odzwjd3S9B42JiMiRukuzDzcjWlbmBKa3Vodd3a+VrU3mzFY981PbbtvURpGCvcdk0IFe+gLPFB0/5Jn+prWkhjFXnRQ6sHzekjupxFr5xVcJTvJjOO+egP8TWX5AMbinQzSKuk5vIal/GgVvqxxOZw2s6MHM1mGUUpsz1ho1DuHvHhNc3N8B+D/i2aaLoqGkBOWnWW9hVc4pFIhsrc7+2qRim3ioSJRV++J+al7I3W/ihZm4aLAqjji+cv/y1tihV3Qt3wps1YuINdy92UtSr3biEh5iW66WQPrCwTqQxSKSMT6LQWNGnUQHEM+nyJBo2MorXGCe1hsidfPCfMeQO14OECxOyhAhYcPiLio8pjOu54TcY+BzUKkmbhTrbBlouNzZgWSgPRjtsW8WtOnYW3b+xV235/Xs3RfYrcVLGRnv+xGFDCrzRrR+YNSscV+tADqUZh4fVXEDCIexd12QFcz2Y6XsLS5YxDrrzFQgQA2OhSKPI+YyaYvMWj7zvYyLaHuHHWA5TAPotqeC1fiRRk+ve3rgC/52bjR/JfOKuAU7mm5QBRnx1WFbJWBZgi05Qur8cocM9ZHRo1sSCcuOyapjZn5TvEkAOkcKS0K8QVjWm2SK4LSjwbC6tPoSH9SzzJ8vynvgjabcvthF0rZNeuFula9wcVKgi+HS4Ku/obAZzP7X5GC4eVj0ySIW20fxl0F97UOBfzhdpmv65tUzYHCuEsqipSuzZCNbBAJQW705/Vrr6By3mWiQuAMty3yphh6erPco+cy9uIJw0Pn9/sn58ywU+RMsWsi3FSQSkOaF9u89TSEz0WLREbwJj5w6BfN94ty1PCwDv4busInmBkej1SvG3PX1HkgwYBVAFiXZ7y+B4kY8yTpYcSOgc2BO2Wi05syMwaq6PFBTxR1vvgIfPOB1oqegcKEc+LUPFbOTJDFzTRPjEyC3qh6XiR3jGxS5MTaIrlE11TBQx+KyXtXUK6dxAy2kbaUc298/VVT0xuQL1FdpZpHCGIMVXjB4S8o0gQLVOZVTctGGM9eY1kbo5N5zx1bUs9od01kJr0YXzI+0yIXHzIFFbBM/FJ4hOzewLoT7ze2fGF6eU7/FavxY+HfxPSG2M09wmT1t/vDhGI6IAQ7Pdqkyk0XySTmDB12LdwKpOFBBIwn6nMCUtQs+uf1c4UytVJ9mHXUua/vGkNimpL7S0QmIykut7X3tf7J9rhbSlLxKm5TBFVcBaA9GbNDnn1ZDmd8NlHHzIZicOv+jpFzOQZ8rsIIqnLlhR0/PUcwi5nKC5PGRPN9ngOpW+liVSLl/Ol/36AL2wD76OohbmTs+6hWRzia9DIo06kq3QFzoNdvitOYkkefxJ0Sjz77vykT/rucxE+jxO9Ke2x/fT9LwmGetuK3dcIUVyT38+pv6U2bwqc1WCpfMJt3RjIRrf3khD66lQx+oHIm0V6VdjvVi76i8Tf9MFWgXCGxONKPCPxw4NBHFWjdVa/5w+aA+xE1q7qUh46gwux733jbk+mhqSEM57fvGfNE6yAJQFiLquqhw3YhAS7LFfScNqxTrR6Ub+9QK6Puz4Hw2BDgzBXx7yMYBPo1eyfq4gtktB5RPB6ZX4sgwgU6q5e0HXe9bH3ev6WoL6d7SCfI42k/Dgx/TGkkZfdX5+G6rkFuQ3TH7B63aqKQKxRcQ2WmHPwmLMlD8r0s3mhEdCH2kTZRSdEfvxkbqSVfhnLRv6Sn48Q365onfqZBTwbBP6cigx9k0JGB9NhFn1ETPY1lGN3gmKs17P0NqwJZTI0j68EHno9iJHvlrHTlYjcMOdmrZJGOlC86hyYbeQy8733esN9fMqGd6EGhaUPUvLqJ8ovbKbpvbYqUkgvZ2xM3f+Dsrnl5ZqRzOxVHrEpT7Wa6bJqZPuB0Y94P5Af+yGv4mIdRlkWxCBOSanjjr6abGWKpIsGC1/YGDznCrvfRnPD5WCl0yVmvGHiFQ835bWX2tN4dNEx8H08PDss7YVTxsUNX7fs2XRiFa9YNGQ8EkXw3txLTd4ltIsy2TZEX3vFzaqH+o+GvIFaYe13iOJ+/xJDWgTuZZERvcFL5aQwyWBJGneyFEsPjZQTlzgUMMwq/en9VV0u2fV8Q5XcZ5nO1pbw0bvWvClg+r8RWrnBXjX4PoVzf/RE7ieixP48twGM2FzMpUrrUcoCmh6h8yZ/vy1ePrzJ2/ui6aXMqaU5JCj28yJOdf40C6Ln88uIN4yH8S8cZJxkZkchTCC2K0qIOArm5v5mtUrjAII75UFv2kl+AT8PqeM4/e54hZdsoEBpqK5XA/EgUN2usTnrYFUbAMBJkxRoU9qo+lIYg/cjG4/038FD9wKIzlvvAvXE8mURw2Keh1X/lsS6Cpq9PGAc3uz3cbRb7IwmO/cQ63VMSuR8RXWxWmnMe1C0Q3SucvvxnTKitXUjZxpgZ9fJNW7lOcTrR8+iihNx1os1UR+uMTbiVB35J/7i+qFExoM1zVVcSloRW4/QRV7TZ+5V8YLXLgNjKO3N8D8q68+NSEibM7AeBysUbJjaaRiMYSBTuA+ahJJZ3HhITqFpKyRIvVt9zgIsjXLD2w79qvrIau3RQjTh2PlmHg7C9CPTa9Qeaz0Esy+Jgj+DQ8KE+36WHjNLIU3qHXV608+TRWW/6C0nEcjoVgx/ewpNfXSbYKPpZ7i9mujO8UlOveBYAV3UqowxeBKNgMeE6+cnRBS18WgdKXrsjwognVWxn9btgElwB5rTcvF6iDoRFjs1QKc+MMd/xRm3ID3UKYSncKdGWZ48eCOWQNqk/MQLZ1BlEXuZoQaarPRPT+YCGd3i0ri2O5GMylI/ZzMY2x632rTimNB0Ya06i+BCR/l0pRGfEH3w6H73n6/Q8FTz68GvqSIMrgvv9OBk5/8T1dprnaWgznqQuzRYPA1LdOabzkUjQNXiMykcoiIbxZcDUpuk5sZYxE9+ceWleURHBPkpMfEmdTxskQSPzJNhQDHeTy/8yvlF7BpHMhoy2pSeQa5I2DBWCD8iEYe5+3wCZPYEgpyz8Wlqjs0RjkWwwNqTO3ta5rfabfV7nwd1b3kvRB2dQj2h3QVLy5+kqpk07Gj3nBv4oGxFaWxu3OE1dNjNZIUMWshb0axrWlMi25md/9DGbYxny6WA1PMEk98yBYPpi5wq/na1XbIZgVviPXJDdV6Sr+iMTNJpi8wjEKPn9aBLXzZGH9v4+7IuqaZ34yCHnuk3rqwwLZlFMemp5KHvPKVnfc+JKH0XyaRIjHz4oUmUjV0UGvRDglpJfondWYXrwkZnuXFev+2GE2iMMPoli0T2fSoJkpHUBw7q5vuhpRarBMxZPBjRTZLEfPEquyqEg6TBSC04cxznimTM9wF6yh4ra8SoP7S76ll/RviAGTGyTzP4O8wSjccsz7/aRFHGFETI/coKZsSAf76rHCXeZtRihOmMi47TM7l/kljq3m0gSkAklLARvmBpIUavoqojkQyKp4NCDYfkgQkzkFZeAURlVVeyEu1FcCMBhtfJlWg+pTAatPoAcoryWG4j80EVEvst9LTtGUvWqS5u5GrJxxongUKfE/0C+NArBdSz78mAVYlrWfcsUqRwq8i6aogkHGv+wrkdh9yQnozucDw0NoY6pvIoPuLPr1vDeBM9kpdGI1qnOBHQkPJ3LBiknKMTGGZACyzHkCCCpN7QTlH5uBkGXaY5yQ7YHkD1FnDZEhyUl81kF8Qa9kUmE9MtR1PG7dn9dXdlOowsXTqf7wvTkgbHWqj/iF4YIFI25pdgej9Wi7U7T3BdqbAKJ0HL38yhGtUT0HgTOzNVf7tO+Ao+mHw7MdByhYgNw5Eff49MikBJYDpFL7BeK7slRzy/cRBvDTGPFavX9Ps7+OSKi88DDQ2YtLkbe47X3P8MJYya67/UmWohDDg/zceQv55aQjhtm1UAuy1XIMG0Dcpj7lD1okGc96uQBi8heuOXbmLJWC9dBNqyTzlLMlY3tDjocRmAlnd9PoLPPi8sYnPPzyK4YNGsI2GskRUqC70cwDm7QeOa8zsF5tD5jN3IdhAzGXDDpfMTPB2l1wYgU2q3UF5XhCoT0RbB/y8gRTJEs2sB+gDsFF8x9OK/QCOixOQD4ZXWSFmCeVRtCGvO6K6OBsP/TnYCtZCMNNDkfjKtsRVJtsnbNSheqm7CSR7iZxbxkXvu40N33dou9x/XkV4XD6qx4jNw+vHyYXa2JNVpj071HejDv9WxMx/TtcNwW0R1agyccfLt2U33zl0R9sfTFnaLE6PKiYAWiGXSHpjH0uhY7e29x9tnTCyJlgpI6JXnBbFhCiYObGQfaPDL76M7AdF3Ex3ZA3xLQT6NFh5E424hNv0CFIkYKAj87m0IfjNItQrmOSz3epOkzt/tRhNvgRts+k2QsPIV/HznpTvSvRlycxL8MRjH0G7EM3IFMUJn4ApQdvcuZv+4tp0Ki73PCFtXlDYFMDfx7/vIIyTdnr858JbJbPLSQGFcRlZeXi0U5HMl7KBnNxtyb+Ei0SlpixlS/jl05vc6KGbbh8Pmm676fr5fj/H+0vcfS40xzNXg1WkoBQwDEEt57j80EQHjvCHf1P4rdrz5pNKHNzDyLjiYIwlRlZZ6TrsbcI7mwzy7WvJ65yHR+X94RztWMjRSPBS9ZjvHhLDz7icuCqH8ZWq9bQW1KNO7ea0e/8cyR6C3OJJoGI9fbFFH+6ZI0fbX7o8S5GOOfga5Hhg9AgVTPFc2j9L7t+x5i/hCx5bGk1WPPq5SysQfkaxuxZPzKoXjMlXCxcJ8zsXMXIlmHpFGq/9u5I3psROoh9qYGX6joVwSeOWd+mahRiZ9X48iE+iWAXzSh359UTr53hu1pj9dCRCDWSrkPAQ+H+cAmB1K+FkiZoMNBdJ3d3BbifciWERnZ51l3XoD89s+sM3Nob316FDWfwXCO7mkmXWE4y3KU/dT0nS00MxplXoKaajt/0wXhFxIJotbwt+Bvl+/kxZ6pj8aXV3w0j3K2HNFlvDiP8AYR2jK54Xfg6PabzWUPf//tVUKXpUR/7UmAN+cqhQgek0Mj3+Hqv3kM7FDyjdFwvAzMtF0GFb8XyHjrV7YsL7J0DiDBM23SuQ9l36VlNuvMsDdqxiBGz5aj6cGfNwrPZesfw0pSGejgMl0jJO3ShWhKaSUoHDFv/f45gkngmnLfzftPTQj7CCSbly99SqZ+ya7M19JzC7xnfI+71B3FG9tPo4JI3RhbpPYJ0Pc2pT5nDsTb0NhEljiKpg77ELftoht/xlVMwxZDYI/11DgCM8ZsQi76QZhrIffHQvVMh+XhY3RumGK287ICbu0QP6ZsQE4sHguP4Do5Ck2CDipznuHixp2FxJyAa5Hn9ybY3PIZecNAMzXlsGyIkUyhP/QbPh6Ytc935Xg7rUjSNpgPtPhTlyowed1z8JleSKkwEJ+C7Tq+71wh76B1TMhW4zYuaL6FNywpdTHU6yV+heY/VUeTJr1UJK+ASo9bIhzb+6FraornDoAlmWi1C8zku1Z24gH6D+ABiAt7XkEPazMn7B7EFiK3O6sqrMW1D+b+OpmE9q5H9/FZbWYm4guTN2ZwJptVGv0n3ong5Il+MSc1ZFfrNXItcW1Gi3BX6GxmP5q/rgZfKm0EW0ftVOA/1Rw0C23BLqDndI7dH/F7MMoc6VPTj/zzPu/u+GDW/KzEZ5bphE3uVHXh0f789RLvwM3IR5tvrv1XIO8euBVN71F8R5y6bHgYVi0fr/xvOoNU2r9OSKrLGE1fLlFg7VE6bMnD53F9ZwjGR7/eas4cvHfoSLDxJ0mlzFP+9MPgIgcSkI70Uc1+BvyDKvzojFFW6LvI+lRpMJbXxiXc+iK88ozUwSzJpYDAmdfbFz9VeICaQIkuW60/hH3y5UjBk5u3tgLJLzTHYQnxdubMOm7uwhW85GdxH23Id18HFisPmp/RHabpV6305jQqTZFjyjFRFR1yFMSbIomlHFKbpHb+r7Y4P+v4Clbdmh7I8CFTwraQB1XD3Cqn8ZEXwnCL0f0SLNVncoZcRvydjVySn8jqxAHft7LJuKhpLfIoP5YY5KAo/mK61Vd+DIK8d0RgMOv5cnTlZdcNcjoohf+qT3KOy8yNCi7yGJ01UBjAuyweD7fo9R6yyZ6DI1Zz61uF8N8dAgK8WZtmQlwIfWjXe/AES1RCXPhTpdtTE7mL8a8DgGI03onvJe7UGgbRhyNyj9zdCLVwAh2g49f8xdPKLPY3AE2BN2rLXhYOXKY0XLaWqCs4He6zSrzhHsXQQnWtzceLaw3d8vUtGpqlchj9cL9CQriZyDPaptFidObAA7z7Wl3vwbj6txjAHlFylGTx+tvtR6FTepvwozD1/lFo+OHpOBgACNLIgraktSSQF7c4cnKEpR7tQEnu3jK/rZXQVpHRrcEzdfzhZDMtOvcMar/CW05GS9dnjOkeAyAw1jVlzgB0Hlx9v84YxOo71aOtUScjSGFkVaI2CPqCiqnBk3Aei6aLVmYvAQ2uAi9fszl4nXkf4IXMmh0YFV6VjW3KGKsYyiXMSaRvA/ExF55gY+EsQZPBHl/9vT2o7lfjI9d8qerS8W21LaNgZBjxcxqxRwN9nWINlZRJe+w72/64uRTfplXKhv1n3V+bYGGpGNYFy1m1J0ks+i1d/1so3tZH8d6HL6ZcK0qEYoc2ioeP+XdiP8KLrfq0TKO5BYgwNtKyz7DnV6UFuuVAkYggZNTOfBXUvtJH0NL/xA4Ly1YZkXbPEndFZtsev4u+fe3RmF7uZMzTHBCZcSjMh0RIWnutjfyrdqfkEUc94oIQdusIMdrfEvpd41RxyIeP/pl5tmIPJ1FhjT4fa70Ue2OtL1twHGSxNUe6AkyasrEvzRxPi530w1Vvx3dhksALwm6zMx99sj4PYM/E51I+PeiK4f66iHd4WFmo5jE0H49y5oYXlpPHTCQ4yeCKc5POG89JDsSuKYauLceCT42+BxxPx6+yoelbawx61dMbjqH6kqGzBJ7Y08PY8H024/H6mEhtv4dF1rtqUqLwE0ASzBndSo5hkC3hlxKrrHuk+P5gRlZDCya/mHe6LUJifHVs0/rznEKQVEdwVrE+iCS/Ea9aZJ78hNoZ7CrCUNey3mWt3FgqdY9oFe+0SIJGPzxMBpya8CvID5FtTwP07h8TPXMtncO4k23XBZFekiNg1YInj19o2w+dBHqxtNvk6twszbe7IRe1UhNBeb/Nfn6b5AJnIPBEEuFAVMPt5HU7gRhwVWSZ+33jSi7c73K5s/oVUDzot8hMtMpLAoK2td8VJRL1wwLu5A6bbFVQLq5YTKFbNxJMmCZSLq3CVvzSssACZGTV4QjBgQZSW4pP4z3YOM7Zw+bX768bUNz66WPdEZJzpVQXCA7aThozQ01+DGX1YQ/Qj1C8MtnmeO8lf/bwjX2YwOQdhFuw9Ywm6/QnzEzmiX1g1RRuV5khPvDQ32B8tlhazXc77KawedTXhRX+aO+2pPIYsuMlWDEeSrQh9mega+xyAyClAP90Z3R6VT+2oBeVjJtqNsueW/Z7/KCGOxaexXsHxFe+O+6KcSBlwC++GuLDoR4urIuvezBRgiDIJd0/Gp2tX29a21ILkDpKA3ZoyY53sMwE6er4grzfbrdhMdCravDxyCa64vHdLG8kOQeUb/Vs6+1q2zM+75v1mxGv/ts/aCDSt4fsh+c+bFPwlSfSh7VXLVdfFn6dF/2fVc0Js21kZzhQXS1pQSf56/XeZu56lv30QWKXd3mv9h+Mk6yWD/3dMzagtg0T3sa9urTebDuqvPNI4uizPgNL4QIh20dUkLiplc6EpY/W0IJHbz1XMhRLtnDj+Xkvd0WNtMGAGqaatAbkZZqHF/a+lR81r7UwsXIHfrQ9N/8yZZAF38BWK6lmKw+MkHQR+bxomsU2Q5UC1IuVionnuVZojsy1hk7xWPDBzksAj1CRDenMRsXHZG9bWUdXoJMNogAiErEoMoH88mzvIbCtGi3yWP4ZtAaB3zGI2hgkOiHcy9koHVtWPAm3gbgwalgC5H1DpniuQQSl+/dXBgs5j91OVwwSJDKdECTyeTNCtCoxJPy9BQzfizEb6l/E2L44ylxg/x8dgM0uZ6z3FTdoiOftUfOv8iNl47AzH92E/u4zahyczrMNIHY4Wq4yk/9C0w3eZCEmhnyPDFkxQ1ls8v0jpN79oTs+1+n2pPk/ffxWeaWpPR5UqBO2U8kiSPHYQrT50qAsEJ9NPeMOAzz/nk1MvPio0JWZI+tfx3pbpKUiTzyE5kpDsz3Aj6sceDfHbzxPwVRPDzJlqPZde3Yqh/TQZ2LQI6wYbk4g3EExIiPTrOnDsI0HPQ3j+sYcZScKi95M3wiQsjPb0ODo5OJg12UexLwGIND8DeL4ShrR1JFWyOMPebEPXP11/oGZoKL85YCL75pjD/sEWwhb3Y5KpnqCZGU12WjIrzRYQVgogGpgAj6DylhQaUrDn26WnpRTVS/pl9AsxTbt6HJUi8oVbUQ+9rQIiKKpT+vbG0WU1h8UNOfYh0P5dQ8THVpxNt12QnUGMQ+eI02X8ORP/t1GE2MZmibMyHVuYWhZgUle0Cu9mKBsg23QKsWTIHbN3B7B9NMsddA9Hu+KB/F8ZWqYRWtafqA8E512ldkggESSPmUqLN+cHmqXEtxIv3UThbY8umDk99Zixhpti3+FVPuI2fFYe/RTK1NOka+MRYR54jjlW73oqz3ih+Afk24/CNJkjj5fDJ8X+U3lQYCivdcC4vMbCvLPJIYgb82h0z1Sxa3P3uo+NdLDLw63UyzhhN9w9LDWfnm+g79LUOmAVBmw4fzTg64tH+p3oUleVhSdJM0S5dR7sgQC9Ru4c98HsaHEOS+ZGc7JijR/0WKxXnzwkLjXcq3sRJQ8YDjMacPm4CZ96zPVxgbv7s1N5ZvGnENHv7vAKrMYcYiZKLcDJ9/F8slleU0+GUvTb09aib6pakr4pJe2CqvjGn1X6fNA61QIoJYk67wSm3KNRDM09UMyH2F4aYTjK/qzYTzYP0nKLnrYI5xTvvrF399QJXzNI4a3mYdaxsUmXN0p/9iWQJB66LvzovntWMLhtm9s3+yUPgaS0x0vfpaBYn7wDPQYNqMwP0SzQzKuloLLM04mnBpzdmeo24+kl7H2BvbXL5H5uRkRESBARBML3C1GgXnWLHFZ7r9ojbNBl8c3Gq3da5W+rxYmtF4p9kXB9wUbjIfFgcWRQA25zEVDwgUWW6Rxf+/gJlU907ZXITYneUSq3nNf0E9vhayIKrPkmkntMdDNK+xVFr2+vcDuwwLje/P6GpzgKyeOoVO19jqP0RbogvmSFLrybpPXIxtPuMvX+xKX7m/hX/z2rZhnLV5pjBSdbjgnKF6aDGddZVAL2Htpfj+cBTN8OV01GfhLBz0YO+NEzHIOuX7FJYRUTki+exvD0PSMd/TGximz/lRZ3Wne+qXZ+iR9Se2J3Norfex8ptitAfrMiWU156yKpYstMSBe/64q3b12lCxA4KTGm1Hs9Ea9kYgfth4PwuzEEm9e9bymKr1+Ealhw9kMLkeBXp3lLIkypoY2LPbvldLP7DOA7KXw8NQ9l+sURSJB5SuC/iWZVyy+JNWzpoOeHvnmY4H+LxxVjdEWrBoyzOti+9gluuDZwCvle4aJH+esRCNGuYYxKPqgDUpdGZ4SyrKhOKusKUaybInyKT8S/DIaqVnT7uEbRZfATTKSJSAij46gaPboCMLfoeRekHn57jnvDzzxXkYHu9JKyj2vs+u7pgcMb8yqD2/i+3nsCNgf2rIQi2HQUz8i3n1WAT6tmBJ8Pj45ZmkeirziA9RnDG9yiAPf6++A1EYRBdEBXex/vgZal53jFd8kJR1HJbHVIBDBuDMO2Ljshg1+A2bVwSAVkTadTshlXVTnIxtIKPvyCu+u+mJvN6/SkbjbO2KpsvSclmYugRUxVg+pvCrzykdlEI1bPv1L6Wbj8Ijz0/nhLVy6HYuEED8S/pgB2aHKmJCrh8vcPVJPraYxigGNxpwxGPPJe0Tng8LSPz1k2Sf+MV96DLf2cQky2N26e56/FTRZ4HmxX6LqFBoiys8ZscNZDXl3xIUG+FdcJHdHatp6sm8L7QaRD9O1erTNj8sAVm3h3rWuLh/imf8ITLwk968j+eRbRfLLaPtEiAeekj8y9EVZAyfznQbjVEqHJEk89Sqzu+aWHLHe5aMS/TRkvpIIJXvr446FTEgmSe43EoPUED5bHdJy81UYjoDi68Ae0Lyoyed5mb41wVx9Yc1GMxORw2AHWEWuFou9yDZiRzKCI2UY7I+rN6Legbo4emIT6mQLm6dGpnxI7dqg3oNSDjdyh+L6DnIR4zpB36NBDkKoyMqVA/9oxfbJCJ6/46hSJ8TPVTtcYzr8eHYi1V+gqot2LHm4stDti18oOq+U4Rbk7kPul9+CINwgpLjjOYHoP8CQjcfKyO3vhINUfs1+03PV7NPi3mh4KIY8nfLl6Uap1DAEf5gI00BgaOgL5u5weoCbWjvx8fXovtW9JGjZQGJLktc29rD39tATvIZfKGYKEgF2Q2/s9k1dPdObBeWHAEuWrxc6zX5pNHATlvwCItqc9mV5kOvhP9PG5vXoEI+6Vt7pZ4Adm3qZ7LleORW7VcoPpTBJNM1EwzOUpG9rb6KTA+jNrxh82sDEpu/fjmqqC70MtsSMYDAIpdX5FSQftknzzBCp7aqkUZm4zNjBL7/KBMFsX0gz23MssLj+KsG32HTlBhQYnx79XYNY1YggcbJHp/J1CcAfyDK508u6jhsqseekGoBJMI+UejPjlhGHMvdJGI/XlEYxkg2wX0NjLWbYVzGI16jaChnu1Csd4AUyqoL601lvvRFpKWbADTtYEpmp6pRO0CBsoTlnB0Nmvv7oilt3Igejo60C2FMlWu5aHboiHuMvWBbooOfgI+tvZnTnDYECdms1fQPXbwjILYWLoEzGXwLYpQ5Cy3K1fu0Jy++y2PMrlH99tUFdtF+xvIZHs2h3S8k37pUnhWCxW6tTpDpmv8wWdAPI4dWEOEK+zLGmNDMqU3asSo0+qFENDnLIoMlA9jLQQL3Sp5HEmRQBi8SDOkdVgQ+1/JDN+AGPGf7ObWPmXjhWJzy33EU11WOIBCxkAKk2MYy+r4/oAhhGy/oRrBQ6D1O29ImihmmxkD0ZYICu2F9pTMnm04ygIG6g/sAoFEVhvelMJ4UiLX7gGMeZtWEJr/Wboq3c6mnxzjqSNpO8sRkKPRqLB+UyESmu0jER7JYN1Nsuir3jr1z7pBIiW6rGfdpdbj6+cct6QakujHFlKsL05RhaeLDFHUfdO7rFaUTjy3Yc0RWXShAOk6qhtnqXApIbDKJqU5pCg6bBKHcyJLoiY2vHNcJqWDATkitQeg1RDS047G0sI8zKPYn5b2p94fWbT6WHiwNOlJ5AQ9wbbwLWCYKBydchLctt6/J+pEpjFtuwWFdd+IApWn44t+Z6YTIT7CDF7iai3ov1jxrfS+4KBTSf4VC3pSGEMCwIj11xZtdCHJZVjyQf8mYJvw000Dv16Pb8MpZ91G4xyODVv+yg4BJR4hRGK4Xgw8gu9npf9vu4RyymHrUL/EppMZEV6XlkiVHjr9ODckvJaHHWLBtUKv+2axenV85VqfpmMMwZJBxLyAIrtuHzp007vbtTGCFv/fWAj87aQ4LQxG4tQFWBFl1fhqEtJhI/zCCzlwBV+itTXGZxGqFajIe54nE/83WIfuvpsXiiBva8xNX3oyde2TO8XKoOoY+i8zuWuG3CCPUD42vy5bfu9Swfza39F1qU4qoDvP4QZ1ASuKnfjK81KaOG2Iiihy5LTQU21H3wgl2DBLP3PvA3RH6pagNqqkzCPy+j8gwqLmwxbS20BnuGtwgWFxvdINF63elnB8UbbHW8wx4V5tpz9umSp0GE5JTl8SFFgg+RYDvePOAtLMml37FRX8HW8FxWq0ALh0uTpPH1R5383Q1qhgtIVN+oAAr3te1NfFM3e/OTG3lgZz8bl2y4WOEJfwUSSmxiAPSKgLRWRmX84r+lnGaUP2mXCK6wk0Ep8pae2BuJlgDKZbCbO39vG8EywdHlE5Kc/6WnG3BXHwP92/F7kn8NdZhp08afX0o89GxODh6N8U30Ea5tlMhs654ALSpofTxQJwAdc+Hq+RYVd4Kc4exRguS2MuyAErgSkzF9PKz8fXZM6Xy5mtkXUj2+9IdmljWc2jZNPbltyd/W6ttZ5ic1Bv7LhYf19dmUHspieX8D/6ArG0bywMu84h5OuVXQt0zK7Lp/JZuv76NLHy4xrKcs7YFWP+pfmj6npA8tCfxXH70oc1r7+6y6h3JBhfJiij/2+mGFdXJUX1gGvbEZb77xw7ka30UeVHIsqAF8lGh/tsF95QMxgKfhe2oO5eQUFwAkEQhWvhDpK+0dagtVqLjfuDnY1+7YcDnRI0EJby2riS41+D9kdk4fDW8l1CePYeoBUOHyJ/j1fv5Ggl0DQkExhj1xkmneF9Ged59Prbf2IDJDyJC+SCgTbrDMZe1UMEe1Y8w73OE6ESNa/jQLSp3uLlRhK3r70TcLxuBB7+KoWvW3Ct3Uvn1U6pmq71zjtrBdNr7rq4FGLbB2dwhMK6knYKIRT0cNCL+heZQw/rPvLxbTE2f75RsueAd8734WmbEKpEa2RpOuZGlg6Eo48oF9W6iXFirIj6g9r4WgSeAsS6DEsrhAfnCuIzRudGiL96GJv7k0y+slw7KKscQHRLVqQXBQTRccpuE6mV9YK8nGcMDJFro/Ex4WtWsPquRSL5jgXgxz5SLA2zyOGVa7I8Ejq8PUl14yydQ53C/D5N/U5gw4dzGgHo0wnU+T0ydPb4j6SaFL2sYZCk3gkhJ2nuBWJ8HKD12/tzmQ2MICmCfoQMflSWbOylBc3xWinS0ZTPRPdRvwcpLGtm4Y0BkOLpEJOMUhGyl6NsaGBNhGBW/6X8OY9dfdn7geVltWNpw7VatqY8YPhk+JHdlFqQidtFQ+4IfYXSiTl6phJb70bJR7oJoeGNwuE4z3iSIL7NxI5xnalY6LAp/4pS1QH8EUMxBeu2IC/KYbJmbD6Bjm4vzStdqtHhqmXxgrqg+zHkDGq6DoG4t7oHh4bF4Xwot4vnNn8TakVQMbxnHQL73dTPaHoLRYvlnIo+SbVp9b4mIOCe+1tIZuC1k4EAoNBeqFb7jBvuKB1t5kk1O2wDnML2NIdHMnpx/++xlS3IW6UZ9KuG/JDATMMuHdvqvllS+XilttcGXziDFnwZGxFA6bMNWZpci0l9WKGHxEM1AYJ1JjzPQkcNMSr1cqyh34Y1oLWU6wa/TygB8+1iOjRxUyzrN4lp+qRMOVs8bwC6rMMFhhgV6edyG8T0xi1bubX3mrh+4C5tEZxamq4nWOIFd6kPN+UIEO9NegqecfwBMutuJBSM1RxtQOsUct9xsHK4B62HoBx4nbbqWK9tmK0JfCXVDf6tW0h4yraJgeRP0qJVln0ZjpbHkJv4dWVjxcTQBiXFK0ymXp0cYf+5cQgCPN+9Uvrx2KbEPFa2M34CAjJIlb4i/ljYENZRG2eNeV2aGRaqv08OutwLIydYl0rXdQxVF0GBN9z2oCnevob7U+5wy/rbNRRtyVZJbxnESkx2L5rbZFbS8/uMd9EV6prrJMPxLkGoRmh/GrxDPXf4V4yvX8HjTgtwAfES9Z+Txy+eElf0VPc0ll7g9yGlBpPg145Ovzkt5aUD7P204+AeMsY2OmVbdupVlf2Q23UohLIaIt4rFvV4J2hxREZSs95/18khO5trT8YOtjEDKrkPlTxOq/WQigbz0MIzISr91b+9uLB7cTLfEAbAjawKoQQSZbfDi+2JTZFVt/E9l79BMAOrhXnibiLcyzck/QiEUQM4f5w5a9+soKjMI7XdoziXGjjQoPEDHDs80yDreXYsqNYXXt9WYwNS3lrQcBc3RJHY7RjMQVeHSavmm/22q2NCqYhepE5aQyPMoe+eB5Ee2UXrbMD0+NXFsx9jj4tKpY34stn5X06DH70qBDtDjvexUdu4sTRIowVz6EnKYgy73gwK8VNJKUbJL5BVTlU58W5O7cphvdEUgY8McjPIheeatx3FDHgznLkqNsmlagu3xVtb+7cBu+jkvqZYfGTaczSgjmLBUFqF0vD4phZFuS+EBj/JFoFp5D4cblKZtb8LxMpGtikgod5Hl826AVLe8w6vl6O3Lh62owFQ1r9FEpiSNJwTbrthm15zqkSmB3KukZ6JPic1NhG5b0SlfCcV96hmekisCw3sNUgfvTNmfRfmN98KOTW9mh8FhI2co+zRGv0DvO1bG1QPD/GRiVYig/0BSIQrFk5AA/PAHhu4pH5tBGTMmtjfKT7JFa+TPTMMt/H5vkqm8BcFY9qdPPydAwu/bex8Wa0SzxyHpwW71aHOW/jsVy/ZaiCgWnmOzRz28GsV9wj9v9TNpv+IEE7St6HuW5fPuwfB7FX+/cTP+4n+kwnOr3xT8XFGXJ8l6HrSIy9liz+EUCyxy/QdAclfHoGaCy0dwvK7dXYdTYo1nKVpFrGg9T+lYNGKG29tCtKd1zc6vUi/0zoloZ3kzva8+EG7ulI2sMWC9AqAzrWyB/FTsVdiA5cIOolWdB+QhKU+ntRpHifC+LeSyH6xnEwxzAOc/0i/RjpDKiUrXIKQROn0/N2n0io+3oYB82AE+GXoQgKm+u8GH/8eVZOPcp+yyaIscBLJMUnfmR+IfX61+15SViPbJVGlS7Ue3yOV2hOGqDMS1SA7loGGEca0mcso5d17iUnlFeiSi/XYjU5LORuJ8sa9RG0+dVlGukXvoBYLCb2D6VlvZVDx2rvAvh3NNndVwPkOCYkqUkU2zuF2n07lIUyluK/Y6rqZ0hHmGJoKGlGITqGvF85Q3YvkJhwI0oiukOxymxjPRiwwQRlF6hj7L8SAiFyTTwX21NxDgnOb6v6sVxfC2XtCp0HybNhpWzf7n72K0t6Ph9BCMnP0KvgRkDHpyKYnLDdNWLOWjody6/l4axzWU55smtDNFJU5LQMUxVhdIM5fkItmzMmouMP82HliMSOEF57gseFjwTt8bPM538yHxooPcVDZqlhG1XWxa1UqNpIepHyT7jlREWrH/egUn2D4jvPHdMD7ZZPs+M0B3VjhFYQL9y2etTgZXMeAmbguem4k/fEKnwvNex2CVD51Y5RvElzrCQSheNo/GtCuGll7IqJtDD9y2GfrTec8nbJfArL4/HHlqZHyG4aUmvwoEX5PyEPDnF39P6ze+LqruqMP/wmz3W67MTPeHF7zTjiIVgVt5n5djyZTxvbCigwlLl9NqgKGXjvBKpnzmAp9tAS0+q+dejdFsvuCSrLdAZTlZTvLE1ycSgLh9NY5ympKk49vmG/0SLfpsQLSIYVZA9uI9fY8OWrmWfIRkks4HINI6o4+SpUZCY6pWL30/4WA1GSYOHC9SrIz06qAIu1xkq21Zyv9VQmPeblMJkgH663DwkBM138VkmnF0JVn5DyvDGYI6otOsBPiGJGHEFMarNSKtJQLgPyln7ATTlpkVOJRfJLm1Prnl8Z/Rf9sUlHuAtClnEiQ0h7uSOrIoH+hnogcBuWv2m12b4oxhe4sFxWO1TPx7zS10uYc5r/AiVebfFHpamKOozHx4r0IWpBVEMpf7bQ7QSoamyt+DDw89YUeSZndegQQP6YBjx6DiBy/wYKoSX8ZIqOhpAPZB73hoZU6VWf49oWx8pcx5NFmEGmm4vG55yrIPLSGr1T/qRpY5vv9TFEIFuJ4Ilr9xnobFK9TKSXCBz3lUJZDmI8jtywlTCqLtSjKMBvmvTu3toz/xUsyTJ55wSOcsWeQ0OXPlY53QpsHi7H5pBmE20/svJwN6ONG0tcB9HIQ4JZV4+ZH0ZMAysSRKv4U6i5FR6MET69l14aXWqdRF9P9vOqjwretjlquiNUlsP0s9G34g3dqSlYYN5+NEig+c6Jl+TCxesCZFeoH68FK98AZ6m3+A7jM3GU/jrL1ixjyHhHqvoMI7K5qOxrl+HA4yEvft0VkqrXnf9zocZv75HD1aXUVYt8Dl/2fIwmW+J7euD80AzKtLB+ojmuIevhhW9rtTI6dxAUzeVZPHabwBxBMRjzdR3Szky4WRLb/XsQlPNsoQ7KJWZ1s7iXyiOzsICpeWf/thgqFIU5DPN+MNQQbiETehUCYov5Cj8e8unzatKjdVprVl6onvxkYAxoVUbSEaF/Pm5WSR82zwVMSvHGN8t10acS2sWcCX6PPeHBhKlQxb77B5a9ImMF9lnW9Q/krNS2/BDt6Ha4V2hit/YHz8Utaxyq+eEEPT0QUnc/n3t0WjYtFen1CjWjN5w36YOA5piXkf9y6oxX3iEUhNoe//LcN13W1W62HsrcPCsG24sc4eVl5YA99t/nYhf3hdKJcB8LcA7ODbJOLl2LV25vo9lf/D+HTURQs2rnZsLlEQObMqsLwp0DfSvxRMmqzcHIx0lJA3rShg3F5gj0EWTzY4PU7PhFfuomtfBo0iZ1IOQ0P4lVAGNWxUkOOYDb3tjljkrkCfqqpJm3o2b1NzeOh5Naz1vhmyWfn0AFnyUm1jrNqINGr/euYi9ckY5WckoGJuXhi/8MKIKEns6oDvwy+tL6xfEWEcrxeW7m843c52ctXS4scWtpUhvCnS7dPFDKu0XR6s6YYFNZhNPlvkrK9eAm89fdfByQ6gRP6aXrxmZDc+0YcAmHTZHHflJIYPNRL3GNL8GifU8GxuRSqjmD6yU0jTwQNAT3F/Ww44YFvz2T/of/WgmJUL3KHrmW7Mu4eENmS2vdPIdxmC3bDGSwdqaACNZkfERqefhcivQeEyIuJHxzcDTJYS3RI+7jH0OtfEx2S/n0lsI9V6/LMNieDA6dTAW993c+VSmf/vXbmCOFUEMBXRLT+0K4SzRybzoLy0LD+0FtWX8PbJvevUa2oyqR6fPsiS2MQZEB+BPS9HAfsqCCKD7Sj/WoddREtIfyQW3kamjsmDLePDnAyZrngqXVQNddS0m/+Nw5JdFRdvmLvr8KKAH2KD4Jm0+ciSteDMb99hF41BbMvy8TE4oFUvOntM9fUKzTn/H+bnS8z4iWoeJD7ogwdwADCo6gsThTMbGWTH7/nNlTw9JQ+gfAyKTwNdQeN1UQZRKqwtpd5KYhzECjwqZCldgqfkdNhHlJWhEsCH1oR629DDL+10EF1WtPcegBZpeK6bhY2VfxwuHyGfle/MS4fnw/re/qZ3Hte+59OjMstKciHnYgNKvNjO2Le3YxDQ7jLgpO5zuPoct++n4frarlGb/cOSj7xgfP+jSQSyPlvLzJwPrRJCHM4eWB5hCDdasXdS93bMsrc5Wtsii25KmjlzClGX8g3vntDXIh88UMOLFyQPCIm595mzd8s+WcM6z1jkbeaZs/hVklN8u96U1bIvBnUQimZZtDxdOL5UDcBv4dTWjjVAJXWABMpu/nTbV0PZdDHvX7ol7DXBsKpv0SfRHLg5OqWMq7EAyb1StrER7w9bRsAUVnup16IjPy1hfWA2y0n3giVVQa25Pamw5+trSb5EIL6Kl3XGklFDm7GzktfURZaDBKqoE/snNgsoIBAR7TuayLUNJHGqQOue/WVNW+Irg9yrZlkERYB1md/kGcTHM6tr9h4ySbZ309UtEmhdXSfUgHXIGl6uBp8PWo+NSqIOjGC8DLS/uy/y7dt8fqH+h7ch9QGboEWgxrJzm0f56moEHA5kEaqjEvPQsb2rWHjyQN2/jh5kfIt0kzQpcjbB+OY4dl+aAK6JxO2m+0S6wnWJiPS+qlwGYZYBg8St4WMbzDbg9Lcs6ZOWERLQY5lxdTD4g+RQd0LuO1/eiP+k9wcRbelH/wnB/3qzRKHiLkWFtxx7sXbWzljacl7DbkNRpBRk6p2mZjfpjpDqwqgIK0DN0CuPgMcM30LtxQzHgg2i73Ant9Nt2xo0WdmK6i76133ETLizNLw9i6UcBSo/eT7DPg7RqyDFoAbMhq83ZDZO7ViKOEevt02ZRMatm/MzeP/h7PKP+yGk80qNDWQ4CrBq9eHsxICI3ncy7yLTI79H7wnWhuYh7UPf0oxbN9U6CnOgIVAWRf4mlNmB1kA4TSogGOw1CQpCHNBin+fPaQ2LYjiAU1aF6B4T5Jb2vXChwPBBE+B0Ayf5dxAWzIC+MYFsUDd7pFzEUavsQyUSXF51hmD8MHvDmh/eCiQKRHeDISnR9eJYfclDgz/F8w1Yw5oFG/4ay/4Y+0/mcBE3Jkg8bOIIg8J9De75s+flfDqHcv6FMfwr52Ofb8uhQ6J9vIRz+DwT787PrzzEC/g8MJv/19/fbo8626s8Z2N9DVV6X1d9bv97/8Xr/OZysfw6V/3k7sN7/PATgjyeTd90/z/T7PwLV2Z/f2Ai8LV5UHGJj0KkTJZX7f/37P++1bleX/zkvzx5U8vfjuGzVWI5D0nH/Okov43fIcnBZ6Pn0r3PUcZyeg/BzsMm37XLqG1wk+W7jc6ja+u7vt/lZb+F/+X8ELvUf2N9P7Pn3yr8P1z8fhud9w9+JLwL/5wD45b9D/wHBr3+O/OvXv0//7edmvtTPuOXL34PrliwbtSzj8Rz4dMm61p9/DvN195+PO2T/nDSMQ/7nyN/v/1xmGds8+DuLyH8eYcZuXH6DitIYgZL/q2St43f5/J0CazVXJ2sHMz6azqdc6Dr8f8fQPyc+D1fm2/8yp/BfGQIT+b9K6pJ3yVbv+X97jv83Iva/PveedN+/t3Lyz3epQaYKxIzDBobi/y6F/5IxMANHVW+5MyW/ATqWZPrv8rRWSfabHjAbJZjHf2amzbdP9fdD8dzqr0jCQICS5fPPR/B1kq5j9zAF6l+H/8dM/p3+4pn7/zq5JAdR2P9XagOC/5vOgFHof2gJ+AX9P6gJ6P+vCST/xwT+j+l6ZmAC/637BAgdDV64/jwqIUnzzhzXeqvH4fk+Hbdt7J8TOvAFnXza8jfT/2U0i9/ff7kG1dUl+O0GtAudrNMDlJ6PRX0C+aB/t6T+OQr9c+T5f5Zsyb+h1J+PCD8Nj21lap827ANShHIEql93vIrzHkhIaeAfVnrQNzheG80ggz2/bqjjLN9+DcZJOq+jPbEhF8nQB1BlGHapYIVQGpu2euzHA8f6iSc0kwq6l5SgpalvEcgZengd6P25MwURVQ1yhB+2KjkATCRqO/hKWhc4V69bbs3SkmMp+Xya6sNFN0SaLuh3NXxxL+fbuPcDWzwBQVbMRVm+c7+QkrhevzQBu8H/ICHgfwHMX6qNFIRoe7rKbpBT9XY1ZdES+dxzvZO6c6T9YUWOjfk+OCsh4CXeVWxw3OFjWDHzTG/fly/uBC0TG+Cdo3Pa6OUFRC36XjuMGM9AtpItB72igufUBv3TEhJcvoU3BnydORzxGeH6MRFoapZGs0gCd9I9Bd9fRJ7UBf6DxVNaAIeo8UskLP40nDtyab05gjmmYcVO55R5x4cHaw/Q9/3re0/7jgNZNuEMJGtt/jf4kK1UiKcXMB/pVgbGQhJ+LunB3RdaSs71YDQ1ur6HRm3h3cdvsFEdTfnPdeeAJ4X+6L7SVRpbW5AW61kP8Eg3mG7EsHzVKkvHjDZU9OCbU8XAEfrbj+CrakqHRbeMiKbby6ApEZQC2bCl/Tk4yiWInqCUH7p4/kFsAzTNvnhZ/2z+3hyWEov8J5vjXGX1onmpXwBSR/zd5DP3mrNfEwjU+SJ5850b4URFacPUoZFGRRUiHjki3ZgV7DC8baunsxUjCtRMifqYop+i2F9YahBeFgFXsZ4pV/tCIUj2ON/qzWRv0s169dQQ8Mbn8E1LKIKCsuacm1/tfe04FKDmyGR7gn9GlR9KDbwykY+yA6Eg5YtDF0UKLtKmBgdkYomrGS+tny9kxVnWJ7Sg8PQ0PxyMnLo4LX0PUNXE3mSf0R8pLeXECR3eM7y7G74PVkcDVm9BeDrd3Z7zk4o9ZLYsWAjHRIe9nIMvTmLGUlTR6uptrOUdL2Zx8Q/InbX8fRd7dBTb1HpLIJZGkDqrqozzkfLBbYFdSabRlzQzVVcjY25AsF4lRetyxVc+CJLAc0GtIgjcj2LK2vXiiNebAh5gFKcNU04DnerSWrqFyx7Bwq41rRh5Q84sRyKDL+LrfZXQGXNKboup49asV3TJKey+fwWC91TPxuytHejz5aVVGstKerB0wKZix2/M2CS17ULVa2xNT/3271St9MakKZF/hNo5qXI82S70Wvg9CUhJh+1Dv6s0OPkC1kmSWpGKeGUbbIQMEy1Mky4SKS0qHC08O9xlQM6rE1ROkZ6Gf/GnH1nEctdZrZC6uvCZAxn8vRnb2VCE2Gldr32XO4l5C0O6w5giacFEozvdiRaIIbC/LjL1rMqoyBysIrtS0bcRBqwqkzUMM9wqs8qUZaY4PxTVCjrMfwOnztxdmVb5pIsDW/wioPfPAtvJBCqGvzffsZb5WQaQC4uTqe9HnMtTFmFVvsXSbj/mNP+qDwo18PtmBOFAP+dSz+tI8PjYxqDBH+LqjFzyG7HKItvB7LNSDPcAto+2QaIi/bZGvGFOPbly2833w+nyXMmqCHhX2rpMaxz+UspnNd7s9qpo9ktvdy1RtoVxLur73kiNRTkcFJSuQgaoJhRseh8Nw8jq8EtOVoJC0fqdPtruMRy8HLujp9QnHQu81V6L1patsVAyvEQmTu0yOrl1yLAnv9umljXPYh9eCIQKzMdQtNG/60WgtqWzfYqP3DnD5Q9uMNLXFF+pSpsiXmHpq6ig9C1Evu6Vm7G+9S8JzECpEetoheNsQm/g2qF8O+noV/554/ecpCFzveZyHs9gpURH7GlVML6jjgcPqZqSG+pR/OVFiuRxMi9gucUexmlFWWtJZtvtXrFk8i5AL7hMjwbdwnV3rY6wEq4z3bYcTrgy5g4Wvyh9qhyWfGObHefFpRrj4FCpPUdYivDhrpNRa5NBvlx9qJSE4zmkkxdxjVQ7lT4DjtbYUU71Wevdu1e+x4PA5i195dshiH7qV8Kgj+ssFEwwkyyF7tPOoEDbBdSAbzmjMXVqyl0AsveIbd2XPN0DBHQn5N/PhXPm/u3quNFLaNo0vZqPbW6FUU0CToeFQ/ZKl2Fh1Ru3r8yIEyR6tgLMn0fltleMHxMakJ4gygT0PTjExVCH+/D9Tsjh3isd6kBr4crrfRSAUps4CJ2yLg4b1yitHOTCRtJ3u0TU6ZrOI/wU3axIFYcvoQ9NlEhaK7/pbJeYRWEVt+zqYHTqdUOvkbdX93bn0StP5vztNcp0ezXRC/D30Ip2KzcafIo4nQaxAzahKtrP+HlMidQVspTRhuJtMO8MFO1g8KdWyerrBkLkfmNDJ9zbb4hVOF+sb4RSstjB65f+AMwuMoea8RW6bgxg1W8yfGGZk60+oXa3zDtL4S6TFmAIQSMqHwK/6dhKoCGl5MtMt6L+fAVqZ2BKS+B0wefSvvaKYNM8rol1dY7AX3fZCOdT9V/XzoXGzUZ8DNL3Gzl+geSzYCzI42bZgDJy41jR5a1+XC67qDD+48gczZ3G5zdY1YSNW2Dl34Fl+6lwWmXUeI/SdEHQ6+60baI0A/wmWEMkf92IvuiaCPKveBtfuWdaDwlL3mankGAzARVoJ8bHCD3fP5nQTAw6Uezleb6JXmYmzdEIy8jaNMnrLbaabzlHJ2D2OSUQJeVvYtT8DNeG1nttWTZuaagNFqn27HZmZRpufY0W3/KdgiFkdICvlGWOGEbjnLpuGdPhVsaLQq9XCrfoGFqppmh0+e9jPJBvJ88DQ6pQe2aIlrosl6J+zxM6bjzsp26ysBk4tLllT1YVS090ia+A7zhDqIYFrifOogz2sQJdICr1SikvyyVjdo6cTZURD2ZyqZwOKosc/ToniTTe9a+vfGzQcyziSNeRRcoz01VU1zaUgdYTHl2pr3pWJnUyyY83K+Nl0+UDXoc5eq3vwXcVx/HasCBIgH1O2STnRzvucgqJ/rat5kubrwnf8UpZEDhqVv/RxKCiE/kML3yZ1/P08Ybmd/GB4ZhtnYR9Jj6Omfh6h/cHK4lPbtmFqWERvlfb6+qfS4ZYYDGa0n5HdRXJyGtsRJpgVslniY8U//RTZkQ6/FqEuvYyn96Qvu79BSxYvkK+xzaF8D0keM4YnU8kjxhrt9jOEuJc0e4rXg7ZvRFm+9GJ3zlpHsn3B9wXSPe0TMFV1soJQmhwrHyZwxmQE9O/QbY08sVBstsX95eAYJizSJE3t9KTslCdw0PUYJ0LFX5c908gOZkh6GiecRFmW8BuvIms8gEth3vEcXcvVvia4y4KvOwxNjcbgn7GjH3kZMIa5jYEao20MS90kN/go1DHLbt1ZjJZ+3b4fXVQyVDBq+TPPKNGn+zlvGd/meOEv0+sj9QZRbZnHb+z6YxXtfW4vF0gztfaeshskDMNHrKJru5TfW47UCJ3xLQNcaCeTl4r77n8GbfKEgW/ggPWRr1LECFyX8asf+ze2XCajxdYPXh8/A20ITBu3eVigw9grBpjqJFmvP0G78TduHd7MReffA6mJExJ/qXGsOwX617CY00E6u2Wc1WjoGElpdrYgTAfx3JucXyO5qOH45Ny2vm6mQHpTy3rv2zQl5M+hs93eF9RJOXB1ye/6oPZJH5wUvJWQd6nE3iBoMH6mOTErKg8jxlcQ7wWHhU87EYElffFaejXX/J+g/7Cm63uGuKlRL3Hnwor00LtjN/pPNfA+iwiD8cEiHDR5XmLyhxrMk+HHVnW4+c+Bg0NIxEwOuglSCCBIVSm+pOdm4KZx5E5rw7Ks5dPTs3LOr0EaE++9zg3zzLXV5HTdhNyPf7uES7q6eLWZRTI3/jH7vJWEFHdhAyb/5wSy2qBOH+V9ghzP7P8c0ZO0aXZkQB64hFt6P126gOR7zy5Gb8cZuPQtPq1X530zauYjJSgdsrvelQql512WvAQYwWvN9hjhSYhwpSVUh9fEChCOnWWDKkom6RZ7512sIimE6xcnnaMdDnoIUtaOk8F100KtGi/Tv8juTdRJWHIOZuG+sdOlJ8pxZwjKObR7dIEZ3RM2b2rCp7xpmwxLIIDDhY6RJ+VdMsqAuZQ44FUjLzAcuOzgrWJrmtEmBTAdWqVc+mDfm3sy3qu01Rga1N4jQNK74ccG4j5Rs/s1Wg9WVjHVbMFtML7R+W/VhUynu0HsQkFzvQ6k3oRl/jT/Po/sRkJGmLxFXe0VWJ3Wd0pooHSJewQLaxqB6VRjWUpk6TQvdpua5JrA10z9koHf4oimT8xQ5b7jHQ+2FvYT/WAAgwNXsnyMF4Kgmdhrgcq1ncAO3xJUq8BGSOPOgVF5fwXqJenQYHtr4HAoZFnEg5bQy3MfFBGKXTvmKoVaqLvnw+BzU3TEWP19NXMtO3vbKwxnS/XdxzbbbjiZ/r0fX+7hnSRfZMpehPk7Gk7y0T5Aeibclfa2IgDZB7r2xdkn3fPj3NBsCQJ4aLU+hkAP5UwgwRYML/IQ4YHln+IOTJgnsH2ulVeCj5Dx3R6SMR8k5aZV76meJHXHuxQj9WnnjWfgzcYLH8dM6/S911M8xvM+DTzITeR3J9aMigSQcnVyXHSQ12Tgek3vosMpXK7i5nwFxWQ8TT23r0VGFRRiU+6IKOXe0WPFRb5Muq5TlOX1stDbDrZMulszOWDSkIsBt/0MCBipn9E7f+w9169rgNJmuCvmccu0JtHeu9Ez5cBPSnRU7S/fpm6VT1dUwXszk73YBvbBxdHujpkimki4vsiIyL3P5OUlrHsEZXpJeW2yrfhBwVw13y8UM8nLF+U733IZ2I+RlcURf1YXAdt1HndovBF0/ySV6eAIy8NbpD1u3OisNipcwQ7A/kxySRtdlP5AmRS1JT5rabgWX03al4wmwwRcHEAbFrNDonCEmTQ9uloNaPFYJA0k3FKXYMQdVQwiVe9Qtb6NVSrQTPXiig6OrdfizNsZYEUDEBEdCxfi1B5Ts++1gmROiVtH5AcHu2NgTUt9NmNxz0sTHIno/xyfhQmOWFtSWiE5K8x60+hCpFGWiv++wwbDzWDUz46z47W7+248XeSeYseNrGvxw+qvR9+k3RUG/bo3gkgd5N4Z7zlQbaacOsXwT3uHo3x29Qrd9oqZcwulj22fkyBMyzb5A5IBQrfl22+s8s08wnV9DneEk56kIxz79mqGova3yfMfVAIIpAiOr/l8n0TJCfn5XkANYpL6HtlXX5jsDaV9w9mr5WBtVFMzVKgieXLpo/PTH4ANJTgKhQRfgQPsPheYyer5IWfgBfmhqtQvLEL6la70sUkLRKkaGiKw8P1mJmFJugoop4tdPgIM77P0HkWPY49QLjIA0jVeDGeqMApQm98D32tza16LuKDCLOX3FVLozl4vnkx2edVfjkyi2ovvBLugd+vy5EyZEYm+7iULxuowb037qd8NJ0V469f+DJYsIbzBc4JeTe50Uy+TDWqem84AwUbuae+bQrspAYaJ0VeFtdgzy6Dl5NtjBi2l07NEuDVPJZFT/wsVdXuTONPzFdPM5M+r2tYU37FXi4EQXFESjOkqJqrZsPkHVEvNuyjmm64FTIpv9MoQNUsSp7/SHX6R8EzAPgV9V2UDXhijClpmgGPDbPovetnbJ0Bv2SyWcfN3VLN+Upoj3sbYAqNhc25s8zHYL/Bc7cJBMzySyO5k12e9aGfsECSlM2f6HdHiByRUHK0oW70dvaW2DRxvPtXXS8mFcbHzWJlX8EifQylWqCzUWKchlh7Ob2ZCJu13nTq4YPen9gOsY8ldaXyjASurzdkPYZMjFgFsmLOkIfs8KfvcOMeH5tDOy4N6mqPRfc7IVsMuwqW/QzJGsW1Ls1v/+YylEqyNyYvMMGnZwW8EFGFYoUgTSnhl4IKOQqnlgSjtFJ55nXhSzAUZRm2FDpFIUyk2IqHLwf8M4ATZHq+Bf8CeknyAK2L94oMXQbT8kHYUJstD6F2U6bjGY+Wv/f7pZauuD0cSuzwN6jPxKKL5T+0pW8Zm6/dUAkYpPMAU+Pg7rZBGlCVLJ/MJ9hgz8j5wKSxHh6Dz+m09h5Y1y/CNZaxje5TW/KRYKYeEH+dYw3C5Lo5e61IM6QsZKjl7gCOR73343qHD9kCguaSesaT14ljXilDpv7gJdCfUTxuYnDwYtyo4JUsAdYwU0fx3xDaO8rUA7gIR70qT/TPAuPg6Sryj4UsLMAUBAymCz9TP5yK6Lb1clk+3o65CZy5rN1LawOLIcZ88/zhe1h51B0dgAAldkAPr9ppuFjkqNyTkY8yRPmq2ul/TtUUFEpbCQuiQyfZXR8BIlemCoz2ZsqheUlnD5v/7uCIWJEDQO9oyo0moquh9+KBo5bripSbv8Ce9osXBa3QG9F6fwpmFELlQ1DJqWkucerGm/zuJHObzsMGgMOTtavzj106my+dWfp7OwGmcPUvR+KUUoDSN2EpFUlImnQ8dnj+4tZJwuMvxfEWzmdau9t8aWjsvDB/hZIgI7B+A5gAcH+qpkBKbv6G7M4bLFfpFOcBO4KFB0Qxkhg92FSe57G+Y9crlKmTOgK2MpORpNOWLK51zyTQcxb0fMTelj31yyumot8JyYZp4I2qKowxjEKC+0aVrsqI+QXdqztXBX7z2dwpvpOZeYcMxAOFlAAzaCb7L+W8Qr9j9L63ansVQvdicWUyIO+4ZUVbRDw0u87ovu1RKD6yd+rXy2X4VQ8JIoPHoeRcHn7AejTs2X+9Dmq/KZsiQonjsI2oHrJuwTGKqvwogaxDm33w2T4+2sACTyIY2C5L25scyh4vOL8i2Q3FYHSq0feGkizpJimMSuvBvc2M4GwUjOp+bmmPgUVPK39GHEYR6/ROyiGw6Y3uinUmtuuEbFM1mXSir9ampVTqgtdGhDNVi9Qdbi0HHgDyIIoB53j3eTx7Mgv2J2bQIfNuY1mgV69H0zeGLnegdCzKd9jvKCdQd5Gfvy9z/N6I6+N9C4Ibdy9fSf4ob2soqWYiSWdO+tRZwLGuaQ8TPlhyMri3uFVzQXBkG72iN8Mven2ypbjhBByD4Ty4msEsdsOCA5waS9Lj56cxDJJLbG0NApGPOf1GJx4ggAo+hAmCh4dtfoJih5eF6DIE1UmC2W/JvSoAsj8FCr4Xa329zwdP8DO4/xZvyTrr+ZvevQ0Pwz4m4bCSgfeLKfQBUtgz9G57h2sfcgtj3VgUwodklEduR2fsnV6EQBbxkjMfbn8FeHe/FtTS/feWZUX0LexLfq2r/r3EL0GUwWUq1V4bJ2b20jfXP2NSdHZ5M5teVc5nHlg+QLIa7SdSSThk81R2Vd0Xt6D0rwYC/NUnAbgHSi/SP/KHbq6fRn1XEBfewBZG5DOiU0ClFwwZ+YCA9d2KV9M/o07LscYUv/O2m76chhIpkMCTuOQzLTl15QwWXO/CoAx9c2JwRLOYm+dJZgMUkfjAtDs6LnKw8ZOP7z/v2ABLo7wDgE59I4K8cSg7Sjm36DMhEBCeBVUd64uKjHwGXO0SBh7SlGy9QADez4ncLLCfpdX+bx/pmnlDn6SlXLnIkDbdCS9L6h7wrltVUCJgSrbCJCZTjBwUbHmKD88v1WiJsYVcAQyR+CnPaeDEo2Eu2mqTONFsgdjuYTGUIaSnL8Odir4feCa68cknKb5UZXctUUImYJcpl8Lhg8gWI1GnS4aHwdU3sScippVTLi44gvhQtbdXzM6X8856p/VtyyOzdpm4DSXWCUUmpYDmcXVbyJLXK77boKoaXGUAPIEalJFSCnVuzZuu1vkGwR5Gzay852Bs13dthKXMPxheg/26juLyFfPdZ50IVSHK1fgJkemHoqwCL+Byh6Pn0gDpzzqGqt5wH6ab0rraPSK4trdNl6QUH68HxG2aMDhO69FOhdK9FfRRS7bteVpoSX0IjNvI3b1wEbsltPy88UD5Fqg5cNN9GhlxvBS6SjA7F+wCpDGXjZBbYHn40XujjdUOyNQ/XUPuCJQUJbJelhzkpQOJRTQaCN+NJFHCF3kKtkJRSBDXDT5zv3mDvbV7i4iizf9AOmCJSPUrfK9HgAsRikFez7gma/H+VkAGHBIc7MVGgKqeoPPh/WO+TWDwn4vo7JyxgKBnRUYjPE083EOeWrFSgDTbNp92hS90LX+8Y/vTRQEAC4JalaTrxwnjk7Y3NWHaVVU+gLy+7+er40nmymn21tHul+qFnPQLje3LKXcb+7gF73QB83plFRZAlBVqW/Y7xhoHjz4VzobcrlEAsdPN68oLrctMmX1Niv7qp/CKDxPscnNZqhCFHVKwpFakB0TiGvC6Rn4HpsIvujBwQXarKRB+uUGpnsG7umrnBuXfXMDePnNMr342Dmk05bGkW2klIJClaAHRsab+mfct/e2Uo1YRd/i3EZ1Cm/PUPKbMl/PbrTWHPhq4ZsZA3e5xJqJlNKArh+j93Pe3+Tv0A4wAJPuUh6YGGbE8fcgupnfhMHzhDyKs+6C7vpMVe8GfyqsJkDNS9N1exL0K0GU1gdVcsEQdw4VHYogE2EBhRnQWN9c4E5kHS6t+mHvbMquJmVjOXqbloh9Mo4b1egPdYYPyJMnneizlH/vXseZsImvY5cqpKOjp6S56LSudVQoSWYhhKLp+acpxfN4TlHhj8gYb1mtZ/TYEdtCcpPFxF36xLh7r1hy9wYh4Pn+e1Ny1D/r1+S0eE69BPrnc5bme1/hyDhJ37lHbb2Q1QBsy/g7MnW3KGPZ7CV+Tj9inCTo4r4NlGttupKl3LUFhveaHJkiClQtalV2lsQmd31gG0GukzhEmihrAcwl064uS/WAMgtnwgEdcNURpVjEn7iO6BkkTop2Ph/D1/NJWW4Sn9pYqSiP+HdHxJdc/viHgQ/nhsrmSYUSbo+A9Fu0tHyfAmtN9UwVYhfkmAe/rhwR3c9KedYLuKnHnBQ/vZbNxjrXzLQFLym64Ps11ye8R30xh0GZDjqbrXLQl2OJJqmiJIB3li/5dePJ1yob7gr7a54VdwUKeD1c28Sj47blXB4pizJ/HBHED9II05AZfhr+MBzFWimgZYpow85ttDSXPS6UDROVbx+KDO+2C1AqKNmi0oYv+V0TlsH+trLz2TJtBeBLVwe/limmVO4I5pFYCSXWXGSnl2sGGVismYeVvoEgGKvzJ8mWtD0gFlx/tjRY7TUoqOo0Q726xkrwtdRSaWA6Knx9I5D4m7ENd+lkl4cGFxoRx57IHA2n3w0DpKDoCjwtFAssUmGB5b6T7oX+1nVPKgFPh0nZrXYw5vbmROVe913e1HSFmYK5IEOq0ofAXieNA/Fr5dXMRidlgqYnvzUYejuGX/RGgzuFHKmy5Ime05NFhVL36b9Qkg4es22rjPozn1Rnf+PZEbHxVgEhVzANIfscd2jUQbCuwWWSlp87NhivkPKRRGWp0plnr+pmbOlJ1qqTKSutKEi5NB0mj8DA5Ivcl9byUyLRn/IZtpZjmD4NiJYqCPtKcQ8AddE4lFcicS/nKQz1i2B5Jdzt4bVrLE9Icbjte5duSOwv+2CrEi58izcZxWeL5kY5odt/f+SigX2ksP6IA9ChreEc/42qvHUTziPlW0wYTtIi9wETO0+x/4+vFzwv/2DuoU3FdtQwAQdmltbpBZ0T9zSkfENSxAWj1xwdae98MED5Kkpl7ulAd+naHtjAnWg7EQClgmQbTCuPwI1UPRTaFNTtEQZVFmKmVIGLv1ZHyk1gPDxij27zzmvTBCHy0Ae3xko5iuqJrunYlgQhjdH6gTnmWjxmy7New8ATLmWMhScorVJZQQyGnlQe4CrHcIlddYUF2kGiZI06skXeuZptoXsvvbz+v21jSEc4WyO6tw8aoWMACC9n2aMzeUIx1XTRdORmSexQKJwZ42YwmmDQroEuLQmyTNBLTouGqhd/aRDcRpUcMtaOVhEA57zrXfADqMRDerZXMZ7Awd2hZFGX5OXqIPAEciUdH4Vh1undtJvWZ7zC3SXlMwRPJt/D0fW0VxusRnfCbwdFgy/1GC3wwYlcRAhcohVX7okkQoEJKWjNOj5swuNH02XhRgWqMrKXF7MTgu4zT5l3WOHJ50AacNgCf5BnH/GLIFGK2KsJ9o+N8LWo11pimvA2+1B/YODPu8Iazme4AmyFIoZkivS/HWqlwIqwvRYlOapE7NJUxf2dPhP2RPJl4uWoxzTgy7Nc+rHyufKBuYppbDvayLABzpgTGwcb0rfFFIQVDbcobvmdR9oGj6bUC1UJhMdQEbb8MoFSKqFHqp9eUQEc65zQCd+7CJniJdh/uLFHPByD1rd5LcLMd05cKkpKTBu3sMqkXCrhh3wD7umhh13eu5e8XHoajRsZuKm7eyclrczl8/kgLUDzsvuFUDZl9X2XE5Pel788mk2+HhTk0Up6OqKS+btbvB9Gmwmi+JzNCOOVICuCNtwfssePPGwXse6OrqMsBi1OrVH9FH0/Ju8N3ggaFDvxhl5dMj+rRCEg70LIWUwt+FFsuoB6QM3Vo3HhZndUSAZ4LAD8CBARko8gWQZhxVhKbRJCY71nQGD5BJGXiRlO6RFX1Oqf8CEHGEXS/s6+MyUjSj+ZNKe24J5uEffhO3byAE6r3tffMXDCZkoPed4hqtu9renR2pTFn+aysVxG7SFW/XzsVlxWsH13ZlkcAG8lDmM0ZZ5cUia3xo2rBRnCbKlbj+b1vNIdeQ1W2X1sAxTtMZD/E9r3n60xOTZZJhR9f37GFP5UGJT6ijTbrvFZVN3zH3xWXVM/iTY3hhljE6MxThNLqdFYcJ/IMV4shwZSEts4v1qaFsZ9X9QGMbTndYSRPhLRooswuMNyk3jNx7m539zohCtjpiT8QdcxoDMPv6SVGMf4hQw1+ce7ms2fAkHPxWBZyJ+d2rdyfZgLERDRsMLvhkTBSSHD90nhB4GgL2wl4dMyj/ZkUt22SXSiDjcyz9rG9A8jXFi3e+B1ePKae6tkQDpYFKZl6qV1pUxH+sMjhvH56VG6QRzkOpvZyPi75Hld/eaeVM7XP2KM4iKDhXvSgbNBu+ptQWQYtNk2jvbWK2DxCfoiK3HQCoi/52LJ5RMcb2BfP95YPS+AWYikBjkeRNL2KU7UIRPxcLY6dk2dfez/mg7nZG0Sl6V19E44TVPjTGtJbe5SmgbWVOu3aFi7P1amxuFI5VKfq+vhFAPzcEPLxgYCjoVh3Lh0rI5c3/6HcGDDoCd/anKUqvvryS8L+7Yb2CLqTNRn4FUl/C5AFxeLTXgIflvF5Ky+Uc42m5GF4TM6RbbtHL0weYQUf1+qVdjO+8CWGG1FoG5Al61iq6hrCgMuraZXBZphfmAEsWtHzCIJJSLhtfUcQfRzVc/eKLeONWDibrsaE5AQ1mAMGYOLzdA4bvUwqOjQw36JHP/0JZhBYwnZXP0NcK0sYrMC/TgTE7PG75N9qhiNTVdOv6v5tzRqfC3ZL1lOocyKaGW4FfZZmZlw/tx/704v3bE2qG+ujFvmUKxFwTIg8AvhdIGMVJ2vGaqaHMCq/MGw9erh4kBIh7H4JrogK0+XQEAy3ui1aMevoBBXx/t3594XZo4xO3HLCPgkg4LtNkCl/hQIwGcFZs3pDjC0ksZ2V+lYYB8LkSwFxcq/krJMe363WWq51tj2NMP6onYCKzVtiOWqKXkiwFpXQf9kpYHTufmOtDIuN9vKjs89fmTemr0nbe0m/CVu/cTV81wNEdLPwfjNlkUQFrlWsQbCB9mDyVa7ioBxfAlnTquJ1zHAFu0VuLe3abxf3r+GGsLNBohwXShEJXpx6S5weMKDu4+opJd4321y3cMsy7rxXn7Rx272YS+QFdsw9pf/AZlU5QpgMkxPeVRw/ipjgEGk9VygSw2buo1v0SzPAmbdWd4MzMlD+yJJ2SMlDF50ZketvuB/UYOMHwGrTFAP8fOPHR09eshgGSlfmZ8b7DRuE23hXeGE5IXN9vn4lbzcEfcp8yzrpkkoSWVbUSIYH20yZ41vcJ5xCbsQibyky9jg9tFlcNjPgLuqr+7vSh/WeWMWD9W38qhr1MMKdTNk16dRNxsApnRxOzD+eF7Y9dSQHRzKy9DDvTpOU4qDJhLO4Su8AH0S7Vx22eaOcvdC8RPd1WcyGjmCcKnPrG89HHytQ1UjtYxZMu4EUER9m6A2zMFreYr/6IoptNATxnjVzPWt0g7Ub55I7zk1pwIjekFXprHdZaR9l2mOl4upgWbMtXtTWHk9X79wB53B+MEF0qqWIpnw6NDlDQKe0fPiSKoT7aWQks+AFA9szW0BCYzQt1G2DQZe72GbsQSQBLMcNw/JKSotckx7bDfHn7dsQ6LWl39Dz0keuz8TSlamt5+adZPOkHlEQlCdabHtPu3fS2gskwvlts1Ca90OD1La3NqHtqJ0aPcrlq83NhQ6rpL4E7cHxAQpI2/0SzridtQfoXg6tpK+IqCrBWAAZFHhT01uSgVi4spKdgqXr08Glcduva3Ondw5AOZWJQz/9+G4PXOzlGDPsKVmqKzGa1wwiZcNth5K1ABha3+WCRH/Nz1RaQhvxkNySxmH7AUx9ei+GJbAt54voMAJmFuXhlQbi+iqQdjNnA7FvayXf5Ofs9UYde6rBxsVd6LONMOwtUOFUWNv5zS4Q0KBUj/1ZJkTOs9xr+/LQDKjl/RfXGGaFRulbp7BldQNg1MoQe2MYczJt2F+q8VAdQTISB/FfA5goSc1WfN9/ua1gcuHSW680NTSYw/t7IxmFIw1NLy7g8nsnFh8RAvAEgTh0ZHGLIrvFtmFmObsvhYm/cKV1eSCRV1vQ1nBuYpZR+h8OekR5+QImgDWwMPmuxdav0dU2kqHROSRkr4napiLRAMD/9ptsDrPf079gq8/4KL5s1XP7KnGbePGq16sP1MdJxYWAwQxz7WHd5gI0pxChF+AmaUIdFI+/gjauM/vuw6NVG0fxyFdZnVgWZrdNuvFXnazP9zfJ1EE4Y7q8t3i+ys4RHdaRJ1kYBOeLwzcdNgRRXlczlEcRfm8VW0KUhx61Zxuz5b2dmzBOK8kWEhV0yXW2u41F0uPQ37klEAqPBTLisDBrYKtKrMITtvjCwlrMpuCPX1r513gFa8yFIb6R6cH3SQ+GTezxnN0LOhy4fSvI95tURZvQ6iqcojGHF5o1siD+atpJxkcoCoHov3XfyQ/Hd0Y8ZV6nj7mcz1FhbXzixC/c0hehI+SF5FWbVEHKMYxeFtIOS65ASBQfjl637LcZHGc8i+DLqzwrJRTlvmyQeM9SicNgEeF3Pa6mHSNDToigwadh53lqNpaSjQ3IA+lKc2PJA8NLAknY1IiKVtm/B5i9dsRr9iZ1OqpLKEZTCcMEHCwWGWti624eWXW5auAf8Oq9lSLqkrdAUi+7vS/0C7/tTorUzLDjbD053Zbjdrivk+ezT2fqvKSdcsNQl6UYlqIAQ/2p5q9pGkhZueqBIxs12QTymKNoSXnJh57H5sco92Zm56LkYiUMkiajI9IKURTmjDfq4Reh0k6qsojWMqAqpQYjo/JjPyqfuclm/qyJiFnVgpzVKnYfnp6ae1Cw2vusVd16Q/z0EZnXQbIO7i6aRasNDb8qTfRsqVHI6VqWb3oSLIR6VtKkcM7r3odxHGMpFzSwJfbaWC7HT3hUe9Zpkl59sfpXMNG2buw1WVKPqvsX0zsxQodJzaHil3/ZElmi01XSWTc6HlrBpteevqknbKXp9TkmIDZNPV5v6pUEreuZz6D6dubQ7Qa14mU4NReyE5GNJAsrzjPKaduJZ1fZdKeo3teJo62MtJ1smHD34vWVGh5h3l8onFF+STQOEx6++AktKypRGRydxx5sr6Ml9lqLAETFVzZD24JsSgrZLCdwDFOhroSXHVbQkqrFbhfnwnzpdwLgcfEdQ3etldxwVxH/dGwwOHsnKIav5YT18vvgF7WohTJ1aPByp3q4kJcgIdI83o1RGL+0gTKoRgnRhjPO6gs5JAqDRqCY+Y+/x1fZqu/0cD4N4NFF+RXkakj4NzPIPd4LQBOVXW8MBSaSSN29BSZcYZ7A4txQOpa5bJ3kSn8cQmBM7y/c1E5Gv5ggig7qrYLNzZo8pbgduZFxWcNoYSHSmJ8e3vRH5e/KK38j2NGIW4DAAZS6KMaxWDFuN+n6Z5CNWlF0yv4KMReTiLozH1m2m64f2vbd3nRO14X5NcVgb/rmxRl3i0MxP9yfwGETRz4ZRlO2o7Qf7m4P4UvBYlgPu1BAiJH+0NRsLsEXSkywLSJUPP3QLe/gEyLulllNXrZr4NYhkcyLRyzh9sYw/ZgU3Wh5OagqkjkaIg2qjlh2zXN0eY8ula+uU7MQTgn3+YCWVJIz7PV5R2DreHV3xT58WbwV+tqkbjW//QybeVWffTCadW27phV/TnJlO2xnWKtcoFPW+Npz3nWIlgExVIMHaeQms3MxP9Oiva54GN1o+XB3+GVAUUNxhFCfXzG0HlyF/L447OO6tmJensrHcL6dYyP/yrCJyeeOlvi0nQ/I/mI3gzq4EKfFTWGpXXU+a6HokvU7kD0ephZR+nwd0jekLMaJzb554vibr5rT/4Lp9PVe1kPe8h8LoF8+/gYrosYWI3loeY7whteXpJHJgWptXxhR2FbSm5pChlUXeITcikKcQF3W8oOxtfCL5Oxmuhl7VwX+JaTtRkB1leuVodHtqdiQg6e27pkjPTS2Ma9ISEAIGCX/Xm8z1PwmbUqtIK+ZGwUGTh9Rbchmh+lXmqGojzRhJFZgG4FxmL96r2l9KmGFwCfgSwcJpAz70EJcWD5qXde/YgL/TvUEEIL4u7xg5J/kBeP/JC0Y/3dIC/7npQP+SVYw0T3fyhbt/nfZwcT8IP7n86en339J/2TzPuMHPUIBcvER6DdCEMjP/pf1l3oN/gpT0/k/7n3e1X99/X3HOqXDP/2S/6VWwMXgm9P87xtpym4vv78tyv9x6//rL+Oh/0ZT4DfL/zce/m8U9vsN/T6Bfu/h32/kb58/v9HfX5l/8zn6d3chvzc0+bdG/lz8r+/J38V//kr93V//2nMAr36d//sBAXtkv5H9h49/k/q3T/+n7G8wsf/3Wfq//Pu/3vSv//9rpj317yMkFET+zzU3/jUv/t/ICUJj/ygo6H+UoOD/IChPH9cWZKP/V9GDP3VRKPwv5N9PG/q3IgP/J8oe/NNpI/+TVj1ovt9p/ekjYKDa4buCwVr/ko8APh5L+02zDjjifjf8shz6+r8b4n//rYHn0n/Rx3r8C6iW8O8zufg/TC5Okn+B/7H4DYX8E6lE/kLh/0EzTP3DDP9tCIBxGofhGdxnfv6/KqX/k0CWaJn9VtA/ld6/ml3+rzb330nbUn+hyL+bWYz8R7Gl0X+d/387s8R/lODC8D/M63+KOfzrTP1D7SAURnGU+g+bQ+wvBPL3qpf8R4tJU/84gdR/2AT+M2j5n0H1/q8VnPnRBYXhGAMUnuGn1vtVnmFQk3MDR+GYd4b5f6MVXMQqYfRcKY/7QzII/fiVj6l2UKSGkaKXGMovL0MSqEDEK3FYtEDzLQ3xJUfMJpf8LUPV36EkGCWBFg/W8cTXX+O3//xj/uvnv37+6+f/lz/cZaGY87yxacj/4B7DCBxzOCJb5wrnjDrPQBZ/Mi+hMXzxFUcS+0ml8yjkhqoVV3mrnN+rVz1p7brqLrYbvHAZtwOb7xyzvJG0eeBKtSGWdT6m8PIT2RU6zYVO0/vQjh+oXiAGYQA3Sdh98yjAq1gS2xh5dUlfjGk4LZkEPzqMPfPBhIooQUu5I0r0pIFHhmXqWOMbJZQarFXbcTPeMWF/VMn94G7QTWXcJ3M2qEg5EFwzztZnStNh1vp5Jq4vKJnBHmum3V89RL5ki2/LRu0Z2JU4DJk7KE8810q58kW/DdS6af4FfW0fLrIIMYcUoe8C/f68V6X+xq2oB/6y90Rs+0qW5E7Z8i82zYPpvfrF4y7AeQpOh2SJ452Yz7iDTU31d1h8aS5fNOprvvOrX9naG7WK7c/RVao05vUWQEGqa3CKs/7UuOerLAK9JUN/EnO9/bhaAqIhPh3nfmacGdc+xIsZ+6JyVIJ9oPGL43dyr1dSlgl+79WDLuD+3mf8vs0bn467MVrt+p0zHupk12gJhlu32pvWzXTC5oKjwuKZA95q+QgWZN5BdLofysMn3UFAlGgqWETs9LcpeJDNEdKs15WYvWNLCY8QiuG/48ZAj3XI9CUjWEXGDw4qzHP5GuuYSwnEPxnLBJW0RFiE1n4w2kFg78gGsYtsfBpkLC6CYYeUL6/uXYu7u/OOcFZcGNclAQu/6h2LwiGEeMFsdLF7F6SOJt+EOHdscQnvLsgO40vZlR3enYJVXWIwNuVjQu2Ng2r41koqCrLjkqnRoJQJ7s9wVTtJLnqWBzvpERLoUrMbLn1wf/tjQlUrCzeW/95idLq5ww9wNkYg8kAMSARjfGFgXA0n3g7LqI7gbcUcMDUXsPqtBy6WMKLjgjJojOFaDDgzt2V79kEIzsGdoG7xwGiK4AhMzHS1h8YrdzCMezB6NsId47A1H/PC+ly3MkLd1T5Ts9DT1HOR9DQlQiwjMbZjHNrzHRkjqcGDO2L2xb2ZmmfMkY8BBKBrWZieV3DgRnsojMO8GJ55sAsnMKubM4zhMKd6gDPrBUFauedC31GOB4ewDaML3dOmwOSuD56f4ThQD50RjueWp02ZkRT5eX6w2XoDAKTkTPx5LuVrUeAMAIXO2qwfeeCtpw3h14bL/NqQnjYAQIqeNqoatIEz8NNTRs2ZsYMYRn/asHzQBlxbdfi0sTG+Cz8P7jzPkbIO9/SDfelPGxPDKdHThsIUTxsjOPr7acMHRQA5QfNBn9KnDfBgFyO4HWiD45hfG97ThvZrQ1Ns0AYL2vg89z5tfCDQhiRIvzaIpw3314bvgrE+ns+g52kY/WCFz/NKPWNLg3GQnnfKc6/NKI7uPN3k9ud7VXAPL7AQKGRLPvc04B6WZUxwD0exL0UA9/iOzYiMwqHPgD7o8LmkeSbe4Wsz5hiwRu5DEMLntQReASY0+LVkWIeJubMGn7wZ/7mfi7mj5upn0byZzOYYjeFqgwFrpWLYWu/Zj8SwPsOCk2bsWjqe21hEYDj+GRPY7F5FSWFgHISVqVaPjB3WkUYGkR3eZ2eGZuvnN9WY7MF1TPgmoZplUodPnxYdCWJ7m2FG3ueXkUtBao6yZYFyxtmju8IFduJnUfs1zvQlVi0e4izIkNa/GN4W4osFKNzbpQ1ID/f76LCIPURm6kZmrum0i2j2W+8gvLe7b6WnwkjlaY+w5td5MUGnNAwbDqtlty9kJ8NdchG6zii3C5QaraXeZyYFqO0LBpCbBXFIew30/cDhzD376oepXi6b898T9X5RApdNPw/+PV5yNh5jreU+43Ef56+7/DhuU7/jBsGmgat/QAIEqysK37g1M5qmdTCvBQ82mNv8BGzX88qQ12wZ1CJDdMub3d5TSIZZ+qhO8/QZQcRbqObfVbojNZLRhmS1IFpYTms9hTflGrSarSOeK9ssvzQqXitqdm4porLt4EueqWlKFjnq1iAnZ2xlXFYKTW2wlzeCHkdl0qUOKcQMJkCrWUFcb6nvvdqyrn/JSs1iglfG333Z7QFjPyZ7QaQOsTWzSwNShMk+fG0XxrrA7g3SdmsFzG8hJ4vxQeG9xPEJRKIb7deyD86Ric0A4XSX4FXzSc7rNdirwJPCwTLF5JnwnzAukHUIe234al19ekPY7cuPMButJQ/L19byvI0cX05zVOOZkJE8OV6IYL1nTzEcGETA9W3m+AxS0cAWcaxTvUf11XkGVgf5IwPXeA3V2ZuKrylZRL63RwUBg81/sPDQINYS7mXwbCbmc8JAO5MHS0RMqfv1FlTG8iSOIwbrUIRRAblR1/3ymZtLLqJ7JpkTNmNn5KdH2XoP8jK7ihGhmS0ioL3QYB8Bx/yaj/ID+vxv4bqWdZmN1c9HjueaV2gRGCobrhR7OZsYyCZzsgStgPXSTa3hPZJ2OiyQrGTSyKKSnjv9Wiksgxq6t/MsJH5kaDnNCGdlrme97l3+dISCH90WMGBg52ybD63GHq3IHjMlS/poPFYEYtLjYGSFkoEW6Z6+EbZPPHqHrW0gFflFPUtmZJqhPSAvZ16s9KgkYOmsRxFxvcSoMe8w82NmGk4CS4jRnuu1XM7oZ7E9l/jm6hw69MhDzbRk+6szU0yZVxCwn4NcgMuCh51xOPwIUW6lYTwcDYPR77dt9HgmLgMjsBspGSDs8Tvh4SbvNMA2NybpEVXR15z6j048lJzcLg8tX+EM32XNp9vnfaLwOX8fu550t5p4nuZFCl9U029HZRUsqKfGZxSG11tLSm9Oyu6UUXla3KFXV2mpwPFA4iQpDDwYyTeyolit3jSDMhWlbZ9517qS/ijPFHI4nNHXN1e7oYGO1Q1BRlSUhLPKRuSePLCktgeK10luaSw6pYlKO8yru0kQjdrA9o4qHfqoXEYcXoNNcT0HvVFfhYG4v/3lI57ZhbtfJmcdUfkkO/dFMEHQLrJr8TZ5tPjlbBVO5sOnflCGtVFwlGCPoVLb2vhVoAdKrabBord8les95zG/lYShzfpGDt86jIDwIbRqmZz5kn9g07ab6Lv1Bb7m8QCg8fqCRrbWviOd2luOr+dR/gA2NUhgAVMPauJlKOLAZvNgZ7emgBLw6QhmKy5C9M0YLDuJKHnVxLv31sJ98W+qu3isIcr8s+PPmjrkpIDKYUju3Upz9+iO+DjVPrLQbCfukoTBYpfycEjZ9BV5Vs2IOhI2AZ0+4GZV3mE3QvEslhI0SBHI6y0ewAARDXUtivk9Y01/LP8aRhNHYCyjGwvhUt8QZauu5BEbGnB00SkLNpiDb4lwySqoGD+XKF8JtabAJGN408HRPEiTWAM4+ymCLsIeDGLERCFiOEJ2tUPPfZLCHEhieSy6waLUirQkmjQ6NcuoPzbx90FE49U1NJO5xjNuAd3tPvbYRkO5i2DKmbfzyy06w1WvFa2tJSaODh/3crZRvTzhe6t+GsHQd0y18bwiM4hNIOmx6X0TfYAIhjXZ0/9f5uEog8imB+/DHzt5kFQtDL4t7Un9jD7bVIxn7G6KQAqjvsXMz9ceZY/YBnM6hFECYLb/ZiT21O53NDeyDepK8RjfaRaXXkfNhEL63r8GOtzicn58lvX4fDH5oaCOBBaWNl3EeDjV8GslX/I8kHQ9M4YGm/ZmfPZGgiQIESBu2VXmMRncCC9ZxHqr9j0ERqRAcJwYZwn0UJHwc+neYZHZbG6zwgBzKA7V6DnDl/wqL7aL/aYpq9Estya3wel9QQQphzZ0jyJYFEjXXmQaBTRmA1u/m5j2bYZyCcUgleXRIFW0sBUQhLnt8I5X6MCMXx7gmO9jfKODgWRiuWS1NRLGeuUscn+kuxh9yJqJ4FdZ8UGWClf8Mkqyb7hhhOtTURHgPDStTK2d8bEFd/iQYP6VrdDtfRFRSTBooTKL/T4otNbLBTQE0zCqpYlhe/uZ3F5kUV6X8xWDOu1j83YTHF0lLuwvqH39ZSJLJJoTiwG4HdUzGC88FK6jdd4HnBBJ9M7UcWpEu4NjTqley9vFoiXzszIn8i1aHvB6KTde5UMwGMZAYxyBq2QrzY+N8Ecry8AKCsCacJFVXa2N/SbSmsOvB6V/2GlBYsABczzI/RLLplRaaJ5waQhbHmBsZltEp0GlmqWhoSsclO2e4HbM1eYZK3ZRLVqUizBffyPhf89l8v/oh/tjp6ayohtGqS9Gk7xMHoNHvDtGcvAP/YCAmtWYqraf99BjD3XHUu1AmuSr5piwZpU9OXSQAv1VHhv70GJ3i/+ozRXkwxn+g/Q7Rv2T/0Zr6YZ2D1/i+B58t4jvR2QPTsNGnvxBbBDZq7Dkw3y2SrLUvZKiSD0WDCwEweE/59ww+z2vPQit2b+dYTostU2IwDIru4v8yD6rUWIvYng7A/ugWlujUe+v2EhB6a8msQRIgAWJ37lCPwzumeswuq4ZjX2e2EnP0iAse3DOJzRG9FEYSA0Kof7O4rszZ3nRisP/OWLcgUhPfbk2WOLOYONl7d+2uTi2zwTc7Qg4Tx+EU/KuDXNLdwwg21yMQPiCOOwG8jwVbbzd92XjTcy8SrX44lMlkOSH6h6uAREakZzWnNrfkrr568aWU2KE3ynEYK336wXGGaG8qO1yKhHTGEJ85lAsDE5v8wvin0GJw/TGVCLpyiR+JrI6l7BfwOA9CDnbkm571c+4Hqq69L0XkFEPUkOJHdG1mJM5hgUn6YqwiZAIntGBdXn5cp4PzRRJMdEtCQxjkX1TCtGoVHuY+KGzIGD8XV50h0EkNMHTM9tUSys9jal0pX2Rbf2IMSCNIi6tPvW0TUwZ7W/xUMPbjrePDShf3yOuyczWy1e1P0q+k8RSeIjn8ClAir4nY5BHgjBjgC4Ik1DezuEwldHCqPALNRxbRMsHuwUbyBFR0eK3gtY6HxlO7yD9XVHoykftVOk4i8vfikOJwpcc4U1DhUf+DvrZsME2XRQ/4iojVfjeC9paHnDp+P1+tG8I7+dkSuAM4auuou8/aZXKAw3BV652JiaNrMg1oyixK7jfklx9TEhGm5KKYE87YKT86cPXlsL+HxD0/zM/xgiWp6Sox1RhyvyQbVbQ/3cavA8ud+wHuDgho4VSLGBgc8j5cwgCePkpSfACfBD/9uU3qL8XcMe/fXGeFyxwZmdrttNhjitJ7xLGufVhdXzyGGpaNr4w9TtQ2ZNfbZh3BOt8KxesijfwIBalQAJaNkGbNmnGAzRlCJzdw06/Yl89o+XX/R6qXQMf5iWM6Cvfps2SWlk7QKaapZ9xJmEpiUYDVh5g1DDIYslvNTOyF8jl3f23/Y2GZZQwkGsA47scAv3ZRzp0hfkSJuQpyrDkHk93RPZ9dIOXJA8ypxdw2YWexKf3EoWw9W10ajtmGbmWFUvGK2ML1nPdVlz8bnbxahHHsln2Yj8c+ZAUiunY9xIjHUQV7iKbANZmltmYMVIcSe05D21mZJC+FV/FtzJtIIRJUmSkmVTvPUAdzrFWg1ExRpLcBSI1LUSihFTf3/ertmDZ52LpsTU2mD6arKrUCGIMHQp5fcGxzh4clBwiY48sSSEo/CymX8XogswxB4nvjlwPg6lgR2DMDxN+3+sXE8AjVJEKU077xdbniyHigf6SAPwZr2iovvqDqNDIbqVbCfhnJHyTiRnL4QigqiKz6HR0eMP4q5Bsfse6MJL/GLDFU86s+vMezDct27L9i/3vD5wGGbgiAmqbkUMW+2zKrQ/4nZl1P6Uw+NzkQh44SV57uEJesZWxuiSvvMKXhzYAFaGe6PWVsq+Fi1DtsTNfMAdzMf7dG4CWGSgyw5H0WA3FFfZNld8vTF2hAkYMqjB9Kj8Am1WfNW47rIwgBQWMZ4JvMU5GGHKY1Bcb58iMKf8jkopgc/Vz4cNWn6Ev+gRUHwOYSfnM1/6w5z432WXJfkGo2HRtan3XBf8gGiap9QF1jkK18s/UZtfLkoAvAf4iTGWlmNYeujM9WOAR9AkAxJZH3rtGeLRB5XSePfb7oSwx9hKfWR/gB1m4tb6P8RUTV1s3n3Oo0zAgSq7oD6nRXXA2anMwKiPVw6F/9VIZFTRWYuUWqZcVY/SqMDRDPEKfM5Y1OjR+dV8RLYSEXNg2iCcsqdrYioW8fVYBa6gGgfO/UgXeq+FA90j81duGZpHd8ZhZGzMZUWEqASr8b/ey3/ZYPSt6OKVnUZBd8eAwFVr5+pmckGjO0K8ea1RuRL+nllWk+EycG//oFYCAAuB1doQHOp/VoKrfhllpsHxHvCISoxSO0imOZwAedjfw86efzPX71RNbupdJKxPKL07GnNyn8w8AmWCXX+Utcfv87iLUTBK4bO+8nnWGZrcHVaGMkLya+94UtcqI4OyR9/n9Jkhp1OVhPiISPXLkvpBLb6/yOtusvieD1p6vQxT5EIm+cx5MIK0MWTYgKWkcBmenloG0SGqm1qESW+tg+ypXVqNdRUbC2M4g+mc+fYGCPr2P1QAIpSrwZDSqK4sII15pfAPo8ShfjjEakhYEXTice0tADHSF61/hrFwVxhv2YPEuGuaAWRmUUesTlSKxifRGGs5hSWxZmCvEWB+IqYbeKTDOoyevkLsiIHLgsBiZNjszU2lMQtG2JGPmI2Mhfz76lG2Y4M522yvVRFCrvqwSHa0761tWpCM9NCN2KuwjA988NlV3i9AaAjJjfjU2vpvJvAnkvj255pHvJ1q4g9mYhLv64EYacokrd3ZeKoW9CBYDm1lv8oWvzMXqRAYVOqOwOsO9igR5vnLfv2jB3JHrXOOjhYokghnTU4E2oTC+5nPmy1aynt4vQjNtafFUEhp9/UQJ0VgQ5sWgPVMq9DOZes5cwrtYqxRoj/TSPz5RUdOLoQKi8Qj4LUJs2q0fQQQ7MwoPaTTT5TJXwxWorx8id36/dgFs9rhTQK/iocHc1mDPKjEO1NybS7RBAAaknCYuFGy8yKipV2nzZQ4QmgcNdyk9Mgczss4LsSUvn1zuMcjkZ8beO6kuRXT0yT1hV85SAgjoiMfaerXkGGNGlie6pOjpXcYhp9fp7Or2TTA/YTje8DePPx0eKDJu651ECJppE+RPaS+PFtDF+MTe/CtnfLVIgC/WccFxSA63WMapHtX4Zh+LExPQFx+R5mu7kfAYfrylB3t6ANv1CKVrT/NDfhc6LmWWNuXJWX0SIgnYxNoHtRz9KdvP8sIZpsWpu3xLURPQDLm/XjS0Qvy5fa0BbVeu5m+1s/D0kVChNjwU1fIdU/iy78++OvrXN4wMsjpNp+bc4qtUS7zyYPeGEz7lDOxRQV99Eb3ozZAhJDkXfgmp+s1Ih30BtoQiHwlsCCmaF0OiSTBvXc+FHBlHGgtnFrsZVFBDhbn4yqBhQ3vGgX9Qa4rIJtGiEsY4Yl/nRVy792i6Xer6AsMnTXYEYCfIYJSXP+CVwA29ZWsfYNfsj1/XUAQJu3Q8qOrqgt4N2A8zPXRwMj790t04fPPyaQKj2OCUroKdCmmYWOvFSL4N/Sl5xLbCo9eSp7PVZ62j97TJroQ55TrRWK/ixsPVYobtWyo2HAZsU3GCiZggwZEtz/HgsiV9oYRf7NI8qDdj9CQRU/cDN2rp4PDWhNicfd2HuaVA50TibdiMUT480UCmrdaYguE+iFoZ5Cu9C63NBj8sy4+4e7+jMNfkYa5yqlIZyT3fXjBC1yabXrkRnYMiRj30WAxA8cbDYwQkbv37mbefF1dVy5hf9oeCwUSUknOcjWOaVe0zmqSxSOuZs7V8MLjsz31VJuDYyQ5XGT9C/AviOwSb80fGDG8tPIwHm2y+ohNc97YqfnbuPnRu/yVDWk7jj4XZKBeKeexZswUzc8WO4LW9IGqfmgvFVm1hz0joHJxII13/KMTHkFx11VcJ5Or96ItFCPVIosVF0xxcbFH9I686Y3vGferGRG0GvpUJmxnrZfGi4cVMwyvMIRsMbWqntmW8Ue3rwq3f6rm6z2ia0Rycsd8Un3PhO4IzR8wzzVPuK0ul4Vl868EzN/ASodLB+7ACv1GjMpaJktvu0/dyZqAfpw0PZh6OX8G4onlAwjBbmmTfIJP0dnEqGl4RF9jNp21W5pbSx2zxKF4IKnFCcSZElFYY8vGswxyZVdRRx+VUo8dmW4zCbwJHFDhHylwh6qWQHez9ql1AcIERioJa2U0IbHGwhHU8cMbhHQ6J300RWgKhDCQdeVapZl7IvT/2O7lNoRLwxyp804nTOPaM8bXzsURXsde7WPDuQ5PIonfm+TE43YxIJ5qyZ4WSOO0wH55LNsRj+1jWpdQ15frrwure3lCNbR+VSU0Y2Be1dKQD0y+eYqJ9vCgHZuwM7q6RKR/EaUroxEBpRI+Dh7gOSbxo7J3E8DTpyVQ6kNUMdHCnPSlxtwRq24jJr6hz+AvXMPwPV0vLEDimg/0qTIOPL3GIXtsGmd+9Nz1b/L+6e6+lx5ElTfBp2mz34oxBi0uC0JrQxB00oSWhnn4R/DOrMquy+vRO1+nuGbPMn2QgENLDwz+PcPdGMgm+0zlU9WlHj4T89gTwNfxkHc754xoJhrvJSxMRwfhsisN5M+ObVqpjIWBP6c2t0hEgjSaVax74GTPowseRGhArsVUIaFrFROS9IX6f668ZHCG6tPFkI7byAUaSxNO+2Dj/IGUmuhl4V32cLiZpCLikj0+uuQoMECfDxSy1B6/VwXobcRxd6Xi65MY35kpeZpLGIKiUo3NCl5CeDhxFAH8/d5gHmx7ViukTf4plIt6M9sVLd6jHh4K8naFQng9n/KhQ0slhURd4eNDiUnX6apJSPSherk1naboenXNkRkfqo0fG7wFuvfLi0NgTGi/RuEVWOvIxw2X6ua47I/Uj4W2UYTIWJlxeggMpPSvtgRRLwKjOyShEZ1iegaETFKX5U2mQloTbqrduxhYrgvR8mBIC5WQedvYqonQkyd7LW/1+4fzeM1aVG+pb9Lb728jOpiZ+HWgQRuh6ss54Mo6QfRlZ9Z2wETRvt/mSBNLsjPxp46P8DkQBHss0BoNJBMLqN5ml7fiYlwEtyPujFFx2dJ+BcMvILJ7ezYJXFDTHsOnXaw2s8Za44HH6wGPCR0BQYFe4sbZFNN0tBvvAoqdwh7uQc9Ulsm/5vNPD+1TlgkBWhZQ+9/nTQ6u5GxWuXvbaKSRgpwkTVx+e24TUG+VFofw4AFcmUc0Pc9esYdNqh8fcFFtPVo1pJxg5lGPQ6f0l4/xjhnNEUFJLUz6DwSSSGzlaATng/BqQv7Ysw6EphThzwqpd7L9GCcAhXuQKo2iVmgg4F8J11PHeBvDWzJPPDuyN0UCOL6WPnoBildEBTgl49sU+5BtRfg6CIq3nxvTjuRjHALW+EM7Mna4bq0YpB7tKZm3trfijTQg0zvi4DG4GV32NgfgmOn94mlkQqy8MoDfHziVjMumZaE2P4XUpcFmeo8OOVRzzzW/WTaSF2p90hExHX9UTKciau5WtGddEneoor2RJkWjIEOeSAKRqiDLuP6AjuTNMcNvfc5S/2bK4iWMJPFsecldwfC0L93XlKreS7veaia8pY0wUu6Vm5JfXCraDwaGcWHt0xefCgNVuLqJc1b2EUto0G1xrGSvkqTmdrd16ZoxM52WplhRIxGqRtSDDloAL70u2KGiFvsBeoVhLZDbFrkb1oR+Ppc4d5jAjCxmkZxFHZlHsEiqbQ4yzxMcPztqvhUuXx/sGIk3yN+/mWypj8xfM6V/zBT8a7okCs9D+pb14dDBeJWDESdTVQJNh3QdDL467RHXHQY0PPuWkovcb8EwC7m3GUd33OyD/In3BRC+MjHwvOlTlDOCinelUsq6L23NRmfqkc17z33M8HfoELqmlD6aBqmlZKQa/CReUZCx1/NJu/SsCO1Mo+qcb89Sfb8z/q2yVoOofaytJ8pOhGylmeJ8PH98tWf57ojj/Hrn5+cOTfxrFGf8xhvPvAZt/Hb75334V0fifxlH+tXXBfzSOMvVrMvjboyb/u638hXntX5q+Jl82DcASdSri/+djJIpc1UM/fPt/fza3zaO2bI6vd66Conb4PERR7A9WsD8/+UubXQQYwP707KuV4GHXT23U/Px4+7Y6wHPsq52fh81Fedn0j6urCTCU/NX7/8Sa+PO4vCi8+1Y89EPTPg+XKerm/Cr0e/Fd9luGrZ/Sn2v/8fX4NzOSf/xhzBEQqf3bWCMY/ft3/IeRT8t5aKJvo152TflDxXnTR8uPDfqjNbF2VQvs065NLgXd/Qu73f8tC92/gzvC2J9swpA/c0eK/KVN2L/MBhfB/o/jkPBP/PF3dvkXHPKnWPa/mZL9Hsj+6430z9Huf49l/2fT3x8j1/85yv1/ggfjf+bBv4w9jlC/5Pz/bVz5z7bc/2NNC/80kzRBohHxp5lEf22G+DfwAvi39fxdTsL/zAl+6bQC/m5G+vfP4K+C2f/kDOKfe3nA/9LLA/9xssB9/mI//MV/8N1A/OyOgb/33XzhwI8/gL/wzfA/lML+aIAMp3hG/pUB8t9CT8TP9PQra2OY/q90EvB9/f8NXlD+Fh8l/5tOUv6aoj80e0M+3+F/7iXkL3yK/N3OQ/4GWkLRPzicIP5MS7/CcH+HiAKR67lgfa8jsprYLj1ItPmP/4DV+v8FRs/CR1fS32/PGzDQccOHeAN3RriGe3hWz2RITMOpZ6fgFIJ5Lu278Q5IJrLWx09+EJLaZw3jOcvzUfRXMTbz4JqReUWVUj5rm5H7t6M5QGdBpgN8Nk/yzN8ijXnrZCDvFBykTu4YMxNOItNUQM/trqD35xq+NK/cHspTFe5WUQ4xwZwz3gZVhKvroErw82EyDIluCDjTf/Qy8CZLal3+CCY+9AjIJPRpkea9hEV4xl9M/GoejQvbTS2KGytxlTLgD2sMZ59xFzpkxtVGDrE4SjN8WDE860wPt3e4VVVJKKG9XCPbWo2V3uFcHcCFdHKf0XN6tlpPifjkYkBl5jdkm+bRuY3kNVYNL618qTW115X77BXaqM+zA3FcK7jvPBkFvAyPO9Cq7UrQn+a4Ui0DPFV2Z2vNeG0ZoT8oKF4Sy5i3Ko8bnYaciYwuZ0KqyAbu1X3CeVcxrFeCfKu9RzdzSib1vawK+vO8qZpOWGEZsfBsqdr7xU5S5zydm9ItXf966fVMPh8PY72PbXAEVIRIgknrApTkZJqB87mNGNYdFtHuY3IX4Qo+OffpFS0azkGLpoxYOgjrUOlyfdyVGx8ElLMdDGsGFdo4Wj88SyzBAvUVfhyxvmeDTjeqzzpFhfl3SHI1XvI0dGevnrVi27zqGaneOeMsLRY3qOQsztKw1NDfjR5QkUJRyD29vZ8Oq+R36SbPtNDfomjdMfUm6VJh6ereT68VvU0i/4SFDc7fDRtIofNUpWi3VX7rloNhiBFdMZxQHpo0S3VQIcir8s1lQs9HmSNLl6fAOItZAixqDv2uf46g8cqGx7NYZNWyir4tMXefoS4N5xOiP6eFSeLRxzhnLmtuVRGequNXcHACryWMfc6WX42MXtSMML7fI+bJgxKJjyd15sa25sVjPYyzyVHobWSitkZH/m61q2ytfWZeoMlrvd07gmh5TfVGqrrFsG3zqbI6cMstjFFH1t7UsyhUvtsU3RBFEdDfemCRrTvDlndTFF6MBzv5XS92zx5C2oAV2swDchiJ5tY9Kt/wLLJKb9F06yniVODGq25P+Y6feiEJt8ixn1wJVUwrRApC26gZvQmgNnTu1m1vYt+Cgkfi7NpdMa2JHXehN+QMakkYI5wcuqhUqTuYz65/gJ/kD8FU4ysH+5QK2ThttzwHtBlORFqnI8FRjx9HT35z95bv/JKjJKWLWETYhRncZBqVPIbvNz15yNbWNnRTu+7DO6MIaqGoiw+wJIECPlsf2+qvE0m9W3YZMaALlfAKwpcQbBI40plDyI+esWm+7CtzqfVCxl1DYg6MnYdNXt6bKKHKJ7YP6G3bcYwMvA6Lw2tUZqg523ioeHQ7H3d6i+xAHgQEKlYJLnsSWWqU8tPMQBJwN7XA1UM1MvI2Qs8VvnskFypk69Lz6UjbEbPMoHc5tU3YG01G2WhBDPKXdeJyOUj1xlgRoWbx4FLYWlklfqhnFiettZcO3K2BIJu4JZPuQAaLKhMrNM0j0OFmUJ2Pc1/QnSvOhHsuzTQ6MFbQLdB651qNGXOUnSWLeGPsB5/YPuJxiMggbQ0FgasbBLn7rShhua2kL9MMFzVHRj6I75+Aus2DS/sxbpiAD3q6tkUqjigUm7/8rYM/m31rJR/r9I2zSJKvZBQ/95YMJ6bTIcBNg25JTSzUBg/W0gWjs5qV9gpDeFSGi3WiwCkzVOusU8IvGgpzWInxGZxpOOaQLWRktOve3+QClmSsCuj7vCimShMaJIlVWnt3ZBqtrSh2/f7e194I6xPe0fiuMvvMIyK4p+zK8wps2cD9X/dhkvfkvWU4Cc7+AadlBBZd4zSjZ3Ddtlgs8smmDNK9Spq8WMBLo5Kw6od8Ch3v4NDHI9xgRO/zAN0C4t7tk+qtw2chVuT9+d7bgzGzMEO0gdDem0PePXx01llG22GOY5JHODo5tc+JMag8N9HqwBs/9XtbV27MzjuzONaVhlJgeePiHRkK+7hEl9XNEvruoIszA3McJijyrk9J+qa2JN/dKuNitOqwM+AC1NrNXZJmpMaCOQf8rjDA0bFeEbUvCG9e9x7vwjIPGdwI98rw47RdODBxfr9UCQsfhd1g9cW7h+3JMLVHveByugO7vnfNQ7PuOS4ValmglvcnGER4cUIqfLmiAAVa4jYcm4vP+5N8OWKoWEywQ7fWwIICf1UCb6Qbyuxsm0lzGLVOTAmY4Q4hUepbAp8Kr2TN2H8u6oA5SnoJGsIofeTp0UTFBg4qkHtrSDm4kObqrghn4o311xbWirjGmexF086YPgIG4syKasHtwrWKwYdOyzSb5Rdrs417ovtb/wzuFpLgyd2/5R/Tmpgj4WcC8yahlvmjwJdneQOkY+5GZcWZQ53LfIohOt8YWDPqTwjszs5gh2hmcCrIkETRE9nQb1pdrnMIVVHwlgxjEokV2FvEap8cBg7lGJ6yGVPjNbhOtgzeqwfzVIVegU6g468acgWLOVwuDRM35pikgmlP+8QlN0/v1kDp1t1hFskO7FQT8WYNNsqfrJAp7m47om2EJFMaF7NzweVdheVvSlPl1p5g1f30uXBaI+utD6KmN1ZcCpLE0ezIMJcMVmA1DpWtsblDOpIIF5TXvDG8kTVvvVC3p+QWT6fYivubfo37ywSH1e9btb84kWrNeHV1IBOMVp5tdUh1+tS+KCv1KdT6nEnO72l8qn6XTRwIaN7iN8UHsyOR2vZeb7G+o6eQrmFxrAS4tmubtKq2Nyu2K1/qXsBAyMWkdXT0j39TrlUQ7X7xN6MhEHCpPm1Tsoa1CgRK6qbat78uvhbQ4yp3VxiD0Tkcox0bJhRYEoglE2wintQbdb/PQYdxPLrkgXHwwhZYB3pHKvchUb2hSuwz8baUoRopAaecXRUaWXUV4XRRqe5O9XHLe9ugB90h8EXxB97Nb02hw7NcpW1wXhelF1c2I1O34wGOUK3IwyOtPugGGS9Y/28gXnkZMxmHHY+1MxAqkUuM4dJYxc85F4WjyfHM0AcCax8dduwt1qWAkeSZuU477kW0vA3lUKdrcwmhOD8Lr/xOIzg5glzPvot2lfZF7l1IL6crHmlQsxcjSd6o2xZnWk6peol+t0hr70cUINTeTtzzxdzvBmt4HeCjYMyz7YBnj5gzv2TI+Vyl8qrp/nFefHujNG7kaVqdl6SgXVLFxgLxtLcNqVdHs8P96kJqVnHPEgEGoHXDDIvp3tudTw3xIl7CckTBcNtBxqjh0QknTfHIUUMm6Z7lpuIfyxEK3ynthtMg3pSOewwk9Vn1CaiNoj3Rc3AiOgEk7+diUK2YkXwwo/jHWd+EdqWOk1VhkuekLxT88VbrtRJHlLUN2+EMNGU8Z3OiEQPKLgOEHDyIgoK1Qj7Wabd1RWUVtJ3e/JLGsS5rqeTrBkOWgIDvl0CMb0CEbl8lod8FpHKgekJdeH48Pp41ApzD0fZUAleOcJnyGXEFpofFrmIq8h50RMc4ixkeAdinCis58VZvVbeJYyVnqpvKpq1fJzEipoPpL5WZtu6bKywsuEjnnihFXczBbJzE+H4SiTYfDWQ9ws+5tufysdar0BJYBtcN5A41ulCIy/IBWnSNe9LVGXB5pY/el4yRZxE5pKi5yXRKs7lqqcROZ/yb2xNR3fcZSIkP0o16bdlieNjrjLslhU8HH2NzSSMyQaNcXODTxoXkbV4NcO2Vi/kF+gxmqAojMg36y0t923ane/ZO2E6kMPVjkx+wcPVY4eY8Qr5NeEIQTbZM3oP2fpxaa00WVXUFhL0LtaFGcMbd38v3nGuadMjp0mOt2upezGexSmDgyDx/ndI94zXXuviVJyZT/SoqDfAlSZKllnm6ZSkgQntxzyaWn0SEZUr15biLuZVKnWi9vr0MfSWVFFpSX6l3/0Yi5NtJxubRu7EVcDcfEYMlLTGE8XNSjquoPC/MvazIm/Lnip3u7sdDTBq1Yw7r7Hoqo7qGZYnYhiufs6nWjwYQIbyf4zgiI1hZ/EXnzyRSAEcMqJVnVc/3lmyII2gWJcrMW01U8jPiRUKX36rxCfQiSdXb5T4Cmw7YITyY4y5TpVpWTD45B1ENI2wTAbbXXKQ+Ihe3WFR9tI+07FOYfcWEbZzW058q23i+vYtawsZQzHM+c7a1SSoftvJml0NmeWiUmLVB82M74gFK1gHf8Hfh7ltAejeUq1SE3tV6gd942UoaY4Fd9c09evrUiWBXgfgFkdV4cf1Xyer97bln1POIxs/1FOmxCacQ7gE+JFSUO15GIHAQ8hO3Pi/JlRIcj+o1jcWIPm3C4D0BRz8vunN0y62ZZnB7pdxzCJGf5mC67knSsAIuA+92G49QsiXA2uRVmRWOuHM7ZfKQiFYn0epA0qglr8mtisLzTLe1spOZcl+iNutPcGuJMOmVM6AJkteT42ay6xB5u7brl18w1jR6ANC0r4mT6DTuXVSB3A2imfgMiTqNNopM/DZkaWQQl/2j7IhdzGeC+yvbJ/8QQAQgIKc/7xduE9zdLXxLhh+HIuHGBdiFnLg2vwnogphLZhPtgKQILNnQiXjjge5op9GpjSZ4uT43b3kWMKWawH5I0oc13Pc0ljbH97Iu1JAaQ/LuIlUqq9wn8BEK7iDxd52LuMCR6wTX2QDVOmZ8mfdPdK5rM+PysxAlX+3S0pKYrWXKottEwd4ZMJ3jTMr61aq7y2HOrWLI7uPNg4F87kUQXTqNeomo7SpjfC6gW19M97f3dF4sqRXqs35fa7Z+rH2NE24ThsXIZIsVkRHkY5d0Xb4dV+1jQS2U+kXSguhWUX73c721vRl0kX85xDNnUJ1qbDtRMbJGZuOCwPglRR29Rlje8LpIlyMm/mgf2sNlzOSI+ahxq+6eo4Z8GDV5hMaF1eE+YqRPTFzsksB9tWHbAZGKrUMgpnV6pCRq4xTqxX/WMLkDcEdO7BZW15SEx85LlMKgu/H6AIUQOh+lbW4vTSsSv9tL2ZeeU/9xkW6UbXaRSB64Dx51h3geeLaN7XRbQLheXtryFKoQ4UGhEFNG9iOwZwlvXut9fW+FPnr4fA77/doPgFajAyTNnZUt+xMMm9Ql2dunqj22Z3+oeVItb92mnMYXTb2Bnfr6i0engmviRrZMJxyaVGH96CXK+S5hWTA4C23e15Sa7fGYF/Z2KzNjKOvAwQ7A0Q2+LDSX79h5Kvs+gMFlTjFaIWqTZT7CA1W5iSF/TxZf1qVLQt/j27W48zrKHrO1MwH9PNTeaDZUrhHlLvMKVz8U4IuTP6yHJxDb5FAlE0ikYzq08vKjhXji7EsJbIYKGGBc9g4CRHFyUYzkiwFmOnWRkjht/k4j/U2gDdoP/WvY4X0L9jEjhIlJ1mCQF8yE+9IZgFhRgbvTTaRZ3AOhPkGZTZ/rYrfAXVkcP3dCZwJx7pSBP70dq59F8vRePAvRh10twvSeJNcRaP514z5RQD8X7pqxO/OheoV8qSdyPz+exz68CEOcjtfddmSPE7bk9Txd5qzCsqbW/TY4jzA7O4s+w/Ks4OQdTZvtPJYzXA/lPkwLLCwsphwKRz3oQA1JcC8VBC5RW8eD2djoJkT1FyPQuolIDEf3tXYd7TY0fQoy1ZIneLC6hU8I5ONqm4i1TmdhrOm0Z5a23klkYYQV471M6ovPZYjVOx7Q3yYlcUOacF+ThxLtjdJELYR/BMNXQOt6AO0p84kHsAPwHX0iMAMV47iZWuukUZ3FwHLjwF3mPcsS57qpOZ6GWxK92liYdWBE3Azqo1QYGTHvj/qJTuwxr5ZumyUJc6umptzUChdkQKMVaEnhEaNOo/d2uCSJqrSebo7BuNPYDdQfASdvi7sXUvPZNh1CdziNvtGV1vbq5/Jc3Ac7ze9B6l8SEdc8F5O6P2CHnTyeuaDFIBfV/f7W2Dv07LqSaKcoyi4JzTMXG6bGtm2XMfKuhNZsfJRa5fAGzf7kJVlnvU7X599VcTHKfCihE48e6bSIyQVNOw5SsSpFEl4RI1gONIfQcJwCBHcBtH30jOUWehd+Fh75UlMl71qSNVTEG+VWPsUodLNz2membiP6WjzDjG75Dhg/8RbwHABhgWWPWG+PVTWPzya6D7qth/UMcSnbQnbEtNRHBjE5UcW9E3ocnaW87XC4uxZbvOkOG4XOT3AJZXfuthhTAO8UbJU4nor5ib8uQbZeMqvXTj16tM1C9XAISbXkPFkZXlNNWRMIOA0JGQFZHr0VQoTkStCOsJroHdb8sc5zXZxFXWE9eRInUhzld4q37Elzj7rNjx2JnzAnDuXmGOijqhMOu2Wk4c/v9gDS2NtBeSAhPl8EGtDk43E8l5zQMQgfdG+coq24xIjb7nJBTjMsQX4iGNHPO88APWRp6nUYXhz8wkNIYIYdpQEzyGEb73ezIhuSUAPfXlJ1fnMYh1jQ2aL24B7NdIM0lhkVn5wDxADaTq/cxXeKXmxcVdlkCE43rgv5/NI8tJe81dURYjPluPA00Se1YZ0LZycDqyRkvMns8uIcMmuj/iHRLw1qD0bwra4lL7lD0JnUU+YaNt09Q0e3BArJusgOvcsK4oQMbNMqh4M0TX1g6p0Am8goCsz2fEbM+tIIJJ+Ve0qMhcu8ZK7r7wNp0OoZHWWuDNjJ7/BxbXQPuI2hZ4/A5sUjgRz2UkqHOltPdE2UkBhFeh7hqxInmeHWdUmgBw+vty0wKfhFK/3At0j+Wn0qy+sk4JiDLJXqFMddpQRZrF80qa7NRgv9JpNGlfFH+nrWWSVELDIwVrutPsY1jTMHdslxUJLTxstVNllTIF4SsFrmMASLXxp3rZwHlcQpvLfq46rGldfqpdG8ncQOzVSKU8fHI6KX/LSPZV8KuJz7GW2zuilbmhfjGmMMueQxRb0v8d0TBxJ+DLr4rO1Zew5s4NOOSeOjOwaO+FS8U1AsfWTWbn3ObmALbf5c3i5mkFEWaiuwHWXOKHkSiwB22pIgmzSJUWXoh5ggVF7ojHbCH5xYHDFStoOh5a+KZ5Hg0bQZKhUCrlK+GPtArmDYtTpGxTOy1E1XBs/O+iyt5Hmyvps/87YOLqjOtqr31jsNPZOQxs+D6t95laEgjO0Wi2fpgP2plN2An0S8L1LS7Ta8Uw93UldRcG7wmL3iyHdS6uRCPLYvOiGnooShVH04uJqwDFar8m0dOUXR5ueScqLexRprRhsAE937DWdU4+dyOHtkltN7RJlOXM7IY1oHPG7Z5WwjsAmJtrzPYEvQR0hznS7OVLkInGY5zT0vNfiRSClh6K63AKgM2fB4uE8NijB/QnqIu6SFQU9ULhi9Tgi1pBcBYDP5Na9PAgQi/7iDeBMsGeQZYpJpCwHuTsPBmn4CpUZ2c7620pstX25YRMS1B3mteLd01xDmTeadbjqp1u4mkTWnhykl6Px6+6jk9+RqbpTqtQZidTJPCwLwo9Gq5TBa7KWuOwl7QLYNqswx0vnaYEGHH694bqWP+qFwOZFfNMpoLxFsOWnXMy/JDJszozTx/GBpNaHgWO3evT08gNiyCTc3agrz1lbkjNchvIuFbJf2ZDxN9S1/QU+ggTSVSEzUDmdsWOvowF1gkR77mECafIr0LghGP1HT2F90cR/7DIjocgr2Ym6ZraJf02R8YpPHZvVgpo8LIoayDkkeLZe1oyEvnL0bqjE1+F6YgLYdCwlToJ/H55iIkVTnh7ydqBTQ20s1b/I4mKLkSY1DBKSCuvd0OybqocTl+OYSmZfkmQ5eRMyJeWTNT6S1AwsCCKdizzqxpabwYWkjLibhB2LW0HcHwNS72gE1TknmJqTN9x5J7AWmPE68DS9kHkNHp7aG7mL+lD/qYcknG0IKyQeJFhfv6c57l5RnUB4q7aspA/SBBv8GUfgYd27kPnILYrE5arr5OmxdmzpOE5Z0S5A8Q5lckILKMoV7Mw7zKL8rcwdKOnOg9Aii+6W2wNEETmXzHFZamIW0jJBqwx1h/1Iccl59DRVSOwuxUl2fk8W2hmTvPUAj6oUa5hVWdmS1x6Au2TxIHXORUxXIYGrllaTq6nJSk6VjDR3Qf/d50jRHQHBv3Spvm7wnIYs9HeEMMeek5My0V3mBlcFj2/L29Pp+ql8vG5Ye44Fjcwnmv4yjIUEfgIe1Ccn1tSXysxARzLJIqvqSMm1T8DednMq5JHgJP/depWf0JqG9Xzjie2J7ZxtFiMwetBN5Q89doplblo8mZbABl8qmnwutntUR58Qjhk0bQ4DIN8tkPUDAnvqjecVn9CzI9ylv/jGZYj2/bZuWIm+Sww4fRNUZEgO+UNYiZXRIEcknRuNtfctBNwLpkZkuNsyeFSlX8lyomwu9tNdLxhQ4TJ93Jm/fSX8TU0Rn2UlofNv6+AO6v1d7V0S/kU1Uw24Bs9WbnXH3NjoSnAEqHyyNW6lPYbDG9WEaRytCb6Es62I0G0u/l7PpWM72xvFnA+KHdVT/6GyIxrngNXMpaQFUJj5NiVJhXB9iOTstfnzCVRXZKzk93rKCYZ1sUOerE5FEcXYFfmuuuDgJXgf0BT0jk76RyAi1Xoy4XBpzDwYKuUTqrRfz1hAN8rWSzvpMvbteYk8vNmkk67Cy9doRXi9CisN02AXLK4hL0DInWeAEOJGiC3ffSmA4lvgS5FflBr6vtlSZEmBnd81u5ME7qETW1dJ26yCumCGxY/meeUnZ7Rf9myXQARpTKHXCDfU9NfK7Vx3potkklSiXqYrKr8S51y3ua0qz3xW7xka8FdmKQKFh9ljvIDNgy8Qn/bvBGc/3zXvX8+FduGmKVF7t5xBHdbcSBaTKpVjg5Qbx3J7bGhMYUA7mF1hn73BDRUzopGRtZ+WdS8g6yPiT7jjcmSBF3HogyGrIlvSZrDN5jVJdt797JbvlwhvXpQet0yQ4DeB3oOT01351YnAJYiQnDqtGJUIXHbDxAThI5EcZBGoEHDBzKIDfUpuuOSis/Tyl/Tt51rrO9ZNr5EfQusfzeYLjVjZ7hyUPtCbPDRwDLFrYEskWX7waPE3I5MLOV/qM1R2iIfqGOWOU4g1LSfEzR2s5odom84bnGTO3+6GU98YEu2OemDcdi12Zu6De9VvgZY+xx5oziqSRoYoTzocGsZW1ERAkMwcucpeAWM8+yVf6up97O320hysBbMPCOnZV47m0HxX3tfkb8hxsuAiFpqul85q1F+Y7jdLdybaqPtoasJphhgJSyrjacNguJ7FMOT2q7RvMEdZ1AYVN4hYEybByVuwVkOln491t+GTIYQzjy06x18x6Wa9X2ajxSyX3Nae0lYTeeOCJ9zVN0cwj6U6dEKN46gU9XnshJkfVBeTXV8x/dOPPEUREP7FLpinBTnFb+nI/GL3VHrCnNOMWvngxteFD5Zd37rFzq/i7mFgBFdVsvwxWw7uVH5V7yvaAR5kK2pYwVtRDW/SPldRkMOer0FDpBaDdJ6Dc9Nnhk5svZoDRS+idAG+IwgqM4MROAIaCMGIaMwVM5vjqoOVMfc9AWHoDwtlnXXgQUgE04R+3inNESGVX6u8W2YoxP5UEnNYaawJqvtkvZV4cNODQUTay9s3VhCjo+TaWTcz5dvLNGxmoyp3CcqumrsOQRoUK0BBSA3cejhWGV7E2Ynx+ZZnZHcPShzAGMaNUpKELAZVGcus6L84WjLf1hY+Feb5PcE+UH39edgl93Jo7zAhOS+S0MCX2whIEisb6iqKYOcs466JbGewfU9NmXN4gfidPKF4QPcs9Hj4WhXQVAUXYG4Mnslrh2hSkY61RsFY+mqnDsfQLbCsolUS5rDp+tLJqC8Gqvad0nhha9Sr70ccfwyYQ62q9RFUr/ITNuloQXsVOxe3glAg+Ro0JvyrO4a1gzfKp5kMI3I54DCgMyGbKckfVTtyD/TVrCjcyz8CCaWQNW/zjNVTdoNurekJh1C6rS0GLyG4R2ybYmgf7O2q8E9YfEGWyL/fEv0QxxSGWGCi4+hisUZ/lxQh5B8j0GqKsqVPR1jCbY2+XGBuECL2wFjq+DpdkXEiP4x3T+MoEo+0/+Uwv1Gt3jcePq65qEaL7/ni8I6VcpsysNiPwYCcaw01nqbdrLCORkdXXjlgBpL8nC4qqK1macgduI1UjyesLsJh+x4Qx2UclIzn9OUhfwdAYbE/aaOovwIFyKrN5iHI+z6JjKIhh5lGTcrLDyhIqbHn5GFOENRsWmMi2JxGwI6hnvKg5DKYw1OUsaEikmYnyQZtf9MkUjnBMe2h5dC7NSLYeWj3075OxUeWIaTM2k9IDSKV2+ZMs7fcAE+8pqk0auJIJT3CrE10cDTe8TOUdPgarZ5KOuewW9P2ElsWMhHUBqk7ZVE97LAFTd0+iCY6sIakKiOEQoXue3ujYG0MbnE+khPC7gADnq6crgylsyCmSSyBm6bLgBNHD9xoLq+jiPKyXcDqOm2dh6b5iPIuv/avjgwNCB7cBew3JBryVZ7gb3MV2HITdLcIovZgd0HhlsLbgqYiFuCgr+ip2U3WDovvj7PG7s+9mT7x253niJDVEc3WXMjM4BryGNVsxt72BvXwNDjXzTJQ2U8NlBL/gaNQ3k3X1Lynkqj6VARvQsHoY1YGKDehlvilxaSkKS6pb1uIr75Bgu1swRVs46YC22dMRv+bRO43d8dB3fbfxgge0qOLhGQBimKpqQ0Rmv2UnsMxBcDqILpCpTE2nJCrC5+gxKsRgOqkCiPBaS0ZouoK7cfFhdpgoSyva3GNKz89rjp8XiEPh44YjzwCin/gGFpodPsaiAOtFqO4t5qKG7L3sJ8MtfQAc2vIlPUOHWubd+ESeiK4NrOkwTTLzOCAr0kZCorbVO6KUFz1stvPa1cHAnReuSJX6iAcl8UYOemF4gQnFJfZOyPJMV/9GH4Blei8vFIKsN8dqHzlPRUYceMqZrRBs1xRmVhaj9GNLu1bjv/EhOAfB8ISP5KSxrwaj34/qxMHKGnLcUfDkHb60vMEGDtrdFR0Uu+PWgYySOpjLgqLmnkWJob8DSYOdanw5Spr2mKGaHJdb5eOoiizZ2ziC0zXxQS7FHyakLKkEgGi/AZtcHZRI2cdYioWv7qRxK6BTxu4UhOi2Rn5eJPJEE+U+vbALAeqsDdfX9D6EZWKIdnhfrCYYawzTkCmaAzmFVvVICOxI1kMppiNe1Ta9Nk9xf+Ot7MgHc0vMV6Uu6R7DF+Jx0XGqlItAURGwnA4ikLUflIC8zUS2vnmTqLXr6WImsCY2Db8T2XbW+OCAOwIL1AWAIY2YN7xLZ+hTxydb9d04UKOekdFFOJt08iXI3pFyMIusrwjP3O5UZhKCQlz9EBKPGn26ueiZpoMUWVQdjrbSnI4Jz8l0p7cxS8q9Zcs3Tx8vW2QdFERrYhZvhegN3kkEwx3Asqk+qwTR9eo6V0QWJz+Opz1RHDwP0qcLFhenId1tqeRdHwEyPbwtimD1T8BLYIVzMtViJHsWAeSkWQ+1qXmrZlH9th/0xI4WXuKSrKC3a2dBUMPmfVWhVt7Ey7NAVWLCoAXnAZx+OmeX3G43UbRdi/GEJGeChr9661MGrlepAlxUMxQtO9dWZ66oSIsJNLcqkD2op3Ca1rVumRG+WIRIUm6HmqdWVGZJhK+1v4hlfSuvAJxj+Bfpf53ijYI1n4DaF0RImxAmG5QkxYhBPyNRmAuZwsp54jQ1KK/H49rnu9ON0+dDhQlqiIl3m8VtOniB0i0Pp4V17qDzVRHIEawslCRWzzyCBsXlA05jV6FRaozDjAvaIsf2+MtbNWM1YWD2WN4oPdePzWv2RdESwQTx5Jvx9kcOFhcU4sFKRHXG7VE7R9f2/sb5gP/ceScAjK8Gsslz4bVEkX9x5LXoVSAY6pdoxbdHgII7jmBnJNvUDpbYgqkM8EsWhAVgGIPwGoQrsuCQGyqQ6ycU0LRb0kAuqcFxgh1mdVIXbOYUi9WeornBQOVUbYJmsBte6nwZjFZvyH3Gv/j8lE2k0KAmoaSilhw78ixmDsURSJgxdusqIJtt5IhkrBeQ91wJALsVRlylE2tyaYONxkv25zLvyfmFfqO8EXKUhq+A7xfQblImDEcxtrtsjqFZd96p5GlkesDpHb8JxbNGX2KH6r3NNI/My2LnpgTlEAgm6e+hQFSJsydh5ZvjoLEMq6zbcwjIqCnltWMHvb0dNlCnNZO76W1crNsdGxqW6/nqpm7AiOBfFWkZRqE/mBlBfzZbo8l/jZXRL01D/hXx8H5t9/FnM49fW4L82e5jXoFecm+vztxNUUfCg8Fif38nJ1RGogUlbL+qaIqmB45qB74mbbJq1W3T7vSZtkkpiekQilZv2tKpl1IRCd4QIi/o+++0bZoUkteMhUrtftskVkM+/0umjfx9Nm35HSN4I1VYK6Gvl3Hu2zOwekkIh1jYlqTz5tCByjAIm7il6/AuFU9kH5I7fKT+3lzvN2nrXWVY9VVmff3WNacoNE479APDtdMtrnqvttwwtboh+tf33eA08Pktz7PQquRtOBr81T4OA5+Ps3hr7PNb2u17nq/vzou9yv1e5tenDfoH3mWi3/snVbojYVodClIJDuTkUseezkwlAn/JcV+51ECGY8GlpdZDQh9fQ+FRSoI+R8HtlyMQXqPpONyuVi5sOPXVssenZY8TpEmIwX5LY4E3Nu7qRb0Z9tXbO4YYzuNbmrR/S4M0lmc15wbK+KRpB8hXfOVzbsi3tF0/v8rTHRf/pJWXMMDK17vaVR53ftJsDNPZ5MoH2vQtn33VcUpXmgvSjk/aHUOvWdj1EjsMtsAlVtqu/mxgdkCafkrf0q5y79/SWJDG4WpVoIb79a7mfE97XrP5ybfp5/NbmgbavuugTb/lu2YKvGtj29UXkAZmD9dAvfff6kCu8uBPeb+nnWqVnNcYQ9cYQ1p1jbEjvbXzW1/ZBwbquvp6XGP76at+Fscn7Y7B11Z8jdPzrbOP72m75oB3k6sMDaRdbauvLbsGdaHgO5hbw8auzycO+mtc86dXoG/1NY418pl7pwbzAf9UZnV7axWH/FR3BebS3X5q45Wmn+5XvhI7r/6CuUJ15/lDf6WLppKrDFDX1f7KRb/mpcb0E6SBVVIf3+YK+spXf1bONVagT4f2Pe18Yl9zkGDf8+mVhH5Lg7+nGWyCf72bHJ800B9H+/7urrFfafpFm1/13qDv+fTz9dVXVvuB9rTrmXSNWQH/RKPXGtG/5/tOy591Ux+/0zwYJxf0B/lpbXzWXIL+tIY+aTf0p7UG6ji17+sPu2jup3qvtIsDheynfaz29a59zdmnzVe/z/prnV50ffXpQy/XvOO/p10lAVqrvtX7W75rTTrP/afyfli73+r9gVPJaCQ0UGhLq1k+q0zgSPOLy3/krf/8Bo3B2B9sN7E/bdAo8QvbTeJv2KB/5X/nz/vx/3TvEv8l/nd+OVbwf9D1w5cHnP8CTw//Xit/FLm+mUPD/0ahP5j2U58UkPfzk/nBAwD6LcO3R1+J8A/ZoJ9dAfwPNfP/pTn/H2z/8zxH4vw3QvnTWv4Fqfzl8v6jlT8K/8JrBPIrrxHw3yGA/4oayP/O9Q3/sLp/X+v/ZH3/A/pfEIn87EIGpah/ssw/v8xsKq9hAxHG/+61/wu3L/9OCPf/rrX/ZycvM5rP/2PX5x/dcKBZ/LHs/+W6/YsY8v+pBUtCxM8L9hcB5L97V/hxvRL/quX6Kx8v/zfjZe0PeFn7NV4+Pv//KV5+0FINAfx5ocBboQPJtdKgC5teSIJDtPMBfeHWC+vyz+2S6i8UU5wXmvjg4wv9/JAP1MkhXgXKAt9/yPuRjjXkQmnnBzGBz+Z5arX2h/dvP+bdvpfnX30M22aOr/5J54UEWVmwyh8kTpF5pULxHeFeyMwtPijxkmAlFiBSIMVeUj5ALAf4jwGUcV7lA1T2JfXaH9T2DcE8vpBYvV3oQdq9C7nZLLc7H4T3+KAXvb7Kv8brCwnWXxL2hTgBKroQFwxQxxcKcgE6Af36QkIfKfp7G6Sr39z2yQNQlX3Dvsq72s8P+kUD1zsWC+r7IFJQ/te7+5fOgDuufmBfZXyhqi/0BpDy9clpALWAvNdYSsdv+T59Bqjlt75/zwcBZAQ+fxzzFHkNqeCW6vmdfrY1QcPO/K6L+8/zFZz62UULjlJ/FvN/wVe+p/3/4CvgKK8H3m9+eyZcLPyl9WkGcvx/ ================================================ FILE: auditlogs/export-auditlogs-to-ArcSight/images/arcsight_2.drawio ================================================ 7L3Z1qM6si76NDXGORdVg9Y2l6LHNp3pDDdn0LcGG7Bpnv5Itv+ZmTOzVtXaNWftWnubkX9ihCSkiFDEF0FY/gvJXWapD6+F2iVp8xcCS+a/kPxfCAKnt1t4QiXLuwTbEK+SvC+Td9m3Aqtc06+K79J7maTDDxXHrmvG8vpjYdy1bRqPP5SFfd9NP1bLuubHp17DPP2pwIrD5udSr0zG4l2Kb5hvN+S0zIv3o3fEe8aX8KvyeyZDESbd9F0RKfyF5PquG1+fLjOXNoh6X3R5tRP/zt3fBtan7fjPNKg8jyxCMr3PWWH/tbJoBZv/Sr96eYTN/T3h92DH5YsCfXdvkxR1gv+FZKeiHFPrGsbo7gSZDsuK8dK8b/82SQxe5E04DO/PQ52OcfG+yLp2fLMa38DrsI+/LtHtMBq65j6m4Fsx6mHsuzrluqbrnwMjd0REblDzrGyar/K2a9PfKn9xDNKafU807cd0/rsUxH/jC5TotLukY7/AKu8GJP1m5VuYyc37evomGeTuXVZ8JxQk9aZz+JbG/Le+vzEMfnjz7Nf8OxH42Dt+NsmVzkaWHxb2//dX/H8O//4pLv3E5C22ZXbYb/z7iVm/YOnf5R+DUz/wj8DJn/hHk7/gH/W1qP8V/pmDMVhJ3RrBVDUusLFlcv/61fH/aAZ+x64sSyIq+S8W4L/EwN+tv99U63f829K/4B/9tSj/cP5RzP9Z/GMZAQP0T/wj/xj+bXHmRwX68/ojfsU/nPqz+Ef8n6BAv+MfDQFIlv1Z6w9q4x/4R+HY3+gt9u2gf7aH5O5nfv7G5D9+PX7Y+c+zc7f5gZsbxM0N8+34iZk486vFud39Scwkf2KmHlUI5BOYNXY9Qu6/Zy7k1xV9LC9PXM8iYpQQzR/DKG2MbijHsmvh/agbx+7yXQXQlDm6MXZIAp7NwXB9eRRPHn5dZOWMhId9P4FPwjH8Cwlel4Q4PPK/EOwMBYjgDFkjgoWlIm++xytWhvIJi/nucSQTMlloUl3oR3yJH2oFJpVj1uQSl4qcXAP51BmWsqqlkoeSew2IAvu6Ti5Nk2D7R8pjpcqBSeHV5flXspfQmwfD2t8jgm6UirooZFHo6zz551OnSCaj1BisLxDmCnJtoWatUjGNA+SxEgh1NTGFB7lq+7kq+pO5KtixyletgtccgM/+vh56pkC4FeoLff6ubmXedV4ltPLZZn6eG39Va/V37cH3daev/jw4x+DSDBGcn7I6i87vpVOpPIzSr1JJ2BoyWyRS/qrD4UvizQ2cc5NcXDjvUw3pUEVSMx3PezySHEa5uETg0Y9AMss3DRY4LgrOD44hvsP5L6pFEfAzHI+Qa1g+q446qxyFPcvsJ63gZwGOsfBUm1XUau/p4lVTKxXe3/Ovs/Dqq0R9CTOkCaLRbMF25lqje7NqARqVHSsz1y143fizJuSLivvw81VDZZoDrzF1URcKh3VxRFt0Rm1U9GcHHnw+//xcKXdIO1QXPlNZv/4svuH15/jRdf5Vj0JjevEMltkOGhP17Nd2nuPRXDgnG/UL52gXvGrnd82C/cOxo/u69RwTmgNtrs/zu32O+p917v0n5HBekIYvusHnCuu3uohWDf861892r3oKkoHn+XsZSIjimkhOeVy/5Hl6xGTQGjla8OjfD9qX/mM0I76hf1SNxO4fqEaS+IXbR/xJivGfAJ3/bUXYoBtsGNf500D+gOnR8Xd15a814w/K8+/oymsLdSVXuqx+mrCDlHcAHprlFIKTw0/oDyiAAyo88/y1tBVUAkiNs1xT4UAVUQ7s5lmPO7OKd4Y15e4BALs5TkIG72WPPbornU+iJ5/siAiwhBCXwGShDo7voUf3MaEVseTcI3LfXqDupnYS6nFiTVs8iYhRX//A5/gcn+P/yoNbdJIy4QeDwZyatgEQIPoyRTaPFc7sjjzAdH4GJ6FQHfHknyW2DqV5SuRilyuWUu0557Jf8uuhHIajRT1UXlggFsK1KqZ0u9saUFESrIGxrFlrwskJZEtoDhY2a3bNmI67t13R9Vy8CLxmjM8unfmSWPrEqQkuSRd61z6ScKjD2DluNSw5B2QqN5uUnJmshR2D3D/wheJJBVXuy+6uVv7GqPeSVdOW21xT/xLconZPpO2GK7qbXl/DsL0dLrfbZhn7G+xhGqLDOh49YtyW9L2/7x4RdB/ESZW5aWeL85ApS9wfV5XUV4Y/YaPh4El0JrQ2JCC0JUekqan0WNH6+QKtK1tdN/fHsE23j50hL9CHEG2ceWTQg2OzfgsvDYj/2c1UBRqkuwQ/7/cnQXRSrR/J8yXnGyeDtl7kV1JP7vdjSTH9Xuri/O5ibng84CHNOtfCmk9p4h7LredcxfhY1tYhOMDO6oaz6hsNuuHi0cmNGkn5nBrwRjfS9BqswxKkaUCvj4ykSfyyPm70umorfZ3WQi0PS4v45R23TXEIKFpf9xdNX0Ej3K0ODsq/cTK8L09uT9weLixxPLmtwwdsJYqaQp03D2YsEr6C1x7D2k1KGQ+qT/EOIyn63D0tDrs/Ypojqe4gAseddl4cy0uX+1y4IZwZ6FqE6ISL2HBp1bIV2PVsmDNsB/Hk1hd7QTW8nSMP1pqLD+vBm8KccZ6fpxtcOKGB9ApHbMQFZ88L+2jc0DzI60a8NWyyCBBuRJM67ozM8NZGobImUIGxcyght7t2rzr6sFUU4kFL2oFZYW+0c8Oz3Axi0dZt3Awnb0P2OXunpZp27i8Tutcj787y4yqeZys2+RaPuvNGhXfcLUEBR2iBdaA3lcmCvSnY9+Tmgpxz2eN6dC0qAKJpwbWoA9XSoZWfWOj1sBAhmBM3K9Bqt+CgCKYAfNDkNukP3ASANYFj1OENMNmc93lhgPUGIORN7oCcxWBXsJIEuxIxFkjAMNXpAJ8RAWnvQtzhsyeuAjkPtI73EQRgclm4wrMAgFlOCjDBCfAAYhdOAIMVA6CaYN7DPlkgCNLAwYqOqUwQh7AFOAoN7FMAseWg8QOO89D4hQk2gX3KQFJkOH4KzGBFAEiJgV/DqnwuCpyKoNCcazlcD7wO+xCefVjg2YcE+0AA6Qz7yHLUBw1wOFOwj0HXYAAcYR+6g/rAcz33YB934Fg4HLgJxxGyJgfnwZ6OsI8r4JQz7EMBCewDzk2oYR9wHGrOCQcHzSmEfaCBLUCwGtQHx4FnHzbs4/Ds46AYqA8W9VHDtrCPGkN9SIL07GMD+7CefTgWovUEyzA4GnCcWKGG5x2kLYPoIMFPCmxrAMU8mnCa3AM+d4/a8AKLcfB5W9imQG1YFmioDbdjT4qA2jimAUSgcCQkKESHsEoBGW/yueZzAMnIOgmCB88pQDDPU/khBawJfG7OUUkFHNie87kp53IoNBWIDA4cAJerAMlKBtj8eGFrCbAOYEU4CCOXJtiMJQTA8ZAmuNacknRHIToIA8gGe+ubrCl1gJBN3mFvgGFz+P+u0NiJa4BXbbGcBaHJh7BHU8LYiwFAxzt833EhHBOr3CNXmf0I6i6vx00fCrWT0+CSUllvE2ZPtGGO0PG9xPikRwp3tRgVO3qPdWqoMzuJ4Np04JYzYXNm2DF/HGGdZl2Vy84773nG3ui307wAt1EKwHrtoBvliXhsvYdkEUwe7azGVXIyly4OuCpIbS84gtwsdK3YR470fcvRYL05+xpkJ4uN+XEm7R6WbxaDgQMfp5McdVOXH2IH2FxtHl9aj6aNHTQ5YgyVvmgdax51flSg+23loNM0fQKnnnbvOHd3AugssbzSxjmburkINk1fsffq6m29KISqU5sdIIh0ieV8lYUPIiciRpX0ErpQohzmxxC/K0t7yNn8zHNpGcXLYecP2e5mrtJ5F90nPuVBzuxkkdutB8yMgaF0/bAjQyNCxgLN+JwGTWhuBR9QAjZoGcZd9H31yO5RcznJSs5Sgp3646N/GC3F1hq7YNsjxubgIbVE4gWPdjQsnGpc46JuDStXEH8TOejVmsQfKU1fPfgUtRx1Y+JMeXNXCfKxXQQ7u83b27C0xiDwW2FiQXK1NUR+WH3LTylul96ptI7XCqNWR4aLWS11ue1H4xDH5dl05DAmDzzwgGTLfr9xh/VmK6qJ68gtLSPTAUTGIFvEsWZWdftTY6tU7sZwDSzd0mbzRVOcgxKdt9UdqiBksPma8qYDxurC2re2AXw+3qhko/FIRMRwt54qYQ90W+K4TatPitApkJDisp4csHLBsmkgkznhrj6ADGcUDWsr9zdLUc9kZIgE6s9TWbjAKSfnz/GE1f8SritZC9zZ4wzX8S3nFUZEhsrAM8Xo58JHaxPM7IZRkLw011K14UqbTRatrOB62CaZBFs6uZLo6q5tKhMKEt8BRg6jjTmABcrro4nhRHY41G0uQIS9RffbdMgpqBXZ6baTpWOnQiuCgXCagKzsZKRFGji3jeFsoN5hcwOtinjZQZHpQNGWE2bH4MRKUCUhS6dDRcRdJLD3eRPcoJkpOAmJEDjA+odYjhgobLCKow3mdMTgeshBuS2LFInZNbKTDe7E84w1i463D2By9OSR3MDgtNepKjiulaFe6EjsWyCw962kQmvPjlfau8sPBmGblZKO513GLLfQgTpxUuLtfbHJ9OTd8DXN+fBeVzOJz7cR2vWgWfeBbR/ss8In2RXFTK+DoGOXXQep0J6qQ5DatyBtZpmUr73VXvaD1GdnxIGrpAC8VYPxrJ/9fVYxgATZ7nCvb49DkzK1AlnI0XjELGO8b9oCmwbLw9ESDbzbnj1vHwGEJbnR7vjjlusLnQmZTXaYtKVZtyWsV+DGg1QaEqpcILan1thxFw6rSGePo+VeOX0tztFCWyOIWVNU6uDBjQQlCIdl25R0GUAtvpj3jN7GbZ1DlKHfd/g5oKCh2pe5SmuvxWnlDBJ63dlzF9uE5jeTKLIYKmJy9El1Nw5GZiWIwbh9wab7QyOr0hH4nKddhMbzBevY/DB2TGjcY3qYp/QJsHethAR4B1ETL2NnbkZa2IjWg8LCI+wQt/zEIyugsuxVJLdLvqku9pBYJ77aNQtPFZs0rh80lKlJDhIsbdtgfehhbE3N5E/z/nLWyeixWdMtjoRdir02ZMPT2dZzIB4Jr3CZEIKbQam8psP8m5hKWCudg6QxEggYsE2xW3pFG2f/cISWf/DOV25DseCo9htrN3okmzUpTxhYS5P9cafjKpj4cuP1UYYlXb2I8hLshhCZZIouGvx8a6WrmCM4Wyduc6YgBlH9TSJSNLFtcpO5XYIQ5wRkmUw4a3I3EOWWDIrj7iaTTlf4I0RE3dIUDIgsFdLNZZqHQ0HbqCpr4l5jUJkGUvOzNxxz5VDmEvDPk0PbMVvs7TjgL3oOO6HIyt+V/m0gbugVwJbpioujkRCIUFQRwfnDQn3XyXfkZNgNXhsBRFK50DqG9AhySH22yICtPqyQwBSwr8TIiYcLyU6+gXjaeucAwWynAhI7H9bqfCtkw83bG0/xzUHnwmXKgSeE1WNUyXYV+7l2WNbm417j22Q3BbjQl2Ev+u2890Y9GLfzRITDHAEGuoii5s8XNSACYuMSVtpk2nRVuQ7vozNrD4dxEoC46xskP1GAQVfEq5ejPenb6KbdbwpA5lBss84223E7Kie28Z2iSLNOS+9FDMFLdnDPmDId2gYqgl7BjofTNjy7DGUgW//QqMNYtGnviW4oy5263ZOJodSQVvcH/qAzsgXdyCMcM0Lje54AJm/6Rd6XagD0U8wSay2tSedg+m3jIjq5EFkqXBKiSGM0endqYzm7c+LSPHYdQH6Y/enurh50gvlTNGCrPRKiElBYv4t0doQoND+mPeoIZ3DyEAaqYT/mYLXP+s5uYj4DpFlCm/fQakSUnu0Rchn2aIVJWzLe9Cry7XYXQPECdOEa5sg7yCckgmOjHeldRzYTB2YpH9LVos595ERpvInv5x6C10VZ6Sxu3VZVW4biNvR+W0o3aCOcTo8iJEEukgmLGPaDfmfHQBpi/ARRes1ee8JHPmBMu7GTUtE1lHqG31gMRvUQGGvR/cyEbrbXUvVADriblo+ANnwu12ZfMZKsP5xjEefz8Sz8ayGTf+rgXnbqmmZMAZR8AQfJjuTOhcu7AZJJ1wwEATl7AFluwM8YtIdHU98brnSVl5wDXs4qj2A6OkgwFGhjoVts3f2X2hx4hJsciPQbsGefMQbmEN7JBvpLHH9Bzxbpx3Q2WrNgz7ZcE8Ye1lHYLfR87pmk7x+ZdD7vp55CgiCYfD3fCvBYb8PlgVDu2Kiaye7uV0JgwcA+RL5joTRK7LJpK7NlIao1Dgxpv7GRQjLjQWI3GdIPiEUKAz04yGvvvCw30nf4zWNr6weMiiDOqT21I6HCIPK0egHjxxqZ/YlRTH5CmOxqYlt7f7IMJOJma9Bp7qyG1puGA1xuNQWaZ6aNmfKWgXN9M7UhMifnEK329qEScFSMWlnVYtCFD07pPhnpayZst/Wugb4Gtjlsglm/hcaY7lZ+Wal+loDAI6ohWb8MC6IzsbPPZRPvAjH0McIBk6JTeLhqo4v0HMJ8K7XfBE0a+JCR2dx7lx4RDyLk6B4091MO6Trt9/3lYrvb80VGDsKDOB58TuYAxM5oCWrElqAjxtUXO+7nGbqZ4lYMjrqEyJhEY7gjDrvwAD3x6cgekMuWLkxDYVvsil8ht3clo1wYas9kh5G4D7XoI6dRpKXB2cG+N9eIce5+m+P3B11CG5CexsnPt5FxTE/ZAyr5RhJTATqebZ2cUahKpjB7C2E58nbEjbZRKnMyQaaWOIlCK2zSlcQhbo1yQCTfZIw4ZtiQxx3gjg12rLIdOfDn8podaZaWx4wjN4kjmULFYIm9faBp3anW0CySnvws2u7x9ZEweg/BpelcHlNZYfTlFlwDPCL4rMmYFemDVVMgNESPHIxIDApZkXOgKL4lWGO6HRxKCDpjJyXuI2yQkXKuNZ/rCvtvWOj/nkPtkHhKyn66ZpRyg842Kxz/lQ7XiYtNAwIX0wMHT/IFCr0cMsHzVRQ6PZUkOqEYxPenJ1GfJ9Ti+5MJT5Rr3sx7cZ9NMC1BuKY4zQ3Qq+MDaKgZWR3xXYICjLZ8Kr242bDmmFlIKioUQUxSYYvcsit2P1wPKgSaMsYidXYFD+S6gUO8rFWbPQ6oME5x4jjwZVj0oR6VLabto7DubltcCs6diisQGBWA6HW52kdqdKKRPXYqYzy3fSdRC5Jy+iF7SH9ezkds8eLeC7azKOOSNcHpiGw1Na0dBBCZMz2qtpDzpr7YgbIxjvfOzA2fBXIuK7pMZ+rdHebhPtDieDeSU0mYusGyC1tzW+ik7EDDVr1PNNgusXpZQ7A20rVC84lkCnLbhG4zkE2EQ5ZkzDQDLcIgSKKtFmTVwyVNztQHFewpIElWj20PB484B9t9NVanXMdlh/MlaGsMxD5mm2Wh6voU2SbycML9IztxWDCJwOjY7Y4gcShMKPwtJtuYMgl/bbbDpIIMNwWg1cAbq2GkBDSE7LzHd2Y5UgN8MLaB0F8SUDzjdG6z8QgRFXk2SmlVXB5SwtGAD3ST2yBVddaS5ki2FU6fEsngH1TjneWXAettZY6y12fEb0Y2ZOOM8MZlopkWMYookTFpI99hQ26A4PcGhscseW69bvvtRG+3y8MbMDu5p/6+D05xRvfQbUAqYj+TyyhFo06LWG6zNz4BE1iAs15U5JapJHHDzxK0GoolPO57uTpR+wFLcELdJZqziyfkze6hjBsmKxNEskPGM6DvPr09U8Sk7Uaqu501f+fU4lYRDC6HFaG3CkmfXIIFzQ8Zxfq2PKD3fIk1tu+jGL2uoK7LfZ+vecJDRAOC/NiS5pTs9bi+ltFy0iUUS8BHAmR6SB3K6WheIRaAC/2KAGLJE9XjsLEZdRczcQTtN3RZfOokQq63OEQWVn58dP7ib5YyL+q5zUPP3aRccpmk4mixFhiLCeyBlLfTcTymSqeQvuIrq7g76T7FDApgwAYu+hjoemcy9NKMIpkIwbZnS9e/UkFW+rovxCWUAlbdqxuapxH0s08Fh6a3pU8XQz3o22aCZtagNCAqIBOwxBmbk1EZXQYlup0lKBTbJoE4bI8NfA6Z422K2XMyaI3S++byCHU9CenbZr7zUK8gBOSiqLMpQOg8Z+1+PxZgYJD4dnS2CdRUmFIzmSABoHfX8rf6ctWGcTwGhrT210Ma7JxkBtrVgpOHAOSKW/wg3wPrEq/NmdSCAE/LNc5vR8Cwd4iqSCAEp2Jd78o+izbufCGqeRwDIlXzdNLgEjnDdWSdiOVYLukyl1G+XlXmAB9HKPIkbi6NCTGBNIBtWlQomta25mPXt1t9u7vthjYTS31iL1msDGo5iECi2EbdXCA/HWGH1ReHyhEQCvcoklHsLVkkgLiE/oqgB1S+HFCLLSMIR5SDcw86tEzp4yjMmbXH6YKdWLo5tzcXDIAE+3wmpbNYnI+F1M5tHxiycMsIdYAQc+/ZswBMqCcXj1vOaMlBaG/LjNZo0Z6hJJIs060Papny+BnqU7YA7ho9DDvdB8I+u6RZcCTzRh/TbGtK0M3wzYyqZRSbp67ZWhLMgYiRC4vM13jXQLUh1tWWc54Y63PPTeAOAm65uCtRbHs/s27mab+jThuWQi+zqu2JHsDCHjcRlhyBwh4Bd0oCAj7y8RjJBKxny1w6qIWS4IwDzd4jbbKj+JyPwchm8jFcT5uDZki9vd9inXOcyY2o9gQ4AfICUoWBzDzGYBGqZMhCpD3C5Vg7m2x3PYGduynsDV6JGBs2Qy2I6M2MwmMHBjSxzOV4ZiFTRqzxenoI6GWPdXWZQZwOOHcvKCgl6kRqj2IRDZSAgSmzRgsJ6/cyqR2zsBjBBMtFrF1TCa45HMhHXvB1ua9j+UJhGn8DxqOR8lQkO2f7CNiB0xUXQzoCWls7l0y1i7bpTPYhOduLOsnhMpuP/X0MKCcAHK86d5ufTR4pMu5+MQPBLa53Qa5To4da4Cj6M1Xxpxg4+yRAsVjTAtDomlyvq/N+yrqKhRbH32Aj3RHFaFhnARp+umRa4woB2wIXpWVcb9D57Rk/lVlGk6/m4Gyx7QbXqBKilukyywYULxqAkt6taSWdC5cB28fpxGADxs/3UW/JcuByft03Oh3CFSrkqk2Sh/hBKXx6ucyXbLqcRu+sbrNZM3POSkYl6/2BR29vOKFOb8geJcxySc4n5q7KGBHMPd97u7wC0mQsyFsiiVpCL4SUg+1jorYB1fEYCzHRdQzl3VhqBaSw9xSw8JnK4OoB0oGHqDUkZG1TkhIFTPGSx4mfW2unWU1oOQLggyKaXPQmSAXKyWnpTODai24camTXjNrJc+yMCQ9pgqhqadyL5bI1uEJ38KrWl75ZaXzl5VlDRrGgd8c9elMhtVdWPwHJMTD85R2VAtRrAZxsVg/5ubreZUuizHS4MtRlT6vQV/MBeyl3vmoC9JqKEzRCc6ELw6ZzN3FRH57IjZM8pFu7X4F62W783QrhRi5NHF1qGBuzp3XS7iHSOWdxVQ2gptBPVInrPT+ABHA1sc/U7Slck0MZtY6XprX4sDdIYoYAeq5yuN9FWw4+PQFCUwb3Y2admRj2x14waDGQi9dNNhAIv3RWyLdnFHe/T32+f0AXDN+cw+3Nj7oujLISUnOr9tIwx2wuT4CWndslSwMbvcah98A5E86C8Q1B3WK4xlR7SGyKRy/ZHOW44ZpKz/ibuV48c3VOMnaIGRpamPvOwnyegjKbgBuXPAg6N3pifwm1fsdmZWLcCM+cOJEhmgtUiNCQLHl2yQLMOl46R0w87EIEBz8pionz9d0FrtcjMGx1nY/qdXdX6XsasJE6LDovqrYPCl4Bk6wCRjvMh3vEq9lj6LlhzGDtS8Qw4GDSwKh2fMx51RmPTDGODrayLlEotVD4hokHK4oSkdLEO7iCV6Saqf11J5dNfbnIkUrWZulN4NZC3Ibkv4Agob3pB8lYLeQyWfTu3J7OnGsUdVkMYJVCaLZ4kk6E/WbG/Eg47w6JKk9QDmPitifNfdfP+zO02TpQ+LvAbRKa28pcIh5TIZrY9ZRbyMFFRujs5spDw9ArDnajTxDOmLzJEX5VJJ4ubJR2y5xtPd1HtsdVtVEFqyZkAg2twhheuQPHzj49NA4VHPfUqUp6uqmZLdEfG22uVe6onbfm+RpBCd3SjAlqngvuhM1efPkohZYm56OF7x/liuXUvd6DUMORfdmnpjRRx4XfgfOjW3YmDowIb5YOpBBxahJ5BVh4ZrrWJixzuzkxVBX4+PV6DK6pielFy7hreNlK3Cqhr0GKAZqp5D3TNVSn5nKpb11TM6kNLIlQ8SK259P9jmnj46LZhtgoxkZsNYE8eoythVIGfOS+Bs+q13XACoTv8LZ3k1gmKDHto2CYjAio5fGWS5Sv3IWHspyJRlXKR3b2UvaqSQZClAhWUg/pzDBHSibuE+F1mVYM6BWiw+g+H/KVh3wkRV4tqMZFc7tnQ6DTbYXc5m2cBEhLenTvGA+JRXAyGI1SNUW1Pj/AjabJBxP1EDfeKUdxU2OrX6XjztYEqY23rpYjlA4bcbiIjN7uIic+7ctlLAP9UogKh3X0Nd+CNZDK1bRvzxBK0ts86UD7z6pRebS7qlcS7ZwXjsWkSfJYWntJ9Xar3dxtdL/iF7eEGprysRuExhfiwYQepTtsN9R1qydeKN31MohvuYGXEDhsFb9STSIfz+zRXtnDptVPrk6RPRYmmX9oiMsWv1TdCehTdJAU3zQUAsu2WdBaD5lkQmXvFu7D60bB61z9cRSuNQjvVgdu/GCo8uuFxkYPHHevse6eJrZdGZ5qbmMRZHaZBogEknQNvX4Sw4xDUECkUpWl8C2BUfV9myaXmzmMVzLfcmYpOfzN8c8SSLdp1N+bka522BDhhlc/augRi2OUizSz0NHGI3CINR0J8NZp07QgQnZg1BK8pR3Mhs+S+ft+5ZjrfT3u8w3xOGyVFDE5WdRaALvg4abFvCPOfN9T8sPDh0u81ZpDsSPF2xX6NmxYi9ehbR5Bc1EXlwUHS4sfKnvpcWI5LFeNmYs9LZoDnhHSITmphycx2FhxQlvNMRu9v0bir47jdVEPuTwI0kOF6r8mN0hDFNsHTpJVYhDovRCtkbZ713GUVrX1W2Qbw+v2Vhy60EcSe7jZJNR0Il/w5h5syueLoFDthFuCXEKWRt8yZQtCMDK7bW9VcyivVhUP6qM7Rc9owlkVdLRIuubqHIvbWb5vWu/qG+k5OhYU8t5sK1P03mCGzcVwWVFTzg4vCkzQ8gfbuIvTCciMVHu9RmyTm3fUYuWcNtwpfaRCE7ZH+1DEY0KE15SwIQJQqmuYCv9EjIRj2TOY70OY3fkyB/KtDFEQYd/mgljvJe7xECqnUjiuZiPIMtYgKZAYoVfCFWydr/bOjlSzzZ8JA6fL5BAH+LhCKpVJtVBay60ifNVuLRV07C007OJ0PClnZfM4bWtpj58kWrpDbJEzBwY6e/nhNIZGk8/HsF60xRzrzGYXIzwRV8XPo9DI81kh98Y1ovkNFj+t9iN3mHK5g0VBqNMF3unIWiJ0c7pigO5HI/ikWZNtV6iFSF71okSKOA7bGkUyTtxV1/KFU3btsuxuppgISt55DbqnCLDi7XacZw6Jf54U+KaTbuyey1vyKOhneJttj9u6zoE/Htl6ZTJR9e5D1C9aj5LUEpNtsKofHzuWBhJ0JdnT8faKblmOq58ONOcryiuX/o/Incd+/FrRFvtHufPUr75y+2d9Q+xrY4FP8vwnef5zfI7P8ecfn+T5T/L8J3n+kzz/SZ7/JM9/kuc/yfOf5PlP8vwnef6TPP9Jnv8kz3+S5z/J85/k+f+145M8/0me/yTPf5Ln/6Djkzz/SZ7/JM9/kuc/yfOf5PlP8vwnef6TPP9Jnv8kz3+S5z/J85/k+U/y/Cd5/pM8/0me/yTP/7nJ8xv8Pzp5/p/4uZxP8vwnef5zfI7P8cccn+T5T/L8J3n+kzz/SZ7/JM9/kuc/yfOf5PlP8vwnef6TPP9Jnv8kz3+S5z/J85/k+f+145M8/0me/yTPf5Ln/6Djkzz/SZ7/JM9/kuc/yfOf5PlP8vwnef6TPP9Jnv8kz3+S5z/J85/k+U/y/Cd5/pM8/0me/yTP/6nJ8wT+n7LzPFb99XFRlL3PMo0SsaInBuZfyZ9S5dMkT633ZdePRZd3bdgI30rZZ0Y8ym1/ZrN/q3PsUAY8j8PCKh3HxSpX1El4HztYVIyX5n03ncvxjJr/jX5f+d/d4ed3z8+L5euihdP9rhG69L+/963Z8+qr3d9l4dDd+zj9r75X8KbNGPZ5Ov4XFalXPUS4/1Ii+rQJx/KR/jCMf4WjleeRRUim9zkr7L9WFq1g81+3/zs5in/Hz2/c/YccxbbMDzz9G0WT/4Cvzysj7UtItbR/F2ZdO77HiDO/Mf93jPnjpOGX9Kf/Tcz/L0f5X30X5huzEbemohxT6xo+Jz/14fVHxg5FmHTTm7x5Ew7D+/NQp2Nc/ILuG/QlmD7+ukS3w2jomvuYgm/FqFHZNF/fq2m7FsnhMPZdnX73ZRua2BHPL9u87nhvLUn8QV9s+p1upjb43yjiJ4WMk7/QyDj+p32fifqJh+CelKPdh2Xzr3+z6ddfW/r5W0q//iLTz19bGh4o1DpDiSE4Q9aIYGGpyJvv8YqVoXzCYr57HMmETBaaVBf6EV8gaKzApHLMmlziUpGTayCfOsNSVrVU8lByrwFRYF/XyaVpEmz/SHmsVDkwKby6PP9K9hJ682BY+3tE0I1SUReFLAp9nSf/fOoUyWSUGoP1BcJcQa4t1KxVKqZxgDxWAqGuJqbwIIdud64K6qJxFKWuPvEsW5Xv68NxgFmrVXT+rp6CHat81Sr/Wf/Zz7rnf9du+qEeB/tpulKRgmskTYxSqrha5cup9svj+svxzzpH4XAOmLkK9LFSF5034bPgX4XGrt7hsyn4rAX1rZYUbq4KmvN8rHzyOSa7/qozqxb46m+G/ZHf6qDoWYzOd62KZw3Nd/nqTyBh/fXbs+Nvdbjf+sM8yKvg0gwR5FNCFNdEcv7unGC/E+yHRu2OFaC16sSrtgLHqeKoT0jjCX6GfBYWOEbIq/w1Z+hHqDaq66AxEOryGgOkOaVVAhoHAXk7qVX8HKdu1yuaBxwjqfH+8pqzs0D+wPs5vC9Mr7nC51Uq5KlAv/pw4P0GPse8q3CMzz4sRA9Yt6RonXdWNLbX+F009vxZd/Wx15jBq1+OWtSq/iqbtbV+1eNrQhO/k4M26cLzqVHKHQpIlBrl28MulkQs5NgaSriGZgNHAmkCOW2hESgknA0caY6pK5xtJaDZYu8REtqqQGooy2+zqfZPCuu8QCIphn9QmmJc480ZzfqIJBZKgm5RM5SsVUdUtSBVeQeunvyuwTr6c5b+XVsBASWJgu0gNfMJcgB9pk3EJTgObfWfXFHR7Nf8uVKQBKEzHDOkmA/HDKWuMp/9qfaTuou6wPr8i3O/n+s/J11Pao5x6w6BjZXBOWiiC1MHnJL7xHyNOXxJvLmB9GySiwu1xqmGWuRF3wrAcdST+uQ0nLeNtAaii4A96QWlXFudrzmTKo/GL7zogcbuqEiqaTQXOE9EU7QKKch1CvIF1gNPzmuo3os277pIMuoZzjd/0rxEq6ngn+Phc1p/0llB0jZ91VOf0vvsa3mugBJpHCSRCuxLJV+rBa1SKBsvGq7ac+VCiechn4UJ0ZrU7KeMQE3h4OrzmSq8X1Paqw2h22gFKnDl1xSU2JeM8Tnx7HNBfAH065mA0tbg1d7OpycvSwpqi5x+tYfzQHytFChH+bvPGGo+51VWKXBMaC4UAem6vPqMCQ2tYtinxgPy3SeUR598tYfOLNJaFZJpk9DgTBH9ddt8t8+xV3vY/1rj7/Yk1MLk676P6Xb83fMnxONZt8H6Wg85rtpBaNvKt1VeKS+62iqJVjeUExyuPSTf07d1xvJIKyNt85tWtp4a5l1XmL9pDeGlcV91Zzh/DI1FQbR+yRX9kkFnhWsqf80B9fdV77exhd9ZQzKUGiywlIdR+lUqCVvjZWlRNOZHqEb/Ud8Phy7tj0Bq90sgRRI/46ivsj8cRn0h3x+g8KYZ3zSAd7Lwjfg3t3uHyou0eaQIHH0rgp/y9/nZdLiifLHvANhXRdTnX4cnYQGsgNPX+edeXPWvcde2EFdBgPvuEUGoZ6c/PggWv4b5Vfw73Ad5M/5j+B6+QV4MuYu8pD+C3RSG/chsHHp6W+zbQf/EeGK7+wXn/ywATew+TtB/56cRaeoHfhK7HXTIf1682C+8IAIjvpb+H87GL/n4Q/d1+Hg/v/B+RH+CXsP3XgryXL6r90TihFuhvp6Y4FvdykSYgoD28OUloXPjr2qt/q49+L7u9NXf97hOWR2IGfbSqfzOdslskUj5q86v8VsVSc10PO/xSHIY5eISgUc/Asks3zRANpi2IGZwK2WB58mtGmjXn+gdXgv4q1xY4HgWr8aeGA9ez6/ywlPtBNV/eivWc9zP+jSs/w+8nukRk0Fr5EhYnwHln1fw9wrg+91F/pCVvfvdymbwvzE/a+d/q1kmf7Vby8vkJeXj91bwf5ulhufwglRDGw3X5zX2n1pkpT2Uif8unPit+Aeq/8eADGiVdr+T3V9aJYL5hVX605AF+bMF+g99XTKMYT+Cvn/ClhhBljL+KhbL5reu2+Sr0ht9wJL3fexXWGTzPP57WOQfxta/dMI/fNPyVfHf/6rl18P5J4Dm/1EIRfsdQtF+jVCI598/RCj/QrTGzl8x24Wi1dV5IhaIKlC0hdBen2ddUNH5XQchFRQPVPHX+AQKnVFkS+X9dxn4qvP6bBc87Perz9fZeiIX2Jb9zuNWKs1WKLUOpF/G7561fo1PtCE8g19SIIDUfGGUZywEt58R3ZrW31FedRVfEVMe4F+RWnWNqa9I4zMmCO9rtompz8glinAq7zL31baq3/EH8I4j5AibodgU9opZoTgSgPdrGuJD+HzhifF+u49iMysgX9Fmc3rGySC1Uazi/WzafsX+FhTDUF3/FYNx1FdsBMWQUEyxEu7q+pwr/qKugr/jhBSc76K9Iq/f6j/boLiOi+IzKNK9aq/4IRzXCcVpUEwRf8WJVDR/9FxMQ/OBY1Z/i/vU1KsOmLT6GT+i9GdcD8WUEC0R7WviFS+lSIhdX/fsGn/z5TUnjppV+xkfgmNyUPxvOkKM+IyTIb7waLwAzfHdTnnFozhqfY1XQLE+4tXuyUMU86G1Vx36N17APuBn+hX3Nacf75somo191weKsb2vVVoT1Gd8Sf/tOeqsPSP+kB6VubxjnAucw/JqC6Z3GZzbSX3W4wH227yxZ3/Ta2Wheefrq50wv+dNac84JHpD8YyJftEZtcO1VxzzxQv7GXfEvuMXipxD/8J8x/9qFDfGId2Q/CM+U884KIqR2fHyji9T7/gypJ25oBjmK/5GveOF79h0pb7lwqQ18ap94yeK1da0hvvPeKr6lqMXPxG9leUtBy9+orj1KmDf8RO1+x0/Ubsf+Pl6e/Db2vJ/z8/v7n/x89kH+Xz7gGK23NdztHecMae+ymAb7MUDBXu91YFjrJTp3Xb6ohlc86v9jcfo7Qh8ZvB+2/E1Xv95T7NQnPrrbVP+im++YtPzK+6J1l89I72kWyh++/0aedFUF/33M5JnPPVJ5xePUZn31BVrwr/a+e+3PvH85PVzTTovffKUzWfsln7qqfLbetd456371HccXHjG8lUUG7fr73j/fjuD4s0cinG/deBTF/wmO88Yq/7kUf7WkTX14pNDfsVgX/edu/qqT7yuf/cWyHnKO6XbL50I67/XpvOll9eXHv5aJ6idSb/X16zz5pseDgF5/arH58t7bgTUafhv6/XVH6lVjfeSn3p96VFAojlBXiKZxJ/vEV7X9DMG/p4HrE+it4conv9cg1/3n++W0PpCbf3v+Ys9edn4X7z85+PQ/15PGCfJv21/F6MmsV+GuTa/8Cc2fxaAZD4A8gMgPwDyAyA/APIDID8A8gMgPwDyPxRAMvR/IoCk/m97R/oBkB8A+QGQHwD5AZAfAPkBkB8A+T8GQBL0f2QEkvonfjzpf2Su5B8C+omfeYb/Mg0F3/0iDWXzZ6WhUD9/yy/sI1jw/8SQrnDC/+9/LA9/ZNibi79bdywjYOCPyk3HqZ94SNK/5uG/9VfLqM0vFt53eXC/SFxD2Vh/fSdbocy17/KtsN8nte2u8yvN61/NjvtHHf23MvT+hef5IZTf+W9c092Tf5zU9ndS4P71XLen0L8b/Xb9Fu/dHySy5I/fSoU651dfpvi3Jr5Rf0am03/eb+yp6D9e4V77mZZ61aKfoelWrBFM90S1+sxY1FTPdJvKzNlFG5C27UPJeOmsdFVdHGhug1OXq7hVDeA1lBKSuaGNPtrlkGCpaLvdPrhs6xcVMZ1jvsifv8qngHESC2Xo8fS4rPvayM19oIRxXBWx4K8YY9joJwba+8ZJxTq4uN5JntGm1wejP/T326VnFHlAW23AaVWb164raF8ZtLuLUupozyHxwhbJirYR2dnqoVfD/fxItUZp5o5124GYRu4eFudwi/fB40i3lt3GuhlwkL2XS04JM6AwqUK7ebApq1/2PdoW6HJRJz3YJGiT79PeuxyOaJxqq8X1VsHznbSj0c5FKe6LydZ2g62nHpPIv8mMhraaunp3tLnlndEkMaaDa5Shn6nRfbRtSWYRaDpTqgyrsOWmazvQszXvRcvFW/Phkbv1+dNYrGtZmHnaWi3Dm6N792KmVjJ5djwuVtZDy5lEKN5ytrUfPauE8zBx6tFf7pMKxvN6CXanEW0q5sJ+b57ISJepuStLro91xpi8YzLOPRpxtpLPOVUeeTbg1LZgW9e4Fhzuk4jCu/tRPTS0v+4J2bAve7QNKIZ+ioo9KQ9Y2O3zAu3IBdyzvUlj4qTj4a1ZxL0Wj+6jmsxDIItxcgvSI69lFXW8ox3Qus2uSm8CdUvQnkI4ad2JtLrfKmkmZWWkj22ldIej5IvE5Gv67UBPujOO5XWuZR+gvZZkrYvIOMseFB3pWyfx0XY8WnJYaog7sb0juObFCB9VNJrUBbSeqMeTa5hS5mXAvKXCjarX5bHBPNLouOQRbuLuKLa5+twXKu32FkainbMFsj8o3sKcQGuhDVjlwQj62k17phBMMz6b2Hl2VPfc6ilYBDXatVhRBc71NPsvKc33oXW2REd31qa9G1NNerxWo63eood9Edyw4Kc9n2c8tqFli1+sSczm7Y2OyINaFjt9yNegN7JFtHvtpqa7NXv4UzZea6f35Fz3Ims4HrrbFIneaqLth66dq6hGdBz0hFvRTkFUDlhtX4iFi34fAr9lYJDRrtadHPGnsrfkZQfQL5yQG1Y39pGngSYqlVVaTh1a2KWqZp2o7xPTUhjvTrjapQjZhJsV6Fkfu7EaFn/ZR7i9Y8Kn2Jc3/eYMDdq8yImKKNgfoolnPT6SG3HkuiosTzZWUF1tOMf7ZRcdC60yWCCLUKitGeTdzDdnp4amUiJy9lzvE7KIvFnMcI1hwEAUWyoZcf3McX7PVVGvMEp/xP1e5Ns195jbYHmFlUWz7i7i7Prmtl/LpDww2rEXEwvTxXXUx7kCW7lRm4t679cwEE2aaCb96is9LevNbF9Zadt6p7tNXC/8kTsSN2+Q+QH490pq6SIPh/M52Zh5Uhj7PZfNMQC1pOHi3bPKxH4crsN+ZrOJ7t3MYx9xj5/CK9py6b6KDW8acd+ibdQ2TOS6vmCLwNyahWvyrH3pUlakygmQ+mZdOUmayHjuy9vQbcVNVwdoQ03C1rh9Lo7bYS/zDc7DlaLbE7J97ElHPNuZ3abiZi1c0pOdPiarSdNDUvhoi6G6zKNyg9/BIR70HT9SBcvf2XEtFXAyacEmXdfpQJfl7QSwaJAStP8p5o3axW/bjtdwah8OW0CS5S6C2g4aDnEf2J1zKGc2kESzXnq1zmu9B3u8940NeOzJq12eOX4WHydDTSq42FuKwEiJi/WD2rlr2Utg7JuTC0TfviWbfbzROeVuyFR0ZA15U9ARlRVYtJN8V3PyUR922p1BZiBXt0Nnnrubge2eP9rqnsKGpdJ4t1lvYXTmFuqW37rZG4BsyRf2KOn3Ttt4+567hit2ITeU4x8UR9iLEp2a/KTPpp/UpmLUzcPJ+mT/kDAKz6OpIsfz8LDNZmuGQmPYdd7OeKHfGly+k+x8FOjwHpz47tbboNIngVTqucMVf9OuZdipddjuF1tri0MoiALR7Ht58I+nSInbDVnSU34t51JrdpfDfYJew22MqHScJNmN3EJqtW64SRnn3RgekI/rgyORtvNAuxlTTuXKyNg3HtobajsOjz6NHh5Bos34d7DjlFuRYFQj25+NE8sOBrTNtdQdQ0/QcGnaO7nN8fjR6cb7npOvmOycDsj8OSA9OVkXG1hLXLbbPEQ7ck5yrx/bdXLdRkrxi5NbYCJLaUnLR4d+tTG6Chh5TZrgXNl6bqLfMmB95T4uMmk1VeNs3YgcTf8ot/et1lZ+qKj1fscmD4XrD/zBzpvS66xyGMmlE0+Dvdq3zslnbkb2MueaR3Fln1t0swd1PaykF2dBdG3lBtmEIqvjLoamRGmyvZKw+sEZcdFqAWvReFwemeJue5Jv3wNd29qrW20HaaZ4Vz8rYX/ykMX10O6SGXE7q/pdaprOw49ulWx6npv5Ij6ra83tkghvEqVHhvD50yMYatPwhcRih1zME830LzPlHRudPtTbDZuJqfIYLgfpxIobVS6LuUNvMZYTIbigpF+AZiGDatzGOuO61T6g0Ha2Xpcx08rzHtBTfRrIfneMbSFZwDn4y2uTcOPBbm47tKq3p42JVv7qmSc3kmYz9ysHKk0b7Wy3Nup4BaqO2njDmUipldB6TZVPsEA8bQYBsnVS6HBnNAcG7cF+RNqJc+mtlj7iRKquHHkF/OI4rkEuRqLc/A7fE0NVhdROrlXXtKZGok/zNcSAku62neomG7WtHWpMkm6MzmprMscLP85JHp3HS0lm93wXIRJyGsJXh/7mc5wqWGVZc4YlDJzjn53LIbOzhmMPxdXvbPEOjQdxb/a3lmOOWD0nhBrZvBCR7kXcahsdOitllZyrViCrde/sjwdTCzVFLNAejQkBKh5t2CiYQOehFWg8+VAO4ECZNhPwN98aj3vCwblUya8TSHxLW+arwui7coeEL9DZWyBviKZhskjkrktWLGObe+pl67DFkSpvh+vxajCxczt0y4nNIXhtbz417FrXPliWU5+zLYOwz7w3mBvUjo99hMnuOA4Gpd6W6+axKQ49gfvV4EJNrCJQHbfUpr8N8+xuKlZ8yBCG0ydz3p7m0N3QxmZYz2tM59s4NU+ZodL+5lGM1HKBXZ5pz+TUQ33vjoPM+E51IpQrzh/SmyL6B3d2I64jms3SS2XpJC47Epfy4vZowYoFcZ/G6xlf23CTcnrjbkMoxuoq1zeFsBb/4R6cFDtd9HPymBr5fgsrKPluu3Elxp5NQ7IPQ2F5Z6y1zLS/nW/IOTHcdY/mdN+c0O9dbNze23LcnEXEThjY66EHjSVioDXnHpxjG+mvjNyGNwybKkgX6XaS6HVT+WYOQctkT0HQrL15pm5B43tOAo3Nyp/Rb55wpyllQl43xtY7lkQdiFKDudWmk8qg5sfGCK/mY5zcSzGBsC3wQXFvInf044Sydje3vwWhuM70xT/eSGKE63iXXOdgONaOkNY9JrhqXbbJCe3yigZZ+UsTF/F68g6+3dHqSFjYhQ2pQXRscQ7qQ+97MtrmkT+RziLJGPPou+QC7d5cCaq7yeiydcTg7qmtp6+aLQS66OF00QVYpdw29d3bhfYo7OqFW8Qwnrh8ayj7CMk0z9/phpKgNZHAzs5vRUmiXVXB8URPBBdbprXKHSxNO2ezuR7mUzqMhse415p3qZOEtNDUxvd2t/i+knp3l7kfIWZTxNaKmPWItlC3PMeTVFzrwnR7OxxFkdaFakv1Iik59EpIR9GVr+1leCDzU5E56rPWbF1eDv7FEecDv2el0uru13kePDPuZREPtjOqls+rfLgF6l5kzw2Tl128Tq1Knn0ZeXQYJSlo+8rz4VrGyTweaGOaEotqsDShXOZaUebshEh7ihdHsNMksd0jMZ/skBmm92+4y1rU22Xue/t78PTu0lqSSc3A9JMYzwrPq558ux/q6Zy6ienON2KWbZbvtkhPQNHGdjurnIj9moYrh358S59UtaQeS6Pc0yJg/INXWvl9mIqjkMynKBMxzvSo3fPH9hhsa+wPudY9dxRgZ41nzsBPrspNu1h1a26rRjLT/fVBM7aAQWdJjW7XTGiuB6xXcbQRZMc8Kr9QaGK+GfrxZSfy+BrR1uRlt85uonDDafTh4SyFB+kNTvI58ybc69kzCVfSuj8SiIfqc6/dTpR4oYMrWL2yZUlI1wPydcqjYLMTS408ZcJ+qkL0iQofAg9olzal2+1tJeeEqtQLk5nTUvIZNuCP+CjezeLMOSfXCwzMs67UHJa93AdxFaEfyOAThkHOcSFMdRGemqRsDrJOsjlubWv8qE5ABZVpHq7Kgb0c63EIU7VlS+40sB76zROy454sZHkh7ti0PY3ny7VsSYSh0ZRMhxYVz4MLc5hIuVw93BJzBlAt0fkOmKXDUXApvYc10S8KVU9nW2Xm8NyOFei52wT0XGp2ASgP4MquzxgCnxqGJQfH2T0mxul0v+lDwKb9cu+6emyXALJPezx2tq4szKVKDlrlpfx8svorcD1l8ei1ULtKbjFjGnautHdFe46tBcMVRTr3h1KbPRSnkm48skJIFUJnuOVF6JgTLe3o/EUz8+WwuWHTdXYIn7uHNXcbxBKIsqhC7FB2RVzeVFfARxwtf402ltx1bVp1K1qPq9u0r/z9ZVbD9qBswb6YBUGBrmvYcpdRbHz9UNjNwl03FPCY4NpdnHXMaKwAocvYaGtigfKhFZbF3L8IjXrsayc909eZz8PmRNuiVyiEyW1G7extA+4CRe3xYlKY+rK9yTQ7SO+DvKqOm6BwTW17x/hKxb0yrpM8Bxo0uqIoHqfeMslifxvuZ+/EMHwfZ7NAE6cDXhDD+OBEoTdCc3IfAHP8LQjKaN3FPVqT4kG5VfsQjdWxzsUJZ4P2jEIcCJtmN3P7/5P3XzvSK82WIPhEBVBFkLyk1lrzjlrroHz6puf+669zTlXXDAbdgwZ6AxvI/DLIcDc3sZaZuxsKC5BGmpelVJQSASEpOmUVqgIh8iRhAiu7uagMWyCXo6Jv5Tfvycy0V2vcixzJKYCIyEi8V650rYG2txkReilpXpAcnM2DAZ3mhvT5RAPMzWIvoux6dRIVX7CyxiSCs/eUDhdXBkgtbCX7e8XGQvVoFa/PM8Pt91hO9JtF1iDHnR+qqUOV9uU3cU80wYAePQfKd982ZQ0XMuWY2X7Ix2WeSZt+dbUxlykT2uJg6Rvrp+Tvyu1d7IFVoPBzm3qb3rqezaiiLtEeM8KLZKznSDdZW+XhuWCmQyHoi+Th9SvWX/vFGTErrhO40Y+AthvtsDuFNYl4dJi5lRrWhBGxCL7CF7ZJnt2Cd3/3f8NlwCPsBAawem5txpvgBp3PckvNlOinNnPikfvCwQQl5IRwrPPT/agRtXC13xPfajHQseOWz7FA15UPH+wFwnnmQ7LC8tFM+FYeuFM7DpWyNPK18i8iTG2xL9dasT7Z7kb4kJXZbYk0qtifkntG9rhvS0iRBZnN85Z+tC/7z1E7XfF6OiP62ODW5QMorGb9QHJCPHRm0uMfVU6yOmjWSMBa5sqtSawA1SuMELppVIHmOCm8XnStRbC59nIag6zmua5q7KWJLPdXEnURW76vmdVl24KK8Er6diAIikJcWCBJVhw5HWf3DAe+pl/X9MANlwrZk4Q+Kqdh/P4iVMk/Dp4CwC+vnryowYgxqiDJvz5PMI0+h3pFxuWzayrqVVQ/DVFfdky6TKuBJdRWOmOuIpv84wHjbmIIhGVbwZmLXl/9UC+Yw3HCZC/0dyDfDBFQfDKhfnIP+hHoJLbcJwAN6yJcoryPnm+07a9Cp0nlCl21FH1IiDbXy12+Qb1Vu0q8fNDl/0l1DZEgb0SW4iD11ULGG8j4kJYgI2I0cUxPb/6Nz8dlI31sprVGHeWN6F7Ppatmlv56XAFeoR+lT7LHe5gUJeK0xcQV/rLJVYIsRFiiWM4Jc/L1Ck6GLImRiy8lNUJxZVXuCTAUpim25ipBIFQomZL7WU/4LwDOkO56Bgzui2dw/ARv558NGfsUJsXza0JNur6E2kmonqVcUvw9rS0XDr+/HIrvPy0NIii6Gt5LW4aGMtnKCSSfQnoXMDUG7h8TXEhexmuXel/aP1J8OTFhqsY34DMqqbQj7Xh5sEUitpNDYgoe4i/EC+Lva6pAY6h+Se0NqceEhjS5OCzA8Yj2OO82eMkWMDQHV1MWv68P5hYipKsvXgLzmfjz+Y7WJ592wrfj1cdqau4J9hdAR0/oqg/nwaSWxYX+o2AMPN951hnISgNM8YXBcn2uxAvmPHxMtVjXzj0wJ4ZThzYHYathPsCoX5a9fA8rzqonfdD1ix7R0y0PEs5XMSyOeGLDFJF+snJ53SXrnEQo29eAyMCKD8dDgMkViQSjg54waFaQ6cvmfwcMGvEyAOiddbGT3/CuySN/4ajhODzhZLYFFJjlOSVXa95ou5yauEDqvkR8KYrzvVStxX8HTj269bIBkPCkzfL6Jy5d9Y9MDbXdL4ApHPXH4B9CytPAHYJCyOMA18lo6j+ZzWyz8Il+BMMaHzZVmsNkC02hl5X6F5QEbUCqFsAEgPsTOQFW8rAPZPbuaDhSL1kv2OGMj//NJxwjR5PIsixSD+y2A5G4iNOnSz2ecDJp8PzejlQAM6f/bmjHWsOch9WOiBDETULTtU8tyxKljRMXfzytTDZpwrycHOSDKX2v7nZnjp54odqAgljgkGIQBvX42MD4SvQ3he2zl7udc71Nf6RZg9zzESVl5T+B3vda/2vOXPKQo5d/bibCdjXGiAiGQ4iZOP4B60kzF8+2T+J4CJP4BgLDYPu3fMm6AUcoKrOTAPa+mvSLz47p9QYGGAmnYYco7C0+FsMnZ7wSp3cUg9G5QtsdxWnciRMYFbaTafX0y5gokOpx7cmAAaUnpX8kDqOIcbkXYX2xuUUPybhi07ECui7rVLhQuzFJIRF6396/wUJUPPEEe8OAAUAuRFB+sqdDFi2uSIP6xAImpD9NJHLk5g5o0mLo+vhST6NsjwHaiIOmFOzys/Xp9yCO9xka7Buhh5ttoL36Y4wFUc84bi3xkFgraC+SDPDXAyongmfzR9ZX5IPsk5sPevBD7y5d8weOCXYnrRdXU5hB75h/ggafODl1fx5Dw5nYVDbf59mIUR90ZgECKOGTmyF4fNlm5+cHvK7fPkVQFf9SxyM4dwlAdpej4HuxxlOHbHQ5L4WHX94KxlUtv+QZTHgcjykOxg33XWCypQeQwpGiTzNYTPOSWxjrpzznOpySXrudrGmwBh4CfT7WjOqYw/Y//WOvqKF67Z6mefjLzVu0t0393fzv+y38W5fKo9IuTB+EX6Z2E2j+XDzUrpal1S0jzfpIWqHDjEsxg+yuTG+yYzMrSq6gXgD/1JkD6YHCDdVO7Mj6/vOobQkxwQNiYYi/Ep19IrlhSMtGBOh3w9/18EqdFCOFykew6PVQzGOB5IjvCkzczWtG3BmF+Xeba4Sm7lZUghdn+nXh6QiF+GekmgOdVtHf2dn7HH/ZsREWJvEAAJ34hV/8+UDpWYiZQV7xF2ks+gOVPe3xkoh040fuYwoekwRvXJ8D2c8Z3w1Qz1Iq76+OdC+sps7CWmxMqAm7agW3IfQveFeN0i/ARW78nuvfWedDCwUlT/7l+YUcrhG24huAIQI7ZxkJkngkzIR7pX8vNF0hun9ZDKFxyeWJcC+j7QvPeCe62Dj5rGXR32sY4zGoMmVCMHaIaFACcTl4cGpM9XyPmMeUYs749YMgHlQezR3Ry2216WA1nmm4eNqsM7Oj321GkVnKoWXanAYyxO2OnsYvy/ojUwCeQDVKCQmBWo/izndj/Xz/CMJ6kdrFn5qtrbSgENkXwyuwV1VhVNgR23fb/JWlb7H99ehJdC/gxb9WyusTTK5DAqS/qBgqu+Nz6k5CqnL/muDWPCZZ4EJ02i+I2xVutKzGJa0SJQfDH8IGb5rrMtCC6L4Ys+OHc3947BHQoms/vvTLUX1k5ufS0u9pS2QZY2bGmTnoQlbUXGYA9fDCdie1zfTxxLscTey/KM4LeLWuGWh5DSwWUUhgfA8ShzGbZ6DNLo1CHL/t8JV5dQtqa88efvO/3SH0P5EIl3/c734NOOehaANsfIu3vP2VwAYsPAQdjUNAVS8w+eD5Y761r7Hd/e3NjDKAoad5SiIs+X25hzg3fCkBazZNNulzj+sb9mwjs+tDH4AFTi4L3PGimPJw053rIOnLMhtlsvv+up/6iVNHTNJWRfsLdKxCLtJGI/O2isPEOidnrd6nbDstMR8ijEDZ0792Sh8w9Dm3duRxtByYnarfd5YrfaqLtD1Lqj3MwR2dOqhyM2kifXMzIGBBLnEXmMQ9fqoK0UCHN9gmc+3DiU45+1wO8GOipvAhb8q1Q9kv47DWo87ZHhbtFCZdnAqyEbYvlAMyD0zHmId33ffkr1KOGnnUf341b+XKkiX6OaeemD1OpVjkWcMVNfny/kzLN1wnDboziDyu42j1E9grkAAkeoSLJhoe0ix5ig6m9sE4/uAO4bZjVB3PSvMjZy/Jrn3kCiX1MFf+KH103fS/XkRYLE/ByiIRhANsIFETuvC7o12xyALVql7m3jTUpmM6ltG3bjhohynEuN0t8B0maPQZdzeK/dPhjO9pfdGRLegz6ZIk9HJVB73XjUxLCQkNRNMkVb0V6Ty7doZid4pbULDeivKvIHCA1wkKG/XBD+ujqWr0yR21kGWzd6T6oXToz2P3aIrdGukysc8yNas+6zUKzHWEzbDj5QjtyESDVV5MQhuPZw3s2UPMSwcTXLbR0LX90JLEvVc/N+zlpQkCZ2ScUqZ3oe1c79WGBvwarjJfHUU1kLkEvtUmRM+ffH/RXJARlzVeWGTMioaQrA4wfDObTu7neoUpNwhLHA2RF1oEns1/+PZPbgjkUP5w2VKKMKIsod9OefOI5wWw5vw8RA60MNsFkH3tcPA0Ixxpz6mOFPWu//JeOp2WSLlaAURSev+o81IV7BGy9Rz4TTpmaLIteVOAEk9chmsIqSibD23uivclao4N/ZTOxm5/xa+XK+uf0P+ruZcnimLUP8ME+wbIFanxHb41b53O71RKvKHxSUwtLd1oUpYVUg+Iyq+K+Bd3mjmu5ASpkWhN5gOY4n6af2/ZWOVdNu3rCkQPt+sdkTJz+ktAbF8kUR1qIqT7AAWtho+D0ttBO1+UI/5xQsZfw0nx9d5ofpC4IKPzBLHOHklxa8gTV0ein//lgXim02EP6pNuE7gXF2ozxlzr4Y+4OYwjoaLoBDIuBA4ik68D9d5xpyNHkHFLCA1OuFs5jG3VluRhJura1EE95GaCqJG6Q46rkpr42Pjnr1NqI9oPE+KYCVSNb3cTeTmGVwynj1qnF8qw4fCM1uBnjxHV5rWojvsvWTfl2nkZj91rv+hxeWyyS0CkSuoFJBZgAGYFDNvwTRrZyLl30vEOGBepZYqYrHlR+mFh5h6XrTIu08K445hJklFQiE8Qn6FjCwMrxCLpan9i2wiq/odB0QJBQJ2wZH+dy665IHyRcQhPeqlHBJsT7uwnq8xbcUGKxeynXbSG2BtwZ8oQy3d5kk7TukbLax3h4rS/5cwhkFXRvJAA0KOo4APtps3ceohkEb2VkxrjlPCfpvbLvHi/6LbZZWXfeAf18keVDQ1AUHptjH5UKV5tGakDmzp2AK3+yYFW7i8FhI8QROqZb1SFfv2prNSFFuN3JCSgpv68wR/4taqXIuvclp48J4s8TFWSH9LPZgnZ9d1O95/u409W4R6QQKeM6PApyDAiS7IiK0fgvkGELi/UKa7iDUOGaY8r+6UZfcoFQbIDaQ0UFLIacYTLAMsMfFMlGgew09Cnz3cL3WvTm1hxG/ZovaxqIkFFGJPD+1aFtUkyQATm0v31mIMmadu2Kqp0UTjzOhSG9z9FPelg0QyfLAwCMXVci3WDhMsGbpWZrENCDSniQEsBgTLWse7lBNRj/LqPUlDdaGDO2NAoSrNL+BJ50PiOPnvig5WX81R6XF3ZATO7kEUEPONsA88/ey8xVg3JmN01hgQl9wfNP6MWORLnO8ApbMoPjX0f5RLcWD7ktHOjE87dzvISVGF4Jax6z/u/dZp39zamicn8xmeUEeQkryhiV00kEL2REeYXnpe9yuVUYYrUamyhvrBxoZyxhdOF7AGb+eJcPYfqUEyVVH6+QXVLUngRq9ijiYh5B30h9B/JE7+2I+fz8kHG4z7Gjc2kDupnqn5E/yiKHDBngqMsbEpahc1zwR8rXdw/RxqmHRzO9gZcC4FFUO03wzomQOMUQu4GRfJVpLcuzXeWPqh9mzeH4KC/1XICUt+ogwDX+zn/CD8uGGFUrj4VBi6Ha7oF2NdBc7N6MiVr7U8QTAoeOQm/uxcjbvVtsdlrLcDx0Mf+ISpIH4Yy/c7eUHjeolPZfhqYRSLFZfFS4ql61b6INuEmvZ31EGGkM85BNt4csTeOvz9IoO6Nbrwq+vSH2ITqx3ufBH/6z/ElQR87bzzENVXDatJ83PSVtMHknJ34hvGJF+TMPRrVblqllfAF4/prlAc2BKQTT+d+kDJGHOlfP9bbhVMoNkYEaWYmXbh5WXZ7q+g4P2W+5HDQdkqlOO6Fyy4VZjTgdUy/fKeqbZCEGjylXagbxhN8VIcekfWmvefXZ5cKdRWvZtl55CBl1doHERUlrJ590RSnD2vxS5j15UOvCRIZUycr/v5ldpkvp+v3PGgG2WNZND+TuwBVRo6Tb9oj2xZ8rtNUyL3o/k0N3JUKFHuIMpm0ZW+yqnmWd0gOLl95S0zBjhjfyVrmECXl+SoZhmcppuKDL1V8lW2xaZPkpmHZ5BcwNsX8BKE4f4VV4UV6heE6cd+Fcw6zf7YZkUClJ+og4lzQCIbb2ebD6NPhgQLbjLN79OVT+JK/kQU/8KXZSufPMwFiwmsmWN3gjCkh+DLDWru+bykr3XOf8Fwms5slp6njgyv8Hc/S5o29Iw9in8FqMkhITIkruyb0AWqBC7paKHdSl19vXMVg2boBFWvkdY6jrthW5+DttHlrm5TW3LyyRz9gBw1jk6O0Q4fu7VxpaCRf17XSKuV3d7/iS1TEuucQdc2mhs5CMtpBXTw7GjYoQFqIJjg4mnhcd0tGVkKw4+duPtg1u+Z9DFM26ru5Q0SSPOUvZhhOhrtGE1rldZoa1pTyfCh7sL6fTrTVEYqxvGTH+9xfgJ/rr3h2f83s8u1gkqnUMnH3XsqNgYAes43JGLLkybZXfM2/auiAoAde4b5X4uQvr0Cc/8xHAXJYWtdKNso4Wl2wMDzF10Q3/esXZvdr+J1jDFKzaz/45oP9mys7sCXjXMvyHgOfycp5E0ExzMt1H+aN8B0Cp3+Fj2n8JrD7OKyW3o4MrUWMD51s2oxkX2LURwzAxHd0Fh3aOhGeClhv3iXf+fgL2FhC9/ewQEwjChgswX+T8L+Lyx6C98jpB5nLirTL5680q3U37BS0KxHX/K0XuOHURVioaeseL/Jmm3VNRahqo5PzbM6kECQmeBYB/M4XsZIRFW3Tk5ObpL9t2Gr4cnE/+Qaw8/syeZjrDoMGQNzyvir5oqIzlEfH72DbGzMnEZ2Z9YI9HEDAtomRObMDDoQM/6potf5ODSTQvZF4RhD53OwJ/vdi7Piq4uFzGI2x3ttiuspX+8ft+ESkPwLNEHNoI/6Wl9zwo2efUpmnxRoR5mvF9sJryOzUnRJ7Vo5BUJ+vqT4fOWirEfr2C9e2FOgfnn+Ukta+tK+8mHwTy8gvJpvDK1KW3J4ab/8w8L0hHbN1Pt49PhB21UiYfbiCR3ybkR+BUX1qBuHPlYrPUO9L1cANTTnLUXZJ7TRHvhSIDSrmrjR0sF6WFhfE42wFTxlFryP+MoiwXRsU8kG9DOHDe4Xuf6hWqfrRmigoe21JOYX4pYvWgojVLzhOYjQ/J8Bq8xwB/Px8zk6NbZEPfKkvsitlvZr2g316yk9uWAF1dz+vFPcHgroi29NeuIUCR9YN1eLxxTZzankG0wVzwExY6K55Sp+Xi9arQ6ca3IdD+fw28jTamZZcWN2nn6wQLyM88ITe4l7eRYx+mSfz+S5/PC9oBuKMTwanROFl3r0iSPlJ4jFjMKXaAz6I9nYVNFktXQNX27xj3wa1oxOQU6nvQ+166BsFygqpPMyASccXwm9HjYOm51rDGvRPXXm+CUc/OtJ6qRaFrLFmZxz8+DBz4lO8O6Zlsqh9WphnkQxYITkqUGu6+eSVcUTzPViPz1iM588QmSgJokhdj8ZXAOiUko0/XIY+XhJq8cK5/kgP1O7j0BTOK/GYQOhiH5mUOfI4gOUfTTPcglBCRyenZke8Zf/VX/Tek1/guslr11dsqNLcVEvdxukyy2fo+8WF5vsxkM4TN+YK8XD2mDSUZMNYI5XpbnVgWnIvh69z+SlLfaPjJsg2p7w43gf9U+nH5q6oWZQX6N4WKSV2+C1LTlsBGeRYXVEbnIJouDTig4CFu+vhQntM+96duc0AKCdSfhzmP747gBR7MUUUfQmG7AiU4tYjT5hw06N4xQGGNvQZJ5A/vZsLg2tCFhIbXDtNz4eJbnAjWABlOY9HxwkwszAL7sTnNztHml1fNMR8jA1v8e4a1FqeBqLGptVZyasJMazliGDOjf36pTfY0CCVb/xZZ0TM0sxthuJUNKhhPZupNb1Ew6RVCWzdHNDznC8CrMUw6qKaYLhl7aU6nKDFFuLZI1goQU63z3EAr86DxYULd7uTRFNg5jM8O05JDK4pan6DlF8bG2z45UAmCOxDR1Ynz9OHb2pqEdPnlqjoB5dKn/kCfjc5aYzXzqcpof7DQc8wK2wQAmgNC+Lflu/DFt5NLWgKmUFcas/EPuexAgD+b9hFfVy8gfzbbNVNr+NLNzUz7+Jjfm1Wdgf5hfofXHIgEDCDTHlZt74Cz8mF6A24SRITJ8F+bL+JqtR8huBs5NqSXNwuygtLg/QxcSf6ybPR/f4WmTi/1pSs7R4td9FbvEVb4ixyI2f9PvBDBvX3W9x3PRZnHvweGVsDlIVet2dqi+G21vPVLiNOVxzlVMGx9qeJeNxlwKEnvodQeMqR6QNziwJKVXwZXLDB5gbWYCYBd15hZD/N9reICYLPjicnO8QDEBs/fDL6yMlgZI49x9sWl3nzq1RlMIdTBq8kraV+9FOUC4/OgOd83mtVz8pOy7OmT0LZl4c5jMcQQaV1UezlTuHx0BmwXGxXOpHjYgSjt4E045pJEBJGp6VWDf2rR8uartz/sTJLCzFBOLaZgdUjYovCwq/XDx856SkRsgIE9buaXpa53mlC1HZgD7gjLLUhjhQrcPjXJCaUN4qhHWH6PhC3PurE6ok+JihF/mo64GARTxkzXfXLRMvrXYH8gFsdjRASt7j7gnybzXOjP7g1eyGUU82M0u1iVFOMmvG5L5ZNu15XWUG5xJoibkPSDEkCgborl5+ua0hROvL5QXZiNr/IG47CNWEFD3qHzU5h5i7UwYTxTQsYJMxa/01KRJKoK9qJl18EUjPL0sob64jKhOxPlMxOwyR1S50u7FV9Q2qTc3yRy8h5eXqiH35OK+1VyarRQuzc8ZR94rT1cVbFIOWahO1S4V1TqCV8vtf1l1xfGkJdI64TOGNVt6MsS1uLFfVNgb53msk+FzzJA23V8SDbtPrjdLSpanOL18QlqsGmBitCyCCuGJT/sbYp4AU63wWZ9pPloiWsu83l6WpMl4paXVMM9qbJp90Sduw3jqu/QvXM1CKbHWr4W7MqJqDnbzrhNCxZr5STpuevvjTJXpLdnxWFexEqB15TweFGm51o7ld/flCwoOwaKwzGvXyxCwwjLFDRBat50oOKFpi95T7YFV+aFGlyoi5IeL1eIDFMBKoU3GZQQmsi54eZXyv1I9sYwOP8NwXOVkmZ5mz8p+tpf7SOnpM0T8m+hu0N/t+uRSUQiVOB1ydRgxW/OQERlumptVz7OzZQ+OUkIMp4RWl1I6dAYNAEHDPbeUd0F43cJqfV1YBH58WPE8sxZltqFIfPwAFPVPSDNuYYjyNV33JUsMHsF4syTepp6jZVnCm8aQxAMH1+cF1ZKWlTfhieRCuD4maFX0LUTMxEObSmNTAXKtSfH97V1+Ufkp21CHbW/O4jsA8lDooxNJZP+4M73uWnk5LnvXTYAeZgwrfq9deWzbofxqZpm4fMyCrXfzrvH/VQ24z2NB8oYsen8y06tsSLohRpPwvz5e7mGNgSFsFq0Acc8p3IjiQWffV/UKyDsghXsuRLt9yTjb9Rvy5ybJuO9jFOAadsFjG4x52CpNMJslayYpRlJLUURBhlFTHMimXI4pkcItscq6KhD8E91wtaEkFMMbtrQ1A63pxDMk9P5B+JvHeh3/TfsMB6VlbX4E96VZmObkTdhW90jx0UbRQrdIkKW7lWWwVo4X/HcnQhBd9FesmXd1kU+47GyQnXjnmCH+WBysIEoR67YWg1OhL+sxmscxxT0m9XZiM426+pFkEqxOTj7gnX6DJB926QD9aIkwk+JL9LNHHIVrflkioYILeIROPcINKQbWPSQtKqXdji6dfn07JlfXk/sJyeOohqwBreGwHU2/u0QCMqbNXil5ZnCKu5Q4FrqejLxv6DEYluBLWuCGTcVI5F8D3P+Rl0ji86jK64v52c/ULW0+DIIL+ENP0EqK502ykaPq6MjRkYtfEsDO6ikYm5eYwDQkBJ2e9u9UDx6qQulBy/F2biKDh5TbXG6wMm7SRFUQ+pg5AvQRmBsqh/Za9JdS5g6fuZQS4dHCCl6JcWfri1k6vqf7R++b/gZDCO4//1LPsX/Z8OBn/+FweDP/93HQz+/H9o5/L//TH2//saufz/2knmzv7b3xUGzTT+t75J12S9/1s5rf9te/nP2vzu/8ccQ/+/QLP++03E//2KhP9Zrf7/e+D8g/y/4sA5AX7Xw38OnNMN+Rf/wUF0HulZC6ZlC9IqT5QP0GPqBZSUIw2+f+aRR3TB2P8chup+HMXNk5vTxRwWAItHjNZRniJ3NO3hWtNUw4+2LX/7UotUDRsdK3C0qZQUqNQf13rJtp2peu8Ws8TsK4oeJfCaIBuDmsPIAphquD06UDwFxYs/xoisVIJ1ZYRvU+lXMzSXm4fOfCcj8gzFL8yFaPKGY43kUXSPmzBahJkadMYnbQbjn2OwgEUFnuGftXBSHbXLXTszOV3yNiXScL5GFX/SjEFa6aMdOr9rdfOOtWMoyn5Rl/f1ozC63TlsnIuJvlCdN+rJSj4dqx21UNVcoRpIMufMrk0N2yfE0xGvovmcuJ8QXGWNQbIm063JjXPN4EhuDHJizcubfp9Wxh4+XnX7UjWYlwaQSRtbCu9wEJP5+wG1vU+yuboYCcd8errGWbHYjIKYv7RyqKfq4gsJHH4xnDOTal9ScQ6D2u0q631oqskeAOu86fR7zhNNV9SEqSxhNWzwjry+p/bqBz7tO7YBgQy1Nf6zZ6qlyecx2NvaTOhIPCptBfHlJ/lTaenNgiSCYwqrLmOWx1nnibMukrwYLgfHigJ5BPsL2iuK6fUl6PNDtUrnAhTzAD143Hx7uKhqavvRJxdLo6mSeHmpvv3IZOV9Lk+kan2y0dm5kjf0ZZhZvVKTzxKxHcUqM1Fits+TnbPy7yoC4Sxefhu7H37wR3trt81Gs0ejpSRGLotQiIUVS7x/okiXvhGAfU7ga20s7ORNfPVGju8T5ixmvGkRoRjOfuSI+Ug0fhtnEgOUKueQXDFnRTEd1XzPXhgF05A6DX2wllI/GMiaSjtHYfietUMRMKYCdpZpy9c3G/g1WQtxARa2qfjDjJK/YvUXEy5MGeHPiRiqsWt7JML6lfIB2ExnCpylSfKiEwjNwnN/MhR7gE2jNYPJm7pd+oOBZe0JBiowZ6j/tm5KmWxaDl6x0ca5ju3EsH0Vr/cQP90rrdJlEkq4cVmuH4m7BPKMtjGlypBGb5q8r2vA5JXl8IAb0LUaHw2ik5UcFXodyQUJzC82xi88MVuFrNaBqbCLJ47qwJ7fTgaaB0ZHLpckHh1N/DY/jLjk1A3sl1/dp3IjRh6zJNnCdJvpxswJyXWcQlvtaMbiiAbVI1ZIlWddqWIz/5Wg0LsdOda6OPsHVBP45wL1EArX0Z2u5CLptwOq1+3qr1GL4Z8e/eYEeSpa0vF09g9RwF4UCUWRj+NztmEUxkuvXo1lzpwsJf1VrCJQm8Tnw8BYfwNVT48ajatrTvvjzTBmnBFYW5pkuRDzhY4SBYp2B4n4ZZS9n9SBVd+uEjmHpVkq9dtTjznRIAiq2ejTq2zlFIdT+ATUiFD6cnL8KbAOKALT1LZTzV51n5Mjb7bMOTOcqJqgvppE1Yw1VJKY81ROc+1FKZcdn/ZrtSXjeU1nWR3j9UBCUiUFkbNZ3GJ5i5UhEepJK9FcH+G5haBj8IElGY69haPjsKX2ecuHvUSHsmECCepFrxfW/jInxGcwTZA8kzPIl09ghv0y+pcfIWWcXNx7OZqmRadhXfSSiEGgGgNDBG3jN0pcUQEm+RHiR7yfmL8M7ICl3TVoTrgRUa5xtyLemXB7HIqgh7I1ysopKbhof2XVljUodbNrUQOQXodnB1V1Slc7rTBMynGwJBMv+6pZlTE36TqrEEPLlzvXgvzGA7s2Ku4gNi5q50sKOT1z96sKGwHhfMKlz6HzqkSmdse4h+xi1L6bZgmBKtFRchlNAImFquI2+SFMuc2QmAIcXS4sJqv7D9DBztvjg2jZs5lve5SNbOFvXOz8rfpBn32FbxVlg0+5dnbTqnxtyEaTJJ33id1fry6KnU3k3R8fI+zJwgfpexUctnPCG6TUfPMG5WQn/fuqRvfrYH4jVmjM0jIl39GHWdN7oxKq06s+GDHvfN0e+qVOMoxjQpGzeLkT00fKaU1ZnXgKby0684MU9Qp7XoK8w/ZHUKqK1r7pCi+9B0Opuhlxto9ycF6/NL7CQ6HSi4nfxOtwt6Lyzeb0RW1gg90dF+GoNJYfXWBDIB99lCmbij7UFpDz7CI0YncHKV2fZFEIOCBQSoYDeWmS5UzWeWmChYY93JdKz9fdDQ5U/7P8/EWGvS/iV6ygCxpjuFv0uQZRUIlgYMjKPZj8lJe79IDHbAqC/5DTuoRGX5CBCgNUm6Rf+USGeiWFeouE1kl0+rNg8zoOuQZ/hnaDVKR6gYSTf9nENlMew3ZBznHfUkPj5yhgd+kOIWsg/MIAovDg+aX5PJJaAQviVBhD90Uex0i8Z+KOkMzZ/hvgjpmgOA0b+jdDtVj49OOQGd9gnOlikEkxXfOi0b/yMQEfVYVftpzMh6kEtkpnut60oYIFVvX0+Bp2rTmfg9m7+LY3WEggO2n1xUSvJhWyLFrbeNfGzz4N56sd8uEN+YnOcf8d9iTy57F4pZYY8a8fBAj9Prb42KgGEef6KGQ80YnBt7eK23HenY0bMuklw77+XYUXyM3pO+4gKONYSy5mtZZtWK7CbZNsZOsP2ADmIDfItf/E5HzWMn/nrNtb3C8ewrrRYSbw7w5S/1cXhGHEdV79SHBhzNc/Io+E0S/AKwEk7psG1R/PWK1PKcpQRkc43Fa6UXcf2Z19w8y+y1OLRvI5j92ms5K/g32+wACKdvnK61r8Wlh9cvV33qAGHODm/Kk1zMMBeqKDa8cx/EYRtPgSInSbcvTJxfVbFDKxP/dh2D3GhReyl/CjH8DXkRB+moWKIltpAUW90AcUcPD1qx4RiWHl5+U6YOZoiIFbDVoAkOUSN8/HYqFKX6gtYkZLCukak6fK4mkFkpJqDNg3cvtnarKunxRrsxQ5uzC8LRVe3UKqbp1BreamlfjGmMYXYhLn1AItDngKZypCQ+u/EoImjVJT1j9j5L+X6Shfj2hTRwrtNOahxBxsAzGLuvxxOAS2F/VfLYnOaW79QAvjIRXADUH0A8xw1xUMPVqZiI52veNJPqgXIejyq1wAnl2KCJK7rYmwd1t+U/ZRlPiHJPEjT/8qOsjbkw/xBvabGF78sMOodU1MeT0O8OnX1daRD3mhwwx3+WjioOLbWpwhyhCG/IZZ+ELTZkSDaMadYVQI2EVhCZkpZCiSwJ+r5yrDdjz8cAYLseEQeY21kHvx9OmvwYLjj3J3q6ETfIgJ/6Q+rmxMx+eDxn2AWGFclsNuxNtTd05NtQhji7Uq8M+LVonP6qguBzZcNeV6m6a0EO3LTT4wGqv4XZo4QVbhwMDRUchR2QHfq1rjWReIuEorzN9XCatlXBziJm+N/XGKn1N9Ax4USvaQdr5r8Dr4cRUJ8lTX6qcwv/to/NXykjrbFfQhwAZi2sw9T7EjpRln//3XYj/78vLHYPv1O5mWYRh1+NXb6tqtivMgR5R8cSI1zQeeSRH+Jhvut+Mu4GKxy2BJjjkVnhOFZQtULekkNH8YlgZmK4PDGh186GBDWlyqo3YMz8hvUwDFabEmfDrgWZz2AEDhof4JjlFnQBFNqbvld/+CFxzlz28sD0Kf7QPW8ZgYDRf/YTuCH+zvyQPBz/w0EXcmPx7SILfwSMsRmMccJuVn/TolsJsFcKCAfAEQ/EH2PBkOFOT64dLHyqApJoHdTgISRwt/9fQIQhKvYsEiujrjaugrkWWHfsncbbvM2OzPbcI2hhh+/W3F+/e6iCnUKQye3RDWmwzKL6Qs1hu+ErRHBDI44KCE2J+d+ervo85uzxv8DMXm50MU5qyT8UFv398orqGe4B9ENdESAHTTfUQ7f5HB/RVE9grlH2i8SvcqPudGKCZkad5gD+KwYJ9QILccHOLmyVcu+GbhYrvFq/srEgOG3gCxDC+qWMi/S7UKEgXpws1LT7fY0erGkdBbP7/0N84deaTZ5weQT3mnz/Md8AKNeRyUITEXr0FRxxNni+zZNcqBJj8mbkPGERW4aq5AG0gvd9oCANi4hQmCc/EPCswE680EwuVx38h1/G2kyVKWlpvY9XeLCShekd1hVwmoAPYgvgKipvTfbG9LdCRhF/NMEpBJ56AX0gwS/ZqPBey7SQ4Eytv6X9suGXxFsxbHKiIR/861GyMJ/M/lot98lP4cbvfAQOcGEQbaZq83WX4meK8nvTuorj55jW2tnraosM9Yi9upGMsNiqkUaN1Dm2bn0hcYsCecZ6Bjj236pBczYiQhiilFPFtVYtnGkJaS+pnjLBan6D3Dh7g5J4qGbG29gNevlqlJ0dbJier4CRzCYKRItNHYbNdv7BBdcRaU9oyO8SGjxqSJA/oR4+n+TG+tADrrxtyDV4yt8gj+y7jKr7bG2UlRfONRFB31r1d0ZBP8yRoS345yvtZddm5TBNqjwD6iwdsLAT6pf/4jCnbG0pD+xaFdS2L9S4XPY4wVKQ18lyJybwzv7wPc5wJ3SA2NGWP9y0R7NR05cn2qshDyjh0KVltr1xjAf5mGqiT2umMh+nqdLfyPt8pd3P5vOh+43cdwiFNriFtrYPD8L0P7PRd4TA0+j3T/++3M//gGW/CfCJXnd0xzimBVNtiDMfBNivqgT0Lz78//9///PRp7jofonWcN5SL1VW9yz+5PHQtkEzsfIK8jF/ohbohLbalDqqb//B7mv/dymPvi/dwrjykX7dNoiCMdtX/LOkLIn4r4WBJEh+Zgp3pLyn9+D1W967G9z3xjQfuP4znz8CXXwyvfm+yim+xTwf/FwQfKbjAm7n83pndNqf/t3AqBP9WHe9eMaMz//B7ib97t7MShfqSiDyUBufvBZ85Z7DYZ8v09Hoxe7jPkdUEhkPvHT4ce+j95D5si8JkN/pMh/ZG2GPzvd3Tv+0P6fr/nAd/xf/J85L3PpsgFv7+D5y+dtQgV/Vu/NxL+x3Fg/1FD/tGSf30Teb+xHujS32zMlvv3G9xXe4BUo//9G/r+P8njfQOks+fxrzHG/2WM/2mNTeFv/b+e0GNxcEW20IN1/GfObYdq73visJ7f91hJWPcpX3NJAPfpqP+vR/SncX/SE8jbQ+k6QkCU19x/v+eV+XVkvX5Ggd7/V7n+5+/q/8t3GawHVuif7+jpuRD8LfBe2bzy+9cK/pfZ2a0x6nA0zH2EWv91tP/BVj3Ev9TnvzzNvLr9zG9Yl5c40P8nHQK+ynjxRPyOpvDsOhf+ZtpSl/5Mp9ZOf3fGG+7fzxCQ5P/6if8iQWAfXwuV+3fVXznZR4qAOPmvFfr9/WtDPWobvXryejx2Zl8Nft9F3r7wBkz2f8zincH/yhP92xOex59P6mXOfiX3fvofHyr8+VTwKVCZ8+UboiiOohzPpn2xonEZ1Qvblns8TnHiLvhz4/il7qt4zXHJ2io1piJJsGiHUhPmpFSa/a79qLlbxUw5uiUSxJYgwuSo59smPMSvK7Zl4vv5Rcyyai22e+TLfrTRhf7OX+X/IFvwEwEuFeDewdQMiCNvoOEkC9xQarWEAmXDh+Jo5v3zf/x7yRTUoUQl+BwnvaHo7081JdH7Pwfd+OefK0H4skRcqZXO+v2A9M/D4OOaNWxm+UPwMqKFigTPVzbHHS/MzsYc/T1t/Tz/HqP5fEDuQlnNvVnZ5oV04csb8QdLSpQFd5Dy5G/8I5BZ8++H0CME3I3My1HCZutFWF8wc9XJWo34ZyQ841Gm8lV47K5Pihsa4YQ0VJWO1p0hMqeuqByG0TQvnyT1vCQRFBx84x2UNtd/tliuYKMsP4NzCPzN/SMDSqM/oic073JRVgNZO7t8u9nH7UeDfuY3uFJ3Ta2meKCwPVjwPIbeT/eN2FfMlU9xnV7UDwe3ks0wFe0+Twbr8+eLl6RoeSc467+qHZj1U9IyrGNZg3GS8S6JqSZH1M8SZREcXAfQDJv7D5raPd1gcyA+xRJ8fqAsQZ+ZaPzkTPlW55/si/P91jLuYqmmGdpqJor7KZH/BZuTSMdv2pnbaXeDUSltYcv9HNT6c61QKmiGtfRK7PL8+IOnkZVxd0VAl2rdBzV9TK+tj3UXRgfxYYmJ1HSL/VmorGrjTqpIYa0i3tXQmIxm3WOjdr9f/nZv6/oDT8ndXDyV0TnrEJFVSZRMbfXKIUnF1YzkeFQSjJplPMLveV4gb0x7zu9JcIqZDWKhxFFgfAYYX7EFs4lZiTRQo246EKw63c/9Jt9xgVUvqLzP+AUn7vQ+du+197aPB3SeleyK/owW1AsesJFNVgybdfrFCYAlO/B1uBlNMcI5Voj+lepIe8dJX2Cc2Jk0RU1PXUeNCzjTdHsiuWwV74EjxKK+DY+n9BLF0L6lSl/Ya0opo2hdkiRldHeRD4RJ4CP4qJFqTdxt57Yb2FnjSRJDqJ3gmwxn1RbjGNPSp2nu3sCvvTY3e8cAy2mmwGm+K0jHVTT1ysCqHgiqpJhxKs5YTPEhQM7xdVWK3/cyQ5u/d5lgNnlf7XRO/0pcoyZqa1dwGRgrCRWtumxzPb74GmSnzEMxqJb7o1/CuOfSs+ett+N68bPDs4Fci/6gaUouLMQ1tWJN6FIv0xbYRmQp3FJlyKguKEyU/A1JrCIC3yJRqpTgE/2u2smdXAYDOlBj0oZTPeL9RgtRBxj9LT7Nqa/eiv3vslWPAthmZha/c+C/Q/WQjpC6QkNMbtVSCK4M6fIZchTLey3sdWOvKC6dgrhTSRmnsfbe9F8vWYyS0r5/pyx2TsvXtyuIhFuiPkuvtnpyRBHrtIWoIlYcxIwJ8AAYuDGc53n4t2Gpx1QqzIQW4Dei991RfO6pimbUqq7UC4mgKaEmMad51t+vwab+rvsA+zZUY65zAO9dhmGOmWTbkHr9hkX7aJTki+KR1Iwa5ZFugx/lm5/hSWW9Zlr1lXoiSd0sdCTOtLrGzTRRUvL5Gt11M9y3Gs5sHjNIwDUepzZEPF9NvY2t7rmKrbJIylXNl5MzXZ7SryP6Q+31RtxJU9VMNJ7sXYzvtChN+jBKVUTrga6Iu7zCMfqi+Lx+7lX7TpJBVZ03e7CFPjXhKNAYtnu9/MDJEpgiO8xfsJP55qlE9cqAVBy66qZQcV3EeRb4y8ILK706QlNhXdLOElkLp1OWw95+qtkujSY9pdBlpeS3EDkxS/Tl5FP0qyvfsw7mCS0Yrc5RK6C/koH+flzBsLZhqVyjwl/C06lXNR9B9UZYimmDEof8mbBH8pmSMnCQOdjOmbPkmTZczWwhMk4CWxeXjI6EgXGYY3iiso9IxuI1//N31RyIRpGO79MkL0UeVq+WbXv8hOka7pds3NTZUK/06lcGHV+plZxs66JSn2GlZkt9o4Qmk/TPxbSneGY5m2iKOx0LhpCo8WbhtUSQ9C5WXyEfnwte3w2U2oE0V0yrpEPv1NGqmsLostPjF0mskaRQeIftMpM5zBYGqKrplkAdnXTLY24HyROP4HqXxbA4ytNAhBFajver2rCA116BGsv3j590lPpMZVOxBg4WbuUvoJMY2ST9b+onil6Z4CATvFBg6mQ4phYmfaO8WYxXww9bloutL7VQhQ37+enRE/eyRjtaT7ZWTpd5rRSB66ltjPsUI0YoboU6zLhz89VhKY5Z5e3i7YC3RI9htu1vE9PWqur2LaiFs9jo1d7fpmivenXa6yXv93OSTjMMdSuRaSl0DrxVPsDiY2/tqT38VV1C7vBVpbFvTCd8dZHijkoXq/YqShJqWmZDCxpstlJlmmaDu6gwzpJeMYlyggWqpKozS9NTbbH3XvuqlxFAJ17XbaV9lFCOpQIsta/m2EJP4G4LbXGgyvuO6TDxV9EJ6+YqKoqhF9719IuCVGpe78WEMy7vVEm8qYrjmFvYWXvhldTWqUDNfyYyma/gJEewVx4kS+RUTpV04zOY5TIgX0M2XUyUOE5Pe0SWnlcKJ6jJbL8iziiLeedcrTccVe4EuRCr4ikM1DZWyUfeUJlCKEvS3qc7XZigxbhfRCfGeyTP4VCxayBng/vGyzcCWFStxs02Bsr4YblZE14XOTlvVAxt6xjCbahUFkl5NHlXG2Fc9to8BPeC3wFkizaXAlLdk1WY5T7aF8+sye5dd/+HHen6Dc7BXeNaI1u2wnF00X9pZZyx13ecZPApECujbCoaN/hLlgnubzaCNIpNTxUB9twgSzX8IucNHkppjq+5764MplmamT+lGxX7AOnlNWt1oo8VZovjOPHEBlRdGVgZiMJRf592d+wienf3cvzcp4b9BORHdYxk1dB2fWKZfWNvMHTUG6eT8xUYtQiMCwAglNLX8k5cYt8FNw60jWjeq2pNwhhi3BJzgyFX0p7kF/az+IZubqDnLnq9FoH6wLcstzGedCSB3HCQH5wiKledzY79h5jVluHq7kBR3B+18vrAQvLafURX9NxGBgY5y7s8HpsosSVPZq1GRoRqCTPxJ806pU0bMJnlFE/giK5WCpU+oe/SrsNonA5yW9cTb6j3a3RYzpcXEjOcXCsvYXFnGFQhQPDFt8XuL/ONgARF0C+cA47CBNtD9Er4ZDwIrsoYhZPpvZPbKTYPW2T+Bv39uh8GZ/uXKEsOXf4yZQtC5xCjn+29c5veyPiGllZ/IhrxwqobupPa7IJ+NOwpkfjUQv4qTLElxcCEzVo4rYqTBWoerfUl3TtdqZ00L6U+ZH1lZl8Fwu4Ey6gEM6Do/i1Mxb0OPqgCWvi9CD/ClaX36ooTaZ4K2+2WOyi2O8YQ3OH3i8p4M5yuql5OQDN2pcicrCoxUbc2udof7cWPZOBwsU69iDM69cHblWp7WcylWfL3RSfGMzg/mni1sgV+og3U/4Op71h2XNmV/Zo3pzdDeiN6kaKZ0Ynee379ZWn1PvFmHQr1UlkgE0igvIz2mHbuP64kArT01hGG+qG3UlB1Jjeecbnj1gs+O2E3yAb3BqQwnv9sZhquslfj0ysWwCMdj4WRayfeRnussXix288iUCyZZMA+whJ2MR5cwuIvOwmRZmUfP3JTcglDrVV5ez89zMkz+Y1IYtclysqsMYf0RjYRr2R1/Ie1HA/T4ONhD+bbxnpIn5pno7RAF/Tnl9LQ+3D2zKQ++zLUmLzfN96M3R+V448+5DpLJfJ+mb68jSm2xGXM80FvtzJSJYyox49B+K6KzbFOUQ7XZCC57+CkANy7PwsNm3+ojxHGntqDLNF3R/u73Bt0dB8j9Oz8Y6nNwnzDDp9oIa1/FY3VHz9Ou4pl8Y5lF2v8YiuhWiTBLaf+l7MA/VjcCqkc6p10+HK8pXJAjnf4rAlQ7cUlDW4zcaj2lSgbY3fO3bXZCpevCtqLI9RlQGFJIqZBpSTp38E3YqtgqDs8pVrdbMu0CpIzksWS2OYJ96Cv8mE8+zltBhjAFwwA44bJd/LQ1gWMyX00tUVnZ4/HxT9Lcp6uJEc1ltsXe88b1eiFxrxRGDJVYR6CItg7pkBPfbz4VWFehM3aA7U/hwmSxvcDD3eAGVB8lQi2TdtxpvuJKVdNUIq3HwV2P5b5e2tKXK3BGwiR8vnm+2st1ZS/v2qHftyX59VfFCGzxe8hP7G9U7wf/xOMCyo4QeoI/EaMpitcr9Ug5RJhQg4wx2bBLwvLP5CzFSQ/NFOGqkkLD9v2UtiMEmsDAEJB5ZDPA+ywBbVqIJXGWEUIgU/Q83uZ8M8/bg+WQJ7OX9uCZwydhMmmFsNJfuWjiMpvxJ6UrpX6hQSpADUpz7T5rpxgJbMLDyK3XAYfjA//VQD/bVyBNwT/7Y+yj9RKZ4vriBUFB/hg72fxXyZislZaqREB1l6jtP4KtvAx6eEMzVDjgn7xi0iyjbxmmgCayVyCHEyhWZUJ9m+FeZnGyrYWnXGthpb+KVN8BLutESKYOfm93bSVrU/pAfz7sAARujhkJ6L37uz5eq9rX+n8oCEOwD8K3pBRklzVLbUTEgw59vi/OAyaeuL57u0EDXchY9KBppW/mANOdZFTtAx/yyEUl930UcKHDy4PALN0B3qt/bOi3UG3b7eY8eblbh8+OOUKjpJmzbaDeRP+TQtefD1ooD/I6dUBEeeApByUhA1D9YMKmqWJq+Az/nA/zv11Or++WGdj2OL70ubNbiEh299IpqXPBb7W25/ahaZOYsJe/tEBHNalrEtyGPdg79RJa5XENS/v9nSLK3XoowpWZQPSQWfKFvrdlptWyEg+uubaXj9BrXlHo/ke6A6g6fqBgG3YDNqyLGcxU6BC17TqEGonzl8a2r4h3knHKUbawp1g1+bU0DOM2ZlvOU7fuHwn4PStG+QufaKHuzPRg1/70xzH5zp+oJCrys25xySOBnmtRceI0g/lPPB74AFp5nadUpqJaIRO97A25lUKFb3udrQ3/okdhVbizXonS3uBUNz8+uop2wj1Wwbxh2BBKHiso1okluoyY9CbxjcMz7dCR4ukDVOEOWlFqPs0yS2DNJx5t0URc6rkzhn/47rnc+IoZXHqHAid2dn7xcVEldDi2hNWg3hr0JgAe7/XJ8iMfQhvzllWrXeTZbwrGoqHiW5Hc+Uvqlmc4us7H4/UpRfpfuohYaCOFG93LhGy61ZRcJFqpbEXUTyen//QoYBx4pkGeZVi0QEN+aGwH8sTcvWMS4VLkQz6mvOioNcULTWLiOnheeN/vFn7Og1jjni6B9fEpO3C1ePSFq8Bic9hWkHbKgpQyELHc13qhwJOVtgizFJS0Ih/TdsD+vME4soXBXMP+38z6GtLdzsRPngbVvO9IMCkPNDU19+GoNJZI7+imenF383gFscW8YBpoJM71BhE0RL1WQiCfCMmpQtX4WOGIHx4osP7LSI93n4uPO8WhIgAyUJb7qOSv1fw72b/hMNakuP88X/ZRrZQjwcjePjj20vV1lI0SfNQh77Xq0kKJDF6b/0Qb3hbWP4l2RLE5X2ABOCtDpGyv3NEZ1IPz3l3Z7vb0JYHtrWzmFq3jwd0AeED2r0+L9/cNnG2Vj7xCY5A/IVLjuUtzV7mn6xlx24yGko2CBFGix+wmHQ5WcEMU7eyer2L9Sq4AYDjpMB/RA1tur2ztE19V+IY2MoDuG77DZfi59QFr0ypMYXVgdnNdsG6WHJM/TgGICAz32oN8Ee+O4MtTm9b+jWtXUDHDtZHi71ILqFpEwJHwNfwEEEaDp/IBa/uSn5GXMARbjLSF8mUuE1phsmCFr9+kuw4JZse8xiqHjSn1qJ3w+9B6blH40pzyAMt7yGidHAvr6wZmOh+rCFyfzgU6T8dd3g5CWaZdWg9SMmvuUn+4Br4gli2d58NNVtl+alN0jXcO5tjAvA3Nq/yLyGrW8hBquhWheOFA+6b4kLT45RyMb0w16CFjuDKxxgYAYFJQIggeDw8MS/e4Yfe6IhILLtTnWBE/kpd85jPYwC4+SVoeKfo3KY7TREtMHe0swN/h3qrh/lzvzS74d3lGcJMENtQv7EySF7uY2PqwalWhJsr+SMETQ7lq4AQhDdtVOip7jGlCPRS4JaR9WKIubd0CCGXlvcQ9zNKrqgU3G3YYzzF5gfpnRSp2lhJvaiy8gq+CAVhfd0wlgulcDYyVk2xy8h+13m7HXKItkzRbep2o62eTd/PIv6i8QsJOVVpHhSCfKw01rztcTV4F0O1eJQak5+oT1uPGZswIEeLmg6P60wsPfmod1eVq5RVRJZlak0e3uOnUvCHoKFjGS1X2T7Eu6E51gQ4sGghrXCQOu/6jzUH2sLG69l22hhJ7hezfZa3kcmKHx5+kIxvby6pDClQkuuoxY70Cf+iAe8wlbycCXxLot6T7T+EM20zzeeNe7HZbBlcJim0zO4JIcqp7oFFItvwSP9u1E47ZcBJa4wVod7jqsb1mP4QQOk7606BKYjxPaev0OOYoxxejSmVWntrPwAK5v7uazfivLK8sHyNvtuFQ5f0sF7xN8syVx8LUUhYX80BRZxqFrNi8R7ZaLwGmTEZ9TKgsiRAZuNBuY/pXN2FVCtLdZsWoGYV02pDc+FAhpjQhYI8ncRDZrjKvMtZmBpHkoJBmPLjaIoZy29l8yxmA4/oiIMhnh6lENh0vOyBk+yiWGqDcfXHwkbwq971C8w8wphQsxcfe617Gj4HNo89ThFTluXBjTFvL7v3+VOgdHW/gdtjCftBpbQencvAJh80Qot6vhZm5IuXyGn8GF4SCFJn7fR++/jy3V2KW4SlfHBnl8lE3fKr/DGI67XE9KvTmNpTQl6ZFwPfHNuja8Ww1rQstGs7yB73dufy0N1aelGXPb2azfUYS1u5BY9pPki0szaC3KMflQRlmg5MMdgxWf0bBk0Bcgv0J2S50Hg3SMExOUJNlk9lXP6goLwHjDhxWCYycuiBaDD8Cm9Sgz8N2jfLyAdNDJDiZMIDAUlhWtmEee+uw55AN3Yey2Xr3O1wNg4pgbVu0+d+APS8cJEyD8CyEHZLs6aTet6hfDdgJp26/cW8QD6xXS0Cig3ZdJWaB4yZh7hf3F0HnHsj1xmY2tGAnUpEozcuPcZ1P6fNhL3dFTgQ19z5Q5DgTLQs9gjlHAilZrOaw+0ae13xufQwHrL/fBqYnnwdyvLWP2QwEr34jemR4j+PKUU//DmN8SeE2WrO/EioP16lf5yxhFVpdz9Foasx69C0P38ebCBChqUYMMYMM9vANN9v9zmiisQy4eN/Meso7VV4eOeke+1seb7/s6C+821dM7RjNWcso4mV+u85JNEoNwG7A1n5rKjArZ9fA8XGCNfuXx8BkFa5TxYlQc8C8MCDeH3laEEyArAHrkNp/gTdzkB+71M0g98c4Ek+8XW8enyhXRCbwi/evrOxX7Mm1fS2Zg6Jgs+tcHisSWKEDi/FfRlfZCD0esrn73ff1oCVG54RfiIVswg/XU5aO5mjtLHQTEXmveJPhc+b0sIv5RwdcQazF0S/HQqB6K7D6zWxCpEp+dD1uO1TQdvI0wLd4SEGm8WipzeGHRnwY+bBg4l+mjvO7aLKrDyuwGOZUCu+7DixJ66QdI57XMdzGz5Ls4WS8smKbm4sVX7O6K+J0fMHoBenyuDILBlqbV4xvFjV8z8PGCD8X47XOg2blyNh7bAlMdCHqyPZ9HZ0xJlCxAXrS8PIKgeIO3GwnYCYxQxkoBNyL9eH5xi7h16IPXv9+3Dbx/wT6LGdioLkCn1PF5389K22UGoa99hxY+AmM4W7w23wdNpAdq1ahNWcRNQoF1qruChXg69RuEygEs7B71le5QrrK+tChsDUvKHvv4cn9hzHY3PTP3rzAmv6FnhN4Jp/rfTvJTHNXRaOumAosnbWfnZ4JichTjXYIPY3Q8GEONCqMW/zOf8iS9RCoU63PMO8ZpZ9y+Oe267cpnikEb0D997SnmhBgVzKV3ugpt2uvaF9fdQxLHF2zUp9LyCvt9gulL9osRrry1ST5NztgVTg0OSrFERITO6ngXMDwI9NtzkFmow6REWX+5Vgrpu3Ye3xhaBYXFaoifypbcQn2p6woYHkjvBAYm5n8D6fYen3JOCtiUkgCjFewUWiMquuDwLDysoDvY1fMdqp549HFzCP7n05lNU6lvQdis01pdeYyPGZq7TEPCODAuMPmDeUAgWdlLfJ1lG4mxw6ZEOgNBjoCNiX/FKcQ16yZ3oDcd1SNJuhxtYqyyj2S0AY3q8uQQ0T/KtdTVEzGs/XkaKh5gP51wBz9bfs1jGU3b0Yu1Sm8OVzjhiPQ+0Q4jpz9tSkVnZWN91o2+Kk3N+kDLe8mc9pm8TQebRc5k/bC57f/gurW/sz3cD8+iIDHvFgw4/kEBHMWNsNxIvsDmYTsbzAqNj8i99KHUSjaSKfVAZIAWGuI6437M/iYuwduF58p+K6ejvSICoF/MbpYXYSw9HAWS+C2Wy8gtjEJex9JAPkeg5tt3Bk9bZx2VbsTpWY/kW9K+k+Td0TSDY9yw8BpUdjpj55HpTBh83rnbzPvsZs2MSPHpxuR+AEnpEKCV8SDzGWHVGzVaRN5367RCZgDzWQ9xXJWKLBfORZxAPlr6okI5NdKhVEDm1beaWrpZyzSl9x7PDwzhpL16eIYjN9taPO+HDlqS6MvWv9KzTqLoDgefeaxbdX7KeRwKt34XmE6fOR45ImKxtV1aLhFkFeUVjfeMQDB15apP0Y8sMbocxVGXewGVYdikNTaY+6BTcIX7td98pEZX7b7/OXTVS6gjvKGzL9rNwXL7+cZ7yyLhhGOIrqjtddJ9mI1Kf2eomLUKLFsWZxOaPtNl9zLhcqf9VcwzIlc7wbpvIpfGEa731b1p/nCLbyfVeOhx4uWKdrxgfidu64bWem0d6QLPgsxxeFwKAoLomLY+gvEIrwk5JSVfT1Sg5NicGVQWD3AMzSCFV8fWteLNQKZ7Ny/MvZbpxUfVQx9N4J261kBwhCA2EtrKfCxWCn0p7G+5wQ1NwoUe4i0HDo/uXTH+8BBB4rwcWHYBYXVybxHVI+EVvKBrJ1eobP/BX7IOMKTuk1RgQfj72wh7h8+MbJckwhL5zf0eaQVXG9gYqb0WmSSVvUBKNuqn/b4leLi1/05jEwOJQE68OQH0POrfuS+3rywbwDExSDeTPftso8CjfrcZoy9YbhD4gLPZwUXc6MoybULlg8Sb339Q1s/z5xaVStGk2qcPfpmEH63QFCoLckILyxb9IiVu1372+VDEr21/FCDkFiISELZhFd7fWdgO7YOIagegP1THVsuTlYEy83y66977CTjsCIfK3JUqOD0408KIsvy9UGTXrG5xI1LyXwHe8cgAKGPdR0D8g3RFGoUYdf6ddBi181zzOm1Wnf2boVb86GrmQksqtbqmH0VELYeVcfZBeCTXpBTMpHEi765V9U/tnduFoiy/00UTMWENUf5x2JG4ijLAUNIePU2kX41/07WakDk9LqFf0EUe6DsAp0+JTC2tBflbTOyiC8uJ29c6Qw6bmEx1s0pHa0znIeu+kkUG+6l/6ToaMtMXaBqRQnAJmJILUPNp7Ow3Qh+uWCuC+I/Ucehj/4gd5mmvzE1Cmc26y8HIYTLNaydcFCaon5+hnij+NY14tjegSzS6S+yXM7iv4mETskG8Hn4bWCT1FsXyvPtEFqiH29DyPrT3IjzS9s9uuHef1drARpOxC8gq4Cyd34hC8kqu3GZQgY/sqXvpakUnX2z3qcpTbQI+KIiLVUmfxejpI1lMeUDRsVTBzgAY0YvNzty9/Se5zzmzEo23u9WaAGaYSTkdvOF86W44He6WGrAMBAFbd3pDCaOGXpkd81NT+mRzFAzU+l9nh/5tc3ylzbGsk6cPBICPJVON5TH+3aInXy+WAAPxv91u7D2Bk2IWZK1zR5s+Xefzo3RdJZ3kWWVbvdkYxjKHLtPu0erGABXslut3Jpgfs2ND9vUNWabdKO/nR0NtNw0iC3qM/gjUMg6R7fATpYMgICe782RKsEOyUY5UmhHdW4Me0sWoCI+Wqd0//0aWZh4r5m1EGNf2lo3/HcGj65j8Zd+4dtvqqERP1XkivzZETKkmWCA6P3VJMh2+iN8Clq3J6WxMtCRYK1ERDh0YvANOfqPmCKcN6Ghz+sQEu2I4W4Lw8DtvmMX1Ae5mNrWVopC2LkfPARIFL95gf1NVyqnDci8eDhJGAkRr+9FdRMgOFzyOCe/qwBG6ohzwWVf9E7WmGNwtb+Jps59wJR+ol/7EIwtVIISy8kL/xV8yleLFhi+GnoQvXDjCRn1QP+e4aIJ63jDUHKxP1V54r4uVMm54AsmDS40ndZjzneRsraIQXswGGb/E8z+AWaldtjTT7LGAhs+T7HmP4ZoBE02aPvQTmjK8ouOTBlGW3LJEEi7zFmh6BsnF9k2BEvGYQk8MzjwtcFWzeOecAhAcgFoybipQVMYhfi58FCKlfYAEUqg7F/3lvwsoEWbwDzLCMzT/UADmL1tucbbLKuBsQSkB9Oqxl1Uw3e/BDhaRX1LC6UP1VloSsN5118pCOzyCrv1+sDjJ9fmKYhLCA7Vx5pO93gZhxITnDrisul+VNqyjVrsWVy6zbIS8BrBJiAWM8HEgniGMMxjnaFtVofSWN/8sUCYgb25V8G/kK9tQtpOovjQc/jw9y8Mnk4N9qir2iubOb2neYcCOxBs0DlJHCF9uANwROf37OjlMCQsOsJRZMDdbnld38k95cHeTU0oR/4REIOX6QlOOarUDJ9O3OKkRrnPdIEdMXWrnxnZvmVXkOeYGnN5VicvYYG5f4dAeqfPpT+l0haAyJVzr8lg7jnKHm1AcpcdozyzZp+0x7oxy/SP1Ho5/7xGbrdQJ5D7xC9kDj7GngUZtIE8xDb6luRhHmYqyjqnZq/7PhzI7bjrQhrO5h0MiJYBXiCUFLnYopJhSAFg03Qg46E4s8BpELFqpFxBTP9gu74aytUP5oH0or9YvE2pXKf7iz8z+PsCKUBo51f4RTMDkaYdRs9xjX9aXG9oxxEbSI3eDdD/xPvJjZ24Ey5asYer8VHeqP2Iszvr+4zT810A66fjBDxnH/ydw2c0Qs5hcWtj1CohvmhaviaGezlLoEK7z5cvJYHbjy3BUqcz/DeVQukPdsvan7RlfyXeUIfmtGwBVDRKZg5T9NqvdCEesP7kJyeSDbl+qU5uPRYWBz0QPhl9Xjt/VoD5NtkAdp98a8CEhQLkW9GXXX4UoNHQMVgohFklER8BDQR7m3fkNPYWQju4Wyct6qXCYrghExIrF8z+3X+yn3uuMgb7KDvemJiOhOKNFP2mzoH8sPM5L4/cFL5xxe07t6DWbzofAaGE00h97ORFfYS0y8fJ29U1WKu6p0SVcTG1YUHoJHMux+fISZXXm8zfNIkvx1wEHp0M8gQBzNcv7eKSCXKANQeYii13ietUUTOKF2M4XC0oKR4HR1MBr98zeNcrs6BTdLLRpj76RG58mUzprIb76xvCcE503VJ93QvjIT2nPLXAFtYSP1uGzwPM80GO+vCvJ68q33+vbskTDYp7bP9adCOeTjyBTSjr418sS8G4wSh6BShW40II98uEnwIX9U/sWBk/Ei99WhNKFe7qP1Mne92vSBObjOEmpZTy7j9Qa87qc15EThX+zVeeJ6AU1pjuelhATAZ7iKYrb8yH2BhxG7+lIyRQC+7E12jLqJKNKuyeuZZbaK9IJK6yBEfhFhrvIFUO2Df+6k5xmI/uP7YTWIec1UD77WpgQmXFJFTksCfjz0XQFw3npFnEK9JhNhY8k8HYTY3cyjo0gwTPSZXnbFqJra4igKs7SVUf3A/eOyj37aVrF9nDTpnt4C4BrrYnJ2NkM0BCQrMCcXniwQAnE48K70y4cHG1C9rkFADVy9iusQBbMxjElGkXfwaH+8wq+g5JE9GcK1qheiDJMvronv81vl5r57hbPRWlqmzYz3I2wCoCVQnCAmrD2+IOcU59Hcv1RbgE6pfFTtstJHFtTNdRN88dTyz+mYPW813yPAzCJe9tiGFN3prQ4HpfJwvQBrIVVPWW7ssOwlUThy09tptNTpj1436/tMSJkaHD1ohXMuOk8yDpGg9Mqbx2BZs5ve/+83OrV/hyku2DeGrGbGzvQDSvNbnGiCwLML2tMAJ1aMHpsip9YKHGPbgxwFcPs545vvm+rT2reSjML79KqKHPYr15xeeec1zss8tgbrwWrK7xl3adqLDFDr0dAXekWjJlwioFTh78VIKXeX88lLe9GPyO1JJLoijGuKDiQ9Iwxomcw9aQornG2GasIHiMbYAFeUgGd8P/RCEA43lTO5TiAaRrwtuL8Qb3bt9QYenPozkGr0MLs64fkeFBn6TW3UbZJxrf5e9ZMMqP6QnFhiDsbszxCTJFa6iemxYTAhZ/q3Hh3rCs3isy+GFNOdDHm65SM4/NrsovxccJbuyph8y+N5Tk+S8ShHmsh92169BL4MILrODyCuMoeu25sud+g5+653pCUUZMpusoGVe7E0Evnrg5VR9sFpXzZ6YWxAdngSzoyXLnB5Ej5jbdYlrlL2UpUzoqz3yavMYzbLPYYmhV8oNATC6LAKXvL3jgTa6hWIIDmNuCTC+xvXtViExY9SGcab8iD5uuk6+ZIjuaTZskf6ajDG+jmJGE0GCLkM14B0Jv5Ll8TgtnB1ZzFrY3plChds586vC8B40wPr9bH32b5aQo0HCSqKDbpr8TzCcous7SXW3lbva+B7M4MqidlyrC4l3XrIf/YgdkOrD99uPwcXMLeEc1y9841Hkzkrl01KSzwFce6lOsNqsVscgUgGKr3RBmBn8STzEnGnd1dS8aq9BR8bQgA3PyD/oy1mVzZ+v8WOSK27svrB+tUDcKOZCA3Ag2N5IjCQI3TOvmLOZm0YRc+XTJYcoWVl4JeKuBcMPxwONRyNJuPOAUZcerYU3De4dtgdQjII6zjp7t0uH9QHaxIaCdGfqoSP/yZwW3ol7AXoTVi6H6Ki0DIfW239hJxPaDUsHNfw95llskZOX5uJ0Y534vMVVM7y+oECrSpg+PDhEaciy2OIhXGI0LRBXW70fHQhoG3EEsRqOIG7+nWFMjIn3VPZKiMZqxL3V42GJLbvXZL839c2yC3QuwrDAcU66dSZm72fuq9dTwk4rK/IYfC3oM3xJv4k+9NaEbsbLCOmlVucHKLwwjt5Pxn5Y86uSWZiiHDKflJhdxk4arQKdtBiLQk0n27j4HG+hztKcwaXHeAr1hZI5yWFGLhbfL97yBkyccvlNnYZHi6rK1PBwvYn2Ud82csaODd8nxm2YGyh956OtOxap6GvnzwpB3T6UskmISqvkCWngQKP4cfUuCs1468h7iPy8o3Mnt3tXtJZBY3bG9qIJzt3smmaDh+ZwEh1tniuxzSkM663Yq2d0L2oLVwNgxoltDLskmL12/STzHwAd6nmnWfkzWu92hMvcko2lpLwlYY23DEdGpKGf8mEp80QFvVhTQ6ySsqrBY2JMEexrsgSX/YPPGE8x31OUyl+820bv1bj5J5CeYxxPmk/ec7TFY5Bda/NG4P7GD135cHHBTwfcZ4F8AOtgTfQBbwHobdaZd7bTpWILK+PdcrD1iQi8JGlEv1YUjia/11yrffUIXnVxfiSCelluDfKvXvrY+koukFDNDKHYH4QUP7jKN92PV9fVuYaiGdeyqj5T7Mr58U7IAJ48EY1ww9G80yuUtLd67aGIecv3G+hjT7vFGSt8e5dKUUrEOczzl01EJnLR7EvMBYCG8OfpXjFvnaMgW1+FdpvhReNJqGt8g1Z0KUgleee51yhCsNvky3mMZqMSfGfHKnidR5QRaja3zrTxEXhqHUp3bkTudQtlw3iMXK+rPbH+HiyKlmpA3hfRmGsHzAztnp6xwnvpXr83xiB3jR4amzuPLVbQ9mTaaXVFUTctXSr26OTey6B/y2eaSnnLQoqY31kVjBxADV73CGuLeByxCqDe4jptOWOmyGz/tRg86UtEo0HvgsCZl5eahoFfRweJVlb8OWQYO7pzLzGfnfP8QnpHxK01xIkUZdDqHW0b3VO3jmQPd0TlHvQmUSbjCDGKddahYrVhrPVKWwKG5oN5MVLrfUgW+SV76DJXNTG9mnOJmvrWGGLo2suj0a5p6F8PfnXTRJmpDNwtXkRi+cyICcqIetwHlOHfErlJC53rc/H5EYU3gDCg94Ppwqq4D77bX0qHb88ANnOQepNCKg/0E2AJWbVvbt8OZH4mDQqRUpinItcczD7GYzpqCymnJrix5HQHdXXfvQt0rXUeGx2+BUKKd+MMXf/rDcZNvB67rWVavycI3b4fcvjmivO7ePrqEmSjqDx4qGHic9R4OBqc8+VOgOx3Mhq4V5ygLkVM/Aw9cfdNGCOcdeyeaE23tliqPNz2cEr492LmBM9r64xnac1mJAST+AXUBqG+f3c/3xQ0/Rw03vt45eZznNWrfpPvTL8/BkIJE0xtVOShUWY1So/r6ttExpIs1KtM5Supf+HDFXAUYSm/MIj5KcJjWzZ3VPy0XKP0lxh+3WgjwPTFNBirWjvjBCp1X+PZsdYYfYI4Lo/390KoWrugFfTeB4foij47XmunuYrO8YpjO0Yp1yyD5NAu+/m0vJDmbQvw4ieXfQ+LjC8eCAG+7XMlPvS3wPaPVkEbT87zabXs4qMuZ/ZZSmsMT/tT5r0tf88elui/Jvht5kNJLFamoFKrVNBHQaC19JHR2eSpmE/T0HrOXl4mSQ/fNz7yoJc8K2QA9gKRKEhQRmyUKbkrkbsbD/5LUv1VFqdsIdvb/j3yWS9DGUqvyKUzEj9ud0d1safKo5pdP0TZB3g627I80OzbMau22nHgdL9tRMu1WYgB+jw24CEeWj0YRO18sONZhwSYvE66OMrNUJeIQZwhyBBDq6pGytuWBxRY5N3b8ipNbzfOJ7eLc4Esla0HQndwjNZfu+7EDylFwrqB6W+QjQTr0A75eW6FEn6zl3cGY3pP9ykhgMdG/sOL85qMhWRdryDfv5CfE6YAxMfsjEjWXxiL5xb/vUOui9CxFhlVArKevteiUj84SCuVgfM+XYFFs1cHkSBHtW9fB9zU7NvcqBrnJ4w0Y99YHzkYR2dA62PFXwlrR+gBYrx2FzxnVAZ5yATAmtsQWmL07C+hKwYrauY8fHl+ZR9GV/ua/8nZgvcmz220xA+Ck5hhLp1Eknx3tLpM36CszVlQOazxCXfxbTDVTJN8sFbzhwS6WPaURELDELh+r6NCpcV0lP9IOvFQirahv6js9w/WgQKELq11PbkCC2BFDLgklb1nv0SA1JrwW1w9/NJzvP49kdVaDoow07mMvSYSsTR49HL9CX9FeLrZ+RZRU9AXHHwm2d/212so30cib68QMmi6g6OLht65i5rmNo1DTOp4Gk1J5pyLOr7uB0JdZAhCU58mv7+4bHwdKHb0EHSvEqftYyXVlkXfrXyDC8h/HAFKXj/R0GSLZCAFn/XrTus7sjwkgHkyqT1VJXQgCvJZDyWJscYnIupG36n2s37zn9DQFN2lYJNWL/+rPpdoeOX9FD0k2+JWdFOa9vDb78YcYGk3tsy+QwlODh27U7MlUkd5VD8JRaoS3mn7y3aG0iAtffx2UGj19lHYxStdx3R5aUmglzpld8qHMQkDDhsIdImCGRC4iUqlBu/YJOx1GezpmtRjyckRRz+gljTRVvWrhq1PRZxKlYwi2qzpfj/Z2yevWJbzLxw05c7JUALDQMAidv5qd8ksoHEZQ9CrCXdnFpFB+ldp7nKpHX7aN/npypaUXd/1gwINGc/YkglNXNGLcv5+/R6i/BA4wTV7qY7mUAPqYK0TwNaJHzPb+3bpQ/xXgx6wnC3c32Ue6dgyCJGP1pG1VKJ59RzdLPQDTtUKQ4vN6T0YagRQuKOybKMToBEUPY89znDU+lCBxAnL6FYIGv29LzNvayQIVl7m2m64x/CL3gkyK9jWF+o4oUpLt3q/Zr+J5MCEuVkjf/c7UGVloH6yoUZrvj7QG8kSrXS/yvtGV09WzPPKm0sX8SrCgPRaMElpRhyR3G3w5hErSV/b90OHqF56nKstCCXrEfPsgVtxXgvJN534rttwWgCfaQpEMXOIPtbHoXva0+AzwTz3l9iPK7H8vTyKxO0rBvVsYBbWUQs8KzlT0begaH0FffHZ6dsYGX1JJjHvX5TGzEVc1T5HCf6vVwBwsKz2fl3KEgDJzoUkyK6lErs7kQVKVlgX/jxuNcgyYmKqy19qjp7kvKrw+Lb/op+N3StN7ETOKiiYzm0h+tyTT2LqHzTwZ2HAuPCSOgKhC+BL/usxMB5O5TSzUjjw/QJuJd6dEt+jFnGNHIar6WVm0UIWdlrav7ofydavdXVd7S2bxlHWOIlFL8xhOH+dh8vcjRLMsvfpl3Ou+in9iwlzTHCoJYjvac88skPKT5SkyfLgcMJ4IO/Pv336Y8NCpfRf4YDfiMGDzp+M/Rfhr59fZxHJP1JE8EjzOYcMTMJbyFtU+BYTs3jJivLXYyGnBMPUB0wgR1PjNLrbG/o95ly+WTLQ+27yDkbSf1Fr/2wh3fzlow4x5NKaEXlWZosEgW0IfJkJOrqq2QLmPS2IaYSZcf7XpUFgGmYcUVFkH4bchNTDMvuAMHaLUEHQeYyOVzknHxIWDpDB+l8XCEVxIPOqY30tQLBWtx97O3TP0n0PJYHkgCaN5qbrP1M8OdbB2r9fo5hxzmQAvp3pgkxCOiuB+n7ckR/BSdMIlqqYuVv8bSP1G30J1oXx1t/clPfGB6DTA/u5rtYjULEQbwWl9kFGGOprTRUADN8ix9TnWnoB6C6JXvXnuX8SKR7C33whpp9U2UdM5SAXYYTS/IvwxP4TD4fUzrjYOdwS0/hN9bdnla5wXOCR9qqYTtjK68ly5puvQNUnljTVaxs2uDiVt8Q4qfJ+/9cfI3wug1DRsDkYTXZrcHhou0YkFHBd7Bg9cywAf7EHuuaUv14c4HVslvG1pu0gL4lAF5HNSXl3W9O1r5GbqmcSKs/A/+6+ZCvgd55dNASPzbVzB/Tnaz0MLHpXedQEfIRWvyQk8Ea0NxCPHY56pyvpbKgpuKu+t3kusGz40i+P+AyC304uVIymIsGpwTOzd391B98Dr5Lbd89v7Scpyp/14NZ/OVjFFRjSbpzkt4HZhuaOFhEomdZzQLxoQRKekV2BoP0qYu1U4BhMZWEFiu5Q35NJo2G+PNXnXmRBtaUW7PRQdw+xsJh8ckzDArkyVokgz27/atpX2MZ2Fcl6QLt6WXbwuuj0DYPyD7xK2cPhUgzDoIAnc7/+FBj3u/IiUxunZFNLKfpTIKW+7Ihbk7+sbDwpXfu1kGutWQb1S2xvI0fLUggPPyP5dGOyRaRCUA+LsTHuMY0iAxRYmtPrypu0aaV/rhoI3qnAM7DgEVQiarS1KEnjA7DlFDZsXlOqGBYlc7AmCyK6LoWqyBnjo6eKPKnK+S8fIsBjXuJDM5293RV5NmYmdjOuVXvbDVWFYkvMs+8J822mUtbmpcnIr2Qnv5/N8pIeX84k1tuLJLWjr/h9x4HmVjG5kGGMYkfltmcm+IIuSMwCYgY1DkgMn7icjvCcNhELnqOFgkvAwPWZ/7//bRXuZkppK4o+7Ky/V61cYTvpv4RRuGLJ47JpsfqCY5tbUkeLtjVrdA5r5Ue6cQSjH+qWTWHJ/CQDwDKwHLZrWJM/BMJXkonY1im6hZQzPjF9NFkSda3omTQ88cVEj0KUS53o9/CosObbtv/ydM7Fe0L1EJxZ5VD8ncuwmE/UV6jsy4ke0NeFD4w0JJmBJIf/ncCQgX9RS0C9h1zwp4QW+VMXdOJ4FZCQe/Dj3J3g7ZjhpvbYWsUt6HJQLNzwiTOftAnS04cz7gzbU9ZgvH01iTPxI+YxhMqJW6VymsFWOhX5i5axt3L+9EcHy6MoQ8ajxJgMvsT5apNLXaI+q1w9f/k91N6rHnpZxs+DKEotYWktfzCP5awEk/kVY3izp+OLaQjQQE4MpL9L3ArS7/Cat+dkU+wltQd23S7G/079M2n++4JeQoqo/+9fuxy23MWSsrPiU1/+qMeG0yCVCZ9BSD3357VX3rMBGAqBtSUO9/jFPuGQK+RsqmFvSZBSJaEld+BeJDiCnHoAqr/UQ3M6FsSkRLAzQAJUpDJ7YzHsjuLwuR4nx+oxRJ6RFqRvlU9FpA9AXIpSBbQ+2+axzlzNWo8/YputLowEor2fSatsp+ovP5SbLDrV+kHczUWPuOxdZkM8rsGJVZ0rHgwDewy5PEB+HQNfqv1UbNYcm+svwjDYJlCcs0AXf59/WqrHkjQClZ1/45JcR5WfcYUwNo/mxly+ewnvNGqkHuS+0lTINJoJqm9i4DZvUqS35r/OhrJaiWBgSAsNEx5sex3O9LmcD3i27L/8dDlvajns9SHFHEZXm9A8pApr9CPwaLpQQxeYWDoaIdUBdcPRYyOVPImNEOO7ozMVcn1VcrO+Y/pVl42mDj7AuibRdxhM1l9XihQedL9hFQnYa8QD6F1rg/vvamp9S3T+Ip166lCg3uyn7VkRonD95loEz92NzwRSZVlBABeKEp9gq2se0ejn9p8W//dfehJkQH95/Jx7FSsOX+9gnKDPuTYfqyO2cZpXdW77lf6mkIYOMmjD/6wInqTmMCFfK9ikB0uGQOCzuVgmjzhl7gBXMYeiZ1qnS3rOyn4ag8ANIBnYh37obGNaKQYyDWxP7zUlY40FXNqXmX/3imH44I3V75b8l90S+2uBL6t5jNWn1TGRzlm893L5pGa+8f3vIHQ57w02DeruN87l7ch9PwcLb28dXj697JsqvjHb9zIf6kgI0kbmD0dtCrOaxZLOl3IQCh6IDx5EMhBKWRzDhTSHkSz5Een3OxG/QslAaB2ImEzY33cx351E1zV7Jfx8P2hJbwpGEfzntwX8IS1963Om1in82YcpfmvExdOKXj7skrUiqJcwaPBryX5cYB2qOmO3NLTZ7xBbCh45VLL2P/jf3d7t8ei1oGsFB38NOfLKb9V4mCRVJXt1YRdjc4JUKYWJxRqgjz76wc91LFShTI8lzLB2zdi84DYC64NDS1wqxxeFMk6g+ojt52ulfQU4/8xU4Xz+ObXn99JeD6hREuXA5jnv0t2FdkZ+V4aEZI/P1yQuZ8iXZBe7Y9m9IXJdtL+MhXifVB+i6TgjLslBuA8ZCYAQDbr+mSqsoywT7Q+C+rMMYi2u0V0WdXUU14lbL/+7qUHgKJFOOHH6OpRAPLO/knjzITGgB9r1wnokPHsRJ521rNSlTteqza5XTsEL4yiuKmwEX5dqDY4bupuwE4d2RNp5BfoSAWHei0lGYSDll88nL17fBYDaPqgykocZ9n417wsJGoO8dmH9q0H7qiOq/6HHXBdW8xtfeLrXn/yC8ll9WEoJHhsHpX4zOUL043vlqQNYmaVVYFPuEUVeaJ4ZEpECTrYKH+Y72GhCE9AnT7u4XJvq7LMXEKVHd4o79ysmUcRrHVsfRd9dHDhI1bdUnVgED5wmt89YFIlLK1bOnTZBAsx+3FimEvl3+9hBkx+Au+wn/XVHHHgKKJSjK53U335YhcP8NJKr8K1pGqT02rK75nuP5glpHeGTDNXJjI1xR43xVQkzpPS0clM/EFApnBgifWATW2SFer2kejgIxEYdxklW67eYDtSR8I6S5K8r152651DL9WPIxAs+4eTBDbFveJZkb6s1U5+XH3a7/Cu9AbwsKNrhR1ZaPA4CeEE/WvEpf4nH7w1/iD7QvnsPPZxXqJg4REnUFy71MRyHCWWe+iXvB2Ogtw3Xv64pQA9nsYbNmj6uWwiaJsQcboV5mco8v/OCPB9AlvS+JyBlPEmdtb6MzPbY59B1nFdoGFAl32K8n+EobmI716dQVXeEgJdJRFYJVjI/94TI40KtP1NmL4i90K2n+ObycRRtfHD1AfYcvF/M7vOD2sFUkgT6ZNuwd0DlhyaTRyjdqWTLaM6vh4aWahj4E5QlAAk+p8HOIwi3pDrRATMPWLGgXzEdKXd1KFC1lyLB7gLBGFs6CjH5ifsLzt7Q7LV+7XoC6GtGM/1ASp1jkfeEVBrHA3GlUIJV394vtFklhF5GdeO71VVick3h8X1E2/cOeF5lD4CzDIYij2cIsH/COIFclxjE+SJ5W3kQN08/bJEOZu4bHPS87bA8nogjwiIJ8e69ecsvHjJjqsD7wbN7z2m5hZI4UUn8XvkM4/2AD15nghP0ABV1tRL3+a/zR/fHXz83dqgOplTK/kEDX/PPMeyk5OpQpwYkoggC3pPNGuzzu13uyZXK6udVhjULZ/lF14NX/7guGwqGUFdNe9udVT8m1kg07AEwcD+qwvMXcnWo7DPS3/DXOFXbQmS0VB6n9dPKsUVnP6NYFmjsz+6LNyPNDjT82LYMxH3t+ZNprjTr6YDQX6t7LyqzqPpDeEv+cG22dziSJBb0Xh73mW6fTgcGZp6uLRGjbf40z+9/d0Ww8r3dxpSRBz2Et8ucihEw7lRgmZAAZ0LmnYauYix7uH/1OEw4eJgzyc4DThyg1mwzjun7rxTru8MvzPoICzF9LZmkfIs2b+XrKvavn2M5iLtF5tBqEPwogjgSRBgyaKgAffW7O6zYuIjkxDQYkX+tSr7yrUNaksY0KKEWoDw8B+QGVSePP1KEtG2/32wGyEOqQrKbc5UPyAoFUYJxTMlREq0e3IEjbea7UY/LCUGkzSgs4a7QPjux1P7OaOrex+80VMZf/wRWkS+Vb+d1ObovZ5evIrUHAfzuY1VFoz2/oCpbzzNbaMjQAuCBZWFhjErCGiWKxmealiFHiZva17SIhHEKi20C8YqvEoIozVENLOWzo+LgMIf1HkeutEjhERZ+3Q5PAvKQdhTIYsxKOxNi0BauowovbDYEoGuZUeK3Jbou/0b/Vr6waWrD+Jxi7nSdaYx+TPxe7kFbvzdgHO8KLpWz+YtHsaVpM/rIb3e58XH34FM2H37yzzqKsx0uAIpS4w+57578HFE6JslXUact+Dz/kXWYa5oS9MJ51qS2XfOmaPpG3RgxJ4qlEfI2DtKyv0hJJq0RPZiGglKj7MkeS2HLRuQHe78EgycPVovOpXe/waXkiIAsAFsge/BStqnd0cuZy+JeznNziTfwKaB3E1DGc/86kMb2G7qw0z+EgmxJQzisL6H4U5YXlZSsK+n6tmIllVwYeE3v98v9p/5sBI5ZMUWF1MiiHOg77M9dG8qGHJJ2DRbgTGeMa6k8Fsb/8R9Tt4JW+jDCloNdSJ9d8Ms2A1+wH1hudpC0t6jy/AWwSCB6Skk8S9Xz65M6D88aab4I/rTfFMuuRW7yALGkM6DClUTj6wrMTWBrDe2x9hoZqk+CgMGnVqHZIcWLaJt8PH7xmwGkohia1bUHHNUEqHIDol9x10Guld12xAv2O6TWTEYfUP7TeIro99usW8cjPDxtXoDwa0zcBajMAzbz4am3xCaDUGOD5T92hLIECF9wx+12Mpn2b5jlAtxcqu04L3xeLc8r1EP7qbG5lEVDDz79T6+X6qIKLHUJ4dIXBPKaaBpkXZIH+eNXnQg/LukQPbP87JzCCNXC5Bwy1jqNofkK1Q+H4T7Fs3Lim+n2HRSqEsNQtXUqwujHOTrb/K0BpxfsHU6vuQGUBWQGxdJ6THln7l87yxd81amBa2M+EVfO/95D85cy4Ln0sORTD/QU3HsjfseNyJsPD4BTc9ub2LIu4g2S3DBJPaSa0Gu4OFUJXKXGgcRkJORa+2EbRWX5f+bvVZDp8lJ7TuH29dlBcDdvKH5TdIfc6ANT6kDoa5u/E+OFpU74uz0Ro+i73g+/tgbb19vg3ot2vS4Fwdt3dEYTJIkkAX5sDrKaaWx+elKOufmfuN/iy5r1i/hvLCyXl/B0KDFzR1Q+GjRKxpxGo+H43At8i7p8zpEufBCKYCQj3kqgCl1q+7SM/jo1cbYrMLFgZ4hUQ3TnHKn8ev9a4lCLY8Ni0HWFFTRrfHcmSM14WfX5QKbMU/akD8b916NTVwXmIoQO0DiHhjAqlelXvsvxMgdABMoOpPAuCSYbsQE9ejdGo7dSCL/1EAoHAtY1ouMLY+eHFNAQiBOkEz24MEl+yxrU4L3ZJBlcLvsgpua2v5g08vwgpV1ZxYddo52+Z9ZSfx4pzaGgVKpAhN0ke0BxP8Hpc6cqUlzqQl+HJCQBK0+u+FV0UKzp1hV7Dubhd+GRIxjeXuaF5v18IgkHp/C9kwQVCrkAIf/puItoECRldmMe5PzpfFNfyJ1GnXUheyZ89G/gG1MBvJi9BAkaw4+Pea8q8y+WjjOFO46JCJMaYgp7Nz978ZzTVrA/tt9o/N6Wmwtj5HqqKhXbpktvVlv7dmwuf7UcjSqBxRbppVFJkIRjV96EiRwYocd+Lkmz+jqJJaMpqR+Imwxcqr/mr5uZymUMY1xSq8l8d8vLhH7hpZ6/NQl/+w/1f2S9x6KjwJIt+kt4xBDvnfDM8N4KI/j6R2rXOd1936QGJWBDZkbEWmHzdyA44lv20m8HykxtkcYqkKEEPIeKk3YVZoBcPmGNNUOLQO3kA1TRRSbNY6/cwI+NB5y4hTeD2jIx/ASE89cFeWJYBgCnx17VuBmxH+Y5JoCEoyx4oG80+TQEh1GY4S2eClDCCa2L2sW995H2fvUEPM0jDv/iwDmujG034uxGkLTrC5NMbBDS2Regnw0gXdgod2anXzb/5/+rZB2wbyn70F+SfEv9jirqKw9e7TfPQ2ADHICAZj3b4OqKH0jwh2RMu58sn6OUDL3P5nl1YsrSb+6Ao2WlPPjbkf1al7FFSLLJGjsNbOxv7RiRrm6TLen8Ojnp2PjCJh9wQsJJ8vft0GBYIQwhwFHzqravWO/6T2fFjQt2uFXm12+oYLsp5gYq4wMQUEYDm8TiwkOrPHr54EKiS/AQbU9pc2cdVGyRDNOUEHLx9L0bwwu5h1kK2zXwsGtfQrUc8UDHt93W//S5zHy/xLcJ3oQ7Zlm5w9E5QLdqKYSI98T3C5de4VV83TttA+H2+esM+OgQSqa758vWhG7hw0jZvU33/CLxF+iuDeKfehhFXmud0au0vjgp7N3PM2SrdEKXsepAHEUYYruTO1kzpjESshLvk/Vt9nhDV6MACIHS6gO4dcQOTiEqv3+I5eJkA6Q0/+o9ZZYxP/wUNgGDyu3bkvvtEg+pbh4KJ/I0ezSJGvHODP3Vg3U2zeW28lp/yEdV5U3a1Of6+CNkZeh9tEdJ016PCCxNbSborPqwWoO3OOJeu6nUs8J45Ww6mGHCPwcWxeR3jx+kklHM18ek4iGM58soJxCjY6oO4zpBtODAMORw2ER4a+6ha6xDiydlobS9rZ9zgWcGNiNNHLVO9ldp29RKtfMkTVABQ/qhnLrG94EN6wqn36L2NwKB47Y1ivglyMqvF/uDslDuha9dZgJUfDycU8jTqAYn7ltsvi+SmZcROgyF367t+L+KbvesG8fO2VM/tFk14AWvwuDIQ6iQanxfJXRl4C4wdJEt0I1kg/xPd9Kgn2JkZ1rYarJDoXu0a9crt+7rM2gYQ5Jh+MV//DqEDMs5EEwE9JsOT0DmwxsTQKxPpnN6XhPC8sywdq8zExiovMervT2QIpKJuOaHby+s8kz2ydW7FZUDbRKATw5hXWZSqFZe7lPeYgXExQQtIR5dBKohP2PkVHHZLVMM3qIO+Eqhf50NIwaXAjZMb7WCH30YDjlkWfdoar/bei6GPjspmCdjX9JPBwhVV/Gv7nTmAs8eDvMo1daLrQT0anw99hAG8XZPa6gjRCFCEIGXJkj2ZNzzF8eH7msR/mrwVnoDh7d06rLWJGqWmq6MMXQZanPUb7c6wmRe89CCjLj9nsRLFk2le2PsX/HJm63tdzclcM9RDanbhyK65lcDyplSmxVJoHuiBIy0T1l1p79e5yzoNRap/aEnUiEF0Tof0b7eSFL1GfjcjcqK7P3dm7zhq5+mPpmJsVhdEQ6RsEYnuwcmD8fn9AhY6TK62BXiWEhoIHYE3f/cV04ClBQDHgciZE19cEuFbbdEZvtz9or+sTC1LM3EPi2Y8zUr+49LiPZwYr3OluovEWA5rNxAeRC7U9rAlFVq9dRI/zdrIBogOqsRX4R6ggMBAfVzB4/mXrcXMXgkJdtf9ZEWv5Kzv29/OHXEhQIlCEN6ZGILmy5J7ysMlC0VzhThG9DECvff85mp5+nMi8O3LRC9PXMYb1jgnTho37QRu7lrnAPbIWUqim/mZ8m5FfTjYN8pJHbuAg0IkYL++O5rXKi9JcxCgjrt4Scyk3deFP/Hoga/alHzW+ChZ8d4PxcFCgqrGRQeui6ypqTkd4eVaIL/W993Avr5uSvr+URnf4V+CHpszPVscA+BuN+OAEyDw2r6Yv8+x251UJk9RlxOYMcuKyizad/n9RjIfGdYVNBRga2aEbii3dD/pi1EylcYTC2h4HYizNcQT7JbdlT5DTJzALrcKv7I0Q0QGmLHK6bJtyFW0gKGBjzY3pD5qhkmqIehcWds/edcQ3dq3bCwdNFhD2/y8xFx5UTT+tXiEl35+k+TGPxE1zFcmUpRz7ywE+rDJP28PbdwetXvDL5Iw1l04A3HGO3RjFSbzGVGVJ6pzVTjwzDmCzm51ubOZ27HiEv+Q1sf3qQj92aEhqDA8dSqB0Ni8dtK+zxnwvr1ETHLQs7q1IZXe6J/PNN9M5XIv06eIldGrEV35dcVg+irx4zjv1MR6H/S8mLW5zrWwn9jCmTiXD9ciRjM9E7for0wiv/5PTW3a94T7N7hcOylMvx2WAPhhkSOD0sYDlTIf9ARRvaoGEWztfl/8zVUPmqqBfTHB5ENuq3pORby4kW8U6yTe/d/TdIIHuqrH2dSuPBIoRY+80dFxd+8WeX6P1M83LdwEim8X5Wq9Gm4HjZxrUAkGtStjP+Z6SEdjPAlfi0y9nW9U/JdkK9t7jO6LQBDyEOBRvj/zP/AWZWm7im8shVHlDDsnw8dRY8F7p5+2ST0X77DpLzoEwXdgsffqPT9eBcp8pBlwMtIlMQpnaoK5tfWp7RaO9K9wf90AxkNxjJyBLrhj+mTJ7r6++KrlipubkV49/KXtRLImrfo0qLI4HeNfvgq9Zit1x9q/q0AiIvHZXMW4SVkR2Cwy9ETx4Sv1sHcHhovcv3f+SXuh+dpCkk58aU8Eosl1zA3Dps0M3NP2b8ZJ9Wv5Q/jWFoNcs62ZXqYD866jxjrovhWJu1f/oU98Cs9hzX9qxfYhPm0/vPLX4bSg2FoRy9+4x5FmQ3Ixq1efSjefeL+rpLp+8GTQ2LHsPi+WVh/9H3LwZqSrTXJjrfx3s+y++/TIvqdMVOB9dKoSbk5UdRKRS/k4spK/z9/2WTFShBwMooOLuL/O7sF/M7yIb08mmMPd9CZQcjIKcECEfQ6/tPKk6szfWyOPuz7fasEmk5O8/75bLbRWcYC3yqsTVhmSkmRX8I/3CCywlmgD68y+FbG/Xn5LvK0pp85nxqQnrLHHOjJb6z9pSh69dX/VQU39ICwF+zfBSOhKENYjJz1OWReyn/8tvG+iV/nf95f5z80G0gP9Pos9XoX7ya9s5yQYztW8/+c9V8XWtq+8zGeHtZ3wP6QkQjP/tDlf64RdUb6HjrmvO6t9i96+t9zbjplZy7sleqt/O1jWChEyPTme9oFKlUqLM5+l/5WjIvcx+iUaXHr5aS9nvMSJVXwv9e84lkN2BXNn7ZQgSyuItkt7sQf6pYeyqx5h8QM7ryfQyQIRfLd3+jbPzTbP/LlAZAae6uljQnn8yyd+zBCS0bTpIT8JAMnxRYFihuO94+BbLKWxoRma+9ZQCbhf9aNpOfoTYf1ceS+bf2/s4D8qo4oAU8jT6f+59v+lacrMugY2+mKwv2fGT+PhTBBV8wwAqIP/Bf/e4qQLL7BV8uY+Jb+z13Pz9vnNzmCQT+vkWgeNXTAnUIFodh0OJVbf3rrATosZxquazrO+Nn8B7YEW9McoUPqOKq9r85D1QNl8Kx2xHr9YzEaw1Wi8GoaOINGfabq+HdPCfJxbM3gbpBX8T/vwtHSKT67NpWxP0FdxoAevAKE6HZugo5if6imO1v9JY+EtvIQU8BIbjbv/7t+6QMoVwp5kJz1fHKSFw/XTKM/xOZiTH0oL+u4pxbMCYl7trwDIaOGPgyqhwnLdn1ydPHdbIh6thfnQor+/61YJ/9W7J4cp50q2+QqQsWB5vnXpZuxG517Q75Yj3oX0G30rDC1IZOfrG+lCnHcl8dL+u8763RHFw7spIa9uB7ocwUrzPVXW09HDHNwc76tJfprrsm6vQf63a+TmFCI5qqpteGhI+L/ToHwcHHMML/6/Qjvx0xMhz3+evv936lQOKg2vT29BJCb0CMYCYHpkJgtrCfpOauY8qFpa0OIP6QB3XpdIxPfGRn8q1jAX4sv6gmpyZJr/eu4X2FKRwOmUEME+i8TQOoJZX/bv17t9byw88xXhoDzLW7+/N4cXdJ2CrK28tp9cAKYjXRnaul97PeDc5tANP94rfigNlokeV5wWhEgbzf0BJDW+b9OOvbYwEfugZrPEaiToRSNG6cGeXIjL+uSK31cbwvf7KmqVIxKQi212IcnmFYzrEr/dT/nB5ZjIAMRQVbzHEJSLFqHSpbTVX07m3sX2FiZNMT+e/Vo3/M2JecO/aLctJ4I+oYdALrLcQQqYRg/M15+rbN0+ib+8V15f9gVtN/22hbTWGn3juPW5sPJZ5QJx8Duf/kkD3LMwIqXbgUceQQl/q1lB6odm3i7wFpyAvG/1lJ6KGebwY/FUjpw6kbjuaC9lDOXbEhtEeXHuZ5zAnw2SGv9BsRWv37LMfa2oERXMNqL2+h0/2aHfaVKK8wXKY441/3NmBlnUH8UR2d3etOrf49/mdf6V6OVW25LeSmedbqKLsUEDklA7zWDU8w/f/Fvt7d/uz2D3c5vaCk/H9uOlixz5Bv6r6QnP0lXRkVmX2MNktre0WuYeKSgjhJ9g4QLkf0n/Z6C0PVwgDCjYPgKtDD33y7/RRxAMASNj8pYm0bzK1zcHL3uwpOkLf7+IwIfXlTxG8nEvpboR1tFwXY1h4CHLX26AVsCN4lslOn1/dMz7SPLu0h6mfAmwdQrCkihwII0fntZq5n780gudJSuvqRm8H0+3Di8lekOHi2lvjUdIyOPZh56dEpcvpjiRI32I//HzOlDrVaSSIAO3/b587KplSgS8PsajewFZpIo77/uW0xRlL03qZ5+M6cn0v6m8H9RCMiNVGZHpNorXZlpfgwed0Ey2T8LNZwf/WhS2jB6gp5+uqFljGrS8UkGyAf4As07zaYVHfLeEpNc6fyJjLUPJU9AY/MYyHeiiKTCt8sj6Y38zdr+ZTcFaNxBt5Uh1J6O0zBLhmOkA3W4fjAT2YoRl2AMmKX+bIXwGD3ByFfBuXrAc38Z1mDjXruvqaSXB/wPtmZOQ6FLFeWzigNKwA4KiFpCufQ+mKDK/2k5hE9oOZzSIXVbR66gtDWL2H8X+uU335Z8vw3xlQ836wq288trjujaXNK8JksAwG0z8sLRIPW0Lt334HzUI6KW3AeopYPsSG7NhE2C96eSP/AcvHcf3so01OQGECFXc+DjDpnzVcT6Za//mddHfxguwz5ezAqxkilYw7e3OMdiHIbHXrj+au4kpgBXa9Gmx2qbP+ZMs1xGmOIC9xt1UtXD4Ak0G/t9DuGXivhf/XgW1s7+SRcw/nY6Hlx8qm88+1b0gVDI9FDZXZ5f9UfhaZBFUP+3B43Ovhhmz4Ft8U2CAVMa0DmIRDE/1NO3U5BbfuAv1EVV7h+imxnNPcHeiLl3sjuon/tcVL0eVLrUyfcL8neLSzt0ssij9rwwwvuFxexalwvuolpIuKz3HSZYZu83TMk4wz305R0x34N5x6/J+8VP3jIIr3apgnatLTGyFR0FaK+kXl/Rie5WL766+nxEFUSyzn5H4xs2sns4bN0lfZ7tMplndUf5hKpTb6fGAMZGTfdGDfz6q3WYq3qypaj04E+588cX/JXnooiEDs8JH5xV9AauKeWd7Jg/Syewxxfz1+rIgI1QbaeVLgsr8h5iT+rJEXC11heHpterbSQ6XulVZ9s/6eVsDTNJxX23cfeGp/FXDgxLGeF500KPE1ta4RaoY3nV/zw4kW1Dgrahjo21djLlDzj5LMMWhuuuL6EX22nY6gDTCyCySTiv6Zx/iEqnzYfLCOZJA49J8XWMzpZpLVpX3CKmMnBDFS9Md4PaontLkz/i0Cn8tL14thPPR0UKGffstpcczZQYvQS0o2T0Uu8uAZ2PU6dV2T80itEANDBYPN/1EDF5UcAX9E4HlXGIQSBehcBPMakK/1BozjANn1+KClK9OKf4wnX2QMjXtvacPP4DDDvEYtevOX33AN2t/0hA0QOb3vk/LEp7rDhi7duwzOpYd3IggqzpIbkSnyct/cPFehCmanltbtdcSKcLCpzyP5UEH+40zzVcdHuPbasgYIGSJaPpKXzVQwVfAgcpfQVpji/5MhkGWoaM+Ycsm2dHXoyCjVm9w0gn1z3CkxZhUuSCpP65f3o9xZb0orhb5LWXwunZv9ZiTlXlxWoSZ7UFQlx8Pf3nfZeQlNJV4GMM1UfZ/MJxIUmOV7XKWYCqv6oAILOgKoESNaEz5bq5IuXsefIAvgKGx0yuiRhvfdsrBU6mLwMX0quJCUyMmJRu85NLuN+EnqSS3YJVSPmCPf+rVT7XSZ7s6s/yn/inh0steh4O9B/IReuN3rBp788vxNRXQ03J6dNeSkm6mz33YLsUCvCzwP700k8Ybi1GD6tyskAeMf2o4vkTFAShiktYNZJMnKT72x94CaetVNjOl4ZIjH+J/3597MzKV+IvZkJPDJfGRUoZ7se0CYEY7OYX8Xv+iZsAvggKvuUbnCLII4tP8gqFSrh8Hf/z1Z9hXO40TPSPQVqhFh5BdiBeSNhOha1JPuyvr9PJ4PZzmVmQ6fNYgJML82BM5a+v8heRWBS5PtgMjV94V2dw9qpRoYoRS3H/qigCNqAJdPEdWTrC51EvAQsJ9mw/rzdpveXoKl9DRZvpWtG/+JpECz+fcBhpozJAxUdoarDUgxUXLNFqc/Ij2TuePIx0g9+dlPcHMq0RWMuVkZgcJkXPITo7NoSVenMrWEsaP6qOnlv+JD/sTM/Ad8PyFQ2jXj5duk+M9O7LM1wkMAxXC1wa+KcoerdyXyZJL7Zqy6C/lEAbOSyFBinYz9cBUfOd+FmPhPBgX8HUHuq9nQYNmVhP75xfnZv9/P5G7wJHw0AuitpX7V/yYESHfV7fH5PkluzXdQk4yJ7nG85GhrFnkWgAa6vT/rAkI/vEMTLosFrYze33crGd/di987cfbujKtbpMDu5BBoGm1EuNY6gP0B6XAIJhRtZbPbyf7Ne6Esjm+qWSiCnc8AgSeiRLDdMXAbnwTDXKeQKRn88BM9XtWO35ytXhbIPDbDmU2ddvAIKOJUK1MoLweJC5a0zqvwmfVn1mo3wVdzD96TEBYdPvf5JZBBJ0/tpg4FzZhnXzrHFmm6/hpi2KBNtj8IjggB0i5IgI+QIRz/mJsFoEDVp/Zv48qRRtX22yz0t86BN3eMP+HTmkqhcbhkluJaF9vw1ypPCocv8LaHnLut8gUwVr/rFT61FQJjvLqT3S4LpeKRhfatgDpLcn7pL2+BaVIYEUy5Ht2YrWTFpRPaTIvzzuUWdXn3jJe4LPEXmHRtCF6vL5xZti/7unA6aKsf8xvnL1Fu1WqHCQ1WoTrFiFyQVHfG3RI6m6YApvM5NjHV0Us+gfRdhoWE8PByvk8cjQjRCJAUp3hDMqfPYeVPDXpQZmiX9ZhxPkeEIjW+qYzcjyKw8v5vp8lXBzfYN+qP3xPYFes8866BoIEYHhJqtHbA3DvvXoj0cwbAy6G0lAnbGpvwZA13CgLd/xGypQsEKyBfQhpBr1fKlnHeOdP2jdtQ+4JB32/Z/8+GdxuYmt5VCHahNo2Q153YuVwt2YPAymWAsNVrc1QLAzi7/eW8aSSgS2SujYlYmuHhn+3cWuPdiyxDaKAoXx2A0J+0iLeX9jmCOLHM/D0fPXdBB4/XbaZmCCncoE2RM+2Ha8XdCGcgf4xk+xbAz+K9Pv5VHRDz32aJGvs+8ovtxtW1HSSX2k5365NxE6gpUS1gTeC11i8+e+53TREbhPBffp+Mp9stL4xFyKiBL4KgIQ4EfRLmObIH1bkw/4UmD1JXntx9f7X9PEX06xnIiqjotDPh5LQwMHM5PCp7cIUwxKmChWPISEOnxyS1niRpthlXKJo+TMkojJf0P8f5gH9ocA4s0ADchaNdowLr0RdRcIs3vdD05Y0QlNDB7oc+udNjMh87BKQebDGhjlL3slkTUa1Kb9TSYciGa5oImAK0tOyA8Fr8J2aJj+2fa4XIg4bYrxoSPAUQGOUvpj3X7Fjy1MzpvPRmsYB+Inb07xkDa1kB7i+CCML3Gt7Ip+iERBSnT94hO8aY/1mJi/yCtMg9IbfN3SBA6gYm0D+sT6kUuLZryKeo+LT5ZbJBdUd4MrBpzkshmPNBT/6jvFRq9kgGG+L3WXA3AGjMTumJV1313Dfv3Ui4uF9AsYmJBwsb+xObSGKzncK1+lZFA74O95KBqLusqLzgPLfm+4YOtMmJdL6KBK8iprGK1MTf5C+0eY5LcYEKtRgYUHaq715IQlXeiGvbM8XoKcXRgbScnZP+c2snu8ZG2oDKKrg1kz+7aVt9XC7dEQyD+Y6DitVWxGfTMx44hpX3ncYnPabYUZzxhWBs/KjS+kNB7yOy+Wsff8+pdt3MmJ7nX9LmlMaBDWhPc2/8WP8je/fEYTxeTG/2rAouTqXyV4LwS4IHt9aaHEFqr1QyU5m9Pzfx1DKArH+B81+tni0FYSFRt6u7tioFkUUf7kXh8q/tyI+ZAcyrVkPUl60GIUcUwukwQKcPB4vw44VR0PK7d4Wd9zAxqv0wOdvmE3n7mrV7pGyDcppElKJxst61c4b7/qmXZUTH8XMUncgXdrGHHNwH90v9o/0HBgNApOsrp9UQVAOKs4bopWZA8mOs7hZ1XhF3GgD5y2pAIITEuzz3ITJC/UHGEIKqhp5CbmiN9tOvWMfHcBLRPUdED5koRRQvq8BtMmB9aKHCh3X09g5ONDeIMU99hdKevnEUCpIxMJz/F+eJc+ezm4zTBz2HX4dJ6wK3A4d2dde0ihUmvY2eTVgBhNTBfVEJIB+ANF+Iv1v74HajGK34BJhEXlQuxO/qtUzCcCXZ9ddbtfyuAP+DyafRijQfsGLeplyv4CumBYdU/Uvytg3BEnfV9ZoEJF/o+rjLI8tFhxAPubAvcrp420nYGeoyvH9MRqkd64fmGAq5ldXCTzNzp+VPuPFshqHdvlcCnsHxeM7XHa4oNFXpp44IkwXD36BU1MmYtBDisct4eDqLbBlHO1B4+g25B6VsJ+rvYc6+AbUdqB6F9qLTxI5b2XYuD8hkmBL6YAXiDtMUXq37PgxQy/2kbK+6YI3As7QnjLCXTrlZqoOlBp22VSjMxViEFGKoLRGQ/QAB6PSCKXOwRfdvuRKURIu2QYaV4a54R2p0roGr0bA7GvpVoYk7ahrpSu16H5C5x/h+27O1+0pBjU6pnDQanFhZHF/2XnvbyjRl2p3hRoypsjJKl90XFP+GWxAwvLkjFSKjkUd5JU5SVjIuKD6FeUOFPpJjWz7jwYfwWacAIHKMPpqxYp9HTaEAVPB1xjVLG9gfVNDD8gc3JF9/rCAYqf89U8tqU7rJRyTJvkB1Btfe6PgWrueNDZzqIlTNjjYENi8dY+K35QJNEjH6KAt2ZvowMhTXTTXAywyIuTgEMZ3dbUEN9BYzLdahTD+/6eDTJPkK3zPv2C2Og5bapc6b+RzO03AslvWh0M5vhczbnvvXtY4ZbB30v7ErNB7lxql1fxfJCKGZ8avaVHA9fK/EgfxJgJBNOQa1HL8/t8bXlioBrPcjtB+iK8+zCJoZMil9M6vKtq0WyuLL34YxE4JvF/1T0Cm7WGIg+D6DCCc0m3Xb1fwIncvGECVRMgP0H0yxCwP0Y8BidpkBGSq7UrqT7I23mz0vt5EUSPvnG7EylaJhZK2noO7VvS5wVAUkwa2V79eo4+SCq5BwM12ssV2/mhvk6cDgUMvNtiY1asZmfChMZk4LP7Z1/B2voVArAT8YmlTVDXV79QkJZxv4x2PmoLzpEoDuZ9WHhIzGwa0hlioBYVZCmKdjeZfVMMbYja4ph7yfJBXJCA+02PAMcMkqONCznKx6C+jjtKEG6jFMHoZu30vvKKfdhkq3T6w1iOvHaoacRyFYppPZKonf8plyIGxtx1pxTytqGBoxD3Jc94SJP3/XX9vXrM1UDAX2oumXxe8n4WcTQ3ok2g5HlPiPmeYM6vLKxpl++c+AXCF17P4Q2rTk+oHl9XQ0z1tgwRdOZK7fUKAFQCJQ+XmegqOzv0u9vvDOKiNw0mkovYe+qE8yQLt/0zXcnuTjviD/kaCMRKrXhpWyCDugje46xuGY/6yZ5K5TGi698d4qn3gVph9E3XU7npzih9atBhmUmyIICrDL1L1By+oZvTIJbDvCQxlpVaHHyougX+euN2P5VQFgu4kI+t3T+260vXWiDWHWQdTRFSTvQwKN/HU/924bLc4+ux9KgygGyGT1mGgL7YrYyqvXN4bHFtqS2PD2sjAWvbIzmxiOZdWYqGQTrezFLtyu9Moh77iKNW4m9FgmISwL8r+4PudfyePyLwSA8IPvPuHd/v3WE6uuojuvhou2DnDau//Rpk/Jb4scCrOGB339QZlIL6AA4rO6yxljcwPXfhlcXzAavT45MXLXXsg3wop1aiWlZfxRGobMD3TnwAo/V6/aGDy76+st1ffcYWPlK8UttBNUoeplRCqEEF52oOBEjoilvfyEii79OFiDXQPk7k4WJ2jis1G3/T2kprf72//Y6l4QHmjiDUASCwFKNnseFjTJUFcoTpe1JOUYjE5RucqPQXYTO/pvuHXwNamsn+N7yBIlbPD2BnBw5aqZ4C69icyLo4uBSTMcbaW05O2DnWcum0K7i4NK3haFF6AcvR4te/KwSxo9yhuE0n8HJd2716VFPWHO86l0zgrMW2l08v6mh8WwdxM9S4QDbh6+39VarqjiQZgboOqZ286gfEfJbIgfHRFbgE7uaXsv46Dz63mGXjkZ+S4sh8Iy9gbGFtuVaVUWgRbsh9V08PaSUYIxMHgTWQE0xpMSDe8LwnJUI0EbVf5eSCWz0epYyG2M3+TdeerLJvN5mT7Zrzuw7U6WxShnNohPhGa7/MQHZK9eqAoZLWx0DOL9lwlLWBxfTw4N8YL62xmxehw7HVE0AMKebW16DJl4lZWyN6bPYXNh97X3Eee+MYBZH6N3O4gOQUrXwDQFJyLXg1961Zsa7FwDkOjRRD/fjDWG59pTl1DQks0U8TMTwbMjuG33xE5Iaxvrav/CEbBCggAXil9eNX5dEtYzo7XK1BKyB3ixuIurBpwZq5QYrJ0AtVTT545Pg201tziYvNu7xqxbY31u2ee00bPR3qZRyminCIjxK8p745kwZczPHZTimRbR5/Kjtb1F//LlqE2p6jrWtrVsunhbCQtBS33Gq2HxWPhoN8bbceFZ7idvV9zFDtmfTo4qR38JR6B8dYB0tyDKk7z0WfY4Ra5kVZ7eyIQ5EJghAqrRBfCyogKP0QTr1Eb2UthbhrQHBuIJbBMVNwwoa8ZWRICxmrLExkt+peJcDMgaALegqina358sCu3DlmW1Fa38CSOt1o0FKeq86yhRFsO1z8vYVRLNaHIGyO5zqejhtGihEuxrAMxHEjgE2f5RoH4nCtYVIOtdXp/lN1IRL0Rm4lehg7jzxok695+zpDoUx3FcTwk9mNyjkFw8DWn8PTaCdk5X3OiwaIYzYK7QRaoIRLJE5MqqFb90ny/JW5bjaE/ovxbv7ECeCPVYKYf+0dB4E6gt1wdUneY15xBB/F3hRf8e7OVP3WftlX0i2ZYjTTxXZrth6/nppkaxMnJevkeprEziD9ivItp8G78H0M8DAAqyIM8qz3l5O4J1vs+2ZzzU8qhPBZs/rD3yA4lMvasIkk+uv9l5/uq1BfMKnv86OWi55wuur46mjBdRaZnFA0DiY0wfpCNT7I+6dnF1IFbGx5s8rg9+zngFXVuF9l+zdfCDBD/puTIpMt0YZ/hIcksb50wx+hIWKi0K8T86AjRVR2hLvWMxHyg4s7PpzQLGAPIU48Urd67mRPRssvbbpnXDQlvrXf0HWnKRYa/q3SHyRotKvKHzTzalcJaYHqndTpA2bouOoXq6zghYJCqVm4tWBwfjgHuAOKqun64ocQDbuA8dSTpuejNO/VK2j5fbQKVk+MeWcSvT+I61OgrqfGoE/wQnabc9dWi/Np6uD74uS2Z8NRird9LygVEQ24V4N2+L/hPyYGwQ52yAytOPRjsp49Bv//3ujfnBFRYQWmd7TxpZn5BjIE/a56PdBZncUvV09QGeVlgwfsaDrtAwI3B06WPpNvrcEeHGYjytvy35Jir8RH/sYE6xWlOulbYeXQIgwrCTpBRHuScZOwMIwLzwr28XOU8p09rCbZhXRUtmw+gLZ+iEBVdEGcldV8ZQpuIkxbl/A9W+VvhAP1CkORI9SuTgXYwJEvtxJav70BKFJFpMx3Ys/j+aFGwFDiSAc8oYIBxy/AAS62Gt9rzkC43Bb1TryMovCP2vUJre1in7rFdvg4My83r9ARwrSaDJ+CPgyjVh/JinMeAJkxoEg5bQ9yJ8SR95IHRz7bxCxHgi6jYREgzLVRwjJ3+vTYzqB0eyGFRuJY3U0E3XSCESDQfbbDlfqF79L+woFjTEtWsqbi2sg3MXG+eCtwUVzB3ozISb4EOJVkVraLGOCBzWbjvvPmOTOJxvlux+eCB+rrdFI5uTWuTTjOEVWmFspg5RWs+U3hugKLL1BEFHD4nBSfSaE/LDapIIEm/Uyvq6HHdfc+JWBFmyc9+DiIrda2IbrQe1QAU9Sl67KKG9kwNbcZzlWlN1bsw+vqHJ5SxmhaKT/hMjuoBcgCBAFYlt90Zjm0cQ19To9Iq4KVAk3aZ3sNbBUDSQOZgyuZu4eMzUKyOfF9B4OSEWSEBDEMin2opDc4Vj3tj2Z6cLcK+oj3dwzQ6MCRfR45kUINcGPnkkzoOrsCaCdrHLJAb0Qhw59TfA2ckMYPepy3IZk3a/rE2tvs8RqcIGUPQI+Kk3k+DZTpJrDYLE7jLTbyli04KF/tLOO/cYaqHYeEcBwZSxWHxp4R81ILCoK0N/lYwXzRdm9DCuB6kDMsSBObSC7oObwSAZEbXz7WyDDI6b3AyuZlb0gC+VSC9X3B7GgoeUq8SgUlaOVY99RX968bVltZW3CfgziFI7QWeL/P4lXT9XIpJprYoT5Eooi6iQTmYIndNPsuAUT6iTxItkh9EGVV7pkLaDX5hfZmIj1w6mO4wGoA6VqpfvXUiuXjiIBP74P4kxwZ+CdPD99qKAL9ICmZt5mi+6bbYXYsmnjgHSXiC8fbZR/jZUBULmKz6Lko+9F/AwpmOD152OpayjrBMIrmjWrr8Y7C3Zm2lYZQyNMosMu7v+CRTXhUi8MFdfuFEN+FumkE+92/1eQkLatWIfHQuLN6dDiTcI3rsQSktcZw24bgzJLMg95mgqR4WLxGSBZm+075n0/LmbtqFehQ7gi0yR7ffBSvfgeeGTz8SYAneYipsJsQB875CU9Iuz/STcfVNV1CzsRR2a9nw3+1P8fDUGvVyPMCMKzNa5yI8zmGD7kidCqvXEsQhQdFBs32NQJrKjpsXcuUJAHMukPDyVrXp6/4BwyJD37CUv3o5Q2NMFfcmnz6sC9cstrRrHCTfwcw6yAsu+FGKrDAd6MIc7hvcusOYWkwKYH5PqVvCclkxo2likqbMjYGkPxJqvMe11jejRcISBBGZA1pNvQ0wdiVDbli7wAx/4xOgcTXcXCyj8oAB+XP5wMewi4mriBpnty/SO7DI7+QRSQqD42BcltfO5j67H4YQ5+Ye3Lyuwf7DwSo00kzeOI1OTRr1qJkiiLfvYOfz8i5VzTMxlxAlNpLem+lzLEk3kiTVTgBgxwbwFoXZrttZEsZSPsW3YOaXbpqhAuOROWb9nI3vWbAE3n/DqOG+J6FioAXXoq/VkYMHB6oZc3C3jDdMG+igMYntyP7hT+WGKjeeF6asD4YkwzJ0aWiiUt9yCSvE09eBBft9ajGMyv7rPnogXCzbR8Z50pD5X2FfOaeVUZTZnNei71NiQCa9+Gh+W5XbpkQtL+6GGzVCPN0tF67CPUM4wnOFgN6nRBwLzFv3hPD+bYenRXT2BRGOWKuEhrKzfdVPgZjhuwmvuY7JDJFsxE2Nj3vkjfJc/0kcFj7bSP0aJu696kcdgfCzFvy0lwU546fPMvlR8+EPZzHhdCbsYHIJB36lg8UrEnm+/PrUL+gpKn1OUiUXgsM2pIC5FVhJkGuo40Uo9FB8agX1nhGp/dAXsnlB4qsrd+gTAqePtV6m5AZbIER1ltbRF5LbHtAoPaWg2OlzYwJETO/zQS7Isj9CSQ0TqjFhEV6X0U+dWCkxnlnQKDsozG8ga9ZLPwi4wm1M5YOskgi73ZHezWIbww/zIII1osE1OnI30pA9yT6ISqjbCAYiKVdUMFrMRFv3aozDLNNG79dffHwEIu0UF3Kh8YgkRAtMtDrwyhYfnDc58x3xSwXyDl85uI1gDr9uVn787u4C/thP3d44YAnKKO202d3iWVDynqEDN6dZ6YxqXBvws85vLdTADfDWkU/B4roIUQhpBP/dHlu+KADa4hGYucObM/Mn/RRtJoJ5cWjNt/9/NaPhbIcj1C/03ssbbR5dhUe1EcRSfmWTeiwK3fdhXNdr70zzqXbnO+ESd3ll7kCHwVrwYZuS6NSczaxG49Keu9pR773Ic5yhPiIiV0Tq8CERpHAen3BiEHmb/fY0nbCa7hbnBfKDd/YLU3vYWMyImKU7sLMw92YtoUpodmt1XFn52tVe7MZg3Xf/NS2+xalYaRw3zEpVLCHvsADRfcveaavaS2JUexFB6UePK+H5H4asXZewVWyk8w47qs3wN9Ulg9gLN7JIK2SnsNrWMqPVuHLGpfDaTM7ejCTZRilxPaMhUa9c8iL1zQ3x3cA/r9opumiaAg5YdlZ1lt4hUMqFSJ7u7OvFqnYJh4qEnX1npifujdS96toYRYuCqyKI56//L+8JVbYBX3LlzJr5QJyLXdf1qLUu42IlJfopps1sL5AoD5EoYhErN9S0KhRB8Ex5PMpEjQ6htIaJ7iHxZZ4/Zww7wHUjocDFLuDAlR4+ICIiyqP6bzrORH3GNgsRJqJO9UKWyY6PmdWIAlIP2ZbzKs1fRrWtr1fYff9eT1L9yV2W8FCdvbLbkQBs9qsEZ0/KBVb7EcLoB6FiddXRcwg4lHcbQd0NZPteAlLmzsGsf4aAxUIYKNDocjziJls+hKDtu9sL9MS6s5RB1gO8yCq7blwJV6U4dPbvg74kp+NG81/6awCTuGelgtEcXZcVchWGWiGQFu+sBqvzDFjfWTUyIZ04rJjktqYme8UTwKQzpHSohBfMKbVJrkiKP1oIKw+jY70J/Usw/eb8i5osym3H3ahlF2zXqhr1RtcrCT4crgk6OpvCHw2s/8VKRhePjZNgrjV9mHcVXBf61DAH26X+bq+SdUcKIy7pKJI6doM2cgGkRDkRn9ev/YKKuddJioEznDbIm+Koac3yz16LmMvnjA8dH6/f3LODDtFzhS7JsJNBak0pHmxzVtPQ/hctEhkBG/iA4d+0Xy/KEcND+vgv6ErfIKZ4fFI9boxd02dBxIMWAWAdXnG63uQiDFPkh5G7BjYHLhTJjq9KTNjoIoeH/REUeeLj8A3H2it6BkoTDgnTs1j5cwEWdxM88TIJOiNqudFcsfIJkVOrC2SS3RNFTz0oZi8dwXl2knMYBtpSzn3xtdfNTW9AfkS1VWqeYQgxlCFFxz+giJNsEBlXtW0bITx7DWWtTE6mffcsSX1jHbXRGbSi/El4zMtcvEhU1ABy8QvhUfI7g2sO/F+Y8sXppfn9F+xGj8W/k1Mb4jd3CNMVn+7P0wopgNCsNOjTarcdJFMYs7QYdfCrUAaHkTAeKI+JyBFzaJ/Xj9XKFMr1YdZR537+q4xJKYpub9EZDKS4nJbe1/rn2yPu6UkFa/iNkVQxVUA2pMxO+TZl+VwxmcTdcxsKAa37u8YOZdjwOcqjKAqV17Y8dNzBLOYqbwwaUw03+c5kLqVLlYlUs6f/vcNurANsI+uHuJGxr6PanWEo0kvgzKdqtIdMAd6/aY4jSl59EncKfHos/+bMuG/y0n8NEr8rrTH9tf3syQc5mkrflsnTHFFcj+v/pbetCl8WoOl8gWzeWckE9HaT07oo1vJ4AcqZxLtVWm3U73oKxp/0w9TBcoVEosj/YjADwcOfVSB1l31mj9sDrgfUbOqS3noCCrMvveNtz2ZHpoawnB++54xT7QOkgCEtaiqHjpsFxLgslxBz2nDOtXqQfn2DrUy6v4cCI8NAc5cEf8+gkGgX7N3oi6+QEbrEcXjkfm1CCJcoLN6Sdtx18vW5/1bivpyuod0gjye9uPA8MeURlJ2f3Uerusa5DZEd8zucasmCrlCwTVUZsrBb8KSPCTfy+KNRkQXYh9pE5UU/fGbsZFa8mUoF/1LejpOfLOueeJnGvRkEPxzKjL4QQYdGUiPXfQZNdHTWIbRDY65WsPe37AqkMXUOLIefOD5KEayV85KVy52w5CTvUoW6Uj5onNospHHwPve5w37/SUT2okeFJo2RM2rmyi/uJ2i+9amSCm5kL09cfMHzu6al2dGOrdTccSqNNVupsummekDTjfm/UB+4I+8ho95GGVZFIswIamGN/5qupkhlioSLHhtb/CQI+x6H80Jn4+VQpec9YqBVzjUnN9WZk/r3UHDxPfx9OCwvBNGFR87dNW+b9OFUbhm3ZDxQBDJd3MrMX2X2CbCbNsUeeEdP6cW6j8a/gpihbnXJY7z+UsMaR24k0lG9AYnlZ/GIIMlYdTJXigxPF5GUO5cwDCj8Kv3V3W1ZNv3BVF+l2E+V1vKS+NW/6qA5fNKbOUKd9Xo9xDK9d0fsZOIHvvz2AI8ZnMxkyKlSy0HaHqIypf8+b589fgqY+ePrps2p5LmlKTQw4s82fnXKICeyy8v3jAewr90nHGSkRGJPIXQoigt6iCQm/ub2SqFCwzimA+1ZS/5Bfg0rI7n/LPnGVK2jQKhobZSCcyPRHGzxuqkh11hBAwjQVasQWGv6kNpCNKPbDzefwMP1Q8sOmO5D9wbx5NJBId9Glr9Vx7rImj6+oRxcLPbw91msT+S4NhPrNM9JZH7EdHFZqU550HdAtG9wunLf8aE2tqFlG2MmVEv37SV6xSnEz2PLkrIXSfaTHW0ztiEW3ngl/SP64saFQPaPFd1JWFJaDVOH3FFm71fyQdWuwyIrbwzx/egrDs/LiVhwsx+EKhcvGFio2k0goFE4T5gHkpieechMYGqpZQs8WL1PQe4OMIFaz/8q+Yrq7FLB9WIY+eTdTgI24tAr11/oPkcxLIsDvYIDg0f6vNdesgojTyld9jlRTtPHp31pr+QRCynUzH44S08+dVlgo2in+X+YqY7wys19YpnAXBVpzLK4EUwChYTrpOfHF3Qwqd1oOS1OyKMeFLFdla/CybBFWBOy83rJepAWOTYDJXyzBjzHW/UhvxQpxCWwp0SbXn26IFQDmmT+hMjkE2dQeRljhZkutozMZ0PaHiHR+va4kg+JkP5mM1sbHPcat+KY0rTgbHmJIoPEenflUJ0RvzBp/PRe75Oz1PBow+/po40uCK434+TkfNPXG+neZ6GNuNJ6tJs8TAg1Z1jOh+JBF2Dx6h8hIJoGF8GTG2anhNrGTPxzZmX5hUVEeyjxMSX1Pm0QRI0Mk+CDcVwN7n8L+MbtWcQyWzIaFt6ArkmacNQIfiATBjm7vcNkNkTCHLKwq+lNTpLNBbJBmND6uxtndtqv9nndR7cveW9FH1wBvWIdhckJX+ermLatKPRc27gj7IRobW1cYvT1GUzkxUyZCFrQb+mYU2JbGt+9kcfszmWIZ8OVsMTTHLPHAimL3au8NvZesVmCGaF/8gF2X1Fuqo/MkGjKTaPQIyS348mcd0ceWjv78O+qJrWiY8ccq7btL7KsGAWxaSnloey95yS9T0nrvRRJJ8mMfLhgyJVNnJVZNALAW4p+SV6ZxWmBx+Z6c519bofRqg9wuCTKBbd86kkSEZaFzCsm+uLnlakGjxj8WRAM0UW+8Gj5KocCpIOI7XgxHGcI5450wPsJXuoqB2v8tDuom/5Fe0LYsDENsns7zBPMBq3PPNuH0kRVxgh8yMnmBkL8vGuepxwl1mLEaozJjJOy+z+RW6pc7uJJAGZUMJC8IapgRS1iq6KSD4kkgoOPRiWDyLERF5xCRiVUVXFTrgbxYUAHFYrX6b1kMpk0OoDyCHKa7mByA9dROS73NeyYyRVr7q0mashG2ecCA51SvwP5EujEFzHsi8PViGmZd23TJHKoSLvoimacKDxD+t6FHZPcjK6w/nQ0BDqmMqr+IA7u24N703wTFYajWid6kxAR8LTuWyQcoJCbJwBKbAcQ44AknpDO0Hp52YQdJnmKDdkewDZU8RpQ3RYUjKfVRBv0BuZREi/HEUdv2v319WV7TS6cOF0ui9MTx4Ya636I35hiEDRmFuK7fFYLdruNM19ocYmkAgtdz+PYlRLRO9B4Mxc/eU+7SvwaPrhwEzHESo2AEd+9D0+LQIpgeUQucR+oeieHPX8wk20Mcw0VqxW3+/j7J8jIjoPPDxk1uJi5D1ee/8znDBmovteb6KFOOTwMB9H/nJuCem4YVYN5LJchQzTNiCHuU/ZgwZ51qNOHrCI7IVbvo0pa7VwHWTDOuksxVzZ2O6gw2EEVtL5/QQ6+7y4jME5P4/sikGzhoC9RlKkJPh+BOPgBo1nzuscnEfrM3Yj10HIYMwFk85H/HyQVheMSKHdSn1RGa5ASF8E+7eMHMEUyaIN7Ae4U3DB3IfzCo2AHpsDgF9WJ2kB5lm1IaQxr7syGgj7P90J2Eo20kCT88G4ylYk1SZr16x0oboJK3mEm1nMS+a1jwvdfW+32HtcT35VOKzOisfI7cPLh9nVmlijNTbde6QH817PxnRM3w7HbRHdoTV4wsG3azfVN39J1BdLX9wpSowuLwpWIJpBd2gaQ69rsbP3FmefPb0gUiYoqVOSF8yGJZQ4uJlxoM0js4/uDEzXRXxsB/QtAf00WnQYibON2PQLVChipCDws7Mp9MEo3SKU67jU402aPnO7H0W4DW607TNJxsJT+PeRk+5E/2rExUn8y2AUQ78Ry8AdyASViS9A2dG7nPnr3nIqJPo+J2xRXd4QyNTAv+cvj5B8c/bqzFciu8VDC4lxFVF5eblYlMORvIeS0WzMvYmPRKukJWZM9evYldPrrJhhGw6fb7ru+/l6Oc5UeBQfDvnFWdezF7khHOsrIviGfSPlY8Erjmd9OA+/w8znQTRgpj4YdtBYMkO496dnXkTuyMwW5zLDgJUb3jRZ/XVJmnf9ztS4kGIiG5lmYoUAFEgNfNk+Sm/vXvcYC6eEr48lrR97Xqf0G39Avr6Ray58eJSI+QouVz77Ju/ChSjOoRiUHv517ogeG/H/Efcey44DS5bg19SyyyAIgFhCa62xGQMIrRWhvn4QzHz1XnWVjU2PsL6LtCQIQkR4uJ/j4SL1EHtTgy9U9CsCz5wzv0zUqMTPq3FkQv0SwC+a0O9PKiffO8P2tMdrISIQa6Xch4CHw3xgkwMpXwuETNDhILrObm4L8T5ky4iM7POsOy9Afv0z68wc2lufHkXNZzCco3uaSVcYzrIcZT81fWcLzYxGmZcgp9rO33RB+IVEgl1r+Fvwt8t38mLP1Efjyys+mkc5W47oMl6cR3iDCG2Z3PA7cHT7zeayh7//1iqhy1Kiv/YkwJtzlUIEj8mhke9w9d88BjqUfGM0HC8DM22XQcXvBSLe+pUty4ssnQNI8EybdO5D2Xdpmc06M+yNmjHYo2fL0fTgzxuF57L1j2ElqQxUcJmuEZJ26UI0pbQSFI6Yt37/HMEkcE257+b9JyeEfQSSzcuXPiVTv2RX5mvpuQXeM77HXeqO4o3tp1HBTt0YW6T2CdD3NqU+Zw7E29DYRJY4iqYO+xC37aIbf8ZVTMMWQ2CP9dQ4AjPGbEIu+kGYayH3x0L1TIfl4WN0bphitvOyAm7tED+mbEBOLB4Lj+A6OQpNgg4qc57h4sadhcScgGuR5/cm2NzyGXnDQDM15bBsiJFMoT/0Gz4emLXPd+V4O61I0jaYD7T4k5cqMHndc/CZXkipMBCfgnYd33eukHfQOiZkq3EbFzTfwhuWlLoY6vUSv0LzH1lHkya9VCSvgEqPWyIc2/uha2qK5w6AJZlotQvM5LtWduIB6g/gAdgX9ryCHtZmTtg9iC1EbndWVViLax/M/XUyCe1dj+7js9rMTMQXJm/M4Ew2qzT6T7wTwckT/WJOasiu1mvkWuLajBbhrtDZzH40f1UNvlTaCLaO2qnAf6o5aBbagl1Az+kcuz/i92CUOdKnph/5533e3fHBrPlZic8s0wmb3KnqwqP9+esl3oGbkY8231z7r0DePXArmt6j+I44ddnwMKxaPl7533AGqbR/lZBUlzGavlyiwNqjdNiSh8/j+s4QjI9+vdWcOXjv0JFg40+SSpmn/KmHwUUOJCAd6aOa/Qz4B1X40RmjrNB3kfWp0mAsr41LuPVFeOUZqYNZkksBgTOvty9+qvAAOYESXbZafwj75MuRgic3b20Fkl9ojsMS4u3MmXXc3IUreMnP4j7akO++DixWHjQ/oztM0y9b6c1pVJoix5Rjoio65CiIN0USSzmkNknt/F9tcX7W8RWsujU9kOFDpoRtIQ+qhrlVTuMjL4ThFqP7JViqz+QMuYz4Oxu5JD+R1YkDvm9lk3FR01rkUX4sMYhBUfzFdKuv/BgEee+IwGDW8+XoysuuG+R0UAr/ZZ/kHJeZGxVc5DE6a6AwgHdZPB5u0es9ZJM9B0es5ta3CuG/HQICvFmbZkJcCH1o13vwBEtUQlz4k6XbUxO5i/GvAoBiNN6J7yXu1BoG0Ycjco/c3Qi1cAIdoOPX/O2nlVnsbwCaAm/Ulr0sHLhMabhsLVFXcDrcZ5V4wz2KoYXqWpuPF9cauuXrWzQ0S+Uw+uF+iYRwM5FntE2jxejMgQd497W63oNx9W8ygD2i5CjJ4vW32o9Cp/Q24Udh6v2j0PDD03EwABCkkQVtSWtJIC9uceTkCEs92oGS3L1lflsroa0io1uDZ+r4w8lmWnTuGeR+hbecjJauzxjTPQZAYKxrypwB6Dy4+n6dMYjVd6pHW6NORpDCyKpEbRD0BRVTgyfhPBZNF63MXgIKXAVevmZz8DrzPsALmTU7MCq8KhvblDFWMZRLmJNI3wbiYy48wcbCWYImgz2++nt7UN0vx0eu+VLVpePbaltGwcgw4uc0Yo8G+jrFGiopk/bYd7b9cXMpvk2rlA37z7q/NsHCUjGsC5azak+SWPRbuv63ULytj+K9D19MuVaUCMUObRQPH/PvxH6EF1v1aZlGcwsQYWykZZ9hz69KC1TLgSIRQcionfkqqH2lj6Cl/4kdFpatMiLtniXuisy2PX4XffvaozG93MmYpzkgMuNQmA+JkLT2Whv5l+1OySOOesQFIezWEWK0vyX0u8ap4pAPH/0z82zFHk6iwhp9PtZ6KfbGWl+24DjIYmuOdAWYNGVjX5o5nhY76Yer3o7vwiSBF4TdZmc++mR9HsCeic+lfHpQFcP9VRHv8LCyUM1jaD4e5cwNLywnj5lIcJLBFecmnTeekxzYu6YYurYcCz41+h5wPB2/yoamb60x6FVPbziG6kuGzhJ4Yk8PY8P32YzH62Mitf0eFlnvqkmJwk8ASTBndCs5hkG2hF9KrLLukeL7gxlZDS2Y/GLe6bYIifHVsU3rz3MKQVAdwVnF+iCS/Ea8apF58hNqZ7CrCENdy3qXtXJjqdQ9olW80yIJGv3wMBlwasKvID9Etj0N0Lt/TPTMtXQO4062XRdEekmOgFULnjx+oW0/dBKoxdJuk6tzszTf7oZc1EpNBOX9mv38muQCZyDwRBLhQFTD7eR1O4E94KrIMvf7xpVcuN/lcmf1K6B4UG+RmWiVlwQEbWu/K0ok6ocF3MkdNtmqoFxcsZhCt24kmDBNpFxaha34hWWBBcjIqsMRggMNpLYUn8Z7sHGcs4fNr99fNaC49dPHuiMk50qpLhActJ00Zoaa/BjK6sMeoB6heGWyzfHeS/7s4Rv7MIHJOwi3YOsZTdbpT5iZzBP7wKop3K4yQ3zgob/B+GyxtJrvdthNYfOorwsr/NHebUnlMWTHS7BiPJRoQ+zPQNfY5QZASgH+6c7o9Kp+bEEtKhk31WyWPbfs9/hBDXcsPIv3DoivfHfcFeNAyoBffDXEh0M9XFgXX/dgogRBkEu6fzQ6W7/etLalFiB1lAbs0JId72CZCcLV8QV5v91uw2KgV9Xg45FNdMXju1neSHIOKN/q2dbb1bZnfN436zcjXv23f9BApG8P2Q/Pfdim4CtPpA9rr1quviz8Oi/6P7KaE2bbyM5woLpa0oJO8tfrvc3c9Sz76YPELu/yXu0/GCdZLR/62zM2oLYNE97Gvbq03mw7qrzzSOLosz4DS+ECIdtHVJC4qZXOhKWP1tCCR289VzIUS7Zw4/l5L3dFjbTBgBqmmrQG5GWahxf2vpUfNa+1MLFyB360PTf/ImWQBd9Aq5VUs5UHRki6iHxeNM1im6FKAerFSsXE81wrNEfmWkOneCz4oPMSwCNUZEM6s1HxMdnbVtbRFehkgyiAiEQsikwgvjzbewi0VaNFHss/g9Yg8DsGuzYGiU4I93I2SseWFU/CbSAujBqWAHnfkCmeaxBB6f79pcFCzmO30xWDBIlMJwSJfN6MEK1KDAl/bwHD92LMhvoXMbYvjjIX6P+jA7DZ5Yz1vuIGDfG8PWr+VX6kbBx25qOb0N8+o8bB6TzbAGKHo+UqM/lva7rBmyzExJDvkSErZiiLTb5/hNS7P3TH5zrdnjT/p47fKq80tceDCnXCdipZBCkeW4g2XxqUBfZnU8+4wwDPv2cTEy8+KnRl5sj6V7HeFmmpyBMPobnS0GwP8OMqB97N8RvPUzDV04NMGap9156dyiE99JkY9AgrhpsTCHdQjMjINGv6MGzjQU/DuL4xR9mJwqI30zcCpOzMNjQ4Ork42HWZBzGvAdho/gZxfCWNaOpIK+Txh7zYB67+Kv/ATFBR/nLAxXfNsYd9ghbCVrejkqmeIFhZTTYa8isNVhAWCqAamIDPoDIWVJrS8KeapSflVNVL+iU0S7FNO7oc1aJyRRuRjz0tAqJo6tP69kYRpfUHBcU59uFQftXDRIdWnE23nVCdwZ4Hz5GmS3jyJ/9uo4mxDE0TZuQ6tzC0rMAkL+iVXkxQtsE2aJXiSRC7Zm6PYPppljqoHo93xYN4vjI1zKI1LT9QnolOu8psEEAiSZ8yFZZvTg+1SwlupN+6iUJbHl0w8ntrMWONtsW/Qqp9xOx4rD36qZUpp8hXxiLCPHGc8q1e9NUe8UPwj0m3HwRpMkefL4bPi/ym8mCDor3XAuLzGwryzySGIG7NodM9UsWtz97qPjXSwy8Ot1Ms4YTfcPSw1n55voO/S1DpgFQZsOH8owZdWz7U70KTvKwoOkmaJcqp92QJBOo3cOe+D2JDiXNeMjOckxVp/qLFYr344CFxr+Va2YkoecBwmNOGzcFN+tZnqo0N3t2bm8o3jTmHjn53gVVmMeIQM1FuB06+i+WTy/KafDKWpl9PWom+qWpK+KSXtgqr4xp9V+nzQOtUCCCXJOu8EptyjUQzNPVDMh9heGmE4yv6s2E82D9Jyi562COcU776xd/fUCV8zSOGt5mHWsbFJlzdKf/YlkCQeui786L57VjC4bZvbN/slD4GktMdL36WgWJ+8AzUGDajMD9Es0MyrpaCyzNOJpwac3ZnqNuPpJex9gb21y+R+bkZERFgg4gmFrhbjALzrFnistx/0RpngyqPbzRau9cqfV8tTGi9UuyLgu8LNhgPiwOLI4EacpmLhoQLLLZI4/7ewU2qeqZtr0JsTvKIVL3nvqCe3gpZEVVmyTWT2mOgm1fYqyx6fXuB3YcFxvfm9TU4wVdOHEOnau11HqMtUAXzJSl05d0mr0c2nnCXr/clLt3fwr/47Vsxz1q80hgpOt1wTpC8NBnOusogF7D30vx+OAtm+HK6ajLwlw56MHbGiZjlHHL9iksIqZyQfPc2hqHpGe/ojY1TZv3JsrrTvPVLs/VJ+pLaE7m1V/rY+UyxWwPUmRPLas5ZFUsXW2LAfv27qnT32lGyABsnNd6MYqc36o1E/LD1eBBmJ5Z486rnNVXp9YtIDRvOZnA5CtTqLGdJlDE1tGGxf6+UfmafAUQvhYen7rlcpygSCSpfEfQvyLxi8SWpnjUd9PTINx8L1H/hqGqMtmDVkGFeF9vHLtEFzwZeKd8zTPw4ZyUaMco1jEHRB21Q6srwlFCWDcVZZU0xkmVLlE/5keCX0UjNmnYP3yi6BG6SkSwBO/LoCJJmj44g/B1K7gWZl++e8/7AE+9ldLArraTc8zq7vmt6wPDGrPrwJr6fx46A/tCWhVgMg576EfHuswrwacWU4PPxyTFL81DkFR+gPmN4k0Mc+F5/B6Q2iijYHdDF/udroHXZOV7xTVLScVQSWw0CEYw744DGZTds8Bswqw4GqYi06XRCLuuiOh/ZQELZl1d4d9UXe7t5lY7E3d4RS5Wl57Q0cwmsiLF6SOVVmVc+KoPduOXTv5RuNg6POD+dH97CpduxSAjxI+GPGZAdqowJuXq4zN0j9dRqGqMY0GjMGYMxn7xHdD4oLP3TQ5Z94h/zpcdwax+XIIPu1t3z/K2gyQLPi/0SVafQEFF+zogdzmrIuyMuNMC/4iK5O1LT1pN9W2g32PkwXatH2/y4DGDVFu5d6+ryIZ75j8DES3L/OpJPvlUkv4y2T4R44Cn5I0NflDVwMt9pME6ldEiSxFOvMrtrbskR610+KtFPQ+YriVCytz7uWMiEZJLkfiMxSA3hs9UhLTdfheEIKL4O7AHNi5p8npfpWxPM1RfWbDQzETkMdoBV5Gqx2ItsI3YkIzhShsH+uHoj6h3Ii6MnNqFOtrB5amTKh9SuDeo9KOVwI3coru8gFzGuE/Q9GuQghIqsXDnwj1Zsn4zg+TuOKnVC/Fy1wzWmw49nJ1L9BbK6aMeShysL3b74bUXnlTLcgtx9yP3yW7AJNwgp7nhOIPoPMGTjsTJy+zvhIJRfs9/0XDX7tLg3Gh6KIU+nfHm6USo1DMEfJsI0sDE09AVzdzg9wE2tnfj4enTf6l4StGwgsCXJaxt72Ht76Alewy8UMwWJAN3QG7t9U1fP9GZB+SHAkuXrhU6zXxoN3IQlv4AdbU77sjyI9fCfaWPzenSIR10r7/QzwI5NvUz2XK+cit0q5YdSmCSaZqLhGUrSt7U30ckB9OZXDD5tYGLT96+jmupCL4MtMSMYDEJpdX4FwYdt0jwzRGq7KmlUJi4zdvDLLzNBMNsX0sz2HAssrr9K8C02XbkBBcanR3/XIFY1Ikic7NGpfF0C8AeyTO70sq7jhkrsOakGYBLMI6XezLhlxKHMfRLG4zWlUYxkA+zX0FiLGfZVDOI1qrZChjv1Sgd4gYyqoP5U1ltvRFqKGXDDDpZEZqo6pRM0CFtoztnBkJmvP7ri1p3IwehoqwD2VImWu1aHrojH+AuWBSroOfjI+psZ3XlDoIDdWk3fwPUbAnJL4SJIk/GXAHapg9CyXK1fe8Lyuyz2/ArlX19tUBftVyyv4dEs2t1S8o175UkhWOzW6hSpjtkvsgXdAHJ4NSGOkC9zrCnNjMqUHatSow9qVIODHDJoMpC9DDSQr/RpJHEmRcAi8aDOUVXgQy0/ZDN+wGOGv3PbmLkXjtUJzy13UU31GCIBCxlAqk0Mo+/rI7oAhtGyfgQrhc7DlC19oqhhWixkTwYYoCv2VxpTsvk0I0iIG6g/MApFUVhvOtNJoUiLHzjGcWZtWMJr/aZoK7d6WryzjqTNJG9shkKPxuJBukxEiqt0TAS7ZQP1toti7/gr1z6phMiWqnGfdpebj2/csl5QqgtjXJmKMH05hhYebHHHUfeObnEa0fiyHUd0xaUShMOkaqit3qWA5AaDqNqUptCgaTDKnQyJrsjY2nGNsBoWzITkCpReQ1RDCw57G8sIs3JPYv6bWl94/eZT6eHigBOlJ9AQ98abgHWCzcDk65CW5bZ1eT9SpTGLbVisqy58wBQtP5xbc70wmQl2EGJ3E1HvxfpHje8ld4UCms9wqNvSEEIYFoTHrjizayEOy6pHkg95s4TfBhronXp0e34Zyz5qtxhk8OpfdlBwiShxCqOVQvBhZBd7vS/7fdwjFlOP2gV+pbSYyIr0PLLEqPFX6UG5pWS0OGuWDSqVf+3axemVc1WqvhkMcwYJxxKywIpt+Pwp007v7hRGyFt/PeCjs/aQIDSxWwuQVaBF15dhaIuJxA8zyOwlQJX+yhSXWZxGqBbjYa543M98HaLfenosnqiBnpe4+n70xCt7hpdL1SH0UXR+xxK3TRihfmB8Tb781r2e5aO5tf9Ci1JcdYDXH+IMUgI39ZvxtSZl1BAbUfTQZampQEPdBy/YNQgwe+8Df0Pkl6o2oKbKJPzzMirPoOLCFtPWQmuwZ3iLYHGx0Q0SrdedfnaQvMFWxzvsUWGuPWefLnkaREhOWR4fUiT4EAm2480D3sKSXPodG/UVtIbnsloFWjhcmiSNrz/q5G83qBkuIFF9owJI3Ne2N/FN3ezNT27kgc5+Ni7ZcLHCE/4KJJTYxADoFQFprYzK+MV/SznNKH/CLhFcYSeDUuQtPbE3Ei0BlMugmzt/bxvBMsHR5ROSnP9S0w24q4+B/nX8nuRfQR1m2rTx55cSDz2bk4NHY3wTfYRrGyUy27onQIkKWh8P1AlAxVy4er5FxZ0gZzh7lCC5rQw7oASuxGRMHw8rf58dUzpfrmb2hVSPL/2hmWUNp7ZNU09uW/LXWn07y/ykxsB/ufCwvj6b0kNZLO9v4B90ZcNIHniZV9zDKbcK+pZJmV33L2Xz9X106cMlhvWUpT3Q6kf9S9PnlPShJYH/6qMXZU5rf59V91AuqFBeTPHHXj+ssE6O6gvLoDY24803fjhX47vIg0qOBTWAjxLtzza4r3wgBvA0fE/NoZyc4gKAJALByhcifaW9Q22hChX3GzcHfe2ODZcTPRKU8NaymuhSg/9DZuf00fBWQn3yGKYeABUufza/3s/fSLBrQCgoxrAnTjLN+yLa8+7zqfXWHuzMEDKkLxLKhBssc1k7FcxR7RjzDne4TsSIlj/NglKnuwtV2IrefvTNgjF40Ls4qlb9rUI3tW8flXqm6jvXuC1sl43v+mqgUQus3R0C00rqCZhoxNNRA8JvaB4ljP/s+4vF9MTZfvGGC94B37ufRWasAqmRrdGkK1kaGLoSjnxg3xbqpYUK4iNqz2shaBI4yxIosSwuEB+c6wiNGx3a4n1o4m8uzfJ6ybCsYizxAVGtWhAcVNMFh2m4TuYX1kqyMRxwsoXuz4SHRe3agyq51AsmuBfDXLkI8DaPY4bV7kjwyOow9aWXTDJ1DvfLMPk3tTkDzl0MyEcjTOfT5PTJ0xuiflLokrZxhkITuKSEnSe41Umw8kPX720OJLawAOYJOlBxeZKZszIU13eFaGdLBhP9U90GvJyksa0bBlSGg0tkAk5xyEaKno2xIQG2UcGb/lcwZv1V9yeuh9WWlQ3nTtWq2pjxg+FTYkd2USpCJy2VD/ghdhfK5KVqWIkvPRvlHqimBwa3ywTjfaLIAp0b6TxDu9JxUeATv7QF6iOYYgbCa1dMgN90w8RsGB3DXJxfula71UPD9AtjRfVh1gPIeBUUfWNxDxQPj83rQngRz3fuLN6GtGpgwzgO6qW3m8n+EJQWyzcLeZR80+pzS1zMIeG9ltbQbSELB0KhoUC98A032Fc80NqbbHLKFjiH+UUMiW7u5PTDfz9DirtQN+pTCfctmYENs0x4t+9qeeXLpeJWG1zZPGLMWXBkLIXDJkx1Ziky7WW1IgYf0QwUxonUGDM9Cdy0xOuVinIH/pjWQpYT7Bq9POCHj/XI6FGFjPMsnuWnKtFw5awx/IIqMwxWWKCX510I7xOTWPXu5lfe6qG7gHl0RnGqqnidI8iVHuS8H1SgA/01aOr5B/CEi614EFJzlDG1Q+xRy/3GwQqgHrZewHHitlupon22IvSlcBfUt3o17SHjKhqmB1G/SknWWTRmOltewu+hlRUPVxOAGJcUrXJZerTxx/4FBOBI8371y2uHIttQ8drYDTjICEnilvhLeWNgQ1mELd51ZXZopNoqPfx6K7CsTF0iXesdZHEUHcZE37OaQOU6+lutzznDr3U2yoi7kswynpOI9Fgsv9W2qO3lB/e4L8Ir1VWW6UeCXIPQ7DB+lXjm+q8QT7me34MG/BbgI+IlK59HLj+85K/oaS6pzP1BTgMqzacBj3x9XtJbC8rnedvJJ2CcZWzMtOrWrTTrK7vhVgpxKUS0RTz27UrQ7pCCqGyl57yfT3Ii15aWH2x9DEJmFTJ/ilj9NwoB1K2HYURG4rV7a39r8eB2oiUegA1BG1gVIshkiw/HF5syu2LrbyJ7j34CQAf3ytNEvIV5Vu4JCrEIYuYwf9iyV19ZgVF4p0t7JjFutFHhAXbM8GyzjMPtpZhyY1hde70ZTE1LeetBwBxdUodjNCNxBR6dpm/a77aaLY0KZqE6UTmpDI+yRz54XkQ7pZct88NTI9dWjD0OPq0q1vdiy2clPXrMvjToEC3O+15Fx+7iBJEizJUPIacpyHIvOPBrBY0kJZtkfgFZ+dSnBbE7t+lGdwQCBvzxCA+iV95qHDfU8WDOsuQom6YV6C5fVe3vLtyGr+OSetmhcdPpjBKCOUtFAWrXy4NiGNmWJD7QGH8kmoXnULhxecrmFjwvE+mamKRCB3ke3zYoRcs7jHq+3o5c+LoaTEXDGn1USuJIUrDNum1G7bkOqRLoTiU9A31SfG4qbMOSXulKOO5Lz/CMVBEY1nuYKnB/2uYs2m+sD350cis7FB4LKVvZpzniFXrHuTq2Ftj8fwZGpRjKDzQFolAsGTnAD09A+K7ikTm0EVNya6P8JHukVv7MNMzy38cmuepbAJxVT+r0czI0zK6993GxZjRLPLIe3FavFkf5r2OxXL+lqELBKSZ79PObQewX3ON2P5P2G34gQfuKnkd5Lt8+LJ9H8dc7N9M/7mc6DKf6ffHPBUVZsrzXYauIjD3WLH6RwDLHb7Bpjsp49AxQ2Wjul5XbqzBq7NEsZavINY2HKX2rBoxQW3vo1pTuublV6sX+GVGtDG+m97Vnwo3d0pE1BqwXIFSG9S0Qv4qdCjuQHLhB1MqzoHwEpan0dqNIcb6XxTyWw/UM4mEO4Jxn+kX6MVIZUala5BQCp8+nZu0+kdF2dLAPG4AnQy9CsCtvrvBh//HlWTj3KfssmiLHASyTFJ35kfiH1+tfteUlYj2yVRpUu1Ht8jldoThqgzEtUgO5aBhhHGtJnLKOXde4lJ5RXokov12I1OSzkbifLGvURtPnVZRrpF76AWCwm9g+lZb2VQ8dq7wL4dzTZ3VcD5DgmJKlJFNs7hdp9O5SFMpbiv2Oq6mdIR5hiaChpRiE6hrxfOUNaF+hMOBGFMV0h+OUWEZ6sWGCHZReoY+y/EgIhck08F9tTcQ4Jzm+r+rFcXwtl7QqdB8mzYaVs3+x+9itLej4fQQjJz9Cr4EZAx6cimJyw3TVizlo6Hcuv5eGsc1lOebJrQzRSVOS0DFMVYXSDOX5CFo2Zs1Fxp/mQ8sRCZygPPcFDwueiVvj55lOfmQ+NND7igbNUsK2qy2LWqnRtBD1o2Sf8coIC9Y/78Ak+wfs7zx3TA+2WT7PjNAd1Y4RWEC/dNnrU4GVzHgJm4LnpuJP3xCp8LzXsdglQ+dWOUbxJc6wkEoXjaPxrQrhpZeyKibQw/cthn603nPJ2yXwKy+Pxx5amR8huGlJr8KBF+T8hDw5xd/T+s3vi6q7qjD/8Js91uuzEz3hxe8044iFYFbeZ+XY8mU8b2woIMNS5fTaoChl47wSqZ85gKfbQEtPqvnXo3RbL7gkqy3QGU5WU7yxNcnEoC4fTWOcpqSpOPb5hv/YLfo1IVpEMKogenAfv8aGLV3LPkMySGYDkWkcUcfJU6MgMdUrF7+f8LEajJIGDxeoV0d6dFAFXK4zVLat5H6roTDvNymFyQD9dLl5SAia7+KzTDi7Eqz8hpThjcEcUWnXA3xCEjHiCmJUm5FWk4BwH6Sz9gMoyk2LnEoukl3anlzz+M7ov+iLSzzAWxSyiBMbQtzJHVkVD/Qz0AOB3bT6Ta/N8EcxvMSD47Dap3485he6XMKc1/gRKvNuiz0sTVHUZz48VqALUwuiGEr9t4doJUJTZW/Bh4efsaLIMzuvQYMG9MEw4tFxApf5MVQIL+MlVXQ0gHwg97w1MqZKrf4e0bY+UuY8mizCDDTdXjY85VgHl5HU6p/0I0sd336piyEC3U4ES165z0JjleplJLlA5ryrEohyEOV35ISphFF3pRhHA3zXpnf30J75qWZJks85JXKWLfIaHLjysc7pUmDxdj80gzCbaP0Xk4G9HWnaWuA+jkIcEsq8fMj6MmAYWJMkXsOdRMmp9GCI9O278NLqVOsi+n62nVV5VvSwy1XRG6W2HqSfjb4Rb+xIS8MG8/CjRQbPdUy+JhcuWBMivUD+eCle+QI8Tb/BdxibjafwV1+wYh9Dwj1W0WEclc1HY12/DgcYCXv36ayUVr3u+p0PM359jx6sLqOsWuBz/rLlYTLfEtvXB+eBYlSkg/URzXEPXw0rel2pkdO5gaZuKsnitd8A4giIx5qp75ZyZMLJlt7q2YWmmmUJd5AqM62dxb9QHJ2FBUrLP/WxwVClKIhnmvGHoYLtEjahUyUovpCj8O8tnzavKjVWp7Vm6YnuxUcCxoRWbSAZFfLn52aR8G3zVMSsHGN8t1wbcS6tWcCV6PPcHxpIlA5Z7LN7aNEnMl5kn21R/0jOSm3DD92Gaod3hSp+Y3/8UNSyyq2eE0LQ0wclcfv3tUejYdNenVKjWDN6w32bOgxoinkd9S+qxnzhEUpNoOz9L8J1321V6WLvrcDBs264scwdVl5aAtxv/1UifnlfKJUA87UA7+DYJOPk2rV05fo+lv3B+3fURAg1r3ZuLlASObAps74o0DXQvxZPmKzeHIx0lJA0rCth3FxgjkAXTTY7PkzNhlfso2peB48iZVIPQkL7l1AFNG5VkOCYD7ztjVnmrECeqKtKmnk3blJze+t4NK31vBmyWfr1AVjwUW5irduINmj8euci9soZ5WQlo2BsXhq+8MOIKkjs6YDuwC+vL61fEGMdrRSX724638x1ctbS4cYWt5YivSlQ7dLFD6m0Xxyt6oQFmswmnizzV1auATefv+zg5YZQI35ML18zMhueacOAJh02Rx35SSGDzUS9xjS/Aon1PBsbkUqo5g+slNI08EDQE9xf1sOOGBb89k/4H/1oJiVC9yh65luzLuHhDZktr3TyHcZgt2wxksHamgAjWZHxEann4XIr0HhMiLiR8c3A0yWEt0SPu4x9DrXxMdkv59JbCPVevyjDYngwOnUwFvfd3PlUpn/7Zzcwx4oghgK6pad2hXCW6GRe9JeWhYf2gtwy/h7ZN716DW1G1aPTZ1kS2xgDogPwp6VooJ+yIALovtKPdeh1lIT0R3LBbWTqqCzYMh78+YDJmqfCZdVAVV2Lyf84HPllUdG2uYs+PwroATYovkmbjxxJK97Mxj120TjUlgw/L5MTSsWSs+d0T5/QrNPfcX6u9LyPiNZh4oMuSDA3AIOKjiBxOJOxcVbMvv9c2dND0hD6x4DIJPA1FF43VRCl0upC2p0k5mGMwKNCpsIVWGp+h01EeQkaEWxIfaiHLT3M8n4XwUVVa88xaIGm14pp+FjZ1/HCIfJZ+d68RHg+vP/tb2jnce17Lj06s6w0J2IeNqD0q82MbUs7NjHNDiNuyg6nu89hy346vp/tKqXZPxz56DvGxw+6dBDLo6X8/MnAOhHk4cyh5QGmUIM1axd1b/csS6uzlS2y6LakqSOXMGUZ/+DeOW0N8uEzBYx4cfKAsIhbnzlbt/yzJZzzrHXORp4pm38JGeW3y31pDdticCeRSKZl28OF00vlANwGfl3NaCNUQhdYgMzmr9OmGtq+i2Hv2j1xrwGOTWWTPon+yMXBKXVMhR0I5o2qlZVob9g6GragwlO9Dh3xeRnrC6tBVLoPPLEKas3tSY0tR19b+i0S4UW0tDuOlBLKnJ2NvLY+ogw0WEWVwD+5WVAZgQ3BnpO5bMtQEocapM75b9aUFb4i+L1KtmVQBFiH2V2+wb4YZnXt/kNGybZO+volIs2Lq6R6kA45g8vVwNNh69FxKdTBUYyXgZIX92X+XbvvD9S/0HbkPiAy9Ai0GFZO82h/Nc3Ag4FIAjVUYl56ljc1aw8eyJu38cPMD5FukmYFrkZYvxzHjktzwBXRuJ0032gX2E4xsZ4X1csAzDJAsPgVPCzj+QbcnpZlHbJyQiJaDHOuLiYfkHyKDqhdx+t70Z/0nmDiLb2of2K4P2/WaBS8xciwtmMPelftrKUN5yXsNiR1WkGGzmlaZqP+GKkOrKqAAvQMncI4eMzwDfRu3FAM+CDaLndCO/22nXGjhZ2Y7qJv7XfchAtL88uDWPpRgNKj9xPs8yCtGnIMWsBsyGpzdsPkrpWIY8R6+7RZVMyqGT+z9w/+Hs+oP3Iaj/ToUJaDAKtGL95eDIjITSfzLjIt8nv0vnBdaC7iHtQ9/ahFc72TICc6AlXBzr/EUhuwOkiHCSVEg06DkBDkIQ3Gaf689pAYtiMIRXWo3gFhfknvKxcKHA8EEX4HQLJ/F3HBLMgLI9gWRYN3+u0YCrV9iGSiy4vOMMwfBg9488N7wUSBnR3gyEp0fXiWH3JQ4M/xfMNWMOaBRv+Gsv+GPtP5nARNyZIPGziCIPCfQ3u+bPn5L4dQ7t9Qpj+FfOzzbXl0KPT32zcK/TuC/fnV9ecQ/vp3DCb/+ff326POturPGdjfQ1Vel9XfO7/e//56/zmcrH8Olf9xN7Dc/zwDoI8nk3fdPx7p938EqrM/v2mCAK0SNP+eReX+j8bBJOj8H3+vu25Xl/85Lc8eTPL347hs1ViOQ9Jx/zxKL+N3yHJwVej59M9z1HGcnoPwc7DJt+1y6htcJPlu43Oo2vru77f5WW/h35+D/0fg//+O/f3Env/yFXv9/VCMw/b3gjAJvhye1w//cUHw4V+uAj7+8zK/T/+4zrotY5szYzcuv/dFIYgkIeg/phy8/n+a8P9GBtbxu3z+nmWt5upk7WDGR9P5lAtdh/8/MPTPiVuylPnf39oIvC1eVBxiY9CpEyWV+3/8D+y/l6Al75Kt3v/zg/x3c//3pw+8A510/iF5LwL6d+hf/pD/JIQE9J+v9+ch/17ifxKn/3im/+cSBmP/O0UM/l8Qsf8QKeh/TaT+Z9H83yZi/+2JL/T/pYz939Uv/5ePuSfd9++tnPzzXWoQpQQxz8jlf8XuXwXkn9MP5u+o6i13puQ3HseSTP95qtcqycbj71yUXbKu/1jqbb59qv9mkvDnc7J8/vERfJ2k69g9LJH65+H/MpPDOADZLOqu+5fJpUkOorD/b0wG8Y+1+Xepwgj6XywE/IL+GxMB/f81f+R/mb//MlvPBEzgv3WfAMGmwfvWn2exJmnemeNab/U4PN+n47aN/XNCB76gk09b/ib6Xwaz+P39yzWori7Bbzew7ulknR6M/Hws6hOIB/27JfWPo9A/jjz/z5It+TeU+vMR4afhgVVM7dOGfUCKUI7A6uuOV3HewwYoDfzDSg/xAsdroxlk0O7thjrO8u3XYJyk8zraExtykQx9gFKHYZcKVgilsWmrBzo8SLyfeEIzqaB7SQlamvoWgXCxh9KDsq87UxBR1SBH+GGrkgOYVKK2g6+kdYFz9brl1iwtOZaSz6epPlx0Q6TpglJnwxf3cr6Nez+wxRP4RhRzUZbv3C+kJK7XL0LEbvA/IBi43oDTR6qNFOzO93SV3SCc7u1qyqIl8rnneid150j7w4ocG/N9IHZCwEu8q9jguMPHsGLmmd6+L1/cCaplNsAxS+e00csL2LDqe+0wYjwDgWq2HPSKCp5TG/RPS0hw+RbeGHBz53DEZ4Trx0SgqVkazSIJPIn3FHx/wRikLvAfLJ7SAvjCjV8MafGn1uCRS+vNEcwxDSt2OqfMOz48WHuAvu9fywPadxzIsglnIFlr87/Bh2ylQjy9gPlItzIwFpLwc0kP7r7QUnKuB6Op0fU9NGoL7z5+gx6FNOU/150DnhT6o/tKV2lsbUFarGc9mDPdYLoRw/JVqywdM9pQ0YNvThUDR+ivFcVX1ZQOi24ZEU23l0E9KigFsmFL+3NwlEuwcYZSfuji+QexDVAv/eJl/bP5e3NYSizyn2yOc5XVi+alfgE/GfF3k8/ca85+9T9Q54vkzXduhBMVpQ1Th0YaFVWIeOSIdGNWsMPwtq2ezlaMKJAuJ+pjin6KYn9hqUF4WQR2CfRMudrXY4lkj/Ot3kz2Jt2sV08NAW98Dt+0hCIoKGvOufnV3teOQwFqjky2J/hnVPmh1MArE/koOxAKov04dFGk4CJtanBAEJ64mvHS+vlCVpxlfUILCk9P88PByKmL09L3AFVN7E32Gf2R0lJOnNDhPcO7u+H70DQ0YPUWRCaku9tzflKxh8yWBQvhmOiwl3PwxUnMWIoqWl29jbW848UsLv7hN7OWv+9ij45im1pvCcTSCFJnVZVxPlI+uC3QkGYafUkzU3U1MuYG3PpVUrQuV3zlg/0xeC6oVQQxG6OYsna9OOL1poDzH8Vpw5TTQKe6tJZu4bJHsLBrTStG3pAzy5HI4Iv4el8ldMacktti6rg16xVdcgq7719u6D3VszF7awdKvHlplcaykh4sHbCp2PEbMzZJbbtQ9Rpb01O//TtVK70xaUrkH6F2TqocT7YLvRZ+TwJS0mErZ2iVBidfwDpJUitSEa9sg42QYaKFadJFIqVFhaOFZ4e7DMh5dYLKKdLT8C/+9COLWO46qxVSVxc+cyCDvzdjOxuKEDut67Xvcicxb2FIdxhTJC2YaHSnO9ECMQT210WmnlUZFZmDVWRXKvo2woBVZbKGYYZbZVaZsswU54eiWkGH+W/g1Jm7K9Mqn3RxYItfBPT+WWA7mUCy+PfmO9YyP8sAwqBxMvX9iHN5yiKsyrdY2u3HnOZf9UGhBn7fjCAc6Odc6nkdCR4f2xjUdkRcnZFLfiNWWWQ7mH1WiuEewPbRNohRpd/WiDfMqSdXbrv5fjhdnitZFQHHWluXaY3DX0r5rMab3V4VzX7p7a4lyrYwzkV93xupsSiHg4LSVciAlwEKNr2PhmFkdfglJytBoWj9Th9t9xgOXo7d0VPqk44F3mqvRWvL1lgoGV4iE6d2GZ3cOmTYk99tU8uaZ7EPLwRCBeZjKNro3/UiUNvS2T7FR+6c4fIHNxjpa4qvVKVNEa+w9FVUUPoWIl/3ys1Y3/qXBGag1Ih1tMJxNqE38OpRvp109Cv/vPF7TtKQuV5zOY9nsFKiI/a0KhjfUceDh09PyQ31KP7yIkXyOJkXsNxiD+O0oqy1JLPtdq9YMnkXoBdcpkeDbuG6u1ZHWAnXmW5bDidcGXMHi1+UPlUOS76xzY7z4lKNcXCo1J4jLEX4cNfJqLXJIF+uPlRKwvEc0smLuEaqnUqfAUdr7Cin+qz17t0r3+MBYPOWvvLtEEQ/9Sth0Md1FgommEmWQvdpZ1Cg7QJqwLec0Zg6NeUuAIGbxLbuS57uAQIKU/Lv58I5c/8aem70Epo2Ta/mY5tbYVSTgNNh4ZC90mVYWPXG7Ssz4gSJnq0A8+dRue0V48eEBqQniDIBJS8OcTHU4T58vxNyuPdKhzrQWrjyeh8FoNQmDkKnrIvDxjVKKwdh0JH03S4Rdbqm8wg/RTcrUsXhS+hDEyWS1spvOtslZlFYxS27Ohidet3Qa+Tt1b3defTKkzl/bWaZbq8megGuPlrRbuVGg08Rp9MgdsAmVEX7GT+PKZG6QpYy2lC8DeadgaIdDP7UKll93UCI3G9s6IR7+w2xCueL9Y1QShY7eP0iX4DZReZQM75C140BrPpNhi8sc7LVJ9TulnlnKdxl0gIMIahB5kPgNx1bCTSklHyZ6VbUn69A7QxMaQmcLvhc2tdeEWyaxzWxrs4RuGovG+F8qv7r1bvQuNmIj0H6fiPHLxB3GIwFedwsG1BGbhwrurzVj8tlFxXGf3zYo7nT+PwGq5qwcQus/DuwbD8VTquMGu9Rmi7Y77w7bZsozQC/CdYQyV83oi+6JoLQO97GV+6Z1kPCkrfZKSToI6EC7cT4GKHn+ycTmolBJ4q9PM830cvMpDkaYRlZmyZ5vcVW8y3n6ATMPqcEoqT8TYyan+Ha0HqvLcvGLQ21wSLVnt3OrEzDra/R4lu+UzCEjA7wlbLMEcNonFPXLWM63Mp4Uej1SuEWHUMr1RSNLv99jAfy7eR5YEgVas8M0VKX5VLU73lCx42H/NRNFjYDhza37MmqYumJLvEV2DbIEKphgdeRsyiDfaxAF4hKvVLKy3LJmJ0jZ1NlxIOZXCqng8oiR7/OSSKNd/1rKRAb9ByLONJ1ZJHyzHQV1bUNZaD1hEdX6quelUmdTPLjzcp42XT5gNdhjl7re/BdxXG8NiwIEmCfUzbJ+dGOu5xCor9tq/nS5mvCd7xSFgSOmtV/NDFI5kU+wwtf5vU8fbyh+V18YDhmWydhn4mPYya+3uH9wUrik1t2YWpYhO/V9rr655IhFliMprTfUV1FMvIaG5EmmFXyWeIjxT/9lBmRDr8Woa69zKc3pK97fwELlq+Q77FNIXwPCZ4zRucTySPG2i22s4Q4V7T7ipdDdm+E2X504ndOmkfy/QH3BdI9LVNwlbVyghAaHCtf5nAG5MT0bxAoj3xxEOf4xf0lIBjmLFLkza30pCxU5/AQNVjnQoUf1/0TQ5DMEHQ0z7gIsy1gN95EVvmAlsM94ri7Fyt8zXEXBV72GJubDUEpa8Y+cjJhDXMbArVG2pgXOshv8FGo45bdOjOZrH07/L46qGSo4FXyZ55Ro0/2ct6zv8xxwt8n1kfqjCLbs47f2XTGq9p6XN4uEOdrbT1kNgiXBw/ZRFf3qT63HSiRO2LahjhQTyevlfdc/oxbZYmCX64Ja6PeJYgQuS9j1j9272w4zccLrB48Pv4G2hAYt+5yscEHMFaNMdRIM95+g3fibty7vZiLTz4HUxKmJP+iolj2i3Uv4bEmAvV2y7mqUVCrlFJt7ECYj2M5tzg+R/PRw/FJOe183cyA9KeW9V82KMlKH8PnO7yvKJLy4OuTX/XBbBI/OCl5qyDk1wm8QNBgfUxyYlZUnscMriFeC48KHnYjgsr74jT06y9vo0F/O9ut7hripUS9x58KK9NC7Yzf6TzXwPosIg/HBNjcpMvzFpU51mSeDjuyrMfPfQwaGkYiYHTQS5BA7EqoTPUnOzcFM48jc14dlGcvn5yal3V6CdCefO9xbp5lrq8ip+0m5Hr8bQ8v6uni1mUUyN/4x+7yVhBR3YQMm/+cEstqgTh/lfYIcz+z/HNGTtGl2ZEAeuIRbej9duoDke88uRm/HGbj0LT6tV+d9M2rmIyUoHbK73pUKpeddlrwEGMFrzdor0OTEGHKSqmPLwjkn506S4ZUlE3SrPdOO1hE0wlWLk87Rroc9JAlLZ2ngusmBVq0X5OHkdybqJIw5JxNQ/1jJ8rPlGLOERTz6HZpgjM6puzeVQXPeFO2GBbBAQcLHaLPSrplFQFzqPFAKkZeYLnxWcHaRNc1IkwK4Dq1yrn0Qb829mU912kq0NUWXuOA0vshxwZivtEzezVaTxbWcdVsAa3w/lH5r1WFjGf7QWxCgTO9zqRexCX+NL/SX2xGglpofMUdbZXYXVZ3imigdAk7RAur2kFpVGNZyiQpdK+225rk2kDXjL3SwZ98WObPdjHLfUY6H+wt7Kd6QAGGBq9keRgvBcGzMNcDFes7gB2+JKnXgIyRR52ConL+C5RKoEFu9a92xKGRZxIOW0MtzHxQRil075iqFWqi758Pgc1N0xFj9fTVzLTt72ysMZ0v13cc22244mf69H1/u4Z0kX2TKXoT5OxpO8tE+QEomXNX2tiIA2Qe69sXZJ93z49zQbAkCeGi1PoZAD+VMIPYZzC/yEOGB5Z/iDkyYJ7B9rpVXgo+Q8d0ekjEfJOWmVe+pniR1x7sUI/Vp541n4M3GCx/HTOv0vddTPMbzPg08yE3kdyfWjIoEkHJ1clx0kNdk4HpN76LDKVyu4uZ8BcVkPE09t69FRhUUYlPuiCYm3tFjxUW+TLquU5Tl9bLQ2w62TLpbMzlg0pCLAbf9DAgYqZ/RG3/M0lJHokuXuhunH9X8dY8PwPumtYN1M/0+izSdh/iGeuP0eV5Xj0Wx0IreV6/YWCTJLt8ipPDEFuBK2TddobnFjOxDn+nIC8iqLhO7/dnAWuSV6S5kRPwrJ4TVjZMx0MIXBwAmxazRaCwAGmkeVpKSSkRGCTl/2TvvZZd57E0wafpy86gN5f03omeNxP0pEQnevLph9DJ6q7sP8dWVcd0TO04saWjTUIEsMz3AWstmIxT6hqEqKOCSbzqFbLWL6FaDZq5VETR0bn9mp1hKwukYAAiomP5moXKc3r2tUyI1Clp+4Dk8GhvDMi00Gc3HvewMMmdjPLz+VGY5IS1OaERkr/GrD+FKkQaaan49Rk2HmoGp3xsnh0t6+248TrJvEUPm9jX4wfV3g+/STqqDXt07wSQtku8M97yIFtNuGVFcI+7R2Ncm3rhTluljK+LZY+vH1OwGJZtcge0AoXvyzbf2WWa+YRq+jfeEk56kIxz79miGrPa3yfMfVAIIpAiOtdyXt8Eycl5eR7AjOIS+l5Yl98YrE3l/YPZS2VgbRRTXynQxPJl08fnS34ANJTgKhQRfgQPMPteYyeL5IWfgBe+DVeheGMX1K12pYtJWiRI0dAUh4frMfMVmqCjiPprocNH+OL7FzrPosexBwgXeQCpGi/GExU4ReiN76GvtW+rnrP4IMLsJXfV3GgOnm9eTPZ5lV+OzKLaC6+Ee+D363KkDPkik31cysoGanDvjfspH0tnxfjrF7kOBNZwVrA4Ie8mN5rJylSjqveGM1CwkXvq26bAJnqgcVLkZXENtmszeD7Zxohhe+7ULAGrmsc864mfparanWn8ifnqaWbSv8sS1pRfsZcLQVAckdIXUlTNVbNh8o6oFxv2MU033AqZlN9pFKBqFiXPf6Q6/WPgGQD8ivouygY8McaUNM2Ax4ZZ9N71M7bOgJ8z2azj5m6p5nwltMe9DTCFxszm3FnmY7Df4LnbBAJu+aWR3MnOj3zoJyyQJGXzJ7ruCJEjEkqONtSN3s7eEpsmjnf/CivGpML4uFks7CuYpY+hVDN0NkqM0xBrz6f3JcJmqTedevig9yesR+xjSV2oPCPB0tcbsh5HJkasAlkxZ8hDdvjTOty4x8fm0I5zg7ra49H9Tshmw66CeT9DskZxrUvz27+5DKWS7I3JM0zw6VmBVYioQrFCkKaU8EtBhRyFU0uCUVqpPPO68CUYirIMmwudohAmUmzFw+cD/jnACTI934J/sdwkeYDWxXtBhi6DafkgbKjN5odQuynT8YxHy+v9fqmlK24PhxI7/A1Kc7HobPkPbelbxuZrN1QCBuk8wNQ4uLttkAFWJfMn8wk22DPye2DSWA+Pw+d0WnsPrOsX4RLL2Eb3qS35SPClHhB/nWMNIiS7b/ZakGZIWchQy90BHI9678f1Dh+yBRTNJfWMJ68Tx7xShkz9wUugP6N43MTg4MW4UcErmQOsYaaO4tcQ2jvK1AO4CEe9Kk/0j4Bx8HQV+cdCZhZgCgIG04WfqR9ORXTbejnPH2/H3ATOXNbupaWBxRBj1jx/+B5WHnVHByA2jR3Qw6t2Gi5mOSr3ZOSjDFFWVTv9z6magkJpC2FBdOgku+sjQOXKVIHR3kw5NC/p7GHz6w5OBxY5APSOptxoIroaei8eOGq5rki5+QuEM7x4UdAKvRGt96dgRiFUPgSVnJrmEqduvMl1J5nbdB42ABY8Wbs6//ils1npzNLf2wkwhauvHIlTSgGqHoWlVCQhadLx2OH5i1smCY9XiuMtnM+0drf50tDY78z8HUqCZND6DWACwP2pmgItufkbsjtvsFylU5wH7AgWHhDFSGL0YFN5nsf6jl2vUKZO6gjYykxGkk5bsriWPZNAz1nQ8xF7W/bUz6+Yin6HYxumgTeqqjDGMAoJ7htVuigj5hd0r+5cFfjNZ3On+E6+zDtkIB4YpAS4QTPZf9UGKnQdo/e9VdurELoXiyuTAXnHLSvaLOKh2XVGt7ZHofjI3qmrl8vwqx4SRAaPQ8m5PPyA9WjYX//1Oqj9pmyKCCWOwzaiesi6BccoqvKjBBJObfbBZ/v4WAMLPIlgYLssbW9yKHu84PyKZDcUg9GpRt8bSrKkm6QwKi0H9zYzgrNRMKr7uaU9BoSeVv6MOIwi1umdlENg0xvdFetMbNcJ2aZqMulEX61NS6nUBa+NCL9ULVJ3uLUceADIgygGHOHe5/HXk1mwP/EFHTLvNpYFevF6NH1j6HwHSseifIf9TvECJTf57/oyx/VGXB/vWxDXunv5QvJHeVtDSTUTSTrfpE+dGZzom/Yw4QORk8G9xa2aM4Ij2+gVvRmu6PXJ5uKGE3ACivPgagaz2A0LDnBgMEmPn5/FMEgusbUlCEQ+5vQbnXiAACr4ECYIHh62+QmKHZ5nossQVCcJZr8l96oAyP4UKPherPX1Ph88wc/gfi3eknXW3zW9exsehn1MwmEhA+8XTuoDpLBn6N32Dtc+5BbGurEohA/JKI/ejs7YO70IgQTyOWc+3P4K8O5+zail++8ty4poLexLfi2Lvl7iShBlcJlKtdfGiZm9tOb6Z0yKzi5vZtOryvl8B5YPkKxG+4lUEg7ZPJVdVPfFzSj9K38Br/okgOWB0ov0j/yhm+tnUd8VxIU38IUR+YzoFFDpBUNGPiBAvlvxavpn1Gk51pjid9R605fTUCIFEngSl3ymOaeunMGC610YlKFvTgxO5xZz8zzJbIAiEh+YdkfHWQ42fvLx/bc6NsDSKO8AoFNrRJA3DmVHKecWfSYEAiLzoKpjfVGRkc+Aq13CwEOakq0XCGD1cyI3C+xnabX/20e6vryhT9JcLlxkSJvuhJcldQ94160qKBEwJVthEpMpRg4KtjzFh+eXajTH2EwuAIZI/JTnNFjEo2Eu2mqTONFshtjuYTGUIaSnL8Odir4feCa68cknKT5XZXfNUUImYJcpl8Lhg8gWI1GnS4aHwdU3sScippVTLs44gvhQtbdXzH4v5531Tuvblkdm7TxxG0osE4pMSgF9x8VtIUtervhug6pqcJUB8ARqUEZKKdS5NW+6WmcNgj2Mmq/y/gZju7xrIyxl/sHwGuzXdRSXr5jvPstEqApRLsZPiUw/FGUVrALOdzh6Lg2Q/lfHUNUb7sN0U1pXu0cFl/a26ZKU4uP1gLhNEwbHaT3aqVC6t4I+asm2PU8LLakPgXEbubsXLmK3hJafNx4oa4GaAzfdp5ERx0uhqwSzc8EuQAZ72Qi5BcTDj94bbSx2QKb+6RpyR6CkKJH1POegJAHQWESjgfLdSBIlfJGnYCsUhQRx2eAz95s32Fu7t4go2vwPpAOeiFRXYb0eBS5EKAYpXeOSLMV7rYAOOCQ4042NAFU9QefD+8d8m8DgPxfR2TljAUXPioxGeJp4uIc8tWKlAG22bT7tCl/oWv54x/aniwIAFgS1KknXjxPGJ21vasK0q6p8ACmd62fV8SRz5TR762j3y/JDTvqFxvbllLuNfdyCd7qAeb2yCgsgygq1LfudYI6DR58KZ0Nu1yiA2unmdeWF1mWmzL4mRX/1U3jFhwl2ubksVYjCDilYUivSAypxDXhdI7+zcuEXXRi4ILvVFAi/tLBUz+BdXbRzg/I1F7C3zxzTq/8ahzSa8ljSrbQQEEhQtYDqWFP/zPuW/nbKUauIO3xtRKfQvnlqHlPmy/nt1ppDHw1cM2Ogbvf4JaJ5NKArh+j93Pe3+TvvBYwAJPuUh6YGGbE8fcgupnfhMKzwBxGWfdBd38mKveBP5dUEyBkp+m7P4l4F6LyYwGvOWKKO4cwjMUQCbKAwI/oVN9c4E5kHolU/zL1tmcXETCxnL9Ny0Q+mUcNyvYHtsEFlmuRzPZ7yj//rWPNrIkvY5cqpKOjp6S56zQudVQoSWYhhKLp+acpxfN4TlHhj8gYb1ktZ/TYEdtCcpPFxF65YF491a47eYEQ8nz9Pau7aB119fovHxGuQTy53ea7nNT6fg8Sde9T2G1kN0IaMv7OSvzZlDPs9h6/JR+zTBB38LoNlGttupKl3zUFhvb4PTZAEKxe0KrtKYxM6v7EMYNdInSNMFDXAyiWwrS9K9oMxCL6GB1bEVUOUvirmxH1E1yBfRrTz8RBWzy9ttUV4am+pojTi3+ksK7n8WRsCayg/XPatZBjRvlHwHov2lo8TYM3pvqkCSGG+SWD19UOCuzlpzzpBd5W484KH97LZ+I218y0BT8puuD5965LfI76ZwqDNhhxNl2/RlmCLJ6miOYJ0lC/6d+HJ1ykb7gtatc8Lu4KZPB+ubOJR8Ntzrw4UxZg/jwniBugZacgNvgx/Hg9irBTRMsQ0Yb5vtjWUPC+VDhCVtY7FB3faBakVFG3QaEMX/a9+zmH/Wll47Zk2g/AkqoPf8xXTKncE35BaCCTVXWaklGsHG1qtmISVv4H6KKjwJ8GbtT6gCoD8WG+02GlSUtFphHh3i5Xkbamj0MRyUPzWgUTuY8I+1KWfRRIeXGhMGHfOezCQdj8MlI6iI1hxoUjgmQITiPdGuh/6V9Y7pQw4FS5tt5bZ+KY3NzLnovf6rrYjxAzMFQlCnTYU/iJxHKhfK79uLiIxG4ia+N5s5OEYftkfAeocfqTClityRkseHUbVi/9GTTJ4yLqtNu7DeF6dsca3J2LjqwJEqmIeQPI76dKugWJbgc0iCz11bjZcIechjcpQozN9ta7/clNHqk6VVFlpXUnCpekgaRQeJkfkvqSelxKZ9ozfsC0U0/xhUKxEUdBH+uYQWA46p5IKZM6lfOWhHjFsj6S7Hbw2LeUJaQ63Ha/ybcmdBX9sFeLFT5Fm4zjP8ffRjujrvtfvUUC/qmh+RAHoUdbwjn7GxV46iOYR862mDSZoEXuBifxOX3+Nrxf/nfnH30GdiuuqZQAIys6t1Q06I+pvTvmAoI4NQKs/a6C1t2aA8FGSzNzTherQ2h3azJxoORADpQAxDaYFxuFHqx6KbApLdoiCKoswUytBxN6LI+UnsRwecEa3eec16YMR+GgD2uMlHcV0Rdd07UoCEcbo94E65Vk+bsiyX8PMEyxnjoUkKa9QmUMNhZxWHuAqxHKLXHSFBYlhomWOOLFE3rmYbaJ5Lb+//bxuY0lHOFsgu7cOG6NiAQ8sZNtjMXtDMZZl1nTlZEjuMSicGOBlM5pg0qyALi0KsU3SSEyLhqsWfmsT3USUHjHUjlYSAuW861zfA1CPgfBurWQ+g4W5Q8uiKMt/o4fIE2Ah8egoHKtO967NpD7zHeY2KY8peCL5Fp7W11ZhvB7RCb8ZHA223G+0wAcjdhUhcIFRWLQVTYIAFVLS+uL0uAmDG02fjRcVqMbIWprNTgzWeZw277LGkcuDNuC0AaxJnnHMz4ZMIWarItwaHedrVquxxjTlbfCl/sDGL+MObzj70h1gMwQpNFOk9+VYKxVOhPWlKNFJzXKHpjLm7+yJsD+SJxMvVy2mL44M+7UPC58rH6ibmOaWg70sC8CcKYFxsDF9a3xRSMFQm/KG71mUfeBoei3AtFBYDDVB288DqJIjapT66TUl0JHOOY3A/XZhE7xEuw93lqi/ByD1rd5LcLMd00oFSclJg3Z2mdQLBdywb4B9XbSw6zvX8vcLD8NRI2M3FTfv5OSluRw+f7QFGB5233Cqhsy+rzJi8vvS978mk2+HhTk0Up6OqKS+btbvB9Gmwmi+JzNCOOVICrAabw/Y48efNwrY90YXUZcDFqcWqV5FH0/Ju8N3ggY1Lvxhl+dMj+rRCEg70LIWUwt+FFsuoB6QM3Vo3HhZndUSAZ4LAD8CBARko8gWQZhxVhKbRJCY76+gMXyCSMrEjaZ0iarqdU75EYKMI+h+Z18Zk5GkH303pbTjnmwS9uE7dfMCi1C9r72/zAWTKTnofYeoZvu+psdmVxpzlo9kvYrYRar6/dqpuKxg/ejKtjwC2Egewmx+cXZOkdgaP6oWbAS3qWI1nut9ozn0GqqyXW0B1G0xkf0Q2/eeL19yarJMKvz4WscW/lQalPiINtqs81pU3fAdf1dcUj2LNzWGG2IRo/OdIpRWp7PiOJFnuFoMCaYktOX7Ym1aGPvvoj6AsS2nO4zkiZBmTZTZGYab1Hsmzt3t7l4mRAE7PfEHoo4vGsPwe3qJUYx/yFCDX5y7+ewZMOS3eDwLuZPfdqncn2UCxEQ0bDC74ZEwUkhw/dx4QeBoM9sJeHR8R/szKW7bJLtQBhuZZ+3jeweQqi9avPE7t3pMPdWzIRyIBSmZeqldaVMR/jDL4Xf59KjcII9xHEzt5Xxc8j0u/vxOK2dqn7FHcRBBw73oQdmg3fQ3obIMWmyaRntrFbF5hPwQFbnpBESf87Fl84iON7Avnu8tH5ZgWYilBDgeRdL0Kk7VIhDxc7U4dk6efe39mA/mZm8QlaZ3tSYcJ6jwpzWkt/YYTQNrK3XatS2cn6tTY3alcqhO1fXxiwD4uSHk4wOBhYZi2bl0rIxc3vyHcmPAoSd8a3OWqvjqyy8J+7cb2iPoTtZk4FckvRYgAY7Fp70Ea1jG5628UM41mpKH4TE5R7btHrsweYQVfFyrV9rNWOFLDDei0DagS9YxV9U1hAGXV9Mig80wvzADWLSi5xEEk5Bw21pHEH0c1d/uFVvGG7FwNl2MCckJajAHDMDE5+kcNnqZVHRoYL5Fj376E3xBYAnbXf0X4lpZwmAF/nUiIL4ev0v+rWY4MlU1/aru39as8blgt2Q9hTonovnCraB/pS8zLp/bj/3pxXu2JtWN9VGLfMqVCCxMiDwC+F0gYxUna8ZipocwKr8wbD16uHiQEiHsrgRXRIXpcmgIhlvdZq346ugEFfG+7vz7wuxRRiduPmGfBBDw3SbIlL9CAbiM4KxZvSHGFpLYzkp9K4wDYfKlgDi5V3LWSY/vVmvN1/K1PY0w/pidgIrNW2I5aopeSLAUldCv7BQwOne/sVaGxUZ7+dHZ56/MG9PXpO29pN+Erd+4Gr7rASK6r/B+M2WRRAWuVaxBsIH2YPJFruKgHF8CWdOq4nXMcAW7RW4t7dpvF/ev4Yaws0GiHBdKEQlenHpLnB4woOTn4ikl3jfbt27hlmXc71590sZt9+JbIi+wY+4p/Qc2q8oRwmSYnPCu4vgxxASHSMu5QJEYNt8+ukW/NAOceWt1NzgjA+WPLmmHlDx00fkicr2G+0ENNn4ArDZNMcDPN3589OQli2GgdGV+ZrzfsEG4jXeFF5YTMtdn9St5uyHoU+Zb1kmXVJLIvKBGMjzYZsoc3+I+4RRyIxZ5c5Gxx+mhzeyymQF3UV/d60If1ntiFQ/Wt3FVNephhDuZskvSqZuMgQNaOZz4/nhe2PbUkRwcycjSw7w7TVKKgyYTzuIqvQN8EO1eddjmjXL2QvMS3ddlMRs6gnGqzK1vPB99vEBVI7WPWTDtBlJEfJihN8zCaHmLXfVZFNtoCOI9a771V6MbrN04l9xxbkoDRvSGrEq/epeV9lGmPVYqrg7Emm3xorb2eLp65w44h/ODCaJTLUU05dOhyRkCOqXlw0qqEO6nkZF8BS8Y2J7ZAhIao2mmbhsMutzFNmMPIglgOW4YlldSWuSa9NhuiP/d1oZAry1dQ89LH70+E0tXprb+Nu8k+07qEQVBeaLFtve0eyetPUMinN82C6V5PzRIbXtLE9qO2qnRY1xW7dtc6LBI6kvQHhwfoIC03S/hjNuv9gDdy6GV9BURVSUYMyCDAm9qeksyEAtXVrJTsHR9Org0bvt1be70zgEopzJx6Kcf3+3BEns5xgx7SpbqSozmNYNI2XDboWQtAIbWd7kg0av5mUpLaCMeklvSOGw/gKlP78WwBLblfBEdRsDMojy80kBcXgXSbubXQOzbWsg3+Tl7vVHHnmqwcXZn+mwjDHsLVDgV1nau2QUCGpTq8T/zhMh5lnttXx6aAbW8/+Iaw6zQKH3rFDYvbgCcWhlibwxjTqYN+0s1HqojSEbiIP5rABMlqdmC7/svrRlMLlx6y5WmhgZzeH9vJKNwpKHpxQWW/N6JxUeEAFaCQBw6MrtFkd1i2zBfObsvhYlXuNK6PJDIqy1oazg3Mcso/Q8HPaK8fAEXwBpYmKxLsfVLdLWNZGh0DgnZa6K2qUg0APDXfpPN4ev39C/Y6jM+hi9b9Ny+StwmXrzq9eoD9XFScSHgMMNce1i3OQPLKUToBbhJmlAHxeOvoI3rzL778GjVxlE88lVWJ5aF2W2Tbryqk/VZf5NMHYQzpvN7i79X2TmiwzryJAuD4Kw4fNNhQxDldTVDeRTheqvYHKI89Jg92/ha3tu5CeO0kmwmUUGXXGe721gkPQ79HVkDofBYICMOC18NbFWJVXjCFl9YWIvZFPzxSytfjVewxFwY4huZHnyf9GDYxB7P2b2gw4Hbt4J8v0lVtAmtrsIpGnN4plkjC+JV004yPkJRCET/rftOfji+M+Ip8zp9zOV8jgpr4xMnfuGWvggdIS8kr9qkClKOYfSykHaYcwVCovhw9Lpl12ZwnPEsgpVXeVZKKMp92aDmAkslDoNFhN/1uJp2jAw5IYIGn4b9fqdmYynZ2IA+kK70bSx5YHhJIAmbGlHRKvv3ALPXjnjN3qROR3UJxWgqYZiAg8UiY01s3X1HVp2vGqwPePXeShF1yVsgqZfd3he6wm+7kyI1M+w4W05Ot+W4He7r5Pns05k6L2mn3DDUZSmGpSjAUX+q72qaBlJWrnrgyEZNNoE87iiaU17yoeex+THKvS+zc1FysRIGSZPREWmFKApzxhv18ItQaSdVmUVrHlCVUoORUfmxH5XPt8m+/FkTEbOoBflVq9h9eHpq7kHBau+zVnXrDfHTR2ReB8k6uDtrFq02NPyqNNGzpUYhp2ue1/QkWAj1rKRJ4ZzXvQ/jOMZczmhgS+y1sVyOn/Co9qzTJL36YvVVMNG2buwlmVOPqvsX0zsxQodJzaHiyr9siSzR6SrprBsdD61g02tP39QTttL0+hwTEJumHq839UqC1vXMZ1B9O3PodoNa8TKcmgvZichGkoUV5xnltO3Es6tsulNUb3XiaCsjbScbJty9eHmlhkeY9wqFX5SfE43DhIcvfkLLikpUBqcmsgfb62iJvZYiAFHxlc3QtiCbkkI28wkWhqlQV8LLDitoTtVit4tzZlb6nQB4XKxj6C61khvuIuKfjg0GZ+8ExfC1nLBefh/8oha1UKYODZ7vVA9n8hIkRPqOd2MUxi9toAyqUUK04Yyz+kIOicKgERhm/uPv8VW26js9nE8DeHRRroJcDQn/Zga5x3sBWKKy642hwEQSqbu3wIQLzBNYnBtKxzKXrZNc6Y9DCJzpvcJN7WT0iwmi6KDeKtjcrMlTituRGxmXNYwWFiKN+dnhTX9M/q688jeCHY24BQgcQKmLYhyLFeN2k65/BtmoFUWn7K8QczGJqDvz0WW76fqhbd/tTed0XZirKQZ70zcvzrhbHIr54f4EDps48skwmrIdpf1wd3sIXwoWw3rYhQJCjPSHpr7mHKxQYoJtEaHi6YdueQefEHE3f9XkZbsGbh0Sybx4xBJubwzTj0nRjZaXg6oimaMh0qDqiGXXPEeX9+hS+eI6NQvhlHCfD2hJJTnDXp93BLaOF3dX7MOXxVuhr03qFnPtv7CZV/XZB6NZ17ZrWvHnJBe2w3aGtcoZOmWNrz3nXYdoGRBDNXiQRm4y+y2+z7RoryseRjeaP9wdrgyoZymOEOrzC4bWg6uQ64vDPq5rK+blqXwM59s5NvKvAp+YfO5ojk/b+YDsL3YzqIMLcVrcFJbaVeezFIouWWBtEYmHqUWUPl+G9A0ps3FiX988cfzNV83pr2A6fb2X9ZC3/McD6JePv4FE1NhsJA8tzxHe8PqSNDI5UK1thRGFbSW9qSlkWHSBR8itKMQJlOQtPxhbC79Izu5LN2PvqmB9CWm7EVBd5XplaHR7Kjbk4Kmt+8uRHhrbmFckJCAEjJKv19sMNb9Jm1IryOvLjQIDp4+qNmSzw/QrzVDUR5owEiuwjcA4zN9Xr2l9KmGFwCewlg4SSBn2oYW4MH/Uuq5/dST+nUpJkMQ/pAUjKPw3DPlr7Yh/khiM/zskBv/TygXIP8kLJrrnW9mi3f8hP5j4Ppj/+fzp6/pf0z/5vM8IQo9arOWDq/4kxkMgQfu/Lr/ca/BXmJrO/37v867+++vvO5YpHf7pl/w/agVcDL45zf+xkabs9nL9bVL+91v/X38ZD/0XmgK/Wf6/8PB/obDfb+j3CfR7D/9+I//y+fMb/f2V+Vefo/9wF/J7Q5P/0sifi//be/J38Z+/Uv/w17/3HACsX+f/cUDALtlvZP/y8W9S/+XT/yH/G0zs/3Wa/i8B/+83/bf//z3Vnvr3URMYouD/seQKgv41hR6hsb9qCvofpSn4XzTl6eTSgoT0/yx78Kd6AYH+jfzHacMw5G84+a9qmPy1VM5/WCGEfzqL5P+idRCadZ2Wn30CLqsd1gUM1vK3fASA8pjbNc06sDT3u+GX99DX/5sh/m8/kXgu/a/6WI9/A/UT/n10FEb/MtkIjf8N+dd1kci/TDaF/BONRf5G4f/26f7nVWuw/6xa8/v5f1215p9qEfXXojX/dPj/Z9Ws+edzT/1F15dr6ca/GmwwJj/t/sdp/DvI4f+OcP6qxX378JSfxJQPfPgp4J9JmUAVpl9/cPa/4Pw/mab/A3174NQ4DKCAYPYvDwf9dZr+T0T9/1Bh/+sjSjSG/oPC/l3r/o1lqv6HG8aqWsp/awmq/zOp+1fz+ffBekT9/6s++H9wtyVaZj+H8E99818E7t/DKVPE3yjyH6edBk75L7aZ/u8G/V+bZ+I/yhXD8F/m83+Jafz7ZP3F0KIwiqPUf9g0In8j/rEAHEZD/1fYiqb+Op/Uf9h8/jMu+b8Ctvp/VmPqt0KgMBxjgFpT/NR6v2JTDGpybuAoHPPOMP9fVhK4iFXC6LlSHneGYQn9+FWMqnZQl4qRopcYyi8vQxKoQMQrcVi0QPMtDfE5R8wml/wtQ9XfEVQYJYEWD9bxxNffUzb+/GP+8+c/f/7z5/+XP9xloZjzvLFpyP/gHsMIHHM4IlvnCueMOs9AFn8yL6ExfPEVRxL7SaXzKOSGqhVXeauc36tXPWntsuguthu8cBm3A5vvHLO8kbR5sHtiQyzrfEzh5SeyK3SaC52m96EdP1C9QAzCAG6SsFvzKMCrWBLbGHl1SV+MaTjNmQQ/Now988GEiihBS7kjSvSkwSIsy9SxxjdKKDVYq7bjZrxjwv6okvvB3aCbyrhPvtmgIuVAcM34tT5Tmg5frf9+iWsFVXLYY8m0e9VDZCVbfJs3as/ARuRhyNxBeeK5VMqVz/ptoNZN8y9otX24yCLEHFKEvgt0/S1Yl/obt6IeLJG/J2LbF7Ikd8qWf+GoHkzv1S8Efwb7JeAsYJY43on5jDuIY1DVlwAiNuYVjfqa7/zqV6T8Rq1i+3NQoSqNeb0FUJDqGpzirD817vkqi0BvydCfxFxvP66WgACoT8e5ny/OjEsf4sUXW1E5KsHW77ji+J3cy5WUZYLfe/WADbi/9y9+3+aNT8fdGK12DWC+Qp3sGi3BcOtWe9O6mU7YXHAwZPzlwAaVfAQz8t1BQoofysMn3UEMpGgqWETs9NoUPEjgCmnW60rM3rG5hEcIxfDf4ZKgxzpk+pIRLCLjBwcV5rl8jXXMpQTin4xlguJ5IixCSz8Y7SCwd2SDcGU2Pg0yFmfBsEPKlxf3rsXd3XlHOCsujOuSgIVfwZ5Z4RBCvGA2uti9C1JHk29C/HZscQnvLsgOY6Xsyg7vTsGqLjEYm/IxofbGQTV8ayEVBdlxydRoUL0I979wVTtJLnqWBzvpERLoXLMbLn1wf/vjQlUrCzeWX28xOt3c4Qc4GyMQbCQGJIIxvjAwroYTb4dlVEfwtuIbMDUXsPqtBy6WMKLjgsqHjOFaDDghvWV79kEIzsGdoEr9wGiK4AhMzHS1h8YLdzCMezB6NsId47A1H/PC8ly3MELd1T5Ts9DT1HOR9DQlQiwjMbZjHNrzHRkjqcGDO2L2xb2ZmmfMkY8BBKBrWZieV3C8UnsojMO8GJ55sAsnMIubM4zhMKf6tMkygiAt3HOh7yjHg0PYhtGF7mlTYHLXB8/PcBw4/YIRjueWp02ZkRT5eX4QX3EDAKTkTPx5LuVrUeAMAIXO2qwffeCtpw3h14bL/NqQnjYAQIqeNqoatIEz8NNTRs2ZsYMYRn/asHzQBlxbdfi0sTG+Cz8P7jzPkbIO9/SDfelPGxPDKdHThsIUTxtP34TP04YP6n5yguaDPqVPG+DBLkZwO9AGxzG/NrynDe3XhqbYoA0WtPF57n3a+ECgDUmQfm0QTxvurw3fBWN9PJ9Bz9Mw+sEKn+eVesaWBuMgPe+U516bURzdebrJ7c/3quAeXmAhULacfO5pwD0sy5jgHo5iX4oA7vEdmxEZhUOfAX3Q4XNJ80y8w9dmzDFARu5DEMLntQTLfkxo8EvJsA4Tc2cNPnkz/nM/F3NHzdWP0LyZzOYYjeFqgwGyUjFsrffsR2JYn2HBuWJ2LR3PbSwiMBz/jAlsdq+ipDAwDsLCVItHxg7rSCODyA7vs1+GZuvnN9WY7MF1TPgmoZplUodPnxYdCWJ7m2FG3ufnkUtBNp6yZYFyxtlju8IZduJHqP0aZ/oSq2YPcWZkSOtf2H4L8cUMDO7t0gakh/t9dFjEHiIzdSPzrem0i2h2rXcQ0d/dt9JTYaTytEdY39d5MUGnNAwbDotlty9kJ8NdchG6zii3C5QaraXeZyYFmO0LBpCbBaGHew3s/cDhzP311Q9TvVw259cT9X6BQZdNPw++Hi85G4+x1nKf8biP8/fAHhy3qd/hsmCf0NU/IOeJ1RWFb9yaGU3TOpjXjAcbzG1+AiJ0eGXIa7YMapEhuvnNbu8pJMMsfUynefqMIOItVPPvKt2RGsloQ7JakCAgp7WewptyDVrN1hHPlW2WXxoVLxX1dW4porLt4EueqWlKFjnq1iAnZ2xlnBcKTW2wfT+CHkdl0qUOKcQMJkCLWUFcb6nvvdqyrn/JSs1iglfG6z7v9oCxH5O9IFKH2JrZpQEpwmQfVtuFsS6we4O03VoB81vIyWx8UHgvcXwCySdGu1r2wTkysRkggvYSvOp7kt/lGuxF4EnhYJli8kz4T+QmSDSGvTZ8ta4+vSHs9uVHmY3Wkod5tbU8byPHl9Mc1XgmZCRPjmciWO6vpxgODIJe+zZzfAapaOCLONap3qP66jwDq4P80YFrvIbq7E3F15QsIt/bY4KAw+Y/WHhoEGsJ9zx4NhPzOWGgnckDERFT6n69BZWxPInjiME6FGFUQDrkdb985uaSi+ieSeaEzdgZ+elRttyDPH9dxYjQzBYR0F5osI+CY37NR/kBff5NuK5lXWZj9fPR42/NK7QIHJUNV4o9n00MdJM5WYJWgLx0U2t4j6adDgs0K5k0sqik506/VgrLoIbu7TyCxI8MLacZ4SzM9cjr3uVPRyj4sW0BAwb2m23fQ6uxxyqyx5eSJX00Hi8CMelxMLJCycCKdE/fCNsnHrvD1jbQivyiHpEZmWZoD8jLmRcrPSYJeDrrMURcLzFqzDvM93EzDScBEWK053otlzP6EbbnEt9cnEOHHn2omZZsf6WliinzCgL2c5D+c1nwsDMOhx8hyi00jIejYTD6/baNHs/EeWAEdiMlA0Q6rxMebvJOA2xzY5IeURV9fVP/sYmHkpPb5aHlK/zCd1nz6fZ5nyh8ftfHryfdrSaep3mRwhfV9NtCXQQL6qnxGYXh9daS0vsmZXfKqDzN7tCrizRX4DA4cZIUBh6MZI2sKFarN82gTEVp2+e7a11Jf5RnCjkczuhrzdVuaKBjcUOQBBkl4VdlI3JPHlhS2wPF6yQ3Nxad0kSlHebV3SQIQG9ge0eVDn1MLiMOr8GmuJ6D3qivwkDd3/78Ec/swt2VyVlHVD7Jzq0IJgjaRXYt3iaPFb+crcLJfPjUD8qwNgqOEuxxVGpbG7/zRoBRq2kg9Javcr3nPO63kjC0Wd7I4VuHERA+hFYtkzMr+Qc2bbuJvltf4GseDwAary9oZGttHenU3nJ8OY/yB7CpQQICTD2oiZehiAPxJYOd3ZoCDvxIRzBbcRGib8Zg2UlEyasm3r23FO6Lf1PdxWMNUeafHX9k6pCTAiqHIbl3K83dozvi41T7yEKznbhLEgbCLuXhkLLpK/KsmhF1JGwCOn3AzaK8w26E4q9YStAgRSCVv3gAA0Q01DUr5nrGmv54/iWMJo7AWEY3ZsKl1hBlq67kERsacHTWKQs2mINviXDOKqgYP5coXwm1pMAlY3jTwdF3kCaxBnD2UwRdhD0YxIiJQsRwhOxqh/72SQpzIG/t8egGi1IL0pJo0ujUV0b9sYnXBxGNV9fQTOYaz7gFdLf72OMbDeUugiln3s4vnfAMF71WtLaWmDg6fNzL2Ub18oTvrfppBEPfMdXG3wX5gnAkkh6b3jfRB4hgWJM9/f8lG48yCGZ88D78sZMHSdXC4NvSntTP6LNNxXjG7qYIpDDqW8z8fOlR9ohtMKdDGCUAZvtvRmJP7X5H30a2QSk5HuM7zeLS66iZUEjf+2qgwy3O58dnWY/PZ5MfCupIYGFu01mMh1MNVytZyfNA0uXMGBrE6Zjx2RsJkiBEgLhlV5nHZHAjPGcR6y3aegiMSIF4WDHOEuihIuHn0r3DIrOvuX0VBrhDcahGzxlWclVebBf7TVNWo1luTW6Ds1qDCFIObegeQzArkK69yDQKaMwGvn43MW1thnIOxSCV5dEgVbSwFRB3ve3wjlfowIwrD3DM+jjf6GAgmZgvWW2NhLFeOYvcH+kuRh+yvkTwK6b6IEuFK35JZNkabhjh+lRUBDgPTQtTa2d8bMEdPiSYf2ULdHsrIioJBs1UZrHrg0JrvZxBQzANo1qaGLa3n8ntRRbldTlfMajTPj5vN8FBheLM/vJYll/xAYlEc2I2ALejegbjhYfCdbTO+4ATIonemTpOjWh3cMwp1Ut5u1g0Z35W5kS+RfMDXi/lxqt8CAbDGGiMI3CVbKXv4yP80coyIEEBkAkXWdTF2tg1kZYcfj0o/cNOMxIDDpjjQe6XWDal0kzzhEtD2PwAYzPbIjoNKtUsDQ1d4KBs9wS3Y642z1ixi2rWolyE+XqNhH/bksn/rR/uj5+ayopuGKW+GE3yMnkMHvXuGMnBP/QDAmpWY6raft5Djz/UHUu1A2mSr5pjwppV9uTQQdWDVXl87EOL3S3+YzYXkAJr+A/S7xj1T8orraUb2j18ieN78N0ivh+RPTgNG3nyB7FBML/Ckg/z2SrJUvdKiiL1mDEgCILDf85vw+z3d+lBNN2+dobpsNQ2IQLLLOwu8iP7SKPEXsTwdgb2QbW2RqPe37GRgtKrJrEEyHkHtR5yhX4Y3DPXYXRdXzT2eWInPUuDsOzBOZ/QGNHHYCA1qH38O3n1zpz5RSsOD2ICucmBSE99uTYQcWew8bL2b9ucHdtnAu52BJynD8IpedeGubk7BlBgQoxAvJI47AbyPBVtvN33ZeNNzLxKtVjxqRJI8kN1D9eACI1ITuub2mtJ3fx1Y/MpMQJIhv2h9H65wDgjlBe1XU4lYhpDiM8cioXB6W2uIOUBVDVNb0wlkq5M4mciq3MO+xkM3oOQsy3ptlf9jOuhqnPfewEZ9SAbnNgRXYs5mWNYcG66CJsIieAZHViXl8/n+dBMkRQT3ZLAMBbZmlKIRqXaw8QPnQU5Iu/yojsMIqEJnp7Zplpa6WlMpSttRbblI8aANIq4tPjU0zYxZbS/xUMNbzvePj6gfK1HXJOZrZevan+MfCeJpfAQz+FTgKocnoxBHgkyCwC6IExCeTuHw1RGC6PCL7p4bBEtH+wWRIhEREWLawUtdT4ynN5B+rui0IWP2qnScRaX14pDicKXHOFNQ4VH/o5127DBNl0UP+IqI1X43gvamh9w6fj9frRvCO+/yZTAGcJXXUXffzKplQcagq9c7ExMGlmRa0ZRYldw15JcfExIRpuSimBPO+Ck/OnD15bC/k9Q9P85P8YIxFNS1GOqMOX7kG1W0P8tDd4Hlzv2A1yckNFCKRYwsDnk/Dn3BLz8jCR4AWsQ//rlN6i/F3DHv35xnhcscL7O1mynwxxXkt4ljHPLw+r45HHUtGysMAWyK0NPfrVh3hGss1YukIo3WEEsSoEEtGyCNm3SjAdoyhA4qY2dfvX9ekbLr/s9VLsGPsxLGNEXvk2bObWydoBMNUs/45eEpSQaDVh5gFHDILMlv9XMyF4gfX/33/YaDfMoYSC9CMZ3OQT2s4906ArzOUzIU5RhyT2e7ojs++gGL0keZE7P4LILPYlP7yUKYevb6NR2zDJyLSuWjFfGFiznsi24uG528WoRx7JZ9mI/HPmQFIrp2PccIx1EFe4smwDWZpbZmDFSHEntOQ9tZmSQsRlfxVqZNlDCJCky0kyq9x6gDudYi8GoGCNJ7gyRmhYiUUKq7/X9qi1Y9rlYenyNDaaPJqsqNYIYQ4dCXl5wrLMHByWHyNgjS1IICj/C9CsSX5A55iDx3ZHLYTAV7AiM+WHC9b2smAAeoYpUmHLaFVueL4aIB/pLAljPeEVDteoPokIju5VuJeCfkfBNJmYshyOAqYrMotPR4Q3jr0Ky+R3rwkj+48BmTzmz6s97MN+0bMv2L92nP3AaJN2LCChnSA5Z7LMptzzg98ss+ymFwecmZ/LASfLawwXyiq2M1Tl55RU+P7QBmAj1RK9VylYLF6HaY798wRzMxfh3bwBaZqDIF46kx2sorrBvqvx+YeoCFTBiUIXpU/kB2Kz6yLjtsDKCFBRwngm+xTgZYchhUis2fiMzpvyPSCqCzdXPhQ9bfYa+6BNQcBBgJuXzvfaHPfe5yc5z9os7x6ZrU+u7LvgH0TBJrQ+ocxSqlX+mNrtelgTWEuAVYSorxbT20J3pwQKPok8AILY88t41wqMNKqfz7PHfD2WJsZf4zPoAP8jCrfV9jK+YuNq6+ZxDnYYBUXJFf0iN7oKTsJuDURmpHg591UtlVNBYiZVbpF5WjNGLwtAM8Sh9zljW6ND41a0iWggJObNtEE9YUrWxFQt5+0gBa6gGgfO/6iTeq+FA90j81duGZpHd8bhZGzMZUWEqASr8tXvZb3usHokeTukRCrIrHhymQgtfP5MTEs0Z+tXjjcqN6PfUsooU/xLnxj92BSCgAKw6O8IDnc9qUNW1YRYaiO+IV0RilMJROsXxDMDD7gb+++knc1lXPbGle560MqH84mTMyX06/wCQCXb5Rd4St8/vLkLNJIHL9s7rr87Q7PagKpQRkldz35uiVhkRnD3yPtc1QUqjLg/zUZHo0SP3hVx6e5XX2Wb1PRm09nwdosiHSPSd82ACaWHIsgF5iOMwODs1D6RFUl9qGSqxtQ62r3JlMdpFZCSM7Qyif+bTFyjo0/tYDYBQqoKVjEZ1ZRFhxCuNbwA9HuPLMUZD0oKgC4dzbwlIe6hwfRXOylVhvGEPFu+i4RswC4Myan2iUiQ2kd5IwznMiS0L3woxlgdiqqF3Cozz2Mkr5K4IqBw4H0qmzc7MVBqTULQtyZj5yFjIn489ZRsmuLPd9ko1EdSqL6tER+vOWsuKdKSHZsROhX1ksDaPTdXdIrSGgGS4X1mddTOZN4HctyfXPLJ+opk7mI1JuKsPbqQh57hyv85LpbAXwWJgM+tNvvCFuVidyKBCZxRWZ7hXkSDPV+77ihbMHbnONT5WqEgimDE9FVgTCuNrPmdWtpL19H4RmmlLs6eS0OjrJ0qIxowwLwbtmVKhn8nUc+YS3sVSpcB6pJf+8YmKml4MFRCNR8BvEWLTbvkIItiZUXhIo5kul7karsCRGiFy5/drF8BmjzsF9CIeGsxtDfZIiXGg5t5cog0CMCDlNHGhYONZRk29SpuVOUDsLTTcpfToHMzIOi/Eljx/crnHIJP/MvbeSXUpoqNP7gm7cJYSQMBGPN7WqyXHGDOyPNE5RU/vMg45vU5nV7c1wfyE4XjD3zz+dHhgyLitdxIhaKZNkD+lPT9WQBfjE3vzr5zx1SIBa7GOC05Ac7jZMk71qMY3+3icmIBWfESa1XYj4XH8eEsP9vQAtutRSteevg/5nem4lFnalCdn8UmIJGATax/UcvSnbD/ihTNMi1N3+ZaiJqAZcn+9aGiB+HNbrQFtF67mb7Wz8PTRUKE2PBTV8h1T+LLvz746+tcaRgZZnaZTc26xKtUcLzzYveGET/kF/qigr76IXvRmyBCSnDM/h1T9ZqTDvgBbQpGPBDaEFM2LIdEkmLeu50KOjCONhV8WuxlUUEOFufjKoGFDe8aBf1Brisgm0aISxjhiX+dFXLv3aLpd6voCwydNdgRgJ8hglJc/4JXADb1lax/g1+yPX9dQBAm7dDyo6uqC3g3YDzM9dHAyPv3c3Th88/JpAqfY4JSugp0KaZhY68VIvg39qXLGtsJj15Kns9VnqaP3tMmuhDnlMtFYr+LGw9Vihu1bKjYcBmxTcYKJmCCnmS3P8eCyOX2hhF/s0ndQb8boSSKm7gdu1NLB4a0JsTn7ug9zS4HNicTbsBmjfHiigUxbrTEFw30QtTLIV3oXWpsNfliWH3H3fgcfL8nDXOVUpTKSe769YISuTTa9ciM6B3XLeujxGIDijYfHCEjc+vczb79VXFUtY37eHwoGE1FKfuNsHNOsap/RJI1ZWs6creWDwWX/21dlAg4Z7nCV8SPEvyC+Q7Bv/uiY4S2Fh/Fgk81XdILr3lbFf527D53bf8mQltP442E2yoViHntktmC+XLEjeG3PiNqn5kyxVVvYXyR0Dk6kka5/DOLjSK666qsEcvV+9MUihHok0eKiaQ4utqj+0VedsT3jPnVjojYD38qEzYzlsnjR8GKm4RXmkA2GNrVT2zLeqPZl5pa1eq7uM5pmNAdn7DfF51z4juDMEfNM85T7ylJpeIRvOXjmBqtEqHTwPqzAb9SojHmi5Lb79L2cGejHacOD+Q7Hr0Zk0TwgYfhammTfIHn8dnEqGl4RF9jNp20W5pbSx23xKF4IKnFCcSZElFYY8vHIYY58VdRRx/lUo8dnW4zCbwJHFDhHylwh6qWQHez9ql1AcIETioJa2U0IbHGwhHU8cMbhHQ6J300RWgKhDCQdeVapZl7IvT/2O7lNoRLwxyus6cRpHHvG+NL5WKKr2OtdzHj3oUlk1jvz/BicbkakE03ZI6EkTjvMh+eSDfHYPpZ1KXVNuV5dWN3bG6qx7aMyqQkD/6KWjnRg+sVTTLSPF+XAjJ3B3TUy5YM4TQmdGCiN6HHwENchiReNvZMYniY9mUoHspqBDu60JyXulkA5KzH51XEPf+Eahv/hamkeAsd0sF9RefDxJQ7Ra9sgc91707PFTrEJcTAFVA9pz0yliokBfU1+l0738quGBsPDHBS5jGBiOWfJctgZY7T6939v772aJDeOttFfo4hzLqSAN5eNhvcN37j5Ar7hgQYa7tcfVM8suUsuRb3SUtL7HSqonZkEUDYzK/OpyqxCwO7Si1ukPUAaTSqXPPAzZtCFd+5EYFZiixDQtIqJyGtF/D7XHxPYQnRp485GbOUDH0kSD/tU4/yNlJnoYuBd9c6zmqQh0JI+/nTNRWCAORnOZqndeK0OlsuI4+hCx8/TbnxhruRlJmkMgko5Oid0CenpIDcMSPF1hXmw6FGtmN7xu1gm4sVoH7x0hXp8KMjLEQrlcXPGN4SSPh0WdUFSFy0uVaevnlKqB8XDteksTZe9c/bM6Eh99Mj4NcCtV54aGrtD42kat8hCRz5muEw/1XVnpH4kvIwyTMbChMvTcCCle6XdkGIOGNU5GIXoDMszMPQJRWl+VxqkJeG26q2LscaKIN1vpoRAOZmHnb2IKB1JsvfwFr+fOb/3jEXlhvoSvez+MrKTqYkfGxqEEbqerDOejCNkX0ZWfSVsBM3bdTotgTQ7Iv+58lF+BaYAj2Uag8EkAmH1i8zSdrxN84AW5PVWCi47uvdAuGRkFj9fzYxXFDTFsOnXSw0CcOe44HF6x2PCR8AV8K5wYW2LaLpLDNaBWU/hDnch56xLZF/ycaWH16HKBYEsCim9A3bSXau5CxUuXvbYKCRgn09MXHx4ahNSb5QHhfLjALIXRTU/TF2zhE2r7R5zUWw9WTSmfcLIruyDTm8PGedvE5wjgpJamvIeDCaR3MjRCsgB+9eA/bV5HnZNKcSJExbtVP81SgAN8SAXGEWr1ETAvhCuo473MkCCdp68d2BtjAZyfCh9dAccq4wOyEPCsw/2Jl+I8r0RFGk9N6bvZOU4Brj1gXBm7nTdWDVKOdhVMmlLb8VvNCHQOOOdJbwZXPUxBuKL6PzhbmZBrD4w4L05di4ZT5OeiNb0GF6XApflOTrsWMUxX/xqXURaqP2njpDp6Kt6IgVZc7WyJeOaqFMd5ZHMKRINGeKcFoBUDVHG/QMYyZVhgsv2mqL8xZbFRRxLkMx2l7uC42tZuC4LV7mVdL3WTHxOGWOi2CU1I788JdgOBodyYu3WFe8DA1a7uohyVvcQSmnVbHCsZayQu+Z0tnbpmTEynYelWlIgEYtF1oIMWwIuvE7boqAV+nT2CsWaI7MpNjWqd32/zXXuMLsZWcgg3Ys4Motik1DZHGKcJd6pr5Z+KVy63F8XcLksf/EuvqUyNn+6Of1jOt2PhrujIBK8f2gPHh2MRwkUcRJ1NUAyrOtg6MV+lahu36nxxqecVPR+A55JIKPVOKrbdgXsX6QPmOiFkZGvRYeqnAFuZWA6lazr4nKfVaY+6JzX/NcUP3f9CQ6ppTemgarnvFAMfhFOV5Kx1PED3bJdz7AU/HqXpL/8qNhrHIZ/eYAeh373AP0fFZsIVX9dWkmS7wzdSDHD+3x4+xLf8p+JVfs5Pu3+1ZPfi1X7OTzt/k102vdj1f75gDP4O9ek/70YoV9Euf0bQtD+brO/E17/m6HvyUeIA4hEfxbx//MOEkfO6qGvfvt/vw23z6O2bPaPb86ConZ4P0RR7BdR8N8++c2YfQQEwH/z7KOV4GHXP9uo+fbx+ikd4Dn20c73w+bkvOz517OrCYiT/t73v5NN4P24PDm8+ywe+qpp74fzM+qm/Cz0S/Fd9tMLa/9Mv63968/jn6JK/vqLMUcw6qexRjD659/xr0Y+LaehiT5Hveya8quK86aP5q8b9MtsAtpZLQihO9e8FHT3N+L2/6kI/R8RbUQjvwoaw6DvBY1R5HeDxn5EFP73oxyJ/6iS/GcCeuEfHNDL4CRK/7wq/pCAXhj/tX69TeZkp3VnhmvVeBcH2lfvr0Aa/oMhveR/cvb/qXDu/6tmH6H+o6vpr1Nw/NcGjP5q3miCRCPipyf+pwpFvx9c+gN0OAzh2DcaHP619v5urqHTA/6jJpD+TXPoM4fP7yfnwX8zOQ//zo3Dvf/FvvoX/yrlDvFtFh3+2nfT6c2/s7j8Rkqd/1IG+2VgOZziGflbgeU/hJ2oX7ATSv+Kn2D635nL5Yv4/4DkVT8ktdQ/mdvqtzn6zbMX5P07/PvJnX4jFdSPzvn0I5LH4PQ3vIT8mpW+53n/CKsSIpdjxvpeR2Q1sV16kGjzr/9AJoL/CyLXhTfg1V8v9wuIsnLDm3gBB3+4hrt5Vs9kSEzDqWenYCuJuc/tq/F2SCay1scPfhCS2mcN4z7J0170ZzE2c+OakXlElVLea5uR+5ejOQB4ItMBPpo7eeQvkca85WkgrxTshj/dMWaeOIk8nwV0X68Ker0v4UPzyvWm3FXhahXlEBPMMeFtUEW4ugyqBN9vJsOQ6IqAgxm3XgZZwEmty2/Bkw89AjIJ/TlL01bCIjzhDyZ+NLfGhe2mFsWVlbhKGfCbNYaTz7gzHTLjYiO7WOylGd6sGJ50pofbK9yqqiSU0FYukW0txkJvcK4OIKqA3Cb0eN5bradE/OliAPf0G7JN8+hYR/Icq4aXFr7Umtrrym3yCm3Up8mBOK4V3FeejAJehvsVQKObEvSHOS5Uy4AMw93RWhNeW0boDwqKl8Q85q3K40anIUcio/ORkCqygsORENhQqmJYrwT5Unu3buKUTOp7WRX0+3FRNZ2wwjJi4clStdeDfUqdc3cuSjd3/eOh1xN5v92M5Tq2wR5QESIJJq0LUJKTaQY2WVdiWDZYRLt33GSEK/jTuT4f0azhHDRryoilg7AMlS7X+1W58EFAOevOsGZQoY2j9cO9xBIsUB/hO4H2azLodKX6rFNUmH+FJFfjJU9DV/bsWSu2zaOekOqVM87cYnGDSs7szA1LDf3V6AEXKRSFXNPL6+6wSn6VLvJEC/0lipYNUy+SLhWWrm7987Ggl6fI32FhhfNXwwZS6NxVKdpslV+7eWcYYkQXDCeUmyZNUh1UCPKofHN+osetzJG5y1MQYcfMARY1u37V3+cI8MqGx6OYZdWyir4tMXeboC4NpwOi31u+SeLR+zhlLmuuVREequNXcHCAZDSMfUyWX42MXtSMML5eI+bJgxKJtzt15Ma65MVt2Y2jyVHoZWSitkR7/mq1s2ytvWdeoMlLvV47gmh5TfVGqrrEsG3zqbI4cMvNjFFH1tbUkyhUvtsU3RBFEQDhPSBky8aw5dUUhQfjwU5+1YvNs4eQNmCFNvOAHEaiuXS3yjc8i6zSS/S89BRxKHDjVZe7fMUPvZCES+TYd66EKqYVIgWhbdSMXgTAfp2rddma2Leg4JY4m3ZVTOvJjpvQG3IGtSSMEU4OnVyq1B3MZ+d/QJ/kN8FU4/MN9i4VsnHYbnkMaDMciLQ89wRHPX4cPfnFXVu+80uOkpQuYhFhEyZwHG1U8hi+XvTkJltr29BN7bo374giqIWiLt6BSIJdlGy5rYu/PEnq1bLziAFAW8IrCJ9DsEjgSGcOIT96xqr5sq9MpdYLGXcOiTkwdh42eXltooQq79g2oJd1wzEy8DosDs9RmaDmaOOh4tH1uF3pNbIDeRAQqFgkuOxJZK5Ryk8zA0nAAeMCV3fVyMjLCN0X+OqRXKiQrUtPhyOte8wyg97l1PrEXmgyykYrg20S68DlcpDqlbEiQs3iwaWwpbJKfFePLE5aaysduFsCQTZxSybdgQxmVSYW6DmNAIjPoDofp76gO1ecCPeYm+fowFhBt2DrItdqzJii7ChZxBtjP3jfySbuu4gM0tpQEDh/Q5Cb34oSlttK+jDNcFZzZOSD+Pq+CL25cWk/xg0T8EFP17ZIxRGFYtPHPRngn9W+tJKPdfrKWSTJVzKKH1tLhk+m0yGgTYNuTk0s1AYP1tIZo7OalbYKQ3hUhovlSYGjAlCts04JP2gozGElxiewMeWYQzaTkdEuW3+RC1iSsSqgr9OsmCpNaJAkVmntXZHnaK1FsenX17b0Rlgf8IbGV5XZJh4RwWFzV54WEJAIDnG7N5O8Jq81w0lwgANoWkZg0SVOM3oCZ6aL2SLvbMog3aOkyVMFPDQqCat+yJ+h4+0ceruFK4zofR6ga0Bcu+2pesvwFsSKvN5fW7szZhZmiDYQ2mt1yKuHj84yyWg7THFM8ghHJ4f23vYHlecmWu1446d+b+vKhdl4ZxLHutJQCog3Ll6RobD303RZ3Cyhrw46OxOIqWKCIu/6lKQvakvy3aUyTkWrDhsDTrEt3dQlaUZqLJhzoO8KA+z/6xVR+4Lw4nXv9iosc5fBsX6vDN+XbQg7Jk6vhyph4a2wG6w+dfew3hmm9qgHXD6vIDjzVfPQpHuOS4VaFqjl9Q4GEZ6dkAofrihAgZa4Dcfm4v16Jx+OGCoWE2zQpTWwoMAflcAb6YoyG9tm0hRGrRNTAma4Q0iU+prAh8IrWTP279NWYI6SXoKGMEpvebo3UbGC3Sbk2hpSDk4Vurorwpl4Yf2lhbUirnEme9C0M6a3gIE4s6JacER0qWLwQ6dlms3yU7XZxjXR/bW/B1cLSfDk6l/yd3xUzJHwPYF5k1DL/Fbg8728ANYxN6Oy4syhjnk6xBCdLgysGTVwc5nOzmCHaCawtcuQRNET2dCvWl0uUwhVUfCSDOMpEgsImonVPtkNHMoxPGUzpsZrcCZwHrxHD+apCr0CfYKOP2rIFSxmd7k0TNyYY5IKpj0NeLKoeXiXBkrX7gqzSLZjh5qIF2uwUf5ghUxxN9sRbSMkmdI4lZ0LTmArLH9Rmiq3tgSrrofPhc8lsl76IGp6Y8WlIEkczY4Mc9pgBVbjUNkaqzukI4lwQXnOG8MbWfPSC3W9S25xd4q1uL7ox7g9THDi4HWptgcnUq0ZL64ObILRyrO1DqlOf7YPykp9CrXeG8vT6zneVb/Lnly3h3SLXxQfzI5EautrucT6hh5CuoTFvhDg7LVt0qraXqzYrnype4AoLxeTltHR33mpuVZBtOup34yGQEBkRNqmZA1rFbjgrnvWvv1xermAbme5m8IYjM7hGO3YMKHAkkDMmWAT8VO9UNfrFHQYx6NzHhg7L6yBtaNXpHJvEtUbqsTeE29NGaqRErBV3VWhkVVnEU4XlermVO906pcVutEdAp8cv+Pd9NIUOjzKRVoH53FyenG+ZmTqut/APrgVeXik1TvdIOPp1Z/f104ZMxmH7belMxAqkUuM4dJYxY8pF4W9yfHM0AcCa28dtm8t1qVAkeSZuTw33ItoeR3KoU6X5jRCcX4SHvmVRnByBG/d+y7aVNoXuVchPZyuuKVBzZ6KJHmhblscaflM1dP0u0Rae92jAKG29sndH8z1arCG1wE9CsY8W3d48ogp80uGnI5FKs+aru+k85cXSuNGnqbVcVoK2mlVrCwwT3vbkHp1NDvcr05PzSquWSLAwGddMcNiutd65VNDPJmXsBxRMNx2kDFquHXCQVM8steQSbpHuar4O/yHwjdKu+A0uCdQxz0GkvqsAkuSiKI90XNwIjoBJG/HbFCtmJF8MKH4O6XqE+1KHSerwiSPpz5T8DvLuNdKHFHWNmyHEwDKeM7mRCMGnF0GCDl4EAUFS4W8Qwwvy4LKKmg7vfoljWNd1lLJxzGULLnTb4MYX4EJ3T5KQr8KSOVA9RN14el2e6dHCXAOR9tDCVw5wmXKZ8QFxI8Wm4qpyGvQER3jLGa4BWCdKqzkwFu9Vd0mjpWcqS4qm7Z+ncSImA6mP1dm2rovrrCw4GSda6IUdTEFk3EQ4+tOJNq0N5B1C9+HEzyXj7VehebAMrhuIDeo0YVCnOe3o0XXuCednQEnkProddoYeRaRQ4qaq0ynNJurlkpsdMa/uC0R1W2bgJV4I92o1+Y1hoetzrhLUvh08M4YIGlEJmiUiwt82riQvE6LAc4uczE/Q+/BDFVhRJ6D/vBS37bd5zV7JWwnUpj6TqwQsHB1W+Dm2EO+TXhCEE22TF6D9rodWms9LarqCgh7FWpDjeCgQn8tX1OuadIup3OPtWqrezGfxSqBgXMP+eOQrhmvudaprzwxedaPotKAXpIkWWqZu1uWAiK0p/ZsYvlORFimVB/Z15hLqdSJ1uvrw9AXUkmhOfWVevMvJEK+nGRsbr0bWwF38RExmNMSQxg/J+W4isrj9LnnBXlR/lSxz6v7TvOTRu2Ywzq7HMqoLmFZIrbhysdkqvWtAUwIb8c4jsgIJIs/+fyeRArQiAG18Kzq+d6cDXEETaJEmXmriUp+RLxI6PJLNd4XdElS9XK5t8GmA3UID+a4yVSplhWTP52dqIYRtokA22ouUm+Ri1ssqt7aW1r2Kcw+YsI2DuvuPyvbuL+8k1vCxlDMYzpytrVJKh/W8mKXQ2Z5aJSYtUHzYzviAUrWAd/wV+HqW8B6N5SzVITe1HqGX3jZShpjgVX1xd16+tCJYFOB+QWR1Xhq/UfJ6v3lvmXUfY/G9xkj6bYKhxBuAT4kVJQ7XkYgcBDyT265n5YrJTge1WsaixF92oTB6wmyNT3oztEtt2aawe2VcsshRL6bg+m6B0nDCjjRvdltPELJmoCQoUdlVjjiTu0zk4dEtDqJVgeSRi15SS5VFB5Hui6VnUyU+xC1Sb+Do2eESS+cAT0heTk4biK7DpHXc7l++AVjPUcPODTt48lJdBr3LqpA7grRTHyERJ1GK0UmfhuyNDKI8/YGO2IX85ng+si2p78L4OY2YKffr6ffJribW/iWDN92RcKN02EXcuJc/J4AC2JOm020A5IisGRFn8QLD3RHO4xObTTBy/WpecmTgCnVE6yHJL1bw3VLY2l1fC/rQg2pMSTvTlalssq9g+TN4CAZf9W5iAscuU5wnQ1QrWPGh3l936p4LmZcfhSi5KtdWloSs7ZMWXSrKNgbA6ZznEhZP1t1dTnMuVQM2b1TsjCQzz0Iokufo14iarvIGJ8L6NoXz+vLuzsPltQK9V6/Tpmtb0tf44TbhGExMtlsRWQE+dhpXZcvx1X7WFALpX6QtCC6VZRf/VxvbW8CXeQfDnHPGVSnGttOVIyskck4XWD8tKL2XiMsb3icrMsRT35vb9rNZcxkj/mocavumqOGvBs1uYfG6avDfcRI77vMsdMC99WGbQdEKtYOgZjW6ZGSqI1DqGf/XsPkBpw78smuYXVOSbhvvEQpDLoZj7ejEELHrbTN9aFpReJ3Wyn70v3Zv6+2MMo2O1kkD9wbj7pDPA0828Z2us7gmnVeWvMUqhDhRqEQU0b2LbAnCW8ey3V5rYU+evh0DNv1XA8AqtEBluaOypb9Jwyb1GnZ24eq3dZ7v6t5Us0v3aacxhdNvYGd+vwXjw4F18SVbJlO2DWpwvrRS5TjVcKyYHAW2rzOKTXb/TbN7OVSZsZQ1oGD7UCjG3xZaC7fsdOz7PsABidyxWiBqFWW+QgPVOUihvw1mX1Zl04LfYsvp3DndZTdJmtjAvq+q73RrKhcI8pV5hWuvikgvyq/WzdPINanQ5VMIJGO6dDKw49m4o6zDyWwGSpgQITgKwgQxclFMZJPBZjp1MlK4nP1NxrpLwJt0H7on8MOb2uwjRkhPJlkCQZ5xky4L50BmBUVOADfRJrF3RAqBaEgps91sVvgriyO74O9E4E4V8rA796G1fciuXsPnoXo3a5m4fl6Sq4j0Pzjwr1vb36fmmzG7siH6hHypZ7I/XS779vwIAzxuT+utiN7nLAmj/vhMkcVljW1bJfBuYXZ0Vn0EZZHBSev6Lnazm0+wmVXrsNzhoWZxZRd4agbHaghCQ4Xgwun1NbxYDY2uiei+rMRaN2TSAxH97V2Ge02NH0KMtWSJ3gg3cL76vr9bJuItU5nYazptEeWtt5BZGGEFeO1TOpTz2WI1TsewG+TkrggTbgtyU2JtkZpohbC34bhI6B1PYC2lHnf47IB5zsCFscVQIzjamqtk0Z1FoPwmx13mdckS5zrpuZ4GG5J9GpjYdaOEXEzqLdSYWTEvN7qO/pk92mxdNssSZhbNDXlnq1wugxotACUFB4x6jB6b4NLkqhK6+7mGIw7jd1A/R5w8jq7WyE172XTIXSH0+gLXWltr75PQMZ9sNH8FqT+aRFxzX02qesNdtinxzOnazHIRXW9vjT2Ct27riTaZxRlp4XmmbMNU2PbtvMYeSehNRsfpRY5vECT//SSrLMeh+vzr6o4FWU+lNCBR7f0OYvJ6Zp2HKRiVYokvCJGsBxoDqHhOAUY7nTQttEz5kvonf6zcMvnmip515KsoSJeKLfwKUahq53TPvPsVqKvxSPM6JbvQAQbb4H0DxAWWPaI9fZYVdN4b6LroNt6WE8Ql7ItZEdMS71tEJMTVdw7oNveWcrLDoera7HFi+6wUej8BJdQduMus/EM4I2CrRLHUzE/8MdpyNZzZvXaoUe3tpmpHg4hqZacOyvDS6opSwKBzC8hIyDzrbdCiJBcCdoQVhO93ZreIZaui7OoKywHT+JEiqP8RvGW/dTcvW7zfUPiO8yJQ7k6Bnqr6oTDLhlp+NOr3YE19nJQHliI9weBBjR5u+33OSd0DMIH3Ruf0VqcZsRlc7kgpxmWIN83z9H3K88AHLI09ToMTw1++kNIYIYdpYFY1mEdr1ezIhuSUAPfnlN1enEYh1jQ0aL24O7N8wJpLDMqPjkFiAHQTq/cxFeKnmpcVdlkCA43rgv5+EAe2tPe6uoIsZlynHma6JPasI6Zs5OBVRIyXmV2fnAOmbVRf5Pohwa1OyP4VteSp90h6EzqKVMNm+6WoaNbAkCyLrJd77KCOCADW7XK4SBNU2+YeiXAIjKKArPe7xGzPDQCySflmhJj4TIPmev660AatHpEe5krA3bwG7yfC90NbmPo3iOweepIYIc9lNKhjtYTXRMlJEaR7nv4qMSnzHDLMifQjYeXyxqYFPyglX7gWyR/LD6V5XUScMxOlkp1iOOmUoIs1g+aVJdmpYV+lUmjyvg9fdzrrBIiFhkYq10XH+OaxpkCu+Q4KMlp4+Eqq6wpEC8JWC1zGILFD407JedGJXEKb616O6tx5aV6aDRvJ7FDM5Xi1PF+i+g5P+x93uYCLqd+QtusbsqW5sW4xhhDLnlMUa9zfPXEgYRvgy7ea3vS7gMb+LRj0vjojoEj3hXvEBRLH5mlW+6TG9hCm9/nl4sZZJSF2gICgJkjSu7ELICVtiTIJk1iVBn6ISYIlRc6o33iN04s9hgp28HQ8kfFs0hwa9oMlQoBVylfjH1gVzDsUu2j4hlZ6qYLg2dHfZRWcj9Y383veVsHp6vOtqr30jsNPZKQxo+d6l95laHg+vE1Fo/SAetTKbsB/xTxvkhJt1vxTt3dp7qIgnOBx+wRR76TUgcX4rF98gn5LEoYStWbg6sJy2C1Kl+WkVMUbbrPKSfqXayxZrQCZ6J7veCMavxcDiePzHJ6iyjTicsJuT2XAY9bdj7aCCxCoi1vE1gS9BHSXKeLM1UuAqeZD3PLSw2+JVJKGLrrzcBVhmx43N27BkWY/0R6iDuthUFPVC4YvU4ItaQXgcNm8kteH0QLJA5A7i+CJYM8Q0wybSGg3Wk4WNL3BdeR3RyPtfQmy5cbFhFx7UaeEu+W7hLCvMm80lUn1dpdJbLm9DClBJ1fLm9IfkvO5kapXmvgjmXmbkHA/Wi0at6NFnuoy0bCHrBtgypzjHQ6F1jQ4dsjnlrpDT8ULifys0YZ7WmCzQfteuZpmWFTZpQmnu8srSYUHKvdq7eHGzBbVuHiRk1hXtqKnPA6hDexkO3Sfhp3U33JH64nQCBNJRITtcMZG9Y6OnBnWKTHPiaQJn9GehcEo5+oaezPuriNfQZMdDkFazE3T1bRL2ky3rGnx2b1YKa300UMZR2SPFoua0dDHjh7NVTj2eBbYQLediwkTAE+j08xESOpzg95+6RSwG8P1bzI42CKkic1DhGQCupe03V/UjclLscXl8i8JE908CBiTswja7ojrR1YEPBwKvaoE1tqCh+WVuJUEn4gZg19dYCbelU7AOOUZG5C2nTtkcSeYcrjxMvwQKYxdHRqbegu5g/5DQ9LPtkQUkjeSLQ4dU93XLukPIJyV2lfTRmABxr8C9yeyrhTI/eRWxCzzVHPi6/D1rmo4zRhSZcEyTOUyQUpqCxTuDbjMI3yqzI3ANKZA6VHEN3PtQW2JnAqm6aw0sIspGWEVBtuD/uH4pDT4muokNpZiJXqcn9abGtI9tYDb0Q9vYZpgZUNWewxqEs2D1LHnOVUBTaYWnklqbq6nNRk6VhDB/DvPk+aZg8I7qVb5WWVtyRksbsjHCHmHJScmfYiz7AyeGxbXu5e3z/rx8OGpdu449hUgvkv42hI0BvQYW1Ccn1tifwkRAQzz5KqPqRMWxX8RSeHcswJXsL3rVfpCb1IaO8Xjvh6sr2zjiJEZjfaibyh507TzC3LW5My2IBLZdNPhVZP6ohz4h7Dpo0hwOSbZLIeIBAU/0Ze8Qk9CvJ1yKu/P02xnl62TUuR95TDDh9E1RkSAz69rFnK6JAikvfdupflJQfdCKxH5nmqYfaoSLmSp0JdXeihPR4ypsBher8yeftK+ouYIjrLPoXGt613Uqfra7E3RfQb2UQ17BIwa73aGXdtoz3BGQD5YGncSn0KAxnXh+c4WhF6CWVZF6PJmPutnEzHctYXjt8bcO9jR/W3zoZonAseE5eSFvDKxLspUSqM60MsZ4fFj3e4qiJ7IZ+3l6xgWCcb1PHoRCRRnE2BX5orzk6C1wF9up6RSV9IZIRaL0ZcLo25GwOFXCL11oN5aYgG+VpJZ32mXl0vsZ8PNmkka7ey5VwRHg9CisN02ATLK4jT0DKfssAJcCJFp999KUH0X+JLkF+VK/h9saXKlIA6u2p2Iw/eTiWyrpa2WwdxxQyJHcvXzEvKbjv53ywBBmg8Q6kTLqjvqZHfPepIF80mqUS5TFVUfiTOtW5xX1Oa7arYNTbirchWBAoNk8d6O5mBgDQ+6V8Nzni+b167ng+vwkVTpPJsP4c4qruWKGBVLsUCLzeI+3pfl5jAADiYn846e4UbKmJCJyVrOyuvXELWQcYfdMfhzhNSxLUHhqyGrEmfyTqT1yjVddurV7JLLrxwXbrROk2C3QB+AyCnv/SLE4NDECP55LBqVCJ01oEaH0CWS36UwQW7QANmDgX8t9Smaw4Kaz9Paf9KHrWuc/3TNfI9aN39fj/AdiubvcKSB6jJfQXbALMWtkSyxqeuBk8TMjl955M+YXWHaIi+Ys4YpXjDUlJ8z9FaTqi2ybzhfsTM5bor5bUxweqYJ+ZFx2JX5k5X7/xb4GWPsceaM4qkkaGKE46bBrGVtRIQJDM7LnKngVhPPslX+rIdW/t8o4cLAQL8wjp2VeM+t2+I+1z8DXkKVlyEQtPV0mnJ2tPnO4zS3ci2qt5oDZBmmKGAlTIuNhy280HMz5we1fYF5gjruoDCnuIaBMmwcFbsFZDpZ+PVbfhkyGEM48tOsZfMeliPR9mo8UMltyWntIWEXnjgidclTdHMI+lOfSJGcdcLejzXQkyOqtORXx4x/8bG7yMKdk2x06YpwUpxmfty2xm91W6wpzTjGj54MbXhXeXnV+6xU6v4m5hYARXVbD8PVsO7lR+VW8r2QEeZCtqWMFbUQ1v0t4XUZDDni9BQ6elAu3fAuem9w59uPpsBRs+hdwB/QxQWEMkodgKI9oQR05goEPfIVzstZ+prAsbSCzDONunCjZAKgIS/c2NOESGVXam/WmQtxvxQErBbaywJqPliP5RpdtCAQ0fZyNoXVxOioOfrWDYx59vJZ0o5UJX7DMu1enYdhjQqVICGkBo487AvMLyItRHj0yPLzG4f5j6EMYgZpSINXQhAGsml67w4mzHe1mc+Fqbp+oR7onwnZbNL6J2b3mFGsFsip4UpsacvQaBorC8oipmTjLMuupbB9o4Xbsb5Be5d5gnFC6J7ucXDOyyUriIAhL0w+ElWC1ybgrQvNQpk5Y1M7Y6ln862glJJlMuq40cLq7YQrNpbSueJoVWPsh99/DasArEs1kNUtcJP2KyrBeFRbFTcDk6J4GPUmPCj4hzeCpYsf9Z8CIHTEbcBhQHbPLPcUbUD92B/yZrCjcwjsGAaWcIWf6d+VVfo8qjuUBi18+JS0Cyya8S2CbbkwfaKGu+A9RtEmezDPfAPU0xxiDkGAFcfAxn1WV6MkFeAPB9DlDV1KtoaZnPs5TRjgxChZ9ZCx8fukowL6XG8YRpfmWC0/Tuf6YV6rq7x+M63Vs1CdN1ut1eklPMzM6vVCDzYicZw1Vnq5RrzSGRk9bEiVsDT35IZRdWFLE25A6eRqpHk9RmEvb9iwnjaeyUjOf3eSF/A0BhsT9po6s8gC3Yqs3mIcj7PomMoiGHmUU/lYIeFJVTY8vIxpghrMiwwkW1PImBFUI94VnNw4Rof6nIWNCTSTER5o80P/mQKR9ifW2h5dC5NSLbsWj30r4OxUWWPaTM2k9IDnkrt8gdZ2q8BJl7PqDZpkA8oPMCpTnR2NNzwMpV3+BhIz1Pap7Kb0dcdmmczEpYZQJ2yqR72WAKl7h5EE+xZQ1IVMMMhQvc8vdGxF4Y2OJ9ICeF3AQH2Vw9XBlPYkM9ILoGZpcuCE0Q332ssrKKLY7cewuE4bp6FpfuI8Sw+16+OD3YIHdwGrDUkG/BWnuFucBXbcRA2twij9FR2APHKYG3GUxELcVFW9EXsntUFiq63o8evzraZPfHYnPuBk9QQTdVVysxgH/Aa1mzFXLcG9vIl2NXMM1HaTA2XEfyCo1HfTJbFP62Qs/pUBmpAw+phVAcqNqCH+aLEuaUoLKkuWYsvvEOC5W7GFG3mpB1aJ09H/JpHrzR2xUPf9d3GC27QrIq7ZwAXw1RVGyIy+yU7gWUOgtNBdIE8y9R0SqIifI4eo0IMngdVABNea8kITRdwNi7ezQ4TZWlBm2tM6flxzvH9dOJQeL/gyD2A6Du+AkGzw9tYFEBehOraYi5qyN7DvjPc3AcgKzFf0hO0q2XejXfkjujawJoO0yQTjwO2Im0kJGpbvSJKefLDajuPTR0M3HngilSpt3hQEm/koAeGF5hQnGbvE5nv6eJf6B2oTO/hhUKQ9eZYbSPnqciIg3RHkxWC5ZrCzMpilH5saddq/Bc+BMcgGJ7wtpw09tFg9OtWHTiQrCHHHQVPXuFDyxts4KDNXdBBsTtuGcgoqYOpLChq6lmUGPorsDTYZ43Pe0nTHjNUT8flFnnfqyJLtjaO4HRJfPCW4g9PpCypBDjRfgMWuTookbKPsRQLH91B41ZAp4zdKQjRrY18P1nkjibK9fnATg9QZ224Pqf3JsxPhmiH16lqgrHGMA15RlMgp9Ci7gmB7cmyK8Vzjxe1Tc/FU9xeeCs78s5cEvNRqXO6xfDp8bjo+KyUk0FREaicDiKQpR+UgLxMRLa8eJOotfPpbCawJjYNvxHZetT44IAzAjPUBUAhjZg3vEpn6FPHJ1v11ThQox6R0UU4m3TyachekXIwi6yvCM9cr1RmEoJCnP0QEo8afbo5+ZmmgxSZVR2O1tJ87k88J9ONXscsKbeWLV88vT9skXVQcOUWM3sLRK/wRiIY7gCVTfVZJYiuV9e5IrI4+c4e7oni4HmQ/jzd4uIwpKstlbzrI8Cmh9dZEaz+DnQJrHBOplqMZE8icDlp1kNtalqrSVQ/14Oe2NDCS1ySFfR26SwIati8ryrUypt4vheoSjwxaMZ54E7fnaNLLpeLKNquxXhCkjNBw5+99SkD16tUAXnGGYqWnXOpMxdUpMUEmloV2B7UXThM65RbZoRPFSGSlNuh5qEVlVkS4WPpT2ZZXsojAPsY/sn6H7t4o2BNB+D2GRHSJoTJBiVJMWLQ90gU5kymsHIcOE0NyuN2O9f57nDj9H5TYYIaYuLVZnGbDl6gdPPNaWGd2+l8UQRyBJKFksTimXvQoLi8w2nsKjRKjXGYcUFb5NgWf6QcZ6wmDMweyxul5/qxeUy+KFoimCCefDHedsuBcEEhHixEVGfcFrVTdC7vL5wP+PeZdwK48dVANnkuPOYo8k+NvBS9CgxD/TSt+HYPUHDGEayMZJvawRxbMJUBfcmCux0YxiC8BuGKLNjlhgrk+g4FNO2WNLBLarCdYIdZndQFmznFbLWHaK4wgJyqVdAMdsVLnS+D0eoNuc/4B58fsokUGtQklFTUkmNHnsVMoTgCCzPGLl0FbLOVHJGM9QLymisBULfCiKt0Yj1d2mCj8bT9ucy7c36hXyhvhByl4SuQwAe0m5QJw1GM9SqbY2jWnXcoeRqZHshcyK9Cca/Rh9ihem8zzS3zsti5KEE5BIJJ+lsoEFXibElY+eY4aCzDKst6HwIyakp56dhBby+7DeC05umuehsXy3rFhobler66qCsIImBky8W5Zy0XRQGCGn5UlgYYRr6NMiK+c08l+cfEGH03MuSPuNPw+2Efv47y+H4gyK/DPqYFwJJbe3bmaoo6Eu4MFvvbKzmgMhItKGH7RUVTNN1xVNvxJWmTRasuq3alj7RNSklMh1C0etOWDr2UikjwhhB5QF/+TtumSSF5yVio1K6XVWI15P3/kmkjf5tMW37FCN5IFdZK6ONhHNt6D6xeEsIhFtY56bwpdKAyDMImbuk6vErFHdmG5Arvqb815/dN2npnGVZ9llmff+uaUxQap+36juHa4RZnvWdbLphaXRD94/fN4DTw8/Ode6FVyctwNPijfRwGft6O4qWx90/a5cs7H787D/Ys90uZHz9t0D/wLRP93D+p0h0J0+pQkEqwHyeXOnZ3JioR+NOM+3hLDWQ4Flxaaj0k9PElFG6lJOhTFFy+OwLhOZqOw21q5cKGU58tu71bdjsATUIM9pPGgox63NmLejXss7dXDDGc2ydN2j5pkMbyrOZcQBlvmraD94qP95wL8knb9OOjPN1x8TetPG0BVj6/1c7yuONNszFMZ5PzPdCmz/fss45DOmkuoO1v2hVDz1nY9BLbDbbAJVZaz/6sYHYATT+kT9pZ7vWTxgIah6tVgRrux7ea84V2P2fz/d6qH/dPmgbavumgTT+9d84U+NbG1rMvgAZmD9dAvdef6kDO8uB3eT/TDrVKjnOMoXOMIa06x9iRXtrx2Vf2hoG6zr7u59i++6ofxf6mXTH4XInPcbq/dPb2hbZpDvg2OcvQAO1sW32u2DWoCwW/g7k1bOz8ecdBf41z/vQK9K0+x7FG3nPv1GA+4G/KrC4vreKQb+quwFy66zdtPGn64X68V2LH2V8wV6ju3L/qr3TyVHKWAeo621+56Me81Jh+ABqQknr/nCvo4736LTnnWIE+7doX2nHHPuYgwb68p1cS+kmDv9AMNsE/vk32Nw30x9G+fLtp7AdNP3nzo94L9OU9/Xh89JXVvuI97XwmnWNWwN/w6Ckj+pf3vvDyW27q/WeeB+Pkgv4g38jGW+YS9BsZetMu6DeyBuo4tC/yh5089029J+3UQCH7bh+rfXxrn3P2bvPZ76P+kNOTr88+vfnlnHf8Z9pZEuC16rPen947ZdK5b9+U95Xsftb7laaS0UhooNCWFrO8V5nAkeaHln+bW//6+oyg1DfrMwr/an1Gie9EbhI/YH3+Xs6kXy/H/3/MmfTdoYH/waQOX5IU/ftzJv29Zn9tcX3GQsN/odCv4vqpNwW8+/6T+Sr8H/184fPRBxH+6jXo2zwA/6Ux/t+N5f9F4H+e50ic/xjrm4R+Idvw3zDk10kjkO8ljYD/qKxo//tSvvwV+htEIt/mfUEp6ncE/f2XmT3Lc9jArfH/ovR/J6XL93NywP9V0v/rFC8Tmk//tRL6yywcaBa/I/u/K7mfeSfYz6QTP0Rk0V9k5cDo381p+CUL4tfiS/xh+br+10kv9Jd/OmET9vn3VxzB89Q5Cb9K+4N8L0UQBNE09LPU/09TO313/L+TN/G772H/JqH/buW/ncflM/9K8tMg/Zwn5ctwfUX6B5KtUN9LtuKZ+j+a/gdMyhvY+ZbjfiXav8R42jJNP5g7O1sTxe/ywFwPfdnN7wHFmb/g7P+Ao35DVYDR6rosmT8r+ctP6/XX/PPbwvqbqgYsazAEf6Nu/vqpff5hPvks3QS9/qroX5SKkN+W0Of5BG6S/AWf/dTGf571vpeg8098709874fhe4daubt2cJ9YXgI7LLeqlbTqbwwBYE8SfDsAFnTbz5580BwJ+sCHvtAAxlMDjOWrbwEOUCMO+1lHxX1iNjeAIR5vfOaNHRYA10I+sKAaN77QnBv+Le38tnr4AK8wnFR6t4M9ucgD+AO2n7MB8JX1pG0feFt9jrq0n+3Z3v37qOeTdkP1n9uDOqwEn+3BP8bho923Q0LOGYF/6su7f1/TvozD19++x+vs82cd7M/jepb3c1veWE+CfLTl7MOX95xk+yVNryz/A1e6Y/ZP48H7n8/euKjh1Jj2ibcAPFHbMfTs6/bRtgsKuPWkwVqlARoEsE3dG/QP/LTGz28B7rdpVeN/4Iw1/IFBAnyQe2OPZ1/OsePO8jTsC007y/+gFcjXNPtNO8s9znY6oO0N+4HL1of2gQNC57i/sb6zb6j2gRd+wURX7ScM+Aad7ThpNfoe8zdWXB8f2OWXOby8+/+JsX6M2yft/Bb7ib9/fg/gs/uXOj7LAzgu/lHeT/UCHBDVPmnnmGCfOOD68Z50jskF+iXt7Kv/OQ6I/Yktaw7A7S7nfHEb6Os5T6tWfcjNm4c/aNA5Hr+knWMd+m/809HZr58BnFb7wLiRs2/bZ7/WT9rJZ1/R3OIDnz5pZ7/AHOLaF5n6kJev5rp4t/OXtJPPNq8C48ntxpt33t+iP/fH+2quf352zjUCsHUD9IUF/M0B2Tg+aajG1p+0kw/qN/4Mv8cB4N5sDX32ddcrCeiI7QO/lj4x4Y+x0N749alNneSUU2n7mVa8sUydTdbPtmwfuHly8l2BfdJ2/ZDf357t3t7yA3Dq6q2TTj7jNv2NoYP5ThAN4PU7ds73Wz+d7Xbxjz4nYH8C+izz5BuwErx595zDj+8N1gWaHuwf4GAf5OP7Gj/HFQI8qdcr0GUnDyef43/SvL78XMloqUv7KLCab1cBFT3X3AP7C/pDrLNfWfG/DccQ3+IxOEz+DSfon//3K9fuj4Jev28t/kex13+3b0f/WL8M+wf9sg9Y7T/lmGF/Wsd/Wsd/Wsd/Wsd/Wsd/Wsd/Wsd/Wsf/RdYxjX678/FfZh0Tv4lp/w9zk3/3hh562D7w6381+fjvFfQ/SoD+L9SnRc8aILyQ2YCqfjep+W+kQP/Ruc5/ywf4lzgXo36xz06gv+JV+I/Kf/59LwP93+fKfXuM5qdrVv7Ze1U+dkt/rJNH/9rJ+89eq/L3Wvm/4VaVH7Hd/i+JLgx9uYTmpzsE8d/bb6fR716R9cdtuUN/gNf+77jN4DHPw/ReJ0CMA9gWBaM1/S3pQTqE9Vl+bGmej8AH0/uX4v9o/P95M8n56l/VUwP9DdyC8IMmG4H+Rn173hGHib9Bf9fKoL5zvAJF/kbhf9R0f+/yiv/+OwaJP+8Y/Gms/5g7Bu19avriLz+dBwAXE/zIewb/AMuIpn++TvCLwOHo9+4dhLHvGPP/RBQQiCPuwbD9fKjg7OhD61NwxIP7/wA=7L1Zt6M4sjD6a+rx9GI05lHM2IxmMrwxGTMYbMBm+PVXsvfOoTK7q093ZXfd85mVOwEhBVJEKCaFxW8kf5nlPr6e9S7Lm98ILJt/I4XfCIJgqA08oZLlVYJjG+JVUvRl9lH2tcAp1/yz4kfpvczy4buKY9c1Y3n9vjDt2jZPx+/K4r7vpu+rnbrm+7de4yL/ocBJ4+bH0qDMxvNHKb5hvz5Q8rI4f7x6SzCvB5f4s/LHSIZznHXTN0Wk+BvJ9103vq4uM583CHufeKESoeBJ2d04ccJ5A5D9RPyfFzDpf9PkyxD6vB3/XNAftHzEzf0DXx9jHZdPBPbdvc1yBAT/jeSmcznmzjVO0dMJ8gwsO4+X5uPxFxxh8KZo4mH4uB7qfEzPHzenrh0/OAXfwPu4Tz9v0eM4GbrmPubgazFqVDYN3zVdD+/brs0R0LHv6vyz8DeCpCH5Tif45GNYeT/m8+/44A+QiH+hLJwTeXfJx36B7T6gbDD2bwz9AvUxIxjsgz+mb9hr+1F2/oazNh9l8QdHF1+gf6UavPgg3P+CiOT/LSKSOEmT219IxP/5pMQHBQn6RwJS7E8oyLD0LyIh9X+LhKdTllDZlyefgpf4lUTFf0dU4sdpyW43PxKV3v6qeUn/3yIqx4oYoH8gKvkrxS25+Y6o1I80JeifTFSc+lU03fxAwjyD9sbHbdeP567o2rgRv5ZyX4mMCPC1jtZ11w/8V/k4Lh/0iO9j9z3h87kcj6j53+iPu/CbJ8L8Afl5s3zyxBj3I0AG1LckhWVSiUb8atBmnzVSxE5l+ir8qIL/jAs2z+MfTG2Ej3+BByBOu3uf5v+g3vbnvNLnTTyWj+9f+jPCfzS1uhJ25yuPsd/zGM38jncg0op8/Gj1O/b50o1/naOY/yZH4d/w01fu+jlHQSL2y/Hbm29aoduvzZ53n+2+FUjUx/03DCVJWwzDfsZqGMay3zz5j7Ma9FSepP9Hevvf5cl/Sxht/28pmC/W+3/OaqDp7yc/wf5Ew/zMmP9iXvzpRGX/r8uDXz13Pw3BP5y8/9W5+9nL9+T9lycv8TvrcPMzT/xnftyXwj+fqvgPVDWTCsW1CMwZux4Fq35PZUi4K7osL89QFocQVaZw8sZJ3ljdUI5l18LnSTeO3eWbCqApC/RgRJOcezYHw/UVRHsS8/PmVM6Ii7iPNwhZPMa/keB1S0jDo/iN4GbISQRvKQYRLRyVBPM9XbEyVg5YKnQPjczIbKFJfaEf6SV96BWYdJ5ds0taqkp2jZRDZznqqpdqEcv+NSLO2Od9dmmaDNs9cgErdR5MqqAvz7+Su8TBPFjO7p4QdKNW1EUlz2dznafweOhU2WbVGoP1RcJeQWEs1GxUOmbwgNQqkdBXG1MFUOhuWOhSONmrimlVsRoVvOcBfPe39dA7RcKvECx0/U3dyr6bgk4Y5bPN/Dw34arX+u/ag2/rTp/wAjjG6NIMCRyfunqLKezkQ6k+rDKscllkLIU7Z3LxqsPjSxbMDRxzk118OO5DDfFQJXIzaccdnsgeq158IgroRyTb5QcOFtgvCo4P9iG9w/EvukMR8Br2RywMrJh1T591nsKeZe4TV/BahH08B7rLqXq1C0zpauiVDp/vhNdZfMEqESxxhjhBOJod2M5ea/Rs1h1AozKtsgvTgfdNOBtiseh4CK+vBiozPHiP6Yu+UDisiyPcojNqo6M/Nwrg+4XndaXeIe5QXfhOdf38c4RGMJ/9R/fFZz0K9elFM1jmeqhP1BOu6z37Y/hwTC6CC8fongXdLe6GA+HDvqPnpvPsExoDba/P80f7AsGfTf7jTyzguCAOX3iD7xXXr3URrhrhda6f7V71VMQDz/O3PJAR52sme6W2fvLz9EjJqLUKNOHRv+/EMP0LRSSJfx+s3JA/ikiS+FFCfpb9+QLyn4g4/68FYoMecHFaF0+N+V0gCh1/V2b+XEJ+J0T/jsy8tlBm8qXPmYcJ28tFB+BhON5Z9Ap4hf6ACnigw7MgXEtXRSWANHjHt1UeVAnlQTDPevyRU4MjrKl0DwC4jTaJJ/js9Nihp/LxIAXKwU2ICMsIaYlsDsri9B4HdJ8SxjmVvXtC7toLlOHUVkYQJ852pYOEKPX5D7yP9/E+/p88+MUkKRteWCzm1bQLgAitMFviilTl7U4TAGYKMziIZ92TDuFR5upYnqdMOW8L1VGrHe9ddktx3ZfDoDnUQxfEBdpEuFGllOl2jAUFJcFZGMfZtSEevEhxxGbvYLPh1qzt+TvXl/zAx89R0Izp0adPoSyVIXFookvWxcG1T2QcyjBuTlsDy44RmSvNJidn9tRCwKAI98JZDeQzVe7K7q5X4caqd7JT047fXPPwEt2Sdkfk7YY/dzezvsZxe9tfbrfNMvY3CGEakv06agExMiV97+/bRwI9B2nSFX7autI8nNQl7bVVJ82VFQ7YaHl4lhwJo40JaOKSI5LUVK5VtHm8QIXKVdfN/TEwOfPYWsoC/UjJxdnHiYKPTj0Dby0SXm6mKjIg3mV4vdsdRMnLjX4kj5dCaLwT1PmSsJJmdr9rJcX2O7lLi7uP+bG2x2Oa865nZz7kma+VTOBdpVQra2cf7SGwuuGd+kaDbrgEdHajRlI55hZ80I00vUbrsER5HtHr40TSJH5ZHzd6XY2Vvk7rWS/3S4voFWhMc95HFG2uu4thrqAR704HOxXeeAU+Vya/J24PH5Z4gdLW8QO2kiRDpY6bBzueM6GC9wHLuU1OWQ+qz/EOIyn62D01DrfTMMOTdX+QgOdP2yBNlaUrQj7eEN4MTCNBeMIlbLi0etmK3Hq07Bm2g3YlE0q9qFvB1lMGZy2kh/MQbHE+8UFY5BtcPKCO9CpPbKQF544L92j82N4r60a6NVy2iFXjJ5M+bq2TFayNSp2aSAfW1qPEwu3ane6ZA6OqxIOWjT27Qmi0d8NPhR2lkmu6uB1PwYbsC+5OyzXt3V8qdGcmwZ0TxlU6zk5qCy2edMeNDp/4DEEBT2yBs6c3lc2BnS269+zmg4L3OW3VfIeKgGQ7cC6aQHdMqOUnDno/HLQQ7ImfVai1W7BXRVsEIWgKlwwHfgLAmYCWdHgDbK4QQkEcYL0BiEVTeKDgMAgKVpIhKAnjgAwsW5/28B0JkHc+tDtC7sBXoBCA0QkhMgHYQhGv8CwCYJeTCmxwAAKAtgsvgsFJAdBtMO8gTA6IojzwsKJnqxO0Q7gz0MQGwhRB6nio/4DnA9R/cYJNIEwFyKoC+0+BGazIAFJTENawqlBIIq8jU2gujALOB8GEMMQnDAc8YcgQBjKQjhDGqUAwaIDDkYJdCroGA0CDMEwPwcALswggjDvwHBx23Ib9iDmbh+PgDhqEcQW8eoQwVJBBGHBsYg1hwH7oBS/uPTSmGMJAHVuA6DQIBs+DJwwXwtg/YexVC8HgEIwatoUwagzBkEX5CWMDYThPGJ6DcD3BMgz2BmgTJ9bwvIW4ZREeZHilwrYWUG3NhsPkH/C9O9RGEDmMh+9jYJszasNxwEBt+C13UEXUxrMtIAGVJyFCoXUIq5wh4W2hMEIeIB5ZJ1EM4DkHyMwLdGHIAWeDkJ8LVFIBD7bnQ34q+AIyTQUSiwd7wBc6QLxyAlyhXbhaBpwHOAl2wirkCTbjCBHwAsQJbjSHLN9SCA/iAE6Dy4Q2Z8sdIBRb8LgbYLkC/r89G9zENyCoGKzgQGwLMYRoyxh3sQDoBE/oOz6GfeLUe+Krc5hA2RX0uB1CpvYKGlxy6tS7hN0TbVwg6/heYkLWI4G7OqyOacFjnRrqyE0SuDYduBVs3BxZbiweGqzTrKt62QbHncC6G/N2mBfgN+oZcEE7mFZ5IB5M8JAdgi2SrdP4akEW8sUDVxWJ7QVHJjcHvSnuUSB53/I0WG/ergang8OlwjiTbg/LN4vFwo6P00FJuqkr9qkHXL62tZfUo2lrC1WOlEKhLzlaLSDgmgrdcKcAnWGYEzj0tH/H+bsXQW+JE9Q2LbjcLySwafqKu1fXgAmSGIpOY/aAKNElVgjVKX4QBZGwumyWLAStxIUW43d1afcFVxwFPi+TdNlvw+G0vdmrfNwm90nIBVCwW0Xit+ses1NgqV0/bMnYSpCyQCM+5lET24wYAkrEBuOE8RdzVz1O96S5HBS14CjRzcPx0T+sluJqg1swRsO4AjzklsiC6NGOloNTjW9ddMZyChXRN1OiXq9J/JHT9DWAb9HL0bQm3lY2d50gH8wiuqfbzNyGpbUGUWDEiQPZ1TUQ+mF1Rphy3C2DQ+lo1wqjVk+Bk1kvTaXtR2ufpuXR9pQ4JfcCCIDsKmG/8Yf15qq6jZvILy0T2wPEiUW6iOfsU9XtDo2rU4WfwjmwdEt7mi+G6u3V5MhUdyiCkMIWaiqY9hhnimvfuhYIhXSjk40hIBaR4u16qMQdMF2Z5zetOalip0JESst68MDKR8umgUTmxbv+AAocUTKsrdLfHFU/koklEQheoHNwglNeIRzTCav/Lbuu5Bxw57QZzuNbIaishBSVhZ9Uq5/PIZqbYOY2rIr4pbmWugtn2mxzaGZF1z2TnWTY0ivUzNS3bVPZkJGEDrBKnGzsASyQXx9NCgeyxaFs8wFC7C2536Z9QUGpyE23rSJrnQ61CAbiaQKKulWQFGng2DaWt4FyhyssNCvSZQtZpgPntpwwNwUHToYiCWk6Ewoi/iKDXSjY4AbVzJmXEQuBPay/T5WEhcwGq3jGYE8aBudDAUqmPOeIza6Jm21wL51nrFlMvH0Am6engOQHFqeDTteBtlaWfqETqW+ByN0ZWYfanhuvdHBXHiyybVZK1o7bE7vcYg/KxElNmfvikvkhuOFrXgjxva5mEp9vI9TrUbPuItfdu0dVyE5XFDu9DqKJXbYdxEJ7qPZR7t6ivJkVUrn2TnvZDXJ/OiIKXGUV4K0ejUfzGO5OFQtIcNru7/XtsW9ytlYhCXkaT9hlTHdNe8amwQlwNEWj4LbjjswjgmZJYbVbQWP4/myyMbs57SdjaVamhPXOuPUg1YaEIhdI7aG1tvyFxyrS2+FouldeX0tzstDOCFLOltQ6evAjQYnifmGaki4jKMUX+36imbStC2hlmPctfowoqKh2ZaHTxmtyOgWLmN70dvzFtaH6PckUeR4qYvLMSfc3HkaeSpCCkXmZTfeHQValJwqFQPvIGi8WrOOK/dixsXVP6WGe8qeBvW1lxMBbaDUJCnbkZySFrWTdqxw84g5RK8wCsgI6x10lklmKTXVxh8w5CNW2WQTqvMnT+kFDnpqUKMPyto3WhxmnztRM4TTvLkeTTB6bNWdwxOxyGrQxFx+OrlkASSOCs8/G0LgZ1CpoOiy8SbmMtfIxyhorgwYDtjlvl141xjnca1DzD8Hxym8oDmh6v3G2Y0BypyYXCAtrabLXtiaug0koN0GfnLCsqxdJWaLtECOVTNHnBj/eWvkqFcicrTO/OVLQBtHDTSZRNME0hc3eLlGM8yLSTDYcNbkdiJIho7O2vSmk153DEVpE3dKcWZA4OsSbzzYPj4K6UVfXzL+moLItJObnYNAKdV8WMgiPk0e7KXfeuWkkXMwCAqHIKtyW4W0gbmgpgGG788UzSGiIUNQ5geOHhea2U+7IyXAbvLYiaEkVYutZ8iMqIPa58wm4+sOJCUwFu0pKvHS4kNwUWoimbXCMkJntVUDm5v1aHW9nxfKL9iZQQrM3+XiZChCIcfUYdbJdpX6uPY5zhbQ3hDbbThEu9mXcS2E774LRjEZmnoh4mBPAQhdRMsL5okdERGx8wsmbkzFddb7D++TIucN+nEQgbfsG8U8SYdAVCepFcyeTSW7G/aYCpA6l9tS5djsyo3rgmtA7n/NTZ+T3cwqNl9PeP2LqtG8bKAh6FdP2ByY++ixlIV3/MKj9eG7zPpD8WFE6ndmRmaXWEFf3B/6gT2QLulFAdswIle9xApiy6RdlV+oRMA8pR6y1vGadh5m3jY/w5EPLUuWzGEUakzG4UxvH2x4znxaw6wCK/RxOd38NoBMsHJIBW92RkNSIwvptYnIjtEILLe8RIJzFyX0c6Zb7mKPVPZpbt0mFEyDtEuq8h1EjpPRcjyyXYYdmmMyQ6abXkW+3vQBKEKEL17Ca4CGfkIi0xtDobUc2Ew9muRjy1aGOfeIlebpJ78ceGq+LutKntPVbXW9Zit/QO6aUb1BHeJ2ZJIiDfMQTDjHsBvPOjZE8pPgBWuk1d+2JEPmAKe2nXk4l11juWWHjsBjVQ8PYSO5HNvZPOyPX9+SA+3n5iGgr5AtjDlUrO/X7YyrhQjEexX8vZPJPHfxLT13zE3sGarGAvewmSufD6d0A2aZrFhoBBbcHp8KC1xjUh5pt7ixfvipLwYOg4NRHNGkeYgwV6ljoFjv38CU2BwHZTR609Buw454xBnYf38kG+ku8cEHvlujHdLRa+8wdXaUmrB2so3IM9HzuJ9ncPU7y8bibegoxgmgL9Xw7g8d6Gy4PZOWOjW7Y3PZ+JUQODNxDEjoOcqPMLZu2slsOWrXWniXdD9tIJdlxL3ObE5IPiEQqCz04SOvguCw3MvSEzYNxzT1GJdDOqQO9I6HAIIq8ehnGjzWx+wOr2sKEbLKrjTHu7uBYiMXt1qLzwlsto7ctD/j8aou0wE4bOxccC+f7ZmpjpE6OMZrt7UMnYK9YvXKqxaLPITjku2ykryeRYeptA30NbLPfRLN5i60x367CslL9LANRQFhDvH4ZFoRnYuseyybdRlIcYoQHJtWk8Hg1Rh/JOWTzrdRuEzV5FEJCnuY+uPQIedBCTu5Rcz8UEK/TbtdfLq7PHC8KchAehLYPeYUH0HZGU9AgGIJOWN9c3LSfZ+hmSowUaaaM0JglY7wl9tt4Dz3xSeP2yGXLF7ahMAa74ldI7W3JqheW2rGn/Ujch1oKkdMo0fLgbSHszTVhvXvYFvj9QZdQB+SHcQoLJrG0/HB6QCHfyFIuQsezrbMjClUpFOYy0CxH3o60MTZqZU82OOklTqLQCpd1JbFPW6scEMo3J1YaT9hQpB3gtQbTqtOWHIRjeT1pNEcr44knN5kn22LFYpnLPNCw7lRrGQ5JT+EpYXb4+shYs4fGpe1dHlNZYfTlFl0jPCGEU3NiVyQPVkOFpiF65WAlUnRWVKUAqho6ojPmzOBRYtRZWznzH3GDlJR3rYXCVLn/wET/zxx6h9hTVnfT9USpN+hsc6L27wBcJz61LWi42AHYB3IoUmhxyAbPpSh0egpJdEIxiG9PT6Q+T6jFtycbnijfvtn38322wbRE8ZrjND9Ar06IoKJmFX3EtxkKMLrKoQzSZsPZ48lBXFGhCGKWiwxyy67YfX/d69DQVDAOibMreCDXDezTZa3a02OPCtMcJ7RBKONzH5tJ2WLGLonr7sbgcnTsdFyFhtEZEL2pVLtETw400sdeZY3Htu9kakFcTj+UAMnPy1HDliDtg4iZJQWXnQkOR+KqqWndKIKWOdujags5b+qLG6kbS7t3dmGFHFAKRTUV+qTf/WEe7gMtjXcrO5SEbVoct3A1z0AnZQsarupDosG2mdMrBjJrE9M4GyGRTVHh2tBtBoqN7JAlG0+GhSZhFGUJY0Sn6uGTNm+bgw52FJBlp8eY/T4gjhGzq8bqUJi44vGhDHWNhcjHMqdTrPshRbaZMhzwUOMmHosmCVgdx2wJEofMhMLfUsaklE2Ea8MMkw5OuC0CowbBWA0jJaIunI47fGuXIzXAF2MbaPrLIopnHI7tadSgRUUerVJeVV+AmPAMEALT5jdIVB2NrNHItsLpQyZbwoNqgqPyUmC9q87J6XWN6M0qlmIdkb1xmWi2RYQiSqRM2iT0uJgfoPF7A8NjlgO/XpmemWiGWR7BgLnZPQ93fXRIT3QP3QYkInYzuYxyMpq0hBUudxMyMIEFeOtFR26ZThI3/ChDraE64uO+U6oDtRuwDCf0bWZ423RC3uwO8rhlcwpBZFukPCP6HtLMkSImYztS3e1ohFuvlhhVtPgCVoTeKkR9dokWND6kFOvb8oDe8yU1uL5PUrRcQV2X+65Yi0yAFg2ICq0l7SnbmWl9LZPlYMooloCPBDiZMbUvJ82+QlsATvQrMhBLgage+43L6tuUTROov6HLElIHCVK9xaFl4RTaowuXcLOUxbme2yIO/E3OZ5dJPmsO54DxPIEdkIt20kYtVzuVDNVQXaXtwQwpdlABCzZw0qfANDubpZdmlMhMjJieK/3wSkWnMjRDMS0hF3D6Tt/QAo1MP/dw5tHwGPpwsfS9yTQTVLMWZQBJBScRy7yxOViV1Z0gR7ezDJmCaTJoh+2wQSggcYLNeQ68E9RG+X1zecSmmcX0bTPfBShXkAXko6izLULTeT61u914BgOL2LejT5tIz8Upt7MJIgB6d61wqy9XYxhHLbLktb/u82jrZTMwrg4cPDRArrgjDMo9ci7p2hxJI4rwvFzT4qYBlrtDq4oEYnQ4r+td3Z2SjT9fiGoex4jI9SKfDDhFjnAeOQdi0colX+YyKdarzu7h6whVmaTNpbGhTSAPgMnPFYqmta392PYtYzLb23ZoT1JpTtzllKqDXg4SkCmu0TcXSE9P3GL1xaMKZAjFOxTJOO8cRSKAtMThikwPKHx5oJ8ZVhQ1lItzjzo0TWltFOeTs8PpMzdxdHNsbz4YAAl2xUzKR+l81M5yO7d9ZCni7UToAzQxd4E7i8CGcnIJ+OWIphw07V2FNRoj2bGUTJJlzoSgVqhAmKE85c7AX5OH5ea7SNydLvkp0siiMcf8xNgydDNC+0TVCorNU9fTWhLsnkiRC4vU13g3QLUh1tVVCoEY62PPT+AOIn65+CtxZvrw5Nzsw25LHTYchRazKuZAD2DhtE2CZRpQOQ3whywi4Csfj5HMwHp07KWDUiiLjjgw3B2SJltKKIQUjNxJ0eL1sNkblty7OwbrPG0mN5LeE+AAyAvIVRYSU0vBIlbZcIqR9IgXrfY2p+31ALb+5uxu8ErCuLgZalFCKzOqgO1Z0KQKX+AnB6kyYk3Xw0NEiz3O1WcHadrj/P1MQS7RJ9J4nBfJQgkYmDobtJhxYa+QhnaKzyOYYLmEtWsuwzmHA0UTxNBU+jpVLhRmCDdgPRq5yCWy85hHxA28qfoYkhFQ27qFbOtdwuQz2cfk7C76pMTLbD929zGivAjwgu7dXWG2BSTI+PvFjkT/fL2LSp1bPZQCmhTOVCUcUuDtsgjFYm0HQKVr872pz7vp1FUc1DjhBhvpjjiPlnMUoeKnS7a1rtBgW+CkdKzrDTq/PRvmCscaytUePAZjNrhBldBqmS6zYkH2ogEo6e2aV/Lx7LOAeRwOLDZgwnwfzZYsB74Q1l1j0jGcoWKhuyS5Tx+UKuSXy3w5TZfDGBx15jQbdsE72aie+nAQ0OoNL9b5DemjjF0u2fHA3nUFI6K5F/pgW1RAnqwFeUskUctoQUjduyEmGRtQaVoqpkTXsVRw46gVkOIuUMEinHQW1/cQDwK0WmNCMTYlKVPAli5FmoWFs3aG08SOJwIhOieTj1aCdKAevJY+iXx7Ma19jfSaVXtFgR0x8SFP0KpaGv/i+FwNrtAdvOr1pW9WGl8FZTaQUjzTW22HVirk9sqZByB7Foa/vKNShHItgoM91UNxrK53xZEpOx+uLHXZ0Tr01ULAXcptqNsALVPxokEYPnRhuHzuJj7p4wO58bKHfGt3K9AvzCbcrtDcKOSJp0sD41LusE7GPUYy5yitugX0HPqJOnG9F3uQAb4mdiedOcRrti+T1gvyvJYe7gZxzBBBz1WJd9uE4eHbMyA2ZXTXTs6RTSE87oJBjYFcvG5ygUiEpbdCuj2juLtdHgr9A7pg+OYYM7cw6bo4OZUQm4zey8OccoUyAVrxbpdTHrloGYfeAe9IeAsmNAR1S+Ec090hcykBLbJ5qrbhm8o8CTd7vQT26h0UbJ+yNNQw962DhQIFeTYDNz57EHRh9cTuEhv9ljuVmXUjAnviJZZoLlAgQkWyFKfLKcIc7dJ5UhZgFyLah9n5PPGhub3A+aoBy9XXWdOv27tO3/OIS/RhMQVJd0NwFlQwKTpgjf28vyeCfnoMPT+MJ1j7krAs2Ns0sKqtkPJBdcQTW0qTvauuSxLLLWS+YRLAiqJEpDwJHq7iFamf9P66VcqmvlyURCdruwwmcGuh3Yb4/wyNhPZm7mVrdZDL5NDbY3s48r51rsvzAFY5hmpLIOlM3G1mLEzE43af6coE+TAlbjvS3nX9vDtCnW0CVbiL/CajeUbhM0nLxWTi1kPhIAcXKaGjX6gPA0NLHNzGnKA5Yws2T4TVOQtMcaO2DHt0zXyXuAFf1VYVrYZ4EmmoFcb4yu95bg7pofGoSNtRhyrr6aZmGaLXGmOudV4zjox9vCaQQxmatUEt8NGdcLlLqGhy7BhKMTr47lGuWEHd6x2IDRzpl11uyxOlLcIWHB/dsrVxYCV4s3QghxanIZNXgMVHtmtdwrGZzYGlqijEr1ctuuY2Zp5b1l/jCyPzq4x2AJAiNFI5eKZr6F7NF3Lf+rZho30PuAQVL1J7PNzvmDE+LoZrSY1qbaTWEEktYF0jlk8gRO5r9Kx6XQfsjOw7vO39LFUISsr7JBomKwF6qd0KmQrVu/hQlyPR6Gr5OB2DnLsasoUsSmRWUg/5yLIapRD3iQi6k3Ee0BKix5qhEAtVgHwkVVkdKMYlm9lxMTDptkJuM5NmEZKSAd171kPmkDkZjVap25JeHx/gRtPkg016aDfeKU/1c4sxr7K2dQ1RblPGNwpkpcNGPC4hpbe9KFlIh0qZKsC8nCWVxzr6WjBgjeRytd3bM4SS9a5AelD/c3pSam5X9WpmHIuz57B5lj2W1l1ys2WMm88k9yt+8UsooakQu0HT+EI82DigTI/rhrpuzSyI5btZRumtsPASGg6MGla6TRTjkdPcldtvWvPgmxTZY3F2CvcNcWHwS9UdgDkle1kNbUslsBNzilrnoZBsrO78s/8IulEMOt98aOK1BvHd6cBNGCxdeS1obMzI83cG5+9ogunK+FDzG4cgT5dpgJZAlq9x0E9SfOKRKSBRuc5ROENgVH1n8uxys4fxShYMb5eyJ9y88CiDnMmT/t6MdLXFhgS3gvpRQ49YGpNCotmFTjYBgUNb05OB4Bw2TQsSpAdGI8Nb2sNc+C5FuO9Wnr3eV21XbIjHnlFzRORs0WsRbKOHn5/nLXEU+p5SHgE+XFLGaPbnLSndrtC34eJaug5t84iai774HNg7RvrQuUuPE8t+uRrsfN7Rkj3gJ0LeZwd9/0QGl6pe7OoF5qL1a8T++jheF31fKIMoP3Qo/mtygyTEmXngJFllFoHWhWiDdP27iaO0KiZskW6Mr8ztvO/iEHHs/uaSUNJJwlmwd2BTPheCYr0TbxlyCTmaQtx6JkTr5LbtrWr25dWp0kF/dIfkGU046qKJJknXXD3tfDsq900bXEMrPybamULem+ucVLO32GFzsXxOMtSjJ0giG7XC3rXu0nQACivXQW8QTHYLNCNVj3nDH/JHLjZxq7n7czpmRHzNCRdaAGp1jXPxn4iR8Bx3BPN9iE93oSyAcitjFETYtYUo1TuZfzzEyqtUnq+5BJKMs0gKZFYclHAGO8eru3UT3W6LZ8LA4TJ5xB6+7iyX6qQ7KK3lVhGh7raODjruFlvu+aAd1KO6eRyYWt7hB5mW79C2KNg9C529Yn8YY6spZi2uF2Oxx/rkcosVH4irGhZJbBXFrJI765rQwgZLn1r7UXhsudzBoiKr0wfBQeMcCbo53XmA7kcjhqRdk2131s8SeTXPJRLEadzWKJJx4K+mUSy8um2XZXuzpUxUiy5o0DNVhBVvN22eecT+RXbGN51843Z80ZKaaB7hY67VmLouQDhqXL2yJ0kP7kPSL0aPktQym2uwqh8fW44GMnQluYN2e0W3HM83D3uaD1X1lVP/y35m9LvfCDL4jzn01E9+ZfTLfoOO/xMbfrxz6N859O/jfbyPP+d459C/c+jfOfTvHPp3Dv07h/6dQ//OoX/n0L9z6N859O8c+ncO/TuH/p1D/86hf+fQ/2vHO4f+nUP/zqF/59D/Scc7h/6dQ//OoX/n0L9z6N859O8c+ncO/TuH/p1D/86hf+fQv3Po3zn07xz6dw79O4f+nUP/zqH/z+fQk58fxvjL5ND/E19cfOfQv3Po38f7eB9/zvHOoX/n0L9z6N859O8c+ncO/TuH/p1D/86hf+fQv3Po3zn07xz6dw79O4f+nUP/zqH/1453Dv07h/6dQ//Oof+TjncO/TuH/p1D/86hf+fQv3Po3zn07xz6dw79O4f+nUP/zqF/59C/c+jfOfTvHPp3Dv07h/6dQ/9fyKHf/NX2oad/SJnPsyJ3Pm67fjx3RdfGjfi1lHtmxqMc92dW+9c6Wocy4QUcFlb5OC5OuSIg8X3sYNF5vDQfT/O5HI8fzdF1iK7/Rn/cCfM3j4Tl86aF4302+hu23X4WhN8+/drwefddSyvvS4iyvP8ofA0bjfVfoC/EV3fv0/wf1WNeFce4L/J/BJAifs4xfd7EY/n4vnt/Pv03/0364/8a/en/DfX/OoQm/6uEZv74xzJf6YoIM53LMXeu8XP0Ux9fv6fhcI6zbvpActHEw/BxPdT5mJ4/bk5dO36wAWQ1kov79PMWPY6ToWvuYw6+FqNGZdN8/vCm7VrEcsPYd3X+za9xaGJLPH+N83oSfMhP4hcKb5yivhPe1OZH4Y2TP5HeOP7LxPf2B6qCe1aObh+Xzb//Y6if/9Lpxx82/fy3Tz/+0ml4oOjsDHmI4C3FIKKFo5JgvqcrVsbKAUuF7qGRGZktNKkv9CO9QDuzApPOs2t2SUtVya6RcugsR131Ui1i2b9GxBn7vM8uTZNhu0cuYKXOg0kV9OX5V3KXOJgHy9ndE4Ju1Iq6qOT5bK7zFB4PnSrbrFpjsL5I2CsojIWajUrHDB6QWiUS+mpjqgAK6KkXuqgvBk9R+hoSz7JV/bY+7AeYjVpH52/qqZhWFatRhc/6TzjrTvhdu+m7ejyE03SlKkfXRJ5YtdRxvSqWQx2W2vrT/s8mT+FwDJi9irRW6Ysp2PBd8K9Cfdfv8N0UfNeCYOslhdurisY8a1VIPvvk1p91Zt0Bn/BmCI/8WgcF3FJ0vhtVOhtovMsnPJGE9dev706/1uG/wMMCSKvo0gwJpFNGnK+Z7P3dMUG4E4RDo3ZaBWijOgi6q8J+6jiCCXE8wWtIZ3GBfYS0Kl5jhq6H7qK6HuoDoS+vPkCcU0Ylon4QkLaTXqXPfppuvaJxwD6ShhAurzF7C6QPfF7A5+L0Git8X6VDmor0C4YHnzfwPfZdh318wnAQPmDdkqJNwVtR317991Hfi2fdNcRefQYvuDy16FX9WTYba/2qJ9SEIX3DB23WxcdDo5ZbFMMoDSp0h20qS1jMczXkcAONBvYE4gRS2kE9UEk4GtjTAtNXONpKRKPFPnpIGKsKsaEuX0ZT7Z4YNgWRRFwM/yA3pbgh2DMatYY4FnKC6VAz5KzVRFh1IFYFD86e4m7AOuZzlOHdWAEBOYmC7SA2iwlSAF3TNqIS7Iexhk+q6Gj0a/GcKYiD0Bn2GWIshH2GXFfZT3i6+8Tuoi+wvvCi3O/H+s9x1xObY9r6Q+RiZXSMmuTC1hGvFiExX1MeX7JgbiA+m+ziQ6lxqKEUeeG3ArAf9aQ/KQ3H7SKpgfAiYk98QS43Vu9zzKQuoP6LL3ygvns64moajQWOE+EUzUIKUp2CdIH1wJPyBqr3ws1HXcQZ9QzHWzxxXqLZdBae/REK2nziWUXcNn3W05/c+4S1PGdAiSQO4kgVwtLJ12xBsxTyxguHq/GcuZDjBUhncUK4Jg33ySNQUni4/nynDp/XlPFqQ5gumoEqnPk1BTn2xWNCQTxhLogugH69E1DGGr3au8X0pGVJQWlR0K/2cByIrpUK+aj4gJlCyee9yioV9gmNhSIgXpcXzJQw0CyGMA0BkB8wIT+G5Ks99H+R1KoQT9uEAUeK8G+69kf7Anu1h/DXGv9oT0IpTL6eh5jppt+8f0I0nk0XrK/5UOC6G8Wuq36d5ZX6wqurk2h2Qz7B4dxD/D19nWecgKQykjZfpLLzlDAfdcX5q9QQXxL3VXeG48dQX1SE6xdf0S8e9FY4p4rXGBC8z3pf+hZ/ow3JWG6wyFEfVhlWuSwy1kvTogDO98Yb/SsNK3bzN/p702r7o2lFEj9aVp9lf75hxf7EXN408LVcVj6+M6s2t3uHyiFSxv+JX5YSgDVSiBLobn55Dq+Kj/MTDsIurHaK0+/hnPPmkSOz6+83Ha4oee0nfUAw/2d4kgx1Aaev80+gQJuN5dH/nPj8n/oNmt1b8nnNPa8h0rDnBf4sBM//XyXM83r7/J/4LIf/C5/lsI702VFk8z37+n3/YfFr9D8UP5H7Wfo78xUh+I/9kl/FpBuC/RvzPZeS2I9cSmA/cQDIX2X/E9gfe3VoI4Pr38VK2rUttN3j5LM69udgi/w+0EXS2x99JeJnvhK2+VW4wn/EFWRZ8C33C5/sDks23zP0/w98ZegW52SefOMW/86L/tfnxotUP5L7v0hO4pdL6KT/i0mov0eFL185/WGOMf9RafRPfNT0rzhv/kIxJvoz0v8hN2nmJyqG/aqJvqUrgRGfZtSfT9pfsdfOO7z0k/CSFE72+l0YCIWGvqn3DHUQfoVgPZ2ur3UrGzltBHQ4XmEodG7CVa/137UH39adPuF96zirqwedsp18KL9xDhTunMnFq87PHeQqkZtJO+7wRPZY9eITUUA/ItkuP3CAnBzagU6ZX6kLPE9+1UDH6Rkegfci/ioXF9ifJaixpxMN7+dX+TnQ3QzVf4aDnGe/n/VpWP8PwkrTIyWj1ioQsz4X+X6c1b9Tpl92fPpls5353kqit+x/1+351CB/Fbfnn3BxNj91cT41+GeBo6KEyy9KPPlPeiTf6ifqV3ooDP23LfOHDEVhfyN+oj1+nVWw+X9MdRi/Ux3Gz1UH8fz7Q9Xxb8Qp3eK1WrFQtL56T1UCxT2KMxLG63o2RR2dP+ogFYIi4Tr+6p9IoTOK6epC+FEGPuu8rt2zAOF+wnydnadKgW25b2JNamW4KqXXkfzTyPWz1s8VhzHER/BTDEQQmy/l8YwC4u5zLaOmzY/1DX2VXmsFAsA/1yj0NaU+Y+zPaDh8brg2pj9j9ii2r36U+a+2Vf0ReQMfEbQCKU0UlcVe0VoUQQXweU1DxQ3fLz6V75fnKCq5AvK1zmJPzwgxxDaK0n28m3ZfUe8FRe90P3xFHz39FRVE0VMUTa/Eu74+x4q/sKviHxFyCo53MV5rDl/rP9ugiKaPIpNojWc1XpFz2K8DilCiaDr+ipDqaPzovZiBxgP7rH+JeNbUqw6YjPoZOaXMZ0QbRVMRLhHua+K1UkCR0Kh4PXNr/IMurzHx1Ky7z8go7JOHIt+TBpX3M0KM6CKg/gI0xo926isSy1Prq78iinITr3ZPGqJoJ2286tBfaAFhwGv6teJhT98/t9E6DvYNDBRd/rjXaUPUn5FV88t79Nl4rnVBfFT28hHdX+AYlldbMH2UwbEd9Gc9AWBfxo094U2vmYXGXayvduL8MW7KeEbg0drcczXgE8+oHW68IvgvWrjPiDv2Db3QmhE0/OyPyHeNVkxwiDfE/4jO1HMFAEWH3XT5WFmhPlZWIO7sBUXvX5Fn6iNS/rEqU+kffGHThnQ1vtITrVLUtIGHz5UE/YOPXvRE+FaXDz540ROt2Kwi9g09Ubvf0RO1+46er3WzL3Mr/D09v3n+Sc8nDPK57oZWK/jP9xgfEfaC+iyDbbAXDVTstZ4J+1ip00fb6RNncM6v7lcao3VB+M7oY53vs7/h85nhoBWaz3XW4hXZf63KzK+IP5p/9YzkkumglYtv58gLp6YUfrwje64kPPH8ojEqC56yYs2EV7vwY70znZ+0fs5J7yVPnrz5XLWgn3Kq/DrfDcH7kH36xwqQ+FzF0tGqkFt/Q/uPdUm00sKj1Z0PGfiUBV9457m6YD5pVHzIyJp60ckjP1cfXs+9u/6qT7zuf7f+6T35nTLdl0yE9T/mpvcpl9eXHP6cJ6idTX/Mr9kU7A98eASk9aueUCwfYyOgTMO/zNcXPNKomuDFP/X6kqOARGOCtEQ8iT9X0F739HP152McsD6J1s3RStZzDn4+f66qovmF2obf0hd70rIJP2n5z6/A/PddlA3+Q9ibwYkfvZTNTyzKXxb6+ydymd4W5duifFuUb4vybVG+Lcq3Rfm2KN8W5V/Gotzifz2L8sc86rdF+bYo3xbl26J8W5Rvi/JtUb4tyrdF+Ze1KBnyLxij/DGB3MnTe1+OqON8145oxH/V7LifZo/+jqwcK2LgV/4s4CcZ1xvqJz+5/I/+YJ78Wcb1v5Qh88xv+X02y/Y6v9JP/t3M/z8C9Gen4fy994UxZOj5b3zT3bM/Trb5Oz8W+JNycD4a/T4nZ/srRdP36ZzET/iX/U+m6JI/SYL/tx3dv943E3X0n6Dyr/1pS7Nq0WeFuhVrRNs/UK05sw411TPd5gp79NGGsm37UE+CfFS7qj7vaX6DU5erxOgWCBpKjcnCMsYQ7VpJQK+bYZgHf2LCc0VMx1Q4F8+vLKpgnKSzOvR4ri3rrrYKexepcZpW51QMV4y1XPTJiPa+8XKpji5+cFBmtIn53ur3/f126VlVGdDWKXBY1ea1iw7aJwjt1qOWJtpDSrpw52xF28JsXX3f6/FufuRGozZzx/ntQEwjf4/Px5jB++ih0a3jtqlpRzwk7+VSUOIMKEyu0O4sXM6Zl12Ptnm6XPTJjDYZ2rT9sAsuew31U2+NtGZUvNjKWxrtRJXjoZQxrh8xga5lSXhTWANtHXYN7miz0jtryFJKR9fkhD47ZIZoG5qTQ6DhTLk6rCLDT9d2oGdn3kmOj7f2IyC36/NTZ5zvOJh9YJyWFezRvwcpW6snZfYCPlXXfcvbRCzdCq51Hz2nxvMw8boWLvdJB+NxvUTbw4g2ifMh3FsgsfJlau7qUphjfWJtwbNZ756MOFcpx4IqNYGLeL09c61vXc88HpIIw9u7pu8bOlx3hGK5lx3a1hVDnxbjDuoDFna74ox2WAP+0d3kKXEw8fjWLNLOSEf/UU32PlKkNLtFuSYYp4rS7mhHu26zrfKbSN0ytEcUTjp3Iq/ut0qeSUUdaa2t1G6vyaFETKFh3vb0ZHrjWF7nWgkB2jtLMbqETE+nB0UnJuNlIdpeycj2S02RGLbzRN++WPGjSkabuoA2kMx08i1bPgUnYN9y8UbV6/LYYAFpdXz2iDdpp0ltoT/3+cq7nYORaCd0kez3arCwB9A6aENdZbCivvbznj2Ltp0ebew4e7p/bM0cLKKebFvsXEXe9TCHLy4tdrFzdCTP9NamvVtTTQaCUaOt+5KHexH9+CxMO6E4CdiGVhxhcSbpNDM3OiH3ennemkOxRr11WiS3N256vl1Pj3A6jdfa6wOlMIPEGbR9d5sSKVhttJ3UtfNV3Uq0wcz4Fe38RBWAM3Zn6eyj733gtxMYFLRLeackwqHsHWXZAvTFGnLDmdYuCQzQJKW6ysuhQxO71PVTJ5m7zHZUNrgTvnE5x1zGzyp07bRurIYlXHYJ7m7Z+Mn25c28eUODNqPyknMS7fbJJHCBkCiNNPJdFZcHFztTXW152v2yTbSzUVkcUCTI1M4Mim4WmqNXQ90pEwV3rHcZeU6CWTrhBsuCgTgzVDbi5pHnw56vkl5l1V7Dw14S2rUI2NvgBGfnlMymv0izH9pMv5ZZuWcNrZcyBzOldTTHuQKM0ujNRb/3axxJNk00k3kN1Z5WzGZ2r5zMtMHh7hLXi6DxGnELBkUYQHiv5JY+F/FwPGYbu8jO1m7Hn+YUgFo2cOkeOGXmPvbXYTdzp4nu/VPAPdIeP8RXtIXWfZUawbbSvkXb4m3YxPdD0ZWAzdhn3xY499LlnESVEyDNzbrysjyR6dyXt6FjpE1XR2iDVMI1+F0hjcywU4QGF+BMMd0J6T7uYCKabe1uU/GzES/5wc0fk9Pk+T47h2jLqLosknKD38E+HcytMFJnTrhz41qq4GDTokv6vteB7lS0E8CSQc7QfrZYMBqXsG07wcCpXTwwgCTLbQKlHVQc0i5yO29fzlwkS3a99Hpd1GYPdngfWhvw2JFXtzzywiw9DpaeVXCytxSBkTKfmnu989eyl8HYNwcfSKF7yza7dGPy6t1SqETjLGVzphPqdMaSrRz6hleM5rA17ixSA4XODJ197G4Wtn1+hNc/xA1H5el2s97i5Mgv1K24dXMwAMVRLpwmm/fO2AS7nr/GK3YhN5QX7lVP3EkyndvCZM52mNW2atXNwzv12e4hYxReJFNFjsfh4doNY8diY0G3up3xs3lrcOVOcrMm0vE9OgjdrXdBZU4iqdZzh6vhpl3LuNPruN0trtGe97EoiUSz65Uh1A6JmrYbsqSn4lrOpdFsL/v7BP2K25hQ+TjJip/4Z7k1uuEmn/jgxgqAfFwfPImkXQDazZjzOl8m1q4J0F5fzDg8+jx5BASJPq6whYBzfkWMUY1cf7QOHDdYUDfXcqfFgWjg8rTzCpcXcM3rxvuOV66Y4h32SP15ID94py61sJa4MEwRox1WJ6U3tXadfL+Rc/ziFQ6YyFJe8vLRoa9wJlcRI69ZEx0r1yxs9G0KLlTv46KQTlM1HuMn5GiHmtLeGaOtwljV692Wyx4q3++FvVs0ZdA55TCSSycdBnd1b51XzPyM9GXBN4/zlXtuuc7t9XW/kkF6ipJrqzRIJ5xPddqlUJWozWmnZpy590ZcclrAOTSelhp7vruBHLr3yDQYd/UrZpBnSvDNoxr3hwBp3ADtFnoibkfdvMtN0wW45lfZphf4WTinR32t+W2W4E2m9kgRPj8lg6E2jXCWOWxfSEVm2OFlpgKtMel9zWy4k5Srj+Gylw+ctNGV8jx3KIy+HAjRByX9MmgWMqpGJjVZ3692EdpTRwq6EzutghAAMzengey3WuqK2QKO0W+vTd+tB7e5bdGsZg4bG838NbAPfiLPdhFWHhSaLtqpcG308Qp0E7UJhiORUyth9IauHGCBdNgMIiTrpNLx1mr2LNpTX0PSifdpxsgfaSZXV568AmHxPN8iFytTb2GH74ihqmJqq9S6bztTI9OH+RpjQM23TKf72UZva48as6wbk6Pe2qx2EcY5K5LjeCnJ073YJgiFvIHsq31/C3leF52yrHnLEQfeC4/eZX9yTw3P7c/XsHOlO1QexL3Z3Vqe1bB6zgg9cQUxIf2LxBgbE3ovZZUdq1Ykq3Xn7bS9bcSGKp3RnpsZASoBbcAp2sAUoBZoAmVfDmBP2S4bCbfQGbUd4eF8rhbXCWShYyzzVWXNbblFzBeZ3C1SNkTTsKdE4q/L6byMbRHoF8bjzhpV3vZX7WqxqXfbd8uBK6Dx2t5Cati2vrt3HK8+nhgW2T7zzmJvUDo+dgmm+OM4WJR+W66bx+a87wk8rAYfSmIdGdVpS2362zDP/qbipIcCzXD6YM/MYY79DW1thvW4pnTBpLl9OFk6HW4e55FaLhDkkQ5sXt/X904bFDb0qgOhXnFhn99UKdz7s5/wHdFsll4uSy/zuZG4lBe/RxNWOhP3abwe8bWNNzlvNj4TQzbWV6W+qYSzhA9/7+XY4WIes8fUKPdbXEHO99uNL7PubFuyux/OTnDEWsfO+9vxhpwTy193aEz3zQF9v2Tj9wHD8/MpIbbiwF33PWgcCQOtPffgmLpIfp1IJr5h2FRBvMi3g0yvmyq0C2i0TO4URc3a20fqFjVh4GVQ2azCEX3Dhj9MORsLpjW2gVYSdSTJDeZXm04uo1oYGyu+2o9x8i/nCcTtGR9U/ybxWphmlLO9+f0tiqV1pi+hdiOJEc7jbXado0GrPTGve0z09bpsswPatRd1sgqXJj2n6yHYh25H6yPhYBcupgbJc6U5qvd9GCho207hQHqLrGDso++yC9R7cyXq/uZEl60nRfdAbwNzNVwxMqUAp89dhFXqbVPfg23sjuK2XvhFitOJLxhL3SWIpwXhTjeUDLWJDLZucTuXJNolF2gHeiL41LGdVelgad55m811Px/yYbQC1r/Wgk8dZCSFpja9t9slDNU8uPvsXYM2myq1TsKuGtoS3wm8QNZxo4tz5rbXJIk2xYqheomUPXolZE3ylWt7GR5I/VRkgWDWhmsqyz68eNK8F3acXDrd/TrPQ2CnvSLhETOjasW8KvtbpO8k7tiwRdml69Tq5DFUkEeHUbKKtiM97q9lms3jnramKXOoBsszymevFWXPXoykp3TxRDfPMtfXiPngxuwwSS8BqRhJ75ZFGOzu0dO7y2tZIQ0LMw9SOquCoAfK7b6vp2PuZ7Y/34hZcTmhY5CcgKyNbbdOORG7NY9XHn1MzZx0vaQeS6Pe83PEhvugdIr7MJ01MZsPyUnCeDugts+PJ7IYY+32hdFRaPMDbjYE9gjC7KrejItTtzZTNbKd764PmnVFDDpLenK7nsTmusd6HUcbe3bsowrPKk3MN8vUXnqiSK8J7UzB6da5TRJveIPeP7zlHEB8g4NyPAUTHvTckYQzad1pBKKh/tw7uZNkQezgDNavXFkS8nWPfJ1SE11u4qhRoGwIpzpLIVHhQxQA49LmdMvcVnLOqEq/sCd7WkrhhA34I9Wku30+8t7BDyILC5wrNcdlr/RRWiXogydCxrLIOT6LU32OD01WNnvFJLkCd5ga1/QJ6KCy7f1V3XMXrR6HONdbruQPAxegb9iQHf8kISeIacfl7WE8Xq5lSyIbGg3J9mhJDQI4MYeJVMo1wB2pYAHVEl3ogVnea6JPmT2sib4QVT2dbZ2d42M7VqDnbxMwC7nZRqDcgyu3PmMIQm5ZjhJps69l1uFwv5lDxOX9cu+6emyXCJLPeDy2rqku7KXK9kYV5MJ8cPor8AN1Cej1rHeV0mLWNGx9eedL7pw6C4arqnzs96UxByhOJd8EpIWQKITOcCtI0DEnWtozhYthF8t+c8Om6+wRIX+Pa/42SCWQFEmHtkPZndPypvsiPqKdWDiDtpbC911a9yvaTKvbtKvC3WXW43avMmB3nkVRha5r3PKXUWpCc392m4W/bigQsNG1u3jreKKxM4h91kVbTYtUCLWwIhXhRWx0ra+9/EhfZ6GImwPtSsFZJWx+MxrHgIn4C2S1x4tIcR4q7uZkuFF+H5RV9/wMhWtqN9DSK5X26rhOyhwZUOlKkqRNvWOT593/x91/7UivNFmi4BM1QBVB8pJaa807aq2D8ukPPfd//q6qrtMYzKAHg9nABjK/DDLczU2sZWbuvmx7GNgkya5ZeXEfxFbgGtl+B8Nzq5lYp39QkBfhVNykD5GtwCZ5RVpaOQFj9ZywtmE6HkOQ4gDYtFwsHIUFSCPNy1IqSomAkBSdsgpVgRB5kjCBld1cVIYtkMtR0bfym/dkZtqrNe5FjuQUQERkJN4rV7rWQNvbjAi9lDQvSA7O5sGATnND+nyiAeZmsRdRdr06iYovWFljEsHZe0qHiysDpBa2kv29YmOherSK1+eZ4fZ7LCf6zSJrkOPOD9XUoUr78pu4J5pgQI+eA/Wjb5uyhguZcsxsP+TjMs+kTb+62pjLlAltcbD0jfVT8neE+i72wCpQ+LlNvU1vXc9mVFGXaI8Z4UUy1nOkm6yt8vBcMNOhEPRF8vD6Feuv/eKMmBXXCdzoR0DbjXbYncKaRDw6zNxKDWvCiFgEX+EL2yTPbsG7v/Pc4TLgEXYCA1g9tzbjTXCDzme5pWZK9FObOfHIfeFgghJyQjjW+el+1IhauNrviW+1GOjYccvnWKDryocP9gLhPPMhWWH5aCZ8Kw/cqR2HSlka+Vr5FxGmttiXa61Yn2x3I3zIyuy2RBpV7E/JPSN73LclpMiCzOZ5Sz/al/3nqJ2ueD2dEX1scIr2ARRWs34gOSEeOjPp8Y8qJ1kdNGskYC1z5dYkVoDqFUYI3TSqwGVHKbxedK1FsLn2chqDrOa5rmrspYks91cSdRFbvq+Z1WXbgorwSvp2IAiKQlxYIElWHDkdZ/cMB76mX9f0wA2XCtmThD4qp2H8/iJUyT8OngLAL6+evKjBiDGqIMm/e7tgGn0O9YqMy2fXVNSrqH4aor7smHSZVgNLqK10xlxFNvnHA8bdxBAIy7aCMxe9vvqhXjCH44TJXujvQL4ZIqD4ZEL95B70I9BJbLlPAC4gjHCJ8j56vtG2vwqdJpUrdNVS9CEh2lwvd/kG9VbtKvHyQZf/J9U1RIK8EVmKg9RXCxlvIONDWoKMiNHEMT29+Tc+H5eN9LGZ1hp1lDeiez2XrppZ+utxBXiFfpQ+yR7vYVKUiNMWE1f4yyZXCbIQYYliOSfMydcrOBmyJEYuvpTUCMWVVbknwFCYptiaqwSBUKFkSu5nPeG/ADhDuusZMDj/n8HxE7ydfzZk7FOYFM+vCTXp+hJqJ6F6lnJJ8fe0tlw4/P5yKL7/tDSIoOhqeC9tGRrKZCsnkHwK6V3A1Bi4f0xwwHwZr13qfWn/SPHlxISpGt+Az6ik0o604+XBFonYTg6JKXiIvxAviL+vqQIXffVLam9IPSY0pMnFYQGOR7THebfBS7aAoTm4mrL4fX0wtxAhXX3xEpjPxJ/Pd7Q++bQTvh2vPlZTc0+wvwA6ekJXfTgPJrUsLvQfBWPg+c6zzkBWGmCKLwyW63MlXjDn4WOqxbp27oE5MZw6tDkIWw3zAUb9suzle1hxVj3pg1vc6BE93fIg4XwVw+KIJzZMEeknK5fXXbLOSYSyfQ2IDKz4cDwEmFyRSDA66AmDZgWZvmz+d8DgYmUGAL2zLnbyG941eeQvHDUchyeczLaAArM8p+RqzRttl1MTF0jdl4gvRXG+l6q1+O/AqUe3XjYAEp60WV7/xKWr/pGpobb7BTCFo/4Y/ENIeRq4Q1AIeRzgOhlN/SezmW0WPtGPYFjjw6ZKc5hsoSn0slL/gpLgWpeqRf/ZJU8ncgKs5GEfyOzd0XCkXrJesMMZH/+bTzhGjiaRZVmkHthtByJxEadPl3o84WTS4Pm9HakAZk7/nbiPtYY5D6sdESGIm4Sma59aliVKGycu/nhamWzShHk5OcgHU/pe3e3OHD3xQrUBBbHAIcUgDOrxsYHxlehvCttnL3c753qb/kizBrnnI0rKyn8Cve+1/tecueQhRy//3EyE7WqMEREMhxAzcfwD1pNmLp5tn8TxECbxDQSGwfZv+ZJ1A45QVGYnATRfmvSLz47p9QYGGAmnYYco7C0+FsMnZ7wSp3cUg9G5QtsdxWnciRMYFbaTafX0y5gokOpx7cmAAaUnpX8kDqOIcbkXYX2xuUUPybhi07ECui7rVLhQuzFJIRF6396/wUJUPPEEe8OAAUAuRFB+sqdDFi2uSIP6xAImpD9NJHLk5g5o0mLo+vhST6NsjwHaiINLRtjlZ+vT70Ec7zM02DdCDzfbcPYsHmMsiHrGcWuJh8RawXUxyQB/PaByIng2f2R9RT7IPrn5oAc/9O7SNX/gmGB30npxNYUZ9I75J7iwFSen7s9jaDgTm8rm+zwbMeqDzixAACV8cjMEjy/b7Pz8gNf126cIquJf6ngE5y4ByO5yFHwv1njqkI0u56Xw8Mtbwbiq5Zc8gwmP4zHFwbjhvgtMtvQAUjhS9GkGi2lecgtj/ZTnXIdT0mu3kzUN1sBD4N6WNaM65rD9T//YK2qoXrunaR7+cvMW7W1Tfzf/+34L/9al8qi0C9MH4Zep3QQu8y4ealfL0uqWkWZ9JK3QYcalmEF2V6Y32bGZFSVXUC+Af+rMgfRA4YZqJ3Zkff951LaEmOABsTDEX4nOPpHcMKRlIwL0u+HvenilToqRQuUjWPR6KOaxQHLEdwUm7uY1I+6Mwvy7zTVCU3crKsGLM/268HSEQvwzUs2BTqvo7+zsfY6/7NgIC5N4AIBO/MIv/nyg9CzEzCCv+Is0Fv2Byp72eElEuvEj9zEFj0mCN67PgeznjO8GqGcplfdXR7oXVlNnYS02JtSEXbWC2xD6F7yrRukXoL2a33P9O+t8aKGg5Mm/PL+QwzXCVnwDMERg5ywjQRKPhJlwr/TvhaYrRPcviyE0Lrk8Ee5ltH3hGe9EFxsnn7Us+nsNYzwGVaZMCMYOEQ1KIC4HD06NqZ7vEfOYUswZv34QxIPKo7kjermtNh2sxjMNF0+bdWZ29LvNKDJLObRMm9NAhrjd0dP4ZVl/ZArAE6hGKSEhUOtR3PlurJ/vH0FYL1K7+FOztZUWFCL7YngF9qoqjAo7Yvtum7+y9C22vzuXEt0LePHvauz1CSbXIQHSX1QMld3xOXUnIVW5f01wax6TLHAhOu0XxO0KN1pW45JWiZKD4Q9hgzfNdRloQXRfjNnxw7k/PPYIaNG1H1/65ag+MvNzaen3tCWyjDEz48wc3CpX1FxmAPXwwnYntc308cS7HE3svyjOC3i1rhm4whxYLKKQwPgeJA5jNs/Atck0CnH8tsNX5tUtqK09e/jN/9pF6H8iES7/uN/9GnDOQ9EG2PgWb3n7K4ENWHgIbqgOAVW9wOSD54/51r7Gdve3NzPKAIae5imJsOT35R7i3PClBKzZNNmkzz2ub9izjcyuD30AFji5LHDHi2LKw013roOkL8tslMnu++t+6idOHTFJWxXtL3ADGXKRNhqZt1UcJtY5OWv1PmXbaYn5EGEEyp7+XY/1AUOfc2tHHkfLgdmp+n1nudKnukjbs6Tawxzc0amDKjeTJtI3NwMCFuQSd4FJ3OOnqhAN3NgH22SufTjRKWefywF+TNQUPuRNuXYo+2Uc1nrUOdvDop3CpItTQTbC9oVyQOaB6Rjz8K77nvxVylEjj/rPr+atXFmyRD/n1BOzx6kUizxruKImX96fafmG66RBdwaRx3UcrX4CewUSgESPcNFEw0OaJU/RwdQ+GMcf3CHcdoyq41lpfuTsJdm1j1yhpB7myh+lj66b/ne3FBbLU7CySAThABtI1IQu/O5oVyyyQLWql7k3DbXpmI5l9K0bDtphCjFudwt8hwkubo27+42U/8S/ntYXHdmCPpMuSUIvV3XQe93ItJSQ0EA0TVLVW5HOs2tnKHanuAUF660o/woCB3idoLBRH/ywPpqqRp/cUQtZNntHqh9Kh/48do+m2K2RLhP7LFOz6rNeo8BcR9gMO16O0I5MNFjlxSS08XjWwJ49xLx0MMFlGw1d2w8tSdx79XPDXl6aIHBGxillehfazvVebWjAr+Eq89VRVAOZS+BbbUL0/Mn3F80FGXFZ44VFxqxoCMnqAMM3s+nkfq5XmHKDsMTREHmhReDZ/Idv/+SGQA7lD5ctpQgjyhL67ZQ3j3heAGvOz0PkQAuzXQDZ1w4HTzPCkfac6khR7/ov76XTaYmUqxVAJKX3jzovVcEeIVvPgd+kY4Ym25I3BSjxxGW4hpCKsvnQ5q54X6Lm2NBP6Wzs9lf8ermy/gn9v5p7eaIoRv0zTNA3QK5Ije/wrXnrdH6nUuINjU9iamnpRpOyrJB6QFR+VcS/uNPMcSUnSI1EazIfwBT30/x7y8Yq77JpX1cgerhd74iUmdNfAmL7IonqUBMh3QcoaDV8HJTeDq5nRjniHydk/F0gKr7eG80PEhdkdJ4g1tkjKW4NeeLqSPTzvzwQz3Q67EF90m0C9+JCbcaYaz38ETeHcSRUFJ1AxoXAQWTydaDeO+505AgybgmhwQl3K4exrdqSPMxEXZs6qIfcTBA1UnfIcVVSEx8b//zdfNuI9sOEOGYCVePb3URejuEVw+mj1umFMmw4PKM1+NljRLV5Larj/kvWTbl2XsZj99ovelwem+wSEKmSegGJBRiAWQHDNnyTRjZy7p10vAPGRWqZIiZrXpR+WJi5x2WrjMu0MO44ZpJkFBTiE8Rn6NjCwAqxSLran9g2gqr/YVC0QBBQJyzZ301011wQvsg4hCe91COCzQl39pNV5q24IMVi9tMuWkPsDbgzZYjluzxJp2ldo+W1jnBx2t9y5hDIqmheSADoUVTwgXbTZm49RLKI3spJjXFKSN9gIZd58X7RbbPLyr7xDurljyobGoCg9NoY/ahSvNoyUgeaOnYArf7JgVbuLwWEjxBE6plvVIV+/ams1IUW43ckJKCm/rzBH/i1qpci69yWnjwnizxMVZIf0s9mCdn13U73n9vkn6zCPSCBThnR4VOQYUSWZEVWjsB9gwhdXqhTXMUbhgzTHlf2SzP6lAuCZAfSGigoZDXiCJcBlhn4pko0DmCnoU+f7xa616Y3seI27NF6WdVEgoowJof3rQprk2SACMyl++sxB03Stm1VVOmicOZ1KAzvf4p60sGiGT5ZGARi6rgW6wYJlw3cKjNZh4QaUsSBlgICZaxj3csJqMf4dR+loLrRwJyxoVGUZpfwJfLgIkP67IkPVl7OU+lxdWUHzOxCFhHwjLMNPP/svcRYNSRjdtcYEpTcHzT/jFrkSJzvAKewKT809n2US3Bj+ZDTzo1OOHc7y0tQheGVsOo97//Wad7d25gmJvMbn1FGkJO8oohdNZFA9EZGmF94XvYql1OFKVKrsYX6wsaFcsYWTheyB2zmi3P1HKpDMVVS+fkG1S1J4UWsYo8mIuYd9IXQfyRP/NqOnM/LBxmP+xg3NpM6qJ+p+hH9oyhywJwJjrKwKWkVNs8Ff6x0cf8caZh2cDjbG3AtBBZBtd8M65gAjVMIuRsUyVeR3ro031n6oPZt3hyCg/5WywlIfaMOAlzv5/wj/LhghFG5+lQYuByu6RZgXwfNzerJlKy1P0EwKXjkJPzuXoy41bfFZq+1AMdDH/uHqCB9GMr0O3tD4XmLTmX7aWAWiRSXxUuJp+pV+yLahJv0dtZDhJHOOAfZeHPE3jj+/iCBuje68aro0x9iE6of730S/Ok/x5cE9xJ64yGuqRpWk+bjpq+kDSbn7MQ3jE+8IGfu0ah20yqthC8Y19/Fh6AhIJ14OveDlDHiSP/6sd4unEKxMSJIMzPpws3LsttbRcf5KfMlh4O2UyrFcS9cdqkwowGvY/rlO1VtgyTU4CntQt0wnuCjOvSIrDftPb8+u1Soq3g1y84jBymr1j6IqChh9eyLpjh9WItfwqwvH3pNkMiYOlnx9y+zy3w5Xb/nQTPIHsui+ZncBagycpx80x7ZtuBznaZC7kX3b2rgrlSg2EOUyaQte5NVzbO8Q3Jw+cpbYgp2xPhO1jKHKCnPV8kwPEsxFR98qeKrbItNmyQ3Dcsmv4CxKeYnCMX5K6wKL9IrDNeJ+y6cc5j9s82IBCo9UQcR54JGMNzONh9Gnw4PFNhmnN2jL5/Cl/yNLPiBL81WOn+eCRATXjPB6gZnTAnBlxnW2vV9S1npnvuE5zKZ3Sw5TR0fXOHveJY2b+wdeRD7DFaTQUJiSlzZNaEPUAtc0NVCuZO6/HrjKgbL1g2oWCOvcxx1xbY6B2+nzVvbpLTm5pU9+gEdNIxNjtIOHbq3c6WhkXxd10qrlN/d/YovURHrnkPUNZsaOgvJaAd18exo2KAAaSGa4OBo4nHdLRlZCUHHz918sGt2zfsYpmzUd3OHiCR5yl/MMJwMd40mtMrrNDWsKeX5UPZgfT+daKsjFGN5yY73ub8AP9df8ez+LifMt4NJplLLxN17KTcGAnrMNiZjyJIn217xNf+qoQOCHniF+16Jk7+8AnH+Mx8FyGFpXSvZKONodcHC8BRfE930r1+Y3a/hd44xSM2u/eCbD/ZvruzAloxzLct7DHwmK+dNBMUwL9d9mDfCdwic/hU+pvGbQPdxWC29HRlaixgfOtm0Gcm+xKiPGICJ7+gsOrR1IjwVsN68S77z8RfQWEL397BATCMKGCzBf5Pwv4vLHoL3yOkHmcuKtMvnrzSrdTfsFLQrEdf8rRe44dRFWKhp6x4v8mabdU1FqGqjk/NszqQQJCZ4FgH8zhexkhEVbdOTk5ukvzZsNXy5uJ98A9j5fZk8zHWHQQMgbnlflXxR0RnKo+N3sO2NmZOIzsx6wR4OIGDbxMic2QEHQoZ/VbRaf6cGEujeSDwjiHxu9gT/ezF2fFXx8DmMxljvbTFd5av943Z8ItIfgWaIObQRf8tLbvjRs0+pzNNijQjztWJ74TVkdupOiT0rxyCoz9dUn48ctNUIffuFa1sK3Aeff5SS1r60r7yYfBPLyC8mm8MrUpbcnhpv/zDwvSEds3U+3j0+EHbVSJh9uIJHfJuRH4FRfWoG4c+Vis9Q70vVwA1NOctRdkntNEe+FIgNKuauNHSwXpYWF8TjbAVPGUWvI/4yiLBdGxTyQb0M4cN7he5/qFap+tGaKCh7bUk5hfili9aCiNUvOE5iND8nwGrzHAH8/HzOTo1tkQ98qS+yK2W9mvaDfXrKT25YAXV3P68U9weCuiLb0164hQJH1g3V4vHFNnNqeQbTBXPATFjornlKn5eL1qtDpxrch0P5/DbyNNqZllxY3aefrBAvIzzwhN7iXt5FjH6ZJ/P5Ln88L2gG4oxPBqdE4WXevSJI+UniMWMwpdoDPoj2dhU0WS1dA1fbvGPfBrWjE5BTqe9D7XroGwXKCqk8zIBJxxfCb0eNg6bnWsMa9E9deb4JRz860nqpFoWssWZnHPz4MHPiU7w7pmWyqH1amGeRDFghOSpQa7r55JVxRPM9WI/PWIznzxCZKAmiSF2PxlcA6JSSjT9chj5eEmrxwrn+SA/U7uPQFM4r8ZhA6GIfmZQ58jiA5R9NM9yCUEJHJ6dmR7xl/9Vf9N6TX+C6yWvXV2yo0txUS93G6TLLZ+j7xYXm+zGQzhM35grxcPaYNJRkw1gjleludWBaci+Hr3P5KUt9o+MmyDanvDjeB/fh0o/NXVGzKC/QvS1SSuzwW5actgIyyLG6ojY4BdFwacQHAQt318OF9pj2vTtzmwFQTqT8OMx/fHcAKfZiiij6EgzZESjFrUeeMOGmR/GKAwxt6DNOIH96NxcG14QsJDa4dpqeDxPd4EawAMpyHo+OE2BmYRbcic9vdo40u75oiPkYG97i3TWotTwNRI1Nq7OSVxNiWMsRwZwb+/VLb9DQIJVv/FlnRMzSzG2G4lQ0qGE9m6k1vUTDpFUJbN0ccIc9XwRYi2HURTXBcMvaS3U4QYstxLNHsFCCnG6f4wBenQeLCxfudieJpsDMZ3h2nJIYXFPU/AYpvzY22PDLgUwQ6ENHVifP04dvamoR0+eWqOgHl0qf+QJ+NzlpjNfOpymh/sNBzzArbBACaA0L4t+W78MW3k0taAqZQVxqz8Q+57ECAP5v2EV9XLyB/Gu26qbX8aWbmpl38TG/Niu7g/xC/Q8uORAImEGmvKxbX4Hn5EL0BtwkiYmTYD+230RVaj5DcDZybUkubhflhaVB+pi4E/3k2eh+f4tMnF9rStZ2j5a76C3eoi1xFrmRs34f+CGD+vst7rseizMPfo+MrQHKQq/bM7XFcFvr+WqXEacrjnKq4Fj700Q87jJgRyXfQyg85cj0gblFAaUqvgwu2GBzA2swk4A7rzCyn2b7W8QEwWfHk5Md4gGIjR8+GX3kZDAyx57jbYvLvPlVqjKYwymDV5LWUj/6KcqFR2fAcz7vtapnZaflWdMnoezLwxzGY4ig0roo9nKn8HjoDFgutiudyHExgtHbQJpxzSQICaPTUquG/tWjZU1X7v9YmaWFmCAc28zA6hGxRWHh1+uHj5z0lAhZAYL6XU0vy1zvNCFqO7AH3BGW2hBHihU4/GsSE8obxdCOMH0fiFsfdWL1RB8TlCJ/NR1wsIinjJmu+mWi5fWuQH7ArY5GCIlb3H1Bvs3mudEf3Jq9EMqpZkbpdjGqKUbN+NwXy6Zdr6usoFxiTRG3IWmGJIFA3ZXLT9c1pCgd+fwgOzGbX+QNR+GasIIHvcNmpzBzF+pgwvimBQwSZq3/JiUiSdQV7cTLLwKpmWVp5Y11RGVC9idKZqdhkrqlThf2qr4htck5vshl5Lw8PdEPP6eV9qpk1Wghdu54yj5x2vo4q2KQck3CdqnwrinUEj7f6/pLri8Noa4R1wmcsarbUZalrcWK+qZA3zvNZJ8LnuSBtup4kG1a/XE62lS1ucVr4hLVYFODFSFkEFcMyv9Y2xTwAp3vgkz7yXLREtbd5vJ0NaZLRa2uKQa9afJpt4Qd+43j6q9QPTO1yGaHGv7WrIoJ6PmbTjgNS9Yr5aTp+asvTbKXZPdnReFehMqB11RwuNFmJ5r71Z8fFCwou8YKg3EvX+wCwwgLVHTBap70oKIFZm+5D7riS5MiTU7UBQmv1wskholAlYLbDEpoTeT8MPNrpX5kGwN4nP+mwNkqKdOcjf90Pe2P1tFzkuYp2dewvcH/61pUApE4FXh9EjVY8ZsTEGGZnlrLtb9tA4VfTgKijFeUVjdyCgQGTcAxs513RHfRyG1yWl0NeHRe/DixHGO2pUZx+Awc8ERFP2hjjvE4UvUtRwUbzH6xKNOknqZuU8WZwpvGAATT5wfXlZWSNuWH4Um0MihuVvglRM3ETJRDa1oDc6FC/fnhXX1d/iHZWYtgZ83vPgL7UOKgGENj+bQ/uONdfjoped5Lhx1gDiZ8q15/bdms+2FsmrZ5yIyscv2n8/5RD7XNaE/zgSJ2fDrfomNLvChKkfazMF/ubo6BLWERrAZ9wCHfiexIYtFX/wfFOiiLcCVLvnTLPdn4G/XrIse26Wgf4xRwymYRg3vcKUg6nSBrJStGWUZSS0GEUVYRw6xYhiyeySGyzbEqGvoQ3HO9oCURxBSzuzYEpePNOSTz9ET+kch7F/pN/w0LrGdldQ3+pFeV6ehG1F34RvfYQdFGsUKXqLCVa7VVgBb+dyxHF1LwXaSXfHmXRbHvaJyccO2YJ/hRHqgsTBDqsRuGVqMj4T+bwTrHMSX9dmU2grP9mmoRpEJMPu6ecI0uE9zGDvLBGnEywYfkd4kmDtnqtlxSBQPkFpFonBtEGrJtTFpIWrULWzz9+nxatqwv7weW01MHUQ1Yw3sjgHp7nxZoRIWtWvzS8gxhNXcocC0VfdnYfzAi0Y2g1hWBjJvKsQi+5zk/H0DdOoyuuL9Ozn4h62lwZJBfQpp+AlRXuu0UDR9XxsYMjNp4FgZ30cjE3DzGASGgpOx3t3qgeHVSF0qO3wszcRScvKZa4/UBk3aSoqiH1EHIl6CMQFnUv7LXpDoXsPT9zCCXDjaQUvRLCz/c2slV9T+vjfg/tt2dxP6XUwz+193Cn/9mt/Dn/9hu4f/zdyz9f3iV3f/7d+nd2f/4O/mgmcb/0Tfpmqz3/yin9X9s/z6l4f9HNqv/n1K3z3++e+S/2Zn+/+Wt6f8v3B71/wdb0wnwux7+szWdbsg/pAC2rPNIz1owLVuQVnmifICbbF7oSTnS4PtnHnlEF4z9z2Go7sdR3Dy5OV3MYQFQe8RoHeUpckfTHq41TTX8aNvyty+1SNWw0bECR5tKSYFK/bGyl5bbmar3bjFLzL6i6FEC/wryNqg5jCwAtIbbowPFU1C8+GOMyEolWFdG+DaVfjVDc7l56Mx3MiLPUPzCXIgmbzjWSB5F97gJo0WYqUFnfNJmMP7ZMAv4VuAZ/lkLJ9VRu9y1M5PTJW9TIg3na1TxJ80YpJU+2qHzu1Y371g7hqLsF595Xz8Ko9udw8a5mOgL1Xmjnqzk07HaUQtVzRWqgXR0zuza1LB9QjwdYb68kBP3E4KrrDFI1mS6NblxrhkcyY1B9qx5Gdbv08rYw8erbl+qBvPSAHJuY0vhHQ6iN38/oAr4STZXFyPhmE9P1zgrFptREPOXgA71VF18IYFtMoZzZlLtSyrOYVC7XWW9D0012QPgpzedfs95oumKmjCVJayGDd6R1/fUXv3Ap33HNiDkobbGf/ZMtTT5PAZ7W5sJHYlHpa0gvvwkfyotvVmQbnBMYdVlzPI46zxx1kWSF+3lYANSII+gE6G9opheXyo/P1SrdC7AOw/Qg8fNt4eLqqa2H31ysTSaKomXl+rbj0xW3ufyRKrWJxudnSt5Q1+GmdUrNfksEdtRrDITJWb7PNk5K/8OLRDO4mXCsfvhB3+0t3bbbDR7NFpKYuSyCIVYWLHE+yeKdOkbAYDoBL7WxsJO3sRXb+T4PmHOYsabFhGK4exHjpiPROO3cSYxwLNyDskVc1YU01HN9+yFUTANqdPQB2sp9YOB/Kq0cxSG71k7FAFjKqAHTVu+vtnAr8laiAtQs03FH2aU/BWrv5hwYcoIf07EUI1d2yMR1q+UD0DbnSlwlibJi04gNAvP/clQ7AHaS2sGkzd1u/QHA8vaEwxUYM5Q/zV5SplsWg5esdHGuY7txLB9Fa/3ED/dK63SZRJKuHFZrh+JuwTyjLYxpcqQRm+avK9rwOSV5fCAG9C1Gh8NopOVHBV6HckFCcwvNsYvkDFbhazWgamwiyeO6sCe304GmgdGRy6XJB4dTfw2P4y45NQN7Jdf3adyI0YesyTZwnSb6cbMCcl1nEJb7WjG4ogGdSZWSJVnXaliM/+VytC7HTnWujj7B9Qd+OcClRMK19GdruQi6bcDqtft6q9Ri+GfHv3mBHkqWtLxdPYPUcBevAlFkY/jc7ZhFMZLr16NZc6cLCX91bYiUMXE58PAWH8D9VGPGo2ra077480wZpwRWFuaZLkQ84WOEgWKdgeJ+GWUvZ/UgVXfrhI5h6VZKvXbU4850SAIqtno06ts5RSHU/gE1IhQ+nJy/CmwDigX09S2U81edZ+TI2+2zDkznKiaoL6aRNWMNVSSmPNUTnPtRSmXHZ/2a7Ul43lNZ1kd4/VAQlIlBZGzWdxieYuVIRHqSSvRXB/huYWgY/CBJRmOvYWj47Cl9nnLh71Eh7JhAqnsRa8X1v4yJ8RnME2QPJMzyJdPYIb9MvqXHyFlnFzce9mcpkWnYV30kohBoBoDQwRt4zdKXFEBJvkR4ke8n5i/DPTK0u4aNCfciCjXuFsR70y4PQ5F0EPZGmXllBRctL+yassaFMXZtagBnK/Ds4OqOqWrnVYYJuU4WJKJl6fVrMqYm3SdVYih5cuya0F+44FdGxV3EBsXtfMlhZyeuftVhY2AcD7h0ufQeVUiU7tj3EN2MWrfTbOEQJXoKLmMJoDuQlVxm/wQptxmSEwBNjkXFpPV/QfoYOft8UG07NnMtz3KRrbwNy52/lb9oM++wreKssGnXDu7aVW+NmSjSZLO+8Tur1cXxc4m8u6PjxH2ZOGDRL8KtuU54Q2Sb755g8Kzk/59VaP7dTC/ESs0ZmmZku/ow6zpvVEJ1elVH4yYd75uD/1SJxnGMaHIWbzciekj5bSmrE48hbcWnflBinqFPS9B3mH7IyhqRWvfdIWX3oOhVN2MONtHOTivXxpf4aFQ6cXEb+J1uFtR+WZz+qI20Ip3x0U4Ko3lRxdoHeSjjzJlU9GH2gKyo12ERuzuIKXrkywKAQcEis5wIC9NspzJOi9NsNCwh/tS6fm6u8GB6n+Wn7/IsPdF/IoVdEFjDHeLPtcgCioRDAxZuQeTn/Jylx7wmE1B8B9yWpfQ6AsyUGEAdZP0K5/IUK+kUG+R0DqJTn8WbF7HIdfgz9BukIpUL5Bw8i+b2GbKY9guyDnuW2po/BwF9KHuELIGwi8MIAoPnl+azyOpFbAgToUxdF/kcYzEeybuCMmc7b8B7pgJitOwoX8zVIuFTz8OmfENxpkuBpkU0zUvGv0rHxPwUVX4ZcvJfJhKYKt0putNGypYYFVPj69h15rzOZi9i297g4UEspNWX0z0alIhy6K1jXdt/OzTcL7aIR/ekJ/oHPffYU8ifx6LV2qJEf/6QYDQ72OLj41qEHGuj0LGE50YfHuruB3n3dm4IZNeMuzr31V4gdycvuMOgjKOteRiVmvZhuUq3DbJRrb+gFYxB7lBVv4nJuezlvk7Z93e4n7xENaNDjOBf3eQ+r+6IAwjrvPqR4KjZb7+EXkkjH4BXgkgcd80qP54xmp9SlGGMjrC4bbSjbr7yO7sG2b2XZ5aNJLPeew2nZX8HezzBQZQtMtXXtfi18Lqk6u/8wbV4gA350+tYR4O0BMdXDuO4TeKoMWXEKHblKNPLq7fopCJ/bkPw+4xLryQvYQf/QC+joTw0yxUFNlKCyjqhT6g1IOvX/WISAwrPy8BAjNHQwycf9ACgCyXuHk+FgtV+kJtETNaUkjXmDxVFk8rkJRUY8C+kds/U5N1/aRYm6XI2YXhbanw6hZSdesMajU3rcQ3xjS+EJM4pxZoccBTOFMRGlr/FRs0aZSasv4ZI/+9TEf5ekSbOlJopzEPJeZgG4hZ1OWPwyHQiNR/tSQ6p7n1Ay2Mh1QAZwnRDzDDXVcw9GhlIjra9Y4n+aBehKDLr3IBeHYpIkgDtybC3m35TdlHUeIfksSPPP2rPCFvTz7EG+hMMbz4YYdR65qY8noc4NOvq60jH/JChxnu8tHEQcW3tThDlCEM+Q2z8IWmzYgG0Yw7w6gQsIvCEjJTyFAkgT9Xz1WG7Xj44QwWYsMh8hprIffi6dNfgwXHH+XuVkMn+BAT/kmSXNmYjs8HjfsAscK4LIfdiLen7pyaahHGFmtV4J8XrRKf1VFdDrRmNeV6m6a0EO3LTT4wGqv4XZo4QVbhwMDRUchR2QHfq1rjWReIuEorzN9XCatlXBziJm+N/XGKn1N9Ax6UVPaQdr5r8Dr4cRUJ8lTX6qcwv/to/NXykjrbFfQhQKsxbeaep9iR0oyz//5rsZ99efljsP36nUzLMIw6/Optde1WxXmQI0q+OJGa5gPPpAh/kw3323EXcLHYZbAkx5wKz4nCsgXqm3QSmj8MSwOzlcG2jg4+dNC6FpfqqB3DM/LbFEBxWqwJnw54Fqc9AFB4qH+CY9QZUG5T6m753b/gBUf58xvLg9Bn+4B1PCZGw8V/2I7gB/t78kDwMz9NxJ3Jj4c0yC080nIE5jGHSflZv04J7GYBHCggXwAEf5A9T4YDBVUBuPSxMmiKSWC3k4DE0cJfPT2CkMSrWLCIrs64GvpKZNmhXzJ32y4zNvtzm7CNIYZff1vx/r0uYgp1CoNnN4T1JoPyCymL9YavBO0RgQwOOCgh9mdnvvr7qLPb8wY/Q7H5+RCFOetkfNDb9zeKa6gn+AdRTbQEAN10H9HOX2RwfwWRvUL5B3JPdK/ic26EYkKW5g26FYcF+4QCueVguzdPvnLBNwsX2y1e3V+RGDD0BohleFHFQv4dv1WQKEgsbl56usWOVjeOhN76+aW/ce7II80+P4B8yjt9nu+AF2jM46Bgibl4Dco/njhbZM+uUQ40+TFxGzKOqMBVcwXaQHq50xYAwMYtTBCci39QYCZYbyYQLo/7Rq7jbyNNlrK03MSuv/NOQJmL7A67SkCtsAfxFRA1pf9me1uiIwm7mGeSgEw6B72QZpDo13wsoEMnORAob+t/NWgy+IpmLY5VRCL+7YA3RhL4n8tFv/ko/Tnc7oGBzg0iDLTNXm+y/EzwXk96d1BdffIa21o9bVFhn7EWt1MxlhsUUynQuoc2zc6lLzCge5xnoGOPbfqkFzNiJCGKKUU8W1Vi2caQlpL6meMsFqfoPcOHuDknioZsbb2A16+WqUnR1smJ6vgJbNdgpEi00dhs12/sEF1xFpT2jI7xIaPGpIkD+hHj6f5Mb60AOuvG3INXjK3yCP7LzcqvtsbZSVF841EUHfWvV3RkE/zJGhLfjnK+1l12blME2qPAPqLB2wsBPql//iMKdsbSkP7FoV1LYv1Lhc9jjBUpDXyXInJvDO/vA9znAndIDY0ZY/3LRHs1HTlyfaqyEPKOHQpWW2vXGMB/mYaqJPa6YyH6ep0t/M+3yl3c/m8O6Xe7j+EQp9YQt9bA4PlfhvZ7LvCYGnwe6f7325n/+Q224D8RKs/vmOYUwapssAdj4JsU9cGR/s2/P/9////v0dhzPETvPGsoF6mvepN7dn/qWCCb2PkAeR250A9xQ1xqSx1SNf3n9zD/97UDc1+8n3vlMeWifRoNcaSj9m9ZRwj5UxEfS4Lo0BzsVG9J+c/voap3Pbb3mW8saP9xPGcevuR6eOV7k110k30q+L84+EDZDcbE/e/G9K4p9b+dWyHwp/pw75oRjfmf30P8zbudnTjUj1T0oSQgdz/4zDmL3SZDvr/Hg9HLfYa8LigEcv/46dBD/w/vYVMEPrPBfzKkP9IWg//9ju59f0jf7/c84Dv+H56PvPfZFLng93fw/KWzFqGif+v3RsL/OA7sP2rIP1ryr28i7zfWA136m43Zcv9+g/tqD5Bq9L9/Q9//J3m8b4B09jz+Ncb4v4zxP62xKfyt/9cTeiwOrsgWerCO/8y57VDtfU8c1vP7HisJ6z7lay4J4D4d9f9+RH8a9yc9gbw9lK4jBER5zf33e16ZX0fW62cU6P1/let//q7+v3yXwXpghf75jp6eC8HfAu+VzSu/f63gf5md3RqjDkfD3Eeo9V9H+x9s1UP8S33+y9PMq9vP/IZ1eYkD/X/RIeCrjBdPxO9oCs+uc+Fvpi116c90au30d7y54f79DAFJ/vdP/BcJAvv4Wqjcv6v+ysk+UgTEyX+t0O/vXxvqUdvo1ZPX47Ez+2rw+y7y9oU3YLL/cxbvDP47T/RvT3gefz6plzn7ldz76X98qPDnU8GnQA3Pl2+IojiKcjyb9sWKxmVUL2xb7vE4xYm74M+N45e6r+I1xyVrq9SYiiTBoh1KTZiTUmn2u/aj5m4VM+XolkgQW4IIk6Oeb5vwEL+u2JaJ7+cXMcuqtdjukS/70UYX+tuplf+DbMFPBDh+gHsHUzMgjryBhpMscJap1RIKlA0fiqOZ98//8e8lU1CHEpXgc5z0hqK/P9WURO//bInjn38OD+HLEnGlVjrr9wPSPw+Dj2vWsJnlD8HLiBYqEjxf2Rx3vDA7G3P097T18/x7jObzAbkLZTX3ZmWbF9KFL2/EHywpURacVsqTv/GPQGbNvx9CjxBwNzIvRwmbrRdhfcHMVSdrNeKfkfCMR5nKV+Gxuz4pbmiEE9JQVTpad4bInLqichhG07x8ktTzkkRQsEWOd1DaXP9pxlxBSy0/gx0L/M39IwNKoz+iJzTvclFWA1k7u3y72cftR4N+5je4UndNraZ4oLA9WPA8ht5P943YV8yVT3GdXtQPB7eSzTAV7T5PBuvz54uXpGh5JzgVYFU7MOunpGVYx7IG4yTjXRJTTY6onyXKIji4DqAZNvcfNLV7usHmQHyKJfj8QFmCPjPR+MmZ8q3OP9kX5/utZdzFUk0ztNVMFPdTIv8L2phIx2/amdtpd4NRKW1hy/0c1PpzrVAqaIa19Ers8vz4g6eRlXF3RUCXat0HNX1Mr62PdRdGB/FhiYnUdIv9WaisauNOqkhhrSLe1dCYjGbdY6N2v1/++rx1/YGn5G4unsronHWIyKokSqa2euWQpOJqRnI8KglGzTIe4fc8L5A3pj3n9yQ4xcwGsVDiKDA+A4yv2ILZxKxEGqhRNx0IVp3u536T77jAqhdU3mf8gr15eh+799p728cDOs9KdkV/RgvqBQ/YyCYrhs06/eIEwJId+DrcjKYY4RwrRP9KdaS946QvME7sTJqipqeuo8YF7H66PZFctor3wGZjUd+Gx1N6iWJo31KlL+w1pZRRtC5JkjK6u8gHwiTwEXzUSLUm7rZz2w3srPEkiSHUTvBNhrNqi3GMaenTNHdv4Ndem5u9Y4DlNFPgNN8VpOMqmnplYFUPBFVSzDgVZyym+BAg5/i6KsXve5mhzd+7TDCbvK92Oqd/Ja5RE7W1Kzg2jJWEilZdtrkeX3wNslPmoRhUy/3RL2Hcc+nZ89bbcb342eHZQK5Ff9A0JRcW4ppasSZ0qZdpC2wjshRuqTJkVBcUJkr+hiRWEYFvkShVSvCJflft5E4ugwEdqDFpw6ke8X6jhagDjP4Wn+bUV2/F/nfZqkcBbDMzi9858N/2e0hHSF2hISa3aikEh4t0+Qw5iuW9Fva6sVcUl05B3KmkjNNYe2/6r5csRklp379TFjun5evbFUTCLVGfpVdbPTmiiHXaQlQRKw5ixgR4AAwDxJfn4d+GpR5TqTATWoDfiN53R/G5pyqaUau6Ui8kgqaEmsSc5ll/vwab+jsYBHR4qMZc5wDeuwzDHDPJtiH1+g2L9tEoyRfFI6kZNcoj3QY/yjc/w5PKes206iv1RJK6WehInGl1jZtpoqTk8zW662a4bzWc2TxmkIBrPE5tiHi+mnobW91zFVtlkZSrmi8nZ7o8pV9H9Ifa6424k6aqmWg82bsY32lRmvRhlKqI1gNdEXd5hWP0RfF5/dyr9p0ko6B0Yfag2T414SjQGLZ7vfzAyRKYIjvMX9DzfPNUonplQCoOXXVTqLgu4jwL/GXhhZVeHaGpsC5pZ4mshdMpy2FvP9Vsl0aTnlLoslLyW4icmCX6cvIp+tWV71kH84QWjFbnqBXQX8lAfz+uYFjbsFSuUeEv4enUq5qPoHojLMW0QYlD/kzYI/lMSRk4yBxs58xZ8kwbrma2EBknga2LS0ZHwsA4zDE8UdlHJGPxmv/5O5QORKNIx/dpkpciD6tXy7Y9fsJ0DfdLNm7qbKhXevUrg46v1EpOtnVRqc+wUrOlvlFCk0n652LaUzyznE00xZ2OBUNI1Hiz8FoiSHoXq6+Qj88Fr+8GSu1AmiumVdKhd+poVU1hdNnp8Ysk1khSKLzDdpnJHGYLA1TVdEugjk665TG3g+SJR3AQzGJYHOVpIMIILcf7VW1YwGuvQI3l+8dPOkp9prKpWAMHC7fyF9BJjGyS/jf1E0WvTHCQCV4oMHUyHFMLk75R3izGq+GHLcvF1pdaqMKG/fz06Il7WaMdrSdbK6fLvFaKwPXUNsZ9ihEjFLdCHWbcufnqsBTHrPJ28XbAW6LHMNv21+60taq6fQtq4Sw2erX3tynaq16d9nrJ+/2cpNMMQ91KZFoKnQNvlQ+w+Nhbe2oPf1WXkDt8VWnsG9MJX12kuKPSxaq9ipKEmpbZ0IIGm61UmabZ4C4qjLOkV0yinGCBKqnqzNL0VFvsvde+6mUE0InXdVtpHyWUY6kAS+2rObbQE7jbQlscqPK+YzpM/FV0wrq5iopi6IV3Pf2iIJWa13sx4YzLO1USb6riOOYWdtZeeCW1dSpQ85+JTOYrOMkR7JUHyRI5lVMl3fgMZrkMyNeQTRcTJY7T0x6RpeeVwglqMtuviDPKYt45V+sNR5U7QS7EqngKA7WNVfKRN1SmEMqStPfpThcmaDHuF9GJ8R7JczhU7BrI2eC+8fKNABZVq3GzjYEyflhu1oTXRU7OGxVD2zqGcBsqlUVSHk3e1UYYl702D8G94HcA2aLNpYBU92QVZrmP9sUza7J7193/YUe6foNzcNe41siWrXAcXfRfWhln7PUdJxl8CsTKKJuKxg3+kmWC+5uNII1i01NFgJ4bZKmGX+S8wUMpzfE1992VwTRLM/OndKNiHyC9vGatTvSxwmxxHCee2ICqKwMrA1E46u/T7o5dRO/uXo6f+9Swn4D8qI6RrBrark8ss2/sDYaOeuN0cr4CoxaBcQEAhFL6Wt6JS+y74MaBthHNe1WtSRhDjFtibjDkStqT/MJ+Ft/QzQ303EWv1yJQH/iW5TbGk44kkBsO8oNTROWqs9mx/xCz2jJc3R0oivujVl4fWEheu4/oip7byMAgZ3mXx2MTJbbkyazVyIhQLWEm/qRZp7RpAyaznOIJHNHVSqHSJ/Rd2nUYjdNBbut64g31fo0Oy/nyQmKGk2vlJSzuDIMqBAi++LbY/WW+EZCgCPqFc8BRmKA9RK+ET8aD4KqMUTiZ3ju5nWLzsEXmb9Dfr/thcLZ/ibLk0OUvU7YgdA4x+tneO7fpjYxvaGn1J6IRL6y6oTupzS7oR8OeEolPLeSvwhRbUgxM2KyF06o4WaDm0Vpf0r3TldpJ81LqQ9ZXZvZVIOxOsIxKMAOK7t/CVNzr4IMqoIXfi/AjXFl6r644keapsN1uuYNiu2MMwR1+v6j8v5j6jmXHlV3Zr3lzGolmSO89KZoZnei959dfllbvE2/WoVAvlQUygQQqWgynKYqHE9CMXSgyJ6tKRJS1Tc72W3vwI+k7XKRTD+IMD73zNqVYHhZzapaMPejEuDtnpYnnVNbATtS+6mWkR7Vz/3EFHqAlR0Mo4ofeSk7WqFx/xuWOW8/59PS6QTa41yGJ8vxnM9NwFb36PSkxB57zeCyMWNvxNlpj/YoXq/0sHEHjSQbsIyy8LsqDS5j/ZSch3Kis40duSiahiLUqb++nhzlZKr8Rge+6RFqpNWaQXs8mTElW239Yy/EwDTYe9mC+rVcPaVPzbJQaaJz2/FIaeh/GmqnUpxVdjvHbud/N2P1ROfboQ6YzZSzvl+nLWi/JEpiMej7orVZEqoTitfgxCN9VshjaLsrhmnQk9+03zgH37s9cQ+cf4qOHsSf3IEv03dH+LvcGHd3HCD07/1hqozAc2GYTNSS1r6TS2uPHSVcyTdY2rWKNFbriqkXg3HLqfzkL0LnFrZDKJpykey+HI5QDcjjhsyZAtReXJLjN2CFbVyJtlNXZd9dmK1wqFbQXR6iJgMLiWEyCmkrcv4NvRFfBUHfvlGg1oy3TKkjOSORLbJuntwd9pQ/lWc9p08EAvmAAL2aYfDsPLY17UbmPphZv7/TxuPhnSc7TFcSofuXWRd/zRjRaoVIOCkOGzM1DUAR7RxXoqY0Xu0qUglm0NRD7c5ggYXQeeLgDzIC+VwGj27QdZ7KfqHJVOalw/Ciw+rHMna0p33INXkuIpM8335W1lFP2/sod+nEVz6u/KIJni99DfmJ5J38//icYF5Szg9Tm2A0bDZe7lFXHxRKhQgYwx2Z5X+Yr/0D2VuDs0EwZKictPGybItEZwdc6AISczCCfB9i9FtSsgaj6RUtcCHyClt/L9P784/ZgCcTp/DU4eMbQCS/RUGM4ya985FHRQaxJ6lqhX3CQCpCT8kyb78pwZjK78MAzy6WzwfjwXwnw38blWJ3zHX8UfaSWOotfx1dRMIAP9n4W/2UiJnMlpRrhYFUZhfVX2vUekx7O0AzVL+gXv4gES89rqgmgGc8FyH5JJC1Twf6tXl6m0qKlRmdcy6Gpfcr0PYLdVjEezBz/3m7aiuan9AD+fVgAD10MsmORs9t7vt7r2lcaO6iIDfCP9G7wKEmu6hbaCQmG/PX4vzgMmnpi2c6xg4a5kDHpQHvLX8zhTXSRXbQUe4shFJfd9JHChw8uDwAzNRtS1v5Z0e4gW8ct5nejuNuHDU6xgqOkWbPtoBzMv0nOi68HDfQHPikdEHEOSMpASdhQRD/IoK0av3I+5Q/349yV0/510Dob3eKdS503q4W4bHeQTE2fC3yttz+1C0mc2PRS/KMDOKxLaRdnXsyDvVM7rWX8rXp5t6dbXMlDH1WwLOqQBnpYttDvttykhEfi0TXXpvwEtcYdjYYzkB1A0/UDAduwGdRlWc5iJkAtr2HWIdROjL80pHVDrJ2OU4y0hTvBrsXIoafrsz3fYpw6b/FOwOlbN8hd+kQLd3siB7/2pzmOz3X8QCFTlZt9j0kcDeJa87YepR/CfuD3wALSzOwaITUT1nCd5r3amJUJlPe621ad9ye2JVKKN9NJlvYCobhZ+Wop3XC1I4L4Q7AgBDzWUc1jS3UZMehi4+u655uhrUbC9pK4OWl5qPs0yS2CNJxxt0URM7Lgzhn747rnc+IIabHrHAii6dn7xcV4GVPj2uNWHXNUaEyAvd/rE2TGPpg35zQt17tBU94VDcXDRLejuXKFaBa7+Pr2x8M1QcHdTz0kFNTh/O3OJYJ33cpzLlKt5EvBisfzsx8y5F4Mf6ZBXqWv6ICG/JDoj+lxuXzGpcSkSAZ9jXmR0GuKlppG+PTwvPE/3qx+7YYyxne6B9dEpe3C1OPSFsqAxOcwraDBFQEoZKG9c03ohwJOVtjEjFKQ0IhVpu0B/XkCMaVCwMzD/h0KVbZ0txLu827Dar4XBJiUB5r6mqNzMpk1ohLNVM//bgaz2Bb/DqgGOplDjkEULZGfhcBwBzEIjbsK/6Vz3IfFune/RbjHWs+FZ90C4xEgWWjLfZRyZwX/bvZPOKwlPs4f/5dtpAv5eDCC9358eylbaoomaR5q0PdSmqRAEr331g/mwNtCs4pgCRCT9wESgFc9eML6zhGZCT08592d7W5Dmh7Y1s6kas06HtAFhA9op3wU39g2fjZXNvExBkP8hUmOxRFmL/NP2rRiNxl1KRu46EXyH7CYZDmZwQwTt7R6vfvqZXADAMdJgf+IGtJwe3tpm/qu+DGwpAdw3ZYDl/zn1DivTIkxheWB2o12eXWxYBvacQxAQGY4cg3wR77bg8VPjiX82tsuoLcH7aPFXiQX17QJ9kbA194hgjTMe8KXd3VX4jPiAo7eBiV8kUyK25SkqCxo39dPkh2neNO/PIqoB9Wu1chp2D0oPfdoXGEOWaDlPXiUDO5FyZqBiu7HGiL3h0GR/tMxh5fjYJZZh9aDkPzaoOQProEviKZ799lQo5WWn9okXcO9sxgqAH9j8yr/4rK6hWykim6ZO5Q34L7pm2v6NyFdVM/NNWi2w7niMQZ6gL0EIETgPBaeKIW12aHXOyziy+6UJxgRv0LXPObzGABuVjj13Ukas2l2U0QLzBztbMPfod7qYf7cimo1rLs8Q5gxbBtq51UGieI+NqYe7GpFmLkSP1zQ5FC+cgiGedNGhJ7sHlOKQIoEt5SoFUPMOMLBhUxa3kPczyi+okJwt2H/Ygk6P3DvJHDZepWEQpSVV7BFyHGrcsOvnCu5sxFf1RS7lOh3nbdbIYOoyxTdhmY16upZ5P0s4i8av+CQXZXGQSDIx0xj1dseV/PuYqjmj1Kl8hP1SfMxY9MLyNGipnvHdcaXnnjUuyuLVUpLPE1TtSoOzvippPdD0NCxjJarbB/i3ZAMbQAcWLSQWthInXf9x5wDdaHj9Ww7dYwE9/uyfJq1kMmMHx5+4JRvbS4uDSlQkmuoSY/kCf+iAU6YCl5OBb4pEM5k+Q/hTNtM9Vn9Xiw6WwaXSgo1s3qMi3Kie2ARTzcs0juN3KmnCDhp/aJ5qPeYqnE9qj84UCRPu1NgcHx8z6kSegx1lIPSGEKptrf6A6Bg7k5fuxHjleX1ytfou11v6BIe1sv/Zlnm8mMhCuHVV3NAYKecxTRfOCMdjdcgUgYlXzpUlhjIbDwo9zGdq7vgcmXKbtMC1Cy/1FpXXTgQISp0oSBPJ/4QKaYy7nLmpsYWhGDgpvw4mmJ+5be0eSa1ged2+EHnT4+QsNd0KNbACFZRLLVOudpjYSNYqXftAjOPXlSoWov/UtY9DZ8Dm8ceI/EpTbPgxhi3l937/ClQsrod4PZozHpQKalF5zLQyQeN0KKer4Ua2ULhGZUdw0sAQeqsnRzHfy/f3SWYhVvKB3d2mYjVLbuKHx27lCUmlU6lak8KWWle9PdmWx5ZS7q5pmWhXtuB929vty8P3c2l5zXR06rZWI+xtKSb86jmg0Q7bSHIPfpRiRGGYcME9Toms3dg0D4gN0EnQ5oJdadBCobKEWIyfSJj8gcF5T1gxIlNU5GeQw9Eg2ElvHEV/jRo3ywjGzQxQIqTAQ8YJIRpZWHGvbs2fQLd2Hksl6Uxt81Yb0gKzHWbPvcDoOeFiaR5AJYFs1qSNuzU8w7puwEzadftL+YF8ontamJQrIuGK9UsYMwsxPzi7hrg3Bu+zsDUjjpsVzwaOW/hMa77OW0G7O0ux4C45s4enABnvGnSRyjmQCg1G9UcbtfYa5LPpIf+kP3n08DwxOuQFkf74MGI9fw3JkeC/TymFP2w5zTGnxCmqznzI67+eJX2sccSloXd/RSFJse0TZL+/HmwAQ/ppqTDL2qY6QYm2X67zxGVBJoKH//7Mo/SWrmHd06a186m5/s/C+rb39Y1QiuWc8rUm1iq/x5O4vVy4153IEqfFeWY9fNrtdjo4dr96zgA0ir3SaM46G4AnoLgr68YLUiGAfbAdCjJnqAvGsjvfYpm8JsDPN7HK4fSvxfSBbGp98Vadzb2a9akqtbW1CEQ8LkVNvtqkhghw0tyFf2LDJhWT/n8/e7bGtBiw1LcT6RiFOGny3Fzx3OU1BeSqvC8l/yp8FlDWNilnKMjzmD6gkjHJhCI7Lp3vSZmwVMlG7oes30qaBtZkiO7d/iCjWLR0vv1OjLgx4yDBRP9NHecW0WVmXlcgWc1oZZXrDixJqYQNIZ5XMdzGz5Ls4WC9MmKbm5MWXzO6K/d0fMHIIWRRXBklgw1N68YFFr2/M8DBjD/l+M1T91ixYhbu9eS6OjD1ZFscmwNsacQccH6kjCyigHiTgxsJSBmMQMZ6ITcy/VhGcrqIQWxZq93Drd9zD+GHtspSUgukfd0kclP32pxpaoyjx3XB2YyUrg73OadThvIrlULtxoTj+rlQqoVE+Vy8NULlwpkzD7YPcurXKJ9aV3wEJgaB/r+e6Jiz9/v2Ni0j9YoYE0djlU5pvnXdP9eEsPYRe6oC4rAa3vtZ5ulchxiZJ0OYn/TpRcXB2o15m0+519kiVoo1MiWpShlpmlHHPfccsU2fUcq1ttw7y3tiRYEyKV81QdqWu3a6+rXR23d5GfXqGRnAXm9xXKhXCH5aqwvQ06Sc7cGXIJDg61SECExmJ8Gzg0APzbc5uRIPOoQGV1uJXm5bt6GtccWnGQyWSEn4qe2EB9re8yCBpw5wgOJmZ169/kMC7/HA2+VTwKei98VXCQytWrawFG0KD3QW/8Vo51a/nh07uWRvS+GolzHgrZDsbGm5Bpj+XtmKjUxzkgnwPgDyoFSoKAT8jbZOuLtJocGWRAoIgY6AloRFck+xCV7pjdg1y1EsxGqdC3TlGQpHEKxfnVxcpi8v+rVFDWlsmwdSSpqPJB/DV6u5ohuHUPZ3fOxS2QSWz7niPIY1AohpjNmT05qaac1w422LU7K3cFFuGWNfE7bJIbOo2Uyf9oUeHZ85VW31me6gfn1eQo890GHH8HGIpgytxuIF+kdzCaiWY6SX/Mvfit0EImmiXgSGSAFmLGOb62hfxb3Rd+B68V3yq+rtyMNIhPAb5zey0piOBoYU8GozXpXEJ24mLWPeIBcz6HtFgavHOstWpLVyQLVK4RTCfdpaB6H0+lZfjAoPRoj9fHzIHQ2bBQncc6+flmw8T56cLptjuFYSiiE95J4iL7siJytPGnYt+NiGfd6qIG4r0hGY83LR55FPFD2qko8MuilkkHk0LIkJV1N6Zxl8opjm4V3Wl+6PkUki+qrHbXHhytPdaHvXetfoV53AQTPu9csvrW+fhqJd+UUnocZPhvZLm7Qol5VLRpuEeQVhfmNx3dgw0uLtB9dfHgjlLky5Q4WRctDcagy6RE35wahslt1L01E5rf9Pn/pRCYruCO8IdPOylVYUbGf8Yoap+vhyMv7u+46wUKEPrXWi1+4Ei2ONYvLGW23+ZpzsZDZq2Yamiqpw2moyifeC9V4zm2af54j2ErnrmwPPVywTtf8HrDbvuO2nalGdSCR82mGLQqOQtG3wC+2rikgFOEnJSHLqKIkhyrF4MogsHsAZqmH8nt1VC/maomxaDH+5Ww3Rqg+Mh96TkJ3K94BgtBArxbWUu6iXqfUnrpzTghqbAQvdhFoTXT/8umP9wACjxVj4oMziospk/gOCR+LTWkD2Tote8/sFfsg4wpO6TVGGBuPPbeHb/Hw9ZNmqEJcGL8jjSGr4noDFTej3SSTusjJi7iJ3rH4rxoXv+jNY2DeUBKsD0N+DDmz7kvua8nn5R0vTtIph/q2VeYRb6MepymTbxj+gLjQw0nR5cwYYkKtgn4nqedc38Dy7/MtjLJZo0kV7j4ZU0i/20AI5Agcwur7Jix81X73/pbxoKR/vTHEECQWErygFt5Vle8EdMf6MQSVA9Qz1bHlxmBOrNgsu+rcYSccgR75apOlegenG34QJluWqwXa+YzPJWoUKfBt7xyAAoY+5HQPcAciCFSvw6/w67XFrqrn6dNqt062boXDWNCVjFh2dUs1jJ6McTvraoPoQrBBLohB+EjCRL/8i8w+uxtXS2S6nyZqxgIi+uO8I34DcZSlICFknFqrCP/6hCcrcbyEtFKinyDKfRBWgQ6fklsb8ivj5lnpmBe3s3eOxEt4LuHh8LrQjuZZzmM3nRjqTffSfzJ0tATKKl4ywXBAZsIJ7YONp/MwXIhUXBD3BbH/yHu9H/xAbjOJf2Li5M5tlhSbYjiTNi2NM5FaoL5+hvjjONb1YhseRu0Crm3i3I68vwnYDol68Hl4LecTBN3X0jNtkBqiFefQs/7EN9z4wka/fijl72IlSNuB4BV0FUjuxid8IVFtNS6FwfBXvLS1xKWqs37W4yzVgRwRm0fMpcpEZzlKWpceUzZsRDAxgAc0fKC425e9BWec85vSCctTHBqoQRrupMS287mzZVigd3rYKgAwUMXsHc6Nxpswtcjvmpod06MYoOanUnu8P/XrMGWsbY1kHTh4OAT5MhzvqY92bZHa+XxQgJ+Nfmv1YWwPGxdTpWsYrNEyzp/OTRI0mnWRZVVvd8TjGIpcq0+7ByuYgFfS2y1dauA6uurnDSqbs4Vb0Z+OzqIaRhjEFvWpd2NjSLrHd4AOpoiAwN6vYdEqwHYJRnkSaEc0bkzaixogfL6a5/Q/fZpRGG9f1eugfn9JaN/fuTl8ch+Nu/YP23xlAYn6ryBWxknxhCmKGANG78kGhbeRg7Apqt+emsTLQkScuWEQ5pELRzXn6j5gCrMd3Xs/rEBNtiOFmC8LA7b5jJ+THuZjqVlaSQui52zw4SBc/uYH8dVdopw3LPHg4cRgJEa/vRnUVPB6zyH19rRnDehQDlkmqPyL3NHq1Uh07W+ikTMKiNJP7GMXgqkVQlhQkLzwV9UnWL6gseGnoQvlDzXijFkP79+DRSxuHg4ESRPzV53Lv8+dMBgbZMGEwRW+y3rM8TYS5g5JYAcOy2B/msEv0KzcHm2wWUZBYMv3OX5pnwEaQTs+8h6kM7qi7BIDQxTRtkwSJPIeY3Zw0sb4RfY64iWDkASe2Tf3dcHWjWMeMEgAcsGogXhpAeOvC/HzYMGlK2yAIpV60X/em/OygeRvAPNMPTNO+QAOYvW25xt0sq46RGOQH06rEXVTDV4H4eFp5bUsLqQ/VWWhSQ3jXWykITNPS46ifIDx8wvD0LkFZOfKI22nG9yMA8kxZl3fYmn8lJpiTZt0mdyaBfIS8BoBJsDX84FEHD/GcPxGu8JczY+g0j/5YgFRA634l/5WUG/tQpLM4njQ8vgwNq9MHs6NtqgSzZVF3b7dnAP2etAsUDlxTKE+eIPz+Of3rCjFXkjY9ZikioG83KLTH8n9ZUFeDU3IBz7hkM0WaQmO+cqVVN/OjKSn+nmPJAZdsblL35lafqXXkMeZanPZJmOtoU64f0eA+KcPJf8lktYAS6Xzb8kg5jlKXq2DMpf9RfhGTTqkBzr38+RPFPq5f3yGbDeQ59A6RCsExroGFoWpNHl5iGX2LY/DLMxUBOGkxi87/tyI7XAkbm0Hg0xG5FUBnsCVxLkYfFIhSEG9JuhBR1zx5wBSrqLlSL+CmVSgO/5aEtGPxoG0fL+YrEXIzKc7C//zODtMasBoZyWcgtl+YUbdRo9xTX9aXO8oB16d8A3ejdD/xLvxGjtwplw5ow9l8ZFer73o5fdX95mnZroB109GCHvOP/67BvbohYxEv80PV8i68SFq+Jqpl+IugQzvPlwoywM3ntsCJfZncHbZBGnP9osaX3TF/2We0IdmNHQBVHTSy5inaTUVNCEceB+S0+Pxply/JAOXHg3zgxZwv6weqzrKGiDfJgvQ7vv+SiBBsWD5ptdV915q8FwoH0wkgowC/x4BTYR7y9fFNLYXjHk4G+Ot8mWAIjgu4xLz1/Z+nb9in9su4oAd9F2PTwx7QpFmyn5TZ0B+mJpc5wMnlX98QZPvPZj5i8xnYDjRFHI/G169FD79snHioLIaM1Vvl6jEN67GPQANp5x+fIaYXHm9zfBJ4ux2wEHokc0gQgxMMf3eSjyRSANQe/Ch0HqftEYRMSM0PobD0YSSQjk6GA9++ZrHuVydDRu4l40w89MjMqViUYa0607Wtxhnn+m6pHu6F3pCenb5a5XNLbh2t807DzPVAjvrwqyWONU+/15o4iYLF/bZ+jRoRz0c+QKaUWXDFVqhXgzHFZ3EdasevXDHRYIP5svaJ+b0jB0JR4vWhHDVi9jP1P5ulwIxYpshxLScasbsD3rdcXXOi8C+2q+uvPMEnNL6lRveKwAmw104o/VX6gMsDN/Nn5LSE0ixOt7V6yKqeKMqq2ee1cZbCyLIixixQfhqdQdItQPa2U/V1hfrwfXHbmDzmMsqeNlNDgy4JLCcEDj2fOw5B+K68Yw8g1AmHqJjwT9thNrczCagS9UN9JhceX5VM7bFVRS82l5AtQf3g2dB+m1b8Vo5a9BjuwXENdD45uwsBG8OiJNghis+XyQA4HRiaUHJuAcbE7+sQUIMTL3w6RIHsD6PSUTgVvFrkbzDtKTlkDjpwbXKFaINgiiui+axW+fnvXyGs96bWSbPtvkgbx2gJlCdwCW0NjgQdfJz6O9eqi7AJ1S/KnZYbyOTaWeyiL55antG9c0etprvkO5n0Fv02gbnHPRWh+KlsXG+AGkgU01Zb+6iaCdQOTHQ2qu32WiUVTey86clTPTuPagFdy37G6ceJEVqkT6Nx7a8Znb/u9/03PrVW1JES+e+qh7bmwKQ5rU+1wCBRR62pgVOiB49XpKYmgo8xLAHPw7g8t+UZzg306e1byYfifItpYge9sjXn194RpnnZJ9bDHXhtaR3lbnU7USHKbTJ6Qq8I1GTLxYQK3D2/CUVmsz45SU55GPyO1xKLoghGuzz4h+Q9mqozD1IASmeb4RpQgeSR1kcVJSDoH8/5EMQDjQWM7FPIRJEvi64vRBvdO9WgQ5PfhjJNXoZXJxx7USFCn6TWTULZJxrfxe9ZHtVfkhONDAGY3dniIHjK1xF9djQLy6kWUeLD/mEZ/5Yl8MLScaHvLfpIjn72Oyi/F5wlOzSmn7w4HtPTZKzMoEZy35YXb8GvQgiuNQOIq/wC123NV/u1Lfft9YZHleUIbWJElrmxd5E4KvHu5yqz6vWZKPH5hZEhyfO6EjBNKYH0SPGdl38GmWKtJQJebVHXm0epZrWOSwxpKTMEACjSyNwyVr7O1BHt5B0zqaMLQHGV7++3colRoxa8JsqP7z/Nlw7XzJE81QLNnF/Tcb4vY58RmJBgi5DNbw7HFaS5fE4LZwdWUybr70zuOpt5dSvCsN70ADt97P52b9Zgo86DkuJBvpusj/BcIquTpJqbit2tf49qMEVefW4Vhfi77ykP9oR2yDV995vPwYXMze5c1y/8P2OIneWKp8UknwO4NpLNYxWZ7k6Bp4I0PdKFpiRwZ/EQ4yZ1FxVzqv2GjRkDHVY9/T8gyr2Km3+fI0fA1/f+u5z61cN+I2gLjQAB4Lu9URPgtA984o6m7lpJD6XPl1y8IKZhVfC72ow/HA80Hg0gvC2HzDqkqO5sIbOOGF7AMUoqOOsM6ddulcfoE2sS0h3ph46sp/MbuEduxegN6HFcoiOSs3e0Hr7yuukQquhyaCGv8c88y1yssJcnG6sYR+HX1Xd6wsCNLWEycODQ5SETJMuHsLFR9MCMbXZ+9GBgLYRRxDL4Qji5t8ZfvEx5kxlL4VoLEeMIx8PS2zpvcb7valvml6gc+GGBY5z3K0zPnOeua9eT3A7Ka3IY/DVoM/eS/pNtKE3J3TTFT0kl1qeH6CgvBhyPynrYc1KJdIwQdh4PkkxvYydMJoFOqnxKwpVDW/j4nM4XJ2lOfUWHuPJ1ReK5zjz0nO++H7fLavD2CmW39RuWLSoqkwOD9ebSB/1LT2nrFj3fWzchrmBUicfLc02cUlbO3+WMOL2oZROQlRYBY9LAxsa+Y+rdVFoxFuH30Pk5x2Z27nVu7y5DCq1U5YXTXDuZtc06yw0hxNvq/Nc8W1OvF69GXv1jO5Fbb7lAJhxbBvDLglmr10/yfwHQId63kla/Iym045wmZuivpSEtyS07ohwpEcq+ikfljJPRNDzNTHEMi7KKjwm+hTBvioKcNk/+IzyJMOZolT8vrtt9JTGzT+B8BzjeFJ9/J6jLR6D7FobB4H7+31o0oeJC3Y64D4LxANYB3MiD3gLQG+zzriznSwli1sp7xaDrU944CVxPfq1orBV0VlztfblI1Dq4vwIGKGYbg3yr1762PpKLJBQznSu2B+EFD+4yjfcj1fX1bmGvBHXoiw/U+zK+fFOyAAeR+H1cHujeadVKG5t9dpDEeWItwP0safVvikzdLxLJggpYmzq+csGImI5b/TlywWABvPn6V5f3jpHQbYqhXob4UW+k1BT2QatyJITSvzOc6+RuGC3cMV+jGYjY2xnxTJ4x4cXEWI2ts6w3iPw1BqU7syI3OsWirr+GLlek3ts/T1tFC3VgDgX1hhrB8wM6Z6evsJ76V6/18ggd40eGpvbjy2W0Pak2ml1eV4zTE0o9uhknGXQvuUzTam8RS5FjO8sc3oOoAareZi5RewbMQug3mI6dTljqsgsX1l0FvcFrFEhp8DelOKlhq6/r6ODeDMr/hwy/Dq6cy9fPj3n+YX0Nv821/CNpSiFVk60bWRP3BqSPdwRFXvQm0Sa9CN8EbS9DhWtDmOtVeoSUCQbzIuems4hmPgX76HLWOXE8GrGxWriW78QXVMVj0S7piF/3frlTeVFqtLfbqFgielT44uTRtRjPqAM/xbwTVjIXJuLz48oOADCgN4PhgvL/D74bn9J3Xt7BrAZg9AbBFJ5oJ8AjYmydTP7diDzM2lQiJTCLBG5xmD08Tsmo7YQcmKCG1NMd1BX9927QFNb+7HRocNhQrzrZ+j6X2/Qb0x57Laaqf2eIGTrPOTQYYrzu3ja6mJ4I8kseNJhYnNUfzganLPljoHsdzLqb684QV0Kn/gZer5dB9NHOOvoPVGbbm1fqfRw28Mu4d/bmhM8r609nqU5GxEXTPwXUBuE+P7d/XyT0PRzkO/ef1duPsdZvWo37mTa/dERgptgYiMiD40ys5H6tyY7BjKWeCFfZSpeSf0LH66Ao3BL+YVBzE/iHtuyuaPkp+Uapb/EsHKjDQeTF9W8aNncKTuQifsaz442x+gTxHF5ON8LIWr1glbQpR8coiv67O9aPY2Vtw8ljq0YJVyjDJJDvazn0/JCGsfi4MVPLuseFvG9eCAE6Fjnin3Ib/HaP2oFbSw+z6fZ0ouPuozRZympUizpT5nnmP6ePSzRVybYMfKhxBYzk1ChlSroIyHQWvrIaG/iVMynoas9Yy2KgZPD13mPLOg6T3MZgL1AJAoSlBEdZVLuCvjuxoOvCLK/ivyULXh7W7/nQOtlKENBiVwyw9/H7e6oxvdEeVSz64co/QBPe1uWB5p9O2pVVysO7O63jWi5Ngs2QJ/HBjzEQ60HHavtz+t41iEBJq8TLoZwM9TFYhBnCDJEV6uqEfK2ZQEF5ln3Nr1K1dqN8fHtYlwgS6XrAdPs94vUlF2z44eUImHdwOQ3yEaMtkkb/zy3Qgq/meKdwZje030KCOCxkf/w4rzGYy5Z1yvI9y/k55jBAfExPSOC+RfGYpnFd3bIdREyViO9SkDW0/daVOgHG2mFMrCd0+VoNFM6CAc5qn372uCmZt/mRuU4P2GkGfvG/IjBONoDWh/rW0loK0IPEOO1uuA5oyLIQyYA1tw612KjZ30xTdJpXjXm4cuyK/0wutpX/U9OF6w3eW6jJn4QnNgMM+nE47jTkfIyfYOyNmZOZl6Nj7mLb4GpZqrgg7WaPzjQxdKnwGPqC4FrZx0lIi2mo/xH0rGHUrQN+UVFv3+wDhQgZGmu68kUrwCW+IBJUtF79osHSK0Jv8XVw4qWv+vfY1qtaaMINZ3L2Ks8FguDRy7Xn/CXh6ebnm8eNThteYPPBOvb/noN5fuI5e0VQjpJdnB0kZCTu6hhbNM4xLj2TqMpyexzkUflfiDUhYcgNPVp8vv7FvWvDcW2FoLuVfy0fcyk2rLou5UOuIDsx+agRPmJhiaLxwMh+Kxfd1qdyPSQAGbxpPZkGdOAKMinPRTHxvo9YVE3+na1n7XDfkJdlTSXgA1Svvyv/FyiQcn7KXpItsms6CY17eG33406wNJudJl9hxKcHDJ2p2ZLhI7wiH7iilTGvNPyl+0MhUFY+tixUWj19pHb+Stdx3RR1CTQSo2wOulDGZgOhw0EukTBFAjcRKVUgxdvEvq6dPp0DeKx5Pj4Rj+gljRRV/krh61PRIxMlJTEW7Thfj+Z4+NXLIr5Fw6acmdEKIFhIGDhO3+1umTm0LiMIUhpwt2eeWQQ/lWau0xqhZ/WwT9d2eKi67t+UKAh5elbMqGJy3tRzt7K78nKD/bGmGYv5dEYakAdzHUC2DrxY2pzbpc8+H816AHNWNz9XeaRjE0d49loHWlTxhqlZ8hmIR9wKlcvtNjs3oOhhgOFOzJNNxoGGkGR89i/KYZYHyqQ2GEZ3RJGor+XaOZtjTjOzMtc3XX3GH7RO06kOcv8Qh3DVWnpVo4y+00kBgbMzCr+u9+BLEoD8ZMNNWrz9YHeSBRIqftV3jeafNJ8nlfeXLqIV2E6pNWcgQszYvP4boHXkWhB+Fq+H9pYpWhxLrcglKxF1LMHbsV4LSTeZOK7bsOoAXymKRDFzCH6WB+b7ElPhc/k5bm/xH5c8eXvjVIkbpUY1LOBWZhHzbG0YE9F34Ki9RV00Kenb6Nn5CUY2Lx/UfJlLPwq9zmKsX+9AoCDpVVHuaQlAJKdC0mQXU0FercjE5Ss0C78edxqkGXYRFWXv9QMOYl5Vb3j2/qLfjZWLzWxHdkrJ700ZgvR5558EkP7oIE/c8OLCS+hwxCyAL7kvx4D42FXdjNLhQ3fCnAr8W6X7z1qEVfPYbiaFCOLFryw0tL61f0Ilnatq+uqjmjoR1m/8VekvGyK8dd5uIxdL8Ese59U7HPVTuFfTJihgkMuQXxPfeaRHUJ+ojiJlwfzxvQH8v7826c/tlcolb4SDu8b0VnQ+ZOy/iL89fPrNCL4R4pwHm4855CCcXgLWZMIHT4xCkWUpL8eCznB6YY2vDh8NFRGJbu9IZ0xZ/LNFIHedxN3MJL+i5r7ZwvJ5i8fdfAhk9YUz9IiXSQIbEHgy1TQkVVNFzDrqUFMItT8Zn9dGjiqocYR5Xn6YchNSDwssw8wfTcxGQSdx+hQyjn54DB3gAzW/7pASJINGVcda2sBgrWa9djboXuW7ntICSQGJK43N1n/meLJNg/a+v0aQY1zJgLwbU8XZGDCWXHE9+OO7AhOmorRREXN3eJvG67dqMKZ14s1/+YmORsbgE4P9Oe6Wg9D+YK/JZTYBxGhiK85VQAwfIv8JT/X0gtAd0n0qj/P/RNw/uD+5gtR/SSLPmJIB75wI5TmX4TF9p94OCR2yn2dwy1Qjd9Uf3tWaRLDBB5urZJhh624njRjOGwFqj5fSVMp27DBxSk5AmWnkuP81x8jfC4DV5GwMehNdqtweKi7iiUEcF30GD1zLAB/sQayZqS/XhzgHW2a8tWm7SAviUAXkc1OWXdb07WvkZuoZxwqz8D/7r5gSeB3nl3UOY/O1XMH9OdrPgwscqo8agI2QqtfEhJ4I9IbsMcOR73dlWQ21ATcVd/bOBdY1H3hl0d8BsFuJxNKelPh4NS8M6N3f3UH3+NdJbfvnt/aT1KUPevBrf9ysJLLUbjV2MlvA7MNzW01wlA8recAU0hO4J6RXQGn/ipirZRjqJdMwxIU3aG2J5NKwmx5ys+9yIJqS03Y7qHuHmJuMdjkmIYFcsVXxYM8u/WraV9h67XLSNYD2tWLov2ui07bXlD+gVchezhc+nq9oIDFc7/+FC/md+V5qtZPwSKWkvenQEh90ea3JlfMbDwJTf21kGvNWQT1S3RvIUdLEwgLPyP5dGOyRbiEEQ+LsV7MYxp5CiiwVLvXJAe3SKl/rhoI3snAM9DguVQsatS1KHH9A7DlFDZ0XhMyHxYlddAGDSK6LoHKyBm/R0/mWVwW818+hIPHvHwPzXT2Vlfk2ZgZr5tyzdrbbqgqJEugnn1PqG8zlaI6L02GfwUr+f1slpfkqNgTX28KjqtHX7H7/gaaW8lgQorSix0V256a4Au6ID4LsBnUOCAxfL7FdITntIlo8HAtFFzcC1yf+f/732bhboaQtjzvw/b6e//K5baT/EsYhesreVw2yVdfcGxzU+hI3jJnlcxhtfwI9xt5kQ91y6awpH6SAWAZaOa1q68mfwiELyUTtq1TdHMpo39i8miyJOpa3jNIeGKLiRy5KBc63u/hUaINx7L+8nT2xXpc9RCcWWbQt5OLMJ9PxJerrMuOHtDXhQ+M1AWRggSb/Z3AkIJ/UUtAvYec86eE5NlT4zTsUAqIyz34ce524NhGuMn9a63iFnQ5KBZm+MSZj1sY7mnDGXe65UlrMN6+nMQZ/+HzGELFxK1SMc1gM52KXCHFlyOdP/3RQbMoSuHxKFAG9V7ifLXwpS5Rn5aunr38HmrvVQu9LGPngeeFFjPVlj2ox3JWnEH9ijG82dPei6Fz0IBPFKQ55dsM0u+gzNtzsgn6Etrjdd3ui/2d+mfS7FeBFC5F5P/3r10OXe58SVhZ8akvf9Ri3W6QyoDPICSe+6PslfdswAuFwNpih3v8Yp9wyBRiNtWwtyRIKePQkttwz2MMhk89ANVf4qE5HQ1iUjzYGSABKlKRvl8x7I788LkeJ0drMYSfkRqkjsymPNIHIC5FyBxan23zWGemps3HH9HNVhd6ApHez6RVll31lx+KTRadcv0g7uYix7foXUaDPa7BjmWNKR4MA3sUvjxAfh0DX6j9lG/W/DXXX4SiXhtHMPYCXex9/mmpHkvScER2/o1LcG1ZfMYVwq95NDbq8t2Lc9KoEXqQ+0pTLlNJKqi+if62WIPAvTX/dTYU5YoHA0NaaJjewbbX4Uyey/mAZ9P6y0+X8yaXw14fQsy8yGrjmodUvRrtCDySLOTQBSaWjEZItkHdcPTYSClPYj18sd3RGRK+KpXYrE5MKnXZqPLgA6xrYH33gvH66wqRxILuN7QkAHuNeAC9q21w/11NtW+xzl+EU0ttAtSb/bQ9K4IVrt9cC+e5u/6ZQKosKzDgQlHsE2x1zSIq+dz+02T//kuPgwzoL4+fM0qxvuHLCcYJ+pxr8zE7bBuneZXntl/Jbwqp6CCCNvzPiryT1Bgm5GsGm/BgyRAIfDb3lYnjmzB2gKuoQ9IytdMELadFP41B4AaQjNeHfOhsY5jpC2Qa6J7ca0J8NSZwaV9q/t0rimID51U7Lf4vu8X31wJfZvMYq0+rvXgyp9+9l4snMbON738HrstZb7BIUHe/MS5rRa7zHKx3e2vw8ulF35DfG7V9L+OhjhgnbHj+cNSmMKqZL8l8KQeuYIH44EEkAyaVxTFcSHPoyZIfkXY7Cf/lSgpC64B/iZj1dYr57gSyrukrYef7QUtaU1AS5z+/zb0f0tK3PmOoncSefZi+bxW7WFLSyodd0mYE9cILGvxasB4XWIeyRlktCW2WE76WgkUOGa/9z/vvbu/WePRq0LWc/VaGHFHyW9YfJklUyV5dr4uyGE6opMJ4xSqgjz76eZ/rWMhcmR5LmL3aNaPzgtmwVx8cauIS+XuRCP0Eqo/Yer5WWlfwZp+ZSozPPqf2/F6q8oAaKZGO1zznXbq70E6JTqULSPb4fFVgcgpXBKvYbdPqdZ7pol3RF8w5iT5E03FGXJyB3j6kJwBCNOj6Z6peHWEaaH9gxJ9l4Gt+je6yqKujuM63qfjfTQ4CW4o0zI5T5ZAC/sz+SuKNh8SAHmiX8uqR8Oz5N26vZSUvdbpWbXYpOQEvlC25MrdhbF3KNThu6G7AdhxaEW7lFehLBIR5CpWM3ICLis8mCqvtHEBtH1Qa8cMIe7+a9wUHjUGUnVv/atC+8ohqf+gx17jV+MbXO93rT35B+Sw/LKUEz5KDUr8ZHyHy8b3i1AGsTJMysCn3iCIKmme6gKWAk63ch/oOFpqQGPTJ0y4u16Y6+0wBovToTt/2rcQ4initbWkj77uLDQep7AjV+YrggVHF9hmLJDBpRYu53SZI8LIeN5bJWP7dPlbQ5AfgLvtJft3xDTwFFIrRlU7ybz/MwqZ+GsmV+9YkCVJ6bdld871H84S0NvdJhuqkxka/o0b/ypgRElpauakfcKgQThSWPrCJLrJCvhShHg4MsVCbspPV/C2mDXU4vKM4/uvKdafuOdRi/Rgy/oJPOHlwQ+zrnilY22rOxEfxw24Xf6U3gJcFRTv8yEr7joMAXtCPWnzKX+Lxe8MfrA/U795DD+flKioOURz1uUt+DMdhQJknf/H7wRjobcH1r2sK0MOZtG7Rhv/WTARNE2wOt8K4DGmenbzAzweQJb3vcUgZT0JnroqeWR79HLqO8Qr1BVTJNx/vZzjyG9/O9clV1R0h4GUSnpaCFc/PPcHyuJDrz5RZC2ItZOtJvrF8bEkdH1x9gD0HLx3T+/ygdjCVJIE+2TbsHVD5ocnkYVJ3StkyGrPy0NBSDgN/grIEIMHnNFh5BL1NoU40wMwDmi9IJSYj6a4OCar2ksfoncMofUtHLsY/cX/BmQPNXuvXrseBvmYk1Q+40Nkmfk9IpTIsEFdyJVj1zVHQZhUQchnlje1WV4rxNYVH54i27x2wrEwfAGfpFIEfzxBg/4TfGHJdfBDni+Bt5YHdLPmwRTKYmW9wkPO2w+J4IjYP8zjEuvfmLb94yPySOdYPnt17TsvNldiJCvz3ymf43Q/vwesMcIIeoCKvZuI+/3X+aP746+dGD9VBlVLZP2jga/w5hh0XXA3q5ABHJI5793izBvvstMs9uUJZ/bzKsGbhLCpkPXj1j+vSIadzddW0t9WZ9WNi9UR9PQAG7keZe/5CLg+VdUaaA3/1U7ZMRERL6XFaP60cXXTWM4plgcb+7L7vZiTpgYQf25aBuK81fzLVFWYtHRDya3bOIlOLrD2Et2QP16J7m8FxbEHv5XGf6fbpNGBg5unaEj7a5k/z/P53lzgz39ttTClx0EJ4u4ypGAHjTjmaCjFwJkTWbsgqfmUP968ehwkHD3PG6Xl4YweoNdv0Y/r+K8X67rDyMj/cgk1fU8QJ3ySNW/q6kvXr51gO/G7iObTqGDvyII4EYboIGipAX+3uDjPWLyw5XyqMiL9WJV/x1iA1SWMSlFBzUB6eA3KDqpPHH0lc2rbfbzYD5CFUId7NucwGeIWCKME4pvgo8GYP7sCRNvPdyMdlhyDSphcmd1don52v1PrOaOrex+80VPpf/wRaEi+Zbed1ObovY5VKkVoDB373saq83p5fUJWt5ZnFNXhoAvBA0zA3RiVmjgJBvmeSFCFbipvaV9UIh9/EK7YwxCu+UgiiNEc10IRPj5L9hplX7zH4SvLEO3qFX7d7JwF+CDsKZDFGpZ4JNqgL0xGFFzYbAtC1SEmxY/Kuyzro38oXFklsLzYnqDtdZ/JFPiZ+L/egrZ0NGMe7gkvpbP7iUXRpWJQ2sttdbmzcPfiUzoef/LOO4myHC4Ci5PiD77snPkeUjHFcKeq0BZ/nP7IOM01Tgl44z5rUlmvcBEneqBsjxkTQJILf+oGb1hcp8aTVowfTEFCqlz3ev1LYtBDxwd4Kp7P4QavRufTuN7ikHOGQBWALZA8UaZvaHb3suSzu5Tw3F3OATwG9m4AynvnXgTS2HOh6nf7BFXiL69xhfjHJn7K8qIRkXXHXtyQzqcRCf9fkfivuP/VnwzHU+pJkSI5Mwoa+w/7ctaFs8CFp12ABznR+MS2Rx9z4P/5jaGbQCh+K23KwC+mzC37ZZuAL1gPLjQ4S9haVnr8AFglETwmBpYl6Vj6p/fCskWSL4E/7TdD0WuQGCxBLOgMqXAnke12BuQkstSE92lojXfZxEDD41DI02zh/YW2Tj8cvfjOAVBRF0pr6gKMaA1VuQPTL7xrItdLbjnjBfofEmonoA8p/Gk8e/X6bdetYhIWnzQsQdo2xuwCVecBmPjz1Fuhk4OrXYPqPHSFMDnovb9vtdjyZ9m+Y5RzcXLJl28p7Xk3PK+RD/amxmZRGQw8+/U+vlfIiczRxceHSFxiiTCQJsi7Jg/zfV51wPy5pYz21/OycRHHVQuUMMtYa+ULzFaofDsN8imfleIfq9h0UqmLDULV1ysPoxz46y/itAaMV9B1OytwAygIyg3xpPqa8M/avleXLe9WIgWljNuFXxv/eQ/OXMmCZ9DDFUwu0FNx7PXbihmeNhwfAqbHtTWyaF+aAJDeMEw+pxrQaLk5ZAFepsSE+GTGxVn/YRpJp9p/5Uwo8XRS5ZyRmX58dBHfzhmKHIDvkRh+YUgdcX1vsnejKK7XD3+2JKEnbtX74tTXYvt4G9160a3XJcd6+ozOaIEkkcPBjc5DVSGPj0+NizMz/xP0mW9a0X8R/Y6GZvISnQ4qpOyLyUSdRPGZUEg3H5168t6jL5xzpwgehcHoyvlsBVKELbZ+W0V+nJsZyOSrmrAwRaojs7CMVFefXEodYbAvmg64rzKBZ47szQGrGy6rPBzJElrAmbdDvvx6dmsxRF8Z1gMbZJPQiUpFU8l2MlzkAIlB6wDmnxKhsfA3o0bsxGjlSwf3WgytsCFjXiIyvFz0/pICEQJwgncjBhXH8W9agBs+hk2RwmeyDGKrb/mLSyPODhHplFRt2jXr6nlEL/XmkJIOCUqkC4XYD7wHF/QSnz5wyTzCpC31tHBO4V3kyxa+ig6ANt67oczAOvwuPHHm928u40LyfTyRh4BS+dxwjQi7nIOQ/HXcRDZwgzW7Mgpw/mW+ygtxp1JkXsmfcR/sGvj4VwItZS5CgMfz4GGeVqX+x9DdVuOOY8DCuIga3d/OzF885bTnrY/mNyu5tubnwC19PWSZiy3DJzWxr34qN5a+Wo5EFsNg8uTTy/5H1HouOAku26C/hEUO8d8Izw3srjODrH6ld53T3fZMalIANmRkRa4UlQRCO2TgTJgqghB79+Um7LdBJLJ1NUfEhdjFwsS3NXzczhc1p2rjEXpO44ZY+C1rCn3YtWxIuR/+VvwPBEd+yl347UGZqizRWgQwl4DlUnLSrMAPk8glrrBlaBGonH6CKLjJpHnvlBn5sPODELbwZ1JaJ4ScgnL8uyBPDMgA4Pfaqxs2I/TDPMQEkHGXBA32jyachOIzCDG/xVIASTmhd1C7uvY+096sn4GkecfgXB85xZWy7EWc3gqRdX5hkYoOQzr4A/WwA6cJGuTM7/bL5P/9fJeuAfUvZh/6S5Fvqd1RRX3nwar95HgIb4AAENOvZBldX/ECCPyRj2v1k+RylZOh9Ns+rE1OWfnMHHC0r5cHfjuzXuowtQpJN1thpYGN/a8eIdHWbbEnn18lJx8YXNvmAExJOkr9vhwbDCmEIAY6aV7V9xXrXfzorblyww60yv35DBdtNMTdQGR+AgDIa2CQWFx5a5dHLBxcSXYKHaHtKmzvroGKLZJimhJCLp+/dGF7IPcxS2K6Bh137EqrliAc6vu22/qfPZeb7Jb5N8CbcMcvKHY7OAbpVSyFEvCe+X7j0Cq/i695pGwi3z19nwEeHUDLdPV+2JnQLH0bK7m265xeJv0B3bRD/1MMo8lrrjF6l9cVJYe9+niFbpRO6jFUH4ijCENud3MmaMY2RkJV4n6xvs8cbuhoFQAiUVh/ArSN2cApR+f1DLBcnGyCl+VfvKbOM+eGnsAkYVG7fltxvl3hIdfNQOJGn2aNJ1Ih3ZuivHqyzaS63ldf6Qz6qKm/Spj7Xxx8hK0Pvoz1KmvZ6RGBpajNBZ9WH1Rq8xRH32k2lnhXGK2fTwQwT/jmwKCa/e/wglYxivj4mFQ9hPF9GOYEYHVN1GNcJogUHhiGHwybCW3MPXWMdWjwpC6Xtbf2cCzwzsBlp4qh1sr9K26ZWqp0naYIKGNIP5dQ1vg9sWFc4/Ra1vxEIHLetUcQvQVZ+vdgflIVyL3ztMhOg4uPhnEKeRjU4cd9i832RzLyM0GEo/HZtx/9VdLtn3Th2zp76oc2qAS94FQZHHkKFVOP7KqErA3eBoYtsgW4kG+R/upMG/RQjO9PCVpMdCt2jXbteuXVfn0HDGJIMwy/+49chZFjOgWAioN90eAIyH96YAGJ9Mp3T85oQlmeGtXudmcBA5T1e7e2BFJFMxDU/fHthlWeyT67eragcaJMAfHII6zKTQrXycp/yFisgLiZoCfHoIlAN+Rkjp4rLbpli8BZ1wFcK/etsGDG4FLBheqsV/OjDcMghy7pHU/vd1nMx9NlJwTwZ+5J+OkCouop/daczF3j2cJhHqbZebCWgV+PrsYcwiLd7WkMdIQoRggi8NEGyJ+Oevzg+dF+L8FeDt9IbOLylU5e1JlGz1HRljKHLUJujfrvVESbzmocWZMTt9yResmgq3Rtj/4pP3mxtv7spgXuOakjdPhTRNb8aUM6U2qxIAt0TJWCkfcqqO/31OmdBr7FI7Q89kQopiNb5iPb1RpKqz8DnblRWZO/v3uQNX/009clMjMXqinCIhDU62T0weTg+p0fASpfRxa4Qx0JCA7Ej6P7nvnISoKQY8DgQIWvqg1sqbLslMtufs1f0j4WpZWkm9mnBnK9Z2X9cQrSHE+t1tlR/iQDLYeUGyoPYndIGpqxSq6dG+r9ZA9EA0VmN+CLUExwICKifO3g097q9iMEjKdn+qo+0+JWc/X37w6kjLhQoQRjSIxNb2HRJel9hoGypcKYI34AmVrj/ns9MPU9nXhy+bYHo7ZnDeMMC78RB+6aN2M1d4xzYDilTUXwzP0vOraAfB/tOIbFzF2hAiBT0x3df40LtLWEWEtRpDz+Rmbzzovg/FjX4VYua3wIPPTvG+7koUFBYzaDw0HWRNSUlvzusRBP83/q+E9DPz11Zzyc6+yv0Q9BjY65ng3sIxP12BGAaHFbTF/v3OXarg8rsMeJyAjt2WUGZTfs+r8dA5jvDooKOCmzVjMAV7Yb+N20hUr7CYGoJBbcTYb6GeJLdsqPKb5CZA9DlVvFHjm6A0BA7XjFNvg2xkhYwNODB9obMV80wQT0MjTtj6z/nGrpT64aFpYsOe3iTn4+IKyea1q8Wl+jK13+axOAnuo7hylSKeuaFnVAfJunn7bmF06t+Z/BFGs6iA284xmiPZqTaZC4zovJMbaYaH4YxX8jJtTZ3PnM7RlzyH9r68CYduTcjNAQFjqdWPRgSi99W2uc5E9avj4hZFnJWpza82hP945num6lE/nXyFLkyYi26K7+uGERfPWYc/52KQP+TlhezPtexFv4bUyAT5/rhSsRgpnf6Fu2FUfzP76m5XfOeYPcOh2MvleG3wxoINyRyfFjCcKBC/oOOMLJHxSiarc3/m6+h8lFTLaA/Pohs0G1Nz7GQFy/inWKd3Lv/a5JG8FBf/TiTwoVHCrXwmT8qKv7mzSrX/5ni4b6Fk0jh/apUpU/D9bCJawUi0aBuZfzPTA/pYIQv8WuRsa/rnZLvgnxtc5/RbQEYQh4KNML/Z/4Hzqo0dU/hla04ooRh/3zoKHoscPf0yyah//IdJuVFnyjoFjz+RqXvx7tIkYcsA15GoiRO6VRVML+2PqXV2pHuDf6nG8hoMJaRI9ANf0yfPNHV3xdftVRxcyvCu5e/rJVA1rxFlxZFBr9r9MNXqcdsvf5Q828FQFw8LpuzCC8hOwKDXY6eOCZ8tQ7m9tB4kev/zi9xPzxPU0jKiS/lkVgsuYa5cdikmZl7yv7NOKl+LX8Yx9JqkHO2LdPDfHDWfcRYF8W3Mmn/8i/sgV/pOazpX73AJsyn9Z9f/jKUHgxDO3rxG/coymxANm716kPx7hP3d5VM3w+eHBI7hsX3zcL6o+9bDtaUbK1JdryN936W3X+fFtHvjJkKrJdGTcrNiaJWKnohF1dW+v/5yyYrVoKAk1F0cBH/39kt4HeWD+nl0Rx7uIPODEJGTgkWiKDX8Z9Wnlyd6WNz9GHf71sl0HRymvfPZ7ONzjIW+FZhbcIyU0qK/BL+4QaRFc4CfXiVwbcy7s/Ld5GnNf3M+dSA9JQ95kBPfmPtL0XRq6/+ryq4oQeEvWD/LhgJRRnCYuSszyHzUv7jt433Tfw6//P+Ov+h2UB6oNdnqde7eDfpneWEHNuxmv/nrP+60NL2nY/x9LC+A/aHjER49ocu/3ONqDPS99Ax53VvtX/R0/+ec9MpO3Nhr1Rv5W8fw0IhQqY339MuUKlSYXH2u/S3YlzkPkanTItbLyft9ZyXKKmC/73mFc9qwK5o/rSFCmRxFclucSf+ULf0UGbNOyRmcOf9HCJBKJLv/kbf/qHZ/pEvD4DU2FstbUw4n2fp3IcRWjKaJiXkJxk4KbYoUNxwvH8MZJO1NCY0W3vPAjIJ/7NuJD1HbzqsjyP3bev/nQXkV3VECXgaeTr1P9/2rzxdkUHH2E5XFO7/zPh5LIQJumKGERB94L/431OEZPENvlrGxLf0f+56ft4+v8kRDPp5jUTzqKED7hQqCMWmw6nc+tNbD9BhOdNwXdNxxs/mP7Al2JrmCB1Sx1HtfXUeqh4og2e1I9brH4vRGK4ShVfTwBk06jNVx797SpCPY2sGd4O8iv95F46WTvHZtamM/QnqMgb04BUgRLdzE3QU+0M13dnqL3kktJWHmAJGcrN5/9/1Sx9AuVLIg+Ss55OTvHi4Zhr9ITYXY+pDeVnHPbVgTkjcs+UdCBk19GFQPUxYtuuTo4vvZkPUs704F1L0/2/FOvm3YvfkOO1U2SZXESoONM+/Lt2M3ejcG/LFetS7gG6jZ4WpDZn8ZH0rVYjjvjxe0n/fWac7unBgJzXsxfVAnytYYa6/2no6YpiDm/NtLdFfc03W7T3Q736dxIRCNFdNrQ0PHRH/dwqEh4tjhvnV70d4P2ZiOuzx19vv/06FwkG16e3pJYDchB7BSAhMh8RsYT1Jz1nFlA9NWxtC/CEN6NbrGpn4zsjgX8UC/lp8UU9ITZZc61/H/QpTOhowhRoi0H+ZAFJPKPvb/vVqr+eFnWe+MgScb3Hz5/fm6JK2U5C1ldfugxPAbKQ7U0vvY78fnNsEovnHa8UHtdEiyfOC04oAebuhJ4C0zv910rHHBj5yD9R8jkCdDKVo3Dg1yJMbeVmXXOnjelv4Zk9VpWJUEmqpxT48wbSaYVX6r/s5P7AcAxmICLKa5xCSYtE6VLKcrurb2dy7wMbKpCH236tH+563KTl36BflpvVE0DfsANBdjiNQCcP4mfHya52l0zfxj+/K+8OuoP2217aYxkq7dxy3Nh9OPqNMOAZ2/8sneZBjBla8dCvgyCMo8W8tO1Dt2MTbBdaSE4j/tZbSQznbDH4sltKBUzcazwXtpZy5ZENqiyg/zvWcE+CzQVrrNyC2+vVbjrG3BSW6gtFe3Ean+zc77CtVWmG+SHHEue5vxsw4g/qjODq705te/Xv8y7zWvxqt3HJbykvxrNNVdCkmcEgCeq8ZnGL++Yt/u7392+0Z7HZ+Q0v5+dh2tGSZI9/QfyU9+Um6Mioy+xprkNT2jl7DxCMFdZToGyRciOw/6fcUhK6HA4QZBcNXoIW5/3b5L+IAgiFofFTG2jSaX+Hi5uh1F54kbfH3HxH48KKK30gm9rVEP9oqCrarOQQ8bOnTDdgSuElko0yv75+eaR9Z3kXSy4Q3CaZeUUAKBRak8dvLWs3cn0dyoaN09SU1g+/z4cbhrUx38Ggp9a3pGBl5NPPQo1Pi8sUUJ2q0H/k/Zk4farWSRAJ0+LbPn5dNrUSRgN/XaGQvMJNEef9132KKouy9SfX0mzk9kfY3hf+LQkBupDI7ItVe6cpM82PwuAuSyf5ZqOH86EeT0obRE/T00w0tY1STjk8yQD7AF2jeaTat6JD3lpjkSudPZKx9KHkCGpvHQL4TRSQVvl0eSW/kb9b2L7spQOMOuq0MofZ0nIZZMhwjHajD9YOZyFaMuARjwCz1ZyuEx+gJRr4KztUDnvvLsAYb99p9TSW9POB/sDVzGgpdqiifVRxQAnZQQNQSyqX3wQRV/k/LIXxCy+GUDqnbOnIFpa1ZxP670C+/+bbk+22Ir3y4WVewnV9ec0TX5pLmNVkCAG6bkReOBqmndem+B+ejHhG15D5ALR1kR3JrJmwSvD+V/IHn4L378FamoSY3gAi5mgMfd8icryLWL3v9z7w++sNwGfbxYlaIlUzBGr69xTkW4zA89sL1V3MnMQW4Wos2PVbb/DFnmuUywhQXuN+ok6oeBk+g2djvcwi/VMT/6sezsHb2T7qA8bfT8eDiU33j2beiD4RCpofK7vL8qj8KT4Msgvq/PWh09sUwew5si28SDJjSgM5BJIr5oZ6+nYLc8gN/oS6qcv8Q3cxo7gn2Rsy9k91B/dznour1oNKlTr5fkL9bXNqhk0UeteeFEd4vLGbXulxwF9VCwmW97zDBMnu/YUrGGe6hL++I+R7MO35N3i9+8pZBeLVLFbRrbYmRregoQHsl9fqKTnS3evHV1ecjqiCSdfY7Gt+wkd3DYesu6fNsl8k8qzvKJ1Sdejs1BjA2aro3auDXX63DXNWTLUWlB3/KnT++4K88F0UkdHhO+OCsojdwTSnvZMf8WTqBPb6Yv1ZHBmyEajutdFlYkfcQe1JPjoCrtb44NL1ebSPR8UqvOtv+SS9na5hJKu67jbs3PI2/cmBYygjPmxZ6nNjSCrdAHcur/ufBiWwbErQNdWystZMpf8DJZxm2MFx3fQm92E7DVgeYXgCRTcJ5Tef8Q1Q6bT5cRjBPGnhMiq9jdLZMa9G64hYxlYEbqnhhuhvUFt1bmvwRh07hp+3Fs514PipSyLhnt73kaKbE6CWgHSWjl3p3Ceh8nDqtyv6hUYwGoIHB4vmuh4jJiwK+oHc6qIxDDALxKgR+iklV+IdCc4Zp+PxSVJDqxTnFF66zB0K+trXn5PEfYNghFrt+zem7B+hu/UcCih7Y9M7/YVHaY8URa9+GZVbHupMDEWRND8mV+Dxp6R8u1oMwVctrc7vmQjpdUOCU/6kk+HCnea7hott7bFsFAQuULBlNT+GrHir4EjhI6StIc3zJl8kw0DJkzD9k2Tw78mIUbMzqHUY6ue4RnrQIkyIXJPXP/dPrKbakF8XdIq+9FE7P/rUWc6oqL1aTOKstEOLi6+k/77uEpJSuAh9jqD7K5heOC0lyvKpVzgJU/VUFAJkFVQmUqAmdKdfNFSlnz5MH8BUwPGZyTcR469teKXAyfRm4kF5NTGBixKR0m59cwv0m9CSV7BasQsoX7PlfrfK5TvJkV3+W/8Q/PVxq0fNwoP9ALlpv9IZNe39+Iaa+GmpKTp/2UkrS3ey5B9ulUICfBfanl37CcGsxeliVkwXyiOlHFc+foCAIVVzCqpFk4iTd3/7ASzhtpcJ2vjREYvxL/PfrY2dWvhJ/MRN6Yrg0LlLKcD+mTQjEYDe/iN/zT9wE8EVQ8C3f4BRBHll8klcoVMLl6/ifr/4M43KnYaJ/DNIKtfAIsgPxQsJ2KmxN8mF/fZ1OBrefy8yCTJ/HApxcmAdjKn99lb+IxKLI9cFmaPzCuzqDs1eNClWMWIr7V0URsAFNoIvvyNIRPo96CVhIsGf7eb1J6y1HV/kaKtpM14r+xdckWvj5hMNIG5UBKj5CU4OlHqy4YIlWm5Mfyd7x5GGkG/zupLw/kGmNwFqujMTkMCl6DtHZsSGs1JtbwVrS+FF19NzyJ/lhZ3oGvhuWr2gY9fLp0n1ipHdfnuEigWG4WuDSwD9F0buV+zJJerFVWwb9pQTayGEpNEjBfr4OiJrvxM96JIQH+wqm9lDv7TRoyMR6euf86tzs5/c3ehc4GgZyUdS+av+SByM67PP6/pgkt2S/rkvAQfY833A2Mow9i0QDWFud9oclGdknjpFBh9XCbm6/l4vt7Mfunb/9cENXrtVlcnAPMgg0pV5qHEN9gPa4BBAMM7Le6uH9ZL/WlUA21y+VREzhhkeQ0CNZapi+CMiFZ6pRzhOI/HwOmKlux2rPV64OZxscZsuhzL5+AxB0LBGqlRGEx4PMXWNS/034tOozG+WruIPpT48JCJt+/5PMIpCg89cGA+fKNqybZ40z23wNN21RJNgeg0cEB+wQIUdEyBeIeM5PhNUiaND6M/PnSaVo+2qTfV7iQ5+4wxv278ghVb3YMExyKwnt+22QI4VHlftfQMtb1v0GmSpY84+dWo+CMtlZTu2RBtf1SsH4UsMeIL09cZe0x7eoDAmkWI5sz1a0ZtKK6iFF/uVxjzq7+sRL3hN8jsg7NIIuVJfPL94U+989HTBVjP2P8ZWrt2i3QoWDrFabYMUqTC444muLHknVBVN4m5kc6+iimEX/KMJGw3p6OFghj0eGboRIDFC6I5xR4bP3oIK/LjUwS/zLOpwgxxMa2VLHbEaWX3l4Mdfnq4Sb6xv0Q+2P7wn0mn3WQddAiAgMN1k9YmsY9q1HfzyCYWPQ3UgC6oxN/TUAuoYDbfmO31CBghWSLaAPIdWo50s96xjv/EHrrn3AJemw7//kxz+Ly01sLYc6VJtAy27I616sFO7G5GEwxVposLqtAYKdWfz13jKWVCKwVULHrkx09cjw7y527cGWJbZRFCiMx25I2EdazPsbwxxZ5Hgejp6/poPA67fTNgMT7FQmyJ7wwbbj7YI2lDvAN36KZWPwX5l+L4+KfuixR4t8nX1H8eVu24qSTuojPffLvYnQEayUsCbwXugSmz/3PaeLjsB9KrhPx1fuk5XGJ+ZSRJTAVxGAAD+KdhnbBOnbmnzAlwKrL8lrP77e/5om/nKK5URUdVwc8vFYGho4mJkUPr1FmGJQwkSx4iEk1OGTW8oSN9oMq5RLHCVnlkRM/hvi/8M8sD8EEG8GaEDWqtGGcemNqLtAmN3rfnDCik5oYvBAn1vvtJkJmYdVCjIf1sAof9kriazRoDbtbzLhQDTLBU0EXFlyQn4oeBW2Q8P0z7bH5ULEaVOMDx0BjgpwlNIf6/Yrfmxhct58NlrDOBA/eXOKh7SphfQQxwdhfIlrZVf0QyQKUqLrF5/gTXusx8T8RV5hGpTe4OuWJnAAFWsb0CfWj1xaNONV1HtcfLLcIrmguhtcMeAkl814pKH4V98pNnolAwzzfam7HIAzYCR2x6ys++4a9uunXlwspF/AwISEi/2NzaE1XMnhXvkqJYPaAX/PQ9FY1FVedB5Y9nvDBVtnwrxcQgdVkldZw2hlavIX2j/CJL/FgFiNCiw8UHOtJycs6UI37J3l8RLk7MLYSErO/jm3kd3jJWtDZRBdHcya2betvK0Wbo+GQP7BRMdprWIz6puJGUdM+8rjFpvTbivMeMawMnhWbnwhpfGQ33mxjL3n179s405OdK/rd0ljQoOwJry3+S9+lL/55TOaKCY3/lcDFiVX/yrBeyHABdnrSwsltlCtHyrJ2Zye/+sYQlE4xv+o0c8Wh7aSqNjQ290VA82iiPIn9/pQ8edGzIfkUK4l60nSgxajiGNymSRQgIPH+3XAqep4WLnFy/qeG9B4nR7o9A27+cxdvdI1Qr5JIU1SOtloWb/CeftVz7SjYvq7iEniDrxbw4hrBv6j+9X+gYYDo1FwktXtiyoAwlnFcVO0Insw0XEOP6sKv4gDfeC0JRVAYFqafZabIHmh5ghDUEFNIzcxR/xu06ln5LsLaJmgpgPKlySMEtLnNZg2ObBW5EC5+3oCIx8fwhukuMfuSlk/jwBKHZlIeI73w7v02cvBbYaZw67Dp/OEXYHDuTvr2kMKlVrDziavBsRoYrqohpAMwB8owl+s//U9UItR/AZMIiwqF2J38l+lYj4R6Prsqtv9UgZ/wOfR7MMYDdo3aFEvU/YX0AXDqnui/l0B44446fvKAhUq8n9cZZTlocWKA9jfFLhfOW2k7Qz0HF05pidWi/TG9QsDXM3s4iKZv9Hxo9p/tEBW69guh0th/7hgbI/TFh8s8tLEA0+E4erRL2hiylwMcljhuD0cRLUNppyrPXgE3YbUsxL2c7XnWAffiNIORP9Sa+FBKu+9FAPnN0wKfDEF8AJpjylS/54FL2b41TZS3jdF4F7YEcJbTqBbr9RE1YFK2y6TYmSuQgwyUhGMzniABvB4RBK53CH4stuPTCFC2iXDSPPSOCe0O1VC1+jdGIh9LdXCmLQNdaV0vQ7NX+D8O2zf3fmiJcWgVs8cDkotLows/i877+UdNepK9aZAU94cIUnti457wi+LHVhYloyRUsmhuJOkKi8ZExEfRL+ixJlKN6mZdefB+CvQhBM4QBlOX7VIoafThih4OuAao4rtDaxvYvgBmZMrutcXDlD8nK/msS3dYaWUY9okP4Bq63N/DFRzx4POdhYtYcIeBxsSi7f2WfGDIoke+RAFvDV7Gx0IaaKb5mKARV6cBBzK6LamhvgOGpPpVqMY3vf3bJB5gmyd9+kXxEbPaVPlSv+NZG6/EUh+0+pgMMfnas59793DCrcM/l7al5gNcudSu7yK54NUzPjU6C09GrhW5kf6IMZMIJiGXItant/na8sTA9V4ltsJ0hfh3YdJDJ0UuZzW4V1Vi2ZzZenFH4vAMYn/q+4R2Kw1FHkYRIcRnEu67er9Ak7k5g0TqJoA+QmiX4aA/THiMThJg4yQXK1dSfVB3s6bld7PiyB69I3bnUjRMrFQ0tZzaN+SPi8AkmLSyPbq13P0QVLJPRio0V6u2M4P9XXidChg4N0WG7NiNTsTJjQmA5/dP/sK1tavEICdiE8sbYK6vvqFgrSM+2W081FbcI5EcTDvw8JDYmbTkM4QA7WoIEtRtLvJ7JtiaEPUFsfcS5YP4oIE3G96BDhmkBxtXMhRPgb1ddxRgnAbpQhGN2un95VX7MMmW6XTH8Zy5LVDTSOWq1BM65FE7fxPuRQxMOauO6WQtw0NHIW4L3nGQ5q876/r79VjrgYC/lJzyeTzkveziKO5EW0CJc97Qsz3BHN+ZWFNu3znxC8QvvB6Dm9YdXpC9fi6GmKqt2WIoDNXaq9XAKASKHm4zERX2dmh391+ZxAXvWkwkVzE3lMnnCdZuO2f6Up2d9oRf8jXQCBWasVL2wIZ1EXwHmd1y3jUT/ZUKo8RXf/uEE+9D9QKo2+6nspNd0bpU4MOy0ySBQFcZehdoubwDd2cBrEc5iWJsazU4uBD1S3w1xu3+6mEsljAhXxs7f6xXV+61gKx7iDraIqQcqKHQfk+nvq3C5flHl+PpUeVAWQzfMoyBPTFbmVU7Z3DY4trS215fFgbCVjbHsmJRTTvylI0DNLxZpZqV35nEvXYRxy1En8rEhSTAP5d2R90r+P3/BGBR3pA8Jl37/h+7w7T0VUf0cVH2wU7b1j97dcg47fEjwVexQG7+6bOoBTUB3BY2WGNtbyB6bkLryyeD1idHp+8aKljH+RDObUS1bL6Ko5AZQO+d+IDGK3X6w8dXPb1le3+6jO28JHildoOqlHyMKUSQg0qOFdzIEBCV9z6RkYSfZ8uRKyB9nEiDxezc1yp2fib1lZa++v97XcsDQ8wdwShDgCBpRg9iw0fY6oskCNM35NyikIkLt/gRKW/CJv5Nd0//BrQ0kz2v+ENFLF6fgA7O3DQSvUUWMfmRNbFwaWYjDHW3nJyws6xlkunXcHFpWkNR4vSC1iOFr/+XSGIHeUOxW06gZfr2u7Vo5qy5njXuWQCZy22vXx6UUfj2zqIm6HGBbIJX2/vr1JVdyTJCNR1SO3kVT8g5rNEDoyPrsAlcDe/lPXXefC5xSwbj/yUFEfmG3kBYwtry7WqjEKLcEPuu3p6SCvBGJk4CKyBnGBKiwHxhuc9KRGiiaj9KicX3OrxKGU0xG72b7r2ZJV9u8mcbNec33WgTmeTMpxDI8Q3WvtlBrJTqlcHDJW0PgZyfsmGo6wNLKaHB//GeGmN3bwIHY6tngBiSDG3vgZNvkzM2hrRY7O/sPnY+4rz2BvHKIjUv5nDBSSnaOUbAJKSa8GruW/NinUtBs5xaKQY6scfxnLrK82pa0hgiX6aiOHZkNkx/OYjIjeM9bV95Q/ZIEABCcArrR+/Ko9uGdPZ4WoNWgG5W9xA1IVNC9bMDVJMhl6oavLBI8e3md6aS1xs3uVVK7a9sW733Gva6OlQL+MwVYRDfJTgPfXNmTTgYo7PdkqJbPP4U9nZov76d9Ei1PYcbV1bs1o+LYSFpKW45Vaz/ah4NBzka7v1qPAUt6vvY4Zqz6RHFye9g6fUOzjGOliSY0jdeS76HCPUMi/KamdHHIpMEIRQaYX4WlABQemHcOoleitrKcRdA4JzA7EMjpmCEzbkLSNDWshYZWEiu1X3KgFmDgRd0FMQ7WzNlwd25c4x24rS+gaW1OlGg5byXHWWLYxg2+Hi7y2MYrE+BGFzPNfxdNwwUoxwMYZlII4bAWz6LNc4EIdrDZNyqK1O95+qC5GgN3Ir0cPYeeRBm3zN29cZCmW6qyCGn8xuVM4pGAa2/hyeRjshK+9zXjRAHLNRaCfQAiVcInFiUg3duk+S56/MdbMh9F+Md/MnTgB/rBLE/GvvOAjUEeyGq0vyHvOKI/go9qb4ind3puq39su+km7JFKOZLrZbs/X49dQkW5s4KVkn19MkdgbpV5RvOQ3ehe9jgIcBWBVhkGe9v5zEPdli3zeba35SIYTPmtUf/gbBoVzWhk0k0V/vv/x0X4X6gkl9nx+1XPSE01XHV0cLrrPI5ISicTChCdYXqvFB3j89u5AqYGPLm1UGv2c/B6yqxv0q27/5QoAZ8t+cFJlsiTb8IzwkifWlG/4IDREThX6dmAcdKaKyI9y1nomQH1zc8eGEZgF7CHHikbrVcyd7Mlp+adM946Ip8a39hq47TbHQ8G+V/iBBo11V/qCZV7tKSAtU76ROHzBDx1W/WGUFLxQUSs3CrQWD88M5wB1QVE3XFz+EaNgFjKeeND0fpXmvXkHL76NVsHpizDuT6P1BXJ8CdT01Bn2CF7LbnLu2WpxPUwffFye3PRuOUrzte0GpiGjAvRq0w/8N/zExCHawQ2ZoxaEfk/XsMfj/90b/5oyICiswvaONL83MN5Ah6HfV64HO6ix+uXqCyigvGzxgR9NpHxC4OXCy9Jl8aw324DAbUd6W/5YUeyU+8jcmWK8o1UnfCiuHFmFYSdAJItqTjJuEhWFceFawj5+jlO/sYTXJLqSjsmXzAbT1QwSqogvirKzmK1NwE2HauoTv2Sp/IxyoVxiKHKF2dSrABo58uZXQ+u0NQJEqImW+E3sezw81AoYSRzrgCRUMOH4BDnCx1fhecwbC5baod+JlFIV/1K5PaG0X+9QttsPHmXm5eYWOEKbVZPgU9GEYtfpIVpzzAMiMAUXKaXuQOyGOvJc8OPLZJmY5EnQZDYsAYa6NEpa506fHdgal2wspNBLH6m4i6KYTjACB7rMdrtQvfJf2Fw4cY1qykjUV10a+iYnzxVuBi+IK9mZETvIlwKkks7JdxAAPbDYb9503z5lJNM53Oz4XPFBfp5PKya1xbcJxjqgytVAGK69gzW8K1xVYfIEiooDD56T4TAr9YbFJBQk06Wd6XQ09rrv3KQEr2jzpwcdBbLW2DdGF3qMCmKIuXZdV3MiGqbnNcK4qvbFiH15X5/CUMkbTSvkJl9lBLUAWIAjAsvymM8uhjWvoc3pEWhWsFGjSPttrYKsYSBrIHFzJ3D1kbBaSzYnvOxiUjCAjJIhhUOxDJb3BseppfzTTg7tV0Ee8v2OARgeO7PPIiRRqgBs7l2RC19kVQDtZ45AFeiMKGf6c4mvghDR+0OO8Dcm8WdMn1t5mj9fgBCl7AHpUnMzzaaBMN4HFZnEab7GRt2zBQflqZxn/jTNU7TgkhOPIWKo4NPaMmJdaUBCkvcnHCuaLtnsbUgDXg5xhQZrYRHJBz+GVCIjc+PKxRoZBTu8FVjYve0MSyKcSrO8LZkdDyVPiVSooQSvHuqe+un/dsNrK2oL7HMQpHKG1wPt9Fq+arpdLMdHEDvUhEkXUTSQwB0vsptl3CSDST+RBskXqgyircs9cQKvJL7Q3E+mBUx/DBVYDSNdK9aunViwfRwR8eh/En+TIwD95evhWQxHoB0nJvM0U3TfdDrNj0cQD7ygRXzjeLvsYLwOichGbRc9F2Y/+G1Aww+nJw1bXUtYJhlE0b1Rbj3cU7s60rTSEQp5GgV3e/QWPbMKjWhwuqNsvhPgu1E0j2O/+rSYnaVm1ComHxp3Vo8OZhGtcjyUgrTWG2zYEZ5ZkHvQ2EyTFw+I1QrIw23fK/3xaztxVq0CHckegTfb45qN49TvwzODhTwI8yUNMhd2EOHDOT3hC2v2RbjqurukSciaOyn49G/6r/TkehlqrRp4XgGFtXuNEnM8xfMgVoVN55VqCKDwoMmi2rxFYU9Fh61qmJAlg1h0aTta6Pn3FP2BIfPATlupHL29ohLni1uTTh33hktWOZoWb/DuAWQdh2Q03UoEFvhtFmMN9k1t3CEuDSQnM9yl9S0gmM24sVVTalLExgORPUp33uMbybrxAQIIwImtIs6GnCcaubMgVeweI+Wd0CiS+joOTfVQGOCh/Ph/wEHYxcQVJ8+T+RXIfHvmFLCJReWgMlNv62sHUZ/fDGPrE3JOT3z3YfyBAnU6awROvyaFZsxYlUxT57h38fEbOvaJhNuYCotRe0nsrZY4l8UaarMIJGOTYANa6MNttI1vKQNq36B7U7NJVI1xwJCrftJe76TUDnsj7dxg1xPcsVAS88FL8tTJi4PBALWsW9obphnkTBTQ+uR3ZL/yxxED1xvPShPXBmGRIji4VTVzqQyZ5nXjyIrhor0c1nlnZZ81HD4SbbfvIOFcaKu8r5DP3rDKaMpvzWuxtSgTQvA8PzXe7csuEoP3VxWCrRpino/XaRahnGE9wthjQ64SAe4l5854Yzrf16KyYxqYwyhFzldBQbr6v8jEYM2Q38TXfIZEpmo2wsel5l7xJnusngcPabxuhR9vUvU/lsDsQZt6Sl+aiOHf85FkuP3om7OE8LoTejA1EJunQt3ygYE0y359fh/oFJU2tz0Gi9Fpg0JYUIK8KMwlyHW2kGI0Oike9sMYzOr0H8kouP1Bkbf0GZVLw9KnW24TMYAuMsN7aIvJaYtsDArW3HBwrbWZMiJj5bSbYFUHuTyChcUItJizS+yryqQMjNc47AwJlH43hDXzNYuEXGU+onbF0kEUSebc72qtBfGP4YRZEsF4koE5H/lYCuifRD1EZZQPBQCztggpei4l461adYZht2vjt6ouHh1ikhepSPjQGiYRokYFeH0bB8oPjPme+K2a5QM7hMxevAdTpz83an9/FXdgP+7nDCwc8QRm1nT67SywbUtYjZPDuPDONSYV7E37O4b2dArgZ1ir6OVBEDyEKIZ34p8tzwwcdWEM0Ejt3YHtm/qSPotVMKC8etfnu57d+LJTleIT6nd5jaaPNs6vwoD6KSMq3bEKHXbnrLpzreu2dcS7d5nwnTOouv8wV+ChYCzZ0WxqVmrOJ3XhU0ntPO/K9D3GWI8RHTOyaWAUmNIoE1usLRgwyf7vHlrYTXsPd4rxQbvjGbml6DxuTERGjdBdmHu7GtC1MCc1urY47O1+r2pvNGKz75qe23bcoDSOF+45JoYI99AUeKLp/yTN9TWtJjGIvOij14Hk9JPfTiLXzCq6SnWTGcV+9Af6msnwAY/FOBmmV9Bxew1J+tApf1rgcTpvZ0YOZLMMoJbZnLDTqnUNevKa5Ob4D8P9FM00XRUPICcvOst7CKxxSqRDZ2519tUjFNvFQkair98T81L2Rul9FC7NwUWBVHPH85f/lLbHCLuhbvpRZKxeQa7n7shal3m1EpLxEN92sgfUFAvUhCkUkYv2WgkaNOgiOIZ9PkaDRMZTWOME9LLbE6+eEeQ+gdjwcoNgdFKDCwwdEXFR5TOddz4m4x8BmIdJM3KlW2DLR8TmzAklA+jHbYl6t6dOwtu39Crvvz+tZui+x2woWsrNfdiMKmNVmjej8QanYYj9aAPUoTLy+KmIGEY/ibjugq5lsx0tY2twxiPXXGKhAABsdCkWeR8xk05cYtH1ne5mWUHeOOsBymAdRbc+FK/GiDJ/e9nXAl/xs3Gj+S2cVcAr3tFwgirPjqkK2ykAzBNryhdV4ZY4Z6yOjRjakE5cdk9TGzHyneBKAdI6UFoX4gjGtNskVQelHA2H1aXSkP6lnGb7flHdBm025/bALpeya9UJdq97gYiXBl8MlQVd/Q+Czmf2vSMHw8rFpEsSttg/jroL7WocC/nC7zNf1TarmQGHcJRVFStdmyEY2iIQgN/rz+rVXUDnvMlEhcIbbFnlTDD29We7Rcxl78YThofP7/ZNzZtgpcqbYNRFuKkilIc2Lbd56GsLnokUiI3gTHzj0i+b7RTlqeFgH/w1d4RPMDI9HqteNuWvqPJBgwCoArMszXt+DRIx5kvQwYsfA5sCdMtHpTZkZA1X0+KAnijpffAS++UBrRc9AYcI5cWoeK2cmyOJmmidGJkFvVD0vkjtGNilyYm2RXKJrquChD8XkvSso105iBttIW8q5N77+qqnpDciXqK5SzSMEMYYqvODwFxRpggUq86qmZSOMZ6+xrI3Rybznji2pZ7S7JjKTXowvGZ9pkYsPmYIKWCZ+KTxCdm9g3Yn3G1u+ML08p/+K1fix8G9iekPs5h5hsvrb/WFCMR0Qgp0ebVLlpotkEnOGDrsWbgXS8CACxhP1OQEpahb98/q5QplaqT7MOurc13eNITFNyf0lIpORFJfb2vta/2R73C0lqXgVtymCKq4C0J6M2SHPviyHMz6bqGNmQzG4dX/HyLkcAz5XYQRVufLCjp+eI5jFTOWFSWOi+T7PgdStdLEqkXL+9L9v0IVtgH109RA3MvZ9VKsjHE16GZTpVJXugDnQ6zfFaUzJo0/iTolHn/3flAn/XU7ip1Hid6U9tr++nyXhME9b8ds6YYorkvt59bf0pk3h0xoslS+YzTsjmYjWfnJCH91KBj9QOZNor0q7nepFX9H4m36YKlCukFgc6UcEfjhw6KMKtO6q1/xhc8D9iJpVXcpDR1Bh9r1vvO3J9NDUEIbz2/eMeaJ1kAQgrEVV9dBhu5AAl+UKek4b1qlWD8q3d6iVUffnQHhsCHDmivj3EQwC/Zq9E3XxBTJajygej8yvRRDhAp3VS9qOu162Pu/fUtSX0z2kE+TxtB8Hhj+mNJKy+6vzcF3XILchumN2j1s1UcgVCq6hMlMOfhOW5CH5XhZvNCK6EPtIm6ik6I/fjI3Uki9Duehf0tNx4pt1zRM/06Ang+CfU5HBDzLoyEB67KLPqImexjKMbnDM1Rr2/oZVgSymxpH14APPRzGSvXJWunKxG4ac7FWySEfKF51Dk408Bt73Pm/Y7y+Z0E70oNC0IWpe3UT5xe0U3bc2RUrJheztiZs/cHbXvDwz0rmdiiNWpal2M102zUwfcLox7wfyA3/kNXzMwyjLoliECUk1vPFX080MsVSRYMFre4OHHGHX+2hO+HysFLrkrFcMvMKh5vy2Mnta7w4aJr6PpweH5Z0wqvjYoav2fZsujMI164aMB4JIvptbiem7xDYRZtumyAvv+Dm1UP/R8FcQK8y9LnGcz19iSOvAnUwyojc4qfw0BhksCaNO9kKJ4fEygnLnAoYZhV+9v6qrJdu+L4jyuwzzudpSXhq3+lcFLJ9XYitXuKtGv4dQru/+iJ1E9NifxxbgMZuLmRQpXWo5QNNDVL7kz/flq8dXGTt/dN20OZU0pySFHl7kyc6/RgH0XH558YbxEP6l44yTjIxI5CmEFkVpUQeB3NzfzFYpXGAQx3yoLXvJL8CnYXU85589z5CybRQIDbWVSmB+JIqbNVYnPewKI2AYCbJiDQp7VR9KQ5B+ZOPx/ht4qH5g0RnLfeDeOJ5MIjjs09Dqv/JYF0HT1yeMg5vdHu42i/2RBMd+Yp3uKYncj4guNivNOQ/qFojuFU5f/jMm1NYupGxjzIx6+aatXKc4neh5dFFC7jrRZqqjdcYm3MoDv6R/XF/UqBjQ5rmqKwlLQqtx+ogr2uz9Sj6w2mVAbOWdOb4HZd35cSkJE2b2g0Dl4g0TG02jEQwkCvcB81ASyzsPiQlULaVkiRer7znAxREuWPvhXzVfWY1dOqhGHDufrMNB2F4Eeu36A83nIJZlcbBHcGj4UJ/v0kNGaeQpvcMuL9p58uisN/2FJGI5nYrBD2/hya8uE2wU/Sz3FzPdGV6pqVc8C4CrOpVRBi+CUbCYcJ385OiCFj6tAyWv3RFhxJMqtrP6XTAJrgBzWm5eL1EHwiLHZqiUZ8aY73ijNuSHOoWwFO6UaMuzRw+Eckib1J8YgWzqDCIvc7Qg09Weiel8QMM7PFrXFkfyMRnKx2xmY5vjVvtWHFOaDow1J1F8iEj/rhSiM+IPPp2P3vN1ep4KHn34NXWkwRXB/X6cjJx/4no7zfM0tBlPUpdmi4cBqe4c0/lIJOgaPEblIxREw/gyYGrT9JxYy5iJb868NK+oiGAfJSa+pM6nDZKgkXkSbCiGu8nlfxnfqD2DSGZDRtvSE8g1SRuGCsEHZMIwd79vgMyeQJBTFn4trdFZorFINhgbUmdv69xW+80+r/Pg7i3vpeiDM6hHtLsgKfnzdBXTph2NnnMDf5SNCK2tjVucpi6bmayQIQtZC/o1DWtKZFvzsz/6mM2xDPl0sBqeYJJ75kAwfbFzhd/O1is2QzAr/EcuyO4r0lX9kQkaTbF5BGKU/H40ievmyEN7fx/2RdW0TnzkkHPdpvVVhgWzKCY9tTyUveeUrO85caWPIvk0iZEPHxSpspGrIoNeCHBLyS/RO6swPfjITHeuq9f9MELtEQafRLHonk8lQTLSuoBh3Vxf9LQi1eAZiycDmimy2A8eJVflUJB0GKkFJ47jHPHMmR5gL9lDRe14lYd2F33Lr2hfEAMmtklmf4d5gtG45Zl3+0iKuMIImR85wcxYkI931eOEu8xajFCdMZFxWmb3L3JLndtNJAnIhBIWgjdMDaSoVXRVRPIhkVRw6MGwfBAhJvKKS8CojKoqdsLdKC4E4LBa+TKth1Qmg1YfQA5RXssNRH7oIiLf5b6WHSOpetWlzVwN2TjjRHCoU+J/IF8aheA6ln15sAoxLeu+ZYpUDhV5F03RhAONf1jXo7B7kpPRHc6HhoZQx1RexQfc2XVreG+CZ7LSaETrVGcCOhKezmWDlBMUYuMMSIHlGHIEkNQb2glKPzeDoMs0R7kh2wPIniJOG6LDkpL5rIJ4g97IJEL65Sjq+F27v66ubKfRhQun031hevLAWGvVH/ELQwSKxtxSbI/HatF2p2nuCzU2gURouft5FKNaInoPAmfm6i/3aV+BR9MPB2Y6jlCxATjyo+/xaRFICSyHyCX2C0X35KjnF26ijWGmsWK1+n4fZ/8cEdF54OEhsxYXI+/x2vuf4YQxE933ehMtxCGHh/k48pdzS0jHDbNqIJflKmSYtgE5zH3KHjTIsx518oBFZC/c8m1MWauF6yAb1klnKebKxnYHHQ4jsJLO7yfQ2efFZQzO+XlkVwyaNQTsNZIiJcH3IxgHN2g8c17n4Dxan7EbuQ5CBmMumHQ+4ueDtLpgRArtVuqLynAFQvoi2L9l5AimSBZtYD/AnYIL5j6cV2gE9NgcAPyyOkkLMM+qDSGNed2V0UDY/+lOwFaykQaanA/GVbYiqTZZu2alC9VNWMkj3MxiXjKvfVzo7nu7xd7jevKrwmF1VjxGbh9ePsyu1sQarbHp3iM9mPd6NqZj+nY4bovoDq3BEw6+XbupvvlLor5Y+uJOUWJ0eVGwAtEMukPTGHpdi529tzj77OkFkTJBSZ2SvGA2LKHEwc2MA20emX10Z2C6LuJjO6BvCein0aLDSJxtxKZfoEIRIwWBn51NoQ9G6RahXMelHm/S9Jnb/SjCbXCjbZ9JMhaewr+PnHQn+lcjLk7iXwajGPqNWAbuQCaoTHwByo7e5cxf95ZTIdH3OWGL6vKGQKYG/j1/eYTkm7NXZ74S2S0eWkiMq4jKy8vFohyO5D2UjGZj7k18JFolLTFjql/HrpxeZ8UM23D4fNN138/Xy3GmwqP4cMgvzrqevcgN4VhfEcE37BspHwtecTzrw3n4HWY+D6IBM/XBsIPGkhnCvT898yJyR2a2OJcZBqzc8KbJ6q9L0rzrd6bGhRQT2cj8f7S9x7Kr0LYl+DWvWRkYAaKJ997TA+G9E+7rk6V9br6syIrq5Wmc2EIIs8ycY0xbjwwfgASpniuaR+h92/c9xPwhYsujSatHn1cpZWMPyNc2Ysn4lUPxmCvhYuE+Z2LnLkSyDkmjVP+vckf06IjUQ+xNDb5Q0a8IPHPO/DJRoxI/r8aRCfVLALtoQr8/qZx87wzb0x6vhYhArJVyHwIeDvOBTQ6kfC0QMkGHg+g6u7ktxPuQLSMyss+z77wA+fXPrDNzaG99egQ1n8Fwju5pJl1hOMtylP3E9J0tNDMaZV6CnGo7f9MF4RcSCbzW8Lfgb5fv5MWeqY/Gl1d8NI9wthzRZbw4j/AGEdoyueF34Oj2m81lD3//q1VCl6VEf+1JgDfnKoUIHpNDI9/h6r95DHQo+cZoOF4GZtoug4rfC0S89StblhdZOgdYwTNt0rkPZd+lZTbrzLA3asbAR8+Wo+nBnzcKz2XrH8NKUhmo4DJdIyTt0oVoSmklKBwxb/3+GYJJYJpy3837LyeEfRYkm5cvfUqmfsmuzNfScwu8Z3yPu9QdxRvbT6MCT90YW6T2CdD3NqU+Zw7E29DYRJY4iqYO+xC37aIbf8ZVTMMWQ2CP9dQ4AjPGbEIu+kGYayH3x0L1TIfl4aN0bphitvOyAm7tED+mbEBOLB4Lj+A6OQpNgg4qc57h4sadhcScgGmR5/cm2NzyGXnDQDM15bBsiJFMoT/0Gz4emLXPd+V4O61I0jaYD7T4y0sVmLzuOfhML6RUGIhPQbuO7ztXyDtoHROy1biNC5pv4Q1LSl0M9XqJX6H5n6yjSZNeKpJXQKTHLRGO7f3QNTXFcwfAkky02gVm8l0rO/EA9QfwAPiFPa+gh7WZE3YPYguR251VFdbi2gdzf51MQnvXo/v4rDYzE/GFyRszOJPNKo3+E+9EcPJEv5iTGrKr9Rq5lrg2o0W4K3Q2sx/NX1WDL5U2gq2jdirwn2oOmoW2YBfQczrH7o/4PRhljvSp6Uf+eZ93d3wwa3524jPLdMImd6q68Gh//lmJd2Bm5KPNN9f+K5B3D8yKpvcIviNOXTY8DKuWj1f+L5xBKu1fJSTVZYymL5cosPYoHbbk4fO4vjME46NfbzVnDt47dCTY+JOkUuYpf/UwuMiBBKQjfVSznwH/oAo/OmOUFfousj5VGozltXEJt74IrzwjdTBLcikgcOb19sVPFR4gJ1Ciy1brD2GffDlS8OTmra1A8gvNcVhCvJ05s46bu3AFL/lZ3Eca8t3XgcXKg+ZndIdp+mUrvTmNSlPkmHJMVEWHHAXxpkhiKYfUJqmd/yctzs86voJVt6YHMnzIlLAt5EHVMLfKaXzkhTDcYnS/BEv1mZwhlxF/ZyOX5CeyOnHA961sMi5qWos8yo8mBjEoir+YbvWVH4Ug7x0RGMx6vhxdedl1g5wOSuG/7JOc4zJzo4KLPEZnDRQG8C6Lx8Mter2HbLLn4IjV3PpWIfyvQ0CAN2vTTIgLoQ/teg+eYIlKiAt/Wbo9NZG7GP8qAChG4534XuJOrWEQfTgi96y7G6EWTqADdPyaP39amcX+BqApsEZt2cvCgcmUhsvWEnUFp8N9Vok33KMYWqiutfl4ca2hW76+RUOzVA6jH+6XSAg3E3lG2zRajM4ceIB3X6vrPRhX/yUD2CNKjpIsXv+q/Sh0Sm8TfhSm3j8CDT88HQcDAEEaWdCWtJYE8uIWR06OsNSjHQjJ3Vvmt7US2ioyujV4po4/nGymReeeQe5XeMvJaOn6jDHdowAExrqmzBmAzIOr79cZg1h9p3q0NepkBCmMrErUBkFfUDE1eBLOY9F00crsJaDAVeDlazYHrzPvA7yQWbMDo8KrsrFNGWMVQ7mEOYn0bSA+6sITbCycJWgy2OOrv7cH1f1yfOSaL1VdOr6ttmUUjAwjfk4j9kigr1OsoZIyaY99Z9sfN5fi27RK2bD/rPtrEywsFcO6YDmr9iSJRb+l638Lxdv6KN778MWUa0WJUOzQRvHwMf9O7GfxYqs+LdNobgEijI207DPs+VVpgWo5UCQiCBm1M18Fta/0EbT0v2WHhWWrjEi7Z4m7IrNtj99F3772aEwvdzLmaQ6IzDgU5kMiJK291kb+ZbtT8oijHnFBCLt1hBjtbwn9rnGqOOTDR/9mnq3Yw0lUWKPPR1svxd5Y68sWHAdZbM2RrgCTpmzsSzPH02In/XDV2/FdmCSwgrDb7MxHn6zPA9gz8bmUTw+qYri/KuIdHlYWqnkMzcejnLnhheXkMRMJTjK44tyk88ZzkgO+a4qha8ux4FOj7wHH0/GrbGj61hqDXvX0hmOovmToLIEl9vQwNnyfzXi8PiZS2+9hkfWumpQo/ASQBHNGt5JjGGRL+KXEKuueVXx/MCOroQWTX8w73RYhMb46tmn9eU4hCKojOKtYH0SS34hXLTJPfkLtDHYVYahrWe+yVm4slbpnaRXvtEiCRj88TAacmvAryA+RbU8D9O4fFT1zLZ3DuJNt1wWRXpIjYNeCJ49faNsPnQRqsbTb5OrcLM23uyEXtVITQXm/Zj+/JrnAGAgskUQ4ENVwO3ndTsAHXBVZ5n7fuJIL97tc7qx+BRQP6i0yE63ykoCgbe13RYlE/bCAO7nDJlsVlIsrFlPo1o0EE6aJlEursBW/sCywARlZdThCcKCB1Jbi03gPNo5z9rD59furBhS3fvpod4TkXCnVBYKDtpPGzFCTH0VZfdgD1CMUr0y2Od57yZ89fGMfJjB5B+EWbD2jyTr9CTOTeWIfWDWF21VmiA8s9DcYny2WVvPdDrspbB71dWGFP9q7Lak8hux4CVaMhxJtiP0ZyBq73ABIKcB/3RmdXtWPLahFJeOmms2y55b9Hj+o4Y6FZ/PeAfGV7467YhysMmAXXw3x4VAPF9bF1z2YKEEQ5JLuH43O1q83rW2pBUgdpQE7tGTHO1hmgnB1fEHeb7fbsBjIVTX4eGQTXfH4bpY3kpwDyrd6tvV2te0Zn/fN+s2IV//tHzQQ6dtD9sNzH7Yp+MoT6cPaq5arLwu/zov+X1nNCbNtZGc4UF0taUEn+ev13mbuerb99EFil3d5r/YfjJOslg/96xkbUNuGCW/jXl1ab7YdVd55JHH0WZ+BpXCBkO0jKkjc1EpnwtJHa2jBI7eeKxmKJVu48fy8l7uiRtpgQA1TTVoD8jLNwwt738qPmtdamFi5Az/Snpt/kTLIgm+g1Uqq2coDIyRdRD4vmmaxzVClAPVipWLiea4VmiNzraFTPBZ80HkJ4BEqsiGd2aj4mOxtK+voCnSyQRRARCIWRSYQX57tPQTaqtEij+WfQWsQ+B0Dr41BohPCvZyN0rFlxZNwG4gLo4YlQN43ZIrnGkRQun9/abCQ8+jtdMUgQSLTCUEinzcjRKsSQ8LfW8DwvRizof5FjO2Lo8wF+v/oAGx2OWO9r7hBQzxvj5p/lR8pG4ed+egm9K/PqHFwOs82gNjhaLnKTP5zTTd4k4WYGPI9MmTFDGWxyffPIvXuD93xuU63J83/1fFb5ZWm9nhQoU7YTiWLIMVjC9HmS4OygH829Yw7DPD8ezYx8eKjQldmjqx/FettkZaKPPEQmisNzfYAP65yYN0cv/E8BVM9PciUodp37dmpHNJDn4lBj7BiuDmBcAfFiIxMs6YPwzYe9DSM6xtzlJ0oLHozfSNAys5sQ4Ojk4uDXZd5EPMaAEfzN4jjK2lEU0daIY8/5MU+cPVX+QdmgorylwMuvmuOPewTtBC2uh2VTPUEwcpqstGQX2mwgrBQANVABXwGlbGg0pSGv2qWnpRTVS/pl9AsxTbt6HJUi8oVbUQ++rQIiKKpT+vbG0WU1h8UFOfYh0P5VQ8THVpxNt12QnUGPg+eI02X8ORP/t1GE2MZmibMyHVuYWhZgUle0Cu9mKBsg23QKsWTIHbN3B7B9NMsdVA9Hu+KB/F8ZWqYRWtafqA8E512ldkggESSPmUqLN+cHmqXEtxIv3UThbY8umDk99Zixhpti3+FVPsss+PR9uinVqacIl8ZiwjzxHHKt3rRV3vED8E/Jt1+EKTJHH2+GD4v8pvKAwdFe68FxOc3FOSfSQxB3JpDp3ukilufvdV9aqSHXxxup1jCCb/h6GGt/fJ8B3+XoNIBqTJgw/lPDbq2fKjfhSZ5WVF0kjRLlFPvyRII1G/gzn0fxIYS57xkZjgnK9L8Q4vFevHBQ+Jey7WyE1HygOEwpw2bg5v0rc9UGxu8uzc3lW8acw4d/e4Cq8xixCFmotwOnHwXyyeX5TX5ZCxNv560En1T1ZTwSS9tFVbHNfqu0ueB1qkQQC5J1nklNuUaiWZo6odkPsLw0gjHV/Rnw3iwf5KUXfSwRzinfPWLv7+hSviaRwxvMw+1jItNuLpT/tEtgSD10HfnRfPbsYTDbd/YvtkpfRQkpzte/GwDxfzgGagxbEZhfohmh2RcLQWXZ5xMODXm7M5Qtx9JL2PtDfSvXyLzczMiIoCDiCYWuFuMAvOsWeKy3H/RGmeDKo9vNFq71yp9Xy1MaL1S7IuC7ws2GA+LA5sjgRpymYuGhAsstkjj/t7BTap6pm2vQmxO8ohUvee+oJ7eClkRVWbJNZPao6CbV9irLHp9e4HdhwXG9+b1NTjBV04cQ6dq7XUeoy1QBfMlKXTl3SavRzaecJev9yUu3d/Cv/jtWzHPXrzSGCk63XBOkLw0Gc66yiAXsPfS/H44C2b4crpqMrCXDnowdsaJmOUccv2KSwipnJB89zaGoekZ7+iNjVNm/WVZ3Wne+qXZ+iR9Se2J3NorffR8ptitAerMiWU156yKpYstMcBf/64q3b12lCyA46TGm1Hs9Ea9kYgfth4PwuzEEm9e9bymKr1+Ealhw9kMLkeBWp3lLIkypoY2LPbvldLP7DOA6KXw8NQ9l+sURSJB5SuC/gWZVyy+JNWzp4OeHvnmY4H6LxxVjdEWrBoyzOti+9gluuDZwCvle4aJH+esRCNGuYYxKPqgDUpdGZ4SyrKhOKusKUaybInyKT8S/DIaqVnT7uEbRZfATTKSJcAjj44gafboCMLfoeRekHn57jnvDzzxXkYHu9JKyj2vs+u7pgcMb8yqD2/i+3n0COgPbVmIxTDoqR8R7z67AJ9WTAk+H58cszQPRV7xAeozhjc5xIHv9XdAaqOIAu+ALvY/WwOty87xim+Sko6jkthqEIhg3BkHNC67YYPfgFp1MEhFpE2nE3JZF9X5yAYSyr68wrurvtjbzat0JO72jliqLD2npZlLYEWM1UMqr8q88lEZeOOWT/9Sutk4POL8dH54C5duxyIhxM8Kf9SA7FBlTMjVw2XuHqmnVtMYxYBGY84YjPnkPaLzQWHpnx6y7BP/mC89hlv7uAQZdLfunudvBU0WeF7sl6g6hYaI8nNG7HBWQ94dcaEB9hUXyd2Rmrae7NtCu4Hnw3StHm3z4zKAVlu4d62ry4d45j8CEy/J/etIPvlWkfwy2j4R4oGn5M8a+qKsgZP5ToNxKqVDkiSeepXZXXNLjljv8hGJfhoyX0mEkr31ccdCJiSTJPcbiUFqCJ+tDmm5+SoMR0DxdWAPaF7U5PO8TN+aYK6+sGajmYnIYbADrCJXi8VeZBuxIxnBkTIM9sfVG1HvQF4cPbEJdbKFzVMjUz6kdm1Q70Ephxu5Q3F9B7mIcZ2g79EgByFUZOXKgX20YvtkBM/fcVSpE+Lnqh2uMR1+PDuR6i+Q1UU7ljxcWej2xc8VnVfKcAty9yH3y2+BE24QUtzxnED0H2DIxmNl5PZ3wkEov2a/6blq9mlxbzQ8FEOeTvnydKNUahiCP0yEacAxNPQFc3c4PcBNrZ34+Hpk3+peErRsILAlyWsbe9h7e+gJXsMvFDMFiQDd0Bu7fVNXz/RmQfkhwJLl64VOs18aDdyEJb8AjzanfVkexHr4z7SxeT06xCOulXf6GWDHpl4me65XTsVulfJDKUwSTTPR8Awl6dvam+jkAHrzKwafNlCx6fvXUU11oZfBlpgRDAahtDq/guDDNmmeGSK1XZU0KhOXGTv45ZeZIJjtC2lme44FFtdfJfgWm67cgALj06O/axCrGhEkTvboVL4uAdgDWSZ3elnXcUMl9pxUAzAJ5pFSb2bcMuJQ5j4J4/Ga0ihGsgH2a2isxQz7KgbxGlVbIcOdeqUDvEBGVVB/lfXWG5GWYgbcsIMlkZmqTukEDcIWmnN2MGTm609W3LoTORgdbRXAnirRctfq0BXxKH/BskAFPQcfWX8zoztvCBSwW6vpG7h+Q2DdUrgI0mT8JYBd6iC0LFfr156w/C6LPb9C+ddXG9RF+xXLa3g0i3a3lHzjXnlSCBa7tTpFqmP2i2xBN4AcXk2II+TLHGtKM6MyZceq1OiDGtXgIIcMmgxkLwMN5Ct9GkmcSRGwSDyoc1QV+FDLD9mMH/CY4e/cNmbuhWN1wnPLXVRTPYZIwEIGWNUmhtH39RFdAMNoWT+ClULnYcqWPlHUMC0WsicDDNAV+yuNKdl8mhEkxA3UH4xCURTWm850UijS4geOcZxZG5bwWr8p2sqtnhbvrCNpM8kbm6HQo7F4kC4TkeIqHRPBbtlAve2i2Dv+yrVPKiGypWrcp93l5uMbt6wXlOrCGFemIkxfjqGFB1vccdS9o1ucRjS+bMcRXXGpBOEwqRpqq3cpILnBIKo2pSk0aBqMcidDoisytnZcI6yGBTMhuQKl1xDV0ILD3sYywqzck5j/ptYXXr/5VHq4OOBE6QkkxL3xJmCdwBmYfB3Ssty2Lu9nVWnMYhsW66oLHzBFyw/n1lwvTGaCHYTY3UTUe7H+UeN7yV2hgOYzHOq2NIQQhgXh0SvO7FqIw7LqkeRD3izht4EGeqce2Z5fxrKP2i0GGbz6lx0UXCJKnMJopRB8GNnFXu/Lfh/3iMXUI3aBXSktJrIiPY8sMWr8VXpQbikZLc6aZYNK5V+7dnF65VyVqm8Gw5xBwrGELLBiGz5/Zdrp3Z3CCHnrrwd8dNYeEoQmdmsBsgq06PoyDG0xkfhhBpm9BKjSX5niMovTCNViPMwVj/uZr0P0W0+PxhM10PMSV9+PnHhlz/ByqTqEPorO71jitgkj1A+Mr8mX37rXs300t/ZfaFGKqw7w+kOcQUrgpn4zvtakjBpiI4oeuiw1FWio++AFuwYBZu994G+I/FLVBsRUmYR/L6PyDCoubDFtLbQGe4a3CBYXG90g0Xrd6WcHyRtsdbzDHhXm2nP26ZKnQYTklOXxIUWCD5FgO9484C0syaXfsVFfQWt4LqtVIIXDpUnS+PoTJ/+6Qc1wAYnqGxVA4r62vYlv6mZvfnIjD3T2s3HJhosVnvBXIKHEJgZArghIa2VUxi/+W8ppRvkLu0RwhZ0MSpG39MTeSLQEUC6Dbu78vW0EywRHl09Icv5vNd2AufoY6F/H70n+FdRhpk0bf3Yp8dCzOTl4NMY30Ue4tlEis617ApSooPXxQJ0AVMyFq+dbVNwJcoazRwiS28qwA0rgSkzG9PGw8vfZMaXz5WpmX0j1+NIfmlnWcGrbNPXktiV/rdW3s8xPagz8lwsP6+uzKT2UxfL+BvZBVzaM5IGXecU9nHKroG+ZlNl1/1I2X99Hlj5cYlhPWdoDrX7EvzR9TkkfWhLYrz56Uea09u9ZdQ/lggrlxRR/9PXDCuvkqL6wDGpjM95844dzNb6LPKjkWFAD2CjR/myD+8oHYgBPw/fUHMrJKS4ASCIQrHwh0lfaO9QWqlBxv3Fz0Nfu2HA50SNBCW8tq4kuNfg/Mjunj4S3EuqTxzD1AKhw+XN+vZ9/I8GuAaGgGMOeOMk074toz7vPp9Zbe+CZIWRIXySUCTdY5rJ2Kpij2jHmHe5wnYgRLX+aBaVOdxeqsBW9/eibBWPwoHdxVK36W4Vuat8+KvVM1XeucVvYLhvf9dVAoxZouzsEqpXUEzDRiKejBoTf0DxKGP/Z9xeL6Ymz/eINF7wDtnc/i8xYBatGtkaTrmRpYOhKOPKBfVuolxYqiI+oPa+FoEngLEugxLK4QHxwriM0bnRoi/ehib+5NMvrJcOyirHEB0S1akFwUE0XHKbhOplfWCvJxnDAyRa6PxUeFrVrD6rkUi+Y4F4Mc+UiwNs8jhlWuyPBs1aHqS+9ZJKpc7hfhsm/qc0ZcO5iQD4aYTqfJqdPnt4Q9ZNCl7SNMxSawCQl7DzBrU6ClR+6fm9zILGFBTBP0IGKy5PMnJWhuL4rRDtbMpjon+o24OUkjW3dMKAyHFwiEzCKQzZS9GyMDQnQjQre9L+CMeuvuj9xPay2rGw4d6pW1caMHwyfEjuyi1IROmmpfMAPsbtQJi9Vw0p86dko90A1PTC4XSYY7xNFFujcSOcZ2pWOiwKb+KUtUB/BFDMQXrtiAvymGyZmw+gY5uL80rXarR4apl8YK6oPsx5gjVdB0TcW90Dx8Ni8LoQX8XznzuJtSKsGNozjoF56u5nsD0FpsXyzkEfJN60+t8TFHBLea2kN3RaycCAUGgrEC99wg33FA629ySanbIFzmF/EkOjmTk4//PczpLgLdaM+lXDfkhlwmGXCu31XyytfLhW32uDK5hFjzoIjYykcNmGqM0uRaS+rFTH4iGagME6kxpjpSeCmJV6vVJQ78Me0FrKcYNfo5QE/fKxHRo8qZJxn8Sw/VYmGK2eN4RdUmWGwwgK9PO9CeJ+YxKp3N7/yVg/dBcyjM4pTVcXrHEGu9CDn/aACHcivQVPPP8ATLrbiQUjNUcbUDrFHLfcbBzuAeth6AceJ226livbZitCXwl1Q3+rVtIeMq2iYHkT9KiVZZ9GY6Wx5Cb+HVlY8XE0AYlxStMpl6ZHGH/sXEIAjzfvVL68dimxDxWtjN+AgIySJW+Iv5Y2BDWURtnjXldmhkWqr9PDrrcCyMnWJdK13kMVRdBgTfc9qApXr6G+1PucMv9bZKCPuSjLLeE4i0qOx/FbboraXH9zjvgivVFdZpp8V5BqEZofxq8Qz13+FeMr1/B404LcAHxEvWfk86/LDS/6KnuaSytwfchpQaT4NeOTr85LeWlA+z9tOPgHjLGNjplW3bqVZX9kNt1KISyGiLeLRb1eCdocURGUrPef9bJITuba0/GDrYxAyq5D5U8Tqf1EIoG49DCMyEq/dW/tXiwe3Ey3xAGwI2sCqEEEmW3w4vtiU2RVbfxPZe+QTADq4V54m4i3Ms3NPUIhFEDOH+WPLXn1lBUbhnS7tmcS40UaFB/CY4dlmGYfbSzHlxrC69nozmJqW8taDgDm6pA7HaEbiCjw6Td+03201WxoVzEJ1onJSGR5lj3zwvIh2Si9b5oenRq6tGHscfFpVrO/Fls9OeuSYfWnQIVqc972Kjt3FCSJFmCsfQk5TkOVecODXChpJSjbJ/AKy8qlPC2J3btON7ggEDPjjER5Er7zVOG6o48GcZclRNk0r0F2+qtrfXbgNX8cl9bJD46bTGSUEc5aKAtSulwfFMLItSXygMf5INAvPoXDj8pTNLXheJtI1MUmFDvI8vm1QipZ3GPV8vR258HU1mIqGNfqolMSRpGCbdduM2nMdUiXQnUp6Bvqk+NxU2IYlvdKVcNyXnuEZqSIwrPcwVeD+tM1ZtN9YH/zo5FZ2KDwWUrayT3PEK/SOc3VsLeD8fwZGpRjKDzQFolAsGTnAD09A+K7iWXNoI6bk1kb5SfZIrfzNNMzy30cnuepbAJxVT+r0czI0zK6993GxZjRLPLIe3FavFkf5r2OxXL+lqELBKSZ75PObQewX3ON2P5P2G34gQfuKnkd5Lt8+LJ9H8dc7N9M/8zMdhlP9vvjngqIsWd7rsFVExh5tFr9IoJnjN3CaozIePQNUNpr7ZeX2KowaeyRL2SpyTeNhSt+qASPU1h66NaV7bm6VerF/I6qV4c30vvZMuLFbOrLGgPUChMqwvgXiV7FTYQeSAzeIWnkWlI+gNJXebhQpzveymMdyuJ5BPMwBnPNMv0g/SiojKlWLnELg9PnUrN0nMtqODvZhA/Bk6EUIvPLmCh/2ny3PwrlP2WfRFDkOYJmk6MzPin94vf5VW14i1iNbpUG1G9Uun9MViqM2GNMiNZCLhhHGsZbEKevYdY1L6RnllYjy24VITT4bifutZY3aaPq8inKN1Es/AAx2E9un0tK+6qFjlXchnHv67I7rARIcU7KUZIrN/SKN3l2KQnlLsd9xNbUzxLNYImhoKQahukY8X3kD2lcoDLgRRTHd4TgllpFebJjAg9Ir9FGWHwmhMJkG9qutiRjnJMf3Vb04jq/lklaF7sOk2bBy9i92H7u1BR2/z8LIyY/Qa2DGgAWnopjcMF31Yg4a+p3L76VhbHNZjnlyK0N00pQkdAxTVaE0Q3k+gpaNWXOR8af50HJEAiMoz33Bw4Jn4tb4eaaTH5kPDeS+okGzlLDtasuiVmo0LUT9KNlnvDLCgvXPOzDJ/gH+neeO6cE2y+eZEbqj2jECG+iXLnt9KrCTGS9hU/DcVPzpGyIVnvc6Frtk6Nwqxyi+xBkWUumicTS+VSG89FJWxQR6+L7F0I/Uey55uwR+5eXx6EMr8yMENy3pVTjwgpyfkCen+Htav/l9UXVXFeYfv9ljvT470RNe/E4zjlgIZuV9Vo4tX8bzxoYCMixVTq8NilI2ziuR+pkDeLoNtPSkmn89Qrf1gkuy2gKd4WQ1xRtbk0wM6vKRNMZpSpqKY59v+B9v0a8J0SKCUQXRg/v4NTZs6Vr2GZJBMhuITOOIOk6eGgWJqV65+P2Ej9ZglDR4uEC9OtIjgypgcp2hsm0l91sNhXm/SSlMBugny81DQtB8F59twtmVYOU3pAxvDOaISrse4BOSiBFXEKPajLSaBIT7IJ21H0BRblrkVHKR7NL25JrHd0b/RV9c4gHeopBFnNgQ4k7uyKp4IJ+BHAjsptVvem2GP8HwEg+Ow2qf+vGYX+hyCXNe40eozLst9rA0RVGf+fBYgS5MLYhiKPXfHqKVCE2VvQUfHn7GiiLP7LwGDRrQB8OIR8cJXObHUCG8jJdU0dEA8oHc89bImCq1+ntE2/qsMueRZBFmoOn2suEpxzq4jKRW/6QfWer49ktdDBHodiJY8sp9FhqrVC8jyQUy512VQJSDKL8jJ0wljLorxTgaYLs2vbuH9sxPNUuSfM4pkbNskdfgwJWPdU6XAo23+6EZhNlE67+YDOztSNPWAvNxFOKQUOblQ9aXAcPAniTxGu4kSk6lB0Okb9+Fl1anWhfR97PtrMqzooddroreKLX1IP1s9I14Y0daGjaYhx8pMniuY/I1uXDBmhDpBfLHS/HKF2Bp+g2+w9hsPIW/+oIV+ygS7tGKDuOobD4a6/p1OMBI2LtPZ6W06nXX73yY8et79GB3GWXVApvzly0Pk/mW2L4+OA8UoyIdrI9ojnv4aljR60qNnM4NNHVTSRav/QYQR0A82kx9t5QjE0629FbPLjTVLEu4g1SZae0s/oXi6CwsUFr+1ccGQ5WiIJ5pxh+GCtwlbEKnSlB8IUfh31s+bV5VaqxOa83SE92LjwSMCa3aQDIq5M/PzSLh2+apiFk5xvhuuTbiXFqzgCvR57k/NJAoHbLYZ/fQok9kvMg+26L+WTkrtQ0/dBuqHd4VqviN/fFDUcsqt3pOCEFPH5TE7d/XHo2GTXt1So1izegN923qMKAp5nXUv6ga84VHKDWBsve/CNd9t1Wli723AgfPvuHGMndYeWkJcL/9V4n45X2hVALM1wK8g2OTjJNr19KV6/to9gfv31ETIdS82rm5QEnkwKbM+qJA10D+WjxhsnpzMNJRQtKwroRxc4E5Alk02ez4MDUbXrGPqnkdPIqUST0ICe1fQhXQuFVBgmM+8LY3ZpmzAnmiripp5t24Sc3treORtNbzZshm6dcHYMFHuIm1biPaoPHrnYvYK2eUk5WMgrF5afjCDyOqILGnA7oDv7y+tH5BjHW0Uly+u+l8M9fJWUuHG1vcWor0pkC1Sxc/pNJ+cbSqExZoMpt4ssxfWbkG3Hz+soOXG0KN+FG9fM3IbHimDQOadNgcdeQnhQw2E/Ua0/wKJNbzbGxEKqGaP7BSStPAAkFPcH9ZDztiWPDbv/A/+pFMSoTuUfTMt2ZdwsMbMlte6eQ7jMFu2WIkg701AUayIuOzpJ6Hy61A4zEh4kbGNwNPlxDeEj3uMvY51MZHZb+cS28h1Hv9ogyL4cHo1MFY3Hdz51OZ/uu/u4E5VgQxFJAtPbUrhLNEJ/Oiv7QsPLQX5Jbx98i+6dVraDOqHpk+y5LYxhhYOgB/WooG+ikLIoDuK/1oh15HSUh/Vi64jUwdlQVbxoM/HzBZ81S4rBqoqmsx+Z/BkV8WFW2bu+jzo4AeYIPim7T5yJG04s1s3KMXjUNtyfDzMjmhVCw5e0739AnNOv0d5+dKz/uIaB0mPuiCBHMDMKjoCBKHMxkbZ8Xs+8+VPT0kDaF/FIhMAltD4XVTBVEqrS6k3UliHsYIPCpkKlyBpeZ32ESUl6ARwYbUh3rY0sMs73cRXFS19hyDFmh6rZiGj5V9HS8cIp+d781LhOfD+7/+hXYe177n0iMzy0pzIuZhA0q/2szYtrRjE9PsMOKm7HC6+xy27Kfj+9muUpr9w5GPvGN8/KBLB7E8WsrP3xpYJ4I8nDm0PMAUarBn7aLu7Z5laXW2skUW3ZY0deQSpizjH9w7p61BPnymgBEvTh4QFnHrM2frln+2hHOevc7ZyDNl8y8ho/x2uS+tYVsM7iQSybRse7hweqkcgNvAr6sZbYRK6AILkNn8ddpUQ9t3MexduyfuNcCwqWzSJ9GfdXFwSh1TYQeCeaNqZSXaG7aOhi2o8FSvQ0d8Xsb6wmoQle4DS6yCWnN7UmPL0deWfotEeBEt7Y4jpYQyZ2cjr63PUgYSrKJKYJ/cLKiMgEOw52Qu2zKUxKEGqXP+mzVlha8Ifq+SbRkUAfZhdpdv4BfDrK7df8go2dZJX79EpHlxlVQP0iFncLkaWDpsPTouhTo4ivEyUPLivsx/e/f9gfoX2o7cB0SGHoEWw8ppHu2vphl4MBBJoIZKzEvP9qZm7cEDefM2fpj5IdJN0qzA1Ajrl+PYcWkOuCIat5PmG+0C3Skm1vOiehmAWQYIFr+Ch2U834Db07KsQ1ZOSESLYc7VxeQDkk/RAbXreH0v+pPeE0y8pRf13xju780ajYK3GBnWduxB76qdtbThvITdhqROK8jQOU3LbNQfI9WBVhVQgJ6hUxgHjxm+gd6NG4oBG0Tb5U5op9+2M260sBPTXfSt/Y6bcGFpfnkQSz8CUHrkfoJ9HqRVQ45BC5gNWW3ObpjctRJxjFhvnzaLilk142f2/sHf4xn1Z53GIz06lOUgQKvRi7cXAyJy08m8i0yL/B69L1wXmou4B3VPP2rRXO8kyImOQFXg+ZdYagNaB+kwoYRo0GkQEoI8pME4zZ/XHhLDdgShqA7VOyDML+l95UKB44Egwu8ASPbvIi6YBXlhBNuiaPBOP4+hUNuHSCa6vOgMw/wxeMCbH94LJgp4doAhK9H14dl+yEGBf47nG7aCMQ80+i+U/S/0mc7nJGjPly0/wREEgf8OTcmSD9vfoVfKlgwquLiTpLS3UoKfcv/P7zyU+y+U6U8hH/t8Wx7BCv27CvEi/geC/V3q+ncI/h8YTP73v3/fHnW2VX9nYP8OVXldVv+59/t/vN5/h5P171D5v+4GZMDfMwBOeTJ51/3nkX5/I1Cd/f+8Avr69/pJ983/znPyz3epQWgBxIzDBobgd8q6Xd2/U5bxO2Q5uC78DOBR1VvuTMkHfHssyfQcq7a++/f1WiXZeDwfoOdD2SXr+u/vtc23T/XvQ/HcyqlvcAkYfz4ny+c/H8HXSbqO3QPtqP8+DK6wLWObM2M3Ls+RYRxycKW66/5z6L8QlCY5iML+L84z/ib+X5MMo9D/Ma3wC/r/mFfo/9akYv/HpP4fU/jMygT+rPukBKMGxqX+JJ2apHlnjmu91ePwfJ+O2zb2zwkd+IJOPm35m/3/bYSL37//7RpUV5fgt9sIlkKyTo+2ez4W9QnWDP27JfWfo9B/jjx/Z8mW/BdK/X1E+Gl4BCRT+7RhH5AilCPYv7rjVQ8zf/7SwH+s9EAocLw2mkEGjZtuqOMs334Nxkk6r6M9sSEXydAH+mYYdqlghVAam7Z6hMCjU/uJJzSTCrqXlKClqW8RCPx4wDko4LgzBRFVDXKEH7YqOaBdJGo7+EpaFzhXr1tuzdKSYyn5fJrqw0U3RJouKFo0fHEv59u49wNbPAHLUcxFWb5zv5CSuF4/X6/d4H/qDJBoQN+k2kiBn62nq+wGgTFvV1MWLZHPPdc7qTtH2h9W5NiY76MsEwJe4l3FBscdPoYVM8/09n354k5Q964BJhY6p41eXoDpue+1w4jxDISc2HLQKyp4Tm3QPy0hweVbeGPAYJXDEZ8Rrh8TgaZmaTSLJLAJ3FPw/blVSV3gP1g8pQWwahm/aLDir2rYkUvrzRHMMQ0rdjqnzDs+PFh7gL7vX/Fy2nccyLIJZyBZa/O/wYdspUI8vYD5SLcyMBaS8HNJD+6+0FJyrgejqdHDTTVqC+8+foNuYzTlP9edA54U+qP7SldpbG1BWqxnPdoj3WC6EcPyVassHTPaUNGDb04VA0for6j8V9WUDotuGRFNt5dBZRkoBWvDlvbn4CiXwASOUn7o4vkHsQ1Q+fjiZf2z+XtzWEos8p9sjnOV1YvmpX4B0hjxd5PP3GvOfpn8qPNF8uY7N8KJitKGqUMjjYoqRDxyRLoxK9hheNtWT2crRhRIfBH1MUU/RbG/sNQgvCwC9j49U672hUKQ7HG+1ZvJ3qSb9eqpIeCNz+GbllAEBWXNOTe/2vvacShAzZHJ9gT/jCo/lBp4ZSIfZQdCQdwOhy6KFFykTQ0OCKcRVzNeWj9fyIqzrE9oQeHpaX44GDl1cVr6HqCqib3JPqO/VVrKiRM6vGd4dzd8H8CFBqzeAh9jurs95ycVe8hsWbAQjokOezkHX5zEjKWootXV21jLO17M4uIfpDJr+fsu9ugotqn1lkAsjSB1VlUZ5yPlg9sCrSWm0Zc0M1VXI2NugJJfJUXrcsVXPrB0w3NBrSLwvo5iytr14ojXmwJmPBSnDVNOA53q0lq6hcsewcauNa0YeUPOLEcigy/i632V0BlzSg8dVMetWa/oklPYff+yvO6pno3ZWztQrMlLqzSWlfRg6YBNxY7fmLFJatuFqtfYmp767d+pWumNSVMi/yxq56TK8WS70Gvh9yQgJR22D4eq0uDkC1gnSWpFKuKVbbARMky0ME26SKS0qHC08OxwlwE5r05QOUV6Gv7Fn35kEctdZ7VC6urCZw5k8PdmbGdDEWKndb32Xe4k5i0M6Q5jiqQFE43udCdaIIbA/rrI1LMqoyJzsIrsSkXfRhiwqkzWMMxwq8wqU5aZ4vxQVCvoMP8NnDpzd2Va5ZMuDmzxi4DePwtsJxNI+/zefMda5mcZQEAjTqa+H3EuT1mEVfkWS7v9mNP8qz4o1MDvmxGEA/2cSz2vI8HjYxuDKm2IqzNyyW/EKotsB7PPTjHcA+g+2gbRZvTbGvGGOfXkym033w+ny3MlqyJAkdu6TGsc/lLKZzXe7PaqaPZLb3ctUbaFcS7q+95IjUU5HBSUrkIG+AIUbHofDcPI6vBLTlaCQtH6nT7S7lEcvBy7o6fUJx0LvNVei9aWrbFQMrxEJk7tMjq5dciwJ7/bppY1z2YfXgiECszHULTRv+tFoLals32Kj9w5w+UPbjDS1xRfqUqbIl5h6auooPQtRL7ulZuxvvUvCdRAqRHraIXjbEJvwM8p3046+pV/3vg9J2nIXK+5nMczWCnREXtaFYzvqOPBg4yn5IZ6FH95kSJ5nMwLWG6xh3FaUdZaktl2u1csmbwL0Asu06NBt3DdXasjrITrTLcthxOujLmDxS9KnyqHJd/YZsd5canGODhUas8RliJ8uOtk1NpkkC9XHyol4XgO6eRFXCPVTqXPgKM1dpRTfdZ69+6V7/GgsnlLX/l2CKKf+pUw6OM6CwUTzCRLofu0MyiQdgE14FvOaEydmnIXgBAsYlv3JU/3AAEl5vj3c+GcuX+t+TZ6CU2bplfz0c2tMKpJwOmwcMhe6TIsrHrj9pUZcYJEz1aA+vOo3PaK8WNCA9ITRJmA5PVDXAx1uA/f74Qc7r3SoQ60Fq683kcBCLWJg9Ap6+KwcY3SykFAYyR9t0tEna7pPMJP0c2KVHH4EvrQRImktfKbznaJWRRWccuuDkanXjf0Gnl7dW93Hr3yZM5fw0im26uJXgBppxXtVm40+BRxOg1iB3RCVbSf8fOoEqkrZCmjDcXbYN4ZKNrB4E+tktXXDYTI/caGTri33xCrcL5Y3wilZLGD18+HDdQuMoea8RW6bgxg1W8yfGGZk60+oXa3zDtL4S6TFqAIQTUhHwK/6dhKoCGl5MtMt6L+fAVqZ2BKS+B0wefSvvaKYNM8rol1dY7A6HLZCOdT9T9+fqFxsxEfg/T9Ro5fIIIoGAvyuFk2oIzcOFZ0easfl8suKoz/rFGjudP4/Aa7mrBxC+z8O7BsPxVOq4wa7xGaLvBc3J22TZRmgN8Ea4jkrxvRF10TQRANb+Mr90zrIWHJ2+wUElSEV4F0YnyM0PP9kwnNxKATxV6e55voZWbSHI2wjKxNk7zeYqv5lnN0D00+pwSipPxNjJqf4drQeq8ty8YtDbXBItWe3c6sTMOtr9HiW75TMISMDvCVsswRw2icU9ctYzrcynhR6PVK4RYdQyvVFI0u/32UB/Lt5HlgSBVqzwzRUpflUtTveULHjYcR1U0WNgOHNrfsyapi6Yku8RUwAGYI1bDAfsBZlME+WqALRKVeKeVluWTMzpGzqTLiwUwuldNBZZGjX+ckkca7/hUHjw16jsWHmHdkkfLMdBXVtQ1loPWER1fqq56VSZ1M8uPNynjZdPmA12GOXut78F3Fcbw2LAgSYJ9TNsn5kY67nEKiv22r+dLma8J3vFIWBI6a1X8kMUjLQz7DC1/m9Tx9vKH5XXxgOGZbJ2GfiY9jJr7e4f3BSuKTW3ZhaliE79X2uvrnkiEWWIymtN9RXUUy8hobkSaYVfJZ4iPFP/2UGZEOvxahrr3Mpzekr3t/ARuWr5DvsU0hfA8JnjNG5xPJs4y1W2xnCXGuaPcVL4fs3giz/ejE75w0z8r3B9wXSPe0TMFV1soJQmhwrHyZwxmQE9O/Qcgr8sVBxNIX95eAYJizSJE3t9KTslCdw0PUYJ0LFX5c988bmMwQdDTPuAizLWA33kRW+YCWwz3iuLsXK3zNcRcFXvYom5sNQVFaxj5yMmENcxsCtUbamBc6yG/wUajjlt06M5msfTv8vjqoZKjgVfJnnlGjT/Zy3rO/zHHC3yfWR+qMItuzj9/ZdMar2npc3i4Q52ttPWQ2CHwFD9lEV/epPrcdKJE7YtqGOFBPJ6+V91z+jFtliYJf1Dhro94liBC5L2PWP3rvbDjNxwusHjw+/gbaEBi37nKxwQcwVo0x1Egz3n6Dd+Ju3Lu9mItPPgdTEqYk/+IbWPaLdS/h0SYC9XbLuapRUHWQUm3sQJiPYzm3OD5H89HD8Uk57XzdzID0p5b1XzYorkgfw+c7vK8okvLg65Nf9cFsEj84KXmrIHjPCbxA0GB9THJiVlSexwyuIV4LjwoediOCyvviNPTrLwK7QX8+qlZ3DfFSot7jT4WVaaF2xu90nmtgfRaRh2MCuCno8rxFZY41mafDjizr8XMfg4aGkQgYHfQSJOCFDpWp/mTnpmDmcWTOq4Py7OWTU/OyTi8B0pPvPc7Ns8z1VeS03YRcj3+NnkU9Xdy6jAL5G//YXd4KIqqbkGHzn1NiWS0Q56/SHmHuZ5Z/zsgpujQ7EkBOPEsber+d+kDkO09uxi+H2Tg0rX7tVyd98yomIyWonfK7HpXKZaedFjzEWMHrDRpl0CREmLJS6uMLApkkp86SIRVlkzTrvdMOFtF0gpXL046RLgc9ZElL56ngukmBFu1Xrn0k9yaqJAw5Z9NQ//RE+ZlSzDmCYh7dLk1wRseU3buq4BlvyhbDIjjgYKFD9NlJt6wiYA41HqyKkRdYbnx2sDbRdY0IkwK4Tq1yLn3Qr419Wc91mgr0p4TXOKD0fsixgZhv9MxejdaThXVcNVtAK7x/VP5rVSHj2X4Qm1DgTK8zqRdxiT/Nr4gPm5GgqhFfcUdbJXaX1Z0iGihdwg7Rwqp2UBrVWJYySQrdq+22Jrk20DVjr3Twl9nG/Dl+WO4z0vlgb2E/1QMKMDR4JcvDeCkIno25HqhY3wHs8CVJvQZkjDzqFBSV818g6ZkGWZK/LPBDI88kHLaGWpj5oIxS6N4xVSvURN8/GwKbm6Yjxurpq5lp29/ZWGM6X67vOLbbcMXP9On7/nYN6SL7JlP0JsjZ03aWifIDUPzirrSxEQfIPNa3L8g+754f54JgSRLCRan1MwB2KmEGUYxgfpGHDA8s/xBzZMA8g+11q7wUfIaO6fSQiPkmLTOvfE3xIq892KEeq089az4HbzDY/jpmXqXvu5jmN5jxaeZDbiK5P7VkUCSCkquT46SHuiYD0298FxlK5XYXM+EvKiDjaey9eyswqKISn3RBWCb3ih4tLPJl1HOdpi6tl4fYdLJl0tmYyweVhFgMvulhQMRM/yy1/W+SkjwSXbzQ3Tj/ruKteX4GzDWtG6if6fVZpO0+xDPWH6XL87x6LI6FVvK8fsPAJkl2+RQnhyG2AlfIuu0Mzy1mYh3+TkFeRFBxnd7vzwL2JK9IcyMn4Fk9J6xsmI6HEJg4ADYtZotAYQHSSPO0lJJSIjBIik5ZuapAiDxKL4GV3UxU+jWQi0HR1wLPOvJj2os1fPMMySiAiMhIvBaucK2ettcJETopqR+QHBz1/QJrmuvTG4t6mJvETkTZ5WwlKj5hZYlJhGCvMe1PrgiQSlgLdnuG7X+y957LrvNIlugb3aA3P+m9Ez3/0ZMSjUSK9ukH0Pmqq6q7Zu7E7emJGzGz4+xDSZuEYBKZawGZCRHpJq8GOs9N1u/t+en3rYoOO23y2M4v3HgCfpMNTB+P+D5IMACPehaiEyCungnrFyMD4Z6t+du1q3C6OmN9fKIAtn7O4WJYsakDnBU4el+u/Swu2y7fuGF+0i0TFIBkvHsvVt1a9PE+UeGFIwiFVcn5rZfvk6IFtazPA6pRUsGfK++LG0f0ubq/CHdtLKJPUuajRIZcP1z2eH3oF4SGCtrEMibOsAJLGHRutipB/IpE6dMJDU52bsXc+lD7hGIkkpJMXXUEpJlyH6mLBoZqPw4+vaQPuX+Q86xGkgBAuCojRDdEOX0zkVfFwfycxtb49Pq5yAARFg91aJbO8MhyC1J6LJvy8lQeNx5kI92TuF+XpxTYB3u7x6V9+UiP7r3zXzXQdE5KPn4+qFBgLe8LFyfU3RZmO/tyzaybo+VNDGqVgf50GbgdFhmCkgRF2sKNlwJdTr6zUtRdBr3I4KrmsSxmFha5rg9nnr5SsQHFvM3PusYtEzb85SMIkia08kE03fD1YnoHRzLKHQ9U0432UqGUd55EuF4kGXijtPkfBc9B4Fe1d1V3sMYEV7MsB6uN8vi9m2fqnJG4FKrdpt3dM935yNhAeFpwCK2FL4WzLudov2G9+wyBZvlh0MLJL0A+zBOVaJpxxRP/7hhVYgpOzy4yzMHO3wqfZ15w/1KkpbTGhaRdrfwjWpSXpTULcnZaSrII7y5n8KHibm03kwF8MPizQS+PqaKvTFnQcOnriTjAkMkJryFOKljqVBzh+zvdZCCm9tTPS4f7BrDo4SAVi+U20bKfMd3ipDHk5R3eQoEzWfEk1AWlxPxs4CpE0uBEJSnvnAprSUc8TdBritN6pT7LtgoVFEmKglgqk2EwLtFcLSCXA/0ZwDdiB6GD/rwyafqApcv3ik1DgbLqQblIXyyAUPs5N4hcwKrf+/nQa1/eAIeSB/IJk+zw+OKEgLaMPeeKrR9rEYcNAWRqAjrcLozlaLLlVYQUH+0F/TkIZW4nYPAFkzWeE++HVbymKrGxY+4qIRZ9GADir3Nuoa/T8CkeK9ZNOY9Yer17kOMxz/24njEgW3Ci+bRZiPR1kkRQq4htArwE2zPLx01NHlnNGxM9siUiOu49MOI3RvaBsc0IreLZbOoT/yNgAvq+qvLlYAsPMQUFT6TnyTMP43eV3K5ZL8sr2Ak/Qwufd0dl7VA5JrhvWQK+R9RHO7AR9DLhJ/wImp1Fq0VN6j2bxaTAtK9unOHr1G1JY4yVchA29rLdDzE45epcQ/HRzgW8rNkCsPnvDs/5lAUI9I6u3lgquTp2rwAcdXxfZvzyATcmH6IsGZXZyc7zVXGzFGsvislOw/Cp07Se9Henudv2ABuAC56825x/7NLZfdnCMZ/bCTGFb34FmmS0CuYviWulymLaZtN5IMuHsL4VMv0yguiQYmH0uyvWlsF/Fu4vKAnDutonhAkQ9+d6DmfJLd6IOwST42uD5gGwIzlkRFUzTbCTy5RlmZo7cT1ilTmZI+IbO5tpNu/p6lr3QoEt52HLZ+LpuO9xeaRM8jvm1rItstN1jbOmWcrI0GryVZuJsGJHfReaKOxem/9O7+zDPWMOEaFCyqAZtLP9Fzfc4N85ed5bsz0qaXjwpPa2kOC4Vc1YZDK2h8Eavv1RaSG2D/o3KFX00U4ZpsLqMGqpTj9gPVvuJ3w8Dma/GZehYkUQiI1qAFl30BTHdXFWYOiYywN8ts9AGziwJpJF7KqyPempHslKCBua33ACxd8t/txwmqf9LEdxZT2Ep11QgovDXt3PLR8JKPSs9qfHURxzzuBkPIp4P/Fdc87M9b2Y75quUE780buskitD9Nio+MO0MnPHWy/ACiABwnDwMOaxTD+BysP9iQ9skH33qSqxazDi+ZPAlzvSBh4XB+J3Hg9Mnid+vg97/t6YH5JjDz3U9qBcafGob2eqme5N094nG3NvgWdz5iNKhVDkVPhsdev2gpHYNgfVaMdf/HoVS3WjGTzLwAO4miMcfiOiAx79SbPz66cxLFrIXGONIllMBfPG3yJEAA16SG8EnQDbfEXVji4LNRQYbtIUt9+KfzUQZL8qHH4v0YfmWE6BFBbo+K2einO2n29+jy46TfucxdNKR8HPMSyESGEv8LsfPaEH5BYlhrmqpBfNaWDezt48eqOMwFDQpeRewv6IyOF+LLhjhs+tKKrkW7mX+lhX83vJX4qqo8vWmr21TsIelW9pvuasGtz65jazabzXZ+LFCCtafHzTWiZgW6Dzq+4/hAVnf4Hs6Nd8S3B5oA4S86W+2O76adRngwjxDW1hQoMefUdMfqGIVU4YlO9evroR9DqrpgZX/Q5N7sb6PdVYhUWBImSv91IyV8kR0fWsLMYyNy+F5+zKpX2edDEhCU1OXL/j86JGm/gOyf23OjahyqzuEKAz34SibxIpjlotHfbMKAz62CDNwIeypmKvidSHjEOnPKf7IJLg6ueb3hy4n2W04W8f6fqIlvlWlnoVEkvZTC++HGUA4N10mqjG4JBslU29bTnxcLjlKQOeX+vJkhILvUIYoojvsmThIh6LCsnW2tSJFwvCD4DFMJaUn6GKDjr+BPBM9tNTzHJyaerhWpKMzuAuU6nE0wtTHU5hTp+OD0tob2rPZMKo36W8kBgWIs3eXyn/ubxnMXp96DoBXfTLW9hwan3j2FurkM+8+j3iqOuV3n3UNB2pcxCeIB3OKTmDe7cRvK/e+0bRHifdR3t+orlfn60V16oIMLyBhm2bpPUjFYfX+qZ0japX6zeJ7DCWVR2uAi53PAc+C5H+xyRwPZjuw/Zz1tQHMAXX/nbZmlbS4wFA3GZIk+f1Aes1ODs60Zj0dN+fp4PXzIsihI3e/YuUiVvB69eTjLRvhduT8L5Pq6COh8Y2GeGWklvBWNS6k0oHikeYPDfWWt2IzsPTt9SBwmlZodtlKWFwMZyxmMHCyXdjWZKJVZnDrVAckeR1Q88y7J5wb+3eEqrqyz+QDloiWv9K3wtM4EpGUhicMa/ZWj2/DZwDHg1PZ+ITSFVP2Pj4/jHfLrLE10UNbsk5cKIXVcFiIksB7qG+e7nR4Gx2XTEfqlAaevF4pu5rSCIIFiS9qWk/TDMupN3g3cX50DTlBIOzvq+vSWaFr+bF08SHX7wOdrIPPHUvr95d4uVXojdE3ONRNESEME5sbMXvLGISVv1deRt2+1YFp51pX1dZGUNhq/zjrZmP8R1f6WHDXW6hyDWqcmMGVfSGDuCUuCaybbHfqZfog60sUlL95h1JvwCP3CzQXV+Nc0PKbykRz5A73o/xYx3KbKtzzfbKSiEw1MyBU8d5j2Dct/y3U447VTqQ3072KuNT5vbxLkK1vP3W8NijQ1tujvTtnj9UsswWcpUIu5/7/rR/JzfAHkDUkAnw3KITXmQP1SfMIZ6mL/rCpHWfTD/0imqvxFN7dBF2Jpq5u4u8NxG+rDa0mguR6XO8iFiK0BAbaNyMf+TNt85MFaFotYC59z232oRNlPxlOz7+IgxmWq8n1B0uzDGRvS5gKf/Yv4G3Pza2xkOpnZqGn4Hp49eyskWjYYmDWZZmmpehHcfr+UayYM6ecMN6rZvfhsAOi1MMMR3iLzGkc9vbczBZiSiWoKb2brzwbyhu6ZwFHfYq1aEszbIll3NShHNP+nGjmwnZsPl36unHZaxpv5f48Q4x97RhAz/r5NjWtlt5HlxLVDmPD6AJiuSUktEUV21t0hB2jgX1Gm0KlI3jFly5hLr1wahhNEfRxwrgirhuycpHJ7x0TNgWer7Lbjkf0jcIa1fvMZHZe6aqrfR3zsKXXv+sDcE1lB8u+zQqihmfJHrOVX+rxwmx5vu+mQpKYbkpcPX1RcOnBWUvBsn0tXQIIsB7+WL+pMb5VKAl5TfSfH/aWtwTsXvHUV9MJZ6vn6qv4RZP1iRLgpi4WI3PKlCvU7X8B/I1Xg/iihb6BFzZJpPot+feHDhOcH+qCf0G2AXr6A29rHCZD2puNNmx5DzjPk++t7SyrLUBEpVvm8oAd7oVbVQMa7F4x1bjLxPG4f5KWUUDDJtFBQozoM/lSlldOKJPzKwUlps+NzPatcMNrV7O4ibcYKYDXPoTqsk7LxjPqwLtjVc7Sys6/p4R0d9SLXs6+ix1qRpVv3UgWXjZaIgM+WtVJIALrTchnMseTbQ7ThNj4vgMV1wYGlqmyIbivdH+i/0l6M0ZC82ly9iddbE++S3M3Lmao7nr/YxwE3clktTmHUM+aJKE069XH7eQ0IQLRU1+bi4GOEZYj0eEe0eY6Kjjy4LV08dAMO0aPnGbjgBZd/XOB4znMVjf9A5kYn40kEg1HAAkvzPr3BZObCdyeWxl34NfTFcsBFinc8zsvT/GMH6E90DrXpM1Re1cWSbk+aQYDBlnR+I/lFFUMpUNrF+3rQzX/WFQvMIwyEv5lAhcDjrfNROpgs+EGqAeKerOtL8dovFe6xMxPGE7HvXTUQcHfbk6IsqvKi/meVnSD5gdycd/fj9HhfzyG4UJA6FH3aI7/ppXdx0QVsTsp553hGQk/AUH8vP+hN/0eoifRQT2Dhl00tQdC0JQfumdYTI52XwK2gs6dWwQWv1ZA22DbwEJH6Oo3P2+cBP5DoexcCdeT9TEaFBMo/eKkiiYVYAi29JaHLKkqzLKtVqU8PfqKeVJrUcAjdFt32VLh7AHXsaEj2TNJinbsC3b+opExSn+AVCnPmtghhz3MS0ixQv2XCmK9oi1JTZwxOvVCW1ionTo1dR4GOIhO/ZMUmsSnKvdZ0bQi/szLNs+VUxMcCV6eJqoNWsOtMBSsQGNOVqata6LYWonRwtAoQhyRNbdbMNBcyK2dhjMtWkrsx0WbXr0abzZLmHMhGN2vFEwpBR97/ockHpMVHAbNfeaHMKfeh7HefGTACJPwYXEY2BIojn9u7Wz9ix3VNiUMmXQNy326Pv72BpCNBM2EzdLYOGW+41X5GSlviZFPlQKq/HFsyjCpZx2PiQ7b9LkJ+/XJsoa0hJ0qyz2IEffZX5vweXMs1BGfSQYE1yTPNNUXCyVwexex4RvcpyPRW/mljC0pyXWJoCNH86fnmjxYQfIZiha6t6JOdZzqzUkFbeXpiUns6gDnqtEuPMnxv9Inko9fL16f0hs2q99WsVSeyHDm+tuNdrruoLMmZE4j5jzpyFWlRJNra1u5F4kxQtN3o8VqhaGSJEu6sdlyn/HzDP6azS0yMQG77Qi/zPEXfSQ3THeear9HJDU9+aooN12vL9MlNWCMhnnUCijVKEd/4TY18crt71Lo3w+yDieDTr1c3kLTkFdu8sTSzBboOLh941kWsQex6ag3uFYh+HH5srtcAiPxerTk7U8NO32CRBtLs32820nmKAdWQVX492JAHYcvNDgvje+yqYa8SSzKu1XDsmcvgdyp1gYrR5Ou7oUZtLOVkS7kVH0hF6Js9wLEQNAznvA0y4o2qJVKFgvCPwo6BBQzDJfRXEhOFlqU1FmPz+SwYkZpmhvYbaVS9b1YPDqlxQVAsWOO/8ouIKmw+SzabWbjnSX8YDvtN0DLkKNofH8cBdK5/RkjgOm2/3zegOd3RjcWQPJelSpjzXt87Ezad2g5jHUfX1EqJUBwmx/SH7JsdSZX7oRbZSw6XIzn9/7xkvkMTV1/3UlmIHBxvZD7p97uX7od1cUShWm13fu0VdjIFmIGbPLe49VN63QC3fNp/WzejJzvGEONXufd4Kz+vtsBEEWOaGVY4qrKWP9PHiXlebxs+oAMPb1+44T9U0piyGr/IKiXR6AgfN3d7jXN6bBnZ70hTDHB09R9Pl+yElKvujYQB+Cv4X8GXH0pwKWhd7pT782/k8zQWIiWy4c3fjIOCWmhHHpgijyjIUfJDI5PrP7emt+32W7VEcbXRY9sL0TDLqVHdH6nUA754EeuAgJxYJWbLM2rrxrqHBa1PizvkZc7TCgHCfbeHgvn37Oa7g888Z796DvcRJ60AgPdtI2ZLfDTWoci5W7rjOeRkNtAaUCoqJ2g4SZSzn3fJmw6Qb3xcu9F+MaLgvxjISms0zbQSPoRgI9fq6eJM534F77OJeTvbkbwuT53XwzQZB09NVbytMAStMi+kZ/78YWL+Du3Fp8pZ6aU/dD8qIgfu4o9XghcKGhWnchnxurVLcQUG4CGvRM7F3B0bVQf4Q15f52Q0cM3+mWjsKGZr8VDGXhyfdewzUs6/XUHrjgW10touicnTPfD0AvvAPKiV6+M2r9Zn3RS443qjI2OJecY2maa4ojoWzeqwo3w8LKjlDZSUAVJJtSSNf5ztD7OGk/wyN1rCfmkHy+Wm+spJjJnggIE0HtPD552ExyGHC85YAF7Yk+0LGEH67xgwi9qhCohv4aEVGfQNyV8NYLEns3Lfto7t/WrPW6UL/mA40531T3QXvJ/Cgfbl5fd5iG74cYuIbSds5Lr8p3qSVwYUIWMcjvIpVoBNWwVjs/pFn7uWGbCeDiUU7FqP+lhCqpbF/AY9jd+rYY1cfE30iV7t9dfF6EO6v4W1hONKQhBHz2GfYuH7EETUZ0trzZUXOPKPzg5KETp5H0DpWIOoVHdrbZSO5O7yzX+nEDg7L+qJ2ISe1b4QXmnTywaK0aafzy74gzhftJ9Coqd8YjTM6xfBTBnD/exj4q5k255k3q8bOdEGr4SM8nV1dZUpFGw1sUHxkAk69qk0b1/JDoltW1YOCmK9odeutZ3336ZHhNN0KcHZaUpFTLWPQQ9FsRzIiDyfvWQKvJsds+bY/2POd/9uaVd36/V58ae8Ad80AbX6jdNJ4UZ9Pbi+8mTYEipgRMWc8VSeS4+4zJLYe1HZHc02iHyZs5pARzyTiUDNBF74Op7TfeD2ZyyQNitfc7hfj5Jo+XmT1UOY60oS7PQgw7Poq3+W7IyvFi7np9w0bdbgR51eVWDMql1DS2rLiVTQDbvAsvdIRX/I6FmUiCpSr44wzwbvH5wkKHZGzu78oezvPNawFqbvNXNxjACHc659ds0DeVgEctCiT1+fG8uB+ZIzsEmlMVwLwHQ9Gqg6UzwREac4B8EB8ebdyXnXaOUveQ/cflcBs+w35q7G3sghAHVqBpsTYkHJT1IyWhXtw0WnZl9aLDf81FlvtkitK96D7tx2A7ot8En95J4Z1HnBxMRZN/zKGo3aPOR6LWfBOKNd+TVevs6fsavTsSPCGM3gibGzlmaK8Bz84Y0imjnL60jpBhnljZRwqiiR+5LaKROXkvzO3CTleH1OXcSaYhLCctywlqxkh8m537DQs/27ej8GvLv3EQ5GBen5ljau++/XTPrPi89SOJovrEq20fWf/OendBZLS8XR7Jy3HqsNYN1i52PX3QE6Bcvsanu/BpVfSHZAAcH+GQtN0P6Uz7jwGA7uWxWv5IqKaRrAWSQUm0DbOnOYRHGyfbGVS5XgNaW7f7uDb//SwhKGcKeRrfP747wiX2ek45/lQc3Vc4I+gmmXHRfsDpVoIMbRxKSWG/9utdO1KfiIja09bhhhHKvMYgRRW4LRfK+DRDZpaU8ZVH8vqosH6zPxbm3s5KP+nXOZqdPo9MR8yLv7BnnxDEU2Lid+Vs57e4oEOD1gD7s7wxtSzKoB/rw7CQXgwfQmfZDZ7kT5MhltWPoFGrY+JJENzJ9fF46RagOpJiZR4WPiY4UIperOS+/wIU4eCidbBeeW4ZqECO90ZzmkBbhlldcMnvmTliQklwJQj6oWOLX1XFLfcd91GL+9K49Is2xlBGCn31FetM5yYXBWP+4aBHUtYPaAJ4i4iz71pt45pcfadYBlsiUvF4M9u7ygwI8L/jptrTJxzZn7PVawaKr1jN0r1q0qUeoh6MOoD6JK35CDSYcWkA1m0vUHNKCX5BbpJnzMGI5CPq07Zw7zE+er3ztIB+1M1JFHFxu7SffvW38/r+Bpk5KG/Ol+eWfq568GSP99S3Kk2S9yXRm407iqqvq5vqo4q/t04sMS4iQO251scJnt5NWaeTFQuNS6bie9vdpzIdCPjv8AkER+cKm0lU+hhwq0pu4hN1xMohesJl0FdYO+XXekRrKsQxudH5IY7ZCLtNHsmS3ys2noR9q+jnk9ZllzLaJn4nc4kuLG8VUfo1jJNOj1iWIjl8mqFXHl7ozWTOPc6Q8IVQYOLWeqVZWPl1KCNHLErZo7WZilZTFL8crJ+WUkOwJD08s+35bzd53nxW0VfURV7JGMZ/uDB6mmcyjyMSKhxGUs8HTkW8GMOjV8d/Pu9u4xnV2uB8oH3l0znqxImKRFMuM+OyU4/PCeWvHQu6vcu9gRkyhjN0yrIhB0tlznnz7fCZeX25Wrg+ELR7ryTMpW6Rol9uf1/4F326g5LoheWmxXoKpqum/XRfpygWr8E2RcU41Y5jLkezHE2DhvrVfL62bWF14+sHiW3M26UwYI6SJReVEAHVFuekDD7cLiTZxSsEorytgcobTNO4M90YwC9irX/r2iI7y4TrjB7NnC7O46y9Pl3xEc+WSrhVr+iP3qQ+4Om5vUcVbzzPVjedJyK+XzL3OGjeI/3FcFi9Y9FHY8iBq3Qa/b6W5ZufFI/ggZN1OVqKZvDiPM9a6gWPXIW/Nl4oyROd9ZH3umzUH7z5lWy8bzt3zZY8YNrxwY1eirFx1gq4/BUfrkLX+Puq2WKYvQBvUDvoz9A2M74xzPacM+ibph+PJ/PIot4PbNCpoVt4bL8hvXxZXivE/JsqZppHNQ/0ct4P8jk0LjtoevD10mSrE2OnOy7eg3R95FZA2fcXiT+4uGSGQEiAL75ix0lqXIXnn/EHP5p4TTzWKoJe8Y3Lsa6k2opGd8sJF4aZ2NTiy40bZMn1anerc+G+7DOD8Lj6zrG/tlpp+atMvgY+mrx9kDQrNErKeYRj9PNaNGKVOQx0uXMzXuhLUjDlM9+dVVm/sIE6amYFM6YzLdoLOxSGQGaomMVXuKdX3evP/PBeHeTRVf2V1GbKxCc3qSM5SlAT1cNoTRUh01g7PCUuXlGRItLS0gaeu1yTFupwnmJoTO8v2rVewT64KEkO5qnDzc2WPpW0n4WZ83nL6lEpMbifHt5MoPJ37VE+MeLo5C3C0AjJfZwQeKKat5v2wzMqZqOqBm1/xIRPKFQ72GAuu90wTn3/7G+2ZNvK/tpytHdj9xCsuyeRVJzuV+TxmaeeHGdo21G7gLu7U/zQiBQ14yGWMGpmXyzzsZfoi2Q23BaRGpEFdCs4xIxKh+WjZw/Xt0jnUGjuIWKOdAdznL9shu2Msp50HSs8A1Mm3cQctxUFtr5nnylX32t5hGSk+wSgJVfUgni8ngncOl79XXOPUJVvjb02ZVjt7/hB7bJpzzGa7bZ1fdtJXye98gOxc7xTL8ipGmIbeM82xuuImpopQAx6U/lP9QHDYjyudJr9ZHkJd/zlYGY6eUbwUFwJvJ18jf4+BOLl+65mX4Eupmi5nXOn/nJpydnrTpb0dL0XjP7iN4s5hJhk5U3jmV33XmulmYrzO1U7nd49po3lOuVPRFusk/iE9kmST7HpzvALhzM0R9WMRScEFsC8QvIJJaIlFisDtLzERCsYa9oq1Eh3ti+KaXyvmF3LYNNqSiJGb1Ulv2FyzfpF8K308+QcPmw3j74O15ewfpgh1dWuR4End6ATUwlr7dwfgQ7w1CWCKqMhIeC08ns97dgIu7yrjYq+PsIscWgOpmpHdzvKPvICx0OsixO5gdsInMf9tXrNmu8a1SjyDdfSYQApxwNaSErLS2/b9hcR/l8ZFI4i/xQrjP2LWGHyX4QKk/9locLUf4gMrqu29v96Oy/fbm7nKR+kv3/K/z38Gwbv/v0ec4YBv7/I7Gf9/V5/RWrn23f+55Dw+uy/yT+8TmFR/w/51zvx/Kvk35vrb28m0N5/ewi++Yen4Nu/P/Z797fn/jlG/B8Dwv/8Jf6r57F/G3XYAf8fxhx04rwtZf0/uO+vuOxvvrT1/6g8jP3XQrTUQ/7t93+u3b+Sib8edeceRu//W0YC8p/TEaDMvxOrPw3466m/Sxa3LPn1D7e94Q3rf/97WPyfpRz9S+rl/8n7KQr5d4L9pwZ/F/N/65P/hOTT/+9B8v9/yXPwjykN/spy8B/EmsQY7BeF/98T6/9yZUYh/yLxAfsvtNm/ffi/Xp0x/2FQneIJEw1giP+dl19egf9sJoR/nebgP2Y1+NeJD/5jmoN1h9DhBIKECa5qYwCtAyZ3buWN9Ln6QEpx3k28wquLxK2L3Mux3K0nd1gCe1dj2Wtq9c7Ux+z62m31Wpsr0TvDOuRv76txGCpE32sR6S2BOzTRun6/PT/Ck99dX98KjBy0JzFqeNc593mkyWPWFI/VXgi4X8K8m2vtizjtp4XYAoebTwmzbg/RRK61grS1ZECxbg0xn+1tP8F7gQPf/Y/3we+UsOgJy4Kv/+Hep7c5ooXZ/e+Z83cd0tt6Wf/uee4f7z3+Vl4M2piNw1qA9ml3eDmirjx6bXf79FkDnuaqfFcp7Z97BPSq4nMAbR6qMQLtfrxAPzwLZTjMREcLJWS1McKymNwzxev/6oML1IsA7QN1KDfQ/svyCQy8BvWRWhtpTyu0TksgkN9nwa+vwGsJ1LGLrYDXrKceO/Lbtp4W+Lsu/rlKf8rqYVnSCfoE9tHpg+e8+wX/dlo+R8LPzKfXOj54P6SnLbWXhabg9duGn9kheI9Yl3URKLgXhX0Lr/AZC/4GWQy+X/y9fmob6Dt4L/hO7f7bry8OovOrP3zf/u0+Atbpz5iBz4IQ1on4lRuEv/rYEWhTAMsFbQw6gAHbzfZB+aDu8O+O/6sTbAPp3b/rX8+3sPzTEf76lVrQLtCHf/oNfK90//1e2FeD+Of6+j335z4NysDv+o8yUGHdu1LC3rz/Js/HXuLZ5P4d3v2jFv6vzA3DsP+sIf8F3MOx/6gg//bZ/3r9yP4fkRnmh+s1TuAsmCFGfPfBL0UMh9uCH3mawD0LIvwb/hcSXosTcKc674ANUObxy/PS7DCbDKckDzlWH0GBZUiFyVfm8UAVl1sek0uJ2V2phFuB678jIAhGgSUevBfIj78crf/84/7vz//9+b8//0f+CJeDEx544bJI+CIDjpMACPNkvi01wZtNkUMc8eQeUmeF8iNNFP6VK+dRqR3Tar721IVw1K/2bfTravrEbonSBSARaj9Lwglm2hXhmqeL8Lz3sqVHmKm+NBg+ctrBi/XCSA8iOYojtMvi4VsmEdmkityn2GPIxmrO4/dSKCjQYfxZTjZSJRleqwNV4ycLl054rk0NsdNipSN6vZ8365lS7ktX/BfpR8O7TsfsU0w6Vk+U0M0f5/XO8+ljjJ8PdX1hbgv+WAvj/pox9qV7cls2Zi/g9sFhqcLBBPK5NtpVLuZt4c7Nig/k64ZoVSSYPeUYQLj497fMVJtP0klGuLD1fFPbvtI1vTOu+nMiC1B2b36Oswtc5YRn8fHU8cxs0O9w91H/Hc1d28sXT8ZWHMLmlyT0xp1q+3NQkK7MZbtFSJSbBpqTfPju/PNRV5HZ03H4lkuzf/lGBt0WXoPgvz4kN69jTFYf4ourSQ03bOYvSd7ZvV5ZXWfkvTc4iaPjvX/I+7Zv8n3cndUb1+9U59ikh87ICNK59dF2bm6QNh8ezJR+BLisrB7Rgn126EYexur0ynfouSTbGpFQO/vtKhGGXcQsHww14e7EUqMzghPk73An2GITsUPFilaZC6ODictSveY2FXIKC0/OsWHKKxmVkXWcrH6S+DtxoZMhD2AlncqLZLkxE6qrf7fy7u+iJ52NEKdtTaHSL83GogkYJV8on1z8PkS5Z6g3JX8Gvrqk5xAVh/Vl3MaN70EjmiGzOJcJCakN5km3QmelNQ3bScU2WJhzhAw/aNN6WSkHToB6+RFT+NLyG6m8yHD7Y0J1p4g3XvzecnL6pSdOaDEn0EVAjmiM4EJp4nyDpJ4ez+meFGzVJ+JaIeLN24x8IuNkz4f5yjjLdzh4QikgPzxACN4hnDBL7MQZmuRJXMoNbYCnq3BwnH9wZjGjA+fxrZiK0gruWzmpHdqQa3kEFAVuUkBRMsJzCud61mGA7yg4RY8A7kj5h/DkWpGzZzGFEIBtVekNrvB4g/7QOI97cCIHsIsgcatfcpzlcad+wBPCJUlZBXBj6GkHwCF8x5nSAMqUuNIPYf05QYDZpznpAI+AMlVO0VRQf7grekMApJVc+gK3iq0sCRaEQmdrt2A+iA4oQ/qV4XO/MhRQBgRICSijaWEZJIeClnJ6yc0DwnEmKMMJYRlo67QxKGPjQh8FFfdAPXLeE0A7+IcJynhzgpaAMjSuAmXM8KBlUEYIs/UJkhHCNuWgDFixi5P8AZYhCNyvjACUYfzKMDQXlsHDMl7gWVDGC4FlKJLyK4MCZfi/MkIf9vUBPkNAbTjz4KUXuDKgb1nYDwp4pYFnXU7zTA80U9jB9+rwGVHiEZg2lAbPdPAZnuds+IzA8A9Ngs+EnsvJnCbgoEMBOgS3dGDgPbG1U4GDMnIfkhSDaw3Xl7nYEtea4z0uFc4WfvLkQvC8kApHK7RAaJ5c4QqcwQmtxUFZaTi+NUf+pXB8yPHwXA+3VQ7wGI9JnCCCPkHt4VHVDAH7QVq5Zg3o1OM9ZeYw1RND/sOxfAv+ZzqbP4SBi5800vJc7ok5KNFTEH50OW4WQ3GZhRzG0GhbEWlnWgDdFS+olwKhDluSG2uiWQLMW7Apb3/Otj0iVgtUuLfPWogZ7/cxEAl/yNx7mLlPy+ZDwvLfdod+uMN9ayMTJ7rIBpTzeZwXFw1ax/HxtDpu/8B2Ot4VH2PbgvGHSGvxVhlD7q1BtX2hEHLz0GFob6G+nwSSuz+h/uKah8+X4vfEg992/uWyoOLf46EW8zG3RhlygfDy/tqOJ0mX+R3uBlf3ffMFIxV4UwMs3G+52badg3ssZLShwhZmcF9d1Kay5euolTlqWJ789nzHdFzkQHXaZ8hJMtkjrfhs8h1rsYK1FKeHbr1q3po5umnXZLR8m4hC3RflZTDp2jAf71YSptgOsRa5lmVUWWBuA/FKztXmZWXw3IWbbjNscVJnQ+7RUsoRErLaDSKMjv7cm60YxoeqtTwhBXX63ZfdnQj+ZfMXQpsI33K7MmFVnO3T1/VRYojc0aJdv9Xg+FZqtlgvHN1rknxDl3Gr/zruIXgqtVnQ7+2SguZz0p/1mtxVEmnp4LnqHdjoH38rGB6IBn386H3z/USIO1TBZLZ6R52Wr2uUZZ94oZqXuCFyMacEarpQ0Xp/As3yUOiqNvaFF3JYw0JbJPBe85z1xxBYRBuVYA5c8zU152hroaEVCf3cgAqCBlt8EfFhILwj3csUuFwqlpSFD7YIRUTOmfvxlHTOCRRBoCbn0KRZg0FM1/0IuVvILmoAgyxIm7VzKmhRsd6Tunx8zUrwwpUxWF5s8WCCE2ErJuWBvP5TuK7nfW7jzRPM408raqwMDZWLNpq7nF0K5yZ38hSrQXkZ3r0VgJl2ejycWdnboKtGAU+GrVY5FjMNTw8IkjhzrJoXlLdyF5DXfShBQxgU6LaIgx37KbbPYbQE0Ir88WFUxZwtYEUQLj8OTtUYFWqRAbSNckMK6B2+deGsKC8GiMzMdVN/IEHJPXgFqCRo6RygiIRR4fRU9LgPMDOdoEAR4gxwv1GqBQuEDdwS2qt3mAiYDy3X0/0vIUz1LoKKQsMSOu1fDjrtnCeQR4wLK4uS8WxZnHk/XWskC3mZOInfaMWC/onfNxlv6s5CbHMTipkwDXt98hDoxEMr6e0K8PoRf9C7bsV8ez1PHD0/X2DXs+HWsyAwgkQTqwbucK/vVXKQkZlBL0yPp5HVwSerh1PF1ffiT6O+KksDD2OR34rGoZOVfRMnSfXmyXI41zDG9vrsxlCzLw0MoUCiBXt9S32YOuRY/RiGLiVZ/NH5hN4zAEtad2JEkxaWzmFzlmqMw76Gm4Zuox3q7rg24EDlcvL0mFxGGAXkiYc6Cqf7M1xe8llcpP/lSt6TtVe2C1+MkCTjooee7DOgxS9va0i6nF4tQBnOxqBJRgBDpfet9cv3DZVay0Khd0JdGAMPmN9GIfBufWJH6BxWRIUI3vRcyX3pP7Bp22382YeS2IpkBNF4eyEz3xrfmc3drSTX86h/AJuZFCjADEBNoookAtwVntziNjSYcDuf4WilVYw/OYvn3zJOXy31HIO18h/ikxkukeiounztJJCpQ80qpJ6m7N6dvPSP4UiPUx8TBy926q5pFAq7UsZTzuePJHBaTjaxuIvYHICbVXvGw4ykH7lWkElJYABuBQADQnXMtWj290wNE1j+NU7eAkXwnGktlM98Y5xvhlrEXGQi8cVkHNTiDrGn4qVokGp+XbJ6ZcyaQ5NMkN2AJp9JecsthLOvKhoSAmAQK6UqmSAxemg99jNmOSrAaBNg0S0eZ1asp/GsM5mPiodzl34BIpqvoWO5wrdAv0XssIcEsI2WdlfRu+Se3i8I6IxXs9WMvlW4NDlCMij5Tg/KTBydFhRC4M+U6dPPin3gTgDNzt0Y2jgAIgTRFaD9vxDBWYUuSADvoy83A0iqlabQVfasBb3Pdw0XWLufY4jG6U+5CMt1xPkjdeGYTnGSQZgdPjmFP437mXw61YUJoERCHAxHyK+j5WIpf+5fC59ueTlfIc8HYrnY4lQxR4ZKS58vcjqdevx1si99Hli+ngXHwt11Oz1HK8MyjIowvx4a+3hbwowuRcIHq/E9JE5moBebnBYZAqhI/LrM4HDo4mNvH42D5lCemjnwpi/91R78kIZdVzezXW9d6cKz0qIE0Q5jGoAiWDTENB50nkQs4UJbv9uE8e2meonlKFfV2aJ1vHI16C257ehONvjEzV8R4pgvML7JwSEqtVyq3lsZ5zxKHrtfyl3NIeJ8qOiXAhEgS02ofqEfxTfeCMoPmaSKSBF5r1xrnOmxRXcMSLD4KFbkDr6YrGUEsjCFw38BCm3NeoEFoSyKG3lmucF+ZneQOEwwlGLD4V4PbN5uw4OC5IX/eZ+vv5BhhcZLarEgt2NGjhAlQOEG1hRDyAmxzBxsk2RmfDgE7lTatb59IlmKsKhLqtySBYDXS7vJppyiybImlhAoUqd75QNsRDg7RQElKIIy4WOrvjob/82UtUQfAKW/+PeCpZADlmRUhjVRvHNlYUXKZxFiAcDYLraEzaNGt2vLwFc0qvs9I91UaO0z1dyqWYyklFGx/SbSf27J5H/qR/hjp951w3ac1l6coQSFOkdgeg+c4pEvFoCAlje4pnXBawTYQ9NzdDdS3urVClzc8tqeHSaMVf5qwMYCWuxv6R+1ucLANSsESH/g9D+BaqyRb/gA+JIgjvC7ZXI/EnfyOj4J1BfmQhdcjacB89kaxdH3RkkS/VgIKAiSJ77OT8ft92cdoQ/M/h0s2+OZ7Y1JPLfyuyzOPJBGhb+o6elNPEC1rsHiwV/YSMPZr6HwFIxUhRHapcYCBgfGOk6u64OnoUjtdOAYCFEAnPOKrRkHCgNrYcbS38lnd+EtD1bzxD8HOnsIHegP34Ui7k0uWbfh7dqL54ZcJNyeRIrsQXm16LuosAzHBMPC5SSHs33aLQzUirWe/vNyyS7lHrVefcl3I9H0ixkA10Aog8pO55O735q5xesmllPhpN+Zr1DWx/WC/YwxQdIPJZPJeYpgIXdoDoHmt/2FjsowF2F+EzqVDXWWgoFsziUeF9h5ACEXWzZsjxb066HryzgGEZ2MMIaT2jHTSAVV4Hh4bqmM2hiNkQUbOVdQLucJaKZMy5npKLAbq+KbM5jB5AZg4ofJQ8/uZ32xA4HQyBt9g9FmelYbWUJnG+OLbetLTiFplEllDRlQNvUu2HBLpxbddrIHNqB+fI+0pQvXrB/NDpT8oMi1BIjn9KpgLH2gEkhAQ39giC4om9Ke3uFxjdWjuPTzCZx7zCgnt4cB5gnVsPK3Qda2nDnBHBDz2TD4Kib9uzFJnlS/jYBTVah40pNFqoD+HauyEZNr+zh5pE1B6+i9V6yzAHDpheN+9E+EHD/ZO0MLTGyGhr3/xD9qABrCr1zdQs46VVNbTtNSX/K/Nb2GhJTNLqNU0Z4P0EiF75fYOhr/v2Gi/+/5sWYonoqmH++G0D6AbPOS+Z8p8D6E0nMBcPFizoiVVCLg5pD357QCePkpSXiBaxD/ePl16u8Cn/jHiwcuROR9vK3bTo87riy/a5QUVsDqxAwYala1vijzO742UB99XA4U730bH0rFE/k5gEo0pGVvZDPehgWAporAk1L49y8r18gZ5XU/p2Y34IdljWLmKvZ5t+RO0U+IrRf5a/7QqJIls4VqABh1HLY46lMvrOIBg2738Ol+k2mZFQIGBaDkrsZQf46JiVxxucQZfcoqqvgHaI7MP49hCrIMIHN2gbdd+Em9xiDTKNfcZq91U55TW1VzVLKxtmg9120l5e/mVo8e8xyX5y/+JdCApDDcwD+XFBsQpvIX1YawtnDszk6x6sjawAO0mVNhnFV6Vd/GduEkzLKqoO2see4R7gmes1qcTnCK4i8IbRgxlmS0/vw+H62DqqGQKsDWuHD4WLppcitKCXyq1PWBpiZ/CEh2yJw78zSD4SgQpl9q54ouCQ9L74FeD4trUE/i7BcXf5/rl5BgFZpERxmv/xIr+GKEAtBfkeB6xiOZmq8JEBWeuL1ya5EIeiK0uZRzPIGCqiqxq8HEpydKPirFFXdiiBP1jwFbAu0smj+v4Xizqqu6Pyf98SBZGCorYzAJGT0VacjnwgrA74db91OJo9dNL/RB0vS1xysSVFud6kv2KBtyAbQBqgj9xK+vUnwdUkbagP+IFXdwFxfeowVpmYVjHzRRgNXQfGnfdPX5IPQVqVDMYio7ZMoDslkdyLjr8SqGVQw0nhm5pSSdENhhM19i/iR2yoQvmdYkV2jBjYCtgq6vxgymCYOYSXt9rh2w57G0+WUpft6ixPva9PZuKxEgGi5rzQn3jkp3yte7L66Ho8C1BPSLcY2TE0Z/mN4bYAEw0d8QIPYi9twNKmAtpmTLAthvQFlS4iGDUZ9QgCz81tzn9Eqpq2+71zm1eRxRtVCNh9KZPjyJsjs4nVPa6TC/Zq3NGp5qqXbLzMNJCXbVOJajwKQvOceZPZa8hq+MV1JGL3wfpW8ia/rUSaWyB1LAW7pFkeIvp0Dw6ATYPJp8jK5lOPRwADPrEjYna1wjIVX4HR7u050bINHTqQChoIcK4DAdWcUWDE5MdWccNsAa1Rs17rnjVDn5oc5NBHoFIqAIrjp7EoDOZzPp+rfjVhaK70w2VGbV0lF71QE6ALC7Sfy8xre9fr9m5ir38jbqjAmrk7PfPmg8ACBv1BdXdcv8sbyHBLezDK37u2w/JsfyG0BVOCdlj+6+N01vCio6R+x5fr8ZVlttfdhgiiRgHvkP7DL7q77Ovmjvt8Ua4OswTT1kahw8gAmUlaPrDkYPzdPk7cwy0Q7NfJh1auTeOfixKbXV6leZUwh+sKgRjGcoMchrDIkWAqFchysZne6rMsbJV57eEHoA5StwVkezkmRCV5wtg87KDWl+pbPxdZTs+IMnh2T6RNzK4ZzenriSyF1idsp0TkvmqtKnwawVQEw9Dk6J84CevGLhSuCUg6e6qKw92IXOEgqO9zWdci+ViMUT6FO+46K72N2g1jNJb8a6yUy8HZxv3dCeAmhG6jXES4Vr88S7uXuMNTAYwvJLhvHdbO5JYfcdqK2IfV/JIhzcxmXCNUY31tFL2vgf76EzxIPiCbiZ9aQf5MpdvEkVSGVyGm9ywqPKMPCV+/7FK+5OfO+agRaqsgTl7ECH2oQhxFYsuS/fqGZ+PyjDdpUl0GlkDs0Tp2RrwbgHh49crbFgMM2Su6RntTY51B75Zb5CqmHeD46JqC6g0KeM8PmwviQZ7sxoImKw3FCqQos2MBF+jN3l/dgluNnjvyN2lQ8DFbaOAFJiHbi9d5fsQgcMRDttUqr4dFFx22zy7ssdMAQDme5aAXMO5VRTlFJHXV6lOhKILX44dx+UtpbxOaT3jF8FR4sQqCOAtQ1axbPmgq5PfMnxM7isQ82v09v17ZsRYcYJohVugXh6IlRkwjZ6mRR1701SX7W7AC1gyulJPMVHyYV6lcG1WM+H5xZ5wuJYp34085MHFielkC85Y93X9RMJGH6yZyf3DQDbBSal774/gPwubFqrPGurb28NaYSmUJvoAWo5xlN1gXiRHNeTzF0/laSLWI7eHw8WWRHx3L7OhPer0Iq3PjhkDmao1FoBjhvlTmhiPY7n2Bzj4xsnFt2cttcKfvXVmiVdRbh7I0iv+gPtUcVeY5U82M1SESw7F3GJmfbJKYd7QbaEYy8FbghpRpAisk1xT9MspRKbZ5aIPzxxc7ikxxp3iY3FopYB+kEEqDXHVJvqcYXgPHlsyypt/Xu2/SH3Q4kTs644IrgTZHHaI5zIRhKm0XGNF7Rr7itsWyRBpF05AKq6hmj0I/7FvQEdfFuvcRluEr1F9bShUexIxtThToUyvXnnwSmhi/zJTcT3EtBrGWhs81rb5PneVF8hvHp9s8SokxbgainHjz2TWh4Ht6kEycZsGInI1+d8CMWSP3AqrHblM+k3Z400lTI3gButcghkbyN8yT/uw95yqHMS+bZczqoBT7Sw99YaXMUJL0xvLPqR35XRF1MY1/VL3oPfwYNrBpirmutMQQvg2ytOGvpsMxs/YUuYbWhEgMWAFG8+Ak7C0j68wbj9VnF1vU7FZQcUDKWSnP6kxTznRdOD3qStRVnPkm/VgyPV8DM2dQYP+RtInQsTLLwQccCITwnmmBWsVUCIcJMt1ExKGJ5OI368e4y9O3yoiFGyJLAwG+MjqUgAma24j1DtGNm6C6aPub0wfNNX7geLvUOQWWwYgUIEhuRqm7HJEN8c51CuYmTEMiOtuu4QUocZwXw1OTew7tO03sxmkVud8YW1Xo4oW0HKdaLGHarFsbZxGlshWs2+LsL6bcDdY8GynOGRnPtkxFKInwlaeHJZGIF2X0WuTED41kPkbrhKhCuHGKIa+sStxlrejNoPr3FUCwt/eX18cJ/p+GV2qzoAEqaPYyjuDUM+b59kkumRCJHbvfpu5W4lB2ZLxMlK0qkTSQspYYzKUg8ghyX20XFPn5dTT4DNdjhN3CSBqkiBVoVKNmupOPj70fqQ4EIjlEStttsI3OLgKecAcMYTPQFLn10VOxKlTTSbBE6tF0EsPF/uM7ttqZFIYBW++VswBP5MyXUIiczUicezWsjhxdLYYg72+bIE007+W3tX2qUosrR/TZ/z3g/dh1X0IwpaWIIbLvgNwUIWwV3g17+RmaBYZU3XzHTV9NybnFOlRO4RkUFk8GQqDefbJWioJDaGcqi0FifObG6sp17HHhtP3nHMds9+znjCKezKtsGi50t3NexchF6m1OX5OcnqQ1YeLNkoS+QVeJxGh9/KjD1vJLHJjYdSbdQQgoXFbre9xXY1ZPrruDHN7Y3UaeUddAhNe4FPX55huIY+CVteZx9Ph8ZQwEdBI3LWjuej04kxjueNYQ7akTaotWND5XuzhmnYnRfZQsvXBc66zQ/4DCOWjfdT13nihPZqv1wcLoOlrPu9ndcRLO2knrVszkW65p9f5rNVc2t08Iln+KfMz515o9ETnrjThZslL8b6gF4hThp9S7GVYIbWSNpTPgYz3h5K3aYt98U4wKcjOu4CWcmZuJ8Mzp0mcicXx4GvD9t6OD/LO1Hkz43lHvzGkzDRpquB1N92enXTUDuxI00NdKIDOpinxbbRQ6++eXIt0XrynSe5v1m3tRaTiFtPkvNFx8+H5g6HUNy9qfATdBSDvvR7ZhLsNdeYe+vJuLFy3XMWm9mqH0vGbiotT1t2M/XBQgsWswPXeMOdG/ZM6E+aySEM4747szunvr9wdt6A9cFxkDQr0Iecd5w3e2befK7F/dG0L/B7xnZfrOeI20jsJkhGcv+yfO5o1nCgccyL9LKIx+cnvmFr3el6ep4lR3WWTPvnnroNZfs0TuSdchjoT+SFRq2/mEy7RnPaFTkp8e1R2KqNOf5lczmAJ+Cucnu2v7TtlxZyBdrCSm8KrMQxQniSVu5mNzwct7wntYZ+Z6LsJta8I6+k1XJ/io5iUGcOS3YwC88h2jZ3XHptsZGJy9qMQz/BOunIynhUi2J5iZ4DR8NlY3HCmNDWk3Lq5q3G9pT3ul6NOz9L2goJ2c30UJXri/N0tU7r3FzZ74Wn84w9bBzJiJ7Xdb6926IzR+ywvT3E0XkRbfRs2pSfx4Zz1pubPctlz9nWaKTrrtgeHtgXrvPsjvRnzIymo01sU/cYE72/RuqvH4/bTH/2ng5q56yD+Q/5GrIQa+nM8nzgDjj0Xkg0eHN66qNjlduSFaNno72VduvnxLaQxj7vTHR6QFtZK8OuXPPxiyBbT9Sdi48YFgWkrWtOHbyYcbwLomd/Ow6cg35ORkscTZjrah+f7RttJ731bv50qsWzrTVYzZe9tYBWb+b4RevvB41DbTOYNtuGNp8obbWxiJVnc3BqX0byU6MTzvYGJ7m7Wc9wtPkqao1W55Ua2XHPfF47R5eztyvOBA9AC7b2Sv1AjKTVbM7l9HSwX06K78lPOx8dQZl1Y09th91O63xWg0mgtVphcwkiaw54QXYH9syHGTyeb826udSHsYcBA6PNZcI9Q3Prjq9d9DGCtewCztLNeKzLSXNnD8z1qDfS5lrtPJLCTpcddcTOCXwLr/HcgMWe9zw62oPIS3t2mBnZ8Bi+mM1sYI+4rWZ5S3vgeanGdwfbpajU8IE15+TsTRp+dpLRT0K25ak8G/Wa4zYsc5L1AZYfkWrxaP9mstbXbX7bX/vIEDt2HKJIxqi17Rte1tLqcZbVd8O2q2peMotQmobOodntemnaQurvuWu2lnR2zW7Li/me2kdnqTfjnhSGnmwde80wb7y09dnpsNxnxh6B1NxhM2KC/fFcb4pyB5aSzVFvR6JbX/Yzuq/2hknsWwj9l/64alkxhdBTCD296EWvz78ohJ5C6CmEnkLoKYSeQugphJ5C6CmEnkLoKYSeQugphJ5C6CmEnkLoKYT+r10UQk8h9BRCTyH0v+iiEHoKoacQegqhpxB6CqGnEHoKoacQegqhpxB6CqGnEHoKoacQegqhpxB6CqGnEPqvh9DXxd8MQs9SCD2F0NOLXvT6qotC6CmEnkLoKYSeQugphJ5C6CmEnkLoKYSeQugphJ5C6CmEnkLoKYSeQuj/2kUh9BRCTyH0FEL/iy4KoacQegqhpxB6CqGnEHoKoacQegqhpxB6CqGnEHoKoacQegqhpxB6CqGnEHoKof96CD1bguF/Gww99wBDX4ug2eZhiyLkFTB9bXdKUMJLEh+/v9gbP4JRyLin0XmFIPGYcwxOP/j5iqSy4jatJpD6UEqc7Dd2VEm7FENGiQLDkJRodTyu9t+hO44fe29LgoiO322CxUdpDghota+k+bGLZYYSmbIvOOW4t+PDC9RV1hqvSOol2bv3LV4LLq97A747ZHMASt57y//jhPo3DsTAcEKj+CIy/yGlXP+wjeyCX34c+WVLL1FiH181XzIavnn4U2G+NQT0v6ni/5jS5EsK+63O4v9MhSLh70qlFJhFBieJlcxMJZtY+V4vixBlwPAEpA9Fj17vs0DsBPpl7R9XY+AbIl/2NtoYsT5uQFLQItGcyo4Khmk0Cil/0nSTftzvWakxb+cbK4lvJxz/aROOpxPu3zHhuMosITOj9WaW/NbTq92uM586vTix9rvNLuHnW8KwKqEdWphnP2HpYW27yaXYv+VF9uFQfD+Eq6OzLm4Q48d4/ingtvJNe++UtyjZXh6S6HRcyTcyKuRHUSmtQhMPx30SrmYF97grpSJUiZEa9U+1mUz93kfhuLdS5bkHTopY/zSxiu8aTdc/P7SZ7xgpjnlsMutgbd6agQ8Z5o/WgjKjlomq3fLdjHml6F9uDFmuemlowAwJ98bo6ipcrRv8J46EXKHzd6U4/KUhVSyaXPkuVfyN+l3qzbqRwd8z5I3Ru5KxUP+2KRwXhdhXM7T+mbOHZe5t4tV1r8weriF8pU2sveHhyvVWJXeS/XGdeElsR+qN2rwZSTRhbnl6CdrsilkagJuQFTy1T8fkXgCr1D/OK98tVBV4Y+ROSYua8U1W3sQw3nn1plIK3d6K4buyXFW4wh88Bz9gXl+5pIhRf0E9gNnJaV/M83ekUicZj/beW/1RhSLzWOH2q8g++uf77v165ZHetbyFPXOuzLvZopKNv8CgTQfGu2bkgVbjfd33mlg8BJSrm/p6//bGd12i9Cvojb3E9SEd2CZ+fMQcFZvfROVPaNq75sVJ4njlHItGvl2frT/VKzKL37U735kfDMuwd6bne2FlPqwpRe0DNOxK1a9q5aT7GpKXlwNCXb/StGsf/4by1X/uzf3pDf6Pd++/3az/eD//tze79w9nhDhIQd241uDJ4BZZU1jO0pOTM779NGIcJTn3eJd3M5HXM/HsbJyzHsgXvdXI3Y3ja0/udvE0SgZjLTd8zbM70+2CWzPlvbuJIpfpnlcK4+st+aIpOof//ObGnqWHwbh7WnJipAXCRuPX636eXqz5KNE6i+2yczk68fSwMBl/MV9Ey00jXLQ0z+LSrdNiM3eWRlA+cjdTqGMUQp0h3Bu66Xm6qmdGJoh6PvGgXeiLLPQCmTPI97Sv6uizyGN5euCc+qbOkv6pAvoc5t5JV6yCJpd5yHdzrUC9ZZ3kc4zGh8o27dv4tMAwNUEPFx3Nr6P3Nr4hWOah7nTajN0iuXrzLrvsTBraZsotZuJ50Rn6Wsc42HP5IQcWwE3TVPNeMMn0XIWeDU99xWFNRb30Au1imIimnfRcY4d5CL0eZjASQjM1RlOqNPVk5CGv3ZUFmhlyUB9pI0CvqUPgxhC4gmiOYCiI5kG7Q8QxoIViv6SZQ/GeBmWD9Qw0B9JcDfdDAS2aWml/LGQgjUz3hQvQUsRBKAdc1zLoT4rHR9opaEPeuPWHNxWNhf6IhA+k38Nc40Ai7HUseHxVWsmHalnMLxhz0YZy4yvUd+tLMIF2HY70BcZQ5jOd9DXNCEYzVG/ftITxlR/tWZGm6KYOaaGgj0ETW4JoZHKqZwIPY01J32QeaSvQWD3QEY3pBR5vTLeg5ajNUISyab8lpHoQzTBNCaG/KoPbQmMFGowFeKdCfbpQ0nSon9A8rkobYxrUm0M/TdT3CPo5QW3lqC2QEwN8h/wWyFTjMW0sIHkDf60LkReSw5CBfgAt5DHPgQYyyyEff5OhjMdPZF7wraBBWeGq37d8IuTLyjaK+oCmi6S+a7tAc3i9oAFPoKx2QW2QfBrwRGZe02Css4IP3BinqbluthWkt5AnRWMFOV30gMwbrMOExgA/XtOA14sZ0l3dNJRqGsiLQzLX0aeJdV7E4yc00LMKbeKlxlgQDKDBuJAMRb2cU2S+VGTt4X6+poGepdMA8VPN+lh3cFn+Np5pRda3NJA112/h/gowD1C9aG7kBY3XlbCggR6EOqKxmA8mmt8hU4w1MwIN2YgU9Qm+kz4VvEC600fW1HRgnmrpjQZWHNEU51L0JQW5YJoeeEJBy4y8i8tCv1M8f3whNwJsk0DP1NQwnULeDqdDOlh8kDe2T9DviUjGDOWBZ0WdoDfoSYB1F2RIyveVCbL0qeGjvunFuEMR+MognTTCC7JloMNOwX+gTRO/eJI1tNhN7Pkoun8K9Hh45ubCN/6X+Gd/94ik+v3qj69zb2MntQeLv9pn+e+Nf9/i77bes+6We5+++HsVW/u8xZ/IfHTx9466fc3ir+wm9b+p/039b+p/U/+b+t/U/6b+9+/rf7NM4/7l5T/ugIsfOKT0t38jXRGhyNU5fArqW3/6M4X6g+Xv5CrWrtCeuxdrjR+P8AYcw5W5f72AHyHo/pudZP2Vk6w/dpIz/PdTJ3nY0EIGOZ3g8sgemLbUCHQGzBQyfZyeDxnirIJJblsXcGOQ+wDm0cJOse5X86E2VQ7MGdSFvlfyYjdI58AVQWVS/BlZOZj8V+Xlat5LWd8MxrjYRIcljE/LJ1lf6XZGvnYe+Faw6qjS4Km5djseyfPYsQ+Wnejy2E3GPIDHpizCIzufBlqGHt3TILLBRUZjypBLQ+hqBv3JZiGDXAke7lNCB9fUdFF+9FhgxrjfOD8279X+u9x663Ymfi8vZXE5O/wiHnjYhisP53bVNFTPQv60Oc9ytTdzvl57MOd57oE15z5rsr+P3vuzQJSvgonU/giTsiwJYw1tSLy+Z10+AGW8A+H4RViNitPwaTrFcbUPKJTA/OC+ErMm/jdg1h55CJ9nG8TGj3r9TpS1xiN/gK0/gKnVPk2Qb1Fq45Vz2vtH1PkW8BuN+ncV7b0cC+G+MvvNhsrI4qeKVnorWv6haL90m0QJdP2fcfJoJPSLI6EZibzhCCiOMqAIBazkWT1vKyQaIbNFdABojkBW73CfF9EBc1iu/i86jlAg2pSUDUISWVLkjKzsPQ5H5VoC0zdRmocjVIYSiuBipzhqVE0P9JORyzyJgAwvkJbpwG0jt8q2RVNB0Ugckcj1qYWiobwxAcm1SN6+qZHoUo7HyhLuakWkzxJgvJmB+1/Jj8tA/fkUXFvULys3xjgd+jVSSBRURlHVvAfLBhx98gXGQOOBPuso8oHKBzh6luNIWYgjtUK/iCb3FcRLxPuQw237KHqpkzSzjOI6ZEwosoV4ivs0SUn0TYP+4HIsju4EMhpjGf1l+yQilpP+ogiax5FyThENnIgGySNeZYGjzEgWKIIzvNyno6ipylTqQNHs4l4XDVVPMX+u7ehFBAn4EQwzPMaWkMEYMlJWvhQ0GNtIx/lIZJGMm8H1XcjMQuP2clJOTYtxC0Aj9eOo35XPOOpLotCFLFC0WAmZirxQ9A5Fu4iOQRqJEGpI/5GcBRIptEDHHLykK/SmiJAOYdbLRMdaAk/q9UjEHEfA0P1QNNpb4yZPHJ0XDdZCkTA05oo8Eb+1rNADIk8UJc5VpiJPVO6VPFG5O3kWUbZyblmv5VlJL+WJ6+BR/SiCXkTqoB0DR9kNxRNKGpRhiAw0ErUlkexLUfZS8gzmfG7eZIwimdDmQiER4rK/Fk4zxmA9TSQHudDBJo4aw/iwnsMfskspjpyOBU6/myOEp/22VbSBlqJ4ThFeEBqO0Bq5qxRvFDJiL5wUyxrPyQmxJ1g3UXlLxHbKv813Q5kUtk/PSR71ohO7iH4koiJ7bB8vBnoz0xI4wmu1sAVX3UGRWoZEar3CRuLIPchiwmMbeE2fnHSSnyP3wMPcYq7tTLC+C/0yemxOirk5Ke1yTuxwOU9wJFos5lfaV4YFPyYcyJrkU7ysGBsHNo29ztciymuUb0zMMCd2VObRmECWHHkzEqY6uRdJFJiMA/LzYOfRmwMchb6mA+9AFwVS1qrKF0fjjcgqZVl5KnZ5uxMxi3ElHEI8CrQN/PcIJkjsa69SYhqPgglfGhp+hK2mTiV1KqlTSZ1K6lRSp5I6ldSppE7l7+pUcjz/OzqVdM8UdSqpU0mdSupUUqeSOpXUqaRO5b/KqWz8lpHKf3QX2W3nmFVJ+bW7yL598o6v2kd3fLHSYwX5mh1ftQc7vtDRP9VzgoTyoB98WhA5G6g4kVCtnEtYL5MIka1kuz9C6N8MiAFrwC0/0yDUG3e2gH9wwtrDA0NZ/rPwzjX2jcT+sR2l3Ie3lEp/yhq8wbRdgU/vod4/ca/oBw0HQZ/9DcPx+PSXeuMeM8lyzA+mcrGvaiTjKSq5qZq839tZJVtxtM67zbJc/f7kzgLWf9NcUuPj0pJ02wdQosikV9gwwtA3Hf352TXodPUEoWlv2cEsrfXERScPqf8P ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/README.md ================================================ ## Yandex.Cloud: Analyzing K8s security logs in ELK: audit logs, Policy Engine, Falco ![image](https://user-images.githubusercontent.com/85429798/137449451-eaa3a4ec-5a79-4fc5-8e7e-bd222c78b714.png) ![Dashboard](https://user-images.githubusercontent.com/85429798/130331405-26a909ae-0171-47b2-93a2-c656632d262c.png) 1 ![2](https://user-images.githubusercontent.com/85429798/133788762-75152c1a-ad93-4291-999d-7fc0739d2438.png) # Version **Version-2.0** - Changelog: - Changed the method of deployment. Deprecation of virtual machines as a worker engine to deployments in k8s. Thanks to "Hilbert Team" for contribution Kubernetes logo
- Docker images: - `cr.yandex/sol/k8s-events-siem-worker:2.0.0`. **Version-2.0** - Changelog: - Added support for automatic Kyverno installation with policies in the audit mode. - Docker images: - `cr.yandex/sol/k8s-events-siem-worker:1.1.0`. # Table of contents - [Description](#description) - [Link to the solution "Collecting, monitoring, and analyzing audit logs in Yandex Managed Service for Elasticsearch (ELK)"](#link-to-solution-"Collecting-monitoring-and-analyzing-audit-logs-in-Yandex-Managed-Service-for-Elasticsearch-(ELK)") - [Generic diagram](#generic-diagram) - [Terraform description](#terraform-description) - [Content update process](#content-update-process) - [Optional manual actions](#optional-manual-actions) ## Description Here are the out-of-the-box features of the solution: ☑️ Collect [K8s audit logs](https://kubernetes.io/docs/tasks/debug-application-cluster/audit/) in [Managed ELK SIEM](https://cloud.yandex.ru/docs/managed-elasticsearch/). - ☑️ Install [Falco](https://falco.org/) and collect its [Alerts](https://falco.org/docs/alerts/) in [Managed ELK SIEM](https://cloud.yandex.ru/docs/managed-elasticsearch/). - ☑️ Install [Kyverno](https://kyverno.io/) with the [Pod Security Standards (Restricted)](https://kyverno.io/policies/?policytypes=Pod%2520Security%2520Standards%2520%28Restricted%29) policies in the audit mode and collect its [Alerts (Policy Reports)](https://kyverno.io/docs/policy-reports/) using [Policy Reporter](https://github.com/kyverno/policy-reporter). - ☑️ Import Security Content: dashboards, detection rules, and so on (see the Security Content section) in [Managed ELK SIEM](https://cloud.yandex.ru/docs/managed-elasticsearch/) to enable analysis and response to information security events. - ☑️ This also includes importing Security Content for [OPA Gatekeeper](https://open-policy-agent.github.io/gatekeeper/website/docs/) (in the enforce mode). You can install OPA Gatekeeper manually if needed. - ☑️ Create indexes in two replicas, set up the basic rollover policy (creating of new indexes every thirty days or when 50 GB are reached) to enable provisioning of high data availability and to set up data snapshots in S3, see [recommendations](../export-auditlogs-to-ELK_main/CONFIGURE-HA.md). ## Link to the solution "Collecting, monitoring, and analyzing audit logs in Yandex Managed Service for Elasticsearch (ELK)" The solution ["Collecting, monitoring, and analyzing audit logs in Yandex Managed Service for Elasticsearch (ELK)"](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-ELK_main) contains information on how to install Yandex Managed Service for Elasticsearch (ELK) and collect logs from Audit Trails in it. ## Generic diagram ![image](https://user-images.githubusercontent.com/85429798/164211865-5f95498a-3778-47a9-bb82-cb43110836c4.png) ## Description of imported ELK (Security Content) object See a detailed description of the objects [here](https://github.com/yandex-cloud/yc-solution-library-for-security/blob/master/auditlogs/export-auditlogs-to-ELK_main/papers/Описание%20объектов.pdf). ## Terraform description The solution consist of terraform module: - It accepts the following input: - `folder_id`: The ID of the folder where the cluster is hosted. - `cloud_id`: The ID of the cloud where the cluster is hosted. - `cluster_name`: The name of the Kubernetes cluster. - `elastic_server`: The FQDN address of the ELK installation - `elastic_pw` and `elastic_user`: The ELK user credentials for event import - `service_account_id`: The ID of the service account that can write to the bucket and has the *ymq.admin* role. - `log_bucket_name`: The name of the bucket that will create module to save logs to. - `auditlog_enabled`: *true* or *false* (enables/disables sending of K8s audit logs to ELK). - `falco_enabled`: *true* or *false* (enables/disables sending of Falco alerts to ELK). - `kyverno_enabled`: *true* or *false* — (enables/disables sending of Kyverno alerts to ELK). - Functionality: - Create a static key for the service account. - Create a function and a trigger for writing cluster logs to S3. - Install Falco and pre-configured falcosidekick that will send logs to S3. - Install Kyverno and pre-configured [Policy Reporter](https://github.com/kyverno/policy-reporter) that will send logs to S3. - Create YMQ queues with log file names in S3. - Create functions to push file names from S3 to YMQ. - Create triggers for interaction between queues and functions. - Create deployments in k8s with worker containers that import events from S3 to ELK. #### Prerequisites: - :white_check_mark: Cluster Managed K8s. - :white_check_mark: Managed ELK. - :white_check_mark: A service account that can write to the bucket and has the *ymq.admin* role. #### Example of calling modules: See the example of calling modules in [/examples/README.md](https://github.com/yandex-cloud/yc-solution-library-for-security/blob/master/auditlogs/export-auditlogs-to-ELK_k8s/examples/README.md) ## Content update process We recommend subscribing to this repository to receive update notifications. For content updates, make sure that you are running the latest available image version: `cr.yandex/sol/k8s-events-siem-worker:latest` You can update the container as follows: You can re-create the deployments in k8s via Terraform (change worker_docker_image env in tfvars and run `terraform apply`). ## Optional manual actions #### Installing OPA Gatekeeper (Helm) If you prefer OPA Gatekeeper to Kyverno, set the value `kyverno_enabled` to *false* when calling the module, then run the manual installation: - Install OPA Gatekeeper [using Helm](https://open-policy-agent.github.io/gatekeeper/website/docs/install/#deploying-via-helm). - Select and install the required constraint template and constraint from [gatekeeper-library](https://github.com/open-policy-agent/gatekeeper-library/tree/master/library/pod-security-policy). - [Installation example](https://github.com/open-policy-agent/gatekeeper-library#usage). ## Recommendations for setting up retention, rollover, and snapshots: [Recommendations for setting up retention, rollover, and snapshots](../export-auditlogs-to-ELK_main/CONFIGURE-HA.md) ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/examples/README.md ================================================ ## Terraform test script Prerequisites: - ✅ Cluster of Managed K8s. - ✅ Managed ELK. - ✅ A service account that can write to the bucket and has the *ymq.admin* role. ## 1) If you doing this from Russia just create the file and fill it out like this to use yandex network mirror: ``` cat ~/.terraformrc provider_installation { network_mirror { url = "https://terraform-network-mirror.storage.yandexcloud.net/" } } ``` 2) Fill out the fields in the provider.tf file. 3) Fill out the fields in the terraform.tfvars.example file. (example below) 4) Delete <.example> from the end of the file - terraform.tfvars 5) Run: ``` terraform init terraform apply ``` Example of terraform.tfvars.example file: ``` folder_id = "example" cloud_id = "example" cluster_name = "example-cluster" elastic_server = "https://example-es.rw.mdb.yandexcloud.net" elastic_pw = "str0ng_password" elastic_user = "example_user" service_account_id = "k8s-audit-logs-example" log_bucket_name = "k8s-audit-logs-example" #name of cluster that will be create worker_docker_image = "cr.yandex/sol/k8s-events-siem-worker:2.0.0" create_namespace = true auditlog_enabled = true auditlogs_prefix = "AUDIT/" auditlog_worker_chart_name = "auditlog-worker-example" auditlog_worker_namespace = "infra-auditlog-example" auditlog_worker_replicas_count = 1 falco_enabled = true falco_prefix = "FALCO/" falco_worker_chart_name = "falco-worker-example" falco_worker_namespace = "infra-auditlog-example" falco_worker_replicas_count = 3 falco_helm_namespace = "falco-example" falco_version = "1.17.0" falcosidekick_version = "0.4.4" kyverno_enabled = true kyverno_prefix = "KYVERNO/" kyverno_worker_chart_name = "kyverno-worker-example" kyverno_worker_namespace = "infra-auditlog-example" kyverno_worker_replicas_count = 1 kyverno_helm_namespace = "kyverno-example" kyverno_version = "2.1.10" kyverno_policies_version = "2.1.10" policy_reporter_version = "2.2.3" fakeeventgenerator_enabled = false ``` ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/examples/main.tf ================================================ module "security-events-to-siem-importer" { source = "../modules" folder_id = var.folder_id cloud_id = var.cloud_id cluster_name = var.cluster_name elastic_server = var.elastic_server elastic_pw = var.elastic_pw elastic_user = var.elastic_user service_account_id = var.service_account_id log_bucket_name = var.log_bucket_name create_namespace = var.create_namespace worker_docker_image = var.worker_docker_image auditlog_enabled = var.auditlog_enabled auditlogs_prefix = var.auditlogs_prefix auditlog_worker_chart_name = var.auditlog_worker_chart_name auditlog_worker_namespace = var.auditlog_worker_namespace auditlog_worker_replicas_count = var.auditlog_worker_replicas_count falco_enabled = var.falco_enabled falco_prefix = var.falco_prefix falco_worker_chart_name = var.falco_worker_chart_name falco_worker_namespace = var.falco_worker_namespace falco_worker_replicas_count = var.falco_worker_replicas_count falco_helm_namespace = var.falco_helm_namespace falco_version = var.falco_version falcosidekick_version = var.falcosidekick_version kyverno_enabled = var.kyverno_enabled kyverno_prefix = var.kyverno_prefix kyverno_version = var.kyverno_version kyverno_worker_chart_name = var.kyverno_worker_chart_name kyverno_worker_namespace = var.kyverno_worker_namespace kyverno_worker_replicas_count = var.kyverno_worker_replicas_count kyverno_helm_namespace = var.kyverno_helm_namespace kyverno_policies_version = var.kyverno_policies_version policy_reporter_version = var.policy_reporter_version fakeeventgenerator_enabled = var.fakeeventgenerator_enabled } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/examples/provider.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = ">= 0.72.0" } kustomization = { source = "kbst/kustomization" version = ">= 0.5.0" } } } provider "yandex" { folder_id = var.folder_id #token = "example" service_account_key_file = "./key.json" } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/examples/terraform.tfvars.example ================================================ folder_id = "example" cloud_id = "example" cluster_name = "example-cluster" elastic_server = "https://example-es.rw.mdb.yandexcloud.net" elastic_pw = "str0ng_password" elastic_user = "example_user" service_account_id = "k8s-audit-logs-example" log_bucket_name = "k8s-audit-logs-example" worker_docker_image = "cr.yandex/sol/k8s-events-siem-worker:2.0.0" create_namespace = true auditlog_enabled = true auditlogs_prefix = "AUDIT/" auditlog_worker_chart_name = "auditlog-worker-example" auditlog_worker_namespace = "infra-auditlog-example" auditlog_worker_replicas_count = 1 falco_enabled = true falco_prefix = "FALCO/" falco_worker_chart_name = "falco-worker-example" falco_worker_namespace = "infra-auditlog-example" falco_worker_replicas_count = 3 falco_helm_namespace = "falco-example" falco_version = "1.17.0" falcosidekick_version = "0.4.4" kyverno_enabled = true kyverno_prefix = "KYVERNO/" kyverno_worker_chart_name = "kyverno-worker-example" kyverno_worker_namespace = "infra-auditlog-example" kyverno_worker_replicas_count = 1 kyverno_helm_namespace = "kyverno-example" kyverno_version = "2.1.10" kyverno_policies_version = "2.1.10" policy_reporter_version = "2.2.3" fakeeventgenerator_enabled = true ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/examples/variables.tf ================================================ # Variables for Import # Initial variables variable "folder_id" { description = "The Yandex.Cloud folder id." type = string } variable "cloud_id" { description = "The Yandex.Cloud cloud id." type = string } variable "region_name" { description = "The Yandex.Cloud Cloud Region name." type = string default = "ru-central1" } variable "cluster_name" { description = "The Yandex.Cloud K8s cluster name." type = string } variable "service_account_id" { type = string description = "functions.invoker, storage.editor, ymq.editor" } # S3 Bucket Variables variable "log_bucket_name" { type = string } variable "s3_expiration" { type = map(string) default = { "enabled" = true "days" = 10 } description = "Enable or disable delete indicies backup from bucket after days" } # Yandex Message Queue Variables variable "timer_for_mq" { description = "Timer for add permission for create mq" type = string default = "10s" } # Elastic Server variable "elastic_pw" { type = string } variable "elastic_user" { type = string } variable "elastic_server" { type = string } # Common Variables for Chart variable "create_namespace" { description = "Create the namespace if it does not yet exists." type = bool } variable "value" { description = "Values for the chart." default = "" } variable "set" { type = map(any) default = {} description = "Additional values set" } variable "set_sensitive" { type = map(any) default = {} description = "Additional sensitive values set" } # Worker Settings variable "worker_docker_image" { type = string } # AUDIT LOG variable "auditlog_enabled" { type = bool } variable "auditlogs_prefix" { type = string } variable "auditlog_worker_chart_name" { description = "The name of the auditlog worker helm release" type = string } variable "auditlog_worker_namespace" { description = "The namespace in which the worker chart will be deployed." type = string } variable "auditlog_worker_replicas_count" { description = "Count of replicas for audit worker." type = number } # FALCO variable "falco_enabled" { type = bool } variable "falco_prefix" { type = string } variable "falco_worker_chart_name" { description = "The name of the falco worker helm release" type = string } variable "falco_worker_namespace" { description = "The namespace in which the worker chart will be deployed." type = string } variable "falco_worker_replicas_count" { description = "Count of replicas for falco worker." type = number } variable "falco_helm_namespace" { description = "The namespace in which the helm will be deployed." type = string } # KYVERNO variable "kyverno_enabled" { type = bool } variable "kyverno_prefix" { type = string } variable "kyverno_worker_chart_name" { description = "The name of the kyverno worker helm release" type = string } variable "kyverno_worker_namespace" { description = "The namespace in which the worker chart will be deployed." type = string } variable "kyverno_worker_replicas_count" { description = "Count of replicas for kyverno worker." type = number } variable "kyverno_helm_namespace" { description = "The namespace in which the helm will be deployed." type = string } # Variables for Export variable "fakeeventgenerator_enabled" { type = bool } variable "podSecurityStandard" { type = string default = "restricted" } variable "validationFailureAction" { type = string default = "audit" } # FALCO Helm variable "falco_version" { type = string } variable "falcosidekick_version" { type = string } # KYVERNO Helm variable "kyverno_version" { type = string } variable "kyverno_policies_version" { type = string } variable "policy_reporter_version" { type = string } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/images/Logo-scheme.drawio ================================================ 7LzXjuVKkx38NOdyBvTmkt57s80dvfeeTy9mdZ/PnX9+jKARIAlT6OrNnSST6WLFWhHJ+gPlulOao7E0hjRr/0Cg9PwD5f9AEBjF4ecDlFy/SmgY+1VQzFX6+6K/F3jVnf0uhH6XblWaLf904ToM7VqN/1yYDH2fJes/lUXzPBz/fFk+tP/81DEqsr8UeEnU/rX0VaVr+bsUJui/n5Czqih/P5pCyF8nuujPi3/3ZCmjdDj+oQgV/kC5eRjWX0fdyWUtGLw/x+XXfeJ/cPZvDZuzfv3P3ODuXv5vbL6SzUeoF/7fot3C/u13LXvUbr87/In6NDufMiPqn76lz5GXzXuVZH+ABxB/IOgzNyibD/MfHPIHA2lbnM19tj6zBL4Lv3u7Xn8O4dPxERxW3c9Ys3s2r9UzwnoUZ609LNVaDf1zPh7Wdej+4QKmrQpwYh3Gp/TndmYZf80yaEL055e8Op+G/r7k+Z5Ga/QHyvz6iojLXvyBsGf3jAZnyybyvVgsfp1bckNVJLtQwg+7jqZoeuGoceF70iW7UTOHwdF32iWVIqfjV3YH21Nus1KKSArHL1JCf35Pu7ZNIXXPeKgyOOZQeAP5+a3YLnqdi+2pW4zgrVJjnYKWpXWfx+ftDork0EoDnRbH3GZjXOaF4SYvnH+7n1dQvW4gwxcK4/4Uhl/y4NPisMP0C8y8mH+4h3nOF4UhGJheM7DFF+hPGcf883dQB/eP9xWbwQeYxSe/n/HUcX+jv7ddqU1fwYzmKykV9YyjWpnYx1+oRBKhiGObp3em4Rub5Tfw02LE55unRuawQE1+s5m3gfm8cOh1ghkVcxoehht1aoAnPT2BTN80jDrYjFrAlKdFT48vSzgus8Lwp84/68B9Xrmenhym97S+KU7jAufDyPeV67kP1msBN5vjNK8/71M2i2+e+wTob+fbz2Vw2PmUPc8C9TmHERzX066f8rD+87rRfFbA81zQhwDUg3i88tMHEzrAjIHnQJbfGuD80/bfzyhwMyhO08Mu4+dcAsYFf85Beq3gFngWh6E/93sYZvn/ONIqGkkt9PWU3a4+dSYJpP1rBT6j/mNx/fobIBGw/P8KAH9a82M/2fkPRb8BQcqGLlvn67nk91nqNzb9Bmf0T9Q9/g51NPGrqPwHkPuzLPoNrsXfKv47/jwHvyHofwKOkL/A0f86mrTgBBslTTEPW59yQ/sgF6gKzX9+/kPA+f+Gl39CoD8Bp1xX4I8Y0HtEnKPj34tqLbd4W7L58UzrM0P/njytQcQ8apNhyZJtrtZnvMSntNv6X8ddtKzZ/By0QzE8H+P81D9f/wa+/vvYF/81c46Q/zrp9L+TCP33H+IvawAmoL8uAgL99z+d4H/5OkD/L10H/+J4wJwhXBWylntAmlQMzPNjekEpBMVzBH4ZheGYz/PJQ5npE6CElU3OCx2FYwolZ8qmAoVMe3hiez8HunAwDHcaLKNOifRzQwu5YQkFCN2lclomXcA8zgzVu3aLULP+vNlW7+jri++bzT5tYJ3eC1w2lKuETOE8NmEYrMT8fKaTTcltgzsynVl8gqWnwF+fOW+RHGHUKmZWdzCedcwyhtq9isTwJWEShH0kM4c3q1DinVoIVKUW1IJBcMVsIrQQvu1VFOe7HKSIXLbkdc42SemSraKxtNtPbRmRgGeb55nOfgJj7xIl8qdNXxLJhYXpn3OzJCLpK62nW0KmcSK013XZ0+gKp1hKtRA/AFxG8HZzdHOKp85pndIp11AeUxA+t8cVqh13HyO2ngI4RVgDedGUIE6kQzOPG+oO3Hif1v0MiVS5S40t8/G0AAJGO01v6XDnMzetwMWpr4wiOBmIh5JLJu+pFUX5sUKGEDkdMFmV7oyUJH9su7u3/cOHRDl2o9R6DvZZjeDcWHVIRqoP40lovW996/smmmIolsQnGY3PdawJN3VaXKluJwA0UnT4mms9cBBXqOekfxfbN+FMebpB6FK1R31jzGq3CzqdWfVTSn7CZUwQxCrgw2GI9DiMN6yqYBytSp8Q0oMTRpiXibTNtsvf+nurSa93PAiNGYJ7mzMEgXmBOrzAHsbO2k/zWWlbNQO0p/fzzUbNGRGtov0erPIJt/VO/OeaKYPcJMzjF1kxcFo9Jd8FHW7yaBzmwxWKiFKURGTSt8u6VNij96rnnmif91MvSburDoOjMjNXHhM3oWCMVV1seAnuk4ifM6IeblG/6M9hZEqIH1y7dXUqHIUCAu/FizytgzFmCYHNJu3Vkj4pK03aqIq/SNSlCDHDeaqw46c3D3P+7E89AV3qDySJ9Jw5MejCCh1Jp08o6b4dPcS4D8euudRPFvEOTnrPnBwM5JiSCGnXl/uUMM5qMjx7mNtPI1t1xFtCrVQJWW/GqZtXv6AzanqWjJQYx1GtzjBXEMcBMkadXSpgVDkkHR+u9FQt62+i+HSsUjAfzV768TEAsfDf5FDsQUxDNP14CRZyF5UJdMesMZIc8ej1zR5Cq3cjyR3WcFqyVb21L3cUp6Ye7EdioDu9Uyxj7ZV2P0a8YVmVquzweVDlEm7X3GvaBX6nhDYiWFE5bCli9fuePJEzuGMHecCc7RmxUEzf23wDLE0LgAGeUQb/gtfscBaWkZ9G14+CEONP3wiGet+BVBxcQSJoYj7FaFjJI47cq4JR81PAXtEe94twqwkz2BScEGTtN8+F4dgTKOlAx/vQmL1NqrgrSYbsAw1M1WEbLUlxg/ZcCUza0o1r+t5EDXqwBecOv9WKkC3SLI78qV/pObpnrHLuE3Ipe/4AhpZq77c/bfNXPuRDYezHs+avaa0zJ7iQc9og02AprrDx19WFq39xfbCod01iHahJzYY2flHFFHfYakHqz7U6/lIufMsOUxUTCsDauDCDSZnrjTArf6OEtHCFTKDPHawqBgJjwyZj8rs4J3ShuZMutSSzXPKD8kzJOM+H0wBvoTjC89GoD4Ar3nPkCI+LYBjvsZGfUkbhBPb5UDnnn28VSuW5h3EK5fetf6nwn279qVBgOeCffm79S4X/3Zb/bsv/BW2p5jQfmPiNn18k6414qtp5GCP9wTh2aKFYeAme4S6+V4l18OAM87hEQnJl+WEOk/JIsGsSPDp+4RqTz7GUA1/MbvJDTtm7K9CkZfhP2ulY993SrXYV1F28EH0PCcOWzpo62IuzshifL4K36+GidpoxFkQR8b/wBbgCbTpeDClNQX5/3B2GIWLz9h/sTU4OtTKKQfi/soWSYgiFVKVZrAnJw38ECNvPbpX3CZT38sHB7QLJY0fsQp6Ktfu+pWfoetVWpV3W14cuWGQUGj3oW4qyGfPm+dN22j4qSMAv5ogCDo1gpIdnmuX7iy/rTeAxvUR4vjXgiWdfjGPS7TQqoIwg5wc7vD4wPH57kiJi2kUwGr4omrgNBkHGVd2/dvx5qlY2ioQdh2P0aTvzBImg7w8BDRbuewaM+fgQdqmQtBv7VILFvVsPjCE0BTAqG7ApWIL2N+CPIobT8EFRRvEXrvAay5UROBTmKtIdojea+8LU65WvJyTwtRQTaxts+cNDO9hPxdsHD5WnClPUbdAGvq5f8pTkpzLJh8ilp8ds2O/8aDD+afaM1ur5sebMoNEqgCkOsWsPllNt+lCAWXAFM7DpNMUJbZEkBQVPGYFyiXQYXxqCqelOj1nwZQ9+BYzDJ2kF4T2d4bNb4DTNGnl2tMWLgM0oG2osY+zHV2xRclt2ecH5doB2DZR42IRKuDTWnBQjsfWPUwX8mV3xn4GqSmWtsBh9SEL2zWqs0rM50BiruoQhIVVqbGXyYiAltxj+WVwmWmIMxRTEW6rWXqQDe8ftHfC/D28KCGCDsARYpuyRI3dwPGHUVUD8hCl+1p8Ha8insntGGtTY6jO54J+ror15jMyM/V8quc4vioXt8rleQw2mULGBiuk6dx+TfMs5LSY1sb1X31GYbOO1O1+6GcOw3ImKzt974ih4xkZ6c3+RQkaJjtJhQwrhjMDsMFfmFVYMJolhC6mPvT3avfFqC0d6eESuV5Fsm1/UIpXvQTHZI6nGNLUmYly/RJiuOqPw2eSFLzOUte8LshmHJUbcw2audXWkJTmGdxzUPB+7qfUOJ9nj+X4FW1yp1WZB6YNANu8n7hL7q+iwDI+HKIOwJ3IvTMES0xL5OCk+VEkxpf8nkPa/2/K/sS1c+QgJa+Uh7rHYUtgoSHhLC+lCT42AJXdSU32meJWfleZTEKRm2rq2CcPwcIARSOf2Hf3n1Wxoma4wfXIgyxla5EwHQlY8fSHpwTB26gtHFFvp/hVcCX50BO8IaOiO5GPEL5Km1K09l0daPdeiYVL/KNqAGCW02wHcUO87fpg+Q1ar22MUBloXM30WneEK2oO6pvV2K6W8nosL6/HMM5Vd8Bm+N59RmA1UkW/my5qVGseMiPXS+fP4RX7Yy8EGIoi0efgwEzsqK7VcPg7GQDIsiwvQqsBboGNOHjmj76+37EHudg7f02AgAWqxQehnGAW6ZA9BUKoA1DzZymbz6QeQn7lYkNjDY6EA11CHknCYBTxpVrcAr6C0fGoSg5bc+xp+mT4AX9Jx6TAyS+SDlAsM7+EiPdigv1e0xuitEoEHpTXiufJO0i1spnWhkFel1hvsK8zAbZ2FIxceGaAyrLS5gVMyOU6XOqtalkbyM2Eg/gXU6VaPEQS8Gh10YLAXh6mU+mP7JOGa/ged4ZAReBS2V6S+fkEsLOfg0emvK/dXDI2wzEuHwzoiNdYE9AWP3fHuhZ9nwSnBNh+XVb+k7v0uNgw45saWTSwyu1ccvY0+a1/fg2AquaxCvzmN+V7Goa6KRmASTpipfOcdat2yLoStvP+aN6z/ePwCNx5yBOf1j1hzeOaY9kddYzmY8gwEE57yBj9hRr2QCER+mpUmyM7gP9aL4hk2jqBQ1+EWnt3zh49cFIEfnFKZNYWtzjsi8q1WahjQERtmDI5DzH1sOSSnJyAOv6iaMS7jCvHrdTtZF08UTA6I0mYp/Xh8ZvNHT0EJOO1P6HxuWlZAo6z88Q5Amr9p6DJvj9hS6GVulwrCGu975w8eC4VUOxlTbxePl1EYeH3UgMmDwcjvSvLHL6do3B60Bn7ymNUsbiMIoHkcGWx2KO0SiVGpbe8+R3ubrSclrS9empu+1BLRc2WwzMnsym35UIBkTjL2YB42dAEnL24gpNNfXw3Y2vqqc6TFQLir0LC8AzGSk1ol3ceJBH16H+KfIaRdT8dg9H0Nn/pTtUIsYci5MBijQkqlWW7iBi57qcKQVnpL6GqBbUTvI7YeErgGb/Zc5bfVzt316QBlmvd3JMTpRH2pGwn2/fUlj8dlM0f2fw6C/p+E5v/dlv9uy3+mLTxNNn7MQNV08uvqYzwuMDy0IebKX9wo1ebfyizgyITos/dy/xNJenuLG//EpbIJd1HKZ2wPlrY3DOJaodLycQAA6Pl1GYbWUy93rU4OAwYyKYGRkRXe1Qk5V2Uaun+5NiAQuvGF+L3KkeuLaEBk9JAxuVGCeNhNQHk+m4GN9e7rflcziCGv8i7qhe3ATMDn0ynbK/mApzAG990TfcEVADFf0UlPmcPhZnDiK4jthQ/PZrhLuD0aBA1n5LVp8/NU/6hpeD7bCLYdvbvOhmEbY7ToLXNYBZYfNs5UB3BHTCdDg1LF8XuRGYtUMXp1d6TEWA4SGINlkTnuh0hBP1D+sdh2UzOLVyM4w9gC0HvmMJSv1e47vzry0NfZW1caGTnB/QFj8Fy2dzhkNDPupgspiczfeEEMhBBTZtrOsMWyfr8mS8SIO8BwHNDlYN2p7ROEEsznPBoGLyWMxF0tzM9xrHQKEUf9U/sPLzgTKXc8g5H42p7bHXFH/zrIL2pw7I8jlX0YAxg8gWjwdzEf7cOYIw3E1SDAYp3RC0nIObw/dOQiUV9lTJXhuQOg9XPRqw8o5sv2Wn4h6nwuQH2ju6MR7tP7TZjGHzKAbMH7BdsDcKPB98BsPd2u+evh65gy61Ew7Dr4EzWpTSa2JhQEIyrg1gW8UI6WAxIg+8xhPYJjHJr5NiO05Yt4xJMijRlhSz4I5Q6vBZ1TMreODDhQ0X4cGBPy8Qo43/3KzvSWXivJnVkwEK/XHO+vuiYzuuQH0REZa1zzR+NVZOqljz8D+Q8PTgT7i1jdSwfcIqilQ2T8+V+8/wu1BzeUo8Xb4YGwyZ3X8+6xUqFeCXTrzu7zhsmtOlvo0XL3aue+0Lj6eahKS0U8SlfJ/Ri2SyUIXWJ5Lrlz9Kr07WG4Yfy0DvsG0Uw/a+yEQNZk10qRwPMsempKGeS5M19yqZ1+nLzRp7OrN6UyYyCuDrj1GD5MAuuoltjNdq4fZkSjn/djbyybeChdF7xO/qf8O/yRkqdNteALoRBk1alJn4rOqupj6dYI0T4BZVn0KOM3DzJjYNC3tF8Bp2BWw2bAD6u6AS7MjVoUBUibgn//Jelo6F/S0Sjyl/wzjvw1/fxn2X957pn8a+75Z58T2P70Hx+IIK8P9kpVadZUSfP/Yr7ae3wYIzS/8tUcMLPgXn7Wxv9/xtrqn//48WBZ3PVRUMn/bMb68Y9/y1irMJqJfggPzxhEUesUxZoKylsUuUNxodD9Sh1iv6bwaok4zTTd/TK7NaKs67P6+nWcVmDdrzBpRhGOXMIWtVPa3+ZHIwDk7B8vrardV+Wtb2s/5J/lodnqdRvtRvaLvPd1fWN6KrvQn79EpahcMA1+yrtQ1BDPQ3nU6IOhz6lHgfVnQ9Mz2g0xuDhqKGV1JPYx8wgo1k1ImfeVbtp1N6uVyWwv8vGoWXVwy1PdWAAbNix0doZmVN3X9GtzebBHBOSl76LAMKcjohqEjx8EST4lk7h29gBtIez2m5Xk8sVG1WaDUOflNJMm3b6QyifQuJPLXCOnvkfVe74paatrm4saSbgQvgyjL6kyoFV2qW9CrIHGLe1XPb+Pfnn60OW3UQIFMsPX8PQLbCCYxGVWGU4cKZBZC8Jr4+YOxkgXFe7VysnVp92ufWC25tFwKx3f+aRTIkNsQm4G0uIupQpIJh4YnQB9q0a1aLhQLmvo21OSF1BRW1I9qAaea//EG0b+qt/c+zncp62097vokLgecJCsTl21PJ5n5BNJ4XKCb0A6C6smYjxNTANn+Vs1LAcxXtd6v+YmXBwQk54tro4CTZm8JpVQsKWHtaXsY1bdQJi+OXwd6WQWCGAkYc65u0ibeaiMZq+DI5nNcNyfDd81dyTVX9JP+qKCcftQKozFPZFOoYIcaxbF2AuElokid1/AllwpHGEt7+MCdqR4JKwqcHAYeRhiOpI02X69hTNYB8X4i6Qd4OVZyD7EgrDqsQ2sJBUanlplYMdCz9aM8r08qpO1Si8p3vDrIi1sFkr7lx7wWALRMdo5fY0wCsSZmhNe3h1+3z0cGGr6coQogLIebY1dZlXmJPodrQSxP1woMNqxVKvJ5fuO0BrueXo40himKpwF0ST9WnRMYU7aZeqzGrFp0J5Ry8ZM/y5vXvqe9skZiEDFWvZO+KX5gqnS+puESs6yZ8J09J/F9hktNMbaysA/ipkSof3Y0yvp44N8yfxApN/Hk+IPtDzm9lSADQE1NoV/WawK0gMs2Kh4l79nIBdATBp/6NLE2s9a+krOIDvHSUDCPFUSEjps9bgGzWttFKcTPrdHwnQjYkp5Zp3AsumjBKu/CxuOIYQ7m8pSg7vYAc7lgK5EW4SvvjuF7+CFJQIkPbzWNkMt/fqUoyfTxgXNQMOy90n7VB34qj1993gFP7lqdsskRMUnEBOwIetlNSIDAgRiacs5593oZyBAFAkdr28f2npm+QMsJFA1h83Lk0lMddyR0w12eS2a4oF0s/km7QddfjZrbiBEqHwBPnjHjGeDy+fB8q5MayTx+7tUD606zEsAwX0hu6RKeCmC6+VhgaffAvneg6Kjc3JED7wb+LgkJEXQohxH0uVASd+qnqF48Nc83iqs29sExtvygtl97I6yPKYvzcrbT4mavPVNrK7s1VPzTLiTUOZUcqcNG4cEmlg4HMoR4g2M2zPR6NPVI2NbTAapK9ezjiLiBpH6g0FCifsDnYE9BXHSR2ZTnxbNCydp4pyOsU1QddkRPq5UkM9En9zmaU06J4hTdCU9BAwni3IZwFjEz7igAUMicOsd5cvnV/qiSROLCfNiT95rh7vu9k78A8sbdqkoyOMawgfzQ3aDLzsdrBnvj6qFtJp8YQNmEd9vERCv469m1ANVEYnhVMsXxmXP0DJlzglg1uFhjh7orL4UgsMEmzHJUa7TyxmcIIPAPotuVXC6N2nt6TR81bnihQ+rxOJw0Bavb0WzVTb2FbDkWu9SCp73+rxOp9Hl6G3KYB34vSN4Q+x3+u7UuNfN8gnaNdZN188bQwf3er5DE8S3mAjiKDZ5BRXOC+G34ns0gyJj4oPes0UfZDybsdSVD8GW0wsaSuRhUr05W1mu6/1peKgmIO6DGNpebHLYUXuZcnHBVUxd790LTvVPg69fUI9fWXXIY7w7+FHbKxhnAYOdVpuCIknYfnZ6MR/T2hOwYeo1R00aWazreP2u6YjF5Str4SzLG4xH1Kb2AXjXvDWLKGZyJkh0Du2Y0gEmmF2/Lheb8ZOyBsKWgOTbNlLoEDcirSgJpa4enF2q693199uqPSnj62GtvvRAKgZk6bOAg5GF5skWMs1SzNHvH58rXZAKkZxH5fAU8iA2zGKefRQn2AqDGh7llwU3B/R7KeVKbkGmTJzBGu+SXnYQ2PAHAp0qsNiMOpm9KMI9SkzeL4fkOlsan9sAqkwbiQhXfRfDI9ixwpILAGOiS51K3uGcN1Um8CkVNs+Kh+bSIMdbOWGmzYN2CG8zgXCvGkgfX7GNjSj2Dsy1LugA45cSVp6eXenOkcFp1bM4fU+mwz/WwsqDLJa31oDAZQGmw1GK7vGwor9Lb1xM20Qi/O+eItLHub1pLlK0hOPGDL4NR/XEBGLr3mo0FfuyCDb6ZJ1vFl7UPY3VmKkaJR2eXcnIT+NOepPy+E+tOnrAHLpkgse8pOB5AAuTjSbsAlO1x1q+TPKVZHdfbTEqyr6WO9OHU9zwHPAJb5Kg+fIErDjm4H+FEcV902nj2WVR3WVySTa4shgXAExPK/eOWxwb+eUY1uLX3H2eG5cAZtiDaUYscDTYDfWagRIZz4Wgc2qQ/PxC0EGckaHIk/qyuAh/jbLWUL3t2wUNq/GDykCKz1NH54IZo9YYDTISnseQbZCwMVKAf44Yq9UlYDUAIEyi29nSACX/cE7uPrbrVsGqQ+/qjfepX1WSCsmJl0Cz4zex5onuwF+5tYGQzH4ieN1gBafcwIAIHZZD/mGaXkJ+F5QvWHUSBu8DMgFxUXLXrO7V+GD3+yhwhFowuWPupgglzc2JhPAz7SV2DB02e7GzB+0u7IGJ5HdP5MXySxxIahrhhjqVRvnwNgKqq64ujXIMmRnjTOl9Woy3wQK5f8JXAiYSjRJ6I9/CEpPGBwuKCvbaTyt5kbLjt4MpiYgh7IG+Fo4/FGZ6+p0igmzwcka86Q+8oy/Of/GxIiP3Xv4Ag4M+5ICvw4L6enZjOpVb1naVNW9ktV09q2fty8cUi3rDURczVXQee9p8eLzyzX4EKt7g/oO1Bbe/ckXCpM80X+ygG8JHxAzprZXcqzQbrydLHdu7I5+dx7HsBXuJC2f3X3jIOiU+eNzPbrV5YNeotVdQTxnO0P3aBy8q7lDh4Z4Gkka23b0IzAvSg31jJIW9+/dde3OzP+zWzlpnYlB3ei/CCEtNqygtAWMM9b4dfColkDQS+0yxlpv9PM6nE5DXY50v4amjYmTMbZxvrS90HdNTTtN8v4pfYHWK4aWwcX4aOCje2DnO9p2vReO/ATZP+SaIZ9+A7DubDl5SEofp0iTY9PDmyCqpdeVS9hblZjEJfe0FQQCyuLrhrmNLfO5zNP7VvkOSr+neJyZRTpSTgZmKmiPZvQWzvq+HBfVqiSmrFxDpxy5mmPDM/SPdh1YET0O5QnhtGAr21crXtMiz5gyzWE265T+r5S1m27v/VsMk88XnZpm+80VJWQRxFaHDFPVWNR5d0h1l9jNPdGvQyMNMzTpniPeRXw4aGi3g8IZcUKXY3xyIpOjqrewiZpFDoVnYzAp3mQwUiXYMF3TSw0a+DOQGK1Y2kfUI0+CyGVbBjYu/R8smGEhJtZGjkxA17c67nPqUauBJLP/RpNyJsKeIZx+/x12xm5BqZ0jB1LJkPvZTpEbvgd8QDX9Sk+hxoJan7WKoZ6X27aRYX5cPIxofVJzfY+JF2RWChByTpX2UmXf1ORx+QtFN0LRB68RX/FreDYjSyVD2Rr/0B4AYxwEPxDtIW70zeztWAENf6cWdSYCyXnqFBT/woxjYx+zqD2alKJq+Rl4TcCZYDVNigTIqSk8V+RtEEjW+WFsXzM592UbUhMqOqHYXapfD1kIOniYuJtLdL3I5ePb12JLAtpYZOa5HWT07Xnn2CtGbSJ3U6Zdmpt/s7rwMfmpSJYiGZqgpm1PvBOuVC5LBLh/2RwGFpkJFTWzXO3Urfo12JMjrqhR+R278Blah1U5NCOe50g/P11wMLF/jEkxMoWuITIcubjgOzvILAqgKPeKncwUY6oRWcWMK643LEyrzzHiSdDieKuCgqu9cQkfGnI3OfHs4H6cKEzxWUAmYDRmWKAoo7fXqdhjQXjy6g4uwL/vwpfubUebq8Q89YdspQQbt43/mxm9w13qDcIJsTul5qyOknzuA9Yu2UXXv8A1EGVSS+sxu/tkcrIyKDGIMfXl4kpb0b3HMmNiy7gdSZCUNLm0Mm7So5IZ/Oiw+pDPq8YpRF3pS7gWrjCqR3fz1OFU7LiU262uZonDLBlxLujNo638isXDAI5l0TM8adw0Umqq6HrBv/sypgvQB+Qg0hxgbwzUxt6DpS28wiJ8DdfUbmA3apE7emnIbx+QZMeLpXgjk92ko7MWUTtYOj1ZXuL6ZDeVBhv3QNq+HiaB7h6/G6N8jf78f9uo5j71xqKRIAX9o75Kekm6IxbhKCAO3B1K6BFrHp2ZmUs0nHH3/SfkPtd6H7yM7w2JWr9Br05QUUFlGwFp1rtmC5nevUCHtSUT1bVY45FepxTaJyBroMuaL+BbMhvGt8pDpzldHsNNLrH9oS7uUW2iFVEmL1AycnDKy9thcX1ocxX6Vxp52thL2FLUXLraSd4fXjG5FhiUczs2EIKtHIkI7DRu1Yq38zsWgcW/4hftHuTGRSvmX+PQeo6OP8zwUbHrbgxiZeucaLWgcPoaImTXzxUX/VczT0n30OI7e96Va4msnN/d7PXivvis0MH11u2EckzbjJpR0mjcJCxtlARTm3ZHPaehaok/A/DzjIwHdCkanq0PJaJD3IJebIwWJMzvaGnTl2IgvdYDtvuEG0W9xkd6Eljfrbih+NC2sa+R32gboispXaxo+HiwgrANFbfxYMsaFWolTP+l8txMC5lPhAtMkkYBop/fpBbKqJ7dM6pFG4ctrINBO+lHbW44B23xnsTlvp4fPW9uo1iDWPksIU0sEVAYUWVeVUxGQlFIHZrRr4C0Kp4GZazIGrOQmi7knJXKvyrRLF68d865DbNjfKSS5DC4Yzyz6oHGz+rAGESNkHPIsAYfTIHUYRsxcG1g+UncWMM0+tHgDrOMi8tvAswG/4l6GgBXftIZ3WSTEGKhc61BGsVWjiR54mTG9hvPqSvIaX4i0r3lvD5TbXPjwVOo1S5h9MqXPsx5PKnrHIKusTaGiaJ+GbJovtq/0OcYKVm3Ofb6qT5/fzQ54E05h/Kul8AX6LUfT9+EiFRpDc8AHSXhpZaTYBVZJqcMr9qc8WaJZxuXXxSXUOKGbytw5+s6lWSwdvhkWYmmBn7NVOa7JfjuGM01ui1TCspfGlGeCsITFlCzkg93RxmHuSjuFuLHYh9v9zpeJN+8XCsmkLybcxlFhydh7Q0bkNfQbZuaCi8JeaFScMz5sNvnC04DK/rrfLymiibmE+fcG4cqXSSljVj36GvMj5uoIEJV41yFX9OP1LVJ9HdvvXAGGIm2Acl/BJTYW4MoabqLwIQf8DOKABZi0Pdh9JuiYlJLh6FkLVpEKC8+ZKXRI8qOXuKCKK8ZEFCTYTlbTWn1Ra3CjRVlyiPQ7s/CXGcBOm+HKo+oIBQ9vR8V53qPRKrnNIW/zfEMwrVGk6iFtRD/3mG7YMkNCmPxi7qI6Ba+LzRpBQdQC2mVINHIuMdQGlm8EuT8+TDfbzbN3BzamhKlF0o2KFPMYb3wNqW2ap45RHl7UTO7jb2MiLI8MY/lDJRkeZBENoM4RE9ppjwk1IPNXsmH5LkFLq2Kn/itWEj6I+fsM9UFQSA6yVFXKRNzpVpFouMOvxGa8ofMjYIcaVe1cGFLqDnfZsytN0Dm9Zyaa9+vctQ7d11dDMiMGPxDF0U5SHm5kIUT9cV9cX0mQUqYrT1IxzkfNJ9yZsDWYKt6NUgoRt33bjhumwtuREffdbB6zMN+e96nDYgnYDx4ffQdYiTPL6EO0xu1fwfye5WENUpwuN6WBxe8cdf4MnQ1RgBCcwHU5S6eMh4wyGSQhRuYHupIIr+mW5jchi2omIKN3Wwy+MGRjDq+bPy5SomvqE2hIPrprxPQQ2M0TxyWz0EyNaEqK72aTarZMk5rQJ039efSCqmrKDFQ/nXUqebjA9ZSzXlJsKkI3YRLQJn14+fNKbay/iFpv1AR2oem72XFLgiQjTeTnowHQxfp5BythcmYOsrAvui1zBpl76NLxEaXRz2UGxPVBro0j03G65io0vomYGr37QxUFxD4UyyV4wpvQI+Xl2NfgZIhk7kOVhv6zUc4+qdfkhh5Zy0NQu2CzT/flYvp9Ig7c6FTYEP1Imf1tfCIRez8Nz/flwBw0XmaxvrJCMnCl/9kdteNn+kZP5UR2CYrjXDG/IPHh5o9xMfDgayBMOVVfvuh/QgLUYmmgbBjjMXbWEGnObaTsItlgH7WGfVq765LjG3cXfv2qU+czqLIcYNfU3BnnJmwV2g0Xcm+YU+jLXfNHL0babNcN6ZCJxnh25kwniMePwfXNXi7kwz4fMUdaW2heL12a6/H0AfZw7OZ8QyqHEu9m2rMTYzCbtTW6P4nwItAey9+fB8UzFNLC+BdGwgSzvmpTepybmSYlk9xpNGlf2rULvOXioAyCmpii/oNDBb3B4VGfw7G3GpWvYEFS+mUxIOPTL2rcez9qzZnzr2Uyrth3X+jpF8EcukE//UKlOGeW0uTbsyiir+Q87PXMNFGGAX3x5vEzMTnEduv6bu6B6Z2AFz63Mquy9vnUTiQw0zg1ohIeHRc4HevU3CeojqBUP7Na880kTcLH0lGShwdbEmZfntGP3VEdmcT53bfv2lEKHOwC5GcZ7ZQP2x4Pi96t9zQgH1Ll6gAZCbW1MxkZXWboCyoebT9N9CLJ4TEwXzkvfPvPGq3YoV0pMuWUKHzcdt0LRMMuKTj52Y2PikbK4QUvTSpwQvqxpFweOf2ihoJsHn81vaHqk8as5hr5rMbqtET4IaCMozuhX5paeAaCrAmDxB2voxwQpdY29fuR+KCN6csejMiJzlGH/UtvJxLfZx36oBwZ4rKWG/OYWA8VA/xtPIAAtHTgOvM85xwHHKWKxzvkMT/klJgwjacIrJn68/0Qt+taZh+ijooJy3dM0pU0qVePudp8u9pa6XFaF87GcjR3PabDaC+mp5j9UbPNw5wPKQZr+hjusB1fH6XwGqrX+Y/aOEgcfLFYMqrukSxTG8zS7G7Vg++8JZy1z0kRSuoii7Mv4aiTAcuOr+QXF3RzSGrxHdEL6PoAELHo1vUl0uo2SICPX8LzgcUqH7nJvll8eOSLb1OEESk2dOxkj6LJRyzOY9Rs6ZWf3YPTJO0vAWY8pXeJt/aVFaL+zuncUTJwrbwsdXtqXiCpuPND5RO1ic7VY4k3hJrXSGRylc1f6HGBCYufYuN7zQiHmNzj3cIw7UACs9IROI+gD0H0h3UxyCmBGDbLrhLsfCn8cpjoLrPipb9a4g3GLAIkD+cnbNnGl0QeZlhNCIbe80nJcotbsnpRfqETS9eeKpC83XzXOS6SJFPiIHmJVSBzBBXIJ/WbKLgJ1GJQjMcPC0Q3OLhb57ZhuNezUsRHTXT9NApSfW46H5Fg+/F1yLeBk/xSJRM683KB4OfOrSBGDF6utCrdrM1u9T3ClxGhyHCuKnFPAInO2Rs4AsVJitiRnerTZXexo6zTzRsBa2GQ9rrnVjAlggtYbxkh+sz2LJft8xzffoc7bWHCQ3Y/i9AvId0G0/SwoxWEspnQ/3KuCQ4fXpnTbKrPhFVpsenRD0nhyxswArkfJVH3lxgOEWI08jpVVVpT3kYrw41slvp3AdxKfjzC+aLdIkSZ7QAxoqkl35KjTj1kcC/9RDRBWZw1D92mUq+saW4pFj+z2b+i+4VSEBhidBo1fTGc7bTWEkQTA+QkQ6nRVvT2QCozciEWZn/oSvWYzKT1eaw2GPC5pVtnikfRujAO2/ahvJe1K2t9U2NFOuuzXOse/tnEzkDG9IkHN2OqDyN7FSalGSeI0HRHkOxXQgI2deDsgUarhgqQIDLeduBZ5uXWENxA0O17S4NgJ7SXJI5+LTK/UlpGyAB4sqTVZ9ffgsydVmHi34E/JMIiuWl6+flQBEn6GcuUbx5V/UgqeDoR6cbFeb1niN/aVt0cWES6KASbrWhs5AlH/kwYYiARbGrdi5zKib8kAZ8uBz+09vEplBU2YB8YSFTpmPw978cdrlZ5g1LxDL+ZrsaZied+hkZ8i73vfkR6s/i2w+KJN5a8B3FCB2N/7G+FaCGyv2+L5E1Het/Bz0vKqf0xZpstb4LQQLvsD0mv2FbsBFV/1mPF8R3nD9Zmio2NpLOc5mfO55gPP3DFuSC5QuJOKIax/IkV/zsr7nf+PL+uMvLHtJYgiyCXKsodIEIz9qUxFmFppt8BhyBtGz/J9AVGXnwpKUfLPtexHxrcN+Ke46d+go5SD9nBTpQg3oA35IjjHVI6FK90p5k8e1SaR9ngxfapO/DH6fI7/vG0CJ7JbEAIGbwEfPkq+Sxjy7KloYdhoQEtjytulV9zkgXvbybkDryc8KuWQ30BGuCaXQmjapqveKk0pxeiaL7wmQ03nsPpdSPzGjP+XJrKQ/DWYClTaDEfKaqh4892bQLMGXNryzAFdQXADS6ZUzQvsB/KtWTtevkyHg8PhRPNb36cDXwgCEylUmuP2tANx6u4QM5WfPWtBGWLicxxfRRJNmb2ER1mmS/laZ13I/MPkl+5DKB3of0qlc39FKhdExFetUQYt5zUBGgJnJpza4e3plTJBMX40gFIRZ6zCxHPRCjMeULbxAVh+ji26IhB8olohfJHKYGcEr5SOuNYT+dN/+0nYaTkdMEJPAFSnyFtAeuJU8vGJTVXWlqAWGnauLlBqKrdX7ZtfFKCjMtaTIgzP5CY1ZcvCL4hhyT0frjFpJP0uclUBwLvVgnSjzUKMwNEpNrEZHEguwiWWUFmY/GHBP5izNN4VV7kBoYxWPzk5fZFyXhaTIlxw5BXdJwwU3xrbqrbV2gAPy5Ht1OfqhsYq/lFR5ZvzFel2J7miUNit2lgDBzirUW1NaEem5r3xeAjHWeYdAxm07Jw05IACT/V+pPR+AYqLrjlxpQd+KsHzIePyyUcYxqDYgLdKWUHK+Ebyn79xhcE0k+0v9Se1bhPLfJXC8H3h+kK8SXoTrTpevdWYD6d8DhalLaqBqSOVt/ER9pWwaIV0VfWMGrIGeo62Bs+v9oD7Q5dEUcNT9TWA28ywhP0Wu7ztzp4c/cIf7Aw6K1X/NrEMydQufUm+cq6Bk7k4Kjg5OsX7EPkOBtnLxWbP8JLstHYmD/5JR5KbMHY2V26g1YdmYEoAaubzUkXOZAs1geYOX1T3KGmb4DhWiIhREnTkF9tJJhiXc8s27wW+llPO6XbAscWyJwRhyb54A9z+IT4XbXuwcoghDOqILOvTgVnj01oFINXORQwdSjwrGLZkzTGOIoVcKaRBMk2ZsUmK3mT4JIvCEewDoYrpdzGXB3U7u8p3IK3zLSBfm0CS2ktWMzf2+xx/QUUlOHLDIfPXtT5CQFIbufJPtrxoN2o/QG9ZWabweQtyWxoLvWVUElSbL+gR0yqANFUH4KkqfH6kpOio76P+uOyrTMccR3Nrg6bKkothNHAn8V5xjdWcbBZ6jkVxCjQqLRguCOLkEPqcpvNeS38oVbEbId4dNPPLn3YYwcxuVcjNTXgW825OE77hdMmehZZzX275QszSzEOSLRBdFBfQUOe1gcdTzmd6lDxQl83brCVGrw5CX9FkCNYGXF40cljmkuHm3SOQxXovxGEEqSXs4pcPbQ0eOLoIxWTnBjoTpI4n273hzP9fg2Sy6y1ySxFexHkC5eaY2vICXWq2UJAQkGklozJK6ZjzFfxNBe9pOKF8JUhlAS7hGJttKafgJ0exWPKCdUM7QZ/UkT3D7Ooh4PDjFpKo5MgjPs1p2jxSS+cAju1COMaeCZwoDi4/blFDlfIcTq4+bQEES/WUmKTR/dcYY7SLBmOA7yFmL880xSO1hnSLdgK2YB44kMhPHiXWOU+kgh1RzWxJsEkR1nzJyznIjgKswA7Jba+b6Pv5fqQi2tZnymy0eWlX++o3IDLihVNAwtzk/b7tZ9VApWPQ0cCdwGE5yusWH1rULlUw11hTZYDboUW2kMsGUhZ3GVdZjSe7lPGQ0BNe8oOZY/sT/lYHKVUzUT/JTx3m9awR99VCWa9BWT+FE0NwDDNL2CMpGplxkb0AQGLp+5XxNc1cRUjzphuKmO04H3UAKs64AJV9NaU6lTvOASWO+Fgj7DymktoUive5UcsqJtIeU/FotLmHr0dLvdW7NccpRGFv0FwGEShjI+FLNaneGelZovKu+HnPAp9do4VTzzYt4IIJ5pL0DSkI/rAtf0mF5DbiCQ0oVmajZiyN75DbGXPMCQ3LhnZNA/LWFQfokqyxNJkTKEdEZLfi44mcTptb4TLBTaRzEP3ThX1d2S+So8rv/vOVmXduI8UmLh3Chl0m3Gd7funjaWN4K6MdIFNUjeIrRxvSo1P/+k+UNGVNJ5qX9HEJJOWfd/1wT7su9d+zr7Dfg/zEBXJN+f0/eHA2fsCtkLQ1U32AH8HrZFoxkJYU6KU3pNTPlI7Sjm3hOahYmVtpUQ4s7G8cAFm+JmVQF0/vfto5XV4bIg/lszbOevhQBVLYhgFxWxuh7Gdq+Tp6mDqbVmJVkd4VN+HKd98eMtVDceHkPvmYf1suiabVqZvXo6pVCBlm8SzZ3xzPZGZPYsn94RK2HX3fbeKCprE0fAqEC+D3PJ1eqykDx1gEeVZCG7FSKE7uEo5rSgnJIqnudBwdIUWp8GxKR601AoYxEdJedO1dLt9gUQifn+Nhyhg8jtqTsxwimHJsq+apTQWb3oLeR1v35V8B+po0w7DwJn58yLnsif9jPIr6zGDtkGRQo7qyIHshi/EK0oZ9dGL+vyK9cdTOLUD66i2aMIRjwR8oNL6juHWiARNC4zJq7LqGoxFU2rhFVZNVg6pPKIPr9VfYZh51hgPluM2lFEY/sezQeoyZrzC4xSnK10V88M1G37ePF3lWEEOOS0oJhCObh57EmxOYT2VH0MgubIdwI2X0w1Nn+MrB6Y7vOUL+Cxclp2Qa3eO+K5bY3uTi3nCga4BrceSJrnY9rNHJwUuG3W0OfUh51tMDyW/3h5WPdNeTiBCtohBG+BrRjEyeIFCLJ3zy+I2ELS26k/aII/sxYeN8RFlTw4VejQQ8+Vh6xRreBUxVzHxj2LFtuoUXH7EfYgJlckOJIRxhW78DlsQYGPQHXZCpQv6DY59ce3sm77x2b1AC1RxtTWBbRkHsclDD9nwKGfR6MmTNKVuKsBfIGNVVxADb1Er6cjPPpuS2of6lroDByXznhwvLQb8HbjTopAv5CWN3qXbEPSMi/sL2yZy/zjBgIuXZDI+//BASouRN5iJIom9TazCn79pR9sKYSXrlLbJ8qG1St98VupZTnAeGucgxvGF93IkUdzZDcR9AfIKY2rMAb6LyHzp4AB961cctyXkTMbnlczVVggdyUjQt6qVHtVw9gPIlHgQNcg7xL4BFJP9FRmlkTV8Iki+61Wk3FysQaB3O+IFszZ8UdivItHFQOiCpnTW8EMGm8fDPNCVh4I7McMNG8uIo5d6Xsn2r91QTHcrH9W9DO/5Epx436GGigqco74YHVeyD2jDpl2J9ejg8UV+Ve/UKYJEpyYXp6EHCrtV6lPWLI1ewIMkH137Qma/Nm5zM8Z2JaeK1QcbmOLzvrvSBuT6/fk1HZQ8NRO/btAHpEpd+vOWer+olLpbrWwG2Y7oXXKcPKepT889unzgzPiWX+8tKF60khP9DcHMDh4MPtxeYSIBUVNH0Vwxq/ulPSrM9Ir4YY2bQAtOhErD7YYvEXkRNZT1/vfVtK1bSmKs80MEdripw88G7TU5juxASKc35TN7UUUIUqDunK4XRit5KqUBc1e0fnbvO4tRELBbXjklA7H56QrVdWTbKt/radDu/rUPNKQ4o+4nxqAnYuJERg8/XI3WtzN8AlZflZngG0bWnNtEvchPxGHB+ZeBvUoK4OuZqRwhfIStNA7VQY2oZAzMdykKG+Bo3d7y41uhL+wy1afc8X1qPnKQGWeqHOzs5c2HQzeQt4z5ogVJArmwP0dEFyVPQ7knpN6kTlVNodFTW92u1eVSwX7OTGAnmd8kvW/w03tSqm5X6wQ4cchYmajky8UXFCymYkOJROgdGo37419fJUnMOK91PlRw0HDt7fD2cVgb+vjLabeXWtd7mTUTin7+cAuuaW+OZEuYJpBXc2Fd6zi2pBKo14eC+T+Yeosl2ZFtW/RrXl8sRVMYYuaeOMSMX3/luWofe2XVWGkJ4TBhjEluXZXWm4in1H1LZpxaB2fA4HOF3MCdpTNlfbLsR0fPPFA7QAP0TpsSl76WKw4ye0Rfljfte+RY4uUegw7Wjwx/hQzDNBQ/3Sxr7KWN/RXeKPdlBDup7xxizGD8SoZjV1qu3gQhcxvscYm3UJlXCw2znqILfSqPeEl6BEtS9js8VpVBcV7AIJl3iOZf2IfEoaG5FY9x9hLUHTxFvV7BtZ+6UmNkF6S0p6kR1G2V9GXWlzMMpIpHOx7wFLypt9iB5ocmcRivRl/fVVOGyJIfykBD5aIL5SjPleJUGmK6Ayr6GTJ9ARxq2mdGM4hPD1MndXtH3NxPrSNIymGo9KMlU25Ynmqkqn+iZoMl/y/JFwCLk9MLAcM7rH/Iz9Hnu4/+FbkGMikcFBMAz43QpuMrQFMMwmbbLc4ZQ+GqX2oZA1ZNirtVJRSZMkbBRTOVRg2K2aFXqF4FQwD4HQlxEE3/ucl78NPt+A1w8YCct2E6IET8sFCxlxDk17fmMd7BfeU5gzAThBbJ2ux+JcqSt61Hj2ZBxRkjIX4sfPRZL8hvPoQKKy6HVd9FCGALzaWf4+5aryvlJWPsxnJiiFmfT2ZLL3oY2g9erKrKxHldKTptq/pTPCpBEfa8UkFSTrPugcMZbimBdwZ+ZYZSpKAJFmbYkCVokk+x58YRNHkTBcyIpFI9z7vb4r3sM3lzGy92l8wDIQsDRVGs2fGfEw+/15xNOQJYlToMY+FgeiLljBWVoADYbMN9BYEuJn1uFUTPKbKLzbQ8jaheonv5KYT1zKkcHGklVvodoSOKU/+GNihIIIqkyFTbtl8Gc0eiGedtmUQstvh/0/e4/eX4X5RbXHif7XIlAJL/2eW03ApboOm9O4kFqSxinpgmZmVZ5g1z4vzqmaEToBdlTINw1w0dUSK4T/LfXErQ2MP8738h/nxru3jKBRqmvlaaRAyv2LqoTx2y37GgIpihXwPTZwOnfw8yWaU0k878iuXn2/9VigGEJvDFdkrVJfy0Lwv9GL5A8Hr0e3gsfMD1TB4TA6TUaa7iL6H0uQPi/AuXAUpeKzh4iWPjwri5tpPmjlkvI0bDE4NcZ+7LG5k7EXnEnIRtn+kDcSfooaaCWz7YX3laG4IRP1VYQvPP7QgumZclX8TtYkHPGeN4UhArDEpsjjz7xqANE4Rn+5rS2PB+FjeBGZJ/CDrdELx94hNXu9fKYGjkwnUdLL2+jwAGtr+HjZKhYEFo51sC1giiLgDoxleyZcbx8dr6NviqtYJOcG1OgdJ0DiYBRFsgZRFaMuxH7MfzGNGmycTvsrkzpsO4Hm/foGjRdh976mMegvftzsJi75VqRma2WSNbwFw69q6Iq73yGzV/8ylPkKMQrh7FelP87JW50CDR4GcYjiU08M5sgBlWicAtWENCsvgkQGQ++83zb9M9ve47S1cYsc/ORPrBy7OBjnO/E7pTfUSF+sqaKXEnMGH8/QVdGGrj8F8o2A3zOh8k+vyZTALrjOyKXPRcVZbQ745FoX2XaFUlZ8kBQoK/DkD//mhf8Pwi/GFIj0GuDBFWPy3Ky9PJQN2QPzX6J51OUWgEQpkZEyYCIihXYiktgzomeaNF9DWEE63KUwx2U+4n7MYs5eI+lU60mFXgzK0TWd2ea5LYqR3lM+nEzoz+4lbvOy3vT9eXjHAj5rlE1U+rxhLicHu14NnnI4ZVSA3XaxXKx8Qw3EQtfqyl24jNcEW2z+lA+klZ5i6kpBnXABhF9VZThWuYABViGDCB6Xq+vv13mEeB14YPf7j4ezaL68NckJojYMg4ngZhlu/wH+BUr0w5o7gEN0O/nMf4CqV3ZDMxzkXa43GImew6yHfxTVOS/K0U6L/BPnlZ3ghF0mJB29j6oYR71ofyiBcFG1Hd052lFSVeY6xRQwO8H2j6B3HruHH4l75JgyGAC0Qe8RUtQCAeY+hDRz4w2kmdztiCn5yOZ0nnVziM9nYgtAZIr2HoKSXo5XD9oAzMdhMY0U3rOwaLKhahf35zPdZ1CPu2Q6IRsTTKi72BwaguOy9x9TWzlfYzzPJfrTxT3Vl9Xmm+VavuUKlok36dqiRJxI9scTRvi4AImJIEEP+NmqYpYPvV+Qn7mjcKN1IQN/jeDWNyIhihJ5z4tB3UjqDoFRd3xe6MmuJgjktLq8w4ohtvAL8tmWOFi50EWbi+zMZsP5Lj8IUEQT+cbyoJe+FtRVS1ULTEpZHMBVXW0YUpjmAwlLsJiGlW7MbT9hOzmEQaz46V8eLnPL7HtWqmYHPExtn4+eeXs6v8rBJE2sYKA81BryfhyBcpAb/uKcR7b9MmZuhyqOOLscwyy573P85k+mTVRBoTn0H2uElx2qX5Uxbh2C5jgqFvCLloAmxqF1fIYtVq4v/xk+Q9IJClWoIS/RtIy2IDWyvn8N5BVqwIIEEhX5wHuIoeG3jypo4n9IEwdx38wbCxHRBVH/4qpyr15IFpae7lRRbVOticLinIbOCRr6k0L2kjb56HbSj9LF2C0YkeJ9jXC+sn0vihSP0ZsA/yPdoGZh07pPc/0tzNrwNiEEOa/7D93TnEcLeMgqEhl8IFc0IiCQqocJTsfG3TUgfByutDAac4FrWiPv+dxZEV+75Z8b6Y2pQqkYjQ6bN9tkN+1qUemG2fPgaMYb8ZHZ9RmIUDS+0ByvO1MNt4ki0o3e4I/jdEjrHBuRVmtv+1d15+q/vzFXxR0Oh0EEja5OmGY9gJF4DVo/C5+b40kFCha7nXQV3ma6u8UmvLlc1FfsAidewjRwrGkHsOgL4VcOgAf/P6FodXXcViRe0ZGg1S+YuZyMgxwiwrROuXZiSoMDhtBAa6Z+Fg3XUATZ7/n0NnNNHdg8O8qGKD4D5NuKVm68w59ZcotT74iQf9fMieQB70tCtIYZjFJC/5oibe8EiZbTsAi8Jdl+NUANocSr073RIgV1v3Oc1EmPEsGabKnzPMeXJ+RdyNldXgoLg6t3aIM7U7UCNEXPRBon4pZZhuJEqE81QNHHAnOZ6G/LrL70lHHUd/Eo0cG6DVveD2DfeQmKS4BsvSlMlc9nOUXVWtO6a+Kr/qq3aIwOKKXTvZJN1POONvUwkHd3fNxIH/MnyEt+OIkBI+nvUVmKCwql8t1aDWmxWfW+Zfcn9hWfBdyXOhCaIXyYmZjXEL9TueUMdx4APR5j6qrjR7AQurXb1aACUBuOx6kUuhWd/JeHrysocZYoh740llV3wZEpT+yKi/ccrLcsRoX01XcvwJh7kEyUmDEzVYTsr7foggqxrogx7Czz80loN8x+FOhXDuG8iSMZwPUJu4JJoqKqY4f74g5iIeA4h0n0TuhbRd4dRff/ZgU9FlIw0UNbEP3xfHEv9k4is5/KWpB1o2Vagudemw0OtzqQrevsAEmYTVcBPyE6kdAgJVbfwtUDECvvdeLwgzBYHJJ35tjLwEFz6PI5GdPrj1QzKTBRzDQ1PhhxQlCZxDynRmJlfRSyGdh/2CJeSeWvQ9gTJ/DmLI96eQ66h7bZp2Cwp239tOfAwy71/uxP2HrFCUFNpY11HaCzHSTjzv7B9G7AxSp7E0ToKw+bDcub8/SHxegj2gmEKY1bciBOBoYO8XLP5sZ4Uh+j3yLoqtWZFmd+6VjXJSCCe5tnuTp1dyMSZFrU0bh4o+uGp2oC2/n5RiYeFSoup87E6OJKjGZdZNc2Ch/D3R4eZ5gZxGq0sD/M3Mwuq2vJjBOIeGEO7AruFkAsgHNr4caBEZQhLs/sWnH6W2rd1IzXpajXXZvcL0vZrcF2Ut+tdwT7v/q6B07f9A+8ia6UNHyuIr9K+Ck5+LomFWeu0oBAIZmOnEzW37QpPaiLdIlxhtfC7eHxdlvPRcThDF8s1zDflF49YsE3L+k2cLP2adCczcGE/xTc3Hx2BA1EcExSAEZ06jNZm49dl3HMmpJxg+1LgsF9e4N/7SaAY4T5/52lD25MXktbKchygmebXsO3nyA9POVgVbLzJesb3pG4tuVb9TAplufWW8yWo9Dp4Tmx/E9JXRlYf4bqPv16+7FU5duBGo2zgSC81MpKJffvwtMcEXH1lanQPkVwUMaIjNeXeS1V4xrcML/7WhWYXQXa+D8rZWnXn2jIrlmRkMfeIV/cPuoniSiSmEQsLZNcXICwhNEQRBNm3bHpLjHnwNzh3mvgn6Op5CKT9JIBTfzfnM40sLTyx7Ep2tRg1uNKamjiE/AvYMwmHT/2lya1vNyXdaVcM27LgBFyNDZaGEDup7SprzXBnpWNrHZFJxHTzsGLzoBOx3lBjItK84QUDkr8iWTpkRCL3zz2TkxuLN3jeWcDYqkyo2zTSKTm4N0ahnJjBwB6utAnhTOsXMGy4cA7fBLVUKPZfPQa2YYZQNyIej5Agz1RldmcHQk2z3mITWwLq1hpI7f9pu3YpjAHDzWov0eyQc38VYulRu4gcgTVK9kG8OjnthfIfqyI17mBZ55bZfozJfgVvm9XCbum9jb9f/uSeY6e/c+kroN9s0mqYjU2wfc2hQ2Zxs9lN/NyxCXmbulHMnM6U8AIXZqJimz7L8+Xpf2eV3Du4ssVl2guDsW14EOXFs48f3ogGeewD9XC36FyKc1MogqBb9PHzr5IclvyHAR8uhDC9Ay2ClNJFvProZtcpqoj/CC8RYdtFIKtTodHnsGJKPJhNabehANKpIUr0IOOk6AuEFzVOQeU4S8fRS5u6xFKjFAt+8Rqm5YwYnzbUvLimzsUf4UP8GCWj9pra1Il8zQiTu7MvIVqU270Hh8KlhjT4c+JJbenbusQscEpuBoM9xoLsHIO5fXt7+Kg61OO3i5St+rkAhB5CxbSXJ8mTW2riedUEMV9QVLCu0s/dOEG5C/cbzmPQT1mfs28qQ/HVmH08dEY53aaEAJXBKifhvkFD7Qg/0eiELdh7/EcXmF6KOKPAzwNnoYMyLilp19DelBQTRFbHTIGRzXYIR5CB+2bNDhRS+xHAskUhnzDpSjZ7Fe45/pfjLybFerQndHrEJ9k6oq2cZc1/JaCKkS//5Q8ZQped2YWIyasJMjzoASf4uK+qBPL/YHx1YlAb+FqFPoA3jSaWWYtK41PuzgR666l3yV6hHf9lrkVeAYzk+NSeI/okSX3byCTtB7AhiryEmkQpfkHaZBKCiibI2UgHwdSiy3CMFtzTluX+EL0ZJ0ia6tYadTez+fEXCe37OawHR9OOFrt7Ghbh8mTwACKW2uMzMPoILOi8YcxgGcuj7n8DbkOfEzYvVOu+vLjI4SlSEkr+KJKH2Ll8V2pkvTHEMr+VXVezwnj03a7+2vIBurQdfyMVVkdg03aGClq2c+3Hsv2SVsY3TosSM9DFb20Gg6vTh3HKs3KfBV10clFvcg9oFse8B+3NWJDejXq4T/VszGZLohVGA2An2A49LtUoSnF2hI0oQhtVEf2ahztta1sBCFNcd6UzvV5bl51wHKDF9vYH6o5BO9hYf4NSxV+peZX90D6X6l60s7buKwxNPn8ZXPIRbbGcQTVN1xvlLy1aNvobyYp4Nny14Pz67bsitmF3FTod4joGU+YvsjWOPu+gEZo/f4wXvcjdmWIWgP1lV85HAsR96Mj2fzwx/Dhvq9Tbkwz4vWM8idVmW3fjH1ddTirXekkgSRcUq4SorK0uZS9Nl35xuSdGDg0/nlNBJRg/DVU4kQH1ikiNUdICYkg7MaYskOGih8/UwHDtiS8OP/T+TxyqmOc9CNo1Qkqmjl5jRFq5oY++vyi89Gbl2SE4Qkal/0QNK02gmWv6az6xWBIyBXekQ+zqDwxFaOIGq9ewvSRWPvaWvyjOTNRWrtmp7W9nYKYHTGUyupufAiR+ySr2L2g3p8P7wSWMHhkgOebq+dw2X7Nf6UhSFkbnxRG2ZbsijL3B9ge4YAUa2F3982/oBvJXrWnmEEyjWXP6cQMjNAXQxoQ6fIeIf+ZJ6yXCGyPlQ2/UES1Fj9Wyt6feSS/yPAltTvBIZEXqZ9BqBwZezUPgiznVYG3L/LGcpmr3fJMDiWhLMR2AaZqjCcnEX334Xiz9XhVJHeYdwlrQDJrGvwDHqmUB5uMc4Q7oyN1N+roQg0/rgFLVBuhao4QMVHEQM7V0UhaLe9rAww/npISLWs3zbZgN7zsJUcrPFvujed8ewAdHOdt0NXpXf1BqyWpl1zmj1lPJofu+GNcgCu/LRBw3jcKMg72IL6TuCpubYGq2VeKqWu0Ff2cXqRZyf1d+cuNn+mxjzwa1KzEJ8lygw1kEQGZWnHR4IlP3bkRn9LqpMRhrp6X5fPKUKFkSt67Pwd27EBpntzsvgj5fBg8AhfY1Q6nibOiJoWtfYXDoGTykjGZYNk322tVcMuII9mOaFrYGR5TAzPwDzy9pL6u8eek3NcEe8o3879QdsgtocIgQGI25q8vGSc1crUCHgflR9ibjmFoaz8pU8YodL6IO1lpx7QoT6xkdern88CHHfSqO66PwBcRsPwp9is0wT6MVfvWfL9f7Lpy1wKooPwVrApIs+5fUZWdqnOKzxhZMoucFM5oESxZr9jeXOIMhrvpPPuugWJ7dx8u3r+UK9z8tIpjZz841YYNR2uFUlUn+wdsIiAFoRzFJgVd65XeVlc37RbPjnb5APCCbdcYRxXuFn9eoDeMCQmZQJNgRRafBotjfy6aTqhAk5ntf5zkYc4DYwZJF8o7o5IjtnT3Cvjh6rQxV7XblAExlErsZQ7q55YAWN5ar87qSJQw7Yr/1TBvMy4nRC6J5FpyM3D8TX1UbeQ8/jO7bpOAp/QkjOIRKBEKsAERRe6vDJQmKocXEAL5rkTT/bs496AfmNVJ+h2VNR5tRLkSKzUEFMCxUYg/JT/gT+MAnxQj3ZeyXNz95R0mkd5kExOQj8oRzxJE+UGV9z8wJ6ETuXh3W1fJaX3XPI4oXAY2xAZgTDfCiu+RbokC8ApcPHdY7OD6AMEB0UZqQGoQ3IgWGevJTdsNKlYUoqB2DmGAaI6NzpXEzM+mciRUH+2lX0Xa+OW906Pv0ffObJiWiRVJ3fAYI7aiu+Psi1EFSLZWWR2Fn/OmEJ7s+IFy+epO85u5VPfxoi+3Ogso1zKfcKHIAX3P7EbTaOy+8DgFFXd6kSMaBams+iqg5ftpX4jKt/xRukHjf7Fl9n8O4SsKNNsqxvhfGxhsTelV1368sv8a7jPu4zc0CS24g6OAg0LBJxcXyPXfwv02KKYgkgxHP9tmPtOcaqCYrSlJp80U/BNU1K3jZKxnscV4BrB2yhrIlFHeaDpN0jY7SS0uW7Db8vZeTEHZNXtBQBndfcUNDTqdg0pHu/I1AUiNG+rMyByMNA6pHDT4rU/OP/go4sY91oA9c+iSJ3x6iQv2SnwX0aePP9MlBeGwSBfhT2KjaVYR8MynWM1AMU64y7CE+km+Jv3FHFiwDA/X6W0veyKICAvJxdGGDZy6JaYz78Z8RTH/IN/7arTxRG4iVWitZVkf56nAFbh9J/zxrARrRV7naaX7+X741V+f+BvigQxWEe7W9yQUHT1vW+RwaabOXz/A1FEyB25lQs93q29EfeUn4ZnX3tWoQNmHALub3xaOvCv4l1jeLAM5wCTlR7IBdtXr7Ze2nevzoPMjihP2DC5zVsXhQsO6ztxexg7esSO/X7KfO8ERzntrjrJIiXmyL+ZKB0ZLFrmO6It1LvshwJhnGycXSxWZgDfQgEoFfBqG0NRHOMJE3J5rT+y7r9zR/C/hIvwXLMSb5//FyD3vV/z3JINpVsNQ+xWncu3M8HJ9WbAQmmVfbdfrtKalBvxMSp3ZPcFKrHkiVA7EqCkm7RbKUu7I8032Gnp+mnbZ+R1WkUWRTTnd9FZB4rt7lRyKjbwvGXPr/Ikh8gAlDuL4U0lm7Oe/WDARNNglwzUz73/U+EImnWxl58GXIYqmAyPdOhC1Bf4bIWR1yV/35O0JnrJrQ7q0OgeIXjuiSTLF41ceff92EyFH15s2V/kLFmteIv93WPMxwj8wG2l69ZihlbcdlaC0qL9MF72hK2PaL0qp+VRZkJ6nvAZ+cp9UwMgbB9nxe/ncgX5cNQcLz8dnirtdeIC4BONShu8jKoeTD244BrZBMdceG5Olv6OdfkfvPn2Aw3BIuzjp4S4C822SQtXgkqk5w9G+epygmPko/0oCsEL8uYgQN1WV37yuq3J0Llj3QLYbuxYHQHI4xTaQa+vC4xaNgRrLE/QB3G6MfgDFRre3LaTDgweJhxP/Dn+UB+Y3w8VRPtIHsX89qLQ/tOHpHRXCetZeWAdX2+LMJ5ZVtIwL90/teiohNs8nfxjTKRdIbFiMUYv5deogT+V3txYn3ppBRL8KPIAQ0bmP/0jP2221GrOlZAZbkhek9mztd9hMbdg477SpVtP+kdxmKVcbOdUInLSaAmmmpWoZZcramg1pVhFyuASTgL7sQUnD/8tdnRdMP/fQiCWqXBTpnrzi80GDszLewi4nXjBxCC4f69nAyryUVhoP6gXfwP9zux/J7h9zd6DA3wNVwWGx2e5ymf8/x7M3HfMwapSI8a5rpvsm5vw5iNyjiJ8v962iWv+Y+4fmHZ96Lre/ZaKt0+JooR5VZF8GsECHRT8UGxUc+cPU77IOrRpx8H1ixr+Rvx5+ZZ6adMqg/YAakKKH9gjo03lZvaGkRlfiANQ7Mn7/QBTNRrO8Q8PXgpNhNRGtJ/HRy09mOUfprD5/PJi5++Zgu6RPv3yfdX8GbYs6CX3cKxp9GaXGs25y1ioqso+Ve0xJSGvA899N7FPgejhA1zPv01A0P9OkFkfWvDN00L968Snj8okEwELNI7TGyFj9Aip9D8ol691PeHc9YeywINJ/hSBwWdDIYWuGLchnlRZnvHmjrkgnx3VV6lODvvFER72I8R8wMZ+Uta1YH+hIwLUR/rUJTYs7/2oNaX1M6642lCTYTz53EtpXTvjGVoqDNe03OACbaCha3giiXaucR8akAfIKk20xaX8fZK7XI8ysDrL1d8yX746AmLky9mHwPuO6VNUYZoG2+H69q8L6zl30tXKcCn2V0P1DLpTxbqt28IiOsd6j85AYmRoihpsqafn63+6ts4WmVGn/PL60jtR/BlVywHxLc18bUagedVYGfxO1hSUjRAMyTSIrPFv85fPyGxGI5WvdfhSn3ePtTSQhQfUnsJAjCM+cpH3uo6i0xlgUHbwNv8q1KXoWvAOoYhcDgm/jEZAZEOSPadho/3QD2dDLagIuzw3ECdvkTJD1zuj51WOVfNeHRl6q9w5Raacz4qIrbpDNa0Xiv6iZ+L/t0b255XLI6LfcsciN+fJX1P3sJiRqVbiXjCwk7m8+wnryMNtR7s9Fk2jr1vUY/OXpnx6pcosywRBD1sPdPzAf9oxY6j0ANqPM6IetXCeGqQA+tOLI57qIZDoAwIhePDg/UWsQE2KJvurtpunvuoXYLO0wV0FkH0oHuC2uN7+fo1H8MJC/gYHyrmeZj1LvbFYhgJ4EdVaw3V6kViEcQecnT/g+9Cr7SjiSJFWIJhlq6z6TskcIbi1HJh3Nf1qc8TgC7nMLiaChvF9Id0R7PjFWnTrpQPib4eRIt1zcsFfjN2MQr22NAXFTHNu3azqE9JbHtpmqwjvkKN1fopS7wxyPRGEdmkX0OgYfr8C4bOJFGz7kuzloVF1B3Qv4XTvXPc63zd9LxUAboIlxmbGjbw2BBRiYbvLwqYp/PfML9yIIQbsoMFJvV/EvqQrwqczJoovgFSCRPhDrn0iYuUzkJn/IpWcF1+V4nm4clrhxDjvE6+D6NC84NIq5/NTlVfuiq+prP4w9jLcmeDMa37SLnugdq5mjNA78am44wfstl+35JwhuvHKIRP+4M+yOKv9xgd06ESPFo6M3yQ/ExN1sB1cQrL/eHxDwQVDSxrPIvdpnRdJxlsWEl2NbRSMYbvpwIt8EffVyFJWrzB9PSrR0fzTxs/xUohPQGzARlAG+fshykr6bJMU6t2vwYeG6f+b26eQYnb+33iZJf+ehCH3csV1FSIFG6N6pyXYqhrpmyImr7qi058gvF17k2dLDnnjIOf1PAzxazTrpKufy466MaEjCINMMEi58/uEHhd25/47Cb1L575Hmk65aJwoGbH2+jui+tgbKL5LLI0MaNvpAarsqrFtkNWVTA83r/FB38OBq1AZglx0bJBICQ5CrHz4b0u/pzkzCtpvQY/9pO9GMU0wxeTPdTN6l3e4hdiAFt9U+KKqF9uwnGi/gsygxBaeLa/PaLdZ4FPWiDYHaxy3QVaRg7qE9FyaY12Yzbdn/TZstEbMmz8qjM+R0lgicX/rYrv+YORaK+J8S8Y9oN2SkJ736iq2DC8LepAjX4TSibeX8Wqg2n1rrpfi4caiag+z3C9Ou8saxXTbpNP7w5IC9uY5IvZBhnnfzReDfPtPxqdXxshRY3jlMcI/a++yDCEX+Q/wXJ9gD8uwS3GX19PBe8D3qqg+Y63fLujUyJvY8dR/R2hjP9OAT/+Hqutv9wPTgjpbKnX7g30SEgfJnT+EBY9SZaLpjqUrsryRIpCDM5NZLYT3/k0vdJqj8TauVCn1BncK0QoqInfosuFy6zVYqKC16CSqg4G4AyjS9GxbavUjZZU7ECLIWeddZge+9Msq4uGceCUUW6ME+b7Mnh7VbhAejQkiUDdCh2ADw50TgptAU4HboFEOKFTvhYg/ypzzASLv9gb8vL/Jd/D3NrkvzlCgCqYYoPrCE7XL6jo2vjreEL+M+kbZ+/HmAV14v6G+FI0a/MgUPc46wwKMTJb6aJPAUyqCGLXGG+BO/c6xZnl15ngoHKEilEXo77fojAkuTyeyz6vXntAVbbglHlK1jGhVthPE8lpN93TzuuHeio8ynd8FlOwJ4FIcfLld53bZy9mUWx5PCMBvs7MnAQba4j0pAaYg85BenZT86l9CgY0o9ZkOVwMVHoVf8gMiYpXSDCkjk6uQIU2vqIuPhZWZHwdGIooX4OibdFjZTUWqAjzxT5j+tLLcThOc8iv9RlG0YfYiISMK90nDlYfhCOGqPkZnPL3HFb7uub3V+eQCwPkg5kMeS9uzK+BCYKDL9qJ/970epIrXkkuJT0HTdujLB8YpJ4V9leuBwhcvdbQF9O/Mjv2ubOmDjzqXL8flJav/RWWMA1S+a/J6h8DYnDP7cMeM79ZZp1fOxG6FW7+XjNszJXfSCj5/ayYQhusmMjbubMDPWzw5AWFlsshkmaSHi4lxNcSrf8qPqG/t8+cnLxGsrkzVExJu9GE9bK9yBX0+oskaJZsBcXXr3GkUubGahgbaELOBzmVcw9BHdEHPE9hav1bqkn6ehaYQrvTBScNDmL51fFDWcjBznelWFhm4AWCokT8X2VC4otd/uoQ+v/97w1GJC/C24PzUDwo6gkeNf4glpO3Il3VnDTNCsjoRB9CtuaPX29ODQfbNicEjBTAU89b+Hqc+vCRWdm+sM0IvE1/BrTkV8m5VdKM2eSv796gSuh06Cpwbvfh5JeaAdp+W06R4J8LGAh3IPAPfv39tAheXROOpGya+a8zItYRqijR43GTW29e+J2VoL+y+I1ueVjPI7Q/u678X1gcPXQ9eUrLEf7YFT1hx7cwYxktRM9xZHNp40l5JX9+0fE8E8QjFQ2CAtRtxbOlfYcwKF7RkBilKQqcAQ99C3PptqZN5+DfZN3Tys5lhrXnFv1zyFtLZzmGjD49WPZDbs/2Yp+W+0v44d8yVf4c06YykZp/YFjAKIqqfngBphwL31IkSr1Ohsyd4u/Lfu8tXHanaR68vrK/PiQR8L9YRopH2r7aIV4TVcV6uqh6DYJcJrW+KLVxPsFmIbvHEyEY0HfH5wqhKHXn+Xt18zy1cZ/eRFKU2gt6eR0niL+afmDaac5pZ2N0quGXOVmXQaCeTahUw85RtE5Q2JsaJ/ib7Xsim8CSmEAFqllxWCvHPILSVrW5wH1y4mn1SvGLOxWG0lRYkRFRk5hL/700k9ZSX6M99NPcryu1LK+JD5FBiS5qqNqCpjC2/ZkulPt+MC3J3W/LCwz3X5y6diC+vqPGqEQn/8vMvwwJnQD5VCXEHG3vIe6/1wn2vm6nISLnesQ/WstuB9q9yCXRpeZlpOAqjqCAg7ZTHcS0x9bX+p+raZ/5jq0jDFHqw6ZtcBzkIkBVnvPfkFrrVaamU3edL2hUZggcxVkMFzha17AljW1wTcAyYHbw+oqT0wGxY+omCdYCjJsRsr95o69nz49n0yNsDaO7WX+3eFJfQ3SPaA1eg00+jzuXA3R1+vRys7hk9e3h7mEbRgl1Gf3h0YZyqEgcoH93J4hbEX23sJg3OIogZteDFxsTupIoO3v98gS4Ee/BBg2Omgv5YmpgrZon/VgOttuI/qjH/f18EelWxydIv0+IZFlocI2DLTpIZ1SIsnQ6g01Xhwf1UsZWxjWWNWCtxcjLSRGpbDhORh4ggrRUknVnxohk9XPM2uzlXzsDAUJqhHX5TMzcgH3ZX4d/qMB7L2r/fegfLjpUPmZ9GOQLMFPw3GRVzob7LYxW9XHwtmo6iZOfpM/k3ATWHOQ/+S66gGop228YZMNksaz60iA/BOdlGXs4CGNHdPzBfl3seLT0d02fq3t9X0pGxIhufdCl6BmC2kChWhuP7NCM5et+MtwHmboA4kTueDy1krKynH72CKUADvwHa4Y+VF8szwy+/osc8cH/BwCKgnOiDwd6ycDwSQFufFyte6Ua4QJNoPIYhpXNV6u4reKXoTQwO8xvM05n0Ir2rzpT39ZBGEEftBAd4YruaHmkw3GcVlaaRhgfqth8Q3f7sMSGkR46XGpM3KN+WeVl7Ce9eUz3qjbysvQpR3nZMhPp/loIS6nNDMwGdRuVKPYiCqzQR7nyGOiV/Pd6kw7tLetC01A7KmjhfdWVBbmkvdh4YoNScUuWLfXhG4T9ewNlBbYVx5A+OcJVzxoZIulpZQVFca3c45fvd5kfijHJTNoIK1ccokuHjwj0V5Q56QTHKRaNg3G0lKnNPasozPbp5b/U4YHdF0hNZN/PzhwLXYyMG20e64mz6Z20LGn46JUZ+XspEfyuLJX01C5uAanuyN15yfSKpSqT9qD5w7r8K/GZnEev4rW42yLCwNmX7HDQENAJsY6YmD5joYdIRhBpAnXqXBGW2+g8Mr8V4DUDPjIKi6qwgrvan6Mir9Fj8IiKBeTE319i0vND5XRsH6FuEhRIsCauWCXWxBAc3tJMrNcnIW7ZM+JrGPsTtsufMIF41i5XzHi1ZP0VDLr/UnowaR2crKj96MGxZRB2CZE6jdaeFD+H2a7AUP8I0fzTcyozPiIok3GdjEE/S1oOiV9T5BJM2vSpWHNl/14c4xW3OBOfBmIwGd+b2N5VpMg5ys+IBT7k0XeTwGKe1fDSuaygHi++BqMJVEdrJnLR/ObrOvSuxsjdBFu6PLT0jFLQIV2epx4kcqOE0eZrVtFfYNMvOUQ4yOM0Uc9oWehEr4+CLYJ0VYZhsNyhkSeapELlVnFEkpwWR/YY/qLnLpwCCNBqBbyOyBKcR5k6qrZvw2BVr+cFkJKtVEtl2jLlWli+V+K3LbWEH1OibPnHLgJiOelzShzgG5bAFoTz0yTnhVHGLOauS+U15ETRaqJdVmPVs18euFOOHrn1q6xO/zdFi2/LcKG+Y4cOZ1N3KyL4Wha0MKjvuw9/mQFoFJi2D7Si7FvX700ROQaPfDWycvAIP4MMFOk8TZIbUvIhaYs4om9GKjfe1q7QxUWo3nak+LJr8+iGjrxayzueMoi8Bzz62yskkP5qQAwOIR5RvGAD/sx2iiE/nLNANgLRpvC9w0lJqB+kYNXRn2fLTe3XRHoUU18URzXby9AaPvzXRwQzlH68Tgwa0M9DGCbqeJMmse2LeRi5HYl5PmYHCn7USjjt9VJrqYYkqxhzha+dj8bu599rZUikn35X3s/mqnW0Pl5q7o8LNBs7KR5Rl+MLHuwVUG3pD68Y09RBN9txcm5ymAr5oSeEgpwmqyeIbgzM4+t5teyfi99GCH6e21gKSwKCvuCfDzdxzhUfsfG5nDwp7sGjQSEtjhZE+P2NyVmRA+t9lTJUaGVC7duEUw5gkRa+4Dy7SmrCXDZqtuIoic2KNqoUsc0DovTlYuGISuWvQNi/oZT7OuaQsQAzXFQteaCDUkB9ASR+v3j4FXUsjZD1eEBW4uG+F2kSZFCmx/Dn80ZMuJ/iifzsmuexdnJrro9ZvddFOa7vF4IPrH0Xqll/L2TpjWwFi+D7lMioO5FPEdZiPDmN5NDMQ5OlI6UK9dVYobrBMnVI89wE+4QulvESsaD6h+WoH0q6aeX8VRGSBjfU1CvctmUG+5KAdBubIf08DXfgXn9AprKHUE+56r6RFfWJSPYGSneog0TxuNupXQWCfUBdZ+OsKJirRjdsO0FpzGXEhDLSocl31uXfnjLAtOVc+6P6AP4UuPUvci9ELUpOCD11k5P+luTTkFS1rkehE+86qXEOZfxEzNenZYucLFJ3PlFmxSjwpqYTlPtibBhWCnHINS8nsWUM4nLPZyxI8Xa+VawIRBYZ2ki05duko9vDOyYL+KA9HmUUyk09v6AcUA244gGgMc4j9SMeQIbbNB+dO5IPVSvL0WSuD8M58t0z9zmN+PN7ZmUCJioTPrc4fjbo/AB7AIrIhaMDh2wktoH/3g0EdMfQEsOR8pMhH22z4J/DCWalMfygN8uJO3BGVuk/3KbaIK/uxxwmK9pPwaj5AicFPsokZ1dGytIWY0Jb0W5KbqJ84etrTcW/Cmz4B6oE/UfAkwqkfmNXlGd2T7Dmt3X3omppXmgRhecezrcOSF24RI7VtgTZ1c8lcZpvP1ir2wi0zD+lmtMoceJ/76PkMNJCa+V4y4vOgq94vJJDQi/6iEwxiuqtVCdQUCvU+jbDAbGxhogWnDupglxuYHG0FQ6TFKFAn5bm1zBLIsL+X7tCOuBYATmXwgrm3tKEi4iXvRmP0xUGLyoST9dW11ON6uoymo56YXc/S6OnWiv21Nin+JLOyM5UMIxBoKJl/i6oOgz1FmwP/+9YGYKmaR8+naID5Tt3YLA7HL9sgtLj+LQmvRpoh51GlkvyvlGGpSxpg7u1+DtVch8IIA2BBJPUkgvIOhO8MSFpBcojsN1F7Etfs+OgJD8Jf9B7ikGREPcLjwSASDOVLGE8Zqyr6ph6gDVa6vDV0aXPoja6nPjSut7qg1855AY1pyWQmqudcacd1Vvl0PIoiyU1tkKGLQvsRIFAjeZO+DQpJhctddJPE+u8vlJxhp+ilfzsCLL6eMAPfjXa0WptcJoUmf/uZ57nDxBvaYQ+O87P89d0/koKKo0A1orKe21DpeIZXaEmsIR72RKPGrzazmir0AxOeK9SA7MNIrndsnqeRpjnBHYGtfXFsVrPoXYXljbk72TUOLb0Fxe0SN5Hl4/sSoN0VepUDNNPBnOyhWI9CxstfJos54tL2cKgXQ7CdX6Rv5OB1srE9n6WipfCBFkjeKwxulvyh88Mu+O9bNGengMucBzrHbf2jFiuIJjQ2GgAG5qg3RXRe6OC/TROeTR+mDeJfAOmDUXvOlmLbh1/DO/mPTJV1GmaixGRNxyQ6a2KPUPmI92sOP5rCfqShi3k4NMzEzONMuhQDvnZkLCvbgvTL4gMjqIM9FUX2fJ0GTGW2hs6MzFcLEmhx0W/KRFifL8MXU+LgJECcKsSR7fkczMvP94rl0Ddfz+axYq84l0VAELHWMBrBcJR2RARVh1NHGywd2qumfdxlRC8kZ7dEAi4Rc3h3drnh9dBw+4+zWnGlIJsez7v3R3YpaCb49+c9z1ToZEMQ+rlqthhJ4bzAYQ0/uYKQo+bXCUP2RWoHxiYLyo4Bxe78mTt19n7AOeBLKagAi7KgDTTX6uVseiVoc/1+q9wgb0uY3eFOnTrOjem7tGbjm55/Ott2X+GbgMf+kQfbHFkmY/biHiAhYB/X5Rsfl/JA9gfubsRBFg2k7KxLSQdtlIUx9hpq2VjlKl0V6erQEGJj2y08uNbHp3Ohcrh+RZtIAM8Pm70/KCVOjOvm5/4Tj5lSFRzXY8/x/oEvu/lrOhvXoi1W9uKGptCIc8rhYoAO6r35ksSGW8zXStW8dKAdxMcEvnFoRW6M3Sw2pBDUgIXvpq4RcckSG1MKD0UEeBuc7t5ML7BwxvJf8XttkVJIBR36pZu58RhucDCV0aaRIYy/NWwNEdGoRv4t6BnvSa7e95p9iu2qibLQ0PRmZf8jo3kPpnT664GK6dC9RxehF1YTKvymrSt4TnCUOuxh8XuMxB3e3jCBVUpdWLLQXLJxz1Q6MDr2YOEAhUjBKkmRTHacSTQY6OkZ4rlhiKbkG+YQ9RnKHppNnBOjZQaJWUv3wv19Ikg+OdHjdMyoPDMj3XloSINrO5qV2GLU8XrvPFLPZNal559rhbqGagH6hxfaV5jFNJyHpEZZvvL8aQ81tl+6P9S2fjAFx7kQ7HM2MawPaJZ6vjh0KckjWad7s9fbJ7vZFXpAKjAQa2fMM22nZWVj2N3Wq1bd+qua61ihnLpjmDcDwGvHjPw8NP906VKFSC6qYutyAV/LeP4SCMyvRux/IzST0YtqgMZm0HOlmcn3/UaXw/qyiwe/jVelc4ihvedvJgRoAcGagNT2sszpZnK5cml0/xqsYJ5Z63ZAWHu7TOBxkvVBV8g5rfhBM/v0v49h2T8mNPa+f5juVnlsRWyHzC5OfWrCX8FlJZijC9e41LoUYEBN1wjrZGYAsEYstzlhB9kTS6auakyZ3UZ5dHattRozvR9/UQuGFu4KJOjYkJJ7y/eIXCFAuk612Ukt2XXQnJx+fw9mMJdFi61Lh19bq/r181wbn4yr42ukeavgp2ZiO+dzQRMe4LfB3fcUZwVvviyN7ogcFhyGpS4oK/r7xlOZVZWMkqC5BMK/8Gc7UXfCJkfn/PbqSFVVz+2RbSIzrVt9L6FxVlgrKBQ3HH2EI12jWeMxNWznrSf+c/pMbfcPiyOcnX2DBdSoFFzpa4vnnSMeHG5rPrxMf7mgJRcGHwWDtjyMvIx9y6hLwT8VxDYPxegYw+VWRYOYUpDS0sizeIrgiejr1UqVHR8OUHopfUhA52q2gIJF/D+YivTnevVSj8ZzOV0vley2JBE2nGKJd6VLyyv5EJ8bcw8q9X2nkz+aS4DnxID+VUOTzKdTIDUzmLT1fflY3pyjMJawP4oF5pZSmmbfk/GorHvGOqR++KzdNYAvMu1XOUmQWzrQGOtNuIhMkCFyGeAhUwrgI23E+xPtkoR90AyhKH/mi9Bf6RQIjX2orrkPeEUysJv1P4UyTnbIC32fZbYugIBOzkCaZr9y/zB2Vtc73QG0YHoqoYKvhlShxMrZnoOTJjfi2yoyVikwhHIdRo2aTCS5xYvmoBKOYCumjqKgU6bGOq9Du+HbNlEU27wGon55422wQr6CtH44l2XAKUnCN6m9vNCxiPl5o5tz46z6Z+TGgYd6QJqBXfDNBb4MUsvis9qzJ7jsp7Os4K8YictJS/qFwb7oH+zbx08sl1BYRCi/GP5GliTNdIQyM6ZD5Tajkx74WczCOqUg5/wBX8DOt0kdForFz5eE0uRADxWKvFex9cSr6TJRB+srAiHNn5ag0ic03Y8R6peGalbto1K7wvTr3tGLGRPZOeXcZJXX0/wpSueyl7Knr+u9izJvRnONJfbFyy8nzqerPLdQWDoKiohmJWaUZ1pmHvAL5UTPBnL7LjDvq6pTC+6qWdl1rffzbCMCYsIeIyRpxB1/CnMqb1e/muKCbdbcgHAEd0Thj/iGytE+RwIt+rxZpWzgGkmI0sAy77XaZRVVv/DZb0oFzPwlrxvJee9+jLC6ZzByG8NkTbDs3zIkfVB7Go0s7xiMcz3x2qMHf7izTgt2xoRTfr6s/7+OssD1p1ydx4h1fbjYKdhmZl+NhuNoSZIddrhJQ0oqHLylN/vf59Q0w3eSlbFOjKr2PRfPP/CxKLczXoZ++BHxNKKbiTmeW7MXN+K/xuFQ5nbhLCsTFu6sP8Q69w+Xik8WGtl1kgnTbTXr2mqqroaQSukLBn4kuyKoUqytEZFZS4s/fki1kUzAgujDpuRm2L/tw9xFpOTXuVEChU7srV1DMi1CXC5b7HkX/TMk+iNDK4ybGUruqs4UNox8ZmpdpcfS8vSGKWroszdF454BE4ZZm5ABYwfM9C69Jx9Gyz4O9Yt0lDhqyOCiNbXgB5en81UltufG56JZlvWi+4RXrA0dBfzd70EfQV79qqIpCWDQwTVxhANQtEIeyh/08FFSwEPKIryS/3er4fqqV/Nr5sIRG4+Aq0UlfZRn5zMXw4vjKwAKgEnuio0IfBtW4aglqxttkVX7z0l9B+B7wtwV6MtMuj0bucWEtZ+In+caRNENUEWkeL+KFfMfyHy3e0PpCkZ5NP+7v6+sxxUcDlgx+/yaWK+N95+UdtpbfenQKS1J+CpHMxc6hmlQ1/L1RWB+zuPokmliWZJd74+SZE3a/vqF1ubWmeZX8BnsP7dsaTXmmXMMWy+jAAVf18WNg9M9Bgus8HaFqSqkFy3pY15/gZzX9VtMfoXeIXCyt6TmT5gStg8Kydw8J/D1tfAin98NGYeJdZWhWLt6mnOwJQFff+VY2v6iNy81EI/HrGkQsdl4+qVK1XlSDXLATesNucu5YtZ1QeMNGKYpEHqRrWhNBEBluZwXYZfr+2xfyhzidCVorgid7t8Wv1f8WSoTgL2PkV9ToMo7EWPf682gWSpkH1svfUsrhvVdill5l08qLL+O+ns9IOQW/MRYjMw7fcP6nNCNPT/15GXxOOOVBiIdYb++TXAjD4Qtz9rroL9xBpE77VsVn+J5o+md/NR50DH/x9779XrsJKkCf6aAnYfakBvHumN6L34Ri8akaI3v36ZOvdWV/ftAWYw3Yvu3XMAHUlUMhnpIr4wGUmTtjaBJ7Rte6gbtLPAPITC9HBTvMKy9/p6bIKvM1B7UVpdkig+l2kwC5F/a0M6pN2AKWG5FrjLQhtXZZOqvfXdrGUQ0XsfefDB3jqCcfPdI1Rxb7FE4an5wP3Q9ruO4xOUpnwrRJA1YuzKzon7GoEO9x1pACZcYVWxRE8Di+/J+KXVns1a3yhoMGNgWaOffkWHWMHsmrl208MYT2OpEU4QAdevF/mJybTe4sRlNC/AMCsDNXqXe6vxjdxgP1vEecmmW6usFpfMbE1j+OSnW415eJ+KIiYo7eyccTx9JuK/mZr4d0nga7TfehxaKzHNf4Lq1sq46iMlGjAACpzH8jsHU351NM/McvJ7DtqVsLG4AYxWOkEa1eQ2UnLZe9wCW8WL2vXHvPVIE+fa41P5Ti63Bj7Yqi4eT25jzq+1RpQCb3mE+OczBt4FhTOEkxu8pHY4DFZVj+4bT/BjNT1tqUWjjR827y151XG+4DLynvrmbInBA87gFUrtd1rXSBryfOMsRF683nKHXty9fgFQlxBPGTQLz2No2yYAYG02098H86HKIVa7T3fjL4W5gW/Rv5CaEVybZ1X9HTCPtSi56/Hp3XzA5mheuaR2j59h1fCqg/FAjSJGeQBoSZXB8Cae9DhOHzx8BUHSZ2J9ZTltBRikJyHOpczz1vcdpKSuoXp8IJE1EPftc+KWqt+8egBkgZCnPpnktUkFsh9zMFBvG7asJ150Df+h4+rUN1bTfyJ1xdJ97fdc6VtnL/JzwZMYfnrE3iMY8f6oXmNfucSyrmQuXoYsGrJxi2/NLeMuMMNsDAKWDtBUc9KRWvcoaCDqUxidrb6/9UNXVMKM5hxoHo4iyBsMWKFo78cwyKIDAr8diyMidTJz1PuoO5tZRV+3elZMxGsqg9afXjDXMh5ooHOLFOu7u1/SVlJq0qwl5he2PEvdDIrHODFC/TBIHlq+saEAdCCAnvKEgaPptZ2+GojK9N6oNtKJ1Mv5Zu7xYH0BDBqDxJzLR2nAZh4xaVqsp6gXavc6/3iCkWc/sMjIxK1rZEQkroLCdGa8xwySxbAMunM8EUBT/LC6TXg3PTrEBrC9yIC90Sh56dPPqhLhWaLnVqqa9nRhoMJVHUVlgIMf+NZiCJwhBQgamSTZN67EHB7NK8gmO1ADeiMv3ueBeiMJSAa9Goc6KMGVBkNe3uG9CoIAi0fA0sXKsYGXqHnwTCLJH4q2P9Kl7REScsrSwossXyh5HBSGBG3ox67okeR5WJkhRbMUU7mZ2BuNXlc2ECGMPtqFidHIhmVxIkAiI9ZvATt3O5zuTtJusPJez+MVxgTV9DJsEnkVHWptXeWWKfPi4fn7fAwbJ5fnxcZ9Vru52uTTSpviQR4MrmZcvLIIQP4dtok0CJPSl/qm0yIxeyfp50GcmqQjxNJAE1LgA5Dlq5kVTwxCvgkAHTS0vBMYVN0rfmhYyV44ddeU5bnxjZ+Kixib4SPZong19TQi817eK4SzNjBSRv/sCr6FzG05IcDQ9SBParDjtQvwomxdLdxd8/TYd8DdGh1PX8uQcBl7Ek93kDoXLjyEjLYKNj+IqWom+w1+J4wirdiMNttYSk4D9TTKdPssldBnfpjH6U/B64HGeP71GBfV6G2mLff4OiWzqtegj8vlOS/aBomBKBG5+ZFiA8ZultS4Y/8Bhm5rdg3n1rtmDpWZW2H4AOAPkNvVxvhJ01EQkqW9pjaWADt1Fdhgfz5M0TlDEb1N8N5ba1aKful9bNjK01hAoEBsfkapbyFLfERGGMgWagGh0NQCVN2KF0mGNDAJSnsXJ7JYKiBPk8gEJozTghtVMX0pSnkRELBXyIZBvnLLSjcU1ysKejE+HQbA5cDCUtB4ra60K5tNTLKy21CEpKTvXpndCjaOp3tKZW/Dv/iRvsdjn2O0ryNHFglS1+BbPR3VCLHGDyvNSEAoU9axaJneI349X+/o7CSy0685byhEGmk5/KQC2+ALTVJnQz0M1A98cabfukcHTgRUx6aaCPxt6kT+rtD12sFMxDNxSkA0/eH4gfikoTOuL4W5ESYrX9+Efp/6o/qbXL12YO+E08h+OW+Ne5ahhR/cMFHBAFkWkoJfrUFR56tITVdA2/5NF0z2jUjI8h2+YevcV6/61vjboLGdW2tdHu5nuOEpUL3tbH4mNYMcBBWUPplTxu5aOE8+rvmi/SAKXNcPFmzS4AJ2S+tkDOJjGph7gRhMMKPLC2medHoULy2M4y1BPiM0ea1t5jkxaIXHxzvPc+lMPnCKtAICuD75h9FpDWnVW7M5xNc5X2wZFHfA1tcmrnDyjmcFcXGioBm9kHeTE6hwIw54n8Xmuhb14wqCci940pdtYlMwTYCzjQOZPGJ3DaFAY6jqgbFTxQjsPTOS+putHTBW91AbYrblg+6DR6GvUJ0A/w2AMp9WgVqX956yS5dLvEgjmUyWjHPMkXG5eI8VUgf8cuuCbs7Gr0onmdBw7YB+l5qihw4d+8Gw547y7p8kMOuKE9hV/t0LbU+Xeuo81Sj1IsKML28obZ5XuTIUc9I+muldYyHw8n694FTyA9PcRsBkwhlwR7S+F3OZ9Y1qb8cq7g7qJBTLA+gDomWfD666EbBiMZoba+snCcX8fp4r3PAlHyW1ejyqylnFmBjGxwvronRJ00CQjVboEz8MmVsMIch5Pv9ITBgzWkpi+ea2p4mnHA1w8SvJKDPnx/jrfxNVzrJwppJrT4j1l/4SjjB+fEPDR00v7jYYn0vSiwP0QkNzXRs1GEE8GJ+K3kcXO+ij+m68xtb6PMKDxCOwMY/epvRNi3HFbGB5IJkPG16UyDsptKbX43nC+LeGIzPv1vzQazu+B5Xibr2gz7ci6nFuBL3lhUVdQGA//8BlRx2y97OkZ6tXC3lC9ScE7P1ySjzRPxjWHtKno3EOuC5pPHQU5M3b+gXmgwC9TVIoURIg6JCa6E1rU5fAe+y4cnVDpah/UAzDpKrrO+zNxgkhi8OJ82/A1VvkfCDhMWP0HPbd48I2OZBZXRj5heLhzy4LV8CSKiMMgfqg+HLZbKmEUa+q0Gx/vyxljWoorubsC7tYL13RZ+MNRXkVElahvbcnj2HkhnFogYJQ0XbgVOhykPdaJbotZR58nQFFk7mE95ufC4mRM8+H+0s/QvEZJZY3A/xjAn0LKS2EuOzMXDhCuQYBFaI9XbWDQpalYF6s0Lsi+2aKjFnHdychTxfuJDo7KHOaILXnRGzYvnuzlPXZHx47wC993tYSgFy0z/FSt+MmQE2nGObzLlFq4kuD8Ykh2uZ4cREYxv6lDwyMlY2fa74aejEZvcdqNMsNO24pAKx3jvndanNjGGYODeVh7LJXJU81quQhs9yMDnI+HxnzbirF4d0tHmqZpoiPdo+UxWBn+l1KkYr6KCzpZDSr8C132dYiwvnCIz8sbyX9kkVdyoZkk9j3/N1MARujMj629JEsFk4rZFoQLrBQWRgqux1PMemFqPWIpoTWnhQ9PGoYeN3hatmjONz2B7QGuus8bctNGLHFGNHmcCaShgRDSYy99bnekU9HWgHnv9re6mgBxRQK6nS3iFKTDHPjxXtDbp97LPG2gxANAInnu8duzRosTtD5R9vWxfWyaVE8H30hd4FjpunpQsQctbLYVRA21p8Bp2VEKL3GsoO5IW+UeAgvl1GWwv5gbMPcmpzqSTxM8t+8q99g6F7FwRZvupQwoI1t6hLUAECyZaRieFWgi/e1VXPUvfRRmqKVw2mZVhYw9M8U62r5wXRgCxep1mf8apjfvN606AgMDRoErHvmi+ZrOHEt5FURJRqVOs+C54lCdZWPA+zMGxTbUYcm7iqgjRBk4gjvPheVPbEnCXTJ4EFtrpv1zFywEWz4cTi1rWokfQABAADHguviN1Zs68Ep8KL1eCHQS/OapjFv+e9AIvKo+gNZYzHNYbTT1rL4oFjPn98HfKBvIvSo9fFHT7Kas1tVfg34YjqN+0Ugdo6CFqf10iRl6Uc6F2IMWsn0NN8IwNlrVxG1oXIy5fWBvJCkP9d81sAqYH8abdrsWCN7c7SQErGK8BuJEtHqpfl7RnfJZsRS0OMo2xMokC0XFKvfzCPicw7Dro885rqLZAvnGdYSASNVpBQ3PAxaFI1F66NvB8KsqtNCVQxpGcqmIdIWei/LQDzCahl8N7oIQBgH2TM6owEM7QwsZpy+kElHCNDDZs2Cf+9VgbvEO7Kh1UeVh+kaso7wo8F84yXP1Ahify7LrzV3xvFOkCO2XT+PG5I/SPySDiLtbnlfqCRG9va6rvzsFJV3uempfzTemrX4DcP62/JnJgg62NC3QZmt13Y1EGyoZL4dVloSNhZmoWa64wtNE/5Imse6NgO/AW2SqEbbmd4h9SIUg5Sx2mg/ce4wtYvJR82+MHardBAdxtpCW1s1ksOMxJ8a3GoW0kfCFlIPSkRh3Q9mpHAiQ5S8T4wtBNgtwmrEmVjmOlStHXxOpuk/risGtnRZkUfjXXwvSqjNdLXS5KuJbf5uFVYKvcmIERVtHxQoi9F7Qsjk8RpVXnpi+cfshczDdSPw3k1NZVbASCmnTNZxoqVA2hUrtLZWeoymKPDGUaLeNMsNPlW9ii9mTXVNBScysaN6mRvrBza7w0nEFxEvwUWhz2wHmc0NDaCXpQ+FjwBHnEh5gNGZCOXMC8mcD+CzYk9bbWhEGoiHD23hlPAvvzbyl0Wjn5If1qoJO/ql6Z2FWdaNqnTnuzohACAejAnAlycyEaaQY2corlBVhuuLYlF7b0rKVuJ5rop+Lg3wsaKxJ38eTD/la7ZC20RDAhDSVOwKDDmwHHDI+DhBPyebN9gNoj672zy5N6PazwJSBPfWoN+EfstLpWfEPXvyFcbMW0CU7QfJe5upzkNBoyaUbk3SIO8qVEY+sltPBWqSobrPQ7be6L3OShRsYOVvmZWx2I0tg+SupVYGjSEZZ2KEE8UrieTMgWVUQ7CVduTlFnReud3qCxzMrGZ0H1QuteC5F/BEe08kUJVFnJVaLl4A82yA7SRXCquQJlb3opV8nljHccICPdPFGPLvWlkZInKrhza63OiHGysu4xLEoPDp9OrlkxPp1vvsibzQ5UQ+Z6WwAuSYSBd5n5pGhWL3R2ZLlgY1MkpbM+9ZrOZpZyyoV18WT/W9u8n829IpRoaW0C2ENzIt1+e5kabiJCuy7IPT1t/I8G8GdPdG98nkfAouHUBsGatJgtVQP8D61jWCsLzL++ZglNOpL/qR8NEz0rExzSSSYB/t4I5jhYzjTKzT48gkDmlYN3OqmyW67h6eV9a55YiP49CofnveDwMK66QXvhjBK3dp1rlvYCsbBSXt88EqWuH6+A0MY8kZnkhHMwIziIwCYs0U7To2iscVKl0jaVkgkImPYW59xnQeOPdUlL+h/N9Qthz6xa2v4v6GQH8DrPtWOqBPMhX9AkogCPxzaSumpTj+6RIq/A3l3odUDO9ime4Ogv74FYeQn1vOn+8Ihf4PEP8OLu11vrz+qATGfq69irp6Lf/mYjL/XKj+UT1Qhn4eCtwOB1d03Z80fD8jUJ3/3ONsbvl3tlzI9ik0M//3ZDOxv/9BwJZ0a/FT7OfCvJzdHxfmV/IBH+t3cmuhKAuaXGdJpyVp0VnDXC/10N+/p8Oy3FIBZTvwA5tkbTUNa59zQzdM36rQ8vv3T3UwXV2Be5fhc19N5k+RgSaX9VHcVLPfRzJ/XoX+vHJ/zpMl+RvK/Hy9BXB/IwauDljT2aGHVA1gVG/O8hL86rvZkgGH8XDM837nocLwQNwbw8oG5wa2wjGVUjKvezWAv253xe66P2jCzjDcod+Lesyk7w0d5AQvyEfody7nr+ztMzmao9q7WxPUaJ4R22lv+ozxbbXYmwbW7r9KgFxnZA4DgwHgq1l50F+T5rrCbzKfWHyEAYLylnvEu1vCM2qdMosz6ADPMLr6DqtM9yRhFITtQxY3t6uDG/E1gq8qjaBWDIIrRpuglRB3Z1Ud0WuQEnJes/CYLJLSJEtFU2kDgeEFkYFnG8eRT14GY9ELJQD+ikmkFGYGWDMnSUTyMG/GS0LGz0g8wvO0xo8jHOJLaoRUgJRXAq8XR7eHeGjc4628lXN47eM3fCKt0cd+9SliaT/JgFgdCWlKEEfSphkOg947rkeHed1dItXO3GA3+7kp+GYBH8dI2p3pKA3Td3AqllEEJ31xV0rJ4F21pigvVcgAIscdJuuXMyEvkt/Xzdm6HqgscuokOUCo26QmcKkvGiQj9ZNxJbTZ1r7zPAPNMRTL0oNMvkGwBtw2eXXmmgXQZpkDm+rSDBzEVeoxavFseQZcAE8hoUn1lvStPqnvTdDo4nsUPfkM5k+GIGYF7zZD5PuuR/B338Fk1tqIkC6cMcI0j6RldO8y0qK1Id3ediFwMCYXGdN3Z1IBvfEK+0YCg1RP0ro8QPh72XvlaqHGdAPhqot3VnkG63J9VbixgJwsKNOQrBkYHOXAxjM6XOTe2syTqxQRpSiJKKT4XbxzYUuiRStd0TqA3ZeknUWDwadXYSw8Jq5CxeiLOlvw7F83AgNOEC1Yk37+HrdgSIjnn5t5vlU4CQQE3qqQPMyd0ScJgY02v4UHfSt+edYldRojyTtHiAkuc4X9PHtjN6Zv9nX/hgbADEpPhf09aXeB9uytjSjpRLYWYNyTY5dS6keTiPyD3gobiKvpk5MIaTWnc19h7MVgeHY31i+RnfrBO0KtVQlZLsZu2rCf0Qk1XFNGXhjHUZ3GMKefpj7ySd7WSwG9yiH559K/O6y1iKieb1apmOfDmvvPN3+1F5FDtfkpDdH090ASZ1YZX7ONBiPJD56EcXFBtfb+kNxuDocpm3X0iLm9Oh7qzj4lBrryK8cK1lpo56mnK1bUucoOz5urnMLlGFtDO+DIrhe0Ev6CykFHEYvX9+SBHP6V2gjwBtyYpVIMz109/asIAWaAF5TOh/BS7PbMMvJNdAM8PumzbwVdvS5fqnauIhE0A5gCDWr5gyPXomDU9AXfyZb2s3CpGTNYFJwRZOOBjCnB51YcSBvao/3BbF1Wp+8XyZC9/wBDtVt6R1LcAAJWwJI2Nf0c44sA2t9r9Y8NjtSakE3SqPbyrl/pObpnzNfUZ+T86vkdLLT8EUXeuE6xvMu7wli3LC3DcWkK2z+RY1whQ2cprrLw8HwHi3dyvT+rV0Nib1CTWgxdGlLVmL6xxYTUb1kND5UTX4vdUMUMhL2xn5kZDMpYLoRZ+AslpJmrZAK972BV0RcYCzYYg9/EKaOrhzNqUkcy8ynfXJ55Mfb9ZrdAWii2cL+16s3Ab4TFMLZwi4gbJdxr5HuVUTiBvd9Uzv7Xtwov5b6HsSvlj1v/UuG/uvVbocByQD59b/1Lhb+0/NLy34CWesrLgUkj/IiRotfTse6m4ZNowBs7dFAqhIKrO7Pn1mLj33yGuUUiITmyfCOHUamfzTkKLp2G+IMpp1QqgSxm168L8HpXaNYx/DN/a9g7XvO1cRTUmd0AjYaMYV/2kt+qPmcWKT6dBG81w0lt3yRJioj/BS/ANaBpDxlSGv3yejobDEPE6m5f3psdHGoWFIPwf0ULL4ohFFKVJrEhJBf/sYn3k1OXfQaVvbxzcDdD8udNbEKZi40TXdLddb1qqdIma8sNF0wyCfT+e6ocyhZMxPOHZXd9UpEAX0wJUJo6gpFunGm8ohifl4vAU3pO8HJtwROPvvp8svdGowLKCHK5s0P4hOFP3JMUkdIOgtHwSdHEpTMI8lnULbZSYGtTVoqEbZtjtHE9ygxJoPgLQP2Ziw+fMYA9aa6R/P3pcwkWt/eyYwwB4qPEr+N5gyVoiwB+FDGchneK0qu/YIXw81oYgUNhriadIYnQ0hPGXqs9LSOBrKWY9LHCpjcAn/6z5q2dh16HClPUpdM6viwxeUggklPyIHLu6U8xbFe5txh/kz2hjXo8zanQabT2YYpDrMaF5fwxPqnvuS4VM7D5eCuVtEmSFASM8wTKZdKuxzQEU+OV75PgyS4c+ozNZ3kN4T1d4JNT4TTN6mWxd1VIwEZSDA1WMNYtK9Yku0zrdcLlugO6BkrcLUIlHBprD4qR2OYrVAF+Zhf821H1S1lqLEVvkFDERYPVWjH5D8asT2HISJX6dDJ5MpBSmgx/Ty4DfWEMxVREJNVLL9K+teEWMFBJT94QQJSuBX8TaMgu+eF2jif0pvaJ7G9/pqJw4QfyrK2ekQY1NftCrvi7VLK19yIz0p+TXMSmPCkWtoDB7YHqTKViA5XSTencSzKSS1rMGmKNFs9WmGLlH1c5vycMw0o7qd7e1hN7xTMW0htbSAoFJdrKGxtyCL/V6g3mXmWNVYNBYthMap/e+li9HnaVLd04otTqRLaMGDVJJd4pprhVqk+emyPxWWIiyBeNUfhidIPQCORHHEIWY7PEB3exiescDelIjuFtGzWOe9002hsn2f3+fvprWqv1akL5zYEs3sucOfUW0WYZHg9QBmEP5JqZiiXGOfFwUryhkmJI/5/gtL+0/CfSwr1uRcJceIi7V+xLWClIiKSZdKC7RoCS31JbP8d0ke+Z5lEQpBaPZekyhuFhHyOQt9O/6T9Ls4FpOML4LIFaztAiZ9gQsuB5iOQ7w1i5J+xJauZbLDgSfOsRvC2ggfMh70UckjSlrt0x36rVXRYNsuar0frER0Lf35Q4VHSlN9JnyHpxeux7KHOQMn2RHMEC6EEdw4ycWvmeIl2Zt2SeqOKEjyBaPUYBu4tZqlyN0JyUBsf0hHXz6XnLRX7YXoMFlCDS4uHdyKzkVauv+WljDCTDsvhNHQSkBfopyb1ktC2MZBdy1mOID52BBKjDBqGfYBToJRswm75BYho2W1/t6tE3Q77HYkZSF0+FCpShdiXjMBNI0qIBWeJEKH/dNYl+R259A4cGSLoqkrZDB4nxQp7Ia4bhLZilmzdo0YI2GL3+nCxJf/MfXVm+Bu24zBQS1mqzwp7CDNz6NnHkxJPvXgHsZXEDpxRyms9NUXcsjZRHxkB8CLTTtfkkEJBqtP8GnT3bTK00T8sjCcfwnugEB4zAo7C1IM35w2JhuQSPzn9KbmEKfWCZl3abtUXq0xBQDB674e8QP46KU/x12k+zCaV3FFUrBgRza8kGlhjvME0ivS+6MN4JppZfdeC1hz5d82do6qoVmIwTJqrceJta1uIdwGbZx8YFa1+JX+H6DY7gsvkqazbP7ON2a9dYCYa8AMYEEE6BHzCjnkgCLD/tQhPkW+efZkjxDJsmUKBpcAdPzvHFIydF4Dun1EZDYYsdgWPkGqX5ul4tmNE5DjG2T8chJQ02UrIxqhaMwzhCGoaXXbzTkYLJAVG6Iqdvic+s3scFB+Tk/QEd900zCLzrzfKWDkA1j2joNC6XWHMoNNZTBWaN6Nr4nccCIX8cjKF1s8vLKAykPqrD5M5gZLyQ/P4jFPXLhRbfy+5lNYkrsMEzLkf6qxVIm0RiVG5Zm8fR7mpp2YvWZjcvDU/qCBA4589TNjly97ohQDZlBbszNxo6gZAXV2DS6c+fcIYlbEqkw4C5q3pg5RvYSA5qkTQPJzL0bn2AP4eAdlwNg9HoHJ7Ns+6EVMKQY2YwRoWU+mE6meM77KkKQ15rHaGpFbYSvYdYWkDgD3i1prq8zG56n883gEzTFiVCmo9UTF2Iv21hTO63yGb24r8OB/2vxM1/afml5X+FFp4mWy9loHo8+GXxMB4XGB5aEWPhT+4jNcY/roHsjKyQPLde7r+WpMidnfRrlypG3EEpj7FcWFojGNi1AqXjU7B7B6ABh2FoLXdLx3zLgc9ABiUwMrLAmzoix6KMw/vflPUJhG49IY0WOXE8EfWJgh4KptRfwB52EVBZToZvYb0TXlE9ARvyIm+iVlk2zPh8OR6ytZDgdMuPf1090VcciF5Cw+Sgx8LmcMM/8AXY9oIbZzPcKVwuyMotTki4Pqb7qd7e0PB0dAls2dr7PFqGbfWPSa+FzSqwfKNxpt6BOGLeMjQodZpGs8yYpIrRi7MhL4zlIIHRWRaZ0n5IFPQJlU+T7Va1MHk1gQuMrQC8Z3Zdic1u2/jFloe+KSJNaWXkAPf7jM5zxfbGIb2dcCefSUlk/oEL0m9ynlfx2Bi2mpc4NlgiRZwBhlOffg3mlVseQSj+dEwfXeeljJG4s4P5KU2Vt0KkSX/X/sUFRyaVtqszEt9YU7chzsc7dzJGdY79ClLZgzHAg0G4CBTPxq37MMbnJ0mbAItNQc8kIZfwdsORk0Q9lTFUhud2wK1BmFjvU0zM9o/yRNTpmIH2jW72g3Du1q/C+PmCAWT1oxC2vgml/HjHLJAbcYpdfPnkzLJXDLsM3kiNaluInQH5/gcVcPMEUqhEXwPiI9vEYT2CYxxaeBYjdK+QuJUnRfoUhCV5wJQ7hDM65WRp7gUQoKIFjkgL+HQBmO8KiyO/pHAhuaPwByIMp3QLm4Ys6Bc/iLbImJ+lvHW8mszd/JZnf/seApQJVoyY71D7HvPSSLvIeNO/kf4hag1OICezu8EDYZEbr5Xve5UKzUKg6/t4PyOYXOujg25d7lqs0hNaRzt2VemohEfpOrvuhe1QGUK/sLKUnCkJa229EW6Q3tRhsZ9M9D3Hvgl2yu3xEgm8LJK7ppxB7jvLuZS68Svk9T6fHK19KRMG7OoAW3+CG0lgb6ojNqObmhsZ0egzutcby2YuSjcVr5H/S/IdfkrZTVMjeEIg+EV9PKRnTRd1/TQ18wPRHgEVRXJrxhEPPGOg09e8XwCmYBbdYsAfqzo+LkytWlXV1xvN/8c4oDGQFv+fHNAoivzF+4wjf3U+/3ntP9z3TP/6nn99z7++51/f86/v+df3/Ot7/u+qP/3S8kvLr+/51/f863v+9T3/+p5/fc+/tPz6nn99z7++51/f86/v+f+v3PyXll9afn3Pv77nX9/zr+/51/eMIAT2X8z3DMN/cT7/X3rSr0n3f99XTevmhZCULEVbFNN/mle6H/ri/32HNBA+t5T6wyHdO+sDA4JJa7/n0WK9eeYc6gRwDI72FoHYwY29ZUVVHgMhWcKFFkECEnF5yGGCcsxuap9xCp2PiSkPpg3EXDwX/sGhTJemvssrQD2SPo34dKFiGOzBzYpdrx+VUiuPShVmkeFNyaFJFO1BYpfwfOqqAlLsXdaWAc8Tmd0PkjckAtknI4rEQQITlLoWzGUZRTuUkIm/x8hVOeDKKqtOMEEuOOlb163iDNb1PRmH1C1dnaxDUd1YWVspwjWQ/4uujIw7Z9TwfPzh9p+8HT1rK+0GcqtZM/YHZnS7KZ8BTOLYY+Suq/lMxsBOLW56Btp8HEJxeCYOGHXxg+jr2SwnuExR6PB0VnRsH2XoqrcSXmpe+/MBR2Vt7+RuYZm7h8XpP3l5QmQeOjR9Oy/sNfTfbBBKP5XcQbmy/3apDzDNmee+aCEyxiiBpRHPvyqkT3KoZLg+ieEgoGgUGdzV7j4poj0ZGgE3AYbvd3G3mDSlGwHjCZfjPpyU4aJBk5GHO88aa+eJqu8ZZVoNVkNAwXqNz1B+hSFJ3o1m7FG2H9yDAAnU20sHGeZKmBP8t8C5H/V7HP31fgz1FZWjC/S9lQuV4B2yO/f8njUyQUCdPRje0piHstyqfsIPRZkZuhzs7i3XkCRqUbp/YcuG0dIAqYxYVQLTRUmmkV1OXVQuiOwO8k3m1CwEjOv3KkWJmRBOE5qZkqe15lXOOSomPKRRjuUmITXnTbUo3Ro6jJAAnjEROHPW+2tJrNS0pgwF1KGXAuz9rWlydZXxQBF3LIO+6lXyTIzh2sMOxR7jMKFKOwQzXv7DMkO01G1xQbXqCIIoiKR0RbK0C2WYLhPRW6bZQ+o6rE0H0cA4dMODryL8hEi8Zoh1GuNKf0I62U2+KfMjjJx9jNpwFPD0iHcPD34hTmzN+gfBMMVV087E+qEqk1WgJdlbmmVqaxc2ZHpjeMae8xmBkUrTQTJ7VuOq4fJ0jXFa5fJhI1iVh6GybTOD/LlgSWPOEu6RD5ubxeT8SxDVILjBqUT2Xddt4zvqNAe5gYoefdcOACD5siKBz78y61UwWg634w4pN3g4BIJkOgQugDrdfh6OeJeEPZ+f4BElBc+yyPrM4Y26xV6qTSsjvFG3lYLY9nle8kYT4bjqyQvAO9IjlFoZBqQa5fXaBx3bLDyXfa02GzzjX9QQwEjqiHbYTUkhpeZdMMwfXD644PQFQuHMj4bESBrHyTxz3FDy+C5iwbs8Q+HzOMc8TO0pcfLCanEwzKI9iqnUPzRmUYI8jBl5+ngaHhw8Rb5wOemfdTHf4OyKH981oDNA3sDxWrx9kBfvgATiHTAUFwJfhw9L/gaPSOKlzTFAqb9LVMLZlhBCaALQgW1GwFZTYuU9REYXpqRat6jHDB9BaamdggKJevGOPFng7NMLgiA0sJXBiFmRgBqrQ6I4pZP3w5ZEYHMQtRt8mv3zEp8gBdqNcLL9ZYikdc8IR7thF9PdrfLnuMWQdiiUpqIS49HoDX/DtvYKqZYKxFdSPKn7ZQvwEgNUEDd2qaPUJx653CE3S500uJmDuqWup05fiJBL5dtHP09glog9AXNvhrDWzkgYZuxp5yPUKs3n8PcgXyKRXBksDT1WoyCzMgomHytVasTAtoHd7PsImfX5CkTdDfADn7frQmdwZJjo8jxgKzbiUM2HU47xSMEEI3D7qUtE/NYtRXgxju+LD+/TR+LKOyJefvQeTFYRtVQwcR8OWklwVDmjbwaQWMtXoJ+9yoN23vzi84C9tfs0YPCaw7dex0y1jN+5ovpujv6KdaWXF+HNdhp9nuUBzg/+HgEd11eGH24JHpWXDItB7fy2K81LDvJ74gRgK/krPd/v8sNdINChClCK/ywzG+mF4R0U4uBLiWycVTxsi2tUGaDBNntsONuAPIdzqI7XEnSn9pZvVEGZL8qyjBrRCOGBVsLj5StcDEEnCa9jrnOl864TuOtJ65ApoMqxI/B8kY+3+ikmW6sfXKBfDobijdK/lbxHk4WgisBfQz6nezJkBc+w0mWAHSeXzEVkMwSD9/k0U+zpX+IHIz/mJVKHS2xMDjIkZcyqx5/3NWEPT+x9FJ1tMx30W3hKvCXB0kvWIKelPbJESZAobATCuehb55bOBI2s5VWGqao92SBI4RZ6sKzjpJr5jCpU+0aGPEDKKtfl9DQn4X0n6racHtgCkbTiDtJDMm8NsnZTske7c9+t+MPfEsfanb3C/bM265i2POiMJpcYx+/Zv0BsPVxKeg/czVFzr+h76OXkbo+fuRUgYD4/F/YtcX3Bni2L6YWLjWNxGXIT3x1tSnJaGjiafmCbOB8shiyHXdOYQ+TcDe1q9S2HqP9o7JG4CJxOVSLrPBNawJKP+OoJ+Uma3C+NZhwMWfuAzlcJYJnihkp4xyBbOJl99zV9JimMv7re4rGUWZUoGfXu1nL2cn+58GpE6tOPXdagaWomuq4peP0TZoP/tr9Rezn6iMKBC1fLcd8OMvRad1LgQRqeQfAUIjsnIcXL0u/1l/PTCC+mAPLSspZ1lgOQ/iWJwusVz2jsNIZ5dR+sOlXxFjkvuaKest890OhCCUOM3lRFokh62CZ9wadZlWS6nlR787JIPbN+MySUHOqM92IErGq/UOHSZ8q3+z2+R+CEE49C6wOYv1kf66iLNiHbgQBT/FQ3BNmhj5qps5uZzDHVqydAuEvfX/jomkKDZF3sn4a79eXOUDfj/6i2/BlslNS/fgYd3TDKBMpi89Iec79vOliyS/s9/K6f1kJa6yoHvoIEz5NxHKdghIvNmsylpoRI/KBxB1sn4zVn8A6yAYNG76Ib3ENR1DDemgM9Xu6TDc1HxZJjURAZ53dRALkvLp5x5QYp+IPdzZ60WbjwehwnAFBVXYO3rodbbgevAIYSfVHao6JKo5gEHrmCsfM/c70DJMjGPQkKOUkopa5RUNH9FK6yOQTrFcLLVQ1J316qzAbmqqyZzWRNAXlgz0xkJjta1jIlm5z14y9AgA+Fom087WQieX+GJ1gbSqZ1gLk5LfSyZKyOzYwKu2tk3j7d431ZhlNwLyNN4mYOQ6R3WttGCROLDLozdFzL8RiFXGnMkmKYcLtP8iZ2X4k8y3E0j5u7jPBFN8xXbOpdZ+w7U3XeOh8MPsjUft5KyFQt8UwG33MIexdiP0l4PyVrHInN38cWb3zrjAouCr0YIK/8ceqD/cONK/sNfGSjPmgbB4kzP98DqcHdOToWInMvr4HTSBrGixzI+ZET2uQtqBl2dXwyNvLY0bnAd77WHkzP64t4Q6lvOrGHRkymmeJYVKh7W6bLagLO/nzWHgbtqP+qUZtaBKbKWI/XOmHOfTFIG4J+nJRzsPvzg2iVGng+vHxi1blpwyJubb1DAr6P8CIfpyiKkdh8tG2Yr0ImkTgxHFmpoHqegEfi0C+vUfH8uTYsEkCaGIfhvYDpRTc7XpBJmX9hnLEgZHorn7wJ89RJiUeiHeHTbYtAWWsjMPLXTy89Gm3PPnmDAf6CYHjT3bWdsBjk8SNucV3nkGbHdFl+W4D7NkU81dmoo+WmHfxzM0ZufIDE9+JmdCOIcQBp2CSnjVN8U5PHtLUxARZnNTKt+qakOioDrMHl14Yvm13V4KiJPD2HTQhbmrK7dxrPrsBKhyr0zeKkRmLgiqfLhX1EtRgWIEgz5K/PsV+6vy7jzRpsjt+b4E1+WmA9ScLuE+03gyQsvAYZQ0P4Yi+lAiqCeniBkYYQRa1bE6ZpFOBFulXxMnsjZfUWIzu36m+XTSJB2Kd+plGi3LMCSQY9u5XOxuHtWr/MazjQ1aRCt2IerM0i33N5AaP0pnWbOI1DXXOEWGMEB5ysB3Uu9OIwjhWHRb8RahCvIciozXBVxphWop/TN5srUAfU4XVKCbMuM5oKmtmlMx4wA63uOf0+4xcivrkh4FI0gC7QJ1gRbM/MPEiEaT8Wtco35E6bE6s2e4KochrXaSChTo0ZtFRuPk5v69GOWBwCyhKXWdeEX3IAGpVRUJ3usRrparnyFBu4/gauREZnkF3KqJVA80VHSW5cwUFK6IowViHPZQ/cqiy8yiD1J1tC9Aom0iaF0w2GEl6o26SZtlf/6jXLOlaYZ6cAb57N6gq0VdL6GpLJYts+V0UKo9AjQW/o8RhwlCq99f0cHcB+aBIoj9r3rMYQGGlYnvXLkr+Y2Ew7NQmG5DEQ2a3PqU7zQW/WjfS0bXNVCs6kF7UyRPHCl8u+8JrFbGWZp716CeC1z3BS5/M8r3EKRDkr7WR13Qsm3jnhUuPjnMslX00y2SpwWqC/c+Bc+8ejGk2YDsmscuEwAt3HBXmZD/1Kmy2fop4vX/Pw2G4on4slBKXqRm7LsmxzU9I7OIfxHb+dkLuQkEA7qCEiOZlHFjWyHCct0jD7oTTnbt9Mi6YdoCKf1WeKw0ezUM+pILOnyDzV2ctfp7ofLVXIrAphWHHej2m+uV4NRO0TPrSFEvjbVwuj+wc7RFDHq1JbCTIzy8b7sB+E3ijXTuUTYcGBPAALbHtDDtKUH/Nci5wN4n67147hxEDnpSj6Kd+dQ6Nnje1Rq1mnulrlJqol2jo0QnR+j9kA07ndXnuGPLKQDVWHoSSmknmOxiXhIbVecgGTMtP6n9LAxo9GszCPDd4LGtn2NXBPs/seDg0gUivKz2mArPKbznnVMgyaQznGD119cyiQg8HzOutRNzLoEUXAysWWotaQxHqOr/HFXyQjfT2x7Ay1TzSa5jjYK3YpNBuzJzBbc5hSrZ52LfHm7cRGQ1XgYBTyUm4I2/rKyCL17FRjQxfV9tC4BC5raRFkoXtxnPCqOJCw1A2Firn/Mcr9T1FciVEVl2PVp8vc/2zmdf+r6kHBaqtYYW7jdAFmZF9Un1PC3jqwctemAAM5w/3v1/tSnkz71zoelbZj/FKcD+ToBFbNAvdmdpg8MCMAtZDiDQlLZjskzTkAwbn6CQl8LqyzJ00wq88yxHjslBnrevLxgvjiAtBaGKhQgWtbGfPqOTLGLj/ODsm2FHccimyIgYz3kLX9maLi43Xtu9hXNIKkuC0IASPqkeqDyL20xwvXv7FuNu/Zs1cNek2mWrFjiVmbpXOoXCgyMP+GM8ZH7sSJBS88nQYGm+hBHUP1VgO4GA4SFcoKBJOZS/FcZMaTd7kDzEIDOzg+e/tA3+PbvIUgc9mXdZVBnpX8EGU7JWVMEG0rOA2AtWzk0LzFKMIYwA0E+UjhoSDMe5EJ15+AeO4zzmIiJghIQqgzLpxb16PodDU4py+SRbh/NyvhsuI3TMlPyduDvXGyteCqagq77yGAk1hTtlU4Q4fZ266Oe+zcTCx/vB4t4FXDzTIa6GYRSRYcdhmPl37m/TJ0qHcPPPP+tGdBCQtrDWnFbflsFu+KrbJqcGSMDD8JQMyC8OISc1mjzsFiB4N6p1mI5sYaTD1wlNys2OdEsbfox7Er3NPw2uNOu2BmoF62gmx82RbGJbOxzd+D0SXtp0S77Ra5xAvZMW9WHqPaq6G9bK34orknv/D08GE8afdh5XjOkdtzMAKWK4RwKZVYiMUx+Dp25lgK0QupGpvViYX4dFckZi4/dQy/hM4DHhSyNtuA4dH5u9fkLQ01jDcx6md49qZGjTsALLz7UKWZvkErVrV3XkCo2Bbc9EFKU20HmdfqCQTSALMzDcl0cPGPzUq62qmV8mOiD2uBpwM+qvqGyQpaARuf+MRCPeFW3t9pK3/5AqT0uUPXIwDHEadrdVs1Bdc8yeSzP+AkuLmwvDeUbxI1qdFknFPGOp6MIT0pvX/ygAdRjMAH92xvnzAvvaegpjKVxJnXg9dq6K7tbTU3Zmpi05hmmQEJl1EAmodPi2yEpXD2fA+xtCNMSBiV/KwOjzol5kDqUzdXLGSMh918HJ2d5OjpKRH3PUmmv+ItSnOcI7znrQsk/BzWblv11QPL9QerDEDZDoHanfnmd4lEOTuzibeT5bY78eoj6vlM6lLGEmy9YLrL0+nyJttt9egrWHhUyNU8fNKvJynMU7d6+jJJ1Oshp5zfNMSza+CB31ce6agso7usxlixV5YYXh8uA2nyW++ziPGHTexky88pcGjpNqayMmFFjTDLYwjGoYwl9Jk6ikTOMFlkAluQ8EPTRriSgFGG7uolotTd85f3vGbL1fcRk2Zu/cYWMKY7YqAV+qYG/xS02Kf984njnc1BBSR+eHHBpjra00P/2tNH1Y9RNVKyGYcUxoteLuHLTHGNGovwB0Fn3Yr6seRxiu35jszPN0Mq5/xZJj0dAVvEI6KO5xaZxPhEJVMQGa16WRLparuNwDnwczCT1+IEJCMb9ppfg/gEUufumY/LEmseRX5SY+M1L+36EW+ubSTrQiYP89RwsCcHWFVMKyp8WNa2jw+8EzCitx44HiaFHQdFH/SIs9FbE48cholbYcxYx2H196wDaczaDPOj5NGtu35G4QlANGn/T117/5TnGMbv7/MyDW0R/uGUQ/5jnH8k8q+df//YiPpPzj8K+qvz789r//HOP+Qvzr9n0ud3axBIT/qkKm7ZB7nFtNXZDXBubILC0Le3pr9xyN8YSOiSeamzuUim7PW9JPyfOwn/fTfgX71+/75j8K9uwHkDzOl4393BWbKBxCeLpeGxZhdUJ7IDZfywaWiO5ieO6id+az3ZpjfMrnP0lb+zWpHzTyw7g+Uql14rVSIFnxh5QX9+z99dl0PqVvBQrXPMrvD6+X3V7DsJj9ly1TVF8E5psLeCvl7mdezPyBkUyaaVFrrLC4h9MZVxYofR6JDBMajWCIh+2ZDCM5XuPStd0E+DwzD9eiLfa7d690/lbzqYw2h18P5P5RRIa6rLaJ7f8t96LpX/N/ft/6ocd9fTDbUixZ+bFdNKrcN6U51O+6y169+l/zA5DL7bANmXgGuNfpq8fT/rfjWAdn29n43dzzpB3XqNwfalgDYfWvNEvzR57Z9lDt1l/qzvuOtD/6WMcL8y8L4aTXYYoL3nn/UJ6F3++pdnZ/9ShvtHfVB4j1X87ub0HqcceX1yyf+ftumud7/rwcF9WsPgxq0I655y06nDoM67j/f78z3OwnnTeI9V9dNmT79foKwPaED084eGu88xoxEAHcg9trveZF86Ta+9QDtuGlGDf54/bfbPe3zu36v7d2H/aev9vEa/x1TAf+rw79+7+zn2qt80futwQX/cZWsMN3n/ArT90B8A2qtv2esJ/dDM/NTLYafetH9eO4yr/SnHt4gh/tM86PMhiZxOqQELVmsDe3ozlUkilHBse89wA7TmpuTuk3ukXUCBgt6tuSmtIP26W9sIoLXQHxQixqXcvaGc/2hNo3572OQFFMzi+3XPpgw2ePsArdbAjL1ngulixz2zLhP0qnv3Ku/fq6dajbuM+W3lczUuBrlnEnbfd/dmtd8jAD7jNhilmw7jen5HRQetv6rvSgEzCLzfNN899rxpvmddY3/r071v7576eZfnf0bu37b1f212fXtzyfpgjj2ojqO4S990G3NK9USOT8bBZx4e3d2fXf4Obq7htDcX+enfhrnpaHf9O9J3uz3ANUC/CNC3v+5Zblz+n21GdR7QL/z0B6Dd18GsxkFb7naCPgWrELtHHbvH5S7HfEfeAOV++uaPsmBmtMfd3urb5zVYTS/+Sw9f4ea3nxUw2/Y/y+nf2fut6/yugBpwHDAjlbsuHf1ZLWCV3nPjpw8v47ty7xnP3+Ms7KCvUcP7zpGbU/iw/n2mfv/eYsbPPYjpgRWo3Cu/xe4Z+zPH+Ar51nmCcWHwn2cymHHFP/d71f4dyxq7uUWF/9x/twOMa6Pc86j6o87s5nz+z7VGuWkCbcGQu1/PnzozxACr+K7T4Bn0jzrv+fhEf+5X9i/XasCcthHjbinof9Oz/7i/gn7uv+u/WviP+0EGA/Tn9ydketk/PX8HY3yYHnP9rIcK1r048TzlX1Z5o/z0q6ejYHXf8wS+1x6Y3/u/rDOWB1wZcJt/cGX3y2H+KCsc/8I1hB+O+1P2uNsPAVoU0Nc/8wr/mYP+da+p6qcNoL4/y/2DtuSfpCGaSB0Uu8pm1c+mkATS+pG0wGTxn3LkBI3+m6grCP/3jpyg/53AK/o/LfAK/c368Zv142+/WT9+s378Zv34zfrxm/Xjv+nOlV9afmn5zfrxm/XjN+vHb9aP36wfv1k/fmn5zfrxm/XjN+vHb9aP36wf/3/l5r+0/NLym/XjN+vHb9aP36wfv1k/EIT6L5f1A/tv6nx+Lcvn7ow/gjv7YvkMdb/8Pc/+RwZ244hpNwBeu3/+ng39AkbsHuZPNyQ5SAeAQDBgHBBQGIqu/TsMIdiBEuj/AE7s/6BIA+Rfh3gSfw3xpP+dEE8U/h8U/n8+2Jj299Iv7ZRBjxle5XrL9Prvfw00eJx3i/rhv8eQ/+/FG3y/Pv6IN2D0K2ub79KODNeBFGaasYz4hgE7ve3DLIgyaPaNeto+uKhmwivObj1Zq29cw2E1k0w1Givgt2cuBM9cNLa4d24WpXaMzL6SEIe0N97lHANpILIsdORQvMsrivATf/AqyBxSS/b4bkQt965bVkG3+UC0KUHrk+uRMMHs8ywI34fmDCIl6tOJqT0qraZe09Eag88pHdCK5b7mMVEQRdbHD4PXP6y7VF3T+txrmS8zXT7O2dEqmC8gTI8sM+4s7C2OpRhpwFJAv3olPY6RujVAFFjW/0Pedy3LiuxQfs28480jFLagcIV/w3tvCvj6Idnndsw/TEdHtNn7VCWZ0tJaklKQH+zgni6N/y/+KtTZB7GIaU8owFec/svmUtVno6UoVI0NwXLq9fyu0JqdhMZGE+KDahScdNkJd6KYWs2KvihhRHuKusSEBHbVzGnykznTQOe00257SpQTf9NVQIpvc9TgV0qVucp8U7ugXa1eEcFe6JSXQCgPoWxNE94OsxNE8u9zHqw8FJ2vptPt1mWuscdextERXSqU0UEc5mnfUAMHquS6/6xXfjXDJ9yZ2gVnjYwL1qgKGAcyz5gvnmvpARt6fvXmd+Ne986oIfVHs919+FjXvlWGTvVx2f6cZ9FuVz7ydxv1dA8Q5RAA6ma7BaMFufA793vWeXz6OQG/uMWrXNcZo9thSukG8/yYqXi9JFU89qNvGadsVekiBgoaUfn8mOccTm1/LurNQgvXQrcSO6ghnM2/E/sOHsiloe5qHuHFfZLUMOpKR/MqeFQGywiaCfRBTqJvmeIPQyQy78+kecarUYPS4q/hDWXZpr/C//talg+1T42uh5QGcKAgusOSI/bXh8SYYx+DtFH43RgPFBhSUaoeFGBKuYvmaBM1l35Xur4a2ftlvHj+OQDhC54cge/NlrSQen/tdc9wKVP+rUaOXgm9sNsSzIrXXiiz4tO/byyXL4A3KjnOFdcMwfw7J9koM0H1s5czfNFu+Fv6Sxw1cIfHxjXpWN0JQzvs+QnHeuVm6LBtpWfQ17PDc48ps0wVzfImpSH0/pYikjj934rYcqhicCH5E3UKwr//35VCoAiIjFur2PJ5phf1b1HcK3jbqYN+NReVz0V+Sa8/ey0/0iDVq4P6TffOTui/34e0eJaicd9ZxX5qVuY/r/iQvsr2hS+hUTnurAxaM1hQEiuDRHkWIkpDJ+Sxt8KzTaf3jiqgSefX/Fvo68bradmRLp5/VgNtJwtMX/79+/yFTXJyikj823CePYY0aFBi/vuptfbkNMX3T9UNO/lnq8x3oRgZIWkf2D+RD0Z29H9W8W4MhIzW+ScM2UG6//3/dVDr+Wa7wRf+dI+Ukxjqj1J+3t0tGEBJbJx+8OKnOt/ou6xI7O/f/mPxbEhQDc/ygkePymZM1lT2pCPuODGAe3r3Yz7mxQySPZE5qE7VpEiamqevLxZjn89iXzTlxOEG+tz8WnUqC1ybia/t8zxXoRRBmCfS1gWACs2lIdUGMKINxr1/zyEk2mHTDBpykkRl8fWfB94IiOVkVFZXJ8q4j1f/1ql9B8bdI+TNCX0eAS+9sOwvmrC3qq1Ig+bh0JfuDz779wIyoZJf/Nkqy8DDdZmjt3+CYa+xHbSiPV/HlZr6tGDV+PSr07lT5SAIgWLohr8rPIwhzvVkieRM8kd1btiTBXx+8jpur4Rzv+cdcMtbEDwbr45IWDL2WRfHH1kV5sS5mcFC1X2icb9ndxmstkJ6gxNF3Y3ovUEvUXdQ8K3/fs4U8RDXaHTMUKWoGII7AsH9zt/n+V5UeeZJ3b+u/N4Vqug6CS6Oan+oATGDgJMRGlkbXImKs4OZAcf3+bMc4yln9kE+4DRAw47W3PbOfVL6q2WLZRkoml+K7bZEvVYcQMbk+ca9eHCRmXOhTPi2LyDlVqM4SW+v2mNQ2kRBoJNERdoMWy2XFHQFCq/vceXdS+3gMMDrHZ8fO+ROPJPOKl8tYKuJFg1nxonnNbbKcbA5ZlyZIM4fg2AnBNL1Z3RC0Xbk+2Ovnd3NNHydUK/FFy1E+1XAqjLnVf7nwbYPbcQI/N5cn5vyDsuhOS8iHrhzWuVa5gVbnu42hBYYPXVqYgZ4jm350nWOYfiD23qt47he/sPEBpwFJ483sHPEWyTEjA1tYo4CEzlsJZ+WIgQ+rhia4popaKpcI3p8XZwm3SCqEzVIVnsbqa7JrlJf9JiJcU0rIvqYN+iCk5Y5yDsl7YfCsc9r2lXciE7rwdQ52QXa9iLB8MdeCcfXCYtIjLg+MYya3eIicjvD/emdt9oi1O+4+qdSIqfbrqDuqeRxYhaeMCrSZqrWB6Iat5A4k/zT4YRfgYEKIQiNWgLhKQfyF/4Shxkd+vnHs4pL0jEtn6qOkmZb3Sbf1NvbCHS1L65b5YIC/v5gG190cF66o1/nY7VmdIJqL0FZr2wPup5uHaJ8E/QHjk+hKWAxM4hhbiVY9RUrPEpRyPtgWD6W78I4RlUkRTw28voGLi4ddMS9c7120zWZxLXpFsRUWZLdyWEkPXcfpxB/nRpKNQtkuWhi3j6Uo7Z6n/5CIVIu9OqvVwifIqinsTeSAZzZWYbaubtSJ75ilxp5ejT0c3iMkpV/qdvnhrhTgy+GPx0P2sfZ0xjWNvSs64c/gVTC0lKU3C6bDkpf7J/fUTG4VY/XUszCSkIIe2W0N+NZYxPc/obcHbbtSZRIoAgZMe7OUGESHQO1qLxVRjdXaQBaSZCc6KnAKw98FPRf9tj4QIJYLDpiKCd6qQaH/A7hvQbH21MNLQD2KyTzpsdDFxcnHtMnhvSgp4B2kPEbd1qMry5pKyIvDi/454GN+EinsyUARt5/T4C5jC/nFaK/9YgDT+ZXshl9rxO3eDIvgMERkfVJyRN1WDlGNP8VYzAp7+joTGOMA1kBn+XYajQcUVM7fO8nZ18+uCLJsFWqZZls+CcJwbIvm8esV7KihQO45Zm50mRHmXgDTB2gSaQZHgGhjX/9JuE+Km/OEie5XYgPJ+i5ohmmWXAUj7Hg7huCYwvsI5jEx/bl9rb86GPdS7++JSlOrJPAtAwnFCre0QHwGBGQcX9Pfm915zOyv7ELRe39sHYq3vlNKoInbKPVOJLlHmDte5JGMtoVUf7Arpq/dQnCzXeyCll5+x/8ndebJdPbEG2EXWccMB6y/04PRwNBWq611pyk6R1fc/my4yNuskCKZvcIkLEBniSLunhWGdWEk3Ce5awhVOaVUq41KXyNaJkBluhr/U1DRvlK2AqILLlaFcnJBmHXEVF/77Cr9Bbt08jVDICx8gyo46YytYjKu4cl+7aCWFPNwk03KJNKTQntNENdzSPLA9iL4ouk4OI4+RNX+FyrGfJBdW5DxKjfhqTmjgcVz5+a8+WHOWcCTA0FxbMqKoVYvM/q9qZ2bjVE2btGVREUWHhnYLgTLlEOv7otysrjkAj14ZUnpzW0Q0v+H+NsOH/SY8j9Hsdb/wO1uaErMHUIpCQqgcVPBztPmqy2yFwuC/jMi+sJnI/WVOuMOFToPYF7gdgPyrIIVP5R4RMXGwIEJSDBXKxHHU9DJiRvenXGIBAKOdOCjvS2hL/iO9JysaTjbr5UoCdXDUlT9bav2SDT1kmwF23N9l0MUOlmNKV7b65XpD7Op9QZgxNPkG+CFzRa5fFPlulgA198jhFdvupL+71nunFOMKgmaSZ5cMKflnqf3YmypUoMCXzqW9neVbp/kEqdAgHsYqujBUQTyipTPZu2h3ydvx2BOXeXoy9l0MZb1QbPIwCt1U68h56F3yCX8/2LBzYZen9Q+GYgLe0O32W+71/kbeAWNGpCtAqrkJyFdwDWXxiP3rSPLo5elnaKX5AyjGd8iVtbELNpnTtUnpesgvaHhal2tDRbt39OtCJyq96nsixhlNje8f1nLP/tTq0K/Yvq2v+iOqSq9A2w1BRM7d5+AnnJ1RcNS8tLfVBDEuIsjd9gBNCNS5qOWgqXBlHyW1+nUW/RW8jg9qJNJFYk4B8m+M1QMKhmr7y4720RWFD6oeVzBrNcvmz2kGW5jsTezXVncxSQ4ZvTlR1rcNDhFy2ODlGhDez4V0POMrzE51P1iZbIsa1zbcjn2FR7r4UhO7MfhlrEMr/slfK7mag7Il9C8mVvmPAAX9y12gRMQKpozbk6e+3YO1y/a+L1abLFZVSSkvDeJqHudNqj331nATwIXqf3RY38x0Y+e6PrKGJSfzMNQBMX0t/OThR99E1Popr9MHIea7wlc5rrlML1qUrE8eXILR+XOpa++fx9RrWmfsl7n7nXdewO1APRtSLr2qplGPkCSY1AwzRkWL6uTd9IQaNrl/YOG9ZAQi/+3I7755LW3ge7TOiz37hgO3/yfox+U2g+7N8feh/5LJJ9t/nY2vVH1BWK5qUoh+zeMMy1vb18KRbbZJ1msAN0/tARISkq2iBw3VozwXnYKr6aWsNogNBx0+9g4vSqTV8Jmx4knYbg821n7/AVcjKisEJe4odkQLtJ11rErwMkmWY4H96MpV05zgMIcnQNDcfphL99UEs0VUw7M9la3zrVlxNfBxB5zWcblX5+EevtYwQGabugSPu9VjgSOIFAgWK4vqDdMdCrXAc49l38DD7xs1aJG40Satc7Qz79+nkOfMhw2CX9z0A0YFHy2r3x3vB0xYLsYx02LsmG1+YEywSLl46F6c2rQaEQRipfx7KywJEpPkBOJZkpCJSObs+9MaIRENjrYEr+uMfDkrTlwGvF21wlfbJyBCmTacY58PEtjF3I/Yl3nknSEL6jlg1mC7N0aJEzOAAZIf1ZDqLC8nnkaKlmBGmC9wRs52RwmO8P81NTLiAIaID9aoJPc8yLhojiwyNEsdWBlMEF3TJQH1kVUt0WegN/kq0O46HE8idaEh9McR33CpAQ+TgLl1smY1SIH/Cj74jGYS3Co3VR9M0M6a2Ec6nVj0vOBspuaQ3sPgV/OwfNNah2xyaJQcZT0N73f7idfoGdyyHmaak8s2FvzpRkSaInqAoglfbm+szK2ky5VlHLh7V/47buZQ5dPCNEp6/VT6rDf44no7+2oqrq2NUgbj59lt/745UdgTEXyAOtOXmLHDEdyB789peN80NZAJ0qtiBsDoqAgGCczhhrmQ0x1MArQRTidBOfsmqrup+T30LaTicocQaVPnP/wh0F2jsPqVLfITVMnUU6rCVIOCKbQovWEcbbaXEBxPeXLUG9wUutH5NKlMLOnNbVKSFZHd8RpzjzY4BlShiwcMk8/ZbO3kDkP2ZHf02xkYBC7F7/0+rO+aGzFt6WhlWapmYbvXlQFZ9PZsRbsly7+XbUWx1EkYSTIjrokGHL3vfzQXQyKcmvQFt2L2dO2i8QP/x4YToSOwCrk38p8LCmVOtS3xZWNCMSYhht1P5ccRNyEWnxZpA4kDlSHeN2D95tPt487Eyi1GVxzg5pIlt62MQDrGlTS33FmtRX89yIqiHj6MekyvugGJl8qQvS0AatYOT+iZObjCVxRewmsb+Lh0GDsEO7SQ1wbF791sHg7LiURfrCiER9J6VNeTJRTgQodnJ27g8u6ESKpXi29e9Vu4GhyzscgQy7K8AJ6mY2iFO69PvDP8KHMMx3kW6C2bWgbB32+8JdAxtMgX2jBCtIn5x+JgmX70BRq2vH17qyP1NJ56gcoFe8D+OUiHvo4qCDgTcMNCQ40C+sOmRfnu3sT3R5sJtVv92Y0z7lhSL0cEeBASPLTwqQMRSS1r0+9JcWJISkrpuI0sdW8caMAfkCIz9U61R+nc8A5HL9scIz8a0KMnrABYzFD59bb5fL6dsSUcH/ou/bGE/51pbZtd77fgtKcolR9AJypgxiO5G7ESlGGWtSYs5/NPkMfo1L9Bj7lrAAJUHl6Qd6QF6gKD0UGxga+C2pdHG8MjOcSqOKeJBvamoVt6wVjsuAr3D4RF+aVAmDxeVA+3boq7ssM6NCqe7lIW6T0QZ56WoepTdBdcBe0a7zDkmEFrg2N8OQ49tFx0fwrjMQDzJIVnQHJzV0vET1vGYwfgl89KEorsm+mzK8TvkFfvNT08ItnAFmGx7va4PqPlkI9/jcZ25boJDGetMrdSMpCbLg+sFR0v7CXuj9An5bAZxjt4PMRoD1dY5NfNPWUyrHHJ8R4E4XCy7MPZiIt9KuqdjwZh6mxz47ZbyLJbuCa8wFHlOJBelgHauT47lDsMAlNVdRT1KvWclvWRcuxPzq1M99GPn1MW4N5GQR6nAGYYn9kUCKVXUg2/3d9loMjBz8u1+4jMkyN7kq8SEAgAw64G6KQ3M/NBCzAGrJac0/Yf/ykMQ5NxzflmBZ63r7lLgyFYeSeLUgzDQrk8W4sqQ3ffe4RUMj/+q7/ESON0zN6V5d2iCDjKFFmtwpSp71E19jAk/rQBjtesmhGhkgMkQe8gmWsdz0tT8Zf8wDxQHG5NBxzHxAc0aBKXGn7C6Zy1PORi7I+LA3VACNH1vENVxpru2LWwGoja4c080f/IuzufrpJ6WZz9jzKwX5QGw5m37gEanBJ9ZXCeLc2mtZXl/icmHn2pats6Fo9b+G9vMb52eVRoeqZ+xYODbDAmJAiWSXuYkaCILFda7a9VbenDRGwv915ltle2KgwYS+CvGaQI45W9QQ+BiFmHm8ap6kDyvUnReZrDYO7uptp01PkZa9KDhHNjFO7yAjDIaIwioteEsEAnPvhhbBUiOO0JIe4MimBLfF90nFnT3cjjD56/Yh0Nuv3pSYL6RSFmwRyBjbPW35YWZ9d7mrX036plXbJXzCwZN1k+c12i8kR1UE0QGJGKwQ7UhKodjvzcxdzdieLsnqlbO0ssskYdaDEg6OxvZJnQOf1miu8Xjg5KRFEjGcWva4DKid/2pIsd1lHG/VmCIvjw1t0t04yQiQ8uZXQlWBK68j2AAaFzxffJINwA/JeozFPaiklu0dSj+EFcyeZLmJQSrE12doPozedbWI6hBZQaSO+mo+0I9g+KeQr5LRjd4HQ7cBGYEtkZi87rZxpS/mJXZ2SWIvZsJAVLC57f32g1tQZzjI9/SaNTwttKn0a4z6rY5+wcUReM4KzPn8aYOLoNs+3myR/kJX4YYmTsaQWpcAicEOygaZgQc7eUPpX+4zMxJ3v7g9DOIoBBjaatngVIv4/Ysqr7PN7ITpJh/OkHjNnqS+2CiueFGv4y/jdKYBUCswfrv5goepJRkAFCQqjc1SkvXGv3EfrE+6XKvB4W0k8mXUrivinqLkrUw6QcgmsNc3l/Bcb7APE1qIsBM/GNl8qPFzTifbgBTOfMddAFahOqkEIPgEyAnYEayBf9ICLApWMkdu4UtraglOPOCfPXaMw8bbG14LmPrKUjd8lfQL8uTx74UtaMnVm7LPF6Bc2qT5t4pjQhX6ETWXMxT6iV4B1vUFfqXHIEczHmZMfiSRCvhUh+dXm02oEyvqCPOgIKi8EG7/BKm1tIpDLGeAJ1qVSr5er8Fop0Dr3MJqKw/U6NekEDOsUN9DRTYOTwnQHRo6SaQyM1f2FQTnC1VNYjx4HQxvEKhPD7q5CvjsO+X9Rtr0EpweGNJnOgf4hcSwr0Np1MhNuLEKJtoOnoVb8eaJhrm55+p74QGX1fREofGkyICa1YxzW39dhRXs8Zd76i9DuNhO4ADTNXD3qQnXP77QAnCWn1+cEkoKWTR0WKNFjkfQg9gU63TuS4jTVk80YVtrSzwyCNDyZuiXNYMDT8g3QejLe6nndDJxGrq4XSxDpET3m2NF81SSXyZoKVhzajQfiPqb8zFJbP3Vlt8nu91q5UAe4AAxFbCINkElQtGjQj2+3xfk3yLrBeMim/f9cQs+vTZZdl0Sjf6gCuhNEUY6OWvCFfErpssapJwH3zuqPkLWesB7OLXV2SFfNFF2R7ZWrYTsi8CdpwvbVMtU2+d1ac8LIGw5n5vR8vpJR2TNd5AgcW5Q/X7QPFnhpHptIgbDRhuk9jAxsL7FGnJNSHLQ0K0VXC+/psmhdXSJfLy0qGlmQ22EqRwPiaHo9rE96+IpDfaWfmt3I7s9X9VyF6SJIraVNjTGW/rXLVEH8VI8kOaq394WwUO3z6Gz3hwtzQ3UB7e6hOw3GK+TzTQGOOz02hVP0Td+w2EEbeXJjchbWCP51F8sAGcxc7wYjyTmqc/EupR39HxGhVLcIbjun8mLX0zTZQFWe+IOB/dv1RJTurOBf7voxLOt2cCB7/L4HUkY/XnrAFrQ9GLc8Zi/AaIEP37JfmSfhb4PvzcVtCW7VpGxGi7Bo+1whx6928OVusXo0nPX9Iqw7P2eqr6Bf148YK9dTxBcagbIxhWFzqTqJ/q+kN9U7uk4PCYi7ocb5bK1Ne+dGrfunWvu6ODYEhMzCd/noGZBwVA2p6BPw+WRVhP0Fkxkwd6uQPfOqqGgd46lp3Q1cWDawHsSmkkbkrO9MO+5QXLrxfDKOnrfVKH8JdHz7qIwcnGWvfJ5Vb18oc04aId8r03jBjrH08ckJcbdhnN0BslLEn+ZePPZVCxihHfdoVITgYymEMWGnCRPndi7jw30YwmfH0iVbWC44/oRLkkbMTL9roj0CYgJ2SzWEI4qXHdtz8kOJKPaJQPQwX6kSqEq5UWCcagCyK6LHrv1WRveGKTennbzbYVsNVKv5y52YA0GuwJr4A+bIg9oNq7zL0vZiwx8gi94/ImtxJyODAXz9hFCaNhdIRb67jfVNfEDLnaWALet3U0oH3cdXqZZ71ZO/r6Hcb+seMUxL2Lu0/WFYuWT5nwfc2+VJIdgxqzceuvT9IZ4Yhg5eJHX0A73SdNPgUnX8YJ/GwADEtI0uB5T/hu0GtuI/6u91rIapZtTXgFWvuEnFSnWLpZh8AYNcc73WDiYIETOr/dY0OqUw7RLg+CoY4C3MeZgNi4Stz5sq8aIhL/6GayNc3qVd1xANNHPYTHs6+7zN7jqcI9wHGdMa+3pXo0xUK5nnnerEJUOrKdN6HZv0qivMgikUhqqdIgfYNs7IL5KJKQy1QuJda+85KQjB4ekr9yC4OOPcIBYFheoFSIjSmsNH2qhwQCJc+nh9mQykECBZGS9vpxtlGYfpH9v646YyYxvEle+tKLWfgMJ1lbVJNdQpFCu+vo0XLHmrawo33uGqmeeE9l7qDPEvFoBAvdjga0kopW/rhbeR4jKjd5+iAYvEr+8EBCSF7fEp9wx3DeuOb7S3Bp/NPVommORP2aOisgaM3WehKBrpunM929CQeLNscJBYkw9lTO1dtbCENuABZU+OETSGffK96B9xkzXU4BPMFNRC9+efI02PUN0SDC6QFjlb6xT0E706dLV5tGCuKJPu+2de8J1ZezOBx/npdJPO+x9orlFqdDNs06JJZmAHHjG8syvTX9xj8Tz/vpKef7+JiQTxD+5cRk0v7kPDowNTugVEgmEOqy3ATXk3BErYaOFNp+yfDq2lGFg4Vf5+R7kFpS/ofRsqz7maCLMZqEO8hYzay/t6nqTi0maJqpr3tyV0i2yjnpWHjv3xfgiKYLdNKSoWHbM5hOSEJ4Sab5fwWJV+3QZJ3pI3QjFq7D0hhJpqclfv7bh86ypmoq81b4C7EF/V7b2k3+Ua7bgE7S5WMdVZfERibYwVyEjQJ3nbRTzdc24AGNaAL01l++jbSEkvxXRWBGFn1P4Otym5NQRmvI10PwzYTCeTJW2vCgSFHKvGC/UlK26nI/WQT5P/9Rv3o5Mr4o1k5SMunX82IA+amMnFY0vf5uo+La6THaohxJPbVPNRJ0O5jr18pduvemMspRyiWiB+VWWkpv6pTGu383VxubnMFzRWCB7WujOBnM2Tut5SDR9t3NTEZSW9M1X3uc4fr9Vasy2brJQyJzyPokbxiHNkdHH2dv7nCXvZ/MOajxPIcK3kf49EGjU/jRA7XSxYmvgpxW+YpFzU8rdSgwwWuUalsvbtBE04j4zbIJg0NBO1uYp906lf96WlFVod6s2yYb76AW18WZgkfS6xNFrETsSAPn6gPvz2mDMSOHmXCRDqGSkiv9FesWJAQKfyc5BHIb0c5fDrJ+JnYL51fyGRtQWsnZqMpwNw2BalyC0e5CA1DCgGZvUlYn5N8mNP2cjQXT8kQFMQn7ZZ7GWhbPXDzeAXNoPgovtJi9XSfI+lRIEXE5GA8rckhKsUwCqAp9337L5Np8bJYix9ZQrsv2CdngqeDQ1spsXx3teIZmbAvb64GUNbpt8nRXWYjsnv107fnxgBQvOHW0UKv6Si7vA17TtP6lKvDc9s8gam6CmNEDHfdSoEFscNB2X85IUskuxxeReGnw7q6MJ9PwCLicowdNvVdXWuPog027FYXXyK3XGBB1hnTFVXZqFYlFOa7NrtPX7bNqD9Lo5JN4r6YFY7pbNvyX1BGHoBdqvYMv9U9FnMBDKttL5z5d2SAt/Z6c4e+6vu7n+kBOR21UC3WXt2y+UFtiCfzGFLaYcUetF9NEIGiFq11Aa7NbIH1l1UjgzplNv8A4mw2R5gRYlNuZYAozB9iCX1hGi3B2NQ8ouo8dblngHZVhFMrW3K2mheUlgfw2BGSodirfChDMmCn6EhL5eKVizWl3BtG9nBLoBvAQSldYrw7QuQLwJNJNUZ0XAoC9b3eTU07TwciwJvVKrSHM6cvaoee/y6w5zKYRgPHSo+Wf8hSrerljjRO3s5wWwfKe3vHbSMOjoDWzcxYKBQIJSiAUScevAC6S5pvv8I9Ib3dCWG6mD5lpTJYL9YoQ1N/tDwxIw+P5RB1ZkJwhHpEtCwmamV7ZJzB8ynT6cUW2/6+0RpCNXAd640U7qHGIfskB8nLAp/pJZofKjfcj2zKMvmNdy46eNTMpH9cqBSA7UCRnfcuMlccb1LRKFHX6VvIEWidxnZXtB8xelkDdTzLf8HfIpqrMjSYAT1hXMq2SFbewHmM0dRNbCefoUgop3m/RriILzBqrMIzZNo+YMTqfI9pJbX/Q0sHnpyzj2PjF7Ythv6BMURJHfVpr5OGgf4Ko66YremLvfcyFoHGBPBhxOsqydCIkaZPsgwa1qKX0VeQWHEQFI+gv4jX1At8glw4O4DA+K7SlZIA9CvTI9CPJ9/dCtyz5THk6+usbHwBj8cRagIjKcvUh/QrA8Yt9Y8L9UDQndyL8tA4SQfXoq4YQD1ESHGSlI3OW17CiKwxtw6qHpu7YnRpISnTtdWYQnp8Ns5OPd6LYeM4KRfLssFN0pcRhzu+E7o6EyBFEg8GV7UTvWukjAH2NDcr8+GFFucPf27A96c8xwwlBgY3jkqKU9nqMJjz0acAJsDDTYtCvOtdczXO6dcYdfrUKyQffp/nq98Q0xHXh3lQniV0cmPqUUyOacfTwvX1BsSP0X/k5Jzvx1QtYEm+TYt31mfRRcBDxNT95X+FFFvk2y0qw5m+Y2gSJf4aQcQB0LUEmD+2aV1me8v9ZH1mEpM/xxxujEzOwhVrKCOpmz6Ss8xvOv1V8ynZZsaK/Y+4sisbl23zKtFzvZSnguGwpI6mfgu6GUIPn8QR24WwhM/G00A0RAYZna0CfvBYgvdIp4K5/E7rNdilLfHPYLncV7ZzLUCXZYKDvz1qUu7b/R/Po2kmyDPTBQiE6npTa8ilgK3TXvM6hCC9Y5YWlQcbdICdaNLrgqdPoIOB1wE4tdVPw1bo6CahUVmfpqmQlRhHqWfTsfBeWu0RZggoIEu6lZeAQBNVmj4vYg2U5MjF/yGev+tQ4y6i8JHf9FcY+JaXprufB+ys1LdF/H8RbhfS7oWYee9kEYjYzc0/4I8Zr1oxsS/QRSI9DhIx3ErT8drEl6m887Fx+yJnnEb0Hb27dVeB6IhbLcAonDzghisQbLtWj4dYywcsxPGZI5Vh3M97t3IX86PtbMeNzyx4SaUEVpWwuficrSrzZUUT6GJHXCVUrs7/JloxQhAWfE+JpPUvyFMGT5Ns4v4Mb1hGFSMaeMl+xzZQibtYJvTIUXjSovsOBsdNVpF09IfK6WaSCiTa1smfhRnzP2/QwDqPK2+RDZ/pl1X8Ynk0plrL4FmUCD+bFASt5CINRXBLntCbYnidBzzG08kNV83mDUic1FuwCgnrzbF6EQCjxhfMiF9hpZWLW5bfX8r9irud8rUEgBMu63xKoxN+FkVlxyjhIw5unm1cFxm9RCaUghJWO0G5r8vcNK/gsaTmRTFEQgHwWR0CC6W3ZNa4vEVGm3s1IYvubbfVQjzo66Mzkzy4wuXWxi2xv6jnJG4Bo5JDH9VdR9BEsUkRF0JJ4Tgbw+2EI6loGl6fiLRqrCpi3+tju4FCXPALEc8C5FPqnegHp4FHnrqhotJLbuTv89A8JVudcM6Mv7DROYZGk00cSgP+VD3agabxOKoY5CvowcK2Bz1mMzG2yaj6p6TZP013MVTTbhWaCfyvct/abhe80GSB6nuNmEEEafOsgc6BF4m9FNe83gPMHHvyrzQ2ILES+2g+ZswLdtG65U1kZqiBtLMfioERJrinqwZ1QYWqIgBeyxwM+VilG+abbHlckmbtoP+b4hGEV4y3HLE4IISCpcezaOsfrJ8sX55TeCbocFlcwR+l4VG9ji1eyvhhvee3yHpdDrdwpEGBCJYfYwAxukTzTkJmlpG03Z4U0THuJf83UG5DvZJb2ESdRMtBPutreRlyBJ8GpDP2TbE4tIKv/xlZMVaaeI64HfoVe94swF6kqf6yjhqJP+1jbM5QT+BUR0GveTAHwVoqf5wzfHWZE2DZ4aV+R3csSr21Jb8Trn/DpyesIV5JZ0taqimyBmO0rTohfnac+xVHhj0dNsDLOFRxSLyDNi9D5ALpFfB7v94o7Dvj5Oo+eMgpR4TmPvKKF/5Lsli70SBPuOsUfPiH+WVOb7GRRSU5ID4Wjwr/uGr6zDCtKvUPvN0hkNGn7yDYBZ/pf33AbEC8cvTmGOw70Y1L0dADwj6UC3zv1d2jWDQRS5wFiFHYEucNaUHJcDhO+5+JuOAJaA6RhNV1I2DXoTcTGfusgVfk2x0yMRj3Cja7iWMl+/aiLzRvrv855Ve3y4B/rK7gcXS3Yacw+hx+omFEz8wxhFr0gwIZIeL4hUcpElUTEypIfAAZ8w9+yQF5750JZP+J5x3N7wNdqI0QSL4Og3LVWYims8cwccgDVcXdoCYUjZD1s4SP2+FpR5ST5gCR6cxt8HQXmcqHJjl/UMnzOfZwJ+6fQ5yazRoAF18oyzdmylQMrFpdHSsLJb4fIfbvzG4IVzrJ5yrvceq9ZYyCxoGGs7mM2vyGIzkFF655hUzcitY/ZsvOEdSxi2Gu+HpJkDwvMgRQqlo14RWWbKgqLmF73DKxe45lOfAHDd2FSW16A5TmgsUw4aOx4ldxjoZ9LjHKUNjgkvkmJ8iin5gn0N4cl9ucU8zw4XPnT75Y0cPcojIUxfA1i8agOQfWoRruzvV2ptD5GCNKfSOnczbbhO9bYN6LltBM7asIlSggyxYng2eLcnEgk7l4BHL15xOiCM9cm1Q5oCibY12xCCcImy1e0xdSCqFuCLFez8wnhiDG/65VopchM2XCwZfOvBEC9BfV8NB3Ccr8ANpPcYSPX0Eokyd3glXm4SvO2nRII4bAuMVFo8uhPgEW46LLoH+rrZvvkSHTt3RiSc1Mpxaewh+AnOAdFQ43O6X8nOFBxv29DSocHmLtLRbk0X1Uptb0Ou8zQNJ6LKRGxLf0B0dluaU4K99hNdZQ3m5bJLPnoolnQ3n3zVML5aR3x9wRMAqS3RbmkybMHS+cGvX7GUwes+BcixtMNya+1Dki/SSAFSfiqGOWqd0exU9ey1rHT6TLO3/CKqDCTeyCaDEweu56+5WmuTDoOBVBg2ZKBvshlMjXGmxsaR/ku38qUrVQx9OmXDn/tryY6ghbdjGc8ZPJ1aEbF3pA3sx1x2fvsm+pjF0aaqbJLSQX/b4ksHMZ0uGYzcWsywDHC4Rgu+x5tKg023pMi04fO87f3dexVJuKIdsUSpiT6H29e6GSVD1NI7mtR+NuGGGLC4pu5vswIPBWixYeeZ4hlilfLjdeAdRcLHOCKLZtLuR7jgdIX4fTOqywKy9obDePpQlIBl2mYmYsPJxRypcU+3v1zcHO0+YR2MKOrzyEAjuiRRGa0yHXp1cBLN3g81naxs76ip/a5E/Do1/dzAyAXRzgm0NxvBCCPzBbzoZhfNy5i+FgH1NsKtXWdE21aVkYivganbH5JvroFJmjItvS2BH8+zW9bABqfWlKiPEg1HF6FH58LmjvYcN+Zja4ZrreMLDGc4Or+y5cpRQBoKJWryFT9SGtGBPtaO3mRw65YR12yxX53UrJtOZuFev9aD13sKvCiI5WpkHGXvuFCOvNcrSVPUtsRFUKlbfN4cCzcqZa8bw51TG8TxVW8q6sQ3RAuUh9s+YOXX+eIlWEmGO3rKXmomGOS9auUOXFp/qBt7EbMFNx/LBOhZaH5hMier16SECyssyAkXmk/K/OoBMATAHxGa+sEaF5kbMR4xeMpOxvE1QsYfKOiG6JYVlA8bWVcn9AFyVGy+X0PBMn1p/d0t/JYb9z4KmINmAwAeD1p5BKa94pXQhJ9zTgKK7FF/7A5dw6+U2/nqxsHnvs39N/HCaKLMgNixpQ6wVnad2+J2T8dkivoK6EI74iFd5TeHQAHs10YBoQqFdMOJ/2iY9UsbtICTSKPCWROCT2c8BEgQCn0cAUL22Acrm0m6KZwdo5w3HCvfjE8L0Jcp3Ho93whzMtkN7VW0sCUL8DvAY9njht/k5pYZiRhTz4fZ+1O80gCfEB8GEhoneqXV8OrLCe8FJOH3rKL39xcBifMlQtdHQRjP+71rfkeNnUYBW746HeGavRurztc55LhkwkPQ9+hhBvVhRB3OFuLWp8fTGdr9LCdxLDifwlVyWANPN1qQv+YlJahYftUAFEHaIJKhI66v7C380u9XgMbvnxKqbzfyJKSlYvjjHuQCXbLRDMKVPMWD9x234lmZOvBVhokCGgkI+O/HHNM4gVnJwt/f+vc8WFZbmM1rr8G4V5pUz13fYNR1Il+tzUh134+zHN3xxn/Byqfb51nT6X1an5vUG7TjlMcK7+cGLZ3D2gioUFlg6BbNcxFHVktkqgS6BuIbIvbKoU0IzbgYQYmVp3ykptPfRb0Y8XNHbbTnwrVp1xK8KkngdyHdl6fxVuB0wi47ckdjEfH3aEfE23rK0K+9RLv29RlJ7z6c1zSHEM+JnUjJHP5Yh0sLFaZ9+VZsZo481RUMnLwBCvAf7eNaNhyf16aCBvIptMg/evYtrZHpUermNpHyXi1tG3rE18shllwhnYl/Kb4umMT0BTVxfdCD9l3n6kkHDwNMw/2JZwZfWeYMTuWto2Q3qmYR1FL1k0dHYrcM3sr5Rf4gwNlyJdnEdZbR5kjX6x2B2e5CVOQJch49arSt4mIFSg0/5ufNvhp2118H7Bv92rGhmUCetS1tfYDE1erwGzeeBl0JLOKec7RwSACBIfzGtfNnilZPsfm9rB7jOICeeKeLMknGLuZ8VY4D/gcyEdPGYihs5JJeZ8cds8CN7tcMcR+0Po7pMOyV6KJx94k8IL3fvNbkjB0/oVjlUDkcDeKh0686L7tP2HtNwINSdKetKtIGCz2bPTpDLKTf1gH6mwTyQzQomqfAynsMXMBA5Xuv3i4IRfuWnZn1Z/82T8+oinngJGMl41acAywen5yO/JMyRmpscUuVANXdhPmJNZ7uPHRlduSsoU/yhJ1f5gcjmnerDpodjpwI3oYt3GcJdok8P43IikjuQiRys1iyiN8wWWDd9mMFFeUmHyW47zRHQknCmzJcJD5gRtLcp3ecN7slKzvGts7YW9IYYxwABAYzHBvtlbfBPPFTgywyOR16roY72gR2e0MxuPOiGjj/Ha97mvzrx2Kt/X2btfZddPDcm1hKOV+QDRJ+9NlpS3JvaHO4TZq8aDlNIT14TloAzf1TB22wfuRWaUcxAf93N+G1MxjbTb5BRJxMw1yFW2V4RAGEZMY5H8OBHMDA3Rgtv1Lvtb7WkfGmLkWg3SYisDVL7n16ryZrjx2gyyk3zEtUdTqlZconSnqmlZy75QTapbiTpDdIPXOTjR0wUNyzxlPVuGclrMx2aujbfgPZSbCjHjqN7uu6ox+78ZEOwfjOcBL2/Spi+kMnLl1HzJSmU3rVfexlzU3XqX+3alqMjxQeOVCIvLLdQSH6rGBeWm7x16LlcRC/aTyQJd70CsEpSDokgPlmwiY3B61ATHFs4rTKY5RjChKC4u8AWk/rdP0+1iAYPqiYD178E3Hj9qCb6UaSMDESVeUE/e3m5P038e95w0SUZkZtMhtCv2DcTtRf7uw66u9UFn7l+EWRDBJfcnAFTQWBW6olvx5UGHpk5/8g5orkeuIXqCHm0WF1LFMbCDirm+tICMFiO2pNFL5qj6iJRg0kxvil4Uzg4PTNFCZb7Ybh+pfpi73wWofqCJKHq0FdyfsaBQpaJWiiEMXwIh8YvczuINDb6zFO7xhrJRx1IUzGVEYxwHQENl63oYGntqwIcw6FdKih1RYtMrXOlkzawM/AW7VZKvqSm5wWE48ECzKGCMH6D8YYDK0WOTYJnK2ZtLE61HiTqjYP6NOdnQWFOWf2+eOnqjkfkbdEqsvJxFqBEhk+nL5SvNh8agKHGTrYK7kdoYdFs2ARZIz4TgHJCseFteNVkl/sOk0tbZA40dSL5CsNIMTsrzk/FtJTwgWCRSl6geaJHho0yPxoJKR7FKH/5poxYk5yV+ow6euz3xQl2Q+TqQVb+ABBPvYwWz/XAeKI/uLS/jsD6BPLiXbshBGaooORIEMS9QZZZwzM2Jp19SYqeQQgEPahOP2O7RTOlEEH7puxGTXpOpmvOs1ZzUcy22wex9T/hdUwor5pdAKNXVh1AZ9hcWCqrG4ywZRwmyEs6JDI8o0KtD/7H4ClXXs0ceoRd/xMCWxIRiLiNSpC950ZDJ9Zvgy837IpowWnkTVimDiVxGwBpXlbg4vuh1E5oZEcKSfT/hSZxq8KHtxwP6+I9e3rvVKmiOZYeQkv+0k5rT5fGQrjyxUs5YWPNEti2yvDy7j7a+nYG7Dcygd6HUL7mu6Y7YuzvK/MugSf7aObOzqGcBGUlGb9br1kH071YfjNKyUwEoxNXen3lSTls9x/ElnI7VLWytbfoOm5tR0Ctno73ST/GBh/mIhkGKJV8IiX5Z5w+6/7HXA2m8fDjYSRI0sKa4Wfd0p/DuDTLGpv2Ryu8Y+QX+r0ehoNM5qbdI3gMoOqPyTx1GQgWfJ+KxSRZC1niApSOZls7AjWO8e755H8DzTUHwcdjBNOf22SFtglaxjKAMdzHhhg1R6QBXiI45C/dYVEkqdKKQR6jBA1LQPFG+m8BYJZrQThaQRJuh9/okC+hDdlx5K+oMziakq2wRN6GfIXUYKPPRpr5JdwPSwkXpFPYEQpTdIG9/y9whEjvyn7GZe27j4IDxcZfP5CAvrFuLpekupE2HSpmOajKz9q3JxPdfHWq7cmE+pf+CUEO5nWWn2TrwnNb50gvKfLpGqKcvJIoIdSQdYwN5ArliDDIZMDezHczyneAGV4Bm0i+SNZIMp5pP/B0EYO4IftgNkLI3z5huUh1AvDfVxwXnKkczVvJTyY+84OLi8Z9m+5hROtWHhLYrGYhkgPGXE9OWpoBKP//VbTunYrIKihJC0rNVZRD0peply8xYLd2Yx0vooxCXTTCr+43plEPac7Kngj/QJX56RMoqnnPnV0Mxe5IdATY9cf+7wJOtT1LRcFHCBRFNupp8AhTDZvKf1RCE3OZS//9rm/jff/gJqyodUVSPPc8b0IGJUBNGP6jRmt8XUOUZzlEOb+q7jz45AxenFXktCXlFoV3ntegz3Xw3rYlEvHTXMHM9KhyviN3ccVqLVySJgABjmPNVXPnFhT+FrVm91Me9u+1maLtr28Ye/vhqg8rLeg+jEiqzLLQrl1xmJFuYKmMFERRqB+gdnroIUMjdObFMVEH3c+O/2iaORI2IGfn5T4dGj42qqotGYLibRXpL+DJ/t6NLrwLsHxCpQESStxU/QUv4yO8iq1fG5Q5VsH5C+sCE/3FI2/mNfvbVss0NVL5+jPXVo1XK6gHRJr+ps3Y1krwgVQrJenuKc5sB+b8dDeNW/h70VUXEIe2U+GTkk8mOaxSdX0abjRgHsO6EaPINLwvHQNcwMbrWJnu424BW1DAmLoKtaW3fiNF59jmFcKVBwMIQXx0jb8K/DDTF5qv783X7lKV8irY9d/rJVpNvuCRYt2nqGPzfGGaXsxBJd8hXfE5WwHsEp29oKLBG7b968wWCrd5HJJRJ9W2AmUaWih775gL6ogYRkZnpbuQ9JOl8T7m5dS6gT+gU5mxKc4e9EHEKbG5NOTJuwpObx9jvzxmsyFg4pNgMYkZ39lGnzjS9JdchnvJzH0zv/uUDyDZuCiukINB/Oqv2+EG3EISxLzBPlkt7T4hNbo8phpdmUlPQHRk6OQt8AyOKDdxBSLUY2OcEvrC3pUWQ7QapeGyiU2TTzoIJhbRDrYI+d3qpLBU0HTurcCmnzf+jZkhXITyI91MvvGJiuOrIyOfeNPeUlSskPElwHIXLimFRdM8EPT4XlDGDrtQ3efY25sYEsAsNYV70L0kn926lbbAGL4p7vI+TAFHzuVcctWpK0quYSDadp1pAAh9EmciJRNlX0AxCbePP3+SiFr9z6OcBrPdmSjMe5ue+ac9bxtcwpc8cm9Z5724Dwb35SOg4YkvLBjxF/dTafX28Bty+C8V9FdpVWeccehTbC4PGoRUYef0nrUYu8AY9dt6UsBRsBMRREOjKbfaipjB5tcoQm5fDG23exzZYbP13tw8ahNFm5RHT4PhmJjdvXq95VArwCNvpZ2sM226nbvNwYk4TsCTJsyqswgbh5UajWDRT/jW9LI7zWHe2IstC8QxnJtkgsdcoxTZNLPMWlfPhDB7FvWgkjlTOE7Ikrcx8Obh7KB8a5whPAVDwQUc2KL8wWAPlh10lCYWQn3iorX6PjbQ7jOac8OfaQnst/Jv7gIxowKH3wqGP8si94Al8/ZimEBLpJxGU3NLdnz6C/WNDm7ghI8S+QO/6lyCwl+rxHXbh2Fz2++h5YEcVdUrbx4ZIffVbk3nAnxQUpAUTEyESORe4jmx86Ylce0A4dhWAfIveetf5PZS/2tLX2+J7ZNhxwheNM0MIMYkSQYJfM4dpNDtbJNrS/sLFC0pxJkJshC0cLqcOyP/Z5k/tFR035vs9lkLHxHYe+mbLuXTlo44NyTmhdgTvtmlt+iXRGZhj9KtVPlyHgBofdGlj0DsU8ATV2gPwqlkcMYwiP2SPrBYh/ahfrLdEQdi6sAPENdNylz4JUDSS0d4jdkWH0n2fF2r8y4p0yLNvGK+30YocThpSMhxcLcOg2HhhTA1AlwB84KYvtY3yCurwhad3pqOb6WWx+Pnv2mw+H2xxEKtugaKQwkct4iSjfw4+9ohhzqmueff8mQ38DwjRbO0o29/rZ7NkxzRCZVX5LfnSxGVfxt0hGw+suMU6Pixufi7e8LFsm0LTUjRHW8/y9735XtqLJs2yW8+QThQXj/hxfeI6D1j9Sqc9twxhunthu7agklmWHmjAwjqiR3qR9auKTS7NMAwtDhYThBXUR3Q8c+Luxl4nABRxfpXXyX5AIgCNbfYFfKYaDXB2u7KnYWNHR4nk4sZYbqj3ZZh5dxY3wNfSKuWmwfxUMRh/ZxK3/rd0hbry/uWzAVh219NyltmxXelPNZyjnM8zq2tIEWdGyPxFyvt2mM5q+5wKLuejbSMr0p9P4e1dATCbZJAEu7bcrrSR9u9G/+ls5llsKAyFKbxtKvrN7ZWw3gFtp/FWN5jWb1gj9A0EGBkOITbVVfu7pB851qpZyStuUWOWoooD6MM7kcuQ3Q+4SRGk2aXtdAtv2njvMBxOyHj3UejA6TXJaR2MnF2w0YXgvXDy/GsaacvO6z3NeeNlf45hCJFKuptKmDJkEUKbBpmKVpU5udxPog+LX/orA8n9LpIRMSE7MlMY5jHgReOj3KGE1dOSFS69aYTTA7uQRUMagTWnGBiQjXgkMQiCyxI520wGYQRdBLj8/q0VQycxdW7gdskhtYi2McH2tAdbzRvRdJy98dLsL1qyKl36Mh9mk6W7UO5suY8tK+A+5BtG1zVF32HU0Zl5IY2IzIZTcXfenf9fwYJaGV6/XRO+Ytzb+EJOBDqb5upmp00q9rAgHac23XpErS3dsk9hEeUD5UDB/RLroP21KCR76TtnQTCdVIf0z7pN7MBXzCrL1Jy40ZjNpeOD5vmCgPfnjEb7ro1bI10usCt1i8VoiV5QAnGvba1JJ3X2UJeRtxrOFAFLsETR9Q9mcsmQ9jWKEUCfkytdkjj+gpv6nP21oeLt3dUYQ8mF0dVmNh51f3Gkk08pFn13hIgx8GCSDsd25bATloyk9B6Ld+CYuKamLTfN+Vef5oyauqS678jK3tXqADDS6+HmYP/+m5Mm3DiDeiiN1EMLVULKtGi8rLnPlCUxYA2eibWcIShU9K4wjas57cpBzLyrY3Wo6vF//Y3MWmS/3IZmXNvOctbv1BHmpfuUuFSgYFgsZZhH5QKXs9iO77qng0C2kG3jNsBVcJrwiFVNYnUDNfkvt5UH7pZISjKkgnCHx1kDE0aYuUDUDXYlY2FstchzZizM7tssAkrljUFEmoHgw+B9KDiDYHuP2PSXoRVqJdu3bXO/uKqacc4Zr6BKvERw0ySKwqLwk3NNh8IIIiCyrY7acf4ubdz96QJm57eIE/rBfBD2Z2HB82SBacL5ZjWfU2GQdsYyLmUBvEzqlIfhlql95cb1/pogFckZRYWnN7BZ/c8E6WM8b4kliBcU36vqG1oSyTN0MXvOlRZLsopuTL+fw6y6qT7kH41TAG6JjwBYV/SsAt4Udin+cK3AhmNk7TanpR2SP4lICohdCxOnMdPbRDPPIGGBerxZZvAuZDNDfGWSmG3kIGDLs4f60HuCnrBIpehAH0GhemhazHocc/eypPdhj3STNsV6TcKR0j0/L2gip/dPf55itSQ8qZFC2lWnMWUxYV2+CjHZjIM7hcEMw4G4dC2m60yBE+DJTLOjOJZiV07+SN9ju7m6q0HYAJKlqN7YIuDPk21Cg9JsD1KbOp30RZUnswxyed7T3Jb8fXsuaFIj+03wy7gnEPnkTC6rqhESfzYDPOPC+V5LFgTGmRCvYR8depCCpQv5aV2mTe3KGYHw+eYXhNmyBtsPNLwEIIl1KJwRZfV/w3YQzrNHiL1R1fAUhmF8hH2i5xkG64ADqNRSxDQknYLw2n5zL9pdKFh4wgwEKjcSHFHaOXuBVRqMSvO1U9hK5laQg33z4ZObIxpTj5HjWXJh5PLhD2TIdwf1UU6F4lUMQ8eiDiWP5ViZb5bZ4IJNBJl52uav6K7VZ8AYmu34T9Hcnd+STp6+6w4BeVq0a++SgjHvNg7C5CARtB3jqGHCh+5iG24Ze+ENG3uu3Gr/eHYJlKinFfipU5elRQdcvbh6MM/MBdfAprqCyZmfpYJkJ6tFmhHSOYEXXr8EPekZUAAN14U78qV38gO0PGVQqDQziA7XePngmQ13M3gEXlyseeP//N0JRPuQu64V+TkM9jbR4PRVAIRv5iOQTwanYTImQBRNZs6ROVn0MJc6K0/K4xx9kH6LJpg5y2w3Q/s8dma3iS5ifWDyzXr61VOvdt3Nf7VqrviBLml6MnnZ7w64cWKzrEHRPoWYcAsaNpizd7DGPwDssXjtjERxaAt7+00ghhydmgRxVqSGmK5XTeC512Tpbdb13X3dkyFHuOqaHfMhfnS3Sgiine8F8y+OGvkwHoaky/k2siu2xb2H2bjV/0IwtOTLTMaGspDyWc+CWZghZPotQ6A7CE6UdEfGREQnYwFzebYAaE2DXaTO7ExBACmBQ0Zm2qoJaw86dsnJMCV7k8nSon3OHNv9sOhMSTt+UwZ5iSGoAxeCPBLnU40wafJuTDwCI7X2NXoY5EYjbLUxBz3A4kIsn8QWi977gtWXyQAfZ8Orcf/hCD6Kz+YUSnDK+5GJVV9qIcmdh1Wff9Qc33O4kzjZ7tnngcPttc5Bh4BXTAtIXg47/OWj04RmN2lptQTvV3AUYSOQ+HF9SBpD8b3DGBU7LEbF+WIuadJdCLNNjntjQmKB8ij8uOFwu/F72kyzjmwLusQ5HWX3XhhCadkqaZIExzmM/3ZZWpDQixgu9yaz3L7QJYL01TPt/JIx0L4ej0gOgiKvLYUJniY15ePyxwCmLZV0F39z0E9JSr97lqiO2VBX9eNcWWWYXLgZ0EDBprLBqPBfuSLGH54Jary2PzxjdhC5YlaWpxEaD6P3mw3y8nby00NMg6WKtlg/Ao/4mVmXAtL99KWlpvQbp2wrWHvmrh3JePJscGzwc7YzsQXPowAovRr8oS4h9gD3xmgeJB5CLycNs4ptIhf5RTcoXI7mdUhcOBX0S6c/B0ut0ij4MvtU3mYkh2/Jd/fNQeQrxiFhZ4UjpxET/4Bqg7sSBJ1cRh0UDu9r0CN4ZJTWKSyfxeC1gSw+mgxww7uVT3qM0SB4YyBTtWQqiKProxvhIdLHV5nMCv4iO5XHRPE58i3n63NtNO5jMKPXwHy9hWALgFWDE+cktJavfQSY38g8vyCciH+Hc3I9mc9HDfxaGwsCmOeasf0g1isZXV+OBLEJ2OB8l/3ecGvVQee9/1fZzquAhT9+5Alio7V18hLwsL17liL3cycIbWBb2GwhgWpZxCSmrjmHe1G8eEPgi1orqmb9GOGoQgPUzE/4C5V6zzaMqNGO/1WGWyAPYPclISpa5FZYFLIZV5NA/fGVB8Ik49dkMTSqhNG6zyq44HiGbwLc0gsCfgueu6dx68Npx7I+aAhu+LyvDynqDMBLy73+a3nKmhCBpQnMb4IrAiAoH9qrXS4gOHNv4i53qpvgd+SFls05B6HjAJrteM3GgfnjkJIXBsrjfBE+vEpwxiosCcE/3oQIHrPt4E9dUQhzzvxpqtSn6sg56ytBnyYAH1Anmen8f8ObTnJZ+jnpRa5GHRox4e+pcF/CA3vXMfmJkaqzJfAbTNU4R/sMJ2vkVZFLqxSSY5oik30JJn0iDr7EiKM4s2ZqpB4GNK0SJ30HzXiIfIRidUy18q317IYB9cRsznP3V6zU1MrGnuByBCx4rEXqJ0/uZ1KfCPnGG9rSU7OmeWeUiFvZvfEYlt06BMxJeBheDBnPVOGaYcvQdKZahmo20F9RKAvG+Ndms2/XUPr/pLI2NJ0/3+1mvEaXwR7BufEi9m4Mn863jflcIHhv8ldE7HnGc5rk41R4Yg1AnTIGIlIuvkwDzvpLZBFIpwu3TwyxefggArbfyWC7blHtyXDvjtCxIKrRTdddk6F6Z8USIItXhoQlv6/kFeSq9gEFnhEQIczuDM0RAUDhogqdDkciJK4n4LxwbjyDrf7kYIKKbIgn0ds4ocqeh0UGHQ7Zn5Igv/4hdTWMDC4yoigHnJknss3AnSq2FVCg8Q3JAY9dYJQDmMfrbf5qapmX6nhcs3o4t1oqLkNtER9BYMHj4n1qU+rhL3wVXd+ZM6GSi2FvPRoq0I9liC3m+aBCz/AXqSFxNmRmEQ6O2pBKhu23cy9CcGuoEO0WMbWHR+2aeHy8bzZ7SU8OXJPx415eP85a1kRYVcXuG/nFojv+Q1mmspXl19m7hfZm1c7PfEYSOJgxluQslxwffUkxm4bhm5DChPY6TXMRi1y7V/AW8l1VakM/lnJoJxbfz3WmI9z8TvksOTXxatAxOH4Pv9XF5vlWO/dlnutrkJL2KIQbtWNnkd/nQnVKHycmzyFR20bhqfKbWwWCw6H/oqRkSM8TxrgDnBcawqd7ERvhZVuR1EntHKhPManJ6DbLBux9wFuJ/xlZ09GfS3VwAjfDow/XBWjRFKFXdBmRCrWtzxezW+brKufsQil4VQrw88kNKqGr8rDG4Mjskst+10AAAxiXMokbJ6HWB/BOVMVxvKHkgLstnZbQbOcbIwtNW4L18ZRP09CP7Xpr9q/M2vD8aX+7m7q2rqfpcDyeBlc9Q0IHBQmyr62fDMSzp52QqRtg9/Iy71K9pv0YjBVVqPGPybriatfKTpwxCWSSAjMF6hWL5jgOSyjihJTkhAbWcIbyYU5PqAX9kMlQ9rIEElgNC34Er5M/66iAjUh60U1c3qR4QmWjRkFCnZZtm59Ou5/qMUADAF0tc6liPcBg4JdYDyY9q8PxIsiHnoYz/ElbRKKbBp/m31x/3kadPscvqVIdlmfmNjbZtjZw/r5EdSJcw3Al1CjtcOnT75+FS03f2PxRpGqxNLk2rk6wFLkxEj7wKhyTYHPvxlXPZEXAodSh1R4TtPhwZUIRh89GTuji5cpopDCLwvmK9N8sNceVFoMmLM/fa4AsZngQNvfMbej3s++IhQRwT51JrhsgB5Lrj/4H03liQekKV5eN9cJfBjpyMN/MqU/QPrbS9jZGvq5tuA9JluEmTkpY3zuWcTAzF20S+W6Sn4eErM8BYhcIdfmEsr2ZG9rBdaPhvwHufcEGc+3SU4ut8g63Mg2e8XtKbB7WVJIxmDuqHDkct2M7J/rckSnmxW0qwBt+RvwCgEdWI/IB4cM6s0G5voWKhnF5puHpQfj7/q92Ze8OBTAWstqUoBXSkeUg3zYY3ZY3w0t1lc0wzvw6hOmWLAyCXMShNdU6f3l38xb7g6vNRRCjr4bp1+i+hj2M0VVsv7YEYbc4wVEGYXri5nftYGAjDyXtv8WWwwEloIIm8upDktgBxBVsrH9gWIlJFZXaYCP7u9qEBc+wExqF5KVcwUW/C4xUh9dH6H1LdxFHgmVQm/6HBMycQLQ4m7XAg73h89Oe8Dv6+Vt4aW1guUMr+P0+jiH7MHle93En1lOLy1oaJXQ8eBCh/mRR/qi4b6DDuzKS/Xr5uifNsKqWv4z064oTrncAs1D3tCJMYWf5NBkmIFGO7FwFFOu0DbRRhTTLYpoN8dd3llfNJ+0hyzWDkKz9jEdDnig5FxHw8eufZ5aCFU/Pq2PCvYNfL4paMa+ufL2zMajBTmCjI5J7W7YBQjX3L60oCZqlRTxlYDLdUErSKeNZpD+gWo79uy3f1wMOTKYZPNbNrDr8YeMETHrJTYUe/hADnEvUtSQZDZRq/yhBdaA3CldzqElrleVx5cQH0qO1kVZBrj9QZJ5Pa0PTR8gAm3NBsd/y5E8Ycm4CKFcjLDl7520Vn4mLQn9q2Z1hu9JFc6Y6bVXYxMVMd8buuruaE3xYrVmf9aUQMXmf4moEE8khah0Yk0Wd5piJIeW2DFPHQL+mqRnowKkjSpd607naeMSRUqWVANByp+dQP6ahNvj/lMbhof2DhPKtRHcHNEZXfZD4zocV6zYioxFnyQ9ZF2Bqr775miCfPs8SZI0lTaypRgszZsoV583zauS9xCYueEYhuGyVLMvAljFK4wHwHyEzjwjX3xwVJaoOYNpn6Z70UP8qeo5BI+5WsopmQPA13ZjmkHkRcQnsp7vHvgpuMfj3AUrx5p+24XMNDk57OiIlUSJgjTBvLMHetjyQWraBhMHh69mB6rJsd8sjQguI4E32z5hU8Vx323xh0ZKfeOUQvmUX9EsZ6oTEtdDEXKZS+3sVi13e9LjcS3tFO0vXWkv6xN+sLSRh/o36SCQ4ol5mflXNiaXzPo0Q5tmVqbDrqvxUIM2tSad5QixGEDfxG0VTSP8MMhPcfBZ8pzO2bcWJu2zy3ysuzReAku4KFga0sy3tq9vvR9gqv15jMaTn8Q7LHfD1ZB0/LhUBNhxSyhmY997wnQPEyPZv7C0+2F+pHnhwOECllcoE5AgVYf8CSLGtVqWxg4tAO6j6azVzC2yr/yJRCkUByZ9DmKL6NA6F+k3wVA+Yrcg1U2s995NMfq4vvLgwvBOx+v1y+KiO29LX7wFXXgIpcj3KKXG9w8oBgM8S/O6+76IW3RWBPCxQNSSMMvM2LafYVtH4bVIYqnXmKyFjo27pcMGdpoFYtlsTi3iVrKwxlZMsU2Ag940QVuWkuwz7r1NkMeAxCB2RoGLy9PmnZa8LbXJM9/XR7n8QqHtSu6whl/383MWwSxPiSZ/EY5/LPdbgTqh3ekGgI93CSBWp8TB98iFO9LAh3V81D5No74bBF8QSSNOT35oVW6rJaHy+1Ggd20kYN9MQyL6az0OqdFeZhAd7SuVClM0dlbFiX7+FhkN27g/O0g6pfi+Jmgc0pYEqYgMvNjZO12wkRfPoCgbDPGOejUf43KgzT6nmu4f/cWC0AUPvZ4Erf/LjdKgaKwq24f3xaCFkHObv0Sh2SL0dUmGo+SYB71OH5didnMZHzlhToOgUlAAeHHIojIG3gYD6btBGQq3ImoE9yUL85L1p5DWK4reQdmG1KoinSph5hw6hOUHrjOrwFHCS7f1ayygyqlmi5fPCunI0nsq4OXAJqUnMpe71AIrfceXRLz6h9AvrC/Dg1TPpEP0gohiQLJDuVjnBhkWpLKZsNarStoG221+t01XHv46135ixuAS6hYFgDw1n8xlPaG3wpZC3/5XDzgOtd/6kYfCecfyo3fxhdjvKQ5yh564Nzzg8imW7f0sMN4ulJPm/ZzKUfIhrPhZSr1aJmRWRMN70rtt0P09SiwqU9DEcNRvzHNGUvbwPmS26xvV2E8KL4laG26wciUyy/gmkj29nfqjj4fQxt5rDo765JkGf4WzwHZ30ie6EWITeZjM3nLx+akOxzyBWGvkSQfpuABt2ts6f7nQUHILoZq/AvyYQR481VYFTk+LiRGYSldAKZ1cY525t+u4r/Alhrsx5LHXyw3visO/aUUgiuIGXPPL8gWQdPfKM1vffRoMc6ry7KdMjPdSnQil+vs5ai/UV2mwZIXhm0nCbqMf9urMuPFTEeidi8gXYVL/yQpHsYHpYr3bFXnJntZkTmQybjaS9X2QRTDIwkD+wVicn4tgH5+K+cgtwV/+1fzegXFy8IevuV2tPPgX0lluIA9brS2+p+s14dc/6vMFbYhs2wkGL5v5uWAeEiLRxVFPDj+0AptzM6Hbd5qG2YYqqwzCyQepNo0VZV/pJPzTkqGOmdsGlJTXK/miZD8DBIm1KoLa8TmW4W/gasg+l1RnKy1s39I9F6phgwZV8FYJvM895d9agbfaQEJ/rzqxn82qqVWdZTDMv3VPWAO/xxRvr3VoC8MUwbSN6majYm4UHexQsyzRfGi780PgHSc73Y1+/LZMRTmvXw87imaMZR7DJmVyvyWbpafgVwohjGZUHmnjjNJB3YuHGbFpoPX66plI5asDq6XnlWANBC/d8MEbSPm3bk9XZy669eAzY7P68TZ/TYYSd3UFYZd8VsBW/MsJAE7HnQagp8vTvos83B0QirfEq/hnQAwJ/XQNAGEMW0hwLLZb3rK/b4vTpyra4PoiK8ibI9OxxMNNzlALBj7nN+Jbjwr+93xG9xjIorwIqnb3jAvytAH1GDf6jffoB3IAk7xxiDEVrTWyJ2TttVBiUX2GsMZ2397jlXt7sgyP341uk/xr4z9JpGsOlexVxM0nyUQocoR6rP+9YPyxndGIfBjpwGqkiss/3Anedw2+vgYRpEzQF1zAr2DgPiO0Ac87P2VVZAhxSYFFIW45Z2rzHcaP5BNJr8zccnwX5njLJv7iCQ3YNF2lO+YshB808kIMY4QAUtA8z6PfhhFEBpg+9f5+zhKZ4dKfyu7QtZDSbW8X8919eomeI4mcPfFMO2DY//y0IX+m6kx+s0/j/Qo9lHf9Jh8zdharT+UnnxZxeQO+rjklc/PlUE2IhrmCHn8MFZH4Bbp9HqlHF93WgcPHNr8Udep5v0ug6kB0aRfTBVv4VcJdfrOtc3nrH8OqIIntKGaaYfNu2TSLtxQU2aQ81ZCc3EPWUNGRqPdANyL2XET7bYsCSOLXunUVQ0HobyIVnIr6H4AX9X8RfiHSQ9JCMId+0vTv2jvc4mOqF2omQqg/2QaegpHLD+0JZupq/cZsXAP00jG3nyMbtN0toZ9oEdFuSBAU6VTSrsNBe0e+6pJJeGx+tm8DpNBfMw4dEAqMTnHA0lNo3ayBLW3cbtKx1we7h3789EVv/gbMSR4qxR+zLqwP7h0P/jbF4MmUIE5RNYLClfvQol2gbn6OoAXebSr5c2ZPGpiXz+bZuqxUTdE6gcq/WjyTGhJww6p93njXUgOpQEvuOvOgAZa/pSQXMH5LLeF4pxuxWYkO0PbWLgOHCPW9NfAqAAuxkdFkPNN8cKZP+BVYLglnGHZaD/hg5r6l4KOpfbXVcW3jdliIxOYFIO2s2UT6XLDwbQGs9B9xt1AfhYr97s+q0bSnCDbcrO/IW7AyMf+wAQK9P8hsy9Qi/jdl0V2kEraFKm3AKx9HARpgzei+lmBRS1eU/0QaM8FsAyfpV97wWhsHzJOuqhQLu3rQYUmO6UBzEtm6FM4KLoU2hH464V+DwrydX4FBa/dU43/y6MAtuk3YuX5ewd7S/w1qwkKmbzgiXoflXqh36EpvFBXkiEvHmg8A/U61mthBmXsnW8xqbtmqMq+UynY0Ry0HxI6hD2nZ8PD9Hq/2AE2YO0/75rsP10ACale/iveULgNwbfAeoH5GKPWR01BS9AGYxS+nxqCKR5w03OSmZ6NQLjiyHUPXBWIMELczAqvcn41jrEoWn882Ohiu1lfiGrGhjfoAuehJvwiQQ7NGpqp5HGdlEvjO4HtffJ85Ahj4h2n7PPnVCih6hiBCitgw2viqJGvEo6QNEMr2H52adnm4uSC2R3AEDZbKMu5nqPubcdo45MS36Z3NPvKBJWdnUVlMQLgeMnt24ABEsfh5zOcNPyu9QcpBewW7Jv+WBc0wca7We9G9jiD1TQsbCE65n4NALQixd6+IYQ+bH6gzJyVeGpvYaPOAQ4ht0j5T4wAP0yfeB5mji3nHS4wj/pK+IK/HtbXUlP+9uK8aGQCWynuXcfPPhZLsiuL7CUz21OX2nmrC5a2dPu+qH5d+3gRPz/p51qmp5xgdHBu/5LpERfkszT4epjgRmRV32a9Fbj20DIB/XXpJ+4EW4MYtjMyap9/dbklRAvp95XJG7yhg/kp7AMSyJTiH1ypxPiHwPZxxA8AoDaQxX4+DLDeZuw7PoDQZ/FS43YEQwSm2TiRbs7cDazNz/fswvYsWRx3b3u01Hutf88ax3Uc++VKWM95mOUXRcVfHzj5yMsJF4Ik8iG/cF/hshUUctkjtQTKRaz2IdyJSkrfRUOT+YEOuURnW0Qndbo2ev394iP+I2zeo21hSIBo1zE+bMt+lUoxAl+opbgv6vb5kX7zph675r0Mjn9Y24wV65TMaU6+avwkiKrtYJ0xiCm6Mxxky9Sn7JVgwhSRuijf7ooCKBZA6PWV/PqOyeKDLGxSA/Z39JLahVdTzDbr3MkLBPrp1EmLrI+2rhyzUAw1cYM3uH2Bm9ov/2ZqnqoC9N2EQ8Ahzl+vaeyRhkoJ8VHa9lml4E9TF+H8WWcKUYYvpA39jHykrmy1nGjs0rUnF+nZQv/VH8cF0Y8V1S11+nBda7hGVeoVL817BW4k6bcDjZ0RXrdDVfTF8lm5DbCPv1E89P2Ok/oV/LDuPa/39pwvz5yq7kvo4Da7Iz0wV65jLxyWrwbnW7MPiwzq1Xo7fBYGZPHMMO/B+2gSZ3hE8Fz3awIstwbI+VCSaFR3KZAVd6xZY3HvKU/ZdlhvrlLub1q+771b5KCewW0NAx3ZnnrSb/zXPmfiaS8lMd3v+gvhayjtt4FMv2C7B3smpGZkH1nsg9xeOXBhjiCK8BcJwXXtzBcfKJdgEw3hVusirEHAfrY/Uzwhe2gEuju901tuX3/JKbMG6+5CfRhm3AqCeqzJ6/AV5sHJWc/JfFvOySU0a+bmSYjuJFRPJxLbAEzXWH485oCbqsDfcz2AyrC/5Vfpy5YA0TYLwWDJTCuOlS6FUjY7Bz/zxlFDZYkzF03CGQy3fGDduwmcEFPH5wjvIBpjaz+8im17f0br2/BEQA6xHNpsVlLBpMfV/VQp6P+mv0o4Dj+COPzwFcdU7MPmaCF3liL87CDkYv5yAaVC4+807bN8eZUgVybjPDz1f5N9NP7zCDHA8kK8PoAmTEtDA1pAML+UfQHPmSyyk4orr+zxYcxnfXtbyJ7DY8VveS+4dJrzmMVbLQX0xcChQBzExv94wKprISlY35f8YOrQJYxmePmnQnLAmtPOHUkP2pCkueSaZNWRecaCdXLmQcoubQACy/rl1abNc6BLivEOdeHygxWjHezGSYhMfBOyyPy3/JJf0PwgHwE/UxRJoZ1FBHSUXNWnGZ6xWf7lsmq4D4J9o/yv+tUcORSvmMbDPzRykyDrvFBnrvP56jGh/CPpgtNbmWoGxBQ6j11Hy5PhZvjZSyjTJpv+kKHAii+ZqV/yq397YVTq60I/QOAGAYe6fMXZhixpVQgPUq5yFqyjNV0JlPI10wPewibkyO7hIcgwYkZJRKNg2QxvxdwKKg0zdDg4tB+OI/UFq//7JqHXdhz0HBje48YYjr/vzG/E3vfzkuXKkfDaEB9OvN9p76/spRovjCIDwSr+Ps/2BoaTymJxreuV0qGikyqyVnBWclUzctVbiL31dE0/n1X2V0Yfac4H7O+zfI1EuEPTUWmQ4GY/Db6azBM6akXFrrLPyp/VXyGZFMds4lPEUKs17mBxrmA5f9/P9fL7fungky2mNeXDB3nw+88/MQfGvzyU5/mgZRny7+fNVhfXV2ZV/13/Xy8yq7+XnfvORn6pz+//pu26SUlsaXyZUfSQZIXbdZvna/fTkcQCgiv2J4AYrvcVS4+EIx4yDGQan73zCOD8UK2PQRju0BsG/gOrbOAxMp/Y5HzYjBG5YvtiUp7nXgpDJwzzycWKYVJZ4ByWoWeG/eivD2O5MsjoZ/SeYz/s6/ONLFk4LIZRWu6cmBcLJZbMrpb1llsOHpmXAD3PYtfK02Wee/iXyEMqz7LvKgBjdJHoLfK8KrEfpgroR9N6yxRbRpbsianEk2W+tWUGFSOH9sgw4sVaUGWZScVErjVaPH+xEVQxXFw967DGTORfbAoxzOvh/onFVPn/3ul/7/S/d/r/4Z2UkGBR7CGj1beqns9zWJ5dS+pB5Ot+vovtX+C7YhxMsbcE3pv+ugJd15dlGjAfgl3sLyJBhoz9OrfhSvbAqgaEgswNwtDvW0UQmjwk6j0xgz0M1ZHOr9dL36Bm98JvxES9hZEju7sjhjfHlpZVy9SC+DlRkJqet4TY8v3Nfsm6w3jK8FyE9LCUDgNi/HxccLMo6J/3GqTZ+rPL6uTmNene2XxPGYg0fLrv63l3JAA8/dw7DR62Ur9SqeV/t7TsmI1fFRsTvjo/V0OaxKu8oedB13biD2PD86Ym9w+mnwSjgR4wzvvxJikt6ber9Wp5o62XSac5f6d6EVqMcJ/NkSjiy1fl/taaY0Xv/JuVD4phDzJndOaVZiST5TNu5CNGrvHLBc0w2N+TIHTTRNIW1mq02mwCcc/3wY5MAGq9adpCKWXEkeHO8ihtpBVcDYkVm4x+9JvXdISg5ZF/56x9HtJA9ZdkvhbteHjXHaje1s5prU1Uy8Ike5wRE4xNj9ElTJEO7plvtEapjtEcy4tB/Yt5+3tE02ASEUtcI5Ki5G8csHAoxuDmPNj8Rdre3tXOlZgNv24p5b0w6sPFwdQSeMzx4BgIqGkKnXbRU/suX4cR5je3EyDHscDyhTBUg1TzvQx+U9cPhq7bJX8YubIwfy511vA2uAv12cwI7AhnMe1HGq/XG50cpG4O6MHrMNWSzUjMmunBEEnNX6aSnQhnsNL+5i2IAiw9iftcUwhFSkoUqOY4Z0a4FwxrNvQ9zPQLirGPyYMIkHuQvTaEKQWuQbiKUWAhKgo2g/Pwt8GGJKaqI1J+RIjKLZvfR+E8S8rvw7XyWeiUnKJG2s4/1NQxucpSiwB2TjQZ5I4/XK/lnW6+ZjH/gkS2qWJTd4AMbx7GhDFhfPL5ghBk4TKpjBEUJizDcOv74f1L26R9jcguLz9fyMcEvPCz+3CAfrWv+Q0YQeBQCoHRQzBKFC5Cnd7CjkbKX64eR0ZYSBmPalsfgsZ+M9D/m3+9GGrLZ4zy/Wnrym1cOidv0fb4Jkwn6DfoyDAITongSfSVqEe3BqgaIBhvjLcdwMVJR/51gzje+oaFTl/uNbO3KvCKANdBoZZADIzC1L8anIUEgbtsYISBPnp95cBUmy/epIzRf+jN57zheuE7peGLfvTfjUKiEOdeunSmiu5bE3uGLoqvHmQaiuG0xTYi+i+Nn2ccjRXeSLwSePmWVzQF4bpjoNUU64ZeSs9fbotF3+L1OmENJxTz/eijgcc8yZZytAW1OpAwM/UArB71sY01wpsLCgIB81W8lRpJeaA+18g8TgPeiB3IBWfBObgCG/HjFQCxxvMuSM58699p2YWM99LgsvRHvDFpkI10jCUMA42LblOlanCtdcqny9/r273OUZmUT6iV7xo9xdzPSvVnmV4rtpKdc94O7ch3Mfbku+EKCJJmBzcDs0GVIQUz7Cul8Wnad0pRelN06zjEfNVmn8X/qjqE9CwwqsemjyNk7eMOOr+vpSyL6BiFIQHFpofr2FLkbu5hfgeNG/QVfczJCHfy1p0USXkVY625fycCrVN3/z2ZJT/Ykz5fHI3WlB655HCeE35NBJTdtVnvrV36Ii+kkrpR8L65Zt09kvXiYKLcSk3F42+iExsE/IjSimqswgE3WxgIASYeK4sOh6MOPZhJY4ZWBWLVMLWtwQrHjYmUobUXyZK88+/4a0TVILsmq5pFEMhn8JVDlvcDU3nGkj/B1ffHtHRIVp7PyrHaz954Qi2FyVqMqBqdrtBT2kEejV57eX1aIQCJwAPm4gPr+UjpJ+iZluOoJDOKuhg2dsPsNA2/B4N7dLr7hRi24g74Ed+6VlLapJJ9yKYd1UCExh1O5xhlxZDYitWDGUXgOMVL0ilTE7zRYzm8xPt84+l91STa3gLN6yC6pacTutuB7QZ1F2s4moweCKQ8eKVlXH9K3xvNgBS2RtpUVoYBBW0rEulhBt3HnQTCyZ0eE65q1YNccCC1Au/gt6ET+crig06wmoLxGnyC6+N8y0gUcT1YBtm6moze1Lis5Ws1JYstbME3DPLza3bHtjhoA8elLdYpiJzfICerXNQX57EYwXDO2K0WmSgk1e7x+3uU/qOKs4IStdh5hVFbuuDL6eFLITRRaR7QdbUAP5iMW7k4H1jKEo2pXukrOeuqSBESqZpBnfHFwl8zmeI1ITiUzRaCzGUBgusq/SsuEdEEb/TuCKaIJTysYzMh6BEhTkl3o3xdda5eINxiF5bfTe0Uf5ZzZLShD2DETQJQlGCU8B0gV2sfL8KSogRMTNgLPR1ifTLR/Bb26NYy84AjftLOhXdcNF0QBS4nrmjMXk8hLBiHmKh+AavtjndU+hSxzGaeZKT6wpTjg9P0ldBS3s0EvrnRuElbJp9NcFwK1kjgVlT0L3PeRX3h+OJ+lRHMglQ10T0x0q2FGwg877dvPZI1hlopYfWEwM/Bz/BLzcMgr0egOf1TnAKnfsTujPLsXC+bQoe59wqXQm1w/RPCA9muFL/nIIKSCp+b80EvkK2f0yF1HBKZIiIcFBM9J3fv3ZYsP76lWq9ixgchIBNzRnb/49LoIMsgpq+6tNtjngS3Ej6bXbnex23EyISVyYE52T3wryuQ8sNuS3k6agDNZhiNDWvfPuguwW9jnTyreakdcOjU2YAegoLO0MhvzrpwHIgVZDEjJb7TlCHI5c5rc3iv1ImXUUOY9TDLxfXSBiLfi7lD8CKiYAbEGR0+jwZiUAj3+KqVLn8Ktu63PSjmF7kn17l8eHj7Zc3Ma4y9igiZeJY2t6N3maVfr2SWE7z+jZZ5X9VmoqOPcOAqG7ZQQi7gmCOo/gj2JPTf5ns+mar1YyWjS0abcD23j+v3Fo04inugDhrfLJDKnHoFDfdhTp9FKFmcnVlx9cX7rh+vIe7z5yaxLRZfMYBYWyAdqhP44mmsNP3LtPezyXopXmzkBfy+IU9G9nT+xDFj2yz1frzzOYA3UcCbdEdf+E7ag3hn45gopz3n4SYPlN9hd8u+OMyiQAxobmjkRCVgnrjqenGyeRFVpvvsLuTDMh22tn1Tgw/Xh2PrDkfMve1XpXbIIxsdJlXqJISKG904ctMAK5Em1xxkLEabWHkHLsoP0TL1tKWYhJ8aWRN5INY8BXsa/k0m3bDOeoDixLohREm5SUt5VOOSJ80stXf3uIVYK8G8bBKPq0YOKCQ7NYfpqH5r5f2BKV+j7t/YCb8dSA+WeLB5lUx3rVla+A53GsDfCygQZR3PLNuNkWv+tytl/tGUgmDJR7nIWJ+D8nEcRiCbZbUy1seUsXqfu6Pjku5VwHlU8kMazG1EgqsOHQe5K5LQ9GY8PoBQNXdWD2VP8GD96h9sA4xkAX0gL6XCHHlVNKVWnJAWcUKIusmXIi5opmE0oT6kK33YYYqBXoqkJTfvxMf4hfIZVZxTbdQ/atq3XFMjhKqh35l5W/t6g0UsRHUpComtw8qCJ1jVCi+hwLT32ID0rgR62Gzow01I9K1Zv7iAAaUMKsr03HtWk0d+vqei/eXblfV+jSWRudDK76MvROsBQJEUMc/3B1AqwJHSLnoZPDw9fCSgLLmROUGLRXZJU2Ne3Hc7jR+QjFCgMjv43SjhbJt+QGkIIDR+59J7grIvxrNIDVNAJvDDO/nP9i3OSrbgQNWRz8LJ7U3cOowFSafIdi/HYuSR0i896jk9qxaKJoGXLbH6lylk5RUw8pn48SSkIfRZo7T4gB+9gl9SCVDxlKz6NhTkFiCyx9Eyn5da/5L6JqK9FSPFtqVm0FNlvGT3wLghYSaqXdFp674LEVVMeKwKfAx5BqTxH3UgGq/fe4CsrylZYcWIIxxMfmedLys2ZQR4O60FwqncNve3DKXogU/eLwNN6lHfq5AfW7gbmuvvjjg2qMKiGYd4XFSvb0od1quye8A26hGj80ieYyk+yDe2DRUQYeGYvwF5mhv0muqf8gW4d8fmfhDe5j/OkIJX7v2YE3/PpNwNgqm3pxSMIfrhdd1idRHXeha14S6J26TB0/gDLuv0ohNeiLSADq+zT+EJtqe/TGOHMCXcfTC+w8NqSW7XoAaPmjPypRRTjU8L7vBugBIZlX56N/SCafcJ9DcbNgxnGdhbrUU+FbkelL9yEAeKW35nAuVxIJpcUap4irtNUKrI+A/EJFv/R17TTQ4CIjsoeLbCvHijxCfaL58vKxjcetq/e72tepft6jXJQ9kUeEZgCc7cdYM1hxK/ysfScqSeSb4FuUQlssWWcrDV4SliboNpB8KOAbO40/MnkWgp6g0F0FS9ZjhX36ig3MLAJ9X7IR4GekwXWFrpkNAG44KJoiKtYssXXyl7KxrJTnTRFLfFrSXaO0JTeXEgdHL7IP1XCITIAcrCCoXA+4mNGyZR7v0CcvwpkBfq4vrL0Aruw2BX8st3EvAhno9+/uxdZm4pNas8TBrgYa8anhTOkdF6HuIs55CZ0jgWqVWky11A/utomQlHTEUD31OTgVuqZsuPnYN3HjzmR23wqFNwenMgEVyomWJT5IKjULPuqwTrbRXcqUCQJTBg8M1IwwQCJYIWgo1vhgW2hbkc8jrbrF98ZWNYu/eFuVi/YQB1b85Bb5sy8pj6ztMUcomZQEnNWRR6uJ0LkJAHXntDq5w74eqUk9YQ7ND79m+kAybe0RFmGMtCANKQsKCyZQRpraCyVxtWaJ4ftLvhINdiFurxXLPvUOEalrc+csSJZL5SeCc+KX7k057nc3hRn6twuakWglzjbsOHN8VJgkKX/3J+t78JqqZhnZ4Ft509AZOyIcqw7RBny1QsM/ZIpWMuQLTixDNAENs3ARMNWFKyTsylHVFO0dApeRI7lqkVhkEmPFOH2ID4BBM884IroX4ZKhCd2lSRzJ9gCI9X8gg3Tkzabm+l8e2njhsPjOBfDbPoI4hdLMl8+I9Jop3BPL4tE4SUwHGxP6tiV5TXfoZA3VzGgUwh4PiHyT20JymC6SbKB4/auR9DxbV0xIGncncoA8jn+yv9NnUXGu2AtLXNWqKpM9vvAsvDYoTHjKTPm++plRDUg5Kj4LOmkHZi9Vf9WJKLeoFQbI3/EUC0Z6emopDNsJZbX9bjzoP7qiVPukdvbsNqhmnGFbtHeorh7qMtERz5qSDc+Khh02ES68umR0jZkZhF3x3nKkWXbfMCuy3Y3vHxFrdjqPtDQLvu14uJMtl6K3pxT2I9gusJtFoRstFRypykIKB64YdxbUFyw4WYR//5y5iZgSQmbkWUXhKuw8/URVxpgknW6HHb1fO58xsP/CB9SMahF2gO4xe9+eCkBUCz6AlK8eQOylJoZJyC+zWBwxKk0jx4rNgg5ozhQSCPu14boz/kS4J9Zf7e37YGBdUf5njDEQbBRP2TtNfFTBsnrp4ePj5P5Nt12Zre5WYcwUQR7sSJYZ6HkQ9QeL9hLMIucNntYiaobwY9ENlczcZ5bwLevPvHm/exTechmLoKYULH7/HtJ/HX3ExGQ/CsNava3/hUR4yT1Gvjg79HcFX3GDeO+FUssMM7TXcMiTWD+2aVGltoiHMBrJ8np4R+u/RzMT9ydmW22tkW9IjXd4eabkKcLwqn1ttkfyuD4pvYZ8KIqkHHiRFyCTjv1htfGOz7LOgOyP3QfzkkWPIgK3x9ZG91QflOA4x7/TVlGrT4vz4iSlE8MMp9ZDHQp5gGqGSJuj5qgcXFcROi+wS+gx4+L4Sk0sKuGA0belig4dy2pXlJMZ2hGiiof9PkFlGCitEla+WD84bgdo19Tth1EYc02S5KnZyT2gHabnrpKfZvkmLUj9nr/ZIX7T5xgZ4+m/HrLkDihC7qKgkWgaCu5r3XNbOaXl+//OHTmzsdvpBL78D5FW8ZWk+O5yGSVBa5yK9MaTzp4/QU5bhYRXpMQNt1TX914yaFpbmsg4LQLwMbpC1bLQuOuMtjWPHUst+ckG1WI2LMkNJ9Lxk6FPFn28mAr3XKqrS2Rxfj+A2xBBUlhmJIbdjMj58lVnGJS5VUE6u8PUU12e0ilpteMxsy5TP0fFIk8Kjq/EO6QYbGY0yIIQm2KfxcukU1QlKxg0rHn652uk2vRi0YbXCWNuxR2WhPOhya0xxIdI1gOLbWVuhe+gcXqE1Vfqxwlx96T/VYYb8+vmaYS1e/RGCMuNZkHvr7nBleINB22gyxc7v7nJS6vZBk8XcjENUYxLKZL6MlMn7oMBi8oiDl+RZUlt4Cuu8DWcmtNaQGzuFSOAxD6zscoy+6g+deni+80IjmN/u8Ty3UlflDIVwqzjcCw2/U17UssOfGTQunnizjmAMdvk4W9HcT5EJiEs73b0pw3KteYipqn7WSSkaYxJk2zedF0gb3bGMr4nae0tFm8SdOHER8IrdpQb3wDQ0ibPGDrFJ9ba2CTh9ztBu+yTrM7xo83Deinwk9AtmgLbos3QXjrpTucDKmpDrjrlVyv3oxi5ETAGyGelmGuH49QhC0ygGRUZc0pI3omRngz2OAFQBBTO51+hulpg/S+6UmaXF0vXVZiEcwWJHdAwVPvBtAzfPNsIUvvjSPtGCB13/FvxrYYWFrB5SYogH0CaNAr76V+W6/USuBn6GP/DvMfb395wcj4+hXOKSUR/v2oK662zNMFfc001yeHfJmv6kL8jl7R4dik9elKmVqYkmwtiDEcWzgZw2/9eXUVT5+fOg+vxRRoXkswRuitWR7I1phP6c0mCCbG5+eZw01/8HFaESGcZkkEPtqxhYbjSB7H3lMVAGOY/JBqt8vF8lDsM/AAGp/kHNaVHOxrFyTilc98VsjtI9a8/A7oDiG+fRDN9GAeV/FI5Gz5fXZLOyFoWhYetfh5XQk1LIpdSL4g82zLCFx9YOrc3XCIDeXFZ+HCfy6UUo9mCHmtq/ePYUEIn3az/5W0OCgQF8YxsRVo3dHPSQwfuSgG1pSXXH5E+QOjsNWucSDSSxnhEzk1xPUbsozDJJOg+Y8Y5PNh0Sn1TtyCAy1MyUxPmmPay2hzgGBYVi3gauAkRFmFi5bOyxQno/H9DfD5+u1eZ7kg6oShfSciixVC0NhqmPweKih4m8yg+uFs7gfVf+bHXA6G3ye06OXv0L8z3Pe+qp/MUx7uGDoddxl+Ey3ZSO874agngawFV1ksSNkSQGbLknt/DIFX60p435SzBTsoJf/+UpfU6eumy4D5/raf7UF3tgHTJnhD5Rq6DjN1Rhc5rGDBQTBBsh29dHw2ed8BoklmPhoLCvouXrMOIS1UySdPaVIaYCSYqt1IOvtejOvQiDdS3UDAG7t9nnWPFXXkmer51LuWtiLOpJEPFU8pUso+3bK/ta+BVlD+dhdj3SzwVRsFXSqwBdtF3puGo6M4H9AQOJiTCX2g8CIyOeRv940DfNuG43C3x9pnylPnbUtnYhHF6aBonwk7L10GeqXBh8WNmQ+bTLKXomSoAfwPRLbnnwmQRHu7WM/EOUTpHG0LrdXWIzJFozwq97T/bemSY81tdD3WxIeaDL+cdN6zY+uvgR5QleWY3wWwG3y9/UFkCJwqg/KKfKATA6fdW0O9c3y4nWF+yzZ/U7Z8xM+COhnc3VlLZj0GOrarQVwZkwDRPjeuNB9XfgwFnayuO7hI3dqiq3Ck21kvUbv/HUxUBE3eIHgxflo+hanRkxuGF9R/6+462hyHjeiv8ZHu5jDURSzmDN5Y845SOSvN6H5dr22t8rliz01NTWCCJBE6H6vge5u9Ph7ctM86BCcjY1I8Q2VMPqRgjhKj2pjwA4RXouP4vHcNMDithjvsbLxorAXW3+Z5cO/9djabIpBGCXFmiIcgviWzMfaX68bc/jsaXizXmB9T+LYOGCPW7sJse36tCDkHZhLiF45W7gcOCG0/gwiUzKBmFGra5/kKX5nqPiduil601VU+8g3DKYhquOdC2xQhi5Z3HNRW25oH1WmSnrJd9uxt7xsSG0LWGwvV5OBow7zAid9a1/BoxADyrGR1AxYIDLnOkyBU/hDJDxNLLpbOsQPUu9J11Ag4iV+8DWBU5jJ7fKRuQK+gw7dg155ITurYi12P4+VfD1skKFCQe5rvpaBjUx/U3y6Xgf/41/vlhSXH9+3VEEdkuCvyyumrmFx6CbTYH1HSq+SyMdFXbaxv2okv0c0tvIZGERQ3mu+nmOM+dDHOZvzaYk8bB3rG3/MsN9DlAI8Kc5q9xUlwTpjtdjSOhekj4elwev6m7rzWg2JYed33j7JQRS5bzj+LkzMPIut61YtqoQnuGjhgrwBKw0Td4juaxJshQGQ1cTelOS2Az/DBlYsqgVYI7G3vXuhgyi04djlt75pBfZroSTypbmqZ5G+0JypI1M05ujWTM2PmvSTS+VnQ9uAmQd+Q2dzz76ActhTcnynY62LUh8zrxervs1ySJoBWxe3hpAzkUWN7EYPlQjgfkHc64PDreP4hrtfZgkjza22HPFiXHuP0Fs2REA2VDSpa9WmJfSNgbzB12sBsdTcfo9OsJLsWXhe21zpzbW7DVZ7mhQ/yB5cWe1XbxWnKTYSk8Oq5rBjsWtY+C4C+Rb45xvqYUz76CUddQQClkKMdeDReMMuCgoWmA1Gu3KhaX9mNgDEv6ZTEE1AkRepQs0tJ7/5OyNMYUQy7kaZpDlN1e4Zu5DevdJqKfZtAzle6GKmNnkLYkRzw0I3JT398QmsZlmLIvyifovGZ71+dlTKJgnPnxp+p4w6dvL3FGiXVPRgzt9GYy7osUVVnEIxEJlegK90DETKmBFDJbRPAql8Fm77nr/0BFuvnK/NFDYVt0sbJa3hOEKTGrmXb/NNtfDZbz7uR2eqP8XXEt+AdaqzCljvyKX4BqFlFHz8hPAaFzh9tyrrn5ykJLDhsGR+Wd631xfB/1SqwdqT56O1heSqfeTez31B/3WLbJBY1w/XCrS0VUha6PiYTeO+zLDeQ0U1LeJOXLGrq8Am29Gi70aP2EVfHx9i0hcLtdkY8kaFAfbp8mYBlDd3koS0PYQbeLlvjD6uMlt+Ps4An1MKyfCt726N0ma2yKXg+q/lZngmUxd77bpGNsjK2gwLrVBor201HgNB4zNw1M8IRuLbXr2ghSDwwoi6r/kFGQVYnSJse0okSk2scz+ye3CmXsmEu6zpEp5gXd/iXtodN+38ZN+mEWR7TiF/ot6PPJwVDwimasbcod67h3MEvEe++wOz+eePZxpC9H3VzQxWiO4lWx45F+wap9S6Q9rH7trtCj448Fx/frWDYu3uEzaeLQZNdgTf4/WwSadJ0Lt2QOO9zDgg8lI/Y4hfQcSjo6kLHuSjbrgB9WypJkeozVTc/95/oy6DyPvqo4gieq6OgZ83ooPLQmgSROZM/5vI7Y1BuQYPOVRC02NWuhcp9T0xhGoxKvqCTOrHAfZWEMF/MKTtaxkhkLbiFEObad/UxH6uYY6yt++ZoFjNs1JwtqB/v9XNGrf8nXfPGwF0WdHTDh7w+rBnQ32R00c+BWhJerMCjJcXVpZvTO3lbpbXsJdrvYTnAZUouprtZBejOZRPHz7nJUS4SZijbwozkyO8OrOTsZzJavbm+nOTYJEb/CpMWIzeM76kYNceuzTs9oNrZTGuUXKXsLg3e/dRxOe0PQ6kGgupJdPgMvlOdTJbnkykzm5+5rXRBr/3kvcW3hy+yR2EtnvCN02sg29wxXC/sdNpLwziuj+QE3PTGagWTFcHMq7mRPlud4A4j5U0bVkdkQHytWmAN7heDy25NElT6s7yLmJreURG9Buvo/wERsjnkuktP3fMYwZP3sHBrrBrZbCRzbunH7wdlsw7pj0cdjY+so61VArfgnLPqveKW8aetzO2c5PKBbkNE6astclb0XjKpJw2T/Z9BDgXW7qhh4vxId8aa08OX8aQo30Fh80cJUMWtd1SG74/WHh3YfENGMYtxno73XKT1Oqoot92f5KjWmm4mWXXGAEDXoP2WMsb8yBWszCTHuxmtjkExEK52wAMUCyO5jSqFHxJLh/Z9qGgwGSWLGBP1PgHPK8CUp3SjE+w61ZEhauwBKSdDf7skWT2IPceEwzOLWGcT1uyC2wIDOwlyI1PXm6eBPEux6nFg00VO3ufCR2rL5ezCvgfsRNNLExdjPYmccE2EtfbSvn0cJTxL2VP3PMoCCD7Aq4HdF8/hN3RUfzkBrANvozdNEuyBo9pBzKMDDdTQLz9kHUNJ7kPIy2vRVk255OWTGbemqjdC2TchvDuT+LKk/rzbCf5+LD6oiRQ0Aum/ryxdrfbxjfViMLg+yLUtGyMT8daCkhgUdiAsV1tbV+PP5rKtkNT705jbp9gr2cAVrVXYRN2Qo4Y3T14oCuV9zswXSAUQ7tw0m29YPMWlo8HhfKjuA5y8t4TVN+ucaDQBzNUWfgJqbZo8GQAMKHF0rBmrWxkNrTf71E9Y3PH6VAz6lvAFY3kcu+hKfMu9r/spSVVjLQgyoc/TEkFGBdYbtAbyxjb3LQk7LvIPgWM77Iwn5WqO8ckY5WnFJIgPq+nurdIvPSEzfWL4JX0L74p9kTbrdvE0AZhGybfV98cVU/J0MjBTmd5gp+5rlywSHLCQYEYFRlxph0sf3LPOoJ+0AdJRF30FWvU4BN+O71ilaRBFMedUQ3derE48E/jZVGMmV1/KkNlAYAQX7ZRUVqtFxd1tB2LTltBAuirzTLwT2yjid6CURVI+GM734RAQgSjhPDScpQO3SLL8QfyNpAYhj462Dmtm89uoaTy4KL2x79apwO9yObYbsc1jVUCdm9tSuWxGW9OEbjIKKJZJTkCEDJprBzzg4urAhd8JUc9uJMts0UnZzO2GUJu0e+aXVNo+BTpAgfBl7BuqZDWE/CrztHn/JiOxjQmZaB7JUZaORbQKa0C7cFfBaOA46NMI5fgSEQXYUGuAGM0n3T2TWgDwtXaWjYyDupIUY2IzacKlOJLQa2BLvsm0WokXlRJM+Y3xSbHshOmc1fENaZ1f7UJM12pHqzc+lbsAnZd9LvmtrMbKLh8qk/HfxzRQpjd6IqfDHpblZso+jqfe6vFXYxPBb64/aHJb2yYCqw7OiUwTCbMOugdFfiHCgkTHs2TfNvp5xDCjqRL0w8vqJcSrC8iBBgrF5x0VmvdXEU2RJXG5gfYDvsGal3mb3RuostJ5FQij2Y6I6nLJ6SctbJI55UcIhw1tnziId12QrDOPISlCcKtVMHa5Nx/UI6SqTo3P6FuF4DbKdcLWC9v2QiBXh5Tnkr64GazzR5ZMwmYU/MxROwNa7gBul9hSDZ58w9ZaFg4Eltgs6oG1Z92DJP2WpIP3qFlOgxwUSjOVOL6G8LomgR9Oiuk3Y94fsiCE3lIkyaO51GLiV4lY/C0k0KVu6ZWkGfeAKAUyqXRZxTaHfDpYtOWMHTeJ5fTkSElhS58mol7A2G3DSLP8JA9fyO4gVl+z48E247KS/boEirC6Y7E/PBQSufG/mAWT8S1vgdRIsa4kmTglOsqe00KjAeZRuGH2mtEA930wny5dJ8K4kf8S4aIpgfepoR5ECH/xxrwPOKRCadcZIi51yIHT0HchOM1MlKXbnWQlUabOvGB+yzqF61KKZoIT87M94ydx1VVzrPhQ+1V+97FP+y33V1959Z4k0hhqPfg7UiHG59I7x5wZYxpdKLfCCcTZVD2osvXPQe5J5lOjDX5s8zNdFzKcZ0vJ7Y6hKWm5vkNIeQ9PzejnZ+ky+/B+ars1VkM3POTgAyIOjdqhxy9ijUDfZoxvspok1dc53yhl7zBWzhCgntQAih/HvCZDgmkkITcw7S0orwK2K1wTIvnXA5f51rTGA16LpqOjl7wch81sA0Hjf0T8WXhq04u+MtkzM46qEbhy+8ZgcqM/MyigvECmoaTvSx/YZWladZHixNk87v1RKnXyNmyw0CLwz7alZrjLcNVj70KY5a8juII+lXKYdLusnnphVUVide8r9fSFNc8OhqTT5yLvzG0s8eRDdW7TYOq7zZf9hw4FkyH26rfcxrwFGV5k+/Xw3o18bRnt5RDeXgqdo69powRyFPJzlZHOHWlGjjNzJdsLQGe+ZQuaYvtkHnkMfgDK21ohzJ3G2/kVzLxoW+lPYBU1gzVMUwQ5/mivhb21mbxoJxaZ18FLXrqJoWpCevcmH7D7nVUTYK97PbGUoBZ9mivUs2mD1wacs4HptqjRvfADrQg6L1HbD3BKc7n8/x4fOE81dTOQDWKYzLILBR8JZLVcQISUu5rmxgQB7boQTSgW5ZPXa/LXzb+jbfpmUL7rNB7Ij+oJUa345EOtWu8vJeF61qwu5Q2C544UA7xel6WOPsy2jf3VyLMzK8HAvyOcx7nH6+Oo9CRwI9QAUv7lnsMOGH8nldJYj3KR63KWKj3xpK+d7o7xLydeIje2FH1c1b1vZdq5muywPrTtCBEB80LlE0cvMfL0kOpOwh9JDaK4/teCwxadLmmsTpOFkH8Wf5hAfJv8gnITPtRsgBeQhwd1MQGcApHOVQK3ZlCwtVGve9m1n4cuv+qSZP9xt6xND0druZ7hDmh5y/1QCQ4eLqP3hMyDcFuSjHI2ZWn3f56KOsMNE8bZZvS7ysVfHhUBMgbH3TsXnSxf7QUFFkIJ1H85HcHDrtM++xvOWuPz/TqLJuHQiXrp/xDvQjqVWrOFWUFd6j44O+4WPhtfr7W53tyRA5CvRpEC2G84t0u97R1HsuKtT0Y9ZU+Ye3cOxbwmmteHxKrP9umsoC0vcXWANA/doPwmPe2lMB33E/ho/fzC1v1VugZJSG2/m1ETX5XMgtJ1CYAp6MvYL0JvR7VtUfkGVe99rnmtOmN7w6XFtwwcOUrj7n9efAbRBtG5Z98dxg3K97NKAfXziINnDwxAwfR46PL0ceh6Qva4jWA6oXie4os6O1HIDZjYGjepqkhrBLyopo2TSB5+d4JydgF3LACdwHgjKmlIwvFnms6OoPxtpZUAsocg7i55NF/DXA1In/9OurHbr28aNk0YJD0wflSRbIR36lu0CXzQW7xGTAagKF0L4aJ5g3r9ux7ynnEgJxgbrnPBkVDbFL+in3U48uVneGmtExHkqMlIAmOHZ39VMmC97dRRttEgdVYecqPpHScYohRPNGSYUWmPbeEyrMSrVeEe3FTIx3xpwBj7eP5DJE3G5W3Fvl/Oz/8b36euOaTYN/mbcQW8fS6Rn3+fMPIlotzSyuXZfkXlP3+MsU4bHZ9s1CUvckses/Le5lCR75s+QdcgSDwT9EUL/mw/aEI5f6CPvuPkI99vi039IV+VSBh6KfK+fMZoaG/4dRP0bvOtupXI9Cvy6q8LqvtXwrj9aeg/L15YJb4uSnYdv8886777Rm+/yNQnf3UwZS/Fm5hJg/0s8K7WB+pWv+V+PVmcbfnP5f9FKw3Xv1VkA/ZY1nG9/1pGIe7kKm2/r4JC/9JR4HPz7Ebl29dFPr+/N6BeVbm/233/aFv8D/pmt/KlpudbfXxz83/WXf9uoMx1veN/zA6+D+NDob9S4+v476k+a9a/+j0f2uIgv5DQ1u8lPn2bw19R+/31/6zAf3y8XH74+VLPFXqmOXgir8D ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/images/Tech_scheme.drawio ================================================ 7H3Z1qJKtu7T1OWuQatyGbSi0gmIeEcvjaCA0jz9iQD8M3Nl7qrau3LVqVNHx8rlD0QEEbP95oyJ/IXkbr1Ue/erUoVR8RcCC/u/kPxfCIKhVvD/6MQwn1hR2HwiqdNwPoV/O2GmY7ScfDd7pmHU/NCwraqiTe8/ngyqsoyC9odzXl1X3Y/N4qr48a53L4l+OmEGXvHzWScN2+tyFl8x3y5sozS5LrfeEOv5ws17N15W0ly9sOq+O0UKfyG5uqra+a9bz0UFot2bLnM/8b+5+jWxOirbf6SDbmRSr/ENt/+v+nZyri9nlP8Lp+dhXl7xXFa8zLYd3iSoq2cZRmgU/C8k213TNjLvXoCudpDn8Ny1vRXL5a9VYvAgKbymWf5u8qgNrstBXJXtwmt8BY+9Ongfosue31TFs43At9OoU1oUXFVUNTwuqzJCg7Z1lUfvk38hSBInaXIDr/xMnYVgr6huo/67Uwu1pKi6RW09wCbL1fXCuEVyiYVU3TcxYMilyfU7CVgzS0NvEb3ka+Rv3IF/LAz6HzCL+M/iFcsIGKC/rrzVi/w93FsRP7LvbXe+Yx/BrH5mH/5u+NvZt/rPYh8NbV0c/yZm0fRf3/q18Gvzs7pBhv11Tf9C436DwhmN3phhXuqXLitOwMKG7vRfb1v+n8KyOA59KvxJ44jfw0Sc/oPBJH5WuQ3xC5WjN79B5XZ6dbzK+XFF6nrouHLJrrT/wsn/LAb+Tp2j8NUP7FqtNz+xC6eoX1hInPiTLOTmJ+ZEIURjy2FVt9cqqUqvEL6dZb+xD5H2W5tDVd0XymZR2w4Lpb1nW/3I0qhP2/N3f7toqL/SyxHfLyNPB8P7oITLPX9/8F0vdPit23T07veP+sC/qZFN9ayD6G+YLWrBpq1XJ1H79wEFIvLflJg6Krw2ff0IiX+7tX1P+z9FWf9cfEP+QX1/hW/oX8DT34Jvfs2/n9n1L1Tfbyrrfnfl1+rbQM1oAYoOv2cfPCemaMmL4obvFgESnTSYTy5N8F9xfDV9frM2vxv+Pi1duupVCufyLdyhfxQomvmDoMzmZOn1B1n5msY/AbbeKvAfov5fvvpPAVurP6g/wfxC/ze/0P8vVPb7wRb97+O+13+O//5eWOg/GpJvZuJ7W4L/aEsWaflmSH4JC9bYmtlg/xwI+BkD/Jpr/2Yg4GME/gcR1x9SVF+B1PcQnvkVCHhj/d/Ov58DLs3PUGKWwMy2qlG29Y/8hCy6oz/T25SLZdH60wCaAM+PCr1q0jatSnjdr9q2un3XABRpgi60yFSwU3fQ3Ocs8MS290Gc9khe2OUOfOi13l9IMB8SYvNK/kKwPZQZgtO3KnEZWMp3+mcwYqm3PWIBX70OZEiGA00qA/0KbsFLyUCncMwY3oJU3ob3y/ZY6aY8KqmceNLpfiGu2Ps4vBVFiO1eEY+lCgc6mVeG6V/K3jynb3Rz9/QJupAz6iaT16s29p17PlayZDByjsH2AmGMIFEHqlczBVM5QB4ygVBGA5N5kCiWmyii2xmjjB2yZFQzeMwBeO/v26F7CsQpQ2Ohv79rmxlPjVcINZ369NN34Y5KrvyhP/i+bfcez4FrvNyKxofrk0d70PiddEzll566WSQJa33LXkMpmdtw+BA6fQHXXIS3E1z3MYd0yHyp6A7nHe5LNiPfTsTFoV8XyUgXGgxwXhRcH5xD8ITrHxSTIuDfcD5ComJJr9hKr3AUNp2zJlrBvwU4x6ujWKysZDtHE++qkinw+o6fv4V5rBSNJfSQJohGvQn7GWOOrvWKCWh07pAZiWbC48LtVSEZFNyFf99VdE614TGmDMpA4bAtjmiLvlEfBf2zLg68Pz/9nclPSDvUFt5THt//TL7gtWn+6Dh5t6PQnGaewXOWjeZETeNa9jQf9QTXZKFx4RqtK69YyVM14fhw7ui6Zk5zQmugjXH6XvonaPxe45Z/QgLXBWk40w3eVxi/tUW0Kvj5O5/6ze1kJAPT9/cyEBLXeyjZ6WF8y3P3CshLqSdI4dF/PznS32AMiXf8+IVff85nkMTPtvB97rebwn8gnP0fm74CXWC9IE8mL/hDbg99/lvr+Gtb+IO5/G+s472E1pFLT6x27LC9lFQAflTTvgp2Av9C/4AMOKDAb56/p5aMzgBS5cyTIXMg8ykbDjO1486s7Jxhy231AoBdHTohhtfi1w5dlc5H0dkeLZ+4YCEhDheDhVY3eHoOXQeEeg0k++mTu/IGrTW1kdCIHWtY4lFEjHr/Bz6fz+fz+f/yww0aSRnwD53B7Jy2ABAg3jJENglkzqgOPMA0vgdH4arY4tE9S2zuSX0Xbq+bRDblbMfZt92Q3Pdp0xxM6qXwwgDRD65mAaVZ1VqHhpJgdYxljVwVjvZlawrF3sR61coZwz7trJN4ck749eIUbXA+0bErialLHIvLLaw85177Eg5tGNsHpYqF5wsZbYtVRPZMXMKBQeLu+avsSFcq3aXVU8nclZ7vJDOnzVNxj9zb5eGXOyIqV9y1emj53fPKx/72eKyGtn7AEbrG34/twSHadUo/6+fm5a+gTeyULddtLLFvYnkI6sOokNrI8Ees1W089M+EWnoEBLNkiyw1FR0yWjvfYDzPZvfV89Wso/Vro28H6FFFC2deMQzT2Lhew0MdIn521WUXFdJdgn/vdkdBtCO1bsnzLeELO4beXeRHUgufz0NKMfVOqoLkecJO3mGPezRr369mf4zC0yFdO/ZdDA5pbu4vezhYXnBm/qBB1dwcOnxQLbk9Rzq8ULU0PV7GZrhE0YUeXzFJk/htfD3ocVRH+t6NVyXdDyXil3NYF9f9haK1cXdTtREUwtOs4KTcB7eF17fdqSYerxM8YzvbMvdesJcoqjJ1Xr2Y9hryGTx2GNYqIkp/UXWEVxhJ0edq8jjs7oCptqScGhHYp27jBMF2qBKX81aE3QNN9RGdcBFrbqWSlgI7nnWjh/0ggly7Yi0ourOxt405JuLLfPGG0Mec4ybRCheOaCK1zBErccDZ88C+ipNn7LfjSnwUbDgIEG74ndJu9Fh3xkKm4uKiAH1jU0JiVeVOsbVmLcvEi5bUPTPC0Wj7gceJcQlES7Nww+ucFVkn7JOWctp+zi50p/nOk+XbUTz3ZmDwJe5X55UCr5zWBAVsoQTmnl5lBgt2hmA9w8cJJNyJPYyHk0ldgGiYUBc1oJga9PIdC+McFiIEo+N6GXrtEuxlwRCAC4rEIt2G6wAwO3DwK7wABpvwLi80sF0DhKRIbJCwGBwKNpLgUCLGAgnohtLt4T18IO1OEHe47JHLQMIDteJdBAGYZCvc4bcAgJF2MjDAEfAAYhdOAI0ZAKAYoN/BMVkgCFLDwYa2IXcQh7BXcBAKOKYAAtNG8wcc56D5Cx3sAsfcAknewvlToAcjAkByANwcNuUTUeAUBIX6RE2gPvAaHEOYxjDBNIYEx0AA6QzHiBM0Bg1wuFKwC0BVYAAc4BiajcbAEy1x4BhPYJs4nLgB5+GxBgfXwR4PcIw74OQzHEMGIRwDrk3I4RhwHkrCCXsbrcmDY6CJDUAwCzQGx4FpDAuOsZ/G2Ms6GoNFY+SwLxwjx9AYkiBNY6zgGOY0hm0iWnfwHAZnAw4dK+TwewNpyyA6SPAvGfbVgWwcDLhM7gXvu0N9eIHFOHi/NexzRX1YFqioD7dhj7KA+tiGDkQgcyQkKESHsMkVMt7gE9XlAJKRsRMEB35HAME8R+GbCLAGcLk+QWcyYMP+nMt1CZdAocmAr3NgD7hEAUhWYsAmhxubS4C1ASvCSeiJ1MFuLCEAjoc0wdXiGEYbCtFBaEDcWGvXYA2pAsTW4G32ARg2gf/fXFW24wrgZGssYYFn8B4c0ZAw9qYDUPE2X1ecB+fEyk//JPeuD22XU+OGC4XaTmhwi6i4tgijJkovQej4mWJ8WCODO5qMgh2c19gV1JntRHAvKvBIGK84M2ybvA6wTTGO8m3jnHc8Y620x7EfwKmQr4B1ykbT0yPxWjsvySSYxN+YxUlOyES62eAuI7M94AhyszCYYl8JsvclR4PxYe9yEB9NNuDbnrRqeH416AyceNsdt37VVck+sIHF5cZhtno0rW+gyxEDaPRF85DzaPCDDANuMwGVqmodONb06YlzT/sCgyWWl8sgYaNTIoJVUWfsM7s7a8f3oOlUexsIIp1iCZ/F3otICJ9RJC2FIZS49ZKDhz/lodwnbHLmuSj1g2G/cZt48zBG6bzxnx0f8SBhNluR24x7zAiALld1syE93UfOAq34HF0Kz1gLLqAErFFjjLtpu+wVP/3idtzKCUsJVuS2r/qllxSbq+yArQ8Ym4CXVBKhc3mVrW7iVHHSb8paNxMZ8TfcXmolJ/FXRNN3B95FSVtN7zhju3oqBPlaD4IVP/r1oxlKvRH4tdCxILxbKiI/bL7muwi3UueYmod7hlGjvYXKrKTatqxbfR8E6dmwt15A7nngAMnauvXq1IwPS1YMXENhaeobNiBiBvkijjXirNodC0uhklMAdWCohjLub6ps72X/vM6e0AQhh83nlNPtMVYTxrq0dODywUohC5VHIiJ6m/GYCTugWRLHrUqtk4VKhoQUh/Fog5G7DKsCMpkTnsoLbOGK/GYst/XDlJUz6esigcZzFBYqOGUn/DnosPyfwnUpa4Ine+ihHj8SXmZE5Kh0PJb1ur+6SDdBz64YGclLcU8VC2pab7BIsy73/TqMJdjTTuRQUzZlkRlQkPgKMFvPXxkNGKC8vooALmSDQ9t2AoiwD//56PYJBa0i2z02W+lQKdCLYMDrOrCVN1tkRQq4tpVur6DdYRMdaUUwbKDIVOBaph1mBeDIStAkIU+nQUPE3SSwc3kDPKCbuXISEiGwh+33wdZnoLDBJrbaGN0Bg/qQgHSdXiMkZnffCle4HfQ9VgwaXr6AwdGdQ3INg9NOpSjgMGa6cqN9sS6BwD7XkgK9Pdveaee5fTEI24yUdDhvYmZ4eDa0iZ0crJ+DRUZH54GPUcJ7zzzrSbx/tNCvX4pxd7GsvXWW+TC+oyzpvRE07LapIBXKY7a/RNbjEhX9ltzea7O87Rqpjs+IA3dJBnipXNqzdnZ3ccYAEsSb/TN/vPZFxOQyZCFH4z4ztMGuKK9Y15gOjlT04jx27Hn9ukBYkujlhj+sufqqMR6zivedOhTjOoXtrrj+IuWChCYXiOWx1DfcjcMy0t7hSN0zu87F3h9oswUBa4hyfnlxLUEJwn5YFymdXqAVH4xnTK+DMk8gytCeG/x8oaCj2qWJQquzcpoJg4Res3fczTKg+40lirw2GdHZWqecVjZGxikIQLueYdPzpZJZagt8wtMnhMaTAavYZN9WjKc/A7rpu2gC2JtSQgK8gaiJ32JnrkdWWPfHvczCj1chbrmhQ2ZAYdm7SK6HZJXdrCY0j3y2KQaeuq6iIH/RUKa67SXEorK8jC/NC8yu6Nyu393OGum/VmO0xpGwS4FTeqx3PFtaAsQD4VxPjAfBTSNnTlFh7kOMJKyUzpew0EMIGLDVdTPUstr27v4APX/jnO/cimLBQalX5qZ1SDYuIp7QsZIm68NGwxXQ8enKqf0YC6t8ELfDZdN4yCVT9LXAz49SuosJgrN5eCrOFMQgirsKRYom1kViMI/bxcM5AXkmA66a3DREuiYv18PmsSXt6uq2EBFVQ3FlgG8qkG4npnjZFPSNijyGp3sAMkNHZr53mkMi79NEAu65s2krYK87K7jwNy2Bg1Bk5m5S99EQD5T0XzPV9WarJAQiFHX14frhSW1TbZ8oyLAKPNcvEEklQmnr0uuSQOqz1xhYysv0CEwGu0z07aC5kWzn6oinpXO+IJhtZ0Bi+/2YnR/XrX5KygdP8cVe47yhS4AjeNmrVchyFOs+t1nW4oNa5ctw011woU69WnTLfue02qVd9x3hNb0PGBgiiqrb35QLcSFWJ8KMiljt7gpX4bV/Zq1m33YCEDd1geTHv2AwFHHy4WB12tp/qM+HDJA7FMu4soyyXbfykS1c+3qN4kqNntcAgpd4fzpjcrcvC2gIahk77I9r73xiKB35+pdK7dtrGdWOePK220pZ78hQl3NIq+cLf9ExWYKq5RGOaaHzPXcA267qYbtLlQvQjgFLjLk0hpWNaY/VCdHpBJGlzIUeyjT6rfOkVqa9OYcnmsfuDUj2vds9T6MDg2D+6DfYaLWEKF8orN74GttCFJocohoNhDM4ufcuim69+stonbWNVQR8DEgjhT7vpeaIKDVbI+TS7JCGSWsyWNUKiu02N0DxAgzhCubA2ygmJC6HQj3Qm4osOg70UtJEo0mda9/2o2AVPM81BK+DPNJxUJ5KRSkZilvRu3UqPaCPsCvN95EEnZBMmESza7Qn216kJsCPEKXn7L0mXBQDBvQpsCPKv3tSzfArk8GoGgJj1X+eGe8U79RI2ZMNforS14XWXS5Re1fWw7jenwMR55P2LPxzKZN/6MPNfuoexcwVyMkA9pLlb6sTVO8CSAadMxAEJOwexIkO/8agPzwY2k4/SfftkHDASVj5dekONhIMGfpYGBabT3c2mw2PcJMNkX4BduyUY2D23pMsYLzE8Td0b5F+dWe9NK7s2drmhL6DbWR2DSOfZyxpu1csnc+7rqaQIAgGn/ePK3iNj+b2Qii3LRTVYDfPOyGwoGFfIl+xUBoldliVmVGyENXqe4a0Fmwkk0y7l9hVjOwDYpHMwAgO8to5D8ODdG1+9Vpb2h6jfIhzckepSGgwiCTKZmD8Gn2jPjKywXcIk90NbG3tjqaORNwodTpK7FFXa0O3wYkbDYHmmW5lRLyp41xddKWH3MnZQ9pevhQCzopRMjMbdPrqgmO0C1v6Hgvrdb4pYKyBrfarS689PL2NNiM/jFTdS0DgEdWQrN+aAdGZ2FjntAg2F9FzMcIGnaxRuDeq7QnZOYT5Rmq3uhTRxYWMjPvaudWIeBAh+89L8TwmkK7dblffbtZpfb5tUYDwIg57l9tyAGJnpIIqsSZonzlpgxXUfQ/DTHEtXg6ahMgY+q23IfYbbw8j8e7A7lHIFg1MQWFr7I7fIbc3KSPfGGrHxPuWeDa56KKgUaSlxt7AsVd3n7GfbpngzxedQh8QHdvOTda+foiO8Qsa+UISIwEGnmUenlGqakth1hrCchTtiCt1JWdGZ4BYSXESpVbYsEqJfVDqaYNIvooZsY2xJgkqwB0K7JDFG7Lhz+k9PtAsvW1jjlyFtmQIGYOF1vqFlvWkSl01SbpzY3+9w8dXyGg1BJeGfXt1aYbRt8flfsF9go+LmBmRPRhVGUJDdMtG98XLdStvEyDLrimYbbRubEq4VPpGCk8vr0BOyr7nfKLJ7L9A0f81H6VC4inJu+4eU/IDBtuscPhnBhw7LjB0CFwMB+wdyRUotDlkgGkrCn1NRhJ9oRzE918TUacv1OP7LwN+USfjYTyvz94A3XDxxginuQZGdfwFOmpmq7T4JkQJRmt7TJ2gWLFGG5tIKjKUQQwjYY3Csjv23N/3CgSaW4xF5uwOXih0A/tgGLMyfu3RySDCiUPDp9619jQ/LTF153t59Vjj0uVcKbgMgdEVELW2zXa+4h9p5I/tTG/PZV1J1ICknH5tHWQ/b+cDNjhB7VzWvbjFJbODyxHZrCtK63KByJypUbOB7Ff5zbrIK/3wrIxEd1mwTbaytqVj5Xlq+ubZ0GL71MNjShiazrIDm3NrGKRsQMFmtUsU2CY0662KYK2vqVfVJcLuklgGDJvB1kA4ZAjbWNWREl4uob9WL3H2OpEGZ2iNAnYUkCSzxtb7vUOcL+td1mbHRMO3NudK0NfoiH3MOo495eRSZBlumyPuHtiOwy6dCPSKXW8IEofChNLfYrgOKINwx2LddAqIcUMAag6cNmtaSkBTiM87fGOkLdXAG2MrCP0lAeUzjucybg8QUZFnPZVG+cRDStgqcIFmcCtkqs5qWBzIMsPpYyjp/IsqnPN2dmC1Jfd+PP+N+M1s9a1+Rnjj1tFMiRhFpMiZlL5rsx7XQPD7AM2rl5xTPq7rdUev18PLaTArfEburr4cg5iuYdiATMSuJ4dW8luNFrHEYh98CDowAHu8KSgsU0jigZ8l6DVkU3g9d9vsSO0aLMQJZROq9iboUDS7gzKuG+yWIMINcp4X+unS6zNFdOqmparHWXU3di6uZUHnEtgQRquQ9OHtMqD1IaeYP4YXjJ5vgcrWtR+g7QrqPjx3yZiEPEQ04JIcStLowp0W5PfUH46ahHIJeEuAWPOofdodjDvEAlDR7wggpjyRvfYri1E2ARP40H/DkMWljiLkeolDZGEmh1flDu5qSJNr3peJ55xWERfeOul6MFkTtNcO7ICUlN2hPURyJZOu7MqjuDlqLsU0MmDACip9ADStMhh6KFqRDIXLumbTk3unLnHqaq4QpFAKWGWnrGieRtDPOl45tLw1fbzpyl5bFx10szqlAlEGsYCFdlsc9UyvYijRZS9BoVgXIcRhO6zhE8gcZ3XtHTuG3ih6rm4vT9NCj36s+icP7QpCQCeUdTYECJ37uNzt2itoGCS+FR2vLkokdJERdpAAMLor+Ud+u6tN2x4uujTW93102dhhD9S7CRcPAcgdN/lm+7yYt2AszqR6ueBROgbJ4wAY9glRFQmEy/E6jk95F/urU38jsr5tL0SkJFGnQhU5Qz0yj8RwSIdo6FM/Ge8Ks4e3I+RtJ65uhQExgdSAdXTNUDatLI3Xpi7X2nrz2DRlLKZax97iQG6UtBGBRLGFsrpBftrCBstvNpUgIOTtUCbjujO3IgHEwXNHBD2g8eWAcl0zgnBAVTfPS4XUlD60Qh+bO5y+sh1LF+fycQINIMEu6UnpLF7Ph6tU9mV90bfCIyaUBkLMnWP1AjCgnRwcbjgjlYPQ3toyaqH6O4aSSDKN1i7It5TD99CesldwGv2XbkW7i7CLb1F8OZBJobVRvDYkGGa4RkzlW5Sbp+7xmBLMnghQCIvcV/tUQbYixtHaJjzR5uea68ATXLjhdhqJ67p2Y/NhHHcb6rhiKbSZla2PdAMG9rDysfAAZPYAuGN4IeAtX6+WDMF4No2hglYovJxxoFo7ZE02FJ/wAWjZeHvwxuNqr+pSbe3WWGUfenIlKjUBjoC8gUhmIDMPARiELGxiD1kPbzjk9ire3I9gc1pdrRWeiRjrFU0uiGhnRuaxPQOKYMsleGwiV0aMwXh8CWizx7yfmEbs9jj3vFJQSpSOVF/XQdRRAQYm9yothKxbb0n1EHvXFnTwvIiVYyRBncPB9sALrrat82B7ozCVfwD9VUhJJJKVvX5d2IbT5BOGbAT0tlYiGUrlr6OerD2ytwal23pDb7x2z/ZC2RfA8Yr9tPje4JEh45434yKcrvensM0jvYZW4CC6PZXxxwDYu/CCcrGGCaDTNbhaU/pdF1cZCz2Ou8JauiKurW6eBej46ZQp9TsEbANUSlO/P2DwWzNutGUZdXs3GnuNrVe4SqUQtXS3fqtD8aIBSOnNGGXS+XpiwPp1PDJYg/H9s9VKMm24hB93hUZ7UEOFRLFIch+8KJmPbrf+Fne3Y+uclXXcq0bCmWErx7Xb8Gj3hhPy6IH8UcgMt/B8ZJ7KFiMufc3XzibJgNTpA4qWSCKX0IaQvLdcTFRXIDscAiEgqoqhnAdLjYAUdo4MBj5WGFzZQzrwELV6xFZdpaREAUO8JUHoJuZYqWbhmbYA+MvV705oJ0gB8tEu6Vjgypum73Pk1/TcThLsjAkvqYOoaihON/PE5uAOw8G7kt/qYqTxkd/2KnKKV3pz2KGdCqm8s9oRSLaO4XN0lArQrl3gYuO8Sc7Z/bk1JcqImjtD3Xa0AmM1F7C3dOMqBkDbVJygEuoJhjBs1Fcd59fekVzZ4Ut6lLsRKLf1yt2MEG4kUsfRqYqxAXscO/XpIZtzFkdFB0oE40SFuD+TPQgBlxO7WFkfvTHcp35pO1GUiy9rhSSmucDIdevtNv6ag3cPgVCkl+chNs9MAMdjbxj0GCjEqzoLCISb2iPk25TF3e0il69fMATDV2dv/XD9qvL8OIXUXCu11PQBm2w7QG/txy2OLhbaxqF3wD4T9oDxBUE9AqhjitWEFsWjTTZbPqy4ItNi/mGMN8cY7eMW2wcMDT3Mc2NiLk9BmQ3BgwtfBJ3oNbG7eWq9YeM01B+EY3ScyBDFDRpE6EiGJL7FF8w83CpbDB3sRlz2bni9dpyrbW5QXw9At5SxPyj3zVOhn9GF9ZVm0HhRsVxw5WXQbRXAqPt+//R5JX41Nde0MWx98xkG7A0a6NmGDzgnO+O+IQb+3pLHwfekEgpf0/FgRFkiUup4G5fxjFRipb5vtmmR325bXyFzI3U68CghbkPyf4UgoXxoe0kfTRQymfTmXB7P3Em/5um1AaPkQbfFk3Qo7FY95vrCebMPlW0H5TAgHjvS2FV1vztDn60BmX8K3CqkufWWC8VDJPgdOx4TEwW4yAmdT4n8UjG0xcGutA7CGYM3OMLNrqGjCSu5XDNnS4t2vuVwWa5nl1EVYoGGXqH17tyeY3uXbgqbuhx21DELa7rImTVRHwq1zxXuoJ7XxvnuQwld04wBcp67PAmLvbnbg+SZ6jZpTXz3SkcsoZ75DngqjvzLLjKkjjoM/AacX9WwMXCg+3gxVCCCiFOVyDvAvDNTlRZhGuvVkaGyi4vf74fLPTIw7Voyp9G7rSVulNCPVYgXtFLJmco1FDvnEqkuT4ZqoF/oYH10ehDL8/H5xNT2dVMtXSxkfSWWqkAeHMZSPSkGLgpfL1PT+9hgV4Tv8LI+hcGWoMSo9i9Np/tASQ+PRKJc+Sm85OFMFIqcvuKzE7F3VdIRokSwknpJZ4Y5UFvi2RFOFavXBm0h2ozm8h6fOShGkrejCc24aKx3rAc0usxQ2LwOwguykg5d2/pLYhGcvLR6qhiikp9f4EHT5Ivxa4gbn5QtnyJ9rd2lw8ZSBakM1ic1QSgdduJwETm9zW0burS7TYMt0G5XUeawir4nazBepHQ0rMeUQglriydt6P9ZxU8PVpXVcqiek6ttMlEYvobSGiKtXKuP09p/3vHbKYUWmnKxB4TGN+LFeA6l2WzV5HmphY4nPbX0EjwSHU8hcFjLbqYYRNKe2YM1svtVqR1PGkXWmBfG7r4gbmv8llVHoHX+XpJdQ5cJLF7Hl9J8bUnGk3en6+nlVK3gVCftdRDuOfCeZgUefKMr23lDY6Vd7NNOZU87mlhXqXfMuZVJkPGtayASCKPRc+pO9GIOQQGRihSWwtcERuXPdRTeHkbT3slkzRmpZPMP2z1LIFpHfv0sWjrbYI2P607+ymFELLZ+ItLMQPsrh8Ah1rQlwJvHVVECH/mBVg3xkrYxC95ryz93I8fcn+Nhl6yI134tR4jJ4aDkAthcXqfo2m+IM1/X1Pbl4M0tWKvF/rohxccdxjasl4v3pixel+KmDCcW7E01eCnsrcaJYT/cVaa/7mjRaPCYkPbhUdlPxGAD2fYsJcEstH+NxF9p2/ug7JNtI0gvBZr/nFwhC3Fdv3CSzEKdQPtCtEpap6eGHr8S126JfKN3Xz+u+8pzkcTuHxYJLZ3IX3ljB1bptBHkKZXwCFFIyNIUktYrIeixVZaPrNindzMLGuVVHf0pm3BWBA0pSVXc7cP1cd4+V6Vzd/Xo7B+uFIreLDOWtVpnmtVNP7GiKp9tXhSYS8nvLf0pdkewZaTcqVViHT6cgxrI56jgjtErEgqvPFj7a9CGhHePCAsiADm7e5HwD+RIOJY9g/7ZePGTTxOwfaQeSiLsykQQ853EvV5CZmcyx+WsD1nG6iQFQt1zUqjB5vlubSxfMcpkKhg43jqb2MPbXaVU7hQTlbU8MsJVrNJUQMU+PN26Hg9H+SyvXsd1Lu3wo0RLT4gtEmbPwGAv2R9bTy+S/uDlgzoYbR5b7KB7R+Iuu4nv6UnSy+ROv/s0v8KCyWu/EptJhycYZIQ6T8A5HlhThGFOdW1g+FEILmnkZFldlatI3rVrigxx4JU5ymQcubumJgMnb8ph2DwMMRTkpHIKdE0WYMPH49D3HBL/JLziq0p6sDsuKcmDoJ3hZbY8rPM8AW57YPORiUXFeTZ+Pag1KlILDbbAsrp9bVgaSDCUZI+Hx5zdMu2TdtzTnCvLc/X873h0iPnx0aFfPf1P/eLJoT/t6eH3Dz59yuU/5fKfz+fz+fz5n0+5/Kdc/lMu/ymX/5TLf8rlP+Xyn3L5T7n8p1z+Uy7/KZf/lMt/yuU/5fKfcvlPufz/7vMpl/+Uy3/K5T/l8r/p8ymX/5TLf8rlP+Xyn3L5T7n8p1z+Uy7/KZf/lMt/yuU/5fKfcvlPufynXP5TLv8pl/+Uy3/K5f/UcnmCov/NyuX/gbclfcrlP+Xyn8/n8/n8ns+nXP5TLv8pl/+Uy3/K5T/l8p9y+U+5/Kdc/lMu/ymX/5TLf8rlP+Xyn3L5T7n8p1z+f/f5lMt/yuU/5fKfcvnf9PmUy3/K5T/l8p9y+U+5/Kdc/lMu/ymX/5TLf8rlP+Xyn3L5T7n8p1z+Uy7/KZf/lMt/yuU/5fJ/ark8if2b/bo88Wf8uvyva+F/Ln3/dXX8z7XwzQvF7/0NrobTtypxGVjKd/pnMGKptz1iAV+9DmRIhgNNKgP9Cm7QEmWgUzhmDG9BKm/D+2V7rHRTHtVUTjzpdL8QV+x9HN6KIsR2r4jHUoUDncwrxPQvZW+e0ze6uXv6BF3IGXWTyetVG/vOPR8rWbrcfalrg/LUXCwsvZwvhX9j8gsnJy7R3wMOH0KnL2D/Iryd4BjHHI6Zw2NVsZJEERSoQhStjHYC7wvnAqhDBgh1/rvXBAV9L23cRMmCp2Yp+Dw/gULfxpg8Fd5dzoF3m/lv68rDcd9jzt8mWh/qy3rf1idnqiVTSn6R5HSDUFCqUq7VbAJJxDxubnU473Bfshn5diIuDv26SEYqS2oDEeEvKXCB1LQsCGMyA95Nxg9ZQipY1ysmhStwVUpKjZol8oolPJVMwWCb4ZDJA5whbAOvmxQ1UcmCwVwmPFU+wU+ZgB0yu1cwBbXpVY7q1TFPvo0hjIcsgFIA3vfplYEiFP6iKFaAxoBtYVhiyZgxorkFhMYB+pDluDqCEVEGzmGEc/jDOXtA91Pg/ZTsqCiZgcbq5/u5nZpDTnIUqWYBHF95qmOAzWuGUrjMU+PROmzILYD6zevAXbROTONP/Ldrcg9p1cN5fRszk+H6ZMhVGUP0nOgz0U+F60qekHvT2BofjHBd0xogDQY1pTrI+R5K0DKOC+9hJF+0WPo4OQbvh9IF8Bpam+WOFi/DtdkdkkA4R0LN0Bzh2jIFX/iDwzWh+SKaY3CshU8uieYO6Q75l5PzeqAk85epv8bnxHTdpAYF0m/un2OKNfdXeLtf+tMqug9HUZp1deB1yDcwGON37S0DSjukxzDfT7NcaqZtQMN1JfP9BFodJh7ANdj43H+Zr4XWqgyTPCI5Ge2FN0avmdM5HGrX1E4ZFdyaZMHAkHYivinjkUf0V0ZATfJhUqM6yTtqJ+DqLL/wukyhOUAad3DNUFsFRBMY6IU84oXGG6QyjzkqUE/gdSibLq3yi2yPLqbNfIRjBtM5lVcwOB+oMwaN5gPXN87zkVF7QpvlDpt1CMmPjeiJzuHKKAzy1FegII1mOmQuptpQr1Io47w9vOkIZXnuz0M5n/vDeQXj3B9MOqaaqI/oQKs78RfK4Psa4jPU0a85DLM8QH1COppC2bfcWW4yJHNo3TY+WT04TzVTZ/osuqDwaK6Q3umPx1BusVk3bELB7+ok37M9QPZnsKa1QA7OcyUUC8oi1FPNytE6ccTveb3w+twGyqa98B19n972Y9F5mUY2SJ1kXJh0Hspj/+b7JAsDpMkko0g/Ab30I1Wsm/Vp4i2S34SEMonoNU48Q/dGPEM6zwNymd+oDosecvMaVP406z4P3uvslVxBMgblyqWXc+SkB4hmlv0lQ/C+2DxXMMzt7F5F3mKSxQRHvJnbBcv1AJ/1ZaIBNtFx0pe3Ldl95012pCcV2MWUX3rqZpEkrPXZE6MQgGSbtq7yyFkQD0RLbJwWxa8eqvsNiGtFrn5AXF8I7DvE9W7yPeJ6n/v9iIv4BeJaFfC2bJi+fkBeq8ezQufhUtv/8mYwBWCLAJIjqr9dh38ly/c0TnNHZQy/GCiuyva/mnSM5nFw+t7/96OgxrBR7AU/DnKNileE8N3PXTnYxUtLNDdMu7fpDd4KAnNMnoHcPC6k2jz0j7ebah3RvH86PZHlffYP2BSRBp7vrmkbmfd5ql3tIbx5bSFgJHn8N8nR+u/LEYH9ArqTfxp0p/8+dEfPq97/8dVD0arKEmJyz3+PgP1tqjB/oMpm9RNVcOIXVMGxP02/yL9PlukpXhRxTNLxd4QHhj9h1S0hS1J4TbP83eRRG1yXAyTS5qRZPL5CsU0dvA+nUMdvquLZRuDb6Z/tXkRG/mT3Zgv5vlJWZfRLIf7bYvH3Rfv/HpNw5icm6UN7rZDZEp9lMEWU/9FxqPKHOFT5dRw6TP/+bhxqMHKOobgOIi+QQM/cI/QDkQL03ALy0tgcD0KkJbodRBsQ6SQQqbpT3Am9+Xft0D0FAkZacCz093dtYWSgwTgTIqQZSaHvwh0h6vhDf/B92+49ngPXeLkVjQ/XJ482RCk76Zh+hxK27DWUknfkOKGyBUGOKkJbEHlO0QtCi+OMnmC8iyKIYUZX9ozaIQqa0NcUkcgT8oQIG5+RZz4hY4g8iWkMOJZmAeqUyR1C9tqMgEl1ih4AimaIGekiVD61odQ5quxUFBmgNrA/RLwI3c2RBELYw9RmnO+B2hg/zhGhW343o1A+oeax7RlZoah2iobQ/ZUlolHeYw/KiPpNEejSD0V6c4SjoCjTyiF9BHLu506IUUORxYQYYRQ15vR8LacUO5mjhAxFyHDMESzzdHsVXUNoebxM/eBaFtQPowtBQddgJCDP0ciIkLiL+NHP0Q2YULCKaDnOUTeUyX6OuudoaFqLOSFJGkYkqM2MlkcUVaK6BIRQkym6UeY1dBNdUATPT4gaRukC+p5pgNDvFEEFS5sJ5dIoAtDm6L1Ts4U+fP7uR2ond8oWqBmKntA1ZV6TNdEe9lc69Z1RmO6fQzQ96UmPoi8kMxqKipB+TZFZskQCMArl5khRHeV5bZlNLf3IL7Ru/thG4eUlQrTJhT6Umr3p7FJL5mI6htETviB4Sp3leph0FaFyS8C+8atD44zzHFEUL+DmNMd8VOE1DUXHU6Q4RSS9OY0poMiJgOufIuiJtpPsIT7P8jnT2oZ9EB+QLObYEsXAyFOeI/ox9KA+DwvfUeRGI/lB0Z+KoitkK+Z1oLlSS3QHZWKOPOHY/WKHaDXvUD9am8ZGNiYZoO4ivaKtRU9VbonmLXWKhiE/hjnL4NLKTKNeXbIDs9wK0zhLJgNlUCDtZWzJKszZJA5GekjWUR9rkWdrHgNG7Djs001ZDm7KzNBvmYfrx+fMlr3Im9yrc/YG2icUhX61QVmfQXnrBVp7NskgsfSj5zbQVyAaTNHxIstZQM33dztt1hNsjoxnnZtlGLx1jph1DemZ0S/9RkSXKQNkBUs/sESIArnoDq6+dXWKFJFtmuwBylRgS5tR42fZgzZmWOY9LFEntGnivF5+shFQrnJoI1GmLcGnDA20ydBOJxrKLCH+QjmDfIK0hfo2BtTcR+nm7JzQabN96VEkDecOI91ktkE8ssdIR6c1zJnHqY9CTvcxIU8tBd1nsZfQtllHHh5Tsw7aU8ZmsQ/U0qfTLGXhqTHrCbTNC9+pJduCa1NU/0Wb2W5/Tz9kg3iV/47GU8YS2ehvvFFQf2y+/8wbKIeDgnzTVxvk0wJ8aTPxHcoUlAl7kU23n/VJpjR7khfobxeZgL5qnrc8LjKBfWVGJ1lE1wTiy0ZDmzfT5vSdvCKeTJmqWe4HlF9+21QbZQCpKYOFKbPuQLujcYtNmLK1LpSPBH2Ts63LO2XKf8vE1AdlLpEscMieLRkoKyfmPsHikxV8vo9MI9uP1g/nhvqME9aZbAfiA8rQJX84vjpIJhV7sifIBpPIhyz+H/I6RziqW7J6yG4s8wyQjpKL3iDdIBEttEnWArSeiTbqlGOHNnhEtiFBOfl5vSPA0bc64Ql0fl7TfJwjmSJR+/l45sO8xqBfZATazGmNS7YZ8RPKLqLxnEHsUEYKHauju9A6QcfzHsLk1wxinhO6tzBlmyd+zlk/lImipmML4F90FhSkc/giZ5MMQpnoZ5mSl/WhPsm4ZLpwBZv6UAsWgr4zn/rM9nPKkhPLfYiv7JuN+oC3rgzITs++dfZNUCboiW48WHCRO8C5IVlbxki6mV7GnO1CfaHv1KadgtlXKRA3GWMw4b7ZPsj9jJUX/GVCeYD3Q/yf9RnZA4W0+KU/xLkIz8J74irWIbmhF6xDIAwxZWknH+w+5x0EdK8JixAIEyiTrkx+APWhkU9FuvFlOyf7iGQgXzJ7MsoMUhMOnzNvEK9d+Ykuk1yjbKecTPhosg1TRhmbaTvpM8r00bNNdBdsouDqtPMx8wf5fyXLv+Mpkg8k5188pZc5f8kBstPIJ2pT9tddcKfbT30mWZqxqbLYBnXBr9qs18ue1oyNJ3nkkTygPsliC5IlWwyIeYzgvXMwLuuf7PjsJ7/Xo8mXoow8kosJcyAd/6ZXyM9PMQya17DsNpDINs2+M5iwBYwdRrQW6FfIGX8Eb3tJzLspCLfk1Hd2YcY2k3+c4grksxcdAvQX9rGUJRv+HjennBybaDPp7LTTgnCTMs79EX4Q+q+s9zhnh9Upe436ywPUm2GKSRD/J1zz3llR+mV3o5uytQivTNn/abetgxgUXRvfWA2udeknU8vOD65N2WiEc5T+vZsz76JM2AC16Sa/g9pY8vjm4YLD4DXlzWds7gdj4uEtC+60Fqgf5FcsM2MoaqbTJFPjnCFPsAmnTHKnzP2gTn3J5ryrSM22f5Jfeuk3ZfW1t++c+inUlx6Yy/2mnTGEv/Nh7pe/sQs1x3oKwuZLRtx97xr10/qmLLjKz/QFCyaXMeW9i2QZb91e6BtQUyZ/0n8YdyB5Q0V6i41Ac5risiWuUqcxJ1mZfP1sa2BcNvl7F8UVJLRJ0JbBuF/oZvw843AoRRd+3rG0l90E+S2L0M/N+AfyfplXMiw2sJt2pya8+94Vy4llPaM621ZKWXA05FP/tsfQf898n2LDyWaTs7zl2NJvUN98/8JJ8LygTHxQeeE7//CNfzMdk+/5PvuZXPmO729f9E1e3v5quR/29mnTPNNpN2vZ4VrknJ92ffvJl5jfyfDsO5cdRGFYdpmHOcZHNAjoJfbtFzpBHC8vPlqh537yHKchP57l3+njF+b60keEuWbevdtMPhtf7BcxYy6lW/QF7cYinwVxMJIntB7U9o1JJr2FYwTvuA3SD/EX4fGEns5DXVtw0BIzID+EZFZGsRXyyygORnFhf8omTAX15Os8msuEQbQpls0XHJYsMYqx4L2cmvtM9oGadsTm2HKKn2e8N+dM4PypBSMi2nXI/s5+UCYWu9MvvgSb9GvafZaHxXeiPj3CBW//s+SSIH0mPDtO8cKUS0rwGXsF5NwnePOon+cyxd3jzKN3HgnisdkXkNPu4HRvhV4wN60ge4zuYc35J7i29074O/9EqUuMB/3ge3ewn2R52kXO33EAsfSjFx0gZx+B7rfsUPKTTPbTbv2w7ARni1+cYkS0y50vtjt44yRs7pP3X/o+5ZwQzpYXOzH5H6Qr9BLTzzkr5HugbZvbBP2X/Zz0b64oWHzIPDbE0xM9pjZzXDfvlqKx3WFpM862BMXrYIn1DHLR0X7OySA7lyz0yAftjZ+WygFIz8U2Cwh7TrulX3Z3yl0tNFp2L9WvypJ5Z1OzdovfnXAxNWGjd/5x4gfabbXp7/k44fDJ7n/xcYq1F/lc+J8vu7SonzHt8qLYUxOmnWByqaYYZj/wlrVpruOCdyaZnf2z/JY/6lse4cp/k+M516B8VW28/WvSv+//5d9nGvVv/w4x9oLZgmkHfsJEyH4hXbRQPDPnR5Q5z0bNVSdTDmWY1233i/0i3r4byhKx5F4gtu+mHN7bziL8csqmvA71vjbh7Smvg/R3yr29K2Fo9Y0537noudpjslNf2GuKrad4bMFGOb1gjcmWLxUlb5z1r9m1/mc3aparFPXDZhv1814bSfxiA5L4s3baqP/cnWynqvNpGzv4tqX9b7R9/ZsE6t3jOwla/0u3sDf/b+7VLjuyP27TQhNAExviuw3c743F7yhBwLC//vhr2zTzc/kwwTB/XdO/2Mxd/VlcJP9/qyH+7N3+jb1b1ObXdc+ZLxXdr6uIJxpAvwxoE2IFiAkG+N2dsmLaN0KY2oRYcz4vQMwgDE6OId9PwuN+Po8qRKd9pmlv05zmPbWnUdXw9/MPies9lOz0ML550b0C8lLqCRLWqdb/X1yj9kfFXmH4Xzc/6/a/1L2Tv/ol/d/r3v8Xjvn3IAPXgz4FnscUr4T2AdWomVH9SuE84HQq5PgF6D3gFJoIeofr3/fy/w0m+DepXcP+SvxRwH7hOf6l5Wvkz04iCpPIXA6rur1WSVV6hfDtLPsNDCDb/63NoULuYaJXFrXtsPht79lWP1Iz6tP2jLpDhZuP3O+u8P0y8nQwvLFD69UtqOsJWAQIVKTB+7SYFl9Dl+G70YIP4JnlOvYrtLCaPv8ztNBUz3pRlr+ttXBySfS30OK7ISL63xSiOiq8Nn1FP8zj94vDPwAF/6NAxOdBpH/xg0hLSjhAD3Gg9BH93jJXRnF+aIIHUxnCfG4qNximVO5ShoK2L5Z0cvcuK1Ot09w3y5fSH7A8OJEQc9kSesBhSh29ywKWtKQwwbCv61Ma5b3FbHTL1gI9b+FO96YtXl5S1/aonFDajCLRts+yzbKUxAjv7R18pq6MSlNQWp6a0ijT/L9rP/WB448nCJ2mdOmozqlrOK8ljTxtA09bSdjy4BGmvreErCVll+VLeghMD0PN2ynvFD+i5ZT+J5YHv0jtvX0zp7OHKa2E1oQesEI0neY0pQinEhJl3sLD5xIcgNa49JPxpZxunOeLHiBKlm3EYEkP2e8HiegvXqAHVawpxYTSjN2P11FqCZVOfY0xPTA0Hyu0KkzlhZj2dR+ln8tm0BaZ8a1ML3uXJYJuOQfXdlSmdnM6cF43No3XzZqF1v3eQhf6Zd3UvM07bS3139F52hKZtkvevJjKCdEWxxe/pnSwms1bf6isBK552gL6ekhr2m5xUTnTFDIscoPN6TdjmLeKpvkvW6dL2jxTFrkwaFW8q9/4Kczbvbg7lecoixzN/ET0Xsok3/xE6eBRwL7j55QO/pGf07bY9/ycUr/fdMv9Iz+/u/7m5zTGXM6E0ujc+z4qP6fak/eW3Lg8IDNOW3iWu5Q2yt3St3vTDOo8emjpzeOpDFCbHi5Cafn3fN1uSbHT8zYFWGSQfW+/THK+pLX7ZWudUH7QkZmmmugu90ChzqRT74e60DlnshVjyM/93KWcI5gfqJt00p7tySSbU/p93lZIv+m7ytuL7Xun/4VueVgLvXHlO95P9rGbtu04lPJdbOBkC75kZyptnFLMy8NwUAapmU/2+6G35br9XLbUCG0p90APvn3dx57kfdlmQHbJXnTTftvlUVm2TWY9mR+OW/QLbRUt9LCJudwJ6WHyfhANlT/iX/o6j0eqWeHM8pOPsx0F7xIyYt7+mErYJt5qk/4lSzlkTs5bVvODgV/Xp3JjYSk7cb/n75SqVgv3zct/1weqNsQfg1Xm//IjVeTPTxN8sOMHO36w4wc7frDjBzt+sOMHO36w478DdlxT1L8bdqT+f9u8/GDHD3b8YMcPdvxgxw92/GDHD3b8fwU7brB/u7wj9asKmf+E8sXfUnPyE7t+8Vun+OYXJSd/WqHiu2D6n69oQiTC/lhptLn3c/HPP1uy9PcG+h+VTf0T95urpP7KFdUz/L9Y/jzJ+9Lp63iR7M3vkVaS+PF3rL5+cPc7WWX+ldVR1J9RDlOgC6wX5MlklX5lqH8duf46Tv0hlP1vItd7CSNXLj2x2rHD9lJSoV9WVk37KtjolV8K+h8vc/Mrw1ItK9Gb3qsRKwTjdKRKrWdMqst7uoy2zPmE3vFVli855qWzXGX5dU9zK5y63cW1ogOnoGSPTHS1ddGLhAgYI6/X6xcXr91rRnTngL8mAnphlAzaTrzKTY1Hh2Hc5Xpi7C6yFwTZNRDcEWN0C73Ft3yu7EjML7eTc9z26L2Se73e18/HrWbkbYN+zRouK1vNP2yOfrod/YC6nGroZ/3FG3sNR/RL3RtL2deKt+tfkVrIRV+xp7IhupZ7etezt8bry+tAl6ZVBppx4SB7b7eEEnpAYVKGfjCbjVjttqvRL+/fbkqnXVYheo/mcefc9gc0T6VUg3wt48lG2tDo5QAR7orh2jpd1o5yCH33sWVU9DaHu/NE7496MqokBjQM3WP0JnjNRb8MHpsEWk4Xyc0orLnuXjZ0b/Y70TzhpfFyyM2IXhMQsyfTxIzj2iwZ3mhPTydgcjne9rbDBfK4LzmD8MRHwpbWq2Zlr286Tjm4w7NTQHseb5fNsUXv7TjBcR+OyEi3rnjKQ6K1ecwYvG0w9tNvcTbbnhMqPfDshVPKK1ue9PuVw10SUXjzPCj7gnbHHbHVrdsOvWkL85FsHOUXPFntkit66QU4na1VFBBHDfcexSDu1KA9vbLO2F+2YhA+LtGBV+OMOjzRS0aq1SaLHgL1CNHP9uOk+SSi7PnIpJ7cyi19KDO52h8kVyQ6V9Uee7rT7LZN732+dQF6ncFWrXwyiOMXRfva2g5d9Iv3argfcorEsJ0tnIyb7r0yvzWoGygdUQu6k25IsRMD4xEJDyofh9cKc0i94sKXtwqqg1gmyvTqhajamRiJXk4pkPVedgbmCEoTveNs2+iXOj9FNXMVDCM4G9i5t5XTudQiMAiKvymxa3ax78fenaU02Xnm2RRtzR6L8ql3Oenwao7epuK/rJtw8q58t+OTmMdW9NbkB7MT4379oH1yr6TXjdYk46XW40G0avWhRJsxfrld3N5zu3a2ieb4ZnPYV4/OF53RQL/wf69OsqL7h0YLuRH9GD+VAFbdXcXrCb2CGX/EoNmiF0dWW58/prW5HTYAvUScXLGavvMdFRR+Ko/ScES/CsemihJXorYLDVNmnCdxUm9Xjw25XoaB2KFqs2Zwh52PWxvGm8Q+fWgPuynQ+wFs/+pfdnu/41mH97eF2HJV5qVHC7tSVa7bh+dt4x+uaqazYCtCoTZ7kFQ9X5ztHPpJiUjYc74Lyavv9GKMqwwDGuK6psIW184c59Zc5tcyI9cH3K1FvhwTh3k0pnM1Y7/XToPYn1xjXY9pmO4Z9VCLoYlp4thqbZ+B9bZQipvyrEfvIho0UXTa3ZVreqsVvXVnpXXpHJ8Wcb/xB+5APJxmyzfAfWZSSV8Trzmfw5WRhFd9t+PiPgAgl1RcfDpmGlqv/b3Z9Wzc0fUpdthXUONH747eavAcxYI39KAu0ZtKVox/OrmCJQJjbVxPBs9atypiRSrtAKmtxpGTpI4M+jp9NNVaXFX5Bb2zirBUbpeI7brZbfkC56GmaFaHfB971BDPNka1yrhe9YboaEWvziyiaB9eXfQr/nma+OkKf4J90GgbvqWuLP9k2zGVwdGgBYs8newKVHFSdgDzGylErxjDnFa9uWVZ8SpO7bxmDUgy3fjQ2kHHIe4uVmXv0569SKKRD7WSJ7lWgx1eu/oKvHbk3UrPHN+Lr6OuhBlU9pIiMFLiAm2vVKcxrSXQ1sXxBETXeoSrXbDSOPmpbyn/wOrb1ZX2qfiK+RvJPal20mrNRn0yyA0kyrqpjHP10LGNOL3u4OgVLBUFm9X48PwzN1CP5FH1TgO25vbGHiTtWakrZ1dzd2/EbuSKst29bAs7UaIjg++03nDD3JD1vHjZcR3uXhJG4YnfZWR7bl6WUawNTyh0GASXPX7VHgW+fZJsfxBo73k58tWjtkCmdQIp532Fy+6qHFOvUnKv3A2WWl73niAKRLGrt417OPpyUK7IlO6Se9qnarG57Z8djBcerU9FbSdtT/7pKpVq1TykmHMeDA/I1/3FkcjaOaBctRGncKmv7woHvX5h3TavOvJfDkGi991u4MARNyLByFq2PutHlm106JtzqTp4jqDiUrezE4vj8YNdtc8dt71jW/u4R+7PBtHRjqtAx0ritl4nHnrpVbettUM5dqdTIUX4zU5M0JGpNETpq5KQUbsLGHkPi8s5s7TEQK8LZl352Q5b0iyywl6ffLI13MO2fK7VMnM9Wcl3GzZ8yVy95/dWUqROZaZNSw6VeGys0XpUdtJzPfKXCVe8rnd2egsmu1fG/Ug6QXzx7+W2QD7hGudBFUBXIhfxTg5ZbW+3uGiWgDVpPEgPzPVpOZJrPS+aurbGU7ZupJ7iT9pZ9uqjgzyug17gFBOPs6I9paKoHPxwysJVzXM9fw3Oyphzm9DHi1CukSOc3u6NoT4Ff5VYbJ+ISaga7q2nnEOh0ft8vWJjMZJfzW0vHVlxpWzTa1+hpPdwJIQTSOkZ0AzkJWvXgcacTtnugp49FZ0qZrqR5x2gRVrXkPXmEFhCOIDz5S/zezj1F7t6bJBWr48rA2n+6BjHky/1RuJmNjSaFnp5zFgo7R0oGurjNGciokZCrVVle4QnxOOqESBbO5n2NnqxZ9BrTg/IOnEneq1GryCUsjtH3gE/2PZJJwc9lB9uhe+IJss8arPNlZNhdoVEH/u7hwE52qwr5RSulDK3qTYMq9Y/K6XBHG5824eJf25vKRk/k42PSMipCF/t64fLcYpgpmnO6abQcLZ7tm/72IoLjt1f725liU/oPIhnsXuUHHPA8j4kFN/iBZ883cS1utJgpJJm4TkrBTIbd/busDdUT5XFK3oNUkiAjEfvRBIMoPHQCxTOdp82YE8ZFnPhH67ZHnaEjXORnNw7ELqmOvR3mdE26QYJ30VjH5ftiigKJvZF7j7E16EtE0e5rW32eqDSx/5+uOtMYD/21XBkEwhey4dLNZvyZO1N087P8ZpB2Kff6cwDWsfXzse2p7ZtdEp5DPfVa3Xd1wTuZs0JWmIFgeqgpFb1o+n70ypjxdcWwnD6aPTrY++dVrS++j/kvdeO7MqSJfhFDVAGyUdqrTXfqEVQMyi/fuh57tyuqqnpp1HAbGADGZlBp7u5ibXMXGxP9OR4TeSl7VSWjsefo/lh9/A2GeGhzerqd5+0TaJiv3MQeYY5tVxkIVaDK8jYCek/9yq2rV8EzA8Z2iFYgcEKDbKfvzmCnzH9lKzZB0T6qrH+SN9FRtw7PgLVLyFnMKPiOHtpX9Lu1fxg/AQi5V22JXrq1rhhBI2uXa5LtAByYgWPAsa0f161Y/ZPsIYEy15VhpD8xszqSveuANGjfa10lHvAf1UokS4QdHavXMTFEfHn08V2/YKW0zuTpH9WO8KWpI9Dv3iDzcNF4Fpx1jlLKuVM6zeGWot8E0HsoaD7TGKbfLlfb6WzffzOYGhOOh0beJODRWC1OC8wl1yCdUlS4bnwIdYWFPm9dkwW85Vs2tfny+8K8YH+bcfCARepgU528d3nTf44oRp7E67/EBcamBTbBN8TruSrrnEogZuUOAf1b1GCqGOdiuGNe1fH68GnwtvRF5I91MfQfAyPT0whhPFmSqBOXj7fPSRT78eT35u9hTQ/2ZqwZCUDOs1xO95j4htNRJr06qVpUXBxGa05+ImwuWu7jzS9vy0n//OZ1cspt58VUsH85QLMEYEXOsd8H8k7juUy3ANq117MJgujm1GPBm4pdUM/FHXYmNKSWFRNEHCT7whsFVDRxx9E1IRAmsdhO0D46dAatPk1PFO61XjwhUvlFEZs3Wmfr2sL7XyVBDghLvC1+nokdUl0RWCinqrbKX/OUUejWAKMDsJEGdwQFalzmxfXT8Wt8yxcrIfKAguoucPsy0+B9xQGn/fKovACDbkcL6W2U/jHQUpGtnptHYfKnvyxu/IrSqhhQaYjgMNWOD2Ull39nlEZFHZwLcgleQw3EcBPvKoNkaTbnojylOnDBvW4mKeut9hx9/JeNgkVq2Hr1vt2NhpfXE5WCRBrhxjZgFtgKYiwFLU2Jgzs9GIug6MiOi5meTEG9zvaRNeLdqnMB055PPSSJT1b5orvZxVadRjctTRRRxc3Mo5ci2Vq/8SJOp8z3D3Dapm8Pks/rIGrh3834Stv2pGiKjzhcGUi9LWkR9EQMIf633V2kyBy/PRasD4zbYuIswq4TqvxHnMy2I/D7LedrhFipIO3JKSNYSzxkVge9CqwTh+oyj7vlqugDT5yTdjtJmJ9JwgTCwrdGbvSdpXWJO8ycAc1V1AUIMcNf36b1OmLtlclE2Vq2CW+sKaftE53tq3OssoM2ve3paU+Mi3rbEwIrhVHJ/ZvChmOzyemHJ1fNMztiAIMDYZk+7ggh+FrmNuJSu0Twq5QUzQ2IlPs05eoanyAmev7TR6Y6B/Z1qkrjcZfR6/sctJmLfZkQrcqPTPPXw6BKy3LlRLtCrTCcpx9MbeEKdd7n6bvb7yTd/qM4yA9U76poStUowtL7nLcdaaDUL5D/Gn0qZNGyDo3MhCVQPCu3L0hWJbFaFVb4wpBnkpcOBCFgCt8yfDICS8xR0bcN7nBsOtb/SzQOV8+ErN7+mWXTWhpQRL0Fzu0U5O3ix7w8A8c6c0YuHXXQeDhetDhZt4tp9LFynDp6ajKBK00F8/LL3VNR3b4CX1sqo3X3+z8weiQSuZp8J9fhUMNnQaUB27/47H4jcKSUMcD3+va+vXLCJ8vrk57B/eEsJERm/38jCgkEnZ4Ve34Z5LSMpa8T2V4Sblv0qP7QQHSNV8v1PIZy1f595zSlRhv0BUEQTtX10YbZdn2KHQoilvz6uJxxFHhBtl+Byvwq5XaZ3DQkB8TdNJmD5mvwCYFVV46JQV99d2ocWAmGSOQ4gDYtFpsAoVFSKesy1ZrWo2BkFSDtktNhRBlkjGRU7xCUoctVKpRNbbqU/RUbjmrPe5lgRQ0QERULN0rX3n2wDjbjIi9nLYvSA7P9sGATvND9uDxAPOz1Esot15fmU4uWF0TCiG4e8qGi69CpBG3ivu9YuOgZrTL1+dZ0fZ7bDf+zRJnUuMuDPX0RdXu5TdJT7bhgB49D6o9ny7jTA+ylITdfgjusc+kT7+m3tjLUkh9cbHsjfVT+ner5S71wCpQ+Lkto8tuw8hnVNWWeE9Y8UUy9nNkm6KvyvBcMPtFIeiDFNH1K9df9yFYKS+vE7hRXES7jXG5ncbaVDq+mLVVOtZGMbmIgSqUjkWd34X4/l2xCVehgHAT6MDqe42VbKIXfgOOXxq2QvHGKshH6UsXE9WIF6OxKU4P12J64ZugJz/1YqLjl1/wY4Guqxhw7AXCRR5AisoJ8UwGdhF6UzcOtbq0yrUKLyLMHKmv1ka18Xz3YmLIq/y2JQZVHbzin5E77tsWM2RBZuu85R8TKMFzNO63fD2dGeMOuNjwAAqr2z+QnJAOg52M5EdXk6INuj2SsJ57SmeRK0D1KitGXhbX4P75DF4vptFj2Fp7JUtAVvNcVy3xs1RR+iuNvzFXvc3M2rJtYU36FXO7EATFESEukKyorpKNs3dGg9Awr2t64JbPxPxJowBVsih5P4h1+o+DpwHwK+qnKBvQY4wuKYoG3YYZ9Dm0KzavgFszyajj5mnJ5nISymM7HUyhvjI5e5X5FBwP6HebQCAsOyrBXsz66od2wTxBkBZ3ob8D+eSIiBKTBfWTdzCPyKSJ7T1hBTgbIdM+bhQb4wSr+NXlaoWuRo5xCmKs9fKWT9hs9a6RLx/0hH9SXUMsKhuZZwRIfXWQ+QYyIWJkyIxZXRqz059/44N7XGyM7bQ2qKu+Ed3v+WzVrSpYjyskahRX+zR//IfNUDLJOkxa4Q+XXhXIQkQVihW8OKcfv+QVyJZZpfzQciuWV14XvghDUZZha6GRJEJHsiV7+HrCfwFwhgzPN2FwJStLECdoXXg2ZOwzmJLOjwW12foSajele472KOn3dI5SusL+ciihxzsGRFB0Nf2XtgwtbXG1G8oBjfQeYGos3D8WuPOzStZv5n+Y4MiI5cTEqR7fgM9qlNqNjOsX4RZL2E4NqSX6SLCQL4i/r6l+2bzQL5mzIc2YMpCulIcNOB7ZHefdhS/ZAobmElrGEfeFY14pQYb24iUwnkk4n89o48W0k4GTrAHW0HNPcr8QOnrS0AK4CCetKi/0HwVj4fku8q+JrAzAFB8YTBd+pX44F9FjaeW6fr0DcxM4cxlrELcGFkKM/uX5y/ew8qx7KiABAx/R06sOCi5WKSqPZOKiDJF/inr530sxeJlUt48JUaGdHK6PAJMrUxlGByNl0bykspfN/w64BfIDQO9syp36RHdDHcULR03XFUg3d2ygwJzAq4XWCGb3LeiJD+Xvh0wuVXU/l6Z3xO8g6MewXzYAEp6MVV3/xKWr+VGZqXX7BTCFq/1YAiflIgu9ISzFIgkJg4qnHs8ddptFPP6RLGfiXKa2h8WVusosK/0vKAlu2q47ABMA7k+VFFjJwz2Q1Xuj6cq9bL9ghzfx4FNMBEaNFpnneawd2O2EEnmRZ8BURjIRVNoSxb0dmQhGzvxdgop1pjUPqxOTEYibpG7oeKMoMq2PE5/gvl6lmzxhfkENysFWgd98d3eOn2Shu5CGOOCQEhAGjeTYQP8q9DdF3bNXu1PwvcPg8qxD3vlIsroKeGj0vd7/2rOQfeTolZ+XS7BTjwkige6QUi6Nf8B60q3Fd5yTPB7SIj+hyLLY/qlesm7CMYoq3CSCpZIW8+KzY3q9gQl6wuvYIYl7R4zlgBesXxHMjmIwOtdot6MEQ7hJCqPidrKdkX1YCwVSPa49HTCg9JT8j8RhFDEv7yLtDzZ36CGbV2K5dsg0VZOJF+q0FiWmYh84+ydcyFogn3BvWdAByINIOkj3bMjjxZMYUJ9YwICMp40lntq8AU07DF2fQO4ZlOsxQBsJcO8zt/wcY/o9iOvjQ4t9YvTw8o3gzvIxx5JsZoKwl2RI7RXc4J0O8McHKieBZ4tHMVYER/bJKwYj/KH3N1uLB05IbqfsF1fTmMnsWHB24G3U9P3zGDrBJpa6BYHAxaz2oDMHEEAFn/wMwePLNr9BccDr+ukzBNWID308ontXAGR/CxS8F2t9bchHj/czePgVnWhe9fJLn8GCx/GYknDciMADJlv5ACkcGfq0g822L7mFsX4qCv5L0PJrt5M9DfYgQOAq7TWnv+zhBHj/OCtqan63Z1kR/Qrrlpxt03638Pt8yuA25Oqo9QszBvGXa98pKXqrfOhdqyr7u4wMFyBZjQ4zIScssnsKsymuw64otYJ6AfzTZh6kB0ov0r7Sl2ruP4/aVRAbPiAWRsQr0Tkg0xuG9HxEgH63wt0Mr9QpKVbpYgST3gzlPJZIgQSeyCbfec3JO6ex4O4KndS13Y4r0HBuXBeRjVBE4CPdHui0SsHOzT5+/GXHRlicpAMAdPIXfYgHh7KzlHKTupIP0toMDlU94wuyhHxHXOkTGh7TlGi9gAfZz5nYTVDPUmv/r450L5yuzeJabmyki7tmh7cp9i9418wqKMF5XMJeGJ/ZECIbBSVP4eX5pRKtMbYSG4AhIjfnOQWSeBTMRnttfC40WyGmf1kMqfPp5Utwr6DdC88EN764JMXXquzvNUqIBFSZcjEcv4hk0iJ5uUR46mz9fI5EwNRyzoUVRxAfqo72jpnltrtssFvfMj0ia9eZ3dHPNqPILBfQMm1uC5nSdsdPG1RVgys0gCdQg9JiSqL2o3rz3dq/IDjCqFnkbgmmdutqPSwl7sXwKuzXdRSXTsz1323+KPKn3PQ/IzL8UJAUkAVcn3DyXAog/UXDUMUbn9NwU0pT+tcEt/axqJIQ49N5Qdyu8qNttx5lVyg1mMEQtUTbXpeJluT3g7E7cbg3LmCPiJbfDg/kX4EaIzs/l559TkemqgSzct4qhncYZcPnJlAPP+p2St+sgEj9y9Wl/oMSgkjU65pnQFtB9UWlgPE9SBIlXJGnoBSKQryw7fCV+00HamvPHn2Kv6UhzD+RiFB+/O9+DbgQoHgDbHxLtqL7VcAGbCLygaIDqnqBwYfPH/NtAnA28qe3ctoEhp4VGYVw1OflHtLcCpUMrNmyuLQvfL5vubOLrW8fBQAs8EpVEq4fJ7RPWN7chGlfVfmoUN/P7/vT8CRzpTTrNLS/QjCoi3LQ2Lrt8rCwr1twdh/QjpNVWACRZqjuGZiqAgddnwt7Rx5XL4DZacZ954XaZ4bEOLOsOcMc3vFpgCo3m6Xyp7BCEhaVivCASdwjXteIPgBZOlSh47zkVnPAFwA/ploGH8qmXjuU/3Ie63z6nJ1h0U9xMqSppFpx+0AFIPPAdMx5eOd9T/8q5ahZxD3+awS7UJc8Nc4586X8cWvVps4GrukpUPZnWj7ROunQnUPUcR1HZ5zAXoEEIMknPTTViYjhqFNyMa0Px/EHfxF+O0bN9e2sOArukp0mQK5I1g5rFY4qQNfNAFFzxRJlClcOiSECYAOZntBF2F39SiQOqFb9Mve2pTcDM7CcuQ3TRb+YSo7b3QHfYfUgiH9vFKxzA76oZ4zFQLawz+VLltHL01z0Xjcqq2QkMhFdlzXtVuXz/HYzlHhT0oGC9VZWfwWBAzQnqlzchz+sj6e6NSZv1COOy9+eGof6RX8+t8dT4jXIN5f6PNfyGl+vUWSvI2qHnahGaEcmBszyYpH6eDxr6Mw+Yl0GGOCyjaah74eept69BoXpLC9NEHkz59Uqu0t953u/MXXg1wiN/RgoqoPMJfCtDin5wRQEi+6BjLiiC+KiYHY8RFR9gO5b+XTyP88vLaVFOPJoyaLUY/Bs8SO2f3JDIIfyh8uWSoIRdYmCbiraRzovgDXn5yELoIX5LoLs65cAT7PikfW85spx7wUv72WyaYnVqxNBJGV2XJuXuuSOiGvmMGizMUfTbSnaEpR4kipaI0hDuWLoCk+6L0l3Heinfh3sDlbiermygUfBX829OlEUo//pJlg3QK1IQ+zwrfvrdH6mShZMXUgTeumYVpfzvJR7QFR+dSy8uNMqCLUgKZ1CG6oYwBD30/prZePUd9r0jyeSPdytd0wp7BksIbl9kFRz6YmU7wMUtFohCSt/v4Fz4sl/nJD55QBWeb03WhwUISroPEGcu8dy0pnKxDexFBR/eSCB/RqwD/XpdxP5FxfqM8Ze6xGMhDWMI6mh6AQyLiQBIlNgAPXeCfdLjSDjlpI6nPK3epjbqi/pw070tWmDdijtBNEjfUc8X6cNiTsEjgPzayXnYSMCs4CqCd1uIS/H8MvhDFD79CMFNl2B1Vvi7DGy3vwONYjgJeuW0rgv43F6/Rc/noBNTgWIVEW/gMQGDMCqgWGbgcUgGzX3bjbeIeshjUKTkz0vaj8s7NwTil0lVVaad5KwaTqKKomHyRm5jjhwYiJRnv4nto2km38YFCOSJPQVlxwC6aBrLslAYl3Sl1/qEcPWRLj7yanzVl6QarP76ZSdKfUm/LUUiBO+RZpN07rGy2sd0eJ2v+UsIJBV0f2IBNCjrOED/U6btfUQxSFGp6QNxqsRc4OJXObF/8W3wy0r98Y7qFdwTTF1AEGZtTX7UaMFrWPlL1jUsQNo9U8OtPZ+GSB8pCjRz3yjGvTrT3WlL7QcPyMpAzUN5g3G4deqXops8Ft2CrwiCTBdy0HEPJst5tdnOz0QjB5wnjbhAwl81REd8JKKYqqiaqp2Rf4TxujyQp3yKt8wZFrOuHIfhjWmQhRlJ5TXUEUhu5VGuAqx3CQ2TWYIADtNY8I/W+Rdm9EmqtdyR+fndRuLGsJaPNF3GqxPsgkiMJ/tr8ccdFnftlXV5Ism2NehsEKAl81kgEkzA6o0ScQyCD0xTAquWrhTZ6qJSC2iyQOtRATKOde+lxNQj/HjPWpJf0cTc8eWQVGGW6KXyH9AIvHsSRyrLvepjaS+8gNmdzGPSXgmuBaef85eYZwWUQm36ywFSu4PWuCjHrsyH7jAKWzqD02CAOVTwlxwatr50Y3m784JMlRjRC2uRi8Ev3Wad+82p4nNgzZg1RHkJK845lZdIhGjVRD2F52XsyrVVGOq3Olcqb2wcaHdsYOzheoBm/kQfDNH2lBOtVzhn7C+ZTm6yFXq0VTC/IO5EOaP5Ekfx1WKecGR8biPceNy+Qv1M908UnCUZQGYM8nTNjalncoVhRiMtSHt+JFF2ReOZmcDroXEYqgJ2mEdU6BxKql8B1UONKS3Lz1wlz5sAkewhvBgPvVyAlLfaoMIN/s5/8ggKVlxVK8+Ewe+gBumA9jXRQurfnI17xw8DCeViN1U2L2Llbbmtrn8tRbgeJhjx8kaMoahyj6zP5S+vxh0vp8mZlNIedmCnPqaUXcvok35yehmI0JY+UwKkI23RuyN4+8PMqh7o5ugSQGDk5tY/wQfT4mnx48P5QJoOB7SmmlRPekBYQVq1mJKwU1CywbkC3LmHo0bL6uzWvyAfgHg9wELArJJYIogzFgziY1PkBjdwqs0lyCiPLOTId6Coni9XX75IGM/1HAwTkZnBOFHyy6XVjwQTcK8fKduHJCEGny1W+gbJlJi1IYeUYy2u+fXZ1cqfZWvZjlF7CJV3TkHGZcVrJ192ZZnAOvJS5iNBWfWFInN6auowf5hd0Wopuv3PGgOOWNVtj+LvwBVRo5TaLsj3xZibrJMLPz4/k0t/K1UKPERdbIY29kUTfdt/5BdQrmKjpzCHTE/k73MEUop81WxrMDRbC2EH7r8qNviMBbFT8OyKS9gbMv5CSNp/oirKkjMCsNN6r0T5x5W/2wzIoNKT/yFyHNBYxjuZkeIYvxLhCrssO7uM1dAE0vxRhbiIJZ2q9w/zwSIiaBbYHbDM6HF8MMOa+MFga2uTM/j0blM1neW3bZJDr4MdiLP2jf2jgKIfSanKyAhMaWe4lkQDtSCEA2tVO+0qT7+uErhsn0HVGqQ1zmOhurYX5fops1fu7Sy5/aVPYqDFTSsQ43yDh2Gv/OVqVNC0zRqp1af3ftIL1GRmp5HtDWfWiaPqHgHdfH8aLmwBGkhhuTheBIIw6tYRY3Aip+7xbFr9qz7GKZ8NHZrh8g0fapfwrK8An9bXezU12nqWFsp86Hu4fp+O9VXVyzH6lJcH78/AD83H+n8QiDRUGwHm06Vnku7/1JuDAT0hGst1lRkX3H88mP9VUMHBD2Imgj8iqB+RQ3iPD4fJchh6d9OdlDW1ZuSg+EpuSam7V+/MHsfM/i65iC3u/6DbyHcP4W6A1syz7Wq7jEM2LyaNwkUw/zCCGDBjN4u8MZHxC3zN4HVx1G99E5s6h1i4ky66TOSf8jRGDEAE9/e2UzkGGR0qmC+BY96xxMsYGEJ09/DArGtJGKwDP8NIvgsHneI/qNkODJXNeVUz19pVv/esFsynkxe86dZ4JbXFnGhp+37+LE/O5xnqWLdmF+lyOdcjkBiQuAQwO8CCatYSdU3Iz35Sf5bhq1FLxcP0k8Iu78PW0SF4bJoCMSt7KtaLBo6Q0V8/A6uuzFrktCZXS/YJwAE7NoEmXMn5EHICK6a0ZrP1EIi05upb4ZxwM++GHwu1kmuOhnww2zN9d4Wy1M/+j9uJyBj4xEZlpwjBwm2ouKHHzMHtMY+HdZKsNCojh9dQ+5k3pQ6s3oMovZ8LO3BlbCrR+jTL3zX0WWRRAWuVoz+YQL1xeSbVMVBOTk8UVOK7PX0eAeHSewt5Vqdi/v3+EDY1SBRjvOlgAQOqzwiqwX0DMKfJ5f40OxL3cItQ7vLUX3Txm2PYikRB1TMPXn4wkZV2XyYjLMdPlUcv474wyLidm1QJITNMkSP4JdGgNOdWvejPdFQ/tqSeorJSxftBZHqX3ic5GjhJ8Bq8xwD/Pzg51dLHEkIA7kv8yvj/IYJwn16Krww7ZC+vz+/kvYHgr5lvme9eIslgawbqifji23mzPZN9hvOITthkbcWGXNeHtqsLpPpcB8N1fPbqNPsZkb2YG2ffopKvozwIFJmS3pllzDmZZ4s/ln+eF7YDuSZnCxBS+LLvHtVlIuTIhLWZCutB3wQ7Z06bPNGvga+cQTXuU16Rycgp8rYh8bz0TcKVDVS+5gJU24gRp8vPQ66UegtZzI/bRWENhqD+MiapV5UqsHanXWJA2fnNKAFb8yqdNH6rLTOMh2wUnY1oNZMixe1ecTzPdhPwNqsH8wQlaoposrfHk2uENApNR9/hALhfhrpycJ7wcgM9B4Q0BTNK/lYQOhSH1u0NQoEgOW4rpteSaqRa1BTuyP+sv+aD3rv6S/0vPS16ysxNXlu66XpkmyZlTMKgvJCi/0YKPdJWmuFBDh/LAZK82FskNrytia0bKVXote5/NSludFxExWHV18cH6CAtD0Of8Xtor5A97YpOXWiT1Xx+grIIM8ZqtYSNMTAlZkcJCze3x4u9cdy7t2duxyAcjITxmH+47sDSLGXU0wzl2gqrkirXjMKpAW3PUrUPGBoQ5/zIvUzvnNp8m3EQVJL6KflBzD5HbwYFkFZzhfQcQLMLMrDOw2EzSmQdjcWHbEecyM64nsNWqNMA9lg0+qu1NVGGNbxZDgX5n79shssaJCrN/6sMyLlWe61Q3mqOtRyvsM2ulGhUdppJLZubgCCWhliHYbRF92Gw63oL9XhRT2xEd8ZwUSJSrbhxwG8ugAmFy697U5TXYVZfHh2gpZZQle14gYpvy4xuejDg0wQWIeOrG5RZI/QNvQiZc8t0/EPrtQ+D0TibgvKHK9dyDJS+4eDnlFeOiAEMDoWJr+t2IctuttG1FUqh/jMmcl9LhIVAPzfsEvGuPgD9bfY6ju9ji/btNy6S9z6OJziDcoL9XFCdiEQMMNcfVm3sQLPyUfoDbhJmpAnyeFO0MZ1Zj1DeLZKY8se4ZTVhWVh9liEG/+U2fz+/iaZPD/2lK7dHi932duCzdjSLPEjb/9w+KHC5vMp77sZy7MIf4+CrSHKQa/bs/TF9Dr7+eiXmWQrgfKa6Nr708YC4bFgV6TQQyg8FciEw/yiglKVUIUXbHKFibWYRcJfvzTzn+4EW8yGIb4T6ckNyQDEJgx4zhwFFY7ssRdE1xGKYH3UugrnaMrhlWL0LIh/qnoR8RkKfCD4nebb+Wn79oSntHP5mMv6LBnW+jdO/MItfQE6Q45PnNogC0KKYfQ2kXZccxlCovi0tbplfs1o29NVBD9O4RgxIUnXsXIwe2Ri01j08fsBV9KeliA7RNDg2zDLMjc7Q0r6DuyBcMWlMaWR5kSe+FjkhApmOXQjzNwH4jVHk9o92SckrSof3QAcLBZoc2bqfpkYZb1rkB/w6qMVI/KW9kBUbqt9bvQHd1YvRkqmW3G2XaxmSXE7PvfFcdm3NzROVC+pocnblHVTlkGg/lbLzzB0pKxc5cSRnZytD/KGo2hNOdGH3m5zU5R7C32wUXIzIgaJs95/0gqRZfqKd/LlF6Hczoq8CuY6ogqpBBOtcNMwyd+lyRbuqj8RvSkFsShV7L48PTWOoGDU7qoVzewgbv4KtHMSjI27q2pSSkPBTqUKniU2MjHf6/pLrw8DoZ6ZNCmcc5r3pW1bX8sVDSyRuXeGzfELnpSBsZtkUBxG+/EG2taNtSVr6pH14NCDHSNUmNQsKvw4xxKJEp3vksr6yfbQCja89vINLWEqVauvKQFr05TT6UgnCVrXM16h+lZmU+0OtcKt2zUbMvMnmwgGlu1XymnbC1dfWVQvK97PjqO9jNSDaOjw8OLNSXXvYzw/KFxQbk1UFuNfvvgNTTMqUckDs3kyg4aWmLMVAVgVX1k0ZfGSIcpEs14gMUyGmhzeVlhBa6oUh1VcK/2jugTA4+I3he5Wy7nubgL+7ZlgtI+el3VfzT+m4w/B36pFNZTIU4XXJ9XClbh5ERGX6Wn0Qv/bNlAG1SQi6njFWX0jp0hi0AQcM/f1j/guW6VLT/vbAB5dlD9eqsaE6+hRGvCBB56o7Ad9LDCBQOq+4+lwg7kPFue63DP0bWkEW/rTGIJg+vzgprYzyqGDKDrJTgHFzZq4xLid2Il2GV1vYT5S6T8/vGuvyz9kJ+8Q7GyEPUDgAEpdFGMZrJj2h3D9K8gmtSh6+XBCzMXET90bry1bTT+Mbdu1D5VTdWH8DCE4mqFxWP1pcSjmxucb2ExiSxdNq/J+ltbL3a0xdGQshrWwD3nkM1FfilyMNfhBiQHKInzFUS/d8k4u+cT9uiiJY7k6bp4iQTscYvKPN4Xp1yCpRs3LUVGQzFYRcVQ0xLRqjqXKZ3LJfHPtmoFwkn+uF7SkopRhzreLQOl4cw/ZOn1JeGTq3sV+M37DAht5VV9DMBl1bbmGGX8vYmN67KAZs1yhS1K52rO7OkTL4DNWowepxC4xS7G806I6dzxObrR+2Sf80T6oLEwQ6nMbhtajKxM/h8W+rmvJxu0pXAzn+zU1EkiFWELyfaI1viz7C3Z/MbtOnmyIU8IuM+Sh2N+tkDXRBLlFJB7nFpGHfBvTDpJX/cIW37hwvOOq5vJ/YDp9bZC0kDP9NwJot493QCNqbNWTl5bnCKd7Q0nomRQo5v6DEZlpRa2pSWTcNJ5DiL0ohPkA6vbFmJr/W8nZL1QzDa4C8ktI20+A6sq3k6HR4ynYmINem8/CEh4aW5hXJAQgBLSc/+7OCFW/SZtSLYh7YSeehtPXVBuiOWDKSTMU9ZEmjIQKlBFom/5X9prS5hKWP/gMculgAynNvLQQ59evUtf/8wqP/yu2BRPYv+/S+dfOYOL/uDEY/282BuP/d20Mxv/vv5Xj/7VLt+78f/wdXdBO4//o22xN1/t/VNP6P7aX/6zt7/7/zB70/ws0C/3PG87/m/3m/89uOMeR/19sOCfBZyP6Z8M501J/8R9sRBeQnrNhRrEhvfYl5QB3Bb2AknblIQjOIvbJbzj2P5elvz+e5ufJK5hyjkqAxWNW/9K+qnwZxif0tq2HH+PYwfahF7keNiZR4XjTaDnU6D+u9ZJtJ9eM3itnmd1XFD0q4DVBNga1hpEDMNX0enSgBRpKlmBMEEWtRfvKycChs49u6h4/D1/rHYwksLSwsBeiKxuBtbJPMz1hwWgZ5Vr4NfGsHcx/tsECFhX6ZnA24kl/6V35djNbMJXg0BIDF2tcCyfDmpSdPfphCLvetG9fvyxNOy/q8j9BHMW3N0ete7HxB2qKVjs5OWAS7UsvdD3XqA6SzAW761PL9Sn5fMlX0QJe2k8IrvPWpDiL/a7pTfDt4MpeAnJi7cubfninYI+QrIZzaTosyAPIpI0dTXwJEJOF+wG1PTzdPEOKxWM+fUPn7URqR1EqXlo5NFN9CaUMNr+Y7pnLTSBrBI9B3XZVzT609eQMgHXeTPY554lhanrCNI60Wy58e97cU3f1g5D1X64FgQx1dAHfc83WlfMYnG1tJ3QkH42xw+QK0uKp9ezmQBLBtcTVUDDb5+3zJDgPSV8MV4BtRaEygvUF3RUnzPoS9PmhO/XrARTzAD14vGJ7+LhuG+cxJg/L4qmWBWWpP/3I5tV9Lk+s6X26Mfm5Ujf0YdlZuzJLyFOpG6U6t1Byds6Tm/Pq7ygC8Sxffpt4uDAEo7N12+ag+aMzcpogl02q5MJJFdE/cWzInxjAPjcM9C4Rd+omP0arJPcJ8zY73oyE0CzvPErM4jJD3OaZJgClKgWk1OxZ0+yXbj9nL46iZcpfHX2wjtZwDGRN5Z2nMWLPu6EMWUsFK8v05RNYLfyarI14AAs7dIKzoxysWPPBxAtTRxg/EVMzd32PJdi4MiEEi+kskbd1WVkMEmE4eO5PluYOsGi0YTFl07bLeDAwrT3JQiXmDs3f0k05VyzbJWou3njPddwEdq7y9R4S/n2lVXlsSos3oSjNI/OXSJ3xNmZ0FTHozVD3dQ2YsnI8EfIDutbjo0NMulKjyqwjtSCh9cHG5IUnVqdS9TqwNXYJ5FEf2PPbqVD3Qe+o5ZKl48uQvy2IYj49DRP7FdcXr72YVcY8Tbco22amtQpS9ly31FcnnrEkZkD1iBMz9VlXutysfyUojO+OHGtTnv0DqgnCc4F6CE0Y6M7USpn22wE163b116gn8M+If3OKPDUjG0Q2B4ckYi+KhOI4IIg53zAaE+RXr8aqYE+Olv8qVjGoTRLzYWJcsIGqp0+P5vVtTwf3ZxgzzxjMLUNxfIQF4peWRJrxBpn85bSzn/SB1Z9vLfEux3B0FnSnkfCSSZJ0uzGnXzvqKQ2niIf0iNDGcvLCKXIuKAIz9LbT7V5/8ZOnbq4qeCua6IakP7pMN6w91LJUCHTB8N1Fq5eTnM5rtRXr++3Xtr+s3wMJybUcxu5m84vtL3aOxKgvr2R74eJzi+GXJQaOYnnuFo8vjy1NINgB7KcGlA8TSFAvRrNwzoc9ISGHGZIS2IJFPkIKs9yHNT7CCKnj5BH+y9F0PT5N+2KWVApDzRxYMuzaoFWTmg4xOYiRIBaC1PrlYAUs461he8KthPKtt5XJzkbb49IkM1SdWdVuRcNl96vqrmpAqZtbywaA9CY6v1DdZEy9MyrLZjwPywr5sq+G01hrk6+zjjC0erlzIypvPHAas+YPcuPjbr7kiDdyb7/qqBURPiA95hy+fp0q9O6a95BfrNZ/p1lGoFpy1UJBU0Biobq8LWGIMn4zZbYEW5dLm82bHgc6+PX35CA77mzn2xkVM1+Em5C+wVb/IHxf4VtDuRCv1q/TdprQmIrZpunXxxPv12uL6uQTdfcHbkY9VQYgfa+BzXZudIOUWmDdoJzsZn+vao2gCec3YkXmLC9T+hkDmLP8NyqhBrMag5kI7sfroV/mpsM4pjQ1S5c3sX2snvaUN6mvCvZisD9I1a6oF2TIP5xgBKWqeO3bb+ln92Cq9XdG3A1XD97vlzZQBShSeykN2mQd7k5SP/mcvagNLLC7kzIa1dYO4gssCBRiXJ3yqewjfQE5z2+MxtzuIpUXUBwKAQcESslwqCxtupzpOi9tuDCwTwRy5QeGt8GhFuDLL1gU2P8gQc2JhqizprfF+DVIokaGA0vV3sEWp7LclQ88ZluSAk5N6xKZfUmFGgxQbZp9lBMZmpUSmy0WOzc1GHzB5nUcCh3Gh26DNKR+gYRbfLjUsTIBw3ZRKYjA1iLz56pgdekOIWso/qIQoonw+WXFPFJ6CYvSVJrD94M8rpn6z8QfEVVw/SckXCtFCQY2jU+O6omI9+OQm59wnJlyUCgpW4uyNT7KMQEfVUcfrpqsh61Frs5mptn0oYZFTvON5Bp2vT2fg92/ye1ssJhCTtoZi4VebSbmebx2ya6P+D4N56sdyuEPxYnOSf8Z9jQO5rF8pZaaya8fRAj9PI70OKgOkef6qFQyMakpdLdGOEnxPVsvYrNLgQPjs4ovkJuzt99hWCWJnl7sai/bsFyl16X5yDU4WADmIjfItf+k9HzWqnjHbDhb0i8+wnnxYaXw7w6z4NeUpGkmTVH/KHBgzCc4Yp+C0Q/AKyEk7ZsONbhvrjZeSQqUMzEBd7VhNl9c8ebAtPLP8jSSmeLnsTtMXgl3uM8X6EDZLR9lXctfB2tPof3OG9SAQ8Ka8UbHfAKgJya8dgIjbhRByw8pQbelxHghrZ+yVMj9uQ/T6TE+upC9gh/jAL6OgojTKjUU2SobKOqFPqCAQ6wf7YgpDKvwl+uAkaMRBk416ABAVirCOh+bg2pjobeYHW05YhpMmWpbYFRITusx5N7IHZyZxXlBWq7tUhbcwgqOXPpNB2mGfYaNVlh2GphjllyIRZ5TB7Q4FGiCrUkdbf5KCLo8ym3V/MxR+FyWq358sstcOXKyRIBSa3BMxCqb6scTEFhe1H/0ND6nuQtCPUqGTAQnBDEPMMPdUDH06BQyPrr1TibloF+EYCivcgF4dqkSSO52FsLdXfXJuEdVkx+SJo8y/avooGxPMSQbWG9i+snDDaP+bRPa7wmATz+evo5CJIhfzPQWXJcGjdjW8oxQljSVN8zCF5q1IxrGM+EOo0rCHgrLyEwjQ5mGwVw/VxV14xFEM5iIjYCoa2zEwk8mvL8GG05w9f6upkEKESb+k/q48jEbHxxN+hCxo6Sqht1Mtqf5ug3dIawjNZooPC9aJfHV1TweLLhqq/W2LHkhu5eb4DCaaMRdWQRJ1dHAwvFRKnH1Bb5Xs8ezKRFplVdYuK8K1qqkPKRN2VoHd8ufW39CARRK9ohxP2v4OvhxlUjq1Nb6p7K/+2iD1fbTJt9V9CHBAmLGKnxfdWK1Hefg/W25n311BWO4/fqdyqooir/E1Tva+l1V90GOOP0QZGZZDzxTEvxJNyLoxl0kpHJXwJQccyY+JworNqhaMmlk/TAsC61OAZs1vvBhgAVpSaWN+jE8o7BNIZRk5ZoK2UDkSdYDAEVEBh4eo8GCIprafJff/QtfcFQ8v7E6SGN2DtggEnI0PeKH7QhxcL+nCMUgD7JU2tnieCiT2qIjq0ZgHnOUVvj6cStgNwvgQCH1AiAYR/YiHQ4U5PrhKsCqsC0nkdtOEpJGm3j19AgjiqgT0Sa/Tc430Eemqi/6oQqv++bm5uC3BTsYYgbNp5Pu3+sipsigMXj2Ithoc6i4kKpcb/hK0R4RqfCAwwrifk4eaD9cm71eMIUZSiwcJ0trNqjkYLbPb5TWyEgJHNEstAIA3fIeySleZHB/RIm7IuUHbudkeo2YCzOSUqqybrAGcVgwPBKprQCbuAXqlQux2YTUbcnq/crUhKE3QCzDiyoW6u9QrZJCQbpw87PTK3e0vgkk8lf8l/3G+UsdWY7/APKp7ux5PgNRoolAgDIk5hENKOr40mxTPbfGBdDkxyIcyDziktCsFWgD5RduVwIAm3QwSfIegaPATLDeSiFCGfeNWsffRlkcbeuFhV1/p5iA4hX1PZw6BRXAHsRXQNTU/pPvXYWOFOxhvkUBMukezEJZYWpc87GAdTfpgUBF1/xr2SVLrGjeEVhNptLfvnZzpID/uTz0U4zyn8P9PjDQuUGCgbY5601V+ATvzWR8D/rbnILOdXbP2HTU55zN73SCFSbN1iq07pHDcHMViCxYEy6w0LEnDnMyixWzshgntCqdnSZzXGvKS0X/rHGWylPynwEnb96N4yFfOz8UjKtjG0pyDGqiv8IENmGwciw5aGJ16ydxyW95lrT+jK6JU3FrMeQB/cjx9H6Wv9YAnX3HwodXjKuLGP7LuCqvtib5SdNC69M0E/evV3QVC/zJHtLAiQuhMTxu7jIE2uPQOeLB30sRPul//pElN2NZxPySyGlkqfllIv6YY03Jg/DNEKU3h/fzAPeFyB9yy2Dm2PxyyVktV4m9gK5thLoTl4a1zt51FvBftqVrmbvuRIw//tcR/2eryjfp/hcH5Xtf3HTJU2/JW29h8PwvR/u9EAVMC/FHvv/dOvs/3+CIwROjyvz2ac4QrM4HZzAHoc3QAByr3/77+//7/3/3xpmTIX7H2UCFRH+0m9rzG28SkWoTFwfyOgqxH5KWvLSOPuR6+s/tsP/70f9zX77fe+UxFZJzmi15ZKP+b1nHCPXTkABLw/jQXezUbln9z+3Q9Tsf2/vMJxH1/9ifs4hecj288r2pb3xTfSYGvyTEofwGfeL/V31655T+X46tFIVTe/h3zsjW+s/tkH/j7mY3iYwjkwIoDak9CPG54LDbYqn3czKYvdLnyOuCIiB3PMiGHvo/aYfLEPjMh+DJkf7IOgz+dxvft/2Iud/3POAd/yfPx/77bIZc8PsZPH8ZnE1q6N/8vZHwP/YD+48a8o+W/OtN1P3GeqBLf6OxOv7fLXiv9gCpxv/rFvr+P8njbQEyuPP4Vx+T/9LH/zTHlvg3/x9f7LEkvGJH7ME8/jPm7ovqbztJ1MxvO3YaNX0mNHwawn02Gv99j/407k96InX7KNPECIjyuvfvdl6ZX0feG2ccGv1/let/flf/X95lcj6YoX/e0TNzKQZb6L+yeeX3rxn8L6NzOnM04HiY+xi1/2tv/4Ot+khwac9/eZp9dfuZ37CuLElo/B90CPgq88UTydub0neaQvwbaUdfxjOdejf9HTFuen8/Q0CS//0T/0WCwD4+Nqr076y/cnKODAFx8l8z9Pv7bUs/Whe/evJ6PG7mXg1+26LuQHwDJvc/R/GO4L/zRP/2hOfx55N6hXdeyb3f/seHin8+FXwLVOYC5YZomqdp13eYQKoZQkGN0nGUnkgygrxL4dx4YWn6OlkLQra3WkvoWBZtxqW1lD1pjeE+az/q3lazU4FuqQxxFYgwBeoHjgUPyeuKHYX84L+YXVa9w3afetmPPnrQ3/6r4h9kC34iwaEC/NuZhgVx5A00vGyDE0rtjlShfMBpnmHfP//Hv1dsSR9qXIHv8fIbiv7+1NAys/+z0U14/jkSRKgqxJM7+WzeL8j/PAy+rtvDZlU/hKhiRqwp8Hzt8Pzxwux8LNDf0zXP8+8+Wg8Ochfqau3tyrUvpIte3kg8WFqhHDiDVKB+4x+BzNt/P4QeEeBuVFGNMjbbL8L6gJFrbt7p5D89EVifttSPKmB3c9L80IonpKOafHTeDFEFfcXVMIyWdQUUZRQVhaBg45vgooy1/rPEcgULZYUZ7EMQbv4fGdA6g0u+2L7TRdstZO/c8vnOAeE8OvSzPuGVeWtmt+UDRd3Bgecx9H6+n5h7xVwHNP81yubh4U52WLZmvOfJYWPGP0RFSbZ/gr3+q/YFo34qRoENLG8xXjbfKbG09Ij7WaZtkoebEJpha/9BU7dnG2wNJF4uIf4DZQnmzCXzp+Tqpz7/ZF+e71ur5JvIDcMydjvR/E+Ngw9YnES5QdvN/M54G4zKWQfbHn7Q68+zI7lkWM42aulbFMcfPI3tnL9rEro0+z7oCbf8rjnWXRxdJIBlNtayLQlmsbbrjT/pMoP1mnxnQ2dzhvOOjd6DfvlbvW0YDzyld3sJdM4UnEvGdi3TCr01K4+kNd+wsuvTaTjqtvmIv+d5gbw57YWwp+Ep5Q6IhTJPg/6ZoH/lFs4WZqfyQI+G5UKw5n5/3if9jAus+WHt4+MH7Lgz+sS7197fcB/oPCc7NYOPNtSLPrCRTVFNh3P7xQ2BJbvwdXg5Q7PiOdaI8ZGbWH/7yVygn9iZtmXDTN8vPS5gT9PtS9Sy1YIPthBLxjY8vtrLNMsEtiZ/YL+t5JxmDFmW1dHbJSEUJ1GI4aNB6jX1tp3fbmBnrS/LLKl9xcBiebuxWdeclj7LCu8Gfu21udk/BljJchXOil1FvnzN0K8M7PqBoFpOWLfmzcWSHhLkHF9XpQZ9r7CM9XunCebSt2n36/avxHV6orduBYeBcbJYM5rHtdcTSK9BftV5KAfN9n7MSxj3Qn72ovN3wih/TnS2kGczOJpl1MJBfNuo9oQuzTJtoWPGtsovdY6M2oLCZCXckMypEvAtMq3JKTEx76yd/MnnMKADDSZvBN0j/m+0EW2A0d8SMLz26q3U/y5H82mAbWZ2Cb4u/LepHjIQylAZiC3sRo7AkSHfYoZc1fZfC3vd2CuKy6Ah/lQz1m3tvbeC10uWo6x2799pm5uz6vXtKiITtmTM8qutvhLT5DptEapKNQ+xYwo8AAZODBcEAf5tWOaztQazkQ34jeR/dpSYe7pmWK1uau1CYmhK6UkqGIEL9mtw6L/jPsC6Dc2cmwLAe49l2WOmuC6iX79hMwEap8Wi+hQ9o2Z1ZNsQxMUW5ERa26+Z1n2tnUjatAsTSzOjrUk7TbSc4h/ze90s/6mHM5/HHBIJXSDoDZHOV1Nvc2t6vubqPJb/N6a+Y0laJlb2ae4e00CzxHvv2eEa7z1Pf6j5/nPi7iYmeqbLqKRMKUuVq5ovJ2c6Pz+/imiM2qv1eyd1WTHRcLJ3MbzTojQJY5SyiJYDXRB3fhfH6IoCe/3ca/atJIOXYHmzAxL61ISjQGPY9vXyPSdLYIpsP+FAyXzzVKJ6v4BUHLpsx1BxXcR5Zhhn4ZmVXhuhqbD60c4cWTOnU5bD3n6q2S6NJh2l0L9SyW8hcmL22/1Gn6JfW8HPKphGtGC0KketgMYlA902rmBY27BUrlZh/Ovp1Guaj6B6AyzFtEGJff6Mn0fymR9lECBzsJ4TZ8kTbbia2UBknAS2Ls4ZHQk94zBH/0S/LiIZi9d87K/VHIhGkU7s4yjPRR6Wr5Wte/yE6RLul2zc1FlT7+pV7xq0fKmWcrIus0ph/UJNlvpGCU0m6c39aE/xTHI20hR3OhYMIVHtTcJ7EkHSu1h8hXx8Lnh9NzBqB9JcMS2TFr1TRysr6kP/Wj1+kcQSSQpFtJ9dZjKHWcMAVTXdEqijlW55yO0geeIBtHeZDYujPA1EGKHheL+sDAt47QWYsXxv/KijFDb+6pI1CLBxC38Bm/yQddJtYzdS9MIEB5kQhQJTJ8MxlTDqK+VNYrwYftiwXGzh1EwVNuznp0eP3Msa7Wg52Uo5XeY9pQhcjU1t3KcYMUJxK9Rhxq2bLw5LccwirxdvB7wlegyzrn8iprVR1RUvqJmz2Oi13m1VtNe8Wu31kvf7OUmnGYa6lci0FDoH3irvYfGx1+bUHv4qLyF3+LLU2Demf311luKWSmer8kpKEipaZkML6m22VGWaZoO7KD+cJb3LJMrJJ1AlVZ1Ymh4ri733yle97Ats4nXdVtpFCeVYKsBS+2IODfQE7jrTFgeqvO+YDpN4Df1r3VxJRTH0wruOflGQSk3LPZtwxuWtKok3VXIccws7a8+8kto6Faj5ZiKj+S6c5Aj2woNkiZzKqZKufAazXAbW15BN9yNKHKenHSJLz7sKJ6jJrFsRZ5TFvHMulxuOSneEXIhViRQGZhur5COvqEwhlCVp71+3ujBCs3G/iE6M90iewr5kl0DOeveNl28EsKhKjet1CJQBY7lJE14XOTpvVAxt6+jDtS9VFkl5NHl3G2Fc9lo9hPCC7QBri9aXAlLdo1WYv32wL55Zkt277u4PO9LVG5yDuyK0WrZshePoosNpZZg+r+84yQArECujbCoaVhgnfwnhrzaC1IpNj+UXaG6Quey3yHmDh/Izh/e4764MpvkzM39MVyr2AdLLK9ZqRf9TmA1BEN8nNqDyysDOQBSB+vu4u0Mb0bu7/wbsPrXPJiAb1TKSVUHrhcUy+8beoG+pN04n57tg1CwwLgCAUEpf8ztxiX033DjQJqJ5r6w06cN8hzUxVxhyJe1JtrCbxDd0cz09tdHrtb6oD3zLfBvDSUcSyA0H+cEponJV2eTYf4hZbRiuag8UJfxB+10YLCTvuY/okp6ayPhAzvxuj8cmSmzJo1mpkRGhWsKM/Emzzs+mDZjMcor/EoiulgqVPqHv0q7DaJwOclvXE6+ot9U6LOfzC4kZTq6Ul7C4EwyqECD4Eutsd5f5RsAv9aVfOAcchQnkIXopYBkPgqsyROFoeu/kdorNwwaZ8KC7X/fDEGz3EmXJoX9bpqxB6BxitNneO7fxjYxvaGn0J6IRLyzbvj2p1S7oR/s8PyQ+tZC/ClNsSDEwYbMSTqvkZIGaBmt5SfdOl2orTfNP77OuNDNcgT538smo5GNA0b3NTMm9Dj4oA1rYXoQfEcrceVXJiTRPhc16yy0U2y1jCG6/bdEvXg2nLcuXE9CMXSoyJ6tK/K0am1xsTHvxIxk4XKxTL+KMTr33dqVcXxZzaZaMv+jEeHpno7+vVTbATzSB6uWkR3XL4LsCD9CSoyHU9w+9VZysUYX+jsud9oEL6PnzgGrwoEMS5QXvZmbRJnoNNisJBx7peD2M2NjJPllT80lWq/NX7ksTaQ78Iyx8bsqDK5j/q05ChFFb5x+5qZiU+m519Xh/epiLpYoHEfi+T6WN2hIGGfR8xpV0s4OXtZwv02CT8QiXx/oMkDa370apocZp7zdlkecz1kJlAa3ockI8zoO1U/+PyrHnEDG9KePFsM4/1vpIlsDk1PuLwepEpE4pXkteh/DbJIuh7bIa71lHisDGCA6E92DhWrrwv74eJZ48gCrR70CHpzpadHJfJ/Tu/OupjdJwYJtN1YjUfpJKa28cJ13JNFnbtMotUeiaq1eBc6t5+KtZgH4sbo3U9tdJe2w9HaEakdOJ3jUBqr2kIsFpxk/ZulNpp6zefvou3+BKqaGjPCNNBBSWwBMS3JQkgif8xXQdjk2PZd9OM7oqq8P0ikW+wvdlxjzoJ/mUZ73WpoMB/MAAPsw4B3YRWRr3oYoAzSzePujzDfHvklyXK4hx8ymsm36W/dtqpUo5KAwZMreMYRkePVWilzbd7CZRCm7R1vg9XmOChMl54eEBMAOKbQJOd1k3LeQwU9WmclLpBHFoDVNVOHtbYXID3kCIJf9XHMpWyRn7/OQe9V3F85ofihD5GgxQkFrexT9v/AmnFeXsMLM5dscnw+VuZdMJsUKoiAHMsV2x2/wUPmTvJcGO7ZyjctrB474rEp1/+UYHgJCTGcR/gd1nRc0GSKU/tMRFICZoxbPOmP8ftwdLIM7XX9uCdwy98BENNYHT4i4mHhUdxJqlvhOGlQClADmtrqz9bQxnposLjzyz3jobTi//lQD/bV2O1bnACSYxQBqpt/ht+pQlA/jgEOTJv0rEbG6k1CAcrCqTsP1d2MKmdIBzNEf1G/rLX8SCpRcN1YbQQhQCZH8kkpap8PjVHy9XadFS4ytp5MjU/CrDJrDbKs6DmRO/x8060fQrD+DflwXw0M0gBx47h30U27NtQ62xo4rYAP9IWEvEaXrXj9DNSDgWnzf+JVHYNjPL9o4dtsyNTGkPmlb+5Rywbx/bZUexjxhBSdXPvhS9fHB9AZip2ZCyDe+K9ifZOW65YK3i7j4bXmINx2m75ftJOXjwkJyX3C8aGE5iVnog4hyRjIHSqKW+wyiDZmn8xgVUMD5vcFcu+68v1tXqFu/c6rJbHcTlh4PkavYe4Ht7grlbye+Fzx8lOHuAw/qMdgnmw7zYO7OzRiYw1Sv6I9uTWh6HuIZlUYc00Jmyg/5Oy0NKRCyefXvvyp+g1njiyXBGsgdounkhYBe1o7qu61UuX3BD1zCbCOpmJlhb0nog1s6mOUG60p1h12LkyNP1xV4eMckcTHxSYH3bDrnrkGrRYc/kGDTBvCTJtU0+FDF1tdvPlCbxKG4Nb+tx5n/tF36PLCDNzKF9pXbGW67XvE+XsPIX5b3+sVUH8xNbIqVkN5107W6QiluUn5bRLdc4Isg/hCvyhacmbnh8rW8jAb1pAl33AjOy1VjYPxK3pB0P9X6bPiIowxlPV5YJIwvukrN/XPd6Le4rrXZTAKEzvXh/eTFextWk8bhNxx0VmlLg74/mApUxH/eWgqbl5jBoyrvjsXyZ6H62d6F829Uuf4Hte4QmKITrN2NKQT3BP+5SIUTfbzznIvVGfhS8fCM/65MR92H4KwuLOvvEJzQWp0T7pscV8pVUEpMhOfQzllVC7zleGxrhs9Pzpv/lzerPbiljwrIjvGcq61ammdauVEYkucZ5A22rvoBClhpWaMIwlnC6wSZuVIKExqwy7y/oL1KIqZQvzLzs36FQZc8OK+V8rIvq5VkR4FJeaBpojs7JZN6KSrxQA/93MpjVtngspFroYk45AVm0VH4XAiccxPhq3F0GH53jfBbvsWGPCY+13gPPuiXOI0Cy0FXHJBXOBn5uDz8at4qYFj/4qzbSpXy+GMHD3theyZaaoWlWRBr0u5U2LZFUH7zNxx14X2lWESwBYoohRELwVgf/tX5LTObCAC9F/+SH25KmB7a1N6lGs84XdAHhA9orvhIY+84v5samAc7gSLAy6bk6wuLlwUWbVuKmky7lIxd/SN4Hi0lWsxku8PeRNm9wP4MMTgDgOBmIH3FLGu5gr13bPDU/hZb0Aq7HcuCK9y+N86rsO2WwPFKH0a2fPhFsQzvPEQjIDEduAP4oDnu0+NmxhL+mtSvo2EEHaHmU6c21XYpjCPgYFiFIy2AzsWL1U4vviEs4xgxK+CG5lHQZSVF52GH3nyQ7yYh2+HjUtxlVu1Fjp2WPsPLcs3WFJWKBlvfkUTJ8ViVvRyp+Xm+IPD6DIoPfM6dXEGCWeY82o5D+NTcpXlwD3xBND+67oUYnrX9qk2yLjt5iqBD8j92rg5vLmw6ykTp+ZO5UMMB9M4xrB+wr3dTALQ1oocO54jmFeoh/BCBE4DwWnimFtdlx0Hs85qv+kmcYEX9C377u8xwBblY4Fesljdk1uy3jFWbObrHh39jszbj4j6JaLeuu7xAWHN/HxvlUYaq4r49pRrveEGapRZ8L2wIqNg7BcW/ev5Enu+ecIZAiwR0lauWYMI5wchGTVc+YDAtKbKgQPl00fNgvXZyEd30J2fpUX+Vb1V7JlhHHbcoDfwqu4q5W/NRz4lJi0PfeYUUMoq5z/Bia1aqbZ5HPu4h/2fiVgOy6Ms4vgvhmlqje/oYarE+ghj8rlSouNCDN143NHyBHi9seS5qcrzzxbA5XFuuMlniaphpVHJ3JryXsJWjoVMXrXXUv8W5JhjYADiw7SC1tpCn6wTeXUF3pZLu6Xp1iwf19rIBmLWQ2k5eHnwQVWLtLSGMGlOQaatITecF/2QAnygSvoMLAFL7ObAUv4cy6XA1Y/VktOl9Hl0pLNbcGnIuLb//CIp5uWWRwWrlXLxFw0uZD89DgMXXretRwcuDqO+3OocHxybNkSuQx1FmNSmsIldo96h8ABXN3hsaNGa+q7k+xxb/9xqBbeFkv/zfLqpBfD1EKn6Fewi9+yXlC86Uz0fF0jyJlUPKtQ1WFg8rGi3Jf17m5KyHXpuy2HUDN8kdtdNWFQxGiIhcKi2zmT5FiauOpFm5ubUEIR24uzrMtl0/xSLtnUjt4RIcfdf7yvhL+mU/FGhnBKsu10SlXez1sDCvNod1g5vGHilRrDT7KdmTRa7BF4jESn9E0C06M8Xj5cyx+iZL144CwR+PWi0pJLb7WkU59NEbLZrlXamJLhWdUdopuASSp8252nABbf4f7ZVZurV7c2eci3nTsJvo6fitrQiq9SjWeFLHSsurYblse2Ui6uWVVqd77SQyYd9i3hx7mOvCa6Gn1YmznVFnSw3lU6yPxQVsI8kxBXOFfw7DhL/U5Z3NwYNAUoDBBf0KaiXSnRUqGKpDvbAbfnCleFFQMgBGnNk3FegG9EA2GleghVNhv0aFdJzZsE4AUZwMecUiIstrCjedwbfoCurHrXG9LYx6bsTBICs1tn/3nBdDLysTSMgLPglsdSRt25nmn9NuBm7Sb7i/nBeqJ3WbiUKKLhis1LGDMLMT85d01wLl3YluAq5102K55NHYw4XWuxzXvBuwdLseAvObBnpwA57xp0mckFkAotRj1Eu33NGhSwGSn/pL997eh4Yn3Ka2O5hPhhA/8LyGnL+u/rhT12WueEj+C6XrJg5hrfK/WfHuqYFk4XL8sNTmhbZIMFv/FBjykm5IOf6hxoVuYZIf9uSZUEmgqeuPvxzwra+Ne3jlrXreYXhD8edDA/nWuEVmJXFCm3iZS8+85JF6vdu7zhKLkbyjHbP5fA8VWj7b+vz4CoKzyXDRKgJ4F4IEH/v6J8YrkOGAPTI+S7AW6nYH6nl+2Y9Ce4Ek+XjmVAVtJF+SmsJu1nnwatrzNVK1rqFP4wtde2uynTROEjG7JVfQfMuJaMxfL73fsW0iLLUtxfyIVo4z8viDMgyhQUl9JqiaKQQrmMmANYWXXaonPJIfpGyId+4tAZN9jzZaaJU9VbOR6zO7X0D6xJEf2WPSBjXLVsufzOXMQx4yTBRP12ycprLLOzSKpwWOZUMcrVpJaM1MKGsO8oeM9Df7a7pEg+XnZL60pi6+N/jUxev8BpDCyCExmzVFz98pRoWUv8F8wgAd/NV7z0i1WjLmt/6ypjr5cHclnx9YQe44QF6wvCSObGCLuzMBWCnIWC5CBzsiz3j7LUNYAKYi1eINzut3r/nH03C9JQgqJfOabTP/0rRZXqSrz+nF9ZGYjg/vTbbFs3kF1rV65zZh5VK9WUq2ZuJDDn166VCjj9skeeVEXEh1I20pEwNU40O+/hyeOAsMSY9d8rVXAmjocq3JM+18r/WdNDeMQubMpqS/R2Nuw2CxVEBAj63SYBLsufbgkVOup6Iql+CFr3EGRRnYsRSkLTTvidBSWK3YZFqv4YMODt3YXWn5BLeWnvlDT6rZBV38Bausmv7hGLTsrqOutlgsVCsnXU3MbcppehzUSEhwZbJ2BDInB/Gng3BDwY8NtL44k4h6R0fVR0o/rFl3UeGzJSSaTl3Iq+o2FBHg34BY0EswZnUjCHBQ2FAss/D0J+Kh8GvJcgtVwmcrUpmkjR9Gi9EJv/e8y2qUVb0TnPh45BGIkyk0iaAeUGFtGbgleYAtTq6lxxfoXjD+kHCgDCjqh6NK9/2JuemqQBYGrwUBHQCuiItmnuObv9Eb8foR4MSKVbmSakiyFQyg2qG9OjlLsp95t2VAqyzaxpKLGC/m38ONqjug2CZQ/A5+431xiq9eOKI9BrQhiemPx5LSRDloz3Hjfk7Q6HEKEO9YolqxLE+g6OyYP5l2BFydQPk1n+fMD3G/AU+ARDzryBRuPYcrcHyBepA8wm5hmOUr+LH/5W6GHSDRLxeubA1KAG9uEaS3953E/9BO6XvJk/LZ5B9Ii8hfEjcv7WGkCxyNjKji1W1gN0amLW8dEhMj9Gm2/MkTtWJhoSVYvC9SgfJ1aeC5D8ziCzq7Kx6HsbI0sIK7zq7NRqzipcw3Nx4IN7ByAddscw7GUUArYmnqIvh6InG88adiP4+I593mpgXhsSE7j7SdA3kU8UfauKyI26LWWQebQsiQl20zpWmTyThKbhQ9aX/shQySLGuoDtaeXK89NqR99F9yR3vQhBC+H166BtX3+NBJY7ZSehxsBG9suYdCiXtcdGu0x5JWl+UsmLLThtUM6Xxdf3gjlrky5o0XR8lieqkx634dzw0g5rGaQ5m8edMOx/OhUJmu4/3pjrl21q7CiYr/jFTVO16OJlw+s6XvBQoQhs7abX7kKLc8tT6oF7fblXgqxlNm7YVqaqqjTaak6+GIr1XrOY5r/Ike4V85T2x56umCd7gUb8cd+kq5bqFZ1IJELaIYtS45CUUzgV1vXFJCKCNLqK8uooqSnKiXgyCCwewJmqUcytjmql3CNxFi0mPzVbHdGqH2ZjzwnpfuN6AFBaKFPB2sZd1OfS+ou3blmBDX2Ly/2MWg49PzV09/oAQQeG84kJ2eUN1OlyRN9AzwxpR1U67QcW9g7CUDFFVjpPcU4m0wDd0SYeAb6RTNUKa5M0JPGmNdJs4MbN5PdprO6yunn+3wHx+J/alL+ZW9eB4NBabi9DPl15Mx2rEWgpf7HOz+cpFMO9evq3PtiRjPNcy4/MOyDvNDLSdH1ypnvjFoljaWZ59y/0AqeCxMm2WzQtI6OgEwoZDhsIARyBA5h9WMXVr7ufsfwyERY0X8dL8QIFBZSoqRW3lWV3wx0x/o5hrUD1DP1uRfGaM6s2K6H6jxRL5yhHgdqm2d6D2c7cX5Ntqo2CzTpmd5D1CpSGNjeNQIFDH3K2RESDvT9onoT/YS/DlrspnqePm925+TbXjqMBd3phOd3v9bj5Mk4d7CuNoouBBvkihjfAEmZ+K/+IrPv7ib1Gpuu38btVELf4byemN9BHmUtSQiZ5s4qo3/dv9Pte36ErFbiP0GU+yKsEh39itta8icT5lXruJd0i3dN34/wHsLT4XWhm8yrWqZ+vnDUm5918HN0sgTKKj/yl+GAzIQTuhcbz9dpuBCpuCDvC3L/sffBXvxA7gtJ+Mn34q59kRSbYjiTNi2NM5FGoH5BjgTTNDXNahseTh0Coe3i0k18sAv4AYl66L+8lgu+X3popHfaoDREK86p58NF7ITxg41h8ynl38FKka4HySvoLpHCTS74RuLGal0Kh+GfeGtbRUh1b/15j6tSR3JCbB4x1zoXnfWsaF16Xdm4f8OZATyg5UPF3X/sIzjTUjyU/rU8xaGBGqTlLkrs+oC7OoYFeqeXrQIAA9XM0RPcZGBfU4uDvm3YKTvLEWr/VGpv9Kf++kYZW9cgeQ8Mj4CgQIaTIwvQviszu1hOCvCzKeisIUrscecSqnINgzU6xvmnc5MEjWZdZN3Ux52IJIFi1xqy/sUKJuCV9P5Itxq6jq4GRYvK5mIRVvxPR2dRLSOMYocGFNbaOJIdyROioykiILH314ZoE2C7AqO8vmj/bd2EtFc1RPhiM6/5//RpRmlggao3YYP9SOg4sMIc/SJAk777h21+soDEw08Qa+Oi+K8pijgDRu/JBkV0sYOwGao/npom6/qNOXPHIdwjV45qr819wRRuO7qHvaxATfczg5gfCwO2+Y6fk17mY6l5Vksrohds6HMQIf+K8/vT3W+17HjqweOFw0iC/gYzbKjwgy0RhXnauwZ0JEcsE9bBTR5o/Wklugl20SgYBWTpZ/b1C+HcCREsKEhRBpsafFm+pPHxT0MXyT41EYzZjNjfM0QsYZ4OBEkz8+92Lo9dx9dgbFAFE0ZX+K3buST79DUPSAI7cFoG+6cZ/AHNyuPRBpvnFAS2/FiSj+aP0ASa7JHPKF3xHee3GBqiiHZVmiKx9zqzk5N2Jijzz5msOYSk8MJi3M8FWzdNRcggIagFowbiZSVMfG4kKMKVkO6oBYpU6kP/i96cl48k/wCYZ+q5ccknCBCbt7+foNNt0yEah4Jo3oy4nxvw5gcPzxuv5Ukp/VNVlprUMt7Nxhqy8LTkKIoPnF9QGobOraA6V51ZNz/gZJxIgTPbhomV8afUFBvapKv00SxQl4C3GDABvllOJOb4KYETDO1LczN9QaX/5IslRI20Etw6pqDe1kckmSfJqBXJaexelb6cG+1QJV5qi3oCu71G/POiWaBy4phSffEG5/Hv91lxhn+QqB9wSRVDeX1EZzjT58eCuhqaki98IiCbLbMKmPnGVdTQLYykZ/r1TCQO3Yl5SL+FWv+uXkMeZ6rtbZuMtUX61/1nAt//9KHkf4WkLcQz6fq3ZBDzmpLX6OCay/H5BkZDOqQH+vHz5J8o1H/++AzZ7aDOofWIVgqMdY8sClNZ+vEQyxw6noBZmKm/Xycz/qrj74nYT0fitm40yHRCPjXgCVz1vVaDT2sEKanPDL3oiCv/BYCMq2k51u9wIRXoSX6W9B0m40Q6flhN1vrKjN9fZeC/wQ6XWjDaRYnmcLE/uNF08etcsz8trndWI6/OxA4fRhT4yWF8ph7YlCvn9KmsATLojRd/guHu/WVu5wdw/XSC8Nf+ib9jYE9exEg0ZvpcKeuG/23ge6E+iruGMnwEcKmsL9x4TwuU2v7oHLIJyp7dDzV+6Eb8V3lCX5rR0iVQ0UkfY5nnzVTQ9OvAx5heHk+01fYjGbjyaJgftZD7q+qxqqNsIfJr8xDtf9hPAgWKFS92val7bG3AI6B8OJMIMgk8NgGaCA9WoItZYq8483I2xtvk2wCX4LicS82/Zvbb8hOHwnYRB+xg4Hp8atgzirRz/jd1BtSHqdl1fDitg/MHWncf4cLfZLEAx4lmkOvvRP1R+OzHJqmDymrC1INdoRLfuhr3AjSCcobpHWJ6F82+wBdJsPsJh5FHtqMIMTDFDEcn8d9UGoHag4+EzvOzBkXE/KvxCRxNJpSWytnDRPhXr3mDy93bsEF4+QQzf3pEplIsypAO3cmHDufsK9vW7MiOUk9Jz67+GmBzK6E9XYsVUa5aYGddmNVSpz6Wv3eXuNkihGOx/BbtqZcj30AzquyEQivUh+G4spe4ftPjD+G4SOjjgaz5Cafn7PR1tHhLv656f48rs3/7rUCM2OXId14vNWeOF70ehLoUZWjf3U9XsCIFVtp8CsP7hMBluCtndMFG+cDD8P3iV5SeQorV867elHHNG3VVv/Osd95aEUFexZgNo0+nO0CqHdLOcam2vlovrj8PA1+mQlbBe21yaMDVFy++Asderz/nQF43WZB3EMrMQ3QiBJeNULub21/oVnUDPWdXXj71gu9JHYefbhBQ7cX94LGPYd83olGuBnTO7gBxDTW+vXoLIdoT4iSY4Ur/h4QAnM4sLSg592Lj71/VIP2OTLPy2ZqEsL5MafwlrPKv8fEB05JWQOKsh/cm14g2CqK4rZrH7n1QDPIVLfpg5rm82OaLvHWAmsDtBC6ltdGBqItfouDwMnUFMaH+u8UO611sMt1ClvGvyGzPqH/5y1aLA9KDHMJEr2sJzkEfdSw/GpsUK5AGMvWcD+YhinYKVTMDbYP6mK1GWU0rO/+0hKneY6Nacvd6YAT1IilSi/V5Ovf1s7DHv/NNL11QY5IiWjr3U/XE3hWANO/tPQYILPKwNa9w+h3Q8yOJmanAYwJ78BsA7gCjPMN5mCFrAjP1JSqwlDJ+2SPf+H/pGWVZ0mPpcNSFt4o+VOZW9wsd58gm5zv0zlRNf3j43UCw52+p1GQmqG7JIV+X3xNSekPMt8X9D/+CtE9L5e5JCkj5fiLKUjqUPMrioLIaBf3nky9BONFEzMUhg0iQ+brh7ka8yX06BTo9+WUk9+TlcHkljROXKvhOZtMsUHFugkP00v1TBxE508AZTP2TIwZBbHAdN1NLf7iIZh0tOeULXvhzW08vIpkA8jDTRQr29dll9bvhOD2kLfOJ8PfMbVqw8hc31uO0+mELBxFkcKkDZF7hD7rtW7E+WWBjj9YbHldWEbWLEloV5dHG4KMnVs21/2k02RjwpQPZ4ZkzelIwjflF9Iix3ze/xbkirVVK3t1Z1LtHqaZ1jWsCKRkzhsDp0ghcsdaBherklpLO2ZSxp8D56vev37jUSFALxqjK5wPMcO1izRHNUy3YJIItnRJsm/icxMMUXcd6xHoCVtL1jTgdnJ95Qpufoze4GrMK6u8WhveiAToYFtM/fnlKTDoBS6kGummyf4LhDN2cNNPcTuwb/XdSoyvy6nlvLsQ/RUX72pnYoNSHHU+QgINZmNw1bT/4weLYXaQ6IIW0WEK48TINp9VFrs+R/4YotpElbuSwn3qIsZCaq8pF3d2jhkyRDuueXvioYm/SHiz35BvEhulHwG0/NeT3L3WjITAIetBTPQ0j9ypq6mqXtpX4QvL79OQFM4/ulD/UcPzD8UDj0QoCZr9g1CUnc2UNnXGi7gSKUXCPs8mdbu0/Q4i2iS4h/ZV56MT6ud3BB/6sQG9Ci9UYn7WaY9D2BMrnoiKrpcmwgX/nsvAdcrHCUl5uouG+w2+q7g3lF7SqhMnTgyOUhEyTLl/CxcfzCjGNOQTxiYC2EWeYyNEE8ua/Bf7wCe7M1SBFaCLHjCOfL0vs6KMhhqNtHppeoWvlxhVOCsJtcj533rlv3vDlDlLakNfhq+GQY2v2S7VxMGd01xU9ItdGXl6goHwY8rgo62XNSi3S8PdrE8UsJfQ69cJkluisJp84UjWiS0r/dLgmzwoKE17nyTU3ShQE89ELvvz9sI7VYfwSq19mtyxa1nUuR6frzWSABpZeUFaiBwE+7ePSQplTTJZmm4SkbX2wSPj3CaCMTiNU2ASPy0Ibmnjf1fo4MpK9J54xDoqeLOzCGlzeXEeVOijLi2e4cPN7XnQWWqKZt9Vlqfmu+H4+g5l4zYIeZWNicgjcOL5PUZ+Gi9dtfrr8A6BjsxwkLfqT6XQTXBWmqK/V11tTWndEONZjFfWrl6Us8zcc+OY7JjIhyio8pfocw4EqCnA1vPiM8iTDmeNM/GH9PnlK6xZ+KLxmnMxqQDxLvCdTmN9b6yDw8GCnJvlMUrLzCQ95KJ7AO5gzecJ7CHqb9caTH2QlWdxGeY8Y7kPKgyhJ6PFfKwpbFZ2tUJtAPkOlKS9fwL+K6Tag/uplr6+vxRKJ5FznyuNFSMmLqwLD9b2mqa8t4o2kEWX5nWJfLW90Qkbw5AmvRzuGFr1Wo4S1N9sAxZQjPg7Qx15Wh1Fm5Hi3/P1KMWNT7382EBEveGOoPi4ANHiwzM/28bYlDvNNKdXHiG4SSyNNZVu0JitOqIinKLxW4sLDIhT7dZqtjLO9lcjgdR5eRL6LsfeGhU0gUmtQdjAT8mx7JOr66+QGTR7w7e/BonitR8S58dbYeuBmSPfy9A0+Kvf+e2MMcrf4pbGF/fpiCe0uqps3l+c1w9SE8ogvxllH7Ve905SqR+QyxPgtMqcXAGqwmoebe8xiiFkC9RbTq+uVUGVuBcqqs0Qg4K0KOSWOUYqXGbqO3WcP8WZe/gvI8Ofsr6P6BPRSFDcy2DxmbhGGZyiF1k687+TwfTQkf7kjKg6gN4k062f0+dL2Nta0Ok6NVqtrSJFsuKx6ZjqnYBI/YoBuY5NTw2sYF2++v+aD6JqqeCTaty3514Nf3lVepGodc0sFT82Amj6cNKEe44Nr+I9A7MJKFtpS+n9EwQEQBvR+MFxY5o8xcIdb6rH9HcBujMJgfJHaA/0EaFyUrYc59hNZ3kmDi0gZzH5j1xiNIcESMu5KofjOcGuK2QHu1f2OPtTUzn59dORwuJAc+hW5wc8b9QdXXr+t5upwpAjZOS85dJjy+q2etrk40UoyCx5qmNkC1V+OBhdsdeCg+p1OOuaVF7iXwqdBjl6Y6+D6BOc9faRq22/dJ5NebnvaFfz3YuYML1tnT1dlLkbMhTP/A9QG+f7+nf1il9DMP0lsCLDaLZYkbzbtIZxce3wd+XIz/N2/sYfGudlKA6bJjoFMFVHKd5WJd9r8pQ83wFG4tfrBIOcnca9v2d1JCrJqi7O/wrDyoC0HkzfVfmjZPCg7lL/PPV09bU6xHyZJdTq/G/k26g1toPc+MKI79g+sUS9j4+1TSRIrQb+uUYXpqd7W+9vqRlrH4uA1SG/rGVcRWz2QAnSsa8N98ld+Dl+toZ0lluUyO3oNUJcxhjwjVYolgzn3HDM48pclBsoMO0YxVvhq5hIqdFIN+RICbVWATPYuzuVyGbo6MNaqGAQ5/hxsYkEveZrLAewFIlFQoIzpOJcKVyAONxkDRZCDTeTnfCW6x/p75LNZxyoSlNglcwI7H/dANX74Vme9uEGE0i/wtPd1faHZr6c2dbOS0O7/thGttnbFR8h/fcBLPNRm1PHG9j/nuw4pcHm9cDNfN0ddPAF5hjBHdLWuW6HoOhZQYJ51H9OrVa3bmYDYb8YFslS6GXHNxj6kphyanbykFImaFiZ/YT7htE3ahP+eCin65Yp3hVP2zM8lIIDHxsHLi4uGSLh02+6wOH5QUOAGB8TH9III5r80FsusgXNArouQiRrrdQqqnoHXocIw2kgnVKHtXC5Ho7nSQwSoUR37zwYnNf+1DyonxQUj7TS0pi+G02SPaHNumJLSVoyeIMdr9eFroyKoQ6YA1jw61+GTZ/1wTdJpXjWW8ceyG/0yuiZQA7+gS9abPbdV0yAML3yBmWzmCcLpSXmdf2HVGAsnM582wN01sMBUc1UIwFotPgF0sfQl8Lj6QeDG2Sbpm5XzWf1H0vGXUnQt+UPFYHixDhQiZGVu28WUnxCW+JBJM9F794sHSK2NfuU9wIpWYM3fE1mdaaMINV/rNKg8ngijR673P+EvD88PvTw8anDaioHfCdav++s1VBwTXnR3BOkk2cPxTUJO4aKGsc/TmBAalsVzmtvXKk/K80Kom4hAaspvi+eHifrPhhJbi0D3Kn7efTOt9zz+7ZUDDiDr2xyUKn+iodniiVAI/e3nzpsTmx4SwiyRNp4s4xoQBQW0hxL41GAzHvdTYNfH1TisH+mqpLlf2CDlO/jJ7yEalWKY45dkm8yG7lLbnUH326kTLO1OV/lvrIDlkIk7t3sq9F/vO8xcmcm4d1nBul+RMArrkDg2Cm3eMXEHf2fblK2KmoZapX2tXvIpA9fhqIVAlyiYAombuJIa8I5NSt+3Tl+u8X09OTFhqA/ukqbqJv/kqAu+MSN/K0riLdpwf37uBMSdiGLxg8O2OhgRSmEYCFj4PtisPl04NKkSCFLa6LAXHhmF/26au0xmRX7nEH5fdYToBm4QlmhEefqezmjq8l5csI/y9xClj2M40x6VPBljA6iDuc0AW6dBQu3O45In/98d9JBmLO75rctEJqaO82y8TbQp460yMGS7ki84lesPWu724MFQy4GLOzJNtxoOGkGRyzRgFPPdXiqQ2lEVPxJOon/vyyz7FnOcWVSFeujuOf5l7ziR5izzB/UMV2eVWzvKErSxGBows6jE3/kOZVEav3+yoVZtfwHQG4kCKfV/N+9bTb5ovihqb6lcxKtxHdIaziCEBbF54rDAm0e0IPysIIhsvFa0pJA7kErWYurdA7dmvA4SHzINXLdl1BC+sgyIYpYIfb2PTQ6kp8JX+vHcv8J+UvPV38ujSNIpCbjPBmZhng3H0oI9l0MHLq1voC8+Pf9aPSdvwcCX44eSH2PlN3koUJz91ysABFhadZRbWkMg2bmRFDnUTKAPOzbBlRXahf03rIZ5js9UfQdrw5CzWNQ1ljzWv+xnaw1Sm9ixvXHSR2P2CH3PiZ8amo+GwcKNHya6hR5HyBLEkv/tMTCddm23i1Ta8KOAsJIcdoUdcYe4egHD9awYebwSpZVV1t+9H8HS7m1zXdURDf2sGoz4xMrHpphgW8bbOPQKzHIISMW+Nu0S/ssJM1R4yhXI76nvPPJTKC6UIInqZDBcfyHvX3zzh3P/RFIVKNGIPYjOgs6flPUvw9+8304jQnBmCOcRxmuHFEzAe8Sa38jhU6NUREn612Oh+HK6oY0fjpgMlVHJ/mhJZyqYYjdFoPfdxQOMZPih5uHvEdn+q0edfMRkDcWztEiXKQJbEPgwFfZk3dAlzHpqmJAItWDsX5cGjmqpaUJ5nn4Zcht9X5Y5hLh+mLgMks5TfCrVkvoEzJ2ggvV/XSAkyYaMu0m0rQTJWs16/e3Yv0v3O6UUEkOS0NuHbP654tk2T9r6+7YvNS25CMC3Pd+QgQtXzX1/vjuxE7A0Fae/NbX0a7DvhPagCmfeH9b8NzfJ2dkQdHqg/fvuPBzlS/6R0O8xigj1/ZlzDQDDryw+8nssvRB0l0Tvxn/Pn0DwJ/dvvhA1zLIYIIZ0Eis3QVnxQ1j8+BMPR9+Dcj/X+AhUG7T1vz2rNYlhQo+wNsmwo07cLpoxHLYGtz4/aVsr+7jD5SU5AmVnkuP8b3+M6D0MXE3Cxqi3+aPC0akeKp5+Qeiip/idYwn4izWSDSP968UBXsemqUBtux7y0hh0EdntjHX3LduGBnm+zUJA1RUGvyMQLAl8z7uLOufRhXodgP78zJeBxU5dxG3Ixmj9V4QE0Yj0Rvz1w/Fg9xWZj80X7uvfY1wrLOqB8FdHfAfB7hcTSXpbE8BqsNwY3L97B78Tq9MncK9fE6QZyl7N6Db/arCSy1GE1drp3wbmO1rYaoyjRNYsIa6QnMC9I7tDTv27EWtlHEN9ZBqWoPiJtCOdVRJmq0t+z0Ue1ntmwvYA9c+YcKvBpuc8rpArfmoe1NmtvzvtG2x9DhnJB0C7BlG0sabstf0DFT68CfnL4bLP5wOFLFEEjV9+mL8jz1ONfgnWd634YA6FLBBtfm8Lxcyn66upfy3kOnMRwf0lerCQs6O/CAu/I/H7Kd1jQsK/L4uxPszrGnkKKLBUe9Akh7BIaXiPGkjeySAy0OARVDxu1a2sCN0H2HKOWrpovjIflRV10gYNMrruF5WRK8EmT+ZZQhaLv3oIB09FhY3tfA1WXxb5lBufh3LNxtsfqC4lS6DefU+pXztXorqsbU78BCv9+9q8qMhJsWe+2RWCUM+hZo8DA5pbyWAiitLLAxW7gZrhG7ohPg/xBdxxQBL4wsRsgpesjWnwHC0U3twHHJ/l//trs3R3Q8g6ng9ge/t71crl9ov8VzCKtk/6hmySr3/AbAtT6EneMheVLGC18oUHQz7kS93yOaqoP8kA8Aw08znUT1u8BCKQ0hnftzl+uIzR/YQ82zyN+473DBKe2XImJy4uhJ4PBniSaMOxrH91OvtmPa5+Cc4iMyjmFCLMF/P3x9XWbccv6OujF0bqgkhBgs3+WWBEwX9ZS0C9x4IL5pTk2UvjNPxUSogrPPgN7nbo2Ea0y8Nnq5MOdDkoV2b0kzwgLJzwtPFKet3ypC2cnkBOk5z3+SKBUDF160zMctjM5rJQSPHjSNef/uikWRSliGQSKIPC1qTYLGJtKjSgpXtg72CAumfTIi/P2WXkeaHDTbVjT+r1nDVnUH+XMbzF07DV0DloJGYK0pwKM8PsNyrL/lr2l76F7vzcj/th/6z+nTT7UyCFyxD5//3XLoeuDr76WnnpN3cwaYlut0htwFcYfd/zoxy1927AB4XA2uKne/7lPuGIKcV8bmBvTZFKJqC1sOGBxxmcmAcAqn/fl+b0NMhJ8WBngASozET6+SSwO/Gjf79BjtYSiLhiNcwcmc14ZAhBXuorc2hzde3rnZmGNt94RLd7U+opRHp/Lq227Hq4g0hs8/iSmxdxtzc5YaJ3Gy3+hgY7kTWmfDEM7FHE+gL5bQoDoQkyvt2Kz9L8EIr67NyXsVfoZp/rn5bq9SQt982vf+MSXFsW33FF8GeZjJ26A/fmnCxuhQHUvrKMy1WSCutfqmMWa3wJbyv+OhuKcs2DgSEdNM5YuB9NtJDXer3g2bT+1aerZZer8WhOIWE+ZL1z7UuqPq12hh5JlnLkAhdLxhMk2+DecPz6SKlIEz36sP3ZGxKxKbXYbk5CKk3VqvIYAKxr4EP/gYnm5wqxxILuN7QkAH+NeAC9q134/Dua6tDhfbAKl5bZX3Df7E/bsyF46QbtvXKee+j+DEpleYmDEIrifrg3DYuo5Hv6L5P99ycDASqgf3X8glHKDYNvJ5xmyL+21jd7fJ/mZZOXbtjIXwap6CiCNvzvimBpZowz8jPDXXixZAQEPrv7ycUJ+xoHwFXUKWm52muCVtBikCUgcQNIxscnXzrbGmb2AZUGeiCP5it+WhOEtB+1/J0rimJD59M4HfFfdYsf7hW+zfZ1Vn6nfXiyoLHBK8Tru7BtEPxGri9Yb7RIcO9+Z1zWil3nNSysezR49QcxMGRsp/bfbbzUEeeEnShejtqWRr3wFVms1ciVLBAfvIhkxKWqPMcbaU89XYsz1h4n5X9cRUFoE/IfEbd+Trk8vUA2DX2n7PK8aElrS0rigve7OewlLUMXMIbaS+w1RBn2qPjNkpJWveySNmNoED7QGDSC9YbAJpI1yupIaLec6LOWLHLKRBP42L+zfVjTOahh33E2powFohSPrL9M8lunR31/bspiOKGWSuOTqIA+BqiPXdtUylyVnWuUf7otp4uS2fHPEJ5q6n4LbJW++gVUH4n1fqyy7hBj35lKTMC+Vnv9blV5QY2USudnWYo+O1zooESn1gUkf2O+KjAFRSiCVR62aQ06z/Txoegr7lzfIUKzaUFcgoGwANJTACFadPvnqj791zTQ4cS//zwD3/Bb/FRlU5/lfWGmEvx2OQxtKdZwO8mUUwr5K/93Jd54SQzogXYrnwGJroHHCHuranltsq3u8lspvvBK2ZIrczvONpXcAHNDDwO2k8iKCauoQV8iIMxTqHTiRkJUAjZVWO3gAGrzUWkiTiMagno5VgI0BlEObvt3B+0nT6j2Dz0WGrcZv+TGsqPxixsqFvllKRV4bBxc9VuICSLf2CvOPcDKNCkDn/JMKKKgRa4LeAY42cb51G+00JTEIb/I+qTa2voacgWI0uMnw+xHSQgU8Trb0iY+cFcbDjPZEerrE8Mjo4rdOxZJYLKaFgu7S5HwY71hLJfx4rf7VtgWJ+Aux0X+3AkDkQKKxPjOZvlvP8zSpv40khv3a0gSlPS6qr+X54iXGelszk/H+qKmVn/iVv/JuBF9tax2syDkUCGaKTx7YRNd5qV8K0IznjhioTZlp5v5t5g21BPwgRLEX1euJ3OvsRGb15HxN3zB6YsbkkD3TMHaN3P5+koQ9Yf4d/UG8LKw7MY/stJhSRjCK+qrpV/9FR5/D+zjQ6j+jgF6OS9XU0mEEmjA3fLrOE4Dyj35RzwvxkAfC27+uqYAPZxJ6xZtBJhmImiW4ku0l8ZtSMviFCVxvYAsHQKPQ6pkFnpzU/Tc8ujX6HrGK9UPUCU/fHJc0cTvfLc0F1fXT4yAl0l4Wgo3oriOFC+SUm78ObdWxFrJzpMCY/VtSZ1eXH2CPQfvF9PH8qJ2MJU0hfx8H48eqPzQdPZwqb+kfJ2MRXlpaCVHYTBDeQqQ4GsNVhFDmCk0qQaYeUjzJakkZCw99SlB9VHxOH1wOKXv2cQlhJ8MN5w70OJ1QeN6HOhrRlLDSAi9bRLPjNQqwwJxJVeBVd8dBW03ASHXSd7ZfnOlhNgyeHLOeP89IcvK9Alwlk59ifMdAhxcMIYj982HSbEK3l6d+MOSL1skw4X5hSe57AcsThdi8zBPQKz77N76lw9ZPjLHBuG7e6+1PFyFX6jA/+5igbFhxEavN4AFvUBF3szUff908bVg+uvnRo/1SVVSNbxo4Gf8CwwHIbga1MshgUgchw1Eu4XH4nTrM7tCVf9FlXHLo0VUyGb0mj+uS0eczjV12z1Wbzavi9VT9fMCGHiYZO79D4U81tYVaw780y/ZMhERraQ3aP1p5eiyt95RrCs0DVf/w9qJpEcSfn1bDvK+1uLnqissWjYi5M/snVWmVll7CW/Fnq5FDzZDEPiKPusbPrPd7zXgYJb53lM+3he/fb//d0icWRzdPmWUOGoRvN/GXE6AcWccTUU4sAmRtVuyTj75y/3/h6z3WHQUWLJFfwlvhnjvPTO8N0IYia9/pHad0933TWpQGxBkZkSsFbZ7DCYcP8yZZLcFJy5Qa3aY16v+V4pVn7CG2aHwJl61LZNUZNPWrdS+4vz6ObaLeNpkBe0mwa8i8CNBhCmDhgpQbdzTZWfml8g/mA4j8q9VSS3fBqTnRUaDEmoBqpLPgtyg6uSxR4pQjGNdlxtAHlKXkNNWqXxMdijwEqxrQa6SaM9ABq5i2O5Bvb5uAjxtZmMLd4fO5QcrnHpDC/++fqehM//6J7CK/FX5cdvf11RzTqs1hbMI4HcfrSqa46cGVdlGVTrCQCY2AA8sCwtr2hL2KlE0vtG0DLlKNvSRrqckjFNY5hBI0NRKArw0V7ewVMSuiovDHDYHHLnTIoWnWFL7E57H5CWdKEiLsTr9kxOL/uYmqgmS4UAAupYZJfNs0fd5D/1b+cahqQPjK4q5i32jMfpR8Wd7xmPvHUA53h3cKp/hzx/FtpbDGCt/3O3BZ9ODT9lq+aV/9mlWnnADUJSaheR5BvJzROmMJLWmL0bw/9WPrMPcMLSgF86zJr3jWzdF0zfqZ4j1olgaIW/zIm2nRloyH830wTQUVJjtTM5YAdsOIj/YWxNMnrxYPf28Z7+Ov0qFCMgbYAvkjDXleI0n+nW3trnfn8/hEx6wKaB3E8iM5/51IM0cD/pin+gSGnIkTeGya0KJXmXVdFK+76QfOYqdd3Jj4j193pr/L/tzEDhmxxQVUlObcqF6OR9ZW9qBXPJxj9/AmG4YN1JVJqz/5T+WYcejFDLCUYFdKJ5diNqxBBc4Dyy3Jkg6R1R5ngAWCXhPKYlnqX7TwsJ9eNZK8038l/tNsezeVBYPEEuxASrcSTS+70DdxI4+0AHr7KmpRiRwGIS9Cm0uKX6JcajW6+e/WUAoiqFZQ3/AUU+AKjeQ9CueBoi1sseJBPF5J9ReyugDyn85niJa18N+TDzCw68jiBF+z4i7AZV5QGc+PPWW2HwRemyxo0ePULYA4W/c9aeTzF9nnZSVAA9f1XFdDd92Owga9dJ/2dhcwaJJAH+icDZa9a0KLPUVkvfcEIj2omkQdckf5I9/+1z4cUmXmJn3T88pjNC9mYpD1t6gMbTaof7hMFzYPCsnesx0nqBQlViWbuwLEUZD95oc67cGnNGwd/LStgFQFhAZFFv7UeWTddZOWb3x3aAWbsz4XNy5qL6X4S9kwHPFZcsfIzYKIPdm5mWDyFsPD4AL6ziHzLa/hAeC3DBJPaSaMHq4+agSEKXBhcR8JeRe/2EbRWX5f+pPa8jirakzp3Dn/uwgkM0byjyKnpAbfWBKHwtz7/B3bmpY4SY/6UkZxTiNefm1NTjq4IDnID2NvhWE4DzRDc2RPJUE+NE5yG4VmRXOpJxx27/kfptvezZqsr93YbmqhV+XkjF3SlWrSaNkxuk0mqyPXOBHOlVbhUzJg1AEM1/xUQJV6NI4F23616mJc3yByQSnRKQeoif3KmTN+7XEod6uA4vxNDV2POzZPVkgNBOUXRhClsxTzstYzPuvR6ehCsyXECZA41wawqhCprXqlLP3FoMkUHYhBa8lmHLFFvSa/QxNPaURfushNC4EtGtKZ1+M3R5SQEPAT1C86MWHSbJue1CD57F5vvhcGSKW7o8/nzTy/CClf8uOT6ZB/0SB1Uvz5ypoDgWlUg0inBY5A4obxp+I+6gixRU+VLskIQlY++GaX0UHxVp+37GfxbqiKbkqBMPHr/VFq3n7IDkHF/B9kgSVCJUAIf/J427SRZCUzc94EPOnq0PVkLtIJ/uLnKUQGnUcma8GWDHnHedoBj82xttV5p8vHWcaf11zESZ1xBLOaXv24jmno+CETjTo/Dm2hw9j5P5RVSpzLJ8+7LGPnMx6/9VyDKoEFluk34NKgiAcu/MWTFRACT36850Pe2SQWL5akhpC3MvEpb62ft3MVK5kGPMrjbrMT7f8fqE1/O63uifheg6p0o1ET3KVIP8MoMzUkRisARlKwHOoevnQYCbI5RO3VDf1BNROPkAVfSmkdR6NH4Wp+YATvwpWUFsmxe+I8P66IC8sxwLg9NirFrcS7s0+xwSQcJQDDwzNrlym6DQrK76lSwVKOGMMSf/y7jEzwa+eQGAExBMoHpzjxtwPMy1uBMmHsbLIzAEhneMF9LMJpAublcEajK8j/Pn/GsUA7Fsu3syHJF15PFBVo8qI6j9lGQMb4AEEtBrFDjff9IEEf0jGcsbFDnlaLdD76p5XJ5Yi/5QeOFp2LoDfThxqe809QpJd0Tl55GB/a8dKTHNbXM2U34uXz12oHPIBJyScZX/fDk2mHcMQAhw1VLN/pPYwfjor7Xyww726Ur+hgv2uWjuojI9AQBmNHBJLqwBtyoQKwYXEkOEx2l/y7q8GqNgiWbarIeQrMPdhThRyT6sc91sUYN/jFWv1jEcGvh+O8afPFfbzIT5d5BL+XBT1ASfXBN2arRISPhKfD1wHVdAI7ej1HYQ7168z4KNDaIUZni/bMqaHTzPnjj4/yi+JU6C7Noh/GnGSBL19JVRtf3BSPIafZ8jRmIypU82DeJowpf4gD7JlLXMmFDU9FvvTHemObmYFEAKttydw60gDnEN0ef8Qy5dXTJDS/Kv3VDjWegtL3EUsqvSurYz7VzrltnsonCQw3NllWiJ4K/RXDzY4DF86KrX9kI+mKbu8a8/16Vss6jh464+SZoIRETmG3i3QWfVhtaZg88S9DUttFJVJlVw+WXEmPAcWxRR3xE9SLWj2E2Jy9RDGizLrBcTo2GbA+EGUbDgyTSWedgneu3saOvvU00V90frRt8+5wAsTW5EuTXqv+Ku07Vq1OQSSIeiIJcNYyX3z88CGbYPzT9WGO4HAad+bVUqJivrrxf6gLJSn8G0oLICKz4dzimWetODEfao9DCWyCArCgKH4M/SD8FfR7V9t5zkldxmnvmom/MKbODrLGKrkFj82Gd1YeIhMQ+IqdCe5qPzTnQzop5g4hR73uuLR6JEc+pcq7fv7nnSMJck4/uA/fh1Dpu2dCCYB+s3EFyDz8Y2JINanMCWzbhlhB1bc+t+rEFmovudvfwcgRaSQcD2M3SBuykIJyS24VY0HbRKATw7hfHZR6V553ZeypyqIi4l6Rjy6CFRDvufEa9J6eC0peIs2EhqV+XU2TFhcjrg4v7UGfvRhPJWQbd+zpf9uG/kUeh+kaF2s85V/OkBshkaghstbK7x4OMyjVPsgtTPQq5F67CEM4u2B3tFnjEKEKAEvTZQd2XyUFC/EPvUS/2rwNmYHh7f22rrVZXqVu6FOMfQ1tdZs3H5zxtm6lbENmWn/uQhKkSx1cDHur/jE5VrHHZYMHnm6Iw3nVCXf+uhAOdNatyEZdC+0iJHOpWj+8tfrnAO9xhJtPI1MruQo2dYzObYbyZqxAJ+700VVuJ+jKzuh+Wnqi11YmzNU8ZQIe/aKe2LLeH5Oj4jVPmtIQyXNlYxG0kAw48995WVASbHgcSBC1rUn/2qw/ZbJ4njOXjU+FqZV5JU4lhfmfazG+eMSkjNd2GhwtfZLBHiddmmiAojdqX1kKRq9BVpi/Js1kEwQU7RIKEEjwYOAgPa+o0dzbztFTAFJK85He6QlbJTi79sfTp3wsUiL4pSfhdTDlk8yxwYDZUvHK02EJrRw4v33fHYZBaYI0th1RGJ0Vh4TTBu8Ew8duz5jN/+d18jxSIVO0pv9WXJ+A/04ODeHpMF/QRNC5KA/vk/NL/roCauSoUF/+InClkOQpP+xqNGvWtT6VHgcOCk+rlWFgsJqFoWnYUjsJauFw+NkhhD+1tfNQD8/f+OCkBicjzhO0YjNpVFM/ikSt+uJwDR4nG68nN/nOL0BKrPnhC8J7DwUFWV3/fO8HgtZboElFZNU2KabkS85HfNv2kKifsTJ0jMa7hfCoqZ0Ufx6oOtPVFgT0OV29UeOboDQECfdMF25TamRX2BowIPtTUVoummBRhiaD9Yxfs419KC3HYtrH52O+CbfbwlXLzRvqR6XmSY0fprEFBamTeHGUqt2FcSD0B4mGZb9tccL1boF/CVN72UAbzjG6o9mpPtsrQuiCSx9pbsQhrFQLMmttQ6h8AdWepU/tPUWLCbxb1bsCBocT715MCSWunY+liUbt9RbwmwbuZpLn6j+Qv94pu+yjSRQl0CTGyu1kr8J24ZBzHfEzPO/UxGYf9JCsdtzHWfjvzEFCnFtb75GTHZxc1dyXqwavn9PLZ1WCERn9HgcozRW2E97IvyYKPHpFccTHQtvdIaRI6lmyeod4d98DU1IuuYF+uODyAbTt8yaimVFEW6ODcro/69JGtFDfY3zyiofnmnUxlfhbOj0U3ab0v5niofviheRw8e30dQxj7fTIb4bEIkO9Rvzf2Z6yCcrfohfi4xj2+6cdCuS2texYPoKMIQyFhlE+M/8D5zTGPpe4m+x4Ygax+PzobMUcMDdM752Gf2X77CoFHOhoFvw/BuVfpxulSMPWQa8jERJnDbopmJ/bX1qu3cSI5jC9zCRyWS+Zp5Ad/wxfcrCNH9f/G3lhl97CT6CkrI3AtnKHn31KDKFQ2ecoUY/Zov6Q82/FQBx8bTurir+isUZmdzrHIlzwTf7ZO8ATV9K+9/5Jf5bEBgayXmJUh+JxbLvtHYel3Urey/Fvxknza/lD+vZegtyzvbX8jAfnPMfMTYkyVUX/V/+hTMJG7PGLfOrF9jF9bL/85e/DKUHwzCeUf3GPUoKF5Gd31BjLN1j5v+uUpj7wZNT5qSw5N4cbDz6vudhXS22luTm23SPqx7++7SEcQt2qbBRnnW5tBaa3uiEQr583Rj/55ctTmpEESeT5OQT4b+zW8DfOSFmXo/mOOIDdGYQC3LJsEgCvY7/tPLiG+yYWnMIh+HYq5FukMt6vN+7Yw62+YJvDdYXrLDkrCq/4j/cIHHiVaEPrzKFXsHD9fV5KcuWv9dy6UB6ypHyoCe/uY1fVTWaj/GvKrhjJoT7wuFdsTKKsoTNKsVYQtZX/Y/fNj126eP9z/sbwpvhIvmBXu9Xu92V2+V3URJK6qRa+Z+z/utCyzh3OafLw/pOOJwKEhG4H7r8zzWSwcqf08A86t7b8Mss/3vOzaAe7BejcqNXPmMKi5UEWcF6L4dI52qDpcXv0t+K8Yn/GJ06r26jXnTqOS9J1kT/e80bgdOBXdHDZY9VyOYbktvTQfqhbvmhzHpwyuzkr8c1JaJYZZ/DRd3w1J3wLF8PgNS5W6sdTLyeZxn8mxV7MlkWNRYWBTgp9iRS/Xi+fwxkV/Q8JXRHd1cRWcT/WTeSWROXidvzLEPH/n9nAYVNm9AinieBQf/Pt/0rT1cV0DF2MFSV/z8zfh4LYYGumHECRB/4L/73FCFFcsFXK5jkyv/nrufP+/s3OYJF39RMdI8aOuFBpaNY6gacLu0/vfUAHY63TN+3PG9+7+EDW6K9687YIw0c1d3vEKDaibJ40XpSu/2xGJ3lG0mkug4uoNlY6Tb93VODfBxHN/kb5FX8z7vwjHxJz64tdRou0FCwoAevCCGGU1qgo9gfqhmu3qCUmdA3AWIrGCmtzv2/65c/gHKjkQfJ2c8nZ2X1cM08+UNsPsa2p0rZ5730YE5IOnL1HYkFPY1x1DxMWHHai2eqz+5A9LO9OB/TzP9vxQblt2L34nn90jgW3xAaDjTPvy7drNMZvAuFUjsbQ8T0ybPC9I4sYba5ahPjeKjMX/m/72wwA1N5sJebzssPQJ8rWGW/f7X1TMKyJ7+W+1ajv+aanD8GoN/9tkgZjei+lts7HnsS/u8UiA8Xx0zrY9yP8L6tzPK486+33/+dCoWDatM7MGoAuQkjgZEYmA6Z3eN2kZ+ziqlvhrF3hPhDGtBttC2yCINZwL+KBZx6hZKRkboi+/a/jvsNpg4MYAotRKD/MgHkkVAP1/n1am/XF7euQmOKuNDj1s/vzTM14+Qga6ts/QcngNlId6HVwdtxH5zbRZL1x2ulB7UxEikIotdLAHn7cSCCtM7/ddKxxwY+cg/UfIlAgwLlaNp5LciTmwXFkH357Qd77HKXptEpKout3GNvgWB73bQb49f9XJg4noVMRAJZzWsMyalknxpZL9/mMzi8W2FzYzEQ9+/Vk+Mo+5xcB/SD8st2IagLewB01/MMVMI0v1e8/thX7Y1d+uO7yvGwK+i4na2vlrnR7wPH7T2Es/esEJ6J3f/ySR7kWIAVr/0GOPIIWvpbywFUO3bp/gVryYvE/1pL+aGcfQE/FksdwKmbzeeC/qtepexAWo+oP871nBPgs0F6+zcgtvn1W04x14YyQ8WYIO2Ty/+bHfaRG72yKFKacX74mzEzr6D+KE2u4QoWanTnv8xr46Mz6q30tfKqnnX6VkOOiTySgd5rJq9af/7i327v/3Z7Bbtd3tCrfr8dJ3kVhafc0H8lPftJujqrCkfNLUhqcxNqWgSkos8adUHChcT9k/5ARZh2OkGYUTRDFXqx998u/0UcQDAETc/G3LpODxtc2j2jHeKLZGzh/iMCb0HS8BsppLGVmUdbJdH+7U4Rj3vm8iOuBm4Sxazz7+dPz/SPLB8SGRSiS4KpVzSQQpEDafzOa2tW/s8j+WKSfAtlrYDv6+HG8a0ud/RoKc3VDYxMAoZ96NEl8+XLkhZ6dh75P1femFqtkSUCdPh2rp+XTWskiYDd72wWFJhJorp/3bfYqqrHYNEC42avQGLCXRX+ohCQn2jsgchtUPsK2/0YPO6DZLJ/Fmq63sbZ5YxpjgSz/HRDz5rNYuCLApAP8AVad14sGzqVoy1lpTqEC5nqb1pZgMYWMJDvRBNZg+/fgGR28jdr+5fdFKHpAN12gdBHPi/TKpuemU/06YfRShQbRnxFc8Js7WcrxMfoiWa5id53BDz3l2ENNo46Ql0jgzISfrC18DoafTVJuWo4oATcpIKoJVTK7slGTflPyyFCxijxkk+533tKA+W9VaWhWxnfsPv0pOuaElVON+eLjvfLa06Y1nrlZUvWAIA7VhLEs0kaeVv77uS9tTOhX2UIUMsAOYnSWxmXRe67Ud7wGrlHCO91HutKB4iQr3vwecfsRVWp8XW2/8zrY94sX2DvIOXEVC1UrBP6W1pTKY3j86j8cLMOElOBq7Xq83NzrB9zZji+ICzpBY87fdHNw+AJtJjHY41hSkPCj3E+C+sU/6QLGH8nn08+vTQXLz4NcyI0sjxU9lBWqn2rAgOyCNr/9qAxOIpljxLYltAiWDClAV2jRJLKU7tCJwe55SdOoT6q8f8Q3crq/gX2RiqDiztA/dz7S7fbSeevNvt8QP5u9dVPg6zKpL++GBH8wmJOaygV/6V7SPza7h1nWOEcN0wrOMs/9MVN2M/Juim1BL/4iauA8OqQq+jQOzKr2MlZgfZK2vcjecndG9XH0J6PaKJEMbjPbH7iTvFPj2uHbCyLQyHLoh3okNAM2vVaDGBs1PJv1MS/f7UOa9MujpzUAfyuD+H8gF95LkpI6Ay8+MFZ1Wjiulrf2YGFq3wBe/xl/1odmbAZa/2yMXVlJ8FD7EkjOyO+1cfq1I12c8zMwBujGRznJ728o2MWqfpunw4uvMy/cmBYLoggWF7MvHC1He+RNtff9p8HJ3EcSNR31HOw3smW8gEn79e0x/F2GK84SJ087g2A6UUQ2SQ8arnWH6IyGOvhMqJ1McBjUn08c3AURk+2DbeJpY78WMMry9+hvhpceQlnHLrEn7aXrn4RhKTKIfNe/f6rJCstJZSIDrSCfrV7yEDn49zrNe4PjWIMAA0slq53OyVsWVXwF3LzSWM9YhIJqhKFJSU18R8KLVm2E8qvqoFUL96rPnBbPBCS2reRV+Z/gOGAOOz7a04/PEB3H98yUPTApg/hD4syASfNWO+attWc20FORFR0I6Q00vOk1/hwsRGEqXpBX/utFPPlC0Ve/Z9Kgjd/WdcWvwznSB27ImCRVmSzG2l8M2IVf0UeUocq0p0fkrJYFnpNBfsPWXbPjlCsis1Fe8DIoLQjIpA2YdHkC8nD63iPRo698i/N35KgUypvFP9ai3lNU1abRVzNHolp9QmMn/ddRnLa0ICPMdYeZfMLx8UkOX+bTSkiVPtVBQCZBVUJtKSLg6W03TdRr1EgT+ArYAXM4ruEDTbX2WhwMkMFuJCoLiUwKWFzpi8vPuN/E3qyRvErTiWVLxyEH70J+UEOFN94lv/C3yNc68nzcKD/QC7aaI6mwwR/fiG2/Xb0kl0hE+S0bPjFcw92yLEIPwscLpRxwXBvs0bc1IsN8oiZRxWv76giCE16xU0nK8RF+r/9gV/xstcqN4TylEjpL/E/bM+D3YRG+sVMmIXl87TKadN/Ww4hEpPT/SJ+zz9pF8FfgoZv5QanCArI6p1RsdiI39DA/3z1V5zWBwMT42OQNqiHZ5AdiFcydtBxb5EP+xvbfDH543qtHMj0eSzAxcdlNOfKJ9SEL5HZNLk92AxNKXxoC7igWlRsUsRW/b8qioiLGAJ9hZ4in/HzKErEYoK7+jflkrarJN+amhrGyreG+cXXZEb8+YTjRJ/VCareYteCpZ7stOKIXl+zH8k+8OxhpDvsDnI5nsiyJWAtN1ZmS5iUAo8YnNQUN9rlN7CWDH42A7P2wkW+uZVZge+GExoGRoNy+RohMTNHqKxwlcEw3Lzg2sTfVTX6jU9ZJPNyNEcB/aVExixhOTZJ0Xm+Doha6KXPemREAIcqpo3QGBwMaMjEBcbg/ercnOfvLnpXOBpHSlW1oeb8kgcTJh7L9n5bJP8qfl2XgIPseb7p7WScBjaJRrC+ef0PS7JKSJwzi06bjd38cb++3OA8du/67Ycf+0qrvRYPDyCTQHOa0tIUGiN0xGWAYNiZC7YAHxeH2jYC2f2wVjMphzsBQeKA5Ohp+SAgF55tZqXMIPL9PmG2uT27v6hSm64+Oq2eR9lj+0Qg6FgjdK8giIBHhb+lpPGb8Gm3VzEr3+qOlj89JiJc/vlPMotIgs5fOwycK/u07YE9r1z3Mf28R5FofwweEZ2wR8Q8kSAfIOKlsBB2j6BRH67snyeVZpxvnx3rKz2NhT+D6fjMPNK0LweGSX4joeO4TXKm8aTx/wtoBdu+XZCpgnX/2Kn9KCiLW5XcmRlw3ahWbCh33AnS2zP/lY/4ntQxgVSvsziKDW3ZvKFHSFV+edyzwW0hQSlHhq8JecdmNMTa6/2LN6Xh58gnTJPS8G1+lMaVnF5scJDV6hCc1MTZF06E1mZmUvPBFN5uJec2+dLsy3ir4s7ARn56WKXMZ4HuhERMUH4gvNnga/Cggr8uNTBH/Ms6XCAvEDvF1uZiRV6/8vBqbS+qhrvvJxqnNpzdBfSafdbB0EGICAw32QJi71jONZI/HsFyKehuJAN1xuXhFgFdw4O2fOdvqEDFidkeMaeY6/TzpYF9znf5oHXfOeGa9Dj3P/nxz+LyC9cqsQG1FtCyO0LdLzuHhzl7GEy1VTqs7VuEYFeRfgJXwbJGArZKHLiNTb4jMv27i9tGsGWZY1YVCuOpHxPOmVfr4WKYp0i8IMDJ82sGCLx+Bn03MdHJFYIciRBsO96/0I72J/jGL6nuTOGjMO7rUdEPPQ4YSWiLzyxR/r5vKOnlITLyv9ybBJ3BSolbBh+VIXPlc99zupgE3KeB+wx8499Fbb5TPkckGXwVAQjwo2hfc58hY9+SD/hSYY2Sg/4dGuOvaeIvp1jJJM3Apamcz1fHAAczm8NX8BKXFJQw0Zx0ihl9huSec8SNdtMmlzJPK4UtE0voQsJ/mAf2hwDS3QQNyHot2TE+vxHtEAlroO4HJ2zogmamAPS57ebdSigCrNGQ9bAGVv3LXskUnQG1aX+TCSeie32hhYAbW8nINw1v4n7qmPHej7R+EWneVfNDR4CjAhyl/Me6w0aYe5hc95BLtjiNpHfZXdIp71olP8TxQRgf4rtxG/omMhWp0e2DL/CuP9ZjYf8irzADSm/wbc8zOIKqrY+YCxtnPq+6+Vu1R1q9i9Im+ai5O1w14axUrHRmoPRX3yl1RqMADPOhtEOJwBkwM2dgN853h477hHmQVi8yrGBgQuKX80mtqTd92eOpcpOzSRuAv+ehaBzqqxRTRrbj7rjoGGxc1q/YQ9WMqlsYbSxd+UDHW1wUV4qIzWzAwgM11wdKxpE+dMPBVZ+UqBRfjEvk7Bqfc5s4I15zDlRHyXeAOav49E2wt+IdMBDIP1iYNG81bEVDK7PShO2pMu2xNR/2ykpXDKujZ+VmCqnNh/yuL9s8RmH7yzYelMwIhvGQdTY2CXvBR0f44Gf9m1++oplq8fN/NWBV8+2vEnwUI1xUgrG2UWKPtfahkrzDG+W/jiE0jWPCjxr9bHHsqJmGTaMzfFOgWVRJeZfBGKvh2knllJ3q91WMJBlAL7NKU/K1yKAAB0+P7wnnmhdg9Z6+NnftQON1ZmJyF/bLlf+O6tCJ5S7HDEkbZKcX4waX/Ue78oFOmc9LyjJ/EvwWRnwrCh/dr40PNJxYnYazou0pugIIZ5PmXdWr4sFE5zX9rCpMESf6wGlbroDA9Az3LDdBCmLLE6aogZpGfmHP1O3zZWSVe4gYhaCXEypfWZxkZCjoMGPxYK3IifaP7QJGPj1FF6S4p/5G2z+PAEqfhUQEXvDDu8w1KtFtxYXHbdN7CMRDheN1uNo2QCqN3uLBIb8diNGkTNVMMRmBH6jiX6yf+pyozaphByYRVo0PcQf5r1KxXAh0e3bVH34pgz/g82j2aU4m/RP1aFCoBwV0wbQZgWR8NsC4E17+UEWkQVX5j6vMijL1WHUC+5sD9yuvz4xTgJ6jG8+OxGaTwbx9YICr2UN6ydZvdPysjW89UrQ2derpq3J/XDB15mVPTw6hdOnEM3H6jugHNDFlvyxy2vG8PxxEc0y2XpsjegTdgbSrEY9rc9bUAN+IMh7E/FJr4Umu76OWIu83TAp8MQ3wAunMOdL+ngW/rPij76Ry7KrIU9gZw3tJoPuotkQzgErboZBTZG1iDDJzCYzOeIAG8HgkMvm6Y/Bld5hYYoL0rwIjra/Oe7EzaDK6JW5nIs731bxYi3GgoZa/1KmHL7j8TPvn8D5oTbOoPbKnh9IvH0Ze4S87jwrOFvXldlehpezOmKSPl4EH4i+LHVhYjkyRWi2hdJDlpqxZC5EeRL+hxJXLN6lb7RDAOBXp4gUcoCxvbHqiMsvlQDS8nHCL0dXuAuubmWFEluSGHu0XByh+LTfr3F/Daee0ZzmkMIFq6+t4DFR3p5PBDTYjY+KRRjuSSrf+3vCTJokReRMVvHdHn5wIaaG77mOARX55GTiU0X3LTcmNOosdNrOa3Ptzdci6QI4hhAwFcclz2jSlMX4jmftPApLf9DaarPm5mvfdY3hY4V7An6/+IVaTPPjcqb/V80EaZr5b9JYfDdyq6yN9EGtlEMxAvk2/nr+v373MTFQXOP4gyFCCjxAmMXRRlXrZJrdpXrrD13WQvm0Cx2Thr7pH5IreVJVpkjxW9L7y7TQuBZzInQsTqJYB+YmSX4aA8zbTObpIk0yQUmt9WQtB3o7Lye7zIoiRfNL+IHK0zmyUdIwSOvZsLCuApNg8cYKWeo4+SCq5JxM1+68v9etDfb00nyoYeLelzmo43SnEBU3JKOSO97GBtQ0bBGAn4p3Ku6ht1PiiIb3gfxntQtJXvCfTPCyEsPiQmNUy5SvGQC0qyFKUnGGxxq6a+hh1pLkMstcb8UEC7ic/IxwzSZ4xv8hZPwaVOu8kQ/idVkVzWPUr+Cgb9uayvTGYN2t7yjaglpkqTSzl7UyiTvmnXKoUGHPfX3Io2KcOTmI8lAPzIU3B59f19ztivg4C/nL3VcjnJe9nEWdrJ/oMyp73hNjPBeb8KuKWD+XBSx8gfPH3ObxxMxgZPeLbZkq50dcxgq58rVNUBKASKHn4WpmhcavHuMNxFxCfuAyYSC5h7jKI10VWfv9nurLDXw4knMotEomN3vDasUEGdRW586rthYCG2ZHL9Tmj298d0mWMkdZgzM20S70b3iy/W9Bhmc2KKIKbAr1r1Jo+sV8yIJbDUrKUKmorTSHU3KLwdXFnXGqoSEVcLOfeGR/b9WFaPZLaAbLProppL3kYVBjieXj7cF0f6fex9Kg6gWyGd13HgL44vYJqo3cGXPXdc0eZH9ZGAtZ2JEpmE53b2KqOQQberXLrK24h0499xFE7C/cqQzEZ4N+N+0H3NnXXtwQ80hOCr4J/p7d7eOzANGPCVG/9EJ2y4ww3bEHGb42fL3iTJuweu7aAclAfwGP1gHX2ywWm566Cuno+YPNGfAmSV5uGIB/Ka9WkVTSqOiONi4TRS09gtCjqDx18ne9HccbvWHBViFRU7nioTivTkssIPWngXK2RCIlDdRs7mcjMffkQsUX620sCXCqueaNX829aW20flPsZDyyPTzB3BKFPAIHlFL2qHZ9Tuq6QM87dRb0kMZFen+hC5b8Im/Wx/D/8GjHySo6/4Q00sQVhBHsHcNDK7RLZ5+4l9peHaymbU6y/leyCvXOrX4P+jb58nrdw8lJHESvR6te/Kwaxo9Kj+d0g8Hrb+qN5VFPRnW5byhZw1mI7FTIvbTY/vYf4BWp+QTYh5QZ/laqGJ8tmpG1T7mRU+4CY9yvxYHz2RT6Dh5VSt1/nwecWq+4C8l3TPFnu5BcYW1h/fTeNVRkJ7sjj0K4A6WUYIzMPgXWQE0zrKSDe8HpkNUJ0CX1868UHtwYCSpsdcVijy7SBonGun63Z/l3Lu4205epylvcYhPgk2/hagezU2ncAhkreHgO5UorpqVsHS/kZwL8xXnrndBRhwKk9EkAMafY2tqgrXwu79Wby2OwPbD32vuED7sYxGiKNT+HxEcmreu0CQFLzPXg139Xt1NBT4ByHZpqlf/xhrvex0b22hUSOGJeFmJ4NWT0z7N4ScsPY2Drf8iEbBCggAXilD1OqCZietbwDbraoF5G7x01Ee3F5xVmlSUrZNIpNSz545Px0i6v7xJcrh7LppX40t/1eR12fAwMaFRymq3hKzxq8p7F7iw5czOnVLzlR7IFwqQdXtZ/wrnqE3p+jbehb0SqXjXCQ/KpupdedMKkeDQeF+mE/KjzHnebzmKE2sJjZx8ngFGjtjs65jV7ZOeX+ulZjiRFaXVZ1c3AzDiUWCEJojEp8bKiCoPxNeO0rcdWtFtOhA8G5iXhNnpWDEzaVPatAeszadWUhh92OGgFmDkRDNNIQ4+3dRwB25S4xx07y9gaW1Btmk5HLUvNee5zAjsenn1ucpWp7CMLuBb4XGLhp5hjhYyzHQjw/A9j0fn3niTh9e1rUU+sNZnw3Q4xEo1namRGn3iMP+hLqwbGtUKwwQwOxwmINs3ot0TRx7fsMdMaLOeVYy6oD4ljMYr+AFijxK5EWNtfRfXhnZUkVvl9McUixwS1cOAH8sWqUCtQx8BCoIzhM35CVIxVUTwxRzKWFRvAPthn3/sNR2fAqVLNbvtywFdv566lJ9g5x0YpBbpdFHCwybqjQ8zp8iJ/HAE8TsCripKzG+PUy/+Kq49gdvvtJhRg/a9a+hRsEh0pFn3aJRH+9/8rLpyqNgknjWB+1XI2ENzTnx0ArfrDJ7IKSebKgBTZedBeCvH9m9SFNxOZesJoCdtewBKyqxcOmOD7liwAz5D8lKbHFK9nxt/iQJC6Ub/gtdkRKVMb3wgLozBGNm+GhDyyEfOPSgU8XtIrYQ4izgDTskb+4i9XLr77cKy5ZstA7LvS98xyLzfDWmDcSdfq3KR80Q/WbjPRA9S7a8gYzdHztgzV2RKGgUGoVbz2avB/OAe6AqumGsfohRNOpYDwP5OX5KD2gRhWtP49WwdqFte5CZo4Hcb0r1A+0FPQJfpHD7t2t3eNCnnv48fJKJ3DgJMf7cRTVhkgmPGhBO/zf8B8Lg2APOxWWUT3mMVnPHoP/d3fmN2dEUjmRHT19pnSr3EGGYDg01AOdtVX68O0C1UlZd3jEzZbXPyBw9+DsNRbKrXfYg8McRHXt0JVVZyPeyicluKCqtcXYK7uEXuK0kaATRHJkBb+IL5b14VXF3mGJ0qF3xM2i+JCBKrYjRNA+Tgmoiq6Iq7G7j0LDXYLp2yt2V7v+jXCgqTiWeEIb2lyETRz58Buhj7sLQJEmIXV5EEeZrg81AoYSRwbgCRVNOKUAB/hyzexuJQvhSl+1B0GZVRWerR8Sej+kIX1L/fT2VkHpqNgT47xZzJCG3iyrNW/ZTksBAJk5okkl70/yIKRZCLIHRz7bxL7ODH3Npk2AMNdOi691MJbHdka1P4o5NBPn5u8S6KYTzQCBHqsTb/QvfJePXxw4xvRsI1s6bc1ylzLvg/cin6QNHKyIkpWvCKezwi4OCQM8sNsdPPRcgbeyZF7vfn4ueKC+wWSNV9rz1sXzmtB1bqMsVn+jrbxp3FBhiQJFRBGPr1n1XlTmzWGLBhJo8vdCfTtm3o7gXQNWtAfyg4+j1O4dB2IqY0RFMEVd/n7t6kZ2TCsdlvc12cWqY6K+gyfQ6pwsGx1mfOFErQjZgCAAy/KbzqzEDq6jz+mRGE20c6BJx+Joga1iIXkiS3Ale4+QudtIsWZh6GFQNoOMkCiFQbEPnY0mz2mX89atAB420Zjx8U4BGp14ciwTL1HpCe6cUlYIw+A2AO0UnUdekIuoZPxzim+RFzP4yczrPmXrbi/vVHetEW/BCVKPCPSouNjn00CZbgZL3cvrgpeDuIoNRzXVrwr+G2eoOWlMiOdZcHR16tyVsJRW0RCku+RjBcuXfgQ7UgHXg1JgUZ45RPaFnsMrExC5C/VjjUyTXNwXrO5B4UIyyKcS7Q8Fc7OpljlB1SpKMOq5HXmoHR8/bva6teGxBHEKT+xt8H7vV9AsX8qn2WThpvaUiCoZFhKYg1fq58XnFUFkmCmT7Ej0G1E39V75iNGyX2hvJfITp9+mD6wGkK6NHrdAazghTQj4Ct5IuCiJib/L/AztjibQN5KTZV+oRmj5A+akkoVHwVkjoXi6PvcYLxOiSwlbpcBHubfxG1CwwvklwPbQ0/YFhlF0Lqpvp5vEh7fsGwOhUKDTYJeP8IUnDhHQPQ5X9B1WYnpX2q4T3Of4NIuX9ZzWxMRD467m0eFsxnd+wBGQ3pvT7Ziit8qKAHqbibIaYOmWIEVcHAcdvt89bx2aXaFTfSDQrgRC91aD1o0CK3r4kwgvypTS8bAgHlwKC56Rznjmu4FrW/6KeQtHlbBdzZDqf46HqdWbWRBEYFg7al6I6zmGD7kiDLpsfFuUxAdFRt3+MSN7qQZs2+qcJAHMumPTK3o/ZL7pDxgSb/yC5fbRyzuaYL60d+Xy5ihctvvZanBLcCOY8xCO23EzFzngu1HFNT52pfenuDbZnMDCkDb2jGQL88ZyVWMsBZsjSHlnzXXPW6ocJgUCEoSZ2FNeTCNDsE7jQL40ekDM37NXIen3PHklRBWAg8rn8wEP4V4WriJ5md2/SO7DIz+QTWSaAM2RetsfJ1rG4n4Yw5hZR3YJRwCHDwRo80U3BYJaPIazWkm2JEkY3OjnM/LuDY2LuRQRtQ2yMdhoa64JF+mKBidgkGMDWOuL3W8H2XMW0j/V8KBmn2k68QsnkvrJR2VYqBXwRCG846QjPlelIeCFX9VfKyMWjk/Utlfx6NhhWndJRNOLP5Djiz+WGKjedH11cXuyFhmTs08nC5+HkEV+LzyjCD452llLV04JOevRA/HuOCEyr42OKscGhey9aqyurta6VUefExG0HtND8/2h3gsx6n91MdimE9bl6aP+JbQrThe4eJkQdUHAvcS6QiDF620/OitlsCVOSsTaZDRWug9VPwZjhZwu/a53TBSq7iBcagXBV9nlwA+zyOMc10GY2bGM4N143AGEWbCVV/eleX9+l0WpPHomHuEyrcTRSk1EIZk4tEOgYC2yPJ6/Ti0FZV1rrFGmjnpkMrYcIVSDWQS5zQ5SzeYApbNR2fOVXMEDeWVfmGiytX+DMml4eTfbbUFWtEdm3O59lQQ9sR8RgTp7CY6VvrIWRKzCvhLchiD3O5LRNKNfFiwxxyYJuQcjLS54EwIVb50VTHwrUvEXGc/og7UNkEWSBLc/O5tJfFL4YRZEtH1JQJ3O0lUjZiTRN9GYdQfBQCydio6ol4UE295ccVzs+vwZ2q8AT6nEiM1XfTMYJBGSTUZGe5oVJ0ye/5z5oVqVCrmm91pRE6jTX7ttvD4v/8W9ufcdf3HAE9RZP5hr+Ep1RypGgkzBXRaWuWjwaMHPObz3SwQ3w3rDPAeKGCFEJeQLfw9laYagA2uMJtLgT9zIru/8UbS6BZXVozbdcXWN80XbXkBon8Wdawftnl2FJ+1RRHK5Fws6HerdDvHattvozWvtd5ebsbn/+mWuwGfF2bBpOPKstrxDHOajktwjH0j3mNKiRIi3lDktsYlsbFYZbLRfGDHJ0vXPPe8XvIWHl0eh/PRJ/doKHjamIBJGGz7MPtyN7XuYFrvD3jx/9T52c3S7Odn3LSx9f+xJHicq/5mzSgN7GIoCUHT/kmfGltGzFMUoJqqN6Hk9pAzzhHPKBm6yg2Tn+diCCf7kinICY+Fmk7zJRglvca08WkWoW1yJl90amMnKXtMsZ05gvhg0uKayopa1Oz8T8P8lK8NUVUcoGcetitHDGxzTuZg4+1189ETDdunUkGRoj8x6t6OZ+x9Vj4v4pcKaNOMlFf7lLXHiIRp7+aqLXqkg3/aP11bVxrATiUpJfr7bExeKBBpCNIrIxPapRZ2eDRAcQ97vKkOTc6rteYFHWOoJ6ueEcSdQOx5PUOpPKlDh8QMivnR9Ltfdrpl0pMBmIfJK3LleOQoxCCW7AUlAxrnYU0Frmcu0992l4uHz83rWPiUNe8VBTvHLbkQBs9rtGV3fKJ3a3FuPoBGFCeqjIVaUCCju9xO6Wdl+UuKrLz2T2H6NgSoEsNGpUpV1xiwup6SoHwcnKPSMvkvUA5bDOolmfy7cCIo2Q2Y/tgl/lVfnJ+tfOquI03iglyJRXQPfVIpdR7opMnYobiZVeFZqzKyWOJBBfJ2UpHd2FQY1kAGk8+S8qiQKxvTWIjcEZR4NhLWXOZDhol117Lp08IV2h/bH6RBrxbfaF/3djA6XGhn+enwWDe0nBj6bNfxINAy/3g5DgrjV/mb9TfSpbargN38oQtvepGZNNMZ/5arKmdaKucQBkRDkRn9ev/4bNZ5bZxoEznDfIy7NMovL8Y+eK7ivQJgBurruT87Z6aDJlea2TLzpKJenvKz2dR8ZCF+rHknMyCXecBxW3eeD8vT0sA7hE/viO1pZAU+0YJhL3zIEIMGAVQBYVxaCcUSZlAokGWDEgYHNgQd1YfKbtgoWapj5QU80fVFCAr75RFvVKEBhwrXwWpmqVyEq0m5ZF0Zm0Wg2oyCRB0Z2OXJhfZV9Jd/SwEMfiikE36jeBpmdHDPvae/ehfaj5VYwIR+i+dZamSCIOTXxF45/QZEuekF12bSMYsbpGnS2vbMGWY78uWftig7fhSxkig1l8728lOpN5qAClk0pVUDIwQXWnXBd7PWBmddz+r+plj4W3iUWF+J2/4yzLdzvNxtL+YQQ3PJok6a0fKSQ2Sv2uK3yG5CGBxEwnmnPCchRqxqf1y9V2tJr7WHWyeBTny2FpDwnD0pCFjOrvn7vHFv7k+35sNWsETTcoQm6+laA9hTsAQXO1/Z4871LBmZ1NIvb92dOvK9nwtcmzqAqV3lx83vkCfZl5cqLzVOi+zzPgbS99rEmk0vhCj8u6MI2wSG6BYifmMcxa80ZzxbzmtTl0tThhHnQ6zfHGUwtk3fmL1nAXOPflInQrRfp3amp2+iP7W/vZ0l4LNA3/LYvmOar7H5e3ZVdxhLfvcnR5QtzBG8mM8k+Ll4ck1st4AcqFzITNPlw0KMUqrpwMw9TBcoVkqozf0vADwcOfdKA1l3tVj5sDrgfUatpa2UaCDouPveN9yOZn7oWw3B5h4G5LowBkgDErWqaETodHxLhut5Az2nTvrTmQfnOAfUK6v8cCI8NAc5cCf88gkGgH2v0kiH9gozWM0nnswhbCUS4QGf1mnHSYVTst/tbivbrDQ/pBHk8/duD4bclz6Ti/+o8fN83yX1K7pQ70l7LVHKDou/UWDkPu4QtB0h51JWLJsQQY295l9Qc/fGbuZN7kjLVL/NLejovfLe/6yKsDOjJIIbXUhXwgwwGMpIfuxiyWmbkqQKjO5zyrY65n7ipkJel82Q7hcDzUc3kqF6NoX65HUMu7ltzyEAqX6aEFgd5DHwYvF04HL8KoV/oSaN5R7SCtksKxR80M/YOTcrZFzn6C7d+4OxuBWVl5Wu/VE9qaksbVqbuupU54Xxn3QfyA3/kd3pbp1nXVfUSFyTX8S7cLL8wpVpDohfeOjs8lQi33Wd3wddjpdBXyQXVJKg8aq2uXTjLdg/QtAhjujw4rBzEWcPnAd30j2v5MAq3nB+zAQgihX5pZ1boE/tCWH2fIxQ+CGtuo+Gj4b9RqrL39krTcv0QU95G/mKRCbPDWRPmKchgyVhtcV60FJ+UGdUHH7HsLP7q/TVDq7ne/UJ0OBRYyLe2Sun8Fn4bYPmCGtv4yt90xp1ipb3HM/UyKeB+HluAxxw+ZXOk9unXCZoeospXeX+oUDs/6jyEs+/n3aXmJS2rzESRF7f+GgUwa/0RpBvGY/iXjjMvCjIjSaASepLkVRtFSnd/CkejcZFFPOuhttxXoQCfhrX5Wn/2vEDqvlMhNNY3OoOFmahuzty8/HQajIBhJCqqLaqcTXsoDUGGiYOnx2/gofaGJW+uj4l3cTxbJHDYl6k3fuWxPoLm1DtOo5vbH+62SuOZRedxYYMRqJkyzoghdRvDew/qFomBipeP8J4zeu9fpOJg7IoG5a5v/KB6gxQETFVD/rYwVm6gbcFl/CYAv2R4fj+o2bCgzXPTNjKWxXbnjQlf9YVLZW9YGwogtsrBnp+Ttu/y/KoZGxfOg0CVyoWJnWHQBAYShYeAeaiZHVynzEaantOKLEjN55rg6oxfWP8WqFZo7M6pPVQnzkPItukknCABvXbDiRFKEMuyeTggeDR+qM/nNUJmbZY5c8C+IDll9ugsl/lAMvG6vIbFz+AlkB9DIbgk+VnuD2b5K7zRy6gGNgBXba6gLF5Fs2iz8baE2TlEPXzZJ0p+D0+CkUBuuMEeD9Ei+ArMabkFo0Y9CEs8h6VzgZ1TYRDM1lQe6hTDcnzQkqOsATMR6inv8nhhBLJrK4i8rMkLWb79lVneGzS8w5Nt63GknLOpfsxmMfclbveu6lnycmKctUjSQ0RGt1GJwUzf+HI9ei80mHWpBPTh1/SZR98EHo/zYpXynbb7ZV2Xqa94lv9/tL3HsqvQtiX4Na9ZGXjTxHsv4XogvBcevj5Z2ufmexFZzarTOLGFEGaZOceY9sVw+cOAtNcUM9lAJOgcPEplEXOiZn0FMLVxfFasbU7EmbGU/s5LItgGmY0vufUZkyQYZBpFB4rhdnwJv4hv1JmAJ7Mmo/XbEcg1yiuGisECImHYu9tWQGYPsJFTDqa+jdnakvmVHdA2pPq49rHOjss9j/Pg7jXr5GjBWfRNNJsoq9lzdQ3Txw2NnnUDL+pKhPbaxA3O0JfDjnbIkrmiB92chhUtcY21bI885jLsgywtrIUH6OT+8SCYubipxG9v7VSHJdgZ/iMXZHtKTFktCsGgKTYNYBslvy8t4rp5ctfd82FfdMUYxKKE/OtVN77GcqAXxWik9hvl7iklq3tKXvKiyj5DYuTDByW6qJUy/0AUAsxSCiW9jzJMdyGy0o1vq3nbzVB/NoNPolh0T4eaIB/SvoBiXV++9NbzVIcnLB5NaKLJfNsFlJzVXUXSfqC/OLHvx4B/vPEB9rLTl/SGl1notNFZnJJzQSzo2CZb3R1mCcbg9tu6m2enSDOMkNmeEeyEBdlwlx1OvL6THiN0a45knBaf++e5pY/1JpIEREKJX0IwLR2EqJVMmUfKLpN0sBtB/10QMSaykk9Aq4yyzDfitdJ8CMBhOQtFWvWpQgaN0YMYoqxSaohcmDwi3WKbi5aVNaNs03oq+88w4USwa2PiL5AvD2Jw7d/t+2AVYvzO2/pR5aIvyTuv8zrsGXzhXm8au0clGV798dDQEGrZ8l0KAX+07Rzeq/i2OHkwo3msPiI6EG+D//RyRtCIg7MgBJZnyQFA0nffjFC63CyCfscpykzF6UH0FHE4EBMWtCJ8SkgwmZVMIqT77nkVu9XrV9WVa3Umf8HpeF+YkTww1p6NZ/uFIQJFQ2arzlvAKsl5jePU5VpsgR2hZ6/lEYxagRgdcJxZs/+9D+cK3gzzcGC25QkN64EhPzr3pUEgNbA9IpO5E4ru0dOOE66jlWXHoeT06nb3o3uWiOQ98HBXOJuPEXe4tu6nOGHMQretWiUb8cj+YT6ecvKvAjJw0ypr6MXxJdKPa4/s1jZ+HjQocG/6EACL+FC47TuYOpdfvoUc2CC9bz6VDrZ5aL+bgZ20fjeCyj4U/2Fx3s8ip2TRT03A71pW5SQ4F9Hc+V4X2OM6eu+R+qxTK1UQshh7waS3SMuCNIZoRirzKjWK/uAqhHR5sJ1F5ImWROZN4DzAnYZz9t49KjQDZqh3AH45g2REWOC0mpCHrGqLqCec/1Qn4ErFTANdyXrzKhqJ1OpPM3+KF1TVYakMcD1JWcFS2/Bl2vN+5VuHG8kvC4czOGkf+K2nfJib7ZEzG3M13s/uwd7UMzEt2zX9fttEu+s1nvDw/XLq8swomT6xlOIPSWYN5atiOaKbTIumMURdX+fjrvFn2dILIhWClls1oWAuLKDEw60PD8o8stvwmoDquojF8UDdElBPo0H7gTiaiEtPIEIRMwWOn41LoQWjDZtQr/3Sdpe0fPZ+Lap4m/zgOEeSDPlbFdw9I18j88sRl0bpL4JRCv1aKoJXTyaoQpwAZUduMQnXvWZ0SHRdRjiS9nUhEKmBn8cvjpB0eWf2pitRXvlDC4lhllDlS72wKIMjZQtls17Ze5WeHa2RtvRhy1/FroyZJ9UKm7BfznTetoOiPG/M37QQ9tnF29czF5kp7jMVEULNuUjxaPCSFzgfzsKzn4QsiHrMMnrTCWpbYYnXvXQsRWSewq5xprAsGLneZcjyr0rStBn3R4tzOSY+A1uPnBiABKleKJpH6G0tdQ+xeMj4/GjS6tHnVcq4+APyjZWcM3ERUCIWSriYhc+ZuPkLonmPZlGm/1e5I3p0RPpG3FUPNqjoFwT+Ct4Xs1Grkj9Y46mkvpHALpqw1CdVk+3O8D3tiVqKSMRZmNdDwMPhe+CTB2mbA0Im2HCQX95urzNJHapjRVb2efbdO0B+/TPrzB7a25weQS1mMJyje5opVxh+VTXKfmL6zmaWG60yL0FOtZtTbEH6hUIDrzW8FeL9Ejt1dr/MxxDLKz6aRzg7nvzi3nEeEQ0itWVyw1TgmS7F5+qboP7VKmHLUmE3d5Lg1btKKYLH5DBoKlx8SsRBh5ItRsPxsnDbfXGovF0g4q1f+LK86NI7wAr+sjab+1C2zS23OmeGU6gdAx89X472G/5QKPwtW/8YFprJQAWX6RohZVcuxNBKJ0HhiKPM+2cIpoFp6kU11F9OCP8sSD4vMXNKpn7Orsw30nMN3s/4Hndpetp7bD+NDjx1Y+zQxidAqXVKfcEeSMoy+ERVBIZlDveQ1/ViG/9L6LiBz5bEH8tpCCRujdmEXOyDMJdC7Y+Z6bkOz8NH6dwww63n5QTC0iF+zLiAnDgiHh7BdQoMmgQdVOYiJ8TN6ysl9gRMi6K4N8H6Kp+Rtyw001MBz4YYyTT2w1Lw8cCs/XtX3ntnNUVZB/uBFn95qRKX170An+mFlBoHiSlo17FRuUbfQevZkKvHbVywYguveFKacmjWc4yF9n+yjiZDwXQkr4BIj1syHNv7oWt6SuQegCWZ7LQzzOW7UXbyAeoPEAHwC7/fBTsszTfh9yB2ELXdeV3jHaF9MPfmZQrav95sH5/VamcyMXN5Ywdnsjql1X/inQxOkexne9JDfnGwUWjJa7VaRLhCb7X70f5VNdiYtJFcE3VTSfxU36CZWQd+AXrO5vj9kbeD076ROTX9KD7vQ3XHB3e+z058ZplN+ORO9Rc8up9/VuIdmBnFaPXtpd8k+u6BWdF+P4LviNMXHx6WU6sHlv8LZ1BK91cJSX9xVtOXcxQ4e5QOa/LwecLcOZLz0e292F8B3jt0JPn4k6RK9tb+6mEIkQdJSEf7qOE+A/5BNXH0xigrzF3mfaa0OOfdxiXc+jK8iJzSwTwtpIDA2Rfly58qPEBOoMKWrdEf0j75aqQRyS06a4HkF5oTsIK8d+7MOuHbhQt4yc/8eqSh2G0eLFdv6PuM7jBNv2wlSjCYNEWOKcdlXfboUZJvhibnckhdmtnFf9Li/CwjFiymMz2Q4UOnpOsgD6qGhUVN4yMvpOGWoxuTHN3nco6eR4LKRiHJT2Tx4kDsW9XmXqjtzOqoPpoYxKBo/my/qk19FIK6d2RgccuJeaaGuXWDnB7KEL/sk1wQMntlgos+Rm8JNA7wLkckwjXCqCGb3G9wxHrubFUI/+sQEBDN0jQT8oLQh3ZRw1tyZC0kpL8s3Z6Z6F2OfxUANKt5n8ReEl5t4BB7eLLwrLsbYWZBYgN03OyfP63MYn8F0BRYo9YMcwhgMmXhsnVkUyPYcP/qJAX3KI4W+stZfaK4lvBVYlvRsDyTw+hH+CUSws1En9E6jQ5ncgcREN3mdP0bJvR/yQDuiNKjosrXv2o/Gpuy60QchW32j0AjjrdJgAGAIIMuWEdZShLBhNlTkyMszWgHQnJ/z1/KWUhjkTnTGd62STyc7MvK3v0FuV/hrSajY5pfnOseBSBxzjVl3gBkHlxtmzcGsU6lZrQ2+mQFKYwsWtQGQV8wMTO8FULEo+lite87AQWugne+ZN8AO/M+IAqVtzswKqKuWuuUcU4xlHOY00jfBvKjLt6Si4dfBZos/thMan1Q3S/HR63FUjeVY2uNNWNgZBiJcxrxRwJtXrGEWsqlPb59XX9cX4zYplXKh/1n2bFVcvBUDuuCF5z6rSg8upUvfyu099pH8d6HGFcuFSNDscdaxcPH/Dtxn8WLL+Y0T6O9Bog0Nsq8f+G3X5UOqJYDRTKC0FH7Faug9rU+gub+t+zwsGy1EWn3LHktyNd1x202180drQl7TdZ3+gZkZh0a96ERmjWwpVF/2e6MOhLom7wghF87Uo52SkG3JU41j3746N/M8xV/eIkOG+z5aOu52BtnwVzJ85DZNTzlCnBlysa+tHMiLXbaDxezHanCpoEVhF+/3vfok+V5APdLfi7t04OqGK9fFfGOCCsHNd4cK8ajmr3CC8/p40smBM0RmnfTHkXktAB81wzH1o7nwKfB3gNBpOOmrWhKGY3FLmZ6wzFUXyp0lsASe75xPqTOZjywj43ULjXMqtlVkxaFnwBSYMHqFnoMg2wON0ausu5ZxfcHt7IamnEV46h0naXE2kx8NfrznEIQVEcKTrE8iCS/kXc1qyL9CY0z2HWEY655uctau/FU6Z6lVVBpkQSNebxxFXBq0q8gP0TWPQ3Qu39U9Fdo2RwmvGy9Loh+JzkCdi148hhD237oFFCLpV2nlyl8le/9WpGLWZiJZN6/Zj+/JrnAGAgskWQ4kNVwe3ndTsAHXBVZ9tooQsulmyrnO6uxgBFBvUVuYnVRkRC0rf2uKJGoH2Zwp9ewqk4F5fKCxwy6diPJhWmi5MoircUvLAtsQE7VPYGUPGigjbn4NO8HG8c5f7jisv2qAcWtnz7aHaGFl5KaEilA68nidmioj6KsPvwB6hHKV6a6gvjG1M8eUviHC2zRQ4QZX85ock5/wu3kO/EPrJrC9SozxAcW+huMzxori021w25L65vZXrAmHu3dlkweQ248BwsuQokxxP4XyBq3XAFIKcB/3Rmd76ofW1CLSiVsPfuq71fZ7/GDGu5YejbvHZCbenfCFRNglQG7+GLJD4d6uLApY/dgoyRJ0nO6fww2W7b3tLSlESB1lAb80NKd6OGZDcLViRmhqFe34jGQq3rwedNNdMUj1cwUkpwDKrZmtvZute6ZmPfNsmUk1m/9gwYic33IfnjuwzoFmzrRPmxgtVptPIydF/t/spoTbl3pzvKguprTgk1yDKPWr3A92376IPFLfInv2n8wTrI4PvSvZ2zArCsuUda9vFizWXdUo/JIEdizPgNHEwIp20dUUoSpVc6EZ4/WMoJHbj1XsjRHdQjr+XmvdkWNtMGAWraetBb0zow3Ubj7Wn70vDbCxMk9+JH2wvcXKYPMxAparaSGqz0wQjFl5IOxLI+vlq4E6DvWKi7+fmuNFejcaNiUiCUfdF4CeISJXMjkViY+Jnddyzq6ApNuEA0QkYhHkQnEl2d7D4G2aqws4vlnMBoEpmLgtbFodEIEzFsZE58XIgnXgbxwZpgDhLohWz6XIILSffulwULeo7fTBYckhU4nBIl80Y4Qo0oshaDWgBN7OeZDc0OsdSNQ7gL9f0wANrucc6grbtCQyNujFrHyo2TjsHMf04b+9Rm1DsEU+QYQOwItF5XLf67phmiyEJdDsUeGrPhCWWyL/bNI3/eH7cTcZNuTFf/q+C3qwjJ7POhQJ62nlkWQ9uYL2RVLi3GAfzZ9W3cYEPl2NjGJiVFhal+Brn8V612ZVYo8eSOsUFqG+wb8uMqBdXPc4u8UTPX0IFOOaan67aZqyA59Jgc9wsvh6gXSHRQjMnLNkj4M23rQ0zAuFO5pO1k47Gr7VoCUnd2GlsAmlwC/XtyDmJcAOJq3II6vpJFtE2mlPP7QF//A1V/lH5gLKsafD7jYlhx/2CdoIex0O6rY+gmClfVkZSG/MmAN4aEAqoEK+Aw650ClrQx/1SzfSs5UvWJeUjMX67Sj81HNulC0Ef3o0yIgi6Y+na23iiitPygozrEPh/arHiZ7rOatpuuF+hf4PESBtl/kW/3k2zraOM+xLGlHL++WhpaXuASDsPTigrIN1sGotLcC8Uv26hHcPO3SBNXjia54EM+mMsNXdqb5B8oz2WsXlQ8CSKbZU2XCkhLM0Li04Eb6tZsYtBXRGae324g5Z3QdEQuZ9llmx6Pt0U+tTTlDYxmPSN9JELStwtirPeKH4B+T6T4I0uaOPp8tX5TFVReBg6K9lwIS8xsK8s8khyBuzWPTPdLltc8ofZ8a5eEXx6vTHOmEKTh6WGs/P9/B2xxUJiBVFmx5/6lB15YP9bvQJC8rhk2SZo5yhpociUT9Bu5e1EGuKHl+58wOv8mCNP/QYrFcYvCQOGy+Fn4iSxEwHO50YXt4JX3rc9XKB1RHCVNJsbh3mOi2S7z2lSMBsRPt9uBkmx2fnmds8ulYmX49aRX2ZqopEZNeWSu8jmuUqtLngZapkEAuSda9S3zKDRrN0NQP6XyE4bmRjk32v5b1YP8kKbvoYY9wzvj6RlBbqJO+8SYHys5DIxNiG67uVHx0SyApPbTtomxvHU96wrrF7s1P6aMgBdN7x8820OwPkYEaw3YU5odsd0gm1Epwva2TC6fG/r6+ULcfSa/i7Q30r18i3+dmZEQCBxFLznA3WwX+dr6KkOU+xhqCC6o8Umi0dNiibFgLk0avFfusEfuMD9bD4sDmSKCGnr9FQ8MFHju0dW93cNO6mRkrVsjNSR+RbvbCBurpLZATMWWWXF/aeBR0g4W9zqPX1kv8PswwsTfYZgmSr50Ejk7V0psizjqgCiamaGz1vm3RjFwiES7f7EtCubfCv8R1q7hnL15pjBSdaXknSF6aLG9ZVJAL2L/T/H44C275aroYKrCXDmYwdtaJ2OU3FPqFUBBaOyH17l0cR9Mz3tEbH6fM+cuyutO89Uu79Wn2UtoTuQ0sffR8prmtBerMyWX1zXkdT2dX4YC/nqoq83XtKF0Ax0lNNKPcmY1+I5E4rD0RhNmJJ+/vYuY1U5k1RqaWC2dfcDkG1Oosv4qs4nrownJPLYx5Zp8BRC+Fx1vfc7VOUSSSdLEi2V+QecUTc1I9ezro2VFsPg6o/yIw1RitwWIgw3eZXR+/5Bd4NvBK+Z7h8sc7K9mKUaHhLIY9WIvRF05kpLJsGMEpa4ZTHFdhfMaPJL+MRuZrGPewRdElCZOKZAnwyKMjSJo9OpL0dyi5Z+Q7b3su+oNIUvPo4VdaKfn73bn1XbMDTjR21Yc3uX0ePQL6QzsO4nAceppHJL6eXUBMC64Fn49Pj1mah7Ko+QD1WQNFD3Hgv/s7oI1RRoF3wJT7n62BNVXvwOKbZpTjqBS+GiQyGHfOA43LbtgSV6BWPRzSEWU12YSel1n3PqqFhKqvLvD+0jH+fuVVOpJ3e0c8U5Zvr2W5S+JlnDdDJq/KvPJRFXjj5k+Pad3XOt7k+en88JYu041lUoqfFf6oAdVjyphUq4fL3D1ST61hcJoFjdY343Duk/eIKQaFY356yHFP4mNjZgy37nFJKuhu3T3P30qGKomi3M9RdUoNGeXnF3HDrx6Kr5GQGmBfeSH5a2Smtaf7tjBu4PmwX06PtvlxWUCrzQJVm/r8IZ/5j8DEK2qPHcknXytanEfXJ0MieGv5s4Y2lLcIOt9ZME6lciiKIjJYmd21MOeIQ5WPSPTTkNsUGUr21ic8B5mQTFFeWyQHqSV91jpk1WbTOIGE4uvAH9A868nneZm+tcFcbbDhopmNqGGwA6yiVrPDX3Qb8SMdwZE2DO7nZTay2YG8OHbiE+bkC1dkRq58SO3SoO8HpRyv6DUU1zaoRUyYJHuPFj1IoaZqVw7soxXfJyN4/k5gSpOUP1ftCY3tiePZyUx/gawu1nPU4crCV1/8XNF5pQ23pHYfer/8FjjhBiklvLcXyP4DDPl4rKzc3SYChPIbLsV+q2af5teNhodmqdOpXm/TKrUahuAPF+EGcAwNfcHdHcEOcFMbJzFij+xbXpcCzSsIbEny2sUf9t4eZkLUMIbitqSQoBt647YUc/VcbxeMHwIsWWIYOn390mrgJizFGXi0BWPjRRDr4T/Txuf16JGPuNao9DPAnstgNn8uV87EryoVh1KaFJblouEZStp3DYrs1ACixAWHTxeo2JT6dVTTXxBm8SVuBYNFaq0pLiD4sE2aZ4ZoY9cVg8nk+Ysf4vzLTJDsFkOar/uNJZ4wsRJ8i09XbkGB9enR3zXIRY9ImqB7dCqxSwL2QJ7LvV41TcLSyT2n9QBMgn2kDMWNa0Ye2rdPwni8pjSKkWyA/RoaaznDN80isVF3NTrcGSwd4BmyqoL5q6y33IgyF1/ADTtYkbmp6rROMiB8ZgVvB0NmY3+y4ja9yMPZaK0A9tTJVrgWj63IR/lLjgMq6HnEyPurHd15Q6KA3TpN38A1BYF1yxAySJPx5wB+MQdpZLleY3vCi7sq9+IC5ZuvN+gL7Rc8r+HRLtrd0fJVwPKkkBx+bU2G1sfsF9mCrgA5YE1IIDRmjzVj2FGZ8mNVGuzBjHpw0EMGTRayl4EB8pU+jSJ/aRmwSCKoc1SXxNDID9WOH/CYEVTuWl8BI/A6EYX5LqqpHkMk4CELrGobx9n7+sgvAMNY1TyChUG/w5TNfaLpYVrMdE8HOKAr7qaMKd18mhEkxA3MH4xCURQ2m872Uigy4geOCYJdW46ELVuKtmprpgWVdTRrJ3njcgx6NI4I0mUiWl6UYyL5NRsYyi2KvROv3PikCqI6uiF82l1tPr51q2bB6C8YF8pUhtnLs4zw4Is7jjoquuVpROPL9Tz5Jc+VJB02U0NtRZUSklscohtTmkKDYcCocHI0uiBj68Y1wht48CWVl8SYNcQ0rOTxtzWPMK/2NO5TzIIRNSWmysPFASdKTyAh7lW0AesEzsBk82jHebV1eT+ryuBm13L4lz6LAVe04nCuzYXhKhfsIMTuJqP+HZsfPb7n/CUV0PcMh7otLSmEYUl69Ir3fTmIx/P6keRD3szh1kADuzOPbM8va95H45aDDF78yw0KIZEVQeOMUgo+nPrCMepyqeMe8Zh5xC6wK6XFRFf0+02XODP+Kj1ot5KMjuB8VYtJ1V+7dnnCcqFKdYrDcW9QCDyhC7xYh89fmXZ2f01hhFAm9oCPztlDkjTkbilAVoERXRvHsQ4XyR9uUPlLgioTy7QXN3uNVM3Ww1yJuP+KdYhu9fRoPNkAPS8JnXrkBJY9wyuk+hD6KPqlYkVYJ5zUPzCxJJu4dtizfYxX7WNoUcqLCfD6Q5xBSuCqb5lYG0rGDLEVRQ9dVpoKNNR98IJbgwAzah/EG6I3plqBmCqT8O9ldJFD5ZkvprWFlmDPiBbB42JlGyRarjv97CB5g68OKuxR6Vu/vX261GmQITXlRWJIkeBDJvhONA94C0t67nd8NBfQGl7Iah1I4XBukjS+/sTJv25QX7iAZJ1CJZC4b6wUuaWvjBKnV/QGnf1cQnHhYoEnAgsUlFzlAMgVCWmdjMnE2aeUnOW0v7BLhND4yWI0dU1PnEKiOYByFXRzF+91JXkuOLp8QpLzf9R0A+bqY2B/Hb8n9VdQh5tWY/zZpeTDzL7JIaIxsco+IrSNFtlt3ZOgRAVrjgfqBaBiLlw936LyTtJfOHuEIL0uHD+gJKHFdMweDyunzo4rvU2ouX2m9WNjPyw3L+HUtmn6VtuW/rVWX88yP5kx8LEXPCzYZ9V6KIvVnQL2wZdqWckDL/NKeDjlWkFbmZTZdf9SNrHtkaUPlxiWU1X2wKgf8a9Mn1Mxh5YG9quPWZQ5a/x7VvONCkGFinJKPPr6YYV1clQbrILa2Nz7exOHdzX+C3lQyTGjFrBRov3ZBveVD+QAnkbsmW+oJqc8AyCJQLC2QbSvtXdozEyhE37zykFfu2Ml1MSMJC28jawmu9QS/8jsN30kvJMwnzyGmQdAhfOf84t6/o0kvwSkhuIcfxI011AX2Z53n0/te+mBZ4ZUIXNWUC5cYVXI2qngjmrHOSrc4TqRI1b9NDPKnK9dqsJWfu9H38w4RwT9i0D1qr916Gb29aMzz1Rt35pwpfVyid1cLDRqgba7Q6BaaTMBE428TdSCiBv6jgoufvYd43Ez8dZfvOFMdMD27meRHetg1ajOaLOVqgwcW0lHPvCUg77TQgfxEfX73ULQJAmOIzFyWVwgPjg3EZawOrQl+tAmKCHN8nrO8KziHPkBUa1ekAJUs4WAG4RJ5xfeKqo1HHCyhq+fCg+L+uUOuvJiMJgUMI67chngbZHALafdkeBZq8PUl+9kUplzuDHLFilm9QZCuDiQj0ba3qfJ2VNkV0T/pNClrOMXCm1gkpJ2kRQWL8HLD1tT6zdQ+MIBmCfoQMXlSeXOytJe/kuKdr7kcNk/9XUgykkZ27rhQGU4uEQmYBSHXKTo+RgfEqAbNaLpfwVjll91f/J6WG1ZuXDuVa1ujJk4WD4jd3QXpTJ0skr5gB9yf0GZOlcNr4jl20WFB6qZgSXsKsm9P1HkgM6NbJ6hXem9UGATv4wZ6iOY4Qby3S64BFNsw8V8GB3Dtzg3tta75Y2G6QbjRfXhlgOs8Soo+sYRHigeHuu7C+FZPqncm98r0uqBCxMEqJferjb/Q1BGrN489GbUm9WfWxJyDknUUjpDt4Y8HEiFgQLxIjbC4F7xwBoU3eSMKwke94sYkl+5l7MP//0MKfGCutGcSrhv6Qw4zDKJaqlqxvL50gmnDa7sO+LcWQh0rITDKk115mgq+85qTQ4+sh1onBfpMW6/FXDTkqgXJso9+GM7M11O8Mvq1YE4fLxHxjdTqITIE1l+6goLV94SwxhU2WGwwBI7P+9Cvj8xjVdU98Xy1gxfM5hHb5SnqoqXbwS9lAc57wcTmEB+DYZ+/gGecHa1N4TUAmNN7RC/mfmmCLADmIetF3CcvNq11NE+WxD20oQL6luzmvaQe2kGbgZRvyhJ1jksbntrXsLU0Kram9ATgBjnFK1yVXmk8cf9BQQQSENh/YztUORaOlFbuwUHGakowhxvzHsMXCiL8Pl9XZkbWqmxKA+/Xgs8K9MXmS71DrI4ig7nou2sJlC5jt2q5Tln+LXORjl515KvSuQ0ojway2+NNWp79cE9L4x8l/qiquyzgl4WabhhjJVE9vKxkEiFXtyDBvwW4CMSU7XPsy4/ouIv6GnPqSr8IacBVb6nBY9ifV4KZQTl87zt5JMwwXMubjt1+6oMZ1Nf4VpKcSlFrEM++u1K0O5Qgqhslee8n01yopeWVR9sfQxS5hSqeMp4/S8KAdSth2FEReKlo4x/tXgINzGSN4ANQRs4FSKpdEsMx4ZPmVvx9Zao70c+AaBDvMvTRt4z9+zcExRikeTM4/7Y8ru+sgJniM5U9kzhXtHKhAfwmBHZ6ljHq1di5hXD+tKbzWAbRio6DwIW2JI5PKsZySt4s2lKsX631nxpVTAP1YkuKGV4lD3yIfIi2hmzbLkfnhqFtuLccfBZXXO2iy+fnfTIMfcyoEN2hPd2FR2/yxNEy7BQPoScZSDndcGBX2topGjZpIozyMpnPi2I3bntV3RHIGDAH4/wIHuN0uO4YY4Hc5alwLgsq0F3iVW1v7/gNsSOS+lVjyVsr7NKCBYcHQWo3SwPhuNUV1HEwOD8kWxmUUDh5iUyrjATeZko18QlFTqo35FyQSla0eP0E6M8tfBNPZiKhrf6qFTkkWZgl3+1GbPnJqQroDuV8gz0yYi5rfENT7/Ll0IQvvIMz8gUgeVQw1SB+7Ou4LB+43yIo1Nb1WOIWEr5yj3tkajQO871sXWA8/8ZGJ3hGD8wNIhB8WQUAD88AeG7imfNoY2c0msb5SfdI7X2N9MwL26PTnrplAQ4q5nU6efkWJhf+vfnhTejXRKR8+C2enEExseO2Xn5LcMUGsFw2SOfKQ5xMbgn3P5LuxT8QIIWi55HeS7fPixfRAmMyu30z/zMhuFUU5f4XFBWFeeNHa6OqPijzWKMBpo5poDTHFWJ6BmgsjFeG6+2V2HV+CNZylZTa5YIU/bWLRhh1vYwnSndc3ut9Iv/G1GjDG+u941nwq3dMZElBqwXIFSO9x0Qv4qfGj/QArhB1KpfSftIWlOZ7crQ8veeZ/uYj9fbIh/mAM55pl9mHyWVkZVuRF4hCeb3NJzdJzPWjQ7+YQPwZJlFCLzy9gIf7p8tzyGET9ln0RR5HmCZtOx9nxX/8Hpz01tRIZcjW5RBdxvdLZ/TNUZgVhg3Ij1Qi4aTxrFW5Cnr+GWJS+UZ5YWM8vsF0YZ6NorwW8sGs7LseRXlEumXeQAY/Epcn0lL96qHjteoQjr39Nkd1wMkBK7kGcWWmxujrf41F4VGKbHfCTWzc+SzWCJoaBkOYbpGPrG8Ae0rNA7ciGG47vC8Es/od2zZwIPSa+xRlh8FYXCVBfartYk476RH6qowQRBrtWR1qftwaTYsgvuL3cdvY0bH7VkYOf2RegPMGLDgVAyXW/ZLv7iDhX7nintpWeu3LMc8ubUhOllGkTqOq6pQ+UJ5PoKWjVlz0fGn+bBqRAMjqChs4GHBMwlL/DzTKY7chwVyXzOgr5Lw7eKqslEaLCtF/ai4Z7xw0oz3zztwyf4B/p3njunBN/PnmRG2Y9oxAhvoly57fSqwk7l3wqfguZn40zdkKj3vdcxuybG5U45RfMlfWEqViyXQ+Nal8DJLVZcT6OH7Dsc+Uu+55P0iiSsvj0cfOpkfIYTtKFjhwTNyfkKRnuLtdH7zizF1VxX2H7/ZY7M+O/ktYeLOcp5cSHb1/iwCX2LW88aWBjIsdcGsLYbRVuFdIvUzB/B0W2j5VmoRe4Ru+w4uxWkL9Asniy3f+JJkclCXj6SxTlsxdAL/bOF/vEW/JkSzDEYVRA/u42at+Ny1/DMkg2I3EJ3GEXOcIjNKCldhubx9wkdrcFoaPFygXjzlkUEVMLl+obJtlddWDYV9U7QSJgP0k+X2oSBovsvPNhHcSnLyG9IGCocFsjKuB/iENGLFFcTpLqcsNgkRPkhn7QdQlJuVBZ2eFbd032otEjtn/qIvLvkAb1GoMkGuCHknd+RUIpDPQA4EbtOaN7s0w59gwORDEPDaZ3485he6XMLCu/EjVBVfLf6wNE3Tn/l48xJb2EYQxVDqU2/EKBGWKXsHPt7EGWua+uW/S9CgAXtwnHx0giRkfgwVEmZhSsVGA8gHep23QcdMadTbEa3Ls8q8R5JFuIWmK+bCU453cBkprflJP6rSie3GXBwZmG4iOeoifGYWr/R3RtMzZH93XQFRDrJKRV6YKjhzV5p1NMB2bb/vHtozPzUcRfEFr0TOskWwwYMrH++8LgUab/dDOwiziTV/MRk45SnT2gLzcRQSkFTm5UPW5wHHwZ6kiRruFEZNlQdDpJT/gufWZNoXYu5n2znV24kedrloZqPVzoP0s9G34pUfWWVYYRF+pMjwfnm2WNOzECwJmV4gf7yUr3wGlqbf4Hucy8dT+KsvWPGPIhEerehxns7no7UsmycARsLfffrVSqdedvPOhy9xbUcPdpdVVi2wOW98edjcVuL78uA8UIyK9vA+YgXh4athxS4LMwqmMLDMzSRZvPQrQBwB+WgznWoZTyW9bO6dnp9ZppnncAepMtPSOSKGEuhXmqG0/KuPDYYqRUE805d4GCpwl/AJm2pBsUGeJlJrPq3vqjR4kzWauSc7TIwknAud2kIyJhTPz80jIeWKTMQtAmdta26MhJDWPOBK7HnuDw0kS48u9u/rMKJPZGF0n61R/6ychVmHH7oN9Y7oCl3eYn/8MMy8qK2Zk1LQswejCPuG7dFouey7TplRrjmzEbamDgOW4bCj/kXV2BgRocwEyt7/Ilz33dW1Ln5TGhw8+0YYy9zj1bklwf32XyVi7L1BqQKYrwN4h8AnmaDWL8fUru3R7A/ev6MmQpjv4ub2DCWRB9sq78sSWwP564ikzZvNwSlHCSnDspDWLQT2CGTR5PLjw9RceME/uvHu4FFmbOZBSGiPSVXAEk4FSZ79wNve+qqCE6gTc1VJ892tmzZevXM8ktZ53gxZHfP6ACz4CDe5Nl3EGAxxuXMZx3JOO3nFKjhXVIYNfhhRBck9G7Ad+OW1seYFcc7RKnFJddNJcdcpOHNHWGvcOppCMaDa5Ys4lNLFBFY3SQc0mU3eqipeWbkEwvf8ZQfPN4Ra8aN6xZpT+fBMGw406XAF5shPBhlcLuoNrvkVSKy/X2slUwU1/IFXUpYFFgh2gvvLedgRx4Pf/oX/sY9k0iJ0j6Jnvg3nkh7ekLnqwibbMAa748qRCvbWBBjJgozPknoeLncCQ8SlSBg53w7epoKIjvwWLmv/hsb4qGzMu8wWQt/YL8qwGB6MzhycI2zr63tq03/9dzcwz4kgjgGypWd2jfTm6OQwdmNV6aG9ILdMvEeeYpd3w9pR9cj0r6rIbYyDpQPwp6MZoJ+yJAPovrCPduhNlIbMZ+WC26jMUTmwYz348wGTtciE82KAqroOl/8ZHMV51tG2uYs+PwroATYosSqrjxxJK9/cKjx60Tr0lg4/mC1Ipeao2XP625zQrDOpOD8X9ruPiNHh8oMuaDA3AIPKnqQIBJfxcVZ8ff+58tsMaUvqHwWi0sDWULy7qYIYndVn2u0UOQ9jBB41OpWuwNHzO2wi5p2gEcmHzId52NLDLG+qCC6mWnqBQws0vRbcIMbKvQ6MgOhn57+/c0TkA/Vf/0I7j2vfc+WRmWVleBH3sAGtX1xubFvWc8np63Hyqu1wuvsCPu+n5/vZrjOG+8ORj7zjfOJgSw9x3qySn781sEwkfXjf0HkDplCDPesWde/2PM/qXyebVfnV0raJXNKUZeKDe79pa9EPnylg5B0nDwiLhOWZs2XNP2sieM9eF1zkmbLvLyGj3LrcV5awLYbXJJPJNK97OAtmqR2A28DY1YwuwiRsgQfI1/512tRD13/hOFW/TuLdAMOmtiqfxHzWxSFodcyEHQjmjaqFV9j3sHYs7EDFW3936Eh857G+8BpEpfvAEquhzrc9mbEV2GtNtyKRMLJlX+PIaKEquNkoGsuzlIEEq5gS2CdXByoj4BDsBVXI1gylCahB6lzcsqasiAUh7kVxHYshwT7M7pICfjHc6dr9h4ySdZnMZSMj4x1XSfUgHfoLLlcDS4drRselMYfAcO8MlLy4L/vf3qU+UI+h7Sh8QGToERgxrJ320f5qmoEHA5EEeqjFovJsb+ZrPHggbyjrh5kfIt0kzQJMjbB5eZ4bl/ZAaLJ1e2m+si+gO+XEeV7ULAMwywDBElfwsIznG3B7VlVNyMlJhWxx3Lu6mH5A8il7oHadaO5Ff7J7gsu3gjH/jeH+3qwxGHiNkWFpxx70rtp5xxjOS9pdSOmMgg6903bsRv8xUhNoVQkF6Bk6pXF4c8MWmN24ojiwQbRd7oVuurWddaOFm9iv2VzbbVylC0/z6w3x7CMAlUfuJ/jnQVo15FmshLuQ0+b8iqtdq5DHiPfu6fKonFVf4syoH/w9nlF/1mk8sqPHOB4CtBo7v/diQGRhOjmqyIzI79H7Ikypuch70Pf0oxfNRSVBTnYkqgPPv8IzK9A6SIdLJcSCToOQFOQhC8bp+8H2kBzWIwhlfaiogLQ3+r2phQbHA0mG2wBI9u8iLzAL6sxJrsOw4J1+HkOpdg+ZTkx1NjmO+2PwgDc/vBdMFPDsAENWYprDs/2QgwH/vLdvuRrOPdDov1D+v9BnOp+ToCmZ82EFRxAE/ju05/Oan//jECr8F8r1p5SPfb7OjwyF/n2LIeT/QvC/X11/h0j4f+Ew/d///n171Nla/Z2B/ztU5XVZ/bszRv0vjPo7nCx/h8r/czew3f+eAdDHk8u77j+P9Psbgers7zfOYi9e1g52fDSdz7yg6/D/Hxz991pJt+V/53n5Z5trEEUAceOwggH4nbKsV/fvlHnchiwH14WfsTqqes29KfmAb485mZ5j1dp3/75eqiQbj+cD9Hwou2RZ/v29tPn6qf59KJ5befUNLgETz+dk/vznI/g6SZexe1Ac89+HwRXWeWxzbuzG+TkyjEMOrlR33X8O/ReCsrQAMfj/N1OKgoy//zGfMAr9XzMIY9D/yxRC/3/NH/V/zd//NVvPBEzgz7pPSjBA4H3rT9LpSZp39rjUaz0Oz/fpuK5j/5zQgS/Y5NOWv4n+H4NZ/P79j2swXV2C364jmPVkmR4d9nws6hMsD/Z3S+Y/R6H/HHn+zpI1+S+U+fuIiNPwiD2u9lnLPSBNKkewK03vXT18G2xe8B+HcQyQ25z0dQEQAscZoRMc38XC7aIz+uzcGOghdCtyE4S2WDxzeNV4GHfJXKVWP3LC8MSK4euzYUrOIpapDjA/BCCxsZcH4deHGLKmh9yPMjNK0DnHcYFUiVrn5nH7ZVlAemD0P22Co25IZ7Zf5BhOYyhavUCx0UPedzvJ+CwM/Tft+3D86xRYLR6bK9ijZHDcapASyXYkRxURgSNDt+5tMGB/N2Y4rGTxnd1Ap6gjPd1Wmffde/C/jxpXF1/L3q6HalXg+8lZ+77Gf5Lj+04uREv8R33L3yBD030mOlGj5rOQks/XyxOvE2/inhIUvRqAoK1CfundSso6fRIhYKpf/yFVDxjG226GaxzdCek76W2nCt7WjdVVqwYF6tNcOr7YtSEjVofNr2zTtDfR+Vrq++cqdSbwUO/fz3e4UtYLQbxQPrhNig7iDEwpK2WxKzA2oBBtK3dXF7a5U7D2Yr+i3vQ38HphiC3OGYkt3M5Sqd2AiC0HRKBRfOSMlL23d9wiFLYZLs3d9JskkvuE9NhaiTvGfnUreAoB1Um+t++vBJbLpDrU2dnW/uslZOJAm9d5wuw7FsUPcGfTgOAWpmmMTvVCwCT6RV9/SuphpWUBClmj3yNH5a/81sdiXyW8sqLRfncihGnPDLmfWfRo5+2/vAR4d2ZPCCz0K4jnG6qklybJtCFyKMfCTXau/rjaKbEBTBLs7+S1yUQj0DSCJCtOF8RozfrDuvRFDitGNz6nOu8zfg8ZtPpJqCq7QJxcfDtoYTmKVAkIwS/DXWccu9MW/CJcB+l/MQw9+zw98XLWZttl4Dtmu3l7zxJR+L8GPoA0gAg14m7uElAIysRNFaAIycrDnoAgbWJdhfloxODR/G+rqkrnLSXIwpuC7Ejfi4CVilz8vCM1WiHqYHqkK01sN/VH+m1GqvI/UKPBwL8jvm1/7IYyRBeAn3BbaA0a3VA0uU429GjILZmYPQnMb9a6CioHqeiUWYmqlsrogc8NaP8lhvqAQxPwPVPp2DtMqTxXocm9UgHwA8znk/MbRH52LRmwLjNIdqTfbTyvM2gtLULC5mn2JHg5mNjj1rrvJQRqgViR9tFhp1tUbWsRcCFKuMoGdWK34737kyPICuKXkM4yUxi5UmrMZxJf4RvPiZRGkw6UTmWfIbOdPtNjZ3B9F/yA7xk7rbUD2KVtcdXY5uVQs+ws0wKpfFMHtr+SEjBoz+4kg7mhYTp2C9QOo68DIrw/6P6OzarCAtbVmI8BZgSsM/RTOanomPUXqbsbNDW6pn5lHqg/JybZt1xJTLjKJKff6QHnTO0XFhZ0DlE65wLSf28PXUEbfZhjwV6cEoRJ5JsAj2s2UM+KBjNePMDruhgg80jiC78iruzEL5KKw0Tx6C++D0jdDzrl4Tj4BJLBPHs1UeNnB4TzHwmVLIRhpCj+BNlXMSVgsMW+4tcezVwUc5J/Bqjm9LKXUcTwVYhjRV/+bM+FgbClNfzzteWupMlXXoT3QLb+RqYnakTkEh7AyqWyhHSvqS5EsyFArKQBPr0t9zEwBvKima1NK+DEqnuDK2j3HEetPkG+COvnVb1cuqG7LdWmn+j76y2M70jSbHIOJINarHChhwVp9oBn7La9b4gKYwpBex+Mql7AkP8FZz4av4Dx3V+Khl++GFQwi4gfmLOKwbdwte85fko2puDvcoTxG5JX6iXlcrngJKlQ0jCmwUUVNFTsQo0q9VElgu8zUHnqlXPQ+idLPBQnKUxthFDFF8m4XGkLwmKQp1DJpQATxLioeYc2g724IpQ8eic79gEUKRHTG9QyLNz5ddHFZJFFgUwhevQvpJ52sv+uuqieMi+hU3wOnuDJmeAAa4CJH41sIWKpv1fgbnBq2BQVsvNmfromvjM8SuLtIHyhgvBxmGyLWz5luzWg7QAupJ0v7XkKk21A0SIHIqnEnGFx2tqQfNNNkNZ1Bw7/M4CUNJJuo4VncLe/vqqwFgPvRMrBCo++FjG3onlCsUZa89/RBBSq/MJu2xDIu+R0jZ0ilDbPCFp1PJqAcX9oEJIgiO/QL7R+vLyvgSmPYGAM5WtfERPajqI1ehIZplTtLXaOVCoiLLkw7kGDLP0ADn5F4sCfu+vFmKxV7kaDODDCtyd6z1ZSZffyuKS3zXiyG/By0B11QKiMGvlwlvIEX8uHY5vhsxEtK+7ylTyDxKknP0nP2u2EtrZdcioZjEbTpjuvEGTvi0rQEG3i6uf2bM+fGRflWXu1kIHncAV9UAe1M8f6orIdEznps3gFUVDQtw7kww7Qsb9fHJC2TZxJHJp3sCiyymDaotqzRQUy9Mdw7WIQsZSaHbDP7Oqjer8buBdasXCG7BTDyVVbWhbOTBya+geYvZkrQC4mm0I1V2S91tg/i20MwTz63KTOzO3PioSf6/oL4qUG3h71GeubHQSJbp4HxBZuld0FgAI+vkF+KNcp7ZbzkZYyYsXz72VBXNWPzXGo+DYGUr38Xh/qhSdrVHcJCtst/jKxMxYIfCt4BL6VNHY3fz8YyYM3xoCZidoWCZFKyln1GUKY7OJptShvt3+Fas4Mn65k+baJbujV2e4COjOK5E8loqQwUaGt8xSqpWGh+yW5W0gf8pjng9jcjIPoUXj5mue9FM2weNYUetjtZ7hiVksTuAzWicwscQW4aHLBkXHSJyEB07mBvmWJGAkZY+9O4sqmJsmADVaE2AsURY4CjMlmoTwFLCHwa9m2HtbbtDNpKfNKkdv0pTXNsjJFzvPWMmkLWlusYiSD6HRizhRdTRFcR3hzc/usQ1Dw0u2/x7dLnl0+0Jia54hNyf5100FGC8C/KoJINSG3ma1iFcaoTfdyzOjNZXrzTrjiWppuK2LWRRpQM5GFTB3qvKCdC7PsBywsHc9a8PSXPTJ/Ek3kRZyJ7v6FmmF5/qLETuXtxp/uUQaYaNUjVH4KqcYrLRrM5UJQb+caRRixrlYSReRfChRpRRJrVH/iajAGDAZ1zbWcDOfcjngBeNXwoWaUTc6ZVh5981XWBcs7jVFq/W+CDuUX3X+dFGS0ZyvJZ/PmxF8NWihrCG/XgR84WJw4AAMTMGPEue/ZbJa9OAn16yYvJZciOtXq3/r+NV7rbWxxoUQftleYkOdoTZNvTjfMLDKQycQWG6QC479q7qUklq8X0hsydHpFaUokv5puAC14uaZulQHcIwOeL8bmhqYn/r9Zuopd260l+DVvboahmdnbNDMzs7/+2edGUaQoh7a9enVXVRN4/Q26wBp5vwXTsl8Ejm92+UBXCG0uU4gc8QJmZlUI3fh3uWrJpvTOZBtGG1oziABaQx7bNIWSS2mPdyEy7o6/1QoZfmIaHGFsTmSY8hS42FuqX34Nw6Z9IX2aqtsIv/+XOjzxGdiz0RAZkF/w3XRpw5mJFJ4q+4SSDSKwWWqUOtqOwq3q11FJgxVkFcNfi6WczdbVFogILnMqkBKckIgRa9X5NHXNlLGmjNmvVe3PeYJBt5HF558K93I+xQ15/+49TGlefd1DdIST2V/N3hgsNHuRCXzV0/5xPmtcz8u5LETt3VlrfpIu+UCvNdqU07P1IgcJer/oqvNl3AVPl84tOEFjMCfu+wkzsp2TcjHaFxRyh3b8VfNXGgMoS8G9QHHlwMOHi2D7tjXSiSF+DmsJKhQz6zYJrLhcmY+dFICG+PyyuhgimtgXXUEAVDjH6OnfV9BO38+MWSJve8ozbk0CdjmJpP2R+L88XQOVN4y9iY5Ut0teSWGrZt8on6V2cS3VRsyMzFE2fpWDgjbUfrimlHxIFGoeR3e/92fEJDh6r8kYt6b6RfIb3k9IsMzpSrb/eHWasKKF2zIFZYD5USdzsJ428Kak1BJ7158dLs3pWk98JfU+aTnEjdS+lKN5s791PIHDx/M4zyaMDyx35l/52AwsIOL/bapseY7GsL+JBhlEHrWDRSYe9EvdObK8XoPxa6JTO6+R89+g+P7shlLmF/tp+n7jFaCUQRolrOG7d+XbmK0R59d74JnaBS+U9EuL90/AYmbKBiV/brCb9kCFSDJWWLfDr+2M3ZTQYrbyFGQEG8DmEY6rkVGqq4JyouOCld0J2XJ1KLGR8dyunF17xoi92oeVN+BXxUhcAYR+K42nHfsOT7RHplBzQQL9+QVTJnO0PgV3TSGgIKO0rs5wT2SW4U3ilHKx6Hl4PVffX9oh1qwmS4SFGieMrGN9kO2hTOJOdOrSquNMVY1EOTGiNcdKF0uuzgUgXJtvVNlX6idIIeqsHJSKrtS7bnUGW0Ty3ywh6MKiLRhsBSdxzNGjw8QIiirhwv/LIQVxPDYI+vp/f0P0CAWMXaI9hq3wqRJ4x0IBNmYRq5CVbhVWVczI+tEnIGvJCg8D7JqsgWKzT3HnFzl9YJsO85xcP/mZmLDsbz7iomt5284KWG6lWTOxwcE8PzMnSZGM0lOy9XdPaEpFuE2X+f55ag2GRDBatG76boJdyM5kwBQR/tIv273+RqjYA/do3sD4eegsFWVCjXUtRfbKsTKbae3f+jIEJLh5aVPpH5n/UjA0L9cTVLwTdr5H6Hn3SgoPp/W3fNhAZX/+IZhnrWpabZTwjtxvkCqmO5AAa2fv7fhpmknVucnZWYXv5HxeyaErP0ZodlY1kWK65jl1R4wf/gKZS4ZbyxG+PX+dfXxWANf1X3qMFMg5zTCOLpsPqR2xM1tbooMQcJPn9kEr8zbGPrnTovsxHJCEzNUXjMWqHkXUgJrR3Vjt4B20UFl8l+JZvfJ4YTnSxexw4vUy8ZL9N9EfFM6FzjXQfVF58u+v79Piav/+cxy/OY/L1WdaEGJqnFOjC9TSd+GwQFe/JV2Pr0U2lt5yu3V48NPo2j8os7UBoaA894c2WcCZirP7hSbsMArUs7c/hAP35qgIFGZ07jjJZTJYH6ntkYcmDkhlN9PYj7/GNh2fk82lhQ5v40P8NgqFaz0WKDMw9HUxg6nTFIjwAskx6NdfQNVHGMLbG+idukJ9vp3sJgLpOrxo9BJnIjef8uVo3LVXiEbJ12VeeKnGEToX56+iaIc+0QEwI749v6uDVPQ6y0dWL2BDoDoOw1Hzt5cirfAEPXgePo6GOI5PRv3b4H20RYCqmgHDsA6Saq3N7U+HisWfHXy0H4wqgEw97+yyjc4iuO7HF8F6ITLXHZtrLaxxZ5KR1txkcsLJinVTasvftuBMsYvc7HNa7ezLFftC5VHlSCiQm87RIytQ7xhpro9y4B7cOf5kMFHEKovc+uHwjLxI9wFM+QELh3wsbQuwqK8Iwt2r+LK9r4HsWKuZsOyZB8fPHwuKcVjTGDLqo2wOSirYQEadjWcriJ3gTB3NuEkUNIAzW8Bbga9Dn8HFrss4XFWRsmotAOUdRuJi6Q6sfucVlOnBIZOQZikDdgQOSE9zZZPfx9jSz6q8K9sOqCNulO4fye81lV6loOdukvje+m3SiJn4z9fERnxBXYdfY2bkK6o0RWJe3km8RmKqNe0Zf1ufIm+suq9DaL1TMcnndDzoylHurpQMLc7TeXsijjcDPfdZtqCU8IQa/hNFrcwnrmk9oVVnuSsQUriX78i0UM6pHqqBW7NkhbBJyxNOSb7FXJnzmpIWAztnpRy3wSLEvbz8Ud3VYcCalV4MkTkBpyFIkn+Y8FAIuaSLhO1ZkJmiEBWQ97tD03NZi/KL1Jog2vHIvzrufUxPeWXZhYVMc5VEqk427UsgQxiR18mqUr1Mv3j+flKHn2UvcfutC9zgmLHteT7lWS7tQ+/sE2QpJzAAJ6SNayZxkgtHv64Mtb64tgXY8JIzWvmh7bn9zbAyKEOT7K82i1hcBt0CRKxO4PNXAlHpCTGvKjl/EmMDoJ4a/KpqTpoY0uknLjedHYDBXb9J+M6OevpF2ReWL1OyyGzt2FvOl0abUcj2vJHPkZR4ac/neMbjU27x+dNSkDLbITHgkcPY93n54JkLuHRNf0zK1Y4eV+FBxo6nxuEjbXX1K+/zXsRBzrO+ABqA66Garbaj3798qjs8Du3w96nqFc/O2CUQrpo9gbne3tjzW/weSe/44TzlbAR0u7GVJMIY7mFPvBVRy0YAnzutb2jsBPve6cPaI07i49ZW/P29A0/5V8TUDwHMfDvJ+AB4aEcT0lJU7DFzMtFPNyIEVdFrnPAafx4SPY+VbJx2XF+qmR5vwZL0/LQ57OQ8bW0vZ5HYPBwNWeDgHTCqYTdpmoz0PGvt6LkIFLCjz3mGiI2ETM73bniLzValvNlp8kcCmMSIpOeF85irQKhcWHMMcJO/wCY6Hp8aB9O/9xEQp3J/4+3okB876nCvXU4jsH5fGAR2DXRl/tKJe3GuYKJVv99dUxNMo/rpnRTb1deNy6gqd73H8r6kSRxSKUJWT/FkH8ZQzS6AizhEfNydzkwLMDlasUhjXdhnAyasTYpLW8AYJ1faaa843rBp+S1YomGUp/aHXEcWSCozqIL3aUUh1L2x62OVLUmFmPKTrQ/gqQOsXVHAcWHmxp32ux9GGT4eAbkBwNM0jCUk0IMQdwqIBbHiJrjsp4T+bYWHfnWtLLf5chAgucoKOwb206N0P0s9+hQ/aW63xT81W3ygmyAIlMRweZRgyQVrR5CsiAWUZjsruFIueX/4M1J9tOtEI9Rje0MvSv7424MvxE/+ucvZTXdMMRCWDapAjivw0m/uEfQG62U8AwfRpeqvzyPXaNFPBPcX4ppH37QU2ScSOP5LeMivdrgFSqFFFjXmvr0VPdVh7LQPuUH6AyBk5QHXPqwSsVGXF9SUVlQWpxU3vWb7WkmzuUwZyOGuG/4VDreiXhm1DEMBKUajCgjieVRdkj3wvwoIEjZBVUuEaiwDEUdjcjSHQwVA11QpKL+jHwAJvAVPCnun/cY/EQaDCai3Xkd9wI++QwudxHg9Lh5lUnoNjhRAL4+ObmdmuoIfGvjXdVC0yj7SpGx+fbYtObdYIiJLX7FwzPiTQNsBA1OdDUP2jORznaJlixXw9Um1rH0WZN7yscRSYQJ+y2MUzdP5T52N0Otv1oMS39d41MJQkskvVzq+JNdBvA3rA1zA/UYEjmfMXL6RBluaq+lPCDJ8k9Hh8ExXekdetJbi4PdCNP+HJzGa4Heh6OaSHU5IFqGMci/2+dzUFW9AhIkCj/ThQkFBku6MCl0rb+UGgdEjn/3uz7T+FvYMpsZRhUKhoRmy/yRL2KgRwrMaKYevT+yByJHU+FDQh7IVZgbXD7cWoJBMsxI/4I2HI5ytyp8E/ukiY7AW2hAsgcelLspP6sq4okgypAQqnusN1/XNBOBZwpu8iwf4QCNVYBd6S1Iua8mNjta6+qjCTs2IpY3p5P5Ic5jllMK/pPgGYbjqMg4qInE4pXtRf35KgZ8nO8SiKmyRs1sE9LqXz2nw3AhSEnNaI8fUwafFf0t9zOB7ztfBGG0xQNNP+00iq4nXGhWCK9u0OI0Yqu9sEn1IQfmn8WIeM6ZweZ9QpCTlyYu0EymFI09sKe0mfj2Zmf/DZMzvwrXGt3fQ9NZmXhHaU6hVTIYboEbs6x1PwpFvwORsxeivugWptqchVV8T0PSvoddakb6w1arnpJFlhhdTOR43nKIoREnrOXSisr0dxQP/e0GLdb2/MF/WkNkLR8Edrd0QOr/Cq84MbtTh7YeSHyW6B/WTkMniSobXV3ccTt0d7AtkShwB/5GODCZx3I5XKvlx6g01sfcxhwJzVaEyjgFXba+zFet8n86lf94a9zpeULQdzSpxGyilfRhJa0suhg/3O7fuyaVQODdiGYBLlJ9xvkpXhBhN7p9RzNKWPiKjm1VYm0r+sQ3pR2Nc+cXjDLG+z8ymNlczP0nhWoIQzG82eVQEGnvB4HV8vh2Qan+2XvRCU/OpfuMmIlW1rg3bu2yJccfBTZdDvEO2KkJw95KXsQUeyIW8QzLHv6V8vFsfxK6ZQS9dRkgtkdV2a+oIqsjxaOnbkUT8DAflXhL7aWG+q0pCqubNG7ZsyRB3EmagDoV3uqJV6oa8Wu2e7Yg6TPwixDOgGzXlQjK8oRU3FANuEWdjWyhLcuwqitQUZQsNRNb6WW5HQvm2899zwVsE6groa+lEbVIjU/1yXWFxjPA6X16+PRYwT81OC7dRDC3aFAFWpnyPY+MfjSnWlJyuIVBzUCleGOVKrmo1Jzp+4KyKohN5CZk/swP4ZejoLiZGCjz5ZwFqlAhfO5pB5Zt3eqhs5+7EpguGKNxTlNVONXNph3kRna5wummMWfB7/n1kpPT/dPjwN2tV8vKNcOWr1kVas/ahdYYaIfruqTJscEz+KTCvP/iS9DdXxw9waUzztUYNNd7N+1MKmG0a2Zep4BKH15apcILfJvfHdwwQ4wddUZjxn460S3rFIibs/VYA/FtJthOQ/z0q8tIH5QszK55DtXYAJQV8htnU5dn+rem6oEWIH4Pg0kVOPFIatuzHpbp9CG4AHs4KbnAGZ+DMP4lGsdVd72ZBcsv0XKAHDnyKDm6uAu+JfqYklX2IBkjnTFGt+9veQNMkF4sl/4rSb3R9Jao3Uh38GxYEhykspBkI2BYF//O99MkLS1B/NFnWQtnOorhAox/5nO9j5cxxGWKl7utf9w5URctWz1TDx+umP8idfC79eZYDh2LufnnvFwkQ3/nN2EFHy8hwNKdRgblPZYVH7fyXJ0RrgOX5CUlnv5eMwYMmyx4xOoSGOpwE0JTpCREoREUCPdHO53MR7ZguJAb99WnNwffMorkhJ/BEx6ZbIZ+9WPt/Xzu/pAWGz1MRD5yQgLCwt7Z+SysvRresfbybfgdxRGbgF/hMXfyp8FmYk/u9oOkFhMWnY06XsNa0fh/OU3t8aDjLj6C0Q4uxUS7lm44aN98V2QT/xrDm+faBF7rzJ3msc61PAOx7KVcLVRXcS1qhxanJYPCuhbGAp9d1h/h2tS8BVuEMEOCJQZrOPTw0WodsyWAXQMRvqYPEfiEcI9J0u9dlwhdPOTE4KQmCalGtggmFcUfbt7CS2J1fYw4J72241UkEA2CmZKl+JO4GUO6gajsYJls68Bgz5ibWV5VAgdmXoNlmjGeVpsJ8Im5Aq7ZdQPh1IrbITvQ91d4YYh1d5MtAceNpHhh7vl7sD24HTJgpbk466yTsY1zmWV5Av+khyeZHLYRoywY+lTIR6jw1+uSgnT8UkzYfr5SXEqzzCTBfNe7nuwcmfHys70ZJuq6C6ENQOYKcSB+AenkkWJp6jaJCvXPxTEOKFVOJhcGXG4V3vg7nU/EwV58mqy4/iNe5RknzADsAIF68xWpRVryzrSRo1ujBm8Abs6d7LFwvyDk/m0m4KPEv99p/WBoL0cmXWUGhm0D4XjMiy5hrtl2DfSr8RZk+o6aeiBgmG5/8GP2lZA+0hsM0fz6rDCaE8jQyYbudMrg3WpC3efT2X25/dlSvr+JTi81A8HY/z8yEJodQ239dH3Easz6Y6ckzup05GM1URU9YUOiEolQaxiK6cvJ13V/SbqmjkdY3QnNq5D4mP5EVvcLi1IqPCb9HLSo40hHSJyXQ6iSEzPW3mnDX5usNErnezAuxF97vP1wyN6ZoXqWhQmvd/cb916zvVWt+3ijgoDwRCGXev/LoNNv4/Tg8ssuV/fL5dLsFrJUgdg0Bf+3/LrblYHP288tBpRkJQgIq1WdVsm7pnOpzudRm4ip4kKezdXxvIuJemenOt2tz6zPjNI4KaRXfWTwVqqFD/K1mvKcmGyiRilJHJxK29GwXn14jU6MRSCEc41/EhxMV8tuJg6qxcBnpXmY46sV+9sVEldwvaPSQJcbieKjTHp7mt1At0etbvgMVFfT8zBncDhrzURYp2+c36QnYhe8dvrDAda3N94IP40YEaP8Vy+ApTiSMjRQeQp/Xk34Ax7iBb3HgB8UuZlISEGlpvxSj9ODlUtUih66mOO8aBUoq/5iFxwq7XPrJqgN40eVs23VIGvt3IAn+Xo/1fZ3rydjbDFO6KUi2crTrYbW7pXEhTemyoBQzQG2qkrHXQ6d7FdxF5TyxBPhs8WVXlnEddOx6QTkbgUmbadvBzP+GOB1fxb381exgy05vqCzWSEpvKY18wwRidLNazlCdabO7zDCIpjptSgji12vbQQsIOfijE37KS9HXNm2STWq1PtZj8A09xzSaT61PryL08c0EdX1T/vH6n+cwpXMqRcv5yV70Wjmy3lU2nVeBst4mTrkZfhMOnb7D5ZcE7iuJmy0P4XArQpIu05uByczAXQMWIjWpgAO7YpB+asoXnXkNwfnJvz/JjNeX/UGQH4YggSU1H07YYxr85qdsWCzWhBz45Es0zyxKcflQjbOjZs7T3h9Eztulu3bdQsdBJtrqEo0uOdq4bTlWwTBWAxcxvVCm8RcGzrfCjH5c5aSg+nlFxiySxHR2daGjKO/LGYkS9ug0Eb774tDifkAHHh03HJKHeTBF9xcqDlZ2WP4yjROlKBUctVCN6hJHymm/B/2b7cW7pQ8/G49nPeCJa20POd1KHb+xYfqkL2F86YASxwGE+5Ssx9XKL7m81nNkQp35fIrxpWz4fuPpZ8e/T8vCgfyF2kXin0ou/qyfZNt+4Cs2UD87bo+uO7BOuvptARn0CRHkTEc/Zqr7mlfpZ9q/7MYEx8ztZITsF5sPuMunsvAdVN7XuZFPG+brH+NLCQrtaIZj3Elw0m3oa1bq7prXp8zmzDh+pOguhHmX0P0G+z5rf9Lm1N022H6yPfj+0d1cYCtVfOSnaTrKV6PVz/uWztIdB91rjge3WskFVyS8PvebQfkfP89OzX9G2WFfcuWZlmAklm4uK706tXXBJN7j+x/LOZK7WWqrZaHP9F+qherJRHyMJ01XflysZKOSciOh/0ZN1Lz2GjulfRrcxC4DT8ih9TPf6w1SJ4+IKrjUAsYm5/XaqGYpkIu98OUzwKKx94IEwKCDeWzkzd412OXLpomfdVibATfDIP2ALFZaf/UPNPLZzTFnR5bshsHz8/drsJybskCF2B/9azs2damt+A17jM7jhH2s3kwPTTfyQyPvAEj+3TnqXM4kxKaysXIr0LVSrMJwwHPRssLXc/jHtciXwzA0I3NXQuPiRz0lCSIOlGrLoUn0VodYBKYhVYcQZuFwkabk9IsqxsMGInhbf/sPakNjR85OFIZXfO2bORlTct3pd0R/4moT3X37kk0dUJ/aAb7FdFxeDbTmiu0S1QtMOkEXeAdcHPugVp4VHD7TKECvKRwtn6kh75+jbeSJV7vNEalqrxz3ZCM+0sM0+VlcSaeo+pd4JLvbuX88E3aiFK7UsmIcBmPReiirgy/xazgVG34leb6RkZgIPqrx8iV3YckNxhEXB5/NJJmVVKpjYveKOVMFZaLa2QvUE+sjzHhsbfHiDRMQjhKf5tIfyt8am084I227A2UZVcvLTj4nOGMR0uzOB6kOny8clful9voJ/N7C3AgxcT6sEQxzIkG6MA1F03odSn73+gtspSjma6yw6Rcvce707aKX9j1/XHGf+4BpQ/Z7+0z7CyiSLi+C4FWkkVLub8bemal/NHw4zis9gj+ZHJ4w2zfIXkBDxmirr7Sk9+MHBJevLAIWBLZxxnR7+SMVGlK+dTJMCZupCNy3Px1lMbRdkFW9prgNRrQ9E5WeTAm8hz0aQfW8VqPsv8xMkcII0wT0YvlX2aoMdpynOXCxRe/Q3Vaf1Wte27PvZc8JLEM/WQ8l780roPcTmCzZU4wIisb9vVMmz9CiBpctbAUhLMuAeiYLJZmxqhpUtp1+KMf5O4jQknQlpITy2ZGWV1ZPOPBRHtEMPXZe1+feLCxntQBRoPPfUvaGFAMyF4NfNnBXZjEQg19MRxx6Si0N1sbSPdH3yVTmyoGXdx2XxjsARXcMgxnjCcZQLyLcYfi4Urf31pJLplr4Tc0L6XyGfHzZxfUy8B31NYHb1ETUDmzv8wzend4SuoZWQy462XBPJwBc7LC7eAKqZFbjehS4aaixMsWGjkQne4XwJUdi1NSwZmpjwt1KdzEAMM9NZJWT7ptTElJa0+wCWuKcM7hIwUa8tmnM/gIJfU4Ij8OqBMwvV7eX99x/QvjSBKWeC8GWz8QJIzpbXvABrO9RdKtizCHipAzVXSB5xzzwqYGPe/Mv0amFMdx3H5V8KyXw26l+KkGGzAnYdAhcUc3G919RR77wrnnP3cI+6Me5/krzzGpKdSekpBBvMB09jqISxXjCuAn7K4TBWIo9yr2d1cC8fbU+cu8yaw1ix6dt2XhbNDxFzsBY8zWR9XLW97tQngg6BZSjLy7AfB2EQ2zPyO6HM5EwnMONsPvUSDmrroOnYVWmrAuTKr+GrfE/sMJMU3KuRrHeMfQjHmdVHloILiJSwT4Z6AGGaABBvwETH9QrZDiDYLbegg9ONQKgp+RfpGdIVF00YjpWNLamH2g+rz1D2EXBCKaqAwGNTuogganWXS8OYvI5IovQlzDofQRkKBetW3UReY/2X+a5vdGFVHVQWWqsmlAYWVEmZ13AZEtnOWGQBQKPijBXo8ntHpwzd9eGlfmueWad5tuw6mtZAAxjN9loArBe/If7WQcDcvUBojgtAzFPCZiHsWF83PP9riNGrTGuhLMSO6oXpLloyauFTWm5ih+67jFOZa1Bcamj8nqfRFn2gzcaWg2ollStAn7TZoSvX24cJRVgQ6MEXmiZTzURAb6lHI3Xy9RjRHP8ZJJgg4qbixnH+HESOAGilXMlRqy7LA69/qK08WK68BGf7K8U8ruoYJDnWRad8wB4sH2COCRZza+UZO93R5ZhgQhD2GAZ3LjMZNW9QxDkG3YUylVHVR7Sp1X2pGeF/1UpgDlppDCb/fnnIOVQBJvqWu8JApRLb539H+LtHjJPdP/N7Y3rqDYdkCUT1MzDdg1XPTyEdKRLMUWPCW3RcNTWldRITj2/Hc+06K/5tQ61o4RW336lQU3ZUQyK5zwsETLr6qtjq3omL9e4S2VCnn3fSkkacl9ixIZypm6YRfXbvQiyw9o/rZLB6odA++qEsZKtGjJdD/GadfHTSwxVgZixpUugc2iKreDuWVD4dqjNFn+TPQtqpUnhB3bCuO+fHPXwCJK5/PDRI4lsNv3xSyEgvv5J0UeL3BY8phkJnU4NNehurNOvukh8dyjAP3lPYwWdpDh7h11kpvfsAKB4S9uv5nwi+C+tkrIa/ukO7vs0QKss2+HnR58v8LFSmClj3PA5p7GsCIfhnFpBDyu/httfUY9EGlc4AlsYflZ6sL1/S/4hGvHa2Q1V8pDMXsYzM4HzofwBZlFdM80CssUT7W4NhIVRY2Yrq/DiUTMjVjtLj7OZaV8EwyicoHkL94w9ReRIxS/r9luqwZp3v2iDTUBk7nWurcWYsuiAxvYYgN5U0Y+gb0SolYprUQgl5Dq2oCzSMPkideRLNPzOhnEcq6J+qdPQPWYBOaxUkeoYDUZdwjM/6MkK0R77VzufF1nWCnCmCDH/qoOaUoH4BMjPdWbJ0YRC4a2owp/IXDKV+D3mdpSNmENkB0aN90uESVe8fBO1X6m5vpuyMcw3p6dVrGQwFDobCixWj1mixP2bQbCefks/RztsjcS4oeUZQCtci3EqExcl9jDXU+upNyUlkUq4Ou3L/1UL7UclZEUl5USWVvhpZv4b04vyQgQvzk6cAVd6iKrW5OyVAoHSksydUAuGd2STyoJO4I7JQGySh0tEIumCJxoePT6mMCWWrqzfX8MAx1VKlF7cdAMRI4/65pmLcbZI+c3fqENa0CXZUCL04qvAQDlKt1qkymlZnRpME2HY9DhrT6hwY7lE0AkLYWh6O2r6Z+qhhl+jeP30UcWBxsTu+eUQkDaXHiwjGbvC/P6TBDa4BF+QvLmigqA1OC3UpwUfyqxrPEHaW/dnklCj2GUTY1dVZOtV/nxON8w+aWPyU693nUIrhKU15py0w8ZnEVB+4qd4q9XvKleV2yWzYqbxzHctglZ7HK+gIEn8FAMSJcksSGz05WAlUMKmuVEfkF5m6rUzZPJ6BD4YGXCtnFFGwNr6Xo0e7qQ628iEH7XRLGLyQEMbrgVDdW94/IbLDtTaRvozet+UtmxzRiyrH1yVycgciczFX7YBvIADhdPwOEMhX94DB7QRJEKeSUma70bo5pwmhOWC817M6Y+WKd20KWJ/EJqGjhPaVtgndakp/aDzy2pFE0A9Gj1g4khso1yAgJbTF32I0z83K2M4AZN8nR+5dDqTN4dq9tDqgt+sevoSH96CBVPOLclIGRNVza7lSLk4z/2Vg3b7a+FIRs1YuAi/F5O5qsm8lpcoI9iDy3sz8k/UQd4LJMQQFOMhstP2TSE8yuA8GDniEV4H4/qsdlfUWb84cFQhi/+AB88jKtjpDLxJ+pSQFSLqVNz1i3yLi7buhvViDAfxUHVUxhWKvE9nTD6AeGVy/CNFNnFNuEqeF1oyL3wcWKpuNOBSFLE1gIaX53MR6g1zykjGiAOZ4hMl4UI1F3vKmobHEtbC/vJf3r9BFim3HIPjd/KWrQHYeMdKNzDeIyP6usr0F3k100g+6PpjGNndEKAiAmbhG3wTvE5phTvMJh/LeJyfB1gEmDBsIPC57zo1hpzy6F/TXkLdCjfXAN18JV4v/Xahv7wuXbnzL048CNzNHKN+F0amj4sAI0kzEjjq4gwlfnyKDWExVdhRqeGL6izvxfxXpdiEmbOlThdR/rhzEtY+Ehk1oJduC/wc1WrCQkzUHmbgyvovsIMv7qQrRz779axnV/qczAfNv9lr8oa9zDzHbOL9J1GS/nQ20IXqX2wbu9D/aPI3wofc+gRxORh+HP3+viu1Fkf7UZ8ewRCJ3GZIChe/mdCV5btYWUDaEFDGnzOTXn2KULfFu7wO0qvKyrvRVrRm/Our3a792mL3ZKRfUlh/KFh6g9pUswBa06uxhOeBrg/tWHyJaNRflQvqrwQ1TPu1qrlMSvJR8LMVq1QkiE/cweNjyLcRo1OzU9A282WLkFnDnhxHie17hwxokXL1qzu+j6762CV/YBk7HAEdkEQyvxck/ZWhcppwKRymMwNNc97m7Hu6tbWLFP6+WBEi3ypdVGsp7D1EKsvE1UDT3hW/4WCvV3mg9/sYCYLlchNyKbES3DPkr8JHnRYPHnCxcO7+/VL33aOvGZguKMi+CQkQ7aOLxMYnJUhHz+PuX1yYmYJJsLcKUq/fv5q2EXffCL+aprTJf+xS8Lhkh1eaYoNYjtcqhjSHCNHvdSBixDzxWQokJtMgL+4yUGG2yAT03w6etVOVaQDmTkbnwLTe1zSR+WukqhQiWBAKpICmAzQsXz6cNCf1OuyYrDiRMbP8My7mZbxVWUe6aR4LMZAgy7fNZ1ky3nDp3J5D4OZe85dBRrF5mzuHR3EEEO71o4Z0U9tHM8kSXF1dpKAcucf8sYojCP7vv6kzfISLDexiEvZ7Abw2XBBi+AWNSAw9lRrxxXNlJ605EWhPtJOPd48OWrp0XU3K6+hfCGxdLzh9pl9GBeVX99OkhfW48xL9zWtezcu9gBMaeRshRPwjln8rGKy8go+XznvepUQJKpuXdageZkNkmzONEUOVHiUIKAy6BG2PtR7g9+s+/R9JrtwkRPrpr80uX9+lX1+iM+oSFZGCftZvRq9zXorX3+JCE2t131/kZw9zHmXwe+Nc4wJ6VhGUnuiww4gX6vS6T/3HmHQJG3dFyv4GxQSOLJew7gKOmgLB/gJ79yQeETdmjYL2tEe+NvZzVPcx4KMlbwEYTP9N8+Hd92BjIozdDPphUxQ22TOnG7cx4NJdTLvM7wkKFKUAW595lZDiTxEMQ6Ri4AQewt8zJuMlftrk3RJfV/R3VPvZ11gNmnjwtLNfFHmw02rGE9PXP6NYaLhTmWOj/fe98tCuhcvInKWVPtInWD6sBtsQGw1gSSn6oWRJEXMPvfFit5d3/ZVW0pjJWcz5t02uXkIMC2yaAjdwVcf2p2PubQiNJnNVZT8979XgZWqEkLsWQq4cj8t4h2Xc+tsOtST2wxxcvH/5C1OjUbZa1Ll4gTg8LfWvAtSdnLkMumIuWRy6pJs5D6IBl5FoP+9bAjT2PiyLMI8vx4++RTOpMHXrWaE1fbfl/Q7osRBkuqYJDk1RIdavmhSFJTGnqiZHV+KOHxRF7rXG8BOiOfiO5V77tjXQJ1p8O3gOcqfW4/gqyQbnQ0GgaeidZlsdPcSOfrYv9JpJdRie2z5vwJ2/8yChn+KRlJEQosQ20O5DJalt6ALjM6Relz6Qh0pNbX6xc2Q0latsuRQZcO6qifZQEVASyYUZGUpEp0z+Cq9AP/cUveHowP+bOPuYtXawUrui0suSPnXsMM30snf3L/0zLR3A8OBMIVTP/JyXZPqF+AJdQGD12Shqi/157282Kw5KEsOFisAIgfzMyOD8Bu0pnvAXMEcp6b4eF5QLnzCbTMJVQv/9oLX/sAW63xFDUY1kN1jrDbI+IcwdMnea9SEj2nBNUZqIdULXYNLdrumRUloKWNAjq5/1UeO/wYkCCQ1q8NWa4AkWujtLfvzqJQIPeGwaU7EK6PyM2LDpUB03Q+f00h0ciHnvRlDEhSp52sbw9k6q2/VdLRe5jQjNdpmyoniaTUULgvRrsc5ALFI/hw0gPWC2C6TaKjq0oRR/X8W5l44OwS8+5zRxwW+MQU4mxge3ir5G00T09nPRUSJnqR3t3Lze6ATvdM7aQuHs+aeNKNirqTHSukmsa8w8uehMmBW1vYuVGktAdTZMDEJHbURoDatY1hsVhKWMWcPQXMnhHSvwHmAYlHilJxhjHcjIXAC/GOOjy3TvpJ2ndrNLasUeddH9X8OBNFwI3ftgan4dU99CrMI02KAFdm+EVT1mYLqieheAV0lOpQVodQsGr/kv/WA8JQcOIRKvGqEpJKizsBymdiVKcCvBd9v+0gIgyEWP76UpYm3FgGA9LKMzMPLv5z+Vo9gfIsBwFYP78SDWF+eEvG+U3LKfBgmZg2jN3xzM+opetJFK15K894oF9s8KBsZTMzpHZuq7dBUydqHGpq8jBmrsjNjdb/78Gr0XJssA5BSUKemxyHegfHaHF8WkQ4twpfJMYTzHqorROLzXdC+N54UXreHHcfnVeCiYpL98YDMiJL6EL06UNOPFBoJiA5SkaZFvQFdcpVnMf5OqPvmE3o1+qdAPtjpk8Q0WAMB2McyUrCw+qEIqAwnBCo1SnhEiPB+tcr4eBy30A6DdU43ts+fHSlLiLEgeI+3WeOWQCIMAzUdsML8JMwcb5Biv/TVfKC/Os+tDjir2xRHnI6t+pRQQZ42YmxyVYTArvn/tazSdjPnlMipKKUFxe5aVmlDl5VAIf7JlYUZLTOPTXtEftDo5dkJrgtx0fYJ/XzZ/VzuKBz7ZQlYHfXV29Im43bHlYGVn5mG3xn7pFEsIPlknKryRhlxCqQZBL/GTESrHoJHrYk4ww2cDO7MGTyI7u1Q5M02QmCSvj98n1jCCrSmNiSpYKEZGV3+Jpu+QmR9HsZXZv2jPsYN+RSY0xbiEY1dm8jRYUFj3ezgakvSNTo1Ijhp9E/mojw46oPeuh+U6miYIp8QPP71+aFQaxCeu6B695Ped3inewzx/yeJJeCYbxaP309FeWLQN0xu/mJEm0V47L9gOPz2OAY8yIk6Ol11wCkYQcyNfwBVtnsjP+5Oyo+tchgYRt/kybe9SI95XXUc8rXH6vGQOqHG7QUA092qiLN4PzEnU/6+nJCwhCgyNpjXRE7IpLWP37vq+xpEor2yokBU740x0YHSXs/FuUFdZuFbzE5Hmhv8+ELboyTcJisbEQ0C6RAR4QMsrG1loWSlI5RmFfAqlCUKvL49UfSVb2PaBqIRqMx/L1jr0W9waSqyD4wi+YQs4XB8kl3uL6LSrkqwXl5RsK3WZ7P2mMfYulM8Jd1Cifn+Yq7sHRE+9D4I3WuX6rTZLbg1aTfYEyYgdDovB6dxDd/TAP9Bo+YbO65Vf+H9J2SrdXOSrkpqNXU6ubPczyBm/siral9btN7x4Ln85X8Pkk/3gZzpC0EplHIf/rVl7vXxebR9d+aSUr8cQuT7U6dmYaOfBIvn98rrdH5YWKVs0++SJfbTA2UITU+c6/nfbi2pVjRthy/mldOnfncaI15m8N3zK3B+yZ6xsTiZkvw7CtxpHbXLGo6w1R+m1whCqAVDNPitnRfR6kfc55CLW5ubrJ9DbC1PcIRpKlHcrC/i8MOpJ6txeRxemEQVCEn7VpdXHJ5cTmmco7uXWBy7xhqHu9+zpPhTBcx+IbulYZMZk9J6pzQsGx4tReEOlnBPIVGyPr03kGARXFNthzWUl92UA57r7qx+798/yNSSwyD5AEJds+A2ZmlTvPq2VI2O5UHB3IT+gOFdkpO2G6Wg2jiBzefiJ+HCKQaWaXS2+UpTj4bTAkZdg1dLC4y00tRWP4L5hlwSRZgIEe8lXu1BDL6b5qjbAFL/vDQ+nz+U4Hu4mDiYAaWw342jZVO2bwJNubZkCrs7SOEMC4LVU2FAKsWxR2+IPHmWSGgVoxa8t/fs5GqnXmhzusPFfBMj95ohzw15tut5qjq1o8nvshGnICQKwLN85LVDU2UUC49B2n7PAx+nG8+G7Lc4MNiyncF5K5KwLT8ox0dWm9Va5WBnnPVlBRVeclPoqp86DbYLF6ML8uwOgMFW6E4h6ITVMtWxl81ra994+Cdk5XPhr0qA/XTOP2GdZjmEW7VCojiiDe0eQme5ZeRu1n0dgu3oKM496cTm1YzqbFu9xVryzU4GXbqVfyhRj9WNa8j4C0htkIqfUF5qkGpCdQc/NWoyoyXgfbsIb8sc1vQS52PtgWIEzNRPHjxMEAP/VR0dDkboUXLMs98IuspdK/Ybso84PSk+Q1dzy+CF2EsApir1SY2AjsSYc2ogpnynbz3NuWgKsFF5G1u+rp0wnyFCtgEPFyeDfa2T6wbnqbH5zjyWN8gaSGS4wc4EFsUJ7fss1+5O5BqIvRIeXIE/AMHHsxtbBHhkfw99GXMdYjpujK+GLSp8iwhrUN/OKphYwfwOaYrZE8UfcWriTbIdf9YPNjFWdPB6vAIK+HViB3WpANO6KOXtubp+7aZvMBhf83E37bLchYhnfCUEoPWKbl7nx+9H7/Zq08BlWLWaciRU4vl7URQkLkIf05/t4nhWsQpMf/K8RyP9zwx+0H0gfCTKZfDCsKnRGiYZes5rvDWV+wVGNHwj1mtUgx49FIiMSpA10yYWU31CsgAhVD6yp5ks3SvbxI6cZt01pq1cSVe4maxyn28SGaYYTlAJ1TS/NrL3WVbOWxvjK5The41MeEVvRo3ICTxE3wTZa1P7zuuxw9R/WYSKPPnNMLpruMRXn8EPXHgJe9PSgMIOvduJv8AT+11xj+KvNxDBIUdbhqsv9YDiHZV+lFd2PkK87I7TrCpLhmUC3kzMakgUzfMGr1ZJt0Avj+BbcWyN92mvr/cidKB2xFf0D9A+aCdfUUiMRNaHvbzOnptqTp/E6b34ZeODsd4tzDiPDiqZYyz+ltRkDR4lS2bjUz9ikw+g09IERs9dFYMYf+lsYrvjbLXQb3tPoai/cTmchkWpUm38GqN5YA+SnlR63+HQ7nujIYxhC1Lkf+Y7CCYKSOUnmOG7DRgP6U8K3i1NILFM+zgXbL8/w6bS2kFx7vbG26VT4YDUVH8pVqgj/Ap2vK5n/hdCQzv6JcnnAq0GjfQYQM0J0zDP1N8Of/lzJ9xIbPydxIHkE3Cl+YBKVAoJ9QW3V9e834QuAT0GzRbhejJtriauFdoR/TKz09eyQgheNharlz41Cay6zjykvgMO7qmvuRJ1k1Y0E7WZt1iKy6l9+2cxeV96djLHl+EXM8Zr1QRRTRNazsNnVgloEQk+pWTQNVikstMS45EH2SVGiGiwOAcB+uWz8q+2plWaF3MwyuPjz60R7tOpHgn/kFcfPp5jQ9bPgtkPMlOVb+8orL+ChCa/30llouSynbi4zhu2g1+E+NS62LApZLyjWDAmw2N4i/c+3z89yuML1DMkg0TzsZBcbxMxEhDtrplrusdrOMGsoOU25XTdOl7ba2LArjm4YUMda/ZXX1YJINaAakqIHvNTUUEFWibCV0iCM1eLuAuMdLx4Jib/P/QIcEhP4tecPqGxTTf+7EC9aFdAG+jjHJZpO4eFS1Z5ymCTa8hP7ZRHQb9lf8suwzoQTGSxk7QS/V1PvznMK7SdMxhgEZiCHnucy1X+EtICzC8Vi2fWaiNP0AEl1l8PsF7gIlKV8P3OwQjreFj45Movb9+gU3+GjgVTdNih9ipoDfKkietkAUN/TSqXfkwkEbu1ElXTkTR3CT9qMTHQswuoj1tAydG6YFSTR2TvhQQZ/fVUOElXpJtT/ETc4/lwgU0tsI95KqhGbvXC/Ce04p/E7puPgqo/u52Lv+sexi9pvHNBJJMuYQ2xN26fk8RMC1fkLrHXPUmwhTuFk/aUdyTrObwt/KcKewilcNVI/wP0L3zPWqJDWDZUVjr5vcZBCcRajktqKJP904oxIRALLofh4P8prxmP1t8DR9AF8NnNSzZfrWkPAdIHAuj25mB8v4T/u5B7FiXn8o5m+gsYglpfEryk6+0bQ4yzEUNFVOBD4fHShT0JZbs7yiyGfK2DyP3VFTScrX0MqigDeC14ScDXDg44GpfwRZTz8UQzLS6CM8gGR6jVxLRTzc7X1wd1B+CqVwvIqM15pW6trvqbvRgJ0Gh8MCGef51QomwbomZU6Kk4kcuVF30qAajDwbOTkYFdYb2b7AYK2onBKCEN2gaezDqCQND7E5Tqt9A+PkFfrjaXWpnPQxXiDIVlpcVqPPuevvEaaUWim82Ooh6wDKeU2J8sBG1uKbqOiMKd44Zc4C9/w+bGx1NBt5jMuK0foyXewUJ2/Wi/llhBLGZODGaFvtw7OQdAgnlziSJMXkr/kb4Dh+2/wQNDfIKKUCP+lTfkFlwituIVkfmkHU7pLf5NZkonCj+vc19mmxYfcu2/9BNvqzLbOh7E32Bj2Ks1M1VGRbBmmSmyWVaZMUoO+97ZuaVnSSvh9k8LHqeYX1gTBVvBSBJa6QJL6y1NC2qVOX+r8ye63XvwgBQCrfHpCUWFhGnXV9AhuCu6dhcnZ7O/u7uGZZpy3SyI+ehGHhq5mWAfu0VFz/M/sjAD35tcyjFlnXjNCPxRQPcBLfUuh+96BYpgRUNxwyuYR1UfsHR8+9yIuILez+WUgTkZDR/uVvqVhYZkfI33Z4sx+PA2WUPHIV/FB07oGNNwFxRiCmfL1tRhBHslVwIBmdsr67R8DqVhMf4HWwohaOtimab4GjBmRR70BR4GPd51oK4JlD55UYFRGN4ZE+LUOOhxNQmvKQANPkuWsLQp0IJVewrxo1MDItnjSBR2qJiJIgZ3nsqKNM72MrZrGTK3vMvm9sBaXtRiQmsIKsX9tf4YuOTXXRbIebHLjfmJMAvKXpKmiZEm4XRnLQt6a93odcImX+tPlMCzf5iCB4fN0dmy/fNQDYjVCinRpwJoydb5sKUeZh7FES27MHruDZE1utD0ENQ6YX7YWbUNi3gyXtJS43VIKK6Tf70XlHv8n6jqW5NSW4C/hzRLvvWeHN4338PUPRjfirRQhaXoaTp2qzCz3DOyvf6N0uSetsKi3+7t8yUmMF4gjDy2WNqxsL3mCsTUjATq8agvEWnTcW+sUBnaURhM7+KFf9YBpl671+kpaUUOcy5HmpK5y5UA/80wESPF6OWmxmniXI2jDamIjsqSagH8c8y+jZn2JR/XnuMSu0d2oV49YzXLKlK6YUog63PH4N6HK+qXAT2Tfy3Tva2Cq6Vh+JRaYt+o/VbKQ5aGp3Qhm+2thymFcJN1h1TzN8GwlU5bKm6IvfzNFdaSn23DPtahENDdM/L0W0YvnZbzKLPpTvGWIciLcvHB+Tr9IOQfuAViyFq1CW+bn2glxHWcmIdozNzhJh1jaanlI0c9Ulr2fnRsCOwU99wIkPmt8fwqu52/z+So4X/AjMdvAyx3M/2bFkIsVDLqBmZg7St3LSvLobHKirisUO1tW2SVEzEgaUdNIXjwroYNvu8Yp28VrkJH8tbLJLd9nuMMySddLqaDpZ2y84CIsOnyHtL6mR1VrHO0aqnVYRocJT/PRVn6IR/xCy3LdsuJPmGxTm8jJLF7Zb4bchehUEhlT65lKz1yrt7y0fhWUVc3A8yewVGImGibCtj4qE6/fwqzRs/GaHIUoU5N2qaUvXtx//u6iZxFtvnKlsKRheFbSjj6xCWz/lmNDbaB5Aj3U2Htxjdc15sp49AOWGaD/XQVQtV+SuBJ5Ik49nn5aRNvByZoMAaBSiCP+Dd0JU9ACofmw5ccOEHQFlzt7CIFAopP1WTpZL/UMOG0YGhgVYuPORizElfe9R4uH+rPv9/i3kpYfvsK4fh9gE9dndAIWpwfMckAYnyBVoD7xANvUsy+ME+zB4EMjAdW7MY7wJLIn1Aiw4kO5xjXRwyngttYjYdQ797yM/stVy2EanqsrSjLOl+Z50lJICUVjQzMymnVmA/91gMclBhj9I/fz4SircZd49vdm6Fmhq9Ll4p434EmAk96j6RZX9BUifnVT37cXAw6qDz+uRrbmudxOzUuuQqGiJK/CKJpLO2P2sZdF3VXdXdhfWbIpjmBHoVEYO7sVe5bBOHjxW9AGR3+DAkQlFDM4KERfeaPQSz81Gq97vsP9ATFHVGF8mtWiPl+PC4lrdBA/edjQkUtMf+r/tqfn2+jbKI4CunQFKtrzhFFRL/EGKoHr9nLqZbGN/V87ShmCqj9gaIbym7pNr4Ll9OkGJLme4wTfAzEJAajRn0gWGEQtfaJslAT9lX71gxkSeECKjfav8i2Kkihatjneq1nwqKUqJ3SY2QU4a2fG9g6unGYExfP/b+U9zRoXvE/9mWbuZjQl7dMhAgbarYQo+FsPlVfGUVBRBeRyFXNBquC7kSXXPgzJmhHZdwCF+til0FFKvD0Dw9lp0NiDe9rhujCVyZOAG/YQV+1ahPVfXMP0b3r0y+0/HZJ0eAv+NExTRxdqdL9s2fPAQv2N4jd7T3doCUvfaE35g8FrgN5VUbi58rDy7U/5W+uJ/sDnZeMSEYHfSgV6us7Gl+Pm/npjSjr6NOCB4kWPzuCEFBzeswp/bsussiQNUWboewHzPPRAYSKEal/u66hsegUUThZ0Rl/N9I2djPH6dpp2Yq4VYZwXryrD5vxhFXcwtABqFfbz2Zqe+QLdsjtbiWH40QTmdQ7GMjhyL4oEx5Xq5GgWMtAK+p4PE8F6o1SOvk2e+F1pPHDwrISaGlZptxuYmFK4eUIHzR0qdbRymvYm5z5lmm7OZSiA+uUdqK0Docb8buXwIJY/+ciTd+17ahrGtx+nZTOE+zU1VItVdWC8B09Vx5Vazm7l1OPi/YT+zDtlduLnwhJuib/6fFx9EcfQ9oWMmpXwfmW5kTKJt1s07ixnqw4K4Y3EZGIXfy+C4drOS1luoYUl+fyV/E6yZ0EV44V9VDdL/bCdh/gm3K39VBJARKEb9n9cEojtC24QAG9sAUvEr0lLwGdw6gb1oyD7ANUr+J4UB8Gvj9JyrQozbz08lp80Pf1K53l5r/Oz8jKmhttQTL6CM/Zn3ZayRkrzaZ55ZSu+jtySjSY1TMIJYekgr1qdnGxJZSVx6QMF/wkS8ohnL65Hfw/K+dPRVj2vUhRlS9KZ3X2zeF4MSe5jXQehBrI8e/ZrFSggww39gn9Pomt1IDS6iJAnl5oE3H6t/jdKOHpK+MBGDG2sHDnylEhUKmhYb39khapqhrnzD8YN2MDg33PHG1BmDyddigxyM8OVpYbFL/jfSSC9MLe28dqdRiqKLBnq7z1zOiqwvu3c9M9otzCPdpVMBJszCkUZNK+aQLropVLCgVX+S9OnbGZaYOGndY739Zf1nHMU5NvZfvGcvdDIS/Igigw+lu89Lbxh/m7sxaD/GMtnNKuOD4NP4FZS603udR96CmlIrhb/tIH1SBjAf+2+MSOP0Otzz1Qzp3o87PNiJ8BwL4oMHuT9ImUPojT6MZIUwUenfZ/iaW5dAY8EriyAQ8GPDTy1jHijnFSBQgkZ3mw1o+Av4vkQhtXoczRUoV51YQqcFG0JQSTnzIHRST+0i2EUyYbPkEHh1vuojfj083EJPVWjUu/8qnA9WuKvJ1jlbmgW3yuCGM9vESRWfIPcomONaqRwnOXZmP41kMEiWYLeqJEwZUlsGlVPIWhi5f+brqrwns280aSObcANfpuy+Z9cCAL1awCObSdZrr2gFoVf1Mq3ZzjW7TH0FOtwbL8BC1gDNYI3ps25A/Gj/N8vzaVgLETA4UjLaseWBjomk9fehccZ/mxL1lfgv+KOYRrxfH7iWKwqefoZavLN+ObdT4LWBSrf1gDLCoqT/7rx51WI2i/q9FuUeuvWY4a6mSDVWpL020KR1VK8UjOKuHuateaXEaEF4LwmKVKGjOApL53gdAnABlyZtPObjG7sc65i4hHYKFjoAejTCNpGmPQ+gH/DBfhFXr4DHV4g/+SFmto01bZOCfYwpCtUsdGrhNplccoxFkfb5nsFrosLE1v3dIXGr+h1WmP1X4MgImD6NOzdPO0KL5jUni/bxsk8yf6M28kiiGNjoB6BGwRwOrHzBx6rUDol1OtqdDSdfMh9k2YnNeIdPCEnDWVL3JM5LfGaqIz6DG36P8UEKBYo0cGLiXzCMejyB4VH7e96YL+h52+AoR+Ywo8SVN+XiulLPNE4LbDRE5MPwu0yvScVrIPV0AnhwbXcZTplxPq//MsQJHPHudFeoQhOedjjgYdKheHftnDDEM9q0LgXTXx6M/kXH0PE7Bktkaj+p1m/DWT8yV77Lcbb1q12LqzOwDHKv+QD6GWJkCoT94bmBhbjSxgSg3siUbt4HbuseuILcFpZLaa21J7A4Q3CLiBFhMt+TwX064kypgUow+HCzbyVpp0E+JnP3OaBAy0oWtLGE1kBWfXV/9I+bRPFvLD7hnphCV/aFjG6UDM2OyNZ26+XkVBLZFSHV/04n7rer7olccruvdb1H8aVXj+xCOOh2uoeN/QzZKhwl9hpXzawpFa/5Jgl5WwtD8flhnxPQxtt+54Ls6kDecpGH8sI689Ay387IKwnadBPeBGBSnaLxCpqxkgu5NLNRViVIICLLVLMIOBOhQP6D8tQOZwiRipD1YHQL/d6mgLbPq+qZFS8Y62X3wRdCXYjBVkH6JHb4hcNG+5AfW3yvKLZWw7zJZ+TTF0hKiw9B9pSBe3BT97KjDL3GP43/XoOPwmOgD+R5EjDD8co7JeRkH/U6LxgJLuMgtrRrR3FqTAieqKEewch4kJVqdGVSslIAzjP5N6IZ9gLKI6nX1uWX+KYboTK2CNA5s9PJIz2Qnk8S74QTh4pKc6/UR38SYE/XtozP5ML5G+LKd+FrBzUEQ4rAfV5heA+vrRVCjgMgsS6tUSwCFvtsesPrCBzJX04gXHiDsyx7g6ZiI8ECDfChRVkMYWUuULglhBS3SwQ+jNhPBTK8um62CCmmKbM91zfs2CpVg/E42+7nAmXpvEl98FGTEuaqlpnRfsIATUqhDmP75s8se31K10WdFiVfp9U56AuL+VSLS95QxMqy3Qwby4ajy1h7xYIx2EvoE1cCYn7nyDtS1bilA39es2qMOZYFK+x0o4ALIsmAuyxqzewdtBa9QbNrvBfhh6I/+lZvCvEGPjDXGgGERGlkToGSKKuJKasAFoQLmc6o14QpxGdHMIqAxJ7jwN4DNKpFCeg0qSgKsonDK9+StvuMYyneN9AgGxI4SXkPo2AII2jPTKkhUPCfXEHYH+zPpyTz+mIvRyGMykRkqZ9dRKGPc0jFRo6u+w470ub6GatwcR7tDJoRQneyhplpnpOn6jyhxY9VNdq4GHqvFERIotaujAWNdo9C6i0lp5Jb1pVIpkVXGfL2htW5612Ivob3zJTqQPId6uu2PwdCrB4NZj+1UXZ0I3p8GF9cLvQAoSoJ+3FD39NNhIOHpT0aM/MpeIJkRhHmRegL6kgKHQzpgb80bF1J0H+Y80DEHaVYpgPpf2lKq6/nEKJg2ZBCvRtRcE1k0Ghq8wVOYLB2HFkJwicFZmciLp2TpaFOZiD0w+gRrXVCI1qjWy5wEZonwj0K8XU3d7rdabyd9t3Um8z+Yj0Q5EksMLb/eUDRxAi6xK8frnL0+5TQ/I9y8Oy3BT6hkEADssWHWbufAD7ffbskmmEs00C0m12435HnqlzG/peqw4u9MNRWOzuLJWg9Ltk12CciWKkVMA4eXz6oYmYchf5cQoJfi4Eb2REieD2T1a4+Yddf7aFh54rGhlF7zTey9TsiSw7lvE5W4QsLCUgysGFXVVIgRF4x7mnP6VE24Bc/WIwnVlCIHreoUWw0mu9CO+XEOklp1McI2zb3HoWdxD7Z+XTvh/jt57XvyNKIC3SprJqEHEMK3xchP+a6fc5UMvDh3PpOx7Jnwssx/BdSrNO/l1jRxlBPE3KnDqISZbQPqXLtm/QF/gJ868z9kv6uQnx/S+zWCKQFsxgD1sq11UtktfYaYEqOAknwqZGXxfyK5fKSt14MAKj4e/HtSTQig1o2e2mNIWePmjzNfeSH40zU+qeuxT8NMhm6W5iHnuR1j33z79OiTNixMzA5uHMam45TaLrtUMxIRmfdaSzurIX3KWh1mScasb8zQ10vtLOdZ/dA6SvPfcCyeEWFW00BYV1UfLb2av3vhdJ8So6Rsj9bYoW6imPtQzNAX/+TVtGN6JKPy7yi81eqQbhijygRfXzT3sx7e1lGwaDOent7l8emd5TvgMaFrGfeO/QM2/uEa2WxhgaRzSbbwAl5lA7+7KaOi4rql3w/exnZEg17NcNvLjKpPuspPHGi5ivRll+vf8kstLn2FkcRaDl+BsKxc7JXzJ/sTCIBLMFDWzbASZeTMLA+xXTlAYPqMuBP4f01snqlJpesM8K1M2uwcU4epZXHwhF99GXKaEZ2Uy0sxW9Tfs6QjPo1l87b47ZQrHXoBlNXBfFYJ60A77kMgA7btGA1n28h7MMhKI5fp6RoMp3d/LJL6XRc2qiZ7WQ5ZXKhpZDkFs6Qc8HUYiq/k7nIPy/fVBOaGNczHHsXwOJzuCIwwVe80b82iqI/XKwUeIMl3BVUi4d3LaSx8uunAzBYHjw4PgklQVkB+vXV781iBrIkTUrLcJD59F5qKn0eXmvd7kidYMXfAKqfsBzBf+3HfQjKmLzsI4ttsJRIGiD/cDT/21Cx1DqD0xRjmEZIXK5AMp/G2S/3sYGRvLc9pFj8uYJx8NDimkAcEpALJvbqNtlNiCvnn66XHZ7icOnHcdaXEOoGJwxYqGAgIvz/RG1PvNOKv6k9pHPcmLhdYWMC7ryMJgXlyvBAFsJEN2ZeDSpvM0Lv4Fp/dC1nRzuCQAowXw8Ar4pO2xp8yc1X2Q0LekOuF/zqZHGgPcEfQx0ibLxczhuY9F03EoNys0nsoNzx9VaOg8P0RYYLg7wbQaDArCCzerlg7RZYoNnJES+SAQQw3wDbuob8c0HHA35X/UWXTc3UQZq+B2Ej6nD6HkY/1evTH7Duf52L3obLxQJ8cJiVqR8Mx1wfU+WgQ/y+1h6H6SjGrqnXGu5cDstsB/9KgtrdGpOzehBY2S43TlTkiKBxs9hT1/Ybq3gQTVxgsC4uRcPLjKG5cXd2OlsDsp1qq2bpV1dUcKI7KJLQxtvDLTbmO1BgKEu6aFsZ8izrT/HIlpHjX7WzmVqwmK8cbQbgyo6OPqe3vPe6oCRkZRHDSqT2gT2usu59UApNVXpR6jz5zYoQFdZtHQCPJz8oOeIT/8N57yD0l36WYfT+JdsXvrjtYvOZAos6udp25ram785ylLXmgk+ikOq6lC7UXIsu7NwKBWwUwtelLPOV4nAH3vghHno+1+QI0R+A0/i2w6gP9mspzepEX2odtPnvkhMK02QjTdhKBGZ+R2TZKLlxzqPQ8vIHBHzrqnA4akSmF6K8HUeiTM7noqsDuqgD7CWQwk1OfJkwdZBAIQv4KeXoQucw/YmDjHTQhSPcZxi/IkY592r1+tn3JgCVIXUpYTufyHj+GqWBVl7+l+egh9F1nk/+ntmaC7L/uGkkWhO6eUkX+18mn77LmhP1Dcg24j0hpTIwLcM/XwHnGrtJ3usUCsmG6Tv2XTZy/AeS+kS1/BXPvhFLPIlzG5LBd/No6epZjScnyJZheEUK80ADhcYAPlMDXzIy4yRTWJr9NVW+X6zPUQUV16jvm/S3hI5alOCrKafRDJ2lUBppBO48N+cG6O7q6+SHoSFQGJX6Zi+pHWF8Zz0ohLtRcDW52ZuYagJcEzxD7/82+BK4olhh5lwJTZFMuYv6Nba1VRaoGJ2NpkcdFJ8BO+7+KtpzMaUJGFOiatGEWwzh+dWrUGNiVrhSbnEjtkVZB3IZI9MHGPtx0rY43DZxIdVAaa+0v+trT20e0DyDBtFNx/R96Khx3O/hFpZFjD+Ob1ZSKyCwPfxMlASZdnfxjEvV/ogXpklD3ajflkWphWijwWHwBIrp54Gp4s6UOCZa5YR51XdX4qWyHarWuErF6JuGWOd2xVBVWkb/+dz++KDFRUKVZQM74KhGEFit++j8feyLL/pnvYXgofrz3MLSrP2eeARJUgb+PqF82wOqr3at+UaZyWd0rrFUBowjWxTyGldcQhmZFmWxN06X9kqeQN2ndHnMLlD4K3XLtmRmaCLo9I0jNC2/Ot7VjpCxcEDJ8DKbwjPdXuJUAy7My61t+22n1HFE4JPvriqsMqEifY/Q+EgaiIunmXd2B7QN8KsujMDFSQS0znGMSqz1UvV2ZiMRPFvsk1zOunGNfjRd1jiQeCaAZ7RuPmTnuw5kVJImPMB2WgskXTq6mxtze1DlM++BodKzzhxjik0kq60rMRWNFdMjurH5pCrdOj+BQF7wICPEkyFqnsrHY8S3X/lRrz53+6AWQz094EzVwHYCf1Wg9ESGG59lToGS9e+9vpbvNbjhhtrI3tpkido1gqgAClT0/Er1BnL4mIrnwc4v/XePBrzWB9AxHcHSkekwUzOBFt0wI4L7Px9CgyOwCWjvmWHye3Uy1ao2xcaGuKAwVW5m4dOouigA0ti+VYSjrjV2MjY6SDJH0HTwSz8WhL4R+Jau2ZlS/8kZmqRMeV1HjKgHTbzdYM4z9D7511uQk2guScAX3p118BaHryNATElsQVuLXscYB4FZxOBgk8fcPQX9Be165hZh98RYAsg65PO2qfwEwNfygUhJRcc6rR9Affkf1k0XBweazvLYBlIdVWEF293fqNtXFx64/Q8XXuaWpIWxdRegEq1tZTz1BcKjk/dmd0Z+ncWUqY1O80rIN1lx+G4lGItL3jinXQ4ORvmQbBQhoVc8G38KoSMlyCWgHYxSo9opW3wSSBipRWKKtGlGPUoPgANMadceyPk8eqZXlgmQUp9Dm2v+xnqS2kKQy6lWn7YwMxUM9WtQM2fccVddwmEJYsdgaTsmN/c0MjDirTvlMLuXDlDLEI/IkO5wvXhcJ5WaFr7VfPTEjPFS2f8gix6ndMnjP316iFYvk85dhUWD8RIvoJbOnZKYBRT/iUAYwZOR6BKtXH1VfLB4w8H8n013A8O5c3m7yYQv1GjOSKM0Fh8nlZYBFjm9/vNNBPJWgPpqVIJAZiNDjTlKDCYlK1jdLV8RWAoYIBsPlbEFMGb21F2HsJjwG572Fes/1z9j17y6YPUTDd/7nl3ZZo2P/9eH562/biWWfsSdI0c+oB+QuaciAXoj1LeACdjhctiriDyrSANgurPx7JDpvM52M+zR86LQdJpbqdF42krkgTGlfz3ZVizbB92tHs6/z5gaClC17gUYMBqJItG5TnhPv7yhHevLg9BxqWqr03blcdYIVN73Ti6gtEQv7x8S6BQHFEuYR6AQ1FB8DPJDlfcKBmBvR8CEAHD1xbdqBpdIojHBiVXkuzfIexUTeCJ+FGaZ7ry+ZBJsDO4H6CwRBsHCfjMKI7Yf7scYtEFOwuedTKfpDwKI+H22JBCaeO26nxIJlXJGIhoeoFzO9iOqCUKQ3yr/qEe1Jy6ED0p53k5L3DLpcmgMhx/5MAIWQFT6GNJ1rC+cg+ixu1F0IAg04NMyR8l4Xj5PHTFil8fTrepwwkm446eSzEn8zun/D7BTMjJzl6ef3nRGbkWCBp8yhoR9CIsWml7/gc4a+XYPcZqusNgDMs6NESa68UJjs3MxWFAcgMmf1UsrcknfC69iAzWAuvyKiBwdV8ocboaS9RhlQ/zPr/NDlaOn/M3eJf6KEkiIqjY7zVtPU6evz0Evk+noGDcM/XejK+r3ObWuOXy7KBqjVEoZ6Hc0/64L6o7NwGnIr3TR7AbksVJwvWCf/QHeosMllMUMaF3esNMQyvu0MTD/qIFTuTD/8CTqr1h9hhwpzKVApzJQF617iJDCb/Wha0edMmE7jyWriOUDf/CQHPxwCNYfU1657fymjbdEP8gE/pUWZnQ1f5ZHG3R6pJo1bjc2kN14oiUZ8vNagzORvZ5wLFz5Kz9EVa0CSuSemSK1zHju7f+z7OR9jePnK9iKcPHl7J+seFbAkubXyJ5Z2ESsba/DXE1wlFUbsieNCbaYPCDREkqqwSanKiSwYCiOHEXXadIMjW/hm50LEINEhBQdG9MBdo/D22zPZAsMz4ClsTIOHeKaaNwegQB1y1KTCsgsa+xgPKFK7oXV28+f7Jn+Xxsk4Hv5jvxp0HM9GLlwOPs8Mu3btJAUCrrMlH1oe5nMT9zS76dGp9lEzKDhzhEFPAX9QxZrmB1M74g9SnB9kXi5/rNzPGPk2BuDos/rWPs9V65P0deP9M0DQeSKWOgYF9F4VHajQUA6Ub9yQqI/zdwSu6VgFyq4rC+atNaamFVc2Reh9cwbiFYUyI46PHe7Esek3xOtPwkagRCARX9Z7JOwgPU6e0ncQ6/pyF69sD9wzAbCk36FinRlkf4Jc/3GmumqO+6ZO8+Cz85hDYtNauTW8BMqYPPXXz0lrG7tHuM2Nhc6IXPVtcxJl6tOP0rZx5qfAAYRJpulehv5qBk2Lpa/kBVfYq9EFAc9IuJDlQR0qoi42sQsrhmCF+SKBsRTTJ1eRPAWJmiN19536Ub9qAouIqv6bJgEjfF9DILbbQu9CsL4JGXsTkVyHeXRcKlOUvTJ3gTyNDhKgDb06c+hV+nOck3JBoHKXHNpdp23xU4Q53fPwbUMWh7u0cnLHhOjwnuxy5MvhfB/thqAib5+KLSz3zXL6LxqbNc8rWkVf05nKeRU6r8k980aG7Uc8NRDEBq7BAMkq1QWUf3Vjd+lKYC4ZEuIfCUa7GRvIMS88tBETMpTMG4tnYYszEKDtIH7HjG4dKip9Pl6r/89zYpn/+oyT8AMEGdVWrfXEdebNBjwVS/nqE4dKUXCVe4UtafFC8ug5IUwQtEB9Vp6RIePvxZHjuemsnmCx2FhG610RNZGT6Llo7hR/7kJnuvLt0b6f7a5Qccw8zzu8P6xNpU8OW1XLcLg9RcZdcWh64HFmyNWVNn7IPyReULfNj6gvFDrXB7Lk+cln5dP8Od/TN1UVcdYigS6eJUCIwVsyxkERvmSeg//WAlgaT3auoU4BUD+aBCcRjuz5bC4R9S6tbp0PhNzwNJwzfAmmZ8lNvBVvZGNGSO99i3A2cHqIPX6fhmvWUpq2IDVty98S+N2vhrLfmsTUTHwqeBhLQzSRKXMZsqn7BgqfRBloEqtM25jps0VTkcMcu1YA8Mo6sts5e/aCIn02Mwxx1RlNmH/PvaMYHXYbjBj9F/t/hWs3T0vXY36JjcMLdDiY+o5qYAA+QFTYSSwlCAP+eXcoKXbTnJwCQqhxwaRtW8QmBtgb8kTlIqCbKtNnOPyrcSoSLUA7uu2O55qjlJEhe7F1ug3bT6HrVpUgREuVY5kUK11IwQKvRjLOtBqf69HtD2ZZZWSJNWhKnFBPbDAkM+J4/73XW9CD3Sij9evXHUmCocdkURQMTyt5pF+gSGiJzYqXGSgmeiDU6UqOyF6MSfxUrOr3mAPiDX3KZM+Vvmm3MAVl69gedwOTsH1hg1wdcbBM/j3gtpE+g75hgMsPeOO6CVdb5gvLhed5+B4t+SD1IR1s8NGfmaGBR1UR888yjGEmtsKnn/BltFm7Fxee7WzRb6UPGfKEzEsBFQnoMiesHuPtdfyJltaQ6VU+DH7PqcAfQR9sFCJhLAwIl6QjIAd+gpdOEPsqzwscmphOvSHFVX78hG7Xea9bhmvP8OGVn3T96qjOUMP7Da9dUPoCGAeDYjPcfvTZx+m/Q29L6qJQeQxM8JIWpRccZ7NwgAr1++EIhjDb2Xx+PlKVlXkUepZYWCNMMV8nkW3Medm3lDO+oG+cbEiSVvFYaHzme8yaFM+ukF/o++/bVtOOVfQP2ikF7+6d1vPDVDqjDX7YvDEZSaxoTFh0vkL3z+E8TH0GR+WEdMcvz1tjhHpzdNPv/tTKFxvTrZVZDbltFQ+yEJEeE9jYpZ0jEHjwjY/KIWklpVCwTkzOstof4dX5PS+6egYDYOYUP3ozmK51Wi9X7SLVB6gpGcKsUUXTPQyj8XP9V7DD4xiGevlfAvRlRQFCDm2TdkNS30KA3w7R+Q+Er0v21ioa1NabiuBYP58t9EsdgQyM4C03CUGA0MhE1tLGmvRkalIKD1bO5LXgB97C2arSWXyRigaKwjTpW+NnqxQSQZHyMRucYRbEgsHbuPy6clxwo9yEnO/NW23Xcw4wgdYhQFOj/XdK5+XXNJ8wWm1QKaPQVF6lwsmErrUiyxvzdIPdvrPshRicX0fW1X6Kd/TcG3WfYzhu3Y1p5pzWKR9lKVQYWbPnrMLIbAo9zpiJa8lxEJKdwsf1eA8oC/bbY8Iav+gMl7Gb/I5Pf+NMcQVj0OzovLr13/EsOOu2oliGBEixvRbekFOTeKkXO42oiU8Lskw6KZH9RejXCO5JcBtDA/WDFvtUT08SQdZdOFjsUKNaoPT9uHpNiJHIt0j9hKbAZuxBX6vqdNJDnuLAL53hyilsYwASvhe5mg737RRTY7nt9ZudrlnxJGJrIYwoPv+5neGkHiSh8vHzfdNHGQAGHAXJrpdaFL6lhCyM/uj+Js6Oxks8SW62+VSVJdTS5UURTQBCWsqZqMzsZl/U+nzCkB0GpyCq7NgWCdJVs3xCP+3Sm80F7qHkQslNvmX7B6LnJWxYirGcmtgd6quKo0yxRPD9ut/EIxLjKPVA13X2fR2V8LDM7rvJdywR/RhzbQCSatjTTLRJi/Bi4iLw2o8p0gHB2qJNKDumG8VXKCggRXiRPXy3+ol8/3oDywkCODj3a/L9eaOA3bLdL+C2jSVPtppMZc4I/0Vq04ej/2mmTNpBtofEPrR6XRb67Ox6w5x6RMDX9ZMah3d9BqHlSHvCR2546fX9Enh9UVILBJ4Ytpy2RHWLIYuBwQnD5j1XxNtUTaCSFhXgJPAqCqtMGEI/g8F/NXfIersfRbROtgam/Ne06DkpnbhsYfCIHqlhmoZnBCqyIC4O3zJd/ZhJLTROqLCK5rDOFJWvv+RNHmBsm8gftk0gVPvHf2ZzlS2Lu76QWVapgWFQAPp30+bFxV51MovpAkITHwnJY1qshLNuM8NFl4GM9/oJssvoV0XlO609TezNTHbTq3t6UM3w0ZMCgyeKaa+12KBtF2hzhVRpl1fQ5CKKotJYZxS4bhUjdKe5P1xp5lPgnyQhTEvZLZxTlsMXu3EthUBvrefF4OIZEIfGgnSnFS6y8I2HgfVZQ6NazdtWnb8WYKK/3V0Qcs11SRalBn1dO6Dx4mJYqXORd01LmbUByY0g1Er+dINwhBMPxb3cHnq2LQWQaf/vLTsTYjCPJzfEHQQ/jukjp97Vv5y7yMalrpiVWJgCitshHSAVDnryUfO2m20BUSiYglfmxk1DRy2C3l3rTDsonrcL8PJAihKIsvBi7qNdPTL+mYUqo4nb21ny5MeYkJu/fGPE0M89Dq+/KTqKpI5yd4UELKmdvTLzdSFZ0RwvukngQZEL464KHqfpoduHNBoURnhkzH6uaiRuX+WZRsC/KSF0yqRuZVQwiJItox02ua3OCVmwyaojNJFAW8nEM3b/HdhkorOMhI312PuQiqDb893K1HWrMG9zpWFAW7VQbJ+CzCDRNpxzsQ6fQFQcdt85iM25NCkP607j7UzzKJRDVy+0FFIwnVud+EVBRFVRTXcZZv0//E6INOEYCtQQUL7M1wqYa1dCE+v4nptcg9lPUoYsCFMKmiIInEeo5ZK92eHMC4dHAWYyq5mqyLXf1CIWHVgPjb9hfZolOz/pVtqmZlWQlRm7JiiWJUUjblfshrrkkr12O4BO2WvyROHVPyQi/kibrsSIlBj34DiKiuTd2fx/TDQawlEHLhmO397UOFeJbegVXJcoq+P8wU1+DAx5N2hCM9PFme408DiO9l+azWG0iqFX8eixbg3/g/IB3M5CW/BI6fXvm7GDI1unjHHowoiOINUUjdxarCuwdXdng3ea9r15U0tgckKgD+xEb4SG54htpvbjeMvzgnGGA/rkTJenHdFz+3ZazdSNJY/9BfTJPTeiZpPdBT4m8Qx2DcQA3x3kNNHTyRdH4+8lLE0T4bCpZuFie0Tk/SNFhEF7AL87i3d7cUxxdng1sb/ZTNbegVBEaCZnhPHukz6M1s8XNPkwSxiq7+NYuKV6ArlsPvuomy4SuWUOTOaR6S1MY9AKHjEMmf2uV0L6UiHD0iIuZrgUmIcD+HdU+0zcxX/HYUv+ZGOwpKFCGY1At/xwDeB5cVOXQjXOgnwacARKCUSDbkLMz9RsnYK+brgxKh9n2BF87hu/2h6vMadRFfXu5F2kjxEa3SJsHvrt4TUkbN3Wugc3ZIMcCs5kj4c9DSIpW2yMdNNU/VMSTTx4TphkGSr+6As4LxoREypEQawGxuAfFQsP6Im4GaSFPIVczX6geoeClbvUOCWguI9D14xOVoNDY65WdOXOxZanF9kEJZ2T7LBFpac72fNNRA/Iu8+5fW0VpOTQBx7I6dgNOBF0ghMquwzFnJdhJgpHv014qp1nb0qAyP4K63sTSQ19lPk8DPV25T1X35ScvisqvjqXOJzP113aLczFxEt8Dn9K/HcxcG5XiWPXVbPs1YVy1Hlz1goymqDCWCJutoYhekU9/f8ULMnn1ddsh+aP6BJ5DjvkEkgtzHa49L1b10C/1pvD+p15e6aBQfnN+wNcxJ09mp9owwzRg+7dpcMPs0THxjENshL0lLBeWfJQ5hqJTT9i8efVjnfZIi4uaqFhTB1FFKNYOPBxhPml8FATVWAZypQn4rTGiE/9su8os3N70btp5tkcKXNtCQXK4O7I2pTzAnBEbiXedKhR1FFsnuNS5tVkwQOSBtAsMcA72tIOhor5v5Ob8f9zVt0ws1Yl+i4ebHT2kK4e1vTYeEi19kbQo3KBbGWw1//uEcFF20kOaGkWgaaFoVWKyjGyTfXlQaqRwpWrxW+vd8PuoNOSw83MZw5pR7mwI+BLn8rb+GigYiUqDktUqLIol1nYCFXqMlEUy3tP1gYaOANJqCsbxa2Vq9dVopU3a+wSSk48W4Z0nFLcU51g613AGAhxY7i/21SYulp7YffCvUOAQeBVqgVk7SbmBmQuD6vSiK+y1rlWJRMxih6dJ/uxw+/HIQ+f5zBHyXd5aOIk14JK5yJd15jBefBZYkDfOZUegPgfluuMPcqD47TRRCpjVDZ3HkUVeoHLNH0jDW+66Vl+maKSF+A30o3pzz8nBTD32xFYjE+HT293FMXGYIX8TBgZ9Y7rWyM3Vnj1tGIfd6D5ObnlDh4KrWuyQMFzihIN+v/VuN+vtrR0WKlxRMX8fFrw3wxzIn3y2Hqpjy4B8POhTYpRG/L2VQ3x4rAR8+u+aCrT13q/DnDXON5++lfeq4U1G++eM7d23n3a6r14CTLm3705yF8U4EvdTsSu33ZoWt2dOsPW/OIDppTujsuZHlv5qR+MBf53jdf2s+4/WhMfKXzQy3LghgN0RCWwoGfiKauMBJf+PmCmYYsOyflAxPoV0l+w+x7uCCtEiqIRfxNCyepcbZh21cgaiWfg2KgkozDXFo+b+xMdlmbTmqVV3DwoLnXGO/q8vGLPpBBJMthA/Y241SMlv69TpVPKKYa+uVqEy+vnh7gckcjP5JsJ91GgIXlFfFog7Ng2p547eCmd5WOudtxRhhTDFctx18R0KrjSlgFTN6HITp140tZU7TyxE30AruNDM0hNZwZ4x44Qx4eKkUuapV6vBsISsJH7PxyOmg/9ygCklqWamkZmlCaBVxwEjIKiQkbUTzK5mo5wM9zUHL3qcXx7CA7+ICZsUu7Neiz5Xoka0ozhIy+mLdcFkAii3HBv2ZNXOBo7yEnGnpWBY6lAvaFofY4PS9M0VQGM+LVsMZ+Oup0f5G+2/4Emwj6r7/WYsK7+kYyyYTZNJS4YG7tvMRzdfqmHwMDmxcy/2QnBpiHHTsnvMVTPirOCawZX7holNEjqJoo410Q9NYa7zJ0LnUhL1V8xSg6i8Bo0MgLkx6WhNKnIuXb0VlhqTHCVwEFmAvL5AiX1XlAiK3ZAx9rsbUmaNH3QbpymMGMeh7j5k+Gb5+OXhjzXclxpdI/6hVqrCks13R7SpzurODbgRg1x1a5xRFkySuBXvBldHCkjkPGm0H38rkUXkHzeHeh76hEDSW3D9MW99TC0BCqncaeAMiN37ty3S0l+IluyT5Oek8YIN8E44h33jWUb8M4beQQcas0eYU3xhqD+elHcDYjR/Olf6LL6utfYS5eInPkE/E/XH3cfhJdibVWuKeoN4w6A+HoEFNdS2ibXG6BvuxXwygVLLHWMv7+E80WRfZZ2v85RDQWBTUyfFEVgB8ubSEwHn5isYPYsdGkwJYseeooQgG00BQLdZzpef9XqzCyC9wZvBWGlh7w7Ht5zE5XQ1I/wXb5NKdLWfg6W5q0udkkXrsgPmT/FWCQlN3YpOxHGaVSGcuSeMaDl9jmwxF7lQdBSlOpgM/fkJeNnjh97BQ61lI9UKhIB/yIBZhEFacORw8qvhldefLhLrXgM9wBR5T1+TFO+GRS+HVEIGoydMNGDjsvNm9gMxbN2FY2iv7fRqC5nN2bM8dV1h6EM8RyjSN1VGY2CR22jktrr4BMxo3r0YT5ffEJZCUbjNqjz8UuND2fxxq3LBqu3CQpSjbuX/J6EFY5mHra25Z7RHfUgN6Emg2fk25SqK8h45Lt9qz+C7Q6R3VIvN4gOaB3cT4MHhF4ZRAIcYxGR2CuryeM5qiOma8+YwDtZaV+Gx5pZOkSLY/NbjJaisaSUfrJiEaGv4lvNUeqQ4DPUlEeOApdK0H4IOGSoh0LgqvWrUA5TgmAQjOTfNQ4W2NlsYRA6qSeOviCpFCPkdVPksVMxXwUkGG/x3fVlf2NG4xcAoEJfhHup2b0Pw4/4l7duHIPtMGVYHh8ZVF8ZgCapd5sMSep+niMRjuuzXRbL98UEjiCgesqkQipG0uvWqNclMhUAMwVPFra83PtUaRfFoXyOpyBh6utYLi0bU/o4rCwjLxC6pzPjqadSJivU2d4K+Lrnum7I16q4K6iMnKmmLBLf2LvNp5COv0EQp6z2qBIRhrh5ulNAtj0dVbD2zfCIBo9lMqfOGiPzC78TP8L+EbYrTG2ubcCNoC/WiGAR9oXMDBosFKMKk7JQnUgEAUDr6sZNy5dpFt+ZpPdt1wxhIpGiielzN23YLjz0OkOVGoA6igsTwPLt/uGqjNZql+QiLcWXhOoPOkR4840gy9loKzLTsTyFbGEh5mbB4QaTeNWCSCfGnnVnBHOvlSrFJ4qaDASuNkiAmqA1d1GE22PfEyM/oB/NBPukkSGccpBIAVi9g0b7aLwU3Oe/0qRrwQLjGkbB4vbx7U+e0QTkg0Tj/xUVo/LsmPSk0N5NcJv2o+Ojtkqcq8LdQZ7z+f9sPAX+K5x22Gr8t7IA1nvBPx75RlKKmypn03HLINvhRaKPzpnslBIGyW0RASIc1/AjPYXkzZhM3t8Z/woJNlzQF3dBXPMkUMRI4RzFbkBGFfKaNnFfBY7u/l/Vt4DR968Tde6a6hjkBhBjKitQpGOmCcKQKkjIi8HLHORShm8dfyKlxOoqWWDq7siBoaFqCFiVWXk0Ew5Rn343aNs/1r2SUFk1vtrhl9KZ3PhhLE8jV6Kw7SXhKcaZlB4DK60+iEaY1nGtzRxKnr5VNmBhCDOXN67HsvfiiLBD9qoN/lD6QspzdKmu7Ghx9ZBGg79v13Tg3X2ANbJD47/BSVWpmd7ihFCEQIlnRepKeHH/PAJBpEZcRGi8umNGKlqCORkV+G609QENMBH2H9SXpbDXkxqXeQU9rRtg/+eRJxSFfl9LqboD5druAAnsa8UitRA1XcnoscWDIdEyMepgVNXJvU4PJx42w08AI1kc2Tf8AdlsBV29UhX7PY47KZD8ekyTKR1i0P/LIYm1F+UiQDliuHmmfk0b9fFdH8i0S2c2DaHgXE2Y4h6L+dGbo5fDbwHS2xpd+RikSZEDwDo+ni2yU7va/yqdCSozHeBcd8h7TYcTI9fbHdXGDYdqpDPab1i7Xy1Fmgr4QdAhmKWTX/FyLxBhyd0oJAkwFrTAmi1IB+m0TH/AfpEOshckqeY+F9/yxNQYtLFTUt/jnx+PhpRuFIEviJkj9eGkyJuYVQ4ogjZ644lDsCWPgObtcoRIDGG769XCDVklzy17tUYUuwc7cczNtU/A1SvfanIF+cXq881R6xsd8hpvIwRv4xn2B7XiDJpHPwDTPgv2xe7sfllIkHOt6zeo0dX7lbkONHay61H4Y6B4e9NgM7WTBXmvkK6LX3caemEUe1LVGcOlt2278/TkVxvX3E41mQ07OEKarOa4uwG8FZD8FxAtj6SIBP6INs+FK03jH0POoPR5+iQpBrkCYrivdvVxyvmh34t03619YS8kMOT3MhcSJ+701axyZxII8NINX4iUHFpgGjbqDW3eNab4ehy41NbMKp94nOsG3YDCDMfD5iVmZ36rZlOLO6uuhudo86GrkxW569Q36VAm/Ij++THvnaMDEaxFsjCitAaYpi76H71En9fsgAUD/HFwU2ujBDtX53kGl2/5tzDAH8upktE1h1jKKl0OVQovpjutC6mrqlsse6pC0I3zoeR/lgjGcNiRYwJBU3P6dg9nQ3CNpcNDr1SdKEWN5Q6DtepgWlUhNmQSdtjsCdGP3ABHZHKqQaxFP5IG4Nce+JEmhevC8J7k2VIuqZVfVS8R6PAqypkbj/Ut1aPeyVLoKK+ccb7was49CmUqhuCueyUeCbOEnzG3HYeRpCK6jMZYEQvO+JOEJ+z2pA0p9gFB6hh8CsXeDQTK1Caxv3muoDsmE0kt6xUEurDFlQztXvLdVZN8sXtVgQTZjvry7YXb38RwApOTRVY+5fTmD8aj2ZvrMU85Rc3IzzDj0KuuFwgVavcsUkVx2lrvrBmvNXlogvn4JXd/AR4Aswu4ukM5j5/u3yl7FUvlKlalXvjV+WlXO7jjDQK77ZRG37l6e8Br+/RtRYef1G7UASGuMsyZ4nuLqSicL2Jc2a0/sZVZy0GiWYTM0S0vvQWjtp+E1pvTjto5rU0qRCKU6x4xzFn6FeTZzYwBobvR/bp9jfjGHzBrUBxCpggfwuXC6+0fZbo7WUtYQiRdfHRv30e73e0WXjg2ZZaRpy+GUaHg65dXlb+FEh/Q9mXiiJUz9WAUsCNjZLFLK2qFWkl8w703XXpWHxkxXYgimhnLIXR1/h5+kVOvfTn5AmiTU525k4ki8cjsX0L03tdaXHl5XmE1guU8q2yKerBy2hGGed0t+pHoYMP5flUOl1n9+yOKOaN1NlSbIBj391obS0viwEKZPrb7IEXopCNX0hFz+hQ8IL+tjKmMHky52EsA4H+n80XceWrNiu/Jo3x5sh3nvPDEi89+brL9TpN+qzVldlJUJbighpS86evejHGmtXJ/zX0PpK/5TbFtl19ujr+obaVRdxj5t1vzBJ1CaH5++1c7ClrwRM+eiKvQMBMk2J1JCmGFhUndpqLn+tIJ8UyiE5yZ2PWFIVz2oo1+yVT429AlpP23LKb2/0Ne5a4BhvhsXDQwbP5uc+D/CkW4fKsO1gnnORLPBG9C8mPJ18Eir9+9SpXx/dI6iW54Q2tCgb87r+4gkAfRW97bITrbIn7Ya9SBx71jdX70jWnyv8aQ/yfjTAh7D+zUunI8I0d4pjSe/OXVCXpWiN/HpDkWP387OeccgKKY7GtfJFH8r663ewyp5t5YTWH+CZB2b/85xH69MHWruITDE03uS0aE47zEPjnyrG/1IyMV9y+f4TOaFNHI/BTv/m7tnFQf7b90YL8EoiwyIn38J1CGo2OmnZlUjs6yKqMFqwbW1wPX/t0XCtWNpiuJQHRB3iI9DcX0FL5KrzTeqAlEe71WVdgKgQdoEqUPn1tBOfA9ca/5SS5RFno1wMBa79S5M/vKaQmCy5Lt5VwiKe1gZepUJTxXcVkGcftqOXg2qe8cPF8EsrihYt2C5xXTPr8jCZ9qBPMNz0v8xGjk8xmKkxXG7XHt+jqRsc0O/RibZcCB+MkOxlTFAzaPxfe1asFTj7VHGtwbELyzMks8ov8wR2Cwk/4EBTPccVROB0nn/zHkNTeVrTn27JMw/HY65ZXqFY2Jtp92EimmFW/UjXS7p2ofo5pAvlSD0NTyj5wv3PmSxScjhquDToUge78RIY/Xqm+lyt1htjSPJZep0JdayiA2+Tp+wuTRITUoBHDdg8EhvMsx9BDle8K3+jPV/aoKiu/mAX4U+JTfxwlxtdAddbUHV82i+oFfUd24tACa69HGCEQXIRFvHhm/mbvdMmrErbe7Snw2Q0dTEbaN8g6OVnhAT1FiXZ8Xdrli8e3c7w3lKyvO8VBtBq7gdoxYokrglKxhsfsFgZNrRXPIQrG9D2brPLpPkQM0vNegZs5agJMxm9A3O1fjUS7eDrKGA89UJ7TH2gketq1h9GYtcOYVz3JjnlmwSAtCTArb70e93R64sH89FwQzeHsHDVoiyfmNvldsHsct3WM7/utym3c5TObwEcrgNluZ9fMDlAWMuWJhO5dc/Z77+ngX3qCsAkB/C0gcHhDy4gWbYqm/xZxn3PcqD5eBiWZfHzdeg7xhaz2NyHBzPKSYVYSUaaVSlGIhtGJY+/aoG15eLXTAAQMPK3mZ2WHsZ7qRsUZNu4Ni/pZEFY/PGMfVnCC3cDzNx+0IU58AxwvLLZ4Zp+fyszvnManCWZZls+7ROpVYuqPQj6ebZ4/kL2IbQKVdmeM5IrpTUQ4Et/p5Xm/Oz4wkJB1vRxc5uQosRZkuya86sGdQSJY7kbnluZGVPHPbH+/LR5UXi54tjKcpCeN8siUeZC9kkQf9fmUGcIU0NIvHHLgpGvm2JOFn36WUg2Aq2a3IDmeTb0UxDnEBjCUy1NVw6X74B947ybTKas7cBHByolBVcbxfls4LPGTbYwXJb5g4CYN5uqi6f8m4hGIM1EEAIJB4ry5XTV+U1qSmat06S/L32Sgm8L4ZseYlPGCxZf/pLkiyF1sUC3D/o6uE8gIxxYkawUfEKcViyQ1wmK8oh3AzVfEUlsEZCheuDf4D8uMs9kih/jCu7C+EK5j/hAjduQMzHpsLmksXEnXWM/NXVvYj1B8b1AFDdHUoqkkLcl2N+b0bnvzoh4dbVKv6Zf6pc7SSrFraLixxBaq8YEAz0ddS6jTwIK1cjS+QdhvfbB8tz6famsXl5XA1+o7g4rCLWKpZGxyNJO2zNFQxw1wOikDMXSgCPHOSf8Ly8SLTcX/BnR95wfinm52WIH+C/k8PmrUO0hjnhmAJs519gZQeXUplW+SnalzNfhqT3OxM/DA4bdG0mYg4o/iybIJsCP/Tk2OF1B8XE2t87ahz3sv8llLQ2eRHQQ1PN0QlRejvakjs/p28Uq8nX6eQgjf9OYRC7pDBpN+NIQecqSikxvMPe3wAcB6m51lL7W3gk/3OvxtUGiuz9GdE5Dqif97Z6cwoqmSwMDhprtZWD2cFVD73pPt6t7o59ZFOwvhfu22WCLk4g9wJOVNKBlAfvhjTzfvjWeLY0tc/yqfW7vZpcsTKUfopg+uSxoU7y8/+tXyjP5B1A8Hp7bj7Cc+zX7m/VGp3bqjNPbUyu7n7z62G8AwuVhNRXIeCmS7OTHkRNNC9vf0lPaocYu/nHeRQCYq9dwnv0NjfoBaDKZRFd6UE005F/rLGbs5oQ/m9q9nAiBp0drTPo+WRNwNPALJb/7cGY7mVbUQ99DiF0tYwo2+XKcl3Ej+AZD9V9PMdlCRdrZ5jf9RBRNTbO0DzAdvLog9/lNCuTl7htBRa+kYxXUIbd/B0UYAuzDArCBXMtH1u7UsNjF+AoqCUUcBhr/8mWXQUeU8pqDtnPt3H4yhAw/D0Cxhzz3gvzAO9jxnHkd8O8zjt3MQ3eaQ2ICeJ01FzUUh5XwKmjE5YGPCUShhcqvKDKqELx8o6ytwZkR4VTo87IMOL0XG3ogsKeIjACRRx3ISYrbJW2tdqysOk0V2EbNXahFt2N0f38znjUYMH8RJeWGJMW5WdWci5GAymQdI7BeHEFK5T4DDqrVi4ZRgr6WIBjYOsJrwzXj6TOXdUDOG1417q64JOOXnzEkUyIDhFxSZjle32FKjL+xJZuQhscRPGhDIFLi9MDddDi+keKwpAuMY0mVuI7OJECMsVcYj0+kS1lCfERmo8tZKNfkb6Ux7qR1NFWP9tf31P+UN1OJS9IT8VcRaBJbbMPT4UFccVAD4x6Q+zos9Cbbivxf5No49TkqHO6s74gWGUmC1Rk8V7QFfbz9vh8pv9qjxZJKQZCxztXmR7aTD5YMa8haX/mkF6ED9ALqiLQkZDsFmOKE/S6K8FhLYgFqZE7XzfuVGHzPbAc3eolSoNYRbIIaEaDFlYqciyjUsOgoVZrK2738NS7tE1JW3qQbBR+ABM7ycjSApojWMgYZVsH83cCQWyWHYo6J+N5vdpy3NwDKAhTVkjcnQKmKj2hl/ienGjradmUXK8gfXYLP6/sET++BxCfEs+LfB/sgMG7Ky0xsg3XuzCUrivo3Uv4aimxjz1qiq8QB07ZxRBUqkRHpp3SClx3ZV3dDefh6valTv3U6L/MVWUBJ/na4M3s0ypfOu1VdnfhnnVZZDV1xA/EN6lcChamb7kco4v3xg38C8Gt15Gok+NjW4vDBTERw7YqE20bB2g/a5cdIDKNuWEWmjAmk+vcKrYsKhe7FnppLesBGAUvZpogL+YR8TC87irNipBgEZ3TojUXUZUo3aU9iO8WKbMUUI6/U2rSpZFUGQoS8Q6gPnFR8G82kAd6GS7XpCgV0Jb+cM6AMzlOElhP6e5pei+A6YLUvwYyxbbMLLWBHIwDv389QFqeJFrqqPeTcR17yePpIESrQ259B1Xk0uAuDPyxCLL1S6KZpu3nLdFttN1H6iXhoFWcp0Q4vyvrIGgEvz3fkQFT8fUe/BvIjCRKUDHH1JEZOD0jUNMq4c5qJl6pvBGWj1IfUjpZ0WEruPSobBgYSV/vn3JXGMtpUOqKhXBZDu3RUKLa1XWYKXLQu7yI9Ujn0FATEgIj9fA5iGgo7tvjqd9XHOBhuyHtChQjrJic78EeK9glJC9tlCFG73mU9tYzU/G5G06lVkDamVRDG7+MBBPjHiT/StcLkH5p5muYTVm5nKKWjpyA5joFsDL4HjxVqTAimthVElHry5ZrspviceXCYtQd3x/9AJpLU5Rm/8kwQCbbxBDO7auibAvLX4dj7rGJ1Zcwgw3WY0tOcGT0e4wk9+34jiqhFzzlH8vaZWoHWcyS9c52pdFW3nTaaUGNG6CIk9pkdPOxT5p0RYC2R2r1S6XoT/fAgJU4rJpAS0xeybcQvVgVCSXQ1ylJI76UXLzDcweTvMq3+uo3tnrJ4fQveWSi5XlZrlXllmOlmFoa48mS9XPwkgxnRKqyoBzK7PPJ6VLrVief3nV2RVdERPP4ZMZRTYHMk+qgHXAfJZhmn5BeAGIxaOS5ZLYUz8DWY0bF8kUDg+GDHeJqvgDDDwTGm37PkNs0ILfjYCQiN1bmWe3uoIS/fOb4BFp38dUl8WgUEm8/yQcbhazXLf+ZuKuX2uiGqfH0P9IfhSRJvxUm5IHgd6gaTiO4JqPyImfvvBuBHPg+cGGq0/muH3pccf+P/92eu4v22slSyjFVSXWmxllLRcEz1TdT9gNKYa027mBoZCbv6jog6S98nok2GSK0OFLuGUaeM4gzKda8HBGDFWDWrfiBJfX3uwGF18sGkMMwwWNKvwZQv/jbIEGVO4DMOgmphGGE4D7w+rTwjHxELKyx3FKtXDrarnjw5NU/QSV4Zl9c+zZsfcNR9GH685jMWndcknCV1c8+oLHZeIEUHbhbWT9GiX3plzbTr/cT0HqisIf9k0r+1iZDibKbxvc1Q+rfvp4/AcSXjQr/3/1pFCPDKyZH+zNfGNbIvtqD6jOhnsFZL+Mjk/i9sAkMLAQ364jkvv0H7b8rX1N3XmOgJ2ZmdoHHWdquxlv3djvzKAFlgM8lhsTOL2b8OUozQ3ALp6rVhK57AFXFkmYb0u8AGK9GV//ZMw6Q63Upq3XeGhh8UhI8MiBIE7jSCXqJjypzSMoO9+CatHnQO5j5uqS50tEdC+PFJuTylDd80Px7pLMKjdf2nScmN0rtF7+NGd2jkljMvP51IyW1dQk/l9p1hWK6yC4qszthUUNiN9eXIMAii0V8jBvKTx/Wr9fgLuLTWVV+A+DLQN02lErlT1oXPdP0tb6O/nj06MGKaEwZ2hsq7fT354YWg1hswAEjc0IYQxFyzs/bdkWVUQG95p9YU07ojEOH0YF5WMHBz0gB05Xp8dIjVhS7CMIDtjzRTQ28jQbag2pfC3F8JIWnO3gfgYPsy7tcvRmIdaNd9CDxEjSCvSTgawrIaZ3aUGSJr/vKoWTBde35tGy82yM39iJcHm68/vLgniejI29podi0pT7yCxMJSyN/ey4u1D/YDQ0MGSpGenZ3CZH3pQIMZh8geu1ZBqztsCOet7+cJhirCj4aKJrZm+IiTwnpMPHZ3Nv26z8e8PINAs0drOmiU1V2DENmeBtZjZVss40LS/zRUap+ISru+SxEzvfJv6kNjZdzThhZ5GjJPjj+5hbY9Xvq+a5wlFJdYEuuBMJO0Iq9/SGX2zY5Ev0zj+g0ECwddbIWR1hcJyQ6weiMrYL2ejSnS59U1pdALTTF3W0XfRhyrnFJdz8tpEv67Y3Jv1MU/5+10iJR3ljzeOUdbW/K13Hsw3PV5ZuZ/A1q2nB3AYUDPJBuOw4zCBEzF43nmftvh7lPJO/FFt32q96Z4VLnItE0jWkrmVezwYmPfIYzK+btB2pw0AFaf8QH4+l6GC4YFQGG95fI21301OuHzUUrkSeqAmxcOOe/bByTyYgWxQZiPwGFGg/Vn2L3sX0ZhTDQ8rvYm0aBcXYi6qdU0UtcAgrN/QbklF3MH8jFUa5aYIpiMJsQWCgNWQXPJQP/VnNiSVLfPKhbManqUfTchaS1i5GmUpUtt2aax6sq5eMP5G2chQWSFZ99DzGiKIxnOUhTFUJTj2bQvAcEPCwHyxyU3/AVP5HJGpgx7/AvmsJDCy3bgHJoyCg3ZDuo07y/1nBOAmrd32sWVmMV9dJhZ/WFyM3TixHHS6ysV2muQTpW9GrnUUASm7KzQNs+0tvpGjJJzzInhFjI+NsNZTk44M203MjXB552jTB51hr9dGONsknF7jzp1gUBnL6NrTGgg7tr5+Nj4adMlW2Vx87KMiqyoxYrtQHDWJODixvYouuvQIrRzKbo9136DyG/t8TBhN46tpdBpq2ekr48ACBzCyCx1El8a5lVg7Mgi16BRNKT5cff53FnRuPrBYlsvMGu58qHDLB6lR+5r0AWTbl7Wxai0UKpgb4+ZOd3GJfzCsbbihan1K6tOwVo3xjxBG5HMZCoEUwk2nS64PmXc9lYPC09oeTzCG3uRb6y+rBi1MESJTtZthhNuKlm+Vf68euq2AsqkdFHl00veaje+NawYAgIh5cRkhORvm2fsRb1Vysfvku6+AGSqFultZDXPVVRCHfty+AGW/vEpnnDEzcM+a7K+LIWdQKVY+qm9351DZH386cakiQjmPQhEMLPuOSxz84X3pYzjDb7MiUCPKfnsIwEpVug9rDBk7rBCk2PI1Iwz4vGJKrIpMJJXnz8aFUdnsRSpTQ4s0TgfpSXXQaTAhL0ng1z6UzOjZ6CbMk2A/fEYhIS2mT3ObYsnZxfeJypd+bR4VZpciFI/X2letgdBbp+H4Orm9iI85vA+ZT6UZHbnkviBkq9uSYw1jgy5liRpWbXhXQQn5khX6izs8dqG6QUT0/HntGyrwLojy8ioW0KZjm5XgULflY81TYW5oHpFpB66fYrujNTpEbc7lryvdsJ3Qz4NIvCGSzuKx0lEGSlvXlo9l+AJtd7qQrk8i9ia/xVI/P4NU9LkL1RD4K3EXj+5NGNuVOw4HmPrO99z99CWdfU6w3hf4fCRaIbr2u9U224xQ8x3BlGW+LpVFTxx4dI1oFYTKl5jWfLyo42aF4mPYgOJZvqUTU2YsohuRdMLJxa/8Cj8Q2CJtW/Dc0S3GECAyys69+I9Xq4tQCq+7b10H+Ufcf72LPvfQplo1Y2ScO7RZfofdd4iyd0NzV4l5bIIbd2pRZfdgAfkB05+tT/BcP8j/XbcNcVqgsn84eFnR5gze3ETcWz/qvWevVL4rrWVi08RpbnnVkbtPlCWDEPRT+kwo0N5EfMR2l6Tr8NecZx7zYo3B7kjKUqxtgW3U1tINQYivuZ57uTxnkulVgHBbDg5J4ha3oQIPPpGbilcEKtyJ5AHhXwiVsNrXpkoRi+rAhfTSUE3kycDSCx77++myhut3Wzqv2SO4GbgokSCKrHeBNlFLeVc1UTQhZ+kQjNmZDyiWudVoRymZTrUAoMvwrNJVVA2dVFIh1kYxsk9h5PYmjQDKOa/vvBixcgBx+pk6aarCjjNMe6r/DmuNa6m8KvgfF1CuCUj5XI5pJaiQCYp+QPsVhoHwMYnWk02wpkOGtMTboie17AFkI11vETjwd+VPd4apcyqw6L0ZZ1qHkl0uDpWOGRUkvcb16tgU7ITauXF8IalqBTmA73y/YwodlSoZCVjTWhfI4kjnUH5t2bmJVlJyb8ZPsKEElGSlKMsB0odshwsdJcLKVNtxE2eBb25v6YtESSSPAiZhvVu6MSGiwu6yYp49r6/3JbA6yVhea86nDCm12qFy3vedUyQzzfM+5pG2QFB6Cb4kA8M/xVsfh1MYwutEplfCZOVp7epeT0dvAn/a1MZT0M8M7Nup6JnbqVneRGFgHsezd2lr5N9n9Ible7bYMhfbHfKQFiVN+NTyRVFJi+J/iQzpwyiin7TsS6epy07nOclSoYx4O22HyygLz9z9ftREsZW1l1obfqJYMrXDjIr9E85KTLtEbWJrTW3kykq7XWAgilcyJhC9Bsmiu9Q/CWGOGTzvSfnS5dxJ7omZaVSumElLmovJjWj+LC2tRDN2hxq/ROJAAsE/oZ4KGfVeIOjs9iY8HJJfsZO4hI9sHTzHFL25kiAtA9RwAdd75Rj/6WNBgS1yQh+uCcwriUPts3SlojXt09Ok5V1XmuL1dZILPU+NpiwtFb3abVAT1oiYsRc87JNTOWqucaqQijwUFga3fjLe6C1VHKYANjY0C+15G38crLSUyEmO60fhNoSJV0ho+njOfBJ78lMwbo/Y+4OM4bDX5Q5zPS9FIti6foqnKi7d8NmW5U/QD1FSRgH/vqfoEPxOy388pQ36euhyXj1eu+3WOh9PkNRUBIvkzibKAvvuBgDkryQuOvrCuMq8baKXdGV/OWJdFRlv5mDHs+kJcNeuKY3ekViLTu7C376cWRZFzVodq6bizKrZHL36R+KrxYfZKWMfLiCw/i9oCQ+VkfPRWAL/zYTh3DSrdasZ1l7O9Qdz9ZGFyVRuyv9SWCVuX166FV86kABaTRMEZxUXYHEuMpsC/k37p6TFinDDjGDJUlNaigBVEW/UuUK5A8UG4P5n2Y4CNY3L4I2AzBO/Xp2712SzvaXFS8ufk8G6y/oSqgUoQ0zwteR2yQDsbeSFjaLB2AP32LqIPFWUZa2kLa10P1x3VgzjnMYt5RLUf6o6nIIK0YLB40zy2Ye3t+3O1Crr46mTyI2agVHQUjJlxvZjac/nh34xpqTSs6Hdojd+afuSmA9Fari+qRRxBIpUb95ySqXjVujlhktF0WGEv35Z/YFYR2rj8J7vFVR9xUmrQeJhfyF1Gj9t7JcOlnd/42iLzr1JSfl6jm5xRNaSYSHhD3eJuany0O/piQMz+U51GHozAmDIFyTbayOzSkk+O6z8oi8bqQHrarElv7eC77grLthbp4KXxVjiza8m8qQ48/pZyN7kbW0hROEeTc6fmNIWhx31vmRr9i0J7aWUzcm6o13kPTupovy7/jiQZy623ylqbUyhyBLFpEpHQS9DOosdei1qqPj6wpsql54oT6uCsKxUGpsar7ASPK5G/Z0NfESa/aH5glxru0AjcgdCopPo8wLyLf1uwKAJRB8VKdXdmCJ3bjttAO8/luCxKLhsDbdaPmixlZJIGim9FvmKzxDiubXz4XYqi4Cu6yoX695frlQysl2HI3VteFnnn8Lqf1+fy6fOyPqqZ3rGljeI1q9ktLPgLX4JqzSUv4yUDiQtaRNA/5QeIsHK4KnMy5m7+5C1DHsWwLfOuqJ8eTTUbDSyyxOV0mVCK/7kWQM+Y2NOYV1N/koCHJvzsLJAft7Ga6/D8NucHvTS6mVEEtZiqsF5SWlV7pOP/WvyuWX9yhMydGf+IUe8IWgmV8USXPD8ndkDAj4jl71oj/0ZCI0+pjcCy4xsog8kzGhBvE977Ck+tywb1I7P7IyUU527DfRWiDZQB/1L+FrEIfnetWtp2p95zm7rzydX9QHWdDIuxq+FIEEpa+vUFhuCNywWpuNcCl1NajQWsOvDuPy+WZHXAkWIXez7rB8FyJKPROjRpptXhFsYllY2ZHrO5OJr1OI7nsjesG1g8q1R0wLVYkmEsmFGk50hzUEcJA0QnJyUXp+bW83dqlvwuUc2oQWRdyqRx8IpdH5tdp82A1cjX5Iq4e8NlOoN1Fyiwq0Ij6204KZLYxQ+Eue4bN/4Z5C/k2RZlzjJotjuazEifC0FUadC0WIPCpFZUuIClwQIz/w+0hqIGDiF1DOkQVrPCrp29M+GDsyNGVY1IMh4V8fqjPHmXc56NXtRTCNIJyMPit6P17YHEBKQsACWgQcw6u/Wxwlxz2INRW4XOqNTRg1SVu1OvxG5yJ43DVDxw0jiBReFhPKxVn+3eeA8pvWgb0A1YDLB7qebBElTkqG729CzIsvPp6oNrCUOOPEPOXEEDdcHAK5IF95hPft42UAGii6pzKpyKTbTgCApaRZsIqTsnFDez17gv7Q80FdPYvRxnwfz1CyoQ+mMurdMV9Y/TBj1WI5X1P5iwlA19y7JJlvFqrT6mcMvpAw6aT0vr4r8sBerAnfFIKGhFyFEY9Xoh9Jw1fA/JhdITdnxlolEoZfPzDUfULrlyThyWKiZ+MAF4YgE4aQFP+ThBun7n3LozLFTLI86uwIMkQTkn5GFUxV8oxE6pmRw9YN6ktG9Kud1rfCCaH6hWFPSTAaKteNuuO88jUACHyjfeh2RYHfrUZBeYcxYY5X9ZUHJG8w1dfNk0TtLNm29w8VcAFYFVP8O1m/H2MWF/7GVJ+m5GDNl9Yk5nRAD/N4cywjOlJuxY9k/c0yv1INW1AfC1jl/1Sg5veF1T0See7iFKnK6ZMLPT1Xf9RX/OUL2/jYoNKNC68NScOfR2vzsWPeGKk3orFj+9QX95XiXscwOSM6JTPGEhFL3zVlmjaCErH2CDW7OzOqKV0bppABG9pEGsWR0K8wjECMBVfW7hzsgLs/AIbe2wlj01iAZG5Cw3XnnGukQuWMByZk1WByo0T1yPzxK9UNLODkb+AgVBnIOLLBib9hHROA9o39AKDEOHwVPdrPKCkHvqaaty1h2m3fTjq/dE8kVMRr660fFa4C/Wjyp/B8BY5DG/B/c0XzT6IC1s5y2yTNYfwMARNeZAg4dUdHadwHjrMd2UIwQpq/6vxF+7ImkIlpa2TKbwzoGpsBVRQWJ1RHpFiTQ76i3TYKcBbLdxtHhGeNa4c9R6GQdt7Ce3ml15DjrT6AYlf5zTiZayrg7dL5W3jm3WHHv0T3lHgthxHLfOLscxfmhWiw+gkD5x3QMOlKvVWaSmQrdSm0h95zGJegbj1pnLu2EV1Jnu2d/nbEp6uAv5DnL6kfvFaay4Do01YJ8yZCve6xJKqEVPXLjkTU+4cwnX5FM/GbuSc82aFOPcmXznkcxAjZ9wKwRptQKqQJrlWYfkhT1Fm717enUOigNRfJhdI4mo0b7TuCm7EDXGx3hiEIM65QvEMTgP9ckvWjOeEBy1VWe/dvVJU+kjEMX/ytxb/OvAA7S0kxKcx0HQ4MPr7kaZNGH3Jl9BgTe4611XMs6q4cn1skRPXOLtqgGq+fY/8aAdlVYMSA9qA2+sCz9WzkekA+lG+zyJvByTm0LZ8d8DFMGUHb2qCAucF6VOxW6VCmK2/uMmxEqf7HW5xBAa5c7pSVtyt0UIF+OJ811NixDV787i2JdPibKut3HXTBFSMVfvUct5BK15EwkOW+Yoi/aze0qXLmoUaDIHL3pHyWIYrk+vxfS/06mw974g8oDmHSAyCVMU27MAKf7n/8boZ3YhA2Qu6nEGo4WdeGl1CGPZUhIoJYU8nNLoOfgmeA8iUxSkm1E2j/tdaM6eKcPaUHApEX1TCHy5yR9bOjxwbq9ig3vBdrlcOkqxt23GihM+LrZl/VnhePtGQd1N7iJdO2UyQ4GljA4C2WKxRHyd9+OePv9ozjwJ8MTV7Tagj0+dhFmuUE2VTwghcneABO+bMYib53rj3GdcAUtZFncPWG1dN8EOhv+1eRsg8KiBVFmMUAjWQfoCDon/l4xPQwhvnxqtCWv8xPBqU/Ajb5GTLeM3oBQcaNWLbihTvdT5b8/FxrHmD+RaNCAgCYREQ3T10T1jLrJl/QI7I6rEI399tlWvV8GpJKgGHKa4zHmuvnIo4sKt/tOSGbLQB+CL2FoiQEX1hnZKG2RpFnUhlJGtrEDhc+kS+gzDacY/+qg1+4CX1JuazqiaBvlNcnMybA0aisc8GpIFdfti/HJwaCzU7UEBUxxuSRKk0G1saVTTc4eO62R6EB8Hgh5NeWknfd7SDtOvL7GC90PavTSs6/bWmb6VePyvNFjEgrRFe9KBvmDMPpSPZoywEm1twM/E9U+1ue+gmgfFwWISb//lV+XuQsDmS7i+RYYD47jVe9AtKGpvOCdLJpW1FFzGMm1MfZNQzAEVonCIUD7nTIKhxPBWzGC7SlU8fiQoIYFgIsiHUtS0ZX/Z6BnSqzM//Ij4RtHtjhUhHd0vzjN1vrjpStgu1IOmlkH0Od2e2CZ1NETlidnZFHhNHk+B/9MVlaoor6qzPyqGFYtk3kshmzyrH1a01oglSBI92lDr84L1AgNEbOHXX/YG0S08cXmTSJibYqCd9nqP5RxYmsUII4bCnTY4g56foT476kof6GuZt6cHv0lnerUrHHNtt5YfpsyHKjH/ONLR8I3dCexStsljJPYwvgnyLRNBF0JIAO2CT7RSb0UzC5GN2qHj08bhY4g2R5VZ/dBxBtQQJxuxdUqevVIQHNupX354sMmVQc7hdmDKjoJgzFtkopxayFyA2FyYb/K8F+cMG6p1ueX8dycGeJvqj5w6l88q5EE3BPTy6cerjs4IlrQzJT1RTIQhv5QidNvg/39jeBGueKeNm5DCAeS6srT0ryw8Jg2vC8+qAtwlbPoWXSRFjRi5SbkWsbqajoD4lq3RsChtfrgFCRz+Kv+ezEdbgfrH3/w18TcdXdyaWadAuBsFundCZ7Tc2tJ/iPTPDNr5La9eIr23CZ9UC2J5n9i5I6LveYobOOSmXz1fxKvgMofQ6Q4j2hLQHDiRGCWUWoDusDwJT+ctRh9L6a80b+DBo9ZSZxkl5qhFlnfqYge541ud4f+rYlvHW4GjlTrJTHxhoIsIU40Z0atSAJYaJEGnNsp0O4skpI/a6HYepSjV3Omdvku0Basdb/q0IDKYLdaz8T4sEoM73tdGX/jUd1mCktcVGFHXCSVYgH7cghn19v6V/vDHEn3f1//z+4g5AWHc1UWBbmT1NfElhM0+9pM48+FDGiksFt7PlZPYpfAswRSUeH+brO3dtjryRMuESef5/ccvmdK2WBwA6059igfhXM5VYgFyUR3c1z7FCpFlpg237AUE+o1qZmhuS4shM3wzzVgznGMhsrM6wkiVTOn02E+fm52lS59lheC32GdUlcoNbGB8cCKU1DQpsxLFxvP+sh5+NgmvNz+6u3XFK0DpJ78TKz1gnJwKNlARTtMlvA6NWe2vXVagDjUnS+sEnbcKhMdABX0FiqVy5k/7abgmo7AemqHS4vOxmTALe1fUmiTlGNydOi/8XYlNDMtO/yNZB5GCqUXqu9iWE/f1xxFwKjKMbPk1fVmZvw8oeLwpfOUYwpNzOFyAZohkR0kt/YMfcsq/LL9B20SN+g26/xDZZKFfo5TqSqP+HIbAdSAdo1V/nT35RROvsbX0QmsM7e1arcAtdVLzb5Yn2sVoQ1SFNzltCWBmi9JwOWtTdUzNW9swRiEo3v5toXpJ8O8Ha7ag4GsLQKVjDzGiOF6kgB4O/5hjmr0ceYx60gNOZ6SepV0tbTFol61L8oKVMIvvT1tXxCgsJIupbZ9fOFIbIdY3Mlf63fBSZWA05X6jn0U/ktDG/ZWhitRiVaHVyX1VJ/wO5fWXzu97dKGCHztXd0Fa7WLSYTaCLQIQ+KguH3JRbr4aFXqQdzn3HPjYjlHms+l+4EDGAShSuDUEzij0YcX8e0i+CJOe7I4R3RghMKMM2UbEwnymoBcQjv0ybC/r3S97AESCWFJ0rL57F4ghke5Uj5h/mcKvJdJ6RJYxCP5T0Jkyqtg+QfMjTgsIgXw0ZhPwZDEejL3RaHBhb3aZ4n13MEqN2XRU/Oi1o5L0R0xgQnMJUM6zNU2IkBxv0ul1R67pMXxvwsC+9ki8uybGbq+sD4Pqm6XkBQUXDmgerMX4GmlCNwdQsVRnWs8Q/fI11XjkVdyAXDJl8v0kvW0Oei4+X1FyN9cHQxKNxHbDqQw6v4xV/Nbu95nMHcEVt5YnPHsy/qBJMJh/DNn1k3twLQaYndTwatU9MR0Skohr3tsUns2Tp43bhqGQ2JdRx5aK8CbJT+S3ZSYfy3WKjaR6hb193hLSugeVx0f8WnOQRI/8ObIPfaSJNCAAn66mqP6U31+I+CV3AbjGmNCRa4XzBldaXF8Gn8Wdc3J2lknNGX9w7IWPVP8FYX+Hg68zADdcZCYfL3AydYAirWQgDZQHxpCy5hmFNOAaOgVtZzyZ1ezFqGdZ/bhfcxJWB5BCxsXsgJxlqaJAjSR/lcSswv4YSX5/QFqLnaMd3AGjIPEbvWyrxxm2fWkbYKLfoGQLNx9iO+owUlCs+yHsdB4Jhyv7/B2YwACY5TLflZfLmb2ldf56XYjPtpCQJQ/MKpXjcVlGNsWvKG9hOGG/gqVl/2FddKcTU960Y7yjRzwL7zYmk9+C0e/37ogViItFVl8o1n03+yyUFXV236+h2DXds8xA8Xq0ndUXtxnTDAct29QcceghG8odMFGSTU9xTPs79WQ1j/tIwFc0CR4JX/OoLJ66NyUGoPyN/0O0Zbv6IivUbiS0jJwshftMzQB8UtikHBaRSchRZvu65YIyVo0U5VTSIdwo8VrtdyzOGTIxFFRQ/6nCydQ2PRPHZjHdPB6kWTPr/RrdIHrv/TPF7kgcf/OXCtgfmnp8RYM1WMfgP+JBYtym/OMavCnPhrXHc8v/GaVoMhSxkCkwI/0g6fZ/KPH2e+B8t7FgXJ4A5kgHDC/Eozj1mDzd08CqUt0UqdpL0N4b8VTnzYwMC3LIE/F8RKuo4IAJcGoArQkNXIJrJ9AjcpgpbVw2stIwjavmxNrwZxoaVMnFF7JW41rWedjT0LeqhemXq04b9qGRozGQKaOY3t444uOfK3o9m5I6hW8vtrwUEjviSxoAn/Kltf2EVhYL9kRs9Jg21YCM0/5dxJm/NHa5R+7oECZdm9jnqXA7L14vqXGW8NdUMKxm7sHqX8d/+eV7FqxdG2l883r70kzPGhr3z5M3w64iPWVbQmrPBqMiUaeH5VD4E69ODwI7T8OQkuvadEomVFR290JnjJ1gP45DilUBdQ4DvHARNvRo3s7VwzAaQaTHYgC7FzjI7e07e3tSKXC9+NrYwUtnO9YYBA157IInXa89nwJ3RgeFMM2JhsduDQWZoXTYYcBP2fL/IhhBhzbGZ7yGK/ru+9l8kKopj+3XUhN7gknm8lnJmxwDhFfh9wd2F7HjrSFMk9hlQEL7Id0+IuEhqkiCg58SKUS0IpUGdAxYRTh1v6GliQabIdS1ly0PDKX0DOMNNFjktNvlwGjvPF8ew1+7Bg0qirYnleKJJflL9WwwaB+e8oLhS8U361miDE9+MbEoV/bd+0kBaFEGG5HDbCC+/D03Tm9UlW2kos9Ix2RtNyE/y80BNVn8d53l4HOfYyu1T/FqVX0kRn5lSJpXvxL7TxhY7nlAzV/FLHqsqRLPvsFX3LZpR5LdOQ1CyymUp+h3aSfNRxtKApadAPON1emk4tz7p2uIGxkmCdNh6Elr3wwZFFaKZyRpr5ittn2WKBbNzX5tbs1wcY8trSJhmGscLXUMkrUDH2lnXec1d+ZRw1uUYvbQ01rUpAGV+rqvROYZ8dwLst9jBUvygedGjseV6lhS9QKAiUdFhwz1hwnqNKGwHpsR711+OoODlmR123QM1vCD2ddmc6TrtwRXZ1TtAJQ7wJjuv/JEqmoC75ijm5Vw5ECijsNH+7lkRiaYni39stHF1g3jzU5a5TySykoHLJjaChCBbza3edkn7m2GjSrlhQ2j0/WYZvp9REIOME5UIMio6CJPX3v/sp8BXDBKnGtLiY541+hJ2syaH4GPux7Wh9O0rnl2hEDQ7Rm2RAS1GDesBN6/4FjybWPW2XABFLtI9E/lEuwwUwIcs678YvGem45W/3nALffcXzSRBFiOURE84elMpWwCVQS7hyGqgIl8xxdGjLKn429lQHPm2obXjvnuj7kaWvK8GIKt5FHLtgCJSoR/twSr8+MDt+X9cfOpKwAOGa2Y9Qd1eEfGxmPWlA2bcI7N7/Q201jA6nQHD9ocx24gGPjRHimE7X+56fgH9AlRiWr7/vXB8Wqg1BqUmU5hnZhwBslq6EZajorPOqJOQUzglCC2B+zlbxi/CsUtel9OYHvDD3OfcI8MeeDrp2FkWw+GPZ2vt5K2uwxaq94KE5LfmN6OIaCo4E+ZqbXHs06PiEWRavs5frLKtmhItT6sR8/W0/9EjxIfGHP+HXeLWVFS9QwkCjLjnkZ/zuOGrby6vOdCrDNypgU+zQJ875n6xCLB1w8WJASlP/acptF2mzpbn/ohNbKq0g0y7qzbd/V97cCtLx5TPFCND4HEXIe6x8iz/T5o+G+W0n4EKtwNX+sJJAfp6ptVLZRaOEjPNVKKJPKVL+vIR/nTqvX4DVkSo/ibdfPxhiGerMhT6lfqjBIabdff8kXLQ3K3+qP4bv3PD31TAkX8Ay/H2KgY/FjFfYEFD5f4PGy8vA7jl7E2Slh4d25bxshYZHeWfH90e//iatqqDzvpyAKC4EqfyOv6KPHlBWT/zt/uBtG7hjmAp1Hz5oWqg4aANWwxCfJGMtbRgYqln1T8t7BJ33oud2BaUlR03vVbvXJ+HMAMDA68iUkkxzW50SAvr2OpA3a+vxF/C+kYToBh/0tEHwoO0byUTnX2Ost0H4UpIcvjk+9ZJ9QQu/GxUmbJ111BKkEpGuOrc470qJ4iaZXjn3StCCCp+77gZadsVK2bSMR8xcGrmxXk/5uNLvn/+AWWSYLviiQQEpqUj0XQMonOC2rgttghrr4wOjKq6Ii+iWG6QmJS1fr5K8kIeDhHJkSuvQ4dPTNDutFQl/Gi87RGXEcxHZ+QGTwlgtZ/I37sS6fViRE8Cw+K2dyFlzUQIFm58Z5c4/x+o7T0HOeA37ADz733Klu4IPJRLFkUxjI35/XQ705W05lHkRPXADbWbyj7qD4NYk8K+X/5982Hg6H3Emd4S6KwSf5IFfbFG8oO82g2qfN01ucZcmqTyIMF4GabQyU3reoxsbQqoDP14iVDn+tyFqD6Rh98g5BudQTuaLVXPz+BgYvy6QGn6XPX1BJUnIAos1OF314SkJoUstvHPPWBQ98Q1aV8TMp1pd8xPSj5g4v74TU/KZJv+UMt2+DuPzw9loz6OgPs8HhWM9SRxL4GtpKK5dF8BkoIs9YLXYjvyYnU4EU+ppwTgWusITER7g5ToS5JndUuZvBP8qvng1h0YhWFd0dofU8lArWKqzco2pFeVcM/Ynth8IJlxLZDbfjgFhnuvE9u4wV504TDdNgfKFVULeqHHfKFF94Go56/nuk2ZceaLM9fiuWPOyqYZ/Jag/lHL44FIzu7+0fH0Vf6N3Dq46doFGUqgB/LUPqrGsvmqSOAAfOZ73RBLA6cFtP9pIV5AzR2wniPCBybPOmWsNzEPck/FMlxBNc1sAq3/Mij1NVx2J1uOWisaMSdLfYLlT5V/S8gpjH9z1ON83LP1dAsGgNb01NQKZMx5glGclBI/aEPqO+IS/jD4GbIh4A9CjeLhD1Mgv7rz40+YD/Vs7z7NJTasprzS0s5/8Axl8qcAxgfigBv0nQWlSxcNKa3Ta7Z4UJVG0bHO812bIjhfcTfxJAdkaN+rvbyaXlecZP3H2eWTtuFNOJ7thviwMN2cOAPx1DCaFMQ1fbJaePRKStbLhUzV1vR9IDYGdfDBM7KZwip1J6TsEvb/SZcyM3vaS0fxTMwmS+P7LGx7WY2sIQf9dv3JSKNW/RZjUus2D/lJwvgVrevTuShM0XlT80oC5xAZvps8yGVMPWNFmjujG3jnFzE4RjOASbR//sWJGeKT4SKQaTqCpK/sDf5zFJSX8Ze+/+jnukuQtjj99v7XTAzM2wEzi9fmrIvNNuVaraom9xBPsYCJHapi8P/GZJ56Mmdp8/lUzYkuRVB9ARHZAEIOP6oSssZxTBqJ4hD6AMTcoD+MUxXUjnmsZyMf6PHL6zPfQU6rZns0yzVFghJubebN8r7XPLFoMrgQmERTqarcRdMc7h9r6+pbov0vVEhddpkO9hPgTh82QZzrTpAR5Els2sinUY2pOw6PJ6IRltZWg73q+pIB20PQjLmsBPszkGCBV33+nuCdyGqfEhyFFcrjtnhynQ99WRFZoMQwdCAa9udrb/ThzbPpx2HqtNQ1UBOBXyt5sV13vpn8yV6TaTkGPTS1fFXVgUHAjKtd3pMevhDCsoBKtsFctVghY6XGW0LgwvDPH1s/54mUAWvnOO4is/aACCVjJInIezEkOphXkI8vk8QRMkyH3FS+flkBToHAIdFQBjEqImEvreuHcb5Rzs/dBA0AX9cJc/TpLFcSP3E7qvVmONr4/B4ZBso9RqPAzLheZ4RP9W32lkf6mtL1gf+kWfAFJJFq1PxrE5dpXYqBi+zMTy/0aKuS+2QPdbLAr4nfnVx3/uR74RmLMHisDw0SF+ejD35VfnroreZQ8LXswgv7+NC+7jv06D92mAP9wDWW57+nU+FZCRQmR2PQsMR1GpuJrhSh2HGSPa3ZpJz6KLA+vJtIOSmcZMNRb3qB2gr6BS7W9F/Vl5cZwOxpd36DTD/4r1tzRfE0/ZL2gBXHsNSI1tTR6FGItjM1pEjeHvaeaonzaBNd2zngxD1qRuvPS9O8RgDXbKmCLSVytA0WKVzloULRgETiHIihkjmm81omixCeXa8YwWzVrw+Llu256cL6TnJnNR0Lsw2VV/6qXfb4fCu/LUb6UtgcrPYHq7Fue5Q05N8c4IL9BUpQpAnSil7bQhuKw9g8Jwb9ZEeC/5NqHZg+/oc+YJcn5/d0tGwPyt6lHVTAcmXIxpTkTqQ/zUHie0HBjBChWgQZ/WtZ6dK686B/rk91P6f0MNXvJP0WNxn94c+At+guX1bzzs8+rr9UqeSAYS/CLwA5bZcwtFtqtK/g1jXQY6lFG9VKBevlGNKs8G5TN/5h6ryVJlWBL9GvO4x1DJvCI1omWb2itSdTXD1G9z7Ups+6qIitJIMLd13KpFKWDrocx3aQHkx0q+R4O3cBc7aVuE7h9B5mg7yX8WxCdn4L6W3VqfvN1eJtf+3kZrihaJyGT7VKN3OVEWs2PBB+WS5VFO/0yLeBT2yvRUSSnkvPiWIIAHhP80AQbNcKiQyfAC9K0zHPsoeYss/2LYac1pDCFOpDYVUr/RbqKXTnQbn+Qakb4lVd8FzlXtNrSwc0Hdc/DkPYmHnZOPNbFuYmRbiZum+uNL7tS99w37V4XWiIoxfA3sDM61cQVDJzbWS+v1fb7Mi66Dol4ZozB8t1CpFoE9F//KyZMhyfUrzwp+Bv6he+T/B3DIv4VF5a3hXmmx7pc2RWOk8mTyQzfmFXxoIfkNL5R2yM8BiSkyQMZlpsr0g7P6YPm53XCqSMKrK/Ry9bODVF6zPRXqVQEdw4jfH9TyGIS1XqW632baqspA/lIbko8eUGKHSsDtQL+CQoHlpSXIkXVI5Z9NTnpJs6qhcRDjYsp8jJsYROlxJwzUHC20puQkhtbdmOjzH5zkQIUnndIUKGS+rmH0+l966CWg+E/ECrTlo9Y3nXTn7Jq/FrDZh04I4NFP5VwBBQ7Z0+hqYkNDuf9wvFfGSiHoCxkswvKF/DXXPzuCKlUu6EiCW29toecP+osCPHEfEWbUYCz2lJvau8LAMYa+hSo+xVF9EsYc+PBawV9mCgRynU7e68vP0XQd9WlDy9QPb/sMdQAXU6mGfqs6o6sioVatm+KfIHZQcLxTZ/TESIm1830pBbQY6GeHGauEyH6at6ad6mS2HNV2kfq+xtgSyzDB5VsPwZxhkWjhBvpM/J0+ddK7Ec0MQl7I0bp/L6TSq91M/GWfgn+b/+MOHzoQYxXo1zZDc2fTljTks8N54dwGEcZaN12T0cOk6ca9QdzRe57fPpyI3B69fFovGyw87Qx+uEHqBOb0ez4mWXvohfksp1sMQKhtciHnPAcn0lLjL/zHzzcY6hwPIHdjmN6MQLN08X07PD34anNjfkexekEYHxxMb+IQUdi3bhMU++rEpFskC1VuCnzS60jUcy3u/sbUaytAo2eZr0Vh2Sy1v0zQkIg7WT1QHzFUylFnA6ktUc9Ccf9uJOaPZ9DvdKM/84LuqKrVAtaDCzivEcgvvxJIrQVaM00ryWqSkbuXnTOGX5mxUrdtmpeP7SpSfoNA18/JLiW/sxijdKRD6cfbvXw8gYglEh+RaGhYOG1udzvG30qyOxLfBmCDqUr4+AJ4LFV9h7/g/ioD0O6V3ntZfc/qXtuJeNTWbpjVeCq+Dm7TuBxIo/NDSZi2L5kFUEHnWEeAGPSvTXttq8Tkqo1qOqHj+13Qcx43wo0VTIcrrsIoLtlmFLGy38ijSZBoPOvAPxq9w+LOQ7PGlEaFfE8OCDPFKiXwhcOzmwZ3PtZFe8es6W9RloYo35ZciRlFy5DEYs3guaukGZ0I6iNaH9qJvSLBSySQQr8Nyh+q07XmjhnyobVLVXD6xbZqVd5ycYo5RUpL0QSzWGTcD8/JtTARXuChudKO7hU9deN/ziGXYGBwEiV/dfXO02VdoHLpBSV+tup/R09l3O6tf3Bj3arPhtb6Suj+OUpuJicGQfNSUdCEXMhtcPlZL59ZAG98WsOIc1FeFyjKH2bSttfcvrMWckkhwEwaZ4IlYwkCZOS+Gcn7G7OIGQsVwj1V1UqnLzJid2lfV+k34GN4SJY2LU8w6l1hwSCXiuCJjeTvno/5ztoWOY2xDnjS+CSkNBbT+22FU16mMWUKmoWzKOv1iLXnTiR/ME4KvB+cGqcs2Io1z8UdQGCBv4hYr8LPeErhw1qysvAfnup4Y1eTnnLyUZkXQzFljAeSfD0fZdI3dYSaUlOnj/r3ycAvXgEKFGs2f96wJsPVTq745+VxCRFiaB6ApJkRd9RSMQKYbFCKP+IyG4OvXT00ekVyTR7BXyYbBrD5CuR067HiN3NzkBgzG3J6R41n1yVPSU+WeDyWOOVTkYU7rKAkbyeLtZXU45WY6u6jD6/wO+s2UzALaox6yzXeuVCISu7usWUgv4Eq3wsr1Ya/s9LAOqMeUkbnEz85TC4XLM5Z51nRmmooJrNN0eTqo5ZOoiZex+VVvojcnaoPt3F0Z99TtycTyOyej5n56I2Jd62otVtun3FPx82zGbUD4wIEawsp9LreuU0xIMlqOmKW+ffX3zJBK8LD35m968Cpu8FNEg2OcFTFOcXMsbLhAYiu8tsT5HvaYnlQtId+asl/Bdp5ccIQQICf0HGuk2qLFRfjI0MsPmy0e9ynhb946EDIz7+xkoROVBaIVIchuQL6Az9DDhVFO8X7uZzff+N5BL42mGprqrh5dvexe7+bN1nbqQw+AcmE4nJaSb4wffGwb3Z7U0l6C4m9PVabv6Z+wJTacuXzeRIPe7HZziMuXQuo9lYaCLh3r4I2Dz6MGkm65gqB+LvUJUxyrwJr+IF23P5cjlYR9Awg9EJiY/vZvI6+IQ3l8q7KlXUlYNfvJuvSV/v4E8bLzGOOF/Yl85kzkPaK1fAExp8daWkRx6+8ig5Yc5DNJz9PByDw2odrakWIr1djGgYFihBiV+XWV5rhA0ynh5j+LX/1RbeFbE0nXh2g0Tcl47pg6UZdCNwzCr5Z6UMbS3MknNGPPtK1Ustm4r8ePTXivrZM4YRPPoqzXfgScjW9llXZ1a7zyO9jCXUTgGjjvDISpc4PR00OdTAMPR4/nbKml3CduFbDDA44zz1IFhBy8FqLznxOhhcgcybk4s/IaFx8ZgqT7OuZ0dsVZxKA0/MFsyeLrL9r0hII2YKmJmblW2+85TfZgyc6eW6bBtJXZ7OJjJWSVZCwxJ+sMqIl8zqQf/G9fJeel37alS0uz5dp2akuYzmrakkFypvlCmXwT7w++JgrC7xP1UP2ST6eaweLfsA7nsxSmIbyCSratpI1KwMxzL4Dc+ueRKdDE2RxFOmTlDeMxp/J/ePa5NYoZaKYZ8/svrKIZOdyEt6nunG9/zqPRn0SWBgZP5KNJ/YXIeka6j9UBwXvY6WsmiJqXuiDzPwW5CKP8LrWJFq7YwRPaBd5FfTSUBfFRa7GX0NW4c7ofcjejZ4DXb349HuxaNoGkO1qwO3IJvmSiRjCiEXAfuqofnwKQZECtlTIVd6sL5tDuMfMWDxvDMBP22DCO0Hj4n5gbNEbRq0Z6gqYfr8QpC2dCELAXLG21w+PiapD7eNdBK/x9ckE1/PZ560IHY5JNpy/kuEU9jlb4R7S9xkpx+5iJAR2F3q1v4WobLwPv3XbVaIyL8J98j1+eDv5akGpYQRGdzh3kbIhH/TEvpLBMQmDmT4nb+jKKa/rl4MhGhOHNwg7ccqdC6sjyNUoufOjpJie6TMkyHzUU3/M7CLL/lXpp7FeX2fUvqmzjeAJys1/O3A8pDTJGkYbl9lupMf/QwhHB9Awdfw1xGPtaE0qdgPaMFRYP/SYNc2+rH3wvN2cZ+cDEuBxFs9Qg4/WO+G5N1Ba6KsdIvVnFKXN5GS1Mus3GckbVeyQY1wM9l5XsImTMPwx6QqdJyvBPa6XR7J/ghuJApHynHOIy09eSy4QCzM7oX7i3BC+LmA/FNLG0Sy7VabYz81GVcd8AkwhulWT2N4zzHk710Cl9Kv9jjoeVROMgZ840baVYtM0k5KG6g2+BV/7QBRHP1c6iBkewuRAcC/Tyu/9jiMx3LgJk/yEGCOPrSbcm7JsF3aVVQBEEEoK/ckx+J3azeGhl1dOXmrWS9X+KFaXJZMBCEXQKD16dPe37ik4QTVv8Q0IodP/6geXSyC1RWOjBjLZ9K/+Vy9C3AwwM1HVkT+FhP7x8PslOctmq8w3ePkfp9w3mANQQZ+KiGaov6UFeziFW66MObrT2S3yQz+PSLkkYNs2hCWvAxlGsAWUj8Kfmo4Jmt5wDtcgMIHRByaP+MQ2pfiKssWNzz1NoQx7H+T8sANTELIRpCv2Lh3wf4GooTeGeRUpCn2iG0QVUm6FENwgMiYmDxXjgb1vcuUysbA3tWNMga3667PgnWgkaD/KuulR3D51yPxvqK8kL4u2OpqO6fnOoC735D0+1uxUzdtvH/pFawNHAcpwL9PerN2sIqyweO7RFytcbXzl7YCYJkeLpuaL4/x7RhnXOkSI8tftChdf16mpxB0lKCL6y3RTU02L+0+19vQAFaVuz++wQ09Mhblwyi2RAnuRiycLySfCN9ZuZ552HVAksp5LkEDylfxF6iLeiBWq/a73sduZWMn/qIz7KptzZYw8caqWYLWktnfNpgm+4QhUwwvXbIitkN/KCC0aGg0MJEfZMxe3tp9GCMVqaGYQo3+EEfU94+q0PAwG0eKAHfJi6uzzxX0FhDyNHkoCkY2D+3X2iP+vHDMfX4+onmY5jGUhGmhZ/ozJWGBIE1zNYpjN+FDjgdoOsdYr7QJtOd+Zs0XzfB5JcG2Mzs7xtKwjeZjC3wsCX9dWxo5asbCBfKwAE8Ypj+imq1Clh6oQ0HKpU/R5X83ifas66vAZ6ERv0p7ASsxg95sK66x4pYUfxUg1AcaEHnT679Wf/Gh8ZeMgCyl/rWd+It8LYbEs5U6ceVbmilcExhtjOFxjoZyXovD8jT1HAWwvSm1lp+5yySy48NPSLKC81ETaxK/q6CoVWEZHN/2SMtgZQPGQCxaQhsWdB3P1FdQIlI2i7x4jzib6XgkuimlZ0VOqGLUHuEji5FBdcBOwhR5hOVn0CmirE8v1ATC2krC/vO2seQmQl3fGPkorx3GVpptfP62yAmBpjsXG2h28GqdVrAnzBrXWslp2hzEZSxywT0L8FQVfelYJuAVMQ7A3IbHAy7wJ+5ZVRpj/miZ5DUkoviFGfKMU26u+TBT8Xfxj22a5oVzBKydb94OSiH0xZu5iXfnrz/u6CJ+mnokanpxFha1HFijE2DoKGLcrDlriNxzt/sHX5pLusLZcYp8GuvmK4m6308g5/iHyAlEGvBYGXvRZj+QKz5iv7ykpS3ZAHLIdvwLNEBYkCPwy5Pni+FENy1xu44ERdNx0DVwxMCWtxUBmQWc3V1w7nv2SfrcWK7/YeYZv8pW+7IMPI3qWPQSpaGfRGQCPfGEi/Y1zTvXijI/tWdImUfYcViA4eN/UzgQipjMUPJruzDCu8Nu4xbYKx9QuCWu7dWpi/D4IR8Glov5i7pldc3N0TL5OiiJFRDV9AzDk14q0BUabKFV+exUU5kYgbP0Xty8WMa62fm2AaaHJ8dLO1CqpHwXeEw3DMS7qe0wEzMgUZAvz0yn10MbiePn9Ffx4dOlK1V9zlUdJQvebzcKevQqoW6/vjHoNTm+qivT6LqnXtICTXpgUZs36ru6wILGv1csJgcw/xNt+xURmcLSRE/eSy6nqSQ0OnrPBfLtKdTq0W1Q0BRZEEWBuygHS8kuAOMypdzOYAb6qUBG5kHC8xe6zZcdS4woJFyvSbMUwFvQ5cRj1taWSTG8wo2U+NvyYoDmmOJbe17sIqGjdMAjbBjZemIRBZQCGKn3oJiDHOlx5tHnZkDY+TsHZ55piBE5dCYontUksvRNvPOjNBANPNnPSc004JK8gnpede7Usm5lyMeeJpi7iqXhPt49hm3gb0I8b9M2bGK89lccjhqkofHwV1y3ANVlCbNV8ZMswWW7XH5N7CEvC7cEFpPcw4T9jICvJSc05+1vKuve9kH0O2fkU+cHkpYG9I9rEXKX2xBvyTiMQo/3FVF1R9ETfm4iKBlD/lET9VuP6Nng7ynyqlKdYQj8mDliuO5V0jyjuXyibtMci+Vk+K9YBeNfH3KQ0wiJP7b1G8vUIhEcO2823DeCMWH2ExMM8e1C4LaoQApMbO2/uuh/7ERLpGuhXASDt8DtfhOfkyI+n+dYuW99mBdKQt7A5Uf4+yFpiqBg4nz0lZquXHLeYhRK0mpCb6oIQAf6Za09n51y1QYe45w+xUoWZBMVa339oh+EfFoXqg/9XGhitSnRxKi1f2VzV5HdLmJtV80JtPzSI9gJIDEySZXXiyKPoloe5OK1Gbd13FXTZzr5V7zxL6QQVpcC/EjDAK+4zWtXGjjDM9f9Pd8ClQXAyPo+9F6BfeqGpQcJ3CZBGlQnCV17Gh2h73nBgNFcV2euqXneuNSxsbCxbTKm0xD0r+A+Jd1XcEtPHcWhGUtVpbJ21b7knYA7q9Hf4IJe4LwP/nU/ODczgXG5BDWkQBeYfvxBfglBdZ8vd/bXbLCVgTwk9Nn008kbcgy+Uqhzz1+bQjVWY2XW5eZ7PI8AbVLlQSSyb55tOawhlV8fIhsd168Ku6zskiKTrff7s0fAYVduQz/F8cyzJCGo72ZJWe1v8o9xmK5IQvmvGEz3OTVxaEcF8r1xr7DPaQnF5ChkwrGcXmmtKvLboczYE4sqIfgN+1/aomxDIPxvNNJQmix8PXW4CcRZeg/cB9PhSVeNrE91Twsr5xlFdAcHffIigDaRf3JOtzmhEHc+CYkoTuQ7KKDPVH5kiWonC6Fe0sQ2uz12X5mZGrL5G3nAFulrYDarnTyny5m9CWEakgGsY4FTJA5buZmypxoRh48Rh/aFyMimoWae77gClrSe92CCDcIwlgQlufmJilO7U21r4WL/GuUmAIokDLWsecj1i80xc5Jkk0fL8qNZSaorKVhibelalgMUQIwZlD7c7dzA2csocvaXNwU7n2t7q47YyhQGC5f1UWrPHB6G4mOxAc2ZGOxl6pU0cD8PXderLcgt2s3itX9AS1CJofsrY8mrNaY7iNzj6cilEB9cKpZ1uEXMzSqsBnue3WlNEbOQQVJBf80168QHIewrob1IlUm80xM5sRm3iy5R8eiLZv2km2QmQuxqnNvWpjzPk7CbhkECkqSUIAxsr1Nw2X+R8vN3/c2eBcPNmLois4wW69wTYhENJvLWFq7IzqiRpNcWVv41dLOtF6avbiD+mD7zV6VPpP4eoH7Xi9xOmNSl4vrGdUrLgNy7UlSt5sornW6Vw8W/dR4ZzeJaJ8WK5xOUYgqPdwkyhoUxhCGRuraFvAaVKdz8L6NiQUYCvlfglSSyg8rnlU1cs570Z0pUNfuUonO6IFrSlfuCrVHvrD8El8ai8zk6+0aoIS4posesNoIifYYABcT39/jrGEKSo0adpzBKp1T/3L+mK39pHyhIJf99gvGyRBIErqsM03Xxt/+U4Wc7zuxShe94aNj8FkD9Ou9dIfhhPPUWWhxBcZbp3DJ5PvLJPHucatU3K7zipr/wljnmp2m6j+LwLJd251IGu4SdnonLN6vbKvmiAonBbrY6BF4dTZz/mjrl7wXVoXVbuctioc1Xpj+Zm92/6HEVJrtzZ4APRqxrhP7Fqb+bh1Fg+j/fgaY0AipqBPFnB4ko1CxknbbEGMmcXjkTX8rlZFDf5hx64LdO2MoMwf+GpJFSseYUdeDug1K4Jj8ApLmOWNilfp/Qn7q5r9R+HwEzedVAOLncmeoScc0PJhamtopBZlvqW2SPO638MMQ7DgXgwpDgVZcCQQIPmcqq7rTU1Q7CkFm5wB5T0HovL1k31Zfb0H0jqHW3pxpLp9xUAWL8+eW89rk6ztjmCR79GuJrnvrOoWj7Ex8V9gyc8j64YPBPm3SiDVoEHWXqD3yb6Ym5+2vwguH4JUspmitSWA/Ur2VvRS3aiX46k02o9dRlbNJkHzdmMEe1fhiNAjvzpavmXxrF3brlbsn8X3YU8DA+6VUb4n789Vp4+GCeB+13CuoZPDEkLjCWKi5Pa7vqxAxl84X829cgy30oNM2kyuXjnjsriXQ5mRvEmlm8LFjgZZE7QZL+5UEblk8TeDKZV75xxnrRYubny5+Litx6vpzYvUCwrEWMOzyXG14gDLNbdyhLRGKftDx+gSY0x0U4nWhBz/MRqH8hJDQtpNF6cZ+Cox1MBpYP1dcgN25XV2O2Gza8qW3MzQTYH7OaXL/qbsn2kAfmJav+/ksD5L9Gxp8f9MHJb38xpKWSOHQP+O9JeKI9le0vWzdBuR2zGF3kbXX/DCEcL+dX4Ug9K1z4vJyXgAIp3RvF+k2rPnm5wlubf5U67HP5cgqftl1f4qpPVDi8ui6AeFmzmleD2mVzW0xQU4ba24VD/vTQRauYjKN1DQTcXlLNmnyvEWHca7X0C+PhYx08gnWWYqoe158vOZcjg0cCX284xzWmUrf6l3T/+OyvK3wvxRRMIHlelDy5sIp2XxR1E5lbsPHX4OY5WRFgQiRULmnaTXVr4qw1VuH0XVbxrwaPh9X7Y9FV6SPEi7b0LW9+7yY+cGH//JmKL/GeBy3K4hiSXqNfdoH37GQFdU6M3xr7QApwpe5/UvNVSxXNik/3eSlw5zD2R50yZ4zlx7wbT65DWHmN8iwLwyPsBgUcYGesHoKGNEOnCwUtgfCSw/GGvnybnt5evQU5RXF78uBREcdD8hIX6xJ4MFHD1y43ogjG/Z6itTZPkClGzi7LqWkQxe4YwGL9pLZfTpXVagufNvqVMa+V+S9AgSdTF9MynjgJ2Hc1+zfRB30s71XMQDlkNQfwLigkuZFjaoesaGoyzklZwl3ofpRGVn02QnL6M47Cbyb50oW83bGen0N7rIt+9FYKysaK+C+Y5yLQ4INAmyhh/cyeWRZdetheTUlV6ydfEOHh104D7j30RkcKIfLS2C1iY+0qbFNkYB7khqCPHq+d5AAPneX3s1Vw6e0IqvaCxOqTEVDclFEZLl8vdy9eZW3iJQFbgs77ikb6l2vRXa23Go/Q3nZC3LryLJtBbgT7Dc8AQZlKqnBmJmqTtRZb0IfbULv71UMp7CAZX4EUX9UQK9JNosnnPUeeeQCslY4VaqAgrrA9rM44Hfew9z3/G6EglEpvpWwjRZZvS9pgvVpT/kUEb8rYAqXYSFVqFgHp/xv32OHx1o9onan04pZT/5/+ZPYKmOCikZUfdam/GY0yn54F35Ujl60wiydSkPiKKJgCXJJlfxU+DMqBZWJK3XRem3xB62aKLSn1zMtQudAsazIjNI4gI84EhUOTxl0jeLgA8b/CpBHaC7h3v0PaVoqgiIkw7BOzeYjiC1qIQmkSaiTV2D4myURqHJeeEtl3Vm+nzIBNNNdAzJ4G2wdZIpUfS3bzFQw3yPYnnb8i/4xVyUxiyItsWdBEbOmCWwx907Av+7irieUkvXuu2VJzgHeYqXICV4OB5lpauHa1Xrwt+77l7xV7rMNuW9yl7MNOgs7B3cR1PmQYBkd/woXZk2xG6c/3iabB2Izoi0z2XUVUqnSiM8ySnrIx/j3aojdOnjyG7icEW0e0jtq7J3sMr33DkXt+0DGSqyQ9sHYL4ra4zyOK0k9dXOkXcWSheDSYXEpDtSb3zGSRZe7glhmaaQYLdEUTMOO+P3Ok03Q1RVzlOuzOoyemNMiZsJhaV0kBIhmOVD7aX6avjwJVQWV7uQ4DWZQRg12OiyacQ4GUmJdM4iRWIN+/9BYJMEeSG4RSFINSzsa+z5hstLckBkrTiWp7JH10ijQrC8NuVpvq/vWW8G3t6IHqnTU3FdMhT9e4Dkm8pO9BZzOGVjjRJpuWx0uz/w6CB1uBaQ2c8zcRcYRA4yIGATrM/2tSphtwIgTTwth479uadlF6d6PHKosMU+g17fcveOuHHQTPWAazNy10lIYGzhaEH7tGUFpnpAVWVXnFFgcoYZREbng5qvoEgqDnBUyTfhYHLOH03v05sDwR64R8CDixel7y4UJlO7eqvZRKVZHJxkhs65zJH5FveerD/BIxRKRxP7FjD6yIJU3OBSIw9Aj+wanV1g22VAWMuMWr0+PoA30OqNAvJDbb19b9vMkk7GcM6G5i5AcuQjglEOOf3QXgJN6pMkdhAiUlfXV7xM6Razq+NVHTSp1v8YiiNULtHMiTAqi8I0nxb866WDPOVXnhHV8rZ/cuW5j3R/vH0CSlYFNsD74qvteYLJBDqES6QBdc3wq0DuReiwSn34t9KszgHl/x9Er/uytbeCR7FnjHLFqYQSjRxDdRQo6KYWsK/ldkvGFsCZP1PRb1xWYgEsjLGLgVGRU2tctjS/SaZa8cFtJAugsDHf5J0zSnQz1v+a4tUt9gy+4LCZRP9DRXawF9NtZpmmTHWtzi8ylgATsndnM/2grcf00WtGqvIVxfdSXH1Onn66GSfkYDwhrshMZZLbPPwMT81ebIubF7K/11IEBeOgdsyd/0LnDgNSk80H/Hpx//rUICzxGXF9QKm5XlS5rRgnTS70QAghFRwI/OsZFJWOePO4/mqnIfhIhEHbkd+ymENGRpwld71jYGSNkyU2IYr+saxRH8utWa5ZyMOVhVLI28Hz3Vs6WjQpSNU+WGFP6guBnMIL7RS+rvJ/PANfDttfJSAgaQAsjXKjyEfq9AeucjMHn0NQ6T8xzWkZc25Lf1fjxYDKtqd1jEjtV9IM98Lq4SEgvQt1gQgWjWH1bhE4VcdWEwl5HqNF0QKxtLn31XBJpP/8p0f3DYNpvM7ZXqPTsah0kOr6WLc11xkwR8iIzxWv4zJ6/2h44kH+rqSWNf5WUWXqbnLGZWQgpOhMC6cM3E/Td6ZkSM7TA1vv9zLr2SXhjh9fPAU0TRIIQPrFCF1v4V6MOMkXC8yoMA+x3jRoDMoxgFE6sEsG3jJFMDCVTSGOPD+CjSL+fnlPRjZVXI/ERfOp/PztI4VrMHrKGYa0zAOKmteYF7jYRTTC7q2VJobhx1qQh39ZkVXlt/3qvH3Ix0hEQkAn/5wPVuf4opnDo443rrzAX1m7wcXXGWg3XrhZGh0/w+fH5YRc81ohb/tffoNRfpUaj8NSVD82hXHEZaBv/NkS7wDk0jKLaCp/D1gLxVgs1p4KaMTlPD1wUklG4xjA9BakYkzJziRLVUwBfvZfa0jwtjzbWadIaRsbc0mLoqFHCKHt79syChRSCZPpIBR8qg6MwUfhySKlfNwjdkJfr185QEIskI0bfY0b1b28nisPttSDoPOIEBFGWkOfYpE0CkC35CehzKBHpyj+gpzdSmFhkSrHgLGRlhcCqQsOJVaB4yYJ/VZBsPN4K/Supvj+U9X9RfWsJCFFrxST3HIJSeMDKLsR2l3wQnE7Sm0BQ1wgbXRe6ImF/ONnU9dSQ7c9mBaNFLtrXyRmOMd2mwEVp4siHc+eD5FFIph4cSsYFw014+AlCpCtKt9q2N9NLR1/2ZKq/ilkII1DIC+lwhIPh0E3W0G5W+po5/7RnwTpdYq10tk+Vxr9Lgi+8Ft3N+1sCy/4O+C4f8DwK9NKEY9/8BLlcE/nfoKNa9uP6fQyj/Pyg7XGIxDcW+voIM/ffqB/78H/zfm+7/jmDI/yHJf4fOJt/r/w5D/w7VRVPV/30aAv8fBP13ONn+Har+/0/4yzr4+1xgky626Pv/vYy/nxGoyf+9x9rMzcm70YzPtvfpF5yf/v+HU//dStL/in9/9+/Att/9fwe2OpnBj82QVO93Btx2k708J0mL3py2Zm+m8X09nfZ9Gt4/6MELTJJ11Tr9xpyd+mn9OxVa/n39P+eg+6YC792n+T2abHORgbsum6t4L5v5+0j6f49C/3vk/TlP9uR/UPrfr4gwjy/LZRufMewTUsVqAsv4dbya96r3Jx38x8ksLYPjjdGOyvt9ev4Mko2NxkU52Nld+FhIVOgDlT+Oh1xyYihPbVerOPuBsWEWCN2kgx6TE7Qyv3sELAjCYClBEAdbElHdImeYcXUFBnAKMr2fQi1vK1xoLxPqXvOixHKSZW2d8S+Mosy/fPzx9/EKoYsHP7ClC8SVVHNV198yrJQsbTcIHhp2+69L1x80BGpUbowUILmBqfMHcCbS1dVVT5TrKL693F8T448bcu7sL6nDhIDX+NDw0XHHzLBi9l3eYagw/qIxSARJeQJTMMagrCDWNQz6acSf3P8L5gWDClruMfr4zTpChitSJPE/DQFHQk64fkwEupan0SJRgEc8cwB4CPajvqKQ4fGclu/jZ40IqPTSAY5U4yzk7eEJ9pzHDb+cSxEcHx6tI0DJB1jnkvEdB7Jswhkpztr9X5BRnVxKlxewmfyoI2shibBUzOgeKyMn13ayuhbdv1On9/AZYhJEbhnaf8+7BAIlDmf/k+/K2LuSsjjPorxfusNMK4UV1mgcE7P6WDOjb841C0cASgvkT9PVHo8eBZFMdwAhDQFKwd6w5eM9OCkViIehtB+6nyJD7BfMLv0tKN9s94/2tNRYErL8JeMa9y1bTPuBkMT0Idti4bElBy4TGHV+SNH+lla8UEnecW1s5UnVxEhAztfQLyp+Gt6+N/PVSRENLKb0nVI0K8sDw1OD8PII+Ni+uXp3GApBisf71mAmR5vuFjbQYyAY2embllgGJW0tBb9g3XMfHyhAzYnNj+STTZowVjq4ZaKYFAdCgVOAR1dVDm7KpkcHoBNpM19K7RcrVfPWSwosKLw83Q9Ho6BvXk/JEarb2JttUIwDdmmlJE7oCJ7hPf34M88ODbhvBwh8ergD7yc1dypcVXLQB5cc7nZOobyIBU9RVW9q0tiqJ17N8hbc9bvoBfmUR3SW+9x5ayBVRpA6m6ZOy5kKwWOhfzEAX9bNVNuMnH0AA8cqmvkqtVD7oKAXXkp6+5uzMkkpZzerI90kDQJw6IcxTCUNvnSfNvIj3vZfGm2j6+UkGEpuOTIV/BD/O9QJk7OX7Ha4Nu3tdke3ksIu+Tel+pmbxVi8rQdBEC+t01hR05NjAi6VemFnpzZpbBeqsakzPe03kKlWf1sTjKR5N7VzvTzv4vrQ62ByFpGKCTslR+s0uIQS/lIUvSE1geU7bIQsG61sm64yJa8aHK0CNz5VQC2bE9ROmV6GfwuXH1nE+jR5o1JfbRVyBzKEZzf2q6UJqdf7Qf+tTxILFo70pzFH8opLRn+5MyMSY2D/XGQeOI3VkCXYJG6jo18rjvhLO7cwzD9WldemorDlldF0J35h4Rc4Te4e6rwpF1Oe+OqXAXNkK2wnM8js+j1Cz1lmtgK/AfOhUt+PeFegLcKqfYtj3GEqGAFrTho1Ps/DiuKJZtfaLNtECJ+pi/9c0e6XVSphJzZF4nqYeyXFcE9g+xjbAGtGWtOnZa9vche2Wxyn0xeFmtcRaAvcNVXafOAfrWabQXI7VjPcj9mfRqZtC+dd1Pe9iZ7KajxpKN3EHEALKNi/QzSOE/eFMSXZCBpFGzJ9td1rOAQldidPbS4mFgWru1e9qzpjpRV4jcwPfSjo7DYhy13CYZt63r7CPmIIhIpsZqj65D/NKtL72ts+LUTukn+U7GOw8s+UsFRjTOlT4ylW1lBKipH/9ard2Mjvj/qblKkT22SF02JC5F8Le9BJlsGKjPw8S/JSkhtbqmW6go2WHGlgNNH4Td9PoKzsnDzQgH4wEJnyeEUQ8cLiTuOyoryzZLPrD69cc+UQIQyu0rNF93A7XKsnrITvTberxguujaWHpR/KXBqPJ7/Y5qZldenWOHlU7q4JlqPP+DTJpHfJqNzud6zVhBd4pFdWaYs0O5Wz8YM2+FnNzdV8e3JQf+c0FsueYsV+ipKf+rU4fqdtEUs2WCiORo/5YFGg7QJ6/OwFq7NNaip98Bcs2beXOqZHgIC+BAL5nrhgwVhQpt2ZNTRthtnM1zZ34qQlAf+FxVPxKpflYM2b9p/CSjMkebYKzJ9HF7ZXTpkJjchAEBUYQCqc0mpo43P6fi8W8OBVDn2ijXgXzTGBoFw68xA6530ctq5RWQUIOETyb78l1Onb3iP8FN2tSJPGH/Ed2yiR9U4hmfyQ2VXlVLfqm2Bymm1H70mwN/dxl8mrLvYC9rJi+6OemRXEDRhVf9QHDbIyTudR6oFNqMsum7LXlMh9qcg5Y6jeDgvOSDMODmeNRtU/NxAj9xcbX8J9/JbYxAvjfCOUk9UOgMUN/k0wWELd+Il9PwWw5rf5Z+XYi6uzUH86lsxTuM/lFRhC4PT1/1qv91wtMpBaCVX+taLhwgKtN3C1Iz5MKRTysQ2qaDPCR5ea+vpLM79thPfpBv8HaF583+5EZlC+3yoxBmJBwVRS58NxAW0UxrmhK6llLp/fdBj/C5RN5sF8FhJINWF/LCD5T2DZfipeVhW13qs0XUAInl7fZ1oHiflCsIVIgT3Id/3qEuh5ItifjX+X9ZTxhDR7lQK5XhrQTqyPE9/iyHKxnVl0prnb83wTvc1cXqIJVpCtbROMlDrdt5yzF3H7mhOIlguSmHQ//+hj52F7nk97GuqjRWkDt195lYb70KDlryJT8AjZL8BX6rpELKvzTtN0rOnwG+tFoTeopVv2LKPWczS5wu81HsivV5aRpTSou3JET13u5ez+IBDfjzGNe9PmYTvyaPsonqKp1jf5ykJN/WWs0C0HkgR4iza41wr0gaQ2G61ilkvF3BI5u6YgHswWcjWfdB453/uaZcogm7+q+dhgllj6IH1PlanAzndZ3/tYBfpAeEytYc2iztpsUpm3qNNtM9ULXsclwjZy9F3VcbwuLAkKYJ9LManl1Y6HkkKSv++bienLPX+OT62uCBy1m/9qYhCYR7Lx5ZTLdl3+p2WEQ3phOG5bF2Ffif/Bzc/2hE+GV0RWWHZp6nj0Oeodu4f3lCEeWKyudr9J2yQq8lobkWeYU4tFFiLVv/yUfZnt517FpvFyn9mRoRn8v0JroUZ+5z6H8DMmn4I1ep9I3m2sP1K3yIhzR4evegVkD0aYH2cv/ZakfXe+P358kXIvyxRddaudIIRGxyrWJfxzO5n+A1zRyO9j/wWr/TUgWPYqU4TkN2ZWV7p3BIgerWulw8wF+qtEiWSBoLN9n4u42CL+fNrIql7QcrpnHPfPaoXYEvdR4OWvsXm4vxnDrH0WVMIZ5j4GWoN0sSD2kN9+JrGJO27vzWS2jv30h/qkk7GGN9lfBFaLshxzyMVflzgRngsfIm1Bkf2VYzKfr3jTOo8vuhXifb1rxtwGnBlcZBvdfVZnjx2okTvh+o440MAk2CZ4rnDFnbpGwd8sL85GvVuUIOpYp3x47d7V8rr/KfFm9IT4F+hjYDxfl48NIYDxeoqhVl4+3S8gE3fnye5mbyHJTrYiTFkB7iWG4354j4mvNRFp0gWDnFAQ9aA1Gz8RNnMs55Gm92gxeZ/PrF52se1mQPlzx/mYLQItdI7ZbyTvKJKL4OdTP+3FbLIwOin1aH8RtsALRB3+TklBLKomCLjBtwS2Cqjo4Q8iaoIvzeOwHcD8tGgFztl9XUO61WjwhEvlFEZsnOk3X9cWWNkqCXBMgCHQTHU9krrEuiIwYU9VIFvmHHU0jCTA6CBMlIH3I1TnJsuvXcXN88wdrIeKHPOpucWsy0uA9hQGj3eLPHd9DblsN6G2U/inIKVvurpNFQXKL/5jd0UnSujXhAxbyC6Z4/RAWn5qd4aFn1v+tSCX5DLcRPz1EjlOiCSd5kSUp0ge1q/GxTh1vcGOu5d/RR1TkRo0TvXbzlrj88tOSwFirQAj67/GlhBhKmr1nTAI+PuvL0eFdJTP8vIdnG60iLYXrUKZD5xyeeglS3q6zCXfzyq06jBIspuoo41qGUeuxTS0f3aiyuYUd86gXCa3T5MP+8XVw7vr4H3etC2FZXDCwcqE6CtJj6Ihfy2PBLArJkHk+OmVYH1mmgYRZxVwnUbjXeZksJ3DrPc8bS1ESAtvcUB/h7HAR2J50CvHWn2gSuu8G66ENvjINOFn1SHr2X4Qm1DgzNiVNKu0xlmbAgcll1MUIMc1f3Z1Yvd506uSgTIV7BAdrOknrdOtZamzrDKD1u1bUugj07D2xvw5z9CJ/VtChuOziSlGew+HuRlR5Z//n7E8XJCD4BXM7USl5glgR6goGhuRKfLoS1Q13seMv6Y/QET/yLZOXaCitqVXdjlpoxJ7MqYblZ6Z58+HwBWm6Uixdvlabtr2bzG2mCnW+zdN3T7e8bt83+MgXUO+qaHN1W8bFNxlO+tM+4F8B/hT61MrjZB5bqQvKr7gXplzQ7Asi+GqNt8rAH4qcQFRJ7C+yEuGR054iTky4p7BDV+rutXPAp3z5SER+0s6dtmEhhYkQX+xQzPVWbPoPg/vMBD/L27ele+7uO63uJG1y6m0kTJcejKqMkEr9cXz8ktdk5EddqGPDLV2+5udPxgdUPE8Dd6zlzhU04lPucC1zGPRa4UloYoGvte1tfOKEJ8vrkp6G3eFoJYRi/3s3zAgYnZ4t9rxb5GSIpLcT/l14+K3SY/u+Tlw13RuoGUzlq3y/pzSFX9foysIgnaujoXWyrL9wsCmKG7NyovHEVuFa2TbD1bgVzOxTv+gIS8i6LhJHzJbgUwKqry0SgKu1XPC2oaZeAyBiwNg03KxCBQWIZ0yL0utaPUvSqx+aavQVAhRJhkTOcXNJXXYAqUc1e9WfvKeykx7tcZfkSM5iKkJVCTdK1+61sDY24yIvZw0L0gOzubBwJ7mh/TBowHmZ6mXUG69OpmOL1hdYwohuHtKh4svA6QWt5Lb38fGQfVoFa/OM8Ntfywn2meJM6jxJwzV1KFq+/KbuCebYECPngcRwU+bcoYLmUrMbjuCu+wz6dNeVxt7mQqpLw6WvrZ+SoAzLP1JPZAKFH5u89um9/ebzaiqLdEvZsUXyVjPkW6KvirDc8Fsh0LQB8nDay/Wvf0QrJQV1wnUKC6i7cY43I/GmkQ6OszcSh1rwohcRF8VCtukzm4hOgANRbgMBORfS7vVc2sz3kQ36HyOX2q2RPHazMlH6QsHE9WQF8Oxzk8X1yJ64Wu/Jz/VYqBjxy/4sUDXlQ849gLhPPMhReWEaCZ9Kw/cqR2HSl0a5VqFFxGmttSXa61aePZzI2LIyuy2JAZVbbzkn5E77tsSU2RBZvO85Z3xFf85aqcrXk1nRLgNwp4H2LC6tQPnhHR82ekb73Q5Kdqgg/7heuYqrUmC1EVfZcXQTaO/KYEpvF5MrUewufZKGgOv5rmuWuyliaL0VxJ1EVe+p5m1ZduCivRK5nYgCIpCQlwgWVEdJR1n9wwHoWZe1fTADZ+K2ZOEPqqkYfz+Ilb/RUdoAPzy6smLvxZzGF1QFA0uG2bQ59CuyLh8bk2lbxXVT0PWlx1TLtvqYAn1lcnYq8gm/3jAdTcxBMyyrRLsxazv/tAumCcI0uQudD+QT4aIKDGZUD+5B/OITBJb7hOAMGREyLSHf/ONsf1V7HS5XKGrliOcghhzvdzlE9Rb9dPIlw+6/7U+GyJR2cgsJf5GUkLGa8iEkJEhI2J1aUxPb97HB3e56Ds201qjjvpadK/n01U3S389roCoUFztk+zxHjZFyThtMWmFP1xygUHpTFiiWM6Lc/LxCl6BLJlVig8tN2JxZVXuiTAUpim25hpJInQom7KLryf8ZwBn6Ot6BgyiiixBnODswrMhY5/ClHR+TKhJ15dQOwndc7RLSfvT2krhCL+XQwk93jLAgqKr4b20ZWhok6ucQPZppHcBU2Ph/jFB7LeM1y71Pox/pMRyYuJUja/BZzVKbUfG8fJgiyTsRw2JKXqIv5AviL+vv/xAoV9Se0PqMWEgXSkOC3A8sj3Ouw1esgUEzSG0lCPuC8fcQoK+2ouXwP1Mwvl8RgsHfe58O159rKbnnuT2ADp68qv5cB5MWllc6L8NxsLznWedgaygBw7zgcFy4VfiBXMePqZWrGvnHpgTw6nDmIO41bAQYPSeZS/fw4qz6ikfVGUxI3q65UHB+SqFxRFPXJgi8q6ol9ddypeXSXX7GBAVWPHheAgQuSKRYXT4JiyaFVT6svn9gEEuFQuA3lkXP+oT3jV15C8cNRxHIJ3MBvlGNifwaq7VgtF2OT3xgdx9yPhSVedzaXpL7AdBP1/rZQPA4cmY5X8zva96p1JDa38XwBSOtrMETsp5GrhDUIh5HBBfKpp6PLPZbRbxaCdZzsC5VG0Okyt0lVlW+j8oCdKVKlDGKwDcnygJkJKHeyCzd0fDkXvZesEOb+D+J58IjBpNMsuySDuw2w4k8iJPnym/8URQSUPk93akIrhzBtz5hLWGOQ+rHZEhsJuk/tXxWlFkWh8nPsY9vUw2ecK8nBqUgy19r+5+zhw98UK3AQ1xQCHFwAx+42P7i+Wh+xS2z6/82Tnf2wwuzzrkno8kq6uAB9++1/u9OXPZQ45e2d1Mgu1qjBEJXA4pZdL4B6wn3Vw82z7J4yFN8hOILIv9PuVL1g04QlGFm0SQVmkyLz47plcbGOBKeB07JPHXEmMx4DnrlQTzQzEYnSu0/aEEQzhxAqPidrLtN/2w5l/DkeP6JQMGNj0l/3viMIoYl3uR1gebW/SQjSs2HStg6rJOxQu1G5MSE7H37d8nWMhKIJ/g1/w1B4FciKT95JcOWbS40l+9zl813/dpIgm0bhnQpMXQ9fHlnkG5HgO0kQCpY9yy299pfxDHA4NiPxF6uNlGcGfxGGNB1jNBWEs8JNYKkhiTAf54YMtJ4L35o3xXBEd+k5sP32BH7y5d8weOSe5HWS+upjGD+WH+CRKRCGrq/jSGTrCxqW6+L3ARqz3ozAEEUMInP0Pw+LLNzs8PeF0/fYqgGvGhj0d07hKA7O7/kvceS7PrSpfY02h4O4qeHNIUvauiLc7ovS36pxdQ+1z3379bEVIrNFDEPnG+ciQIZK5cK5EAMrjZkYjXnt6ng/v0EqRfs0ayznJe47u3kWHYxygYvpTvQpctvN9hWgl21/2Lr4G4RfBuzLJnS7EK8NvxNfavXnzA0oUlZVt+f/tEd78XzNK9ZkuSLFwz+5Lf36++XuJKkrl/mUqxl8aJm720pno7wqOg8pvd9KJ4tfPACT6alFg/UUrEo5urcl/VefMLxixwvgBZ9ekJ0wO5G+qt3DLV9UPUpnjwwQ1jYUiBHp18Or6Qh5EOKLTvWryqHvQ6I380NhvgoFd9Pg05mqG+K/FROy0pfaUs7l9NZtCGvr0+Bbxwap4nlQyPkCIGtt6xcZH9TZg8Yv9lxwZEGuX9Vxa2hiR1E4/kyOXUYs6IROsXRzyKjvNERUbbgVC7iEWGOKZq13/C7OdEbRacz9JK7zePdM2CoU/Skn/50JA2/RVcltQB8q5bhZ+jcEi2zCQnUwxfGJzyFIHOz9Vw+eAL9YU0RBKmNGVgEo9B+HArTfLEkuXBdUDF0MYzPj0Z6VSsAfRMdD6nEMXEUuTdtYQRFcFZplQKhhaVLVaiT4cKDoMvb3KPRFzLp1RcCBT1HsVeXx9uvl5N0r9qz7ZcKqmXid8w8jth6KRkj3n8OvXDkr/X5679oqgIlYX05FFhrBTT2OvW3OmqX6vv70FYzUoz+2P9bUojyGUBcHgN8coy/OTvj9C134lUFTL/Gj8nMr1AlFWYBVzuYHQdBjL9Wccx1R3uw3RiRlc74ILf+raZnJI+xxuQuE17Dq9X7TKvAmN6y+/Dmqrr87SwnG5JnN+o3bkIEb8lLG/h4X9rhpkDP92nkZDHW2GKCLfTp53B5bJ59UwtaB5e2GyM8bV9KvZOx5A7EqNEiSqXJYVlJr8zCTUGOt+NRmEkZGkMp0Kxx1P8bsiZetVvS/l7C8msTv9Qut/+cur6XC/gwJn4+MAKxfEbfbNmLaAPvKgQ1o/BhXUiPNZXDO6f8q18Q2gvsrNT1oKOnmQJgwoMCbSHPNVioUBvtm0h7jLv2dXC0Xzstgt9SBaeapFTjveJWI+y3akK4q4o0kFlWnJtV52IEkeOk0bHuhMuT0VP5o197OuV7zbeOpnw6nz2/U4K3H/QVqBtCRyqjIBNn7LXht6OkUG3083rSjOtS0yZe0+K/u6n4PocJpzl5pNYITM7oBFJLSgXusQ1EGWJGnB9LPJmMoN4yk4x+U9YQdvHeoLs6lc7t0e6pk+88dhjevezcUijKY85U0tf8gEXz1jQdaypB+O+xb+ZcszKPh2xVuIr0+Y0No8p8eT0dkrtxRwVUrLwbIt7nMlwGY3HlT6Y/dz3xjygv8IeeMge7WKxQYWcwByyg+tdMAwrPFPouw+6472SbM+EU3lXPnqGir7bi7gXPrZ8f+dYL3ikjsEioJ8HBbmBwo7YLG6OcUayAE2rBMq9rtmviZt4yl2m5WAtrtHD92ogdthwj9CovTD8z36HYseZs4l+gy5VTkXBTld3sGv5MkmhoKGFGoai65emHEfbTI/IHaMGTlh/8+I3IbDDy0ma8OmCFe8+Y1mbozsYoSCkoKXmrrXY6gnbZ4zcCm1TuUtTPS2J5Rwk/tzDut+oYnhs6Pg7cna2aWPY7yV4Tx5qnyZ8wPk7WKax7UYcu9fiZ9Z7BjJBelrpUyuSKze2Z+dVlgFxjdJ50sQwA2YuIba+adnzR9+fDRdmxFVDlGYVf336kCl32Hw7HY/n6nq5rdaoQO81neXGB/42W6nvn9wQzKH8eNlcyAiqzaHfjFl9y8cJueZ033QGrTDdJJh9bSn4a17ak+6pO8qnc32ge7lknD/a2Ui/bQM3Qp/mMhf2UKimwK+TIcXi75zVOZziiYpwCR86JmR9k7nydcqG836sWvvGL3+hTqCVTSL0f3PuxYFhOPunmbBugFnQitqQy/CW8SDHQhEtQ4wjdm642lDSNFc6KFTW8iMC3mlnlJbRjMFgFZP9NuHdDvt3la+ggWEzSFeiO6RZrg+j8oc/B/SXRGPdYUdauXY4oVWLUVB4GyyOxn4bkkKvaeGWyzJAbyzbGUpSsWl8CM72UaLGUsdn9ZH97JcHEvnWRLxHF7df6Ql4oTHh/Lns/kDZ/TDQOoaNMONCUzAy+SY0741yWmaAGbeYNpD4eWm79V2MOb75kT2/eq/vaj0+2IG9wuezjCuaeFMEAd2vlt83H1I43HZcFJvNRoHG8PL+8LHX4YUqYjkib9TU0eF0+fUazKR8INZttXKA4nl3xvq5XREf3wUUUgULCMkLKgC7hI5t+TaHfpmpc5LhCngXrVSWHl/TrHX9zE8dpb6KqEhy64oiPo4HSaOJIDpC5y31ghTJjGv8uu1Ls9UfBcVJNP1opTl9wHTQOeW0L/MO7SlAenwQe6Sc7RC06ZufD+3Fb8c7byy5s5DWVh+C2GZxMo7L8pmBd4Sz06zzkT1gVsXwQhpSj7xEdqwdv/a3ezACajZqXOFPLeSu35Y30+ytn+stzIsA4t2jUwldtQxIQbmltrpBZ0W94ZUWFnVskFr9yYGW7ppAwUdLMntPF6Y/1u7QFvbE8oEcaAWaqT99EQKB578dvPn8Jof4VGURYUvFD7n7+5LSk/weLgxGt3mnJeXBHmi1AeuJnAk/TMGUTOlITzL4YDOgOvmZgzBk2e9hEUiON8dMkpR3oCyBhj1etTwgRYCnFvXVFY6CtNMyR4L8hu75NetIc2thb7y0rD+SjvL2k+oaHTFGxYIR+JlsADF7QzG+30XTlZOleAAovOgTeTWacNAsn8ktGrVNyohMi0GKGmm0ialCWg9ZescKCX2kgvO65uO3+I10by1n28HCnaHmMIwT5hAIeRImEo+OJvDidO7SjMoz3RF+k9IPjUyUUCPT+t4KXNBDJhI2g2d+J4FhGTEYH0d5+g4Eha+2YpHvY8+YsmZ44PNzcMKp3QRReZQ4VUqL2Yn+uozT5l7WOPKpX/u8NsCc5Pn5CIsh06hZqyi/hsf5XtRiLHFNaQwh1wFtnFlnaJBkZjqoZkjqWU2h3udjqRQEGZSXooQnvcgdFsu4t3Mnyv1Enky+HTWbZgId9msfvkKqtI9uYqtb9vc8z6Bypp/sCx/jRhOyTPKH0pQ3Yk/CpEXC6f2F0ELjn0fl1/0yxNDiNFpte03xdbR7nYbvzF1Q+W/R7oOdI8v5t8FqrfcSUm3HtNJ+lPPSoJ1dIvXPDKm4BnJfB8vs8k61tHkTQTBq1MeJxc09eflbXS8hBd4CgYfbN4IuH2bfFwk5eX3uebPJptth4S8Gzc+XqMSebpYNYLTxczSbyQxRXjmiDGbj7QEHcRz8ocB5b+wr6rLPEfRXKlfRI2Lq7oidZOAmPt6wy3DLtnI0fMr2taTG1UwYxZr3aUBypg77VG5SJqVEwnb9VhTCgoBkFLnMDxLeij4m6UdmMz81VohQSZn40ZQuUVXd7pW3Tz/hSabfuXfCJhTlhfOm5Panp6qIA3qnrN4wCdV7WjOzF0LF1KD3HaqadXNNALMLjT1zYFnv7OOgRdm8d/qTF4h+dHmdHz5iREAwmzPBLTH6scZW1fyN5DdVLMZzvW8sfbyHIq9X+3lCqYzuh1g3e/qdqalKEinzPtc61khbaI/IQ7XR5l7vr6ob3svbFYdSz6yhx2BDLXJ8zVOIMep0FjwvCixfigHJ5qT2nd+czTzHfv6qgDDW+XQHoTyR0qKJMrcgSBW7YOCc3e7u74T+TpL5tA/6mLEPgjTTWww/REsFGvLmnc3jTp+l5gxEFmqn5vpbOD9kgsJENGw4usERsVJA8v1Sub7/0hauexLhMY92OylOXUX7M/c3Kk1qEHsHEcY+SzDU39a3sau69oP4bX0jmXquXXFVkN6wyMH8bXtMrlAAjoOpvV+tQzXj11uauHhNNeh7jIAVNPybGRR4ypK3PQvLYMSqqrRGK8jNJWUgVOSqe6L6ko41l4bMZ4Pz4uleC0EO00Ic/UQ+o0iZbsGrWggrfq6awM/Jta+9H9PB3OztQcfxXawRzz9VpK0NqdEAaBp4XajTrm3BAr4dG4sj5UNxqo5HXORvq15SPtoHTDRk352Px8JI5c0Dkvu35jwSapu3VMVT315O2r/Z0B7FdqqkfK+gmDUrYZwnpj2HOSyjbZQ3xjtGlQsIMkbnyNUdwIXJJS2/daxeqTdjRS4x2MhM26AvWcdSFNcQ+HxaTF8ZToZ5mekjohWCJjxNUiJsax1h9XFYzt37YxkNahFc/DUmNCXpwRxwSBNB615c+Dbp8NDgeIsuA57Hn2FhCddd/fzga1nCEQX5PYRPzq6wS96tJgQ6FSXzLu7f1KzRXoiTc65CnxNZzUj91GdpZsdve3sfb3oLrq1JZWW1apZOqRLCxIQo/BbM+jJe8LJmfM34eI7KrwxbD4EW92MyQJyV5LMwMx0eC37HjG2Lls06Nj2yz77uQnPh9ihjE7+ciEdBCtjUETql7+AJQ4Z/lpxekWP9kLjOij0r+PjPyZN88uTf0VlGPbFbtbVc39l2NdL4Azs+/TFviePpKXyj/jcrnv3KTT6r83eD1zIiVtrbC88+fSfuGL8nbe8l/SZt/SbUoCmHB9nNz6Zh8ywKM0IrOIPkfA1w8q9cfPx8fD+pklEVt2OHy98taqsZx24cwruG+4GfFRqmxDMXUf/Nq7fE6z4Ll2p9XSUn+mqbyxqpOdaZ96KNK6feszlH33DG3FX6FjGL4vUMomF6BXfx+QAgJnlU+p7fRygG1dyHt+jlpk+wjVZ2w2tkHynwJe2QIiAXXzMql2uwH/RgEwfkatMED9SFe5y2evSWxcBXujw9E8GrOD/YxrsgMusVsFe7eoW83Y9Hm6db0kmXlFPo8sWMaADcZkpensW3wRTwIx66S5Zwx+li1eJwiYF0YV/c65c5rGbiFBfRt3FVNRoowp2KuW/UqZuMc0B58gQ5/3ReUPf0ER08xcoSUN6dJinZwVARb/GF/jv3AeveZVCnlXL2z+otOu/LYjdshP1UmFtfuR4GokBRoqWHWwjj+FJItuzQG2Zm1ILFrfoiinU4+J89qeZy1pgKrzfeoXaCn2KfFd0hKeJZ75LcPvK4x3PF0aFZczWRldb+ma7+dfv8i/f86cHEWoxqStth0RlAOaWlw0qpD8KLQyOan64/cD27+dRjDKeFvm3Y6XL3sVl7EClIywnDsNyc1kLHZMZ6Q715WysSu7Z4DVw3Bn59RpauTHU5V02UzJN6hL6fn1i27T3j3FFtLw8RSW+be8RpP1RoabvfKrBfaqeGAFxWba4ubPhK6vupAR7vY1C03e/n+alnDRDd68Uo8Tski+JpLFAMPgVT02uKfXBIYUU7jUhX2yG5cdvva3OmJoWknE7EoZ9+ereHKfZ8/LDcKVmqI7GaWw0ibSN1h1HlEyq0vkufErOa7ZRbzzoUHnJNGYft+Qjd9u4HgYsWRU/EhhEqszANrtgXv+8MrTdzNlD7tr5UQ7Vnr1fq2NMVPi7Owpx1iOPNkw6mzNrONblgQYNSgPizTKicJqlb9/mhGY9a8N58ZZgFFsaNTuPL1/FhUMsDvMFx9mTroL9UA0idp2REL9R7D3CgJDX5EvsOUV2Eg4vk7veKY0NDeKK/N4pVeMrQ9OyCKb8msoSQfP6OqVinFl2cLEtusa7YWU7uS2E/K1JoXepL1FVnjDWcm5gktP5Hgx5hmv8Ot+cMPIjWb7b13/CqK8nQmPTxTN4TvU1ZpEGCv/abbA6z1zO/Yqt2BMCXfPXUvnLCJt+C6vYqoPoEpTgPGDCDVAOq21wgcj5D7ILaJI7ogxaIt19/ysS+++Co1eqluNQ7L048CZLbppzPqk5Wu/4GmT7I1xgvzfaZr7x7iS/uJU/yc3i+VgK5maAiyfy6qiE/smC9VXwJMOEBYM82ZsttXjdpnFaULBT21CXntd31R6RcHoPd2j0wZMzQkUCeswanqsQiOBFLyCy8xm0aab3cSlfj7X8/fBAQGxUfQh/1sNvEnki5PWOCgd+3jGoaShVtUiuLYArHFFkYzkj8z6ppJ/U5AvHpi16je6/0eHmvkYjZ9+nhDu/xdFAa7SfyMif3xMcRCM/oXZp0RskfBLsstB6WVHmg4ed46WXNrdXweo1n5q+CKnBSRNPO24YrSTk6erF4SHpdT6hxx8qPV4Bifltx8zxVG0fLxgb9gXKkubLkgRWkJ0Xa9IiJVt43A8JdO+pWexW/OrqLaFZTScP8LXMUWWviym4eOXW5frtSu+VeSyF9yZsvqZdd3xe2Io3dSaGaGPYn+Z68bsuferivUxCStjN1QdJOuWLpy1IMS4HbMnFtMa+maaB54agHgW70ZJMoCEfhEguS9wDNFsYwdWd258Po4iT8IU1GR8YFqijs+dlooC8CpZ5UZRGtZcBUWvVHVhXGflTauUpm4SzJkP2qGTWrxccBOj02dz/jtOYsVd1qHsLUiuz7oLgX4SxwS9yKQd6FJrq2VCnUdC3LGp8k98BcK6piJBV0t2VfL2PJF8y3Je7aOD4lTmRUe+5VRb365vT1aWJ1WdnfaIlduuzfbP/6oEwQlTwmrsLblqgcm66cSbrx5WIFYrr16Zl6xBWaXp5jBGvT1OPd0O/Irx3XBJ3q2cmLqbdHLV7Gq+QDbiKTkeIQ5QV6Oa478ewKm+kU1V1fn3DLQ22nKjbY3c/3HRsuad7rI5gxYYk0Hn8CvdgGlhXmmOzC0Ty4Xsdy/P3NfFgVX9gsYz9lU1KoajlhYpgOdCW47KB4LLGa7XZ2LuzKNBGkx9k6Bs63VFLD+YpE23H+8Nq7p2J4Wkpab6/3f1WLWiDTh4Ysd6wHC3U9JVSax7syMuO3bCD3i1FCteH8JOWFHhKNP0YIzELr7Z8rr9UmPl4tPCFMzPL1KRdDJDTsIPdE/4RIlHe9MWS4SKFl1zzZ4IsIJP5JDaXj2MvWKT73xuG3a9C9IlX5Spg364fhQTcqnNwsqVP61CM/sg4Hj9N9hhr7w+FNB5C/K++0QfGjEjcfRfxH7GA4z+HZuN2U451+MmpZ1in7O8AdXCLLzgS+bFddP9R1U99MypSZuZqiv1d99eaNuyYeH2G4W//FRS/5ZFlN2Y7cBtrdHoK3gn8QPeiCJ0qOTMvQs7n46yMy4bTIsxAYILfcQ4jIT7fMavS2HYOwDoli3wJqPW93DOLWpJlKS/NBVdHkpaHSoOqoZZcCz+T36NDp13mV3IOgn/cJSEssyQn+bpsQTh1/nV2xD08Wb4W5Nqn7mms/I2ZalGfvj2ZZ2o5pfdqT+nIdvrOclS+PU9aE0n01ZYDlPjkUg/vQqE3m5mwGw6K9r88wOuHS8newsh6cWRgfmCd8cawcHIVa3zzeOo6tmJerCh8k3c6xkmEqxBaj9g6Xz2m/Wrj6i9sM+uADghE3haN39dV+M0WXLJhbRD/DVKNKn36HuHkoi3His2eeBNEIRXV6KxxOT+9lPRAsD0QA/fKIBlpEiS9GBGR5igqG2+eUkci+am0rgipcLelVSaPDV38KKLVlmTjBvYnyFufK56+Ss5uZauwd9Xccdt2Nvx1LrneChber4kMKW23dM0+52MfG3SyCy/dFVknXqzEDzaviKtcy6pr58ckiMXDViqp2hHnHCYZ5aBWEYgGnEdgX+1f2mtGnHFFIYoK5dLiAFB4p5xHPpVXLsoQLWuG//x3Lg1GS/LfFwSj2+I+VwcR/szL47+/9P1kWbL8a6bSEL6/9ben9oNqDW/kb8x+LgPOszJ2/Xo7LWo3lOMTd85/vcr+1vnDV7m+d7j+/o49wba+AgDebfF0vp77hReJtHcFb1dp3f32an/Ua/svfH3ip/0H89Uo4/7ry78X114vvuoxt/i8rjDnm+WCJf3wS/NWBKPzhALrmHzeAL/7lDvDlP2/xe/X3e/xPB/g7bkua/y+68a+11Gu8lPlfPy02ktF7/cm85oXRx2g9rONvfy0Nh338vzSXJe/itd7zf2vFfzf4f/3UHmvQ5H+YGY0+/s3MMPK/2M+fhv71q3+aELss8fUvX5vgF77/8/sw2L/fB0Ee/3q5/8vvYwT5Xyz4Twv+ac//6JP/+yaO/TcL38kOjBKX1fu/2T45A1EL3gfOvP4t/rNgHUDEA+D+mi///Bz8Vf71/991ivH3kEWc/vt1qrzb8/U3R/4/++l3gkdw/DdtgNf82/fnQbAJCDGd/3mVKwaOeP7ttzb+b0te1t+fWfy5NJwp/V393+8IKfmvvf/x9q87/v7uf0EF2CXg/aOq19yZ/jzoscTTvzs2vPDfsQP537GbAoX+D+rft1PA/xMwEQr/T8TE/t9CTOL/F/so/KKgwvLsB+6n8MhNl/zFRdnkHf+l8GypFGzV1r9dNLrDEbsb/h45wLezlHvVdZL/ftA93n718FCmz+SsSnuPzbAM0/tuizGz+YRcp/fMFRH7ZnOgDTzLOt6b8+U6pTKEeki+X+TJST0MmXMkQUq8WuKf/ujZ7lXWpn/zKlB7ShP12ko3z1ztNf7ZPg9AIh/PY35EnPb23iantIiXva9xLt0t8Bz2bYjU8bB4/p167XMwxz5+vF5PJUdjm4mt8qgeDLVjQZ5f+y8z4iFL/Cvdg1lhDLPRHGhlhBio6O20/Fstsq7DSgTIJBcVWN5R5RB0H6d6Y2qwqtJmackqz86pjoNt6zdygT52fE0ueiEXvJJxEiW3OOpjCjc69IycUqmPCgqNdZm2hTLM9npNVnNfzkmsUDUE9eAGlhrMLULkjI8Oa9d8/DOp/V2y5Z2VsOhApJ+yYO/hlDzVlOtfOPsISJxrpWSPuJvO6M/52zstmrju4lo+HnMJVuuc2YEOzIC9WvrhetxjO3D2Ekxk/22oBFNdIvXldWJFn6sxGqypfpNowtjH/v3KLaZoj4uF9zpidi3MQaXRF+vxzsTiEau5EdroOzfFH/tep6o82Ed/ELWGZZCgFlmpu5rACk6iw4MEuMlDqeiAh1Oc1BW3fvBhWymCTJGjKLKwt8/RZ1QFbtdfxDNiHx8UF3fTTvmumg+uZeM0lsrguGlppmWbK6kZ7u/egOefXnHKRmxMDwmL0UXCeuv9KfmX39XACGHlhdfOPdmGzmd/OiUYZdlVWEfVPeVlseqzzYwSWNb6qsDTts4bPPWzdhD+Kfx/+92KfD37vNteFVyDRgiPHe6P22ECofaq0XqwroGnSoNm/YMvWIHwnX0Y+A++xB8cjKai9VfJYr/j1tmBtna2wB1+6JZq8Frh3XAlN1XpY2TNO7EPe/Bomz3x7yBK3SSxfCtmnxJ+Zqbc3nVwQn6VRNMJ9lZpgUfcLSzHVhl1rV9EtlKmI0/HDZ5CI+9TMDimeH/wNXpfxPukWvvFDqz0MvnV5hoyJ56Imk0MZhBwtqg7RDbokYRAoGD5LabyDy53bAmzdq8mxcNiV3NGb33jjnAp6xrm5QbUDXM3ba4XWy7JJPIv7nXfOXxM+oJzLuZ29lN24XwnRp92D1kR58TtgOVxJs2fU/ROgO0rCL8OrPby/XYmnm7FYAOWNicwsglrycLc3tbsG4fg1O3XwXm97GX4hT8FFkJx0f2RqZTbCoqG4p9wz+/M9X/VK9YWYVReN4f66HMrZ6TJxIEHckgklm4qXEccNl/7VyW2b2tRSnngVdH0iLXHA/iT94VH24g8f/x2qKeL8sCfa31/3LXgPkAM14jSN8CaNJfqcqdCOOGQLRbHhad5rbhm64GXdpsQdHoIsWzt14+jl2rOi8dz5w8pSijNZm+smz59/QDXcbK2fxW4noNYIC9R5/arqGs9Gj2SZ/uBl/AioGh/udXia5bxkAru1XeF9JROIn6ynuA4v+mgZ1PaKNRh9Yuh2YSfO92cQpEMfFwABt5+pqk4fJp3y3ps7f0l48Ont7VgKAWFB5r3TfAya9G2ogrY1/4CmOfaxk0PAAz1W9PCPPR2XE/5+UhiXaDKhaZaV26H1w4tsO8uZzhgpeIpu8VzqGYt9+7niejPLw68bua87ySX0NASWuX2weY+bcPCT97gk+jgGDvTy6ZtTmrsTfUAWBwnkRXp085RJ9ARpnI0Htv2n+8VW+x9w0sNOPBGjt6m4oZzdRreWi+jjONI03xaDBudG8OPUPQkjz8anuX5qQyke1S+vWVCmBo2Flgp65TaW6qGrxwaFr7Aag+4c7ZYg5YtQZzMcP+AzTNK7dU79RDC0lk6zaMqK2EMKEYOnXIaPKU09ZsaHsDQhHd19s41dF+li9tl6WAfR+04hcBe5KH/uL/S8EKBIXJSAbrzDsLsuNrsMg/wpMrSBwvQBNFToWjuW3qS2Qi8ImI9zvFIb7P16SAkGR1IJZyDVGKfw50askLczNbWZNvs7cpKHe9kH+E8rKQqC0/L6fWwV01zC2umMrHdQFA1c9b20pRoZGFsVTVGWRaEs9c/4iScGoXewOFPtyxyD4x2m7+aQzYl2VIG52qLgRyL2c1yduIkqYS+XuP8nVsCBzMO8m9Kd8NjubJg0oxACdvMuIs3gXm/zuYbWRLcJUrcH+eBmaSJJSQGRr8JQEuen8+y98X3Ew9D86RXFDyp1FswyllGceOwupIT0DeGPz2XodQv/EQGsWuSn2gCKxELWxNyhjIK6RDQXnvpAFngNVLjJZa3bIZHVrI0nBx1M15ELnjnwj7gUjsxs+jWdtdILQD3eJTl73fFufw2+3n0ZKAQTYitENU51mJNgwrfN1WwOof+4z0F5z7WA8aGVHrxbZocz68c/QqBf/uPm5qI8K1Qwgc6uIU4LtZ8/p4y/b7k8ryS6dP0ZpE/wHvtE7KDe/eaAZYhtKm0p0t5wTxQWr9/5VaQ7oD/XjWTjqyiYPccyTZG2OdvX+DLmnQSXYvZwnmMnSLJYDlFId5OUko/UFSOm+jr7vJupvGL0FuIs3YyR4XRsWmKcGlpnNHbtiWDly7EN7IREpyhN1tv9740ZDT456IF+5dWp8rtqIs5PgHHdXgDcpjzLD9syWVWqpydUcSwoLXej9pp4xZYsved6Zzgg2BSmFKjuQ1/4DdAR/YxTn92TeJeK8M7FGunnHB+z9/dQ28i0Pa1OhlyQeIygxjI/Yos2k9GSDaXPCnnJmVSTz8wz2bZj91NFcArsWZne4tOQHx9IMegeI9dj0M35MfrSvFqfTGwx5sEIGq1AicJWeqBvS5SJ+18WmRghKXz7clnOA+lyPbA8KL3fmBla63uoLoPAl7z2rXEfJ73vABsD99GCrPVc14fPOBLb8KWhZVTclIMK0cLwi/XGrqS9g3gGfB58QeNCDlXAJjESpPtR/YGvfx06q7g9MhItYYBFjzkafk8iXnBXZ/ubUmwaSESdsrJWGC7i5sbpng2pWD1efWhsZfFJIGROcVBlL2loF3JqmzvPxcCYjjvPk9sI7wutzPp7KuVhNWX3RNa2L5P0Q87rerTDqwJLJdQlfTGvAVJUu52rq5hzm7UvoPNVgwsAtFg/nwW4EJFymcAKw/4z6MFKG6Ubnx5aR0e02lkSYUdYxDE/Lsih2A5OKwuSop+2EEKoKVT0lo43vEn4Vg4VSAJ9dnJOlYZeXrrQkmdVw9nCD7wQ7h7MrCY4rYrwwkrQWEfTzLw9iPJjUKswoNIzeFak/lp2D4mrQq0ikOjIZF+bjf+Al7ImypTOhtbktDwTOAvNQ1i6O2DpmYtKrkQtKwPMcO5QQYDgin3B/Um+0l5ghHSjE5UNw7D815etAKu6yl1wkwtg6G460VoRi8eIg1X6eWwsJP5nYDeX8IUQmZfXr4341Bpb5shLHS08Ylq4UlCCfE7UumWOvjtEy1rAcnmYtHs3omQ2dmj2TjnhPMeNytGKx7y89bt54pLN8TylA+M/Slbj551U1YvI+NTPPYCeotNAhODbYCofarBk23VSaHLpiwOy459YaPwp16+NvZ6AFtEKP0VKbQolE7O4siuu3BjXW8pVTxPtEcfQ56NAP79wkW9fDNzYEcoLutlgks7ZtDCr2SbyovjkxVC8UWl/aeg8E89dM6BLM4KUac0Vbc3pFJH+yHdYW47WQ5d6jo4ZMZ2SpN4fNgZ0CX3gAPF7xe4Zn4p+u/MiOcxEZ+IMC8dOSWacxTU9xocTjg/ixIugE2y69Bw1m3Sw2fm+wAa0HtOhG+zcBa7pTj5CPLnZyLS/U5ad25fwM8nu5pa0WZjssgu5qa5gm1DKgyJsYB48aZtjyEsjqFJqsPhrBBnVqmzdA02IortGqwjm4Gz9E1nqzWuht4G5fE697SwH20aPmYiYgC/17E7ADyYrQaUb2oYzxqM9kNFpbXJuWoMtOjtEMBa1ycv5UeaCvqRb7JtUd5dUTi0K/85EshXLIL6tkBv6tq3t1kpZXcg8e4N+y4SvCeMIJ43RZXDNsv7EICWLKv1IWDHi/4wJENp8FpccQJeF/ZAA9TkB2hG7dUByiWX6cYCrUpBToPhgsw9wLfQ37dSieBaLk6BrmKRW8bLP1P9hnUuhv36xp8nwYLmz7xLsTL92/3/onOkbwTE2Lnw/G3azjjeYP9ar34Ba/HImpqgsF9+fouYxO7IqvP80shjVE94PwXezz7etPkmmFs7XSjzNT/9rZaSVDHo0x5IKrNlrpzmA6RmDghqc8zMDiHnLiVQewRUFlTvYaQObJ6yDbrCMq3OFoqbXNMMSUrO1LU3s4Zi4ewuINIGorZt2uVQCyH3UK7Qr5idrVMObmrP2S20BnGJQvl32NebEBBVXoNjmd9U+ooAuhutftg5b9/UCc+QFd8i+ts31/tTv5WfcFonTbj03DEaFuCyMUA6Cj1/FSlzDhjiDLCHxMW7nM4ZEo1GPy6AfjyUel/58ghhKBPaLPuw+C0zPPrUe87ENxSz2V8Bj2Njx9Zeqk5z4dNOjpBOaCkpR+sB710Kwn53Y26QqFRkaHIDpq3arUko9CTBK+xwpG6gohWyKyizeW2FGx4OaIEerEQ6qeYhbOzrStZ4X7dRJjpaWaQsDjYYEW6vdqorJcTffFgCN74WLVwI2Sfz29OAtQ3hxpzUOqmpHtcTPdmiwtvBcm39rELAtqEeMQh4MhYHRojZQnt0cO3tXDPiyo2rFl8hOgTRlYcUklPWPFKAODB0YItT7zbLcwC9e9srCy260614r8ho36yufAH1fSKocJLdEG4nwbxLGivMGF8W59hZr3QdXdmuYPCg1caIbB86439FCf1tN8Eahul+DNOHhI0puC+uj+10+RFC8duqaykbcZIzKJ8sEguS9i8EMcILwQD2A3XxIod9IwVpgmVe/T6TNrwmuPXbgTofqRt1aIfc1bG3m+7QVi6qNHF2uHvg62c125g8EjEpTS+ag0r79gY0AcEwqAcwYtViGKmZXrgcdp22xd2JvXKfYEFkTfl34+37g43kdiELqMzdtr5cQgERvnhlvzWR1i44IH686zvBWcgo67mT2YDuzGnRcFrU2+Y6HJcytWPRXaB99ZfQbpdD8O6sNsHK0LCaVsC4UssD+hx8DF2FpsycPMDGLX1aTkuoeDiZaKkCPmAhCj0082cpgpVGmd5dsgIZmm0CRLtyke8Xlvg3HrxmvYAopmwm+Zj0M3597Q8LbpwSLFVr6wgrUWzQ8wdnBfA0R0mGMZDdAwQzrYMxLXYmtLQNXKwagm7KFaOUf3slVj9PzHck/SA6rHl9Fwtmpe+kF61xveLcIh9f9eZangTi2HZ2dcM16yEXv40GouMp68RcwkQDS6ujNVGUlNxw/Z/oNuX4GPIhf7+FfNV4mo6AHgCUIWQlXJRNnmJeOedPkbM2+W69I40pk5S//+DTtv+FCFPqI5MClAii0x1JDnBDKuPcICJUOmL9Cq7MmKSeqvqdNrL7wuxBA9etcE1YxTjEgzgWAZMQMmcHeKDRwjLLK67ToFf2D2rtpXDzNDNi3kAHaDUHBe8Ds5B9gGlgmJf3a2DFV0co6StBKzdfGVjux9X6riePpdleYBzqBIyOCcw6pmW3rrvQlPCleWN3yY/ao82H7Z3iFuy3e2efuDBs958YIqLSQPfun6SkdQJ6UTZ4rqp3e1/0Bzw6NR2cB9R/DlkUVZMDRNweoLUMMCjr7a1JStSIu+QwrWQQkyho3xLLP+jxwxHBXfbwM9LaqD+ZJzHNUL+1XAKRaH1liW93sIOU1Q9yOZ6jGviRiDoPXFhiYcdhjFvIsjRgiYGZbT+JlDk2Eq37qRPvptxqZ1D9IfxqlNcJBhu0nSrMxqY1W5vmwzIru7b0Z5qRXmdFR8wJH1QfHkiWyT1x7mEXJBZQlGvHvym1aWGyUHivf19SWpog4twN7sJJG7x/E7AP3kOBJMJDSfmhJQDsQNULcTeCWR7tstU0c8UPDnrIni7y+7nMO9hQ0ms5hMWSZr7SvN29M7vDtQZj9HIB0o6kE0ZAJ8vlax1hTIYaQQ6rScu98Rf9UKdusc7XLLaDqUfxjT7orinL+lXI+ufupjgGMUvXmEA9WIxNgYUWd4a0GUM0+Tob9v0VSDjIejeR+sABYLfcSRbX2FVzduWcfrPXCNYE9u4OQGCpN7l1nJGsQ66I9lAeu9+GaF8byJ9RC5xIT9sI4eF2QL+F/7QwsE/6SKFN0S/one2VvYpHgZn8DQCAn1UpbdEYAVDZPqKDf5hA8AjRCSEGpjQuux0Y7Y86Jc8hQLi2Rb0+l4eVxBkDCIc48Bw4ZlnylF7suvOO7dr/BQ8U2ZLL/b4kjPHev+NmMvPcAgx2KB6rKqZiXXtQi9PD51CCgOBDtge0RJqg2w/UCGmCmUiZG1SfBBp7ANzFvCgmy9mHiHdz+27ZVeUlCpsLh0Kw/LEW40DBr5I6+J0PgD1yGbz5rJg8NYiIVft7GbsRDwFcv9r+igk9ZLMf5hfcdIiy5ZY7Nktw/5CO+7X6XMe4G44uhSW2bwSYxxqIRayDpq4CDzEmg51Wy3OdbO2MqxkkZsgyfwlHVkaapcoH8LyFTDcVyMCYfzwjIIiyHxa468FnPztrCoDZmm0O3A55jQCvuai/FjDyC9FlQP6U75D8QQNsKppWGPVOo0t9VmYsYH5HugNtZjMXDe8utv27gCrphwmksRk7wuKgv7OzZU0uU5nZynOFmYBFLUz6porNIoOeA1GXNscZ7lTx2zTlKbXvPfHPkK40Fm3nS//20yEHYKQPPYv3j/CCy8I3uFNpZScStJqKgIlAv3gbKYc4HmF+Z6IKgZmyeuBGnIm0vyXwJ0zJvLOiSNQzdNBKhcmPYW9pzKwJRix8ZpvBjcNQk16At6oK0xKHWCgxCiGTyQ4L8K7zptfYkhh6rBC7sMJfX020+u0ip4i+gZhnaRmxxh3Kgl9uI0PCw1Y5YFeJz7fbae/OefiW7SRt3fWhAW4FQhCAAOIwwseQ/A5vWo6207XH70mlefPSwZiIoCnVzMX8eqfYKu0tGIkAANQxiBJs+5gQZWAFWr8l4nfak76r1C9VTwaDLOToKDAuFjwAvZRARO55x4zRXcxfHfjtcOXWn0OQAe3aD2x0swRWLNPfCEHiZ/tGlJ0/79dmv4a5+FFlSW+2bnpDDFt5h1KLNiPrpe/+YgTCzrIpbL62+XiCoIYdML8Fb8KjpeWlXS7r0f1AQaPHiFVQwGSaOXzYFPQ4J5/CaSYWoAzIpX4ls09HiYAtmWsiyLZdECVeID49VFiC4zg0zumxu+PFaQI5yD9LaM59Epa23Irgscn7kw9M6W3uABravrAlHj2cJfkM8OzuAAJFAVzfrhjcd4ZuBU895YhGA6hYUgF0KJSO1sDFWhwibOutFtDmWVc7LNlAWuClMLYsjLu/xTvfIJahD9XIHIaiPgvAgovsQy4gZkAJ9Kv9suiMg9gdQTQw/3B0QECSUnlA1+zG4MBWBJYzBsxGIhXpWFxMaLT57TfAaGZAH4WRBexSFmZo2GtM4TBEVsmiUCTUAqGqCr23tdVvTsF2EAQChzFUHU5NsfIFjy7jHQpIFYqL9kNOjv0wcDGsNdhzXIAVbF6UC2KHiHwwSlJ6dJuHmwPgLEDeUCMKRUSVP9jauPeP5ctIAIl5KK25H9WUuq8OwkbfpKNIcxuaAEWFJT9LlhExgc+nL24C6E0yx0XYIhHPMAa/ocmSg9zfg1mZMxXUsz9+W0LQHM87y3O9tIFl/vTYa0eC4/WR4d9+nWvMPuoUBpcl42JWn0cRqW5LnksgpvpV9exdhxFQg20mNc0DSu1W73Qysn48E7Bhd1bWXTYvgARh8Kain8eyAyuPPkSC5YCzFez5rxyBr+4Fn7FC+M15vMi+qBeA3sKv13/4bQJMGGELTq5nBdACV0SN9Q9TnLK3ec3EBnli/uzQiCGDnB8BFfvpVgToeBkw8vEG+E22IDqrHM3qs7vCgnacD4DO+PEjLaT8B7hO9L5Mm3XIPu+7EOV4wqSV57BUnz5WDpPlEI15LjXH7Js3HGkaPCfiDz48OiW266/sNTQFtEWx8bKqEVabBphZRinrr0eaIBn5xH7rU8A/HfIev83fCtkHoFPmkBmSRAYE+/P0gF1hqoTzC/RI7LBo1m0+h0//6hhKQ/ZuxjUx92u7bhlv7g7ulpTYMtciALLo1c7WWNzhF6PAMGVwQlGaif3XSV5rjV+ql7MfL/CAeNaltfAboRW+T82xBV3NU75bOYzeD4l+DrUEM6ASbQ6AWID7jhgwuVwGIfIKO8Cy+2PpE0P6sOBZXmHpWhwC+cJLANy0Q9QtRs6Q7GLnfZg761MA/9ywNM0U0b+xwHJ6MlKFnJD+LxrhKlTA1dhanwj2E04x0pShLk77YLRYNfJb5HJ2LiY76keqBXDHrylzITHvuGvhbTFHmBkfjCizq9flPeqG1eAhSpCy3cof0NLLwoOIg+vBgyvmHkSGENiIhio0cHZhY12gpsJHlv0kZYC1uwSermt74OoWGEmGQ2mdznIhPEQWfil2n+ZAo4MH2diy3ul3f0s4kOoEsNwZWG4DsO5QoYNQy6+S2w+Gd8pDV1eYUwu7NgBxH06PcDiwA6ydMlGGy1wh0rCHzZYVzAReEi2YTbrtbx9HQmFPYYAzhrvUCzjEsGBZrskSk2zFro6wVz+s2AXvrO1SAWFMlP5V6YFHkDiMmbYXWuAvzLsxV4e07YOyTDrkYeBkENvrFGcpngUaUwtzN8wb2RbJXs9dyt80spW8/TKtiSAKyfydFlINXQ4lewhfPI2DBZKuzR0Dl20Ykffji8tu4x0+E7upCaflEGGG1oxu1exhbMSYaR87NkTH8APuzZbg3jqWwXxjDFDG30hZ1HFqdoje/YAOBZoMoh/z/FVPg3iTQYoOdHR9q3Bj7FKex6kP/pJqYQki8eTe+gHhfoYzowTovi/OFZMKTGFtw41vVA5P1kbwZW5kCSf0eNosWBrqgTM7PvzQ2dA+u7E87qF8WSMxxuHAQgzPCOXVxv6ZsBfN3U/JaVKeWH8FFMQDY3nAvxugZTR04NSw7ZnkfLwAg/ER3XYYwD3XLwMwKnYWNWkbaGUmtLIEphC5n5U5RTZYQkqX4bxt+lqRqcXNhEUrcLo/X9H77Nn3pKROgizYfTuMs0k53umP4dNZn4bsUpG4f/n57/S+8twiw1CRPgboc15XN7LGbvS306ZMCxYr4tWP407q4xwEK3+5qFxoZkWCqH2BOKrRbSOtydo2BmsQbiviz7uEMXx/cORApeufZxUFbUewA/ATWZ6WQxo6X8+xpNrM4wD8jqMhcU5WBMDIir1A9N/Q7nZ+v1TdXtq6Qi1G6I0xo8vcjVPjcj++7PMxQx3glsH6y8JW+0jjj0R2j+5+6QfVdTDy++kXRv7YYmPCSoceIoEfDqDFT2Jo7HUrpou6Nmo6Q6/PnEFRmPDEAjAq2My0LxDhG/UNWNYb4EeRrIC1Jgdwe/f2gRUDwmQQBDl4KSOswm9DLXkpryvrVKafPtnlEewt8LD6i0MKR0bCdS0S4B/tQsjtF1CVw7IANpJQkLJzgkD2kZUxa3r19TvgwNyp7iRjBp6bIrIF9K22Irx2+wH6JcQTYEU1+dvzVUanNEM74grYIeLaEMTt0vqnGq6ohQSaRdjJt2iqV2J2gu1nzBTI452KcDc57Qt4JEYCVvRVLEd+Thmja1MatOHuVbE2mKmoo2K+kPQ8yNmUv4xD/rSoY6t9yg1/olSfCtU94zwz9a97WJ4AHiiWkogk5+QDvSLYMxXomZaASXa2JJbmPOPQaxxmA54TtnUM+BgIoZlkJd0dg/+jB7Bq0DGgyx7ekAvIaaA0TJnONK8DH7bTnQ9XdtK0JPe8CRd3tSKbfu1+s/K1atHF2thB8S5Zqg59PmXNFeqzH+vCvHdI/XRS20ebpWfrqFJLMIwczPU9Ca1Nc1Qk6oA93udeYG3zh9F/cIABq5qqMvRjHbbvG3c7oMh7CPNyLMG1K4xSFMH+aW2yCchhPP84FGlM9y3McQ5/yGyBPR040MThxLQrHiEiMHfj4AS+QcP8t9dYN8PJIV50tiUz7BVmIJ44o2Be+ktXFjiHbJ7xUlUZtGhIhe7vOX/wuLAf5FJ/tMfAwkxkOUyQHD4T4VGCiHhlRESosqldlKHPCes112fjzIM3kg77bUgnKxPxpmOECNopEtoKlwCYMd/QBu6s9V1np4+lWUPs5bCq/RUIBgbB7WeVcDrjsZET0Lb1qoLRUr8gbH/tc8QZLWTrPPB6QN3kdPN33AHtz2DtwEGmPPLnCdaD27jmp+DaxW2qwe7f20hk4g4UEIhpV0IAP6TM+aDE68sAf4OdHcNOgwEena8sMMnH4jhtd/G2Rxcd4K017AeZiH1AlZRvlztfEm7RxwXHn1yMBZQMfaZi0X4/yT379hgRSYIycGpvl9nOGyx3UcODWszFPIAfcDbZ0CzT/zRjqZf+Y5xClEh9AgRKC0hVjuZvtEvzej9mcoUHi4qxz78EeF4oZ66HDGIotEjIib8JngI+3a5OpwqM/AcIBhgB4fQQl/swVfIQd9I5OBWpPYJL6vxPDhmKR19IYZ3nc3UsgE/ZYSOyfWXVHNgsSdhpO/+i+/19O/chGGkoK2vmikrEAAqdOxnPqEM7Zhzx42kOxKEoh8xflWE0tw/rT+pjAOzlIL7Q+ya7Te5vkMxW0VsnMOfyxoHux9S1bz4ZpurmA9pmM5t/1v9z929qwpdnrpIwU8MXJxs5503IQASsAeBe2GPJaAt1zsGXg2iMSpir2qF0wCU9Fnai4HwidfZuAjxGDbqr60RYU0Sb0PupnviH9zM2vdVS5mW/cwf4F1mFrJCyOuCUoAnqn0w/0+Sr1q7RaElp4QioDO3jxePKp10etXMuPoa2asFOTZM46j6ZeE/XdIIAKHadRnURWW6LwHRgModOMjpMy095eRY0QSE6zOABR5HaOAABv2LgSn/sSnJvnuzBHZPWDDDG4vU+skgv3F1/VXDmwS5Mln9HwnnaoR8QdfGhgIBxJltC2W6TYNz81VHl/8dfm/iBe5fsZ+nyFNZNUSaJO17vmMKKsXMqJNcgHCrjXAsN8a9KuZO+buvRO1/giPXBshzdqe8nsDbRCll11bU8LJCSTxsFtll99gtVNXP/2/lfu+B75a/2qa1dBH9SZZ2sr99WtH8qGBxEKbLyXayvDpt0cB+YJxI/s53fDLn+9bsPurH/J3vv1ew4spyL/hpF3PsgBbx5hHeENyTwBkc4wnv8+oNiz8weJ7OPZktHEeroXr1IuEJVZeaXVZlfHhmk+arSXKnDkYXdu5HanvuPCOv/SDQ2wbwleeT8pmrixnVU8yTVUYYpsCOlah+eLVi1qYeGUZlm9HWJEVrXbG2m4dzB3kPGjRQiuucGOBeED6Tsk3dUuLBkBl+lW3Sf2BvIqT+PBojJ7Q1SogAcPzYwrnN8bKgMaG1FyddD2uX67e5NLWW6a7LfEw1v7PaNLkMi9G8/l/2iLb9+91SyQXYe0l8G3xdYQKIqNK9IbEm+U2UB2zPk/LefeAtZq0lvB1OjgtxaqRVaRdk9NOnLKABqE4rr9befS4JbBEgqEjeT7tD3QRb8Q2eskIcsq0UvW7ktRb794TnYc06ojJDpnyrwEvlxDsCFYFlxN/EpN8gV1v18JhPQbQ5qIdtCQqlLfzNS7k4CSvWYviR3+bEVMcwxfDkfso7+iIurH98rQ2TQ8xgm3frPr2Hri4MviMlAFMMf+n73n8T0ZAx3/USamsPtl8gxYjsU9B9dP8F0x+j6bd7Qvd5QA17AZkqACPf0UBrStf+bI77/99z/Pfd/z/3fc/8bztXE4FavCQgm9lKxfv3Q/tI80cetZwGahZdiPBhmma/htugjov7QqcEvOjVGdzEsme9q1SGDSs0io7y2hDqMNKaWEv4AjX6r3qtGDIykH0lx4h9RCyPstkDoPnkvYJoquLgdrAiYyZ9/oufjtpIWTSLXG5hMA+DvG4kCO7ybnyk3p2FHje7c7hYnv7T4h2Uok/fI2Ae529CgMYAln6UF9Ej52fudmSPB0jhYOFoWi6zvht/28GDxGqTwscBD2yjHyy1+6KQvciIS/PETYSmp/+7/b+7D1uQGegCjeeJj4NcPEMwYGI+5xDB5KSBLY1baKLgNOP56nn2N3c8o4rh+soHDEDSwVdFpId6wxc5rBmJcklIAUiK9/e8YY1BGj91ZkN32wfbz7545SPEKzZVq1Rtz+fCNJpNEX/dFbRbPFwtwTgf2tl8nQ6fMqzDQDlX2xo1G2sSEjvyo2uoI2DsjM1fVGrXBtiE7Q78YVOazf3PcpspRoflImXZfh8jJGKEf2KzQN7UnDPdGb59E7jL7eG/6jg9WaZHUdL6mIpf4G/NXZBqZriq11JS5X2bilaF3BOzsAfcFIKpdu1v5id85Jmh/ksf3b6JMMNPfc2fpXHUK+mP+Zk26fmA6Gs6FivKX8QuQGP278uM0/Id8WZT6k3RZ6h+ULkv+q9nX/2rqc/oj/RWkPU9F8v/don3/vZ8O/eq3/x/8CroM+iZKv2MQ7f/jmvtGcTt8D6Io9rs07N8e+e1NfpVtTYBs698c+9FKcLDrpzb+/Pbw/lNXguPYj3Z+D37yZcmnf75fNa264k+v/9eSzX99uOqy75wAx6FfNe17cJnibn7fN/359l3+ywl7P2W/ffqvL09+yTj+59/1OYJRv/Q1gtF/+x3/Vc9n1Tx84p96veo+1a8e/P708fLrBv0xAV5sqPmf8+1+sfnu+rz957uxTQ4a8YmXfF7+1Tz2/6vU9L8iG53A/wX5rXTBf8LfgfxMvvBr+YL/gnT0P2WUgP9Evn7XQX/j64D//X6ayzjr959yx4tPPM8/E3A0+ZKWP334Jvr/oPeACZCHPqU/fwSH42TuP+uSM3/7GlxUfT4/p7Z/J8WfsHpAECmK4l8zXjD5W7YJhP7jYKEo8cfB+seN1h/JA9w8XadqAc3m7k7NfyLk+H9x/H47WD+N4K8H9desLH+FvFG/Jcv5Zax+zf2A/YmwYX/B8KlW75RK4xCoZWXPUOlYwvyPCNvfzf3w58QOf+Rx+HOqhz8SO8wb2MM97gmBcJZsINHJYsnzWNMLqmLZgVK+3x5ohmYnjuonvqVtuuk1s+scfWVtWilyNkSy01uuchmVUsRSMERICf38OWs/nwxSt5yHKp1jdoXXke+/im3j5zFbrromCP5RaqxV0LI0r2MPX06vSDatNNBhcsxlNPppnBhu8MLxy/W8gj7qBtI9odCvsNC9kgf/mxy2G16BGSfzq2uY+3hR6IKOPWoGNvkC/X7HMb/9DO7B/fq6YtV5HzP59Kdn3Pe4ovhvbVdqw1MwvYkkpQILdWplYKE3U6kkQjHHNvfbGbqnr6bXwHeLEY9v7jsyuwnu5DWrcemYxwv7o04xvWIO3cVwvc508KT7TSDDM3S99le9FjDlbtH9xqcp7KdRYfh9z5/vgXu8ct5vshvu3fqmOPQTHA9iz1PO+zr4UQu40eyHcf58nbKafHNfJ0C/HP+Ep85hx/3d/SxwP3vX/f282/X9Pqh/Pm8w7hlwPxe8gw/ug7i88n0HA9rBiIHnQKb30cHxu+0/PaPADb84DBc79e+xFPQLfh+DHrWCm+BZHIZ+r3cxzPR+3dMqGksfKHKVzarCOpcE0voxA8FK4b9lGf7EjPwVxoLCfk81g9DkH+3Fn5iLn7/7y9UN8j8SO+P/i53/wdhZj7tb12f38QYsZP8/BpMRBP+9JKHQn7A2YfQ/hrXpT0UJ+0N//Bfy3P2N2y781ZE/57n7hbsOAr7Gr+nr/h3yuj8oTBIiaeo/TGv3p732E3Xar2nt7Nma3azprGivPwHjQece/Ny7fzGt3d/LRodgv8WLGI3/et788XyY+rfO/6f/LBvdv9Wlv9LpXxmG4jUDMQXQpy/m/9EewPv9BpQVf5FR/p0HgP+JHvkzd/v3fId/nQcA/Y9TJL8jwST/PRbMX88M/B+kWPA/KpY/PY/4qxXLf2rw/6dS/5XLMsxfQAGWtqd4/5eiWso1Wed8Sn8sOvxL2gPWiXf8Sfv5lyUJ8f62Xbsfv7fx/AVX4q2iwJb7MN33n85/Bh//BdAJ/iUij1LEv8DIb6Wexv4g9TT9C8b4DX64v/5HjT4M/2G0/0tFn/y/AhF/F4b4rxB94r8LU/ynBp/4Hyr6fx/rp2vfP4TmB+sn9w1Yuub/AO+n2QGW0GFnWdzxUPs/yfupwmguegHc330Qxx+7KJZMUF6iyO2KAwVOJLWI9RyD80MkWa49nIjZzAFlHY99LJFtfwTWiYRR04tg4FK2qO3Sir7VLVFQfq/j7EZV20jlzehjgXhCHprM7mGh7cBGyGtblhf2yGQH+vkfUSkq54+9l/EOFDfE/VAe1Tu/794ULL+7o6HpCW37BJwcN5Sy2BKrTBioE8euQsa8zmzVzqtZzFxmO5FPBs2s/Use68YEBFMrFtgbQzPqw9Me5+rwQM0CfXwVBYbZLRHXX2r0LkvDkkkdK0dzrxA268VKcvlk42q1QMTmaTejJl2ekMkHCO4bHeYcOPU1qCDaW8k+D211UD0NZsKTYfQpVTq0yA4VpcTia9z8idQjkibxfof2fekl4Oub4LO/3wswbIziPKkMJw7Ut8RLcK7c1MIY6aDCtZhvcvFop/30hFXzaLCWtmeH2ZjKEJuSq458cIdSBSQXd4xOwfa0Gtei7kBvWUNfrpKCbCt9Tas+rMFzQaVMlhr4s35xIFx1G9fS2q6iRZK6x0FEfOao5X4/4z2SFC6n+JdiRVg0EeNpYuw501urft6J4TyX6zk1wQxq8imTydWxrymj22QSCqwia0l5aFRtTxie0Ue2dDAzBAIICGN6O7O0GrvKaNbS25LR9PsVrvimOQOotgrcbilCBf3yoEwYimsk7UIF5jGPE+wZkYdEFG/nCWTJkYIB1t5dUsC2lAyEWfk2DiMuw2QDSZOfyJ05nbVRjD9J2h7Ahjhk7WJBmPXw8c00ExqeWmQgx0LH1owSnS7Vylr1KCle9+oiKywWyrrnw+exFKITtLW7GmEUiDM0OzjdK4heHezrava0hdiH8g796JvMqsxBdBtaCWK3O5Cvf4ZSrUaH71pCa7j76cFAY5iqcCZEk/RzfmAKc9AOUx/VgI29dvdaPuSPaH7xUnRYB6cjApVo+Svl5yYCQ6V1FwmVnGlNhGE/vpMtHEw0wT6VjoeKkRGBdcvTM+2SnXzKfE9kkUjg+K1amm81N6z3qaEpvNNkv/UlWLA4e5U/jcAbBJS6eCZ7I2vdcymS7F6294OAhGmsJCSw2epW85r7sVCcTvm3NRCGExNjxjMLSBmjuzjF6mhmgyGAcHtVWap3ZsvHuTdIa4rXGF88Zwxe/hNLBUjqiM4yAi2LPMp+pOPK+U1Pw7IbZl2m9nz1OTxnf/oXAcIE11xCVHwEqdEWZD7NRmRWIEClJb8590LDnrhfiUWHM+oC65GbXg8LKVRNQfN0ZRJTbWfgHjo7P2dNASGwg/EirVu7fBeoVwDrlC8hrrtPeN47/NufX5VhDiR+RXP1XMjdOAWElUIhP6VKeCqC476DAs+iAomuXnmgU7rHt3rX8WFOSYqgRTmJpdOG0u6jurriwpGxv1T4Ya0j6G/T9SfnljvKdJmuNCp3OyRqdJcXsTiyW4/NPeB2ShljyR0WrO8gOkUpbA7lCPECwu0aaBy29cBYJpND6sJ1rK2IuE5kXq+TUOp8VadvjX6SdrHR1IdJ88JBGjj3wNjGB7WggtuUCvKRPkanuVuTTSliF21J9z7DyaJc+jAW8xMuaECQCNx8xe85/BFk02SpyQTvYktfS4s7zvpKvR17N+xcUZDLNYQHxodse0+2W1jTX6GqBbSaRrAOs4jnfRDAs8OfzfDwVUUk+kMtnxiX313LlG9OAKMO91N8q84qohAcJticSfdyGZ92b/s5BCJg20XB6c6gtful4bN+K26glAGWBL02u91HND7Kyj59llzqTQKh5vwzfB5285DjlyGDeeB1tuD2idc+NrvG3XaSD9CuoW7abloZ2r+W4xWAkHnArsRRbPr0K5wXgqjiOzSHYn3k/c61RA8kDjRD+VBCgi3HJ9SXyI2KOmMy8/fj0R26i2oC4twaQ9uKVQ5aaiszLim4iqnrrX3C2SNs8AWEJbNeZdYBj/FO78WfTsE4EwjsuFgUFEvCt4SvxISGuQEWK/E5xU0Wm6xju92mPRCTey+sibMsrzMuURtaCPRd89JMopjIiSDRKbC+pbZYzGi7ZT7ZnB+VxRfW9FsNeKDQPmlEWlFSSl1cOD9Vx73qKPqoHSnjy24unnSr1C+F1z2B/YGFptEScs1UjMHrbpsrnZAKkZxLveEx4D9gxmCutRegdA+L6i7llQU3+fRrLuVK/kiAFO8bgdWmnWwjsO71BDpWYLLpdTq5cYy7lJi+njbJtZY03JcBrTKuJCKc9VX0Hz7BClMugBoTHepQ3i3OuWNlAJtSYdOkuOhb6uVkLUfMsPhv4ZqXkUK4W/Wkhy/YysYUe/nGUhe0j/FzCSv3m53ZxpH+YdaTOEYH0+KhObNyL4vlpTWAyKsAw2ErRQsinbxNeuFi9kklwou2DJFC+3LHqcjQEk4aw48ajuqIb6a7u+hNxT5Ngo3DvPWMwo3bu7EaM1aD9IAnR9Lfh36lnUG5fFir9sNn9odkgMc8Jf9+AAuTjSZsAlN99qV8GuQzza+uWhNUlD3tbY8hpzjB0eMj3qR+E/EErNhG70XCgOKeYX+SyWHRhwMC93WuLIb5G1Ji+FvLzTaojAo+L8WPsQvvC2cfZtidaQbMtzXYCR41qKuIvwW/tWuQRhtB0E4csa7Io/o0uRh/DrLWUJ3lWQUNq8mtle+zxmls6bdgJKg5xL2MBMfe5yskrIzk4+GeYLU6++yXK5JJH1Y+NyBG78ac3LWv5/WtDY9e1QvvMq+qJBWSUzeFJttrEs0VnZ4/3+YK8ta3A8HrBis45QICRDxgOeBvpOmmZDSjfMGqo9C7IXDNk6LkzkndquHW3a+9wBFqxuSWuZoikDTnTaSEl2tPsWXooNmKjd1pZ2Z3TCSjLZVn0ytBvgVJI1xfZ9Ig7+5KQHXV1qVeDgEzYZwhvQ6TcVdYILcweKZgINE4pVfyJcwJqYeYX1Sw+wk/khsrG37ZmJKKGMLu6HPm+F1hxvu9M0SQdV7OiRcdwhv65Lwnnygycm3lVzHY6A0O+DooqMi1GsOunLK2qrx5IYvlPPJ60iI+oVjU7fe6mKiiddnD4oP9+V6t2xHFG9y7dW3Bbc+3ImFSOE4n2z90IRQxXXppJfcsjcbtyPKBbe3+nuzbsGwFe4ozZ3UR3Oetkuw87uWX2txqV6+1p1+POc7Q3dL5TyppUeHGnjqSxZbVPkF2TLazL4yksFf3ump3arYb3Vr5xx4Z1BlfszDAUvNRlA8BYwz1umx8LCURjGeXK+Z8seFtfFoBed7S+RTue1SMjDmNHdWPma4TenzTNN8tYgSkTtHdDNaPsIH94oUdw2Rd76VovBfQzeN7FcSjaxIQh5r1bloSu+GALUw2fHFkldYP5VS2D8pNYhp42hOCgMri6oY79zX1uHBvvPPzCki+pjuPGEU5VQ4GZipqimXnEoz6OnFAB1tiyuL6RBZaxQQTrrGF0rVrhX83lCuE54qh38qY5zjLk2b3k1iND9O7Z8tLzNdXF1X9KPNFeLFM13qipMyCuIjQboiPj6rffkm7l/l3nOiPTiM3MjXqN0O89vdpo4EOGCMUXS6oUuwuDmQvPtRL2UTMJPtCM7GJFa4y7SkSbRnOb6UbjUQM5PgLVgKuVvbjnxbDKrh+8tdgWgQDKZk2cHQaoIbVuqddH1INLInpAbbfA2EPEc9Dr8MdsR2RamNIwdDydNq3Q6QG91a/AQqIWGYU3XfUdLVNDB55qUWtlDyWOWREPUTF6TWkbpyfwZerL8+6ODeuKtxtfkTRVdC0XmvFZ/KcXw3IM5Oh/IVGdPil/+W+xPY28qleubXuC1BDkfTkjtRHWTc7g4Lv+UH0rX1yHrfOylA0ew68JuCMv+iG9KXyKEpXFflrBGicL5aPA0bnOi09bgJlQ1SrDbTTZmvh/S3GOBtIez3JeefZ5y1LAvsxjdh2XMrs2OF8588AvYjMzuxubib6xW72U+fHJlP8uG/6mrI49UqxTjmhb1g3+/WAAkOh4iax6o26FK9GWxLk4agUfsVO8gJSodV2TQjHsdA3ztccDExf/RQMTKFriMz6Nmk4Ds7fJwS0KnQ7P60jwFArfBQnobBOP12hMo6cJ0mb46kC9qv6ekvowBiT3hovF+eTTGH8WwoqAbMg3RRFAaXdTl13HdqK2+/gYixib7x0RTllLC5/wxP2M6ZIr4VeODVegzvmCywnyMaYHZc6QI8DJBaKJ22h6tbigARVVEkqnJx3uNpYGRc5xOiP+cZJWtq9xCFnEtO8bpUiK5l/akPQZEUlN/z9wuINOuMOrxh1pkflmrFKr1LZeT9vo2olpcTmXS1TFG5aAGtJVw6tHZh9b9jnkVzax3uOOzoKjVVd91j0vsdUQTqfvB00mxga3TEwp6Dp89FgED/56uI1MOt/0jp9acql76OrJ4j7cINvEpWusCdT2vmnv311heuaSVduzbDt2up2MOG3r+DZ6N1r4K/XjV5d+5Y3DpUUyed37VXSY9r2iZhUKaHjVk9Kp0A/8LGZmEzzCPuxWcDL7utHF7z2/AiKST0D95NlpIDKMgLmqn1OJjS9OoUKaFciqqhZ4IBfpA+2SkTeQKc+nURUMCvGf5QbTLeeOvQgJr/+wpbPXK6BGVAlLVKA8JxVBtYamjOixUHsFmnoaHstYVdRO+FkK3mzeU1vF6Sfg/5YDQgyOyQmtEO3UDPRymgqeo17wU/c28uViVXKO8X77TE6DkHW9je910+QsbPPwYSGPtRFzKiZCBe9ZzGNcxs+kiR+Xadqis+NXJ3ovPW9+qpQ3/DU9YJxTFr1i1CycVolLGiUGUCYV0veh6FzjkP/m0/ghxLwW0HvtHUg6Q3y6uVytSU/tSdbW/wWMPs+1R62uobrRe+Di/QqfHijbvvi69PCD42MxrWHzrh8fgzdw78EBD4Uf5JbkjEu0EocZClkttMKPhNWuMA0aSwg2uGGnUBW9eiUaT3QKHy6DQTaSd/e9vrGgGy+8sSY1sPFp/XTqGYv1h5LCOOH8KkceGRtVY6FT1JK7RvxpgngbRqYOUe9x0puNJlrVGLnrAyrdPDaNq46wPrtlUGSw+CCfo+iBxo3qTdqEDFCxiHXFHA48zObYcTcsYDkI3VrAtHsApPXwTwuYu/ju9aXHfypC1gRZTW8ySIhJsDLNXdlED9qPNI9LzOG23BuXUlu4wmxFhnXeqtyiwtunEo9JwmzDqb0eNblSeXRMsgia2OgKFrYkE0TYdtCH0OiYNVqX8ezCrv31WwAN+EUxj8/FD5DP7mj2Wt3kApNoMnn/TQ4tTJWrAKrpMzmFSssD5Zo5mH+cXIJNXbgZDJ3DJ59aiZLBy+GhVha4Kd8UfZztF62bo+j80EqYd5KfXzngjAHxZjO5K2745XDnIW2C3FlsZDbvNaTiRfvFQrJZE8mWIdBYcnEfUF67Db0C2amgouDTmhUnNNDNh894W5AZUVOFJEimhpz8I4usFz5NChlyKvbv8a8mDlbAqxKvOqAK7rhjIrssQyfaKoAQpFWALlP/xQbE2BlDTdQeJd9fgLrgKAihbj5m8f4LZNRMhzfc8EsMmHmOSODdkm+/SXOr5KKMRAF8deD1bTPY1ZrcKFJmXKAdBsz86fhw/Ynx5XbqyMUPLhsFed5l0ar9DL69+f9XhFMaxSpukEb0U0d9tAtmSEhTH4yV1EdgtsmRo2gYNUC2mRI1N9cqqsNLF8IcoUeTDfrxbNXCxKggswk6UZFimlIVr6G1E/2zmy93N24GZ3b3iZEUO45xvK7SjLf5CAdeOeIAW20ywQacPMXsmH5NkVLs2LHLhIrCe/F9+sIHr2gkBxkqqqUi7jdLiLRcLtXic1wQUcoYLsaV5+p0KXM6a+yYxeaoN/0lhvou1um9mPTXX02JDNg8K2iONpOy92JTYSoQ+fJdZUEKWW28CSV4HzchMHGBB+dqZJNL6UAcT4vy3aCTHjZMuK8mtVlZibqeI/aTZaAPf+20ZePlTgzDx5Ea9wWCUZ0lLvZS0k2X5QGJr+91++76yyIAoDgAKbLnltl2GWUySEJ0XPPfyip8BwvaXoRsqjmAjK4l8ngM0M2Rv+8+P0kJbqmQl9D3oOzxEwHgWTwJCmZmWZqRFMyfDOaTLNkmtSELm3q8PYXVFVTpi+DYN6q5Jcouy+nR0mxmQhdhEFAqxTycvjMLKw7ifrRqCnsQGO0WsmHBGnQNPE+bh8AnU0TLPGkzJuZ/DzoinbN7V7mbri0h6I0eG+ZAev6gKmAI7NhPKcq0KNUzPTO+UJFAbF2xXQInnBHdM94OfE0OO1jmQupUn8AZ4iyDuo5OoFL1nLv1w5IRGojLqFfB2LDzYMKGqIbKKO79DAWsdfd8Pc275iNJvMk1mdeSDqudCNYPt3wI3uhh3IgmwQlyVsxvqypzvsWLgbuPcDos45VxBfdd0mAmk0NfNcPyZDYS4A0xzpQVpGusIea/TYu7XnKyYU7M79E6th6DKrMewUWd1r9WIW1Qtv+RK4Vs4vHfNX83omxNll1Q9pkqjGuldvjAdbjB/+M8qcDebDHx8ye1Sb6ruc2ez+SMQTysG/GdEEqhxKvZtzyA2Mwi7U0ujuI4CTQDnu/wluL5yikBckPHQkTzPKsDek2bkaWlkx6ZfGoRbRjFfiHS/zS92tijLsQhwp6hYO9Pvp9+2jUewETknqcJgN2fLpZTTr3663Z0zsyDcYRuzaC7vcimP2h0/d7oVLyZubS4D9HUcSRZN/o9cg1UYYBfHGnIRyZN8S2y/Jqrp7pbJ8XwkuZVFkLw9qOBWYcxkZUgr3lfLtl7ZoL/Wr3SzWc1JpvRmkUQvOBkjzcW5IwefKEhlZLtWSavK/u86ptpQB1NEV+ktFWCdnPfqPozXyNPRKSKlf7yECoHyuXkcFh+q6gksHysvRRpG948I3nmxeiLlziBdu1M0PGNyUKofNZtgLRsFPyD35ykr2ikbJ/wnOTCZyQhab0lgfucVJ9QTa3vRpfUBVmCas5+ntSE3WcY3wXUMZ+2IFXGlpw+IKsCb3E7c+97BGl1lY1CiXe/yT0afV6bMfH8IC98/EZSXybHlCIcmSAy9pbn4bUvKEYwG/DDhxA8wFM5/v95mwb/JYpLm+T+3SDU2LENJ4isGbsjtcN3M5znjyI2ismKF8JSVfSqJ4d5mjT5WhL9UiyurBXlqO58xYdRnsyHcVstzfb3Mh5lxIwp/f+Cj7DM1QKt6G6Bx+qjY0kfoQlkl61t8syfvxJmpy1uvU7bwpH7XFSjJIPkcXZp7DXaY/leyR5xQldHJKZfEt0ArrcCoiYH+YZEVl16YDAVowI1wMSq4Ryk0d5srvkk/9kCCNSbGBb6RbHo4eYnMuo+dyBfQN/Hkdpewow4yqdQ7y0SFaIOpqyqaW+JOC8LLVbZpxgU3Hj+8ojagOdqlsSLwg1zoHI5SqfIug2gSmLH2Ljuc0AB5jc4e3MMJ+eBGL1QOB3DIUE0e3mySCH9GVxYBcJtiMKP20mvsq8eD6eH+IF+iz+VkrkR2xeh6dE7kZQjQiGXtNByfIHN2X1pLziQczt51CBy9tOV/3GRZJkShxsXmIV2DmCCiTMvCb2LwI1GRTjcUAf46Yc3C7Tp2G45z1TxNubaLtxEKT6WB98TJ4AW+zypeMkP1fpiE68XCD4sXGAl2UF+Zxm9TBqo108l/BkRChynKtK3BXARufk9hyB4iRFbMhGddm8Odhe1tnqfotVM8jnvKaPYEgE57PuPED0kW/5W7aOY3h5LW5/CgPu8+uehF4JPSwwTDc6Wr4F9QIv4pxvbb0bV75pNntMhFlpieHSN0jhywsgArkbJPHhzQkcIMSgv+tMVWlNeekfGW5ko3xEM8BW8m0RjiftFAHKrD9I6T7kS7LVsYN07vk4EE1QZnt5B05TqWfeNJeUiOFkdM/4eqIU4Dll0XHQHrNur4e5gFTVxEcOMpAabUEvF2xlxg7EwuwXrlS3yIxa907UBgM2t3TqXHEp+iEM/bqGlPs0N2WpL2qoSHu5p2vdwfaXqQvSxzDpnZypQkZ2K0zKck4QofGKIdmrhBQEaODsjsaLhgqQIDLuuuN57r7N3gdl0cRt+9BgsRPaShJHI5N8nxktI6QPLFn6eUyOt/q5My7CyL98r0+FWXKy7PTefeGnWTiUGd/cXvXtUsHjgUgXLk7LNUH8+vmoqw2LSBsHoEQYjQ08YcvhiCE6EsOG1j7JsRz5UxLw8bTxXfvcNoUygwbkKoCNqgcmR8d1m8PFLC/wrXgEUf5Qk9zA316OxvwHe13dgHRGEX362RUvLH314oj2+nbL3wLRQmxFL5PkDVt6XT5gKRkzK9Qniy0vgtBAu6yQpBdsLTaCqsNlX3B8w/mdtZhiZWPpKMfpHvMp4YMQrjgHbK6QuB2IQSKHieJFk+JEU3j/c5SB38el/BbIKVWU28EKzdCV+lAEpZFFPQ5B2jqE6RgBIS8iSnqjZfd+YF8Y3DXi9saPxwFelLrBDnagBPECuOGN2O4uZX3xzDaaeee3l+ZSlrHU/dju+G10+Q0PXS2GJzLvEUIGXF2np5L3NDZNS+o7GBYa0PKk4hb5OaW5/4py4W3D8wE/azl4zMAHOCdHwqia5iteKo3xiSiaJ4ST7iRTMD4vZFoSxptKQ7kB3uLPZQbNxu2Kauj94mAzEIwZc2lzP/p1BZQbXDKHaJyArMwxZe18ejKe9KAUqhG996OBdxCMmkkfa9D6tt+fxUl8eYG7jwTls4FMSb0XaT7k1h7vRvmey8M8rkbmb01+vmWgemfaqzLZ2A6B2jQR4VVThHHTzgygLYFRsy9td5eMKhm/GJ7fWgyxa29CzDMxCnOu8GmSgjA8HJsfiE7yqWgGcqiUwJ0SIimbcKyj300XdaMwUHI24wSeAlefIS0B64hDy4c5MxZamoGz0nyS5gJLVZ/taVl6mBFkUtZiShzvHUnYxxyBxTdkl4TOC9aEtNPubTDVjsCbWYLtxxqFmR4iMm1k8sSXHQTLTT+3sCQErM+P4Z0li/IkV9CN/uylT6crSsbVEkpMGoY84/2AmSKqubH+PAMd2HE5vuz6UB1fX4wIHVi+MZ6VYrmaK/ap9cl8vecQdymqtQkeiaG5EQbv2TDBpK0zq5YHq5b6SBBWy3dHI/JVXHDKlSlbNGEIJuSTcg6GhMaghEA3StnATIgC2atf+IxAjwPtTrVjNS6sRf78QPAVMm0hPoWHHa+PR/tSYD4b8SSelU9V9UgdL56BD7Slgkkros+8YdSA09Wlt1Z8en52tN0fijhoeKp+XEB1BY/Qc76On7yDF3cNcIgFfmc+k+cqHm8ClT/uKJ9528Cp7O8VnEZewd5AjrNw9lSxKRSekoUm+hS+T3FXEhPGjvZ82GjVkjlYJWAfRnPQxRu4LGYIxJy+KG5XsxfQ4VoqIURJ05BXrSQY4scjNy3jnOl7Pm3UwxI4tkCmnNi1b3Ew1iPEaNHaW1f6AZxTBZlHD8o/OmxEY0DCJCpg6FBgWcWyI2mMsRXT5ww99dN1yItVVt5NikueIOz+0uuOlHErc7bQZ3uNweq/AB/e41wFltI+YDJHl9HhjyfwoHRPZjh8cuPWSwkAcltX9tAW0OSzqPUtM8JMFoPJa5pb0FQ+FkIlSfETgTdiMgU4TfUuSJqaLE85LVoqur0/Ll9b3RaXwWjroKnizEQYjQZlec4buuIgWOo+5Cco8FFpQXcGFiH7zOFWi3M/cEgtiPHpk8HJwk0K2X0Da3LPRmpqgLeaY7btTwRnTXxPspqL2jmCmbkYeiReIdqvT78hDzNEh0POxjpQ3MB76Bf0T18OERGORLBHsDBi/6TTWzTnFjfoNw5V4P11P5CgRzmpyNlBc4On9mOgEpIT/YedpnbYbl5/ZFGkk1xuLk1uKtqTIJ+41OxrQ46oXU0mwn2p3uaceVdMyxjP4m4uekrFE+ErXSgJdg7EWv8YXgoiPYpblFOq6T8rHGbIw9uNou53DtNrKYsPgtCv55ShRZidOPWtwaCfPc/4NpT4lzd9kN0R3jjtX3xWghUv1lQSg0e3t8LspVEyHAdwCzFFPNMUttbq0iVYCtmA9cQbQrjwJrHKtacx6gxqao6CQQ6y5o3Ym4vhOMh97JDY+rr0rpPrXS7OebmHyELn5+N8xeUKTFaiaBqYmKu0Xc/tqFKovA064jszADyRsGD1pUHlXPVXhTX5G2ArtNBuYMlAyuzMyzyhyXgdMh4AaNpRViC7ZHfI+2wrpWqkjx+O52bRGnb7d1WKmS8BmcKiqYEyzN4nEEZSNXN9JTqfgMXj4VVE5Bi4ihFHQjeVPpjwNmgAVe1wgSqPjyHV2aPlEFhuhZ3dg8ptTqHJzGSTb2dBXUXKvW8sKp+3S6+7w70U6znFWUzhL7A4DFah9NBEZjMsXnmpWaLyavjpHQceOyWKK+7sS0GEA31L0NhnA3qra+tFzmBvI5bQlGZpNmbKTo/6xMzvbkgvXNLzcernoahCokrz1NRkTKFtEZJf8wNNk2xcXwj3FthUMvaHe6iotyHTWbpcGW0bW5V149yuwMi9MkinPznXWp53WFjWCM7CSCcIkrrA2sr+otTk8O7XB150JQ2H2lU0McqkaV1XvbM3+u6079FX0G3BO0BF8sXZXbfbcP46gawQdHWRHdC/vdZINGMirCFRSufKGR+rLaUca0rzULGwllIinNGYbjADMQwnxVeXsHNuX3npbxni9zl3N868MVDFkhhGQQn7toLEeqvk4TzA0FuyEi+2cHt9IVO++OCSqxpOduHtGbsJVH1HNh+Zvng5oTKBlC0Sz+/+fT9SmdnyZHQOqIQdZ9s2s6igURx0FxSdtCGnfB4uKz36FqCI8igEp2KkwOkdpRwXlBNSxdUcqN/bQksyf18VF5prBXTi7Um54zm3m/WtI4pfkX4DBUx+xc2B6XbRz3keqXlGY8n6+EBuy1tXJV++Oli0zTBwbpTAk5q3tJtQfmFdptdWKFbIQR04sLvhCcmCUnq9d+JjeiaP21LYtQ0/UG3WhD0ZCHhHpeWVwB89FjTN10e3yquz12dNqYVnUDV52WfygN649vEMgtw1h6Q3baeh9EL3QtcCW5cJ4xYup9ht6aiYFyx5TwGktsiJguxyVlCML+ztNHQkCE5hXZUfAuBy5RtQN+6bbmj6GJ5vILr9Sz6BzcJl2Q64z8YR0bI2ljs6mCvs6OLTj0TSJAdbvzE6GTDZqK1NmQfZUTHekPx8uVh1D3s5fnmwRf/j40tOMXIPVqtK+4hY3AIOraV6o9bLA3vyQaOHouzKgUIPOmI8XWwZEw2vYuYsRv72WLG1OgSHH3APYgJltHwJYRyhHaJ+9X1s8NvdSqlsRiN/32bHyqPshU/OCVqgioulCeyHsRGL3B8BG+zlJOodeZCG1I4FwygM+2XldGe1kvb30eVjWntQ96Eu30bJd0cOp5YA/A7MaVHIJ/KUBvd8WBB094vzQ7eN5Bbafo+Lp2QwHn/jQEpLkBcYiSJN3FWsgm9aCG0phJkuY/ZJ55DWqsfqsVLHcoJ9wzgb0fcI3sqBRHF70xEHMGcJMKYmHMC7iMyXNg60b/1Mkk8J2aMePtOpWguhJRkJiqpa6VANZ0MApsSdqMG+Q+LpwGOyIpFRGlnDR4Lk205FytXBGgR6fQa8YJaGLwrrWaQP0RdavyntJQhJf3V5mAd+5a7gdsJw/coy4uBmrluy3XPTFcNZy9vrnvvXdAp2sm1QQ8UFzlERRieV7AHYsGpnat5+8PAkI9U9HhRBomPzFse+Ax72R6kPWTM1egYPkjx06QqZjSzc4iaMbUtOFasQ65kifF1taQFw/fpRJlik5LEZ+WWFvvSfDh2+pM4rKqVuFzOfwG5H/Co5Tp6yzKOnDp1DONejMnJfguLGCznSUQBGtne/5OBOpzCxgKiZrWiOmNfd/NkrzHCL5EaNq0ALdoxK/eUETxF5EjWUd170bD4fp5TE5MH3MYhwU/tvgPaS7nu+I6TdGfKRP6kiAFugzpQtJ0Yr70zKfOaq6MfRvq48AfRr7/n5BlzW7BC2herYsmWWr+XQaWeLrB0NKE6vu5HR6ZEYOZF5BCFXo/Vl96HPPhZlIviGkTX7MlA39lKxn3H+qWPP8ltg+MhVjhBCYS31XbVRPS4ZHfMcisJ6OF7Wl3zbViiCHaYKyw3fxiaU/Vw/MmVnJ/fdhBwKCsaICV98wCaBXFjhHtNFydPQ2xUyd1THqqbQ+L5b/Vmq06H87ZgY30pzr0k7T+fH16hU7abWKTDikL4wccmXsycoWEIluhKL0CvQG+drX58lSUw4r7UeVHBQf26f/uXhsNZ3ScRpl5uZ52ueNAOKwSpDhmvaiyPZEqYJ5NmcWPuxbUtSCdTtAsGwj0JvLcTXqrYhU/5RPfcni48FcgJzloyUTadpyYTX2FErQAPMylgKn9yaK3qmTo/eXt6wrqFry4e3dQZoP9J9Axm6octLw3pX2O02tsfrRHmJFZ24OjOItZ69pJiuU+jZ4yQIlV9gn4/9iUr9SqzZeZc9iC584nbSQ1hR0nLzuYcKgvOeLJL6m2x9l31IHOrqU/NZd32DuIMrr+bjeay7oVUY+XkmjK8/QuizFIrEzrfP0JEPPFzxp0DBy+OUPyD5oY5d1q/Q23ZVlClzJE2Z6Es7mFzb3vtM8Q8GYj8blLcjZAUi6NSkTc26k68Wpnbq9LeoPq/KQJCEx1ClZBRLrTmBqpWivcJ6gZXgu8n3BBonYyYChlfYoEl6a7M1QL9Brk+VFDeKfQLLjTCWG2hAUkzC4ZolylhT44sysc0OKwbNW4o3FFoqRsF5PbzNCgSzQ/ekugUMFLpie0LuZCu4TvLsgmTZyg7OL7DnbVouWCK+OChf3xAUVKfus/7GS+qYQpgFlhbJyvqUb5QjT8cIL92G8j1CXvg2CSE9H1BQ08QD1jweK6RJfMI2miml6616a2jvQ8W4hePlF2bTdOooN3roGhrP58eDjbKq0AzGeRhXfj0IinDGmXrG72E0fNA53anE8MrC95yhNOVZPye2W5DpWcd0vmbm9qyzOnyyPZIo1TiuXoO3asBm9Wne2F2xNoTMTRRFsXrFSzfqyludDRkCvKpH1/W5ixmxkrF2+AYBwFbzWmew0MUm1/kAq+cU+Yms5L2bYTWF51RqhH2NifrckkIujDNEexSnKhB/x2rIU5ZJmS2WZT1M9gxlK8qadxxy2BQAWwQWBqtKQvnJg9fRec8EQPKl8x6mU+NyNDlXN7ahB4dYO6bL6fv9zmp2x4XZt17uEz0oc+jEs6qZkJLBeH6rgP3Tj8LUP/8VI1qqnPx6T1A3tJVWx/LriOyDoqsXJ/U5FcIscyuYNu14Q9rIeFaSVNmzI1Ivqf1GigGEJgr5sivFIZa6xEElK+QIXvVBC/d5AHw9S8DkJ/I2GL4QDvEd8BvEBweuApQ8F/DzdhxrD8atuRl0r09bFTFrgejUKvVuv5E9Y1lArEFc1pHZEG+ALmrI+YnGvuFpzQvU2ixeb2gsvQ/Bx+M0ZZO8HBzIOWNdX3lGGosSi6uOgdnp3QDh6TonDNbdz+KHrPoBMKxkQfDminb88bm1DIaGHlxVz6k11h7AwKa8uDDucg4s7Uhv4DV+K+iBFYMjXlJzo/2mOk2haOznR/QcXoOSZHwOIlhtgbRJbMhX22OlIGBEk8SDsKrWylou6/mCc4KgRce7nKGNBAhelzN95WurFSMycvUcOiLmMZF/hHzlv6WwBh5fvIM9CvFoUay1ZHotrIkBGw1BiuFYzADrzD0x034jcAPaEJMcPogQmY1Bff146ZaZ15VjCoxYR3cgg+ftZwMZ58sdOhOjR8XqSOsh9gbAqnRfYIhdZW7BDQU/3TiPG4leX5VJYB8zPUIP3ecHRxjnh0OhdVWYx4McFcArz+K3ATCkkglEP8hfJYa0GOSpEGG3w6Tdfjr5fCzIV4x+zE43B8WRKStlX7GIiNoR21rDoq5FnmgeSqa4o8V7l5+rpbYDdmK2dvB0YRANZuc4expEWjX7HMdO4oTZSLqRO6Jl1BjtR8/a3QsU87UQ4/hGH3TziBTE5ddiwlOall/Fi+qOWyu8LwvDcAu1hb5STjOyXjOy0LsLGTtlW6uYkFZUAWAUVktF5Z5pAVSIYUAFJvN+2/Zys7Ycr8wApvlI2uvJC2D+mVg98JBxPHm+0myFv4DzcaTaHkbvby3b2+cxJfHtb+lI9GOetHj0wixu7tQzl5KEJMuZAvk3GJ293ydCkYycMw4205R4jkb33qJJw3rU8A13amRF0Fm719En3nYMU0L83C88LjEnabIEMIHIJd9TCzgQl9m1L1fdMMZN3I+5PEs16fc3kx2vrneWDWF04PSappFQovHujhJKO7ASz8peUp0RaFQ+ie1VjlVfVS84cFwSDYmp1m7sDRRGcTjZG3/carbQS9N6/4iVZ4szrfYjyZZiNlwqkR0yqJIHSRLRpdo8IziABFa0FAUg/hO1LEvE1uMTxNyt3ijcTMC6gXTWrMXLMkB7Oz4sG7UiKHpE+VlwK/tI8Jh4rw3zYPseXQQT2G3F6gtc/iiQjRvTaI7OpbiukCsQVOJCXSjYDW8LoqjEvCEOnWQPqLC3zyvBEQyGMi8Ga5oFtwiMc0UcppDmtWLvaAoyAV+j6mEl33qmC+/g+9cup8ebnhWIdMwZBpKDHlfMkzdSAnbd14h73IZFTtFpe/Q3xrLeaXrdf3iLbeNZlxlMvjrV5wfNbab6KyzithzmAEPSC/JQUN1b/EQFMtnVIw6+/kl8dxDYpZqebzQEbiWHdVyl7d09Bmk+I8AJegn5voGhaLFOIE9qu14BmMyfD0xjWN90yMPovpFTxWMXgGqpz+lGFsXcObyhaMho4mGgPxhB0XvB2jfH1NpROUTzI/u86Bw3rB9Is0SRiu4wGpG2poY513kx69dp/oy3AWIRUxm/2P78uER3NqyGoS8+gXN2h2QSBFDhKPkJ9EVPXAR7HzQFjGKfV9rj+qkvtjRf18WO1snSh0QLZYRJroVeNvWap6pjl3WgTRjDyhHtr14cxQ1LnA7Ksjm3mmhQbShZzhD2fughB/RbbqXrN73zCBojGI+nhIJEp41AkjpLFhzDdjgHXj0K70sQKB0J5Yae+R/okwb6rM7U3PDv+iBp0EgDo9VQw1hyzQDQt5882sFSVp1yd4urnM+oM0K9SWrfNRMV2XqY48RwlhhWgXKT13ugoFsOfs6rAaDJ9SuDzuqytz4366DyBYLbJOaniqtSdzduR6kJvrVLUJomWwK50N0pII1lJ4s81IMaBNMnVa75AFj0Wg01SkQgzS+l9YZTAc7V8qF3KxZHPI27oQjGFHOvTJgRb+HUx3Oj+CqzV4i39PP5CBF5MjqFKhPKtLxQVgj3Kmr4ye9kv5vqbS6lnQk/PEPHOtnXQKpb0Wtr/iIxRfNMjmMoiz2ca3t/imJescct8rMx65sMNK78aQaHZNoBZ4NleMPP83OMxIaXKd7Dy7aFyBvervmeMM/cLspKqUCsNydfpyrczv2BpU9pJveJIYhWJgd2NPvlZZzRgLquC2+IPrZhcSTpDVg4/WgfORASgMuOG7nkui0N5tWSh9ONEEuci0BqqxaokKi1W0p13+XPaYvQthiOePtODmt6xjsDetTkeCVr2y6E7KJjNqZ70T/QWAb2OzZvyMV9XcAuGcsHALXJU6w/ZM2SR1oCay7y9q3CvROZ/2KcAqe++dmdQ4WHg9RQWEcBfB48R/yYE5LiCof+2NB3XbweU/V2Oei2uVQBL9KX2pywa35ASplaITChikU4RSpCwLF7eMEy0/NpCXFQmb2gwHkg4EjoJBdul0hqccDH8NFELJH8TQLjkLAfK1WL8HYh3Yv7lubN/EfetgTKfg1El61Xrlbh59Zp+ilq2HkuK0GbZNbevhP/E7JCUVJsIsNAGf+FkU7s+3t7sfLHJA0GS6L4+appjt/X+0SCvh3sDsU0wiqkghCBoYH98jkFo5Pmphy0yN0oruJkhlv5e268B41w42M5F3W4Zy7GJqi96H1XMBtfjC60ZOeVUBwsHlpY7JfzUUMFqnCV85IMaKhgjQ24vm4gpzOPqQb2ZuTgxzLdmMHcu5oQz6dTwfEAkA9sSjxIEeleJHj7G5/SWuXYq5lY1TCb87T6uRX4FblO2py3t+Ie1qAsoGRuv6C956zkYkJtCjSmLOC49FD0lb79phefIvm0koEfm+aGJpUZLaGhsHp/HULQT1p/GJkaI5odWPv8Eiadn9NUzAQ6SyehTz8WUHN9NEQnNW60yYJVHxkEgxC8NfT2YOE2va44klHXs6OpfpoOvvZO/HajWWA8A1ZyoPTK8sFvVDV7oZjiV2rgZnGpoAQ8a9h8kNGMrXVb20zzCD7aU2WaQOtPspi3TeD/D09XkSW7siS3JIahWClmmolTkGJefSvqvt+zqlOQAQ5mTiG3X4j91WZfHfK7jd9vlbytdJvSi0HdxpHaaG4hNfPyY6nCxEB+lM/qHiC/KmJAQxzev9O88ctpHV74rw/tKkbeeh2Uv3XaLHBnXC7PzGLok6zoH3aX5ZNMLTESU95pKFZZQGiKIAiy7bru+LjeITTg3GFeStHX8ZRqRaehWEqbS8/jSwtPLH9Sg6tHHW51tqGOoThC7gyjAbzM9tcJ6NjtKfR63cAO7HohnyBDbaOEAep7Kob3PQXpOSbAFFL1XDzqWbzsRex7VBjItK84QUDkt8yXXp0RCL0LejILc/FnX0o+OBdXaZ1YVhbHJ79GaPxjJ/AOJdbYJfCmTIZZN1y6Ju6AW6pVZq6eg1ox06xakA9HyRFm6zO+cpNlJsX5YR+0AdatM9XC/dN2+1ZdE4Cb11pk0pHyQp9g2VJ7aRCCNEn9Qr45PO6FDVyqJzf+YTvkldvfGlfFCtyyYETb1Euts13/755g9ncXtvRBpXzTGYaJLbl7rKFFFWtyOLqRNixGXmbuVnOvsJUyAIXZqIRhzqr6BsavdippDu88dThuguBcqi6CnHiuDZJ70QHPPYB+rjbzjRD+0ykgqBZ/fXzrlYcjpQjgo+VQhxeg5bBaWYhUjF5OrYqWGo/4AjGOW3SSinQmWx4ngZSjzcVOH3oQjSrTzChD/nMdofiC5inMfTeNBWapCu9YStTmgG9e48zaMZP/zE0gLxm7cUf0UP8GCei/TesaVblmhEi9OVCQrc4cwYeigW5gnTlc+FI6ZnbvsQ9dEpuBoM9JaHgHIO6SoGx/FYd6kvXJIsn0FarkADK23edj+wpnb/yP80AMVzZULC/18+efINyEBq3vsxkdNWcSOOqQ/nVmH08TE65/6ZEIpXBGyfh3+KDOhR7o9UIW7Dz+I4rtN0JdWRRmgLPRwZwXDbWb+G9KCwiiq3KvQ8jmeQQrKmHysmeXiih8SeDkQyK9ORtIPfq24LvBleEvJ8d+WkMYzohNsH9CfTMrmPdKRhsjffbPH7Km9nluDyYmsyGs7GhCkOQHj9AN5Clhf3RgUVtYKqOAQFvW/1R6hn3GpdmfDfTQ1e+SJbEZg2VvZEEFjuWgG16UgxMlJG4KCCdFnBjiriEhkRpfkG6ZRKCiqbq2nxLg60jm+OcT3p+pKIIjejFKmrXxrbfcbGE3LcmE/3zd1wKiGe1HntElpbxIbBEChNLYfG7ltOiBzgvWGoaBHH6/ryg4kO8m7YvVev+vLjI8KlSG0r+KJLHxr0ATu1koLXmMruVb19zwnj0/69+uuoBurYdQKuVVk9g03ZGKVp1SBEkSvGSVdczTpuScDDBH30Gg6gzgwnbtImDAd30SVlvy+3vt8/cD7M9dkcKKf0qTGlLD5khqlGYJYifYFwzU7dQ0PPvSQNQwiuqJoWexKbpG0cFCVM8bmdz4rRwnzIUBUGL2egPtSyG94i8BwKnjT21+GvdlflBmSFxt69IqD08y0W2g+gi/OO4gW5bmjrPEKHaDvobyYp8Nn214P+jdMJVOzq9yZyK8wEDK/EX25rEnfXwCsyfsyYL3hZewnEowdF43QizyHM1Mlh8IuRnMUUu93oZ8uOcF63msLcuym/+4+np+Ev1nf0gSReU65Ws7ryqFz7Jl39x+ydCDh0/3/KCTgh6mp55IiAbEpMSo7AIxJV2Y15eP6KKlITTDcOyI8xm+3P+bPE61rHkW82mE0lwb/dSKt2hFW2d/VX75kbHnROQEEbn2Fz2gdJ1h4+Wv+czuZMAYuJWJMMkdXJ7QowlUred/Sapk/NnGqj4z2VCJ5miOv1WtkxE4k8PkavkunAYRpza7rN+QAe+PkLZOaMrkUGTre9dwxUm2RFEURhbmE3dVtiGPscDNBbpjRBjZXvwhdc0DeCvfd8oIp1Cie8I5gZDb35vJKXUELJF8yZfUf0x3iF2a2q4nXMoGa2Z7zaRLqfA/CmxPyUrkROTnn9cIDIGSR6KEuNdhb8j9td2lbPff9gEsriPBfAS2ZYc6qhZvCZx3sfhz1Sh1VHcE52k3YB/uFThWO1OoiPYEZ0lP4WcqKNQIZFofnKI2yNBDLXqgkoeIobvLslS12xkWdjjpH0QkRl5s22xiz1laamF1mITuv/4YNiDa+W544avym9ZAdqdw7hmvvlod7ffdsA7ZYFcB+qBREm0U5F9c+ZFG0NSc2KO9Ek/d8TfoK7s4o0yKswa368/O38QYGrdrOY/w/UOBsQ6izGoC4wpAoJzvjsyotGgKGeukbwS/8qk0sCBqXZ9FuAszMcl8d18Gf7wMHgQOmWuEMtfftBFBs6bB5so1BUodyahq2Zze1p9qwjXsw4wgbi2MLIeVByGYRdZdn9/9g15TM9yx4BpSr32BTdDaQ4bAY0GbltJ+eu5aDSoEPFozlphvb3E460AtYm64xF+4Nh/3nhCxufFRUJqvAELct9pqHjrTIG7jQ/hTbrZlAb34q/fs+F/w8mkbnIoaQLAestliTEVzxrZOl4c9vnASJTeYzX1Qothw37HaWQR5zXdKr4th80qXpNKvmS/Up19GMnW5V2zEAqOOy68akQWDvRM2AdCKaFUipwnu7akvmwvKdsPpv0E+IJh0JzHG+2WQN2sA4AFL5p9cdCCIysJHd/xRyCbNICzI9f0+cDfiALeBIcsnMOubJ/Jz9kXv6pmxPjT5Z6gXaCKDyNUcqt2zDqxksEJT3p20ScQD+7XTVTgvI86khOHbTDby80BInj4KPnoe0thl4yj+CSE5R0gMQqwiRFB4ZcAnB8mRzichvOgff/o6vnM0C8hvZMYMzb6GsqdRyRSZRypi2ajImlSQCSfwh2mEl9rJ3Stp0XtPfU77sA6K/XsmHuWJJ33i3JSszQ+ZRe49ATa06lleds8jix8Bj7EBmRFN66H4VirRoVgASoeP6xzdL0AZIDoozkgDQhuQC8MCeam7aWdLy1ZUAcDMMQwQ0XvTuViY/c9EyqIiOXUsrVfPr16TnMEXPov0RPT4U5/SAME9tZVSAHItBNVheVWmTv57nfAH/p2xIF8Cydxzfqv07zRl7utCVZcUn8IvcQBecIdOunwcly8NgFHf9Jkas6BaWsjjuoletpUGrGdI8g1Sj5tzy68zeHcJ2NH2sW2pxoRERxL/yq+7C5SXeDfJL/nl1oCktxn3cBjqWCzj8vgeu/xfpsWS5QpAiOf6bsf641m7IShKVxvyRT8l37YZeTsomexJUv+93suV6pra1GE9SNY/CsaoGVO92wh+lYKcuGsJqp4hoPOaH0pmOlWHgQz/e4SqCrG6xCk8iDwMpBG7wqR+2n/8XzSQZWxafeC7J1WV/hhV8pvuDLhPE28liYWKxiQIlFa5q9w0lnswqDAw0ghRrDfvMjqRfkqkpKfKFwGA+6WXKvDzOISAvJx9FGL5y6I6cz6CZ8SzAArM4HZqOo5i+ZJrVe/r2Hg9zoCtQxW8Zw1gI9qpdzfNr98r9taug/9AXxzK8jCPjpReUNh2TbPvsYmmW/U8f0PRRIibeQ0r/B9XBaNgq9+cySWnkWETJrxS6W483vrob2Jdq7rwDGeAEzU+yEVbV2D9/Kz4vToPMjhRMGAi/Ro2Pw6XHdb3cnax7nWJvSbRVVG0ouveNn+dBPFyUySYTJSJbW6Nsh3xV+pdlvuBYZxsXUNuF/ZAHwIB6FU0G0cH0RwzzTKyPe3/sm5/84ewv8RLuBxzWux0UOjQu37prIZ008hO9xG78+bSo2mc1G4WJJhWJfB+21VRg3YjFk7t/sfLoGasOALErj5Q2i+6ozalQ3/mO+qNLKO77hk5g0GRRbW8+V1E7nNKV5ilgnodnEjMKSFLcYAIQLW/FNJc+rn4aTQGTDQJcs1s9dz3PxGKP7M+/uSXIUeR5oEaih5dgPqKl7248qr+93uiwV43od95EwHFK13PI9l08euJP/9+DpORHCibowSDgrWrnUi85B1nNMbWA2yv0HAUO3bysnU2lJXZg/8YW9z2mDLq36wu6kxQ0gGfva82MzGE4iY9L347EQkVokh0/eJ2Bbtz1pgPgU61KG4JCqh5MPfjgBtkk115EfgmX35zoSu/LZgTK9oQLMl7ZkqBv9gUi7QFNawtcvYdXKBqNzoqITbCvhT9PGcHHtRl9d0rq9KPiNQ/0i1G3caB0R2sOE6VFQbKuiSgYUe0x98B6jDGIAFnoNnbUzBWytMgWODRMP3QUNCatK/pshPm72Jee3Ho0uQTOcP3n7WqXbAuWuIQ3q+68gP8Sx9INhWfYJPfS2jViWRyLEFs1vy+9BIl8L/aixP7VW5GcYQwyjzQsIH9T884qduORjOwEqqqDTF+ZO5K3iO23h72vPSpHefJ7iiR65yfnZRKPf4DaqKpdhWbj6e3NdR5CuxhJTAJZ8mfmIoLR7C2O5pt+L8PQVC7Mrkp97z5hQZjb2WlU8aCYX4BQjC9v9diYC29KAzUH3RLQPPfEyvuGX7/4oehIb5Gy+Kgw/M81XOeAO1A+56zSE361DA3vzbv9y5KuLhK0rj4r6f947f/EVcJVgI/vqTzp2efO8BkOaa8ugy/rQiBbiohLDfqmfPH7R5EO34Z7cK6bS9/I/68Iq+CjM2MATsgTQXlD+yxCZZ6U1uLaOwXpGEY7hTcXwgTzdoNicAMfobNRJxFzF8HB6N/WfU3zdFD00X5NdZ8QZd4l55ifwVvhn0betktnPg6oyuN7vD+IqeGhpJ/RUtsZSr78IPeu9jncPxgw1xMf83A0G+dILK59UHKstL7q4QXDgokEwGL9A8LW+EjsskpsiTUb5bmpnl3/WF5qOOEUBmgoJPF0BJXzdu0Lsrq7kTXhkJU7r4u6gzn5p2CGB/7snJxIKNwfVZtYOiI9SCKtg9VTXxHcgatuT7dbLi+LjZENNOPZ6uVd+ccy0C9+ZqegwHvY9rYCq74w7iXXEwt6AMktXbakirZXqldjkcdBOPlii/Zjx4j5XDyxexjyEtT1pZVhHbJdnieIwTiWtGMviIZwKf53QzUMhlPHhl3YIqI5x/aPzkBiZGyrBiyYZ6vo32b2zw6dUafUxIMpAli+HJqjgfi21n4Wo/A86qwuwQ9/FEzNERzJNZjq8Ml96+fkFhMV6/f6/A+v6J7qKWDKCGi9goEYFjrlY+iMwwOmaoSg7ZBcIRXpS7T0IF1jCLgcCyctlgR+RyQEritkOyhdro5bENl1OOFibq/CiVpuNofJ6sLvp7x+Mq1b+kpHTQXQlzGXNubnGW/VpROnov53hvXnVcij4tzKzyI358Vc0/+wmFmbdipfMLiThbzHKSvI430H9jps2w8d9+yEZ8/dcbrb6rOyocgmGH7sT8hFB693HEUekCNxxlTr1qYTwNyYP2JJckPauAIKANC4fjwYD+b2AAbVCxv1xyvKALUqUDn6QI6iyBmMHxR++F79fq1AMMJG/iYACrneZiNPgnkchgJ4Ec1e420+kViMcQdSnz/g+/iT+1GC0XKqALDLD13M3ZI5E3VbZTSvK+Lbs4TgC73MPmGilrVCoZsR/PjFWnLqVWaRF8PoieG7heisJm7HId7YhqLhljW3Xh5/MtIbHtpmmIggUqN9UpXFd6aZHajiGIxryHQMWP+hkNvkajV/CqrUcRFNlzQv4UzP/e41/m6mXmpQ3QRLyuxdGwQsCGmUh3fXxQwT+e/YX7VQIg35IQLTBr/JPQhXxU42TVVAxOkEibCG4oPnZQZk0fuKMl2eF1BX8vW4StrjxDjvE5BAKNi+4VI+zdbvaa9dFV+TWf5h7GX5c4Hc1r3kfK8A3UKrWCB3o1tz5tfZHOCX0fCOW4coxg93ReikSVY7zE+pkMjBLRyZ/gghZma7IHvkwxWfocvPBBUtrCiCxx2W5/rOslwwyqyb6CVSjB8P1VogWljX8U07fAWMzLJiI/2nzbS5UohPwLmQjKENt7dD0tRs2WZpk7rvy08tm7z39w8k5K39+fEyS2/60Fcbq9WUFMhU7g9anNRyZGhW4op68ZqLAZBh+Pr3NsmXQreHYcgbeBnSji3Wz+GQV9M2I8pGcc6YIJlIZz9IQqGvj/J2U/aXzzzPdJsKmTxQK1ecNA9kNfB3GTrWZTPxI6BmZmcxmk21w15XcPweH+XAPw7GLQCWRXEx8sGgZDkKCYuLfh9Qp/kLKhZs4Zfjs5fjGJZ0YvJHurmjL7o8Asxga2+KXlFNImfcJxo/oLMIIQWnd13jxnvWeCTEQluB6tcd5FRkIOiY0ap7NFprbb/kz5HMX+mApvf+kzO8SNyxBJ8VzXwg8FM9dfEBBcMB2E3pZGzb1RdbhjelU2oxd8JJVP/r2LVxfRm1zzJFqD2Q9T0M1yvzrvLWieM1xbTuwPSxjY2lTDHJJPij8ZrUbH9R6OLayM+ceu61TFC/6svMk3xGwdPuFw08McVuMVECoxM9GmGYWpG6AU7cHomI4oucV0t2BHK/O8U8AP7y0dJ/BdOic/ZUa/dG5iR+NBs5P4hLGb62B6aGVC2qssTqyoxuDeRO25yF9P0SqszEmvvQb3a5PBPJSJRS4MOXS5c4ewOk1W8AZVUTTgAZxhfqoFtW61tzEfDDrQcCs5dh+lx6HZZPTRKQreKC3OcsCBQKLDMC6RHI5IIta0EzzuLPOicFLsSnA7cAYlwI7d6LUAhqXPChkuwOBvy8v+l2KPC3pS/OUKAKlhyixsIzjQvqOi7RHJ9sfhazI1z92POojbxf0N8KYZzBBCoe9x1BoUYuaP2MV0CkyqD2DUm2ODO/V51Z+V1JjioHKES1MMoSSpL86NUx3M55/XTH1CVLbpVkZFNQmg19tVlctot73SK5qGeGo+LHZ/lDOwJvBtNvvyu9375i1lURxnPWISvM7cm0cFaIjupAeahc/g8u6UH1D6FA5pTa7ocHgYqvco/ZIbE5SskGNLEJ1+iYpdccZ8cCyezgQEMRVysYdl16LFyOgdUhJUwesxeejkOx2kNxbU+wygHEBeTkHll+8TD2oPwxBC3X5N/ZQBcwOua3z+dIz4KERqzWPJevERYQwsEB1+0k4CLK5/0SlaSz0jfRbPuqKoHBqlnlftW6wECV681DOTsr8yOe+68bUKfOleJRhnl2l9hibIwU/6arP4xIBb3vV/0wywpz+1TclKxX+EWzGhlW2sVNhJKv187odAWKyfydu/8QA9HK/abQqvlkEkrzQ6PEpNridd/FZ/QATC+W5DXSLZ3jsoZ6bS6uF6OH3ui0UhIiubpVlJC8xpHKmNvrIGxgSGUYlAypfAR1JUDwPNUtjGkSkuz17PAFNqfHjhpcBDLt0keykYObr5r1cZyEy/Bi5fJf5UJaSD3xatD6L9vgecvyuj24SKSD4p6wkdLaMR2i05m6ob/TLMKMjoxTSj2TAfN5jZwuG1zSsAIeDqMnbfo9TjNESCzukmww4qCw9ADWgnrx7010kq49K/v3qQq6HSZOnRv7+GVl5oB2n7bbpni9AUMhDcQOI1ff78t10Apj7Rq2/mvMyIxEKqs0OPx0ttoX/idV6C/svyOXnXYzyN2X6epg29UHj/oeoqMUWL8cWpmwg6ptBIFLWXfdRVr6ZJJfSV/ftHxPBPE8ylbBAWo205mW5eGKCxf0fiwaluWOGsDXDBXXmc5TAG+Jpsfo+58btp7YTNfl7z1bFYSyPxlB8fR5PZsL/bp+L+EHy5VmfrnmDaNjbWChmERoyiq/uIlmHIsSpVMVEaTDrk3JdLLfu8tWna3bR+8ufK/PiQZ8L9EQcrns0n6IV8TVSdGtmgGeOmJtaj1RamtS4ebjey+QERgQN+dnCuEotRdFO/VzfPUJb/sJtKy0l/QKxg4QfzV9APTzvBuN5ujWw/f3M37HAL1bGKtmU6Bok2Kwv7UuuHfbN8T2USOxEQq1KyaxzolERCUsevNA+6Tl0/7p5bfpNdgKMvEFRkRLU34v0BKO2bN59egP+ire5L36ThBlx8ih1JD1lGtA01hXPe1PKgIgnBa0vu3LS8w3L9J5jmh/PqOBqNSg/wvM/8yJHQC5FP7INbo+A9x/71OsP+abhpicm5GnNY7bjvQ/kUuqfFpX0YKruIISzjses1FLGfsAv339XSdnu/EPqIIpWgu68LjIBcRqotCkCJqbVaFmk7DcyXQqMwSOIpzGC7yjKFjS5Y44JqAZcCc8PUVJ28AYsc2bRquJRg3I+Z/80Zfz14cz2bE2BrFd7t+b/mkJFP2jngNX4NNPo83VwN09cb0crOk4ozt4e9hG8YP6rHGI6At5VKxPED/7k6UtzKWtqicNziOIXY3whcbE4aaqjt3fYsUuBH/wQYdjtsLkTAttFfd/3w5Hna6mKG145ZoCfnc2viEmfRESJ5HJt+62GKAdEaNqEtvsNh09XjYLFVi53xr2wPW2ayynBSRKabr5uQBIkhL/bHv3ByRvHmOWZ/9QnJyECCkRthQztQqTDhQgnX4hwr896L2L818cdmlijH/RWGxADMFz21eF1y03+Jo17SLd3Xbf3jlSX+5UljAmoP8p9DHF1AtdfsOg2JaHJbXEgPyQ3BRVYmPgzB2zCQ09u0T12c+f9dEX/3r+zIyJkZ0+4V9hp4RqA0U67X1yR7NOaH5Tab3IFMfQrzMH4+v1Z+8qqavM0IZgAP/wZrhF2kvlmeHwPjGrvzg/wMAZcm7Mc2DXjIwfFKE2wDXmp9aj3CJplB1DMPKFatd3nb5zVEGmB32u5mnO+hl91edaWzrII6gD1qMj2hFd7Q6suE4TjuvLDNKDk1upcjbaI7YMNJHh0tLiHs0Lru6zP1kNp/tX9VGXpY+Faig2Fb6uSUb4SitnYHZoG6zluWfjAIrRKtXkQC9UkDzIWtAe8d50DQ0rgZaeF915UAuaS83gdigTN7SZcsC+AZh/5+JciLXyWPEnDzhaWeDDPHn6RQVRXG92pOX7/d5EMkJyU76CKtXEqFLj48I9FeUORkEz6s2g4NxtJSlzz9OVdmN/il/qcMDuy+QmsglemePhSlH1os3n/Pl2fJPRvno+OhXOfl9KRH8riz7GJlT3iJS37G3Cx/LL5e6SruDEQ77Cq40YAsBvcrX4m6LDANnX3HDwUBAJ+QmZhPmTMQfRLKizBCo2xSquNxm75PFrQKvGQqxWdpUjZX81X1dDXmNHovHVCIiJ/7+EZudNFUwiXNEhkVQIMGaenKd2hNL8HjHsInRnIS85c+Ir1ESTNiu0FEKCZxTrZj5asn6LVl0/2bMYDEGOFlZ/zKD6ygg7BIhTRavP1KmD6tbgaH+ErL1p+dUbtIyKJPx3JxF6SWrhjRoKHIJJ32ia85awZxjlhFUrzzTgAFiMJnSTWzvKjLkHJVnxMIA8pm7TWG5yBt46T1O1I4XX4PRBJqrtxO56EEreS6zawlyt+GWLQ/zecZP2CN9UWQ+JPPjB2Os16yi39BhXnKI8JDP67KRM4rYy/4vDrcYMjQFhsFyh1aZGJKK1FvDkc/H7XBkT2AJPXfxFEGAVi/hdUSW8DyqzNX0fRsGu349L4CUXK3ZGttVGd/Byr0S321pPvgxpepW0E4ZEsvJnFPqAt+whI4onnSbnhdGmbNceB5VNJAbx6uF9nmD1c9++eBOeWbkV0ld3d/fFC2hq6KFksYeHc626VdEDPQ87GBQ33cfwTID0Ciy3S/Uy+rXecHPkpFj8MlXI2sXj/EzzEGRztOmhflJaZKxiSOWclK98a7xxD4pI+12YjVQPEdAN3QUtEbZ8YxFlD0U0O9eI+HnrwbE5BHikeULNmF6djIM+eK8DbIRiD5F7x1Oakp9IRWrj995dvzUSRbyQzHtRXFUu70MrRWif31EMEsZx+vEoAGlH8K0UNef9A/XvZiHVbqRmOdjdqHwS62E210vtf400Mcux0IVGpfWuf28QDgQiY0z6Kv72TytidfHz6z98YBmYyclINpySAwgJ6i+/A6/HLPMRTfHdQt+ctka+aInhIKcJmekiGEO7BMYRb3s9CVsIwQ/z20upf0Bgr7gNM1PvHslR2LSl1uk5T34DCikxdGSiKTvmJ41OXC+pFaRyqgT6twWnPEAi3TwBRf5VVET5nFxu5VHRWx2vFGVjG0+ECWJT8QjrtS/AuHghjJecq0h5wBmuKjm44MOShENRJD4lfBIkg0si5H1eEBW4uGli7QIMqyyY/jzeSMm3k/5xEF+zfPYuIU9N8es3euiHpckQfCBde9CdfvvhSyjVexwEYOAklltJ4opxjpMIKeRHNp5aPNspDSxuVo70jZYoY7PPLfhPqGLbb5ELKz/YTnqi5JeVrt/VYSkyQ8N9Qq3Y1vhvqQg3cblyG+ehjv0rj8gUztDZGR8fd/IigZErPgDZbjUQaJ40u/UrgHBPqC+d3BOFq1VZ1qum6As4XNiQtnPoSt33hfSjzLBtOVC/6P6AP6UuP0vci/GHUpOCDP1k5t9l5RuSape16M0iHed1DhHCn4i1uvT8kVJl09/PnFuJyjwppYbVvtibhhWiUnEty8ncRQM4gs/YG1I9XehU+0YRBZZxkz1RWqz0fvBO6aI+KA/PmWW6k0937AaUB244gGgMd4njSMZQIbbsh6DP1KaatTlaHMvgOECkfbce04zob/PrE7AROUifcsjvUEnDewBKCIXjx4cspk6Jv59NxAyPct8WJ5Unhyh9c2Gvy4vWrXOCoPRLifuwjlZZ/9wm+aAvHqQ8Jii6l8Vo+YLnBT4KIucPQWpKkdOCH1F+ym9ieqFr681lf8qsOEvqBIMHhFPwRuvYuLJysztKdZ+t/5eND0rSj2m8MLHhc4FqQuPKLDG+UBO/fVInBE6GusMB4GW+avWcxanbvLvfZQCRjporV1/edFZKMnHKzkk9KKP2JLjuNkqbQIFtWJjbDMcEhtnymjJe5MmKtUGFsfY0TB9YhTo09J+W3ZJZTj4a1fIBhwrIfdSOdHaO4bwEPlyNvNx+9IUZPUjMI3d/6hW8wwFzUajdPqvrTNTo5d7Zu5Tcn3O2Mk1MIxBpOJllhZUG4ZmC7dH+HesLMEwTACfbtmD8p07NLkdTl42QRlJctqTUQ+My00jx6fFr1WHpaoYk7/1RJpq5ReKIA2BhNOnIxeQdSYEc0KyGpRHYLuHOJex5sdBfYI0+kLvKYZlStwvPBIBIs01soLxhLWvumebAdaZT4+vrvGhF601lDT4rOutPfhVQF7Y8HoKaYXWm3fWUz+7GjoB5bC0wVbIdBSRmygQqNG9CZ8m1eLjpUl/08S5r69U3eGr6pUwu6KiPT7wg5LOuHqjD26bIfPf/czzTAPx/owQvePCPEuW+1dSUOsEsFZU8dM39FM+oyc2BJbyL1sSUFPQuhntVIbFCf9VamC2QSS3X1bf1wnrnMDOoK65eE7/8ajTR5UDBTsZt67z+YsL2qQQoAuteJ/hc9XaVA7TVwFzssVyPUsHLQOGrOaLz7jSZDwewg1hUaTJRBt14n5BnsmXyoZ5K/qcOXpb+ofPTKcX/HzRnx8PXOA4Njtu7zmxXGE4oYnZAjY0Qbsno/dGhftpnspofjF/koUWTBuK33VyNtO5wRjd7XtkmmwwDJ8gsmC6INNbl3uOzEe22Uny1xIkkaYjFuDTcwuzzCrsUR75OpC4r14HMy+IDI+yCo3VkLnq9Fg5+XQ3dOZytNgflRkX46ZkiA2CKvJ8PQZGCsCtWh69SiisoqL9Vy6Bun+/DIeVRS14GgCErrmA1wrEo3YgIqp7hji4cO+1Qrfu46ogeCN9pyUQcIu6K3hNIAyvg4a9fZqznK1ExfEDwb97sEvRsMa/Oe97rkEjGUXUy1Wxw0lNlwaENJEKFWHGTanTh+xLNAhNLJBVnIfLXX3yTnL3X4gLQBYzUAEX50CaGcnuFCx+ZYi+Xv8VLbDf59yuUodhX+fGNj/0ZuJbGf96W/avaTjAhz4xjS2uoghJFxMPsBDwV0LJ9it9fID9kbsfQYBlsygH2yLS5WpVdc2dsTsuQdna8AymDlWUoBWzU57A9plsLjUeL7Z4Axng8fHi5wut1Jn7/fwkd0pXEVHPTTN+XZsOg8AvODnY/Ajrtq6TdS6DIkFQSw0BdtT4WS9JZP3N8uxEwysT3i1wSKSEQyt05+hgdxGPZAQuSrq8xcckfrqEUH9QTIC7LZz2wYQWj26k+Ja315UVgVD8adiGUxCH7QELX5tZGpvq8FfD0h45hW7ga9HIf7ri7UWvO6/YarqiDC3F5H76PTaSp3P3Z3g6rJ4q9ePxMuqjclrV16RtrcATptaMP1ju6YG4u8MXL6jOqBNbDpJPae9AoQNvZh8SS1SOEaSeVNXsxpFAj436PFOitBTZRkLLHrIxQ/FLs4Fzaj+ZWVHOIl2ob0wEITxfapyWAYVnYWxqH5UZYHVXp446nCpf541f2pk2xufZ53qhnoF6oN4N1PY1RhGjFDGZY06wHE8mYL0TRME3U0wavvCwGMplxjaW+yG6rY00jz4VabbrdNN/sXmhVzS1B6ACB7V+4jQ7Tl7VAY7dWb1u/Wl4nr3KOcpnO4LxX4QFmBAevkZwelSlAUQ39Ykde+C/5bwQ60Ru9CNWnHFG59SiuZC5meRs+04qrdf4elBP4fDor/Gqchc5uu/0xYwAPbBQF1qfvTozhq09gVx6PagXO5x3zp5dEObe6Ak0Xmoe+AaxpJYX/aDPfu85pCNtTWsfBI/t5bXP1ch+wOTmNq8m/BVQ2qo5vniNz6BHAwbc9MysQRIKBGPIaldSYVB0pWznts7d1WPVR++6Smd4KwiME7lgbOHjXInLCSX9v3iHyJcqZBh8n5P8ll8LySfV8/dgCn/Z+KfzmJi+/f63bqZ7C5N1bUyDtH8V7OxESHc+EzDji8EvvJOe4u3oxZc/sw9DlyOnQU1K5rr+nuFUZ3Ul4zRM6Uj8D+ZsL/pGyOKgT6nXIqqpv1yH6DFT6NvoS6XN22CsoFjeSf4QrX6NZ4Ik9bOeTJAHz+mzt9I9HI7yTf4MF1KicXtlXiCfTIL4SbWsxkGbf3NAKj4K6YUHtryKA8y7K0iCgP8KQ+frAXTsowrHwRFM6Whlf0irlOSXkIXX+ik1dHw5QeRnzaEAnaq7EokW8P5ipzC95zfqbzLZy+0Dv+KwIY3145QrvK9eWF4rpfzamHnW6u09mYJuLxOfUhP51q5Asr1CgNTO4jC19PIxIz1GcS3hYFRK3ao+WZdJJ2szmDRGRuy9+CybdQDvCr3Q+EmUuybUObuLBYgMUTEOWGAhsxpg4+0E+1PsSsZ9kAxhmb/mS9AfKVZIg72oLn1POIPySIq7r/pxzy7Myn2fP1xTg4CdEoM0zS6xf3D2ltc7m0F0IL7qoYZvljTg1E7YHw8mzO9lPjRkIlPRCOQ6i9osHMlzSxZdRD8FgK66NsqhwVgY6r8O74ts+cRQXvgaifnrj47JicYKMfjiX5cIZScI3mbO80LGI+PnnuvOnneYr5uZJhMbImqHd8u2Nvg12yhLejVn3/U43xA4UVmxk/mkL+oXB+dgvnNgHwKyXWFpErLy5YQGWJM11hHIKVgayhxXYfyI3kyCOpXwK0rgf0Cnl0ZuZxci7bfJJxaBx8o+gt8LzUdQs3RiDk5RxUMf6c4kUvd0XN/91K+MNB3XxZUvwczrnhEb2VPF/eb8x2+uJ5SYWqDyl7IXr6s9K3JvhzMrlO4FC++njienSjsIDF1lLYaz2rCaOw3zD/BL9QRPxrI77nKva6qyi2mbWZ2N7XuzHGvBMgIeYxQoRBu/Knvqr5eXLDnld1spAThifoQZjPjGiXExh+Kt+YJVFxxgmunIEcCy700W57X9++KKUVaLFfpL8es+7nv1VYwzBYuRUgORDitwQsSTzUHsWjxzgmqzrPTldNaJvslmnrZjj4j+kYLZeP+cEwDrzvi7iJF6+/Kw23LszDybgyZQG2YG4wofHSioegpU8Nv/PqFhWrz72DXnKpzqMH/x/AuTy2q3mmX8hV8i+azoRmK+7yXsJdXC3ygcytomhOMUxjbE/YvY50b7lfhgnZ3bI5O28d68pqmum3oErZDKx8SXdFdN7aN81risrYVjaAmxL4YVORh1uZzcVOe/fciznJ7MqqSfSHViR1/HkFzbEFd+HZb+i575H2Yjw6uKOsWO7zoJ1W5MA3ZqvOXLMcpnjLNVVedegmMBgTOWnVtQARMkLLQuP965TQ78H/uWGagMtBFBZFsyoUcwZitTlO7rRWeqO7b9ontEEG0d3eXiXS/BXOGevyry0dPBJcJ6Y4kWoRiEO9S/6eCyrYIHFGXlpX7v90P9NK/mN20MIje0yKhlrdPaU5DFy+HFkRNBJeDE1KUuhoHjKBDUkY3Ddejqv6eE/iPwvxLc1ejILDq927nFlHOeOBhnxgJRTZBFpPg/ypUIEkS+u/2CNCWL0N33/t13XoAKLhfs+F0+Q8z3Jjgvajvt7aZL5LP+CHiqBqv4/Fi1R1/L1Zeh9z2Pss0+E8OR3nzRaVm0a/fqF9dYem9bEuAz2O/d8cdodNucE9h6GQEqfyUOtg5M9lk+d8DaFqSukcJwPhv7/A3mvurbZg0JeIXSzt+TmWgwJWye1RM4ePpwjDW0k68Qj7lPyY1do1i3+ro7sFXJ3H/l2LoxIrfw6aCvgNif0sAV8/qpV6YpsWZVA27aXcFfqoTZNQ1GGrFs2iJNqzlQlsoAS/O4ocCv1/a5P5S5xOhKUXxZeH0xrcG3fHLUIAF7n+JfwYAo7MWMf682gWSpmNOO0fk2349at1QK+y4eVFn/nXR+BmHEr8UIcTmY9vsH9XkxHn7/35GXJuOO1BiIdUbBKZlgRh+I258NX8NBag+y/1o2+3fJ1pdhduvR5tDAadLWFvAJXdddygGdLAgPoTA9viveYdn7/mVsgr9koPaltKYiUXytsmAVIv9lQzqkvYApZbkOpMtCG1dkk2q8/dfuVRDR5xB58MW+HMF47e4VKri3WaIQaz5IP3TDqeP4AmUZ3wkRZM0Yu7Nr6n5nwOH+bhqACVfYFSzVs8DiBzL5ao1ns9ZfFTSQGFjW6Niv6RArmVMz935Rjfk2tgbhBBFY/WaTY0ym9Q4nHqP9AoNZG6gxuNxPSV7kBvv5Jq5bvrysst5cMrc1jeHTf8dqrOPv/nzEFKWdkzOu2Gci/m9SE/+rCHyPzpfHoc0nofkpqF9WxtWTlGogAChwHsufHEz59dXGueUUrwzatXCwuAGCVjpBGvXitlL62GfSgVjFlzp1dT0GpE0KTZ1q3ynkzsBHW9HFK+YO5v6L1ohS4G1qiE/THHgPFK4QTh7wltnhOFp1M7s/PMWv3fS0rRGNLlFt3tuKuud8wWXkM/PN1RIDFc7hHcrsX9Y0SBbyfOtsRFF+f3KPPtyrvwCoS4j3GTULLxLoOBYAYG02138XM1HVmCj91L/468O8wLccvkjDCK7Ns4r+Cxh1LyvuUafBLUZsjdadSxv3+netGl73MB4oUcR8VAAtqSoYf0RMz/My4eE3CNIhF5snL2grwCA9DXEuY+KX7ztIRT1jrU6QyBqI+/M58ciUv7l6AGSBkqchXeS9zQRymAtwUT8btqwYL/uWn+ikvvWD1fR/lbpi5X7PV1aGzjnL4t7wNIFjjzgHBCN+k+K19lNILOtK5ublyKYhB7f51tox7gYzzMEgQHUAUy1IR+rcq6SBq89gdLWG4eWHrvgJc5pzoHW8yqBoMRCFor1/gUEWHRH451gcESmLWaDepJxsbpVD0+l5uRDfpQo6f/nCXMd4YIPO61Ksv+5+SdtJqc3yjli/2BZXuhmU6rwwQqMaJA9tf7WhAHQgYD3VDYNE0/e4fSUQP8vvoLpIJzKv4Nt1wIP9CzBoAgZzbtOnBc08Ytp22EBRX9QedF6Nwc2zEywyMvFyjZyIxF34ML2ZnAmD5Aksg+OcbwSsKVGt/hB+7YCOiQFiLzIwbzRKPvryT6tEeJXotZPqtrtdGFC4uqeoHFjwCz86DIFzpARFI4sk+8aTmqPafoN8sQMloA/y4X0e0BtJQHLo2zrURQmuNBry9gtfLQgCLJmBSRdrxwZZolblmVSSJ4q2J+nRzggJuc/WwZssPyh5XRSGBF3oJ67okeR9WbkhRauUUIWZ2geNPk8+EiGMqt3GJGhkw7K4EGCQEet3wJy7PU73N2m3WPXq8/yECUG1gwybRFFHl9JYT3Xkn3Xz8OJ3q+PBydX9sMmQN26htMWy06Z4kReDKzmX7CwCkH+PHSINyqT0rXnXaZGYfZJ0fBG3JukIsbXQgpT4CHz5buZljEHI3wBABw0t7wYBVfdJVA2r2Aen3v+UF4XxVz+VlAm2wld6RMlu6llEFoN81ghnHeCmjCHuS76DzGO7IWDQ9aBIG9Dx2gd4WXWuFp6ueXvsL+BeRsfTzzamXM7eROyOUu/CpYeQ0VHD5oSYimayf8XvhFFmNZvTZpdI6W2gnkaZ7pBnEhoXl3nd/hJ8VTTBi7+McVnP3mHa8oDvS7oqegPOuNriddMOSAxEiSjMSUoMGHtNUuvOwwQC3dbqGs7Lu1YOlZmXMEwA+APk9nQJftN0FIRkZe+ZjaUgTl0HNujPhym6YChisAne+2ntTtFffUgM+xMbGygUSMxploYOskQ1MsJAtlALOIW2EaD6JV4kGdIgJCidfZLKYvUBc5pEJjBhnBbcqE7o5/OpHgIC8QrZMMhvYVnZgeJ6TUFfxqfDAKQcWFgKWq/TP93O5guT7uwxliEp6adX5S/BxvHszKj8Z/gPP9PvfZxrgg5N5MgiQeoa/NLTWYkQa55YaUUC4rPkPYtW2XvjT/z9RXcvkb3+rEVLIdJMy+GUCWyLbzRJ3S2lGqgf+OJK/3SPDpwIUMe2Xgj8Z+pE8avR/TmBJOK5uKSgmv5y/ECMaehOmufDvAiTlZ+/gX5TMyn+IdffE8Q74Syyv85P4+IqtPCLGxcqGCHLQjLwU2v8KOtTZqYroN3wo0sm/6tIyIsTfmHrOtTf5mX8XdDazstaN9WdxheeAupt52ucNgxyEVRQ+WRBGadr4TypPutD+0EUuK4fbNiiwSXsVtbNGMRkGpj7gBpMINHVg7QxnV3lVwuT5EiRaYYWr7PNoiBGrfT45OR5LltJFadIKyBA6pNXjV5rSas52sMh/pLz5ZFDSQ9ifV3qCjfveFaQlDcKtjEIRb84gQK34ogPeWLue9moTxBUZ8mTvmwTxwfTBDg/ODDJI3H3EAo0hqpVjF1qRmBfyUibv2ntwLC6l9ISqy1f9BCopb5DTQryNwDKTN0H6lzei2WXrrZkk2YyXSwZ55gr5wrxvSukCfjt5YJuwSbfWieZ0HDtgP5V2kcPHTrxg/EsnM9viEkQ1hUX0FX+1wttL49y6zzVfppNhBlfPlDavJ9qZyjmpn001/vWQuDt9/3CmeQHpnnMwMiEK7COaPMqc5UPrWIf1y6eDuqkFMsD6AOqZWOVq18E/LEYzU20fUpDsXg/zxVe+FLMklKral07u5gQ46x+sT7KtiwLBNnohCH1w5B53RCC3Hf832DChNEyEisOt7tNPONogIu/aU6ZBT8nf/k3UeEsC2dqufGERP/qX+EKE/WvNHzW9PLdgzE9kl5e4BRamuu7qMUIQmV8KvpdfeKgav3XeI3tzX2FF4lHoDGPPpbsR4tJzRxAPZDchw0vSuWTFDrTG/AiZfyX4cjMrzMneu/m36hQ3MsLhuIoowHnZnBaXlg2JQT6+Ucuv5qQfT9Liju93sgbaqYQmPfHqfBUnzCsu6Spp3EOpC5pPHQ+yI+39QfIgwD9TFKoUBIg6JBa6EPrMpfAB+x6CuVApWhQKYZhMsX1HfY144SQJ+HC+S/gGixyvZDwWjF6DYdefbBDDmRWF2Z+o3h4OmXhCVhSYYQxUFSKr7bDlioY9eoazc/f1/rsUQMl9Zr/wS7Wy3Y0br2xrJ5Swmp08M5UHWdunMcOEISatgOnRreLfHWV6I+MUfkmB0STeYTfj19LiZFzz4eHR79CMY5Sy1sB/jEB30IqCyEeOzc3jvg8o4AK0Znt2kUh21YyX1YYXJH9MWXO7POvl5DYhXuJzi/KXBZIGTgRG4+/3qzPHg+Xx47wV1+PvQIgFx0KvNLtpA1Q0ynH9X5/o9LErwbjC0N07fXlInCNw1cfGRirWr/QfCX0EjL6zfVsVgd2vV4ARO8c86/V5sUwzBoaH9U4Za9OYyWq5TG33JwOCr6YGfPdKsXh/eseGpmmiEl7b8pisDv7U6VIQX0UlnQyWhX49btsZxHh+uCRH1YvSX9kUZfyMT0k9rf+NVPAxvyZ1SNT083C6Q+ZlYQLIlQWhspuz1NM9iBKM6MZoXU3RY9qA4OsO1xvZ5SEx6lCe6C7TmxbbsqIHcaINoczkTSmGEpi7MvnBke+HWkHlv/pBqunBRT7UFCvu2WUmWRYGF/eGwv7PhOJtx2EaAFIvH8D9jJroJzg8K+ua8rna9OieKtDKfeBY2bZ7ULEGnWy2NcQNjfTiNMyIlRea9nB2pIvSryEr8t8ttKeMLZlXianeBIPk/zf3NW/YuhBwUGLN11JGGBjh7IFDQCQbBUpGF6X6Ob9xao56lV9lKboz+V0TCcLGPq/EetKNWE6iIWLVOczfj2uP15vO3QGgQYNAtE980vzDZy6FvKtiQqNKp1nweeJQv1U6gU688aP7Shjm/Q1YCMEmTrCbyjEz5naiwSOZPSgrtDNZmUe2AgO/LqcxlY0kr6AAwCAY8N18a9W7BjAK/CipX4R6Kt5bduar/93IBFR6+FC9kTMChjttb0qJxQb+PvvAybobxB61Pm4OpCs5pxWXTwjvplO6/4hELtAwY6zZmvTqvIjnQsxBq1lellfBOCcjfsRtbF28s93gryQpKdnvRsQFbCnVlsOO9HIwfw/9t5s6VUlSxN8mjSrvogyZsQlEkIgMUlivmOe50HA05c76N9nn4jI6OqMyM62yt52jv0CH1i+fA3fWg7unYbFmBZZ+5soNnPfJOMTMKU3K+7NrEn8XFM49C0b4t73nUd4Z7CssrZ1dgNVgvGiK9powySVLUYAHpoFjru81srzgrHT/VUgiYtIAX72LayI5FoQoHtE77G5f+hyhc7YDBx7tRs4tQPMmF3kkfZK6oo8nmc14qpPEpFvqrKfyGTg4kN9K4KMcZ3C7u9Lrr5iusYQx3s2dyDJ8irY52JqHwCSP2hyuy2UXwJ/H91pgq6f0zRxwytK9O3tr3IrcdoguRWKypVmDKxplqgiz404aOm85Qiq3OlwXjQ/pp6EFViS+u5S3Pe4xcsf05Q33AyjSSrpnq++sk4pJSq0QGRK0brhi83ehLBk55Q4z4kM3w47P69FpmVYiLI3bpXQQtKw2r7O1ulx4nFUNswBi162wt/01iVGCn4tcpao1dPUqUmKp9mubF637zdvPm+bZusMWbpAKZEikO+JJGy5++TAqIj4Wqssb5/sucVhsGhXPUZ7j7S7czeHCFu1vgY6KSumXuXZKdBM9uZfxF5bVjy+0s/kfC2eUqyzkiii8+XEy3k+AvB5lxN3Yydflu7wRKZzd9/U+WyYz/MH9WwusrkbGkXycC4RNQfQAEk1uYkMDC7E8ScdGjoVO72GkWbXB1yzOq/Pe85gt4Z6GMhs9R6XGpkSphqDtzHXTElulUwqyaVGaBpAVfJr104EAogHq0LwpfOsTYh0Vyri+5okytvg+SjTq9MtmChnnUR5HXO4xoq7utA+2LoPp2BC5p5BrtBJn9z3laWb8wUuyBgkxTj9k1POM3JqP+/cuVTs/elEiHh9gwi6omTgL8Wa5T+BwyUEO8wmFRctFtZPNlkXEbdz6wYiSYUGXdxZYQlAnArDJOX+dhZBq3CgZzEOP2DlgM8KzgTAlqYHesnERmJp9tWz1xUnkxt9UZsze1euT7HoOKGAzItnEL6g5nCWlLLFhVgynU+E9ozuYOZdHPlBzIQohZhnhmbH23z0jkh8ApT2ZnDU1HU9YcqBzLuIAXo9CwgVajUyM/HMPN6u+GbfFNWInN+ntbBeeKbQ248njEzc084gRpqJLT39xqpVkk4WX353tjwzsEdWLDK2Gvhk6D+shtT3VONOdf2eBa7S5BMrIKP1jq4V1o9b68y0Kr68CRs/zavI9jfD9x3Q3wDde/2rjS5+A98tO0u3q5afDmANYg3TikF9Q22UuF/lUV48znZsmej84EZT50fRvLsuwbpuoKb+sQS3C5af38ErASbx/f5Y6xaU77gju67J70axgofBgLWXI4O30emySdr6meGnbCfEK5zHWZSit0ECYOjeXo2DlQx7ZRueFeG7ZqK0LfOJI8WTP9m3cUTgTnwsC+IZ9fUgL44o/hvO/Rt+jpt6fGdbBK4AyICmGwQdSOv1UT3CGhiGHrfmqB+j5bdb+PXf8Eu13KKmisYeMAj5luLI6X+SR6P1uEOgyHH9ycIxPe6RzHErjbIkHf98zxuO6+RX3zASOp4I1xyWS1SWPwTsvzEkC482d615pWLxonBNCy1HrM+U+pdvv8O4ltFRLQqT6P29bPoxbZKm9srrH3fPfTPVYQR7RcDVH3Wkpmkht8DNPBrH9cs9bxobcCsdq/JbGi3ZaH+bw98O/P0/ye8Vt/xWxK0/FzUYrv3TAbz4rRW8/KPZfvXT7q+ncRj7poguTdn0+3hxGqGZE/KPJnhopj74cidoK/U0WeMt+gtqXb0+oVLtL996I7iMxn/AbPyoBzn8D8Wlj0pvzOboT1T8van/NtWaDJD8S8wIlPqTkOEE9SN2P50cQ/q2+ysR+kXIf1yqfgj4rxEr9D8iVsg/K1ZeP7J933zAnbqpo597fAZZ9+0h/KkRlN4wZMFx81sF/eel8+9PBva/KZ4o8a+Wz3/KNP3QPXvl9H0UP9XBmDX130jXkHot/JlVHqT9DG1yFgDZ8fyo1Joh21vhnN+MI4Ctf1RgyyyBBSOUsfPenB3aKBi/c+b9XMTZAmXz/H0CF3qj9284e1zCLSlhvLIAWcQumqBg7nomfGuZgg3JPOGFBFwzS3iIhyuJyys5B1Uwyzn7kS/MFlZBJgph6wqvRnuLm5yJiXczWxdLkZ/rsCrLELnPEYdk8oX9iJy87v9n58qzlkF73+EZFaWYE5WIp6m6LR/HBsjr9mTEAgH1r9hzYxNlJRYllxHlwuJSfsXk7YmIHAvPe0tk3vk8NxGR8mRTcnB9YcGzf68Hn3nFzBz2BX//Vjd/TionY0q2t1n2v6WzyYX8V+3Z3+t+fvqzwBjdqhx8MD5xM1aVu99emThrmZNHtyutCec0vCWJC8p1/YpK+XMBz1nlN7EpiLwoF4KUuSfo+zopWwHG85zkPNgAjZDmTcqNRX2D+oW8yIAHcm6AuiKoJwJaniiot0h5gYE6oF8C2/sAfak6S5i5+AHPQ1RDhmW4wgWgjJ0UzsFA3yvgAQ7awzoEGBPs/wPKjjqg/XODzxfXnd4LgcrrXmc7ngHrPP9MI6ijcHdO1mVAW0IcfRvIztcLmD/d+D5fBmVXMAfyT9+rvMF2T1D2045dlaMdJnNXMN5igp9EHu0cDMgBeCaxyZwpy7oxyVtBHmUFIRsJbIfIuSvvfW7sl05nUWDZG/S5uXs7MJbt4IWDqVcZlpEKB/kL52M/TxDOxwLqAD6zqPyGMgJ4uSWgDIwllxfAJyArIqFA/sCxwDormNcN0g1lNIG0wz6AnF4JwHdy5/cxhs/OF9CXzLFwDCSQO/j34AGY932cefCtA+UR1nmu+5xfQPv8yx+u+GmHq6azABlDlfzFHWXyMSZ95z1oL392ekEdeX9+MYF5W49xPkkoMyqQTQXqF2zHJZB+QHtAqpe9HaJs4jG23CC+7XAop6DdQdtvdWRORI86Bv7lD6HkP3x2iIOHwX6t6g6sC64NQjnket11VYebe16RP+brA/vZDhplQMcVfe80FpsCygAdmKInu06perK89z6vqw50F4yfhOPfebvLHpznQz4PXhugDZwHKIsFAscDZAMBerfrl7yFHtDn9TvvK9RjKD+AVjBm47AVxzggrQSU813Xt+DQXR3Kw26HSKX4wHYA94tfG5OsQHehXpH6V0+BvK9A9zBZBzMJ2oP5gHYMyjQpHzxaDv2Wv3J73fs56gQb4C/gvYgAHYb94PIhq4QMZR220b/yrB99yHmCgjZg7PK2PxvQ9yPzYPzQ7qyQvkPeRMCbvQ6wTy73Wx3wzGSVf/QCjj3fZRD7tiOPOsBXQB5A+/Ejy3lAHM93PuqhJ4i8y/Chc4cMsz86hx26BvXsuXzbbZAvQAaQfUx7OxY5ZPiKf3UHVX50VU93uoEObYfsOci3zqZyh+wBG7N+6V4hTbtP0vljvNxuI4BcFcBGsoC2BIW0AVuBATudAPrRfX6BnIF5ArwF+rYFxNEG6OIbtrl+1MO+gLksEkA7DubwsEEctMdQR/cxoFAm5L2NjO/PeYM51WX4nK+9BLZNf3Hgmjh0ENpIkfjaB+Lb5qPq8ndOn4eeANv8nXdipwXwSOWK5DfeHHb7d/5BG8Qp3G88hjIHZfa3uZFhe+R4/jE3QA5XGfqmX3WgTwvQb5193oFMAZkwvrLpLIc+iYRq7PIC/O1XJoCvOugWt69MIAr3u7zCsiv2y0YDm3fwxvxNXuGcQJ/4lfuVhbbkK+MGDughoL5Bv73rDrA7UL52mwD0Tc4dIB8J/Isftq74AL0HbURsb5NBPj1hG2DPDjsAZB072gRfnyyjx3NEEtp+OH5AG2yz7Vhntx1wHhJI619dpxaUSdnY7Qm0wTj0IV//D+a6gDjqIx+2GdqNL50B1FH8qzdQN3DIC3WXtQCOZ+eNAnQHXgM7AOQ3AeXyMd6NReFfZccT8P4xpuO6gDKFw/rH9TEPxxiD5SsjwGbuY8SVr59TNiC7kMfZTusH8BeWg/lyvrxO4DWwp1//pD+xgyb4bDgm6K/AfHLGevCVJfZrnUV/8fkqQ51Dv3K2yyCQieWQKfE7Ptgm2Q6ZFlEZ2dsQXywEfGextznsJ7S9cB7352CHrgD9MGAb9kdXVminD996+CYgE+TON4794iJnBbRBWfv2kXwOfgEsd9n7IKHvVCGm2g5fJQPc9NyCHfcd9kFcDqz8xV9vIA/geXD+D32G9kDGde7bHuBciGfBM1EF+UC5Ib9YB4MYArRDDx/sQDy1QTlQ9R2LYBATyLuu7H4AtiGhT4W68ct27vYRysBuAyBe2oCcETsOz3ZbCvBayu182eUayBkcI8RHu20IIN5FDt7u+kxAGg+b6HyxiYyCMf+aH+j/5bz4bU6hfEA5/zWn5JfmX3IA7TT0ibCNvNMOcaez7G12WTqwqfy1DcoXv6qHXh/y+MXGuzxyUB5gm+RrC3afDLEkdvQRQF3Y44Hv+Hc7fvjJ3/Vo96WEvPPM2TEH1PE/9Ar6+T2GgXSt6uXr5/V9LMB3Bju2ALHDBscC/Ap+4I/gx15iu+7tuKUgfrMLB7bZ/eMeV0Cf/dUhlvyFffRDZ+T8p9+CsApk582uszmwsztukrejPcQP1+WLi/DdluUiHPM3PhNXoDfrHpPA+d9xzXU7xikfMRS0ZdvzwCvbdT36FD8Ag8Ky7QergbF+24mEcsReKNSFA+dALAF5C3raYJ0dG8A6n93vwDq6uP3M4ReHgTL5Z56Rox2IidcfWXD2sQD9wH/FMgeGIg4+7TIFnwexHbLjlF3u5KMd0Klfspkd7Q7bv8sv+W0Hyw4Z3/kj7r77lx68v8+DseWOv4v1aFf8YBfiiPVkiM3XL+ZZv3xd9vFBHYR+fecv+8XkIqR3PWzf80e3v/wNCGjPD/0HcQeUN85Af2wEpGmPy75xlbL3ucvK7usPWwPist3fOzCuwIFNArYMxP3Xz4GfDxwOpMjd+1c4A//aux9ZBH7uwD9g7r90JevXBgLbF3IH3jWWb7yIfcezKYdtJeQvjgbztPzYY+C/j3nfY8PdZuOHvBXIt92q/Mz7L5wE7l/lfR4U7vqbf/hj/g4+Jr/P++FnCvm3ef/xRX/Iy4+/+j4P+fFpO50Qq3NffMF95ZyDNnv3ix/1/ZsMH74T/cr+gdXfUGeLLw8C8hv7Ll8+ARwvfn20TB7txCNOg348L37Tx1+Y65c+Qsx1zN1Pnd1no1/7hR2YS/589QVgzyv0WQAHQ3mC44F1fzDJrregj+AnbgP8g/ML8XhC7veBrn1x0DdmgH4IyqwIYyvol2EcDOPCxcx3TAX05Nd9SMuOQdQ9li2+OCz5xijPL94riKPNbh+gH8S/seUePx9478iZAPqJL0aEvPtA+3v4QRH72p3l60uQXb+gH9j1c/edsM0CccGP//nmkgB/djy77fHCnktK0AN7BfjRJviZo+WgZY+7t2OOfvJIAI8dvgD4DVM+ni2TX8xNytAew2foR/4JjO3rl+Sf/BOhfGM84AfJrywvuyzDfBd87hEHYN925FcH8MNHwOcZRw6M22US5gv2PIUC+Z5//eIeIz6hr/ja7uAHJyFHm2L5pe97zgnibPFrJ3b/A3WF/Mb0R84K+h5g2446wfLLfu76Z0A+/viQo2+Ap3d+7HWOuE7ebQrs21m/dbbDlsB4nf3Gek/8q6PLkZOBdi758qNY1R/8tNMN5yj42uYrxJ6Qj9gvu7vnrr48OjAUpkDb94uPEKPdv353x8XEjo1+8o/7fCSwLvn7PO44fLf7v+Zxj7W/8vmdfxgPwPgAtntu6uHDYE5ml0f5qLsefuBH1nZaty/e2WX28M/ij/wRf+QRUu4POT5yDV+6sSNvK+45nZ/n//LvB4+WH/8OMPYXswWokn0xEbRfUBd1GM8c+RH5yLMRii7+5FDWY9zG8rVf2I/vBrKEfXMvANt/9hzej52F+MXM97wO8VO24+09rwP1d8+9LZAHO47/wZw/uWjdIX7s1C/stcfWezz2xUYF+cUauy1XjtzrD87yfsut496tRNz3b/noI28PXx3631hjRBCa53lYMyvLn/vfVaJ/wboygeN/WvCjGOxvVpVx7G9XlX/u/euXbk7/pcvKv9b8nN+X/P4frf/R/yctABJ/uwD4HLThHRa15n7y0mR1ZP2Yf8H+cxaowZjhliS/KrRw2Xn499evSfzP69cUgfwukX9bn0b+qfoERf2VxB8U/2uXxIm/Wc105Of/v5D533YhE9a5oGtoLSUYcxlWJhj3qwB8yP1b+ZHsO3zfnxErE3MtcnZvz+zLgxUueMnmAXx3QHs4P5jkSPZE2jVZ5D0pBwEwS37rgL+lBQAp9wVse4LtCDSPRTSldBZ5T8oeic0D1EJwsyeVwf+8KOdnT9f3QBcF492D7wPYfkE27GsHGOBvkSz7gisA/bAODIB+1d37VAA9JXf8Lo62e104rj0R8QHPgAnV9QCUxRHE7fSze9JTMUBQWrbKDmp1V5T1175w+mtcx+IBDJ73BQlzT9z8BLTfBa8dROz9rcoV9HcEqRCcIN//j7r7GCHNMDh6HqDzu6Ak7kEnTHD8WQZCLG3Dm5FJ2488f+YAd2st2V8z+3tvmv2/DR9I7K/s5385fKD/xlb+G0aVI+RN69V/sphUNzWwIDjYwkLvlPj/A4wI/Acej/z26/+CPyHLEMjyv8RelZXr0QZ05FXtXojjBMQVUTlH0LL+TcmfOxn2iYNdoGS7/FXZQSUsrJu+8so/F3++vITlxEHnXlgClBP1fwFDDbI6+bvtwcyOf/EOkw+LAzD7Uf/n4gygqfrbPfIbaXvh2Hv1EINOf7oHwvRT4dP04Z+f/ntz3wuKZMdqf/krnmPE6RevMYL54zf5G+fDbGhL78v1rC6z3x4cl403/k7Qz+SCXwn8q01DCod5yAL0Vrs4HIV/40vhQMH9T5qN0RsMB97+9F77Z9T4n/CeJ0H9WaFo8vQ3CnVC/o5CIf9ZCvXf8DXP/y/A8X+Isv9v4fi//HW8/xgax05/Rss484/R9V/V/0Hb/159gkT+qfoU9Sd6/mn0/o/e8P3NIWlNmQWQj9c62W3YPwvkS1hw/mVcf5O5eP/372L9v4/s/wT+/x2s3wL7jl0y86y+PsjjljTwRXjlbaRXIwG/9ssHe2Ed+EPegiLfX5W3lfcLEdl+IALqCW+86qeBnln2suSf+eQ8DXjzHlxTN/iwrJSJoIjIWK/PcFeEZU54NZ2Qh/vJvnDHvpcsQMWeRSJSRZbhhQVoHCBJ6yVYPKgvitf9O0ohjWgQOsTnBX7s94w/ZTlOV/nJmfzzdJVqb3t4rDkY3BlusY4MAULfTm3J+89OLKT71i+F0hgXsYRf1wh1xhH8lefPBgkziO35PSZlXhiXdBw21R/b11oycJs0Hn6ZTcfBZY2es+veXCyHW2DsW+2WTNfZ9znX6JnTNFomFi5h/7v8S6TehptNsOWKOORIHjv8n0+ZPDGC50rahBHx6bLX5ctnJeC+VrhkA0/BEDY94FackLL+oQ4P12OshzT4lAC5+owZWo6MrmFixiinOaTS7jrXAgul7cIq6CU8pbHEvkM9YUwlHzFeH5jwKsCPEF0kGsPgqrvRCr/Le+/zcRabpLKlsMMIKY2V8zKnvrd4m4REjOO7cVgXp4aDX26p9k6veCka2Z3Z3IRzjbUDUUj7mSR9T9i3dUzhJ/zCXvWCGO2c10arYLms6ObcyK9tnjJNPdV+Wn6MnWizSuFGJv3UquHsYI+Fhx/HRPMLxRN6uM7cZ6dzkes+gBUnfxTzPGJV3Q1PqsbuxWx2VVNaIn3be6d+eM4y9UbAzd69dC++cgYnlR8Tt3q+RHO+GqkZfqO8Ft8ZezcW/GAHN8fn4m6cHISalmcqHmfO8wqfz/LKE37VHdP4XTxdF+1GRdYh0lfWynHtpPhvzWrStAw/iX089nx1QfyFj4sQOqjzwFTjTLdA4fd/z7b24eZ87ntirZEUtPAmZLsVYFOx8npvuikmc89UddSi+0W7XK/7BPBvOHIMBcwWFPd0f+vjHJFC9PhSI3qXgBnO0+D0D6vccHYku+8T0+ENzdspWNaRVDT+ecyTqKURL9nRxWjeeNUcpF9urQI/htRJRVhGsyPwithLuLOVTpqK6q9wdeq8N67cLspnNvN6cRJCF7m/0xsWGPVB0Tltsv2oKNmrHtj1/julCPxaFmun8gFC5zXcTl+iuItz10MDfysmLq6DeBEuh7ymstAI+WjgdlHdoxX5VR9R/F7w2nk+P3Rox8D9Qytk2pbgifEC7qXtfBZfcB+c/RtgJ3jshNyEpuJj3xrRXmdCwNEHPFL6U3wJvQB73Q0zVvn951Ug03qGoi9+vv0P5yCmO48m3wVn6a3LwK+A2V+lr7Gmu84HpdJErNedVc978tAiSlBk1F4xmaAr5pdU3AsNo72x//BNtNDmr/tjI+V9yMIvyeUKnhELtOyk7WXyvSoV+Pkp1XYfdLBD9Vqos/gQzp8v/wm/1wQkR3txIL3ree/w/HzMQUUBP9HAbSDAMHfxYhtB7+gYboOZ0zf6qVjqeDkT572v84U5Gb47wU8g7VwyshfcJcLfJnkfV/JIHDcOhKly4L6RfaoJ+b7t24SS1nccfKAsOsPiLicIp8jffmkgsIBETHtptlU3kbTJ7Eun8m5Yc/awO8fX8b6F80ZEhzc5X7d3RmvMFXVtAXS81vcBnl4g2Mkhq2cWbbbt2Vqz7DRzTsxwd4X9cVyqSPAQhTgnu08e9pUkOo4Lv6qumufRVLv1efe60T19XbJ1gns1LKe95LIArURju74aIeyRt3QyWzx+iM47Xdx1iTI3ptbp6QynvA4U7rNzlyXyl8tMaPCQZs27T8jlpho4fOq3nE38xs9xb+mR7CERGGnwFPdZP/L+XPyRtMfn4Y/PPcMfqkrDLbmUw2ogbMOTtId7rwnNbg9jht8CLu+9LcdajzWSMRk/dsDglQLIOyeHzFuJhtdLw/F4e+hmSeVjxkHLGOxPnJPdLrJ9zKfBtawT5HGOcZJmpktusTjzxKGjE24PYdJ0KR1CCRJ0eS9bXF2kCnUdMp/JfpdDbiUjYc3i8QVlNVC8Zo2427q15WNZzjGhbRF/62WNOncYoqowaOaTsqLvsj5WetUz6LYiteJvDO/NW4JKjz7O4kODdRuZqBbq/XOE7WbjzOHx9YZZ8Hv4LFYiy5nicNYRPCGYrpKCp0PGxBQPVWVomt2YpVUahmnFH+JWwLngxBYYdo6636hbdHZ1qvecJ7boj7gbEnc/Dk5THuYzhLtcjR7TXjZOEYARVakcbn9lTbQ0BrN0euNLT7VjmFGe/ARGF860yCHWKigfHPXtq6JsCbDojOp0lRHtB5Z5vGbD7XDby4reMB8zbappFb0kbxhQBrjBhTXqN6SeSen4mNQzqmlz8voU7Ep8Rjt4ulV/ytWGytrJpdYgliuSsjO4HZALXaMSIGTIwU9r7cF3I8a1Y9l6JZugEkrcZdVJ6HVp6uynWgIhUKU62VQJjvs277btmlRonJqtncdtNkYMfB+Xf4xbNDtVzZQGld4pRkb9lS8S9BZpVNOXAirZj5e7pDc+rp1mkF+2iZLEKaNP1C4jl7djksLCeNw9VnMzHIPuNhbVgD2lM32e6aalLXNuO5e8rAp+KgbkZeLBE+hQjOsSmP3hhAkxX0uf+kHZJ+p0g716IjRnehThemyOp5UciU3yLNVr6t5dWuEVv09A5xq/kpw3AXfO4CVFNubQR5UJX/N8x09wR4ehPJ3EcphU+NHz+dC7kw/P8CBzwT+jj4Di50wrAeIZ/SfcbAgxZ1TXu5tAw5172Jtfre6DDVQC7nkVl4/WjCUGGq3ACVZ8faDjFeqoRS9qTbS7Sbglg4ppjxXfJI3DPgt/H53lbkma4kD55YN+Uv2m8pOV9JmVwGq4exZjYO3brxSfHE1af9yut+aCfizICFlYjSmAZuR+jIAwWVuMM0y9qx4HR2Zn4tN7byv5utJxAgWO8l5ySK+4cRZ9TLEvPoHS4oy3Rtf6JAwr0DVtS4VBvVNXNvtpOhf7DOXknIVKFImavdIIKtric+nVTHwobgO/uo9ModO96AYMTO7ggadoFoXghb19Oh5MldVHgREAFbq6HbKffuWGkbMku7CQ5h1BfXheQizDLajrdLq/bE9+AdK3d0rfurMRoIyIBif8BrwDxDE3CMbtOfjcpfka0TWwXTiuz8trPvnzdRISZ3fbeNa2dDo7RHnvhJb25sdNlFFTiu+qgJDPezDyUQr0D333I0DJzNR4E6Xn0b7DEF2/ux2jQSct5kr57ITu7m99etH9xS8iR/B6c3GwtoCaJN7U25pFp8Lt+HVNe3g2oZUKsVKE6NbiaQRRoq3UAIa04hac4T49uJiND8GIGn5WsZt6n1HzUb8Ym8G2ooGI9crCvVFC8TTcHvcaFXQgBb4iPRMznJBISJWHq4cRbioWnS5QXh72jeZNkqQ/txFdx6xH7Gzfxe/m1VMT5NyyW8X1I8XXVGbXnoI7vcFtKzIv5f0bmCugTWVfKthjrgpJwnAo4ZVGkIY7eDF6qSYvSpdFoKQdV66cUjAGI9gH4iw4u1N9xHwvy109jFpfMBncyACmJjL+TK4Gsa4MnU3ec9heUGcuXE2RV28MlUrz3QczB2jNU/Nyer0oXPyc3N0vFtS+cSWobxI1blgK1mFxUUs9gUBXyD1fyBICSaj2IzWxkvMFlTTjIYN7pkgu/ZSs6f0ssG6qBNTypmJ6D9oNiqDyqO6TaSWhTV7D0+rvu4hh74BMGDyL/Y8oMs4EH7y2HpNe8k353HumMNb9hNaiExvD/SihJc+GFw1ZoAmw1/tjumfhLGOZ1Dk85GKp4gnCUI9RPNXnsFzEbf3MGMqZs+i9Txqj3SWlsSwKwlplJfcDASQXGLn4Wl+uUCZd6zCFdxZRwmqxTfZ9/3jWBLdzwJ8II6ESIkYucMDqhbjiAPYxyVKLwny6Dljq+j05+KXO36Ju7Ctc7IcoQ+YdhUm6NxRTNcsrnlHxK5+7NE1RnJruPmjzsu9mV0rI16srP14dkSQGGNhT53TlXMqOOMTShUGF4SLtVkPg/Sj073BTcmCXFBV/PbjQ8YLPeFm1fPLufISWG/PE/IcA9QOeWsW7vHYq5szy61q/QQkKZUZc+89SnN7naAfLYu7dajNWjcmAp5DxfTie27za90HDk6XCJGSCHH8r2Jq6274NMa92jEC3ZR4rTdz7T6m2ShTRI31HqIkvXoc5e3wAEjVb7E0Jtmg1HemQgzlmE0/wWOaNMZdHl5m4u+N7DKw6DCY/9VJa4O9Tx+eVyljMva5e0B44l9V641r8OXv2GVjX9kYINUAaECYOtD2t1e1m43emu0nRh6D7NidLOma46pGY9im7keSwxC+bFKozA/A8mKNckd404DN32ZbZQGoYdI3YOJZS6no2T59aGMMUtJtetkmdaF5hcpOxFh1VYGLPl4HiHir5mmtnFim1twsTsvMjzktrF4lio3DTQzDl/Y2uq8kmxqpevCp5KFaIc9hsNU2f69PFFvxbGYxdDznAxDsc4YMkYzSKVF9jxBs7WiXHp1KwCgR0XPdZWD/c8qf9cIsaJp0aR36XvbXYD7rTPDfDLjeZZuH+rlX5oj4VBMkMy9nopA3lyHEWtCBLVTCoH3bk3b4ALj8lQlkj8TXe1VOddtfcQeitX0svteONGoGOUQSizPxDmAGtqMdzPIXvx6694S5gjprF+6ns78GO0JVcc4kC1ig4zWqliaud7+Mgm4hETdqWG2rf80QcqztZa5b6eCH6MjYTF0TNZTKcoUNvm0q4IcDVcFdzFMtslYjShMQ6f4E5laA/IXDLNaC5wEYUPIZaFXoSZXPZUZIyLGT+sCbzEe5ZOYoW6TDiDHR5J9rMx3Z3NeDeSDxCzvhLp6D1ZNwX3cMJEDHa7kXHS172FVvKU7Fva3nvoOysLIle6+Up5ycTAgTcIT45dQ1jwvIa73R1FxcnRgN5NCbcvhmpvVeGZUBCgeEPotFgLZwajqAlsOF2ee28H+guLmtickOntQ/qA/Xo3eK+m9/Q9rWdGIAMmSlFY6FUl02MmpNeMgrk/gl9VwYeK0hutkXgL/vOoXdwYVbqth/YgLD5vv9K1MzFGtJnmqqpUwYtlXLn6ugVldFjG29K3Iz1ndRVKzKYhIcWs3u/6k4yrjLk09SO5U2SVGIrMDPu5OFzl620ogh2g3mgMaZBkHMLG7qGtd9nP14eA4RTyeS4xXKi9nPfu9UnSnbCNMmxUuiFOPVJdlE2ZdXHiEEgrYcdEhiNxKyxvZHGA5krC8tC26AVQupvjJsLCL94+glPSoNvgdKSPPTvF11Aau0qlLZPP7wQNfowz1YBi3IfeJxkjZcGFU98Q7hDZKkgdLYaKv6wM/4pkomGEGK26o+SV8YH7xUXSBqRKYoUTcxkIZm/7pkRa4hiBeBtr35VyImmjBBT4Z6F57S27bi5GZEQxJujDLMVsytjJ5jtypYbttQMjdV6vTzQZgxPpXl6l+hD0TzeR/FCqteRfCImJgxWDxMHIkdLrV/Ozr2MW4DD1sALzTPJ6S5DRUONPkmHKMrwJV18Raizvi9ukiaSuPw8pWCiWJG+SANWMBrzIOhZ9gMAxgI/o+YnNd+THUFDt8OYQQ7tWD/apUGg0bI9BuGNYsLp3T3K8EoHjxWDETvdG6DjhAkEX/B7XX1vueloqjijcKn5bPJogJuRDv2UKnwO+0fZCEHYJlZ16HlMTrqK2nVijo7+InDyjlNnXpBjhoehYXp3HlK2zeSYZ7rcpUyMiw6++XPTdsFtdk0S0FxcNQ13KQ7uySUZdJ2uZW93TLqcp1d+N31OkdMNx5gGeIGGoFM5hJbR5YPS3GTmzfACRp82AESZZcquWk/A8AXFPrhSSVe4fAhzuXabkdHtLvEivqAJSvg7nhuBysUMkESct9/4HQjjKoLYMtpGwHcQUNKDj+MbDGdSx9cDsWqxpBWJIqT6+MPQMOp5+Cm+tHVJvSAkwcXuUwBMeoGnejXJBDdGfqencDCsNNKMTDklfiMCaPpKQFjLL5uGbm4je2+GlijtTIqO8q7wS7W9ntHJFfJabPwyaHWYl876VrhTpwrKK15V1iLckAHNn5OmiT5Q0XYPeMceBg8iTFZUCycUjD94eT9GKLnxV08+nbgiek+P5rKKF1hTzhkeBM7QZmvW1VYaydyzEOYigznXXye4hZzVXULTEwIncrYP6gXlx6352k7Q+8tBYwIoSK85RJ3HRHctyrwLRZ+7RlQOWeLMX5tIlsKsSERzZ3ekd945pd2TIdqcrY35KyFRA1ahKpEHiwfFeEDTU595NX269I8YhHXuQPWXSpLBZMSbrIEYyIg83OA06nWrlwB5vLIKZrvf05zfHC2Gv+3EZJ9nFoCrlGwcaJDhHn8A4jDcB3dukYOUdDfGsltfLCww1okkp8EZxjyf5JR8dMnyCKyc53vmLNJJO55pq3vPfom7WvxWZ3H3HHf01IdztimNCDOGL/rJrTfBen1ulzZAu7GhtHLcRFfyNOgZPAuTnaFNJ3WsV9ZuY+cBz9LkDcb3WXjg4jkhHn71mE06Frv47Jkw43MGpgLG+P6L2potjJV5MPed6r0tJtTnB/34UZ991PWkPK8w97uFMB9IDGtRN1dMKMjubEsUtU7lNgyXN7WZqLFNw1TpiDfab0352IXxeaVahUurb7xIokd5TEMCQU/jJ65hGOHnsaTnUwowqY+5vv4FS2m5EvAoG2ZLblsHc8zRIO1b/Z2wZ+yPiiWozYhU60YHo04W0O2sOtN5SnQ5oTE23fwQOBm+0W44KjG8NXjQMdem+6LOp5bEGEF1SGx6OEDi6yDj1hotW5T+VHPjqOVbLVLC5kMhciYPZoz1mnnZbvR6z2KVX4rwzki6SdmUQQbjJPajN29YjEsYpkIQ0bxcvKJPj9P5DZC5qWjTBGUku8Rn5jGLNPXMm4fbGMq5DvIY6rTCcIV1hUpOv2jKR8OX3g4NrsefHHno5tC2IGoMsYt1dnXanDhBc7AU4Cs+y+DGqy1kAEPyln3bkw1QD+m89W+zkwnluTZO6sKP+wHbXMdiGWarPdIvWm2aineqMPGBCdXprdgwfuwhp+JR0KrWkgl8arAWyhJNiOOsa1t4YS+3Sk9p4sJ2BPQKOjfd77YDAuqIhPmeWnk1Htx/MxQ+hZbfpdZOON+D48zgmR0fpTExfJpbgBaZN7IlpvskaR+R8hRaYshBUaMjOLD1qj3qC8RH54k036TeNLeWdwi8VKLGyIbb+/Aql7WM9ICtOhuNMH+M9qT+rXiYt+10WY6M0xrCnUPPKAnUfCDd8CVo0CgIp9B/poKoFjaw+5A+YTNfBYlOLRUPrbJtHrcvSoLIpOL5qIO8BljCMq1GX57IQLnVTSboQj618tqt52I/dRP4XWisXKmTKAjwKZgT0D1UgX8ZHr3xr6D3zMQWxvDFG35DyrNvaItOlsC8JujpLQpV836Eb5gn9z8XYsBTLp8ec79ByKV0ig2iONaVkA+VczF7wmXv4hBVnZBbuDSi15NuxMZL4EkQT1VkvJVRhxv+Q2rRK1wQfFwwbpad8DWUD4MaVocMlCwUbDUfnVYP9+1Yq9eULrhWj0Fyi4hEujcZXRjXE48A11AJt1P0jB/zuB8siEtPql2u6n4A+0mu4RalCbrW1eN+x8pw440aCpLcrQ16wXzUVpHQK8TCnc4P4qYbZOROyf1KFSzAnqNtuQuaZt3uhdr1RDunXoo4s7THkR8hj9/cvv7SuINuOAYUXY009zXh/HNNFGc/H+bjh9QjRF4MsrzaF90uTg19k68ysS1gRnnsmn0uX1Ng0Y6DpwChb6/9yIOAvlOUOtyHvA+7J8kgGzffUhdL8RlgLK/vUvrNOuUJVYwcjxsqf8dXn6ameivT957dLpW0ofeNqQkJoogywAXqoXqJtLzfF8QGQdYFJW/nuK4XEPCp+fN8HodAYWT8Ad/44lsmWHPKvJGbz6Q5TDk3trVktYeNeUPWaKhLvUFfGCqtlmjMSgGbB55bVxPVTyWbTfJlU6CDWHQx7ov2ZdWdiomKbWBOYACj+pbxOBjRILtMNwJFtdIJ9aZjUXXyFWzrsGBhEBArmFa8dZ3BqPjg2WT6OnX92VVa9BSTLtUk1dyWa57sS4P1SwWxuxYBzZeU2IRpIu9cChPukyXzqQavQq6C39DPUQXa5qFNNfeuMQKMFsYabt8gm6JPo13Wc6SwUGG7y/ywHup0nUgUw0uxMz0aBNZY3NXbGRrnW2RYPukJ7L4+46tCXDH96iWPBLjgvIY51uFNKKrIo1JNAXcAauUCm5q9Rr4rbyWjqZjghM9i+25pFP9YI9wRjFeTdib9KzAQKSy+iLanr4k6N5/7ySnT85h52qiZ1BUvG+B61Gp2xxMIRoea27qLR0T3e5fVBfqx/Ia4zGqAkULRIDr5eDCRkH1uts3HAMpBu88vHeXXDbBy0Vg+AafaqbrHitkaJDH4VE+jYB6kyEnYk849cOjTkSXMOuTOP7GBuJs8Uxujgp+h3DFdOD5JKNpQewKGDQua0y03rrlGMPNBs9LcuwOokH4CD/KYdj2TPJ+3uB8lKx6Yp++UTTznTw0YOsNS2yCk2llHY7yHyUuavDzJQp4kwmP5e17hQuHtx/Z6viYGwb5ObIFpg6+O8fIHpsomeFLqKPOboLQEHb5HTJAdqsOm11njl8wdZ2WO6Qomo8ohgqbjLAvZ45Q9LvQE19Vgdv1mnac6Kl1ggySgaQBvP+hSodW8r3wDVVDIFVTZt0a+XSHMJtXr5fWYkwj2YPPWdSVGqg9b9oRe9cVFcLfaXMK1zXeoKjcZHmuZQrv9ms3gZJOmcRWZswUiJ3ueXb8eRjLj2AvV1+F4wYl0T3Pel75+pTSHEVr/APGWXNTabSUIurE8q2AMTg5DOSGEbbmgnwkaAxpRFDRvw+vbKZVzcftZe81FyQsnI90cIr2jeyrylptERKAT0vjxtSbc5gldZH+5twkjdTHKmAx0jioBcRv7bJ6FifmljeqS1mLuJ7egESQ5NYsrzqEK72OcCeJtzv3b2XJ39kiSZJ+vsWZqySfgcj0LBd+lMhVKTxkw5VyEXp1F8DQMvjilBvXZT+aFwPfh8aF4qvngBShPOWGJ4SSpIzdgZPuhDBgs3wak5D3NC3OFbHK+ICCIM5kGaDLtCHCBpD1bddrrOHPeLf19GmfsGfTkJHDpRUly5dPQkLYsp7niRPPpqI77C1fnJ4isTvZ+6LoVWYanz67KUv34cjC0bhNipDEl/VQ5f19cXCzUUqYKMgnsdMOgSx7MlOxiQzPvpGLYjwLE+O1T9brev12Xnjt5dE481SuNIFvPMJFtA0BBk8Uyok6gdfUpZnNlzfnG1yEKSm04ibTRzpltIXNPPE0LHpLHs12S8++avrQ60yOMS7EqT73ST5uH8HUiuQpH/Yon1ObJ5TRX5ormmTYbMtn2Q6auulvbVAGCUr7qe/V0S+kA5sCj85X9lOHHrzG/ny9vIY7v74BmHf8jFiaLxwD7kFDY0IAZkRuFnZbXXUMKuq+okdLxROlXUVwNXYgISPiWyu+Fnpz006SW/sqX3uuoZzGcFhoEM2MtzNIIwEUndN2pKu7cFjIlNrZqlC4z9yauSZA481MTvGSYCf0a0BS/L5HG8+YMr2zuNm3FF6FqEX/kh1p7eEr4vG6fsrjGUZEVGQ2i/QeUB/We6cpH/JzM5360u9InYztKZ7LFvMmNJURzcAMuDdj9tvUkjxKKg9wV81p700AJdnnD/ceN/xiJraJlSHcVpTzeGh7LHYGSQZcpw+VEw4XczScTKTxnVXz1xkZcV3tVAW7Hukt2fgYh7VVjK+sQPiptJSSFLb4LL3mXqkhXuAW/KTu7uRTdVMbp89CKL+rrzkSn1yMdPIZnP9nrET/VTWFNu+qz6RyvTbN5bYLNYaIaE8rpJKPGLlXU1cx1iZO+hHc8Xm2Ou84gSvXPpRkMJ6wPrzZNatoi9J5W+9Hdktf0akf9DNd49oUIW8fqe0PhXvlRILRTb9k5h3qakSPhGQBSzq9Aa2ASthk2a1JaeOrEANfAHadR8EpU+i621kcNAxU3yvAKRG2CjtbeBSn9SSM84bLdWqvEdI+H4EuG2+0rjdZjiRlznojgghY+7DdWPwwfWuA1mDmEI7C6r2L0bEe36kHYWX9HWlzno7IrIvLsuk43Do6r1zABqRAwZixCU6T6TycWdh+1FFVdlwjaJOwTycNrGDh9lLkG5tI+CJpMALxsKX21TyFFoWmnFXCZW3g4Y+fAVQH5XpfneOrX6cTf/Ne+XBHNGzKjXXLFQy0CuNif4wyLzBCi191e5vB4v7cxooqvx/S7KlvZhlIwkNxSeu7DHuLbzF9zRrf3VCVZP61nEhU6depCB2/nVjm5xGDgYTusm/Cgq5AYntxFQYGyGgrP9BeocvzD2d+3yvJXO9ow0/7y3Wy9jqfVpxiPqLQuq8LIvSVpNxazwrw+8qTsll59NoF1Cer9WMhhskFI3SEEvsHXr1C4jTYsWJ2GekwjE39sYUYU97NWD2OO7XF+jh9sxcRyFODbZeXdTh4llAV7YxP9FnJUriaerFAMRuWm9igIECPLomSEaKR1q1qQFUq7wXCBryidfe5MwYPRLMRkVIxKZ0PhsLSKmBaEJdZy0l5J0JVAlRT3uQmQvxrPNpmK+FPyRCPWcz6UgF8uIaRZyjanm6fVg28DWAFye5RW6oZ5Av2NozxpqX/wBPI+ZwCcWoribsZLwLfwlYQx4xmzV9xn8QLcXIhgxBVZpFhuP65EliNRGF7Z23ECJd+oX1bZKQSy1BrRzreERWCCkvd5GjNzx3KEPmfqWL4xE1MwL9OTGsV8ddkN8ovlx/hZLwoRvC/nIzp4eXqAcVQ4BDT6jNRMf1K9TIedzGnZ9NnuFkUbYuaQhenNtMph+iLylGy4RXIks9zHh7ER3XoudcJeBmA/dax7yJKVNlSw4IbL2i/THwKjHe83KtHd9yMukEGg5/4xXZD+jZ+wO5v0IPxt4s7LoyUIoBLmGXqV6IyYzjIUG+BExsTY31NwsqtZhG/txht3GJVZ1KQopz5Cw87TrQDEFzUDZV54s4Y+d+wcaPodkZ2ESmIgpZFNwtcHuCwPqqTW+uoDD/vm2wa1RIjhhNdrplwq30/q5s0sF8JLEmeo61EQpF+g3ugLAoJc2l2oTbMQX++CAbEQ3ErDhaLv2wefqkjuYrezpdFfGla7LmsCV0Satb4xsgvJo+bpDG9JCuaang0kA7qQudtXwikDRhMVoYUwcRfnovF4GFcNDS08vOd6xwpCoHKrKd7QzqgIHZMtYN3GpccI+loOw4mpHr7rc7NmG60msRSVYOimW17Z5uqNQmVtwmI7X9ibWJAm0GwZBxjT7QgcyhjpGVKqt2v7RNsadzge1RoGMm3zY+UC8yPuPeIWOxv5YELA7H5qtbC1W9hczVGkqE/uPckuPMFszlr7/fCGiw2hfSHvIc09PxUfFc4kGDqQz6j2nI1Cu27P+/KfUxJPnfgoxvgcxjqFY29+PRkQOiZwJQ2ti1EY4apQo9Tea3k9elQ2Wm8lntEOrMQHbkTGpI5o6/efUr2ITJieXX0k7m8c859j9U7DfNCDKUX7tDjBkHo/i057pDD5LOMGWg0UcftMDAuDgOT1VJo6uA8w+MI77/qKu1slT9vjkQMM+0bW5D6zEW44M8qn1RPEpSZj3/F4exeCqEMeaDjChN2Qa1ZGDYlqPsEcZO4LVTl+KPDb/KIFVNUqZ8vwTuZJxuG6M7Gd/LcGMAquZCfvqY6vZ0AlrhpF78rG4XJXq/ModUJ4vcjPaAsdajB6CdAgUQ+exHWIe6L6vjrISp/ANezLidtFTFHLl4nOq1hcbuZlWe43dO4TpleR/fVBFPe02FIOQDxGdWu6VN3B1Aiy2FiFcONHhTQJ9yeM9J87WBMs6jPgJdBtCe0baji9zATz3Upz/FsOyX0x6GVp0cfS78uQ7DLupyoBLsT7Gx9jpO1q+WFdhc+8sMx5uTtF4VtpMi9uXfq0ollIzff0ouMnSoDKSFzzaxCSF4yl07u2viE2zjuCEJI+ZK1g7jONn14jfGLIXxj8cYEER60pdfNtRW7wKlagR+tK8fUkl3ztibfcNHCVt4wbT7fXqHqzNh1kEvuqS5gJ1NjPGYaSIBBw1RHDgDyheidQakyYhQWzmjyMXatbse0H2fJ73u2NnbATHKG/iIlyac+opHPTaNnvWy3Fdv1A3BME43ZJjQoLACc7koKxpBAxdwBXOwsQqeGkYIkQtN6sKeIbuJX44xTc7Rzi0APZOPSEGlWBsKsbS8w/pXrZPxLNVmy99nLMmHGzp3t26PGh8p/EdEferRhRpEI3gc+8H9K8n1N6w1r4RuLaUdhFJgbaeGlEGLYfrz1lRDf573KGx92IPbRYBjyE7Bpkdwg9rBMN4qocT4RzXq32vYeAKzO3HsKX+x2lCOGlMFTh7wfSnoBV9acOh8e90xctJhL02av+M2p05upl+RgG4afmMoYu3DXB5cy2XyqA4XN+drDYD8ln4SIEs6owc6B68Lg9AHufzrrC7i/ZU6aJgfIH3cDjs3Mty9IdT1HpSS6pDUlj45pLjSFuoZaWEXiKwxSwdYZ6/sjYxzuMZj97ngMzrJt4njDiRFnDAsITinLokzvWZ98n8j3L58ebXfCq7ianoPfw+/jQoSxuxXwpuOY++8AtuVY9n6CHgZ4YPS9PR4fpEwUDIC0svS5arK4jXfL9vKwOfQ9mQU1RGn8GyopW012LU5gkuJSu7Z7LlfDoU/y5ZkaUhNXjNi4kcL3S5kcmjK7UPvcC7rQy71xHuZgi3xCIdu28UhCvIkzXy9diWTNaZ+CoyYd4DxZ/NMvTlFzWPt6WmOnIBwZCulyS8Im/RTPOMDfLj8OaO59cYIv2l43Rc2JRyXC7sjfvvsBc4nVs9PJNGsb5IhuFGrMPLCVjhrh7AfOh7yWdzBnP68DHLjV7OyQpjefVSYQipRvKUNBP9XYvUUUktJ3h+v3MRAx84See9mMCj7zn1GCW277JE2EY3IXFTaAAcIy0gYA497MpWw8PsY159pXoHnwL/PwUDJODgA8GGl3YQrMERUcrqvSkM/DdRPIWd5Vn8p8imZmW8lu0UBVSCdm3nRXeE1j6Nw7xiN7u2AO/RGDgt/TctbGFMW0GAAXrfwj2oWZ0FgLK2w2hH/HtTOM3TxN2ALcfYzVHizhcWZl52ZRtaQvQhrdWeqzCvyiOuTNCRkikcmWBw4G2hstTnac0IfoQA4dI78uAsxfBhijBQkP/vVvQK0llsTaLakT2kX1lnetQqX0QvVqNgdDJ0tbc0B8Jlg4mg6faKwIR7lXm2rffQbFQQ8607m1WagMdOQX7mhZ2sjM6mTSsFe4xIWQ9BuKYOWqBeScC9py1YJAMuyBk7IRY8qhOF49Oo8eA4883Dtwr55jPfX0CmutCP0VxDl+O44vXU3QK3W8Fs2n2sxPb3gsLkuAv9Im1T2x6Tc6Xxl25Nzc817UieZkp31ctxpd0CainrUBbPCoNDPukxB3Pn0+qlDVC80IfCmNf9YxmGtld15D9ayM415pOpQKi3TL2enbu5Yp5/MwFcOjJxQ8bjH3JsbIInSMwuqJrvOMOXjSaNSE1VFZC+/Jy5uvAWjcfndTNfIUYAGzkLWXJqabg+w/SfSs4aMevGfwC6d46Qt5dblQaG9eHPwAQPM2rQEM/rPOskL6u+EzBIQA4fDMX/ALQ/vNyM/TYaDG3kzLDZIgd4AckB4OGnOzDeQtmNuGuuo4MFe5M5iAs5VRUXv7I9amJ1SvDoMFNYr1zycjQO5slwz2cObcDVTpr7MU8D3Fr4URQATx5yVFyfC3+9oYjgKG2wJjpkz0nZyZeruP7loo0hFyI8VKWl5krMk1faC2EllLOWHbJVVbRQ8nSxzRTmTWM7uKFyiKYeKOLCA0MNO/fz/E1FmHTaFhGEE20H8jePBXW6AqdxOo3U4qb+sh8RK4eE7l/vxbMGJ5YMxFdOe3KhC+Pmitah/LzHObr9A7UNvK9SZLOQcg4NZDFiwp9OpOyBD2VhPbS4ORqJXyO1aXaOZyCJFIaed7TNbWV0ZR5070zlSo3myP1bZy0lKVy4e51Ut0/0YJqCD8/gae9HAuH1mIi1jUkI+yVirvWcRAyy9rivRg2rD6UCWeX9+8AUW0vGNYCc+h38unEE5EyPYNbwYlJ70l+zZSf+DYZCphhdcpbr449DfeYlMZFPItU5FKhgddbH/xpRGkJvKby2YLb28iZ/QuMmL/pMYXXz4LXXO95gVoE0EVx0br3i0JqHePGqtK8acpS70aOzlPVZfpabA0bFGmYWlOA7pqnl2eNaIxceXi1FygkPvA13ic6t5RrO7Gyrmjma2wvcIuvpbIzXcyMB0xD4VROX/w9lMZUGB8rS/1kyRcII7b+dX6rtPICcDJy5/wyLle1PskwtuPy/8XedSS7jWzZ1fQc3gxhCYAgvJ/BE97b1TeSr6rX8KPjK1RSlCQSicxrzrkukXGU/fNGefJZryRNcdsSN0FlXvlReBZuVMpZN4a/pjZMkrveVNRNHhMtUj7uBACV3xcnSPA7HR7vKfuZmWKQz9Xvx3Fp/alu7E3MFtx8LBNYz1ILSpO5WL0mJVxcYVFO+cj8hczvHhiGEOgjQlMHrPGxuRHjmYC37GQcX2NkPEBCN0K3vKQC2Mi7OqVPEKNii/0eSpbpv9Zfb6H93XjlLGEemg1g8ARQyiMy7Z2shCYe7jWJKLLH/bm7dA1zGb8L1WMHf/02z0+Cw2jimwOy40gdQK3sOrflo56uyZT1HdKldiZDtsoKj0AhHNRGCaFvCumGCz9omA2+DigBJ5FGhfMmAt/O+AigIBT6UwQI2ZMArGwm6aZ0d4xyFTh527mQlaAuU3z4erER5mSyG9qraOlIFsB3AMey52N+0wdb5iRiTL0Q5cqn5LIQn5AABhQaJ/p3q+GVzYvKAoLwe17Ru2IjIHC+xOj6YxAGCIAitbCjxk6jAC3fnY7wzd6NVRfoPHLeMuEjqDL6mEF9mJcO5wvx8NPzVxnaHZabuhZcTNEquayBZxstyrZ5Syn6+tpqCJIgbRjL0JnUd66IR2bbIjTaf0yoftTIl5CWSuCPd5ILdMtGM4h3+kseKI/fSub31IFHGSYKYCQA4MfBnNM4idlfeAowI/s6WVZbmM1v78F4VppWv17fcNR1olitzcj0IEjyAt3xJuDg96fb51nT6X1af53UG7TjlM+Kyq+Dli5gbQRQ6Fti6BbPc5nEVkvkqgSqBpLHROyVS5sQmvMJghKrQAVITWfHTXHM6/N4bbTno7Vp1y8DJF7YxWxffoW3Iq8TzrcjdzR5IcEe78jrkZ5vFNR+qt37+gHQ3PthXtMcIrwgdiIjC/hjnR4tVphmC+2rmXnyUldwSeVjoAD+0T6e5cDJdW8qKCCfIov8g2f21xqZHqUebBO/ldXStqFHAv07JJInZjPxT4ivC6dXxkFNUp/0oNnrXP3CwcMA03B/4bkhVJY5g1NRdJTsRtUsw1qqDnl0JXbL4e07c+QBAcxWvNPttc4y2pzZeitxDjQ7LosUuc4eNdr27WElSg0Hc/hzoEbd/VcBq6C2kxiaCehZ29LWB1BcrY7spPE16E7hF+67ZwtHBCAY4jGuXTBTtHq9moOzeozngfXEO/0lk2TiYa6t8jzQPxCJmDYWQ2GjkPQ6Px+fBTq6uRniP2h9ntNpOCvRxeMeEEVI+se81uSMnYdYrnL0Pl0NEqArqDo/f07Y5yagQRm601YVa4OFXs0eXxEW0Yp1gvomkfwQDYoWGZDyHgMNGKj87JXiAVe0b/mVW3/y7wj0jKqYD04yeef8ivMAxeOT25F/VMbIjC1pqS+w6l7KHK8az3YBunMndtcoIAXCKW7zgxGN0qqD5kQj/6IAQHnOEuwSeX2aF/tCCg8ikQfFkmWiwGSJddvBiirKTwFK8PY0x+KXhLf3cJP4gBlp85zeeT3olqycBNs6Y29JY0xwYCAwmOHZeK/8DRaIQw3z2OR16Nca7moT2O0NxeDOj2ug/I+/7mnyrx6LtXblEWvNXnTw3tvrKxVCSTZI9NFnt/2Se0ObwyPS5E3LWQbp4e+kRVDcP3XQButnYX2dOCHg/+tN4HYGY7spMIiYl2mYr3DrG51xCCG5cc3ncCInEHAvQb+21PttoHVksqlLGWqPiIhszZJ7nz2rydtzB9blkhuGe6k6ndEyFRBfeqbfBf/QCbTLcDfNHiMFDuM2doBAcd8aL1XjfythZbZTo8AJGshJwx310Wn0uPvxfuwmxDoE4zvDS5htv1/ZgU58to6YKU2XxNV94ufNA9epf7pqWkyI3wJyohB557uLQvRVwYK0POSvRb/nSRzTeCJLsukVglOQdErA5pspmz4YtAI+xXWIy/qeo5xQkPi7LB6YYl/rdP051jAcPuirGPzkeOHGo0EP0o0lcWIkqioI2u7mVDn+/CBI0sRZbtQmsyE0B+NOqh6Fu+tosFN5ZMsJR5EMktxyeIdNBYEu1a+wnlQU+WQXHBBzx3I9CQvUEPPosjqWqw0ElNUrdCSC4Fc7ak0ccbVP1ESjhhJjHFk0Ezg4fTODyVZ7zHB95PriLILWoTqCFNFqUHeq3KNIQasETRTyNvw4AEIvs+AeXdFZz3FSEqyVcNSDMBlTmbcBpiOwyboNDTy134ow50jMhhpanZdFZtbVkmkbBnkJVJeKbXKTs3ISkHBBxggh2OBnYwyGVssCm0Te0UzaWF1qfEBVW4T05c3ugsK8OwfCeahqIcTkQ5Hq72RirUi9GCGabClZHCEzgcIMHex/+R2hh0Wz4BeIGAndGwQrXA/WTu5L2th9mVrWIEmqqTcpVNrvgtFgLYSxlH4pXEBY3mUv0gLRQ4MGmR+NhHSfIvRjrhkj4SVvpU6Tvj/7A1HS/TSZWnTEDyDkYw+z9a8dIIlpG5f24wqhTyKn2rkTRmS+XIwEEZK4N8g6Z2DG0ay7N1HJJwCAcM632+/YTuHMN+xAvxmbU5Ouk8Wq07zVfCSzzedxzIIjqoYRDUyjE2nsxqob6AyLV79bfE0mnFJ+M8QFHVJZfqwCHczBB9jSrj2bJPOJx39mBDakIxELGhWj+84MRsAsNgPvD23KadFtZI0YJl4lMUdEacHR4LI7MKogNJIn5XTaf0mm0VbBixveh4vZwLmVlTJfaIF9b5FzfiGnNRAq480EcgVLRRkgzZI6zsoIMu4dLZ34A1ZYxUCvQ+Tc0+Ozg9cs7yuzLuFn++jmjo4RXIZfSrOOhy85p1t9GGHzv1IOVpB50mFL0vuzPJ9EFnK732vl6Aooem4dl4Ct3sk2KTgHJhgmIh2GeBV9grO8C27/qX4HmM0R8GgjYeTM09Ja4RcoU/mcQKdZ1NnyOVqTg5A5deJ+hYY5zU+6RvC5QdUfkvjlZCBZ8o8VikmylnNEBaGcXDZ2BOvdU+kFcB0veJR68NDJuNH0VyZpgV2yhuEb4nghAAGs2hOyAA5xXfJYV+hFCtRXigAfI16aloPkjXQ9BMGsVoLwNYIkvU8wUSBeIpiya0k2SLN42jvf4Am9DdlG3uHHGY01Dr5wPSwkDq4bfxwjSmmSNnjXwUUjRtoZ+xmXtu4+iACXOXwdEQEdCa6ut6S6MTbdKqYF6CqMGj8XU10qeqVoMqH+uV9CdNJprVWF5Ca0eHiCqEy3SdUU5RaxSA/fN7JGhYHciQQZLpmeGMfwh1sqwMoIDNrE8keygJfzyeCDoY0cwj+0A2YvjPAdGJaPUByGB7jocnKs87VgpcJbBprvCZLhHMtDnOi3hbcklryyCOkhI6knV42McAxsu5rWtVsBQI0kaVmpsYp7kPIy5VJ5lezO5qRrv41JpJtWPJJ6Z1L1mh6v4I80B1rnpFyiqV8/dfwgF7kh0Atj14ONfn11ur4VLxEHlihOnMx/wxFMNoqUHRRCk/O3l4997h/h/R+QUza0ugJhnse/lyGjMgBmTMeY05pQFxDFWy5h7kfFXx+XTNCbv9OUvqXMqvDe9xvs1x7Ww6b8db2scDEjG6pc2Nh9XAFb+w4pE8Ig5rFm6lUQawbfq/qgm2lvW25ttnjbv4/Z++sQlYf1IVQH82JVZlkor85ZrPyuoCjs9RZHwH6B2OughAxNsgcUJUSfdAE7HXE88iTswr+/+eLTqeFrq6LSmi8k0t6xroS/6OvZ6KLyBccrUhIkrcQD0TP8NjrKr9Tvr4Oq2DpAf+G3+KueonGO4Q7FsVjAq5fO1X+9tGq03GE7pNb0N2/GslaED6FE/16vPSuA/DiMj/ae+RB/P6aSL+ST/WTolCSAaR6bVE2fhh8NuOcBb/QJIouuW9cwL3TQKnG3R4hbUDYkIoauYu23G+1kCXiG4TLA4mAIKQlO23BbFIaZvNV+V7bgfX89sajOXT9YK9ccloNfFu0mIK7QnApMO4sheiQXPR6Xd1yAKtnZD28SqG3fc1G4VLrJF9IL/ZXCTiBNQ4t9Z4O9qMKUZWR4WroPSbtdmuyKIGXUBfQDncxYyHD2pk9ATI0poCdN3DNyUAKePARN5qNBxSYAY9Krv3MNfuxL2t3yN9kvYujdf3sofoNm4LK6Iw1/MbxpKwg/4hCWpuYF4sne1xJSWqO/50yzKyvpYGqmyFOIIrIMDmA3MSWvuEZHuKX1BT2rvADWapeGyiM27XXSYTi3iHSyZyHsVCWDt4KmdW9FNLUVfRvy8v0AyI91MfvGpiuOrIyO2cnne0tSukOEzQDLXHqmlZRMeKDZkAIQgU770D3nWBgb2BJgWOtK8CB6KT479bBtYGKEX3WR+2FKIXEr46GtSFtV8hcOp2nXkRK40F/g5EU51LcPAdnEm1+9/7uUtWcfRzhLZid20AT3tj13r3retjkDqviLvee+9rPzbPJAOh4a0ujGzhHnugdOr4+AO5bB+1zZ3V/reyUdjzbh4gmoRcQdfknrWb96Fwi77kg2BRABM5VlNDCa/rCpnB0ccoUm5A5eiePlnzs3AqHew1tAHbL0yuoMBIpnWMypuH5fCfQO0di2tJNttlV3+qAxIAnfESDalFHlBvHgoK9WM1h8GPaXRg5ujvbUWOhAJIzl3iQPOuUEp8i0nxPSuQNAgllF1sJY5U3RHpF30ieDIkD5wPh3NEL4iociirmJxQcisD5YddFQlFspz8UlN7rB9gNc17Tnpz7SE9nv5J9fXEBV2QefSia4vmVvgOZztmJYYBfJ5BtPzUPZi/jP1zQFu4IUPEsUrvCpCgsJD27EtYdH4bMi9NCSIt6KqpWfjOxw3JX3mDMxOUkJMCpGJhIk9s6X+XFyZhUw7cRhGNaB5d6LNnjA7K0ea0tfysS22VAghGCaBmYQI5KGo2Se527yqPZtM8uG3QWK90yCzBRZKFpcXZ49WPsii4+Omo6yzWaTs/Djhf0Hsu1+NmnRgPO/0LwI85qdW0GLdmVsGsEo1W5VIOMNiJ6CLHsOfJ8IirpAfRRKI6cxRGfik/TPFgfQLtY20xF18lpFoBnqukm5C688CGrpkLAhwxq46Y63e2UmPWVatIlX/PFhxC8OLx0JvS3Mq7NoaEgRTJ0APXBWmDjnqgC/viJo3emZ5QZaYX18eg6aDofbgyfe2KJrpDiQyPWQKN3Az7+jGQqoa36//wVDjoERGi2apcf2BtvuOzDNE7lU2aSwu3mCqrhi0jGQ+ttMMqPix1/j7WGDRTJtS80IUZ3K603y1/tLi5dUGF3iQxjaPwzHr/LwrunIw8WtiG3e5+k8ufNjji8AgmDtA3al6Ht6ebC288bOnIZ219WIuUhR7dEuc3dTfoiuvotfixpZe/5QxL553Mrf+m3S0qqLP3Km5LG1a0eladLcHTMhTXibeV7HklYwgo7tkIjvtCaJ0Iybcixsr2cjTcMdA/fvq2p6JME2iWBpt0W5HenBtXZkH+mcJynwiTSxaCw55Pedft4+3EDbr2Msq9C0mvEHCNooEFJ8pM3ysMobDN8pF8ouaEtukL2CfOrL2KPDk2sPfU4YqdC47jQVVNt/qyjrQcy+/5rnzmgwyacpiZ18tN6A4TVw9fBiHKuL0W2/831tSX0FHx6RyFc5Fha10ySIIvkWDbM0baiTHZtfBL+2XxRWEBI62WVCYiK2IIZhyHzfTcZHGcOxLUZEapwKswhmI2efyvv3iJa8byDiNeMQBCJL7EDHDbAZRO530uOzOjSRjMyBlfsBm+QK1mLr+9fsUQ2vNZcjafnY4DxYjjdSeB0aYN+6td7mzhyMIc/Nx+cfRNvUe9mmx2DIuBRHwGaEDrs6KKcdy/nVC0ItluurtcxHmn4FScCHUl1Vj+VgJ4djAAHaMnVTpVLSnNsgtgHuUSFQdA9RL7oLmkKCB6GV1mR9EW89+THtk/owF/AJk/ohTSdiMGrlcHxasZfce8Eefei8exeNnlwXyGIJav4qTRs40aBTx4a8uzKNyVuPIhUHotjGaPKAsj9jyXwZ3QykUMzmsUkfeURP+UN9P+b8cOn2DkPkwezvftFnduJabiDR0EOeXRMgFX4YJICwx9Q0IrLTlJeA0G/FifMbVV91fXxK4/zREq6sCr74Do3lXGACDf7iHmYP/+m5Mq79gNevF3YT/thQkfzWG1Sep9QT6yIHyEZbjQKWKHxUaltUn/VkBmWbZrp+0GLgOOGxubNFF9qeTsqSus9b3NqDPN5d6cwlKukUCBqnIfpFpZR7EN3BlQKaBjQDbym2gFQCF6LQm/UI1Mjm+H6+KLs0MsTRNygn8L13L2No3OQJ66+gNlXWZ9NY+iZkjNZpU98gruilKpJYPhh88qUHEa02cPtfg3RDrEDbZmmvT3q8ElfZgyXxCFaJ9gpUkJhlVhBOoLNZT/h56pew040/xC04360mDdxy8Rx/WC+C78xk2x6skyw4XyzD0vJjMDbYxviVQY0f2acieUWgXlp9fTylDXuQIimwpOK3Ej75/hPPZ4QJBbEA4xp3XU2rfVHEH4bOBcOlyGZWDMmTs4k7i7KV7l789TD66BALOYV/C8At4Udin+8V+YED4YpxMdyw6BB8jEHUQmxZjbn2DtogAfkAjItVr0aofeZL1DfGmwmG3mIKDPtrOswHuCnLCJpexJ4Fv44zWQ19h3+3RB6tIOriul+vULkTOkLG+eP6Zfbo7vPkK3wHlD0qakI1xvRKWPTV+F91x14Cg8s5wQyTviuk5YSzHOJ9TzmsPZFoWkD3Rt5ot7Gb8ZbWHTBBRa2wTdTEPlv7CqWHGLg+ZTK0mygKavOn6KTTrSOFdT9Mc5op8kt7db8pGP/gSSQorxsacDLzV/3MskKJHwvGFCapYN8Xzp2K+Abq17BSE0+r0+fT48FTDK9oA5QNtl4BWAjhUG+it17cFf2qhx/eoMJr9N7wBYBkdoY8pGljG2n7C6DT6IWlSCCJ26Xi9FQkv1K6YJcRBFhoNMqlqGW0AjdDCpWEZaPKh9A1LA3hxscjQ1vWxwQnP4Pq0MTjyUXCmugA7q6SAtOrRIqYBhdEHIu/LtEiu40TgUQ6btPTeRu/ZrsFn0Gh6xGzvyO5W48kPc3pZ/yisreerR7KvPap1zcHoYCNIG8NQ3YUP7MAW/FLm4nwKG+r9qrtIViGkmD8QbEyTw8K+l6z5uEovdDzl5DAKipLRvp+LBMhPdqs0LbuT8h7bfFd3pCFAABd/1C/LlevJ1tdxt8UBgewD1ufDj1jIK/npgOLyhePPX9+T9FESPgLuuHfkJDvY20eD0VQCEb+YjkE8GpWHSBkDkTWaOgTlZ9DCTKiML22NobJA+iybvyMtoJkO9PHZqt4nGQn1vUs3y2NWdj3rd/X51bKY0AJ4+DpUaNH/PqhxZIOcNsAetYiQOxo2hSMDsMYvMWymSfW1yMLwNtfaqEHsGSv0KMKFaTU+Xzan5lOWjtN74+mac5k6oo1RVTframDCwXaU/kYrfivGHz3llEHdDWiP/E1km26zuy2Tvov+pH6J/YyjXBtKBcl7IiTDFGNxpfU2D2whMn3hXjIgARsb8xOOsIMCLGrtBHfsYEhBDApaMRaVE7NQeuN6TDFOf7ms2Qs7WCDV+9uWhASjz+mzZxBQqoAxuC1BDvUbo8rfBqQB26DYu1D395QSyIRm2YJiDmuOxKSZPYgtM6znYbMv0gPux6dWQ9/iEB0VvsyL7sIrikflEV2wwwZ2WVetu1BzfcnjlKVnqyOeBw+W1/k4Ls5tMO0ieDDP5O1wC02oj7Z800o5/uXACOJTICDC2pB0Z8FckzglMxXus1zHgn27Gt54m9TU+gjlPWhy6c7x8KfWSvoIop48C5LnyfV8Z55sU7GuK5HCFNt5ntwZpFYgBAr+CY35rPc1oe1wjDk8xM/0jETtkb3iPZCXwLWl8brMS/cDwuc4qvoSr+9uw4CespX21TWxMql/p9XTbB5esNFz44iBg0VFg77jB0kS5geyHK1WWTc+Cqu/jzHdfWaRaj6tw72OHh5baC+RpbeXEwLhEeFb6RMhGO62VrQ0nKL0rURjtV3ZQNnnrzXGda7HtgZy4bgwoMR+BX+uiwh4QH2wGfmKO6HDiL3t4VjbzoQ9mKMrwDZvJQqcdj38lCzd4FO1vsl4OChlsFcDMkO/9Qf75WLEFzEwqJASif+wnehBupOzEhc1lGQ15CzHpfvRDCpSkw8Gsc1gyUxvAZmzLCjQ7WP2syRryujv2EFhL7RRzcGLtbAUufHCfw6PuLLQbck9iji47VLPW5kNqHQw3ewlG1EgFuAFRNCp5CkZgvsRM++uCyfgHy8/nIzksVLD/edbQoL6nyf1uoh3SAWW5q1Bx6CaHTUSx53nyvEvQXsc1f3fr6HWRzbTwuqVNmpPMSsyE1c4/Ot2Ejf7hsHzBoKIvglZRRSUCvPfMpN30f0Qagl1dZdg7ZUL/rJbiDedwN0wn405Ub0z7IvMpkD+wfZCYlS1/xmgUshlWkwds/uUXwkTi1yAgOKqVXtzeJ4DzuIZggNzSCwK+KZ4zh35nMrzn8Qo0eDz0WleHGPUGoA3t2t00dO38ELDKA49YEjsDwEgf2yMZP8CwcWzpFTNZfHju9SGlk09D53mATpNT3Tm4dnjmIAHJvjjvDI2tEpg5goMOdEN9iQ7ziPN0G9d4BDrntj9VrGP9ZBj2lS95k/g36BLMvOffru6vOSz1GPSvUS4JdLPTz0rwr4QW5a6zwwM9EXZbp8aJ3GEP9iuWUfeZHnmr5KBjmgCd/TkmvQoOpsj/MzDVdmrEDgY0zQPLPRbFOJh8iGJ1TJB5WtHNJbO58S0/mPOnFTHRFLknk+iNCxL2IrUDr7CJrke3vGsO7akC2dMfPUJ+LWTp+QxNaxV0biYGDRfzBntVG6IYefnnozVL3SloK6MUDet0o7FZv8poeX3aWSkaRqXndrFWLX3gvsm5AQHNMLZHbY7rFQeM8Iv4LOcZ+yNMPfY8WTAQh1wjSIWL2QZbRhQbATSydyRbwd2v/Vi4++jxUWfss52/AP7kt6/PZECYUWim7bdJlyQ76oFwi1uGhMm9r2RTilUzCILPEQAQ6nt6ew93Mb9ZFErDM5fkmv7Rb3FcaRZbqdlRBRTJFF69qnN7InL7uFcp1uztR7sfAvfjEGOSw+riIEmJcs+MfCnaC8Gn5LwQ6CGxLzvjUCUA69m6yPsarvVLuT3BHqwcHal6JkFtES9Or3Lj7F5vV+XCXugVTd+ZM6GSi2GgnhrC4I9liCzqvrGCz/AXqSGxFGSmEQmO2p+KhmWXfcdycGpoH24WMbWHTirNPFZf35O1qKheIUHo+aCFHGuQtZUgGflfivplbPLnkJp0qKFkdbR/5XWRvl2z3y2EDiG4iyFjzvH6cWT8B1y8ilQ1kSIZ2GwahVLB0HvJVUmaHGZN+J8Iel9j5LgXUCE30KHo9/VbQ2TOyi53VTcX3ePHtYRbFZxipyRB+Bca1szO3eeMdU/hbkyBBK2m+cJDoTamax6GV/6SsfkFeEZ2kNzAmOY2WxvWrxMKnSaSHyDBcmmBb/dG1khTUr4i/A/fRDtre41z5uDozwacP0w1lVRizeuAPahNi3ye+/VxOqOm2rRywyWQy0asd9KSnL4VhgkDHYR6NY19MGAMQgzr5AipLbwf6IypksFpQ+kBZUs7PrBJzjaGJoo/KHUOpEdeyE8BvTX9be6lU748nd1N5lOba/5EDcu+kU1jUIHFTGG/2ueOrGrTyv+Yu2dm8lrvfxsj4vPQKptA7RhQ9djmrxSNOXIUyDQAZgvIJX8YkAkktboiB5MQa9nQG8GpCfaT1+pRNUPKyBBJ0AYteAlPJ3+E0REakvWypvJ60eERrply6jSMHW88Ynh+t4j1IAwORLh7nPe7D2PBJoAOVHtHF/JVh8ZYGH/RBX3CiFyCbZ0WiP+8mSut7k5JAh2WKq7ZEdy+LZycVa+ZFUCfN0X5OQndug0yMfn4o2m/c1WV1vNGKuE5XkHrA06hHyyRGabDLgwzn9skbiUuhAaokS3wQ60KESweC9IzNncOAiUWxCFDzR4FbJCzKFo9B4wJj74/I5jE8iD974jNwf93zwEfEeEORbqbrDAuQ5496D951IkgRAlqb+c/OlKAythtQwlyrbF9aaTsbIxtCMjw5pE13HyCBIK+/xzyb6r8hBDyzVEvDxhJjgNUTgFr8wh1bSPeVMDi2eDfgMU6a/JiHZJDi8P6DqsyfZ4wCjaXBrnpNQxqC2b3HkspyU7LglnoOTTQua1eGG/ALRgaD21fWIC0fMIk36+rJN1LVyVTN2youGX/d7Pc24/y2BtZbeSg5dCR5QNfNl9cllPDSzWFxVdffLvO0iwYCRi5mFJtq6Su5D4JgPXO5uYis57R9rq90v9DHsxgK/i3tnBguz9QUQZgcuL3t61gYCMPJWWcKZrzASmAgirw6k2g2AHH5ayPt6AETKyKwmU76X3m6YI471gBhUK6QyYvLVf9xi+H50foPeH33P8VQqY2HW4IiSCQ5DibuYCSvaHj057x2/r0Uw+4bWcpQyjsdptNGP2YPO9zsODxkObrUv6UXXcKDCu3HR+5ujoS7FznTMiuVwElRoGjFxdO/ZCSd4TxncQPXDnhCJsV6/m0HifAEYjmPgMKMdoO0vGFMMts6hX467uFIhbr5JhpmsHAZnZGCaHAr+wDiPBw8d69zVAMp/c1ueFWwquf/KUXXtewjWhPoDhTmiTE5x5cwYxciXnHAqMFPl25CxRUeLd4yWocDq9S79AtT3bVrOttsYcmWwwaYW7eJXbfUYomFmQmyo+3CADOI/BakgyGShV3HCM60CuNLZLULLfKcpDy6gvqUVLwoyDtFygyJya1wfGt7DhFMYtYYfM5H/oQk4T6CMTPG5qxx0Er8G7b66xkiqlZ7jK5kww2wvRibKfTrXhatv6EOxr/LMfqOogYtMQLnDg8qRJA/09kWTxZ0EKOmyOZZPfTujXIN0ZJiTpEF9Ks1uXWWIy0BJ/bLf0deh6dChjoI1ZBO5qoJv4QKpUF/RyZA3u8mer4eP85oUQ4kw/4ssj7QzUNUdZ4LGzLPHqyhJY2EpY4xNar8GWn58LFyT+JnEzhHFVgyTpYj5EPogXkE2AOQn8uCJXf7FElqkphWmfpXveQfqp6j4Er8F1+djvAW+pqz7uIHICwhPZR3ePnDT9vZHOHKuQ5qu3UQMDPn5LuiLKggDhGl9eeL35bHkopnXDCb3j16Mj1WTIyGeaxBcR/wjnX/hU8V2Po1+h3rCfyLUhAXUG1CsI0rDfM+6ImWym1lY9Lacg3uHr4+0UbS1tqQ3L3XCYUmt9fTvpoJdiiTmZ+Uc2Jy4Ccxoh9b0XRk2ui35TPTq2Bh3mCDEbgF/4TdlOA3wwyFd28YnynVaZlhZi7bONXTT9NF4Cc7hPmcrU9I/6r1w2jbC5XILKQ0nPwj22O8Hq6BJ8XCokTAjllCNx753BBgepoWTcOHJyqFe6HpBD6FiGuWo7VNg1Ac8yi+VatQ18G3aBtNHk8nNGestcNnsi1LwGpjkOYqDUSD0L9LvAKB8hc7OKqvRbQKaYVV+/OrgAvDOO8f9oojY1lmvL76gNpxncoib9HyDzAOKwZDA8W57Vw9pC4eKEC8BkEIa5oyQabYFtjwYfvdhNHYSkzbQvvK/YsjAQsvoVeSzfRuoqTyckSUTbCVwX3g5wE2rMfZd1s5iyL0HIjCZfe9mxUnTdgPe9hrl6W/K4zRcQb+0eZvbw+/ZzLSGEOtBkiGslC082+2EoH94Q8re14JVEqnlOXHwFDH/XBKYqJ4FylHbr2eL4AsiaczuyC/9potyfrjcpufYTesZ2BddN5nWTK5znJWHCbR740ilwuSttaZhvA2PRXaiGs4+NvI+KF6YCDqjxDlmciI1vnrarCdMdMUDCIomZeydTjxuUB6k0XV8zf+Tt5gBovCwx5M43THfKAWawq6qeXxbAEYE2Zv5KxySTUZ71+GwFwTzqMf+m0rMpgbjKRxq2wQmAQWEH4vwQj7Aw7gwbcWgUuGOXxrBj9lsc7L6HMJ8XfHHN5qAQt9Im7iIASceQWm+Y/8GcBQg+f5OS8svE6pus9k1MzqUXl25CxJAk5JdWssdiIH52cJLYrjuAeQz+5vQMGYj+SCtAJIoUOxQPMaJQcY5Li02qN5VCa2D9S5/uYZrC36zK39xA5CEimQRAG/tF0NpbvijkJX4V88lAK5z/ds3+ki48FBu/NYPjHHjei866IFzzz9EVs28pYcdRuOVuOq4nXMxQBac9pyhVINphEZF1IIjNUeLaMueY2OXBC8MR73aMCYsaXz7INdJW69cf1B8Q9DqeIMrUy4vhysi3prfqdvatPdN6LLvyV7mOE3xz+vske2DZLGWB9hoPDZTMD1sitvdJjkI4waSfJiCC9yuvibbnwcFIbsIqvAD1MOI8Oq94feLF6JcYhSW0kRgWmd7bybh4ygeB7ZUZ7+mPPxiudFd8uivpBCkICbMOQ9QLYImIIJyH9XeofkwLQ7LtsrEtAvRvvhMYy/7/buqy9BZ8sKw9STBlPGjuUojmo1kICrnAtKVO/RPkqJ+eFDq657M8lxlN81TGzIYR+Xe6ta/XsEeB77FgZicV4lgnt/C28htwkfH1Rzn55yJPXzLaWn7wb/Sm+F9dr/Ryux+sl7tcvVPZ6649qlpIX5/fBjOBvGQBg9Linhw/K7m6pCeD9u8302QYqiyTCyQeFBqU5dl9pVO3j0pGWrtoa5JVXHcSiAC8ttLmFi9HVglVs/MvRWkguhPSfGy2kzeLtFb+dZlSL9yxjSY53t/1aeGf4wzKPAX3k70Z6MaankPclAkv74HzBaeI8rWz9vvct2QgfSNb9XCXrhYtZFCTJNJCS/PnR4AadvHetXb/N0wFBbcbNjvMZwwlH8MmZnIwpqsppeCWiiGMZhA+SS2PUo7ds48ZkaGjVfLoqYDFi82rhWumYMyEK9zghhtQubTOh2dn5rjVYDNDs/rROn90Rnpvb4XGHZeRwlszbOQGOy436oIfnK89J2nfm/FRL4lQcVbEWBO6qFpIghjWqKPpZNXd5RzfC7+NZXXCtGhUIbYFp62+9KdeAexYOx7HiNdu2b6y/Hr/GMi8uAiqdtaMTdM0QfUYEf5u9+g6ckcTvBaJ17Ny1xCZ4qbRgMtFik3BBO2/fYcK5vNlmVhOFS6S/BDxn43kSwaX7JX7dff2X9BpS1WZ/WbB+UOn5RC4MdOA1Qll1j25U9yvy308TGMIqeAumYEevs+cQzQF3zZ55DfoEKKjXMoDHDTPRdZaFWhJ+tU/qSvOcV/bY6TbGwDEt+ARVthtmHKTAh1KyPEMEAELAHN+z76oed+oIPtX6bjcZT2BhXeWrS5rAXS23R/M9ffVzvCUziC3BfDNA+O/atDF7sjfUfokX0f6VGsvbrpIT6MyFzMP5QeH6xi8Du9X/IiZOfCICsR9lOIPH4Yq0KQRTrdTikG7k4q/4FDqzdoGlV/PoU/1iCa9Iup4g3MFVCrbXxTf8/q54BKeERrqh432LgLJmmDFTVkBjlvJTBmZ5dVZGBU2vFBXsyK6nCzZEkcWPRKxraseQgVXmgpN6Lm+fBVTgciPEy6jwMQ7tg4VTvQzuNjDXm3gWoogP6TSeAqPDH/0JZsJI7WpcTMP0wjHjrjMbp13Voq9oUeFeV9H02UVimsJhDVe+jKOpHEx+qn09KPOvE1osAGpcTkFPUkNQ7qyRLU1kTNIu1TsTt35E17m//ib0Qf442SexHrwF7v0F3vrQcGjaADsw9NDgoW90KJZob56tqBF3m0qxGMidwrYlu+q2pokV7VROL5b/rR5IlQ45rtE/f7wduA7AsdnnHHmQANNL0xJvmc91h+DV5TsuarHm8MbWHB0vPMq6IPHaN8OB8eFUHODyWIZ/aAV5Hh52CCZb35Bg9q6jgFHQr1b6qKZ+mTyYYGMCk6baXz+qKLFQe3NRi55jHOCuqzWLnbtOmtx/UJqi1X6whwHUa+1hcmUKD/D5nlQC/isc2zbCOltCpSZwJY+zgI0gJvRHWTAr/UaEm0XaRdB8AyfJJ+4wXDoXnIOOmgYjE33IMKDXZMfFiQjMCjcNB0KTYD8Ncz/ekV5LB/DQXc5r71/6ujALbpd8XK83MDe0v8Davxc5m84JH67OX7Qo++zt1AU+I+yx9oPAH12pdrZnpl6OwjH9+bqr+VbaMSsKMZGD8ktgh7js+GB8n14dge1mH133eNt58ugIJUN/s1byj8iuCrb3LgfoxB7cI6pyVohTEK304VwRQXuOkpTg3XQiBcseWqA64KRBghfmJFrpi42tZnRe32BxtdbDtpM1FOWP8BU+Bc1IA5EtTQLIGRSC7fSpk0fGLY2kbXQ/YgIj5Rwj5/TwUS+h5C0GEFbHhF7BVyKMEASRO0gO1n54atL17Omc0GDGG1xKKYqilsP1aE1h4pCU1yh5OnjFDRWmlY5AMAjpfcfHQYIHEcfj7DS/0vrd9LCWC3YN+0x7qgMTbc9XLXssvrrKpiQQPREf8bAKDmCfbxdDHwYOMLpcakRGNziyt19nAAOXkifCME+GH6xLMgtS05a3GRedRXwmece1hfQ43Zx42yvJYJbKH4TxU9+5jP8abMshtPbEdd79ZdHLC0ud22+e1VlYfn0fMvvUxNtYQX9RbOrF8xPeKAepYaX3YDZESW98eo1hxXH1omor8p/cQdY4sfwVZKhs3zS5uZYjiTXlcagi7oGrg/hX1AAplQwoMrlQj/Etg2DPgOANQKqtjPhwFW64QdwwMIPRYvVH5DMERk6pV/0fWZOb65etmWXtiWxrPtbE2HFlqndp9J5fmWZw++gLVMgFlhVt4494XjrzyfcC5KLyEQZv4QL0tBIYfdE1OkHMRsHsIdv0npmFU0nh7okEl0uoZ0XCVLrVXHgQ/4j7C5j7YFAQGiXfvwsC2LK5R8AL5QTXDvpVnnV/rdN/XYNZfTeeFhbROWL2M8JRnJVfhJEGXTwhqjE2N4pziolqlO2S3ADVNE4qBCsykKoFgAoVdX/Js7Jr8eZGGRKrC/gxtXDrwYr3Q1z428QKCfTuwkT7twbYshDV6B+lrhFW44kKk9hA9TCVTpo5866H0esf9mTWOPNJRKgA/Suk1vCv7WVR5M32WiEKU/ILXvJuQrtUWjZkRtFY41OkjH5tqv/zjKiW4oqXaukofrmv01vKVOcZOsU+Bakn47UFsp4bYbVIYHlk3KrYN9/F3FQ9+fKK44/4d172m51+d8BeZ8a56E9k692dIDc+UqcoN+PlQ4W+utn2XQr9ZZwbMwIItnirkP3kfjKMVDQuDb3xBgudFBzYcSh8N7k3xZcYaK1WfnHrOEbfrl5kvlPpLic2/tLPvVBLI1DLSnW+JKv+u/til9ndZcEOP9qQ4IXwJpu3Vk/AXbXdg1oHdKdqHJPsiNy4ALs8XXCz6QAKRrJyH/QpkEG2gAN2obYjUC9rP5meIR2QLd15zxk9xyw/0Vp0wqrDkz9WWYYc0J6rEm3O4pzIOT046XhaaY4kusl9TJ4gDdSKgaTySyAJiusGx/zAE/lr63ZZoPFUF3y1zhyaYI0RYLwWDJTPMaSk0KpHSyd2ES9L2CigJnLpqEUxhuBN+8NwM4IaaKzgHeQDTGUn94FVu37gyXj+6+ADnEMmi1WOkNbnpcnG+ZgPlvGlfAUfAVX/0PX/FMyT5sjhYze86D7wZCLsavFlDKVeFOki7NZq4AtTIp7+KJ97vZRxW+jxADLC9GywNogqTQVaAFBPMr2RfxjElDKy754kofH8Z8l4+7BuzZP1b8lrecT8Ypi1i8URNAX3Qc8l/9q/a+LrDqakCK5sHJD6YOHEKve847FZIH1py271B60IYkTQVfx4uGTBPmL6M99VJ6qT0QWNYrriapnwOdE0ywqQuXH6wYbmA3TuLFRDchv5j/lB8yB00P8hHxM0GRBNpYREQHyXl7NCMwFitwDvsOtl60blT4db8aA4/iJVO7+JdGbhJUnefviW89oXxMqPBIumh3Zvo2fGIM7Meuo8XJ8BP87CWUqqNFf8lAZF+czFSczHUfNwgLbZnpBwjcIOBQFVyUrsiclLn4IOUyY8E6GsORQCtfPT7gLagDnmwfHoL0A6YXRDiIpsUIZsQvoNMwRfudR7t+3xNPNLu/J4mduuFg5kD/GVZGt71tY35X7B1fTpZLW8Ir/fVw4u1OOm9hr7fOYRTpi2b+93m20zGcVGaTbxy3kPY3Or5frOmfpVxWjFx2JmKtHV3Rz2eVjUvpPckEn/19VqiQELdpOix0EmT2E/9QZYHQUDPMtzf7rPxZ/RWQcb5PBj6GDLWYwwYW54im/fd8vpM/N6eBTzaYWhcPHxTAnz//RTy4/uWhPM8HTVOXf//eaLTXwqVm+Z/1/9Uss9pn3vhj0rPr/fz577ZdJy6INYkuIwwfkqzwm2YJQuV8W5KYQXDF+voQw3eeYmqhuEd9ioFK47OzHwGcHqr11Qnd6Ttdx39glfVdRhZii5x2i9FD59VwTCIIPKcwdMww3+xVMkwii7zNMvTEsF+N+zKmI4OKfkbrePbLct8jNGVxNxlGafhzZDgWik2ZXUzzIzc8PDCcCD3fxS6lq8kC//CvlwC9BZb9lD64RhcJPy9BeEvslyl9+tG0zjReDSNL1siUr5Nljso0/JKRA2tgmNfFmlBpGnHJhI45mIJwsSFUMnxUPuswh/QlcGwCMQz3cP/YZMrsv+/033f67zv9f3gnJSBYFHvIaHmU5fN5HsvSa05ciOTu51lsx4FnRTi4xd4UBXf8mwp0XQfL1OB+CHa2DkSCdBn7TW7DlfSBVTUIBRkrhKHH540gNLlL1Gdkeqvvyz2ZOI7TVqje3OAImbAzMXJgN2fA8Hpfk6JsmEp8fU8UlKZnDfFqhO5mD7JqMYHSXQchXSyhA58Yvl8HZBZF7ftZ/CRdfnb5PTpZRTp3Ot1jCiIN3/bgnndHfMDTz61V4X4ttCuRGuGXpWWHdDje2BAL5fm9atIguOKGni+61hN/GBue1RW5fTHtJBgVzICxP483SWhJux21exc32ripdBrTMVaz2GCE82yORBGHUBbbR633Bb2zIy0eFMPuZMZoDJekJJNmE65nA0YuEeeAYRjs75sgdFVfpCUu5WA26Qjinp+dHRgf9HrTtIlSyoAj/Z1mYVJLC0gNvUo2Hrzwd1/THoCRR96dsda5Sz3VXZLBzer+8K7bf7trMyWVOlINC5PsfoaMP9QdRhcwRdq4a3zQCqVaRrVNNwL9L8btbSFNg5uIWOIakAQlf9cBi7ui904mgM2fpfXjXs1UvtL+Ny2luGfm/XBxcGsJPGS4v/cEVNe5RjvoqR7zYTPi9OE3AtQ45lg2E/pbJ9/ZVvi/W9d3hq6aOXsYuTIzfy51UvHGv/P3s5kh2BHeZJqvNFzcBx1tpKp36MHrMNWQ9UBMquHCEElNB1PKdogzWGEdWQOiAHNH4h5f52KekBIFujnOiRHvGcPqFf30E81BEfY1BBABcnayU/sgoUAahC8ZBRbDPGdTOAt+G6xLr+RtvygvJF7KLRvHo3CuKWX37pjZJLZKRlEDbWVfamyZ7M1Sswh27mUwyB19+U7NWs3gpld2gEK2sWQTp4d0d+qHmDFgfPSEnBBl8TKolBEVJiiCYO26/vMr26Q9lUgvNzs55GsAXvjdPNhHD/UwDp8RRR6lEBjdRb1A4TzQ6DVoaaT41erxZIgFlP6otvklaOx3B/p/8g+OodZswijPG9e2WIe5tbMGbfYjZlpRu8FEhl60CwSPw0OiHt3qobKHYLzWP5YP5ycdetcN4njLBxZbbb6X1FpL3819XAONWiLRMwpT/XpwZhIE7tKeEXt677SFB7faHHidMHr3pVePd/uLwzdKxWdt746VQsIA5zlNOhNF88yRPQMHxRcXMnRFt5t8HRDtV8YvMLbKih8kWgi8+MgLmoBw3d7T7wRr+05Kzl9ti0nfr4s7YRUnFOPz6KOORwLJFnK4+tW7J2Fm7ABY3at9HSpEMGYUBAKmK/8oFZIIQH2ugXmcBrwSG5AL3oQzkAIb8J3zgVjjWevHZ7Z2n6RoA8blVLgovAGvDRpUI+1DAcNA48LbeFMVSGud8ukI9/JxrnNQRuUbqMWnQs9X5qXF+2eZuAVbyNY+b5u25TsfOvJT8zkESZONG75Ro0qfgDvsS6X2aNqzi5f0oejGtonpqowujf7p6hCTM8eoDhu/tpg2jztova6S0jSkIxSGRBQbH65jSaGzOrtx9Crfawv6mJMBbuW1PSmSckvGXDLvjkVao+7uOJk529mTPjmeRitKCx2yP88Rv0YCSu/KqLbGKryXICbSe6XgbXWMqn0ki+NholgL9Y1HR6wRKwT8iNK83tEb9vnJxEAIMHZZ+WXzOGrTvRHXRmCWIFYNU+viL3BUG0gRmFsez/EnO4bfIKoa2VT5rZoEgXx7T9lleduxt8CY8te/um4f5xZJi/NZOVZ56QePqTk3WJN5vfVWU+gxaSGXRq+tuL6N6INC4B5z8J51PaTwYvRMimFQ4glFHQwb2n6y61rY/N7ZW805IIYt+R1+xLeqlIQ2qHjr03FDVRChcfrT3gdZ0SW2ZDV/QhE4SvCCtIvEAG/0WA43dr9HNH6uikSbW6QFDUS3tGREN8u3HL9qIxVH48EFgZQHrzSM443JZ6UZUMJWS+ublWFAQZuSRDqYQbdhI4Fw8qfLBMu77EAtOJBaUbDxW9eIbGHxXiNYVcEEFT5B+jhbUxJFHBeWQbWuKqM3NcxLwS2GZLK5JXq6Tn5/w+7YBgdj4PikwVoFkbMb1GQV85vjXRYjGN4e2sUkY4Wkmi36HHvhPao4KShRvVo31ytTEz052T0pgEYqyXy6KmfgB+NhLWb7C0tprDIll3DxWZV5gpBIWffvCZ9NnJvIBK8I0aYsNhdlPvURXHvTv+aSFxrjtdbu/hiyhIu1bCr6HSJGCemslKe97asTCSffxPmXqR2j73wOjNp3Pow4sQ+aEvQCvn3kaqydI0wpjMGNCVuuJX2kjQaa3eIW3mpq7HAojOo5C7aDJjOiwMXI57XRaQmE+UMfEeUvYLXe0YZK3zyS2dSV9ESbmWJ4cJq2EGoiOKko1Dca1UnDZJMBjkvBaglkRV/eZUzbS5t5Ib+5IoRZUKr2ck6MdCrxBgIveM1HC2WVof63uOtYllRbrl+j6Qu8GULhofB+hi28hwK+Xuw6V0+K0Fzq7uiIwykoYOfOXCvtSgmrJwR+Dj7DLzUPg7wegeb0qjgFTq3E7ozy7Fwvm0KHufcKl0JtEP4J4YFsV4rfc+BBSYXq5nzQC2Tr53RIHYdEpogIB8VEz8nde7cly8q3VOtVzPggBGRizsjuVy6NDrIMfPqqS7s95klwK+Gz2ZXrfdxGjExYmRyYk90D/7oCKT/stpSnowbQbIbR2LD2rUJ3CX4b6+RZzUvtgEGnzgb0EBR0hkZ+c9aF40CsIIsZKfGdpgxBLndem8N7pU68jBrCrIdZLq6XNhD5XswdghcRBTPAz+jweTQQg0K4x1f96HJVsHW/7UExv8g9uc6l4uHtlzUzrzH2KiJk4lna3I7eZZZ+vZJZTvD6N1rmfX02Ex19hAOhbNhCCbmAY46g+iPYk9B/m+/5ZD6tHysZXTLahOu5fVy/p2jEUdwDddD4ZoFU5tQ/0HAf5lQtQsni7MyKqy/ed/1YDXGfq5vEtlh8xQBibYF0qE7gi6ex0vQv097PJuuleLGRF/D7hjwZ2dO5imPGtlnq/VjncwBPooAn6Y6+8J20B/7OxjFRTnvWw00eKL/D7pZ9cZhFgRjQ3NDIiUrAPHHV9eJk8yKqTFftLuTDMh22tn1Tgw/Xh2PrDkfMve1/Su2QRzY6TKrUSQgVN7px5KYBWiJNrjnIWIw2sfIOXJQfomXqaUsxCT81sibygK95CvY0/JtMumGd9QDFiXVDiJJyk5byqMYlT5pZau/ucQuxVoJ52SQeU40cUEh2ag7TUf3WyruCKV+j7t/YCb8dSA+WePDyPjLdtWZp4TvcaQB/L6BAlHU8s2w3Rq7531sp80pTCoIln81FxvoclI/hMALZLD8rY1WmjNX73B0dl3SvAs6jkh/SYG4jEoQ6dBzkrkhC05vx+ABC1dxZPZQ9wYP1q3+wDVCSBVRBXkqFOfL60JT64YS0iBNC1E2+FHFBMw2jCfUhXenDDlMM9FIkLbl5Jz7GL5TPqOKcaqNeqWnfck2NEKqGfmfmbe3rDW5iIT6XopDYOqwsuIL1WeElFJj2HhuQ3pVAD5sNfbgJib416xcXMKCUQUWZnnvPavLIz/dUtL98u7Ler7EkMhda+X30hWg9ACiSIub5/gBKBThS2kUvg4enh48ElCU3MidoscguaWrMi/tup7ECyQgFKrOD340SzrZpBUpDAKHxO5feE5R9MZ5FapgCMoEf3slX27c4P7IFB6qOVAsntzdx6zAWJJ0i270ci5FHSr/0qGf1rFoomgRetsTqX6aQlVfAyGfix5OQhlC1RmlRgY9ewS+pBGzxlPz0bSjILUBkj6Flqpda/5L6JqK9FSPFtqVm0FNlvGT3wLghYSY+u6LT1n0XIqqY8Pgp8DHkGZDGf9SBaLx+zwGyvqZkhRUjjnAw+Z11vqzYlBHg7bQWCKdy29zfbShFD2zyfhloUo/6/gn5sYW7obn+YsSxQRUWzTjEY6J6fVPqsF6V3QO6UY8YnUfyHEvxQb6xbfgAERaO+RuQp7lBr6n+bb4A9+7Y3A/C2/zHGFLwyr0fdeLvmZS7QTD19pSCMUQ/vK5brC7iWs+iNtwlcZs0eBpXIFinF53wQqQFdHidfQpPsD39ZRo7hCnh7oPxHR5WS3K7BjV4tjkjX0ox1fi04A7vBiiRUWnVu6EXTLtPoL/ZsGE4y0Dfai1Sfcj1oPyVgzhQ3PJbEyiPA9HkilLFU9xtglJFxn9ATLL1f+Q13eQgILKDgmcrzIs3SlTRfvl8+YFB1NP+xfW2z7tsV69JHsqmwDMCS3DmrhusOZT4VSpLy5F6JvkW5BKVyBZbysF+Dk8RcxtMOxB2DKjFnZ6rRKKlqDcUQFP1muFcfaOCcgsDn1Tvh3gY6DFd4NZKh4Q2GBdMFBVpFVu++ErZW9FIdqKLprgtbi3R3hGayosDrpPbB+m/QiBEDtgsrFAIvJ/YuGES5d4vIMefAnmhLq6/DK3gKga7kl++k4AP8Xz0c7V3mbml1KzyMGmAi71qeFI4R0breYiznENmSuNYpFaRLncB+a+jZSYcMRUNfE9NBm6pmi0rOwfPPHjMj9rgUafg9OZAIgiomWJT5IKjULPuqwTrbR+4U4EgS2DA4JuRhgk4SgQtBC++GRbYFuZyyOtss37+lY1h7d4X5mL9hgHUvTkHvW3KyGPqO09TyCVmAiU1Z1Ho4XYuQEIeeOwN/eTcCX9OOWkNwQ69b/9GOqDiHR1hhrEsBCANCQsqW0aQ1goqe7Vhheb5QbsbDnItZqEezzX7Dh9cw/LWR444kcxXCu9EleJHPu15PocXVV2Fy021EOQadxs+vClOEhS6/Jfzu/1NUDUN6/QsuO3sCaiUDVGGbYc4W6ZimbFHKh1zAaIVJ54Bgti+CZhowJKSdWIu7YhyioZOyZPYsUytMAwy4Zk6xAZEFUzwzAuuhPplqEB0alNFMlfBEB6v5BFunJi03d5K49tPHTceGMG/GmbRR+C7WJL58B+VRDuDeXxbJggpgeNif1bFriiv/QzBdnMZBzKFgOMfJvfQnqQIppsoHzxq534MFdfSEQeeyt2hDCCf76/029RdaLQD0tY2a4mmzmy/CywPixEeM5I+T76nVkJQD0qOgmpNIe3E6q9aWZKLeoFQbI1fCcDbs1NTUchmWMutL+tx58H9pyVPukdvbsNqhmnGFbtHeorhrtKWCI78VBBufNSw6TCJ9WXTI6TsSMyi745zlaLLtnmB3Ra83vGxFrdjqPtDQLvu14uJMtl6K3pxT2I9gusJtFoRstFRypykILD1wopxbUFyw4WYR//5a8zMQBITtyJKLwnX4WfqIq40wSRr9Jjtz3Pe+Y0HfpAqknHoBZrD+EVvPlhpAdAseoJSPLmDshQaGafgfk3gsASpNA8eKzaIOWN4EMjjrtfG6A/5kmBfmb/3t61BQXXFHG84wiCYqH+S9rqYaePE1dPDx+aJfLsuW9O73IwjmCjCnTgxzHMx8gEK7zeMRdgFgt0uZoL6ZtADkc3VbJz3JuDNu3+seR/bdB6CqasQJnT8Ht9+En/NzWQ0BM9a81P7G5/qiHGSem1U+HsEobpHuXHEr2KBHd5pumNIrBncN/uosYWGOBfA+nlySui3Sz8X8yNnV2arnW1Bj3h9d6jpJsT5onBqvU32d2dQfBP7TBjRZ9BxYoRcAs679cYXBvs+N3QH5H7ovxwSLHmQFb4+sre6oHynAcq9/poyDVr8X5WIUhQPlHIfWQxUFdMAlSxR10ctsLg4bkJ0n8B20EP1QkgqLewPo2FDDws0nNu2NC8ppjNUAwX1b5rcIkpQMbpkrVQ4bwhu19jnhF0XcUiT7aLUyTmpHaDtppeeYv8mKUb9mL3eL3nR7hMX6KnajF93ARIndFFXSXATCOpq3ntdM6vp9fXLHz69udPhC7n0Dpxf8Zah9eR4HiJJZZGL/MqUxpM+Tk9RjotVpEcFtF3X9Fc3blJYmss6KAj9MrBB2rLVsuCIuzyGFU8t+80J2WY1IsYMKd33kqFDEVfbTgZ8rVPWR2t7dDGO3xBLUFFiKIbUhs382FliFZe4VEk1scrbU1ST3S5iuek1syFTPkPPJ0UCjz6df0g3yNB4lAkxJME2hdWlW1QjJB92UOm46mqn2/TPqAWjDdbShj0qG+1Jh0NzmgOJrhEMx9baCt1Lr3CB2lTlxwp3+aH3VI8V9qvyNcNcuvolAmXEtSbz0N9nzfACgbbTZoid291npdTthSSLvxuBqMbAl818GS2R8UOHweAVBSnPt6Cy9BbQfR/ISm6tITVwDpfCYRha3+EYfdEdPPfyfOGFRjS/2ed9aqGuzBWFcKk43wgMv1Ff17LAnhs3LZx6soxjDnT4OlnQ302QC4lJON+/KcFxr3qJqah97pVUMsIkzrRpqhdJG9zzGlsRt/OUjjaLP3HiIOITuU0L6oVvaBBhix/kJ9XX1iro9FFHu+GbrMP8wuDhvhH9TOgRyAZt0WXpLhh3pXSHkzEl1Rl3rZL71YtZjJwAYDPUyzLE9esRgqBVDoiMuqQhbUTPzAB/LgO0AHBicq/T3yg1fZDeLzVJi6PrrctCPILBiuweKHji3QBqnm+GLXzxpXmkBQu8/iv+1cAbFrZ2QIkpGkCfMAr06luZ7/YbtRL4GfrIv8Pc19t/PhgZR7/CIaU8u28P6k93e4ap4p5mmsvzhrzZb+qCfNbe0aHY5HXpkzI1sSRYWxDiODbwcw+/+8upq3zs+NBVvxRRoXk0wRuitWR7I1phP6s0mCCbG5+eaw01X+FiNCLDuEwS8H01Y4uNRpC9jzwmPgGOY/JBqt8vF8lDsM9AAWp/kHNaVHOxrFyTilc98VsjtM+25uF3QHEMU/VDN9GAeV/FI5Gz5fXZLOyFoWhYetfh5XQk1LIpdSL4g82zLCFxtcLV+XPCIDeXFZ+LCfy6UUo9mCHmtq/ePYUEIn3az/7uoMFBgb4wjImrRu+Oekhg/MhBN7SkuuJyFeQOjsNWucSDSSxnhEzk1xPUbsozDJJOg+Y8Y5PNh0Snn3fkEBhqZ0piVGmPay2hzgGBYVi3gVDAyAgzC5etHRYoz8dj+pvh8/XaPE/yQVWJQnpWRZY+C0NhqmPweKih4m8yg+uFs7gfn/43O+B0Nvg8p2df/grxq2e99VX/Ypj2cMHQ67jL8Jluy0Z43w1BPQ2gK7rIYkfIkgI2XZLa+WUKvlpTxv2kmCnYQS+/+kpfU6eumy4D5/raf7UF3tgHTJnhD5Rq6DjN1RgE89jBAoJgA2S7+mj4vOd8BoklmPjsWFbQc/WYcQhrp0g6e0qR0gAlxVbrQNbb9WZehUC6l+oGANza7XOtefpcS56tnku5a2Ev6kgS8fThKV1C2bdT9rf2LcgaysfueqSbDaZi+0CnCmzRdqHnpuHICH4ADomLMZXYDwIjIp9L/nrTNMy7bTQKf1fSPlOeOmtbOhHPXpgGivKRsPfSZahfGnxY2JD5tMko+0eUBD2A75HY9qSaBEW4t8p+IEoVpHG0LrdXWIzJFozwq97T/bemSY82tdD3WxIeaDL+cdN6zY+uvgR5QleWY3wWwG3y9/UFkCKwqg/KKfKATA6fdW0O9c3y4nWFq5bsfqfsWYUPAvrpXF1ZCyY9hrp2awGsGdMAEb43LnRfFz6MhZ0srnv4yJ2aYqvwZBtZr9E7f10MVMQNXsB5cT47fYtTIyY3jP9QjZH8Mjetg45AbmxMSl/oA6OnHCZxdlQbCyJEeC0xJfPadMDitgTvsU/jx1EvtcEyK0fw2LG12TSTMD8UZ0lwBPpbsqe9q+qDOQLuMv3ZKLG+J3FsHDDmsW5i4ngBLYpFB2QJMSp3i5YDJ8Q2mEFnSjaUcmr1nIu8pJ+ESj/RzdCHrqL6qTwwmIaoTnBvEKCMPLJ8ZFFfHmgfV9ab9NNf2LG3/XzIHBt4bG9PV0ChDquCTN860PA4woBxbOR3DjwQuXsflshrwiERvi6V3aMdEoY0etIzNYhQpRNfUziD2cL5MLkn4jt4oXvYayqyc2+sxZ77sdNfhQ0yVCiYfS3UCvCRGV9KyNb7EP7q670PxRfH7ynf4BySEO7bL6eu4XDoIdNgf8da/yaR00M9rnF+ZqR4VjSxixk4RFDBb36VY6zFGOOcz8W0xD62jvWDP2Y46CFKA5UUV7UHmpZinbna3Me+FqRPhqXB6/o3uvNeTZnl5m/RvshBkvhfO/4uSq0iT+z7MS1vGU9xycZFZQNeGjbpECPQZdiOQqCrib35kNsO6gwbWLOpFmCN1Nn2TkUHSWyjsSsee9OK3M9DSRRLc1evMlPRgq1jSzLn+LFMzZ+ZDNL7LcymvgE3D/yFruaRvpByuUt2A7fj7Jt6M7NglKuxzUpEWiFXl4+FUHKJQ838QQ+VBOB+STz7g8ft4/i1u19mGSOtrbZd6WY9Z4/RRzfEQDdUNGno1aan9IOB/CEwahGx34XzHd1wJbmr9P22ubOHa3cb/O5pUjqRPbzzOqi+b5ymuFhKD7uao47D7mERuhjMWxBeX6iHMf00PnTcEQjYCgnWgVsTTKcsKVhkNxjtPgtNBzO7ASD+c52CbgKassgVam0F+ZvfGWMaK5FJNyokzetv/ZHYhfSfnVbLSeCYyKGii5U55KOIEd2LSsOSjeyvJrCaFT2O8Zv6r258tvoXUfk0aXT9nRF02mhgl/CIQLtkkg/zwTaac0mPLfrGKRQDnelF+M7GUKLMGTHfhH6m0FvIo23fC9VIsfUuhNrKYEvzuqzRshpOYjStkWf7Nr9RC+f+8PEgvjLjJalL8gDWqc4r4L0jl/LXhJbV8PGM4DUpcfq5qmKcBUnJIOCw5MHn83y9sYjBWb1Nzpn8AK1tpHg7R+H/fS94f92imCTW9cO9Aittl7IeuQHm0HigsJzPvFFdj/kL15zqLrHJcfX4F+iRuvhX40NMxmKjDpdA/qixwD/9eVgA5c+dLCNtD+Em/tk31hhXhfucpzvA15RBCvzYu8eitLkj8Rn4/M9zM7zSqUv8dl1jB0xlbYaF1ii017caT4CiCVg47mcEI/Ftr1RoIQi8NOPu535BRhF+TzG2vWQSpSbOfW7ZO3jLqBTCW9ZsiS6wrx91L++ul3VBum/TCKY9Z1AwUV+miGbNB4qpmjFvqPeOcY9Q8Mlvf2CO8PqrTEOIvq+6mcVKybsV2yfnkluTjFp3SD+drt3u8MRB5frrZx00e/desPlqMWhyYvhZL8Yh3SZFn7NDGu8V1gWdl/oZQ4IKIpiOpm54UI664QfUd+SaHKE2f+PB7/s36jaJoq9OTZLQa3VN/HoQHfwpxSZFFN4KfoPcvhhU6PBQQB9oYmatU0m574khepejZizI9D5d4G8FHfwHU95+nhECaSteM/WZDixd6uca5iln++UEJe8i/4juFvbf73uzx634Ft3rQQBdXva0i4eCMez5UN/kdCqXCC1pb1WA8QriygmNpaveZvsNd3u2Kr4O6IOiq9VOTjlaw+cVwNe8RAg/iXP8G2Fm8YRf5046fmaymv25Ph8SLPFDUEUph9F7Lnwo2HPGLou6/eBbRUpqlNxlLOmt3mPK5Jo25kCqsZRbMgtvS+jebu4ok4XU+cPP/Dbe4O/+EfxFsIbfcAex7V7wQxPr8NdcMdof7HQ5C4t43h/kxLxsBqYFM94DmVRzqv3CHaDPYyVPW17HZIj8fBrgCW6V0dNbl3Wt7mz/JrZWQBTEePA6KkxghQI+nb7Ka8d8dvCVHSR2RV2rgEC24F1B+HU5sujY9nC52TwVA2upDH4U5Z5X3xW3zb1oZ2znpzcfFg5MWIrepl9NFyiLctsi3fcR4Fxs6YYeLkdGeSzWnh6BgiFHq4aHwx4flixrp6U2fGc4ePdg6QsYxqPGeifbCovU67iiv05/keO70nErz+8xBg68Bu2xVjDnQapmcSZ92MsdawiJhfK2ATigOBwtaFQrhQ+5nIoTQGGJKRxZwr6kCww8ryJSXfKMT7DnVUSFv2EZaDsH/LfHstWD2XtsOLiPhnHP9sMtsCmysJ8iDz5RvSINk11JMlsAQRUn/14pnbxVj7dL+L97J1pYlHkY7U/Sgm0kbrSVdvZwnAuqtqfedZQE0H0h3wO6bxzi7hoofvEDCIMvYzfNsqLDY9aBCSPDwxQQfz8UQ8dJ/mTlRV20ZXPP7MPm1mOJ2r1Exm2InvdJ3EVan692Uo6TMxYthcJetIzXg7W73TF/o0Y0Ft8XsaYVc3y59lJCIofCJozt79YJjOTU31w7NPXuNtZ2hns9A7Cqq6VDOCk5YnTHCMBWat9vaHlAKUZO6WbbesPWoywZhkKFUVoHJf3uKWps9zhQKMMOVR6dEdWWDZ4OACa0WBbVnJ2P7Ib2+7OqV2LtOB3pZv0ouLKRPf47NJ+iS4Ife2nJN0baEBXAJ/uhQowPbS/szWVMHH5aUu5b5mcJ47sizlf1NtxjUrDK10pZlF736723SLL0hMP3i+h/6H/4ptQTbbduE0ubhGNaQl/9ZlS9ZFMnByeblQl+FYZ2wxLJiwcFelTkxJV1sHIWvn2E/WAMsoR6qJro1BAQQTupyZukQRfHnX2bhq1yOKhPExRJStjdeGlDZQOAkNyOWVF6bZQ3dbQdh05bSQLoq88KqE9s44newvEtkvDpuL+BQGIMo4So6gVKR16ZFziDfE0kgaHTAJHTujl3GyU1ho/bv/pqgw6NMp8Tpx3XLHkTsPdYU6pIrGRzy9BDRgnNK9kVgZLJEu2YGT6pSlwMtAL14U6xrRad3M3cZgh5VL9ndU2p41NsiDwE3+K6ZWJWT6CuukBfMzMdjWVO2kD3WoK0SiKiU1aFOiPcJauB9FG2UT4gJaKLsbDQgDNaSDvnIbQh4eltrZg5D3Wk9I6JLaBKlBI+4rsGtuw3RKuRBelNWomwaQ45fjpxunZNWhPaCFaHsLKV6sHOrR/DLmL3TX9rfru6gYI/r/fLDZgjXgirGz3pzKGvXXmpZqzztbd60iX4VOKL1x+68sWGqcS6o9NC02KjvIO+cYmfVERY8Ghd5NfJzkOMOpL+WEF0Q72cYn0ZI8BZueCku9rr5mmKKb1pbGZAOOzXqHWZf925ia4gkUuLfZrtzLT+vCDtqrVFvu70kOC4cZQLj+i2E8N1FiAsSxF+pUrOIef+RHlKoerCOiPDKQG3024VeC8f3QiBtzxmApX24cNmmz22ZxIwp+Y0JewL67gJXr/Gklz6FRhFbDg4llrgs6qGdzDtGCbvtawcgksrdBTiklhemcz3D4QxdBk6OzuivVO6TrLkJQHS5YkXBNRmY/XDmgLtZlDlrZkdFrk/ACiF8ll8jmK7Az5dbvoSRe734gs6NuW0NMSzmfgvUHbbIAmsADnzr4MbkPJHPlJsOyo/3eNbrAi3O1LrFKCMLsydYRdfwvW+B10ixqSSFVCU62l7TYqsD1lmGUS6OqKhYflRsdxGQIUJk/yjQyTLB0/zgQXQIf/PG/A6kpGNpkJiibnXYxfPQN+EQx1Zucu2Osw/Zpu5yYEHHBqU7ZvSdAme3FnoWadIquozz2YAtXcd+LfAOF+nu/vOq/EmlaPI6MHTkS4/vpDeO+DKHLP4Qn8dTibKpJzFUO5HBvkXmU2sPQWzws908lGSulgubHUJ+51Z16+FkP86H0Y7v0hP2MNLrZzVXUzcD9KQDIm6MGuXHP2Ks0JjmjGhymlL0Dz3UtFb2eAtGiHROygRHH8d8JUNKaSRhNLDtLyiwhuwW/GYFt+9XaEu9KYxG/RadAMd/VD1mBr4hsPG+ev4sghVp5TCbbFWZx9UowmfX45AZcVBblPheANLwyt+XqhYZeu6fepJimxBt14opY68o7gstLgc067UnGw5/va5uzRn2e8onqDVjxKl7a5Yt1HaVZn6zfdWl6a859HV2WLiPfyLoZ0zjlz0fq5pUvVzTdWZQ9eG6WhbjUemAU/Rli/5VRlbbZJpzx8thwrwVO48d085K5KXll+tgfDvlWrgLLdUxV5CPA8oQ9YXxyWL2GdxBvs40A7l3jY+yO/DJoexfZwBjLJmqY5lw6Qolre6cI81Swbt0jvnLmnJf29ylFmwwY/Zr+1eR9UkiGW3D5YCzLJH+zfVbMbAZxHvnjDVHjW6h06oh2HvM4n9Almcr9d1+kLpvt6Zk4PTKJ7NIavU8JVIV9cNSUh7PtskgDhwZQ+6AT26fOp6Q/mx8V+/Td8S21eFPoLMUEuCbgeTDbVnqr5q44Ye7h6lz6IvDZRLqK/bluZAQfvm+ZUEs7PKIKDuuBBwgVE7nkJHAj8iDWztR++xIMP4O6+yzPlUgNqVuVDfjSMD//J2iP26yRB/saPq57zqez/TLXWywf7T9TBCB90PtU0afEa1jUjuDsIYiY3ihb7XQ5OWPL5p7I5XJNB/VmBsQP4tIQWTaU8tD+ElwtHhnToATuEoj8qRN1NItDqo/wtm7cdhBGpNWtyv946tG9lwN78U5pSef9QDkeHw5TG9L+Y6gj2UYlDyu8i6XWW0dQaWp43zTev3lQpPAZUA8sYHA3s2XRIcLQXFNsLLlDAF3YHDHtu++kfPOuMruzvbEaBIy/upOCmVoNSP7t5xXvLHGx+CHZfKoC0udX19J1fiIdSvQbcQ1i+/7fKIrcssK9b2YNVX+oL1a+84wGvueWVkzni1TWUDbfuorQGgf+wB4YngbxmB73iQwUcfFDe2Gq3Ys1pKbP3XjJviOckqZUmfAJyOf4D1IfRGXNc+UeR8pe5zzevTF99dPiv5YeA/apHw++sQNog2zSq4hO4wH1a8W3EBPjtLNCjyxEwcdI+Pb9cYh6YvaVvQAaoXy18WWdg7TCg1Y2jq/qa/I/hNKMvbcmgCKT7fnZDNXcRNO/QWAM7YWj7ySOr5pqNzGG9r+U1AuWsSD5c8+p8DrkaUX11Hzey26sfLpgOHZADySzXZQQK3ekCXIoSFLeTAaQCW0rtZNp43rNvzX5bziAE9wT56nwvLhtjkQk0C1Bc+KzfDzce2XFmJl5AkeG509+tNlkKwjQraphr8TrSXwqQf1y2HBMVTPR1WZNoLW6x8O9V7TXw2NzXSsXCJMNYyr1eEfLn481iR/+/ih/+bPy9cD0gQt/maiU28/K55v/5+wyq2h/NLq3w+n/9Aud+/Rw6fbQkdxbIVJziCIPDfoSlZimH7H4dQ/j/QV3+KxdgX2/JAXeifEzAY/hdK/p11/R1C6H9+/tb5Vv0dw+l/Ifjf0aqoP9X2vw4n69+hz7+/Argi/r4YhNrPV9F1//5xGcftf/xOXJKpeo95AT7xnw== ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/k8s-events-siem-worker/2.0.0/Dockerfile ================================================ FROM python:3.9.10-slim # docker build нужно запускать из папки auditlogs чтобы был правильный контекст при подборе include файлов # пример docker build команды: # docker build -t k8s-events-siem-worker:latest -f ./export-auditlogs-to-ELK_k8s/k8s-events-siem-worker/2.0.0/Dockerfile . WORKDIR /app COPY /export-auditlogs-to-ELK_k8s/k8s-events-siem-worker/2.0.0/function /app/function COPY /export-auditlogs-to-ELK_main/update-elk-scheme/include /app/include RUN python3 -m pip install --upgrade pip && pip install -r /app/function/requirements.txt CMD ["python3", "function/main.py"] ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/k8s-events-siem-worker/2.0.0/Dockerfile.old ================================================ FROM python:3.9.10-slim WORKDIR /app COPY /function /app/function COPY /include /app/include RUN python3 -m pip install --upgrade pip && pip install -r /app/function/requirements.txt CMD ["python3", "function/main.py"] ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/k8s-events-siem-worker/2.0.0/README.md ================================================ # Yandex Cloud Solution Library for Security Docker image for the [Worker](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-ELK_k8s/security-events-to-siem-importer/worker/function) which uses IAM token for Service Account Auth Key Mechanism, described [here](https://cloud.yandex.com/en/docs/iam/operations/iam-token/create-for-sa) ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/k8s-events-siem-worker/2.0.0/function/main.py ================================================ import base64 import boto3 import botocore import json import os import requests import time import jwt # Function - Get JWT and token from it def get_jwt(): service_account_id = os.environ['SA_ID'] key_id = os.environ['SA_KEY_ID'] # The ID of the Key resource belonging to the service account. private_key = os.environ['KEY_PRIV_PEM'] now = int(time.time()) payload = { 'aud': 'https://iam.api.cloud.yandex.net/iam/v1/tokens', 'iss': service_account_id, 'iat': now, 'exp': now + 360} # JWT generation. encoded_token = jwt.encode( payload, private_key, algorithm='PS256', headers={'kid': key_id}) return(encoded_token) def get_token(): encoded_token = get_jwt() headers = {'Content-Type': 'application/json'} jwt_token = {'jwt': encoded_token} jwt_token_json = json.dumps(jwt_token) r = requests.post("https://iam.api.cloud.yandex.net/iam/v1/tokens", data=jwt_token_json, headers=headers) d = r.json() return(d['iamToken']) # Function - Decrypt data with KMS key def decrypt_secret_kms(secret): token = get_token() request_suffix = kms_key_id+':decrypt' request_json_data = {'ciphertext': secret} response = requests.post('https://kms.yandex/kms/v1/keys/'+request_suffix, data=json.dumps(request_json_data), headers={"Accept":"application/json", "Authorization": "Bearer "+token}) b64_data = response.json().get('plaintext') return base64.b64decode(b64_data).decode() # Configuration - Get ElasticSearch CA.pem def get_elastic_cert(): file = '/app/include/CA.pem' if os.path.isfile(file): return file else: url = 'https://storage.yandexcloud.net/cloud-certs/CA.pem' response = requests.get(url) with open('/app/include/CA.pem', 'wb') as f: f.write(response.content) return file # Configuration - Keys elastic_auth_pw_encr = os.environ['ELK_PASS_ENCR'] kms_key_id = os.environ['KMS_KEY_ID'] s3_key_encr = os.environ['S3_KEY_ENCR'] s3_secret_encr = os.environ['S3_SECRET_ENCR'] # Configuration - Setting up variables for ElasticSearch elastic_auth_pw = decrypt_secret_kms(elastic_auth_pw_encr) elastic_auth_user = os.environ['ELASTIC_AUTH_USER'] elastic_server = os.environ['ELASTIC_SERVER'] kibana_server = os.environ['KIBANA_SERVER'] elastic_cert = get_elastic_cert() # Configuration - Setting up variables for S3 s3_bucket = os.environ['S3_BUCKET'] s3_key = decrypt_secret_kms(s3_key_encr) s3_local = '/tmp/data' s3_secret = decrypt_secret_kms(s3_secret_encr) # Configuration - Sleep time if(os.getenv('SLEEP_TIME') is not None): sleep_time = int(os.environ['SLEEP_TIME']) else: sleep_time = 240 # Configuration - Log type if os.getenv("AUDIT_LOG_PREFIX") is not None: s3_folder = os.environ['AUDIT_LOG_PREFIX'].rstrip("/") elastic_index_alias = "k8s-audit" elastic_index_name = f"{elastic_index_alias}-index-000001" elastic_index_template = f"{elastic_index_alias}-template" elastic_index_ilm = f"{elastic_index_alias}-ilm" elastic_index_pipeline = f"{elastic_index_alias}-pipeline" elif os.getenv("FALCO_LOG_PREFIX") is not None: s3_folder = os.environ['FALCO_LOG_PREFIX'].rstrip("/") elastic_index_alias = "k8s-falco" elastic_index_name = f"{elastic_index_alias}-index-000001" elastic_index_template = f"{elastic_index_alias}-template" elastic_index_ilm = f"{elastic_index_alias}-ilm" elastic_index_pipeline = f"{elastic_index_alias}-pipeline" elif os.getenv("KYVERNO_LOG_PREFIX") is not None: s3_folder = os.environ['KYVERNO_LOG_PREFIX'].rstrip("/") elastic_index_alias = "k8s-kyverno" elastic_index_name = f"{elastic_index_alias}-index-000001" elastic_index_template = f"{elastic_index_alias}-template" elastic_index_ilm = f"{elastic_index_alias}-ilm" elastic_index_pipeline = f"{elastic_index_alias}-pipeline" # State - Setting up S3 client s3 = boto3.resource('s3', endpoint_url = 'https://storage.yandexcloud.net', aws_access_key_id = s3_key, aws_secret_access_key = s3_secret ) sqs = boto3.client( service_name = 'sqs', endpoint_url = 'https://message-queue.api.cloud.yandex.net', region_name = 'ru-central1', aws_access_key_id = s3_key, aws_secret_access_key = s3_secret ) # Configuration - YMQ sqs_url = os.environ['YMQ_URL'] # Function - Create config index in ElasticSearch def create_config_index(): request_suffix = f"/.state-{elastic_index_alias}" response = requests.get(elastic_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw)) if(response.status_code == 404): request_suffix = f"/.state-{elastic_index_alias}/_doc/1" request_json = """{ "is_configured": true }""" response = requests.post(elastic_server+request_suffix, data=request_json, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"Content-Type":"application/json"}) print('Config index -- CREATED') print(f"{response.status_code} -- {response.text}") else: print('Config index -- EXISTS') print(f"{response.status_code} -- {response.text}") # Function - Get config index state def get_config_index_state(): request_suffix = f"/.state-{elastic_index_alias}/_doc/1/_source" response = requests.get(elastic_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw)) if(response.status_code != 200): return False return response.json()['is_configured'] # Function - Create ingest pipeline def create_ingest_pipeline(): request_suffix = f"/_ingest/pipeline/{elastic_index_pipeline}" data_file = open(f"/app/include/{elastic_index_alias}/pipeline.json") # заменить на прямую ссылку github когда репо станет публичным data_json = json.load(data_file) data_file.close() response = requests.put(elastic_server+request_suffix, json=data_json, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw)) if(response.status_code == 200): print('Ingest pipeline -- CREATED') print(f"{response.status_code} -- {response.text}") # Function - Create an index template def create_index_template(): request_suffix = f"/_index_template/{elastic_index_template}" data_file = open(f"/app/include/{elastic_index_alias}/index-template.json") data_json = json.load(data_file) data_file.close() response = requests.put(elastic_server+request_suffix, json=data_json, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"Content-Type":"application/json"}) if(response.status_code == 200): print('Index template -- CREATED') print(f"{response.status_code} - {response.text}") def create_lifecycle_policy(): request_suffix = f"/_ilm/policy/{elastic_index_ilm}" request_json = """{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "rollover": { "max_age": "30d", "max_primary_shard_size": "50gb" } } } } } }""" response = requests.put(elastic_server+request_suffix, data=request_json, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"Content-Type":"application/json"}) if(response.status_code == 200): print('Index lifecycle policy -- CREATED') print(f"{response.status_code} - {response.text}") # Function - Create an index def create_first_index(): request_suffix = f"/{elastic_index_name}" response = requests.put(elastic_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw)) if(response.status_code == 200): print(f"Index {elastic_index_name} -- CREATED") print(f"{response.status_code} - {response.text}") # Function - Create an index alias def create_index_alias(): request_suffix = f"/_aliases" request_json = """{ "actions" : [ { "add" : { "index" : "%s", "alias" : "%s" } } ] }""" % (elastic_index_name, elastic_index_alias) response = requests.post(elastic_server+request_suffix, data=request_json, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"Content-Type":"application/json"}) if(response.status_code == 200): print('Index alias -- CREATED') print(f"{response.status_code} - {response.text}") # Function - Refresh index def refresh_index(): request_suffix = f"/{elastic_index_alias}/_refresh" response = requests.post(elastic_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw)) if(response.status_code == 200): print('Index -- REFRESHED') print(f"{response.status_code} -- {response.text}") # Function - Check detection engine index def get_detections_engine(): request_suffix = f"/s/default/api/detection_engine/index" response = requests.get(kibana_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): return True else: print(f"{response.status_code} - {response.text}") return False # Function - Preconfigure Kibana def configure_kibana(): # Index pattern file = f"/app/include/{elastic_index_alias}/index-pattern.ndjson" if os.path.isfile(file): data_file = { 'file': open(file, 'rb') } request_suffix = '/api/saved_objects/_import' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): print('Index pattern -- IMPORTED') print(f"{response.status_code} -- {response.text}") # Filters file = f"/app/include/{elastic_index_alias}/filters.ndjson" if os.path.isfile(file): data_file = { 'file': open(file, 'rb') } request_suffix = '/api/saved_objects/_import' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): print('Filters -- IMPORTED') print(f"{response.status_code} -- {response.text}") # Search file = f"/app/include/{elastic_index_alias}/search.ndjson" if os.path.isfile(file): data_file = { 'file': open(file, 'rb') } request_suffix = '/api/saved_objects/_import' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): print('Searches -- IMPORTED') print(f"{response.status_code} -- {response.text}") # Dashboard file = f"/app/include/{elastic_index_alias}/dashboard.ndjson" if os.path.isfile(file): data_file = { 'file': open(file, 'rb') } request_suffix = '/api/saved_objects/_import' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): print('Dashboard -- IMPORTED') print(f"{response.status_code} -- {response.text}") # Detections # Pre-create detections index if not get_detections_engine(): request_suffix = '/s/default/api/detection_engine/index' response = requests.post(kibana_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): print('Detections -- SIEM rules index pre-created') print(f"{response.status_code} - {response.text}") file = f"/app/include/{elastic_index_alias}/detections.ndjson" if os.path.isfile(file): data_file = { 'file': open(file, 'rb') } request_suffix = '/api/detection_engine/rules/_import' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): print('Detections -- IMPORTED') print(f"{response.status_code} -- {response.text}") # Function - Clean up S3 folder def delete_object_s3(s3_bucket, s3_object): b = s3.Bucket(s3_bucket) b.delete_objects( Delete={ 'Objects': [ { 'Key': s3_object }, ] } ) # Function - Delete SQS message def delete_sqs_message(msg): sqs.delete_message( QueueUrl=sqs_url, ReceiptHandle=msg.get('ReceiptHandle') ) # Function - Process JSON logs batch def process_s3_batch(bucket, folder, local=None): print('JSON processing -- STARTED') parse_substring = '".": {}, ' processing = True request_suffix = f"/{elastic_index_alias}/_bulk?pipeline={elastic_index_pipeline}" while processing: b = s3.Bucket(bucket) messages = sqs.receive_message( QueueUrl=sqs_url, MaxNumberOfMessages=10, VisibilityTimeout=60, WaitTimeSeconds=20 ).get('Messages') if(messages == None): processing = False continue for msg in messages: msg_body = json.loads(msg.get('Body')) source = msg_body['object_id'] cloud_id = msg_body['cloud_id'] folder_id = msg_body['folder_id'] cluster_id = msg_body['cluster_id'] cluster_url = msg_body['cluster_url'] if source[-1] == '/': delete_sqs_message(msg) continue target = source if local is None \ else os.path.join(local, source) if not os.path.exists(os.path.dirname(target)): os.makedirs(os.path.dirname(target)) try: b.download_file(source, target) except botocore.exceptions.ClientError as e: sqs.delete_message( QueueUrl=sqs_url, ReceiptHandle=msg.get('ReceiptHandle') ) continue with open(target, "r") as raw_file: lines = [] for line in raw_file: lines.append('{"index":{}},') line = line.replace(parse_substring, "") lines.append(f"{line.rstrip()[:-1]}, \"cloud_id\": \"{cloud_id}\", \"folder_id\": \"{folder_id}\", \"cluster_id\": \"{cluster_id}\", \"cluster_url\": \"{cluster_url}\"}},") lines[-1] = lines[-1][:-1]+"\n" data = "\n".join(lines) response = requests.post(elastic_server+request_suffix, \ data=data, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), \ headers={"Content-Type":"application/json"}) if(response.status_code == 200): delete_object_s3(s3_bucket, source) delete_sqs_message(msg) os.remove(target) print(response.text) else: print(response.text) print(f"JSON processing -- COMPLETE") # Process - Upload data def upload_logs(): if(get_config_index_state()): print("Config index -- EXISTS") process_s3_batch(s3_bucket, s3_folder, s3_local) refresh_index() else: create_lifecycle_policy() create_index_template() create_first_index() create_index_alias() create_ingest_pipeline() configure_kibana() create_config_index() process_s3_batch(s3_bucket, s3_folder, s3_local) refresh_index() ### MAIN CONTROL PANEL upload_logs() print("Sleep -- STARTED") time.sleep(sleep_time) ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/k8s-events-siem-worker/2.0.0/function/requirements.txt ================================================ boto3 requests botocore PyJWT cryptography ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/00-sa-and-bucket.tf ================================================ # Create resource for timer resource "null_resource" "previous" {} # Create timer resource "time_sleep" "wait_timer" { depends_on = [null_resource.previous] create_duration = var.timer_for_mq } # Create SA for read/write bucket resource "yandex_iam_service_account" "sa-writer" { folder_id = var.folder_id name = var.service_account_id } # Grant permissions send logs to bucket resource "yandex_resourcemanager_folder_iam_member" "upload_logs" { depends_on = [yandex_iam_service_account.sa-writer] folder_id = var.folder_id role = "storage.admin" member = "serviceAccount:${yandex_iam_service_account.sa-writer.id}" } # Create Static Access Keys resource "yandex_iam_service_account_static_access_key" "sa-writer-keys" { depends_on = [yandex_iam_service_account.sa-writer] service_account_id = yandex_iam_service_account.sa-writer.id description = "Static access/secret keys for SA" } # Create Auth Access Key for Service Account to get IAM Token resource "yandex_iam_service_account_key" "sa-auth-key" { depends_on = [yandex_iam_service_account.sa-writer] service_account_id = yandex_iam_service_account.sa-writer.id description = "key for service account" key_algorithm = "RSA_4096" } # Create backet resource "yandex_storage_bucket" "es-bucket" { depends_on = [yandex_resourcemanager_folder_iam_member.upload_logs] access_key = yandex_iam_service_account_static_access_key.sa-writer-keys.access_key secret_key = yandex_iam_service_account_static_access_key.sa-writer-keys.secret_key bucket = var.log_bucket_name grant { id = yandex_iam_service_account.sa-writer.id type = "CanonicalUser" permissions = ["READ", "WRITE"] } # Remove backups after lifecycle_rule { id = "allIndicies" enabled = var.s3_expiration["enabled"] expiration { days = var.s3_expiration["days"] } } versioning { enabled = false } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/01-function-and-mq.tf ================================================ data "archive_file" "function_pusher" { type = "zip" source_dir = "${path.module}/pusher" output_path = "${path.module}/pusher.zip" } resource "random_string" "project_suffix" { length = 10 upper = false lower = true number = true special = false } #--------Permissions----------- # Grant permissions to create function_pusher resource "yandex_resourcemanager_folder_iam_binding" "create_funct" { depends_on = [yandex_iam_service_account.sa-writer] folder_id = var.folder_id role = "serverless.functions.admin" members = ["serviceAccount:${yandex_iam_service_account.sa-writer.id}"] } # Grant permissions send logs to queue resource "yandex_resourcemanager_folder_iam_member" "send_queue" { depends_on = [yandex_iam_service_account.sa-writer] folder_id = var.folder_id role = "ymq.admin" member = "serviceAccount:${yandex_iam_service_account.sa-writer.id}" } #--------AUDIT----------- resource "yandex_message_queue" "log_queue_for_auditlog" { count = var.auditlog_enabled ? 1 : 0 depends_on = [time_sleep.wait_timer, yandex_resourcemanager_folder_iam_member.send_queue] access_key = yandex_iam_service_account_static_access_key.sa-writer-keys.access_key secret_key = yandex_iam_service_account_static_access_key.sa-writer-keys.secret_key name = "log-queue-auditlog-${random_string.project_suffix.result}-${data.yandex_kubernetes_cluster.my_cluster.name}" visibility_timeout_seconds = 600 receive_wait_time_seconds = 20 message_retention_seconds = 1209600 } resource "yandex_function" "s3_ymq_for_auditlog" { depends_on = [yandex_resourcemanager_folder_iam_binding.create_funct, yandex_message_queue.log_queue_for_auditlog] folder_id = var.folder_id name = "s3-ymq-auditlog-sync-${random_string.project_suffix.result}-${data.yandex_kubernetes_cluster.my_cluster.name}" runtime = "python38" entrypoint = "main.handler" memory = "256" execution_timeout = "30" environment = { YMQ_URL = yandex_message_queue.log_queue_for_auditlog[0].id AWS_ACCESS_KEY_ID = yandex_iam_service_account_static_access_key.sa-writer-keys.access_key AWS_SECRET_ACCESS_KEY = yandex_iam_service_account_static_access_key.sa-writer-keys.secret_key AUDIT_LOG_PREFIX = var.auditlogs_prefix CLOUD_ID = data.yandex_resourcemanager_folder.my_folder.cloud_id CLUSTER_ID = data.yandex_kubernetes_cluster.my_cluster.id FOLDER_ID = var.folder_id } user_hash = data.archive_file.function_pusher.output_base64sha256 content { zip_filename = data.archive_file.function_pusher.output_path } } resource "yandex_function_trigger" "s3_ymq_auditlog_trigger" { depends_on = [yandex_message_queue.log_queue_for_auditlog, yandex_function.s3_ymq_for_auditlog] folder_id = var.folder_id name = "s3-ymq-auditlog-trigger-${random_string.project_suffix.result}-${data.yandex_kubernetes_cluster.my_cluster.name}" function { id = yandex_function.s3_ymq_for_auditlog.id service_account_id = yandex_iam_service_account.sa-writer.id } object_storage { bucket_id = var.log_bucket_name prefix = var.auditlogs_prefix create = true update = false delete = false } } #--------FALCO----------- resource "yandex_message_queue" "log_queue_for_falco" { count = var.falco_enabled ? 1 : 0 depends_on = [time_sleep.wait_timer, yandex_resourcemanager_folder_iam_member.send_queue] access_key = yandex_iam_service_account_static_access_key.sa-writer-keys.access_key secret_key = yandex_iam_service_account_static_access_key.sa-writer-keys.secret_key name = "log-queue-falco-${random_string.project_suffix.result}-${data.yandex_kubernetes_cluster.my_cluster.name}" visibility_timeout_seconds = 600 receive_wait_time_seconds = 20 message_retention_seconds = 1209600 } resource "yandex_function" "s3_ymq_for_falco" { depends_on = [yandex_resourcemanager_folder_iam_binding.create_funct, yandex_message_queue.log_queue_for_auditlog] folder_id = var.folder_id name = "s3-ymq-falco-sync-${random_string.project_suffix.result}-${data.yandex_kubernetes_cluster.my_cluster.name}" runtime = "python38" entrypoint = "main.handler" memory = "256" execution_timeout = "30" environment = { YMQ_URL = yandex_message_queue.log_queue_for_falco[0].id AWS_ACCESS_KEY_ID = yandex_iam_service_account_static_access_key.sa-writer-keys.access_key AWS_SECRET_ACCESS_KEY = yandex_iam_service_account_static_access_key.sa-writer-keys.secret_key FALCO_LOG_PREFIX = var.falco_prefix CLOUD_ID = data.yandex_resourcemanager_folder.my_folder.cloud_id CLUSTER_ID = data.yandex_kubernetes_cluster.my_cluster.id FOLDER_ID = var.folder_id } user_hash = data.archive_file.function_pusher.output_base64sha256 content { zip_filename = data.archive_file.function_pusher.output_path } } resource "yandex_function_trigger" "s3_ymq_falco_trigger" { depends_on = [yandex_message_queue.log_queue_for_falco, yandex_function.s3_ymq_for_falco] folder_id = var.folder_id name = "s3-ymq-falco-trigger-${random_string.project_suffix.result}-${data.yandex_kubernetes_cluster.my_cluster.name}" function { id = yandex_function.s3_ymq_for_falco.id service_account_id = yandex_iam_service_account.sa-writer.id } object_storage { bucket_id = var.log_bucket_name prefix = var.falco_prefix create = true update = false delete = false } } #--------KYVERNO----------- resource "yandex_message_queue" "log_queue_for_kyverno" { count = var.kyverno_enabled ? 1 : 0 depends_on = [time_sleep.wait_timer, yandex_resourcemanager_folder_iam_member.send_queue] access_key = yandex_iam_service_account_static_access_key.sa-writer-keys.access_key secret_key = yandex_iam_service_account_static_access_key.sa-writer-keys.secret_key name = "log-queue-kyverno-${random_string.project_suffix.result}-${data.yandex_kubernetes_cluster.my_cluster.name}" visibility_timeout_seconds = 600 receive_wait_time_seconds = 20 message_retention_seconds = 1209600 } resource "yandex_function" "s3_ymq_for_kyverno" { depends_on = [yandex_resourcemanager_folder_iam_binding.create_funct, yandex_message_queue.log_queue_for_auditlog] count = var.kyverno_enabled ? 1 : 0 folder_id = var.folder_id name = "s3-ymq-kyverno-sync-${random_string.project_suffix.result}-${data.yandex_kubernetes_cluster.my_cluster.name}" runtime = "python38" entrypoint = "main.handler" memory = "256" execution_timeout = "30" environment = { YMQ_URL = yandex_message_queue.log_queue_for_kyverno[0].id AWS_ACCESS_KEY_ID = yandex_iam_service_account_static_access_key.sa-writer-keys.access_key AWS_SECRET_ACCESS_KEY = yandex_iam_service_account_static_access_key.sa-writer-keys.secret_key KYVERNO_LOG_PREFIX = var.kyverno_prefix CLOUD_ID = data.yandex_resourcemanager_folder.my_folder.cloud_id CLUSTER_ID = data.yandex_kubernetes_cluster.my_cluster.id FOLDER_ID = var.folder_id } user_hash = data.archive_file.function_pusher.output_base64sha256 content { zip_filename = data.archive_file.function_pusher.output_path } } resource "yandex_function_trigger" "s3_ymq_kyverno_trigger" { depends_on = [yandex_message_queue.log_queue_for_kyverno, yandex_function.s3_ymq_for_kyverno] count = var.kyverno_enabled ? 1 : 0 folder_id = var.folder_id name = "s3-ymq-kyverno-trigger-${random_string.project_suffix.result}-${data.yandex_kubernetes_cluster.my_cluster.name}" function { id = yandex_function.s3_ymq_for_kyverno[0].id service_account_id = yandex_iam_service_account.sa-writer.id } object_storage { bucket_id = var.log_bucket_name prefix = var.kyverno_prefix create = true update = false delete = false } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/02-worker.tf ================================================ locals { common_values_yaml = { server = { image = "${var.worker_docker_image}" envVars = { elastic = { authUser = "${var.elastic_user}" server = "${var.elastic_server}:9200" passEncr = "${yandex_kms_secret_ciphertext.encrypted_pass.ciphertext}" kibanaServer = "${var.elastic_server}" } sleepTime = "300" yandex = { cloud = { id = "${var.cloud_id}" } cluster = { id = "${data.yandex_kubernetes_cluster.my_cluster.id}" } folder = { id = "${var.folder_id}" } kms = { key = { id = "${yandex_kms_symmetric_key.kms-key.id}" } } s3 = { bucket = { name = "${var.log_bucket_name}" keyEncr = "${yandex_kms_secret_ciphertext.encrypted_s3_key.ciphertext}" secretEncr = "${yandex_kms_secret_ciphertext.encrypted_s3_secret.ciphertext}" } } serviceAccount = { id = "${yandex_iam_service_account.sa-writer.id}" authKey = { id = "${yandex_iam_service_account_key.sa-auth-key.id}" privPem = "${yandex_iam_service_account_key.sa-auth-key.private_key}" } } } } } } auditlog_values_yaml = { server = { replicas = "${var.auditlog_worker_replicas_count}" envVars = { logPrefix = { audit = "AUDIT/" } yandex = { messageQueue = { url = "${yandex_message_queue.log_queue_for_auditlog[0].id}" } } } } } falco_values_yaml = { server = { replicas = "${var.falco_worker_replicas_count}" envVars = { logPrefix = { falco = "FALCO/" } yandex = { messageQueue = { url = "${yandex_message_queue.log_queue_for_falco[0].id}" } } } } } kyverno_values_yaml = { server = { replicas = "${var.kyverno_worker_replicas_count}" envVars = { logPrefix = { kyverno = "KYVERNO/" } yandex = { messageQueue = { url = "${yandex_message_queue.log_queue_for_kyverno[0].id}" } } } } } } resource "yandex_kms_symmetric_key" "kms-key" { name = "kms-key-${random_string.project_suffix.result}" description = "Key for secrets encryption" default_algorithm = "AES_128" } resource "yandex_resourcemanager_folder_iam_binding" "binding" { folder_id = var.folder_id role = "kms.keys.encrypterDecrypter" members = [ "serviceAccount:${yandex_iam_service_account.sa-writer.id}", ] } resource "yandex_kms_secret_ciphertext" "encrypted_pass" { key_id = yandex_kms_symmetric_key.kms-key.id plaintext = var.elastic_pw } resource "yandex_kms_secret_ciphertext" "encrypted_s3_key" { key_id = yandex_kms_symmetric_key.kms-key.id plaintext = yandex_iam_service_account_static_access_key.sa-writer-keys.access_key } resource "yandex_kms_secret_ciphertext" "encrypted_s3_secret" { key_id = yandex_kms_symmetric_key.kms-key.id plaintext = yandex_iam_service_account_static_access_key.sa-writer-keys.secret_key } resource "helm_release" "auditlog_worker" { name = var.auditlog_worker_chart_name namespace = var.auditlog_worker_namespace create_namespace = var.create_namespace chart = "${path.module}/chart" values = [file("${path.module}/chart/values.yaml"), yamlencode(local.common_values_yaml), yamlencode(local.auditlog_values_yaml), file("${path.module}/templates/auditlog-worker-limits.yaml"), var.value] dynamic "set" { for_each = var.set content { name = set.key value = set.value } } dynamic "set_sensitive" { for_each = var.set_sensitive content { name = set_sensitive.key value = set_sensitive.value } } } resource "helm_release" "falco_worker" { name = var.falco_worker_chart_name namespace = var.falco_worker_namespace create_namespace = var.create_namespace chart = "${path.module}/chart" values = [file("${path.module}/chart/values.yaml"), yamlencode(local.common_values_yaml), yamlencode(local.falco_values_yaml), file("${path.module}/templates/falco-worker-limits.yaml"), var.value] dynamic "set" { for_each = var.set content { name = set.key value = set.value } } dynamic "set_sensitive" { for_each = var.set_sensitive content { name = set_sensitive.key value = set_sensitive.value } } } resource "helm_release" "kyverno_worker" { count = var.kyverno_enabled ? 1 : 0 name = var.kyverno_worker_chart_name namespace = var.kyverno_worker_namespace create_namespace = var.create_namespace chart = "${path.module}/chart" values = [file("${path.module}/chart/values.yaml"), yamlencode(local.common_values_yaml), yamlencode(local.kyverno_values_yaml), file("${path.module}/templates/kyverno-worker-limits.yaml"), var.value] dynamic "set" { for_each = var.set content { name = set.key value = set.value } } dynamic "set_sensitive" { for_each = var.set_sensitive content { name = set_sensitive.key value = set_sensitive.value } } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/03-infra.tf ================================================ data "yandex_iam_service_account" "bucket_sa" { depends_on = [yandex_iam_service_account.sa-writer] name = var.service_account_id } data "yandex_kubernetes_cluster" "my_cluster" { folder_id = var.folder_id name = var.cluster_name } data "yandex_resourcemanager_folder" "my_folder" { folder_id = var.folder_id } resource "yandex_iam_service_account_static_access_key" "sa_static_key" { service_account_id = data.yandex_iam_service_account.bucket_sa.id description = "static access key for object storage" } data "yandex_client_config" "client" {} provider "helm" { kubernetes { host = data.yandex_kubernetes_cluster.my_cluster.master.0.public_ip == true ? data.yandex_kubernetes_cluster.my_cluster.master.0.external_v4_endpoint : data.yandex_kubernetes_cluster.my_cluster.master.0.internal_v4_endpoint cluster_ca_certificate = data.yandex_kubernetes_cluster.my_cluster.master.0.cluster_ca_certificate token = data.yandex_client_config.client.iam_token } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/04-audit-export.tf ================================================ data "archive_file" "function_export" { type = "zip" source_dir = "${path.module}/function" output_path = "${path.module}/sync.zip" } resource "yandex_function" "k8s_log_exporter" { folder_id = var.folder_id name = "k8s-log-exporter-${data.yandex_kubernetes_cluster.my_cluster.name}" runtime = "python38" entrypoint = "main.handler" memory = "128" execution_timeout = "30" service_account_id = data.yandex_iam_service_account.bucket_sa.id environment = { AWS_ACCESS_KEY_ID = yandex_iam_service_account_static_access_key.sa_static_key.access_key AWS_SECRET_ACCESS_KEY = yandex_iam_service_account_static_access_key.sa_static_key.secret_key BUCKET_NAME = var.log_bucket_name CLOUD_ID = data.yandex_resourcemanager_folder.my_folder.cloud_id CLUSTER_ID = data.yandex_kubernetes_cluster.my_cluster.id FOLDER_ID = var.folder_id } user_hash = data.archive_file.function_export.output_base64sha256 content { zip_filename = data.archive_file.function_export.output_path } } resource "yandex_function_trigger" "logs-trigger" { depends_on = [yandex_function.k8s_log_exporter] name = "k8s-log-trigger-${data.yandex_kubernetes_cluster.my_cluster.name}" folder_id = var.folder_id function { id = yandex_function.k8s_log_exporter.id service_account_id = data.yandex_iam_service_account.bucket_sa.id } log_group { log_group_ids = [ data.yandex_kubernetes_cluster.my_cluster.log_group_id, ] batch_cutoff = 10 batch_size = 100 } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/05-falco.tf ================================================ resource "helm_release" "falco" { depends_on = [helm_release.policy_reporter] name = "falco" chart = "falco" version = var.falco_version repository = "https://falcosecurity.github.io/charts" namespace = var.falco_helm_namespace create_namespace = var.create_namespace values = ["${file("${path.module}/templates/falco-base.yaml")}"] set { name = "fakeEventGenerator.enabled" value = var.fakeeventgenerator_enabled } set { name = "ebpf.enabled" value = "true" } } resource "helm_release" "falcosidekick" { depends_on = [helm_release.falco] name = "falcosidekick" chart = "falcosidekick" version = var.falcosidekick_version repository = "https://falcosecurity.github.io/charts" namespace = var.falco_helm_namespace values = ["${file("${path.module}/templates/falcosidekick-base.yaml")}"] set { name = "config.yandex.accesskeyid" value = yandex_iam_service_account_static_access_key.sa_static_key.access_key } set { name = "config.yandex.secretaccesskey" value = yandex_iam_service_account_static_access_key.sa_static_key.secret_key } set { name = "config.yandex.s3.bucket" value = var.log_bucket_name } set { name = "config.yandex.s3.prefix" value = "FALCO/${data.yandex_kubernetes_cluster.my_cluster.name}" } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/06-kyverno.tf ================================================ resource "helm_release" "kyverno-policies" { depends_on = [ helm_release.kyverno ] count = var.kyverno_enabled ? 1 : 0 name = "kyverno-policies" chart = "kyverno-policies" version = var.kyverno_policies_version repository = "https://kyverno.github.io/kyverno/" namespace = var.kyverno_helm_namespace set { name = "podSecurityStandard" value = var.podSecurityStandard } set { name = "validationFailureAction" value = var.validationFailureAction } } resource "helm_release" "kyverno" { count = var.kyverno_enabled ? 1 : 0 name = "kyverno" chart = "kyverno" version = var.kyverno_version repository = "https://kyverno.github.io/kyverno/" namespace = var.kyverno_helm_namespace create_namespace = var.create_namespace values = ["${file("${path.module}/templates/kyverno-base.yaml")}"] } resource "helm_release" "policy_reporter" { depends_on = [ helm_release.kyverno ] count = var.kyverno_enabled ? 1 : 0 name = "policy-reporter" chart = "policy-reporter" version = var.policy_reporter_version repository = "https://kyverno.github.io/policy-reporter" namespace = var.kyverno_helm_namespace values = ["${file("${path.module}/templates/policy-reporter-base.yaml")}"] set { name = "target.s3.accessKeyID" value = yandex_iam_service_account_static_access_key.sa_static_key.access_key } set { name = "target.s3.secretAccessKey" value = yandex_iam_service_account_static_access_key.sa_static_key.secret_key } set { name = "target.s3.bucket" value = var.log_bucket_name } set { name = "target.s3.prefix" value = "KYVERNO/${data.yandex_kubernetes_cluster.my_cluster.name}" } set { name = "target.s3.region" value = var.region_name } set { name = "target.s3.endpoint" value = "https://storage.yandexcloud.net" } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/Readme.md ================================================ ## Requirements | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.14 | | [kustomization](#requirement\_kustomization) | >= 0.5.0 | | [yandex](#requirement\_yandex) | >= 0.72.0 | ## Providers | Name | Version | |------|---------| | [archive](#provider\_archive) | n/a | | [helm](#provider\_helm) | n/a | | [null](#provider\_null) | n/a | | [random](#provider\_random) | n/a | | [time](#provider\_time) | n/a | | [yandex](#provider\_yandex) | >= 0.72.0 | ## Modules No modules. ## Resources | Name | Type | |------|------| | [helm_release.auditlog_worker](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.falco](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.falco_worker](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.falcosidekick](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.kyverno](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.kyverno-policies](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.kyverno_worker](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [helm_release.policy_reporter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [null_resource.previous](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [random_string.project_suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | | [time_sleep.wait_timer](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource | | [yandex_function.k8s_log_exporter](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/function) | resource | | [yandex_function.s3_ymq_for_auditlog](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/function) | resource | | [yandex_function.s3_ymq_for_falco](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/function) | resource | | [yandex_function.s3_ymq_for_kyverno](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/function) | resource | | [yandex_function_trigger.logs-trigger](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/function_trigger) | resource | | [yandex_function_trigger.s3_ymq_auditlog_trigger](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/function_trigger) | resource | | [yandex_function_trigger.s3_ymq_falco_trigger](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/function_trigger) | resource | | [yandex_function_trigger.s3_ymq_kyverno_trigger](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/function_trigger) | resource | | [yandex_iam_service_account.sa-writer](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/iam_service_account) | resource | | [yandex_iam_service_account_key.sa-auth-key](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/iam_service_account_key) | resource | | [yandex_iam_service_account_static_access_key.sa-writer-keys](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/iam_service_account_static_access_key) | resource | | [yandex_iam_service_account_static_access_key.sa_static_key](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/iam_service_account_static_access_key) | resource | | [yandex_kms_secret_ciphertext.encrypted_pass](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/kms_secret_ciphertext) | resource | | [yandex_kms_secret_ciphertext.encrypted_s3_key](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/kms_secret_ciphertext) | resource | | [yandex_kms_secret_ciphertext.encrypted_s3_secret](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/kms_secret_ciphertext) | resource | | [yandex_kms_symmetric_key.kms-key](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/kms_symmetric_key) | resource | | [yandex_message_queue.log_queue_for_auditlog](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/message_queue) | resource | | [yandex_message_queue.log_queue_for_falco](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/message_queue) | resource | | [yandex_message_queue.log_queue_for_kyverno](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/message_queue) | resource | | [yandex_resourcemanager_folder_iam_binding.binding](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_folder_iam_binding) | resource | | [yandex_resourcemanager_folder_iam_binding.create_funct](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_folder_iam_binding) | resource | | [yandex_resourcemanager_folder_iam_member.send_queue](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_folder_iam_member) | resource | | [yandex_resourcemanager_folder_iam_member.upload_logs](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_folder_iam_member) | resource | | [yandex_storage_bucket.es-bucket](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/storage_bucket) | resource | | [archive_file.function_export](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source | | [archive_file.function_pusher](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source | | [yandex_iam_service_account.bucket_sa](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/data-sources/iam_service_account) | data source | | [yandex_kubernetes_cluster.my_cluster](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/data-sources/kubernetes_cluster) | data source | | [yandex_resourcemanager_folder.my_folder](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/data-sources/resourcemanager_folder) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [auditlog\_enabled](#input\_auditlog\_enabled) | AUDIT LOG | `bool` | n/a | yes | | [auditlog\_worker\_chart\_name](#input\_auditlog\_worker\_chart\_name) | The name of the auditlog worker helm release | `string` | n/a | yes | | [auditlog\_worker\_namespace](#input\_auditlog\_worker\_namespace) | The namespace in which the worker chart will be deployed. | `string` | n/a | yes | | [auditlog\_worker\_replicas\_count](#input\_auditlog\_worker\_replicas\_count) | Count of replicas for audit worker. | `number` | n/a | yes | | [auditlogs\_prefix](#input\_auditlogs\_prefix) | n/a | `string` | n/a | yes | | [cloud\_id](#input\_cloud\_id) | The Yandex.Cloud cloud id. | `string` | n/a | yes | | [cluster\_name](#input\_cluster\_name) | The Yandex.Cloud K8s cluster name. | `string` | n/a | yes | | [create\_namespace](#input\_create\_namespace) | Create the namespace if it does not yet exists. | `bool` | n/a | yes | | [elastic\_pw](#input\_elastic\_pw) | Elastic Server | `string` | n/a | yes | | [elastic\_server](#input\_elastic\_server) | n/a | `string` | n/a | yes | | [elastic\_user](#input\_elastic\_user) | n/a | `string` | n/a | yes | | [fakeeventgenerator\_enabled](#input\_fakeeventgenerator\_enabled) | n/a | `bool` | n/a | yes | | [falco\_enabled](#input\_falco\_enabled) | FALCO | `bool` | n/a | yes | | [falco\_helm\_namespace](#input\_falco\_helm\_namespace) | The namespace in which the helm will be deployed. | `string` | n/a | yes | | [falco\_prefix](#input\_falco\_prefix) | n/a | `string` | n/a | yes | | [falco\_version](#input\_falco\_version) | FALCO Helm | `string` | n/a | yes | | [falco\_worker\_chart\_name](#input\_falco\_worker\_chart\_name) | The name of the falco worker helm release | `string` | n/a | yes | | [falco\_worker\_namespace](#input\_falco\_worker\_namespace) | The namespace in which the worker chart will be deployed. | `string` | n/a | yes | | [falco\_worker\_replicas\_count](#input\_falco\_worker\_replicas\_count) | Count of replicas for falco worker. | `number` | n/a | yes | | [falcosidekick\_version](#input\_falcosidekick\_version) | n/a | `string` | n/a | yes | | [folder\_id](#input\_folder\_id) | The Yandex.Cloud folder id. | `string` | n/a | yes | | [kyverno\_enabled](#input\_kyverno\_enabled) | KYVERNO | `bool` | n/a | yes | | [kyverno\_helm\_namespace](#input\_kyverno\_helm\_namespace) | The namespace in which the helm will be deployed. | `string` | n/a | yes | | [kyverno\_policies\_version](#input\_kyverno\_policies\_version) | n/a | `string` | n/a | yes | | [kyverno\_prefix](#input\_kyverno\_prefix) | n/a | `string` | n/a | yes | | [kyverno\_version](#input\_kyverno\_version) | KYVERNO Helm | `string` | n/a | yes | | [kyverno\_worker\_chart\_name](#input\_kyverno\_worker\_chart\_name) | The name of the kyverno worker helm release | `string` | n/a | yes | | [kyverno\_worker\_namespace](#input\_kyverno\_worker\_namespace) | The namespace in which the worker chart will be deployed. | `string` | n/a | yes | | [kyverno\_worker\_replicas\_count](#input\_kyverno\_worker\_replicas\_count) | Count of replicas for kyverno worker. | `number` | n/a | yes | | [log\_bucket\_name](#input\_log\_bucket\_name) | S3 Bucket Variables | `string` | n/a | yes | | [podSecurityStandard](#input\_podSecurityStandard) | n/a | `string` | `"restricted"` | no | | [policy\_reporter\_version](#input\_policy\_reporter\_version) | n/a | `string` | n/a | yes | | [s3\_expiration](#input\_s3\_expiration) | Enable or disable delete indicies backup from bucket after days | `map(string)` | 
{
  "days": 10,
  "enabled": true
}
| no | | [service\_account\_id](#input\_service\_account\_id) | functions.invoker, storage.editor, ymq.editor | `string` | n/a | yes | | [set](#input\_set) | Additional values set | `map(any)` | `{}` | no | | [set\_sensitive](#input\_set\_sensitive) | Additional sensitive values set | `map(any)` | `{}` | no | | [timer\_for\_mq](#input\_timer\_for\_mq) | Timer for add permission for create mq | `string` | `"10s"` | no | | [validationFailureAction](#input\_validationFailureAction) | n/a | `string` | `"audit"` | no | | [value](#input\_value) | Values for the chart. | `string` | `""` | no | | [worker\_docker\_image](#input\_worker\_docker\_image) | Worker Settings | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| | [folder\_id](#output\_folder\_id) | n/a | | [log\_bucket\_name](#output\_log\_bucket\_name) | n/a | | [service\_account\_id](#output\_service\_account\_id) | n/a | ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/chart/.helmignore ================================================ # Patterns to ignore when building packages. # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. .DS_Store # Common VCS dirs .git/ .gitignore .bzr/ .bzrignore .hg/ .hgignore .svn/ # Common backup files *.swp *.bak *.tmp *.orig *~ # Various IDEs .project .idea/ *.tmproj .vscode/ ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/chart/Chart.yaml ================================================ apiVersion: v2 appVersion: 0.2.0 description: A Helm chart for Kubernetes name: worker type: application version: 0.2.2 ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/chart/templates/_helpers.tpl ================================================ {{/* Sanitizes given string. */}} {{- define "sanitize" -}} {{- $name := regexReplaceAll "[[:^alnum:]]" . "-" -}} {{- regexReplaceAll "-+" $name "-" | lower | trunc 63 | trimAll "-" -}} {{- end -}} {{/* Quotes values of the given object. */}} {{- define "quote.object" -}} {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} {{- end -}} {{- end -}} {{/* Quotes items of the given list. */}} {{- define "quote.list" -}} {{- range $item := . }} - {{ $item | quote }} {{- end -}} {{- end -}} {{/* Expands the name of the chart. */}} {{- define "chart.name" -}} {{- include "sanitize" .Chart.Name -}} {{- end -}} {{/* Expands a fully qualified name of the chart. */}} {{- define "chart.fullname" -}} {{- $chart := include "chart.name" . -}} {{- $release := include "sanitize" .Release.Name -}} {{- if contains $chart $release -}} {{- $release -}} {{- else -}} {{- include "sanitize" (cat $chart $release) -}} {{- end -}} {{- end -}} {{/* Expands selector labels of the chart. */}} {{- define "chart.selector" -}} app.kubernetes.io/name: {{ include "chart.name" . | quote }} app.kubernetes.io/instance: {{ include "chart.fullname" . | quote }} {{- end -}} {{/* Expands labels of the chart. */}} {{- define "chart.labels" -}} helm.sh/chart: {{ printf "%s-%s" (include "chart.name" .) .Chart.Version | quote }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end -}} {{- if .Values.repo }} {{- with .Values.repo }} app.kubernetes.io/repo-name: {{ .name | default "unknown" | quote }} app.kubernetes.io/repo-branch: {{ .branch | default "unknown" | quote }} app.kubernetes.io/repo-maintainer: {{ .maintainer | default "unknown" | replace " " "_" | quote }} app.kubernetes.io/repo-last-commit: {{ .lastCommitHash | default "unknown" | quote }} {{- end -}} {{- end -}} {{- if .Values.alerts.slackChannel }} app.kubernetes.io/slack-channel: {{ .Values.alerts.slackChannel }} {{- end -}} {{- end -}} {{/* Expand annotation labels of the chart. */}} {{- define "chart.annotations" -}} {{- with .Values.annotations }} annotations: {{ include "quote.object" . | indent 2 -}} {{- end -}} {{- end -}} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/chart/templates/_server.tpl ================================================ {{/* Expands the name of the server. */}} {{- define "server.name" -}} {{- if .Values.server.nameOverride }} {{- include "sanitize" .Values.server.nameOverride }} {{- else }} {{- include "sanitize" (cat (include "chart.fullname" .) "server" ) -}} {{- end }} {{- end -}} {{/* Expands selector labels of the server. */}} {{- define "server.selector" -}} {{ include "chart.selector" . }} app.kubernetes.io/component: "server" app: "{{ include "server.name" . }}" {{- end -}} {{/* Expand common labels of the server. */}} {{- define "server.labels" -}} {{ include "chart.labels" . }} {{ include "server.selector" . }} {{- end -}} {{/* Expand annotation labels of the server. */}} {{- define "server.annotations" -}} {{- $annotations := merge .Values.server.annotations .Values.annotations -}} {{- with $annotations }} {{ include "quote.object" -}} {{- end -}} {{- end -}} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/chart/templates/server-cm.yaml ================================================ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "server.name" . | quote }} labels: {{- include "server.labels" . | nindent 4 }} annotations: {{- include "server.annotations" . | nindent 4 }} data: {{- if .Values.server.envVars.logPrefix.audit }} AUDIT_LOG_PREFIX : {{ .Values.server.envVars.logPrefix.audit | quote }} {{- else if .Values.server.envVars.logPrefix.falco }} FALCO_LOG_PREFIX : {{ .Values.server.envVars.logPrefix.falco | quote }} {{- else if .Values.server.envVars.logPrefix.kyverno }} KYVERNO_LOG_PREFIX : {{ .Values.server.envVars.logPrefix.kyverno | quote }} {{- end }} CLOUD_ID : {{ .Values.server.envVars.yandex.cloud.id | quote }} CLUSTER_ID : {{ .Values.server.envVars.yandex.cluster.id | quote }} ELASTIC_AUTH_USER : {{ .Values.server.envVars.elastic.authUser | quote }} ELASTIC_SERVER : {{ .Values.server.envVars.elastic.server | quote }} ELK_PASS_ENCR : {{ .Values.server.envVars.elastic.passEncr | quote }} FOLDER_ID : {{ .Values.server.envVars.yandex.folder.id | quote }} KIBANA_SERVER : {{ .Values.server.envVars.elastic.kibanaServer | quote }} KMS_KEY_ID : {{ .Values.server.envVars.yandex.kms.key.id | quote }} S3_BUCKET : {{ .Values.server.envVars.yandex.s3.bucket.name | quote }} S3_KEY_ENCR : {{ .Values.server.envVars.yandex.s3.bucket.keyEncr | quote }} S3_SECRET_ENCR : {{ .Values.server.envVars.yandex.s3.bucket.secretEncr | quote }} SA_ID : {{ .Values.server.envVars.yandex.serviceAccount.id | quote }} SA_KEY_ID : {{ .Values.server.envVars.yandex.serviceAccount.authKey.id | quote }} SLEEP_TIME : {{ .Values.server.envVars.sleepTime | quote }} YMQ_URL : {{ .Values.server.envVars.yandex.messageQueue.url | quote }} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/chart/templates/server-deploy.yaml ================================================ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "server.name" . | quote }} labels: {{- include "server.labels" . | nindent 4 }} annotations: {{- if .Values.server.tracing.jaeger.enabled }} sidecar.jaegertracing.io/inject: "true" {{- end }} {{- include "server.annotations" . | nindent 4 }} spec: selector: matchLabels: {{- include "server.selector" . | nindent 6 }} replicas: {{ .Values.server.replicas }} template: metadata: labels: {{- include "server.labels" . | nindent 8 }} annotations: {{- include "server.annotations" . | nindent 8 }} spec: {{- if .Values.pullSecret }} imagePullSecrets: - name: {{ .Values.pullSecret }} {{- end }} containers: - name: server image: {{ .Values.server.image | quote }} imagePullPolicy: {{ .Values.pullPolicy | quote }} resources: {{- toYaml .Values.server.resources | nindent 12 }} env: - name: PYTHONUNBUFFERED value: "1" envFrom: - configMapRef: name: {{ include "server.name" . | quote }} - secretRef: name: {{ include "server.name" . | quote }} {{- if .Values.server.probes.readiness }} readinessProbe: {{- toYaml .Values.server.probes.readiness | nindent 12 }} {{- end }} {{- if .Values.server.probes.liveness }} livenessProbe: {{- toYaml .Values.server.probes.liveness | nindent 12 }} {{- end }} {{- if .Values.server.tracing.jaeger.enabled }} - name: jaeger-agent image: {{ .Values.jaeger.agent.image }} imagePullPolicy: {{ .Values.pullPolicy }} resources: {{- toYaml .Values.server.tracing.jaeger.resources | nindent 14 }} ports: - containerPort: 5775 name: zk-compact-trft protocol: UDP - containerPort: 5778 name: config-rest protocol: TCP - containerPort: 6831 name: jg-compact-trft protocol: UDP - containerPort: 6832 name: jg-binary-trft protocol: UDP - containerPort: 14271 name: admin-http protocol: TCP args: - --reporter.grpc.host-port={{ .Values.jaeger.collector.endpoint }} - --reporter.type=grpc {{- end }} {{- if .Values.server.nodeSelector }} nodeSelector: {{ toYaml .Values.server.nodeSelector | nindent 8 }} {{- end }} {{- if .Values.server.affinity }} affinity: {{ toYaml .Values.server.affinity | nindent 8 }} {{- else }} affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: app operator: In values: - {{ include "server.name" . | quote }} topologyKey: kubernetes.io/hostname {{- end }} {{- if .Values.server.tolerations }} tolerations: {{ toYaml .Values.server.tolerations | nindent 8 }} {{- end }} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/chart/templates/server-secret.yaml ================================================ apiVersion: v1 kind: Secret metadata: name: {{ include "server.name" . | quote }} labels: {{- include "server.labels" . | nindent 4 }} annotations: {{- include "server.annotations" . | nindent 4 }} type: Opaque stringData: KEY_PRIV_PEM : {{ .Values.server.envVars.yandex.serviceAccount.authKey.privPem | quote }} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/chart/values.yaml ================================================ # Image pull policy. Possible values: Always, Never, IfNotPresent. pullPolicy: IfNotPresent # Image pull secret name. pullSecret: "" # Alerts configuration. alerts: # Slack channel for alerts. slackChannel: "" # Jaeger configuration. jaeger: agent: image: jaegertracing/jaeger-agent:latest collector: endpoint: dns:///jaeger-collector.ke.internal:14250 # Server configuration. server: # override full name of server nameOverride: "" # Docker image of the server application. image: "" # The minimum number of replicas. replicas: "" envVars: logPrefix: audit: "" falco: "" kyverno: "" elastic: authUser: "" server: "" passEncr: "" kibanaServer: "" sleepTime: "" yandex: cloud: id: "" cluster: id: "" kms: key: id: "" folder: id: "" messageQueue: url: "" s3: bucket: name: "" keyEncr: "" secretEncr: "" serviceAccount: id: "" authKey: id: "" privPem: "" # The resources allocated for each replica, both requests and limits. resources: requests: memory: 512Mi cpu: 500m limits: memory: 1Gi cpu: 1 # Probes configuration. probes: readiness: {} # initialDelaySeconds: 10 # httpGet: # port: 8081 # path: "/readiness" liveness: {} # initialDelaySeconds: 10 # httpGet: # port: 8081 # path: "/healthz" # Tracing configuration. tracing: # Jaeger configuration. jaeger: # Inject Jaeger Agent sidecar? enabled: false # The resources allocated for each replica, both requests and limits. resources: requests: memory: 128Mi cpu: 100m limits: memory: 128Mi cpu: 100m # NodeSelector configuration of the validators. nodeSelector: { } # Deployment affinity configuration. If not set the default one will be used. affinity: { } # Tolerations of the validators pods. tolerations: [ ] # Annotations used in the server resources. annotations: { } # Annotations used in all application resources. annotations: { } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/function/Makefile ================================================ all: clean dependencies package clean: rm -rf dist/ dirs: mkdir -p dist/ dependencies: dirs docker run --rm \ -v $(shell pwd)/dist:/dist -v $(shell pwd):/app \ -w /app \ python:3.7-stretch \ pip3 install -r /app/requirements.txt --target /dist/ install-code: dirs cp main.py dist/main.py cp s3.py dist/s3.py package: dirs install-code rm -f dist.zip cd dist && zip --exclude '*.pyc' -r ../dist.zip ./* .PHONY: clean dirs dependencies install-code package all ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/function/main.py ================================================ import json import os import sys import uuid import boto3 import string import random from datetime import datetime def get_random_alphanumeric_string(length): letters_and_digits = string.ascii_letters + string.digits result_str = ''.join((random.choice(letters_and_digits) for i in range(length))) return result_str client = boto3.client( service_name='s3', endpoint_url='https://storage.yandexcloud.net', region_name='ru-central1' ) def handler(event, context): for log_data in event['messages']: full_log = [] for log_entry in log_data['details']['messages']: kubernetes_log = json.loads(log_entry['message']) full_log.append(json.dumps(kubernetes_log)) bucket_name = os.environ.get('BUCKET_NAME') # object_key = os.environ.get('LOG_PREFIX')+'/'+datetime.now().strftime('%Y-%m-%d-%H:%M:%S')+'-'+get_random_alphanumeric_string(5) object_key = 'AUDIT/'+os.environ.get('CLUSTER_ID')+'/'+datetime.now().strftime('%Y-%m-%d-%H:%M:%S')+'-'+get_random_alphanumeric_string(5) object_value = '\n'.join(full_log) client.put_object(Bucket=bucket_name, Key=object_key, Body=object_value, StorageClass='COLD') print(object_value) ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/function/requirements.txt ================================================ botocore boto3 ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/function/test.py ================================================ def test(a): pass ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/outputs.tf ================================================ output "service_account_id" { value = data.yandex_iam_service_account.bucket_sa.id sensitive = true } output "folder_id" { value = data.yandex_resourcemanager_folder.my_folder.id sensitive = true } output "log_bucket_name" { value = var.log_bucket_name sensitive = true } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/pusher/Makefile ================================================ all: clean dependencies package clean: rm -rf dist/ dirs: mkdir -p dist/ dependencies: dirs docker run --rm \ -v $(shell pwd)/dist:/dist -v $(shell pwd):/app \ -w /app \ python:3.7-stretch \ pip3 install -r /app/requirements.txt --target /dist/ install-code: dirs cp main.py dist/main.py cp s3.py dist/s3.py package: dirs install-code rm -f dist.zip cd dist && zip --exclude '*.pyc' -r ../dist.zip ./* .PHONY: clean dirs dependencies install-code package all ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/pusher/main.py ================================================ import boto3 import json import os client = boto3.client( service_name='sqs', endpoint_url='https://message-queue.api.cloud.yandex.net', region_name='ru-central1' ) s3_client = boto3.client( service_name='s3', endpoint_url='https://storage.yandexcloud.net', region_name='ru-central1', ) def handler(event, context): queue_url = os.environ.get('YMQ_URL') folder_id = os.environ.get('FOLDER_ID') cluster_id = os.environ.get('CLUSTER_ID') for message in event['messages']: if os.environ.get('AUDIT_LOG_PREFIX') is not None and message['details']['object_id'].startswith(os.environ.get('AUDIT_LOG_PREFIX')): log_type = 'AUDIT' elif os.environ.get('FALCO_LOG_PREFIX') is not None and message['details']['object_id'].startswith(os.environ.get('FALCO_LOG_PREFIX')): log_type = 'FALCO' elif os.environ.get('KYVERNO_LOG_PREFIX') is not None and message['details']['object_id'].startswith(os.environ.get('KYVERNO_LOG_PREFIX')): log_type = 'KYVERNO' else: log_type = 'UNKNOWN' metadata_list = message['details']['object_id'].split("/") data = { 'log_type': log_type, 'bucket_id': message['details']['bucket_id'], 'object_id': message['details']['object_id'], 'cloud_id': os.environ.get('CLOUD_ID'), 'folder_id': os.environ.get('FOLDER_ID'), 'cluster_id': os.environ.get('CLUSTER_ID'), 'cluster_url': "https://console.cloud.yandex.ru/folders/" + str(folder_id) + "/managed-kubernetes/cluster/" + str(cluster_id) } print(data) log_obj = s3_client.get_object(Bucket=message['details']['bucket_id'], Key=message['details']['object_id']) file_content = log_obj['Body'].read() print(file_content) client.send_message( QueueUrl=queue_url, MessageBody=json.dumps(data), MessageGroupId = "%s\%s" % (message['details']['bucket_id'],log_type) ) print('Successfully sent message to queue') ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/pusher/requirements.txt ================================================ botocore boto3 ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/pusher/test.py ================================================ def test(a): pass ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/templates/auditlog-worker-limits.yaml ================================================ resources: requests: memory: 512Mi cpu: 500m limits: memory: 1Gi cpu: 1 ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/templates/falco-base.yaml ================================================ image: registry: docker.io repository: falcosecurity/falco pullPolicy: IfNotPresent docker: enabled: true socket: /var/run/docker.sock containerd: enabled: true socket: /run/containerd/containerd.sock falco: jsonOutput: true jsonIncludeOutputProperty: true httpOutput: enabled: true url: http://falcosidekick:2801/ resources: requests: cpu: 100m memory: 256Mi limits: memory: 1Gi customRules: rules-cilium.yaml: |- # disabling cilium false positives - rule: Packet socket created in container desc: Detect new packet socket at the device driver (OSI Layer 2) level in a container. Packet socket could be used for ARP Spoofing and privilege escalation(CVE-2020-14386) by attacker. condition: evt.type=socket and evt.arg[0]=AF_PACKET and consider_packet_socket_communication and container and not proc.name in (user_known_packet_socket_binaries) and not container.image.repository=cr.yandex/crpsjg1coh47p81vh2lc/k8s-addons/cilium/cilium output: Packet socket was created in a container (user=%user.name user_loginuid=%user.loginuid command=%proc.cmdline socket_info=%evt.args container_id=%container.id container_name=%container.name image=%container.image.repository:%container.image.tag) priority: NOTICE tags: [network, mitre_discovery] ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/templates/falco-worker-limits.yaml ================================================ resources: requests: memory: 512Mi cpu: 500m limits: memory: 1Gi cpu: 1 ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/templates/falcosidekick-base.yaml ================================================ # enable falcosidekick deployment image: tag: 2.24.0 ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/templates/kubeconfig-template.yaml.tpl ================================================ apiVersion: v1 clusters: - cluster: certificate-authority-data: ${cluster_ca_certificate} server: ${endpoint} name: ${context} contexts: - context: cluster: ${context} user: ${context} name: ${context} current-context: ${context} kind: Config preferences: {} users: - name: ${context} user: token: ${token} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/templates/kyverno-base.yaml ================================================ resources: requests: cpu: 100m memory: 256Mi limits: memory: 1Gi ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/templates/kyverno-worker-limits.yaml ================================================ resources: requests: memory: 512Mi cpu: 500m limits: memory: 1Gi cpu: 1 ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/templates/policy-reporter-base.yaml ================================================ resources: requests: cpu: 100m memory: 256Mi limits: memory: 1Gi ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/templates/yc-mk8s.ca ================================================ LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1EWXhNREE0TlRBMU0xb1hEVE14TURZd09EQTROVEExTTFvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXNDCnhocFpIQTB0b096RVRFV05CbGJremljTUg0NTdhK0ltajExc1ZweHlRYnM1U1B6cXdkRUVTMVN3MHpxZnAvbTQKYi9LSDVmNVY4MEFBekdnY2RqUXBYREQ2VFYzeThDSmdzbTE0TjllZzQxWHF2MUZFOTV5U0tpeFhHQjlkbk01Kwp5N0V1SXY1Z1FoZTBCMWUvRmRtM0h1QWNUblJkbzdLdEV6bGI4c3luSVVVNnRZaUVYNVd2cFBsaDRlcHo1eHo4ClBFd2xyZWJsaDRNaE85OWE3bmswYXd5RGV5OFdmNkM0eXdadHUrUG5XNGw1UzVjTnF6Wi9pcWJnN0pmeFZVU3EKYTBzWHJoNzRPMDI3SStlQ3dOVGxCYU5lVUNJY3owYm9nQ3o3dkh6ZnNkODhIdXJ2RnphSTRURGtyMHd4dkNkdApRQVFUUDdPVmp1d2hISXpteE9FQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZOUTlmQWNBemowd2FHS3NXdFU5bWpkeDdXQXFNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFBR3V5cFFaMDM0RzQ4RHhtVzl1MFFFZ0pNNUlRVHYzUnZDNEFnenkxVnlkd0tVNG8zOApheHQrY2RGYWgrTFFoRVd3amErYzhCY1VzU0lGQVRaU2V2a3p6MkVOVVpwNlVHVmY4QjFKNjZEQU5nYXY4cks4ClN3VktSMHFuV2czSHVqZGlpcWZvK3dyQnRRUUk3VUxuU0p6R3RYTjNZMlZPT2tyR1YxVUZOV3NhUzE0aklLRG4KMlMwYmovbVBxN2FnK3M0T0FMb1ltcGRybjNSZGN5RGdJUTE3MkNQM0doZ1hkd2VUYkV4UmtsYzVvUUhOYkV5NAo2b1l3em1FK0tqdG5Kd3FKYTRmRVM3WkExd2dzRW9HQXkzaUx3TlNBdDFEN2RZWGI0RU1reDZ6UTA0d2RIWDNGCnNGWHRJdFY3NjdJSmVEV1BmQjNiMHNxYkpqSE9kZ1pmcnhmTwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/variables.tf ================================================ # Variables for Import # Initial variables variable "folder_id" { description = "The Yandex.Cloud folder id." type = string } variable "cloud_id" { description = "The Yandex.Cloud cloud id." type = string } variable "region_name" { description = "The Yandex.Cloud Cloud Region name." type = string default = "ru-central1" } variable "cluster_name" { description = "The Yandex.Cloud K8s cluster name." type = string } variable "service_account_id" { type = string description = "functions.invoker, storage.editor, ymq.editor" } # S3 Bucket Variables variable "log_bucket_name" { type = string } variable "s3_expiration" { type = map(string) default = { "enabled" = true "days" = 10 } description = "Enable or disable delete indicies backup from bucket after days" } # Yandex Message Queue Variables variable "timer_for_mq" { description = "Timer for add permission for create mq" type = string default = "10s" } # Elastic Server variable "elastic_pw" { type = string } variable "elastic_user" { type = string } variable "elastic_server" { type = string } # Common Variables for Chart variable "create_namespace" { description = "Create the namespace if it does not yet exists." type = bool } variable "value" { description = "Values for the chart." default = "" } variable "set" { type = map(any) default = {} description = "Additional values set" } variable "set_sensitive" { type = map(any) default = {} description = "Additional sensitive values set" } # Worker Settings variable "worker_docker_image" { type = string } # AUDIT LOG variable "auditlog_enabled" { type = bool } variable "auditlogs_prefix" { type = string } variable "auditlog_worker_chart_name" { description = "The name of the auditlog worker helm release" type = string } variable "auditlog_worker_namespace" { description = "The namespace in which the worker chart will be deployed." type = string } variable "auditlog_worker_replicas_count" { description = "Count of replicas for audit worker." type = number } # FALCO variable "falco_enabled" { type = bool } variable "falco_prefix" { type = string } variable "falco_worker_chart_name" { description = "The name of the falco worker helm release" type = string } variable "falco_worker_namespace" { description = "The namespace in which the worker chart will be deployed." type = string } variable "falco_worker_replicas_count" { description = "Count of replicas for falco worker." type = number } variable "falco_helm_namespace" { description = "The namespace in which the helm will be deployed." type = string } # KYVERNO variable "kyverno_enabled" { type = bool } variable "kyverno_prefix" { type = string } variable "kyverno_worker_chart_name" { description = "The name of the kyverno worker helm release" type = string } variable "kyverno_worker_namespace" { description = "The namespace in which the worker chart will be deployed." type = string } variable "kyverno_worker_replicas_count" { description = "Count of replicas for kyverno worker." type = number } variable "kyverno_helm_namespace" { description = "The namespace in which the helm will be deployed." type = string } # Variables for Export variable "fakeeventgenerator_enabled" { type = bool } variable "podSecurityStandard" { type = string default = "restricted" } variable "validationFailureAction" { type = string default = "audit" } # FALCO Helm variable "falco_version" { type = string } variable "falcosidekick_version" { type = string } # KYVERNO Helm variable "kyverno_version" { type = string } variable "kyverno_policies_version" { type = string } variable "policy_reporter_version" { type = string } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s/modules/versions.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = ">= 0.72.0" } kustomization = { source = "kbst/kustomization" version = ">= 0.5.0" } } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/README.md ================================================ ## Yandex.Cloud: Analyzing K8s security logs in ELK: audit logs, Policy Engine, Falco ![image](https://user-images.githubusercontent.com/85429798/137449451-eaa3a4ec-5a79-4fc5-8e7e-bd222c78b714.png) ![Dashboard](https://user-images.githubusercontent.com/85429798/130331405-26a909ae-0171-47b2-93a2-c656632d262c.png) 1 ![2](https://user-images.githubusercontent.com/85429798/133788762-75152c1a-ad93-4291-999d-7fc0739d2438.png) # Version **Version-2.0** - Changelog: - Added support for automatic Kyverno installation with policies in the audit mode. - Docker images: - `cr.yandex/crpjfmfou6gflobbfvfv/k8s-events-siem-worker:1.1.0`. # Table of contents - [Description](#description) - [Link to the solution "Collecting, monitoring, and analyzing audit logs in Yandex Managed Service for Elasticsearch (ELK)"](#link-to-solution-"Collecting-monitoring-and-analyzing-audit-logs-in-Yandex-Managed-Service-for-Elasticsearch-(ELK)") - [Generic diagram](#generic-diagram) - [Description of imported ELK (Security Content) objects](#description of-imported-ELK-(Security-Content)-objects) - [Terraform description](#terraform-description) - [Content update process](#content-update-process) - [Optional manual actions](#optional-manual-actions) ## Description Here are the out-of-the-box features of the solution: ☑️ Collect [K8s audit logs](https://kubernetes.io/docs/tasks/debug-application-cluster/audit/) in [Managed ELK SIEM](https://cloud.yandex.ru/docs/managed-elasticsearch/). - ☑️ Install [Falco](https://falco.org/) and collect its [Alerts](https://falco.org/docs/alerts/) in [Managed ELK SIEM](https://cloud.yandex.ru/docs/managed-elasticsearch/). - ☑️ Install [Kyverno](https://kyverno.io/) with the [Pod Security Standards (Restricted)](https://kyverno.io/policies/?policytypes=Pod%2520Security%2520Standards%2520%28Restricted%29) policies in the audit mode and collect its [Alerts (Policy Reports)](https://kyverno.io/docs/policy-reports/) using [Policy Reporter](https://github.com/kyverno/policy-reporter). - ☑️ Import Security Content: dashboards, detection rules, and so on (see the Security Content section) in [Managed ELK SIEM](https://cloud.yandex.ru/docs/managed-elasticsearch/) to enable analysis and response to information security events. - ☑️ This also includes importing Security Content for [OPA Gatekeeper](https://open-policy-agent.github.io/gatekeeper/website/docs/) (in the enforce mode). You can install OPA Gatekeeper manually if needed. - ☑️ Create indexes in two replicas, set up the basic rollover policy (creating of new indexes every thirty days or when 50 GB are reached) to enable provisioning of high data availability and to set up data snapshots in S3, see [recommendations](../export-auditlogs-to-ELK_main/CONFIGURE-HA.md). ## Link to the solution "Collecting, monitoring, and analyzing audit logs in Yandex Managed Service for Elasticsearch (ELK)" The solution ["Collecting, monitoring, and analyzing audit logs in Yandex Managed Service for Elasticsearch (ELK)"](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-ELK_main) contains information on how to install Yandex Managed Service for Elasticsearch (ELK) and collect logs from Audit Trails in it. ## Generic diagram ![image](https://user-images.githubusercontent.com/85429798/137740249-a9b09aaf-13f3-4022-83fe-5ba45f6c8418.png) ## Description of imported ELK (Security Content) object See a detailed description of the objects [here](https://github.com/yandex-cloud/yc-solution-library-for-security/blob/master/auditlogs/export-auditlogs-to-ELK_main/papers/Описание%20объектов.pdf). ## Terraform description The solution consists of two Terraform modules: 1) [security-events-to-storage-exporter](./security-events-to-storage-exporter) exports logs to S3. - It accepts the following input: - `folder_id`: The ID of the folder where the cluster is hosted. - `cluster_name`: The name of the Kubernetes cluster. - `log_bucket_service_account_id`: The ID of the service account that can write to the bucket and has the *ymq.admin* role. - `log_bucket_name`: The name of the bucket to save logs to. - `function_service_account_id`: The ID of the service account that will run the function (optional). If omitted, `log_bucket_service_account_id` is used. - Functionality: - Create a static key for the service account. - Create a function and a trigger for writing cluster logs to S3. - Install Falco and pre-configured falcosidekick that will send logs to S3. - Install Kyverno and pre-configured [Policy Reporter](https://github.com/kyverno/policy-reporter) that will send logs to S3. 2) [security-events-to-siem-importer](./security-events-to-siem-importer) imports logs into ELK. - It accepts the following input: - Several parameters from the module (`security-events-to-storage-exporter`) module. - `auditlog_enabled`: *true* or *false* (enables/disables sending of K8s audit logs to ELK). - 'falco_enabled`: *true* or *false* (enables/disables sending of Falco alerts to ELK). - 'kyverno_enabled`: *true* or *false* — (enables/disables sending of Kyverno alerts to ELK). - The FQDN address of the ELK installation. - The ID of the subnet where the VM instance with the importer container is being created. - The ELK user credentials for event import. - Functionality: - Create YMQ queues with log file names in S3. - Create functions to push file names from S3 to YMQ. - Create triggers for interaction between queues and functions. - Generate and write SSH keys to a file and to a VM. - Create VM instances based on COI ([Container Optimized Image](https://cloud.yandex.ru/docs/cos/concepts/)) with worker containers that import events from S3 to ELK. #### Prerequisites: - :white_check_mark: Cluster Managed K8s. - :white_check_mark: Managed ELK. - :white_check_mark: A service account that can write to the bucket and has the *ymq.admin* role. - :white_check_mark: Object Storage Bucket. - :white_check_mark: A subnet for deploying a VM with NAT enabled. #### Example of calling modules: See the example of calling modules in /example/main.tf ```Python //Calling the security-events-to-storage-exporter module module "security-events-to-storage-exporter" { source = "../security-events-to-storage-exporter/" # path to the module folder_id = "xxxxxx" // The folder ID of the K8s cluster yc managed-kubernetes cluster get --id --format=json | jq .folder_id cluster_name = "k8s-cluster" // The name of the cluster log_bucket_service_account_id = "xxxxxx" // The ID of the Service Account (it must have the roles: ymq.admin and "write to bucket") log_bucket_name = "k8s-bucket" // You can use the value from the deploy config # function_service_account_id = "xx" // An optional ID of the service account that calls functions. If not set, the function is called on behalf of log_bucket_service_account_id } //Calling the security-events-to-siem-importer module module "security-events-to-siem-importer" { source = "../security-events-to-siem-importer/" # path to the module folder_id = module.security-events-to-storage-exporter.folder_id service_account_id = module.security-events-to-storage-exporter.service_account_id auditlog_enabled = true // Send K8s auditlog to ELK falco_enabled = true // Install Falco and send its alerts to ELK kyverno_enabled = true // Install Kyverno and send its alerts to ELK log_bucket_name = module.security-events-to-storage-exporter.log_bucket_name elastic_server = "https://c-xxx.rw.mdb.yandexcloud.net " // The ELK URL "https://c-xxx.rw.mdb.yandexcloud.net" (you can use the value from the module.yc-managed-elk.elk_fqdn module) coi_subnet_id = "xxxxxx" // The ID of the subnet where the VM with the container will be deployed (be sure to enable NAT) elastic_pw = var.elk_pw // Run the command: export TF_VAR_elk_pw= (replace ELK PASS with your value) // The password for the ELK account (you may use the value from the module.yc-managed-elk.elk-pass module) elastic_user = "admin" // The name of the ELK account } ``` ## Content update process We recommend subscribing to this repository to receive update notifications. To get the latest content version, do the following: - Keep the sync container up-to-date. - Keep the Security content imported to Elasticsearch in the updated state. For content updates, make sure that you are running the latest available image version: `cr.yandex/crpjfmfou6gflobbfvfv/k8s-events-siem-worker:latest` You can update the container as follows: - You can re-create the deployed COI Instance with the container via Terraform (delete the COI Instance, run `terraform apply`). - You can stop and delete the `falco-worker-*`, `kyverno-worker-*`, `audit-worker-*` containers, delete the `k8s-events-siem-worker` image, and restart the COI Instance. When it starts, a new image is downloaded and new containers are created. You can update the Security content in Kibana (dashboards, detection rules, searches) by launching the `elk-updater` container: ``` docker run -it --rm -e ELASTIC_AUTH_USER='admin' -e ELASTIC_AUTH_PW='password' -e KIBANA_SERVER='https://xxx.rw.mdb.yandexcloud.net' --name elk-updater cr.yandex/crpjfmfou6gflobbfvfv/elk-updater:latest ``` ## Optional manual actions #### Installing OPA Gatekeeper (Helm) If you prefer OPA Gatekeeper to Kyverno, set the value `kyverno_enabled` to *false* when calling the module, then run the manual installation: - Install OPA Gatekeeper [using Helm](https://open-policy-agent.github.io/gatekeeper/website/docs/install/#deploying-via-helm). - Select and install the required constraint template and constraint from [gatekeeper-library](https://github.com/open-policy-agent/gatekeeper-library/tree/master/library/pod-security-policy). - [Installation example](https://github.com/open-policy-agent/gatekeeper-library#usage). ## Recommendations for setting up retention, rollover, and snapshots: [Recommendations for setting up retention, rollover, and snapshots](../export-auditlogs-to-ELK_main/CONFIGURE-HA.md) ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/README_RU.md ================================================ ## Yandex Cloud: Анализ логов безопасности k8s в ELK: аудит-логи, policy engine, falco  ![image](https://user-images.githubusercontent.com/85429798/137449451-eaa3a4ec-5a79-4fc5-8e7e-bd222c78b714.png) ![Дашборд](https://user-images.githubusercontent.com/85429798/130331405-26a909ae-0171-47b2-93a2-c656632d262c.png) 1 ![2](https://user-images.githubusercontent.com/85429798/133788762-75152c1a-ad93-4291-999d-7fc0739d2438.png) # Version **Version-2.0** - Changelog: - добавлена поддержка авто-установки kyverno с политиками в режиме audit - Docker images: - `cr.yandex/sol/k8s-events-siem-worker:1.1.0` # Оглавление - [Описание](#описание) - [Связь с решением "Сбор, мониторинг и анализ аудит логов в Yandex Managed Service for Elasticsearch (ELK)"](#связь-с-решением-"Сбор-мониторинг-и-анализ-аудит-логов-в-Yandex-Managed-Service-for-Elasticsearch-(ELK)") - [Общая схема](#общая-схема) - [Описание импортируемых объектов ELK (Security Content)](#описание-импортируемых-объектов-ELK-(Security-Content)) - [Описание terraform](#описание-terraform) - [Процесс обновления контента](#процесс-обновления-контента) - [Опционально ручные действие](#опционально-ручные-действие) ## Описание Решение из "коробки" выполняет следующее: - ☑️ собирает [k8s AUDIT-LOGS](https://kubernetes.io/docs/tasks/debug-application-cluster/audit/) в [Managed ELK SIEM](https://cloud.yandex.ru/docs/managed-elasticsearch/) - ☑️ устанавливает [FALCO](https://falco.org/) и собирает его [ALERTS](https://falco.org/docs/alerts/) в [Managed ELK SIEM](https://cloud.yandex.ru/docs/managed-elasticsearch/) - ☑️ устанавливает [Kyverno](https://kyverno.io/) c политиками категории [Pod Security Standards (Restricted)](https://kyverno.io/policies/?policytypes=Pod%2520Security%2520Standards%2520%28Restricted%29) в режиме audit и собирает его [ALERTS (PolicyReports)](https://kyverno.io/docs/policy-reports/) (при помощи [Policy Reporter](https://github.com/kyverno/policy-reporter)) - ☑️ импортирует Security Content (dashboards, detection rules и др.)(см. в секции Security Content) в [Managed ELK SIEM](https://cloud.yandex.ru/docs/managed-elasticsearch/) для анализа и реагирования на события ИБ. - ✔️ *В том числе импортирует Security Content для [OPA Gatekeeper](https://open-policy-agent.github.io/gatekeeper/website/docs/) (в режиме enforce). (сам OPA Gatekeeper может быть установлен вручную дополнительно) - ☑️ Создает индексы в двух репликах, настраивает базовую политику rollover (создания новых индексов каждые тридцать дней или по достижению 50ГБ), для дальнейшей настройки в части высокой доступности данных и для настройки снимков данных в S3 - см. [рекомендации](../export-auditlogs-to-ELK_main/CONFIGURE-HA.md). ## Связь с решением "Сбор, мониторинг и анализ аудит логов в Yandex Managed Service for Elasticsearch (ELK)" Решение ["Сбор, мониторинг и анализ аудит логов в Yandex Managed Service for Elasticsearch (ELK)"](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-ELK_main) содержит информацию о том, как установить Yandex Managed Service for Elasticsearch (ELK) и собирать в него логи Audit Trails ## Общая схема ![image](https://user-images.githubusercontent.com/85429798/137740249-a9b09aaf-13f3-4022-83fe-5ba45f6c8418.png) ## Описание импортируемых объектов ELK (Security Content) Подробное описание объектов по [ссылке](https://github.com/yandex-cloud/yc-solution-library-for-security/blob/master/auditlogs/export-auditlogs-to-ELK_main/papers/Описание%20объектов.pdf) ## Описание terraform Решение состоит из 2-х модулей Terraform: 1) [security-events-to-storage-exporter](./security-events-to-storage-exporter) (экспортирует логи в s3) - Принимает на вход: - `folder_id` - id каталога, в котором расположен кластер - `cluster_name` - имя кластера Kubernetes - `log_bucket_service_account_id` - id сервисного аккаунта, который может писать в бакет и имеет роль *ymq.admin* - `log_bucket_name` - имя бакета, куда нужно сохранять логи - `function_service_account_id` - (опционально) id сервисного аккаунта, который будет запускать фукнцию, если не указан, то используется `log_bucket_service_account_id` - Выполняет: - создание статического ключа для сервисного аккаунта - создание функции и тригера для записи логов кластера в s3 - установку falco и настроенного falcosidekick, который отправит логи в s3 - установку Kyverno и настроенного [Policy Reporter](https://github.com/kyverno/policy-reporter), который отправит логи в s3 2) [security-events-to-siem-importer](./security-events-to-siem-importer) (импортирует логи в ELK) - Принимает на вход: - ряд параметров из модуля (`security-events-to-storage-exporter`) - `auditlog_enabled` - *true* или *false* (отправлять ли аудит логи k8s в ELK) - `falco_enabled` - *true* или *false* (отправлять ли алерты falco в ELK) - `kyverno_enabled` - *true* или *false* (отправлять ли алерты kyverno в ELK) - адрес FQDN инсталляции ELK - id подсети, в которой создается ВМ с контейнером импортера - credentials ELK пользователя для импорта событий - Выполняет: - создание YMQ очередей с именами файлов логов в S3 - создание функций для push имен файлов из S3 в YMQ - создание тригеров для взаимодействия очередей и функций - генерацию и запись в файл и на ВМ ключей SSH - создание ВМ на базе COI ([container optimised image](https://cloud.yandex.ru/docs/cos/concepts/)) с контейнерами workers, которые импортируют событий из s3 в ELK #### Пререквизиты - :white_check_mark: Cluster Managed k8s - :white_check_mark: Managed ELK - :white_check_mark: Сервисный аккаунт, который может писать в бакет и имеет роль *ymq.admin* - :white_check_mark: Object Storage Bucket - :white_check_mark: Subnet для развертывания ВМ с включенным NAT #### Пример вызова модулей: См. Пример вызова модулей в /example/main.tf ```Python //Вызов модуля security-events-to-storage-exporter module "security-events-to-storage-exporter" { source = "../security-events-to-storage-exporter/" # путь до модуля folder_id = "xxxxxx" // folder-id кластера k8s yc managed-kubernetes cluster get --id --format=json | jq .folder_id cluster_name = "k8s-cluster" // имя кластера log_bucket_service_account_id = "xxxxxx" // id sa (должен обладать ролями: ymq.admin, write to bucket) log_bucket_name = "k8s-bucket" // можно подставить из конфига развертывания # function_service_account_id = "чч" // опциоанальный id сервисного аккаунта который вызывает функции - если не выставлен то функция вызывается от имени log_bucket_service_account_id } //Вызов модуля security-events-to-siem-importer module "security-events-to-siem-importer" { source = "../security-events-to-siem-importer/" # путь до модуля folder_id = module.security-events-to-storage-exporter.folder_id service_account_id = module.security-events-to-storage-exporter.service_account_id auditlog_enabled = true //отправлять k8s auditlog в elk falco_enabled = true // установить falco и отправлять его алерты в elk kyverno_enabled = true // установить kyverno и отправлять его алерты в elk log_bucket_name = module.security-events-to-storage-exporter.log_bucket_name elastic_server = "https://c-xxx.rw.mdb.yandexcloud.net" // url ELK "https://c-xxx.rw.mdb.yandexcloud.net" (можно подставить из модуля module.yc-managed-elk.elk_fqdn) coi_subnet_id = "xxxxxx" // subnet id в которой будет развернута ВМ с контейнером (обязательно включить NAT) elastic_pw = var.elk_pw // выполнить команду: export TF_VAR_elk_pw= (заменить ELK PASS на ваше значение) // пароль учетной записи ELK (можно подставить из модуля module.yc-managed-elk.elk-pass) elastic_user = "admin" // имя учетной записи ELK } ``` ## Процесс обновления контента Рекомендуем подписаться на данный репозиторий для получения уведомлений об обновлениях. Для того, чтобы использовать самую актуальную версию контента, необходимо - Поддерживать в актуальной версии контейнер, выполняющий синхронизацию - Поддерживать в актуальном состоянии Security контент, который импортируется в ElasticSearch В части обновления контента, необходимо убедиться, что вы используете последнюю доступную версию образа: `cr.yandex/sol/k8s-events-siem-worker:latest` Обновление контейнера можно выполнить следующим образом: - Можно пересоздать развернутый COI Instance с контейнером через Terraform (удалить COI Instance, выполнить `terraform apply`) - Можно остановить и удалить контейнеры (`falco-worker-*`, `kyverno-worker-*`, `audit-worker-*`), удалить образ `k8s-events-siem-worker`, перезапустить COI Instance — после запуска будет скачан новый образ и созданы новые контейнеры Обновление Security контента в Kibana (dashboards, detection rules, searches) — можно выполнить через запуск контейнера `elk-updater`: ``` docker run -it --rm -e ELASTIC_AUTH_USER='admin' -e ELASTIC_AUTH_PW='password' -e KIBANA_SERVER='https://xxx.rw.mdb.yandexcloud.net' --name elk-updater cr.yandex/sol/elk-updater:latest ``` ## Опционально ручные действие #### Установка OPA Gatekeeper (helm) В случае, если вы предпочитаете OPA Gatekeeper вместо Kyverno то выставите значение `kyverno_enabled` - *false* при вызове модуля и выполните установку вручную - Установите OPA Gatekeeper [с помощью helm](https://open-policy-agent.github.io/gatekeeper/website/docs/install/#deploying-via-helm) - Выберите и установить необходимые constraint template и constraint из [gatekeeper-library](https://github.com/open-policy-agent/gatekeeper-library/tree/master/library/pod-security-policy) - [Пример установки](https://github.com/open-policy-agent/gatekeeper-library#usage) ## Рекомендации по настройке retention, rollover и snapshots: [Рекомендации по настройке retention, rollover и snapshots](../export-auditlogs-to-ELK_main/CONFIGURE-HA.md) ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/example/README.md ================================================ ## Terraform test script Prerequisites: - ✅ Cluster Managed K8s. - ✅ Managed ELK. - ✅ A service account that can write to the bucket and has the *ymq.admin* role. - ✅ Object Storage Bucket. - ✅ A subnet for deploying a VM with NAT enabled. ## 1) Fill out the fields in the main.tf file. 2) Run: ``` terraform init terraform apply ``` ``` Example of calling modules: //Calling the security-events-to-storage-exporter module module "security-events-to-storage-exporter" { source = "../security-events-to-storage-exporter/" # path to the module folder_id = "xxxxxx" // The folder ID of the K8s cluster (yc managed-kubernetes cluster get --id --format=json | jq .folder_id) cluster_name = "k8s-cluster" // The name of the cluster log_bucket_service_account_id = "xxxxxx" // The ID of the Service Account (it must have the roles ymq.admin and "write to bucket") log_bucket_name = "k8s-bucket" // You can use the value from the deploy config # function_service_account_id = "hh" // An optional ID of the service account that calls the functions (if omitted, the function is called on behalf of log_bucket_service_account_id) } //Calling the security-events-to-siem-importer module module "security-events-to-siem-importer" { source = "../security-events-to-siem-importer/" # path to the module folder_id = module.security-events-to-storage-exporter.folder_id service_account_id = module.security-events-to-storage-exporter.service_account_id auditlog_enabled = true // Send K8s auditlog to ELK falco_enabled = true // Install Falco and send its alerts to ELK kyverno_enabled = true // Install Kyverno and send its alerts to ELK log_bucket_name = module.security-events-to-storage-exporter.log_bucket_name elastic_server = "https://c-xxx.rw.mdb.yandexcloud.net " // The ELK URL https://c-xxx.rw.mdb.yandexcloud.net (you can use the value from the module.yc-managed-elk.elk_fqdn module) coi_subnet_id = "xxxxxx" // The ID of the subnet where the VM with the container will be deployed (be sure to enable NAT) elastic_pw = var.elk_pw // Run the command: export TF_VAR_elk_pw= (replace ELK PASS with your value) // The password for the ELK account (you may use the value from the module.yc-managed-elk.elk-pass module) elastic_user = "admin" // The name of the ELK account } ``` ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/example/README_RU.md ================================================ ## Тестовый скрипт terraform Пререквизиты - ✅ Cluster Managed k8s - ✅ Managed ELK - ✅ Сервисный аккаунт, который может писать в бакет и имеет роль ymq.admin - ✅ Object Storage Bucket - ✅ Subnet для развертывания ВМ с включенным NAT ## 1) Заполните поля файла main.tf 2) Запустите: ``` terraform init terraform apply ``` ``` Пример вызова модулей: //Вызов модуля security-events-to-storage-exporter module "security-events-to-storage-exporter" { source = "../security-events-to-storage-exporter/" # путь до модуля folder_id = "xxxxxx" // folder-id кластера k8s yc managed-kubernetes cluster get --id --format=json | jq .folder_id cluster_name = "k8s-cluster" // имя кластера log_bucket_service_account_id = "xxxxxx" // id sa (должен обладать ролями: ymq.admin, write to bucket) log_bucket_name = "k8s-bucket" // можно подставить из конфига развертывания # function_service_account_id = "чч" // опциоанальный id сервисного аккаунта который вызывает функции - если не выставлен то функция вызывается от имени log_bucket_service_account_id } //Вызов модуля security-events-to-siem-importer module "security-events-to-siem-importer" { source = "../security-events-to-siem-importer/" # путь до модуля folder_id = module.security-events-to-storage-exporter.folder_id service_account_id = module.security-events-to-storage-exporter.service_account_id auditlog_enabled = true //отправлять k8s auditlog в elk falco_enabled = true // установить falco и отправлять его алерты в elk kyverno_enabled = true // установить kyverno и отправлять его алерты в elk log_bucket_name = module.security-events-to-storage-exporter.log_bucket_name elastic_server = "https://c-xxx.rw.mdb.yandexcloud.net" // url ELK "https://c-xxx.rw.mdb.yandexcloud.net" (можно подставить из модуля module.yc-managed-elk.elk_fqdn) coi_subnet_id = "xxxxxx" // subnet id в которой будет развернута ВМ с контейнером (обязательно включить NAT) elastic_pw = var.elk_pw // выполнить команду: export TF_VAR_elk_pw= (заменить ELK PASS на ваше значение) // пароль учетной записи ELK (можно подставить из модуля module.yc-managed-elk.elk-pass) elastic_user = "admin" // имя учетной записи ELK } ``` ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/example/main.tf ================================================ //Вызов модуля security-events-to-storage-exporter module "security-events-to-storage-exporter" { source = "../security-events-to-storage-exporter/" # путь до модуля folder_id = "xxxxxx" // folder-id кластера k8s yc managed-kubernetes cluster get --id --format=json | jq .folder_id cluster_name = "k8s-cluster" // имя кластера log_bucket_service_account_id = "xxxxxx" // id sa (должен обладать ролями: ymq.admin, write to bucket) log_bucket_name = "k8s-bucket" // можно подставить из конфига развертывания # function_service_account_id = "чч" // опциоанальный id сервисного аккаунта который вызывает функции - если не выставлен то функция вызывается от имени log_bucket_service_account_id } //Вызов модуля security-events-to-siem-importer module "security-events-to-siem-importer" { source = "../security-events-to-siem-importer/" # путь до модуля folder_id = module.security-events-to-storage-exporter.folder_id service_account_id = module.security-events-to-storage-exporter.service_account_id auditlog_enabled = true //отправлять k8s auditlog в elk falco_enabled = true // установить falco и отправлять его алерты в elk kyverno_enabled = true // установить kyverno и отправлять его алерты в elk log_bucket_name = module.security-events-to-storage-exporter.log_bucket_name elastic_server = "https://c-xxx.rw.mdb.yandexcloud.net" // url ELK "https://c-xxx.rw.mdb.yandexcloud.net" (можно подставить из модуля module.yc-managed-elk.elk_fqdn) coi_subnet_id = "xxxxxx" // subnet id в которой будет развернута ВМ с контейнером (обязательно включить NAT) elastic_pw = "P@ssw0rd!" // пароль учетной записи ELK (можно подставить из модуля module.yc-managed-elk.elk-pass) elastic_user = "admin" // имя учетной записи ELK } variable "elk_pw" { } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/example/provider.tf ================================================ terraform { required_providers { yandex = { source = "yandex-cloud/yandex" } } } provider "yandex" { service_account_key_file = "./key.json" # or you can use: token = var.token for user account not sa cloud_id = "xxxxxx" folder_id = "xxxxxx" } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/images/Logo-scheme.drawio ================================================ 7LzXjuVKkx38NOdyBvTmkt57s80dvfeeTy9mdZ/PnX9+jKARIAlT6OrNnSST6WLFWhHJ+gPlulOao7E0hjRr/0Cg9PwD5f9AEBjF4ecDlFy/SmgY+1VQzFX6+6K/F3jVnf0uhH6XblWaLf904ToM7VqN/1yYDH2fJes/lUXzPBz/fFk+tP/81DEqsr8UeEnU/rX0VaVr+bsUJui/n5Czqih/P5pCyF8nuujPi3/3ZCmjdDj+oQgV/kC5eRjWX0fdyWUtGLw/x+XXfeJ/cPZvDZuzfv3P3ODuXv5vbL6SzUeoF/7fot3C/u13LXvUbr87/In6NDufMiPqn76lz5GXzXuVZH+ABxB/IOgzNyibD/MfHPIHA2lbnM19tj6zBL4Lv3u7Xn8O4dPxERxW3c9Ys3s2r9UzwnoUZ609LNVaDf1zPh7Wdej+4QKmrQpwYh3Gp/TndmYZf80yaEL055e8Op+G/r7k+Z5Ga/QHyvz6iojLXvyBsGf3jAZnyybyvVgsfp1bckNVJLtQwg+7jqZoeuGoceF70iW7UTOHwdF32iWVIqfjV3YH21Nus1KKSArHL1JCf35Pu7ZNIXXPeKgyOOZQeAP5+a3YLnqdi+2pW4zgrVJjnYKWpXWfx+ftDork0EoDnRbH3GZjXOaF4SYvnH+7n1dQvW4gwxcK4/4Uhl/y4NPisMP0C8y8mH+4h3nOF4UhGJheM7DFF+hPGcf883dQB/eP9xWbwQeYxSe/n/HUcX+jv7ddqU1fwYzmKykV9YyjWpnYx1+oRBKhiGObp3em4Rub5Tfw02LE55unRuawQE1+s5m3gfm8cOh1ghkVcxoehht1aoAnPT2BTN80jDrYjFrAlKdFT48vSzgus8Lwp84/68B9Xrmenhym97S+KU7jAufDyPeV67kP1msBN5vjNK8/71M2i2+e+wTob+fbz2Vw2PmUPc8C9TmHERzX066f8rD+87rRfFbA81zQhwDUg3i88tMHEzrAjIHnQJbfGuD80/bfzyhwMyhO08Mu4+dcAsYFf85Beq3gFngWh6E/93sYZvn/ONIqGkkt9PWU3a4+dSYJpP1rBT6j/mNx/fobIBGw/P8KAH9a82M/2fkPRb8BQcqGLlvn67nk91nqNzb9Bmf0T9Q9/g51NPGrqPwHkPuzLPoNrsXfKv47/jwHvyHofwKOkL/A0f86mrTgBBslTTEPW59yQ/sgF6gKzX9+/kPA+f+Gl39CoD8Bp1xX4I8Y0HtEnKPj34tqLbd4W7L58UzrM0P/njytQcQ8apNhyZJtrtZnvMSntNv6X8ddtKzZ/By0QzE8H+P81D9f/wa+/vvYF/81c46Q/zrp9L+TCP33H+IvawAmoL8uAgL99z+d4H/5OkD/L10H/+J4wJwhXBWylntAmlQMzPNjekEpBMVzBH4ZheGYz/PJQ5npE6CElU3OCx2FYwolZ8qmAoVMe3hiez8HunAwDHcaLKNOifRzQwu5YQkFCN2lclomXcA8zgzVu3aLULP+vNlW7+jri++bzT5tYJ3eC1w2lKuETOE8NmEYrMT8fKaTTcltgzsynVl8gqWnwF+fOW+RHGHUKmZWdzCedcwyhtq9isTwJWEShH0kM4c3q1DinVoIVKUW1IJBcMVsIrQQvu1VFOe7HKSIXLbkdc42SemSraKxtNtPbRmRgGeb55nOfgJj7xIl8qdNXxLJhYXpn3OzJCLpK62nW0KmcSK013XZ0+gKp1hKtRA/AFxG8HZzdHOKp85pndIp11AeUxA+t8cVqh13HyO2ngI4RVgDedGUIE6kQzOPG+oO3Hif1v0MiVS5S40t8/G0AAJGO01v6XDnMzetwMWpr4wiOBmIh5JLJu+pFUX5sUKGEDkdMFmV7oyUJH9su7u3/cOHRDl2o9R6DvZZjeDcWHVIRqoP40lovW996/smmmIolsQnGY3PdawJN3VaXKluJwA0UnT4mms9cBBXqOekfxfbN+FMebpB6FK1R31jzGq3CzqdWfVTSn7CZUwQxCrgw2GI9DiMN6yqYBytSp8Q0oMTRpiXibTNtsvf+nurSa93PAiNGYJ7mzMEgXmBOrzAHsbO2k/zWWlbNQO0p/fzzUbNGRGtov0erPIJt/VO/OeaKYPcJMzjF1kxcFo9Jd8FHW7yaBzmwxWKiFKURGTSt8u6VNij96rnnmif91MvSburDoOjMjNXHhM3oWCMVV1seAnuk4ifM6IeblG/6M9hZEqIH1y7dXUqHIUCAu/FizytgzFmCYHNJu3Vkj4pK03aqIq/SNSlCDHDeaqw46c3D3P+7E89AV3qDySJ9Jw5MejCCh1Jp08o6b4dPcS4D8euudRPFvEOTnrPnBwM5JiSCGnXl/uUMM5qMjx7mNtPI1t1xFtCrVQJWW/GqZtXv6AzanqWjJQYx1GtzjBXEMcBMkadXSpgVDkkHR+u9FQt62+i+HSsUjAfzV768TEAsfDf5FDsQUxDNP14CRZyF5UJdMesMZIc8ej1zR5Cq3cjyR3WcFqyVb21L3cUp6Ye7EdioDu9Uyxj7ZV2P0a8YVmVquzweVDlEm7X3GvaBX6nhDYiWFE5bCli9fuePJEzuGMHecCc7RmxUEzf23wDLE0LgAGeUQb/gtfscBaWkZ9G14+CEONP3wiGet+BVBxcQSJoYj7FaFjJI47cq4JR81PAXtEe94twqwkz2BScEGTtN8+F4dgTKOlAx/vQmL1NqrgrSYbsAw1M1WEbLUlxg/ZcCUza0o1r+t5EDXqwBecOv9WKkC3SLI78qV/pObpnrHLuE3Ipe/4AhpZq77c/bfNXPuRDYezHs+avaa0zJ7iQc9og02AprrDx19WFq39xfbCod01iHahJzYY2flHFFHfYakHqz7U6/lIufMsOUxUTCsDauDCDSZnrjTArf6OEtHCFTKDPHawqBgJjwyZj8rs4J3ShuZMutSSzXPKD8kzJOM+H0wBvoTjC89GoD4Ar3nPkCI+LYBjvsZGfUkbhBPb5UDnnn28VSuW5h3EK5fetf6nwn279qVBgOeCffm79S4X/3Zb/bsv/BW2p5jQfmPiNn18k6414qtp5GCP9wTh2aKFYeAme4S6+V4l18OAM87hEQnJl+WEOk/JIsGsSPDp+4RqTz7GUA1/MbvJDTtm7K9CkZfhP2ulY993SrXYV1F28EH0PCcOWzpo62IuzshifL4K36+GidpoxFkQR8b/wBbgCbTpeDClNQX5/3B2GIWLz9h/sTU4OtTKKQfi/soWSYgiFVKVZrAnJw38ECNvPbpX3CZT38sHB7QLJY0fsQp6Ktfu+pWfoetVWpV3W14cuWGQUGj3oW4qyGfPm+dN22j4qSMAv5ogCDo1gpIdnmuX7iy/rTeAxvUR4vjXgiWdfjGPS7TQqoIwg5wc7vD4wPH57kiJi2kUwGr4omrgNBkHGVd2/dvx5qlY2ioQdh2P0aTvzBImg7w8BDRbuewaM+fgQdqmQtBv7VILFvVsPjCE0BTAqG7ApWIL2N+CPIobT8EFRRvEXrvAay5UROBTmKtIdojea+8LU65WvJyTwtRQTaxts+cNDO9hPxdsHD5WnClPUbdAGvq5f8pTkpzLJh8ilp8ds2O/8aDD+afaM1ur5sebMoNEqgCkOsWsPllNt+lCAWXAFM7DpNMUJbZEkBQVPGYFyiXQYXxqCqelOj1nwZQ9+BYzDJ2kF4T2d4bNb4DTNGnl2tMWLgM0oG2osY+zHV2xRclt2ecH5doB2DZR42IRKuDTWnBQjsfWPUwX8mV3xn4GqSmWtsBh9SEL2zWqs0rM50BiruoQhIVVqbGXyYiAltxj+WVwmWmIMxRTEW6rWXqQDe8ftHfC/D28KCGCDsARYpuyRI3dwPGHUVUD8hCl+1p8Ha8insntGGtTY6jO54J+ror15jMyM/V8quc4vioXt8rleQw2mULGBiuk6dx+TfMs5LSY1sb1X31GYbOO1O1+6GcOw3ImKzt974ih4xkZ6c3+RQkaJjtJhQwrhjMDsMFfmFVYMJolhC6mPvT3avfFqC0d6eESuV5Fsm1/UIpXvQTHZI6nGNLUmYly/RJiuOqPw2eSFLzOUte8LshmHJUbcw2audXWkJTmGdxzUPB+7qfUOJ9nj+X4FW1yp1WZB6YNANu8n7hL7q+iwDI+HKIOwJ3IvTMES0xL5OCk+VEkxpf8nkPa/2/K/sS1c+QgJa+Uh7rHYUtgoSHhLC+lCT42AJXdSU32meJWfleZTEKRm2rq2CcPwcIARSOf2Hf3n1Wxoma4wfXIgyxla5EwHQlY8fSHpwTB26gtHFFvp/hVcCX50BO8IaOiO5GPEL5Km1K09l0daPdeiYVL/KNqAGCW02wHcUO87fpg+Q1ar22MUBloXM30WneEK2oO6pvV2K6W8nosL6/HMM5Vd8Bm+N59RmA1UkW/my5qVGseMiPXS+fP4RX7Yy8EGIoi0efgwEzsqK7VcPg7GQDIsiwvQqsBboGNOHjmj76+37EHudg7f02AgAWqxQehnGAW6ZA9BUKoA1DzZymbz6QeQn7lYkNjDY6EA11CHknCYBTxpVrcAr6C0fGoSg5bc+xp+mT4AX9Jx6TAyS+SDlAsM7+EiPdigv1e0xuitEoEHpTXiufJO0i1spnWhkFel1hvsK8zAbZ2FIxceGaAyrLS5gVMyOU6XOqtalkbyM2Eg/gXU6VaPEQS8Gh10YLAXh6mU+mP7JOGa/ged4ZAReBS2V6S+fkEsLOfg0emvK/dXDI2wzEuHwzoiNdYE9AWP3fHuhZ9nwSnBNh+XVb+k7v0uNgw45saWTSwyu1ccvY0+a1/fg2AquaxCvzmN+V7Goa6KRmASTpipfOcdat2yLoStvP+aN6z/ePwCNx5yBOf1j1hzeOaY9kddYzmY8gwEE57yBj9hRr2QCER+mpUmyM7gP9aL4hk2jqBQ1+EWnt3zh49cFIEfnFKZNYWtzjsi8q1WahjQERtmDI5DzH1sOSSnJyAOv6iaMS7jCvHrdTtZF08UTA6I0mYp/Xh8ZvNHT0EJOO1P6HxuWlZAo6z88Q5Amr9p6DJvj9hS6GVulwrCGu975w8eC4VUOxlTbxePl1EYeH3UgMmDwcjvSvLHL6do3B60Bn7ymNUsbiMIoHkcGWx2KO0SiVGpbe8+R3ubrSclrS9empu+1BLRc2WwzMnsym35UIBkTjL2YB42dAEnL24gpNNfXw3Y2vqqc6TFQLir0LC8AzGSk1ol3ceJBH16H+KfIaRdT8dg9H0Nn/pTtUIsYci5MBijQkqlWW7iBi57qcKQVnpL6GqBbUTvI7YeErgGb/Zc5bfVzt316QBlmvd3JMTpRH2pGwn2/fUlj8dlM0f2fw6C/p+E5v/dlv9uy3+mLTxNNn7MQNV08uvqYzwuMDy0IebKX9wo1ebfyizgyITos/dy/xNJenuLG//EpbIJd1HKZ2wPlrY3DOJaodLycQAA6Pl1GYbWUy93rU4OAwYyKYGRkRXe1Qk5V2Uaun+5NiAQuvGF+L3KkeuLaEBk9JAxuVGCeNhNQHk+m4GN9e7rflcziCGv8i7qhe3ATMDn0ynbK/mApzAG990TfcEVADFf0UlPmcPhZnDiK4jthQ/PZrhLuD0aBA1n5LVp8/NU/6hpeD7bCLYdvbvOhmEbY7ToLXNYBZYfNs5UB3BHTCdDg1LF8XuRGYtUMXp1d6TEWA4SGINlkTnuh0hBP1D+sdh2UzOLVyM4w9gC0HvmMJSv1e47vzry0NfZW1caGTnB/QFj8Fy2dzhkNDPupgspiczfeEEMhBBTZtrOsMWyfr8mS8SIO8BwHNDlYN2p7ROEEsznPBoGLyWMxF0tzM9xrHQKEUf9U/sPLzgTKXc8g5H42p7bHXFH/zrIL2pw7I8jlX0YAxg8gWjwdzEf7cOYIw3E1SDAYp3RC0nIObw/dOQiUV9lTJXhuQOg9XPRqw8o5sv2Wn4h6nwuQH2ju6MR7tP7TZjGHzKAbMH7BdsDcKPB98BsPd2u+evh65gy61Ew7Dr4EzWpTSa2JhQEIyrg1gW8UI6WAxIg+8xhPYJjHJr5NiO05Yt4xJMijRlhSz4I5Q6vBZ1TMreODDhQ0X4cGBPy8Qo43/3KzvSWXivJnVkwEK/XHO+vuiYzuuQH0REZa1zzR+NVZOqljz8D+Q8PTgT7i1jdSwfcIqilQ2T8+V+8/wu1BzeUo8Xb4YGwyZ3X8+6xUqFeCXTrzu7zhsmtOlvo0XL3aue+0Lj6eahKS0U8SlfJ/Ri2SyUIXWJ5Lrlz9Kr07WG4Yfy0DvsG0Uw/a+yEQNZk10qRwPMsempKGeS5M19yqZ1+nLzRp7OrN6UyYyCuDrj1GD5MAuuoltjNdq4fZkSjn/djbyybeChdF7xO/qf8O/yRkqdNteALoRBk1alJn4rOqupj6dYI0T4BZVn0KOM3DzJjYNC3tF8Bp2BWw2bAD6u6AS7MjVoUBUibgn//Jelo6F/S0Sjyl/wzjvw1/fxn2X957pn8a+75Z58T2P70Hx+IIK8P9kpVadZUSfP/Yr7ae3wYIzS/8tUcMLPgXn7Wxv9/xtrqn//48WBZ3PVRUMn/bMb68Y9/y1irMJqJfggPzxhEUesUxZoKylsUuUNxodD9Sh1iv6bwaok4zTTd/TK7NaKs67P6+nWcVmDdrzBpRhGOXMIWtVPa3+ZHIwDk7B8vrardV+Wtb2s/5J/lodnqdRvtRvaLvPd1fWN6KrvQn79EpahcMA1+yrtQ1BDPQ3nU6IOhz6lHgfVnQ9Mz2g0xuDhqKGV1JPYx8wgo1k1ImfeVbtp1N6uVyWwv8vGoWXVwy1PdWAAbNix0doZmVN3X9GtzebBHBOSl76LAMKcjohqEjx8EST4lk7h29gBtIez2m5Xk8sVG1WaDUOflNJMm3b6QyifQuJPLXCOnvkfVe74paatrm4saSbgQvgyjL6kyoFV2qW9CrIHGLe1XPb+Pfnn60OW3UQIFMsPX8PQLbCCYxGVWGU4cKZBZC8Jr4+YOxkgXFe7VysnVp92ufWC25tFwKx3f+aRTIkNsQm4G0uIupQpIJh4YnQB9q0a1aLhQLmvo21OSF1BRW1I9qAaea//EG0b+qt/c+zncp62097vokLgecJCsTl21PJ5n5BNJ4XKCb0A6C6smYjxNTANn+Vs1LAcxXtd6v+YmXBwQk54tro4CTZm8JpVQsKWHtaXsY1bdQJi+OXwd6WQWCGAkYc65u0ibeaiMZq+DI5nNcNyfDd81dyTVX9JP+qKCcftQKozFPZFOoYIcaxbF2AuElokid1/AllwpHGEt7+MCdqR4JKwqcHAYeRhiOpI02X69hTNYB8X4i6Qd4OVZyD7EgrDqsQ2sJBUanlplYMdCz9aM8r08qpO1Si8p3vDrIi1sFkr7lx7wWALRMdo5fY0wCsSZmhNe3h1+3z0cGGr6coQogLIebY1dZlXmJPodrQSxP1woMNqxVKvJ5fuO0BrueXo40himKpwF0ST9WnRMYU7aZeqzGrFp0J5Ry8ZM/y5vXvqe9skZiEDFWvZO+KX5gqnS+puESs6yZ8J09J/F9hktNMbaysA/ipkSof3Y0yvp44N8yfxApN/Hk+IPtDzm9lSADQE1NoV/WawK0gMs2Kh4l79nIBdATBp/6NLE2s9a+krOIDvHSUDCPFUSEjps9bgGzWttFKcTPrdHwnQjYkp5Zp3AsumjBKu/CxuOIYQ7m8pSg7vYAc7lgK5EW4SvvjuF7+CFJQIkPbzWNkMt/fqUoyfTxgXNQMOy90n7VB34qj1993gFP7lqdsskRMUnEBOwIetlNSIDAgRiacs5593oZyBAFAkdr28f2npm+QMsJFA1h83Lk0lMddyR0w12eS2a4oF0s/km7QddfjZrbiBEqHwBPnjHjGeDy+fB8q5MayTx+7tUD606zEsAwX0hu6RKeCmC6+VhgaffAvneg6Kjc3JED7wb+LgkJEXQohxH0uVASd+qnqF48Nc83iqs29sExtvygtl97I6yPKYvzcrbT4mavPVNrK7s1VPzTLiTUOZUcqcNG4cEmlg4HMoR4g2M2zPR6NPVI2NbTAapK9ezjiLiBpH6g0FCifsDnYE9BXHSR2ZTnxbNCydp4pyOsU1QddkRPq5UkM9En9zmaU06J4hTdCU9BAwni3IZwFjEz7igAUMicOsd5cvnV/qiSROLCfNiT95rh7vu9k78A8sbdqkoyOMawgfzQ3aDLzsdrBnvj6qFtJp8YQNmEd9vERCv469m1ANVEYnhVMsXxmXP0DJlzglg1uFhjh7orL4UgsMEmzHJUa7TyxmcIIPAPotuVXC6N2nt6TR81bnihQ+rxOJw0Bavb0WzVTb2FbDkWu9SCp73+rxOp9Hl6G3KYB34vSN4Q+x3+u7UuNfN8gnaNdZN188bQwf3er5DE8S3mAjiKDZ5BRXOC+G34ns0gyJj4oPes0UfZDybsdSVD8GW0wsaSuRhUr05W1mu6/1peKgmIO6DGNpebHLYUXuZcnHBVUxd790LTvVPg69fUI9fWXXIY7w7+FHbKxhnAYOdVpuCIknYfnZ6MR/T2hOwYeo1R00aWazreP2u6YjF5Str4SzLG4xH1Kb2AXjXvDWLKGZyJkh0Du2Y0gEmmF2/Lheb8ZOyBsKWgOTbNlLoEDcirSgJpa4enF2q693199uqPSnj62GtvvRAKgZk6bOAg5GF5skWMs1SzNHvH58rXZAKkZxH5fAU8iA2zGKefRQn2AqDGh7llwU3B/R7KeVKbkGmTJzBGu+SXnYQ2PAHAp0qsNiMOpm9KMI9SkzeL4fkOlsan9sAqkwbiQhXfRfDI9ixwpILAGOiS51K3uGcN1Um8CkVNs+Kh+bSIMdbOWGmzYN2CG8zgXCvGkgfX7GNjSj2Dsy1LugA45cSVp6eXenOkcFp1bM4fU+mwz/WwsqDLJa31oDAZQGmw1GK7vGwor9Lb1xM20Qi/O+eItLHub1pLlK0hOPGDL4NR/XEBGLr3mo0FfuyCDb6ZJ1vFl7UPY3VmKkaJR2eXcnIT+NOepPy+E+tOnrAHLpkgse8pOB5AAuTjSbsAlO1x1q+TPKVZHdfbTEqyr6WO9OHU9zwHPAJb5Kg+fIErDjm4H+FEcV902nj2WVR3WVySTa4shgXAExPK/eOWxwb+eUY1uLX3H2eG5cAZtiDaUYscDTYDfWagRIZz4Wgc2qQ/PxC0EGckaHIk/qyuAh/jbLWUL3t2wUNq/GDykCKz1NH54IZo9YYDTISnseQbZCwMVKAf44Yq9UlYDUAIEyi29nSACX/cE7uPrbrVsGqQ+/qjfepX1WSCsmJl0Cz4zex5onuwF+5tYGQzH4ieN1gBafcwIAIHZZD/mGaXkJ+F5QvWHUSBu8DMgFxUXLXrO7V+GD3+yhwhFowuWPupgglzc2JhPAz7SV2DB02e7GzB+0u7IGJ5HdP5MXySxxIahrhhjqVRvnwNgKqq64ujXIMmRnjTOl9Woy3wQK5f8JXAiYSjRJ6I9/CEpPGBwuKCvbaTyt5kbLjt4MpiYgh7IG+Fo4/FGZ6+p0igmzwcka86Q+8oy/Of/GxIiP3Xv4Ag4M+5ICvw4L6enZjOpVb1naVNW9ktV09q2fty8cUi3rDURczVXQee9p8eLzyzX4EKt7g/oO1Bbe/ckXCpM80X+ygG8JHxAzprZXcqzQbrydLHdu7I5+dx7HsBXuJC2f3X3jIOiU+eNzPbrV5YNeotVdQTxnO0P3aBy8q7lDh4Z4Gkka23b0IzAvSg31jJIW9+/dde3OzP+zWzlpnYlB3ei/CCEtNqygtAWMM9b4dfColkDQS+0yxlpv9PM6nE5DXY50v4amjYmTMbZxvrS90HdNTTtN8v4pfYHWK4aWwcX4aOCje2DnO9p2vReO/ATZP+SaIZ9+A7DubDl5SEofp0iTY9PDmyCqpdeVS9hblZjEJfe0FQQCyuLrhrmNLfO5zNP7VvkOSr+neJyZRTpSTgZmKmiPZvQWzvq+HBfVqiSmrFxDpxy5mmPDM/SPdh1YET0O5QnhtGAr21crXtMiz5gyzWE265T+r5S1m27v/VsMk88XnZpm+80VJWQRxFaHDFPVWNR5d0h1l9jNPdGvQyMNMzTpniPeRXw4aGi3g8IZcUKXY3xyIpOjqrewiZpFDoVnYzAp3mQwUiXYMF3TSw0a+DOQGK1Y2kfUI0+CyGVbBjYu/R8smGEhJtZGjkxA17c67nPqUauBJLP/RpNyJsKeIZx+/x12xm5BqZ0jB1LJkPvZTpEbvgd8QDX9Sk+hxoJan7WKoZ6X27aRYX5cPIxofVJzfY+JF2RWChByTpX2UmXf1ORx+QtFN0LRB68RX/FreDYjSyVD2Rr/0B4AYxwEPxDtIW70zeztWAENf6cWdSYCyXnqFBT/woxjYx+zqD2alKJq+Rl4TcCZYDVNigTIqSk8V+RtEEjW+WFsXzM592UbUhMqOqHYXapfD1kIOniYuJtLdL3I5ePb12JLAtpYZOa5HWT07Xnn2CtGbSJ3U6Zdmpt/s7rwMfmpSJYiGZqgpm1PvBOuVC5LBLh/2RwGFpkJFTWzXO3Urfo12JMjrqhR+R278Blah1U5NCOe50g/P11wMLF/jEkxMoWuITIcubjgOzvILAqgKPeKncwUY6oRWcWMK643LEyrzzHiSdDieKuCgqu9cQkfGnI3OfHs4H6cKEzxWUAmYDRmWKAoo7fXqdhjQXjy6g4uwL/vwpfubUebq8Q89YdspQQbt43/mxm9w13qDcIJsTul5qyOknzuA9Yu2UXXv8A1EGVSS+sxu/tkcrIyKDGIMfXl4kpb0b3HMmNiy7gdSZCUNLm0Mm7So5IZ/Oiw+pDPq8YpRF3pS7gWrjCqR3fz1OFU7LiU262uZonDLBlxLujNo638isXDAI5l0TM8adw0Umqq6HrBv/sypgvQB+Qg0hxgbwzUxt6DpS28wiJ8DdfUbmA3apE7emnIbx+QZMeLpXgjk92ko7MWUTtYOj1ZXuL6ZDeVBhv3QNq+HiaB7h6/G6N8jf78f9uo5j71xqKRIAX9o75Kekm6IxbhKCAO3B1K6BFrHp2ZmUs0nHH3/SfkPtd6H7yM7w2JWr9Br05QUUFlGwFp1rtmC5nevUCHtSUT1bVY45FepxTaJyBroMuaL+BbMhvGt8pDpzldHsNNLrH9oS7uUW2iFVEmL1AycnDKy9thcX1ocxX6Vxp52thL2FLUXLraSd4fXjG5FhiUczs2EIKtHIkI7DRu1Yq38zsWgcW/4hftHuTGRSvmX+PQeo6OP8zwUbHrbgxiZeucaLWgcPoaImTXzxUX/VczT0n30OI7e96Va4msnN/d7PXivvis0MH11u2EckzbjJpR0mjcJCxtlARTm3ZHPaehaok/A/DzjIwHdCkanq0PJaJD3IJebIwWJMzvaGnTl2IgvdYDtvuEG0W9xkd6Eljfrbih+NC2sa+R32gboispXaxo+HiwgrANFbfxYMsaFWolTP+l8txMC5lPhAtMkkYBop/fpBbKqJ7dM6pFG4ctrINBO+lHbW44B23xnsTlvp4fPW9uo1iDWPksIU0sEVAYUWVeVUxGQlFIHZrRr4C0Kp4GZazIGrOQmi7knJXKvyrRLF68d865DbNjfKSS5DC4Yzyz6oHGz+rAGESNkHPIsAYfTIHUYRsxcG1g+UncWMM0+tHgDrOMi8tvAswG/4l6GgBXftIZ3WSTEGKhc61BGsVWjiR54mTG9hvPqSvIaX4i0r3lvD5TbXPjwVOo1S5h9MqXPsx5PKnrHIKusTaGiaJ+GbJovtq/0OcYKVm3Ofb6qT5/fzQ54E05h/Kul8AX6LUfT9+EiFRpDc8AHSXhpZaTYBVZJqcMr9qc8WaJZxuXXxSXUOKGbytw5+s6lWSwdvhkWYmmBn7NVOa7JfjuGM01ui1TCspfGlGeCsITFlCzkg93RxmHuSjuFuLHYh9v9zpeJN+8XCsmkLybcxlFhydh7Q0bkNfQbZuaCi8JeaFScMz5sNvnC04DK/rrfLymiibmE+fcG4cqXSSljVj36GvMj5uoIEJV41yFX9OP1LVJ9HdvvXAGGIm2Acl/BJTYW4MoabqLwIQf8DOKABZi0Pdh9JuiYlJLh6FkLVpEKC8+ZKXRI8qOXuKCKK8ZEFCTYTlbTWn1Ra3CjRVlyiPQ7s/CXGcBOm+HKo+oIBQ9vR8V53qPRKrnNIW/zfEMwrVGk6iFtRD/3mG7YMkNCmPxi7qI6Ba+LzRpBQdQC2mVINHIuMdQGlm8EuT8+TDfbzbN3BzamhKlF0o2KFPMYb3wNqW2ap45RHl7UTO7jb2MiLI8MY/lDJRkeZBENoM4RE9ppjwk1IPNXsmH5LkFLq2Kn/itWEj6I+fsM9UFQSA6yVFXKRNzpVpFouMOvxGa8ofMjYIcaVe1cGFLqDnfZsytN0Dm9Zyaa9+vctQ7d11dDMiMGPxDF0U5SHm5kIUT9cV9cX0mQUqYrT1IxzkfNJ9yZsDWYKt6NUgoRt33bjhumwtuREffdbB6zMN+e96nDYgnYDx4ffQdYiTPL6EO0xu1fwfye5WENUpwuN6WBxe8cdf4MnQ1RgBCcwHU5S6eMh4wyGSQhRuYHupIIr+mW5jchi2omIKN3Wwy+MGRjDq+bPy5SomvqE2hIPrprxPQQ2M0TxyWz0EyNaEqK72aTarZMk5rQJ039efSCqmrKDFQ/nXUqebjA9ZSzXlJsKkI3YRLQJn14+fNKbay/iFpv1AR2oem72XFLgiQjTeTnowHQxfp5BythcmYOsrAvui1zBpl76NLxEaXRz2UGxPVBro0j03G65io0vomYGr37QxUFxD4UyyV4wpvQI+Xl2NfgZIhk7kOVhv6zUc4+qdfkhh5Zy0NQu2CzT/flYvp9Ig7c6FTYEP1Imf1tfCIRez8Nz/flwBw0XmaxvrJCMnCl/9kdteNn+kZP5UR2CYrjXDG/IPHh5o9xMfDgayBMOVVfvuh/QgLUYmmgbBjjMXbWEGnObaTsItlgH7WGfVq765LjG3cXfv2qU+czqLIcYNfU3BnnJmwV2g0Xcm+YU+jLXfNHL0babNcN6ZCJxnh25kwniMePwfXNXi7kwz4fMUdaW2heL12a6/H0AfZw7OZ8QyqHEu9m2rMTYzCbtTW6P4nwItAey9+fB8UzFNLC+BdGwgSzvmpTepybmSYlk9xpNGlf2rULvOXioAyCmpii/oNDBb3B4VGfw7G3GpWvYEFS+mUxIOPTL2rcez9qzZnzr2Uyrth3X+jpF8EcukE//UKlOGeW0uTbsyiir+Q87PXMNFGGAX3x5vEzMTnEduv6bu6B6Z2AFz63Mquy9vnUTiQw0zg1ohIeHRc4HevU3CeojqBUP7Na880kTcLH0lGShwdbEmZfntGP3VEdmcT53bfv2lEKHOwC5GcZ7ZQP2x4Pi96t9zQgH1Ll6gAZCbW1MxkZXWboCyoebT9N9CLJ4TEwXzkvfPvPGq3YoV0pMuWUKHzcdt0LRMMuKTj52Y2PikbK4QUvTSpwQvqxpFweOf2ihoJsHn81vaHqk8as5hr5rMbqtET4IaCMozuhX5paeAaCrAmDxB2voxwQpdY29fuR+KCN6csejMiJzlGH/UtvJxLfZx36oBwZ4rKWG/OYWA8VA/xtPIAAtHTgOvM85xwHHKWKxzvkMT/klJgwjacIrJn68/0Qt+taZh+ijooJy3dM0pU0qVePudp8u9pa6XFaF87GcjR3PabDaC+mp5j9UbPNw5wPKQZr+hjusB1fH6XwGqrX+Y/aOEgcfLFYMqrukSxTG8zS7G7Vg++8JZy1z0kRSuoii7Mv4aiTAcuOr+QXF3RzSGrxHdEL6PoAELHo1vUl0uo2SICPX8LzgcUqH7nJvll8eOSLb1OEESk2dOxkj6LJRyzOY9Rs6ZWf3YPTJO0vAWY8pXeJt/aVFaL+zuncUTJwrbwsdXtqXiCpuPND5RO1ic7VY4k3hJrXSGRylc1f6HGBCYufYuN7zQiHmNzj3cIw7UACs9IROI+gD0H0h3UxyCmBGDbLrhLsfCn8cpjoLrPipb9a4g3GLAIkD+cnbNnGl0QeZlhNCIbe80nJcotbsnpRfqETS9eeKpC83XzXOS6SJFPiIHmJVSBzBBXIJ/WbKLgJ1GJQjMcPC0Q3OLhb57ZhuNezUsRHTXT9NApSfW46H5Fg+/F1yLeBk/xSJRM683KB4OfOrSBGDF6utCrdrM1u9T3ClxGhyHCuKnFPAInO2Rs4AsVJitiRnerTZXexo6zTzRsBa2GQ9rrnVjAlggtYbxkh+sz2LJft8xzffoc7bWHCQ3Y/i9AvId0G0/SwoxWEspnQ/3KuCQ4fXpnTbKrPhFVpsenRD0nhyxswArkfJVH3lxgOEWI08jpVVVpT3kYrw41slvp3AdxKfjzC+aLdIkSZ7QAxoqkl35KjTj1kcC/9RDRBWZw1D92mUq+saW4pFj+z2b+i+4VSEBhidBo1fTGc7bTWEkQTA+QkQ6nRVvT2QCozciEWZn/oSvWYzKT1eaw2GPC5pVtnikfRujAO2/ahvJe1K2t9U2NFOuuzXOse/tnEzkDG9IkHN2OqDyN7FSalGSeI0HRHkOxXQgI2deDsgUarhgqQIDLeduBZ5uXWENxA0O17S4NgJ7SXJI5+LTK/UlpGyAB4sqTVZ9ffgsydVmHi34E/JMIiuWl6+flQBEn6GcuUbx5V/UgqeDoR6cbFeb1niN/aVt0cWES6KASbrWhs5AlH/kwYYiARbGrdi5zKib8kAZ8uBz+09vEplBU2YB8YSFTpmPw978cdrlZ5g1LxDL+ZrsaZied+hkZ8i73vfkR6s/i2w+KJN5a8B3FCB2N/7G+FaCGyv2+L5E1Het/Bz0vKqf0xZpstb4LQQLvsD0mv2FbsBFV/1mPF8R3nD9Zmio2NpLOc5mfO55gPP3DFuSC5QuJOKIax/IkV/zsr7nf+PL+uMvLHtJYgiyCXKsodIEIz9qUxFmFppt8BhyBtGz/J9AVGXnwpKUfLPtexHxrcN+Ke46d+go5SD9nBTpQg3oA35IjjHVI6FK90p5k8e1SaR9ngxfapO/DH6fI7/vG0CJ7JbEAIGbwEfPkq+Sxjy7KloYdhoQEtjytulV9zkgXvbybkDryc8KuWQ30BGuCaXQmjapqveKk0pxeiaL7wmQ03nsPpdSPzGjP+XJrKQ/DWYClTaDEfKaqh4892bQLMGXNryzAFdQXADS6ZUzQvsB/KtWTtevkyHg8PhRPNb36cDXwgCEylUmuP2tANx6u4QM5WfPWtBGWLicxxfRRJNmb2ER1mmS/laZ13I/MPkl+5DKB3of0qlc39FKhdExFetUQYt5zUBGgJnJpza4e3plTJBMX40gFIRZ6zCxHPRCjMeULbxAVh+ji26IhB8olohfJHKYGcEr5SOuNYT+dN/+0nYaTkdMEJPAFSnyFtAeuJU8vGJTVXWlqAWGnauLlBqKrdX7ZtfFKCjMtaTIgzP5CY1ZcvCL4hhyT0frjFpJP0uclUBwLvVgnSjzUKMwNEpNrEZHEguwiWWUFmY/GHBP5izNN4VV7kBoYxWPzk5fZFyXhaTIlxw5BXdJwwU3xrbqrbV2gAPy5Ht1OfqhsYq/lFR5ZvzFel2J7miUNit2lgDBzirUW1NaEem5r3xeAjHWeYdAxm07Jw05IACT/V+pPR+AYqLrjlxpQd+KsHzIePyyUcYxqDYgLdKWUHK+Ebyn79xhcE0k+0v9Se1bhPLfJXC8H3h+kK8SXoTrTpevdWYD6d8DhalLaqBqSOVt/ER9pWwaIV0VfWMGrIGeo62Bs+v9oD7Q5dEUcNT9TWA28ywhP0Wu7ztzp4c/cIf7Aw6K1X/NrEMydQufUm+cq6Bk7k4Kjg5OsX7EPkOBtnLxWbP8JLstHYmD/5JR5KbMHY2V26g1YdmYEoAaubzUkXOZAs1geYOX1T3KGmb4DhWiIhREnTkF9tJJhiXc8s27wW+llPO6XbAscWyJwRhyb54A9z+IT4XbXuwcoghDOqILOvTgVnj01oFINXORQwdSjwrGLZkzTGOIoVcKaRBMk2ZsUmK3mT4JIvCEewDoYrpdzGXB3U7u8p3IK3zLSBfm0CS2ktWMzf2+xx/QUUlOHLDIfPXtT5CQFIbufJPtrxoN2o/QG9ZWabweQtyWxoLvWVUElSbL+gR0yqANFUH4KkqfH6kpOio76P+uOyrTMccR3Nrg6bKkothNHAn8V5xjdWcbBZ6jkVxCjQqLRguCOLkEPqcpvNeS38oVbEbId4dNPPLn3YYwcxuVcjNTXgW825OE77hdMmehZZzX275QszSzEOSLRBdFBfQUOe1gcdTzmd6lDxQl83brCVGrw5CX9FkCNYGXF40cljmkuHm3SOQxXovxGEEqSXs4pcPbQ0eOLoIxWTnBjoTpI4n273hzP9fg2Sy6y1ySxFexHkC5eaY2vICXWq2UJAQkGklozJK6ZjzFfxNBe9pOKF8JUhlAS7hGJttKafgJ0exWPKCdUM7QZ/UkT3D7Ooh4PDjFpKo5MgjPs1p2jxSS+cAju1COMaeCZwoDi4/blFDlfIcTq4+bQEES/WUmKTR/dcYY7SLBmOA7yFmL880xSO1hnSLdgK2YB44kMhPHiXWOU+kgh1RzWxJsEkR1nzJyznIjgKswA7Jba+b6Pv5fqQi2tZnymy0eWlX++o3IDLihVNAwtzk/b7tZ9VApWPQ0cCdwGE5yusWH1rULlUw11hTZYDboUW2kMsGUhZ3GVdZjSe7lPGQ0BNe8oOZY/sT/lYHKVUzUT/JTx3m9awR99VCWa9BWT+FE0NwDDNL2CMpGplxkb0AQGLp+5XxNc1cRUjzphuKmO04H3UAKs64AJV9NaU6lTvOASWO+Fgj7DymktoUive5UcsqJtIeU/FotLmHr0dLvdW7NccpRGFv0FwGEShjI+FLNaneGelZovKu+HnPAp9do4VTzzYt4IIJ5pL0DSkI/rAtf0mF5DbiCQ0oVmajZiyN75DbGXPMCQ3LhnZNA/LWFQfokqyxNJkTKEdEZLfi44mcTptb4TLBTaRzEP3ThX1d2S+So8rv/vOVmXduI8UmLh3Chl0m3Gd7funjaWN4K6MdIFNUjeIrRxvSo1P/+k+UNGVNJ5qX9HEJJOWfd/1wT7su9d+zr7Dfg/zEBXJN+f0/eHA2fsCtkLQ1U32AH8HrZFoxkJYU6KU3pNTPlI7Sjm3hOahYmVtpUQ4s7G8cAFm+JmVQF0/vfto5XV4bIg/lszbOevhQBVLYhgFxWxuh7Gdq+Tp6mDqbVmJVkd4VN+HKd98eMtVDceHkPvmYf1suiabVqZvXo6pVCBlm8SzZ3xzPZGZPYsn94RK2HX3fbeKCprE0fAqEC+D3PJ1eqykDx1gEeVZCG7FSKE7uEo5rSgnJIqnudBwdIUWp8GxKR601AoYxEdJedO1dLt9gUQifn+Nhyhg8jtqTsxwimHJsq+apTQWb3oLeR1v35V8B+po0w7DwJn58yLnsif9jPIr6zGDtkGRQo7qyIHshi/EK0oZ9dGL+vyK9cdTOLUD66i2aMIRjwR8oNL6juHWiARNC4zJq7LqGoxFU2rhFVZNVg6pPKIPr9VfYZh51hgPluM2lFEY/sezQeoyZrzC4xSnK10V88M1G37ePF3lWEEOOS0oJhCObh57EmxOYT2VH0MgubIdwI2X0w1Nn+MrB6Y7vOUL+Cxclp2Qa3eO+K5bY3uTi3nCga4BrceSJrnY9rNHJwUuG3W0OfUh51tMDyW/3h5WPdNeTiBCtohBG+BrRjEyeIFCLJ3zy+I2ELS26k/aII/sxYeN8RFlTw4VejQQ8+Vh6xRreBUxVzHxj2LFtuoUXH7EfYgJlckOJIRxhW78DlsQYGPQHXZCpQv6DY59ce3sm77x2b1AC1RxtTWBbRkHsclDD9nwKGfR6MmTNKVuKsBfIGNVVxADb1Er6cjPPpuS2of6lroDByXznhwvLQb8HbjTopAv5CWN3qXbEPSMi/sL2yZy/zjBgIuXZDI+//BASouRN5iJIom9TazCn79pR9sKYSXrlLbJ8qG1St98VupZTnAeGucgxvGF93IkUdzZDcR9AfIKY2rMAb6LyHzp4AB961cctyXkTMbnlczVVggdyUjQt6qVHtVw9gPIlHgQNcg7xL4BFJP9FRmlkTV8Iki+61Wk3FysQaB3O+IFszZ8UdivItHFQOiCpnTW8EMGm8fDPNCVh4I7McMNG8uIo5d6Xsn2r91QTHcrH9W9DO/5Epx436GGigqco74YHVeyD2jDpl2J9ejg8UV+Ve/UKYJEpyYXp6EHCrtV6lPWLI1ewIMkH137Qma/Nm5zM8Z2JaeK1QcbmOLzvrvSBuT6/fk1HZQ8NRO/btAHpEpd+vOWer+olLpbrWwG2Y7oXXKcPKepT889unzgzPiWX+8tKF60khP9DcHMDh4MPtxeYSIBUVNH0Vwxq/ulPSrM9Ir4YY2bQAtOhErD7YYvEXkRNZT1/vfVtK1bSmKs80MEdripw88G7TU5juxASKc35TN7UUUIUqDunK4XRit5KqUBc1e0fnbvO4tRELBbXjklA7H56QrVdWTbKt/radDu/rUPNKQ4o+4nxqAnYuJERg8/XI3WtzN8AlZflZngG0bWnNtEvchPxGHB+ZeBvUoK4OuZqRwhfIStNA7VQY2oZAzMdykKG+Bo3d7y41uhL+wy1afc8X1qPnKQGWeqHOzs5c2HQzeQt4z5ogVJArmwP0dEFyVPQ7knpN6kTlVNodFTW92u1eVSwX7OTGAnmd8kvW/w03tSqm5X6wQ4cchYmajky8UXFCymYkOJROgdGo37419fJUnMOK91PlRw0HDt7fD2cVgb+vjLabeXWtd7mTUTin7+cAuuaW+OZEuYJpBXc2Fd6zi2pBKo14eC+T+Yeosl2ZFtW/RrXl8sRVMYYuaeOMSMX3/luWofe2XVWGkJ4TBhjEluXZXWm4in1H1LZpxaB2fA4HOF3MCdpTNlfbLsR0fPPFA7QAP0TpsSl76WKw4ye0Rfljfte+RY4uUegw7Wjwx/hQzDNBQ/3Sxr7KWN/RXeKPdlBDup7xxizGD8SoZjV1qu3gQhcxvscYm3UJlXCw2znqILfSqPeEl6BEtS9js8VpVBcV7AIJl3iOZf2IfEoaG5FY9x9hLUHTxFvV7BtZ+6UmNkF6S0p6kR1G2V9GXWlzMMpIpHOx7wFLypt9iB5ocmcRivRl/fVVOGyJIfykBD5aIL5SjPleJUGmK6Ayr6GTJ9ARxq2mdGM4hPD1MndXtH3NxPrSNIymGo9KMlU25Ynmqkqn+iZoMl/y/JFwCLk9MLAcM7rH/Iz9Hnu4/+FbkGMikcFBMAz43QpuMrQFMMwmbbLc4ZQ+GqX2oZA1ZNirtVJRSZMkbBRTOVRg2K2aFXqF4FQwD4HQlxEE3/ucl78NPt+A1w8YCct2E6IET8sFCxlxDk17fmMd7BfeU5gzAThBbJ2ux+JcqSt61Hj2ZBxRkjIX4sfPRZL8hvPoQKKy6HVd9FCGALzaWf4+5aryvlJWPsxnJiiFmfT2ZLL3oY2g9erKrKxHldKTptq/pTPCpBEfa8UkFSTrPugcMZbimBdwZ+ZYZSpKAJFmbYkCVokk+x58YRNHkTBcyIpFI9z7vb4r3sM3lzGy92l8wDIQsDRVGs2fGfEw+/15xNOQJYlToMY+FgeiLljBWVoADYbMN9BYEuJn1uFUTPKbKLzbQ8jaheonv5KYT1zKkcHGklVvodoSOKU/+GNihIIIqkyFTbtl8Gc0eiGedtmUQstvh/0/e4/eX4X5RbXHif7XIlAJL/2eW03ApboOm9O4kFqSxinpgmZmVZ5g1z4vzqmaEToBdlTINw1w0dUSK4T/LfXErQ2MP8738h/nxru3jKBRqmvlaaRAyv2LqoTx2y37GgIpihXwPTZwOnfw8yWaU0k878iuXn2/9VigGEJvDFdkrVJfy0Lwv9GL5A8Hr0e3gsfMD1TB4TA6TUaa7iL6H0uQPi/AuXAUpeKzh4iWPjwri5tpPmjlkvI0bDE4NcZ+7LG5k7EXnEnIRtn+kDcSfooaaCWz7YX3laG4IRP1VYQvPP7QgumZclX8TtYkHPGeN4UhArDEpsjjz7xqANE4Rn+5rS2PB+FjeBGZJ/CDrdELx94hNXu9fKYGjkwnUdLL2+jwAGtr+HjZKhYEFo51sC1giiLgDoxleyZcbx8dr6NviqtYJOcG1OgdJ0DiYBRFsgZRFaMuxH7MfzGNGmycTvsrkzpsO4Hm/foGjRdh976mMegvftzsJi75VqRma2WSNbwFw69q6Iq73yGzV/8ylPkKMQrh7FelP87JW50CDR4GcYjiU08M5sgBlWicAtWENCsvgkQGQ++83zb9M9ve47S1cYsc/ORPrBy7OBjnO/E7pTfUSF+sqaKXEnMGH8/QVdGGrj8F8o2A3zOh8k+vyZTALrjOyKXPRcVZbQ745FoX2XaFUlZ8kBQoK/DkD//mhf8Pwi/GFIj0GuDBFWPy3Ky9PJQN2QPzX6J51OUWgEQpkZEyYCIihXYiktgzomeaNF9DWEE63KUwx2U+4n7MYs5eI+lU60mFXgzK0TWd2ea5LYqR3lM+nEzoz+4lbvOy3vT9eXjHAj5rlE1U+rxhLicHu14NnnI4ZVSA3XaxXKx8Qw3EQtfqyl24jNcEW2z+lA+klZ5i6kpBnXABhF9VZThWuYABViGDCB6Xq+vv13mEeB14YPf7j4ezaL68NckJojYMg4ngZhlu/wH+BUr0w5o7gEN0O/nMf4CqV3ZDMxzkXa43GImew6yHfxTVOS/K0U6L/BPnlZ3ghF0mJB29j6oYR71ofyiBcFG1Hd052lFSVeY6xRQwO8H2j6B3HruHH4l75JgyGAC0Qe8RUtQCAeY+hDRz4w2kmdztiCn5yOZ0nnVziM9nYgtAZIr2HoKSXo5XD9oAzMdhMY0U3rOwaLKhahf35zPdZ1CPu2Q6IRsTTKi72BwaguOy9x9TWzlfYzzPJfrTxT3Vl9Xmm+VavuUKlok36dqiRJxI9scTRvi4AImJIEEP+NmqYpYPvV+Qn7mjcKN1IQN/jeDWNyIhihJ5z4tB3UjqDoFRd3xe6MmuJgjktLq8w4ohtvAL8tmWOFi50EWbi+zMZsP5Lj8IUEQT+cbyoJe+FtRVS1ULTEpZHMBVXW0YUpjmAwlLsJiGlW7MbT9hOzmEQaz46V8eLnPL7HtWqmYHPExtn4+eeXs6v8rBJE2sYKA81BryfhyBcpAb/uKcR7b9MmZuhyqOOLscwyy573P85k+mTVRBoTn0H2uElx2qX5Uxbh2C5jgqFvCLloAmxqF1fIYtVq4v/xk+Q9IJClWoIS/RtIy2IDWyvn8N5BVqwIIEEhX5wHuIoeG3jypo4n9IEwdx38wbCxHRBVH/4qpyr15IFpae7lRRbVOticLinIbOCRr6k0L2kjb56HbSj9LF2C0YkeJ9jXC+sn0vihSP0ZsA/yPdoGZh07pPc/0tzNrwNiEEOa/7D93TnEcLeMgqEhl8IFc0IiCQqocJTsfG3TUgfByutDAac4FrWiPv+dxZEV+75Z8b6Y2pQqkYjQ6bN9tkN+1qUemG2fPgaMYb8ZHZ9RmIUDS+0ByvO1MNt4ki0o3e4I/jdEjrHBuRVmtv+1d15+q/vzFXxR0Oh0EEja5OmGY9gJF4DVo/C5+b40kFCha7nXQV3ma6u8UmvLlc1FfsAidewjRwrGkHsOgL4VcOgAf/P6FodXXcViRe0ZGg1S+YuZyMgxwiwrROuXZiSoMDhtBAa6Z+Fg3XUATZ7/n0NnNNHdg8O8qGKD4D5NuKVm68w59ZcotT74iQf9fMieQB70tCtIYZjFJC/5oibe8EiZbTsAi8Jdl+NUANocSr073RIgV1v3Oc1EmPEsGabKnzPMeXJ+RdyNldXgoLg6t3aIM7U7UCNEXPRBon4pZZhuJEqE81QNHHAnOZ6G/LrL70lHHUd/Eo0cG6DVveD2DfeQmKS4BsvSlMlc9nOUXVWtO6a+Kr/qq3aIwOKKXTvZJN1POONvUwkHd3fNxIH/MnyEt+OIkBI+nvUVmKCwql8t1aDWmxWfW+Zfcn9hWfBdyXOhCaIXyYmZjXEL9TueUMdx4APR5j6qrjR7AQurXb1aACUBuOx6kUuhWd/JeHrysocZYoh740llV3wZEpT+yKi/ccrLcsRoX01XcvwJh7kEyUmDEzVYTsr7foggqxrogx7Czz80loN8x+FOhXDuG8iSMZwPUJu4JJoqKqY4f74g5iIeA4h0n0TuhbRd4dRff/ZgU9FlIw0UNbEP3xfHEv9k4is5/KWpB1o2Vagudemw0OtzqQrevsAEmYTVcBPyE6kdAgJVbfwtUDECvvdeLwgzBYHJJ35tjLwEFz6PI5GdPrj1QzKTBRzDQ1PhhxQlCZxDynRmJlfRSyGdh/2CJeSeWvQ9gTJ/DmLI96eQ66h7bZp2Cwp239tOfAwy71/uxP2HrFCUFNpY11HaCzHSTjzv7B9G7AxSp7E0ToKw+bDcub8/SHxegj2gmEKY1bciBOBoYO8XLP5sZ4Uh+j3yLoqtWZFmd+6VjXJSCCe5tnuTp1dyMSZFrU0bh4o+uGp2oC2/n5RiYeFSoup87E6OJKjGZdZNc2Ch/D3R4eZ5gZxGq0sD/M3Mwuq2vJjBOIeGEO7AruFkAsgHNr4caBEZQhLs/sWnH6W2rd1IzXpajXXZvcL0vZrcF2Ut+tdwT7v/q6B07f9A+8ia6UNHyuIr9K+Ck5+LomFWeu0oBAIZmOnEzW37QpPaiLdIlxhtfC7eHxdlvPRcThDF8s1zDflF49YsE3L+k2cLP2adCczcGE/xTc3Hx2BA1EcExSAEZ06jNZm49dl3HMmpJxg+1LgsF9e4N/7SaAY4T5/52lD25MXktbKchygmebXsO3nyA9POVgVbLzJesb3pG4tuVb9TAplufWW8yWo9Dp4Tmx/E9JXRlYf4bqPv16+7FU5duBGo2zgSC81MpKJffvwtMcEXH1lanQPkVwUMaIjNeXeS1V4xrcML/7WhWYXQXa+D8rZWnXn2jIrlmRkMfeIV/cPuoniSiSmEQsLZNcXICwhNEQRBNm3bHpLjHnwNzh3mvgn6Op5CKT9JIBTfzfnM40sLTyx7Ep2tRg1uNKamjiE/AvYMwmHT/2lya1vNyXdaVcM27LgBFyNDZaGEDup7SprzXBnpWNrHZFJxHTzsGLzoBOx3lBjItK84QUDkr8iWTpkRCL3zz2TkxuLN3jeWcDYqkyo2zTSKTm4N0ahnJjBwB6utAnhTOsXMGy4cA7fBLVUKPZfPQa2YYZQNyIej5Agz1RldmcHQk2z3mITWwLq1hpI7f9pu3YpjAHDzWov0eyQc38VYulRu4gcgTVK9kG8OjnthfIfqyI17mBZ55bZfozJfgVvm9XCbum9jb9f/uSeY6e/c+kroN9s0mqYjU2wfc2hQ2Zxs9lN/NyxCXmbulHMnM6U8AIXZqJimz7L8+Xpf2eV3Du4ssVl2guDsW14EOXFs48f3ogGeewD9XC36FyKc1MogqBb9PHzr5IclvyHAR8uhDC9Ay2ClNJFvProZtcpqoj/CC8RYdtFIKtTodHnsGJKPJhNabehANKpIUr0IOOk6AuEFzVOQeU4S8fRS5u6xFKjFAt+8Rqm5YwYnzbUvLimzsUf4UP8GCWj9pra1Il8zQiTu7MvIVqU270Hh8KlhjT4c+JJbenbusQscEpuBoM9xoLsHIO5fXt7+Kg61OO3i5St+rkAhB5CxbSXJ8mTW2riedUEMV9QVLCu0s/dOEG5C/cbzmPQT1mfs28qQ/HVmH08dEY53aaEAJXBKifhvkFD7Qg/0eiELdh7/EcXmF6KOKPAzwNnoYMyLilp19DelBQTRFbHTIGRzXYIR5CB+2bNDhRS+xHAskUhnzDpSjZ7Fe45/pfjLybFerQndHrEJ9k6oq2cZc1/JaCKkS//5Q8ZQped2YWIyasJMjzoASf4uK+qBPL/YHx1YlAb+FqFPoA3jSaWWYtK41PuzgR666l3yV6hHf9lrkVeAYzk+NSeI/okSX3byCTtB7AhiryEmkQpfkHaZBKCiibI2UgHwdSiy3CMFtzTluX+EL0ZJ0ia6tYadTez+fEXCe37OawHR9OOFrt7Ghbh8mTwACKW2uMzMPoILOi8YcxgGcuj7n8DbkOfEzYvVOu+vLjI4SlSEkr+KJKH2Ll8V2pkvTHEMr+VXVezwnj03a7+2vIBurQdfyMVVkdg03aGClq2c+3Hsv2SVsY3TosSM9DFb20Gg6vTh3HKs3KfBV10clFvcg9oFse8B+3NWJDejXq4T/VszGZLohVGA2An2A49LtUoSnF2hI0oQhtVEf2ahztta1sBCFNcd6UzvV5bl51wHKDF9vYH6o5BO9hYf4NSxV+peZX90D6X6l60s7buKwxNPn8ZXPIRbbGcQTVN1xvlLy1aNvobyYp4Nny14Pz67bsitmF3FTod4joGU+YvsjWOPu+gEZo/f4wXvcjdmWIWgP1lV85HAsR96Mj2fzwx/Dhvq9Tbkwz4vWM8idVmW3fjH1ddTirXekkgSRcUq4SorK0uZS9Nl35xuSdGDg0/nlNBJRg/DVU4kQH1ikiNUdICYkg7MaYskOGih8/UwHDtiS8OP/T+TxyqmOc9CNo1Qkqmjl5jRFq5oY++vyi89Gbl2SE4Qkal/0QNK02gmWv6az6xWBIyBXekQ+zqDwxFaOIGq9ewvSRWPvaWvyjOTNRWrtmp7W9nYKYHTGUyupufAiR+ySr2L2g3p8P7wSWMHhkgOebq+dw2X7Nf6UhSFkbnxRG2ZbsijL3B9ge4YAUa2F3982/oBvJXrWnmEEyjWXP6cQMjNAXQxoQ6fIeIf+ZJ6yXCGyPlQ2/UES1Fj9Wyt6feSS/yPAltTvBIZEXqZ9BqBwZezUPgiznVYG3L/LGcpmr3fJMDiWhLMR2AaZqjCcnEX334Xiz9XhVJHeYdwlrQDJrGvwDHqmUB5uMc4Q7oyN1N+roQg0/rgFLVBuhao4QMVHEQM7V0UhaLe9rAww/npISLWs3zbZgN7zsJUcrPFvujed8ewAdHOdt0NXpXf1BqyWpl1zmj1lPJofu+GNcgCu/LRBw3jcKMg72IL6TuCpubYGq2VeKqWu0Ff2cXqRZyf1d+cuNn+mxjzwa1KzEJ8lygw1kEQGZWnHR4IlP3bkRn9LqpMRhrp6X5fPKUKFkSt67Pwd27EBpntzsvgj5fBg8AhfY1Q6nibOiJoWtfYXDoGTykjGZYNk322tVcMuII9mOaFrYGR5TAzPwDzy9pL6u8eek3NcEe8o3879QdsgtocIgQGI25q8vGSc1crUCHgflR9ibjmFoaz8pU8YodL6IO1lpx7QoT6xkdern88CHHfSqO66PwBcRsPwp9is0wT6MVfvWfL9f7Lpy1wKooPwVrApIs+5fUZWdqnOKzxhZMoucFM5oESxZr9jeXOIMhrvpPPuugWJ7dx8u3r+UK9z8tIpjZz841YYNR2uFUlUn+wdsIiAFoRzFJgVd65XeVlc37RbPjnb5APCCbdcYRxXuFn9eoDeMCQmZQJNgRRafBotjfy6aTqhAk5ntf5zkYc4DYwZJF8o7o5IjtnT3Cvjh6rQxV7XblAExlErsZQ7q55YAWN5ar87qSJQw7Yr/1TBvMy4nRC6J5FpyM3D8TX1UbeQ8/jO7bpOAp/QkjOIRKBEKsAERRe6vDJQmKocXEAL5rkTT/bs496AfmNVJ+h2VNR5tRLkSKzUEFMCxUYg/JT/gT+MAnxQj3ZeyXNz95R0mkd5kExOQj8oRzxJE+UGV9z8wJ6ETuXh3W1fJaX3XPI4oXAY2xAZgTDfCiu+RbokC8ApcPHdY7OD6AMEB0UZqQGoQ3IgWGevJTdsNKlYUoqB2DmGAaI6NzpXEzM+mciRUH+2lX0Xa+OW906Pv0ffObJiWiRVJ3fAYI7aiu+Psi1EFSLZWWR2Fn/OmEJ7s+IFy+epO85u5VPfxoi+3Ogso1zKfcKHIAX3P7EbTaOy+8DgFFXd6kSMaBams+iqg5ftpX4jKt/xRukHjf7Fl9n8O4SsKNNsqxvhfGxhsTelV1368sv8a7jPu4zc0CS24g6OAg0LBJxcXyPXfwv02KKYgkgxHP9tmPtOcaqCYrSlJp80U/BNU1K3jZKxnscV4BrB2yhrIlFHeaDpN0jY7SS0uW7Db8vZeTEHZNXtBQBndfcUNDTqdg0pHu/I1AUiNG+rMyByMNA6pHDT4rU/OP/go4sY91oA9c+iSJ3x6iQv2SnwX0aePP9MlBeGwSBfhT2KjaVYR8MynWM1AMU64y7CE+km+Jv3FHFiwDA/X6W0veyKICAvJxdGGDZy6JaYz78Z8RTH/IN/7arTxRG4iVWitZVkf56nAFbh9J/zxrARrRV7naaX7+X741V+f+BvigQxWEe7W9yQUHT1vW+RwaabOXz/A1FEyB25lQs93q29EfeUn4ZnX3tWoQNmHALub3xaOvCv4l1jeLAM5wCTlR7IBdtXr7Ze2nevzoPMjihP2DC5zVsXhQsO6ztxexg7esSO/X7KfO8ERzntrjrJIiXmyL+ZKB0ZLFrmO6It1LvshwJhnGycXSxWZgDfQgEoFfBqG0NRHOMJE3J5rT+y7r9zR/C/hIvwXLMSb5//FyD3vV/z3JINpVsNQ+xWncu3M8HJ9WbAQmmVfbdfrtKalBvxMSp3ZPcFKrHkiVA7EqCkm7RbKUu7I8032Gnp+mnbZ+R1WkUWRTTnd9FZB4rt7lRyKjbwvGXPr/Ikh8gAlDuL4U0lm7Oe/WDARNNglwzUz73/U+EImnWxl58GXIYqmAyPdOhC1Bf4bIWR1yV/35O0JnrJrQ7q0OgeIXjuiSTLF41ceff92EyFH15s2V/kLFmteIv93WPMxwj8wG2l69ZihlbcdlaC0qL9MF72hK2PaL0qp+VRZkJ6nvAZ+cp9UwMgbB9nxe/ncgX5cNQcLz8dnirtdeIC4BONShu8jKoeTD244BrZBMdceG5Olv6OdfkfvPn2Aw3BIuzjp4S4C822SQtXgkqk5w9G+epygmPko/0oCsEL8uYgQN1WV37yuq3J0Llj3QLYbuxYHQHI4xTaQa+vC4xaNgRrLE/QB3G6MfgDFRre3LaTDgweJhxP/Dn+UB+Y3w8VRPtIHsX89qLQ/tOHpHRXCetZeWAdX2+LMJ5ZVtIwL90/teiohNs8nfxjTKRdIbFiMUYv5deogT+V3txYn3ppBRL8KPIAQ0bmP/0jP2221GrOlZAZbkhek9mztd9hMbdg477SpVtP+kdxmKVcbOdUInLSaAmmmpWoZZcramg1pVhFyuASTgL7sQUnD/8tdnRdMP/fQiCWqXBTpnrzi80GDszLewi4nXjBxCC4f69nAyryUVhoP6gXfwP9zux/J7h9zd6DA3wNVwWGx2e5ymf8/x7M3HfMwapSI8a5rpvsm5vw5iNyjiJ8v962iWv+Y+4fmHZ96Lre/ZaKt0+JooR5VZF8GsECHRT8UGxUc+cPU77IOrRpx8H1ixr+Rvx5+ZZ6adMqg/YAakKKH9gjo03lZvaGkRlfiANQ7Mn7/QBTNRrO8Q8PXgpNhNRGtJ/HRy09mOUfprD5/PJi5++Zgu6RPv3yfdX8GbYs6CX3cKxp9GaXGs25y1ioqso+Ve0xJSGvA899N7FPgejhA1zPv01A0P9OkFkfWvDN00L968Snj8okEwELNI7TGyFj9Aip9D8ol691PeHc9YeywINJ/hSBwWdDIYWuGLchnlRZnvHmjrkgnx3VV6lODvvFER72I8R8wMZ+Uta1YH+hIwLUR/rUJTYs7/2oNaX1M6642lCTYTz53EtpXTvjGVoqDNe03OACbaCha3giiXaucR8akAfIKk20xaX8fZK7XI8ysDrL1d8yX746AmLky9mHwPuO6VNUYZoG2+H69q8L6zl30tXKcCn2V0P1DLpTxbqt28IiOsd6j85AYmRoihpsqafn63+6ts4WmVGn/PL60jtR/BlVywHxLc18bUagedVYGfxO1hSUjRAMyTSIrPFv85fPyGxGI5WvdfhSn3ePtTSQhQfUnsJAjCM+cpH3uo6i0xlgUHbwNv8q1KXoWvAOoYhcDgm/jEZAZEOSPadho/3QD2dDLagIuzw3ECdvkTJD1zuj51WOVfNeHRl6q9w5Raacz4qIrbpDNa0Xiv6iZ+L/t0b255XLI6LfcsciN+fJX1P3sJiRqVbiXjCwk7m8+wnryMNtR7s9Fk2jr1vUY/OXpnx6pcosywRBD1sPdPzAf9oxY6j0ANqPM6IetXCeGqQA+tOLI57qIZDoAwIhePDg/UWsQE2KJvurtpunvuoXYLO0wV0FkH0oHuC2uN7+fo1H8MJC/gYHyrmeZj1LvbFYhgJ4EdVaw3V6kViEcQecnT/g+9Cr7SjiSJFWIJhlq6z6TskcIbi1HJh3Nf1qc8TgC7nMLiaChvF9Id0R7PjFWnTrpQPib4eRIt1zcsFfjN2MQr22NAXFTHNu3azqE9JbHtpmqwjvkKN1fopS7wxyPRGEdmkX0OgYfr8C4bOJFGz7kuzloVF1B3Qv4XTvXPc63zd9LxUAboIlxmbGjbw2BBRiYbvLwqYp/PfML9yIIQbsoMFJvV/EvqQrwqczJoovgFSCRPhDrn0iYuUzkJn/IpWcF1+V4nm4clrhxDjvE6+D6NC84NIq5/NTlVfuiq+prP4w9jLcmeDMa37SLnugdq5mjNA78am44wfstl+35JwhuvHKIRP+4M+yOKv9xgd06ESPFo6M3yQ/ExN1sB1cQrL/eHxDwQVDSxrPIvdpnRdJxlsWEl2NbRSMYbvpwIt8EffVyFJWrzB9PSrR0fzTxs/xUohPQGzARlAG+fshykr6bJMU6t2vwYeG6f+b26eQYnb+33iZJf+ehCH3csV1FSIFG6N6pyXYqhrpmyImr7qi058gvF17k2dLDnnjIOf1PAzxazTrpKufy466MaEjCINMMEi58/uEHhd25/47Cb1L575Hmk65aJwoGbH2+jui+tgbKL5LLI0MaNvpAarsqrFtkNWVTA83r/FB38OBq1AZglx0bJBICQ5CrHz4b0u/pzkzCtpvQY/9pO9GMU0wxeTPdTN6l3e4hdiAFt9U+KKqF9uwnGi/gsygxBaeLa/PaLdZ4FPWiDYHaxy3QVaRg7qE9FyaY12Yzbdn/TZstEbMmz8qjM+R0lgicX/rYrv+YORaK+J8S8Y9oN2SkJ736iq2DC8LepAjX4TSibeX8Wqg2n1rrpfi4caiag+z3C9Ou8saxXTbpNP7w5IC9uY5IvZBhnnfzReDfPtPxqdXxshRY3jlMcI/a++yDCEX+Q/wXJ9gD8uwS3GX19PBe8D3qqg+Y63fLujUyJvY8dR/R2hjP9OAT/+Hqutv9wPTgjpbKnX7g30SEgfJnT+EBY9SZaLpjqUrsryRIpCDM5NZLYT3/k0vdJqj8TauVCn1BncK0QoqInfosuFy6zVYqKC16CSqg4G4AyjS9GxbavUjZZU7ECLIWeddZge+9Msq4uGceCUUW6ME+b7Mnh7VbhAejQkiUDdCh2ADw50TgptAU4HboFEOKFTvhYg/ypzzASLv9gb8vL/Jd/D3NrkvzlCgCqYYoPrCE7XL6jo2vjreEL+M+kbZ+/HmAV14v6G+FI0a/MgUPc46wwKMTJb6aJPAUyqCGLXGG+BO/c6xZnl15ngoHKEilEXo77fojAkuTyeyz6vXntAVbbglHlK1jGhVthPE8lpN93TzuuHeio8ynd8FlOwJ4FIcfLld53bZy9mUWx5PCMBvs7MnAQba4j0pAaYg85BenZT86l9CgY0o9ZkOVwMVHoVf8gMiYpXSDCkjk6uQIU2vqIuPhZWZHwdGIooX4OibdFjZTUWqAjzxT5j+tLLcThOc8iv9RlG0YfYiISMK90nDlYfhCOGqPkZnPL3HFb7uub3V+eQCwPkg5kMeS9uzK+BCYKDL9qJ/970epIrXkkuJT0HTdujLB8YpJ4V9leuBwhcvdbQF9O/Mjv2ubOmDjzqXL8flJav/RWWMA1S+a/J6h8DYnDP7cMeM79ZZp1fOxG6FW7+XjNszJXfSCj5/ayYQhusmMjbubMDPWzw5AWFlsshkmaSHi4lxNcSrf8qPqG/t8+cnLxGsrkzVExJu9GE9bK9yBX0+oskaJZsBcXXr3GkUubGahgbaELOBzmVcw9BHdEHPE9hav1bqkn6ehaYQrvTBScNDmL51fFDWcjBznelWFhm4AWCokT8X2VC4otd/uoQ+v/97w1GJC/C24PzUDwo6gkeNf4glpO3Il3VnDTNCsjoRB9CtuaPX29ODQfbNicEjBTAU89b+Hqc+vCRWdm+sM0IvE1/BrTkV8m5VdKM2eSv796gSuh06Cpwbvfh5JeaAdp+W06R4J8LGAh3IPAPfv39tAheXROOpGya+a8zItYRqijR43GTW29e+J2VoL+y+I1ueVjPI7Q/u678X1gcPXQ9eUrLEf7YFT1hx7cwYxktRM9xZHNp40l5JX9+0fE8E8QjFQ2CAtRtxbOlfYcwKF7RkBilKQqcAQ99C3PptqZN5+DfZN3Tys5lhrXnFv1zyFtLZzmGjD49WPZDbs/2Yp+W+0v44d8yVf4c06YykZp/YFjAKIqqfngBphwL31IkSr1Ohsyd4u/Lfu8tXHanaR68vrK/PiQR8L9YRopH2r7aIV4TVcV6uqh6DYJcJrW+KLVxPsFmIbvHEyEY0HfH5wqhKHXn+Xt18zy1cZ/eRFKU2gt6eR0niL+afmDaac5pZ2N0quGXOVmXQaCeTahUw85RtE5Q2JsaJ/ib7Xsim8CSmEAFqllxWCvHPILSVrW5wH1y4mn1SvGLOxWG0lRYkRFRk5hL/700k9ZSX6M99NPcryu1LK+JD5FBiS5qqNqCpjC2/ZkulPt+MC3J3W/LCwz3X5y6diC+vqPGqEQn/8vMvwwJnQD5VCXEHG3vIe6/1wn2vm6nISLnesQ/WstuB9q9yCXRpeZlpOAqjqCAg7ZTHcS0x9bX+p+raZ/5jq0jDFHqw6ZtcBzkIkBVnvPfkFrrVaamU3edL2hUZggcxVkMFzha17AljW1wTcAyYHbw+oqT0wGxY+omCdYCjJsRsr95o69nz49n0yNsDaO7WX+3eFJfQ3SPaA1eg00+jzuXA3R1+vRys7hk9e3h7mEbRgl1Gf3h0YZyqEgcoH93J4hbEX23sJg3OIogZteDFxsTupIoO3v98gS4Ee/BBg2Omgv5YmpgrZon/VgOttuI/qjH/f18EelWxydIv0+IZFlocI2DLTpIZ1SIsnQ6g01Xhwf1UsZWxjWWNWCtxcjLSRGpbDhORh4ggrRUknVnxohk9XPM2uzlXzsDAUJqhHX5TMzcgH3ZX4d/qMB7L2r/fegfLjpUPmZ9GOQLMFPw3GRVzob7LYxW9XHwtmo6iZOfpM/k3ATWHOQ/+S66gGop228YZMNksaz60iA/BOdlGXs4CGNHdPzBfl3seLT0d02fq3t9X0pGxIhufdCl6BmC2kChWhuP7NCM5et+MtwHmboA4kTueDy1krKynH72CKUADvwHa4Y+VF8szwy+/osc8cH/BwCKgnOiDwd6ycDwSQFufFyte6Ua4QJNoPIYhpXNV6u4reKXoTQwO8xvM05n0Ir2rzpT39ZBGEEftBAd4YruaHmkw3GcVlaaRhgfqth8Q3f7sMSGkR46XGpM3KN+WeVl7Ce9eUz3qjbysvQpR3nZMhPp/loIS6nNDMwGdRuVKPYiCqzQR7nyGOiV/Pd6kw7tLetC01A7KmjhfdWVBbmkvdh4YoNScUuWLfXhG4T9ewNlBbYVx5A+OcJVzxoZIulpZQVFca3c45fvd5kfijHJTNoIK1ccokuHjwj0V5Q56QTHKRaNg3G0lKnNPasozPbp5b/U4YHdF0hNZN/PzhwLXYyMG20e64mz6Z20LGn46JUZ+XspEfyuLJX01C5uAanuyN15yfSKpSqT9qD5w7r8K/GZnEev4rW42yLCwNmX7HDQENAJsY6YmD5joYdIRhBpAnXqXBGW2+g8Mr8V4DUDPjIKi6qwgrvan6Mir9Fj8IiKBeTE319i0vND5XRsH6FuEhRIsCauWCXWxBAc3tJMrNcnIW7ZM+JrGPsTtsufMIF41i5XzHi1ZP0VDLr/UnowaR2crKj96MGxZRB2CZE6jdaeFD+H2a7AUP8I0fzTcyozPiIok3GdjEE/S1oOiV9T5BJM2vSpWHNl/14c4xW3OBOfBmIwGd+b2N5VpMg5ys+IBT7k0XeTwGKe1fDSuaygHi++BqMJVEdrJnLR/ObrOvSuxsjdBFu6PLT0jFLQIV2epx4kcqOE0eZrVtFfYNMvOUQ4yOM0Uc9oWehEr4+CLYJ0VYZhsNyhkSeapELlVnFEkpwWR/YY/qLnLpwCCNBqBbyOyBKcR5k6qrZvw2BVr+cFkJKtVEtl2jLlWli+V+K3LbWEH1OibPnHLgJiOelzShzgG5bAFoTz0yTnhVHGLOauS+U15ETRaqJdVmPVs18euFOOHrn1q6xO/zdFi2/LcKG+Y4cOZ1N3KyL4Wha0MKjvuw9/mQFoFJi2D7Si7FvX700ROQaPfDWycvAIP4MMFOk8TZIbUvIhaYs4om9GKjfe1q7QxUWo3nak+LJr8+iGjrxayzueMoi8Bzz62yskkP5qQAwOIR5RvGAD/sx2iiE/nLNANgLRpvC9w0lJqB+kYNXRn2fLTe3XRHoUU18URzXby9AaPvzXRwQzlH68Tgwa0M9DGCbqeJMmse2LeRi5HYl5PmYHCn7USjjt9VJrqYYkqxhzha+dj8bu599rZUikn35X3s/mqnW0Pl5q7o8LNBs7KR5Rl+MLHuwVUG3pD68Y09RBN9txcm5ymAr5oSeEgpwmqyeIbgzM4+t5teyfi99GCH6e21gKSwKCvuCfDzdxzhUfsfG5nDwp7sGjQSEtjhZE+P2NyVmRA+t9lTJUaGVC7duEUw5gkRa+4Dy7SmrCXDZqtuIoic2KNqoUsc0DovTlYuGISuWvQNi/oZT7OuaQsQAzXFQteaCDUkB9ASR+v3j4FXUsjZD1eEBW4uG+F2kSZFCmx/Dn80ZMuJ/iifzsmuexdnJrro9ZvddFOa7vF4IPrH0Xqll/L2TpjWwFi+D7lMioO5FPEdZiPDmN5NDMQ5OlI6UK9dVYobrBMnVI89wE+4QulvESsaD6h+WoH0q6aeX8VRGSBjfU1CvctmUG+5KAdBubIf08DXfgXn9AprKHUE+56r6RFfWJSPYGSneog0TxuNupXQWCfUBdZ+OsKJirRjdsO0FpzGXEhDLSocl31uXfnjLAtOVc+6P6AP4UuPUvci9ELUpOCD11k5P+luTTkFS1rkehE+86qXEOZfxEzNenZYucLFJ3PlFmxSjwpqYTlPtibBhWCnHINS8nsWUM4nLPZyxI8Xa+VawIRBYZ2ki05duko9vDOyYL+KA9HmUUyk09v6AcUA244gGgMc4j9SMeQIbbNB+dO5IPVSvL0WSuD8M58t0z9zmN+PN7ZmUCJioTPrc4fjbo/AB7AIrIhaMDh2wktoH/3g0EdMfQEsOR8pMhH22z4J/DCWalMfygN8uJO3BGVuk/3KbaIK/uxxwmK9pPwaj5AicFPsokZ1dGytIWY0Jb0W5KbqJ84etrTcW/Cmz4B6oE/UfAkwqkfmNXlGd2T7Dmt3X3omppXmgRhecezrcOSF24RI7VtgTZ1c8lcZpvP1ir2wi0zD+lmtMoceJ/76PkMNJCa+V4y4vOgq94vJJDQi/6iEwxiuqtVCdQUCvU+jbDAbGxhogWnDupglxuYHG0FQ6TFKFAn5bm1zBLIsL+X7tCOuBYATmXwgrm3tKEi4iXvRmP0xUGLyoST9dW11ON6uoymo56YXc/S6OnWiv21Nin+JLOyM5UMIxBoKJl/i6oOgz1FmwP/+9YGYKmaR8+naID5Tt3YLA7HL9sgtLj+LQmvRpoh51GlkvyvlGGpSxpg7u1+DtVch8IIA2BBJPUkgvIOhO8MSFpBcojsN1F7Etfs+OgJD8Jf9B7ikGREPcLjwSASDOVLGE8Zqyr6ph6gDVa6vDV0aXPoja6nPjSut7qg1855AY1pyWQmqudcacd1Vvl0PIoiyU1tkKGLQvsRIFAjeZO+DQpJhctddJPE+u8vlJxhp+ilfzsCLL6eMAPfjXa0WptcJoUmf/uZ57nDxBvaYQ+O87P89d0/koKKo0A1orKe21DpeIZXaEmsIR72RKPGrzazmir0AxOeK9SA7MNIrndsnqeRpjnBHYGtfXFsVrPoXYXljbk72TUOLb0Fxe0SN5Hl4/sSoN0VepUDNNPBnOyhWI9CxstfJos54tL2cKgXQ7CdX6Rv5OB1srE9n6WipfCBFkjeKwxulvyh88Mu+O9bNGengMucBzrHbf2jFiuIJjQ2GgAG5qg3RXRe6OC/TROeTR+mDeJfAOmDUXvOlmLbh1/DO/mPTJV1GmaixGRNxyQ6a2KPUPmI92sOP5rCfqShi3k4NMzEzONMuhQDvnZkLCvbgvTL4gMjqIM9FUX2fJ0GTGW2hs6MzFcLEmhx0W/KRFifL8MXU+LgJECcKsSR7fkczMvP94rl0Ddfz+axYq84l0VAELHWMBrBcJR2RARVh1NHGywd2qumfdxlRC8kZ7dEAi4Rc3h3drnh9dBw+4+zWnGlIJsez7v3R3YpaCb49+c9z1ToZEMQ+rlqthhJ4bzAYQ0/uYKQo+bXCUP2RWoHxiYLyo4Bxe78mTt19n7AOeBLKagAi7KgDTTX6uVseiVoc/1+q9wgb0uY3eFOnTrOjem7tGbjm55/Ott2X+GbgMf+kQfbHFkmY/biHiAhYB/X5Rsfl/JA9gfubsRBFg2k7KxLSQdtlIUx9hpq2VjlKl0V6erQEGJj2y08uNbHp3Ohcrh+RZtIAM8Pm70/KCVOjOvm5/4Tj5lSFRzXY8/x/oEvu/lrOhvXoi1W9uKGptCIc8rhYoAO6r35ksSGW8zXStW8dKAdxMcEvnFoRW6M3Sw2pBDUgIXvpq4RcckSG1MKD0UEeBuc7t5ML7BwxvJf8XttkVJIBR36pZu58RhucDCV0aaRIYy/NWwNEdGoRv4t6BnvSa7e95p9iu2qibLQ0PRmZf8jo3kPpnT664GK6dC9RxehF1YTKvymrSt4TnCUOuxh8XuMxB3e3jCBVUpdWLLQXLJxz1Q6MDr2YOEAhUjBKkmRTHacSTQY6OkZ4rlhiKbkG+YQ9RnKHppNnBOjZQaJWUv3wv19Ikg+OdHjdMyoPDMj3XloSINrO5qV2GLU8XrvPFLPZNal559rhbqGagH6hxfaV5jFNJyHpEZZvvL8aQ81tl+6P9S2fjAFx7kQ7HM2MawPaJZ6vjh0KckjWad7s9fbJ7vZFXpAKjAQa2fMM22nZWVj2N3Wq1bd+qua61ihnLpjmDcDwGvHjPw8NP906VKFSC6qYutyAV/LeP4SCMyvRux/IzST0YtqgMZm0HOlmcn3/UaXw/qyiwe/jVelc4ihvedvJgRoAcGagNT2sszpZnK5cml0/xqsYJ5Z63ZAWHu7TOBxkvVBV8g5rfhBM/v0v49h2T8mNPa+f5juVnlsRWyHzC5OfWrCX8FlJZijC9e41LoUYEBN1wjrZGYAsEYstzlhB9kTS6auakyZ3UZ5dHattRozvR9/UQuGFu4KJOjYkJJ7y/eIXCFAuk612Ukt2XXQnJx+fw9mMJdFi61Lh19bq/r181wbn4yr42ukeavgp2ZiO+dzQRMe4LfB3fcUZwVvviyN7ogcFhyGpS4oK/r7xlOZVZWMkqC5BMK/8Gc7UXfCJkfn/PbqSFVVz+2RbSIzrVt9L6FxVlgrKBQ3HH2EI12jWeMxNWznrSf+c/pMbfcPiyOcnX2DBdSoFFzpa4vnnSMeHG5rPrxMf7mgJRcGHwWDtjyMvIx9y6hLwT8VxDYPxegYw+VWRYOYUpDS0sizeIrgiejr1UqVHR8OUHopfUhA52q2gIJF/D+YivTnevVSj8ZzOV0vley2JBE2nGKJd6VLyyv5EJ8bcw8q9X2nkz+aS4DnxID+VUOTzKdTIDUzmLT1fflY3pyjMJawP4oF5pZSmmbfk/GorHvGOqR++KzdNYAvMu1XOUmQWzrQGOtNuIhMkCFyGeAhUwrgI23E+xPtkoR90AyhKH/mi9Bf6RQIjX2orrkPeEUysJv1P4UyTnbIC32fZbYugIBOzkCaZr9y/zB2Vtc73QG0YHoqoYKvhlShxMrZnoOTJjfi2yoyVikwhHIdRo2aTCS5xYvmoBKOYCumjqKgU6bGOq9Du+HbNlEU27wGon55422wQr6CtH44l2XAKUnCN6m9vNCxiPl5o5tz46z6Z+TGgYd6QJqBXfDNBb4MUsvis9qzJ7jsp7Os4K8YictJS/qFwb7oH+zbx08sl1BYRCi/GP5GliTNdIQyM6ZD5Tajkx74WczCOqUg5/wBX8DOt0kdForFz5eE0uRADxWKvFex9cSr6TJRB+srAiHNn5ag0ic03Y8R6peGalbto1K7wvTr3tGLGRPZOeXcZJXX0/wpSueyl7Knr+u9izJvRnONJfbFyy8nzqerPLdQWDoKiohmJWaUZ1pmHvAL5UTPBnL7LjDvq6pTC+6qWdl1rffzbCMCYsIeIyRpxB1/CnMqb1e/muKCbdbcgHAEd0Thj/iGytE+RwIt+rxZpWzgGkmI0sAy77XaZRVVv/DZb0oFzPwlrxvJee9+jLC6ZzByG8NkTbDs3zIkfVB7Go0s7xiMcz3x2qMHf7izTgt2xoRTfr6s/7+OssD1p1ydx4h1fbjYKdhmZl+NhuNoSZIddrhJQ0oqHLylN/vf59Q0w3eSlbFOjKr2PRfPP/CxKLczXoZ++BHxNKKbiTmeW7MXN+K/xuFQ5nbhLCsTFu6sP8Q69w+Xik8WGtl1kgnTbTXr2mqqroaQSukLBn4kuyKoUqytEZFZS4s/fki1kUzAgujDpuRm2L/tw9xFpOTXuVEChU7srV1DMi1CXC5b7HkX/TMk+iNDK4ybGUruqs4UNox8ZmpdpcfS8vSGKWroszdF454BE4ZZm5ABYwfM9C69Jx9Gyz4O9Yt0lDhqyOCiNbXgB5en81UltufG56JZlvWi+4RXrA0dBfzd70EfQV79qqIpCWDQwTVxhANQtEIeyh/08FFSwEPKIryS/3er4fqqV/Nr5sIRG4+Aq0UlfZRn5zMXw4vjKwAKgEnuio0IfBtW4aglqxttkVX7z0l9B+B7wtwV6MtMuj0bucWEtZ+In+caRNENUEWkeL+KFfMfyHy3e0PpCkZ5NP+7v6+sxxUcDlgx+/yaWK+N95+UdtpbfenQKS1J+CpHMxc6hmlQ1/L1RWB+zuPokmliWZJd74+SZE3a/vqF1ubWmeZX8BnsP7dsaTXmmXMMWy+jAAVf18WNg9M9Bgus8HaFqSqkFy3pY15/gZzX9VtMfoXeIXCyt6TmT5gStg8Kydw8J/D1tfAin98NGYeJdZWhWLt6mnOwJQFff+VY2v6iNy81EI/HrGkQsdl4+qVK1XlSDXLATesNucu5YtZ1QeMNGKYpEHqRrWhNBEBluZwXYZfr+2xfyhzidCVorgid7t8Wv1f8WSoTgL2PkV9ToMo7EWPf682gWSpkH1svfUsrhvVdill5l08qLL+O+ns9IOQW/MRYjMw7fcP6nNCNPT/15GXxOOOVBiIdYb++TXAjD4Qtz9rroL9xBpE77VsVn+J5o+md/NR50DH/x9779XrsJKkCf6aAnYfakBvHumN6L34Ri8akaI3v36ZOvdWV/ftAWYw3Yvu3XMAHUlUMhnpIr4wGUmTtjaBJ7Rte6gbtLPAPITC9HBTvMKy9/p6bIKvM1B7UVpdkig+l2kwC5F/a0M6pN2AKWG5FrjLQhtXZZOqvfXdrGUQ0XsfefDB3jqCcfPdI1Rxb7FE4an5wP3Q9ruO4xOUpnwrRJA1YuzKzon7GoEO9x1pACZcYVWxRE8Di+/J+KXVns1a3yhoMGNgWaOffkWHWMHsmrl208MYT2OpEU4QAdevF/mJybTe4sRlNC/AMCsDNXqXe6vxjdxgP1vEecmmW6usFpfMbE1j+OSnW415eJ+KIiYo7eyccTx9JuK/mZr4d0nga7TfehxaKzHNf4Lq1sq46iMlGjAACpzH8jsHU351NM/McvJ7DtqVsLG4AYxWOkEa1eQ2UnLZe9wCW8WL2vXHvPVIE+fa41P5Ti63Bj7Yqi4eT25jzq+1RpQCb3mE+OczBt4FhTOEkxu8pHY4DFZVj+4bT/BjNT1tqUWjjR827y151XG+4DLynvrmbInBA87gFUrtd1rXSBryfOMsRF683nKHXty9fgFQlxBPGTQLz2No2yYAYG02098H86HKIVa7T3fjL4W5gW/Rv5CaEVybZ1X9HTCPtSi56/Hp3XzA5mheuaR2j59h1fCqg/FAjSJGeQBoSZXB8Cae9DhOHzx8BUHSZ2J9ZTltBRikJyHOpczz1vcdpKSuoXp8IJE1EPftc+KWqt+8egBkgZCnPpnktUkFsh9zMFBvG7asJ150Df+h4+rUN1bTfyJ1xdJ97fdc6VtnL/JzwZMYfnrE3iMY8f6oXmNfucSyrmQuXoYsGrJxi2/NLeMuMMNsDAKWDtBUc9KRWvcoaCDqUxidrb6/9UNXVMKM5hxoHo4iyBsMWKFo78cwyKIDAr8diyMidTJz1PuoO5tZRV+3elZMxGsqg9afXjDXMh5ooHOLFOu7u1/SVlJq0qwl5he2PEvdDIrHODFC/TBIHlq+saEAdCCAnvKEgaPptZ2+GojK9N6oNtKJ1Mv5Zu7xYH0BDBqDxJzLR2nAZh4xaVqsp6gXavc6/3iCkWc/sMjIxK1rZEQkroLCdGa8xwySxbAMunM8EUBT/LC6TXg3PTrEBrC9yIC90Sh56dPPqhLhWaLnVqqa9nRhoMJVHUVlgIMf+NZiCJwhBQgamSTZN67EHB7NK8gmO1ADeiMv3ueBeiMJSAa9Goc6KMGVBkNe3uG9CoIAi0fA0sXKsYGXqHnwTCLJH4q2P9Kl7REScsrSwossXyh5HBSGBG3ox67okeR5WJkhRbMUU7mZ2BuNXlc2ECGMPtqFidHIhmVxIkAiI9ZvATt3O5zuTtJusPJez+MVxgTV9DJsEnkVHWptXeWWKfPi4fn7fAwbJ5fnxcZ9Vru52uTTSpviQR4MrmZcvLIIQP4dtok0CJPSl/qm0yIxeyfp50GcmqQjxNJAE1LgA5Dlq5kVTwxCvgkAHTS0vBMYVN0rfmhYyV44ddeU5bnxjZ+Kixib4SPZong19TQi817eK4SzNjBSRv/sCr6FzG05IcDQ9SBParDjtQvwomxdLdxd8/TYd8DdGh1PX8uQcBl7Ek93kDoXLjyEjLYKNj+IqWom+w1+J4wirdiMNttYSk4D9TTKdPssldBnfpjH6U/B64HGeP71GBfV6G2mLff4OiWzqtegj8vlOS/aBomBKBG5+ZFiA8ZultS4Y/8Bhm5rdg3n1rtmDpWZW2H4AOAPkNvVxvhJ01EQkqW9pjaWADt1Fdhgfz5M0TlDEb1N8N5ba1aKful9bNjK01hAoEBsfkapbyFLfERGGMgWagGh0NQCVN2KF0mGNDAJSnsXJ7JYKiBPk8gEJozTghtVMX0pSnkRELBXyIZBvnLLSjcU1ysKejE+HQbA5cDCUtB4ra60K5tNTLKy21CEpKTvXpndCjaOp3tKZW/Dv/iRvsdjn2O0ryNHFglS1+BbPR3VCLHGDyvNSEAoU9axaJneI349X+/o7CSy0685byhEGmk5/KQC2+ALTVJnQz0M1A98cabfukcHTgRUx6aaCPxt6kT+rtD12sFMxDNxSkA0/eH4gfikoTOuL4W5ESYrX9+Efp/6o/qbXL12YO+E08h+OW+Ne5ahhR/cMFHBAFkWkoJfrUFR56tITVdA2/5NF0z2jUjI8h2+YevcV6/61vjboLGdW2tdHu5nuOEpUL3tbH4mNYMcBBWUPplTxu5aOE8+rvmi/SAKXNcPFmzS4AJ2S+tkDOJjGph7gRhMMKPLC2medHoULy2M4y1BPiM0ea1t5jkxaIXHxzvPc+lMPnCKtAICuD75h9FpDWnVW7M5xNc5X2wZFHfA1tcmrnDyjmcFcXGioBm9kHeTE6hwIw54n8Xmuhb14wqCci940pdtYlMwTYCzjQOZPGJ3DaFAY6jqgbFTxQjsPTOS+putHTBW91AbYrblg+6DR6GvUJ0A/w2AMp9WgVqX956yS5dLvEgjmUyWjHPMkXG5eI8VUgf8cuuCbs7Gr0onmdBw7YB+l5qihw4d+8Gw547y7p8kMOuKE9hV/t0LbU+Xeuo81Sj1IsKML28obZ5XuTIUc9I+muldYyHw8n694FTyA9PcRsBkwhlwR7S+F3OZ9Y1qb8cq7g7qJBTLA+gDomWfD666EbBiMZoba+snCcX8fp4r3PAlHyW1ejyqylnFmBjGxwvronRJ00CQjVboEz8MmVsMIch5Pv9ITBgzWkpi+ea2p4mnHA1w8SvJKDPnx/jrfxNVzrJwppJrT4j1l/4SjjB+fEPDR00v7jYYn0vSiwP0QkNzXRs1GEE8GJ+K3kcXO+ij+m68xtb6PMKDxCOwMY/epvRNi3HFbGB5IJkPG16UyDsptKbX43nC+LeGIzPv1vzQazu+B5Xibr2gz7ci6nFuBL3lhUVdQGA//8BlRx2y97OkZ6tXC3lC9ScE7P1ySjzRPxjWHtKno3EOuC5pPHQU5M3b+gXmgwC9TVIoURIg6JCa6E1rU5fAe+y4cnVDpah/UAzDpKrrO+zNxgkhi8OJ82/A1VvkfCDhMWP0HPbd48I2OZBZXRj5heLhzy4LV8CSKiMMgfqg+HLZbKmEUa+q0Gx/vyxljWoorubsC7tYL13RZ+MNRXkVElahvbcnj2HkhnFogYJQ0XbgVOhykPdaJbotZR58nQFFk7mE95ufC4mRM8+H+0s/QvEZJZY3A/xjAn0LKS2EuOzMXDhCuQYBFaI9XbWDQpalYF6s0Lsi+2aKjFnHdychTxfuJDo7KHOaILXnRGzYvnuzlPXZHx47wC993tYSgFy0z/FSt+MmQE2nGObzLlFq4kuD8Ykh2uZ4cREYxv6lDwyMlY2fa74aejEZvcdqNMsNO24pAKx3jvndanNjGGYODeVh7LJXJU81quQhs9yMDnI+HxnzbirF4d0tHmqZpoiPdo+UxWBn+l1KkYr6KCzpZDSr8C132dYiwvnCIz8sbyX9kkVdyoZkk9j3/N1MARujMj629JEsFk4rZFoQLrBQWRgqux1PMemFqPWIpoTWnhQ9PGoYeN3hatmjONz2B7QGuus8bctNGLHFGNHmcCaShgRDSYy99bnekU9HWgHnv9re6mgBxRQK6nS3iFKTDHPjxXtDbp97LPG2gxANAInnu8duzRosTtD5R9vWxfWyaVE8H30hd4FjpunpQsQctbLYVRA21p8Bp2VEKL3GsoO5IW+UeAgvl1GWwv5gbMPcmpzqSTxM8t+8q99g6F7FwRZvupQwoI1t6hLUAECyZaRieFWgi/e1VXPUvfRRmqKVw2mZVhYw9M8U62r5wXRgCxep1mf8apjfvN606AgMDRoErHvmi+ZrOHEt5FURJRqVOs+C54lCdZWPA+zMGxTbUYcm7iqgjRBk4gjvPheVPbEnCXTJ4EFtrpv1zFywEWz4cTi1rWokfQABAADHguviN1Zs68Ep8KL1eCHQS/OapjFv+e9AIvKo+gNZYzHNYbTT1rL4oFjPn98HfKBvIvSo9fFHT7Kas1tVfg34YjqN+0Ugdo6CFqf10iRl6Uc6F2IMWsn0NN8IwNlrVxG1oXIy5fWBvJCkP9d81sAqYH8abdrsWCN7c7SQErGK8BuJEtHqpfl7RnfJZsRS0OMo2xMokC0XFKvfzCPicw7Dro885rqLZAvnGdYSASNVpBQ3PAxaFI1F66NvB8KsqtNCVQxpGcqmIdIWei/LQDzCahl8N7oIQBgH2TM6owEM7QwsZpy+kElHCNDDZs2Cf+9VgbvEO7Kh1UeVh+kaso7wo8F84yXP1Ahify7LrzV3xvFOkCO2XT+PG5I/SPySDiLtbnlfqCRG9va6rvzsFJV3uempfzTemrX4DcP62/JnJgg62NC3QZmt13Y1EGyoZL4dVloSNhZmoWa64wtNE/5Imse6NgO/AW2SqEbbmd4h9SIUg5Sx2mg/ce4wtYvJR82+MHardBAdxtpCW1s1ksOMxJ8a3GoW0kfCFlIPSkRh3Q9mpHAiQ5S8T4wtBNgtwmrEmVjmOlStHXxOpuk/risGtnRZkUfjXXwvSqjNdLXS5KuJbf5uFVYKvcmIERVtHxQoi9F7Qsjk8RpVXnpi+cfshczDdSPw3k1NZVbASCmnTNZxoqVA2hUrtLZWeoymKPDGUaLeNMsNPlW9ii9mTXVNBScysaN6mRvrBza7w0nEFxEvwUWhz2wHmc0NDaCXpQ+FjwBHnEh5gNGZCOXMC8mcD+CzYk9bbWhEGoiHD23hlPAvvzbyl0Wjn5If1qoJO/ql6Z2FWdaNqnTnuzohACAejAnAlycyEaaQY2corlBVhuuLYlF7b0rKVuJ5rop+Lg3wsaKxJ38eTD/la7ZC20RDAhDSVOwKDDmwHHDI+DhBPyebN9gNoj672zy5N6PazwJSBPfWoN+EfstLpWfEPXvyFcbMW0CU7QfJe5upzkNBoyaUbk3SIO8qVEY+sltPBWqSobrPQ7be6L3OShRsYOVvmZWx2I0tg+SupVYGjSEZZ2KEE8UrieTMgWVUQ7CVduTlFnReud3qCxzMrGZ0H1QuteC5F/BEe08kUJVFnJVaLl4A82yA7SRXCquQJlb3opV8nljHccICPdPFGPLvWlkZInKrhza63OiHGysu4xLEoPDp9OrlkxPp1vvsibzQ5UQ+Z6WwAuSYSBd5n5pGhWL3R2ZLlgY1MkpbM+9ZrOZpZyyoV18WT/W9u8n829IpRoaW0C2ENzIt1+e5kabiJCuy7IPT1t/I8G8GdPdG98nkfAouHUBsGatJgtVQP8D61jWCsLzL++ZglNOpL/qR8NEz0rExzSSSYB/t4I5jhYzjTKzT48gkDmlYN3OqmyW67h6eV9a55YiP49CofnveDwMK66QXvhjBK3dp1rlvYCsbBSXt88EqWuH6+A0MY8kZnkhHMwIziIwCYs0U7To2iscVKl0jaVkgkImPYW59xnQeOPdUlL+h/N9Qthz6xa2v4v6GQH8DrPtWOqBPMhX9AkogCPxzaSumpTj+6RIq/A3l3odUDO9ime4Ogv74FYeQn1vOn+8Ihf4PEP8OLu11vrz+qATGfq69irp6Lf/mYjL/XKj+UT1Qhn4eCtwOB1d03Z80fD8jUJ3/3ONsbvl3tlzI9ik0M//3ZDOxv/9BwJZ0a/FT7OfCvJzdHxfmV/IBH+t3cmuhKAuaXGdJpyVp0VnDXC/10N+/p8Oy3FIBZTvwA5tkbTUNa59zQzdM36rQ8vv3T3UwXV2Be5fhc19N5k+RgSaX9VHcVLPfRzJ/XoX+vHJ/zpMl+RvK/Hy9BXB/IwauDljT2aGHVA1gVG/O8hL86rvZkgGH8XDM837nocLwQNwbw8oG5wa2wjGVUjKvezWAv253xe66P2jCzjDcod+Lesyk7w0d5AQvyEfody7nr+ztMzmao9q7WxPUaJ4R22lv+ozxbbXYmwbW7r9KgFxnZA4DgwHgq1l50F+T5rrCbzKfWHyEAYLylnvEu1vCM2qdMosz6ADPMLr6DqtM9yRhFITtQxY3t6uDG/E1gq8qjaBWDIIrRpuglRB3Z1Ud0WuQEnJes/CYLJLSJEtFU2kDgeEFkYFnG8eRT14GY9ELJQD+ikmkFGYGWDMnSUTyMG/GS0LGz0g8wvO0xo8jHOJLaoRUgJRXAq8XR7eHeGjc4628lXN47eM3fCKt0cd+9SliaT/JgFgdCWlKEEfSphkOg947rkeHed1dItXO3GA3+7kp+GYBH8dI2p3pKA3Td3AqllEEJ31xV0rJ4F21pigvVcgAIscdJuuXMyEvkt/Xzdm6HqgscuokOUCo26QmcKkvGiQj9ZNxJbTZ1r7zPAPNMRTL0oNMvkGwBtw2eXXmmgXQZpkDm+rSDBzEVeoxavFseQZcAE8hoUn1lvStPqnvTdDo4nsUPfkM5k+GIGYF7zZD5PuuR/B338Fk1tqIkC6cMcI0j6RldO8y0qK1Id3ediFwMCYXGdN3Z1IBvfEK+0YCg1RP0ro8QPh72XvlaqHGdAPhqot3VnkG63J9VbixgJwsKNOQrBkYHOXAxjM6XOTe2syTqxQRpSiJKKT4XbxzYUuiRStd0TqA3ZeknUWDwadXYSw8Jq5CxeiLOlvw7F83AgNOEC1Yk37+HrdgSIjnn5t5vlU4CQQE3qqQPMyd0ScJgY02v4UHfSt+edYldRojyTtHiAkuc4X9PHtjN6Zv9nX/hgbADEpPhf09aXeB9uytjSjpRLYWYNyTY5dS6keTiPyD3gobiKvpk5MIaTWnc19h7MVgeHY31i+RnfrBO0KtVQlZLsZu2rCf0Qk1XFNGXhjHUZ3GMKefpj7ySd7WSwG9yiH559K/O6y1iKieb1apmOfDmvvPN3+1F5FDtfkpDdH090ASZ1YZX7ONBiPJD56EcXFBtfb+kNxuDocpm3X0iLm9Oh7qzj4lBrryK8cK1lpo56mnK1bUucoOz5urnMLlGFtDO+DIrhe0Ev6CykFHEYvX9+SBHP6V2gjwBtyYpVIMz109/asIAWaAF5TOh/BS7PbMMvJNdAM8PumzbwVdvS5fqnauIhE0A5gCDWr5gyPXomDU9AXfyZb2s3CpGTNYFJwRZOOBjCnB51YcSBvao/3BbF1Wp+8XyZC9/wBDtVt6R1LcAAJWwJI2Nf0c44sA2t9r9Y8NjtSakE3SqPbyrl/pObpnzNfUZ+T86vkdLLT8EUXeuE6xvMu7wli3LC3DcWkK2z+RY1whQ2cprrLw8HwHi3dyvT+rV0Nib1CTWgxdGlLVmL6xxYTUb1kND5UTX4vdUMUMhL2xn5kZDMpYLoRZ+AslpJmrZAK972BV0RcYCzYYg9/EKaOrhzNqUkcy8ynfXJ55Mfb9ZrdAWii2cL+16s3Ab4TFMLZwi4gbJdxr5HuVUTiBvd9Uzv7Xtwov5b6HsSvlj1v/UuG/uvVbocByQD59b/1Lhb+0/NLy34CWesrLgUkj/IiRotfTse6m4ZNowBs7dFAqhIKrO7Pn1mLj33yGuUUiITmyfCOHUamfzTkKLp2G+IMpp1QqgSxm168L8HpXaNYx/DN/a9g7XvO1cRTUmd0AjYaMYV/2kt+qPmcWKT6dBG81w0lt3yRJioj/BS/ANaBpDxlSGv3yejobDEPE6m5f3psdHGoWFIPwf0ULL4ohFFKVJrEhJBf/sYn3k1OXfQaVvbxzcDdD8udNbEKZi40TXdLddb1qqdIma8sNF0wyCfT+e6ocyhZMxPOHZXd9UpEAX0wJUJo6gpFunGm8ohifl4vAU3pO8HJtwROPvvp8svdGowLKCHK5s0P4hOFP3JMUkdIOgtHwSdHEpTMI8lnULbZSYGtTVoqEbZtjtHE9ygxJoPgLQP2Ziw+fMYA9aa6R/P3pcwkWt/eyYwwB4qPEr+N5gyVoiwB+FDGchneK0qu/YIXw81oYgUNhriadIYnQ0hPGXqs9LSOBrKWY9LHCpjcAn/6z5q2dh16HClPUpdM6viwxeUggklPyIHLu6U8xbFe5txh/kz2hjXo8zanQabT2YYpDrMaF5fwxPqnvuS4VM7D5eCuVtEmSFASM8wTKZdKuxzQEU+OV75PgyS4c+ozNZ3kN4T1d4JNT4TTN6mWxd1VIwEZSDA1WMNYtK9Yku0zrdcLlugO6BkrcLUIlHBprD4qR2OYrVAF+Zhf821H1S1lqLEVvkFDERYPVWjH5D8asT2HISJX6dDJ5MpBSmgx/Ty4DfWEMxVREJNVLL9K+teEWMFBJT94QQJSuBX8TaMgu+eF2jif0pvaJ7G9/pqJw4QfyrK2ekQY1NftCrvi7VLK19yIz0p+TXMSmPCkWtoDB7YHqTKViA5XSTencSzKSS1rMGmKNFs9WmGLlH1c5vycMw0o7qd7e1hN7xTMW0htbSAoFJdrKGxtyCL/V6g3mXmWNVYNBYthMap/e+li9HnaVLd04otTqRLaMGDVJJd4pprhVqk+emyPxWWIiyBeNUfhidIPQCORHHEIWY7PEB3exiescDelIjuFtGzWOe9002hsn2f3+fvprWqv1akL5zYEs3sucOfUW0WYZHg9QBmEP5JqZiiXGOfFwUryhkmJI/5/gtL+0/CfSwr1uRcJceIi7V+xLWClIiKSZdKC7RoCS31JbP8d0ke+Z5lEQpBaPZekyhuFhHyOQt9O/6T9Ls4FpOML4LIFaztAiZ9gQsuB5iOQ7w1i5J+xJauZbLDgSfOsRvC2ggfMh70UckjSlrt0x36rVXRYNsuar0frER0Lf35Q4VHSlN9JnyHpxeux7KHOQMn2RHMEC6EEdw4ycWvmeIl2Zt2SeqOKEjyBaPUYBu4tZqlyN0JyUBsf0hHXz6XnLRX7YXoMFlCDS4uHdyKzkVauv+WljDCTDsvhNHQSkBfopyb1ktC2MZBdy1mOID52BBKjDBqGfYBToJRswm75BYho2W1/t6tE3Q77HYkZSF0+FCpShdiXjMBNI0qIBWeJEKH/dNYl+R259A4cGSLoqkrZDB4nxQp7Ia4bhLZilmzdo0YI2GL3+nCxJf/MfXVm+Bu24zBQS1mqzwp7CDNz6NnHkxJPvXgHsZXEDpxRyms9NUXcsjZRHxkB8CLTTtfkkEJBqtP8GnT3bTK00T8sjCcfwnugEB4zAo7C1IM35w2JhuQSPzn9KbmEKfWCZl3abtUXq0xBQDB674e8QP46KU/x12k+zCaV3FFUrBgRza8kGlhjvME0ivS+6MN4JppZfdeC1hz5d82do6qoVmIwTJqrceJta1uIdwGbZx8YFa1+JX+H6DY7gsvkqazbP7ON2a9dYCYa8AMYEEE6BHzCjnkgCLD/tQhPkW+efZkjxDJsmUKBpcAdPzvHFIydF4Dun1EZDYYsdgWPkGqX5ul4tmNE5DjG2T8chJQ02UrIxqhaMwzhCGoaXXbzTkYLJAVG6Iqdvic+s3scFB+Tk/QEd900zCLzrzfKWDkA1j2joNC6XWHMoNNZTBWaN6Nr4nccCIX8cjKF1s8vLKAykPqrD5M5gZLyQ/P4jFPXLhRbfy+5lNYkrsMEzLkf6qxVIm0RiVG5Zm8fR7mpp2YvWZjcvDU/qCBA4589TNjly97ohQDZlBbszNxo6gZAXV2DS6c+fcIYlbEqkw4C5q3pg5RvYSA5qkTQPJzL0bn2AP4eAdlwNg9HoHJ7Ns+6EVMKQY2YwRoWU+mE6meM77KkKQ15rHaGpFbYSvYdYWkDgD3i1prq8zG56n883gEzTFiVCmo9UTF2Iv21hTO63yGb24r8OB/2vxM1/afml5X+FFp4mWy9loHo8+GXxMB4XGB5aEWPhT+4jNcY/roHsjKyQPLde7r+WpMidnfRrlypG3EEpj7FcWFojGNi1AqXjU7B7B6ABh2FoLXdLx3zLgc9ABiUwMrLAmzoix6KMw/vflPUJhG49IY0WOXE8EfWJgh4KptRfwB52EVBZToZvYb0TXlE9ARvyIm+iVlk2zPh8OR6ytZDgdMuPf1090VcciF5Cw+Sgx8LmcMM/8AXY9oIbZzPcKVwuyMotTki4Pqb7qd7e0PB0dAls2dr7PFqGbfWPSa+FzSqwfKNxpt6BOGLeMjQodZpGs8yYpIrRi7MhL4zlIIHRWRaZ0n5IFPQJlU+T7Va1MHk1gQuMrQC8Z3Zdic1u2/jFloe+KSJNaWXkAPf7jM5zxfbGIb2dcCefSUlk/oEL0m9ynlfx2Bi2mpc4NlgiRZwBhlOffg3mlVseQSj+dEwfXeeljJG4s4P5KU2Vt0KkSX/X/sUFRyaVtqszEt9YU7chzsc7dzJGdY79ClLZgzHAg0G4CBTPxq37MMbnJ0mbAItNQc8kIZfwdsORk0Q9lTFUhud2wK1BmFjvU0zM9o/yRNTpmIH2jW72g3Du1q/C+PmCAWT1oxC2vgml/HjHLJAbcYpdfPnkzLJXDLsM3kiNaluInQH5/gcVcPMEUqhEXwPiI9vEYT2CYxxaeBYjdK+QuJUnRfoUhCV5wJQ7hDM65WRp7gUQoKIFjkgL+HQBmO8KiyO/pHAhuaPwByIMp3QLm4Ys6Bc/iLbImJ+lvHW8mszd/JZnf/seApQJVoyY71D7HvPSSLvIeNO/kf4hag1OICezu8EDYZEbr5Xve5UKzUKg6/t4PyOYXOujg25d7lqs0hNaRzt2VemohEfpOrvuhe1QGUK/sLKUnCkJa229EW6Q3tRhsZ9M9D3Hvgl2yu3xEgm8LJK7ppxB7jvLuZS68Svk9T6fHK19KRMG7OoAW3+CG0lgb6ojNqObmhsZ0egzutcby2YuSjcVr5H/S/IdfkrZTVMjeEIg+EV9PKRnTRd1/TQ18wPRHgEVRXJrxhEPPGOg09e8XwCmYBbdYsAfqzo+LkytWlXV1xvN/8c4oDGQFv+fHNAoivzF+4wjf3U+/3ntP9z3TP/6nn99z7++51/f86/v+df3/Ot7/u+qP/3S8kvLr+/51/f863v+9T3/+p5/fc+/tPz6nn99z7++51/f86/v+f+v3PyXll9afn3Pv77nX9/zr+/51/eMIAT2X8z3DMN/cT7/X3rSr0n3f99XTevmhZCULEVbFNN/mle6H/ri/32HNBA+t5T6wyHdO+sDA4JJa7/n0WK9eeYc6gRwDI72FoHYwY29ZUVVHgMhWcKFFkECEnF5yGGCcsxuap9xCp2PiSkPpg3EXDwX/sGhTJemvssrQD2SPo34dKFiGOzBzYpdrx+VUiuPShVmkeFNyaFJFO1BYpfwfOqqAlLsXdaWAc8Tmd0PkjckAtknI4rEQQITlLoWzGUZRTuUkIm/x8hVOeDKKqtOMEEuOOlb163iDNb1PRmH1C1dnaxDUd1YWVspwjWQ/4uujIw7Z9TwfPzh9p+8HT1rK+0GcqtZM/YHZnS7KZ8BTOLYY+Suq/lMxsBOLW56Btp8HEJxeCYOGHXxg+jr2SwnuExR6PB0VnRsH2XoqrcSXmpe+/MBR2Vt7+RuYZm7h8XpP3l5QmQeOjR9Oy/sNfTfbBBKP5XcQbmy/3apDzDNmee+aCEyxiiBpRHPvyqkT3KoZLg+ieEgoGgUGdzV7j4poj0ZGgE3AYbvd3G3mDSlGwHjCZfjPpyU4aJBk5GHO88aa+eJqu8ZZVoNVkNAwXqNz1B+hSFJ3o1m7FG2H9yDAAnU20sHGeZKmBP8t8C5H/V7HP31fgz1FZWjC/S9lQuV4B2yO/f8njUyQUCdPRje0piHstyqfsIPRZkZuhzs7i3XkCRqUbp/YcuG0dIAqYxYVQLTRUmmkV1OXVQuiOwO8k3m1CwEjOv3KkWJmRBOE5qZkqe15lXOOSomPKRRjuUmITXnTbUo3Ro6jJAAnjEROHPW+2tJrNS0pgwF1KGXAuz9rWlydZXxQBF3LIO+6lXyTIzh2sMOxR7jMKFKOwQzXv7DMkO01G1xQbXqCIIoiKR0RbK0C2WYLhPRW6bZQ+o6rE0H0cA4dMODryL8hEi8Zoh1GuNKf0I62U2+KfMjjJx9jNpwFPD0iHcPD34hTmzN+gfBMMVV087E+qEqk1WgJdlbmmVqaxc2ZHpjeMae8xmBkUrTQTJ7VuOq4fJ0jXFa5fJhI1iVh6GybTOD/LlgSWPOEu6RD5ubxeT8SxDVILjBqUT2Xddt4zvqNAe5gYoefdcOACD5siKBz78y61UwWg634w4pN3g4BIJkOgQugDrdfh6OeJeEPZ+f4BElBc+yyPrM4Y26xV6qTSsjvFG3lYLY9nle8kYT4bjqyQvAO9IjlFoZBqQa5fXaBx3bLDyXfa02GzzjX9QQwEjqiHbYTUkhpeZdMMwfXD644PQFQuHMj4bESBrHyTxz3FDy+C5iwbs8Q+HzOMc8TO0pcfLCanEwzKI9iqnUPzRmUYI8jBl5+ngaHhw8Rb5wOemfdTHf4OyKH981oDNA3sDxWrx9kBfvgATiHTAUFwJfhw9L/gaPSOKlzTFAqb9LVMLZlhBCaALQgW1GwFZTYuU9REYXpqRat6jHDB9BaamdggKJevGOPFng7NMLgiA0sJXBiFmRgBqrQ6I4pZP3w5ZEYHMQtRt8mv3zEp8gBdqNcLL9ZYikdc8IR7thF9PdrfLnuMWQdiiUpqIS49HoDX/DtvYKqZYKxFdSPKn7ZQvwEgNUEDd2qaPUJx653CE3S500uJmDuqWup05fiJBL5dtHP09glog9AXNvhrDWzkgYZuxp5yPUKs3n8PcgXyKRXBksDT1WoyCzMgomHytVasTAtoHd7PsImfX5CkTdDfADn7frQmdwZJjo8jxgKzbiUM2HU47xSMEEI3D7qUtE/NYtRXgxju+LD+/TR+LKOyJefvQeTFYRtVQwcR8OWklwVDmjbwaQWMtXoJ+9yoN23vzi84C9tfs0YPCaw7dex0y1jN+5ovpujv6KdaWXF+HNdhp9nuUBzg/+HgEd11eGH24JHpWXDItB7fy2K81LDvJ74gRgK/krPd/v8sNdINChClCK/ywzG+mF4R0U4uBLiWycVTxsi2tUGaDBNntsONuAPIdzqI7XEnSn9pZvVEGZL8qyjBrRCOGBVsLj5StcDEEnCa9jrnOl864TuOtJ65ApoMqxI/B8kY+3+ikmW6sfXKBfDobijdK/lbxHk4WgisBfQz6nezJkBc+w0mWAHSeXzEVkMwSD9/k0U+zpX+IHIz/mJVKHS2xMDjIkZcyqx5/3NWEPT+x9FJ1tMx30W3hKvCXB0kvWIKelPbJESZAobATCuehb55bOBI2s5VWGqao92SBI4RZ6sKzjpJr5jCpU+0aGPEDKKtfl9DQn4X0n6racHtgCkbTiDtJDMm8NsnZTske7c9+t+MPfEsfanb3C/bM265i2POiMJpcYx+/Zv0BsPVxKeg/czVFzr+h76OXkbo+fuRUgYD4/F/YtcX3Bni2L6YWLjWNxGXIT3x1tSnJaGjiafmCbOB8shiyHXdOYQ+TcDe1q9S2HqP9o7JG4CJxOVSLrPBNawJKP+OoJ+Uma3C+NZhwMWfuAzlcJYJnihkp4xyBbOJl99zV9JimMv7re4rGUWZUoGfXu1nL2cn+58GpE6tOPXdagaWomuq4peP0TZoP/tr9Rezn6iMKBC1fLcd8OMvRad1LgQRqeQfAUIjsnIcXL0u/1l/PTCC+mAPLSspZ1lgOQ/iWJwusVz2jsNIZ5dR+sOlXxFjkvuaKest890OhCCUOM3lRFokh62CZ9wadZlWS6nlR787JIPbN+MySUHOqM92IErGq/UOHSZ8q3+z2+R+CEE49C6wOYv1kf66iLNiHbgQBT/FQ3BNmhj5qps5uZzDHVqydAuEvfX/jomkKDZF3sn4a79eXOUDfj/6i2/BlslNS/fgYd3TDKBMpi89Iec79vOliyS/s9/K6f1kJa6yoHvoIEz5NxHKdghIvNmsylpoRI/KBxB1sn4zVn8A6yAYNG76Ib3ENR1DDemgM9Xu6TDc1HxZJjURAZ53dRALkvLp5x5QYp+IPdzZ60WbjwehwnAFBVXYO3rodbbgevAIYSfVHao6JKo5gEHrmCsfM/c70DJMjGPQkKOUkopa5RUNH9FK6yOQTrFcLLVQ1J316qzAbmqqyZzWRNAXlgz0xkJjta1jIlm5z14y9AgA+Fom087WQieX+GJ1gbSqZ1gLk5LfSyZKyOzYwKu2tk3j7d431ZhlNwLyNN4mYOQ6R3WttGCROLDLozdFzL8RiFXGnMkmKYcLtP8iZ2X4k8y3E0j5u7jPBFN8xXbOpdZ+w7U3XeOh8MPsjUft5KyFQt8UwG33MIexdiP0l4PyVrHInN38cWb3zrjAouCr0YIK/8ceqD/cONK/sNfGSjPmgbB4kzP98DqcHdOToWInMvr4HTSBrGixzI+ZET2uQtqBl2dXwyNvLY0bnAd77WHkzP64t4Q6lvOrGHRkymmeJYVKh7W6bLagLO/nzWHgbtqP+qUZtaBKbKWI/XOmHOfTFIG4J+nJRzsPvzg2iVGng+vHxi1blpwyJubb1DAr6P8CIfpyiKkdh8tG2Yr0ImkTgxHFmpoHqegEfi0C+vUfH8uTYsEkCaGIfhvYDpRTc7XpBJmX9hnLEgZHorn7wJ89RJiUeiHeHTbYtAWWsjMPLXTy89Gm3PPnmDAf6CYHjT3bWdsBjk8SNucV3nkGbHdFl+W4D7NkU81dmoo+WmHfxzM0ZufIDE9+JmdCOIcQBp2CSnjVN8U5PHtLUxARZnNTKt+qakOioDrMHl14Yvm13V4KiJPD2HTQhbmrK7dxrPrsBKhyr0zeKkRmLgiqfLhX1EtRgWIEgz5K/PsV+6vy7jzRpsjt+b4E1+WmA9ScLuE+03gyQsvAYZQ0P4Yi+lAiqCeniBkYYQRa1bE6ZpFOBFulXxMnsjZfUWIzu36m+XTSJB2Kd+plGi3LMCSQY9u5XOxuHtWr/MazjQ1aRCt2IerM0i33N5AaP0pnWbOI1DXXOEWGMEB5ysB3Uu9OIwjhWHRb8RahCvIciozXBVxphWop/TN5srUAfU4XVKCbMuM5oKmtmlMx4wA63uOf0+4xcivrkh4FI0gC7QJ1gRbM/MPEiEaT8Wtco35E6bE6s2e4KochrXaSChTo0ZtFRuPk5v69GOWBwCyhKXWdeEX3IAGpVRUJ3usRrparnyFBu4/gauREZnkF3KqJVA80VHSW5cwUFK6IowViHPZQ/cqiy8yiD1J1tC9Aom0iaF0w2GEl6o26SZtlf/6jXLOlaYZ6cAb57N6gq0VdL6GpLJYts+V0UKo9AjQW/o8RhwlCq99f0cHcB+aBIoj9r3rMYQGGlYnvXLkr+Y2Ew7NQmG5DEQ2a3PqU7zQW/WjfS0bXNVCs6kF7UyRPHCl8u+8JrFbGWZp716CeC1z3BS5/M8r3EKRDkr7WR13Qsm3jnhUuPjnMslX00y2SpwWqC/c+Bc+8ejGk2YDsmscuEwAt3HBXmZD/1Kmy2fop4vX/Pw2G4on4slBKXqRm7LsmxzU9I7OIfxHb+dkLuQkEA7qCEiOZlHFjWyHCct0jD7oTTnbt9Mi6YdoCKf1WeKw0ezUM+pILOnyDzV2ctfp7ofLVXIrAphWHHej2m+uV4NRO0TPrSFEvjbVwuj+wc7RFDHq1JbCTIzy8b7sB+E3ijXTuUTYcGBPAALbHtDDtKUH/Nci5wN4n67147hxEDnpSj6Kd+dQ6Nnje1Rq1mnulrlJqol2jo0QnR+j9kA07ndXnuGPLKQDVWHoSSmknmOxiXhIbVecgGTMtP6n9LAxo9GszCPDd4LGtn2NXBPs/seDg0gUivKz2mArPKbznnVMgyaQznGD119cyiQg8HzOutRNzLoEUXAysWWotaQxHqOr/HFXyQjfT2x7Ay1TzSa5jjYK3YpNBuzJzBbc5hSrZ52LfHm7cRGQ1XgYBTyUm4I2/rKyCL17FRjQxfV9tC4BC5raRFkoXtxnPCqOJCw1A2Firn/Mcr9T1FciVEVl2PVp8vc/2zmdf+r6kHBaqtYYW7jdAFmZF9Un1PC3jqwctemAAM5w/3v1/tSnkz71zoelbZj/FKcD+ToBFbNAvdmdpg8MCMAtZDiDQlLZjskzTkAwbn6CQl8LqyzJ00wq88yxHjslBnrevLxgvjiAtBaGKhQgWtbGfPqOTLGLj/ODsm2FHccimyIgYz3kLX9maLi43Xtu9hXNIKkuC0IASPqkeqDyL20xwvXv7FuNu/Zs1cNek2mWrFjiVmbpXOoXCgyMP+GM8ZH7sSJBS88nQYGm+hBHUP1VgO4GA4SFcoKBJOZS/FcZMaTd7kDzEIDOzg+e/tA3+PbvIUgc9mXdZVBnpX8EGU7JWVMEG0rOA2AtWzk0LzFKMIYwA0E+UjhoSDMe5EJ15+AeO4zzmIiJghIQqgzLpxb16PodDU4py+SRbh/NyvhsuI3TMlPyduDvXGyteCqagq77yGAk1hTtlU4Q4fZ266Oe+zcTCx/vB4t4FXDzTIa6GYRSRYcdhmPl37m/TJ0qHcPPPP+tGdBCQtrDWnFbflsFu+KrbJqcGSMDD8JQMyC8OISc1mjzsFiB4N6p1mI5sYaTD1wlNys2OdEsbfox7Er3NPw2uNOu2BmoF62gmx82RbGJbOxzd+D0SXtp0S77Ra5xAvZMW9WHqPaq6G9bK34orknv/D08GE8afdh5XjOkdtzMAKWK4RwKZVYiMUx+Dp25lgK0QupGpvViYX4dFckZi4/dQy/hM4DHhSyNtuA4dH5u9fkLQ01jDcx6md49qZGjTsALLz7UKWZvkErVrV3XkCo2Bbc9EFKU20HmdfqCQTSALMzDcl0cPGPzUq62qmV8mOiD2uBpwM+qvqGyQpaARuf+MRCPeFW3t9pK3/5AqT0uUPXIwDHEadrdVs1Bdc8yeSzP+AkuLmwvDeUbxI1qdFknFPGOp6MIT0pvX/ygAdRjMAH92xvnzAvvaegpjKVxJnXg9dq6K7tbTU3Zmpi05hmmQEJl1EAmodPi2yEpXD2fA+xtCNMSBiV/KwOjzol5kDqUzdXLGSMh918HJ2d5OjpKRH3PUmmv+ItSnOcI7znrQsk/BzWblv11QPL9QerDEDZDoHanfnmd4lEOTuzibeT5bY78eoj6vlM6lLGEmy9YLrL0+nyJttt9egrWHhUyNU8fNKvJynMU7d6+jJJ1Oshp5zfNMSza+CB31ce6agso7usxlixV5YYXh8uA2nyW++ziPGHTexky88pcGjpNqayMmFFjTDLYwjGoYwl9Jk6ikTOMFlkAluQ8EPTRriSgFGG7uolotTd85f3vGbL1fcRk2Zu/cYWMKY7YqAV+qYG/xS02Kf984njnc1BBSR+eHHBpjra00P/2tNH1Y9RNVKyGYcUxoteLuHLTHGNGovwB0Fn3Yr6seRxiu35jszPN0Mq5/xZJj0dAVvEI6KO5xaZxPhEJVMQGa16WRLparuNwDnwczCT1+IEJCMb9ppfg/gEUufumY/LEmseRX5SY+M1L+36EW+ubSTrQiYP89RwsCcHWFVMKyp8WNa2jw+8EzCitx44HiaFHQdFH/SIs9FbE48cholbYcxYx2H196wDaczaDPOj5NGtu35G4QlANGn/T117/5TnGMbv7/MyDW0R/uGUQ/5jnH8k8q+df//YiPpPzj8K+qvz789r//HOP+Qvzr9n0ud3axBIT/qkKm7ZB7nFtNXZDXBubILC0Le3pr9xyN8YSOiSeamzuUim7PW9JPyfOwn/fTfgX71+/75j8K9uwHkDzOl4393BWbKBxCeLpeGxZhdUJ7IDZfywaWiO5ieO6id+az3ZpjfMrnP0lb+zWpHzTyw7g+Uql14rVSIFnxh5QX9+z99dl0PqVvBQrXPMrvD6+X3V7DsJj9ly1TVF8E5psLeCvl7mdezPyBkUyaaVFrrLC4h9MZVxYofR6JDBMajWCIh+2ZDCM5XuPStd0E+DwzD9eiLfa7d690/lbzqYw2h18P5P5RRIa6rLaJ7f8t96LpX/N/ft/6ocd9fTDbUixZ+bFdNKrcN6U51O+6y169+l/zA5DL7bANmXgGuNfpq8fT/rfjWAdn29n43dzzpB3XqNwfalgDYfWvNEvzR57Z9lDt1l/qzvuOtD/6WMcL8y8L4aTXYYoL3nn/UJ6F3++pdnZ/9ShvtHfVB4j1X87ub0HqcceX1yyf+ftumud7/rwcF9WsPgxq0I655y06nDoM67j/f78z3OwnnTeI9V9dNmT79foKwPaED084eGu88xoxEAHcg9trveZF86Ta+9QDtuGlGDf54/bfbPe3zu36v7d2H/aev9vEa/x1TAf+rw79+7+zn2qt80futwQX/cZWsMN3n/ArT90B8A2qtv2esJ/dDM/NTLYafetH9eO4yr/SnHt4gh/tM86PMhiZxOqQELVmsDe3ozlUkilHBse89wA7TmpuTuk3ukXUCBgt6tuSmtIP26W9sIoLXQHxQixqXcvaGc/2hNo3572OQFFMzi+3XPpgw2ePsArdbAjL1ngulixz2zLhP0qnv3Ku/fq6dajbuM+W3lczUuBrlnEnbfd/dmtd8jAD7jNhilmw7jen5HRQetv6rvSgEzCLzfNN899rxpvmddY3/r071v7576eZfnf0bu37b1f212fXtzyfpgjj2ojqO4S990G3NK9USOT8bBZx4e3d2fXf4Obq7htDcX+enfhrnpaHf9O9J3uz3ANUC/CNC3v+5Zblz+n21GdR7QL/z0B6Dd18GsxkFb7naCPgWrELtHHbvH5S7HfEfeAOV++uaPsmBmtMfd3urb5zVYTS/+Sw9f4ea3nxUw2/Y/y+nf2fut6/yugBpwHDAjlbsuHf1ZLWCV3nPjpw8v47ty7xnP3+Ms7KCvUcP7zpGbU/iw/n2mfv/eYsbPPYjpgRWo3Cu/xe4Z+zPH+Ar51nmCcWHwn2cymHHFP/d71f4dyxq7uUWF/9x/twOMa6Pc86j6o87s5nz+z7VGuWkCbcGQu1/PnzozxACr+K7T4Bn0jzrv+fhEf+5X9i/XasCcthHjbinof9Oz/7i/gn7uv+u/WviP+0EGA/Tn9ydketk/PX8HY3yYHnP9rIcK1r048TzlX1Z5o/z0q6ejYHXf8wS+1x6Y3/u/rDOWB1wZcJt/cGX3y2H+KCsc/8I1hB+O+1P2uNsPAVoU0Nc/8wr/mYP+da+p6qcNoL4/y/2DtuSfpCGaSB0Uu8pm1c+mkATS+pG0wGTxn3LkBI3+m6grCP/3jpyg/53AK/o/LfAK/c368Zv142+/WT9+s378Zv34zfrxm/Xjv+nOlV9afmn5zfrxm/XjN+vHb9aP36wfv1k/fmn5zfrxm/XjN+vHb9aP36wf/3/l5r+0/NLym/XjN+vHb9aP36wfv1k/EIT6L5f1A/tv6nx+Lcvn7ow/gjv7YvkMdb/8Pc/+RwZ244hpNwBeu3/+ng39AkbsHuZPNyQ5SAeAQDBgHBBQGIqu/TsMIdiBEuj/AE7s/6BIA+Rfh3gSfw3xpP+dEE8U/h8U/n8+2Jj299Iv7ZRBjxle5XrL9Prvfw00eJx3i/rhv8eQ/+/FG3y/Pv6IN2D0K2ub79KODNeBFGaasYz4hgE7ve3DLIgyaPaNeto+uKhmwivObj1Zq29cw2E1k0w1Givgt2cuBM9cNLa4d24WpXaMzL6SEIe0N97lHANpILIsdORQvMsrivATf/AqyBxSS/b4bkQt965bVkG3+UC0KUHrk+uRMMHs8ywI34fmDCIl6tOJqT0qraZe09Eag88pHdCK5b7mMVEQRdbHD4PXP6y7VF3T+txrmS8zXT7O2dEqmC8gTI8sM+4s7C2OpRhpwFJAv3olPY6RujVAFFjW/0Pedy3LiuxQfs28480jFLagcIV/w3tvCvj6Idnndsw/TEdHtNn7VCWZ0tJaklKQH+zgni6N/y/+KtTZB7GIaU8owFec/svmUtVno6UoVI0NwXLq9fyu0JqdhMZGE+KDahScdNkJd6KYWs2KvihhRHuKusSEBHbVzGnykznTQOe00257SpQTf9NVQIpvc9TgV0qVucp8U7ugXa1eEcFe6JSXQCgPoWxNE94OsxNE8u9zHqw8FJ2vptPt1mWuscdextERXSqU0UEc5mnfUAMHquS6/6xXfjXDJ9yZ2gVnjYwL1qgKGAcyz5gvnmvpARt6fvXmd+Ne986oIfVHs919+FjXvlWGTvVx2f6cZ9FuVz7ydxv1dA8Q5RAA6ma7BaMFufA793vWeXz6OQG/uMWrXNcZo9thSukG8/yYqXi9JFU89qNvGadsVekiBgoaUfn8mOccTm1/LurNQgvXQrcSO6ghnM2/E/sOHsiloe5qHuHFfZLUMOpKR/MqeFQGywiaCfRBTqJvmeIPQyQy78+kecarUYPS4q/hDWXZpr/C//talg+1T42uh5QGcKAgusOSI/bXh8SYYx+DtFH43RgPFBhSUaoeFGBKuYvmaBM1l35Xur4a2ftlvHj+OQDhC54cge/NlrSQen/tdc9wKVP+rUaOXgm9sNsSzIrXXiiz4tO/byyXL4A3KjnOFdcMwfw7J9koM0H1s5czfNFu+Fv6Sxw1cIfHxjXpWN0JQzvs+QnHeuVm6LBtpWfQ17PDc48ps0wVzfImpSH0/pYikjj934rYcqhicCH5E3UKwr//35VCoAiIjFur2PJ5phf1b1HcK3jbqYN+NReVz0V+Sa8/ey0/0iDVq4P6TffOTui/34e0eJaicd9ZxX5qVuY/r/iQvsr2hS+hUTnurAxaM1hQEiuDRHkWIkpDJ+Sxt8KzTaf3jiqgSefX/Fvo68bradmRLp5/VgNtJwtMX/79+/yFTXJyikj823CePYY0aFBi/vuptfbkNMX3T9UNO/lnq8x3oRgZIWkf2D+RD0Z29H9W8W4MhIzW+ScM2UG6//3/dVDr+Wa7wRf+dI+Ukxjqj1J+3t0tGEBJbJx+8OKnOt/ou6xI7O/f/mPxbEhQDc/ygkePymZM1lT2pCPuODGAe3r3Yz7mxQySPZE5qE7VpEiamqevLxZjn89iXzTlxOEG+tz8WnUqC1ybia/t8zxXoRRBmCfS1gWACs2lIdUGMKINxr1/zyEk2mHTDBpykkRl8fWfB94IiOVkVFZXJ8q4j1f/1ql9B8bdI+TNCX0eAS+9sOwvmrC3qq1Ig+bh0JfuDz779wIyoZJf/Nkqy8DDdZmjt3+CYa+xHbSiPV/HlZr6tGDV+PSr07lT5SAIgWLohr8rPIwhzvVkieRM8kd1btiTBXx+8jpur4Rzv+cdcMtbEDwbr45IWDL2WRfHH1kV5sS5mcFC1X2icb9ndxmstkJ6gxNF3Y3ovUEvUXdQ8K3/fs4U8RDXaHTMUKWoGII7AsH9zt/n+V5UeeZJ3b+u/N4Vqug6CS6Oan+oATGDgJMRGlkbXImKs4OZAcf3+bMc4yln9kE+4DRAw47W3PbOfVL6q2WLZRkoml+K7bZEvVYcQMbk+ca9eHCRmXOhTPi2LyDlVqM4SW+v2mNQ2kRBoJNERdoMWy2XFHQFCq/vceXdS+3gMMDrHZ8fO+ROPJPOKl8tYKuJFg1nxonnNbbKcbA5ZlyZIM4fg2AnBNL1Z3RC0Xbk+2Ovnd3NNHydUK/FFy1E+1XAqjLnVf7nwbYPbcQI/N5cn5vyDsuhOS8iHrhzWuVa5gVbnu42hBYYPXVqYgZ4jm350nWOYfiD23qt47he/sPEBpwFJ483sHPEWyTEjA1tYo4CEzlsJZ+WIgQ+rhia4popaKpcI3p8XZwm3SCqEzVIVnsbqa7JrlJf9JiJcU0rIvqYN+iCk5Y5yDsl7YfCsc9r2lXciE7rwdQ52QXa9iLB8MdeCcfXCYtIjLg+MYya3eIicjvD/emdt9oi1O+4+qdSIqfbrqDuqeRxYhaeMCrSZqrWB6Iat5A4k/zT4YRfgYEKIQiNWgLhKQfyF/4Shxkd+vnHs4pL0jEtn6qOkmZb3Sbf1NvbCHS1L65b5YIC/v5gG190cF66o1/nY7VmdIJqL0FZr2wPup5uHaJ8E/QHjk+hKWAxM4hhbiVY9RUrPEpRyPtgWD6W78I4RlUkRTw28voGLi4ddMS9c7120zWZxLXpFsRUWZLdyWEkPXcfpxB/nRpKNQtkuWhi3j6Uo7Z6n/5CIVIu9OqvVwifIqinsTeSAZzZWYbaubtSJ75ilxp5ejT0c3iMkpV/qdvnhrhTgy+GPx0P2sfZ0xjWNvSs64c/gVTC0lKU3C6bDkpf7J/fUTG4VY/XUszCSkIIe2W0N+NZYxPc/obcHbbtSZRIoAgZMe7OUGESHQO1qLxVRjdXaQBaSZCc6KnAKw98FPRf9tj4QIJYLDpiKCd6qQaH/A7hvQbH21MNLQD2KyTzpsdDFxcnHtMnhvSgp4B2kPEbd1qMry5pKyIvDi/454GN+EinsyUARt5/T4C5jC/nFaK/9YgDT+ZXshl9rxO3eDIvgMERkfVJyRN1WDlGNP8VYzAp7+joTGOMA1kBn+XYajQcUVM7fO8nZ18+uCLJsFWqZZls+CcJwbIvm8esV7KihQO45Zm50mRHmXgDTB2gSaQZHgGhjX/9JuE+Km/OEie5XYgPJ+i5ohmmWXAUj7Hg7huCYwvsI5jEx/bl9rb86GPdS7++JSlOrJPAtAwnFCre0QHwGBGQcX9Pfm915zOyv7ELRe39sHYq3vlNKoInbKPVOJLlHmDte5JGMtoVUf7Arpq/dQnCzXeyCll5+x/8ndebJdPbEG2EXWccMB6y/04PRwNBWq611pyk6R1fc/my4yNuskCKZvcIkLEBniSLunhWGdWEk3Ce5awhVOaVUq41KXyNaJkBluhr/U1DRvlK2AqILLlaFcnJBmHXEVF/77Cr9Bbt08jVDICx8gyo46YytYjKu4cl+7aCWFPNwk03KJNKTQntNENdzSPLA9iL4ouk4OI4+RNX+FyrGfJBdW5DxKjfhqTmjgcVz5+a8+WHOWcCTA0FxbMqKoVYvM/q9qZ2bjVE2btGVREUWHhnYLgTLlEOv7otysrjkAj14ZUnpzW0Q0v+H+NsOH/SY8j9Hsdb/wO1uaErMHUIpCQqgcVPBztPmqy2yFwuC/jMi+sJnI/WVOuMOFToPYF7gdgPyrIIVP5R4RMXGwIEJSDBXKxHHU9DJiRvenXGIBAKOdOCjvS2hL/iO9JysaTjbr5UoCdXDUlT9bav2SDT1kmwF23N9l0MUOlmNKV7b65XpD7Op9QZgxNPkG+CFzRa5fFPlulgA198jhFdvupL+71nunFOMKgmaSZ5cMKflnqf3YmypUoMCXzqW9neVbp/kEqdAgHsYqujBUQTyipTPZu2h3ydvx2BOXeXoy9l0MZb1QbPIwCt1U68h56F3yCX8/2LBzYZen9Q+GYgLe0O32W+71/kbeAWNGpCtAqrkJyFdwDWXxiP3rSPLo5elnaKX5AyjGd8iVtbELNpnTtUnpesgvaHhal2tDRbt39OtCJyq96nsixhlNje8f1nLP/tTq0K/Yvq2v+iOqSq9A2w1BRM7d5+AnnJ1RcNS8tLfVBDEuIsjd9gBNCNS5qOWgqXBlHyW1+nUW/RW8jg9qJNJFYk4B8m+M1QMKhmr7y4720RWFD6oeVzBrNcvmz2kGW5jsTezXVncxSQ4ZvTlR1rcNDhFy2ODlGhDez4V0POMrzE51P1iZbIsa1zbcjn2FR7r4UhO7MfhlrEMr/slfK7mag7Il9C8mVvmPAAX9y12gRMQKpozbk6e+3YO1y/a+L1abLFZVSSkvDeJqHudNqj331nATwIXqf3RY38x0Y+e6PrKGJSfzMNQBMX0t/OThR99E1Popr9MHIea7wlc5rrlML1qUrE8eXILR+XOpa++fx9RrWmfsl7n7nXdewO1APRtSLr2qplGPkCSY1AwzRkWL6uTd9IQaNrl/YOG9ZAQi/+3I7755LW3ge7TOiz37hgO3/yfox+U2g+7N8feh/5LJJ9t/nY2vVH1BWK5qUoh+zeMMy1vb18KRbbZJ1msAN0/tARISkq2iBw3VozwXnYKr6aWsNogNBx0+9g4vSqTV8Jmx4knYbg821n7/AVcjKisEJe4odkQLtJ11rErwMkmWY4H96MpV05zgMIcnQNDcfphL99UEs0VUw7M9la3zrVlxNfBxB5zWcblX5+EevtYwQGabugSPu9VjgSOIFAgWK4vqDdMdCrXAc49l38DD7xs1aJG40Satc7Qz79+nkOfMhw2CX9z0A0YFHy2r3x3vB0xYLsYx02LsmG1+YEywSLl46F6c2rQaEQRipfx7KywJEpPkBOJZkpCJSObs+9MaIRENjrYEr+uMfDkrTlwGvF21wlfbJyBCmTacY58PEtjF3I/Yl3nknSEL6jlg1mC7N0aJEzOAAZIf1ZDqLC8nnkaKlmBGmC9wRs52RwmO8P81NTLiAIaID9aoJPc8yLhojiwyNEsdWBlMEF3TJQH1kVUt0WegN/kq0O46HE8idaEh9McR33CpAQ+TgLl1smY1SIH/Cj74jGYS3Co3VR9M0M6a2Ec6nVj0vOBspuaQ3sPgV/OwfNNah2xyaJQcZT0N73f7idfoGdyyHmaak8s2FvzpRkSaInqAoglfbm+szK2ky5VlHLh7V/47buZQ5dPCNEp6/VT6rDf44no7+2oqrq2NUgbj59lt/745UdgTEXyAOtOXmLHDEdyB789peN80NZAJ0qtiBsDoqAgGCczhhrmQ0x1MArQRTidBOfsmqrup+T30LaTicocQaVPnP/wh0F2jsPqVLfITVMnUU6rCVIOCKbQovWEcbbaXEBxPeXLUG9wUutH5NKlMLOnNbVKSFZHd8RpzjzY4BlShiwcMk8/ZbO3kDkP2ZHf02xkYBC7F7/0+rO+aGzFt6WhlWapmYbvXlQFZ9PZsRbsly7+XbUWx1EkYSTIjrokGHL3vfzQXQyKcmvQFt2L2dO2i8QP/x4YToSOwCrk38p8LCmVOtS3xZWNCMSYhht1P5ccRNyEWnxZpA4kDlSHeN2D95tPt487Eyi1GVxzg5pIlt62MQDrGlTS33FmtRX89yIqiHj6MekyvugGJl8qQvS0AatYOT+iZObjCVxRewmsb+Lh0GDsEO7SQ1wbF791sHg7LiURfrCiER9J6VNeTJRTgQodnJ27g8u6ESKpXi29e9Vu4GhyzscgQy7K8AJ6mY2iFO69PvDP8KHMMx3kW6C2bWgbB32+8JdAxtMgX2jBCtIn5x+JgmX70BRq2vH17qyP1NJ56gcoFe8D+OUiHvo4qCDgTcMNCQ40C+sOmRfnu3sT3R5sJtVv92Y0z7lhSL0cEeBASPLTwqQMRSS1r0+9JcWJISkrpuI0sdW8caMAfkCIz9U61R+nc8A5HL9scIz8a0KMnrABYzFD59bb5fL6dsSUcH/ou/bGE/51pbZtd77fgtKcolR9AJypgxiO5G7ESlGGWtSYs5/NPkMfo1L9Bj7lrAAJUHl6Qd6QF6gKD0UGxga+C2pdHG8MjOcSqOKeJBvamoVt6wVjsuAr3D4RF+aVAmDxeVA+3boq7ssM6NCqe7lIW6T0QZ56WoepTdBdcBe0a7zDkmEFrg2N8OQ49tFx0fwrjMQDzJIVnQHJzV0vET1vGYwfgl89KEorsm+mzK8TvkFfvNT08ItnAFmGx7va4PqPlkI9/jcZ25boJDGetMrdSMpCbLg+sFR0v7CXuj9An5bAZxjt4PMRoD1dY5NfNPWUyrHHJ8R4E4XCy7MPZiIt9KuqdjwZh6mxz47ZbyLJbuCa8wFHlOJBelgHauT47lDsMAlNVdRT1KvWclvWRcuxPzq1M99GPn1MW4N5GQR6nAGYYn9kUCKVXUg2/3d9loMjBz8u1+4jMkyN7kq8SEAgAw64G6KQ3M/NBCzAGrJac0/Yf/ykMQ5NxzflmBZ63r7lLgyFYeSeLUgzDQrk8W4sqQ3ffe4RUMj/+q7/ESON0zN6V5d2iCDjKFFmtwpSp71E19jAk/rQBjtesmhGhkgMkQe8gmWsdz0tT8Zf8wDxQHG5NBxzHxAc0aBKXGn7C6Zy1PORi7I+LA3VACNH1vENVxpru2LWwGoja4c080f/IuzufrpJ6WZz9jzKwX5QGw5m37gEanBJ9ZXCeLc2mtZXl/icmHn2pats6Fo9b+G9vMb52eVRoeqZ+xYODbDAmJAiWSXuYkaCILFda7a9VbenDRGwv915ltle2KgwYS+CvGaQI45W9QQ+BiFmHm8ap6kDyvUnReZrDYO7uptp01PkZa9KDhHNjFO7yAjDIaIwioteEsEAnPvhhbBUiOO0JIe4MimBLfF90nFnT3cjjD56/Yh0Nuv3pSYL6RSFmwRyBjbPW35YWZ9d7mrX036plXbJXzCwZN1k+c12i8kR1UE0QGJGKwQ7UhKodjvzcxdzdieLsnqlbO0ssskYdaDEg6OxvZJnQOf1miu8Xjg5KRFEjGcWva4DKid/2pIsd1lHG/VmCIvjw1t0t04yQiQ8uZXQlWBK68j2AAaFzxffJINwA/JeozFPaiklu0dSj+EFcyeZLmJQSrE12doPozedbWI6hBZQaSO+mo+0I9g+KeQr5LRjd4HQ7cBGYEtkZi87rZxpS/mJXZ2SWIvZsJAVLC57f32g1tQZzjI9/SaNTwttKn0a4z6rY5+wcUReM4KzPn8aYOLoNs+3myR/kJX4YYmTsaQWpcAicEOygaZgQc7eUPpX+4zMxJ3v7g9DOIoBBjaatngVIv4/Ysqr7PN7ITpJh/OkHjNnqS+2CiueFGv4y/jdKYBUCswfrv5goepJRkAFCQqjc1SkvXGv3EfrE+6XKvB4W0k8mXUrivinqLkrUw6QcgmsNc3l/Bcb7APE1qIsBM/GNl8qPFzTifbgBTOfMddAFahOqkEIPgEyAnYEayBf9ICLApWMkdu4UtraglOPOCfPXaMw8bbG14LmPrKUjd8lfQL8uTx74UtaMnVm7LPF6Bc2qT5t4pjQhX6ETWXMxT6iV4B1vUFfqXHIEczHmZMfiSRCvhUh+dXm02oEyvqCPOgIKi8EG7/BKm1tIpDLGeAJ1qVSr5er8Fop0Dr3MJqKw/U6NekEDOsUN9DRTYOTwnQHRo6SaQyM1f2FQTnC1VNYjx4HQxvEKhPD7q5CvjsO+X9Rtr0EpweGNJnOgf4hcSwr0Np1MhNuLEKJtoOnoVb8eaJhrm55+p74QGX1fREofGkyICa1YxzW39dhRXs8Zd76i9DuNhO4ADTNXD3qQnXP77QAnCWn1+cEkoKWTR0WKNFjkfQg9gU63TuS4jTVk80YVtrSzwyCNDyZuiXNYMDT8g3QejLe6nndDJxGrq4XSxDpET3m2NF81SSXyZoKVhzajQfiPqb8zFJbP3Vlt8nu91q5UAe4AAxFbCINkElQtGjQj2+3xfk3yLrBeMim/f9cQs+vTZZdl0Sjf6gCuhNEUY6OWvCFfErpssapJwH3zuqPkLWesB7OLXV2SFfNFF2R7ZWrYTsi8CdpwvbVMtU2+d1ac8LIGw5n5vR8vpJR2TNd5AgcW5Q/X7QPFnhpHptIgbDRhuk9jAxsL7FGnJNSHLQ0K0VXC+/psmhdXSJfLy0qGlmQ22EqRwPiaHo9rE96+IpDfaWfmt3I7s9X9VyF6SJIraVNjTGW/rXLVEH8VI8kOaq394WwUO3z6Gz3hwtzQ3UB7e6hOw3GK+TzTQGOOz02hVP0Td+w2EEbeXJjchbWCP51F8sAGcxc7wYjyTmqc/EupR39HxGhVLcIbjun8mLX0zTZQFWe+IOB/dv1RJTurOBf7voxLOt2cCB7/L4HUkY/XnrAFrQ9GLc8Zi/AaIEP37JfmSfhb4PvzcVtCW7VpGxGi7Bo+1whx6928OVusXo0nPX9Iqw7P2eqr6Bf148YK9dTxBcagbIxhWFzqTqJ/q+kN9U7uk4PCYi7ocb5bK1Ne+dGrfunWvu6ODYEhMzCd/noGZBwVA2p6BPw+WRVhP0Fkxkwd6uQPfOqqGgd46lp3Q1cWDawHsSmkkbkrO9MO+5QXLrxfDKOnrfVKH8JdHz7qIwcnGWvfJ5Vb18oc04aId8r03jBjrH08ckJcbdhnN0BslLEn+ZePPZVCxihHfdoVITgYymEMWGnCRPndi7jw30YwmfH0iVbWC44/oRLkkbMTL9roj0CYgJ2SzWEI4qXHdtz8kOJKPaJQPQwX6kSqEq5UWCcagCyK6LHrv1WRveGKTennbzbYVsNVKv5y52YA0GuwJr4A+bIg9oNq7zL0vZiwx8gi94/ImtxJyODAXz9hFCaNhdIRb67jfVNfEDLnaWALet3U0oH3cdXqZZ71ZO/r6Hcb+seMUxL2Lu0/WFYuWT5nwfc2+VJIdgxqzceuvT9IZ4Yhg5eJHX0A73SdNPgUnX8YJ/GwADEtI0uB5T/hu0GtuI/6u91rIapZtTXgFWvuEnFSnWLpZh8AYNcc73WDiYIETOr/dY0OqUw7RLg+CoY4C3MeZgNi4Stz5sq8aIhL/6GayNc3qVd1xANNHPYTHs6+7zN7jqcI9wHGdMa+3pXo0xUK5nnnerEJUOrKdN6HZv0qivMgikUhqqdIgfYNs7IL5KJKQy1QuJda+85KQjB4ekr9yC4OOPcIBYFheoFSIjSmsNH2qhwQCJc+nh9mQykECBZGS9vpxtlGYfpH9v646YyYxvEle+tKLWfgMJ1lbVJNdQpFCu+vo0XLHmrawo33uGqmeeE9l7qDPEvFoBAvdjga0kopW/rhbeR4jKjd5+iAYvEr+8EBCSF7fEp9wx3DeuOb7S3Bp/NPVommORP2aOisgaM3WehKBrpunM929CQeLNscJBYkw9lTO1dtbCENuABZU+OETSGffK96B9xkzXU4BPMFNRC9+efI02PUN0SDC6QFjlb6xT0E706dLV5tGCuKJPu+2de8J1ZezOBx/npdJPO+x9orlFqdDNs06JJZmAHHjG8syvTX9xj8Tz/vpKef7+JiQTxD+5cRk0v7kPDowNTugVEgmEOqy3ATXk3BErYaOFNp+yfDq2lGFg4Vf5+R7kFpS/ofRsqz7maCLMZqEO8hYzay/t6nqTi0maJqpr3tyV0i2yjnpWHjv3xfgiKYLdNKSoWHbM5hOSEJ4Sab5fwWJV+3QZJ3pI3QjFq7D0hhJpqclfv7bh86ypmoq81b4C7EF/V7b2k3+Ua7bgE7S5WMdVZfERibYwVyEjQJ3nbRTzdc24AGNaAL01l++jbSEkvxXRWBGFn1P4Otym5NQRmvI10PwzYTCeTJW2vCgSFHKvGC/UlK26nI/WQT5P/9Rv3o5Mr4o1k5SMunX82IA+amMnFY0vf5uo+La6THaohxJPbVPNRJ0O5jr18pduvemMspRyiWiB+VWWkpv6pTGu383VxubnMFzRWCB7WujOBnM2Tut5SDR9t3NTEZSW9M1X3uc4fr9Vasy2brJQyJzyPokbxiHNkdHH2dv7nCXvZ/MOajxPIcK3kf49EGjU/jRA7XSxYmvgpxW+YpFzU8rdSgwwWuUalsvbtBE04j4zbIJg0NBO1uYp906lf96WlFVod6s2yYb76AW18WZgkfS6xNFrETsSAPn6gPvz2mDMSOHmXCRDqGSkiv9FesWJAQKfyc5BHIb0c5fDrJ+JnYL51fyGRtQWsnZqMpwNw2BalyC0e5CA1DCgGZvUlYn5N8mNP2cjQXT8kQFMQn7ZZ7GWhbPXDzeAXNoPgovtJi9XSfI+lRIEXE5GA8rckhKsUwCqAp9337L5Np8bJYix9ZQrsv2CdngqeDQ1spsXx3teIZmbAvb64GUNbpt8nRXWYjsnv107fnxgBQvOHW0UKv6Si7vA17TtP6lKvDc9s8gam6CmNEDHfdSoEFscNB2X85IUskuxxeReGnw7q6MJ9PwCLicowdNvVdXWuPog027FYXXyK3XGBB1hnTFVXZqFYlFOa7NrtPX7bNqD9Lo5JN4r6YFY7pbNvyX1BGHoBdqvYMv9U9FnMBDKttL5z5d2SAt/Z6c4e+6vu7n+kBOR21UC3WXt2y+UFtiCfzGFLaYcUetF9NEIGiFq11Aa7NbIH1l1UjgzplNv8A4mw2R5gRYlNuZYAozB9iCX1hGi3B2NQ8ouo8dblngHZVhFMrW3K2mheUlgfw2BGSodirfChDMmCn6EhL5eKVizWl3BtG9nBLoBvAQSldYrw7QuQLwJNJNUZ0XAoC9b3eTU07TwciwJvVKrSHM6cvaoee/y6w5zKYRgPHSo+Wf8hSrerljjRO3s5wWwfKe3vHbSMOjoDWzcxYKBQIJSiAUScevAC6S5pvv8I9Ib3dCWG6mD5lpTJYL9YoQ1N/tDwxIw+P5RB1ZkJwhHpEtCwmamV7ZJzB8ynT6cUW2/6+0RpCNXAd640U7qHGIfskB8nLAp/pJZofKjfcj2zKMvmNdy46eNTMpH9cqBSA7UCRnfcuMlccb1LRKFHX6VvIEWidxnZXtB8xelkDdTzLf8HfIpqrMjSYAT1hXMq2SFbewHmM0dRNbCefoUgop3m/RriILzBqrMIzZNo+YMTqfI9pJbX/Q0sHnpyzj2PjF7Ythv6BMURJHfVpr5OGgf4Ko66YremLvfcyFoHGBPBhxOsqydCIkaZPsgwa1qKX0VeQWHEQFI+gv4jX1At8glw4O4DA+K7SlZIA9CvTI9CPJ9/dCtyz5THk6+usbHwBj8cRagIjKcvUh/QrA8Yt9Y8L9UDQndyL8tA4SQfXoq4YQD1ESHGSlI3OW17CiKwxtw6qHpu7YnRpISnTtdWYQnp8Ns5OPd6LYeM4KRfLssFN0pcRhzu+E7o6EyBFEg8GV7UTvWukjAH2NDcr8+GFFucPf27A96c8xwwlBgY3jkqKU9nqMJjz0acAJsDDTYtCvOtdczXO6dcYdfrUKyQffp/nq98Q0xHXh3lQniV0cmPqUUyOacfTwvX1BsSP0X/k5Jzvx1QtYEm+TYt31mfRRcBDxNT95X+FFFvk2y0qw5m+Y2gSJf4aQcQB0LUEmD+2aV1me8v9ZH1mEpM/xxxujEzOwhVrKCOpmz6Ss8xvOv1V8ynZZsaK/Y+4sisbl23zKtFzvZSnguGwpI6mfgu6GUIPn8QR24WwhM/G00A0RAYZna0CfvBYgvdIp4K5/E7rNdilLfHPYLncV7ZzLUCXZYKDvz1qUu7b/R/Po2kmyDPTBQiE6npTa8ilgK3TXvM6hCC9Y5YWlQcbdICdaNLrgqdPoIOB1wE4tdVPw1bo6CahUVmfpqmQlRhHqWfTsfBeWu0RZggoIEu6lZeAQBNVmj4vYg2U5MjF/yGev+tQ4y6i8JHf9FcY+JaXprufB+ys1LdF/H8RbhfS7oWYee9kEYjYzc0/4I8Zr1oxsS/QRSI9DhIx3ErT8drEl6m887Fx+yJnnEb0Hb27dVeB6IhbLcAonDzghisQbLtWj4dYywcsxPGZI5Vh3M97t3IX86PtbMeNzyx4SaUEVpWwuficrSrzZUUT6GJHXCVUrs7/JloxQhAWfE+JpPUvyFMGT5Ns4v4Mb1hGFSMaeMl+xzZQibtYJvTIUXjSovsOBsdNVpF09IfK6WaSCiTa1smfhRnzP2/QwDqPK2+RDZ/pl1X8Ynk0plrL4FmUCD+bFASt5CINRXBLntCbYnidBzzG08kNV83mDUic1FuwCgnrzbF6EQCjxhfMiF9hpZWLW5bfX8r9irud8rUEgBMu63xKoxN+FkVlxyjhIw5unm1cFxm9RCaUghJWO0G5r8vcNK/gsaTmRTFEQgHwWR0CC6W3ZNa4vEVGm3s1IYvubbfVQjzo66Mzkzy4wuXWxi2xv6jnJG4Bo5JDH9VdR9BEsUkRF0JJ4Tgbw+2EI6loGl6fiLRqrCpi3+tju4FCXPALEc8C5FPqnegHp4FHnrqhotJLbuTv89A8JVudcM6Mv7DROYZGk00cSgP+VD3agabxOKoY5CvowcK2Bz1mMzG2yaj6p6TZP013MVTTbhWaCfyvct/abhe80GSB6nuNmEEEafOsgc6BF4m9FNe83gPMHHvyrzQ2ILES+2g+ZswLdtG65U1kZqiBtLMfioERJrinqwZ1QYWqIgBeyxwM+VilG+abbHlckmbtoP+b4hGEV4y3HLE4IISCpcezaOsfrJ8sX55TeCbocFlcwR+l4VG9ji1eyvhhvee3yHpdDrdwpEGBCJYfYwAxukTzTkJmlpG03Z4U0THuJf83UG5DvZJb2ESdRMtBPutreRlyBJ8GpDP2TbE4tIKv/xlZMVaaeI64HfoVe94swF6kqf6yjhqJP+1jbM5QT+BUR0GveTAHwVoqf5wzfHWZE2DZ4aV+R3csSr21Jb8Trn/DpyesIV5JZ0taqimyBmO0rTohfnac+xVHhj0dNsDLOFRxSLyDNi9D5ALpFfB7v94o7Dvj5Oo+eMgpR4TmPvKKF/5Lsli70SBPuOsUfPiH+WVOb7GRRSU5ID4Wjwr/uGr6zDCtKvUPvN0hkNGn7yDYBZ/pf33AbEC8cvTmGOw70Y1L0dADwj6UC3zv1d2jWDQRS5wFiFHYEucNaUHJcDhO+5+JuOAJaA6RhNV1I2DXoTcTGfusgVfk2x0yMRj3Cja7iWMl+/aiLzRvrv855Ve3y4B/rK7gcXS3Yacw+hx+omFEz8wxhFr0gwIZIeL4hUcpElUTEypIfAAZ8w9+yQF5750JZP+J5x3N7wNdqI0QSL4Og3LVWYims8cwccgDVcXdoCYUjZD1s4SP2+FpR5ST5gCR6cxt8HQXmcqHJjl/UMnzOfZwJ+6fQ5yazRoAF18oyzdmylQMrFpdHSsLJb4fIfbvzG4IVzrJ5yrvceq9ZYyCxoGGs7mM2vyGIzkFF655hUzcitY/ZsvOEdSxi2Gu+HpJkDwvMgRQqlo14RWWbKgqLmF73DKxe45lOfAHDd2FSW16A5TmgsUw4aOx4ldxjoZ9LjHKUNjgkvkmJ8iin5gn0N4cl9ucU8zw4XPnT75Y0cPcojIUxfA1i8agOQfWoRruzvV2ptD5GCNKfSOnczbbhO9bYN6LltBM7asIlSggyxYng2eLcnEgk7l4BHL15xOiCM9cm1Q5oCibY12xCCcImy1e0xdSCqFuCLFez8wnhiDG/65VopchM2XCwZfOvBEC9BfV8NB3Ccr8ANpPcYSPX0Eokyd3glXm4SvO2nRII4bAuMVFo8uhPgEW46LLoH+rrZvvkSHTt3RiSc1Mpxaewh+AnOAdFQ43O6X8nOFBxv29DSocHmLtLRbk0X1Uptb0Ou8zQNJ6LKRGxLf0B0dluaU4K99hNdZQ3m5bJLPnoolnQ3n3zVML5aR3x9wRMAqS3RbmkybMHS+cGvX7GUwes+BcixtMNya+1Dki/SSAFSfiqGOWqd0exU9ey1rHT6TLO3/CKqDCTeyCaDEweu56+5WmuTDoOBVBg2ZKBvshlMjXGmxsaR/ku38qUrVQx9OmXDn/tryY6ghbdjGc8ZPJ1aEbF3pA3sx1x2fvsm+pjF0aaqbJLSQX/b4ksHMZ0uGYzcWsywDHC4Rgu+x5tKg023pMi04fO87f3dexVJuKIdsUSpiT6H29e6GSVD1NI7mtR+NuGGGLC4pu5vswIPBWixYeeZ4hlilfLjdeAdRcLHOCKLZtLuR7jgdIX4fTOqywKy9obDePpQlIBl2mYmYsPJxRypcU+3v1zcHO0+YR2MKOrzyEAjuiRRGa0yHXp1cBLN3g81naxs76ip/a5E/Do1/dzAyAXRzgm0NxvBCCPzBbzoZhfNy5i+FgH1NsKtXWdE21aVkYivganbH5JvroFJmjItvS2BH8+zW9bABqfWlKiPEg1HF6FH58LmjvYcN+Zja4ZrreMLDGc4Or+y5cpRQBoKJWryFT9SGtGBPtaO3mRw65YR12yxX53UrJtOZuFev9aD13sKvCiI5WpkHGXvuFCOvNcrSVPUtsRFUKlbfN4cCzcqZa8bw51TG8TxVW8q6sQ3RAuUh9s+YOXX+eIlWEmGO3rKXmomGOS9auUOXFp/qBt7EbMFNx/LBOhZaH5hMier16SECyssyAkXmk/K/OoBMATAHxGa+sEaF5kbMR4xeMpOxvE1QsYfKOiG6JYVlA8bWVcn9AFyVGy+X0PBMn1p/d0t/JYb9z4KmINmAwAeD1p5BKa94pXQhJ9zTgKK7FF/7A5dw6+U2/nqxsHnvs39N/HCaKLMgNixpQ6wVnad2+J2T8dkivoK6EI74iFd5TeHQAHs10YBoQqFdMOJ/2iY9UsbtICTSKPCWROCT2c8BEgQCn0cAUL22Acrm0m6KZwdo5w3HCvfjE8L0Jcp3Ho93whzMtkN7VW0sCUL8DvAY9njht/k5pYZiRhTz4fZ+1O80gCfEB8GEhoneqXV8OrLCe8FJOH3rKL39xcBifMlQtdHQRjP+71rfkeNnUYBW746HeGavRurztc55LhkwkPQ9+hhBvVhRB3OFuLWp8fTGdr9LCdxLDifwlVyWANPN1qQv+YlJahYftUAFEHaIJKhI66v7C380u9XgMbvnxKqbzfyJKSlYvjjHuQCXbLRDMKVPMWD9x234lmZOvBVhokCGgkI+O/HHNM4gVnJwt/f+vc8WFZbmM1rr8G4V5pUz13fYNR1Il+tzUh134+zHN3xxn/Byqfb51nT6X1an5vUG7TjlMcK7+cGLZ3D2gioUFlg6BbNcxFHVktkqgS6BuIbIvbKoU0IzbgYQYmVp3ykptPfRb0Y8XNHbbTnwrVp1xK8KkngdyHdl6fxVuB0wi47ckdjEfH3aEfE23rK0K+9RLv29RlJ7z6c1zSHEM+JnUjJHP5Yh0sLFaZ9+VZsZo481RUMnLwBCvAf7eNaNhyf16aCBvIptMg/evYtrZHpUermNpHyXi1tG3rE18shllwhnYl/Kb4umMT0BTVxfdCD9l3n6kkHDwNMw/2JZwZfWeYMTuWto2Q3qmYR1FL1k0dHYrcM3sr5Rf4gwNlyJdnEdZbR5kjX6x2B2e5CVOQJch49arSt4mIFSg0/5ufNvhp2118H7Bv92rGhmUCetS1tfYDE1erwGzeeBl0JLOKec7RwSACBIfzGtfNnilZPsfm9rB7jOICeeKeLMknGLuZ8VY4D/gcyEdPGYihs5JJeZ8cds8CN7tcMcR+0Po7pMOyV6KJx94k8IL3fvNbkjB0/oVjlUDkcDeKh0686L7tP2HtNwINSdKetKtIGCz2bPTpDLKTf1gH6mwTyQzQomqfAynsMXMBA5Xuv3i4IRfuWnZn1Z/82T8+oinngJGMl41acAywen5yO/JMyRmpscUuVANXdhPmJNZ7uPHRlduSsoU/yhJ1f5gcjmnerDpodjpwI3oYt3GcJdok8P43IikjuQiRys1iyiN8wWWDd9mMFFeUmHyW47zRHQknCmzJcJD5gRtLcp3ecN7slKzvGts7YW9IYYxwABAYzHBvtlbfBPPFTgywyOR16roY72gR2e0MxuPOiGjj/Ha97mvzrx2Kt/X2btfZddPDcm1hKOV+QDRJ+9NlpS3JvaHO4TZq8aDlNIT14TloAzf1TB22wfuRWaUcxAf93N+G1MxjbTb5BRJxMw1yFW2V4RAGEZMY5H8OBHMDA3Rgtv1Lvtb7WkfGmLkWg3SYisDVL7n16ryZrjx2gyyk3zEtUdTqlZconSnqmlZy75QTapbiTpDdIPXOTjR0wUNyzxlPVuGclrMx2aujbfgPZSbCjHjqN7uu6ox+78ZEOwfjOcBL2/Spi+kMnLl1HzJSmU3rVfexlzU3XqX+3alqMjxQeOVCIvLLdQSH6rGBeWm7x16LlcRC/aTyQJd70CsEpSDokgPlmwiY3B61ATHFs4rTKY5RjChKC4u8AWk/rdP0+1iAYPqiYD178E3Hj9qCb6UaSMDESVeUE/e3m5P038e95w0SUZkZtMhtCv2DcTtRf7uw66u9UFn7l+EWRDBJfcnAFTQWBW6olvx5UGHpk5/8g5orkeuIXqCHm0WF1LFMbCDirm+tICMFiO2pNFL5qj6iJRg0kxvil4Uzg4PTNFCZb7Ybh+pfpi73wWofqCJKHq0FdyfsaBQpaJWiiEMXwIh8YvczuINDb6zFO7xhrJRx1IUzGVEYxwHQENl63oYGntqwIcw6FdKih1RYtMrXOlkzawM/AW7VZKvqSm5wWE48ECzKGCMH6D8YYDK0WOTYJnK2ZtLE61HiTqjYP6NOdnQWFOWf2+eOnqjkfkbdEqsvJxFqBEhk+nL5SvNh8agKHGTrYK7kdoYdFs2ARZIz4TgHJCseFteNVkl/sOk0tbZA40dSL5CsNIMTsrzk/FtJTwgWCRSl6geaJHho0yPxoJKR7FKH/5poxYk5yV+ow6euz3xQl2Q+TqQVb+ABBPvYwWz/XAeKI/uLS/jsD6BPLiXbshBGaooORIEMS9QZZZwzM2Jp19SYqeQQgEPahOP2O7RTOlEEH7puxGTXpOpmvOs1ZzUcy22wex9T/hdUwor5pdAKNXVh1AZ9hcWCqrG4ywZRwmyEs6JDI8o0KtD/7H4ClXXs0ceoRd/xMCWxIRiLiNSpC950ZDJ9Zvgy837IpowWnkTVimDiVxGwBpXlbg4vuh1E5oZEcKSfT/hSZxq8KHtxwP6+I9e3rvVKmiOZYeQkv+0k5rT5fGQrjyxUs5YWPNEti2yvDy7j7a+nYG7Dcygd6HUL7mu6Y7YuzvK/MugSf7aObOzqGcBGUlGb9br1kH071YfjNKyUwEoxNXen3lSTls9x/ElnI7VLWytbfoOm5tR0Ctno73ST/GBh/mIhkGKJV8IiX5Z5w+6/7HXA2m8fDjYSRI0sKa4Wfd0p/DuDTLGpv2Ryu8Y+QX+r0ehoNM5qbdI3gMoOqPyTx1GQgWfJ+KxSRZC1niApSOZls7AjWO8e755H8DzTUHwcdjBNOf22SFtglaxjKAMdzHhhg1R6QBXiI45C/dYVEkqdKKQR6jBA1LQPFG+m8BYJZrQThaQRJuh9/okC+hDdlx5K+oMziakq2wRN6GfIXUYKPPRpr5JdwPSwkXpFPYEQpTdIG9/y9whEjvyn7GZe27j4IDxcZfP5CAvrFuLpekupE2HSpmOajKz9q3JxPdfHWq7cmE+pf+CUEO5nWWn2TrwnNb50gvKfLpGqKcvJIoIdSQdYwN5ArliDDIZMDezHczyneAGV4Bm0i+SNZIMp5pP/B0EYO4IftgNkLI3z5huUh1AvDfVxwXnKkczVvJTyY+84OLi8Z9m+5hROtWHhLYrGYhkgPGXE9OWpoBKP//VbTunYrIKihJC0rNVZRD0peply8xYLd2Yx0vooxCXTTCr+43plEPac7Kngj/QJX56RMoqnnPnV0Mxe5IdATY9cf+7wJOtT1LRcFHCBRFNupp8AhTDZvKf1RCE3OZS//9rm/jff/gJqyodUVSPPc8b0IGJUBNGP6jRmt8XUOUZzlEOb+q7jz45AxenFXktCXlFoV3ntegz3Xw3rYlEvHTXMHM9KhyviN3ccVqLVySJgABjmPNVXPnFhT+FrVm91Me9u+1maLtr28Ye/vhqg8rLeg+jEiqzLLQrl1xmJFuYKmMFERRqB+gdnroIUMjdObFMVEH3c+O/2iaORI2IGfn5T4dGj42qqotGYLibRXpL+DJ/t6NLrwLsHxCpQESStxU/QUv4yO8iq1fG5Q5VsH5C+sCE/3FI2/mNfvbVss0NVL5+jPXVo1XK6gHRJr+ps3Y1krwgVQrJenuKc5sB+b8dDeNW/h70VUXEIe2U+GTkk8mOaxSdX0abjRgHsO6EaPINLwvHQNcwMbrWJnu424BW1DAmLoKtaW3fiNF59jmFcKVBwMIQXx0jb8K/DDTF5qv783X7lKV8irY9d/rJVpNvuCRYt2nqGPzfGGaXsxBJd8hXfE5WwHsEp29oKLBG7b968wWCrd5HJJRJ9W2AmUaWih775gL6ogYRkZnpbuQ9JOl8T7m5dS6gT+gU5mxKc4e9EHEKbG5NOTJuwpObx9jvzxmsyFg4pNgMYkZ39lGnzjS9JdchnvJzH0zv/uUDyDZuCiukINB/Oqv2+EG3EISxLzBPlkt7T4hNbo8phpdmUlPQHRk6OQt8AyOKDdxBSLUY2OcEvrC3pUWQ7QapeGyiU2TTzoIJhbRDrYI+d3qpLBU0HTurcCmnzf+jZkhXITyI91MvvGJiuOrIyOfeNPeUlSskPElwHIXLimFRdM8EPT4XlDGDrtQ3efY25sYEsAsNYV70L0kn926lbbAGL4p7vI+TAFHzuVcctWpK0quYSDadp1pAAh9EmciJRNlX0AxCbePP3+SiFr9z6OcBrPdmSjMe5ue+ac9bxtcwpc8cm9Z5724Dwb35SOg4YkvLBjxF/dTafX28Bty+C8V9FdpVWeccehTbC4PGoRUYef0nrUYu8AY9dt6UsBRsBMRREOjKbfaipjB5tcoQm5fDG23exzZYbP13tw8ahNFm5RHT4PhmJjdvXq95VArwCNvpZ2sM226nbvNwYk4TsCTJsyqswgbh5UajWDRT/jW9LI7zWHe2IstC8QxnJtkgsdcoxTZNLPMWlfPhDB7FvWgkjlTOE7Ikrcx8Obh7KB8a5whPAVDwQUc2KL8wWAPlh10lCYWQn3iorX6PjbQ7jOac8OfaQnst/Jv7gIxowKH3wqGP8si94Al8/ZimEBLpJxGU3NLdnz6C/WNDm7ghI8S+QO/6lyCwl+rxHXbh2Fz2++h5YEcVdUrbx4ZIffVbk3nAnxQUpAUTEyESORe4jmx86Ylce0A4dhWAfIveetf5PZS/2tLX2+J7ZNhxwheNM0MIMYkSQYJfM4dpNDtbJNrS/sLFC0pxJkJshC0cLqcOyP/Z5k/tFR035vs9lkLHxHYe+mbLuXTlo44NyTmhdgTvtmlt+iXRGZhj9KtVPlyHgBofdGlj0DsU8ATV2gPwqlkcMYwiP2SPrBYh/ahfrLdEQdi6sAPENdNylz4JUDSS0d4jdkWH0n2fF2r8y4p0yLNvGK+30YocThpSMhxcLcOg2HhhTA1AlwB84KYvtY3yCurwhad3pqOb6WWx+Pnv2mw+H2xxEKtugaKQwkct4iSjfw4+9ohhzqmueff8mQ38DwjRbO0o29/rZ7NkxzRCZVX5LfnSxGVfxt0hGw+suMU6Pixufi7e8LFsm0LTUjRHW8/y9735XtqLJs2yW8+QThQXj/hxfeI6D1j9Sqc9twxhunthu7agklmWHmjAwjqiR3qR9auKTS7NMAwtDhYThBXUR3Q8c+Luxl4nABRxfpXXyX5AIgCNbfYFfKYaDXB2u7KnYWNHR4nk4sZYbqj3ZZh5dxY3wNfSKuWmwfxUMRh/ZxK3/rd0hbry/uWzAVh219NyltmxXelPNZyjnM8zq2tIEWdGyPxFyvt2mM5q+5wKLuejbSMr0p9P4e1dATCbZJAEu7bcrrSR9u9G/+ls5llsKAyFKbxtKvrN7ZWw3gFtp/FWN5jWb1gj9A0EGBkOITbVVfu7pB851qpZyStuUWOWoooD6MM7kcuQ3Q+4SRGk2aXtdAtv2njvMBxOyHj3UejA6TXJaR2MnF2w0YXgvXDy/GsaacvO6z3NeeNlf45hCJFKuptKmDJkEUKbBpmKVpU5udxPog+LX/orA8n9LpIRMSE7MlMY5jHgReOj3KGE1dOSFS69aYTTA7uQRUMagTWnGBiQjXgkMQiCyxI520wGYQRdBLj8/q0VQycxdW7gdskhtYi2McH2tAdbzRvRdJy98dLsL1qyKl36Mh9mk6W7UO5suY8tK+A+5BtG1zVF32HU0Zl5IY2IzIZTcXfenf9fwYJaGV6/XRO+Ytzb+EJOBDqb5upmp00q9rAgHac23XpErS3dsk9hEeUD5UDB/RLroP21KCR76TtnQTCdVIf0z7pN7MBXzCrL1Jy40ZjNpeOD5vmCgPfnjEb7ro1bI10usCt1i8VoiV5QAnGvba1JJ3X2UJeRtxrOFAFLsETR9Q9mcsmQ9jWKEUCfkytdkjj+gpv6nP21oeLt3dUYQ8mF0dVmNh51f3Gkk08pFn13hIgx8GCSDsd25bATloyk9B6Ld+CYuKamLTfN+Vef5oyauqS678jK3tXqADDS6+HmYP/+m5Mm3DiDeiiN1EMLVULKtGi8rLnPlCUxYA2eibWcIShU9K4wjas57cpBzLyrY3Wo6vF//Y3MWmS/3IZmXNvOctbv1BHmpfuUuFSgYFgsZZhH5QKXs9iO77qng0C2kG3jNsBVcJrwiFVNYnUDNfkvt5UH7pZISjKkgnCHx1kDE0aYuUDUDXYlY2FstchzZizM7tssAkrljUFEmoHgw+B9KDiDYHuP2PSXoRVqJdu3bXO/uKqacc4Zr6BKvERw0ySKwqLwk3NNh8IIIiCyrY7acf4ubdz96QJm57eIE/rBfBD2Z2HB82SBacL5ZjWfU2GQdsYyLmUBvEzqlIfhlql95cb1/pogFckZRYWnN7BZ/c8E6WM8b4kliBcU36vqG1oSyTN0MXvOlRZLsopuTL+fw6y6qT7kH41TAG6JjwBYV/SsAt4Udin+cK3AhmNk7TanpR2SP4lICohdCxOnMdPbRDPPIGGBerxZZvAuZDNDfGWSmG3kIGDLs4f60HuCnrBIpehAH0GhemhazHocc/eypPdhj3STNsV6TcKR0j0/L2gip/dPf55itSQ8qZFC2lWnMWUxYV2+CjHZjIM7hcEMw4G4dC2m60yBE+DJTLOjOJZiV07+SN9ju7m6q0HYAJKlqN7YIuDPk21Cg9JsD1KbOp30RZUnswxyed7T3Jb8fXsuaFIj+03wy7gnEPnkTC6rqhESfzYDPOPC+V5LFgTGmRCvYR8depCCpQv5aV2mTe3KGYHw+eYXhNmyBtsPNLwEIIl1KJwRZfV/w3YQzrNHiL1R1fAUhmF8hH2i5xkG64ADqNRSxDQknYLw2n5zL9pdKFh4wgwEKjcSHFHaOXuBVRqMSvO1U9hK5laQg33z4ZObIxpTj5HjWXJh5PLhD2TIdwf1UU6F4lUMQ8eiDiWP5ViZb5bZ4IJNBJl52uav6K7VZ8AYmu34T9Hcnd+STp6+6w4BeVq0a++SgjHvNg7C5CARtB3jqGHCh+5iG24Ze+ENG3uu3Gr/eHYJlKinFfipU5elRQdcvbh6MM/MBdfAprqCyZmfpYJkJ6tFmhHSOYEXXr8EPekZUAAN14U78qV38gO0PGVQqDQziA7XePngmQ13M3gEXlyseeP//N0JRPuQu64V+TkM9jbR4PRVAIRv5iOQTwanYTImQBRNZs6ROVn0MJc6K0/K4xx9kH6LJpg5y2w3Q/s8dma3iS5ifWDyzXr61VOvdt3Nf7VqrviBLml6MnnZ7w64cWKzrEHRPoWYcAsaNpizd7DGPwDssXjtjERxaAt7+00ghhydmgRxVqSGmK5XTeC512Tpbdb13X3dkyFHuOqaHfMhfnS3Sgiine8F8y+OGvkwHoaky/k2siu2xb2H2bjV/0IwtOTLTMaGspDyWc+CWZghZPotQ6A7CE6UdEfGREQnYwFzebYAaE2DXaTO7ExBACmBQ0Zm2qoJaw86dsnJMCV7k8nSon3OHNv9sOhMSTt+UwZ5iSGoAxeCPBLnU40wafJuTDwCI7X2NXoY5EYjbLUxBz3A4kIsn8QWi977gtWXyQAfZ8Orcf/hCD6Kz+YUSnDK+5GJVV9qIcmdh1Wff9Qc33O4kzjZ7tnngcPttc5Bh4BXTAtIXg47/OWj04RmN2lptQTvV3AUYSOQ+HF9SBpD8b3DGBU7LEbF+WIuadJdCLNNjntjQmKB8ij8uOFwu/F72kyzjmwLusQ5HWX3XhhCadkqaZIExzmM/3ZZWpDQixgu9yaz3L7QJYL01TPt/JIx0L4ej0gOgiKvLYUJniY15ePyxwCmLZV0F39z0E9JSr97lqiO2VBX9eNcWWWYXLgZ0EDBprLBqPBfuSLGH54Jary2PzxjdhC5YlaWpxEaD6P3mw3y8nby00NMg6WKtlg/Ao/4mVmXAtL99KWlpvQbp2wrWHvmrh3JePJscGzwc7YzsQXPowAovRr8oS4h9gD3xmgeJB5CLycNs4ptIhf5RTcoXI7mdUhcOBX0S6c/B0ut0ij4MvtU3mYkh2/Jd/fNQeQrxiFhZ4UjpxET/4Bqg7sSBJ1cRh0UDu9r0CN4ZJTWKSyfxeC1gSw+mgxww7uVT3qM0SB4YyBTtWQqiKProxvhIdLHV5nMCv4iO5XHRPE58i3n63NtNO5jMKPXwHy9hWALgFWDE+cktJavfQSY38g8vyCciH+Hc3I9mc9HDfxaGwsCmOeasf0g1isZXV+OBLEJ2OB8l/3ecGvVQee9/1fZzquAhT9+5Alio7V18hLwsL17liL3cycIbWBb2GwhgWpZxCSmrjmHe1G8eEPgi1orqmb9GOGoQgPUzE/4C5V6zzaMqNGO/1WGWyAPYPclISpa5FZYFLIZV5NA/fGVB8Ik49dkMTSqhNG6zyq44HiGbwLc0gsCfgueu6dx68Npx7I+aAhu+LyvDynqDMBLy73+a3nKmhCBpQnMb4IrAiAoH9qrXS4gOHNv4i53qpvgd+SFls05B6HjAJrteM3GgfnjkJIXBsrjfBE+vEpwxiosCcE/3oQIHrPt4E9dUQhzzvxpqtSn6sg56ytBnyYAH1Anmen8f8ObTnJZ+jnpRa5GHRox4e+pcF/CA3vXMfmJkaqzJfAbTNU4R/sMJ2vkVZFLqxSSY5oik30JJn0iDr7EiKM4s2ZqpB4GNK0SJ30HzXiIfIRidUy18q317IYB9cRsznP3V6zU1MrGnuByBCx4rEXqJ0/uZ1KfCPnGG9rSU7OmeWeUiFvZvfEYlt06BMxJeBheDBnPVOGaYcvQdKZahmo20F9RKAvG+Ndms2/XUPr/pLI2NJ0/3+1mvEaXwR7BufEi9m4Mn863jflcIHhv8ldE7HnGc5rk41R4Yg1AnTIGIlIuvkwDzvpLZBFIpwu3TwyxefggArbfyWC7blHtyXDvjtCxIKrRTdddk6F6Z8USIItXhoQlv6/kFeSq9gEFnhEQIczuDM0RAUDhogqdDkciJK4n4LxwbjyDrf7kYIKKbIgn0ds4ocqeh0UGHQ7Zn5Igv/4hdTWMDC4yoigHnJknss3AnSq2FVCg8Q3JAY9dYJQDmMfrbf5qapmX6nhcs3o4t1oqLkNtER9BYMHj4n1qU+rhL3wVXd+ZM6GSi2FvPRoq0I9liC3m+aBCz/AXqSFxNmRmEQ6O2pBKhu23cy9CcGuoEO0WMbWHR+2aeHy8bzZ7SU8OXJPx415eP85a1kRYVcXuG/nFojv+Q1mmspXl19m7hfZm1c7PfEYSOJgxluQslxwffUkxm4bhm5DChPY6TXMRi1y7V/AW8l1VakM/lnJoJxbfz3WmI9z8TvksOTXxatAxOH4Pv9XF5vlWO/dlnutrkJL2KIQbtWNnkd/nQnVKHycmzyFR20bhqfKbWwWCw6H/oqRkSM8TxrgDnBcawqd7ERvhZVuR1EntHKhPManJ6DbLBux9wFuJ/xlZ09GfS3VwAjfDow/XBWjRFKFXdBmRCrWtzxezW+brKufsQil4VQrw88kNKqGr8rDG4Mjskst+10AAAxiXMokbJ6HWB/BOVMVxvKHkgLstnZbQbOcbIwtNW4L18ZRP09CP7Xpr9q/M2vD8aX+7m7q2rqfpcDyeBlc9Q0IHBQmyr62fDMSzp52QqRtg9/Iy71K9pv0YjBVVqPGPybriatfKTpwxCWSSAjMF6hWL5jgOSyjihJTkhAbWcIbyYU5PqAX9kMlQ9rIEElgNC34Er5M/66iAjUh60U1c3qR4QmWjRkFCnZZtm59Ou5/qMUADAF0tc6liPcBg4JdYDyY9q8PxIsiHnoYz/ElbRKKbBp/m31x/3kadPscvqVIdlmfmNjbZtjZw/r5EdSJcw3Al1CjtcOnT75+FS03f2PxRpGqxNLk2rk6wFLkxEj7wKhyTYHPvxlXPZEXAodSh1R4TtPhwZUIRh89GTuji5cpopDCLwvmK9N8sNceVFoMmLM/fa4AsZngQNvfMbej3s++IhQRwT51JrhsgB5Lrj/4H03liQekKV5eN9cJfBjpyMN/MqU/QPrbS9jZGvq5tuA9JluEmTkpY3zuWcTAzF20S+W6Sn4eErM8BYhcIdfmEsr2ZG9rBdaPhvwHufcEGc+3SU4ut8g63Mg2e8XtKbB7WVJIxmDuqHDkct2M7J/rckSnmxW0qwBt+RvwCgEdWI/IB4cM6s0G5voWKhnF5puHpQfj7/q92Ze8OBTAWstqUoBXSkeUg3zYY3ZY3w0t1lc0wzvw6hOmWLAyCXMShNdU6f3l38xb7g6vNRRCjr4bp1+i+hj2M0VVsv7YEYbc4wVEGYXri5nftYGAjDyXtv8WWwwEloIIm8upDktgBxBVsrH9gWIlJFZXaYCP7u9qEBc+wExqF5KVcwUW/C4xUh9dH6H1LdxFHgmVQm/6HBMycQLQ4m7XAg73h89Oe8Dv6+Vt4aW1guUMr+P0+jiH7MHle93En1lOLy1oaJXQ8eBCh/mRR/qi4b6DDuzKS/Xr5uifNsKqWv4z064oTrncAs1D3tCJMYWf5NBkmIFGO7FwFFOu0DbRRhTTLYpoN8dd3llfNJ+0hyzWDkKz9jEdDnig5FxHw8eufZ5aCFU/Pq2PCvYNfL4paMa+ufL2zMajBTmCjI5J7W7YBQjX3L60oCZqlRTxlYDLdUErSKeNZpD+gWo79uy3f1wMOTKYZPNbNrDr8YeMETHrJTYUe/hADnEvUtSQZDZRq/yhBdaA3CldzqElrleVx5cQH0qO1kVZBrj9QZJ5Pa0PTR8gAm3NBsd/y5E8Ycm4CKFcjLDl7520Vn4mLQn9q2Z1hu9JFc6Y6bVXYxMVMd8buuruaE3xYrVmf9aUQMXmf4moEE8khah0Yk0Wd5piJIeW2DFPHQL+mqRnowKkjSpd607naeMSRUqWVANByp+dQP6ahNvj/lMbhof2DhPKtRHcHNEZXfZD4zocV6zYioxFnyQ9ZF2Bqr775miCfPs8SZI0lTaypRgszZsoV583zauS9xCYueEYhuGyVLMvAljFK4wHwHyEzjwjX3xwVJaoOYNpn6Z70UP8qeo5BI+5WsopmQPA13ZjmkHkRcQnsp7vHvgpuMfj3AUrx5p+24XMNDk57OiIlUSJgjTBvLMHetjyQWraBhMHh69mB6rJsd8sjQguI4E32z5hU8Vx323xh0ZKfeOUQvmUX9EsZ6oTEtdDEXKZS+3sVi13e9LjcS3tFO0vXWkv6xN+sLSRh/o36SCQ4ol5mflXNiaXzPo0Q5tmVqbDrqvxUIM2tSad5QixGEDfxG0VTSP8MMhPcfBZ8pzO2bcWJu2zy3ysuzReAku4KFga0sy3tq9vvR9gqv15jMaTn8Q7LHfD1ZB0/LhUBNhxSyhmY997wnQPEyPZv7C0+2F+pHnhwOECllcoE5AgVYf8CSLGtVqWxg4tAO6j6azVzC2yr/yJRCkUByZ9DmKL6NA6F+k3wVA+Yrcg1U2s995NMfq4vvLgwvBOx+v1y+KiO29LX7wFXXgIpcj3KKXG9w8oBgM8S/O6+76IW3RWBPCxQNSSMMvM2LafYVtH4bVIYqnXmKyFjo27pcMGdpoFYtlsTi3iVrKwxlZMsU2Ag940QVuWkuwz7r1NkMeAxCB2RoGLy9PmnZa8LbXJM9/XR7n8QqHtSu6whl/383MWwSxPiSZ/EY5/LPdbgTqh3ekGgI93CSBWp8TB98iFO9LAh3V81D5No74bBF8QSSNOT35oVW6rJaHy+1Ggd20kYN9MQyL6az0OqdFeZhAd7SuVClM0dlbFiX7+FhkN27g/O0g6pfi+Jmgc0pYEqYgMvNjZO12wkRfPoCgbDPGOejUf43KgzT6nmu4f/cWC0AUPvZ4Erf/LjdKgaKwq24f3xaCFkHObv0Sh2SL0dUmGo+SYB71OH5didnMZHzlhToOgUlAAeHHIojIG3gYD6btBGQq3ImoE9yUL85L1p5DWK4reQdmG1KoinSph5hw6hOUHrjOrwFHCS7f1ayygyqlmi5fPCunI0nsq4OXAJqUnMpe71AIrfceXRLz6h9AvrC/Dg1TPpEP0gohiQLJDuVjnBhkWpLKZsNarStoG221+t01XHv46135ixuAS6hYFgDw1n8xlPaG3wpZC3/5XDzgOtd/6kYfCecfyo3fxhdjvKQ5yh564Nzzg8imW7f0sMN4ulJPm/ZzKUfIhrPhZSr1aJmRWRMN70rtt0P09SiwqU9DEcNRvzHNGUvbwPmS26xvV2E8KL4laG26wciUyy/gmkj29nfqjj4fQxt5rDo765JkGf4WzwHZ30ie6EWITeZjM3nLx+akOxzyBWGvkSQfpuABt2ts6f7nQUHILoZq/AvyYQR481VYFTk+LiRGYSldAKZ1cY525t+u4r/Alhrsx5LHXyw3visO/aUUgiuIGXPPL8gWQdPfKM1vffRoMc6ry7KdMjPdSnQil+vs5ai/UV2mwZIXhm0nCbqMf9urMuPFTEeidi8gXYVL/yQpHsYHpYr3bFXnJntZkTmQybjaS9X2QRTDIwkD+wVicn4tgH5+K+cgtwV/+1fzegXFy8IevuV2tPPgX0lluIA9brS2+p+s14dc/6vMFbYhs2wkGL5v5uWAeEiLRxVFPDj+0AptzM6Hbd5qG2YYqqwzCyQepNo0VZV/pJPzTkqGOmdsGlJTXK/miZD8DBIm1KoLa8TmW4W/gasg+l1RnKy1s39I9F6phgwZV8FYJvM895d9agbfaQEJ/rzqxn82qqVWdZTDMv3VPWAO/xxRvr3VoC8MUwbSN6majYm4UHexQsyzRfGi780PgHSc73Y1+/LZMRTmvXw87imaMZR7DJmVyvyWbpafgVwohjGZUHmnjjNJB3YuHGbFpoPX66plI5asDq6XnlWANBC/d8MEbSPm3bk9XZy669eAzY7P68TZ/TYYSd3UFYZd8VsBW/MsJAE7HnQagp8vTvos83B0QirfEq/hnQAwJ/XQNAGEMW0hwLLZb3rK/b4vTpyra4PoiK8ibI9OxxMNNzlALBj7nN+Jbjwr+93xG9xjIorwIqnb3jAvytAH1GDf6jffoB3IAk7xxiDEVrTWyJ2TttVBiUX2GsMZ2397jlXt7sgyP341uk/xr4z9JpGsOlexVxM0nyUQocoR6rP+9YPyxndGIfBjpwGqkiss/3Anedw2+vgYRpEzQF1zAr2DgPiO0Ac87P2VVZAhxSYFFIW45Z2rzHcaP5BNJr8zccnwX5njLJv7iCQ3YNF2lO+YshB808kIMY4QAUtA8z6PfhhFEBpg+9f5+zhKZ4dKfyu7QtZDSbW8X8919eomeI4mcPfFMO2DY//y0IX+m6kx+s0/j/Qo9lHf9Jh8zdharT+UnnxZxeQO+rjklc/PlUE2IhrmCHn8MFZH4Bbp9HqlHF93WgcPHNr8Udep5v0ug6kB0aRfTBVv4VcJdfrOtc3nrH8OqIIntKGaaYfNu2TSLtxQU2aQ81ZCc3EPWUNGRqPdANyL2XET7bYsCSOLXunUVQ0HobyIVnIr6H4AX9X8RfiHSQ9JCMId+0vTv2jvc4mOqF2omQqg/2QaegpHLD+0JZupq/cZsXAP00jG3nyMbtN0toZ9oEdFuSBAU6VTSrsNBe0e+6pJJeGx+tm8DpNBfMw4dEAqMTnHA0lNo3ayBLW3cbtKx1we7h3789EVv/gbMSR4qxR+zLqwP7h0P/jbF4MmUIE5RNYLClfvQol2gbn6OoAXebSr5c2ZPGpiXz+bZuqxUTdE6gcq/WjyTGhJww6p93njXUgOpQEvuOvOgAZa/pSQXMH5LLeF4pxuxWYkO0PbWLgOHCPW9NfAqAAuxkdFkPNN8cKZP+BVYLglnGHZaD/hg5r6l4KOpfbXVcW3jdliIxOYFIO2s2UT6XLDwbQGs9B9xt1AfhYr97s+q0bSnCDbcrO/IW7AyMf+wAQK9P8hsy9Qi/jdl0V2kEraFKm3AKx9HARpgzei+lmBRS1eU/0QaM8FsAyfpV97wWhsHzJOuqhQLu3rQYUmO6UBzEtm6FM4KLoU2hH464V+DwrydX4FBa/dU43/y6MAtuk3YuX5ewd7S/w1qwkKmbzgiXoflXqh36EpvFBXkiEvHmg8A/U61mthBmXsnW8xqbtmqMq+UynY0Ry0HxI6hD2nZ8PD9Hq/2AE2YO0/75rsP10ACale/iveULgNwbfAeoH5GKPWR01BS9AGYxS+nxqCKR5w03OSmZ6NQLjiyHUPXBWIMELczAqvcn41jrEoWn882Ohiu1lfiGrGhjfoAuehJvwiQQ7NGpqp5HGdlEvjO4HtffJ85Ahj4h2n7PPnVCih6hiBCitgw2viqJGvEo6QNEMr2H52adnm4uSC2R3AEDZbKMu5nqPubcdo45MS36Z3NPvKBJWdnUVlMQLgeMnt24ABEsfh5zOcNPyu9QcpBewW7Jv+WBc0wca7We9G9jiD1TQsbCE65n4NALQixd6+IYQ+bH6gzJyVeGpvYaPOAQ4ht0j5T4wAP0yfeB5mji3nHS4wj/pK+IK/HtbXUlP+9uK8aGQCWynuXcfPPhZLsiuL7CUz21OX2nmrC5a2dPu+qH5d+3gRPz/p51qmp5xgdHBu/5LpERfkszT4epjgRmRV32a9Fbj20DIB/XXpJ+4EW4MYtjMyap9/dbklRAvp95XJG7yhg/kp7AMSyJTiH1ypxPiHwPZxxA8AoDaQxX4+DLDeZuw7PoDQZ/FS43YEQwSm2TiRbs7cDazNz/fswvYsWRx3b3u01Hutf88ax3Uc++VKWM95mOUXRcVfHzj5yMsJF4Ik8iG/cF/hshUUctkjtQTKRaz2IdyJSkrfRUOT+YEOuURnW0Qndbo2ev394iP+I2zeo21hSIBo1zE+bMt+lUoxAl+opbgv6vb5kX7zph675r0Mjn9Y24wV65TMaU6+avwkiKrtYJ0xiCm6Mxxky9Sn7JVgwhSRuijf7ooCKBZA6PWV/PqOyeKDLGxSA/Z39JLahVdTzDbr3MkLBPrp1EmLrI+2rhyzUAw1cYM3uH2Bm9ov/2ZqnqoC9N2EQ8Ahzl+vaeyRhkoJ8VHa9lml4E9TF+H8WWcKUYYvpA39jHykrmy1nGjs0rUnF+nZQv/VH8cF0Y8V1S11+nBda7hGVeoVL817BW4k6bcDjZ0RXrdDVfTF8lm5DbCPv1E89P2Ok/oV/LDuPa/39pwvz5yq7kvo4Da7Iz0wV65jLxyWrwbnW7MPiwzq1Xo7fBYGZPHMMO/B+2gSZ3hE8Fz3awIstwbI+VCSaFR3KZAVd6xZY3HvKU/ZdlhvrlLub1q+771b5KCewW0NAx3ZnnrSb/zXPmfiaS8lMd3v+gvhayjtt4FMv2C7B3smpGZkH1nsg9xeOXBhjiCK8BcJwXXtzBcfKJdgEw3hVusirEHAfrY/Uzwhe2gEuju901tuX3/JKbMG6+5CfRhm3AqCeqzJ6/AV5sHJWc/JfFvOySU0a+bmSYjuJFRPJxLbAEzXWH485oCbqsDfcz2AyrC/5Vfpy5YA0TYLwWDJTCuOlS6FUjY7Bz/zxlFDZYkzF03CGQy3fGDduwmcEFPH5wjvIBpjaz+8im17f0br2/BEQA6xHNpsVlLBpMfV/VQp6P+mv0o4Dj+COPzwFcdU7MPmaCF3liL87CDkYv5yAaVC4+807bN8eZUgVybjPDz1f5N9NP7zCDHA8kK8PoAmTEtDA1pAML+UfQHPmSyyk4orr+zxYcxnfXtbyJ7DY8VveS+4dJrzmMVbLQX0xcChQBzExv94wKprISlY35f8YOrQJYxmePmnQnLAmtPOHUkP2pCkueSaZNWRecaCdXLmQcoubQACy/rl1abNc6BLivEOdeHygxWjHezGSYhMfBOyyPy3/JJf0PwgHwE/UxRJoZ1FBHSUXNWnGZ6xWf7lsmq4D4J9o/yv+tUcORSvmMbDPzRykyDrvFBnrvP56jGh/CPpgtNbmWoGxBQ6j11Hy5PhZvjZSyjTJpv+kKHAii+ZqV/yq397YVTq60I/QOAGAYe6fMXZhixpVQgPUq5yFqyjNV0JlPI10wPewibkyO7hIcgwYkZJRKNg2QxvxdwKKg0zdDg4tB+OI/UFq//7JqHXdhz0HBje48YYjr/vzG/E3vfzkuXKkfDaEB9OvN9p76/spRovjCIDwSr+Ps/2BoaTymJxreuV0qGikyqyVnBWclUzctVbiL31dE0/n1X2V0Yfac4H7O+zfI1EuEPTUWmQ4GY/Db6azBM6akXFrrLPyp/VXyGZFMds4lPEUKs17mBxrmA5f9/P9fL7fungky2mNeXDB3nw+88/MQfGvzyU5/mgZRny7+fNVhfXV2ZV/13/Xy8yq7+XnfvORn6pz+//pu26SUlsaXyZUfSQZIXbdZvna/fTkcQCgiv2J4AYrvcVS4+EIx4yDGQan73zCOD8UK2PQRju0BsG/gOrbOAxMp/Y5HzYjBG5YvtiUp7nXgpDJwzzycWKYVJZ4ByWoWeG/eivD2O5MsjoZ/SeYz/s6/ONLFk4LIZRWu6cmBcLJZbMrpb1llsOHpmXAD3PYtfK02Wee/iXyEMqz7LvKgBjdJHoLfK8KrEfpgroR9N6yxRbRpbsianEk2W+tWUGFSOH9sgw4sVaUGWZScVErjVaPH+xEVQxXFw967DGTORfbAoxzOvh/onFVPn/3ul/7/S/d/r/4Z2UkGBR7CGj1beqns9zWJ5dS+pB5Ot+vovtX+C7YhxMsbcE3pv+ugJd15dlGjAfgl3sLyJBhoz9OrfhSvbAqgaEgswNwtDvW0UQmjwk6j0xgz0M1ZHOr9dL36Bm98JvxES9hZEju7sjhjfHlpZVy9SC+DlRkJqet4TY8v3Nfsm6w3jK8FyE9LCUDgNi/HxccLMo6J/3GqTZ+rPL6uTmNene2XxPGYg0fLrv63l3JAA8/dw7DR62Ur9SqeV/t7TsmI1fFRsTvjo/V0OaxKu8oedB13biD2PD86Ym9w+mnwSjgR4wzvvxJikt6ber9Wp5o62XSac5f6d6EVqMcJ/NkSjiy1fl/taaY0Xv/JuVD4phDzJndOaVZiST5TNu5CNGrvHLBc0w2N+TIHTTRNIW1mq02mwCcc/3wY5MAGq9adpCKWXEkeHO8ihtpBVcDYkVm4x+9JvXdISg5ZF/56x9HtJA9ZdkvhbteHjXHaje1s5prU1Uy8Ike5wRE4xNj9ElTJEO7plvtEapjtEcy4tB/Yt5+3tE02ASEUtcI5Ki5G8csHAoxuDmPNj8Rdre3tXOlZgNv24p5b0w6sPFwdQSeMzx4BgIqGkKnXbRU/suX4cR5je3EyDHscDyhTBUg1TzvQx+U9cPhq7bJX8YubIwfy511vA2uAv12cwI7AhnMe1HGq/XG50cpG4O6MHrMNWSzUjMmunBEEnNX6aSnQhnsNL+5i2IAiw9iftcUwhFSkoUqOY4Z0a4FwxrNvQ9zPQLirGPyYMIkHuQvTaEKQWuQbiKUWAhKgo2g/Pwt8GGJKaqI1J+RIjKLZvfR+E8S8rvw7XyWeiUnKJG2s4/1NQxucpSiwB2TjQZ5I4/XK/lnW6+ZjH/gkS2qWJTd4AMbx7GhDFhfPL5ghBk4TKpjBEUJizDcOv74f1L26R9jcguLz9fyMcEvPCz+3CAfrWv+Q0YQeBQCoHRQzBKFC5Cnd7CjkbKX64eR0ZYSBmPalsfgsZ+M9D/m3+9GGrLZ4zy/Wnrym1cOidv0fb4Jkwn6DfoyDAITongSfSVqEe3BqgaIBhvjLcdwMVJR/51gzje+oaFTl/uNbO3KvCKANdBoZZADIzC1L8anIUEgbtsYISBPnp95cBUmy/epIzRf+jN57zheuE7peGLfvTfjUKiEOdeunSmiu5bE3uGLoqvHmQaiuG0xTYi+i+Nn2ccjRXeSLwSePmWVzQF4bpjoNUU64ZeSs9fbotF3+L1OmENJxTz/eijgcc8yZZytAW1OpAwM/UArB71sY01wpsLCgIB81W8lRpJeaA+18g8TgPeiB3IBWfBObgCG/HjFQCxxvMuSM58699p2YWM99LgsvRHvDFpkI10jCUMA42LblOlanCtdcqny9/r273OUZmUT6iV7xo9xdzPSvVnmV4rtpKdc94O7ch3Mfbku+EKCJJmBzcDs0GVIQUz7Cul8Wnad0pRelN06zjEfNVmn8X/qjqE9CwwqsemjyNk7eMOOr+vpSyL6BiFIQHFpofr2FLkbu5hfgeNG/QVfczJCHfy1p0USXkVY625fycCrVN3/z2ZJT/Ykz5fHI3WlB655HCeE35NBJTdtVnvrV36Ii+kkrpR8L65Zt09kvXiYKLcSk3F42+iExsE/IjSimqswgE3WxgIASYeK4sOh6MOPZhJY4ZWBWLVMLWtwQrHjYmUobUXyZK88+/4a0TVILsmq5pFEMhn8JVDlvcDU3nGkj/B1ffHtHRIVp7PyrHaz954Qi2FyVqMqBqdrtBT2kEejV57eX1aIQCJwAPm4gPr+UjpJ+iZluOoJDOKuhg2dsPsNA2/B4N7dLr7hRi24g74Ed+6VlLapJJ9yKYd1UCExh1O5xhlxZDYitWDGUXgOMVL0ilTE7zRYzm8xPt84+l91STa3gLN6yC6pacTutuB7QZ1F2s4moweCKQ8eKVlXH9K3xvNgBS2RtpUVoYBBW0rEulhBt3HnQTCyZ0eE65q1YNccCC1Au/gt6ET+crig06wmoLxGnyC6+N8y0gUcT1YBtm6moze1Lis5Ws1JYstbME3DPLza3bHtjhoA8elLdYpiJzfICerXNQX57EYwXDO2K0WmSgk1e7x+3uU/qOKs4IStdh5hVFbuuDL6eFLITRRaR7QdbUAP5iMW7k4H1jKEo2pXukrOeuqSBESqZpBnfHFwl8zmeI1ITiUzRaCzGUBgusq/SsuEdEEb/TuCKaIJTysYzMh6BEhTkl3o3xdda5eINxiF5bfTe0Uf5ZzZLShD2DETQJQlGCU8B0gV2sfL8KSogRMTNgLPR1ifTLR/Bb26NYy84AjftLOhXdcNF0QBS4nrmjMXk8hLBiHmKh+AavtjndU+hSxzGaeZKT6wpTjg9P0ldBS3s0EvrnRuElbJp9NcFwK1kjgVlT0L3PeRX3h+OJ+lRHMglQ10T0x0q2FGwg877dvPZI1hlopYfWEwM/Bz/BLzcMgr0egOf1TnAKnfsTujPLsXC+bQoe59wqXQm1w/RPCA9muFL/nIIKSCp+b80EvkK2f0yF1HBKZIiIcFBM9J3fv3ZYsP76lWq9ixgchIBNzRnb/49LoIMsgpq+6tNtjngS3Ej6bXbnex23EyISVyYE52T3wryuQ8sNuS3k6agDNZhiNDWvfPuguwW9jnTyreakdcOjU2YAegoLO0MhvzrpwHIgVZDEjJb7TlCHI5c5rc3iv1ImXUUOY9TDLxfXSBiLfi7lD8CKiYAbEGR0+jwZiUAj3+KqVLn8Ktu63PSjmF7kn17l8eHj7Zc3Ma4y9igiZeJY2t6N3maVfr2SWE7z+jZZ5X9VmoqOPcOAqG7ZQQi7gmCOo/gj2JPTf5ns+mar1YyWjS0abcD23j+v3Fo04inugDhrfLJDKnHoFDfdhTp9FKFmcnVlx9cX7rh+vIe7z5yaxLRZfMYBYWyAdqhP44mmsNP3LtPezyXopXmzkBfy+IU9G9nT+xDFj2yz1frzzOYA3UcCbdEdf+E7ag3hn45gopz3n4SYPlN9hd8u+OMyiQAxobmjkRCVgnrjqenGyeRFVpvvsLuTDMh22tn1Tgw/Xh2PrDkfMve1XpXbIIxsdJlXqJISKG904ctMAK5Em1xxkLEabWHkHLsoP0TL1tKWYhJ8aWRN5INY8BXsa/k0m3bDOeoDixLohREm5SUt5VOOSJ80stXf3uIVYK8G8bBKPq0YOKCQ7NYfpqH5r5f2BKV+j7t/YCb8dSA+WeLB5lUx3rVla+A53GsDfCygQZR3PLNuNkWv+tytl/tGUgmDJR7nIWJ+D8nEcRiCbZbUy1seUsXqfu6Pjku5VwHlU8kMazG1EgqsOHQe5K5LQ9GY8PoBQNXdWD2VP8GD96h9sA4xkAX0gL6XCHHlVNKVWnJAWcUKIusmXIi5opmE0oT6kK33YYYqBXoqkJTfvxMf4hfIZVZxTbdQ/atq3XFMjhKqh35l5W/t6g0UsRHUpComtw8qCJ1jVCi+hwLT32ID0rgR62Gzow01I9K1Zv7iAAaUMKsr03HtWk0d+vqei/eXblfV+jSWRudDK76MvROsBQJEUMc/3B1AqwJHSLnoZPDw9fCSgLLmROUGLRXZJU2Ne3Hc7jR+QjFCgMjv43SjhbJt+QGkIIDR+59J7grIvxrNIDVNAJvDDO/nP9i3OSrbgQNWRz8LJ7U3cOowFSafIdi/HYuSR0i896jk9qxaKJoGXLbH6lylk5RUw8pn48SSkIfRZo7T4gB+9gl9SCVDxlKz6NhTkFiCyx9Eyn5da/5L6JqK9FSPFtqVm0FNlvGT3wLghYSaqXdFp674LEVVMeKwKfAx5BqTxH3UgGq/fe4CsrylZYcWIIxxMfmedLys2ZQR4O60FwqncNve3DKXogU/eLwNN6lHfq5AfW7gbmuvvjjg2qMKiGYd4XFSvb0od1quye8A26hGj80ieYyk+yDe2DRUQYeGYvwF5mhv0muqf8gW4d8fmfhDe5j/OkIJX7v2YE3/PpNwNgqm3pxSMIfrhdd1idRHXeha14S6J26TB0/gDLuv0ohNeiLSADq+zT+EJtqe/TGOHMCXcfTC+w8NqSW7XoAaPmjPypRRTjU8L7vBugBIZlX56N/SCafcJ9DcbNgxnGdhbrUU+FbkelL9yEAeKW35nAuVxIJpcUap4irtNUKrI+A/EJFv/R17TTQ4CIjsoeLbCvHijxCfaL58vKxjcetq/e72tepft6jXJQ9kUeEZgCc7cdYM1hxK/ysfScqSeSb4FuUQlssWWcrDV4SliboNpB8KOAbO40/MnkWgp6g0F0FS9ZjhX36ig3MLAJ9X7IR4GekwXWFrpkNAG44KJoiKtYssXXyl7KxrJTnTRFLfFrSXaO0JTeXEgdHL7IP1XCITIAcrCCoXA+4mNGyZR7v0CcvwpkBfq4vrL0Aruw2BX8st3EvAhno9+/uxdZm4pNas8TBrgYa8anhTOkdF6HuIs55CZ0jgWqVWky11A/utomQlHTEUD31OTgVuqZsuPnYN3HjzmR23wqFNwenMgEVyomWJT5IKjULPuqwTrbRXcqUCQJTBg8M1IwwQCJYIWgo1vhgW2hbkc8jrbrF98ZWNYu/eFuVi/YQB1b85Bb5sy8pj6ztMUcomZQEnNWRR6uJ0LkJAHXntDq5w74eqUk9YQ7ND79m+kAybe0RFmGMtCANKQsKCyZQRpraCyVxtWaJ4ftLvhINdiFurxXLPvUOEalrc+csSJZL5SeCc+KX7k057nc3hRn6twuakWglzjbsOHN8VJgkKX/3J+t78JqqZhnZ4Ft509AZOyIcqw7RBny1QsM/ZIpWMuQLTixDNAENs3ARMNWFKyTsylHVFO0dApeRI7lqkVhkEmPFOH2ID4BBM884IroX4ZKhCd2lSRzJ9gCI9X8gg3Tkzabm+l8e2njhsPjOBfDbPoI4hdLMl8+I9Jop3BPL4tE4SUwHGxP6tiV5TXfoZA3VzGgUwh4PiHyT20JymC6SbKB4/auR9DxbV0xIGncncoA8jn+yv9NnUXGu2AtLXNWqKpM9vvAsvDYoTHjKTPm++plRDUg5Kj4LOmkHZi9Vf9WJKLeoFQbI3/EUC0Z6emopDNsJZbX9bjzoP7qiVPukdvbsNqhmnGFbtHeorh7qMtERz5qSDc+Khh02ES68umR0jZkZhF3x3nKkWXbfMCuy3Y3vHxFrdjqPtDQLvu14uJMtl6K3pxT2I9gusJtFoRstFRypykIKB64YdxbUFyw4WYR//5y5iZgSQmbkWUXhKuw8/URVxpgknW6HHb1fO58xsP/CB9SMahF2gO4xe9+eCkBUCz6AlK8eQOylJoZJyC+zWBwxKk0jx4rNgg5ozhQSCPu14boz/kS4J9Zf7e37YGBdUf5njDEQbBRP2TtNfFTBsnrp4ePj5P5Nt12Zre5WYcwUQR7sSJYZ6HkQ9QeL9hLMIucNntYiaobwY9ENlczcZ5bwLevPvHm/exTechmLoKYULH7/HtJ/HX3ExGQ/CsNava3/hUR4yT1Gvjg79HcFX3GDeO+FUssMM7TXcMiTWD+2aVGltoiHMBrJ8np4R+u/RzMT9ydmW22tkW9IjXd4eabkKcLwqn1ttkfyuD4pvYZ8KIqkHHiRFyCTjv1htfGOz7LOgOyP3QfzkkWPIgK3x9ZG91QflOA4x7/TVlGrT4vz4iSlE8MMp9ZDHQp5gGqGSJuj5qgcXFcROi+wS+gx4+L4Sk0sKuGA0belig4dy2pXlJMZ2hGiiof9PkFlGCitEla+WD84bgdo19Tth1EYc02S5KnZyT2gHabnrpKfZvkmLUj9nr/ZIX7T5xgZ4+m/HrLkDihC7qKgkWgaCu5r3XNbOaXl+//OHTmzsdvpBL78D5FW8ZWk+O5yGSVBa5yK9MaTzp4/QU5bhYRXpMQNt1TX914yaFpbmsg4LQLwMbpC1bLQuOuMtjWPHUst+ckG1WI2LMkNJ9Lxk6FPFn28mAr3XKqrS2Rxfj+A2xBBUlhmJIbdjMj58lVnGJS5VUE6u8PUU12e0ilpteMxsy5TP0fFIk8Kjq/EO6QYbGY0yIIQm2KfxcukU1QlKxg0rHn652uk2vRi0YbXCWNuxR2WhPOhya0xxIdI1gOLbWVuhe+gcXqE1Vfqxwlx96T/VYYb8+vmaYS1e/RGCMuNZkHvr7nBleINB22gyxc7v7nJS6vZBk8XcjENUYxLKZL6MlMn7oMBi8oiDl+RZUlt4Cuu8DWcmtNaQGzuFSOAxD6zscoy+6g+deni+80IjmN/u8Ty3UlflDIVwqzjcCw2/U17UssOfGTQunnizjmAMdvk4W9HcT5EJiEs73b0pw3KteYipqn7WSSkaYxJk2zedF0gb3bGMr4nae0tFm8SdOHER8IrdpQb3wDQ0ibPGDrFJ9ba2CTh9ztBu+yTrM7xo83Deinwk9AtmgLbos3QXjrpTucDKmpDrjrlVyv3oxi5ETAGyGelmGuH49QhC0ygGRUZc0pI3omRngz2OAFQBBTO51+hulpg/S+6UmaXF0vXVZiEcwWJHdAwVPvBtAzfPNsIUvvjSPtGCB13/FvxrYYWFrB5SYogH0CaNAr76V+W6/USuBn6GP/DvMfb395wcj4+hXOKSUR/v2oK662zNMFfc001yeHfJmv6kL8jl7R4dik9elKmVqYkmwtiDEcWzgZw2/9eXUVT5+fOg+vxRRoXkswRuitWR7I1phP6c0mCCbG5+eZw01/8HFaESGcZkkEPtqxhYbjSB7H3lMVAGOY/JBqt8vF8lDsM/AAGp/kHNaVHOxrFyTilc98VsjtI9a8/A7oDiG+fRDN9GAeV/FI5Gz5fXZLOyFoWhYetfh5XQk1LIpdSL4g82zLCFx9YOrc3XCIDeXFZ+HCfy6UUo9mCHmtq/ePYUEIn3az/5W0OCgQF8YxsRVo3dHPSQwfuSgG1pSXXH5E+QOjsNWucSDSSxnhEzk1xPUbsozDJJOg+Y8Y5PNh0Sn1TtyCAy1MyUxPmmPay2hzgGBYVi3gauAkRFmFi5bOyxQno/H9DfD5+u1eZ7kg6oShfSciixVC0NhqmPweKih4m8yg+uFs7gfVf+bHXA6G3ye06OXv0L8z3Pe+qp/MUx7uGDoddxl+Ey3ZSO874agngawFV1ksSNkSQGbLknt/DIFX60p435SzBTsoJf/+UpfU6eumy4D5/raf7UF3tgHTJnhD5Rq6DjN1Rhc5rGDBQTBBsh29dHw2ed8BoklmPhoLCvouXrMOIS1UySdPaVIaYCSYqt1IOvtejOvQiDdS3UDAG7t9nnWPFXXkmer51LuWtiLOpJEPFU8pUso+3bK/ta+BVlD+dhdj3SzwVRsFXSqwBdtF3puGo6M4H9AQOJiTCX2g8CIyOeRv940DfNuG43C3x9pnylPnbUtnYhHF6aBonwk7L10GeqXBh8WNmQ+bTLKXomSoAfwPRLbnnwmQRHu7WM/EOUTpHG0LrdXWIzJFozwq97T/bemSY81tdD3WxIeaDL+cdN6zY+uvgR5QleWY3wWwG3y9/UFkCJwqg/KKfKATA6fdW0O9c3y4nWF+yzZ/U7Z8xM+COhnc3VlLZj0GOrarQVwZkwDRPjeuNB9XfgwFnayuO7hI3dqiq3Ck21kvUbv/HUxUBE3eIHgxflo+hanRkxuGF9R/6+462hyHjeiv8ZHu5jDURSzmDN5Y845SOSvN6H5dr22t8rliz01NTWCCJBE6H6vge5u9Ph7ctM86BCcjY1I8Q2VMPqRgjhKj2pjwA4RXouP4vHcNMDithjvsbLxorAXW3+Z5cO/9djabIpBGCXFmiIcgviWzMfaX68bc/jsaXizXmB9T+LYOGCPW7sJse36tCDkHZhLiF45W7gcOCG0/gwiUzKBmFGra5/kKX5nqPiduil601VU+8g3DKYhquOdC2xQhi5Z3HNRW25oH1WmSnrJd9uxt7xsSG0LWGwvV5OBow7zAid9a1/BoxADyrGR1AxYIDLnOkyBU/hDJDxNLLpbOsQPUu9J11Ag4iV+8DWBU5jJ7fKRuQK+gw7dg155ITurYi12P4+VfD1skKFCQe5rvpaBjUx/U3y6Xgf/41/vlhSXH9+3VEEdkuCvyyumrmFx6CbTYH1HSq+SyMdFXbaxv2okv0c0tvIZGERQ3mu+nmOM+dDHOZvzaYk8bB3rG3/MsN9DlAI8Kc5q9xUlwTpjtdjSOhekj4elwev6m7rzWg2JYed33j7JQRS5bzj+LkzMPIut61YtqoQnuGjhgrwBKw0Td4juaxJshQGQ1cTelOS2Az/DBlYsqgVYI7G3vXuhgyi04djlt75pBfZroSTypbmqZ5G+0JypI1M05ujWTM2PmvSTS+VnQ9uAmQd+Q2dzz76ActhTcnynY62LUh8zrxervs1ySJoBWxe3hpAzkUWN7EYPlQjgfkHc64PDreP4hrtfZgkjza22HPFiXHuP0Fs2REA2VDSpa9WmJfSNgbzB12sBsdTcfo9OsJLsWXhe21zpzbW7DVZ7mhQ/yB5cWe1XbxWnKTYSk8Oq5rBjsWtY+C4C+Rb45xvqYUz76CUddQQClkKMdeDReMMuCgoWmA1Gu3KhaX9mNgDEv6ZTEE1AkRepQs0tJ7/5OyNMYUQy7kaZpDlN1e4Zu5DevdJqKfZtAzle6GKmNnkLYkRzw0I3JT398QmsZlmLIvyifovGZ71+dlTKJgnPnxp+p4w6dvL3FGiXVPRgzt9GYy7osUVVnEIxEJlegK90DETKmBFDJbRPAql8Fm77nr/0BFuvnK/NFDYVt0sbJa3hOEKTGrmXb/NNtfDZbz7uR2eqP8XXEt+AdaqzCljvyKX4BqFlFHz8hPAaFzh9tyrrn5ykJLDhsGR+Wd631xfB/1SqwdqT56O1heSqfeTez31B/3WLbJBY1w/XCrS0VUha6PiYTeO+zLDeQ0U1LeJOXLGrq8Am29Gi70aP2EVfHx9i0hcLtdkY8kaFAfbp8mYBlDd3koS0PYQbeLlvjD6uMlt+Ps4An1MKyfCt726N0ma2yKXg+q/lZngmUxd77bpGNsjK2gwLrVBor201HgNB4zNw1M8IRuLbXr2ghSDwwoi6r/kFGQVYnSJse0okSk2scz+ye3CmXsmEu6zpEp5gXd/iXtodN+38ZN+mEWR7TiF/ot6PPJwVDwimasbcod67h3MEvEe++wOz+eePZxpC9H3VzQxWiO4lWx45F+wap9S6Q9rH7trtCj448Fx/frWDYu3uEzaeLQZNdgTf4/WwSadJ0Lt2QOO9zDgg8lI/Y4hfQcSjo6kLHuSjbrgB9WypJkeozVTc/95/oy6DyPvqo4gieq6OgZ83ooPLQmgSROZM/5vI7Y1BuQYPOVRC02NWuhcp9T0xhGoxKvqCTOrHAfZWEMF/MKTtaxkhkLbiFEObad/UxH6uYY6yt++ZoFjNs1JwtqB/v9XNGrf8nXfPGwF0WdHTDh7w+rBnQ32R00c+BWhJerMCjJcXVpZvTO3lbpbXsJdrvYTnAZUouprtZBejOZRPHz7nJUS4SZijbwozkyO8OrOTsZzJavbm+nOTYJEb/CpMWIzeM76kYNceuzTs9oNrZTGuUXKXsLg3e/dRxOe0PQ6kGgupJdPgMvlOdTJbnkykzm5+5rXRBr/3kvcW3hy+yR2EtnvCN02sg29wxXC/sdNpLwziuj+QE3PTGagWTFcHMq7mRPlud4A4j5U0bVkdkQHytWmAN7heDy25NElT6s7yLmJreURG9Buvo/wERsjnkuktP3fMYwZP3sHBrrBrZbCRzbunH7wdlsw7pj0cdjY+so61VArfgnLPqveKW8aetzO2c5PKBbkNE6astclb0XjKpJw2T/Z9BDgXW7qhh4vxId8aa08OX8aQo30Fh80cJUMWtd1SG74/WHh3YfENGMYtxno73XKT1Oqoot92f5KjWmm4mWXXGAEDXoP2WMsb8yBWszCTHuxmtjkExEK52wAMUCyO5jSqFHxJLh/Z9qGgwGSWLGBP1PgHPK8CUp3SjE+w61ZEhauwBKSdDf7skWT2IPceEwzOLWGcT1uyC2wIDOwlyI1PXm6eBPEux6nFg00VO3ufCR2rL5ezCvgfsRNNLExdjPYmccE2EtfbSvn0cJTxL2VP3PMoCCD7Aq4HdF8/hN3RUfzkBrANvozdNEuyBo9pBzKMDDdTQLz9kHUNJ7kPIy2vRVk255OWTGbemqjdC2TchvDuT+LKk/rzbCf5+LD6oiRQ0Aum/ryxdrfbxjfViMLg+yLUtGyMT8daCkhgUdiAsV1tbV+PP5rKtkNT705jbp9gr2cAVrVXYRN2Qo4Y3T14oCuV9zswXSAUQ7tw0m29YPMWlo8HhfKjuA5y8t4TVN+ucaDQBzNUWfgJqbZo8GQAMKHF0rBmrWxkNrTf71E9Y3PH6VAz6lvAFY3kcu+hKfMu9r/spSVVjLQgyoc/TEkFGBdYbtAbyxjb3LQk7LvIPgWM77Iwn5WqO8ckY5WnFJIgPq+nurdIvPSEzfWL4JX0L74p9kTbrdvE0AZhGybfV98cVU/J0MjBTmd5gp+5rlywSHLCQYEYFRlxph0sf3LPOoJ+0AdJRF30FWvU4BN+O71ilaRBFMedUQ3derE48E/jZVGMmV1/KkNlAYAQX7ZRUVqtFxd1tB2LTltBAuirzTLwT2yjid6CURVI+GM734RAQgSjhPDScpQO3SLL8QfyNpAYhj462Dmtm89uoaTy4KL2x79apwO9yObYbsc1jVUCdm9tSuWxGW9OEbjIKKJZJTkCEDJprBzzg4urAhd8JUc9uJMts0UnZzO2GUJu0e+aXVNo+BTpAgfBl7BuqZDWE/CrztHn/JiOxjQmZaB7JUZaORbQKa0C7cFfBaOA46NMI5fgSEQXYUGuAGM0n3T2TWgDwtXaWjYyDupIUY2IzacKlOJLQa2BLvsm0WokXlRJM+Y3xSbHshOmc1fENaZ1f7UJM12pHqzc+lbsAnZd9LvmtrMbKLh8qk/HfxzRQpjd6IqfDHpblZso+jqfe6vFXYxPBb64/aHJb2yYCqw7OiUwTCbMOugdFfiHCgkTHs2TfNvp5xDCjqRL0w8vqJcSrC8iBBgrF5x0VmvdXEU2RJXG5gfYDvsGal3mb3RuostJ5FQij2Y6I6nLJ6SctbJI55UcIhw1tnziId12QrDOPISlCcKtVMHa5Nx/UI6SqTo3P6FuF4DbKdcLWC9v2QiBXh5Tnkr64GazzR5ZMwmYU/MxROwNa7gBul9hSDZ58w9ZaFg4Eltgs6oG1Z92DJP2WpIP3qFlOgxwUSjOVOL6G8LomgR9Oiuk3Y94fsiCE3lIkyaO51GLiV4lY/C0k0KVu6ZWkGfeAKAUyqXRZxTaHfDpYtOWMHTeJ5fTkSElhS58mol7A2G3DSLP8JA9fyO4gVl+z48E247KS/boEirC6Y7E/PBQSufG/mAWT8S1vgdRIsa4kmTglOsqe00KjAeZRuGH2mtEA930wny5dJ8K4kf8S4aIpgfepoR5ECH/xxrwPOKRCadcZIi51yIHT0HchOM1MlKXbnWQlUabOvGB+yzqF61KKZoIT87M94ydx1VVzrPhQ+1V+97FP+y33V1959Z4k0hhqPfg7UiHG59I7x5wZYxpdKLfCCcTZVD2osvXPQe5J5lOjDX5s8zNdFzKcZ0vJ7Y6hKWm5vkNIeQ9PzejnZ+ky+/B+ars1VkM3POTgAyIOjdqhxy9ijUDfZoxvspok1dc53yhl7zBWzhCgntQAih/HvCZDgmkkITcw7S0orwK2K1wTIvnXA5f51rTGA16LpqOjl7wch81sA0Hjf0T8WXhq04u+MtkzM46qEbhy+8ZgcqM/MyigvECmoaTvSx/YZWladZHixNk87v1RKnXyNmyw0CLwz7alZrjLcNVj70KY5a8juII+lXKYdLusnnphVUVide8r9fSFNc8OhqTT5yLvzG0s8eRDdW7TYOq7zZf9hw4FkyH26rfcxrwFGV5k+/Xw3o18bRnt5RDeXgqdo69powRyFPJzlZHOHWlGjjNzJdsLQGe+ZQuaYvtkHnkMfgDK21ohzJ3G2/kVzLxoW+lPYBU1gzVMUwQ5/mivhb21mbxoJxaZ18FLXrqJoWpCevcmH7D7nVUTYK97PbGUoBZ9mivUs2mD1wacs4HptqjRvfADrQg6L1HbD3BKc7n8/x4fOE81dTOQDWKYzLILBR8JZLVcQISUu5rmxgQB7boQTSgW5ZPXa/LXzb+jbfpmUL7rNB7Ij+oJUa345EOtWu8vJeF61qwu5Q2C544UA7xel6WOPsy2jf3VyLMzK8HAvyOcx7nH6+Oo9CRwI9QAUv7lnsMOGH8nldJYj3KR63KWKj3xpK+d7o7xLydeIje2FH1c1b1vZdq5muywPrTtCBEB80LlE0cvMfL0kOpOwh9JDaK4/teCwxadLmmsTpOFkH8Wf5hAfJv8gnITPtRsgBeQhwd1MQGcApHOVQK3ZlCwtVGve9m1n4cuv+qSZP9xt6xND0druZ7hDmh5y/1QCQ4eLqP3hMyDcFuSjHI2ZWn3f56KOsMNE8bZZvS7ysVfHhUBMgbH3TsXnSxf7QUFFkIJ1H85HcHDrtM++xvOWuPz/TqLJuHQiXrp/xDvQjqVWrOFWUFd6j44O+4WPhtfr7W53tyRA5CvRpEC2G84t0u97R1HsuKtT0Y9ZU+Ye3cOxbwmmteHxKrP9umsoC0vcXWANA/doPwmPe2lMB33E/ho/fzC1v1VugZJSG2/m1ETX5XMgtJ1CYAp6MvYL0JvR7VtUfkGVe99rnmtOmN7w6XFtwwcOUrj7n9efAbRBtG5Z98dxg3K97NKAfXziINnDwxAwfR46PL0ceh6Qva4jWA6oXie4os6O1HIDZjYGjepqkhrBLyopo2TSB5+d4JydgF3LACdwHgjKmlIwvFnms6OoPxtpZUAsocg7i55NF/DXA1In/9OurHbr28aNk0YJD0wflSRbIR36lu0CXzQW7xGTAagKF0L4aJ5g3r9ux7ynnEgJxgbrnPBkVDbFL+in3U48uVneGmtExHkqMlIAmOHZ39VMmC97dRRttEgdVYecqPpHScYohRPNGSYUWmPbeEyrMSrVeEe3FTIx3xpwBj7eP5DJE3G5W3Fvl/Oz/8b36euOaTYN/mbcQW8fS6Rn3+fMPIlotzSyuXZfkXlP3+MsU4bHZ9s1CUvckses/Le5lCR75s+QdcgSDwT9EUL/mw/aEI5f6CPvuPkI99vi039IV+VSBh6KfK+fMZoaG/4dRP0bvOtupXI9Cvy6q8LqvtXwrj9aeg/L15YJb4uSnYdv8886777Rm+/yNQnf3UwZS/Fm5hJg/0s8K7WB+pWv+V+PVmcbfnP5f9FKw3Xv1VkA/ZY1nG9/1pGIe7kKm2/r4JC/9JR4HPz7Ebl29dFPr+/N6BeVbm/233/aFv8D/pmt/KlpudbfXxz83/WXf9uoMx1veN/zA6+D+NDob9S4+v476k+a9a/+j0f2uIgv5DQ1u8lPn2bw19R+/31/6zAf3y8XH74+VLPFXqmOXgir8D ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/images/Tech_scheme.drawio ================================================ 7H3Z1qJKtu7T1OWuQatyGbSi0gmIeEcvjaCA0jz9iQD8M3Nl7qrau3LVqVNHx8rlD0QEEbP95oyJ/IXkbr1Ue/erUoVR8RcCC/u/kPxfCIKhVvD/6MQwn1hR2HwiqdNwPoV/O2GmY7ScfDd7pmHU/NCwraqiTe8/ngyqsoyC9odzXl1X3Y/N4qr48a53L4l+OmEGXvHzWScN2+tyFl8x3y5sozS5LrfeEOv5ws17N15W0ly9sOq+O0UKfyG5uqra+a9bz0UFot2bLnM/8b+5+jWxOirbf6SDbmRSr/ENt/+v+nZyri9nlP8Lp+dhXl7xXFa8zLYd3iSoq2cZRmgU/C8k213TNjLvXoCudpDn8Ny1vRXL5a9VYvAgKbymWf5u8qgNrstBXJXtwmt8BY+9Ongfosue31TFs43At9OoU1oUXFVUNTwuqzJCg7Z1lUfvk38hSBInaXIDr/xMnYVgr6huo/67Uwu1pKi6RW09wCbL1fXCuEVyiYVU3TcxYMilyfU7CVgzS0NvEb3ka+Rv3IF/LAz6HzCL+M/iFcsIGKC/rrzVi/w93FsRP7LvbXe+Yx/BrH5mH/5u+NvZt/rPYh8NbV0c/yZm0fRf3/q18Gvzs7pBhv11Tf9C436DwhmN3phhXuqXLitOwMKG7vRfb1v+n8KyOA59KvxJ44jfw0Sc/oPBJH5WuQ3xC5WjN79B5XZ6dbzK+XFF6nrouHLJrrT/wsn/LAb+Tp2j8NUP7FqtNz+xC6eoX1hInPiTLOTmJ+ZEIURjy2FVt9cqqUqvEL6dZb+xD5H2W5tDVd0XymZR2w4Lpb1nW/3I0qhP2/N3f7toqL/SyxHfLyNPB8P7oITLPX9/8F0vdPit23T07veP+sC/qZFN9ayD6G+YLWrBpq1XJ1H79wEFIvLflJg6Krw2ff0IiX+7tX1P+z9FWf9cfEP+QX1/hW/oX8DT34Jvfs2/n9n1L1Tfbyrrfnfl1+rbQM1oAYoOv2cfPCemaMmL4obvFgESnTSYTy5N8F9xfDV9frM2vxv+Pi1duupVCufyLdyhfxQomvmDoMzmZOn1B1n5msY/AbbeKvAfov5fvvpPAVurP6g/wfxC/ze/0P8vVPb7wRb97+O+13+O//5eWOg/GpJvZuJ7W4L/aEsWaflmSH4JC9bYmtlg/xwI+BkD/Jpr/2Yg4GME/gcR1x9SVF+B1PcQnvkVCHhj/d/Ov58DLs3PUGKWwMy2qlG29Y/8hCy6oz/T25SLZdH60wCaAM+PCr1q0jatSnjdr9q2un3XABRpgi60yFSwU3fQ3Ocs8MS290Gc9khe2OUOfOi13l9IMB8SYvNK/kKwPZQZgtO3KnEZWMp3+mcwYqm3PWIBX70OZEiGA00qA/0KbsFLyUCncMwY3oJU3ob3y/ZY6aY8KqmceNLpfiGu2Ps4vBVFiO1eEY+lCgc6mVeG6V/K3jynb3Rz9/QJupAz6iaT16s29p17PlayZDByjsH2AmGMIFEHqlczBVM5QB4ygVBGA5N5kCiWmyii2xmjjB2yZFQzeMwBeO/v26F7CsQpQ2Ohv79rmxlPjVcINZ369NN34Y5KrvyhP/i+bfcez4FrvNyKxofrk0d70PiddEzll566WSQJa33LXkMpmdtw+BA6fQHXXIS3E1z3MYd0yHyp6A7nHe5LNiPfTsTFoV8XyUgXGgxwXhRcH5xD8ITrHxSTIuDfcD5ComJJr9hKr3AUNp2zJlrBvwU4x6ujWKysZDtHE++qkinw+o6fv4V5rBSNJfSQJohGvQn7GWOOrvWKCWh07pAZiWbC48LtVSEZFNyFf99VdE614TGmDMpA4bAtjmiLvlEfBf2zLg68Pz/9nclPSDvUFt5THt//TL7gtWn+6Dh5t6PQnGaewXOWjeZETeNa9jQf9QTXZKFx4RqtK69YyVM14fhw7ui6Zk5zQmugjXH6XvonaPxe45Z/QgLXBWk40w3eVxi/tUW0Kvj5O5/6ze1kJAPT9/cyEBLXeyjZ6WF8y3P3CshLqSdI4dF/PznS32AMiXf8+IVff85nkMTPtvB97rebwn8gnP0fm74CXWC9IE8mL/hDbg99/lvr+Gtb+IO5/G+s472E1pFLT6x27LC9lFQAflTTvgp2Av9C/4AMOKDAb56/p5aMzgBS5cyTIXMg8ykbDjO1486s7Jxhy231AoBdHTohhtfi1w5dlc5H0dkeLZ+4YCEhDheDhVY3eHoOXQeEeg0k++mTu/IGrTW1kdCIHWtY4lFEjHr/Bz6fz+fz+f/yww0aSRnwD53B7Jy2ABAg3jJENglkzqgOPMA0vgdH4arY4tE9S2zuSX0Xbq+bRDblbMfZt92Q3Pdp0xxM6qXwwgDRD65mAaVZ1VqHhpJgdYxljVwVjvZlawrF3sR61coZwz7trJN4ck749eIUbXA+0bErialLHIvLLaw85177Eg5tGNsHpYqF5wsZbYtVRPZMXMKBQeLu+avsSFcq3aXVU8nclZ7vJDOnzVNxj9zb5eGXOyIqV9y1emj53fPKx/72eKyGtn7AEbrG34/twSHadUo/6+fm5a+gTeyULddtLLFvYnkI6sOokNrI8Ees1W089M+EWnoEBLNkiyw1FR0yWjvfYDzPZvfV89Wso/Vro28H6FFFC2deMQzT2Lhew0MdIn521WUXFdJdgn/vdkdBtCO1bsnzLeELO4beXeRHUgufz0NKMfVOqoLkecJO3mGPezRr369mf4zC0yFdO/ZdDA5pbu4vezhYXnBm/qBB1dwcOnxQLbk9Rzq8ULU0PV7GZrhE0YUeXzFJk/htfD3ocVRH+t6NVyXdDyXil3NYF9f9haK1cXdTtREUwtOs4KTcB7eF17fdqSYerxM8YzvbMvdesJcoqjJ1Xr2Y9hryGTx2GNYqIkp/UXWEVxhJ0edq8jjs7oCptqScGhHYp27jBMF2qBKX81aE3QNN9RGdcBFrbqWSlgI7nnWjh/0ggly7Yi0ourOxt405JuLLfPGG0Mec4ybRCheOaCK1zBErccDZ88C+ipNn7LfjSnwUbDgIEG74ndJu9Fh3xkKm4uKiAH1jU0JiVeVOsbVmLcvEi5bUPTPC0Wj7gceJcQlES7Nww+ucFVkn7JOWctp+zi50p/nOk+XbUTz3ZmDwJe5X55UCr5zWBAVsoQTmnl5lBgt2hmA9w8cJJNyJPYyHk0ldgGiYUBc1oJga9PIdC+McFiIEo+N6GXrtEuxlwRCAC4rEIt2G6wAwO3DwK7wABpvwLi80sF0DhKRIbJCwGBwKNpLgUCLGAgnohtLt4T18IO1OEHe47JHLQMIDteJdBAGYZCvc4bcAgJF2MjDAEfAAYhdOAI0ZAKAYoN/BMVkgCFLDwYa2IXcQh7BXcBAKOKYAAtNG8wcc56D5Cx3sAsfcAknewvlToAcjAkByANwcNuUTUeAUBIX6RE2gPvAaHEOYxjDBNIYEx0AA6QzHiBM0Bg1wuFKwC0BVYAAc4BiajcbAEy1x4BhPYJs4nLgB5+GxBgfXwR4PcIw74OQzHEMGIRwDrk3I4RhwHkrCCXsbrcmDY6CJDUAwCzQGx4FpDAuOsZ/G2Ms6GoNFY+SwLxwjx9AYkiBNY6zgGOY0hm0iWnfwHAZnAw4dK+TwewNpyyA6SPAvGfbVgWwcDLhM7gXvu0N9eIHFOHi/NexzRX1YFqioD7dhj7KA+tiGDkQgcyQkKESHsMkVMt7gE9XlAJKRsRMEB35HAME8R+GbCLAGcLk+QWcyYMP+nMt1CZdAocmAr3NgD7hEAUhWYsAmhxubS4C1ASvCSeiJ1MFuLCEAjoc0wdXiGEYbCtFBaEDcWGvXYA2pAsTW4G32ARg2gf/fXFW24wrgZGssYYFn8B4c0ZAw9qYDUPE2X1ecB+fEyk//JPeuD22XU+OGC4XaTmhwi6i4tgijJkovQej4mWJ8WCODO5qMgh2c19gV1JntRHAvKvBIGK84M2ybvA6wTTGO8m3jnHc8Y620x7EfwKmQr4B1ykbT0yPxWjsvySSYxN+YxUlOyES62eAuI7M94AhyszCYYl8JsvclR4PxYe9yEB9NNuDbnrRqeH416AyceNsdt37VVck+sIHF5cZhtno0rW+gyxEDaPRF85DzaPCDDANuMwGVqmodONb06YlzT/sCgyWWl8sgYaNTIoJVUWfsM7s7a8f3oOlUexsIIp1iCZ/F3otICJ9RJC2FIZS49ZKDhz/lodwnbHLmuSj1g2G/cZt48zBG6bzxnx0f8SBhNluR24x7zAiALld1syE93UfOAq34HF0Kz1gLLqAErFFjjLtpu+wVP/3idtzKCUsJVuS2r/qllxSbq+yArQ8Ym4CXVBKhc3mVrW7iVHHSb8paNxMZ8TfcXmolJ/FXRNN3B95FSVtN7zhju3oqBPlaD4IVP/r1oxlKvRH4tdCxILxbKiI/bL7muwi3UueYmod7hlGjvYXKrKTatqxbfR8E6dmwt15A7nngAMnauvXq1IwPS1YMXENhaeobNiBiBvkijjXirNodC0uhklMAdWCohjLub6ps72X/vM6e0AQhh83nlNPtMVYTxrq0dODywUohC5VHIiJ6m/GYCTugWRLHrUqtk4VKhoQUh/Fog5G7DKsCMpkTnsoLbOGK/GYst/XDlJUz6esigcZzFBYqOGUn/DnosPyfwnUpa4Ine+ihHj8SXmZE5Kh0PJb1ur+6SDdBz64YGclLcU8VC2pab7BIsy73/TqMJdjTTuRQUzZlkRlQkPgKMFvPXxkNGKC8vooALmSDQ9t2AoiwD//56PYJBa0i2z02W+lQKdCLYMDrOrCVN1tkRQq4tpVur6DdYRMdaUUwbKDIVOBaph1mBeDIStAkIU+nQUPE3SSwc3kDPKCbuXISEiGwh+33wdZnoLDBJrbaGN0Bg/qQgHSdXiMkZnffCle4HfQ9VgwaXr6AwdGdQ3INg9NOpSjgMGa6cqN9sS6BwD7XkgK9Pdveaee5fTEI24yUdDhvYmZ4eDa0iZ0crJ+DRUZH54GPUcJ7zzzrSbx/tNCvX4pxd7GsvXWW+TC+oyzpvRE07LapIBXKY7a/RNbjEhX9ltzea7O87Rqpjs+IA3dJBnipXNqzdnZ3ccYAEsSb/TN/vPZFxOQyZCFH4z4ztMGuKK9Y15gOjlT04jx27Hn9ukBYkujlhj+sufqqMR6zivedOhTjOoXtrrj+IuWChCYXiOWx1DfcjcMy0t7hSN0zu87F3h9oswUBa4hyfnlxLUEJwn5YFymdXqAVH4xnTK+DMk8gytCeG/x8oaCj2qWJQquzcpoJg4Res3fczTKg+40lirw2GdHZWqecVjZGxikIQLueYdPzpZJZagt8wtMnhMaTAavYZN9WjKc/A7rpu2gC2JtSQgK8gaiJ32JnrkdWWPfHvczCj1chbrmhQ2ZAYdm7SK6HZJXdrCY0j3y2KQaeuq6iIH/RUKa67SXEorK8jC/NC8yu6Nyu393OGum/VmO0xpGwS4FTeqx3PFtaAsQD4VxPjAfBTSNnTlFh7kOMJKyUzpew0EMIGLDVdTPUstr27v4APX/jnO/cimLBQalX5qZ1SDYuIp7QsZIm68NGwxXQ8enKqf0YC6t8ELfDZdN4yCVT9LXAz49SuosJgrN5eCrOFMQgirsKRYom1kViMI/bxcM5AXkmA66a3DREuiYv18PmsSXt6uq2EBFVQ3FlgG8qkG4npnjZFPSNijyGp3sAMkNHZr53mkMi79NEAu65s2krYK87K7jwNy2Bg1Bk5m5S99EQD5T0XzPV9WarJAQiFHX14frhSW1TbZ8oyLAKPNcvEEklQmnr0uuSQOqz1xhYysv0CEwGu0z07aC5kWzn6oinpXO+IJhtZ0Bi+/2YnR/XrX5KygdP8cVe47yhS4AjeNmrVchyFOs+t1nW4oNa5ctw011woU69WnTLfue02qVd9x3hNb0PGBgiiqrb35QLcSFWJ8KMiljt7gpX4bV/Zq1m33YCEDd1geTHv2AwFHHy4WB12tp/qM+HDJA7FMu4soyyXbfykS1c+3qN4kqNntcAgpd4fzpjcrcvC2gIahk77I9r73xiKB35+pdK7dtrGdWOePK220pZ78hQl3NIq+cLf9ExWYKq5RGOaaHzPXcA267qYbtLlQvQjgFLjLk0hpWNaY/VCdHpBJGlzIUeyjT6rfOkVqa9OYcnmsfuDUj2vds9T6MDg2D+6DfYaLWEKF8orN74GttCFJocohoNhDM4ufcuim69+stonbWNVQR8DEgjhT7vpeaIKDVbI+TS7JCGSWsyWNUKiu02N0DxAgzhCubA2ygmJC6HQj3Qm4osOg70UtJEo0mda9/2o2AVPM81BK+DPNJxUJ5KRSkZilvRu3UqPaCPsCvN95EEnZBMmESza7Qn216kJsCPEKXn7L0mXBQDBvQpsCPKv3tSzfArk8GoGgJj1X+eGe8U79RI2ZMNforS14XWXS5Re1fWw7jenwMR55P2LPxzKZN/6MPNfuoexcwVyMkA9pLlb6sTVO8CSAadMxAEJOwexIkO/8agPzwY2k4/SfftkHDASVj5dekONhIMGfpYGBabT3c2mw2PcJMNkX4BduyUY2D23pMsYLzE8Td0b5F+dWe9NK7s2drmhL6DbWR2DSOfZyxpu1csnc+7rqaQIAgGn/ePK3iNj+b2Qii3LRTVYDfPOyGwoGFfIl+xUBoldliVmVGyENXqe4a0Fmwkk0y7l9hVjOwDYpHMwAgO8to5D8ODdG1+9Vpb2h6jfIhzckepSGgwiCTKZmD8Gn2jPjKywXcIk90NbG3tjqaORNwodTpK7FFXa0O3wYkbDYHmmW5lRLyp41xddKWH3MnZQ9pevhQCzopRMjMbdPrqgmO0C1v6Hgvrdb4pYKyBrfarS689PL2NNiM/jFTdS0DgEdWQrN+aAdGZ2FjntAg2F9FzMcIGnaxRuDeq7QnZOYT5Rmq3uhTRxYWMjPvaudWIeBAh+89L8TwmkK7dblffbtZpfb5tUYDwIg57l9tyAGJnpIIqsSZonzlpgxXUfQ/DTHEtXg6ahMgY+q23IfYbbw8j8e7A7lHIFg1MQWFr7I7fIbc3KSPfGGrHxPuWeDa56KKgUaSlxt7AsVd3n7GfbpngzxedQh8QHdvOTda+foiO8Qsa+UISIwEGnmUenlGqakth1hrCchTtiCt1JWdGZ4BYSXESpVbYsEqJfVDqaYNIvooZsY2xJgkqwB0K7JDFG7Lhz+k9PtAsvW1jjlyFtmQIGYOF1vqFlvWkSl01SbpzY3+9w8dXyGg1BJeGfXt1aYbRt8flfsF9go+LmBmRPRhVGUJDdMtG98XLdStvEyDLrimYbbRubEq4VPpGCk8vr0BOyr7nfKLJ7L9A0f81H6VC4inJu+4eU/IDBtuscPhnBhw7LjB0CFwMB+wdyRUotDlkgGkrCn1NRhJ9oRzE918TUacv1OP7LwN+USfjYTyvz94A3XDxxginuQZGdfwFOmpmq7T4JkQJRmt7TJ2gWLFGG5tIKjKUQQwjYY3Csjv23N/3CgSaW4xF5uwOXih0A/tgGLMyfu3RySDCiUPDp9619jQ/LTF153t59Vjj0uVcKbgMgdEVELW2zXa+4h9p5I/tTG/PZV1J1ICknH5tHWQ/b+cDNjhB7VzWvbjFJbODyxHZrCtK63KByJypUbOB7Ff5zbrIK/3wrIxEd1mwTbaytqVj5Xlq+ubZ0GL71MNjShiazrIDm3NrGKRsQMFmtUsU2CY0662KYK2vqVfVJcLuklgGDJvB1kA4ZAjbWNWREl4uob9WL3H2OpEGZ2iNAnYUkCSzxtb7vUOcL+td1mbHRMO3NudK0NfoiH3MOo495eRSZBlumyPuHtiOwy6dCPSKXW8IEofChNLfYrgOKINwx2LddAqIcUMAag6cNmtaSkBTiM87fGOkLdXAG2MrCP0lAeUzjucybg8QUZFnPZVG+cRDStgqcIFmcCtkqs5qWBzIMsPpYyjp/IsqnPN2dmC1Jfd+PP+N+M1s9a1+Rnjj1tFMiRhFpMiZlL5rsx7XQPD7AM2rl5xTPq7rdUev18PLaTArfEburr4cg5iuYdiATMSuJ4dW8luNFrHEYh98CDowAHu8KSgsU0jigZ8l6DVkU3g9d9vsSO0aLMQJZROq9iboUDS7gzKuG+yWIMINcp4X+unS6zNFdOqmparHWXU3di6uZUHnEtgQRquQ9OHtMqD1IaeYP4YXjJ5vgcrWtR+g7QrqPjx3yZiEPEQ04JIcStLowp0W5PfUH46ahHIJeEuAWPOofdodjDvEAlDR7wggpjyRvfYri1E2ARP40H/DkMWljiLkeolDZGEmh1flDu5qSJNr3peJ55xWERfeOul6MFkTtNcO7ICUlN2hPURyJZOu7MqjuDlqLsU0MmDACip9ADStMhh6KFqRDIXLumbTk3unLnHqaq4QpFAKWGWnrGieRtDPOl45tLw1fbzpyl5bFx10szqlAlEGsYCFdlsc9UyvYijRZS9BoVgXIcRhO6zhE8gcZ3XtHTuG3ih6rm4vT9NCj36s+icP7QpCQCeUdTYECJ37uNzt2itoGCS+FR2vLkokdJERdpAAMLor+Ud+u6tN2x4uujTW93102dhhD9S7CRcPAcgdN/lm+7yYt2AszqR6ueBROgbJ4wAY9glRFQmEy/E6jk95F/urU38jsr5tL0SkJFGnQhU5Qz0yj8RwSIdo6FM/Ge8Ks4e3I+RtJ65uhQExgdSAdXTNUDatLI3Xpi7X2nrz2DRlLKZax97iQG6UtBGBRLGFsrpBftrCBstvNpUgIOTtUCbjujO3IgHEwXNHBD2g8eWAcl0zgnBAVTfPS4XUlD60Qh+bO5y+sh1LF+fycQINIMEu6UnpLF7Ph6tU9mV90bfCIyaUBkLMnWP1AjCgnRwcbjgjlYPQ3toyaqH6O4aSSDKN1i7It5TD99CesldwGv2XbkW7i7CLb1F8OZBJobVRvDYkGGa4RkzlW5Sbp+7xmBLMnghQCIvcV/tUQbYixtHaJjzR5uea68ATXLjhdhqJ67p2Y/NhHHcb6rhiKbSZla2PdAMG9rDysfAAZPYAuGN4IeAtX6+WDMF4No2hglYovJxxoFo7ZE02FJ/wAWjZeHvwxuNqr+pSbe3WWGUfenIlKjUBjoC8gUhmIDMPARiELGxiD1kPbzjk9ire3I9gc1pdrRWeiRjrFU0uiGhnRuaxPQOKYMsleGwiV0aMwXh8CWizx7yfmEbs9jj3vFJQSpSOVF/XQdRRAQYm9yothKxbb0n1EHvXFnTwvIiVYyRBncPB9sALrrat82B7ozCVfwD9VUhJJJKVvX5d2IbT5BOGbAT0tlYiGUrlr6OerD2ytwal23pDb7x2z/ZC2RfA8Yr9tPje4JEh45434yKcrvensM0jvYZW4CC6PZXxxwDYu/CCcrGGCaDTNbhaU/pdF1cZCz2Ou8JauiKurW6eBej46ZQp9TsEbANUSlO/P2DwWzNutGUZdXs3GnuNrVe4SqUQtXS3fqtD8aIBSOnNGGXS+XpiwPp1PDJYg/H9s9VKMm24hB93hUZ7UEOFRLFIch+8KJmPbrf+Fne3Y+uclXXcq0bCmWErx7Xb8Gj3hhPy6IH8UcgMt/B8ZJ7KFiMufc3XzibJgNTpA4qWSCKX0IaQvLdcTFRXIDscAiEgqoqhnAdLjYAUdo4MBj5WGFzZQzrwELV6xFZdpaREAUO8JUHoJuZYqWbhmbYA+MvV705oJ0gB8tEu6Vjgypum73Pk1/TcThLsjAkvqYOoaihON/PE5uAOw8G7kt/qYqTxkd/2KnKKV3pz2KGdCqm8s9oRSLaO4XN0lArQrl3gYuO8Sc7Z/bk1JcqImjtD3Xa0AmM1F7C3dOMqBkDbVJygEuoJhjBs1Fcd59fekVzZ4Ut6lLsRKLf1yt2MEG4kUsfRqYqxAXscO/XpIZtzFkdFB0oE40SFuD+TPQgBlxO7WFkfvTHcp35pO1GUiy9rhSSmucDIdevtNv6ag3cPgVCkl+chNs9MAMdjbxj0GCjEqzoLCISb2iPk25TF3e0il69fMATDV2dv/XD9qvL8OIXUXCu11PQBm2w7QG/txy2OLhbaxqF3wD4T9oDxBUE9AqhjitWEFsWjTTZbPqy4ItNi/mGMN8cY7eMW2wcMDT3Mc2NiLk9BmQ3BgwtfBJ3oNbG7eWq9YeM01B+EY3ScyBDFDRpE6EiGJL7FF8w83CpbDB3sRlz2bni9dpyrbW5QXw9At5SxPyj3zVOhn9GF9ZVm0HhRsVxw5WXQbRXAqPt+//R5JX41Nde0MWx98xkG7A0a6NmGDzgnO+O+IQb+3pLHwfekEgpf0/FgRFkiUup4G5fxjFRipb5vtmmR325bXyFzI3U68CghbkPyf4UgoXxoe0kfTRQymfTmXB7P3Em/5um1AaPkQbfFk3Qo7FY95vrCebMPlW0H5TAgHjvS2FV1vztDn60BmX8K3CqkufWWC8VDJPgdOx4TEwW4yAmdT4n8UjG0xcGutA7CGYM3OMLNrqGjCSu5XDNnS4t2vuVwWa5nl1EVYoGGXqH17tyeY3uXbgqbuhx21DELa7rImTVRHwq1zxXuoJ7XxvnuQwld04wBcp67PAmLvbnbg+SZ6jZpTXz3SkcsoZ75DngqjvzLLjKkjjoM/AacX9WwMXCg+3gxVCCCiFOVyDvAvDNTlRZhGuvVkaGyi4vf74fLPTIw7Voyp9G7rSVulNCPVYgXtFLJmco1FDvnEqkuT4ZqoF/oYH10ehDL8/H5xNT2dVMtXSxkfSWWqkAeHMZSPSkGLgpfL1PT+9hgV4Tv8LI+hcGWoMSo9i9Np/tASQ+PRKJc+Sm85OFMFIqcvuKzE7F3VdIRokSwknpJZ4Y5UFvi2RFOFavXBm0h2ozm8h6fOShGkrejCc24aKx3rAc0usxQ2LwOwguykg5d2/pLYhGcvLR6qhiikp9f4EHT5Ivxa4gbn5QtnyJ9rd2lw8ZSBakM1ic1QSgdduJwETm9zW0burS7TYMt0G5XUeawir4nazBepHQ0rMeUQglriydt6P9ZxU8PVpXVcqiek6ttMlEYvobSGiKtXKuP09p/3vHbKYUWmnKxB4TGN+LFeA6l2WzV5HmphY4nPbX0EjwSHU8hcFjLbqYYRNKe2YM1svtVqR1PGkXWmBfG7r4gbmv8llVHoHX+XpJdQ5cJLF7Hl9J8bUnGk3en6+nlVK3gVCftdRDuOfCeZgUefKMr23lDY6Vd7NNOZU87mlhXqXfMuZVJkPGtayASCKPRc+pO9GIOQQGRihSWwtcERuXPdRTeHkbT3slkzRmpZPMP2z1LIFpHfv0sWjrbYI2P607+ymFELLZ+ItLMQPsrh8Ah1rQlwJvHVVECH/mBVg3xkrYxC95ryz93I8fcn+Nhl6yI134tR4jJ4aDkAthcXqfo2m+IM1/X1Pbl4M0tWKvF/rohxccdxjasl4v3pixel+KmDCcW7E01eCnsrcaJYT/cVaa/7mjRaPCYkPbhUdlPxGAD2fYsJcEstH+NxF9p2/ug7JNtI0gvBZr/nFwhC3Fdv3CSzEKdQPtCtEpap6eGHr8S126JfKN3Xz+u+8pzkcTuHxYJLZ3IX3ljB1bptBHkKZXwCFFIyNIUktYrIeixVZaPrNindzMLGuVVHf0pm3BWBA0pSVXc7cP1cd4+V6Vzd/Xo7B+uFIreLDOWtVpnmtVNP7GiKp9tXhSYS8nvLf0pdkewZaTcqVViHT6cgxrI56jgjtErEgqvPFj7a9CGhHePCAsiADm7e5HwD+RIOJY9g/7ZePGTTxOwfaQeSiLsykQQ853EvV5CZmcyx+WsD1nG6iQFQt1zUqjB5vlubSxfMcpkKhg43jqb2MPbXaVU7hQTlbU8MsJVrNJUQMU+PN26Hg9H+SyvXsd1Lu3wo0RLT4gtEmbPwGAv2R9bTy+S/uDlgzoYbR5b7KB7R+Iuu4nv6UnSy+ROv/s0v8KCyWu/EptJhycYZIQ6T8A5HlhThGFOdW1g+FEILmnkZFldlatI3rVrigxx4JU5ymQcubumJgMnb8ph2DwMMRTkpHIKdE0WYMPH49D3HBL/JLziq0p6sDsuKcmDoJ3hZbY8rPM8AW57YPORiUXFeTZ+Pag1KlILDbbAsrp9bVgaSDCUZI+Hx5zdMu2TdtzTnCvLc/X873h0iPnx0aFfPf1P/eLJoT/t6eH3Dz59yuU/5fKfz+fz+fz5n0+5/Kdc/lMu/ymX/5TLf8rlP+Xyn3L5T7n8p1z+Uy7/KZf/lMt/yuU/5fKfcvlPufz/7vMpl/+Uy3/K5T/l8r/p8ymX/5TLf8rlP+Xyn3L5T7n8p1z+Uy7/KZf/lMt/yuU/5fKfcvlPufynXP5TLv8pl/+Uy3/K5f/UcnmCov/NyuX/gbclfcrlP+Xyn8/n8/n8ns+nXP5TLv8pl/+Uy3/K5T/l8p9y+U+5/Kdc/lMu/ymX/5TLf8rlP+Xyn3L5T7n8p1z+f/f5lMt/yuU/5fKfcvnf9PmUy3/K5T/l8p9y+U+5/Kdc/lMu/ymX/5TLf8rlP+Xyn3L5T7n8p1z+Uy7/KZf/lMt/yuU/5fJ/ark8if2b/bo88Wf8uvyva+F/Ln3/dXX8z7XwzQvF7/0NrobTtypxGVjKd/pnMGKptz1iAV+9DmRIhgNNKgP9Cm7QEmWgUzhmDG9BKm/D+2V7rHRTHtVUTjzpdL8QV+x9HN6KIsR2r4jHUoUDncwrxPQvZW+e0ze6uXv6BF3IGXWTyetVG/vOPR8rWbrcfalrg/LUXCwsvZwvhX9j8gsnJy7R3wMOH0KnL2D/Iryd4BjHHI6Zw2NVsZJEERSoQhStjHYC7wvnAqhDBgh1/rvXBAV9L23cRMmCp2Yp+Dw/gULfxpg8Fd5dzoF3m/lv68rDcd9jzt8mWh/qy3rf1idnqiVTSn6R5HSDUFCqUq7VbAJJxDxubnU473Bfshn5diIuDv26SEYqS2oDEeEvKXCB1LQsCGMyA95Nxg9ZQipY1ysmhStwVUpKjZol8oolPJVMwWCb4ZDJA5whbAOvmxQ1UcmCwVwmPFU+wU+ZgB0yu1cwBbXpVY7q1TFPvo0hjIcsgFIA3vfplYEiFP6iKFaAxoBtYVhiyZgxorkFhMYB+pDluDqCEVEGzmGEc/jDOXtA91Pg/ZTsqCiZgcbq5/u5nZpDTnIUqWYBHF95qmOAzWuGUrjMU+PROmzILYD6zevAXbROTONP/Ldrcg9p1cN5fRszk+H6ZMhVGUP0nOgz0U+F60qekHvT2BofjHBd0xogDQY1pTrI+R5K0DKOC+9hJF+0WPo4OQbvh9IF8Bpam+WOFi/DtdkdkkA4R0LN0Bzh2jIFX/iDwzWh+SKaY3CshU8uieYO6Q75l5PzeqAk85epv8bnxHTdpAYF0m/un2OKNfdXeLtf+tMqug9HUZp1deB1yDcwGON37S0DSjukxzDfT7NcaqZtQMN1JfP9BFodJh7ANdj43H+Zr4XWqgyTPCI5Ge2FN0avmdM5HGrX1E4ZFdyaZMHAkHYivinjkUf0V0ZATfJhUqM6yTtqJ+DqLL/wukyhOUAad3DNUFsFRBMY6IU84oXGG6QyjzkqUE/gdSibLq3yi2yPLqbNfIRjBtM5lVcwOB+oMwaN5gPXN87zkVF7QpvlDpt1CMmPjeiJzuHKKAzy1FegII1mOmQuptpQr1Io47w9vOkIZXnuz0M5n/vDeQXj3B9MOqaaqI/oQKs78RfK4Psa4jPU0a85DLM8QH1COppC2bfcWW4yJHNo3TY+WT04TzVTZ/osuqDwaK6Q3umPx1BusVk3bELB7+ok37M9QPZnsKa1QA7OcyUUC8oi1FPNytE6ccTveb3w+twGyqa98B19n972Y9F5mUY2SJ1kXJh0Hspj/+b7JAsDpMkko0g/Ab30I1Wsm/Vp4i2S34SEMonoNU48Q/dGPEM6zwNymd+oDosecvMaVP406z4P3uvslVxBMgblyqWXc+SkB4hmlv0lQ/C+2DxXMMzt7F5F3mKSxQRHvJnbBcv1AJ/1ZaIBNtFx0pe3Ldl95012pCcV2MWUX3rqZpEkrPXZE6MQgGSbtq7yyFkQD0RLbJwWxa8eqvsNiGtFrn5AXF8I7DvE9W7yPeJ6n/v9iIv4BeJaFfC2bJi+fkBeq8ezQufhUtv/8mYwBWCLAJIjqr9dh38ly/c0TnNHZQy/GCiuyva/mnSM5nFw+t7/96OgxrBR7AU/DnKNileE8N3PXTnYxUtLNDdMu7fpDd4KAnNMnoHcPC6k2jz0j7ebah3RvH86PZHlffYP2BSRBp7vrmkbmfd5ql3tIbx5bSFgJHn8N8nR+u/LEYH9ArqTfxp0p/8+dEfPq97/8dVD0arKEmJyz3+PgP1tqjB/oMpm9RNVcOIXVMGxP02/yL9PlukpXhRxTNLxd4QHhj9h1S0hS1J4TbP83eRRG1yXAyTS5qRZPL5CsU0dvA+nUMdvquLZRuDb6Z/tXkRG/mT3Zgv5vlJWZfRLIf7bYvH3Rfv/HpNw5icm6UN7rZDZEp9lMEWU/9FxqPKHOFT5dRw6TP/+bhxqMHKOobgOIi+QQM/cI/QDkQL03ALy0tgcD0KkJbodRBsQ6SQQqbpT3Am9+Xft0D0FAkZacCz093dtYWSgwTgTIqQZSaHvwh0h6vhDf/B92+49ngPXeLkVjQ/XJ482RCk76Zh+hxK27DWUknfkOKGyBUGOKkJbEHlO0QtCi+OMnmC8iyKIYUZX9ozaIQqa0NcUkcgT8oQIG5+RZz4hY4g8iWkMOJZmAeqUyR1C9tqMgEl1ih4AimaIGekiVD61odQ5quxUFBmgNrA/RLwI3c2RBELYw9RmnO+B2hg/zhGhW343o1A+oeax7RlZoah2iobQ/ZUlolHeYw/KiPpNEejSD0V6c4SjoCjTyiF9BHLu506IUUORxYQYYRQ15vR8LacUO5mjhAxFyHDMESzzdHsVXUNoebxM/eBaFtQPowtBQddgJCDP0ciIkLiL+NHP0Q2YULCKaDnOUTeUyX6OuudoaFqLOSFJGkYkqM2MlkcUVaK6BIRQkym6UeY1dBNdUATPT4gaRukC+p5pgNDvFEEFS5sJ5dIoAtDm6L1Ts4U+fP7uR2ond8oWqBmKntA1ZV6TNdEe9lc69Z1RmO6fQzQ96UmPoi8kMxqKipB+TZFZskQCMArl5khRHeV5bZlNLf3IL7Ru/thG4eUlQrTJhT6Umr3p7FJL5mI6htETviB4Sp3leph0FaFyS8C+8atD44zzHFEUL+DmNMd8VOE1DUXHU6Q4RSS9OY0poMiJgOufIuiJtpPsIT7P8jnT2oZ9EB+QLObYEsXAyFOeI/ox9KA+DwvfUeRGI/lB0Z+KoitkK+Z1oLlSS3QHZWKOPOHY/WKHaDXvUD9am8ZGNiYZoO4ivaKtRU9VbonmLXWKhiE/hjnL4NLKTKNeXbIDs9wK0zhLJgNlUCDtZWzJKszZJA5GekjWUR9rkWdrHgNG7Djs001ZDm7KzNBvmYfrx+fMlr3Im9yrc/YG2icUhX61QVmfQXnrBVp7NskgsfSj5zbQVyAaTNHxIstZQM33dztt1hNsjoxnnZtlGLx1jph1DemZ0S/9RkSXKQNkBUs/sESIArnoDq6+dXWKFJFtmuwBylRgS5tR42fZgzZmWOY9LFEntGnivF5+shFQrnJoI1GmLcGnDA20ydBOJxrKLCH+QjmDfIK0hfo2BtTcR+nm7JzQabN96VEkDecOI91ktkE8ssdIR6c1zJnHqY9CTvcxIU8tBd1nsZfQtllHHh5Tsw7aU8ZmsQ/U0qfTLGXhqTHrCbTNC9+pJduCa1NU/0Wb2W5/Tz9kg3iV/47GU8YS2ehvvFFQf2y+/8wbKIeDgnzTVxvk0wJ8aTPxHcoUlAl7kU23n/VJpjR7khfobxeZgL5qnrc8LjKBfWVGJ1lE1wTiy0ZDmzfT5vSdvCKeTJmqWe4HlF9+21QbZQCpKYOFKbPuQLujcYtNmLK1LpSPBH2Ts63LO2XKf8vE1AdlLpEscMieLRkoKyfmPsHikxV8vo9MI9uP1g/nhvqME9aZbAfiA8rQJX84vjpIJhV7sifIBpPIhyz+H/I6RziqW7J6yG4s8wyQjpKL3iDdIBEttEnWArSeiTbqlGOHNnhEtiFBOfl5vSPA0bc64Ql0fl7TfJwjmSJR+/l45sO8xqBfZATazGmNS7YZ8RPKLqLxnEHsUEYKHauju9A6QcfzHsLk1wxinhO6tzBlmyd+zlk/lImipmML4F90FhSkc/giZ5MMQpnoZ5mSl/WhPsm4ZLpwBZv6UAsWgr4zn/rM9nPKkhPLfYiv7JuN+oC3rgzITs++dfZNUCboiW48WHCRO8C5IVlbxki6mV7GnO1CfaHv1KadgtlXKRA3GWMw4b7ZPsj9jJUX/GVCeYD3Q/yf9RnZA4W0+KU/xLkIz8J74irWIbmhF6xDIAwxZWknH+w+5x0EdK8JixAIEyiTrkx+APWhkU9FuvFlOyf7iGQgXzJ7MsoMUhMOnzNvEK9d+Ykuk1yjbKecTPhosg1TRhmbaTvpM8r00bNNdBdsouDqtPMx8wf5fyXLv+Mpkg8k5188pZc5f8kBstPIJ2pT9tddcKfbT30mWZqxqbLYBnXBr9qs18ue1oyNJ3nkkTygPsliC5IlWwyIeYzgvXMwLuuf7PjsJ7/Xo8mXoow8kosJcyAd/6ZXyM9PMQya17DsNpDINs2+M5iwBYwdRrQW6FfIGX8Eb3tJzLspCLfk1Hd2YcY2k3+c4grksxcdAvQX9rGUJRv+HjennBybaDPp7LTTgnCTMs79EX4Q+q+s9zhnh9Upe436ywPUm2GKSRD/J1zz3llR+mV3o5uytQivTNn/abetgxgUXRvfWA2udeknU8vOD65N2WiEc5T+vZsz76JM2AC16Sa/g9pY8vjm4YLD4DXlzWds7gdj4uEtC+60Fqgf5FcsM2MoaqbTJFPjnCFPsAmnTHKnzP2gTn3J5ryrSM22f5Jfeuk3ZfW1t++c+inUlx6Yy/2mnTGEv/Nh7pe/sQs1x3oKwuZLRtx97xr10/qmLLjKz/QFCyaXMeW9i2QZb91e6BtQUyZ/0n8YdyB5Q0V6i41Ac5risiWuUqcxJ1mZfP1sa2BcNvl7F8UVJLRJ0JbBuF/oZvw843AoRRd+3rG0l90E+S2L0M/N+AfyfplXMiw2sJt2pya8+94Vy4llPaM621ZKWXA05FP/tsfQf898n2LDyWaTs7zl2NJvUN98/8JJ8LygTHxQeeE7//CNfzMdk+/5PvuZXPmO729f9E1e3v5quR/29mnTPNNpN2vZ4VrknJ92ffvJl5jfyfDsO5cdRGFYdpmHOcZHNAjoJfbtFzpBHC8vPlqh537yHKchP57l3+njF+b60keEuWbevdtMPhtf7BcxYy6lW/QF7cYinwVxMJIntB7U9o1JJr2FYwTvuA3SD/EX4fGEns5DXVtw0BIzID+EZFZGsRXyyygORnFhf8omTAX15Os8msuEQbQpls0XHJYsMYqx4L2cmvtM9oGadsTm2HKKn2e8N+dM4PypBSMi2nXI/s5+UCYWu9MvvgSb9GvafZaHxXeiPj3CBW//s+SSIH0mPDtO8cKUS0rwGXsF5NwnePOon+cyxd3jzKN3HgnisdkXkNPu4HRvhV4wN60ge4zuYc35J7i29074O/9EqUuMB/3ge3ewn2R52kXO33EAsfSjFx0gZx+B7rfsUPKTTPbTbv2w7ARni1+cYkS0y50vtjt44yRs7pP3X/o+5ZwQzpYXOzH5H6Qr9BLTzzkr5HugbZvbBP2X/Zz0b64oWHzIPDbE0xM9pjZzXDfvlqKx3WFpM862BMXrYIn1DHLR0X7OySA7lyz0yAftjZ+WygFIz8U2Cwh7TrulX3Z3yl0tNFp2L9WvypJ5Z1OzdovfnXAxNWGjd/5x4gfabbXp7/k44fDJ7n/xcYq1F/lc+J8vu7SonzHt8qLYUxOmnWByqaYYZj/wlrVpruOCdyaZnf2z/JY/6lse4cp/k+M516B8VW28/WvSv+//5d9nGvVv/w4x9oLZgmkHfsJEyH4hXbRQPDPnR5Q5z0bNVSdTDmWY1233i/0i3r4byhKx5F4gtu+mHN7bziL8csqmvA71vjbh7Smvg/R3yr29K2Fo9Y0537noudpjslNf2GuKrad4bMFGOb1gjcmWLxUlb5z1r9m1/mc3aparFPXDZhv1814bSfxiA5L4s3baqP/cnWynqvNpGzv4tqX9b7R9/ZsE6t3jOwla/0u3sDf/b+7VLjuyP27TQhNAExviuw3c743F7yhBwLC//vhr2zTzc/kwwTB/XdO/2Mxd/VlcJP9/qyH+7N3+jb1b1ObXdc+ZLxXdr6uIJxpAvwxoE2IFiAkG+N2dsmLaN0KY2oRYcz4vQMwgDE6OId9PwuN+Po8qRKd9pmlv05zmPbWnUdXw9/MPies9lOz0ML550b0C8lLqCRLWqdb/X1yj9kfFXmH4Xzc/6/a/1L2Tv/ol/d/r3v8Xjvn3IAPXgz4FnscUr4T2AdWomVH9SuE84HQq5PgF6D3gFJoIeofr3/fy/w0m+DepXcP+SvxRwH7hOf6l5Wvkz04iCpPIXA6rur1WSVV6hfDtLPsNDCDb/63NoULuYaJXFrXtsPht79lWP1Iz6tP2jLpDhZuP3O+u8P0y8nQwvLFD69UtqOsJWAQIVKTB+7SYFl9Dl+G70YIP4JnlOvYrtLCaPv8ztNBUz3pRlr+ttXBySfS30OK7ISL63xSiOiq8Nn1FP8zj94vDPwAF/6NAxOdBpH/xg0hLSjhAD3Gg9BH93jJXRnF+aIIHUxnCfG4qNximVO5ShoK2L5Z0cvcuK1Ot09w3y5fSH7A8OJEQc9kSesBhSh29ywKWtKQwwbCv61Ma5b3FbHTL1gI9b+FO96YtXl5S1/aonFDajCLRts+yzbKUxAjv7R18pq6MSlNQWp6a0ijT/L9rP/WB448nCJ2mdOmozqlrOK8ljTxtA09bSdjy4BGmvreErCVll+VLeghMD0PN2ynvFD+i5ZT+J5YHv0jtvX0zp7OHKa2E1oQesEI0neY0pQinEhJl3sLD5xIcgNa49JPxpZxunOeLHiBKlm3EYEkP2e8HiegvXqAHVawpxYTSjN2P11FqCZVOfY0xPTA0Hyu0KkzlhZj2dR+ln8tm0BaZ8a1ML3uXJYJuOQfXdlSmdnM6cF43No3XzZqF1v3eQhf6Zd3UvM07bS3139F52hKZtkvevJjKCdEWxxe/pnSwms1bf6isBK552gL6ekhr2m5xUTnTFDIscoPN6TdjmLeKpvkvW6dL2jxTFrkwaFW8q9/4Kczbvbg7lecoixzN/ET0Xsok3/xE6eBRwL7j55QO/pGf07bY9/ycUr/fdMv9Iz+/u/7m5zTGXM6E0ujc+z4qP6fak/eW3Lg8IDNOW3iWu5Q2yt3St3vTDOo8emjpzeOpDFCbHi5Cafn3fN1uSbHT8zYFWGSQfW+/THK+pLX7ZWudUH7QkZmmmugu90ChzqRT74e60DlnshVjyM/93KWcI5gfqJt00p7tySSbU/p93lZIv+m7ytuL7Xun/4VueVgLvXHlO95P9rGbtu04lPJdbOBkC75kZyptnFLMy8NwUAapmU/2+6G35br9XLbUCG0p90APvn3dx57kfdlmQHbJXnTTftvlUVm2TWY9mR+OW/QLbRUt9LCJudwJ6WHyfhANlT/iX/o6j0eqWeHM8pOPsx0F7xIyYt7+mErYJt5qk/4lSzlkTs5bVvODgV/Xp3JjYSk7cb/n75SqVgv3zct/1weqNsQfg1Xm//IjVeTPTxN8sOMHO36w4wc7frDjBzt+sOMHO36w478DdlxT1L8bdqT+f9u8/GDHD3b8YMcPdvxgxw92/GDHD3b8fwU7brB/u7wj9asKmf+E8sXfUnPyE7t+8Vun+OYXJSd/WqHiu2D6n69oQiTC/lhptLn3c/HPP1uy9PcG+h+VTf0T95urpP7KFdUz/L9Y/jzJ+9Lp63iR7M3vkVaS+PF3rL5+cPc7WWX+ldVR1J9RDlOgC6wX5MlklX5lqH8duf46Tv0hlP1vItd7CSNXLj2x2rHD9lJSoV9WVk37KtjolV8K+h8vc/Mrw1ItK9Gb3qsRKwTjdKRKrWdMqst7uoy2zPmE3vFVli855qWzXGX5dU9zK5y63cW1ogOnoGSPTHS1ddGLhAgYI6/X6xcXr91rRnTngL8mAnphlAzaTrzKTY1Hh2Hc5Xpi7C6yFwTZNRDcEWN0C73Ft3yu7EjML7eTc9z26L2Se73e18/HrWbkbYN+zRouK1vNP2yOfrod/YC6nGroZ/3FG3sNR/RL3RtL2deKt+tfkVrIRV+xp7IhupZ7etezt8bry+tAl6ZVBppx4SB7b7eEEnpAYVKGfjCbjVjttqvRL+/fbkqnXVYheo/mcefc9gc0T6VUg3wt48lG2tDo5QAR7orh2jpd1o5yCH33sWVU9DaHu/NE7496MqokBjQM3WP0JnjNRb8MHpsEWk4Xyc0orLnuXjZ0b/Y70TzhpfFyyM2IXhMQsyfTxIzj2iwZ3mhPTydgcjne9rbDBfK4LzmD8MRHwpbWq2Zlr286Tjm4w7NTQHseb5fNsUXv7TjBcR+OyEi3rnjKQ6K1ecwYvG0w9tNvcTbbnhMqPfDshVPKK1ue9PuVw10SUXjzPCj7gnbHHbHVrdsOvWkL85FsHOUXPFntkit66QU4na1VFBBHDfcexSDu1KA9vbLO2F+2YhA+LtGBV+OMOjzRS0aq1SaLHgL1CNHP9uOk+SSi7PnIpJ7cyi19KDO52h8kVyQ6V9Uee7rT7LZN732+dQF6ncFWrXwyiOMXRfva2g5d9Iv3argfcorEsJ0tnIyb7r0yvzWoGygdUQu6k25IsRMD4xEJDyofh9cKc0i94sKXtwqqg1gmyvTqhajamRiJXk4pkPVedgbmCEoTveNs2+iXOj9FNXMVDCM4G9i5t5XTudQiMAiKvymxa3ax78fenaU02Xnm2RRtzR6L8ql3Oenwao7epuK/rJtw8q58t+OTmMdW9NbkB7MT4379oH1yr6TXjdYk46XW40G0avWhRJsxfrld3N5zu3a2ieb4ZnPYV4/OF53RQL/wf69OsqL7h0YLuRH9GD+VAFbdXcXrCb2CGX/EoNmiF0dWW58/prW5HTYAvUScXLGavvMdFRR+Ko/ScES/CsemihJXorYLDVNmnCdxUm9Xjw25XoaB2KFqs2Zwh52PWxvGm8Q+fWgPuynQ+wFs/+pfdnu/41mH97eF2HJV5qVHC7tSVa7bh+dt4x+uaqazYCtCoTZ7kFQ9X5ztHPpJiUjYc74Lyavv9GKMqwwDGuK6psIW184c59Zc5tcyI9cH3K1FvhwTh3k0pnM1Y7/XToPYn1xjXY9pmO4Z9VCLoYlp4thqbZ+B9bZQipvyrEfvIho0UXTa3ZVreqsVvXVnpXXpHJ8Wcb/xB+5APJxmyzfAfWZSSV8Trzmfw5WRhFd9t+PiPgAgl1RcfDpmGlqv/b3Z9Wzc0fUpdthXUONH747eavAcxYI39KAu0ZtKVox/OrmCJQJjbVxPBs9atypiRSrtAKmtxpGTpI4M+jp9NNVaXFX5Bb2zirBUbpeI7brZbfkC56GmaFaHfB971BDPNka1yrhe9YboaEWvziyiaB9eXfQr/nma+OkKf4J90GgbvqWuLP9k2zGVwdGgBYs8newKVHFSdgDzGylErxjDnFa9uWVZ8SpO7bxmDUgy3fjQ2kHHIe4uVmXv0569SKKRD7WSJ7lWgx1eu/oKvHbk3UrPHN+Lr6OuhBlU9pIiMFLiAm2vVKcxrSXQ1sXxBETXeoSrXbDSOPmpbyn/wOrb1ZX2qfiK+RvJPal20mrNRn0yyA0kyrqpjHP10LGNOL3u4OgVLBUFm9X48PwzN1CP5FH1TgO25vbGHiTtWakrZ1dzd2/EbuSKst29bAs7UaIjg++03nDD3JD1vHjZcR3uXhJG4YnfZWR7bl6WUawNTyh0GASXPX7VHgW+fZJsfxBo73k58tWjtkCmdQIp532Fy+6qHFOvUnKv3A2WWl73niAKRLGrt417OPpyUK7IlO6Se9qnarG57Z8djBcerU9FbSdtT/7pKpVq1TykmHMeDA/I1/3FkcjaOaBctRGncKmv7woHvX5h3TavOvJfDkGi991u4MARNyLByFq2PutHlm106JtzqTp4jqDiUrezE4vj8YNdtc8dt71jW/u4R+7PBtHRjqtAx0ritl4nHnrpVbettUM5dqdTIUX4zU5M0JGpNETpq5KQUbsLGHkPi8s5s7TEQK8LZl352Q5b0iyywl6ffLI13MO2fK7VMnM9Wcl3GzZ8yVy95/dWUqROZaZNSw6VeGys0XpUdtJzPfKXCVe8rnd2egsmu1fG/Ug6QXzx7+W2QD7hGudBFUBXIhfxTg5ZbW+3uGiWgDVpPEgPzPVpOZJrPS+aurbGU7ZupJ7iT9pZ9uqjgzyug17gFBOPs6I9paKoHPxwysJVzXM9fw3Oyphzm9DHi1CukSOc3u6NoT4Ff5VYbJ+ISaga7q2nnEOh0ft8vWJjMZJfzW0vHVlxpWzTa1+hpPdwJIQTSOkZ0AzkJWvXgcacTtnugp49FZ0qZrqR5x2gRVrXkPXmEFhCOIDz5S/zezj1F7t6bJBWr48rA2n+6BjHky/1RuJmNjSaFnp5zFgo7R0oGurjNGciokZCrVVle4QnxOOqESBbO5n2NnqxZ9BrTg/IOnEneq1GryCUsjtH3gE/2PZJJwc9lB9uhe+IJss8arPNlZNhdoVEH/u7hwE52qwr5RSulDK3qTYMq9Y/K6XBHG5824eJf25vKRk/k42PSMipCF/t64fLcYpgpmnO6abQcLZ7tm/72IoLjt1f725liU/oPIhnsXuUHHPA8j4kFN/iBZ883cS1utJgpJJm4TkrBTIbd/busDdUT5XFK3oNUkiAjEfvRBIMoPHQCxTOdp82YE8ZFnPhH67ZHnaEjXORnNw7ELqmOvR3mdE26QYJ30VjH5ftiigKJvZF7j7E16EtE0e5rW32eqDSx/5+uOtMYD/21XBkEwhey4dLNZvyZO1N087P8ZpB2Kff6cwDWsfXzse2p7ZtdEp5DPfVa3Xd1wTuZs0JWmIFgeqgpFb1o+n70ypjxdcWwnD6aPTrY++dVrS++j/kvdeO7MqSJfhFDVAGyUdqrTXfqEVQMyi/fuh57tyuqqnpp1HAbGADGZlBp7u5ibXMXGxP9OR4TeSl7VSWjsefo/lh9/A2GeGhzerqd5+0TaJiv3MQeYY5tVxkIVaDK8jYCek/9yq2rV8EzA8Z2iFYgcEKDbKfvzmCnzH9lKzZB0T6qrH+SN9FRtw7PgLVLyFnMKPiOHtpX9Lu1fxg/AQi5V22JXrq1rhhBI2uXa5LtAByYgWPAsa0f161Y/ZPsIYEy15VhpD8xszqSveuANGjfa10lHvAf1UokS4QdHavXMTFEfHn08V2/YKW0zuTpH9WO8KWpI9Dv3iDzcNF4Fpx1jlLKuVM6zeGWot8E0HsoaD7TGKbfLlfb6WzffzOYGhOOh0beJODRWC1OC8wl1yCdUlS4bnwIdYWFPm9dkwW85Vs2tfny+8K8YH+bcfCARepgU528d3nTf44oRp7E67/EBcamBTbBN8TruSrrnEogZuUOAf1b1GCqGOdiuGNe1fH68GnwtvRF5I91MfQfAyPT0whhPFmSqBOXj7fPSRT78eT35u9hTQ/2ZqwZCUDOs1xO95j4htNRJr06qVpUXBxGa05+ImwuWu7jzS9vy0n//OZ1cspt58VUsH85QLMEYEXOsd8H8k7juUy3ANq117MJgujm1GPBm4pdUM/FHXYmNKSWFRNEHCT7whsFVDRxx9E1IRAmsdhO0D46dAatPk1PFO61XjwhUvlFEZs3Wmfr2sL7XyVBDghLvC1+nokdUl0RWCinqrbKX/OUUejWAKMDsJEGdwQFalzmxfXT8Wt8yxcrIfKAguoucPsy0+B9xQGn/fKovACDbkcL6W2U/jHQUpGtnptHYfKnvyxu/IrSqhhQaYjgMNWOD2Ull39nlEZFHZwLcgleQw3EcBPvKoNkaTbnojylOnDBvW4mKeut9hx9/JeNgkVq2Hr1vt2NhpfXE5WCRBrhxjZgFtgKYiwFLU2Jgzs9GIug6MiOi5meTEG9zvaRNeLdqnMB055PPSSJT1b5orvZxVadRjctTRRRxc3Mo5ci2Vq/8SJOp8z3D3Dapm8Pks/rIGrh3834Stv2pGiKjzhcGUi9LWkR9EQMIf633V2kyBy/PRasD4zbYuIswq4TqvxHnMy2I/D7LedrhFipIO3JKSNYSzxkVge9CqwTh+oyj7vlqugDT5yTdjtJmJ9JwgTCwrdGbvSdpXWJO8ycAc1V1AUIMcNf36b1OmLtlclE2Vq2CW+sKaftE53tq3OssoM2ve3paU+Mi3rbEwIrhVHJ/ZvChmOzyemHJ1fNMztiAIMDYZk+7ggh+FrmNuJSu0Twq5QUzQ2IlPs05eoanyAmev7TR6Y6B/Z1qkrjcZfR6/sctJmLfZkQrcqPTPPXw6BKy3LlRLtCrTCcpx9MbeEKdd7n6bvb7yTd/qM4yA9U76poStUowtL7nLcdaaDUL5D/Gn0qZNGyDo3MhCVQPCu3L0hWJbFaFVb4wpBnkpcOBCFgCt8yfDICS8xR0bcN7nBsOtb/SzQOV8+ErN7+mWXTWhpQRL0Fzu0U5O3ix7w8A8c6c0YuHXXQeDhetDhZt4tp9LFynDp6ajKBK00F8/LL3VNR3b4CX1sqo3X3+z8weiQSuZp8J9fhUMNnQaUB27/47H4jcKSUMcD3+va+vXLCJ8vrk57B/eEsJERm/38jCgkEnZ4Ve34Z5LSMpa8T2V4Sblv0qP7QQHSNV8v1PIZy1f595zSlRhv0BUEQTtX10YbZdn2KHQoilvz6uJxxFHhBtl+Byvwq5XaZ3DQkB8TdNJmD5mvwCYFVV46JQV99d2ocWAmGSOQ4gDYtFpsAoVFSKesy1ZrWo2BkFSDtktNhRBlkjGRU7xCUoctVKpRNbbqU/RUbjmrPe5lgRQ0QERULN0rX3n2wDjbjIi9nLYvSA7P9sGATvND9uDxAPOz1Esot15fmU4uWF0TCiG4e8qGi69CpBG3ivu9YuOgZrTL1+dZ0fZ7bDf+zRJnUuMuDPX0RdXu5TdJT7bhgB49D6o9ny7jTA+ylITdfgjusc+kT7+m3tjLUkh9cbHsjfVT+ner5S71wCpQ+Lkto8tuw8hnVNWWeE9Y8UUy9nNkm6KvyvBcMPtFIeiDFNH1K9df9yFYKS+vE7hRXES7jXG5ncbaVDq+mLVVOtZGMbmIgSqUjkWd34X4/l2xCVehgHAT6MDqe42VbKIXfgOOXxq2QvHGKshH6UsXE9WIF6OxKU4P12J64ZugJz/1YqLjl1/wY4Guqxhw7AXCRR5AisoJ8UwGdhF6UzcOtbq0yrUKLyLMHKmv1ka18Xz3YmLIq/y2JQZVHbzin5E77tsWM2RBZuu85R8TKMFzNO63fD2dGeMOuNjwAAqr2z+QnJAOg52M5EdXk6INuj2SsJ57SmeRK0D1KitGXhbX4P75DF4vptFj2Fp7JUtAVvNcVy3xs1RR+iuNvzFXvc3M2rJtYU36FXO7EATFESEukKyorpKNs3dGg9Awr2t64JbPxPxJowBVsih5P4h1+o+DpwHwK+qnKBvQY4wuKYoG3YYZ9Dm0KzavgFszyajj5mnJ5nISymM7HUyhvjI5e5X5FBwP6HebQCAsOyrBXsz66od2wTxBkBZ3ob8D+eSIiBKTBfWTdzCPyKSJ7T1hBTgbIdM+bhQb4wSr+NXlaoWuRo5xCmKs9fKWT9hs9a6RLx/0hH9SXUMsKhuZZwRIfXWQ+QYyIWJkyIxZXRqz059/44N7XGyM7bQ2qKu+Ed3v+WzVrSpYjyskahRX+zR//IfNUDLJOkxa4Q+XXhXIQkQVihW8OKcfv+QVyJZZpfzQciuWV14XvghDUZZha6GRJEJHsiV7+HrCfwFwhgzPN2FwJStLECdoXXg2ZOwzmJLOjwW12foSajele472KOn3dI5SusL+ciihxzsGRFB0Nf2XtgwtbXG1G8oBjfQeYGos3D8WuPOzStZv5n+Y4MiI5cTEqR7fgM9qlNqNjOsX4RZL2E4NqSX6SLCQL4i/r6l+2bzQL5mzIc2YMpCulIcNOB7ZHefdhS/ZAobmElrGEfeFY14pQYb24iUwnkk4n89o48W0k4GTrAHW0HNPcr8QOnrS0AK4CCetKi/0HwVj4fku8q+JrAzAFB8YTBd+pX44F9FjaeW6fr0DcxM4cxlrELcGFkKM/uX5y/ew8qx7KiABAx/R06sOCi5WKSqPZOKiDJF/inr530sxeJlUt48JUaGdHK6PAJMrUxlGByNl0bykspfN/w64BfIDQO9syp36RHdDHcULR03XFUg3d2ygwJzAq4XWCGb3LeiJD+Xvh0wuVXU/l6Z3xO8g6MewXzYAEp6MVV3/xKWr+VGZqXX7BTCFq/1YAiflIgu9ISzFIgkJg4qnHs8ddptFPP6RLGfiXKa2h8WVusosK/0vKAlu2q47ABMA7k+VFFjJwz2Q1Xuj6cq9bL9ghzfx4FNMBEaNFpnneawd2O2EEnmRZ8BURjIRVNoSxb0dmQhGzvxdgop1pjUPqxOTEYibpG7oeKMoMq2PE5/gvl6lmzxhfkENysFWgd98d3eOn2Shu5CGOOCQEhAGjeTYQP8q9DdF3bNXu1PwvcPg8qxD3vlIsroKeGj0vd7/2rOQfeTolZ+XS7BTjwkige6QUi6Nf8B60q3Fd5yTPB7SIj+hyLLY/qlesm7CMYoq3CSCpZIW8+KzY3q9gQl6wuvYIYl7R4zlgBesXxHMjmIwOtdot6MEQ7hJCqPidrKdkX1YCwVSPa49HTCg9JT8j8RhFDEv7yLtDzZ36CGbV2K5dsg0VZOJF+q0FiWmYh84+ydcyFogn3BvWdAByINIOkj3bMjjxZMYUJ9YwICMp40lntq8AU07DF2fQO4ZlOsxQBsJcO8zt/wcY/o9iOvjQ4t9YvTw8o3gzvIxx5JsZoKwl2RI7RXc4J0O8McHKieBZ4tHMVYER/bJKwYj/KH3N1uLB05IbqfsF1fTmMnsWHB24G3U9P3zGDrBJpa6BYHAxaz2oDMHEEAFn/wMwePLNr9BccDr+ukzBNWID308ontXAGR/CxS8F2t9bchHj/czePgVnWhe9fJLn8GCx/GYknDciMADJlv5ACkcGfq0g822L7mFsX4qCv5L0PJrt5M9DfYgQOAq7TWnv+zhBHj/OCtqan63Z1kR/Qrrlpxt03638Pt8yuA25Oqo9QszBvGXa98pKXqrfOhdqyr7u4wMFyBZjQ4zIScssnsKsymuw64otYJ6AfzTZh6kB0ov0r7Sl2ruP4/aVRAbPiAWRsQr0Tkg0xuG9HxEgH63wt0Mr9QpKVbpYgST3gzlPJZIgQSeyCbfec3JO6ex4O4KndS13Y4r0HBuXBeRjVBE4CPdHui0SsHOzT5+/GXHRlicpAMAdPIXfYgHh7KzlHKTupIP0toMDlU94wuyhHxHXOkTGh7TlGi9gAfZz5nYTVDPUmv/r450L5yuzeJabmyki7tmh7cp9i9418wqKMF5XMJeGJ/ZECIbBSVP4eX5pRKtMbYSG4AhIjfnOQWSeBTMRnttfC40WyGmf1kMqfPp5Utwr6DdC88EN764JMXXquzvNUqIBFSZcjEcv4hk0iJ5uUR46mz9fI5EwNRyzoUVRxAfqo72jpnltrtssFvfMj0ia9eZ3dHPNqPILBfQMm1uC5nSdsdPG1RVgys0gCdQg9JiSqL2o3rz3dq/IDjCqFnkbgmmdutqPSwl7sXwKuzXdRSXTsz1323+KPKn3PQ/IzL8UJAUkAVcn3DyXAog/UXDUMUbn9NwU0pT+tcEt/axqJIQ49N5Qdyu8qNttx5lVyg1mMEQtUTbXpeJluT3g7E7cbg3LmCPiJbfDg/kX4EaIzs/l559TkemqgSzct4qhncYZcPnJlAPP+p2St+sgEj9y9Wl/oMSgkjU65pnQFtB9UWlgPE9SBIlXJGnoBSKQryw7fCV+00HamvPHn2Kv6UhzD+RiFB+/O9+DbgQoHgDbHxLtqL7VcAGbCLygaIDqnqBwYfPH/NtAnA28qe3ctoEhp4VGYVw1OflHtLcCpUMrNmyuLQvfL5vubOLrW8fBQAs8EpVEq4fJ7RPWN7chGlfVfmoUN/P7/vT8CRzpTTrNLS/QjCoi3LQ2Lrt8rCwr1twdh/QjpNVWACRZqjuGZiqAgddnwt7Rx5XL4DZacZ954XaZ4bEOLOsOcMc3vFpgCo3m6Xyp7BCEhaVivCASdwjXteIPgBZOlSh47zkVnPAFwA/ploGH8qmXjuU/3Ie63z6nJ1h0U9xMqSppFpx+0AFIPPAdMx5eOd9T/8q5ahZxD3+awS7UJc8Nc4586X8cWvVps4GrukpUPZnWj7ROunQnUPUcR1HZ5zAXoEEIMknPTTViYjhqFNyMa0Px/EHfxF+O0bN9e2sOArukp0mQK5I1g5rFY4qQNfNAFFzxRJlClcOiSECYAOZntBF2F39SiQOqFb9Mve2pTcDM7CcuQ3TRb+YSo7b3QHfYfUgiH9vFKxzA76oZ4zFQLawz+VLltHL01z0Xjcqq2QkMhFdlzXtVuXz/HYzlHhT0oGC9VZWfwWBAzQnqlzchz+sj6e6NSZv1COOy9+eGof6RX8+t8dT4jXIN5f6PNfyGl+vUWSvI2qHnahGaEcmBszyYpH6eDxr6Mw+Yl0GGOCyjaah74eept69BoXpLC9NEHkz59Uqu0t953u/MXXg1wiN/RgoqoPMJfCtDin5wRQEi+6BjLiiC+KiYHY8RFR9gO5b+XTyP88vLaVFOPJoyaLUY/Bs8SO2f3JDIIfyh8uWSoIRdYmCbiraRzovgDXn5yELoIX5LoLs65cAT7PikfW85spx7wUv72WyaYnVqxNBJGV2XJuXuuSOiGvmMGizMUfTbSnaEpR4kipaI0hDuWLoCk+6L0l3Heinfh3sDlbiermygUfBX829OlEUo//pJlg3QK1IQ+zwrfvrdH6mShZMXUgTeumYVpfzvJR7QFR+dSy8uNMqCLUgKZ1CG6oYwBD30/prZePUd9r0jyeSPdytd0wp7BksIbl9kFRz6YmU7wMUtFohCSt/v4Fz4sl/nJD55QBWeb03WhwUISroPEGcu8dy0pnKxDexFBR/eSCB/RqwD/XpdxP5FxfqM8Ze6xGMhDWMI6mh6AQyLiQBIlNgAPXeCfdLjSDjlpI6nPK3epjbqi/pw070tWmDdijtBNEjfUc8X6cNiTsEjgPzayXnYSMCs4CqCd1uIS/H8MvhDFD79CMFNl2B1Vvi7DGy3vwONYjgJeuW0rgv43F6/Rc/noBNTgWIVEW/gMQGDMCqgWGbgcUgGzX3bjbeIeshjUKTkz0vaj8s7NwTil0lVVaad5KwaTqKKomHyRm5jjhwYiJRnv4nto2km38YFCOSJPQVlxwC6aBrLslAYl3Sl1/qEcPWRLj7yanzVl6QarP76ZSdKfUm/LUUiBO+RZpN07rGy2sd0eJ2v+UsIJBV0f2IBNCjrOED/U6btfUQxSFGp6QNxqsRc4OJXObF/8W3wy0r98Y7qFdwTTF1AEGZtTX7UaMFrWPlL1jUsQNo9U8OtPZ+GSB8pCjRz3yjGvTrT3WlL7QcPyMpAzUN5g3G4deqXops8Ft2CrwiCTBdy0HEPJst5tdnOz0QjB5wnjbhAwl81REd8JKKYqqiaqp2Rf4TxujyQp3yKt8wZFrOuHIfhjWmQhRlJ5TXUEUhu5VGuAqx3CQ2TWYIADtNY8I/W+Rdm9EmqtdyR+fndRuLGsJaPNF3GqxPsgkiMJ/tr8ccdFnftlXV5Ism2NehsEKAl81kgEkzA6o0ScQyCD0xTAquWrhTZ6qJSC2iyQOtRATKOde+lxNQj/HjPWpJf0cTc8eWQVGGW6KXyH9AIvHsSRyrLvepjaS+8gNmdzGPSXgmuBaef85eYZwWUQm36ywFSu4PWuCjHrsyH7jAKWzqD02CAOVTwlxwatr50Y3m784JMlRjRC2uRi8Ev3Wad+82p4nNgzZg1RHkJK845lZdIhGjVRD2F52XsyrVVGOq3Olcqb2wcaHdsYOzheoBm/kQfDNH2lBOtVzhn7C+ZTm6yFXq0VTC/IO5EOaP5Ekfx1WKecGR8biPceNy+Qv1M908UnCUZQGYM8nTNjalncoVhRiMtSHt+JFF2ReOZmcDroXEYqgJ2mEdU6BxKql8B1UONKS3Lz1wlz5sAkewhvBgPvVyAlLfaoMIN/s5/8ggKVlxVK8+Ewe+gBumA9jXRQurfnI17xw8DCeViN1U2L2Llbbmtrn8tRbgeJhjx8kaMoahyj6zP5S+vxh0vp8mZlNIedmCnPqaUXcvok35yehmI0JY+UwKkI23RuyN4+8PMqh7o5ugSQGDk5tY/wQfT4mnx48P5QJoOB7SmmlRPekBYQVq1mJKwU1CywbkC3LmHo0bL6uzWvyAfgHg9wELArJJYIogzFgziY1PkBjdwqs0lyCiPLOTId6Coni9XX75IGM/1HAwTkZnBOFHyy6XVjwQTcK8fKduHJCEGny1W+gbJlJi1IYeUYy2u+fXZ1cqfZWvZjlF7CJV3TkHGZcVrJ192ZZnAOvJS5iNBWfWFInN6auowf5hd0Wopuv3PGgOOWNVtj+LvwBVRo5TaLsj3xZibrJMLPz4/k0t/K1UKPERdbIY29kUTfdt/5BdQrmKjpzCHTE/k73MEUop81WxrMDRbC2EH7r8qNviMBbFT8OyKS9gbMv5CSNp/oirKkjMCsNN6r0T5x5W/2wzIoNKT/yFyHNBYxjuZkeIYvxLhCrssO7uM1dAE0vxRhbiIJZ2q9w/zwSIiaBbYHbDM6HF8MMOa+MFga2uTM/j0blM1neW3bZJDr4MdiLP2jf2jgKIfSanKyAhMaWe4lkQDtSCEA2tVO+0qT7+uErhsn0HVGqQ1zmOhurYX5fops1fu7Sy5/aVPYqDFTSsQ43yDh2Gv/OVqVNC0zRqp1af3ftIL1GRmp5HtDWfWiaPqHgHdfH8aLmwBGkhhuTheBIIw6tYRY3Aip+7xbFr9qz7GKZ8NHZrh8g0fapfwrK8An9bXezU12nqWFsp86Hu4fp+O9VXVyzH6lJcH78/AD83H+n8QiDRUGwHm06Vnku7/1JuDAT0hGst1lRkX3H88mP9VUMHBD2Imgj8iqB+RQ3iPD4fJchh6d9OdlDW1ZuSg+EpuSam7V+/MHsfM/i65iC3u/6DbyHcP4W6A1syz7Wq7jEM2LyaNwkUw/zCCGDBjN4u8MZHxC3zN4HVx1G99E5s6h1i4ky66TOSf8jRGDEAE9/e2UzkGGR0qmC+BY96xxMsYGEJ09/DArGtJGKwDP8NIvgsHneI/qNkODJXNeVUz19pVv/esFsynkxe86dZ4JbXFnGhp+37+LE/O5xnqWLdmF+lyOdcjkBiQuAQwO8CCatYSdU3Iz35Sf5bhq1FLxcP0k8Iu78PW0SF4bJoCMSt7KtaLBo6Q0V8/A6uuzFrktCZXS/YJwAE7NoEmXMn5EHICK6a0ZrP1EIi05upb4ZxwM++GHwu1kmuOhnww2zN9d4Wy1M/+j9uJyBj4xEZlpwjBwm2ouKHHzMHtMY+HdZKsNCojh9dQ+5k3pQ6s3oMovZ8LO3BlbCrR+jTL3zX0WWRRAWuVoz+YQL1xeSbVMVBOTk8UVOK7PX0eAeHSewt5Vqdi/v3+EDY1SBRjvOlgAQOqzwiqwX0DMKfJ5f40OxL3cItQ7vLUX3Txm2PYikRB1TMPXn4wkZV2XyYjLMdPlUcv474wyLidm1QJITNMkSP4JdGgNOdWvejPdFQ/tqSeorJSxftBZHqX3ic5GjhJ8Bq8xwD/Pzg51dLHEkIA7kv8yvj/IYJwn16Krww7ZC+vz+/kvYHgr5lvme9eIslgawbqifji23mzPZN9hvOITthkbcWGXNeHtqsLpPpcB8N1fPbqNPsZkb2YG2ffopKvozwIFJmS3pllzDmZZ4s/ln+eF7YDuSZnCxBS+LLvHtVlIuTIhLWZCutB3wQ7Z06bPNGvga+cQTXuU16Rycgp8rYh8bz0TcKVDVS+5gJU24gRp8vPQ66UegtZzI/bRWENhqD+MiapV5UqsHanXWJA2fnNKAFb8yqdNH6rLTOMh2wUnY1oNZMixe1ecTzPdhPwNqsH8wQlaoposrfHk2uENApNR9/hALhfhrpycJ7wcgM9B4Q0BTNK/lYQOhSH1u0NQoEgOW4rpteSaqRa1BTuyP+sv+aD3rv6S/0vPS16ysxNXlu66XpkmyZlTMKgvJCi/0YKPdJWmuFBDh/LAZK82FskNrytia0bKVXote5/NSludFxExWHV18cH6CAtD0Of8Xtor5A97YpOXWiT1Xx+grIIM8ZqtYSNMTAlZkcJCze3x4u9cdy7t2duxyAcjITxmH+47sDSLGXU0wzl2gqrkirXjMKpAW3PUrUPGBoQ5/zIvUzvnNp8m3EQVJL6KflBzD5HbwYFkFZzhfQcQLMLMrDOw2EzSmQdjcWHbEecyM64nsNWqNMA9lg0+qu1NVGGNbxZDgX5n79shssaJCrN/6sMyLlWe61Q3mqOtRyvsM2ulGhUdppJLZubgCCWhliHYbRF92Gw63oL9XhRT2xEd8ZwUSJSrbhxwG8ugAmFy697U5TXYVZfHh2gpZZQle14gYpvy4xuejDg0wQWIeOrG5RZI/QNvQiZc8t0/EPrtQ+D0TibgvKHK9dyDJS+4eDnlFeOiAEMDoWJr+t2IctuttG1FUqh/jMmcl9LhIVAPzfsEvGuPgD9bfY6ju9ji/btNy6S9z6OJziDcoL9XFCdiEQMMNcfVm3sQLPyUfoDbhJmpAnyeFO0MZ1Zj1DeLZKY8se4ZTVhWVh9liEG/+U2fz+/iaZPD/2lK7dHi932duCzdjSLPEjb/9w+KHC5vMp77sZy7MIf4+CrSHKQa/bs/TF9Dr7+eiXmWQrgfKa6Nr708YC4bFgV6TQQyg8FciEw/yiglKVUIUXbHKFibWYRcJfvzTzn+4EW8yGIb4T6ckNyQDEJgx4zhwFFY7ssRdE1xGKYH3UugrnaMrhlWL0LIh/qnoR8RkKfCD4nebb+Wn79oSntHP5mMv6LBnW+jdO/MItfQE6Q45PnNogC0KKYfQ2kXZccxlCovi0tbplfs1o29NVBD9O4RgxIUnXsXIwe2Ri01j08fsBV9KeliA7RNDg2zDLMjc7Q0r6DuyBcMWlMaWR5kSe+FjkhApmOXQjzNwH4jVHk9o92SckrSof3QAcLBZoc2bqfpkYZb1rkB/w6qMVI/KW9kBUbqt9bvQHd1YvRkqmW3G2XaxmSXE7PvfFcdm3NzROVC+pocnblHVTlkGg/lbLzzB0pKxc5cSRnZytD/KGo2hNOdGH3m5zU5R7C32wUXIzIgaJs95/0gqRZfqKd/LlF6Hczoq8CuY6ogqpBBOtcNMwyd+lyRbuqj8RvSkFsShV7L48PTWOoGDU7qoVzewgbv4KtHMSjI27q2pSSkPBTqUKniU2MjHf6/pLrw8DoZ6ZNCmcc5r3pW1bX8sVDSyRuXeGzfELnpSBsZtkUBxG+/EG2taNtSVr6pH14NCDHSNUmNQsKvw4xxKJEp3vksr6yfbQCja89vINLWEqVauvKQFr05TT6UgnCVrXM16h+lZmU+0OtcKt2zUbMvMnmwgGlu1XymnbC1dfWVQvK97PjqO9jNSDaOjw8OLNSXXvYzw/KFxQbk1UFuNfvvgNTTMqUckDs3kyg4aWmLMVAVgVX1k0ZfGSIcpEs14gMUyGmhzeVlhBa6oUh1VcK/2jugTA4+I3he5Wy7nubgL+7ZlgtI+el3VfzT+m4w/B36pFNZTIU4XXJ9XClbh5ERGX6Wn0Qv/bNlAG1SQi6njFWX0jp0hi0AQcM/f1j/guW6VLT/vbAB5dlD9eqsaE6+hRGvCBB56o7Ad9LDCBQOq+4+lwg7kPFue63DP0bWkEW/rTGIJg+vzgprYzyqGDKDrJTgHFzZq4xLid2Il2GV1vYT5S6T8/vGuvyz9kJ+8Q7GyEPUDgAEpdFGMZrJj2h3D9K8gmtSh6+XBCzMXET90bry1bTT+Mbdu1D5VTdWH8DCE4mqFxWP1pcSjmxucb2ExiSxdNq/J+ltbL3a0xdGQshrWwD3nkM1FfilyMNfhBiQHKInzFUS/d8k4u+cT9uiiJY7k6bp4iQTscYvKPN4Xp1yCpRs3LUVGQzFYRcVQ0xLRqjqXKZ3LJfHPtmoFwkn+uF7SkopRhzreLQOl4cw/ZOn1JeGTq3sV+M37DAht5VV9DMBl1bbmGGX8vYmN67KAZs1yhS1K52rO7OkTL4DNWowepxC4xS7G806I6dzxObrR+2Sf80T6oLEwQ6nMbhtajKxM/h8W+rmvJxu0pXAzn+zU1EkiFWELyfaI1viz7C3Z/MbtOnmyIU8IuM+Sh2N+tkDXRBLlFJB7nFpGHfBvTDpJX/cIW37hwvOOq5vJ/YDp9bZC0kDP9NwJot493QCNqbNWTl5bnCKd7Q0nomRQo5v6DEZlpRa2pSWTcNJ5DiL0ohPkA6vbFmJr/W8nZL1QzDa4C8ktI20+A6sq3k6HR4ynYmINem8/CEh4aW5hXJAQgBLSc/+7OCFW/SZtSLYh7YSeehtPXVBuiOWDKSTMU9ZEmjIQKlBFom/5X9prS5hKWP/gMculgAynNvLQQ59evUtf/8wqP/yu2BRPYv+/S+dfOYOL/uDEY/282BuP/d20Mxv/vv5Xj/7VLt+78f/wdXdBO4//o22xN1/t/VNP6P7aX/6zt7/7/zB70/ws0C/3PG87/m/3m/89uOMeR/19sOCfBZyP6Z8M501J/8R9sRBeQnrNhRrEhvfYl5QB3Bb2AknblIQjOIvbJbzj2P5elvz+e5ufJK5hyjkqAxWNW/9K+qnwZxif0tq2HH+PYwfahF7keNiZR4XjTaDnU6D+u9ZJtJ9eM3itnmd1XFD0q4DVBNga1hpEDMNX0enSgBRpKlmBMEEWtRfvKycChs49u6h4/D1/rHYwksLSwsBeiKxuBtbJPMz1hwWgZ5Vr4NfGsHcx/tsECFhX6ZnA24kl/6V35djNbMJXg0BIDF2tcCyfDmpSdPfphCLvetG9fvyxNOy/q8j9BHMW3N0ete7HxB2qKVjs5OWAS7UsvdD3XqA6SzAW761PL9Sn5fMlX0QJe2k8IrvPWpDiL/a7pTfDt4MpeAnJi7cubfninYI+QrIZzaTosyAPIpI0dTXwJEJOF+wG1PTzdPEOKxWM+fUPn7URqR1EqXlo5NFN9CaUMNr+Y7pnLTSBrBI9B3XZVzT609eQMgHXeTPY554lhanrCNI60Wy58e97cU3f1g5D1X64FgQx1dAHfc83WlfMYnG1tJ3QkH42xw+QK0uKp9ezmQBLBtcTVUDDb5+3zJDgPSV8MV4BtRaEygvUF3RUnzPoS9PmhO/XrARTzAD14vGJ7+LhuG+cxJg/L4qmWBWWpP/3I5tV9Lk+s6X26Mfm5Ujf0YdlZuzJLyFOpG6U6t1Byds6Tm/Pq7ygC8Sxffpt4uDAEo7N12+ag+aMzcpogl02q5MJJFdE/cWzInxjAPjcM9C4Rd+omP0arJPcJ8zY73oyE0CzvPErM4jJD3OaZJgClKgWk1OxZ0+yXbj9nL46iZcpfHX2wjtZwDGRN5Z2nMWLPu6EMWUsFK8v05RNYLfyarI14AAs7dIKzoxysWPPBxAtTRxg/EVMzd32PJdi4MiEEi+kskbd1WVkMEmE4eO5PluYOsGi0YTFl07bLeDAwrT3JQiXmDs3f0k05VyzbJWou3njPddwEdq7y9R4S/n2lVXlsSos3oSjNI/OXSJ3xNmZ0FTHozVD3dQ2YsnI8EfIDutbjo0NMulKjyqwjtSCh9cHG5IUnVqdS9TqwNXYJ5FEf2PPbqVD3Qe+o5ZKl48uQvy2IYj49DRP7FdcXr72YVcY8Tbco22amtQpS9ly31FcnnrEkZkD1iBMz9VlXutysfyUojO+OHGtTnv0DqgnCc4F6CE0Y6M7USpn22wE163b116gn8M+If3OKPDUjG0Q2B4ckYi+KhOI4IIg53zAaE+RXr8aqYE+Olv8qVjGoTRLzYWJcsIGqp0+P5vVtTwf3ZxgzzxjMLUNxfIQF4peWRJrxBpn85bSzn/SB1Z9vLfEux3B0FnSnkfCSSZJ0uzGnXzvqKQ2niIf0iNDGcvLCKXIuKAIz9LbT7V5/8ZOnbq4qeCua6IakP7pMN6w91LJUCHTB8N1Fq5eTnM5rtRXr++3Xtr+s3wMJybUcxu5m84vtL3aOxKgvr2R74eJzi+GXJQaOYnnuFo8vjy1NINgB7KcGlA8TSFAvRrNwzoc9ISGHGZIS2IJFPkIKs9yHNT7CCKnj5BH+y9F0PT5N+2KWVApDzRxYMuzaoFWTmg4xOYiRIBaC1PrlYAUs461he8KthPKtt5XJzkbb49IkM1SdWdVuRcNl96vqrmpAqZtbywaA9CY6v1DdZEy9MyrLZjwPywr5sq+G01hrk6+zjjC0erlzIypvPHAas+YPcuPjbr7kiDdyb7/qqBURPiA95hy+fp0q9O6a95BfrNZ/p1lGoFpy1UJBU0Biobq8LWGIMn4zZbYEW5dLm82bHgc6+PX35CA77mzn2xkVM1+Em5C+wVb/IHxf4VtDuRCv1q/TdprQmIrZpunXxxPv12uL6uQTdfcHbkY9VQYgfa+BzXZudIOUWmDdoJzsZn+vao2gCec3YkXmLC9T+hkDmLP8NyqhBrMag5kI7sfroV/mpsM4pjQ1S5c3sX2snvaUN6mvCvZisD9I1a6oF2TIP5xgBKWqeO3bb+ln92Cq9XdG3A1XD97vlzZQBShSeykN2mQd7k5SP/mcvagNLLC7kzIa1dYO4gssCBRiXJ3yqewjfQE5z2+MxtzuIpUXUBwKAQcESslwqCxtupzpOi9tuDCwTwRy5QeGt8GhFuDLL1gU2P8gQc2JhqizprfF+DVIokaGA0vV3sEWp7LclQ88ZluSAk5N6xKZfUmFGgxQbZp9lBMZmpUSmy0WOzc1GHzB5nUcCh3Gh26DNKR+gYRbfLjUsTIBw3ZRKYjA1iLz56pgdekOIWso/qIQoonw+WXFPFJ6CYvSVJrD94M8rpn6z8QfEVVw/SckXCtFCQY2jU+O6omI9+OQm59wnJlyUCgpW4uyNT7KMQEfVUcfrpqsh61Frs5mptn0oYZFTvON5Bp2vT2fg92/ye1ssJhCTtoZi4VebSbmebx2ya6P+D4N56sdyuEPxYnOSf8Z9jQO5rF8pZaaya8fRAj9PI70OKgOkef6qFQyMakpdLdGOEnxPVsvYrNLgQPjs4ovkJuzt99hWCWJnl7sai/bsFyl16X5yDU4WADmIjfItf+k9HzWqnjHbDhb0i8+wnnxYaXw7w6z4NeUpGkmTVH/KHBgzCc4Yp+C0Q/AKyEk7ZsONbhvrjZeSQqUMzEBd7VhNl9c8ebAtPLP8jSSmeLnsTtMXgl3uM8X6EDZLR9lXctfB2tPof3OG9SAQ8Ka8UbHfAKgJya8dgIjbhRByw8pQbelxHghrZ+yVMj9uQ/T6TE+upC9gh/jAL6OgojTKjUU2SobKOqFPqCAQ6wf7YgpDKvwl+uAkaMRBk416ABAVirCOh+bg2pjobeYHW05YhpMmWpbYFRITusx5N7IHZyZxXlBWq7tUhbcwgqOXPpNB2mGfYaNVlh2GphjllyIRZ5TB7Q4FGiCrUkdbf5KCLo8ym3V/MxR+FyWq358sstcOXKyRIBSa3BMxCqb6scTEFhe1H/0ND6nuQtCPUqGTAQnBDEPMMPdUDH06BQyPrr1TibloF+EYCivcgF4dqkSSO52FsLdXfXJuEdVkx+SJo8y/avooGxPMSQbWG9i+snDDaP+bRPa7wmATz+evo5CJIhfzPQWXJcGjdjW8oxQljSVN8zCF5q1IxrGM+EOo0rCHgrLyEwjQ5mGwVw/VxV14xFEM5iIjYCoa2zEwk8mvL8GG05w9f6upkEKESb+k/q48jEbHxxN+hCxo6Sqht1Mtqf5ug3dIawjNZooPC9aJfHV1TweLLhqq/W2LHkhu5eb4DCaaMRdWQRJ1dHAwvFRKnH1Bb5Xs8ezKRFplVdYuK8K1qqkPKRN2VoHd8ufW39CARRK9ohxP2v4OvhxlUjq1Nb6p7K/+2iD1fbTJt9V9CHBAmLGKnxfdWK1Hefg/W25n311BWO4/fqdyqooir/E1Tva+l1V90GOOP0QZGZZDzxTEvxJNyLoxl0kpHJXwJQccyY+JworNqhaMmlk/TAsC61OAZs1vvBhgAVpSaWN+jE8o7BNIZRk5ZoK2UDkSdYDAEVEBh4eo8GCIprafJff/QtfcFQ8v7E6SGN2DtggEnI0PeKH7QhxcL+nCMUgD7JU2tnieCiT2qIjq0ZgHnOUVvj6cStgNwvgQCH1AiAYR/YiHQ4U5PrhKsCqsC0nkdtOEpJGm3j19AgjiqgT0Sa/Tc430Eemqi/6oQqv++bm5uC3BTsYYgbNp5Pu3+sipsigMXj2Ithoc6i4kKpcb/hK0R4RqfCAwwrifk4eaD9cm71eMIUZSiwcJ0trNqjkYLbPb5TWyEgJHNEstAIA3fIeySleZHB/RIm7IuUHbudkeo2YCzOSUqqybrAGcVgwPBKprQCbuAXqlQux2YTUbcnq/crUhKE3QCzDiyoW6u9QrZJCQbpw87PTK3e0vgkk8lf8l/3G+UsdWY7/APKp7ux5PgNRoolAgDIk5hENKOr40mxTPbfGBdDkxyIcyDziktCsFWgD5RduVwIAm3QwSfIegaPATLDeSiFCGfeNWsffRlkcbeuFhV1/p5iA4hX1PZw6BRXAHsRXQNTU/pPvXYWOFOxhvkUBMukezEJZYWpc87GAdTfpgUBF1/xr2SVLrGjeEVhNptLfvnZzpID/uTz0U4zyn8P9PjDQuUGCgbY5601V+ATvzWR8D/rbnILOdXbP2HTU55zN73SCFSbN1iq07pHDcHMViCxYEy6w0LEnDnMyixWzshgntCqdnSZzXGvKS0X/rHGWylPynwEnb96N4yFfOz8UjKtjG0pyDGqiv8IENmGwciw5aGJ16ydxyW95lrT+jK6JU3FrMeQB/cjx9H6Wv9YAnX3HwodXjKuLGP7LuCqvtib5SdNC69M0E/evV3QVC/zJHtLAiQuhMTxu7jIE2uPQOeLB30sRPul//pElN2NZxPySyGlkqfllIv6YY03Jg/DNEKU3h/fzAPeFyB9yy2Dm2PxyyVktV4m9gK5thLoTl4a1zt51FvBftqVrmbvuRIw//tcR/2eryjfp/hcH5Xtf3HTJU2/JW29h8PwvR/u9EAVMC/FHvv/dOvs/3+CIwROjyvz2ac4QrM4HZzAHoc3QAByr3/77+//7/3/3xpmTIX7H2UCFRH+0m9rzG28SkWoTFwfyOgqxH5KWvLSOPuR6+s/tsP/70f9zX77fe+UxFZJzmi15ZKP+b1nHCPXTkABLw/jQXezUbln9z+3Q9Tsf2/vMJxH1/9ifs4hecj288r2pb3xTfSYGvyTEofwGfeL/V31655T+X46tFIVTe/h3zsjW+s/tkH/j7mY3iYwjkwIoDak9CPG54LDbYqn3czKYvdLnyOuCIiB3PMiGHvo/aYfLEPjMh+DJkf7IOgz+dxvft/2Iud/3POAd/yfPx/77bIZc8PsZPH8ZnE1q6N/8vZHwP/YD+48a8o+W/OtN1P3GeqBLf6OxOv7fLXiv9gCpxv/rFvr+P8njbQEyuPP4Vx+T/9LH/zTHlvg3/x9f7LEkvGJH7ME8/jPm7ovqbztJ1MxvO3YaNX0mNHwawn02Gv99j/407k96InX7KNPECIjyuvfvdl6ZX0feG2ccGv1/let/flf/X95lcj6YoX/e0TNzKQZb6L+yeeX3rxn8L6NzOnM04HiY+xi1/2tv/4Ot+khwac9/eZp9dfuZ37CuLElo/B90CPgq88UTydub0neaQvwbaUdfxjOdejf9HTFuen8/Q0CS//0T/0WCwD4+Nqr076y/cnKODAFx8l8z9Pv7bUs/Whe/evJ6PG7mXg1+26LuQHwDJvc/R/GO4L/zRP/2hOfx55N6hXdeyb3f/seHin8+FXwLVOYC5YZomqdp13eYQKoZQkGN0nGUnkgygrxL4dx4YWn6OlkLQra3WkvoWBZtxqW1lD1pjeE+az/q3lazU4FuqQxxFYgwBeoHjgUPyeuKHYX84L+YXVa9w3afetmPPnrQ3/6r4h9kC34iwaEC/NuZhgVx5A00vGyDE0rtjlShfMBpnmHfP//Hv1dsSR9qXIHv8fIbiv7+1NAys/+z0U14/jkSRKgqxJM7+WzeL8j/PAy+rtvDZlU/hKhiRqwp8Hzt8Pzxwux8LNDf0zXP8+8+Wg8Ochfqau3tyrUvpIte3kg8WFqhHDiDVKB+4x+BzNt/P4QeEeBuVFGNMjbbL8L6gJFrbt7p5D89EVifttSPKmB3c9L80IonpKOafHTeDFEFfcXVMIyWdQUUZRQVhaBg45vgooy1/rPEcgULZYUZ7EMQbv4fGdA6g0u+2L7TRdstZO/c8vnOAeE8OvSzPuGVeWtmt+UDRd3Bgecx9H6+n5h7xVwHNP81yubh4U52WLZmvOfJYWPGP0RFSbZ/gr3+q/YFo34qRoENLG8xXjbfKbG09Ij7WaZtkoebEJpha/9BU7dnG2wNJF4uIf4DZQnmzCXzp+Tqpz7/ZF+e71ur5JvIDcMydjvR/E+Ngw9YnES5QdvN/M54G4zKWQfbHn7Q68+zI7lkWM42aulbFMcfPI3tnL9rEro0+z7oCbf8rjnWXRxdJIBlNtayLQlmsbbrjT/pMoP1mnxnQ2dzhvOOjd6DfvlbvW0YDzyld3sJdM4UnEvGdi3TCr01K4+kNd+wsuvTaTjqtvmIv+d5gbw57YWwp+Ep5Q6IhTJPg/6ZoH/lFs4WZqfyQI+G5UKw5n5/3if9jAus+WHt4+MH7Lgz+sS7197fcB/oPCc7NYOPNtSLPrCRTVFNh3P7xQ2BJbvwdXg5Q7PiOdaI8ZGbWH/7yVygn9iZtmXDTN8vPS5gT9PtS9Sy1YIPthBLxjY8vtrLNMsEtiZ/YL+t5JxmDFmW1dHbJSEUJ1GI4aNB6jX1tp3fbmBnrS/LLKl9xcBiebuxWdeclj7LCu8Gfu21udk/BljJchXOil1FvnzN0K8M7PqBoFpOWLfmzcWSHhLkHF9XpQZ9r7CM9XunCebSt2n36/avxHV6orduBYeBcbJYM5rHtdcTSK9BftV5KAfN9n7MSxj3Qn72ovN3wih/TnS2kGczOJpl1MJBfNuo9oQuzTJtoWPGtsovdY6M2oLCZCXckMypEvAtMq3JKTEx76yd/MnnMKADDSZvBN0j/m+0EW2A0d8SMLz26q3U/y5H82mAbWZ2Cb4u/LepHjIQylAZiC3sRo7AkSHfYoZc1fZfC3vd2CuKy6Ah/lQz1m3tvbeC10uWo6x2799pm5uz6vXtKiITtmTM8qutvhLT5DptEapKNQ+xYwo8AAZODBcEAf5tWOaztQazkQ34jeR/dpSYe7pmWK1uau1CYmhK6UkqGIEL9mtw6L/jPsC6Dc2cmwLAe49l2WOmuC6iX79hMwEap8Wi+hQ9o2Z1ZNsQxMUW5ERa26+Z1n2tnUjatAsTSzOjrUk7TbSc4h/ze90s/6mHM5/HHBIJXSDoDZHOV1Nvc2t6vubqPJb/N6a+Y0laJlb2ae4e00CzxHvv2eEa7z1Pf6j5/nPi7iYmeqbLqKRMKUuVq5ovJ2c6Pz+/imiM2qv1eyd1WTHRcLJ3MbzTojQJY5SyiJYDXRB3fhfH6IoCe/3ca/atJIOXYHmzAxL61ISjQGPY9vXyPSdLYIpsP+FAyXzzVKJ6v4BUHLpsx1BxXcR5Zhhn4ZmVXhuhqbD60c4cWTOnU5bD3n6q2S6NJh2l0L9SyW8hcmL22/1Gn6JfW8HPKphGtGC0KketgMYlA902rmBY27BUrlZh/Ovp1Guaj6B6AyzFtEGJff6Mn0fymR9lECBzsJ4TZ8kTbbia2UBknAS2Ls4ZHQk94zBH/0S/LiIZi9d87K/VHIhGkU7s4yjPRR6Wr5Wte/yE6RLul2zc1FlT7+pV7xq0fKmWcrIus0ph/UJNlvpGCU0m6c39aE/xTHI20hR3OhYMIVHtTcJ7EkHSu1h8hXx8Lnh9NzBqB9JcMS2TFr1TRysr6kP/Wj1+kcQSSQpFtJ9dZjKHWcMAVTXdEqijlW55yO0geeIBtHeZDYujPA1EGKHheL+sDAt47QWYsXxv/KijFDb+6pI1CLBxC38Bm/yQddJtYzdS9MIEB5kQhQJTJ8MxlTDqK+VNYrwYftiwXGzh1EwVNuznp0eP3Msa7Wg52Uo5XeY9pQhcjU1t3KcYMUJxK9Rhxq2bLw5LccwirxdvB7wlegyzrn8iprVR1RUvqJmz2Oi13m1VtNe8Wu31kvf7OUmnGYa6lci0FDoH3irvYfGx1+bUHv4qLyF3+LLU2Demf311luKWSmer8kpKEipaZkML6m22VGWaZoO7KD+cJb3LJMrJJ1AlVZ1Ymh4ri733yle97Ats4nXdVtpFCeVYKsBS+2IODfQE7jrTFgeqvO+YDpN4Df1r3VxJRTH0wruOflGQSk3LPZtwxuWtKok3VXIccws7a8+8kto6Faj5ZiKj+S6c5Aj2woNkiZzKqZKufAazXAbW15BN9yNKHKenHSJLz7sKJ6jJrFsRZ5TFvHMulxuOSneEXIhViRQGZhur5COvqEwhlCVp71+3ujBCs3G/iE6M90iewr5kl0DOeveNl28EsKhKjet1CJQBY7lJE14XOTpvVAxt6+jDtS9VFkl5NHl3G2Fc9lo9hPCC7QBri9aXAlLdo1WYv32wL55Zkt277u4PO9LVG5yDuyK0WrZshePoosNpZZg+r+84yQArECujbCoaVhgnfwnhrzaC1IpNj+UXaG6Quey3yHmDh/Izh/e4764MpvkzM39MVyr2AdLLK9ZqRf9TmA1BEN8nNqDyysDOQBSB+vu4u0Mb0bu7/wbsPrXPJiAb1TKSVUHrhcUy+8beoG+pN04n57tg1CwwLgCAUEpf8ztxiX033DjQJqJ5r6w06cN8hzUxVxhyJe1JtrCbxDd0cz09tdHrtb6oD3zLfBvDSUcSyA0H+cEponJV2eTYf4hZbRiuag8UJfxB+10YLCTvuY/okp6ayPhAzvxuj8cmSmzJo1mpkRGhWsKM/Emzzs+mDZjMcor/EoiulgqVPqHv0q7DaJwOclvXE6+ot9U6LOfzC4kZTq6Ul7C4EwyqECD4Eutsd5f5RsAv9aVfOAcchQnkIXopYBkPgqsyROFoeu/kdorNwwaZ8KC7X/fDEGz3EmXJoX9bpqxB6BxitNneO7fxjYxvaGn0J6IRLyzbvj2p1S7oR/s8PyQ+tZC/ClNsSDEwYbMSTqvkZIGaBmt5SfdOl2orTfNP77OuNDNcgT538smo5GNA0b3NTMm9Dj4oA1rYXoQfEcrceVXJiTRPhc16yy0U2y1jCG6/bdEvXg2nLcuXE9CMXSoyJ6tK/K0am1xsTHvxIxk4XKxTL+KMTr33dqVcXxZzaZaMv+jEeHpno7+vVTbATzSB6uWkR3XL4LsCD9CSoyHU9w+9VZysUYX+jsud9oEL6PnzgGrwoEMS5QXvZmbRJnoNNisJBx7peD2M2NjJPllT80lWq/NX7ksTaQ78Iyx8bsqDK5j/q05ChFFb5x+5qZiU+m519Xh/epiLpYoHEfi+T6WN2hIGGfR8xpV0s4OXtZwv02CT8QiXx/oMkDa370apocZp7zdlkecz1kJlAa3ockI8zoO1U/+PyrHnEDG9KePFsM4/1vpIlsDk1PuLwepEpE4pXkteh/DbJIuh7bIa71lHisDGCA6E92DhWrrwv74eJZ48gCrR70CHpzpadHJfJ/Tu/OupjdJwYJtN1YjUfpJKa28cJ13JNFnbtMotUeiaq1eBc6t5+KtZgH4sbo3U9tdJe2w9HaEakdOJ3jUBqr2kIsFpxk/ZulNpp6zefvou3+BKqaGjPCNNBBSWwBMS3JQkgif8xXQdjk2PZd9OM7oqq8P0ikW+wvdlxjzoJ/mUZ73WpoMB/MAAPsw4B3YRWRr3oYoAzSzePujzDfHvklyXK4hx8ymsm36W/dtqpUo5KAwZMreMYRkePVWilzbd7CZRCm7R1vg9XmOChMl54eEBMAOKbQJOd1k3LeQwU9WmclLpBHFoDVNVOHtbYXID3kCIJf9XHMpWyRn7/OQe9V3F85ofihD5GgxQkFrexT9v/AmnFeXsMLM5dscnw+VuZdMJsUKoiAHMsV2x2/wUPmTvJcGO7ZyjctrB474rEp1/+UYHgJCTGcR/gd1nRc0GSKU/tMRFICZoxbPOmP8ftwdLIM7XX9uCdwy98BENNYHT4i4mHhUdxJqlvhOGlQClADmtrqz9bQxnposLjzyz3jobTi//lQD/bV2O1bnACSYxQBqpt/ht+pQlA/jgEOTJv0rEbG6k1CAcrCqTsP1d2MKmdIBzNEf1G/rLX8SCpRcN1YbQQhQCZH8kkpap8PjVHy9XadFS4ytp5MjU/CrDJrDbKs6DmRO/x8060fQrD+DflwXw0M0gBx47h30U27NtQ62xo4rYAP9IWEvEaXrXj9DNSDgWnzf+JVHYNjPL9o4dtsyNTGkPmlb+5Rywbx/bZUexjxhBSdXPvhS9fHB9AZip2ZCyDe+K9ifZOW65YK3i7j4bXmINx2m75ftJOXjwkJyX3C8aGE5iVnog4hyRjIHSqKW+wyiDZmn8xgVUMD5vcFcu+68v1tXqFu/c6rJbHcTlh4PkavYe4Ht7grlbye+Fzx8lOHuAw/qMdgnmw7zYO7OzRiYw1Sv6I9uTWh6HuIZlUYc00Jmyg/5Oy0NKRCyefXvvyp+g1njiyXBGsgdounkhYBe1o7qu61UuX3BD1zCbCOpmJlhb0nog1s6mOUG60p1h12LkyNP1xV4eMckcTHxSYH3bDrnrkGrRYc/kGDTBvCTJtU0+FDF1tdvPlCbxKG4Nb+tx5n/tF36PLCDNzKF9pXbGW67XvE+XsPIX5b3+sVUH8xNbIqVkN5107W6QiluUn5bRLdc4Isg/hCvyhacmbnh8rW8jAb1pAl33AjOy1VjYPxK3pB0P9X6bPiIowxlPV5YJIwvukrN/XPd6Le4rrXZTAKEzvXh/eTFextWk8bhNxx0VmlLg74/mApUxH/eWgqbl5jBoyrvjsXyZ6H62d6F829Uuf4Hte4QmKITrN2NKQT3BP+5SIUTfbzznIvVGfhS8fCM/65MR92H4KwuLOvvEJzQWp0T7pscV8pVUEpMhOfQzllVC7zleGxrhs9Pzpv/lzerPbiljwrIjvGcq61ammdauVEYkucZ5A22rvoBClhpWaMIwlnC6wSZuVIKExqwy7y/oL1KIqZQvzLzs36FQZc8OK+V8rIvq5VkR4FJeaBpojs7JZN6KSrxQA/93MpjVtngspFroYk45AVm0VH4XAiccxPhq3F0GH53jfBbvsWGPCY+13gPPuiXOI0Cy0FXHJBXOBn5uDz8at4qYFj/4qzbSpXy+GMHD3theyZaaoWlWRBr0u5U2LZFUH7zNxx14X2lWESwBYoohRELwVgf/tX5LTObCAC9F/+SH25KmB7a1N6lGs84XdAHhA9orvhIY+84v5samAc7gSLAy6bk6wuLlwUWbVuKmky7lIxd/SN4Hi0lWsxku8PeRNm9wP4MMTgDgOBmIH3FLGu5gr13bPDU/hZb0Aq7HcuCK9y+N86rsO2WwPFKH0a2fPhFsQzvPEQjIDEduAP4oDnu0+NmxhL+mtSvo2EEHaHmU6c21XYpjCPgYFiFIy2AzsWL1U4vviEs4xgxK+CG5lHQZSVF52GH3nyQ7yYh2+HjUtxlVu1Fjp2WPsPLcs3WFJWKBlvfkUTJ8ViVvRyp+Xm+IPD6DIoPfM6dXEGCWeY82o5D+NTcpXlwD3xBND+67oUYnrX9qk2yLjt5iqBD8j92rg5vLmw6ykTp+ZO5UMMB9M4xrB+wr3dTALQ1oocO54jmFeoh/BCBE4DwWnimFtdlx0Hs85qv+kmcYEX9C377u8xwBblY4Fesljdk1uy3jFWbObrHh39jszbj4j6JaLeuu7xAWHN/HxvlUYaq4r49pRrveEGapRZ8L2wIqNg7BcW/ev5Enu+ecIZAiwR0lauWYMI5wchGTVc+YDAtKbKgQPl00fNgvXZyEd30J2fpUX+Vb1V7JlhHHbcoDfwqu4q5W/NRz4lJi0PfeYUUMoq5z/Bia1aqbZ5HPu4h/2fiVgOy6Ms4vgvhmlqje/oYarE+ghj8rlSouNCDN143NHyBHi9seS5qcrzzxbA5XFuuMlniaphpVHJ3JryXsJWjoVMXrXXUv8W5JhjYADiw7SC1tpCn6wTeXUF3pZLu6Xp1iwf19rIBmLWQ2k5eHnwQVWLtLSGMGlOQaatITecF/2QAnygSvoMLAFL7ObAUv4cy6XA1Y/VktOl9Hl0pLNbcGnIuLb//CIp5uWWRwWrlXLxFw0uZD89DgMXXretRwcuDqO+3OocHxybNkSuQx1FmNSmsIldo96h8ABXN3hsaNGa+q7k+xxb/9xqBbeFkv/zfLqpBfD1EKn6Fewi9+yXlC86Uz0fF0jyJlUPKtQ1WFg8rGi3Jf17m5KyHXpuy2HUDN8kdtdNWFQxGiIhcKi2zmT5FiauOpFm5ubUEIR24uzrMtl0/xSLtnUjt4RIcfdf7yvhL+mU/FGhnBKsu10SlXez1sDCvNod1g5vGHilRrDT7KdmTRa7BF4jESn9E0C06M8Xj5cyx+iZL144CwR+PWi0pJLb7WkU59NEbLZrlXamJLhWdUdopuASSp8252nABbf4f7ZVZurV7c2eci3nTsJvo6fitrQiq9SjWeFLHSsurYblse2Ui6uWVVqd77SQyYd9i3hx7mOvCa6Gn1YmznVFnSw3lU6yPxQVsI8kxBXOFfw7DhL/U5Z3NwYNAUoDBBf0KaiXSnRUqGKpDvbAbfnCleFFQMgBGnNk3FegG9EA2GleghVNhv0aFdJzZsE4AUZwMecUiIstrCjedwbfoCurHrXG9LYx6bsTBICs1tn/3nBdDLysTSMgLPglsdSRt25nmn9NuBm7Sb7i/nBeqJ3WbiUKKLhis1LGDMLMT85d01wLl3YluAq5102K55NHYw4XWuxzXvBuwdLseAvObBnpwA57xp0mckFkAotRj1Eu33NGhSwGSn/pL997eh4Yn3Ka2O5hPhhA/8LyGnL+u/rhT12WueEj+C6XrJg5hrfK/WfHuqYFk4XL8sNTmhbZIMFv/FBjykm5IOf6hxoVuYZIf9uSZUEmgqeuPvxzwra+Ne3jlrXreYXhD8edDA/nWuEVmJXFCm3iZS8+85JF6vdu7zhKLkbyjHbP5fA8VWj7b+vz4CoKzyXDRKgJ4F4IEH/v6J8YrkOGAPTI+S7AW6nYH6nl+2Y9Ce4Ek+XjmVAVtJF+SmsJu1nnwatrzNVK1rqFP4wtde2uynTROEjG7JVfQfMuJaMxfL73fsW0iLLUtxfyIVo4z8viDMgyhQUl9JqiaKQQrmMmANYWXXaonPJIfpGyId+4tAZN9jzZaaJU9VbOR6zO7X0D6xJEf2WPSBjXLVsufzOXMQx4yTBRP12ycprLLOzSKpwWOZUMcrVpJaM1MKGsO8oeM9Df7a7pEg+XnZL60pi6+N/jUxev8BpDCyCExmzVFz98pRoWUv8F8wgAd/NV7z0i1WjLmt/6ypjr5cHclnx9YQe44QF6wvCSObGCLuzMBWCnIWC5CBzsiz3j7LUNYAKYi1eINzut3r/nH03C9JQgqJfOabTP/0rRZXqSrz+nF9ZGYjg/vTbbFs3kF1rV65zZh5VK9WUq2ZuJDDn166VCjj9skeeVEXEh1I20pEwNU40O+/hyeOAsMSY9d8rVXAmjocq3JM+18r/WdNDeMQubMpqS/R2Nuw2CxVEBAj63SYBLsufbgkVOup6Iql+CFr3EGRRnYsRSkLTTvidBSWK3YZFqv4YMODt3YXWn5BLeWnvlDT6rZBV38Bausmv7hGLTsrqOutlgsVCsnXU3MbcppehzUSEhwZbJ2BDInB/Gng3BDwY8NtL44k4h6R0fVR0o/rFl3UeGzJSSaTl3Iq+o2FBHg34BY0EswZnUjCHBQ2FAss/D0J+Kh8GvJcgtVwmcrUpmkjR9Gi9EJv/e8y2qUVb0TnPh45BGIkyk0iaAeUGFtGbgleYAtTq6lxxfoXjD+kHCgDCjqh6NK9/2JuemqQBYGrwUBHQCuiItmnuObv9Eb8foR4MSKVbmSakiyFQyg2qG9OjlLsp95t2VAqyzaxpKLGC/m38ONqjug2CZQ/A5+431xiq9eOKI9BrQhiemPx5LSRDloz3Hjfk7Q6HEKEO9YolqxLE+g6OyYP5l2BFydQPk1n+fMD3G/AU+ARDzryBRuPYcrcHyBepA8wm5hmOUr+LH/5W6GHSDRLxeubA1KAG9uEaS3953E/9BO6XvJk/LZ5B9Ii8hfEjcv7WGkCxyNjKji1W1gN0amLW8dEhMj9Gm2/MkTtWJhoSVYvC9SgfJ1aeC5D8ziCzq7Kx6HsbI0sIK7zq7NRqzipcw3Nx4IN7ByAddscw7GUUArYmnqIvh6InG88adiP4+I593mpgXhsSE7j7SdA3kU8UfauKyI26LWWQebQsiQl20zpWmTyThKbhQ9aX/shQySLGuoDtaeXK89NqR99F9yR3vQhBC+H166BtX3+NBJY7ZSehxsBG9suYdCiXtcdGu0x5JWl+UsmLLThtUM6Xxdf3gjlrky5o0XR8lieqkx634dzw0g5rGaQ5m8edMOx/OhUJmu4/3pjrl21q7CiYr/jFTVO16OJlw+s6XvBQoQhs7abX7kKLc8tT6oF7fblXgqxlNm7YVqaqqjTaak6+GIr1XrOY5r/Ike4V85T2x56umCd7gUb8cd+kq5bqFZ1IJELaIYtS45CUUzgV1vXFJCKCNLqK8uooqSnKiXgyCCwewJmqUcytjmql3CNxFi0mPzVbHdGqH2ZjzwnpfuN6AFBaKFPB2sZd1OfS+ou3blmBDX2Ly/2MWg49PzV09/oAQQeG84kJ2eUN1OlyRN9AzwxpR1U67QcW9g7CUDFFVjpPcU4m0wDd0SYeAb6RTNUKa5M0JPGmNdJs4MbN5PdprO6yunn+3wHx+J/alL+ZW9eB4NBabi9DPl15Mx2rEWgpf7HOz+cpFMO9evq3PtiRjPNcy4/MOyDvNDLSdH1ypnvjFoljaWZ59y/0AqeCxMm2WzQtI6OgEwoZDhsIARyBA5h9WMXVr7ufsfwyERY0X8dL8QIFBZSoqRW3lWV3wx0x/o5hrUD1DP1uRfGaM6s2K6H6jxRL5yhHgdqm2d6D2c7cX5Ntqo2CzTpmd5D1CpSGNjeNQIFDH3K2RESDvT9onoT/YS/DlrspnqePm925+TbXjqMBd3phOd3v9bj5Mk4d7CuNoouBBvkihjfAEmZ+K/+IrPv7ib1Gpuu38btVELf4byemN9BHmUtSQiZ5s4qo3/dv9Pte36ErFbiP0GU+yKsEh39itta8icT5lXruJd0i3dN34/wHsLT4XWhm8yrWqZ+vnDUm5918HN0sgTKKj/yl+GAzIQTuhcbz9dpuBCpuCDvC3L/sffBXvxA7gtJ+Mn34q59kRSbYjiTNi2NM5FGoH5BjgTTNDXNahseTh0Coe3i0k18sAv4AYl66L+8lgu+X3popHfaoDREK86p58NF7ITxg41h8ynl38FKka4HySvoLpHCTS74RuLGal0Kh+GfeGtbRUh1b/15j6tSR3JCbB4x1zoXnfWsaF16Xdm4f8OZATyg5UPF3X/sIzjTUjyU/rU8xaGBGqTlLkrs+oC7OoYFeqeXrQIAA9XM0RPcZGBfU4uDvm3YKTvLEWr/VGpv9Kf++kYZW9cgeQ8Mj4CgQIaTIwvQviszu1hOCvCzKeisIUrscecSqnINgzU6xvmnc5MEjWZdZN3Ux52IJIFi1xqy/sUKJuCV9P5Itxq6jq4GRYvK5mIRVvxPR2dRLSOMYocGFNbaOJIdyROioykiILH314ZoE2C7AqO8vmj/bd2EtFc1RPhiM6/5//RpRmlggao3YYP9SOg4sMIc/SJAk777h21+soDEw08Qa+Oi+K8pijgDRu/JBkV0sYOwGao/npom6/qNOXPHIdwjV45qr819wRRuO7qHvaxATfczg5gfCwO2+Y6fk17mY6l5Vksrohds6HMQIf+K8/vT3W+17HjqweOFw0iC/gYzbKjwgy0RhXnauwZ0JEcsE9bBTR5o/Wklugl20SgYBWTpZ/b1C+HcCREsKEhRBpsafFm+pPHxT0MXyT41EYzZjNjfM0QsYZ4OBEkz8+92Lo9dx9dgbFAFE0ZX+K3buST79DUPSAI7cFoG+6cZ/AHNyuPRBpvnFAS2/FiSj+aP0ASa7JHPKF3xHee3GBqiiHZVmiKx9zqzk5N2Jijzz5msOYSk8MJi3M8FWzdNRcggIagFowbiZSVMfG4kKMKVkO6oBYpU6kP/i96cl48k/wCYZ+q5ccknCBCbt7+foNNt0yEah4Jo3oy4nxvw5gcPzxuv5Ukp/VNVlprUMt7Nxhqy8LTkKIoPnF9QGobOraA6V51ZNz/gZJxIgTPbhomV8afUFBvapKv00SxQl4C3GDABvllOJOb4KYETDO1LczN9QaX/5IslRI20Etw6pqDe1kckmSfJqBXJaexelb6cG+1QJV5qi3oCu71G/POiWaBy4phSffEG5/Hv91lxhn+QqB9wSRVDeX1EZzjT58eCuhqaki98IiCbLbMKmPnGVdTQLYykZ/r1TCQO3Yl5SL+FWv+uXkMeZ6rtbZuMtUX61/1nAt//9KHkf4WkLcQz6fq3ZBDzmpLX6OCay/H5BkZDOqQH+vHz5J8o1H/++AzZ7aDOofWIVgqMdY8sClNZ+vEQyxw6noBZmKm/Xycz/qrj74nYT0fitm40yHRCPjXgCVz1vVaDT2sEKanPDL3oiCv/BYCMq2k51u9wIRXoSX6W9B0m40Q6flhN1vrKjN9fZeC/wQ6XWjDaRYnmcLE/uNF08etcsz8trndWI6/OxA4fRhT4yWF8ph7YlCvn9KmsATLojRd/guHu/WVu5wdw/XSC8Nf+ib9jYE9exEg0ZvpcKeuG/23ge6E+iruGMnwEcKmsL9x4TwuU2v7oHLIJyp7dDzV+6Eb8V3lCX5rR0iVQ0UkfY5nnzVTQ9OvAx5heHk+01fYjGbjyaJgftZD7q+qxqqNsIfJr8xDtf9hPAgWKFS92val7bG3AI6B8OJMIMgk8NgGaCA9WoItZYq8483I2xtvk2wCX4LicS82/Zvbb8hOHwnYRB+xg4Hp8atgzirRz/jd1BtSHqdl1fDitg/MHWncf4cLfZLEAx4lmkOvvRP1R+OzHJqmDymrC1INdoRLfuhr3AjSCcobpHWJ6F82+wBdJsPsJh5FHtqMIMTDFDEcn8d9UGoHag4+EzvOzBkXE/KvxCRxNJpSWytnDRPhXr3mDy93bsEF4+QQzf3pEplIsypAO3cmHDufsK9vW7MiOUk9Jz67+GmBzK6E9XYsVUa5aYGddmNVSpz6Wv3eXuNkihGOx/BbtqZcj30AzquyEQivUh+G4spe4ftPjD+G4SOjjgaz5Cafn7PR1tHhLv656f48rs3/7rUCM2OXId14vNWeOF70ehLoUZWjf3U9XsCIFVtp8CsP7hMBluCtndMFG+cDD8P3iV5SeQorV867elHHNG3VVv/Osd95aEUFexZgNo0+nO0CqHdLOcam2vlovrj8PA1+mQlbBe21yaMDVFy++Asderz/nQF43WZB3EMrMQ3QiBJeNULub21/oVnUDPWdXXj71gu9JHYefbhBQ7cX94LGPYd83olGuBnTO7gBxDTW+vXoLIdoT4iSY4Ur/h4QAnM4sLSg592Lj71/VIP2OTLPy2ZqEsL5MafwlrPKv8fEB05JWQOKsh/cm14g2CqK4rZrH7n1QDPIVLfpg5rm82OaLvHWAmsDtBC6ltdGBqItfouDwMnUFMaH+u8UO611sMt1ClvGvyGzPqH/5y1aLA9KDHMJEr2sJzkEfdSw/GpsUK5AGMvWcD+YhinYKVTMDbYP6mK1GWU0rO/+0hKneY6Nacvd6YAT1IilSi/V5Ovf1s7DHv/NNL11QY5IiWjr3U/XE3hWANO/tPQYILPKwNa9w+h3Q8yOJmanAYwJ78BsA7gCjPMN5mCFrAjP1JSqwlDJ+2SPf+H/pGWVZ0mPpcNSFt4o+VOZW9wsd58gm5zv0zlRNf3j43UCw52+p1GQmqG7JIV+X3xNSekPMt8X9D/+CtE9L5e5JCkj5fiLKUjqUPMrioLIaBf3nky9BONFEzMUhg0iQ+brh7ka8yX06BTo9+WUk9+TlcHkljROXKvhOZtMsUHFugkP00v1TBxE508AZTP2TIwZBbHAdN1NLf7iIZh0tOeULXvhzW08vIpkA8jDTRQr29dll9bvhOD2kLfOJ8PfMbVqw8hc31uO0+mELBxFkcKkDZF7hD7rtW7E+WWBjj9YbHldWEbWLEloV5dHG4KMnVs21/2k02RjwpQPZ4ZkzelIwjflF9Iix3ze/xbkirVVK3t1Z1LtHqaZ1jWsCKRkzhsDp0ghcsdaBherklpLO2ZSxp8D56vev37jUSFALxqjK5wPMcO1izRHNUy3YJIItnRJsm/icxMMUXcd6xHoCVtL1jTgdnJ95Qpufoze4GrMK6u8WhveiAToYFtM/fnlKTDoBS6kGummyf4LhDN2cNNPcTuwb/XdSoyvy6nlvLsQ/RUX72pnYoNSHHU+QgINZmNw1bT/4weLYXaQ6IIW0WEK48TINp9VFrs+R/4YotpElbuSwn3qIsZCaq8pF3d2jhkyRDuueXvioYm/SHiz35BvEhulHwG0/NeT3L3WjITAIetBTPQ0j9ypq6mqXtpX4QvL79OQFM4/ulD/UcPzD8UDj0QoCZr9g1CUnc2UNnXGi7gSKUXCPs8mdbu0/Q4i2iS4h/ZV56MT6ud3BB/6sQG9Ci9UYn7WaY9D2BMrnoiKrpcmwgX/nsvAdcrHCUl5uouG+w2+q7g3lF7SqhMnTgyOUhEyTLl/CxcfzCjGNOQTxiYC2EWeYyNEE8ua/Bf7wCe7M1SBFaCLHjCOfL0vs6KMhhqNtHppeoWvlxhVOCsJtcj533rlv3vDlDlLakNfhq+GQY2v2S7VxMGd01xU9ItdGXl6goHwY8rgo62XNSi3S8PdrE8UsJfQ69cJkluisJp84UjWiS0r/dLgmzwoKE17nyTU3ShQE89ELvvz9sI7VYfwSq19mtyxa1nUuR6frzWSABpZeUFaiBwE+7ePSQplTTJZmm4SkbX2wSPj3CaCMTiNU2ASPy0Ibmnjf1fo4MpK9J54xDoqeLOzCGlzeXEeVOijLi2e4cPN7XnQWWqKZt9Vlqfmu+H4+g5l4zYIeZWNicgjcOL5PUZ+Gi9dtfrr8A6BjsxwkLfqT6XQTXBWmqK/V11tTWndEONZjFfWrl6Us8zcc+OY7JjIhyio8pfocw4EqCnA1vPiM8iTDmeNM/GH9PnlK6xZ+KLxmnMxqQDxLvCdTmN9b6yDw8GCnJvlMUrLzCQ95KJ7AO5gzecJ7CHqb9caTH2QlWdxGeY8Y7kPKgyhJ6PFfKwpbFZ2tUJtAPkOlKS9fwL+K6Tag/uplr6+vxRKJ5FznyuNFSMmLqwLD9b2mqa8t4o2kEWX5nWJfLW90Qkbw5AmvRzuGFr1Wo4S1N9sAxZQjPg7Qx15Wh1Fm5Hi3/P1KMWNT7382EBEveGOoPi4ANHiwzM/28bYlDvNNKdXHiG4SSyNNZVu0JitOqIinKLxW4sLDIhT7dZqtjLO9lcjgdR5eRL6LsfeGhU0gUmtQdjAT8mx7JOr66+QGTR7w7e/BonitR8S58dbYeuBmSPfy9A0+Kvf+e2MMcrf4pbGF/fpiCe0uqps3l+c1w9SE8ogvxllH7Ve905SqR+QyxPgtMqcXAGqwmoebe8xiiFkC9RbTq+uVUGVuBcqqs0Qg4K0KOSWOUYqXGbqO3WcP8WZe/gvI8Ofsr6P6BPRSFDcy2DxmbhGGZyiF1k687+TwfTQkf7kjKg6gN4k062f0+dL2Nta0Ok6NVqtrSJFsuKx6ZjqnYBI/YoBuY5NTw2sYF2++v+aD6JqqeCTaty3514Nf3lVepGodc0sFT82Amj6cNKEe44Nr+I9A7MJKFtpS+n9EwQEQBvR+MFxY5o8xcIdb6rH9HcBujMJgfJHaA/0EaFyUrYc59hNZ3kmDi0gZzH5j1xiNIcESMu5KofjOcGuK2QHu1f2OPtTUzn59dORwuJAc+hW5wc8b9QdXXr+t5upwpAjZOS85dJjy+q2etrk40UoyCx5qmNkC1V+OBhdsdeCg+p1OOuaVF7iXwqdBjl6Y6+D6BOc9faRq22/dJ5NebnvaFfz3YuYML1tnT1dlLkbMhTP/A9QG+f7+nf1il9DMP0lsCLDaLZYkbzbtIZxce3wd+XIz/N2/sYfGudlKA6bJjoFMFVHKd5WJd9r8pQ83wFG4tfrBIOcnca9v2d1JCrJqi7O/wrDyoC0HkzfVfmjZPCg7lL/PPV09bU6xHyZJdTq/G/k26g1toPc+MKI79g+sUS9j4+1TSRIrQb+uUYXpqd7W+9vqRlrH4uA1SG/rGVcRWz2QAnSsa8N98ld+Dl+toZ0lluUyO3oNUJcxhjwjVYolgzn3HDM48pclBsoMO0YxVvhq5hIqdFIN+RICbVWATPYuzuVyGbo6MNaqGAQ5/hxsYkEveZrLAewFIlFQoIzpOJcKVyAONxkDRZCDTeTnfCW6x/p75LNZxyoSlNglcwI7H/dANX74Vme9uEGE0i/wtPd1faHZr6c2dbOS0O7/thGttnbFR8h/fcBLPNRm1PHG9j/nuw4pcHm9cDNfN0ddPAF5hjBHdLWuW6HoOhZQYJ51H9OrVa3bmYDYb8YFslS6GXHNxj6kphyanbykFImaFiZ/YT7htE3ahP+eCin65Yp3hVP2zM8lIIDHxsHLi4uGSLh02+6wOH5QUOAGB8TH9III5r80FsusgXNArouQiRrrdQqqnoHXocIw2kgnVKHtXC5Ho7nSQwSoUR37zwYnNf+1DyonxQUj7TS0pi+G02SPaHNumJLSVoyeIMdr9eFroyKoQ6YA1jw61+GTZ/1wTdJpXjWW8ceyG/0yuiZQA7+gS9abPbdV0yAML3yBmWzmCcLpSXmdf2HVGAsnM582wN01sMBUc1UIwFotPgF0sfQl8Lj6QeDG2Sbpm5XzWf1H0vGXUnQt+UPFYHixDhQiZGVu28WUnxCW+JBJM9F794sHSK2NfuU9wIpWYM3fE1mdaaMINV/rNKg8ngijR673P+EvD88PvTw8anDaioHfCdav++s1VBwTXnR3BOkk2cPxTUJO4aKGsc/TmBAalsVzmtvXKk/K80Kom4hAaspvi+eHifrPhhJbi0D3Kn7efTOt9zz+7ZUDDiDr2xyUKn+iodniiVAI/e3nzpsTmx4SwiyRNp4s4xoQBQW0hxL41GAzHvdTYNfH1TisH+mqpLlf2CDlO/jJ7yEalWKY45dkm8yG7lLbnUH326kTLO1OV/lvrIDlkIk7t3sq9F/vO8xcmcm4d1nBul+RMArrkDg2Cm3eMXEHf2fblK2KmoZapX2tXvIpA9fhqIVAlyiYAombuJIa8I5NSt+3Tl+u8X09OTFhqA/ukqbqJv/kqAu+MSN/K0riLdpwf37uBMSdiGLxg8O2OhgRSmEYCFj4PtisPl04NKkSCFLa6LAXHhmF/26au0xmRX7nEH5fdYToBm4QlmhEefqezmjq8l5csI/y9xClj2M40x6VPBljA6iDuc0AW6dBQu3O45In/98d9JBmLO75rctEJqaO82y8TbQp460yMGS7ki84lesPWu724MFQy4GLOzJNtxoOGkGRyzRgFPPdXiqQ2lEVPxJOon/vyyz7FnOcWVSFeujuOf5l7ziR5izzB/UMV2eVWzvKErSxGBows6jE3/kOZVEav3+yoVZtfwHQG4kCKfV/N+9bTb5ovihqb6lcxKtxHdIaziCEBbF54rDAm0e0IPysIIhsvFa0pJA7kErWYurdA7dmvA4SHzINXLdl1BC+sgyIYpYIfb2PTQ6kp8JX+vHcv8J+UvPV38ujSNIpCbjPBmZhng3H0oI9l0MHLq1voC8+Pf9aPSdvwcCX44eSH2PlN3koUJz91ysABFhadZRbWkMg2bmRFDnUTKAPOzbBlRXahf03rIZ5js9UfQdrw5CzWNQ1ljzWv+xnaw1Sm9ixvXHSR2P2CH3PiZ8amo+GwcKNHya6hR5HyBLEkv/tMTCddm23i1Ta8KOAsJIcdoUdcYe4egHD9awYebwSpZVV1t+9H8HS7m1zXdURDf2sGoz4xMrHpphgW8bbOPQKzHIISMW+Nu0S/ssJM1R4yhXI76nvPPJTKC6UIInqZDBcfyHvX3zzh3P/RFIVKNGIPYjOgs6flPUvw9+8304jQnBmCOcRxmuHFEzAe8Sa38jhU6NUREn612Oh+HK6oY0fjpgMlVHJ/mhJZyqYYjdFoPfdxQOMZPih5uHvEdn+q0edfMRkDcWztEiXKQJbEPgwFfZk3dAlzHpqmJAItWDsX5cGjmqpaUJ5nn4Zcht9X5Y5hLh+mLgMks5TfCrVkvoEzJ2ggvV/XSAkyYaMu0m0rQTJWs16/e3Yv0v3O6UUEkOS0NuHbP654tk2T9r6+7YvNS25CMC3Pd+QgQtXzX1/vjuxE7A0Fae/NbX0a7DvhPagCmfeH9b8NzfJ2dkQdHqg/fvuPBzlS/6R0O8xigj1/ZlzDQDDryw+8nssvRB0l0Tvxn/Pn0DwJ/dvvhA1zLIYIIZ0Eis3QVnxQ1j8+BMPR9+Dcj/X+AhUG7T1vz2rNYlhQo+wNsmwo07cLpoxHLYGtz4/aVsr+7jD5SU5AmVnkuP8b3+M6D0MXE3Cxqi3+aPC0akeKp5+Qeiip/idYwn4izWSDSP968UBXsemqUBtux7y0hh0EdntjHX3LduGBnm+zUJA1RUGvyMQLAl8z7uLOufRhXodgP78zJeBxU5dxG3Ixmj9V4QE0Yj0Rvz1w/Fg9xWZj80X7uvfY1wrLOqB8FdHfAfB7hcTSXpbE8BqsNwY3L97B78Tq9MncK9fE6QZyl7N6Db/arCSy1GE1drp3wbmO1rYaoyjRNYsIa6QnMC9I7tDTv27EWtlHEN9ZBqWoPiJtCOdVRJmq0t+z0Ue1ntmwvYA9c+YcKvBpuc8rpArfmoe1NmtvzvtG2x9DhnJB0C7BlG0sabstf0DFT68CfnL4bLP5wOFLFEEjV9+mL8jz1ONfgnWd634YA6FLBBtfm8Lxcyn66upfy3kOnMRwf0lerCQs6O/CAu/I/H7Kd1jQsK/L4uxPszrGnkKKLBUe9Akh7BIaXiPGkjeySAy0OARVDxu1a2sCN0H2HKOWrpovjIflRV10gYNMrruF5WRK8EmT+ZZQhaLv3oIB09FhY3tfA1WXxb5lBufh3LNxtsfqC4lS6DefU+pXztXorqsbU78BCv9+9q8qMhJsWe+2RWCUM+hZo8DA5pbyWAiitLLAxW7gZrhG7ohPg/xBdxxQBL4wsRsgpesjWnwHC0U3twHHJ/l//trs3R3Q8g6ng9ge/t71crl9ov8VzCKtk/6hmySr3/AbAtT6EneMheVLGC18oUHQz7kS93yOaqoP8kA8Aw08znUT1u8BCKQ0hnftzl+uIzR/YQ82zyN+473DBKe2XImJy4uhJ4PBniSaMOxrH91OvtmPa5+Cc4iMyjmFCLMF/P3x9XWbccv6OujF0bqgkhBgs3+WWBEwX9ZS0C9x4IL5pTk2UvjNPxUSogrPPgN7nbo2Ea0y8Nnq5MOdDkoV2b0kzwgLJzwtPFKet3ypC2cnkBOk5z3+SKBUDF160zMctjM5rJQSPHjSNef/uikWRSliGQSKIPC1qTYLGJtKjSgpXtg72CAumfTIi/P2WXkeaHDTbVjT+r1nDVnUH+XMbzF07DV0DloJGYK0pwKM8PsNyrL/lr2l76F7vzcj/th/6z+nTT7UyCFyxD5//3XLoeuDr76WnnpN3cwaYlut0htwFcYfd/zoxy1927AB4XA2uKne/7lPuGIKcV8bmBvTZFKJqC1sOGBxxmcmAcAqn/fl+b0NMhJ8WBngASozET6+SSwO/Gjf79BjtYSiLhiNcwcmc14ZAhBXuorc2hzde3rnZmGNt94RLd7U+opRHp/Lq227Hq4g0hs8/iSmxdxtzc5YaJ3Gy3+hgY7kTWmfDEM7FHE+gL5bQoDoQkyvt2Kz9L8EIr67NyXsVfoZp/rn5bq9SQt982vf+MSXFsW33FF8GeZjJ26A/fmnCxuhQHUvrKMy1WSCutfqmMWa3wJbyv+OhuKcs2DgSEdNM5YuB9NtJDXer3g2bT+1aerZZer8WhOIWE+ZL1z7UuqPq12hh5JlnLkAhdLxhMk2+DecPz6SKlIEz36sP3ZGxKxKbXYbk5CKk3VqvIYAKxr4EP/gYnm5wqxxILuN7QkAH+NeAC9q134/Dua6tDhfbAKl5bZX3Df7E/bsyF46QbtvXKee+j+DEpleYmDEIrifrg3DYuo5Hv6L5P99ycDASqgf3X8glHKDYNvJ5xmyL+21jd7fJ/mZZOXbtjIXwap6CiCNvzvimBpZowz8jPDXXixZAQEPrv7ycUJ+xoHwFXUKWm52muCVtBikCUgcQNIxscnXzrbGmb2AZUGeiCP5it+WhOEtB+1/J0rimJD59M4HfFfdYsf7hW+zfZ1Vn6nfXiyoLHBK8Tru7BtEPxGri9Yb7RIcO9+Z1zWil3nNSysezR49QcxMGRsp/bfbbzUEeeEnShejtqWRr3wFVms1ciVLBAfvIhkxKWqPMcbaU89XYsz1h4n5X9cRUFoE/IfEbd+Trk8vUA2DX2n7PK8aElrS0rigve7OewlLUMXMIbaS+w1RBn2qPjNkpJWveySNmNoED7QGDSC9YbAJpI1yupIaLec6LOWLHLKRBP42L+zfVjTOahh33E2powFohSPrL9M8lunR31/bspiOKGWSuOTqIA+BqiPXdtUylyVnWuUf7otp4uS2fHPEJ5q6n4LbJW++gVUH4n1fqyy7hBj35lKTMC+Vnv9blV5QY2USudnWYo+O1zooESn1gUkf2O+KjAFRSiCVR62aQ06z/Txoegr7lzfIUKzaUFcgoGwANJTACFadPvnqj791zTQ4cS//zwD3/Bb/FRlU5/lfWGmEvx2OQxtKdZwO8mUUwr5K/93Jd54SQzogXYrnwGJroHHCHuranltsq3u8lspvvBK2ZIrczvONpXcAHNDDwO2k8iKCauoQV8iIMxTqHTiRkJUAjZVWO3gAGrzUWkiTiMagno5VgI0BlEObvt3B+0nT6j2Dz0WGrcZv+TGsqPxixsqFvllKRV4bBxc9VuICSLf2CvOPcDKNCkDn/JMKKKgRa4LeAY42cb51G+00JTEIb/I+qTa2voacgWI0uMnw+xHSQgU8Trb0iY+cFcbDjPZEerrE8Mjo4rdOxZJYLKaFgu7S5HwY71hLJfx4rf7VtgWJ+Aux0X+3AkDkQKKxPjOZvlvP8zSpv40khv3a0gSlPS6qr+X54iXGelszk/H+qKmVn/iVv/JuBF9tax2syDkUCGaKTx7YRNd5qV8K0IznjhioTZlp5v5t5g21BPwgRLEX1euJ3OvsRGb15HxN3zB6YsbkkD3TMHaN3P5+koQ9Yf4d/UG8LKw7MY/stJhSRjCK+qrpV/9FR5/D+zjQ6j+jgF6OS9XU0mEEmjA3fLrOE4Dyj35RzwvxkAfC27+uqYAPZxJ6xZtBJhmImiW4ku0l8ZtSMviFCVxvYAsHQKPQ6pkFnpzU/Tc8ujX6HrGK9UPUCU/fHJc0cTvfLc0F1fXT4yAl0l4Wgo3oriOFC+SUm78ObdWxFrJzpMCY/VtSZ1eXH2CPQfvF9PH8qJ2MJU0hfx8H48eqPzQdPZwqb+kfJ2MRXlpaCVHYTBDeQqQ4GsNVhFDmCk0qQaYeUjzJakkZCw99SlB9VHxOH1wOKXv2cQlhJ8MN5w70OJ1QeN6HOhrRlLDSAi9bRLPjNQqwwJxJVeBVd8dBW03ASHXSd7ZfnOlhNgyeHLOeP89IcvK9Alwlk59ifMdAhxcMIYj982HSbEK3l6d+MOSL1skw4X5hSe57AcsThdi8zBPQKz77N76lw9ZPjLHBuG7e6+1PFyFX6jA/+5igbFhxEavN4AFvUBF3szUff908bVg+uvnRo/1SVVSNbxo4Gf8CwwHIbga1MshgUgchw1Eu4XH4nTrM7tCVf9FlXHLo0VUyGb0mj+uS0eczjV12z1Wbzavi9VT9fMCGHiYZO79D4U81tYVaw780y/ZMhERraQ3aP1p5eiyt95RrCs0DVf/w9qJpEcSfn1bDvK+1uLnqissWjYi5M/snVWmVll7CW/Fnq5FDzZDEPiKPusbPrPd7zXgYJb53lM+3he/fb//d0icWRzdPmWUOGoRvN/GXE6AcWccTUU4sAmRtVuyTj75y/3/h6z3WHQUWLJFfwlvhnjvPTO8N0IYia9/pHad0933TWpQGxBkZkSsFbZ7DCYcP8yZZLcFJy5Qa3aY16v+V4pVn7CG2aHwJl61LZNUZNPWrdS+4vz6ObaLeNpkBe0mwa8i8CNBhCmDhgpQbdzTZWfml8g/mA4j8q9VSS3fBqTnRUaDEmoBqpLPgtyg6uSxR4pQjGNdlxtAHlKXkNNWqXxMdijwEqxrQa6SaM9ABq5i2O5Bvb5uAjxtZmMLd4fO5QcrnHpDC/++fqehM//6J7CK/FX5cdvf11RzTqs1hbMI4HcfrSqa46cGVdlGVTrCQCY2AA8sCwtr2hL2KlE0vtG0DLlKNvSRrqckjFNY5hBI0NRKArw0V7ewVMSuiovDHDYHHLnTIoWnWFL7E57H5CWdKEiLsTr9kxOL/uYmqgmS4UAAupYZJfNs0fd5D/1b+cahqQPjK4q5i32jMfpR8Wd7xmPvHUA53h3cKp/hzx/FtpbDGCt/3O3BZ9ODT9lq+aV/9mlWnnADUJSaheR5BvJzROmMJLWmL0bw/9WPrMPcMLSgF86zJr3jWzdF0zfqZ4j1olgaIW/zIm2nRloyH830wTQUVJjtTM5YAdsOIj/YWxNMnrxYPf28Z7+Ov0qFCMgbYAvkjDXleI0n+nW3trnfn8/hEx6wKaB3E8iM5/51IM0cD/pin+gSGnIkTeGya0KJXmXVdFK+76QfOYqdd3Jj4j193pr/L/tzEDhmxxQVUlObcqF6OR9ZW9qBXPJxj9/AmG4YN1JVJqz/5T+WYcejFDLCUYFdKJ5diNqxBBc4Dyy3Jkg6R1R5ngAWCXhPKYlnqX7TwsJ9eNZK8038l/tNsezeVBYPEEuxASrcSTS+70DdxI4+0AHr7KmpRiRwGIS9Cm0uKX6JcajW6+e/WUAoiqFZQ3/AUU+AKjeQ9CueBoi1sseJBPF5J9ReyugDyn85niJa18N+TDzCw68jiBF+z4i7AZV5QGc+PPWW2HwRemyxo0ePULYA4W/c9aeTzF9nnZSVAA9f1XFdDd92Owga9dJ/2dhcwaJJAH+icDZa9a0KLPUVkvfcEIj2omkQdckf5I9/+1z4cUmXmJn3T88pjNC9mYpD1t6gMbTaof7hMFzYPCsnesx0nqBQlViWbuwLEUZD95oc67cGnNGwd/LStgFQFhAZFFv7UeWTddZOWb3x3aAWbsz4XNy5qL6X4S9kwHPFZcsfIzYKIPdm5mWDyFsPD4AL6ziHzLa/hAeC3DBJPaSaMHq4+agSEKXBhcR8JeRe/2EbRWX5f+pPa8jirakzp3Dn/uwgkM0byjyKnpAbfWBKHwtz7/B3bmpY4SY/6UkZxTiNefm1NTjq4IDnID2NvhWE4DzRDc2RPJUE+NE5yG4VmRXOpJxx27/kfptvezZqsr93YbmqhV+XkjF3SlWrSaNkxuk0mqyPXOBHOlVbhUzJg1AEM1/xUQJV6NI4F23616mJc3yByQSnRKQeoif3KmTN+7XEod6uA4vxNDV2POzZPVkgNBOUXRhClsxTzstYzPuvR6ehCsyXECZA41wawqhCprXqlLP3FoMkUHYhBa8lmHLFFvSa/QxNPaURfushNC4EtGtKZ1+M3R5SQEPAT1C86MWHSbJue1CD57F5vvhcGSKW7o8/nzTy/CClf8uOT6ZB/0SB1Uvz5ypoDgWlUg0inBY5A4obxp+I+6gixRU+VLskIQlY++GaX0UHxVp+37GfxbqiKbkqBMPHr/VFq3n7IDkHF/B9kgSVCJUAIf/J427SRZCUzc94EPOnq0PVkLtIJ/uLnKUQGnUcma8GWDHnHedoBj82xttV5p8vHWcaf11zESZ1xBLOaXv24jmno+CETjTo/Dm2hw9j5P5RVSpzLJ8+7LGPnMx6/9VyDKoEFluk34NKgiAcu/MWTFRACT36850Pe2SQWL5akhpC3MvEpb62ft3MVK5kGPMrjbrMT7f8fqE1/O63uifheg6p0o1ET3KVIP8MoMzUkRisARlKwHOoevnQYCbI5RO3VDf1BNROPkAVfSmkdR6NH4Wp+YATvwpWUFsmxe+I8P66IC8sxwLg9NirFrcS7s0+xwSQcJQDDwzNrlym6DQrK76lSwVKOGMMSf/y7jEzwa+eQGAExBMoHpzjxtwPMy1uBMmHsbLIzAEhneMF9LMJpAublcEajK8j/Pn/GsUA7Fsu3syHJF15PFBVo8qI6j9lGQMb4AEEtBrFDjff9IEEf0jGcsbFDnlaLdD76p5XJ5Yi/5QeOFp2LoDfThxqe809QpJd0Tl55GB/a8dKTHNbXM2U34uXz12oHPIBJyScZX/fDk2mHcMQAhw1VLN/pPYwfjor7Xyww726Ur+hgv2uWjuojI9AQBmNHBJLqwBtyoQKwYXEkOEx2l/y7q8GqNgiWbarIeQrMPdhThRyT6sc91sUYN/jFWv1jEcGvh+O8afPFfbzIT5d5BL+XBT1ASfXBN2arRISPhKfD1wHVdAI7ej1HYQ7168z4KNDaIUZni/bMqaHTzPnjj4/yi+JU6C7Noh/GnGSBL19JVRtf3BSPIafZ8jRmIypU82DeJowpf4gD7JlLXMmFDU9FvvTHemObmYFEAKttydw60gDnEN0ef8Qy5dXTJDS/Kv3VDjWegtL3EUsqvSurYz7VzrltnsonCQw3NllWiJ4K/RXDzY4DF86KrX9kI+mKbu8a8/16Vss6jh464+SZoIRETmG3i3QWfVhtaZg88S9DUttFJVJlVw+WXEmPAcWxRR3xE9SLWj2E2Jy9RDGizLrBcTo2GbA+EGUbDgyTSWedgneu3saOvvU00V90frRt8+5wAsTW5EuTXqv+Ku07Vq1OQSSIeiIJcNYyX3z88CGbYPzT9WGO4HAad+bVUqJivrrxf6gLJSn8G0oLICKz4dzimWetODEfao9DCWyCArCgKH4M/SD8FfR7V9t5zkldxmnvmom/MKbODrLGKrkFj82Gd1YeIhMQ+IqdCe5qPzTnQzop5g4hR73uuLR6JEc+pcq7fv7nnSMJck4/uA/fh1Dpu2dCCYB+s3EFyDz8Y2JINanMCWzbhlhB1bc+t+rEFmovudvfwcgRaSQcD2M3SBuykIJyS24VY0HbRKATw7hfHZR6V553ZeypyqIi4l6Rjy6CFRDvufEa9J6eC0peIs2EhqV+XU2TFhcjrg4v7UGfvRhPJWQbd+zpf9uG/kUeh+kaF2s85V/OkBshkaghstbK7x4OMyjVPsgtTPQq5F67CEM4u2B3tFnjEKEKAEvTZQd2XyUFC/EPvUS/2rwNmYHh7f22rrVZXqVu6FOMfQ1tdZs3H5zxtm6lbENmWn/uQhKkSx1cDHur/jE5VrHHZYMHnm6Iw3nVCXf+uhAOdNatyEZdC+0iJHOpWj+8tfrnAO9xhJtPI1MruQo2dYzObYbyZqxAJ+700VVuJ+jKzuh+Wnqi11YmzNU8ZQIe/aKe2LLeH5Oj4jVPmtIQyXNlYxG0kAw48995WVASbHgcSBC1rUn/2qw/ZbJ4njOXjU+FqZV5JU4lhfmfazG+eMSkjNd2GhwtfZLBHiddmmiAojdqX1kKRq9BVpi/Js1kEwQU7RIKEEjwYOAgPa+o0dzbztFTAFJK85He6QlbJTi79sfTp3wsUiL4pSfhdTDlk8yxwYDZUvHK02EJrRw4v33fHYZBaYI0th1RGJ0Vh4TTBu8Ew8duz5jN/+d18jxSIVO0pv9WXJ+A/04ODeHpMF/QRNC5KA/vk/NL/roCauSoUF/+InClkOQpP+xqNGvWtT6VHgcOCk+rlWFgsJqFoWnYUjsJauFw+NkhhD+1tfNQD8/f+OCkBicjzhO0YjNpVFM/ikSt+uJwDR4nG68nN/nOL0BKrPnhC8J7DwUFWV3/fO8HgtZboElFZNU2KabkS85HfNv2kKifsTJ0jMa7hfCoqZ0Ufx6oOtPVFgT0OV29UeOboDQECfdMF25TamRX2BowIPtTUVoummBRhiaD9Yxfs419KC3HYtrH52O+CbfbwlXLzRvqR6XmSY0fprEFBamTeHGUqt2FcSD0B4mGZb9tccL1boF/CVN72UAbzjG6o9mpPtsrQuiCSx9pbsQhrFQLMmttQ6h8AdWepU/tPUWLCbxb1bsCBocT715MCSWunY+liUbt9RbwmwbuZpLn6j+Qv94pu+yjSRQl0CTGyu1kr8J24ZBzHfEzPO/UxGYf9JCsdtzHWfjvzEFCnFtb75GTHZxc1dyXqwavn9PLZ1WCERn9HgcozRW2E97IvyYKPHpFccTHQtvdIaRI6lmyeod4d98DU1IuuYF+uODyAbTt8yaimVFEW6ODcro/69JGtFDfY3zyiofnmnUxlfhbOj0U3ab0v5niofviheRw8e30dQxj7fTIb4bEIkO9Rvzf2Z6yCcrfohfi4xj2+6cdCuS2texYPoKMIQyFhlE+M/8D5zTGPpe4m+x4Ygax+PzobMUcMDdM752Gf2X77CoFHOhoFvw/BuVfpxulSMPWQa8jERJnDbopmJ/bX1qu3cSI5jC9zCRyWS+Zp5Ad/wxfcrCNH9f/G3lhl97CT6CkrI3AtnKHn31KDKFQ2ecoUY/Zov6Q82/FQBx8bTurir+isUZmdzrHIlzwTf7ZO8ATV9K+9/5Jf5bEBgayXmJUh+JxbLvtHYel3Urey/Fvxknza/lD+vZegtyzvbX8jAfnPMfMTYkyVUX/V/+hTMJG7PGLfOrF9jF9bL/85e/DKUHwzCeUf3GPUoKF5Gd31BjLN1j5v+uUpj7wZNT5qSw5N4cbDz6vudhXS22luTm23SPqx7++7SEcQt2qbBRnnW5tBaa3uiEQr583Rj/55ctTmpEESeT5OQT4b+zW8DfOSFmXo/mOOIDdGYQC3LJsEgCvY7/tPLiG+yYWnMIh+HYq5FukMt6vN+7Yw62+YJvDdYXrLDkrCq/4j/cIHHiVaEPrzKFXsHD9fV5KcuWv9dy6UB6ypHyoCe/uY1fVTWaj/GvKrhjJoT7wuFdsTKKsoTNKsVYQtZX/Y/fNj126eP9z/sbwpvhIvmBXu9Xu92V2+V3URJK6qRa+Z+z/utCyzh3OafLw/pOOJwKEhG4H7r8zzWSwcqf08A86t7b8Mss/3vOzaAe7BejcqNXPmMKi5UEWcF6L4dI52qDpcXv0t+K8Yn/GJ06r26jXnTqOS9J1kT/e80bgdOBXdHDZY9VyOYbktvTQfqhbvmhzHpwyuzkr8c1JaJYZZ/DRd3w1J3wLF8PgNS5W6sdTLyeZxn8mxV7MlkWNRYWBTgp9iRS/Xi+fwxkV/Q8JXRHd1cRWcT/WTeSWROXidvzLEPH/n9nAYVNm9AinieBQf/Pt/0rT1cV0DF2MFSV/z8zfh4LYYGumHECRB/4L/73FCFFcsFXK5jkyv/nrufP+/s3OYJF39RMdI8aOuFBpaNY6gacLu0/vfUAHY63TN+3PG9+7+EDW6K9687YIw0c1d3vEKDaibJ40XpSu/2xGJ3lG0mkug4uoNlY6Tb93VODfBxHN/kb5FX8z7vwjHxJz64tdRou0FCwoAevCCGGU1qgo9gfqhmu3qCUmdA3AWIrGCmtzv2/65c/gHKjkQfJ2c8nZ2X1cM08+UNsPsa2p0rZ5730YE5IOnL1HYkFPY1x1DxMWHHai2eqz+5A9LO9OB/TzP9vxQblt2L34nn90jgW3xAaDjTPvy7drNMZvAuFUjsbQ8T0ybPC9I4sYba5ahPjeKjMX/m/72wwA1N5sJebzssPQJ8rWGW/f7X1TMKyJ7+W+1ajv+aanD8GoN/9tkgZjei+lts7HnsS/u8UiA8Xx0zrY9yP8L6tzPK486+33/+dCoWDatM7MGoAuQkjgZEYmA6Z3eN2kZ+ziqlvhrF3hPhDGtBttC2yCINZwL+KBZx6hZKRkboi+/a/jvsNpg4MYAotRKD/MgHkkVAP1/n1am/XF7euQmOKuNDj1s/vzTM14+Qga6ts/QcngNlId6HVwdtxH5zbRZL1x2ulB7UxEikIotdLAHn7cSCCtM7/ddKxxwY+cg/UfIlAgwLlaNp5LciTmwXFkH357Qd77HKXptEpKout3GNvgWB73bQb49f9XJg4noVMRAJZzWsMyalknxpZL9/mMzi8W2FzYzEQ9+/Vk+Mo+5xcB/SD8st2IagLewB01/MMVMI0v1e8/thX7Y1d+uO7yvGwK+i4na2vlrnR7wPH7T2Es/esEJ6J3f/ySR7kWIAVr/0GOPIIWvpbywFUO3bp/gVryYvE/1pL+aGcfQE/FksdwKmbzeeC/qtepexAWo+oP871nBPgs0F6+zcgtvn1W04x14YyQ8WYIO2Ty/+bHfaRG72yKFKacX74mzEzr6D+KE2u4QoWanTnv8xr46Mz6q30tfKqnnX6VkOOiTySgd5rJq9af/7i327v/3Z7Bbtd3tCrfr8dJ3kVhafc0H8lPftJujqrCkfNLUhqcxNqWgSkos8adUHChcT9k/5ARZh2OkGYUTRDFXqx998u/0UcQDAETc/G3LpODxtc2j2jHeKLZGzh/iMCb0HS8BsppLGVmUdbJdH+7U4Rj3vm8iOuBm4Sxazz7+dPz/SPLB8SGRSiS4KpVzSQQpEDafzOa2tW/s8j+WKSfAtlrYDv6+HG8a0ud/RoKc3VDYxMAoZ96NEl8+XLkhZ6dh75P1femFqtkSUCdPh2rp+XTWskiYDd72wWFJhJorp/3bfYqqrHYNEC42avQGLCXRX+ohCQn2jsgchtUPsK2/0YPO6DZLJ/Fmq63sbZ5YxpjgSz/HRDz5rNYuCLApAP8AVad14sGzqVoy1lpTqEC5nqb1pZgMYWMJDvRBNZg+/fgGR28jdr+5fdFKHpAN12gdBHPi/TKpuemU/06YfRShQbRnxFc8Js7WcrxMfoiWa5id53BDz3l2ENNo46Ql0jgzISfrC18DoafTVJuWo4oATcpIKoJVTK7slGTflPyyFCxijxkk+533tKA+W9VaWhWxnfsPv0pOuaElVON+eLjvfLa06Y1nrlZUvWAIA7VhLEs0kaeVv77uS9tTOhX2UIUMsAOYnSWxmXRe67Ud7wGrlHCO91HutKB4iQr3vwecfsRVWp8XW2/8zrY94sX2DvIOXEVC1UrBP6W1pTKY3j86j8cLMOElOBq7Xq83NzrB9zZji+ICzpBY87fdHNw+AJtJjHY41hSkPCj3E+C+sU/6QLGH8nn08+vTQXLz4NcyI0sjxU9lBWqn2rAgOyCNr/9qAxOIpljxLYltAiWDClAV2jRJLKU7tCJwe55SdOoT6q8f8Q3crq/gX2RiqDiztA/dz7S7fbSeevNvt8QP5u9dVPg6zKpL++GBH8wmJOaygV/6V7SPza7h1nWOEcN0wrOMs/9MVN2M/Juim1BL/4iauA8OqQq+jQOzKr2MlZgfZK2vcjecndG9XH0J6PaKJEMbjPbH7iTvFPj2uHbCyLQyHLoh3okNAM2vVaDGBs1PJv1MS/f7UOa9MujpzUAfyuD+H8gF95LkpI6Ay8+MFZ1Wjiulrf2YGFq3wBe/xl/1odmbAZa/2yMXVlJ8FD7EkjOyO+1cfq1I12c8zMwBujGRznJ728o2MWqfpunw4uvMy/cmBYLoggWF7MvHC1He+RNtff9p8HJ3EcSNR31HOw3smW8gEn79e0x/F2GK84SJ087g2A6UUQ2SQ8arnWH6IyGOvhMqJ1McBjUn08c3AURk+2DbeJpY78WMMry9+hvhpceQlnHLrEn7aXrn4RhKTKIfNe/f6rJCstJZSIDrSCfrV7yEDn49zrNe4PjWIMAA0slq53OyVsWVXwF3LzSWM9YhIJqhKFJSU18R8KLVm2E8qvqoFUL96rPnBbPBCS2reRV+Z/gOGAOOz7a04/PEB3H98yUPTApg/hD4syASfNWO+attWc20FORFR0I6Q00vOk1/hwsRGEqXpBX/utFPPlC0Ve/Z9Kgjd/WdcWvwznSB27ImCRVmSzG2l8M2IVf0UeUocq0p0fkrJYFnpNBfsPWXbPjlCsis1Fe8DIoLQjIpA2YdHkC8nD63iPRo698i/N35KgUypvFP9ai3lNU1abRVzNHolp9QmMn/ddRnLa0ICPMdYeZfMLx8UkOX+bTSkiVPtVBQCZBVUJtKSLg6W03TdRr1EgT+ArYAXM4ruEDTbX2WhwMkMFuJCoLiUwKWFzpi8vPuN/E3qyRvErTiWVLxyEH70J+UEOFN94lv/C3yNc68nzcKD/QC7aaI6mwwR/fiG2/Xb0kl0hE+S0bPjFcw92yLEIPwscLpRxwXBvs0bc1IsN8oiZRxWv76giCE16xU0nK8RF+r/9gV/xstcqN4TylEjpL/E/bM+D3YRG+sVMmIXl87TKadN/Ww4hEpPT/SJ+zz9pF8FfgoZv5QanCArI6p1RsdiI39DA/3z1V5zWBwMT42OQNqiHZ5AdiFcydtBxb5EP+xvbfDH543qtHMj0eSzAxcdlNOfKJ9SEL5HZNLk92AxNKXxoC7igWlRsUsRW/b8qioiLGAJ9hZ4in/HzKErEYoK7+jflkrarJN+amhrGyreG+cXXZEb8+YTjRJ/VCareYteCpZ7stOKIXl+zH8k+8OxhpDvsDnI5nsiyJWAtN1ZmS5iUAo8YnNQUN9rlN7CWDH42A7P2wkW+uZVZge+GExoGRoNy+RohMTNHqKxwlcEw3Lzg2sTfVTX6jU9ZJPNyNEcB/aVExixhOTZJ0Xm+Doha6KXPemREAIcqpo3QGBwMaMjEBcbg/ercnOfvLnpXOBpHSlW1oeb8kgcTJh7L9n5bJP8qfl2XgIPseb7p7WScBjaJRrC+ef0PS7JKSJwzi06bjd38cb++3OA8du/67Ycf+0qrvRYPDyCTQHOa0tIUGiN0xGWAYNiZC7YAHxeH2jYC2f2wVjMphzsBQeKA5Ohp+SAgF55tZqXMIPL9PmG2uT27v6hSm64+Oq2eR9lj+0Qg6FgjdK8giIBHhb+lpPGb8Gm3VzEr3+qOlj89JiJc/vlPMotIgs5fOwycK/u07YE9r1z3Mf28R5FofwweEZ2wR8Q8kSAfIOKlsBB2j6BRH67snyeVZpxvnx3rKz2NhT+D6fjMPNK0LweGSX4joeO4TXKm8aTx/wtoBdu+XZCpgnX/2Kn9KCiLW5XcmRlw3ahWbCh33AnS2zP/lY/4ntQxgVSvsziKDW3ZvKFHSFV+edyzwW0hQSlHhq8JecdmNMTa6/2LN6Xh58gnTJPS8G1+lMaVnF5scJDV6hCc1MTZF06E1mZmUvPBFN5uJec2+dLsy3ir4s7ARn56WKXMZ4HuhERMUH4gvNnga/Cggr8uNTBH/Ms6XCAvEDvF1uZiRV6/8vBqbS+qhrvvJxqnNpzdBfSafdbB0EGICAw32QJi71jONZI/HsFyKehuJAN1xuXhFgFdw4O2fOdvqEDFidkeMaeY6/TzpYF9znf5oHXfOeGa9Dj3P/nxz+LyC9cqsQG1FtCyO0LdLzuHhzl7GEy1VTqs7VuEYFeRfgJXwbJGArZKHLiNTb4jMv27i9tGsGWZY1YVCuOpHxPOmVfr4WKYp0i8IMDJ82sGCLx+Bn03MdHJFYIciRBsO96/0I72J/jGL6nuTOGjMO7rUdEPPQ4YSWiLzyxR/r5vKOnlITLyv9ybBJ3BSolbBh+VIXPlc99zupgE3KeB+wx8499Fbb5TPkckGXwVAQjwo2hfc58hY9+SD/hSYY2Sg/4dGuOvaeIvp1jJJM3Apamcz1fHAAczm8NX8BKXFJQw0Zx0ihl9huSec8SNdtMmlzJPK4UtE0voQsJ/mAf2hwDS3QQNyHot2TE+vxHtEAlroO4HJ2zogmamAPS57ebdSigCrNGQ9bAGVv3LXskUnQG1aX+TCSeie32hhYAbW8nINw1v4n7qmPHej7R+EWneVfNDR4CjAhyl/Me6w0aYe5hc95BLtjiNpHfZXdIp71olP8TxQRgf4rtxG/omMhWp0e2DL/CuP9ZjYf8irzADSm/wbc8zOIKqrY+YCxtnPq+6+Vu1R1q9i9Im+ai5O1w14axUrHRmoPRX3yl1RqMADPOhtEOJwBkwM2dgN853h477hHmQVi8yrGBgQuKX80mtqTd92eOpcpOzSRuAv+ehaBzqqxRTRrbj7rjoGGxc1q/YQ9WMqlsYbSxd+UDHW1wUV4qIzWzAwgM11wdKxpE+dMPBVZ+UqBRfjEvk7Bqfc5s4I15zDlRHyXeAOav49E2wt+IdMBDIP1iYNG81bEVDK7PShO2pMu2xNR/2ykpXDKujZ+VmCqnNh/yuL9s8RmH7yzYelMwIhvGQdTY2CXvBR0f44Gf9m1++oplq8fN/NWBV8+2vEnwUI1xUgrG2UWKPtfahkrzDG+W/jiE0jWPCjxr9bHHsqJmGTaMzfFOgWVRJeZfBGKvh2knllJ3q91WMJBlAL7NKU/K1yKAAB0+P7wnnmhdg9Z6+NnftQON1ZmJyF/bLlf+O6tCJ5S7HDEkbZKcX4waX/Ue78oFOmc9LyjJ/EvwWRnwrCh/dr40PNJxYnYazou0pugIIZ5PmXdWr4sFE5zX9rCpMESf6wGlbroDA9Az3LDdBCmLLE6aogZpGfmHP1O3zZWSVe4gYhaCXEypfWZxkZCjoMGPxYK3IifaP7QJGPj1FF6S4p/5G2z+PAEqfhUQEXvDDu8w1KtFtxYXHbdN7CMRDheN1uNo2QCqN3uLBIb8diNGkTNVMMRmBH6jiX6yf+pyozaphByYRVo0PcQf5r1KxXAh0e3bVH34pgz/g82j2aU4m/RP1aFCoBwV0wbQZgWR8NsC4E17+UEWkQVX5j6vMijL1WHUC+5sD9yuvz4xTgJ6jG8+OxGaTwbx9YICr2UN6ydZvdPysjW89UrQ2derpq3J/XDB15mVPTw6hdOnEM3H6jugHNDFlvyxy2vG8PxxEc0y2XpsjegTdgbSrEY9rc9bUAN+IMh7E/FJr4Umu76OWIu83TAp8MQ3wAunMOdL+ngW/rPij76Ry7KrIU9gZw3tJoPuotkQzgErboZBTZG1iDDJzCYzOeIAG8HgkMvm6Y/Bld5hYYoL0rwIjra/Oe7EzaDK6JW5nIs731bxYi3GgoZa/1KmHL7j8TPvn8D5oTbOoPbKnh9IvH0Ze4S87jwrOFvXldlehpezOmKSPl4EH4i+LHVhYjkyRWi2hdJDlpqxZC5EeRL+hxJXLN6lb7RDAOBXp4gUcoCxvbHqiMsvlQDS8nHCL0dXuAuubmWFEluSGHu0XByh+LTfr3F/Daee0ZzmkMIFq6+t4DFR3p5PBDTYjY+KRRjuSSrf+3vCTJokReRMVvHdHn5wIaaG77mOARX55GTiU0X3LTcmNOosdNrOa3Ptzdci6QI4hhAwFcclz2jSlMX4jmftPApLf9DaarPm5mvfdY3hY4V7An6/+IVaTPPjcqb/V80EaZr5b9JYfDdyq6yN9EGtlEMxAvk2/nr+v373MTFQXOP4gyFCCjxAmMXRRlXrZJrdpXrrD13WQvm0Cx2Thr7pH5IreVJVpkjxW9L7y7TQuBZzInQsTqJYB+YmSX4aA8zbTObpIk0yQUmt9WQtB3o7Lye7zIoiRfNL+IHK0zmyUdIwSOvZsLCuApNg8cYKWeo4+SCq5JxM1+68v9etDfb00nyoYeLelzmo43SnEBU3JKOSO97GBtQ0bBGAn4p3Ku6ht1PiiIb3gfxntQtJXvCfTPCyEsPiQmNUy5SvGQC0qyFKUnGGxxq6a+hh1pLkMstcb8UEC7ic/IxwzSZ4xv8hZPwaVOu8kQ/idVkVzWPUr+Cgb9uayvTGYN2t7yjaglpkqTSzl7UyiTvmnXKoUGHPfX3Io2KcOTmI8lAPzIU3B59f19ztivg4C/nL3VcjnJe9nEWdrJ/oMyp73hNjPBeb8KuKWD+XBSx8gfPH3ObxxMxgZPeLbZkq50dcxgq58rVNUBKASKHn4WpmhcavHuMNxFxCfuAyYSC5h7jKI10VWfv9nurLDXw4knMotEomN3vDasUEGdRW586rthYCG2ZHL9Tmj298d0mWMkdZgzM20S70b3iy/W9Bhmc2KKIKbAr1r1Jo+sV8yIJbDUrKUKmorTSHU3KLwdXFnXGqoSEVcLOfeGR/b9WFaPZLaAbLProppL3kYVBjieXj7cF0f6fex9Kg6gWyGd13HgL44vYJqo3cGXPXdc0eZH9ZGAtZ2JEpmE53b2KqOQQberXLrK24h0499xFE7C/cqQzEZ4N+N+0H3NnXXtwQ80hOCr4J/p7d7eOzANGPCVG/9EJ2y4ww3bEHGb42fL3iTJuweu7aAclAfwGP1gHX2ywWm566Cuno+YPNGfAmSV5uGIB/Ka9WkVTSqOiONi4TRS09gtCjqDx18ne9HccbvWHBViFRU7nioTivTkssIPWngXK2RCIlDdRs7mcjMffkQsUX620sCXCqueaNX829aW20flPsZDyyPTzB3BKFPAIHlFL2qHZ9Tuq6QM87dRb0kMZFen+hC5b8Im/Wx/D/8GjHySo6/4Q00sQVhBHsHcNDK7RLZ5+4l9peHaymbU6y/leyCvXOrX4P+jb58nrdw8lJHESvR6te/Kwaxo9Kj+d0g8Hrb+qN5VFPRnW5byhZw1mI7FTIvbTY/vYf4BWp+QTYh5QZ/laqGJ8tmpG1T7mRU+4CY9yvxYHz2RT6Dh5VSt1/nwecWq+4C8l3TPFnu5BcYW1h/fTeNVRkJ7sjj0K4A6WUYIzMPgXWQE0zrKSDe8HpkNUJ0CX1868UHtwYCSpsdcVijy7SBonGun63Z/l3Lu4205epylvcYhPgk2/hagezU2ncAhkreHgO5UorpqVsHS/kZwL8xXnrndBRhwKk9EkAMafY2tqgrXwu79Wby2OwPbD32vuED7sYxGiKNT+HxEcmreu0CQFLzPXg139Xt1NBT4ByHZpqlf/xhrvex0b22hUSOGJeFmJ4NWT0z7N4ScsPY2Drf8iEbBCggAXilD1OqCZietbwDbraoF5G7x01Ee3F5xVmlSUrZNIpNSz545Px0i6v7xJcrh7LppX40t/1eR12fAwMaFRymq3hKzxq8p7F7iw5czOnVLzlR7IFwqQdXtZ/wrnqE3p+jbehb0SqXjXCQ/KpupdedMKkeDQeF+mE/KjzHnebzmKE2sJjZx8ngFGjtjs65jV7ZOeX+ulZjiRFaXVZ1c3AzDiUWCEJojEp8bKiCoPxNeO0rcdWtFtOhA8G5iXhNnpWDEzaVPatAeszadWUhh92OGgFmDkRDNNIQ4+3dRwB25S4xx07y9gaW1Btmk5HLUvNee5zAjsenn1ucpWp7CMLuBb4XGLhp5hjhYyzHQjw/A9j0fn3niTh9e1rUU+sNZnw3Q4xEo1namRGn3iMP+hLqwbGtUKwwQwOxwmINs3ot0TRx7fsMdMaLOeVYy6oD4ljMYr+AFijxK5EWNtfRfXhnZUkVvl9McUixwS1cOAH8sWqUCtQx8BCoIzhM35CVIxVUTwxRzKWFRvAPthn3/sNR2fAqVLNbvtywFdv566lJ9g5x0YpBbpdFHCwybqjQ8zp8iJ/HAE8TsCripKzG+PUy/+Kq49gdvvtJhRg/a9a+hRsEh0pFn3aJRH+9/8rLpyqNgknjWB+1XI2ENzTnx0ArfrDJ7IKSebKgBTZedBeCvH9m9SFNxOZesJoCdtewBKyqxcOmOD7liwAz5D8lKbHFK9nxt/iQJC6Ub/gtdkRKVMb3wgLozBGNm+GhDyyEfOPSgU8XtIrYQ4izgDTskb+4i9XLr77cKy5ZstA7LvS98xyLzfDWmDcSdfq3KR80Q/WbjPRA9S7a8gYzdHztgzV2RKGgUGoVbz2avB/OAe6AqumGsfohRNOpYDwP5OX5KD2gRhWtP49WwdqFte5CZo4Hcb0r1A+0FPQJfpHD7t2t3eNCnnv48fJKJ3DgJMf7cRTVhkgmPGhBO/zf8B8Lg2APOxWWUT3mMVnPHoP/d3fmN2dEUjmRHT19pnSr3EGGYDg01AOdtVX68O0C1UlZd3jEzZbXPyBw9+DsNRbKrXfYg8McRHXt0JVVZyPeyicluKCqtcXYK7uEXuK0kaATRHJkBb+IL5b14VXF3mGJ0qF3xM2i+JCBKrYjRNA+Tgmoiq6Iq7G7j0LDXYLp2yt2V7v+jXCgqTiWeEIb2lyETRz58Buhj7sLQJEmIXV5EEeZrg81AoYSRwbgCRVNOKUAB/hyzexuJQvhSl+1B0GZVRWerR8Sej+kIX1L/fT2VkHpqNgT47xZzJCG3iyrNW/ZTksBAJk5okkl70/yIKRZCLIHRz7bxL7ODH3Npk2AMNdOi691MJbHdka1P4o5NBPn5u8S6KYTzQCBHqsTb/QvfJePXxw4xvRsI1s6bc1ylzLvg/cin6QNHKyIkpWvCKezwi4OCQM8sNsdPPRcgbeyZF7vfn4ueKC+wWSNV9rz1sXzmtB1bqMsVn+jrbxp3FBhiQJFRBGPr1n1XlTmzWGLBhJo8vdCfTtm3o7gXQNWtAfyg4+j1O4dB2IqY0RFMEVd/n7t6kZ2TCsdlvc12cWqY6K+gyfQ6pwsGx1mfOFErQjZgCAAy/KbzqzEDq6jz+mRGE20c6BJx+Joga1iIXkiS3Ale4+QudtIsWZh6GFQNoOMkCiFQbEPnY0mz2mX89atAB420Zjx8U4BGp14ciwTL1HpCe6cUlYIw+A2AO0UnUdekIuoZPxzim+RFzP4yczrPmXrbi/vVHetEW/BCVKPCPSouNjn00CZbgZL3cvrgpeDuIoNRzXVrwr+G2eoOWlMiOdZcHR16tyVsJRW0RCku+RjBcuXfgQ7UgHXg1JgUZ45RPaFnsMrExC5C/VjjUyTXNwXrO5B4UIyyKcS7Q8Fc7OpljlB1SpKMOq5HXmoHR8/bva6teGxBHEKT+xt8H7vV9AsX8qn2WThpvaUiCoZFhKYg1fq58XnFUFkmCmT7Ej0G1E39V75iNGyX2hvJfITp9+mD6wGkK6NHrdAazghTQj4Ct5IuCiJib/L/AztjibQN5KTZV+oRmj5A+akkoVHwVkjoXi6PvcYLxOiSwlbpcBHubfxG1CwwvklwPbQ0/YFhlF0Lqpvp5vEh7fsGwOhUKDTYJeP8IUnDhHQPQ5X9B1WYnpX2q4T3Of4NIuX9ZzWxMRD467m0eFsxnd+wBGQ3pvT7Ziit8qKAHqbibIaYOmWIEVcHAcdvt89bx2aXaFTfSDQrgRC91aD1o0CK3r4kwgvypTS8bAgHlwKC56Rznjmu4FrW/6KeQtHlbBdzZDqf46HqdWbWRBEYFg7al6I6zmGD7kiDLpsfFuUxAdFRt3+MSN7qQZs2+qcJAHMumPTK3o/ZL7pDxgSb/yC5fbRyzuaYL60d+Xy5ihctvvZanBLcCOY8xCO23EzFzngu1HFNT52pfenuDbZnMDCkDb2jGQL88ZyVWMsBZsjSHlnzXXPW6ocJgUCEoSZ2FNeTCNDsE7jQL40ekDM37NXIen3PHklRBWAg8rn8wEP4V4WriJ5md2/SO7DIz+QTWSaAM2RetsfJ1rG4n4Yw5hZR3YJRwCHDwRo80U3BYJaPIazWkm2JEkY3OjnM/LuDY2LuRQRtQ2yMdhoa64JF+mKBidgkGMDWOuL3W8H2XMW0j/V8KBmn2k68QsnkvrJR2VYqBXwRCG846QjPlelIeCFX9VfKyMWjk/Utlfx6NhhWndJRNOLP5Djiz+WGKjedH11cXuyFhmTs08nC5+HkEV+LzyjCD452llLV04JOevRA/HuOCEyr42OKscGhey9aqyurta6VUefExG0HtND8/2h3gsx6n91MdimE9bl6aP+JbQrThe4eJkQdUHAvcS6QiDF620/OitlsCVOSsTaZDRWug9VPwZjhZwu/a53TBSq7iBcagXBV9nlwA+zyOMc10GY2bGM4N143AGEWbCVV/eleX9+l0WpPHomHuEyrcTRSk1EIZk4tEOgYC2yPJ6/Ti0FZV1rrFGmjnpkMrYcIVSDWQS5zQ5SzeYApbNR2fOVXMEDeWVfmGiytX+DMml4eTfbbUFWtEdm3O59lQQ9sR8RgTp7CY6VvrIWRKzCvhLchiD3O5LRNKNfFiwxxyYJuQcjLS54EwIVb50VTHwrUvEXGc/og7UNkEWSBLc/O5tJfFL4YRZEtH1JQJ3O0lUjZiTRN9GYdQfBQCydio6ol4UE295ccVzs+vwZ2q8AT6nEiM1XfTMYJBGSTUZGe5oVJ0ye/5z5oVqVCrmm91pRE6jTX7ttvD4v/8W9ufcdf3HAE9RZP5hr+Ep1RypGgkzBXRaWuWjwaMHPObz3SwQ3w3rDPAeKGCFEJeQLfw9laYagA2uMJtLgT9zIru/8UbS6BZXVozbdcXWN80XbXkBon8Wdawftnl2FJ+1RRHK5Fws6HerdDvHattvozWvtd5ebsbn/+mWuwGfF2bBpOPKstrxDHOajktwjH0j3mNKiRIi3lDktsYlsbFYZbLRfGDHJ0vXPPe8XvIWHl0eh/PRJ/doKHjamIBJGGz7MPtyN7XuYFrvD3jx/9T52c3S7Odn3LSx9f+xJHicq/5mzSgN7GIoCUHT/kmfGltGzFMUoJqqN6Hk9pAzzhHPKBm6yg2Tn+diCCf7kinICY+Fmk7zJRglvca08WkWoW1yJl90amMnKXtMsZ05gvhg0uKayopa1Oz8T8P8lK8NUVUcoGcetitHDGxzTuZg4+1189ETDdunUkGRoj8x6t6OZ+x9Vj4v4pcKaNOMlFf7lLXHiIRp7+aqLXqkg3/aP11bVxrATiUpJfr7bExeKBBpCNIrIxPapRZ2eDRAcQ97vKkOTc6rteYFHWOoJ6ueEcSdQOx5PUOpPKlDh8QMivnR9Ltfdrpl0pMBmIfJK3LleOQoxCCW7AUlAxrnYU0Frmcu0992l4uHz83rWPiUNe8VBTvHLbkQBs9rtGV3fKJ3a3FuPoBGFCeqjIVaUCCju9xO6Wdl+UuKrLz2T2H6NgSoEsNGpUpV1xiwup6SoHwcnKPSMvkvUA5bDOolmfy7cCIo2Q2Y/tgl/lVfnJ+tfOquI03iglyJRXQPfVIpdR7opMnYobiZVeFZqzKyWOJBBfJ2UpHd2FQY1kAGk8+S8qiQKxvTWIjcEZR4NhLWXOZDhol117Lp08IV2h/bH6RBrxbfaF/3djA6XGhn+enwWDe0nBj6bNfxINAy/3g5DgrjV/mb9TfSpbargN38oQtvepGZNNMZ/5arKmdaKucQBkRDkRn9ev/4bNZ5bZxoEznDfIy7NMovL8Y+eK7ivQJgBurruT87Z6aDJlea2TLzpKJenvKz2dR8ZCF+rHknMyCXecBxW3eeD8vT0sA7hE/viO1pZAU+0YJhL3zIEIMGAVQBYVxaCcUSZlAokGWDEgYHNgQd1YfKbtgoWapj5QU80fVFCAr75RFvVKEBhwrXwWpmqVyEq0m5ZF0Zm0Wg2oyCRB0Z2OXJhfZV9Jd/SwEMfiikE36jeBpmdHDPvae/ehfaj5VYwIR+i+dZamSCIOTXxF45/QZEuekF12bSMYsbpGnS2vbMGWY78uWftig7fhSxkig1l8728lOpN5qAClk0pVUDIwQXWnXBd7PWBmddz+r+plj4W3iUWF+J2/4yzLdzvNxtL+YQQ3PJok6a0fKSQ2Sv2uK3yG5CGBxEwnmnPCchRqxqf1y9V2tJr7WHWyeBTny2FpDwnD0pCFjOrvn7vHFv7k+35sNWsETTcoQm6+laA9hTsAQXO1/Z4871LBmZ1NIvb92dOvK9nwtcmzqAqV3lx83vkCfZl5cqLzVOi+zzPgbS99rEmk0vhCj8u6MI2wSG6BYifmMcxa80ZzxbzmtTl0tThhHnQ6zfHGUwtk3fmL1nAXOPflInQrRfp3amp2+iP7W/vZ0l4LNA3/LYvmOar7H5e3ZVdxhLfvcnR5QtzBG8mM8k+Ll4ck1st4AcqFzITNPlw0KMUqrpwMw9TBcoVkqozf0vADwcOfdKA1l3tVj5sDrgfUatpa2UaCDouPveN9yOZn7oWw3B5h4G5LowBkgDErWqaETodHxLhut5Az2nTvrTmQfnOAfUK6v8cCI8NAc5cCf88gkGgH2v0kiH9gozWM0nnswhbCUS4QGf1mnHSYVTst/tbivbrDQ/pBHk8/duD4bclz6Ti/+o8fN83yX1K7pQ70l7LVHKDou/UWDkPu4QtB0h51JWLJsQQY295l9Qc/fGbuZN7kjLVL/NLejovfLe/6yKsDOjJIIbXUhXwgwwGMpIfuxiyWmbkqQKjO5zyrY65n7ipkJel82Q7hcDzUc3kqF6NoX65HUMu7ltzyEAqX6aEFgd5DHwYvF04HL8KoV/oSaN5R7SCtksKxR80M/YOTcrZFzn6C7d+4OxuBWVl5Wu/VE9qaksbVqbuupU54Xxn3QfyA3/kd3pbp1nXVfUSFyTX8S7cLL8wpVpDohfeOjs8lQi33Wd3wddjpdBXyQXVJKg8aq2uXTjLdg/QtAhjujw4rBzEWcPnAd30j2v5MAq3nB+zAQgihX5pZ1boE/tCWH2fIxQ+CGtuo+Gj4b9RqrL39krTcv0QU95G/mKRCbPDWRPmKchgyVhtcV60FJ+UGdUHH7HsLP7q/TVDq7ne/UJ0OBRYyLe2Sun8Fn4bYPmCGtv4yt90xp1ipb3HM/UyKeB+HluAxxw+ZXOk9unXCZoeospXeX+oUDs/6jyEs+/n3aXmJS2rzESRF7f+GgUwa/0RpBvGY/iXjjMvCjIjSaASepLkVRtFSnd/CkejcZFFPOuhttxXoQCfhrX5Wn/2vEDqvlMhNNY3OoOFmahuzty8/HQajIBhJCqqLaqcTXsoDUGGiYOnx2/gofaGJW+uj4l3cTxbJHDYl6k3fuWxPoLm1DtOo5vbH+62SuOZRedxYYMRqJkyzoghdRvDew/qFomBipeP8J4zeu9fpOJg7IoG5a5v/KB6gxQETFVD/rYwVm6gbcFl/CYAv2R4fj+o2bCgzXPTNjKWxXbnjQlf9YVLZW9YGwogtsrBnp+Ttu/y/KoZGxfOg0CVyoWJnWHQBAYShYeAeaiZHVynzEaantOKLEjN55rg6oxfWP8WqFZo7M6pPVQnzkPItukknCABvXbDiRFKEMuyeTggeDR+qM/nNUJmbZY5c8C+IDll9ugsl/lAMvG6vIbFz+AlkB9DIbgk+VnuD2b5K7zRy6gGNgBXba6gLF5Fs2iz8baE2TlEPXzZJ0p+D0+CkUBuuMEeD9Ei+ArMabkFo0Y9CEs8h6VzgZ1TYRDM1lQe6hTDcnzQkqOsATMR6inv8nhhBLJrK4i8rMkLWb79lVneGzS8w5Nt63GknLOpfsxmMfclbveu6lnycmKctUjSQ0RGt1GJwUzf+HI9ei80mHWpBPTh1/SZR98EHo/zYpXynbb7ZV2Xqa94lv9/tL3HsqvQtiX4Na9ZGXjTxHsv4XogvBcevj5Z2ufmexFZzarTOLGFEGaZOceY9sVw+cOAtNcUM9lAJOgcPEplEXOiZn0FMLVxfFasbU7EmbGU/s5LItgGmY0vufUZkyQYZBpFB4rhdnwJv4hv1JmAJ7Mmo/XbEcg1yiuGisECImHYu9tWQGYPsJFTDqa+jdnakvmVHdA2pPq49rHOjss9j/Pg7jXr5GjBWfRNNJsoq9lzdQ3Txw2NnnUDL+pKhPbaxA3O0JfDjnbIkrmiB92chhUtcY21bI885jLsgywtrIUH6OT+8SCYubipxG9v7VSHJdgZ/iMXZHtKTFktCsGgKTYNYBslvy8t4rp5ctfd82FfdMUYxKKE/OtVN77GcqAXxWik9hvl7iklq3tKXvKiyj5DYuTDByW6qJUy/0AUAsxSCiW9jzJMdyGy0o1vq3nbzVB/NoNPolh0T4eaIB/SvoBiXV++9NbzVIcnLB5NaKLJfNsFlJzVXUXSfqC/OLHvx4B/vPEB9rLTl/SGl1notNFZnJJzQSzo2CZb3R1mCcbg9tu6m2enSDOMkNmeEeyEBdlwlx1OvL6THiN0a45knBaf++e5pY/1JpIEREKJX0IwLR2EqJVMmUfKLpN0sBtB/10QMSaykk9Aq4yyzDfitdJ8CMBhOQtFWvWpQgaN0YMYoqxSaohcmDwi3WKbi5aVNaNs03oq+88w4USwa2PiL5AvD2Jw7d/t+2AVYvzO2/pR5aIvyTuv8zrsGXzhXm8au0clGV798dDQEGrZ8l0KAX+07Rzeq/i2OHkwo3msPiI6EG+D//RyRtCIg7MgBJZnyQFA0nffjFC63CyCfscpykzF6UH0FHE4EBMWtCJ8SkgwmZVMIqT77nkVu9XrV9WVa3Umf8HpeF+YkTww1p6NZ/uFIQJFQ2arzlvAKsl5jePU5VpsgR2hZ6/lEYxagRgdcJxZs/+9D+cK3gzzcGC25QkN64EhPzr3pUEgNbA9IpO5E4ru0dOOE66jlWXHoeT06nb3o3uWiOQ98HBXOJuPEXe4tu6nOGHMQretWiUb8cj+YT6ecvKvAjJw0ypr6MXxJdKPa4/s1jZ+HjQocG/6EACL+FC47TuYOpdfvoUc2CC9bz6VDrZ5aL+bgZ20fjeCyj4U/2Fx3s8ip2TRT03A71pW5SQ4F9Hc+V4X2OM6eu+R+qxTK1UQshh7waS3SMuCNIZoRirzKjWK/uAqhHR5sJ1F5ImWROZN4DzAnYZz9t49KjQDZqh3AH45g2REWOC0mpCHrGqLqCec/1Qn4ErFTANdyXrzKhqJ1OpPM3+KF1TVYakMcD1JWcFS2/Bl2vN+5VuHG8kvC4czOGkf+K2nfJib7ZEzG3M13s/uwd7UMzEt2zX9fttEu+s1nvDw/XLq8swomT6xlOIPSWYN5atiOaKbTIumMURdX+fjrvFn2dILIhWClls1oWAuLKDEw60PD8o8stvwmoDquojF8UDdElBPo0H7gTiaiEtPIEIRMwWOn41LoQWjDZtQr/3Sdpe0fPZ+Lap4m/zgOEeSDPlbFdw9I18j88sRl0bpL4JRCv1aKoJXTyaoQpwAZUduMQnXvWZ0SHRdRjiS9nUhEKmBn8cvjpB0eWf2pitRXvlDC4lhllDlS72wKIMjZQtls17Ze5WeHa2RtvRhy1/FroyZJ9UKm7BfznTetoOiPG/M37QQ9tnF29czF5kp7jMVEULNuUjxaPCSFzgfzsKzn4QsiHrMMnrTCWpbYYnXvXQsRWSewq5xprAsGLneZcjyr0rStBn3R4tzOSY+A1uPnBiABKleKJpH6G0tdQ+xeMj4/GjS6tHnVcq4+APyjZWcM3ERUCIWSriYhc+ZuPkLonmPZlGm/1e5I3p0RPpG3FUPNqjoFwT+Ct4Xs1Grkj9Y46mkvpHALpqw1CdVk+3O8D3tiVqKSMRZmNdDwMPhe+CTB2mbA0Im2HCQX95urzNJHapjRVb2efbdO0B+/TPrzB7a25weQS1mMJyje5opVxh+VTXKfmL6zmaWG60yL0FOtZtTbEH6hUIDrzW8FeL9Ejt1dr/MxxDLKz6aRzg7nvzi3nEeEQ0itWVyw1TgmS7F5+qboP7VKmHLUmE3d5Lg1btKKYLH5DBoKlx8SsRBh5ItRsPxsnDbfXGovF0g4q1f+LK86NI7wAr+sjab+1C2zS23OmeGU6gdAx89X472G/5QKPwtW/8YFprJQAWX6RohZVcuxNBKJ0HhiKPM+2cIpoFp6kU11F9OCP8sSD4vMXNKpn7Orsw30nMN3s/4Hndpetp7bD+NDjx1Y+zQxidAqXVKfcEeSMoy+ERVBIZlDveQ1/ViG/9L6LiBz5bEH8tpCCRujdmEXOyDMJdC7Y+Z6bkOz8NH6dwww63n5QTC0iF+zLiAnDgiHh7BdQoMmgQdVOYiJ8TN6ysl9gRMi6K4N8H6Kp+Rtyw001MBz4YYyTT2w1Lw8cCs/XtX3ntnNUVZB/uBFn95qRKX170An+mFlBoHiSlo17FRuUbfQevZkKvHbVywYguveFKacmjWc4yF9n+yjiZDwXQkr4BIj1syHNv7oWt6SuQegCWZ7LQzzOW7UXbyAeoPEAHwC7/fBTsszTfh9yB2ELXdeV3jHaF9MPfmZQrav95sH5/VamcyMXN5Ywdnsjql1X/inQxOkexne9JDfnGwUWjJa7VaRLhCb7X70f5VNdiYtJFcE3VTSfxU36CZWQd+AXrO5vj9kbeD076ROTX9KD7vQ3XHB3e+z058ZplN+ORO9Rc8up9/VuIdmBnFaPXtpd8k+u6BWdF+P4LviNMXHx6WU6sHlv8LZ1BK91cJSX9xVtOXcxQ4e5QOa/LwecLcOZLz0e292F8B3jt0JPn4k6RK9tb+6mEIkQdJSEf7qOE+A/5BNXH0xigrzF3mfaa0OOfdxiXc+jK8iJzSwTwtpIDA2Rfly58qPEBOoMKWrdEf0j75aqQRyS06a4HkF5oTsIK8d+7MOuHbhQt4yc/8eqSh2G0eLFdv6PuM7jBNv2wlSjCYNEWOKcdlXfboUZJvhibnckhdmtnFf9Li/CwjFiymMz2Q4UOnpOsgD6qGhUVN4yMvpOGWoxuTHN3nco6eR4LKRiHJT2Tx4kDsW9XmXqjtzOqoPpoYxKBo/my/qk19FIK6d2RgccuJeaaGuXWDnB7KEL/sk1wQMntlgos+Rm8JNA7wLkckwjXCqCGb3G9wxHrubFUI/+sQEBDN0jQT8oLQh3ZRw1tyZC0kpL8s3Z6Z6F2OfxUANKt5n8ReEl5t4BB7eLLwrLsbYWZBYgN03OyfP63MYn8F0BRYo9YMcwhgMmXhsnVkUyPYcP/qJAX3KI4W+stZfaK4lvBVYlvRsDyTw+hH+CUSws1En9E6jQ5ncgcREN3mdP0bJvR/yQDuiNKjosrXv2o/Gpuy60QchW32j0AjjrdJgAGAIIMuWEdZShLBhNlTkyMszWgHQnJ/z1/KWUhjkTnTGd62STyc7MvK3v0FuV/hrSajY5pfnOseBSBxzjVl3gBkHlxtmzcGsU6lZrQ2+mQFKYwsWtQGQV8wMTO8FULEo+lite87AQWugne+ZN8AO/M+IAqVtzswKqKuWuuUcU4xlHOY00jfBvKjLt6Si4dfBZos/thMan1Q3S/HR63FUjeVY2uNNWNgZBiJcxrxRwJtXrGEWsqlPb59XX9cX4zYplXKh/1n2bFVcvBUDuuCF5z6rSg8upUvfyu099pH8d6HGFcuFSNDscdaxcPH/Dtxn8WLL+Y0T6O9Bog0Nsq8f+G3X5UOqJYDRTKC0FH7Faug9rU+gub+t+zwsGy1EWn3LHktyNd1x202180drQl7TdZ3+gZkZh0a96ERmjWwpVF/2e6MOhLom7wghF87Uo52SkG3JU41j3746N/M8xV/eIkOG+z5aOu52BtnwVzJ85DZNTzlCnBlysa+tHMiLXbaDxezHanCpoEVhF+/3vfok+V5APdLfi7t04OqGK9fFfGOCCsHNd4cK8ajmr3CC8/p40smBM0RmnfTHkXktAB81wzH1o7nwKfB3gNBpOOmrWhKGY3FLmZ6wzFUXyp0lsASe75xPqTOZjywj43ULjXMqtlVkxaFnwBSYMHqFnoMg2wON0ausu5ZxfcHt7IamnEV46h0naXE2kx8NfrznEIQVEcKTrE8iCS/kXc1qyL9CY0z2HWEY655uctau/FU6Z6lVVBpkQSNebxxFXBq0q8gP0TWPQ3Qu39U9Fdo2RwmvGy9Loh+JzkCdi148hhD237oFFCLpV2nlyl8le/9WpGLWZiJZN6/Zj+/JrnAGAgskWQ4kNVwe3ndTsAHXBVZ9tooQsulmyrnO6uxgBFBvUVuYnVRkRC0rf2uKJGoH2Zwp9ewqk4F5fKCxwy6diPJhWmi5MoircUvLAtsQE7VPYGUPGigjbn4NO8HG8c5f7jisv2qAcWtnz7aHaGFl5KaEilA68nidmioj6KsPvwB6hHKV6a6gvjG1M8eUviHC2zRQ4QZX85ock5/wu3kO/EPrJrC9SozxAcW+huMzxori021w25L65vZXrAmHu3dlkweQ248BwsuQokxxP4XyBq3XAFIKcB/3Rmd76ofW1CLSiVsPfuq71fZ7/GDGu5YejbvHZCbenfCFRNglQG7+GLJD4d6uLApY/dgoyRJ0nO6fww2W7b3tLSlESB1lAb80NKd6OGZDcLViRmhqFe34jGQq3rwedNNdMUj1cwUkpwDKrZmtvZute6ZmPfNsmUk1m/9gwYic33IfnjuwzoFmzrRPmxgtVptPIydF/t/spoTbl3pzvKguprTgk1yDKPWr3A92376IPFLfInv2n8wTrI4PvSvZ2zArCsuUda9vFizWXdUo/JIEdizPgNHEwIp20dUUoSpVc6EZ4/WMoJHbj1XsjRHdQjr+XmvdkWNtMGAWraetBb0zow3Ubj7Wn70vDbCxMk9+JH2wvcXKYPMxAparaSGqz0wQjFl5IOxLI+vlq4E6DvWKi7+fmuNFejcaNiUiCUfdF4CeISJXMjkViY+Jnddyzq6ApNuEA0QkYhHkQnEl2d7D4G2aqws4vlnMBoEpmLgtbFodEIEzFsZE58XIgnXgbxwZpgDhLohWz6XIILSffulwULeo7fTBYckhU4nBIl80Y4Qo0oshaDWgBN7OeZDc0OsdSNQ7gL9f0wANrucc6grbtCQyNujFrHyo2TjsHMf04b+9Rm1DsEU+QYQOwItF5XLf67phmiyEJdDsUeGrPhCWWyL/bNI3/eH7cTcZNuTFf/q+C3qwjJ7POhQJ62nlkWQ9uYL2RVLi3GAfzZ9W3cYEPl2NjGJiVFhal+Brn8V612ZVYo8eSOsUFqG+wb8uMqBdXPc4u8UTPX0IFOOaan67aZqyA59Jgc9wsvh6gXSHRQjMnLNkj4M23rQ0zAuFO5pO1k47Gr7VoCUnd2GlsAmlwC/XtyDmJcAOJq3II6vpJFtE2mlPP7QF//A1V/lH5gLKsafD7jYlhx/2CdoIex0O6rY+gmClfVkZSG/MmAN4aEAqoEK+Aw650ClrQx/1SzfSs5UvWJeUjMX67Sj81HNulC0Ef3o0yIgi6Y+na23iiitPygozrEPh/arHiZ7rOatpuuF+hf4PESBtl/kW/3k2zraOM+xLGlHL++WhpaXuASDsPTigrIN1sGotLcC8Uv26hHcPO3SBNXjia54EM+mMsNXdqb5B8oz2WsXlQ8CSKbZU2XCkhLM0Li04Eb6tZsYtBXRGae324g5Z3QdEQuZ9llmx6Pt0U+tTTlDYxmPSN9JELStwtirPeKH4B+T6T4I0uaOPp8tX5TFVReBg6K9lwIS8xsK8s8khyBuzWPTPdLltc8ofZ8a5eEXx6vTHOmEKTh6WGs/P9/B2xxUJiBVFmx5/6lB15YP9bvQJC8rhk2SZo5yhpociUT9Bu5e1EGuKHl+58wOv8mCNP/QYrFcYvCQOGy+Fn4iSxEwHO50YXt4JX3rc9XKB1RHCVNJsbh3mOi2S7z2lSMBsRPt9uBkmx2fnmds8ulYmX49aRX2ZqopEZNeWSu8jmuUqtLngZapkEAuSda9S3zKDRrN0NQP6XyE4bmRjk32v5b1YP8kKbvoYY9wzvj6RlBbqJO+8SYHys5DIxNiG67uVHx0SyApPbTtomxvHU96wrrF7s1P6aMgBdN7x8820OwPkYEaw3YU5odsd0gm1Epwva2TC6fG/r6+ULcfSa/i7Q30r18i3+dmZEQCBxFLznA3WwX+dr6KkOU+xhqCC6o8Umi0dNiibFgLk0avFfusEfuMD9bD4sDmSKCGnr9FQ8MFHju0dW93cNO6mRkrVsjNSR+RbvbCBurpLZATMWWWXF/aeBR0g4W9zqPX1kv8PswwsTfYZgmSr50Ejk7V0psizjqgCiamaGz1vm3RjFwiES7f7EtCubfCv8R1q7hnL15pjBSdaXknSF6aLG9ZVJAL2L/T/H44C275aroYKrCXDmYwdtaJ2OU3FPqFUBBaOyH17l0cR9Mz3tEbH6fM+cuyutO89Uu79Wn2UtoTuQ0sffR8prmtBerMyWX1zXkdT2dX4YC/nqoq83XtKF0Ax0lNNKPcmY1+I5E4rD0RhNmJJ+/vYuY1U5k1RqaWC2dfcDkG1Oosv4qs4nrownJPLYx5Zp8BRC+Fx1vfc7VOUSSSdLEi2V+QecUTc1I9ezro2VFsPg6o/yIw1RitwWIgw3eZXR+/5Bd4NvBK+Z7h8sc7K9mKUaHhLIY9WIvRF05kpLJsGMEpa4ZTHFdhfMaPJL+MRuZrGPewRdElCZOKZAnwyKMjSJo9OpL0dyi5Z+Q7b3su+oNIUvPo4VdaKfn73bn1XbMDTjR21Yc3uX0ePQL6QzsO4nAceppHJL6eXUBMC64Fn49Pj1mah7Ko+QD1WQNFD3Hgv/s7oI1RRoF3wJT7n62BNVXvwOKbZpTjqBS+GiQyGHfOA43LbtgSV6BWPRzSEWU12YSel1n3PqqFhKqvLvD+0jH+fuVVOpJ3e0c8U5Zvr2W5S+JlnDdDJq/KvPJRFXjj5k+Pad3XOt7k+en88JYu041lUoqfFf6oAdVjyphUq4fL3D1ST61hcJoFjdY343Duk/eIKQaFY356yHFP4mNjZgy37nFJKuhu3T3P30qGKomi3M9RdUoNGeXnF3HDrx6Kr5GQGmBfeSH5a2Smtaf7tjBu4PmwX06PtvlxWUCrzQJVm/r8IZ/5j8DEK2qPHcknXytanEfXJ0MieGv5s4Y2lLcIOt9ZME6lciiKIjJYmd21MOeIQ5WPSPTTkNsUGUr21ic8B5mQTFFeWyQHqSV91jpk1WbTOIGE4uvAH9A868nneZm+tcFcbbDhopmNqGGwA6yiVrPDX3Qb8SMdwZE2DO7nZTay2YG8OHbiE+bkC1dkRq58SO3SoO8HpRyv6DUU1zaoRUyYJHuPFj1IoaZqVw7soxXfJyN4/k5gSpOUP1ftCY3tiePZyUx/gawu1nPU4crCV1/8XNF5pQ23pHYfer/8FjjhBiklvLcXyP4DDPl4rKzc3SYChPIbLsV+q2af5teNhodmqdOpXm/TKrUahuAPF+EGcAwNfcHdHcEOcFMbJzFij+xbXpcCzSsIbEny2sUf9t4eZkLUMIbitqSQoBt647YUc/VcbxeMHwIsWWIYOn390mrgJizFGXi0BWPjRRDr4T/Txuf16JGPuNao9DPAnstgNn8uV87EryoVh1KaFJblouEZStp3DYrs1ACixAWHTxeo2JT6dVTTXxBm8SVuBYNFaq0pLiD4sE2aZ4ZoY9cVg8nk+Ysf4vzLTJDsFkOar/uNJZ4wsRJ8i09XbkGB9enR3zXIRY9ImqB7dCqxSwL2QJ7LvV41TcLSyT2n9QBMgn2kDMWNa0Ye2rdPwni8pjSKkWyA/RoaaznDN80isVF3NTrcGSwd4BmyqoL5q6y33IgyF1/ADTtYkbmp6rROMiB8ZgVvB0NmY3+y4ja9yMPZaK0A9tTJVrgWj63IR/lLjgMq6HnEyPurHd15Q6KA3TpN38A1BYF1yxAySJPx5wB+MQdpZLleY3vCi7sq9+IC5ZuvN+gL7Rc8r+HRLtrd0fJVwPKkkBx+bU2G1sfsF9mCrgA5YE1IIDRmjzVj2FGZ8mNVGuzBjHpw0EMGTRayl4EB8pU+jSJ/aRmwSCKoc1SXxNDID9WOH/CYEVTuWl8BI/A6EYX5LqqpHkMk4CELrGobx9n7+sgvAMNY1TyChUG/w5TNfaLpYVrMdE8HOKAr7qaMKd18mhEkxA3MH4xCURQ2m872Uigy4geOCYJdW46ELVuKtmprpgWVdTRrJ3njcgx6NI4I0mUiWl6UYyL5NRsYyi2KvROv3PikCqI6uiF82l1tPr51q2bB6C8YF8pUhtnLs4zw4Is7jjoquuVpROPL9Tz5Jc+VJB02U0NtRZUSklscohtTmkKDYcCocHI0uiBj68Y1wht48CWVl8SYNcQ0rOTxtzWPMK/2NO5TzIIRNSWmysPFASdKTyAh7lW0AesEzsBk82jHebV1eT+ryuBm13L4lz6LAVe04nCuzYXhKhfsIMTuJqP+HZsfPb7n/CUV0PcMh7otLSmEYUl69Ir3fTmIx/P6keRD3szh1kADuzOPbM8va95H45aDDF78yw0KIZEVQeOMUgo+nPrCMepyqeMe8Zh5xC6wK6XFRFf0+02XODP+Kj1ot5KMjuB8VYtJ1V+7dnnCcqFKdYrDcW9QCDyhC7xYh89fmXZ2f01hhFAm9oCPztlDkjTkbilAVoERXRvHsQ4XyR9uUPlLgioTy7QXN3uNVM3Ww1yJuP+KdYhu9fRoPNkAPS8JnXrkBJY9wyuk+hD6KPqlYkVYJ5zUPzCxJJu4dtizfYxX7WNoUcqLCfD6Q5xBSuCqb5lYG0rGDLEVRQ9dVpoKNNR98IJbgwAzah/EG6I3plqBmCqT8O9ldJFD5ZkvprWFlmDPiBbB42JlGyRarjv97CB5g68OKuxR6Vu/vX261GmQITXlRWJIkeBDJvhONA94C0t67nd8NBfQGl7Iah1I4XBukjS+/sTJv25QX7iAZJ1CJZC4b6wUuaWvjBKnV/QGnf1cQnHhYoEnAgsUlFzlAMgVCWmdjMnE2aeUnOW0v7BLhND4yWI0dU1PnEKiOYByFXRzF+91JXkuOLp8QpLzf9R0A+bqY2B/Hb8n9VdQh5tWY/zZpeTDzL7JIaIxsco+IrSNFtlt3ZOgRAVrjgfqBaBiLlw936LyTtJfOHuEIL0uHD+gJKHFdMweDyunzo4rvU2ouX2m9WNjPyw3L+HUtmn6VtuW/rVWX88yP5kx8LEXPCzYZ9V6KIvVnQL2wZdqWckDL/NKeDjlWkFbmZTZdf9SNrHtkaUPlxiWU1X2wKgf8a9Mn1Mxh5YG9quPWZQ5a/x7VvONCkGFinJKPPr6YYV1clQbrILa2Nz7exOHdzX+C3lQyTGjFrBRov3ZBveVD+QAnkbsmW+oJqc8AyCJQLC2QbSvtXdozEyhE37zykFfu2Ml1MSMJC28jawmu9QS/8jsN30kvJMwnzyGmQdAhfOf84t6/o0kvwSkhuIcfxI011AX2Z53n0/te+mBZ4ZUIXNWUC5cYVXI2qngjmrHOSrc4TqRI1b9NDPKnK9dqsJWfu9H38w4RwT9i0D1qr916Gb29aMzz1Rt35pwpfVyid1cLDRqgba7Q6BaaTMBE428TdSCiBv6jgoufvYd43Ez8dZfvOFMdMD27meRHetg1ajOaLOVqgwcW0lHPvCUg77TQgfxEfX73ULQJAmOIzFyWVwgPjg3EZawOrQl+tAmKCHN8nrO8KziHPkBUa1ekAJUs4WAG4RJ5xfeKqo1HHCyhq+fCg+L+uUOuvJiMJgUMI67chngbZHALafdkeBZq8PUl+9kUplzuDHLFilm9QZCuDiQj0ba3qfJ2VNkV0T/pNClrOMXCm1gkpJ2kRQWL8HLD1tT6zdQ+MIBmCfoQMXlSeXOytJe/kuKdr7kcNk/9XUgykkZ27rhQGU4uEQmYBSHXKTo+RgfEqAbNaLpfwVjll91f/J6WG1ZuXDuVa1ujJk4WD4jd3QXpTJ0skr5gB9yf0GZOlcNr4jl20WFB6qZgSXsKsm9P1HkgM6NbJ6hXem9UGATv4wZ6iOY4Qby3S64BFNsw8V8GB3Dtzg3tta75Y2G6QbjRfXhlgOs8Soo+sYRHigeHuu7C+FZPqncm98r0uqBCxMEqJferjb/Q1BGrN489GbUm9WfWxJyDknUUjpDt4Y8HEiFgQLxIjbC4F7xwBoU3eSMKwke94sYkl+5l7MP//0MKfGCutGcSrhv6Qw4zDKJaqlqxvL50gmnDa7sO+LcWQh0rITDKk115mgq+85qTQ4+sh1onBfpMW6/FXDTkqgXJso9+GM7M11O8Mvq1YE4fLxHxjdTqITIE1l+6goLV94SwxhU2WGwwBI7P+9Cvj8xjVdU98Xy1gxfM5hHb5SnqoqXbwS9lAc57wcTmEB+DYZ+/gGecHa1N4TUAmNN7RC/mfmmCLADmIetF3CcvNq11NE+WxD20oQL6luzmvaQe2kGbgZRvyhJ1jksbntrXsLU0Kram9ATgBjnFK1yVXmk8cf9BQQQSENh/YztUORaOlFbuwUHGakowhxvzHsMXCiL8Pl9XZkbWqmxKA+/Xgs8K9MXmS71DrI4ig7nou2sJlC5jt2q5Tln+LXORjl515KvSuQ0ojway2+NNWp79cE9L4x8l/qiquyzgl4WabhhjJVE9vKxkEiFXtyDBvwW4CMSU7XPsy4/ouIv6GnPqSr8IacBVb6nBY9ifV4KZQTl87zt5JMwwXMubjt1+6oMZ1Nf4VpKcSlFrEM++u1K0O5Qgqhslee8n01yopeWVR9sfQxS5hSqeMp4/S8KAdSth2FEReKlo4x/tXgINzGSN4ANQRs4FSKpdEsMx4ZPmVvx9Zao70c+AaBDvMvTRt4z9+zcExRikeTM4/7Y8ru+sgJniM5U9kzhXtHKhAfwmBHZ6ljHq1di5hXD+tKbzWAbRio6DwIW2JI5PKsZySt4s2lKsX631nxpVTAP1YkuKGV4lD3yIfIi2hmzbLkfnhqFtuLccfBZXXO2iy+fnfTIMfcyoEN2hPd2FR2/yxNEy7BQPoScZSDndcGBX2topGjZpIozyMpnPi2I3bntV3RHIGDAH4/wIHuN0uO4YY4Hc5alwLgsq0F3iVW1v7/gNsSOS+lVjyVsr7NKCBYcHQWo3SwPhuNUV1HEwOD8kWxmUUDh5iUyrjATeZko18QlFTqo35FyQSla0eP0E6M8tfBNPZiKhrf6qFTkkWZgl3+1GbPnJqQroDuV8gz0yYi5rfENT7/Ll0IQvvIMz8gUgeVQw1SB+7Ou4LB+43yIo1Nb1WOIWEr5yj3tkajQO871sXWA8/8ZGJ3hGD8wNIhB8WQUAD88AeG7imfNoY2c0msb5SfdI7X2N9MwL26PTnrplAQ4q5nU6efkWJhf+vfnhTejXRKR8+C2enEExseO2Xn5LcMUGsFw2SOfKQ5xMbgn3P5LuxT8QIIWi55HeS7fPixfRAmMyu30z/zMhuFUU5f4XFBWFeeNHa6OqPijzWKMBpo5poDTHFWJ6BmgsjFeG6+2V2HV+CNZylZTa5YIU/bWLRhh1vYwnSndc3ut9Iv/G1GjDG+u941nwq3dMZElBqwXIFSO9x0Qv4qfGj/QArhB1KpfSftIWlOZ7crQ8veeZ/uYj9fbIh/mAM55pl9mHyWVkZVuRF4hCeb3NJzdJzPWjQ7+YQPwZJlFCLzy9gIf7p8tzyGET9ln0RR5HmCZtOx9nxX/8Hpz01tRIZcjW5RBdxvdLZ/TNUZgVhg3Ij1Qi4aTxrFW5Cnr+GWJS+UZ5YWM8vsF0YZ6NorwW8sGs7LseRXlEumXeQAY/Epcn0lL96qHjteoQjr39Nkd1wMkBK7kGcWWmxujrf41F4VGKbHfCTWzc+SzWCJoaBkOYbpGPrG8Ae0rNA7ciGG47vC8Es/od2zZwIPSa+xRlh8FYXCVBfartYk476RH6qowQRBrtWR1qftwaTYsgvuL3cdvY0bH7VkYOf2RegPMGLDgVAyXW/ZLv7iDhX7nintpWeu3LMc8ubUhOllGkTqOq6pQ+UJ5PoKWjVlz0fGn+bBqRAMjqChs4GHBMwlL/DzTKY7chwVyXzOgr5Lw7eKqslEaLCtF/ai4Z7xw0oz3zztwyf4B/p3njunBN/PnmRG2Y9oxAhvoly57fSqwk7l3wqfguZn40zdkKj3vdcxuybG5U45RfMlfWEqViyXQ+Nal8DJLVZcT6OH7Dsc+Uu+55P0iiSsvj0cfOpkfIYTtKFjhwTNyfkKRnuLtdH7zizF1VxX2H7/ZY7M+O/ktYeLOcp5cSHb1/iwCX2LW88aWBjIsdcGsLYbRVuFdIvUzB/B0W2j5VmoRe4Ru+w4uxWkL9Asniy3f+JJkclCXj6SxTlsxdAL/bOF/vEW/JkSzDEYVRA/u42at+Ny1/DMkg2I3EJ3GEXOcIjNKCldhubx9wkdrcFoaPFygXjzlkUEVMLl+obJtlddWDYV9U7QSJgP0k+X2oSBovsvPNhHcSnLyG9IGCocFsjKuB/iENGLFFcTpLqcsNgkRPkhn7QdQlJuVBZ2eFbd032otEjtn/qIvLvkAb1GoMkGuCHknd+RUIpDPQA4EbtOaN7s0w59gwORDEPDaZ3485he6XMLCu/EjVBVfLf6wNE3Tn/l48xJb2EYQxVDqU2/EKBGWKXsHPt7EGWua+uW/S9CgAXtwnHx0giRkfgwVEmZhSsVGA8gHep23QcdMadTbEa3Ls8q8R5JFuIWmK+bCU453cBkprflJP6rSie3GXBwZmG4iOeoifGYWr/R3RtMzZH93XQFRDrJKRV6YKjhzV5p1NMB2bb/vHtozPzUcRfEFr0TOskWwwYMrH++8LgUab/dDOwiziTV/MRk45SnT2gLzcRQSkFTm5UPW5wHHwZ6kiRruFEZNlQdDpJT/gufWZNoXYu5n2znV24kedrloZqPVzoP0s9G34pUfWWVYYRF+pMjwfnm2WNOzECwJmV4gf7yUr3wGlqbf4Hucy8dT+KsvWPGPIhEerehxns7no7UsmycARsLfffrVSqdedvPOhy9xbUcPdpdVVi2wOW98edjcVuL78uA8UIyK9vA+YgXh4athxS4LMwqmMLDMzSRZvPQrQBwB+WgznWoZTyW9bO6dnp9ZppnncAepMtPSOSKGEuhXmqG0/KuPDYYqRUE805d4GCpwl/AJm2pBsUGeJlJrPq3vqjR4kzWauSc7TIwknAud2kIyJhTPz80jIeWKTMQtAmdta26MhJDWPOBK7HnuDw0kS48u9u/rMKJPZGF0n61R/6ychVmHH7oN9Y7oCl3eYn/8MMy8qK2Zk1LQswejCPuG7dFouey7TplRrjmzEbamDgOW4bCj/kXV2BgRocwEyt7/Ilz33dW1Ln5TGhw8+0YYy9zj1bklwf32XyVi7L1BqQKYrwN4h8AnmaDWL8fUru3R7A/ev6MmQpjv4ub2DCWRB9sq78sSWwP564ikzZvNwSlHCSnDspDWLQT2CGTR5PLjw9RceME/uvHu4FFmbOZBSGiPSVXAEk4FSZ79wNve+qqCE6gTc1VJ892tmzZevXM8ktZ53gxZHfP6ACz4CDe5Nl3EGAxxuXMZx3JOO3nFKjhXVIYNfhhRBck9G7Ad+OW1seYFcc7RKnFJddNJcdcpOHNHWGvcOppCMaDa5Ys4lNLFBFY3SQc0mU3eqipeWbkEwvf8ZQfPN4Ra8aN6xZpT+fBMGw406XAF5shPBhlcLuoNrvkVSKy/X2slUwU1/IFXUpYFFgh2gvvLedgRx4Pf/oX/sY9k0iJ0j6Jnvg3nkh7ekLnqwibbMAa748qRCvbWBBjJgozPknoeLncCQ8SlSBg53w7epoKIjvwWLmv/hsb4qGzMu8wWQt/YL8qwGB6MzhycI2zr63tq03/9dzcwz4kgjgGypWd2jfTm6OQwdmNV6aG9ILdMvEeeYpd3w9pR9cj0r6rIbYyDpQPwp6MZoJ+yJAPovrCPduhNlIbMZ+WC26jMUTmwYz348wGTtciE82KAqroOl/8ZHMV51tG2uYs+PwroATYosSqrjxxJK9/cKjx60Tr0lg4/mC1Ipeao2XP625zQrDOpOD8X9ruPiNHh8oMuaDA3AIPKnqQIBJfxcVZ8ff+58tsMaUvqHwWi0sDWULy7qYIYndVn2u0UOQ9jBB41OpWuwNHzO2wi5p2gEcmHzId52NLDLG+qCC6mWnqBQws0vRbcIMbKvQ6MgOhn57+/c0TkA/Vf/0I7j2vfc+WRmWVleBH3sAGtX1xubFvWc8np63Hyqu1wuvsCPu+n5/vZrjOG+8ORj7zjfOJgSw9x3qySn781sEwkfXjf0HkDplCDPesWde/2PM/qXyebVfnV0raJXNKUZeKDe79pa9EPnylg5B0nDwiLhOWZs2XNP2sieM9eF1zkmbLvLyGj3LrcV5awLYbXJJPJNK97OAtmqR2A28DY1YwuwiRsgQfI1/512tRD13/hOFW/TuLdAMOmtiqfxHzWxSFodcyEHQjmjaqFV9j3sHYs7EDFW3936Eh857G+8BpEpfvAEquhzrc9mbEV2GtNtyKRMLJlX+PIaKEquNkoGsuzlIEEq5gS2CdXByoj4BDsBVXI1gylCahB6lzcsqasiAUh7kVxHYshwT7M7pICfjHc6dr9h4ySdZnMZSMj4x1XSfUgHfoLLlcDS4drRselMYfAcO8MlLy4L/vf3qU+UI+h7Sh8QGToERgxrJ320f5qmoEHA5EEeqjFovJsb+ZrPHggbyjrh5kfIt0kzQJMjbB5eZ4bl/ZAaLJ1e2m+si+gO+XEeV7ULAMwywDBElfwsIznG3B7VlVNyMlJhWxx3Lu6mH5A8il7oHadaO5Ff7J7gsu3gjH/jeH+3qwxGHiNkWFpxx70rtp5xxjOS9pdSOmMgg6903bsRv8xUhNoVQkF6Bk6pXF4c8MWmN24ojiwQbRd7oVuurWddaOFm9iv2VzbbVylC0/z6w3x7CMAlUfuJ/jnQVo15FmshLuQ0+b8iqtdq5DHiPfu6fKonFVf4syoH/w9nlF/1mk8sqPHOB4CtBo7v/diQGRhOjmqyIzI79H7Ikypuch70Pf0oxfNRSVBTnYkqgPPv8IzK9A6SIdLJcSCToOQFOQhC8bp+8H2kBzWIwhlfaiogLQ3+r2phQbHA0mG2wBI9u8iLzAL6sxJrsOw4J1+HkOpdg+ZTkx1NjmO+2PwgDc/vBdMFPDsAENWYprDs/2QgwH/vLdvuRrOPdDov1D+v9BnOp+ToCmZ82EFRxAE/ju05/Oan//jECr8F8r1p5SPfb7OjwyF/n2LIeT/QvC/X11/h0j4f+Ew/d///n171Nla/Z2B/ztU5XVZ/bszRv0vjPo7nCx/h8r/czew3f+eAdDHk8u77j+P9Psbgers7zfOYi9e1g52fDSdz7yg6/D/Hxz991pJt+V/53n5Z5trEEUAceOwggH4nbKsV/fvlHnchiwH14WfsTqqes29KfmAb485mZ5j1dp3/75eqiQbj+cD9Hwou2RZ/v29tPn6qf59KJ5befUNLgETz+dk/vznI/g6SZexe1Ac89+HwRXWeWxzbuzG+TkyjEMOrlR33X8O/ReCsrQAMfj/N1OKgoy//zGfMAr9XzMIY9D/yxRC/3/NH/V/zd//NVvPBEzgz7pPSjBA4H3rT9LpSZp39rjUaz0Oz/fpuK5j/5zQgS/Y5NOWv4n+H4NZ/P79j2swXV2C364jmPVkmR4d9nws6hMsD/Z3S+Y/R6H/HHn+zpI1+S+U+fuIiNPwiD2u9lnLPSBNKkewK03vXT18G2xe8B+HcQyQ25z0dQEQAscZoRMc38XC7aIz+uzcGOghdCtyE4S2WDxzeNV4GHfJXKVWP3LC8MSK4euzYUrOIpapDjA/BCCxsZcH4deHGLKmh9yPMjNK0DnHcYFUiVrn5nH7ZVlAemD0P22Co25IZ7Zf5BhOYyhavUCx0UPedzvJ+CwM/Tft+3D86xRYLR6bK9ijZHDcapASyXYkRxURgSNDt+5tMGB/N2Y4rGTxnd1Ap6gjPd1Wmffde/C/jxpXF1/L3q6HalXg+8lZ+77Gf5Lj+04uREv8R33L3yBD030mOlGj5rOQks/XyxOvE2/inhIUvRqAoK1CfundSso6fRIhYKpf/yFVDxjG226GaxzdCek76W2nCt7WjdVVqwYF6tNcOr7YtSEjVofNr2zTtDfR+Vrq++cqdSbwUO/fz3e4UtYLQbxQPrhNig7iDEwpK2WxKzA2oBBtK3dXF7a5U7D2Yr+i3vQ38HphiC3OGYkt3M5Sqd2AiC0HRKBRfOSMlL23d9wiFLYZLs3d9JskkvuE9NhaiTvGfnUreAoB1Um+t++vBJbLpDrU2dnW/uslZOJAm9d5wuw7FsUPcGfTgOAWpmmMTvVCwCT6RV9/SuphpWUBClmj3yNH5a/81sdiXyW8sqLRfncihGnPDLmfWfRo5+2/vAR4d2ZPCCz0K4jnG6qklybJtCFyKMfCTXau/rjaKbEBTBLs7+S1yUQj0DSCJCtOF8RozfrDuvRFDitGNz6nOu8zfg8ZtPpJqCq7QJxcfDtoYTmKVAkIwS/DXWccu9MW/CJcB+l/MQw9+zw98XLWZttl4Dtmu3l7zxJR+L8GPoA0gAg14m7uElAIysRNFaAIycrDnoAgbWJdhfloxODR/G+rqkrnLSXIwpuC7Ejfi4CVilz8vCM1WiHqYHqkK01sN/VH+m1GqvI/UKPBwL8jvm1/7IYyRBeAn3BbaA0a3VA0uU429GjILZmYPQnMb9a6CioHqeiUWYmqlsrogc8NaP8lhvqAQxPwPVPp2DtMqTxXocm9UgHwA8znk/MbRH52LRmwLjNIdqTfbTyvM2gtLULC5mn2JHg5mNjj1rrvJQRqgViR9tFhp1tUbWsRcCFKuMoGdWK34737kyPICuKXkM4yUxi5UmrMZxJf4RvPiZRGkw6UTmWfIbOdPtNjZ3B9F/yA7xk7rbUD2KVtcdXY5uVQs+ws0wKpfFMHtr+SEjBoz+4kg7mhYTp2C9QOo68DIrw/6P6OzarCAtbVmI8BZgSsM/RTOanomPUXqbsbNDW6pn5lHqg/JybZt1xJTLjKJKff6QHnTO0XFhZ0DlE65wLSf28PXUEbfZhjwV6cEoRJ5JsAj2s2UM+KBjNePMDruhgg80jiC78iruzEL5KKw0Tx6C++D0jdDzrl4Tj4BJLBPHs1UeNnB4TzHwmVLIRhpCj+BNlXMSVgsMW+4tcezVwUc5J/Bqjm9LKXUcTwVYhjRV/+bM+FgbClNfzzteWupMlXXoT3QLb+RqYnakTkEh7AyqWyhHSvqS5EsyFArKQBPr0t9zEwBvKima1NK+DEqnuDK2j3HEetPkG+COvnVb1cuqG7LdWmn+j76y2M70jSbHIOJINarHChhwVp9oBn7La9b4gKYwpBex+Mql7AkP8FZz4av4Dx3V+Khl++GFQwi4gfmLOKwbdwte85fko2puDvcoTxG5JX6iXlcrngJKlQ0jCmwUUVNFTsQo0q9VElgu8zUHnqlXPQ+idLPBQnKUxthFDFF8m4XGkLwmKQp1DJpQATxLioeYc2g724IpQ8eic79gEUKRHTG9QyLNz5ddHFZJFFgUwhevQvpJ52sv+uuqieMi+hU3wOnuDJmeAAa4CJH41sIWKpv1fgbnBq2BQVsvNmfromvjM8SuLtIHyhgvBxmGyLWz5luzWg7QAupJ0v7XkKk21A0SIHIqnEnGFx2tqQfNNNkNZ1Bw7/M4CUNJJuo4VncLe/vqqwFgPvRMrBCo++FjG3onlCsUZa89/RBBSq/MJu2xDIu+R0jZ0ilDbPCFp1PJqAcX9oEJIgiO/QL7R+vLyvgSmPYGAM5WtfERPajqI1ehIZplTtLXaOVCoiLLkw7kGDLP0ADn5F4sCfu+vFmKxV7kaDODDCtyd6z1ZSZffyuKS3zXiyG/By0B11QKiMGvlwlvIEX8uHY5vhsxEtK+7ylTyDxKknP0nP2u2EtrZdcioZjEbTpjuvEGTvi0rQEG3i6uf2bM+fGRflWXu1kIHncAV9UAe1M8f6orIdEznps3gFUVDQtw7kww7Qsb9fHJC2TZxJHJp3sCiyymDaotqzRQUy9Mdw7WIQsZSaHbDP7Oqjer8buBdasXCG7BTDyVVbWhbOTBya+geYvZkrQC4mm0I1V2S91tg/i20MwTz63KTOzO3PioSf6/oL4qUG3h71GeubHQSJbp4HxBZuld0FgAI+vkF+KNcp7ZbzkZYyYsXz72VBXNWPzXGo+DYGUr38Xh/qhSdrVHcJCtst/jKxMxYIfCt4BL6VNHY3fz8YyYM3xoCZidoWCZFKyln1GUKY7OJptShvt3+Fas4Mn65k+baJbujV2e4COjOK5E8loqQwUaGt8xSqpWGh+yW5W0gf8pjng9jcjIPoUXj5mue9FM2weNYUetjtZ7hiVksTuAzWicwscQW4aHLBkXHSJyEB07mBvmWJGAkZY+9O4sqmJsmADVaE2AsURY4CjMlmoTwFLCHwa9m2HtbbtDNpKfNKkdv0pTXNsjJFzvPWMmkLWlusYiSD6HRizhRdTRFcR3hzc/usQ1Dw0u2/x7dLnl0+0Jia54hNyf5100FGC8C/KoJINSG3ma1iFcaoTfdyzOjNZXrzTrjiWppuK2LWRRpQM5GFTB3qvKCdC7PsBywsHc9a8PSXPTJ/Ek3kRZyJ7v6FmmF5/qLETuXtxp/uUQaYaNUjVH4KqcYrLRrM5UJQb+caRRixrlYSReRfChRpRRJrVH/iajAGDAZ1zbWcDOfcjngBeNXwoWaUTc6ZVh5981XWBcs7jVFq/W+CDuUX3X+dFGS0ZyvJZ/PmxF8NWihrCG/XgR84WJw4AAMTMGPEue/ZbJa9OAn16yYvJZciOtXq3/r+NV7rbWxxoUQftleYkOdoTZNvTjfMLDKQycQWG6QC479q7qUklq8X0hsydHpFaUokv5puAC14uaZulQHcIwOeL8bmhqYn/r9Zuopd260l+DVvboahmdnbNDMzs7/+2edGUaQoh7a9enVXVRN4/Q26wBp5vwXTsl8Ejm92+UBXCG0uU4gc8QJmZlUI3fh3uWrJpvTOZBtGG1oziABaQx7bNIWSS2mPdyEy7o6/1QoZfmIaHGFsTmSY8hS42FuqX34Nw6Z9IX2aqtsIv/+XOjzxGdiz0RAZkF/w3XRpw5mJFJ4q+4SSDSKwWWqUOtqOwq3q11FJgxVkFcNfi6WczdbVFogILnMqkBKckIgRa9X5NHXNlLGmjNmvVe3PeYJBt5HF558K93I+xQ15/+49TGlefd1DdIST2V/N3hgsNHuRCXzV0/5xPmtcz8u5LETt3VlrfpIu+UCvNdqU07P1IgcJer/oqvNl3AVPl84tOEFjMCfu+wkzsp2TcjHaFxRyh3b8VfNXGgMoS8G9QHHlwMOHi2D7tjXSiSF+DmsJKhQz6zYJrLhcmY+dFICG+PyyuhgimtgXXUEAVDjH6OnfV9BO38+MWSJve8ozbk0CdjmJpP2R+L88XQOVN4y9iY5Ut0teSWGrZt8on6V2cS3VRsyMzFE2fpWDgjbUfrimlHxIFGoeR3e/92fEJDh6r8kYt6b6RfIb3k9IsMzpSrb/eHWasKKF2zIFZYD5USdzsJ428Kak1BJ7158dLs3pWk98JfU+aTnEjdS+lKN5s791PIHDx/M4zyaMDyx35l/52AwsIOL/bapseY7GsL+JBhlEHrWDRSYe9EvdObK8XoPxa6JTO6+R89+g+P7shlLmF/tp+n7jFaCUQRolrOG7d+XbmK0R59d74JnaBS+U9EuL90/AYmbKBiV/brCb9kCFSDJWWLfDr+2M3ZTQYrbyFGQEG8DmEY6rkVGqq4JyouOCld0J2XJ1KLGR8dyunF17xoi92oeVN+BXxUhcAYR+K42nHfsOT7RHplBzQQL9+QVTJnO0PgV3TSGgIKO0rs5wT2SW4U3ilHKx6Hl4PVffX9oh1qwmS4SFGieMrGN9kO2hTOJOdOrSquNMVY1EOTGiNcdKF0uuzgUgXJtvVNlX6idIIeqsHJSKrtS7bnUGW0Ty3ywh6MKiLRhsBSdxzNGjw8QIiirhwv/LIQVxPDYI+vp/f0P0CAWMXaI9hq3wqRJ4x0IBNmYRq5CVbhVWVczI+tEnIGvJCg8D7JqsgWKzT3HnFzl9YJsO85xcP/mZmLDsbz7iomt5284KWG6lWTOxwcE8PzMnSZGM0lOy9XdPaEpFuE2X+f55ag2GRDBatG76boJdyM5kwBQR/tIv273+RqjYA/do3sD4eegsFWVCjXUtRfbKsTKbae3f+jIEJLh5aVPpH5n/UjA0L9cTVLwTdr5H6Hn3SgoPp/W3fNhAZX/+IZhnrWpabZTwjtxvkCqmO5AAa2fv7fhpmknVucnZWYXv5HxeyaErP0ZodlY1kWK65jl1R4wf/gKZS4ZbyxG+PX+dfXxWANf1X3qMFMg5zTCOLpsPqR2xM1tbooMQcJPn9kEr8zbGPrnTovsxHJCEzNUXjMWqHkXUgJrR3Vjt4B20UFl8l+JZvfJ4YTnSxexw4vUy8ZL9N9EfFM6FzjXQfVF58u+v79Piav/+cxy/OY/L1WdaEGJqnFOjC9TSd+GwQFe/JV2Pr0U2lt5yu3V48NPo2j8os7UBoaA894c2WcCZirP7hSbsMArUs7c/hAP35qgIFGZ07jjJZTJYH6ntkYcmDkhlN9PYj7/GNh2fk82lhQ5v40P8NgqFaz0WKDMw9HUxg6nTFIjwAskx6NdfQNVHGMLbG+idukJ9vp3sJgLpOrxo9BJnIjef8uVo3LVXiEbJ12VeeKnGEToX56+iaIc+0QEwI749v6uDVPQ6y0dWL2BDoDoOw1Hzt5cirfAEPXgePo6GOI5PRv3b4H20RYCqmgHDsA6Saq3N7U+HisWfHXy0H4wqgEw97+yyjc4iuO7HF8F6ITLXHZtrLaxxZ5KR1txkcsLJinVTasvftuBMsYvc7HNa7ezLFftC5VHlSCiQm87RIytQ7xhpro9y4B7cOf5kMFHEKovc+uHwjLxI9wFM+QELh3wsbQuwqK8Iwt2r+LK9r4HsWKuZsOyZB8fPHwuKcVjTGDLqo2wOSirYQEadjWcriJ3gTB3NuEkUNIAzW8Bbga9Dn8HFrss4XFWRsmotAOUdRuJi6Q6sfucVlOnBIZOQZikDdgQOSE9zZZPfx9jSz6q8K9sOqCNulO4fye81lV6loOdukvje+m3SiJn4z9fERnxBXYdfY2bkK6o0RWJe3km8RmKqNe0Zf1ufIm+suq9DaL1TMcnndDzoylHurpQMLc7TeXsijjcDPfdZtqCU8IQa/hNFrcwnrmk9oVVnuSsQUriX78i0UM6pHqqBW7NkhbBJyxNOSb7FXJnzmpIWAztnpRy3wSLEvbz8Ud3VYcCalV4MkTkBpyFIkn+Y8FAIuaSLhO1ZkJmiEBWQ97tD03NZi/KL1Jog2vHIvzrufUxPeWXZhYVMc5VEqk427UsgQxiR18mqUr1Mv3j+flKHn2UvcfutC9zgmLHteT7lWS7tQ+/sE2QpJzAAJ6SNayZxkgtHv64Mtb64tgXY8JIzWvmh7bn9zbAyKEOT7K82i1hcBt0CRKxO4PNXAlHpCTGvKjl/EmMDoJ4a/KpqTpoY0uknLjedHYDBXb9J+M6OevpF2ReWL1OyyGzt2FvOl0abUcj2vJHPkZR4ac/neMbjU27x+dNSkDLbITHgkcPY93n54JkLuHRNf0zK1Y4eV+FBxo6nxuEjbXX1K+/zXsRBzrO+ABqA66Garbaj3798qjs8Du3w96nqFc/O2CUQrpo9gbne3tjzW/weSe/44TzlbAR0u7GVJMIY7mFPvBVRy0YAnzutb2jsBPve6cPaI07i49ZW/P29A0/5V8TUDwHMfDvJ+AB4aEcT0lJU7DFzMtFPNyIEVdFrnPAafx4SPY+VbJx2XF+qmR5vwZL0/LQ57OQ8bW0vZ5HYPBwNWeDgHTCqYTdpmoz0PGvt6LkIFLCjz3mGiI2ETM73bniLzValvNlp8kcCmMSIpOeF85irQKhcWHMMcJO/wCY6Hp8aB9O/9xEQp3J/4+3okB876nCvXU4jsH5fGAR2DXRl/tKJe3GuYKJVv99dUxNMo/rpnRTb1deNy6gqd73H8r6kSRxSKUJWT/FkH8ZQzS6AizhEfNydzkwLMDlasUhjXdhnAyasTYpLW8AYJ1faaa843rBp+S1YomGUp/aHXEcWSCozqIL3aUUh1L2x62OVLUmFmPKTrQ/gqQOsXVHAcWHmxp32ux9GGT4eAbkBwNM0jCUk0IMQdwqIBbHiJrjsp4T+bYWHfnWtLLf5chAgucoKOwb206N0P0s9+hQ/aW63xT81W3ygmyAIlMRweZRgyQVrR5CsiAWUZjsruFIueX/4M1J9tOtEI9Rje0MvSv7424MvxE/+ucvZTXdMMRCWDapAjivw0m/uEfQG62U8AwfRpeqvzyPXaNFPBPcX4ppH37QU2ScSOP5LeMivdrgFSqFFFjXmvr0VPdVh7LQPuUH6AyBk5QHXPqwSsVGXF9SUVlQWpxU3vWb7WkmzuUwZyOGuG/4VDreiXhm1DEMBKUajCgjieVRdkj3wvwoIEjZBVUuEaiwDEUdjcjSHQwVA11QpKL+jHwAJvAVPCnun/cY/EQaDCai3Xkd9wI++QwudxHg9Lh5lUnoNjhRAL4+ObmdmuoIfGvjXdVC0yj7SpGx+fbYtObdYIiJLX7FwzPiTQNsBA1OdDUP2jORznaJlixXw9Um1rH0WZN7yscRSYQJ+y2MUzdP5T52N0Otv1oMS39d41MJQkskvVzq+JNdBvA3rA1zA/UYEjmfMXL6RBluaq+lPCDJ8k9Hh8ExXekdetJbi4PdCNP+HJzGa4Heh6OaSHU5IFqGMci/2+dzUFW9AhIkCj/ThQkFBku6MCl0rb+UGgdEjn/3uz7T+FvYMpsZRhUKhoRmy/yRL2KgRwrMaKYevT+yByJHU+FDQh7IVZgbXD7cWoJBMsxI/4I2HI5ytyp8E/ukiY7AW2hAsgcelLspP6sq4okgypAQqnusN1/XNBOBZwpu8iwf4QCNVYBd6S1Iua8mNjta6+qjCTs2IpY3p5P5Ic5jllMK/pPgGYbjqMg4qInE4pXtRf35KgZ8nO8SiKmyRs1sE9LqXz2nw3AhSEnNaI8fUwafFf0t9zOB7ztfBGG0xQNNP+00iq4nXGhWCK9u0OI0Yqu9sEn1IQfmn8WIeM6ZweZ9QpCTlyYu0EymFI09sKe0mfj2Zmf/DZMzvwrXGt3fQ9NZmXhHaU6hVTIYboEbs6x1PwpFvwORsxeivugWptqchVV8T0PSvoddakb6w1arnpJFlhhdTOR43nKIoREnrOXSisr0dxQP/e0GLdb2/MF/WkNkLR8Edrd0QOr/Cq84MbtTh7YeSHyW6B/WTkMniSobXV3ccTt0d7AtkShwB/5GODCZx3I5XKvlx6g01sfcxhwJzVaEyjgFXba+zFet8n86lf94a9zpeULQdzSpxGyilfRhJa0suhg/3O7fuyaVQODdiGYBLlJ9xvkpXhBhN7p9RzNKWPiKjm1VYm0r+sQ3pR2Nc+cXjDLG+z8ymNlczP0nhWoIQzG82eVQEGnvB4HV8vh2Qan+2XvRCU/OpfuMmIlW1rg3bu2yJccfBTZdDvEO2KkJw95KXsQUeyIW8QzLHv6V8vFsfxK6ZQS9dRkgtkdV2a+oIqsjxaOnbkUT8DAflXhL7aWG+q0pCqubNG7ZsyRB3EmagDoV3uqJV6oa8Wu2e7Yg6TPwixDOgGzXlQjK8oRU3FANuEWdjWyhLcuwqitQUZQsNRNb6WW5HQvm2899zwVsE6groa+lEbVIjU/1yXWFxjPA6X16+PRYwT81OC7dRDC3aFAFWpnyPY+MfjSnWlJyuIVBzUCleGOVKrmo1Jzp+4KyKohN5CZk/swP4ZejoLiZGCjz5ZwFqlAhfO5pB5Zt3eqhs5+7EpguGKNxTlNVONXNph3kRna5wummMWfB7/n1kpPT/dPjwN2tV8vKNcOWr1kVas/ahdYYaIfruqTJscEz+KTCvP/iS9DdXxw9waUzztUYNNd7N+1MKmG0a2Zep4BKH15apcILfJvfHdwwQ4wddUZjxn460S3rFIibs/VYA/FtJthOQ/z0q8tIH5QszK55DtXYAJQV8htnU5dn+rem6oEWIH4Pg0kVOPFIatuzHpbp9CG4AHs4KbnAGZ+DMP4lGsdVd72ZBcsv0XKAHDnyKDm6uAu+JfqYklX2IBkjnTFGt+9veQNMkF4sl/4rSb3R9Jao3Uh38GxYEhykspBkI2BYF//O99MkLS1B/NFnWQtnOorhAox/5nO9j5cxxGWKl7utf9w5URctWz1TDx+umP8idfC79eZYDh2LufnnvFwkQ3/nN2EFHy8hwNKdRgblPZYVH7fyXJ0RrgOX5CUlnv5eMwYMmyx4xOoSGOpwE0JTpCREoREUCPdHO53MR7ZguJAb99WnNwffMorkhJ/BEx6ZbIZ+9WPt/Xzu/pAWGz1MRD5yQgLCwt7Z+SysvRresfbybfgdxRGbgF/hMXfyp8FmYk/u9oOkFhMWnY06XsNa0fh/OU3t8aDjLj6C0Q4uxUS7lm44aN98V2QT/xrDm+faBF7rzJ3msc61PAOx7KVcLVRXcS1qhxanJYPCuhbGAp9d1h/h2tS8BVuEMEOCJQZrOPTw0WodsyWAXQMRvqYPEfiEcI9J0u9dlwhdPOTE4KQmCalGtggmFcUfbt7CS2J1fYw4J72241UkEA2CmZKl+JO4GUO6gajsYJls68Bgz5ibWV5VAgdmXoNlmjGeVpsJ8Im5Aq7ZdQPh1IrbITvQ91d4YYh1d5MtAceNpHhh7vl7sD24HTJgpbk466yTsY1zmWV5Av+khyeZHLYRoywY+lTIR6jw1+uSgnT8UkzYfr5SXEqzzCTBfNe7nuwcmfHys70ZJuq6C6ENQOYKcSB+AenkkWJp6jaJCvXPxTEOKFVOJhcGXG4V3vg7nU/EwV58mqy4/iNe5RknzADsAIF68xWpRVryzrSRo1ujBm8Abs6d7LFwvyDk/m0m4KPEv99p/WBoL0cmXWUGhm0D4XjMiy5hrtl2DfSr8RZk+o6aeiBgmG5/8GP2lZA+0hsM0fz6rDCaE8jQyYbudMrg3WpC3efT2X25/dlSvr+JTi81A8HY/z8yEJodQ239dH3Easz6Y6ckzup05GM1URU9YUOiEolQaxiK6cvJ13V/SbqmjkdY3QnNq5D4mP5EVvcLi1IqPCb9HLSo40hHSJyXQ6iSEzPW3mnDX5usNErnezAuxF97vP1wyN6ZoXqWhQmvd/cb916zvVWt+3ijgoDwRCGXev/LoNNv4/Tg8ssuV/fL5dLsFrJUgdg0Bf+3/LrblYHP288tBpRkJQgIq1WdVsm7pnOpzudRm4ip4kKezdXxvIuJemenOt2tz6zPjNI4KaRXfWTwVqqFD/K1mvKcmGyiRilJHJxK29GwXn14jU6MRSCEc41/EhxMV8tuJg6qxcBnpXmY46sV+9sVEldwvaPSQJcbieKjTHp7mt1At0etbvgMVFfT8zBncDhrzURYp2+c36QnYhe8dvrDAda3N94IP40YEaP8Vy+ApTiSMjRQeQp/Xk34Ax7iBb3HgB8UuZlISEGlpvxSj9ODlUtUih66mOO8aBUoq/5iFxwq7XPrJqgN40eVs23VIGvt3IAn+Xo/1fZ3rydjbDFO6KUi2crTrYbW7pXEhTemyoBQzQG2qkrHXQ6d7FdxF5TyxBPhs8WVXlnEddOx6QTkbgUmbadvBzP+GOB1fxb381exgy05vqCzWSEpvKY18wwRidLNazlCdabO7zDCIpjptSgji12vbQQsIOfijE37KS9HXNm2STWq1PtZj8A09xzSaT61PryL08c0EdX1T/vH6n+cwpXMqRcv5yV70Wjmy3lU2nVeBst4mTrkZfhMOnb7D5ZcE7iuJmy0P4XArQpIu05uByczAXQMWIjWpgAO7YpB+asoXnXkNwfnJvz/JjNeX/UGQH4YggSU1H07YYxr85qdsWCzWhBz45Es0zyxKcflQjbOjZs7T3h9Eztulu3bdQsdBJtrqEo0uOdq4bTlWwTBWAxcxvVCm8RcGzrfCjH5c5aSg+nlFxiySxHR2daGjKO/LGYkS9ug0Eb774tDifkAHHh03HJKHeTBF9xcqDlZ2WP4yjROlKBUctVCN6hJHymm/B/2b7cW7pQ8/G49nPeCJa20POd1KHb+xYfqkL2F86YASxwGE+5Ssx9XKL7m81nNkQp35fIrxpWz4fuPpZ8e/T8vCgfyF2kXin0ou/qyfZNt+4Cs2UD87bo+uO7BOuvptARn0CRHkTEc/Zqr7mlfpZ9q/7MYEx8ztZITsF5sPuMunsvAdVN7XuZFPG+brH+NLCQrtaIZj3Elw0m3oa1bq7prXp8zmzDh+pOguhHmX0P0G+z5rf9Lm1N022H6yPfj+0d1cYCtVfOSnaTrKV6PVz/uWztIdB91rjge3WskFVyS8PvebQfkfP89OzX9G2WFfcuWZlmAklm4uK706tXXBJN7j+x/LOZK7WWqrZaHP9F+qherJRHyMJ01XflysZKOSciOh/0ZN1Lz2GjulfRrcxC4DT8ih9TPf6w1SJ4+IKrjUAsYm5/XaqGYpkIu98OUzwKKx94IEwKCDeWzkzd412OXLpomfdVibATfDIP2ALFZaf/UPNPLZzTFnR5bshsHz8/drsJybskCF2B/9azs2damt+A17jM7jhH2s3kwPTTfyQyPvAEj+3TnqXM4kxKaysXIr0LVSrMJwwHPRssLXc/jHtciXwzA0I3NXQuPiRz0lCSIOlGrLoUn0VodYBKYhVYcQZuFwkabk9IsqxsMGInhbf/sPakNjR85OFIZXfO2bORlTct3pd0R/4moT3X37kk0dUJ/aAb7FdFxeDbTmiu0S1QtMOkEXeAdcHPugVp4VHD7TKECvKRwtn6kh75+jbeSJV7vNEalqrxz3ZCM+0sM0+VlcSaeo+pd4JLvbuX88E3aiFK7UsmIcBmPReiirgy/xazgVG34leb6RkZgIPqrx8iV3YckNxhEXB5/NJJmVVKpjYveKOVMFZaLa2QvUE+sjzHhsbfHiDRMQjhKf5tIfyt8am084I227A2UZVcvLTj4nOGMR0uzOB6kOny8clful9voJ/N7C3AgxcT6sEQxzIkG6MA1F03odSn73+gtspSjma6yw6Rcvce707aKX9j1/XHGf+4BpQ/Z7+0z7CyiSLi+C4FWkkVLub8bemal/NHw4zis9gj+ZHJ4w2zfIXkBDxmirr7Sk9+MHBJevLAIWBLZxxnR7+SMVGlK+dTJMCZupCNy3Px1lMbRdkFW9prgNRrQ9E5WeTAm8hz0aQfW8VqPsv8xMkcII0wT0YvlX2aoMdpynOXCxRe/Q3Vaf1Wte27PvZc8JLEM/WQ8l780roPcTmCzZU4wIisb9vVMmz9CiBpctbAUhLMuAeiYLJZmxqhpUtp1+KMf5O4jQknQlpITy2ZGWV1ZPOPBRHtEMPXZe1+feLCxntQBRoPPfUvaGFAMyF4NfNnBXZjEQg19MRxx6Si0N1sbSPdH3yVTmyoGXdx2XxjsARXcMgxnjCcZQLyLcYfi4Urf31pJLplr4Tc0L6XyGfHzZxfUy8B31NYHb1ETUDmzv8wzend4SuoZWQy462XBPJwBc7LC7eAKqZFbjehS4aaixMsWGjkQne4XwJUdi1NSwZmpjwt1KdzEAMM9NZJWT7ptTElJa0+wCWuKcM7hIwUa8tmnM/gIJfU4Ij8OqBMwvV7eX99x/QvjSBKWeC8GWz8QJIzpbXvABrO9RdKtizCHipAzVXSB5xzzwqYGPe/Mv0amFMdx3H5V8KyXw26l+KkGGzAnYdAhcUc3G919RR77wrnnP3cI+6Me5/krzzGpKdSekpBBvMB09jqISxXjCuAn7K4TBWIo9yr2d1cC8fbU+cu8yaw1ix6dt2XhbNDxFzsBY8zWR9XLW97tQngg6BZSjLy7AfB2EQ2zPyO6HM5EwnMONsPvUSDmrroOnYVWmrAuTKr+GrfE/sMJMU3KuRrHeMfQjHmdVHloILiJSwT4Z6AGGaABBvwETH9QrZDiDYLbegg9ONQKgp+RfpGdIVF00YjpWNLamH2g+rz1D2EXBCKaqAwGNTuogganWXS8OYvI5IovQlzDofQRkKBetW3UReY/2X+a5vdGFVHVQWWqsmlAYWVEmZ13AZEtnOWGQBQKPijBXo8ntHpwzd9eGlfmueWad5tuw6mtZAAxjN9loArBe/If7WQcDcvUBojgtAzFPCZiHsWF83PP9riNGrTGuhLMSO6oXpLloyauFTWm5ih+67jFOZa1Bcamj8nqfRFn2gzcaWg2ollStAn7TZoSvX24cJRVgQ6MEXmiZTzURAb6lHI3Xy9RjRHP8ZJJgg4qbixnH+HESOAGilXMlRqy7LA69/qK08WK68BGf7K8U8ruoYJDnWRad8wB4sH2COCRZza+UZO93R5ZhgQhD2GAZ3LjMZNW9QxDkG3YUylVHVR7Sp1X2pGeF/1UpgDlppDCb/fnnIOVQBJvqWu8JApRLb539H+LtHjJPdP/N7Y3rqDYdkCUT1MzDdg1XPTyEdKRLMUWPCW3RcNTWldRITj2/Hc+06K/5tQ61o4RW336lQU3ZUQyK5zwsETLr6qtjq3omL9e4S2VCnn3fSkkacl9ixIZypm6YRfXbvQiyw9o/rZLB6odA++qEsZKtGjJdD/GadfHTSwxVgZixpUugc2iKreDuWVD4dqjNFn+TPQtqpUnhB3bCuO+fHPXwCJK5/PDRI4lsNv3xSyEgvv5J0UeL3BY8phkJnU4NNehurNOvukh8dyjAP3lPYwWdpDh7h11kpvfsAKB4S9uv5nwi+C+tkrIa/ukO7vs0QKss2+HnR58v8LFSmClj3PA5p7GsCIfhnFpBDyu/httfUY9EGlc4AlsYflZ6sL1/S/4hGvHa2Q1V8pDMXsYzM4HzofwBZlFdM80CssUT7W4NhIVRY2Yrq/DiUTMjVjtLj7OZaV8EwyicoHkL94w9ReRIxS/r9luqwZp3v2iDTUBk7nWurcWYsuiAxvYYgN5U0Y+gb0SolYprUQgl5Dq2oCzSMPkideRLNPzOhnEcq6J+qdPQPWYBOaxUkeoYDUZdwjM/6MkK0R77VzufF1nWCnCmCDH/qoOaUoH4BMjPdWbJ0YRC4a2owp/IXDKV+D3mdpSNmENkB0aN90uESVe8fBO1X6m5vpuyMcw3p6dVrGQwFDobCixWj1mixP2bQbCefks/RztsjcS4oeUZQCtci3EqExcl9jDXU+upNyUlkUq4Ou3L/1UL7UclZEUl5USWVvhpZv4b04vyQgQvzk6cAVd6iKrW5OyVAoHSksydUAuGd2STyoJO4I7JQGySh0tEIumCJxoePT6mMCWWrqzfX8MAx1VKlF7cdAMRI4/65pmLcbZI+c3fqENa0CXZUCL04qvAQDlKt1qkymlZnRpME2HY9DhrT6hwY7lE0AkLYWh6O2r6Z+qhhl+jeP30UcWBxsTu+eUQkDaXHiwjGbvC/P6TBDa4BF+QvLmigqA1OC3UpwUfyqxrPEHaW/dnklCj2GUTY1dVZOtV/nxON8w+aWPyU693nUIrhKU15py0w8ZnEVB+4qd4q9XvKleV2yWzYqbxzHctglZ7HK+gIEn8FAMSJcksSGz05WAlUMKmuVEfkF5m6rUzZPJ6BD4YGXCtnFFGwNr6Xo0e7qQ628iEH7XRLGLyQEMbrgVDdW94/IbLDtTaRvozet+UtmxzRiyrH1yVycgciczFX7YBvIADhdPwOEMhX94DB7QRJEKeSUma70bo5pwmhOWC817M6Y+WKd20KWJ/EJqGjhPaVtgndakp/aDzy2pFE0A9Gj1g4khso1yAgJbTF32I0z83K2M4AZN8nR+5dDqTN4dq9tDqgt+sevoSH96CBVPOLclIGRNVza7lSLk4z/2Vg3b7a+FIRs1YuAi/F5O5qsm8lpcoI9iDy3sz8k/UQd4LJMQQFOMhstP2TSE8yuA8GDniEV4H4/qsdlfUWb84cFQhi/+AB88jKtjpDLxJ+pSQFSLqVNz1i3yLi7buhvViDAfxUHVUxhWKvE9nTD6AeGVy/CNFNnFNuEqeF1oyL3wcWKpuNOBSFLE1gIaX53MR6g1zykjGiAOZ4hMl4UI1F3vKmobHEtbC/vJf3r9BFim3HIPjd/KWrQHYeMdKNzDeIyP6usr0F3k100g+6PpjGNndEKAiAmbhG3wTvE5phTvMJh/LeJyfB1gEmDBsIPC57zo1hpzy6F/TXkLdCjfXAN18JV4v/Xahv7wuXbnzL048CNzNHKN+F0amj4sAI0kzEjjq4gwlfnyKDWExVdhRqeGL6izvxfxXpdiEmbOlThdR/rhzEtY+Ehk1oJduC/wc1WrCQkzUHmbgyvovsIMv7qQrRz779axnV/qczAfNv9lr8oa9zDzHbOL9J1GS/nQ20IXqX2wbu9D/aPI3wofc+gRxORh+HP3+viu1Fkf7UZ8ewRCJ3GZIChe/mdCV5btYWUDaEFDGnzOTXn2KULfFu7wO0qvKyrvRVrRm/Our3a792mL3ZKRfUlh/KFh6g9pUswBa06uxhOeBrg/tWHyJaNRflQvqrwQ1TPu1qrlMSvJR8LMVq1QkiE/cweNjyLcRo1OzU9A282WLkFnDnhxHie17hwxokXL1qzu+j6762CV/YBk7HAEdkEQyvxck/ZWhcppwKRymMwNNc97m7Hu6tbWLFP6+WBEi3ypdVGsp7D1EKsvE1UDT3hW/4WCvV3mg9/sYCYLlchNyKbES3DPkr8JHnRYPHnCxcO7+/VL33aOvGZguKMi+CQkQ7aOLxMYnJUhHz+PuX1yYmYJJsLcKUq/fv5q2EXffCL+aprTJf+xS8Lhkh1eaYoNYjtcqhjSHCNHvdSBixDzxWQokJtMgL+4yUGG2yAT03w6etVOVaQDmTkbnwLTe1zSR+WukqhQiWBAKpICmAzQsXz6cNCf1OuyYrDiRMbP8My7mZbxVWUe6aR4LMZAgy7fNZ1ky3nDp3J5D4OZe85dBRrF5mzuHR3EEEO71o4Z0U9tHM8kSXF1dpKAcucf8sYojCP7vv6kzfISLDexiEvZ7Abw2XBBi+AWNSAw9lRrxxXNlJ605EWhPtJOPd48OWrp0XU3K6+hfCGxdLzh9pl9GBeVX99OkhfW48xL9zWtezcu9gBMaeRshRPwjln8rGKy8go+XznvepUQJKpuXdageZkNkmzONEUOVHiUIKAy6BG2PtR7g9+s+/R9JrtwkRPrpr80uX9+lX1+iM+oSFZGCftZvRq9zXorX3+JCE2t131/kZw9zHmXwe+Nc4wJ6VhGUnuiww4gX6vS6T/3HmHQJG3dFyv4GxQSOLJew7gKOmgLB/gJ79yQeETdmjYL2tEe+NvZzVPcx4KMlbwEYTP9N8+Hd92BjIozdDPphUxQ22TOnG7cx4NJdTLvM7wkKFKUAW595lZDiTxEMQ6Ri4AQewt8zJuMlftrk3RJfV/R3VPvZ11gNmnjwtLNfFHmw02rGE9PXP6NYaLhTmWOj/fe98tCuhcvInKWVPtInWD6sBtsQGw1gSSn6oWRJEXMPvfFit5d3/ZVW0pjJWcz5t02uXkIMC2yaAjdwVcf2p2PubQiNJnNVZT8979XgZWqEkLsWQq4cj8t4h2Xc+tsOtST2wxxcvH/5C1OjUbZa1Ll4gTg8LfWvAtSdnLkMumIuWRy6pJs5D6IBl5FoP+9bAjT2PiyLMI8vx4++RTOpMHXrWaE1fbfl/Q7osRBkuqYJDk1RIdavmhSFJTGnqiZHV+KOHxRF7rXG8BOiOfiO5V77tjXQJ1p8O3gOcqfW4/gqyQbnQ0GgaeidZlsdPcSOfrYv9JpJdRie2z5vwJ2/8yChn+KRlJEQosQ20O5DJalt6ALjM6Relz6Qh0pNbX6xc2Q0latsuRQZcO6qifZQEVASyYUZGUpEp0z+Cq9AP/cUveHowP+bOPuYtXawUrui0suSPnXsMM30snf3L/0zLR3A8OBMIVTP/JyXZPqF+AJdQGD12Shqi/157282Kw5KEsOFisAIgfzMyOD8Bu0pnvAXMEcp6b4eF5QLnzCbTMJVQv/9oLX/sAW63xFDUY1kN1jrDbI+IcwdMnea9SEj2nBNUZqIdULXYNLdrumRUloKWNAjq5/1UeO/wYkCCQ1q8NWa4AkWujtLfvzqJQIPeGwaU7EK6PyM2LDpUB03Q+f00h0ciHnvRlDEhSp52sbw9k6q2/VdLRe5jQjNdpmyoniaTUULgvRrsc5ALFI/hw0gPWC2C6TaKjq0oRR/X8W5l44OwS8+5zRxwW+MQU4mxge3ir5G00T09nPRUSJnqR3t3Lze6ATvdM7aQuHs+aeNKNirqTHSukmsa8w8uehMmBW1vYuVGktAdTZMDEJHbURoDatY1hsVhKWMWcPQXMnhHSvwHmAYlHilJxhjHcjIXAC/GOOjy3TvpJ2ndrNLasUeddH9X8OBNFwI3ftgan4dU99CrMI02KAFdm+EVT1mYLqieheAV0lOpQVodQsGr/kv/WA8JQcOIRKvGqEpJKizsBymdiVKcCvBd9v+0gIgyEWP76UpYm3FgGA9LKMzMPLv5z+Vo9gfIsBwFYP78SDWF+eEvG+U3LKfBgmZg2jN3xzM+opetJFK15K894oF9s8KBsZTMzpHZuq7dBUydqHGpq8jBmrsjNjdb/78Gr0XJssA5BSUKemxyHegfHaHF8WkQ4twpfJMYTzHqorROLzXdC+N54UXreHHcfnVeCiYpL98YDMiJL6EL06UNOPFBoJiA5SkaZFvQFdcpVnMf5OqPvmE3o1+qdAPtjpk8Q0WAMB2McyUrCw+qEIqAwnBCo1SnhEiPB+tcr4eBy30A6DdU43ts+fHSlLiLEgeI+3WeOWQCIMAzUdsML8JMwcb5Biv/TVfKC/Os+tDjir2xRHnI6t+pRQQZ42YmxyVYTArvn/tazSdjPnlMipKKUFxe5aVmlDl5VAIf7JlYUZLTOPTXtEftDo5dkJrgtx0fYJ/XzZ/VzuKBz7ZQlYHfXV29Im43bHlYGVn5mG3xn7pFEsIPlknKryRhlxCqQZBL/GTESrHoJHrYk4ww2cDO7MGTyI7u1Q5M02QmCSvj98n1jCCrSmNiSpYKEZGV3+Jpu+QmR9HsZXZv2jPsYN+RSY0xbiEY1dm8jRYUFj3ezgakvSNTo1Ijhp9E/mojw46oPeuh+U6miYIp8QPP71+aFQaxCeu6B695Ped3inewzx/yeJJeCYbxaP309FeWLQN0xu/mJEm0V47L9gOPz2OAY8yIk6Ol11wCkYQcyNfwBVtnsjP+5Oyo+tchgYRt/kybe9SI95XXUc8rXH6vGQOqHG7QUA092qiLN4PzEnU/6+nJCwhCgyNpjXRE7IpLWP37vq+xpEor2yokBU740x0YHSXs/FuUFdZuFbzE5Hmhv8+ELboyTcJisbEQ0C6RAR4QMsrG1loWSlI5RmFfAqlCUKvL49UfSVb2PaBqIRqMx/L1jr0W9waSqyD4wi+YQs4XB8kl3uL6LSrkqwXl5RsK3WZ7P2mMfYulM8Jd1Cifn+Yq7sHRE+9D4I3WuX6rTZLbg1aTfYEyYgdDovB6dxDd/TAP9Bo+YbO65Vf+H9J2SrdXOSrkpqNXU6ubPczyBm/siral9btN7x4Ln85X8Pkk/3gZzpC0EplHIf/rVl7vXxebR9d+aSUr8cQuT7U6dmYaOfBIvn98rrdH5YWKVs0++SJfbTA2UITU+c6/nfbi2pVjRthy/mldOnfncaI15m8N3zK3B+yZ6xsTiZkvw7CtxpHbXLGo6w1R+m1whCqAVDNPitnRfR6kfc55CLW5ubrJ9DbC1PcIRpKlHcrC/i8MOpJ6txeRxemEQVCEn7VpdXHJ5cTmmco7uXWBy7xhqHu9+zpPhTBcx+IbulYZMZk9J6pzQsGx4tReEOlnBPIVGyPr03kGARXFNthzWUl92UA57r7qx+798/yNSSwyD5AEJds+A2ZmlTvPq2VI2O5UHB3IT+gOFdkpO2G6Wg2jiBzefiJ+HCKQaWaXS2+UpTj4bTAkZdg1dLC4y00tRWP4L5hlwSRZgIEe8lXu1BDL6b5qjbAFL/vDQ+nz+U4Hu4mDiYAaWw342jZVO2bwJNubZkCrs7SOEMC4LVU2FAKsWxR2+IPHmWSGgVoxa8t/fs5GqnXmhzusPFfBMj95ohzw15tut5qjq1o8nvshGnICQKwLN85LVDU2UUC49B2n7PAx+nG8+G7Lc4MNiyncF5K5KwLT8ox0dWm9Va5WBnnPVlBRVeclPoqp86DbYLF6ML8uwOgMFW6E4h6ITVMtWxl81ra994+Cdk5XPhr0qA/XTOP2GdZjmEW7VCojiiDe0eQme5ZeRu1n0dgu3oKM496cTm1YzqbFu9xVryzU4GXbqVfyhRj9WNa8j4C0htkIqfUF5qkGpCdQc/NWoyoyXgfbsIb8sc1vQS52PtgWIEzNRPHjxMEAP/VR0dDkboUXLMs98IuspdK/Ybso84PSk+Q1dzy+CF2EsApir1SY2AjsSYc2ogpnynbz3NuWgKsFF5G1u+rp0wnyFCtgEPFyeDfa2T6wbnqbH5zjyWN8gaSGS4wc4EFsUJ7fss1+5O5BqIvRIeXIE/AMHHsxtbBHhkfw99GXMdYjpujK+GLSp8iwhrUN/OKphYwfwOaYrZE8UfcWriTbIdf9YPNjFWdPB6vAIK+HViB3WpANO6KOXtubp+7aZvMBhf83E37bLchYhnfCUEoPWKbl7nx+9H7/Zq08BlWLWaciRU4vl7URQkLkIf05/t4nhWsQpMf/K8RyP9zwx+0H0gfCTKZfDCsKnRGiYZes5rvDWV+wVGNHwj1mtUgx49FIiMSpA10yYWU31CsgAhVD6yp5ks3SvbxI6cZt01pq1cSVe4maxyn28SGaYYTlAJ1TS/NrL3WVbOWxvjK5The41MeEVvRo3ICTxE3wTZa1P7zuuxw9R/WYSKPPnNMLpruMRXn8EPXHgJe9PSgMIOvduJv8AT+11xj+KvNxDBIUdbhqsv9YDiHZV+lFd2PkK87I7TrCpLhmUC3kzMakgUzfMGr1ZJt0Avj+BbcWyN92mvr/cidKB2xFf0D9A+aCdfUUiMRNaHvbzOnptqTp/E6b34ZeODsd4tzDiPDiqZYyz+ltRkDR4lS2bjUz9ikw+g09IERs9dFYMYf+lsYrvjbLXQb3tPoai/cTmchkWpUm38GqN5YA+SnlR63+HQ7nujIYxhC1Lkf+Y7CCYKSOUnmOG7DRgP6U8K3i1NILFM+zgXbL8/w6bS2kFx7vbG26VT4YDUVH8pVqgj/Ap2vK5n/hdCQzv6JcnnAq0GjfQYQM0J0zDP1N8Of/lzJ9xIbPydxIHkE3Cl+YBKVAoJ9QW3V9e834QuAT0GzRbhejJtriauFdoR/TKz09eyQgheNharlz41Cay6zjykvgMO7qmvuRJ1k1Y0E7WZt1iKy6l9+2cxeV96djLHl+EXM8Zr1QRRTRNazsNnVgloEQk+pWTQNVikstMS45EH2SVGiGiwOAcB+uWz8q+2plWaF3MwyuPjz60R7tOpHgn/kFcfPp5jQ9bPgtkPMlOVb+8orL+ChCa/30llouSynbi4zhu2g1+E+NS62LApZLyjWDAmw2N4i/c+3z89yuML1DMkg0TzsZBcbxMxEhDtrplrusdrOMGsoOU25XTdOl7ba2LArjm4YUMda/ZXX1YJINaAakqIHvNTUUEFWibCV0iCM1eLuAuMdLx4Jib/P/QIcEhP4tecPqGxTTf+7EC9aFdAG+jjHJZpO4eFS1Z5ymCTa8hP7ZRHQb9lf8suwzoQTGSxk7QS/V1PvznMK7SdMxhgEZiCHnucy1X+EtICzC8Vi2fWaiNP0AEl1l8PsF7gIlKV8P3OwQjreFj45Movb9+gU3+GjgVTdNih9ipoDfKkietkAUN/TSqXfkwkEbu1ElXTkTR3CT9qMTHQswuoj1tAydG6YFSTR2TvhQQZ/fVUOElXpJtT/ETc4/lwgU0tsI95KqhGbvXC/Ce04p/E7puPgqo/u52Lv+sexi9pvHNBJJMuYQ2xN26fk8RMC1fkLrHXPUmwhTuFk/aUdyTrObwt/KcKewilcNVI/wP0L3zPWqJDWDZUVjr5vcZBCcRajktqKJP904oxIRALLofh4P8prxmP1t8DR9AF8NnNSzZfrWkPAdIHAuj25mB8v4T/u5B7FiXn8o5m+gsYglpfEryk6+0bQ4yzEUNFVOBD4fHShT0JZbs7yiyGfK2DyP3VFTScrX0MqigDeC14ScDXDg44GpfwRZTz8UQzLS6CM8gGR6jVxLRTzc7X1wd1B+CqVwvIqM15pW6trvqbvRgJ0Gh8MCGef51QomwbomZU6Kk4kcuVF30qAajDwbOTkYFdYb2b7AYK2onBKCEN2gaezDqCQND7E5Tqt9A+PkFfrjaXWpnPQxXiDIVlpcVqPPuevvEaaUWim82Ooh6wDKeU2J8sBG1uKbqOiMKd44Zc4C9/w+bGx1NBt5jMuK0foyXewUJ2/Wi/llhBLGZODGaFvtw7OQdAgnlziSJMXkr/kb4Dh+2/wQNDfIKKUCP+lTfkFlwituIVkfmkHU7pLf5NZkonCj+vc19mmxYfcu2/9BNvqzLbOh7E32Bj2Ks1M1VGRbBmmSmyWVaZMUoO+97ZuaVnSSvh9k8LHqeYX1gTBVvBSBJa6QJL6y1NC2qVOX+r8ye63XvwgBQCrfHpCUWFhGnXV9AhuCu6dhcnZ7O/u7uGZZpy3SyI+ehGHhq5mWAfu0VFz/M/sjAD35tcyjFlnXjNCPxRQPcBLfUuh+96BYpgRUNxwyuYR1UfsHR8+9yIuILez+WUgTkZDR/uVvqVhYZkfI33Z4sx+PA2WUPHIV/FB07oGNNwFxRiCmfL1tRhBHslVwIBmdsr67R8DqVhMf4HWwohaOtimab4GjBmRR70BR4GPd51oK4JlD55UYFRGN4ZE+LUOOhxNQmvKQANPkuWsLQp0IJVewrxo1MDItnjSBR2qJiJIgZ3nsqKNM72MrZrGTK3vMvm9sBaXtRiQmsIKsX9tf4YuOTXXRbIebHLjfmJMAvKXpKmiZEm4XRnLQt6a93odcImX+tPlMCzf5iCB4fN0dmy/fNQDYjVCinRpwJoydb5sKUeZh7FES27MHruDZE1utD0ENQ6YX7YWbUNi3gyXtJS43VIKK6Tf70XlHv8n6jqW5NSW4C/hzRLvvWeHN4338PUPRjfirRQhaXoaTp2qzCz3DOyvf6N0uSetsKi3+7t8yUmMF4gjDy2WNqxsL3mCsTUjATq8agvEWnTcW+sUBnaURhM7+KFf9YBpl671+kpaUUOcy5HmpK5y5UA/80wESPF6OWmxmniXI2jDamIjsqSagH8c8y+jZn2JR/XnuMSu0d2oV49YzXLKlK6YUog63PH4N6HK+qXAT2Tfy3Tva2Cq6Vh+JRaYt+o/VbKQ5aGp3Qhm+2thymFcJN1h1TzN8GwlU5bKm6IvfzNFdaSn23DPtahENDdM/L0W0YvnZbzKLPpTvGWIciLcvHB+Tr9IOQfuAViyFq1CW+bn2glxHWcmIdozNzhJh1jaanlI0c9Ulr2fnRsCOwU99wIkPmt8fwqu52/z+So4X/AjMdvAyx3M/2bFkIsVDLqBmZg7St3LSvLobHKirisUO1tW2SVEzEgaUdNIXjwroYNvu8Yp28VrkJH8tbLJLd9nuMMySddLqaDpZ2y84CIsOnyHtL6mR1VrHO0aqnVYRocJT/PRVn6IR/xCy3LdsuJPmGxTm8jJLF7Zb4bchehUEhlT65lKz1yrt7y0fhWUVc3A8yewVGImGibCtj4qE6/fwqzRs/GaHIUoU5N2qaUvXtx//u6iZxFtvnKlsKRheFbSjj6xCWz/lmNDbaB5Aj3U2Htxjdc15sp49AOWGaD/XQVQtV+SuBJ5Ik49nn5aRNvByZoMAaBSiCP+Dd0JU9ACofmw5ccOEHQFlzt7CIFAopP1WTpZL/UMOG0YGhgVYuPORizElfe9R4uH+rPv9/i3kpYfvsK4fh9gE9dndAIWpwfMckAYnyBVoD7xANvUsy+ME+zB4EMjAdW7MY7wJLIn1Aiw4kO5xjXRwyngttYjYdQ797yM/stVy2EanqsrSjLOl+Z50lJICUVjQzMymnVmA/91gMclBhj9I/fz4SircZd49vdm6Fmhq9Ll4p434EmAk96j6RZX9BUifnVT37cXAw6qDz+uRrbmudxOzUuuQqGiJK/CKJpLO2P2sZdF3VXdXdhfWbIpjmBHoVEYO7sVe5bBOHjxW9AGR3+DAkQlFDM4KERfeaPQSz81Gq97vsP9ATFHVGF8mtWiPl+PC4lrdBA/edjQkUtMf+r/tqfn2+jbKI4CunQFKtrzhFFRL/EGKoHr9nLqZbGN/V87ShmCqj9gaIbym7pNr4Ll9OkGJLme4wTfAzEJAajRn0gWGEQtfaJslAT9lX71gxkSeECKjfav8i2Kkihatjneq1nwqKUqJ3SY2QU4a2fG9g6unGYExfP/b+U9zRoXvE/9mWbuZjQl7dMhAgbarYQo+FsPlVfGUVBRBeRyFXNBquC7kSXXPgzJmhHZdwCF+til0FFKvD0Dw9lp0NiDe9rhujCVyZOAG/YQV+1ahPVfXMP0b3r0y+0/HZJ0eAv+NExTRxdqdL9s2fPAQv2N4jd7T3doCUvfaE35g8FrgN5VUbi58rDy7U/5W+uJ/sDnZeMSEYHfSgV6us7Gl+Pm/npjSjr6NOCB4kWPzuCEFBzeswp/bsussiQNUWboewHzPPRAYSKEal/u66hsegUUThZ0Rl/N9I2djPH6dpp2Yq4VYZwXryrD5vxhFXcwtABqFfbz2Zqe+QLdsjtbiWH40QTmdQ7GMjhyL4oEx5Xq5GgWMtAK+p4PE8F6o1SOvk2e+F1pPHDwrISaGlZptxuYmFK4eUIHzR0qdbRymvYm5z5lmm7OZSiA+uUdqK0Docb8buXwIJY/+ciTd+17ahrGtx+nZTOE+zU1VItVdWC8B09Vx5Vazm7l1OPi/YT+zDtlduLnwhJuib/6fFx9EcfQ9oWMmpXwfmW5kTKJt1s07ixnqw4K4Y3EZGIXfy+C4drOS1luoYUl+fyV/E6yZ0EV44V9VDdL/bCdh/gm3K39VBJARKEb9n9cEojtC24QAG9sAUvEr0lLwGdw6gb1oyD7ANUr+J4UB8Gvj9JyrQozbz08lp80Pf1K53l5r/Oz8jKmhttQTL6CM/Zn3ZayRkrzaZ55ZSu+jtySjSY1TMIJYekgr1qdnGxJZSVx6QMF/wkS8ohnL65Hfw/K+dPRVj2vUhRlS9KZ3X2zeF4MSe5jXQehBrI8e/ZrFSggww39gn9Pomt1IDS6iJAnl5oE3H6t/jdKOHpK+MBGDG2sHDnylEhUKmhYb39khapqhrnzD8YN2MDg33PHG1BmDyddigxyM8OVpYbFL/jfSSC9MLe28dqdRiqKLBnq7z1zOiqwvu3c9M9otzCPdpVMBJszCkUZNK+aQLropVLCgVX+S9OnbGZaYOGndY739Zf1nHMU5NvZfvGcvdDIS/Igigw+lu89Lbxh/m7sxaD/GMtnNKuOD4NP4FZS603udR96CmlIrhb/tIH1SBjAf+2+MSOP0Otzz1Qzp3o87PNiJ8BwL4oMHuT9ImUPojT6MZIUwUenfZ/iaW5dAY8EriyAQ8GPDTy1jHijnFSBQgkZ3mw1o+Av4vkQhtXoczRUoV51YQqcFG0JQSTnzIHRST+0i2EUyYbPkEHh1vuojfj083EJPVWjUu/8qnA9WuKvJ1jlbmgW3yuCGM9vESRWfIPcomONaqRwnOXZmP41kMEiWYLeqJEwZUlsGlVPIWhi5f+brqrwns280aSObcANfpuy+Z9cCAL1awCObSdZrr2gFoVf1Mq3ZzjW7TH0FOtwbL8BC1gDNYI3ps25A/Gj/N8vzaVgLETA4UjLaseWBjomk9fehccZ/mxL1lfgv+KOYRrxfH7iWKwqefoZavLN+ObdT4LWBSrf1gDLCoqT/7rx51WI2i/q9FuUeuvWY4a6mSDVWpL020KR1VK8UjOKuHuateaXEaEF4LwmKVKGjOApL53gdAnABlyZtPObjG7sc65i4hHYKFjoAejTCNpGmPQ+gH/DBfhFXr4DHV4g/+SFmto01bZOCfYwpCtUsdGrhNplccoxFkfb5nsFrosLE1v3dIXGr+h1WmP1X4MgImD6NOzdPO0KL5jUni/bxsk8yf6M28kiiGNjoB6BGwRwOrHzBx6rUDol1OtqdDSdfMh9k2YnNeIdPCEnDWVL3JM5LfGaqIz6DG36P8UEKBYo0cGLiXzCMejyB4VH7e96YL+h52+AoR+Ywo8SVN+XiulLPNE4LbDRE5MPwu0yvScVrIPV0AnhwbXcZTplxPq//MsQJHPHudFeoQhOedjjgYdKheHftnDDEM9q0LgXTXx6M/kXH0PE7Bktkaj+p1m/DWT8yV77Lcbb1q12LqzOwDHKv+QD6GWJkCoT94bmBhbjSxgSg3siUbt4HbuseuILcFpZLaa21J7A4Q3CLiBFhMt+TwX064kypgUow+HCzbyVpp0E+JnP3OaBAy0oWtLGE1kBWfXV/9I+bRPFvLD7hnphCV/aFjG6UDM2OyNZ26+XkVBLZFSHV/04n7rer7olccruvdb1H8aVXj+xCOOh2uoeN/QzZKhwl9hpXzawpFa/5Jgl5WwtD8flhnxPQxtt+54Ls6kDecpGH8sI689Ay387IKwnadBPeBGBSnaLxCpqxkgu5NLNRViVIICLLVLMIOBOhQP6D8tQOZwiRipD1YHQL/d6mgLbPq+qZFS8Y62X3wRdCXYjBVkH6JHb4hcNG+5AfW3yvKLZWw7zJZ+TTF0hKiw9B9pSBe3BT97KjDL3GP43/XoOPwmOgD+R5EjDD8co7JeRkH/U6LxgJLuMgtrRrR3FqTAieqKEewch4kJVqdGVSslIAzjP5N6IZ9gLKI6nX1uWX+KYboTK2CNA5s9PJIz2Qnk8S74QTh4pKc6/UR38SYE/XtozP5ML5G+LKd+FrBzUEQ4rAfV5heA+vrRVCjgMgsS6tUSwCFvtsesPrCBzJX04gXHiDsyx7g6ZiI8ECDfChRVkMYWUuULglhBS3SwQ+jNhPBTK8um62CCmmKbM91zfs2CpVg/E42+7nAmXpvEl98FGTEuaqlpnRfsIATUqhDmP75s8se31K10WdFiVfp9U56AuL+VSLS95QxMqy3Qwby4ajy1h7xYIx2EvoE1cCYn7nyDtS1bilA39es2qMOZYFK+x0o4ALIsmAuyxqzewdtBa9QbNrvBfhh6I/+lZvCvEGPjDXGgGERGlkToGSKKuJKasAFoQLmc6o14QpxGdHMIqAxJ7jwN4DNKpFCeg0qSgKsonDK9+StvuMYyneN9AgGxI4SXkPo2AII2jPTKkhUPCfXEHYH+zPpyTz+mIvRyGMykRkqZ9dRKGPc0jFRo6u+w470ub6GatwcR7tDJoRQneyhplpnpOn6jyhxY9VNdq4GHqvFERIotaujAWNdo9C6i0lp5Jb1pVIpkVXGfL2htW5612Ivob3zJTqQPId6uu2PwdCrB4NZj+1UXZ0I3p8GF9cLvQAoSoJ+3FD39NNhIOHpT0aM/MpeIJkRhHmRegL6kgKHQzpgb80bF1J0H+Y80DEHaVYpgPpf2lKq6/nEKJg2ZBCvRtRcE1k0Ghq8wVOYLB2HFkJwicFZmciLp2TpaFOZiD0w+gRrXVCI1qjWy5wEZonwj0K8XU3d7rdabyd9t3Um8z+Yj0Q5EksMLb/eUDRxAi6xK8frnL0+5TQ/I9y8Oy3BT6hkEADssWHWbufAD7ffbskmmEs00C0m12435HnqlzG/peqw4u9MNRWOzuLJWg9Ltk12CciWKkVMA4eXz6oYmYchf5cQoJfi4Eb2REieD2T1a4+Yddf7aFh54rGhlF7zTey9TsiSw7lvE5W4QsLCUgysGFXVVIgRF4x7mnP6VE24Bc/WIwnVlCIHreoUWw0mu9CO+XEOklp1McI2zb3HoWdxD7Z+XTvh/jt57XvyNKIC3SprJqEHEMK3xchP+a6fc5UMvDh3PpOx7Jnwssx/BdSrNO/l1jRxlBPE3KnDqISZbQPqXLtm/QF/gJ868z9kv6uQnx/S+zWCKQFsxgD1sq11UtktfYaYEqOAknwqZGXxfyK5fKSt14MAKj4e/HtSTQig1o2e2mNIWePmjzNfeSH40zU+qeuxT8NMhm6W5iHnuR1j33z79OiTNixMzA5uHMam45TaLrtUMxIRmfdaSzurIX3KWh1mScasb8zQ10vtLOdZ/dA6SvPfcCyeEWFW00BYV1UfLb2av3vhdJ8So6Rsj9bYoW6imPtQzNAX/+TVtGN6JKPy7yi81eqQbhijygRfXzT3sx7e1lGwaDOent7l8emd5TvgMaFrGfeO/QM2/uEa2WxhgaRzSbbwAl5lA7+7KaOi4rql3w/exnZEg17NcNvLjKpPuspPHGi5ivRll+vf8kstLn2FkcRaDl+BsKxc7JXzJ/sTCIBLMFDWzbASZeTMLA+xXTlAYPqMuBP4f01snqlJpesM8K1M2uwcU4epZXHwhF99GXKaEZ2Uy0sxW9Tfs6QjPo1l87b47ZQrHXoBlNXBfFYJ60A77kMgA7btGA1n28h7MMhKI5fp6RoMp3d/LJL6XRc2qiZ7WQ5ZXKhpZDkFs6Qc8HUYiq/k7nIPy/fVBOaGNczHHsXwOJzuCIwwVe80b82iqI/XKwUeIMl3BVUi4d3LaSx8uunAzBYHjw4PgklQVkB+vXV781iBrIkTUrLcJD59F5qKn0eXmvd7kidYMXfAKqfsBzBf+3HfQjKmLzsI4ttsJRIGiD/cDT/21Cx1DqD0xRjmEZIXK5AMp/G2S/3sYGRvLc9pFj8uYJx8NDimkAcEpALJvbqNtlNiCvnn66XHZ7icOnHcdaXEOoGJwxYqGAgIvz/RG1PvNOKv6k9pHPcmLhdYWMC7ryMJgXlyvBAFsJEN2ZeDSpvM0Lv4Fp/dC1nRzuCQAowXw8Ar4pO2xp8yc1X2Q0LekOuF/zqZHGgPcEfQx0ibLxczhuY9F03EoNys0nsoNzx9VaOg8P0RYYLg7wbQaDArCCzerlg7RZYoNnJES+SAQQw3wDbuob8c0HHA35X/UWXTc3UQZq+B2Ej6nD6HkY/1evTH7Duf52L3obLxQJ8cJiVqR8Mx1wfU+WgQ/y+1h6H6SjGrqnXGu5cDstsB/9KgtrdGpOzehBY2S43TlTkiKBxs9hT1/Ybq3gQTVxgsC4uRcPLjKG5cXd2OlsDsp1qq2bpV1dUcKI7KJLQxtvDLTbmO1BgKEu6aFsZ8izrT/HIlpHjX7WzmVqwmK8cbQbgyo6OPqe3vPe6oCRkZRHDSqT2gT2usu59UApNVXpR6jz5zYoQFdZtHQCPJz8oOeIT/8N57yD0l36WYfT+JdsXvrjtYvOZAos6udp25ram785ylLXmgk+ikOq6lC7UXIsu7NwKBWwUwtelLPOV4nAH3vghHno+1+QI0R+A0/i2w6gP9mspzepEX2odtPnvkhMK02QjTdhKBGZ+R2TZKLlxzqPQ8vIHBHzrqnA4akSmF6K8HUeiTM7noqsDuqgD7CWQwk1OfJkwdZBAIQv4KeXoQucw/YmDjHTQhSPcZxi/IkY592r1+tn3JgCVIXUpYTufyHj+GqWBVl7+l+egh9F1nk/+ntmaC7L/uGkkWhO6eUkX+18mn77LmhP1Dcg24j0hpTIwLcM/XwHnGrtJ3usUCsmG6Tv2XTZy/AeS+kS1/BXPvhFLPIlzG5LBd/No6epZjScnyJZheEUK80ADhcYAPlMDXzIy4yRTWJr9NVW+X6zPUQUV16jvm/S3hI5alOCrKafRDJ2lUBppBO48N+cG6O7q6+SHoSFQGJX6Zi+pHWF8Zz0ohLtRcDW52ZuYagJcEzxD7/82+BK4olhh5lwJTZFMuYv6Nba1VRaoGJ2NpkcdFJ8BO+7+KtpzMaUJGFOiatGEWwzh+dWrUGNiVrhSbnEjtkVZB3IZI9MHGPtx0rY43DZxIdVAaa+0v+trT20e0DyDBtFNx/R96Khx3O/hFpZFjD+Ob1ZSKyCwPfxMlASZdnfxjEvV/ogXpklD3ajflkWphWijwWHwBIrp54Gp4s6UOCZa5YR51XdX4qWyHarWuErF6JuGWOd2xVBVWkb/+dz++KDFRUKVZQM74KhGEFit++j8feyLL/pnvYXgofrz3MLSrP2eeARJUgb+PqF82wOqr3at+UaZyWd0rrFUBowjWxTyGldcQhmZFmWxN06X9kqeQN2ndHnMLlD4K3XLtmRmaCLo9I0jNC2/Ot7VjpCxcEDJ8DKbwjPdXuJUAy7My61t+22n1HFE4JPvriqsMqEifY/Q+EgaiIunmXd2B7QN8KsujMDFSQS0znGMSqz1UvV2ZiMRPFvsk1zOunGNfjRd1jiQeCaAZ7RuPmTnuw5kVJImPMB2WgskXTq6mxtze1DlM++BodKzzhxjik0kq60rMRWNFdMjurH5pCrdOj+BQF7wICPEkyFqnsrHY8S3X/lRrz53+6AWQz094EzVwHYCf1Wg9ESGG59lToGS9e+9vpbvNbjhhtrI3tpkido1gqgAClT0/Er1BnL4mIrnwc4v/XePBrzWB9AxHcHSkekwUzOBFt0wI4L7Px9CgyOwCWjvmWHye3Uy1ao2xcaGuKAwVW5m4dOouigA0ti+VYSjrjV2MjY6SDJH0HTwSz8WhL4R+Jau2ZlS/8kZmqRMeV1HjKgHTbzdYM4z9D7511uQk2guScAX3p118BaHryNATElsQVuLXscYB4FZxOBgk8fcPQX9Be165hZh98RYAsg65PO2qfwEwNfygUhJRcc6rR9Affkf1k0XBweazvLYBlIdVWEF293fqNtXFx64/Q8XXuaWpIWxdRegEq1tZTz1BcKjk/dmd0Z+ncWUqY1O80rIN1lx+G4lGItL3jinXQ4ORvmQbBQhoVc8G38KoSMlyCWgHYxSo9opW3wSSBipRWKKtGlGPUoPgANMadceyPk8eqZXlgmQUp9Dm2v+xnqS2kKQy6lWn7YwMxUM9WtQM2fccVddwmEJYsdgaTsmN/c0MjDirTvlMLuXDlDLEI/IkO5wvXhcJ5WaFr7VfPTEjPFS2f8gix6ndMnjP316iFYvk85dhUWD8RIvoJbOnZKYBRT/iUAYwZOR6BKtXH1VfLB4w8H8n013A8O5c3m7yYQv1GjOSKM0Fh8nlZYBFjm9/vNNBPJWgPpqVIJAZiNDjTlKDCYlK1jdLV8RWAoYIBsPlbEFMGb21F2HsJjwG572Fes/1z9j17y6YPUTDd/7nl3ZZo2P/9eH562/biWWfsSdI0c+oB+QuaciAXoj1LeACdjhctiriDyrSANgurPx7JDpvM52M+zR86LQdJpbqdF42krkgTGlfz3ZVizbB92tHs6/z5gaClC17gUYMBqJItG5TnhPv7yhHevLg9BxqWqr03blcdYIVN73Ti6gtEQv7x8S6BQHFEuYR6AQ1FB8DPJDlfcKBmBvR8CEAHD1xbdqBpdIojHBiVXkuzfIexUTeCJ+FGaZ7ry+ZBJsDO4H6CwRBsHCfjMKI7Yf7scYtEFOwuedTKfpDwKI+H22JBCaeO26nxIJlXJGIhoeoFzO9iOqCUKQ3yr/qEe1Jy6ED0p53k5L3DLpcmgMhx/5MAIWQFT6GNJ1rC+cg+ixu1F0IAg04NMyR8l4Xj5PHTFil8fTrepwwkm446eSzEn8zun/D7BTMjJzl6ef3nRGbkWCBp8yhoR9CIsWml7/gc4a+XYPcZqusNgDMs6NESa68UJjs3MxWFAcgMmf1UsrcknfC69iAzWAuvyKiBwdV8ocboaS9RhlQ/zPr/NDlaOn/M3eJf6KEkiIqjY7zVtPU6evz0Evk+noGDcM/XejK+r3ObWuOXy7KBqjVEoZ6Hc0/64L6o7NwGnIr3TR7AbksVJwvWCf/QHeosMllMUMaF3esNMQyvu0MTD/qIFTuTD/8CTqr1h9hhwpzKVApzJQF617iJDCb/Wha0edMmE7jyWriOUDf/CQHPxwCNYfU1657fymjbdEP8gE/pUWZnQ1f5ZHG3R6pJo1bjc2kN14oiUZ8vNagzORvZ5wLFz5Kz9EVa0CSuSemSK1zHju7f+z7OR9jePnK9iKcPHl7J+seFbAkubXyJ5Z2ESsba/DXE1wlFUbsieNCbaYPCDREkqqwSanKiSwYCiOHEXXadIMjW/hm50LEINEhBQdG9MBdo/D22zPZAsMz4ClsTIOHeKaaNwegQB1y1KTCsgsa+xgPKFK7oXV28+f7Jn+Xxsk4Hv5jvxp0HM9GLlwOPs8Mu3btJAUCrrMlH1oe5nMT9zS76dGp9lEzKDhzhEFPAX9QxZrmB1M74g9SnB9kXi5/rNzPGPk2BuDos/rWPs9V65P0deP9M0DQeSKWOgYF9F4VHajQUA6Ub9yQqI/zdwSu6VgFyq4rC+atNaamFVc2Reh9cwbiFYUyI46PHe7Esek3xOtPwkagRCARX9Z7JOwgPU6e0ncQ6/pyF69sD9wzAbCk36FinRlkf4Jc/3GmumqO+6ZO8+Cz85hDYtNauTW8BMqYPPXXz0lrG7tHuM2Nhc6IXPVtcxJl6tOP0rZx5qfAAYRJpulehv5qBk2Lpa/kBVfYq9EFAc9IuJDlQR0qoi42sQsrhmCF+SKBsRTTJ1eRPAWJmiN19536Ub9qAouIqv6bJgEjfF9DILbbQu9CsL4JGXsTkVyHeXRcKlOUvTJ3gTyNDhKgDb06c+hV+nOck3JBoHKXHNpdp23xU4Q53fPwbUMWh7u0cnLHhOjwnuxy5MvhfB/thqAib5+KLSz3zXL6LxqbNc8rWkVf05nKeRU6r8k980aG7Uc8NRDEBq7BAMkq1QWUf3Vjd+lKYC4ZEuIfCUa7GRvIMS88tBETMpTMG4tnYYszEKDtIH7HjG4dKip9Pl6r/89zYpn/+oyT8AMEGdVWrfXEdebNBjwVS/nqE4dKUXCVe4UtafFC8ug5IUwQtEB9Vp6RIePvxZHjuemsnmCx2FhG610RNZGT6Llo7hR/7kJnuvLt0b6f7a5Qccw8zzu8P6xNpU8OW1XLcLg9RcZdcWh64HFmyNWVNn7IPyReULfNj6gvFDrXB7Lk+cln5dP8Od/TN1UVcdYigS6eJUCIwVsyxkERvmSeg//WAlgaT3auoU4BUD+aBCcRjuz5bC4R9S6tbp0PhNzwNJwzfAmmZ8lNvBVvZGNGSO99i3A2cHqIPX6fhmvWUpq2IDVty98S+N2vhrLfmsTUTHwqeBhLQzSRKXMZsqn7BgqfRBloEqtM25jps0VTkcMcu1YA8Mo6sts5e/aCIn02Mwxx1RlNmH/PvaMYHXYbjBj9F/t/hWs3T0vXY36JjcMLdDiY+o5qYAA+QFTYSSwlCAP+eXcoKXbTnJwCQqhxwaRtW8QmBtgb8kTlIqCbKtNnOPyrcSoSLUA7uu2O55qjlJEhe7F1ug3bT6HrVpUgREuVY5kUK11IwQKvRjLOtBqf69HtD2ZZZWSJNWhKnFBPbDAkM+J4/73XW9CD3Sij9evXHUmCocdkURQMTyt5pF+gSGiJzYqXGSgmeiDU6UqOyF6MSfxUrOr3mAPiDX3KZM+Vvmm3MAVl69gedwOTsH1hg1wdcbBM/j3gtpE+g75hgMsPeOO6CVdb5gvLhed5+B4t+SD1IR1s8NGfmaGBR1UR888yjGEmtsKnn/BltFm7Fxee7WzRb6UPGfKEzEsBFQnoMiesHuPtdfyJltaQ6VU+DH7PqcAfQR9sFCJhLAwIl6QjIAd+gpdOEPsqzwscmphOvSHFVX78hG7Xea9bhmvP8OGVn3T96qjOUMP7Da9dUPoCGAeDYjPcfvTZx+m/Q29L6qJQeQxM8JIWpRccZ7NwgAr1++EIhjDb2Xx+PlKVlXkUepZYWCNMMV8nkW3Medm3lDO+oG+cbEiSVvFYaHzme8yaFM+ukF/o++/bVtOOVfQP2ikF7+6d1vPDVDqjDX7YvDEZSaxoTFh0vkL3z+E8TH0GR+WEdMcvz1tjhHpzdNPv/tTKFxvTrZVZDbltFQ+yEJEeE9jYpZ0jEHjwjY/KIWklpVCwTkzOstof4dX5PS+6egYDYOYUP3ozmK51Wi9X7SLVB6gpGcKsUUXTPQyj8XP9V7DD4xiGevlfAvRlRQFCDm2TdkNS30KA3w7R+Q+Er0v21ioa1NabiuBYP58t9EsdgQyM4C03CUGA0MhE1tLGmvRkalIKD1bO5LXgB97C2arSWXyRigaKwjTpW+NnqxQSQZHyMRucYRbEgsHbuPy6clxwo9yEnO/NW23Xcw4wgdYhQFOj/XdK5+XXNJ8wWm1QKaPQVF6lwsmErrUiyxvzdIPdvrPshRicX0fW1X6Kd/TcG3WfYzhu3Y1p5pzWKR9lKVQYWbPnrMLIbAo9zpiJa8lxEJKdwsf1eA8oC/bbY8Iav+gMl7Gb/I5Pf+NMcQVj0OzovLr13/EsOOu2oliGBEixvRbekFOTeKkXO42oiU8Lskw6KZH9RejXCO5JcBtDA/WDFvtUT08SQdZdOFjsUKNaoPT9uHpNiJHIt0j9hKbAZuxBX6vqdNJDnuLAL53hyilsYwASvhe5mg737RRTY7nt9ZudrlnxJGJrIYwoPv+5neGkHiSh8vHzfdNHGQAGHAXJrpdaFL6lhCyM/uj+Js6Oxks8SW62+VSVJdTS5UURTQBCWsqZqMzsZl/U+nzCkB0GpyCq7NgWCdJVs3xCP+3Sm80F7qHkQslNvmX7B6LnJWxYirGcmtgd6quKo0yxRPD9ut/EIxLjKPVA13X2fR2V8LDM7rvJdywR/RhzbQCSatjTTLRJi/Bi4iLw2o8p0gHB2qJNKDumG8VXKCggRXiRPXy3+ol8/3oDywkCODj3a/L9eaOA3bLdL+C2jSVPtppMZc4I/0Vq04ej/2mmTNpBtofEPrR6XRb67Ox6w5x6RMDX9ZMah3d9BqHlSHvCR2546fX9Enh9UVILBJ4Ytpy2RHWLIYuBwQnD5j1XxNtUTaCSFhXgJPAqCqtMGEI/g8F/NXfIersfRbROtgam/Ne06DkpnbhsYfCIHqlhmoZnBCqyIC4O3zJd/ZhJLTROqLCK5rDOFJWvv+RNHmBsm8gftk0gVPvHf2ZzlS2Lu76QWVapgWFQAPp30+bFxV51MovpAkITHwnJY1qshLNuM8NFl4GM9/oJssvoV0XlO609TezNTHbTq3t6UM3w0ZMCgyeKaa+12KBtF2hzhVRpl1fQ5CKKotJYZxS4bhUjdKe5P1xp5lPgnyQhTEvZLZxTlsMXu3EthUBvrefF4OIZEIfGgnSnFS6y8I2HgfVZQ6NazdtWnb8WYKK/3V0Qcs11SRalBn1dO6Dx4mJYqXORd01LmbUByY0g1Er+dINwhBMPxb3cHnq2LQWQaf/vLTsTYjCPJzfEHQQ/jukjp97Vv5y7yMalrpiVWJgCitshHSAVDnryUfO2m20BUSiYglfmxk1DRy2C3l3rTDsonrcL8PJAihKIsvBi7qNdPTL+mYUqo4nb21ny5MeYkJu/fGPE0M89Dq+/KTqKpI5yd4UELKmdvTLzdSFZ0RwvukngQZEL464KHqfpoduHNBoURnhkzH6uaiRuX+WZRsC/KSF0yqRuZVQwiJItox02ua3OCVmwyaojNJFAW8nEM3b/HdhkorOMhI312PuQiqDb893K1HWrMG9zpWFAW7VQbJ+CzCDRNpxzsQ6fQFQcdt85iM25NCkP607j7UzzKJRDVy+0FFIwnVud+EVBRFVRTXcZZv0//E6INOEYCtQQUL7M1wqYa1dCE+v4nptcg9lPUoYsCFMKmiIInEeo5ZK92eHMC4dHAWYyq5mqyLXf1CIWHVgPjb9hfZolOz/pVtqmZlWQlRm7JiiWJUUjblfshrrkkr12O4BO2WvyROHVPyQi/kibrsSIlBj34DiKiuTd2fx/TDQawlEHLhmO397UOFeJbegVXJcoq+P8wU1+DAx5N2hCM9PFme408DiO9l+azWG0iqFX8eixbg3/g/IB3M5CW/BI6fXvm7GDI1unjHHowoiOINUUjdxarCuwdXdng3ea9r15U0tgckKgD+xEb4SG54htpvbjeMvzgnGGA/rkTJenHdFz+3ZazdSNJY/9BfTJPTeiZpPdBT4m8Qx2DcQA3x3kNNHTyRdH4+8lLE0T4bCpZuFie0Tk/SNFhEF7AL87i3d7cUxxdng1sb/ZTNbegVBEaCZnhPHukz6M1s8XNPkwSxiq7+NYuKV6ArlsPvuomy4SuWUOTOaR6S1MY9AKHjEMmf2uV0L6UiHD0iIuZrgUmIcD+HdU+0zcxX/HYUv+ZGOwpKFCGY1At/xwDeB5cVOXQjXOgnwacARKCUSDbkLMz9RsnYK+brgxKh9n2BF87hu/2h6vMadRFfXu5F2kjxEa3SJsHvrt4TUkbN3Wugc3ZIMcCs5kj4c9DSIpW2yMdNNU/VMSTTx4TphkGSr+6As4LxoREypEQawGxuAfFQsP6Im4GaSFPIVczX6geoeClbvUOCWguI9D14xOVoNDY65WdOXOxZanF9kEJZ2T7LBFpac72fNNRA/Iu8+5fW0VpOTQBx7I6dgNOBF0ghMquwzFnJdhJgpHv014qp1nb0qAyP4K63sTSQ19lPk8DPV25T1X35ScvisqvjqXOJzP113aLczFxEt8Dn9K/HcxcG5XiWPXVbPs1YVy1Hlz1goymqDCWCJutoYhekU9/f8ULMnn1ddsh+aP6BJ5DjvkEkgtzHa49L1b10C/1pvD+p15e6aBQfnN+wNcxJ09mp9owwzRg+7dpcMPs0THxjENshL0lLBeWfJQ5hqJTT9i8efVjnfZIi4uaqFhTB1FFKNYOPBxhPml8FATVWAZypQn4rTGiE/9su8os3N70btp5tkcKXNtCQXK4O7I2pTzAnBEbiXedKhR1FFsnuNS5tVkwQOSBtAsMcA72tIOhor5v5Ob8f9zVt0ws1Yl+i4ebHT2kK4e1vTYeEi19kbQo3KBbGWw1//uEcFF20kOaGkWgaaFoVWKyjGyTfXlQaqRwpWrxW+vd8PuoNOSw83MZw5pR7mwI+BLn8rb+GigYiUqDktUqLIol1nYCFXqMlEUy3tP1gYaOANJqCsbxa2Vq9dVopU3a+wSSk48W4Z0nFLcU51g613AGAhxY7i/21SYulp7YffCvUOAQeBVqgVk7SbmBmQuD6vSiK+y1rlWJRMxih6dJ/uxw+/HIQ+f5zBHyXd5aOIk14JK5yJd15jBefBZYkDfOZUegPgfluuMPcqD47TRRCpjVDZ3HkUVeoHLNH0jDW+66Vl+maKSF+A30o3pzz8nBTD32xFYjE+HT293FMXGYIX8TBgZ9Y7rWyM3Vnj1tGIfd6D5ObnlDh4KrWuyQMFzihIN+v/VuN+vtrR0WKlxRMX8fFrw3wxzIn3y2Hqpjy4B8POhTYpRG/L2VQ3x4rAR8+u+aCrT13q/DnDXON5++lfeq4U1G++eM7d23n3a6r14CTLm3705yF8U4EvdTsSu33ZoWt2dOsPW/OIDppTujsuZHlv5qR+MBf53jdf2s+4/WhMfKXzQy3LghgN0RCWwoGfiKauMBJf+PmCmYYsOyflAxPoV0l+w+x7uCCtEiqIRfxNCyepcbZh21cgaiWfg2KgkozDXFo+b+xMdlmbTmqVV3DwoLnXGO/q8vGLPpBBJMthA/Y241SMlv69TpVPKKYa+uVqEy+vnh7gckcjP5JsJ91GgIXlFfFog7Ng2p547eCmd5WOudtxRhhTDFctx18R0KrjSlgFTN6HITp140tZU7TyxE30AruNDM0hNZwZ4x44Qx4eKkUuapV6vBsISsJH7PxyOmg/9ygCklqWamkZmlCaBVxwEjIKiQkbUTzK5mo5wM9zUHL3qcXx7CA7+ICZsUu7Neiz5Xoka0ozhIy+mLdcFkAii3HBv2ZNXOBo7yEnGnpWBY6lAvaFofY4PS9M0VQGM+LVsMZ+Oup0f5G+2/4Emwj6r7/WYsK7+kYyyYTZNJS4YG7tvMRzdfqmHwMDmxcy/2QnBpiHHTsnvMVTPirOCawZX7holNEjqJoo410Q9NYa7zJ0LnUhL1V8xSg6i8Bo0MgLkx6WhNKnIuXb0VlhqTHCVwEFmAvL5AiX1XlAiK3ZAx9rsbUmaNH3QbpymMGMeh7j5k+Gb5+OXhjzXclxpdI/6hVqrCks13R7SpzurODbgRg1x1a5xRFkySuBXvBldHCkjkPGm0H38rkUXkHzeHeh76hEDSW3D9MW99TC0BCqncaeAMiN37ty3S0l+IluyT5Oek8YIN8E44h33jWUb8M4beQQcas0eYU3xhqD+elHcDYjR/Olf6LL6utfYS5eInPkE/E/XH3cfhJdibVWuKeoN4w6A+HoEFNdS2ibXG6BvuxXwygVLLHWMv7+E80WRfZZ2v85RDQWBTUyfFEVgB8ubSEwHn5isYPYsdGkwJYseeooQgG00BQLdZzpef9XqzCyC9wZvBWGlh7w7Ht5zE5XQ1I/wXb5NKdLWfg6W5q0udkkXrsgPmT/FWCQlN3YpOxHGaVSGcuSeMaDl9jmwxF7lQdBSlOpgM/fkJeNnjh97BQ61lI9UKhIB/yIBZhEFacORw8qvhldefLhLrXgM9wBR5T1+TFO+GRS+HVEIGoydMNGDjsvNm9gMxbN2FY2iv7fRqC5nN2bM8dV1h6EM8RyjSN1VGY2CR22jktrr4BMxo3r0YT5ffEJZCUbjNqjz8UuND2fxxq3LBqu3CQpSjbuX/J6EFY5mHra25Z7RHfUgN6Emg2fk25SqK8h45Lt9qz+C7Q6R3VIvN4gOaB3cT4MHhF4ZRAIcYxGR2CuryeM5qiOma8+YwDtZaV+Gx5pZOkSLY/NbjJaisaSUfrJiEaGv4lvNUeqQ4DPUlEeOApdK0H4IOGSoh0LgqvWrUA5TgmAQjOTfNQ4W2NlsYRA6qSeOviCpFCPkdVPksVMxXwUkGG/x3fVlf2NG4xcAoEJfhHup2b0Pw4/4l7duHIPtMGVYHh8ZVF8ZgCapd5sMSep+niMRjuuzXRbL98UEjiCgesqkQipG0uvWqNclMhUAMwVPFra83PtUaRfFoXyOpyBh6utYLi0bU/o4rCwjLxC6pzPjqadSJivU2d4K+Lrnum7I16q4K6iMnKmmLBLf2LvNp5COv0EQp6z2qBIRhrh5ulNAtj0dVbD2zfCIBo9lMqfOGiPzC78TP8L+EbYrTG2ubcCNoC/WiGAR9oXMDBosFKMKk7JQnUgEAUDr6sZNy5dpFt+ZpPdt1wxhIpGiielzN23YLjz0OkOVGoA6igsTwPLt/uGqjNZql+QiLcWXhOoPOkR4840gy9loKzLTsTyFbGEh5mbB4QaTeNWCSCfGnnVnBHOvlSrFJ4qaDASuNkiAmqA1d1GE22PfEyM/oB/NBPukkSGccpBIAVi9g0b7aLwU3Oe/0qRrwQLjGkbB4vbx7U+e0QTkg0Tj/xUVo/LsmPSk0N5NcJv2o+Ojtkqcq8LdQZ7z+f9sPAX+K5x22Gr8t7IA1nvBPx75RlKKmypn03HLINvhRaKPzpnslBIGyW0RASIc1/AjPYXkzZhM3t8Z/woJNlzQF3dBXPMkUMRI4RzFbkBGFfKaNnFfBY7u/l/Vt4DR968Tde6a6hjkBhBjKitQpGOmCcKQKkjIi8HLHORShm8dfyKlxOoqWWDq7siBoaFqCFiVWXk0Ew5Rn343aNs/1r2SUFk1vtrhl9KZ3PhhLE8jV6Kw7SXhKcaZlB4DK60+iEaY1nGtzRxKnr5VNmBhCDOXN67HsvfiiLBD9qoN/lD6QspzdKmu7Ghx9ZBGg79v13Tg3X2ANbJD47/BSVWpmd7ihFCEQIlnRepKeHH/PAJBpEZcRGi8umNGKlqCORkV+G609QENMBH2H9SXpbDXkxqXeQU9rRtg/+eRJxSFfl9LqboD5druAAnsa8UitRA1XcnoscWDIdEyMepgVNXJvU4PJx42w08AI1kc2Tf8AdlsBV29UhX7PY47KZD8ekyTKR1i0P/LIYm1F+UiQDliuHmmfk0b9fFdH8i0S2c2DaHgXE2Y4h6L+dGbo5fDbwHS2xpd+RikSZEDwDo+ni2yU7va/yqdCSozHeBcd8h7TYcTI9fbHdXGDYdqpDPab1i7Xy1Fmgr4QdAhmKWTX/FyLxBhyd0oJAkwFrTAmi1IB+m0TH/AfpEOshckqeY+F9/yxNQYtLFTUt/jnx+PhpRuFIEviJkj9eGkyJuYVQ4ogjZ644lDsCWPgObtcoRIDGG769XCDVklzy17tUYUuwc7cczNtU/A1SvfanIF+cXq881R6xsd8hpvIwRv4xn2B7XiDJpHPwDTPgv2xe7sfllIkHOt6zeo0dX7lbkONHay61H4Y6B4e9NgM7WTBXmvkK6LX3caemEUe1LVGcOlt2278/TkVxvX3E41mQ07OEKarOa4uwG8FZD8FxAtj6SIBP6INs+FK03jH0POoPR5+iQpBrkCYrivdvVxyvmh34t03619YS8kMOT3MhcSJ+701axyZxII8NINX4iUHFpgGjbqDW3eNab4ehy41NbMKp94nOsG3YDCDMfD5iVmZ36rZlOLO6uuhudo86GrkxW569Q36VAm/Ij++THvnaMDEaxFsjCitAaYpi76H71En9fsgAUD/HFwU2ujBDtX53kGl2/5tzDAH8upktE1h1jKKl0OVQovpjutC6mrqlsse6pC0I3zoeR/lgjGcNiRYwJBU3P6dg9nQ3CNpcNDr1SdKEWN5Q6DtepgWlUhNmQSdtjsCdGP3ABHZHKqQaxFP5IG4Nce+JEmhevC8J7k2VIuqZVfVS8R6PAqypkbj/Ut1aPeyVLoKK+ccb7was49CmUqhuCueyUeCbOEnzG3HYeRpCK6jMZYEQvO+JOEJ+z2pA0p9gFB6hh8CsXeDQTK1Caxv3muoDsmE0kt6xUEurDFlQztXvLdVZN8sXtVgQTZjvry7YXb38RwApOTRVY+5fTmD8aj2ZvrMU85Rc3IzzDj0KuuFwgVavcsUkVx2lrvrBmvNXlogvn4JXd/AR4Aswu4ukM5j5/u3yl7FUvlKlalXvjV+WlXO7jjDQK77ZRG37l6e8Br+/RtRYef1G7UASGuMsyZ4nuLqSicL2Jc2a0/sZVZy0GiWYTM0S0vvQWjtp+E1pvTjto5rU0qRCKU6x4xzFn6FeTZzYwBobvR/bp9jfjGHzBrUBxCpggfwuXC6+0fZbo7WUtYQiRdfHRv30e73e0WXjg2ZZaRpy+GUaHg65dXlb+FEh/Q9mXiiJUz9WAUsCNjZLFLK2qFWkl8w703XXpWHxkxXYgimhnLIXR1/h5+kVOvfTn5AmiTU525k4ki8cjsX0L03tdaXHl5XmE1guU8q2yKerBy2hGGed0t+pHoYMP5flUOl1n9+yOKOaN1NlSbIBj391obS0viwEKZPrb7IEXopCNX0hFz+hQ8IL+tjKmMHky52EsA4H+n80XceWrNiu/Jo3x5sh3nvPDEi89+brL9TpN+qzVldlJUJbighpS86evejHGmtXJ/zX0PpK/5TbFtl19ujr+obaVRdxj5t1vzBJ1CaH5++1c7ClrwRM+eiKvQMBMk2J1JCmGFhUndpqLn+tIJ8UyiE5yZ2PWFIVz2oo1+yVT429AlpP23LKb2/0Ne5a4BhvhsXDQwbP5uc+D/CkW4fKsO1gnnORLPBG9C8mPJ18Eir9+9SpXx/dI6iW54Q2tCgb87r+4gkAfRW97bITrbIn7Ya9SBx71jdX70jWnyv8aQ/yfjTAh7D+zUunI8I0d4pjSe/OXVCXpWiN/HpDkWP387OeccgKKY7GtfJFH8r663ewyp5t5YTWH+CZB2b/85xH69MHWruITDE03uS0aE47zEPjnyrG/1IyMV9y+f4TOaFNHI/BTv/m7tnFQf7b90YL8EoiwyIn38J1CGo2OmnZlUjs6yKqMFqwbW1wPX/t0XCtWNpiuJQHRB3iI9DcX0FL5KrzTeqAlEe71WVdgKgQdoEqUPn1tBOfA9ca/5SS5RFno1wMBa79S5M/vKaQmCy5Lt5VwiKe1gZepUJTxXcVkGcftqOXg2qe8cPF8EsrihYt2C5xXTPr8jCZ9qBPMNz0v8xGjk8xmKkxXG7XHt+jqRsc0O/RibZcCB+MkOxlTFAzaPxfe1asFTj7VHGtwbELyzMks8ov8wR2Cwk/4EBTPccVROB0nn/zHkNTeVrTn27JMw/HY65ZXqFY2Jtp92EimmFW/UjXS7p2ofo5pAvlSD0NTyj5wv3PmSxScjhquDToUge78RIY/Xqm+lyt1htjSPJZep0JdayiA2+Tp+wuTRITUoBHDdg8EhvMsx9BDle8K3+jPV/aoKiu/mAX4U+JTfxwlxtdAddbUHV82i+oFfUd24tACa69HGCEQXIRFvHhm/mbvdMmrErbe7Snw2Q0dTEbaN8g6OVnhAT1FiXZ8Xdrli8e3c7w3lKyvO8VBtBq7gdoxYokrglKxhsfsFgZNrRXPIQrG9D2brPLpPkQM0vNegZs5agJMxm9A3O1fjUS7eDrKGA89UJ7TH2gketq1h9GYtcOYVz3JjnlmwSAtCTArb70e93R64sH89FwQzeHsHDVoiyfmNvldsHsct3WM7/utym3c5TObwEcrgNluZ9fMDlAWMuWJhO5dc/Z77+ngX3qCsAkB/C0gcHhDy4gWbYqm/xZxn3PcqD5eBiWZfHzdeg7xhaz2NyHBzPKSYVYSUaaVSlGIhtGJY+/aoG15eLXTAAQMPK3mZ2WHsZ7qRsUZNu4Ni/pZEFY/PGMfVnCC3cDzNx+0IU58AxwvLLZ4Zp+fyszvnManCWZZls+7ROpVYuqPQj6ebZ4/kL2IbQKVdmeM5IrpTUQ4Et/p5Xm/Oz4wkJB1vRxc5uQosRZkuya86sGdQSJY7kbnluZGVPHPbH+/LR5UXi54tjKcpCeN8siUeZC9kkQf9fmUGcIU0NIvHHLgpGvm2JOFn36WUg2Aq2a3IDmeTb0UxDnEBjCUy1NVw6X74B947ybTKas7cBHByolBVcbxfls4LPGTbYwXJb5g4CYN5uqi6f8m4hGIM1EEAIJB4ry5XTV+U1qSmat06S/L32Sgm8L4ZseYlPGCxZf/pLkiyF1sUC3D/o6uE8gIxxYkawUfEKcViyQ1wmK8oh3AzVfEUlsEZCheuDf4D8uMs9kih/jCu7C+EK5j/hAjduQMzHpsLmksXEnXWM/NXVvYj1B8b1AFDdHUoqkkLcl2N+b0bnvzoh4dbVKv6Zf6pc7SSrFraLixxBaq8YEAz0ddS6jTwIK1cjS+QdhvfbB8tz6famsXl5XA1+o7g4rCLWKpZGxyNJO2zNFQxw1wOikDMXSgCPHOSf8Ly8SLTcX/BnR95wfinm52WIH+C/k8PmrUO0hjnhmAJs519gZQeXUplW+SnalzNfhqT3OxM/DA4bdG0mYg4o/iybIJsCP/Tk2OF1B8XE2t87ahz3sv8llLQ2eRHQQ1PN0QlRejvakjs/p28Uq8nX6eQgjf9OYRC7pDBpN+NIQecqSikxvMPe3wAcB6m51lL7W3gk/3OvxtUGiuz9GdE5Dqif97Z6cwoqmSwMDhprtZWD2cFVD73pPt6t7o59ZFOwvhfu22WCLk4g9wJOVNKBlAfvhjTzfvjWeLY0tc/yqfW7vZpcsTKUfopg+uSxoU7y8/+tXyjP5B1A8Hp7bj7Cc+zX7m/VGp3bqjNPbUyu7n7z62G8AwuVhNRXIeCmS7OTHkRNNC9vf0lPaocYu/nHeRQCYq9dwnv0NjfoBaDKZRFd6UE005F/rLGbs5oQ/m9q9nAiBp0drTPo+WRNwNPALJb/7cGY7mVbUQ99DiF0tYwo2+XKcl3Ej+AZD9V9PMdlCRdrZ5jf9RBRNTbO0DzAdvLog9/lNCuTl7htBRa+kYxXUIbd/B0UYAuzDArCBXMtH1u7UsNjF+AoqCUUcBhr/8mWXQUeU8pqDtnPt3H4yhAw/D0Cxhzz3gvzAO9jxnHkd8O8zjt3MQ3eaQ2ICeJ01FzUUh5XwKmjE5YGPCUShhcqvKDKqELx8o6ytwZkR4VTo87IMOL0XG3ogsKeIjACRRx3ISYrbJW2tdqysOk0V2EbNXahFt2N0f38znjUYMH8RJeWGJMW5WdWci5GAymQdI7BeHEFK5T4DDqrVi4ZRgr6WIBjYOsJrwzXj6TOXdUDOG1417q64JOOXnzEkUyIDhFxSZjle32FKjL+xJZuQhscRPGhDIFLi9MDddDi+keKwpAuMY0mVuI7OJECMsVcYj0+kS1lCfERmo8tZKNfkb6Ux7qR1NFWP9tf31P+UN1OJS9IT8VcRaBJbbMPT4UFccVAD4x6Q+zos9Cbbivxf5No49TkqHO6s74gWGUmC1Rk8V7QFfbz9vh8pv9qjxZJKQZCxztXmR7aTD5YMa8haX/mkF6ED9ALqiLQkZDsFmOKE/S6K8FhLYgFqZE7XzfuVGHzPbAc3eolSoNYRbIIaEaDFlYqciyjUsOgoVZrK2738NS7tE1JW3qQbBR+ABM7ycjSApojWMgYZVsH83cCQWyWHYo6J+N5vdpy3NwDKAhTVkjcnQKmKj2hl/ienGjradmUXK8gfXYLP6/sET++BxCfEs+LfB/sgMG7Ky0xsg3XuzCUrivo3Uv4aimxjz1qiq8QB07ZxRBUqkRHpp3SClx3ZV3dDefh6valTv3U6L/MVWUBJ/na4M3s0ypfOu1VdnfhnnVZZDV1xA/EN6lcChamb7kco4v3xg38C8Gt15Gok+NjW4vDBTERw7YqE20bB2g/a5cdIDKNuWEWmjAmk+vcKrYsKhe7FnppLesBGAUvZpogL+YR8TC87irNipBgEZ3TojUXUZUo3aU9iO8WKbMUUI6/U2rSpZFUGQoS8Q6gPnFR8G82kAd6GS7XpCgV0Jb+cM6AMzlOElhP6e5pei+A6YLUvwYyxbbMLLWBHIwDv389QFqeJFrqqPeTcR17yePpIESrQ259B1Xk0uAuDPyxCLL1S6KZpu3nLdFttN1H6iXhoFWcp0Q4vyvrIGgEvz3fkQFT8fUe/BvIjCRKUDHH1JEZOD0jUNMq4c5qJl6pvBGWj1IfUjpZ0WEruPSobBgYSV/vn3JXGMtpUOqKhXBZDu3RUKLa1XWYKXLQu7yI9Ujn0FATEgIj9fA5iGgo7tvjqd9XHOBhuyHtChQjrJic78EeK9glJC9tlCFG73mU9tYzU/G5G06lVkDamVRDG7+MBBPjHiT/StcLkH5p5muYTVm5nKKWjpyA5joFsDL4HjxVqTAimthVElHry5ZrspviceXCYtQd3x/9AJpLU5Rm/8kwQCbbxBDO7auibAvLX4dj7rGJ1Zcwgw3WY0tOcGT0e4wk9+34jiqhFzzlH8vaZWoHWcyS9c52pdFW3nTaaUGNG6CIk9pkdPOxT5p0RYC2R2r1S6XoT/fAgJU4rJpAS0xeybcQvVgVCSXQ1ylJI76UXLzDcweTvMq3+uo3tnrJ4fQveWSi5XlZrlXllmOlmFoa48mS9XPwkgxnRKqyoBzK7PPJ6VLrVief3nV2RVdERPP4ZMZRTYHMk+qgHXAfJZhmn5BeAGIxaOS5ZLYUz8DWY0bF8kUDg+GDHeJqvgDDDwTGm37PkNs0ILfjYCQiN1bmWe3uoIS/fOb4BFp38dUl8WgUEm8/yQcbhazXLf+ZuKuX2uiGqfH0P9IfhSRJvxUm5IHgd6gaTiO4JqPyImfvvBuBHPg+cGGq0/muH3pccf+P/92eu4v22slSyjFVSXWmxllLRcEz1TdT9gNKYa027mBoZCbv6jog6S98nok2GSK0OFLuGUaeM4gzKda8HBGDFWDWrfiBJfX3uwGF18sGkMMwwWNKvwZQv/jbIEGVO4DMOgmphGGE4D7w+rTwjHxELKyx3FKtXDrarnjw5NU/QSV4Zl9c+zZsfcNR9GH685jMWndcknCV1c8+oLHZeIEUHbhbWT9GiX3plzbTr/cT0HqisIf9k0r+1iZDibKbxvc1Q+rfvp4/AcSXjQr/3/1pFCPDKyZH+zNfGNbIvtqD6jOhnsFZL+Mjk/i9sAkMLAQ364jkvv0H7b8rX1N3XmOgJ2ZmdoHHWdquxlv3djvzKAFlgM8lhsTOL2b8OUozQ3ALp6rVhK57AFXFkmYb0u8AGK9GV//ZMw6Q63Upq3XeGhh8UhI8MiBIE7jSCXqJjypzSMoO9+CatHnQO5j5uqS50tEdC+PFJuTylDd80Px7pLMKjdf2nScmN0rtF7+NGd2jkljMvP51IyW1dQk/l9p1hWK6yC4qszthUUNiN9eXIMAii0V8jBvKTx/Wr9fgLuLTWVV+A+DLQN02lErlT1oXPdP0tb6O/nj06MGKaEwZ2hsq7fT354YWg1hswAEjc0IYQxFyzs/bdkWVUQG95p9YU07ojEOH0YF5WMHBz0gB05Xp8dIjVhS7CMIDtjzRTQ28jQbag2pfC3F8JIWnO3gfgYPsy7tcvRmIdaNd9CDxEjSCvSTgawrIaZ3aUGSJr/vKoWTBde35tGy82yM39iJcHm68/vLgniejI29podi0pT7yCxMJSyN/ey4u1D/YDQ0MGSpGenZ3CZH3pQIMZh8geu1ZBqztsCOet7+cJhirCj4aKJrZm+IiTwnpMPHZ3Nv26z8e8PINAs0drOmiU1V2DENmeBtZjZVss40LS/zRUap+ISru+SxEzvfJv6kNjZdzThhZ5GjJPjj+5hbY9Xvq+a5wlFJdYEuuBMJO0Iq9/SGX2zY5Ev0zj+g0ECwddbIWR1hcJyQ6weiMrYL2ejSnS59U1pdALTTF3W0XfRhyrnFJdz8tpEv67Y3Jv1MU/5+10iJR3ljzeOUdbW/K13Hsw3PV5ZuZ/A1q2nB3AYUDPJBuOw4zCBEzF43nmftvh7lPJO/FFt32q96Z4VLnItE0jWkrmVezwYmPfIYzK+btB2pw0AFaf8QH4+l6GC4YFQGG95fI21301OuHzUUrkSeqAmxcOOe/bByTyYgWxQZiPwGFGg/Vn2L3sX0ZhTDQ8rvYm0aBcXYi6qdU0UtcAgrN/QbklF3MH8jFUa5aYIpiMJsQWCgNWQXPJQP/VnNiSVLfPKhbManqUfTchaS1i5GmUpUtt2aax6sq5eMP5G2chQWSFZ99DzGiKIxnOUhTFUJTj2bQvAcEPCwHyxyU3/AVP5HJGpgx7/AvmsJDCy3bgHJoyCg3ZDuo07y/1nBOAmrd32sWVmMV9dJhZ/WFyM3TixHHS6ysV2muQTpW9GrnUUASm7KzQNs+0tvpGjJJzzInhFjI+NsNZTk44M203MjXB552jTB51hr9dGONsknF7jzp1gUBnL6NrTGgg7tr5+Nj4adMlW2Vx87KMiqyoxYrtQHDWJODixvYouuvQIrRzKbo9136DyG/t8TBhN46tpdBpq2ekr48ACBzCyCx1El8a5lVg7Mgi16BRNKT5cff53FnRuPrBYlsvMGu58qHDLB6lR+5r0AWTbl7Wxai0UKpgb4+ZOd3GJfzCsbbihan1K6tOwVo3xjxBG5HMZCoEUwk2nS64PmXc9lYPC09oeTzCG3uRb6y+rBi1MESJTtZthhNuKlm+Vf68euq2AsqkdFHl00veaje+NawYAgIh5cRkhORvm2fsRb1Vysfvku6+AGSqFultZDXPVVRCHfty+AGW/vEpnnDEzcM+a7K+LIWdQKVY+qm9351DZH386cakiQjmPQhEMLPuOSxz84X3pYzjDb7MiUCPKfnsIwEpVug9rDBk7rBCk2PI1Iwz4vGJKrIpMJJXnz8aFUdnsRSpTQ4s0TgfpSXXQaTAhL0ng1z6UzOjZ6CbMk2A/fEYhIS2mT3ObYsnZxfeJypd+bR4VZpciFI/X2letgdBbp+H4Orm9iI85vA+ZT6UZHbnkviBkq9uSYw1jgy5liRpWbXhXQQn5khX6izs8dqG6QUT0/HntGyrwLojy8ioW0KZjm5XgULflY81TYW5oHpFpB66fYrujNTpEbc7lryvdsJ3Qz4NIvCGSzuKx0lEGSlvXlo9l+AJtd7qQrk8i9ia/xVI/P4NU9LkL1RD4K3EXj+5NGNuVOw4HmPrO99z99CWdfU6w3hf4fCRaIbr2u9U224xQ8x3BlGW+LpVFTxx4dI1oFYTKl5jWfLyo42aF4mPYgOJZvqUTU2YsohuRdMLJxa/8Cj8Q2CJtW/Dc0S3GECAyys69+I9Xq4tQCq+7b10H+Ufcf72LPvfQplo1Y2ScO7RZfofdd4iyd0NzV4l5bIIbd2pRZfdgAfkB05+tT/BcP8j/XbcNcVqgsn84eFnR5gze3ETcWz/qvWevVL4rrWVi08RpbnnVkbtPlCWDEPRT+kwo0N5EfMR2l6Tr8NecZx7zYo3B7kjKUqxtgW3U1tINQYivuZ57uTxnkulVgHBbDg5J4ha3oQIPPpGbilcEKtyJ5AHhXwiVsNrXpkoRi+rAhfTSUE3kycDSCx77++myhut3Wzqv2SO4GbgokSCKrHeBNlFLeVc1UTQhZ+kQjNmZDyiWudVoRymZTrUAoMvwrNJVVA2dVFIh1kYxsk9h5PYmjQDKOa/vvBixcgBx+pk6aarCjjNMe6r/DmuNa6m8KvgfF1CuCUj5XI5pJaiQCYp+QPsVhoHwMYnWk02wpkOGtMTboie17AFkI11vETjwd+VPd4apcyqw6L0ZZ1qHkl0uDpWOGRUkvcb16tgU7ITauXF8IalqBTmA73y/YwodlSoZCVjTWhfI4kjnUH5t2bmJVlJyb8ZPsKEElGSlKMsB0odshwsdJcLKVNtxE2eBb25v6YtESSSPAiZhvVu6MSGiwu6yYp49r6/3JbA6yVhea86nDCm12qFy3vedUyQzzfM+5pG2QFB6Cb4kA8M/xVsfh1MYwutEplfCZOVp7epeT0dvAn/a1MZT0M8M7Nup6JnbqVneRGFgHsezd2lr5N9n9Ible7bYMhfbHfKQFiVN+NTyRVFJi+J/iQzpwyiin7TsS6epy07nOclSoYx4O22HyygLz9z9ftREsZW1l1obfqJYMrXDjIr9E85KTLtEbWJrTW3kykq7XWAgilcyJhC9Bsmiu9Q/CWGOGTzvSfnS5dxJ7omZaVSumElLmovJjWj+LC2tRDN2hxq/ROJAAsE/oZ4KGfVeIOjs9iY8HJJfsZO4hI9sHTzHFL25kiAtA9RwAdd75Rj/6WNBgS1yQh+uCcwriUPts3SlojXt09Ok5V1XmuL1dZILPU+NpiwtFb3abVAT1oiYsRc87JNTOWqucaqQijwUFga3fjLe6C1VHKYANjY0C+15G38crLSUyEmO60fhNoSJV0ho+njOfBJ78lMwbo/Y+4OM4bDX5Q5zPS9FIti6foqnKi7d8NmW5U/QD1FSRgH/vqfoEPxOy388pQ36euhyXj1eu+3WOh9PkNRUBIvkzibKAvvuBgDkryQuOvrCuMq8baKXdGV/OWJdFRlv5mDHs+kJcNeuKY3ekViLTu7C376cWRZFzVodq6bizKrZHL36R+KrxYfZKWMfLiCw/i9oCQ+VkfPRWAL/zYTh3DSrdasZ1l7O9Qdz9ZGFyVRuyv9SWCVuX166FV86kABaTRMEZxUXYHEuMpsC/k37p6TFinDDjGDJUlNaigBVEW/UuUK5A8UG4P5n2Y4CNY3L4I2AzBO/Xp2712SzvaXFS8ufk8G6y/oSqgUoQ0zwteR2yQDsbeSFjaLB2AP32LqIPFWUZa2kLa10P1x3VgzjnMYt5RLUf6o6nIIK0YLB40zy2Ye3t+3O1Crr46mTyI2agVHQUjJlxvZjac/nh34xpqTSs6Hdojd+afuSmA9Fari+qRRxBIpUb95ySqXjVujlhktF0WGEv35Z/YFYR2rj8J7vFVR9xUmrQeJhfyF1Gj9t7JcOlnd/42iLzr1JSfl6jm5xRNaSYSHhD3eJuany0O/piQMz+U51GHozAmDIFyTbayOzSkk+O6z8oi8bqQHrarElv7eC77grLthbp4KXxVjiza8m8qQ48/pZyN7kbW0hROEeTc6fmNIWhx31vmRr9i0J7aWUzcm6o13kPTupovy7/jiQZy623ylqbUyhyBLFpEpHQS9DOosdei1qqPj6wpsql54oT6uCsKxUGpsar7ASPK5G/Z0NfESa/aH5glxru0AjcgdCopPo8wLyLf1uwKAJRB8VKdXdmCJ3bjttAO8/luCxKLhsDbdaPmixlZJIGim9FvmKzxDiubXz4XYqi4Cu6yoX695frlQysl2HI3VteFnnn8Lqf1+fy6fOyPqqZ3rGljeI1q9ktLPgLX4JqzSUv4yUDiQtaRNA/5QeIsHK4KnMy5m7+5C1DHsWwLfOuqJ8eTTUbDSyyxOV0mVCK/7kWQM+Y2NOYV1N/koCHJvzsLJAft7Ga6/D8NucHvTS6mVEEtZiqsF5SWlV7pOP/WvyuWX9yhMydGf+IUe8IWgmV8USXPD8ndkDAj4jl71oj/0ZCI0+pjcCy4xsog8kzGhBvE977Ck+tywb1I7P7IyUU527DfRWiDZQB/1L+FrEIfnetWtp2p95zm7rzydX9QHWdDIuxq+FIEEpa+vUFhuCNywWpuNcCl1NajQWsOvDuPy+WZHXAkWIXez7rB8FyJKPROjRpptXhFsYllY2ZHrO5OJr1OI7nsjesG1g8q1R0wLVYkmEsmFGk50hzUEcJA0QnJyUXp+bW83dqlvwuUc2oQWRdyqRx8IpdH5tdp82A1cjX5Iq4e8NlOoN1Fyiwq0Ij6204KZLYxQ+Eue4bN/4Z5C/k2RZlzjJotjuazEifC0FUadC0WIPCpFZUuIClwQIz/w+0hqIGDiF1DOkQVrPCrp29M+GDsyNGVY1IMh4V8fqjPHmXc56NXtRTCNIJyMPit6P17YHEBKQsACWgQcw6u/Wxwlxz2INRW4XOqNTRg1SVu1OvxG5yJ43DVDxw0jiBReFhPKxVn+3eeA8pvWgb0A1YDLB7qebBElTkqG729CzIsvPp6oNrCUOOPEPOXEEDdcHAK5IF95hPft42UAGii6pzKpyKTbTgCApaRZsIqTsnFDez17gv7Q80FdPYvRxnwfz1CyoQ+mMurdMV9Y/TBj1WI5X1P5iwlA19y7JJlvFqrT6mcMvpAw6aT0vr4r8sBerAnfFIKGhFyFEY9Xoh9Jw1fA/JhdITdnxlolEoZfPzDUfULrlyThyWKiZ+MAF4YgE4aQFP+ThBun7n3LozLFTLI86uwIMkQTkn5GFUxV8oxE6pmRw9YN6ktG9Kud1rfCCaH6hWFPSTAaKteNuuO88jUACHyjfeh2RYHfrUZBeYcxYY5X9ZUHJG8w1dfNk0TtLNm29w8VcAFYFVP8O1m/H2MWF/7GVJ+m5GDNl9Yk5nRAD/N4cywjOlJuxY9k/c0yv1INW1AfC1jl/1Sg5veF1T0See7iFKnK6ZMLPT1Xf9RX/OUL2/jYoNKNC68NScOfR2vzsWPeGKk3orFj+9QX95XiXscwOSM6JTPGEhFL3zVlmjaCErH2CDW7OzOqKV0bppABG9pEGsWR0K8wjECMBVfW7hzsgLs/AIbe2wlj01iAZG5Cw3XnnGukQuWMByZk1WByo0T1yPzxK9UNLODkb+AgVBnIOLLBib9hHROA9o39AKDEOHwVPdrPKCkHvqaaty1h2m3fTjq/dE8kVMRr660fFa4C/Wjyp/B8BY5DG/B/c0XzT6IC1s5y2yTNYfwMARNeZAg4dUdHadwHjrMd2UIwQpq/6vxF+7ImkIlpa2TKbwzoGpsBVRQWJ1RHpFiTQ76i3TYKcBbLdxtHhGeNa4c9R6GQdt7Ce3ml15DjrT6AYlf5zTiZayrg7dL5W3jm3WHHv0T3lHgthxHLfOLscxfmhWiw+gkD5x3QMOlKvVWaSmQrdSm0h95zGJegbj1pnLu2EV1Jnu2d/nbEp6uAv5DnL6kfvFaay4Do01YJ8yZCve6xJKqEVPXLjkTU+4cwnX5FM/GbuSc82aFOPcmXznkcxAjZ9wKwRptQKqQJrlWYfkhT1Fm717enUOigNRfJhdI4mo0b7TuCm7EDXGx3hiEIM65QvEMTgP9ckvWjOeEBy1VWe/dvVJU+kjEMX/ytxb/OvAA7S0kxKcx0HQ4MPr7kaZNGH3Jl9BgTe4611XMs6q4cn1skRPXOLtqgGq+fY/8aAdlVYMSA9qA2+sCz9WzkekA+lG+zyJvByTm0LZ8d8DFMGUHb2qCAucF6VOxW6VCmK2/uMmxEqf7HW5xBAa5c7pSVtyt0UIF+OJ811NixDV787i2JdPibKut3HXTBFSMVfvUct5BK15EwkOW+Yoi/aze0qXLmoUaDIHL3pHyWIYrk+vxfS/06mw974g8oDmHSAyCVMU27MAKf7n/8boZ3YhA2Qu6nEGo4WdeGl1CGPZUhIoJYU8nNLoOfgmeA8iUxSkm1E2j/tdaM6eKcPaUHApEX1TCHy5yR9bOjxwbq9ig3vBdrlcOkqxt23GihM+LrZl/VnhePtGQd1N7iJdO2UyQ4GljA4C2WKxRHyd9+OePv9ozjwJ8MTV7Tagj0+dhFmuUE2VTwghcneABO+bMYib53rj3GdcAUtZFncPWG1dN8EOhv+1eRsg8KiBVFmMUAjWQfoCDon/l4xPQwhvnxqtCWv8xPBqU/Ajb5GTLeM3oBQcaNWLbihTvdT5b8/FxrHmD+RaNCAgCYREQ3T10T1jLrJl/QI7I6rEI399tlWvV8GpJKgGHKa4zHmuvnIo4sKt/tOSGbLQB+CL2FoiQEX1hnZKG2RpFnUhlJGtrEDhc+kS+gzDacY/+qg1+4CX1JuazqiaBvlNcnMybA0aisc8GpIFdfti/HJwaCzU7UEBUxxuSRKk0G1saVTTc4eO62R6EB8Hgh5NeWknfd7SDtOvL7GC90PavTSs6/bWmb6VePyvNFjEgrRFe9KBvmDMPpSPZoywEm1twM/E9U+1ue+gmgfFwWISb//lV+XuQsDmS7i+RYYD47jVe9AtKGpvOCdLJpW1FFzGMm1MfZNQzAEVonCIUD7nTIKhxPBWzGC7SlU8fiQoIYFgIsiHUtS0ZX/Z6BnSqzM//Ij4RtHtjhUhHd0vzjN1vrjpStgu1IOmlkH0Od2e2CZ1NETlidnZFHhNHk+B/9MVlaoor6qzPyqGFYtk3kshmzyrH1a01oglSBI92lDr84L1AgNEbOHXX/YG0S08cXmTSJibYqCd9nqP5RxYmsUII4bCnTY4g56foT476kof6GuZt6cHv0lnerUrHHNtt5YfpsyHKjH/ONLR8I3dCexStsljJPYwvgnyLRNBF0JIAO2CT7RSb0UzC5GN2qHj08bhY4g2R5VZ/dBxBtQQJxuxdUqevVIQHNupX354sMmVQc7hdmDKjoJgzFtkopxayFyA2FyYb/K8F+cMG6p1ueX8dycGeJvqj5w6l88q5EE3BPTy6cerjs4IlrQzJT1RTIQhv5QidNvg/39jeBGueKeNm5DCAeS6srT0ryw8Jg2vC8+qAtwlbPoWXSRFjRi5SbkWsbqajoD4lq3RsChtfrgFCRz+Kv+ezEdbgfrH3/w18TcdXdyaWadAuBsFundCZ7Tc2tJ/iPTPDNr5La9eIr23CZ9UC2J5n9i5I6LveYobOOSmXz1fxKvgMofQ6Q4j2hLQHDiRGCWUWoDusDwJT+ctRh9L6a80b+DBo9ZSZxkl5qhFlnfqYge541ud4f+rYlvHW4GjlTrJTHxhoIsIU40Z0atSAJYaJEGnNsp0O4skpI/a6HYepSjV3Omdvku0Basdb/q0IDKYLdaz8T4sEoM73tdGX/jUd1mCktcVGFHXCSVYgH7cghn19v6V/vDHEn3f1//z+4g5AWHc1UWBbmT1NfElhM0+9pM48+FDGiksFt7PlZPYpfAswRSUeH+brO3dtjryRMuESef5/ccvmdK2WBwA6059igfhXM5VYgFyUR3c1z7FCpFlpg237AUE+o1qZmhuS4shM3wzzVgznGMhsrM6wkiVTOn02E+fm52lS59lheC32GdUlcoNbGB8cCKU1DQpsxLFxvP+sh5+NgmvNz+6u3XFK0DpJ78TKz1gnJwKNlARTtMlvA6NWe2vXVagDjUnS+sEnbcKhMdABX0FiqVy5k/7abgmo7AemqHS4vOxmTALe1fUmiTlGNydOi/8XYlNDMtO/yNZB5GCqUXqu9iWE/f1xxFwKjKMbPk1fVmZvw8oeLwpfOUYwpNzOFyAZohkR0kt/YMfcsq/LL9B20SN+g26/xDZZKFfo5TqSqP+HIbAdSAdo1V/nT35RROvsbX0QmsM7e1arcAtdVLzb5Yn2sVoQ1SFNzltCWBmi9JwOWtTdUzNW9swRiEo3v5toXpJ8O8Ha7ag4GsLQKVjDzGiOF6kgB4O/5hjmr0ceYx60gNOZ6SepV0tbTFol61L8oKVMIvvT1tXxCgsJIupbZ9fOFIbIdY3Mlf63fBSZWA05X6jn0U/ktDG/ZWhitRiVaHVyX1VJ/wO5fWXzu97dKGCHztXd0Fa7WLSYTaCLQIQ+KguH3JRbr4aFXqQdzn3HPjYjlHms+l+4EDGAShSuDUEzij0YcX8e0i+CJOe7I4R3RghMKMM2UbEwnymoBcQjv0ybC/r3S97AESCWFJ0rL57F4ghke5Uj5h/mcKvJdJ6RJYxCP5T0Jkyqtg+QfMjTgsIgXw0ZhPwZDEejL3RaHBhb3aZ4n13MEqN2XRU/Oi1o5L0R0xgQnMJUM6zNU2IkBxv0ul1R67pMXxvwsC+9ki8uybGbq+sD4Pqm6XkBQUXDmgerMX4GmlCNwdQsVRnWs8Q/fI11XjkVdyAXDJl8v0kvW0Oei4+X1FyN9cHQxKNxHbDqQw6v4xV/Nbu95nMHcEVt5YnPHsy/qBJMJh/DNn1k3twLQaYndTwatU9MR0Skohr3tsUns2Tp43bhqGQ2JdRx5aK8CbJT+S3ZSYfy3WKjaR6hb193hLSugeVx0f8WnOQRI/8ObIPfaSJNCAAn66mqP6U31+I+CV3AbjGmNCRa4XzBldaXF8Gn8Wdc3J2lknNGX9w7IWPVP8FYX+Hg68zADdcZCYfL3AydYAirWQgDZQHxpCy5hmFNOAaOgVtZzyZ1ezFqGdZ/bhfcxJWB5BCxsXsgJxlqaJAjSR/lcSswv4YSX5/QFqLnaMd3AGjIPEbvWyrxxm2fWkbYKLfoGQLNx9iO+owUlCs+yHsdB4Jhyv7/B2YwACY5TLflZfLmb2ldf56XYjPtpCQJQ/MKpXjcVlGNsWvKG9hOGG/gqVl/2FddKcTU960Y7yjRzwL7zYmk9+C0e/37ogViItFVl8o1n03+yyUFXV236+h2DXds8xA8Xq0ndUXtxnTDAct29QcceghG8odMFGSTU9xTPs79WQ1j/tIwFc0CR4JX/OoLJ66NyUGoPyN/0O0Zbv6IivUbiS0jJwshftMzQB8UtikHBaRSchRZvu65YIyVo0U5VTSIdwo8VrtdyzOGTIxFFRQ/6nCydQ2PRPHZjHdPB6kWTPr/RrdIHrv/TPF7kgcf/OXCtgfmnp8RYM1WMfgP+JBYtym/OMavCnPhrXHc8v/GaVoMhSxkCkwI/0g6fZ/KPH2e+B8t7FgXJ4A5kgHDC/Eozj1mDzd08CqUt0UqdpL0N4b8VTnzYwMC3LIE/F8RKuo4IAJcGoArQkNXIJrJ9AjcpgpbVw2stIwjavmxNrwZxoaVMnFF7JW41rWedjT0LeqhemXq04b9qGRozGQKaOY3t444uOfK3o9m5I6hW8vtrwUEjviSxoAn/Kltf2EVhYL9kRs9Jg21YCM0/5dxJm/NHa5R+7oECZdm9jnqXA7L14vqXGW8NdUMKxm7sHqX8d/+eV7FqxdG2l883r70kzPGhr3z5M3w64iPWVbQmrPBqMiUaeH5VD4E69ODwI7T8OQkuvadEomVFR290JnjJ1gP45DilUBdQ4DvHARNvRo3s7VwzAaQaTHYgC7FzjI7e07e3tSKXC9+NrYwUtnO9YYBA157IInXa89nwJ3RgeFMM2JhsduDQWZoXTYYcBP2fL/IhhBhzbGZ7yGK/ru+9l8kKopj+3XUhN7gknm8lnJmxwDhFfh9wd2F7HjrSFMk9hlQEL7Id0+IuEhqkiCg58SKUS0IpUGdAxYRTh1v6GliQabIdS1ly0PDKX0DOMNNFjktNvlwGjvPF8ew1+7Bg0qirYnleKJJflL9WwwaB+e8oLhS8U361miDE9+MbEoV/bd+0kBaFEGG5HDbCC+/D03Tm9UlW2kos9Ix2RtNyE/y80BNVn8d53l4HOfYyu1T/FqVX0kRn5lSJpXvxL7TxhY7nlAzV/FLHqsqRLPvsFX3LZpR5LdOQ1CyymUp+h3aSfNRxtKApadAPON1emk4tz7p2uIGxkmCdNh6Elr3wwZFFaKZyRpr5ittn2WKBbNzX5tbs1wcY8trSJhmGscLXUMkrUDH2lnXec1d+ZRw1uUYvbQ01rUpAGV+rqvROYZ8dwLst9jBUvygedGjseV6lhS9QKAiUdFhwz1hwnqNKGwHpsR711+OoODlmR123QM1vCD2ddmc6TrtwRXZ1TtAJQ7wJjuv/JEqmoC75ijm5Vw5ECijsNH+7lkRiaYni39stHF1g3jzU5a5TySykoHLJjaChCBbza3edkn7m2GjSrlhQ2j0/WYZvp9REIOME5UIMio6CJPX3v/sp8BXDBKnGtLiY541+hJ2syaH4GPux7Wh9O0rnl2hEDQ7Rm2RAS1GDesBN6/4FjybWPW2XABFLtI9E/lEuwwUwIcs678YvGem45W/3nALffcXzSRBFiOURE84elMpWwCVQS7hyGqgIl8xxdGjLKn429lQHPm2obXjvnuj7kaWvK8GIKt5FHLtgCJSoR/twSr8+MDt+X9cfOpKwAOGa2Y9Qd1eEfGxmPWlA2bcI7N7/Q201jA6nQHD9ocx24gGPjRHimE7X+56fgH9AlRiWr7/vXB8Wqg1BqUmU5hnZhwBslq6EZajorPOqJOQUzglCC2B+zlbxi/CsUtel9OYHvDD3OfcI8MeeDrp2FkWw+GPZ2vt5K2uwxaq94KE5LfmN6OIaCo4E+ZqbXHs06PiEWRavs5frLKtmhItT6sR8/W0/9EjxIfGHP+HXeLWVFS9QwkCjLjnkZ/zuOGrby6vOdCrDNypgU+zQJ875n6xCLB1w8WJASlP/acptF2mzpbn/ohNbKq0g0y7qzbd/V97cCtLx5TPFCND4HEXIe6x8iz/T5o+G+W0n4EKtwNX+sJJAfp6ptVLZRaOEjPNVKKJPKVL+vIR/nTqvX4DVkSo/ibdfPxhiGerMhT6lfqjBIabdff8kXLQ3K3+qP4bv3PD31TAkX8Ay/H2KgY/FjFfYEFD5f4PGy8vA7jl7E2Slh4d25bxshYZHeWfH90e//iatqqDzvpyAKC4EqfyOv6KPHlBWT/zt/uBtG7hjmAp1Hz5oWqg4aANWwxCfJGMtbRgYqln1T8t7BJ33oud2BaUlR03vVbvXJ+HMAMDA68iUkkxzW50SAvr2OpA3a+vxF/C+kYToBh/0tEHwoO0byUTnX2Ost0H4UpIcvjk+9ZJ9QQu/GxUmbJ111BKkEpGuOrc470qJ4iaZXjn3StCCCp+77gZadsVK2bSMR8xcGrmxXk/5uNLvn/+AWWSYLviiQQEpqUj0XQMonOC2rgttghrr4wOjKq6Ii+iWG6QmJS1fr5K8kIeDhHJkSuvQ4dPTNDutFQl/Gi87RGXEcxHZ+QGTwlgtZ/I37sS6fViRE8Cw+K2dyFlzUQIFm58Z5c4/x+o7T0HOeA37ADz733Klu4IPJRLFkUxjI35/XQ705W05lHkRPXADbWbyj7qD4NYk8K+X/5982Hg6H3Emd4S6KwSf5IFfbFG8oO82g2qfN01ucZcmqTyIMF4GabQyU3reoxsbQqoDP14iVDn+tyFqD6Rh98g5BudQTuaLVXPz+BgYvy6QGn6XPX1BJUnIAos1OF314SkJoUstvHPPWBQ98Q1aV8TMp1pd8xPSj5g4v74TU/KZJv+UMt2+DuPzw9loz6OgPs8HhWM9SRxL4GtpKK5dF8BkoIs9YLXYjvyYnU4EU+ppwTgWusITER7g5ToS5JndUuZvBP8qvng1h0YhWFd0dofU8lArWKqzco2pFeVcM/Ynth8IJlxLZDbfjgFhnuvE9u4wV504TDdNgfKFVULeqHHfKFF94Go56/nuk2ZceaLM9fiuWPOyqYZ/Jag/lHL44FIzu7+0fH0Vf6N3Dq46doFGUqgB/LUPqrGsvmqSOAAfOZ73RBLA6cFtP9pIV5AzR2wniPCBybPOmWsNzEPck/FMlxBNc1sAq3/Mij1NVx2J1uOWisaMSdLfYLlT5V/S8gpjH9z1ON83LP1dAsGgNb01NQKZMx5glGclBI/aEPqO+IS/jD4GbIh4A9CjeLhD1Mgv7rz40+YD/Vs7z7NJTasprzS0s5/8Axl8qcAxgfigBv0nQWlSxcNKa3Ta7Z4UJVG0bHO812bIjhfcTfxJAdkaN+rvbyaXlecZP3H2eWTtuFNOJ7thviwMN2cOAPx1DCaFMQ1fbJaePRKStbLhUzV1vR9IDYGdfDBM7KZwip1J6TsEvb/SZcyM3vaS0fxTMwmS+P7LGx7WY2sIQf9dv3JSKNW/RZjUus2D/lJwvgVrevTuShM0XlT80oC5xAZvps8yGVMPWNFmjujG3jnFzE4RjOASbR//sWJGeKT4SKQaTqCpK/sDf5zFJSX8Ze+/+jnukuQtjj99v7XTAzM2wEzi9fmrIvNNuVaraom9xBPsYCJHapi8P/GZJ56Mmdp8/lUzYkuRVB9ARHZAEIOP6oSssZxTBqJ4hD6AMTcoD+MUxXUjnmsZyMf6PHL6zPfQU6rZns0yzVFghJubebN8r7XPLFoMrgQmERTqarcRdMc7h9r6+pbov0vVEhddpkO9hPgTh82QZzrTpAR5Els2sinUY2pOw6PJ6IRltZWg73q+pIB20PQjLmsBPszkGCBV33+nuCdyGqfEhyFFcrjtnhynQ99WRFZoMQwdCAa9udrb/ThzbPpx2HqtNQ1UBOBXyt5sV13vpn8yV6TaTkGPTS1fFXVgUHAjKtd3pMevhDCsoBKtsFctVghY6XGW0LgwvDPH1s/54mUAWvnOO4is/aACCVjJInIezEkOphXkI8vk8QRMkyH3FS+flkBToHAIdFQBjEqImEvreuHcb5Rzs/dBA0AX9cJc/TpLFcSP3E7qvVmONr4/B4ZBso9RqPAzLheZ4RP9W32lkf6mtL1gf+kWfAFJJFq1PxrE5dpXYqBi+zMTy/0aKuS+2QPdbLAr4nfnVx3/uR74RmLMHisDw0SF+ejD35VfnroreZQ8LXswgv7+NC+7jv06D92mAP9wDWW57+nU+FZCRQmR2PQsMR1GpuJrhSh2HGSPa3ZpJz6KLA+vJtIOSmcZMNRb3qB2gr6BS7W9F/Vl5cZwOxpd36DTD/4r1tzRfE0/ZL2gBXHsNSI1tTR6FGItjM1pEjeHvaeaonzaBNd2zngxD1qRuvPS9O8RgDXbKmCLSVytA0WKVzloULRgETiHIihkjmm81omixCeXa8YwWzVrw+Llu256cL6TnJnNR0Lsw2VV/6qXfb4fCu/LUb6UtgcrPYHq7Fue5Q05N8c4IL9BUpQpAnSil7bQhuKw9g8Jwb9ZEeC/5NqHZg+/oc+YJcn5/d0tGwPyt6lHVTAcmXIxpTkTqQ/zUHie0HBjBChWgQZ/WtZ6dK686B/rk91P6f0MNXvJP0WNxn94c+At+guX1bzzs8+rr9UqeSAYS/CLwA5bZcwtFtqtK/g1jXQY6lFG9VKBevlGNKs8G5TN/5h6ryVJlWBL9GvO4x1DJvCI1omWb2itSdTXD1G9z7Ups+6qIitJIMLd13KpFKWDrocx3aQHkx0q+R4O3cBc7aVuE7h9B5mg7yX8WxCdn4L6W3VqfvN1eJtf+3kZrihaJyGT7VKN3OVEWs2PBB+WS5VFO/0yLeBT2yvRUSSnkvPiWIIAHhP80AQbNcKiQyfAC9K0zHPsoeYss/2LYac1pDCFOpDYVUr/RbqKXTnQbn+Qakb4lVd8FzlXtNrSwc0Hdc/DkPYmHnZOPNbFuYmRbiZum+uNL7tS99w37V4XWiIoxfA3sDM61cQVDJzbWS+v1fb7Mi66Dol4ZozB8t1CpFoE9F//KyZMhyfUrzwp+Bv6he+T/B3DIv4VF5a3hXmmx7pc2RWOk8mTyQzfmFXxoIfkNL5R2yM8BiSkyQMZlpsr0g7P6YPm53XCqSMKrK/Ry9bODVF6zPRXqVQEdw4jfH9TyGIS1XqW632baqspA/lIbko8eUGKHSsDtQL+CQoHlpSXIkXVI5Z9NTnpJs6qhcRDjYsp8jJsYROlxJwzUHC20puQkhtbdmOjzH5zkQIUnndIUKGS+rmH0+l966CWg+E/ECrTlo9Y3nXTn7Jq/FrDZh04I4NFP5VwBBQ7Z0+hqYkNDuf9wvFfGSiHoCxkswvKF/DXXPzuCKlUu6EiCW29toecP+osCPHEfEWbUYCz2lJvau8LAMYa+hSo+xVF9EsYc+PBawV9mCgRynU7e68vP0XQd9WlDy9QPb/sMdQAXU6mGfqs6o6sioVatm+KfIHZQcLxTZ/TESIm1830pBbQY6GeHGauEyH6at6ad6mS2HNV2kfq+xtgSyzDB5VsPwZxhkWjhBvpM/J0+ddK7Ec0MQl7I0bp/L6TSq91M/GWfgn+b/+MOHzoQYxXo1zZDc2fTljTks8N54dwGEcZaN12T0cOk6ca9QdzRe57fPpyI3B69fFovGyw87Qx+uEHqBOb0ez4mWXvohfksp1sMQKhtciHnPAcn0lLjL/zHzzcY6hwPIHdjmN6MQLN08X07PD34anNjfkexekEYHxxMb+IQUdi3bhMU++rEpFskC1VuCnzS60jUcy3u/sbUaytAo2eZr0Vh2Sy1v0zQkIg7WT1QHzFUylFnA6ktUc9Ccf9uJOaPZ9DvdKM/84LuqKrVAtaDCzivEcgvvxJIrQVaM00ryWqSkbuXnTOGX5mxUrdtmpeP7SpSfoNA18/JLiW/sxijdKRD6cfbvXw8gYglEh+RaGhYOG1udzvG30qyOxLfBmCDqUr4+AJ4LFV9h7/g/ioD0O6V3ntZfc/qXtuJeNTWbpjVeCq+Dm7TuBxIo/NDSZi2L5kFUEHnWEeAGPSvTXttq8Tkqo1qOqHj+13Qcx43wo0VTIcrrsIoLtlmFLGy38ijSZBoPOvAPxq9w+LOQ7PGlEaFfE8OCDPFKiXwhcOzmwZ3PtZFe8es6W9RloYo35ZciRlFy5DEYs3guaukGZ0I6iNaH9qJvSLBSySQQr8Nyh+q07XmjhnyobVLVXD6xbZqVd5ycYo5RUpL0QSzWGTcD8/JtTARXuChudKO7hU9deN/ziGXYGBwEiV/dfXO02VdoHLpBSV+tup/R09l3O6tf3Bj3arPhtb6Suj+OUpuJicGQfNSUdCEXMhtcPlZL59ZAG98WsOIc1FeFyjKH2bSttfcvrMWckkhwEwaZ4IlYwkCZOS+Gcn7G7OIGQsVwj1V1UqnLzJid2lfV+k34GN4SJY2LU8w6l1hwSCXiuCJjeTvno/5ztoWOY2xDnjS+CSkNBbT+22FU16mMWUKmoWzKOv1iLXnTiR/ME4KvB+cGqcs2Io1z8UdQGCBv4hYr8LPeErhw1qysvAfnup4Y1eTnnLyUZkXQzFljAeSfD0fZdI3dYSaUlOnj/r3ycAvXgEKFGs2f96wJsPVTq745+VxCRFiaB6ApJkRd9RSMQKYbFCKP+IyG4OvXT00ekVyTR7BXyYbBrD5CuR067HiN3NzkBgzG3J6R41n1yVPSU+WeDyWOOVTkYU7rKAkbyeLtZXU45WY6u6jD6/wO+s2UzALaox6yzXeuVCISu7usWUgv4Eq3wsr1Ya/s9LAOqMeUkbnEz85TC4XLM5Z51nRmmooJrNN0eTqo5ZOoiZex+VVvojcnaoPt3F0Z99TtycTyOyej5n56I2Jd62otVtun3FPx82zGbUD4wIEawsp9LreuU0xIMlqOmKW+ffX3zJBK8LD35m968Cpu8FNEg2OcFTFOcXMsbLhAYiu8tsT5HvaYnlQtId+asl/Bdp5ccIQQICf0HGuk2qLFRfjI0MsPmy0e9ynhb946EDIz7+xkoROVBaIVIchuQL6Az9DDhVFO8X7uZzff+N5BL42mGprqrh5dvexe7+bN1nbqQw+AcmE4nJaSb4wffGwb3Z7U0l6C4m9PVabv6Z+wJTacuXzeRIPe7HZziMuXQuo9lYaCLh3r4I2Dz6MGkm65gqB+LvUJUxyrwJr+IF23P5cjlYR9Awg9EJiY/vZvI6+IQ3l8q7KlXUlYNfvJuvSV/v4E8bLzGOOF/Yl85kzkPaK1fAExp8daWkRx6+8ig5Yc5DNJz9PByDw2odrakWIr1djGgYFihBiV+XWV5rhA0ynh5j+LX/1RbeFbE0nXh2g0Tcl47pg6UZdCNwzCr5Z6UMbS3MknNGPPtK1Ustm4r8ePTXivrZM4YRPPoqzXfgScjW9llXZ1a7zyO9jCXUTgGjjvDISpc4PR00OdTAMPR4/nbKml3CduFbDDA44zz1IFhBy8FqLznxOhhcgcybk4s/IaFx8ZgqT7OuZ0dsVZxKA0/MFsyeLrL9r0hII2YKmJmblW2+85TfZgyc6eW6bBtJXZ7OJjJWSVZCwxJ+sMqIl8zqQf/G9fJeel37alS0uz5dp2akuYzmrakkFypvlCmXwT7w++JgrC7xP1UP2ST6eaweLfsA7nsxSmIbyCSratpI1KwMxzL4Dc+ueRKdDE2RxFOmTlDeMxp/J/ePa5NYoZaKYZ8/svrKIZOdyEt6nunG9/zqPRn0SWBgZP5KNJ/YXIeka6j9UBwXvY6WsmiJqXuiDzPwW5CKP8LrWJFq7YwRPaBd5FfTSUBfFRa7GX0NW4c7ofcjejZ4DXb349HuxaNoGkO1qwO3IJvmSiRjCiEXAfuqofnwKQZECtlTIVd6sL5tDuMfMWDxvDMBP22DCO0Hj4n5gbNEbRq0Z6gqYfr8QpC2dCELAXLG21w+PiapD7eNdBK/x9ckE1/PZ560IHY5JNpy/kuEU9jlb4R7S9xkpx+5iJAR2F3q1v4WobLwPv3XbVaIyL8J98j1+eDv5akGpYQRGdzh3kbIhH/TEvpLBMQmDmT4nb+jKKa/rl4MhGhOHNwg7ccqdC6sjyNUoufOjpJie6TMkyHzUU3/M7CLL/lXpp7FeX2fUvqmzjeAJys1/O3A8pDTJGkYbl9lupMf/QwhHB9Awdfw1xGPtaE0qdgPaMFRYP/SYNc2+rH3wvN2cZ+cDEuBxFs9Qg4/WO+G5N1Ba6KsdIvVnFKXN5GS1Mus3GckbVeyQY1wM9l5XsImTMPwx6QqdJyvBPa6XR7J/ghuJApHynHOIy09eSy4QCzM7oX7i3BC+LmA/FNLG0Sy7VabYz81GVcd8AkwhulWT2N4zzHk710Cl9Kv9jjoeVROMgZ840baVYtM0k5KG6g2+BV/7QBRHP1c6iBkewuRAcC/Tyu/9jiMx3LgJk/yEGCOPrSbcm7JsF3aVVQBEEEoK/ckx+J3azeGhl1dOXmrWS9X+KFaXJZMBCEXQKD16dPe37ik4QTVv8Q0IodP/6geXSyC1RWOjBjLZ9K/+Vy9C3AwwM1HVkT+FhP7x8PslOctmq8w3ePkfp9w3mANQQZ+KiGaov6UFeziFW66MObrT2S3yQz+PSLkkYNs2hCWvAxlGsAWUj8Kfmo4Jmt5wDtcgMIHRByaP+MQ2pfiKssWNzz1NoQx7H+T8sANTELIRpCv2Lh3wf4GooTeGeRUpCn2iG0QVUm6FENwgMiYmDxXjgb1vcuUysbA3tWNMga3667PgnWgkaD/KuulR3D51yPxvqK8kL4u2OpqO6fnOoC735D0+1uxUzdtvH/pFawNHAcpwL9PerN2sIqyweO7RFytcbXzl7YCYJkeLpuaL4/x7RhnXOkSI8tftChdf16mpxB0lKCL6y3RTU02L+0+19vQAFaVuz++wQ09Mhblwyi2RAnuRiycLySfCN9ZuZ552HVAksp5LkEDylfxF6iLeiBWq/a73sduZWMn/qIz7KptzZYw8caqWYLWktnfNpgm+4QhUwwvXbIitkN/KCC0aGg0MJEfZMxe3tp9GCMVqaGYQo3+EEfU94+q0PAwG0eKAHfJi6uzzxX0FhDyNHkoCkY2D+3X2iP+vHDMfX4+onmY5jGUhGmhZ/ozJWGBIE1zNYpjN+FDjgdoOsdYr7QJtOd+Zs0XzfB5JcG2Mzs7xtKwjeZjC3wsCX9dWxo5asbCBfKwAE8Ypj+imq1Clh6oQ0HKpU/R5X83ifas66vAZ6ERv0p7ASsxg95sK66x4pYUfxUg1AcaEHnT679Wf/Gh8ZeMgCyl/rWd+It8LYbEs5U6ceVbmilcExhtjOFxjoZyXovD8jT1HAWwvSm1lp+5yySy48NPSLKC81ETaxK/q6CoVWEZHN/2SMtgZQPGQCxaQhsWdB3P1FdQIlI2i7x4jzib6XgkuimlZ0VOqGLUHuEji5FBdcBOwhR5hOVn0CmirE8v1ATC2krC/vO2seQmQl3fGPkorx3GVpptfP62yAmBpjsXG2h28GqdVrAnzBrXWslp2hzEZSxywT0L8FQVfelYJuAVMQ7A3IbHAy7wJ+5ZVRpj/miZ5DUkoviFGfKMU26u+TBT8Xfxj22a5oVzBKydb94OSiH0xZu5iXfnrz/u6CJ+mnokanpxFha1HFijE2DoKGLcrDlriNxzt/sHX5pLusLZcYp8GuvmK4m6308g5/iHyAlEGvBYGXvRZj+QKz5iv7ykpS3ZAHLIdvwLNEBYkCPwy5Pni+FENy1xu44ERdNx0DVwxMCWtxUBmQWc3V1w7nv2SfrcWK7/YeYZv8pW+7IMPI3qWPQSpaGfRGQCPfGEi/Y1zTvXijI/tWdImUfYcViA4eN/UzgQipjMUPJruzDCu8Nu4xbYKx9QuCWu7dWpi/D4IR8Glov5i7pldc3N0TL5OiiJFRDV9AzDk14q0BUabKFV+exUU5kYgbP0Xty8WMa62fm2AaaHJ8dLO1CqpHwXeEw3DMS7qe0wEzMgUZAvz0yn10MbiePn9Ffx4dOlK1V9zlUdJQvebzcKevQqoW6/vjHoNTm+qivT6LqnXtICTXpgUZs36ru6wILGv1csJgcw/xNt+xURmcLSRE/eSy6nqSQ0OnrPBfLtKdTq0W1Q0BRZEEWBuygHS8kuAOMypdzOYAb6qUBG5kHC8xe6zZcdS4woJFyvSbMUwFvQ5cRj1taWSTG8wo2U+NvyYoDmmOJbe17sIqGjdMAjbBjZemIRBZQCGKn3oJiDHOlx5tHnZkDY+TsHZ55piBE5dCYontUksvRNvPOjNBANPNnPSc004JK8gnpede7Usm5lyMeeJpi7iqXhPt49hm3gb0I8b9M2bGK89lccjhqkofHwV1y3ANVlCbNV8ZMswWW7XH5N7CEvC7cEFpPcw4T9jICvJSc05+1vKuve9kH0O2fkU+cHkpYG9I9rEXKX2xBvyTiMQo/3FVF1R9ETfm4iKBlD/lET9VuP6Nng7ynyqlKdYQj8mDliuO5V0jyjuXyibtMci+Vk+K9YBeNfH3KQ0wiJP7b1G8vUIhEcO2823DeCMWH2ExMM8e1C4LaoQApMbO2/uuh/7ERLpGuhXASDt8DtfhOfkyI+n+dYuW99mBdKQt7A5Uf4+yFpiqBg4nz0lZquXHLeYhRK0mpCb6oIQAf6Za09n51y1QYe45w+xUoWZBMVa339oh+EfFoXqg/9XGhitSnRxKi1f2VzV5HdLmJtV80JtPzSI9gJIDEySZXXiyKPoloe5OK1Gbd13FXTZzr5V7zxL6QQVpcC/EjDAK+4zWtXGjjDM9f9Pd8ClQXAyPo+9F6BfeqGpQcJ3CZBGlQnCV17Gh2h73nBgNFcV2euqXneuNSxsbCxbTKm0xD0r+A+Jd1XcEtPHcWhGUtVpbJ21b7knYA7q9Hf4IJe4LwP/nU/ODczgXG5BDWkQBeYfvxBfglBdZ8vd/bXbLCVgTwk9Nn008kbcgy+Uqhzz1+bQjVWY2XW5eZ7PI8AbVLlQSSyb55tOawhlV8fIhsd168Ku6zskiKTrff7s0fAYVduQz/F8cyzJCGo72ZJWe1v8o9xmK5IQvmvGEz3OTVxaEcF8r1xr7DPaQnF5ChkwrGcXmmtKvLboczYE4sqIfgN+1/aomxDIPxvNNJQmix8PXW4CcRZeg/cB9PhSVeNrE91Twsr5xlFdAcHffIigDaRf3JOtzmhEHc+CYkoTuQ7KKDPVH5kiWonC6Fe0sQ2uz12X5mZGrL5G3nAFulrYDarnTyny5m9CWEakgGsY4FTJA5buZmypxoRh48Rh/aFyMimoWae77gClrSe92CCDcIwlgQlufmJilO7U21r4WL/GuUmAIokDLWsecj1i80xc5Jkk0fL8qNZSaorKVhibelalgMUQIwZlD7c7dzA2csocvaXNwU7n2t7q47YyhQGC5f1UWrPHB6G4mOxAc2ZGOxl6pU0cD8PXderLcgt2s3itX9AS1CJofsrY8mrNaY7iNzj6cilEB9cKpZ1uEXMzSqsBnue3WlNEbOQQVJBf80168QHIewrob1IlUm80xM5sRm3iy5R8eiLZv2km2QmQuxqnNvWpjzPk7CbhkECkqSUIAxsr1Nw2X+R8vN3/c2eBcPNmLois4wW69wTYhENJvLWFq7IzqiRpNcWVv41dLOtF6avbiD+mD7zV6VPpP4eoH7Xi9xOmNSl4vrGdUrLgNy7UlSt5sornW6Vw8W/dR4ZzeJaJ8WK5xOUYgqPdwkyhoUxhCGRuraFvAaVKdz8L6NiQUYCvlfglSSyg8rnlU1cs570Z0pUNfuUonO6IFrSlfuCrVHvrD8El8ai8zk6+0aoIS4posesNoIifYYABcT39/jrGEKSo0adpzBKp1T/3L+mK39pHyhIJf99gvGyRBIErqsM03Xxt/+U4Wc7zuxShe94aNj8FkD9Ou9dIfhhPPUWWhxBcZbp3DJ5PvLJPHucatU3K7zipr/wljnmp2m6j+LwLJd251IGu4SdnonLN6vbKvmiAonBbrY6BF4dTZz/mjrl7wXVoXVbuctioc1Xpj+Zm92/6HEVJrtzZ4APRqxrhP7Fqb+bh1Fg+j/fgaY0AipqBPFnB4ko1CxknbbEGMmcXjkTX8rlZFDf5hx64LdO2MoMwf+GpJFSseYUdeDug1K4Jj8ApLmOWNilfp/Qn7q5r9R+HwEzedVAOLncmeoScc0PJhamtopBZlvqW2SPO638MMQ7DgXgwpDgVZcCQQIPmcqq7rTU1Q7CkFm5wB5T0HovL1k31Zfb0H0jqHW3pxpLp9xUAWL8+eW89rk6ztjmCR79GuJrnvrOoWj7Ex8V9gyc8j64YPBPm3SiDVoEHWXqD3yb6Ym5+2vwguH4JUspmitSWA/Ur2VvRS3aiX46k02o9dRlbNJkHzdmMEe1fhiNAjvzpavmXxrF3brlbsn8X3YU8DA+6VUb4n789Vp4+GCeB+13CuoZPDEkLjCWKi5Pa7vqxAxl84X829cgy30oNM2kyuXjnjsriXQ5mRvEmlm8LFjgZZE7QZL+5UEblk8TeDKZV75xxnrRYubny5+Litx6vpzYvUCwrEWMOzyXG14gDLNbdyhLRGKftDx+gSY0x0U4nWhBz/MRqH8hJDQtpNF6cZ+Cox1MBpYP1dcgN25XV2O2Gza8qW3MzQTYH7OaXL/qbsn2kAfmJav+/ksD5L9Gxp8f9MHJb38xpKWSOHQP+O9JeKI9le0vWzdBuR2zGF3kbXX/DCEcL+dX4Ug9K1z4vJyXgAIp3RvF+k2rPnm5wlubf5U67HP5cgqftl1f4qpPVDi8ui6AeFmzmleD2mVzW0xQU4ba24VD/vTQRauYjKN1DQTcXlLNmnyvEWHca7X0C+PhYx08gnWWYqoe158vOZcjg0cCX284xzWmUrf6l3T/+OyvK3wvxRRMIHlelDy5sIp2XxR1E5lbsPHX4OY5WRFgQiRULmnaTXVr4qw1VuH0XVbxrwaPh9X7Y9FV6SPEi7b0LW9+7yY+cGH//JmKL/GeBy3K4hiSXqNfdoH37GQFdU6M3xr7QApwpe5/UvNVSxXNik/3eSlw5zD2R50yZ4zlx7wbT65DWHmN8iwLwyPsBgUcYGesHoKGNEOnCwUtgfCSw/GGvnybnt5evQU5RXF78uBREcdD8hIX6xJ4MFHD1y43ogjG/Z6itTZPkClGzi7LqWkQxe4YwGL9pLZfTpXVagufNvqVMa+V+S9AgSdTF9MynjgJ2Hc1+zfRB30s71XMQDlkNQfwLigkuZFjaoesaGoyzklZwl3ofpRGVn02QnL6M47Cbyb50oW83bGen0N7rIt+9FYKysaK+C+Y5yLQ4INAmyhh/cyeWRZdetheTUlV6ydfEOHh104D7j30RkcKIfLS2C1iY+0qbFNkYB7khqCPHq+d5AAPneX3s1Vw6e0IqvaCxOqTEVDclFEZLl8vdy9eZW3iJQFbgs77ikb6l2vRXa23Go/Q3nZC3LryLJtBbgT7Dc8AQZlKqnBmJmqTtRZb0IfbULv71UMp7CAZX4EUX9UQK9JNosnnPUeeeQCslY4VaqAgrrA9rM44Hfew9z3/G6EglEpvpWwjRZZvS9pgvVpT/kUEb8rYAqXYSFVqFgHp/xv32OHx1o9onan04pZT/5/+ZPYKmOCikZUfdam/GY0yn54F35Ujl60wiydSkPiKKJgCXJJlfxU+DMqBZWJK3XRem3xB62aKLSn1zMtQudAsazIjNI4gI84EhUOTxl0jeLgA8b/CpBHaC7h3v0PaVoqgiIkw7BOzeYjiC1qIQmkSaiTV2D4myURqHJeeEtl3Vm+nzIBNNNdAzJ4G2wdZIpUfS3bzFQw3yPYnnb8i/4xVyUxiyItsWdBEbOmCWwx907Av+7irieUkvXuu2VJzgHeYqXICV4OB5lpauHa1Xrwt+77l7xV7rMNuW9yl7MNOgs7B3cR1PmQYBkd/woXZk2xG6c/3iabB2Izoi0z2XUVUqnSiM8ySnrIx/j3aojdOnjyG7icEW0e0jtq7J3sMr33DkXt+0DGSqyQ9sHYL4ra4zyOK0k9dXOkXcWSheDSYXEpDtSb3zGSRZe7glhmaaQYLdEUTMOO+P3Ok03Q1RVzlOuzOoyemNMiZsJhaV0kBIhmOVD7aX6avjwJVQWV7uQ4DWZQRg12OiyacQ4GUmJdM4iRWIN+/9BYJMEeSG4RSFINSzsa+z5hstLckBkrTiWp7JH10ijQrC8NuVpvq/vWW8G3t6IHqnTU3FdMhT9e4Dkm8pO9BZzOGVjjRJpuWx0uz/w6CB1uBaQ2c8zcRcYRA4yIGATrM/2tSphtwIgTTwth479uadlF6d6PHKosMU+g17fcveOuHHQTPWAazNy10lIYGzhaEH7tGUFpnpAVWVXnFFgcoYZREbng5qvoEgqDnBUyTfhYHLOH03v05sDwR64R8CDixel7y4UJlO7eqvZRKVZHJxkhs65zJH5FveerD/BIxRKRxP7FjD6yIJU3OBSIw9Aj+wanV1g22VAWMuMWr0+PoA30OqNAvJDbb19b9vMkk7GcM6G5i5AcuQjglEOOf3QXgJN6pMkdhAiUlfXV7xM6Razq+NVHTSp1v8YiiNULtHMiTAqi8I0nxb866WDPOVXnhHV8rZ/cuW5j3R/vH0CSlYFNsD74qvteYLJBDqES6QBdc3wq0DuReiwSn34t9KszgHl/x9Er/uytbeCR7FnjHLFqYQSjRxDdRQo6KYWsK/ldkvGFsCZP1PRb1xWYgEsjLGLgVGRU2tctjS/SaZa8cFtJAugsDHf5J0zSnQz1v+a4tUt9gy+4LCZRP9DRXawF9NtZpmmTHWtzi8ylgATsndnM/2grcf00WtGqvIVxfdSXH1Onn66GSfkYDwhrshMZZLbPPwMT81ebIubF7K/11IEBeOgdsyd/0LnDgNSk80H/Hpx//rUICzxGXF9QKm5XlS5rRgnTS70QAghFRwI/OsZFJWOePO4/mqnIfhIhEHbkd+ymENGRpwld71jYGSNkyU2IYr+saxRH8utWa5ZyMOVhVLI28Hz3Vs6WjQpSNU+WGFP6guBnMIL7RS+rvJ/PANfDttfJSAgaQAsjXKjyEfq9AeucjMHn0NQ6T8xzWkZc25Lf1fjxYDKtqd1jEjtV9IM98Lq4SEgvQt1gQgWjWH1bhE4VcdWEwl5HqNF0QKxtLn31XBJpP/8p0f3DYNpvM7ZXqPTsah0kOr6WLc11xkwR8iIzxWv4zJ6/2h44kH+rqSWNf5WUWXqbnLGZWQgpOhMC6cM3E/Td6ZkSM7TA1vv9zLr2SXhjh9fPAU0TRIIQPrFCF1v4V6MOMkXC8yoMA+x3jRoDMoxgFE6sEsG3jJFMDCVTSGOPD+CjSL+fnlPRjZVXI/ERfOp/PztI4VrMHrKGYa0zAOKmteYF7jYRTTC7q2VJobhx1qQh39ZkVXlt/3qvH3Ix0hEQkAn/5wPVuf4opnDo443rrzAX1m7wcXXGWg3XrhZGh0/w+fH5YRc81ohb/tffoNRfpUaj8NSVD82hXHEZaBv/NkS7wDk0jKLaCp/D1gLxVgs1p4KaMTlPD1wUklG4xjA9BakYkzJziRLVUwBfvZfa0jwtjzbWadIaRsbc0mLoqFHCKHt79syChRSCZPpIBR8qg6MwUfhySKlfNwjdkJfr185QEIskI0bfY0b1b28nisPttSDoPOIEBFGWkOfYpE0CkC35CehzKBHpyj+gpzdSmFhkSrHgLGRlhcCqQsOJVaB4yYJ/VZBsPN4K/Supvj+U9X9RfWsJCFFrxST3HIJSeMDKLsR2l3wQnE7Sm0BQ1wgbXRe6ImF/ONnU9dSQ7c9mBaNFLtrXyRmOMd2mwEVp4siHc+eD5FFIph4cSsYFw014+AlCpCtKt9q2N9NLR1/2ZKq/ilkII1DIC+lwhIPh0E3W0G5W+po5/7RnwTpdYq10tk+Vxr9Lgi+8Ft3N+1sCy/4O+C4f8DwK9NKEY9/8BLlcE/nfoKNa9uP6fQyj/Pyg7XGIxDcW+voIM/ffqB/78H/zfm+7/jmDI/yHJf4fOJt/r/w5D/w7VRVPV/30aAv8fBP13ONn+Har+/0/4yzr4+1xgky626Pv/vYy/nxGoyf+9x9rMzcm70YzPtvfpF5yf/v+HU//dStL/in9/9+/Att/9fwe2OpnBj82QVO93Btx2k708J0mL3py2Zm+m8X09nfZ9Gt4/6MELTJJ11Tr9xpyd+mn9OxVa/n39P+eg+6YC792n+T2abHORgbsum6t4L5v5+0j6f49C/3vk/TlP9uR/UPrfr4gwjy/LZRufMewTUsVqAsv4dbya96r3Jx38x8ksLYPjjdGOyvt9ev4Mko2NxkU52Nld+FhIVOgDlT+Oh1xyYihPbVerOPuBsWEWCN2kgx6TE7Qyv3sELAjCYClBEAdbElHdImeYcXUFBnAKMr2fQi1vK1xoLxPqXvOixHKSZW2d8S+Mosy/fPzx9/EKoYsHP7ClC8SVVHNV198yrJQsbTcIHhp2+69L1x80BGpUbowUILmBqfMHcCbS1dVVT5TrKL693F8T448bcu7sL6nDhIDX+NDw0XHHzLBi9l3eYagw/qIxSARJeQJTMMagrCDWNQz6acSf3P8L5gWDClruMfr4zTpChitSJPE/DQFHQk64fkwEupan0SJRgEc8cwB4CPajvqKQ4fGclu/jZ40IqPTSAY5U4yzk7eEJ9pzHDb+cSxEcHx6tI0DJB1jnkvEdB7Jswhkpztr9X5BRnVxKlxewmfyoI2shibBUzOgeKyMn13ayuhbdv1On9/AZYhJEbhnaf8+7BAIlDmf/k+/K2LuSsjjPorxfusNMK4UV1mgcE7P6WDOjb841C0cASgvkT9PVHo8eBZFMdwAhDQFKwd6w5eM9OCkViIehtB+6nyJD7BfMLv0tKN9s94/2tNRYErL8JeMa9y1bTPuBkMT0Idti4bElBy4TGHV+SNH+lla8UEnecW1s5UnVxEhAztfQLyp+Gt6+N/PVSRENLKb0nVI0K8sDw1OD8PII+Ni+uXp3GApBisf71mAmR5vuFjbQYyAY2embllgGJW0tBb9g3XMfHyhAzYnNj+STTZowVjq4ZaKYFAdCgVOAR1dVDm7KpkcHoBNpM19K7RcrVfPWSwosKLw83Q9Ho6BvXk/JEarb2JttUIwDdmmlJE7oCJ7hPf34M88ODbhvBwh8ergD7yc1dypcVXLQB5cc7nZOobyIBU9RVW9q0tiqJ17N8hbc9bvoBfmUR3SW+9x5ayBVRpA6m6ZOy5kKwWOhfzEAX9bNVNuMnH0AA8cqmvkqtVD7oKAXXkp6+5uzMkkpZzerI90kDQJw6IcxTCUNvnSfNvIj3vZfGm2j6+UkGEpuOTIV/BD/O9QJk7OX7Ha4Nu3tdke3ksIu+Tel+pmbxVi8rQdBEC+t01hR05NjAi6VemFnpzZpbBeqsakzPe03kKlWf1sTjKR5N7VzvTzv4vrQ62ByFpGKCTslR+s0uIQS/lIUvSE1geU7bIQsG61sm64yJa8aHK0CNz5VQC2bE9ROmV6GfwuXH1nE+jR5o1JfbRVyBzKEZzf2q6UJqdf7Qf+tTxILFo70pzFH8opLRn+5MyMSY2D/XGQeOI3VkCXYJG6jo18rjvhLO7cwzD9WldemorDlldF0J35h4Rc4Te4e6rwpF1Oe+OqXAXNkK2wnM8js+j1Cz1lmtgK/AfOhUt+PeFegLcKqfYtj3GEqGAFrTho1Ps/DiuKJZtfaLNtECJ+pi/9c0e6XVSphJzZF4nqYeyXFcE9g+xjbAGtGWtOnZa9vche2Wxyn0xeFmtcRaAvcNVXafOAfrWabQXI7VjPcj9mfRqZtC+dd1Pe9iZ7KajxpKN3EHEALKNi/QzSOE/eFMSXZCBpFGzJ9td1rOAQldidPbS4mFgWru1e9qzpjpRV4jcwPfSjo7DYhy13CYZt63r7CPmIIhIpsZqj65D/NKtL72ts+LUTukn+U7GOw8s+UsFRjTOlT4ylW1lBKipH/9ard2Mjvj/qblKkT22SF02JC5F8Le9BJlsGKjPw8S/JSkhtbqmW6go2WHGlgNNH4Td9PoKzsnDzQgH4wEJnyeEUQ8cLiTuOyoryzZLPrD69cc+UQIQyu0rNF93A7XKsnrITvTberxguujaWHpR/KXBqPJ7/Y5qZldenWOHlU7q4JlqPP+DTJpHfJqNzud6zVhBd4pFdWaYs0O5Wz8YM2+FnNzdV8e3JQf+c0FsueYsV+ipKf+rU4fqdtEUs2WCiORo/5YFGg7QJ6/OwFq7NNaip98Bcs2beXOqZHgIC+BAL5nrhgwVhQpt2ZNTRthtnM1zZ34qQlAf+FxVPxKpflYM2b9p/CSjMkebYKzJ9HF7ZXTpkJjchAEBUYQCqc0mpo43P6fi8W8OBVDn2ijXgXzTGBoFw68xA6530ctq5RWQUIOETyb78l1Onb3iP8FN2tSJPGH/Ed2yiR9U4hmfyQ2VXlVLfqm2Bymm1H70mwN/dxl8mrLvYC9rJi+6OemRXEDRhVf9QHDbIyTudR6oFNqMsum7LXlMh9qcg5Y6jeDgvOSDMODmeNRtU/NxAj9xcbX8J9/JbYxAvjfCOUk9UOgMUN/k0wWELd+Il9PwWw5rf5Z+XYi6uzUH86lsxTuM/lFRhC4PT1/1qv91wtMpBaCVX+taLhwgKtN3C1Iz5MKRTysQ2qaDPCR5ea+vpLM79thPfpBv8HaF583+5EZlC+3yoxBmJBwVRS58NxAW0UxrmhK6llLp/fdBj/C5RN5sF8FhJINWF/LCD5T2DZfipeVhW13qs0XUAInl7fZ1oHiflCsIVIgT3Id/3qEuh5ItifjX+X9ZTxhDR7lQK5XhrQTqyPE9/iyHKxnVl0prnb83wTvc1cXqIJVpCtbROMlDrdt5yzF3H7mhOIlguSmHQ//+hj52F7nk97GuqjRWkDt195lYb70KDlryJT8AjZL8BX6rpELKvzTtN0rOnwG+tFoTeopVv2LKPWczS5wu81HsivV5aRpTSou3JET13u5ez+IBDfjzGNe9PmYTvyaPsonqKp1jf5ykJN/WWs0C0HkgR4iza41wr0gaQ2G61ilkvF3BI5u6YgHswWcjWfdB453/uaZcogm7+q+dhgllj6IH1PlanAzndZ3/tYBfpAeEytYc2iztpsUpm3qNNtM9ULXsclwjZy9F3VcbwuLAkKYJ9LManl1Y6HkkKSv++bienLPX+OT62uCBy1m/9qYhCYR7Lx5ZTLdl3+p2WEQ3phOG5bF2Ffif/Bzc/2hE+GV0RWWHZp6nj0Oeodu4f3lCEeWKyudr9J2yQq8lobkWeYU4tFFiLVv/yUfZnt517FpvFyn9mRoRn8v0JroUZ+5z6H8DMmn4I1ep9I3m2sP1K3yIhzR4evegVkD0aYH2cv/ZakfXe+P358kXIvyxRddaudIIRGxyrWJfxzO5n+A1zRyO9j/wWr/TUgWPYqU4TkN2ZWV7p3BIgerWulw8wF+qtEiWSBoLN9n4u42CL+fNrIql7QcrpnHPfPaoXYEvdR4OWvsXm4vxnDrH0WVMIZ5j4GWoN0sSD2kN9+JrGJO27vzWS2jv30h/qkk7GGN9lfBFaLshxzyMVflzgRngsfIm1Bkf2VYzKfr3jTOo8vuhXifb1rxtwGnBlcZBvdfVZnjx2okTvh+o440MAk2CZ4rnDFnbpGwd8sL85GvVuUIOpYp3x47d7V8rr/KfFm9IT4F+hjYDxfl48NIYDxeoqhVl4+3S8gE3fnye5mbyHJTrYiTFkB7iWG4354j4mvNRFp0gWDnFAQ9aA1Gz8RNnMs55Gm92gxeZ/PrF52se1mQPlzx/mYLQItdI7ZbyTvKJKL4OdTP+3FbLIwOin1aH8RtsALRB3+TklBLKomCLjBtwS2Cqjo4Q8iaoIvzeOwHcD8tGgFztl9XUO61WjwhEvlFEZsnOk3X9cWWNkqCXBMgCHQTHU9krrEuiIwYU9VIFvmHHU0jCTA6CBMlIH3I1TnJsuvXcXN88wdrIeKHPOpucWsy0uA9hQGj3eLPHd9DblsN6G2U/inIKVvurpNFQXKL/5jd0UnSujXhAxbyC6Z4/RAWn5qd4aFn1v+tSCX5DLcRPz1EjlOiCSd5kSUp0ge1q/GxTh1vcGOu5d/RR1TkRo0TvXbzlrj88tOSwFirQAj67/GlhBhKmr1nTAI+PuvL0eFdJTP8vIdnG60iLYXrUKZD5xyeeglS3q6zCXfzyq06jBIspuoo41qGUeuxTS0f3aiyuYUd86gXCa3T5MP+8XVw7vr4H3etC2FZXDCwcqE6CtJj6Ihfy2PBLArJkHk+OmVYH1mmgYRZxVwnUbjXeZksJ3DrPc8bS1ESAtvcUB/h7HAR2J50CvHWn2gSuu8G66ENvjINOFn1SHr2X4Qm1DgzNiVNKu0xlmbAgcll1MUIMc1f3Z1Yvd506uSgTIV7BAdrOknrdOtZamzrDKD1u1bUugj07D2xvw5z9CJ/VtChuOziSlGew+HuRlR5Z//n7E8XJCD4BXM7USl5glgR6goGhuRKfLoS1Q13seMv6Y/QET/yLZOXaCitqVXdjlpoxJ7MqYblZ6Z58+HwBWm6Uixdvlabtr2bzG2mCnW+zdN3T7e8bt83+MgXUO+qaHN1W8bFNxlO+tM+4F8B/hT61MrjZB5bqQvKr7gXplzQ7Asi+GqNt8rAH4qcQFRJ7C+yEuGR054iTky4p7BDV+rutXPAp3z5SER+0s6dtmEhhYkQX+xQzPVWbPoPg/vMBD/L27ele+7uO63uJG1y6m0kTJcejKqMkEr9cXz8ktdk5EddqGPDLV2+5udPxgdUPE8Dd6zlzhU04lPucC1zGPRa4UloYoGvte1tfOKEJ8vrkp6G3eFoJYRi/3s3zAgYnZ4t9rxb5GSIpLcT/l14+K3SY/u+Tlw13RuoGUzlq3y/pzSFX9foysIgnaujoXWyrL9wsCmKG7NyovHEVuFa2TbD1bgVzOxTv+gIS8i6LhJHzJbgUwKqry0SgKu1XPC2oaZeAyBiwNg03KxCBQWIZ0yL0utaPUvSqx+aavQVAhRJhkTOcXNJXXYAqUc1e9WfvKeykx7tcZfkSM5iKkJVCTdK1+61sDY24yIvZw0L0gOzubBwJ7mh/TBowHmZ6mXUG69OpmOL1hdYwohuHtKh4svA6QWt5Lb38fGQfVoFa/OM8Ntfywn2meJM6jxJwzV1KFq+/KbuCebYECPngcRwU+bcoYLmUrMbjuCu+wz6dNeVxt7mQqpLw6WvrZ+SoAzLP1JPZAKFH5u89um9/ebzaiqLdEvZsUXyVjPkW6KvirDc8Fsh0LQB8nDay/Wvf0QrJQV1wnUKC6i7cY43I/GmkQ6OszcSh1rwohcRF8VCtukzm4hOgANRbgMBORfS7vVc2sz3kQ36HyOX2q2RPHazMlH6QsHE9WQF8Oxzk8X1yJ64Wu/Jz/VYqBjxy/4sUDXlQ849gLhPPMhReWEaCZ9Kw/cqR2HSl0a5VqFFxGmttSXa61aePZzI2LIyuy2JAZVbbzkn5E77tsSU2RBZvO85Z3xFf85aqcrXk1nRLgNwp4H2LC6tQPnhHR82ekb73Q5Kdqgg/7heuYqrUmC1EVfZcXQTaO/KYEpvF5MrUewufZKGgOv5rmuWuyliaL0VxJ1EVe+p5m1ZduCivRK5nYgCIpCQlwgWVEdJR1n9wwHoWZe1fTADZ+K2ZOEPqqkYfz+Ilb/RUdoAPzy6smLvxZzGF1QFA0uG2bQ59CuyLh8bk2lbxXVT0PWlx1TLtvqYAn1lcnYq8gm/3jAdTcxBMyyrRLsxazv/tAumCcI0uQudD+QT4aIKDGZUD+5B/OITBJb7hOAMGREyLSHf/ONsf1V7HS5XKGrliOcghhzvdzlE9Rb9dPIlw+6/7U+GyJR2cgsJf5GUkLGa8iEkJEhI2J1aUxPb97HB3e56Ds201qjjvpadK/n01U3S389roCoUFztk+zxHjZFyThtMWmFP1xygUHpTFiiWM6Lc/LxCl6BLJlVig8tN2JxZVXuiTAUpim25hpJInQom7KLryf8ZwBn6Ot6BgyiiixBnODswrMhY5/ClHR+TKhJ15dQOwndc7RLSfvT2krhCL+XQwk93jLAgqKr4b20ZWhok6ucQPZppHcBU2Ph/jFB7LeM1y71Pox/pMRyYuJUja/BZzVKbUfG8fJgiyTsRw2JKXqIv5AviL+vv/xAoV9Se0PqMWEgXSkOC3A8sj3Ouw1esgUEzSG0lCPuC8fcQoK+2ouXwP1Mwvl8RgsHfe58O159rKbnnuT2ADp68qv5cB5MWllc6L8NxsLznWedgaygBw7zgcFy4VfiBXMePqZWrGvnHpgTw6nDmIO41bAQYPSeZS/fw4qz6ikfVGUxI3q65UHB+SqFxRFPXJgi8q6ol9ddypeXSXX7GBAVWPHheAgQuSKRYXT4JiyaFVT6svn9gEEuFQuA3lkXP+oT3jV15C8cNRxHIJ3MBvlGNifwaq7VgtF2OT3xgdx9yPhSVedzaXpL7AdBP1/rZQPA4cmY5X8zva96p1JDa38XwBSOtrMETsp5GrhDUIh5HBBfKpp6PLPZbRbxaCdZzsC5VG0Okyt0lVlW+j8oCdKVKlDGKwDcnygJkJKHeyCzd0fDkXvZesEOb+D+J58IjBpNMsuySDuw2w4k8iJPnym/8URQSUPk93akIrhzBtz5hLWGOQ+rHZEhsJuk/tXxWlFkWh8nPsY9vUw2ecK8nBqUgy19r+5+zhw98UK3AQ1xQCHFwAx+42P7i+Wh+xS2z6/82Tnf2wwuzzrkno8kq6uAB9++1/u9OXPZQ45e2d1Mgu1qjBEJXA4pZdL4B6wn3Vw82z7J4yFN8hOILIv9PuVL1g04QlGFm0SQVmkyLz47plcbGOBKeB07JPHXEmMx4DnrlQTzQzEYnSu0/aEEQzhxAqPidrLtN/2w5l/DkeP6JQMGNj0l/3viMIoYl3uR1gebW/SQjSs2HStg6rJOxQu1G5MSE7H37d8nWMhKIJ/g1/w1B4FciKT95JcOWbS40l+9zl813/dpIgm0bhnQpMXQ9fHlnkG5HgO0kQCpY9yy299pfxDHA4NiPxF6uNlGcGfxGGNB1jNBWEs8JNYKkhiTAf54YMtJ4L35o3xXBEd+k5sP32BH7y5d8weOSe5HWS+upjGD+WH+CRKRCGrq/jSGTrCxqW6+L3ARqz3ozAEEUMInP0Pw+LLNzs8PeF0/fYqgGvGhj0d07hKA7O7/kvceS7PrSpfY02h4O4qeHNIUvauiLc7ovS36pxdQ+1z3379bEVIrNFDEPnG+ciQIZK5cK5EAMrjZkYjXnt6ng/v0EqRfs0ayznJe47u3kWHYxygYvpTvQpctvN9hWgl21/2Lr4G4RfBuzLJnS7EK8NvxNfavXnzA0oUlZVt+f/tEd78XzNK9ZkuSLFwz+5Lf36++XuJKkrl/mUqxl8aJm720pno7wqOg8pvd9KJ4tfPACT6alFg/UUrEo5urcl/VefMLxixwvgBZ9ekJ0wO5G+qt3DLV9UPUpnjwwQ1jYUiBHp18Or6Qh5EOKLTvWryqHvQ6I380NhvgoFd9Pg05mqG+K/FROy0pfaUs7l9NZtCGvr0+Bbxwap4nlQyPkCIGtt6xcZH9TZg8Yv9lxwZEGuX9Vxa2hiR1E4/kyOXUYs6IROsXRzyKjvNERUbbgVC7iEWGOKZq13/C7OdEbRacz9JK7zePdM2CoU/Skn/50JA2/RVcltQB8q5bhZ+jcEi2zCQnUwxfGJzyFIHOz9Vw+eAL9YU0RBKmNGVgEo9B+HArTfLEkuXBdUDF0MYzPj0Z6VSsAfRMdD6nEMXEUuTdtYQRFcFZplQKhhaVLVaiT4cKDoMvb3KPRFzLp1RcCBT1HsVeXx9uvl5N0r9qz7ZcKqmXid8w8jth6KRkj3n8OvXDkr/X5679oqgIlYX05FFhrBTT2OvW3OmqX6vv70FYzUoz+2P9bUojyGUBcHgN8coy/OTvj9C134lUFTL/Gj8nMr1AlFWYBVzuYHQdBjL9Wccx1R3uw3RiRlc74ILf+raZnJI+xxuQuE17Dq9X7TKvAmN6y+/Dmqrr87SwnG5JnN+o3bkIEb8lLG/h4X9rhpkDP92nkZDHW2GKCLfTp53B5bJ59UwtaB5e2GyM8bV9KvZOx5A7EqNEiSqXJYVlJr8zCTUGOt+NRmEkZGkMp0Kxx1P8bsiZetVvS/l7C8msTv9Qut/+cur6XC/gwJn4+MAKxfEbfbNmLaAPvKgQ1o/BhXUiPNZXDO6f8q18Q2gvsrNT1oKOnmQJgwoMCbSHPNVioUBvtm0h7jLv2dXC0Xzstgt9SBaeapFTjveJWI+y3akK4q4o0kFlWnJtV52IEkeOk0bHuhMuT0VP5o197OuV7zbeOpnw6nz2/U4K3H/QVqBtCRyqjIBNn7LXht6OkUG3083rSjOtS0yZe0+K/u6n4PocJpzl5pNYITM7oBFJLSgXusQ1EGWJGnB9LPJmMoN4yk4x+U9YQdvHeoLs6lc7t0e6pk+88dhjevezcUijKY85U0tf8gEXz1jQdaypB+O+xb+ZcszKPh2xVuIr0+Y0No8p8eT0dkrtxRwVUrLwbIt7nMlwGY3HlT6Y/dz3xjygv8IeeMge7WKxQYWcwByyg+tdMAwrPFPouw+6472SbM+EU3lXPnqGir7bi7gXPrZ8f+dYL3ikjsEioJ8HBbmBwo7YLG6OcUayAE2rBMq9rtmviZt4yl2m5WAtrtHD92ogdthwj9CovTD8z36HYseZs4l+gy5VTkXBTld3sGv5MkmhoKGFGoai65emHEfbTI/IHaMGTlh/8+I3IbDDy0ma8OmCFe8+Y1mbozsYoSCkoKXmrrXY6gnbZ4zcCm1TuUtTPS2J5Rwk/tzDut+oYnhs6Pg7cna2aWPY7yV4Tx5qnyZ8wPk7WKax7UYcu9fiZ9Z7BjJBelrpUyuSKze2Z+dVlgFxjdJ50sQwA2YuIba+adnzR9+fDRdmxFVDlGYVf336kCl32Hw7HY/n6nq5rdaoQO81neXGB/42W6nvn9wQzKH8eNlcyAiqzaHfjFl9y8cJueZ033QGrTDdJJh9bSn4a17ak+6pO8qnc32ge7lknD/a2Ui/bQM3Qp/mMhf2UKimwK+TIcXi75zVOZziiYpwCR86JmR9k7nydcqG836sWvvGL3+hTqCVTSL0f3PuxYFhOPunmbBugFnQitqQy/CW8SDHQhEtQ4wjdm642lDSNFc6KFTW8iMC3mlnlJbRjMFgFZP9NuHdDvt3la+ggWEzSFeiO6RZrg+j8oc/B/SXRGPdYUdauXY4oVWLUVB4GyyOxn4bkkKvaeGWyzJAbyzbGUpSsWl8CM72UaLGUsdn9ZH97JcHEvnWRLxHF7df6Ql4oTHh/Lns/kDZ/TDQOoaNMONCUzAy+SY0741yWmaAGbeYNpD4eWm79V2MOb75kT2/eq/vaj0+2IG9wuezjCuaeFMEAd2vlt83H1I43HZcFJvNRoHG8PL+8LHX4YUqYjkib9TU0eF0+fUazKR8INZttXKA4nl3xvq5XREf3wUUUgULCMkLKgC7hI5t+TaHfpmpc5LhCngXrVSWHl/TrHX9zE8dpb6KqEhy64oiPo4HSaOJIDpC5y31ghTJjGv8uu1Ls9UfBcVJNP1opTl9wHTQOeW0L/MO7SlAenwQe6Sc7RC06ZufD+3Fb8c7byy5s5DWVh+C2GZxMo7L8pmBd4Sz06zzkT1gVsXwQhpSj7xEdqwdv/a3ezACajZqXOFPLeSu35Y30+ytn+stzIsA4t2jUwldtQxIQbmltrpBZ0W94ZUWFnVskFr9yYGW7ppAwUdLMntPF6Y/1u7QFvbE8oEcaAWaqT99EQKB578dvPn8Jof4VGURYUvFD7n7+5LSk/weLgxGt3mnJeXBHmi1AeuJnAk/TMGUTOlITzL4YDOgOvmZgzBk2e9hEUiON8dMkpR3oCyBhj1etTwgRYCnFvXVFY6CtNMyR4L8hu75NetIc2thb7y0rD+SjvL2k+oaHTFGxYIR+JlsADF7QzG+30XTlZOleAAovOgTeTWacNAsn8ktGrVNyohMi0GKGmm0ialCWg9ZescKCX2kgvO65uO3+I10by1n28HCnaHmMIwT5hAIeRImEo+OJvDidO7SjMoz3RF+k9IPjUyUUCPT+t4KXNBDJhI2g2d+J4FhGTEYH0d5+g4Eha+2YpHvY8+YsmZ44PNzcMKp3QRReZQ4VUqL2Yn+uozT5l7WOPKpX/u8NsCc5Pn5CIsh06hZqyi/hsf5XtRiLHFNaQwh1wFtnFlnaJBkZjqoZkjqWU2h3udjqRQEGZSXooQnvcgdFsu4t3Mnyv1Enky+HTWbZgId9msfvkKqtI9uYqtb9vc8z6Bypp/sCx/jRhOyTPKH0pQ3Yk/CpEXC6f2F0ELjn0fl1/0yxNDiNFpte03xdbR7nYbvzF1Q+W/R7oOdI8v5t8FqrfcSUm3HtNJ+lPPSoJ1dIvXPDKm4BnJfB8vs8k61tHkTQTBq1MeJxc09eflbXS8hBd4CgYfbN4IuH2bfFwk5eX3uebPJptth4S8Gzc+XqMSebpYNYLTxczSbyQxRXjmiDGbj7QEHcRz8ocB5b+wr6rLPEfRXKlfRI2Lq7oidZOAmPt6wy3DLtnI0fMr2taTG1UwYxZr3aUBypg77VG5SJqVEwnb9VhTCgoBkFLnMDxLeij4m6UdmMz81VohQSZn40ZQuUVXd7pW3Tz/hSabfuXfCJhTlhfOm5Panp6qIA3qnrN4wCdV7WjOzF0LF1KD3HaqadXNNALMLjT1zYFnv7OOgRdm8d/qTF4h+dHmdHz5iREAwmzPBLTH6scZW1fyN5DdVLMZzvW8sfbyHIq9X+3lCqYzuh1g3e/qdqalKEinzPtc61khbaI/IQ7XR5l7vr6ob3svbFYdSz6yhx2BDLXJ8zVOIMep0FjwvCixfigHJ5qT2nd+czTzHfv6qgDDW+XQHoTyR0qKJMrcgSBW7YOCc3e7u74T+TpL5tA/6mLEPgjTTWww/REsFGvLmnc3jTp+l5gxEFmqn5vpbOD9kgsJENGw4usERsVJA8v1Sub7/0hauexLhMY92OylOXUX7M/c3Kk1qEHsHEcY+SzDU39a3sau69oP4bX0jmXquXXFVkN6wyMH8bXtMrlAAjoOpvV+tQzXj11uauHhNNeh7jIAVNPybGRR4ypK3PQvLYMSqqrRGK8jNJWUgVOSqe6L6ko41l4bMZ4Pz4uleC0EO00Ic/UQ+o0iZbsGrWggrfq6awM/Jta+9H9PB3OztQcfxXawRzz9VpK0NqdEAaBp4XajTrm3BAr4dG4sj5UNxqo5HXORvq15SPtoHTDRk352Px8JI5c0Dkvu35jwSapu3VMVT315O2r/Z0B7FdqqkfK+gmDUrYZwnpj2HOSyjbZQ3xjtGlQsIMkbnyNUdwIXJJS2/daxeqTdjRS4x2MhM26AvWcdSFNcQ+HxaTF8ZToZ5mekjohWCJjxNUiJsax1h9XFYzt37YxkNahFc/DUmNCXpwRxwSBNB615c+Dbp8NDgeIsuA57Hn2FhCddd/fzga1nCEQX5PYRPzq6wS96tJgQ6FSXzLu7f1KzRXoiTc65CnxNZzUj91GdpZsdve3sfb3oLrq1JZWW1apZOqRLCxIQo/BbM+jJe8LJmfM34eI7KrwxbD4EW92MyQJyV5LMwMx0eC37HjG2Lls06Nj2yz77uQnPh9ihjE7+ciEdBCtjUETql7+AJQ4Z/lpxekWP9kLjOij0r+PjPyZN88uTf0VlGPbFbtbVc39l2NdL4Azs+/TFviePpKXyj/jcrnv3KTT6r83eD1zIiVtrbC88+fSfuGL8nbe8l/SZt/SbUoCmHB9nNz6Zh8ywKM0IrOIPkfA1w8q9cfPx8fD+pklEVt2OHy98taqsZx24cwruG+4GfFRqmxDMXUf/Nq7fE6z4Ll2p9XSUn+mqbyxqpOdaZ96KNK6feszlH33DG3FX6FjGL4vUMomF6BXfx+QAgJnlU+p7fRygG1dyHt+jlpk+wjVZ2w2tkHynwJe2QIiAXXzMql2uwH/RgEwfkatMED9SFe5y2evSWxcBXujw9E8GrOD/YxrsgMusVsFe7eoW83Y9Hm6db0kmXlFPo8sWMaADcZkpensW3wRTwIx66S5Zwx+li1eJwiYF0YV/c65c5rGbiFBfRt3FVNRoowp2KuW/UqZuMc0B58gQ5/3ReUPf0ER08xcoSUN6dJinZwVARb/GF/jv3AeveZVCnlXL2z+otOu/LYjdshP1UmFtfuR4GokBRoqWHWwjj+FJItuzQG2Zm1ILFrfoiinU4+J89qeZy1pgKrzfeoXaCn2KfFd0hKeJZ75LcPvK4x3PF0aFZczWRldb+ma7+dfv8i/f86cHEWoxqStth0RlAOaWlw0qpD8KLQyOan64/cD27+dRjDKeFvm3Y6XL3sVl7EClIywnDsNyc1kLHZMZ6Q715WysSu7Z4DVw3Bn59RpauTHU5V02UzJN6hL6fn1i27T3j3FFtLw8RSW+be8RpP1RoabvfKrBfaqeGAFxWba4ubPhK6vupAR7vY1C03e/n+alnDRDd68Uo8Tski+JpLFAMPgVT02uKfXBIYUU7jUhX2yG5cdvva3OmJoWknE7EoZ9+ereHKfZ8/LDcKVmqI7GaWw0ibSN1h1HlEyq0vkufErOa7ZRbzzoUHnJNGYft+Qjd9u4HgYsWRU/EhhEqszANrtgXv+8MrTdzNlD7tr5UQ7Vnr1fq2NMVPi7Owpx1iOPNkw6mzNrONblgQYNSgPizTKicJqlb9/mhGY9a8N58ZZgFFsaNTuPL1/FhUMsDvMFx9mTroL9UA0idp2REL9R7D3CgJDX5EvsOUV2Eg4vk7veKY0NDeKK/N4pVeMrQ9OyCKb8msoSQfP6OqVinFl2cLEtusa7YWU7uS2E/K1JoXepL1FVnjDWcm5gktP5Hgx5hmv8Ot+cMPIjWb7b13/CqK8nQmPTxTN4TvU1ZpEGCv/abbA6z1zO/Yqt2BMCXfPXUvnLCJt+C6vYqoPoEpTgPGDCDVAOq21wgcj5D7ILaJI7ogxaIt19/ysS+++Co1eqluNQ7L048CZLbppzPqk5Wu/4GmT7I1xgvzfaZr7x7iS/uJU/yc3i+VgK5maAiyfy6qiE/smC9VXwJMOEBYM82ZsttXjdpnFaULBT21CXntd31R6RcHoPd2j0wZMzQkUCeswanqsQiOBFLyCy8xm0aab3cSlfj7X8/fBAQGxUfQh/1sNvEnki5PWOCgd+3jGoaShVtUiuLYArHFFkYzkj8z6ppJ/U5AvHpi16je6/0eHmvkYjZ9+nhDu/xdFAa7SfyMif3xMcRCM/oXZp0RskfBLsstB6WVHmg4ed46WXNrdXweo1n5q+CKnBSRNPO24YrSTk6erF4SHpdT6hxx8qPV4Bifltx8zxVG0fLxgb9gXKkubLkgRWkJ0Xa9IiJVt43A8JdO+pWexW/OrqLaFZTScP8LXMUWWviym4eOXW5frtSu+VeSyF9yZsvqZdd3xe2Io3dSaGaGPYn+Z68bsuferivUxCStjN1QdJOuWLpy1IMS4HbMnFtMa+maaB54agHgW70ZJMoCEfhEguS9wDNFsYwdWd258Po4iT8IU1GR8YFqijs+dlooC8CpZ5UZRGtZcBUWvVHVhXGflTauUpm4SzJkP2qGTWrxccBOj02dz/jtOYsVd1qHsLUiuz7oLgX4SxwS9yKQd6FJrq2VCnUdC3LGp8k98BcK6piJBV0t2VfL2PJF8y3Je7aOD4lTmRUe+5VRb365vT1aWJ1WdnfaIlduuzfbP/6oEwQlTwmrsLblqgcm66cSbrx5WIFYrr16Zl6xBWaXp5jBGvT1OPd0O/Irx3XBJ3q2cmLqbdHLV7Gq+QDbiKTkeIQ5QV6Oa478ewKm+kU1V1fn3DLQ22nKjbY3c/3HRsuad7rI5gxYYk0Hn8CvdgGlhXmmOzC0Ty4Xsdy/P3NfFgVX9gsYz9lU1KoajlhYpgOdCW47KB4LLGa7XZ2LuzKNBGkx9k6Bs63VFLD+YpE23H+8Nq7p2J4Wkpab6/3f1WLWiDTh4Ysd6wHC3U9JVSax7syMuO3bCD3i1FCteH8JOWFHhKNP0YIzELr7Z8rr9UmPl4tPCFMzPL1KRdDJDTsIPdE/4RIlHe9MWS4SKFl1zzZ4IsIJP5JDaXj2MvWKT73xuG3a9C9IlX5Spg364fhQTcqnNwsqVP61CM/sg4Hj9N9hhr7w+FNB5C/K++0QfGjEjcfRfxH7GA4z+HZuN2U451+MmpZ1in7O8AdXCLLzgS+bFddP9R1U99MypSZuZqiv1d99eaNuyYeH2G4W//FRS/5ZFlN2Y7cBtrdHoK3gn8QPeiCJ0qOTMvQs7n46yMy4bTIsxAYILfcQ4jIT7fMavS2HYOwDoli3wJqPW93DOLWpJlKS/NBVdHkpaHSoOqoZZcCz+T36NDp13mV3IOgn/cJSEssyQn+bpsQTh1/nV2xD08Wb4W5Nqn7mms/I2ZalGfvj2ZZ2o5pfdqT+nIdvrOclS+PU9aE0n01ZYDlPjkUg/vQqE3m5mwGw6K9r88wOuHS8newsh6cWRgfmCd8cawcHIVa3zzeOo6tmJerCh8k3c6xkmEqxBaj9g6Xz2m/Wrj6i9sM+uADghE3haN39dV+M0WXLJhbRD/DVKNKn36HuHkoi3His2eeBNEIRXV6KxxOT+9lPRAsD0QA/fKIBlpEiS9GBGR5igqG2+eUkci+am0rgipcLelVSaPDV38KKLVlmTjBvYnyFufK56+Ss5uZauwd9Xccdt2Nvx1LrneChber4kMKW23dM0+52MfG3SyCy/dFVknXqzEDzaviKtcy6pr58ckiMXDViqp2hHnHCYZ5aBWEYgGnEdgX+1f2mtGnHFFIYoK5dLiAFB4p5xHPpVXLsoQLWuG//x3Lg1GS/LfFwSj2+I+VwcR/szL47+/9P1kWbL8a6bSEL6/9ben9oNqDW/kb8x+LgPOszJ2/Xo7LWo3lOMTd85/vcr+1vnDV7m+d7j+/o49wba+AgDebfF0vp77hReJtHcFb1dp3f32an/Ua/svfH3ip/0H89Uo4/7ry78X114vvuoxt/i8rjDnm+WCJf3wS/NWBKPzhALrmHzeAL/7lDvDlP2/xe/X3e/xPB/g7bkua/y+68a+11Gu8lPlfPy02ktF7/cm85oXRx2g9rONvfy0Nh338vzSXJe/itd7zf2vFfzf4f/3UHmvQ5H+YGY0+/s3MMPK/2M+fhv71q3+aELss8fUvX5vgF77/8/sw2L/fB0Ee/3q5/8vvYwT5Xyz4Twv+ac//6JP/+yaO/TcL38kOjBKX1fu/2T45A1EL3gfOvP4t/rNgHUDEA+D+mi///Bz8Vf71/991ivH3kEWc/vt1qrzb8/U3R/4/++l3gkdw/DdtgNf82/fnQbAJCDGd/3mVKwaOeP7ttzb+b0te1t+fWfy5NJwp/V393+8IKfmvvf/x9q87/v7uf0EF2CXg/aOq19yZ/jzoscTTvzs2vPDfsQP537GbAoX+D+rft1PA/xMwEQr/T8TE/t9CTOL/F/so/KKgwvLsB+6n8MhNl/zFRdnkHf+l8GypFGzV1r9dNLrDEbsb/h45wLezlHvVdZL/ftA93n718FCmz+SsSnuPzbAM0/tuizGz+YRcp/fMFRH7ZnOgDTzLOt6b8+U6pTKEeki+X+TJST0MmXMkQUq8WuKf/ujZ7lXWpn/zKlB7ShP12ko3z1ztNf7ZPg9AIh/PY35EnPb23iantIiXva9xLt0t8Bz2bYjU8bB4/p167XMwxz5+vF5PJUdjm4mt8qgeDLVjQZ5f+y8z4iFL/Cvdg1lhDLPRHGhlhBio6O20/Fstsq7DSgTIJBcVWN5R5RB0H6d6Y2qwqtJmackqz86pjoNt6zdygT52fE0ueiEXvJJxEiW3OOpjCjc69IycUqmPCgqNdZm2hTLM9npNVnNfzkmsUDUE9eAGlhrMLULkjI8Oa9d8/DOp/V2y5Z2VsOhApJ+yYO/hlDzVlOtfOPsISJxrpWSPuJvO6M/52zstmrju4lo+HnMJVuuc2YEOzIC9WvrhetxjO3D2Ekxk/22oBFNdIvXldWJFn6sxGqypfpNowtjH/v3KLaZoj4uF9zpidi3MQaXRF+vxzsTiEau5EdroOzfFH/tep6o82Ed/ELWGZZCgFlmpu5rACk6iw4MEuMlDqeiAh1Oc1BW3fvBhWymCTJGjKLKwt8/RZ1QFbtdfxDNiHx8UF3fTTvmumg+uZeM0lsrguGlppmWbK6kZ7u/egOefXnHKRmxMDwmL0UXCeuv9KfmX39XACGHlhdfOPdmGzmd/OiUYZdlVWEfVPeVlseqzzYwSWNb6qsDTts4bPPWzdhD+Kfx/+92KfD37vNteFVyDRgiPHe6P22ECofaq0XqwroGnSoNm/YMvWIHwnX0Y+A++xB8cjKai9VfJYr/j1tmBtna2wB1+6JZq8Frh3XAlN1XpY2TNO7EPe/Bomz3x7yBK3SSxfCtmnxJ+Zqbc3nVwQn6VRNMJ9lZpgUfcLSzHVhl1rV9EtlKmI0/HDZ5CI+9TMDimeH/wNXpfxPukWvvFDqz0MvnV5hoyJ56Imk0MZhBwtqg7RDbokYRAoGD5LabyDy53bAmzdq8mxcNiV3NGb33jjnAp6xrm5QbUDXM3ba4XWy7JJPIv7nXfOXxM+oJzLuZ29lN24XwnRp92D1kR58TtgOVxJs2fU/ROgO0rCL8OrPby/XYmnm7FYAOWNicwsglrycLc3tbsG4fg1O3XwXm97GX4hT8FFkJx0f2RqZTbCoqG4p9wz+/M9X/VK9YWYVReN4f66HMrZ6TJxIEHckgklm4qXEccNl/7VyW2b2tRSnngVdH0iLXHA/iT94VH24g8f/x2qKeL8sCfa31/3LXgPkAM14jSN8CaNJfqcqdCOOGQLRbHhad5rbhm64GXdpsQdHoIsWzt14+jl2rOi8dz5w8pSijNZm+smz59/QDXcbK2fxW4noNYIC9R5/arqGs9Gj2SZ/uBl/AioGh/udXia5bxkAru1XeF9JROIn6ynuA4v+mgZ1PaKNRh9Yuh2YSfO92cQpEMfFwABt5+pqk4fJp3y3ps7f0l48Ont7VgKAWFB5r3TfAya9G2ogrY1/4CmOfaxk0PAAz1W9PCPPR2XE/5+UhiXaDKhaZaV26H1w4tsO8uZzhgpeIpu8VzqGYt9+7niejPLw68bua87ySX0NASWuX2weY+bcPCT97gk+jgGDvTy6ZtTmrsTfUAWBwnkRXp085RJ9ARpnI0Htv2n+8VW+x9w0sNOPBGjt6m4oZzdRreWi+jjONI03xaDBudG8OPUPQkjz8anuX5qQyke1S+vWVCmBo2Flgp65TaW6qGrxwaFr7Aag+4c7ZYg5YtQZzMcP+AzTNK7dU79RDC0lk6zaMqK2EMKEYOnXIaPKU09ZsaHsDQhHd19s41dF+li9tl6WAfR+04hcBe5KH/uL/S8EKBIXJSAbrzDsLsuNrsMg/wpMrSBwvQBNFToWjuW3qS2Qi8ImI9zvFIb7P16SAkGR1IJZyDVGKfw50askLczNbWZNvs7cpKHe9kH+E8rKQqC0/L6fWwV01zC2umMrHdQFA1c9b20pRoZGFsVTVGWRaEs9c/4iScGoXewOFPtyxyD4x2m7+aQzYl2VIG52qLgRyL2c1yduIkqYS+XuP8nVsCBzMO8m9Kd8NjubJg0oxACdvMuIs3gXm/zuYbWRLcJUrcH+eBmaSJJSQGRr8JQEuen8+y98X3Ew9D86RXFDyp1FswyllGceOwupIT0DeGPz2XodQv/EQGsWuSn2gCKxELWxNyhjIK6RDQXnvpAFngNVLjJZa3bIZHVrI0nBx1M15ELnjnwj7gUjsxs+jWdtdILQD3eJTl73fFufw2+3n0ZKAQTYitENU51mJNgwrfN1WwOof+4z0F5z7WA8aGVHrxbZocz68c/QqBf/uPm5qI8K1Qwgc6uIU4LtZ8/p4y/b7k8ryS6dP0ZpE/wHvtE7KDe/eaAZYhtKm0p0t5wTxQWr9/5VaQ7oD/XjWTjqyiYPccyTZG2OdvX+DLmnQSXYvZwnmMnSLJYDlFId5OUko/UFSOm+jr7vJupvGL0FuIs3YyR4XRsWmKcGlpnNHbtiWDly7EN7IREpyhN1tv9740ZDT456IF+5dWp8rtqIs5PgHHdXgDcpjzLD9syWVWqpydUcSwoLXej9pp4xZYsved6Zzgg2BSmFKjuQ1/4DdAR/YxTn92TeJeK8M7FGunnHB+z9/dQ28i0Pa1OhlyQeIygxjI/Yos2k9GSDaXPCnnJmVSTz8wz2bZj91NFcArsWZne4tOQHx9IMegeI9dj0M35MfrSvFqfTGwx5sEIGq1AicJWeqBvS5SJ+18WmRghKXz7clnOA+lyPbA8KL3fmBla63uoLoPAl7z2rXEfJ73vABsD99GCrPVc14fPOBLb8KWhZVTclIMK0cLwi/XGrqS9g3gGfB58QeNCDlXAJjESpPtR/YGvfx06q7g9MhItYYBFjzkafk8iXnBXZ/ubUmwaSESdsrJWGC7i5sbpng2pWD1efWhsZfFJIGROcVBlL2loF3JqmzvPxcCYjjvPk9sI7wutzPp7KuVhNWX3RNa2L5P0Q87rerTDqwJLJdQlfTGvAVJUu52rq5hzm7UvoPNVgwsAtFg/nwW4EJFymcAKw/4z6MFKG6Ubnx5aR0e02lkSYUdYxDE/Lsih2A5OKwuSop+2EEKoKVT0lo43vEn4Vg4VSAJ9dnJOlYZeXrrQkmdVw9nCD7wQ7h7MrCY4rYrwwkrQWEfTzLw9iPJjUKswoNIzeFak/lp2D4mrQq0ikOjIZF+bjf+Al7ImypTOhtbktDwTOAvNQ1i6O2DpmYtKrkQtKwPMcO5QQYDgin3B/Um+0l5ghHSjE5UNw7D815etAKu6yl1wkwtg6G460VoRi8eIg1X6eWwsJP5nYDeX8IUQmZfXr4341Bpb5shLHS08Ylq4UlCCfE7UumWOvjtEy1rAcnmYtHs3omQ2dmj2TjnhPMeNytGKx7y89bt54pLN8TylA+M/Slbj551U1YvI+NTPPYCeotNAhODbYCofarBk23VSaHLpiwOy459YaPwp16+NvZ6AFtEKP0VKbQolE7O4siuu3BjXW8pVTxPtEcfQ56NAP79wkW9fDNzYEcoLutlgks7ZtDCr2SbyovjkxVC8UWl/aeg8E89dM6BLM4KUac0Vbc3pFJH+yHdYW47WQ5d6jo4ZMZ2SpN4fNgZ0CX3gAPF7xe4Zn4p+u/MiOcxEZ+IMC8dOSWacxTU9xocTjg/ixIugE2y69Bw1m3Sw2fm+wAa0HtOhG+zcBa7pTj5CPLnZyLS/U5ad25fwM8nu5pa0WZjssgu5qa5gm1DKgyJsYB48aZtjyEsjqFJqsPhrBBnVqmzdA02IortGqwjm4Gz9E1nqzWuht4G5fE697SwH20aPmYiYgC/17E7ADyYrQaUb2oYzxqM9kNFpbXJuWoMtOjtEMBa1ycv5UeaCvqRb7JtUd5dUTi0K/85EshXLIL6tkBv6tq3t1kpZXcg8e4N+y4SvCeMIJ43RZXDNsv7EICWLKv1IWDHi/4wJENp8FpccQJeF/ZAA9TkB2hG7dUByiWX6cYCrUpBToPhgsw9wLfQ37dSieBaLk6BrmKRW8bLP1P9hnUuhv36xp8nwYLmz7xLsTL92/3/onOkbwTE2Lnw/G3azjjeYP9ar34Ba/HImpqgsF9+fouYxO7IqvP80shjVE94PwXezz7etPkmmFs7XSjzNT/9rZaSVDHo0x5IKrNlrpzmA6RmDghqc8zMDiHnLiVQewRUFlTvYaQObJ6yDbrCMq3OFoqbXNMMSUrO1LU3s4Zi4ewuINIGorZt2uVQCyH3UK7Qr5idrVMObmrP2S20BnGJQvl32NebEBBVXoNjmd9U+ooAuhutftg5b9/UCc+QFd8i+ts31/tTv5WfcFonTbj03DEaFuCyMUA6Cj1/FSlzDhjiDLCHxMW7nM4ZEo1GPy6AfjyUel/58ghhKBPaLPuw+C0zPPrUe87ENxSz2V8Bj2Njx9Zeqk5z4dNOjpBOaCkpR+sB710Kwn53Y26QqFRkaHIDpq3arUko9CTBK+xwpG6gohWyKyizeW2FGx4OaIEerEQ6qeYhbOzrStZ4X7dRJjpaWaQsDjYYEW6vdqorJcTffFgCN74WLVwI2Sfz29OAtQ3hxpzUOqmpHtcTPdmiwtvBcm39rELAtqEeMQh4MhYHRojZQnt0cO3tXDPiyo2rFl8hOgTRlYcUklPWPFKAODB0YItT7zbLcwC9e9srCy260614r8ho36yufAH1fSKocJLdEG4nwbxLGivMGF8W59hZr3QdXdmuYPCg1caIbB86439FCf1tN8Eahul+DNOHhI0puC+uj+10+RFC8duqaykbcZIzKJ8sEguS9i8EMcILwQD2A3XxIod9IwVpgmVe/T6TNrwmuPXbgTofqRt1aIfc1bG3m+7QVi6qNHF2uHvg62c125g8EjEpTS+ag0r79gY0AcEwqAcwYtViGKmZXrgcdp22xd2JvXKfYEFkTfl34+37g43kdiELqMzdtr5cQgERvnhlvzWR1i44IH686zvBWcgo67mT2YDuzGnRcFrU2+Y6HJcytWPRXaB99ZfQbpdD8O6sNsHK0LCaVsC4UssD+hx8DF2FpsycPMDGLX1aTkuoeDiZaKkCPmAhCj0082cpgpVGmd5dsgIZmm0CRLtyke8Xlvg3HrxmvYAopmwm+Zj0M3597Q8LbpwSLFVr6wgrUWzQ8wdnBfA0R0mGMZDdAwQzrYMxLXYmtLQNXKwagm7KFaOUf3slVj9PzHck/SA6rHl9Fwtmpe+kF61xveLcIh9f9eZangTi2HZ2dcM16yEXv40GouMp68RcwkQDS6ujNVGUlNxw/Z/oNuX4GPIhf7+FfNV4mo6AHgCUIWQlXJRNnmJeOedPkbM2+W69I40pk5S//+DTtv+FCFPqI5MClAii0x1JDnBDKuPcICJUOmL9Cq7MmKSeqvqdNrL7wuxBA9etcE1YxTjEgzgWAZMQMmcHeKDRwjLLK67ToFf2D2rtpXDzNDNi3kAHaDUHBe8Ds5B9gGlgmJf3a2DFV0co6StBKzdfGVjux9X6riePpdleYBzqBIyOCcw6pmW3rrvQlPCleWN3yY/ao82H7Z3iFuy3e2efuDBs958YIqLSQPfun6SkdQJ6UTZ4rqp3e1/0Bzw6NR2cB9R/DlkUVZMDRNweoLUMMCjr7a1JStSIu+QwrWQQkyho3xLLP+jxwxHBXfbwM9LaqD+ZJzHNUL+1XAKRaH1liW93sIOU1Q9yOZ6jGviRiDoPXFhiYcdhjFvIsjRgiYGZbT+JlDk2Eq37qRPvptxqZ1D9IfxqlNcJBhu0nSrMxqY1W5vmwzIru7b0Z5qRXmdFR8wJH1QfHkiWyT1x7mEXJBZQlGvHvym1aWGyUHivf19SWpog4twN7sJJG7x/E7AP3kOBJMJDSfmhJQDsQNULcTeCWR7tstU0c8UPDnrIni7y+7nMO9hQ0ms5hMWSZr7SvN29M7vDtQZj9HIB0o6kE0ZAJ8vlax1hTIYaQQ6rScu98Rf9UKdusc7XLLaDqUfxjT7orinL+lXI+ufupjgGMUvXmEA9WIxNgYUWd4a0GUM0+Tob9v0VSDjIejeR+sABYLfcSRbX2FVzduWcfrPXCNYE9u4OQGCpN7l1nJGsQ66I9lAeu9+GaF8byJ9RC5xIT9sI4eF2QL+F/7QwsE/6SKFN0S/one2VvYpHgZn8DQCAn1UpbdEYAVDZPqKDf5hA8AjRCSEGpjQuux0Y7Y86Jc8hQLi2Rb0+l4eVxBkDCIc48Bw4ZlnylF7suvOO7dr/BQ8U2ZLL/b4kjPHev+NmMvPcAgx2KB6rKqZiXXtQi9PD51CCgOBDtge0RJqg2w/UCGmCmUiZG1SfBBp7ANzFvCgmy9mHiHdz+27ZVeUlCpsLh0Kw/LEW40DBr5I6+J0PgD1yGbz5rJg8NYiIVft7GbsRDwFcv9r+igk9ZLMf5hfcdIiy5ZY7Nktw/5CO+7X6XMe4G44uhSW2bwSYxxqIRayDpq4CDzEmg51Wy3OdbO2MqxkkZsgyfwlHVkaapcoH8LyFTDcVyMCYfzwjIIiyHxa468FnPztrCoDZmm0O3A55jQCvuai/FjDyC9FlQP6U75D8QQNsKppWGPVOo0t9VmYsYH5HugNtZjMXDe8utv27gCrphwmksRk7wuKgv7OzZU0uU5nZynOFmYBFLUz6porNIoOeA1GXNscZ7lTx2zTlKbXvPfHPkK40Fm3nS//20yEHYKQPPYv3j/CCy8I3uFNpZScStJqKgIlAv3gbKYc4HmF+Z6IKgZmyeuBGnIm0vyXwJ0zJvLOiSNQzdNBKhcmPYW9pzKwJRix8ZpvBjcNQk16At6oK0xKHWCgxCiGTyQ4L8K7zptfYkhh6rBC7sMJfX020+u0ip4i+gZhnaRmxxh3Kgl9uI0PCw1Y5YFeJz7fbae/OefiW7SRt3fWhAW4FQhCAAOIwwseQ/A5vWo6207XH70mlefPSwZiIoCnVzMX8eqfYKu0tGIkAANQxiBJs+5gQZWAFWr8l4nfak76r1C9VTwaDLOToKDAuFjwAvZRARO55x4zRXcxfHfjtcOXWn0OQAe3aD2x0swRWLNPfCEHiZ/tGlJ0/79dmv4a5+FFlSW+2bnpDDFt5h1KLNiPrpe/+YgTCzrIpbL62+XiCoIYdML8Fb8KjpeWlXS7r0f1AQaPHiFVQwGSaOXzYFPQ4J5/CaSYWoAzIpX4ls09HiYAtmWsiyLZdECVeID49VFiC4zg0zumxu+PFaQI5yD9LaM59Epa23Irgscn7kw9M6W3uABravrAlHj2cJfkM8OzuAAJFAVzfrhjcd4ZuBU895YhGA6hYUgF0KJSO1sDFWhwibOutFtDmWVc7LNlAWuClMLYsjLu/xTvfIJahD9XIHIaiPgvAgovsQy4gZkAJ9Kv9suiMg9gdQTQw/3B0QECSUnlA1+zG4MBWBJYzBsxGIhXpWFxMaLT57TfAaGZAH4WRBexSFmZo2GtM4TBEVsmiUCTUAqGqCr23tdVvTsF2EAQChzFUHU5NsfIFjy7jHQpIFYqL9kNOjv0wcDGsNdhzXIAVbF6UC2KHiHwwSlJ6dJuHmwPgLEDeUCMKRUSVP9jauPeP5ctIAIl5KK25H9WUuq8OwkbfpKNIcxuaAEWFJT9LlhExgc+nL24C6E0yx0XYIhHPMAa/ocmSg9zfg1mZMxXUsz9+W0LQHM87y3O9tIFl/vTYa0eC4/WR4d9+nWvMPuoUBpcl42JWn0cRqW5LnksgpvpV9exdhxFQg20mNc0DSu1W73Qysn48E7Bhd1bWXTYvgARh8Kain8eyAyuPPkSC5YCzFez5rxyBr+4Fn7FC+M15vMi+qBeA3sKv13/4bQJMGGELTq5nBdACV0SN9Q9TnLK3ec3EBnli/uzQiCGDnB8BFfvpVgToeBkw8vEG+E22IDqrHM3qs7vCgnacD4DO+PEjLaT8B7hO9L5Mm3XIPu+7EOV4wqSV57BUnz5WDpPlEI15LjXH7Js3HGkaPCfiDz48OiW266/sNTQFtEWx8bKqEVabBphZRinrr0eaIBn5xH7rU8A/HfIev83fCtkHoFPmkBmSRAYE+/P0gF1hqoTzC/RI7LBo1m0+h0//6hhKQ/ZuxjUx92u7bhlv7g7ulpTYMtciALLo1c7WWNzhF6PAMGVwQlGaif3XSV5rjV+ql7MfL/CAeNaltfAboRW+T82xBV3NU75bOYzeD4l+DrUEM6ASbQ6AWID7jhgwuVwGIfIKO8Cy+2PpE0P6sOBZXmHpWhwC+cJLANy0Q9QtRs6Q7GLnfZg761MA/9ywNM0U0b+xwHJ6MlKFnJD+LxrhKlTA1dhanwj2E04x0pShLk77YLRYNfJb5HJ2LiY76keqBXDHrylzITHvuGvhbTFHmBkfjCizq9flPeqG1eAhSpCy3cof0NLLwoOIg+vBgyvmHkSGENiIhio0cHZhY12gpsJHlv0kZYC1uwSermt74OoWGEmGQ2mdznIhPEQWfil2n+ZAo4MH2diy3ul3f0s4kOoEsNwZWG4DsO5QoYNQy6+S2w+Gd8pDV1eYUwu7NgBxH06PcDiwA6ydMlGGy1wh0rCHzZYVzAReEi2YTbrtbx9HQmFPYYAzhrvUCzjEsGBZrskSk2zFro6wVz+s2AXvrO1SAWFMlP5V6YFHkDiMmbYXWuAvzLsxV4e07YOyTDrkYeBkENvrFGcpngUaUwtzN8wb2RbJXs9dyt80spW8/TKtiSAKyfydFlINXQ4lewhfPI2DBZKuzR0Dl20Ykffji8tu4x0+E7upCaflEGGG1oxu1exhbMSYaR87NkTH8APuzZbg3jqWwXxjDFDG30hZ1HFqdoje/YAOBZoMoh/z/FVPg3iTQYoOdHR9q3Bj7FKex6kP/pJqYQki8eTe+gHhfoYzowTovi/OFZMKTGFtw41vVA5P1kbwZW5kCSf0eNosWBrqgTM7PvzQ2dA+u7E87qF8WSMxxuHAQgzPCOXVxv6ZsBfN3U/JaVKeWH8FFMQDY3nAvxugZTR04NSw7ZnkfLwAg/ER3XYYwD3XLwMwKnYWNWkbaGUmtLIEphC5n5U5RTZYQkqX4bxt+lqRqcXNhEUrcLo/X9H77Nn3pKROgizYfTuMs0k53umP4dNZn4bsUpG4f/n57/S+8twiw1CRPgboc15XN7LGbvS306ZMCxYr4tWP407q4xwEK3+5qFxoZkWCqH2BOKrRbSOtydo2BmsQbiviz7uEMXx/cORApeufZxUFbUewA/ATWZ6WQxo6X8+xpNrM4wD8jqMhcU5WBMDIir1A9N/Q7nZ+v1TdXtq6Qi1G6I0xo8vcjVPjcj++7PMxQx3glsH6y8JW+0jjj0R2j+5+6QfVdTDy++kXRv7YYmPCSoceIoEfDqDFT2Jo7HUrpou6Nmo6Q6/PnEFRmPDEAjAq2My0LxDhG/UNWNYb4EeRrIC1Jgdwe/f2gRUDwmQQBDl4KSOswm9DLXkpryvrVKafPtnlEewt8LD6i0MKR0bCdS0S4B/tQsjtF1CVw7IANpJQkLJzgkD2kZUxa3r19TvgwNyp7iRjBp6bIrIF9K22Irx2+wH6JcQTYEU1+dvzVUanNEM74grYIeLaEMTt0vqnGq6ohQSaRdjJt2iqV2J2gu1nzBTI452KcDc57Qt4JEYCVvRVLEd+Thmja1MatOHuVbE2mKmoo2K+kPQ8yNmUv4xD/rSoY6t9yg1/olSfCtU94zwz9a97WJ4AHiiWkogk5+QDvSLYMxXomZaASXa2JJbmPOPQaxxmA54TtnUM+BgIoZlkJd0dg/+jB7Bq0DGgyx7ekAvIaaA0TJnONK8DH7bTnQ9XdtK0JPe8CRd3tSKbfu1+s/K1atHF2thB8S5Zqg59PmXNFeqzH+vCvHdI/XRS20ebpWfrqFJLMIwczPU9Ca1Nc1Qk6oA93udeYG3zh9F/cIABq5qqMvRjHbbvG3c7oMh7CPNyLMG1K4xSFMH+aW2yCchhPP84FGlM9y3McQ5/yGyBPR040MThxLQrHiEiMHfj4AS+QcP8t9dYN8PJIV50tiUz7BVmIJ44o2Be+ktXFjiHbJ7xUlUZtGhIhe7vOX/wuLAf5FJ/tMfAwkxkOUyQHD4T4VGCiHhlRESosqldlKHPCes112fjzIM3kg77bUgnKxPxpmOECNopEtoKlwCYMd/QBu6s9V1np4+lWUPs5bCq/RUIBgbB7WeVcDrjsZET0Lb1qoLRUr8gbH/tc8QZLWTrPPB6QN3kdPN33AHtz2DtwEGmPPLnCdaD27jmp+DaxW2qwe7f20hk4g4UEIhpV0IAP6TM+aDE68sAf4OdHcNOgwEena8sMMnH4jhtd/G2Rxcd4K017AeZiH1AlZRvlztfEm7RxwXHn1yMBZQMfaZi0X4/yT379hgRSYIycGpvl9nOGyx3UcODWszFPIAfcDbZ0CzT/zRjqZf+Y5xClEh9AgRKC0hVjuZvtEvzej9mcoUHi4qxz78EeF4oZ66HDGIotEjIib8JngI+3a5OpwqM/AcIBhgB4fQQl/swVfIQd9I5OBWpPYJL6vxPDhmKR19IYZ3nc3UsgE/ZYSOyfWXVHNgsSdhpO/+i+/19O/chGGkoK2vmikrEAAqdOxnPqEM7Zhzx42kOxKEoh8xflWE0tw/rT+pjAOzlIL7Q+ya7Te5vkMxW0VsnMOfyxoHux9S1bz4ZpurmA9pmM5t/1v9z929qwpdnrpIwU8MXJxs5503IQASsAeBe2GPJaAt1zsGXg2iMSpir2qF0wCU9Fnai4HwidfZuAjxGDbqr60RYU0Sb0PupnviH9zM2vdVS5mW/cwf4F1mFrJCyOuCUoAnqn0w/0+Sr1q7RaElp4QioDO3jxePKp10etXMuPoa2asFOTZM46j6ZeE/XdIIAKHadRnURWW6LwHRgModOMjpMy095eRY0QSE6zOABR5HaOAABv2LgSn/sSnJvnuzBHZPWDDDG4vU+skgv3F1/VXDmwS5Mln9HwnnaoR8QdfGhgIBxJltC2W6TYNz81VHl/8dfm/iBe5fsZ+nyFNZNUSaJO17vmMKKsXMqJNcgHCrjXAsN8a9KuZO+buvRO1/giPXBshzdqe8nsDbRCll11bU8LJCSTxsFtll99gtVNXP/2/lfu+B75a/2qa1dBH9SZZ2sr99WtH8qGBxEKbLyXayvDpt0cB+YJxI/s53fDLn+9bsPurH/J3vv1ew4spyL/hpF3PsgBbx5hHeENyTwBkc4wnv8+oNiz8weJ7OPZktHEeroXr1IuEJVZeaXVZlfHhmk+arSXKnDkYXdu5HanvuPCOv/SDQ2wbwleeT8pmrixnVU8yTVUYYpsCOlah+eLVi1qYeGUZlm9HWJEVrXbG2m4dzB3kPGjRQiuucGOBeED6Tsk3dUuLBkBl+lW3Sf2BvIqT+PBojJ7Q1SogAcPzYwrnN8bKgMaG1FyddD2uX67e5NLWW6a7LfEw1v7PaNLkMi9G8/l/2iLb9+91SyQXYe0l8G3xdYQKIqNK9IbEm+U2UB2zPk/LefeAtZq0lvB1OjgtxaqRVaRdk9NOnLKABqE4rr9befS4JbBEgqEjeT7tD3QRb8Q2eskIcsq0UvW7ktRb794TnYc06ojJDpnyrwEvlxDsCFYFlxN/EpN8gV1v18JhPQbQ5qIdtCQqlLfzNS7k4CSvWYviR3+bEVMcwxfDkfso7+iIurH98rQ2TQ8xgm3frPr2Hri4MviMlAFMMf+n73n8T0ZAx3/USamsPtl8gxYjsU9B9dP8F0x+j6bd7Qvd5QA17AZkqACPf0UBrStf+bI77/99z/Pfd/z/3fc/8bztXE4FavCQgm9lKxfv3Q/tI80cetZwGahZdiPBhmma/htugjov7QqcEvOjVGdzEsme9q1SGDSs0io7y2hDqMNKaWEv4AjX6r3qtGDIykH0lx4h9RCyPstkDoPnkvYJoquLgdrAiYyZ9/oufjtpIWTSLXG5hMA+DvG4kCO7ybnyk3p2FHje7c7hYnv7T4h2Uok/fI2Ae529CgMYAln6UF9Ej52fudmSPB0jhYOFoWi6zvht/28GDxGqTwscBD2yjHyy1+6KQvciIS/PETYSmp/+7/b+7D1uQGegCjeeJj4NcPEMwYGI+5xDB5KSBLY1baKLgNOP56nn2N3c8o4rh+soHDEDSwVdFpId6wxc5rBmJcklIAUiK9/e8YY1BGj91ZkN32wfbz7545SPEKzZVq1Rtz+fCNJpNEX/dFbRbPFwtwTgf2tl8nQ6fMqzDQDlX2xo1G2sSEjvyo2uoI2DsjM1fVGrXBtiE7Q78YVOazf3PcpspRoflImXZfh8jJGKEf2KzQN7UnDPdGb59E7jL7eG/6jg9WaZHUdL6mIpf4G/NXZBqZriq11JS5X2bilaF3BOzsAfcFIKpdu1v5id85Jmh/ksf3b6JMMNPfc2fpXHUK+mP+Zk26fmA6Gs6FivKX8QuQGP278uM0/Id8WZT6k3RZ6h+ULkv+q9nX/2rqc/oj/RWkPU9F8v/don3/vZ8O/eq3/x/8CroM+iZKv2MQ7f/jmvtGcTt8D6Io9rs07N8e+e1NfpVtTYBs698c+9FKcLDrpzb+/Pbw/lNXguPYj3Z+D37yZcmnf75fNa264k+v/9eSzX99uOqy75wAx6FfNe17cJnibn7fN/359l3+ywl7P2W/ffqvL09+yTj+59/1OYJRv/Q1gtF/+x3/Vc9n1Tx84p96veo+1a8e/P708fLrBv0xAV5sqPmf8+1+sfnu+rz957uxTQ4a8YmXfF7+1Tz2/6vU9L8iG53A/wX5rXTBf8LfgfxMvvBr+YL/gnT0P2WUgP9Evn7XQX/j64D//X6ayzjr959yx4tPPM8/E3A0+ZKWP334Jvr/oPeACZCHPqU/fwSH42TuP+uSM3/7GlxUfT4/p7Z/J8WfsHpAECmK4l8zXjD5W7YJhP7jYKEo8cfB+seN1h/JA9w8XadqAc3m7k7NfyLk+H9x/H47WD+N4K8H9desLH+FvFG/Jcv5Zax+zf2A/YmwYX/B8KlW75RK4xCoZWXPUOlYwvyPCNvfzf3w58QOf+Rx+HOqhz8SO8wb2MM97gmBcJZsINHJYsnzWNMLqmLZgVK+3x5ohmYnjuonvqVtuuk1s+scfWVtWilyNkSy01uuchmVUsRSMERICf38OWs/nwxSt5yHKp1jdoXXke+/im3j5zFbrromCP5RaqxV0LI0r2MPX06vSDatNNBhcsxlNPppnBhu8MLxy/W8gj7qBtI9odCvsNC9kgf/mxy2G16BGSfzq2uY+3hR6IKOPWoGNvkC/X7HMb/9DO7B/fq6YtV5HzP59Kdn3Pe4ovhvbVdqw1MwvYkkpQILdWplYKE3U6kkQjHHNvfbGbqnr6bXwHeLEY9v7jsyuwnu5DWrcemYxwv7o04xvWIO3cVwvc508KT7TSDDM3S99le9FjDlbtH9xqcp7KdRYfh9z5/vgXu8ct5vshvu3fqmOPQTHA9iz1PO+zr4UQu40eyHcf58nbKafHNfJ0C/HP+Ep85hx/3d/SxwP3vX/f282/X9Pqh/Pm8w7hlwPxe8gw/ug7i88n0HA9rBiIHnQKb30cHxu+0/PaPADb84DBc79e+xFPQLfh+DHrWCm+BZHIZ+r3cxzPR+3dMqGksfKHKVzarCOpcE0voxA8FK4b9lGf7EjPwVxoLCfk81g9DkH+3Fn5iLn7/7y9UN8j8SO+P/i53/wdhZj7tb12f38QYsZP8/BpMRBP+9JKHQn7A2YfQ/hrXpT0UJ+0N//Bfy3P2N2y781ZE/57n7hbsOAr7Gr+nr/h3yuj8oTBIiaeo/TGv3p732E3Xar2nt7Nma3azprGivPwHjQece/Ny7fzGt3d/LRodgv8WLGI3/et788XyY+rfO/6f/LBvdv9Wlv9LpXxmG4jUDMQXQpy/m/9EewPv9BpQVf5FR/p0HgP+JHvkzd/v3fId/nQcA/Y9TJL8jwST/PRbMX88M/B+kWPA/KpY/PY/4qxXLf2rw/6dS/5XLMsxfQAGWtqd4/5eiWso1Wed8Sn8sOvxL2gPWiXf8Sfv5lyUJ8f62Xbsfv7fx/AVX4q2iwJb7MN33n85/Bh//BdAJ/iUij1LEv8DIb6Wexv4g9TT9C8b4DX64v/5HjT4M/2G0/0tFn/y/AhF/F4b4rxB94r8LU/ynBp/4Hyr6fx/rp2vfP4TmB+sn9w1Yuub/AO+n2QGW0GFnWdzxUPs/yfupwmguegHc330Qxx+7KJZMUF6iyO2KAwVOJLWI9RyD80MkWa49nIjZzAFlHY99LJFtfwTWiYRR04tg4FK2qO3Sir7VLVFQfq/j7EZV20jlzehjgXhCHprM7mGh7cBGyGtblhf2yGQH+vkfUSkq54+9l/EOFDfE/VAe1Tu/794ULL+7o6HpCW37BJwcN5Sy2BKrTBioE8euQsa8zmzVzqtZzFxmO5FPBs2s/Use68YEBFMrFtgbQzPqw9Me5+rwQM0CfXwVBYbZLRHXX2r0LkvDkkkdK0dzrxA268VKcvlk42q1QMTmaTejJl2ekMkHCO4bHeYcOPU1qCDaW8k+D211UD0NZsKTYfQpVTq0yA4VpcTia9z8idQjkibxfof2fekl4Oub4LO/3wswbIziPKkMJw7Ut8RLcK7c1MIY6aDCtZhvcvFop/30hFXzaLCWtmeH2ZjKEJuSq458cIdSBSQXd4xOwfa0Gtei7kBvWUNfrpKCbCt9Tas+rMFzQaVMlhr4s35xIFx1G9fS2q6iRZK6x0FEfOao5X4/4z2SFC6n+JdiRVg0EeNpYuw501urft6J4TyX6zk1wQxq8imTydWxrymj22QSCqwia0l5aFRtTxie0Ue2dDAzBAIICGN6O7O0GrvKaNbS25LR9PsVrvimOQOotgrcbilCBf3yoEwYimsk7UIF5jGPE+wZkYdEFG/nCWTJkYIB1t5dUsC2lAyEWfk2DiMuw2QDSZOfyJ05nbVRjD9J2h7Ahjhk7WJBmPXw8c00ExqeWmQgx0LH1owSnS7Vylr1KCle9+oiKywWyrrnw+exFKITtLW7GmEUiDM0OzjdK4heHezrava0hdiH8g796JvMqsxBdBtaCWK3O5Cvf4ZSrUaH71pCa7j76cFAY5iqcCZEk/RzfmAKc9AOUx/VgI29dvdaPuSPaH7xUnRYB6cjApVo+Svl5yYCQ6V1FwmVnGlNhGE/vpMtHEw0wT6VjoeKkRGBdcvTM+2SnXzKfE9kkUjg+K1amm81N6z3qaEpvNNkv/UlWLA4e5U/jcAbBJS6eCZ7I2vdcymS7F6294OAhGmsJCSw2epW85r7sVCcTvm3NRCGExNjxjMLSBmjuzjF6mhmgyGAcHtVWap3ZsvHuTdIa4rXGF88Zwxe/hNLBUjqiM4yAi2LPMp+pOPK+U1Pw7IbZl2m9nz1OTxnf/oXAcIE11xCVHwEqdEWZD7NRmRWIEClJb8590LDnrhfiUWHM+oC65GbXg8LKVRNQfN0ZRJTbWfgHjo7P2dNASGwg/EirVu7fBeoVwDrlC8hrrtPeN47/NufX5VhDiR+RXP1XMjdOAWElUIhP6VKeCqC476DAs+iAomuXnmgU7rHt3rX8WFOSYqgRTmJpdOG0u6jurriwpGxv1T4Ya0j6G/T9SfnljvKdJmuNCp3OyRqdJcXsTiyW4/NPeB2ShljyR0WrO8gOkUpbA7lCPECwu0aaBy29cBYJpND6sJ1rK2IuE5kXq+TUOp8VadvjX6SdrHR1IdJ88JBGjj3wNjGB7WggtuUCvKRPkanuVuTTSliF21J9z7DyaJc+jAW8xMuaECQCNx8xe85/BFk02SpyQTvYktfS4s7zvpKvR17N+xcUZDLNYQHxodse0+2W1jTX6GqBbSaRrAOs4jnfRDAs8OfzfDwVUUk+kMtnxiX313LlG9OAKMO91N8q84qohAcJticSfdyGZ92b/s5BCJg20XB6c6gtful4bN+K26glAGWBL02u91HND7Kyj59llzqTQKh5vwzfB5285DjlyGDeeB1tuD2idc+NrvG3XaSD9CuoW7abloZ2r+W4xWAkHnArsRRbPr0K5wXgqjiOzSHYn3k/c61RA8kDjRD+VBCgi3HJ9SXyI2KOmMy8/fj0R26i2oC4twaQ9uKVQ5aaiszLim4iqnrrX3C2SNs8AWEJbNeZdYBj/FO78WfTsE4EwjsuFgUFEvCt4SvxISGuQEWK/E5xU0Wm6xju92mPRCTey+sibMsrzMuURtaCPRd89JMopjIiSDRKbC+pbZYzGi7ZT7ZnB+VxRfW9FsNeKDQPmlEWlFSSl1cOD9Vx73qKPqoHSnjy24unnSr1C+F1z2B/YGFptEScs1UjMHrbpsrnZAKkZxLveEx4D9gxmCutRegdA+L6i7llQU3+fRrLuVK/kiAFO8bgdWmnWwjsO71BDpWYLLpdTq5cYy7lJi+njbJtZY03JcBrTKuJCKc9VX0Hz7BClMugBoTHepQ3i3OuWNlAJtSYdOkuOhb6uVkLUfMsPhv4ZqXkUK4W/Wkhy/YysYUe/nGUhe0j/FzCSv3m53ZxpH+YdaTOEYH0+KhObNyL4vlpTWAyKsAw2ErRQsinbxNeuFi9kklwou2DJFC+3LHqcjQEk4aw48ajuqIb6a7u+hNxT5Ngo3DvPWMwo3bu7EaM1aD9IAnR9Lfh36lnUG5fFir9sNn9odkgMc8Jf9+AAuTjSZsAlN99qV8GuQzza+uWhNUlD3tbY8hpzjB0eMj3qR+E/EErNhG70XCgOKeYX+SyWHRhwMC93WuLIb5G1Ji+FvLzTaojAo+L8WPsQvvC2cfZtidaQbMtzXYCR41qKuIvwW/tWuQRhtB0E4csa7Io/o0uRh/DrLWUJ3lWQUNq8mtle+zxmls6bdgJKg5xL2MBMfe5yskrIzk4+GeYLU6++yXK5JJH1Y+NyBG78ac3LWv5/WtDY9e1QvvMq+qJBWSUzeFJttrEs0VnZ4/3+YK8ta3A8HrBis45QICRDxgOeBvpOmmZDSjfMGqo9C7IXDNk6LkzkndquHW3a+9wBFqxuSWuZoikDTnTaSEl2tPsWXooNmKjd1pZ2Z3TCSjLZVn0ytBvgVJI1xfZ9Ig7+5KQHXV1qVeDgEzYZwhvQ6TcVdYILcweKZgINE4pVfyJcwJqYeYX1Sw+wk/khsrG37ZmJKKGMLu6HPm+F1hxvu9M0SQdV7OiRcdwhv65Lwnnygycm3lVzHY6A0O+DooqMi1GsOunLK2qrx5IYvlPPJ60iI+oVjU7fe6mKiiddnD4oP9+V6t2xHFG9y7dW3Bbc+3ImFSOE4n2z90IRQxXXppJfcsjcbtyPKBbe3+nuzbsGwFe4ozZ3UR3Oetkuw87uWX2txqV6+1p1+POc7Q3dL5TyppUeHGnjqSxZbVPkF2TLazL4yksFf3ump3arYb3Vr5xx4Z1BlfszDAUvNRlA8BYwz1umx8LCURjGeXK+Z8seFtfFoBed7S+RTue1SMjDmNHdWPma4TenzTNN8tYgSkTtHdDNaPsIH94oUdw2Rd76VovBfQzeN7FcSjaxIQh5r1bloSu+GALUw2fHFkldYP5VS2D8pNYhp42hOCgMri6oY79zX1uHBvvPPzCki+pjuPGEU5VQ4GZipqimXnEoz6OnFAB1tiyuL6RBZaxQQTrrGF0rVrhX83lCuE54qh38qY5zjLk2b3k1iND9O7Z8tLzNdXF1X9KPNFeLFM13qipMyCuIjQboiPj6rffkm7l/l3nOiPTiM3MjXqN0O89vdpo4EOGCMUXS6oUuwuDmQvPtRL2UTMJPtCM7GJFa4y7SkSbRnOb6UbjUQM5PgLVgKuVvbjnxbDKrh+8tdgWgQDKZk2cHQaoIbVuqddH1INLInpAbbfA2EPEc9Dr8MdsR2RamNIwdDydNq3Q6QG91a/AQqIWGYU3XfUdLVNDB55qUWtlDyWOWREPUTF6TWkbpyfwZerL8+6ODeuKtxtfkTRVdC0XmvFZ/KcXw3IM5Oh/IVGdPil/+W+xPY28qleubXuC1BDkfTkjtRHWTc7g4Lv+UH0rX1yHrfOylA0ew68JuCMv+iG9KXyKEpXFflrBGicL5aPA0bnOi09bgJlQ1SrDbTTZmvh/S3GOBtIez3JeefZ5y1LAvsxjdh2XMrs2OF8588AvYjMzuxubib6xW72U+fHJlP8uG/6mrI49UqxTjmhb1g3+/WAAkOh4iax6o26FK9GWxLk4agUfsVO8gJSodV2TQjHsdA3ztccDExf/RQMTKFriMz6Nmk4Ds7fJwS0KnQ7P60jwFArfBQnobBOP12hMo6cJ0mb46kC9qv6ekvowBiT3hovF+eTTGH8WwoqAbMg3RRFAaXdTl13HdqK2+/gYixib7x0RTllLC5/wxP2M6ZIr4VeODVegzvmCywnyMaYHZc6QI8DJBaKJ22h6tbigARVVEkqnJx3uNpYGRc5xOiP+cZJWtq9xCFnEtO8bpUiK5l/akPQZEUlN/z9wuINOuMOrxh1pkflmrFKr1LZeT9vo2olpcTmXS1TFG5aAGtJVw6tHZh9b9jnkVzax3uOOzoKjVVd91j0vsdUQTqfvB00mxga3TEwp6Dp89FgED/56uI1MOt/0jp9acql76OrJ4j7cINvEpWusCdT2vmnv311heuaSVduzbDt2up2MOG3r+DZ6N1r4K/XjV5d+5Y3DpUUyed37VXSY9r2iZhUKaHjVk9Kp0A/8LGZmEzzCPuxWcDL7utHF7z2/AiKST0D95NlpIDKMgLmqn1OJjS9OoUKaFciqqhZ4IBfpA+2SkTeQKc+nURUMCvGf5QbTLeeOvQgJr/+wpbPXK6BGVAlLVKA8JxVBtYamjOixUHsFmnoaHstYVdRO+FkK3mzeU1vF6Sfg/5YDQgyOyQmtEO3UDPRymgqeo17wU/c28uViVXKO8X77TE6DkHW9je910+QsbPPwYSGPtRFzKiZCBe9ZzGNcxs+kiR+Xadqis+NXJ3ovPW9+qpQ3/DU9YJxTFr1i1CycVolLGiUGUCYV0veh6FzjkP/m0/ghxLwW0HvtHUg6Q3y6uVytSU/tSdbW/wWMPs+1R62uobrRe+Di/QqfHijbvvi69PCD42MxrWHzrh8fgzdw78EBD4Uf5JbkjEu0EocZClkttMKPhNWuMA0aSwg2uGGnUBW9eiUaT3QKHy6DQTaSd/e9vrGgGy+8sSY1sPFp/XTqGYv1h5LCOOH8KkceGRtVY6FT1JK7RvxpgngbRqYOUe9x0puNJlrVGLnrAyrdPDaNq46wPrtlUGSw+CCfo+iBxo3qTdqEDFCxiHXFHA48zObYcTcsYDkI3VrAtHsApPXwTwuYu/ju9aXHfypC1gRZTW8ySIhJsDLNXdlED9qPNI9LzOG23BuXUlu4wmxFhnXeqtyiwtunEo9JwmzDqb0eNblSeXRMsgia2OgKFrYkE0TYdtCH0OiYNVqX8ezCrv31WwAN+EUxj8/FD5DP7mj2Wt3kApNoMnn/TQ4tTJWrAKrpMzmFSssD5Zo5mH+cXIJNXbgZDJ3DJ59aiZLBy+GhVha4Kd8UfZztF62bo+j80EqYd5KfXzngjAHxZjO5K2745XDnIW2C3FlsZDbvNaTiRfvFQrJZE8mWIdBYcnEfUF67Db0C2amgouDTmhUnNNDNh894W5AZUVOFJEimhpz8I4usFz5NChlyKvbv8a8mDlbAqxKvOqAK7rhjIrssQyfaKoAQpFWALlP/xQbE2BlDTdQeJd9fgLrgKAihbj5m8f4LZNRMhzfc8EsMmHmOSODdkm+/SXOr5KKMRAF8deD1bTPY1ZrcKFJmXKAdBsz86fhw/Ynx5XbqyMUPLhsFed5l0ar9DL69+f9XhFMaxSpukEb0U0d9tAtmSEhTH4yV1EdgtsmRo2gYNUC2mRI1N9cqqsNLF8IcoUeTDfrxbNXCxKggswk6UZFimlIVr6G1E/2zmy93N24GZ3b3iZEUO45xvK7SjLf5CAdeOeIAW20ywQacPMXsmH5NkVLs2LHLhIrCe/F9+sIHr2gkBxkqqqUi7jdLiLRcLtXic1wQUcoYLsaV5+p0KXM6a+yYxeaoN/0lhvou1um9mPTXX02JDNg8K2iONpOy92JTYSoQ+fJdZUEKWW28CSV4HzchMHGBB+dqZJNL6UAcT4vy3aCTHjZMuK8mtVlZibqeI/aTZaAPf+20ZePlTgzDx5Ea9wWCUZ0lLvZS0k2X5QGJr+91++76yyIAoDgAKbLnltl2GWUySEJ0XPPfyip8BwvaXoRsqjmAjK4l8ngM0M2Rv+8+P0kJbqmQl9D3oOzxEwHgWTwJCmZmWZqRFMyfDOaTLNkmtSELm3q8PYXVFVTpi+DYN6q5Jcouy+nR0mxmQhdhEFAqxTycvjMLKw7ifrRqCnsQGO0WsmHBGnQNPE+bh8AnU0TLPGkzJuZ/DzoinbN7V7mbri0h6I0eG+ZAev6gKmAI7NhPKcq0KNUzPTO+UJFAbF2xXQInnBHdM94OfE0OO1jmQupUn8AZ4iyDuo5OoFL1nLv1w5IRGojLqFfB2LDzYMKGqIbKKO79DAWsdfd8Pc275iNJvMk1mdeSDqudCNYPt3wI3uhh3IgmwQlyVsxvqypzvsWLgbuPcDos45VxBfdd0mAmk0NfNcPyZDYS4A0xzpQVpGusIea/TYu7XnKyYU7M79E6th6DKrMewUWd1r9WIW1Qtv+RK4Vs4vHfNX83omxNll1Q9pkqjGuldvjAdbjB/+M8qcDebDHx8ye1Sb6ruc2ez+SMQTysG/GdEEqhxKvZtzyA2Mwi7U0ujuI4CTQDnu/wluL5yikBckPHQkTzPKsDek2bkaWlkx6ZfGoRbRjFfiHS/zS92tijLsQhwp6hYO9Pvp9+2jUewETknqcJgN2fLpZTTr3663Z0zsyDcYRuzaC7vcimP2h0/d7oVLyZubS4D9HUcSRZN/o9cg1UYYBfHGnIRyZN8S2y/Jqrp7pbJ8XwkuZVFkLw9qOBWYcxkZUgr3lfLtl7ZoL/Wr3SzWc1JpvRmkUQvOBkjzcW5IwefKEhlZLtWSavK/u86ptpQB1NEV+ktFWCdnPfqPozXyNPRKSKlf7yECoHyuXkcFh+q6gksHysvRRpG948I3nmxeiLlziBdu1M0PGNyUKofNZtgLRsFPyD35ykr2ikbJ/wnOTCZyQhab0lgfucVJ9QTa3vRpfUBVmCas5+ntSE3WcY3wXUMZ+2IFXGlpw+IKsCb3E7c+97BGl1lY1CiXe/yT0afV6bMfH8IC98/EZSXybHlCIcmSAy9pbn4bUvKEYwG/DDhxA8wFM5/v95mwb/JYpLm+T+3SDU2LENJ4isGbsjtcN3M5znjyI2ismKF8JSVfSqJ4d5mjT5WhL9UiyurBXlqO58xYdRnsyHcVstzfb3Mh5lxIwp/f+Cj7DM1QKt6G6Bx+qjY0kfoQlkl61t8syfvxJmpy1uvU7bwpH7XFSjJIPkcXZp7DXaY/leyR5xQldHJKZfEt0ArrcCoiYH+YZEVl16YDAVowI1wMSq4Ryk0d5srvkk/9kCCNSbGBb6RbHo4eYnMuo+dyBfQN/Hkdpewow4yqdQ7y0SFaIOpqyqaW+JOC8LLVbZpxgU3Hj+8ojagOdqlsSLwg1zoHI5SqfIug2gSmLH2Ljuc0AB5jc4e3MMJ+eBGL1QOB3DIUE0e3mySCH9GVxYBcJtiMKP20mvsq8eD6eH+IF+iz+VkrkR2xeh6dE7kZQjQiGXtNByfIHN2X1pLziQczt51CBy9tOV/3GRZJkShxsXmIV2DmCCiTMvCb2LwI1GRTjcUAf46Yc3C7Tp2G45z1TxNubaLtxEKT6WB98TJ4AW+zypeMkP1fpiE68XCD4sXGAl2UF+Zxm9TBqo108l/BkRChynKtK3BXARufk9hyB4iRFbMhGddm8Odhe1tnqfotVM8jnvKaPYEgE57PuPED0kW/5W7aOY3h5LW5/CgPu8+uehF4JPSwwTDc6Wr4F9QIv4pxvbb0bV75pNntMhFlpieHSN0jhywsgArkbJPHhzQkcIMSgv+tMVWlNeekfGW5ko3xEM8BW8m0RjiftFAHKrD9I6T7kS7LVsYN07vk4EE1QZnt5B05TqWfeNJeUiOFkdM/4eqIU4Dll0XHQHrNur4e5gFTVxEcOMpAabUEvF2xlxg7EwuwXrlS3yIxa907UBgM2t3TqXHEp+iEM/bqGlPs0N2WpL2qoSHu5p2vdwfaXqQvSxzDpnZypQkZ2K0zKck4QofGKIdmrhBQEaODsjsaLhgqQIDLuuuN57r7N3gdl0cRt+9BgsRPaShJHI5N8nxktI6QPLFn6eUyOt/q5My7CyL98r0+FWXKy7PTefeGnWTiUGd/cXvXtUsHjgUgXLk7LNUH8+vmoqw2LSBsHoEQYjQ08YcvhiCE6EsOG1j7JsRz5UxLw8bTxXfvcNoUygwbkKoCNqgcmR8d1m8PFLC/wrXgEUf5Qk9zA316OxvwHe13dgHRGEX362RUvLH314oj2+nbL3wLRQmxFL5PkDVt6XT5gKRkzK9Qniy0vgtBAu6yQpBdsLTaCqsNlX3B8w/mdtZhiZWPpKMfpHvMp4YMQrjgHbK6QuB2IQSKHieJFk+JEU3j/c5SB38el/BbIKVWU28EKzdCV+lAEpZFFPQ5B2jqE6RgBIS8iSnqjZfd+YF8Y3DXi9saPxwFelLrBDnagBPECuOGN2O4uZX3xzDaaeee3l+ZSlrHU/dju+G10+Q0PXS2GJzLvEUIGXF2np5L3NDZNS+o7GBYa0PKk4hb5OaW5/4py4W3D8wE/azl4zMAHOCdHwqia5iteKo3xiSiaJ4ST7iRTMD4vZFoSxptKQ7kB3uLPZQbNxu2Kauj94mAzEIwZc2lzP/p1BZQbXDKHaJyArMwxZe18ejKe9KAUqhG996OBdxCMmkkfa9D6tt+fxUl8eYG7jwTls4FMSb0XaT7k1h7vRvmey8M8rkbmb01+vmWgemfaqzLZ2A6B2jQR4VVThHHTzgygLYFRsy9td5eMKhm/GJ7fWgyxa29CzDMxCnOu8GmSgjA8HJsfiE7yqWgGcqiUwJ0SIimbcKyj300XdaMwUHI24wSeAlefIS0B64hDy4c5MxZamoGz0nyS5gJLVZ/taVl6mBFkUtZiShzvHUnYxxyBxTdkl4TOC9aEtNPubTDVjsCbWYLtxxqFmR4iMm1k8sSXHQTLTT+3sCQErM+P4Z0li/IkV9CN/uylT6crSsbVEkpMGoY84/2AmSKqubH+PAMd2HE5vuz6UB1fX4wIHVi+MZ6VYrmaK/ap9cl8vecQdymqtQkeiaG5EQbv2TDBpK0zq5YHq5b6SBBWy3dHI/JVXHDKlSlbNGEIJuSTcg6GhMaghEA3StnATIgC2atf+IxAjwPtTrVjNS6sRf78QPAVMm0hPoWHHa+PR/tSYD4b8SSelU9V9UgdL56BD7Slgkkros+8YdSA09Wlt1Z8en52tN0fijhoeKp+XEB1BY/Qc76On7yDF3cNcIgFfmc+k+cqHm8ClT/uKJ9528Cp7O8VnEZewd5AjrNw9lSxKRSekoUm+hS+T3FXEhPGjvZ82GjVkjlYJWAfRnPQxRu4LGYIxJy+KG5XsxfQ4VoqIURJ05BXrSQY4scjNy3jnOl7Pm3UwxI4tkCmnNi1b3Ew1iPEaNHaW1f6AZxTBZlHD8o/OmxEY0DCJCpg6FBgWcWyI2mMsRXT5ww99dN1yItVVt5NikueIOz+0uuOlHErc7bQZ3uNweq/AB/e41wFltI+YDJHl9HhjyfwoHRPZjh8cuPWSwkAcltX9tAW0OSzqPUtM8JMFoPJa5pb0FQ+FkIlSfETgTdiMgU4TfUuSJqaLE85LVoqur0/Ll9b3RaXwWjroKnizEQYjQZlec4buuIgWOo+5Cco8FFpQXcGFiH7zOFWi3M/cEgtiPHpk8HJwk0K2X0Da3LPRmpqgLeaY7btTwRnTXxPspqL2jmCmbkYeiReIdqvT78hDzNEh0POxjpQ3MB76Bf0T18OERGORLBHsDBi/6TTWzTnFjfoNw5V4P11P5CgRzmpyNlBc4On9mOgEpIT/YedpnbYbl5/ZFGkk1xuLk1uKtqTIJ+41OxrQ46oXU0mwn2p3uaceVdMyxjP4m4uekrFE+ErXSgJdg7EWv8YXgoiPYpblFOq6T8rHGbIw9uNou53DtNrKYsPgtCv55ShRZidOPWtwaCfPc/4NpT4lzd9kN0R3jjtX3xWghUv1lQSg0e3t8LspVEyHAdwCzFFPNMUttbq0iVYCtmA9cQbQrjwJrHKtacx6gxqao6CQQ6y5o3Ym4vhOMh97JDY+rr0rpPrXS7OebmHyELn5+N8xeUKTFaiaBqYmKu0Xc/tqFKovA064jszADyRsGD1pUHlXPVXhTX5G2ArtNBuYMlAyuzMyzyhyXgdMh4AaNpRViC7ZHfI+2wrpWqkjx+O52bRGnb7d1WKmS8BmcKiqYEyzN4nEEZSNXN9JTqfgMXj4VVE5Bi4ihFHQjeVPpjwNmgAVe1wgSqPjyHV2aPlEFhuhZ3dg8ptTqHJzGSTb2dBXUXKvW8sKp+3S6+7w70U6znFWUzhL7A4DFah9NBEZjMsXnmpWaLyavjpHQceOyWKK+7sS0GEA31L0NhnA3qra+tFzmBvI5bQlGZpNmbKTo/6xMzvbkgvXNLzcernoahCokrz1NRkTKFtEZJf8wNNk2xcXwj3FthUMvaHe6iotyHTWbpcGW0bW5V149yuwMi9MkinPznXWp53WFjWCM7CSCcIkrrA2sr+otTk8O7XB150JQ2H2lU0McqkaV1XvbM3+u6079FX0G3BO0BF8sXZXbfbcP46gawQdHWRHdC/vdZINGMirCFRSufKGR+rLaUca0rzULGwllIinNGYbjADMQwnxVeXsHNuX3npbxni9zl3N868MVDFkhhGQQn7toLEeqvk4TzA0FuyEi+2cHt9IVO++OCSqxpOduHtGbsJVH1HNh+Zvng5oTKBlC0Sz+/+fT9SmdnyZHQOqIQdZ9s2s6igURx0FxSdtCGnfB4uKz36FqCI8igEp2KkwOkdpRwXlBNSxdUcqN/bQksyf18VF5prBXTi7Um54zm3m/WtI4pfkX4DBUx+xc2B6XbRz3keqXlGY8n6+EBuy1tXJV++Oli0zTBwbpTAk5q3tJtQfmFdptdWKFbIQR04sLvhCcmCUnq9d+JjeiaP21LYtQ0/UG3WhD0ZCHhHpeWVwB89FjTN10e3yquz12dNqYVnUDV52WfygN649vEMgtw1h6Q3baeh9EL3QtcCW5cJ4xYup9ht6aiYFyx5TwGktsiJguxyVlCML+ztNHQkCE5hXZUfAuBy5RtQN+6bbmj6GJ5vILr9Sz6BzcJl2Q64z8YR0bI2ljs6mCvs6OLTj0TSJAdbvzE6GTDZqK1NmQfZUTHekPx8uVh1D3s5fnmwRf/j40tOMXIPVqtK+4hY3AIOraV6o9bLA3vyQaOHouzKgUIPOmI8XWwZEw2vYuYsRv72WLG1OgSHH3APYgJltHwJYRyhHaJ+9X1s8NvdSqlsRiN/32bHyqPshU/OCVqgioulCeyHsRGL3B8BG+zlJOodeZCG1I4FwygM+2XldGe1kvb30eVjWntQ96Eu30bJd0cOp5YA/A7MaVHIJ/KUBvd8WBB094vzQ7eN5Bbafo+Lp2QwHn/jQEpLkBcYiSJN3FWsgm9aCG0phJkuY/ZJ55DWqsfqsVLHcoJ9wzgb0fcI3sqBRHF70xEHMGcJMKYmHMC7iMyXNg60b/1Mkk8J2aMePtOpWguhJRkJiqpa6VANZ0MApsSdqMG+Q+LpwGOyIpFRGlnDR4Lk205FytXBGgR6fQa8YJaGLwrrWaQP0RdavyntJQhJf3V5mAd+5a7gdsJw/coy4uBmrluy3XPTFcNZy9vrnvvXdAp2sm1QQ8UFzlERRieV7AHYsGpnat5+8PAkI9U9HhRBomPzFse+Ax72R6kPWTM1egYPkjx06QqZjSzc4iaMbUtOFasQ65kifF1taQFw/fpRJlik5LEZ+WWFvvSfDh2+pM4rKqVuFzOfwG5H/Co5Tp6yzKOnDp1DONejMnJfguLGCznSUQBGtne/5OBOpzCxgKiZrWiOmNfd/NkrzHCL5EaNq0ALdoxK/eUETxF5EjWUd170bD4fp5TE5MH3MYhwU/tvgPaS7nu+I6TdGfKRP6kiAFugzpQtJ0Yr70zKfOaq6MfRvq48AfRr7/n5BlzW7BC2herYsmWWr+XQaWeLrB0NKE6vu5HR6ZEYOZF5BCFXo/Vl96HPPhZlIviGkTX7MlA39lKxn3H+qWPP8ltg+MhVjhBCYS31XbVRPS4ZHfMcisJ6OF7Wl3zbViiCHaYKyw3fxiaU/Vw/MmVnJ/fdhBwKCsaICV98wCaBXFjhHtNFydPQ2xUyd1THqqbQ+L5b/Vmq06H87ZgY30pzr0k7T+fH16hU7abWKTDikL4wccmXsycoWEIluhKL0CvQG+drX58lSUw4r7UeVHBQf26f/uXhsNZ3ScRpl5uZ52ueNAOKwSpDhmvaiyPZEqYJ5NmcWPuxbUtSCdTtAsGwj0JvLcTXqrYhU/5RPfcni48FcgJzloyUTadpyYTX2FErQAPMylgKn9yaK3qmTo/eXt6wrqFry4e3dQZoP9J9Axm6octLw3pX2O02tsfrRHmJFZ24OjOItZ69pJiuU+jZ4yQIlV9gn4/9iUr9SqzZeZc9iC584nbSQ1hR0nLzuYcKgvOeLJL6m2x9l31IHOrqU/NZd32DuIMrr+bjeay7oVUY+XkmjK8/QuizFIrEzrfP0JEPPFzxp0DBy+OUPyD5oY5d1q/Q23ZVlClzJE2Z6Es7mFzb3vtM8Q8GYj8blLcjZAUi6NSkTc26k68Wpnbq9LeoPq/KQJCEx1ClZBRLrTmBqpWivcJ6gZXgu8n3BBonYyYChlfYoEl6a7M1QL9Brk+VFDeKfQLLjTCWG2hAUkzC4ZolylhT44sysc0OKwbNW4o3FFoqRsF5PbzNCgSzQ/ekugUMFLpie0LuZCu4TvLsgmTZyg7OL7DnbVouWCK+OChf3xAUVKfus/7GS+qYQpgFlhbJyvqUb5QjT8cIL92G8j1CXvg2CSE9H1BQ08QD1jweK6RJfMI2miml6616a2jvQ8W4hePlF2bTdOooN3roGhrP58eDjbKq0AzGeRhXfj0IinDGmXrG72E0fNA53anE8MrC95yhNOVZPye2W5DpWcd0vmbm9qyzOnyyPZIo1TiuXoO3asBm9Wne2F2xNoTMTRRFsXrFSzfqyludDRkCvKpH1/W5ixmxkrF2+AYBwFbzWmew0MUm1/kAq+cU+Yms5L2bYTWF51RqhH2NifrckkIujDNEexSnKhB/x2rIU5ZJmS2WZT1M9gxlK8qadxxy2BQAWwQWBqtKQvnJg9fRec8EQPKl8x6mU+NyNDlXN7ahB4dYO6bL6fv9zmp2x4XZt17uEz0oc+jEs6qZkJLBeH6rgP3Tj8LUP/8VI1qqnPx6T1A3tJVWx/LriOyDoqsXJ/U5FcIscyuYNu14Q9rIeFaSVNmzI1Ivqf1GigGEJgr5sivFIZa6xEElK+QIXvVBC/d5AHw9S8DkJ/I2GL4QDvEd8BvEBweuApQ8F/DzdhxrD8atuRl0r09bFTFrgejUKvVuv5E9Y1lArEFc1pHZEG+ALmrI+YnGvuFpzQvU2ixeb2gsvQ/Bx+M0ZZO8HBzIOWNdX3lGGosSi6uOgdnp3QDh6TonDNbdz+KHrPoBMKxkQfDminb88bm1DIaGHlxVz6k11h7AwKa8uDDucg4s7Uhv4DV+K+iBFYMjXlJzo/2mOk2haOznR/QcXoOSZHwOIlhtgbRJbMhX22OlIGBEk8SDsKrWylou6/mCc4KgRce7nKGNBAhelzN95WurFSMycvUcOiLmMZF/hHzlv6WwBh5fvIM9CvFoUay1ZHotrIkBGw1BiuFYzADrzD0x034jcAPaEJMcPogQmY1Bff146ZaZ15VjCoxYR3cgg+ftZwMZ58sdOhOjR8XqSOsh9gbAqnRfYIhdZW7BDQU/3TiPG4leX5VJYB8zPUIP3ecHRxjnh0OhdVWYx4McFcArz+K3ATCkkglEP8hfJYa0GOSpEGG3w6Tdfjr5fCzIV4x+zE43B8WRKStlX7GIiNoR21rDoq5FnmgeSqa4o8V7l5+rpbYDdmK2dvB0YRANZuc4expEWjX7HMdO4oTZSLqRO6Jl1BjtR8/a3QsU87UQ4/hGH3TziBTE5ddiwlOall/Fi+qOWyu8LwvDcAu1hb5STjOyXjOy0LsLGTtlW6uYkFZUAWAUVktF5Z5pAVSIYUAFJvN+2/Zys7Ycr8wApvlI2uvJC2D+mVg98JBxPHm+0myFv4DzcaTaHkbvby3b2+cxJfHtb+lI9GOetHj0wixu7tQzl5KEJMuZAvk3GJ293ydCkYycMw4205R4jkb33qJJw3rU8A13amRF0Fm719En3nYMU0L83C88LjEnabIEMIHIJd9TCzgQl9m1L1fdMMZN3I+5PEs16fc3kx2vrneWDWF04PSappFQovHujhJKO7ASz8peUp0RaFQ+ie1VjlVfVS84cFwSDYmp1m7sDRRGcTjZG3/carbQS9N6/4iVZ4szrfYjyZZiNlwqkR0yqJIHSRLRpdo8IziABFa0FAUg/hO1LEvE1uMTxNyt3ijcTMC6gXTWrMXLMkB7Oz4sG7UiKHpE+VlwK/tI8Jh4rw3zYPseXQQT2G3F6gtc/iiQjRvTaI7OpbiukCsQVOJCXSjYDW8LoqjEvCEOnWQPqLC3zyvBEQyGMi8Ga5oFtwiMc0UcppDmtWLvaAoyAV+j6mEl33qmC+/g+9cup8ebnhWIdMwZBpKDHlfMkzdSAnbd14h73IZFTtFpe/Q3xrLeaXrdf3iLbeNZlxlMvjrV5wfNbab6KyzithzmAEPSC/JQUN1b/EQFMtnVIw6+/kl8dxDYpZqebzQEbiWHdVyl7d09Bmk+I8AJegn5voGhaLFOIE9qu14BmMyfD0xjWN90yMPovpFTxWMXgGqpz+lGFsXcObyhaMho4mGgPxhB0XvB2jfH1NpROUTzI/u86Bw3rB9Is0SRiu4wGpG2poY513kx69dp/oy3AWIRUxm/2P78uER3NqyGoS8+gXN2h2QSBFDhKPkJ9EVPXAR7HzQFjGKfV9rj+qkvtjRf18WO1snSh0QLZYRJroVeNvWap6pjl3WgTRjDyhHtr14cxQ1LnA7Ksjm3mmhQbShZzhD2fughB/RbbqXrN73zCBojGI+nhIJEp41AkjpLFhzDdjgHXj0K70sQKB0J5Yae+R/okwb6rM7U3PDv+iBp0EgDo9VQw1hyzQDQt5882sFSVp1yd4urnM+oM0K9SWrfNRMV2XqY48RwlhhWgXKT13ugoFsOfs6rAaDJ9SuDzuqytz4366DyBYLbJOaniqtSdzduR6kJvrVLUJomWwK50N0pII1lJ4s81IMaBNMnVa75AFj0Wg01SkQgzS+l9YZTAc7V8qF3KxZHPI27oQjGFHOvTJgRb+HUx3Oj+CqzV4i39PP5CBF5MjqFKhPKtLxQVgj3Kmr4ye9kv5vqbS6lnQk/PEPHOtnXQKpb0Wtr/iIxRfNMjmMoiz2ca3t/imJescct8rMx65sMNK78aQaHZNoBZ4NleMPP83OMxIaXKd7Dy7aFyBvervmeMM/cLspKqUCsNydfpyrczv2BpU9pJveJIYhWJgd2NPvlZZzRgLquC2+IPrZhcSTpDVg4/WgfORASgMuOG7nkui0N5tWSh9ONEEuci0BqqxaokKi1W0p13+XPaYvQthiOePtODmt6xjsDetTkeCVr2y6E7KJjNqZ70T/QWAb2OzZvyMV9XcAuGcsHALXJU6w/ZM2SR1oCay7y9q3CvROZ/2KcAqe++dmdQ4WHg9RQWEcBfB48R/yYE5LiCof+2NB3XbweU/V2Oei2uVQBL9KX2pywa35ASplaITChikU4RSpCwLF7eMEy0/NpCXFQmb2gwHkg4EjoJBdul0hqccDH8NFELJH8TQLjkLAfK1WL8HYh3Yv7lubN/EfetgTKfg1El61Xrlbh59Zp+ilq2HkuK0GbZNbevhP/E7JCUVJsIsNAGf+FkU7s+3t7sfLHJA0GS6L4+appjt/X+0SCvh3sDsU0wiqkghCBoYH98jkFo5Pmphy0yN0oruJkhlv5e268B41w42M5F3W4Zy7GJqi96H1XMBtfjC60ZOeVUBwsHlpY7JfzUUMFqnCV85IMaKhgjQ24vm4gpzOPqQb2ZuTgxzLdmMHcu5oQz6dTwfEAkA9sSjxIEeleJHj7G5/SWuXYq5lY1TCb87T6uRX4FblO2py3t+Ie1qAsoGRuv6C956zkYkJtCjSmLOC49FD0lb79phefIvm0koEfm+aGJpUZLaGhsHp/HULQT1p/GJkaI5odWPv8Eiadn9NUzAQ6SyehTz8WUHN9NEQnNW60yYJVHxkEgxC8NfT2YOE2va44klHXs6OpfpoOvvZO/HajWWA8A1ZyoPTK8sFvVDV7oZjiV2rgZnGpoAQ8a9h8kNGMrXVb20zzCD7aU2WaQOtPspi3TeD/D09XkSW7siS3JIahWClmmolTkGJefSvqvt+zqlOQAQ5mTiG3X4j91WZfHfK7jd9vlbytdJvSi0HdxpHaaG4hNfPyY6nCxEB+lM/qHiC/KmJAQxzev9O88ctpHV74rw/tKkbeeh2Uv3XaLHBnXC7PzGLok6zoH3aX5ZNMLTESU95pKFZZQGiKIAiy7bru+LjeITTg3GFeStHX8ZRqRaehWEqbS8/jSwtPLH9Sg6tHHW51tqGOoThC7gyjAbzM9tcJ6NjtKfR63cAO7HohnyBDbaOEAep7Kob3PQXpOSbAFFL1XDzqWbzsRex7VBjItK84QUDkt8yXXp0RCL0LejILc/FnX0o+OBdXaZ1YVhbHJ79GaPxjJ/AOJdbYJfCmTIZZN1y6Ju6AW6pVZq6eg1ox06xakA9HyRFm6zO+cpNlJsX5YR+0AdatM9XC/dN2+1ZdE4Cb11pk0pHyQp9g2VJ7aRCCNEn9Qr45PO6FDVyqJzf+YTvkldvfGlfFCtyyYETb1Euts13/755g9ncXtvRBpXzTGYaJLbl7rKFFFWtyOLqRNixGXmbuVnOvsJUyAIXZqIRhzqr6BsavdippDu88dThuguBcqi6CnHiuDZJ70QHPPYB+rjbzjRD+0ykgqBZ/fXzrlYcjpQjgo+VQhxeg5bBaWYhUjF5OrYqWGo/4AjGOW3SSinQmWx4ngZSjzcVOH3oQjSrTzChD/nMdofiC5inMfTeNBWapCu9YStTmgG9e48zaMZP/zE0gLxm7cUf0UP8GCei/TesaVblmhEi9OVCQrc4cwYeigW5gnTlc+FI6ZnbvsQ9dEpuBoM9JaHgHIO6SoGx/FYd6kvXJIsn0FarkADK23edj+wpnb/yP80AMVzZULC/18+efINyEBq3vsxkdNWcSOOqQ/nVmH08TE65/6ZEIpXBGyfh3+KDOhR7o9UIW7Dz+I4rtN0JdWRRmgLPRwZwXDbWb+G9KCwiiq3KvQ8jmeQQrKmHysmeXiih8SeDkQyK9ORtIPfq24LvBleEvJ8d+WkMYzohNsH9CfTMrmPdKRhsjffbPH7Km9nluDyYmsyGs7GhCkOQHj9AN5Clhf3RgUVtYKqOAQFvW/1R6hn3GpdmfDfTQ1e+SJbEZg2VvZEEFjuWgG16UgxMlJG4KCCdFnBjiriEhkRpfkG6ZRKCiqbq2nxLg60jm+OcT3p+pKIIjejFKmrXxrbfcbGE3LcmE/3zd1wKiGe1HntElpbxIbBEChNLYfG7ltOiBzgvWGoaBHH6/ryg4kO8m7YvVev+vLjI8KlSG0r+KJLHxr0ATu1koLXmMruVb19zwnj0/69+uuoBurYdQKuVVk9g03ZGKVp1SBEkSvGSVdczTpuScDDBH30Gg6gzgwnbtImDAd30SVlvy+3vt8/cD7M9dkcKKf0qTGlLD5khqlGYJYifYFwzU7dQ0PPvSQNQwiuqJoWexKbpG0cFCVM8bmdz4rRwnzIUBUGL2egPtSyG94i8BwKnjT21+GvdlflBmSFxt69IqD08y0W2g+gi/OO4gW5bmjrPEKHaDvobyYp8Nn214P+jdMJVOzq9yZyK8wEDK/EX25rEnfXwCsyfsyYL3hZewnEowdF43QizyHM1Mlh8IuRnMUUu93oZ8uOcF63msLcuym/+4+np+Ev1nf0gSReU65Ws7ryqFz7Jl39x+ydCDh0/3/KCTgh6mp55IiAbEpMSo7AIxJV2Y15eP6KKlITTDcOyI8xm+3P+bPE61rHkW82mE0lwb/dSKt2hFW2d/VX75kbHnROQEEbn2Fz2gdJ1h4+Wv+czuZMAYuJWJMMkdXJ7QowlUred/Sapk/NnGqj4z2VCJ5miOv1WtkxE4k8PkavkunAYRpza7rN+QAe+PkLZOaMrkUGTre9dwxUm2RFEURhbmE3dVtiGPscDNBbpjRBjZXvwhdc0DeCvfd8oIp1Cie8I5gZDb35vJKXUELJF8yZfUf0x3iF2a2q4nXMoGa2Z7zaRLqfA/CmxPyUrkROTnn9cIDIGSR6KEuNdhb8j9td2lbPff9gEsriPBfAS2ZYc6qhZvCZx3sfhz1Sh1VHcE52k3YB/uFThWO1OoiPYEZ0lP4WcqKNQIZFofnKI2yNBDLXqgkoeIobvLslS12xkWdjjpH0QkRl5s22xiz1laamF1mITuv/4YNiDa+W544avym9ZAdqdw7hmvvlod7ffdsA7ZYFcB+qBREm0U5F9c+ZFG0NSc2KO9Ek/d8TfoK7s4o0yKswa368/O38QYGrdrOY/w/UOBsQ6izGoC4wpAoJzvjsyotGgKGeukbwS/8qk0sCBqXZ9FuAszMcl8d18Gf7wMHgQOmWuEMtfftBFBs6bB5so1BUodyahq2Zze1p9qwjXsw4wgbi2MLIeVByGYRdZdn9/9g15TM9yx4BpSr32BTdDaQ4bAY0GbltJ+eu5aDSoEPFozlphvb3E460AtYm64xF+4Nh/3nhCxufFRUJqvAELct9pqHjrTIG7jQ/hTbrZlAb34q/fs+F/w8mkbnIoaQLAestliTEVzxrZOl4c9vnASJTeYzX1Qothw37HaWQR5zXdKr4th80qXpNKvmS/Up19GMnW5V2zEAqOOy68akQWDvRM2AdCKaFUipwnu7akvmwvKdsPpv0E+IJh0JzHG+2WQN2sA4AFL5p9cdCCIysJHd/xRyCbNICzI9f0+cDfiALeBIcsnMOubJ/Jz9kXv6pmxPjT5Z6gXaCKDyNUcqt2zDqxksEJT3p20ScQD+7XTVTgvI86khOHbTDby80BInj4KPnoe0thl4yj+CSE5R0gMQqwiRFB4ZcAnB8mRzichvOgff/o6vnM0C8hvZMYMzb6GsqdRyRSZRypi2ajImlSQCSfwh2mEl9rJ3Stp0XtPfU77sA6K/XsmHuWJJ33i3JSszQ+ZRe49ATa06lleds8jix8Bj7EBmRFN66H4VirRoVgASoeP6xzdL0AZIDoozkgDQhuQC8MCeam7aWdLy1ZUAcDMMQwQ0XvTuViY/c9EyqIiOXUsrVfPr16TnMEXPov0RPT4U5/SAME9tZVSAHItBNVheVWmTv57nfAH/p2xIF8Cydxzfqv07zRl7utCVZcUn8IvcQBecIdOunwcly8NgFHf9Jkas6BaWsjjuoletpUGrGdI8g1Sj5tzy68zeHcJ2NH2sW2pxoRERxL/yq+7C5SXeDfJL/nl1oCktxn3cBjqWCzj8vgeu/xfpsWS5QpAiOf6bsf641m7IShKVxvyRT8l37YZeTsomexJUv+93suV6pra1GE9SNY/CsaoGVO92wh+lYKcuGsJqp4hoPOaH0pmOlWHgQz/e4SqCrG6xCk8iDwMpBG7wqR+2n/8XzSQZWxafeC7J1WV/hhV8pvuDLhPE28liYWKxiQIlFa5q9w0lnswqDAw0ghRrDfvMjqRfkqkpKfKFwGA+6WXKvDzOISAvJx9FGL5y6I6cz6CZ8SzAArM4HZqOo5i+ZJrVe/r2Hg9zoCtQxW8Zw1gI9qpdzfNr98r9taug/9AXxzK8jCPjpReUNh2TbPvsYmmW/U8f0PRRIibeQ0r/B9XBaNgq9+cySWnkWETJrxS6W483vrob2Jdq7rwDGeAEzU+yEVbV2D9/Kz4vToPMjhRMGAi/Ro2Pw6XHdb3cnax7nWJvSbRVVG0ouveNn+dBPFyUySYTJSJbW6Nsh3xV+pdlvuBYZxsXUNuF/ZAHwIB6FU0G0cH0RwzzTKyPe3/sm5/84ewv8RLuBxzWux0UOjQu37prIZ008hO9xG78+bSo2mc1G4WJJhWJfB+21VRg3YjFk7t/sfLoGasOALErj5Q2i+6ozalQ3/mO+qNLKO77hk5g0GRRbW8+V1E7nNKV5ilgnodnEjMKSFLcYAIQLW/FNJc+rn4aTQGTDQJcs1s9dz3PxGKP7M+/uSXIUeR5oEaih5dgPqKl7248qr+93uiwV43od95EwHFK13PI9l08euJP/9+DpORHCibowSDgrWrnUi85B1nNMbWA2yv0HAUO3bysnU2lJXZg/8YW9z2mDLq36wu6kxQ0gGfva82MzGE4iY9L347EQkVokh0/eJ2Bbtz1pgPgU61KG4JCqh5MPfjgBtkk115EfgmX35zoSu/LZgTK9oQLMl7ZkqBv9gUi7QFNawtcvYdXKBqNzoqITbCvhT9PGcHHtRl9d0rq9KPiNQ/0i1G3caB0R2sOE6VFQbKuiSgYUe0x98B6jDGIAFnoNnbUzBWytMgWODRMP3QUNCatK/pshPm72Jee3Ho0uQTOcP3n7WqXbAuWuIQ3q+68gP8Sx9INhWfYJPfS2jViWRyLEFs1vy+9BIl8L/aixP7VW5GcYQwyjzQsIH9T884qduORjOwEqqqDTF+ZO5K3iO23h72vPSpHefJ7iiR65yfnZRKPf4DaqKpdhWbj6e3NdR5CuxhJTAJZ8mfmIoLR7C2O5pt+L8PQVC7Mrkp97z5hQZjb2WlU8aCYX4BQjC9v9diYC29KAzUH3RLQPPfEyvuGX7/4oehIb5Gy+Kgw/M81XOeAO1A+56zSE361DA3vzbv9y5KuLhK0rj4r6f947f/EVcJVgI/vqTzp2efO8BkOaa8ugy/rQiBbiohLDfqmfPH7R5EO34Z7cK6bS9/I/68Iq+CjM2MATsgTQXlD+yxCZZ6U1uLaOwXpGEY7hTcXwgTzdoNicAMfobNRJxFzF8HB6N/WfU3zdFD00X5NdZ8QZd4l55ifwVvhn0betktnPg6oyuN7vD+IqeGhpJ/RUtsZSr78IPeu9jncPxgw1xMf83A0G+dILK59UHKstL7q4QXDgokEwGL9A8LW+EjsskpsiTUb5bmpnl3/WF5qOOEUBmgoJPF0BJXzdu0Lsrq7kTXhkJU7r4u6gzn5p2CGB/7snJxIKNwfVZtYOiI9SCKtg9VTXxHcgatuT7dbLi+LjZENNOPZ6uVd+ccy0C9+ZqegwHvY9rYCq74w7iXXEwt6AMktXbakirZXqldjkcdBOPlii/Zjx4j5XDyxexjyEtT1pZVhHbJdnieIwTiWtGMviIZwKf53QzUMhlPHhl3YIqI5x/aPzkBiZGyrBiyYZ6vo32b2zw6dUafUxIMpAli+HJqjgfi21n4Wo/A86qwuwQ9/FEzNERzJNZjq8Ml96+fkFhMV6/f6/A+v6J7qKWDKCGi9goEYFjrlY+iMwwOmaoSg7ZBcIRXpS7T0IF1jCLgcCyctlgR+RyQEritkOyhdro5bENl1OOFibq/CiVpuNofJ6sLvp7x+Mq1b+kpHTQXQlzGXNubnGW/VpROnov53hvXnVcij4tzKzyI358Vc0/+wmFmbdipfMLiThbzHKSvI430H9jps2w8d9+yEZ8/dcbrb6rOyocgmGH7sT8hFB693HEUekCNxxlTr1qYTwNyYP2JJckPauAIKANC4fjwYD+b2AAbVCxv1xyvKALUqUDn6QI6iyBmMHxR++F79fq1AMMJG/iYACrneZiNPgnkchgJ4Ec1e420+kViMcQdSnz/g+/iT+1GC0XKqALDLD13M3ZI5E3VbZTSvK+Lbs4TgC73MPmGilrVCoZsR/PjFWnLqVWaRF8PoieG7heisJm7HId7YhqLhljW3Xh5/MtIbHtpmmIggUqN9UpXFd6aZHajiGIxryHQMWP+hkNvkajV/CqrUcRFNlzQv4UzP/e41/m6mXmpQ3QRLyuxdGwQsCGmUh3fXxQwT+e/YX7VQIg35IQLTBr/JPQhXxU42TVVAxOkEibCG4oPnZQZk0fuKMl2eF1BX8vW4StrjxDjvE5BAKNi+4VI+zdbvaa9dFV+TWf5h7GX5c4Hc1r3kfK8A3UKrWCB3o1tz5tfZHOCX0fCOW4coxg93ReikSVY7zE+pkMjBLRyZ/gghZma7IHvkwxWfocvPBBUtrCiCxx2W5/rOslwwyqyb6CVSjB8P1VogWljX8U07fAWMzLJiI/2nzbS5UohPwLmQjKENt7dD0tRs2WZpk7rvy08tm7z39w8k5K39+fEyS2/60Fcbq9WUFMhU7g9anNRyZGhW4op68ZqLAZBh+Pr3NsmXQreHYcgbeBnSji3Wz+GQV9M2I8pGcc6YIJlIZz9IQqGvj/J2U/aXzzzPdJsKmTxQK1ecNA9kNfB3GTrWZTPxI6BmZmcxmk21w15XcPweH+XAPw7GLQCWRXEx8sGgZDkKCYuLfh9Qp/kLKhZs4Zfjs5fjGJZ0YvJHurmjL7o8Asxga2+KXlFNImfcJxo/oLMIIQWnd13jxnvWeCTEQluB6tcd5FRkIOiY0ap7NFprbb/kz5HMX+mApvf+kzO8SNyxBJ8VzXwg8FM9dfEBBcMB2E3pZGzb1RdbhjelU2oxd8JJVP/r2LVxfRm1zzJFqD2Q9T0M1yvzrvLWieM1xbTuwPSxjY2lTDHJJPij8ZrUbH9R6OLayM+ceu61TFC/6svMk3xGwdPuFw08McVuMVECoxM9GmGYWpG6AU7cHomI4oucV0t2BHK/O8U8AP7y0dJ/BdOic/ZUa/dG5iR+NBs5P4hLGb62B6aGVC2qssTqyoxuDeRO25yF9P0SqszEmvvQb3a5PBPJSJRS4MOXS5c4ewOk1W8AZVUTTgAZxhfqoFtW61tzEfDDrQcCs5dh+lx6HZZPTRKQreKC3OcsCBQKLDMC6RHI5IIta0EzzuLPOicFLsSnA7cAYlwI7d6LUAhqXPChkuwOBvy8v+l2KPC3pS/OUKAKlhyixsIzjQvqOi7RHJ9sfhazI1z92POojbxf0N8KYZzBBCoe9x1BoUYuaP2MV0CkyqD2DUm2ODO/V51Z+V1JjioHKES1MMoSSpL86NUx3M55/XTH1CVLbpVkZFNQmg19tVlctot73SK5qGeGo+LHZ/lDOwJvBtNvvyu9375i1lURxnPWISvM7cm0cFaIjupAeahc/g8u6UH1D6FA5pTa7ocHgYqvco/ZIbE5SskGNLEJ1+iYpdccZ8cCyezgQEMRVysYdl16LFyOgdUhJUwesxeejkOx2kNxbU+wygHEBeTkHll+8TD2oPwxBC3X5N/ZQBcwOua3z+dIz4KERqzWPJevERYQwsEB1+0k4CLK5/0SlaSz0jfRbPuqKoHBqlnlftW6wECV681DOTsr8yOe+68bUKfOleJRhnl2l9hibIwU/6arP4xIBb3vV/0wywpz+1TclKxX+EWzGhlW2sVNhJKv187odAWKyfydu/8QA9HK/abQqvlkEkrzQ6PEpNridd/FZ/QATC+W5DXSLZ3jsoZ6bS6uF6OH3ui0UhIiubpVlJC8xpHKmNvrIGxgSGUYlAypfAR1JUDwPNUtjGkSkuz17PAFNqfHjhpcBDLt0keykYObr5r1cZyEy/Bi5fJf5UJaSD3xatD6L9vgecvyuj24SKSD4p6wkdLaMR2i05m6ob/TLMKMjoxTSj2TAfN5jZwuG1zSsAIeDqMnbfo9TjNESCzukmww4qCw9ADWgnrx7010kq49K/v3qQq6HSZOnRv7+GVl5oB2n7bbpni9AUMhDcQOI1ff78t10Apj7Rq2/mvMyIxEKqs0OPx0ttoX/idV6C/svyOXnXYzyN2X6epg29UHj/oeoqMUWL8cWpmwg6ptBIFLWXfdRVr6ZJJfSV/ftHxPBPE8ylbBAWo205mW5eGKCxf0fiwaluWOGsDXDBXXmc5TAG+Jpsfo+58btp7YTNfl7z1bFYSyPxlB8fR5PZsL/bp+L+EHy5VmfrnmDaNjbWChmERoyiq/uIlmHIsSpVMVEaTDrk3JdLLfu8tWna3bR+8ufK/PiQZ8L9EQcrns0n6IV8TVSdGtmgGeOmJtaj1RamtS4ebjey+QERgQN+dnCuEotRdFO/VzfPUJb/sJtKy0l/QKxg4QfzV9APTzvBuN5ujWw/f3M37HAL1bGKtmU6Bok2Kwv7UuuHfbN8T2USOxEQq1KyaxzolERCUsevNA+6Tl0/7p5bfpNdgKMvEFRkRLU34v0BKO2bN59egP+ire5L36ThBlx8ih1JD1lGtA01hXPe1PKgIgnBa0vu3LS8w3L9J5jmh/PqOBqNSg/wvM/8yJHQC5FP7INbo+A9x/71OsP+abhpicm5GnNY7bjvQ/kUuqfFpX0YKruIISzjses1FLGfsAv339XSdnu/EPqIIpWgu68LjIBcRqotCkCJqbVaFmk7DcyXQqMwSOIpzGC7yjKFjS5Y44JqAZcCc8PUVJ28AYsc2bRquJRg3I+Z/80Zfz14cz2bE2BrFd7t+b/mkJFP2jngNX4NNPo83VwN09cb0crOk4ozt4e9hG8YP6rHGI6At5VKxPED/7k6UtzKWtqicNziOIXY3whcbE4aaqjt3fYsUuBH/wQYdjtsLkTAttFfd/3w5Hna6mKG145ZoCfnc2viEmfRESJ5HJt+62GKAdEaNqEtvsNh09XjYLFVi53xr2wPW2ayynBSRKabr5uQBIkhL/bHv3ByRvHmOWZ/9QnJyECCkRthQztQqTDhQgnX4hwr896L2L818cdmlijH/RWGxADMFz21eF1y03+Jo17SLd3Xbf3jlSX+5UljAmoP8p9DHF1AtdfsOg2JaHJbXEgPyQ3BRVYmPgzB2zCQ09u0T12c+f9dEX/3r+zIyJkZ0+4V9hp4RqA0U67X1yR7NOaH5Tab3IFMfQrzMH4+v1Z+8qqavM0IZgAP/wZrhF2kvlmeHwPjGrvzg/wMAZcm7Mc2DXjIwfFKE2wDXmp9aj3CJplB1DMPKFatd3nb5zVEGmB32u5mnO+hl91edaWzrII6gD1qMj2hFd7Q6suE4TjuvLDNKDk1upcjbaI7YMNJHh0tLiHs0Lru6zP1kNp/tX9VGXpY+Faig2Fb6uSUb4SitnYHZoG6zluWfjAIrRKtXkQC9UkDzIWtAe8d50DQ0rgZaeF915UAuaS83gdigTN7SZcsC+AZh/5+JciLXyWPEnDzhaWeDDPHn6RQVRXG92pOX7/d5EMkJyU76CKtXEqFLj48I9FeUORkEz6s2g4NxtJSlzz9OVdmN/il/qcMDuy+QmsglemePhSlH1os3n/Pl2fJPRvno+OhXOfl9KRH8riz7GJlT3iJS37G3Cx/LL5e6SruDEQ77Cq40YAsBvcrX4m6LDANnX3HDwUBAJ+QmZhPmTMQfRLKizBCo2xSquNxm75PFrQKvGQqxWdpUjZX81X1dDXmNHovHVCIiJ/7+EZudNFUwiXNEhkVQIMGaenKd2hNL8HjHsInRnIS85c+Ir1ESTNiu0FEKCZxTrZj5asn6LVl0/2bMYDEGOFlZ/zKD6ygg7BIhTRavP1KmD6tbgaH+ErL1p+dUbtIyKJPx3JxF6SWrhjRoKHIJJ32ia85awZxjlhFUrzzTgAFiMJnSTWzvKjLkHJVnxMIA8pm7TWG5yBt46T1O1I4XX4PRBJqrtxO56EEreS6zawlyt+GWLQ/zecZP2CN9UWQ+JPPjB2Os16yi39BhXnKI8JDP67KRM4rYy/4vDrcYMjQFhsFyh1aZGJKK1FvDkc/H7XBkT2AJPXfxFEGAVi/hdUSW8DyqzNX0fRsGu349L4CUXK3ZGttVGd/Byr0S321pPvgxpepW0E4ZEsvJnFPqAt+whI4onnSbnhdGmbNceB5VNJAbx6uF9nmD1c9++eBOeWbkV0ld3d/fFC2hq6KFksYeHc626VdEDPQ87GBQ33cfwTID0Ciy3S/Uy+rXecHPkpFj8MlXI2sXj/EzzEGRztOmhflJaZKxiSOWclK98a7xxD4pI+12YjVQPEdAN3QUtEbZ8YxFlD0U0O9eI+HnrwbE5BHikeULNmF6djIM+eK8DbIRiD5F7x1Oakp9IRWrj995dvzUSRbyQzHtRXFUu70MrRWif31EMEsZx+vEoAGlH8K0UNef9A/XvZiHVbqRmOdjdqHwS62E210vtf400Mcux0IVGpfWuf28QDgQiY0z6Kv72TytidfHz6z98YBmYyclINpySAwgJ6i+/A6/HLPMRTfHdQt+ctka+aInhIKcJmekiGEO7BMYRb3s9CVsIwQ/z20upf0Bgr7gNM1PvHslR2LSl1uk5T34DCikxdGSiKTvmJ41OXC+pFaRyqgT6twWnPEAi3TwBRf5VVET5nFxu5VHRWx2vFGVjG0+ECWJT8QjrtS/AuHghjJecq0h5wBmuKjm44MOShENRJD4lfBIkg0si5H1eEBW4uGli7QIMqyyY/jzeSMm3k/5xEF+zfPYuIU9N8es3euiHpckQfCBde9CdfvvhSyjVexwEYOAklltJ4opxjpMIKeRHNp5aPNspDSxuVo70jZYoY7PPLfhPqGLbb5ELKz/YTnqi5JeVrt/VYSkyQ8N9Qq3Y1vhvqQg3cblyG+ehjv0rj8gUztDZGR8fd/IigZErPgDZbjUQaJ40u/UrgHBPqC+d3BOFq1VZ1qum6As4XNiQtnPoSt33hfSjzLBtOVC/6P6AP6UuP0vci/GHUpOCDP1k5t9l5RuSape16M0iHed1DhHCn4i1uvT8kVJl09/PnFuJyjwppYbVvtibhhWiUnEty8ncRQM4gs/YG1I9XehU+0YRBZZxkz1RWqz0fvBO6aI+KA/PmWW6k0937AaUB244gGgMd4njSMZQIbbsh6DP1KaatTlaHMvgOECkfbce04zob/PrE7AROUifcsjvUEnDewBKCIXjx4cspk6Jv59NxAyPct8WJ5Unhyh9c2Gvy4vWrXOCoPRLifuwjlZZ/9wm+aAvHqQ8Jii6l8Vo+YLnBT4KIucPQWpKkdOCH1F+ym9ieqFr681lf8qsOEvqBIMHhFPwRuvYuLJysztKdZ+t/5eND0rSj2m8MLHhc4FqQuPKLDG+UBO/fVInBE6GusMB4GW+avWcxanbvLvfZQCRjporV1/edFZKMnHKzkk9KKP2JLjuNkqbQIFtWJjbDMcEhtnymjJe5MmKtUGFsfY0TB9YhTo09J+W3ZJZTj4a1fIBhwrIfdSOdHaO4bwEPlyNvNx+9IUZPUjMI3d/6hW8wwFzUajdPqvrTNTo5d7Zu5Tcn3O2Mk1MIxBpOJllhZUG4ZmC7dH+HesLMEwTACfbtmD8p07NLkdTl42QRlJctqTUQ+My00jx6fFr1WHpaoYk7/1RJpq5ReKIA2BhNOnIxeQdSYEc0KyGpRHYLuHOJex5sdBfYI0+kLvKYZlStwvPBIBIs01soLxhLWvumebAdaZT4+vrvGhF601lDT4rOutPfhVQF7Y8HoKaYXWm3fWUz+7GjoB5bC0wVbIdBSRmygQqNG9CZ8m1eLjpUl/08S5r69U3eGr6pUwu6KiPT7wg5LOuHqjD26bIfPf/czzTAPx/owQvePCPEuW+1dSUOsEsFZU8dM39FM+oyc2BJbyL1sSUFPQuhntVIbFCf9VamC2QSS3X1bf1wnrnMDOoK65eE7/8ajTR5UDBTsZt67z+YsL2qQQoAuteJ/hc9XaVA7TVwFzssVyPUsHLQOGrOaLz7jSZDwewg1hUaTJRBt14n5BnsmXyoZ5K/qcOXpb+ofPTKcX/HzRnx8PXOA4Njtu7zmxXGE4oYnZAjY0Qbsno/dGhftpnspofjF/koUWTBuK33VyNtO5wRjd7XtkmmwwDJ8gsmC6INNbl3uOzEe22Uny1xIkkaYjFuDTcwuzzCrsUR75OpC4r14HMy+IDI+yCo3VkLnq9Fg5+XQ3dOZytNgflRkX46ZkiA2CKvJ8PQZGCsCtWh69SiisoqL9Vy6Bun+/DIeVRS14GgCErrmA1wrEo3YgIqp7hji4cO+1Qrfu46ogeCN9pyUQcIu6K3hNIAyvg4a9fZqznK1ExfEDwb97sEvRsMa/Oe97rkEjGUXUy1Wxw0lNlwaENJEKFWHGTanTh+xLNAhNLJBVnIfLXX3yTnL3X4gLQBYzUAEX50CaGcnuFCx+ZYi+Xv8VLbDf59yuUodhX+fGNj/0ZuJbGf96W/avaTjAhz4xjS2uoghJFxMPsBDwV0LJ9it9fID9kbsfQYBlsygH2yLS5WpVdc2dsTsuQdna8AymDlWUoBWzU57A9plsLjUeL7Z4Axng8fHi5wut1Jn7/fwkd0pXEVHPTTN+XZsOg8AvODnY/Ajrtq6TdS6DIkFQSw0BdtT4WS9JZP3N8uxEwysT3i1wSKSEQyt05+hgdxGPZAQuSrq8xcckfrqEUH9QTIC7LZz2wYQWj26k+Ja315UVgVD8adiGUxCH7QELX5tZGpvq8FfD0h45hW7ga9HIf7ri7UWvO6/YarqiDC3F5H76PTaSp3P3Z3g6rJ4q9ePxMuqjclrV16RtrcATptaMP1ju6YG4u8MXL6jOqBNbDpJPae9AoQNvZh8SS1SOEaSeVNXsxpFAj436PFOitBTZRkLLHrIxQ/FLs4Fzaj+ZWVHOIl2ob0wEITxfapyWAYVnYWxqH5UZYHVXp446nCpf541f2pk2xufZ53qhnoF6oN4N1PY1RhGjFDGZY06wHE8mYL0TRME3U0wavvCwGMplxjaW+yG6rY00jz4VabbrdNN/sXmhVzS1B6ACB7V+4jQ7Tl7VAY7dWb1u/Wl4nr3KOcpnO4LxX4QFmBAevkZwelSlAUQ39Ykde+C/5bwQ60Ru9CNWnHFG59SiuZC5meRs+04qrdf4elBP4fDor/Gqchc5uu/0xYwAPbBQF1qfvTozhq09gVx6PagXO5x3zp5dEObe6Ak0Xmoe+AaxpJYX/aDPfu85pCNtTWsfBI/t5bXP1ch+wOTmNq8m/BVQ2qo5vniNz6BHAwbc9MysQRIKBGPIaldSYVB0pWznts7d1WPVR++6Smd4KwiME7lgbOHjXInLCSX9v3iHyJcqZBh8n5P8ll8LySfV8/dgCn/Z+KfzmJi+/f63bqZ7C5N1bUyDtH8V7OxESHc+EzDji8EvvJOe4u3oxZc/sw9DlyOnQU1K5rr+nuFUZ3Ul4zRM6Uj8D+ZsL/pGyOKgT6nXIqqpv1yH6DFT6NvoS6XN22CsoFjeSf4QrX6NZ4Ik9bOeTJAHz+mzt9I9HI7yTf4MF1KicXtlXiCfTIL4SbWsxkGbf3NAKj4K6YUHtryKA8y7K0iCgP8KQ+frAXTsowrHwRFM6Whlf0irlOSXkIXX+ik1dHw5QeRnzaEAnaq7EokW8P5ipzC95zfqbzLZy+0Dv+KwIY3145QrvK9eWF4rpfzamHnW6u09mYJuLxOfUhP51q5Asr1CgNTO4jC19PIxIz1GcS3hYFRK3ao+WZdJJ2szmDRGRuy9+CybdQDvCr3Q+EmUuybUObuLBYgMUTEOWGAhsxpg4+0E+1PsSsZ9kAxhmb/mS9AfKVZIg72oLn1POIPySIq7r/pxzy7Myn2fP1xTg4CdEoM0zS6xf3D2ltc7m0F0IL7qoYZvljTg1E7YHw8mzO9lPjRkIlPRCOQ6i9osHMlzSxZdRD8FgK66NsqhwVgY6r8O74ts+cRQXvgaifnrj47JicYKMfjiX5cIZScI3mbO80LGI+PnnuvOnneYr5uZJhMbImqHd8u2Nvg12yhLejVn3/U43xA4UVmxk/mkL+oXB+dgvnNgHwKyXWFpErLy5YQGWJM11hHIKVgayhxXYfyI3kyCOpXwK0rgf0Cnl0ZuZxci7bfJJxaBx8o+gt8LzUdQs3RiDk5RxUMf6c4kUvd0XN/91K+MNB3XxZUvwczrnhEb2VPF/eb8x2+uJ5SYWqDyl7IXr6s9K3JvhzMrlO4FC++njienSjsIDF1lLYaz2rCaOw3zD/BL9QRPxrI77nKva6qyi2mbWZ2N7XuzHGvBMgIeYxQoRBu/Knvqr5eXLDnld1spAThifoQZjPjGiXExh+Kt+YJVFxxgmunIEcCy700W57X9++KKUVaLFfpL8es+7nv1VYwzBYuRUgORDitwQsSTzUHsWjxzgmqzrPTldNaJvslmnrZjj4j+kYLZeP+cEwDrzvi7iJF6+/Kw23LszDybgyZQG2YG4wofHSioegpU8Nv/PqFhWrz72DXnKpzqMH/x/AuTy2q3mmX8hV8i+azoRmK+7yXsJdXC3ygcytomhOMUxjbE/YvY50b7lfhgnZ3bI5O28d68pqmum3oErZDKx8SXdFdN7aN81risrYVjaAmxL4YVORh1uZzcVOe/fciznJ7MqqSfSHViR1/HkFzbEFd+HZb+i575H2Yjw6uKOsWO7zoJ1W5MA3ZqvOXLMcpnjLNVVedegmMBgTOWnVtQARMkLLQuP965TQ78H/uWGagMtBFBZFsyoUcwZitTlO7rRWeqO7b9ontEEG0d3eXiXS/BXOGevyry0dPBJcJ6Y4kWoRiEO9S/6eCyrYIHFGXlpX7v90P9NK/mN20MIje0yKhlrdPaU5DFy+HFkRNBJeDE1KUuhoHjKBDUkY3Ddejqv6eE/iPwvxLc1ejILDq927nFlHOeOBhnxgJRTZBFpPg/ypUIEkS+u/2CNCWL0N33/t13XoAKLhfs+F0+Q8z3Jjgvajvt7aZL5LP+CHiqBqv4/Fi1R1/L1Zeh9z2Pss0+E8OR3nzRaVm0a/fqF9dYem9bEuAz2O/d8cdodNucE9h6GQEqfyUOtg5M9lk+d8DaFqSukcJwPhv7/A3mvurbZg0JeIXSzt+TmWgwJWye1RM4ePpwjDW0k68Qj7lPyY1do1i3+ro7sFXJ3H/l2LoxIrfw6aCvgNif0sAV8/qpV6YpsWZVA27aXcFfqoTZNQ1GGrFs2iJNqzlQlsoAS/O4ocCv1/a5P5S5xOhKUXxZeH0xrcG3fHLUIAF7n+JfwYAo7MWMf682gWSpmNOO0fk2349at1QK+y4eVFn/nXR+BmHEr8UIcTmY9vsH9XkxHn7/35GXJuOO1BiIdUbBKZlgRh+I258NX8NBag+y/1o2+3fJ1pdhduvR5tDAadLWFvAJXdddygGdLAgPoTA9viveYdn7/mVsgr9koPaltKYiUXytsmAVIv9lQzqkvYApZbkOpMtCG1dkk2q8/dfuVRDR5xB58MW+HMF47e4VKri3WaIQaz5IP3TDqeP4AmUZ3wkRZM0Yu7Nr6n5nwOH+bhqACVfYFSzVs8DiBzL5ao1ns9ZfFTSQGFjW6Niv6RArmVMz935Rjfk2tgbhBBFY/WaTY0ym9Q4nHqP9AoNZG6gxuNxPSV7kBvv5Jq5bvrysst5cMrc1jeHTf8dqrOPv/nzEFKWdkzOu2Gci/m9SE/+rCHyPzpfHoc0nofkpqF9WxtWTlGogAChwHsufHEz59dXGueUUrwzatXCwuAGCVjpBGvXitlL62GfSgVjFlzp1dT0GpE0KTZ1q3ynkzsBHW9HFK+YO5v6L1ohS4G1qiE/THHgPFK4QTh7wltnhOFp1M7s/PMWv3fS0rRGNLlFt3tuKuud8wWXkM/PN1RIDFc7hHcrsX9Y0SBbyfOtsRFF+f3KPPtyrvwCoS4j3GTULLxLoOBYAYG02138XM1HVmCj91L/468O8wLccvkjDCK7Ns4r+Cxh1LyvuUafBLUZsjdadSxv3+netGl73MB4oUcR8VAAtqSoYf0RMz/My4eE3CNIhF5snL2grwCA9DXEuY+KX7ztIRT1jrU6QyBqI+/M58ciUv7l6AGSBkqchXeS9zQRymAtwUT8btqwYL/uWn+ikvvWD1fR/lbpi5X7PV1aGzjnL4t7wNIFjjzgHBCN+k+K19lNILOtK5ublyKYhB7f51tox7gYzzMEgQHUAUy1IR+rcq6SBq89gdLWG4eWHrvgJc5pzoHW8yqBoMRCFor1/gUEWHRH451gcESmLWaDepJxsbpVD0+l5uRDfpQo6f/nCXMd4YIPO61Ksv+5+SdtJqc3yjli/2BZXuhmU6rwwQqMaJA9tf7WhAHQgYD3VDYNE0/e4fSUQP8vvoLpIJzKv4Nt1wIP9CzBoAgZzbtOnBc08Ytp22EBRX9QedF6Nwc2zEywyMvFyjZyIxF34ML2ZnAmD5Aksg+OcbwSsKVGt/hB+7YCOiQFiLzIwbzRKPvryT6tEeJXotZPqtrtdGFC4uqeoHFjwCz86DIFzpARFI4sk+8aTmqPafoN8sQMloA/y4X0e0BtJQHLo2zrURQmuNBry9gtfLQgCLJmBSRdrxwZZolblmVSSJ4q2J+nRzggJuc/WwZssPyh5XRSGBF3oJ67okeR9WbkhRauUUIWZ2geNPk8+EiGMqt3GJGhkw7K4EGCQEet3wJy7PU73N2m3WPXq8/yECUG1gwybRFFHl9JYT3Xkn3Xz8OJ3q+PBydX9sMmQN26htMWy06Z4kReDKzmX7CwCkH+PHSINyqT0rXnXaZGYfZJ0fBG3JukIsbXQgpT4CHz5buZljEHI3wBABw0t7wYBVfdJVA2r2Aen3v+UF4XxVz+VlAm2wld6RMlu6llEFoN81ghnHeCmjCHuS76DzGO7IWDQ9aBIG9Dx2gd4WXWuFp6ueXvsL+BeRsfTzzamXM7eROyOUu/CpYeQ0VHD5oSYimayf8XvhFFmNZvTZpdI6W2gnkaZ7pBnEhoXl3nd/hJ8VTTBi7+McVnP3mHa8oDvS7oqegPOuNriddMOSAxEiSjMSUoMGHtNUuvOwwQC3dbqGs7Lu1YOlZmXMEwA+APk9nQJftN0FIRkZe+ZjaUgTl0HNujPhym6YChisAne+2ntTtFffUgM+xMbGygUSMxploYOskQ1MsJAtlALOIW2EaD6JV4kGdIgJCidfZLKYvUBc5pEJjBhnBbcqE7o5/OpHgIC8QrZMMhvYVnZgeJ6TUFfxqfDAKQcWFgKWq/TP93O5guT7uwxliEp6adX5S/BxvHszKj8Z/gPP9PvfZxrgg5N5MgiQeoa/NLTWYkQa55YaUUC4rPkPYtW2XvjT/z9RXcvkb3+rEVLIdJMy+GUCWyLbzRJ3S2lGqgf+OJK/3SPDpwIUMe2Xgj8Z+pE8avR/TmBJOK5uKSgmv5y/ECMaehOmufDvAiTlZ+/gX5TMyn+IdffE8Q74Syyv85P4+IqtPCLGxcqGCHLQjLwU2v8KOtTZqYroN3wo0sm/6tIyIsTfmHrOtTf5mX8XdDazstaN9WdxheeAupt52ucNgxyEVRQ+WRBGadr4TypPutD+0EUuK4fbNiiwSXsVtbNGMRkGpj7gBpMINHVg7QxnV3lVwuT5EiRaYYWr7PNoiBGrfT45OR5LltJFadIKyBA6pNXjV5rSas52sMh/pLz5ZFDSQ9ifV3qCjfveFaQlDcKtjEIRb84gQK34ogPeWLue9moTxBUZ8mTvmwTxwfTBDg/ODDJI3H3EAo0hqpVjF1qRmBfyUibv2ntwLC6l9ISqy1f9BCopb5DTQryNwDKTN0H6lzei2WXrrZkk2YyXSwZ55gr5wrxvSukCfjt5YJuwSbfWieZ0HDtgP5V2kcPHTrxg/EsnM9viEkQ1hUX0FX+1wttL49y6zzVfppNhBlfPlDavJ9qZyjmpn001/vWQuDt9/3CmeQHpnnMwMiEK7COaPMqc5UPrWIf1y6eDuqkFMsD6AOqZWOVq18E/LEYzU20fUpDsXg/zxVe+FLMklKral07u5gQ46x+sT7KtiwLBNnohCH1w5B53RCC3Hf832DChNEyEisOt7tNPONogIu/aU6ZBT8nf/k3UeEsC2dqufGERP/qX+EKE/WvNHzW9PLdgzE9kl5e4BRamuu7qMUIQmV8KvpdfeKgav3XeI3tzX2FF4lHoDGPPpbsR4tJzRxAPZDchw0vSuWTFDrTG/AiZfyX4cjMrzMneu/m36hQ3MsLhuIoowHnZnBaXlg2JQT6+Ucuv5qQfT9Liju93sgbaqYQmPfHqfBUnzCsu6Spp3EOpC5pPHQ+yI+39QfIgwD9TFKoUBIg6JBa6EPrMpfAB+x6CuVApWhQKYZhMsX1HfY144SQJ+HC+S/gGixyvZDwWjF6DYdefbBDDmRWF2Z+o3h4OmXhCVhSYYQxUFSKr7bDlioY9eoazc/f1/rsUQMl9Zr/wS7Wy3Y0br2xrJ5Swmp08M5UHWdunMcOEISatgOnRreLfHWV6I+MUfkmB0STeYTfj19LiZFzz4eHR79CMY5Sy1sB/jEB30IqCyEeOzc3jvg8o4AK0Znt2kUh21YyX1YYXJH9MWXO7POvl5DYhXuJzi/KXBZIGTgRG4+/3qzPHg+Xx47wV1+PvQIgFx0KvNLtpA1Q0ynH9X5/o9LErwbjC0N07fXlInCNw1cfGRirWr/QfCX0EjL6zfVsVgd2vV4ARO8c86/V5sUwzBoaH9U4Za9OYyWq5TG33JwOCr6YGfPdKsXh/eseGpmmiEl7b8pisDv7U6VIQX0UlnQyWhX49btsZxHh+uCRH1YvSX9kUZfyMT0k9rf+NVPAxvyZ1SNT083C6Q+ZlYQLIlQWhspuz1NM9iBKM6MZoXU3RY9qA4OsO1xvZ5SEx6lCe6C7TmxbbsqIHcaINoczkTSmGEpi7MvnBke+HWkHlv/pBqunBRT7UFCvu2WUmWRYGF/eGwv7PhOJtx2EaAFIvH8D9jJroJzg8K+ua8rna9OieKtDKfeBY2bZ7ULEGnWy2NcQNjfTiNMyIlRea9nB2pIvSryEr8t8ttKeMLZlXianeBIPk/zf3NW/YuhBwUGLN11JGGBjh7IFDQCQbBUpGF6X6Ob9xao56lV9lKboz+V0TCcLGPq/EetKNWE6iIWLVOczfj2uP15vO3QGgQYNAtE980vzDZy6FvKtiQqNKp1nweeJQv1U6gU688aP7Shjm/Q1YCMEmTrCbyjEz5naiwSOZPSgrtDNZmUe2AgO/LqcxlY0kr6AAwCAY8N18a9W7BjAK/CipX4R6Kt5bduar/93IBFR6+FC9kTMChjttb0qJxQb+PvvAybobxB61Pm4OpCs5pxWXTwjvplO6/4hELtAwY6zZmvTqvIjnQsxBq1lellfBOCcjfsRtbF28s93gryQpKdnvRsQFbCnVlsOO9HIwfw/9t5s6VUlSxN8mjSrvogyZsQlEkIgMUlivmOe50HA05c76N9nn4jI6OqMyM62yt52jv0CH1i+fA3fWg7unYbFmBZZ+5soNnPfJOMTMKU3K+7NrEn8XFM49C0b4t73nUd4Z7CssrZ1dgNVgvGiK9powySVLUYAHpoFjru81srzgrHT/VUgiYtIAX72LayI5FoQoHtE77G5f+hyhc7YDBx7tRs4tQPMmF3kkfZK6oo8nmc14qpPEpFvqrKfyGTg4kN9K4KMcZ3C7u9Lrr5iusYQx3s2dyDJ8irY52JqHwCSP2hyuy2UXwJ/H91pgq6f0zRxwytK9O3tr3IrcdoguRWKypVmDKxplqgiz404aOm85Qiq3OlwXjQ/pp6EFViS+u5S3Pe4xcsf05Q33AyjSSrpnq++sk4pJSq0QGRK0brhi83ehLBk55Q4z4kM3w47P69FpmVYiLI3bpXQQtKw2r7O1ulx4nFUNswBi162wt/01iVGCn4tcpao1dPUqUmKp9mubF637zdvPm+bZusMWbpAKZEikO+JJGy5++TAqIj4Wqssb5/sucVhsGhXPUZ7j7S7czeHCFu1vgY6KSumXuXZKdBM9uZfxF5bVjy+0s/kfC2eUqyzkiii8+XEy3k+AvB5lxN3Yydflu7wRKZzd9/U+WyYz/MH9WwusrkbGkXycC4RNQfQAEk1uYkMDC7E8ScdGjoVO72GkWbXB1yzOq/Pe85gt4Z6GMhs9R6XGpkSphqDtzHXTElulUwqyaVGaBpAVfJr104EAogHq0LwpfOsTYh0Vyri+5okytvg+SjTq9MtmChnnUR5HXO4xoq7utA+2LoPp2BC5p5BrtBJn9z3laWb8wUuyBgkxTj9k1POM3JqP+/cuVTs/elEiHh9gwi6omTgL8Wa5T+BwyUEO8wmFRctFtZPNlkXEbdz6wYiSYUGXdxZYQlAnArDJOX+dhZBq3CgZzEOP2DlgM8KzgTAlqYHesnERmJp9tWz1xUnkxt9UZsze1euT7HoOKGAzItnEL6g5nCWlLLFhVgynU+E9ozuYOZdHPlBzIQohZhnhmbH23z0jkh8ApT2ZnDU1HU9YcqBzLuIAXo9CwgVajUyM/HMPN6u+GbfFNWInN+ntbBeeKbQ248njEzc084gRpqJLT39xqpVkk4WX353tjwzsEdWLDK2Gvhk6D+shtT3VONOdf2eBa7S5BMrIKP1jq4V1o9b68y0Kr68CRs/zavI9jfD9x3Q3wDde/2rjS5+A98tO0u3q5afDmANYg3TikF9Q22UuF/lUV48znZsmej84EZT50fRvLsuwbpuoKb+sQS3C5af38ErASbx/f5Y6xaU77gju67J70axgofBgLWXI4O30emySdr6meGnbCfEK5zHWZSit0ECYOjeXo2DlQx7ZRueFeG7ZqK0LfOJI8WTP9m3cUTgTnwsC+IZ9fUgL44o/hvO/Rt+jpt6fGdbBK4AyICmGwQdSOv1UT3CGhiGHrfmqB+j5bdb+PXf8Eu13KKmisYeMAj5luLI6X+SR6P1uEOgyHH9ycIxPe6RzHErjbIkHf98zxuO6+RX3zASOp4I1xyWS1SWPwTsvzEkC482d615pWLxonBNCy1HrM+U+pdvv8O4ltFRLQqT6P29bPoxbZKm9srrH3fPfTPVYQR7RcDVH3Wkpmkht8DNPBrH9cs9bxobcCsdq/JbGi3ZaH+bw98O/P0/ye8Vt/xWxK0/FzUYrv3TAbz4rRW8/KPZfvXT7q+ncRj7poguTdn0+3hxGqGZE/KPJnhopj74cidoK/U0WeMt+gtqXb0+oVLtL996I7iMxn/AbPyoBzn8D8Wlj0pvzOboT1T8van/NtWaDJD8S8wIlPqTkOEE9SN2P50cQ/q2+ysR+kXIf1yqfgj4rxEr9D8iVsg/K1ZeP7J933zAnbqpo597fAZZ9+0h/KkRlN4wZMFx81sF/eel8+9PBva/KZ4o8a+Wz3/KNP3QPXvl9H0UP9XBmDX130jXkHot/JlVHqT9DG1yFgDZ8fyo1Joh21vhnN+MI4Ctf1RgyyyBBSOUsfPenB3aKBi/c+b9XMTZAmXz/H0CF3qj9284e1zCLSlhvLIAWcQumqBg7nomfGuZgg3JPOGFBFwzS3iIhyuJyys5B1Uwyzn7kS/MFlZBJgph6wqvRnuLm5yJiXczWxdLkZ/rsCrLELnPEYdk8oX9iJy87v9n58qzlkF73+EZFaWYE5WIp6m6LR/HBsjr9mTEAgH1r9hzYxNlJRYllxHlwuJSfsXk7YmIHAvPe0tk3vk8NxGR8mRTcnB9YcGzf68Hn3nFzBz2BX//Vjd/TionY0q2t1n2v6WzyYX8V+3Z3+t+fvqzwBjdqhx8MD5xM1aVu99emThrmZNHtyutCec0vCWJC8p1/YpK+XMBz1nlN7EpiLwoF4KUuSfo+zopWwHG85zkPNgAjZDmTcqNRX2D+oW8yIAHcm6AuiKoJwJaniiot0h5gYE6oF8C2/sAfak6S5i5+AHPQ1RDhmW4wgWgjJ0UzsFA3yvgAQ7awzoEGBPs/wPKjjqg/XODzxfXnd4LgcrrXmc7ngHrPP9MI6ijcHdO1mVAW0IcfRvIztcLmD/d+D5fBmVXMAfyT9+rvMF2T1D2045dlaMdJnNXMN5igp9EHu0cDMgBeCaxyZwpy7oxyVtBHmUFIRsJbIfIuSvvfW7sl05nUWDZG/S5uXs7MJbt4IWDqVcZlpEKB/kL52M/TxDOxwLqAD6zqPyGMgJ4uSWgDIwllxfAJyArIqFA/sCxwDormNcN0g1lNIG0wz6AnF4JwHdy5/cxhs/OF9CXzLFwDCSQO/j34AGY932cefCtA+UR1nmu+5xfQPv8yx+u+GmHq6azABlDlfzFHWXyMSZ95z1oL392ekEdeX9+MYF5W49xPkkoMyqQTQXqF2zHJZB+QHtAqpe9HaJs4jG23CC+7XAop6DdQdtvdWRORI86Bv7lD6HkP3x2iIOHwX6t6g6sC64NQjnket11VYebe16RP+brA/vZDhplQMcVfe80FpsCygAdmKInu06perK89z6vqw50F4yfhOPfebvLHpznQz4PXhugDZwHKIsFAscDZAMBerfrl7yFHtDn9TvvK9RjKD+AVjBm47AVxzggrQSU813Xt+DQXR3Kw26HSKX4wHYA94tfG5OsQHehXpH6V0+BvK9A9zBZBzMJ2oP5gHYMyjQpHzxaDv2Wv3J73fs56gQb4C/gvYgAHYb94PIhq4QMZR220b/yrB99yHmCgjZg7PK2PxvQ9yPzYPzQ7qyQvkPeRMCbvQ6wTy73Wx3wzGSVf/QCjj3fZRD7tiOPOsBXQB5A+/Ejy3lAHM93PuqhJ4i8y/Chc4cMsz86hx26BvXsuXzbbZAvQAaQfUx7OxY5ZPiKf3UHVX50VU93uoEObYfsOci3zqZyh+wBG7N+6V4hTbtP0vljvNxuI4BcFcBGsoC2BIW0AVuBATudAPrRfX6BnIF5ArwF+rYFxNEG6OIbtrl+1MO+gLksEkA7DubwsEEctMdQR/cxoFAm5L2NjO/PeYM51WX4nK+9BLZNf3Hgmjh0ENpIkfjaB+Lb5qPq8ndOn4eeANv8nXdipwXwSOWK5DfeHHb7d/5BG8Qp3G88hjIHZfa3uZFhe+R4/jE3QA5XGfqmX3WgTwvQb5193oFMAZkwvrLpLIc+iYRq7PIC/O1XJoCvOugWt69MIAr3u7zCsiv2y0YDm3fwxvxNXuGcQJ/4lfuVhbbkK+MGDughoL5Bv73rDrA7UL52mwD0Tc4dIB8J/Isftq74AL0HbURsb5NBPj1hG2DPDjsAZB072gRfnyyjx3NEEtp+OH5AG2yz7Vhntx1wHhJI619dpxaUSdnY7Qm0wTj0IV//D+a6gDjqIx+2GdqNL50B1FH8qzdQN3DIC3WXtQCOZ+eNAnQHXgM7AOQ3AeXyMd6NReFfZccT8P4xpuO6gDKFw/rH9TEPxxiD5SsjwGbuY8SVr59TNiC7kMfZTusH8BeWg/lyvrxO4DWwp1//pD+xgyb4bDgm6K/AfHLGevCVJfZrnUV/8fkqQ51Dv3K2yyCQieWQKfE7Ptgm2Q6ZFlEZ2dsQXywEfGextznsJ7S9cB7352CHrgD9MGAb9kdXVminD996+CYgE+TON4794iJnBbRBWfv2kXwOfgEsd9n7IKHvVCGm2g5fJQPc9NyCHfcd9kFcDqz8xV9vIA/geXD+D32G9kDGde7bHuBciGfBM1EF+UC5Ib9YB4MYArRDDx/sQDy1QTlQ9R2LYBATyLuu7H4AtiGhT4W68ct27vYRysBuAyBe2oCcETsOz3ZbCvBayu182eUayBkcI8RHu20IIN5FDt7u+kxAGg+b6HyxiYyCMf+aH+j/5bz4bU6hfEA5/zWn5JfmX3IA7TT0ibCNvNMOcaez7G12WTqwqfy1DcoXv6qHXh/y+MXGuzxyUB5gm+RrC3afDLEkdvQRQF3Y44Hv+Hc7fvjJ3/Vo96WEvPPM2TEH1PE/9Ar6+T2GgXSt6uXr5/V9LMB3Bju2ALHDBscC/Ap+4I/gx15iu+7tuKUgfrMLB7bZ/eMeV0Cf/dUhlvyFffRDZ+T8p9+CsApk582uszmwsztukrejPcQP1+WLi/DdluUiHPM3PhNXoDfrHpPA+d9xzXU7xikfMRS0ZdvzwCvbdT36FD8Ag8Ky7QergbF+24mEcsReKNSFA+dALAF5C3raYJ0dG8A6n93vwDq6uP3M4ReHgTL5Z56Rox2IidcfWXD2sQD9wH/FMgeGIg4+7TIFnwexHbLjlF3u5KMd0Klfspkd7Q7bv8sv+W0Hyw4Z3/kj7r77lx68v8+DseWOv4v1aFf8YBfiiPVkiM3XL+ZZv3xd9vFBHYR+fecv+8XkIqR3PWzf80e3v/wNCGjPD/0HcQeUN85Af2wEpGmPy75xlbL3ucvK7usPWwPist3fOzCuwIFNArYMxP3Xz4GfDxwOpMjd+1c4A//aux9ZBH7uwD9g7r90JevXBgLbF3IH3jWWb7yIfcezKYdtJeQvjgbztPzYY+C/j3nfY8PdZuOHvBXIt92q/Mz7L5wE7l/lfR4U7vqbf/hj/g4+Jr/P++FnCvm3ef/xRX/Iy4+/+j4P+fFpO50Qq3NffMF95ZyDNnv3ix/1/ZsMH74T/cr+gdXfUGeLLw8C8hv7Ll8+ARwvfn20TB7txCNOg348L37Tx1+Y65c+Qsx1zN1Pnd1no1/7hR2YS/589QVgzyv0WQAHQ3mC44F1fzDJrregj+AnbgP8g/ML8XhC7veBrn1x0DdmgH4IyqwIYyvol2EcDOPCxcx3TAX05Nd9SMuOQdQ9li2+OCz5xijPL94riKPNbh+gH8S/seUePx9478iZAPqJL0aEvPtA+3v4QRH72p3l60uQXb+gH9j1c/edsM0CccGP//nmkgB/djy77fHCnktK0AN7BfjRJviZo+WgZY+7t2OOfvJIAI8dvgD4DVM+ni2TX8xNytAew2foR/4JjO3rl+Sf/BOhfGM84AfJrywvuyzDfBd87hEHYN925FcH8MNHwOcZRw6M22US5gv2PIUC+Z5//eIeIz6hr/ja7uAHJyFHm2L5pe97zgnibPFrJ3b/A3WF/Mb0R84K+h5g2446wfLLfu76Z0A+/viQo2+Ap3d+7HWOuE7ebQrs21m/dbbDlsB4nf3Gek/8q6PLkZOBdi758qNY1R/8tNMN5yj42uYrxJ6Qj9gvu7vnrr48OjAUpkDb94uPEKPdv353x8XEjo1+8o/7fCSwLvn7PO44fLf7v+Zxj7W/8vmdfxgPwPgAtntu6uHDYE5ml0f5qLsefuBH1nZaty/e2WX28M/ij/wRf+QRUu4POT5yDV+6sSNvK+45nZ/n//LvB4+WH/8OMPYXswWokn0xEbRfUBd1GM8c+RH5yLMRii7+5FDWY9zG8rVf2I/vBrKEfXMvANt/9hzej52F+MXM97wO8VO24+09rwP1d8+9LZAHO47/wZw/uWjdIX7s1C/stcfWezz2xUYF+cUauy1XjtzrD87yfsut496tRNz3b/noI28PXx3631hjRBCa53lYMyvLn/vfVaJ/wboygeN/WvCjGOxvVpVx7G9XlX/u/euXbk7/pcvKv9b8nN+X/P4frf/R/yctABJ/uwD4HLThHRa15n7y0mR1ZP2Yf8H+cxaowZjhliS/KrRw2Xn499evSfzP69cUgfwukX9bn0b+qfoERf2VxB8U/2uXxIm/Wc105Of/v5D533YhE9a5oGtoLSUYcxlWJhj3qwB8yP1b+ZHsO3zfnxErE3MtcnZvz+zLgxUueMnmAXx3QHs4P5jkSPZE2jVZ5D0pBwEwS37rgL+lBQAp9wVse4LtCDSPRTSldBZ5T8oeic0D1EJwsyeVwf+8KOdnT9f3QBcF492D7wPYfkE27GsHGOBvkSz7gisA/bAODIB+1d37VAA9JXf8Lo62e104rj0R8QHPgAnV9QCUxRHE7fSze9JTMUBQWrbKDmp1V5T1175w+mtcx+IBDJ73BQlzT9z8BLTfBa8dROz9rcoV9HcEqRCcIN//j7r7GCHNMDh6HqDzu6Ak7kEnTHD8WQZCLG3Dm5FJ2488f+YAd2st2V8z+3tvmv2/DR9I7K/s5385fKD/xlb+G0aVI+RN69V/sphUNzWwIDjYwkLvlPj/A4wI/Acej/z26/+CPyHLEMjyv8RelZXr0QZ05FXtXojjBMQVUTlH0LL+TcmfOxn2iYNdoGS7/FXZQSUsrJu+8so/F3++vITlxEHnXlgClBP1fwFDDbI6+bvtwcyOf/EOkw+LAzD7Uf/n4gygqfrbPfIbaXvh2Hv1EINOf7oHwvRT4dP04Z+f/ntz3wuKZMdqf/krnmPE6RevMYL54zf5G+fDbGhL78v1rC6z3x4cl403/k7Qz+SCXwn8q01DCod5yAL0Vrs4HIV/40vhQMH9T5qN0RsMB97+9F77Z9T4n/CeJ0H9WaFo8vQ3CnVC/o5CIf9ZCvXf8DXP/y/A8X+Isv9v4fi//HW8/xgax05/Rss484/R9V/V/0Hb/159gkT+qfoU9Sd6/mn0/o/e8P3NIWlNmQWQj9c62W3YPwvkS1hw/mVcf5O5eP/372L9v4/s/wT+/x2s3wL7jl0y86y+PsjjljTwRXjlbaRXIwG/9ssHe2Ed+EPegiLfX5W3lfcLEdl+IALqCW+86qeBnln2suSf+eQ8DXjzHlxTN/iwrJSJoIjIWK/PcFeEZU54NZ2Qh/vJvnDHvpcsQMWeRSJSRZbhhQVoHCBJ6yVYPKgvitf9O0ohjWgQOsTnBX7s94w/ZTlOV/nJmfzzdJVqb3t4rDkY3BlusY4MAULfTm3J+89OLKT71i+F0hgXsYRf1wh1xhH8lefPBgkziO35PSZlXhiXdBw21R/b11oycJs0Hn6ZTcfBZY2es+veXCyHW2DsW+2WTNfZ9znX6JnTNFomFi5h/7v8S6TehptNsOWKOORIHjv8n0+ZPDGC50rahBHx6bLX5ctnJeC+VrhkA0/BEDY94FackLL+oQ4P12OshzT4lAC5+owZWo6MrmFixiinOaTS7jrXAgul7cIq6CU8pbHEvkM9YUwlHzFeH5jwKsCPEF0kGsPgqrvRCr/Le+/zcRabpLKlsMMIKY2V8zKnvrd4m4REjOO7cVgXp4aDX26p9k6veCka2Z3Z3IRzjbUDUUj7mSR9T9i3dUzhJ/zCXvWCGO2c10arYLms6ObcyK9tnjJNPdV+Wn6MnWizSuFGJv3UquHsYI+Fhx/HRPMLxRN6uM7cZ6dzkes+gBUnfxTzPGJV3Q1PqsbuxWx2VVNaIn3be6d+eM4y9UbAzd69dC++cgYnlR8Tt3q+RHO+GqkZfqO8Ft8ZezcW/GAHN8fn4m6cHISalmcqHmfO8wqfz/LKE37VHdP4XTxdF+1GRdYh0lfWynHtpPhvzWrStAw/iX089nx1QfyFj4sQOqjzwFTjTLdA4fd/z7b24eZ87ntirZEUtPAmZLsVYFOx8npvuikmc89UddSi+0W7XK/7BPBvOHIMBcwWFPd0f+vjHJFC9PhSI3qXgBnO0+D0D6vccHYku+8T0+ENzdspWNaRVDT+ecyTqKURL9nRxWjeeNUcpF9urQI/htRJRVhGsyPwithLuLOVTpqK6q9wdeq8N67cLspnNvN6cRJCF7m/0xsWGPVB0Tltsv2oKNmrHtj1/julCPxaFmun8gFC5zXcTl+iuItz10MDfysmLq6DeBEuh7ymstAI+WjgdlHdoxX5VR9R/F7w2nk+P3Rox8D9Qytk2pbgifEC7qXtfBZfcB+c/RtgJ3jshNyEpuJj3xrRXmdCwNEHPFL6U3wJvQB73Q0zVvn951Ug03qGoi9+vv0P5yCmO48m3wVn6a3LwK+A2V+lr7Gmu84HpdJErNedVc978tAiSlBk1F4xmaAr5pdU3AsNo72x//BNtNDmr/tjI+V9yMIvyeUKnhELtOyk7WXyvSoV+Pkp1XYfdLBD9Vqos/gQzp8v/wm/1wQkR3txIL3ree/w/HzMQUUBP9HAbSDAMHfxYhtB7+gYboOZ0zf6qVjqeDkT572v84U5Gb47wU8g7VwyshfcJcLfJnkfV/JIHDcOhKly4L6RfaoJ+b7t24SS1nccfKAsOsPiLicIp8jffmkgsIBETHtptlU3kbTJ7Eun8m5Yc/awO8fX8b6F80ZEhzc5X7d3RmvMFXVtAXS81vcBnl4g2Mkhq2cWbbbt2Vqz7DRzTsxwd4X9cVyqSPAQhTgnu08e9pUkOo4Lv6qumufRVLv1efe60T19XbJ1gns1LKe95LIArURju74aIeyRt3QyWzx+iM47Xdx1iTI3ptbp6QynvA4U7rNzlyXyl8tMaPCQZs27T8jlpho4fOq3nE38xs9xb+mR7CERGGnwFPdZP/L+XPyRtMfn4Y/PPcMfqkrDLbmUw2ogbMOTtId7rwnNbg9jht8CLu+9LcdajzWSMRk/dsDglQLIOyeHzFuJhtdLw/F4e+hmSeVjxkHLGOxPnJPdLrJ9zKfBtawT5HGOcZJmpktusTjzxKGjE24PYdJ0KR1CCRJ0eS9bXF2kCnUdMp/JfpdDbiUjYc3i8QVlNVC8Zo2427q15WNZzjGhbRF/62WNOncYoqowaOaTsqLvsj5WetUz6LYiteJvDO/NW4JKjz7O4kODdRuZqBbq/XOE7WbjzOHx9YZZ8Hv4LFYiy5nicNYRPCGYrpKCp0PGxBQPVWVomt2YpVUahmnFH+JWwLngxBYYdo6636hbdHZ1qvecJ7boj7gbEnc/Dk5THuYzhLtcjR7TXjZOEYARVakcbn9lTbQ0BrN0euNLT7VjmFGe/ARGF860yCHWKigfHPXtq6JsCbDojOp0lRHtB5Z5vGbD7XDby4reMB8zbappFb0kbxhQBrjBhTXqN6SeSen4mNQzqmlz8voU7Ep8Rjt4ulV/ytWGytrJpdYgliuSsjO4HZALXaMSIGTIwU9r7cF3I8a1Y9l6JZugEkrcZdVJ6HVp6uynWgIhUKU62VQJjvs277btmlRonJqtncdtNkYMfB+Xf4xbNDtVzZQGld4pRkb9lS8S9BZpVNOXAirZj5e7pDc+rp1mkF+2iZLEKaNP1C4jl7djksLCeNw9VnMzHIPuNhbVgD2lM32e6aalLXNuO5e8rAp+KgbkZeLBE+hQjOsSmP3hhAkxX0uf+kHZJ+p0g716IjRnehThemyOp5UciU3yLNVr6t5dWuEVv09A5xq/kpw3AXfO4CVFNubQR5UJX/N8x09wR4ehPJ3EcphU+NHz+dC7kw/P8CBzwT+jj4Di50wrAeIZ/SfcbAgxZ1TXu5tAw5172Jtfre6DDVQC7nkVl4/WjCUGGq3ACVZ8faDjFeqoRS9qTbS7Sbglg4ppjxXfJI3DPgt/H53lbkma4kD55YN+Uv2m8pOV9JmVwGq4exZjYO3brxSfHE1af9yut+aCfizICFlYjSmAZuR+jIAwWVuMM0y9qx4HR2Zn4tN7byv5utJxAgWO8l5ySK+4cRZ9TLEvPoHS4oy3Rtf6JAwr0DVtS4VBvVNXNvtpOhf7DOXknIVKFImavdIIKtric+nVTHwobgO/uo9ModO96AYMTO7ggadoFoXghb19Oh5MldVHgREAFbq6HbKffuWGkbMku7CQ5h1BfXheQizDLajrdLq/bE9+AdK3d0rfurMRoIyIBif8BrwDxDE3CMbtOfjcpfka0TWwXTiuz8trPvnzdRISZ3fbeNa2dDo7RHnvhJb25sdNlFFTiu+qgJDPezDyUQr0D333I0DJzNR4E6Xn0b7DEF2/ux2jQSct5kr57ITu7m99etH9xS8iR/B6c3GwtoCaJN7U25pFp8Lt+HVNe3g2oZUKsVKE6NbiaQRRoq3UAIa04hac4T49uJiND8GIGn5WsZt6n1HzUb8Ym8G2ooGI9crCvVFC8TTcHvcaFXQgBb4iPRMznJBISJWHq4cRbioWnS5QXh72jeZNkqQ/txFdx6xH7Gzfxe/m1VMT5NyyW8X1I8XXVGbXnoI7vcFtKzIv5f0bmCugTWVfKthjrgpJwnAo4ZVGkIY7eDF6qSYvSpdFoKQdV66cUjAGI9gH4iw4u1N9xHwvy109jFpfMBncyACmJjL+TK4Gsa4MnU3ec9heUGcuXE2RV28MlUrz3QczB2jNU/Nyer0oXPyc3N0vFtS+cSWobxI1blgK1mFxUUs9gUBXyD1fyBICSaj2IzWxkvMFlTTjIYN7pkgu/ZSs6f0ssG6qBNTypmJ6D9oNiqDyqO6TaSWhTV7D0+rvu4hh74BMGDyL/Y8oMs4EH7y2HpNe8k353HumMNb9hNaiExvD/SihJc+GFw1ZoAmw1/tjumfhLGOZ1Dk85GKp4gnCUI9RPNXnsFzEbf3MGMqZs+i9Txqj3SWlsSwKwlplJfcDASQXGLn4Wl+uUCZd6zCFdxZRwmqxTfZ9/3jWBLdzwJ8II6ESIkYucMDqhbjiAPYxyVKLwny6Dljq+j05+KXO36Ju7Ctc7IcoQ+YdhUm6NxRTNcsrnlHxK5+7NE1RnJruPmjzsu9mV0rI16srP14dkSQGGNhT53TlXMqOOMTShUGF4SLtVkPg/Sj073BTcmCXFBV/PbjQ8YLPeFm1fPLufISWG/PE/IcA9QOeWsW7vHYq5szy61q/QQkKZUZc+89SnN7naAfLYu7dajNWjcmAp5DxfTie27za90HDk6XCJGSCHH8r2Jq6274NMa92jEC3ZR4rTdz7T6m2ShTRI31HqIkvXoc5e3wAEjVb7E0Jtmg1HemQgzlmE0/wWOaNMZdHl5m4u+N7DKw6DCY/9VJa4O9Tx+eVyljMva5e0B44l9V641r8OXv2GVjX9kYINUAaECYOtD2t1e1m43emu0nRh6D7NidLOma46pGY9im7keSwxC+bFKozA/A8mKNckd404DN32ZbZQGoYdI3YOJZS6no2T59aGMMUtJtetkmdaF5hcpOxFh1VYGLPl4HiHir5mmtnFim1twsTsvMjzktrF4lio3DTQzDl/Y2uq8kmxqpevCp5KFaIc9hsNU2f69PFFvxbGYxdDznAxDsc4YMkYzSKVF9jxBs7WiXHp1KwCgR0XPdZWD/c8qf9cIsaJp0aR36XvbXYD7rTPDfDLjeZZuH+rlX5oj4VBMkMy9nopA3lyHEWtCBLVTCoH3bk3b4ALj8lQlkj8TXe1VOddtfcQeitX0svteONGoGOUQSizPxDmAGtqMdzPIXvx6694S5gjprF+6ns78GO0JVcc4kC1ig4zWqliaud7+Mgm4hETdqWG2rf80QcqztZa5b6eCH6MjYTF0TNZTKcoUNvm0q4IcDVcFdzFMtslYjShMQ6f4E5laA/IXDLNaC5wEYUPIZaFXoSZXPZUZIyLGT+sCbzEe5ZOYoW6TDiDHR5J9rMx3Z3NeDeSDxCzvhLp6D1ZNwX3cMJEDHa7kXHS172FVvKU7Fva3nvoOysLIle6+Up5ycTAgTcIT45dQ1jwvIa73R1FxcnRgN5NCbcvhmpvVeGZUBCgeEPotFgLZwajqAlsOF2ee28H+guLmtickOntQ/qA/Xo3eK+m9/Q9rWdGIAMmSlFY6FUl02MmpNeMgrk/gl9VwYeK0hutkXgL/vOoXdwYVbqth/YgLD5vv9K1MzFGtJnmqqpUwYtlXLn6ugVldFjG29K3Iz1ndRVKzKYhIcWs3u/6k4yrjLk09SO5U2SVGIrMDPu5OFzl620ogh2g3mgMaZBkHMLG7qGtd9nP14eA4RTyeS4xXKi9nPfu9UnSnbCNMmxUuiFOPVJdlE2ZdXHiEEgrYcdEhiNxKyxvZHGA5krC8tC26AVQupvjJsLCL94+glPSoNvgdKSPPTvF11Aau0qlLZPP7wQNfowz1YBi3IfeJxkjZcGFU98Q7hDZKkgdLYaKv6wM/4pkomGEGK26o+SV8YH7xUXSBqRKYoUTcxkIZm/7pkRa4hiBeBtr35VyImmjBBT4Z6F57S27bi5GZEQxJujDLMVsytjJ5jtypYbttQMjdV6vTzQZgxPpXl6l+hD0TzeR/FCqteRfCImJgxWDxMHIkdLrV/Ozr2MW4DD1sALzTPJ6S5DRUONPkmHKMrwJV18Raizvi9ukiaSuPw8pWCiWJG+SANWMBrzIOhZ9gMAxgI/o+YnNd+THUFDt8OYQQ7tWD/apUGg0bI9BuGNYsLp3T3K8EoHjxWDETvdG6DjhAkEX/B7XX1vueloqjijcKn5bPJogJuRDv2UKnwO+0fZCEHYJlZ16HlMTrqK2nVijo7+InDyjlNnXpBjhoehYXp3HlK2zeSYZ7rcpUyMiw6++XPTdsFtdk0S0FxcNQ13KQ7uySUZdJ2uZW93TLqcp1d+N31OkdMNx5gGeIGGoFM5hJbR5YPS3GTmzfACRp82AESZZcquWk/A8AXFPrhSSVe4fAhzuXabkdHtLvEivqAJSvg7nhuBysUMkESct9/4HQjjKoLYMtpGwHcQUNKDj+MbDGdSx9cDsWqxpBWJIqT6+MPQMOp5+Cm+tHVJvSAkwcXuUwBMeoGnejXJBDdGfqencDCsNNKMTDklfiMCaPpKQFjLL5uGbm4je2+GlijtTIqO8q7wS7W9ntHJFfJabPwyaHWYl876VrhTpwrKK15V1iLckAHNn5OmiT5Q0XYPeMceBg8iTFZUCycUjD94eT9GKLnxV08+nbgiek+P5rKKF1hTzhkeBM7QZmvW1VYaydyzEOYigznXXye4hZzVXULTEwIncrYP6gXlx6352k7Q+8tBYwIoSK85RJ3HRHctyrwLRZ+7RlQOWeLMX5tIlsKsSERzZ3ekd945pd2TIdqcrY35KyFRA1ahKpEHiwfFeEDTU595NX269I8YhHXuQPWXSpLBZMSbrIEYyIg83OA06nWrlwB5vLIKZrvf05zfHC2Gv+3EZJ9nFoCrlGwcaJDhHn8A4jDcB3dukYOUdDfGsltfLCww1okkp8EZxjyf5JR8dMnyCKyc53vmLNJJO55pq3vPfom7WvxWZ3H3HHf01IdztimNCDOGL/rJrTfBen1ulzZAu7GhtHLcRFfyNOgZPAuTnaFNJ3WsV9ZuY+cBz9LkDcb3WXjg4jkhHn71mE06Frv47Jkw43MGpgLG+P6L2potjJV5MPed6r0tJtTnB/34UZ991PWkPK8w97uFMB9IDGtRN1dMKMjubEsUtU7lNgyXN7WZqLFNw1TpiDfab0352IXxeaVahUurb7xIokd5TEMCQU/jJ65hGOHnsaTnUwowqY+5vv4FS2m5EvAoG2ZLblsHc8zRIO1b/Z2wZ+yPiiWozYhU60YHo04W0O2sOtN5SnQ5oTE23fwQOBm+0W44KjG8NXjQMdem+6LOp5bEGEF1SGx6OEDi6yDj1hotW5T+VHPjqOVbLVLC5kMhciYPZoz1mnnZbvR6z2KVX4rwzki6SdmUQQbjJPajN29YjEsYpkIQ0bxcvKJPj9P5DZC5qWjTBGUku8Rn5jGLNPXMm4fbGMq5DvIY6rTCcIV1hUpOv2jKR8OX3g4NrsefHHno5tC2IGoMsYt1dnXanDhBc7AU4Cs+y+DGqy1kAEPyln3bkw1QD+m89W+zkwnluTZO6sKP+wHbXMdiGWarPdIvWm2aineqMPGBCdXprdgwfuwhp+JR0KrWkgl8arAWyhJNiOOsa1t4YS+3Sk9p4sJ2BPQKOjfd77YDAuqIhPmeWnk1Htx/MxQ+hZbfpdZOON+D48zgmR0fpTExfJpbgBaZN7IlpvskaR+R8hRaYshBUaMjOLD1qj3qC8RH54k036TeNLeWdwi8VKLGyIbb+/Aql7WM9ICtOhuNMH+M9qT+rXiYt+10WY6M0xrCnUPPKAnUfCDd8CVo0CgIp9B/poKoFjaw+5A+YTNfBYlOLRUPrbJtHrcvSoLIpOL5qIO8BljCMq1GX57IQLnVTSboQj618tqt52I/dRP4XWisXKmTKAjwKZgT0D1UgX8ZHr3xr6D3zMQWxvDFG35DyrNvaItOlsC8JujpLQpV836Eb5gn9z8XYsBTLp8ec79ByKV0ig2iONaVkA+VczF7wmXv4hBVnZBbuDSi15NuxMZL4EkQT1VkvJVRhxv+Q2rRK1wQfFwwbpad8DWUD4MaVocMlCwUbDUfnVYP9+1Yq9eULrhWj0Fyi4hEujcZXRjXE48A11AJt1P0jB/zuB8siEtPql2u6n4A+0mu4RalCbrW1eN+x8pw440aCpLcrQ16wXzUVpHQK8TCnc4P4qYbZOROyf1KFSzAnqNtuQuaZt3uhdr1RDunXoo4s7THkR8hj9/cvv7SuINuOAYUXY009zXh/HNNFGc/H+bjh9QjRF4MsrzaF90uTg19k68ysS1gRnnsmn0uX1Ng0Y6DpwChb6/9yIOAvlOUOtyHvA+7J8kgGzffUhdL8RlgLK/vUvrNOuUJVYwcjxsqf8dXn6ameivT957dLpW0ofeNqQkJoogywAXqoXqJtLzfF8QGQdYFJW/nuK4XEPCp+fN8HodAYWT8Ad/44lsmWHPKvJGbz6Q5TDk3trVktYeNeUPWaKhLvUFfGCqtlmjMSgGbB55bVxPVTyWbTfJlU6CDWHQx7ov2ZdWdiomKbWBOYACj+pbxOBjRILtMNwJFtdIJ9aZjUXXyFWzrsGBhEBArmFa8dZ3BqPjg2WT6OnX92VVa9BSTLtUk1dyWa57sS4P1SwWxuxYBzZeU2IRpIu9cChPukyXzqQavQq6C39DPUQXa5qFNNfeuMQKMFsYabt8gm6JPo13Wc6SwUGG7y/ywHup0nUgUw0uxMz0aBNZY3NXbGRrnW2RYPukJ7L4+46tCXDH96iWPBLjgvIY51uFNKKrIo1JNAXcAauUCm5q9Rr4rbyWjqZjghM9i+25pFP9YI9wRjFeTdib9KzAQKSy+iLanr4k6N5/7ySnT85h52qiZ1BUvG+B61Gp2xxMIRoea27qLR0T3e5fVBfqx/Ia4zGqAkULRIDr5eDCRkH1uts3HAMpBu88vHeXXDbBy0Vg+AafaqbrHitkaJDH4VE+jYB6kyEnYk849cOjTkSXMOuTOP7GBuJs8Uxujgp+h3DFdOD5JKNpQewKGDQua0y03rrlGMPNBs9LcuwOokH4CD/KYdj2TPJ+3uB8lKx6Yp++UTTznTw0YOsNS2yCk2llHY7yHyUuavDzJQp4kwmP5e17hQuHtx/Z6viYGwb5ObIFpg6+O8fIHpsomeFLqKPOboLQEHb5HTJAdqsOm11njl8wdZ2WO6Qomo8ohgqbjLAvZ45Q9LvQE19Vgdv1mnac6Kl1ggySgaQBvP+hSodW8r3wDVVDIFVTZt0a+XSHMJtXr5fWYkwj2YPPWdSVGqg9b9oRe9cVFcLfaXMK1zXeoKjcZHmuZQrv9ms3gZJOmcRWZswUiJ3ueXb8eRjLj2AvV1+F4wYl0T3Pel75+pTSHEVr/APGWXNTabSUIurE8q2AMTg5DOSGEbbmgnwkaAxpRFDRvw+vbKZVzcftZe81FyQsnI90cIr2jeyrylptERKAT0vjxtSbc5gldZH+5twkjdTHKmAx0jioBcRv7bJ6FifmljeqS1mLuJ7egESQ5NYsrzqEK72OcCeJtzv3b2XJ39kiSZJ+vsWZqySfgcj0LBd+lMhVKTxkw5VyEXp1F8DQMvjilBvXZT+aFwPfh8aF4qvngBShPOWGJ4SSpIzdgZPuhDBgs3wak5D3NC3OFbHK+ICCIM5kGaDLtCHCBpD1bddrrOHPeLf19GmfsGfTkJHDpRUly5dPQkLYsp7niRPPpqI77C1fnJ4isTvZ+6LoVWYanz67KUv34cjC0bhNipDEl/VQ5f19cXCzUUqYKMgnsdMOgSx7MlOxiQzPvpGLYjwLE+O1T9brev12Xnjt5dE481SuNIFvPMJFtA0BBk8Uyok6gdfUpZnNlzfnG1yEKSm04ibTRzpltIXNPPE0LHpLHs12S8++avrQ60yOMS7EqT73ST5uH8HUiuQpH/Yon1ObJ5TRX5ormmTYbMtn2Q6auulvbVAGCUr7qe/V0S+kA5sCj85X9lOHHrzG/ny9vIY7v74BmHf8jFiaLxwD7kFDY0IAZkRuFnZbXXUMKuq+okdLxROlXUVwNXYgISPiWyu+Fnpz006SW/sqX3uuoZzGcFhoEM2MtzNIIwEUndN2pKu7cFjIlNrZqlC4z9yauSZA481MTvGSYCf0a0BS/L5HG8+YMr2zuNm3FF6FqEX/kh1p7eEr4vG6fsrjGUZEVGQ2i/QeUB/We6cpH/JzM5360u9InYztKZ7LFvMmNJURzcAMuDdj9tvUkjxKKg9wV81p700AJdnnD/ceN/xiJraJlSHcVpTzeGh7LHYGSQZcpw+VEw4XczScTKTxnVXz1xkZcV3tVAW7Hukt2fgYh7VVjK+sQPiptJSSFLb4LL3mXqkhXuAW/KTu7uRTdVMbp89CKL+rrzkSn1yMdPIZnP9nrET/VTWFNu+qz6RyvTbN5bYLNYaIaE8rpJKPGLlXU1cx1iZO+hHc8Xm2Ou84gSvXPpRkMJ6wPrzZNatoi9J5W+9Hdktf0akf9DNd49oUIW8fqe0PhXvlRILRTb9k5h3qakSPhGQBSzq9Aa2ASthk2a1JaeOrEANfAHadR8EpU+i621kcNAxU3yvAKRG2CjtbeBSn9SSM84bLdWqvEdI+H4EuG2+0rjdZjiRlznojgghY+7DdWPwwfWuA1mDmEI7C6r2L0bEe36kHYWX9HWlzno7IrIvLsuk43Do6r1zABqRAwZixCU6T6TycWdh+1FFVdlwjaJOwTycNrGDh9lLkG5tI+CJpMALxsKX21TyFFoWmnFXCZW3g4Y+fAVQH5XpfneOrX6cTf/Ne+XBHNGzKjXXLFQy0CuNif4wyLzBCi191e5vB4v7cxooqvx/S7KlvZhlIwkNxSeu7DHuLbzF9zRrf3VCVZP61nEhU6depCB2/nVjm5xGDgYTusm/Cgq5AYntxFQYGyGgrP9BeocvzD2d+3yvJXO9ow0/7y3Wy9jqfVpxiPqLQuq8LIvSVpNxazwrw+8qTsll59NoF1Cer9WMhhskFI3SEEvsHXr1C4jTYsWJ2GekwjE39sYUYU97NWD2OO7XF+jh9sxcRyFODbZeXdTh4llAV7YxP9FnJUriaerFAMRuWm9igIECPLomSEaKR1q1qQFUq7wXCBryidfe5MwYPRLMRkVIxKZ0PhsLSKmBaEJdZy0l5J0JVAlRT3uQmQvxrPNpmK+FPyRCPWcz6UgF8uIaRZyjanm6fVg28DWAFye5RW6oZ5Av2NozxpqX/wBPI+ZwCcWoribsZLwLfwlYQx4xmzV9xn8QLcXIhgxBVZpFhuP65EliNRGF7Z23ECJd+oX1bZKQSy1BrRzreERWCCkvd5GjNzx3KEPmfqWL4xE1MwL9OTGsV8ddkN8ovlx/hZLwoRvC/nIzp4eXqAcVQ4BDT6jNRMf1K9TIedzGnZ9NnuFkUbYuaQhenNtMph+iLylGy4RXIks9zHh7ER3XoudcJeBmA/dax7yJKVNlSw4IbL2i/THwKjHe83KtHd9yMukEGg5/4xXZD+jZ+wO5v0IPxt4s7LoyUIoBLmGXqV6IyYzjIUG+BExsTY31NwsqtZhG/txht3GJVZ1KQopz5Cw87TrQDEFzUDZV54s4Y+d+wcaPodkZ2ESmIgpZFNwtcHuCwPqqTW+uoDD/vm2wa1RIjhhNdrplwq30/q5s0sF8JLEmeo61EQpF+g3ugLAoJc2l2oTbMQX++CAbEQ3ErDhaLv2wefqkjuYrezpdFfGla7LmsCV0Satb4xsgvJo+bpDG9JCuaang0kA7qQudtXwikDRhMVoYUwcRfnovF4GFcNDS08vOd6xwpCoHKrKd7QzqgIHZMtYN3GpccI+loOw4mpHr7rc7NmG60msRSVYOimW17Z5uqNQmVtwmI7X9ibWJAm0GwZBxjT7QgcyhjpGVKqt2v7RNsadzge1RoGMm3zY+UC8yPuPeIWOxv5YELA7H5qtbC1W9hczVGkqE/uPckuPMFszlr7/fCGiw2hfSHvIc09PxUfFc4kGDqQz6j2nI1Cu27P+/KfUxJPnfgoxvgcxjqFY29+PRkQOiZwJQ2ti1EY4apQo9Tea3k9elQ2Wm8lntEOrMQHbkTGpI5o6/efUr2ITJieXX0k7m8c859j9U7DfNCDKUX7tDjBkHo/i057pDD5LOMGWg0UcftMDAuDgOT1VJo6uA8w+MI77/qKu1slT9vjkQMM+0bW5D6zEW44M8qn1RPEpSZj3/F4exeCqEMeaDjChN2Qa1ZGDYlqPsEcZO4LVTl+KPDb/KIFVNUqZ8vwTuZJxuG6M7Gd/LcGMAquZCfvqY6vZ0AlrhpF78rG4XJXq/ModUJ4vcjPaAsdajB6CdAgUQ+exHWIe6L6vjrISp/ANezLidtFTFHLl4nOq1hcbuZlWe43dO4TpleR/fVBFPe02FIOQDxGdWu6VN3B1Aiy2FiFcONHhTQJ9yeM9J87WBMs6jPgJdBtCe0baji9zATz3Upz/FsOyX0x6GVp0cfS78uQ7DLupyoBLsT7Gx9jpO1q+WFdhc+8sMx5uTtF4VtpMi9uXfq0ollIzff0ouMnSoDKSFzzaxCSF4yl07u2viE2zjuCEJI+ZK1g7jONn14jfGLIXxj8cYEER60pdfNtRW7wKlagR+tK8fUkl3ztibfcNHCVt4wbT7fXqHqzNh1kEvuqS5gJ1NjPGYaSIBBw1RHDgDyheidQakyYhQWzmjyMXatbse0H2fJ73u2NnbATHKG/iIlyac+opHPTaNnvWy3Fdv1A3BME43ZJjQoLACc7koKxpBAxdwBXOwsQqeGkYIkQtN6sKeIbuJX44xTc7Rzi0APZOPSEGlWBsKsbS8w/pXrZPxLNVmy99nLMmHGzp3t26PGh8p/EdEferRhRpEI3gc+8H9K8n1N6w1r4RuLaUdhFJgbaeGlEGLYfrz1lRDf573KGx92IPbRYBjyE7Bpkdwg9rBMN4qocT4RzXq32vYeAKzO3HsKX+x2lCOGlMFTh7wfSnoBV9acOh8e90xctJhL02av+M2p05upl+RgG4afmMoYu3DXB5cy2XyqA4XN+drDYD8ln4SIEs6owc6B68Lg9AHufzrrC7i/ZU6aJgfIH3cDjs3Mty9IdT1HpSS6pDUlj45pLjSFuoZaWEXiKwxSwdYZ6/sjYxzuMZj97ngMzrJt4njDiRFnDAsITinLokzvWZ98n8j3L58ebXfCq7ianoPfw+/jQoSxuxXwpuOY++8AtuVY9n6CHgZ4YPS9PR4fpEwUDIC0svS5arK4jXfL9vKwOfQ9mQU1RGn8GyopW012LU5gkuJSu7Z7LlfDoU/y5ZkaUhNXjNi4kcL3S5kcmjK7UPvcC7rQy71xHuZgi3xCIdu28UhCvIkzXy9diWTNaZ+CoyYd4DxZ/NMvTlFzWPt6WmOnIBwZCulyS8Im/RTPOMDfLj8OaO59cYIv2l43Rc2JRyXC7sjfvvsBc4nVs9PJNGsb5IhuFGrMPLCVjhrh7AfOh7yWdzBnP68DHLjV7OyQpjefVSYQipRvKUNBP9XYvUUUktJ3h+v3MRAx84See9mMCj7zn1GCW277JE2EY3IXFTaAAcIy0gYA497MpWw8PsY159pXoHnwL/PwUDJODgA8GGl3YQrMERUcrqvSkM/DdRPIWd5Vn8p8imZmW8lu0UBVSCdm3nRXeE1j6Nw7xiN7u2AO/RGDgt/TctbGFMW0GAAXrfwj2oWZ0FgLK2w2hH/HtTOM3TxN2ALcfYzVHizhcWZl52ZRtaQvQhrdWeqzCvyiOuTNCRkikcmWBw4G2hstTnac0IfoQA4dI78uAsxfBhijBQkP/vVvQK0llsTaLakT2kX1lnetQqX0QvVqNgdDJ0tbc0B8Jlg4mg6faKwIR7lXm2rffQbFQQ8607m1WagMdOQX7mhZ2sjM6mTSsFe4xIWQ9BuKYOWqBeScC9py1YJAMuyBk7IRY8qhOF49Oo8eA4883Dtwr55jPfX0CmutCP0VxDl+O44vXU3QK3W8Fs2n2sxPb3gsLkuAv9Im1T2x6Tc6Xxl25Nzc817UieZkp31ctxpd0CainrUBbPCoNDPukxB3Pn0+qlDVC80IfCmNf9YxmGtld15D9ayM415pOpQKi3TL2enbu5Yp5/MwFcOjJxQ8bjH3JsbIInSMwuqJrvOMOXjSaNSE1VFZC+/Jy5uvAWjcfndTNfIUYAGzkLWXJqabg+w/SfSs4aMevGfwC6d46Qt5dblQaG9eHPwAQPM2rQEM/rPOskL6u+EzBIQA4fDMX/ALQ/vNyM/TYaDG3kzLDZIgd4AckB4OGnOzDeQtmNuGuuo4MFe5M5iAs5VRUXv7I9amJ1SvDoMFNYr1zycjQO5slwz2cObcDVTpr7MU8D3Fr4URQATx5yVFyfC3+9oYjgKG2wJjpkz0nZyZeruP7loo0hFyI8VKWl5krMk1faC2EllLOWHbJVVbRQ8nSxzRTmTWM7uKFyiKYeKOLCA0MNO/fz/E1FmHTaFhGEE20H8jePBXW6AqdxOo3U4qb+sh8RK4eE7l/vxbMGJ5YMxFdOe3KhC+Pmitah/LzHObr9A7UNvK9SZLOQcg4NZDFiwp9OpOyBD2VhPbS4ORqJXyO1aXaOZyCJFIaed7TNbWV0ZR5070zlSo3myP1bZy0lKVy4e51Ut0/0YJqCD8/gae9HAuH1mIi1jUkI+yVirvWcRAyy9rivRg2rD6UCWeX9+8AUW0vGNYCc+h38unEE5EyPYNbwYlJ70l+zZSf+DYZCphhdcpbr449DfeYlMZFPItU5FKhgddbH/xpRGkJvKby2YLb28iZ/QuMmL/pMYXXz4LXXO95gVoE0EVx0br3i0JqHePGqtK8acpS70aOzlPVZfpabA0bFGmYWlOA7pqnl2eNaIxceXi1FygkPvA13ic6t5RrO7Gyrmjma2wvcIuvpbIzXcyMB0xD4VROX/w9lMZUGB8rS/1kyRcII7b+dX6rtPICcDJy5/wyLle1PskwtuPy/8XedSS7jWzZ1fQc3gxhCYAgvJ/BE97b1TeSr6rX8KPjK1RSlCQSicxrzrkukXGU/fNGefJZryRNcdsSN0FlXvlReBZuVMpZN4a/pjZMkrveVNRNHhMtUj7uBACV3xcnSPA7HR7vKfuZmWKQz9Xvx3Fp/alu7E3MFtx8LBNYz1ILSpO5WL0mJVxcYVFO+cj8hczvHhiGEOgjQlMHrPGxuRHjmYC37GQcX2NkPEBCN0K3vKQC2Mi7OqVPEKNii/0eSpbpv9Zfb6H93XjlLGEemg1g8ARQyiMy7Z2shCYe7jWJKLLH/bm7dA1zGb8L1WMHf/02z0+Cw2jimwOy40gdQK3sOrflo56uyZT1HdKldiZDtsoKj0AhHNRGCaFvCumGCz9omA2+DigBJ5FGhfMmAt/O+AigIBT6UwQI2ZMArGwm6aZ0d4xyFTh527mQlaAuU3z4erER5mSyG9qraOlIFsB3AMey52N+0wdb5iRiTL0Q5cqn5LIQn5AABhQaJ/p3q+GVzYvKAoLwe17Ru2IjIHC+xOj6YxAGCIAitbCjxk6jAC3fnY7wzd6NVRfoPHLeMuEjqDL6mEF9mJcO5wvx8NPzVxnaHZabuhZcTNEquayBZxstyrZ5Syn6+tpqCJIgbRjL0JnUd66IR2bbIjTaf0yoftTIl5CWSuCPd5ILdMtGM4h3+kseKI/fSub31IFHGSYKYCQA4MfBnNM4idlfeAowI/s6WVZbmM1v78F4VppWv17fcNR1olitzcj0IEjyAt3xJuDg96fb51nT6X1af53UG7TjlM+Kyq+Dli5gbQRQ6Fti6BbPc5nEVkvkqgSqBpLHROyVS5sQmvMJghKrQAVITWfHTXHM6/N4bbTno7Vp1y8DJF7YxWxffoW3Iq8TzrcjdzR5IcEe78jrkZ5vFNR+qt37+gHQ3PthXtMcIrwgdiIjC/hjnR4tVphmC+2rmXnyUldwSeVjoAD+0T6e5cDJdW8qKCCfIov8g2f21xqZHqUebBO/ldXStqFHAv07JJInZjPxT4ivC6dXxkFNUp/0oNnrXP3CwcMA03B/4bkhVJY5g1NRdJTsRtUsw1qqDnl0JXbL4e07c+QBAcxWvNPttc4y2pzZeitxDjQ7LosUuc4eNdr27WElSg0Hc/hzoEbd/VcBq6C2kxiaCehZ29LWB1BcrY7spPE16E7hF+67ZwtHBCAY4jGuXTBTtHq9moOzeozngfXEO/0lk2TiYa6t8jzQPxCJmDYWQ2GjkPQ6Px+fBTq6uRniP2h9ntNpOCvRxeMeEEVI+se81uSMnYdYrnL0Pl0NEqArqDo/f07Y5yagQRm601YVa4OFXs0eXxEW0Yp1gvomkfwQDYoWGZDyHgMNGKj87JXiAVe0b/mVW3/y7wj0jKqYD04yeef8ivMAxeOT25F/VMbIjC1pqS+w6l7KHK8az3YBunMndtcoIAXCKW7zgxGN0qqD5kQj/6IAQHnOEuwSeX2aF/tCCg8ikQfFkmWiwGSJddvBiirKTwFK8PY0x+KXhLf3cJP4gBlp85zeeT3olqycBNs6Y29JY0xwYCAwmOHZeK/8DRaIQw3z2OR16Nca7moT2O0NxeDOj2ug/I+/7mnyrx6LtXblEWvNXnTw3tvrKxVCSTZI9NFnt/2Se0ObwyPS5E3LWQbp4e+kRVDcP3XQButnYX2dOCHg/+tN4HYGY7spMIiYl2mYr3DrG51xCCG5cc3ncCInEHAvQb+21PttoHVksqlLGWqPiIhszZJ7nz2rydtzB9blkhuGe6k6ndEyFRBfeqbfBf/QCbTLcDfNHiMFDuM2doBAcd8aL1XjfythZbZTo8AJGshJwx310Wn0uPvxfuwmxDoE4zvDS5htv1/ZgU58to6YKU2XxNV94ufNA9epf7pqWkyI3wJyohB557uLQvRVwYK0POSvRb/nSRzTeCJLsukVglOQdErA5pspmz4YtAI+xXWIy/qeo5xQkPi7LB6YYl/rdP051jAcPuirGPzkeOHGo0EP0o0lcWIkqioI2u7mVDn+/CBI0sRZbtQmsyE0B+NOqh6Fu+tosFN5ZMsJR5EMktxyeIdNBYEu1a+wnlQU+WQXHBBzx3I9CQvUEPPosjqWqw0ElNUrdCSC4Fc7ak0ccbVP1ESjhhJjHFk0Ezg4fTODyVZ7zHB95PriLILWoTqCFNFqUHeq3KNIQasETRTyNvw4AEIvs+AeXdFZz3FSEqyVcNSDMBlTmbcBpiOwyboNDTy134ow50jMhhpanZdFZtbVkmkbBnkJVJeKbXKTs3ISkHBBxggh2OBnYwyGVssCm0Te0UzaWF1qfEBVW4T05c3ugsK8OwfCeahqIcTkQ5Hq72RirUi9GCGabClZHCEzgcIMHex/+R2hh0Wz4BeIGAndGwQrXA/WTu5L2th9mVrWIEmqqTcpVNrvgtFgLYSxlH4pXEBY3mUv0gLRQ4MGmR+NhHSfIvRjrhkj4SVvpU6Tvj/7A1HS/TSZWnTEDyDkYw+z9a8dIIlpG5f24wqhTyKn2rkTRmS+XIwEEZK4N8g6Z2DG0ay7N1HJJwCAcM632+/YTuHMN+xAvxmbU5Ouk8Wq07zVfCSzzedxzIIjqoYRDUyjE2nsxqob6AyLV79bfE0mnFJ+M8QFHVJZfqwCHczBB9jSrj2bJPOJx39mBDakIxELGhWj+84MRsAsNgPvD23KadFtZI0YJl4lMUdEacHR4LI7MKogNJIn5XTaf0mm0VbBixveh4vZwLmVlTJfaIF9b5FzfiGnNRAq480EcgVLRRkgzZI6zsoIMu4dLZ34A1ZYxUCvQ+Tc0+Ozg9cs7yuzLuFn++jmjo4RXIZfSrOOhy85p1t9GGHzv1IOVpB50mFL0vuzPJ9EFnK732vl6Aooem4dl4Ct3sk2KTgHJhgmIh2GeBV9grO8C27/qX4HmM0R8GgjYeTM09Ja4RcoU/mcQKdZ1NnyOVqTg5A5deJ+hYY5zU+6RvC5QdUfkvjlZCBZ8o8VikmylnNEBaGcXDZ2BOvdU+kFcB0veJR68NDJuNH0VyZpgV2yhuEb4nghAAGs2hOyAA5xXfJYV+hFCtRXigAfI16aloPkjXQ9BMGsVoLwNYIkvU8wUSBeIpiya0k2SLN42jvf4Am9DdlG3uHHGY01Dr5wPSwkDq4bfxwjSmmSNnjXwUUjRtoZ+xmXtu4+iACXOXwdEQEdCa6ut6S6MTbdKqYF6CqMGj8XU10qeqVoMqH+uV9CdNJprVWF5Ca0eHiCqEy3SdUU5RaxSA/fN7JGhYHciQQZLpmeGMfwh1sqwMoIDNrE8keygJfzyeCDoY0cwj+0A2YvjPAdGJaPUByGB7jocnKs87VgpcJbBprvCZLhHMtDnOi3hbcklryyCOkhI6knV42McAxsu5rWtVsBQI0kaVmpsYp7kPIy5VJ5lezO5qRrv41JpJtWPJJ6Z1L1mh6v4I80B1rnpFyiqV8/dfwgF7kh0Atj14ONfn11ur4VLxEHlihOnMx/wxFMNoqUHRRCk/O3l4997h/h/R+QUza0ugJhnse/lyGjMgBmTMeY05pQFxDFWy5h7kfFXx+XTNCbv9OUvqXMqvDe9xvs1x7Ww6b8db2scDEjG6pc2Nh9XAFb+w4pE8Ig5rFm6lUQawbfq/qgm2lvW25ttnjbv4/Z++sQlYf1IVQH82JVZlkor85ZrPyuoCjs9RZHwH6B2OughAxNsgcUJUSfdAE7HXE88iTswr+/+eLTqeFrq6LSmi8k0t6xroS/6OvZ6KLyBccrUhIkrcQD0TP8NjrKr9Tvr4Oq2DpAf+G3+KueonGO4Q7FsVjAq5fO1X+9tGq03GE7pNb0N2/GslaED6FE/16vPSuA/DiMj/ae+RB/P6aSL+ST/WTolCSAaR6bVE2fhh8NuOcBb/QJIouuW9cwL3TQKnG3R4hbUDYkIoauYu23G+1kCXiG4TLA4mAIKQlO23BbFIaZvNV+V7bgfX89sajOXT9YK9ccloNfFu0mIK7QnApMO4sheiQXPR6Xd1yAKtnZD28SqG3fc1G4VLrJF9IL/ZXCTiBNQ4t9Z4O9qMKUZWR4WroPSbtdmuyKIGXUBfQDncxYyHD2pk9ATI0poCdN3DNyUAKePARN5qNBxSYAY9Krv3MNfuxL2t3yN9kvYujdf3sofoNm4LK6Iw1/MbxpKwg/4hCWpuYF4sne1xJSWqO/50yzKyvpYGqmyFOIIrIMDmA3MSWvuEZHuKX1BT2rvADWapeGyiM27XXSYTi3iHSyZyHsVCWDt4KmdW9FNLUVfRvy8v0AyI91MfvGpiuOrIyO2cnne0tSukOEzQDLXHqmlZRMeKDZkAIQgU770D3nWBgb2BJgWOtK8CB6KT479bBtYGKEX3WR+2FKIXEr46GtSFtV8hcOp2nXkRK40F/g5EU51LcPAdnEm1+9/7uUtWcfRzhLZid20AT3tj13r3retjkDqviLvee+9rPzbPJAOh4a0ujGzhHnugdOr4+AO5bB+1zZ3V/reyUdjzbh4gmoRcQdfknrWb96Fwi77kg2BRABM5VlNDCa/rCpnB0ccoUm5A5eiePlnzs3AqHew1tAHbL0yuoMBIpnWMypuH5fCfQO0di2tJNttlV3+qAxIAnfESDalFHlBvHgoK9WM1h8GPaXRg5ujvbUWOhAJIzl3iQPOuUEp8i0nxPSuQNAgllF1sJY5U3RHpF30ieDIkD5wPh3NEL4iociirmJxQcisD5YddFQlFspz8UlN7rB9gNc17Tnpz7SE9nv5J9fXEBV2QefSia4vmVvgOZztmJYYBfJ5BtPzUPZi/jP1zQFu4IUPEsUrvCpCgsJD27EtYdH4bMi9NCSIt6KqpWfjOxw3JX3mDMxOUkJMCpGJhIk9s6X+XFyZhUw7cRhGNaB5d6LNnjA7K0ea0tfysS22VAghGCaBmYQI5KGo2Se527yqPZtM8uG3QWK90yCzBRZKFpcXZ49WPsii4+Omo6yzWaTs/Djhf0Hsu1+NmnRgPO/0LwI85qdW0GLdmVsGsEo1W5VIOMNiJ6CLHsOfJ8IirpAfRRKI6cxRGfik/TPFgfQLtY20xF18lpFoBnqukm5C688CGrpkLAhwxq46Y63e2UmPWVatIlX/PFhxC8OLx0JvS3Mq7NoaEgRTJ0APXBWmDjnqgC/viJo3emZ5QZaYX18eg6aDofbgyfe2KJrpDiQyPWQKN3Az7+jGQqoa36//wVDjoERGi2apcf2BtvuOzDNE7lU2aSwu3mCqrhi0jGQ+ttMMqPix1/j7WGDRTJtS80IUZ3K603y1/tLi5dUGF3iQxjaPwzHr/LwrunIw8WtiG3e5+k8ufNjji8AgmDtA3al6Ht6ebC288bOnIZ219WIuUhR7dEuc3dTfoiuvotfixpZe/5QxL553Mrf+m3S0qqLP3Km5LG1a0eladLcHTMhTXibeV7HklYwgo7tkIjvtCaJ0Iybcixsr2cjTcMdA/fvq2p6JME2iWBpt0W5HenBtXZkH+mcJynwiTSxaCw55Pedft4+3EDbr2Msq9C0mvEHCNooEFJ8pM3ysMobDN8pF8ouaEtukL2CfOrL2KPDk2sPfU4YqdC47jQVVNt/qyjrQcy+/5rnzmgwyacpiZ18tN6A4TVw9fBiHKuL0W2/831tSX0FHx6RyFc5Fha10ySIIvkWDbM0baiTHZtfBL+2XxRWEBI62WVCYiK2IIZhyHzfTcZHGcOxLUZEapwKswhmI2efyvv3iJa8byDiNeMQBCJL7EDHDbAZRO530uOzOjSRjMyBlfsBm+QK1mLr+9fsUQ2vNZcjafnY4DxYjjdSeB0aYN+6td7mzhyMIc/Nx+cfRNvUe9mmx2DIuBRHwGaEDrs6KKcdy/nVC0ItluurtcxHmn4FScCHUl1Vj+VgJ4djAAHaMnVTpVLSnNsgtgHuUSFQdA9RL7oLmkKCB6GV1mR9EW89+THtk/owF/AJk/ohTSdiMGrlcHxasZfce8Eefei8exeNnlwXyGIJav4qTRs40aBTx4a8uzKNyVuPIhUHotjGaPKAsj9jyXwZ3QykUMzmsUkfeURP+UN9P+b8cOn2DkPkwezvftFnduJabiDR0EOeXRMgFX4YJICwx9Q0IrLTlJeA0G/FifMbVV91fXxK4/zREq6sCr74Do3lXGACDf7iHmYP/+m5Mq79gNevF3YT/thQkfzWG1Sep9QT6yIHyEZbjQKWKHxUaltUn/VkBmWbZrp+0GLgOOGxubNFF9qeTsqSus9b3NqDPN5d6cwlKukUCBqnIfpFpZR7EN3BlQKaBjQDbym2gFQCF6LQm/UI1Mjm+H6+KLs0MsTRNygn8L13L2No3OQJ66+gNlXWZ9NY+iZkjNZpU98gruilKpJYPhh88qUHEa02cPtfg3RDrEDbZmmvT3q8ElfZgyXxCFaJ9gpUkJhlVhBOoLNZT/h56pew040/xC04360mDdxy8Rx/WC+C78xk2x6skyw4XyzD0vJjMDbYxviVQY0f2acieUWgXlp9fTylDXuQIimwpOK3Ej75/hPPZ4QJBbEA4xp3XU2rfVHEH4bOBcOlyGZWDMmTs4k7i7KV7l789TD66BALOYV/C8At4Udin+8V+YED4YpxMdyw6BB8jEHUQmxZjbn2DtogAfkAjItVr0aofeZL1DfGmwmG3mIKDPtrOswHuCnLCJpexJ4Fv44zWQ19h3+3RB6tIOriul+vULkTOkLG+eP6Zfbo7vPkK3wHlD0qakI1xvRKWPTV+F91x14Cg8s5wQyTviuk5YSzHOJ9TzmsPZFoWkD3Rt5ot7Gb8ZbWHTBBRa2wTdTEPlv7CqWHGLg+ZTK0mygKavOn6KTTrSOFdT9Mc5op8kt7db8pGP/gSSQorxsacDLzV/3MskKJHwvGFCapYN8Xzp2K+Abq17BSE0+r0+fT48FTDK9oA5QNtl4BWAjhUG+it17cFf2qhx/eoMJr9N7wBYBkdoY8pGljG2n7C6DT6IWlSCCJ26Xi9FQkv1K6YJcRBFhoNMqlqGW0AjdDCpWEZaPKh9A1LA3hxscjQ1vWxwQnP4Pq0MTjyUXCmugA7q6SAtOrRIqYBhdEHIu/LtEiu40TgUQ6btPTeRu/ZrsFn0Gh6xGzvyO5W48kPc3pZ/yisreerR7KvPap1zcHoYCNIG8NQ3YUP7MAW/FLm4nwKG+r9qrtIViGkmD8QbEyTw8K+l6z5uEovdDzl5DAKipLRvp+LBMhPdqs0LbuT8h7bfFd3pCFAABd/1C/LlevJ1tdxt8UBgewD1ufDj1jIK/npgOLyhePPX9+T9FESPgLuuHfkJDvY20eD0VQCEb+YjkE8GpWHSBkDkTWaOgTlZ9DCTKiML22NobJA+iybvyMtoJkO9PHZqt4nGQn1vUs3y2NWdj3rd/X51bKY0AJ4+DpUaNH/PqhxZIOcNsAetYiQOxo2hSMDsMYvMWymSfW1yMLwNtfaqEHsGSv0KMKFaTU+Xzan5lOWjtN74+mac5k6oo1RVTframDCwXaU/kYrfivGHz3llEHdDWiP/E1km26zuy2Tvov+pH6J/YyjXBtKBcl7IiTDFGNxpfU2D2whMn3hXjIgARsb8xOOsIMCLGrtBHfsYEhBDApaMRaVE7NQeuN6TDFOf7ms2Qs7WCDV+9uWhASjz+mzZxBQqoAxuC1BDvUbo8rfBqQB26DYu1D395QSyIRm2YJiDmuOxKSZPYgtM6znYbMv0gPux6dWQ9/iEB0VvsyL7sIrikflEV2wwwZ2WVetu1BzfcnjlKVnqyOeBw+W1/k4Ls5tMO0ieDDP5O1wC02oj7Z800o5/uXACOJTICDC2pB0Z8FckzglMxXus1zHgn27Gt54m9TU+gjlPWhy6c7x8KfWSvoIop48C5LnyfV8Z55sU7GuK5HCFNt5ntwZpFYgBAr+CY35rPc1oe1wjDk8xM/0jETtkb3iPZCXwLWl8brMS/cDwuc4qvoSr+9uw4CespX21TWxMql/p9XTbB5esNFz44iBg0VFg77jB0kS5geyHK1WWTc+Cqu/jzHdfWaRaj6tw72OHh5baC+RpbeXEwLhEeFb6RMhGO62VrQ0nKL0rURjtV3ZQNnnrzXGda7HtgZy4bgwoMR+BX+uiwh4QH2wGfmKO6HDiL3t4VjbzoQ9mKMrwDZvJQqcdj38lCzd4FO1vsl4OChlsFcDMkO/9Qf75WLEFzEwqJASif+wnehBupOzEhc1lGQ15CzHpfvRDCpSkw8Gsc1gyUxvAZmzLCjQ7WP2syRryujv2EFhL7RRzcGLtbAUufHCfw6PuLLQbck9iji47VLPW5kNqHQw3ewlG1EgFuAFRNCp5CkZgvsRM++uCyfgHy8/nIzksVLD/edbQoL6nyf1uoh3SAWW5q1Bx6CaHTUSx53nyvEvQXsc1f3fr6HWRzbTwuqVNmpPMSsyE1c4/Ot2Ejf7hsHzBoKIvglZRRSUCvPfMpN30f0Qagl1dZdg7ZUL/rJbiDedwN0wn405Ub0z7IvMpkD+wfZCYlS1/xmgUshlWkwds/uUXwkTi1yAgOKqVXtzeJ4DzuIZggNzSCwK+KZ4zh35nMrzn8Qo0eDz0WleHGPUGoA3t2t00dO38ELDKA49YEjsDwEgf2yMZP8CwcWzpFTNZfHju9SGlk09D53mATpNT3Tm4dnjmIAHJvjjvDI2tEpg5goMOdEN9iQ7ziPN0G9d4BDrntj9VrGP9ZBj2lS95k/g36BLMvOffru6vOSz1GPSvUS4JdLPTz0rwr4QW5a6zwwM9EXZbp8aJ3GEP9iuWUfeZHnmr5KBjmgCd/TkmvQoOpsj/MzDVdmrEDgY0zQPLPRbFOJh8iGJ1TJB5WtHNJbO58S0/mPOnFTHRFLknk+iNCxL2IrUDr7CJrke3vGsO7akC2dMfPUJ+LWTp+QxNaxV0biYGDRfzBntVG6IYefnnozVL3SloK6MUDet0o7FZv8poeX3aWSkaRqXndrFWLX3gvsm5AQHNMLZHbY7rFQeM8Iv4LOcZ+yNMPfY8WTAQh1wjSIWL2QZbRhQbATSydyRbwd2v/Vi4++jxUWfss52/AP7kt6/PZECYUWim7bdJlyQ76oFwi1uGhMm9r2RTilUzCILPEQAQ6nt6ew93Mb9ZFErDM5fkmv7Rb3FcaRZbqdlRBRTJFF69qnN7InL7uFcp1uztR7sfAvfjEGOSw+riIEmJcs+MfCnaC8Gn5LwQ6CGxLzvjUCUA69m6yPsarvVLuT3BHqwcHal6JkFtES9Or3Lj7F5vV+XCXugVTd+ZM6GSi2GgnhrC4I9liCzqvrGCz/AXqSGxFGSmEQmO2p+KhmWXfcdycGpoH24WMbWHTirNPFZf35O1qKheIUHo+aCFHGuQtZUgGflfivplbPLnkJp0qKFkdbR/5XWRvl2z3y2EDiG4iyFjzvH6cWT8B1y8ilQ1kSIZ2GwahVLB0HvJVUmaHGZN+J8Iel9j5LgXUCE30KHo9/VbQ2TOyi53VTcX3ePHtYRbFZxipyRB+Bca1szO3eeMdU/hbkyBBK2m+cJDoTamax6GV/6SsfkFeEZ2kNzAmOY2WxvWrxMKnSaSHyDBcmmBb/dG1khTUr4i/A/fRDtre41z5uDozwacP0w1lVRizeuAPahNi3ye+/VxOqOm2rRywyWQy0asd9KSnL4VhgkDHYR6NY19MGAMQgzr5AipLbwf6IypksFpQ+kBZUs7PrBJzjaGJoo/KHUOpEdeyE8BvTX9be6lU748nd1N5lOba/5EDcu+kU1jUIHFTGG/2ueOrGrTyv+Yu2dm8lrvfxsj4vPQKptA7RhQ9djmrxSNOXIUyDQAZgvIJX8YkAkktboiB5MQa9nQG8GpCfaT1+pRNUPKyBBJ0AYteAlPJ3+E0REakvWypvJ60eERrply6jSMHW88Ynh+t4j1IAwORLh7nPe7D2PBJoAOVHtHF/JVh8ZYGH/RBX3CiFyCbZ0WiP+8mSut7k5JAh2WKq7ZEdy+LZycVa+ZFUCfN0X5OQndug0yMfn4o2m/c1WV1vNGKuE5XkHrA06hHyyRGabDLgwzn9skbiUuhAaokS3wQ60KESweC9IzNncOAiUWxCFDzR4FbJCzKFo9B4wJj74/I5jE8iD974jNwf93zwEfEeEORbqbrDAuQ5496D951IkgRAlqb+c/OlKAythtQwlyrbF9aaTsbIxtCMjw5pE13HyCBIK+/xzyb6r8hBDyzVEvDxhJjgNUTgFr8wh1bSPeVMDi2eDfgMU6a/JiHZJDi8P6DqsyfZ4wCjaXBrnpNQxqC2b3HkspyU7LglnoOTTQua1eGG/ALRgaD21fWIC0fMIk36+rJN1LVyVTN2youGX/d7Pc24/y2BtZbeSg5dCR5QNfNl9cllPDSzWFxVdffLvO0iwYCRi5mFJtq6Su5D4JgPXO5uYis57R9rq90v9DHsxgK/i3tnBguz9QUQZgcuL3t61gYCMPJWWcKZrzASmAgirw6k2g2AHH5ayPt6AETKyKwmU76X3m6YI471gBhUK6QyYvLVf9xi+H50foPeH33P8VQqY2HW4IiSCQ5DibuYCSvaHj057x2/r0Uw+4bWcpQyjsdptNGP2YPO9zsODxkObrUv6UXXcKDCu3HR+5ujoS7FznTMiuVwElRoGjFxdO/ZCSd4TxncQPXDnhCJsV6/m0HifAEYjmPgMKMdoO0vGFMMts6hX467uFIhbr5JhpmsHAZnZGCaHAr+wDiPBw8d69zVAMp/c1ueFWwquf/KUXXtewjWhPoDhTmiTE5x5cwYxciXnHAqMFPl25CxRUeLd4yWocDq9S79AtT3bVrOttsYcmWwwaYW7eJXbfUYomFmQmyo+3CADOI/BakgyGShV3HCM60CuNLZLULLfKcpDy6gvqUVLwoyDtFygyJya1wfGt7DhFMYtYYfM5H/oQk4T6CMTPG5qxx0Er8G7b66xkiqlZ7jK5kww2wvRibKfTrXhatv6EOxr/LMfqOogYtMQLnDg8qRJA/09kWTxZ0EKOmyOZZPfTujXIN0ZJiTpEF9Ks1uXWWIy0BJ/bLf0deh6dChjoI1ZBO5qoJv4QKpUF/RyZA3u8mer4eP85oUQ4kw/4ssj7QzUNUdZ4LGzLPHqyhJY2EpY4xNar8GWn58LFyT+JnEzhHFVgyTpYj5EPogXkE2AOQn8uCJXf7FElqkphWmfpXveQfqp6j4Er8F1+djvAW+pqz7uIHICwhPZR3ePnDT9vZHOHKuQ5qu3UQMDPn5LuiLKggDhGl9eeL35bHkopnXDCb3j16Mj1WTIyGeaxBcR/wjnX/hU8V2Po1+h3rCfyLUhAXUG1CsI0rDfM+6ImWym1lY9Lacg3uHr4+0UbS1tqQ3L3XCYUmt9fTvpoJdiiTmZ+Uc2Jy4Ccxoh9b0XRk2ui35TPTq2Bh3mCDEbgF/4TdlOA3wwyFd28YnynVaZlhZi7bONXTT9NF4Cc7hPmcrU9I/6r1w2jbC5XILKQ0nPwj22O8Hq6BJ8XCokTAjllCNx753BBgepoWTcOHJyqFe6HpBD6FiGuWo7VNg1Ac8yi+VatQ18G3aBtNHk8nNGestcNnsi1LwGpjkOYqDUSD0L9LvAKB8hc7OKqvRbQKaYVV+/OrgAvDOO8f9oojY1lmvL76gNpxncoib9HyDzAOKwZDA8W57Vw9pC4eKEC8BkEIa5oyQabYFtjwYfvdhNHYSkzbQvvK/YsjAQsvoVeSzfRuoqTyckSUTbCVwX3g5wE2rMfZd1s5iyL0HIjCZfe9mxUnTdgPe9hrl6W/K4zRcQb+0eZvbw+/ZzLSGEOtBkiGslC082+2EoH94Q8re14JVEqnlOXHwFDH/XBKYqJ4FylHbr2eL4AsiaczuyC/9potyfrjcpufYTesZ2BddN5nWTK5znJWHCbR740ilwuSttaZhvA2PRXaiGs4+NvI+KF6YCDqjxDlmciI1vnrarCdMdMUDCIomZeydTjxuUB6k0XV8zf+Tt5gBovCwx5M43THfKAWawq6qeXxbAEYE2Zv5KxySTUZ71+GwFwTzqMf+m0rMpgbjKRxq2wQmAQWEH4vwQj7Aw7gwbcWgUuGOXxrBj9lsc7L6HMJ8XfHHN5qAQt9Im7iIASceQWm+Y/8GcBQg+f5OS8svE6pus9k1MzqUXl25CxJAk5JdWssdiIH52cJLYrjuAeQz+5vQMGYj+SCtAJIoUOxQPMaJQcY5Li02qN5VCa2D9S5/uYZrC36zK39xA5CEimQRAG/tF0NpbvijkJX4V88lAK5z/ds3+ki48FBu/NYPjHHjei866IFzzz9EVs28pYcdRuOVuOq4nXMxQBac9pyhVINphEZF1IIjNUeLaMueY2OXBC8MR73aMCYsaXz7INdJW69cf1B8Q9DqeIMrUy4vhysi3prfqdvatPdN6LLvyV7mOE3xz+vske2DZLGWB9hoPDZTMD1sitvdJjkI4waSfJiCC9yuvibbnwcFIbsIqvAD1MOI8Oq94feLF6JcYhSW0kRgWmd7bybh4ygeB7ZUZ7+mPPxiudFd8uivpBCkICbMOQ9QLYImIIJyH9XeofkwLQ7LtsrEtAvRvvhMYy/7/buqy9BZ8sKw9STBlPGjuUojmo1kICrnAtKVO/RPkqJ+eFDq657M8lxlN81TGzIYR+Xe6ta/XsEeB77FgZicV4lgnt/C28htwkfH1Rzn55yJPXzLaWn7wb/Sm+F9dr/Ryux+sl7tcvVPZ6649qlpIX5/fBjOBvGQBg9Linhw/K7m6pCeD9u8302QYqiyTCyQeFBqU5dl9pVO3j0pGWrtoa5JVXHcSiAC8ttLmFi9HVglVs/MvRWkguhPSfGy2kzeLtFb+dZlSL9yxjSY53t/1aeGf4wzKPAX3k70Z6MaankPclAkv74HzBaeI8rWz9vvct2QgfSNb9XCXrhYtZFCTJNJCS/PnR4AadvHetXb/N0wFBbcbNjvMZwwlH8MmZnIwpqsppeCWiiGMZhA+SS2PUo7ds48ZkaGjVfLoqYDFi82rhWumYMyEK9zghhtQubTOh2dn5rjVYDNDs/rROn90Rnpvb4XGHZeRwlszbOQGOy436oIfnK89J2nfm/FRL4lQcVbEWBO6qFpIghjWqKPpZNXd5RzfC7+NZXXCtGhUIbYFp62+9KdeAexYOx7HiNdu2b6y/Hr/GMi8uAiqdtaMTdM0QfUYEf5u9+g6ckcTvBaJ17Ny1xCZ4qbRgMtFik3BBO2/fYcK5vNlmVhOFS6S/BDxn43kSwaX7JX7dff2X9BpS1WZ/WbB+UOn5RC4MdOA1Qll1j25U9yvy308TGMIqeAumYEevs+cQzQF3zZ55DfoEKKjXMoDHDTPRdZaFWhJ+tU/qSvOcV/bY6TbGwDEt+ARVthtmHKTAh1KyPEMEAELAHN+z76oed+oIPtX6bjcZT2BhXeWrS5rAXS23R/M9ffVzvCUziC3BfDNA+O/atDF7sjfUfokX0f6VGsvbrpIT6MyFzMP5QeH6xi8Du9X/IiZOfCICsR9lOIPH4Yq0KQRTrdTikG7k4q/4FDqzdoGlV/PoU/1iCa9Iup4g3MFVCrbXxTf8/q54BKeERrqh432LgLJmmDFTVkBjlvJTBmZ5dVZGBU2vFBXsyK6nCzZEkcWPRKxraseQgVXmgpN6Lm+fBVTgciPEy6jwMQ7tg4VTvQzuNjDXm3gWoogP6TSeAqPDH/0JZsJI7WpcTMP0wjHjrjMbp13Voq9oUeFeV9H02UVimsJhDVe+jKOpHEx+qn09KPOvE1osAGpcTkFPUkNQ7qyRLU1kTNIu1TsTt35E17m//ib0Qf442SexHrwF7v0F3vrQcGjaADsw9NDgoW90KJZob56tqBF3m0qxGMidwrYlu+q2pokV7VROL5b/rR5IlQ45rtE/f7wduA7AsdnnHHmQANNL0xJvmc91h+DV5TsuarHm8MbWHB0vPMq6IPHaN8OB8eFUHODyWIZ/aAV5Hh52CCZb35Bg9q6jgFHQr1b6qKZ+mTyYYGMCk6baXz+qKLFQe3NRi55jHOCuqzWLnbtOmtx/UJqi1X6whwHUa+1hcmUKD/D5nlQC/isc2zbCOltCpSZwJY+zgI0gJvRHWTAr/UaEm0XaRdB8AyfJJ+4wXDoXnIOOmgYjE33IMKDXZMfFiQjMCjcNB0KTYD8Ncz/ekV5LB/DQXc5r71/6ujALbpd8XK83MDe0v8Davxc5m84JH67OX7Qo++zt1AU+I+yx9oPAH12pdrZnpl6OwjH9+bqr+VbaMSsKMZGD8ktgh7js+GB8n14dge1mH133eNt58ugIJUN/s1byj8iuCrb3LgfoxB7cI6pyVohTEK304VwRQXuOkpTg3XQiBcseWqA64KRBghfmJFrpi42tZnRe32BxtdbDtpM1FOWP8BU+Bc1IA5EtTQLIGRSC7fSpk0fGLY2kbXQ/YgIj5Rwj5/TwUS+h5C0GEFbHhF7BVyKMEASRO0gO1n54atL17Omc0GDGG1xKKYqilsP1aE1h4pCU1yh5OnjFDRWmlY5AMAjpfcfHQYIHEcfj7DS/0vrd9LCWC3YN+0x7qgMTbc9XLXssvrrKpiQQPREf8bAKDmCfbxdDHwYOMLpcakRGNziyt19nAAOXkifCME+GH6xLMgtS05a3GRedRXwmece1hfQ43Zx42yvJYJbKH4TxU9+5jP8abMshtPbEdd79ZdHLC0ud22+e1VlYfn0fMvvUxNtYQX9RbOrF8xPeKAepYaX3YDZESW98eo1hxXH1omor8p/cQdY4sfwVZKhs3zS5uZYjiTXlcagi7oGrg/hX1AAplQwoMrlQj/Etg2DPgOANQKqtjPhwFW64QdwwMIPRYvVH5DMERk6pV/0fWZOb65etmWXtiWxrPtbE2HFlqndp9J5fmWZw++gLVMgFlhVt4494XjrzyfcC5KLyEQZv4QL0tBIYfdE1OkHMRsHsIdv0npmFU0nh7okEl0uoZ0XCVLrVXHgQ/4j7C5j7YFAQGiXfvwsC2LK5R8AL5QTXDvpVnnV/rdN/XYNZfTeeFhbROWL2M8JRnJVfhJEGXTwhqjE2N4pziolqlO2S3ADVNE4qBCsykKoFgAoVdX/Js7Jr8eZGGRKrC/gxtXDrwYr3Q1z428QKCfTuwkT7twbYshDV6B+lrhFW44kKk9hA9TCVTpo5866H0esf9mTWOPNJRKgA/Suk1vCv7WVR5M32WiEKU/ILXvJuQrtUWjZkRtFY41OkjH5tqv/zjKiW4oqXaukofrmv01vKVOcZOsU+Bakn47UFsp4bYbVIYHlk3KrYN9/F3FQ9+fKK44/4d172m51+d8BeZ8a56E9k692dIDc+UqcoN+PlQ4W+utn2XQr9ZZwbMwIItnirkP3kfjKMVDQuDb3xBgudFBzYcSh8N7k3xZcYaK1WfnHrOEbfrl5kvlPpLic2/tLPvVBLI1DLSnW+JKv+u/til9ndZcEOP9qQ4IXwJpu3Vk/AXbXdg1oHdKdqHJPsiNy4ALs8XXCz6QAKRrJyH/QpkEG2gAN2obYjUC9rP5meIR2QLd15zxk9xyw/0Vp0wqrDkz9WWYYc0J6rEm3O4pzIOT046XhaaY4kusl9TJ4gDdSKgaTySyAJiusGx/zAE/lr63ZZoPFUF3y1zhyaYI0RYLwWDJTPMaSk0KpHSyd2ES9L2CigJnLpqEUxhuBN+8NwM4IaaKzgHeQDTGUn94FVu37gyXj+6+ADnEMmi1WOkNbnpcnG+ZgPlvGlfAUfAVX/0PX/FMyT5sjhYze86D7wZCLsavFlDKVeFOki7NZq4AtTIp7+KJ97vZRxW+jxADLC9GywNogqTQVaAFBPMr2RfxjElDKy754kofH8Z8l4+7BuzZP1b8lrecT8Ypi1i8URNAX3Qc8l/9q/a+LrDqakCK5sHJD6YOHEKve847FZIH1py271B60IYkTQVfx4uGTBPmL6M99VJ6qT0QWNYrriapnwOdE0ywqQuXH6wYbmA3TuLFRDchv5j/lB8yB00P8hHxM0GRBNpYREQHyXl7NCMwFitwDvsOtl60blT4db8aA4/iJVO7+JdGbhJUnefviW89oXxMqPBIumh3Zvo2fGIM7Meuo8XJ8BP87CWUqqNFf8lAZF+czFSczHUfNwgLbZnpBwjcIOBQFVyUrsiclLn4IOUyY8E6GsORQCtfPT7gLagDnmwfHoL0A6YXRDiIpsUIZsQvoNMwRfudR7t+3xNPNLu/J4mduuFg5kD/GVZGt71tY35X7B1fTpZLW8Ir/fVw4u1OOm9hr7fOYRTpi2b+93m20zGcVGaTbxy3kPY3Or5frOmfpVxWjFx2JmKtHV3Rz2eVjUvpPckEn/19VqiQELdpOix0EmT2E/9QZYHQUDPMtzf7rPxZ/RWQcb5PBj6GDLWYwwYW54im/fd8vpM/N6eBTzaYWhcPHxTAnz//RTy4/uWhPM8HTVOXf//eaLTXwqVm+Z/1/9Uss9pn3vhj0rPr/fz577ZdJy6INYkuIwwfkqzwm2YJQuV8W5KYQXDF+voQw3eeYmqhuEd9ioFK47OzHwGcHqr11Qnd6Ttdx39glfVdRhZii5x2i9FD59VwTCIIPKcwdMww3+xVMkwii7zNMvTEsF+N+zKmI4OKfkbrePbLct8jNGVxNxlGafhzZDgWik2ZXUzzIzc8PDCcCD3fxS6lq8kC//CvlwC9BZb9lD64RhcJPy9BeEvslyl9+tG0zjReDSNL1siUr5Nljso0/JKRA2tgmNfFmlBpGnHJhI45mIJwsSFUMnxUPuswh/QlcGwCMQz3cP/YZMrsv+/033f67zv9f3gnJSBYFHvIaHmU5fN5HsvSa05ciOTu51lsx4FnRTi4xd4UBXf8mwp0XQfL1OB+CHa2DkSCdBn7TW7DlfSBVTUIBRkrhKHH540gNLlL1Gdkeqvvyz2ZOI7TVqje3OAImbAzMXJgN2fA8Hpfk6JsmEp8fU8UlKZnDfFqhO5mD7JqMYHSXQchXSyhA58Yvl8HZBZF7ftZ/CRdfnb5PTpZRTp3Ot1jCiIN3/bgnndHfMDTz61V4X4ttCuRGuGXpWWHdDje2BAL5fm9atIguOKGni+61hN/GBue1RW5fTHtJBgVzICxP483SWhJux21exc32ripdBrTMVaz2GCE82yORBGHUBbbR633Bb2zIy0eFMPuZMZoDJekJJNmE65nA0YuEeeAYRjs75sgdFVfpCUu5WA26Qjinp+dHRgf9HrTtIlSyoAj/Z1mYVJLC0gNvUo2Hrzwd1/THoCRR96dsda5Sz3VXZLBzer+8K7bf7trMyWVOlINC5PsfoaMP9QdRhcwRdq4a3zQCqVaRrVNNwL9L8btbSFNg5uIWOIakAQlf9cBi7ui904mgM2fpfXjXs1UvtL+Ny2luGfm/XBxcGsJPGS4v/cEVNe5RjvoqR7zYTPi9OE3AtQ45lg2E/pbJ9/ZVvi/W9d3hq6aOXsYuTIzfy51UvHGv/P3s5kh2BHeZJqvNFzcBx1tpKp36MHrMNWQ9UBMquHCEElNB1PKdogzWGEdWQOiAHNH4h5f52KekBIFujnOiRHvGcPqFf30E81BEfY1BBABcnayU/sgoUAahC8ZBRbDPGdTOAt+G6xLr+RtvygvJF7KLRvHo3CuKWX37pjZJLZKRlEDbWVfamyZ7M1Sswh27mUwyB19+U7NWs3gpld2gEK2sWQTp4d0d+qHmDFgfPSEnBBl8TKolBEVJiiCYO26/vMr26Q9lUgvNzs55GsAXvjdPNhHD/UwDp8RRR6lEBjdRb1A4TzQ6DVoaaT41erxZIgFlP6otvklaOx3B/p/8g+OodZswijPG9e2WIe5tbMGbfYjZlpRu8FEhl60CwSPw0OiHt3qobKHYLzWP5YP5ycdetcN4njLBxZbbb6X1FpL3819XAONWiLRMwpT/XpwZhIE7tKeEXt677SFB7faHHidMHr3pVePd/uLwzdKxWdt746VQsIA5zlNOhNF88yRPQMHxRcXMnRFt5t8HRDtV8YvMLbKih8kWgi8+MgLmoBw3d7T7wRr+05Kzl9ti0nfr4s7YRUnFOPz6KOORwLJFnK4+tW7J2Fm7ABY3at9HSpEMGYUBAKmK/8oFZIIQH2ugXmcBrwSG5AL3oQzkAIb8J3zgVjjWevHZ7Z2n6RoA8blVLgovAGvDRpUI+1DAcNA48LbeFMVSGud8ukI9/JxrnNQRuUbqMWnQs9X5qXF+2eZuAVbyNY+b5u25TsfOvJT8zkESZONG75Ro0qfgDvsS6X2aNqzi5f0oejGtonpqowujf7p6hCTM8eoDhu/tpg2jztova6S0jSkIxSGRBQbH65jSaGzOrtx9Crfawv6mJMBbuW1PSmSckvGXDLvjkVao+7uOJk529mTPjmeRitKCx2yP88Rv0YCSu/KqLbGKryXICbSe6XgbXWMqn0ki+NholgL9Y1HR6wRKwT8iNK83tEb9vnJxEAIMHZZ+WXzOGrTvRHXRmCWIFYNU+viL3BUG0gRmFsez/EnO4bfIKoa2VT5rZoEgXx7T9lleduxt8CY8te/um4f5xZJi/NZOVZ56QePqTk3WJN5vfVWU+gxaSGXRq+tuL6N6INC4B5z8J51PaTwYvRMimFQ4glFHQwb2n6y61rY/N7ZW805IIYt+R1+xLeqlIQ2qHjr03FDVRChcfrT3gdZ0SW2ZDV/QhE4SvCCtIvEAG/0WA43dr9HNH6uikSbW6QFDUS3tGREN8u3HL9qIxVH48EFgZQHrzSM443JZ6UZUMJWS+ublWFAQZuSRDqYQbdhI4Fw8qfLBMu77EAtOJBaUbDxW9eIbGHxXiNYVcEEFT5B+jhbUxJFHBeWQbWuKqM3NcxLwS2GZLK5JXq6Tn5/w+7YBgdj4PikwVoFkbMb1GQV85vjXRYjGN4e2sUkY4Wkmi36HHvhPao4KShRvVo31ytTEz052T0pgEYqyXy6KmfgB+NhLWb7C0tprDIll3DxWZV5gpBIWffvCZ9NnJvIBK8I0aYsNhdlPvURXHvTv+aSFxrjtdbu/hiyhIu1bCr6HSJGCemslKe97asTCSffxPmXqR2j73wOjNp3Pow4sQ+aEvQCvn3kaqydI0wpjMGNCVuuJX2kjQaa3eIW3mpq7HAojOo5C7aDJjOiwMXI57XRaQmE+UMfEeUvYLXe0YZK3zyS2dSV9ESbmWJ4cJq2EGoiOKko1Dca1UnDZJMBjkvBaglkRV/eZUzbS5t5Ib+5IoRZUKr2ck6MdCrxBgIveM1HC2WVof63uOtYllRbrl+j6Qu8GULhofB+hi28hwK+Xuw6V0+K0Fzq7uiIwykoYOfOXCvtSgmrJwR+Dj7DLzUPg7wegeb0qjgFTq3E7ozy7Fwvm0KHufcKl0JtEP4J4YFsV4rfc+BBSYXq5nzQC2Tr53RIHYdEpogIB8VEz8nde7cly8q3VOtVzPggBGRizsjuVy6NDrIMfPqqS7s95klwK+Gz2ZXrfdxGjExYmRyYk90D/7oCKT/stpSnowbQbIbR2LD2rUJ3CX4b6+RZzUvtgEGnzgb0EBR0hkZ+c9aF40CsIIsZKfGdpgxBLndem8N7pU68jBrCrIdZLq6XNhD5XswdghcRBTPAz+jweTQQg0K4x1f96HJVsHW/7UExv8g9uc6l4uHtlzUzrzH2KiJk4lna3I7eZZZ+vZJZTvD6N1rmfX02Ex19hAOhbNhCCbmAY46g+iPYk9B/m+/5ZD6tHysZXTLahOu5fVy/p2jEUdwDddD4ZoFU5tQ/0HAf5lQtQsni7MyKqy/ed/1YDXGfq5vEtlh8xQBibYF0qE7gi6ex0vQv097PJuuleLGRF/D7hjwZ2dO5imPGtlnq/VjncwBPooAn6Y6+8J20B/7OxjFRTnvWw00eKL/D7pZ9cZhFgRjQ3NDIiUrAPHHV9eJk8yKqTFftLuTDMh22tn1Tgw/Xh2PrDkfMve1/Su2QRzY6TKrUSQgVN7px5KYBWiJNrjnIWIw2sfIOXJQfomXqaUsxCT81sibygK95CvY0/JtMumGd9QDFiXVDiJJyk5byqMYlT5pZau/ucQuxVoJ52SQeU40cUEh2ag7TUf3WyruCKV+j7t/YCb8dSA+WePDyPjLdtWZp4TvcaQB/L6BAlHU8s2w3Rq7531sp80pTCoIln81FxvoclI/hMALZLD8rY1WmjNX73B0dl3SvAs6jkh/SYG4jEoQ6dBzkrkhC05vx+ABC1dxZPZQ9wYP1q3+wDVCSBVRBXkqFOfL60JT64YS0iBNC1E2+FHFBMw2jCfUhXenDDlMM9FIkLbl5Jz7GL5TPqOKcaqNeqWnfck2NEKqGfmfmbe3rDW5iIT6XopDYOqwsuIL1WeElFJj2HhuQ3pVAD5sNfbgJib416xcXMKCUQUWZnnvPavLIz/dUtL98u7Ler7EkMhda+X30hWg9ACiSIub5/gBKBThS2kUvg4enh48ElCU3MidoscguaWrMi/tup7ECyQgFKrOD340SzrZpBUpDAKHxO5feE5R9MZ5FapgCMoEf3slX27c4P7IFB6qOVAsntzdx6zAWJJ0i270ci5FHSr/0qGf1rFoomgRetsTqX6aQlVfAyGfix5OQhlC1RmlRgY9ewS+pBGzxlPz0bSjILUBkj6Flqpda/5L6JqK9FSPFtqVm0FNlvGT3wLghYSY+u6LT1n0XIqqY8Pgp8DHkGZDGf9SBaLx+zwGyvqZkhRUjjnAw+Z11vqzYlBHg7bQWCKdy29zfbShFD2zyfhloUo/6/gn5sYW7obn+YsSxQRUWzTjEY6J6fVPqsF6V3QO6UY8YnUfyHEvxQb6xbfgAERaO+RuQp7lBr6n+bb4A9+7Y3A/C2/zHGFLwyr0fdeLvmZS7QTD19pSCMUQ/vK5brC7iWs+iNtwlcZs0eBpXIFinF53wQqQFdHidfQpPsD39ZRo7hCnh7oPxHR5WS3K7BjV4tjkjX0ox1fi04A7vBiiRUWnVu6EXTLtPoL/ZsGE4y0Dfai1Sfcj1oPyVgzhQ3PJbEyiPA9HkilLFU9xtglJFxn9ATLL1f+Q13eQgILKDgmcrzIs3SlTRfvl8+YFB1NP+xfW2z7tsV69JHsqmwDMCS3DmrhusOZT4VSpLy5F6JvkW5BKVyBZbysF+Dk8RcxtMOxB2DKjFnZ6rRKKlqDcUQFP1muFcfaOCcgsDn1Tvh3gY6DFd4NZKh4Q2GBdMFBVpFVu++ErZW9FIdqKLprgtbi3R3hGayosDrpPbB+m/QiBEDtgsrFAIvJ/YuGES5d4vIMefAnmhLq6/DK3gKga7kl++k4AP8Xz0c7V3mbml1KzyMGmAi71qeFI4R0breYiznENmSuNYpFaRLncB+a+jZSYcMRUNfE9NBm6pmi0rOwfPPHjMj9rgUafg9OZAIgiomWJT5IKjULPuqwTrbR+4U4EgS2DA4JuRhgk4SgQtBC++GRbYFuZyyOtss37+lY1h7d4X5mL9hgHUvTkHvW3KyGPqO09TyCVmAiU1Z1Ho4XYuQEIeeOwN/eTcCX9OOWkNwQ69b/9GOqDiHR1hhrEsBCANCQsqW0aQ1goqe7Vhheb5QbsbDnItZqEezzX7Dh9cw/LWR444kcxXCu9EleJHPu15PocXVV2Fy021EOQadxs+vClOEhS6/Jfzu/1NUDUN6/QsuO3sCaiUDVGGbYc4W6ZimbFHKh1zAaIVJ54Bgti+CZhowJKSdWIu7YhyioZOyZPYsUytMAwy4Zk6xAZEFUzwzAuuhPplqEB0alNFMlfBEB6v5BFunJi03d5K49tPHTceGMG/GmbRR+C7WJL58B+VRDuDeXxbJggpgeNif1bFriiv/QzBdnMZBzKFgOMfJvfQnqQIppsoHzxq534MFdfSEQeeyt2hDCCf76/029RdaLQD0tY2a4mmzmy/CywPixEeM5I+T76nVkJQD0qOgmpNIe3E6q9aWZKLeoFQbI1fCcDbs1NTUchmWMutL+tx58H9pyVPukdvbsNqhmnGFbtHeorhrtKWCI78VBBufNSw6TCJ9WXTI6TsSMyi745zlaLLtnmB3Ra83vGxFrdjqPtDQLvu14uJMtl6K3pxT2I9gusJtFoRstFRypykILD1wopxbUFyw4WYR//5a8zMQBITtyJKLwnX4WfqIq40wSRr9Jjtz3Pe+Y0HfpAqknHoBZrD+EVvPlhpAdAseoJSPLmDshQaGafgfk3gsASpNA8eKzaIOWN4EMjjrtfG6A/5kmBfmb/3t61BQXXFHG84wiCYqH+S9rqYaePE1dPDx+aJfLsuW9O73IwjmCjCnTgxzHMx8gEK7zeMRdgFgt0uZoL6ZtADkc3VbJz3JuDNu3+seR/bdB6CqasQJnT8Ht9+En/NzWQ0BM9a81P7G5/qiHGSem1U+HsEobpHuXHEr2KBHd5pumNIrBncN/uosYWGOBfA+nlySui3Sz8X8yNnV2arnW1Bj3h9d6jpJsT5onBqvU32d2dQfBP7TBjRZ9BxYoRcAs679cYXBvs+N3QH5H7ovxwSLHmQFb4+sre6oHynAcq9/poyDVr8X5WIUhQPlHIfWQxUFdMAlSxR10ctsLg4bkJ0n8B20EP1QkgqLewPo2FDDws0nNu2NC8ppjNUAwX1b5rcIkpQMbpkrVQ4bwhu19jnhF0XcUiT7aLUyTmpHaDtppeeYv8mKUb9mL3eL3nR7hMX6KnajF93ARIndFFXSXATCOpq3ntdM6vp9fXLHz69udPhC7n0Dpxf8Zah9eR4HiJJZZGL/MqUxpM+Tk9RjotVpEcFtF3X9Fc3blJYmss6KAj9MrBB2rLVsuCIuzyGFU8t+80J2WY1IsYMKd33kqFDEVfbTgZ8rVPWR2t7dDGO3xBLUFFiKIbUhs382FliFZe4VEk1scrbU1ST3S5iuek1syFTPkPPJ0UCjz6df0g3yNB4lAkxJME2hdWlW1QjJB92UOm46mqn2/TPqAWjDdbShj0qG+1Jh0NzmgOJrhEMx9baCt1Lr3CB2lTlxwp3+aH3VI8V9qvyNcNcuvolAmXEtSbz0N9nzfACgbbTZoid291npdTthSSLvxuBqMbAl818GS2R8UOHweAVBSnPt6Cy9BbQfR/ISm6tITVwDpfCYRha3+EYfdEdPPfyfOGFRjS/2ed9aqGuzBWFcKk43wgMv1Ff17LAnhs3LZx6soxjDnT4OlnQ302QC4lJON+/KcFxr3qJqah97pVUMsIkzrRpqhdJG9zzGlsRt/OUjjaLP3HiIOITuU0L6oVvaBBhix/kJ9XX1iro9FFHu+GbrMP8wuDhvhH9TOgRyAZt0WXpLhh3pXSHkzEl1Rl3rZL71YtZjJwAYDPUyzLE9esRgqBVDoiMuqQhbUTPzAB/LgO0AHBicq/T3yg1fZDeLzVJi6PrrctCPILBiuweKHji3QBqnm+GLXzxpXmkBQu8/iv+1cAbFrZ2QIkpGkCfMAr06luZ7/YbtRL4GfrIv8Pc19t/PhgZR7/CIaU8u28P6k93e4ap4p5mmsvzhrzZb+qCfNbe0aHY5HXpkzI1sSRYWxDiODbwcw+/+8upq3zs+NBVvxRRoXk0wRuitWR7I1phP6s0mCCbG5+eaw01X+FiNCLDuEwS8H01Y4uNRpC9jzwmPgGOY/JBqt8vF8lDsM9AAWp/kHNaVHOxrFyTilc98VsjtM+25uF3QHEMU/VDN9GAeV/FI5Gz5fXZLOyFoWhYetfh5XQk1LIpdSL4g82zLCFxtcLV+XPCIDeXFZ+LCfy6UUo9mCHmtq/ePYUEIn3az/7uoMFBgb4wjImrRu+Oekhg/MhBN7SkuuJyFeQOjsNWucSDSSxnhEzk1xPUbsozDJJOg+Y8Y5PNh0Snn3fkEBhqZ0piVGmPay2hzgGBYVi3gVDAyAgzC5etHRYoz8dj+pvh8/XaPE/yQVWJQnpWRZY+C0NhqmPweKih4m8yg+uFs7gfn/43O+B0Nvg8p2df/grxq2e99VX/Ypj2cMHQ67jL8Jluy0Z43w1BPQ2gK7rIYkfIkgI2XZLa+WUKvlpTxv2kmCnYQS+/+kpfU6eumy4D5/raf7UF3tgHTJnhD5Rq6DjN1RgE89jBAoJgA2S7+mj4vOd8BoklmPjsWFbQc/WYcQhrp0g6e0qR0gAlxVbrQNbb9WZehUC6l+oGANza7XOtefpcS56tnku5a2Ev6kgS8fThKV1C2bdT9rf2LcgaysfueqSbDaZi+0CnCmzRdqHnpuHICH4ADomLMZXYDwIjIp9L/nrTNMy7bTQKf1fSPlOeOmtbOhHPXpgGivKRsPfSZahfGnxY2JD5tMko+0eUBD2A75HY9qSaBEW4t8p+IEoVpHG0LrdXWIzJFozwq97T/bemSY82tdD3WxIeaDL+cdN6zY+uvgR5QleWY3wWwG3y9/UFkCKwqg/KKfKATA6fdW0O9c3y4nWFq5bsfqfsWYUPAvrpXF1ZCyY9hrp2awGsGdMAEb43LnRfFz6MhZ0srnv4yJ2aYqvwZBtZr9E7f10MVMQNXsB5cT47fYtTIyY3jP9QjZH8Mjetg45AbmxMSl/oA6OnHCZxdlQbCyJEeC0xJfPadMDitgTvsU/jx1EvtcEyK0fw2LG12TSTMD8UZ0lwBPpbsqe9q+qDOQLuMv3ZKLG+J3FsHDDmsW5i4ngBLYpFB2QJMSp3i5YDJ8Q2mEFnSjaUcmr1nIu8pJ+ESj/RzdCHrqL6qTwwmIaoTnBvEKCMPLJ8ZFFfHmgfV9ab9NNf2LG3/XzIHBt4bG9PV0ChDquCTN860PA4woBxbOR3DjwQuXsflshrwiERvi6V3aMdEoY0etIzNYhQpRNfUziD2cL5MLkn4jt4oXvYayqyc2+sxZ77sdNfhQ0yVCiYfS3UCvCRGV9KyNb7EP7q670PxRfH7ynf4BySEO7bL6eu4XDoIdNgf8da/yaR00M9rnF+ZqR4VjSxixk4RFDBb36VY6zFGOOcz8W0xD62jvWDP2Y46CFKA5UUV7UHmpZinbna3Me+FqRPhqXB6/o3uvNeTZnl5m/RvshBkvhfO/4uSq0iT+z7MS1vGU9xycZFZQNeGjbpECPQZdiOQqCrib35kNsO6gwbWLOpFmCN1Nn2TkUHSWyjsSsee9OK3M9DSRRLc1evMlPRgq1jSzLn+LFMzZ+ZDNL7LcymvgE3D/yFruaRvpByuUt2A7fj7Jt6M7NglKuxzUpEWiFXl4+FUHKJQ838QQ+VBOB+STz7g8ft4/i1u19mGSOtrbZd6WY9Z4/RRzfEQDdUNGno1aan9IOB/CEwahGx34XzHd1wJbmr9P22ubOHa3cb/O5pUjqRPbzzOqi+b5ymuFhKD7uao47D7mERuhjMWxBeX6iHMf00PnTcEQjYCgnWgVsTTKcsKVhkNxjtPgtNBzO7ASD+c52CbgKassgVam0F+ZvfGWMaK5FJNyokzetv/ZHYhfSfnVbLSeCYyKGii5U55KOIEd2LSsOSjeyvJrCaFT2O8Zv6r258tvoXUfk0aXT9nRF02mhgl/CIQLtkkg/zwTaac0mPLfrGKRQDnelF+M7GUKLMGTHfhH6m0FvIo23fC9VIsfUuhNrKYEvzuqzRshpOYjStkWf7Nr9RC+f+8PEgvjLjJalL8gDWqc4r4L0jl/LXhJbV8PGM4DUpcfq5qmKcBUnJIOCw5MHn83y9sYjBWb1Nzpn8AK1tpHg7R+H/fS94f92imCTW9cO9Aittl7IeuQHm0HigsJzPvFFdj/kL15zqLrHJcfX4F+iRuvhX40NMxmKjDpdA/qixwD/9eVgA5c+dLCNtD+Em/tk31hhXhfucpzvA15RBCvzYu8eitLkj8Rn4/M9zM7zSqUv8dl1jB0xlbYaF1ii017caT4CiCVg47mcEI/Ftr1RoIQi8NOPu535BRhF+TzG2vWQSpSbOfW7ZO3jLqBTCW9ZsiS6wrx91L++ul3VBum/TCKY9Z1AwUV+miGbNB4qpmjFvqPeOcY9Q8Mlvf2CO8PqrTEOIvq+6mcVKybsV2yfnkluTjFp3SD+drt3u8MRB5frrZx00e/desPlqMWhyYvhZL8Yh3SZFn7NDGu8V1gWdl/oZQ4IKIpiOpm54UI664QfUd+SaHKE2f+PB7/s36jaJoq9OTZLQa3VN/HoQHfwpxSZFFN4KfoPcvhhU6PBQQB9oYmatU0m574khepejZizI9D5d4G8FHfwHU95+nhECaSteM/WZDixd6uca5iln++UEJe8i/4juFvbf73uzx634Ft3rQQBdXva0i4eCMez5UN/kdCqXCC1pb1WA8QriygmNpaveZvsNd3u2Kr4O6IOiq9VOTjlaw+cVwNe8RAg/iXP8G2Fm8YRf5046fmaymv25Ph8SLPFDUEUph9F7Lnwo2HPGLou6/eBbRUpqlNxlLOmt3mPK5Jo25kCqsZRbMgtvS+jebu4ok4XU+cPP/Dbe4O/+EfxFsIbfcAex7V7wQxPr8NdcMdof7HQ5C4t43h/kxLxsBqYFM94DmVRzqv3CHaDPYyVPW17HZIj8fBrgCW6V0dNbl3Wt7mz/JrZWQBTEePA6KkxghQI+nb7Ka8d8dvCVHSR2RV2rgEC24F1B+HU5sujY9nC52TwVA2upDH4U5Z5X3xW3zb1oZ2znpzcfFg5MWIrepl9NFyiLctsi3fcR4Fxs6YYeLkdGeSzWnh6BgiFHq4aHwx4flixrp6U2fGc4ePdg6QsYxqPGeifbCovU67iiv05/keO70nErz+8xBg68Bu2xVjDnQapmcSZ92MsdawiJhfK2ATigOBwtaFQrhQ+5nIoTQGGJKRxZwr6kCww8ryJSXfKMT7DnVUSFv2EZaDsH/LfHstWD2XtsOLiPhnHP9sMtsCmysJ8iDz5RvSINk11JMlsAQRUn/14pnbxVj7dL+L97J1pYlHkY7U/Sgm0kbrSVdvZwnAuqtqfedZQE0H0h3wO6bxzi7hoofvEDCIMvYzfNsqLDY9aBCSPDwxQQfz8UQ8dJ/mTlRV20ZXPP7MPm1mOJ2r1Exm2InvdJ3EVan692Uo6TMxYthcJetIzXg7W73TF/o0Y0Ft8XsaYVc3y59lJCIofCJozt79YJjOTU31w7NPXuNtZ2hns9A7Cqq6VDOCk5YnTHCMBWat9vaHlAKUZO6WbbesPWoywZhkKFUVoHJf3uKWps9zhQKMMOVR6dEdWWDZ4OACa0WBbVnJ2P7Ib2+7OqV2LtOB3pZv0ouLKRPf47NJ+iS4Ife2nJN0baEBXAJ/uhQowPbS/szWVMHH5aUu5b5mcJ47sizlf1NtxjUrDK10pZlF736723SLL0hMP3i+h/6H/4ptQTbbduE0ubhGNaQl/9ZlS9ZFMnByeblQl+FYZ2wxLJiwcFelTkxJV1sHIWvn2E/WAMsoR6qJro1BAQQTupyZukQRfHnX2bhq1yOKhPExRJStjdeGlDZQOAkNyOWVF6bZQ3dbQdh05bSQLoq88KqE9s44newvEtkvDpuL+BQGIMo4So6gVKR16ZFziDfE0kgaHTAJHTujl3GyU1ho/bv/pqgw6NMp8Tpx3XLHkTsPdYU6pIrGRzy9BDRgnNK9kVgZLJEu2YGT6pSlwMtAL14U6xrRad3M3cZgh5VL9ndU2p41NsiDwE3+K6ZWJWT6CuukBfMzMdjWVO2kD3WoK0SiKiU1aFOiPcJauB9FG2UT4gJaKLsbDQgDNaSDvnIbQh4eltrZg5D3Wk9I6JLaBKlBI+4rsGtuw3RKuRBelNWomwaQ45fjpxunZNWhPaCFaHsLKV6sHOrR/DLmL3TX9rfru6gYI/r/fLDZgjXgirGz3pzKGvXXmpZqzztbd60iX4VOKL1x+68sWGqcS6o9NC02KjvIO+cYmfVERY8Ghd5NfJzkOMOpL+WEF0Q72cYn0ZI8BZueCku9rr5mmKKb1pbGZAOOzXqHWZf925ia4gkUuLfZrtzLT+vCDtqrVFvu70kOC4cZQLj+i2E8N1FiAsSxF+pUrOIef+RHlKoerCOiPDKQG3024VeC8f3QiBtzxmApX24cNmmz22ZxIwp+Y0JewL67gJXr/Gklz6FRhFbDg4llrgs6qGdzDtGCbvtawcgksrdBTiklhemcz3D4QxdBk6OzuivVO6TrLkJQHS5YkXBNRmY/XDmgLtZlDlrZkdFrk/ACiF8ll8jmK7Az5dbvoSRe734gs6NuW0NMSzmfgvUHbbIAmsADnzr4MbkPJHPlJsOyo/3eNbrAi3O1LrFKCMLsydYRdfwvW+B10ixqSSFVCU62l7TYqsD1lmGUS6OqKhYflRsdxGQIUJk/yjQyTLB0/zgQXQIf/PG/A6kpGNpkJiibnXYxfPQN+EQx1Zucu2Osw/Zpu5yYEHHBqU7ZvSdAme3FnoWadIquozz2YAtXcd+LfAOF+nu/vOq/EmlaPI6MHTkS4/vpDeO+DKHLP4Qn8dTibKpJzFUO5HBvkXmU2sPQWzws908lGSulgubHUJ+51Z16+FkP86H0Y7v0hP2MNLrZzVXUzcD9KQDIm6MGuXHP2Ks0JjmjGhymlL0Dz3UtFb2eAtGiHROygRHH8d8JUNKaSRhNLDtLyiwhuwW/GYFt+9XaEu9KYxG/RadAMd/VD1mBr4hsPG+ev4sghVp5TCbbFWZx9UowmfX45AZcVBblPheANLwyt+XqhYZeu6fepJimxBt14opY68o7gstLgc067UnGw5/va5uzRn2e8onqDVjxKl7a5Yt1HaVZn6zfdWl6a859HV2WLiPfyLoZ0zjlz0fq5pUvVzTdWZQ9eG6WhbjUemAU/Rli/5VRlbbZJpzx8thwrwVO48d085K5KXll+tgfDvlWrgLLdUxV5CPA8oQ9YXxyWL2GdxBvs40A7l3jY+yO/DJoexfZwBjLJmqY5lw6Qolre6cI81Swbt0jvnLmnJf29ylFmwwY/Zr+1eR9UkiGW3D5YCzLJH+zfVbMbAZxHvnjDVHjW6h06oh2HvM4n9Almcr9d1+kLpvt6Zk4PTKJ7NIavU8JVIV9cNSUh7PtskgDhwZQ+6AT26fOp6Q/mx8V+/Td8S21eFPoLMUEuCbgeTDbVnqr5q44Ye7h6lz6IvDZRLqK/bluZAQfvm+ZUEs7PKIKDuuBBwgVE7nkJHAj8iDWztR++xIMP4O6+yzPlUgNqVuVDfjSMD//J2iP26yRB/saPq57zqez/TLXWywf7T9TBCB90PtU0afEa1jUjuDsIYiY3ihb7XQ5OWPL5p7I5XJNB/VmBsQP4tIQWTaU8tD+ElwtHhnToATuEoj8qRN1NItDqo/wtm7cdhBGpNWtyv946tG9lwN78U5pSef9QDkeHw5TG9L+Y6gj2UYlDyu8i6XWW0dQaWp43zTev3lQpPAZUA8sYHA3s2XRIcLQXFNsLLlDAF3YHDHtu++kfPOuMruzvbEaBIy/upOCmVoNSP7t5xXvLHGx+CHZfKoC0udX19J1fiIdSvQbcQ1i+/7fKIrcssK9b2YNVX+oL1a+84wGvueWVkzni1TWUDbfuorQGgf+wB4YngbxmB73iQwUcfFDe2Gq3Ys1pKbP3XjJviOckqZUmfAJyOf4D1IfRGXNc+UeR8pe5zzevTF99dPiv5YeA/apHw++sQNog2zSq4hO4wH1a8W3EBPjtLNCjyxEwcdI+Pb9cYh6YvaVvQAaoXy18WWdg7TCg1Y2jq/qa/I/hNKMvbcmgCKT7fnZDNXcRNO/QWAM7YWj7ySOr5pqNzGG9r+U1AuWsSD5c8+p8DrkaUX11Hzey26sfLpgOHZADySzXZQQK3ekCXIoSFLeTAaQCW0rtZNp43rNvzX5bziAE9wT56nwvLhtjkQk0C1Bc+KzfDzce2XFmJl5AkeG509+tNlkKwjQraphr8TrSXwqQf1y2HBMVTPR1WZNoLW6x8O9V7TXw2NzXSsXCJMNYyr1eEfLn481iR/+/ih/+bPy9cD0gQt/maiU28/K55v/5+wyq2h/NLq3w+n/9Aud+/Rw6fbQkdxbIVJziCIPDfoSlZimH7H4dQ/j/QV3+KxdgX2/JAXeifEzAY/hdK/p11/R1C6H9+/tb5Vv0dw+l/Ifjf0aqoP9X2vw4n69+hz7+/Argi/r4YhNrPV9F1//5xGcftf/xOXJKpeo95AT7xnw== ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-siem-importer/01-function-and-mq.tf ================================================ resource "yandex_iam_service_account_static_access_key" "sa_static_key" { service_account_id = var.service_account_id description = "static access key for object storage and s3 " } data "archive_file" "function" { type = "zip" source_dir = "${path.module}/pusher" output_path = "${path.module}/pusher.zip" } resource "random_string" "project_suffix" { length = 10 upper = false lower = true number = true special = false } #--------AUDIT----------- resource "yandex_message_queue" "log_queue_for_auditlog" { count = var.auditlog_enabled ? 1 : 0 access_key = yandex_iam_service_account_static_access_key.sa_static_key.access_key secret_key = yandex_iam_service_account_static_access_key.sa_static_key.secret_key name = "log-queue-auditlog-${random_string.project_suffix.result}" visibility_timeout_seconds = 600 receive_wait_time_seconds = 20 message_retention_seconds = 1209600 } resource "yandex_function" "s3_ymq_for_auditlog" { depends_on = [yandex_message_queue.log_queue_for_auditlog] folder_id = var.folder_id name = "s3-ymq-auditlog-sync-${random_string.project_suffix.result}" runtime = "python38" entrypoint = "main.handler" memory = "256" execution_timeout = "30" environment = { YMQ_URL = yandex_message_queue.log_queue_for_auditlog[0].id AWS_ACCESS_KEY_ID = yandex_iam_service_account_static_access_key.sa_static_key.access_key AWS_SECRET_ACCESS_KEY = yandex_iam_service_account_static_access_key.sa_static_key.secret_key AUDIT_LOG_PREFIX = var.auditlogs_prefix } user_hash = data.archive_file.function.output_base64sha256 content { zip_filename = data.archive_file.function.output_path } } resource "yandex_function_trigger" "s3_ymq_auditlog_trigger" { depends_on = [yandex_message_queue.log_queue_for_auditlog,yandex_function.s3_ymq_for_auditlog] folder_id = var.folder_id name = "s3-ymq-auditlog-trigger-${random_string.project_suffix.result}" function { id = yandex_function.s3_ymq_for_auditlog.id service_account_id = var.service_account_id } object_storage { bucket_id = var.log_bucket_name prefix = var.auditlogs_prefix create = true update = false delete = false } } #--------FALCO----------- resource "yandex_message_queue" "log_queue_for_falco" { count = var.falco_enabled ? 1 :0 access_key = yandex_iam_service_account_static_access_key.sa_static_key.access_key secret_key = yandex_iam_service_account_static_access_key.sa_static_key.secret_key name = "log-queue-falco-${random_string.project_suffix.result}" visibility_timeout_seconds = 600 receive_wait_time_seconds = 20 message_retention_seconds = 1209600 } resource "yandex_function" "s3_ymq_for_falco" { depends_on = [yandex_message_queue.log_queue_for_falco] folder_id = var.folder_id name = "s3-ymq-falco-sync-${random_string.project_suffix.result}" runtime = "python38" entrypoint = "main.handler" memory = "256" execution_timeout = "30" environment = { YMQ_URL = yandex_message_queue.log_queue_for_falco[0].id AWS_ACCESS_KEY_ID = yandex_iam_service_account_static_access_key.sa_static_key.access_key AWS_SECRET_ACCESS_KEY = yandex_iam_service_account_static_access_key.sa_static_key.secret_key FALCO_LOG_PREFIX = var.falco_prefix } user_hash = data.archive_file.function.output_base64sha256 content { zip_filename = data.archive_file.function.output_path } } resource "yandex_function_trigger" "s3_ymq_falco_trigger" { depends_on = [yandex_message_queue.log_queue_for_falco,yandex_function.s3_ymq_for_falco] folder_id = var.folder_id name = "s3-ymq-falco-trigger-${random_string.project_suffix.result}" function { id = yandex_function.s3_ymq_for_falco.id service_account_id = var.service_account_id } object_storage { bucket_id = var.log_bucket_name prefix = var.falco_prefix create = true update = false delete = false } } #--------KYVERNO----------- resource "yandex_message_queue" "log_queue_for_kyverno" { count = var.kyverno_enabled ? 1 :0 access_key = yandex_iam_service_account_static_access_key.sa_static_key.access_key secret_key = yandex_iam_service_account_static_access_key.sa_static_key.secret_key name = "log-queue-kyverno-${random_string.project_suffix.result}" visibility_timeout_seconds = 600 receive_wait_time_seconds = 20 message_retention_seconds = 1209600 } resource "yandex_function" "s3_ymq_for_kyverno" { depends_on = [yandex_message_queue.log_queue_for_kyverno] folder_id = var.folder_id name = "s3-ymq-kyverno-sync-${random_string.project_suffix.result}" runtime = "python38" entrypoint = "main.handler" memory = "256" execution_timeout = "30" environment = { YMQ_URL = yandex_message_queue.log_queue_for_kyverno[0].id AWS_ACCESS_KEY_ID = yandex_iam_service_account_static_access_key.sa_static_key.access_key AWS_SECRET_ACCESS_KEY = yandex_iam_service_account_static_access_key.sa_static_key.secret_key KYVERNO_LOG_PREFIX = var.kyverno_prefix } user_hash = data.archive_file.function.output_base64sha256 content { zip_filename = data.archive_file.function.output_path } } resource "yandex_function_trigger" "s3_ymq_kyverno_trigger" { depends_on = [yandex_message_queue.log_queue_for_kyverno,yandex_function.s3_ymq_for_kyverno] folder_id = var.folder_id name = "s3-ymq-kyverno-trigger-${random_string.project_suffix.result}" function { id = yandex_function.s3_ymq_for_kyverno.id service_account_id = var.service_account_id } object_storage { bucket_id = var.log_bucket_name prefix = var.kyverno_prefix create = true update = false delete = false } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-siem-importer/02-coi-worker.tf ================================================ resource "tls_private_key" "ssh" { algorithm = "RSA" rsa_bits = "4096" } resource "local_file" "private_key" { content = tls_private_key.ssh.private_key_pem filename = "pt_key.pem" file_permission = "0600" } data "template_file" "cloud_init" { template = file("../security-events-to-siem-importer/worker/cloud-init.tpl.yaml") vars = { ssh_key = "${chomp(tls_private_key.ssh.public_key_openssh)}" } } data "template_file" "docker-declaration-auditlog" { template = file("../security-events-to-siem-importer/worker/docker-declaration-auditlog.yaml") vars = { ELASTIC_AUTH_USER = "${var.elastic_user}" ELASTIC_SERVER = "${var.elastic_server}:9200" ELK_PASS_ENCR = "${yandex_kms_secret_ciphertext.encrypted_pass.ciphertext}" KIBANA_SERVER = "${var.elastic_server}" KMS_KEY_ID = "${yandex_kms_symmetric_key.kms-key.id}" S3_BUCKET = "${var.log_bucket_name}" S3_KEY_ENCR = "${yandex_kms_secret_ciphertext.encrypted_s3_key.ciphertext}" S3_SECRET_ENCR = "${yandex_kms_secret_ciphertext.encrypted_s3_secret.ciphertext}" SLEEP_TIME = "300" AUDIT_LOG_PREFIX = "AUDIT/" YMQ_URL = "${yandex_message_queue.log_queue_for_auditlog[0].id}" } } data "template_file" "docker-declaration-falco" { template = file("../security-events-to-siem-importer/worker/docker-declaration-falco.yaml") vars = { ELASTIC_AUTH_USER = "${var.elastic_user}" ELASTIC_SERVER = "${var.elastic_server}:9200" ELK_PASS_ENCR = "${yandex_kms_secret_ciphertext.encrypted_pass.ciphertext}" KIBANA_SERVER = "${var.elastic_server}" KMS_KEY_ID = "${yandex_kms_symmetric_key.kms-key.id}" S3_BUCKET = "${var.log_bucket_name}" S3_KEY_ENCR = "${yandex_kms_secret_ciphertext.encrypted_s3_key.ciphertext}" S3_SECRET_ENCR = "${yandex_kms_secret_ciphertext.encrypted_s3_secret.ciphertext}" SLEEP_TIME = "300" FALCO_LOG_PREFIX = "FALCO/" YMQ_URL = "${yandex_message_queue.log_queue_for_falco[0].id}" } } #----KYVERNO----- data "template_file" "docker-declaration-kyverno" { template = file("../security-events-to-siem-importer/worker/docker-declaration-kyverno.yaml") vars = { ELASTIC_AUTH_USER = "${var.elastic_user}" ELASTIC_SERVER = "${var.elastic_server}:9200" ELK_PASS_ENCR = "${yandex_kms_secret_ciphertext.encrypted_pass.ciphertext}" KIBANA_SERVER = "${var.elastic_server}" KMS_KEY_ID = "${yandex_kms_symmetric_key.kms-key.id}" S3_BUCKET = "${var.log_bucket_name}" S3_KEY_ENCR = "${yandex_kms_secret_ciphertext.encrypted_s3_key.ciphertext}" S3_SECRET_ENCR = "${yandex_kms_secret_ciphertext.encrypted_s3_secret.ciphertext}" SLEEP_TIME = "300" KYVERNO_LOG_PREFIX = "KYVERNO/" YMQ_URL = "${yandex_message_queue.log_queue_for_kyverno[0].id}" } } #------------ data "yandex_compute_image" "container-optimized-image" { family = "container-optimized-image" } #--COI AUDITLOG resource "yandex_compute_instance" "instance-based-on-coi-auditlog" { name = "k8s-auditlog-siem-worker" hostname = "k8s-auditlog-siem-worker" zone = "ru-central1-a" service_account_id = var.service_account_id boot_disk { initialize_params { image_id = data.yandex_compute_image.container-optimized-image.id type = "network-ssd" size = 100 } } network_interface { subnet_id = var.coi_subnet_id # не забыть включить NAT для subnet, где COI } resources { cores = 2 memory = 2 } metadata = { user-data = "${data.template_file.cloud_init.rendered}" docker-container-declaration = "${data.template_file.docker-declaration-auditlog.rendered}" } } #----COI FALCO resource "yandex_compute_instance" "instance-based-on-coi-falco" { name = "k8s-falco-siem-worker" hostname = "k8s-falco-siem-worker" zone = "ru-central1-a" service_account_id = var.service_account_id boot_disk { initialize_params { image_id = data.yandex_compute_image.container-optimized-image.id type = "network-ssd" size = 100 } } network_interface { subnet_id = var.coi_subnet_id # не забыть включить NAT для subnet, где COI } resources { cores = 2 memory = 2 } metadata = { user-data = "${data.template_file.cloud_init.rendered}" docker-container-declaration = "${data.template_file.docker-declaration-falco.rendered}" } } #---COI KYVERNO--- resource "yandex_compute_instance" "instance-based-on-coi-kyverno" { name = "k8s-kyverno-siem-worker" hostname = "k8s-kyverno-siem-worker" zone = "ru-central1-a" service_account_id = var.service_account_id boot_disk { initialize_params { image_id = data.yandex_compute_image.container-optimized-image.id type = "network-ssd" size = 100 } } network_interface { subnet_id = var.coi_subnet_id # не забыть включить NAT для subnet, где COI } resources { cores = 2 memory = 2 } metadata = { user-data = "${data.template_file.cloud_init.rendered}" docker-container-declaration = "${data.template_file.docker-declaration-kyverno.rendered}" } } #------------ resource "yandex_kms_symmetric_key" "kms-key" { name = "kms-key-${random_string.project_suffix.result}" description = "Key for secrets encryption" default_algorithm = "AES_128" } resource "yandex_resourcemanager_folder_iam_binding" "binding" { folder_id = var.folder_id role = "kms.keys.encrypterDecrypter" members = [ "serviceAccount:${var.service_account_id}", ] } resource "yandex_kms_secret_ciphertext" "encrypted_pass" { key_id = yandex_kms_symmetric_key.kms-key.id plaintext = var.elastic_pw } resource "yandex_kms_secret_ciphertext" "encrypted_s3_key" { key_id = yandex_kms_symmetric_key.kms-key.id plaintext = yandex_iam_service_account_static_access_key.sa_static_key.access_key } resource "yandex_kms_secret_ciphertext" "encrypted_s3_secret" { key_id = yandex_kms_symmetric_key.kms-key.id plaintext = yandex_iam_service_account_static_access_key.sa_static_key.secret_key } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-siem-importer/README.md ================================================ # Security-events-to-siem-importer Описание: Модуль, который через очередь читает логи из бакета и кладет их Elastic ### Принимает на вход: - folder_id - ID каталога - log_bucket_name - имя S3 бакета, логи из которого нужно обрабатывать - service_account_id - (опционально) ID сервисного аккаунта, который будет запускать фукнцию, создавать очереди и писать в очереди - auditlog_enabled - Включать ли поставку аулит лога (по умолчанию - true) - falco_enabled - Включать ли поставку аудит лога - elastic_server - URL в виде "https://xxx.rw.mdb.yandexcloud.net" - elastic_user - Имя пользователя с административными правами в ElasticSearch - elastic_pw - Пароль пользователя ElasticSearch - coi_subnet_id - ID подсети, в которой будут созданы worker контейнеры для обработки данных ### Выполняет: - Создание статического ключа для УЗ - Создание функций и тригеров для записи логов в очереди и обогащения логов параметрами 'cloud_id','folder_id','cluster_id','cluster_url' - Обработка логов из очереди через worker-контейнеры - Выгрузка логов в ElasticSearch Пререквизиты: 1) Сервисная учетная запись с правами *ymq.writer*, *serverless.functions.invoker*, *storage.editor* 2) ID подсети для создания контейнеров 3) Включенный NAT на выбранной подсети 3) Кластер ElasticSearch ### Вызов модуля ``` module "bucket_baby" { source = "../../../yc-solution-library-for-security/auditlogs/export-k8s-events-to-siem/security-events-to-siem-importer" # путь до модуля folder_id = "xxxxxx" // folder-id кластера k8s yc managed-kubernetes cluster get --id --format=json | jq .folder_id log_bucket_name = "lugs-bucket" // можно подставить из конфига развертывания service_account_id = "xxxxxx" // id выданный администратором } ``` ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-siem-importer/pusher/Makefile ================================================ all: clean dependencies package clean: rm -rf dist/ dirs: mkdir -p dist/ dependencies: dirs docker run --rm \ -v $(shell pwd)/dist:/dist -v $(shell pwd):/app \ -w /app \ python:3.7-stretch \ pip3 install -r /app/requirements.txt --target /dist/ install-code: dirs cp main.py dist/main.py cp s3.py dist/s3.py package: dirs install-code rm -f dist.zip cd dist && zip --exclude '*.pyc' -r ../dist.zip ./* .PHONY: clean dirs dependencies install-code package all ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-siem-importer/pusher/main.py ================================================ import boto3 import json import os client = boto3.client( service_name='sqs', endpoint_url='https://message-queue.api.cloud.yandex.net', region_name='ru-central1' ) s3_client = boto3.client( service_name='s3', endpoint_url='https://storage.yandexcloud.net', region_name='ru-central1', ) def handler(event, context): queue_url = os.environ.get('YMQ_URL') for message in event['messages']: if os.environ.get('AUDIT_LOG_PREFIX') is not None and message['details']['object_id'].startswith(os.environ.get('AUDIT_LOG_PREFIX')): log_type = 'AUDIT' elif os.environ.get('FALCO_LOG_PREFIX') is not None and message['details']['object_id'].startswith(os.environ.get('FALCO_LOG_PREFIX')): log_type = 'FALCO' else: log_type = 'UNKNOWN' metadata_list = message['details']['object_id'].split("/") data = { 'log_type': log_type, 'bucket_id': message['details']['bucket_id'], 'object_id': message['details']['object_id'], 'cloud_id': metadata_list[1], 'folder_id': metadata_list[2], 'cluster_id': metadata_list[3], 'cluster_url': "https://console.cloud.yandex.ru/folders/"+metadata_list[2]+"/managed-kubernetes/cluster/"+ metadata_list[3] } print(data) log_obj = s3_client.get_object(Bucket=message['details']['bucket_id'], Key=message['details']['object_id']) file_content = log_obj['Body'].read() print(file_content) client.send_message( QueueUrl=queue_url, MessageBody=json.dumps(data), MessageGroupId = "%s\%s" % (message['details']['bucket_id'],log_type) ) print('Successfully sent message to queue') ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-siem-importer/pusher/requirements.txt ================================================ botocore boto3 ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-siem-importer/pusher/test.py ================================================ def test(a): pass ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-siem-importer/variables.tf ================================================ variable "folder_id" { } variable "log_bucket_name" { } variable "service_account_id" { #functions.invoker, storage.editor, ymq.editor } variable "auditlog_enabled" { default = true } variable "auditlogs_prefix" { default = "AUDIT/" } variable "falco_enabled" { default = true } variable "falco_prefix" { default = "FALCO/" } variable "kyverno_enabled" { default = true } variable "kyverno_prefix" { default = "KYVERNO/" } variable "elastic_pw" { } variable "elastic_user" { } variable "elastic_server" { default = "https://c-xxx.rw.mdb.yandexcloud.net" } variable "coi_subnet_id" { description = "subnet id for COI instance" } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-siem-importer/versions.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.5" } } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-siem-importer/worker/Dockerfile ================================================ FROM python:3.9.1-slim RUN apt-get update # docker build нужно запускать из папки auditlogs чтобы был правильный контекст при подборе include файлов # пример docker build команды: # docker build -t k8s-events-siem-worker:latest -f ./export-auditlogs-to-ELK_k8s/security-events-to-siem-importer/worker/Dockerfile . COPY /export-auditlogs-to-ELK_k8s/security-events-to-siem-importer/worker/function /app/function COPY /export-auditlogs-to-ELK_main/update-elk-scheme/include /app/include WORKDIR /app RUN python3 -m pip install --upgrade pip RUN pip install -r /app/function/requirements.txt CMD ["python3", "function/main.py"] ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-siem-importer/worker/cloud-init.tpl.yaml ================================================ #cloud-config #ssh_pwauth: no users: - name: yc-user sudo: ALL=(ALL) NOPASSWD:ALL groups: sudo shell: /bin/bash ssh_authorized_keys: - "${ssh_key}" ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-siem-importer/worker/docker-compose.yml ================================================ version: "3.6" services: app: build: . stdin_open: true tty: true volumes: - .:/app ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-siem-importer/worker/docker-declaration-auditlog.yaml ================================================ spec: containers: - env: - name: KMS_KEY_ID value: ${KMS_KEY_ID} - name: ELASTIC_SERVER value: ${ELASTIC_SERVER} - name: ELASTIC_AUTH_USER value: ${ELASTIC_AUTH_USER} - name: ELK_PASS_ENCR value: ${ELK_PASS_ENCR} - name: KIBANA_SERVER value: ${KIBANA_SERVER} - name: S3_BUCKET value: ${S3_BUCKET} - name: S3_KEY_ENCR value: ${S3_KEY_ENCR} - name: S3_SECRET_ENCR value: ${S3_SECRET_ENCR} - name: YMQ_URL value: ${YMQ_URL} - name: AUDIT_LOG_PREFIX value: ${AUDIT_LOG_PREFIX} - name: SLEEP_TIME value: ${SLEEP_TIME} - name: PYTHONUNBUFFERED value: 1 image: cr.yandex/crpjfmfou6gflobbfvfv/k8s-events-siem-worker:1.1.0 name: k8s-auditlog-siem-worker securityContext: privileged: false stdin: false tty: false restartPolicy: Always ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-siem-importer/worker/docker-declaration-falco.yaml ================================================ spec: containers: - env: - name: KMS_KEY_ID value: ${KMS_KEY_ID} - name: ELASTIC_SERVER value: ${ELASTIC_SERVER} - name: ELASTIC_AUTH_USER value: ${ELASTIC_AUTH_USER} - name: ELK_PASS_ENCR value: ${ELK_PASS_ENCR} - name: KIBANA_SERVER value: ${KIBANA_SERVER} - name: S3_BUCKET value: ${S3_BUCKET} - name: S3_KEY_ENCR value: ${S3_KEY_ENCR} - name: S3_SECRET_ENCR value: ${S3_SECRET_ENCR} - name: YMQ_URL value: ${YMQ_URL} - name: FALCO_LOG_PREFIX value: ${FALCO_LOG_PREFIX} - name: SLEEP_TIME value: ${SLEEP_TIME} - name: PYTHONUNBUFFERED value: 1 image: cr.yandex/crpjfmfou6gflobbfvfv/k8s-events-siem-worker:1.1.0 name: k8s-falco-siem-worker securityContext: privileged: false stdin: false tty: false restartPolicy: Always ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-siem-importer/worker/docker-declaration-kyverno.yaml ================================================ spec: containers: - env: - name: KMS_KEY_ID value: ${KMS_KEY_ID} - name: ELASTIC_SERVER value: ${ELASTIC_SERVER} - name: ELASTIC_AUTH_USER value: ${ELASTIC_AUTH_USER} - name: ELK_PASS_ENCR value: ${ELK_PASS_ENCR} - name: KIBANA_SERVER value: ${KIBANA_SERVER} - name: S3_BUCKET value: ${S3_BUCKET} - name: S3_KEY_ENCR value: ${S3_KEY_ENCR} - name: S3_SECRET_ENCR value: ${S3_SECRET_ENCR} - name: YMQ_URL value: ${YMQ_URL} - name: KYVERNO_LOG_PREFIX value: ${KYVERNO_LOG_PREFIX} - name: SLEEP_TIME value: ${SLEEP_TIME} - name: PYTHONUNBUFFERED value: 1 image: cr.yandex/crpjfmfou6gflobbfvfv/k8s-events-siem-worker:1.1.0 name: k8s-kyverno-siem-worker securityContext: privileged: false stdin: false tty: false restartPolicy: Always ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-siem-importer/worker/function/main.py ================================================ import base64 import boto3 import botocore import json import os import requests import time # Function - Get token def get_token(): response = requests.get('http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token', headers={"Metadata-Flavor":"Google"}) return response.json().get('access_token') # Function - Decrypt data with KMS key def decrypt_secret_kms(secret): token = get_token() request_suffix = kms_key_id+':decrypt' request_json_data = {'ciphertext': secret} response = requests.post('https://kms.yandex/kms/v1/keys/'+request_suffix, data=json.dumps(request_json_data), headers={"Accept":"application/json", "Authorization": "Bearer "+token}) b64_data = response.json().get('plaintext') return base64.b64decode(b64_data).decode() # Configuration - Get ElasticSearch CA.pem def get_elastic_cert(): file = '/app/include/CA.pem' if os.path.isfile(file): return file else: url = 'https://storage.yandexcloud.net/cloud-certs/CA.pem' response = requests.get(url) with open('/app/include/CA.pem', 'wb') as f: f.write(response.content) return file # Configuration - Keys elastic_auth_pw_encr = os.environ['ELK_PASS_ENCR'] kms_key_id = os.environ['KMS_KEY_ID'] s3_key_encr = os.environ['S3_KEY_ENCR'] s3_secret_encr = os.environ['S3_SECRET_ENCR'] # Configuration - Setting up variables for ElasticSearch elastic_auth_pw = decrypt_secret_kms(elastic_auth_pw_encr) elastic_auth_user = os.environ['ELASTIC_AUTH_USER'] elastic_server = os.environ['ELASTIC_SERVER'] kibana_server = os.environ['KIBANA_SERVER'] elastic_cert = get_elastic_cert() # Configuration - Setting up variables for S3 s3_bucket = os.environ['S3_BUCKET'] s3_key = decrypt_secret_kms(s3_key_encr) s3_local = '/tmp/data' s3_secret = decrypt_secret_kms(s3_secret_encr) # Configuration - Sleep time if(os.getenv('SLEEP_TIME') is not None): sleep_time = int(os.environ['SLEEP_TIME']) else: sleep_time = 240 # Configuration - Log type if os.getenv("AUDIT_LOG_PREFIX") is not None: s3_folder = os.environ['AUDIT_LOG_PREFIX'].rstrip("/") elastic_index_alias = "k8s-audit" elastic_index_name = f"{elastic_index_alias}-index-000001" elastic_index_template = f"{elastic_index_alias}-template" elastic_index_ilm = f"{elastic_index_alias}-ilm" elastic_index_pipeline = f"{elastic_index_alias}-pipeline" elif os.getenv("FALCO_LOG_PREFIX") is not None: s3_folder = os.environ['FALCO_LOG_PREFIX'].rstrip("/") elastic_index_alias = "k8s-falco" elastic_index_name = f"{elastic_index_alias}-index-000001" elastic_index_template = f"{elastic_index_alias}-template" elastic_index_ilm = f"{elastic_index_alias}-ilm" elastic_index_pipeline = f"{elastic_index_alias}-pipeline" elif os.getenv("KYVERNO_LOG_PREFIX") is not None: s3_folder = os.environ['KYVERNO_LOG_PREFIX'].rstrip("/") elastic_index_alias = "k8s-kyverno" elastic_index_name = f"{elastic_index_alias}-index-000001" elastic_index_template = f"{elastic_index_alias}-template" elastic_index_ilm = f"{elastic_index_alias}-ilm" elastic_index_pipeline = f"{elastic_index_alias}-pipeline" # State - Setting up S3 client s3 = boto3.resource('s3', endpoint_url = 'https://storage.yandexcloud.net', aws_access_key_id = s3_key, aws_secret_access_key = s3_secret ) sqs = boto3.client( service_name = 'sqs', endpoint_url = 'https://message-queue.api.cloud.yandex.net', region_name = 'ru-central1', aws_access_key_id = s3_key, aws_secret_access_key = s3_secret ) # Configuration - YMQ sqs_url = os.environ['YMQ_URL'] # Function - Create config index in ElasticSearch def create_config_index(): request_suffix = f"/.state-{elastic_index_alias}" response = requests.get(elastic_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw)) if(response.status_code == 404): request_suffix = f"/.state-{elastic_index_alias}/_doc/1" request_json = """{ "is_configured": true }""" response = requests.post(elastic_server+request_suffix, data=request_json, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"Content-Type":"application/json"}) print('Config index -- CREATED') print(f"{response.status_code} -- {response.text}") else: print('Config index -- EXISTS') print(f"{response.status_code} -- {response.text}") # Function - Get config index state def get_config_index_state(): request_suffix = f"/.state-{elastic_index_alias}/_doc/1/_source" response = requests.get(elastic_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw)) if(response.status_code != 200): return False return response.json()['is_configured'] # Function - Create ingest pipeline def create_ingest_pipeline(): request_suffix = f"/_ingest/pipeline/{elastic_index_pipeline}" data_file = open(f"/app/include/{elastic_index_alias}/pipeline.json") # заменить на прямую ссылку github когда репо станет публичным data_json = json.load(data_file) data_file.close() response = requests.put(elastic_server+request_suffix, json=data_json, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw)) if(response.status_code == 200): print('Ingest pipeline -- CREATED') print(f"{response.status_code} -- {response.text}") # Function - Create an index template def create_index_template(): request_suffix = f"/_index_template/{elastic_index_template}" data_file = open(f"/app/include/{elastic_index_alias}/index-template.json") data_json = json.load(data_file) data_file.close() response = requests.put(elastic_server+request_suffix, json=data_json, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"Content-Type":"application/json"}) if(response.status_code == 200): print('Index template -- CREATED') print(f"{response.status_code} - {response.text}") def create_lifecycle_policy(): request_suffix = f"/_ilm/policy/{elastic_index_ilm}" request_json = """{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "rollover": { "max_age": "30d", "max_primary_shard_size": "50gb" } } } } } }""" response = requests.put(elastic_server+request_suffix, data=request_json, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"Content-Type":"application/json"}) if(response.status_code == 200): print('Index lifecycle policy -- CREATED') print(f"{response.status_code} - {response.text}") # Function - Create an index def create_first_index(): request_suffix = f"/{elastic_index_name}" response = requests.put(elastic_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw)) if(response.status_code == 200): print(f"Index {elastic_index_name} -- CREATED") print(f"{response.status_code} - {response.text}") # Function - Create an index alias def create_index_alias(): request_suffix = f"/_aliases" request_json = """{ "actions" : [ { "add" : { "index" : "%s", "alias" : "%s" } } ] }""" % (elastic_index_name, elastic_index_alias) response = requests.post(elastic_server+request_suffix, data=request_json, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"Content-Type":"application/json"}) if(response.status_code == 200): print('Index alias -- CREATED') print(f"{response.status_code} - {response.text}") # Function - Refresh index def refresh_index(): request_suffix = f"/{elastic_index_alias}/_refresh" response = requests.post(elastic_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw)) if(response.status_code == 200): print('Index -- REFRESHED') print(f"{response.status_code} -- {response.text}") # Function - Check detection engine index def get_detections_engine(): request_suffix = f"/s/default/api/detection_engine/index" response = requests.get(kibana_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): return True else: print(f"{response.status_code} - {response.text}") return False # Function - Preconfigure Kibana def configure_kibana(): # Index pattern file = f"/app/include/{elastic_index_alias}/index-pattern.ndjson" if os.path.isfile(file): data_file = { 'file': open(file, 'rb') } request_suffix = '/api/saved_objects/_import' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): print('Index pattern -- IMPORTED') print(f"{response.status_code} -- {response.text}") # Filters file = f"/app/include/{elastic_index_alias}/filters.ndjson" if os.path.isfile(file): data_file = { 'file': open(file, 'rb') } request_suffix = '/api/saved_objects/_import' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): print('Filters -- IMPORTED') print(f"{response.status_code} -- {response.text}") # Search file = f"/app/include/{elastic_index_alias}/search.ndjson" if os.path.isfile(file): data_file = { 'file': open(file, 'rb') } request_suffix = '/api/saved_objects/_import' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): print('Searches -- IMPORTED') print(f"{response.status_code} -- {response.text}") # Dashboard file = f"/app/include/{elastic_index_alias}/dashboard.ndjson" if os.path.isfile(file): data_file = { 'file': open(file, 'rb') } request_suffix = '/api/saved_objects/_import' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): print('Dashboard -- IMPORTED') print(f"{response.status_code} -- {response.text}") # Detections # Pre-create detections index if not get_detections_engine(): request_suffix = '/s/default/api/detection_engine/index' response = requests.post(kibana_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): print('Detections -- SIEM rules index pre-created') print(f"{response.status_code} - {response.text}") file = f"/app/include/{elastic_index_alias}/detections.ndjson" if os.path.isfile(file): data_file = { 'file': open(file, 'rb') } request_suffix = '/api/detection_engine/rules/_import' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): print('Detections -- IMPORTED') print(f"{response.status_code} -- {response.text}") # Function - Clean up S3 folder def delete_object_s3(s3_bucket, s3_object): b = s3.Bucket(s3_bucket) b.delete_objects( Delete={ 'Objects': [ { 'Key': s3_object }, ] } ) # Function - Delete SQS message def delete_sqs_message(msg): sqs.delete_message( QueueUrl=sqs_url, ReceiptHandle=msg.get('ReceiptHandle') ) # Function - Process JSON logs batch def process_s3_batch(bucket, folder, local=None): print('JSON processing -- STARTED') parse_substring = '".": {}, ' processing = True request_suffix = f"/{elastic_index_alias}/_bulk?pipeline={elastic_index_pipeline}" while processing: b = s3.Bucket(bucket) messages = sqs.receive_message( QueueUrl=sqs_url, MaxNumberOfMessages=10, VisibilityTimeout=60, WaitTimeSeconds=20 ).get('Messages') if(messages == None): processing = False continue for msg in messages: msg_body = json.loads(msg.get('Body')) source = msg_body['object_id'] cloud_id = msg_body['cloud_id'] folder_id = msg_body['folder_id'] cluster_id = msg_body['cluster_id'] cluster_url = msg_body['cluster_url'] if source[-1] == '/': delete_sqs_message(msg) continue target = source if local is None \ else os.path.join(local, source) if not os.path.exists(os.path.dirname(target)): os.makedirs(os.path.dirname(target)) try: b.download_file(source, target) except botocore.exceptions.ClientError as e: sqs.delete_message( QueueUrl=sqs_url, ReceiptHandle=msg.get('ReceiptHandle') ) continue with open(target, "r") as raw_file: lines = [] for line in raw_file: lines.append('{"index":{}},') line = line.replace(parse_substring, "") lines.append(f"{line.rstrip()[:-1]}, \"cloud_id\": \"{cloud_id}\", \"folder_id\": \"{folder_id}\", \"cluster_id\": \"{cluster_id}\", \"cluster_url\": \"{cluster_url}\"}},") lines[-1] = lines[-1][:-1]+"\n" data = "\n".join(lines) response = requests.post(elastic_server+request_suffix, \ data=data, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), \ headers={"Content-Type":"application/json"}) if(response.status_code == 200): delete_object_s3(s3_bucket, source) delete_sqs_message(msg) os.remove(target) print(response.text) else: print(response.text) print(f"JSON processing -- COMPLETE") # Process - Upload data def upload_logs(): if(get_config_index_state()): print("Config index -- EXISTS") process_s3_batch(s3_bucket, s3_folder, s3_local) refresh_index() else: create_lifecycle_policy() create_index_template() create_first_index() create_index_alias() create_ingest_pipeline() configure_kibana() create_config_index() process_s3_batch(s3_bucket, s3_folder, s3_local) refresh_index() ### MAIN CONTROL PANEL upload_logs() print("Sleep -- STARTED") time.sleep(sleep_time) ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-siem-importer/worker/function/requirements.txt ================================================ boto3 requests botocore ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-storage-exporter/00-infra.tf ================================================ data "yandex_iam_service_account" "bucket_sa" { service_account_id = var.log_bucket_service_account_id } data "yandex_kubernetes_cluster" "my_cluster" { folder_id = var.folder_id name = var.cluster_name } data "yandex_resourcemanager_folder" "my_folder" { folder_id = var.folder_id } resource "yandex_iam_service_account_static_access_key" "sa_static_key" { service_account_id = data.yandex_iam_service_account.bucket_sa.id description = "static access key for object storage" } data "yandex_client_config" "client" {} provider "helm" { kubernetes { host = data.yandex_kubernetes_cluster.my_cluster.master.0.public_ip == true ? data.yandex_kubernetes_cluster.my_cluster.master.0.external_v4_endpoint : data.yandex_kubernetes_cluster.my_cluster.master.0.internal_v4_endpoint cluster_ca_certificate = data.yandex_kubernetes_cluster.my_cluster.master.0.cluster_ca_certificate token = data.yandex_client_config.client.iam_token } } /* data "local_file" "yc-mk8s-ca" { filename = "${path.module}/templates/yc-mk8s.ca" } data "template_file" "kubeconfig" { template = file("${path.module}/templates/kubeconfig-template.yaml.tpl") vars = { context = var.cluster_name cluster_ca_certificate = data.local_file.yc-mk8s-ca.content endpoint = data.yandex_kubernetes_cluster.my_cluster.master.0.public_ip == true ? data.yandex_kubernetes_cluster.my_cluster.master.0.external_v4_endpoint : data.yandex_kubernetes_cluster.my_cluster.master.0.internal_v4_endpoint token = data.yandex_client_config.client.iam_token } } resource "local_file" "kubeconfig" { content = data.template_file.kubeconfig.rendered filename = "${path.cwd}/foo.bar" } provider "kustomization" { kubeconfig_raw = data.template_file.kubeconfig.rendered } output "cluster" { description = "A kubeconfig file configured to access the GKE cluster." value = data.yandex_kubernetes_cluster.my_cluster.master } output "kubeconfig_raw" { description = "A kubeconfig file configured to access the GKE cluster." value = data.template_file.kubeconfig.rendered } /* locals { kubeconfig_raw_vars = { context = var.cluster_name cluster_ca_certificate = data.yandex_kubernetes_cluster.my_cluster.master.0.cluster_ca_certificate endpoint = data.yandex_kubernetes_cluster.my_cluster.master.0.public_ip == true ? data.yandex_kubernetes_cluster.my_cluster.master.0.external_v4_endpoint : data.yandex_kubernetes_cluster.my_cluster.master.0.internal_v4_endpoint token = data.yandex_client_config.client.iam_token } } locals { kubeconfig_raw = trim(yamlencode(templatefile("${path.module}/templates/kubeconfig-template.yaml.tpl",local.kubeconfig_raw_vars)),"|-") } output "kubeconfig_raw" { sensitive = true description = "A kubeconfig file configured to access the GKE cluster." value = local.kubeconfig_raw } */ ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-storage-exporter/01-audit-export.tf ================================================ //выдача прав на создание функции resource "yandex_resourcemanager_folder_iam_binding" "create_funct" { count = var.function_service_account_id != "" ? 0 : 1 folder_id = var.folder_id role = "serverless.functions.admin" members = [ "serviceAccount:${data.yandex_iam_service_account.bucket_sa.id}", ] } //-------- data "archive_file" "function" { type = "zip" source_dir = "${path.module}/function" output_path = "${path.module}/sync.zip" } resource "yandex_function" "k8s_log_exporter" { folder_id = var.folder_id name = "k8s-log-exporter-for-cluster-${data.yandex_kubernetes_cluster.my_cluster.id}" runtime = "python38" entrypoint = "main.handler" memory = "128" execution_timeout = "30" service_account_id = var.function_service_account_id != "" ? var.function_service_account_id : data.yandex_iam_service_account.bucket_sa.id environment = { AWS_ACCESS_KEY_ID = yandex_iam_service_account_static_access_key.sa_static_key.access_key AWS_SECRET_ACCESS_KEY = yandex_iam_service_account_static_access_key.sa_static_key.secret_key BUCKET_NAME = var.log_bucket_name CLOUD_ID = data.yandex_resourcemanager_folder.my_folder.cloud_id CLUSTER_ID = data.yandex_kubernetes_cluster.my_cluster.id FOLDER_ID = var.folder_id } user_hash = data.archive_file.function.output_base64sha256 content { zip_filename = data.archive_file.function.output_path } } resource "yandex_function_trigger" "logs-trigger" { name = "k8s-log-trigger-${data.yandex_kubernetes_cluster.my_cluster.id}" folder_id = var.folder_id function { id = yandex_function.k8s_log_exporter.id service_account_id = var.function_service_account_id != "" ? var.function_service_account_id : data.yandex_iam_service_account.bucket_sa.id } log_group { log_group_ids = [ data.yandex_kubernetes_cluster.my_cluster.log_group_id, ] batch_cutoff = 10 batch_size = 100 } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-storage-exporter/02-kubernetes-falco.tf ================================================ resource "helm_release" "falco" { depends_on = [ helm_release.policy_repoter ] name = "falco" chart = "falco" repository = "https://falcosecurity.github.io/charts" namespace = "falco" create_namespace = true values = [ "${file("${path.module}/templates/falco-base.yaml")}" ] set { name = "fakeEventGenerator.enabled" value = var.fakeeventgenerator_enabled } set { name = "ebpf.enabled" value = "true" } } resource "helm_release" "falcosidekick" { depends_on = [ helm_release.falco ] name = "falcosidekick" chart = "falcosidekick" repository = "https://falcosecurity.github.io/charts" namespace = "falco" values = [ "${file("${path.module}/templates/falcosidekick-base.yaml")}" ] set { name = "config.yandex.accesskeyid" value = yandex_iam_service_account_static_access_key.sa_static_key.access_key } set { name = "config.yandex.secretaccesskey" value = yandex_iam_service_account_static_access_key.sa_static_key.secret_key } set { name = "config.yandex.s3.bucket" value = var.log_bucket_name } set { name = "config.yandex.s3.prefix" value = "FALCO/${data.yandex_resourcemanager_folder.my_folder.cloud_id}/${var.folder_id}/${data.yandex_kubernetes_cluster.my_cluster.id}" } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-storage-exporter/03-kyverno.tf ================================================ resource "helm_release" "kyverno-policies" { depends_on = [ helm_release.kyverno ] name = "kyverno-policies" chart = "kyverno-policies" repository = "https://kyverno.github.io/kyverno/" namespace = "kyverno" set { name = "podSecurityStandard" value = var.podSecurityStandard } set { name = "validationFailureAction" value = var.validationFailureAction } } resource "helm_release" "kyverno" { name = "kyverno" chart = "kyverno" repository = "https://kyverno.github.io/kyverno/" namespace = "kyverno" create_namespace = true } resource "helm_release" "policy_repoter" { depends_on = [ helm_release.kyverno ] name = "policy-reporter" chart = "policy-reporter" repository = "https://kyverno.github.io/policy-reporter" namespace = "kyverno" set { name = "target.s3.accessKeyID" value = yandex_iam_service_account_static_access_key.sa_static_key.access_key } set { name = "target.s3.secretAccessKey" value = yandex_iam_service_account_static_access_key.sa_static_key.secret_key } set { name = "target.s3.bucket" value = var.log_bucket_name } set { name = "target.s3.prefix" value = "KYVERNO/${data.yandex_resourcemanager_folder.my_folder.cloud_id}/${var.folder_id}/${data.yandex_kubernetes_cluster.my_cluster.id}" } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-storage-exporter/README.md ================================================ # security-events-to-storage-exporter Описание: Модуль для включения логирования кластера k8s. На текущий момент он настраивает отправку audit логов в s3. ### Принимает на вход: - folder_id (id каталога в котором лежит кластер) - cluster_name (имя кластера k8s) - log_bucket_service_account_id - id сервис аккаунта который может писать в бакет - log_bucket_name - имя бакета куда писать лог - function_service_account_id - (опционально) id сервисного аккаунта который будет запускать фукнцию , если не указан то используется log_bucket_service_account_id ### Выполняет: - создание статического ключа для УЗ - создание функции и тригера для записи логов кластера в s3 - установку falco и настроенного falcosidekick, который отправит логи в s3 - установку OPA Gatekeeper ### TBD - настройку библиотек OPA Gatekeeper Пререквизиты: 1) Учетная запись под, которой вызывается сам модуль (должна обладать правами на создание кластера k8s и назначением права *serverless.function* на sa) Пример вызова модуля (находится рядом в папке): ### Вызов модуля ``` module "cilium_cluster_1_export" { source = "../k8s-security-exporter/" # путь до модуля folder_id = "xxxxxx" // folder-id кластера k8s yc managed-kubernetes cluster get --name=<имя кластера> --format=json | jq .folder_id cluster_name = "cilium-cluster-1" // bucket id выданный администратором log_bucket_service_account_id = "xxxxxx" // id выданный администратором log_bucket_name = "logs-bucket" // можно подставить из конфига развертывания } ``` ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-storage-exporter/example/main.tf ================================================ // Вызов модуля module "cilium_cluster_1_export" { source = "../../security-events-to-storage-exporter/" # путь до модуля folder_id = "xxxxxx" // folder-id кластера k8s yc managed-kubernetes cluster get --id --format=json | jq .folder_id cluster_name = "cilium-cluster-1" // имя кластера log_bucket_service_account_id = "xxxxxx" // id выданный администратором log_bucket_name = "xxxxxx" // можно подставить из конфига развертывания # function_service_account_id = "чч" // опциоанальный id сервисного аккаунта который вызывает функции - если не выставлен то функция вызывается от имени log_bucket_service_account_id } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-storage-exporter/example/provider.tf ================================================ terraform { required_providers { yandex = { source = "yandex-cloud/yandex" } } } provider "yandex" { service_account_key_file = "./key.json" # or you can use: token = var.token for user account not sa cloud_id = "xxxxxx" folder_id = "xxxxxx" } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-storage-exporter/function/Makefile ================================================ all: clean dependencies package clean: rm -rf dist/ dirs: mkdir -p dist/ dependencies: dirs docker run --rm \ -v $(shell pwd)/dist:/dist -v $(shell pwd):/app \ -w /app \ python:3.7-stretch \ pip3 install -r /app/requirements.txt --target /dist/ install-code: dirs cp main.py dist/main.py cp s3.py dist/s3.py package: dirs install-code rm -f dist.zip cd dist && zip --exclude '*.pyc' -r ../dist.zip ./* .PHONY: clean dirs dependencies install-code package all ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-storage-exporter/function/main.py ================================================ import json import os import sys import uuid import boto3 import string import random from datetime import datetime def get_random_alphanumeric_string(length): letters_and_digits = string.ascii_letters + string.digits result_str = ''.join((random.choice(letters_and_digits) for i in range(length))) return result_str client = boto3.client( service_name='s3', endpoint_url='https://storage.yandexcloud.net', region_name='ru-central1' ) def handler(event, context): for log_data in event['messages']: full_log = [] for log_entry in log_data['details']['messages']: kubernetes_log = json.loads(log_entry['message']) full_log.append(json.dumps(kubernetes_log)) bucket_name = os.environ.get('BUCKET_NAME') # object_key = os.environ.get('LOG_PREFIX')+'/'+datetime.now().strftime('%Y-%m-%d-%H:%M:%S')+'-'+get_random_alphanumeric_string(5) object_key = 'AUDIT/'+os.environ.get('CLOUD_ID')+'/'+os.environ.get('FOLDER_ID')+'/'+os.environ.get('CLUSTER_ID')+'/'+datetime.now().strftime('%Y-%m-%d-%H:%M:%S')+'-'+get_random_alphanumeric_string(5) object_value = '\n'.join(full_log) client.put_object(Bucket=bucket_name, Key=object_key, Body=object_value, StorageClass='COLD') print(object_value) ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-storage-exporter/function/requirements.txt ================================================ botocore boto3 ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-storage-exporter/function/test.py ================================================ def test(a): pass ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-storage-exporter/outputs.tf ================================================ output "service_account_id" { value = data.yandex_iam_service_account.bucket_sa.id sensitive = true } output "folder_id" { value = data.yandex_resourcemanager_folder.my_folder.id sensitive = true } output "log_bucket_name" { value = var.log_bucket_name sensitive = true } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-storage-exporter/templates/falco-base.yaml ================================================ image: registry: docker.io repository: falcosecurity/falco pullPolicy: IfNotPresent docker: enabled: true socket: /var/run/docker.sock containerd: enabled: true socket: /run/containerd/containerd.sock falco: jsonOutput: true jsonIncludeOutputProperty: true httpOutput: enabled: true url: http://falcosidekick:2801/ customRules: rules-cilium.yaml: |- # disabling cilium false positives - rule: Packet socket created in container desc: Detect new packet socket at the device driver (OSI Layer 2) level in a container. Packet socket could be used for ARP Spoofing and privilege escalation(CVE-2020-14386) by attacker. condition: evt.type=socket and evt.arg[0]=AF_PACKET and consider_packet_socket_communication and container and not proc.name in (user_known_packet_socket_binaries) and not container.image.repository=cr.yandex/crpsjg1coh47p81vh2lc/k8s-addons/cilium/cilium output: Packet socket was created in a container (user=%user.name user_loginuid=%user.loginuid command=%proc.cmdline socket_info=%evt.args container_id=%container.id container_name=%container.name image=%container.image.repository:%container.image.tag) priority: NOTICE tags: [network, mitre_discovery] ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-storage-exporter/templates/falcosidekick-base.yaml ================================================ # enable falcosidekick deployment image: tag: 2.24.0 ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-storage-exporter/templates/kubeconfig-template.yaml.tpl ================================================ apiVersion: v1 clusters: - cluster: certificate-authority-data: ${cluster_ca_certificate} server: ${endpoint} name: ${context} contexts: - context: cluster: ${context} user: ${context} name: ${context} current-context: ${context} kind: Config preferences: {} users: - name: ${context} user: token: ${token} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-storage-exporter/templates/yc-mk8s.ca ================================================ LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1EWXhNREE0TlRBMU0xb1hEVE14TURZd09EQTROVEExTTFvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXNDCnhocFpIQTB0b096RVRFV05CbGJremljTUg0NTdhK0ltajExc1ZweHlRYnM1U1B6cXdkRUVTMVN3MHpxZnAvbTQKYi9LSDVmNVY4MEFBekdnY2RqUXBYREQ2VFYzeThDSmdzbTE0TjllZzQxWHF2MUZFOTV5U0tpeFhHQjlkbk01Kwp5N0V1SXY1Z1FoZTBCMWUvRmRtM0h1QWNUblJkbzdLdEV6bGI4c3luSVVVNnRZaUVYNVd2cFBsaDRlcHo1eHo4ClBFd2xyZWJsaDRNaE85OWE3bmswYXd5RGV5OFdmNkM0eXdadHUrUG5XNGw1UzVjTnF6Wi9pcWJnN0pmeFZVU3EKYTBzWHJoNzRPMDI3SStlQ3dOVGxCYU5lVUNJY3owYm9nQ3o3dkh6ZnNkODhIdXJ2RnphSTRURGtyMHd4dkNkdApRQVFUUDdPVmp1d2hISXpteE9FQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZOUTlmQWNBemowd2FHS3NXdFU5bWpkeDdXQXFNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFBR3V5cFFaMDM0RzQ4RHhtVzl1MFFFZ0pNNUlRVHYzUnZDNEFnenkxVnlkd0tVNG8zOApheHQrY2RGYWgrTFFoRVd3amErYzhCY1VzU0lGQVRaU2V2a3p6MkVOVVpwNlVHVmY4QjFKNjZEQU5nYXY4cks4ClN3VktSMHFuV2czSHVqZGlpcWZvK3dyQnRRUUk3VUxuU0p6R3RYTjNZMlZPT2tyR1YxVUZOV3NhUzE0aklLRG4KMlMwYmovbVBxN2FnK3M0T0FMb1ltcGRybjNSZGN5RGdJUTE3MkNQM0doZ1hkd2VUYkV4UmtsYzVvUUhOYkV5NAo2b1l3em1FK0tqdG5Kd3FKYTRmRVM3WkExd2dzRW9HQXkzaUx3TlNBdDFEN2RZWGI0RU1reDZ6UTA0d2RIWDNGCnNGWHRJdFY3NjdJSmVEV1BmQjNiMHNxYkpqSE9kZ1pmcnhmTwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-storage-exporter/variables.tf ================================================ variable "folder_id" { } variable "cluster_name" { } variable "log_bucket_service_account_id" { } variable "fakeeventgenerator_enabled" { default = true } variable "podSecurityStandard" { default = "restricted" } variable "validationFailureAction" { default = "audit" } variable "log_bucket_name" { } variable "function_service_account_id" { default = "" } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_k8s_old/security-events-to-storage-exporter/versions.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.5" } kustomization = { source = "kbst/kustomization" version = "0.5.0" } } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/AUTHORS ================================================ The following authors have created the source code of "Yandex Cloud Audit Trails for Elastic Integration" published and distributed by YANDEX LLC as the owner: Alexey Mirtov mirtov8@yandex-team.ru Kirill Schevchuk kirshe@yandex-team.ru Narek Tatevosyan nrkk@yandex-team.ru ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/CONFIGURE-HA.md ================================================ # Recommendations for high data availability Our Elasticsearch example is installed in the basic configuration. In terms of high data availability, the following mechanisms are used: - Multiple nodes for data. - Multiple replicas for indexes. - Indexes roll over according to the recommended schema: - When the index reaches 50GB, a new index is created; - A new index is created every thirty days. - The data is sent to the alias linked to the active index, that is, the index rollover must not affect operability of the schema in the example. ## Index rollover Index rollover uses the following Elasticsearch entities: - Indexes and index aliases. - Index template. - Index lifecycle policy. The first index in the example is created with a numeric suffix. This is to ensure that a new index with a modified suffix is created as a result of rollover. An alias is assigned to the created index, and this alias is then assigned to the new index at rollover. ## Index template An index template contains all the necessary parameters to create a new index as a result of the rollover: - Index pattern. Newly created indexes that meet the pattern are automatically created with the template parameters. - Index settings. In our case, this is the name of the index rollover policy, the number of data replicas, and the `rollover_alias`, that is, the alias that will be moved to the new index. ``` { "index": { "lifecycle": { "name": "audit-trails-ilm", "rollover_alias": "audit-trails-index" }, "number_of_replicas": "2" } } ``` - Mapping parameters. ## Index lifecycle policy The index lifecycle policy tracks the lifecycle of our data. As the data becomes older, you can move it to lower-end servers or disks, and, finally, delete them, after a certain period. In our example, we configured only the hot phase, with only default metrics for the rollover procedure enabled. But for production deployment, we recommended to plan for the process of data obsolescence (that is, moving it to "slow" nodes), and deletion. It is recommended to enable data deletion when you have no other phase but the hot one. After a certain period, indexes with obsolete data will be deleted. If you have set up data snapshots, you can enable the delete option only if a snapshot is present. In this case, specify the name of the snapshot policy. Setting up the snapshot creation policy is described below. ## Snapshot creation policy Data snapshots are used for backing up data at certain time points. We recommend setting up a snapshot creation policy for your production environment. The snapshots created can be stored in Yandex.Cloud S3 storage. The procedure for setting up the policy with an S3 storage is described below. Snapshots are created incrementally and consume a minimum space in the long run, because only changes are added. To store snapshots in an S3 storage, you need: 1. Set up a service account to work with S3 and connect it to the Elasticsearch cluster. 2. Configure access rights. 3. Connect the repository to Elasticsearch. These steps are described in the [documentation](https://cloud.yandex.ru/docs/managed-elasticsearch/operations/s3-access) for Managed Service for Elasticsearch. Example of a created snapshot repository: After the repository has been connected to Elasticsearch, you can configure your first snapshot creation policy. Then use a simple setup wizard to specify: - The name of the snapshot policy. - Pattern for the snapshot names. - A repository for snapshots that your created previously. - A schedule for creating snapshots (for example, every hour). - Snapshot parameters: take snapshots for all or specific indexes, retain cluster state in the snapshot, and others. - Snapshot retention parameters. The created snapshot policy may look as follows: After the policy is created, you can see it in the list of all policies wherefrom you can run it and check straight away. When you run the policy, a new snapshot is created and shown in the list. The data also appears in the object storage: The snapshot policy can be used in the index lifecycle policy created previously. ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/CONFIGURE-HA_RU.md ================================================ # Рекомендации для высокой доступности данных Наш пример ElasticSearch устанавливается в базовой конфигурации. В части высокой доступности данных применены следующие механизмы: - Несколько нод для данных - Несколько реплик для индексов - Индексы ротируются (`rollover`) по рекомендованной схеме, а именно: - По достижению индексом размера в 50ГБ, создается новый индекс, или - Каждый тридцать дней, создается новый индекс - Данные отправляются в алиас (`alias`), который привязан к активному индексу, то есть ротация индекса не должна повлиять на работу схемы в примере ## Ротация индекса Ротация индекса использует следующие сущности в ElasticSearch: - Индексы и алиас (`alias`) индекса - Шаблона индекса (`index template`) - Политика жизненного цикла индекса (`index lifecycle policy`) Первый индекс в примере создается с цифровым суффиксом — это необходимо, чтобы в результате ротации создался новый индекс с измененным суффиксом. На созданный индекс назначается алиас, который в процессе ротации переносится на новый индекс. ## Шаблон индекса Шаблон индекса содержит все необходимые параметры для создания нового индекса в результате ротации: - Паттерн индекса (`index pattern`). Новосозданные индексы, подпадающие под паттерн, будут автоматически созданы с параметрами шаблона. - Настройки индекса. В нашем случае, это имя политики ротации (`index rollover policy`), количество реплик данных и `rollover_alias` - алиас, который будет перенесен на новый индекс. ``` { "index": { "lifecycle": { "name": "audit-trails-ilm", "rollover_alias": "audit-trails-index" }, "number_of_replicas": "2" } } ``` - Параметры сопоставления (`mapping`). ## Политика ротации Политика ротации (`index lifecycle policy`) отслеживает "жизненный путь" наших данных. По мере устаревания данных, данные можно переносить на менее производительные серверы или диски, а по истечении определенного времени — и, вовсе, удалить. В нашем примере настроена только горячая фаза (`hot phase`) и была включена рекомендованный по умолчанию метрики для процедуры rollover. Но в продуктивном развертывании рекомендуется спланировать, как процесс устаревания данных (перенос на "медленные" ноды), так и их удаление. Удаление данных рекомендуется включить и при отсутствии других фаз, только для горячей фазы. По истечении определенного времени, индексы с устаревшими данными будут удалены. Если настроены снимки данных (`snapshots`) — можно включить опцию удаления только при наличии снимка. В этом случае, необходимо указать имя политики создания снимков (`snapshot policy`). Настройка политики создания снимков описана ниже. ## Политика создания снимков Снимки данных (`snapshots`) необходимы для создания резервных копий данных на определенный момент времени. Рекомендуется настроить политику создания снимков в продуктивной среде. Созданные снимки данных можно хранить в S3 хранилище Yandex.Cloud — ниже описана процедура настройки политики с использованием хранилища S3. Снимки создаются инкрементально и не занимают много пространства в долгосрочной перспективе, так как добавляются только изменения. Для хранения снимков в S3 хранилище необходимо: 1. Настроить сервисный аккаунт для работы с S3 и подключить его к кластеру ElasticSearch 2. Настроить права доступа 3. Подключить репозиторий к ElasticSearch Эти шаги описаны в [документации](https://cloud.yandex.ru/docs/managed-elasticsearch/operations/s3-access) к Managed Service for ElasticSearch. Пример созданного репозитория снимков: После того, как репозиторий был подключен к ElasticSearch, можно выполнить настройку первой политики для создания снимков. Далее, через простой мастер настройки, необходимо указать: - Имя политики снимков - Паттерн для имен, созданных снимков - Репозиторий снимков, который был создан ранее - График создания снимков (например, каждый час) - Параметры снимков: делать снимки для всех или определенных индексов, хранить в снимке состояние кластера, и др. - Параметры хранения снимков (`retention`) Созданная политика снимков может выглядеть следующим образом: После создания политики, она будет видна в общем списке политик, где её можно сразу же запустить и проверить. В результате запуска, создан новый снимок, который отображается в списке. А также, данные появились и в самом объектном хранилище: Созданную политику снимков можно задействовать в политике ротации индексов, которая была создана ранее. ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/LICENSE ================================================ Copyright 2021 YANDEX LLC Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/README.md ================================================ # Collecting, monitoring and analyzing audit logs in Yandex Managed Service for Elasticsearch (ELK) ![Dashboard](https://user-images.githubusercontent.com/85429798/127686785-27658104-6258-4de8-929f-9cf87624fa27.png) # Version **Version-2.1** - Changelog: - Added new use cases from [Use cases and important security events in audit logs](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/_use_cases_and_searches#use-cases-%D0%B8-%D0%B2%D0%B0%D0%B6%D0%BD%D1%8B%D0%B5-%D1%81%D0%BE%D0%B1%D1%8B%D1%82%D0%B8%D1%8F-%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D1%81%D1%82%D0%B8-%D0%B2-%D0%B0%D1%83%D0%B4%D0%B8%D1%82-%D0%BB%D0%BE%D0%B3%D0%B0%D1%85)" - Docker images: - `cr.yandex/sol/s3-elk-importer:2.1` - `cr.yandex/sol/elk-updater:1.0.4` **Version-2.0** - Changelog: - Добавлен фильтр по Folder name - Docker images: - `cr.yandex/sol/s3-elk-importer:1.0.6` # Table of contents - [Solution description](#solution-description) - [Solution features](#solution-features) - [Solution diagram](#solution-diagram) - [Security Content](#security-content) - [License restrictions](#license-restrictions) - [Content update process](#content-update-process) - [Deployment using Terraform](#deployment-using-Terraform) - [Deployment of a solution to supply K8s logs] (#deployment-of-a-solution-to-supply-k8s-logs) - [Recommendations for setting up retention, rollover, and snapshots](#recommendations-for-setting-retention-rollover-and-snapshots) ## Solution description The solution lets you collect, monitor, and analyze audit logs in Yandex Managed Service for Elasticsearch (ELK) from the following sources: - [Yandex Audit Trails](https://cloud.yandex.ru/docs/audit-trails/) - [Yandex Managed Service for Kubernetes](https://cloud.yandex.ru/docs/managed-kubernetes/): audit logs, Falco alerts, and Policy Engine (OPA Gatekeeper) ([setup description](../export-auditlogs-to-ELK_k8s)) > The solution is constantly updated and maintained by the Yandex.Cloud Security team. ## Solution features - ☑️ Deploy a Managed ELK cluster in the Yandex.Cloud infrastructure via Terraform. In the default configuration, see Deployment using Terraform. Calculate the relevant configuration for your infrastructure together with your cloud architect. - ☑️ Deploy a COI Instance with container based on the s3-elk-importer image (`cr.yandex/crpjfmfou6gflobbfvfv/s3-elk-importer:latest`). - ☑️ Upload Security Content to ELK: Dashboards, Detection Rules with alerts, etc. - ☑️ Enable continuous delivery of JSON files with audit logs from Yandex Object Storage to ELK. - ☑️ Create indexes in two replicas, configure the basic rollover policy (create new indexes every thirty days or after reaching 50 GB). For further provisioning for high data availability and setting up data snapshots in S3, see [recommendations](./CONFIGURE-HA.md). ## Solution diagram ![image](https://user-images.githubusercontent.com/85429798/137448275-ce665493-8dc4-498f-9dbe-ae7dfcffbec9.png) [Diagram of the solution to supply K8s logs](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-ELK_k8s) ## Security Content **Security Content** are ELK objects automatically loaded by the solution. All the content leverages the long-term expertise of the Yandex.Cloud Security team and our cloud customers. The solution contains the following Security Content: - Dashboard that reflects all use cases and useful statistics. - A set of Saved Queries for easy search of Security events. - A set of Detection Rules: the correlation rules for which alerts are configured (the client should specify the alert destination). All relevant event fields have been converted to the [Elastic Common Schema (ECS)] (https://www.elastic.co/guide/en/ecs/current/index.html) format, the full mapping table is in the [file with object description](https://github.com/yandex-cloud/yc-solution-library-for-security/blob/master/auditlogs/export-auditlogs-to-ELK_main/papers/Описание%20объектов.pdf). A detailed description is in the [ECS-mapping.docx](./papers/ECS-mapping_new.pdf) file ## License restrictions ![image](https://user-images.githubusercontent.com/85429798/137449824-329e7eea-58d0-4aef-81e9-c1f53da6b39c.png) ![image](https://user-images.githubusercontent.com/85429798/137449722-6aae24e6-f567-4a4f-b52e-3c9f63893ac9.png) [Subscription options on ELK site](https://www.elastic.co/subscriptions) ## Content update process We recommend subscribing to this repository to receive update notifications. To get the latest content version, do the following: - Keep the sync container up-to-date. - Keep the Security content imported to Elasticsearch in the updated state. For content updates, make sure that you are running the latest available image version: `cr.yandex/crpjfmfou6gflobbfvfv/s3-elk-importer:latest`. You can update the container as follows: - You can re-create the deployed COI Instance with the container via Terraform (delete the COI Instance and run: `terraform apply`). - You can stop and delete the `audit-trail-worker-*` container, delete the `s3-elk-importer` image, and restart COI Instance. After the launch, a new image will be downloaded and a new container will be created. You can update the Security content in Kibana (dashboards, detection rules, searches) by launching the elk-updater container: ``` docker run -it --rm -e ELASTIC_AUTH_USER='admin' -e ELASTIC_AUTH_PW='password' -e KIBANA_SERVER='https://xxx.rw.mdb.yandexcloud.net' --name elk-updater cr.yandex/crpjfmfou6gflobbfvfv/elk-updater:latest ``` ## Deployment using Terraform #### Description #### Prerequisites: - :white_check_mark: Object Storage Bucket for Audit Trails. - :white_check_mark: [Audit Trails service enabled](https://cloud.yandex.ru/docs/audit-trails/quickstart) in the UI. - :white_check_mark: VPC network. - :white_check_mark: Subnets in three availability zones. - :white_check_mark: COI Instance has access to the internet to download the container image. - :white_check_mark: ServiceAccount with the *storage.editor* role for actions in Object Storage. See the example of configuring prerequisites and calling modules in [/example/main.tf](./terraform/example) ## The solution consists of two Terraform modules [/terraform/modules/](./terraform/modules): - yc-managed-elk creates a cluster [Yandex Managed Service for Elasticsearch](https://cloud.yandex.ru/services/managed-elasticsearch): - With three nodes (one for each availability zone). - With a Gold license. - Characteristics: s2-medium (8 vCPU, 32GB RAM), HDD: 1TB. - A password to the ELK admin account. - yc-elastic-trail: - Creates static keys for the SA (for working with JSON objects in a bucket and encrypting/decrypting secrets). - Creates a COI VM with a Docker Container specification using a script. - Creates an SSH key pair and saves the private part to the disk and the public part to the VM. - Creates a KMS key. - Assigns the kms.keys.encrypterDecrypter rights to the key for SA to encrypt secrets. - Encrypts secrets and passes them to Docker Container. #### Example of calling modules: ```Python module "yc-managed-elk" { source = "../modules/yc-managed-elk" # path to module yc-managed-elk folder_id = var.folder_id subnet_ids = yandex_vpc_subnet.elk-subnet[*].id # Subnets in three availability zones for ELK deployment network_id = yandex_vpc_network.vpc-elk.id # The ID of the network where ELK will be deployed elk_edition = "gold" elk_datanode_preset = "s2.medium" elk_datanode_disk_size = 1000 elk_public_ip = false # true if you need a public access to Elasticsearch } module "yc-elastic-trail" { source = "../modules/yc-elastic-trail/" # path to module yc-elastic-trail folder_id = var.folder_id elk_credentials = module.yc-managed-elk.elk-pass elk_address = module.yc-managed-elk.elk_fqdn bucket_name = yandex_storage_bucket.trail-bucket.bucket bucket_folder = "" # Specify the name of the prefix where trails writes logs to the bucket, for example prefix-trails (if it's root, then leave empty at default) sa_id = yandex_iam_service_account.sa-bucket-editor.id coi_subnet_id = yandex_vpc_subnet.elk-subnet[0].id } output "elk-pass" { value = module.yc-managed-elk.elk-pass sensitive = true } // View the ELK password: terraform output elk-pass output "elk_fqdn" { value = module.yc-managed-elk.elk_fqdn } // Outputs the ELK URL that can be accessed, for example, through the browser output "elk-user" { value = "admin" } ``` ## Deployment of a solution to supply K8s logs [Deployment of the K8s log delivery solution](../export-auditlogs-to-ELK_k8s) ## Recommendations for setting up retention, rollover, and snapshots [Recommendations for setting up retention, rollover, and snapshots](./CONFIGURE-HA.md) ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/README_RU.md ================================================ # Сбор, мониторинг и анализ аудит логов в Yandex Managed Service for Elasticsearch (ELK) ![Дашборд](https://user-images.githubusercontent.com/85429798/127686785-27658104-6258-4de8-929f-9cf87624fa27.png) # Version **Version-2.1** - Changelog: - Добавлены новые detection rules из [Use cases и важные события безопасности в аудит логах](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/_use_cases_and_searches#use-cases-%D0%B8-%D0%B2%D0%B0%D0%B6%D0%BD%D1%8B%D0%B5-%D1%81%D0%BE%D0%B1%D1%8B%D1%82%D0%B8%D1%8F-%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D1%81%D1%82%D0%B8-%D0%B2-%D0%B0%D1%83%D0%B4%D0%B8%D1%82-%D0%BB%D0%BE%D0%B3%D0%B0%D1%85)" - Docker images: - `cr.yandex/sol/s3-elk-importer:2.1` - `cr.yandex/sol/elk-updater:1.0.4` **Version-2.0** - Changelog: - Добавлен фильтр по Folder name - Docker images: - `cr.yandex/sol/s3-elk-importer:1.0.6` # Оглавление - [Описание решения](#описание-решения) - [Что делает решение](#что-делает-решение) - [Схема решения](#схема-решения) - [Security Content](#security-content) - [Лицензионные ограничения](#лицензионные-ограничения) - [Процесс обновления контента](#процесс-обновления-контента) - [Развертывание с помощью Terraform](#развертывание-с-помощью-Terraform) - [Развертывание решения для поставки логов k8s](#развертывание-решения-для-поставки-логов-k8s) - [Рекомендации по настройке retention, rollover и snapshots:](#рекомендации-по-настройке-retention-rollover-и-snapshots) ## Описание решения Решение позволяет собирать, мониторить и анализировать аудит логи в Yandex.Cloud Managed Service for Elasticsearch (ELK) из следующих источников: - [Yandex Audit Trails](https://cloud.yandex.ru/docs/audit-trails/) - [Yandex Managed Service for Kubernetes](https://cloud.yandex.ru/docs/managed-kubernetes/): аудит логи, алерты falco и Policy Engine (OPA Gatekeeper) ([описание настройки](../export-auditlogs-to-ELK_k8s)) > Решение является постоянно обновляемым и поддерживаемым Security-командой Yandex.Cloud. > Важно! По умолчанию данная конструкция предлагает удалять файлы после вычитывания из бакета, но вы можете одновременно хранить аудит логи Audit Trails в S3 на долгосрочной основе и отсылать в Elastic. Для этого необходимо создать два Audit Trails в разных S3 бакетах: - Первый бакет будет использоваться только для хранения - Второй бакет будет использоваться для интеграции с ArcSight ## Что делает решение - ☑️ Разворачивает в инфраструктуре Yandex.Cloud кластер Managed ELK (через Terraform) (в default конфигурации см. п. Terraform)(рассчитать необходимую конфигурацию для вашей инфраструктуры необходимо совместно с Cloud Архитектором) - ☑️ Разворачивает COI Instance с контейнером на базе образа s3-elk-importer (`cr.yandex/sol/s3-elk-importer:latest`) - ☑️ Загружает Security Content в ELK (Dashboards, Detection Rules (с alerts), etc.) - ☑️ Обеспечивает непрерывную доставку json файлов с аудит логами из Yandex Object Storage в ELK - ☑️ Создает индексы в двух репликах, настраивает базовую политику rollover (создания новых индексов каждые тридцать дней или по достижению 50ГБ), для дальнейшей настройки в части высокой доступности данных и для настройки снимков данных в S3 - см. [рекомендации](./CONFIGURE-HA.md). ## Схема решения ![image](https://user-images.githubusercontent.com/85429798/137448275-ce665493-8dc4-498f-9dbe-ae7dfcffbec9.png) [Схема решения для поставки логов k8s](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-ELK_k8s) ## Security Content **Security Content** — объекты ELK, которые автоматически загружаются решением. Весь контент разработан с учетом многолетнего опыта Security команды Yandex.Cloud и на основе опыта Клиентов облака. Содержит следующий Security Content: - Dashboard, на котором отражены все use cases и полезная статистика - Набор Saved Queries для удобного поиска Security событий - Набор Detection Rules (правила корреляции) на которые настроены оповещения (Клиенту самостоятельно необходимо указать назначение уведомлений) - Все интересные поля событий преобразованы в формат [Elastic Common Schema (ECS)](https://www.elastic.co/guide/en/ecs/current/index.html), полная табличка маппинга в файле [Описание объектов](https://github.com/yandex-cloud/yc-solution-library-for-security/blob/master/auditlogs/export-auditlogs-to-ELK_main/papers/Описание%20объектов.pdf) Подробное описание в файле [ECS-mapping.docx](./papers/ECS-mapping_new.pdf) ## Лицензионные ограничения ![image](https://user-images.githubusercontent.com/85429798/137449824-329e7eea-58d0-4aef-81e9-c1f53da6b39c.png) ![image](https://user-images.githubusercontent.com/85429798/137449722-6aae24e6-f567-4a4f-b52e-3c9f63893ac9.png) [Описание различий с сайта ELK](https://www.elastic.co/subscriptions) ## Процесс обновления контента Рекомендуем подписаться на данный репозиторий для получения уведомлений об обновлениях. Для того, чтобы использовать самую актуальную версию контента, необходимо - Поддерживать в актуальной версии контейнер, выполняющий синхронизацию - Поддерживать в актуальном состоянии Security контент, который импортируется в ElasticSearch В части обновления контента, необходимо убедиться, что вы используете последнюю доступную версию образа: `cr.yandex/sol/s3-elk-importer:latest` Обновление контейнера можно выполнить следующим образом: - Можно пересоздать развернутый COI Instance с контейнером через Terraform (удалить COI Instance, выполнить `terraform apply`) - Можно остановить и удалить сам контейнер (`audit-trail-worker-*`), удалить образ `s3-elk-importer`, перезапустить COI Instance — после запуска будет скачан новый образ и создан новый контейнер Обновление Security контента в Kibana (dashboards, detection rules, searches) — можно выполнить через запуск контейнера `elk-updater`: ``` docker run -it --rm -e ELASTIC_AUTH_USER='admin' -e ELASTIC_AUTH_PW='password' -e KIBANA_SERVER='https://xxx.rw.mdb.yandexcloud.net' --name elk-updater cr.yandex/sol/elk-updater:latest ``` ## Развертывание с помощью Terraform #### Описание #### Пререквизиты - :white_check_mark: Object Storage Bucket для Audit Trails - :white_check_mark: [Включенный сервис Audit Trails](https://cloud.yandex.ru/docs/audit-trails/quickstart) в UI - :white_check_mark: Сеть VPC - :white_check_mark: Подсети в 3-х зонах доступности - :white_check_mark: Наличие доступа в интернет с COI Instance для скачивания образа контейнера - :white_check_mark: ServiceAccount с ролью *storage.editor* для действий в Object Storage См. Пример конфигурации пререквизитов и вызова модулей в [/example/main.tf](./terraform/example) ## Решение состоит из 2-х модулей Terraform [/terraform/modules/](./terraform/modules) : 1) yc-managed-elk: - создает cluster [Yandex Managed Service for Elasticsearch](https://cloud.yandex.ru/services/managed-elasticsearch) - с тремя нодами (по одной на каждую зону доступности) - с лицензией Gold - характеристики: s2-medium (8 vCPU, 32Gb Memory) - HDD: 1TB - назначает пароль на аккаунт admin в ELK 2) yc-elastic-trail: - создает static keys для sa (для работы с объектами JSON в бакете и шифрования/расшифрования секретов) - создает ВМ COI со спецификацией Docker Container со скриптом - создает ssh пару ключей и сохраняет приватную часть на диск, публичную в ВМ - создает KMS ключ - назначает права kms.keys.encrypterDecrypter на ключ для sa для шифрование секретов - шифрует секреты и передает их в Docker Container #### Пример вызова модулей: ```Python module "yc-managed-elk" { source = "../modules/yc-managed-elk" # path to module yc-managed-elk folder_id = var.folder_id subnet_ids = yandex_vpc_subnet.elk-subnet[*].id # subnets в 3-х зонах доступности для развертывания ELK network_id = yandex_vpc_network.vpc-elk.id # network id в которой будет развернут ELK elk_edition = "gold" elk_datanode_preset = "s2.medium" elk_datanode_disk_size = 1000 elk_public_ip = false # true, если нужен публичный доступ к ElasticSearch } module "yc-elastic-trail" { source = "../modules/yc-elastic-trail/" # path to module yc-elastic-trail folder_id = var.folder_id elk_credentials = module.yc-managed-elk.elk-pass elk_address = module.yc-managed-elk.elk_fqdn bucket_name = yandex_storage_bucket.trail-bucket.bucket bucket_folder = "" # указать название префикса куда trails пишет логи в бакет, например "prefix-trails", если в корень то оставить по умолчанию пустым sa_id = yandex_iam_service_account.sa-bucket-editor.id coi_subnet_id = yandex_vpc_subnet.elk-subnet[0].id } output "elk-pass" { value = module.yc-managed-elk.elk-pass sensitive = true } // Чтобы посмотреть пароль ELK: terraform output elk-pass output "elk_fqdn" { value = module.yc-managed-elk.elk_fqdn } // Выводит адрес ELK на который можно обращаться, например через браузер output "elk-user" { value = "admin" } ``` ## Развертывание решения для поставки логов k8s: [Развертывание решения для поставки логов k8s](../export-auditlogs-to-ELK_k8s) ## Рекомендации по настройке retention, rollover и snapshots: [Рекомендации по настройке retention, rollover и snapshots](./CONFIGURE-HA.md) ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/backup/curl_play with elk.sh ================================================ Описание всего:>>> Описание разовой загрузки объектов данных в ELK (bash скрипт либо питон) >>> Создаем сам индекс curl --user beats:beats123 --cacert ~/.elasticsearch/root.crt -X PUT "https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net:9200/audit-trails-index/?pretty" -H 'Content-Type: application/json' -d @/Users/mirtov8/Documents/CloudTrail/ELK-new-clean/mapping6.json загрузка ingest pipeline curl --user beats:beats123 --cacert ~/.elasticsearch/root.crt -X PUT "https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net:9200/_ingest/pipeline/audit-trails-pipeline?pretty" -H 'Content-Type: application/json' -d @/Users/mirtov8/Documents/CloudTrail/ELK-new-clean/pipeline3.json import kibana index pattern с нужным нашим id curl --user beats:beats123 --cacert ~/.elasticsearch/root.crt -X POST https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/api/saved_objects/_import --form file=@/Users/mirtov8/Documents/CloudTrail/ELK-new-clean/kibana_index_pattern.ndjson -H 'kbn-xsrf: true' загрузка filters curl --user beats:beats123 --cacert ~/.elasticsearch/root.crt -X POST https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/api/saved_objects/_import --form file=@/Users/mirtov8/Documents/CloudTrail/ELK-new-clean/filters.ndjson -H 'kbn-xsrf: true' загрузка search curl --user beats:beats123 --cacert ~/.elasticsearch/root.crt -X POST https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/api/saved_objects/_import --form file=@/Users/mirtov8/Documents/CloudTrail/ELK-new-clean/kibana_search2.ndjson -H 'kbn-xsrf: true' загрузка dashboards curl --user beats:beats123 --cacert ~/.elasticsearch/root.crt -X POST https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/api/saved_objects/_import --form file=@/Users/mirtov8/Documents/CloudTrail/ELK-new-clean/dashboard_very_new.ndjson -H 'kbn-xsrf: true' Файл json необходимо преобразовать перед загрузкой в качестве bulk в elk jq -c -r ".[]" /Users/mirtov8/Documents/CloudTrail/ArcSight\ Connector/gg/155732665.json | while read line; do echo '{"index":{}}'; echo $line; done > bulk.json python пример ( пример - https://gist.github.com/icamys/4287ae49d20ff2add3db86e2b2053977#file-elastic_import_data_bulk-py-L51 ) Отправка bulk curl --user beats:beats123 --cacert ~/.elasticsearch/root.crt -X POST "https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net:9200/audit-trails-index/_bulk?pipeline=audit-trails-pipeline" -H 'Content-Type: application/json' --data-binary "@./bulk3.json" python пример ( https://elasticsearch-py.readthedocs.io/en/master/helpers.html ) (https://gist.github.com/icamys/4287ae49d20ff2add3db86e2b2053977#file-elastic_import_data_bulk-py-L51) загрузка detections curl --user beats:beats123 --cacert ~/.elasticsearch/root.crt -X POST https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/api/detection_engine/rules/_import --form file=@./detections.ndjson -H 'kbn-xsrf: true' ______ k8s curl --user beat:beat123 --cacert ~/.elasticsearch/root.crt -X GET "https://c-c9qps9eabd0ok4haehjq.rw.mdb.yandexcloud.net:9200/k8s-index?pretty" curl --user beat:beat123 --cacert ~/.elasticsearch/root.crt -X PUT "https://c-c9qps9eabd0ok4haehjq.rw.mdb.yandexcloud.net:9200/k8s-index/?pretty" -H 'Content-Type: application/json' -d @//Users/mirtov8/Documents/GitHub/yc-solution-library-for-security/auditlogs/export-auditlogs-to-ELK/include/k8s/mapping_k8s.json curl --user beat:beat123 --cacert ~/.elasticsearch/root.crt -X POST "https://c-c9qps9eabd0ok4haehjq.rw.mdb.yandexcloud.net:9200/k8s-index/_bulk?pipeline=k8s_audit-pipeline" -H 'Content-Type: application/json' --data-binary "@./bulk2.json" ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/backup/kms_decrypt_cmds.sh ================================================ Получить токен: TOKEN=$(curl -H Metadata-Flavor:Google 169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token | jq -r '.access_token') Зашифровать данные curl -vX POST https://kms.yandex/kms/v1/keys/abjulftcuh1p66lfdmpg:encrypt -d '{"versionId": "abj24us9a9gl3d28f8kt","plaintext": "password"}' --header "Accept: application/json" --header "Authorization: Bearer ${TOKEN}" Расшифровать данные curl -X POST https://kms.yandex/kms/v1/keys/abjulftcuh1p66lfdmpg:decrypt -d '{"ciphertext": "AAAAAQAAABRhYmoyNHVzOWE5Z2wzZDI4ZjhrdAAAABCs8pwmY0EXt4Z93jl2bXyKAAAADNsHbqFdoUZZG6hx38ES7Jal90aYsxU1VZUPP3309i1/Bf4="}' --header "Accept: application/json" --header "Authorization: Bearer ${TOKEN}" | jq '.plaintext' | sed 's/"//g' ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/backup/last_backup/falco_pipeline_backup.json ================================================ { "description": "k8s pipeline", "processors": [ { "set": { "field": "event.kind", "value": "event", "ignore_failure": true } }, { "set": { "field": "event.category", "value": ["configuration", "iam"], "ignore_failure": true } }, { "set": { "field": "event.dataset", "value": "yandexcloud.k8s_falco", "ignore_failure": true } }, { "set": { "field": "cloud.provider", "value": "yandexcloud", "ignore_failure": true } }, { "set": { "field": "@timestamp", "value": "{{{time}}}", "ignore_failure": true } }, { "set": { "field": "cloud.service.name", "value": "falco", "ignore_failure": true } } ] } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/backup/last_backup/k8s-mapping-ba.json ================================================ { "settings" : { "number_of_replicas" : 2 }, "mappings": { "properties": { "source" : { "properties" : { "address" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "ip" : { "type" : "ip" } } }, "sourceIPs" : { "type" : "ip" }, "@timestamp": { "type": "date" }, "geoip.location": { "type": "geo_point" } } } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/backup/last_backup/k8s_audit_dashboard-back.ndjson ================================================ {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":6,\"i\":\"df4da863-2133-4560-82f3-5c126ac27f14\"},\"panelIndex\":\"df4da863-2133-4560-82f3-5c126ac27f14\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1628927100713\",\"fieldName\":\"cluster_id.keyword\",\"parent\":\"\",\"label\":\"k8s-cluster_id\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_df4da863-2133-4560-82f3-5c126ac27f14_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Cluster filter\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":6,\"i\":\"58adfaa4-02bd-4b64-89cc-395d6ee0f968\"},\"panelIndex\":\"58adfaa4-02bd-4b64-89cc-395d6ee0f968\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1628927314788\",\"fieldName\":\"cloud_id.keyword\",\"parent\":\"\",\"label\":\"k8s-cloud-id\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_58adfaa4-02bd-4b64-89cc-395d6ee0f968_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Cloud filter\"},{\"version\":\"7.13.4\",\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":6,\"w\":24,\"h\":15,\"i\":\"8fbf0969-9a83-426c-b42a-0e8d2a8f10c2\"},\"panelIndex\":\"8fbf0969-9a83-426c-b42a-0e8d2a8f10c2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true},\\\"id\\\":\\\"99115329-feb3-42c6-b426-dff8bd1e1b3a\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"type\\\":\\\"VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"indexPatternId\\\":\\\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\\\",\\\"geoField\\\":\\\"geoip.location\\\",\\\"filterByMapBounds\\\":true,\\\"scalingType\\\":\\\"CLUSTERS\\\",\\\"id\\\":\\\"5728ef62-6dc0-4b27-b048-7ffda088d201\\\",\\\"type\\\":\\\"ES_SEARCH\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"tooltipProperties\\\":[],\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"topHitsSplitField\\\":\\\"\\\",\\\"topHitsSize\\\":1},\\\"id\\\":\\\"04fbaa00-b4ba-40db-b46e-8a6dd6d12d04\\\",\\\"label\\\":\\\"success-connect-from-ip\\\",\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.91,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"VECTOR\\\",\\\"properties\\\":{\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"fillColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"}},\\\"lineColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#41937c\\\"}},\\\"lineWidth\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":1}},\\\"iconSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":6}},\\\"iconOrientation\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"orientation\\\":0}},\\\"labelText\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"\\\"}},\\\"labelColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"}},\\\"labelSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":14}},\\\"labelBorderColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"}},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}}},\\\"isTimeAware\\\":true},\\\"type\\\":\\\"BLENDED_VECTOR\\\",\\\"joins\\\":[],\\\"query\\\":{\\\"query\\\":\\\"not responseStatus.status : Failure\\\",\\\"language\\\":\\\"kuery\\\"}}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.41,\\\"center\\\":{\\\"lon\\\":64.80962,\\\"lat\\\":57.04692},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15d\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"event.dataset : yandexcloud.k8s_audit_logs and source.ip : * and not responseStatus.status : Failure\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"mapCenter\":{\"lat\":57.21062,\"lon\":78.63166,\"zoom\":1.41},\"mapBuffer\":{\"minLon\":-141.24608,\"minLat\":-9.879624999999994,\"maxLon\":298.50939999999997,\"maxLat\":104.90343499999999},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Connect from ip\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":6,\"w\":24,\"h\":15,\"i\":\"913c8496-3a96-4fa5-b029-20b53d929446\"},\"panelIndex\":\"913c8496-3a96-4fa5-b029-20b53d929446\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"201765c7-9d49-4931-954d-047211d60c67\":{\"columns\":{\"cb3cdcfa-2372-4b24-a37d-b7594d6ac42f\":{\"label\":\"Top values of user.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"485e13ff-3e64-4c34-ac75-e421aa3cc191\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"485e13ff-3e64-4c34-ac75-e421aa3cc191\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"2cdf7d8d-6a13-4283-a596-68e7230c6bad\":{\"label\":\"Top values of objectRef.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"485e13ff-3e64-4c34-ac75-e421aa3cc191\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"cb3cdcfa-2372-4b24-a37d-b7594d6ac42f\",\"2cdf7d8d-6a13-4283-a596-68e7230c6bad\",\"485e13ff-3e64-4c34-ac75-e421aa3cc191\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"201765c7-9d49-4931-954d-047211d60c67\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"2cdf7d8d-6a13-4283-a596-68e7230c6bad\",\"splitAccessor\":\"cb3cdcfa-2372-4b24-a37d-b7594d6ac42f\",\"accessors\":[\"485e13ff-3e64-4c34-ac75-e421aa3cc191\"]}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\\\" admission webhook \\\\\\\\\\\\\\\"validation.gatekeeper.sh\\\\\\\\\\\\\\\" denied the request\\\" and not objectRef.namespace : falco and not user.name : system\\\\\\\\\\\\:serviceaccount\\\\\\\\\\\\:kube-system\\\\\\\\\\\\:daemon-set-controller\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-201765c7-9d49-4931-954d-047211d60c67\"}]},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"OPA-gatekeeper-detections(only enforce)\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":21,\"w\":13,\"h\":9,\"i\":\"bb843cd6-969c-4aae-a37c-978d2fe0bbef\"},\"panelIndex\":\"bb843cd6-969c-4aae-a37c-978d2fe0bbef\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"d401535b-665e-442b-a312-9edd3c1ebcc0\":{\"columns\":{\"61acda83-5d64-453e-9ca1-16b129cc2b42\":{\"label\":\"Top values of user.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"fac0953d-82d6-4ef6-955a-8bc79bccf002\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"ece5248d-0578-44e8-b245-bc2de86f37f4\":{\"label\":\"Top values of verb.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"verb.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"fac0953d-82d6-4ef6-955a-8bc79bccf002\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"fac0953d-82d6-4ef6-955a-8bc79bccf002\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"61acda83-5d64-453e-9ca1-16b129cc2b42\",\"ece5248d-0578-44e8-b245-bc2de86f37f4\",\"fac0953d-82d6-4ef6-955a-8bc79bccf002\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"layerId\":\"d401535b-665e-442b-a312-9edd3c1ebcc0\",\"seriesType\":\"bar_horizontal_stacked\",\"xAccessor\":\"ece5248d-0578-44e8-b245-bc2de86f37f4\",\"splitAccessor\":\"61acda83-5d64-453e-9ca1-16b129cc2b42\",\"accessors\":[\"fac0953d-82d6-4ef6-955a-8bc79bccf002\"]}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseStatus.reason : Forbidden and not user.name : (system*node* or *gatekeeper* or *kyverno* or *proxy* or *scheduler* or *anonymous* or *csi* or *controller*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-d401535b-665e-442b-a312-9edd3c1ebcc0\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Unauthorized events\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":13,\"y\":21,\"w\":11,\"h\":9,\"i\":\"4d0ab419-47d3-48bd-9e5e-93a563e20aee\"},\"panelIndex\":\"4d0ab419-47d3-48bd-9e5e-93a563e20aee\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b5bee140-5f01-4de3-9395-d279acb203dc\":{\"columns\":{\"48e660f4-62fa-4dfa-a1b4-670c9af71d59\":{\"label\":\"Top values of objectRef.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"4eda6d99-05c3-4ab8-a294-4632c9442157\":{\"label\":\"Top values of requestObject.kind.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"requestObject.kind.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"48e660f4-62fa-4dfa-a1b4-670c9af71d59\",\"4eda6d99-05c3-4ab8-a294-4632c9442157\",\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b5bee140-5f01-4de3-9395-d279acb203dc\",\"accessors\":[\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"48e660f4-62fa-4dfa-a1b4-670c9af71d59\",\"splitAccessor\":\"4eda6d99-05c3-4ab8-a294-4632c9442157\"}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and requestObject.roleRef.name.keyword:(cluster-admin or admin) and objectRef.resource.keyword: (clusterrolebindings or rolebinding) and verb : create and not responseObject.reason : AlreadyExists\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-b5bee140-5f01-4de3-9395-d279acb203dc\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Assign Cluster-admin/admin\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":21,\"w\":13,\"h\":17,\"i\":\"bbfefc52-8578-4755-84b5-1f18783f51d4\"},\"panelIndex\":\"bbfefc52-8578-4755-84b5-1f18783f51d4\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"fd0565e3-d5dd-490a-bd9d-2c0cd901a5c3\":{\"columns\":{\"80c15f05-a37b-4c19-a89b-0be5c9847ae0\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"4a5a33db-17c3-4477-a71d-05620894f6f9\":{\"label\":\"Top values of folder_id.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"folder_id.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"80c15f05-a37b-4c19-a89b-0be5c9847ae0\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"4a5a33db-17c3-4477-a71d-05620894f6f9\",\"80c15f05-a37b-4c19-a89b-0be5c9847ae0\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"fd0565e3-d5dd-490a-bd9d-2c0cd901a5c3\",\"groups\":[\"4a5a33db-17c3-4477-a71d-05620894f6f9\",\"4a5a33db-17c3-4477-a71d-05620894f6f9\",\"4a5a33db-17c3-4477-a71d-05620894f6f9\",\"4a5a33db-17c3-4477-a71d-05620894f6f9\"],\"metric\":\"80c15f05-a37b-4c19-a89b-0be5c9847ae0\",\"numberDisplay\":\"value\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":2,\"legendPosition\":\"right\"}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\\\" admission webhook \\\\\\\\\\\\\\\"validation.gatekeeper.sh\\\\\\\\\\\\\\\" denied the request\\\" and not objectRef.namespace : falco and not user.name : system\\\\\\\\\\\\:serviceaccount\\\\\\\\\\\\:kube-system\\\\\\\\\\\\:daemon-set-controller\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-fd0565e3-d5dd-490a-bd9d-2c0cd901a5c3\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"e254cc8a-f8d7-45b5-8f64-d2f448a0af10\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Look at yandex-cloud console\",\"config\":{\"url\":{\"template\":\"https://console.cloud.yandex.ru/folders/{{event.value}}\"},\"openInNewTab\":true,\"encodeUrl\":true}}}]}},\"hidePanelTitles\":false},\"title\":\"OPA-detections by Folder_id\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":21,\"w\":5,\"h\":9,\"i\":\"e1d27ba4-c45c-431e-933b-0a174c71d48c\"},\"panelIndex\":\"e1d27ba4-c45c-431e-933b-0a174c71d48c\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":1},{\"from\":1,\"to\":100000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":76}}},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"OPA-Gatekeeper-Detections\"},\"schema\":\"metric\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\\\" admission webhook \\\\\\\\\\\\\\\"validation.gatekeeper.sh\\\\\\\\\\\\\\\" denied the request\\\" and not objectRef.namespace : falco and not user.name : system\\\\\\\\\\\\:serviceaccount\\\\\\\\\\\\:kube-system\\\\\\\\\\\\:daemon-set-controller\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":42,\"y\":21,\"w\":6,\"h\":9,\"i\":\"93384633-a71f-4441-8beb-cbb5cab7c514\"},\"panelIndex\":\"93384633-a71f-4441-8beb-cbb5cab7c514\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"goal\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"isDisplayWarning\":true,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":1}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"rgba(105,112,125,0.2)\",\"width\":2},\"type\":\"meter\",\"style\":{\"bgFill\":\"rgba(105,112,125,0.2)\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"uiState\":{\"vis\":{\"defaultColors\":{\"0 - 1\":\"rgb(0,104,55)\"}}},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Delete-OPA-Gatekeeper \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"verb.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"group\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.name.keyword: gatekeeper-validating-webhook-configuration and verb : delete\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":30,\"w\":17,\"h\":8,\"i\":\"9e45767a-451f-48a1-b421-17738c299cd9\"},\"panelIndex\":\"9e45767a-451f-48a1-b421-17738c299cd9\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100}},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"NetworkPolicy:create/delete/update\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"responseObject.metadata.selfLink.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and requestObject.kind.keyword: (NetworkPolicy or CiliumNetworkPolicy) and verb : (create or update or delete)\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"NetworkPolicy:create/delete/update\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":17,\"y\":30,\"w\":7,\"h\":8,\"i\":\"398a8ba3-0ffc-40ee-90e1-c1547938d171\"},\"panelIndex\":\"398a8ba3-0ffc-40ee-90e1-c1547938d171\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"c76f346d-f6d6-4f9e-acb8-f5dde656e783\":{\"columns\":{\"b659aca0-0f1f-4408-8cea-1eea232bfe93\":{\"label\":\"Top values of objectRef.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"b659aca0-0f1f-4408-8cea-1eea232bfe93\",\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"c76f346d-f6d6-4f9e-acb8-f5dde656e783\",\"groups\":[\"b659aca0-0f1f-4408-8cea-1eea232bfe93\"],\"metric\":\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.namespace.keyword: kube-system and verb : create and objectRef.resource.keyword: pods and objectRef.name : * and not objectRef.name : (*calico* or *dns* or *npd* or *proxy* or *metrics* or *csi* or *masq*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-c76f346d-f6d6-4f9e-acb8-f5dde656e783\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Create pod in kube-system\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":37,\"y\":30,\"w\":11,\"h\":8,\"i\":\"ad54fa9e-40c4-4c74-85c2-543efeef1004\"},\"panelIndex\":\"ad54fa9e-40c4-4c74-85c2-543efeef1004\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"07f20f17-d0d3-4d63-b030-7980f218c412\":{\"columns\":{\"f7cf57b8-95d1-4801-ad75-10569cf4bca4\":{\"label\":\"Top values of objectRef.resource.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.resource.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"f7cf57b8-95d1-4801-ad75-10569cf4bca4\",\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"palette\":{\"type\":\"palette\",\"name\":\"negative\"},\"layers\":[{\"layerId\":\"07f20f17-d0d3-4d63-b030-7980f218c412\",\"groups\":[\"f7cf57b8-95d1-4801-ad75-10569cf4bca4\"],\"metric\":\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\",\"numberDisplay\":\"value\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.apiGroup.keyword: constraints.gatekeeper.sh and (verb : delete or update) and not user.name : \\\"system:serviceaccount:gatekeeper-system:gatekeeper-admin\\\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-07f20f17-d0d3-4d63-b030-7980f218c412\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"OPA-constraint-delete/update\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":38,\"w\":17,\"h\":7,\"i\":\"7a0555be-d5f3-4aeb-9159-f48d7264d40c\"},\"panelIndex\":\"7a0555be-d5f3-4aeb-9159-f48d7264d40c\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100}},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Exec to container\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"objectRef.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.subresource.keyword: exec\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Exec to container\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":17,\"y\":38,\"w\":16,\"h\":7,\"i\":\"b6d054cd-bca1-49a6-affb-7b115b76af5a\"},\"panelIndex\":\"b6d054cd-bca1-49a6-affb-7b115b76af5a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"18ea127c-2267-4d24-9893-d3ef85942514\":{\"columns\":{\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\":{\"label\":\"Unique count of user.name.keyword\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":false},\"c94a437d-970d-4c55-89a7-499d47032bc8\":{\"label\":\"ServiceAccounts\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":15,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true}},\"columnOrder\":[\"c94a437d-970d-4c55-89a7-499d47032bc8\",\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"18ea127c-2267-4d24-9893-d3ef85942514\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\",\"hidden\":true},{\"columnId\":\"c94a437d-970d-4c55-89a7-499d47032bc8\",\"isTransposed\":false,\"alignment\":\"left\"}]},\"query\":{\"query\":\"user.name : *serviceaccount*\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:certificate-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:certificate-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:coredns\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-1\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:coredns\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:cronjob-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-2\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:cronjob-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:generic-garbage-collector\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-3\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:generic-garbage-collector\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:job-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-4\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:job-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:endpointslice-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-5\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:endpointslice-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:endpoint-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-6\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:endpoint-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:calico-node\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-7\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:calico-node\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:kube-proxy\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-8\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:kube-proxy\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":null,\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"objectRef.namespace\",\"params\":{\"query\":\"kube-system\"},\"indexRefName\":\"filter-index-pattern-9\"},\"query\":{\"match_phrase\":{\"objectRef.namespace\":\"kube-system\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:kube-dns-autoscaler\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-10\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:kube-dns-autoscaler\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:daemon-set-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-11\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:daemon-set-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:metrics-server\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-12\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:metrics-server\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:pod-garbage-collector\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-13\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:pod-garbage-collector\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:node-problem-detector\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-14\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:node-problem-detector\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:typha-cpha\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-15\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:typha-cpha\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:service-account-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-16\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:service-account-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:resourcequota-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-17\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:resourcequota-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:replicaset-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-18\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:replicaset-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:namespace-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-19\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:namespace-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:typha-cpva\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-20\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:typha-cpva\"}},\"$state\":{\"store\":\"appState\"}}]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-18ea127c-2267-4d24-9893-d3ef85942514\"},{\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-1\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-2\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-3\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-4\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-5\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-6\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-7\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-8\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-9\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-10\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-11\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-12\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-13\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-14\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-15\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-16\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-17\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-18\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-19\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-20\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"}]},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":33,\"y\":38,\"w\":15,\"h\":7,\"i\":\"1d2c60a9-c570-45b0-8f49-e577c74e9ce3\"},\"panelIndex\":\"1d2c60a9-c570-45b0-8f49-e577c74e9ce3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"8e37793f-a2a3-48b0-a4b5-dda752e958b9\":{\"columns\":{\"239f6c81-2f8e-43e6-94ce-e92b61c1a91a\":{\"label\":\"YC Admins\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"239f6c81-2f8e-43e6-94ce-e92b61c1a91a\",\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"239f6c81-2f8e-43e6-94ce-e92b61c1a91a\"},{\"isTransposed\":false,\"columnId\":\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\",\"hidden\":true}],\"layerId\":\"8e37793f-a2a3-48b0-a4b5-dda752e958b9\"},\"query\":{\"query\":\"user.groups.keyword: *admin*\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-8e37793f-a2a3-48b0-a4b5-dda752e958b9\"}]},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":45,\"w\":17,\"h\":11,\"i\":\"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb\"},\"panelIndex\":\"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5\":{\"columns\":{\"71c8af00-7864-4ca6-a20d-0e43a80da354\":{\"label\":\"Top values of requestObject.status.containerStatuses.image.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"requestObject.status.containerStatuses.image.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"71c8af00-7864-4ca6-a20d-0e43a80da354\",\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5\",\"groups\":[\"71c8af00-7864-4ca6-a20d-0e43a80da354\"],\"metric\":\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and not requestObject.status.containerStatuses.image.keyword: *cr.yandex/* and requestObject.status.containerStatuses.containerID : *docker* and verb : patch and not requestObject.status.containerStatuses.image.keyword: (*falco* or *openpolicyagent* or *kyverno* or *k8s.gcr.io*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Images not from YC CR\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":17,\"y\":45,\"w\":16,\"h\":11,\"i\":\"611221c8-59e6-4ea2-bfdb-bbb53f646772\"},\"panelIndex\":\"611221c8-59e6-4ea2-bfdb-bbb53f646772\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"d7984002-15d6-4e61-b30e-d34bc0a066ea\":{\"columns\":{\"0c0b50e4-e53e-4ef3-a0d2-ee5cc416762f\":{\"label\":\"Top values of objectRef.namespace.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.namespace.keyword\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"3b8ab08b-e01f-407b-976f-4f073207dde4\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"3b8ab08b-e01f-407b-976f-4f073207dde4\":{\"label\":\"Unique count of objectRef.namespace.keyword\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"objectRef.namespace.keyword\",\"isBucketed\":false}},\"columnOrder\":[\"0c0b50e4-e53e-4ef3-a0d2-ee5cc416762f\",\"3b8ab08b-e01f-407b-976f-4f073207dde4\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"d7984002-15d6-4e61-b30e-d34bc0a066ea\",\"groups\":[\"0c0b50e4-e53e-4ef3-a0d2-ee5cc416762f\",\"0c0b50e4-e53e-4ef3-a0d2-ee5cc416762f\"],\"metric\":\"3b8ab08b-e01f-407b-976f-4f073207dde4\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-d7984002-15d6-4e61-b30e-d34bc0a066ea\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Namespaces\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":33,\"y\":45,\"w\":15,\"h\":11,\"i\":\"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c\"},\"panelIndex\":\"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b770c4de-625b-4d6b-9cd2-caf7372d5d6a\":{\"columns\":{\"e0074aab-0bf9-478b-94c1-f607c5dbf1be\":{\"label\":\"Top values of event.dataset.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.dataset.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"8a74805c-8582-46c0-8d53-920a919f9b59\":{\"label\":\"stageTimestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"stageTimestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"e0074aab-0bf9-478b-94c1-f607c5dbf1be\",\"8a74805c-8582-46c0-8d53-920a919f9b59\",\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"top\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b770c4de-625b-4d6b-9cd2-caf7372d5d6a\",\"accessors\":[\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"8a74805c-8582-46c0-8d53-920a919f9b59\",\"palette\":{\"type\":\"palette\",\"name\":\"temperature\"},\"splitAccessor\":\"e0074aab-0bf9-478b-94c1-f607c5dbf1be\"}]},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-b770c4de-625b-4d6b-9cd2-caf7372d5d6a\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Events-by-time\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":12,\"i\":\"46f514cc-dac0-4727-9416-ea72ea7a7ed6\"},\"panelIndex\":\"46f514cc-dac0-4727-9416-ea72ea7a7ed6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"f30699c9-d583-4db7-a489-b1e1ff2b86fe\":{\"columns\":{\"0ebea67a-d401-40b8-8e82-535c4849014e\":{\"label\":\"Top values of rule.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.keyword\",\"isBucketed\":true,\"params\":{\"size\":15,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a51a05c8-5849-473d-b77c-2fb8eb4cc331\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"a51a05c8-5849-473d-b77c-2fb8eb4cc331\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"0ebea67a-d401-40b8-8e82-535c4849014e\",\"a51a05c8-5849-473d-b77c-2fb8eb4cc331\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"f30699c9-d583-4db7-a489-b1e1ff2b86fe\",\"groups\":[\"0ebea67a-d401-40b8-8e82-535c4849014e\"],\"metric\":\"a51a05c8-5849-473d-b77c-2fb8eb4cc331\",\"numberDisplay\":\"value\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_falco\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-f30699c9-d583-4db7-a489-b1e1ff2b86fe\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts\"},{\"version\":\"7.13.4\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":68,\"w\":48,\"h\":17,\"i\":\"ed79a50e-9a59-475a-8e0c-d41b0cb84acd\"},\"panelIndex\":\"ed79a50e-9a59-475a-8e0c-d41b0cb84acd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ed79a50e-9a59-475a-8e0c-d41b0cb84acd\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":25,\"y\":85,\"w\":23,\"h\":9,\"i\":\"0492dbd1-815d-46f2-82b9-1917fddcd8a7\"},\"panelIndex\":\"0492dbd1-815d-46f2-82b9-1917fddcd8a7\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"889ef61e-c27c-49b4-97b5-0bcad36eb8c3\":{\"columns\":{\"6f154ebc-1387-4dd2-a440-5760b39ee994\":{\"label\":\"Top values of objectRef.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8d5794d3-a850-4779-b32f-3dc2edfa855a\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"93aed031-2523-40b2-a8ae-ec6fe6b06c8f\":{\"label\":\"Top values of user.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8d5794d3-a850-4779-b32f-3dc2edfa855a\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"8d5794d3-a850-4779-b32f-3dc2edfa855a\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"6f154ebc-1387-4dd2-a440-5760b39ee994\",\"93aed031-2523-40b2-a8ae-ec6fe6b06c8f\",\"8d5794d3-a850-4779-b32f-3dc2edfa855a\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"889ef61e-c27c-49b4-97b5-0bcad36eb8c3\",\"accessors\":[\"8d5794d3-a850-4779-b32f-3dc2edfa855a\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"xAccessor\":\"6f154ebc-1387-4dd2-a440-5760b39ee994\",\"splitAccessor\":\"93aed031-2523-40b2-a8ae-ec6fe6b06c8f\"}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\\\" admission webhook \\\\\\\\\\\\\\\"validate.kyverno.svc\\\\\\\\\\\\\\\" denied the request\\\" and not objectRef.namespace : falco and not user.name : system\\\\\\\\\\\\:serviceaccount\\\\\\\\\\\\:kube-system\\\\\\\\\\\\:daemon-set-controller\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-889ef61e-c27c-49b4-97b5-0bcad36eb8c3\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"kyverno-detections(only enforce)\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":25,\"y\":94,\"w\":12,\"h\":10,\"i\":\"c0743ff5-8470-469a-86cf-5d33d45deb34\"},\"panelIndex\":\"c0743ff5-8470-469a-86cf-5d33d45deb34\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"411026a7-eff6-47fa-9e93-bff4143c7544\":{\"columns\":{\"2858fd65-2d0f-4550-8c3c-52fdbc2209fe\":{\"label\":\"Top values of cluster_id.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cluster_id.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"b448e6ad-2ac4-459a-a76f-a505f6c9fbe3\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"b448e6ad-2ac4-459a-a76f-a505f6c9fbe3\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"2858fd65-2d0f-4550-8c3c-52fdbc2209fe\",\"b448e6ad-2ac4-459a-a76f-a505f6c9fbe3\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"411026a7-eff6-47fa-9e93-bff4143c7544\",\"groups\":[\"2858fd65-2d0f-4550-8c3c-52fdbc2209fe\"],\"metric\":\"b448e6ad-2ac4-459a-a76f-a505f6c9fbe3\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\\\" admission webhook \\\\\\\\\\\\\\\"validate.kyverno.svc\\\\\\\\\\\\\\\" denied the request\\\" and not objectRef.namespace : falco and not user.name : system\\\\\\\\\\\\:serviceaccount\\\\\\\\\\\\:kube-system\\\\\\\\\\\\:daemon-set-controller\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-411026a7-eff6-47fa-9e93-bff4143c7544\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"kyverno-detections by Cluster_id\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":94,\"w\":5,\"h\":10,\"i\":\"557d758a-f0b2-4d4f-aebd-a32f8cf70b9c\"},\"panelIndex\":\"557d758a-f0b2-4d4f-aebd-a32f8cf70b9c\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":1},{\"from\":1,\"to\":100000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":76}}},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Kyverno-Detections\"},\"schema\":\"metric\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\\\" admission webhook \\\\\\\\\\\\\\\"validate.kyverno.svc\\\\\\\\\\\\\\\" denied the request\\\" and not objectRef.namespace : falco and not user.name : system\\\\\\\\\\\\:serviceaccount\\\\\\\\\\\\:kube-system\\\\\\\\\\\\:daemon-set-controller\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":42,\"y\":94,\"w\":6,\"h\":10,\"i\":\"42a0de3a-e9c3-4f34-bf5a-82244b6cf497\"},\"panelIndex\":\"42a0de3a-e9c3-4f34-bf5a-82244b6cf497\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"goal\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"isDisplayWarning\":true,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":1}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"rgba(105,112,125,0.2)\",\"width\":2},\"type\":\"meter\",\"style\":{\"bgFill\":\"rgba(105,112,125,0.2)\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"uiState\":{\"vis\":{\"defaultColors\":{\"0 - 1\":\"rgb(0,104,55)\"}}},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Delete-Kyverno\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"verb.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"group\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.name.keyword: kyverno-resource-validating-webhook-cfg and verb : delete \",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":37,\"y\":104,\"w\":11,\"h\":8,\"i\":\"a79397e8-8420-4be0-903e-23c664992a25\"},\"panelIndex\":\"a79397e8-8420-4be0-903e-23c664992a25\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"07f20f17-d0d3-4d63-b030-7980f218c412\":{\"columns\":{\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"f7cf57b8-95d1-4801-ad75-10569cf4bca4\":{\"label\":\"Top values of objectRef.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"f7cf57b8-95d1-4801-ad75-10569cf4bca4\",\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"palette\":{\"type\":\"palette\",\"name\":\"negative\"},\"layers\":[{\"layerId\":\"07f20f17-d0d3-4d63-b030-7980f218c412\",\"groups\":[\"f7cf57b8-95d1-4801-ad75-10569cf4bca4\",\"f7cf57b8-95d1-4801-ad75-10569cf4bca4\"],\"metric\":\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\",\"numberDisplay\":\"value\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.apiGroup.keyword: kyverno.io and (verb : delete or update) and objectRef.resource.keyword: *policies\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-07f20f17-d0d3-4d63-b030-7980f218c412\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Kyverno-delete/update\"}]","timeRestore":false,"title":"k8s-dashboard-and-opa","version":1},"coreMigrationVersion":"7.13.4","id":"642ffd90-fcbc-11eb-b912-d99e9986f72b","migrationVersion":{"dashboard":"7.13.1"},"references":[{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"df4da863-2133-4560-82f3-5c126ac27f14:control_df4da863-2133-4560-82f3-5c126ac27f14_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"58adfaa4-02bd-4b64-89cc-395d6ee0f968:control_58adfaa4-02bd-4b64-89cc-395d6ee0f968_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"8fbf0969-9a83-426c-b42a-0e8d2a8f10c2:layer_1_source_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"913c8496-3a96-4fa5-b029-20b53d929446:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"913c8496-3a96-4fa5-b029-20b53d929446:indexpattern-datasource-layer-201765c7-9d49-4931-954d-047211d60c67","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"bb843cd6-969c-4aae-a37c-978d2fe0bbef:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"bb843cd6-969c-4aae-a37c-978d2fe0bbef:indexpattern-datasource-layer-d401535b-665e-442b-a312-9edd3c1ebcc0","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"4d0ab419-47d3-48bd-9e5e-93a563e20aee:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"4d0ab419-47d3-48bd-9e5e-93a563e20aee:indexpattern-datasource-layer-b5bee140-5f01-4de3-9395-d279acb203dc","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"bbfefc52-8578-4755-84b5-1f18783f51d4:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"bbfefc52-8578-4755-84b5-1f18783f51d4:indexpattern-datasource-layer-fd0565e3-d5dd-490a-bd9d-2c0cd901a5c3","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"e1d27ba4-c45c-431e-933b-0a174c71d48c:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"93384633-a71f-4441-8beb-cbb5cab7c514:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"9e45767a-451f-48a1-b421-17738c299cd9:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"398a8ba3-0ffc-40ee-90e1-c1547938d171:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"398a8ba3-0ffc-40ee-90e1-c1547938d171:indexpattern-datasource-layer-c76f346d-f6d6-4f9e-acb8-f5dde656e783","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ad54fa9e-40c4-4c74-85c2-543efeef1004:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ad54fa9e-40c4-4c74-85c2-543efeef1004:indexpattern-datasource-layer-07f20f17-d0d3-4d63-b030-7980f218c412","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"7a0555be-d5f3-4aeb-9159-f48d7264d40c:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:indexpattern-datasource-layer-18ea127c-2267-4d24-9893-d3ef85942514","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-0","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-1","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-2","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-3","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-5","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-6","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-7","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-8","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-9","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-10","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-11","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-12","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-13","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-14","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-15","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-16","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-17","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-18","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-19","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-20","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"1d2c60a9-c570-45b0-8f49-e577c74e9ce3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"1d2c60a9-c570-45b0-8f49-e577c74e9ce3:indexpattern-datasource-layer-8e37793f-a2a3-48b0-a4b5-dda752e958b9","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb:indexpattern-datasource-layer-f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"611221c8-59e6-4ea2-bfdb-bbb53f646772:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"611221c8-59e6-4ea2-bfdb-bbb53f646772:indexpattern-datasource-layer-d7984002-15d6-4e61-b30e-d34bc0a066ea","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c:indexpattern-datasource-layer-b770c4de-625b-4d6b-9cd2-caf7372d5d6a","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"46f514cc-dac0-4727-9416-ea72ea7a7ed6:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"46f514cc-dac0-4727-9416-ea72ea7a7ed6:indexpattern-datasource-layer-f30699c9-d583-4db7-a489-b1e1ff2b86fe","type":"index-pattern"},{"id":"0a358990-fcd0-11eb-b912-d99e9986f72b","name":"ed79a50e-9a59-475a-8e0c-d41b0cb84acd:panel_ed79a50e-9a59-475a-8e0c-d41b0cb84acd","type":"search"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"0492dbd1-815d-46f2-82b9-1917fddcd8a7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"0492dbd1-815d-46f2-82b9-1917fddcd8a7:indexpattern-datasource-layer-889ef61e-c27c-49b4-97b5-0bcad36eb8c3","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"c0743ff5-8470-469a-86cf-5d33d45deb34:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"c0743ff5-8470-469a-86cf-5d33d45deb34:indexpattern-datasource-layer-411026a7-eff6-47fa-9e93-bff4143c7544","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"557d758a-f0b2-4d4f-aebd-a32f8cf70b9c:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"42a0de3a-e9c3-4f34-bf5a-82244b6cf497:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"a79397e8-8420-4be0-903e-23c664992a25:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"a79397e8-8420-4be0-903e-23c664992a25:indexpattern-datasource-layer-07f20f17-d0d3-4d63-b030-7980f218c412","type":"index-pattern"}],"type":"dashboard","updated_at":"2021-08-15T11:01:33.321Z","version":"WzU5NDU4LDJd"} {"exportedCount":1,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/backup/last_backup/k8s_audit_dashboard-future.ndjson ================================================ {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":4,\"i\":\"ac6581bb-3b07-45af-b3d6-3c3e30b7fa0e\"},\"panelIndex\":\"ac6581bb-3b07-45af-b3d6-3c3e30b7fa0e\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Filters\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":12,\"h\":6,\"i\":\"df4da863-2133-4560-82f3-5c126ac27f14\"},\"panelIndex\":\"df4da863-2133-4560-82f3-5c126ac27f14\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1628927100713\",\"fieldName\":\"cluster_id.keyword\",\"parent\":\"\",\"label\":\"k8s-cluster_id\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_df4da863-2133-4560-82f3-5c126ac27f14_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Cluster filter\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":4,\"w\":12,\"h\":6,\"i\":\"58adfaa4-02bd-4b64-89cc-395d6ee0f968\"},\"panelIndex\":\"58adfaa4-02bd-4b64-89cc-395d6ee0f968\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1628927314788\",\"fieldName\":\"cloud_id.keyword\",\"parent\":\"\",\"label\":\"k8s-cloud_id\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_58adfaa4-02bd-4b64-89cc-395d6ee0f968_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Cloud filter\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":4,\"w\":12,\"h\":6,\"i\":\"7bd8bc93-77ba-4de0-a3ff-46dfb58b9109\"},\"panelIndex\":\"7bd8bc93-77ba-4de0-a3ff-46dfb58b9109\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1629308709541\",\"fieldName\":\"folder_id.keyword\",\"parent\":\"\",\"label\":\"k8s-folder_id\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_7bd8bc93-77ba-4de0-a3ff-46dfb58b9109_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Folder filter\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":4,\"w\":12,\"h\":6,\"i\":\"ff5a5c53-c294-4c2b-ad00-3011d042dbcb\"},\"panelIndex\":\"ff5a5c53-c294-4c2b-ad00-3011d042dbcb\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1629308369258\",\"fieldName\":\"objectRef.namespace.keyword\",\"parent\":\"\",\"label\":\"k8s-namespace\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_ff5a5c53-c294-4c2b-ad00-3011d042dbcb_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Namespace filter\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":10,\"w\":12,\"h\":4,\"i\":\"5c09dead-7faf-4100-8f5a-7dec81dfcae3\"},\"panelIndex\":\"5c09dead-7faf-4100-8f5a-7dec81dfcae3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\":{\"columns\":{\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\":{\"label\":\"Top values of cluster_url.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cluster_url.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"76b4703c-15ec-48d9-a55f-4f8b9ad61473\":{\"label\":\"Top values of cluster_id.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cluster_id.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"95107cd5-d71c-446d-be12-9ebe860cca6c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"76b4703c-15ec-48d9-a55f-4f8b9ad61473\",\"95107cd5-d71c-446d-be12-9ebe860cca6c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\",\"groups\":[\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"76b4703c-15ec-48d9-a55f-4f8b9ad61473\"],\"metric\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"hide\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"e2434170-8807-4c59-823d-345d4f235e8d\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Go to URL\",\"config\":{\"url\":{\"template\":\"{{event.value}}\"},\"openInNewTab\":true,\"encodeUrl\":true}}}]}},\"hidePanelTitles\":false},\"title\":\"Click on Cluster - go to YC concole\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":10,\"w\":12,\"h\":4,\"i\":\"ba1c70dc-01c5-4fe3-8920-0dc8b0285e9f\"},\"panelIndex\":\"ba1c70dc-01c5-4fe3-8920-0dc8b0285e9f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\":{\"columns\":{\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\":{\"label\":\"Top values of cloud.service.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cloud.service.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"95107cd5-d71c-446d-be12-9ebe860cca6c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"95107cd5-d71c-446d-be12-9ebe860cca6c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\",\"groups\":[\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\"],\"metric\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"hide\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"e2434170-8807-4c59-823d-345d4f235e8d\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Go to URL\",\"config\":{\"url\":{\"template\":\"https://console.cloud.yandex.ru/\"},\"openInNewTab\":true,\"encodeUrl\":true}}}]}},\"hidePanelTitles\":false},\"title\":\"Click on Cloud - go to YC concole\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":10,\"w\":12,\"h\":4,\"i\":\"14c3ebb9-6592-4fb5-ab34-2a8ab1e0ab04\"},\"panelIndex\":\"14c3ebb9-6592-4fb5-ab34-2a8ab1e0ab04\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\":{\"columns\":{\"57147c6c-713f-4793-865a-1d671e3f141c\":{\"label\":\"Top values of folder_id.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"folder_id.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"95107cd5-d71c-446d-be12-9ebe860cca6c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"57147c6c-713f-4793-865a-1d671e3f141c\",\"95107cd5-d71c-446d-be12-9ebe860cca6c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\",\"groups\":[\"57147c6c-713f-4793-865a-1d671e3f141c\"],\"metric\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"hide\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"e2434170-8807-4c59-823d-345d4f235e8d\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Go to URL\",\"config\":{\"url\":{\"template\":\"https://console.cloud.yandex.ru/folders/{{event.value}}\"},\"openInNewTab\":true,\"encodeUrl\":true}}}]}},\"hidePanelTitles\":false},\"title\":\"Click on Folder - go to YC concole\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":14,\"w\":48,\"h\":4,\"i\":\"7a112312-c097-4205-9f74-38913eae2169\"},\"panelIndex\":\"7a112312-c097-4205-9f74-38913eae2169\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":true,\"markdown\":\"Main k8s audit Events\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":15,\"i\":\"8fbf0969-9a83-426c-b42a-0e8d2a8f10c2\"},\"panelIndex\":\"8fbf0969-9a83-426c-b42a-0e8d2a8f10c2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":false,\\\"id\\\":\\\"road_map\\\"},\\\"id\\\":\\\"99115329-feb3-42c6-b426-dff8bd1e1b3a\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"type\\\":\\\"VECTOR_TILE\\\",\\\"areLabelsOnTop\\\":false},{\\\"sourceDescriptor\\\":{\\\"indexPatternId\\\":\\\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\\\",\\\"geoField\\\":\\\"geoip.location\\\",\\\"filterByMapBounds\\\":true,\\\"scalingType\\\":\\\"CLUSTERS\\\",\\\"id\\\":\\\"5728ef62-6dc0-4b27-b048-7ffda088d201\\\",\\\"type\\\":\\\"ES_SEARCH\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"tooltipProperties\\\":[],\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"topHitsSplitField\\\":\\\"\\\",\\\"topHitsSize\\\":1},\\\"id\\\":\\\"04fbaa00-b4ba-40db-b46e-8a6dd6d12d04\\\",\\\"label\\\":\\\"success-connect-from-ip\\\",\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.91,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"VECTOR\\\",\\\"properties\\\":{\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"fillColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"}},\\\"lineColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#41937c\\\"}},\\\"lineWidth\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":1}},\\\"iconSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":6}},\\\"iconOrientation\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"orientation\\\":0}},\\\"labelText\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"\\\"}},\\\"labelColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"}},\\\"labelSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":14}},\\\"labelBorderColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"}},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}}},\\\"isTimeAware\\\":true},\\\"type\\\":\\\"BLENDED_VECTOR\\\",\\\"joins\\\":[],\\\"query\\\":{\\\"query\\\":\\\"not responseStatus.status : Failure\\\",\\\"language\\\":\\\"kuery\\\"}}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.41,\\\"center\\\":{\\\"lon\\\":78.63166,\\\"lat\\\":57.21062},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15d\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"event.dataset : yandexcloud.k8s_audit_logs and source.ip : * and not responseStatus.status : Failure\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"mapCenter\":{\"lat\":57.21062,\"lon\":78.63166,\"zoom\":1.41},\"mapBuffer\":{\"minLon\":-155.53415999999999,\"minLat\":-9.879624999999994,\"maxLon\":312.79748,\"maxLat\":104.90343499999999},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Connect from ip\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":10,\"i\":\"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c\"},\"panelIndex\":\"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b770c4de-625b-4d6b-9cd2-caf7372d5d6a\":{\"columns\":{\"e0074aab-0bf9-478b-94c1-f607c5dbf1be\":{\"label\":\"Top values of event.dataset.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.dataset.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"8a74805c-8582-46c0-8d53-920a919f9b59\":{\"label\":\"stageTimestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"stageTimestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"e0074aab-0bf9-478b-94c1-f607c5dbf1be\",\"8a74805c-8582-46c0-8d53-920a919f9b59\",\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"top\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b770c4de-625b-4d6b-9cd2-caf7372d5d6a\",\"accessors\":[\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"8a74805c-8582-46c0-8d53-920a919f9b59\",\"palette\":{\"type\":\"palette\",\"name\":\"temperature\"},\"splitAccessor\":\"e0074aab-0bf9-478b-94c1-f607c5dbf1be\"}]},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-b770c4de-625b-4d6b-9cd2-caf7372d5d6a\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Events-by-time\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":28,\"w\":12,\"h\":14,\"i\":\"398a8ba3-0ffc-40ee-90e1-c1547938d171\"},\"panelIndex\":\"398a8ba3-0ffc-40ee-90e1-c1547938d171\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"c76f346d-f6d6-4f9e-acb8-f5dde656e783\":{\"columns\":{\"b659aca0-0f1f-4408-8cea-1eea232bfe93\":{\"label\":\"Top values of objectRef.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"b659aca0-0f1f-4408-8cea-1eea232bfe93\",\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"c76f346d-f6d6-4f9e-acb8-f5dde656e783\",\"groups\":[\"b659aca0-0f1f-4408-8cea-1eea232bfe93\"],\"metric\":\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.namespace.keyword: kube-system and verb : create and objectRef.resource.keyword: pods and objectRef.name : * and not objectRef.name : (*calico* or *dns* or *npd* or *proxy* or *metrics* or *csi* or *masq* or *hubble*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-c76f346d-f6d6-4f9e-acb8-f5dde656e783\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Create pod in kube-system\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":14,\"i\":\"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb\"},\"panelIndex\":\"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5\":{\"columns\":{\"71c8af00-7864-4ca6-a20d-0e43a80da354\":{\"label\":\"Top values of requestObject.status.containerStatuses.image.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"requestObject.status.containerStatuses.image.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"71c8af00-7864-4ca6-a20d-0e43a80da354\",\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5\",\"groups\":[\"71c8af00-7864-4ca6-a20d-0e43a80da354\"],\"metric\":\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and not requestObject.status.containerStatuses.image.keyword: *cr.yandex/* and requestObject.status.containerStatuses.containerID : *docker* and verb : patch and not requestObject.status.containerStatuses.image.keyword: (*falco* or *openpolicyagent* or *kyverno* or *k8s.gcr.io*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Images not from YC CR\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":33,\"w\":13,\"h\":9,\"i\":\"1d2c60a9-c570-45b0-8f49-e577c74e9ce3\"},\"panelIndex\":\"1d2c60a9-c570-45b0-8f49-e577c74e9ce3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"8e37793f-a2a3-48b0-a4b5-dda752e958b9\":{\"columns\":{\"239f6c81-2f8e-43e6-94ce-e92b61c1a91a\":{\"label\":\"Current Cluster Admins\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"239f6c81-2f8e-43e6-94ce-e92b61c1a91a\",\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"239f6c81-2f8e-43e6-94ce-e92b61c1a91a\"},{\"isTransposed\":false,\"columnId\":\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\",\"hidden\":true}],\"layerId\":\"8e37793f-a2a3-48b0-a4b5-dda752e958b9\"},\"query\":{\"query\":\"user.groups.keyword: *admin*\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-8e37793f-a2a3-48b0-a4b5-dda752e958b9\"}]},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":13,\"y\":33,\"w\":11,\"h\":9,\"i\":\"4d0ab419-47d3-48bd-9e5e-93a563e20aee\"},\"panelIndex\":\"4d0ab419-47d3-48bd-9e5e-93a563e20aee\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b5bee140-5f01-4de3-9395-d279acb203dc\":{\"columns\":{\"48e660f4-62fa-4dfa-a1b4-670c9af71d59\":{\"label\":\"Top values of objectRef.resource.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.resource.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"4eda6d99-05c3-4ab8-a294-4632c9442157\":{\"label\":\"Top values of requestObject.subjects.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"requestObject.subjects.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"48e660f4-62fa-4dfa-a1b4-670c9af71d59\",\"4eda6d99-05c3-4ab8-a294-4632c9442157\",\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b5bee140-5f01-4de3-9395-d279acb203dc\",\"accessors\":[\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"48e660f4-62fa-4dfa-a1b4-670c9af71d59\",\"splitAccessor\":\"4eda6d99-05c3-4ab8-a294-4632c9442157\"}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and requestObject.roleRef.name.keyword:(cluster-admin or admin) and objectRef.resource.keyword: (clusterrolebindings or rolebindings) and verb : create and not responseObject.reason : AlreadyExists\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-b5bee140-5f01-4de3-9395-d279acb203dc\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Assign Cluster-admin/admin\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":42,\"w\":17,\"h\":8,\"i\":\"9e45767a-451f-48a1-b421-17738c299cd9\"},\"panelIndex\":\"9e45767a-451f-48a1-b421-17738c299cd9\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"row\":false},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"NetworkPolicy:create/delete/update\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"cluster_id.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"split\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"verb.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and requestObject.kind.keyword: (NetworkPolicy or CiliumNetworkPolicy or DeleteOptions) and verb : (create or update or delete) and objectRef.resource : networkpolicies\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"NetworkPolicy:create/delete/update\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":17,\"y\":42,\"w\":17,\"h\":8,\"i\":\"7a0555be-d5f3-4aeb-9159-f48d7264d40c\"},\"panelIndex\":\"7a0555be-d5f3-4aeb-9159-f48d7264d40c\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"row\":false},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Exec to container\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"cluster_id.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Cluster_id\"},\"schema\":\"split\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"objectRef.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.subresource.keyword: exec\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Exec to container\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":34,\"y\":42,\"w\":14,\"h\":8,\"i\":\"b6d054cd-bca1-49a6-affb-7b115b76af5a\"},\"panelIndex\":\"b6d054cd-bca1-49a6-affb-7b115b76af5a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"18ea127c-2267-4d24-9893-d3ef85942514\":{\"columns\":{\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\":{\"label\":\"Unique count of user.name.keyword\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":false},\"c94a437d-970d-4c55-89a7-499d47032bc8\":{\"label\":\"ServiceAccounts\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":15,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true}},\"columnOrder\":[\"c94a437d-970d-4c55-89a7-499d47032bc8\",\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"18ea127c-2267-4d24-9893-d3ef85942514\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\",\"hidden\":true},{\"columnId\":\"c94a437d-970d-4c55-89a7-499d47032bc8\",\"isTransposed\":false,\"alignment\":\"left\"}]},\"query\":{\"query\":\"user.name : *serviceaccount*\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:certificate-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:certificate-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:coredns\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-1\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:coredns\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:cronjob-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-2\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:cronjob-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:generic-garbage-collector\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-3\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:generic-garbage-collector\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:job-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-4\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:job-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:endpointslice-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-5\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:endpointslice-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:endpoint-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-6\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:endpoint-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:calico-node\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-7\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:calico-node\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:kube-proxy\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-8\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:kube-proxy\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":null,\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"objectRef.namespace\",\"params\":{\"query\":\"kube-system\"},\"indexRefName\":\"filter-index-pattern-9\"},\"query\":{\"match_phrase\":{\"objectRef.namespace\":\"kube-system\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:kube-dns-autoscaler\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-10\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:kube-dns-autoscaler\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:daemon-set-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-11\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:daemon-set-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:metrics-server\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-12\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:metrics-server\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:pod-garbage-collector\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-13\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:pod-garbage-collector\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:node-problem-detector\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-14\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:node-problem-detector\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:typha-cpha\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-15\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:typha-cpha\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:service-account-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-16\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:service-account-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:resourcequota-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-17\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:resourcequota-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:replicaset-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-18\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:replicaset-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:namespace-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-19\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:namespace-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:typha-cpva\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-20\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:typha-cpva\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:gatekeeper-system:gatekeeper-admin\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-21\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:gatekeeper-system:gatekeeper-admin\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:cilium-operator\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-22\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:cilium-operator\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:cilium\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-23\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:cilium\"}},\"$state\":{\"store\":\"appState\"}}]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-18ea127c-2267-4d24-9893-d3ef85942514\"},{\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-1\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-2\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-3\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-4\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-5\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-6\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-7\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-8\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-9\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-10\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-11\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-12\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-13\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-14\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-15\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-16\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-17\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-18\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-19\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-20\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-21\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-22\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-23\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"}]},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":50,\"w\":34,\"h\":9,\"i\":\"96fdb671-a668-4ffc-9ad1-792d69551764\"},\"panelIndex\":\"96fdb671-a668-4ffc-9ad1-792d69551764\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"id\\\":\\\"dark_map\\\",\\\"isAutoSelect\\\":false},\\\"id\\\":\\\"1a56b9d3-c903-4286-8d75-48b62bf38532\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"type\\\":\\\"VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"indexPatternId\\\":\\\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\\\",\\\"geoField\\\":\\\"geoip.location\\\",\\\"requestType\\\":\\\"heatmap\\\",\\\"id\\\":\\\"65583363-2a0b-40ce-bf98-40ff54ad224e\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"resolution\\\":\\\"FINE\\\"},\\\"id\\\":\\\"519e1390-4055-4be7-a5bc-537bb78eea07\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.58,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"HEATMAP\\\",\\\"colorRampName\\\":\\\"theclassic\\\"},\\\"type\\\":\\\"HEATMAP\\\"}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.45,\\\"center\\\":{\\\"lon\\\":54.04753,\\\"lat\\\":56.32976},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15d\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"event.dataset : yandexcloud.k8s_audit_logs and responseStatus.reason : Forbidden and not user.name : (system*node* or *gatekeeper* or *kyverno* or *proxy* or *scheduler* or *anonymous* or *csi* or *controller*)\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"mapCenter\":{\"lat\":56.32976,\"lon\":54.04753,\"zoom\":1.45},\"mapBuffer\":{\"minLon\":-269.96721,\"minLat\":21.676450000000003,\"maxLon\":378.06227,\"maxLat\":84.75865},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":34,\"y\":50,\"w\":14,\"h\":9,\"i\":\"bb843cd6-969c-4aae-a37c-978d2fe0bbef\"},\"panelIndex\":\"bb843cd6-969c-4aae-a37c-978d2fe0bbef\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"d401535b-665e-442b-a312-9edd3c1ebcc0\":{\"columns\":{\"61acda83-5d64-453e-9ca1-16b129cc2b42\":{\"label\":\"Top values of user.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"56667c46-e4e6-4a18-9613-12d027ca7a16\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"ece5248d-0578-44e8-b245-bc2de86f37f4\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"56667c46-e4e6-4a18-9613-12d027ca7a16\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"61acda83-5d64-453e-9ca1-16b129cc2b42\",\"ece5248d-0578-44e8-b245-bc2de86f37f4\",\"56667c46-e4e6-4a18-9613-12d027ca7a16\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"palette\":{\"type\":\"palette\",\"name\":\"gray\"},\"layerId\":\"d401535b-665e-442b-a312-9edd3c1ebcc0\",\"seriesType\":\"bar_stacked\",\"xAccessor\":\"ece5248d-0578-44e8-b245-bc2de86f37f4\",\"splitAccessor\":\"61acda83-5d64-453e-9ca1-16b129cc2b42\",\"accessors\":[\"56667c46-e4e6-4a18-9613-12d027ca7a16\"]}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseStatus.reason : Forbidden and not user.name : (system*node* or *gatekeeper* or *kyverno* or *proxy* or *scheduler* or *anonymous* or *csi* or *controller*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-d401535b-665e-442b-a312-9edd3c1ebcc0\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Unauthorized events\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":59,\"w\":48,\"h\":4,\"i\":\"5abb0208-9bcf-42f2-8376-ee20d8047f2a\"},\"panelIndex\":\"5abb0208-9bcf-42f2-8376-ee20d8047f2a\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Policy Engine\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":63,\"w\":5,\"h\":9,\"i\":\"e1d27ba4-c45c-431e-933b-0a174c71d48c\"},\"panelIndex\":\"e1d27ba4-c45c-431e-933b-0a174c71d48c\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":1},{\"from\":1,\"to\":100000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":76}}},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"OPA-Gatekeeper-Detections\"},\"schema\":\"metric\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\\\" admission webhook \\\\\\\\\\\\\\\"validation.gatekeeper.sh\\\\\\\\\\\\\\\" denied the request\\\" and not objectRef.namespace : falco and not user.name : system\\\\\\\\\\\\:serviceaccount\\\\\\\\\\\\:kube-system\\\\\\\\\\\\:daemon-set-controller\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":5,\"y\":63,\"w\":9,\"h\":9,\"i\":\"f9181782-c266-4c44-860e-dc37a48bf08f\"},\"panelIndex\":\"f9181782-c266-4c44-860e-dc37a48bf08f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"6f2deb01-002f-4a18-bee7-7968ad39a8a7\":{\"columns\":{\"443941ae-37bd-4230-a7c2-3eec6b193f37\":{\"label\":\"Top values of user.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1708471f-d516-4b55-a792-7263d51215ba\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"1708471f-d516-4b55-a792-7263d51215ba\":{\"label\":\"OPA-Gatekeeper detection\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"443941ae-37bd-4230-a7c2-3eec6b193f37\",\"1708471f-d516-4b55-a792-7263d51215ba\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"6f2deb01-002f-4a18-bee7-7968ad39a8a7\",\"groups\":[\"443941ae-37bd-4230-a7c2-3eec6b193f37\"],\"metric\":\"1708471f-d516-4b55-a792-7263d51215ba\",\"numberDisplay\":\"value\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\\\" admission webhook \\\\\\\\\\\\\\\"validation.gatekeeper.sh\\\\\\\\\\\\\\\" denied the request\\\" and not objectRef.namespace : falco and not user.name : system\\\\\\\\\\\\:serviceaccount\\\\\\\\\\\\:kube-system\\\\\\\\\\\\:daemon-set-controller\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-6f2deb01-002f-4a18-bee7-7968ad39a8a7\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"opa-by-user(yc iam user get --id )\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":63,\"w\":10,\"h\":9,\"i\":\"2e60d3e4-f6f6-4666-9708-8af23008ed32\"},\"panelIndex\":\"2e60d3e4-f6f6-4666-9708-8af23008ed32\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"6f2deb01-002f-4a18-bee7-7968ad39a8a7\":{\"columns\":{\"33d5d2ad-315b-4fc7-8950-8b2aba74870d\":{\"label\":\"Top values of objectRef.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dd5a06c0-b486-4e3f-bdc0-d39cad693a1d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"dd5a06c0-b486-4e3f-bdc0-d39cad693a1d\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"33d5d2ad-315b-4fc7-8950-8b2aba74870d\",\"dd5a06c0-b486-4e3f-bdc0-d39cad693a1d\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"6f2deb01-002f-4a18-bee7-7968ad39a8a7\",\"groups\":[\"33d5d2ad-315b-4fc7-8950-8b2aba74870d\"],\"metric\":\"dd5a06c0-b486-4e3f-bdc0-d39cad693a1d\",\"numberDisplay\":\"value\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\\\" admission webhook \\\\\\\\\\\\\\\"validation.gatekeeper.sh\\\\\\\\\\\\\\\" denied the request\\\" and not objectRef.namespace : falco and not user.name : system\\\\\\\\\\\\:serviceaccount\\\\\\\\\\\\:kube-system\\\\\\\\\\\\:daemon-set-controller\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-6f2deb01-002f-4a18-bee7-7968ad39a8a7\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"opa-by-objects\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":63,\"w\":15,\"h\":9,\"i\":\"ad54fa9e-40c4-4c74-85c2-543efeef1004\"},\"panelIndex\":\"ad54fa9e-40c4-4c74-85c2-543efeef1004\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"07f20f17-d0d3-4d63-b030-7980f218c412\":{\"columns\":{\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"a22a71c8-b6c2-4025-a490-fb1bebc6c1ee\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"3h\"}},\"fa0a3f8e-d61b-4c02-b25d-e4b7fa9692b2\":{\"label\":\"Top values of objectRef.resource.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.resource.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"fa0a3f8e-d61b-4c02-b25d-e4b7fa9692b2\",\"a22a71c8-b6c2-4025-a490-fb1bebc6c1ee\",\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"07f20f17-d0d3-4d63-b030-7980f218c412\",\"seriesType\":\"bar_stacked\",\"xAccessor\":\"a22a71c8-b6c2-4025-a490-fb1bebc6c1ee\",\"splitAccessor\":\"fa0a3f8e-d61b-4c02-b25d-e4b7fa9692b2\",\"accessors\":[\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"]}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.apiGroup.keyword: constraints.gatekeeper.sh and (verb : delete or update) and not user.name : \\\"system:serviceaccount:gatekeeper-system:gatekeeper-admin\\\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-07f20f17-d0d3-4d63-b030-7980f218c412\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"OPA-constraint-delete/update\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":39,\"y\":63,\"w\":9,\"h\":9,\"i\":\"93384633-a71f-4441-8beb-cbb5cab7c514\"},\"panelIndex\":\"93384633-a71f-4441-8beb-cbb5cab7c514\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"goal\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"isDisplayWarning\":true,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":1}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"rgba(105,112,125,0.2)\",\"width\":2},\"type\":\"meter\",\"style\":{\"bgFill\":\"rgba(105,112,125,0.2)\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"uiState\":{\"vis\":{\"defaultColors\":{\"0 - 1\":\"rgb(0,104,55)\"}}},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Delete-OPA-Gatekeeper \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"verb.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"group\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.name.keyword: gatekeeper-validating-webhook-configuration and verb : delete\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":72,\"w\":24,\"h\":9,\"i\":\"52a3db41-876c-451f-9f9e-d36eba9c0e0b\"},\"panelIndex\":\"52a3db41-876c-451f-9f9e-d36eba9c0e0b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b268ea32-45f2-49ca-acc2-0f3b7663868a\":{\"columns\":{\"f55c68b6-5d53-4a2e-b042-8a8cf206dc02\":{\"label\":\"Top values of responseStatus.reason.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"responseStatus.reason.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c9e5ace9-d76e-4864-a4f6-0ba014cbaa50\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"f0ffb8b7-7d70-4a94-a059-52312f25611d\":{\"label\":\"requestReceivedTimestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"requestReceivedTimestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"1h\"}},\"c9e5ace9-d76e-4864-a4f6-0ba014cbaa50\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"f55c68b6-5d53-4a2e-b042-8a8cf206dc02\",\"f0ffb8b7-7d70-4a94-a059-52312f25611d\",\"c9e5ace9-d76e-4864-a4f6-0ba014cbaa50\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b268ea32-45f2-49ca-acc2-0f3b7663868a\",\"accessors\":[\"c9e5ace9-d76e-4864-a4f6-0ba014cbaa50\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"f0ffb8b7-7d70-4a94-a059-52312f25611d\",\"splitAccessor\":\"f55c68b6-5d53-4a2e-b042-8a8cf206dc02\"}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\\\" admission webhook \\\\\\\\\\\\\\\"validation.gatekeeper.sh\\\\\\\\\\\\\\\" denied the request\\\" and not objectRef.namespace : falco and not user.name : system\\\\\\\\\\\\:serviceaccount\\\\\\\\\\\\:kube-system\\\\\\\\\\\\:daemon-set-controller\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-b268ea32-45f2-49ca-acc2-0f3b7663868a\"}]},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"OPA detections\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":72,\"w\":24,\"h\":9,\"i\":\"c6b6d024-0094-4079-934f-37468ec76121\"},\"panelIndex\":\"c6b6d024-0094-4079-934f-37468ec76121\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"097ddfd1-df10-4f0c-b6f6-567a5c0de7f3\":{\"columns\":{\"eb7cdf1a-0219-41d8-9e2c-793f94c76d2e\":{\"label\":\"Constraint\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"responseStatus.reason.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"ccf0f200-e0e4-4085-bc47-f07b383d5bed\":{\"label\":\"User_id\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"01d7da50-fd9c-4044-8956-ecca57ba6241\":{\"label\":\"IP address\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.ip\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"a14d5ec1-9213-4ea8-9f6e-4d71237b5a60\":{\"label\":\"Namespace\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.namespace.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"4de4eb95-f0d5-4691-841c-bff0aee30ecb\":{\"label\":\"Cluster_id\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cluster_id.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"1dddd46e-3924-48c4-995a-32206cea8932\":{\"label\":\"Url \",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cluster_url.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"eb7cdf1a-0219-41d8-9e2c-793f94c76d2e\",\"ccf0f200-e0e4-4085-bc47-f07b383d5bed\",\"01d7da50-fd9c-4044-8956-ecca57ba6241\",\"a14d5ec1-9213-4ea8-9f6e-4d71237b5a60\",\"4de4eb95-f0d5-4691-841c-bff0aee30ecb\",\"1dddd46e-3924-48c4-995a-32206cea8932\",\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"eb7cdf1a-0219-41d8-9e2c-793f94c76d2e\",\"width\":183},{\"isTransposed\":false,\"columnId\":\"ccf0f200-e0e4-4085-bc47-f07b383d5bed\",\"width\":233.66666666666669},{\"isTransposed\":false,\"columnId\":\"01d7da50-fd9c-4044-8956-ecca57ba6241\"},{\"isTransposed\":false,\"columnId\":\"a14d5ec1-9213-4ea8-9f6e-4d71237b5a60\"},{\"isTransposed\":false,\"columnId\":\"4de4eb95-f0d5-4691-841c-bff0aee30ecb\"},{\"isTransposed\":false,\"columnId\":\"1dddd46e-3924-48c4-995a-32206cea8932\"},{\"isTransposed\":false,\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\",\"hidden\":true}],\"layerId\":\"097ddfd1-df10-4f0c-b6f6-567a5c0de7f3\"},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\\\" admission webhook \\\\\\\\\\\\\\\"validation.gatekeeper.sh\\\\\\\\\\\\\\\" denied the request\\\" and not objectRef.namespace : falco and not user.name : system\\\\\\\\\\\\:serviceaccount\\\\\\\\\\\\:kube-system\\\\\\\\\\\\:daemon-set-controller\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-097ddfd1-df10-4f0c-b6f6-567a5c0de7f3\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"ca676417-5a6b-4866-ac55-1c1106303bab\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Go to URL\",\"config\":{\"url\":{\"template\":\"{{event.value}}\"},\"openInNewTab\":true,\"encodeUrl\":true}}}]}}}},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":81,\"w\":48,\"h\":4,\"i\":\"a64da002-402b-4924-857f-80adf4045df5\"},\"panelIndex\":\"a64da002-402b-4924-857f-80adf4045df5\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Falco\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":85,\"w\":24,\"h\":15,\"i\":\"bb303e9f-9d56-4352-8271-144e10090f10\"},\"panelIndex\":\"bb303e9f-9d56-4352-8271-144e10090f10\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b5f5f904-241e-4808-929b-d6c61b0d845e\":{\"columns\":{\"0b9303c6-773b-467e-b335-c7a13beed79b\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"c2e6d82b-b390-48c0-b1ff-afbdcbe9fa2d\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"3f101617-85f4-4a62-b192-27622ceca47f\":{\"label\":\"Top values of rule.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c2e6d82b-b390-48c0-b1ff-afbdcbe9fa2d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"3f101617-85f4-4a62-b192-27622ceca47f\",\"0b9303c6-773b-467e-b335-c7a13beed79b\",\"c2e6d82b-b390-48c0-b1ff-afbdcbe9fa2d\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"title\":\"Empty XY chart\",\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b5f5f904-241e-4808-929b-d6c61b0d845e\",\"accessors\":[\"c2e6d82b-b390-48c0-b1ff-afbdcbe9fa2d\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"0b9303c6-773b-467e-b335-c7a13beed79b\",\"splitAccessor\":\"3f101617-85f4-4a62-b192-27622ceca47f\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-b5f5f904-241e-4808-929b-d6c61b0d845e\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":85,\"w\":24,\"h\":15,\"i\":\"ee4203e6-a295-4720-9d5e-e20ee2a38a2b\"},\"panelIndex\":\"ee4203e6-a295-4720-9d5e-e20ee2a38a2b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"f1fa275e-3030-4d8d-93e0-038c0ba2aee2\":{\"columns\":{\"06cc94fc-d0df-4742-a836-9d9c3c683d1d\":{\"label\":\"Top values of priority.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"priority.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1aee363d-08e6-40a3-bc0c-1a62bc0178e0\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"1aee363d-08e6-40a3-bc0c-1a62bc0178e0\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"06cc94fc-d0df-4742-a836-9d9c3c683d1d\",\"1aee363d-08e6-40a3-bc0c-1a62bc0178e0\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"f1fa275e-3030-4d8d-93e0-038c0ba2aee2\",\"groups\":[\"06cc94fc-d0df-4742-a836-9d9c3c683d1d\"],\"metric\":\"1aee363d-08e6-40a3-bc0c-1a62bc0178e0\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-f1fa275e-3030-4d8d-93e0-038c0ba2aee2\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts priority\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":100,\"w\":24,\"h\":9,\"i\":\"4122552f-ee4a-4659-8ac3-f32f5c569040\"},\"panelIndex\":\"4122552f-ee4a-4659-8ac3-f32f5c569040\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"d7e22e01-f122-4914-9497-50a6c5131ec1\":{\"columns\":{\"0d3f381e-296a-44ed-b225-d294a723e50e\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"091825e2-e58b-4fff-90ee-b40ee8f67bdb\":{\"label\":\"Top values of rule.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"0d3f381e-296a-44ed-b225-d294a723e50e\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"a1d905fd-e30d-48c0-b6b8-1524c5599846\":{\"label\":\"Top values of output_fields.k8s.pod.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"output_fields.k8s.pod.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"0d3f381e-296a-44ed-b225-d294a723e50e\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"091825e2-e58b-4fff-90ee-b40ee8f67bdb\",\"a1d905fd-e30d-48c0-b6b8-1524c5599846\",\"0d3f381e-296a-44ed-b225-d294a723e50e\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"0d3f381e-296a-44ed-b225-d294a723e50e\",\"alignment\":\"center\",\"hidden\":false},{\"columnId\":\"091825e2-e58b-4fff-90ee-b40ee8f67bdb\",\"isTransposed\":true},{\"columnId\":\"a1d905fd-e30d-48c0-b6b8-1524c5599846\",\"isTransposed\":false}],\"layerId\":\"d7e22e01-f122-4914-9497-50a6c5131ec1\"},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_falco and not objectRef.namespace: falco\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-d7e22e01-f122-4914-9497-50a6c5131ec1\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts by pods\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":100,\"w\":24,\"h\":9,\"i\":\"2f6bdfef-a904-4646-8396-7acf1c0c1e18\"},\"panelIndex\":\"2f6bdfef-a904-4646-8396-7acf1c0c1e18\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"9fa77b9a-7144-42fc-af7f-eb840de9af1d\":{\"columns\":{\"c3fdbe00-8b18-43fc-befb-259232bd760e\":{\"label\":\"Top values of objectRef.namespace.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.namespace.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"80445d9d-55cc-4e28-b821-3b5148d04bf3\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"80445d9d-55cc-4e28-b821-3b5148d04bf3\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"c3fdbe00-8b18-43fc-befb-259232bd760e\",\"80445d9d-55cc-4e28-b821-3b5148d04bf3\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"9fa77b9a-7144-42fc-af7f-eb840de9af1d\",\"groups\":[\"c3fdbe00-8b18-43fc-befb-259232bd760e\"],\"metric\":\"80445d9d-55cc-4e28-b821-3b5148d04bf3\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_falco and not objectRef.namespace: falco\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-9fa77b9a-7144-42fc-af7f-eb840de9af1d\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts by Namespaces\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":109,\"w\":48,\"h\":4,\"i\":\"65d3b016-7acd-4b7d-98c4-81be7dd52f6f\"},\"panelIndex\":\"65d3b016-7acd-4b7d-98c4-81be7dd52f6f\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Log Stream k8s audit\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":113,\"w\":48,\"h\":17,\"i\":\"ed79a50e-9a59-475a-8e0c-d41b0cb84acd\"},\"panelIndex\":\"ed79a50e-9a59-475a-8e0c-d41b0cb84acd\",\"embeddableConfig\":{\"enhancements\":{},\"columns\":[\"cloud_id\",\"cluster_id\",\"objectRef.namespace\",\"source.ip\",\"requestURI\",\"user.name\",\"objectRef.name\",\"verb\",\"responseObject.reason\"]},\"panelRefName\":\"panel_ed79a50e-9a59-475a-8e0c-d41b0cb84acd\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":130,\"w\":48,\"h\":4,\"i\":\"451d6aa9-4bfd-4990-8be4-eb9418118f68\"},\"panelIndex\":\"451d6aa9-4bfd-4990-8be4-eb9418118f68\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Log Stream Falco\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":134,\"w\":48,\"h\":14,\"i\":\"67217f20-9098-444f-abd6-89ef5f7086ba\"},\"panelIndex\":\"67217f20-9098-444f-abd6-89ef5f7086ba\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_67217f20-9098-444f-abd6-89ef5f7086ba\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":25,\"y\":148,\"w\":23,\"h\":9,\"i\":\"0492dbd1-815d-46f2-82b9-1917fddcd8a7\"},\"panelIndex\":\"0492dbd1-815d-46f2-82b9-1917fddcd8a7\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"889ef61e-c27c-49b4-97b5-0bcad36eb8c3\":{\"columns\":{\"6f154ebc-1387-4dd2-a440-5760b39ee994\":{\"label\":\"Top values of objectRef.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8d5794d3-a850-4779-b32f-3dc2edfa855a\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"93aed031-2523-40b2-a8ae-ec6fe6b06c8f\":{\"label\":\"Top values of user.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8d5794d3-a850-4779-b32f-3dc2edfa855a\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"8d5794d3-a850-4779-b32f-3dc2edfa855a\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"6f154ebc-1387-4dd2-a440-5760b39ee994\",\"93aed031-2523-40b2-a8ae-ec6fe6b06c8f\",\"8d5794d3-a850-4779-b32f-3dc2edfa855a\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"889ef61e-c27c-49b4-97b5-0bcad36eb8c3\",\"accessors\":[\"8d5794d3-a850-4779-b32f-3dc2edfa855a\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"xAccessor\":\"6f154ebc-1387-4dd2-a440-5760b39ee994\",\"splitAccessor\":\"93aed031-2523-40b2-a8ae-ec6fe6b06c8f\"}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\\\" admission webhook \\\\\\\\\\\\\\\"validate.kyverno.svc\\\\\\\\\\\\\\\" denied the request\\\" and not objectRef.namespace : falco and not user.name : system\\\\\\\\\\\\:serviceaccount\\\\\\\\\\\\:kube-system\\\\\\\\\\\\:daemon-set-controller\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-889ef61e-c27c-49b4-97b5-0bcad36eb8c3\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"kyverno-detections(only enforce)\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":25,\"y\":157,\"w\":12,\"h\":10,\"i\":\"c0743ff5-8470-469a-86cf-5d33d45deb34\"},\"panelIndex\":\"c0743ff5-8470-469a-86cf-5d33d45deb34\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"411026a7-eff6-47fa-9e93-bff4143c7544\":{\"columns\":{\"2858fd65-2d0f-4550-8c3c-52fdbc2209fe\":{\"label\":\"Top values of cluster_id.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cluster_id.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"b448e6ad-2ac4-459a-a76f-a505f6c9fbe3\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"b448e6ad-2ac4-459a-a76f-a505f6c9fbe3\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"2858fd65-2d0f-4550-8c3c-52fdbc2209fe\",\"b448e6ad-2ac4-459a-a76f-a505f6c9fbe3\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"411026a7-eff6-47fa-9e93-bff4143c7544\",\"groups\":[\"2858fd65-2d0f-4550-8c3c-52fdbc2209fe\"],\"metric\":\"b448e6ad-2ac4-459a-a76f-a505f6c9fbe3\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\\\" admission webhook \\\\\\\\\\\\\\\"validate.kyverno.svc\\\\\\\\\\\\\\\" denied the request\\\" and not objectRef.namespace : falco and not user.name : system\\\\\\\\\\\\:serviceaccount\\\\\\\\\\\\:kube-system\\\\\\\\\\\\:daemon-set-controller\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-411026a7-eff6-47fa-9e93-bff4143c7544\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"kyverno-detections by Cluster_id\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":157,\"w\":5,\"h\":10,\"i\":\"557d758a-f0b2-4d4f-aebd-a32f8cf70b9c\"},\"panelIndex\":\"557d758a-f0b2-4d4f-aebd-a32f8cf70b9c\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":1},{\"from\":1,\"to\":100000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":76}}},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Kyverno-Detections\"},\"schema\":\"metric\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\\\" admission webhook \\\\\\\\\\\\\\\"validate.kyverno.svc\\\\\\\\\\\\\\\" denied the request\\\" and not objectRef.namespace : falco and not user.name : system\\\\\\\\\\\\:serviceaccount\\\\\\\\\\\\:kube-system\\\\\\\\\\\\:daemon-set-controller\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":42,\"y\":157,\"w\":6,\"h\":10,\"i\":\"42a0de3a-e9c3-4f34-bf5a-82244b6cf497\"},\"panelIndex\":\"42a0de3a-e9c3-4f34-bf5a-82244b6cf497\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"goal\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"isDisplayWarning\":true,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":1}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"rgba(105,112,125,0.2)\",\"width\":2},\"type\":\"meter\",\"style\":{\"bgFill\":\"rgba(105,112,125,0.2)\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"uiState\":{\"vis\":{\"defaultColors\":{\"0 - 1\":\"rgb(0,104,55)\"}}},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Delete-Kyverno\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"verb.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"group\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.name.keyword: kyverno-resource-validating-webhook-cfg and verb : delete \",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":37,\"y\":167,\"w\":11,\"h\":8,\"i\":\"a79397e8-8420-4be0-903e-23c664992a25\"},\"panelIndex\":\"a79397e8-8420-4be0-903e-23c664992a25\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"07f20f17-d0d3-4d63-b030-7980f218c412\":{\"columns\":{\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"f7cf57b8-95d1-4801-ad75-10569cf4bca4\":{\"label\":\"Top values of objectRef.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"f7cf57b8-95d1-4801-ad75-10569cf4bca4\",\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"palette\":{\"type\":\"palette\",\"name\":\"negative\"},\"layers\":[{\"layerId\":\"07f20f17-d0d3-4d63-b030-7980f218c412\",\"groups\":[\"f7cf57b8-95d1-4801-ad75-10569cf4bca4\",\"f7cf57b8-95d1-4801-ad75-10569cf4bca4\"],\"metric\":\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\",\"numberDisplay\":\"value\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.apiGroup.keyword: kyverno.io and (verb : delete or update) and objectRef.resource.keyword: *policies\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-07f20f17-d0d3-4d63-b030-7980f218c412\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Kyverno-delete/update\"}]","timeRestore":false,"title":"k8s-dashboard-and-opa","version":1},"coreMigrationVersion":"7.13.4","id":"642ffd90-fcbc-11eb-b912-d99e9986f72b","migrationVersion":{"dashboard":"7.13.1"},"references":[{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"df4da863-2133-4560-82f3-5c126ac27f14:control_df4da863-2133-4560-82f3-5c126ac27f14_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"58adfaa4-02bd-4b64-89cc-395d6ee0f968:control_58adfaa4-02bd-4b64-89cc-395d6ee0f968_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"7bd8bc93-77ba-4de0-a3ff-46dfb58b9109:control_7bd8bc93-77ba-4de0-a3ff-46dfb58b9109_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ff5a5c53-c294-4c2b-ad00-3011d042dbcb:control_ff5a5c53-c294-4c2b-ad00-3011d042dbcb_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"5c09dead-7faf-4100-8f5a-7dec81dfcae3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"5c09dead-7faf-4100-8f5a-7dec81dfcae3:indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ba1c70dc-01c5-4fe3-8920-0dc8b0285e9f:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ba1c70dc-01c5-4fe3-8920-0dc8b0285e9f:indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"14c3ebb9-6592-4fb5-ab34-2a8ab1e0ab04:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"14c3ebb9-6592-4fb5-ab34-2a8ab1e0ab04:indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"8fbf0969-9a83-426c-b42a-0e8d2a8f10c2:layer_1_source_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c:indexpattern-datasource-layer-b770c4de-625b-4d6b-9cd2-caf7372d5d6a","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"398a8ba3-0ffc-40ee-90e1-c1547938d171:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"398a8ba3-0ffc-40ee-90e1-c1547938d171:indexpattern-datasource-layer-c76f346d-f6d6-4f9e-acb8-f5dde656e783","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb:indexpattern-datasource-layer-f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"1d2c60a9-c570-45b0-8f49-e577c74e9ce3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"1d2c60a9-c570-45b0-8f49-e577c74e9ce3:indexpattern-datasource-layer-8e37793f-a2a3-48b0-a4b5-dda752e958b9","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"4d0ab419-47d3-48bd-9e5e-93a563e20aee:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"4d0ab419-47d3-48bd-9e5e-93a563e20aee:indexpattern-datasource-layer-b5bee140-5f01-4de3-9395-d279acb203dc","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"9e45767a-451f-48a1-b421-17738c299cd9:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"7a0555be-d5f3-4aeb-9159-f48d7264d40c:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:indexpattern-datasource-layer-18ea127c-2267-4d24-9893-d3ef85942514","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-0","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-1","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-2","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-3","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-5","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-6","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-7","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-8","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-9","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-10","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-11","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-12","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-13","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-14","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-15","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-16","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-17","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-18","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-19","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-20","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-21","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-22","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-23","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"96fdb671-a668-4ffc-9ad1-792d69551764:layer_1_source_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"bb843cd6-969c-4aae-a37c-978d2fe0bbef:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"bb843cd6-969c-4aae-a37c-978d2fe0bbef:indexpattern-datasource-layer-d401535b-665e-442b-a312-9edd3c1ebcc0","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"e1d27ba4-c45c-431e-933b-0a174c71d48c:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"f9181782-c266-4c44-860e-dc37a48bf08f:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"f9181782-c266-4c44-860e-dc37a48bf08f:indexpattern-datasource-layer-6f2deb01-002f-4a18-bee7-7968ad39a8a7","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"2e60d3e4-f6f6-4666-9708-8af23008ed32:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"2e60d3e4-f6f6-4666-9708-8af23008ed32:indexpattern-datasource-layer-6f2deb01-002f-4a18-bee7-7968ad39a8a7","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ad54fa9e-40c4-4c74-85c2-543efeef1004:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ad54fa9e-40c4-4c74-85c2-543efeef1004:indexpattern-datasource-layer-07f20f17-d0d3-4d63-b030-7980f218c412","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"93384633-a71f-4441-8beb-cbb5cab7c514:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"52a3db41-876c-451f-9f9e-d36eba9c0e0b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"52a3db41-876c-451f-9f9e-d36eba9c0e0b:indexpattern-datasource-layer-b268ea32-45f2-49ca-acc2-0f3b7663868a","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"c6b6d024-0094-4079-934f-37468ec76121:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"c6b6d024-0094-4079-934f-37468ec76121:indexpattern-datasource-layer-097ddfd1-df10-4f0c-b6f6-567a5c0de7f3","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"bb303e9f-9d56-4352-8271-144e10090f10:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"bb303e9f-9d56-4352-8271-144e10090f10:indexpattern-datasource-layer-b5f5f904-241e-4808-929b-d6c61b0d845e","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"ee4203e6-a295-4720-9d5e-e20ee2a38a2b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"ee4203e6-a295-4720-9d5e-e20ee2a38a2b:indexpattern-datasource-layer-f1fa275e-3030-4d8d-93e0-038c0ba2aee2","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"4122552f-ee4a-4659-8ac3-f32f5c569040:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"4122552f-ee4a-4659-8ac3-f32f5c569040:indexpattern-datasource-layer-d7e22e01-f122-4914-9497-50a6c5131ec1","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"2f6bdfef-a904-4646-8396-7acf1c0c1e18:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"2f6bdfef-a904-4646-8396-7acf1c0c1e18:indexpattern-datasource-layer-9fa77b9a-7144-42fc-af7f-eb840de9af1d","type":"index-pattern"},{"id":"0a358990-fcd0-11eb-b912-d99e9986f72b","name":"ed79a50e-9a59-475a-8e0c-d41b0cb84acd:panel_ed79a50e-9a59-475a-8e0c-d41b0cb84acd","type":"search"},{"id":"ed3ba9e0-0040-11ec-aa1d-f5144cfe34d1","name":"67217f20-9098-444f-abd6-89ef5f7086ba:panel_67217f20-9098-444f-abd6-89ef5f7086ba","type":"search"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"0492dbd1-815d-46f2-82b9-1917fddcd8a7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"0492dbd1-815d-46f2-82b9-1917fddcd8a7:indexpattern-datasource-layer-889ef61e-c27c-49b4-97b5-0bcad36eb8c3","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"c0743ff5-8470-469a-86cf-5d33d45deb34:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"c0743ff5-8470-469a-86cf-5d33d45deb34:indexpattern-datasource-layer-411026a7-eff6-47fa-9e93-bff4143c7544","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"557d758a-f0b2-4d4f-aebd-a32f8cf70b9c:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"42a0de3a-e9c3-4f34-bf5a-82244b6cf497:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"a79397e8-8420-4be0-903e-23c664992a25:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"a79397e8-8420-4be0-903e-23c664992a25:indexpattern-datasource-layer-07f20f17-d0d3-4d63-b030-7980f218c412","type":"index-pattern"}],"type":"dashboard","updated_at":"2021-08-19T21:03:11.137Z","version":"WzI3MzE5LDFd"} {"exportedCount":1,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/backup/last_backup/k8s_audit_detections-back.ndjson ================================================ {"id":"1260bb20-fd12-11eb-b912-d99e9986f72b","updated_at":"2021-08-14T15:12:43.320Z","updated_by":"admin","created_at":"2021-08-14T15:12:43.320Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:assign-cluster-admin_or_admin","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:assign-cluster-admin_or_admin","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"5f6a2573-014e-4837-a4cb-d0eca9aa38a5","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and requestObject.roleRef.name.keyword:(cluster-admin or admin) and objectRef.resource.keyword: clusterrolebindings and verb : create and not responseObject.reason : AlreadyExists","filters":[],"saved_id":"Yandexcloud:k8s:assign-cluster-admin_or_admin","throttle":"no_actions","actions":[]} {"id":"c4e6b980-fd9d-11eb-b912-d99e9986f72b","updated_at":"2021-08-15T07:52:42.996Z","updated_by":"admin","created_at":"2021-08-15T07:52:42.996Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:kyverno-delete","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:kyverno-delete","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"b9d171b6-8bd6-4485-9289-80173c45b0fe","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and objectRef.name.keyword: kyverno-resource-validating-webhook-cfg and verb : delete ","filters":[],"saved_id":"Yandexcloud:k8s:delete-kyverno","throttle":"no_actions","actions":[]} {"id":"5a15c860-fd9a-11eb-b912-d99e9986f72b","updated_at":"2021-08-15T07:41:21.545Z","updated_by":"admin","created_at":"2021-08-15T07:28:15.018Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:kyverno-detect","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:kyverno-detect","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"fc7e6413-a246-4587-a1e3-bd9aeec423f6","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":2,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\" admission webhook \\\\\\\"validate.kyverno.svc\\\\\\\" denied the request\" and not objectRef.namespace : falco and not user.name : system\\\\\\:serviceaccount\\\\\\:kube-system\\\\\\:daemon-set-controller","filters":[],"saved_id":"Yandexcloud:k8s:kyverno-gatekeeper-detection","throttle":"no_actions","actions":[]} {"id":"04ef2f60-fd05-11eb-b912-d99e9986f72b","updated_at":"2021-08-14T13:39:17.348Z","updated_by":"admin","created_at":"2021-08-14T13:39:17.348Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:delete-OPA-Getakeeper","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:delete-OPA-Getakeeper","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"2fdb80ec-d83a-45d4-ba6b-0ebcad525897","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and objectRef.name.keyword: gatekeeper-validating-webhook-configuration and verb : delete","filters":[],"saved_id":"Yandexcloud:k8s:delete-opa-gatekeeper","throttle":"no_actions","actions":[]} {"id":"de258090-fd9b-11eb-b912-d99e9986f72b","updated_at":"2021-08-15T07:39:05.936Z","updated_by":"admin","created_at":"2021-08-15T07:39:05.936Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:kyverno-delete-policy","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:kyverno-delete-policy","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"fc40233a-8b80-4bb2-9e7c-cf2cc6659321","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and objectRef.apiGroup.keyword: kyverno.io and (verb : delete or update) and objectRef.resource.keyword: *policies","filters":[],"saved_id":"Yandexcloud:k8s:kyverno-delete-policy","throttle":"no_actions","actions":[]} {"id":"5e372040-fcc5-11eb-b912-d99e9986f72b","updated_at":"2021-08-14T06:09:19.434Z","updated_by":"admin","created_at":"2021-08-14T06:03:39.204Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:unauthorized-events","tags":[],"interval":"4m","enabled":true,"description":"DetectionRule:k8s:unauthorized-events","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-840s","rule_id":"a063432d-83e2-4850-aa90-bd7f566fcfb0","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":2,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and responseStatus.reason: Forbidden and not user.name : \"system:anonymous\"","filters":[],"saved_id":"Yandexcloud:k8s:unauthorized-events","throttle":"no_actions","actions":[]} {"id":"208e1cd0-fd1f-11eb-b912-d99e9986f72b","updated_at":"2021-08-14T16:46:10.703Z","updated_by":"admin","created_at":"2021-08-14T16:46:10.703Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:exec-to-container","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:exec-to-container","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"45961de8-b47e-45ea-bb92-4ac60276d015","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and objectRef.subresource.keyword: exec","filters":[],"saved_id":"Yandexcloud:k8s:exec-to-container","throttle":"no_actions","actions":[]} {"id":"d5fc2100-fcdb-11eb-b912-d99e9986f72b","updated_at":"2021-08-14T08:44:29.254Z","updated_by":"admin","created_at":"2021-08-14T08:44:29.254Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:OPA-Getakeeper-detect","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:OPA-Getakeeper-detect","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"6e259e12-bcb7-465e-b77c-d99edd184fad","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\" admission webhook \\\\\\\"validation.gatekeeper.sh\\\\\\\" denied the request\"","filters":[],"saved_id":"Yandexcloud:k8s:opa-gatekeeper-detection","throttle":"no_actions","actions":[]} {"id":"266e4a90-fd2d-11eb-b912-d99e9986f72b","updated_at":"2021-08-14T18:26:32.880Z","updated_by":"admin","created_at":"2021-08-14T18:26:32.880Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:OPA-Getakeeper-detect","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:OPA-Getakeeper-detect","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"7c905776-61a1-41ee-bee2-ffab2039fe93","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and objectRef.namespace.keyword: kube-system and verb : create and objectRef.resource.keyword: pods","filters":[],"saved_id":"Yandexcloud:k8s:create-pod-in-kube-system","throttle":"no_actions","actions":[]} {"id":"f0f7d350-fd26-11eb-b912-d99e9986f72b","updated_at":"2021-08-14T17:42:05.916Z","updated_by":"admin","created_at":"2021-08-14T17:42:05.916Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:image-not-from-yc-registry","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:image-not-from-yc-registry","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"28ec2635-a78a-4c8d-a579-4042e09939f2","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and not requestObject.status.containerStatuses.image.keyword: *cr.yandex/* and requestObject.status.containerStatuses.containerID : *docker* and verb : patch","filters":[],"saved_id":"Yandexcloud:k8s:image-not-from-yandex-registry","throttle":"no_actions","actions":[]} {"id":"d4bc2520-fd16-11eb-b912-d99e9986f72b","updated_at":"2021-08-14T15:46:47.366Z","updated_by":"admin","created_at":"2021-08-14T15:46:47.366Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:network-policys-actions","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:network-policys-actions","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"474d9912-60ef-4eb5-9421-9c9f59293a21","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and requestObject.kind.keyword: (NetworkPolicy or CiliumNetworkPolicy) and verb : (create or update or delete)","filters":[],"saved_id":"Yandexcloud:k8s:network-policy-actions","throttle":"no_actions","actions":[]} {"id":"52241cd0-fce9-11eb-b912-d99e9986f72b","updated_at":"2021-08-14T10:21:00.513Z","updated_by":"admin","created_at":"2021-08-14T10:21:00.513Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:OPA-Constraint-delete/update","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:OPA-Constraint-delete/update","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"e999cbf9-caa1-400d-8ad8-7e1e65418f13","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and objectRef.apiGroup.keyword: constraints.gatekeeper.sh and (verb : delete or update) and not user.name : \"system:serviceaccount:gatekeeper-system:gatekeeper-admin\"","filters":[],"saved_id":"Yandexcloud:k8s:OPA-delete-constraint","throttle":"no_actions","actions":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/backup/last_backup/k8s_dashboard.ndjson ================================================ {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":4,\"i\":\"ac6581bb-3b07-45af-b3d6-3c3e30b7fa0e\"},\"panelIndex\":\"ac6581bb-3b07-45af-b3d6-3c3e30b7fa0e\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Filters\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":12,\"h\":6,\"i\":\"df4da863-2133-4560-82f3-5c126ac27f14\"},\"panelIndex\":\"df4da863-2133-4560-82f3-5c126ac27f14\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1628927100713\",\"fieldName\":\"cluster_id.keyword\",\"parent\":\"\",\"label\":\"k8s-cluster_id\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_df4da863-2133-4560-82f3-5c126ac27f14_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Cluster filter\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":4,\"w\":12,\"h\":6,\"i\":\"58adfaa4-02bd-4b64-89cc-395d6ee0f968\"},\"panelIndex\":\"58adfaa4-02bd-4b64-89cc-395d6ee0f968\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1628927314788\",\"fieldName\":\"cloud_id.keyword\",\"parent\":\"\",\"label\":\"k8s-cloud_id\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_58adfaa4-02bd-4b64-89cc-395d6ee0f968_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Cloud filter\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":4,\"w\":12,\"h\":6,\"i\":\"7bd8bc93-77ba-4de0-a3ff-46dfb58b9109\"},\"panelIndex\":\"7bd8bc93-77ba-4de0-a3ff-46dfb58b9109\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1629308709541\",\"fieldName\":\"folder_id.keyword\",\"parent\":\"\",\"label\":\"k8s-folder_id\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_7bd8bc93-77ba-4de0-a3ff-46dfb58b9109_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Folder filter\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":4,\"w\":12,\"h\":6,\"i\":\"ff5a5c53-c294-4c2b-ad00-3011d042dbcb\"},\"panelIndex\":\"ff5a5c53-c294-4c2b-ad00-3011d042dbcb\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1629308369258\",\"fieldName\":\"objectRef.namespace.keyword\",\"parent\":\"\",\"label\":\"k8s-namespace\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_ff5a5c53-c294-4c2b-ad00-3011d042dbcb_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Namespace filter\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":10,\"w\":12,\"h\":4,\"i\":\"5c09dead-7faf-4100-8f5a-7dec81dfcae3\"},\"panelIndex\":\"5c09dead-7faf-4100-8f5a-7dec81dfcae3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\":{\"columns\":{\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\":{\"label\":\"Top values of cluster_url.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cluster_url.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"76b4703c-15ec-48d9-a55f-4f8b9ad61473\":{\"label\":\"Top values of cluster_id.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cluster_id.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"95107cd5-d71c-446d-be12-9ebe860cca6c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"76b4703c-15ec-48d9-a55f-4f8b9ad61473\",\"95107cd5-d71c-446d-be12-9ebe860cca6c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\",\"groups\":[\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"76b4703c-15ec-48d9-a55f-4f8b9ad61473\"],\"metric\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"hide\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"e2434170-8807-4c59-823d-345d4f235e8d\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Go to URL\",\"config\":{\"url\":{\"template\":\"{{event.value}}\"},\"openInNewTab\":true,\"encodeUrl\":true}}}]}},\"hidePanelTitles\":false},\"title\":\"Click on Cluster - go to YC concole\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":10,\"w\":12,\"h\":4,\"i\":\"ba1c70dc-01c5-4fe3-8920-0dc8b0285e9f\"},\"panelIndex\":\"ba1c70dc-01c5-4fe3-8920-0dc8b0285e9f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\":{\"columns\":{\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\":{\"label\":\"Top values of cloud.service.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cloud.service.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"95107cd5-d71c-446d-be12-9ebe860cca6c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"95107cd5-d71c-446d-be12-9ebe860cca6c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\",\"groups\":[\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\"],\"metric\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"hide\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"e2434170-8807-4c59-823d-345d4f235e8d\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Go to URL\",\"config\":{\"url\":{\"template\":\"https://console.cloud.yandex.ru/\"},\"openInNewTab\":true,\"encodeUrl\":true}}}]}},\"hidePanelTitles\":false},\"title\":\"Click on Cloud - go to YC concole\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":10,\"w\":12,\"h\":4,\"i\":\"14c3ebb9-6592-4fb5-ab34-2a8ab1e0ab04\"},\"panelIndex\":\"14c3ebb9-6592-4fb5-ab34-2a8ab1e0ab04\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\":{\"columns\":{\"57147c6c-713f-4793-865a-1d671e3f141c\":{\"label\":\"Top values of folder_id.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"folder_id.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"95107cd5-d71c-446d-be12-9ebe860cca6c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"57147c6c-713f-4793-865a-1d671e3f141c\",\"95107cd5-d71c-446d-be12-9ebe860cca6c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\",\"groups\":[\"57147c6c-713f-4793-865a-1d671e3f141c\"],\"metric\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"hide\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"e2434170-8807-4c59-823d-345d4f235e8d\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Go to URL\",\"config\":{\"url\":{\"template\":\"https://console.cloud.yandex.ru/folders/{{event.value}}\"},\"openInNewTab\":true,\"encodeUrl\":true}}}]}},\"hidePanelTitles\":false},\"title\":\"Click on Folder - go to YC concole\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":14,\"w\":48,\"h\":4,\"i\":\"7a112312-c097-4205-9f74-38913eae2169\"},\"panelIndex\":\"7a112312-c097-4205-9f74-38913eae2169\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":true,\"markdown\":\"Main k8s audit Events\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":15,\"i\":\"8fbf0969-9a83-426c-b42a-0e8d2a8f10c2\"},\"panelIndex\":\"8fbf0969-9a83-426c-b42a-0e8d2a8f10c2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":false,\\\"id\\\":\\\"road_map\\\"},\\\"id\\\":\\\"99115329-feb3-42c6-b426-dff8bd1e1b3a\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"type\\\":\\\"VECTOR_TILE\\\",\\\"areLabelsOnTop\\\":false},{\\\"sourceDescriptor\\\":{\\\"indexPatternId\\\":\\\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\\\",\\\"geoField\\\":\\\"geoip.location\\\",\\\"filterByMapBounds\\\":true,\\\"scalingType\\\":\\\"CLUSTERS\\\",\\\"id\\\":\\\"5728ef62-6dc0-4b27-b048-7ffda088d201\\\",\\\"type\\\":\\\"ES_SEARCH\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"tooltipProperties\\\":[],\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"topHitsSplitField\\\":\\\"\\\",\\\"topHitsSize\\\":1},\\\"id\\\":\\\"04fbaa00-b4ba-40db-b46e-8a6dd6d12d04\\\",\\\"label\\\":\\\"success-connect-from-ip\\\",\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.91,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"VECTOR\\\",\\\"properties\\\":{\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"fillColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"}},\\\"lineColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#41937c\\\"}},\\\"lineWidth\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":1}},\\\"iconSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":6}},\\\"iconOrientation\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"orientation\\\":0}},\\\"labelText\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"\\\"}},\\\"labelColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"}},\\\"labelSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":14}},\\\"labelBorderColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"}},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}}},\\\"isTimeAware\\\":true},\\\"type\\\":\\\"BLENDED_VECTOR\\\",\\\"joins\\\":[],\\\"query\\\":{\\\"query\\\":\\\"not responseStatus.status : Failure\\\",\\\"language\\\":\\\"kuery\\\"}}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.41,\\\"center\\\":{\\\"lon\\\":78.63166,\\\"lat\\\":57.21062},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15d\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"event.dataset : yandexcloud.k8s_audit_logs and source.ip : * and not responseStatus.status : Failure\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"mapCenter\":{\"lat\":57.21062,\"lon\":78.63166,\"zoom\":1.41},\"mapBuffer\":{\"minLon\":-240.4689,\"minLat\":-9.879624999999994,\"maxLon\":397.73222,\"maxLat\":104.90343499999999},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Connect from ip\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":10,\"i\":\"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c\"},\"panelIndex\":\"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b770c4de-625b-4d6b-9cd2-caf7372d5d6a\":{\"columns\":{\"e0074aab-0bf9-478b-94c1-f607c5dbf1be\":{\"label\":\"Top values of event.dataset.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.dataset.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"8a74805c-8582-46c0-8d53-920a919f9b59\":{\"label\":\"stageTimestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"stageTimestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"e0074aab-0bf9-478b-94c1-f607c5dbf1be\",\"8a74805c-8582-46c0-8d53-920a919f9b59\",\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"top\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b770c4de-625b-4d6b-9cd2-caf7372d5d6a\",\"accessors\":[\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"8a74805c-8582-46c0-8d53-920a919f9b59\",\"palette\":{\"type\":\"palette\",\"name\":\"temperature\"},\"splitAccessor\":\"e0074aab-0bf9-478b-94c1-f607c5dbf1be\"}]},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-b770c4de-625b-4d6b-9cd2-caf7372d5d6a\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Events-by-time\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":28,\"w\":12,\"h\":14,\"i\":\"398a8ba3-0ffc-40ee-90e1-c1547938d171\"},\"panelIndex\":\"398a8ba3-0ffc-40ee-90e1-c1547938d171\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"c76f346d-f6d6-4f9e-acb8-f5dde656e783\":{\"columns\":{\"b659aca0-0f1f-4408-8cea-1eea232bfe93\":{\"label\":\"Top values of objectRef.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"b659aca0-0f1f-4408-8cea-1eea232bfe93\",\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"c76f346d-f6d6-4f9e-acb8-f5dde656e783\",\"groups\":[\"b659aca0-0f1f-4408-8cea-1eea232bfe93\"],\"metric\":\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.namespace.keyword: kube-system and verb : create and objectRef.resource.keyword: pods and objectRef.name : * and not objectRef.name : (*calico* or *dns* or *npd* or *proxy* or *metrics* or *csi* or *masq* or *hubble*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-c76f346d-f6d6-4f9e-acb8-f5dde656e783\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Create pod in kube-system\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":14,\"i\":\"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb\"},\"panelIndex\":\"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5\":{\"columns\":{\"71c8af00-7864-4ca6-a20d-0e43a80da354\":{\"label\":\"Top values of requestObject.status.containerStatuses.image.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"requestObject.status.containerStatuses.image.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"71c8af00-7864-4ca6-a20d-0e43a80da354\",\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5\",\"groups\":[\"71c8af00-7864-4ca6-a20d-0e43a80da354\"],\"metric\":\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and not requestObject.status.containerStatuses.image.keyword: *cr.yandex/* and requestObject.status.containerStatuses.containerID : *docker* and verb : patch and not requestObject.status.containerStatuses.image.keyword: (*falco* or *openpolicyagent* or *kyverno* or *k8s.gcr.io*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Images not from YC CR\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":33,\"w\":13,\"h\":9,\"i\":\"1d2c60a9-c570-45b0-8f49-e577c74e9ce3\"},\"panelIndex\":\"1d2c60a9-c570-45b0-8f49-e577c74e9ce3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"8e37793f-a2a3-48b0-a4b5-dda752e958b9\":{\"columns\":{\"239f6c81-2f8e-43e6-94ce-e92b61c1a91a\":{\"label\":\"Current Cluster Admins\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"239f6c81-2f8e-43e6-94ce-e92b61c1a91a\",\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"239f6c81-2f8e-43e6-94ce-e92b61c1a91a\"},{\"isTransposed\":false,\"columnId\":\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\",\"hidden\":true}],\"layerId\":\"8e37793f-a2a3-48b0-a4b5-dda752e958b9\"},\"query\":{\"query\":\"user.groups.keyword: *admin*\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-8e37793f-a2a3-48b0-a4b5-dda752e958b9\"}]},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":13,\"y\":33,\"w\":11,\"h\":9,\"i\":\"4d0ab419-47d3-48bd-9e5e-93a563e20aee\"},\"panelIndex\":\"4d0ab419-47d3-48bd-9e5e-93a563e20aee\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b5bee140-5f01-4de3-9395-d279acb203dc\":{\"columns\":{\"48e660f4-62fa-4dfa-a1b4-670c9af71d59\":{\"label\":\"Top values of objectRef.resource.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.resource.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"4eda6d99-05c3-4ab8-a294-4632c9442157\":{\"label\":\"Top values of requestObject.subjects.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"requestObject.subjects.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"48e660f4-62fa-4dfa-a1b4-670c9af71d59\",\"4eda6d99-05c3-4ab8-a294-4632c9442157\",\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b5bee140-5f01-4de3-9395-d279acb203dc\",\"accessors\":[\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"48e660f4-62fa-4dfa-a1b4-670c9af71d59\",\"splitAccessor\":\"4eda6d99-05c3-4ab8-a294-4632c9442157\"}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and requestObject.roleRef.name.keyword:(cluster-admin or admin) and objectRef.resource.keyword: (clusterrolebindings or rolebindings) and verb : create and not responseObject.reason : AlreadyExists\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-b5bee140-5f01-4de3-9395-d279acb203dc\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Assign Cluster-admin/admin\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":42,\"w\":17,\"h\":8,\"i\":\"9e45767a-451f-48a1-b421-17738c299cd9\"},\"panelIndex\":\"9e45767a-451f-48a1-b421-17738c299cd9\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"row\":false},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"NetworkPolicy:create/delete/update\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"cluster_id.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"split\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"verb.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and requestObject.kind.keyword: (NetworkPolicy or CiliumNetworkPolicy or DeleteOptions) and verb : (create or update or delete) and objectRef.resource : networkpolicies\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"NetworkPolicy:create/delete/update\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":17,\"y\":42,\"w\":17,\"h\":8,\"i\":\"7a0555be-d5f3-4aeb-9159-f48d7264d40c\"},\"panelIndex\":\"7a0555be-d5f3-4aeb-9159-f48d7264d40c\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"row\":false},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Exec to container\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"cluster_id.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Cluster_id\"},\"schema\":\"split\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"objectRef.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.subresource.keyword: exec\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Exec to container\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":34,\"y\":42,\"w\":14,\"h\":8,\"i\":\"b6d054cd-bca1-49a6-affb-7b115b76af5a\"},\"panelIndex\":\"b6d054cd-bca1-49a6-affb-7b115b76af5a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"18ea127c-2267-4d24-9893-d3ef85942514\":{\"columns\":{\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\":{\"label\":\"Unique count of user.name.keyword\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":false},\"c94a437d-970d-4c55-89a7-499d47032bc8\":{\"label\":\"ServiceAccounts\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":15,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true}},\"columnOrder\":[\"c94a437d-970d-4c55-89a7-499d47032bc8\",\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"18ea127c-2267-4d24-9893-d3ef85942514\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\",\"hidden\":true},{\"columnId\":\"c94a437d-970d-4c55-89a7-499d47032bc8\",\"isTransposed\":false,\"alignment\":\"left\"}]},\"query\":{\"query\":\"user.name : *serviceaccount*\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:certificate-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:certificate-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:coredns\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-1\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:coredns\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:cronjob-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-2\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:cronjob-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:generic-garbage-collector\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-3\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:generic-garbage-collector\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:job-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-4\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:job-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:endpointslice-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-5\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:endpointslice-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:endpoint-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-6\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:endpoint-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:calico-node\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-7\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:calico-node\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:kube-proxy\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-8\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:kube-proxy\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":null,\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"objectRef.namespace\",\"params\":{\"query\":\"kube-system\"},\"indexRefName\":\"filter-index-pattern-9\"},\"query\":{\"match_phrase\":{\"objectRef.namespace\":\"kube-system\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:kube-dns-autoscaler\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-10\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:kube-dns-autoscaler\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:daemon-set-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-11\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:daemon-set-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:metrics-server\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-12\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:metrics-server\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:pod-garbage-collector\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-13\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:pod-garbage-collector\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:node-problem-detector\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-14\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:node-problem-detector\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:typha-cpha\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-15\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:typha-cpha\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:service-account-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-16\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:service-account-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:resourcequota-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-17\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:resourcequota-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:replicaset-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-18\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:replicaset-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:namespace-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-19\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:namespace-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:typha-cpva\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-20\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:typha-cpva\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:gatekeeper-system:gatekeeper-admin\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-21\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:gatekeeper-system:gatekeeper-admin\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:cilium-operator\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-22\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:cilium-operator\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:cilium\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-23\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:cilium\"}},\"$state\":{\"store\":\"appState\"}}]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-18ea127c-2267-4d24-9893-d3ef85942514\"},{\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-1\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-2\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-3\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-4\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-5\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-6\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-7\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-8\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-9\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-10\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-11\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-12\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-13\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-14\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-15\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-16\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-17\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-18\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-19\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-20\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-21\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-22\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-23\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"}]},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":50,\"w\":34,\"h\":9,\"i\":\"96fdb671-a668-4ffc-9ad1-792d69551764\"},\"panelIndex\":\"96fdb671-a668-4ffc-9ad1-792d69551764\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"id\\\":\\\"dark_map\\\",\\\"isAutoSelect\\\":false},\\\"id\\\":\\\"1a56b9d3-c903-4286-8d75-48b62bf38532\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"type\\\":\\\"VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"indexPatternId\\\":\\\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\\\",\\\"geoField\\\":\\\"geoip.location\\\",\\\"requestType\\\":\\\"heatmap\\\",\\\"id\\\":\\\"65583363-2a0b-40ce-bf98-40ff54ad224e\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"resolution\\\":\\\"FINE\\\"},\\\"id\\\":\\\"519e1390-4055-4be7-a5bc-537bb78eea07\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.58,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"HEATMAP\\\",\\\"colorRampName\\\":\\\"theclassic\\\"},\\\"type\\\":\\\"HEATMAP\\\"}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.45,\\\"center\\\":{\\\"lon\\\":54.04753,\\\"lat\\\":56.32976},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15d\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"event.dataset : yandexcloud.k8s_audit_logs and responseStatus.reason : Forbidden and not user.name : (system*node* or *gatekeeper* or *kyverno* or *proxy* or *scheduler* or *anonymous* or *csi* or *controller*)\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"mapCenter\":{\"lat\":56.32976,\"lon\":54.04753,\"zoom\":1.45},\"mapBuffer\":{\"minLon\":-387.06547,\"minLat\":17.579015,\"maxLon\":495.16053000000005,\"maxLat\":87.505755},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":34,\"y\":50,\"w\":14,\"h\":9,\"i\":\"bb843cd6-969c-4aae-a37c-978d2fe0bbef\"},\"panelIndex\":\"bb843cd6-969c-4aae-a37c-978d2fe0bbef\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"d401535b-665e-442b-a312-9edd3c1ebcc0\":{\"columns\":{\"61acda83-5d64-453e-9ca1-16b129cc2b42\":{\"label\":\"Top values of user.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"56667c46-e4e6-4a18-9613-12d027ca7a16\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"ece5248d-0578-44e8-b245-bc2de86f37f4\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"56667c46-e4e6-4a18-9613-12d027ca7a16\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"61acda83-5d64-453e-9ca1-16b129cc2b42\",\"ece5248d-0578-44e8-b245-bc2de86f37f4\",\"56667c46-e4e6-4a18-9613-12d027ca7a16\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"palette\":{\"type\":\"palette\",\"name\":\"gray\"},\"layerId\":\"d401535b-665e-442b-a312-9edd3c1ebcc0\",\"seriesType\":\"bar_stacked\",\"xAccessor\":\"ece5248d-0578-44e8-b245-bc2de86f37f4\",\"splitAccessor\":\"61acda83-5d64-453e-9ca1-16b129cc2b42\",\"accessors\":[\"56667c46-e4e6-4a18-9613-12d027ca7a16\"]}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseStatus.reason : Forbidden and not user.name : (system*node* or *gatekeeper* or *kyverno* or *proxy* or *scheduler* or *anonymous* or *csi* or *controller*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-d401535b-665e-442b-a312-9edd3c1ebcc0\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Unauthorized events\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":39,\"y\":91,\"w\":9,\"h\":9,\"i\":\"93384633-a71f-4441-8beb-cbb5cab7c514\"},\"panelIndex\":\"93384633-a71f-4441-8beb-cbb5cab7c514\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"goal\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"isDisplayWarning\":true,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":1}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"rgba(105,112,125,0.2)\",\"width\":2},\"type\":\"meter\",\"style\":{\"bgFill\":\"rgba(105,112,125,0.2)\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"uiState\":{\"vis\":{\"defaultColors\":{\"0 - 1\":\"rgb(0,104,55)\"}}},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Delete-OPA-Gatekeeper \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"verb.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"group\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.name.keyword: gatekeeper-validating-webhook-configuration and verb : delete\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":59,\"w\":48,\"h\":4,\"i\":\"a64da002-402b-4924-857f-80adf4045df5\"},\"panelIndex\":\"a64da002-402b-4924-857f-80adf4045df5\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Falco\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":63,\"w\":24,\"h\":15,\"i\":\"bb303e9f-9d56-4352-8271-144e10090f10\"},\"panelIndex\":\"bb303e9f-9d56-4352-8271-144e10090f10\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b5f5f904-241e-4808-929b-d6c61b0d845e\":{\"columns\":{\"0b9303c6-773b-467e-b335-c7a13beed79b\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"c2e6d82b-b390-48c0-b1ff-afbdcbe9fa2d\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"3f101617-85f4-4a62-b192-27622ceca47f\":{\"label\":\"Top values of rule.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c2e6d82b-b390-48c0-b1ff-afbdcbe9fa2d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"3f101617-85f4-4a62-b192-27622ceca47f\",\"0b9303c6-773b-467e-b335-c7a13beed79b\",\"c2e6d82b-b390-48c0-b1ff-afbdcbe9fa2d\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"title\":\"Empty XY chart\",\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b5f5f904-241e-4808-929b-d6c61b0d845e\",\"accessors\":[\"c2e6d82b-b390-48c0-b1ff-afbdcbe9fa2d\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"0b9303c6-773b-467e-b335-c7a13beed79b\",\"splitAccessor\":\"3f101617-85f4-4a62-b192-27622ceca47f\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-b5f5f904-241e-4808-929b-d6c61b0d845e\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":63,\"w\":24,\"h\":15,\"i\":\"ee4203e6-a295-4720-9d5e-e20ee2a38a2b\"},\"panelIndex\":\"ee4203e6-a295-4720-9d5e-e20ee2a38a2b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"f1fa275e-3030-4d8d-93e0-038c0ba2aee2\":{\"columns\":{\"06cc94fc-d0df-4742-a836-9d9c3c683d1d\":{\"label\":\"Top values of priority.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"priority.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1aee363d-08e6-40a3-bc0c-1a62bc0178e0\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"1aee363d-08e6-40a3-bc0c-1a62bc0178e0\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"06cc94fc-d0df-4742-a836-9d9c3c683d1d\",\"1aee363d-08e6-40a3-bc0c-1a62bc0178e0\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"f1fa275e-3030-4d8d-93e0-038c0ba2aee2\",\"groups\":[\"06cc94fc-d0df-4742-a836-9d9c3c683d1d\"],\"metric\":\"1aee363d-08e6-40a3-bc0c-1a62bc0178e0\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-f1fa275e-3030-4d8d-93e0-038c0ba2aee2\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts priority\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":78,\"w\":24,\"h\":9,\"i\":\"4122552f-ee4a-4659-8ac3-f32f5c569040\"},\"panelIndex\":\"4122552f-ee4a-4659-8ac3-f32f5c569040\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"d7e22e01-f122-4914-9497-50a6c5131ec1\":{\"columns\":{\"0d3f381e-296a-44ed-b225-d294a723e50e\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"091825e2-e58b-4fff-90ee-b40ee8f67bdb\":{\"label\":\"Top values of rule.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"0d3f381e-296a-44ed-b225-d294a723e50e\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"a1d905fd-e30d-48c0-b6b8-1524c5599846\":{\"label\":\"Top values of output_fields.k8s.pod.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"output_fields.k8s.pod.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"0d3f381e-296a-44ed-b225-d294a723e50e\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"091825e2-e58b-4fff-90ee-b40ee8f67bdb\",\"a1d905fd-e30d-48c0-b6b8-1524c5599846\",\"0d3f381e-296a-44ed-b225-d294a723e50e\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"0d3f381e-296a-44ed-b225-d294a723e50e\",\"alignment\":\"center\",\"hidden\":false},{\"columnId\":\"091825e2-e58b-4fff-90ee-b40ee8f67bdb\",\"isTransposed\":true},{\"columnId\":\"a1d905fd-e30d-48c0-b6b8-1524c5599846\",\"isTransposed\":false}],\"layerId\":\"d7e22e01-f122-4914-9497-50a6c5131ec1\"},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_falco and not objectRef.namespace: falco\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-d7e22e01-f122-4914-9497-50a6c5131ec1\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts by pods\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":78,\"w\":24,\"h\":9,\"i\":\"2f6bdfef-a904-4646-8396-7acf1c0c1e18\"},\"panelIndex\":\"2f6bdfef-a904-4646-8396-7acf1c0c1e18\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"9fa77b9a-7144-42fc-af7f-eb840de9af1d\":{\"columns\":{\"c3fdbe00-8b18-43fc-befb-259232bd760e\":{\"label\":\"Top values of objectRef.namespace.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.namespace.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"80445d9d-55cc-4e28-b821-3b5148d04bf3\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"80445d9d-55cc-4e28-b821-3b5148d04bf3\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"c3fdbe00-8b18-43fc-befb-259232bd760e\",\"80445d9d-55cc-4e28-b821-3b5148d04bf3\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"9fa77b9a-7144-42fc-af7f-eb840de9af1d\",\"groups\":[\"c3fdbe00-8b18-43fc-befb-259232bd760e\"],\"metric\":\"80445d9d-55cc-4e28-b821-3b5148d04bf3\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_falco and not objectRef.namespace: falco\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-9fa77b9a-7144-42fc-af7f-eb840de9af1d\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts by Namespaces\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":87,\"w\":48,\"h\":4,\"i\":\"5abb0208-9bcf-42f2-8376-ee20d8047f2a\"},\"panelIndex\":\"5abb0208-9bcf-42f2-8376-ee20d8047f2a\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Policy Engine\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":91,\"w\":5,\"h\":9,\"i\":\"e1d27ba4-c45c-431e-933b-0a174c71d48c\"},\"panelIndex\":\"e1d27ba4-c45c-431e-933b-0a174c71d48c\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":1},{\"from\":1,\"to\":100000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":76}}},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"OPA-Gatekeeper-Detections\"},\"schema\":\"metric\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\\\" admission webhook \\\\\\\\\\\\\\\"validation.gatekeeper.sh\\\\\\\\\\\\\\\" denied the request\\\" and not objectRef.namespace : falco and not user.name : system\\\\\\\\\\\\:serviceaccount\\\\\\\\\\\\:kube-system\\\\\\\\\\\\:daemon-set-controller\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":5,\"y\":91,\"w\":9,\"h\":9,\"i\":\"f9181782-c266-4c44-860e-dc37a48bf08f\"},\"panelIndex\":\"f9181782-c266-4c44-860e-dc37a48bf08f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"6f2deb01-002f-4a18-bee7-7968ad39a8a7\":{\"columns\":{\"443941ae-37bd-4230-a7c2-3eec6b193f37\":{\"label\":\"Top values of user.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1708471f-d516-4b55-a792-7263d51215ba\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"1708471f-d516-4b55-a792-7263d51215ba\":{\"label\":\"OPA-Gatekeeper detection\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"443941ae-37bd-4230-a7c2-3eec6b193f37\",\"1708471f-d516-4b55-a792-7263d51215ba\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"6f2deb01-002f-4a18-bee7-7968ad39a8a7\",\"groups\":[\"443941ae-37bd-4230-a7c2-3eec6b193f37\"],\"metric\":\"1708471f-d516-4b55-a792-7263d51215ba\",\"numberDisplay\":\"value\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\\\" admission webhook \\\\\\\\\\\\\\\"validation.gatekeeper.sh\\\\\\\\\\\\\\\" denied the request\\\" and not objectRef.namespace : falco and not user.name : system\\\\\\\\\\\\:serviceaccount\\\\\\\\\\\\:kube-system\\\\\\\\\\\\:daemon-set-controller\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-6f2deb01-002f-4a18-bee7-7968ad39a8a7\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"opa-by-user(yc iam user get --id )\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":91,\"w\":10,\"h\":9,\"i\":\"2e60d3e4-f6f6-4666-9708-8af23008ed32\"},\"panelIndex\":\"2e60d3e4-f6f6-4666-9708-8af23008ed32\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"6f2deb01-002f-4a18-bee7-7968ad39a8a7\":{\"columns\":{\"33d5d2ad-315b-4fc7-8950-8b2aba74870d\":{\"label\":\"Top values of objectRef.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dd5a06c0-b486-4e3f-bdc0-d39cad693a1d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"dd5a06c0-b486-4e3f-bdc0-d39cad693a1d\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"33d5d2ad-315b-4fc7-8950-8b2aba74870d\",\"dd5a06c0-b486-4e3f-bdc0-d39cad693a1d\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"6f2deb01-002f-4a18-bee7-7968ad39a8a7\",\"groups\":[\"33d5d2ad-315b-4fc7-8950-8b2aba74870d\"],\"metric\":\"dd5a06c0-b486-4e3f-bdc0-d39cad693a1d\",\"numberDisplay\":\"value\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\\\" admission webhook \\\\\\\\\\\\\\\"validation.gatekeeper.sh\\\\\\\\\\\\\\\" denied the request\\\" and not objectRef.namespace : falco and not user.name : system\\\\\\\\\\\\:serviceaccount\\\\\\\\\\\\:kube-system\\\\\\\\\\\\:daemon-set-controller\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-6f2deb01-002f-4a18-bee7-7968ad39a8a7\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"opa-by-objects\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":91,\"w\":15,\"h\":9,\"i\":\"ad54fa9e-40c4-4c74-85c2-543efeef1004\"},\"panelIndex\":\"ad54fa9e-40c4-4c74-85c2-543efeef1004\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"07f20f17-d0d3-4d63-b030-7980f218c412\":{\"columns\":{\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"a22a71c8-b6c2-4025-a490-fb1bebc6c1ee\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"3h\"}},\"fa0a3f8e-d61b-4c02-b25d-e4b7fa9692b2\":{\"label\":\"Top values of objectRef.resource.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.resource.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"fa0a3f8e-d61b-4c02-b25d-e4b7fa9692b2\",\"a22a71c8-b6c2-4025-a490-fb1bebc6c1ee\",\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"07f20f17-d0d3-4d63-b030-7980f218c412\",\"seriesType\":\"bar_stacked\",\"xAccessor\":\"a22a71c8-b6c2-4025-a490-fb1bebc6c1ee\",\"splitAccessor\":\"fa0a3f8e-d61b-4c02-b25d-e4b7fa9692b2\",\"accessors\":[\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"]}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.apiGroup.keyword: constraints.gatekeeper.sh and (verb : delete or update) and not user.name : \\\"system:serviceaccount:gatekeeper-system:gatekeeper-admin\\\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-07f20f17-d0d3-4d63-b030-7980f218c412\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"OPA-constraint-delete/update\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":100,\"w\":24,\"h\":9,\"i\":\"52a3db41-876c-451f-9f9e-d36eba9c0e0b\"},\"panelIndex\":\"52a3db41-876c-451f-9f9e-d36eba9c0e0b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b268ea32-45f2-49ca-acc2-0f3b7663868a\":{\"columns\":{\"f55c68b6-5d53-4a2e-b042-8a8cf206dc02\":{\"label\":\"Top values of responseStatus.reason.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"responseStatus.reason.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c9e5ace9-d76e-4864-a4f6-0ba014cbaa50\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"f0ffb8b7-7d70-4a94-a059-52312f25611d\":{\"label\":\"requestReceivedTimestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"requestReceivedTimestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"1h\"}},\"c9e5ace9-d76e-4864-a4f6-0ba014cbaa50\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"f55c68b6-5d53-4a2e-b042-8a8cf206dc02\",\"f0ffb8b7-7d70-4a94-a059-52312f25611d\",\"c9e5ace9-d76e-4864-a4f6-0ba014cbaa50\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b268ea32-45f2-49ca-acc2-0f3b7663868a\",\"accessors\":[\"c9e5ace9-d76e-4864-a4f6-0ba014cbaa50\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"f0ffb8b7-7d70-4a94-a059-52312f25611d\",\"splitAccessor\":\"f55c68b6-5d53-4a2e-b042-8a8cf206dc02\"}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\\\" admission webhook \\\\\\\\\\\\\\\"validation.gatekeeper.sh\\\\\\\\\\\\\\\" denied the request\\\" and not objectRef.namespace : falco and not user.name : system\\\\\\\\\\\\:serviceaccount\\\\\\\\\\\\:kube-system\\\\\\\\\\\\:daemon-set-controller\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-b268ea32-45f2-49ca-acc2-0f3b7663868a\"}]},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"OPA detections\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":100,\"w\":24,\"h\":9,\"i\":\"c6b6d024-0094-4079-934f-37468ec76121\"},\"panelIndex\":\"c6b6d024-0094-4079-934f-37468ec76121\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"097ddfd1-df10-4f0c-b6f6-567a5c0de7f3\":{\"columns\":{\"eb7cdf1a-0219-41d8-9e2c-793f94c76d2e\":{\"label\":\"Constraint\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"responseStatus.reason.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"ccf0f200-e0e4-4085-bc47-f07b383d5bed\":{\"label\":\"User_id\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"01d7da50-fd9c-4044-8956-ecca57ba6241\":{\"label\":\"IP address\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.ip\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"a14d5ec1-9213-4ea8-9f6e-4d71237b5a60\":{\"label\":\"Namespace\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.namespace.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"4de4eb95-f0d5-4691-841c-bff0aee30ecb\":{\"label\":\"Cluster_id\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cluster_id.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"1dddd46e-3924-48c4-995a-32206cea8932\":{\"label\":\"Url \",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cluster_url.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"eb7cdf1a-0219-41d8-9e2c-793f94c76d2e\",\"ccf0f200-e0e4-4085-bc47-f07b383d5bed\",\"01d7da50-fd9c-4044-8956-ecca57ba6241\",\"a14d5ec1-9213-4ea8-9f6e-4d71237b5a60\",\"4de4eb95-f0d5-4691-841c-bff0aee30ecb\",\"1dddd46e-3924-48c4-995a-32206cea8932\",\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"eb7cdf1a-0219-41d8-9e2c-793f94c76d2e\",\"width\":183},{\"isTransposed\":false,\"columnId\":\"ccf0f200-e0e4-4085-bc47-f07b383d5bed\",\"width\":233.66666666666669},{\"isTransposed\":false,\"columnId\":\"01d7da50-fd9c-4044-8956-ecca57ba6241\"},{\"isTransposed\":false,\"columnId\":\"a14d5ec1-9213-4ea8-9f6e-4d71237b5a60\"},{\"isTransposed\":false,\"columnId\":\"4de4eb95-f0d5-4691-841c-bff0aee30ecb\"},{\"isTransposed\":false,\"columnId\":\"1dddd46e-3924-48c4-995a-32206cea8932\"},{\"isTransposed\":false,\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\",\"hidden\":true}],\"layerId\":\"097ddfd1-df10-4f0c-b6f6-567a5c0de7f3\"},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\\\" admission webhook \\\\\\\\\\\\\\\"validation.gatekeeper.sh\\\\\\\\\\\\\\\" denied the request\\\" and not objectRef.namespace : falco and not user.name : system\\\\\\\\\\\\:serviceaccount\\\\\\\\\\\\:kube-system\\\\\\\\\\\\:daemon-set-controller\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-097ddfd1-df10-4f0c-b6f6-567a5c0de7f3\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"ca676417-5a6b-4866-ac55-1c1106303bab\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Go to URL\",\"config\":{\"url\":{\"template\":\"{{event.value}}\"},\"openInNewTab\":true,\"encodeUrl\":true}}}]}}}},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":109,\"w\":48,\"h\":4,\"i\":\"65d3b016-7acd-4b7d-98c4-81be7dd52f6f\"},\"panelIndex\":\"65d3b016-7acd-4b7d-98c4-81be7dd52f6f\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Log Stream k8s audit\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":113,\"w\":48,\"h\":17,\"i\":\"ed79a50e-9a59-475a-8e0c-d41b0cb84acd\"},\"panelIndex\":\"ed79a50e-9a59-475a-8e0c-d41b0cb84acd\",\"embeddableConfig\":{\"enhancements\":{},\"columns\":[\"cloud_id\",\"cluster_id\",\"objectRef.namespace\",\"source.ip\",\"requestURI\",\"user.name\",\"objectRef.name\",\"verb\",\"responseObject.reason\"]},\"panelRefName\":\"panel_ed79a50e-9a59-475a-8e0c-d41b0cb84acd\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":130,\"w\":48,\"h\":4,\"i\":\"451d6aa9-4bfd-4990-8be4-eb9418118f68\"},\"panelIndex\":\"451d6aa9-4bfd-4990-8be4-eb9418118f68\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Log Stream Falco\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":134,\"w\":48,\"h\":14,\"i\":\"67217f20-9098-444f-abd6-89ef5f7086ba\"},\"panelIndex\":\"67217f20-9098-444f-abd6-89ef5f7086ba\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_67217f20-9098-444f-abd6-89ef5f7086ba\"}]","timeRestore":false,"title":"k8s-dashboard-main","version":1},"coreMigrationVersion":"7.13.4","id":"72675e40-0193-11ec-aa1d-f5144cfe34d1","migrationVersion":{"dashboard":"7.13.1"},"references":[{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"df4da863-2133-4560-82f3-5c126ac27f14:control_df4da863-2133-4560-82f3-5c126ac27f14_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"58adfaa4-02bd-4b64-89cc-395d6ee0f968:control_58adfaa4-02bd-4b64-89cc-395d6ee0f968_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"7bd8bc93-77ba-4de0-a3ff-46dfb58b9109:control_7bd8bc93-77ba-4de0-a3ff-46dfb58b9109_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ff5a5c53-c294-4c2b-ad00-3011d042dbcb:control_ff5a5c53-c294-4c2b-ad00-3011d042dbcb_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"5c09dead-7faf-4100-8f5a-7dec81dfcae3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"5c09dead-7faf-4100-8f5a-7dec81dfcae3:indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ba1c70dc-01c5-4fe3-8920-0dc8b0285e9f:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ba1c70dc-01c5-4fe3-8920-0dc8b0285e9f:indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"14c3ebb9-6592-4fb5-ab34-2a8ab1e0ab04:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"14c3ebb9-6592-4fb5-ab34-2a8ab1e0ab04:indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"8fbf0969-9a83-426c-b42a-0e8d2a8f10c2:layer_1_source_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c:indexpattern-datasource-layer-b770c4de-625b-4d6b-9cd2-caf7372d5d6a","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"398a8ba3-0ffc-40ee-90e1-c1547938d171:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"398a8ba3-0ffc-40ee-90e1-c1547938d171:indexpattern-datasource-layer-c76f346d-f6d6-4f9e-acb8-f5dde656e783","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb:indexpattern-datasource-layer-f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"1d2c60a9-c570-45b0-8f49-e577c74e9ce3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"1d2c60a9-c570-45b0-8f49-e577c74e9ce3:indexpattern-datasource-layer-8e37793f-a2a3-48b0-a4b5-dda752e958b9","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"4d0ab419-47d3-48bd-9e5e-93a563e20aee:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"4d0ab419-47d3-48bd-9e5e-93a563e20aee:indexpattern-datasource-layer-b5bee140-5f01-4de3-9395-d279acb203dc","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"9e45767a-451f-48a1-b421-17738c299cd9:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"7a0555be-d5f3-4aeb-9159-f48d7264d40c:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:indexpattern-datasource-layer-18ea127c-2267-4d24-9893-d3ef85942514","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-0","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-1","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-2","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-3","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-5","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-6","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-7","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-8","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-9","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-10","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-11","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-12","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-13","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-14","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-15","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-16","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-17","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-18","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-19","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-20","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-21","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-22","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-23","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"96fdb671-a668-4ffc-9ad1-792d69551764:layer_1_source_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"bb843cd6-969c-4aae-a37c-978d2fe0bbef:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"bb843cd6-969c-4aae-a37c-978d2fe0bbef:indexpattern-datasource-layer-d401535b-665e-442b-a312-9edd3c1ebcc0","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"93384633-a71f-4441-8beb-cbb5cab7c514:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"bb303e9f-9d56-4352-8271-144e10090f10:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"bb303e9f-9d56-4352-8271-144e10090f10:indexpattern-datasource-layer-b5f5f904-241e-4808-929b-d6c61b0d845e","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"ee4203e6-a295-4720-9d5e-e20ee2a38a2b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"ee4203e6-a295-4720-9d5e-e20ee2a38a2b:indexpattern-datasource-layer-f1fa275e-3030-4d8d-93e0-038c0ba2aee2","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"4122552f-ee4a-4659-8ac3-f32f5c569040:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"4122552f-ee4a-4659-8ac3-f32f5c569040:indexpattern-datasource-layer-d7e22e01-f122-4914-9497-50a6c5131ec1","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"2f6bdfef-a904-4646-8396-7acf1c0c1e18:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"2f6bdfef-a904-4646-8396-7acf1c0c1e18:indexpattern-datasource-layer-9fa77b9a-7144-42fc-af7f-eb840de9af1d","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"e1d27ba4-c45c-431e-933b-0a174c71d48c:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"f9181782-c266-4c44-860e-dc37a48bf08f:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"f9181782-c266-4c44-860e-dc37a48bf08f:indexpattern-datasource-layer-6f2deb01-002f-4a18-bee7-7968ad39a8a7","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"2e60d3e4-f6f6-4666-9708-8af23008ed32:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"2e60d3e4-f6f6-4666-9708-8af23008ed32:indexpattern-datasource-layer-6f2deb01-002f-4a18-bee7-7968ad39a8a7","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ad54fa9e-40c4-4c74-85c2-543efeef1004:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ad54fa9e-40c4-4c74-85c2-543efeef1004:indexpattern-datasource-layer-07f20f17-d0d3-4d63-b030-7980f218c412","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"52a3db41-876c-451f-9f9e-d36eba9c0e0b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"52a3db41-876c-451f-9f9e-d36eba9c0e0b:indexpattern-datasource-layer-b268ea32-45f2-49ca-acc2-0f3b7663868a","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"c6b6d024-0094-4079-934f-37468ec76121:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"c6b6d024-0094-4079-934f-37468ec76121:indexpattern-datasource-layer-097ddfd1-df10-4f0c-b6f6-567a5c0de7f3","type":"index-pattern"},{"id":"0a358990-fcd0-11eb-b912-d99e9986f72b","name":"ed79a50e-9a59-475a-8e0c-d41b0cb84acd:panel_ed79a50e-9a59-475a-8e0c-d41b0cb84acd","type":"search"},{"id":"ed3ba9e0-0040-11ec-aa1d-f5144cfe34d1","name":"67217f20-9098-444f-abd6-89ef5f7086ba:panel_67217f20-9098-444f-abd6-89ef5f7086ba","type":"search"}],"type":"dashboard","updated_at":"2021-08-20T08:58:38.390Z","version":"WzM0NjM1LDFd"} {"exportedCount":1,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/backup/last_backup/trails_dashboard-backup.ndjson ================================================ {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":11,\"i\":\"30b0e422-b285-4bcf-a6c6-98e94c7d7dbf\"},\"panelIndex\":\"30b0e422-b285-4bcf-a6c6-98e94c7d7dbf\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"attributes\":{\"title\":\"Общее кол-во событий AuditTrails\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"52c30ca7-88c5-4c3c-807b-378e4f70d9c6\":{\"columnOrder\":[\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\",\"048c50b3-4587-465a-b0ef-11cb5f1c2b5a\"],\"columns\":{\"048c50b3-4587-465a-b0ef-11cb5f1c2b5a\":{\"sourceField\":\"Records\",\"isBucketed\":false,\"dataType\":\"number\",\"scale\":\"ratio\",\"operationType\":\"count\",\"label\":\"Count of records\"},\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\":{\"sourceField\":\"event.module.keyword\",\"isBucketed\":true,\"dataType\":\"string\",\"scale\":\"ordinal\",\"operationType\":\"terms\",\"label\":\"Общее кол-во событий AuditTrails\",\"customLabel\":true,\"params\":{\"otherBucket\":true,\"size\":10,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"048c50b3-4587-465a-b0ef-11cb5f1c2b5a\",\"type\":\"column\"},\"orderDirection\":\"desc\"}}},\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":1,\"layerId\":\"52c30ca7-88c5-4c3c-807b-378e4f70d9c6\",\"metric\":\"048c50b3-4587-465a-b0ef-11cb5f1c2b5a\",\"numberDisplay\":\"value\",\"groups\":[\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\",\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\",\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\",\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\",\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\"],\"categoryDisplay\":\"default\"}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-52c30ca7-88c5-4c3c-807b-378e4f70d9c6\"}]}},\"title\":\"Общее кол-во событий AuditTrails\"},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":15,\"i\":\"3602f5ce-c0b6-4379-a84c-8b3fe3c84281\"},\"panelIndex\":\"3602f5ce-c0b6-4379-a84c-8b3fe3c84281\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"attributes\":{\"title\":\"Общее кол-во типов событий\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"ff37d407-c462-4db1-bf99-c9929764c729\":{\"columnOrder\":[\"117a1903-a862-44ae-a4c2-5c8ba7769948\",\"f467a316-b43c-419a-9204-f3ce8a69d751\"],\"columns\":{\"117a1903-a862-44ae-a4c2-5c8ba7769948\":{\"sourceField\":\"event.action.keyword\",\"isBucketed\":true,\"dataType\":\"string\",\"scale\":\"ordinal\",\"operationType\":\"terms\",\"label\":\"Top values of event.action.keyword\",\"params\":{\"otherBucket\":true,\"size\":16,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"f467a316-b43c-419a-9204-f3ce8a69d751\",\"type\":\"column\"},\"orderDirection\":\"desc\"}},\"f467a316-b43c-419a-9204-f3ce8a69d751\":{\"sourceField\":\"Records\",\"isBucketed\":false,\"dataType\":\"number\",\"scale\":\"ratio\",\"operationType\":\"count\",\"label\":\"Count of records\"}},\"incompleteColumns\":{}}}}},\"visualization\":{\"valueLabels\":\"hide\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yRight\":true,\"yLeft\":true},\"preferredSeriesType\":\"bar_horizontal\",\"legend\":{\"showSingleSeries\":false,\"isVisible\":false,\"position\":\"right\"},\"fittingFunction\":\"None\",\"layers\":[{\"xAccessor\":\"117a1903-a862-44ae-a4c2-5c8ba7769948\",\"layerId\":\"ff37d407-c462-4db1-bf99-c9929764c729\",\"accessors\":[\"f467a316-b43c-419a-9204-f3ce8a69d751\"],\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"position\":\"top\",\"yConfig\":[{\"axisMode\":\"auto\",\"forAccessor\":\"f467a316-b43c-419a-9204-f3ce8a69d751\"}]}],\"gridlinesVisibilitySettings\":{\"x\":true,\"yRight\":true,\"yLeft\":true},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yRight\":true,\"yLeft\":true}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-ff37d407-c462-4db1-bf99-c9929764c729\"}]}},\"title\":\"Общее кол-во типов событий\"},{\"version\":\"7.13.2\",\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":11,\"w\":24,\"h\":12,\"i\":\"76a70662-4b3c-43e6-b468-b36a4950dae4\"},\"panelIndex\":\"76a70662-4b3c-43e6-b468-b36a4950dae4\",\"embeddableConfig\":{\"attributes\":{\"title\":\"connections_api\",\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true},\\\"id\\\":\\\"3c5972f1-ae9a-4ea4-8fae-cddfb12931d2\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"type\\\":\\\"VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"indexPatternId\\\":\\\"33978670-e543-11eb-b941-f7bd9d79b315\\\",\\\"geoField\\\":\\\"geoip.location\\\",\\\"filterByMapBounds\\\":true,\\\"scalingType\\\":\\\"CLUSTERS\\\",\\\"id\\\":\\\"2569b478-cf5a-44ea-b60c-2d2da359d975\\\",\\\"type\\\":\\\"ES_SEARCH\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"tooltipProperties\\\":[],\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"topHitsSplitField\\\":\\\"\\\",\\\"topHitsSize\\\":1},\\\"id\\\":\\\"4b88fcd8-fa6d-4136-8ab3-90e4c8f1e84c\\\",\\\"label\\\":\\\"map\\\",\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"VECTOR\\\",\\\"properties\\\":{\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"fillColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"}},\\\"lineColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#d3ebe4\\\"}},\\\"lineWidth\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":11}},\\\"iconSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":15}},\\\"iconOrientation\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"orientation\\\":0}},\\\"labelText\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"\\\"}},\\\"labelColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"}},\\\"labelSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":14}},\\\"labelBorderColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"}},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"icon\\\"}},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}}},\\\"isTimeAware\\\":true},\\\"type\\\":\\\"BLENDED_VECTOR\\\",\\\"joins\\\":[]}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.63,\\\"center\\\":{\\\"lon\\\":0,\\\"lat\\\":19.94277},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-4M\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\",\"references\":[]},\"mapCenter\":{\"lat\":31.7041,\"lon\":-28.12525,\"zoom\":1.63},\"mapBuffer\":{\"minLon\":-249.16300999999999,\"minLat\":-29.228735,\"maxLon\":192.91251,\"maxLat\":84.306965},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":15,\"w\":6,\"h\":6,\"i\":\"fc22f082-7346-438c-8957-7e6173117b30\"},\"panelIndex\":\"fc22f082-7346-438c-8957-7e6173117b30\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"aafee82f-6862-4848-8cbe-6bd4b92de589\":{\"columns\":{\"ddcee702-c96c-4481-b00c-6e3783e370f2\":{\"label\":\"Роль: vpc.publicAdmin\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"ddcee702-c96c-4481-b00c-6e3783e370f2\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"aafee82f-6862-4848-8cbe-6bd4b92de589\",\"accessor\":\"ddcee702-c96c-4481-b00c-6e3783e370f2\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: vpc.publicAdmin\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-aafee82f-6862-4848-8cbe-6bd4b92de589\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":30,\"y\":15,\"w\":6,\"h\":6,\"i\":\"fd1e70f6-f85b-4bf9-ba64-6df3aae2d5a6\"},\"panelIndex\":\"fd1e70f6-f85b-4bf9-ba64-6df3aae2d5a6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"389d4809-63c0-49f8-b9c8-aa1adbeb0a2c\":{\"columns\":{\"706238d4-9b6d-454e-bd68-210f3f620e39\":{\"label\":\"Роль: KMS \",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"706238d4-9b6d-454e-bd68-210f3f620e39\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"389d4809-63c0-49f8-b9c8-aa1adbeb0a2c\",\"accessor\":\"706238d4-9b6d-454e-bd68-210f3f620e39\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit. kms. *SymmetricKeyAccessBindings\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-389d4809-63c0-49f8-b9c8-aa1adbeb0a2c\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":15,\"w\":6,\"h\":6,\"i\":\"5b9a238b-fdf6-4d44-b577-edc53434aa23\"},\"panelIndex\":\"5b9a238b-fdf6-4d44-b577-edc53434aa23\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"e3bbd319-a964-4a87-84a8-cda2eaca6235\":{\"columns\":{\"3a949804-f3c2-4207-b78e-7a80187e77bd\":{\"label\":\"ServiceAccount Keys\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"3a949804-f3c2-4207-b78e-7a80187e77bd\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"e3bbd319-a964-4a87-84a8-cda2eaca6235\",\"accessor\":\"3a949804-f3c2-4207-b78e-7a80187e77bd\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.iam.CreateAccessKey or yandex.cloud.audit.iam.CreateKey or andex.cloud.audit.iam.CreateApiKey)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-e3bbd319-a964-4a87-84a8-cda2eaca6235\"}]},\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":42,\"y\":15,\"w\":6,\"h\":6,\"i\":\"3ec0c171-b423-418b-a4e3-11fef52b9a2b\"},\"panelIndex\":\"3ec0c171-b423-418b-a4e3-11fef52b9a2b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"9d19caac-1d0f-485f-b7db-6d9203c62192\":{\"columns\":{\"a05d4d5d-4622-416e-9fd8-138401ddee23\":{\"label\":\"Роль: Admin (folder/cloud)\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"a05d4d5d-4622-416e-9fd8-138401ddee23\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"9d19caac-1d0f-485f-b7db-6d9203c62192\",\"accessor\":\"a05d4d5d-4622-416e-9fd8-138401ddee23\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: admin\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-9d19caac-1d0f-485f-b7db-6d9203c62192\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":21,\"w\":13,\"h\":7,\"i\":\"adf946af-25e9-45ea-b048-e72243908a4a\"},\"panelIndex\":\"adf946af-25e9-45ea-b048-e72243908a4a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"1f8c8696-1fd1-4865-9e86-c91fa77a52f3\":{\"columns\":{\"da104346-7e67-4a04-9207-1c16e0aed304\":{\"label\":\" \",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e54273fa-b06a-45ef-803c-927e3246a529\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"8121435e-8cbb-4bbc-a505-801a30482bbb\":{\"label\":\"Top values of error.message.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"error.message.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e54273fa-b06a-45ef-803c-927e3246a529\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"e54273fa-b06a-45ef-803c-927e3246a529\":{\"label\":\"IAM: Permission denied\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true,\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}}}},\"columnOrder\":[\"da104346-7e67-4a04-9207-1c16e0aed304\",\"8121435e-8cbb-4bbc-a505-801a30482bbb\",\"e54273fa-b06a-45ef-803c-927e3246a529\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":true},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"1f8c8696-1fd1-4865-9e86-c91fa77a52f3\",\"accessors\":[\"e54273fa-b06a-45ef-803c-927e3246a529\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"xAccessor\":\"da104346-7e67-4a04-9207-1c16e0aed304\",\"splitAccessor\":\"8121435e-8cbb-4bbc-a505-801a30482bbb\",\"yConfig\":[{\"forAccessor\":\"e54273fa-b06a-45ef-803c-927e3246a529\",\"axisMode\":\"auto\"}]}]},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and error.message: Permission denied\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-1f8c8696-1fd1-4865-9e86-c91fa77a52f3\"}]},\"enhancements\":{},\"hidePanelTitles\":true}},{\"version\":\"7.13.2\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":21,\"w\":11,\"h\":7,\"i\":\"96f69a41-93fd-4f07-b627-179105449376\"},\"panelIndex\":\"96f69a41-93fd-4f07-b627-179105449376\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"gauge\",\"params\":{\"type\":\"gauge\",\"addTooltip\":true,\"addLegend\":false,\"isDisplayWarning\":false,\"gauge\":{\"alignment\":\"automatic\",\"extendRange\":true,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Yellow to Red\",\"gaugeColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":50},{\"from\":50,\"to\":75},{\"from\":75,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":true,\"labels\":false,\"color\":\"rgba(105,112,125,0.2)\"},\"type\":\"meter\",\"style\":{\"bgWidth\":0.9,\"width\":0.9,\"mask\":false,\"bgMask\":false,\"maskBars\":50,\"bgFill\":\"rgba(105,112,125,0.2)\",\"bgColor\":true,\"subText\":\"\",\"fontSize\":60},\"outline\":false}},\"uiState\":{\"vis\":{\"defaultColors\":{\"0 - 50\":\"rgb(255,255,204)\",\"50 - 75\":\"rgb(253,135,60)\",\"75 - 100\":\"rgb(128,0,38)\"}}},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]},\"savedSearchId\":\"90405c70-e8af-11eb-a019-4ff3eff5953f\"}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Permission denied\"},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":23,\"w\":5,\"h\":6,\"i\":\"f53c19e7-7c18-425d-abd1-5eec9bce336c\"},\"panelIndex\":\"f53c19e7-7c18-425d-abd1-5eec9bce336c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"0fa0ed75-9f58-4433-95f1-58e6f01c2d70\":{\"columns\":{\"b3003016-821e-4958-854b-3f812e39e171\":{\"label\":\"Сеть: Public IP назначен на ВМ\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"b3003016-821e-4958-854b-3f812e39e171\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"0fa0ed75-9f58-4433-95f1-58e6f01c2d70\",\"accessor\":\"b3003016-821e-4958-854b-3f812e39e171\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.AddInstanceOneToOneNat\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-0fa0ed75-9f58-4433-95f1-58e6f01c2d70\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":5,\"y\":23,\"w\":5,\"h\":6,\"i\":\"ebc03174-1f1b-498e-9ae5-a910b0651059\"},\"panelIndex\":\"ebc03174-1f1b-498e-9ae5-a910b0651059\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"4b725bc2-fff0-46bf-a746-62c867dfbaf2\":{\"columns\":{\"d2941f94-13a3-4d83-8c6b-ace075c84501\":{\"label\":\"Сеть: SG с 0.0.0.0/0\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"d2941f94-13a3-4d83-8c6b-ace075c84501\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"4b725bc2-fff0-46bf-a746-62c867dfbaf2\",\"accessor\":\"d2941f94-13a3-4d83-8c6b-ace075c84501\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and (event.action: yandex.cloud.audit.network.CreateSecurityGroup or yandex.cloud.audit.network.UpdateSecurityGroup) and details.rules.direction: INGRESS and details.rules.cidr_blocks.v4_cidr_blocks: *0.0.0.0*\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-4b725bc2-fff0-46bf-a746-62c867dfbaf2\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":10,\"y\":23,\"w\":5,\"h\":6,\"i\":\"71ac527a-aeaa-40aa-8b60-d1111087904f\"},\"panelIndex\":\"71ac527a-aeaa-40aa-8b60-d1111087904f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"8be86246-216d-45db-926b-de99062b206c\":{\"columns\":{\"c28c6d2c-5567-406d-a91e-2eac3d2ea6b6\":{\"label\":\"Сеть: Instance с 2 interface\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"c28c6d2c-5567-406d-a91e-2eac3d2ea6b6\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"8be86246-216d-45db-926b-de99062b206c\",\"accessor\":\"c28c6d2c-5567-406d-a91e-2eac3d2ea6b6\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateInstance and details.network_interfaces.index: 1\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-8be86246-216d-45db-926b-de99062b206c\"}]},\"enhancements\":{},\"hidePanelTitles\":true}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":15,\"y\":23,\"w\":5,\"h\":6,\"i\":\"c630e4e9-a72d-49b5-9ecb-9b91aaf07de3\"},\"panelIndex\":\"c630e4e9-a72d-49b5-9ecb-9b91aaf07de3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"d8198233-262f-4f26-ae2d-4b6194eb3dff\":{\"columns\":{\"9266a32e-cbed-4efb-9cf6-91a12b516fcb\":{\"label\":\"Сеть: Security Group\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"9266a32e-cbed-4efb-9cf6-91a12b516fcb\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"d8198233-262f-4f26-ae2d-4b6194eb3dff\",\"accessor\":\"9266a32e-cbed-4efb-9cf6-91a12b516fcb\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.*SecurityGroup \",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-d8198233-262f-4f26-ae2d-4b6194eb3dff\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":20,\"y\":23,\"w\":4,\"h\":6,\"i\":\"488493d9-cae4-461f-be4d-6884ab178f69\"},\"panelIndex\":\"488493d9-cae4-461f-be4d-6884ab178f69\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"ae9f3c75-8001-40b9-bcdf-ce81aaad98a4\":{\"columns\":{\"d6807b7a-caef-439a-8c1e-0d7f56d1fe8c\":{\"label\":\"Сеть: Public IP без antiDDOS\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"d6807b7a-caef-439a-8c1e-0d7f56d1fe8c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"ae9f3c75-8001-40b9-bcdf-ce81aaad98a4\",\"accessor\":\"d6807b7a-caef-439a-8c1e-0d7f56d1fe8c\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.CreateAddress and not details.external_ipv4_address.requirements.ddos_protection_provider: qrator\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-ae9f3c75-8001-40b9-bcdf-ce81aaad98a4\"}]},\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":28,\"w\":4,\"h\":7,\"i\":\"06c0287f-06e2-47d9-a1b6-fbd9791ff6a3\"},\"panelIndex\":\"06c0287f-06e2-47d9-a1b6-fbd9791ff6a3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"4be1d7a3-eb3e-451d-b34a-d68fd2a3e5e8\":{\"columns\":{\"bbe3b863-df88-422a-af6d-9b3a3956b5e1\":{\"label\":\"S3: ACL/Policy\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"bbe3b863-df88-422a-af6d-9b3a3956b5e1\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"4be1d7a3-eb3e-451d-b34a-d68fd2a3e5e8\",\"accessor\":\"bbe3b863-df88-422a-af6d-9b3a3956b5e1\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.storage.BucketAclUpdate or yandex.cloud.audit.storage.BucketPolicyUpdate)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-4be1d7a3-eb3e-451d-b34a-d68fd2a3e5e8\"}]},\"enhancements\":{},\"hidePanelTitles\":true}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":28,\"y\":28,\"w\":4,\"h\":7,\"i\":\"422935b7-1ebe-4b88-9f79-597f23579a11\"},\"panelIndex\":\"422935b7-1ebe-4b88-9f79-597f23579a11\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"83d7ff90-8bb3-40df-8e48-5ba560f5d24f\":{\"columns\":{\"8c3c4e3d-70cb-4e2f-b95c-a574639e9a4f\":{\"label\":\"Instance: создано Images \",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"8c3c4e3d-70cb-4e2f-b95c-a574639e9a4f\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"83d7ff90-8bb3-40df-8e48-5ba560f5d24f\",\"accessor\":\"8c3c4e3d-70cb-4e2f-b95c-a574639e9a4f\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateImage and cloud.image.source_uri: *\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-83d7ff90-8bb3-40df-8e48-5ba560f5d24f\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":28,\"w\":4,\"h\":7,\"i\":\"38133b0e-2694-455d-b943-688f801f5d56\"},\"panelIndex\":\"38133b0e-2694-455d-b943-688f801f5d56\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"6ba55144-17a1-4adf-bbd4-2131cb3f3019\":{\"columns\":{\"36aefc1c-b4bc-4a1e-9082-d0efe888ef21\":{\"label\":\"Instance: с Marketplace образом\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"36aefc1c-b4bc-4a1e-9082-d0efe888ef21\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"6ba55144-17a1-4adf-bbd4-2131cb3f3019\",\"accessor\":\"36aefc1c-b4bc-4a1e-9082-d0efe888ef21\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and details.product_ids: *\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-6ba55144-17a1-4adf-bbd4-2131cb3f3019\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":28,\"w\":4,\"h\":7,\"i\":\"f7f910c4-cdde-4d47-a5e0-2a09068287da\"},\"panelIndex\":\"f7f910c4-cdde-4d47-a5e0-2a09068287da\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"d1b94c2f-f419-4256-8fcf-5708d493a452\":{\"columns\":{\"c08f2387-053c-4cb3-9015-e8f0084521fe\":{\"label\":\"Instance: Serialport enable\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"c08f2387-053c-4cb3-9015-e8f0084521fe\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"d1b94c2f-f419-4256-8fcf-5708d493a452\",\"accessor\":\"c08f2387-053c-4cb3-9015-e8f0084521fe\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.outcome : success and event.action: yandex.cloud.audit.compute.CreateInstance and details.metadata_serial_port_enable: 1\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-d1b94c2f-f419-4256-8fcf-5708d493a452\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":40,\"y\":28,\"w\":4,\"h\":7,\"i\":\"26af1ab3-b833-4825-869a-6afb48cc5567\"},\"panelIndex\":\"26af1ab3-b833-4825-869a-6afb48cc5567\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"6f12b13b-9599-4207-b109-82e8f767e5fb\":{\"columns\":{\"6123044e-93be-4065-abc2-d9938a2288f5\":{\"label\":\"Роль: cloud.owner действия\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"6123044e-93be-4065-abc2-d9938a2288f5\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"6f12b13b-9599-4207-b109-82e8f767e5fb\",\"accessor\":\"6123044e-93be-4065-abc2-d9938a2288f5\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and user.name : mirtov8@yandex-team.ru \",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-6f12b13b-9599-4207-b109-82e8f767e5fb\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":44,\"y\":28,\"w\":4,\"h\":7,\"i\":\"1cfb9518-f016-4404-9fbd-ded93c48bf0d\"},\"panelIndex\":\"1cfb9518-f016-4404-9fbd-ded93c48bf0d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"7f8f6796-1b53-402f-bf38-205eacae3221\":{\"columns\":{\"ab948924-46d4-443f-819c-8bcdcca80586\":{\"label\":\"Instance: Без SG \",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"ab948924-46d4-443f-819c-8bcdcca80586\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"7f8f6796-1b53-402f-bf38-205eacae3221\",\"accessor\":\"ab948924-46d4-443f-819c-8bcdcca80586\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.outcome : success and event.action: yandex.cloud.audit.compute.CreateInstance and not details.network_interfaces.security_group_ids: *\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-7f8f6796-1b53-402f-bf38-205eacae3221\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":29,\"w\":24,\"h\":6,\"i\":\"d1763e8d-e2cc-4bc6-8984-a9fd87226fc2\"},\"panelIndex\":\"d1763e8d-e2cc-4bc6-8984-a9fd87226fc2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"ae148bdd-e6e4-4fec-9582-d7a1b4d7a8ef\":{\"columns\":{\"870d2709-a2a2-44bd-b77f-43bda4bbb229\":{\"label\":\"Top values of user_agent.original.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user_agent.original.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1efef975-ba6d-4a6d-a987-1367ccf799fa\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"bceb4d39-1283-4037-af49-2fea6907275f\":{\"label\":\"Top values of user.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1efef975-ba6d-4a6d-a987-1367ccf799fa\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"fe3fa5eb-ab9d-40b9-8b50-43d5dce8d26b\":{\"label\":\"event_time\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"event_time\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"1efef975-ba6d-4a6d-a987-1367ccf799fa\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"8e348bc7-dc23-459f-8362-81520a1f5c12\":{\"label\":\"Top values of source.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.ip\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1efef975-ba6d-4a6d-a987-1367ccf799fa\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"870d2709-a2a2-44bd-b77f-43bda4bbb229\",\"bceb4d39-1283-4037-af49-2fea6907275f\",\"8e348bc7-dc23-459f-8362-81520a1f5c12\",\"fe3fa5eb-ab9d-40b9-8b50-43d5dce8d26b\",\"1efef975-ba6d-4a6d-a987-1367ccf799fa\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"ae148bdd-e6e4-4fec-9582-d7a1b4d7a8ef\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"870d2709-a2a2-44bd-b77f-43bda4bbb229\"},{\"isTransposed\":false,\"columnId\":\"bceb4d39-1283-4037-af49-2fea6907275f\",\"width\":151.4},{\"isTransposed\":false,\"columnId\":\"8e348bc7-dc23-459f-8362-81520a1f5c12\",\"width\":188.39999999999998},{\"isTransposed\":false,\"columnId\":\"fe3fa5eb-ab9d-40b9-8b50-43d5dce8d26b\",\"width\":136.4},{\"isTransposed\":false,\"columnId\":\"1efef975-ba6d-4a6d-a987-1367ccf799fa\",\"width\":87.4}]},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and (user_agent.original.keyword: *YC/* or user_agent.original.keyword: *Terraform*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-ae148bdd-e6e4-4fec-9582-d7a1b4d7a8ef\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Подключения с YC/Terraform\"},{\"version\":\"7.13.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":12,\"i\":\"8a3af145-9063-48a5-9bcb-277036573bee\"},\"panelIndex\":\"8a3af145-9063-48a5-9bcb-277036573bee\",\"embeddableConfig\":{\"columns\":[\"cloud.cloud.name\",\"cloud.folder.name\",\"event.module\",\"event.action\",\"user.name\",\"user.type\",\"user.authorization\",\"source.ip\",\"user_agent.original\",\"details.access_binding_deltas.access_binding.role_id\",\"details.rules.cidr_blocks.v4_cidr_blocks\",\"details.access_binding_deltas.access_binding.subject_name\"],\"enhancements\":{}},\"panelRefName\":\"panel_8a3af145-9063-48a5-9bcb-277036573bee\"}]","timeRestore":false,"title":"AuditTrails Dashboard Copy","version":1},"coreMigrationVersion":"7.13.2","id":"cff15580-e8b0-11eb-a019-4ff3eff5953f","migrationVersion":{"dashboard":"7.13.1"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"30b0e422-b285-4bcf-a6c6-98e94c7d7dbf:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"30b0e422-b285-4bcf-a6c6-98e94c7d7dbf:indexpattern-datasource-layer-52c30ca7-88c5-4c3c-807b-378e4f70d9c6","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"3602f5ce-c0b6-4379-a84c-8b3fe3c84281:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"3602f5ce-c0b6-4379-a84c-8b3fe3c84281:indexpattern-datasource-layer-ff37d407-c462-4db1-bf99-c9929764c729","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"76a70662-4b3c-43e6-b468-b36a4950dae4:layer_1_source_index_pattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"fc22f082-7346-438c-8957-7e6173117b30:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"fc22f082-7346-438c-8957-7e6173117b30:indexpattern-datasource-layer-aafee82f-6862-4848-8cbe-6bd4b92de589","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"fd1e70f6-f85b-4bf9-ba64-6df3aae2d5a6:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"fd1e70f6-f85b-4bf9-ba64-6df3aae2d5a6:indexpattern-datasource-layer-389d4809-63c0-49f8-b9c8-aa1adbeb0a2c","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"5b9a238b-fdf6-4d44-b577-edc53434aa23:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"5b9a238b-fdf6-4d44-b577-edc53434aa23:indexpattern-datasource-layer-e3bbd319-a964-4a87-84a8-cda2eaca6235","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"3ec0c171-b423-418b-a4e3-11fef52b9a2b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"3ec0c171-b423-418b-a4e3-11fef52b9a2b:indexpattern-datasource-layer-9d19caac-1d0f-485f-b7db-6d9203c62192","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"adf946af-25e9-45ea-b048-e72243908a4a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"adf946af-25e9-45ea-b048-e72243908a4a:indexpattern-datasource-layer-1f8c8696-1fd1-4865-9e86-c91fa77a52f3","type":"index-pattern"},{"id":"90405c70-e8af-11eb-a019-4ff3eff5953f","name":"96f69a41-93fd-4f07-b627-179105449376:search_0","type":"search"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"f53c19e7-7c18-425d-abd1-5eec9bce336c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"f53c19e7-7c18-425d-abd1-5eec9bce336c:indexpattern-datasource-layer-0fa0ed75-9f58-4433-95f1-58e6f01c2d70","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"ebc03174-1f1b-498e-9ae5-a910b0651059:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"ebc03174-1f1b-498e-9ae5-a910b0651059:indexpattern-datasource-layer-4b725bc2-fff0-46bf-a746-62c867dfbaf2","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"71ac527a-aeaa-40aa-8b60-d1111087904f:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"71ac527a-aeaa-40aa-8b60-d1111087904f:indexpattern-datasource-layer-8be86246-216d-45db-926b-de99062b206c","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"c630e4e9-a72d-49b5-9ecb-9b91aaf07de3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"c630e4e9-a72d-49b5-9ecb-9b91aaf07de3:indexpattern-datasource-layer-d8198233-262f-4f26-ae2d-4b6194eb3dff","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"488493d9-cae4-461f-be4d-6884ab178f69:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"488493d9-cae4-461f-be4d-6884ab178f69:indexpattern-datasource-layer-ae9f3c75-8001-40b9-bcdf-ce81aaad98a4","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"06c0287f-06e2-47d9-a1b6-fbd9791ff6a3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"06c0287f-06e2-47d9-a1b6-fbd9791ff6a3:indexpattern-datasource-layer-4be1d7a3-eb3e-451d-b34a-d68fd2a3e5e8","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"422935b7-1ebe-4b88-9f79-597f23579a11:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"422935b7-1ebe-4b88-9f79-597f23579a11:indexpattern-datasource-layer-83d7ff90-8bb3-40df-8e48-5ba560f5d24f","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"38133b0e-2694-455d-b943-688f801f5d56:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"38133b0e-2694-455d-b943-688f801f5d56:indexpattern-datasource-layer-6ba55144-17a1-4adf-bbd4-2131cb3f3019","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"f7f910c4-cdde-4d47-a5e0-2a09068287da:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"f7f910c4-cdde-4d47-a5e0-2a09068287da:indexpattern-datasource-layer-d1b94c2f-f419-4256-8fcf-5708d493a452","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"26af1ab3-b833-4825-869a-6afb48cc5567:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"26af1ab3-b833-4825-869a-6afb48cc5567:indexpattern-datasource-layer-6f12b13b-9599-4207-b109-82e8f767e5fb","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"1cfb9518-f016-4404-9fbd-ded93c48bf0d:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"1cfb9518-f016-4404-9fbd-ded93c48bf0d:indexpattern-datasource-layer-7f8f6796-1b53-402f-bf38-205eacae3221","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"d1763e8d-e2cc-4bc6-8984-a9fd87226fc2:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"d1763e8d-e2cc-4bc6-8984-a9fd87226fc2:indexpattern-datasource-layer-ae148bdd-e6e4-4fec-9582-d7a1b4d7a8ef","type":"index-pattern"},{"id":"0f828e70-e579-11eb-b941-f7bd9d79b315","name":"8a3af145-9063-48a5-9bcb-277036573bee:panel_8a3af145-9063-48a5-9bcb-277036573bee","type":"search"}],"type":"dashboard","updated_at":"2021-07-19T16:46:06.562Z","version":"Wzc2NDYsMV0="} {"exportedCount":1,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/backup/mapping6.json ================================================ { "mappings" : { "properties" : { "authentication" : { "type" : "object" }, "authorization" : { "type" : "object" }, "@timestamp": { "type": "date" }, "geoip.location": { "type": "geo_point" }, "cloud" : { "properties" : { "cloud" : { "properties" : { "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "folder" : { "properties" : { "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "image" : { "properties" : { "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "source_uri" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "instance" : { "properties" : { "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "market_image" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "machine" : { "properties" : { "type" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "provider" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "service" : { "properties" : { "name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } } } }, "details" : { "properties" : { "access_binding_deltas" : { "properties" : { "access_binding" : { "properties" : { "role_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "subject_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "subject_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "subject_type" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "action" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "access_key_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "api_key_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "block_size" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "boot_disk" : { "properties" : { "auto_delete" : { "type" : "boolean" }, "device_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "disk_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "mode" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "boot_disk_spec" : { "properties" : { "auto_delete" : { "type" : "boolean" }, "disk_spec" : { "properties" : { "image_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "size" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "type_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } } } }, "default_for_network" : { "type" : "boolean" }, "dhcp_options" : { "type" : "object" }, "disk_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "disk_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "folder_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "folder_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "fqdn" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "hostname" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "key_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "key_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "metadata_keys" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "metadata_serial_port_enable" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "network_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "network_interface_index" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "network_interface_specs" : { "properties" : { "primary_v4_address_spec" : { "properties" : { "one_to_one_nat_spec" : { "properties" : { "address" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "ip_version" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } } } }, "security_group_ids" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "subnet_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "network_interfaces" : { "properties" : { "index" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "mac_address" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "primary_v4_address" : { "properties" : { "address" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "one_to_one_nat" : { "properties" : { "address" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "ip_version" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } } } }, "security_group_ids" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "subnet_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "network_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "network_settings" : { "properties" : { "type" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "one_to_one_nat_spec" : { "properties" : { "ip_version" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "os" : { "properties" : { "type" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "placement_policy" : { "type" : "object" }, "product_ids" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "resources" : { "properties" : { "core_fraction" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "cores" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "memory" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "resources_spec" : { "properties" : { "core_fraction" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "cores" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "memory" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "rule" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "rules" : { "properties" : { "cidr_blocks" : { "properties" : { "v4_cidr_blocks" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "v6_cidr_blocks" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "description" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "direction" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "ports" : { "properties" : { "from_port" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "to_port" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "predefined_target" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "protocol_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "protocol_number" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "secondary_disk_specs" : { "properties" : { "auto_delete" : { "type" : "boolean" }, "disk_spec" : { "properties" : { "block_size" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "size" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "type_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } } } }, "secondary_disks" : { "properties" : { "auto_delete" : { "type" : "boolean" }, "device_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "disk_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "mode" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "security_group_ids" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "security_group_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "service_account_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "service_account_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "size" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "source_image_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "subnet_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "subnet_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "type_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "update_mask" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "v4_cidr_blocks" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "zone_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "error" : { "properties" : { "code" : { "type" : "long" }, "details" : { "properties" : { "@type" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "locale" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "message" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "type" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "message" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "event" : { "properties" : { "action" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "category" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "dataset" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "kind" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "module" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "outcome" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "status" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "event_time" : { "type" : "date" }, "object_storage" : { "properties" : { "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "request_metadata" : { "properties" : { "remote_address" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "request_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "resource_metadata" : { "properties" : { "path" : { "properties" : { "resource_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "resource_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "resource_type" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } } } }, "security_group" : { "properties" : { "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "source" : { "properties" : { "address" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "ip" : { "type" : "ip" } } }, "user" : { "properties" : { "authenticated" : { "type" : "boolean" }, "authorization" : { "type" : "boolean" }, "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "type" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "user_agent" : { "properties" : { "original" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } } } } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/backup/objects/dashboard.ndjson ================================================ {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":11,\"i\":\"30b0e422-b285-4bcf-a6c6-98e94c7d7dbf\"},\"panelIndex\":\"30b0e422-b285-4bcf-a6c6-98e94c7d7dbf\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"attributes\":{\"title\":\"Общее кол-во событий AuditTrails\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"52c30ca7-88c5-4c3c-807b-378e4f70d9c6\":{\"columnOrder\":[\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\",\"048c50b3-4587-465a-b0ef-11cb5f1c2b5a\"],\"columns\":{\"048c50b3-4587-465a-b0ef-11cb5f1c2b5a\":{\"sourceField\":\"Records\",\"isBucketed\":false,\"dataType\":\"number\",\"scale\":\"ratio\",\"operationType\":\"count\",\"label\":\"Count of records\"},\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\":{\"sourceField\":\"event.module.keyword\",\"isBucketed\":true,\"dataType\":\"string\",\"scale\":\"ordinal\",\"operationType\":\"terms\",\"label\":\"Общее кол-во событий AuditTrails\",\"customLabel\":true,\"params\":{\"otherBucket\":true,\"size\":10,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"048c50b3-4587-465a-b0ef-11cb5f1c2b5a\",\"type\":\"column\"},\"orderDirection\":\"desc\"}}},\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":1,\"layerId\":\"52c30ca7-88c5-4c3c-807b-378e4f70d9c6\",\"metric\":\"048c50b3-4587-465a-b0ef-11cb5f1c2b5a\",\"numberDisplay\":\"value\",\"groups\":[\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\",\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\",\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\",\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\",\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\"],\"categoryDisplay\":\"default\"}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-52c30ca7-88c5-4c3c-807b-378e4f70d9c6\"}]}},\"title\":\"Общее кол-во событий AuditTrails\"},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":15,\"i\":\"3602f5ce-c0b6-4379-a84c-8b3fe3c84281\"},\"panelIndex\":\"3602f5ce-c0b6-4379-a84c-8b3fe3c84281\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"attributes\":{\"title\":\"Общее кол-во типов событий\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"ff37d407-c462-4db1-bf99-c9929764c729\":{\"columnOrder\":[\"117a1903-a862-44ae-a4c2-5c8ba7769948\",\"f467a316-b43c-419a-9204-f3ce8a69d751\"],\"columns\":{\"117a1903-a862-44ae-a4c2-5c8ba7769948\":{\"sourceField\":\"event.action.keyword\",\"isBucketed\":true,\"dataType\":\"string\",\"scale\":\"ordinal\",\"operationType\":\"terms\",\"label\":\"Top values of event.action.keyword\",\"params\":{\"otherBucket\":true,\"size\":16,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"f467a316-b43c-419a-9204-f3ce8a69d751\",\"type\":\"column\"},\"orderDirection\":\"desc\"}},\"f467a316-b43c-419a-9204-f3ce8a69d751\":{\"sourceField\":\"Records\",\"isBucketed\":false,\"dataType\":\"number\",\"scale\":\"ratio\",\"operationType\":\"count\",\"label\":\"Count of records\"}},\"incompleteColumns\":{}}}}},\"visualization\":{\"valueLabels\":\"hide\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yRight\":true,\"yLeft\":true},\"preferredSeriesType\":\"bar_horizontal\",\"legend\":{\"showSingleSeries\":false,\"isVisible\":false,\"position\":\"right\"},\"fittingFunction\":\"None\",\"layers\":[{\"xAccessor\":\"117a1903-a862-44ae-a4c2-5c8ba7769948\",\"layerId\":\"ff37d407-c462-4db1-bf99-c9929764c729\",\"accessors\":[\"f467a316-b43c-419a-9204-f3ce8a69d751\"],\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"position\":\"top\",\"yConfig\":[{\"axisMode\":\"auto\",\"forAccessor\":\"f467a316-b43c-419a-9204-f3ce8a69d751\"}]}],\"gridlinesVisibilitySettings\":{\"x\":true,\"yRight\":true,\"yLeft\":true},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yRight\":true,\"yLeft\":true}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-ff37d407-c462-4db1-bf99-c9929764c729\"}]}},\"title\":\"Общее кол-во типов событий\"},{\"version\":\"7.13.2\",\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":11,\"w\":24,\"h\":12,\"i\":\"76a70662-4b3c-43e6-b468-b36a4950dae4\"},\"panelIndex\":\"76a70662-4b3c-43e6-b468-b36a4950dae4\",\"embeddableConfig\":{\"attributes\":{\"title\":\"connections_api\",\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true},\\\"id\\\":\\\"3c5972f1-ae9a-4ea4-8fae-cddfb12931d2\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"type\\\":\\\"VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"indexPatternId\\\":\\\"33978670-e543-11eb-b941-f7bd9d79b315\\\",\\\"geoField\\\":\\\"geoip.location\\\",\\\"filterByMapBounds\\\":true,\\\"scalingType\\\":\\\"CLUSTERS\\\",\\\"id\\\":\\\"2569b478-cf5a-44ea-b60c-2d2da359d975\\\",\\\"type\\\":\\\"ES_SEARCH\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"tooltipProperties\\\":[],\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"topHitsSplitField\\\":\\\"\\\",\\\"topHitsSize\\\":1},\\\"id\\\":\\\"4b88fcd8-fa6d-4136-8ab3-90e4c8f1e84c\\\",\\\"label\\\":\\\"map\\\",\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"VECTOR\\\",\\\"properties\\\":{\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"fillColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"}},\\\"lineColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#d3ebe4\\\"}},\\\"lineWidth\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":11}},\\\"iconSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":15}},\\\"iconOrientation\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"orientation\\\":0}},\\\"labelText\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"\\\"}},\\\"labelColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"}},\\\"labelSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":14}},\\\"labelBorderColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"}},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"icon\\\"}},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}}},\\\"isTimeAware\\\":true},\\\"type\\\":\\\"BLENDED_VECTOR\\\",\\\"joins\\\":[]}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.63,\\\"center\\\":{\\\"lon\\\":0,\\\"lat\\\":19.94277},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-4M\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\",\"references\":[]},\"mapCenter\":{\"lat\":31.7041,\"lon\":-28.12525,\"zoom\":1.63},\"mapBuffer\":{\"minLon\":-249.16300999999999,\"minLat\":-29.228735,\"maxLon\":192.91251,\"maxLat\":84.306965},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":15,\"w\":6,\"h\":6,\"i\":\"fc22f082-7346-438c-8957-7e6173117b30\"},\"panelIndex\":\"fc22f082-7346-438c-8957-7e6173117b30\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"aafee82f-6862-4848-8cbe-6bd4b92de589\":{\"columns\":{\"ddcee702-c96c-4481-b00c-6e3783e370f2\":{\"label\":\"Роль: vpc.publicAdmin\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"ddcee702-c96c-4481-b00c-6e3783e370f2\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"aafee82f-6862-4848-8cbe-6bd4b92de589\",\"accessor\":\"ddcee702-c96c-4481-b00c-6e3783e370f2\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: vpc.publicAdmin\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-aafee82f-6862-4848-8cbe-6bd4b92de589\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":30,\"y\":15,\"w\":6,\"h\":6,\"i\":\"fd1e70f6-f85b-4bf9-ba64-6df3aae2d5a6\"},\"panelIndex\":\"fd1e70f6-f85b-4bf9-ba64-6df3aae2d5a6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"389d4809-63c0-49f8-b9c8-aa1adbeb0a2c\":{\"columns\":{\"706238d4-9b6d-454e-bd68-210f3f620e39\":{\"label\":\"Роль: KMS \",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"706238d4-9b6d-454e-bd68-210f3f620e39\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"389d4809-63c0-49f8-b9c8-aa1adbeb0a2c\",\"accessor\":\"706238d4-9b6d-454e-bd68-210f3f620e39\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit. kms. *SymmetricKeyAccessBindings\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-389d4809-63c0-49f8-b9c8-aa1adbeb0a2c\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":15,\"w\":6,\"h\":6,\"i\":\"5b9a238b-fdf6-4d44-b577-edc53434aa23\"},\"panelIndex\":\"5b9a238b-fdf6-4d44-b577-edc53434aa23\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"e3bbd319-a964-4a87-84a8-cda2eaca6235\":{\"columns\":{\"3a949804-f3c2-4207-b78e-7a80187e77bd\":{\"label\":\"ServiceAccount Keys\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"3a949804-f3c2-4207-b78e-7a80187e77bd\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"e3bbd319-a964-4a87-84a8-cda2eaca6235\",\"accessor\":\"3a949804-f3c2-4207-b78e-7a80187e77bd\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.iam.CreateAccessKey or yandex.cloud.audit.iam.CreateKey or andex.cloud.audit.iam.CreateApiKey)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-e3bbd319-a964-4a87-84a8-cda2eaca6235\"}]},\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":42,\"y\":15,\"w\":6,\"h\":6,\"i\":\"3ec0c171-b423-418b-a4e3-11fef52b9a2b\"},\"panelIndex\":\"3ec0c171-b423-418b-a4e3-11fef52b9a2b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"9d19caac-1d0f-485f-b7db-6d9203c62192\":{\"columns\":{\"a05d4d5d-4622-416e-9fd8-138401ddee23\":{\"label\":\"Роль: Admin (folder/cloud)\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"a05d4d5d-4622-416e-9fd8-138401ddee23\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"9d19caac-1d0f-485f-b7db-6d9203c62192\",\"accessor\":\"a05d4d5d-4622-416e-9fd8-138401ddee23\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: admin\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-9d19caac-1d0f-485f-b7db-6d9203c62192\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":21,\"w\":13,\"h\":7,\"i\":\"adf946af-25e9-45ea-b048-e72243908a4a\"},\"panelIndex\":\"adf946af-25e9-45ea-b048-e72243908a4a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"1f8c8696-1fd1-4865-9e86-c91fa77a52f3\":{\"columns\":{\"da104346-7e67-4a04-9207-1c16e0aed304\":{\"label\":\" \",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e54273fa-b06a-45ef-803c-927e3246a529\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"8121435e-8cbb-4bbc-a505-801a30482bbb\":{\"label\":\"Top values of error.message.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"error.message.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e54273fa-b06a-45ef-803c-927e3246a529\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"e54273fa-b06a-45ef-803c-927e3246a529\":{\"label\":\"IAM: Permission denied\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true,\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}}}},\"columnOrder\":[\"da104346-7e67-4a04-9207-1c16e0aed304\",\"8121435e-8cbb-4bbc-a505-801a30482bbb\",\"e54273fa-b06a-45ef-803c-927e3246a529\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":true},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"1f8c8696-1fd1-4865-9e86-c91fa77a52f3\",\"accessors\":[\"e54273fa-b06a-45ef-803c-927e3246a529\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"xAccessor\":\"da104346-7e67-4a04-9207-1c16e0aed304\",\"splitAccessor\":\"8121435e-8cbb-4bbc-a505-801a30482bbb\",\"yConfig\":[{\"forAccessor\":\"e54273fa-b06a-45ef-803c-927e3246a529\",\"axisMode\":\"auto\"}]}]},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and error.message: Permission denied\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-1f8c8696-1fd1-4865-9e86-c91fa77a52f3\"}]},\"enhancements\":{},\"hidePanelTitles\":true}},{\"version\":\"7.13.2\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":21,\"w\":11,\"h\":7,\"i\":\"96f69a41-93fd-4f07-b627-179105449376\"},\"panelIndex\":\"96f69a41-93fd-4f07-b627-179105449376\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"gauge\",\"params\":{\"type\":\"gauge\",\"addTooltip\":true,\"addLegend\":false,\"isDisplayWarning\":false,\"gauge\":{\"alignment\":\"automatic\",\"extendRange\":true,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Yellow to Red\",\"gaugeColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":50},{\"from\":50,\"to\":75},{\"from\":75,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":true,\"labels\":false,\"color\":\"rgba(105,112,125,0.2)\"},\"type\":\"meter\",\"style\":{\"bgWidth\":0.9,\"width\":0.9,\"mask\":false,\"bgMask\":false,\"maskBars\":50,\"bgFill\":\"rgba(105,112,125,0.2)\",\"bgColor\":true,\"subText\":\"\",\"fontSize\":60},\"outline\":false}},\"uiState\":{\"vis\":{\"defaultColors\":{\"0 - 50\":\"rgb(255,255,204)\",\"50 - 75\":\"rgb(253,135,60)\",\"75 - 100\":\"rgb(128,0,38)\"}}},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]},\"savedSearchId\":\"90405c70-e8af-11eb-a019-4ff3eff5953f\"}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Permission denied\"},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":23,\"w\":5,\"h\":6,\"i\":\"f53c19e7-7c18-425d-abd1-5eec9bce336c\"},\"panelIndex\":\"f53c19e7-7c18-425d-abd1-5eec9bce336c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"0fa0ed75-9f58-4433-95f1-58e6f01c2d70\":{\"columns\":{\"b3003016-821e-4958-854b-3f812e39e171\":{\"label\":\"Сеть: Public IP назначен на ВМ\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"b3003016-821e-4958-854b-3f812e39e171\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"0fa0ed75-9f58-4433-95f1-58e6f01c2d70\",\"accessor\":\"b3003016-821e-4958-854b-3f812e39e171\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.AddInstanceOneToOneNat\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-0fa0ed75-9f58-4433-95f1-58e6f01c2d70\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":5,\"y\":23,\"w\":5,\"h\":6,\"i\":\"ebc03174-1f1b-498e-9ae5-a910b0651059\"},\"panelIndex\":\"ebc03174-1f1b-498e-9ae5-a910b0651059\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"4b725bc2-fff0-46bf-a746-62c867dfbaf2\":{\"columns\":{\"d2941f94-13a3-4d83-8c6b-ace075c84501\":{\"label\":\"Сеть: SG с 0.0.0.0/0\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"d2941f94-13a3-4d83-8c6b-ace075c84501\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"4b725bc2-fff0-46bf-a746-62c867dfbaf2\",\"accessor\":\"d2941f94-13a3-4d83-8c6b-ace075c84501\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and (event.action: yandex.cloud.audit.network.CreateSecurityGroup or yandex.cloud.audit.network.UpdateSecurityGroup) and details.rules.direction: INGRESS and details.rules.cidr_blocks.v4_cidr_blocks: *0.0.0.0*\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-4b725bc2-fff0-46bf-a746-62c867dfbaf2\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":10,\"y\":23,\"w\":5,\"h\":6,\"i\":\"71ac527a-aeaa-40aa-8b60-d1111087904f\"},\"panelIndex\":\"71ac527a-aeaa-40aa-8b60-d1111087904f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"8be86246-216d-45db-926b-de99062b206c\":{\"columns\":{\"c28c6d2c-5567-406d-a91e-2eac3d2ea6b6\":{\"label\":\"Сеть: Instance с 2 interface\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"c28c6d2c-5567-406d-a91e-2eac3d2ea6b6\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"8be86246-216d-45db-926b-de99062b206c\",\"accessor\":\"c28c6d2c-5567-406d-a91e-2eac3d2ea6b6\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateInstance and details.network_interfaces.index: 1\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-8be86246-216d-45db-926b-de99062b206c\"}]},\"enhancements\":{},\"hidePanelTitles\":true}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":15,\"y\":23,\"w\":5,\"h\":6,\"i\":\"c630e4e9-a72d-49b5-9ecb-9b91aaf07de3\"},\"panelIndex\":\"c630e4e9-a72d-49b5-9ecb-9b91aaf07de3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"d8198233-262f-4f26-ae2d-4b6194eb3dff\":{\"columns\":{\"9266a32e-cbed-4efb-9cf6-91a12b516fcb\":{\"label\":\"Сеть: Security Group\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"9266a32e-cbed-4efb-9cf6-91a12b516fcb\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"d8198233-262f-4f26-ae2d-4b6194eb3dff\",\"accessor\":\"9266a32e-cbed-4efb-9cf6-91a12b516fcb\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.*SecurityGroup \",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-d8198233-262f-4f26-ae2d-4b6194eb3dff\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":20,\"y\":23,\"w\":4,\"h\":6,\"i\":\"488493d9-cae4-461f-be4d-6884ab178f69\"},\"panelIndex\":\"488493d9-cae4-461f-be4d-6884ab178f69\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"ae9f3c75-8001-40b9-bcdf-ce81aaad98a4\":{\"columns\":{\"d6807b7a-caef-439a-8c1e-0d7f56d1fe8c\":{\"label\":\"Сеть: Public IP без antiDDOS\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"d6807b7a-caef-439a-8c1e-0d7f56d1fe8c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"ae9f3c75-8001-40b9-bcdf-ce81aaad98a4\",\"accessor\":\"d6807b7a-caef-439a-8c1e-0d7f56d1fe8c\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.CreateAddress and not details.external_ipv4_address.requirements.ddos_protection_provider: qrator\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-ae9f3c75-8001-40b9-bcdf-ce81aaad98a4\"}]},\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":28,\"w\":4,\"h\":7,\"i\":\"06c0287f-06e2-47d9-a1b6-fbd9791ff6a3\"},\"panelIndex\":\"06c0287f-06e2-47d9-a1b6-fbd9791ff6a3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"4be1d7a3-eb3e-451d-b34a-d68fd2a3e5e8\":{\"columns\":{\"bbe3b863-df88-422a-af6d-9b3a3956b5e1\":{\"label\":\"S3: ACL/Policy\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"bbe3b863-df88-422a-af6d-9b3a3956b5e1\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"4be1d7a3-eb3e-451d-b34a-d68fd2a3e5e8\",\"accessor\":\"bbe3b863-df88-422a-af6d-9b3a3956b5e1\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.storage.BucketAclUpdate or yandex.cloud.audit.storage.BucketPolicyUpdate)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-4be1d7a3-eb3e-451d-b34a-d68fd2a3e5e8\"}]},\"enhancements\":{},\"hidePanelTitles\":true}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":28,\"y\":28,\"w\":4,\"h\":7,\"i\":\"422935b7-1ebe-4b88-9f79-597f23579a11\"},\"panelIndex\":\"422935b7-1ebe-4b88-9f79-597f23579a11\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"83d7ff90-8bb3-40df-8e48-5ba560f5d24f\":{\"columns\":{\"8c3c4e3d-70cb-4e2f-b95c-a574639e9a4f\":{\"label\":\"Instance: создано Images \",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"8c3c4e3d-70cb-4e2f-b95c-a574639e9a4f\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"83d7ff90-8bb3-40df-8e48-5ba560f5d24f\",\"accessor\":\"8c3c4e3d-70cb-4e2f-b95c-a574639e9a4f\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateImage and cloud.image.source_uri: *\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-83d7ff90-8bb3-40df-8e48-5ba560f5d24f\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":28,\"w\":4,\"h\":7,\"i\":\"38133b0e-2694-455d-b943-688f801f5d56\"},\"panelIndex\":\"38133b0e-2694-455d-b943-688f801f5d56\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"6ba55144-17a1-4adf-bbd4-2131cb3f3019\":{\"columns\":{\"36aefc1c-b4bc-4a1e-9082-d0efe888ef21\":{\"label\":\"Instance: с Marketplace образом\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"36aefc1c-b4bc-4a1e-9082-d0efe888ef21\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"6ba55144-17a1-4adf-bbd4-2131cb3f3019\",\"accessor\":\"36aefc1c-b4bc-4a1e-9082-d0efe888ef21\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and details.product_ids: *\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-6ba55144-17a1-4adf-bbd4-2131cb3f3019\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":28,\"w\":4,\"h\":7,\"i\":\"f7f910c4-cdde-4d47-a5e0-2a09068287da\"},\"panelIndex\":\"f7f910c4-cdde-4d47-a5e0-2a09068287da\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"d1b94c2f-f419-4256-8fcf-5708d493a452\":{\"columns\":{\"c08f2387-053c-4cb3-9015-e8f0084521fe\":{\"label\":\"Instance: Serialport enable\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"c08f2387-053c-4cb3-9015-e8f0084521fe\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"d1b94c2f-f419-4256-8fcf-5708d493a452\",\"accessor\":\"c08f2387-053c-4cb3-9015-e8f0084521fe\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.outcome : success and event.action: yandex.cloud.audit.compute.CreateInstance and details.metadata_serial_port_enable: 1\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-d1b94c2f-f419-4256-8fcf-5708d493a452\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":40,\"y\":28,\"w\":4,\"h\":7,\"i\":\"26af1ab3-b833-4825-869a-6afb48cc5567\"},\"panelIndex\":\"26af1ab3-b833-4825-869a-6afb48cc5567\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"6f12b13b-9599-4207-b109-82e8f767e5fb\":{\"columns\":{\"6123044e-93be-4065-abc2-d9938a2288f5\":{\"label\":\"Роль: cloud.owner действия\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"6123044e-93be-4065-abc2-d9938a2288f5\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"6f12b13b-9599-4207-b109-82e8f767e5fb\",\"accessor\":\"6123044e-93be-4065-abc2-d9938a2288f5\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and user.name : mirtov8@yandex-team.ru \",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-6f12b13b-9599-4207-b109-82e8f767e5fb\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":44,\"y\":28,\"w\":4,\"h\":7,\"i\":\"1cfb9518-f016-4404-9fbd-ded93c48bf0d\"},\"panelIndex\":\"1cfb9518-f016-4404-9fbd-ded93c48bf0d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"7f8f6796-1b53-402f-bf38-205eacae3221\":{\"columns\":{\"ab948924-46d4-443f-819c-8bcdcca80586\":{\"label\":\"Instance: Без SG \",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"ab948924-46d4-443f-819c-8bcdcca80586\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"7f8f6796-1b53-402f-bf38-205eacae3221\",\"accessor\":\"ab948924-46d4-443f-819c-8bcdcca80586\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.outcome : success and event.action: yandex.cloud.audit.compute.CreateInstance and not details.network_interfaces.security_group_ids: *\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-7f8f6796-1b53-402f-bf38-205eacae3221\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":29,\"w\":24,\"h\":6,\"i\":\"d1763e8d-e2cc-4bc6-8984-a9fd87226fc2\"},\"panelIndex\":\"d1763e8d-e2cc-4bc6-8984-a9fd87226fc2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"ae148bdd-e6e4-4fec-9582-d7a1b4d7a8ef\":{\"columns\":{\"870d2709-a2a2-44bd-b77f-43bda4bbb229\":{\"label\":\"Top values of user_agent.original.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user_agent.original.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1efef975-ba6d-4a6d-a987-1367ccf799fa\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"bceb4d39-1283-4037-af49-2fea6907275f\":{\"label\":\"Top values of user.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1efef975-ba6d-4a6d-a987-1367ccf799fa\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"fe3fa5eb-ab9d-40b9-8b50-43d5dce8d26b\":{\"label\":\"event_time\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"event_time\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"1efef975-ba6d-4a6d-a987-1367ccf799fa\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"8e348bc7-dc23-459f-8362-81520a1f5c12\":{\"label\":\"Top values of source.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.ip\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1efef975-ba6d-4a6d-a987-1367ccf799fa\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"870d2709-a2a2-44bd-b77f-43bda4bbb229\",\"bceb4d39-1283-4037-af49-2fea6907275f\",\"8e348bc7-dc23-459f-8362-81520a1f5c12\",\"fe3fa5eb-ab9d-40b9-8b50-43d5dce8d26b\",\"1efef975-ba6d-4a6d-a987-1367ccf799fa\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"ae148bdd-e6e4-4fec-9582-d7a1b4d7a8ef\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"870d2709-a2a2-44bd-b77f-43bda4bbb229\"},{\"isTransposed\":false,\"columnId\":\"bceb4d39-1283-4037-af49-2fea6907275f\",\"width\":151.4},{\"isTransposed\":false,\"columnId\":\"8e348bc7-dc23-459f-8362-81520a1f5c12\",\"width\":188.39999999999998},{\"isTransposed\":false,\"columnId\":\"fe3fa5eb-ab9d-40b9-8b50-43d5dce8d26b\",\"width\":136.4},{\"isTransposed\":false,\"columnId\":\"1efef975-ba6d-4a6d-a987-1367ccf799fa\",\"width\":87.4}]},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and (user_agent.original.keyword: *YC/* or user_agent.original.keyword: *Terraform*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-ae148bdd-e6e4-4fec-9582-d7a1b4d7a8ef\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Подключения с YC/Terraform\"},{\"version\":\"7.13.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":12,\"i\":\"8a3af145-9063-48a5-9bcb-277036573bee\"},\"panelIndex\":\"8a3af145-9063-48a5-9bcb-277036573bee\",\"embeddableConfig\":{\"columns\":[\"cloud.cloud.name\",\"cloud.folder.name\",\"event.module\",\"event.action\",\"user.name\",\"user.type\",\"user.authorization\",\"source.ip\",\"user_agent.original\",\"details.access_binding_deltas.access_binding.role_id\",\"details.rules.cidr_blocks.v4_cidr_blocks\",\"details.access_binding_deltas.access_binding.subject_name\"],\"enhancements\":{}},\"panelRefName\":\"panel_8a3af145-9063-48a5-9bcb-277036573bee\"}]","timeRestore":false,"title":"AuditTrails Dashboard Copy","version":1},"coreMigrationVersion":"7.13.2","id":"cff15580-e8b0-11eb-a019-4ff3eff5953f","migrationVersion":{"dashboard":"7.13.1"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"30b0e422-b285-4bcf-a6c6-98e94c7d7dbf:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"30b0e422-b285-4bcf-a6c6-98e94c7d7dbf:indexpattern-datasource-layer-52c30ca7-88c5-4c3c-807b-378e4f70d9c6","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"3602f5ce-c0b6-4379-a84c-8b3fe3c84281:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"3602f5ce-c0b6-4379-a84c-8b3fe3c84281:indexpattern-datasource-layer-ff37d407-c462-4db1-bf99-c9929764c729","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"76a70662-4b3c-43e6-b468-b36a4950dae4:layer_1_source_index_pattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"fc22f082-7346-438c-8957-7e6173117b30:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"fc22f082-7346-438c-8957-7e6173117b30:indexpattern-datasource-layer-aafee82f-6862-4848-8cbe-6bd4b92de589","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"fd1e70f6-f85b-4bf9-ba64-6df3aae2d5a6:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"fd1e70f6-f85b-4bf9-ba64-6df3aae2d5a6:indexpattern-datasource-layer-389d4809-63c0-49f8-b9c8-aa1adbeb0a2c","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"5b9a238b-fdf6-4d44-b577-edc53434aa23:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"5b9a238b-fdf6-4d44-b577-edc53434aa23:indexpattern-datasource-layer-e3bbd319-a964-4a87-84a8-cda2eaca6235","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"3ec0c171-b423-418b-a4e3-11fef52b9a2b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"3ec0c171-b423-418b-a4e3-11fef52b9a2b:indexpattern-datasource-layer-9d19caac-1d0f-485f-b7db-6d9203c62192","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"adf946af-25e9-45ea-b048-e72243908a4a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"adf946af-25e9-45ea-b048-e72243908a4a:indexpattern-datasource-layer-1f8c8696-1fd1-4865-9e86-c91fa77a52f3","type":"index-pattern"},{"id":"90405c70-e8af-11eb-a019-4ff3eff5953f","name":"96f69a41-93fd-4f07-b627-179105449376:search_0","type":"search"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"f53c19e7-7c18-425d-abd1-5eec9bce336c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"f53c19e7-7c18-425d-abd1-5eec9bce336c:indexpattern-datasource-layer-0fa0ed75-9f58-4433-95f1-58e6f01c2d70","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"ebc03174-1f1b-498e-9ae5-a910b0651059:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"ebc03174-1f1b-498e-9ae5-a910b0651059:indexpattern-datasource-layer-4b725bc2-fff0-46bf-a746-62c867dfbaf2","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"71ac527a-aeaa-40aa-8b60-d1111087904f:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"71ac527a-aeaa-40aa-8b60-d1111087904f:indexpattern-datasource-layer-8be86246-216d-45db-926b-de99062b206c","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"c630e4e9-a72d-49b5-9ecb-9b91aaf07de3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"c630e4e9-a72d-49b5-9ecb-9b91aaf07de3:indexpattern-datasource-layer-d8198233-262f-4f26-ae2d-4b6194eb3dff","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"488493d9-cae4-461f-be4d-6884ab178f69:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"488493d9-cae4-461f-be4d-6884ab178f69:indexpattern-datasource-layer-ae9f3c75-8001-40b9-bcdf-ce81aaad98a4","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"06c0287f-06e2-47d9-a1b6-fbd9791ff6a3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"06c0287f-06e2-47d9-a1b6-fbd9791ff6a3:indexpattern-datasource-layer-4be1d7a3-eb3e-451d-b34a-d68fd2a3e5e8","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"422935b7-1ebe-4b88-9f79-597f23579a11:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"422935b7-1ebe-4b88-9f79-597f23579a11:indexpattern-datasource-layer-83d7ff90-8bb3-40df-8e48-5ba560f5d24f","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"38133b0e-2694-455d-b943-688f801f5d56:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"38133b0e-2694-455d-b943-688f801f5d56:indexpattern-datasource-layer-6ba55144-17a1-4adf-bbd4-2131cb3f3019","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"f7f910c4-cdde-4d47-a5e0-2a09068287da:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"f7f910c4-cdde-4d47-a5e0-2a09068287da:indexpattern-datasource-layer-d1b94c2f-f419-4256-8fcf-5708d493a452","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"26af1ab3-b833-4825-869a-6afb48cc5567:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"26af1ab3-b833-4825-869a-6afb48cc5567:indexpattern-datasource-layer-6f12b13b-9599-4207-b109-82e8f767e5fb","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"1cfb9518-f016-4404-9fbd-ded93c48bf0d:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"1cfb9518-f016-4404-9fbd-ded93c48bf0d:indexpattern-datasource-layer-7f8f6796-1b53-402f-bf38-205eacae3221","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"d1763e8d-e2cc-4bc6-8984-a9fd87226fc2:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"d1763e8d-e2cc-4bc6-8984-a9fd87226fc2:indexpattern-datasource-layer-ae148bdd-e6e4-4fec-9582-d7a1b4d7a8ef","type":"index-pattern"},{"id":"0f828e70-e579-11eb-b941-f7bd9d79b315","name":"8a3af145-9063-48a5-9bcb-277036573bee:panel_8a3af145-9063-48a5-9bcb-277036573bee","type":"search"}],"type":"dashboard","updated_at":"2021-07-19T16:46:06.562Z","version":"Wzc2NDYsMV0="} {"exportedCount":1,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/backup/objects/dashboard_backup.ndjson ================================================ {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":11,\"i\":\"30b0e422-b285-4bcf-a6c6-98e94c7d7dbf\"},\"panelIndex\":\"30b0e422-b285-4bcf-a6c6-98e94c7d7dbf\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"attributes\":{\"title\":\"Общее кол-во событий AuditTrails\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"52c30ca7-88c5-4c3c-807b-378e4f70d9c6\":{\"columnOrder\":[\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\",\"048c50b3-4587-465a-b0ef-11cb5f1c2b5a\"],\"columns\":{\"048c50b3-4587-465a-b0ef-11cb5f1c2b5a\":{\"sourceField\":\"Records\",\"isBucketed\":false,\"dataType\":\"number\",\"scale\":\"ratio\",\"operationType\":\"count\",\"label\":\"Count of records\"},\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\":{\"sourceField\":\"event.module.keyword\",\"isBucketed\":true,\"dataType\":\"string\",\"scale\":\"ordinal\",\"operationType\":\"terms\",\"label\":\"Общее кол-во событий AuditTrails\",\"customLabel\":true,\"params\":{\"otherBucket\":true,\"size\":10,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"048c50b3-4587-465a-b0ef-11cb5f1c2b5a\",\"type\":\"column\"},\"orderDirection\":\"desc\"}}},\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":1,\"layerId\":\"52c30ca7-88c5-4c3c-807b-378e4f70d9c6\",\"metric\":\"048c50b3-4587-465a-b0ef-11cb5f1c2b5a\",\"numberDisplay\":\"value\",\"groups\":[\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\",\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\",\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\",\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\",\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\"],\"categoryDisplay\":\"default\"}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-52c30ca7-88c5-4c3c-807b-378e4f70d9c6\"}]}},\"title\":\"Общее кол-во событий AuditTrails\"},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":15,\"i\":\"3602f5ce-c0b6-4379-a84c-8b3fe3c84281\"},\"panelIndex\":\"3602f5ce-c0b6-4379-a84c-8b3fe3c84281\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"attributes\":{\"title\":\"Общее кол-во типов событий\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"ff37d407-c462-4db1-bf99-c9929764c729\":{\"columnOrder\":[\"117a1903-a862-44ae-a4c2-5c8ba7769948\",\"f467a316-b43c-419a-9204-f3ce8a69d751\"],\"columns\":{\"117a1903-a862-44ae-a4c2-5c8ba7769948\":{\"sourceField\":\"event.action.keyword\",\"isBucketed\":true,\"dataType\":\"string\",\"scale\":\"ordinal\",\"operationType\":\"terms\",\"label\":\"Top values of event.action.keyword\",\"params\":{\"otherBucket\":true,\"size\":10,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"f467a316-b43c-419a-9204-f3ce8a69d751\",\"type\":\"column\"},\"orderDirection\":\"desc\"}},\"f467a316-b43c-419a-9204-f3ce8a69d751\":{\"sourceField\":\"Records\",\"isBucketed\":false,\"dataType\":\"number\",\"scale\":\"ratio\",\"operationType\":\"count\",\"label\":\"Count of records\"}},\"incompleteColumns\":{}}}}},\"visualization\":{\"valueLabels\":\"hide\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yRight\":true,\"yLeft\":true},\"preferredSeriesType\":\"bar_horizontal\",\"legend\":{\"showSingleSeries\":false,\"isVisible\":false,\"position\":\"right\"},\"fittingFunction\":\"None\",\"layers\":[{\"xAccessor\":\"117a1903-a862-44ae-a4c2-5c8ba7769948\",\"layerId\":\"ff37d407-c462-4db1-bf99-c9929764c729\",\"accessors\":[\"f467a316-b43c-419a-9204-f3ce8a69d751\"],\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"position\":\"top\",\"yConfig\":[{\"axisMode\":\"auto\",\"forAccessor\":\"f467a316-b43c-419a-9204-f3ce8a69d751\"}]}],\"gridlinesVisibilitySettings\":{\"x\":true,\"yRight\":true,\"yLeft\":true},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yRight\":true,\"yLeft\":true}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-ff37d407-c462-4db1-bf99-c9929764c729\"}]}},\"title\":\"Общее кол-во типов событий\"},{\"version\":\"7.13.2\",\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":11,\"w\":24,\"h\":12,\"i\":\"76a70662-4b3c-43e6-b468-b36a4950dae4\"},\"panelIndex\":\"76a70662-4b3c-43e6-b468-b36a4950dae4\",\"embeddableConfig\":{\"attributes\":{\"title\":\"connections_api\",\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true},\\\"id\\\":\\\"3c5972f1-ae9a-4ea4-8fae-cddfb12931d2\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"type\\\":\\\"VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"indexPatternId\\\":\\\"33978670-e543-11eb-b941-f7bd9d79b315\\\",\\\"geoField\\\":\\\"geoip.location\\\",\\\"filterByMapBounds\\\":true,\\\"scalingType\\\":\\\"CLUSTERS\\\",\\\"id\\\":\\\"2569b478-cf5a-44ea-b60c-2d2da359d975\\\",\\\"type\\\":\\\"ES_SEARCH\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"tooltipProperties\\\":[],\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"topHitsSplitField\\\":\\\"\\\",\\\"topHitsSize\\\":1},\\\"id\\\":\\\"4b88fcd8-fa6d-4136-8ab3-90e4c8f1e84c\\\",\\\"label\\\":\\\"map\\\",\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"VECTOR\\\",\\\"properties\\\":{\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"fillColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"}},\\\"lineColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#d3ebe4\\\"}},\\\"lineWidth\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":11}},\\\"iconSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":15}},\\\"iconOrientation\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"orientation\\\":0}},\\\"labelText\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"\\\"}},\\\"labelColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"}},\\\"labelSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":14}},\\\"labelBorderColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"}},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"icon\\\"}},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}}},\\\"isTimeAware\\\":true},\\\"type\\\":\\\"BLENDED_VECTOR\\\",\\\"joins\\\":[]}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.63,\\\"center\\\":{\\\"lon\\\":0,\\\"lat\\\":19.94277},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-4M\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\",\"references\":[]},\"mapCenter\":{\"lat\":31.7041,\"lon\":-28.12525,\"zoom\":1.63},\"mapBuffer\":{\"minLon\":-229.17193000000003,\"minLat\":-29.026535,\"maxLon\":172.92143,\"maxLat\":84.154645},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":15,\"w\":6,\"h\":6,\"i\":\"fc22f082-7346-438c-8957-7e6173117b30\"},\"panelIndex\":\"fc22f082-7346-438c-8957-7e6173117b30\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"aafee82f-6862-4848-8cbe-6bd4b92de589\":{\"columns\":{\"ddcee702-c96c-4481-b00c-6e3783e370f2\":{\"label\":\"Роль: vpc.publicAdmin\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"ddcee702-c96c-4481-b00c-6e3783e370f2\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"aafee82f-6862-4848-8cbe-6bd4b92de589\",\"accessor\":\"ddcee702-c96c-4481-b00c-6e3783e370f2\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: vpc.publicAdmin\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-aafee82f-6862-4848-8cbe-6bd4b92de589\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":30,\"y\":15,\"w\":6,\"h\":6,\"i\":\"fd1e70f6-f85b-4bf9-ba64-6df3aae2d5a6\"},\"panelIndex\":\"fd1e70f6-f85b-4bf9-ba64-6df3aae2d5a6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"389d4809-63c0-49f8-b9c8-aa1adbeb0a2c\":{\"columns\":{\"706238d4-9b6d-454e-bd68-210f3f620e39\":{\"label\":\"Роль: KMS \",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"706238d4-9b6d-454e-bd68-210f3f620e39\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"389d4809-63c0-49f8-b9c8-aa1adbeb0a2c\",\"accessor\":\"706238d4-9b6d-454e-bd68-210f3f620e39\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit. kms. *SymmetricKeyAccessBindings\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-389d4809-63c0-49f8-b9c8-aa1adbeb0a2c\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":15,\"w\":6,\"h\":6,\"i\":\"5b9a238b-fdf6-4d44-b577-edc53434aa23\"},\"panelIndex\":\"5b9a238b-fdf6-4d44-b577-edc53434aa23\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"e3bbd319-a964-4a87-84a8-cda2eaca6235\":{\"columns\":{\"3a949804-f3c2-4207-b78e-7a80187e77bd\":{\"label\":\"ServiceAccount Keys\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"3a949804-f3c2-4207-b78e-7a80187e77bd\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"e3bbd319-a964-4a87-84a8-cda2eaca6235\",\"accessor\":\"3a949804-f3c2-4207-b78e-7a80187e77bd\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.iam.CreateAccessKey or yandex.cloud.audit.iam.CreateKey or andex.cloud.audit.iam.CreateApiKey)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-e3bbd319-a964-4a87-84a8-cda2eaca6235\"}]},\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":42,\"y\":15,\"w\":6,\"h\":6,\"i\":\"3ec0c171-b423-418b-a4e3-11fef52b9a2b\"},\"panelIndex\":\"3ec0c171-b423-418b-a4e3-11fef52b9a2b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"9d19caac-1d0f-485f-b7db-6d9203c62192\":{\"columns\":{\"a05d4d5d-4622-416e-9fd8-138401ddee23\":{\"label\":\"Роль: Admin (folder/cloud)\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"a05d4d5d-4622-416e-9fd8-138401ddee23\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"9d19caac-1d0f-485f-b7db-6d9203c62192\",\"accessor\":\"a05d4d5d-4622-416e-9fd8-138401ddee23\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: admin\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-9d19caac-1d0f-485f-b7db-6d9203c62192\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":21,\"w\":24,\"h\":7,\"i\":\"adf946af-25e9-45ea-b048-e72243908a4a\"},\"panelIndex\":\"adf946af-25e9-45ea-b048-e72243908a4a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"1f8c8696-1fd1-4865-9e86-c91fa77a52f3\":{\"columns\":{\"da104346-7e67-4a04-9207-1c16e0aed304\":{\"label\":\" \",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e54273fa-b06a-45ef-803c-927e3246a529\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"8121435e-8cbb-4bbc-a505-801a30482bbb\":{\"label\":\"Top values of error.message.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"error.message.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e54273fa-b06a-45ef-803c-927e3246a529\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"e54273fa-b06a-45ef-803c-927e3246a529\":{\"label\":\"IAM: Permission denied\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true,\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}}}},\"columnOrder\":[\"da104346-7e67-4a04-9207-1c16e0aed304\",\"8121435e-8cbb-4bbc-a505-801a30482bbb\",\"e54273fa-b06a-45ef-803c-927e3246a529\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":true},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"1f8c8696-1fd1-4865-9e86-c91fa77a52f3\",\"accessors\":[\"e54273fa-b06a-45ef-803c-927e3246a529\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"xAccessor\":\"da104346-7e67-4a04-9207-1c16e0aed304\",\"splitAccessor\":\"8121435e-8cbb-4bbc-a505-801a30482bbb\",\"yConfig\":[{\"forAccessor\":\"e54273fa-b06a-45ef-803c-927e3246a529\",\"axisMode\":\"auto\"}]}]},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and error.message: Permission denied\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-1f8c8696-1fd1-4865-9e86-c91fa77a52f3\"}]},\"enhancements\":{},\"hidePanelTitles\":true}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":23,\"w\":5,\"h\":6,\"i\":\"f53c19e7-7c18-425d-abd1-5eec9bce336c\"},\"panelIndex\":\"f53c19e7-7c18-425d-abd1-5eec9bce336c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"0fa0ed75-9f58-4433-95f1-58e6f01c2d70\":{\"columns\":{\"b3003016-821e-4958-854b-3f812e39e171\":{\"label\":\"Сеть: Public IP назначен на ВМ\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"b3003016-821e-4958-854b-3f812e39e171\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"0fa0ed75-9f58-4433-95f1-58e6f01c2d70\",\"accessor\":\"b3003016-821e-4958-854b-3f812e39e171\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.AddInstanceOneToOneNat\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-0fa0ed75-9f58-4433-95f1-58e6f01c2d70\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":5,\"y\":23,\"w\":5,\"h\":6,\"i\":\"ebc03174-1f1b-498e-9ae5-a910b0651059\"},\"panelIndex\":\"ebc03174-1f1b-498e-9ae5-a910b0651059\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"4b725bc2-fff0-46bf-a746-62c867dfbaf2\":{\"columns\":{\"d2941f94-13a3-4d83-8c6b-ace075c84501\":{\"label\":\"Сеть: SG с 0.0.0.0/0\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"d2941f94-13a3-4d83-8c6b-ace075c84501\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"4b725bc2-fff0-46bf-a746-62c867dfbaf2\",\"accessor\":\"d2941f94-13a3-4d83-8c6b-ace075c84501\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and (event.action: yandex.cloud.audit.network.CreateSecurityGroup or yandex.cloud.audit.network.UpdateSecurityGroup) and details.rules.direction: INGRESS and details.rules.cidr_blocks.v4_cidr_blocks: *0.0.0.0*\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-4b725bc2-fff0-46bf-a746-62c867dfbaf2\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":10,\"y\":23,\"w\":5,\"h\":6,\"i\":\"71ac527a-aeaa-40aa-8b60-d1111087904f\"},\"panelIndex\":\"71ac527a-aeaa-40aa-8b60-d1111087904f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"8be86246-216d-45db-926b-de99062b206c\":{\"columns\":{\"c28c6d2c-5567-406d-a91e-2eac3d2ea6b6\":{\"label\":\"Сеть: Instance с 2 interface\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"c28c6d2c-5567-406d-a91e-2eac3d2ea6b6\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"8be86246-216d-45db-926b-de99062b206c\",\"accessor\":\"c28c6d2c-5567-406d-a91e-2eac3d2ea6b6\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateInstance and details.network_interfaces.index: 1\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-8be86246-216d-45db-926b-de99062b206c\"}]},\"enhancements\":{},\"hidePanelTitles\":true}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":15,\"y\":23,\"w\":5,\"h\":6,\"i\":\"c630e4e9-a72d-49b5-9ecb-9b91aaf07de3\"},\"panelIndex\":\"c630e4e9-a72d-49b5-9ecb-9b91aaf07de3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"d8198233-262f-4f26-ae2d-4b6194eb3dff\":{\"columns\":{\"9266a32e-cbed-4efb-9cf6-91a12b516fcb\":{\"label\":\"Сеть: Security Group\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"9266a32e-cbed-4efb-9cf6-91a12b516fcb\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"d8198233-262f-4f26-ae2d-4b6194eb3dff\",\"accessor\":\"9266a32e-cbed-4efb-9cf6-91a12b516fcb\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.*SecurityGroup \",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-d8198233-262f-4f26-ae2d-4b6194eb3dff\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":28,\"w\":4,\"h\":7,\"i\":\"06c0287f-06e2-47d9-a1b6-fbd9791ff6a3\"},\"panelIndex\":\"06c0287f-06e2-47d9-a1b6-fbd9791ff6a3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"4be1d7a3-eb3e-451d-b34a-d68fd2a3e5e8\":{\"columns\":{\"bbe3b863-df88-422a-af6d-9b3a3956b5e1\":{\"label\":\"S3: ACL/Policy\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"bbe3b863-df88-422a-af6d-9b3a3956b5e1\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"4be1d7a3-eb3e-451d-b34a-d68fd2a3e5e8\",\"accessor\":\"bbe3b863-df88-422a-af6d-9b3a3956b5e1\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.storage.BucketAclUpdate or yandex.cloud.audit.storage.BucketPolicyUpdate)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-4be1d7a3-eb3e-451d-b34a-d68fd2a3e5e8\"}]},\"enhancements\":{},\"hidePanelTitles\":true}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":28,\"y\":28,\"w\":4,\"h\":7,\"i\":\"422935b7-1ebe-4b88-9f79-597f23579a11\"},\"panelIndex\":\"422935b7-1ebe-4b88-9f79-597f23579a11\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"83d7ff90-8bb3-40df-8e48-5ba560f5d24f\":{\"columns\":{\"8c3c4e3d-70cb-4e2f-b95c-a574639e9a4f\":{\"label\":\"Instance: создано Images \",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"8c3c4e3d-70cb-4e2f-b95c-a574639e9a4f\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"83d7ff90-8bb3-40df-8e48-5ba560f5d24f\",\"accessor\":\"8c3c4e3d-70cb-4e2f-b95c-a574639e9a4f\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateImage and cloud.image.source_uri: *\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-83d7ff90-8bb3-40df-8e48-5ba560f5d24f\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":28,\"w\":4,\"h\":7,\"i\":\"38133b0e-2694-455d-b943-688f801f5d56\"},\"panelIndex\":\"38133b0e-2694-455d-b943-688f801f5d56\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"6ba55144-17a1-4adf-bbd4-2131cb3f3019\":{\"columns\":{\"36aefc1c-b4bc-4a1e-9082-d0efe888ef21\":{\"label\":\"Instance: с Marketplace образом\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"36aefc1c-b4bc-4a1e-9082-d0efe888ef21\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"6ba55144-17a1-4adf-bbd4-2131cb3f3019\",\"accessor\":\"36aefc1c-b4bc-4a1e-9082-d0efe888ef21\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and details.product_ids: *\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-6ba55144-17a1-4adf-bbd4-2131cb3f3019\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":28,\"w\":10,\"h\":7,\"i\":\"26af1ab3-b833-4825-869a-6afb48cc5567\"},\"panelIndex\":\"26af1ab3-b833-4825-869a-6afb48cc5567\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"6f12b13b-9599-4207-b109-82e8f767e5fb\":{\"columns\":{\"6123044e-93be-4065-abc2-d9938a2288f5\":{\"label\":\"Роль: cloud.owner действия\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"6123044e-93be-4065-abc2-d9938a2288f5\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"6f12b13b-9599-4207-b109-82e8f767e5fb\",\"accessor\":\"6123044e-93be-4065-abc2-d9938a2288f5\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and user.name : mirtov8@yandex-team.ru \",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-6f12b13b-9599-4207-b109-82e8f767e5fb\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":20,\"y\":23,\"w\":4,\"h\":6,\"i\":\"488493d9-cae4-461f-be4d-6884ab178f69\"},\"panelIndex\":\"488493d9-cae4-461f-be4d-6884ab178f69\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"ae9f3c75-8001-40b9-bcdf-ce81aaad98a4\":{\"columns\":{\"d6807b7a-caef-439a-8c1e-0d7f56d1fe8c\":{\"label\":\"Сеть: Public IP без antiDDOS\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"d6807b7a-caef-439a-8c1e-0d7f56d1fe8c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"ae9f3c75-8001-40b9-bcdf-ce81aaad98a4\",\"accessor\":\"d6807b7a-caef-439a-8c1e-0d7f56d1fe8c\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.CreateAddress and not details.external_ipv4_address.requirements.ddos_protection_provider: qrator\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-ae9f3c75-8001-40b9-bcdf-ce81aaad98a4\"}]},\"enhancements\":{}}},{\"version\":\"7.13.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":29,\"w\":24,\"h\":6,\"i\":\"d1763e8d-e2cc-4bc6-8984-a9fd87226fc2\"},\"panelIndex\":\"d1763e8d-e2cc-4bc6-8984-a9fd87226fc2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"ae148bdd-e6e4-4fec-9582-d7a1b4d7a8ef\":{\"columns\":{\"870d2709-a2a2-44bd-b77f-43bda4bbb229\":{\"label\":\"Top values of user_agent.original.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user_agent.original.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1efef975-ba6d-4a6d-a987-1367ccf799fa\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"bceb4d39-1283-4037-af49-2fea6907275f\":{\"label\":\"Top values of user.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1efef975-ba6d-4a6d-a987-1367ccf799fa\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"fe3fa5eb-ab9d-40b9-8b50-43d5dce8d26b\":{\"label\":\"event_time\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"event_time\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"1efef975-ba6d-4a6d-a987-1367ccf799fa\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"8e348bc7-dc23-459f-8362-81520a1f5c12\":{\"label\":\"Top values of source.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.ip\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1efef975-ba6d-4a6d-a987-1367ccf799fa\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"870d2709-a2a2-44bd-b77f-43bda4bbb229\",\"bceb4d39-1283-4037-af49-2fea6907275f\",\"8e348bc7-dc23-459f-8362-81520a1f5c12\",\"fe3fa5eb-ab9d-40b9-8b50-43d5dce8d26b\",\"1efef975-ba6d-4a6d-a987-1367ccf799fa\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"ae148bdd-e6e4-4fec-9582-d7a1b4d7a8ef\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"870d2709-a2a2-44bd-b77f-43bda4bbb229\"},{\"isTransposed\":false,\"columnId\":\"bceb4d39-1283-4037-af49-2fea6907275f\",\"width\":151.4},{\"isTransposed\":false,\"columnId\":\"8e348bc7-dc23-459f-8362-81520a1f5c12\",\"width\":188.39999999999998},{\"isTransposed\":false,\"columnId\":\"fe3fa5eb-ab9d-40b9-8b50-43d5dce8d26b\",\"width\":136.4},{\"isTransposed\":false,\"columnId\":\"1efef975-ba6d-4a6d-a987-1367ccf799fa\",\"width\":87.4}]},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and (user_agent.original.keyword: *YC/* or user_agent.original.keyword: *Terraform*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-ae148bdd-e6e4-4fec-9582-d7a1b4d7a8ef\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Подключения с YC/Terraform\"},{\"version\":\"7.13.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":12,\"i\":\"8a3af145-9063-48a5-9bcb-277036573bee\"},\"panelIndex\":\"8a3af145-9063-48a5-9bcb-277036573bee\",\"embeddableConfig\":{\"columns\":[\"cloud.cloud.name\",\"cloud.folder.name\",\"event.module\",\"event.action\",\"user.name\",\"user.type\",\"user.authorization\",\"source.ip\",\"user_agent.original\",\"details.access_binding_deltas.access_binding.role_id\",\"details.rules.cidr_blocks.v4_cidr_blocks\",\"details.access_binding_deltas.access_binding.subject_name\"],\"enhancements\":{}},\"panelRefName\":\"panel_8a3af145-9063-48a5-9bcb-277036573bee\"}]","timeRestore":false,"title":"AuditTrails Dashboard","version":1},"coreMigrationVersion":"7.13.2","id":"33978670-e543-11eb-b941-f7bd9d79b315","migrationVersion":{"dashboard":"7.13.1"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"30b0e422-b285-4bcf-a6c6-98e94c7d7dbf:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"30b0e422-b285-4bcf-a6c6-98e94c7d7dbf:indexpattern-datasource-layer-52c30ca7-88c5-4c3c-807b-378e4f70d9c6","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"3602f5ce-c0b6-4379-a84c-8b3fe3c84281:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"3602f5ce-c0b6-4379-a84c-8b3fe3c84281:indexpattern-datasource-layer-ff37d407-c462-4db1-bf99-c9929764c729","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"76a70662-4b3c-43e6-b468-b36a4950dae4:layer_1_source_index_pattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"fc22f082-7346-438c-8957-7e6173117b30:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"fc22f082-7346-438c-8957-7e6173117b30:indexpattern-datasource-layer-aafee82f-6862-4848-8cbe-6bd4b92de589","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"fd1e70f6-f85b-4bf9-ba64-6df3aae2d5a6:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"fd1e70f6-f85b-4bf9-ba64-6df3aae2d5a6:indexpattern-datasource-layer-389d4809-63c0-49f8-b9c8-aa1adbeb0a2c","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"5b9a238b-fdf6-4d44-b577-edc53434aa23:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"5b9a238b-fdf6-4d44-b577-edc53434aa23:indexpattern-datasource-layer-e3bbd319-a964-4a87-84a8-cda2eaca6235","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"3ec0c171-b423-418b-a4e3-11fef52b9a2b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"3ec0c171-b423-418b-a4e3-11fef52b9a2b:indexpattern-datasource-layer-9d19caac-1d0f-485f-b7db-6d9203c62192","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"adf946af-25e9-45ea-b048-e72243908a4a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"adf946af-25e9-45ea-b048-e72243908a4a:indexpattern-datasource-layer-1f8c8696-1fd1-4865-9e86-c91fa77a52f3","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"f53c19e7-7c18-425d-abd1-5eec9bce336c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"f53c19e7-7c18-425d-abd1-5eec9bce336c:indexpattern-datasource-layer-0fa0ed75-9f58-4433-95f1-58e6f01c2d70","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"ebc03174-1f1b-498e-9ae5-a910b0651059:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"ebc03174-1f1b-498e-9ae5-a910b0651059:indexpattern-datasource-layer-4b725bc2-fff0-46bf-a746-62c867dfbaf2","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"71ac527a-aeaa-40aa-8b60-d1111087904f:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"71ac527a-aeaa-40aa-8b60-d1111087904f:indexpattern-datasource-layer-8be86246-216d-45db-926b-de99062b206c","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"c630e4e9-a72d-49b5-9ecb-9b91aaf07de3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"c630e4e9-a72d-49b5-9ecb-9b91aaf07de3:indexpattern-datasource-layer-d8198233-262f-4f26-ae2d-4b6194eb3dff","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"06c0287f-06e2-47d9-a1b6-fbd9791ff6a3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"06c0287f-06e2-47d9-a1b6-fbd9791ff6a3:indexpattern-datasource-layer-4be1d7a3-eb3e-451d-b34a-d68fd2a3e5e8","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"422935b7-1ebe-4b88-9f79-597f23579a11:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"422935b7-1ebe-4b88-9f79-597f23579a11:indexpattern-datasource-layer-83d7ff90-8bb3-40df-8e48-5ba560f5d24f","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"38133b0e-2694-455d-b943-688f801f5d56:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"38133b0e-2694-455d-b943-688f801f5d56:indexpattern-datasource-layer-6ba55144-17a1-4adf-bbd4-2131cb3f3019","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"26af1ab3-b833-4825-869a-6afb48cc5567:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"26af1ab3-b833-4825-869a-6afb48cc5567:indexpattern-datasource-layer-6f12b13b-9599-4207-b109-82e8f767e5fb","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"488493d9-cae4-461f-be4d-6884ab178f69:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"488493d9-cae4-461f-be4d-6884ab178f69:indexpattern-datasource-layer-ae9f3c75-8001-40b9-bcdf-ce81aaad98a4","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"d1763e8d-e2cc-4bc6-8984-a9fd87226fc2:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"d1763e8d-e2cc-4bc6-8984-a9fd87226fc2:indexpattern-datasource-layer-ae148bdd-e6e4-4fec-9582-d7a1b4d7a8ef","type":"index-pattern"},{"id":"0f828e70-e579-11eb-b941-f7bd9d79b315","name":"8a3af145-9063-48a5-9bcb-277036573bee:panel_8a3af145-9063-48a5-9bcb-277036573bee","type":"search"}],"type":"dashboard","updated_at":"2021-07-18T09:11:29.226Z","version":"WzE1NTQsMV0="} {"exportedCount":1,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/backup/objects/detections.ndjson ================================================ {"id":"629894d0-e7ac-11eb-a019-4ff3eff5953f","updated_at":"2021-07-18T09:41:54.953Z","updated_by":"admin","created_at":"2021-07-18T09:41:54.953Z","created_by":"admin","name":"DetectionRule:Yandexcloud:Create public address without antiddos","tags":[],"interval":"2m","enabled":true,"description":"f","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-720s","rule_id":"5c24fd59-3469-42f0-afe7-72d4eddcc0f3","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.CreateAddress and not details.external_ipv4_address.requirements.ddos_protection_provider: qrator","filters":[],"saved_id":"Yandexcloud:Create public address without antiddos","throttle":"no_actions","actions":[]} {"exported_count":1,"missing_rules":[],"missing_rules_count":0} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/backup/objects/filters.ndjson ================================================ {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and user.name : mirtov8@yandex-team.ru and event_time < 2021-07-15"},"title":"Search:Yandexcloud: Find events by username"},"coreMigrationVersion":"7.13.2","id":"Search:Yandexcloud: Find events by username","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NTYsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and cloud.folder.name : mirtov-checkpoint\t"},"title":"Serarch:Yandexcloud: Find events by folder_name"},"coreMigrationVersion":"7.13.2","id":"Serarch:Yandexcloud: Find events by folder_name","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NTcsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and (user_agent.original.keyword: *YC/* or user_agent.original.keyword: *Terraform*)"},"title":"Yandexcloud: Connect admins from YC, Terraform"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Connect admins from YC, Terraform","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NTgsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and user.name : fdsgs"},"title":"Yandexcloud: resource-manager.cloud.owner events"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: resource-manager.cloud.owner events","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NTksMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: vpc.publicAdmin"},"title":"Yandexcloud: Add access binding VPC_publicAdmin"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Add access binding VPC_publicAdmin","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NjAsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.*SecurityGroup "},"title":"Yandexcloud: Any create or update SG (security group)"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Any create or update SG (security group)","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NjEsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.AddInstanceOneToOneNat"},"title":"Yandexcloud: Add public IP to VM"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Add public IP to VM","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NjIsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and details.product_ids: *"},"title":"Yandexcloud: Create instance with marketplace image"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Create instance with marketplace image","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NjMsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit. kms. *SymmetricKeyAccessBindings"},"title":"Yandexcloud: Bind access rights to KMS key"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Bind access rights to KMS key","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NjQsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: admin"},"title":"Yandexcloud: Bind IAM Admin role to resources"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Bind IAM Admin role to resources","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NjUsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.storage.BucketAclUpdate or yandex.cloud.audit.storage.BucketPolicyUpdate)"},"title":"Yandexcloud: Changes of S3 acl, policy"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Changes of S3 acl, policy","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NjYsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateImage and cloud.image.source_uri: *"},"title":"Yandexcloud: Create image from S3 uri"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Create image from S3 uri","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NjcsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and (event.action: yandex.cloud.audit.network.CreateSecurityGroup or yandex.cloud.audit.network.UpdateSecurityGroup) and details.rules.direction: INGRESS and details.rules.cidr_blocks.v4_cidr_blocks: *0.0.0.0*"},"title":"Yandexcloud:Create dangerous 0.0.0.0 ACL:SG"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud:Create dangerous 0.0.0.0 ACL:SG","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NjgsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateInstance and details.network_interfaces.index: 1"},"title":"Yandexcloud:Create instances with 2 interfaces"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud:Create instances with 2 interfaces","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NjksMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateInstance and details.network_interfaces.primary_v4_address.one_to_one_nat.address: *"},"title":"Yandexcloud:Create instances with public IP"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud:Create instances with public IP","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NzAsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.iam.CreateAccessKey or yandex.cloud.audit.iam.CreateKey or andex.cloud.audit.iam.CreateApiKey)"},"title":"Yandexcloud:Creating of service-account's credentials (keys)"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud:Creating of service-account's credentials (keys)","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NzEsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and error.message: Permission denied"},"title":"Yandexcloud: unauthorized events (permission denied)"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: unauthorized events (permission denied)","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NzIsMV0="} {"attributes":{"description":"","query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.CreateAddress and not details.external_ipv4_address.requirements.ddos_protection_provider: qrator"},"title":"Yandexcloud:Create public address without antiddos"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud:Create public address without antiddos","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NzMsMV0="} {"attributes":{"description":"","query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.outcome : success and event.action: yandex.cloud.audit.compute.CreateInstance and details.metadata_serial_port_enable: 1"},"title":"Yandexcloud:Create instance with Serialport"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud:Create instance with Serialport","references":[],"type":"query","updated_at":"2021-07-19T16:07:08.599Z","version":"WzY5ODQsMV0="} {"attributes":{"description":"","query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.outcome : success and event.action: yandex.cloud.audit.compute.CreateInstance and not details.network_interfaces.security_group_ids: *"},"title":"Yandexcloud:Create instance without SG"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud:Create instance without SG","references":[],"type":"query","updated_at":"2021-07-19T16:05:11.226Z","version":"WzY5NTgsMV0="} {"exportedCount":20,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/backup/objects/filters_backup.ndjson ================================================ {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and user.name : mirtov8@yandex-team.ru and event_time < 2021-07-15"},"title":"Search:Yandexcloud: Find events by username"},"coreMigrationVersion":"7.13.2","id":"Search:Yandexcloud: Find events by username","references":[],"type":"query","updated_at":"2021-07-18T08:51:28.781Z","version":"WzExOTcsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and cloud.folder.name : mirtov-checkpoint\t"},"title":"Serarch:Yandexcloud: Find events by folder_name"},"coreMigrationVersion":"7.13.2","id":"Serarch:Yandexcloud: Find events by folder_name","references":[],"type":"query","updated_at":"2021-07-18T08:51:28.781Z","version":"WzExOTgsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and (user_agent.original.keyword: *YC/* or user_agent.original.keyword: *Terraform*)"},"title":"Yandexcloud: Connect admins from YC, Terraform"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Connect admins from YC, Terraform","references":[],"type":"query","updated_at":"2021-07-18T08:51:28.781Z","version":"WzExOTksMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and user.name : fdsgs"},"title":"Yandexcloud: resource-manager.cloud.owner events"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: resource-manager.cloud.owner events","references":[],"type":"query","updated_at":"2021-07-18T08:51:28.781Z","version":"WzEyMDAsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: vpc.publicAdmin"},"title":"Yandexcloud: Add access binding VPC_publicAdmin"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Add access binding VPC_publicAdmin","references":[],"type":"query","updated_at":"2021-07-18T08:51:28.781Z","version":"WzEyMDEsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.*SecurityGroup "},"title":"Yandexcloud: Any create or update SG (security group)"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Any create or update SG (security group)","references":[],"type":"query","updated_at":"2021-07-18T08:51:28.781Z","version":"WzEyMDIsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.AddInstanceOneToOneNat"},"title":"Yandexcloud: Add public IP to VM"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Add public IP to VM","references":[],"type":"query","updated_at":"2021-07-18T08:51:28.781Z","version":"WzEyMDMsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and details.product_ids: *"},"title":"Yandexcloud: Create instance with marketplace image"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Create instance with marketplace image","references":[],"type":"query","updated_at":"2021-07-18T08:51:28.781Z","version":"WzEyMDQsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit. kms. *SymmetricKeyAccessBindings"},"title":"Yandexcloud: Bind access rights to KMS key"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Bind access rights to KMS key","references":[],"type":"query","updated_at":"2021-07-18T08:51:28.781Z","version":"WzEyMDUsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: admin"},"title":"Yandexcloud: Bind IAM Admin role to resources"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Bind IAM Admin role to resources","references":[],"type":"query","updated_at":"2021-07-18T08:51:28.781Z","version":"WzEyMDYsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.storage.BucketAclUpdate or yandex.cloud.audit.storage.BucketPolicyUpdate)"},"title":"Yandexcloud: Changes of S3 acl, policy"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Changes of S3 acl, policy","references":[],"type":"query","updated_at":"2021-07-18T08:51:28.781Z","version":"WzEyMDcsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateImage and cloud.image.source_uri: *"},"title":"Yandexcloud: Create image from S3 uri"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Create image from S3 uri","references":[],"type":"query","updated_at":"2021-07-18T08:51:28.781Z","version":"WzEyMDgsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and (event.action: yandex.cloud.audit.network.CreateSecurityGroup or yandex.cloud.audit.network.UpdateSecurityGroup) and details.rules.direction: INGRESS and details.rules.cidr_blocks.v4_cidr_blocks: *0.0.0.0*"},"title":"Yandexcloud:Create dangerous 0.0.0.0 ACL:SG"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud:Create dangerous 0.0.0.0 ACL:SG","references":[],"type":"query","updated_at":"2021-07-18T08:51:28.781Z","version":"WzEyMDksMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateInstance and details.network_interfaces.index: 1"},"title":"Yandexcloud:Create instances with 2 interfaces"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud:Create instances with 2 interfaces","references":[],"type":"query","updated_at":"2021-07-18T08:51:28.781Z","version":"WzEyMTAsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateInstance and details.network_interfaces.primary_v4_address.one_to_one_nat.address: *"},"title":"Yandexcloud:Create instances with public IP"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud:Create instances with public IP","references":[],"type":"query","updated_at":"2021-07-18T08:51:28.781Z","version":"WzEyMTEsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.iam.CreateAccessKey or yandex.cloud.audit.iam.CreateKey or andex.cloud.audit.iam.CreateApiKey)"},"title":"Yandexcloud:Creating of service-account's credentials (keys)"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud:Creating of service-account's credentials (keys)","references":[],"type":"query","updated_at":"2021-07-18T08:51:28.781Z","version":"WzEyMTIsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and error.message: Permission denied"},"title":"Yandexcloud: unauthorized events (permission denied)"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: unauthorized events (permission denied)","references":[],"type":"query","updated_at":"2021-07-18T08:51:28.781Z","version":"WzEyMTMsMV0="} {"attributes":{"description":"","query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.CreateAddress and not details.external_ipv4_address.requirements.ddos_protection_provider: qrator"},"title":"Yandexcloud:Create public address without antiddos"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud:Create public address without antiddos","references":[],"type":"query","updated_at":"2021-07-18T09:04:50.457Z","version":"WzE0NTIsMV0="} {"exportedCount":18,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/backup/objects/kibana_index_pattern.ndjson ================================================ {"attributes":{"fieldAttrs":"{\"cloud.cloud.id\":{\"count\":2},\"event.action\":{\"count\":4},\"cloud.cloud.name\":{\"count\":1},\"cloud.folder.name\":{\"count\":1},\"details.product_ids\":{\"count\":2},\"details.rules.cidr_blocks.v4_cidr_blocks\":{\"count\":1},\"event.id\":{\"count\":2},\"event.module\":{\"count\":3},\"event_time\":{\"count\":2},\"source.address\":{\"count\":2},\"source.ip\":{\"count\":2},\"user.authorization\":{\"count\":1},\"user.name\":{\"count\":1},\"user.type\":{\"count\":1},\"user_agent.original\":{\"count\":3},\"details.access_binding_deltas.access_binding.role_id\":{\"count\":1},\"details.access_binding_deltas.access_binding.subject_name\":{\"count\":1}}","fields":"[]","runtimeFieldMap":"{}","timeFieldName":"event_time","title":"audit-trails-*"},"coreMigrationVersion":"7.13.2","id":"33978670-e543-11eb-b941-f7bd9d79b315","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"type":"index-pattern","updated_at":"2021-07-15T14:58:22.148Z","version":"WzM5NDY0LDFd"} {"exportedCount":1,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/backup/objects/kibana_search2.ndjson ================================================ {"attributes":{"columns":["cloud.cloud.name","cloud.folder.name","event.module","event.action","user.name","user.type","user.authorization","details.rules.cidr_blocks.v4_cidr_blocks","source.ip","user_agent.original","details.access_binding_deltas.access_binding.role_id","details.access_binding_deltas.access_binding.subject_name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["event_time","desc"]],"title":"Search:Yandexcloud: Yandexcloud: Interesting fields","version":1},"coreMigrationVersion":"7.13.2","id":"0f828e70-e579-11eb-b941-f7bd9d79b315","migrationVersion":{"search":"7.9.3"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2021-07-15T15:18:58.646Z","version":"WzM5OTc0LDFd"} {"exportedCount":1,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/backup/objects/pipeline3.json ================================================ { "processors": [ { "rename": { "field": "authentication.subject_name", "target_field": "user.name", "ignore_failure": true } }, { "rename": { "field": "details.instance_id", "target_field": "cloud.instance.id", "ignore_failure": true } }, { "rename": { "field": "details.instance_zone_id", "target_field": "cloud.availability_zone", "ignore_failure": true } }, { "rename": { "field": "details.platform_id", "target_field": "cloud.machine.type", "ignore_failure": true } }, { "rename": { "field": "details.instance_name", "target_field": "cloud.instance.name", "ignore_failure": true } }, { "rename": { "field": "event_type", "target_field": "event.action", "ignore_failure": true } }, { "rename": { "field": "event_source", "target_field": "event.module", "ignore_failure": true } }, { "rename": { "field": "event_status", "target_field": "event.status", "ignore_failure": true } }, { "rename": { "field": "event_id", "target_field": "event.id", "ignore_failure": true } }, { "rename": { "field": "authentication.subject_id", "target_field": "user.id", "ignore_failure": true } }, { "rename": { "field": "authentication.subject_name", "target_field": "user.name", "ignore_failure": true } }, { "rename": { "field": "authentication.subject_type", "target_field": "user.type", "ignore_failure": true } }, { "rename": { "field": "authorization.authorized", "target_field": "user.authorization", "ignore_failure": true } }, { "rename": { "field": "authentication.authenticated", "target_field": "user.authenticated", "ignore_failure": true } }, { "rename": { "field": "request_metadata.user_agent", "target_field": "user_agent.original", "ignore_failure": true } }, { "rename": { "field": "details.security_group_id", "target_field": "security_group.id", "ignore_failure": true } }, { "rename": { "field": "details.security_group_id", "target_field": "security_group.id", "ignore_failure": true } }, { "rename": { "field": "details.image_name", "target_field": "cloud.image.name", "ignore_failure": true } }, { "rename": { "field": "details.image_id", "target_field": "cloud.image.id", "ignore_failure": true } }, { "urldecode": { "field": "details.source_uri", "ignore_failure": true } }, { "rename": { "field": "details.source_uri", "target_field": "cloud.image.source_uri", "ignore_failure": true } }, { "rename": { "field": "details.bucket_id", "target_field": "object_storage.id", "ignore_failure": true } }, { "rename": { "field": "details.access_binding_deltas.access_binding.role_id", "target_field": "cloud.binding.role_id", "ignore_failure": true } }, { "set": { "field": "event.kind", "value": "event", "ignore_failure": true } }, { "set": { "field": "cloud.cloud.name", "value": "{{{resource_metadata.path.0.resource_name}}}", "ignore_failure": true } }, { "set": { "field": "cloud.folder.name", "value": "{{{resource_metadata.path.1.resource_name}}}", "ignore_failure": true } }, { "set": { "field": "cloud.cloud.id", "value": "{{{resource_metadata.path.0.resource_id}}}", "ignore_failure": true } }, { "set": { "field": "cloud.folder.id", "value": "{{{resource_metadata.path.1.resource_id}}}", "ignore_failure": true } }, { "set": { "field": "event.category", "value": ["configuration", "iam"], "ignore_failure": true } }, { "set": { "if": "ctx.event.status == 'DONE'", "field": "event.outcome", "value": "success", "ignore_failure": true } }, { "set": { "field": "event.dataset", "value": "yandexcloud.audittrail", "ignore_failure": true } }, { "set": { "field": "cloud.provider", "value": "yandexcloud", "ignore_failure": true } }, { "set": { "if": "ctx.request_metadata.remote_address != 'cloud.yandex'", "field": "source.ip", "value": "{{{request_metadata.remote_address}}}", "ignore_failure": true } }, { "convert" : { "field" : "source.ip", "type": "ip", "ignore_failure": true } }, { "geoip" : { "field" : "source.ip", "ignore_failure": true } }, { "convert" : { "field" : "source.ip", "type": "ip", "ignore_failure": true } }, { "set": { "field": "@timestamp", "value": "{{{event_time}}}", "ignore_failure": true } }, { "set": { "field": "cloud.service.name", "value": "audittrail", "ignore_failure": true } } ] } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/backup/objects/searches.ndjson ================================================ {"attributes":{"columns":["cloud.cloud.name","cloud.folder.name","event.module","event.action","user.name","user.type","user.authorization","details.rules.cidr_blocks.v4_cidr_blocks","source.ip","user_agent.original","details.access_binding_deltas.access_binding.role_id","details.access_binding_deltas.access_binding.subject_name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["event_time","desc"]],"title":"Search:Yandexcloud: Yandexcloud: Interesting fields","version":1},"coreMigrationVersion":"7.13.2","id":"0f828e70-e579-11eb-b941-f7bd9d79b315","migrationVersion":{"search":"7.9.3"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2021-07-18T09:19:33.057Z","version":"WzE2NzYsMV0="} {"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and error.message: Permission denied\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["event_time","desc"]],"title":"unauthorized events","version":1},"coreMigrationVersion":"7.13.2","id":"90405c70-e8af-11eb-a019-4ff3eff5953f","migrationVersion":{"search":"7.9.3"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2021-07-19T16:37:10.206Z","version":"Wzc0MTQsMV0="} {"exportedCount":2,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/backup/objects/searches_backup.ndjson ================================================ {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and user.name : mirtov8@yandex-team.ru and event_time < 2021-07-15"},"title":"Search:Yandexcloud: Find events by username"},"coreMigrationVersion":"7.13.2","id":"Search:Yandexcloud: Find events by username","references":[],"type":"query","updated_at":"2021-07-15T16:18:32.147Z","version":"WzQxMTQ1LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and cloud.folder.name : mirtov-checkpoint\t"},"title":"Serarch:Yandexcloud: Find events by folder_name"},"coreMigrationVersion":"7.13.2","id":"Serarch:Yandexcloud: Find events by folder_name","references":[],"type":"query","updated_at":"2021-07-15T16:19:48.392Z","version":"WzQxMTcxLDFd"} {"exportedCount":2,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/docker/Dockerfile ================================================ FROM python:3.9.1-slim RUN apt-get update # docker build нужно запускать из папки export-auditlogs-to-ELK_main чтобы был правильный контекст при подборе include файлов # пример docker build команды: # docker build -t s3-elk-importer:latest -f ./docker/Dockerfile . COPY /functions /app/functions COPY /update-elk-scheme/include /app/include WORKDIR /app RUN pip install --upgrade pip RUN pip install -r functions/requirements.txt CMD ["python3", "functions/main.py"] ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/docker/docker-compose.yml ================================================ version: "3.6" services: app: build: . stdin_open: true tty: true volumes: - .:/app/functions ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/functions/main.py ================================================ import requests import json import os import boto3 import time import base64 # Function - Get token def get_token(): response = requests.get('http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token', headers={"Metadata-Flavor":"Google"}) return response.json().get('access_token') # Function - Decrypt data with KMS key def decrypt_secret_kms(secret): token = get_token() request_suffix = f"{kms_key_id}:decrypt" request_json_data = {'ciphertext': secret} response = requests.post('https://kms.yandex/kms/v1/keys/'+request_suffix, data=json.dumps(request_json_data), headers={"Accept":"application/json", "Authorization": "Bearer "+token}) b64_data = response.json().get('plaintext') return base64.b64decode(b64_data).decode() # Configuration - Get ElasticSearch CA.pem def get_elastic_cert(): file = '/app/include/CA.pem' if os.path.isfile(file): return file else: url = 'https://storage.yandexcloud.net/cloud-certs/CA.pem' response = requests.get(url) with open('/app/include/CA.pem', 'wb') as f: f.write(response.content) return file # Configuration - Keys kms_key_id = os.environ['KMS_KEY_ID'] elastic_auth_pw_encr = os.environ['ELK_PASS_ENCR'] s3_key_encr = os.environ['S3_KEY_ENCR'] s3_secret_encr = os.environ['S3_SECRET_ENCR'] # Configuration - Setting up variables for ElasticSearch elastic_server = os.environ['ELASTIC_SERVER'] elastic_auth_user = os.environ['ELASTIC_AUTH_USER'] elastic_auth_pw = decrypt_secret_kms(elastic_auth_pw_encr) elastic_index_name = f"{os.environ['ELASTIC_INDEX_NAME']}-000001" elastic_index_alias = "audit-trails-index" elastic_index_template = "audit-trails-template" elastic_index_ilm = "audit-trails-ilm" elastic_index_pipeline = "audit-trails-pipeline" kibana_server = os.environ['KIBANA_SERVER'] elastic_cert = get_elastic_cert() # Configuration - Setting up variables for S3 s3_key = decrypt_secret_kms(s3_key_encr) s3_secret = decrypt_secret_kms(s3_secret_encr) s3_bucket = os.environ['S3_BUCKET'] s3_folder = os.environ['S3_FOLDER'] s3_local = '/tmp/s3' # Configuration - Sleep time if(os.getenv('SLEEP_TIME') is not None): sleep_time = int(os.environ['SLEEP_TIME']) else: sleep_time = 240 # State - Setting up S3 client s3 = boto3.resource('s3', endpoint_url = 'https://storage.yandexcloud.net', aws_access_key_id = s3_key, aws_secret_access_key = s3_secret ) # Function - Create config index in ElasticSearch def create_config_index(): request_suffix = f"/.state-{elastic_index_alias}" response = requests.get(elastic_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw)) if(response.status_code == 404): request_suffix = f"/.state-{elastic_index_alias}/_doc/1" request_json = """{ "is_configured": true }""" response = requests.post(elastic_server+request_suffix, data=request_json, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"Content-Type":"application/json"}) print('Config index -- CREATED') else: print('Config index -- EXISTS') print(f"{response.status_code} - {response.text}") # Function - Get config index state def get_config_index_state(): request_suffix = f"/.state-{elastic_index_alias}/_doc/1/_source" response = requests.get(elastic_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw)) if(response.status_code != 200): return False return response.json()['is_configured'] # Function - Create ingest pipeline def create_ingest_pipeline(): request_suffix = f"/_ingest/pipeline/{elastic_index_pipeline}" data_file = open('/app/include/audit-trail/pipeline.json') data_json = json.load(data_file) data_file.close() response = requests.put(elastic_server+request_suffix, json=data_json, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw)) if(response.status_code == 200): print('Ingest pipeline -- CREATED') print(f"{response.status_code} - {response.text}") # Function - Create an index template def create_index_template(): request_suffix = f"/_index_template/{elastic_index_template}" data_file = open('/app/include/audit-trail/index-template.json') data_json = json.load(data_file) data_file.close() response = requests.put(elastic_server+request_suffix, json=data_json, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"Content-Type":"application/json"}) if(response.status_code == 200): print('Index template -- CREATED') print(f"{response.status_code} - {response.text}") # Function - Create an index lifecycle policy def create_lifecycle_policy(): request_suffix = f"/_ilm/policy/{elastic_index_ilm}" request_json = """{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "rollover": { "max_age": "30d", "max_primary_shard_size": "50gb" } } } } } }""" response = requests.put(elastic_server+request_suffix, data=request_json, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"Content-Type":"application/json"}) if(response.status_code == 200): print('Index lifecycle policy -- CREATED') print(f"{response.status_code} - {response.text}") # Function - Create an index def create_first_index(): request_suffix = f"/{elastic_index_name}" response = requests.put(elastic_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw)) if(response.status_code == 200): print(f"Index {elastic_index_name} -- CREATED") print(f"{response.status_code} - {response.text}") # Function - Create an index alias def create_index_alias(): request_suffix = f"/_aliases" request_json = """{ "actions" : [ { "add" : { "index" : "%s", "alias" : "%s" } } ] }""" % (elastic_index_name, elastic_index_alias) response = requests.post(elastic_server+request_suffix, data=request_json, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"Content-Type":"application/json"}) if(response.status_code == 200): print('Index alias -- CREATED') print(f"{response.status_code} - {response.text}") # Function - Refresh index def refresh_index(): request_suffix = f"/{elastic_index_alias}/_refresh" response = requests.post(elastic_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw)) if(response.status_code == 200): print('Index -- REFRESHED') print(f"{response.status_code} - {response.text}") # Function - Check detection engine index def get_detections_engine(): request_suffix = f"/s/default/api/detection_engine/index" response = requests.get(kibana_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): return True else: print(f"{response.status_code} - {response.text}") return False # Function - Preconfigure Kibana def configure_kibana(): # Index pattern data_file = { 'file': open('/app/include/audit-trail/index-pattern.ndjson', 'rb') } request_suffix = '/api/saved_objects/_import' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): print('Index patterns -- IMPORTED') print(f"{response.status_code} - {response.text}") # Filters data_file = { 'file': open('/app/include/audit-trail/filters.ndjson', 'rb') } request_suffix = '/api/saved_objects/_import' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): print('Filters -- IMPORTED') print(f"{response.status_code} - {response.text}") # Search data_file = { 'file': open('/app/include/audit-trail/search.ndjson', 'rb') } request_suffix = '/api/saved_objects/_import' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): print('Searches -- IMPORTED') print(f"{response.status_code} - {response.text}") # Dashboard data_file = { 'file': open('/app/include/audit-trail/dashboard.ndjson', 'rb') } request_suffix = '/api/saved_objects/_import' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): print('Dashboard -- IMPORTED') print(f"{response.status_code} - {response.text}") # Detections data_file = { 'file': open('/app/include/audit-trail/detections.ndjson', 'rb') } # Pre-create detections index if not get_detections_engine(): request_suffix = '/s/default/api/detection_engine/index' response = requests.post(kibana_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): print('Detections -- SIEM rules index pre-created') print(f"{response.status_code} - {response.text}") request_suffix = '/api/detection_engine/rules/_import' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): print('Detections -- IMPORTED') print(f"{response.status_code} - {response.text}") # Function - Download JSON logs to local folder def download_s3_folder(s3_bucket, s3_folder, local_folder=None): print('JSON download -- STARTED') bucket = s3.Bucket(s3_bucket) if not os.path.exists(local_folder): os.makedirs(local_folder) for obj in bucket.objects.filter(Prefix=s3_folder): target = obj.key if local_folder is None \ else os.path.join(local_folder, os.path.relpath(obj.key, s3_folder)) if not os.path.exists(local_folder): os.makedirs(local_folder) if obj.key[-1] == '/': continue # Downloading JSON logs in a flat-structured way bucket.download_file(obj.key, local_folder+'/'+target.rsplit('/')[-1]) print('JSON download -- COMPLETE') # Function - Clean up S3 folder def delete_objects_s3(s3_bucket, s3_folder): bucket = s3.Bucket(s3_bucket) for obj in bucket.objects.filter(Prefix=s3_folder): if(obj.key != s3_folder+'/'): bucket.delete_objects( Delete={ 'Objects': [ { 'Key': obj.key }, ] } ) print('S3 bucket -- EMPTIED') # Function - Upload logs to ElasticSearch def upload_docs_bulk(s3_bucket, s3_folder): print('JSON upload -- STARTED') request_suffix = f"/{elastic_index_alias}/_bulk?pipeline={elastic_index_pipeline}" error_count = 0 for f in os.listdir(s3_local): if f.endswith(".json"): with open(f"{s3_local}/{f}", "r") as read_file: data = json.load(read_file) result = [json.dumps(record) for record in data] with open(f"{s3_local}/nd-temp.json", 'w') as obj: for i in result: obj.write('{"index":{}}\n') obj.write(i+'\n') data_file = open(f"{s3_local}/nd-temp.json", 'rb').read() response = requests.post(elastic_server+request_suffix, data=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"Content-Type":"application/x-ndjson"}) os.remove(s3_local+"/"+f) if(response.status_code != 200): error_count += 1 print(response.text) print(f"{response.status_code} - {response.text}") if(os.path.exists(f"{s3_local}/nd-temp.json")): os.remove(f"{s3_local}/nd-temp.json") print(f"JSON upload -- COMPLETE -- {error_count} ERRORS") if(error_count == 0): delete_objects_s3(s3_bucket, s3_folder) refresh_index() # Process - Upload data def upload_logs(): if(get_config_index_state()): print("Config index -- EXISTS") download_s3_folder(s3_bucket, s3_folder, s3_local) upload_docs_bulk(s3_bucket, s3_folder) else: create_lifecycle_policy() create_index_template() create_first_index() create_index_alias() create_ingest_pipeline() configure_kibana() create_config_index() download_s3_folder(s3_bucket, s3_folder, s3_local) upload_docs_bulk(s3_bucket, s3_folder) ### MAIN CONTROL PANEL upload_logs() print("Sleep -- STARTED") time.sleep(sleep_time) ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/functions/requirements.txt ================================================ requests boto3 ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/images/elastic.drawio ================================================ 7H1Zu6JItvav6cs+D6PDZTCKyiSgwh0CIoOggDL8+i8iwJ07M3dXdZ/Kqu7Tnz6VpUBEELFiDe8a2PyN5q+dXPm3i1qGUf43igi7v9HC3yiKpFkSfqEz/XhmSSzHE3GVhFOjbyesZIimk8R09pGEUf1dw6Ys8ya5fX8yKIsiCprvzvlVVbbfNzuX+fd3vflx9NMJK/Dzn88ekrC5TGfJ2fLbhVWUxJfp1gtqPl64+q/G00rqix+W7adTtPg3mq/Kshl/XTs+yhHxXnQZ+0n/4OrHxKqoaP6ZDoaZyp0u1Pzm79V1f7g8D4Pyd5Idh3n6+WNa8TTbpn+RoCofRRihUci/0Vx7SZrIuvkButrCTYfnLs01ny5/rJKAB3Hu1/X0u86iJrhMB+eyaKa9Jmfw2K+C1yG67J/qMn80Efh2GnVK8pwv87KCx0VZRGjQpiqz6HXybxRNQ46jF/DKz9SZCPaMqibqPp2aqCVH5TVqqh42eV1dzsYuE+tSE63ab3ywIJjx3OUTC8yXU0N/4r34Y+hv2wN/TDv09W6ZtVFbYVYYXpvme2ATfbv/+4u3/lt263wOT0z4ceUlYNSv2T+K/mH/XpL4aQPnDPHzBrIL4o9v4Jfitvhpu6IQqpvpsKyaSxmXhZ+L385y3zYUEftbm21Z3iZap1HT9BPt/UdTfr/JUZc0x0+/XTTU/7DTkdBNI+OD/nVQwOUePx986oUOv3XDR69+P20xtxQJwP5rW1yXjyqIfkMOmEn5Nn4VR81v0HsSD0Tk3+SYKsr9Jnl+r/N/ufi+pv3fIr7/YG/pXyO+NPm9+DI/Sy/FfiG9JPMLpPfr/ft5u/5C8f0msu6nK1+Lbw0lowEI/nzePnhOStCSJ8ENXy0CxDpJMJ6cmpBf7fgMf36xNL8a/jopnboaZQLn8sFQc/Z7hmLnPzDKqE6mXj/wysc0/oD1fonAf4n4sxDsns9/lvWe/SD+0HP4Wf4XX8j/h5n/I/J/fsyW2+tWXJr3arktvabV278z/+3W+0s5/F+a6J8t9G8Ixb/NIr8l8l/A04sf9OfiZ4kkl19Z5PniT9o/+qf9008pCgNQhNWUFfLtf9xPuEU39DO5Ys+fQ+tPoL+/9U9RbpR10iRlAa+fyqYpr58agDyJ0YUGCS6Hu4P6NsYc8La9Ds5Jh/iFm+4ghH7j/40G4yEl1c/4bxTXQZ6heGOlUV7PMadD9wgGIvFXOyIQyueWDumwZ2m1Z5/BNXiqKWhVfjmE1yBRVuHNW+1Kw1IGNVFiX97fPOpCvI7Da56HxPoZCUSi8qBVBLXH/xLu6h+62rDWjxPF5krKXBX6ctGHrnWPu1KRzaWSEbC9SJkDiLWe6bRUJTQe0NtUpNTBJBQBxKrtxqrktuagENs0HrQUHvMA3vtzO3RPkdqnaCz0+1Pb1HzogkppCe7T4e/cHdRM/aE/+Ny2fY13gGv0rnl9gutTBqfXhbW8S5SnkbhpJItzY8VdQjke2/BkHx66HK45D697uO5dBumQnuS83R7X5El2lsp1T3kH9unJZjLRoIfzYuD64ByCB1x/r1oMBX/D+YixRsSd6qidyjMEPmdjWsHfIpzj5aDanKKm64Mu3TQ1VeH1tTB+i+NYCRpL7CBNEI06C/Yzhwxd61QLsOjcNjVj3YLHudtpYtyrpAt/3zR0TnPgMaH2as+QsC2JaIu+UR8V/bO9A7y/gH+nygPSDrWF91SG1z9LyAUdzx8dx692DJrTuGfwnO2gOTF4XNvB89H2cE02Gheu0b4Iqh0/NAuOD+eOrusWnhNaA2sO+HvqH6PxO52f/okxXBek4Ug3eF9x+NYW0SoXxu8M9xvbKYgH8PdnHgipyy2UnWQ7vPi5fQa0VxgxEnj033cKl/1F3smM/V4ZLhc/KUOa+lkXvs79clX4T/iW/7Lqy9EFzg+yGFvB7yI36PMPtePXuvA7dfkPtOOtgNqRT/acvmuJjRyXAH40y7mITgx/oX9AATxQ4bcg3BJbQWcArfHW3lR4kJ4YBw6D2/FHTjkcYctV+QSAm21b8QyvnZ9rdFU+7qTDamefKI8IKan3TA5q3eDhH9gqoLRLIDuPE70urlBbMwsZjdhypi3tJLRRr//A+/P+vD//X374XqcZE/4wloSTsTYAIsRbpsTFgcKb5VYAhC50YCdeVEfauUeZy3y5a8PVZRErlpKueee67uPbJqnrrcU8VUHsIfohtTRgdLucG1BRUpxBcJyZaeLO8VaWmG8sotPsbGk6+7W9l/aHPXnxDnkTHPfs2ZWlxKV2uXcNS/9wq04yCXUY1wWFRoRHj45W+Syiu+W5gAOD2N0IF+UgX5hknZQPNXVnRraWrYy19vktcq/e/VSsqaiY8Zfyrmc33y/um+v9Puub6g5HaOvTZmi2B6qZJ+yjeiyeJ+giSK264tuFLXX1WemDajuotD4shR3RGA4Zno6UVvgUBLN0gzQ1E21TVj9eoT3l0tvs8azn0fy5MFY9tKiSTS6fZ+imcedqDg8NiPi5WZt6GqS7DH+v1ztRciKtaujjNRZy5wytuyQMtB4+HtuEWVZruQzix57Y+9sN6bOcc7tY3S4K99tkfnBuUrBNMmvjbeBgWc5b2Z0FZX09sOGdaejVMTLghbJh2cEb6t6LIo8dnmeapcnr8Lyzw6AN7K0dLmqy6Qu0X4ftPL9sPIbVh/VV0weQiw+rhJNy7/wKXl+1+4q6P/fwjHNYFZn/hL0kSVOY4+y5bC6hkMLjw5Kz84gxnkwVkSVBM+yxxBaHW28JzZHVfS0BZ98uDkGw6svY5f0Z5XRA106ITqRE1NdCTQqRG46G2cF+EEHOXakSVeOwcFa1NcTS03oKptid+YMbRzNS3KGJVApPzaSe5I4998z3vrlZDTPpnnNhL0K4cWrVZmGcjcOQK8w591RgLBxGjO2yWKuOXs8VhXqysrZZDnA01rmT59j0AsnWbdL028OMrmLuwcoZ6zxGE7rWT4cHJzSDdOyswBQK8lQeZyq8sp9TDHDEAlgbdpaaHFibov0I73sQ83tuO2z3FuMBybSgLOpAtXRo5VsO+jkcRAhmy3cKtNoF2CiiKQIX5LFNuzXfAmC1YHsqyRyYXCy4gljDdjUQ4zx2QMwRcCjYSIZDSQQHZGCYaruB9zgBeb2HuMPldnwKYgFopeAiCLCMV+INfosAmEmrABPsgAAgduFFUFsBAKoJujUckwOiKNc8bOiYSgtxCHcBWzGHY4ogsBw0f8DzBzR/sYVd4JgrICsrOH8GdGBAAEgJgJvBpkIsibyKoFAXazGUB0GHY4h4DAvgMWQ4BgJIRzjGOUZjsICEKwXrAJQ5AcAWjqE7aAwy1uMDHOMBHIuEEzfhPHzO5OE6uN0WjnEDvHKEYygghGPAtYkZHAPOQ415ceOgNflwDDSxHohWjsbgeYDHsOEYGzzGRjHQGBwaI4N94RgZgcaQRRmPMYNjWHgMx0K0buE5As4GbFtOzOD3AtJ2ieggw18K7GsAxdyacJn8E953jfoIIkfw8H5z2OeC+nAc0FAffsHtFBH1cUwDSEDhaUhQiA5hkwvceFOINZcHiEeGVhQP8DsCCOYdVKGOAGcCl+9idCYFDuzPu3wb8zFkmhScDB5sAB+rAPHKGXDx9splMuAcwElwEkYst7AbR4mAFyBNSC3fhdGCQXQQa3Cu7blrcqZcAmplCg53B0suhv9fXDSu5XNwSOdEzAHfFHw4oikT3NUAoBQcoSp5H86JUx6nvdK5J6i7DhVpupCpnZgF14g5VzZlVlThxwgdPxJCCCukcAdrqRLbw3Noc+bItRK45SW4x0s/Py65Jn5uYZt8GJTr4nBcC0t7pt93XQ/2uXIB3KGodSPZUc/54Slb1DI+Lax8r8R0LF8dcFOQ2u5JBLk56Exxzxjp+4JnwXB31hk47ywuEJqOtit4ftYbSzjxpt2tTmVbxpvAATafmdtR67GssYAmRwqg0pesbSagwbcKdLitGJSaprdgV7H7B8k/HA86S5ygFEHMRftYArO8SrlHejvMDycfqk6tc4AosQkRC+nZf1IxdVqqsp5AF0pa+fHWJx9KX2xiLj4KfJScgn6zcOvz4m4O8nFxerRCJIB4uVhJ/GLYEGYADKWs6gXtGydkLNCKj5GX++ZcdAEjErV2Jvirvk6f58cpv+5WSswxoh25zbN6GgXDZRrXE/MtwcXgKRdUePCeRWNYJJPvjas6N6xYQfsbrrxKzWjyGbHs7QDvoiaNbrS8uZo9VIp+znvRPt+7+b3uC6MWhbnYciC82RoiP2w+F9qItJPDLrG2t5RgBmcFhVlN9FVRNcYmCJKj6az8gN4I4ABke+VWs3093G1FNUkduaXJyXQAdV4iW8Rz5jkt17vcVpl4H0AZ6Mu+OHdXTXE2yuk4Tx9QBSGDLWTMod0QnC4OVWEbwBWCmUrnmoBYRPIXwy4V10C3ZZ6fFXqriKUCCSn1w84BA+/1sxxuMi8+1CdYwRWd6qFYVXdLUY/0yZAoNN5B5aCAM04sHIOWyP4Qrks4Czy4bQfl+B4LylJChsogz4pRdRcXySbouNlSQfyS3xLVhpLWmRySLO+2mYdnGfZ0YiXU1UWRpyZkJKEEy5V/mpk16CG/PvMALmRBQt22B4iw99Pj3m5iBmpFrr0vVvK2VKEVIYDftmClLFZIi+RwbTPDmUG9w8UGkoqgX0CWKcGlSFrCDsCOk6FKQpZOh4qIv8pg7QomuEMzc+FlxEJgA9tvgtVpCZkNNnG02my3BJSHGCTz5BIhNrud7HBGOkHXEXmvk8UTmDzbHmi+XpLsoVRVsB1SQ72yJ6kqgMg95rIKrT3X3NjDY/VcImwzMPL2uDgv+7vvQJ3YKsH80dt0tDvcySGKBf+RpR1NdvcG2nUvH9aebW/soyKE5xuKkt5qUSeuixJSodilGy+y716Udyt6daus4rqu5ep8RDtwkxVAFqrXHPWjuz6nS0CD82LzyO7PTR4tMwVuIc+Sp2XfBOu8uBBtbR1IJKLe4b7mjvOnB2FJbBQLYTvnq4u+9Jez86bV+nyYJ7DdhTSetJLTUOUCqdgVxoK/8kRKO2sSiXvqVJnUnXrWakDAmZKSeU++oRhR3PTzPGETD2rx3nyc2XlQZDFEGfpjQR49BhqqdRKrrDYKpxUvEdPrzpq/2iY0v2eZoS91SrWO3qr7mUPQ5wQEoJmPsOnx1Og0cUQhFtg9QuNxT5RcvGnKpW88Arbu2ggD7EUhIwZeQNQkrIgj3yEtbJyGjcLBj1+i3XLDA50CleNuEj3v41l6tevQ2gnpIu8F5jKLguzJQp5qV15IREXhDU/dD6w2b922W1+POn16zoZoTiJml4ND4XP+7mjrMZC21OGyX/oQ3NRKeshLwr1LkUwU8tELcyOEgIGYXRZ9pWhN52620PLXh+ONnzEc2KrVzFo0B5o755FAGUTB0tV2oZMqaIVkdqhOZyIss15a9d6i9pFJZthLTh7vhXyTYgRns3CfHxmIQVR3FkoMS83z2Fzer55P8iKyTCZcNb2oqWROe5ft4r6infLiNhARlX1+WYKTpUK67Zf502GgbVSVIdzfApCaBlLz3aHexsomiWXgHluHtQPusrYDT7jqMRyEoVN3kbj3mrqjoP98WV6ujkZDIMIwlxNcPzypL8rVAzkZdk5mhgeRVCwWjiE/vRhSn7ucga0+LZ8iFLBOpZMT1Feaa10D7WlxOHoIZjspkLluM6TH+2Vl7OPiLjBCvtF5v29jcBD99NmodDFIVZc5HGcLQaUJRbhoPVKsEr+S3KJbHxrda+ZdS/l1dwJL6CJKmttdVY/yqNmesqL8rLU3lS/J6nTk7HrTtCKQFlWO+OfkEdAVOWT91m71+emuPe4KQOZQKs6lbRbNvFF2XO46l0t0LrXocQkgeDlv9kdCaTdFDhVBpRDbzW7uH/dLxkC2/qkxm+ZSRNVB2vurVanO13RoKBmk1eNJPtkzXYCyERCOaaDxPbaAWM2qfrVOVA/ou4CjhkwewtIh9Ptsj+i0h8hS4UMfRRpPzeHBzCxncQz3rEDcahBvOrd97IcDdIKF3akmBruhJMVjiGpx0rkGotB4G1VoIHJJ0hvfUw372XmDfdQXdh4IZ0CbCbR5Ty1DRKm4CiGXeo0kTJ7TwaxSkW+3uAJGEKELly+3goN8Qsrb5tqWXZR03vKgk+M6GizmWJ2cUxTMgsexguC1Vwb2HBT7QlWLJcPP2PU8ke/QRjilfjohDtojnrCoel3rD67x5DogdxClZ9ytolzkAwbsPnAi5nTz5WopzKwlwVQQGGunx3Hp789rLVI3dE3uo+TpsYbLx1rnKkZ4rjbHQCKFuDmKfyxk8k99+NFO3aLz8gKUuAcb2T6tyj0U7xzIJpstIQiIuQ04xwb8TUB7uDX1tbGXb6s+5sEh5pSn124dxBgKtLHQLbYe7qg2awHhJgci/RysORxjWG78B51Df4kXrujeEvtsj0ZhXrijvcooYw3bKNwcej6Ps6yvn2f5eFy3FYMYQTSFrLtfwHO419cnQrlNrmomt3jcKJEDNfeUhJKD3Chz/axIzYKDqNbYLGl7wkYKvWw2Mjc7I/2AtkhZQg8O7vXh2Pd32nWE2XNu6xuCOUGckx3UkoYKg4qjdATGz+FkVrulYgotwmQ3k5jb651lIBY3C4ONYmcwtMo0HLDnB1NkhWU7MyPBMki+ytvCR+bk6CNpL54qBWe1VFMr7Q324oJdtA4b9nYW5/NskUNfg5htZl6n332jiRaD0A9M1clAFBDVEK9f6x7RmVrYxyQPFp7kuwTlgFbRGdIftGaP9BzCfAOznnl55LlwI89ddbhWiHgQIZ8eXv7YxZCu7XpdXa/2fn68rpCD8KS2G5df8QBiZySCGjWn2NNyr/d2UHUddDOlueRtdRmRMTw1/oLaLPwN9MTbLbdBLlvUL3OGmBM38gZ3e5EsleuSWS/Pm4Z61JnkIqdRYuXaWcCxZ7fT0nm4RUw+nmwCbUC0a1o3np+MbbQ7P6GSz2UpEqHjWWThEYWqVgxhzyEsR96ONNNmSmq2JjirCUmj0AoXlgm1CQojqRHJZ+el1JyJOg5KwG9zYpueF3QtHJPbecty7Ko58/QsdGRTTJdEaM+faFkPpjA0i2Zb93yar8nhGS71CoJL07k+2yQl2Ovdu3nkiRLO+Xk5IH0waAqEhuiWtXGSvMtKWcVAUVxLtJpoXjuM6JXGQg73Tz9HRsq5ZUKsK9xfIOh/zUctEXvKyrq9nRnlDp1tTtz+kQGHlg9MAwIX8wA2B9kVGZQcMgFORaEvrCTRF4pBfP7CRMVfqMfnLxN+MXvzbj4uj84Ebe/5Q0SyfA29OsGDhnq5UhtyEaIAo73aJYcgn3Fmc7YQV6QoghhG4hy5ZTfisbltVAg0VwSH1NkNPJHrBjZBP6TF+blBJ4OIpLa1kPiXytdPSUFo65Oflfc5KXvHUiUVCIwugKr0Vbo+qacdi+yxkxrNsahKmekRl7PP1QHpz+txS/SHoDp4805akbLVwuVIXNrmhe15EJkvK9Ssp7tZdrU9ZWZsH6UZGy4HVvFK0VfsWX3s665+1KzUPIxwl1CmbnBcz2X8HDopC5BzaeVSObEIrWqlIVh70rWL5lJh68W2Cd1msDIRDunD5qwZSAg9LzzNNe+cPve0yZt6rYI1A2TZqoj5ZnOgjt58nTbpLtbJlcO7MrQ1Btq+5fx89tW9y9BFuKp3pLvlWp7wWgkYJTdfUDQJmQmFv6VwHjAm5Q75vG5VcCZNEWgZODRp3TAimsL5uCYXZtIwNbwxMYPQXxZRPGN3LM7NFiIq+mgk8qDsBUgJRwMu0E1+hlTVUQvzLV2kJLsLZUN4MvnhuBoNWGUr3ek8/kb7vVwZK+OI8Ma1ZZcF2igqQcakOLkO5/M1BL93UD87+bDPhnk1b9n5vH8easIOH5G7rrxdcGYr6DYgFbHu6L6RT43OSkRsc3chBC3ogTNcVeSWqTR1J48ytBqKJT4f61W6Y9Y1EZKUugg1ZxG0yJtdQx43TG5FUeECGU+Pfbjs/MhQrbZomPJ+1NyFk0lzRTT4GDaE3iokfXj1erQ+ZBSze/+E3vM10LiqOgUoXcHc+sc6HuJQgIgGePG2oM02XOtBdktO/U6XUSyBbChw1n1mk7Rb8waxABT0GwKIiUClz83MXqqLYBmcoP2GLovL7CS46wUJkYUVb5+l27uzPokvWVfE/mE/i/jw2sqXrcVZoLm0YA3kuGi3zTZSSoV2FVcZpMVOd5llrYAlmEGhD4Cul+aS7fNGokPRm1dcsndvjHdOXN0VgwRyAaeu1RkrsAj62bsLj5Y3Z3dXQ93o87yFZtZgNCAp4CwSodPkOyM1yjPk6KKTIVPM8xDisDVRCzHcnMPs0h2cM7RG0WN2ffq6HvrsfdY9BKhXEALao6izKULo3J2L9bq5gHqJ2LdkzzNPjcQ2MsMWEgB6d4Vwz643rW6arWfIQ3XbRN7CCTug3Sy4eAhAbqQl1KuHZ12DIT/SmueRUTIE8X0LltwDoioaiN7uMgwPZX0+zfbdlUq7pvGoSI2jVoMicoRyZO2ofpv0Ud8lp3i4qcsNvB2lrFppds1NiAnkGsyjS4qiaUVhPhdVMdfni/uiLs5Sorfc9RwotZrUEpAZLldnV7ifjrggsqvDxAgI+WsUybisrZVEAan33QFBD6h8eaBe5ktR3KKqm4dXIjFlt43Yna01yV64lmPzY3HfgxrQYB13tHyULsftRS66ovKMlXg/U2oNIeb6YHciMKGe7A98f0QiB6G9vVpquXZaLxmZppNo7oJsxRyEDupT7gL2w+lp2NHaE9fna3T2tnSc6010npsydDNc88xkKxSbZ27nIaGWGypALiwyX81DA+mMGgZ7FQtUkx0rvgUP4PH9dT9Ql3nlnq27uVsvmN2MY1AyK53v2Br03HZ2IsItULgt4HehR8FbPp8NHYLhaJl9CbVQ6B1JoNlrpE0WjBALAWi482rrD7vZRjPkyl7PidLZdvRMUisK7AB9BZGyhJu5DUAvpmF99pH28Ptt5szOi9sOLPaziz0jU4ng/LzORAllZhSB2CxBHqz4mDxbyJRRQzDsniJK9li3/bKW2g3JPy4M5BK1pbXnpZcMVIBBKJ3GiiHnVita2579SwNaeF4iiiGSocyRYLUVRFdfVVmwujKEJtyB8czlOJLo0pk/Pa7mdWWPHteSoLW1Y9lUy9M86ujKpzu7V9uV33fmc/1oPMbxAC+ozsMWOlNAiox/XE1P3F9uD3GVRUYFtcBWcjsmFXYBcNahh2KxpgWg0TX5Sle7dXsuUw5aHHdGNGxJXRrDOorQ8LPJsjBuELD1UCgt43aHzm+1dKMVt9RWN7N25sR8RmpMAlFLe+1WBmQvFoCEXQxRKh8v+yWYP3e7JVETQvdo9IJOaj4WhnWusz6UUDFWbZreBE9GEaLrtbue2+uuORzV+bnTzJi3wkY5V24toOwNL2bRHdmjcNlfw+Nu+VBXBOV1lVAdFnEK5NbokbdEU5mMEkLKxnYJSZuBdLsNxIAqyyVzuHPMAGhxfVBAL5zVJaluIB0EiFp9aqXNElpmgCld4yB0Y2soNSv3LUcEgnc5tXuUCVKBsnMK9izyxVU3Nhmya0bmxDFxJMSn3EJU1ef7q7XnMnCD7uBNza5VPrDkIKw6DRnFC7vYrlGmQi5unL4DsmMQ5OgdJSLUax5c7Dmr42N6e6wsmTGj+rZkrmtWhb6aC7hrsnBVE6A0FS9qlLaHLgwXdWXLnyp/R8+c8Cnfi/UA1Ot85i4GCDdiueXZRCO4gNsNrfbwkc45SoNqADWCfqJK3R7xBoSAz6j1WZ3v/CHcJKfCOURRJj3tGeKY2oOe68pfL05zHt49BGKeeI/t2TouAzgedyWgxUAuXtnaQKTcxBngvuEo7noduUL1hC4YOTv687t7Kkv/dE4gNedqJdddwMWrFrAr5349R56N0jjsGjhHyukJIaeYewBlTLXr0GYElGRzlO2Mz1P9LNzN4XowB2e3IjbBkoUW5rGwCFdgIM+G4M6HT4qNjYpaX32tWnDnJDTu1MFseWlJ5VeoEKEh6ePz9ewR1vZaOlJ4IK6Ut3HDy6XlXX1xhfK6BYatDt1WvS0eKvuIPO6k1r0uSKrtgouggHalgqW26TaPk6Cen3XF180Ztr6elkuwMVlgpAsh4A/pkTyZUnDa2MrQn3y5gMxXtwIYUJSIllvBIRUypdWzWt0WqyTPrtfVSaUzMzm04F5A3Ib4/wJBQnHXN7IxWMhlstjFsdgd+b1xyZJLDQbZh2ZLoNlQXM86wj2Jx8UmVFct5MOAuq9pc11W3foIbbYOFOEh8rOQ5ecrPpS2kXhquWEXW8jBRUbouI+Vp0agFAc301sIZ0zB5Ck3vYQHXZwpxXx5tPVofbIPfJoZqTdo4llkoVVo/Bu/4bnOZevcYbztmtmlYcXm2XJOVdtc6zKV32rHuXm8nSCHztmlCTKB9x6UzV3d1Vb2LW0VNxa5fiYDETOPbA18jUT2ZR2Zcstse2EBjs+yX5gkME5k3pcggohTk+kbIPzjsixsyjLns92SST2XvN223i0yCf1SLPeDf53L/CCjR6MlD61UPuByDdXJ+Fiuir2pmcwMnjmh071UHHePB6E1z6tmG1KuGDOp0ER6e1jami+fgYvcVw83vQ01cUH4jiyqfRisKEaKqpNXt8YJqMn2HsuMqzzEp9IfqVxVkuf5eIi4myYbCFEiWMk85eNyuWVW1KOlDuVZu9QohegsdVfwhfSAfCRlNVhQjUvmfM35QGeLFLnN8yD0kJY8sJVjPGUOwUmvMRLVlNTs+AR3lqWfy1MFceODcZR9ZMz1m7xd2JooF8F8r8UIpcNOPCkho7e4rkKXdVdJsAL69SIpPFGyt3gOBk9OBtO+4xBKWNkC7UD7z6mnZGuXaaWE2jG+ONYyCsNnX9h9pBdz7b6fnx438rpPoIZmXOIOofGVei79A6M7XFlnWaGHB19+6IkX3GODTCBwmCtuqppU3By5rT1wm1mh7/Y6Q1eEH57dTU5d5+Q1LXdAb08bWXFNQ6GI8/zsFdZzRS99Zb2/7J+HshEP5V5/bsVbBvyHVYK7UBvqakxozHTP2a81br9mqXmZ+LuMn1kUfb62NUQCYTT4h6qV/DOPoIDERCrHkHOKYLLHPAqvd7NubnQ8581EdoS74x5lEM2jU/XIGzZdEPWJNA7ZM4MesdScYold9uxpdqBIiDUdGQjWbpYX4ITsQKOFZME6hA3vtRIe64Ff3h7Ddh3PqOdmrkRok8NezUSw8J776NItqKNQVczqeSDrazDX8s1lQUv3G/RtOD+TbnWRP738qvZ7DmwsLXiq3LUiqX7T37Rld1mzklmTZ0rehDt1g4nBBYrj22pM2Ch/jdhfbZpbr27iVS3KTxWq/4yeIQ1xmT9Jmk5Dg0J5IVaj7f1DR89CSXO3QLbRv83vl03pu4hjN3ebhppOEi6CuQazBCeCfLUU7yFyCTmWQdx6oUTjbBfFPc03yc1Kg1p9lrsTjiYcVVFHQlLmN2d7uR9Xj1lxuLlGdDxtLwzy3mzrrOiVsaxnV2PPSZpydARJXHqFsLGNh9TuwGopZ4dKo+bh/bDVAuUY5fwuekZi7hdbe3MJmpDybxFlQwSgpDc/Ev+JGAnPcUfQPWr//BCSGKzuiY+CCOsiFqVsLfPPp5g6qcLzGXeCW8YZNANCwz8kUIKt481e2CfVLGJcMLC7tg61gbe7yInSqhYqa7mnlKvahaWCkrv7hn3ZbXfKUZk9d/NMXpM7mZUfEFvEy80SOnvxZtf4Rh53Wz/rtd5ssrPN9Ya/o26KG598I447hV4btxMrzIgAW+1n7CyT/gF6BaHOPTjstpwlQTenvNTQ/chFlzYzuigv6kWib/olQYo48IsMRTJ2/E3X4p5XFkXfL+6mFIpKXB5ydE0RYcP7fdt1PGL/OLyQs1K+c2s+LuitqB/hZa7YzrMsBm6z5bJheZbUw6M+Vb1WoSK10ORyIq2a54JjgQxdSW63vY/RLcvZ67sNy7uKMlbP/4pqeeL7R4dm85+r5b96Ev9Pe5T39edF3uXy73L59+f9eX/+/M+7XP5dLv8ul3+Xy7/L5d/l8u9y+Xe5/Ltc/l0u/y6Xf5fLv8vl3+Xy73L5d7n8u1z+f/d5l8u/y+Xf5fLvcvlf9HmXy7/L5d/l8u9y+Xe5/Ltc/l0u/y6Xf5fLv8vl3+Xy73L5d7n8u1z+XS7/Lpd/l8u/y+Xf5fJ/brn8jPwPK5f/J15d9C6Xf5fLvz/vz/vzaz7vcvl3ufy7XP5dLv8ul3+Xy7/L5d/l8u9y+Xe5/Ltc/l0u/y6Xf5fLv8vl3+Xy73L5/93nXS7/Lpd/l8u/y+V/0eddLv8ul3+Xy7/L5d/l8u9y+Xe5/Ltc/l0u/y6Xf5fLv8vl3+Xy73L5d7n8u1z+XS7/Lpd/l8v/qeXyDPnv++vy58dsub1uxaV5r5bb0mtavf07/VNxfBTGkTUdllVzKeOy8HPx21kO18CjanZcv/6tzbZENe8CCU+mUdP0VjKgQfxHU8JTl+aaT1ejLmmOqPv/sNOR++mK0E0j44P+dVDA5X7qhA7dz9e+dcNHr37j+tCivtuyL3axLh9VEP3WowUTsRq/iqPmNxoyX/NAFeV+kzy/n8ivfwCC/v0HIL7tICJ6e0mayLr5ePFt5d++36364odlO5Ezzv26nn7XWdQEl+ngXBbNtOGQx2nOr4LXIbrsn+oyfzQR+HYadUry/PUwRVEWiLnqpiqz6NMTFiy1oPATFuOVwyQo1C96foX6/vkV5iVpnwSSpL+QSJL8055gYX7aQPAIk8au/CT/48+yfP2gys/PpXz96MrPD6rUTxRc6yC7ULyx0iiv55jToXsEA5H4qx0RCOVzS4d02LO02rPP4AphQgpalV8O4TVIlFV481a70rCUQU2U2Jf3N4+6EK/j8JrnIbF+RgKRqDxoFUHt8b+Eu/qHrjas9eNEsbmSMleFvlz0oWvd465UZHOpZARsL1LmAGKtZzotVQmNB/Q2FSl1MAlFADF0tGJVVHuNZxh1cCl8blA+t4fzAJ2Wqej7UzuF2KbxoKUubo/HGdbCD/3a79rxcJy8TBTZu53kdqkkKqmmcb/L3GQ7fDn/TucZEq6BMAeR3aYq9A1NeC/4L0VzVx/w3gy8V4/GVhOGNAcFrbnbpi6N52RnrzadaoHXeB0cj/7WBsVLAvT90NKg09B6+9d4Ig3bD9/uHXxrw3+MRxzgXnnXvD7BfQqpyy2UnX+4JjhuC8dhUb9tClgt3QmqrcB5qiQaE9K4hb/hPos9nCPcq3hcM0SOqo3aOmgOlNqPc4A0Z7RURPOg4N62ahrgeep2NqB1wDnSmuD245qdHu4PvB7D62I7rhXeL1XhnorsOIYDr+fwPuZDhXPEY1iIHrBtwrC64AxobuP892juMW47uMQ4ZzCOyzO9mmavc502ZGM7IaM06RMfFGHpH3e5kiyQC5pojGvXi0CWCJ/nMsjhGloNnAmkCdxpC81AoeFq4ExjQh3galMRrZaYZkhpgwKpofQfq0nXmMK6INKIi+E/yE0BqQlmh1a9RRwLOUG3mA5y1qAjqlqQqoIDpSd+aLCNjlfpPrQBUJCTGNgPUjNu4Q6g36yJdgnOQxtcvCsqWv0QY0lBHIS+4ZwhxVw4Z8h1qYnHU21M3V7tYXth3Lkf1/rPcRemZhMU+9qzicQ7evnpusw8XoldqrsFPNmHhy6H9MzD6x5qjV0GtchI3xTAeWStincarttGWgPRRSQwvSCXa4PzWjOtCmj+4kgPNHdHRVzNorXAdSKaIilk4K4zcF9gO4B3XkPtRtpMbRFnZB1cb4xpniBpugh4PkLM6pjOCuK29tVOxdyLx+qxBCRI4yCOVOBYKj1KC5JSyBsjDQcNSy7keAHus9giWtOajXkEagqHVPE9VXg9Y7SxD6XbSAIVKPkZAzl25DEhpvCYPdoXwI73BIw2eGN/O27xXiYM1BYxO/aH60D7miqQj+JpzABqPmc8lypwTmgtDAXp2o9jBpSGpBiOqQmAnsaE/OjSY3/oviCtlSKeNikNrhTRX7fNqX9MjP3h+ENGTv1pqIXp8bpL6Hbw6f4t2uNOt8EwykNMqrbn27byTcpTZaSrrdJIuiGfkFD2EH+33+SME5BWRtrmQytbWMNMbcXum9YQR407tu3g+gk0FwXReuQrduRBZ4AyFY9rQOO92n3Mzf9kDWlfzgnPUp5G4qaRLM6N0dIi//t7nMb+Igw1pyEm/w5FzX5GUTT1M4h6nfvlGIr6M16a9Z+MnLQfkJP2NXKi8L/fRU5/QI/a8YimoH5QBwchHjgXgPQgpY2/O11U0ffUBulRZKlVcpyfyKBvZHOgLpjOgVeb8bcNdRX/Meb4bYF27Mt9kgUlhTqOUTNP/tKy4lbb45o8yc5Sue4p78A+PdmEdlmr/SP4kgIepKZtIytgIs1MYmtAtEgqydGyMoNuS0i6H1B7EaO2UXrNwpoAaVYGUwlrLyT9MblPkRQ7nUqoo7aAmmjECq8xEP4KaKTtp/t0o7b0VKyRBDQesmDYwtJIe0JrAjVHBq0W1miQSpArrB/POT26H9J8arpToUVGY3Xj/dwWYl6Ed2msSZFWGwJiXDPkwmmeOrZIDtwtMGk2uA7SReskdAFpzdc1ZGliiMXAtzGh9oX/JixtMqr1op+mImulIcQB+0PrMcB14TUg6wMtXjvhvmkciCJe2BTRYupzGPEzga0fWpvtDja2Hg7CZ9jKaVizw7WlEIuP+0PqWEtjK0WMVgpraRrNHdId7l9Gj+uBnCx4L8tJ4esWQjEY7SDLSUCsivurgtNN/VmMGKAfoduXA8KycO8gNv3UHlp3aMmYydLCdi4z0jaYLCm6n8hqGP+iNTjk2H+aL0IHNrKIYLSqgzPtjflCWiRGMBizqqSNecEktMm6qAPC2FACB8Bg/kAIAvM7aieS2si/o18x4usWrpkc/Q7kJ4QCxt+CSU8Wa4B+Dj2iJ5fVhIm3IV7Wx32EY07+B0QoNkZFJjth6GGcD/IPXEof+Y4YZQjxj4Poic5BCytOPoPIfKAkaOm1EZ1B9OT0LzpqCDWj/gLk87E/nFcwTFgdy5iG0LAgHRAaQ/sLefB1De0zlNGPOfQTksKIDN4Logt35JsU8Rz2O0ht9B9JLdVG+kyyoAqjPzL5lx/HkG+JUTYcSiVv2ojqsD5A+qe38VrUYZorBRELRh8QcaJ1kmi/Jx9r9NcwbzrTvqPv/Ut/TDKvsEgHaZjHxdG/tDHv4H3HvAD925FHkXwiBIj70RrRjvIkZBP/xtBDwehwwHuG7o32DMk8RHTT/IYX2tRGjwP234+yL4DXOjs1UxGPQb5y2ekcjeUA0cx2PngI3peYUHc/tnM6DVkLzIsQ0fWvdsF0fUKhIw1G7wnLy0uXrP95ZPVzfOpzeOvz3wr5BZhrRn8fSKaJLxDX7AvENfuzEBf1BeKa5fC2XJg8v0Nes/ujROfhUpu/+yOYArBFAMkRVd+uw1/x9I3HqW+oOvuLgRCm/XuNQS0ah2Rv3T8eBTWGjc5+8P0glyh/Rgjf/dyVh138pEBzI/Rbk1zhrUL4WxmB3DgupNo49Pe3QzgPz/un05gsr7M/YFNEmt+PzP4KPpr/Ph9RxBfxT/rPCn9S7O9Dd/RneG7//Ooha5VFATG5f3qNQPw2VZY/UGUx+zkqTH0VFSb+NPn6PxrWh3ovoqPTpwj+DwH/n7fxt9ni91n737dJ5PKnTTL65lIitSU9igB7lP/Vfui/LYIvuS1EG58j7QgVfWqHo8kU9LTgWDiu9a0t9Ax06GdChDQiKfSduwNEHT/0B5/btq/xPscmlcGBKGUt75JPKGHFXUI5fnmOGJVNCHLQENpCsUDsoaDY6RQhToNhiu8gb2VE7RAFYfQ1xs3iMZ5rTjG8jBoj1Cj2O8XqbMDsU6VFyF4fETCtYe8BIG+GGpEuQuW4DaONXmWr4dgmQOiOgYgXobv+FQPF6LaH88b3QG3M7+eI0K2wHlGoEDPj2M6IrJBXi70hdH918mjU19g9yp5gxP7RD3l6o4eD4552BumDsxEohowRo448C4wYoRc1ZFNGIWNUJx69hBR5yCaKWU/zdDsNXUNoefBwP7iW4ZVp0EUVXYOegDJ6I4M6xqjToBu9G4BRsIZoOYxeN+TJKZsyekN4LWPMj4UeyRT7jdHccVx49GRj7N2o4xpaTBfkweOYKo47s2PMF9IAoV/sQQVTG4xyWeQB6KP33mrpRB8he/Wj9b2LowVjdgVdU8c12Zj2KObfaq+IAr5/BtE0lpMOeV+IZ3TkFY0ZopeXwGAvlJ/ikDjzBdeW4tg46kd/oHXr+zaqoEweokNP9GG09EVnl5kiF/gYek/khOAZbeTrHssqjr+KxLf9atE4wzhH5MWLpIXnmA0avKYj7xh7itgj6Sw8pog8Jwqunx0zO8jDRLyH9nnkz5HWDsoQsSMvZsTkxRA424M8+iH0oTz3074jz41F/IO8Pw15V0hXjOtAc2Um745VJ88Tjt1NeojVsrYb49fKpGPiHsoukivWnuRU4ydv3tawN/wtlu6y6kijTpuiAyPf4nj9K96OIiiQ9goxRRXGaBLKZiJeR33siZ/tcQzosaPsX4ujHDyOzLAvnldxtg15d87Eb0qnjdEbqJ+QF/rRBkV9evUlF1OuSsOxPNyPHdtAW4FogL3jiZfTgBnv77b6KCfE6BmPMjfyMHjJHDXKGpIzs5v6DVPGkxijC6gfmDxEkZ5kh9Resoo9RaSbsD6gcY5gbDPowsh7UMf007z7yeuEOk0a1ytgHUHhPE0PcA5BG/MzFMqconzBRw5NCCBtUWY2YMY+ajtG58RWt6acDvSkUeZSx9E9FOFC+hjJKF7DGHnEfVQa38eCe2qr6D6TvoS6zd4JOJ+FZdDBEZtJPzBTn1a31WlPzVFOoG6e9p2Zoi2kjr36D9qMevsz/ZAOEjThE41xxHLKA057g/IiOBv6sTc454dzYq82yKYF5NQG7zvKQmupM/GmO+XMFEZ3ML9AezvxBLRV47yVYeIJ4iMyOmaHW2TPP3Q01Hkjbfaf+BXtCY5UjXzfo/jyS6c6KALI4AgWoY6yg3Km/KQTcLQW5a9i9E2Pui5rVRz/VijcB0UuES/wSJ9NESg7o8Y+wWSTVXK8j8Ii3Y/Wj3KNOoqEYT2n4Mw27jNFoL4dXw6IJ1UH6xOkg2lkQyb736JcJM52j7oZ6Y1pngGSUXqSGyQbNKKFjnktQOvBtNFwjB3q4AHpBpRBV8f1DoBE3xrGE+j8uKbxOEM8ReM8cvqirUiNawxeuWKoM/Eap2gz2k/Iu4jGYwQR5/vQMcqFjbSO0fGYQ8B2zaTGOWXUuCZkr7LHFPXDeUp8bAPyg86iimSOnPgM8yDKgY88pUzrQ33iYYp0kSqB+zATFoK2M8N9Rv2Jo+TUdB/qI/rmoD7gJSs90tOjbR1tE+QJFtNNABMucns4N8Rr0xhxO9LLHKNdqC+0nTrOFIy2SoW4yRwCjPtG/aB0I1ae8JcF+QHeD+3/KM9IH6i0LUz9Ic5FeBbek9SIFvENO2EdCmEIHKXFNhjXAAyID/Qx4kYhTKBiWcF2AFdJIJuKZONDd2L9iHggmyJ7CooMMhiHj5E3iNcuAqbLRw5biTE+wroBR5SJkbZYnlGkjx11ojthE1xB8rE/yP6rafZpTxF/ID7/2FN2mvMHH+C8rqCMtRCCO+FOt8N9MC+N2FSddIM24Vd9lOsppzViY8yPwpgjRns46oJ4ihYDahwjeGUOhmn9WI+PdvKzHGFbiiLyiC/GPD2U8W9yhew89mHQvPop20Aj3TTazgBjC+g7DGgt0K7QI/4IXvpyyrkj3JIxn/TCiG2wfcR+BbLZkwwB9gP72OoUDX+NmzGHjMC0wTKLMy0IN6nD2B/hB7H7iHoPY3RYw9Fr1F/pxxqHaf8xrnllVtRuym60OFqL8AqO/uNsWwsxKLo2vLAaXOvUT2GmzA+p42g0wjlq98rmjFkUcaw3QHyH8SCKgqMajHEPJxzW4iqicZ+JsR9oMbYaI9VjbYJt0h++zIihmJFOmKeGMUIeExinYL5Tp5oGkfrgzTGryIy6H/MvO/XDUX39ZTtxP5X5kIOpZkKfaj9UIevHftkLuzCjr6cibD5FxN1X1qgbq6RQFFwTRvqCCZMrhPrKItnmS7Yn+ga40myUf+h3IH5Dzx5NOgLNCftlk1+l4TExr7RT/QvkQeiXYXvvIr+ChjqJxPVJYjvi5xGHQy7yhDFj6UzZBOXFi9DOjfgH7v00r7ifdGCLs1MY776yYhk1rWeYqs8YdcLRcJ+6lz7GNSbYP1ZeOnuqJcmIqV+vvfb9AyfB86I61a6In+zDt/0b6Rh/3vfRzmTqp31/2aJv/PKyV9P9iJdNe9XCYF8AZ7gmPhdw1rfDtsT6xMOj7ZwyiGI/ZZn70cdHNMCVekhfdeqrTgvjSWSjVXbsp4x+GrLjafZJHj8w14c8IsylTvVCYxtss8lJf1Ej5lLbSV5QNhbZLIiDET+h9aC2L0yC5RaOEbz8Nki/8KN+Cp+HsjbhoMlnQHYI8ayCfCsWV+v1OFbU7VOMqfqx7gafR3PBGETHvmw24bB48lHMCe9lzNhnrIfDGbHRt8T+84j3xpgJnD8zYUREuxbp39EOKtSkd7rJlhBjpSfyvZV+sp2oT4erIif7M8WSIH0wnh2wv4BjSTE5Yq+AHvsErz3qxrlgv3uqLXvFkYJusgU0zg7ie6vshLlZFeljdA97jD/Btb0y4a/4E6NNPh60g6/sYId5GWeRs5cfQE392EkG6NFGoPtNGUoB82SHs/X9lAlOJ7uIfUSU5c4m3R28cBIx9sm6D3m3xzozON9JT6ivWjl28unHmNVUCza2CboP/Ynlb6womGzIqxK0xfTAbZSplhHpFFxf1k9tBvWj9g1Mvp5JTzLajTEZpOfiiR5Zr7/w01Q5AOk56WYRYU+cLf3Quzh2NdFoyl5qH5UlY2ZTt9eT3cW4mMHY6BV/xPuBsq0O+3kfx4pZTfi0j9jXnvhz2v9sytKifibO8iLfUxdxJpieqin60Q68eA3PdZjwDubZ0T6/ahExj05xhIvwjY/HWIP6UbXxsq9x97r/h30fadS97DvE2BNmC3AGHmMipL9wzafIvOIj6hhnY8aqExxD6cd1O92kv6iX7Ya8RE2xF4jtWxzDe+lZhF/2KY7rMK9rGG/juE421fSpr0oYVnthzlcseqz2wHrqA3th3xr7YxM2ytgJa2BdPlWUvHDWX5O1/qOJmtdDUcwPxYP/5trBn5+/+G/MZP8HZa1/ER+9enxinPlfmrle/N9M0f57nryavaoKJrFn519UHiyX/zNnv8jgzv6sPaT/fyscfidsfyNhi9p8XeycnuS8/bp0GNMAFf6zFgQIEAj08LvdpzlOFiEgbUGAOZ4XIVAQ+0NG4AdL4HE3nkdloTi5hBOaFp43bs+iUuHffhimfQa0VxgxYlb83PJfXJj2o1jT/7P4+SHnv9Si01+9E+zXWvT/hS3+NWDA9aE9gecJ1S+gdkBlaVZUPRM4DzidEpWsidBywCnUEbQMl9+38P8AD/xnlKvNvhmEF4Mt/t0Va/TPJuI/9CH6uvGrBlQVBhUBAhRJ8DotJfnH0EX4ajRhA3hmuk58hRRm+POvIYXffdz+JbW/+7j9q+EPD/n/ux7Ap/8JGPhfBSHezx79xc8evZ6QRM9toIgR+8qSq4M0PichAPL1/PZUYYCfP35VnqCMxRRBbl+VZJq9H/um2VTtA6ZnJWJqrFRCzzTgaNGrEmCKRIoYhH1cx5GTV1bZbKdsAjtmbfG9WXt8IhhFdAZ1745PZjpqP2VWpioY8ZXRIUfqKuT09DCDIyfj89jf2uM+6GnPPXpqE0VIB22MVsN5TZFjnPnF2SNietaI0F5ZoI+nQbMpIgTw809jBuUV1Ue0xBF/anrWi9ZfGZsxgt3jSBJaE3qmyt6PUUX8/I2Cq0bUMWtHjlU3AK1x6qeQUwXdMM4XPTMUT5nDYIoIOa9nh9iPvUDPptg4qoQii+3311E0CVVLfYyBnxEaj1VWE3FFIaF/3EftxkoZlBUzv1Xmpa9KRNBO5+DadipuN0YAx3UTeLx2lCy07lfWXOymdTNjZhdnk7pPdMZZEG18unncC1xBiLIaH/uFI8Baak5PBWfoWTec9fl4LkuYnsjGz3dgHmOmp85xtdyYHcLzn7KlU6Q8VSe+MFlNumnf9lMcM7ykiyty1ImPxv1E9J4qI1/7iSLAg0h82k8cAf5+P3Em7PN+jn9T4EO23B/389P1137iMcYKJhQ551/30aanj+NXFm6YnokZcNbOdqdqRqWd+rYvmkGZR88pvfYYV/7p+HkiFIl/zddtp6g6++1vUMTjU89jxqUbn4YeI/BTNp1Sv5ORkaa65E73CPFT1pjO03NY8NwB64ohFMZ+7lTBEYzP0GGZdEZ9gnkTR9zHTELyTd41wZl03yviL7bT81no3ZGf9n76mw0oU8ejKO+kA7Eu+OAdXM2Io8rT82+QB5lxn5zXc27TdecxZdEofarw+O5vQziY36fMAtJLziSbzksvD+qUKRnlZHwebpIvlB2a6OFQY4UTksP49ewZqngkP+R1HI/W0vww8k82jHoUvKrGqDHjgavW8N7iJ+OndcD29JilGp8F/LiOK4zFqdLE/by/ODqt5e5rL/9Tn6FaUN95ErMZ9bOf+lc+Q0X//PjAGzm+keMbOb6R4xs5vpHjGzm+keMbOf4nIMf5DyUL/3bkyPz/lrZ8I8c3cnwjxzdyfCPHN3J8I8c3cvy/ghwXxH9YzJH5qjbmv6Fo8VcEiOc/bBb7xR+HX3xRavKnlSe+aqP/eCUTIhDxY4XR4taNRT9/tFTp9wb6l8ql/sD9xuqo/+Hz8hH+G0ueMbdPnT6OJ75e/Bpepanv/2QV9cWLDJZ/ZVUU82eUweToAucHWYx10ldK+muv9Wsf9Ts39h94rbcCeq18suf0XUts5LhE74bRLOciOuilxSr6n6Dw40uPEz0t1vC7HIhcNPc7ptC7pcW0WccW0Wp53KO3FBfFUzkL8lEp0+yyYfkZyVxv0lw1wCFnFJ+ODa1x0atQKegfz+fzJ3+eu5eUao+BcIlF9MpbBTStdFHqioy2/bDOjNhce4ofBOklEN2BWBr2gO70mDmRlHnX/WG36gx4ZmNUm+pxv1ZLZVWj9/HAZaWz8dVM6OVT6BVQSqKjF5NJV+4SDuhdQwtb3VSqv+6ekZYreVdy+6Km2oZ/+JejPycr77llC8suAt30eLi912vMiB1gCDlFr/zhIk6/riv07rDrVW11bxbu0Zt91ofrZovmqRZakM0VMl7ICxa93iwiXSmc23tvflC34cm9r5Yaeh/d7fBAb8B9LDVZCljotp8h+XndRe82OlsUWk4bKfUgzvn2VtRsZ3VrydqThfk80IsBvejszO0tizB3c6tYCmazfxyCZaacV51z4ANl2BS8SfnSPeYK+1lxit/VLa9u3f7RqqA5DldvsWvQmwf3cNz7QVrK1zZ/KH2sN9l5aQqOuXQep4bk0tUxZpKtwHm8Wly4Ym/cLjzp0ojCi8dW3eSsO6yplWFf1+hdwcQJ8cZOecKT5Tq+oNf2gf3RnkUBtdNJ/5730loLmv0zbc2Nt5KC8O5FW0E7p8z2gV6TWM4WaXQXmXuIXjxG0taDitLHPZU7eqU07LZIlXKzlV2Jal1Nv2/YVneaJrl12coF6IVsK6080cH5/GTYkz53Qhe9s0sLN33G0ASxdsS9eTX8Z3pqTOYKioOkB+3eMOXz4QzMeyTemWzonzPiQBslHz79WVBupSJW8cvjonJtETRka0mkq41y6Jc7UFjoLc2r2vCqbB9Vy4tomsHRJI6do+6PhR6BXlRPi4K4pJ5z23XuyKXx2reOluTozpAXD6PN6IOgZeh9kKenfRX3/kVo10J8FogZu7KE3mqlcze/syd6oyaXhV7Hg1cZ516yK+2uRovh/HTbc3PLnOqwivXDyaq3m/LenqTDYKJ3lN3KvaIap22th/yAXifGxIDT1hfpsu/Qy/juZ1CvjujlYauTsEsqa9UvgINecDbjdGN9OmggPyXKIPc79AfguERVz6Wkr0PTUpaHB7XXrhefC/lOgU7YtmzSunf79Ym0F0sfs31y1+9OnaM3nDmny8lbb06twB2E0yqXGr5M/WRnExemzAxn+7guTtuLlhocWEmQqa0OxGUn5Ecng3ZSpmLumK1D+nI6dNKZ1JZLUFOXORM2pH7kebfi01OlLJVqS7qVJBRDfFjea+twsc6nTt/3Urd3zXk1JGGyWWrbSgotQpeGRm+6FMxXuZpf1Uc1+J5kslTe6jdXqdiVnnf2jZPnxWH3sKnbVdjyW+p+qFdCDdxHKhfsJfbr4zGcmXF4MdZr/twFAGSyRkqPg5WE9nNzq9cdd27Zan8+cM+gInf+Db2X7TFIuWAaQVWgdy3Olqf93hVtCZhz87I3Bc6+lhEnMUkLaH02DLwst3TQVcm9LufSrMw89NZdytb4dSw183q9EnJSgJKi2y2yfdxOR3u2MMtZynea30c7O3q2Vh5Fm/DioveQZUl8SmbkA2yCWl8IDXPhhAfXDIkCdiYr2vR+75SgPMdFC4hTLYfoJcnEodGublGUgkYya7+eA5pOFieo7aDhkNaeXTqbpOM8WTKzvlKzONMrsCYr15iB55q+2cmRFzrpuTPUMIXCXjAUQct8oG/Ucj8klQyaKt/tgeTa93C2DmY6rzyMFXPacsZqdmFPzPlCnBayu9ecuNHrhfZYIjMQq/O6NI/l3SAWEn5h287POSYKFrPh7p+OfM/c43vZHWqwslZXbivrj1KbHdYVf/MH4krPGMfdKI64lmQ2MoVW70w3zEzFyPKnc67C9VMmGDI+tSndHOunbeZz0xdzAzrARUde9HtOrh40121F1n94O6G8VzZI9VaklawrScWdFUPil2rmF+ve1orLxhclkcrX1ap2t7uTEhQzOmHb+JZ0iZYvrptHC72Fe3NioqaVV/vT/iIXWlnf5TN/uC8FQD9vT55G2u4AilkT8SqfnIx1fkAvkJs39bOKTs8DRdtId8OBI35AjJE2XHU0dhxXG9A2Z3K59Q+iRsrt2oltXiC3Ttk81vzqRqyc3QaZPwdEO+dcBgZRUNf5PPbRa3vbVaVvi6Hd73M5Iq9ObIGWTuQ+Sp6ljJTaTSToW5h7x9TWYzNCbwN3lUfTr2grT3Nnvj/RjeluV8VjrhWp6ytqtl5w4VPhq42wseM8OZRWUjd0X0q72h7se+nEHd8hexnz+fNy4yr0InRuow6bgT4EZ+90K1Y5sgmXcxaUATQlSn5eKyGnb5yGlKwCcBZLBsl2eXnYB9m1H56uze1hn85ruWOEvX5U/Gp3QBb3gF5Be6buR1V/yHleHsjtPg1nlcB3wiU4qkPGL8ITmYdKhQwhBATSnkB9cuEic8QmluJQM91rxxy2uc5usvmMO0uR8qyvG3nHSTN1lVy6EgW8+x0l7kHCjoCmp720mQf6cr9P1x7K2UiH8rxsB0E4AD3S25quFtvAFsMeHD38omTp/5H3XjuyK0uW4Bc1ENTkI7XWmm/UIqgZlF8/9Dx3blfV1PTTKGA2sIGMzKDT3dzEWmbm5GQdDL6QwKoJB7eB5T+h7QSZeNl13Pmv0/TA6y+fXv/NtG6Ca8Itgkv0gY3V0CXn/YXg4Bv/buspYylp9Sr1IgZBA96JDTDCKI+8ELuZRWaau30/sJDbKuQlniAF3rouRUnpqwe2e/Yi5lxz+qHlkiQmPShwffz66K8opl8W6aNNaQP3u4o6i35Di1R7TWZAhKwB8JW6LjHL6rzbtl/WcvmN9ePIH9TKq3qWUZs5njxhf4MHvPfKMrKU9vleBaxnHsdnSDAIhIGbL1NpuyLqRh7pHsVXNNU2UkMWGvAi1wKmOw681ZW3aZN7o0AfSmq70Spqe1TCLbH70xTYh9hSrueTLmLXuK9ZpkyyBb1XTGIySyLhcN9TVSaw810192+sQ30gfKbR0HZRZ222qNxf1Ol2mPoFr+MSoxs5Bp7quv43qggKYJ9Lsajl9Y6Hkn2k4PfbLFRf7hk/8EZdYSjutuD1xDoA1fmI4uuyXVeAd4xwSC8Mxxz7IpwrDXDMwrcnenKsJvLSdipLx2L8aH7oPbxDRlhos7r63Sdtk6jY7xxYniFOLRdZiNXgCjJ2gnv8XsW29YuA+cFDOwQrMFihgffzN0fQM6Z4yZp9QKSvGuuP9F1k2L3jI1D98uMMZlQcZy/tS9q9mh+MeCBS3mVboqdujRtGn9G1y3WJFkBOrOBRwJp2/FU7ZseDNSRY9qoymOQ3ZlZXuneFDz3a10pHuQf8V4UQ6fL5nN0rF3FxROzBu9iuX9ByemeS9M9qR+iS9HHoF2+webiIABrlnCWVcqb1G0Othb+JIPafoMMnsU2+3K+30tk+fmcwNCedjg20ycEisFqcF6hLLsG6JKnwXNgQawsC/147Jov5Sjbt6/Pld/3wgf5tx8IBr4IGk+ziu8+b/HFCNfYmTP/B7mdgUnQTfE+4kq+6xqEE3gXLOYh/i9KHOtapGN64d3W8HuAV1o6+kOyhPobmY3h8YgohhDVT8unkBf/uIZl6P5783uwtpPnJ1oQlKxnQaY7bsR4V32gi0qRXL02LgFcv05qDnTCbu7b7SNP723LycXxWL6fcflZIBfOXC1BHBF7oHPN9JO84lstwD6hdezGbLIxuRj3a9P7dDf1Q1CFjSktiUTVBwEy+I9BVQEQfe2BREwJpHoftAOGnQ2ow5tfwTOlW48EXLpVTGLF1p32+ri2081USoIS4wNfq65HUJdEVgYl6qm6n/DlHHYliCTC6DyrK4B23kTq3eXH9VMw6z8JF+09ZoAE1d6h9+SnwnsLg815ZFF6gwZfjpdR2Cv84SMnIVq+t41DZkz92V35FCTGsj+kI4LkqnB5Ky65+z6gMCju4FviSPIabCOAnXtX+kKTbnrDylOnDBvW4mKeut+hx9/JeNgkVq2Hr1vt2NhpfXE5WCR/WDlGyefWdoT6Epai1MaHghBdzGRwV0XExy4sxuN/RJrpetEtlPjDK4z8vWdKzZa74flY/qw6Bt8VO1NHFjYzB12KZ2j9xos7nDHPPsFomr89SnDUw9fDvJnzlTTtSVIUnFK5MhLyW9CgaDPZQ/3sh9ySIHD+9FqzPTNvC4qwCrtNqvMecDPrjUPsdp2uEGO6gLQlpYxhLbCSWB7kKtNMHqrLPu+WqzwYduSbsdhOxvhOEifUJ3Rm90naV1iTvshBoZkFRgBw3/PltUqcv2l6VTISpIZf4Qpp+0jrd2bY6yyozaN/flpb6yLSsszHhB5CRif3bQobj84kpR+cXDXM7IgBDgyXZPibIYfga5nYiUvuEkCvUFI2O8BT79CWqGh+g5vp+kwcm+ke2depKo/HX0Su7nLRZiz2Z0K1Kz8zzl0PgSstypUS7Aq2wHGdfzC1hyvXep+n7G+/k3T7jOEjPlG9q6ArV6MKSuxx3nekglO8Qexp96qTxY50bGYhKIHhX7t4fSJbFaFVb4wpBnkpcOBCFgCt8yfDICS8xh0fMN7nBsOtbxZfPOV8+HLN7+mWXTWhpQRL0Fzu0U5O3ix7w0A88vZsxMOuug8DD9KDDzLxbTqWLleHS01GVCVppLp6XX+qajuzwE/rYVBuvv9kZR+mQSuZp8J9fhX0aOg0oD7y/nEfjNwpLQh0PfK9r69cvI2y+uDrtHcwTwkaGbRb/GVFIJOzwqtrxzyalZSx5eGV4Sblv0qP7QQHSNV8v1PIZzVf595zSlRhv0BUEQTtX10YaZdn2KHQoilvz6uIx2FGhBt5+Byvwq5XaZ3DQHz8m6KTNHjJfgU0Kqrx0Sgrm6rtR40BMMkYgxQGwabXYBAKJH52yLlutaTUGQlIN2i419QMrk4yKnOIVkjpsoVKNqrFVeNFTueWs9riXBVzQABFRsXSvfOXZA+NsMyz2ctq+IDk82wcFOs0P2YPFA8TPUi8h3Hp9ZTq5IHVNKJjg7ikbLr4K4UbcKu73io37NKNdvj7PirbfY7vxb5Y4kxp3YainL6J2L79JerINB+ToeVDpwbuMM72PpSTs9oMxj30mffo19cZelkLqi4tmb6yfUpAMy3apB1aBQM9tGV12G0Y+I6q2xHvCii+SsZ8j2xR9VYbngtgv8vngcBFdv3L9dTjBSnl5ncCNYiLSbYzL7TTaptLxRa2t0tE2islFDFShdCzq/C7EF0BDEapCAeYmMIHV9xor2UQv/AYcvzRshWCNVZCP0pcuKqoRL0ZjU5wepsX0wjdBT+L1YiLjl1+wY/lcVzFg6AuEizz4KConxDMZ2EXoTd041OrSKtcqvIgwc6S+WhvVxvLdi4khr/LblhhEdbCKf0buuG9bzOAFnq3zln9MoATP0bjf8vV0Zow54NXsB1BY3f6B5IR0GOxkJD+6mhRt0O2RhPTcUzqLXAGqV1kx8rK4nt8PGbReTKPHkLX2SpaArOa5rlriZ6mi9Fcaf2OueoeZtWXbwpr0K+Z2P59PHBHi8pEV1VWycfbOaBAa5nVND9TymZg/aRQgShYl7wexTv9x8DQAfkX9FGUDZozSJUXRYNoQgzyHdsXmFXBrJhl13Dwt2VxOQnlsp4Mt1FcmZ68yn4LjAfNukw8Iy45KsBezvvqhXRBPEKTFXcjvgPEcFhFisj795B3MIzJpYntPWAHORsi0jxnFxjjBKn51uVo/VyPHGPVhrPXyFjxstnrXyJcPesI/qa4hFpWNzDMCpL66j/kGMiFi5I8Zs7o0Zqc//8YH87jYGNtpbRBXfSO63/PZqltVsB5XSNQIpvZp/vgPmyFkknWotEI4l14VyEJEFYIWvDinuF/yyseWWaXEabkVyyuvC1+EPlGWoWuhkSRMR7Ile9h6Qn8BcP4Ynm9CN4CHBHGC0YVng8c+gyjpxK1Pm60voXZTuudoj5J+T+copSvsL4cSeqxjQARFVtN/acvQ0hZXu6Ec0HDvAabGQv1jQcAFJes383EmODJiOVFxqsc34LMapXYj4/pFuMUSulNDaok+HCzkC+Lva6pfNi/0S+ZscDOmzEdXysMGHI/sjvPuwpdsAUNzCS3jiPvCUK+UPob24iWwnkk4H3y0sWLaycBJ1gBt6LknuV/4OXrS0AKoCCetKi/kHwVjofku8q8JrwzAFDgEtgu7Uj+ci+ixtHJdv96BugmUuYw1iFsDCSFK//L85XtoedY9FZCAgY/I6VUHBRWrFJVHMnFRBss/Rb3876UYvEyqG25+qNBODteHgcmVqQwhg5GySF5S2cvmfwfUAvkBoHc25U7h0d1QR/HCUdN1BdLNHRsoMCfwaqE1gtl9C3riQ/mLk8mlqi5+aXpH/A6Cfgz7ZQMg4clY1fVPXLqaH5WZWrdfAFO42o8lMFIustAbwlIskpAwqHjqsdxht1nE4h/JcibGZWp7WFypq8yy0v+CkifI5XYAJgDcnyopsJKHez5W742mK/ey/YId3sQCvJgIlBotMs/zWDvQ2wkl8iLPgKmMZCKotCWKezsyEaycASuf0M605mF1YjICcZPUDR1rFEWm9XHiE8zXq3STJ9QvqEE52Crwm+/uzvGTLHQX0h8OOKQEhEEjOTYwvwr5TVH37NXuFHzvMJg86x/vfCRZXQUsNPpe73/tWcg+fPTKz8slyKnHBJbAdEgpl8Y/YD3p1uI7zkkeD2mReCiyLLrj1UvWTShGEIWbRNAmaTEvPjum1xuYYCa8jh6SuHfEWA5YwfoVwewICiFzjXQ7QjCEm6QQIm4n2xkZzloIkOpx7emAAqWn5H8kDiGweXkXaePo3CGHbF6J5doh01RNJl6I01qUmIp94Ox4uJC1QD7h3rJgAh/vQ9JBumdDHi+exID6xAIWZDxtLPHU5g1I2qHI+gRyzyBcjwLaSOwAAy4/x5h+D+z62NCieIwcXr4R3Fk+5liSzUwQ9pIMqb3S77fTAcJ9oHISuLZ4FGOFMXifvGIwwh9yf7O1eKCE5HbKfnE1jZrMjgZnB+5GTd8/j6ETbGKpWxAIXMxqDzJzAAFU0MnPH2h82eY3KA5oXfE+gxGNwOnjEd27AiD7WyDgvmjra0M+eryfQcOv6ETzqpdf+gwWNI7HlITjRgQeMNnKB0jhyJCnHWy2fckthPZTUfBfgpZfu53sabAH4fPiJmHN6S97OAHWP86KmJrf7VlWRL/CuiVn27TfLfxwvAxuQ66OWr9QYxB/ufadkqK3yofetaqyv8vIcAGc1cgwE3LCwrunMJviOuyKUCuoF0A/beZBeqD0Iu0rfanm/vOoXfVhwwfEwoh4JToHZHpDHz0fYaDfrXA3wyt1SopVuhjBpjdDOY8lXMCBJ7LJd15z8s5pNLi7Qid1bbfjCgycG9dFZOMnIrCRbg9kWqVg52YfO/6yYyMkTtIBADr5i3DiwT7ZWUq5SV0JDrc2g32qnvEFWYK/I6b0CQ2NaUq0XsCD7OdM7CaoZ6m1/1dHuhdO12ZxLTc20sVds8PbFPsXvGtmFZTgGVzCXhj4bAiRjYCSp/Dy/FKJ1hhdiQ3AEJGb85wCSTwKYqO9NvALydYP078shtT59PIlqFeQ7oVnghtfXJJia1X29xolRAKqTLkYjl9YMmmRvFwiPHW2fvAjEVC1nHNhxWDY/1RHe8fMcttdNtitb5kekbXrzO4Ivs0IPMvFZ5k2t/2Y0nbHTxtUVYMpNIAnnwahxZRE7Ef15ru1f0FwhFGzyN0STO3W1XpYStyL4VXIr+soLp2Y67/bjCsyXm76nxEZfihICsgCrk84eS4FkP6ioYjijc9puCmlKf1rglv7WFRJiPHpvCBuV/nRtluPsiuEGsxgiFqiba/LREryi6PsThzujQnoIyLlt8MC+VcgxsjOz6Vn+OnIVJWgVs5bxfAuo2z43ATq4UfdTumbFRCpf7m61OMIIYhEva55BrQVVF9UChjfAydRwhV5CkqhyIcXth26cr/pQG3t2SO8+GsNYf6JRITy43/3a8CF8Ik3wMa3ZCu6XwVswCYiHyg6oKoXWHz4/DHfJgCPQcZ7K6dNYOhZkVEwR+Ev95DmVqhkYM2WxaV94fN9y51dbH37KABggVeqknD9OKF9wvLmJkz7qspHhfriv+9Pw5LMldKs05D+CsGiLspBYuu2y8NCv27B2X1AO05WocGHNEN1z8BWFRiY+lzYO/y4egHMTjPuOy/UPjMkxpllzRnm8I5PA1S52SyV8cIKSUhUKsIDJnGPWF3D+gBk6VCFjvGSW80BXwD8mGoZdCibeu2f/JfzaOfT5+wMi36KkyFNJdWKG/4pAJkHpmPOw7vve/pXKUfMIu6xXyPYhbrkqXHOmS/lj1urNnU2UE1PgbI/04JH66R/7vxDHddxdMYJ7BVI4CP5pIekOhExHHVKLqr14Tj+oC/Mb8eoub6dFUfBXbLTBPAVydphrcJRBci6GSBqrmiiTOHKwfGHANhApidkEXZXvxKJA6pVv8y9benNQA00Z27DdJEvqpLjdnfAd1g9COLfGwFdbsAX9YyxGPAW9rl8yTJyeZqL3OtGZZUMRyas67Km3ap8nt9u/iTelHSgYL2V1V9B4ADDiSoX9+EP7eOpbo3JG/WI4/J3psahfpGfz+3xlHgN/M2lPs+1vMbWaxTZ64jaYSeq8bPDEwN2ebFIfTyeNXRmH7YuAyxw2UbT0PdDT1PvXoPCdJaXJoi8mfNqld2lvvO935g68GuExuIGguggcwl8q0NKfjAFwaJ7ICOu6IK4KKgdDxFVH2D6Vj6d/M/zS0tpYY48WrIo9RhcW/yI7Z/cEMih/OGypZIgWF2ioJuK9pHOC2DN+XnIAmhhvosg+/olwNWseGQ9r7ly3HvBy3uZbFpi9epEEEmZHdPmpS65I+KaOQzabMyRdFuKtgQlnqSK1uijIVwxdIUn3Zeku87np34d9A5W4nq5soFFwV/NvToRBKX/mSboG6BWuCF26Nb9dTrxqZIFUxfShF46ptXlPC/lHhCVXx0LL+60CkItSEqnkIYqBrDE/bT+Rtk49d02HfdEsoe69Y4phT2DJSQ3HE41l55I+T5AQasVkrDy9xs4J578xwmZXw5gldd7I8VBEaKCzNOHc/dYTjpTmfgmloLiLw8ksF8D8j99+t1E/sWF+oyy13oEI2EN40hqCDKBjAtJgMgUGEC9d8L9UiPIuKWkDqX8rR7mtupL+rATfW3aoB1KO33okb4jnq/ThsQcAsOA+bWS87ARgVpA1YRut+CXY/jlcAaIffqRApmuwOotcfYoWW9+hxhE8JJ1S2ncl/E4vf6LH09AJ6cCRKqiX0BiAwZg1cCwzcBi4I2aezcb75D14EahycmeF7UfFnbuCcWukiorzTtJ2DQdRZXEwuSMXEccODGRKE//E9tG0s0/DIoRSfLzFZf8A9JB11ySgcS6pC+/1COGrIlw95NT5628PqrN7qdTdqbUm9DXUj6c8C3SbJrWNV5e64gWt/stZ/EBWRXdj0gAPcoaOpDvtFlb/6E42OiUtEF5NWJusJHLvPi/+Ha4ZeXeePfpFUxTTB1AUGZtzX7UaEHrWPkLmjp2AK3+yYHW3i8DhI8UJfqZb0T7/PpTXekLKUd8JGWgpsG8QRj0WtVLkQ1+y06BVyQBoms5iJhns8X8wrfTA8HoAY/OJnwgga86IgNWUlFMVVRN1a7I42GMLC/UKa/yDUOm5YwrhzOsMRWiKDuhvIYq8rFbaYSqEM1NYtNkhgCw0zQmDN8i79qMNlG9ljs6P6/bWNRg1uKJvtMgfZJNEIH5bH895qDL+ratqiZfNMG+DoUVAqxsJgNsmhlQpUnClkHoiWFSUNVCnTpTTURqEU0eSCXCn5xz7Xs5AfUYce9RS/o7mqg7tgyCMNwSvUQeB4nEsycxtLrcpzaS+soPiN3FPCahmeBaaP45e4VyWkQl3K6zFCi5P0iBjXrsynzgAqewqT8kCQKETwlzwahp50c3mr87J8ifGiVqcTV6Ifit07x7tzlNbB60AauOICd5xTG36hIJG60Cs7/ovJxVqaYaVeVO50rthY0L7Y4dlC1UD9gMTvDNHGlDOdVyheFhfctydJGr1COphPoHc8HMH8mTcMdVinnB4PG4j3Hjcvn76We6eaTgKMsCMGeSp210SjuVKwoxGGtD2rEji7IvFM3OBlwLicafJmiHdUyBxqmk8h1UOdDg3r70wF36sAkcwRrCg8Hr5QSkvtUGEWr2c/6RQVKy4qhefSYOfAE1TAewr4sUVv3kat45WBhOKhG7qbB7FyttzW1z+WstwPEwx46R9ccYhirDZ38ofX8x6Hw/TdSm4PKyBTn1NaPuXkSb8pPRzUYEs/KZFCAbb43oG8ffH2RQ90Y2QZMCBiM3sf4JPpYST48dOOUCaDge0pppUT3pAWEFataiSsFNQssG5Aty5h6JGy+rs1rEwbwA8MNBQ0A2CUwRhBlrJrGBB4nRLbxKcwksyjM7GeItKIrX2+WXDzIWp4aDcTI6Iwg/Wna5tOKBaBLm5Tt144Ak1OCr3ULfEJESozb0sGK03T2/PrtS6at8NcspYheu6s45yLisIO3sy7Y8A0hPXsJsLBizpnBsTl9FDXac3RWhmq7f8yD5xxmrsv1Z/AWoMnycQtsd+bYQc5NlYuHH929qoW+lfhIfVieLsZ1N0XTf9g/ZJZSr6Mgp3GETn+xljhBKma+KZQWOZmshxOkSV7fFYSyKn4ZlU17A2JbzE0bSjIurKkjMCkFN6r0b5x5W/2wzLINKT/z9kOeCxBDUzY4QxdiXCFXIYd3dZ66AJpbijSzEQSztVrl/ngkQE0G3wO6GZ0KLIc4Oa+MFga2uTM9j0blM1neW3bZJDr4MdiLP2jf2jgKIfSanKyAhMaWe4lkfDKgFIRpaqd5pU+H+uErhsn0HRGrg1zmOhurYX5fops1fu7Sy5/aVPYKBDhrWoUZ5/xyGv/OVqVNC0zRqp1b47uHSS1Skpudhbc2nlskjKt5BXTw/Wi4sQVqIIXkongTC8CpWUSPQ8XO3GHrNnnUfw5SPxm7tHzJNn+qXsCyvQN9WFzv1dZo62lbKfKh7uL7fTvXVFcuxuhTXx24c4OcGl87vByQaiu1g06nSc2n3X8qNgoCecK3FmorsK45f4tZfNXSAkYOoicCvCOpX1CDOY/NRghyW/u1kB2FdvSk5CJqSa2La/vULs4ebwdc1B7nd9R90C+GOF+oObMk816q6xzBg82reJFAM8wsjgAQzeqfAG7iIWeZvAt3HUb30TmzqHWxiTLrpM5zj5GiMKICJ7+xsJnIMMjpVsN+CR73rCRbQWML097B82FYSUUiG/hYR4IvHHaL/KBkGz1VNOdXzV5rVvzfklownk9eMNwvU8toiLvS0fR8/9meH8yxVrBvzqxT5nMsRSEwIHAz4XSChFSup+makJz/Jf23YWvRy8SDFQ8j94WwRFYbLIiEQt7KvarFoyPwp4uN3cN2NWpOEzOx6QT4BIGDXJvCcOyEPQkZw1YzW4FP7EZneTH0zjAN+9sUAv1gnuepkwA6zNdd7WyxPxfV/3E5AxsYjMiw5Rw4cbEXFDz9mDmiNfTq0lSChUR0/uobcybwpdWb1GETtwS3twZSwq8cP3i9819FlkUQFplaMjjOB+mLyTarioJwcnqgpRfZ6eryDwyT2lnKtzsX8e3w+6NXAUY7xpQAHDqs8IqsF9AzCnyeX2NDsS91CLUO7y1F908Ztj2IpYQdUzD15+EJGVdl8mIyzHT5VHL+OGGdhcbu2TySEzTJEj+CXRoDRnVr3oz3Rn/y1JfUUk5cu2gss1b/wOMnRwk6A1eY5Bvj5wc6vljiSEAZyX+ZXxvkNE4T79FRYYdohfX9/fiXtz+fzLfM968VbLAl43RA9GV9sM2e2b7LfcA7ZCY28tciY8/KQZnWZTIf6aKie30adZjczsgdp+/RTVPJlhAeRMlvSK7uEMi/zZDF8+eN5YTuQZ3KyBC2JL/PuVVEuTopIWJOttB7wQaR36rDNG/ka+MYRXOc26R2ZgJwqYx8az0feKFDVcO2jJkS5gRjhX3ocdKPQW85kftoqCG00BvGRNUu9qFSDtjvrEgfGzmlAC96YVemi9VlpnWU6oKXsakCtmRYravOI53uwn4C1WT+YP1SqprAqf3skuUJAp9R8/BHKB/PTSE8W3gtGZqD3gPhM0bySjwWELvWxRVujQABYjum66ZWkGrkGNbU77C/7r8GRe09/oeelr11fianJc1svTZdky6ycURCUF1Lsx0C5T9Ja60eA8sdiPmk+jA1cW97WhJat9Er0OpefujQ3Mm6i4vDqi+MDBJC2x+GvuF3UF+jeNiWnToRXFa+vgAzynKFqLUF/GKgyk4OExPvbQ6X+WM69u3OXA1BOZsI4zH98dwAp9nKKaeYSTcUVadVrRoG0oLZHiJoHDG3oc16kfsZ3Lk2+jbiP1BL6afkBRH4HL4ZEUJbzBWScADOL8vBOA2FzCrjdjUWHrcfciI74XoPWKNNANui0uit1tRGKdjwZzoW5X7/sBg0NcvXGn3WGpTzLvXYoT1X/tJzvsI1uVEiUdhqJrpsbgKBWhmiHovRFt+FwK/pLdXhRT2zYd0awUaKSbdhxAK8ugM2FSm+701RXIRYbnp2gZZbQVa24QcqvS0wuwnmQCQJ96PDqFkX2CG1DL1L23DId/6BK7fNAJO62oMzx2oUsI7V/OOgZ5aUDQgCjo2Hy24p92KK7bURdpfIPnzkzuc9FogKA/xt2yRgXf6D+mq2+0+v4sk3LrbvELNzhFG9QXqiPEbL7AQEzzNWXdRsr8Jx8hNyAm6QJeZIc5gRtXGfWM4RnqzS27BFOWV1oFmaPRbjxT5nN7+9vk8kTt6d07fZ4ucveFmzGlmaJH3n7h0EPFTY4Xt53M5ZnEf4eBV1DhPu8bs/SF9Pr7AfXLzPJVgLhNdG196eNBcJjwZlIof8g0FTAEwbxiwpKVUIVXpDJFSbaohYJff3SzH+6E2wxG4bYTqQnNyQDEJswYDlzFFQ4ssdeEF1HKIKFq3UVztGUQyvF6FkQ/1T1IuIzFPhA8DvNt/PT9u0JS2nn8lGX9VkyrPVvnPiFW/rC5ww5PnFqgywIKYaQ24Tbcc3lDxzFp63VLfNrRtueriL4cQrHiAlJuo6Vg90jE5tGI9zvB0xJe1r62CGMBN+GWZa52RlS0ndgD4QrLo0pjTQn8gRukRMimOXQjRBzH7DXHE1q92SfkLSq4LoBOFgs0ObM1P0yMcp61yA/4NVHK0bkLe2BqNxW+9zID+qsXoyUTLfibLtYzZLidnzui+Oyb29onKheUkOTtynrpiyDQP2tlp9h6HBZucqJwTs5Wzj8hqNoTTnR/7zT5qYo9xb6YKPkZkT0I856j6cVLMv0Fe/kyy9CuZ0VeRXMdUQUUgkmWuGmYZK/S5Mt3FXjEb0pBbEoVey+PD01jqBg1O6qFc3sPtz8FWjnJBgbc1fVpJSGgpxKFTxLbGRivtf1l14480E8M2lSKOc070vbtr6WKxJYInPvDJtjFzQpA2M3yaA4jPbjDaStG2tL1tQj68GhBzuGqTCpWUT4cY4lEiUy3yWV9ZPtIRVkeO3lG1rCVKpWX1MCetOU0+lIJwla1zNeofpWZlPt/mmFW7drNmRmPJsIBpLtV8pp2wtXX1lULyvez46jvYzUg2jo8PDizUl1Dzee3ydcEG5NVBblX774DU0zKhHJA7t5MoOGlKizFQHoiq8smrJ4yRBlolkvkBgmQ00ObyusPmuqFIdVXCv9o7oEwOPiN4XuVsu57m4C9u2ZYLSPnpd1X81x0/GH4K9rUQ0l8lSh9Um1cCVuXoTFZXoavdD/jg2UQTWJsDpecVbf8CmS6GcCjpn7+kd8l63Spaf9bQCPLsofL1VjwnX0KA3YwANPVPaDPhaoQMB13/F0uEEcjsa5LvcMfVsawZb+NIYgmD4/qKntjHLoIIpOslNAcbMmLjFuJ3aiXUbXW4iPVPrPD+/a6/IP2ck7GD0bYQ9gKPikLoKyDFpM+0O4/hVkk1oUvXw4IeqiIl73xmvLVtMPY9t27UPlVF0YP0MIjmZoHFZ/WuwTc+PzDWwmsaWLplV5P0vr5e7WGDoyGkNa2Ic8jE/UlyIXYw1+n8QAZRG+4qiXbnknl+Bxvy5K4liujpmnSNAOB5v8401h+jVIqlHzclQUOLNVWBwVDTatmmOp8plcMt9cu2Y+GMk/1wtaUlHKUOfbRaB0vLmHbJ2+JDwyde9ivxm/YYGMvKqvIZiMurZcw4y/F7ExPXrQjFmun0tSudqzuzpEygAfq9H7qMQuMUuxvNuiOnc8Tm60ftkn/NE+qCxMH8TnNhSpR1cmfg6Lfl3Xko3bU7gYyvdraiSQCrGE5PtEa3xZ9hec/mJ2nTzZEKOEXWbIQ7G/WyFroglyi3A8zi0sD/k2pt1HXvULXXzjwrCOq5rL/4Ht9LVB0kLO9N8IoN0+1gGNqNFVT15ansOc7g0loWdSoJj7D4JlphW1pibhcdN4Dib2ohDmA6jbF2Vq/q+Ts1+oZhpcBeSX4LafANWVbydDosdT0DEHszafhSU8JLZQr0gIQAhoOf/dnRGqfpM2pVoQ98JOPA2lr6k2RHNAlJNmCOLDTRgJFSgj0Db9r+w1pc0lJOPYDHLp4AApzby0EOPXr1LX//PFHf9XHAsm0P/6woT/5j072H9zMBj7v+tgMPZ//9s4/l97v9ad/4+/Bxe00/g/+jZb0/X+H9W0/o/t5T9r+7v/P3MG/f8CzUL+84Hz/+a8+f+zB84x+P8XB85J8NmI/jlwzrTUX/wHB9EFuOdsiFHsj177knKANwS9gJJ25SEIziL2yW849j+Xpb8/nubnySuYco5KgMVjVv/Svqp8GcYn9Lathx/j2MGG04tcDxuTqFC8abQcavQf13rJtpNrRu+Vs8zuK4IcFfCaIBuDWMPIAZhqej0y0AL9SZZgTGBFrUX7ysnAoTNcN3WPn4ev9S5GElhaWNgL1pWNQFvZp5mesCCkjHIt/JpY1g7mP8dgAYsKfTM4G/Gkv/SufLuZLZhKcGiJgYo1roWTYU3Kzh79MIRdb9p3rl+Wpp0Xdfl4EEfx7c1R615sjH+aotVOTg6YRPvSC13PNaKDJHPB7vrUcn1KPl/yVbSAl/bzA9V5a1KcxX7X9Cb4dnBlLwE5sfblTT+sU9BHSFbDuTQdEuQBZNLGjia+BIjJwv2A2h6Wbp4hxeIxn76h83YitaMoFS+tHJqpvoRSBodfTPfM5SaQNYJHP912Vc0+tPXkDIB13kyGn/PEMDU9oRpH2i0XvjNv7qm7+kHI+i/XgkCGOLqA7blm68p5DM62thMyko/G2GFyBWnx1Hp2cyCJ4Friaiio7fP2eRKcB6cvhivAsaJQGUF/QXfFCbO+BH1+6E79egDFPEAPHq/YHj6u28Z5jMlDs3iqZUFZarwf2by6z+WJNb1PNyY/V+r+4Cw7a1dmCXkqdaNU5xZCzs55cnNe/T2KQDzLl98mHiYMwehs3bY5SP7ojJwm8GWTKrlwUkX0TxwbMh4D2OeGgd4l4k7dJG60SnKfEG+z481IMM3yzqPELCYzxG2eaQJQqlJ8lJo9a5r90i1+9uIoWqb81ZEH7WgNQ0HWVN55GiX2vBvKkLVU0FmmL3hgtdBrsjbsASzs0AnGjnKwog2OiheqjhB2wqZm7voeS5BxZUIImukskbd1WVkMEmY4aO5PluYO0DTasKiyadtlPCjY1p5kPyXqDs1f66acK5btEjUXb7znOm4COVf5eg8J+77Sqjw2pcWbUJTmkflLpM54GzO6ihjkZqj7ugZUWTmeCPkBWevx0T9MulKjyqwjtcChhaNj8sITq1Opeh3YGr0E8qgP9PntVKj7YHbUcsnS8WXI3xZEMZ+ehon+iuuL1V7MKmOepluUbTPTWgUpe65b6qsTz2gSM6B6xImZ+qwrXW7WvxIUxneHj7Upz/4B1QThuUA9hCYMZGdqpUz77fg063b116gn0M+If3MKPzUjG0Q2B4ckoi+K/MRxQBBzvqE0KsivXo1VwZ4cLf9VrGJQmyTmw0S5YANVT58ezevbng7mzxBqnjHYW4bi+AgNxC8tiTTjDTL5y2lnP+kDrfFvLfEux3B0FnSnkfCSSZJ0uzGnXzvqKQ2niIX0CNPGcvLCKXIuKAIz9LbT7V5/sZOnbq4qeCua6IakcV2mG9YealkqBLpg+O6i1ctJTue12or1/fZr21/W74GE5FoOY3ez+cX2FzuHY8SXV7K9MPG5xfDLEgNHsTx3i8eXR5cmEOwA8lPjkw8TSFAvRrNwDs6eHyGHGJIS2IKFcSGFWA5nDVwYP+o4eYT/cjRdj0/TvpgllcJQMweWDLs2aNWkpkNUDmI4iIUgtX456IBlvDVsT6iVEL71tjLZ2Wh7XJpkhqozq9qtaKjsflXdVQ0odXNr2QCQ3kTn91M3GVPvjMqyGc9DskK+7KvhNNba5OusIxSpXu7ciMobD5zGrPmD3Pi4my854o3c2686akWYD0iPOYevX6cKvbvmPeQXq/XfaZbhTy25aqEgKSCxn7q8LWGIMn4zZbYER5dLm82bHgM6+PX35CA77mzn2xkVM1+Em5C+wVb/Pti+QreGcCFWrV+n7TShMRWzTdOvjyXer9cW1ckn6u4PzIx6qgxA+l4Dh+3c6AYptcC6QTnZzf5u1RpBE85vxIrMWV6mFB8DiLP8NyohBrMag5kILu71n1/mpsM4pjQ1S5c3sX2snvaUN6mvCvZisL+Pql1RL8gf/3CCEZSq4rVvv6Wf3YOp1t8ZdjdMPXi/X9pAFT6R2ktp0CbrcHeSiudz9qI20GB3J2U0qq0dxBdoCBRiTJ3yqewjfQE5z2+MxNzuwpUXUBzyAQ4IlJKhUFnadDnTdV7acGEgnwjkyg8Mb4NCLcCWX7AokI/DQc2JhqizprfF2DVIokaGA0vV3sEWp7LclQ88ZluSAkZN6xKZfUmFGgRQbZrhygkPzUqJzRaLnZsaDLag8zoOhQ5hQ7d9NLh+gYRb4FzqWJmAoruoFERga5H5c1XQXbp/4DUUf1H4oYnw+WXFPFJ6CYnSVJrDF4cf10z9Z+KPiCq4Hg8J10oRgoFMA88RPRGxfhxyEw/HmSkHhZKytShbA1eOCfioOsK5arIetha5OpuZZtOHGhI5zTeSa9j19nwOdv8mt7NBYvpx0s5YLORqMzHP47VLdn3E9mk4X+1QDn8oTmROenzY0ziYx/KVWmomv34QPwj+ONLjIPqHPNdHpZKJSU2huzXCSYrv2XoRm10KFBj4Kr5Abs7eeYdhlSR6erGrvWzDcpVel+Yj12CgAcyFb5Br/0np+axV8a7ZcLakX3yY8+LDSqHfHWbBrylJ00yaov5R4IExeHDEPgUhOMAr4UfaN/3TYL652lglKZ+ciQmoqw2z+WKKNwemlePL00hmip3H7jB5JdzhPl9gAmW34Mq6lr8O0p5C+503qAGHhDVjjY76BEBPTHjtBErcCIyUOCl9bkuJsUJa8bJUyP25D9PpUT664L2CHuMAvo76EKdVagi8VTZQ1At5QAGHWHHtiCkUrbCX64CVIxEKnmrQAYCsVIR1Pjb3qY2F3mJ2tOWIaVBlqm2BUT9yWo8h90bu4MwszgvScm2XsuAWVnDk0m+6j2bYZ9hohWWngTlmyQVb5Dl1QItDgSbYmtSR5q+EoMuj3FbNzxwF/LJcFffJLnPlyMkS4ZNag2PCVtlUP574gPaiHtfT+JzmLgj1KBkyETwhiHmAGe6GiiJHp5Dx0a13MikH/SIEQ3mVC8CzS5VAcrezYO7uKjzjHlVNfnCaPMr0r6KDsj3FkGyg38T0k4cbRv3bJrTfEwCf4p6+jkIkiF/U9BZMlwaN2NbyjBCWNJU3zEIXkrUjEsYz4Q6jSkIeAsnwTMNDmYbBXD9XFXXjEUQz2IiN+FDX2IiFn0xYfw02lGDq/V1NgxQiVPwn9XHlYzY+GJL0IWxHSVUNu5lsT/N1G7qDWUdqNFF4XrRKYqureTxouGqr9bYseSG7l5tgEJJoxF1ZBEnV0cBC8VEqcfUFvlezx7MpYWmVV0i4rwrSqqQ8pE3ZWgdzy59b46EACiV7xLj4Gr4Oflwlkjq1tf6p7O8+2mC1/bTJdxV5SNBAzFiF76tOrLbjHLy/Lfezr65gDLdfv1NZFUXxl7h6R1u/q+o+8BGnOEFmlvVAMyVBeLoRQTfuIiGVuwK25Jgz8TkRSLFB1ZJJI+uHollodQo4rPGFDgM0pCWVNurH8IzCNoWfJCvXVMgGIk+yHgAoIjKw8BgNFhTR1Oa7/O5f+IKj4vmN1UEas3NABpGQo+kRP3SHiYP7PUUoBnmQpdLOFsdDmdQWHVk1AvOYo7TCVtytgN0sgAOF1AuAIAzei3Q4EJDrh6oArcK2nERuO8mPNNrEq6dHGFFEnYg2+W1yvvngMlV9EZwqvO6bm5uD3RbkoLAZNHgn3b/XRUyRQaPQ7EWQ0eaf4oKrcr2hK0V6WKTCAwqrD/dz8kD7Ydrs9YIpzJ/EwjCytGaDSg5mw3+jtEZGSmCwZiEVAOiW90hO8SKDGxcl7oqUH3grJ9NrxFyYkZRSlXWDHsRhQbFIpLYCHOIWqFcuxGYTUrclq/crUxP6vAFiGV5UsVB/D9UqKQSkCzc/O71yR+qbgCN/xX7Zb5y/1JHl2A8gn+rOngcfiBJJBAKUIVGPaEBRx5dmm+q5NS6AJj8W4XzMIy4JzVqBNlB+4XYlALBJB5Ek7xEYAswE7a30QyjjvlHr+Nsoi6NtvbDQ6+8pJqB4RX0Pp05BBbAH8RUQNbXH872rkJGCPNS3KEAm3YNZKCtMjWs+FtB3kx7wp+iaf7VdssSK5B2B1mQq/Z1rN0cK+J/LQ/BilP8c7veBgM4NEgS0zVlvqsImaG8m43vQ3+YUdK6ze8amoz7nbH6nE7QwabZWP+seOQw3V4HIgp5wgf0ce+IwJ7NYMSuLcUKr0tlpMse1prxU9M8aZ6k8Jf8ZMPLm3Tge8rXzQ8G4OrahJMegJvorTOAQBivHkoMkVrfiiUt+y7Ok9Wd0TYyKW4shj8+PHE/vZ/lrDdDZdyx8aEW5uoihv4yr8mprkp80LbQ+TTNx/3pFV7HAn+whDZy4EBrD4+Yugz97HDpHPPh7KUIn/c8/suRmNIuYXxI5jSw1v0zEHnOsKXkQvhms9Obwfh6gvhD5Q24Z1BybXy45q+UqsRfQtQ1Td+LSkNbZu84C/su2dC1z152IMe5/HfF/jqp8k+5/8ZB874uZLnnqLXnrLQSu/+VIvxeigGoh9sj3v0dn/+cdHDF4YkSZ3znNGYzW+eAM5iC0GRKAR+q3//7+//7/37Nx5mSI33U2n0Kice2m9vzGmkSk2sTFgLyOQuyHpCUvraMPuZ7+8zjs//7Y/7kv3++98pgKyTnNljyyUf+3rGOY+mlwgKZhfOguemq3rP7ncej63Y/tvQZPRP0/zucsopdcD698b+ob31SficEvCbFPfoM58f+rOb17Sv8v11aKwqk9/LtnZGv953HIv3V3s5tExpFJwScNqT0Isbng0NtiqfdzMpi90ufw64IiIHcsyIb+838yDpfB0JkPwZPD/ZF1KPTvMb7v+BFzv/d5wD3+T66P/ffaDL6g9zO4/jI4m9SQv/17I+F/nAf6HzXkHy35152o+431QJf+VmN1/L9H8F7tAVKN/9cj9P1/ksc7wsfgzuNfc0z+yxz/0x5b4t/+477Yo0l4xY7Yg338Z83dF9HfcZKomd9x7DRq+kxo+DSE+mw0/vsZ/Wncn/RE6vYRpolhEOV179/jvDK/jrw3zjg0+v8q1/98r/6/3MvkfLBD/9yjZ+ZSDLbQf2Xzyu9fO/hfVud05mhA8TD3MWL/19n+B1v14eDSnv9yNfvq9jO/YV1ZktD4P+gQ8FXmiyeSdzal7zSF+LfSjr6MZzr1bvp7vLjp/f38AZL876/4LxIE9oHbiNK/u/7KyTkyGMTJf+3Q7++3Lf1oXfzqyevxuJl7Nfgdi7oD8Q2Y3P9cxbuC/84T/dsTnsefT+oV3nkl9377Hx8q/vlU8C1QmQuU+0PTPE27vsMEUs0QCmKUjqP0RJIR5F0K58YLS9PXyVoQsr3VWkLHsmgzLq2l7ElrDIev/ah7W81OBbKl8oerQIQpED9wLGhIXlfsKCSO/WJ2WfUO3X3qZT/66H3+zl8V/yBb8BMJHirAv5NpWBBH3kDDyzZ4QqndkeonHzCaZ9j3z//x7xVb0ocaV+B7vPyGor8/NbTM7P8cdBOefx4JIlQV7MmdfDbvF+R/LgZf1+1hs6ofTFQxI9YUuL52eP54YXY+Fsjv6Zrn+fccrQcDuQt1tfZ25doX0kUvbyQeNK0QDjyDVKB+4x+BzNt/X4QcEeBuVFGNMjrbL8LCwco1N+908p+ZCKxPWyquCujdnDQ/tOL50RFNPjpv/lAFfcXVMIyWdQUUZRQVBSPg4JvgIoy1/tNiuYJGWWEG5xCEm/9HBrTOYJIvtu920Xb7sXduwb9zQDiP/vlZeHhl3prZbfl8ou7gwPUocj9fPOZeMdcBzX+Nsnl4qJMdlq0Z73lyyJgxnKgoyfZPcNZ/1b5g1U/FKJCB5i3Ky+a7JZaWHnE/y7RN8lATfmbI2n+fqduzDbIGEiuXEPuBsgRz5pL5U3IVr88/2Zfne9cq+SZyw7CM3U40/1PjAAfNSZQbtN3M74y3QYicdZDtYQe9/jw7kkuG5Wyjlr5FcfzB09jO+bsmP5dm3wc9YZbfNce6i6MLB5DMxlq2JcEs1na98SddZpBek+9u6GzOcN6x0XvQL3/d24bxQFN6t5dA50zBuWRs1zKt0Fuz8nBa8w0ruz6dhqNum4/4e54XyJvTXgh7Gp5S7oBYKPM0mJ8J5ldu4WyhdioP9GhY7gfS3O/Pw1N8XCDND2sfG3Fw4s7oE+9ee3/DfKDznOzUDDban170gY1simo6nNsvbggs2YWuw8sZmhXPsYYNXG5i/Z0nc4F5omfalg0zfb/0uIAzTbcvUctWCz44QiwZ2/D4ai/TLBPYmoxDflvJOc0Ysiyro7dLQihOohBDRwPXa+ptO7/dwM5aX5ZZUvuKgcXydmOzrjktfZYV3g382mtzs38MkJLlKpT9b0x9x5bkOozs17y9TKbMUt57r51cynuvrx+x+s6ct+tTnVVJAwIRQBDMdwVpuZKm3jWwygeCSilmnJIzZlN8CJBzfF2V4nedzNDm9m4TzCbvn3Zap3tXXKNGam0W0AyMlYSSVl22vh5ffA9kq0x90auWu9EvYdxz6dnzxttxvdjs8Kwh16K/aJqSMwtxdaVYIzpX87gGthFZCjeXGTKoMwoTP/6GJFYRgW+RKFVK8JF+d+3kTi6DAR2oPtKKUx3ibYOFqD2MbrNPc+prt2K3XbbqUQDbTMzstw78d6ke0hFSV2iIya1KCkHLkDafIEexvPeEvW7sXYpLpyDuVFLGqa29M/3XSxaDpDTv/1MWO6W/17criIRboj5Jr7V6ckQRy7iGqCKWHMQMCfAAH9AxnOd5eFs/qceUKsyEFuA3ooftKD51VEkzalmV6oVE0JhQo5jTPOvvV29Tf+0+gG5DNaYqB/DeZRjmmEi2CanXb1i0j0ZJPiseSU2o8TvStfejfPUzPCmt95iWXameSFLVMx2JE60ucT2OlJR8MaO9bobDyv7MpiGDBFzjcWpFxPO11NtYq44r2TKLpFzVfDk50/n5+VVEf6m9Wok7qcuKiYaTvYvhnRalSV9GKYtoOdAFced3cYyuKL6vn3vNvpVk8AYsb3ZAQp+acBRoDNu+Xr7nZAlMke0nDCiZb55KVO8XkIpDl+0YKq6LOM8MYyw8s9JrIzQVVj/amSNr5nTKctjbTzXbpdGkoxT6Vyr5LUROzBLdb/Qp+rUV7KyCaUQLRqty1ApoTDLQbeMKhrUNS+VqFcYIT6de03wE1RtgKaYNSuzzZ/w8ks/8KAMHmYP1nDhLnmjD1cwGIuMksHVxzuhI6BmHOfon+nURyVi85n//Ws2BaBTp+D6O8lzkYfla2brHT5gu4X7Jxk2dNfWuXvWuQcuXaikn6zKr1LdfqMlS3yihySS9uR/tKZ5Jzkaa4k7HgiEkqr1JeE8iSHoXi6+Qj88Fr+8GRu1AmiumZdKid+poZUV96F+rxy+SWCJJofD2s8tM5jBrGKCqplsCdbTSLQ+5HSRPPID2LrNhcZSngQgjNBzvl5VhAa+9ADOW740fdZT6jr+6ZA0cbNzCX8AmP2SddNvYjRS9MMFBJnihwNTJcEwljPpKeZMYL4YfNiwXWxg1U4UN+/np0SP3skY7Wk62Uk6XeU8pAldjUxv3KUaMUNwKdZhx6+aLw1Ics8jrxdsBb4kew6zrn4hpbVR1xQpq5iw2eq13WxXtNa9We73k/X5O0mmGoW4lMi2FzoG3yntYfOy1ObWHv8pLyB2+LDX2jemEr85S3FLpbFVeSUlCRctsaEG9zZaqTNNscBflh7Okd5lEOfkEqqSqE0vTY2Wx9175qpcRwCZe122lXZRQjqUCLLUv5tBAT+CuM21xoMr7jukw8dfQCevmSiqKoRfedfSLglRqWu7ZhDMub1VJvKmS45hb2Fl75pXU1qlAzTcTGc134SRHsBceJEvkVE6VdOUzmOUysL6GbLofUeI4Pe0QWXreVThBTWbdijijLOadc7nccFS6I+RCrIqnMDDbWCUfeUVlCqEsSXt/u9WFEZqN+0V0YrxH8hT2JbsEcta7b7x8I4BFVWpcr0OgDF+WmzThdZGj80bF0LaOPlz7UmWRlEeTd7cRxmWv1UNwL9gOsLZofSkg1T1ahfnbB/vimSXZvevu/rAjXb3BObgrXKtly1Y4ji46jFaG6fP6jpMMvgViZZRNRcMKY+Qvwf3VRpBasemxJIDmBpnLfoucN3goP3N4j/vuymCaPzPzx3SlYh8gvbxirVb0P4XZ4DhOPLEBlVcGdgaicNTfx90d2oje3f03fO9T+2wCslEtI1kVtF7fWGbf2Bv0LfXG6eR8F4yaBcYFABBK6Wt+Jy6x74YbB9pENO+VlSZ9GGJYE3OFIVfSnmQLu0l8QzfX01MbvV6LQH3gW+bbGE46kkBuOMgPThGVq8omx/5DzGrDcFV7oCjuD9rv+sJC8p77iC7pqYmMD+TM7/Z4bKLEljyalRoZEaolzMifNOv8bNqAySyneAJHdLVUqPQJfZd2HUbjdJDbup54Rb2t1mE5n19IzHBypbyExZ1gUIUAwRdfZ7u7zDcCEhRBv3AOOAoTyEP0UvhmPAiuyhCFo+m9k9spNg8bZMKC7n7dD4Oz3UuUJYf+bZmyBqFziNFme+/cxjcyvqGl0Z+IRrywbPv2pFa7oB/t8/yQ+NRC/ipMsSHFwITNSjitkpMFahqs5SXdO12qrTTNP73PutLMMAX63Mkno5KPAUX3NjMl9zr4oAxoYXsRfoQrc+dVJSfSPBU26y23UGy3jCG4/bZFv3g1nLYsX05AM3apyJysKjFRNTa52F/txY9k4HCxTr2IMzr13tuVcn1ZzKVZMvaiE+PpnY0mXqtsgJ9oAtXLSY/qlsF3BR6gJUdDKOIPvVWcrFGF/o7LnfaBC+j584Bq8KBDEuUF72Zm0SZ6zXdWEg480vF6GLGxk32ypuaTrFbnrxxB42kO/CMsfG7KgyuY/6tOQrhRW+cfuamYlCK2unq8Pz3MxVLFgwh836fSRm0Jgwx6PmNKutnBy1rOl2mwyXiEy2N9Bkib23ej1FDjtPebssjzGWuhsoBWdDnBH+f5tlP/j8qx5xAxvSljxbDOP9b6SJbA5NT7g8HqRKROKV5LXofw2ySLoe2yGu9ZR4rA/uIcCO/BwrV04RO+HiWePIAq0e9Ah6c6WnRyXyf07vzrqY3ScGCbTdWI1H6SSmtvHCddyTRZ27TKLVHomqtXgXOrefirWYB+LG6N1DbhpP13PR2hGpHTid41Aaq9pCLBacZO2bpTaaes3n76Lt/gSqmhozwjTQQUFscSEtyUxIMn/MV0HY5N/82ITjO6KqvD9IpFvsL2Zf560E/yKc96rU0HA/iBAXyYcQ7sIrI07kMVAZpZvH3Q5xvi3yW5LlcQ4+ZTWDf9LDvRaqVKOSgMGTK3jGEZHj1Vopc23ewmUQpm0dZIHK8xQcLkvPDwAJgB/W4CRndZNy3kMFPVpnJS6QRxaA1TVTh7W33lBryBEEv+rziUrZIz9vnJPeq7iuc1PxTB8zUYoCC1vIt/3vgTTivK2WFmc+yOTYbL3cqm42KFUBEDmGO7fm/zU/iQvZc4O7ZzjsppB4/7rkh0TvCNDgAhJzOI/wK7z4qaDZBKf2iJi0BM0Ipnnb/+f9weLIE4X39tC94x9MJHNNQETou7mHhUdBBrlvpOGFYclALktLqy9rcxnJkuLjzyzHrrbDi9/FcC/Ld1OVbnAieYxABppN7it+lTlgzgg0OQJ/8qEbO5kVKDcLCqTML2d2HrO6UDnKM5qt/QX/4iFiy9aKg2hBa8ECD7I5G0TIXHr/54uUqLlhpfSSNHpuZX2XcCu61iPJg5/nvcrBNNv/IA/n1ZAA/dDHJgsXPYR7E92zbUGjuqiA3wj/Rt8ThN7/oRuhkJx+Lzxr8kCttmZtnescOWuZEp7UHTyr+cw5foY7vsKPYRIyip+tmXopcPri8AMzUbUrbhXdH+JDvHLZdvq7i7z4aXWMNx2m75flIOFjwk5yX3iwaGE5+VHog4RyRjoDRqKWIYZdAsjd+4gArG5w3uymX/9cW6Wt3inVtddquDuPxwkFzN3gN8b08wdytJXNj8UYKzBzisz2gXZz7Mi70zO2tk/Kt6RX9ke1LL4xDXsCzqkAY6U3bQ32l5SAmPxbNv7135E9QaTzwZzkj2AE03LwTsonZU13W9yoUAN3QNs4mgbmaCtSWtB2LtbJoTpCvdGXYtRo48XV/s5RGTzPmKTwqsb9shdx1SLTrsmRyDJpiXJLm2yYcipq52+5nSJB7FreFtPc58wn7h98gC0swcGiG1M9ZyveZ9uoSVCZT3+sdWna+f2BIpJbvppGt3g1Tcovy0jG65xhFB/iFcEQKemrjhsbW+jQT0pgl03QvMyFZjYf9I3JJ2PNT7bfqIoAxnPF1ZJowsuEvO/nHd67U4QlrtpgBCZ3rx/vJivIypSeNxm445KjSlwN8fzQUqYz7mLQVNy81h0JR3x2P5MtH9bO9CIdrVLn+B7Xu4Jii46zdjSkE9zj/uUiF432885yL1Rn4UrHwjP+uTEfdh+CsLizr7xCc0FqdE+6bHFfKVVBKTITn0M5ZVQu85Xhsa4bPT86b/5c3qz24pY/pmR3jPVNatTDOtXamMSHKN8wbaVhGAQpbat9CEYSzhdINNzKgECY1ZZd5f0F+kEFMpBMy87N+hUGXPDivl/G8X1cuzIsClvNA00Bydk8m8FZV4oQb+72Qwq23x35BqoYs55QRk0VL5XQgMdxCD0Li7DD46x/ks1n+HPcY91noPPOuWGI8AyUJXHZNUOBv4d3v40bhV+LT4wV+1kS7l88UI3veN7ZVsqRmaZkWkQb9badMSSfXB23zMgfeVZhXBEiCmGEIkBG918IT1W2IyFwZ4KfonP9yWND2wrb1JNZp1vqALCB/QXvGVwNh3fjE3Ng0wBkOClUnP1REWLw8u2rQSN510KR+5+EPyPlhMsprNcIGJR9q8wf0MMjgBgONkIH7ELWm4g712bfPU/BRa0gu4HsuBK96/NM6rMmLKYHmkDqNbP30i2IZ2niMQkBmO3AD8URz2aPGzYwl/TWtX0LGDDtDyKNOba7sU+yLgY98IQVrmO+Prt35q8R1xCcdfgxJ+SC4lXUZSVB523/tPkp1keDt8PIpoRtVu1Nhp2SOsPPdsXWGJWKDlPXmUDJ9VyduRip/XGyKPz6DI4PfM6RU4mGXeo80opH/NTYoX18A3RNOD+26o0Unrn9ok26KjtxgqBH9j9+rg5vKmg2ykjh+ZO5Uv4L7Zl2uHLyHd1MAtDWihw7niOYV6iH0EIETgPBaeKYW12XHQeyzmq/6SZxgRf0Lfvu7zHAFuVjj120sas2t2W8YrzJzdYsO/sdmbcfEfRbVa1l3fISwYto+N86nCVHFfH9OMdr0hzFKLPhe2BVRsHIJh3rwTkSe755whkCLBHSVq5ZgwjnByEZNVz5gMC4pvqBA+XTR8WIIuTty7CFy2PhWhEFXtlWwZcdymPPCn4CruasVPPScuJQZ97x1WxCDqOsePoVmtunkW+byL+JeNX3HIrivjJBDEN7NE9fY31Hz7BGr4s1Kp4kID0nzd2PwBcrS47b9Jk/OVJ57N4cpindEST9NUo4qjM/m19H0JGjpV8XpX3Uu8W5KhDYADyw5SSxtpin7wzSVUVzrZrq5Xp1hwfx8roFkLmc3k5eEnTgXW7uLSmAEluYaa9ERe8F82wIkywSuoMDAFwpmt4CWcWZerAas/q0Xn6+hSaanm1oBxcUH0Lyzi6ZZFBqeVe/USASdtPjQPDR5Tt65HDScHrr7T7hwaHJ88S6ZEHkOd1ai0hlCp3aP+AVAwd2do3Jjxqur+FFv82+8vdAsv6+X/ZlkV8ushSuEz1EtIYJecJzRfOhMdT/coUgYl3zpUVRiobLwo93Wdm7vicm3KbtsB1Cx/1EZXXTgUISpyobDIZv4UKaY2nmrh5tYWhHDk5uI823L5FI+0eya1g0d0+FHnL4+QsM98KtbICFZZro1OudrrYWNYaQ7tBjOPP1SkWmvwUbYji16DLRKPkfiMpllwYozHy59j8UuUrB8HhD0as15USmrxtY506qMxWjbLvVITWyo8o7JTdAsgSZ13s+ME3/V3uASzcmv14s4+F7GmYzfR17FbWRNS6VWq8aSIlZZV/+625ZGNpJtbVpXqvZ/48PUO+/bQw1wHXhM9rV6M7ZwqS3o4j2p9JD5oC0GeKYgrjDAMGyaozzmbgwODpgCFCfoT0kykOy1SMlSBELMZEDlTvCioGAAjTm2aivUCeiEaDCvRg6uw36JDu05s2CYAKc4GPGKQEGW1hRnP4dr0BXRj17nelsY8NmN9ISk0t332nxdALysTS8sIPAtmdSRt2JnnndJvB27Sbrq/nBeoJ3abiUGJLhqu1LCAMbMQ85d31wDn3vFtAa520mG75tHY+Qqvcz2ueTdg73A5BuQ1D/bkBDjnTZM+I7EAQqnFqJdov6dBkwImO/WX7L8/DQ1PvE9pdTQfDyds4H8JORGs/7pS1GeveUr8CKbrJQ9irvG9WvPtqYJl4XD9stTkhLZJMlj8FxvwkG5KOvyhxoVuYZId9ueaUEmgqeiNvx/zrKyNe3nnrHndYnpB8OdBA/vXuUZkJXJBmXqbSM2/55B4vdq5zxOKkr+hHLP5fw0UWz3a+v/6CICyynPRKA56FoAHHvj7J8YrkmOAPTA9SrIX6HYG6nt+2Y5Be4In+XjlVIbvSrogN/W9WevJp2HL20zVuoY6BQK+9tJmP22aIGR0S66i/5AR05q5WH6/Y99CWmxZivsTqRhl5PcFbh54gZL6SlI1XgxSMJcBawgru1ZLfCY5TN8Q6dgEApF9/2221Cx5qmIj12N2v4b2iSU5sv9GH9goVy17Pp8zB3HMOFkwUb99ksIq69wskho8lgl1vGIlqTUzpaAxzBs63tPgr+0eCZKfl/3SmrL42uhfE6P3D0AKI4vAZNYcNXevHBVa9gL/BQNY8FfjNS/dYsWY2/rPmuroy9WRfHZsDbHnCHHB+pIwsokh4s4MbKUgZ7EAGeiMPOvtswxlDZCCWIs3OKfbve4fQ8/9kiSkkMhnvsn0T99qcZWqMq8f10dmNjK4P932m807qK7VK7cZM4/q1UqqNRMXcvjTS5cKZcw+2SMv6kKiA2lb8Qi4Ggf6/ffwxFF8v4mxa77WKmBNHY5VOab9r5X+s6aGcYjc2ZQUgTf2Niw2SxU4xMg6HSbBrksfLgnVeiq6Yil+yBp3UKSRHUtRykLTjjgdheWKXfaNVWyw4cFbuwstCVBL+akv1LS6bdDVX4DauskvrlHLzgrqeqvlQoVC8vXU3IacptdhjbgERwZbZyBDYjB/Gjg3BPzYcNuLI/G4R2R0fZT047pFFzUeW3KSyeSlnIp+YyEB1g2YBY04c0YnkjAH9R2KBRb+ngR8VD4NeS751nCZytSmaSNH0aL0Qm/97zLapRVvROc+HjkEYiTKTSJoB5QYW0ZuCVZ8F6ZWU+OKdQKMP6QcKAMKOqHo0r0nvm56apAFgavBQEdAK6Ii2ae45u/0Rux+hHgxIpVuZJqSLIVDKDaob06O0u9PvduyoVSWbWJJRY0X8m/hx9Uc0W0SKH8GPnGJXGKr144oj0GtCGJ6Y/HktJEOWjPceN+TtDocXIQ71iiWrEsT6Do7Jg/mXYEXJ1A+TWf58wPcb8BT4BEPOvIFG4thytwfIF6kDzCbmGY5Sv4sf/lboYdINEvFi8gBKcCMbfpqLf3ncT/0E7pe8mT8tnkH0iIyAeLG5X2sNIHjkTEVjNqtbw3RqYtZx4SHyP0abb8yeO1YX9GSrF4WqEEhnFp4LkPzOJzOrsrHoOxsjSzAr5PQ2ahVnNS5huZjwcb3HIB12xzDsZRQCt819RB9PRA533jSsB/HxXLu81ID8diQnMbaT4C8i3ii7F1XeGzQay2DzKFlSUq2mdK1yOSdJDYLH7S+9kOGSBY11AdqTy9XnptSP/ouuCO96UMIXg6vXQNr+/xpJL61U3oeZgRsbLu4QYt6XXdotMeQV5bmL5m+oQ2vHdL5uvjyRih3ZcodLYqWx/JUZdIjHs4NI+WwmkGaiTzohmP50alM1nBPeGOuXbWrsKJiv+MVNU7Xo4mXj2/T94KFCENmbTe/chVanlueVAva7cu9FGIps3fDtDRVUafTUnVAfFeq9ZzHNP9FjnCvnKe2PfR0wTrdy3fEHvtJum6hWtWBRC6gGbYsOQpFvwK/2rqmgFREkFaELKOKkp6qlIAjg8DuCZilHsnfzVG9hGskxqLF5K9muzNC7ct85Dkp3W94DwhCC306WMu4m/pcUnfpzjUjqLETvNjHoOHQ81dPf6MHEHhsGJOcnFHeTJUmT0QEWGJKO6jWafl3Ye8kABVXYKX3FGNsMg3cEX3FM9AvmqFKcWWCnjTGvE6aHdy4mew2ndVVTj/EQwyOxf/UpPzL3rwO5gul4fYy5NeRM9uxFoGW+h/v/HCSTjnUr6tzj/gazTTPufzAsA/yQi8nRdcrZ4gZtUr6m2aec/9CK3iurzDJZoOmdXQEZEIhw2EDIZAjcAirH7uw8nX3O4ZHxsOK/ut4IUagsJDiJbXyrqr8ZqA71s8xrB2gnqnPvTBGc2bFdj1U54l64Qz1OFDbPNN7ONvxkzDZqtos0KRneg9Rq0hhYHvXCBQw9ClnR4g7EEGgehP9hL8OWuymep4+b3bn5NteOowF3emE5Xe/1uPkyRh3sK42ii4EG+SKGESApEz8V3+R2Xd3k3qNTddv43YqIWI4ryfmd5BHWUsSQqa5s8roX/fvdCPOj5DVSvwniHJfhFWio19xW0v+ZNy8ah3zkm7xron4CO8hPB1eF7rJvKpl6ucLQ735WQc/RydLoKzyIxMMB2QmnNC92Hi+TsOFSMUFeV+Q+4+9z/fFD+S+kLifEBd37Yuk2BTDmbRpaZyJNAL1C3IkmKapaVbb8DDqEHBtF5du4oNdwA5I1EP/5bVcQBD00EjvtEFpiFacU8+HC99x4wcbw+ZTyr+DlSJdD5JX0F0ihZtc8I3EjdW6FAbDP/HWtgqX6t768x5XpY7khNg8Yq51LjrrWdG69LqycSfCmQE8oOVDxd1/7CM401I8lE5YnuLQQA3Schcldn3AXR3DAr3Ty1YBgIFq5uhxbjK+hKnFQd827JSd5Qi1fyq1N/pTf32jjK1rkLwHhodDUCDDyZEFaN+VmV0sJwX42RR01hAl9rhzCVW5hsEaHeP807lJgkazLrJu6uNOeJJAsWsNWf9iBRPwSnp/pFsNXUdXg6JFZXOxcCv+p6OzqJYRRrFDA+rb2hiSHckToqMpIiCx99eGaBNguwKjvAi0J1o3Ie1VDRG+2Mxr/j99mlEa30DVm7D5/kjoOL6FOfpFgCZ99w/b/GQBiYefINbGRfGEKYoYA0bvyQaFd7GDsBmqP56aJutKxJy5YxDmkStHtdfmvmAKsx3d+76sQE33M4OYHwsDtvmOn5Ne5mOpeVZLK6IXbOhzEC7/ipP46S5RLTuWevB4YTCSoL/BDBsq/HyXiPp62rsGdCRHLBPWwU0eaP1pJboJdtEoGAVk6Wf29Qvh3AkRLChIUQabGhAsX9LY+Kehi2SfmnDGbMbv3zNELG6eDgRJM/Pvdi7/vQ7CYGxQBRNGV/it27kk+0SYBySBHTgtg/3TDP6AZuXxaIPNcwoCW34syUfzR2gCTfbIZ5Su+I7zWwwNUUS7Kk2R2Hud2clJOxOU+edM1hxCUnhhv9zPBVs3TUXIICGoBaMG4mUljH9uJCjCFZfuqAWKVOpD/4venJePJP8AmGfquXHJJwgQm7e/n6DTbdMhGoOCaN6MuJ8b8OYHD88br+VJKf1TVZaa1DLezcYasvC05CiKD5xfUBqGzq2gOledWTc/4GScSIEx2/YVK+NPqSk2tElX6aNZoC4BbzFgAnyznEjM8VMCJ1+0L83N9AWV/pMvlhA10kpw618F9bY+Isk8SUatSE5j96r05dxohyrxUlvUE9jtNWKfF80ClRPHlOqLNziPf7/PijPsg0T9gEmqGMrrIzrDmT4/FtTV0JR84RMO2WyZVcDMN66ihm5hJD3Tr2ciMehOzEP6LdT6d/Ua8jhTbW/bZKwt0gn3nwkQ/+lDyf8KSVuIZdL1b8kg5jUlr9HBNZfjQwRGQzqkB/rx8+SfKNR//vgM2e2gzqH1iFYKjHWPLApTWfrxEMscOh6HWZipCcLJjL/q+Hsi9tORuK0bDTKdkE8NeAJXEddq8GmNICX1maEXHXHlvwCQcTUtx/odLqQCPcnPkohhMk6k44fVZC1CZvz+KgP/DXaY1ILRLko0h4v9wYymi1/nmv1pcb2zGnl1xnf4MKLATw7jM/XAplw5p09lDZBBb7z4Ewx37y9zOz+A66cThL32j/8dA3vyIkaiv6bPlbJu+EQD3wv1Udw1lOEjgEtlfeHGe1qg1PZH55BNUPbsfqjxQzf8v8oT+tKMli6Bik76GMs8b6aCpoQDH2N6eTzeVtuPZODKo2F+1ELur6rHqo6yhcivzUO0/31/EihQrFix603df9cGPALKhzOJIJPAfydAE+HBCnQxS+wVY17OxnibfBvgEhyXc6n518x+W37iUNgu4oAdDFyPTw17RpF2zv+mzoD6MDW7jg+ndXD+QOvuI1z4mywW4DjRDHL9Ha8/Cp/92CR1UFlNmHqwK1TiW1fjXoCGU84wvUNM76LZF/gicXY/4TDyyHYUIQammOHoJJ5IpRGoPfhI6Dw/a1BEzAmNT+BoMqG0VM4exsO/es0bXO7ehg3cyyeY+dMjMpViUYZ06E4+dBhnX9m2Zkd2lHpKenb11wCbW3Ht6dpvEeWqBXbWhVktdepj+Xt3iZstXDgWy2/Rnno58g00o8qOK7RCfRiOK3uJ6zc9/uCOi4Q+Fsian3B6zk6Eo8VbSrjqTRxXZv/2W4EYscsRYl4vNWeOF70euLoUZWjf3U9XvkUKrLT5FIb3CYHLcFfO6IKN8oGH4fvFryg9hRSr5129KeOaN+qqfudZ77y1IoK8ijEbRp9Od4BUO6Sd41JtfbVeXH8eBrZMhayC99rk0IArAisIgWOv159zIK+bLMg7CGXmIToRgstGqN3NbQK6Vd1Az9mVl0+9YHtSx+GnGwRUe3E/eOxj2PcNb5SrAZ2zO0BcQ41vr95C8PaEOAlmuNL/ISEApzNLC0rOvdiY+KsapMTINCufrUkI68uUxgRulX+Njw+YlrQCEmc9vDe5RrRREMVt1Tx274NikK9o0Qczz+XFNl/krQPUBG4ncCmtjQ5EXfwSBYeXqSuICfXfLXZY72KT6RayjH9FZntG/ctftlockB7k0Ff0uhbnHPRRx/KjsUmxAmkgU8/5YB6iaKdQNTPQNqiP2WqU1bSy809LmOr9d1RL7l6PL069SIrUYn2ezn39LOzx73zTSxfUX0kRLZ37qXpi7wpAmvf2HgMEFnnYmlc4JQb0/EhiZirwmMAe/AaAO/hSnuE8zJA1gZn6EhVYShm/7JFv/L/0jLIs6bF0GOrCW0UfKnOr+4WOc2ST8x16Z6qmPywkNhDs+VsqNZkJqltyyNfl97iU3hBDtJj/4V+Q9mmp3D1JASnfT0RZSoeSR1kcVFajoP988iUIJ5qIuThkEAkyXzfc3Yg3uU+nQKcnv4zknrwcLq+kceJSBd/JbJoFKs5NcIheun/qICJnGjiDqX9yxMDxDa7jZmrpDxfRrKMlp3zBC39u6+lFJBNA3td0kYJ9fXZZ/W44Tg9py3w8/D1zmxasTGDGepxWP2zhIIIMLnWAzCv8Qbd9K9YnC+zvo/WGx5VVRO2ihFZFebQx+Oj5reba/zSabAzY0oHs8MwZPSmYxvwiesTY75vf4lyR1iol7+4s6t2jVNO6xjWBlIwZQ+B0aQSuWOv4hurklpLO2ZSxp8D56vev37jUSFAL/lKVzwdfw7WLNUc0T7VgEw+2dEq+28TnJBam6DrW47fHYSVd34jTwfmZJ7T5OXqDq79WQf3dwvBeNEAHw2L6xy9P8UnHYSnVQDdN9k8wnKGbk2aa24l9o/9OanRFXj3vzYX4p6hoXzsTG5T6vscTJOBgFiZ3TdsPfr5x7C5SHZBCWiwh3HiZhtHqItfnyBMh+t3IEjNy2E89xFhIzVXlou7uUUOmSId1Ty98VLE3aQ+We/INfPvqR8BtPzXkd4K60RAYBD3oqZ6GkXsVNXW1S9tKfCH5fXrygplHd8ofajj+4Xig8WgF4Wu/YNQlJ3NlDZ1xou4EilFwj7PJnW7tP0OItokuIf2VeejE+rndwQf2rEBvQovVGJ+1mn+h7QmUz0VFVkuTYQP/zmXhO+RihaW83ETDfIffVN0bSgK0qoTJ04MjlIRMky5fwsXH8woxjTkE8YmAthFnmMjRBPLmvwX+8AnmzNUgRWgix4wjny9L7OijwYejbR6aXqFr5cYVTgrcbXI+d965b95AcAcpbcjr8NVwyL9r9ku1cTBndNcVPSLXRl5eoKB8GPK4KOtlzUot0jBB2HgxSwm9Tr0wmSU6q8knjlQN75LSPx2uybOC+gqv8+SaG8ULnPnoBV/+ft+O1WHsEqtfZrcsWtZ1Lken681kgAaWXlBWogcBNu3j0kKZU0yWZpu4pG19sEgY8QRQRqcRKmyCx2WhDU2872p9HBnJ3uPPGAdFTxZ2YQ0ub66jSh2U5cUzXLj5PS86Cy3RzNvqstR8VxCfz2AmXrOgR9mYXzkEbhzbp6hPw8XrNj9d/gHQsVkOkhb9yXS6Ca4KU9TXivDWlNYdEY71WEX96mUpy0yEA98QYyLjoqzCU6rPMRyoogBXw4vPKE8ynDnOxN+33ydPad3CD4XXjJNZDfBnifdkCvN7ax0EHp7vqUk+k5TsfMJDHoon8A7mTJ7wHoLeZr3x5AdZSRa3Ud4jhvuQ8iBK4nr814rCVkVnK9QmkM9QacrLFzBCMd0G1F+97PX1tVgikZzrXHm8CCl5cVVguL7XNPW1RbyRNKIsv1Psq+WNTsgInjzh9Wj/okWv1Shu7c02QDHliI8D9LGX1X0pM3K8WyYIKWZs6v3LBiJiBW8M1ccFgAYLlvnZPt62xGG+KaX6GNFNftNIU9kWrcmKEyr8KQqvlbjwsHDFfp1mK2NsbyUyeJ2HFxFiMfbesL4TiNQalB3MhDzbHom6/jq5QZMHbPt7sChe6xFxbqw1th64GdK9PH2Dj8q9/94Yg9wtfmlsYb++WEK7i+rmzeV5zTA1oTzii3HWUftV7zSl6hG5DDF+i8zpBYAarOZh5h6zX8QsgXqL6dX1SqgytwJl1Vk8ELBWhZwS+1KKlxm6/r3PHuLNvPwXkOHP2V9H9QnopShuZLD5r7lFXyxDKbR24n0nB+LRkPzljqg4gN4k0qyf0Yeg7W2saXWcGq1W15Ai2XBZ9cx0TsHEf/gA3cYmp4bXMC7WEL/mg+iaqngk2rct+deDX95VXqRq/euWCpaaATV9OGlCPcYH1/AfAd+FlSy0pfT/iIIDIAzo/WC4sMwfY+AOt9R/93cAuzEKg0EgtQf6CdCYKFsPc+wnsryTBheRMpglYtcYjSH5JmTclUJBzHBritkB7tX9jj7U1M5+fXTkcJiQHPoVucHPG/UHU16/rebqcKQI2TkvOXSY8vqtnra5GN5KMgseapjZAtVfjgYXbHVgoPqdTvrXKy9wL4VPgxy9vq6D6ROc9/SRqm2/dZ9MerntaVfw34uZM7xsnT1dlbkYMRfO/A9QG4T4/Tv7xS6hmX+S3yH41m6xJHmzaQ/u5Nrj6wjBzTCxE7GHxrnZSsNXkx0DmSq8lO8qE++0+UsfboCjcGv1g0HOT+Je37K7kxRk1RZnf4Vh5UFbDiZvqv3QsnlQdigTzz1dPW1OsR8mSXU6vxshGvWGNtB7HxjRHfvHt1EvY+PtU0kSK0EJ16jC9FRv6/1pdSOtY3HwGqS39Yyr+F09kAJ0rGvDfPJXfg5fraGdxZflMjt6DVCXMYY8I1WKJYM59xwzOPKXJQbKDDtGMVbYauYSKnRSDfkSAm1VgEz2Ls7lchm6OjDWqhg4Of6c78SCXvI0lwPYC0SioEAZ03EuFa6AH24yBoogB5vIz/mKd4/198hns45VJCixS+b493zcA9X4gajOenGDCKVf4Gnv6/pCs19PbepmJaHd/20jWm3tio2Q//qAl3iozahjje1/zncdUuDyeuFmCDdHXSwBeYYwR3S1rluh6DoWUGCedR/Tq1Wt25kA32/GBbJUuhkxzf5+SE05NDt5SSkSNS1M/sJ8wmibtHH/PRVS9MsV7wqn7JmfS0AAj42DlxcXDZ5w6bbdYXH8oKDADA6Ij+kFEcx/aSyWWQPngFwXIRM11usUVD0Dr0OFYbSRTqhC27lcjkZzpYdwUKM69p8NTmr+ax9UTooLRtppaE1fDKfJHtHm3L5KSlsxeoIcr9WHr42KoA6ZAljz6FyHTZ71wzRJp3nVWMYfy270y+iaQA38gi5Zb/bcVk2DMLywBWaymcdxpyfldf6FVWMsnMx82gBz18ACU81VIQBrtfg40MXSl8Bj6geBG2ebJCIr57P6j6RjL6XoWvKHisHwYh0oRMjK3LaLKT8hLPEhk2ai9+4XD5BaG/3Ke4AVrfg2f09kdaaNItR8rdOg8lgijB653v+Evzw8P/Ty8KjBaesX/Eywft1fr6HimLCiuyNIJ8kejm8ScgoXNYx9nsYE175ZPKe5fa3ypDwvhLrxCKSm/LZ4fl9R/9lQYmsR6F7Fz7tvpvWex7+9csABZH2bg1LlTzQ0WzweCqG//dx5c2LTQ0KYxdPGk2VMA6KggPZQHJua74zF/RTY9XE1DutHuippLgEbpHwHP/k9RKNSDHP8kmyT2dBdarsz6H47dYKl3ekq/40VsBwyced2T4We8Ihh5spMxrzLCtb9ioRRWIfEsVFo846JO/g726ZsVdQ01CqNsHrJpwxMh6MWAl2iYAokbuJKasA7Nil93zp9uQbxenJ8+qI+uEuaqpv8k6MuIGJGJipK4i3acH9+7gT4nYhi8YPDtjoYEUphGAhY+D7YrD5dODSpEghS2uiwFx4Zhf9umrtMZkV+5+B+X3W46AZuEJZoRHn6ns5o6vJeXLCP8vcQpY99MaY9KnkyxgZQB3ObAbZOg4TancclT/6/O+ghzVjc81uXiUxMHePZeJtoU8ZaZWDIdiVfcCrXH7Tc7cGDoZYDF3dkmm41DDSCIpdp+FIMsb1UILWjKn4kjET/3pdZ9i3mOLOoCvXQ3XP8y95xIs1Z5g/qGa7OKrd2lCVoYzE0YGZR8b/zHcqiNBJ/sqFWbX8B0BuJAin1fzfvW02+aL4oam+pXMSrMR3SGs7AhQWxefywwJtHtCD8rCCIbKxWtKSQO5BK1mLq3QO3ZrwOEh8yDVy3ZdQQvrIMiGKWCH29j00OpKfCV/rx3L/CflLz1d/Lo0jSKQm4zwZmYZ4Nx9KCPZdDBy6tb6AvPj3/Wj0nb8HAluOHkh9j5Td5KFCM/dcrAARYWnWUW1pDINm5kRQ51EygDzs2wZUV2oX9N6yGeY7NVH0Ha8OQs1jU9Td5rH/Zz9YapDaxY3vjpI/G7BH6nhM/NTQfDYOFGz9MdAs9hpAliCX/22NgOu3abheptOFHAWElOezqe8Qd4uoFDNezYuTxipdWVll/934ES7u3zXVVRzT0s2q++CdWPjbFBNsy3sahV2CWQ0Aq9rVpl/BfTpihwlOuQH5PfeeRn0JxoTiJVyfzxfQX8v7FN384908kVYESjd8H0VnQ+ZOy/mX4m/fbaUQIzgzhPNx47ZCCcXiPWJOIHD41SkWUpH89FgqC0w1t/HD4ZKiMSvZHSzpTwRS7KQK97y4eYCTDDzUPf4/I9l896uQjJmsonqVFukwR2ILAh6mwJ+uGLmHWU8OERKjly/51aeColpomlOfplyG3EfGyzCHE9MPEZJB0nuJTqZbUx2HuBBWs/+sCIUk2ZNxNom0lSNZq1utvx/5dut8ppZAYkrjePmTzzxXPtnnS1t+3EdS05CIA3/Z8QwYmXDVH/Hx3YidgaSpGEzW19Guw77j2oApn3h/W/Dc3ydnZEHR6oP377jwM5Uv+kVDiGEWEIn7mXAPA8CuLj/weSy8E3SXRu/Hf8yfg/Mn9my9EDbMsBoghnfjKTVBW/BAWO/7EwxFxUO7nGh+BaoO2/rdntSYxTOjh1iYZdtSJ20UzhsPW4NbnJ21rZR93uLwkR6DsTHKc/+2PEb2HgatJ2Bj1Nn9UODrVQ8VSAoQueorfOZaAv1gj2TDSv14c4HVsmgrUtushL41BF5Hdzlh337JtaJCHaBYcqq4w+B2BYEnge95d1DmPLtTrAPTnZ74MLHbqIm5DNkbrvyIkiEakN2KvH44Hu6/IfGwIuK9/j3GtsKgHwl8d8R0Eu19MJOltjQOr+ebG4P7dO/id3zp9Avf6NUGaoezVjG7zrwYruRyFW62d/m1gvqOFrcYYimfNEmIKyQncO7I75NS/G7FWxjHUR6ZhCYqfSDvSWSVhtrrk91zkYb1nJmwPUP+MCbcabHrO4wq54qfmQZ3d+rvTvsHW55CRfAC0axBF+9uUvbZ/oMKHNyF/OVz2+XygkMWLoPHLD/N35Hmq0S/BItaKD+ZQyALR5ve2UMx8ughN/Wsh15mLCO4v0YOFnB1NICz8jsTvp3SPcQkjXhZjfZjXNfIUUGCp9qBJDm6R0vAeNZC8k0FkoMEjqFjcqltZ4boPsOUctXTREDIflRV10gYNMrougcrIlXwnT+ZZXBaLv3oIB09F9R3b+RqsvizyKTc+D+Wajbc/UF1KlkC9+55Sv3auRHVZ2xz/CVb697V5UZGTYs98sys4rp5DzR7HF2huJYOJKEovD1TsBmqGb+iG+DzEFnDHAUng6ytmE7xkbUyD52ih8OY+4Pgs/99vm6W7G0LW8XwA29vfq1Yut1/kv4JRtH3SN2STfP0DZluYQk/ylrmoZAGrlS88X+RDvtQtn6OK+pMMAM9AM59D/bTFSyACKZ2xfZvjh8sY3U/Is83TuO94zyDhmS1ncuLiQuj5YIAniTYcy/pXp7Nv1uPql+AsMoN+nUKE+WImflxt3Xb8gr4+emGkLogUJNjsnwVGFPyXtQTUeyy4YE5Jnr00TsNOpYS4woPf4G6Hjm1Euzx8tjrpQJeDcmVGP8kD3MJwTxuvpNctT9rC6QnkNMl5ny8SCBVTt87ELIfNbC4LhRQ/jnT96Y9OmkVRCk8mgTKo75oUm4WvTYUGtHQP7B0MUPdsWuTlObuMPC90mKl27Em9nrPmDOrvMoa3eNp3NXQOGvGZgjSn+pph9huVZX8tm6BvoTs/9+N+2D+rfyfN/hRI4TJE/n//tcuhq4OvCCsv/eYOJi3R7RapDfgKI+I9P8pRe+8GfFAIrC12uudf7hOOmFLM5wb21hSpZBxaCxseeIzB8HkAoPpHvDSnp0FOigc7AyRAZSbSzyeB3Ykf/fsNcrSWQPgVq2HmyGzGI0MI8lKEzKHN1bWvd2Ya2nzjEd3uTamnEOn9ubTasuvhDiKxzeNLbl7E3d7k9BW922ixNzTYiawx5YthYI/C1xfIb1MYCE2Q8e1WfJbmh1DUZ+cIxl6hm32uf1qq15O0HJFf/8YluLYsvuOK4M8yGTt1B+7NOVncCgOofWUZl6skFda/VP9arEHg3lb8dTYU5ZoHA0M6aJy/4X400UJe6/WCZ9P6V5+ull2uxqM5hYT5kPXOtS+p+rTaGXokWcqRC1wsGU+QbIN7w/HrI6UiTfTow/Znb0j4ptRiuzkJqTRVq8pjALCugQ39B8abnyvEEgu639CSAPw14gH0rnbh8+9oqkOH9cEqXFpmE+C+2Z+2Z0Ow0g3ae+U899D9GZTK8hIDIRTF/HBvGhZRyff0Xyb771cGHFRA/+r4BaOU2xe+nXCaIf/aWt/ssX2al01eumEjfxmkoqMI2vC/K/JNM2OckZ8Z7sKLJSMg8NndTy5OX8I4AK6iTknL1V4TtIIWgywBiRtAMj4++dLZ1jCzD6g00AN5NIT4aU0Q0n7U8neuKIoNnU/jdPh/1S1+uFf4NtvXWfmd9uHJgv4OXiFexMK2QfAbub5gvdEiwb37nXFZK3ad17C+3aPBqz+IgSF/d2r/3cZLHTFO2PHi5ahtadQLX5HFWo1cyQLxwYtIRkyqynO8kfbU07U4Y+1xUv7HVRSENiH/ETHr55TL0wtk09B3yi7Pi5a0tqQkLni/m/u+pGXoAsZQe4m9hij7Pip2s6SkVS+7pM0YGoQPNAaNYL0hsIlkjbI6EtotJ/qsJYucMt4E/vff2T6s6RzUsO84+6uMBaIUj6y/TJKo06O+PzdlMZxQS6XxSVRAHwPU/17bVMpclZ1rlH+6LaeLktmxzxCeauoSxXeVCP0Cqo/Eej9WWXf4Zd+ZSkzAvlZ7/W5VeUGNlErnZ1mKPjtc6KBEp9YFJH9jviowBYUrglUetmkNOs/08aHoK+ZcxBCh2bQgLs5A3wDSUwAhWnT756o+PWEa6HBixD/PwDf8Fj9V2dRneV9fUwl+uxyGthRrmJ1kyimF/JX/uxJvvCQG9EC7lc+ARNfAf3F7q2p5bbKt7vJbKQh4pWzJlbkdY5tKboC5oYcB20lkxbhV1KAvERDmKVQ6cSMuKgGbKqx2cAC1+ag04acRDUG9HCsOGoMoB7f9u4P2kydU+4ceC43bjF9yf7Oj8YsbKhb5ZSkVeGwcXPVb8Aki39grzj3AyjQpA5/yTCiioEWuC1gGONnG+dRvtNCUxCC/yPqk2tr6GnIFiNLjJ/vaj5LgKOJ1tqVNfOCuNhxmsiPU1yeGR0YVu3csksBkNS0Wdpci4cd6w1guY8Vv962wLU7AXY6L/LnTF0QKKBLjO5vlv/0wS5v600hu3K8hSVDS66r+Xp4jXmakszk/HeuLmlr9iVv9J2NGRGhZ7WZByKFCNFNY9sImusxL+VaEZjwxxEJtyk43828xbajH4QPF8b+uXE/mXmMjNq8j42/4gtMXNySB7pmCtW/mQvhKEPWH+Hf1BvCysOzGP7LSfZMwhFfUV0u/+is8/h7Yx4ZQ/R0D9HJerqaSCMXRgLvl13GcBpR78g9/XoyBPhbc/HVNAXo4k9Yt2gi+momgWYot0V4atyEti1OU+PUCsnQIPA6pklnozU3Rc8ujX6PrGa9UP0CV/PDJcUUTv/Pd0lxcXT8xAl4m4Wkp3PDiOlKsSEq58efcWhFrJTtPCozVtyV1enH1CfYcvF9MH8uL2sFU0hTy8308eqDyQ9PZw6T+kvJ1MhblpaHV/5D1HouOAku26C/hzRDvvWeG90YII/H1j9Suc7r7vkkNagOCzMiItcKqSRy9oDIHSPCRBqdKIdyW+twAzDxmxYbWMjpV7u5SoO5sRYI9BYIxj2IVMjLM5i9cetAWjFHvBwLoa0Yz80JKk2uT9wvpdI4HyZVCC1b98DR02CWEfq/qwU+7r2TkXsCrd6VHfcc8r7IXwFkmQ5HX8wpw9IFxAvl+xTir3lJwtBdx8/TDFul44+r4orfjhOX1g7giLJIQ799H8P75QzZMFfgofnbvkZZbaIkPKon1t9pgfF7wJZgsIEEPUFF3O/efW7fQiNZfPzd26S6mVdr5QQO19WcYTlLyDWhSYxJRBAGfyWGPz80b3/fLl9ruZ1WWvUw2WaP7Jeh/XJdNBFPou2G8ncnuHxVr5jr2ABh4XlXheUKlLp3zSQ0Prs2P6tiIjLbKY7R+uXJsMznPW7zf0Dp/phofVppdaPjRbSXw+zpbWOq+tBnFgtC1PXlvlXmrxkN4W/7yHXZ2OZIk3uj9fsxncYSTARTM9voeuZgeWzg8v1+fimBX53isBSMvRgIfX+vVrIBxFwLLJASQCZl3B7rLsPLh/t1jMOH4Yc4kuy04cYFas8O8XvW/Uqz6hDXMDoU38aptmaQim7ZupfYV59fPsV3E0yYraDcJfhWBHwkiTBk0VIBq454uOzO/RP7BdBiRf61Kavk2ID0vMhqUUAtQlXwW5AZVJ489UoRiHOu63ADykLqEnLZK5WOyQ4GXYF0LcpVEewZn4CqG7R7U6+smwNNmNrZwd+hcfrDCqTe08O/rJw2d+dc/gVXkr8qP2/6+pppzWq0pnEUAv/toVdEcPzWoyjaq0hEGMrEBeGBZWFjTlrBXiaLxjaZlyFWyoY90PSVhnMIyh0CCplYS4KW5uoWlInZVXBzmsDngyJ0WKTzFktqf8DwmL+lEQVqM1emfnFj0NzdRTZAMBwLQtcwomWeLvs976N/KNw5NHRhfUcxd7BuN0Y+KP9szHnvvAMrx7uBW+Qx//ii2tRzGWPnjbg8+mx58ylbLL/2zT7PyhBuAotQsJM8zkB8RpTOS1Jq+GMH/Vz+yDnPD0IJeOM+a9I5v3RRN36ifIdaLYmmEvM2LtJ0aacl8NNMH01BQYbYzOWMFbDuI/GBvTTB58mL19POe/Tr+KhUiIG+ALZAz1pTjNZ7o193a5n5/PodPeMCmgN5NIDOe+9eBNHM86It9oktoyJE0hcuuCSV6lVXTSfm+k37kKHbeyY2J9/R5a/6/7M9B4JgdU1RITW3KherlfM7a0g7kko97/AbGdMO4kaoyYf0v/7EMOx6lkBGOCuxC8exC1I4luMB5YLk1QdI5osrzBLBIwHtKSTxL9ZsWFu7Ds1aab+K/3G+KZfemsniAWIoNUOFOovF9B+omdvSBDlhnT001IoHDIOxVaHNJ8UuMQ7VeP//NAkJRDM0a+gOOegJUuYGkX/E0QKyVPU4kiM87ofZSRh9Q/svxFNG6HvZj4hEefh1BjPB7RtwNqMwDOvPhqbfE5ovQY4sdPXqEsgUIf+OuP51k/jrrpKwEePiqjutq+LbbQdCol/7LxuYKFk0C+BOFs9Gqb1Vgqa+QvOeGQLQXTYOoS/4gf/zb58KPS7rEzLx/ek5hhO7NVByy9gaNodUO9Q+H4cLmWTnRY6bzBIWqxLJ0Y1+IMBq61+RYvzXgjIa9k5e2DYCygMig2NqPKp+ss3bK6o3vBrVwY8bn4s5F9b0MfyEDnisuW/4YsVGAc29mXjaIvPXwALiwjnPIbPtLeCDIDZPUQ6oJo4ebjyqBozS4kJivhNzrP2yjqCz/T/1pDVm8NXXmFO7cnx0EZ/OGMo+iJ+RGH5jSx8LcO/ydmxpWuMnv9KSMYpzGvPzaGhx1cMBzkJ5G3wpCcJ7ohuZInkoC/OgcZLeKzApnUs647V9yv823PRs12d+7sFzVwq9LyZg7parVpFEy43QaTdbnXOBHOlVbhUzJg1AEM1/xUQJV6NI4F23616mJc3yByQSnRKQeoif3KmTN+7XEod6uA4vxNDV2POzZPVkgNBOUXRhClsxTzstYzPuvR6ehCsyXECZA41wawqhCprXqlLP3FoMkUHYhBa8lmHLFFvSa/QxNPaURfushNC4EtGtKZ1+M3R5SQEPAT1C86MWHSbJue1CD57F5vvhcGSKW7o8/nzTy/CClf8uOT6ZB/0SB1Uvz5ypoDgWlUg0inBY5A4obxp+I+6gixRU+VLskIQlY++GaX0UHxVp+37GfxbqiKbkqBMPHr/VFq3n7IDkHF/B9kgSVCJUAIf/J427SRZCUzc94EPOnq0PVkLtIJ/uLnKUQGnUcma8GWDHnHedoBj82xttV5p8vHWcaf11zESZ1xBLOaXv24pHTUXBCJxp0/hzbw4cxcv+oKpU5lk8f9thHTma9/2o5BlUCiy3S70ElQRCO3XkLJiqghB79+c6HPTJILF8tSQ0h7mXiUl9bv25mKlcyjPmVRl3mp1t+v9Aafvdb3ZNwPYdU6UaiJ7lKkH8GUGbqSAzWgAwl4DlUvXxoMBPk8olbqpt6AmonH6CKvhTSOo/Gj8LUfMCJXwUrqC2T4ndEeH9dkBeWYwFweuxVi1sJ92YfMQEkHOXAA0OzK5cpOs3Kim/pUoESzhhD0r+8e8xM8KsnEBgB8QSKB3LcmPthpsWNIPkwVhaZOSCkc7yAfjbB6cJmZbAG4+sIf/6/RjEA+5aLN/MhSVceD1TVqDKi+k9ZxsAGeAABrUaxw803fSDBH5KxnHGxQ55WC/S+uufViaXIP6UHRMvOBfDbiUNtr7lHSLIrOiePHOxv7ViJaW6Lq5nye/HyuQuVQz7ghISz7O/bocm0YxhCgKOGavaP1B7GT2elnQ92uFdX6jdUsN9VaweV8REIKKORQ2JpFaBNmVAhuJAYMjxG+0ve/dUAFVsky3Y1hHwF5j7MiULuaZXjfosC7Hu8Yq2e8cjA98Mx/vS5wn4+xKeLXMKfi6I+4OSaoFuzVULCR+LzgeugChqhHb2+g3Dn+nUGfHQIrTDD82VbxvTwaebc0edH+SVxCnTXBvFPI06SoLevhKrtD06Kx/DzDDkakzF1qnkQTxOm1B/kQbasZc6EoqbHYn+6I93RzawAQqD19gRuHWmAc4gu7x9i+fKKCVKaf/WeCsdab2GJu4hFld61lXH/Sqfcdg+FkwSGO7tMSwRvhf7qwQaH4UtHpbYf8tE0ZZd37bk+fYtFHQdv/VHSTDAiIsfQuwU6qz6s1hRsnri3YamNojKpkssnK86ER2BRTHFH/CTVgmY/ISZXD2G8KLNeQIyObQaMH0TJhiPTVOJpl+C9u6ehs089XdQXrR99+8gFXpjYinRp0nvFX6Vt16rNIZAMQUcsGcZK7pufBzZsG5x/qjbcCQRO+96sUkpU1F8v9gdloTyFb0NhAVR8PpxTLPOkBRL3qfYwlMgiKAgDhuLP0A/CX0W3f7Wd55TcZZz6qpnwC2/i6CxjqJJb/NhkdGPhITINiavQneSi8k93MqCfYuIUetzrikejR3LoX6q07+970jGWJOP4g//4dQyZtncimAToNxNfgMzHNyaCWJ/ClMy6ZYQdWHHrf69CZKH6nr/9HYAUkULC9TB2g7gpCyUkt+BWNR60SQA+OYTz2UWle+V1X8qeqiAuJuoZ8egiUA35nhOvSevhtaTgLdpIaFTm19kwYXE54uL81hr40YfxVEK2fc+W/rtt5FPofZCidbHOV/7pALEZGoEaLm+t8OLhMI9S7YPUzkCvRuqxhzCItwd6R58xChGiBLw0UXZk81FSvBD71Ev8q8HbmB0Ib+21davL9Cp3Q51i6Gtqrdm4/eaMs3UrYxsy0/5zEZQiWergYtxf8YnLtY47LBk88nRHGs6pSr710YFyprVuQzLoXmgRI51L0fzlr9c5B3qNJdp4GplcyVGyrWdybDeSNWMBPneni6pwP0dXdkLz09QXu7A2Z6jiKRH27BX3xJbx/EiPiNU+a0hDJc2VjEbSQDDjz33lZUBJseBxIELWtSf/arD9lsnieGSvGh8L0yryShzLC/M+VuP8cQnJmS5sNLha+yUCvE67NFEBxO7UPrIUjd4CLTH+zRpIJogpWiSUoJHgQUBAe9/Ro7m3nSKmgKQV56M9pyVslOLv2x9OnfCxSIvilJ+F1MOWTzLHBgNlS8crTYQmtHDi/fd8dhkFpgjS2HVEYnRWHhNMG7wTDx27PmM3/53XyPFIhU7Sm/1Zcn4D/Tg4N4ekwX9BE0LkoD++T80v+ugJq5KhQX/4icKWQ5Ck/7Go0a9a1PpUeBw4KT6uVYWCwmoWhadhSOwlq4XD42SGEP7W181APz9/44KQGJyPOE7RiM2lUUz+KRK364nANHicbryc3+c4vQEqs+eELwnsPBQVZXf987weC1lugSUVk1TYppuRLzkd82/aQqJ+xMnSMxruF8KipnRR/Hqg609UWBPQ5Xb1R45ugNAQJ90wXblNqZFfYGjAg+1NRWi6aYFGGJoP1jF+zjX0oLcdi2sfnY74Jt9vCVcvNG+pHpeZJjR+msQUFqZN4cZSq3YVxIPQHiYZlv21xwvVugX8JU3vZQBvOMbqj2ak+2ytC6IJLH2luxCGsVAsya21DqHwB1Z6lT+09RYsJvFvVuwIGoin3jwYEktdOx/Lko1b6i1hto1czaVPVH+hfzzTd9lGEqhLoMmNlVrJ34RtwyDmO2Lm+d+pCMy/00Kx23MdZ+O/MQUKcW1vvkZMdnFzV3JerBq+f08tnVYIRGf0eByjNFbYT3si/Jgo8ekVxxMdC290hpEjqWbJ6h3h33wNTUi65gX644PIBtO3zJqKZUURbo4Nyuj/r0ka0UN9jfPKKh+eadTGV+Fs6PRTdpvS/meKh++KF5HDx7fR1DGPt9Mhvhs4Eh3qN+b/zPSQT1b8EL8WGce23TnpViS1r2PB9BVgCGUsMojwn/kfOKcx9L3E32LDETWOx+dDZynggLtnfO0y+i/fYVEp5kJBt+D5Nyr9ON0qRx6yDHgZiZI4bdBNxf7a+tR27yRGMIXvYSKTyXzNPIHu+GP6lIVp/r7428oNv/YSfAQlZW8EspU9+upRZAqHzjhDjX7MFvWHmn8rAOLiad1dVfwVizMyudc5EueCb/bJ3gGavpT2v/NL/LcgMDSS8xKlPicWy77T2nlc1q3svRT/Zpw0v5Y/rGfrLcg521/Lw3xwzn+OsSFJrrro//IvnEnYmDVumV+9wC6ul/2fv/xlKD0YhvGM6jfuUVK4iOz8hhpj6R4z/3eVwtwPnpwyJ4Ul9+Zg49H3PQ/rarG1JDffpntc9fDfpyWMW7BLhY3yrMultdD0RicU8uXrxvg/v2xxUiOKOJkkJ58I/53dAv7OCTHzejTHER+gM4NYkEuGRRLodfynlRffYMfUmkM4DMdejXSDXNbj/d4dc7DNF3xrsL5ghSVnVfkV/+EGiROvCn14lSn0Ch6ur89LWbb8vZZLB9JTjpQHPfnNbfyqqtF8jH9VwR0zIdwXDu+KlVGUJWxWKcYSsr7qf/y26bFLH+9/3t8Q3gwXyQ/0er/a7a7cLr+LklBSJ9XK/8j6rwst49zlnC4P6zvhcCpIROB+6PI/10gGK39OA/Ooe2/DL7P87zk3g3qwX4zKjV75jCksVhJkBeu9HCKdqw2WFr9LfyvGJ/5jdOq8uo160alHXpKsif73mjcCpwO7oofLHquQzTckt6eD9EPd8kOZ9eCU2clfj2tKRLHKPoeLuuGpO+FZvh4AqXO3VjuYeD3PMvg3K/ZksixqLCwKcFLsSaT68Xz/GMiu6HlK6I7uriKyiP+zbiSzJi4Tt+dZho79/84CCps2oUU8TwKD/p9v+1eeriqgY+xgqCr/f2b8PBbCAl0x4wQcfeC/+N9ThBTJBV+tYJIr/5+7nj/v79/kCBZ9UzPRPWrohAeVjmKpG3C6tP/01gN0ON4yfd/yvPm9hw9sifauO2OPNHBUd79DgGonyuJF60nt9sdidJZvJJHqOriAZmOl2/R3Tw3ycRzd5G+QV/E/78Iz8iU9u7bUabhAQ8GCHrwihBhOaYGOYn+oZrh6g1JmQt8EiK1gpLQ69/+uX/4Ayo1GHiRnP5+cldXDNfPkD7H5GNueKmWf99KDOSHpyNV3JBb0NMZR8zBhxWkvnqk+uwPRz/bifEwz/78VG5Tfit2L5/VL41h8Q2g40Dz/unSzTmfwLhRK7WwMEdMnzwrTO7KE2eaqTYzjoTJ/5f++s8EMTOXBXm46Lz8Afa5glf3+1dYzCcue/FruW43+mmty/hiAfvfbImU0ovtabu947En4PykQHy6OmdbHuJ/D+7Yyy+POv95+/3cqFA6qTe/AqAHkJowERmJgOmR2j9tFfmQVU98MY+8I8Yc0oNtoW2QRBrOAfxULOPUKJSMjdUX27X8d9xtMHRjAFFqIQP9lAsgjoR6u8+vV3q4vbl2FxhRxocetn9+bZ2rGyUHWVtn6D04As5HuQquDt+M+OLeLJOuP10oPamMkUhBEr5cA8vbjQARpnf9L0rHHBj7nHqj5EoEGBcrRtPNakCc3C4oh+/LbD/bY5S5No1NUFlu5x94Cwfa6aTfGr/u5MHE8C5mIBLKa1xiSU8k+NbJevs1ncHi3wubGYiDu36snx1H2ObkO6Afll+1CUBf2AOiu5xmohGl+r3j9sa/aG7v0x3eV42FX0HE7W18tc6PfB47bewhn71khPBO7/+WTPMixACte+w1w5BG09LeWA6h27NL9C9aSF4n/tZbyQzn7An4sljoAqZvN54L+q16l7EBaj6g/zvXICfDZIL39GxDb/Potp5hrQ5mhYkyQ9snl/80O+8iNXlkUKc04P/zNmJlXUH+UJtdwBQs1uvNf5rXx0Rn1VvpaeVXPOn2rIcdEHslA7zWTV60/f/Fvt/d/u72C3S5v6FW/346TvIrCU27ovyc9+510dVYVjppbkNTmJtS0CEhFnzXqgoQLift3+gMVYdrpBGFG0QxV6MXef7v8F3EAwRA0PRtz6zo9bHBp94x2iC+SsYX7jwi8BUnDb6SQxlZmHm2VRPu3O0U87pnLj7gauEkUs86/nz890z9n+ZDIoBBdEky9osEpFDmQxu+8tmbl/zySLybJt1DWCvi+Hm4c3+pyR4+W0lzdwMgkYNiHHl0yX74saaFn5zn/58obU6s1skSADt/O9fOyaY0kEbD7nc2CAjNJVPev+xZbVfUYLFpg3OwVSEy4q8JfFALyE409ELkNal9hux+Dx32QTPbPQk3X2zi7nDHNkWCWn27oWbNZDHxRAPIBvkDrzotlQ6dytKWsVIdwIVP9TSsL0NgCBvKdaCJr8P0bkMxO/mZt/7KbIjQdoNsuEPrI52VaZdMz84k+/TBaiWLDiK9oTpit/WyF+Bg90Sw30fuOgOf+MqzBxlFHqGtkUEbCD7YWXkejryYpVw0HlICbVBC1hErZPdmoKf9pOUTIGCVe8in3e09poLy3qjR0K+Mbdp+edF1Tosrp5nzR8X55zQnTWq+8bMkaAHDHSoJ4Nkkjb2vfnby3dib0qwwBahkgJ1F6K+OyyH03yhteI/cI4b3OY13pABHydQ8+75i9qCo1vs72n3l9zJvlC+wdpJyYqoWKdUJ/S2sqpXF8HpUfbtZBYipwtVZ9fm6O9WPODMcXhCW94HGnL7p5GDyBFvN4rDFMaUj4Mc5nYZ3i3+kCxt/J55NPL83Fi0/DnAiNLA+VPZSVat+qwIAsgva/PWgMjmLZowS2JbQIFkxpQNcokaTy1K7QyUFu+YlTqI9q/D9Et7K6f4G9kcrg4g5QP/f+0u120vmrzT4fkL9bffXTIKsy6a8vRgS/sJjTGkrFf+keEr+2e8cZVjjHDdMKzvIPfXET9nOybkotwS9+4iogvDrkKjr0jswqdnJWoL2S9v1IXnL3RvUxtOcjmihRDO4zm5+4U/zT49ohG8viUMiyaAc6JDSDdr0WAxgbtfwbNfHvX63D2rSLIyd1AL/rQzg/4FeeixISOgMvfnBWNZq4rtZ3dmDhKl/AHn/Zv1ZHJmzGWr9sTF3ZSfAQe9LIzohv9bE6daPdHDMz8MZoBsf5nV7e0TGLVH23TwcXXuZfOTAsF0QQLC9mXrjajvdIm+tv+8+DkzgOJOo76jlY72RL+YCT92va43g7jFccpE4e9wbA9CKIbBIetVzrD1EZjPVwGdG6GOAxqT6eOTgKoyfbhtvEUkd+rOGV5e9QXw2uvIQzDl3iT9tLV78IQlLlkHmvfv9VkpWWEkpEB1pBv9o9ZKDzce71GveHRjEGgAYWS9e7nRK2rCr4C7n5pLEeMYkEVYnCkpKa+A+FlizbCeVX1UCqF+9VH7gtHghJ7dvIK/M/wHBAHPb9NacfHqC7j28ZKHpg04fwh0WZgJNmrHdN22rO7SAnIiq6EVIa6XnSa3y42AjCVL2gr/1WivnyhSKv/k8lwZu/rGuLX4ZzpI5dEbBIK7LZjTS+GbGKvyIPqUMV6c4PSVksC72mgv2HLLtnRyhWxeaiPWBkUNoREUibsGjyheThdbxHI8de+Zfmb0nQKZU3in+txbymKavNIq5mj8S0+gTGz/suIzltaMDHGGuPsvmF42KSnL/NphQRqv2qAsCZBVUJtKSLg6W03TdRr1EgT+ArYAXM4ruEDTbX2WggmaECXEhUlxKYlLA505cXn/G/CT1Zo/gVp5LKFw7Cj96E/CAHim88y3/h7xGu9eR5ONB/IBdtNEfTYYI/vxDbfjt6ya6QCXJaNvziuQc75FiEnwUOF8q4YLi3WSNu6sUGecTMo4rXd1QRhCa94qaTFeIi/d/+wK942WuVG0J5SqT0l/gftufBbkIj/WImzMLyeVrltOm/LYcQicnpfhG/55+0i+AvQcO3cgMpggKyemdULDbiNzTwP1/9Faf1wcDE+BikDerhGWQH4pWMHXTcW+TD/sY2X0z+uF4rBzJ9Hgtw8XEZzbnyCTXhS2Q2TW4PNkNTCh/aAi6oFhWbFLFV/6+KIuIihkBfoafIZ/w8ihKxmOCu/k25pO0qybempoax8q1hfvE1mRF/PuE40Wd1gqq32LVgqSc7rTii19fsR7IPPHsY6Q67g1yOJ7JsCVjLjZXZEialwCMGJzXFjXb5Dawlg5/NwKy9cJFvbmVW4LvhhIaB0aBcvkZIzMwRKitcZTAMNy+4NvF3VY1+41MWybwczVFAfymRMUtYjk1SdJ6vA0ct9NJnPTIigEMV00ZoDA4GNGTiAmPwfnVuzvN3F70rHI0jparaUHN+yYMJE49le78tkn8Vv65LwEH2PN/0djJOA5tEI1jfvP6HJVklJM6ZRafNxm7+uF9fbnAeu3f99sOPfaXVXouHB5BJoDlNaWkKjRE64jJAMOzMBVuAj4tDbRuB7H5Yq5mUw52AIHFAcvS0fBCQC882s1JmEPl+nzDb3J7dX1SpTVcfnVbPo+yxfSIQdKwRulcQRMCjwt9S0vhN+LTbq5iVb3VHy58eExEu//wnmUUkQeevHQbOlX3a9sCeV677mH7eo0i0PwaPiE7YI2KeSJAPOOKlsBB2j6BRH67snyeVZpxvnx3rKz2NhT+D6fjMPNK0LweGSX4joeO4TXKm8aTx/wtoBdu+XZCpgnX/2Kn9KCiLW5XcmRlw3ahWbCh33AnS2zP/lY/4ntQxgVSvsziKDW3ZvKFHSFV+edyzwW0hQSlHhq8JecdmNMTa6/2LN6Xh58gnTJPS8G1+lMaVnF5scJDV6hCc1MTZF06E1mZmUvPBFN5uJec2+dLsy3ir4s7ARn56WKXMZ4HuhERMUH4gvNnga/Cggr8uNTBH/Ms6XCAvEDvF1uZiRV6/8vBqbS+qhrvvJxqnNpzdBfSafdbB0EGICAw32QJi71jONZI/HsFyKehuJAN1xuXhFgFdw4O2fOdvqEDFidkeMaeY6/TzpYF9znf5oHXfOeGa9Dj3P/nxz+LyC9cqsQG1FtCyO0LdLzuHhzl7GEy1VTqs7VuEYFeRfgJXwbJGArZKHLiNTb4jMv27i9tGsGWZY1YVCuOpHxPOmVfr4WKYp0i8IMDJ82sGCLx+Bn03MdHJFYIciRBsO96/0I72J/jGL6nuTOGjMO7rUdEPPQ4YSWiLzyxR/r5vKOnlITLyv9ybBJ3BSolbBh+VIXPlc98jXUwC7tPAfQa+8e+iNt8pnyOSDL6KAAT4UbSvuc+QsW/JB3ypsEbJQf8OjfHXNPGXU6xkkmbg0lTO56tjgIOZzeEreIlLCkqYaE46xYw+Q3LPOeJGu2mTS5mnlcKWiSV0IeE/zAP7QwDpboIGZL2W7Bif34h2iIQ1UPeDEzZ0QTNTAPrcdvNuJRQB1mjIelgDq/5lr2SKzoDatL/JhBPRvb7QQsCNrWTkm4Y3cT91zHjvR1q/iDTvqvmhI8BRAUQp/7HusBHmHibXPeSSLU4j6V12l3TKu1bJD3F8EMaH+G7chr6JTEVqdPvgC7zrj/VY2L/IK8yA0ht82/MMjqBq6yPmwsaZz6tu/lbtkVbvorRJPmruDldNOCsVK50ZKP3Vd0qd0SgAw3wo7VAiIANm5gzsxvnu0HGfMA/S6kWGFQxMSPxyPqk19aYvezxVbnI2aQPw9zwUjUN9lWLKyHbcHRcdg43L+hV7qJpRdQujjaUrH+h4i4viShGxmQ1YeKDm+kDJONKHbji46pMSleKLcYmcXeMjt4kz4jXnQHWUfAeYs4pP3wR7K94BA4H8g4VJ81bDVjS0MitN2J4q0x5b82GvrHTFsDp6Vm6mkNp8yO/6ss1jFLa/bONByYxgGA9ZZ2OTsBd8dIQPfta/+eUrmqkWP/9XA1Y13/4qwUcxwkUlGGsbJfZYax8qyTu8Uf7rGELTOCb8qNHPFseOmmnYNDrDNwWaRZWUdxmMsRqunVRO2al+X8VIkgH0Mqs0JV+LDApw8PT4nnCueQFW7+lrc9cONF5nJiZ3Yb9c+e+oDp1Y7nLMkLRBdnoxbnDZf7QrH+iU+bykLPMnwW9hxLei8NH92vhAw4nVaTgr2p6iK4BwNmneVb0qHkx0XtPPqsIUcaIPnLblChyYnuGe5SZIQWx5whQ1UNPIL+yZun2+jKxyDxGjEPRyQuUri5OMDAUdZiwerBU50f6xXcDIp6foghT31N9o++cRQOmzkIjAC354l7lGJbqtuPC4bXoPgXiocLwOV9sGSKXRWzw45LcDMZqUqZopJiPwA1X8i/VTnxO1WTXswCTCqvEh7iD/VSqWC4Fuz676wy9l8Ad8Hs0+zcmkf6IeDQr1oIAumDYjkIzPBhh3wssfqog0qCr/cZVZUaYeq05gf3PgfuX1mXEK0HN049mR2GwymLcPDHA1e0gv2fqNjp+18a1HitamTj19Ve6PC6bOvOzpySGULp14Jk7fEf2AJqbsl0VOO573h4NojsnWa3NEz0F3IO1qxOPanDU1wDeijAcxv9RaeJLr+6ilyPsNkwJfTAO8QDpzjrS/Z8EvK/7oO6kcuyryFHbG8F4S6D6qLdEMoNJ2KOQUWZsYg8xcAqMzHqABPB6JTL7uGHzZHSaWmCD9q8BI66vzXuwMmoxuiduZiPN9NS/WYhxoqOUvderhCy4/0/45vA9a0yxqj+zpofTLh5FX+MvOo4KzRX253VVoKbszJunjZeCB+MtiBxaWI1OkVksoHWS5KWvWQqQH0W8oceXyTepWOwQwTkW6eAEHKMsbm56ozHI5EA0vJ9xidLW7wPpmZhiRJbmhR/vFAYpfy80699dw2jntWQ4pTKDa+joeA9Xd6WRwg83ImHik0Y6k0q2/N/ykSWJE3kQF793RJydCWuiu+xhgkV9eBg5ldN9yU3KjzmKHzawm9/5cHbIukGMIIUNBXPJIm6Y0xm8kc/9JQPKb3kaTNT9X8757DA8r3Av489U/xGqSB5879bd6PkjDzHeL3vKjgVt1fU4fxFoZBDOQb9Ov5+/rdy8zE9UFjj8IMpTgI4RJDF1UpV62yW2al+7wdR2kb5vAMVn4q+4RuaI3VWWaJI8Vva98O41LASdy58IEqmXg/ETJL0PAeZvpHF2kSSZIqbW+rIUgb8flZPd5EcRIPml/EDlaZzZKOkYJHXs2lhVAUmyeOEFLPaIPkkruyUTN/utL/fpQXy/NpwoG3m2psxpOdwpxQVMyCrnjfWxgbcMGAdiJeKfyLmobNb5oSC/4X0a7kPQV78k0DwshLD4kZrVM+YoxUIsKshQlZ1issaumPkYdaS6D7PVGfJCA+8nPCMdMkmfML3LWj0GlzjvJEH6nVdEcVv0KPsqGvblsbwzmzdqesg2oZaZKE0t5O5OoU/4plyoFxtz3lxwK9qmDkxgP5cB8SFPw+XX9/Y6Yr4OAv9x9FfJ5yftZxNnaiT6Dsuc9IfZzgTm/irjlQ3nw0gccvvj7CG/cDEZGj/i2mVJu9HWMoCtf6xQVAagESh6+VmZo3Oox7nDcBcQnLgMmkkuYuwzidZGV3/+ZruzwlwMJp3KLRGKjN7x2bJBBXUXuvGp7IaBhduRyfc7o9neHdBljpDUYczPtUu+GN8vvFnRYZrMiiuCmQO8ataZP7JcMiOWwlCylitpKUwg1tyh8XdwZlxoqUhEXy7l3xsd2fZhWj6R2gOyzq2LaSx4GFYZ4Ht4+XNdH+n0sPapOIJvhXdcxoC9Or6Da6J0BV3333FHmh7WRgLUdiZLZROc2tqpjkIF3q9z6ilvI9GMfcdTOwr3KUEwG+HfjftC9Td31LQGP9ITgq+Df6e0eHjswzZgw1Vs/RKfsOMMNW5DxW+PnC96kCbvHri2gHNQH8Fg9YJ39coHpuaugrp4P2LwRX4Lk1aYhyIfyWjVpFY2qzkjjImH00hMYLYr6Qwdf5/tRnPE7FlwVIhWVOx6q08q05DJCTxqQqzUSIXGobmMnE5m5Lx8itkh/e0mAS8U1b/Rq/k1rq+2Dcj/jgeXxCeaOIPQJILCcole143NK1xVyxrm7qJckJtLrE12o/Bdhsz6W/4dfI0ZeyfE3vIEmtiCMYO8ADlq5XSL73L3E/vJwLWVzivW3kl2wd271a9C/0ZfP8xZOXuooYiVa/fp3xSB2VHo0vxsEXm9bfzSPaiq6021L2QLOWmynQualzean9xC/QM0vyCak3OCvUtXwZNmMtG3KnYxqHxDzfiUejM++yGfwsFLq9us8+Nxi1V1AvmuaJ8ud/AJjC+uv76axKiPBHXkc2hUgvQxjZOYhsA5ygmk9BcQbXo+sRoguoY9vvfjg1kBAabMjDmt0mTZQNM71szXbv2t5t5G2XF3O8h6DEJ9kG18rODu19h2AoZK3x0CulGJ66tbBUn4G8G+Ml945HUUYcGqPBDiGNHsbW9SVr4XdejN5bPYHth573/ABd+MYDZHGp/D4iORVvXYBIKn5Hrya7+p2augpcI5DM83SP/4w1/vY6F7bQiJHjMtCTM+GrJ4Zdm8JuWFsbJ1v+ZANAhSQALzShynVBEzPWt4BN1vUi8jd4yaivbi84qzSJKVsGsWmJR88cn66xdV94suVQ9n0Uj+a236vo67PgQGNCg7TVTylZw3e09i9RQcu5vTql5wo9kC41IOr2k94Vz1C749oG/pWtMplIxwkv6pb6XUnTKpHw0GhftiPCs9xp/k8ZqgNLGb2cTI4BVq7o3Nuo1d2Trm/rtVYYoRWl1XdHNyMQ4kFghAaoxIfG6ogKH8TXvtKXHWrxXToQHBuIl6TZ+VAwqayZxVIj1m7rizksNtRI8DMgWiIRhpivL37CMCu3CXm2Ene3sCSesNsMnJZat5rjxPY8fj0c4uzVG0PQdi9wPcCAzfNHCN8jOVYiOdnAJver+88EadvT4t6ar3BjO9miJFoNEs7M+LUe86DvoR6cGwrFCvM0ECssFjDrF5LNE1c+z4DnfFiTjnWsurAcSxmsV9AC5T4lUgLm+voPryzsqQK3y+mOKTY4BYunAD+WDVKBeoYeAjUERymb8jKkQqqJ4Yo5tJCI/gH24x7/+GobHgVqtktX27Yiu389dQke4e4aMUgt8siDhYZN1ToeR0+xM9jgKcJWBVxUlZj/HqZf3HVcewO3/1OhRg/a9a+hRsEh0pFn3aJRH+9/8rLpyqNgknjWB+1XI2ENzTnx0ArfrDJ7IKSebKgBTZedBeCvH9m9SFNxOZesJoCdtewBKyqxcOmOD7liwAz5D8lKbHFK9nxt/iQJC6Ub/gtdkRKVMb3wgLozBGNm+GhDyyEfOPSgU8XtIrYQ4izgDTskb+4i9XLr77cKy5ZstA7LvS98xyLzfDWmDcSdfq3KR80Q/WbjPRA9S7a8gYzdHztgzV2RKGgUGoVbz2avB/OAe6AqumGsfohRNOpYDwP5OX5KD2gRhWtP49WwdqFte5CZo4Hcb0r1A+0FPQJfpHD7t2t3eNCnnv48fJKJ3DgJMf7cRTVhkgmPGhBO/zf8B8Lg2APOxWWUT3mMVnPHoP/d3fmN2dEUjmRHT19pnSr3EGGYDg01AOdtVX68O0C1UlZd3jEzZbXPyBw9+DsNRbKrXfYg8McRHXt0JVVZyPeyicluKCqtcXYK7uEXuK0kaATRHJkBb+IL5b14VXF3mGJ0qF3xM2i+JCBKrYjRNA+Tgmoiq6Iq7G7j0LDXYLp2yt2V7v+jXCgqTiWeEIb2lyETRz58Buhj7sLQJEmIXV5EEeZrg81AoYSRwbgCRVNOKUAB/hyzexuJQvhSl+1B0GZVRWerR8Sej+kIX1L/fT2VkHpqNgT47xZzJCG3iyrNW/ZTksBAJk5okkl70/yIKRZCLIHRz7bxL7ODH3Npk2AMNdOi691MJbHdka1P4o5NBPn5u8S6KYTzQCBHqsTb/QvfJePXxw4xvRsI1s6bc1ylzLvg/cin6QNHKyIkpWvCKezwi4OCQM8sNsdPPRcgbeyZF7vfn4ueKC+wWSNV9rz1sXzmtB1bqMsVn+jrbxp3FBhiQJFRBGPr1n1XlTmzWGLBhJo8vdCfTtm3o7gXQNWtAfyg4+j1O4dB2IqY0RFMEVd/n7t6kZ2TCsdlvc12cWqY6K+gyfQ6pwsGx1mfOFErQjZgCAAy/KbzqzEDq6jj/RIjCbaOdCkY3G0wFaxkDyRJbiSvUfI3G2kWLMw9DAom0FGSJTCoNiHzkaT57TLeetWAA+baMz4eKcAjU48OZaJl6j0BHdOKSuEYXAbgHaKziMvyEVUMv45xbfIixn8ZOZ1n7J1t5d3qrvWiLdAgtQjAj0qLvb5NFCmm8FS9/K64OUgrmLDUU31q4L/xhlqThoT4nkWHF2dOnclLKVVNATpLvlYwfKlH8GOVMD1oBRYlGcOkX2hR3hlAiJ3oX6skWmSi/uC1T0oXEgG+VSi/aFgbjbVMieoWkUJRj23Iw+14+PHzV63NjyWIE7hib0N3u/9CprlS/k0myzc1J4SUSXDQgJz8Er9vPi8IogMM2WSHYl+I+qm3isfMVr2C+2tRH7i9Nv0gdUAp2ujxy3QGk5IEwK+gjcSLkpi4u8yP0O7own0jeRk2ReqEVr+gDmpZOFRcNZIKJ6uzz3Gy4ToUsJWKfBR7m38BhSscH4JsD30tH2BYRSdi+rb6Sbx4S37xkAoFOg02OUjfOGJQwR0j8MVfYeVmN6VtusE9zk+zeJlPac1MfHQuKt5dDib8Z0fcASk9+Z0O6borbIigN5moqwGWLolSBEXx0GH73fPW4dmV+hUHwi0K4HQvdWgdaPAih7+JMKLMqV0PCyIB5fCgmekM575buDalr9i3sJRJWxXM6T6n+NhavVmFgQRGNaOmhfiesTwIVeEQZeNb4uS+KDIqNs/ZmQv1YBtW52TJIBZd2x6Re+HzDf9AUPijV+w3D56eUcTzJf2rlzeHIXLdj9bDW4JbgRzHsJxO27mIgd8N6q4xseu9P4U1yabE1gY0saekWxh3liuaoylYHMEKe+sue55S5XDpEBAgjATe8qLaWQI1mkcyJdGDxzz9+xVSPo9T14JUQXgoPL5fMBDuJeFq0heZvcvkvvwyA9kE5kmQHOk3vbHiZaxuB/GMGbWkV3CEcDhAwHafNFNgaAWj+GsVpItSRIGN/r5jLx7Q+NiLkVEbYNsDDbammvCRbqiwQkY5NgA1vpi99tB9pyF9E81PKjZZ5pO/MKJpH7yURkWagU8UQjvOOmIz1VpCHjhV/XXyoiF4xO17VU8OnaY1l0S0fTiD+T44o8lBqo3XV9d3J6sRcbk7NPJwuchZJHfC88ogk+OdtbSlVNCznr0QLw7TojMa6OjyrFBIXuvGqurq7Vu1dHnRAStx/TQfH+o90KM+l9dDLbphHV5+qh/Ce2K0wUuXiZEXRBwL7GuEEjxetuPzkoZbImTErE2GY2V7kPVj8FYIadLv+sdE4WqOwiXWkHwVXY58MMs8jjHdRBmdiwjeDced4DDLNjKq/vSvD+/y6JUHj0Tj3CZVuJopSaikEwc2iFQsBZZHs9fp5aCsq411ihTRz0yGVuOEKrBLILcZgepZnOA0tmo7PlKruCBvLIvTDTZ2r9BmTS8vJvttiAr2iMzbve+SoKe2I+IQJ29BGKlr6wFEauwrwS3Icj9jmQ0zeiXBUvMsUlC7sFIiwvehEDFW2cFE9+KVPxFxjP6YG0DZJEkwe3PzmYSnxR+mAURbV8SUKezdNWIGUn0TTRm3UEwOJZORUfUy0KCbW+uOC52ff4M7VeAp1RixOarvhkMkgjJJiOjPc2KEybPf2R+qFalQq7pvVbUBOr0124br8/Lf3Fv7n3HXxzwBHXWD+YavlLdkYqRIFNwl4VlLho8WvAjh/d+ieBmWG+YR6CIEUJUQr7w91CWZgg6sMZoIg3+xI3s+s4fRatbUFk9atMdV9c4X7TtBYT2Wdy5dtDu2VV40h5FJJd7saDTod7tEK9tu43evNZ+d7kZm/uvX+YKfFacDZuGI89qyzvEYT4qyT3ygXSPKS1KhHhLmdMSm8jGZpXBRvuFEZMsXf/c837BW3h4eRTKT5/Ur63gYWMKImG04cPsw93YvodpsTvszfNX72M3R7ebk33fwtL3x57kcaLynzmrNLCHoSgARfcveWZsGT1LUYxiotqIntdDyjBPOKds4CY7SHaejy2Y4E+uKCcwFm42yZtslPAW18qjVYS6xZV42a2BmazsNc1y5gTmi0GDayoralm78zMB/1+yMkxVdYSScdyqGD28wTGdi4mz38VHTzRsl04NSYb2yKx3O5q5/1H1uIhfKqxJM15S4V/eEiceorGXr7rolQrybf94bVVtDDuRqJTk57s9caFIoCFEo4hMbJ9a1OnZAMEx5P2uMjQ5p9qeF3iEpZ6gfk4YdwK14/EEpf6kAhUePyDiS9fnct3tmklHCmwWIq/EneuVoxCDULIbOAnIOBd7Kmgtc5n2vrtUPHx+Xs/ap6RhrzjIKX7ZjShgVrs9o+sbpVObe+sRNKIwQX00xIoSAcX9fkI3K9tPSnz1pWcS268xUIUANjpVqrLOmMXllBT14+AEhZ7Rd4l6wHJYJ9Hsz4UbQdFmyOzHNuGv8ur8ZP1LZxVxGg/0UiSqa+CbSrHrSDdFxg7FzaQKz0qNmdUSBzKIr5OS9M6uwqAGMoB0npxXlUTBmN5a5IagzKOBsPYyBzJctKuOXZcOvtDu0P44HWKt+Fb7or+b0eFSI8Nfj8+iof3EwGezhh+JhuHX22FIELfa36y/iT61TRX85g9FaNub1KyJxvivXFU501oxlzggEoLc6M/r13+jxnPrTIOADPc94tIss7gc/+i5gvsKhBmgq+v+zjk7HTS50tyWiTcd5fKUl9W+7iMD4WvVI4kZucQbjsOq+3xQnp4e1iF8Yl98Rysr4IkWDHPpW4YATjBgFQDWlYVgHFEmpQJJBhhxYGBz4EFdmPymrYKFGmZ+0BNNX5SQgG8+0VY1ClCYcC28VqbqVYiKtFvWhZFZNJrNKEjkgZFdjlxYX2Vfybc08NCHYgrBN6q3QWYnx8x72rt3of1ouRVMyIdovrVWJghiTk38heNfUKSLXlBdNi2jmHG6Bp1t76xBliN/7lm7osN3IQuZYkPZfC8vpXqTOaiAZVNKFRBycIF1J1wXe31g5vVI/zfV0sfCu8TiQtzun3G2hfv9ZmMpnxCCWx5t0pSWjxQye8Uet1V+A9LwIALGM+2RgBy1qvF5/VKlLb3WHmadDD712VJIynPyoCRkMbPq6/fOsbW/sz0ftpo1goY7NEFX3wrQnoI9oMD52h5vvnfJwKyOZnH7/syJ9/VM+NrEGVTlKi9ufo88wb6sXHmxeUp0n+c5kLbXPtZkcilc4ccFXdgmOES3APET8zhmrTnj2WJek7pcmjqcMA96/eY4g6ll8s78JQuYa/ybMhG69SK9OzV1G/2x/e39LAmPBfqG3/YF03yV3c+ru7LLWOK7Nzm6fGGO4M1kJtnHxYtjcqsF/EDlQmaCJh8OepRCVRdu5mGqQLlCUnXmbwn44YDQJw1o3dVu5cPmgPsRtZq2VqaBoOPic994P5L5qWsxDJd3GJjrwhggCUDcqqYZodPxIRGu6w30nDbtS2selO8cUK+g/s+B8NgQ4MyV8M9zMAj0Y41eMqRfkNF6Jul8FmErgQgX6KxeM046jIr9dn9L0X694SGdII+nf3sw/LbkmVT8X52H7/smuU/JnXJH2muZSm5Q9J0aK+dhl7DlACmPunLRhBhi7C3vkpqjP34zd3JPUqb6ZX5JT+eF7/Z3XYSVAT0ZxPBaqgJ+kMFARvJjF0NWy4w8VWB0h1O+1TH3EzcV8rJ0nmynEHg+qpkc1asx1C+3Y8jFfWsOGUjly5TQ4iCPgQ+DtwuH41ch9As9aTTviFbQdkmh+INmxt6hSTn7Ikd/4dYPnN2toKysfO2X6klNbWnDytRdtzInnO+s+0B+4I/8Tm/rNOu6ql7iguQ63oWb5RemVGtI9MJbZ4enEuG2++wu+HqsFPoquaCaBJVHrdW1C2fZ7gGaFmFMlweHlYM4a/g8oJv+cS0fRuGW82M2AEGk0C/tzAp9Yl8Iq+9zhMIHYc1tNHw0/DdKVfbeXmlarh9iytvIXywyYXY4a8I8BRksGastzouW4pMyo/rgI5adxV+9v2ZoNde7X4gOhwIL+dZWKZ3fwm8DLF9QYxtf+ZvOuFOstPd4pl4mBdzPYwvwmMOnbI7UPv06QdNDVPkq7w8VaudHnYdw9v28u9S8pGWVmSjy4tZfowBmrT+CdMN4DP/SceZFQWYkCVRCT5K8aqNI6e5P4Wg0LrKIZz3UlvsqFODTsDZf68+eF0jddyqExvpGZ7AwE9XNmZuXn06DETCMREW1RZWzaQ+lIcgwcfD0+A081N6w5M31MfEujmeLBIR9mXrjVx7rI2hOveM0urn94W6rNJ5ZdB4XNhjB/0fbeyy7Cm1bgl/zmpWBN02898KpB8J74eHrk6V9br4XkdWsOo0TWwhhlplzjGnVROkGxJDqmeG9B3WLREtF4yksQ0KvzZdUHIydUD9b9ZlvVa+VfJ/JC+g1j4yVGmj14RJ+FoBdMtivEzVLFpR5LqtSxpLIrr0u5vPm41LJAmvtB2xbZWP3c6ftO9svNWGjj/MgUCV3YWJlGDSGwY7CA8A81MT2j11mQ01PaUUWpPI8ejjfoy/WLAJVCaVdO4WH6sS+Ccnc74Tjx6DWbtAzQgZ8WTYP+wSPRg/1Ob8dZBZmljIb/BIkJ0semeUyJyQT38MrWXz3vwJ5GgrBxfFPc5+Y9ZrgmR471bcBuKpSBWXxPBxEm43mMUj2Nmzgw95R8to8CUZ8ueRau9tEi+Bz0KflFowC9SAs9hyWTgV2eAutYFam8lCnCJajjZYcZfKZnlB3eZW7AyOQVZuA52WKv8h4NUdieQsoeIfH89zgSDYkffGozc/QZLjduKpnyeOOcdYoSQ8R6dxSJVrzveDj8ci9wGCmMRfQh1/TexpeMdxt+8Eq2fKu1sM6DlOf8CR9MVz+MCDtNb2ZbCASdA4fpbKIOVGzgQKY2jg+K9Y2J+LMWEr385IIt0Fm35fcBoxJEgwyjaIDveF2fAm/iG/UmYAnsybj9dsRyDXKK4aK4QIiYdi721ZAZg+wkVMOpr6N2dqS+ZUd0Dak+rj2sc6Oyz2P8+DuNevkeMFZ1CeaTZTV7Lm6hunjhsbPuoEXdSUie23eDc7Ql8OOdsSSuaKH3ZxGFS1xjbVsjzzmMuyDLC2sRQfo5P7xIJi5uKnEb2/tVIcl2Bn+Ixdke0pMWS0KwaApNg1gGyW/Ly3iunly193zYV90xRjEokT861U3gcZyoBfFaKS2j3L3lJLVPSUveVHlgCEx8uGDEl3USpl/IAoBZimFkvyjjNJdiK1049tq3nYz0p/NEJAoFt/ToSbIh7QvoFjXVyD5ep7q8IS9RxOaaDLfdgElZ3VXkbQf6C9O7Psx4B9vfIC97PQlveFlFjltfBan5FwQCzq2yVZ3R1mCMbjtW3fz7BRphhEy2zOCnbAwG+6yw4nXd9LfCN2aI/lOi8/989zSx3oTSQIiocQvIZiWDkLUSqbMY2WXSTrcjbD/Loj4JrKST0CrjLLMN+K10nwEwGE5C0Va9alCho3RgxiirFJqiFyYPCbdYpuLlpU1o2zTeir7zzDhRLhrYxIsUCAPYnjt3+37YBVi/M7b+lHloi/JO6/zOuoZfOFePo3do5IMr/54aGgEtWzpl0LIH207R/cq+hYnD2Y8j9VHRAfCN/hPL2cEjTg4C0JgeZYcACT1+2aE0uVmEfQ7TnFmKk4PoqeIw4GYqKAV4VNCgsmsZBIj3XfPq7dbvX5VXblWZ/IXnI73hRnJA2Pt2Xi2XxQhUDxktur4AlZJzmscpy7X3hbYEXr2Wh7BqBWI0QHHmTUH3/twrtBnmIcDsy1PaFgPDPnxuS8NAqmh7RGZzJ1QfI+edpxwHa8sOw4lp1e3ux/ds0Qk74GHu8LZ/Btxh2vrfooTxix026pVshGP7B/m4ykn/yogAzetsoZeHF8i/bj2yG5t4+dBgwLn04cAWMSHwu3AwdS5/PIt5MAG6X3zqXSwzUP73QztpA26EVT2ofgPi/NBFjsli35qAvZrWZWT8FxEc+d7XWCP6+i9R+qzTq1UYcRi7AWT3iItC9IYohmrzKvUKPqDqxDS5eF2FrEnWhKZN6HzAHcaztl796jIDJmh3gH45QySEWGB02pCHrKqLeKecP5TnYArFTMNdSXrzatoJFKrP838KV5QVUelMsD1JGUFS23Dl2nP+5VvHW4kvywczuCkfeC3ngpgbrZHzmzM1fCf3YP51DMxLds1/X7bRLvrNZ7w8P1y6vLMKJk+sZTiD0lmDeWrYjmim0yLpm+Iur7Ox13fn2VLL4hUCFpu1YSCuaiAEg+3Pjwo88huw2sCqusiFscDdUtAPY0G7QfiaGIuPYEIRcwUOH42LoUWjDZsQr32S9td0grY+7Wo4m3yg+McSTLkviq4e0a+RuaXIy6N0l8EoxQFtVSEr55MUIU4AcqO3WISrnvN6IjouoxwJO3rQiBSAz+PXxwh6fLO7E1XorzyhxYSwyyhypd6YXEGx8oWyWa9svcqPTtaI23pw5a/il0ZM0+qFTVRv5zpvG0HRXnemPu0EPXZxdvXMxeZKe4zFRNCzblI8Wjwkhe4AM6is5+ELIx7zDJ60wlrW2GJ1710LEVknsKu70xhWTByvcuQ5V+VpGkz7o/2zuU38RnYeuTEECRI9ULRPEJva6l7eIuHjM+PJq0efV6ljIs/IN9YyTkTFwEl3kIJF7PwORM3f0E079EsyvT/KnfEj45IfcRd9XCDin5B4K/gfTEbtSr5gzWeSuobCeyiCUt9UjXZ7gzf056opZhEnIV5PQQ8Gr4HPnmQtjkgZIKNBvnl7fY6k9ShOlZsZZ9n3/kh8uufWWf20N7m9AhqMYPhHN3TTLmi6KuqcfYT03c2s9xolXkJcqrdnGILMigUGnit4a0Q75fYqbP7ZT6GWF7vo3mEs+PJL85/5zHRIFJbJjdMhZ7pUnyu+gT1r1YJW5YKu7mTBK/eVUoxPCaHQVPRElAiDjqUbG80Gi8Lt90Xh8rbBSLe+oUvy4suvQOs4C9rs3kAZdvccqtzZjiF2m/go+fL0fbhD4XC37INjmGhmQxUcJmuEVJ25UIMrXQSFI45yrx/hmAamKZeVEP95YTwz4Lk8xIzp2Tq5+zKAiM919B/xve4S9PT/LH9NDrw1I1vhzY+IUqtUxoI9kBSlsEnqiIwLHO4h7yuF9sEX0LHDXy2JP5YTkMgcWvMJuRiH4S5FGp/zEzPdXgePUrnhhluPS8nFJYOCd6MC8iJI+LREV6nwKBJ2EFlLnLCu3l9pcSegGlRFPcmXF/lM/KWhWZ6KuDZ8EYyjf2wFHw8MGv/3pXn76ymKOtgP9DiLy9V4vK6F+AzvZBS4yAxBe06NirX6DtsPRty9Xf7LlixhVc8KU05Muv5jUX2f7KOJkPBdCSvgEh/t2Q0tvdD1/SUyD0ASzLZaWeYy3ej7OQD1B8gQuAX9v2CHZbmm/B7+HYQtd15XeMdoX0w9+ZlCtq/fLZ/n9VqZzIxc3ljh2eyOqXVf947GZ4i2c/2pEf84mCj0JLXarWIcEXeavej/atqsDFpI7km6qaS+Km+YTOzDvwC9JzN8fsjbwenfWNzavpRfN6H6o4P7nyfnfjMMpvwyZ3qL3h0P/+sxDswM4rxGthLv0n03QOzou0/gu94py8+OiynVg8s/xfOoJTurxKS/uKspi/nOHT2OB3W5OHzhLlzJBegm7/YXwHeO3Qk+fcnSZXM1/7qYQixB0lIRweo4T4D/kE1cfTGOCvMXeYDprQ4x2/fJdwGMryInNLBPC2kgMDZFxXInyo6QE6gwpat0R/SPgVqrBHJLTprgeQXmhOwgvg7d2ad8O2iBbzkZ3490lDsNg+WKx/6PqM7TNMvW4kSDCZNkWPKcVmXPXqU5JuhybkcUpdmdvGftDg/y4iFi+lMD2T40CnpOsiDqmFhUdP3kRfScMvxjUmOHnA5R88jQWWjkOQnsnjvUOxb1eZeqO3M6qg+mhjEoGjBbL+qTX0Ugrp3ZGhxy4l5poa5dYOcHsoQv+yTXBAye2XCiz5Gbwk1DvAuRySiNcaoIZvcb3i89dzZqgj+1yEgJJqlaSbkBaEP7aIGX3JkLSKkvyzdnpnoXX7/KgBoVuOfxF4SXm3gEHt4svCsuxthZkFiQ3Tc7J8/rczewQqgKbBGrRnmEMBkysJl68imRrDR/tVJCu5RHC30l7MGRHEt0avEtqJheSaH0Y/wSySEm4k+43UaHc7kDiIkus3peh8m9H/JAO6I0qOiyte/aj8am7LrRByFbfaPQCMO3yTAAECQQResoywliWDC7KnJEZVmvAMhufvzl3IW0lhkznQG3zaJh5N9Wdm7vyD3K7rVZHRM84tz3aMAJM65pswbgMyDq23zxvCtU6kZr40+WWEKI4sWt2HYF8ybGXyFEPF4uljt6yegwFXo50v2DbEz70OiUHm7A6Mi6qq1ThnnFEM5RzmN9G0oP+rCl1w8+irQZPHHZlLrg+p+OT5qLZa6qRxba6wZAyPDSJzTiD8SaPOKJdJSLu3x7esG4/pixDatUj7qP8uOrZKDp3JUF7zg1L6i8OhWvoKt0Py1j997H2FcuVSMDL091ioePhbcifssXnwxp3ka7TVEpLFR5v0L+0FVOqBaDhTLCELH7VeswjrQ+hia+9+yw6Oy1Uak3bPktSBf1x232Vw3d7Qm7DVZ3+kbkpl1aNyHRmjWwJZG/WW7M+pIoD55QQi/dqQc75SCbss71Tz64aN/M89X/OElOmyw56Ot52JvnAVzJc9DZtfwlCvElSkb+9LOibTY6SBazHakCpsGVhB+/Xrfo0+W5wHcL/m5tE8PqmK8flXEOyKqHNTwOVZ8j2r2ii48p48vmRA0R2jeTXsUkdMC8F0zHFs7ngOfBnsPBJGOm7aiKWU0FruY6Q2/ofpSobMEltjTx/mIOpvxwD42UrvUMKtmV01aHH1CSIEFq1voMQqzOdoYucq6ZxXfH9zKamjGVYyj0nWWEmsz8dXoz3OKQFAdKTjF8iCS/Eb8alZF+hMZZ7jrCMdc83KXtXbjqdI9S6ug0iIJG/PwcRVwajKooCBC1j0N0bt/VPRXaNkcJrxsvS6I9pMcAbsWPPkbQ9t+6BRQi6Vdp5cpfJXv/VqRi1mYiWT8X7OfX5NcYAwElkgyGshquL28bifgA66KLHttFKHl0k2V853VWMiIoN4iN7G6qEgI2tZBV5RI3A8zuNNrWFWngnJ5wd8MunYjyUVpouTKIq3FLywLbEBO1T2BlDxooI25+DT+g43fOX+44rL9qgG92yB9tDtCCy8lNSVSgNaTxe3IUB9FWX34A9QjlK9MdQXRx9TPHlH4hwtt0UOEGV/OeHLOYMLt5DvxD6yaovUqMyQAFvobjM/6Vhabaofdllaf2V6wJh7t3ZZM/obc9xwuuAglxvAOvkDWuOUKQEoB/uvO+PSrfmxBLSqVsPXsq/qvst/fD2q439Kzee+Q3NS7E643AVYZsIsvlvxwqIcLmzJ2DzZKkiQ9p/vHYLNl86elLY0QqeM05IeW7kQPz2wQrk7MCEW9uhV/A7mqhx+fbuLrPVLNTCHJOaBia2Zr71brnol53yxbRmL91j9oIDbXh+xH5z6sU7ipEx3ABlar1cbD2Hmx/yerOeHWle4sD6qrOS3YJMcwav0K17Ptpw/yfokv0a+DB+MkixNA/3rGhsy64hJl3cuLNZt1RzUqjxWBPeszdDQhlLJ9RCVFmFrlTHj2aC0jfOTWcyVLc1SHsJ6f92pX1EgbDqhl60lrQX5m+ETh7mv50fPaiBIn9+BH2gvfX6QMMhMraLWSGq72wAjFlJEPxrI8vlq6EqL+W6u49/dba6xA50bDpsRbCkDnJYBHmNiFTG5l3sfkrmtZx1do0g2iASIS8ygygfjybO8h0FaNlUU8/wxGg8DUG3htLBqdEAHzVsbE54VIonUgL5wZ5hChbsiWzyWMoXTffmmwkPfo7XTBIUmh0wlB4kC0Y8SoEkshqDXkxF5+85G5Ida6ESh3gf4/JgCbXc451PVu0IjI26MWsfKjZOOwcx/Thv71GbUOwRT5BhA7Ai0Xlct/rumGaLIIlyOxR4as+ELZ2xb7Z5H694ftxNxk25MV/+r4LerCMvt70KFOWk8tiyHN5wvZFUuLcYB/NvWtOwqJfDubN4mJcWFqX4GufxXrXZlVijzxEVYoLcP1AT+ucmDdHLf3dwqnenqQKce0VO27qRqxQ5/JYY/wcrR6oXSHxYiMXLOkD8O2HvQ0jAuFe9pOFg672oEVImVnt5ElsMklwK8X9yDmJQSO5i18v6+kkW0TaaX8/aEv/oGrv8o/MBdWTDAfcLEtOf6wT9BC2Ol2VLH1EwQr68nKQkFlwBrCQyFUAxXwGXTOgUpbGf6qWfpKzlS9Yl5SMxfrtKPzUc26ULQx/ejTIiSLpj6drbeKOK0/KCjOsQ+H9qseJnus5q2m60X6F/g8RIG2X6SvfvJtHW2c51iWtOOXd0tDy0tcgkFYenFh2YbrYFSar0D8kr16BDdPuzRB9XiiKx7Es6nM8JWdaf6B8kz22kXlwxCSafZUmaikBDMyLi28kX7tJgZtRXTG6e023pwzuo6IRUz7LLPj0fbop9amnKGxjEek7yQI2lZh7NUe74fgH5PpPgjS5o4+n61AlMVVF4GDor2XAhLzGwrzzyRHIG7NY9M91uW1zyh9nxrl4RfHq9Mc6YQpOH5Yaz8/38HbHFYmIFUWbHn/qUHXlg/1u9AkLyuGTZJmjnOGmhyJRIMG7l7UQa4oeX7nzI6+yYI0/9BisVxi+JA4bL4WfiJLETAc7nRhe3glfRtw1cqHVEcJU0mxuHeY6LZLvPaVYwGxE+324GSbnYCeZ2wK6Lcy/XrSKuzNVFMiJr2yVnj9rlGqSp8HWqZCArkkWeeX+JQbNJqhaRDR+QjDcyMdmxx8LevB/klSdvHDHuGcCfSNoLZIJwPDJwfKziMjE942XN2p+OiWUFJ6aNtF2d46nvSEdXu7Nz+lj4IUTM9/P9tAsz9EBmoM23GUH7LdIZlQK+HlWycXTY39fX2hbj+SXsXbG+jfoES+z83ImAQOIpac4W62Ctx3voqQ5QHGGoILqjxSaLx02KJsWAuTRq8V+6wR+4wP1sPiwOZIoIaev0VDwwX+dmjr3u7wpnUzM1askJuTPmLd7IUN1NNbICdmyiy5vrTxKOgGi3qdR6+tl/h9mGFib7DNEqRAOwkcnaqlN0WcdUAVTEzR2Mq/bdGMXSIRrsDsS0K5tyK4xHWruGcvXukbKTrT8k6QvDRZ3rKoIBew99P8fjgLbgVquhgqsJcOZjh21onY5TcS+oVQEFo7IfXuXRxH0/O9ozc+Tpnzl2V1p3kblHYb0OyltCdyG1j66PlMc1sL1JmTy+qb8zqezq7CAX89VVXm69pRugCOk5poRrkzG/1GYnFYeyKMshNP/O9i5jVTmTVGppYLZ19wOQbU6iy/iqzieuTCck8tjHlmnwFEL0WHr++5WqcoEku6WJHsL8i84ok5qZ49HfbsKDYfB9R/EZhqjNdwMZDhu8xugF/yCzwbeKV8z3D5452VbL1RoeEshj1Yi9EXTmSksmwYwSlrhlMcV2ECJoiloIxH5msY97DF8SUJk4pkCfDIoyNImj06kgx2KLln5Dtvey4Gg0hS8+jhV1opue93bn3X7IATjV310U1un0ePgP7QjoM4HIee5hGLr2cXENOCa+HnE9BjluaRLGoBQH3WQNHDOwz8/g5pY5RR4B0w5f5na2BN1Tuw900zynFUCl8NEhmOO+eBxmU3bIkrUKseDumIsppsQs/LrHsf1UIiNVAXeH/pGH+/8iodybu9Y54pS99rWe6SeBnnzYjJqzKvAlQF3rj502Na97UOnzw/XRDd0mW6b5mU3s8Kf9SA6jHlm1Srh8vcPVJPrWFwmgWN1jfjcO6T94gphoVjfnrIcU/iY2PmG27d45JU0N26e56/lQxVEkW5n+PqlBoyzs8v4kZfPRJfIyE1wL7yQvLXyExrT/dtYdzA82G/nB5t8+OygFabBao29flDPvMfg4lX1B47kk++VrQ4j25ARkToa/mzhjaUtwg631kwTqVyKIoiMliZ3bUw54hDlY9IDNKI2xQZSvY2IDwHmZBMUV5bLIepJX3WOmLVZtM4gYTe14E/oHnWk8/zMn1rg7naYMNFMxtRo3AHWEWtZoe/6DbmRzqGY20Y3M/LbGSzA3lx7MQnzMkXrsiMXPmQ2qVB/QelHK/4NRTXNqjFmzBJ9h4tepAiTdWuHNhHK75PRvD8ncCUJil/rtoTGtsTx7OTmf4CWV2s56jDlUWvvvi5ovNKG25J7T70fgUtcMINUkp4vhfKwQMM+fdYWbm7TQQI5Tdciv1WzT7NrxuNDs1Sp1O9fNMqtRqG4A8X4wZwDA19wd0dwQ5wUxsnMWKP7FtelwLNKwhsSfLaxR/23h5mQtQwhuK2pJCgG3rjthRz9VxvF0wQASxZYhg6fYPSauAmKsUZeLQFY+NFEOsRPNPG5/XokY+41qj0M8Cey2A2fy5XzrxfVSoOpTQpLMvFwzOUdOAaFNmpIUSJCw6fLlCxKfXrqKa/IMziS9wKB4vUWlNcQPBhmzTPDNHGrisGk8nzFz/E+ZeZINkthjRf9/uWeMLESvAtPl25BYXWp0d/1yAXPSZpgu7RqcQuCdgDeS73etU0CUsn95zWQzAJ9pEyFDeuGXlo3z6J3uM1pfEbyQY4qKGxljN80ywSG3VXo6OdwdIBniGrKpi/ynrLjShz8QXcsIMVmZuqTuskA8JnVvB2MGQ29icrbtOLPZyN1wpgT51shWvx2Ip8lL/kOKCCnkeMfLDa8Z03JArYrdP0DVxTEFi3DCGDNJlgDuEXc5BGlus1tie8uKtyLy5QvgV6g77QfsHzGh7tot0dLV8FLE8KyeHX1mRofcx+kS3oCpAD1kQEQmP2WDOGHZcpP1alwR7MqIcHPWTQZCF7GRogX+nTKPKXlgGLJMI6R3VJjIz8UO33Ax4zgspd6ytgBF4nojDfRTXVY4SEPGSBVW3jOHtfH/kFYBirmke4MOh3mLK5TzQ9SouZ7ukQB3TF3ZQxpZtPM4KEuIH5g1EoisJm09leCsXG+4FjgmDXliNhy5airdqaaUFlHc3aSd64HIMejSOCdJmYlhflmEh+zQaGcoti78QrNz6pgqiObgifdlebT2Ddqlkw+gvGhTKVYfbyLCM6+OJ+xx0V3/I0ou/L9Tz5Jc+VJB02U0NtRZUSklscohtTmkKDYcCocHI0uiBj675rhDfw8EsqL4kxa4hpWMnjb2seYV7taTygmAUjakpMlYeLA06UnkBC3KtoA9YJnIHJ5tGO82rr8n5WlcHNruXwL30WQ65oxeFcmwvDVS7cQYjdTca9/zY/+vue85dUQN8zGuq2tKQIhiXp0Sve9+UgHs/rR5IPeTNHWwMN7M48sj2/rHkfjVsOM3gJLjcshERWBI0zSin8cOoLx6jLpY57xN/MI3aBXSktJrqifZ8ucWb8VXrQbiUZHcH5qhaTqr927fKE5UKV6hSH496gEHhCF3ixDp+/Mu3s/pqiGKFM7AEfnbNHJGnI3VKArAIjvjaOYx0ulj/coPKXBFUmlmkvbvYaqZqth7kS7/4r1hG61dOj8WQD9LwkdOqRE1j2DK+Q6kMUoOiXeivCOuGk/oGJJdnEtcOe7WO86gBDi1JeTIDXH+IMUgJXfcvE2lAyZnhbcfzQZaWpQEPdBy+4NQgwo/ZBvCF6Y6oViKkyif5eRhc5VJ75YlpbaAn3jGgR/F2sbIPEy3Wnnx0kb/DVQUU9Kn1r39unS50GGVJTXiSGFAk/ZILvRPOAt6ik537HR3MBreGFrNaBFI7mJknf1584+dcN6gsXkKxTqAQS942VIrf0lVHi9Ip90NnPJRQXLhZ4IrBQQclVDoFckZDWyZhMnANKyVlO+wu7RAiNnyxGU9f0xCkknkMoV0E3d/FeV5LnwqPLJyQ5/0dNN2CuPgb21/F7Un8FdbhpNcafXUo+zOybHCL6JlY5QIS20WK7rXsSlKhgzfFAvRBUzIWr51tU3kn6C2ePEKTXheMHlCS0N/1mj4eVU2fHld4m1Nw+0/qxsR+Wm5doats09dW2pX+t1dezzE9mDAPsBQ8L9lm1Hsre6k4B++BLtazkgZd5JTyccq2grUzK7Lp/KZvY9sjSh0sMy6kqe2jUj/hXps+pmENLA/vVxyzKnDX+Pavpo0JYoaKcEo++flhhnRzVBqugNjbnf2/i8K4meCEPKjlm1AI2SrQ/2/C+8oEcwNOIPfON1OSUZwAkEQjWNogOtPaOjJkpdCJoXjnoa3eshJqYsaRFt5HVZJda4h+Z/aaPhHcS5pO/YeYBUNH85/yinn8jyS8hqaE4x58EzTXURbbn3edT6y898MyQKmTOCspFK6wKWTsV3FHtOEdFO1wncsyqn2ZGmfO1S1XUyv5+9M2Mc0TYvwhUr/pbh25mXz8680zV9q0JV1ovl9jNxULjFmi7OwKqlTYTMNGIb6IWRNzQd1Rw8bPvGI+bibf+4g1nogO29yCL7bcOVo3qjDZbqcrAsZV05ANPOaifFjqIj6h9v4WgSRIcR2LksrhAfHBuIixhdWhL9JFNUEKa5fWc4VnFOfIDolq9IAWoZgsBNwiTzi+8VVRrOOBkjV4/FR4V9csddOXFYDApYBx35TLA2yKBW067I+GzVoepL/1kUplzuDHLFilm9QZCuDiQj0ba3qfJ2VNkV0T/pNClrOMXimxgkpJ2kRQWL8HLD1tT6zdU+MIBmCfsQMXlSeXOytJewUuKd77kcDk49XUgykkZ27rhQGU4uEQmYBSHXKTo+Tc+JEA3akTT/wrGLL/q/uT1sNqycuHcq1rdGDNxsAJG7uguTmXoZJXyAT/k/oIyda4aXhFL30WFB6qZoSXsKsn5nzh2QOdGNs/QrvReKLCJX8YM9THMcAPptwsuwRTbcG8+io/hW5wbW+vd4qNRusF4UX245QBrvAqLvnGEB4pHx+p3ETzLJ5V7s78irR66MEGAeuntavM/BGW81ZuHfEa9Wf25JSHnkEQtpTN0a8TDoVQYKBAvYiMM7vUeWIOim5xxJcHjfhFD8iv3cvbhv58hJV5QN5pTCfctnQGHWSZRLVXNWD5fOuG04ZV9R5w7C4F+K9GwSlOdOZrK+lmtyeFHtkON82L9jdu+Am5aEvXCxLkHf2xnpssJflm9OhBHgPfI6DOFSog8keWnrrBw5S1vGIMqOwoXWGLn511I//Om8YrqvljemtFrBvPojfJUVe/lG0Mv5UHO+8GEJpBfg6Gff4Anml3Nh5BaYKypHd4+M98UAXYA87D1An4nr3YtdbTPFoS9NOGC+taspj3iXpqBm2HcL0qSdQ6L296alzA1tKrmE3oCEOOcolWuKo80/ri/gAACaSisn7Edil1LJ2prt+AwIxVFmN8b44+hC2UxPvvXlbmRlRqL8vDrtcCzMn2R6VLvIIuj6HAu3s5qApXr2K1annOGX+tslJN3LfmqRE4jyqOxgtZY47ZXH9zzwki/1BdVZZ8V9LJIw43eWElkrwCLiFToxT1swG8BPiIxVfs86/IjKsGCnvacqsIfchpQ5Xta8CjW56VQRlg+z9tOAQkTPOfitlO3r8pwNvUVraX0LqWYdchHv10J2h1KGJet8pz3s0lO9NKy6oOtj0HKnEIVTxmv/0UhgLr1MIyoyHvpKONfLR7CTYzEB7AhbEOnQiSVbonh2PApcyu+3hLVf+QTADqEX5424s/cs3NPUIhFkjOP+2PLfn1lBc4QnansmcK94pWJDuAxI7LVsY5Xr7yZ1xvWl95sBtswUtF5ELDAlszhWc1IXqHPpinFBt1a86VVwTxUJ7qglNFR9siHyIt4Z8yy5X54ahTainPHIWB1zdkuvnx20iPH3MuADtkR/O0qOn6XJ4iWYaF8CDnLQM7rgsOg1tBY0bJJFWeQlc98WhC7c9uv+I5BwEAwHtFB9hqlv98NczyYsywFxmVZDbpLrKqD/QW3EXZcSq96LGF7nVVCsODoKEDtZnkwHKe6iiKGBheMZDOLAgo3L5FxhZnIy0S5Ji6p0EH9jpQLStGKHqefGOWpRWDq4VQ0vNXHpSKPNAO7/KvNmD03IV0B3amUZ6BPRsxtjW942i9fCkEEyjM8I1OElkMNUwXuz7qCwwaN8yGOTm1VjyHeUspX7mmPRIXe71wfWwc4/5+B0RmOCUJDgxgUT0YB8MMTEL6reNYc2sgpvbZxftI9Umt/Mw3z4vbopJdOSYCzmkmdfk6Ohfml9z8vvBntkoidB7fViyMwAXbMzitoGabQCIbLHvlMcYiLwT3h9l/apeAHErRY/DzKc/n2YfkiSmBUbqd/5mc2iqaausTngrKqOD52uDqi4o82e2M00MxvCjjNUZWInwEqG+O18Wp7FVaNP5KlbDW1ZokoZW/dghFmbQ/TmdI9t9dKv/i/ETXK6Ob6wHgm3NodE1negPUChMrxgQPiV/FT4wdaADeIW/UraR9JayqzXRla/t7zbB/z8fIt8mEO4Jxn+mX2UVIZWelG7BWSYH5Pw9kDMmPd+OAfNgBPlllEwCtvL/Dh/tnyHEL4lH0WT7HnAZZJy973WfEPrzc3vRUVcjmyRRl0t9Hd8jldYwRmhXEj1kO1aDhpHGtFnrKOX5Z3qTyjvJBxfr8g2lDPRhF+a9lgVpY9r6JcYv0yDwCDX4kbMGnpXvXQ8RpVSOeePrvjeoCEwJU8o9hyc2O01b/motAo5R10Qs3sHPkslhgaWoZDmK6RTyxvQPsKjQM3YhiuOzyvxDPaf1s28KD0GnuU5UdBGFxlgf1qbWLOO+mRuipMEMRaLVld6j5cmg2L4P5i9/HbmNFxexZGTn+k3gAzBiw4FcPllv3SL+5god+54l5a1votyzFPbm2IT5ZRpI7jqipSvlCej6BlY9Zc9PvTfFg1poERVBQ28LDgmYTl/TzTKY7chwVyXzOgr5Lw7eKqslEaLCvF/ai453vhpBnvn3fgkv0D/DvPHdODb+bPMyNsx7RjDDbQL132+lRgJ3N+wqfguZn3p2/IVHre65jdkmNzpxzj9yV/YSlVLpZA37cuRZdZqrqcQA/fdzj2kXrPJe8XSVx5eTz60MmCGCFsR8EKD56R8xOJ9PTeTuc3vxhTd1Vh//Gb/W3WZyf7EibuLOfJhWRX/mcR+BKznje2NJBhqQtmbTGMtgp+idTPHMDTbaGlr9Qi9gjd1g8vxWkL9Asniy3f+JJkcliXj6SxTlsxdAL/bNF/vEW/JkSzDEYVRA/u42at+Ny1/DMkg2I3EJ2+Y+Y4RWaUFK7Ccnn7RI/W4LQ0fLhAvXjKI4MqYHL9QmXbKq+tGgr7pmglSgboJ8vtQ0HQfJefbSK4leTkN6QNFA4LZGVcD/CJaMR6VxCnu5yy2CREBCCdtR9AUW5WFnR6VtzS9dVaJHbO/EVfXPIB3qJQZYJcEfJO7tipRCCfgRwI3aY1b3Zphj/BgMmHIOB1wPx4zC90uYQFvwliVBVfLf6wNE3Tn/nweYktbCOM31AaUD5ilAjLlL0DHz5xvjVN/fLfJWzQkD04Tj46QRKy4A0VEmZhSsXGA8gHep23Qb+Z0qi3I16XZ5V5jySLcQtNV8yFpxzv4DJWWvOTflSlE9uNuTgyNN1EctRF+MwsXul+RtMzZH93XQFRDrJKxV6UKjhzV5p1NMB2bft3D+1ZkBqOogSCVyJn2SLY4MFVgHdelwKNtweRHUbZxJq/mAyc8pRpbYH5OI4ISCrz8iHr84DjYE/SRA13CqOmyoMhUip4wXNrMu0LMfez7ZzKd+KHXS6a2Wi18yD9bAys98qPrDKssAg/UmTwX54t1vQshEtCphfIHy/lK5+Bpek3+B7n8u8p+tUXrPhHkQiPVvQ4T+fz0VqWzRMAI+HvPv1qpVMvu3nnw5e4tqMHu8sqqxbYnDe+PGxuK/F9eXAeKEZFe3gfs4Lw8NWoYpeFGQVTGFjmZpLsvfQrQBwh+WgznWoZTyW9bO6dnp9ZppnnaAepMtPSOSKGEuhXmqG0/KuPDYYqRUE805d4GCpwl/AJm2phsUGeJlJrPq1+VRq8yRrN3JMdJsYSzkVObSEZE4nn5+aRiHJFJuYWgbO2NTdGQkhrHnAl9jz3hwaSpUcX+/d1GPEntjC6z9a4f1bOwqzDD91Gekd0hS5v72D8MMy8qK2Zk1LYswejCPuG7fFouaxfp8wo15zZCFtTRyHLcNhR/6JqbIyIUWYCZe9/Ea777upa9/YpDQ6ffSOMZe7x6tyS4H77rxIx5m9QqgDm6wDeIfBJJqj1yzG1a3s0+4P377iJEea7uLk9Q0nswbbKB7LE1kD+OiJp82ZzcMpRQsqwLKR1C6E9Alk0ufz4MDUXXvCPbvgdPMqMzTwICe0xqQpZwqkgybMfeNtbX1VwQnVirippvrt108ard45H0jrPmyGrY14fgAUf4SbXposYgyEudy7jWM5pJ69YBeeKyrDBDyOqILlnQ7YDv7w21rwgzjla5V1S3XRS3HUKztwR1vpuHU2hGFDt8kUcSuliAqubpAOazCa+qopXVi6h8D1/2cHzDaHW+1G9Ys2pfHSmDQeadLgCc+QngwwuF/cG1/wKJNbfr7WSqYIawcArKcsCCwQ7wf3lPOyI48Fv/8L/2EcyaTG6x/Ez34ZzSQ9vyFx1YZNtGMPdceVYBXtrAoxkQcZnST0PlzuhIeJSLIxcYIe+qSCiI/vCZe3fyBgflY15l9lCqI/9ogyL4cHozME5wra+vqc2/dd/dwPznBjiGCBbembXSG+OTw5jN1aVHtoLcsvEe+QpdvEb1o6rR6Z/VUVu3zhYOgB/OpoB+ilLMoDuC/toh95Each8Vi64jcoclQM71oM/HzBZi0w0Lwaoqutw+Z/BUZxnHW2bu+jzo4AeYIMSq7IGyJG08s2twqMXrUNv6eiD2YJUao6aPaf75oRmnUm983Nhv/uIGB0uP+iCBnMDMKjsSYpAcBn/zopvEDxX9s2ItqT+USAqDWwNhd9NFcTorD7TbqfIefRG4FGjU+kKHT2/oyZm/ASNST5iPszDlh5meVNFeDHV0gscWqDpteAGMVbudWAERD873//OMZEP1H/9C+08rn3PlUdmlpXhxdzDBrR+cbmxbVnPJaevx8mrtsPpHgj4vJ9eEGS7zhjuD0c+8o4LiIMtPcTxWSU/f2tgmUj68L6R4wOmUIM96xZ17/Y8z+pfJ5tV+dXStolc0pRl4oN7v2lr0Q+fKWDEfycPCIuF5ZmzZc0/ayJ4z14XXOSZsu8vIaPcujxQlqgthtckk8k0r3s0C2apHYDbwNjVjC7CJGyBh8jX/nXa1CM3eOE4Vb9Owm+AYVNblU9iPuviELT6zUQdCOaNq4VXWH9YOxZ2oMLX/Q4die881hdeg6j0AFhiNdT5ticztgJ7relWJBJGtuxrHBktUgU3G0VjeZYykGAVUwL75OpAZQwcgr2gCtmaoTQBNUidi1vWlBWxIMS9KK5jMSTYh9ldUsAvhjtdu/+QUbIuk7lsZGz47yqpHqRDf8HlamDpcM34uDTmEBjOz0DJi/uy/+1d6gP1GNqOwgdEhh6h8Ya10z7aX00z8GAgkkCPtLeoPNub+RoPHsgbyvph5odIN0mzAFMjbF6e575LeyA02bq9NF/ZF9CdcuI8L2qWIZhlgGCJK3xYxvMNuD2rqibk5KRCtjjuXd2bfkDyKXugdp1o7kV/snuCy7eCMf+N4f7erDEYeH0jw9KOPehdtfOOMZyXtLuQ0hkFHXmn7diN/mOkJtCqEgrQM3RK4+Bzwxaa3biiOLBBtF3uRW66tZ11o4Wb2K/ZXNttXKULT/PLh3j2EYDKI/cT/PMgrRryLFbCXchpc37F1a5VyGPEe/d0eVTOqi9xZtQP/h7PqD/r9D2yo8c4HgK0Gjv7ezEgsjCdHFVkRhz06H0RptRc5D3oe/rRi+aikjAnOxLVgedf4ZkVaB2kw6USYkGnQUgK84gF4/T9YHtEDusRRrI+VFRI2hvtb2qhwe+BJKNtACT7d5EXmAV15iTXYVjwTj+PoVS7h0wnpjqbHMf9MXjAmx/eCyYKeHaAISsxzeHZfsjBgH+eH1iuhnMPNPovlP8v9JnO5yRoSuZ8WMERBIH/Du35vObn/ziECv+Fcv0p5WOfr/MjQ6F/32II+b8Q/O9X198hEv5fOEz/979/3x51tlZ/Z+D/DlV5XVb/7oxR/wuj/g4ny9+h8v/cDWz3v2cA9PHk8q77zyP9/kagOvv7jbPYi5e1g/0+mi5gXtB1BP8Pjv57raTb8r/zvPyzzTWIIoC4cVjBAPxOWdar+3fKPG5DloPrws9YHVW95t6UfMC3x5xMz7Fq7bt/Xy9Vko3H8wF6PpRdsiz//l7afP1U/z4Uz628+gaXgInnczJ//vMRfJ2ky9g9KI7578PgCus8tjk3duP8HBnGIQdXqrvuP4f+C0FZWoAY/P+bKUVBxt//mE8Yhf6vGYQx6P9lCqH/v+aP+r/m7/+arWcCJvBn3SclGCDwvvUn6fQkzTt7XOq1Hofn+3Rc17F/TujAF2zyacvfRP+PwSx+//7HNZiuLsFv1xHMerJMjw57Phb1CZYH+7sl85+j0H+OPH9nyZr8F8r8fUTEaXjEHlcHrOUekCaVI9iVpudXD98Gmxf8x2EcA+Q2J31dAITAcUboBCdwsWi76Iw+O/cN9BC6FbkJQlssnjm8ajyMu2SuUqsfOWF4YsXw9dkwJWcRy1SHWBABkNjYy4Pw60OMWNND7keZGSXonOO4QKrErXPzuP2yLCA9MPqfNsFRN6IzOyhyDKcxFK1eoNjoIe+7nWR8FkWBTwcB/P51CqwWj80V7FEyOG41SIlkO5KjiojAsaFb9zYYcLAbMxxVsuhnN9Ap6khPt1XmfecPwfdR4+oSaJnveqhWhUGQnHUQaPwnOb5+ciFaEjzqW/6GGZruM9GJGjWfhZR8vl6eeJ14E/eUoOjVAARtFfJL71ZS1umTiABT/QYPqXrAMN52M1zj6E5I30lvO1Xwtm6srlo1KFCf5tLxxa4NGbE6bH5lm6b5RBdoaRCcq9SZwEO9fz/f4UpZLwLxQvngNik6iDMwpayUxa7A2IBCtK3cXV3Y5k7B2ov9inrT38DrhSG2OGcktnA7S6V2AyK2HBCBRvGxM1L23t7vFqGwzXBp7qZ9kkjuE9Lf1krcb+xXt4KnEFCd5HsHwUpguUyqQ52dbR28XkImDrR5nSfM+m9R/AB3Ng0IbmGaxuhULwRMYlD09aekHlZaFqCQNfo9clT+yr4+Fvsq4ZUVj7bfiRCmPTPkfmbRox0/eHkJ8O7MnhBa6FcQTx+qpJcmybQhcijHwk12rsG42imxAUwS7n7y2mSiEWgaQZIVpwtitGb9YV36IkcVoxufU533Gb+HDFqDJFKVXSBO7n07aGE5ilQJCMEvw11nHLvTFvwiXAfpfzEMPfs8PfFy1mbbZeA7Zrt582eJKIJfAx9AGkCEGnE3dwkoBGXipgpQhGTlUU9AkDaxrsJ8NGLwaP63VVWl85YSZOFNYXak/iJgpSIXP+9IjVaIOpge6UoT2039kX6bkaqCD9RoMPDviL4djN1QRugC8BNuC61BoxuKJtfJRh4NuSXzZk8CC5q1rsLKQSo6ZVaiqqUyfuBzA9p/iZE+4NAEfM9UOvYOUyrPVWhyr1QA/ADz+eT8BpGfXUsGrMsMkh1pv33P6wxaS4uQsHmaPQleDib2uLXuewmhWiBWrH102OkWVdtaBFyIEq6yQZ232/He/ckRZAXxS0hnmSmMXCk15jOJr/CN50RKo0kHSqeyz5DZTp/pb2dwAxf8gO8ZO621A9ilbXHV2OblULPsLNMCqXxTh3awkhIwaM/uJIO5oWH67RaoHcVfB0R4f9Ddf5tVhYWsqzEfA8wIWGfop3JS0THrL1J3N2hqdE39yjxQf05Msm+5kphwlUnOoNNDzpnaLyws6ByhdM6FZOBvD11BG32Y34K9OCUIk8g3AR7XbKCeFQ1mvHiA13UxQOaRxBd+xVzZiV8kFYeJ4tFffB+Quh90yqNxCAgkg3n2auImyA4I5z8SKlkIw0jx+xNmX8WUgMEW+4pfezRzUcxJ/hmgmtPLXkYRI1AhjhUD+bM9FwbCltbwz9eWu5ImX3kR3QPZBhuZnqgRk0t0ACuXyhLSvaa6EM+GALGSBvj0ttzHwBjIi2a2Nq2AE6vuDa6g3XMctfoE+SJskFf1cumG7rZUm37i76+3ML4jSbPJOZAMarHChR4VpNkDnrHb9r4hKowpBO19MKp6AUP+F5z5aPwCxvdgKRp++WJQwSwifmDOKobfwtW+5/gp2TcFf5cjevuQvFIvKZfLBSdJhZKGMQ0vqqChYhdqVKmPKhGCgIHKU6+cg9Y/WeKhOElhaiNEKr5IxuVKWxgVgzxFSi6FmCC+i5p3aDPciytGyaN3smMfQJESMb1BLcPCnV8XXUwWWRTIFKFH/0LqaSf776qL6inzEjq9z8ETPDkTHGANMPGjkS1ELHV/Be4Gp4ZNUSE7b+ana+I7w6Mk3g6jFyoIH4fJtnfLp2y3hrQdwoW086U9T1GyDSha5EAklZgzLE5bG1JgugnSuu7A4X8GkJJG0m208Azu9tdXFdZi4J1YOVjh0dci5lY0TyjWSGuBH09Aocov7LYNgbxLTtfYKUZp84yhVcfjCRj3hwYhCYL4Dv1C68fL+xqY8ggGxlC+9hUzke0oWqMnsWFK1d5i50ilIsKSC+MeNMjSD+HwVyQO/Lm73huTtcrdaBAHRgT2RO/ZSqrsXh6X5NuMJ7shL4fdUYeEyqhxAGcpT/C1fDi2GT0b0bLeXb6SZ5g49RQk6Vm7ndDWtktOJYPRaNp05xWB7H1RCRuiTVz93J7t+TPjojxrrxYy8ByuoA/qoHbmWF9UtmMiJ30WryAKCvrWoXzYITr294sD0rZ5ZxKH5h0siqwymLao9mxRgQz9MVq7N4hYSs0O2Gd29VG93w3cC61YOEN2iuHkqi0tC2cmDk2DA8zezBUgF5NNoZorsl5r7J/F9g3BPPrcpM7M7c+KhJ/r+gvipQbeHvUZ65sdBIlungfEFm6V3QWAAj76ID+U65R2y/lYSxmx4nl/WRBXDd7mOFR8+wZSvfxeH+qFJ2tcdwkK2y3+MrHzLRD4VvAIfCvp292C/WAkD94YA2YmalskRCopZ9VnCGGyi6fVorzd/hWpOTN8upLl2ya+oVdnuwvozCiSP5WIksJERbbOU6iWRoUelORuIX3EY14AYnMzDqJH4RVonvdSNMPiWVPoYbef4YpZLU3gMlgnMrPEFeCiyQVHxsmAhARM5wb6liViJOT/zdJV7NpuLcGveXMzDM3M3qaZmZn99c8+N4oiRTm07dWru6qaEPrpBKZsahz3aX+DsKOAYegsvneyGzBLfEoI6K773oNqm3Q6KWROyTO7ura6XlY6zzjOVsZtQSqrUYy4H15WxOi8rUicbXE/ZmlfO/wGXtr9fM5d/N7ygUTkPIdMQvTuh/Qzkvvyq/xXqcblJrVXtERptW7flh7+mExtfjFT3GvT7UVE21DzzUykAV0FOsdvl0Iv+wEJSssxVjT56x5Z0ljhWR6lwqd3YT0or78qsUv62VHavcEA4Y16BMq0EGq0UsJBX28Idg6mkbgR6WoplnjWlYBQKeJIIfoLlf3RpxCga+71ohjrsfj7g1cNGyha2eSMbuThnG+iyhnOpY1C680xPJQzfPxtUhDhnq4Ej86bC3UbuJC2ANzvEz3RzzjRDwxMn4wR5Z5j0lnmMgLs1U1eCjaBdbLR/9Rj1tzt0faokMKU7iUqYBlSUcSHUTU9CzVo0pHV/FqB0b9p7qXAl64L9ZoIXE5R6gLObrrtAytaboldZR/uET+ez0f6DicXCl5/gy6wRt5vwbTsF4Hjm10+0BVCm8sUIke8gJlZFUI3/l2uWrIpvTPZhtGG1gwigNaQxzZNoeRS2uNdiIy742+1QoafmAZHGJsTGaY8BS72luqXX8OwaV9In6bqNsLv/6UOT3wG9mw0RAbkF3w3XdpwZiKFp8o+oWSDCGyWGqWOtqNwq/p1VNJgBVnF8NdiKWezdbUFIoLLnAqkBCckYsRadT5NXTNlrClj9mtV+3OeYNBtZPH5p8K9nE9xQ96/ew9Tmldf9xAd4WT2V7M3BgvNXmQCX/W0f5zPGtfzci4LUXt31pqfpEs+0GuNNuX0bL3IQYLeL7rqfBl3wdOlcwtO0BjMift+woxs56RcjPYFhdyhHX/V/JXGAMpScC9QXDnw8OEi2L5tjXRiiJ/DWoIKxcy6TQIrLlfmYycFoCE+v6wuhogm9kVXEAAVzjF6+vcVtNP3M2OWyNue8oxbk4BdTiJpfyT+L0/XQOUNY2+iI9XtkldS2KrZN8pnqV1cS7URMyNzlI1f5aCgDbUfriklHxKFmsfR3e/9GTEJjt5rMsatqX6R/Ib3ExIsc7qS7T9enSasaOG2TEEZYH7UyRyspw28KSm1xN71Z4dLc7rWE19JvU9aDnEjtS/laN7sbx1P4PDxPM6zCeMDy535Vz42AwuI+H+bKlueozHsb6JBBpFH7WCRiQf9UneOLK/XYPya6NTOa+T8Nyi+P7uhlPnFfpq+33gFKGWQRglr+O5d+TZma8T59R54pnbBCyX90uL9E7CYmbJByZ8b7KY9UCGSjBXW7fBrO2M3JbSYrTwFGcEGsHmE42pklOqqoJzouGBld0K2XB1KbGQ8tytn154xYq/2YeUN+FUxElcAod9K42nHvsMT7ZEp1FyQQH9+wZTJHK1PwV1TCCjIKK2rM9wTmWV4kzilXCx6Hl7P1feXdog1q8kSYaHGCSPrWB9keyiTuBOdurTqOFNVI1FOjGjNsdLFkqtzAQjX5htV9pX6CVKIOisHpaIr9a5bncEWkfw3Swi6sGgLBlvBSRxz9OgwMYKiSrjw/3JIQRyPDYK+/t/fED1CAWOXaI9hK3yqBN6xUICNWcQqZKVbhVUVM7J+9AnIWrLCwwC7Jmug2OxT3PlFTh/YpsM8J9dPfiYmLPubj7joWt62swKWW2nWTGxwMM/PzElSJKP0lGz93ROaUhFu02W+f55agyERjBatm76bYBeyMxkwRYS/9Mt2r78RKvbAPZo3MH4eOktFmVBjXUuRvXKszGZa+7e+DAEJbl7aVPpH5r8UDM3L9QQV74Sd7xF63r2SwsNp/S0fNlDZn38I5lmrmlYbJbwj9xukiukOJMDa2Xs7fppmUnVucnZW4Ts5n1dy6MqPEZqdVU2kmK55Tt0R44e/QOaS4dZyhG/PX2cfnxXAdf2XHiMFck4zjKPL5kNqR+zM1pboIATc5Ll90Mq8jbFP7rTofgwHJCFz9QVjsapHETWgZnQ3Vjt4By1UFt+leFavPF5YjnQxO5x4vUy8ZP9N9AeFc6FzDXRfVJ78++v7tLjav/8cx2/O43L1mRaEmBrn1OgCtfRdOCzQ1W9J1+NrkY2lt9xuHR78NLr2D8psbUAoKM/9oU0WcKbi7H6hCTuMAvXs7Q/hwL05KgKFGZ07TnKZDNZHanvkoYkDUtnNNPbjr7FNx+dkc2mhw9v4EL+NQuFajwXKDAx9Xcxg6jQFIrxAcgz69RdQ9RGG8PYGeqeuUJ9vJ7uJQLoOLxq9xJnIzad8ORp37RWiUfJ1mRdeqnGEzsX5qyjaoU90AMyIb8/v6iAVvc7ykdUL2BCojsNw1PztpUgrPEEPnoePoyGO45NR/zZ4H20RoKpmwDCsg6Raa3P706Fi8WcHH+0HowogU887u2yjswiu+/FFsF6IzHXH5loLa9yZZKQ1N5mccLJi3ZTa8rctOFPsIjf7nFY7+3LFvlB5VDkSCuSmc/TICtQ7Rprroxy4B3eOPxlMFLHKIrd+ODwjL9J9AFN+wMIhH0vbAizqK4Jw9yq+bO9rIDvWaiYse+bB8fPHgmIc1jSGjPoom4OSCjaQUWfj2QpiJzhTRzNuEgUN4MwW8Fbg69BncLHrMg5XVaSsWgtAeYeRuFi6A6vfeQVlenDIJKRZyoAdgQPS01zZ5PcxtvSzKu/KtgPqiBul+0fye02lVynouZskvrd+mzRiJv7zNbERX1DX4deYGfmKKk2RmJd3Eq+RmGpNe8bf1qfIG6vu6xBa71RM8jkdD7pylLsrJUOL83TenojjzUDPfZYtKCU8oYb/RFEr84lrWk9o1VnuCoQU7uU7Mi2Uc6qHauDWLFkhbNLyhFOSbzFX5rympMXAzlkpx22wCHEvL39Ud3UYsGalF0NkTsBpCJLkHyY8FEIu6SJhexZkpihEBeT97tD0XNai/CK1Joh2PPKvjnsf01NeWXZhIdNcJZGqk037EsgQRuR1sqpUL9Mvnr+f1OFn2UvcfusCNzhmbHueT3mWS/vQO/sEWcoJDMAJaeOaSZzkwtGvK0OtL65tATa85IxWfmh7bn8zrAzK0CT7q80iFpdBtwARqxP4/JVAVHpCzKtKzp/E2ACopwa/qpqTJoZ0+onLTWcHYHDXbxK+s6OeflH2heXLlCwyWzv2lvOl0WYUsj1v5HMkJV7a8zme8fiUW3z+tBSkzHZIDHjkMPZ9Xj545gIuXdMfk3K1o8dVeJCx46lx+EhbXf3K+7wXcZDzrC+ABuB6qGar7ej3L5/qDo9DO/x9qnrFszN2CYSrZk9grrc39vwWv0fSO344TzkbAd1ubCWJMIZ72BNvRdSyEcDnTusbGjvBvnf6sPaIk/i4tRV/f+/AU/4VMfVDADPfTjI+AB7a0YS0FBV7zJxM9NONCEFV9BonvMafh0TPYyUbpx3Xl2qmx1uwJD0/bQ47OU9b28tZJDYPR0MWOHgHjGrYTZomIz3PWjt6LgIF7OhzniFiIyGT870b3mKzVSlvdpr8kQAmMSLpeeE85ioQKhfWHAPc5C+wiY7Hp8bB9O99BMSp3N94Ozrkx4463GuX0wis3xcGgV0DXZm/dOJenCuYaNXvd9fUBNOofnonxXb1deMyqspd77G8L2kSh1SKkNVTPNmHMVSzC+AiDhEfd6cz0wJMjlYs0lgX9tmACWuT4tIWMMbJlXbaK443bFp+C5ZoGOWp/SHXkQWSygyq4H1aUQh1b+z6WGVLUiGm/GTrA3jqAGtXFHBcmLlxp/3uh1GGj0dAbgDwNA1jCQn0IMSdAmJBrLgJLvspoX9b4aFfXSvLbb4cBEiussKOgf30KN3PUo8+xU+a223xT80WH+gmCAIlMVweJVhywdoRJCtiAaXZzgqulEveH/6MVB/tOtEI9dje0IuSP/724Avxk3/ucnbTHVMMhGWDKpDjCrz0m3sEvcF6Gc/AQXSp+uvzyDVa9BPB/YW45tE3LUX2iQSO/xIe8qsdboFSaJFFjblvb0VPdRg77UNukP4ACFl5wLUPq0Rs1OUFNaUVlcVpxU2v2b5W0mwuUwZyuOuGf4XDrahXRi3DUECK0agCgngeVZdkD/yvAoKETVDVEqEay0DE0ZgczeFQAdA1VQrK7+gHQAJvwZPC3mm/8U+EwWAC6q3XUR/wo+/QQicxXo+LR5mUXoMjBdDLo6PbmZmu4IcG/nUdFK2yjzQpm1+fbUvOLZaIyNJXLBwz/iTQdsDAVGfDkD0j+VynaNliBXx9Ui1rnwWZt3wssVSYgN/yGEXzdP5TZyP0+pv1oMT3NR61MJRk8suVji/JdRBvw/oAF3C/EYHjGTOXb6TBluZq+hOCDN9kdDg805XekRetpTj4vRDN/+FJjCb4XSi6uWSHE5JFKKPci30+N3XFGxBhosAjfbhQUJCkO6NC18pbuUFg9Mhnv/szrb+FPYOpcVShUGhohuw/yRI2aoTwrEbK4esTeyByJDU+FPShbIWZwfXDrQUoJNOsxA944+EIZ6vyJ4F/usgYrIU2BEvgcamL8pO6Mq4okgwpgYrnesN1fTMBeJbwJu/iAT7QSBXYhd6SlMtacqOjta4+qrBTM2JpYzq5P9IcZjml8C8pvkEYrrqMg4pIHE7pXtSfn1Lg58kOsagKW+TsFgG97uVzGjw3gpTEnNbIMXXwafHfUh8z+J7zdTBGWwzQ9NN+k8hq4rVGheDKNi1OI4bqO5tEH1JQ/mm8mMeMKVzeJxQpSXnyIu1ESuHIE1tKu4lfT2bm/zAZ87twrfHtHTS9tZlXhPYUahWT4QaoEft6x5Nw5BswOVsx+qtuQartaUjV1wQ0/WvotVakL2y16jlpZJnhxVSOxw2nKApR0noOnahsb0fxwP9e0GJd7y/MlzVk9sJRcEdrN4TOr/CqM4MbdXj7oeRHie5B/SRksriS4fXVHYdTdwf7ApkSR8B/pCODSRy345VKfpx6Q03sfcyhwFxVqIxjwFXb62zFOt+nc+mft8a9jhcUbUezStwGSmkfRtLakovhw/3OrXtyKRTOjVgG4BLlZ5yv0hUhRpP7ZxSztKWPyOhmFdamkn9sQ/rRGFd+8ThDrO8zs6nN1cxPUriWIATzm00eFYHGXjB4HZ9vB6Tan60XvdDUfKrfuIlIVa1rw/YuW2LccXDT5RDvkK2KENy95GVsgQdyIe+QzPFvKR/v1gexa2bQS5cRUktktd2aOoIqcjxa+nYkET/DQbmXxH5amO+qkpCqefOGLVsyxJ2EGahD4Z2uaJW6Ia9Wu2c7og4TvwjxDOhGTbmQDG9oxQ3FgFvE2dgWypIcu4oiNUXZQgORtX6W25FQvu3891zwFoG6AvpaOlGb1MhUv1xXWBwjvM6Xl2+PBcxTs9PCbRRDizZFgJUp3+PY+EdjijUlp2sI1BxUihdGuZKrWs2Jjh84q6LoRF5C5s/sAH4ZOrqLiZECT/5ZgBolwteOZlD55p0eKtu5O7HpgiEK9xRltVPNXNphXkSnK5xuGmMW/J5/Hxkp/T8dPvzNWpW8fCNc+ap1kdasfWidoUaIvnuqDBsck38KzOsPviT9zdXxA1wa03ytUUONd/P+lAJmm0b2ZSq4xOG1ZSqc4LfJ/fEdA8T4QVcUZvynI+2SXrGICXu/FQD/VpLtBOR/j4q89EH5wsyK51CtHUBJAZ9hNnV5tn9rui5oEeLHILh0kROPlIYt+3Gpbh+CG4CHs4IbnMEZOPNPolFsdde7WZDcMj0X6IEDn6KDm6vAe6KfKUllH6IB0jlTVOv+tjfQNMnFYsm/ovQbXV+J6o1UB/+GBcFhCgtpBgK2RcH/fC998sIS1B9NlrVQtrMoLtDoRz7n+1g5c1yGWKn7+te9A1XRstUz1fDxuukPciefS3+e5cChmLtf3vtFAsR3fjN20NEyMhzNaVRg7lNZ4VE7/+UJ0RpgeX5C0tnvJWPwoMmyR4wOoaEOJwE0ZXpCBApRkUBPtPP5XEQ7pguJQX99WnPwPbNobsgJPNGx6VbIZy/W/t/Xzi9pgeHzVMQDJyQgLOytrd/SyovRLWsf76bfQRyRGfgFPlMXfyp8Fubkfi9oegFh8emY0yWsNa3fh/PUHh8azvIjKO3QYmyUS/mmo8bNd0U2wb8xrHm+feCF7vxJHutc6xMA+17K1UJVBfeSVmhxajIYvGthLODpdd0hvl3tS4BVOAMEeGKQpnMPD43WIVsy2AUQ8VvqILFfCMeINN3udZnwxVNODE5KgqBaVKtgQmHc0fYtrCR259eYQ8J7G251EsEAmClZqh+JuwGUO6jaDobJlg48xoy5ifVVJVBg9iVothnjWaWpMJ+IG9CqbRcQfp2ILbITfU+1N4ZYRxf5MlDceJoHxp6vF/uD2wETZoqbk846CfsYl3mWF9Bvekiy+VELIdqygU+lTIQ6T40+OWjnD8Wkzccr5aUE63wCzFeN+/nugQkfH+u7UZKuqyD6EFSOICfSB6BeHgmWpl6jqFDvXDzTkGLFVGJh8OVG4Z2vw/lUPMzVp8mqyw/ida5R0jzADgCIF2+xWpQV72wrCZo1evAm8Mbs6R4L1wtyzs9mEi5K/Mu99h+WxkJ08mVWUOgmEL7XjMgy5ppt12CfCn9Rps+oqScihsnGJz9GfynZA63hMM2fzyqDCaE8jUzYbqcM7o0W5G0evf2X258d1eur+NRiMxC83c8zM6HJIdT2X9dHnMasD2Z68oxuZw5GM1XRExYUOqEolYaxiK6cfF33l7Rb6mik9Y3QnBq5j8lPZEWvsDi14mPC71GLCo50hPRJCbQ6CSFz/a0m3LX5eoNErjfzQuyF9/sPl8yNKZpXaajQWne/cf8163vVmp83CjgoTwRCmfevPDrNNn4/Do/scmW/fD7dbgFrJYhdQ8Bf+7+LbTnYnP38clBpRoKQgEr1WZWsWzqn+lwutZm4Ch7k6Wwd35uIuFdmuvPt2tz6zDiNo0JaxXcWT4Vq6BB/qxnvqckGSqSi1NGJhC0928Wn18jUaARSCMf4F/HhRIX8duKgaixcRrqXGY56sZ99MVEl9wsaPWSJsTge6rSHp/ktVEv0+pbvQEUFPT9zBreDxnyURcr2+U16Anbhe4cvLHBda/O94MO4EQHaf8UyeIoTCWMjhYfQ5/WkH8AxbuBbHPhBsYuZlAREWtovxSg9eLlUtcihqynOu0aBkso/ZuGxwi6XfrLqAF50Odt2HZLG/h1Igr/XY31f53oy9jbDlG4Kkq0c7XpY7W5pXEhTuiwoxQxQm6pk7PXQ6V4Fd1E5TywBPlt82ZVlXAcdu15QzkZg0mbadjDzvyFOx1dxL381O9iy0xsqizWS0ltKI98wgRjdrJYzVGfa7C4zDKKpTpsSgvj12nbQAkIO/uiEn/JS9LVNm2STWq2P9Rh8Q88xjeZT69OrCH18M0Fd35R/vP7nOUzpnErRcn6yF71Wjqx3lU3nVaCst4lTbobfhEOn73D5JYH7SuJmy0M43IqQpMv0ZmAyM3DXgIVITSrgwK4YpJ+a8kVnXkNwfvLvTzLj9WV/EOSHIUhgSc2HE/aYBr/5KRsWizUhBz75Es0zi1JcPlTj7KiZ87T3B5HzdumuXbfQcZCJtrpEo0uONm5bjlUwjNXARUwvlGn8hYHzrTCjH1c5Kah+XpExiyQxnV1d6CjK+3JGooQ9Ok2E7744tLgf0IFHxw2H5GEeTNH9hYqDlR2Wv0zjRClKBUctVKO6xJFy2u9B/2Z78W7pw8/G41kPeOJa20NOt1LHb2yYPulLGF86oMRxAOE+JetxtfJLLq/1HJlQZz6fYnwpG77fePrZ8e/TsnAgf6F2kfinkos/6yfZth/4ig3Uz47bo+sOrJOufltABn1CBDnT0Y+Z6r7mVfqZ9i+7McExczsZIfvF5gPu8qksfAeV93Vu5NOG+frH+FKCQjua4Rh3Epx0G/qalbq75vUpszkzjh8pugth3iV0v8G+z9qftDl1tw22n2wPvn90NxfYShUf+WmajvLVaPXzvqWzdMdB95rjwa1WcsEVCa/P/WZQ/sfPs1Pzn1F22JdceaYlGImlm8tKr05tXTCJ9/j+x3KO5G6W2mpZ6DP9l2qhejIRH+NJ05UfFyvZqKTcSOi/URM1r73GTmmfBjexy8ATcmj9zPd6g9TJI6IKLrWAscl5vTaqWQrkYi98+QywaOy9IAEw6GAeG3mzdw12+bJp4mcd1mbAzTBIPyCLldZf/QONfHZzzNmRJbth8Pz8/Ros56YsUCH2R//ajk1dait+wx6j8zhhH6s300PTjfzQyDsAkn93jjqXMwmxqWys3Ap0rRSrMBzwXLSs8PUc/nEt8uUwDM3I3JXQuPhRT0mCiAOl2nJoEr3VIRaBaUjVIYRZOFykKTn9oorxsIEI3tbf/oPa0NiRsxOF4RVf+2ZOxpRcd/od0Z+42kR3375kUwfUp3aAbzEdl1cDrbliu0T1ApNO0AXeARfHPqiVZwWHzzQK0GsKR8tnasj752gbeeLVbnNEqtorxz3ZiI/0ME1+FlfSKar+JR7J7nbuH8+EnSiFK7WsGIfBWLQeyurgS/waTsWGX0meb2QkJoKParx8yV1YcoNxxMXBZzNJZiWV6pjYvWLOVEGZqHb2AvXE+ggzHltbvHjDBISjxKe59Ifyt8bmE85I2+5AWUbV8rKTzwnOWIQ0u/NBqsPnC0flfqm9fgK/tzA3QkycD2sEw5xIkC5MQ9G0XoeS373+AlspivkaK2z6xUucO3276KV9zx9X3Oc+YNqQ/d4+0/4CiqTLiyB4FWmklPubsXdm6h8NH47zSo/gTyaHJ8z2DbIX0JAx2uorLen9+AHB5SuLgAWBbZwx3V7+SIWGlG+dDFPCZioC9+1PR1kMbRdkVa8pboMRbc9EpSdTAu9hj0ZQPa/VKPsvM1OkMMI0Ab1Y/lW2KoMd52kOXGzRO3S31Wf1mtf27HvZcwLL0E/WQ8l78wro/QQmS/YUI4KicX/vlMkztKjBZQtbQQjLMqCeyUJJZqyqBpVtpx/Kcf4OIrQkXQkpoXx2pOWV1RMOfJRHNEOPndf1uTcLy1ktQBTo/LeUvSHFgMzF4JcN3JVZDMTgF9MRh55SS4O1sXRP9H0ylbly4OVdx6XxDkDRHcNgxniCMdSLCHcYPq7U7b215JKpFn5T80I6nyEfX3ZxvQx8R31N4DY1EbUD2/s8g3ent4SuodWQi0423NMJABc77C6egCqZ1bgeBW4aaqxMsaEj0cleIXzJkRg1NayZ2phwt9JdDADMcxNZ5aT75pSElNY0u4CWOOcMLlKwEa9tGrO/QEKfE8LjsCoB88vV7eU9958QvjRBqedCsOUzccKIzpYXfADrexTdqhhziDgpQ3UXSN4xD3xq4OPe/Et0amEM991HJd9KCfx2qp9KkCFzAjYdAldUs/H9V9SRL7xr3nO3sA/6ca6/0jyzmlLdCSkpxBtMR4+jqEQxnjBuwv4KYTCWYo9yb2c1MG9frY/cu8xag9jxaVs23hYNT5EzMNZ8TWS9nPX9LpQngk4B5eiLCzBfB+EQ2zOy++FMJAzncCPsPjVSzqrr4GlYlSnrwqTKr2Fr/A+sMNOUnKtRrHcM/YjHWZWHFoKLiFSwTwZ6gCEaQNBvwMQH9QoZziCYrbfgg1ONAOgp+RfpGRJVF42YjhWNrekHms9rzxB2UTCCqepAQKOTOkhgqnXXi4OYfI7IIvQlDHofARnKRetWXUTeo/2XeW5vdCFVHVSWGqsmFEZWlMlZFzDZ0llOGGSBwKMizNVocrsH58zdtWFlvmueWaf5Nqz6WhYAw9hNNpoArBf/4X7WwYBcfYAoTstAzFMC5mFsGB/3fL/riFFrjCvhrMSO6gVpLlryamFTWq7ih657jFNZa1Bc6qi83idRlv3gjYZWA6olVauA37QZ4euXG0dJBdjQKIEXWuZTTUSAbylH4/Uy9RjRHD+ZJNig4uZixjF+nAROgGjlXIkR6y6LQ6+/KG28mC58xCf7K4X8LioY5HmWRec8AB5snyAOSVbzKyXZ+92RZVggwhA2WAY3LjNZde8QBPmGHYVy1VGVh/RplT3pWeF/VQpgThopzGZ//jlIORTBprrWe4IA5dJbZ/+HeLuHzBPdf3N74zqqTQdkyQQ187Bdw1UPDyEd6VJM0WNCWzQctXUlNZJTz2/HMy36a36tQ+0oodW3X2lQU3YUg+I5D0uEzLr66tiqnsnLNe5SmZBn37dSkobclxixoZypG2ZR/XYvguyw9k+rZLD6IdC+OmGsZKuGTNdDvGZd/PQSQ1UgZmzpEugcmmIruHsWFL4darPF32TPglppUviBnTDu+ydHPTyCZC4/fPRIIptNf/xSCIivf1L00SK3BY9pRkKnU0MNuhvr9KsuEt8dCvBP3tNYQScpzt5hF5npPTsAKN7S9qs5nwj+S6ukrIZ/uoP7Pg3QKst2+PnR5wt8rBRmyhg3fM5pLCvCYTinVtDDyq/h9lfUI5HGFY7AFoaflR5s79+Sf4hGvHZ2Q5U8JLOX8cxM4Hwof4BZVNdMs4Bs8US7WwNhYdSY2coqvHjUzIjVztLjbGbaF8EwCido3sI9Y08ROVLxy7r9lmqw5t0v2mATEJl7nWtrMaYsOqCxPQagN1X0I+gbEWql4loUQgm5ji0oizRMvkgd+RINv7NhHMeqqF/qNHSPWUAOK1WkOkaDUZfwzA96skK0x/7VzudFlrUCnClCzL/qoKZUID4B8nOdWXI0oVB4K6rwJzKXTCV+j7kdZSPmENmBUeP9EmHSFS/fRO1Xaq7vpmwM883paRUrGQyFzoYCi9Vjlihx/2YQrKff0s/RDlsjMW5oeQbQCtdinMrERYk9zPXUeupNSUmkEq5O+/J/1UL7UQlZUUk5kaUVfpqZ/8b0orwQwYuzE2fAlR6iqjU5e6VAoLQkcyfUguEd2aSyoBO4YzIQm+ThEpFIuuCJhkePjylMiaUr6/fXMMBxlRKlFzfdQMTIo7555mKcLVJ+8zfqkBZ0STaUCL34KjBQjtKtFqlyWlanBtNEGDY9ztoTKtxYLhF0wkIYmt6Omv6Zeqjh1yheP31UcaAxsXt+OQSkzaUHy0jGrjC//ySBDS7BFyRvrqggaA1OC/VpwYcy6xpPkPbW/Zkk1Ch22cTYVRXZepU/n9MNs0/amPzU612n0AphaY05J+2w8VkElJ/4Kd5q9bvKVeV2yayYaTzzXYug1R7HKyhIEj/FgERJMgsSG305WAmUsGlu1Aekl5l67QyZvB6BD0YGXCtnlBGwtr5Xo4c7qc42MuFHbTSLmDzQ0IZrwVDdGx6/4bIDtbaR/ozeN6Ut25wRy+oHV2UyMkcic/GXbQAv4EDhNDzOUMiX98ABbQSJkGdSkua7Ebo5pwlhueC8F3P6o2VKN22K2B+EpqHjhLYV9kldako/6PyyWtEEUI9GD5g4EtsoFyCg5fRFH+L0z83KGE7AJF/nRy6dzuTNoZo9tLrgN6uevsSHt2DBlHNLMlLGRFWzazlSLs5zf+Wg3f5aOJJRMxYuwu/FZK5qMq/lJcoI9uDy3oz8E3WQ9wIJMQTFeIjstH1TCI8yOA9GjniE18G4PqvdFXXWLw4cVcjiP+DB84gKdjoDb5I+JWSFiDoVd/0i3+KirbthvRjDQTxUHZVxhSLv0xmTDyBemRz/SJFNXBOukueFlswLHweWqhsNuBRFbA2g4eX5XIR6w5wykjHiQKb4REm4UM3FnrKm4bGEtbC//Jf3b5BFyi3H4PidvGVrADbesdINjPfIiL6uMv1FXs00kg+6/hhGdjcEqIiAWfgG3wSvU1rhDrPJxzIe5+cBFgEmDBsIfO67To0hpzz617SXULfCzTVAN1+J10u/Xegvr0tX7vyLEw8CdzPHqN+FkenjIsBI0owEjro4Q4kfn2JDWEwVdlRq+KI6y3sx/1UpNmHmbKnTRZQ/7pyEtY9ERg3opdsCP0e1mrAQE7WHGbiy/gvs4Is76cqRz34969mVPifzQfNv9pq8YS8zzzGbeP9JlKQ/nQ10ofoX28Yu9D+a/I3wIbc+QVwOhh9Hv7/vSq3F0X7Up0cwRCK3GZLCxW8mdGX5LlYWkDYElPHnzKRXnyLUbfEur4P0qrLybrQVrRn/+mq3a7+22D0Z6ZcU1h8Klt6gNtUsgNb0aizheaDrQzsWXyIa9VflgvorQQ3Tfq1qLpOSfBT8bMUqFQniE3fw+BjybcTo1OwUtM182SJk1rAnx1Fi+94hA1qkXP3qju+jqz52yR9Yxg5HQAckkczvBUl/ZaicJlwKh+nMQNOctzn7nm5t7SKFvy9WhMi3ShfVWgp7D5HKMnE10LR3xW842OtVHuj9PkaCYLnchFxKrAT3DPmr8FGnxYMHXCycu3+/1H336GsGpgsKsm9CAkT76CKx8UkJ0tHzuPsXF2amYBLsrYLU6/evpm3E3TfCr6YpbfIfuxQ8LtnhlabYIJbjtYohzSFC9HsdiBgxT3yWAonJNMiLuwxUmC0yAf23g2ftVGUagLmT0Tkwrfc1TWT+GqkqhQgWhAIpoOkADcuXDyfNSb0OOyYrTmTMLP+Mi3kZb1XWkW6ax0IMJMjybfNZlow3XDq35xC4udf8ZZBRbN7mzuFRHAGEe/2oId3U9tFMsgRXVxcpKEfuMX+s4giC//tv6gwf4WIDu5iE/V4Arw0XhBh+QSMSQ0+lRnzxXNlJa04E2hPt5OPdo4OWLl1Xk/I6+hcCW9cLTp/pl1FB+dX9NGlhPe68RH/zmlfzci/ghEbeRggR/4jl3woGK6/g46XznncpUYLK5mUdqofZENnmTGPEUKVHCQIKgy5B22OtB/j9uk//R5IrNwmRfvprs8vXd+nXl+iMukRFpKCf9ZvR65yX4vW3uNDEWt33F/nZw5xHGfzeONe4gJ5VBKUnOuww4oU6ve5T/zEmXcLGXZGyv0ExgSPLJay7gKOmQLC/wN49iUfEjVmjoD3tka+N/RzVfQz4aMlbAAbTf9N8ePc92JgIYzeDftgUhU32zOnGbQy4dBfTLvN7ggJFKcDWZ14lpPhTBMMQqRg4gYfw94zJeImfNnm3xNcV/R3VfvY1VoMmHjzt7BdFHuy0mvHE9PXPKBYa7lTm2Gj/fa88tGvhMjJnaaWP9AmWD6vBNsRGA1hSin4oWVLE3ENvvNjt5V1/pZU0ZnIWc/5tk6uXEMMCm6bADVzVsf3pmHsbQqPJXFXZT897NXiZGiHkroWQK8fjMt5hGbf+tkMtif0wBxfvX/7C1GiUrRZ1Ll4gDk9L/asAdSdnLoOumEsWhy7pZs6DaMBlJNrP+5YAjb0PyyLM48vxo2/RTCpM3XpWaE3fbXm/A3osBJmuaYJDU1SI9asmRWFJzKmqydGVuOMHRZF7rTH8hGgOvmO5175tDfSJFt8OnoPcqfU4vkqywflQEGgaeqfZVkcPsaOf7Qu9ZlIdhue2zxtw5+88SOineCRlJIQosQ20+1BJahu6wPgMqdelD+ShUlObX+wcGU3lKlsuRQacu2qiPVQElERyYUaGEtEpk7/CK9DPPUVvODrw/ybOPmatHazUrqj0sqRPHTtMM73s3f1L/0xLBzA8OFMI1TM/5yWZfiG+QBcQWH02itpif977m82Kg5LEcKEiMEIgPzMyOL9Be4on/AXMUUq6r8cF5cInzCaTcJXQfz9o7T9sge53xFBUI9kN1nqDrE8Ic4fMnWZ9yIg2XFOUJmKd0DWYdLdreqSUlgIW9MjqZ33U+G9wokBCgxp8tSZ4goXuzpIfv3qJwAMem8ZUrAI6PyM2bDpUx83QOb10Bwdi3rsRFHGhSp62Mby9k+p2fVfLRW4jQrNdpqwonmZT0YIg/VqsMxCL1M9hA0gPmO0CqbaKDm0oxd9Xce6lo0Pwi885TVzwG2OQk4nxwa2ir9E0Eb39XHSUyFlqRzs3rzc6wTuds7ZQOHv+aSMK9mpqjLRuEusaM08uOhNmRW3vYqXGElCdDROD0FEbEVrDKpb1RgVhKWPWMDRXcnjHCrwHGAYlXukJxlgHMjIXwC/G+Ogy3Ttp56nd7JJasUdddP/XcCANF0L3PpiaX8fUtxCrMA02aIHdG2FVjxmYrqjeBeBVklNpAVrdgsFr/ks/GE/JgUOIxKtGaAoJ6iwsh6ldiRLcSvDdtr+0AAhy0eN7aYpYWzEgWA/L6AyM/Pv5T+Uo9ocIMFzF4H48iPXFOSHvGyW37KdBQuYgWvM3B7O+ohdtpNK1JO+9YoH9s4KB8dSMzpGZ+i5dhYxdqLHp64iBGjsjdvebP79G74XJMgA5BWVKeizyHSif3eFFMenQIlypPFMYz7GqYjQO7zXdS+N54UVr+HFcfjUeCibpLx/YjAiJL+GLEyXNeLGBoNgAJWla5BvQFVdpFvPfpKpPPqF3o18q9IOtDll8gwUAsF0MMyUriw+qkMpAQrBCo5RnhAjPR6ucr8dBC/0AaPdUY/vs+bGSlDgLksdIuzVeOSTCIEDzERvMb8LMwQY5xmt/zRfKi/Ps+pCjin1xxPnIql8pBcRZI+YmR2UYzIrvX/saTSdjfrmMilJKUNyeZaUmVHk5FMKfbFmY0RLT+LRX9AetTo6d0JogN12f4N+Xzd/VjuKBT7aQ1UFfnR19Im53bDlY2Zl52K2xXzrFEoJP1okKb6Qhl1CqQdBL/GSEyjFo5LqYE8zw2cDOrMGTyM4uVc5MEyQmyevj94k1jGBrSmOiChaKkdHVX6LpO2Tmx1FsZfYv2nPsoF+RCU0xLuHYlZk8DRYU1v0ejoYkfaNTI5KjRt9EPuqjgw7ovethuY6mCcIp8cNPrx8alQbxiSu6Ry/5fad3ivcwz1+yeBKeyUbx6P10tBcWbcP0xi9mpEm0184LtsNPj2PAo4yIk+NlF5yCEcTcyBdwRZsn8vP+pOzoOpehQcRtvkzbu9SI91XXEU9rnD4vmQNq3G4QEM29miiL9wNzEvX/6ykJS4gCQ6NpTfSEbErL2L27vq9xJMorGypkxc44Ex0Y3eVsvBvUVRau1fxEpLnhvw+ELXryTYKiMfEQkC4RAR7Q8spGFlpWClJ5RiGfQmmC0OvLI1VfyRa2fSAqodrMx7K1Dv0Wt4YS6+A4gm/YAg7XB8nl3iI67aok68UlJdtKXSZ7v2mMvQvlc8IdlKjfH+bq7gHRU++D4I1WuX6rzZJbg1aTPUEyYofDYnA699AdPfAPNFq+ofN65Rf+X1K2SjcX+aqkZmOXkyvb/Qxyxq+sivaldfsNL57LX87XMPlkP/iZjhC0UhnH4X9r1l4vn1fbR1c+KeXrMUSuD3V6NibaebBIfr+8bveHpUXKFs0+eWIfLXC20MTUuY7/3faiWlXjRthyfild+nenMeJ1Ju8NnzL3h+wZK5uTCdmvg/CtxlGbnPEoa81Req0whGoAVLPPylkRvV7kfQ65iLW5+foJ9PbCFHeIhhLl3coCPi+MepI6t9fRhWlEgZCEX3Vp9fHJ5YTmGYp7ufWBS7xhqPs9e7oPRfDcB6JbOhaZMRm9Z2rzgsHxYhTeUCnnBDIV2+NrEzkGwRXFdlhzWcl9GcC57v7qx+79s3wNCSyyDxDEJRt+Q6Ym1btPa+XIWC4U3F3IDyjOFRlpu2E6mo0jyFwefiI+nGJQqWZXi68U5Xg4LXDkJVi1tPB4C01txSO4b9glQaSZAMFe8tUu1NCLab6qDTDF73vDw+lzOY6Hu4mDCUAa2804WjZV+ybwpFtbpoCrszTOkAB4LRU2lEIsW9S2+INHmaRGAVrxa0v/fo5G6rUmhzts/BcBcr854tywV5uut5pjK5r8HjthGnKCACzLd04LFHV2kcA4tN3nLPBxuvF8+G6LM4MNyymclxI568KTckx0tWm9VS5WxnlPVlDRFSelvsqp82CbYDG6MP/uAChMle4Eol5IDVMtW9m8lva9t09Cdg4X/po06E/XzCP2WZZjmEU7FKojyuDeEWSme1beRu3nEdiunsLMo15cTu2YzqbFe5wV7+xU4KVb6ZcyxVj9mJa8j4D0BpnIKfWFJqkGZGfQc7MWI2oy3oeb8Ib8cU0vQS72PhhW4EzNxPHjBAHAf/XR0VCkLgXXLMu9sIvspVK/Ifuo84PSE2Q1tzx+iJ0EcIpir9QY2EisCYc2YspnyvbznJuWACuFl5H1++op0wkyVCvgUHEy+PcamX5wrjqb39xjSaO8gWSGC8xcYEGs0J7fcs3+ZK6B6AvR4SXIEzBMHLuxdbBHxsfwtxHXMZbj5uhK+KLSp4iwBvXNvKKpBczfgKaYLVH8EbcW7iTb4Vf9YDNjVSePxyuAoG8HVmC3GhCNu2LOnpvb527aJrPBBT930z7bbYhYxndCEEqP2OZlbvx+9H6/Ji18hlWLGWdiBY6vF3VRwgLkIf35Pp5nBavQ5Af/awTy/9zwB+0H0keCTCYfDKsKnVGiodes5ntDmV9wVOMHQr1mNcjxY5HIiARpA11yIeU3FCsgQtUDa6r50o2SffzIacZtU9rqlUSVu8kax+k2sWGa4QSlQF3TSzNrr3XVrKUxvnI5jtf4lEfEVvSonMBTxE2wjRa1/7wuO1z9h3WYyKPPHJOLpntMxTn80LWHgBc9PSjM4Kud+Bs8gf811xj+ajMxDFKUdbjqcj8YzmHZV2lF9yPk684I7bqCZHgm0O3kjIZkwQxf8Gq1ZBv0wji+BffWSJ/22no/cidKR2xF/wD9g2bCNbXUSERN6PvbzKmp9uRpvM6bXwYeOPvd4pzDyLCiKdbyT2ltxsBRolQ2LvUzNukwOg19YMTsdRGY8Yf+FoYr/nYL3Yb3NLraC7fTWUikGtXmnwGqN9YA+Wmlxy0+3Y4nOvIYhhB17ke+o3CCoGROkjmO27DRgP6U8O3iFBLLlI9zwfbLM3w6rS0k115vrG06FT5YTcWHcpUqwr9A5+tK5n8hNKSzf6JcHvBq0GifAcSMEB3zTP3N8Kc/V/K9xMbPSRxIHgF3ih+YRKWAYF9QW3X9+034AuBT0GwRrhfj5lriaqEd4R8TK309O6TgRWOhavlzo9Cay+xjygvg8K7qmjtRJ1l1I0G7WZu1iKz6l182s9eVdydjbDl+EXO8Zn0QxRSR9SxsdrWgFoHQU2oWTYNVCgstMS55kH1SlKgGi0MAsF8uG/9qe2qlWSE3swwu/vw60R6t+pHgH3nF8fMpJnT9LLjtEDNl+da+8soLeGjC6710Flouy6mby4xhO+h1uE+Niy2LQtYLijVDAiy2t0j/8+3zsxyucD1DMkg0DzvZxQYxMxHhzpqplnustjPMGkpOU27XjdOlrTY27IqjGwbUsVZ/5XW1IFINqIak6AEvNTVUkFUibKU0CGO1uLvAeMeLR0Li73O/AIfEBH7t+QMq21TT/y7Ei1YFtIE+znGJplN4uFS1pxwmibb8xH5ZBPRb9pf8Mqwz4UQGC1k7we/V1LvznEL7CZMxBoEZyKHnuUz1HyEt4OxCsVh2vSbiND1AUt3lMPsFLgJlKd/PHKyQjreFT47M4vY9OsV3+GggVbcNSp+i5gBfqoheNgDU97RS6fdkAoFbO1ElHXlTh/CTNiMTHYuw+og1tAydG2YFSXT2TniQwV9flYNEVboJ9X/EDY4/F8jUEtuIt5JqxGYv3G9CO85p/I7pOLjqo/u52Lv+ceyi9hsHdBLJMuYQW9P2KXn8hEB1/gJr3bMUW4hTOFl/aUeyjvPbwl+KsKdwCleN1A9w/8L3jDUqpHVDZYWj71scpFCcxaiktiLJP504IxKRwHIoPt6P8prxWP0tcDR9AJ/NnFTz5brWEDBdILBuTy7mx0v4jzu5R3FiHv9opq+gMYjlJfFris6+EfQ4CzFUdBUOBD4fXeiTUJabs/xiyOcKmPxPXVHTycrXkIoigPeClwRczfCgo0Epf0QZD38Uw/ISKKN8QKR6TVwLxfxcbX1wdxC+SqWwvMqMV9rW6pqv6buRAJ3GBwPC2ec5FcqmAXpmpY6KE4lcedG3EqAaDDwbOTnYFdab2X6AoK0onBLCkF3g6awDKCSND3G5Tiv9wyPk1XpjqbXpHHQx3mBIVlqc1qPP+SuvkWYUmun8GOoh60BKuc3JcsDGlqLbqCjMKV74Jc7CN3x+bCw1dJv5jMvKEXryHSxU56/WS7klxFLG5GBG6Nutg3MQNIgnlzjS5IXkL/kbYPj+GzwQ9DeIKCXCf2lTfsElQituIZlf2sGU7tLfZJZkovDjOvd1tmnxIffuWz/BtjqzrfNh7A02hr1KM1N1VCRbhqkSm2WVKZPUoO+9rVtalrQSft+k8HGq+YU1QbAVvBSBpf5/oq5iy1JtCf4SLkPc3ZnhcnCHr39Qfdd6ox501akDO3dmRKQJJKm/PCWiXeoMpC6Y7H7rxQ9SALDKZycUlxamUVdDj+Cm4P5ZmpzNend3D88047xdEcnRizg0dA3DOnCPjpoTfGZnhLg/v5ZhzDrzmhH6oYD6AV7qWwnd9w4Uw4yB8oYztoipPmbv5Ai4F3EBhZ3PLwNxcho6fl/pWxaVlvkx0pctzuzH02AJFY9iFR80axpAw11QTCCYqV5fixHkkV4lDGhmp6zf/jGQSsTMC7UfjKiVg22aFmjAmBNF3BtwHAZ414m2Ilj24EslRuV0a0hE0Oigw9EktGYMNPAkWc3aokAHUusVzItGA4zsD0+7sEPVVAQpsPNdVrRxppexVdOY6Re4THEvrMXlPwzITGGF2L+2P0OXnIbrYlkPN7l1PzEmBflL0lRRsiTcro1lIW/Nf70OuCRL8+lyGFZsc5jC8Hk6O7ZfAeoDiRojZba0YEOZOl/9KEeZh7FCK27MH7uDZE1utT0CNQ6YX7YWb0Nq3gyX/ihxu6UMVsig38vaPZ6B/fVvlC73pBUW9XZ/ly85ifECceShxdKGle0lTzC2ZiRAh1dtgViLjntrncLAjtJoYgc/9KseMO3StV5fSStqiHM50pzUVa4c6GeeiQApXi8nLVYT73IEbVhNbESWVBPwj2P+ZdSsL/Go/hyX2DW6G/XqEatZTpnSFVMKUYc7Hv8mVFm/FPiJ7HuZ7n0NTDUdy6/EAvNW/adKFrI8NLUbwWx/LUw5jIukO6yapxmerWTKUnlT9OVvpqiO9HQb7rkWlYjmhom/1yJ68byMV5lFf4q3DFFOhJsXzs/pFynnwD0AS9aiVWjL/Fw7Ia7jzCREe+YGJ+kQS1stDyn6mcqy97NzQ2CnoOdegMRnje9PwfX8bT5fBecLfiRmG3i5g/nfrBhysYJBNzATc0epe1lJHp1NTtR1hWJnyyq7hIgZSSNqGsmLZyV08G3XOGW7eA0ykr9WNrnl+wx3WCbpeikVNP2MjRdchEWH75DW1/Soao2jXUO1DsvoMOFpPtrKD/GIX2hZrltW/AmTbWoTOZnFK/vNkLsQnUoiY2o9U+mZa/WWl9avgrKqGXj+BJZKzETDRNjWR2Xi9VuYNXo2XpOjEGVq0i619MWL+8/fXfQsos1XrhSWNAzPStrRJzaB7d9ybKgNNE+ghxp7L67xusZcGY9+wDID9L+rAKr2SxJXIk/EqcfTT4toOzhZkyEAVApxxL+hO2EKWiA0H7b82AGCruByZw8hEEh0sj5LJ+ulngGnDUMDo0Js3NmIhbjyvvdo8VB/9v0e/1bS8sNXGNfvA2zi+oxOwOL0gFkOCOMTpArUJx5gm3r2hXGCPRh8aCSgejfGEZ5E9oQaAVZ8KNe4Jno4BdzWeiSMeueel9F/uWo5TMNzdUVJxvnSPE9aCimhaGxoRkazzmzgvw7wuMQAo3/kfj4cZTXuEs/+3gw9K3RVulzc8wY8CXDSezTd4oq+QsSvbur79mLAQfXhx9XI1jyX26l5yVUoVJTkVRhFc2lnzD72sqi7qrsL+ytLNsUR7Cg0CmNnt2LPMhgHL34L2uDob1CAqIRiBgeF6CtvFHrpp0bjdc93uD8g5ogqjE+zWtTn63EhcY0O4icPGzpyielP/d/29HwbfRvFUUCXrkBFe54wKuol3kAlcN1eTr0strH/a0cpQ1D1BwzNUH5Tt+lVsJw+3YAk13Oc4HsgJiEANfoTyQKDqKVPlI2SoL/Sr34wQwIPSLHR/lW+RVESRcs2x3s1Cx61VOWEDjO7AGftzNjewZXTjKB4/v+tvKdZ44L3qT/TzN2MpqR9OkTAQLuVEAV/66HyyjgKKqqAXK5iLkgVfDey5NqHIVkzIvsOoFAfuxQ6Som3Z2A4Ow0ae3BPO1wXpjJ5EnDDHuKqXYuw/otrmP5Nj365/adDkg5vwZ+GaeroQo3uly17Hliov1H8Zu/pDi1h6RutKX8weA3QuyoKN1ceVr79KX9rPdEf+LxsXCIi8FupQE/X2fhy3Nxfb0xJR58GPFC86NEZnJCCw3tW4c9tmVWWpCHKDH0vYJ6HHihMhFDty30dlU2vgMLJgs7oq5m+sZMxXt9O007MtSKM8+JVZdicP6ziDoYWQK3Cfj5b0zNfoFt2ZysxDD+awLzOwVgGR+5FkeC4Up0czUIGWkHf82EiWG+UytG3yRO/K40HDp6VUFPDKu12AxNTCjdP6KC5Q6WOVk7T3uTcp0zTzbkMBVC/vAO1dSDUmN+tHB7E8icfefKufU9Nw/j247RshnC/poZqsaoOjPfgqeq4UsvZrZx6XLyf0J95p8xO/FxYwi3xV5+Pqy/iGNq+kFGzEt6vLDdSJvF2i8ad5WzVQSG8kZhM7OLvRTBc23kpyy20sCSfv5LfSfYsqGK8sI/qZqkftvMQ34S7tZ9KAogodMP+j0sCsX3BDQLgjS1gifg1aQn4DE7doH4UZB+gegXfk+Ig+PVRWq5VYeath8fyk6anX+k8L+91flZextRwG4rJV3DG/qzbUtZIaT7NM69sxdeRW7LRpIZJOCEsHeRVq5OTLamsJC59oOA/QUIe8ezF9ejvQTl/Otqq51WKomxJOrO7bxbPiyHJfazrINRAlmfPfq0CBWS4oV/w70l0rQ6ERhcR8uRSk4Dbr9X/RglHTwkf2IihjZUjR54SiUoFDevtj6xQVc0wd/7BuAEbGPx77ngDyuzhpEuRQW5muLLUsPgF/zsJpBfm1jZeu9NIRZElQ/29Z05HBda3nZv+Ge0W5tGukolgc0ahKIPmVRNIF71USjiwyn9p+pTNTAss/LTO8b7+sp5zjoJ8O9svnrMXGnlJHkSRwcfyvaeFN8zfjb0Y9B9j+Yxm1fFh8AncSmq9yb3uQ08hDcnV4p82sB4JA/iv3Tdm5BF6fe6ZauZUj4d9XuwEGO5FkcGDvF+k7EGURj9GkiL46LTvUzzNrSvgkcCVBXAo+LGBp5YRb5STKlAoIcObrWYU/EU8H8KwGn2OhirUqy5MgZOiLSGI5Jw5MDrph3YxjCLZ8BkyKNx6H7URn34+LqGnalTqnV8VrkdL/PUEq9wNzeJ7RRDj+S2CxIpvkFt0rFGNFI6zPBvTvwYyWCRL0Bs1EqYsiU2j6ikETaz8f9NVFd6zmTea1LENuMFvUzb/kwtBoH4NwLHtJMu1F9Si8Ita+fYMx7o9hp5iHY7tN2ABa6BG8Ma0OXcgfpT/+6W5FIyFCDgcaVnt2NJAx2Ty2rvwOMOfbcn6CvxX3DFMI57PTxyLVSVPP0NNvhnfvPtJ0LpA5dsaYFlBcfJfN/68ClH7RZ1+i1Jv3XrMUDcTpFpLkn5bKLJaildqRhF3T7PW/DIitACc1yRFypARPOWlE5wuAdiAK5N2fpPRjX3OVUw8AhsFCz0AfRpB2wiT3gfwb7gAv8jLd6DDC+SfvFBTm6ba1inBHoZ0hSo2epVQuyxOOcbiaNt8r8B1cWFi656u0PgVvU5rrP5rEEQETJ+GvZunXeEFk9rzZds4mSfZn3E7WQRxbAzUI3CDAE4ndv7AYxVKp4R6XY2OppMPuW/S7KRGvIMn5KShbIl7MqclXhOVUZ+hTf+nmADFAiU6eDGRTzgGXf6g8Kj9XQ/sN/T8DTD0A1P4UYLq+1IxfYknGqcFNnpi8kG4Xab3pIJ1sBo6ITy4lrtMp4xY/5d/GYJk7jg32isUwSkPezzwUKkw/NsWbhjiWQ0a96KJT28m/+JjiJg9oyUS1f8067eBjD/Za7/FeNu61c6F1Rk4RvmXfAC9LBFSZeLe0NzAYnwJQ2JwTyRqF69jl1VPfAFOK6vF1JbaEzi8QdgFpIhw2e+pgH49Uca0AGU4XLiZt9K0kwA/85nbPHCgBUVL2ngiKyCrvvpf2qdtopgXdt9QLyzhS9siRhdqxmZnJGv79TISaomM6vCqH+dT1/tVtyRO2b3Xuv7DuNLrJxZhPFRb3eOGfoYMFe4SO+3LBpbU6pccs6ScreXhuNyQ72loo23fc2E2dSBP2ehjGWH9GWj5bweE9SQN+gkvIlDJbpFYRc0YyYVcurkIqxIEcLFFihkE3KlwQP9hGSqHU8RIZag6EPrlXk9TYNvnVZWMines9fKboCvBbqQg6wA9clv8omHDHaivTZ5XNHvLYb7kc5KpK0SFpedAW6qgPfjJW5lR5h7D/6Zfz+EnwRHwJ5IcafjhGIX9MhLyjxqdF4xkl1FQO7q1ozgVRkRPlHDvIERcqCo1ulIpGWkA55ncG/EMewHF8fRry/JLHNONUBl7BMj8+YmE0V4oj2fJF8LJIyXF+Teqgz8p8MdLe+ZncoH8bTHlu5CVgzrCYSWgPq8Q3MeXtkoBh0GQWLeWCBZhqz12/YEVZK6kDycwTtyBOdbdIRPxkQDhRriwgiymkDJXCNwSQqqbBUJ/JoyHQlk+XRcbxBTTlPme63sWLNXqgXj8bZcz4dI0vuQ+2IhpSVNV66xoHyGgRoUw5/F9kye2vX6ly4IOq9Lvk+oc1OWlXKrlJW9oQmWZDubNReOxJezdAuE47AW0iSshcf8TpH3JSpyyoV+vWRXGHIviNVbaEYBl0USAPXb1BtYOWqveoNkV/svQA/E/PYt3hRgDf5gLzSAiojRSxwBJ1JXElBVAC8LlTGfUC+I0opNDWGVAYu9xAI9BOpXiBFSaFFRF+YTh1U9p2z2G8RTvGwiQDSm8hNynERCkcbRHhrRwSLgv7gDsb9aHc/I5HbGXw3AmJULStK9OwrCneaRCQ2eXHed9aRPdrDWYeI9WBq0owVtZo8xUz+kTVf7QoofqWg08TJ03KkJkUUsXxqJGu2cBldbSM+lNq0oks4LrbFl7w+q81U5Ef+NbZip1APlu1RWbv0MBFq8G07+6KBu6MR0+rA9uF1qAEPWkvfjhr8lGwsGDkh7tmblUPCES4yjzAvQlFQSFbsbUgD86tu4kyH+seQDCrlIM86G0v1TF9ZdTKHHQLEiBvq0ouGYyKHSVuSJHMBg7juwEgbMikxNR187JsjAHc3D6AdSothqhUa2RLRfYCO0TgX6lmLrbe73OVP5u+07qbSYfkX4okgRWeLu/fOAIQmRdgtcvd3nafWpIvmd5WJabQt8wCMBh2aLDzJ0PYL/Pnl0yjXC2SUC6zW7c78gzdW5D32vVwYV+OAqL3Z2lEpR+l+wajDNRjJQKGCePTz80EVPuIj9OIcHPheCNjCgR3P7JCjf/sOvPtvDQc0Ujo+idxnuZmj2RZccyPmeLkIWlBEQ5uLCrCikwAu849/SnlGgbkKtfDKYzSwhEzzu0CFZ6rRfh/RIiveR0imOEbZtbz+IOYv+sfNr3Y/zW8/p3RAmkRdpUVg0ijmGFj4vwXzP9PgdqefhwLn3HI/lzgeUYvktp1sm/a+woI4inSZlTBzHJEtqndNn2DfoCP2H+dcZ+ST83Ib6fMoslAmnBDPawpXJd1SJ5jZ0WqIKTcCJsavR1Ib9yqazUjQcjMBr+fl1LAq3YgJbdbkpT6OmDNl9zL/nRODOl7rlLwU+DbJbuJuaxF2ndc//865Q4I0bMDGwezqzmltMkul47FBOS8VlHOqsre8FdGmpNxqlmzN/cQOcr7Vz32T1A+tpzL5AcblHRRlNQWBclv529eu97kRSvomOE3N+maKGe8ljL0Bzw59+0ZXQjqvTjIr/Y7JVqEK7IA1pUP/+0F9PeXrZhMJiT3u7+5ZHpPeU7oGER+4n3Dj3z5h7RammMoXFEs/kGUGIOtbMvq6njsqLaBd/PfkaGVMN+3cCLq0y6z0oab7yI+WqU5df7TyIrfY6dxVEEWo6/oVDsnPwl8xcLg0gwW9DAth1g4sUkDLxfMU1p8IC6HPhzSG+drE6p6QX7rEDd7BpcjKNnefWBUHQffZkSmpHNRDtb0du0ryM0g279tfPmmC0Uew2a0cR1UQzmSTvgSy4DsOMWDWjdx3s4y0AomuPnGQmqfHcnn/xSGj2nJnpWC1leqWxoOQS5pRP0fBCFqOrvdA7C/9sH5YQ2xsUcx/41kOgMjjhc4DVvxK+tgtgvBxslznAJVyXl0sFtK3m87MrJEAyGBw+OT1JZQHawfn31W4OogRxZs9IiPHQenYeaSp+X93qXK1I3eMEnoOoHPFfwf9tBP6IiNg/r2GIrHAWCNtgPPP3fJnQMpf7AFOUYlhEilwug/LdB9uttbGAkz20fOSZvnnA8PKSYBgCnBMSyuY26XWYD8urpp8tlt5c4fNpxrMU1hIrBGSMWCgi4ON8fUesz76TiT2of+SwnFl5XyLigKw+DeXG5EgywlQDRnYlHk8rbvPAbmNYPXdvJ4Z4AgBLMxyPgm7LDljZ/UvNFRtOS7oD7NZ8aaQx4T9DHQJcoGz+H4zYWTcet1KDcfCI7OHdcraXz8BBtgeHiAN9mMCgAK9isXj5ImyU2eEZC5ItEADHMN+CmvhHffMDRkP9Vb9F1cxNloIbfQfiYOoyeh/F/9crkN5zrb/eit/FCkRAvLGZFyjfTAdf3ZBn4IL+PpfdBOqqhe8q1lgu30wL70a+ysEan5tSMHjRGhtudMyUpEmj8HPb0he3WCh5UEycIjJt78eAiY1he3I2dzuagXKfaulna1RUljMguujS08cZAu43ZHgQY6pIeynaGPNv6cyyiddToZ+1cpiYsxhtHuzGoooOj7+k9760OGBlJedSgMqlNYK+7nFsPlFJTlX6EOn9ugwJ0lUVLJ8DDyQ96jvj033DOOyjdpZ91OI1/yealP1676EymwKJ+nratqb35m6Msda2Z4KM4pKoOtRslx7I7C4dSATu14EU563yVCPyxB06Yh77/BTlC5DfwJL7tAPqTzXp6kxrRh2o3fe6LxLTSBNl4E4YSkZnfMUkmWn6s8zi0jMwRMe+aChyeKoHppQhf55E4s+OpyOqgDvoAazmUUJMjTxZsHQRA+AJ+ehm6wDlsb+IQMy1E8RjHKcafiHHevXq9fsaNKUBVSF1K6P4XMo6vZlmQtaf/5Sn4UWSd96O/Z4bmsuwfThqJ5pReTvLVzqfpt++C9kR9A7KNSG9IiQx8y9DPd8Cp1n6yxwq1YrJB+p5Nl70M77GULnENf+WDX8QiX8LstlTw3Tx6mmpGw/kpklUYTrHSDOBwgQGQz9TAh7zMGNkktkZfbZXvL9tDRHHlNer7Ju0tkaM2Jchq+kkkY1cJlEY6gQv/zbkxurv6KulBWAgkdpWO6UtaVxjPSS8q0V4EbH1u5haGmgDHFP/wy78NriSeGHaYCVdiUyRj/oJurV1NpQUqZmeTyUEnxUfwvou/msZsTEkS5pS4ahTBNnN4btUa1JioFZ6US+yYXUHWgUz2yMQx1n6shD0Ol018WBVg6iv939raQ7sHJM+wUXTzEX0vGno890uolWUB45/Tm4XEKgh8Hy8DJVGW/W0c83KlD+KVWfJgN+qXZWFaIfpYcAgssXLqaXC6qAMFnrlmGXFe1f2laIlst6oVvnIh6pYx1rldEVSVtvF/PrcvPlhRoVBFyfAuGIoRJHb7Php/L8vym+5pfyF4uP48t6A0a58HHlGCtIGvXzjP5qDaq31brnFW0imtWwylAdPINoWc1hWHYEaWZUncrfOVrZI3YNcZfQ6TOwTeeu2SHZkJujgqTcMIbcu/vmelI1QcPHACrPyG8Fy3lwjFsDvjUnvbbvsZVTwh+OSLqwqrTJho/zMUDqIm4uJZ1o3tAX0jzKo7M1BBIjGdYxyjMlu9VJ2NyUgU/ybbNKeTblyDH32HJR4ErhngGY2bP+nJnhMphYQ5H5CNxhJJp67O1tbcPkT57GtwqPSME+eYQiPpSstKbEVzxeSofmwOuUqH7l8QsAcM+CjBVKi6t9LxKNH9V27Em//tDpjFQH8fOHMVgJ3QbzUYLYHh1lepY7B07Wuvv8VrPW64sTaylyZ5gmatAAqQMjUdv0KdsSwutvJ5gPNb782jMY/1AUR8d6B0RBrM5EywRQfsuMDO36fA4AhcMupbdpjcTr1shbp9oaEhDhhclbt56CSKDjqwJJZvJeGIW42NjJ0OkvwRNB3Mwq8lgX8krrVrVrb0T2KmFhlTXuchA9phM183iPMMvX/e5SbUBJp7AvClV3cNrOXB2xgQUxJb4NayxwHmUXA2ESj49AFHf0F/UbuOmXX4HQG2ALI+6ax9Cj8x8KVcEFJywaFO2xdwT/6XRcPF4bG2swyWgVRXRXjxduc32sbFpTdOz9O1p6klaVFM7QWoVFtLOU99oeD41J3ZnaF/ZyFlWrPTvALSXXYcjksp1vKCJ95Jh5OzYR4EC2VYyAXfxq9CyHgJYgloF6P0iFbaBp8EIlZaoagSXYpRj+ID0BBzyrU3Qh6vnumFZRKk1OfQ9rqfob6UpjDkUqrlhw3MTDVT3QrU/BlX3HWXQFiy2BFIyo75zQ2NPKxI+04p7M6VM8Qi9CMylCtcHw7naYWmtV81Py0xU7x0xi/Iotc5fcLYX68eguX7lGNXYfFAjOQruKVjpwRGMeVfAjBm4HQEqlQbV18lHzz+cCDfV8P94FDebP5uAvEbNZojwgiNxedphUWAZX6/30wzkaw1kJ4qlRCA2ehAU44Cg0nZOkZXy1cEhgIGyOZjRUwRvLkdZechPAbstod9xfrP1f/oJZ8+SM108+eed1emafPz7/XhaduPa5m1L0HXyKEP6CdkzolYgP4o5Q1wMla4LOYKIt8K0iCo/nwsO2Q6n4P9PHvkvBgkneZ2WjSetiJJYFzJf1+GNcv2YUe7p/PvA4aWInSNSwEGrEayaFSeE+7jL0949+ryEGRcqvratF15jBUytdeNoysYDfHLy7cECsUR5RLmATgUFQQ/k+xwxY2SEdj7IQARMHxt0Y2q0SWCeGxQciXJ/h3CTtUEnogfpXmmK58PmQQ7g/sBCku0cZCAz4ziiP23yyEWXbCz4Fkn80nKozASbo8NKZQ2bqvOh2RSlYyBiKYXOLeD7YhaojDEt+of6kHNqQvRk3Kel/MCt1yaDCrD8UcOjJAVMIU+lmQN6yv3IGrcXgQNCDI9yJT8URKOl89DV6z49eF0mzqcYDLu6LkUczK/c8rvE8yEnOzs5fmXF52Ra4GgwaesEUEvwqKVtud/gLNWjt1jrKY7DMawrENDpLlenODYzFwcBiQ3YPJXxdKafMLn0ovIYC2wLq8CAlf3hRKnq7FEHVb5MO/z2+xg5fg5f4N3qY+SJCKCiv1e09bj5PnbQ+D7dAoKxj1T7834usptbo1bLs8OqtYYhXIWyj3tj/uiunMTcCrSO30EuyFZnCRcL/hHf6C3yGA5RRETeqc3zDS04g5NPOwvWuBEPvwPPKnaG2aPAXcqUynAmQzkVesuMpTwa13Y6kGXTOjOY+k6QtnwLww0Fw88gtXXpHd+K69p0w3xDzKhT5WVCV3tn8XRFq0uiVaNy609VCeOSHm23KzG4GxknwccO0fO2h9hRZuwIqlHpngdM7576/88G2l/88j5KpYyfHwp6xcbviWwtPklkncWJhFr+9sQVyMcReWG7Eljog0GP0iUpLJKoMmJKhkMKIoTd9F1iiRT82voRsci1CABAUX3xlSg/fPQNtsDyTLjI2BJjIxzp5g2CqdHEHDdosS0AhL7GgsoX7iie3H15vMne5bPxzYZ+G6+E38axEwvVg48zg6/fOsmDQSlsi4TVR/qfhbzM7fk26nxWTYhM3iIQ0QBf1HPkOUKVjfjC1KfEmxfJH6u38wc/zgJ5uaw+NM6xl7vlftz5PUzTdNwIJkyBgr2VRQepd1YAJBu1J+sgPh/A6fkXgnIpSoO66s2raUWVjVH5nV4DeMWgjUlgoMe782+5DHJ50TLT6JGIBRQ0X8m6yQ8QJ3efhLn8HsaomcP3D8Ms6HQpG+REm15hF/yfK+xZor6rkv27rPwk0No01KzOrkFzJQ6+NzFR28Zu0u7x4iNzYVe+Gx1HWPi1YrTv3LmocYHgEGk6VaJ/mYOSoatq+UPVNWn2AsBxUG/mOhAFSGtKjK+BiGLa4bwJYmyEdEkU5c3AYyVKXrzlfddumEPioKr+JouCyZxU0wvs9BG60K/sgAeeRmbU4F8d1kkXJqzNH2CN4EMHa4CsD196lP4dZqTfEOicZAS11yqbfddgTPU+f1jQB2Dtrd7dMKC5/SY4H7swuR7EeyPrSZgko8vKv3Md/0iGp86yyVfS1rVn8N5Gjmlyj/5TYPmRj03HMUApMYOwSDZCpV1dG9140dpKhAe6RICT7kWG8k7KDG/HBQxk8IUjGtrhzEbo+AgfcCOZxwuLXo6Xa7+y39vk/L5j5r8AwAT1Fml9s115MUGPRZM9esZikNXepFwhStl/Unx4jIoSRG8QHRQnZYu4eHDn+Wx46mZbL7QUUjoVhs9kZXhs2jpGH7kT26y9+rSvZHur11+wDHMPL87rE+sTQVfXst1uzBIzVV2bXHoemDB1pg1dcY+KF9UvsCHrS8YP9QKt+fyxGnp1/Uz3Nk/Uxd11SGGIpEuToXAWDHLQhaxYZ6E/tMPVhJIeq+mTgFeMZAPKhSH4f5sKRz+IaVunQ6N3/Q8kDR8A6xpxke5HWxlb0RD5niPfTtwdoA6eJ2Ob9ZblrIqNmDF3Rv/0qiNv9aSz9pEdCx8GkhIO5MkcRmzqfIJC5ZKH2QZqELbnOu4SVOVwxGzXAv2wDC62jJ7+YsmcjI9BnPcEUWZfci/rx0TeB2GG/wY/XeLbzVLR99rd4OOyQ1zO5T4iGpuCjBAXtBEKCkMBfhzfikneNmWkwxMonLIoWFUzSsE1hb4S+IkpZIg22oz96h8KxEqQj2w64rtnqeakyRxsXuxBdpNq+9RmyZFQJRrlRMpVEvNCKFCP8ayHpTq3+sBbV9maYU0aUWYWkxgPyww5HPyuN9d14vQI63449UbR42pwmFXFAFELH+rWaRPYIjIiZ0aJyl4JtrgRInKXohO/Fms5PyaB+gDcs1typS/Zb45B2Dl1Rt4Dpezc2CNURN8vUHwPO69kDaBvmOOwQB777gDWlnnC8aL63X3GSj+LfkgFWH93JCRr4lBURf1wTOPYiyxxqaS92+wVbQZG5fnbt1soQ8V/4nCRAwbAeU5KKIX7O5z/YWc2ZbmUDkFfsyuzxlAH2EfLGQiAQycqCckA3CHnkIX/iDLCh+bnEq4Ls1RdfWObNR+p1mPa8b775CRdf/krcpYzvADq11f/QAaAohnM9Jz/N7E6bdJb0Pvq1pyAEn8nBCiFhVnvHeDAPD65QuBONbQe3k8Xp6SdRV5lFpWKEgzXCGfZ8F93LmZN7SjbpBvTJxY8lZheOh8xpscyqSfXuD/6Ntf24ZT/gXULwrp5Z/e/cZTM6QKc92+OBxBqWlMWHy4RP7C5z9BfAxN5od1xCTHX2+Lc3R60+Tz384UGterk10FuW0ZDbUfkhAR3tOomCUdc/CIgM0vaiGpVbVAQM683hLq3/E1Kb3/Cgpm4xA2dD+ao3heJVrvJ90CpScYyalSTNE1A638c/FTvcfgE4N49loJ/2JEBUUBYp59Q1bTQo/SAN/+AYmvRP/bJhba2pSG61owmC//TRSLDYHsLDANR4nRwEDY1MaS9mpkVAoCWs/mvuQF0MfeotlacpmMAYrGOuJU6WujFxtEkvExEpFrHMGGxNKx+7h8WnKs0IOc5Mxfbdt9BzOO0CFGUaDzc03n6tc1lzRfYFotoNlTUKTOxYKptC7FEvt7g9Szve6DHJVYTN/XdoV++tcUfJtlP2PYjm3tmdYsFmkvVRlUuOmjx8xiCDzKnY5oyXsZkZDCzfJ3BSgP+NtmyxOy6g+YvJfxi0x+729zDGHV4+C8uPza9S8x7LirVoIIRrS4Ed2WXpBzoxg5h6uNSAm/SzIsmvlB7dUI50h+GUAL84MV81ZLRB9P0lE2XehYrFCj+vC0fUiKncixSPeIrcRm4EZcoe972kSS484ikO/NIWppDBOwEr6XCfruF11ks+P5nZWrXf4pYWQiiyE8+L6f6a0RJK708fJx000TBwkQBsylmV4XuqSOJYT87P4ozobOTjZLbLn+Vpkk1dXkQhVFAU1QwpqqyehsXNb/dMqcEgCtJqfg2hwI1lmydUM84t+dwgvtpe5BxEK5bf4Fq+ciZ1WMuJqR3BrorYqrSrNM8fSw3covFOMi80jVcPd1Fp39tcDgvM57KRf8EX1oA51g0tpIs0yE+WvgIvLSgCrfCcLRoUoiPagbxlslJyhIcJU4cb38h3r5fA/KAws5Mvho9/tyrYnTsN0i7b+AJk21n0ZqzAX+SG/ViqP3Y69J1ky6gcY3tH5UGv3m6nzMmnNMytTwlxWDencHreZBdchLYnfu+PkVfXJYXQECmxS+mLZMdoQli4HLAcHpM1bN11RLpJ0QEuYl8CQAqkobTDiCz3Mxf8V3uBpLv0W0Dqb21rznNCiZuW1o/IEQqG6ZgWoGJ7QqIgDePl/ynU0oOU2kvojgusYQnqS1708UbW6QzBu4TyZd8MR7Z3+WI4W9u5teUKmGaVEB8HDa58PGVXU+heILSRISA89pWaOKvGQzzkOThYfx/Ae6yeJbSOc1pTtN7c1Mfdymc3tbyvDdkAGDIoNnqrnfpWgQbXeIU2WUWdfnIISi2lJiGLdkGC51o7Q3WW/sWeaTIC9EQdwrmV2cwxazdyuBTWWg783n5RASicCHdqIUJ7X+goCN91FFqVPD2l2bth1vprDSXx19wHJNFakGdVY9rfvgYVKieJlzQUeduwnFgSndQPR6jnSDEATDv9UdfL4qBp1l8OkvPx1rM4IgP8cXBD2E7y6p09e+lb/My6imlZ5YlQiI0iobIR0Adf5a8rGTZgtdIZGIWOLHRkZNI4fdUu5NOyybuA73+0CCEIqy+GLgol4zPf2SjimlitPZW/vpwpSXmLB7b8zTxDAPrb4vP4mqinR+ggclpJy5Pf1yI1XRGSG8T+pJkAHhqwMequ6n2YE7FxRKdGbIdKxuLmpU7p9FybYgL3nBpGpkXjWEkCiiHTO9pskNXrnJoCk6k0RRwMs5dPMW322otIKDjPTd9ZiLoNrw28PdeqQ1a3CvY0VRsFtlkIzPItwwkXa8A5FOXxB03DaPybg9KQTpT+vuQ/0sk0hUI7cfVDSSUJ37TUhFUVRFcR1n+Tb9T4w+6BQB2BpUsMDeDJdqWEsX4vObmF6L3ENZjyIGXAiTKgqSSKznmLXS7ckBjEsHZzGmkqvJutjVLxQSVg2Iv21/kS06Netf2aZqVpaVELUpK5YoRiVlU+6HvOaatHI9hkvQbvlL4tQxJS/0Qp6oy46UGPToN4CI6trU/XlMPxzEWgIhF47Z3t8+VIhn6R1YlSyn6PvDTHENDnw8aUc40sOT5Tn+NID4XpbPar2BpFrx57FoAf6N/wPSwUxe8kvg+OmVv4shU6OLd+zBiIIo3hCF1F2sKrx7cGWHd5P3unZdSWN7QKIC4E9shI/khmeo/eZ2w/iLc4IB9uNKlKwX133xc1vG2o0kjfUP/cU0Oa1nktYDPSX+BnEMxg3UEO891NTBE0nn5yMvRRzts6Fg6WZxQuv0JE2DRXQBuzCPe3t3S3F8cTa4tdFP2dyGXkFgJGiG9+SRPoPezBY/9zRJEKvo6l+zqHgFumI5/K6bKBu+YglF7pzmIUlt3AMQOg6R/KldTvdSKsLRIyJivhaYhAj3c1j3RNvMfMVvR/FrbrSjoEQRgkm98HcM4H1wWZFDN8KFfhJ8CkAESolkQ87C3G+UjL1ivj4oEWrfF3jhHL7bH6o+r1EX8eXlXqSNFB/RKm0S/O7qPSFl1Ny9BjpnhxQDzGqOhD8HLS1SaYt83FTzVB1DMn1MmG4YJPnqDjgrGB8aIUNKpAHM5hYQDwXrj7gZqIk0hVzFfK1+gIqXstU7JKi1gEjfg0dcjkZjo1N+5sTFnqUW1wcplJXts0ygpTXX+0lDDcS/yLt/aR2t5dQEEMfu2Ak4HXiBFCKzCsuclWwnAUa6R3+tmGptR4/K8AjuehtLA3md/TQJ/HzlNlXdl5+0LC67Op46l8jcX9ctys3MRXQLfE7/ejx3YVCOZ9lTt+XTjHXVcnTZAzaaospQImiyjiZ2QTr1/RsvxOzZ12WH7IfmH3gCOe4bRCLIfbz2uFTdS7fQn8b7k3p9qYtG8cH5DVvDnDSdnWrPCNOM4dOuzQWzT8PENwaxHfKStFRQ/lniEIZKOW3/4tGHdd4nKSJurmpBEUwdpVQz+HiA8aT5VRBQYxXAmSrkt8KERvi/7SK/eHPTu2Hr2RYpfGkDDcnl6sDemPoEc0JgJN51rlTYUWSR7F7j0mbFBJED0iYwzDHQ2wqCjva6mZ/z+3Ff0za9UCP2JRpufvyUphDe/tZ0SLj4RdamcINiYbzV8OcfzkHRRQtpbhiJpoGmVYHFOrpB8u1FpZHKkaLFa6V/z+ej3pDDwsNtDGdOubcp4EOQy9/6a6hoICIFSl6rtCiSWNcJWOg1WhLBdEvbDxY2CkijKRjLq5Wt1VunlTJl5xtMQjpejHuWVNxSnGPtUMsdAHhosbPYX5u0WHpq+8G3Qo1D4FGgBWrlJO0GZiYErt+LorjfslYpFjWDEZou/bfL4cMvB5HvP0fAd3ln6SjShEfiKlfSncd48VlgSdIwnxmF/hCY74Y7zI3qs9NEIWRaM3QWRx51hcoxeyQNY73vWnmZrpkS4jfQh+LNOS8PN/XQF1uBSIxPZ38fx8RlhvBFHBz4ieVeKztTd/a4ZRRyr/cwuekJFQ6uar1LwnCBEwry/dm/1ai/v3ZUpHhJwfR1XPzaAH8sc/LdcqiKKQ/+8aBDgV0a8ftSBvXtsRLw4bNrLtjac7cKf94w13j+XtqnjjsV5Zs/vnPXdt7tunoNOOnStj/NWRjvRNBLza7Ufm9W2Jo9zdrz5gyik+aEzp4bWf6rGYkP/HWO1/235jNeHxojf9nMcOuCAHZDJLSlYOAnookLnPQ3bq5ghgHL/knJ8BTaVbL/EOsOLkiLpBpyEU/D4llqnH3YxhWIaunXoCioNNMQh5b/GxuTbdaWo1rVNSwseM419ru6bMyiH0Qw2UL4gL3dKCWzpV+vU8Ujirm2XonK5OuLtxeYzMHonwT7WachcEF5VSzq0Dyoljd+K5jpbaVz3laMEcYUw3XbwXcktNqYAlYxo8dBmH7d2FLmNL0ccQOt4E4zQ0NoDXfGiBfOgIeXSpGrWqUOzxaykvAxG4+cDvrPDaqQpJaVSmqWJoRWEQeMhKxCQtJGNL+SiXo+0NMctOx9enEMC/guLmBW7MJ+LfpciR7ZiuIsIaMv1g2XBaDYcmzQn1kzFzjKS8iZlo5loUO5oG1xiA1O3ztTBIXxvGg1nIG/nhrtb7T/hi/BNqLu+8NaVHhPx1g2mSCTlgoP3LWdj2i+VsfkY3Bg41ruh+TUEOOgY/ecr2DCX8UxgS3zCxedInIURRttpBuaxlrjTYbOpSbsrZqnAFV/CRgdAnFh0tOaUOJcvHwrKjMkPU7gIrAAe3mBFPmqKhcQuSVj6HM1ps4cPeo2SFceM4hB33vM9Mnw9cvBG2u+KzG+RPpHrVKFJZ3tim5XmdOdHXQjALvu0DqnKJokcS3YC66MFpbMedBoO/hWJo/KO2gO9z70DYWgseT+Ydr6nloAElK908AbELnxa1+mo70UL9klyc9J5wEb5JtwDPnGs476ZQi/hQwyZo02p/jGUHs4L+0Axm78cK70X3xZbe0jzMVLfIZ8Iu6Pu4/DT7IzqdYS9wT1hkF/OAQNaqprEW2L0zXYj/1iAKWSPcZa3sd/osm6yD5b4y+HgMaioE6OJ7IC4MulJQTOy1c0fhA7NpoUwIo9Rw1FMJgGgmqxnis97/diFUZ+gTODt9LA2huObT+PyelqQPov2CaX7mw5A093U5M+J4vUYwfMn+SvEhSauhObjOUwq0Q6c0ka13D4GttkKHKn6ihIcTId+PET8rLBC7+HhVrPQqoXCgX5kAexCIOw4szh4FHFL6s7XybUvQZ8hivwmLomL94Jj1wKr4YIRE2ebsDAYefN7gVk3roJw9Je2e/TEDSfs2N77rjC0oN4jlCmaayOwsQmsdPOaXH1DZjRuHk1mii/Jy6BpHSbUXv8ocCFtv/jUOOGVduFgyxF2c79S0YPwjIPW19zy2qP+JYa0JNAs/FrylUS5T10XLrVnsV3gU7vqBaZxwM0D+wmxofBKwqnBAoxjsnoENTl9ZzRFNUx481nHKi1rMRnyyudJEWy/anBTVZb0Ug6WjcJ0dDwL+Gt9kh1GOhJIsIDT6FrPQAfNFRCpHNReNWqBSjHMQlAcG6ahwpva7Q0jhhQlcRbF1eIFPI5qvJZqpipgJcKMvzv+La6sqdxi4FTICjBP9Lt3ITmx/lP3LMLR/aZNqgKDI+vLIrHFFC7zIMl9jxNF4/BcN+tiWb75YNCElc4YFUlEiFtc+lVa5SbCoEagKGKX1trfq41iuTTukBWlzPwcK0VFI+u/RlVFBaWiV9QnfPR0awTEett6gR/XXTdM2Vv1FsV1EVMVtYUC27pX+TVzkNYp49Q0HtWCwzBWDvcLKVZGIuu3npg+0YARLOfUuELF/2B2Y2f4X8J3xCjNdY250bQFuhHMwz4QOMCDhYNVoJJ3SlJoAYEonDwZSXjzrWLbMvXfLLrhjOWSNFA8bycsesWHH8eIs2JQh1ABY3leXD5dtdAbTZL9RMS4c7CcwKdJz16xJFm6LUUnG3ZmUC2MpbwMGPzgEi7acQiEeRLO7eCO9LJl2KVwksFBVYaJ0NMUB24qsNosu2Jl5nRD+CHftJNksg4TiEArFjEpnmzXQxuct7rVzHihXCJIWXzeHnzoM5vh3BConH6iY/S+nFJflRqaiC/TvhV89HZIUtV5m2hznj/+bQfBv4Szz1uM3xd3gNpOOOdiH+nLENJlTXtu+GQbfCl0ELhT/dMDgJhs4yGkAhp/hOYwfZiyiZsbo//hAedLGsOuKOreJYpYiByjGC2IicI+0oZPauAx3J/L+/fwmv40Iu/8Up3DXUECjOQEa1VMNIB40wRIGVE5OWIdS5CMYu/llfhchIttXRwZUfU0LAALUysupwMginPuB+3a5ztX8suKZjcanfN6EvpfDaUIJav0VtxkPaS4EzLDAKX0Z1GJ0xrPNPgjiZOXS+fMjOAGMyZ02Pfe/FDWST4UQP9Ln8gZTm9UdJ0Nz78yCJA27Hv/3NquMYe2CLx2eGnqNTK7HRHKUIgQrCk8yI9PfyYBybRICojNlpcNqURK0UdiYz8Mlx/goKYDvgI60/S22rIi0m9g5zSjrZ98M+TiEO6KqfX3QT16XIFB/A05pVaiRqo4vZc5MCS6ZgY8TAtaOLapAaXjxtno4EXqIlsnvwD7rAErtquDvmaxR6XzXw4Jk2WibRueeCXxdiM8pMiGbBcOdQ8I4/+/aqI5l8ksp0D0/YoIM52DEH/7czQzeGzge9oiS39jlQkyoTgGRhNF98u2el9lU+FlhyN8S445jukxY6T6emL7eYCw7ZTHeoxrV+slafOAn0l7BDIUMyq+b8QiTfg6JQWBJoMWGNKEKUG9NskOuY/SIdYD5FT8hwL7/tnaQpaXKqoafHPicfHTzMKR5LAT5T88dJgSswthBJHHDlzxaHcEcDCd3C7RiECNN7w7eUCqZbkkr/epQpbgp275WDepuJvkOq1PwX54vR65an2iI39DjGVhzHyj/kE2/MCSSadg2+YAf9l83I/LqdMPNDxntVr7PjK3YIcP1pzqf0w1Dk47LUZ2MmCudLMV0CvvY87NY04qm2J4tTZstv+/XUqiuvtIx7PgpyeJUxRdV5bhN0IznoIjhPA1kcCfEIfZMOXovWOoedRfzj6FBWCXIM0WVG8f7vieNXswL9t0r+2lpAfcniaC4kT8Xtv0jo2iQN5bACpxk8MKjYNGHUDte4e13o7DF1ubGITTr1PdIZtw2YAYebzEbMyu1O3LcOZ1dVFd7N71NHIjdny7B3yqxR4Q358n/TI14aJ0SDeGlFYAUpTFHsP3adO6vdDBoD6Ob4osNGFGar1u4NMs/vfnGMI4NfNbJnAqmMULYUuhxLVH9OF1tXULZU91iVtQfjW8TjKB2M8a0i0gCGpuPk5BbOnu0HQ5qLRqU+SJsTyhkLf8TItKJWaMAs6aXME7sToByawO1Ih1SCeygdxa4h7T5RA8+J9SXBvqhRRz6yql4r3eBRgTY3E/Zfq1uphr3QRVMw/3ng3YB2HNpVCdVM4l40C38RJmt+Iw87TEFpBZS4LhOB9T8QR8ntWA5L+BKPwCD0EZu0Ch2ZqFVrbuNdUH5ANo5H0joVaWmXIgnKufm+pzrr/o+k6tmTFduXXvDneDPHee2Z4bxIPX3+hTr9R9+quykqEthQR0payfFGLBdGE3/31Bburl3cEkJJjUzXm/tUEpq/Xkxl6SzFPycXNOO/Ro6AbDhdo9SpXTHLVSeqrDtacv7ZEfPkUvLqHjwBfgJ+7SDqDme9/Xf4qlsrXqlSt6r3xy7Jybt8TBnrFN5uo7fDylNfh99eJGiuv36wdSEJjnCU58ARXVzJR2L6kWb/0fiYVJ61GCWZTs4T0PrTWThp+U1ovToeoJrU0qVCKU+w4R/FnrFcTJzawxiavY4cU+5sxbN6gNoJYBSyQ34fLxTfafmu0lrKWUKTo+tion37m9Y4+mx40y0rTkMOv0vBwyK3L28JPCul/MPNCSZzqWAUsCdjYLFHI2qJWkUEy70zXXZeGxU9WYAumhHLKXhx9hZ9nUOjcTzshTRJrdrYzcSRfOByLGV6aOujKgC8rzSewXKaUbZFPX49aQjHOOqfdqR6GDD+X5VDpdZ/fsjij+m2mypJkAx7/+kJpaX1ZCFIm199kCbwUhWr+Ui5+QoeEF/SxlTGDyZc7C2EdjrSzZy/6sabG1Qn/NbS+0rly2yK7/jz6ur6hdvVF3NNm3S9MErXZ4fl77R1sGWoBUz66Yu9AgMxzIrWkKQYW1aS2WshfK8gnhXJIQXLnI1ZUzbMayrV77VPToIDW03Wcku+tvsZ9BxzTzbB4eMjg2ebu8wBPuvWoDNsO5jkXyQJvRP9iwtPLJ6HS+adO5UN0T6BanTPa0qJs/NY1j2cA9FX0tqtetKqBtFv2InHsWd9cvSPZcK7wpz3I+9ECH8L6Ny+djgjT3CmOJb27cEFdlqI18psNRY7dL87mh0NWSHE0rlUv+lDWfNjBOnu2lRM6f4R/PPDzP895tCF9oLWPyBRD401Oy/a0wyI0/qlifJ6SifmSy/dfkRPaxOkY7fRv7p5dHuS/fW+0AK8kMi5y8i1ch6B2o5OOXYnEvi6iDqMF29YW14vXHi3XiZUthkt1QNQhPgLN/RW0RK4+36QOSEW0W33WB4gKYReoArXfzDvxOXCj8U8lWR5xtsrFUOA6vDT5w2sKicmS6+J9LSziaW3gVSk0VX5XAXn2YXt6Oaj2mT5cDL+0ouzQku0T1zWzvgiTeQ+GBMNN/8ts5PSUo5ka4+X23fE9mrrBAf0enWgrhPDBCMlepgQ1g9bPu7NmrcDZ55rrDI5dWJ4hmVV+mSewW0j4AQeaGjiuJAKn9/yb9xiaKtKG/nRLnnk4HnPN6grF0t5MewgT0QyzOiddL+m7hRp+IV0qR+ppeELJF+5/zmSRksNR46VBlzrarZfA6NczNRRqvd4YQ5LPMuhMqGM1HXibPGd3ZZKYkAI8asDmkdhgkeUEOV7xrvyN9nxpg6K6+oNdhD8nNpHjLje5Aq53oOr4tF9SK+o7theBEtx4BcAIo+QiLOLDN/M3e6dLWJW292hPx9lom/JnoEOLoJefERI0WJRkx9+tWb58dDvDB0vJimFQGEBruBzQyhVJXBOUjDc+YLEybuigeAhXtaDt3WafSb9DzCw1Gxiwk6M2zGT0DszVyhsk2sHXUcB4HoTumIdAI9fVbD6MxK49wrjuTXLKNwkA6UiAW30pf93RG8oH89FwQzeHsHDVoiyf+HXL7YLZ5bqdZ37db3NhFyhd3AI4XgfKcrlfMgVAWMuWJjO59c857PnTwj51BWBSAHjawuD4BxeQLFuVTf4s475nOdB8PAyrqsx9HfqOscUsNvfhwYxyUiFWkolmVYqRyJZRyeOvWmBthfg1EwAEjPxtZqelh/Fe6gYF2Tat7Us6WRAWc56xL0t44W6AmVsOXZgD/wCOVzY7XNPvb2XGd06DsyLTbCvmfSa1elG1B0E/zxbPPGQfQqtRlR04I7lSWgMBvvJ3WmnPz44vLBRkTZ82tw0pSvxJkt1wft2ijiBxLHfDv05mptRxT2w4P21eFF6uOHWyHKTnzbJIlLmQfRLE37U51BnD1BASb9qyYOKbtvwliz7nFpJNQKcmN6B5ng3lCuIcAkN4qqXpyuHyPbBvnHeTyZx1PfjoQK2k4GqjOJ+NfNa6yRaGy/L7ICDm/UzVxVP+TUQTkGYiCIGEA0XFcrrq701qSmat86y/L32Wgm8L4ZseYlPGSxZf/pLkiyF1sUS3D/o6uE8gExxYkayUfEKcViyQ1wmK8oT3I/W7IpLYIiBD9cC/wX9c5PcjU/yYVnAXphfKfcQHat2W/BGzDptLGht30rf201D3JjYzFN8LRHG/SEqRFPK2BPt7Mzr33RkRr75R6df0S/NyJ0mluFVU/BhCG9WYYWCgo95l9FlAoQZZev8grNc+WFFY+ZfKmuV1NfCF6u64glCnWBoZiyztdANTtsTRAIxOylAsjThynL+Ez4sy0QpzwZ8Jfc/5oZiXmy12gOchh/++CtUe4ohnBrBZcK2dEVRBbVrtq2RfyXwTntrjzPxvfMCwfyMJc1DxZ9EE2QT4sT/HBucrKD/O5jZZ97CH/Te5rKPBk4gOgnqeXoiqy9Ge1PE5fbtYRb5Ovwhh5G8ak8glvUGjCV8ZIk9ZUpnpLebmC3wQoO7WR+Vr3Z3w470eXxskuvtTRBc0pHrS3+7JOaxpujIwYGzYQQZ+Hq5q6N3s6Xb1b/Qzy5LNU3jo2g22OInYAzxZSQNaFnAY38jz7Vvj2crYMsevu+f2bnbJwlTKEcX0yWVB2/Ll/V+/UpHJOUDxeHhuOWE592v2N+tNTuM0Gad3p1b1ubz6WD4C4fKwmgpkvBRJdpJz5EzTwva39JR2qKmPc867CABz9QYusr+hUTmAJrNJ9JUHNURL/rXOYsZuzvizqf3LiRB4frTWpO+TNQFHA79Qkt+H87OTeUU99D2E2NUxpmCTL8d5GTeCbzDU/PUUkx1Upr1tftNPRNHUNEv7ANPBqwtyn9+kQF7uvxFU9Eo6Vkkdcvd3UIQxwD4sABvItXxk7U4Ni12Mr6CSUMRhoHFeLLsMOqJUNBy0nWvvDrMhZPh5AIo9FoUXFAfew47n/NYR/z7j2M0idOdfSMwAr7PmoobiuBJeDU24PPIxgSi0UPs1RUY1gldvlLU1ODMinAp9XpYBZ/BiQw8E9hSRCSCKqAc5SXH7pGvUnpVVp60D22i4C7Xoboru72/GPw0GzDyipMKQpLgw64ZzMRJQmaxnBNaLI0ip3WfEQbV+0TBK0NcSBCPbRHhjuGY8f+ayDsh5w6vG3TWXZPySG2MyJzJAyBVlVtP1HabE+BtbsglpeBzBg7YEIiXOANxtj+MbKY5LusA4ltSJ6+hMAsQYe4Xx9ES6lCXER2Q2uvoJ1Zr8rTTGnbSJ5vrR/vqehlx5M5W4JAMRfxWBNrHFLjwdHsQVBzUw7gG5r8NCb7OtLP5Fro1Tn6PG4d76jmiZkSRYn8FzRVswxFv+/Uj11R4tllRKgox1rjE/sp18sGRcQ9b6yieDCB2gF1BHpCUh2yvAHCfsd1GExzoSC1Ajc/r+t1+JwQ/MdnCTlyglah3BJqgRAVpcpciFiEIti05Sram8Pchf49I+I1XtzbpR8gFI4CwvRyNoimgjY5BhlczfDQy5Uwoo5piIH/x2x3l7A6AsQFEteXMClKr4hNbmf3KqoaNdX/WxgvzRJfi8vk/w9AFIfEI8a/59sA8C46a8/IhttM6duWRFUf9Gyl9jmW3s2Uh0nThg2rWOqEIVMiHDnM7wsiP76m4oD1+vN/Xqt07nZb4iCyjJ3w53Zo8m+dJ5t27qE/+s0ymroStuIL5B/UqgMHXT/QhFfDhyOBeAvNORq5XgY1vLwwczEcG1KxJuGwUbP+iWnJEYRt2wmkwZE0j17xVaFxUK/Ys9NZf0gI0ClqpLERfyCfmYX3YUZ+VEMQjO6NAbi6jLlG7SnsVujhXZiilGXqm17VLJqg2ECHmHUB84qfku+pEGeBsu1aUrFNC1/HLOgDI4TxE6ThjueX4tguuA1b0EM8a2zS61gJ2MALzz3FAWp40Wum485NwnXvJ4+kgRKtC73KCaIhrdhcEfFiGWQSl107TdomP6rbHbKP1EPLSOs5ToxhdlfWSNgJfnO3IgKubf0W+A4kiCBCVDXD2JidMDEjWNKu6ddual+htB2SrNIXWTJR2WUniPyoaBgcT1/jl3rbGMNleOaCiXxdAuHZWKbW2XmQIXrcu7SE9UAT0lATEgYj+fg5iGwk4dvvp9/TEOhhuLgVAhwrrJ2Q78iaJ9QtLCbhlD1G52WU8tIzW/m9F0apWkjWk1hPH7dAAB/nHij3StMPmHZp62/YSV2xkr6RgoSI5jIJuC78FjhZoSgmlsBRGlgXy5JrspPmceHGbtwd3zOchEkro801eeCSLBNp7gx64a+qaA4nU49j7rWF0ZM8hwHab0tGAmj8d4Qs++34giatELzpG8/UetQOc5kt67zly5qtvNG02oMSP0ERL7zA4e9inzzgSwlkjtXqX0g4l+eJAS5xUTSIkZStk24herAqEkuhplKaT30osXGO5g8neZVn/dxnZPWby+Be8slFwvq7WqojbMdDNLQ1x5slkufpbBjOgUVtQDmV0eeT1q3erF8/vOrsiq6AQe/4wYyimwORJ9NCOug2S7THOSByAGo1aBS1ZH4Qx8jWZ0LF8kEDg+2DGe5msgzHBwiun3LLltO0ELPvUCQmNNoRXeHmrIy3eOb4BFL39dEp9WAcHms3yQcfxazYrc3E2l2l43RJWv74H+MDxJ4p04KxcEr2PTYhLRPwFVHDFz/90A/MjngRNjgzZ/7dD7UuBv/P/+zFW+31aWKpaxKqqvLNZSahqOqaGN+hyojF+jaRfTIBNh198RUX/S94lomyFSpwPlrmHUKaM4g3L96wEBWDNWw6ofSFJfnztwWJ19MCkNMwyW9Gsw5cu/DTJEVRD4DwdBtTSMMPyNvD6vPCMfEQsrLHeUq1eNtquePDm3T9BLXhVX1z7/Nj/gqPsw/Hgtflh0XrNwVtTNPZOy2EWJlD24WdgwR4t+6bX1o10vF9N7pLKW/JNJ/9YmQoqzmcb3NkPp376fIQKnlYxL/d7/axUhwKsgJ/ozXxc3yL7Yguozop/BWiPhE1P4edgGhhYCGvTFc15+g/bflK+5v68p0ROyN3tB46ztVmMt+7sd+ZUBssBmksNifyxm5z2kGKG5BdI1aONWPoEr4sgyj+l3gQ1WoqvI90zDpCbdKmrdd4aGHxSEjwyIEgTuNYJeomPOnMoyg738Jq0edAEWPm6pLnR0R0L48Um5PKWN3zQ/HuktwqN1Pdek5Ebp3aL3aaN7NHKrHy8/vUjJXVNBT+0OvWFYrrILiqz+sLmksBsbqolhEESjv0YMJJen9av1+Au4dNbVXID4MtA3TaUSuVPWhf/o5lveRn89e3RgxDQnjOwPqu7u9eSHF4JGb8EAIHFDG0MQc83e2ndHllEBveWdWlNM649AhNODeVnByP2SFqBr1+OjQ6wvdBHGEexy0kwNvYsE2YIaXwoLfyWEpD0HH4CD7cu4X78YifWg3Qwh8BANgrwm4WgIyxqc2VFmjKzfl0fNkum782vbeLFBYe5HvDzY7/rDi3uSiI68ra1mN5LyxCtILCyF/O29vFj7YD8wNGagFOnZ2StMNlQONJpxiOyxa5W0usOGcN76fp5gqCL8ZKhoYmuGjzgprMfEY/dnO6z77/gtzyjQ7NGZDhplTd8iRLangfVY2RbLuJAMuYZK3RNRaT/0KWKmV/FNfWitjHu60CJPQ+bJKZc7aNvjZRj61llCcYklsRkJM0lr8vqHVH6+2ZPol2lcv4Vg4aDLrTTS5iIh2QFWb2IFbNCzKUWGor7mFHqhKeZuq+jbiGNVc6rrRTXPwn93TO6NuvjnvJ0ekYrekqe74GhrS76Wew+G+6HIzOJvQMtWsCM4juiZZONxmFGYgKl4PM9v2Ha4/1TyXnzR7ZDqgykedSEyXduKlpJ5NTu+2Nh3CKN2/m6QticNgPVnfAC+vpfhgmEJUNhgubzN9V+NTvh8lBJ5kjrg9oVDzvv2AYm8WEFsEeYjcJjRYsMZ9i/7l1EYEw2Pa7xZNChXF6J+7jSN1DWA4Ow8qLbkYu5APsZ6zRJTBJPJhNhSYcA6aC8ZGL6aE1uR6vZZxYJZTY+y7yYkrUWMPE+ydKkd27ZWUzsXbzh/4ywkiKzx7HuIH5riSIazFEUxFOV4Nu1LQJBjIUDmXHLDX/BELmdiqnDAv2AOCym8bAfOoSmj0JDtoE77/tLAOQGoeXuvXVyFWdxHh5nVH2c3Q2dOnGa9uVKhu0bpVNmrlSsNRWDKzkpt80xra27EqDjHnBluIeNjM5zl5IQz03YjUxP8t3OUyaPO+LcLY/qZZNzdk05dINDby+QaMxqIu3Y+PjZ92nTF1lncviyjJmtqsWI7EJw1Cbi4tT2K7nu0DO1Cim7Ptd8gkq8DHibsxrGNFDpd/Uz09REAgUMYmaVO4kvDvApMPVkWGjSJhvR73P137qxoXMNosZ0XmI1c+9Bhlo8yIPc16oJJty/rYlRaqFRwsKfMnG/jEvJwaqx4YRr9yupTsNaNMU/QRiQzmUvBVIJNp0tuSBm3u9XDwhNano7wxl7kG6svK0YtDFGik3Xb8YTbWpZvlT+vgbqtgDIpXVT59JK3xo1vDSvHgEBIOTEZIfnb5hl70WBV8pFf0j2UgEw1Ir1NrOa5ikqo01CNOWDpH5/iCUfcPOyzJuvLUtgLVIqln9r73TlE1sefb0yaieC3B4EIZtb9C6vCfOF9JeN4iy+/RKCnlHz2iYAUK/QeVhgzd1yh2TFk6ocz4vGJKrIpMJLXnDmNipOzWIrUJQeWaJyP0pLrIFJgwt6TQS79qZnRM9JtlSbA/ngMQkLbjz3ObYtnZxfeJ6pc+bR4VZpdiFI/X2lftgdB7lCE4OoW9iI85vg+ZTFWZHYXkviBkq9uSUwNjoyFliRpVXfhXQYn5khX6izs8dqGGQQT0/HntGyrxPojy8ioX0KZjm5XgULflY81TYVfSQ2KSD1095T9GanzI253LHlf7YTvx2IeReANl3YUT7OIMlLRvrT6V4En1HmrCxXyT8TW4q9A4g9vmJJmf6FaAu8k9srlyoy5SbHjeIqt73z/+oe2rGvQGcb7CoePRDNc332n2nbLH8R8ZxBlia9bVcETF65cA+o0oeY1liUvP9qo3yLxUWwg0Y8+ZVMT5iyiO9H0wpnFLzwK/xBYYu3b+BzRLQYQ4PKKzr14j5cbC5DKb3svPUTFR5y/Pcv+t1AmWnWjIpx7cpkhp85bJLm7pdmrolwWoa07teiqH/GA/MBJ3vgzDA856XfTrilWG8xmjoefHWHOHMRNxLH9q9Z79krhu9bVLj5HlOaeWxV1+0hZMgxFudJjRo/yIuYjtL0mX4e94jj3mpVvDnInUpRibQtup7GQegpEfC2KwinivZAqrQaCn+EUnCBqRRsi8OQbhaVwQazKvUAeFPKJWC2veVWiGIOsClxMJyXdzp4MILHsvb+bKm+0drN5+JI5gpuBixIJqsR6G2QXtVS/uiGCPvwkFZoxI+MR1aaoS+UwLdOhFhh8EZ5NqoKyqYtCOszCME7hOZzENqQZQDH/9YWXK0aOONYkSz9fdcBpjnFfVe641rSaQl7DxbqEcEdGyuVySCNFgUxS8gfYrTQOgI1PtIZshTMdNWYg3BA9r3ELIBvreYnGg78re7w1SZnVhGXlyzrVPpLocE2scMikJO83blbBpmQn1KqL4Q1LUSnMBwbl+xlR7KlQySrGmtGhQRJHOoPqb83MS7KSin8zfIQJFaIkKUdZDpQ6ZDVa6C6XUqbaiJs8C3pzf01bIkgkRRAyLevd0ImNFxf0sxXx7H1/uS2B10vCikF1OGFKr9UKl/e865ggn2+Y9zWNsgOC0E3wIR8Y/ivY5D1MYwutEplfC7NVpLepeQMdvAn/a1OZTkM8M7Pp5nJgbmVgeRGFgPs3mbtLXyf7PqU3Kf23wZC/2P6UgbCubsankiuKTF4S/VlmThlEFf2mY108T1t2OM9LlAxjwNvtPlhAX37m6vejJIytrLvQ2fQTwZSvHWRW6p9yUmbaI2oz22huL1NUOugABVO4kDGl6LdMFN+hmCeGOGa/e0/Oly7jTnTNykqldMtKXNRdTGpG8WFtaymajTk2+icSARYI/A3xUM669UZHZ7Ep4eWK/IydxBV6YOnmOaTs/SIB0j5EAR90s1OO/Zc2WhDUZiPIcU9gXEsebZulLRFvbp+cZyvrvc4W662VWOp9bDBhaa0Z0nqBnrRCxIi5fss2M7WrFhqrCqHAQ2Fl9FNeDEBnqeQ4A7CxoV9qKbr45WSVp0JMdlo5hNoSJV0ho+nTOfLJ4MlMybq58esPM4bDPMocZv5eikWxdHOVTtTfu2GzncofoJ6iJIwDf/1P0KH4vRZ+ecqb9fXQZLx+vfdbLPQ+n6EoKIlXSZzNlIX3XIwBSVFK3PV1hXG1eFvlruhK8fJEOqqz/MdBj2fSkmEvXDsYgyKxlp3dJT/nHFk1ZQOavesWoswqmdx/+ofiq+UHWSmjGK/gMPIXlMTH6uiFCGzh32biEE761frpWdbdDnXHP2ujy4po3JX+JLDa3D499Co/daCENBqmCE6qr0BiXOVnC8U37p6TFinDDjGDJUlNGigBVEW/UuUK5A8UG6P5n2Y4CtY3L4I2AzBO/ebn3rsknV2elS8ufk8G6y/oSqgUoY0/hG8it01GYu8kLWwXD8AevsPUUeKtsqpsIe0aof/jurFmHOc4bSmXovxRN9UY1owWjhpnVu1vfH/f7kGtuXqaPonYaBQcBSGlWG5kN57heHbgG2tOKgUf2iF2F5+6K4HNXKqK65NGGUukROW/JatdNu6MRma0QhQZSvR/uTmUhHWsPgrv8VZH/VeYtB4kFooXUqPN38py6WR1P59EX3SaS06q1XMKiye0iggPCXu8TSxOl4fytiIMz+U51GHozAmDIFyTbaqPzSkl+B6y6oi8fqJHra7Fjv7eC77grLthbpEKXxVjiza8n6uQ4885t5G9zDrawgnCvFsdvzEkLY876/3IV2zaEzvLaVoT9aY7SAZ300U5P754EKfu9rvS1FqZQ5Ali8iUHoJeBnVWOvRa1dHxdQU2VS+9UJ9WBeFYKDU2tVhgJPncDXv6hniJNZujRUKcazdCE3KHguLTKPMC8m39rgBgCQQf9elVPVhhN2473Qiv/5YgsWg4rm0/Wb6osXUSCJop5cvvCs+Qovn1cyG2bsrArmoqHzTPrxZKOdmeo7GmMfzM828htd/vzxW/3ogGauf6Fpb3iFavpPIzYC2/Cau0VLwMFA5kLenSgD8U3uLBmuDpjIvZu78QdQqHjsC3nnpiPPl0FKzyMovTVVIlwut+JBlD8qk157DpZx8FQe7NWTg5Yn8vw/X3cdwNbm8HKbUSYqkqcbWgoqL0Wtfpp8nrQn55j8JUHP2JX+gBXwia+WWZtDcsf0fGgIDv6NUv+kNPJkKjj8m94BIjy8gzGRNqEd/zDktqzg37JrXzEysT1WzHfhutJZKN9NHkCd+AOPxrVt166s53nrP/ytPFRX2QBY28q+UrEUhQ+voKhdWGwC2rddkEV1LfgAqttfzqMC5fbHbEVWAZcjfrjst3IaLSMzFqpZ/NK4JNLAsrO3JzZzLxdQrRw2BEL7h2ULnxiHmhatFEIrlUw5nusZYADpJGSE4uK89v7O3GLvVNuJxDm9CiiFv96COhtDq/1psPu4Gr0Q9pDZDXZQr1JkpuUYFOxKduXjCzgxEKf8kzfA4v3FPIvynSjGvcZHksl5U4EZ52wqRzoQiRR62obAVRgQti5Ad+H0kNBEz8Aso5sWCDRxV9e9oHYyeGpgyLejAk/OtDdX5x5l0OevV7GcwTCCeTz4pezgubA0hJCFhAh4BTeA13h6PktAexpgKXS72xCaNmaatXh9/oQgSPu2HouGUEkcKrcka5OCu++xxQcdM6sJegGnDFSDezLaLEScnw/U2IefHFxxPVFpYSZ5qZp5oZ4obLQyAX5CuP8L59vAxAA0X3VGYVmXXbCQCwkjQLVnFSNm5ob36eoD/076CugcVo43cfz1ixoQ+mMurdMV9aw/jD6sVyvqbyFxOArrn3SfK7WahJ69wYfSFh0lkZfH1X5JG9WBO+KQQNCbkOIx6vRT+Sxq+A+TG7Um7PjLUqJAy/fmCo/4TWL0nCs8VEz8YBLgxBJgwhKf4nCbdOM/iWR2WKmWRF1NsRZIgmJOVGHcx18kxE6pmRwzYt6ktGlDdO51vhjFDDwrCnJBgtVehG03Ne9RoABL7RPnS3okB+q1FQ3WFMmNNVf+UByRtN9XXzJFF7S7bt/UMFXADW5RznJ+sPU8ziwt+Y6tOUHKz90prEnA7oYR5vTlVER8qt+JGsv1kmr9SwA/WphFX+TwVq8y+s7pHIcxenSHVBn1zo6YWaU1/xly9t42ODSj8tvDYmLX8enc3HjnljpN6Kxo7t81DeV4p7PcMUjOhUzBRLRCx915Rp2ggqxNoj1OzvzKjndG2ZUgZsaBNpFEdCv8YwAjEWXFn7c7QD7v4AGHpvJ4zNUwmShQmN111wrpEKtTMdmJDVo8lNEjUgv49fqW5gASd/AwehykDGkS1O/A3rmAF0aO0HACXG4evo0XKjohz4mhvetoR5t3076f3KPZFQEa9tsHIqXAX60eRP4fkKHIc24v/mihafRAWsveV2SVrA+BkCJrzIEHDqjo7SuA8cZzexpWCENH81xYv2ZU0gE9PWyJTfGNA1NgOqKSxOqJ5IsbaAfEW7bRTgLJbvN44IzwbXDvsXhULaewvvFbXeQI63+gCKXdU34+TXUAFvV87fwjPvDnv+JbqnxGsFjFjmE2efuzAvRIPVTxg474CGSVcarMpUIltpKqE79IHDuAR1m1nj3LWL6FrybO/0tyM+XQXMQ56/pGH0OulXBcSQdkpYtBHq9Y8lURWkql92JKLBP4T59Guaid/MPePJDvXqSb50zuMgRsi+F4C12oxSIU1wncIMY5qiztq/vj2HQg+thUgulMbRbNxq3xHcjB3gYrs3DEH44QrFOzQB+M8lWTnNCQ9YrbI6uH+jqvSJjGH44m8tznvzAuwsJcWkNNN1PDD4+JKnTRpDyFXRY8zsOTXWwLGou3J8YZEQNTi7aINqvH6OnbcCsqvAhAHdQW30gWfr2crNiHwo32aRN4OTv9C2fHbEpzBlBG3rghLmRutRsVulQ5muvV+fYRNKDTlvcQYFuHK1U1bRrdBBBfrhfNZQY8c2ePG7tyTSYT7XVn4ddMmVExV+9Ry3lCrXkTCQ5b5iiL9rN7SpcuahRosgcv+kfJYhiuT6/F9L/fozH/bEH1Acw2QAQCpj2m5hBD7d//jdD96JUdgIeZhDqOVkXRtfQhkOVIaICGLNFfdzGfwUPAOUL4lRKqqbQfuvtWZKF+ccKD0QiKKsx1+4/DKyeXb02EDdnuSW92Ktdph0dcOemyz0h/i6OdSN58UTLVkHtXd4xXTdHAmOBpYweIvVCsVR8rdfzvi7PeM48CdDk9e8GgJ9PnaZZgVBtjW84OUJHoBT5RYj0ffOdce0jpiitvIPXL1x9TQfBIbbzmtS9kEBsaIIsxiglewDFAT9Mx+PmB7GMDmvCl2VZ34yKsMRsEluyPjA6CUEGTdi2YoX7vQwW/KTu9ZvhPkXjQoJAGASEd08dc1Yx6ybfEGPyOqwCt1cvsu06vk0JFUAw1TXFE8NN/zKOLKoYrd/CdluAZAj9BaKkhB8YZ2RhcaaRJ5JZSRpaRM7XPhEvoDys+EC+1cd/MJN6EvKZdVPBH2jvD6ZMQGOVmWdC04Fuf6yfTU9MRBsdqKGqIgxJo/UaTKyNq5susHBv357FBoAjxdCfm0pRd/fDtKtE79P8UI3P3VeyV++LV07582kPF/EiLRSdNWLsmHOMJyeZI+uGmFiLczA/0S1v+WpnwDKx1UZYnL+r/LzImdxJLtdJKcS89l5upoVkDY0/S1IL5u2FdXEb8qE5jj7lgE4QusFoXTAnQ5ZheOpgM14gbZ06lhcSBDDUoAFsWlkyejr/BnZuTZ784/8SNjmgT0uldEt/XJ+s7X+SNk62I6klyb2MdQfu13wzxSRE1Z/zsQjwmRyfE5/TJaWqLL56ow8ahiWbROFbMascmzD2hCaINXgRPepwy/OCxQIjZELR90/WJvE9PFFJk1ioq1OwvcZ6n9UcSZrlCAOW8r0GGJOuvnEuC9pqPn46+cB3B694926Uuypy3ZemD8bstzkx3xrywdCt7Rn8QqbpczT2gL4p0i0bQQdCaADNsl+kQn9FEwuRrd6QA+P+wmcQbK8qv/cBxBtQQJxexBUqR/UMQHNppP354sMmVQe7hdmDKjsZwzFtlqpxKyDyA2FyZb/K8F+cMG651v+vY7l4M4SfVEzx6li9q5EE3BPTy6cerjs4IlrQzJT1RTIQlv5QmdNvg/39jeBmn418bJzGUA8llZXnpTkh4XBtOV59UE7hK2fQ8ukmbCiFym3E9e1UlnTHxLV+jcEjK/XAaEin+Vf89mJ6/AwWvv+h79m4mr6k0s16RYCYbdO6Uz2hvp1nuA/MsG3eS1168XXtuEy64FsT/LzL0rqucJjxt46apUtVvMr+Y6g9DlAig+EtgQMJ0YIZpWhOq4PAFP6y1HHyftqzhuZGzR6ykziJIPUCj+dyU1B9jxrdr0/9G1LeOdwDXKmWCVPrTUSYAdxoju3akkSwkyJNObYTo9wVZ2Q+t2M49ynGrucP26T7xLpxEb/rwoNpAh2r8OPEA9G+dHbTtf233hUh5nTChdV2AFnWYV40I4c8skHS/96Z4g76e//+//BHYS06GimwrLw+zT1JYHFNP2eNvPoQxEjKhnd1v49q0fxS4A5IunoMN80hXt77JWECZfIv/yTWy6/d6UsENiR9hwb1K+Sudwa5KIkovvfL3aoVAstsOs+YKgnVGdTP4bkuKoXN8M81YM5piqbajOsJYlUztwmwuL8XG2uXXuqroU+w6YiLlDr4oNjgZSmIaHLGBZuttx6yN9xMO35uf01WC4pWgfJvXiZWZuEZODJsgCKdpktYPR6T+3m6jSAcSm6WNikazlUJnqAK2ks1WsXsvPtpqDGTkC67sbLy07GJMBt7V6SqFNUa/K06H8xNiU0Mx36Yg1kHoZKZdAab2bYzx9X3IXAKIrx8+RV9cfNeJXjovClcxRjqs1MIbIF2jERnSSfeub+yar8Mn0HLdM36A5rfIOVUod+gROp6s848rMDqQTthqv9+W/KKJ39jS8iE1hn73pVboHr6xebfLE+VmvCGqW5PStoSwO02ZMRy7obKn/1vbMEYhKt7xbaF6SfHvB2u24PBrC0GlYw85oihepJAeDv3w1zVqtPMY9bQWj8miVpVklbT1skmkn/oqRMIfgyNNfyCQkKI+laZjfPF4bIborNlcw7vw9MrAGcvtILKFf5LQxv2VoYrUElWh1dl9VSf8TuvCo/9/tbJYyQxTo4ugrX6xaTCTQT6FgEZcnw+xKLzfjQqzSAhc+450bE8oC1n0v3AgYwicJVQSgm8Ucjjq9j2kXwxJx25PCOaMEJBZh/lGzMJ8pqAXEI79Mmwv690vewBEgthSdKy+exeIIZHtVE+Yf5nCryXSekSWMUj+U9CbMqraPkHzI04rCIl+NGYTmDoQj05W6LQwOL+zTPkxs4AtTuy6Jn50WtnBciOmOCM5hKhvUZKuzFAOPyyyWVgfvkhak4q9I72fKyLJuZ+yEwvk+qrxcQ1BSceaD6469AU6oJuPqFCqMm1viHH5C+r6ayKeWSYZOvF+kla+hz0fHy+ouRPji6GBTuIzYdyOFV5vFXs9sHHmcwd8JWntjc6RzKJsFkwiF8Mzeb9lYAOq2w+8mgdW57IjoFxbC3PTaJPVtHr59WLaMhsYkjDx1UgI3Sf8lOKo3/FgvV+wT167o7vGUFNI+Lbl5+mkOADDneBoXXRZoUAkgw1Fd3zG+qx3MKXsFtNOY1JljgfsGU1VcWw6fxZ13fnKWJcSZf3nsgY9U/wVtd4OPpzcMM1B8WCrO/HzjBElC5lgLIBuJLW3AJw5xqDhgFtbKBS+70YtYqbIbCLr2PKQHLI2Bh+0JOMNbSJEGQISp+lcTkCSe8PGcoQc3VjvkG1pB5iNi1VuaN2zyzTrRVatE3AJqNs5z4jhaUKDzLehwHgVPK5X+DsxkBEhynXoqz/HI3ta++zkuxGQ/zEgSg+IVTvWlrqMDYtOINLRfGG/gqVl/2FddacTU96yc7yjRzxL7zYmkD+C0e/37ogViItFVl9o1n03PZ5KCrrzd9/Y7Brm0e4oeL1abupL24ThhhuenfoGOPwQTe0OmCDBLqe4oX2V+rIax/WsaCOaBI8Mp/HcHk9VE5KLVH5G/6HaOtX1GRXiPxJaRkaRQvWmbog+IWxaDgNArOUou3XVesiRK0aKfqNpEOIWeF67Ucc/jkRERROYA+J0vn2Fo0j91Yz/SwetGkz290pwyB6+eax4s88Pi5AzcaWHx6Soy1c83oN+DPYtmh/OYcP1X4Jf4aNz3Pb7ymNWDIUobApEBO2uHzzP6Rc+Z7sLxnUZAM7kEGCGfMrzXz+GmwuZtHqXQVWquztHch/LfCiQ9bGPiWJfDnglhJ3xMB4NIAVAMashrZTHZP4CZl0LF6eK1VBEHbl63p1SAutJKJM+quxK3n9WyyaWBBD9VrU482PK+XsTWTMaCZ09g+7uiSE387ml04gmol+V8LDhrxFYkFbfhX2frCLgoD+yUzekEabMtCaPEp507anjmtUfq5BwqUZfc66X0ByNaL619mvLXUDSkYu7F7lPLf/XtexeoVR7tBPt+89pIwx4e+8mVu+HTER6yraG1Y4/VsSjTw5PUAgTr04PAjdPw5Cy69p0SiZWVPb3QmeMk2APjsOJXQlFDgO8cBE29GjeztXDMBpFpMdiALsQuMjt7Tt3eNIlcL30+djJS2c71hgEDXgcgidd6Ln+HP6MjwphiwMdnuwKGzNC+aDDkK+j9f5EMIMX6xme0hi+X9MHgvkxVEMf2760JucEU830o4M2OBaY78IeDu0vY8dKIpknsMqQxeZDul5V0mNEgRUXLiZShXhFKizoiKCaeOt/Q1sCDzbDuWshSg4VV5QP5gpo8cl5p9uQoc54vj2Wv2ccGkSVfF6rxQpLgof63HDQKL/CgvFLxTfrXaIMT34xsShX9t37SQlqUQYYUctsIL78PTdH7rk6y0lVjoGe2MphUm+HmhJ6o+j/O8vY5y7GV2pf4tSq+lmc7MuRYr9+JfaOMLPc8pGar5lY7VtSNZ9jko+pb9UOa1TEtSP5HNVPI7tLPko46jBW1Fg37A6fbS9mp1No3DjYyVBOu88SC07KUPTixCM7Uz0cxX3D6rDgtk4742t2G/PsCQ15YuyTCMFb6GSl6BymmwrPP+9dVXxlGTa/LSzlDTugKU6bWqSu8U9tkBvLtyD0P1i+JBj8ae59Va+AKFkkBJhwX3jAV/v6jWJkB6rEfNBxwVZ8fsqesWqN8bQk+n25me0y5ckV2dE3TCEG+C44Y/iZIpqUu+Yk4elAORAgo7zXzXkkisLFH8e7ulowvMm4f6wnVqmYUUVK64CTQUwWLybtcpKTenVpN2xYLS/sllGb6dShOBjBOUCzEoOgqS1N//7qfAVwwTpBrT4mKeN/oRdrIhx/Jj7Me2o83tKL1foRE1OsRgkgEtRS3qATet+xc8mVj/dH0CRCzRPRL5R7kMF8CELOu9G79kpOeWv91zCnwPNc8nQRQhlkfMOHtQKlsDl0At4cppoCJcMsfRoS2r+NnacxP4tKF24b17ou9Hlr6uBCOqeB9x7IIhUKIe3cMpw/rA7PR9XX/sScIChOvHfoS6vyLkYzPrSQPKvkVg//4famtgdDwFghsO5WcnHvDYGCFO6Xy97/kJ+AdUiXH5+vvO9WGhxhCUhkRpnpF9CMB+0pWwDBWdTVFXhJzCBUFoAcz/slX8IjyrNE0lvfkBL839V3gEmLOng669RREs/li29n7eyhpsuWoveGhPS34juriGgiNBvuYm1x6NOj5jlsXr7OU6y6oZ4eJUOvG7/rYfeqT4kPjDn/BrvMbKyhcoYaDRVBySG/kdR113efWZzlX4RgVsjh36xDn/k1WIpQcuXgxIaR4+TbnrI+1nae6/6MRWSifItIt6v9u/a+/XCdLx5TPFCND4nETIe6xiiz/TFo+G+V0v4EKjwPX+sJJAfp6pdVLVR5OETL+rVESfUqTieQn/OvfesACrI9V+Em/5MBpiFerMhT6VfqjBIab9fecSLtqbVTz1H8N3bvj7ahhSLGAV5p9i4GMx45U2BNT+36Dx6jKw+5e9CbLWw0O7Cl62QsOjvLPnh2NY81mra+i8LycgygtBar/nr+ijB5Q1EH+7P3jbBu4YpkLdhw+aFmoO2oDVMMQnyVhLG0eGalf90/IeQee96LldQenISdMH1R70WTgzADDwJjKlJNPcTqeEgL69HuTNxnr8BbxvJCH60Qc9bRQ8aPtGMtHF1xjrbRC+VCSHb45PvWRf0MLvRoUJW2cTdQSpRKSr/jqcd6VEcZNMr517JWhBhc9ddwMtu2KlajvGI35cGrmx3szFtNLvn/+AWWSYLviiQQGpqEj0XQMoneC2rgttgwYb4gOjaq6My+iWW6QhJa1Yr4q8kIeDhGpiKuvQ4dPTNDttFAl/Wi87RGXCCxHZ+RGTwlitfmQ+7cS6fViRE8CwzNde5KxfWQElW5wZ5f5yxxp6T0HOeA2HADyHfLnSXcHHConiSKaxCb+/Lgf68rYCyryIHrmRNjM5p+4guDUJ/Ovl/ycftp7OR5zJHaHuCsEneeAXW5Yv6LvNoN5/myZ3uEuTVBFEGC+DNFqbKf3boxsbQ6oHP14i1AX+tyFqD6Rx98hfDP5COfldrFqYx8fA+HWB1PC77OkLKklCFliuwemqD09JCF1p4V14xqLoiW/QuiJmPtXpmp+QfsTExfWdmIrPNDlXqnT7OozPD2ejA4+C+u93UDg2kMSxBL6WhuLa9wFMBro4AFaH7UjO7HQimNJAC8ax0DWeiPAIL9eRIM/PrWT+RvCv4ovXv9AoBeuKzv6QOh7qBEt1Vq41tbL6NYz9ie0HggnXEpntt2NA+P2axPbusFCdOEw3TYGKhVVC3mhw36hQfeQaORv4/pNmXHmmzPX4rljzsqmGfyWoP5Ry+ODSMLu/dHxzlX+jdw6uPnaBRlKoBfx1COqpqr9qkjgCHzn+7YkkgPOD2360ka4gZ47YzRDhA7NnnT+uMzAPcU/GM11CNM1tAazhMWv2NF11IjqPW2oaM2ZJf4PlTlV/ScsrjX101+N837D0dwkEg9b01tQIZM54hFGelRA86kLoO+Iz/jL6GLAh4g1Aj+LhDtEgedx78afNB/q3dp5nk4ZWU15paWc/+Qcy+EqBYwLxQQ36T4LSpJqHlc7otds9KUqiaNnmeK/LkB0vuZv4kwKyNW7V/G8ml1UUGT9z9nlk3bRTTi+7YbEsDPfLHAD46xhMSmMev9gsPXskJGttw6dq6vowkhoCO8VomNhN4RT7I6XvEAz+SlcxM3nbS0aLT80kSOL7J2942ICtIQT9d/3KSaFU/xZhUuv2G/WXgvMd2NCTd9eaoPGi4lcGzCU2eDNDlsmYesCK9uOIfhqcU8zsFMEILtH26R8rZoRHio9EauAEmvtqOPDHWVxSwl/2njfPcVckb3H86fudnR6YsQFmEq/PXxWZb6u1XlVLHCSeYEcTOVLD5P2ZzzzxZMzU5ouvmhFbiqT6ACKyI4IYfNQkZIMVnDIS5SMMAYy5QXUYpyiuG/Fcy0g+1ueR82e+h55TzfZslmmPEiPcwiza5XutQ2bRYnAlMImgUN+4raA73jk21te3RP9dqpa46DId6iXEnzhshjzTmyYlyLPYsZFNoR7TcBoezUYvLKutBEM/8BUFdKOmH3HVCPBhJscIqfqen+KeyGmcEh+GFMnxtgdymg99WxFZocUwdCAY9H713u3HWWBzzmHrtTY0UBOAXyt7u11Ns5v+yVyRajslPbWNfNXUgUHBjajc0JMevxLCuIJKtMJevVghYKXHWUHTwvDOL7Zy54uXAWgVO+8gspZDJRKwkkUUPFiQHEwryEeWyeMJmDZD7itePi2BpkDhEOioBhiVEDGX1vXSud8o52bvgwaALuqlufpNliqIH7m9NHg/Odr44RwZBsk+RqHCz7RcZIbPdL76Siv9TWl7wf7SL/gCkki0an80iCu0r8RAxfZnpv8x9V7LkWrRlujXnMfbgU3gEe8Tb9/w3pO4r2+Wap8bXRFVJSEJYdaac4wxHcfnLR3yoPdAvxjchvn9CaLjuevBryX+2FNtfD6SygL68FfyK9B3rUyyp2fPh2TArxYU17HfxcN0KSQ8fEtb7rs7daGTcUnGZC49q88XxeYSpEKUPwLmjmtxGSc+yqwIrzbSD/rLsXD47QSD/pHMDV2a7b2oL6t2lv/h0QUanQL4r1pLzwgN81DNipfk8WswuW3kyaMxa2VtXpf5JRw8zZSU0yb5rnemi33wmvo6L00HtwBt2V5De0wRWhOocrwpQYvjJYehBRIhIXvM07XNNC09hdKwhtlpWReWL99104P3neTMbCESYx+t6iavX/b5nhT9rUf1UtoBrr8J0mRgeJY3FvwSE5DyGklJoUnYiV7awhiqw9k5FsJ/vSLgf851CM0BfU2fsciyk//Vlk0Ble/aUZcsT6V8TOvOTH3HZSw9T2z5KYJUq8SDPy1rO3pXWb+A9SkuUHrBg1q85J+ixhA50R5Eh+fhupl3cQ5FDVKtkgdBPwlxkZ/D1lhzj8Vu70thS6Mvigw4q3mpSL98I1o0gQuqVilKB10PY7pJDyY7VPI9HLqBu9pL3SZw+w4yQd9L+LcgOj8F9bfq1Pzm6/A2v/bzMlxRtE5CJtulGrnLibSaHwk+LJcqi3b6ZVpAU9sr0VEkp5Lz4liCAB4T/NAEGzXCokMnwAvStMxz7KHmLLP9i2GnNaQwhTqQ2FVK/0W6il050G5/kGpG+JVXfBc5V7Ta0sHNB3XPw5D2Jh52TjzWxbmJkW4mbpvrjS+7UvfcN+1eF1oiKMXwN7AzOtXEFQyc21kvr9X2+zIuug6JeGaMwfLdQqRaBPRf/ysmTIcn1K88Kfgb+oXvk/wdwyL+FReWt4V5pse6XNkVjpPJk8kM35hV8aCH5DS+UdsjPAYkpMkDGZabK9IOz+mD5ud1wqkjCryv0cvWzg1Resz0V6lUBHcOI3w/U8hiEtV6lut9m2qrKQP5SG5KPHlBih0rA7UC/gkKB5aUlyJF1SOWfS056SbOqoXEQ42LKfIybGETpcScM1BwttKbkJIbW3Zjo8x+c5ECFJ53SFChkvq5h9PpfeugloPhPxAq05aPWN5105+yavxaw2YdiJHBop9KOAKKnbOn0NTEBofzfuH4rwyUQ1AWstkF5Qv4ay5+d4RUqt1QkYS2Xt9Dzh91FoR4Yr6izShArLbUm9r7AoCxhj4F6n63IvoljLnx4LWCPkyUCOW6nb3Xl58i6Lvq0ocXqJ5f9hhqgC4n0wx9VnVHVsVCLds3Rb7A7CDh+KbP6QgRk+tmelIL6LFQTw4z14kQfTVvzbtUSey5Ku0j9f0NsCWW4YNKth+DOMOiUcKN9Bl5uvxrJfYjmpiEvRGjdH7fSaXXupl4S78E/7d/Rhw+9CDGq1Gu7IbmTyesacnnhvNDOIyjDLRuu6cjh8lTjfqDuSL3PT59uRE4vfp4NF42WHnaGP3wA9SJzWh2/Myyd9ELctlOthiB0FrkQ054js+kJcbf+Q8e7jFUOJ7AbscxvRiB5ulienb4+/DU5sZ8j+J0AjC+uJhfxKAjsW5cpqn3VYlINsiWKtyU+aXWkSjm2939jSjWVoFGT7PeikMyWev+GSEhkHayeiC+4qmUIk4H0tqjnoTjftxJzZ7PoV5pxn/nBV3RVaoFLQYecd4jEF/+JBHaCrRmmtcSVSUjdy865ww/s2Klbls1rx/a1CT9hoHWDwmupT+zWKN05MPph1s9vLwBCCWSX1FoKHjx2lzu940+FWT2Jb4MQYfSlXHwBFBslb3H/yA+6sOQ7lVee9n9T+qeW8n4VJbuWBW4Kn7OrhN4nMhjc4OJGLYvWUXQQWeYB8CYdG9Nu+3rhKRqDar64WP7XRAz3rcCTZUMh+suAthuGaaU8fKfSKNJEOj8KwC/2v3DYo7Ds0aURkU8Dw7IMwXmpfCFgzNbBvd+VsW7x2xpr5MWxqhflhxJ2YXLUMTijaC5K6QZ3QhqI9qfmgn9YgGLZJAC/w2K36rTtSbOmbJhdUvV8LpFdupVXrIxSnlFyguRRHPYJNzPjwk1cNGeoOG50g4uVf114z+OYVdgsGGkyv7r652mSrvAZVKKSv3t1P6Onss53dr+4Ee7VZ+NrfSVUfzyFFxMzoyD5qQjoYi5kNrhcjLfPrKA3vg1h5DmIjyuUZS+TaXtLzl95qxkksMAuDRPhEpGkoRJSfyzE3Y3ZxAyliuE+qsqFU7e5MTu0r4v0u/AwnARLOxanuHUukMCQa8VQZObSV+9n/MdNCxzG+Kc8SVwSUjorad224omPcxiShU1C+bRV2uR606cSP5gHBWoH5wa56wYyvUPRV2AoIE+ROx3oSd85bBBTXkZWG8vNbzRyylvOdmIrIuh2BLGIwmevu8SqdtaIi3JyfNn/fsEoBePACWKNftfD6j5UKWzO/5ZSUxSlAiqJ7CTrOg7ColYISxWCOUfEdnNoZeOPjq9Iplmr4APk01jmHx35LTrMWJ3szMQGHNbcrpHzSdXZU+JTxZIHmu80smIwl0WMJLX08X6WsrRamxVl9HnF/idNZsJuEU1Zp3lWq9cKGRlV7eYUtCfYJWP5dVKw/+pBKDOmJe0wcnEXw6DyzWbc9Z5ZpSGCqrZfHM0qeqYpYOYufdRaaU/ImeH6tNdHP3Z58TN+TQiq+dzdi5qU+JtK1rdpttX/NOwYTajfmBEiGBlOZVe17tPQzxYgpquuHX+/cWXTPB14cHP7P5VwPW9gAbJJid4iuL8QsZ4mdBAZHeZ7SnyPS2xXEi6I3+1hP8irfwYIUhA4C/IWLdJlYXqi7GRARZfNvpdztOifzx0YMTH31gpIgdGK0SKw5B8AZ2hnwGniuL9wt18ru+/kVwCXzss1VU1vHzbu9jdn637zI0UBv/AZCIxOc0EP/jeOLg3u72pBN3FhL5ey80/c19gKm35spkcqcf9+AyHMZfOZTQbC00k3NsXAYtHHybNZB1T5UD8HaoyRpk34TW8YHkuXy4H7xE0zGB0QuLju5m8Dj7hzaXyrkoVdeXgF+/ma9LXO/jWxkuMI84X9qUzmfOQ9soV8IQGX10p6ZGHrzxKTpjzEA1nPw/H4LBaR2uqhUhvFyMahgVKUOLXZZbXG2GDjKfHGH7tf7WFd0UsTSee3SAR96Vj+mBpBt0IHLNK/lkpQ1sLs+ScEc++u+qllk1Ffjz6a0X97BnDCB59leY7UBKytX3W1ZnV7vNIL2MJtVPAqCM8stIlTk8HTQ41MAw9nr+dsmaXsF34FgMMzjhPPQhW0HKw2ktOvA4GVyDz5uTiT0hoXDymytOs69kRWxWn0sATswWzp4ts/ysS0oiZAm7mZmWb7zzltxkDZ3q5LttGUpens4mMVZKV0LCEH6wy4iWzetC/cb28l17XvhoV7a5P16kZaS6jeWsqyYXKG2XKZbAP/L44GKtL/E/VQzaJfh6rR8s+gPtejJLYBjLJqpo2EjUrw7EMfsOza55EJ0NTJPGUqROU94zG38n949okVqilYtjnj6y++5DJTuQlPc9043t+9Z4M+iQwMDJ/JZpPbK5D0jXUfiiOi15HS1m0xNQ90YcZ+C1IxR/hdaxItXbGiB7QLvKr6SSgrwqL3Yy+jq3DndD7ET0bvA67+/Fo9+JRNI2h2tWBLMimuRLJmELIRcC+Zmg+fIoBkUL2VMiVHqxvm8P4RwxYPO9MwE/bIEL7wWNifuAsUZsG7RmqSpg+vxCkLV3IQoCc8TaXj49J6sNtI53E7/E1ycTX85knLYhdDom2nP8S4RR2+Rvh3hI32elHLiJkBFaXurW/RagsvE//dZsVIvJvwj1yfT74e3mqQSlhRAZ3uLcRMuHftIT+EgGxiQMZfufvKIrpr6sXAyGaEwc3SPuxCp0L6+MIlei5s6Ok2B4p82TIfFTT/xzs4kv+lalncV7fp5S+qfMN4MlKDX87sDzkNEkahttXme7kRz9DCMcHUPB1/HXEY20oTSr2A1ZwFNi/NNi1jX7svfC8XdwnJ8NSIPFWj5DDD9a7IXlX0JooK91iNafU5U2kJPUyK/cZSduVbFAj3Ex2npewCdMw/DGpCh3nK4G9bpdHsj+CG4nCkXKc80hLTx4LLhALs3vh/iKcEH4uIP/U0gaRbLvV5thPTcZVBzQBxjDd6mkM7zmG/L1LICn9ao+DnkflJGPAN26kXbXIJO2ktIFqg1/x1w4QxdHPpQ5CtrcQGQD8+7Ty64/DeCwHbvIkDwHu6EO7KeeWDNulXUUVABGEsnJPcix+t3ZjaNjVlZO3mvVyhR+qxWXJRBByAQRanz7t/Y1LGk5Q/UtMI3L49I/q0cUiWF3hyIixfCb9m8/VuwAHA9x8ZEXkbzGxfzzMTnneovkK0z1O7vcJ5w3WEGSgUwnRFPWnrGAXr3DThTFffyK7TWbw7xEhjxxk04aw5GUo0wCWkPpR8FPDMVnLA97hAhQ+IOLQ/BmH0L4UV1m2uOGptyGMYf+blAduYBJCNoJ8xca9C/Y3ECX0ziCnIk2xR2yDqErSpRiCA0TGxOS5cjSo712mVDYG9q5ulDG4XXd9FqwDjQT9V1kvPYLLvx6J9xXlhfR1wVJX2zk91wHc/Yak39+Knbpp4/1Lr2Bt4DhIAfo+6c3awSrKBo/vK+Jqjaudv7QVAMv0cNnUfHmMb8c440qXGFn+okXp+vMyPYWgowRdXG+JbmqyeWn3ud6GBvBWufvjG9zQI2NRPoxiS5TgbsTC+ULyifCdleuZh10HJKmc5xI0oHwVf4G6qAditWq/633sVjZ24i86w67a1mwJE2+smiVoLZn9bYNpsk8YMsXw0iUrYjv0hwJCi4ZGAxP5Qcbs5a3dhzFSkRqKKdToD3FEff+oCg0Ps3GkCJBLXlydfa6gt8AmT5OHomBk89B+rT3iT4Vj7vPzEc3DNI+hJEwLPdOfKQkLBGmaq1EcuwkfcjxA0znGenebQHvuZ9Z80QyfdyfYdmZnx1gattF8bIGPJeGva0sjR81YuGA/LEAJw/RHVLNVyNIDdShIufQpuvzvJtGedX0V+Cw04ldpL2AlZtCbbcU1VtyS4q8ChPpAAyJvev3X6i8+NP6SEZCl1L++E3+Rr8WQeLZSJ658SzOFawKjjTE8ztFQzmtxWJ6mnqMAvjel1vIzd5lEdnz4CUlWcD5qYk3idxUUtSosg+PbHmkZrGzAGIhFS2jDgq7jmfoKSkTKZpEX7xFnMx2PRDel9KzICVWM2iN8ZDEyqA7YSZgij7D8DDpFlPXphZpAWFtJ2H9qG0tuItT1jZGP8tphbKXZxudviZwQaLpzsYFmB6/VaQV7wqxxrZWcps1BXMYiF9yzAE9V0ZeOZQJeEeMAzG14PCCBP3HPqtIY80fLJK8jEcUvzJBnnHJzzYeZir8v/9imaV44R8Da+ebtoBRCX7yZm3hX/vrjji7ip6lHoqYXZ2FRy4E1OgGGjiLGzZqzhsg9d7t/8KW5pCucHafIp7FuvpKo+/0Eco5/iJxApAGPlbEXbfYDueIj9stLWtqSDSCHbMe/wAKEBTkCXZ48XwwnummJ23UkKJqOg66BIwaWvK0IyCzg7O6Cc9+zT9LnxnL9DzPP+DW22pdl4GlUx6KXKA39JCIT6IknXLSvad65VpT5qT1DyjzCjsMCDB//m8KBUMRkhpJf24UR3h12G7fAXvmAwi1xba9NXYTHD/kwsFzMX9Qtq2tujpbJ10FJrICopmcYnvRSga7QYAutymenmsrECJyl9+LmxTLWzc63DTA9PDle2oFSJeW7QDHdMBDvprbDTMyAREG+PDOdXg9tJI6f01/Fh0+XrlT1OVd1lCx4v90o6NGrhLr9+sag1+T4mq5Mo+ueekkLNOmBRW3eqO/qAgsa/16xmBzA/U+07VdEZApLEz15L7mcppLQ6Og9F8i3p1CrR7dBQVNkQRQF7qIcLCW7AJzLlHI7gxnopwIZmQcJz1/oNl92LDGikHC9Js1SAG9BlxOPWVtbJsXwCjdS4m/LiwGaY4pv7Xmxi4SO0gGPsGFk64lFFDAKYKTeg2IOcqTHmUefmwFh5+8cnHmmIUbk0JmgeFaTyNI38c6P0kA0ULKfk5ppwCV5BfW86typZd3KkI89TTB3FUvDfbx7DNvA94R43qZt2MR47a84HDVIQ+Phr7huAarLEmar4idZgst2ufy62ENeFm4JLCa5hwn7GQFfS05oztvfVNa97YPod87Ip84PJC0N6B/XIuQutyHeknEYhR7vK6LqjqIn/NxEUDKG/KMm6rce0bPB31PkVaU6wxDomDliuO5V0jyjuXyibtMci+Vk+O+2Csa/PuQgpxESf2zrN5apRSI4dt5suG8EY8LsJyYY4tuFQLaoQApMbO2/uuh/7ERLpGuhXASDH4Hb/SY+J0V8Ps+xct/6MC+UhLyBy4/w90PSFEHBxPnoKzVdueS8xSiUpNWE3lQRgA70y1p7Pjvlqg08xjl9ipUsyCYq1vr6RT8I+bQuVB/6udDEalOiiVFr/8rmriK7XcTarpoTaPmlR7ATQGJkkiqvF0UeRbU8yMXrM27ruKumz3Tyr3jjX0ghrC4F6EjDAK+4zWtXGjjDM9f9Pd8ClQXAyfo+9F6BfeqGpQcJ3CZBGlQnCV17Gh2h73nBgNFcV2euqXneuNSxsbCxbTKm0xD0r+A+Jd1XcEtPHcWhGUtVpbJ21b7knYA7q9Hf4IJe4LwP/nU/ODczgXG5BDWkwBaYfvxBfglBdZ8vd/bXbLCVgTwk9Nn008kbcgy+Uqhzz1+bQjVWY2XW5eZ7PI8AbVLlQSSyb55tOawhlV8fIhsd168Ku6zskiKTrff7s0dAsCu3oZ/ieOZZkhDUd7GkrPY3+cc4TFckofxXDKb7nJo4tKMC+d64V9jntIRichQy4VhOr7RWFfntUGbsiUWVEPyG/S9tUbYhEP43GmkoTRa+njrcBOIsvQfug+nwpKtG1qe6p4WV84wiuoODPnkRQJvIPzmn25xQiDufhEQUJ/IdFNBnKj+yRLWThVAvaWKb3R67r8xMDdn8jTxgi/R1MJvVTp7T5czehDANyQDWsUAUicNWbqbsqUbE4WPEoX0hMrJpqJnnO66AJa3nPZhggTCMJUFJbn6i4tTuVNtauNi/RrkJgCIJQy1rHnL9YnPMnCTZ5NGy/GhWkupKCpZYW7qW5QAFEGMGpQ93Ozdw9jKKnP3lTcHO59reqiO2MoXBwmV9lNozh4eh+FhsQHMmBnuZeiUN3M9D1/VqC3KLdrN4/R+wElRi6P7KWPJqjekOIvd4OnIpxAeXimUdbhFzswqrwZ5nd1pTxCxkkFTQX3PNOvFBCPtKaC9SZRLv9ERObMbtoktUPPqiWT/pJpmJELsa57a1Kc/zJOymYZCAJCklCAPb6xRc9l+k/Pxdf7NnwXAzpq7ILKPFOveEWESDiby1hSuyM2ok6fWFlX8N3WzrhemrG4g/ps/8VekTqb8HqN/1IrcTJnWpuL5xndIyIPeuFFWrufJKp1vlcPHvPY+MZnGtk2LF8wlKMYXHuwQZw8IYwpBIXdtCXoPKFG7+l1GxICMB3ytQJYnsoPJ5ZRPXrCf9mRJVzT6l6JwuiJZ05b5ga9Q76w/BpbHofI7OvhFqiEuK6DGrjaBInyFAAfH9Pf46hpDkqFHnKYzSKdU/96/pyl/aBwpSyX+fYLwskQSB6yrDdF387T9l+NmOM7tU4TseGja/BVC/znvfEPwwnnoLLY6gOMt0bpk8H/lknj1OteqbFV5x0194yxzz0zTdR3F4lku7cymDXcJOz8Tlm9VtlXxRgcRgN1sdAq+OJs5/TZ3y94Lq0Lqt3GWx0OYr05/Mze5f9LgKk925M8AHI9Y1Qv/i1N/Nwygw/Z92oCmNgIoaQfz5QSIKNQtZpy0xRjKnV87El3I5GdS3OYce+K0TtjJD8L8haaRUrDlFHbj7oBSuyQ8Aaa4jFnap3yf0Z27uK7XfR8BMXjUQTi53prpEXPODiYWprWKQ2Zb6FtnjTis/DPGOQwG4MCR4zaVAkEAhU1nVnZa62kEYMisX2GMKWu/lJeum+nIbum8Ete72VGPplJsqQIw/v5zXPlfHGds8waNfQ3zNU985FG1/4qPCnoEo74MLBn+1SSfaoEXQUab+wLeZnpi7vw4vGI5fspSiuSKF9UD9WvZW1KKd6Kcz2YRaT13GJk32cWMGc1Trh9EosDJfumr+pVHcrVvulsz/ZUcBhfFJr9oQ9+Ov18LDB/M8aL9TUM/giSFxgbFUcXla21UnZiibL+TfvgZZ7kOhaSZVLh/33FlJpMvJ3CDWzOJlwQKVRe4ESfqXB21YPk3gyWRe+cYZ60WLmZ8vfxIVufV8ObF7gWBZixh3eC43vEAYZrfuUJaIxD5pefwCTWiOi3A60YKe5yNQ/0JIaFpIo/XiPgVHO5gMLB+qr0Fu3K6uxmw3bHhT25ibCbA+ZjW5ftXdku0hD8xLVv39lwbIf42MPz/og5Pf/mJISyVx6B7w35PwRHsq21+2boJyO2Yxusjb6v4ZQjhezq/CkXpWuPB5OS8BBbt0bxTrN6365OUKb23+Veqwz+XLKXzadn2Jqz5R4fDaugDiZc1qXgtql81tMUFNGWpvFw7500MXrWIyjtY1EHB7STVr8r1GhHGv1dIvjIePdfAI1lmKqXpcf77kXI4MHgl8veEc15hK3epf0v3js7+u8L0UUzCB5HlR8uTCKtp9UdRNZG7Bxl+Dm+dkRYALkVC5pGk31a2Js9ZYhdP3tYp/NXg8rN4fi65KHyFetKVvefN7F/GBC/vnz1V8ifc8aFEWx5D0Gv2yC7xnJyuoc2L81tgHUoCUuv/tmq9aqmhWfLrPS4E7h7E/6pQ5Yyw/5t14ch3CyuuUZ1kYHmE3KCCAnbF6CBrSDJ0uFLQEwksOxxv68m16envtFuQUxe3Jg0dFHA/JS1ysS+DBRA1fu9yIIhj3e4rW2jxBphg5uyynpkEUu2MAi/WT2n45VVarLXza6FfGvFbmvwAFSqYupmU8cRLw72r2b6IP+ljea5iBcchqDuBdUEhyI8fUDlnR1GSck7KEu9D9KI2s+myE5PRnHIXfTPKlC3m7Yz0/h/ZYF/3orRSUjRXxXzDPRaDBLwJtooT1M3tmWXTpYXs1JVWtn3xBhIdfOw3Ie+iNjhRC5KWxW8TG2lXYpsjAPMgNQR89XjvJAQqd5fezVXDp7Qiq9oLE6pMRUNyUURkuXy93L15lbeIlAVuCzvuKRvqXa9Fdrbcaj9DedkLcuvIsm0FuBPsNzwBBmUqqcGYmapO1FlvQh9tQu/u1QynsIBlfgRRf1RAr0k2iyec9R555AKyVjhVqYCCusD2szjgd97D3Pf8boSCUSm+lbCNFlm9L2mC9VlP+RQRvytgCpdhIVWoWgd3/N+6xw+OtH9E6U+nFLaf+P/vJ7BVwwUUjKz/qUn8zGmU+PQu+K0cuW2EWT6Qg8RVRMAVIkmV/FT4MyoFlYkrddF6bfEHrZootKfXMy1C50CxrMiM0jiAjzgSFQ5PGXSN4uADxv5tJI7QXcO9+h7StFEERE2HYJ2bzEMUXtBCF0iTUSKqxfUySidQ4Lj0lsu+s3k6ZAZtoroGYPQ22D7JEKj+W7OYrGG6Q7U86f0X+GauSmcSQF9myoInY0gW3GPqmYV/2cVcTy0l691yzpeYA7zBT5QSuBgPLtbRw7Wq9eFv2fcvfK/ZYh922uEvZh50EnYO7iet8yDAMjv6EC7Mn2YzSn+8TTYOxGdEXmey7iqhU6URnmCU9ZWP8e7RFb5w8eQzdTwi2jmgdtXdP9hhe/4Yj9/ygYyRXSXpg7RbEbXGfRxSln7q40i/iyELxaDC5lIZqTe6ZySLL3MEtMzTTDBboiiZgxn1/5kin6WqKuMp12J1HT0xpkDNhMbWukgJEMhypfLS/TF8fBaaCyvZyHQayKCMGuxwXTTiHAikxL5nESaxAvn/pLRJgjiQ3CKUoBqWcjX2fMdlob0kMjKYT1fZI+ugUaVYWht2sNtX96y3h29rRA9U7a24qpkOernEdknhJ34POZgytcKJNNi2Pl2b/HQQPtgLTGjjnbyLiCIHGRQwCbJj/16RMN+BECKaFsfHetzXtovTuRo9VFhmm0Gva71/w1g87CJ6xDGZvWugoDQ3EFoQfu0ZQWmekBVZVecUWByhhlERueDmq+gSCoOcFTJN+Fgcs4fTe/QlYnoh1Qj4EnFg9L/lwobKdW9VeSqWqyGRjJLZ1zuSPyLc89WF+iRgi0rif2LEHVsSSJueCLTD0CP7BqdXWDbZUBYy4xavT4+gDfQ6o0C8kNtvX1/28ySTsZwzobmLkBy5COCUQ45/fBeAk3qkyR2ECJSV9dXvEzpFrOr41UdNKnW/xiKI1Qu0cyJMCqLwjSfFvzrpYM85VeeEdXytn9y5bmPdH+8fQJKVgU2wPviq+15gskEOoRLpAF1zfCrQO9r0WCU6/F/tUmME9vtvTK/3vrmzhkexZ4B2zaGEGoUQT30QJOSqGrSn4X5HxhrElTNb3WNQXm4FIIC9j4FZkVNjULo8t0WuWvXJYSAPpLgx0+CdN05wO9bzlu7ZIfYMtuy8kUD7R01ytBezZWKdpkh1rcYvPp4AF7JzYzf1oK5D/mixo1V5DuL7qSo6p08/XQyX9jAaENdgJjbNaZp+BifmrzZFzY/dW+utAgLx0DviSv+ld4MDrUnhg/45PP/57Cwk8R1xeUCtsVpYvaUYL0km/EwEIRkQBHZ1jI5Owzh93Hs1V5T4IEYk6cjv2UwhpyNKEr/asbQyQsmWmxDBe1zWKI/h1qzXLORlzsKpYGnk/eqpnS0eFKBunyg0p/EFxM5hBfKOX1N9P5oE08O218lICBpACyNcqPIR+74b0zkdg8uhrHCbnOawjL23Ib+v9eLAYVtXusIgdq/tAnvlcXCUkFqBvsSCCrVl/WIVPFHLVhcFcRqrTdEGsbCx99l0RaD79K9P9wWHbbDK3V6r37GgcJjm8li7OdcVNEvAhMsbr+c+cvNofOpJ8qKsnjX2Vl1l4mZ6zmFkJKTgRAuvCNRP33+iZETG2w9T4/k9cend6YYTXzwNPEUWDED6wQhVa+1egDzNGwvEaDwKsd4wbATKPYhRMrBLAso2TTA0kUEljjA/jo0i/nJ9T0o+VVSHzE33pfD47S+NYzR6whmKuMQHjpLbmBe41Ek4xuahnS6G5cdSlItzVZ1Z4bf15rx1zM9IREpEI/OUD17v9KaZw6uCM660zF9Rv8nJ0xVkO1q0XRoZO8/vw+WEVPdeIWvzX3qPXXKRHofLXlAzNo11xGGkZ/DdHusA7NI2g2AqewtcD8lYJNqeBTBmdpoavC0go3WIYH4LUjEiYOcWJaqmAL97L7GkfF8aaazXpDCNjb2kwdVUo4BQ9vPtnQUKLQDJ9JAOOlEHRmSn8OCRVrpqFb8hK9OvnKQlEkhGib7Gje5e2k8Vh99uQdB5wAgMoykhz7FMmgEgX/IT0OJQJ9OQe0VOaqU0tMiRY8RYyMsLgVCBhxWvQPGTAPqvJNh5uBH+V1N8ey3u+qL+0hIUotOKTeo5BKD1hZBZjO0q/CU4maE2hKWqEDa6L3BExv5xt6nrqSHbmsgPRopdsa+WNxhjv0mAhtPBkQ7jzwfMppFIODyViA+GmvXwEYFIVpFvtWxvppaOv+zNVXsUthRCoZQTsuUJA8Okm6mg3Kn1NHf/6M6BOl1irXS2T5XGv0uAP3wtu5/ysgWX/B31fHPI/CPTShGLc/wdIrgj879BRrHtx/T+HUP5/UHa4xGIain19NzL031c/8Offj9z/+zn2f0jy36Gzyff6v8PQv0N10VT1f78Lgf8Pgv47nGz/DlX///n/cg7+fivwSBdb9P3/XsTfxwjU5P9+xtrMzcm70YzPtvfpF5qf/v+HU//dSNL/in/f9+/Att/9fwe2OpnBh82QVO//DLjpJntZTpIWvTltzd5M4/v1dNr3aXi/oQdfYJKsq9bpN+bs1E/r36nQ8u/P/3MOum8q8LP7NL9Hk20uMnDXZXMV72Uzf7+S/t+j0P8eeT/Okz35H5T+9ykizOPLcdnGZwz7hFSxmsBL/DpezXvV+5EO/uFklpbB8cZoR+X9f3r+3JGNjcZFOdjZXfhYSFToA4M/jodccmIoT21Xqzj7vrBhFgjdpIMekxO0Mr97BPwHwmApQRAHWxJR3SJnmHF1BcZvCjK9n0ItbytcaC8P6l7nosRykmVtnfEviKLMv2z88ffxCqGLBz+wpQtElVRzVdffMqyULG03CB0advuvR9cfMARGVG6MFOC4ganzBzAm0tXVVU+U6yi+vdxfE+OPG3Lu7C+pw4SA1/jQ8NFxx8ywYvZ9vcNQYfxFY5AIUvIEpmCMQVlBpGsY9NOIP7n/F8oLBhU03GP08Zt1hAxXpEjif/YBjoSccP2YCHQtT6NFogCLeOYAsBDsR31FIcPjOS3fx88aETDopQNkVOMs5O3hCfacxw2/nEsRHB8erSNAyQf45pLxHQeybMIZKc7a/V+QUZ1cSpcXsJn8qCNrIYmwVMzoHisjJ9d2sroW3b9Tp/fwGWISxG0Z2n/PuwQCJQ5n/5Pvyti7krI4z6K8X7rDTCuFFdZoHBOz+lgzo2/ONQtHAEgL5E/T1R6PHgWRTHcAAQ0BSsHasOXjPTgpFYiGobQfup8iQ+wXyi79LSjfbPeP9rTUWBKy/KXiGvctW0z7gYDE9CHbYuGxJQeCCYw6P6Rof0srXqgk77g2tvKkamIkIOfr5hcVPw1v35v56qSIBv5S+k4pmpXlgeGpQXh5BBS2b67eHYZCkOLxvjWYydGmu4UN9BgIRnb6piWWQUlbS8EvWPfcxwcKUHNi8yP5ZJMmjJUObpkoJsWBUCAJ8OiqysFN2fToAGwibeZLqP1ipWreeimBBYWXp/vhaBT0zespOUJ1G3uzDUpxwCqtlMQJHcEzvKcff+bZoQH37QB9Tw934P2k5k6Fq0oO+uCSw93OKZQXseApqupNTRpb9cSrWd6Cu34XvSCf8ojOcp87bw2kyghSZ9PUaTlTIXgs9C8C4Mu6mWqbkbMP4N9YRTNfpRZqH5TzwktJb39TViYp5exmdaSbpEH4Df0whqmkwZfu00Z+xNv+S6JtdL2cBEPJLUemgh/if4c6YXL2kt0O16a93e7oVlLYJf9mVD9zsxiLt/UgBOKldRoranpyTMClUi/s7NQmje1CNTZ1pqf9BjLV6m9rgoE076J2rpflXVwfeh1MziJSMWGn5GidBpdQwl+KojekJrB8h42QZaOVbdNVpuRVg6NV4ManCqhlc4LaKdPL8G/h8iOLWJ8mb1Tqq61C7kCG8OzGfrU0IfV6P+i/9UliwcKR/jTmSF5xyegvd2ZEYgzsn4vMA6exGrIEm8RtdPRrxRF/SecWhvnHqvLaVBS2vDKa7sQvLPwCp8ndQ5035WLKE1/9MmCObIXtZAZ5Xb9H6DnLzFagGjAfKvX9iHcF2iKs2rc4xh2mghGw5qRR4/M8rCieaHatzbJNhPCZuvhPiHa/rFIJO7EpEtfD3LtTDPcEvo+xDfDOSGv6tOz1Te7CdovjdPqiUPM6Ak2Bu6ZKmw/8o9VsM0hux2qG+zH708i0beG8i/q+N9FTWY0nDaWbmANgAQX7d4jGceK+MKYkG0GjaEOmr7V7HYegxO7kqc3FxKJgdfeqd1VnrLQCr5H5oQ8Fnd0mZLlLOGxTz9t3s48YAqEimxmqPvlPs4r0vva2TwuRu+QfJfsYrPwzJSzVGFP61HiKlTWUkmLkf71qNzby+6P+5mTqxDZZ4bSYEPnXwB70kWWwIiM/z5K8hOTGlmqZrmCjJUcaGE00ftP3EygrOycPNKAfDMSlPF4RRLywuNO4rCjvLNns+sMr11w5RAiDq/Rs0T3cDtfqCSvhe9PtqvGCa2PpYemHMpfG48kvtrlpWV26NU4elbtrguXoMz5NMuldMiq3+x1rNeEFHumVVdoizU7lbPygDX5Wc3M1354c1N85jcWyp1ixn6Lkp34tjt9pW8SSDRaKo9FjPlgUWLuAHj97wepsk5pKH/yFSvbtJY7pESCgK4FAvicuWDAUlGl3Zg1Nm2E28/XNnThpScB/YfFUvMplOVjzpv2nsNIMSZ6tAvfn0YXtlVNmQiMyEEQFxo8Kp7Qa2vicvt+LBTx4lUOfaCPeRXNMICSXzjyEznkfh61rVFYBwg2R/NtvCXX6tvcIP0V3K9Kk8Ud8xzZKZL1TSCY/ZHZVOdWt+iaYnGbb0XsS7M193GXyqou9gL+s2P6oZ2YFUQNG1R/1QYOsjNN5lHrgE+qyy6bsdSVyXypyzhiqt8OCM9KMg8NZo1H1zw3EyP3FxpdwH78lNvHCON8I5WS1A+Bxg3/zC5ZQN35i308BrPlt/lk59uLqLNSfjiXzFO5zeQWOEEi+/l/j9Z6rRQZSK6HKv1Y0XFig9QaudsSHKYVCPrZBFW1G+OhSU19/Sea3jfA+3eD/AM2L7tudyAzK91slxkAkKJhK6nw4LqCNwjg3dCW1zOXzmw7jf2GyyTyYz0KCXU3YHwvs/CewbD8VL6uKWu81mi6gA0+v7zOtg7R8IdhCpMAe5Lt+dQl0PBHsz8a/r/WU8YQ0e5UCmV4asE6sjxPf4shysZ1ZdKa52/N8E73NXF6iCVaQrW0TjJQ63becsxdx+5oTiJYLkph0P//oY+dhe55Pexrqo0VpA7dfeZWG+9Cg5a8iU/AI2S/AV+q6RCyr807TdKzp8BvrRaE3qKVb9iyj1nM0ucLvdR7Ir1eWkaU0qLtyRE9d7mXs/iAQ348xjXvT5mE78mj7KJ6iqdY3+cpCTf3lq9AtB1IEeIs2uNcL9IGkNhutYpZLxdwSObumIB7MFnI1n3QeOd/7mmXKIJu/mvnYYJZY+iB9T5WpwM53Wd/7WAX6QHhMrWHNos7abFKZt6jTbTPVC17HJcI2cvRd1XG8LiwJCmCfSzGp5bWOh5JCkr/vm4npyz1/jk+trggctZv/WmIQlkey8WWUy3Zd/qdlhEN6YThuWxdhX4n/wc3P9oRPhldEVlh2aep49DnqHbuH95QhHlisrna/SdskKvJaG5FnmFOLRRYi1b/8lH157edexabxcp/ZkaEZ/L8ya6FGfuc+h/AzJp+CNXqfSN5lrD9St8iIc0eHr3oFZA9GmB9nL/2WpH1Xvj9+fJFyL8sUXXWrnSCERscq1iX8E51M/wFCNPL72H+han8NCJa9yhQh+Y2Z1ZXuHQGiR+ta6TBzgf0qUSJZIOhs3+ciLraIP582sqoXtJzuGcf9s1ohtsR9FHj562we7m/CMGufBZVwhrmPgdYgXSyIPeS3n0ls4o7bezOZrWM//aE+6WSs4U32F4HVoizHHHLx1yVOhOfCh0hbUGR/9zGZz1e8aZ3HF90K8b7eNWNuA8YMLrKN7j6rs8cO1MidcH1HHGhgEmwTPFe44k5do+Bvkhdno94tShB1rFM+vH7vannd/5R4M3pC/Av0MTCer8vHhhDAeD3FUCsvn+4XkIm782R3s7eQZCdbEaasAHGJ4bgf3mPi601EmnTBGCcUxDxozcZPhM0cy3mk6T1aTN7nM6uXXWy7GVD+3HE+ZovACp1j9hvJO4rkIvj51E97MZssjE5KPdpffC3wAlGHv1NSEIuqCQJu8C2BrQIqeviDiJrgS/M4bAdwPy1agXN2X9eQbjUaPOFSOYURG2f6zde1BVa2SgIcE2AENFNdj6Qusa4ITNhTFciVOUcdDSMJMDoIE2WgfYTq3GT5tau4eZ65g/VQkWM+NbeYdXkJsJ7C4PFukeeuryGX7SbUdgr/DKT0TVe3qaJA+cV/7K7oRAn9mpBhC9klc5weSMtP7c6w8HPLvxbkklyGm4i/TiLHCZGk05yI8hTJw/rVuBinrjfYcffyr6hjKlKDxql+21lrfH7ZaSlArBVgZP3X1hIiTEWtvhMGAbX/+nJUSEf5LC/fwelGi2h70SqU+cApl4desqSny1zy/axCqw6DFLuJOtqolnHkWkxD++cnqmxOcecMymVy+zT5sF9cPby7Dt7nTdtSWAYnHKxMiL476VE05K/hkQBWxSSIHD+9O1ifmaZBxFkFXKfReJc5GWznMOs9T1sLEdLCWxzQ32Es8JFYHvTKsVYfqNI674YroQ0+Mk34WXXIerYfxCYUODN2Jc0qrXHWpkCe5HKKAuS45s+uTuw+b3pVMlCmgh2igzX9pHW6tSx1llVm0Lp9Swp9ZBrW3pg/6Qyd2L9XyHB8NjHFaO/hMDcjqvxT/xnLwwU5CN6NuZ2o1DwB7AgVRWMjMkUefYmqxvuY8dfyB2zRP7KtUxeop23plV1O2qjEnozpRqVn5vnTELjCNB0p1i5fy03b/i3GFjPFev+mqdvHO35f3/c4SNeQb2poc/XbBgV32c46034g3wH+1PrUSiNknhvpi4ovuFfm3BAsy2K4qs33CoBOJS4g5gTeL/KS4ZETXmKOjLhncMPXqm71s0DnfHlIxP6Sjl02oaEFSdBf7NBMddYsus/DOwy2/xc378r3XVz3W9zI2uVU2kgZLj0ZVZmglfriefmlrsnIDrvQR4Zau/3Nzh+MDqh4ngbv2UscqunEp1wgLPNY9HphSaiige91be28IsTni6uS3sZdIahlxGI/+zcMiJgd3qV2/HtJSRFJ7qf8unHx26RH9/wcyDWdG2jZjGWrvD+ndMXf1+kKgqCdq2OhtbJsvzCwKYpbs/LiccRW4RrZ9oMV+NVMrNM/aMiLCDpu0ofMVrAnBVVeWiUB1+o5YW3DTDyGQOIA2LRcLAKFRUinzMtSK1r9ixGrX9oqNBVClEnGRE5xc0kdtkApR/W7lZ+8pzLTXq3xV+RIDiJqAhVJ98qXrjUw9jYjYi8nzQuSg7N5MLCm+SF98GiA+VnqJZRbr06m4wtW15hCCO6e0uHiywCpxa3k9vexcVA9WsVr88xw2x/LifZZ4gxq/AlDNXWo2r78Ju7JJhjQo+dBPPDTppzhQqYSs9uO4C77TPq019XGXqZC6ouDpa+vnxIghqU/qQe7AoWf2/y26f39ZjOqakv0i1nxRTLWc6Sboq/K8Fww26EQ9EHy8NqLdW8/BCtlxXUCM4qLaLsxDvejsSaRjg4zt1LHmjAiF9FXhcI2qbNbiA5AQxEuAwH519Bu9dzajDfRDTqf45eaLVG8NnPyUfrCwUQ15MVwrPPTxbWIXvja78lPtRjo2PELfizQdeUDjr1AOM98SFE5IZpJ38oDd2rHoVKXRrlW4UWEqS315VqrFp793IgYsjK7LYlBVRsv+Wfkjvu2xBRZkNk8b3lnfMV/jtrpitfSGRFug6DnARasbu1AnJCOLzt9450uJ0UbdNA9XM9cpTVJkLjoq6wYumn0NyMwhdeLqfUINtdeSWOgap7rqsVemihKfyVRF3Hle5pZW7YtqEivZG4HgqAoJMQFkhXVUdJxds9wEGrmNU0P3PCpmD1J6KNKGsbvJ2L1X2yEBsAvr568+Gswh9EFRdHgsmEGfQ7tiozL59ZU+lZR/TRkfdkx5bKtDl6hvjIZexXZ5B8PuO4mhoBbtlWCvZj1XR/aBfMEQZrche4H8skQESUmE+on92AekUliy30CEISMCJn28G++Mba/ip0ulyt01XKEUxBjrpe7fIJ6q34a+fJB97/GZ0MkKhuZpcTfQErIeB2ZEDIyZESsLo3p6c37+OAuF33HZlpr1FFfj+71fLrqZumvxxUQFYqrfZI93sOmKBmnLSat8IdLLjAmnQlLFMt5cU4+XsErkCWzSvGh5UYsrqzKPRGGwjTF1lwjSYQOZVN28fWE/xzgDH1dz4BBTJEliBOcXXg2ZOxTmJLOjwk16foSaiehe452KWl/WlspHOH3ciihx1sGeFB0NbyXtgwNbXKVE8g+jfQuYGos3D8miPyW8dql3ofxj5RYTkycqvF1+KxGqe3IOF4ebJGE/aghMUUP8RfyBfH39ZcdKPRLam9IPSYMpCvFYQGOR7bHebfBS7bARnMILeWI+8Ixt5Cgr/biJXA/k3A+n9HCQZc7345XH6vpuSe5PYCOnvxqPpwHk1YWF/pvgbHwfOdZZyAr6IDDfGDwuvAr8YI5Dx9TK9a1cw/MieHUYcxB3GpYCDB6z7KX72HFWfWUD2qymBE93fKg4HyVwuKIJy5MEXlX1MvrLuXLy6S6fQyICqz4cDwEbLkikWF0+CYsmhVU+rL5/YBBJhULgN5ZFz/qE941deQvHDUcRyCdzAbZRjYn8Gqu1YLRdjk98YHcfcj4UlXnc2l6S+wHQT9f62UDQPBkzPK/id5XvVOpobW/C2AKR9tZAiflPA3cISjEPA6ILxVNPZ7Z7DaLeLSTLGfgXKo2h8kVusosK/0flATJShUo4hUA7k+UBOySh3sgs3dHw5F72XrBDm/g/iefCIwaTTLLskg7sNsOJPIiT58pv/FEUElD5Pd2pCK4cwbc+YS1hjkPqx2RIfCbpP7V8f9L3nstPa8j2YJPVCdET17SiN5JtOIdvei9ffoB9O+q6mpzOmamT8zFRPw79idHgkBi5VqJROKrqgpr9MMzIjyjiBdlwL2M6dSdL3zv22zO+Lmjia0D9iFAQIqgGzSjffmt5GHrENb3Vmzv7Nm+OUIZjYd73LKizSIRmG1rtGt1ZIqH7q26uqmMvMs+QmXYHFpO5f5HrAfDnrz3+6D3m7ZpMpB4Ht/IAoh1C/lgmCoMEkyqtDnAz/YBoIEFW/I08F2Wtprq847IeK+guA3DEWwssXrDKI5yohjBpOXgazMheftXbmQ/t7jDodEzyp8eRzDUOt2TfpH4WGO7Yp2R7bwC7lt8E+nE3pXNSLHU+u+NDCa6FOk72KpfaZCH+6BZP96SLv1MrvzbrfPby2fe1UeGhVs6LK5xbL59peUwocWhbKRg4pgwrW9zWG/U8eAxseQH2910oYQjv60+p78jRb2mqItfM0xhjDuE9KDJyfC32a2aM0qg2+BmnRms2NUkc3YjES1szAvwaha3uA33D5iGRDFD80MMg+IjW1t8XxQ+vH5jowAZQIEcz/GB9EBtNn62I/NMtgmK6RTJ7rfkXAUk2U0GSx2JeOXpXdq7Ty9BujWrJesspzW+Oxvp+32Ign6hfBdO2cL7HaWVYHfVvfgKiFsEb4csezYUq4B5O7yG7tWJD5i4MKdsw+9vn2jv94xZuldvSZKFa2Zf8ntZ9PUSV5LM/ctUir00TtzspDXVmwEeBJXf7KYXxauZek7w0aTEupFSIh7dXJVbVOfNzxgzw/UCZNXHJwwP5G6oN3LDfK8fotbFgw9u6AtDCvTo6NPxhTyMtEehfVfi9e1ArzPyR2OzHg76t8vHPkcz1HclPmrGOaWvlMX9q84M2tC316eAF07N86SS/hFSRM9WOzbMsr8Jo0fsv+hYj0iDvP+SwtaQpG7ikRy5nFrMGZFo9eKIR9FynqjIaNMTahuxSB/HVOX6Txj9HKnNgutZWun91pGuSTD0UZrzhQ8NadNfwWVJLSDvulX4OQqHZMtMcjTF8IXBJU8R6PxcDecPPlMLpCGSMKYpA4N4DMKHW2mSJ5bMD64FKoY2nvHpyUirYjWgZ6LzOYUoJuYib685jKgIrjKlUtA3qGyxEn06VHAYfHmTeyTiWj6m4kygqPco9ur6cNP1qpPuVXm25VJJNY/8hpHLiKGjkj2mYXGqhyUv1+eu/KL4EioL6cnji7FSTGOvW3PHq3qtvr8H4XdS6skfqqUujSCXBcDhNcQry/CTvz9C2ywjqSpkvhi/SWR6gSirMAo438HgOgxk+pOOY6rb34fpxIyutmAKLtVtMzklfY43IHGb9uxfr8plXgXGdJbfhRVVVedpYTndkDi/UbtzESJ+S1jewKP/1gwze368TyMhj7fCFBFup087g5tl8+8ztaB5eGG9McZi+1TsnY4htyRGiRJVznMKk0x+JxJqDJx8NxqFkZClMVwKxR5PcdmQM/W+v4Ly9xaSWZX+oXS/6nLq+lwvMIEz8fGB+YnDEi1ZvRZwDryoEGaPwW11IjzUVwzun/L9+obQXGRrp6wFJ3qSJQwqMCTQHvJYiYUCZ7NtC3Gbec+2Eo76Yzdt6EOy8FSLnHK8T8R6lO2O3yBuiyLtVaYh12bViShx5Dipdaw94eZU9GTe2Me+Xvlu442TCa/WZ9/vpMD9B20F2pbAocoI2PQxe23o7RgZnHa6eV1pprWJKXPvUdHf3Rhcn8OEq9x8EitkZgc0IqkF5cIpcfVEWaIG3B2LvJnMIJ6yU4z+E+bPdrGeILu6aOf2SNf0idcee4zvbjIOaTDlIWcqaSEfcOuMBaeONXZg3Lf4t1KOWdmnJdav+Mq0KY3NY0w8Ob2dUnsxxxcpWXiyxT1MZDgPxuNKH8x+7nttHnC+wh54yB7tYrFBhZzAHLKD623Q9ys8UWjZe93xXkm2Z8KpvL8+eoaKvtuzuBc+Ni+/U6xnPFKHYBbQz4OC3EBhB2wSN8c4I1mAplUC5V5V7GLiJp5yl2k5WINrdL9cNcQOG1YIjZoLw/9UOxRbzpxMdAnaVDkVBTtd3cGueWGSQkFDCzUMRdcvTTmOph4fkTtENVywXvLityCww8tJmvBpgxVvP0NZmYPbG6EgpKCl5q412OoJ22eI3C/apHKbpnpaEvPZS/y5h1W3UUX/2NDhd+DsZNNGv99z8B491D5N+IDT0lumse1GHLvX7GfWewIyQXpa6VMrkis3tmfrfS0D4hql86SJYQaMXEJsfdOy5w++PxkujIirhihNKv76dCFT7rD5djocz9X1clutUIHeKzrLjQ/8bbZSy5/YEIyh/HjZVMgIqk2hXw9ZdcvHCbnmeN90Bq0w3SQYfW0o+Gte2pP2qTvKp3V9oHu5ZJg+2llLv6KBG6GPU5kLeyh8x8Cvkj7F4mXKqhwu8URFOIcPHROyrs5c+Tplw3k/Vq1545c/UyfQyiYR+r819+LAMJz900yYN8DM6JfakMvw5uEgh0IRLUOMI3aqucpQ0jRXWihU1vIjAt5pZ5SW0YzBYF8m+5Xg3Q77d5VF0MCwGaQr0S1Sz9eHUfnDnwJ6IdFYd9iBVq4dLmhVYhQU3gZTo7FfOVI4axpYcFkG6I1lO0NJKjYOD8HZPkpUW+rw/H5kP/vFgUS+MRHv0cbNIj0BLzRGnD/n3e8pu+t7WsewAUZcaAp6Jt+E5r1RTsP0MOIW0wYSPy9tt5bZmOKbH9hz0Tt9V6vhwfbsFT6fZfyliTdFEHD6VfL75kMKh0XHRbHebBRoDC/vDh97HV6oIpYj8kZFHS1Ol4tXYyblA7Fuq18HKJ53a6yf2xXx4V1AIVWwgJC8oAKwSzixLd/m0IUZWyfpr4B30a/K0sNrnLS2m/ixpdRXERVJbl1RxMdxL2k0EURH6LylTpAimXGNX7ctNPv9o6A4iaYfjTSlDxgOOsec9mXeoT0FSI8PYg+Usx2CNi75+dBe/Ha889qSWwtpbPUhiE0WJ8Mwz58JzI5wcup1OrIHjKoYXkhD6pGXyI41w2Iv7YMRULNW4y/+1ELu+hW8GSdv/VxvYZoF4O8erUroqmVACsrNldX2OivqNa80MKljg9TqTwy0dNcECj5aktl7vDD9sbaHNrMnlvdkTyvQTP1xQQgEnv528OZzSQ7xqcoiwpaKH3L38pLSk1wOFzqj27zTkvJgDzRaj3VEzoQfpmBKpnSkJxl8sAlQnfzMgRuy7Hc/CyTHm0MmSco7UOZAwx6vSu6RIsBTi1p0haMg7bTMgSCX0D0Xs4o0txL22kvL6iPpKG8/qbbWEWNQLOiBn8kGELMzFGNZZk1XTpbiAaDwok/k38GEg2b5TG7RqG1SRmRaDFJUSK2NzDek9ZCld6yQ0EcqOK9rOn5b30j31nK26S3c6SsOwzhhCoGQJ2Eg8WhpAi9O5y7NqDzTHeE3Kf3QyEgJFTKu763ABT1kImEzeOZ3DhiWEb3xcZSn70BQWLQVi3wfe8aUNcHjnp+9E47NJojKo8SpUprNVvTXeRg397KGgU/9yue1HsYkz89HmA2ZRs1KRfk1PM73rBZDiWtKbQi5DmjjxDp9jSQT00I1Q1LP7xjqXT6USkGQQXkpSnjSs9xisYx7O3ei3E/kyeTbUbNxItB+v/Z+EVKlebQj+71lf8/zDCpn+sm+8CGuNSHLJL8vTXkj9iRMGiQc3wuEFhr/PL5+1c19DC1Oo9Wm0xRfR9vXafjO1AZf/y3aXbBzZDn9yqtWeich3+0YV9qPcl7qtbNNpO6ZIV+uhtzXwTK7vFMtrd9EEAwa9XFicXNPXl6+10tIwWyBwMPtG0GXD7PrioQcvS73vMlk0+2w8BeD5udLVGJPN8saMNr4OZj1aIYorxxRBqPxdo8DPw7+UOC6N7aIuuxzBL1I5Sp6REzdLbGTDCzh4/W7DAu2lYPhU7avJRWuZsIgVrxPA5Izttjn6yZlUkokbNdvPyFMCEgGkcv8IOGt6GOSfmTW01NjhQiVlJEfTOkSVdVtX3nz9BOeZLqdeydsQlFeOG1Kbn866htxQO+U3zcMQnWeVk/shVAx1etdi6pmVV8jwOxCY88cWNY7+zhoUdbvnf7kBaIfbV7lh48YERDM5kRwc4x+rKFRNX8j+U0Vi+Fc7xtLH+++yKvVfp5QKqP7IVb1ni4TNX6TRMq8z7UOFdIU2iPyUG2wudd7UXXDe3m74lDqmdX0EGyoRQ6vaQwxRh3PgudFgeVLMSDZnNSW6c3ZzHPopkUFhLHKxzsI5ZGUZk2UuRlBvrELBs7Z7fZeRvR3jsynedDHhH0QpB7fYvghGirQkDfvbB53+iw1ZcCzUDs1VUvh/JAJChPRsOHoBkfESgHJd/PX9f2XNnPtkwiPabCbUXGqb7Q/c3+j0qQCvrcXoe+zBEP9Fb6NXdW1H8Sv8I1k6rl2xd+C9PpZDqal6TD5iwJw7E3t/Wocqh4Wb67j4jVWoO8xAmbQ8G+mV+AZS972LCyDEb/fr1ZrBbm5pAyEivxtn6g+p0PFpSHz2eC6eLpXQpDDsBBHP5HPIFKmW/CqFsKMn6si8HN07WvvhrQ3N3t70HF8F2vE808VaSpDqjUAmgZeFeq4a1swg2/HxuxIeV+cquMRF/kr1EvKR/OAgYZs2fl4KIxU3jwguX87ziOhsnlLVTz17eWk/VsN7VBsp0rK9wqKWbMS+nli3HMYwzKaWnljvGN8cwFBhugcuKoFuDC6pOU3jtUp1WasyCUGG5lpG5xL1jEXxdUHPp8W4yLDxTAvM31EtELQhKdJSoRtrQPMPg7LqX1/LKNGLYKLF2NEU5LuzR6HNBG07sWFb5MODw2Ot+gy4Hn8CSaWcO3VTQ++kiUcUZDfQ/jk5Aq75N1qQqBjUTLv4v4tzRrNhTg55yr0OZLfCame+iRN7LA0t/fxxrfg2ppUfq1GzdIxVUIYmBCF33ZZX8YLXtaMxYyP56D80rD1EGhxPyYDxFlJPgsz0+Gx4HfI2DZr2aRj4yP77Osu1BduDzI28vOJeBSkgHUVoWP6Dp7QZfhnyelfcqgeEtdasWcFH/85epJPnvw7OsuoI3arsuZrmWxXI40/sOPTH/OWOJ4ewzfqL1nx7FZu9Fmdv2u8khHxq7298OzSd+IO8XvU9k7Sb9LWb0IN6rJ/kO30rGs2z6IwI7SCM0jO1wAnX+Ti4+fD+0mVjKq4Ldtf/m5RW8U4du0Q3tXfD/z8omFKPHMR9d+8eku87rNwo9biKjnRfbeprJCKY51pL5r461R7NuXoG66Yu0rXIGZRvJ5B1I+v4C4+HwDEJI9Ky7k8QjH4Tl14i15u+gRba2Xbvwb2kYK5pB1SBOTia0Llcg32g+5t4oBcbRzhcbqwwmmjR29ZDHylzdMzEbwv5wfbcBdEZr0C9mpWr5C3+/Fo8nRLWumScgqdF8yIesBtxuTlWXwTjAE/4KE7Zwl3nC72nR0uMZA27Ip7XZjDqkdOcRF9G1ZVo4Ei3KmYW6JW3WScA8qTJ8jpp/OCqqOP6OApVpaA8m41SckOhop4iy/036kPWPsugyr9Kmf3/L5F531Z7IYNsJ8Kc+u+rocBL1CUaOnhFsI4vhSSDdt3hpkZlWBxqz6LYhX2/mdPvlM5acwXrzbeoXaCH2OfFd0+KeJJb5PcPvK4w3PF0aFZcxWRldb+Ga/udfv8i/f88cHEWoxqStNi0RlAOaWl/UqpD8KLQyOanq7fcx27+dRjCMeZvm3Y6XL7sVm7FylIywnDsNyc1kLHZIZqQ71pW78kdm3xGrhuDOb1GVm6Mlbl9K2jZBrVI/T9/MSybe8Y544qe36ISHrb3CNOu/6Llra7fAP7pbZqCMBl1abvhfWLpL6fGuDxPgZF2/1+np9q0gDRvV6MEr9DsiiexgzF4FMwNb2i2AeHFFa004h0NS2SG7f9vjZnrFNIyulE7Lvxp3c7GGLPhw/LnZKlOhKrud9epG2kajGqfEKF1rXpU2JWsxlz61mFwkOuKOOwPR+hm879IHDLouiJWD9AZRamwRX74vLO0GozJwO1b2uhaqo5O/2rDh39xYfZmZmzCnG8ftLBmFnbuSYXTGhQCuB/5hGV0yR1qy4/NONRCd6b/xpmgYVxrdP4vDg+dGp5gNc4zp5sFXSXagCp85SM6IV67x4OlKQmC7HvENVFOLhI7i5XHBsawhPdvVGswlOGpmcXDPnVkSWE5PN3SMU6NujsZFlyi9WXneTkvhT2syKF1qa+RF1Vxlj9uYlJQut/NOgRpvnvaHvOwINoXbKtW8Kr+kqGxqSPZ/Ie6W3MIg0S/LXbZLOfvI75JVs1AwC+ZNFT+8oJm3wLqtupgOoTlOI8oMMMUg2obnOGyPkMsQtqkziiD1og3n71KRP77oKjUr8vxaXeeXHiSZDcNuV8VnW0mvU3yPRBvoZ4rrfPdOXtS3xxL3mUn/3ztRLIzQRfksyv69vnRxast4rPASY8AOzZxmS59esmjdOKkpnCnrrkvLa7+oiUy2OwW9sHhgwZOhDIc9LgUpVYBCdiCZmFV7hNI42XW+lqvP3lwwcBsVHxIXRRB7tN7IiU2zMm6Pl9y6i6plTRJrWyCMZwSJGZ4YzE/6yadlKfIxCfvujVuvdKj5f3GoiYfZ8e7vAeTwel0XwiL3NyT3wcgfCM3qVJZ5T8QbDLQqt+TpUHGn6Ol15W3PrtX6/hzPxVUAVOimjaedtwHylHRy8WD0mv7Qg1bln58QpQzG++3DSN342jZWOD84FypOlryT0rSE+KtOkBE628q3uEu3bU/e7f+NXSbUSzmkoa5m+To8haI1e208Cp8/WrSe2WeyWF9CVvvqRednVf2IrUdiuFamLYn2Q5ed2WP1V/X6cgJE1r6oKknfKXpS9LMSwFFmXimmJaTdNA88JRDwLd6NEmUeCOwjkWJO8Bmi0MYepO7M6H0cVJ+EMajZaMC1RR2POz0UBfBEo1qsosWnOPqbTqD6wqDN2gNNM3mYSzJEN2UTNqUouPA3R6bO5+xmn1Waq6VT+EsRHZ90FxL8KZYUHcL4O8C010bemrUOM1z2t8ktwDc63oGyOpoLsN+3oZcz5jvi1x18bxKXEig9pxr2/UqW9OX58mVpVfe4nm2KXL7s12rw/KBFHJY+IqvG2JyrHxypmkHV4uViCmW52eqUdcoenlOUQwN0093jX9jvzKcU3QqZ6dvJhqe1TiZbxKPuBGMhkoDlFeoJfjqhXPtrCZVlHd9fUJtzzUdurLBrv7Wd6x4ZLmvT6CCRPmSOPxJ9CLTWBZYY7JLhzNg+t0LMffS+bDrPjCZhn7KZuSQn3nEwaG6UBXgssOisccq9luZ+fMrkwdQXqcrUPgLKWSGs4iEk3L+f1rb5+K4Wkpab29zv9lLWqBTB8aMt+xHszU9ZRQaRrur5EZv20DuV8MEqr15ycpL/SQaPwxQGAWGm//XHml1vHxauD5YGKWr0+56COhZnu5I7onRKK87Yw+w0UKLdv6yQYLIpD4JzWUlmMvW6f43Bv6X82ge0W+5Sth3qwfhgddq3Bxs6RO6VMN/MA6HDxM9xlq7A+HNx1A/q680xrFj6+4+SjiP2IHw3kOz4btphzv9JNBy7JW2d8B7uASWbYmmMv2t+36qqqrm0mZMjNXU/T3b/d988ZdEY+P0N+N/+Kil3yyrKZsR24D7W73wVvBP4getMETJQemYejJnP31EZlwWeRZCAyQW+4hROSnnSc1etuOQViHRLFvAbWetzsEcWPSzFdL815V0eSloVKv6qhllwLP5Pfg0OnivEruQdDP+wSkJZbkBH83dQiXjhdnV+zDk8VbYa5Nahdz7SbETIvy7PzBLEvbMa1Pc1IL1+I7y1n5/DhlTSjdV10GWO6TfdG7D43aZG7KJjAs2vv69IMTzg1/ByvrwZWF4YF5woJjZe8o1Prm8cZxbMW8XFX4IOl2Dl8ZhkJsMWrucP6c9quBu7+4zaAPPiAYcVM4eldfzZIpumTB2CL66ccKVbp06eP6oczGiU+eeRJELRTf01vhcHp6J+uBYHnAA+iXR9TQIkp8NiIgy1NUMNwup4xE9lVrWxFU4SpJ/5Y02i/6U0CpLcvEEVYmyhucK5+/TM52Yr5D56i/w7CrdvjVK7neCRberor3KWy1dU885WIfG3ezCG7eF1klXa/aDDTvG39zLaOuiR+eLBKDqfqlvjvCvOMEwzz0G4RiAZcR2Bf7V/Sa0cccUUhihLF0uIEUHijnEc+5UcuyhBta4b//ic3BKPmvm4NR7PEfdgYT/8nO4L+/9/9mW7D9qqXTEhZe+9vc+cF3D27lb8x/2AScZ2Xu/PVymNfvUA593D7/+S732+sLd+3+9un+8zv6APf2Cgh4s87X9XKqG14k3tYBvPVdu/avT/OzWsN/8/cHXup/EX+9Es6/rvx7cf31Ylnnocn/zQ5jjnk+WOIfnwR/dSAKf9iDrvnHDeCLf3MH+PKft/i9+vs9/ssBXoZtTvP/TTf+tZd6jecy/+unxUYyeqc/mdc0M/oQrYd1/I348z3Yx/9bc5nzNl6rPf+XVvxng//XT+2hAk3+h5nR6ONfzAwj/539/GnoX7/6pwmx8xxf/+ZrI/zC8l/fh8H+9T4I8vi3l/tvv48R5L+z4D8t+Kc9/6NP/p+bOPrfb3z/p0VDizm+1Zo7Y/wb8WOOx3+13uUbZ8Pxl8mUbbwsfzfRJl/T718viqFf/5oACAl3vM/p31/Cj+NkGdptzdl/vg1/VLXt3028H/r8/4bdY/9D1Qv+3Qjh/xGf/lOAQvD/UwiF/SfDR7bgtlxW7f8yjOS0DfB98Kjr3+I/9QYAwj+A217z+Z+fg7/Kv/7/uw4cKvC1Ik7/9TrfvN3z9Zfi8F/9dBnh+Sn/SRvgNf+2/EYWNgEhxvM/XuWKgdWdf/uVNvjbnJfV8uuwP5eGC92/q//rHaGi+rX3P7z9646/v/vvDBx2yX9v2T+b/etHyP+EMVHo/6KI/86eEAr/j/aE/Z8yJ+L/F2UwfiRGYXn2A8thPHLTJX+0RjZ5x38pPFsqBfttql8JlPZwxPaGv0cO8O0s5V5VleS/H7SPt/99eCjTZXL2TTuPzbAM07t2izGz/oRcq3fMFRH7ZnOgDTzLOt6b8+UqpTKEeki+X+TJST0MmXMkQUq8SuKf/uDZ7lVWpn/zKhDrSh112krXz1ztNP7ZPA+gAR7PY3pEnPb23ianNIiXva9hKt0t8Bz2bYjU8bB4/p16zbM3hy5+vF5PJUdjm4mt8vg+GGrHgjy/9l9gy0Pm+Jd5CYP6GGaj+UogCNFT0dtp+LdaZG2LlQhQuS4qsLyjyiHoPk71htRgVaXJ0pJVnq3zPQ62qd7IBfrY8TW56IRc8ErGSZTc4qiPKdxo3zFySqU+Kig01mbaFsowWO/VWcUtnJNYoWoI6sH1LNWbW4TIGR8d1q75+GdUu7tkyzsrYc6ISD9lwd7DMXmqKde9cPYRkDjXSMkecTed0Z/zV/guGrn24ho+HnIJJlud2YH2TI+9GvrhetxjO3D2Ekxk/1XDgpFKkVp4nVjR52oMBmuqSxKNGPvYl0VuMEV7XCy81xGza2H2Ko2+WI93RhaPWM2N0FrfuTH+2Pc6fsuDfXQHUWlYBvVFkZW6qwms4CQ6PAWCGz2Uig54sshJXXHjBx+2kSJI9DmKIgt7+xxdRn3B7bqLeEbs44Pi4m7aKd9+p4Nr2DiNpTI4blqaaNnmSmqCxflr8PzjK07ZiI3pPmExukhYb70/Jf/y2woYIUyc8ZqpI5vQ+exPpwSjLLsK66i6p7wsVn02mVECy1pfX/C0jfMGT/2sHIR/Cv/ffvdLvp5d3m6vL9xCSAiPHRY3bjGBUDvVaDyYlsJTpUGz/sEXrED4zt73/Aef4w8ORlPRuqtkMRPiBNvT1s4WuMP37fztvUZ411zJjd/0MbDmndiH3Xu0zZ740otSO0os34jZp4SfmSm3ty3Mp1gl0XSCvVEaMCPuBmbTq4y6Vi8iWynTkcfjBk+hkfcpGBxTvD/4Gr0v4n1Sjf1ie1Z6mfxqczWZE09EzUYGMwi42NceIht0SEIgUG/+9sL5B5c7toRZu1eR4mGxqzmht75xRziXVQXDqj3qhrmb1teLLedkFPkX97rvHD4mfcElM3M7uzG7cL4Vo0+zh6yIc+J2wOxGk+bPMXonwPYVhF97Vnv5fjMRT/fLYD2W1icwshFryMLc3tbkG4fgVM3i4LxedjL8wp/8GKG46O7IVMptBEVD8U+453fm+r/kI2uLMCqv6kN9dLmVM9Jo4mAGckgklm4qXEcc1ov9S/Lbt7UopTzwvtH4iLXHA8wnb4HnEok8f/yOF6CL8sCfa3V/3LXgPvgHqRClq4E1aS7V5s4X4YRDtlgcF57mteKarQde2m5C0OohxLK1Wz+OXqo5Lx7PnT+kKKE0m72xdvx01QNcx8ma7lXgeg58gTxHrdutoq51aPRIns0HXsKLNKH8hcaLxSzjPhXcq2sL6SmdRPxkPcFxfqt5z7q0USijqxdDswk/tbo5hiIZ+LgADLz5jGNx+DTvltXQ2PtLxvtPZ2tBXwoK3zjOm+Bl1qJtRRWwxV4AzHNN7aYHAIbqrWlhHno7rqf8dCSxLlDlTFONKzf9a4cW2LWX0x8w0fSU3eLZfyct9+7niejPBQezbuK8ZZRLaGgJrXJ7b3OfpmbhJ2/wSXRwjJ3pZd3UJzV0pnoALI6TyIr0ceeoE8hAUzlqj226z3LFFnvf8FI9DmYjR29jccOlVg1vrJdRxnGkaT4thrXODeFHKDqSxx81z/L8WAbSPShLZ5kQpvqNBVbKOqX2lr79IoeGhc8wWQeWPRcr0LI5iJMJln/YPKPUXp1T9SHMfKbTPPpmJfQBxcChY06Dp5TGblPDAxia8P6enXP17aK0cTPPLezjqBnGENiL3Hcf95fZXyjQRY4qQHfeQZgdV+td5gGefLP0wQI0QfRUKOr7lp5kNoBZEbEe53ikt9n6eBCSjPakEk5BKrHP/k4NWSFuZmsqsqn3ZmWllneyj3AeVvItC0/L6fWwV01zC2uiMrHZgFM1c9b20pSoZWFoVDVGWRa4s9c//CRc2YazgcOfblnkHhjtJn/Vh2xKsqX0ztUUPTkUk5vl7MhJUgnneoXzd24JHAwYyb8V+Q2P5a8FY54ESthmxl28Ccz7ddZLZEmwyJe4P84DM0kTS0gMjH4dgJY8P59574rlE/d9/aRXFDyp1FnQy1lGceMwOZYT0DeGPz2XodQFfiID3zXKTzSBiaSFrQk5QxmFdAhop710gCzwGqnxEstbNsMjK1karm27GS8iF7xzYR9wp6SYWXRju2ukFoB7PMry97vinH+1mh4dGShEHWIrRHWOtVjToML3TRWszqH/eE/BuY/1gL4hlV58kybHc5GjXx73r3i8qYkI3wglfKCDm4njYs3n7ynT5SWX55WMn7ozi/wB3muekB3cu1f3MIukSaU9ncsLhvHS6v3LloN0B/z3qph0YBUFu6dItjHCPn9FnS9r1El0LSYL5zF2jCSD5RSFeDtJKf1AUTluoqvay7uZ2i9CbybOyskcFXrHui7CuaFxRm+ahgxeuhDfyEZIMMHCbLzdW2jIaPDPRQv2b1WEKrejKqb4BBzX4Q3IYc6z/LAll1mpcrZGEcN85Go/KqeJG2DJ3jLROcEHwagwpUZzG/7Ab4CO7GMY/xS94l4rwzsUa6eccC7n7+6hNxJo81qdDLkgcZmAD+R+OTLNJyMkm0uelHOTMqmnHxgmtezH7qYK4JVYvbOdRSfAvz6Qo1e8x67HoRvyw3Wl+Hd9MbDH6wQg6ncFkyRkqQf2ukidtPNxloERls7Skc9w6kuR7YDhRe/9wMrGWt1edR8EvOa1a4n5PO9pBtgevo0ULjZMeXXwgC+9CVsWVk7JSTH8OloQLlxj6Era1YBnwOfFHzQi5FwBYBIrTbYb2Bv08tOp2oLTIyPVagZYcJ+n5fMkphl3fbqzJcGmhUjYKSdjge3Obm6Y4lmXgtXl3w+NvSwmCYzMKQ6i7CwFbUtWZTv/ORMQw3n3eWIb4bW5nUln911JmDzbPqGF7fsY/bDT+n6anjWB5RKqkt6YNyNJyt3O1dbM2Q7a0tvsl4E5PBpc/pgEuM+U8hnAygP+82gAihulG19eWoXHeBpZ8sWOIQhi/v0l+2A+OKwqSop+2EEKoKVV0ko43vEn4Vi40iMJ1dnKOvY18vTWhZI6rw4u8Hzgh7D0NbCY4ra/hhN+BYV9PMnA248kNwrxGx5EavbXmkxPw/YxaVWgVRwaDYn0c7vxF5iFvKkypbOxJQkNzwTzpaKBD7190NSsQSUXgpb1ISa4tMtgQDDlfq/eZDcqTzBCmtGK6sZheN7Js1bAbVmlTpipZTAUd70IzejEQ6ThJssc5uUyv+Pru0sYQ8jsy8v3Jhwq7W0zhJmONj5RLTxJKCF+RyrdUAe/faJ5LSDZnC2a3VsRMjt7MGvnHHHe4ybFaMRDft66/Vxx6YZYnvKBsT9l69GxbsrqZWR8isdewNlik8DEYBsgap9q8GQbdVTosi6Lw7JjX9go/KmXr429HsAWEUp/RQotCqWTsziy6y6siuzNpYrnifboYsizEcC/X7iol29mCuwIxWW9THBpxwxa+GXcU3lxfLJCKBZU2n8KCv9UfescyOysEHVKU3U7Qyp1tOvTHS5NJPOhS20Lh8zYTmkUjw87AbrkHnCg+P0C18wvRf8d+PE8RuITEealI6dEc46C+l6Nw3yBZ1HC/ctJdh0azrp1evjMdB9AA3rPkfBtFiYhNBQnH0H+/IxEut9J407NC8zz0f6OjWizMVlkF3PTXME2IRWGxFBAvHjTtscQFsfQJNXicFGPM7+pM7c1NiCK7RqsI5uBM3d1a6sVrobeBuXxOnW0sB9NGj4mImIAv9exOwA8mP32KF9X0J/VGO2Hikpro3NVGGjR2yGAta5PXsqPNBX0I99k26K8+0vh0K7850Agi1gE1W2B3tS1pbNZKWV3IPHuDVtmCd4TehDPG6Ovw9bz+xCAliy/60PAjhf9YUiG0uC1uOIEvC7sgAaoyA/QjNqrBZRLLtONBVqVgpwGwwWZe4Bvob9vpRLBNVycAl3FIreMl38yNQzrnA37tcSfJ8GC5k+8S7Ey/Tu64aJzpKsFxNi58PxV3Gccr7d/rVcXwFo8sqJGKOzn37xFTGJ3ZNV5LjTyGNQT3k+B97OPN22+CebWThfKfM1Pf5vdJFUMurQDkspsmCun+QCpmAOC2hQzk0PIuUsJ1B4BlQXVexipPZunbI2uMMuutYXiJtc0Q5KSM3XtzayhWDi7C4i0gahNk7Y51ELI3ZcrnFfMzlYpB08k4OwGWoM4R6H8O6ntTQiIKq/BMU9vKn1FAN2NRj/snLdv6oQHAItvEf0VPfb+pN/lJ1yVSxMuPXeMhvnTbAyQjkLPX0LRlAOGOAHsIXHxLsdzgkSj1o8LoB8Ppd4iXx4h9GVCm2UXFr9dokeXes+JWEIxm/wV8Dg2dmztpeo0Fz7t5AjphJaScrAe8N6lIOx3O+QGiUpFhiY3YNqq3ZiEQo8SvMIOR+oGKloh24Iy69dWuOHhgBbowUqko2oewsa+rmSN93UbZKKllVnK4mCDHuH2Kud7pYT4W85MYNVy0cKFkH0yv5IUrG0IN+ak1kmN1bCe6MkWX7zpLdfWz28I2DbUIwYBjzXjwAgxW2gPDq69nWtCXLl21WIRokMQXblPITllzSMFiANdBzY71W6zPAfQu7O9stCiO92K94oM9s3qygKo7xNBhZNs+3A7CeZd0lhhxvg8O8fOeqXr6Mp2Bb0HrTZGZPvQGX8RJfRXLYQ1DNP9GKYPCRtTcAuuD814+RFC8duqaykbcZLTK58sEguS9i8EMcILwQD2A3XxIvt9IwVphFl63T6RNrwmuPXbgTofqWq1b/rc1bG3m+7QVi6qNHG2vzsw18/vZGPyQMSkNL5oDirt2+vRBDjDoOrBiH1nw0jN9MLlsG21LW5P7JX7BAs8a8q/a2/fH2wkNzNZQGXuNtXlEgrw8MUr+21ptXbBAf7jXd0JzkJGWU2tzAZ0a46zhtOi3tTX4biUqR2z7gLtq7+EZrscgncntQ5WhobJ0ALGlVoe0GfvY+gq1GXm5AE2bOnTchpCxcPRREsV8AELUei+nj5zEaw0ynTunBVIX28jINpfF1kWuEOj9uA1qxl4MWUzyceon/FrsT8suHFKsFSlrQNMJLJBzx+cFcCjOCUZ+kB2DxDMtA7GtNiJ0NImcLFvH7Rjrhil/Ct1+f3NxHxH0g+iw5TldzFjVvpOOtEa1ivOLfKxqDfX8CQQx7azqxuuWQ+5+NWJiI6nrBNTCQMNLK0O1khRUnLD7ZuiW5fDo8/7/P0W8lXjaToCegBQhpCVcFE2eYp55Zw/Rs5a57v1jjSmTFL+/oNP2/4XIoypj4wKUCKITrck2cN6Ysa5QUT46oj1y5czY5J6quoybmS7wOhBDbcdcXX4jXGIB3EsAiYhZM4O8ECjhXmSV1ynQa/sH9TaS+HmaWbAvJ4O0O8UFLwPzEL2AaaBYZ7fr54VXy2hpK8E/br5ysBsTa7Sdz15zPX2AuNQJWB0TGDWMS27VdWGpoTP9Ru7S37QHk3eb+8Ut2C/3Tv7xIV+u//4EBGVerpz/wQlrRPQi7LGc1W9m/uiP+DRqfHgPKD+c8iiqIrsIeJ2AK1lgEFZZ291UqJG3CaHaSW9mERB85ZY/kEPH44I7rKDn5HWRv2JPIlphvqN5RKIROsrSyztwfZSVj3I+XgOauBHIuo8cGGOhR2HPm4my9KAGSJmtv0kUubYSLTup06863KrnF71+3DRKK8VDDZoWlWYjE2rtybN+3lSdm3uzjQjvdaKjpgTPqjeP5Askzvi3MM2SCygKNeWf1Nq3cBgofBe/74juDSBx7lr3IWLNnj3JmAfvPsCSYSHkvJ9QwDYgaoX4m4EozzaZatp5oofHPSQPV7k8rnMO9hQ0ms4hMWSerrSvNm9M7vDtQJj9HIB0g6kE0ZAJ8vlax2gT4YaQQ6/o5Z7w8/7oU7VYK2vWWwLQ4/iG33QbV2W1auQ9c/djnEMfJauMYF6sBibAgst7gxpMoao83Uy7HsRSDjIejuSes8BYLfcURbX2FVzduWcbrPXCKZ0du4OQGCuNrlxnIGsQq6I9lAe2l89u8UG8mfQAifS0yZCeFjN6Ve3gRZ69kkfKbQp+gVnZ3Nlr+JRYCZ/AwDgJ1VKGzRGAFQ2j+jgHyYQPEJ0QoiBIY3LbnpG+6NOybMPEK5pUK/L5X4lccYAwiEOPAeOWZY8pRe77rxju/a/wwNFtuRyvy8JY7z376ygzDy3AIMdiseqiqlY2xzU7HTwOZQgIPiQ7QAtkUY47XtqgDTBTKTMDb6fBBp7AKaLeVFMlrMPEW+n5t2wq8pLFDYVDoVg+WMthp6CXyV18DsfAHvkMnj9WTF5rBER++7veWgHPARw/Wq6Kyb0kM1+mF9w4yHKllvu2CTB8i8t92v1uQ5x2x9tCjOk3wgwjzUQi1gHTV0FHmJMBjutkqcq2ZoJVzNIzJB5WghHVgaapcoHmHkzmW4qkIEx/3hGQBBlPyxw14PPfnZWFwCzNdvsuR3yGgFec1Z/LWDkF6LLgPwpS5/8QQNsLOpGGPRWo0t9UiYsYDDY70Cb2cxFw7uLTfcuoEr6YQJpbMaOsDjo7+xsWJPLVGay8lxhRmBRM5O+qWKzyKDjgNelzWGChUZ+NW+eUvPeE/8M6a/Gos106Us3HnIARvrQs3j/CC+4q3+DhWa/diJBq/kSMBDoF28j5RDHI8xlIr4hMFNWD9yIM5HmV8HghCGZd1YUiXqGDvpVYfCj3xsaMyuCEQuf2SZw4zDUpBfgrarCNMQhFkqMQshkssMCvOu86TW2JIYevohdWOGvr0ZaXdrIKaIlEPMsLSPWuENZ8MttYEh4Ui4H7Crx+WY77d05D9+ynaSp2i40wK2ACwIQQBxG+OiT38lb89G0uvb4Pak0bV7aGyMR1KWauZhf7RT7TTsLeiIAAFUMvATbPEZE6VmB1m+J+B3Vpe8q9QvVk0EvCzk6CIyLBQ9ALyXgkTveMWN0F/NXC37bX7n15wRrQLv2AxvcLIEJ5/QSIUj8bN6IsvPn/drsVz8VP6os6fXWjm+IYSvvUGrRZGQ1d+1fjEDYWTaFzdc2H08Q1LAD5rdfUXg0tDw382U92h8oaPQQsQoKmEw9hQ+bgjPOycdwnIgZKANyrl7J5NNRImBz5poIsm0XRIkX8E8PFWaSOA6Nc3rs7nhxmkAO8s8SmnOXhKUtNyJ4bPL+5D1Tepvbg4Y2L2yOBw9nST4DPLs9gEBRANe3vwzuO327gqcec0SjAVTMqQA6FEpHq+diLQ4RtvFWC2jzrK0clqwhLfBS6Ftmxt3f4p1vEMvQh2pkDkNRnxlgwUV2IRcQE6AE+tUsLDrhwHdHEA3MPxwdEJCkVB5warZDcGArArNRA2YjkS/pWFxMaLS5dBtgNBOgj8LAAnYpCxM07DWmcOgiv8msUCTUAqGqCp23Nd/fmoLtIAgEDqP/tjg1xsoCHl3GWxSQKhQX7YecHPth4GJYabDnuAAr2LwoZ8QOEflglKT06CYPNwfAWYC8oUYUiogqf7C1ce8fy5eRABLzUFpzP6oodV8dhI2WpKVIc+vrAEWFOT9LlhExgc/HBTcB9CaZ4yJskYhnGIPf0GTJQe7vwajMmQrq2R2/ih40x/PO/FwvrWeZPz322pHgeH1k+Ldf5RqzDzqFwV3luJhV51FEqtuQ5xyIqX59O/auwgiowSaT6voBpXajtzoZWT+eCdiwOynrLpsXQIIweFPRb8ayPSsPPkSC+YCrFez5bzkC/71nfMIK4bfm8SK7opoBegu/Xv/htwkwYYAtOLmOFUALXBE11j9Mccze5jURG+SJ+bNFI4YMcn4AVOynWxGg42XAyIcb4DfZAO+scjSrT+4K9yPgfAB0xo8faSHlP8B1ovdl2qxDdnnXhijHEyatPPv5++li5TBZDtGY51xxzL55/ZGmwXMk/uDDo1Viu1pkr6YpoC2KjZdVjbCaNMDMMkpZfz3SBMnIJ/bbXgT+6ZD3+E3+VsguAJ0yhUyfJDIg2J+nB+wKUyWcn+GMxA6LZt36c/j0L4+hNGTvZlwTcxfbdct4c3dwt6TE5qkSAZBFr2ayhuIOF4wCw5TBBUVpIvZfJ3mNNSxUJ2c/XuAB8axLa+HXQiMsT82xBV3NU75dOYzeD4l+9pUEI6ASbfaAWID7DhgwuVwGLvIKW8Cyu2PuEkP6sOBZXmHpWhwC+cJLANy0RdQtRs6QbGPnfZg761MA/9ywNM0U0ZdYYDk9GahCTkj/541wFSrg79BYnwj2E04x0pihLk77YLRYNfIb5HJ2LiZb6keqBXDHxZS5kJh23LXwppgizIwPRpTZ1WvzDnXDb+8hSpCy7cof0NLLwoOIg+vBgyumDniGENiIhio0mOzCxrpATYWPLPtJygBrdgk8Xdt0YKpbYCQZDqV1OsuF8BBZ+KXYfZo9jfYeZGPzeqfL/pZwINUJYLkTsNwaYN2hwglCzb9EfD/o3ykPp7rCnFrYNgHw+3B5hMOBHWDNmIky3KUMkYY9bLb8wkjgJdGCWafb/vZxJBT2FDo4o79LvYBDDPPN5YosMclW7O8RduqHFdvgnTVtKiCMidK/JEvwCBKHMeP2Qgv8hXk35uqQtn1Qlkn7PAycDGJ7leIsxbNAY2ph7oZ5Ldsi2em5S/mbRjaSt1+mNRJEIZm/w16+fZtDyR7CF0/jYIGka3LHwGUbeuT9WHDZrb3DZ2I3NeGyHCJM0JrR7Tt5GBsxZtrFjg3RMfyAe7MluLeOZTDeGAOU8TdSFnWcmhyicz+gQ4Emg+jHPH/J78DfZJCiAx1d3Sqsa17K0zB2wV9SLSyBJx7dWz8g3E9wZZQA3bfgXDGqwBTWJtz4WuXwZK0FX+YGlnBCj6fNgqWhHjiz48P3rQ3tsx3K4+7LlzUQQxz2LMTwjFBeTeyfCXvR3P2UnDrlifWXQEE8MJYH/LsGWkZDe04Nm45JzscLMBgf0W2HAdxzXRiAUbEzq0lTQyszoZUlMITI/azMKbLeElK6DKdt09cvmVrcRFi0Apf78xW9z459j0rqJMiM3bfDOJuU463+6D+t9anJNhWJ+xefX8b3lecWGYaK9DFAn/O6upEVdqO/QqkyLVisiH9/HHdUH2cvWPnLReVCM78k8NoX8KMa3dTSmqxNbbAG4TYi/rxL6MP3B0f2VLr+eVZR0HYEOwA/keVxPqS+9fUcS76beRyA33E0JM7JigAYWbEX8P4b2t7O75eq20lbW6jFAGdjzOgyd+PUMN+PhX0+JqgD3DJYf1HY7z7Q+COR3aO9X/pBtS30/H66QM8fW2xMWGnfQSTwwx60+En0tb1uxXhR10aNZ+h1mdMrChOeWABGBZuY5gU8fK2+Act6A/wokhWw1uQA0969fWDFgDAZBEH2XsoIq/CrhybP5XVlrcp04ye7PIK9BR5mf3FI4chIuK5FAuZHMxNyswCqclgWwEYSClJ2ShDIPrIyZk2vun7nU5g71Z5kzMBjb0S2gHOr+RJes/0A/RLiEbCiivyV7JXRMc3QlrgCto+4JgR+u7T+qYa/1EwCzSLs5Fs01SsxW8H2M2YM5OFORVgMUFsAj8RIwIoWxXLk55gxujamQRPu3jfWejMVdVTMZ5Keejkb85dxyJ8GdWy1S7n+j5fqUuF7TzjPjN3r7ucngAeKpSQiyTn5QK8I9swX9ExDwCA7WxJzfZ5x6NUOs4GZEzZVDPgYcKGZZCXtHYP/owewatAxoMseXp8LyGmgNAyZTjSvgzlspzsfruyoaUnueSMu7uqXrLu1/a3KV6pFF2ttB8W7ZKkq9PmUNVeoz36sC/PeIfXTSU0XbZaerYNKzUE/cDDW9yS0Js1RkagC9nife4E19R9G/8EBBqxqqspwHuuwfUvc7oAi7yGMy7EE16zQS1EE+6e1ySYgh/H8M6FIY7xvYYpz+ENmC+zxwIEmDkemWfEIEYG5Gwcn8DUa5r9Sce0EF4d40dnmzLBXGIF44oyCeekvXFngHLJ5xktVZdCiPhXav8f8wePCfpBL/dEcPQsjkWU/QnL4TIRHCTzilRERocqmdlGGPiWsV1+fjTMP3kha7FdPUFZG4k3HCBE0YyQ0X1wCYMYsoQ2ms9a1rZ0+5noNsZfDqvYiEAx0gtvPKuFyxmMjR6Btq1UFo6UuwG0v9jngjBayVR54HaBucrr5O+6A9mcwd+AgUx758wTrwW1c/VNwzezW397u3ttAZOIOFBDwaVdCgHlImdNBidfCgPkGOzuGnQYdPDpdWWCSj9lxmvbibY8uWsBbK9gPMhH7gCopS5s7CwkrLHLB8ScWYwElQ5+pWDTLJ7kn3x4iIklQBi7t7TLber3lzmp4ULM5mweYB5xN1jTLdD/NWOql/xjGECVSnwCO0gJSlaP5G23TvNqPiVzhqbBi7PMvAR72ypnrIQMfCi0ScuIlwVPAp5vVaVWBkf8AQQ89IFwe4nL//2rvypZbRZLo13RE94MnWAU8FtoQkgAJbfAmVrEKAWLR13clkm3J1r1zu8cz3T1xIxxlTBVQzsrKzCryHGCrhBhVPb0WZTJYs6IVuNc9ZFg8bgY25HkOS13F9smpNVLSWudw2mqox2p2dOq8+6VY6pd6MLd30qR0VqOJKeAQ2tWdviCn0dER2S5O08EOmS5E/rIE3lyr1evWR4qjl5otYPZlWmRdiq11Ur1EbbA6+xcGr/tpuUxCw6HlmUKAboYn5UrfIF66VxMb6SQexrQyZXLdOYr6kpXwIqDc4tiLJnKHVym9STfS1jyaPuxVVbB0YMaz/aBiPXHD2noVZziOkbdxG8cjyCniFZj9XMK+zX5B48/B2Fk73Wcj+oveYYcGNprhmBJ3Qb7u9AuhW06j0jyqY9vTB5QE+rHoMxMjyolAb/INTUWyh7IwtHS5yhQm4QPeIrEpXumhvCIlKfK2ig6bObzl8DvbN/x2rYIKDsxa2RIwitxZxCagSwY+zIhqYl3Oa2kNhFelgyNGb7GsHXPmrarZ4gBvHjRPQf2lOWgabbfZsoFncHgBo2famELxeQx+s8ujcn+5cTDiZ/vIyGPXhrwpTukx+jrRlUFJo5M9sNp0UMuC3uY82L+DLTZ8e1GJRC/wRAxqhEQ+lpdDrG0jdYfkcjZ1dx7p9+1wAn2Wh0nOHcJT0n24YdrCOb/LfYqCFckMOT+wykXHJHzNYNDJief4S69cxHQ2w8+BfaKRcdLci9Arb9cZ1Bk1DjFdy5PoYi/7nL846qactPU1w/pHsrF7yBtLp/46CqJ9pC9lteXkk0Ty8EZKnsYD0RflKMwiJKPotJ6P0TDR1WSBor6eLWoD6eakZ2LdgLaQPmCL28FSJn1NQux5jKfulvFgnq6LkwI5uUeFG/MQjjcVjGuxbypaAlbi0Xg9NwS9f6ywNKc2Si/5wssFshKrLruMMun3sqwvgrYOvSNvVcTCNYSOgHkHG0h8QLsBx5RWpyolvJ7hiveSTQjtrApVg0J6KCWarRmaf0hn03FHCAGflhydL+9labFaDzBho0oVUtprOH8wmyPNGBCaltCXxQR7Crf69BxmW1i805OE2+eTe27TZrCEEMVRrbK5q3Bncr52C84CsS1pjapKjrB1oUOkYCGBUW3yjqPQbSp/T/bR4FA00py+5sWFs+5Kg8rm7p7k9PD5NWJ46ZMXAjmQxfBJ9vV628u3SNHPsTmVXTLpeDhNMaVBfkK4BXVnhNBTcegeVrRClvAyZUMNsXpMIk5f/MUZ3z/b/mz7s+3Ptn9B2+log82rBcnEK3sU7q7Wf1zkQoPtLESzZOmfGoTK4pJhj36i5KtN3bzZ1D1dj4wD6narGgk+sz1Ck11l8Y1i7/nyQMZg0bHpvYSUwnDCzPJbNh5NDZPBHoiu89UOXFNA+niBZYKbfC3pdoa9pCZw1MUDl6lA/I0jUfDDtRrnrppnNa2kbYV7bL31+OoZDpZ3QouGqxdENkXwkQNRGNKNPShWH9wcB1vjsHFUlhoX4o5jf9iIbAgQPhFWaBW/XLnaIEvHXeTUs9jZjW+Wm3/43WEfqshV6AacZsueNutwBsmMG2VWHBhGKn1Cm6KzoPj9Chb+c9fpnN1rFNFcbj4wyzYRqQWC7Y9w2LJwQ0QgneMnEClxq/oPjDF8BVGsRUC3xUzd/mHNofydoZ75RMYx15rE0aRlzc91KUflaj3yoU0K77Z3LRJstPMVOqUndaSbJ0FlhikXy9Pzcsh4Dufo8jSSI6bKnNZY+5mM4rrDuOXBUiaKxkZJfc7MpYOGx0x0/HklH3uKjqO32JJSZ9F41bxmM+2gcXze7nLfHQ9wzB9wtqnq8jjhc0fviKXPSKgpeLMHyxeIqOop7mW891xmOH2C4/tulAma7hWpNu8H7XA+KzrUpL7eqMsp2zcmky+jh+DoR3oIgfyElqX5J2BZ/r8Elu39f0HnWYqnOjTul2CbiX9Rj9hmnv2MbeafYOVfIdFfPlzcN6Hy38Sp21fpAEY9961fcW/xD346cXf0GxyC0IgO1e7tAZpxvQbfaJ9kXSVNMx8w8481jze5g8b3ABr/UHftJVSmxzzZx4/V9U2UUM9c+9lVxm5ZuvkL/lftIPWfXv8tZoD76gCrc3q7PXHXta6yzPdp4eGbvt4eK9prg/qYO49Pv7/ceoOHv3yQOcXwb7KmGOH9mL2TvBMUWby/ST1I4+DuwV583Jf3HfrMVjAq6Bc3jl6CJDvm8C/TKN6XblF+k23gTxEIfMW84j/NK/IJSQ5FPZlY5BeQBjylbfls9v6HLDnvzDjGXc1zlpw35ps7shvjgevme8w3H2hp/i0VzlNZ3drdU+EsCq3QnSjVzDqMN2hFtPXmhaSf68EPU9/8RyP6qpd3phILQiB+wQLmaTgWma7kuzPQtvtT7MphV9K3Breq60nyrtn1PLod/10956ObvPnOe3d65bEAIOOronyazk9U5cc5sIQn05t5Nr2/ghTke7RMd9qgu/Y5D0rodh8L1b3xJP1Tx++NNOgLxq/HP44f/Rq03sc9z8bvT1AEQfB+BF/2TgiFRXuYHx0XWvwO ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/terraform/README.md ================================================ ## Deployment using Terraform #### Description The solution consists of two [Terraform modules](/terraform/modules/): 1) yc-managed-elk creates a cluster [Yandex Managed Service for Elasticsearch](https://cloud.yandex.ru/services/managed-elasticsearch). - With three nodes (one for each availability zone). - With a Gold license. - Characteristics: s2-medium (8 vCPU, 32GB RAM). - HDD: 1TB. - Assigns a password to the ELK admin account. 2) yc-elastic-trail: - Creates static keys for the SA (for working with JSON objects in a bucket and encrypting/decrypting secrets). - Creates a COI VM with a Docker Container specification using a script. - Creates an SSH key pair and saves the private part to the disk and the public part to the VM. - Creates a KMS key. - Assigns the *kms.keys.encrypterDecrypter* rights to the key for SA to encrypt secrets. - Encrypts secrets and passes them to Docker Container. ### Prerequisites: - :white_check_mark: Object Storage Bucket for Audit Trails. - :white_check_mark: Enabled Audit Trails service in the UI. - :white_check_mark: VPC network. - :white_check_mark: Subnets in three availability zones. - :white_check_mark: A service account with the *storage.editor* role for actions on Object Storage. **See the example of the prerequisite configuration in /example/main.tf** ### Example of calling modules: ```Python module "yc-managed-elk" { source = "../modules/yc-managed-elk" # path to module yc-managed-elk folder_id = var.folder_id subnet_ids = yandex_vpc_subnet.elk-subnet[*].id # Subnets in three availability zones for ELK deployment network_id = yandex_vpc_network.vpc-elk.id # The ID of the network where ELK will be deployed elk_edition = "gold" elk_datanode_preset = "s2.medium" elk_datanode_disk_size = 1000 elk_public_ip = false # true if you need public access to Elasticsearch } module "yc-elastic-trail" { source = "../modules/yc-elastic-trail/" # path to module yc-elastic-trail folder_id = var.folder_id elk_credentials = module.yc-managed-elk.elk-pass elk_address = module.yc-managed-elk.elk_fqdn bucket_name = yandex_storage_bucket.trail-bucket.bucket bucket_folder = "" # Specify the name of the prefix where trails writes logs to the bucket, for example *prefix-trails* (if it's root, then leave empty at default) sa_id = yandex_iam_service_account.sa-bucket-editor.id coi_subnet_id = yandex_vpc_subnet.elk-subnet[0].id } output "elk-pass" { value = module.yc-managed-elk.elk-pass sensitive = true } // View the ELK password: terraform output elk-pass output "elk_fqdn" { value = module.yc-managed-elk.elk_fqdn } // Outputs the ELK URL that can be accessed in the browser, for example output "elk-user" { value = "admin" } ``` ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/terraform/README_RU.md ================================================ ## Развертывание с помощью Terraform #### Описание Решение состоит из 2-х модулей Terraform [/terraform/modules/](ссылка) : 1) yc-managed-elk: - создает cluster [Yandex Managed Service for Elasticsearch](https://cloud.yandex.ru/services/managed-elasticsearch) - с 3 нодами (1 на зону доступности) - с лицензией Gold - характеристики: s2-medium (8vCPU, 32Gb Memory) - HDD: 1TB - назначает пароль на аккаунт admin в ELK 2) yc-elastic-trail: - создает static keys для sa (для работы с объектами JSON в бакете и шифрования/расшифрования секретов) - создает ВМ COI со спецификацией Docker Container со скриптом - создает ssh пару ключей и сохраняет приватную часть на диск, публичную в ВМ - создает KMS ключ - назначает права kms.keys.encrypterDecrypter на ключ для sa для шифрование секретов - шифрует секреты и передает их в Docker Container #### Пререквизиты - :white_check_mark: Object Storage Bucket для AuditTrails - :white_check_mark: Включенный сервис AuditTrail в UI - :white_check_mark: Сеть VPC - :white_check_mark: Подсети в 3-х зонах доступности - :white_check_mark: ServiceAccount с ролью storage.editor для действий в Object Storage **См. Пример конфигурации пререквизитов в /example/main.tf** #### Пример вызова модулей: ```Python module "yc-managed-elk" { source = "../modules/yc-managed-elk" # path to module yc-managed-elk folder_id = var.folder_id subnet_ids = yandex_vpc_subnet.elk-subnet[*].id # subnets в 3-х зонах доступности для развертывания ELK network_id = yandex_vpc_network.vpc-elk.id # network id в которой будет развернут ELK elk_edition = "gold" elk_datanode_preset = "s2.medium" elk_datanode_disk_size = 1000 elk_public_ip = false # true, если нужен публичный доступ к ElasticSearch } module "yc-elastic-trail" { source = "../modules/yc-elastic-trail/" # path to module yc-elastic-trail folder_id = var.folder_id elk_credentials = module.yc-managed-elk.elk-pass elk_address = module.yc-managed-elk.elk_fqdn bucket_name = yandex_storage_bucket.trail-bucket.bucket bucket_folder = "" # указать название префикса куда trails пишет логи в бакет, например "prefix-trails", если в корень то оставить по умолчанию пустым sa_id = yandex_iam_service_account.sa-bucket-editor.id coi_subnet_id = yandex_vpc_subnet.elk-subnet[0].id } output "elk-pass" { value = module.yc-managed-elk.elk-pass sensitive = true } // Чтобы посмотреть пароль ELK: terraform output elk-pass output "elk_fqdn" { value = module.yc-managed-elk.elk_fqdn } // Выводит адрес ELK на который можно обращаться, например через браузер output "elk-user" { value = "admin" } ``` ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/terraform/example/README.md ================================================ ## Terraform test script 1) Fill out the variables.tf file. 2) Run: ``` terraform init terraform apply ``` The module performs the following actions: 1) Creates a VPC network 2) Creates three subnets (one for each availability zone: a, b, c). 3) Creates a service account with the *storage.admin* role to create a Bucket (Object Storage). 4) Creates a static key for this SA. 5) Creates a bucket. 6) Service account with permissions `storage.editor` for bucket jobs 7) Cluster ElasticSearch from module `yc-managed-elk` 8) Container and COI-instance from module `yc-elastic-trail` When you exit the console, you'll see the DNS name of ELK Kibana and the password for the default admin user. To output the password, enter the `terraform output elk-pass` command. After that, [create Audit Trails](https://cloud.yandex.ru/docs/audit-trails/quickstart) manually from the UI and specify the bucket created > **Important:** Be sure to leave the trails bucket prefix empty or change this prefix in call of module `yc-elastic-trail` in the file `main.tf`. > **Важно:** Then manually enable Egress NAT for subnet-a (go to the subnet settings, then click "Enable NAT" in the upper-right corner). ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/terraform/example/README_RU.md ================================================ ## Развертывание примера через Terraform 1) Заполните файл `variables.tf` 2) Запустите: ``` terraform init terraform apply ``` Terraform модуль создает следующий набор объектов в Yandex.Cloud: 1) Сеть VPC с тремя подсетями (по одной в каждой из зон доступности) 2) Сервисный аккаунт с ролью `storage.admin` для создания бакета в Object Storage 2.1) Статический ключ для сервисного аккаунта 2.2) S3 бакет 3) Сервисный аккаунт с правами `storage.editor` для дальнейшей работы с бакетом 4) Кластер ElasticSearch из модуля `yc-managed-elk` 5) Контейнер и COI-инстанс из модуля `yc-elastic-trail` После выполнения установки Terraform, в консоли будут выведены: FQDN-адрес кластера ElasticSearch, имя администратора для входа в консоль, и скрытый пароль. Для отображения пароля необходимо выполнить команду: ``` terraform output elk-pass ``` По окончанию установки необходимо развернуть сервис [AuditTrails](https://cloud.yandex.ru/docs/audit-trails/quickstart) через консоль Yandex.Cloud, создать сервисную учетную запись по инструкции, и указать созданный модулем бакет. > **Важно:** Необходимо указать пустой префикс для бакета, либо изменить префикс в вызове модуля `yc-elastic-trail` в файле `main.tf`. > **Важно:** Необходимо включить NAT на созданных подсетях. ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/terraform/example/main.tf ================================================ ## Example infrastructure # Создания random-string resource "random_string" "random" { length = 4 special = false upper = false } # Создание VPC сети resource "yandex_vpc_network" "vpc-elk" { name = "vpc-elk-${random_string.random.result}" } # Создание подсети resource "yandex_vpc_subnet" "elk-subnet" { folder_id = var.folder_id count = 3 name = "app-elk-${element(var.network_names, count.index)}" zone = element(var.zones, count.index) network_id = yandex_vpc_network.vpc-elk.id v4_cidr_blocks = [element(var.app_cidrs, count.index)] } # Создание service account resource "yandex_iam_service_account" "sa-bucket-creator" { folder_id = var.folder_id name = "sa-bucket-creator-${random_string.random.result}" } resource "yandex_iam_service_account" "sa-bucket-editor" { name = "sa-bucket-editor-${random_string.random.result}" folder_id = var.folder_id } # Создание статического ключа для service account resource "yandex_iam_service_account_static_access_key" "sa-bucket-creator-sk" { service_account_id = yandex_iam_service_account.sa-bucket-creator.id } # Назначение прав на service account resource "yandex_resourcemanager_folder_iam_binding" "storage_admin" { folder_id = var.folder_id role = "storage.admin" members = [ "serviceAccount:${yandex_iam_service_account.sa-bucket-creator.id}", ] } resource "yandex_resourcemanager_folder_iam_binding" "storage_editor" { folder_id = var.folder_id role = "storage.editor" members = [ "serviceAccount:${yandex_iam_service_account.sa-bucket-editor.id}", ] } # Создание S3 бакета resource "yandex_storage_bucket" "trail-bucket" { bucket = "trails-audit-log-bucket-${random_string.random.result}" access_key = yandex_iam_service_account_static_access_key.sa-bucket-creator-sk.access_key secret_key = yandex_iam_service_account_static_access_key.sa-bucket-creator-sk.secret_key } # Добавление правила для HTTPS-доступа в default security group #resource "yandex_vpc_security_group_rule" "elk-https" { # security_group_binding = yandex_vpc_network.vpc-elk.default_security_group_id # direction = "ingress" # description = "incoming-https" # v4_cidr_blocks = ["0.0.0.0/0"] # port = 443 # protocol = "TCP" #} # Добавление правила для HTTPS-доступа в default security group #resource "yandex_vpc_security_group_rule" "elk-9002" { # security_group_binding = yandex_vpc_network.vpc-elk.default_security_group_id # direction = "ingress" # description = "incoming-9002" # v4_cidr_blocks = ["0.0.0.0/0"] # port = 9200 # protocol = "TCP" #} # Обязательно включить AuditTrail в UI на созданный bucket # Обязательно включить Egress NAT для подсети COI в UI на созданный bucket ## Modules module "yc-managed-elk" { source = "../modules/yc-managed-elk" # path to module yc-managed-elk folder_id = var.folder_id subnet_ids = yandex_vpc_subnet.elk-subnet[*].id # subnets в 3-х зонах доступности для развертывания ELK network_id = yandex_vpc_network.vpc-elk.id # network id в которой будет развернут ELK elk_edition = "basic" elk_datanode_preset = var.var_elk_node_preset elk_datanode_disk_size = var.var_elk_node_disk_size elk_public_ip = true elk_name = "elk-${random_string.random.result}" } module "yc-elastic-trail" { source = "../modules/yc-elastic-trail/" # path to module yc-elastic-trail folder_id = var.folder_id elk_credentials = module.yc-managed-elk.elk-pass elk_address = module.yc-managed-elk.elk_fqdn bucket_name = yandex_storage_bucket.trail-bucket.bucket bucket_folder = "" # указать название префикса куда trails пишет логи в бакет, например "prefix-trails", если в корень то оставить по умолчанию пустым sa_id = yandex_iam_service_account.sa-bucket-editor.id coi_subnet_id = yandex_vpc_subnet.elk-subnet[0].id } ## Outputs output "elk-pass" { # Вывод пароля ELK через команду: terraform output elk-pass value = module.yc-managed-elk.elk-pass sensitive = true } output "elk_fqdn" { # Вывод FQDN для доступа к ELK value = module.yc-managed-elk.elk_fqdn } output "elk-user" { value = "admin" } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/terraform/example/provider.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.60" } } } provider "yandex" { service_account_key_file = "./key.json" # token = var.token cloud_id = var.cloud_id folder_id = var.folder_id } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/terraform/example/variables.tf ================================================ variable "token" { description = "Yandex.Cloud security OAuth token либо ключ сервисного аккаунта" default = "key.json" # generate yours by this https://cloud.yandex.ru/docs/iam/concepts/authorization/oauth-token } variable "folder_id" { description = "Yandex.Cloud Folder ID where resources will be created" default = "xxxxxx" # yc config get folder-id } variable "cloud_id" { description = "Yandex.Cloud ID where resources will be created" default = "xxxxxx" # yc config get cloud-id } variable "zones" { description = "Yandex.Cloud default Zone for provisoned resources" type = list(string) default = ["ru-central1-a", "ru-central1-b", "ru-central1-c"] } variable "network_names" { description = "Yandex Cloud default Zone for provisoned resources" type = list(string) default = ["a", "b", "c"] } variable "app_cidrs" { type = list(string) default = ["192.168.1.0/24", "192.168.50.0/24", "192.168.70.0/24"] } variable "var_elk_node_preset" { default = "s2.micro" } variable "var_elk_node_disk_size" { default = "60" } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/terraform/modules/yc-elastic-trail/cloud-init_lin.tpl.yaml ================================================ #cloud-config #ssh_pwauth: no users: - name: yc-user sudo: ALL=(ALL) NOPASSWD:ALL groups: sudo shell: /bin/bash ssh_authorized_keys: - "${ssh_key}" ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/terraform/modules/yc-elastic-trail/docker-declaration.yaml ================================================ spec: containers: - env: - name: ELASTIC_SERVER value: ${ELASTIC_SERVER} - name: KIBANA_SERVER value: ${KIBANA_SERVER} - name: ELASTIC_AUTH_USER value: ${ELASTIC_AUTH_USER} - name: ELASTIC_INDEX_NAME value: ${ELASTIC_INDEX_NAME} - name: S3_BUCKET value: ${S3_BUCKET} - name: S3_FOLDER value: ${S3_FOLDER} - name: SLEEP_TIME value: ${SLEEP_TIME} - name: PYTHONUNBUFFERED value: 1 - name: ELK_PASS_ENCR value: ${ELK_PASS_ENCR} - name: S3_KEY_ENCR value: ${S3_KEY_ENCR} - name: S3_SECRET_ENCR value: ${S3_SECRET_ENCR} - name: KMS_KEY_ID value: ${KMS_KEY_ID} image: cr.yandex/crpjfmfou6gflobbfvfv/s3-elk-importer:latest name: audittrails-worker securityContext: privileged: false stdin: false tty: false restartPolicy: Always ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/terraform/modules/yc-elastic-trail/main.tf ================================================ # Сервисная учетная запись data "yandex_iam_service_account" "bucket_sa" { service_account_id = var.sa_id } # Создаем static key resource "yandex_iam_service_account_static_access_key" "sa_static_key" { service_account_id = data.yandex_iam_service_account.bucket_sa.id description = "static access key for object storage" } # Работаем с ssh ключем resource "tls_private_key" "ssh" { algorithm = "RSA" rsa_bits = "4096" } resource "local_file" "private_key" { content = tls_private_key.ssh.private_key_pem filename = "pt_key.pem" file_permission = "0600" } data "template_file" "cloud_init_lin" { template = file("../modules/yc-elastic-trail/cloud-init_lin.tpl.yaml") vars = { ssh_key = "${chomp(tls_private_key.ssh.public_key_openssh)}" } } # Создаем docker-declaration data "template_file" "docker-declaration" { template = file("../modules/yc-elastic-trail/docker-declaration.yaml") vars = { ELASTIC_SERVER = "${var.elk_address}:9200" KIBANA_SERVER = "${var.elk_address}" ELASTIC_AUTH_USER = "admin" ELASTIC_INDEX_NAME = "audit-trails-index" S3_BUCKET = "${var.bucket_name}" S3_FOLDER = "${var.bucket_folder}" SLEEP_TIME = "300" ELK_PASS_ENCR = "${yandex_kms_secret_ciphertext.encrypted_pass.ciphertext}" S3_KEY_ENCR = "${yandex_kms_secret_ciphertext.encrypted_s3_key.ciphertext}" S3_SECRET_ENCR = "${yandex_kms_secret_ciphertext.encrypted_s3_secret.ciphertext}" KMS_KEY_ID = "${yandex_kms_symmetric_key.key-elk.id}" } } # Развертывание Container-Optimised Image data "yandex_compute_image" "container-optimized-image" { family = "container-optimized-image" } resource "yandex_compute_instance" "instance-based-on-coi" { name = "elk-sync" hostname = "elk-sync" zone = "ru-central1-a" service_account_id = data.yandex_iam_service_account.bucket_sa.id boot_disk { initialize_params { image_id = data.yandex_compute_image.container-optimized-image.id type = "network-ssd" size = 100 } } network_interface { subnet_id = var.coi_subnet_id # Не забудьте включить NAT для подсети, где будет размещен COI! } resources { cores = 4 memory = 4 } metadata = { user-data = "${data.template_file.cloud_init_lin.rendered}" docker-container-declaration = "${data.template_file.docker-declaration.rendered}" } } # Создание KMS ключа resource "yandex_kms_symmetric_key" "key-elk" { name = "key-elk" description = "description for key" default_algorithm = "AES_128" } # Назначение роли на sa на расшифровку ключа resource "yandex_resourcemanager_folder_iam_binding" "binding" { folder_id = var.folder_id role = "kms.keys.encrypterDecrypter" members = [ "serviceAccount:${data.yandex_iam_service_account.bucket_sa.id}", ] } resource "yandex_kms_secret_ciphertext" "encrypted_pass" { key_id = yandex_kms_symmetric_key.key-elk.id plaintext = var.elk_credentials } resource "yandex_kms_secret_ciphertext" "encrypted_s3_key" { key_id = yandex_kms_symmetric_key.key-elk.id plaintext = yandex_iam_service_account_static_access_key.sa_static_key.access_key } resource "yandex_kms_secret_ciphertext" "encrypted_s3_secret" { key_id = yandex_kms_symmetric_key.key-elk.id plaintext = yandex_iam_service_account_static_access_key.sa_static_key.secret_key } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/terraform/modules/yc-elastic-trail/variables.tf ================================================ variable "folder_id" { description = "Yandex.Cloud ID каталога, где будут созданы ресурсы" default = "" # yc config get folder-id } variable "elk_credentials" { description = "Пароль для аутентификации в ElasticSearch" default = "" } variable "elk_address" { description = "FQDN-адрес инсталляции ElasticSearch вида https://c-xxx.rw.mdb.yandexcloud.net" default = "" } variable "bucket_name" { description = "Имя бакета, куда сохраняются логи AuditTrails" default = "" } variable "bucket_folder" { description = "Имя каталога, куда сохраняются логи AuditTrails" default = "" } variable "sa_id" { description = "ID сервисной учетной записи для работы с бакетом, с разрешением storage.editor" default = "" } variable "coi_subnet_id" { description = "ID подсети, где будет размещен container-инстанс" default = "" } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/terraform/modules/yc-elastic-trail/versions.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.60" } } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/terraform/modules/yc-managed-elk/main.tf ================================================ resource "random_password" "passwords" { count = 1 length = 20 special = true } locals { zones = [ "ru-central1-a", "ru-central1-b", "ru-central1-c", ] } resource "yandex_mdb_elasticsearch_cluster" "yc-elk" { name = var.elk_name environment = "PRODUCTION" network_id = var.network_id config { edition = var.elk_edition admin_password = random_password.passwords[0].result data_node { resources { resource_preset_id = var.elk_datanode_preset disk_type_id = "network-ssd" disk_size = var.elk_datanode_disk_size } } } dynamic "host" { for_each = toset(range(0,3)) content { name = "datanode${host.value}" zone = local.zones[(host.value)%3] type = "DATA_NODE" assign_public_ip = var.elk_public_ip subnet_id = var.subnet_ids[(host.value)%3] } } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/terraform/modules/yc-managed-elk/outputs.tf ================================================ output "elk-pass" { value = random_password.passwords[0].result sensitive = true } output "elk_fqdn" { value = "https://c-${yandex_mdb_elasticsearch_cluster.yc-elk.id}.rw.mdb.yandexcloud.net" } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/terraform/modules/yc-managed-elk/variables.tf ================================================ variable "folder_id" { description = "Yandex.Cloud ID каталога" default = "" # yc config get folder-id } variable "cloud_id" { description = "Yandex.Cloud ID облака" default = "" # yc config get cloud-id } variable "subnet_ids" { description = "ID подсетей для размещения хостов ElasticSearch" default = "" # ["subnet-a_id", "subnet-b_id", "subnet-c_id"] } variable "network_id" { description = "ID сети для размещения хостов ElasticSearch" default = "" } variable "elk_edition" { description = "Редакция установки ELK (basic, gold, platinum)" default = "basic" } variable "elk_datanode_preset" { # see https://cloud.yandex.com/ru-kz/docs/managed-elasticsearch/concepts/instance-types#available-flavors description = "Размер ВМ для data узла" default = "s2.medium" } variable "elk_datanode_disk_size" { description = "Размер диска data узла, в GB" default = 1000 } variable "elk_public_ip" { description = "Назначать публичный IP адрес" default = false } variable "elk_name" { description = "Имя кластера ElasticSearch" default = "elk" } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/terraform/modules/yc-managed-elk/versions.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.60" } } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/Dockerfile ================================================ FROM python:3.9.1-slim RUN apt-get update COPY /function /app/function COPY /include /app/include WORKDIR /app RUN python3 -m pip install --upgrade pip RUN pip install -r /app/function/requirements.txt CMD ["python3", "function/main.py"] ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/README.md ================================================ Для обновления артефактов Kibana необходимо запустить контейнер, передав ему атрибутры для подключения к сервеу Kibana в параметрах окружения: ``` docker run -it --rm -e ELASTIC_AUTH_USER='admin' -e ELASTIC_AUTH_PW='password' -e KIBANA_SERVER='https://xxx.rw.mdb.yandexcloud.net' --name elk-updater cr.yandex/sol/elk-updater:latest ``` В результате выполнения будут обновлены следующие объекты Kibana: - Dashboard - Detection Rules - Filters - Index Patterns !!!Важно: для корректного обновления должны быть открыты порты tcp **443**, **9200** в Security Group ELK с устройства откуда запускается данная команда ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/function/main.py ================================================ import base64 import json import os import requests # function - get token def get_token(): response = requests.get('http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token', headers={"Metadata-Flavor":"Google"}) return response.json().get('access_token') # function - decrypt data with kms key def decrypt_secret_kms(secret): token = get_token() request_suffix = kms_key_id+':decrypt' request_json_data = {'ciphertext': secret} response = requests.post('https://kms.yandex/kms/v1/keys/'+request_suffix, data=json.dumps(request_json_data), headers={"Accept":"application/json", "Authorization": "Bearer "+token}) b64_data = response.json().get('plaintext') return base64.b64decode(b64_data).decode() # configuration - get elasticsearch certificate def get_elastic_cert(): file = '/app/CA.pem' if os.path.isfile(file): return file else: url = 'https://storage.yandexcloud.net/cloud-certs/CA.pem' response = requests.get(url) with open('/app/CA.pem', 'wb') as f: f.write(response.content) return file # configuration - keys # elastic_auth_pw_encr = os.environ['ELK_PASS_ENCR'] # kms_key_id = os.environ['KMS_KEY_ID'] # Configuration - Setting up variables for ElasticSearch # elastic_auth_pw = decrypt_secret_kms(elastic_auth_pw_encr) elastic_auth_user = os.environ['ELASTIC_AUTH_USER'] elastic_server = f"{os.environ['KIBANA_SERVER']}:9200" kibana_server = os.environ['KIBANA_SERVER'] elastic_auth_pw = os.environ['ELASTIC_AUTH_PW'] elastic_cert = get_elastic_cert() # function - get config index state def get_config_index_state(index): request_suffix = f"/.state-{index}/_doc/1/_source" response = requests.get(elastic_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw)) if(response.status_code != 200): print(response.text) return False return response.json()['is_configured'] # state - existing config indexes config_states = { "audit-trail": get_config_index_state("audit-trails-index"), "k8s-audit": get_config_index_state("k8s-audit"), "k8s-falco": get_config_index_state("k8s-falco"), "k8s-kyverno": get_config_index_state("k8s-kyverno") } # function - refresh index patterns def refresh_index_pattern(key): # get current index-pattern file file = f"/app/include/{key}/index-pattern.ndjson" # check ndjson file exists if not os.path.isfile(file): return # open ndjson file data_file = { 'file': open(file, 'rb') } # import ndjson file request_suffix = '/api/saved_objects/_import?overwrite=True' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) print(f"{response.status_code} -- INDEX PATTERN(S) REFRESHED") print(response.text) # function - refresh filters def refresh_filters(key): file = f"/app/include/{key}/filters.ndjson" # check ndjson file exists if not os.path.isfile(file): return # open ndjson file data_file = { 'file': open(file, 'rb') } # import ndjson file request_suffix = '/api/saved_objects/_import?overwrite=True' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) print(f"{response.status_code} -- FILTER(S) REFRESHED") print(response.text) # function - refresh searches def refresh_searches(key): file = f"/app/include/{key}/search.ndjson" # check ndjson file exists if not os.path.isfile(file): return # open ndjson file data_file = { 'file': open(file, 'rb') } # import ndjson file request_suffix = '/api/saved_objects/_import?overwrite=True' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) print(f"{response.status_code} -- SEARCH(ES) REFRESHED") print(response.text) # function - refresh dashboards def refresh_dashboards(key): file = f"/app/include/{key}/dashboard.ndjson" # check ndjson file exists if not os.path.isfile(file): return # open ndjson file data_file = { 'file': open(file, 'rb') } # import ndjson file request_suffix = '/api/saved_objects/_import?overwrite=True' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) print(f"{response.status_code} -- DASHBOARD(S) REFRESHED") print(response.text) # function - refresh dashboards def refresh_detections(key): file = f"/app/include/{key}/detections.ndjson" # check ndjson file exists if not os.path.isfile(file): return # open ndjson file data_file = { 'file': open(file, 'rb') } # import ndjson file request_suffix = '/api/detection_engine/rules/_import?overwrite=True' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) print(f"{response.status_code} -- DETECTION(S) REFRESHED") print(response.text) # main loop for key,value in config_states.items(): # loop through index patterns if index exists if value == False: continue refresh_index_pattern(key) refresh_filters(key) refresh_searches(key) refresh_dashboards(key) refresh_detections(key) ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/function/requirements.txt ================================================ requests ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/audit-trail/backup/detections.ndjson ================================================ {"id":"a98165a0-e92a-11eb-a019-4ff3eff5953f","updated_at":"2021-07-20T07:18:21.189Z","updated_by":"beats","created_at":"2021-07-20T07:18:21.189Z","created_by":"beats","name":"DetectionRule:Yandexcloud:Create instance with Serialport","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud:Create instance with Serialport\n","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"0b0cc717-8f22-4515-9960-dc20f5d01efd","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.outcome : success and event.action: yandex.cloud.audit.compute.CreateInstance and details.metadata_serial_port_enable: 1","filters":[],"saved_id":"Yandexcloud:Create instance with Serialport","throttle":"no_actions","actions":[]} {"id":"8de55f90-e92a-11eb-a019-4ff3eff5953f","updated_at":"2021-07-20T07:17:35.004Z","updated_by":"beats","created_at":"2021-07-20T07:17:35.004Z","created_by":"beats","name":"DetectionRule:Create instance without SG","tags":[],"interval":"5m","enabled":true,"description":"Create instance without SG","risk_score":99,"severity":"critical","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"2b2908f0-c6bd-4fa2-a0e6-fb9a9bbbe9a6","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.outcome : success and event.action: yandex.cloud.audit.compute.CreateInstance and not details.network_interfaces.security_group_ids: *","filters":[],"saved_id":"Yandexcloud:Create instance without SG","throttle":"no_actions","actions":[]} {"id":"5b1d30b0-e92a-11eb-a019-4ff3eff5953f","updated_at":"2021-07-20T07:16:09.731Z","updated_by":"beats","created_at":"2021-07-20T07:16:09.731Z","created_by":"beats","name":"DetectionRule: Yandexcloud: Connect admins from YC, Terraform","tags":[],"interval":"5m","enabled":true,"description":"\nYandexcloud: Connect admins from YC, Terraform","risk_score":21,"severity":"low","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"2b6594bd-9afc-4ad6-8715-9643a18e2817","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and (user_agent.original.keyword: *YC/* or user_agent.original.keyword: *Terraform*)","filters":[],"saved_id":"Yandexcloud: Connect admins from YC, Terraform","throttle":"no_actions","actions":[]} {"id":"1db6a760-e92a-11eb-a019-4ff3eff5953f","updated_at":"2021-07-20T07:14:26.359Z","updated_by":"beats","created_at":"2021-07-20T07:14:26.359Z","created_by":"beats","name":"DetectionRule:Yandexcloud: Add access binding VPC_publicAdmin","tags":[],"interval":"5m","enabled":true,"description":".","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"7f3baf3d-3aaa-4703-87cb-52933f9f6802","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: vpc.publicAdmin","filters":[],"saved_id":"Yandexcloud: Add access binding VPC_publicAdmin","throttle":"no_actions","actions":[]} {"id":"fdadf860-e929-11eb-a019-4ff3eff5953f","updated_at":"2021-07-20T07:13:33.184Z","updated_by":"beats","created_at":"2021-07-20T07:13:33.184Z","created_by":"beats","name":"DetectionRule: Yandexcloud: Add public IP to VM","tags":[],"interval":"5m","enabled":true,"description":"s","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"42ba3879-ffe8-49ac-9fb0-eeecf423bb4e","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.AddInstanceOneToOneNat","filters":[],"saved_id":"Yandexcloud: Add public IP to VM","throttle":"no_actions","actions":[]} {"id":"e31be840-e929-11eb-a019-4ff3eff5953f","updated_at":"2021-07-20T07:15:01.515Z","updated_by":"beats","created_at":"2021-07-20T07:12:48.009Z","created_by":"beats","name":"DetectionRule:Yandexcloud: Create instance with marketplace image","tags":[],"interval":"5m","enabled":true,"description":"s","risk_score":21,"severity":"low","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"f39be9fe-3047-4c8d-b61d-9b87f99afc96","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":2,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and details.product_ids: *","filters":[],"saved_id":"Yandexcloud: Create instance with marketplace image","throttle":"no_actions","actions":[]} {"id":"baa2e260-e929-11eb-a019-4ff3eff5953f","updated_at":"2021-07-20T07:11:40.782Z","updated_by":"beats","created_at":"2021-07-20T07:11:40.782Z","created_by":"beats","name":"DetectionRule:Yandexcloud: Bind access rights to KMS key","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud: Bind access rights to KMS key","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"e5d280a4-344e-4dc9-850f-901c995e4dfc","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit. kms. *SymmetricKeyAccessBindings","filters":[],"saved_id":"Yandexcloud: Bind access rights to KMS key","throttle":"no_actions","actions":[]} {"id":"9cb4d600-e929-11eb-a019-4ff3eff5953f","updated_at":"2021-07-20T07:10:50.601Z","updated_by":"beats","created_at":"2021-07-20T07:10:50.601Z","created_by":"beats","name":"DetectionRule:Yandexcloud: Bind IAM Admin role to resources","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud: Bind IAM Admin role to resources","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"a33bab4b-bbac-4b4a-9acd-997045226d0a","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: admin","filters":[],"saved_id":"Yandexcloud: Bind IAM Admin role to resources","throttle":"no_actions","actions":[]} {"id":"72ced2a0-e929-11eb-a019-4ff3eff5953f","updated_at":"2021-07-20T07:09:40.391Z","updated_by":"beats","created_at":"2021-07-20T07:09:40.391Z","created_by":"beats","name":"DetectionRule:Yandexcloud: Changes of S3 acl, policy","tags":[],"interval":"5m","enabled":true,"description":"s","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"88244e50-5974-434d-86ea-92db23c4796b","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.storage.BucketAclUpdate or yandex.cloud.audit.storage.BucketPolicyUpdate)","filters":[],"saved_id":"Yandexcloud: Changes of S3 acl, policy","throttle":"no_actions","actions":[]} {"id":"2c018480-e929-11eb-a019-4ff3eff5953f","updated_at":"2021-07-20T07:07:41.094Z","updated_by":"beats","created_at":"2021-07-20T07:07:41.094Z","created_by":"beats","name":"DetectionRule: Yandexcloud: Create image from S3 uri","tags":[],"interval":"5m","enabled":true,"description":"\nYandexcloud: Create image from S3 uri","risk_score":21,"severity":"low","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"3185125a-4a91-468b-be49-0a998022d248","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateImage and cloud.image.source_uri: *","filters":[],"saved_id":"Yandexcloud: Create image from S3 uri","throttle":"no_actions","actions":[]} {"id":"f995cd80-e928-11eb-a019-4ff3eff5953f","updated_at":"2021-07-20T07:08:40.244Z","updated_by":"beats","created_at":"2021-07-20T07:06:16.838Z","created_by":"beats","name":"DetectionRule:Yandexcloud:Create dangerous 0.0.0.0 ACL:SG","tags":[],"interval":"5m","enabled":true,"description":".","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"e0d24656-6e91-4b00-8234-a81f32191c05","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":2,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and (event.action: yandex.cloud.audit.network.CreateSecurityGroup or yandex.cloud.audit.network.UpdateSecurityGroup) and details.rules.direction: INGRESS and details.rules.cidr_blocks.v4_cidr_blocks: *0.0.0.0*","filters":[],"saved_id":"Yandexcloud:Create dangerous 0.0.0.0 ACL:SG","throttle":"no_actions","actions":[]} {"id":"cd4b7450-e928-11eb-a019-4ff3eff5953f","updated_at":"2021-07-20T07:05:02.661Z","updated_by":"beats","created_at":"2021-07-20T07:05:02.661Z","created_by":"beats","name":"DetectionRule:Yandexcloud: Any create or update SG (security group)","tags":[],"interval":"5m","enabled":true,"description":"j","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"cf51d89a-10ad-4ffb-9b42-a0c3bd622eb2","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.*SecurityGroup ","filters":[],"saved_id":"Yandexcloud: Any create or update SG (security group)","throttle":"no_actions","actions":[]} {"id":"981e0540-e928-11eb-a019-4ff3eff5953f","updated_at":"2021-07-20T07:03:33.425Z","updated_by":"beats","created_at":"2021-07-20T07:03:33.425Z","created_by":"beats","name":"DetectionRule:Yandexcloud: unauthorized events (permission denied)","tags":[],"interval":"5m","enabled":true,"description":"/","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"b0083d86-0aa6-42c3-ba5f-a32ab77e955d","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"threshold","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and error.message: Permission denied","filters":[],"saved_id":"Yandexcloud: unauthorized events (permission denied)","threshold":{"field":[],"value":3,"cardinality":[]},"throttle":"no_actions","actions":[]} {"id":"362c7920-e928-11eb-a019-4ff3eff5953f","updated_at":"2021-07-20T07:00:49.100Z","updated_by":"beats","created_at":"2021-07-20T07:00:49.100Z","created_by":"beats","name":"DetectionRule: Yandexcloud: resource-manager.cloud.owner events","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud: resource-manager.cloud.owner events","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"07bad1bd-0d51-46c5-b712-fedf1c18e5be","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and user.name : fdsgs","filters":[],"saved_id":"Yandexcloud: resource-manager.cloud.owner events","throttle":"no_actions","actions":[]} {"id":"6569cca0-e8b1-11eb-a019-4ff3eff5953f","updated_at":"2021-07-19T16:50:18.177Z","updated_by":"beats","created_at":"2021-07-19T16:50:18.177Z","created_by":"beats","name":"DetectionRule:Yandexcloud:Create instances with public IP","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:Yandexcloud:Create instances with public IP","risk_score":21,"severity":"low","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"25bfca38-d61c-48c4-991b-81720652c2d9","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateInstance and details.network_interfaces.primary_v4_address.one_to_one_nat.address: *","filters":[],"saved_id":"Yandexcloud:Create instances with public IP","throttle":"no_actions","actions":[]} {"id":"06c3f070-e8ae-11eb-a019-4ff3eff5953f","updated_at":"2021-07-19T16:26:10.642Z","updated_by":"beats","created_at":"2021-07-19T16:26:10.642Z","created_by":"beats","name":"DetectionRule:Yandexcloud:Creating of service-account's credentials (keys)","tags":[],"interval":"3m","enabled":true,"description":"DetectionRule:Yandexcloud:Creating of service-account's credentials (keys)","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-780s","rule_id":"8e2c23d7-fe29-4468-ba96-9c02356688d4","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.iam.CreateAccessKey or yandex.cloud.audit.iam.CreateKey or andex.cloud.audit.iam.CreateApiKey)","filters":[],"saved_id":"Yandexcloud:Creating of service-account's credentials (keys)","throttle":"no_actions","actions":[]} {"id":"ebdd9d20-e7ad-11eb-a019-4ff3eff5953f","updated_at":"2021-07-18T09:52:53.795Z","updated_by":"beats","created_at":"2021-07-18T09:52:53.795Z","created_by":"beats","name":"DetectionRule:Yandexcloud:Create public address without antiddos","tags":[],"interval":"2m","enabled":true,"description":"f","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-720s","rule_id":"5c24fd59-3469-42f0-afe7-72d4eddcc0f3","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.CreateAddress and not details.external_ipv4_address.requirements.ddos_protection_provider: qrator","filters":[],"saved_id":"Yandexcloud:Create public address without antiddos","throttle":"no_actions","actions":[]} {"exported_count":17,"missing_rules":[],"missing_rules_count":0} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/audit-trail/backup/filters.ndjson ================================================ {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and user.name : mirtov8@yandex-team.ru and event_time < 2021-07-15"},"title":"Search:Yandexcloud: Find events by username"},"coreMigrationVersion":"7.13.2","id":"Search:Yandexcloud: Find events by username","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NTYsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and cloud.folder.name : mirtov-checkpoint\t"},"title":"Serarch:Yandexcloud: Find events by folder_name"},"coreMigrationVersion":"7.13.2","id":"Serarch:Yandexcloud: Find events by folder_name","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NTcsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and (user_agent.original.keyword: *YC/* or user_agent.original.keyword: *Terraform*)"},"title":"Yandexcloud: Connect admins from YC, Terraform"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Connect admins from YC, Terraform","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NTgsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and user.name : fdsgs"},"title":"Yandexcloud: resource-manager.cloud.owner events"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: resource-manager.cloud.owner events","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NTksMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: vpc.publicAdmin"},"title":"Yandexcloud: Add access binding VPC_publicAdmin"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Add access binding VPC_publicAdmin","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NjAsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.*SecurityGroup "},"title":"Yandexcloud: Any create or update SG (security group)"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Any create or update SG (security group)","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NjEsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.AddInstanceOneToOneNat"},"title":"Yandexcloud: Add public IP to VM"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Add public IP to VM","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NjIsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and details.product_ids: *"},"title":"Yandexcloud: Create instance with marketplace image"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Create instance with marketplace image","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NjMsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit. kms. *SymmetricKeyAccessBindings"},"title":"Yandexcloud: Bind access rights to KMS key"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Bind access rights to KMS key","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NjQsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: admin"},"title":"Yandexcloud: Bind IAM Admin role to resources"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Bind IAM Admin role to resources","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NjUsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.storage.BucketAclUpdate or yandex.cloud.audit.storage.BucketPolicyUpdate)"},"title":"Yandexcloud: Changes of S3 acl, policy"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Changes of S3 acl, policy","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NjYsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateImage and cloud.image.source_uri: *"},"title":"Yandexcloud: Create image from S3 uri"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: Create image from S3 uri","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NjcsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and (event.action: yandex.cloud.audit.network.CreateSecurityGroup or yandex.cloud.audit.network.UpdateSecurityGroup) and details.rules.direction: INGRESS and details.rules.cidr_blocks.v4_cidr_blocks: *0.0.0.0*"},"title":"Yandexcloud:Create dangerous 0.0.0.0 ACL:SG"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud:Create dangerous 0.0.0.0 ACL:SG","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NjgsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateInstance and details.network_interfaces.index: 1"},"title":"Yandexcloud:Create instances with 2 interfaces"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud:Create instances with 2 interfaces","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NjksMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateInstance and details.network_interfaces.primary_v4_address.one_to_one_nat.address: *"},"title":"Yandexcloud:Create instances with public IP"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud:Create instances with public IP","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NzAsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.iam.CreateAccessKey or yandex.cloud.audit.iam.CreateKey or andex.cloud.audit.iam.CreateApiKey)"},"title":"Yandexcloud:Creating of service-account's credentials (keys)"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud:Creating of service-account's credentials (keys)","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NzEsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and error.message: Permission denied"},"title":"Yandexcloud: unauthorized events (permission denied)"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud: unauthorized events (permission denied)","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NzIsMV0="} {"attributes":{"description":"","query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.CreateAddress and not details.external_ipv4_address.requirements.ddos_protection_provider: qrator"},"title":"Yandexcloud:Create public address without antiddos"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud:Create public address without antiddos","references":[],"type":"query","updated_at":"2021-07-18T09:19:07.124Z","version":"WzE2NzMsMV0="} {"attributes":{"description":"","query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.outcome : success and event.action: yandex.cloud.audit.compute.CreateInstance and details.metadata_serial_port_enable: 1"},"title":"Yandexcloud:Create instance with Serialport"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud:Create instance with Serialport","references":[],"type":"query","updated_at":"2021-07-19T16:07:08.599Z","version":"WzY5ODQsMV0="} {"attributes":{"description":"","query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.outcome : success and event.action: yandex.cloud.audit.compute.CreateInstance and not details.network_interfaces.security_group_ids: *"},"title":"Yandexcloud:Create instance without SG"},"coreMigrationVersion":"7.13.2","id":"Yandexcloud:Create instance without SG","references":[],"type":"query","updated_at":"2021-07-19T16:05:11.226Z","version":"WzY5NTgsMV0="} {"exportedCount":20,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/audit-trail/dashboard.ndjson ================================================ {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":11,\"h\":6,\"i\":\"1a420cc7-552a-42f4-aec5-2261ed1a782f\"},\"panelIndex\":\"1a420cc7-552a-42f4-aec5-2261ed1a782f\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1630332537299\",\"fieldName\":\"cloud.folder.name.keyword\",\"parent\":\"\",\"label\":\"Folder-filter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1a420cc7-552a-42f4-aec5-2261ed1a782f_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":11,\"y\":0,\"w\":13,\"h\":6,\"i\":\"8fb6a7b3-ffc2-4485-a863-4ba941c7e888\"},\"panelIndex\":\"8fb6a7b3-ffc2-4485-a863-4ba941c7e888\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"30a39734-11b6-4bcc-9ac5-1eb44febe5e6\":{\"columns\":{\"891f22b2-a185-4f60-9b90-c876d2388f7f\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"8c3c5013-4520-4c92-94b5-08080b3d7c07\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"e327cc98-1a7f-4d52-9d37-e401d44883fb\":{\"label\":\"Top values of geoip.country_name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"geoip.country_name.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8c3c5013-4520-4c92-94b5-08080b3d7c07\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"e327cc98-1a7f-4d52-9d37-e401d44883fb\",\"891f22b2-a185-4f60-9b90-c876d2388f7f\",\"8c3c5013-4520-4c92-94b5-08080b3d7c07\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":true},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"30a39734-11b6-4bcc-9ac5-1eb44febe5e6\",\"seriesType\":\"bar_stacked\",\"splitAccessor\":\"e327cc98-1a7f-4d52-9d37-e401d44883fb\",\"accessors\":[\"8c3c5013-4520-4c92-94b5-08080b3d7c07\"],\"xAccessor\":\"891f22b2-a185-4f60-9b90-c876d2388f7f\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-30a39734-11b6-4bcc-9ac5-1eb44febe5e6\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Country\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":11,\"i\":\"3602f5ce-c0b6-4379-a84c-8b3fe3c84281\"},\"panelIndex\":\"3602f5ce-c0b6-4379-a84c-8b3fe3c84281\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"attributes\":{\"title\":\"Общее кол-во типов событий\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"ff37d407-c462-4db1-bf99-c9929764c729\":{\"columnOrder\":[\"117a1903-a862-44ae-a4c2-5c8ba7769948\",\"f467a316-b43c-419a-9204-f3ce8a69d751\"],\"columns\":{\"117a1903-a862-44ae-a4c2-5c8ba7769948\":{\"sourceField\":\"event.action.keyword\",\"isBucketed\":true,\"dataType\":\"string\",\"scale\":\"ordinal\",\"operationType\":\"terms\",\"label\":\"Top values of event.action.keyword\",\"params\":{\"otherBucket\":true,\"size\":16,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"f467a316-b43c-419a-9204-f3ce8a69d751\",\"type\":\"column\"},\"orderDirection\":\"desc\"}},\"f467a316-b43c-419a-9204-f3ce8a69d751\":{\"sourceField\":\"Records\",\"isBucketed\":false,\"dataType\":\"number\",\"scale\":\"ratio\",\"operationType\":\"count\",\"label\":\"Count of records\"}},\"incompleteColumns\":{}}}}},\"visualization\":{\"valueLabels\":\"hide\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yRight\":true,\"yLeft\":true},\"preferredSeriesType\":\"bar_horizontal\",\"legend\":{\"showSingleSeries\":false,\"isVisible\":false,\"position\":\"right\"},\"fittingFunction\":\"None\",\"layers\":[{\"xAccessor\":\"117a1903-a862-44ae-a4c2-5c8ba7769948\",\"layerId\":\"ff37d407-c462-4db1-bf99-c9929764c729\",\"accessors\":[\"f467a316-b43c-419a-9204-f3ce8a69d751\"],\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"position\":\"top\",\"yConfig\":[{\"axisMode\":\"auto\",\"forAccessor\":\"f467a316-b43c-419a-9204-f3ce8a69d751\"}]}],\"gridlinesVisibilitySettings\":{\"x\":true,\"yRight\":true,\"yLeft\":true},\"axisTitlesVisibilitySettings\":{\"x\":false,\"yRight\":true,\"yLeft\":true}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-ff37d407-c462-4db1-bf99-c9929764c729\"}]}},\"title\":\"Общее кол-во типов событий\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":6,\"w\":24,\"h\":11,\"i\":\"30b0e422-b285-4bcf-a6c6-98e94c7d7dbf\"},\"panelIndex\":\"30b0e422-b285-4bcf-a6c6-98e94c7d7dbf\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"attributes\":{\"title\":\"Общее кол-во событий AuditTrails\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"52c30ca7-88c5-4c3c-807b-378e4f70d9c6\":{\"columnOrder\":[\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\",\"048c50b3-4587-465a-b0ef-11cb5f1c2b5a\"],\"columns\":{\"048c50b3-4587-465a-b0ef-11cb5f1c2b5a\":{\"sourceField\":\"Records\",\"isBucketed\":false,\"dataType\":\"number\",\"scale\":\"ratio\",\"operationType\":\"count\",\"label\":\"Count of records\"},\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\":{\"sourceField\":\"event.module.keyword\",\"isBucketed\":true,\"dataType\":\"string\",\"scale\":\"ordinal\",\"operationType\":\"terms\",\"label\":\"Общее кол-во событий AuditTrails\",\"customLabel\":true,\"params\":{\"otherBucket\":true,\"size\":10,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"048c50b3-4587-465a-b0ef-11cb5f1c2b5a\",\"type\":\"column\"},\"orderDirection\":\"desc\"}}},\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":1,\"layerId\":\"52c30ca7-88c5-4c3c-807b-378e4f70d9c6\",\"metric\":\"048c50b3-4587-465a-b0ef-11cb5f1c2b5a\",\"numberDisplay\":\"value\",\"groups\":[\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\",\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\",\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\",\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\",\"b4c0d984-c7de-4993-ad15-c26ff4e7066e\"],\"categoryDisplay\":\"default\"}],\"palette\":{\"name\":\"default\",\"type\":\"palette\"}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-52c30ca7-88c5-4c3c-807b-378e4f70d9c6\"}]}},\"title\":\"Общее кол-во событий AuditTrails\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":11,\"w\":24,\"h\":10,\"i\":\"e5c88ab4-2307-4a07-b726-73df9dd743c7\"},\"panelIndex\":\"e5c88ab4-2307-4a07-b726-73df9dd743c7\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"3c772265-edc5-4574-8267-f9ca287fcafc\":{\"columns\":{\"5015428f-c1da-493e-92da-155c01f51107\":{\"label\":\"Top values of user.type.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.type.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1ded617d-be49-4890-99f1-8c34bce3ac42\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"f71c3d75-ce5d-40fe-aaa9-1caf789d8975\":{\"label\":\"event_time\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"event_time\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"1ded617d-be49-4890-99f1-8c34bce3ac42\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"5015428f-c1da-493e-92da-155c01f51107\",\"f71c3d75-ce5d-40fe-aaa9-1caf789d8975\",\"1ded617d-be49-4890-99f1-8c34bce3ac42\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"layerId\":\"3c772265-edc5-4574-8267-f9ca287fcafc\",\"seriesType\":\"bar_stacked\",\"xAccessor\":\"f71c3d75-ce5d-40fe-aaa9-1caf789d8975\",\"splitAccessor\":\"5015428f-c1da-493e-92da-155c01f51107\",\"accessors\":[\"1ded617d-be49-4890-99f1-8c34bce3ac42\"]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-3c772265-edc5-4574-8267-f9ca287fcafc\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"User-types\"},{\"version\":\"7.13.4\",\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":17,\"w\":24,\"h\":12,\"i\":\"76a70662-4b3c-43e6-b468-b36a4950dae4\"},\"panelIndex\":\"76a70662-4b3c-43e6-b468-b36a4950dae4\",\"embeddableConfig\":{\"attributes\":{\"title\":\"connections_api\",\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true},\\\"id\\\":\\\"3c5972f1-ae9a-4ea4-8fae-cddfb12931d2\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"type\\\":\\\"VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"indexPatternId\\\":\\\"33978670-e543-11eb-b941-f7bd9d79b315\\\",\\\"geoField\\\":\\\"geoip.location\\\",\\\"filterByMapBounds\\\":true,\\\"scalingType\\\":\\\"CLUSTERS\\\",\\\"id\\\":\\\"2569b478-cf5a-44ea-b60c-2d2da359d975\\\",\\\"type\\\":\\\"ES_SEARCH\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"tooltipProperties\\\":[],\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"topHitsSplitField\\\":\\\"\\\",\\\"topHitsSize\\\":1},\\\"id\\\":\\\"4b88fcd8-fa6d-4136-8ab3-90e4c8f1e84c\\\",\\\"label\\\":\\\"map\\\",\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"VECTOR\\\",\\\"properties\\\":{\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"fillColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"}},\\\"lineColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#d3ebe4\\\"}},\\\"lineWidth\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":11}},\\\"iconSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":15}},\\\"iconOrientation\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"orientation\\\":0}},\\\"labelText\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"\\\"}},\\\"labelColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"}},\\\"labelSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":14}},\\\"labelBorderColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"}},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"icon\\\"}},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}}},\\\"isTimeAware\\\":true},\\\"type\\\":\\\"BLENDED_VECTOR\\\",\\\"joins\\\":[]}]\",\"mapStateJSON\":\"{\\\"zoom\\\":3.73,\\\"center\\\":{\\\"lon\\\":53.65029,\\\"lat\\\":54.08467},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-4M\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"mapCenter\":{\"lat\":53.6982,\"lon\":19.1264,\"zoom\":1.63},\"mapBuffer\":{\"minLon\":-137.3947,\"minLat\":7.754725000000004,\"maxLon\":175.64749999999998,\"maxLat\":90.18178499999999},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":21,\"w\":6,\"h\":6,\"i\":\"fc22f082-7346-438c-8957-7e6173117b30\"},\"panelIndex\":\"fc22f082-7346-438c-8957-7e6173117b30\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"aafee82f-6862-4848-8cbe-6bd4b92de589\":{\"columns\":{\"ddcee702-c96c-4481-b00c-6e3783e370f2\":{\"label\":\"Роль: vpc.publicAdmin\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"ddcee702-c96c-4481-b00c-6e3783e370f2\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"aafee82f-6862-4848-8cbe-6bd4b92de589\",\"accessor\":\"ddcee702-c96c-4481-b00c-6e3783e370f2\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: vpc.publicAdmin\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-aafee82f-6862-4848-8cbe-6bd4b92de589\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":30,\"y\":21,\"w\":6,\"h\":6,\"i\":\"fd1e70f6-f85b-4bf9-ba64-6df3aae2d5a6\"},\"panelIndex\":\"fd1e70f6-f85b-4bf9-ba64-6df3aae2d5a6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"389d4809-63c0-49f8-b9c8-aa1adbeb0a2c\":{\"columns\":{\"706238d4-9b6d-454e-bd68-210f3f620e39\":{\"label\":\"Роль: KMS \",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"706238d4-9b6d-454e-bd68-210f3f620e39\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"389d4809-63c0-49f8-b9c8-aa1adbeb0a2c\",\"accessor\":\"706238d4-9b6d-454e-bd68-210f3f620e39\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit. kms. *SymmetricKeyAccessBindings\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-389d4809-63c0-49f8-b9c8-aa1adbeb0a2c\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":21,\"w\":6,\"h\":6,\"i\":\"5b9a238b-fdf6-4d44-b577-edc53434aa23\"},\"panelIndex\":\"5b9a238b-fdf6-4d44-b577-edc53434aa23\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"e3bbd319-a964-4a87-84a8-cda2eaca6235\":{\"columns\":{\"3a949804-f3c2-4207-b78e-7a80187e77bd\":{\"label\":\"ServiceAccount Keys\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"3a949804-f3c2-4207-b78e-7a80187e77bd\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"e3bbd319-a964-4a87-84a8-cda2eaca6235\",\"accessor\":\"3a949804-f3c2-4207-b78e-7a80187e77bd\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.iam.CreateAccessKey or yandex.cloud.audit.iam.CreateKey or andex.cloud.audit.iam.CreateApiKey)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-e3bbd319-a964-4a87-84a8-cda2eaca6235\"}]},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":42,\"y\":21,\"w\":6,\"h\":6,\"i\":\"3ec0c171-b423-418b-a4e3-11fef52b9a2b\"},\"panelIndex\":\"3ec0c171-b423-418b-a4e3-11fef52b9a2b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"9d19caac-1d0f-485f-b7db-6d9203c62192\":{\"columns\":{\"a05d4d5d-4622-416e-9fd8-138401ddee23\":{\"label\":\"Роль: Admin (folder/cloud)\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"a05d4d5d-4622-416e-9fd8-138401ddee23\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"9d19caac-1d0f-485f-b7db-6d9203c62192\",\"accessor\":\"a05d4d5d-4622-416e-9fd8-138401ddee23\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: admin\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-9d19caac-1d0f-485f-b7db-6d9203c62192\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":27,\"w\":13,\"h\":7,\"i\":\"adf946af-25e9-45ea-b048-e72243908a4a\"},\"panelIndex\":\"adf946af-25e9-45ea-b048-e72243908a4a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"1f8c8696-1fd1-4865-9e86-c91fa77a52f3\":{\"columns\":{\"da104346-7e67-4a04-9207-1c16e0aed304\":{\"label\":\" \",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e54273fa-b06a-45ef-803c-927e3246a529\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"8121435e-8cbb-4bbc-a505-801a30482bbb\":{\"label\":\"Top values of error.message.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"error.message.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e54273fa-b06a-45ef-803c-927e3246a529\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"e54273fa-b06a-45ef-803c-927e3246a529\":{\"label\":\"IAM: Permission denied\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true,\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}}}},\"columnOrder\":[\"da104346-7e67-4a04-9207-1c16e0aed304\",\"8121435e-8cbb-4bbc-a505-801a30482bbb\",\"e54273fa-b06a-45ef-803c-927e3246a529\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":true},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"1f8c8696-1fd1-4865-9e86-c91fa77a52f3\",\"accessors\":[\"e54273fa-b06a-45ef-803c-927e3246a529\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"xAccessor\":\"da104346-7e67-4a04-9207-1c16e0aed304\",\"splitAccessor\":\"8121435e-8cbb-4bbc-a505-801a30482bbb\",\"yConfig\":[{\"forAccessor\":\"e54273fa-b06a-45ef-803c-927e3246a529\",\"axisMode\":\"auto\"}]}]},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and error.message: Permission denied\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-1f8c8696-1fd1-4865-9e86-c91fa77a52f3\"}]},\"enhancements\":{},\"hidePanelTitles\":true}},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":27,\"w\":11,\"h\":7,\"i\":\"96f69a41-93fd-4f07-b627-179105449376\"},\"panelIndex\":\"96f69a41-93fd-4f07-b627-179105449376\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"gauge\",\"params\":{\"type\":\"gauge\",\"addTooltip\":true,\"addLegend\":false,\"isDisplayWarning\":false,\"gauge\":{\"alignment\":\"automatic\",\"extendRange\":true,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Yellow to Red\",\"gaugeColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":50},{\"from\":50,\"to\":75},{\"from\":75,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":true,\"labels\":false,\"color\":\"rgba(105,112,125,0.2)\"},\"type\":\"meter\",\"style\":{\"bgWidth\":0.9,\"width\":0.9,\"mask\":false,\"bgMask\":false,\"maskBars\":50,\"bgFill\":\"rgba(105,112,125,0.2)\",\"bgColor\":true,\"subText\":\"\",\"fontSize\":60},\"outline\":false}},\"uiState\":{\"vis\":{\"defaultColors\":{\"0 - 50\":\"rgb(255,255,204)\",\"50 - 75\":\"rgb(253,135,60)\",\"75 - 100\":\"rgb(128,0,38)\"}}},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]},\"savedSearchId\":\"90405c70-e8af-11eb-a019-4ff3eff5953f\"}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Permission denied\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":29,\"w\":5,\"h\":6,\"i\":\"f53c19e7-7c18-425d-abd1-5eec9bce336c\"},\"panelIndex\":\"f53c19e7-7c18-425d-abd1-5eec9bce336c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"0fa0ed75-9f58-4433-95f1-58e6f01c2d70\":{\"columns\":{\"b3003016-821e-4958-854b-3f812e39e171\":{\"label\":\"Сеть: Public IP назначен на ВМ\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"b3003016-821e-4958-854b-3f812e39e171\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"0fa0ed75-9f58-4433-95f1-58e6f01c2d70\",\"accessor\":\"b3003016-821e-4958-854b-3f812e39e171\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.AddInstanceOneToOneNat\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-0fa0ed75-9f58-4433-95f1-58e6f01c2d70\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":5,\"y\":29,\"w\":5,\"h\":6,\"i\":\"ebc03174-1f1b-498e-9ae5-a910b0651059\"},\"panelIndex\":\"ebc03174-1f1b-498e-9ae5-a910b0651059\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"4b725bc2-fff0-46bf-a746-62c867dfbaf2\":{\"columns\":{\"d2941f94-13a3-4d83-8c6b-ace075c84501\":{\"label\":\"Сеть: SG с 0.0.0.0/0\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"d2941f94-13a3-4d83-8c6b-ace075c84501\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"4b725bc2-fff0-46bf-a746-62c867dfbaf2\",\"accessor\":\"d2941f94-13a3-4d83-8c6b-ace075c84501\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and (event.action: yandex.cloud.audit.network.CreateSecurityGroup or yandex.cloud.audit.network.UpdateSecurityGroup) and details.rules.direction: INGRESS and details.rules.cidr_blocks.v4_cidr_blocks: *0.0.0.0*\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-4b725bc2-fff0-46bf-a746-62c867dfbaf2\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":10,\"y\":29,\"w\":5,\"h\":6,\"i\":\"71ac527a-aeaa-40aa-8b60-d1111087904f\"},\"panelIndex\":\"71ac527a-aeaa-40aa-8b60-d1111087904f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"8be86246-216d-45db-926b-de99062b206c\":{\"columns\":{\"c28c6d2c-5567-406d-a91e-2eac3d2ea6b6\":{\"label\":\"Сеть: Instance с 2 interface\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"c28c6d2c-5567-406d-a91e-2eac3d2ea6b6\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"8be86246-216d-45db-926b-de99062b206c\",\"accessor\":\"c28c6d2c-5567-406d-a91e-2eac3d2ea6b6\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateInstance and details.network_interfaces.index: 1\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-8be86246-216d-45db-926b-de99062b206c\"}]},\"enhancements\":{},\"hidePanelTitles\":true}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":15,\"y\":29,\"w\":5,\"h\":6,\"i\":\"c630e4e9-a72d-49b5-9ecb-9b91aaf07de3\"},\"panelIndex\":\"c630e4e9-a72d-49b5-9ecb-9b91aaf07de3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"d8198233-262f-4f26-ae2d-4b6194eb3dff\":{\"columns\":{\"9266a32e-cbed-4efb-9cf6-91a12b516fcb\":{\"label\":\"Сеть: Security Group\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"9266a32e-cbed-4efb-9cf6-91a12b516fcb\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"d8198233-262f-4f26-ae2d-4b6194eb3dff\",\"accessor\":\"9266a32e-cbed-4efb-9cf6-91a12b516fcb\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.*SecurityGroup \",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-d8198233-262f-4f26-ae2d-4b6194eb3dff\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":20,\"y\":29,\"w\":4,\"h\":6,\"i\":\"488493d9-cae4-461f-be4d-6884ab178f69\"},\"panelIndex\":\"488493d9-cae4-461f-be4d-6884ab178f69\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"ae9f3c75-8001-40b9-bcdf-ce81aaad98a4\":{\"columns\":{\"d6807b7a-caef-439a-8c1e-0d7f56d1fe8c\":{\"label\":\"Сеть: Public IP без antiDDOS\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"d6807b7a-caef-439a-8c1e-0d7f56d1fe8c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"ae9f3c75-8001-40b9-bcdf-ce81aaad98a4\",\"accessor\":\"d6807b7a-caef-439a-8c1e-0d7f56d1fe8c\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.CreateAddress and not details.external_ipv4_address.requirements.ddos_protection_provider: qrator\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-ae9f3c75-8001-40b9-bcdf-ce81aaad98a4\"}]},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":35,\"w\":24,\"h\":6,\"i\":\"d1763e8d-e2cc-4bc6-8984-a9fd87226fc2\"},\"panelIndex\":\"d1763e8d-e2cc-4bc6-8984-a9fd87226fc2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"ae148bdd-e6e4-4fec-9582-d7a1b4d7a8ef\":{\"columns\":{\"870d2709-a2a2-44bd-b77f-43bda4bbb229\":{\"label\":\"Top values of user_agent.original.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user_agent.original.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1efef975-ba6d-4a6d-a987-1367ccf799fa\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"bceb4d39-1283-4037-af49-2fea6907275f\":{\"label\":\"Top values of user.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1efef975-ba6d-4a6d-a987-1367ccf799fa\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"fe3fa5eb-ab9d-40b9-8b50-43d5dce8d26b\":{\"label\":\"event_time\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"event_time\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"1efef975-ba6d-4a6d-a987-1367ccf799fa\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"8e348bc7-dc23-459f-8362-81520a1f5c12\":{\"label\":\"Top values of source.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.ip\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1efef975-ba6d-4a6d-a987-1367ccf799fa\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"870d2709-a2a2-44bd-b77f-43bda4bbb229\",\"bceb4d39-1283-4037-af49-2fea6907275f\",\"8e348bc7-dc23-459f-8362-81520a1f5c12\",\"fe3fa5eb-ab9d-40b9-8b50-43d5dce8d26b\",\"1efef975-ba6d-4a6d-a987-1367ccf799fa\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"ae148bdd-e6e4-4fec-9582-d7a1b4d7a8ef\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"870d2709-a2a2-44bd-b77f-43bda4bbb229\"},{\"isTransposed\":false,\"columnId\":\"bceb4d39-1283-4037-af49-2fea6907275f\",\"width\":151.4},{\"isTransposed\":false,\"columnId\":\"8e348bc7-dc23-459f-8362-81520a1f5c12\",\"width\":188.39999999999998},{\"isTransposed\":false,\"columnId\":\"fe3fa5eb-ab9d-40b9-8b50-43d5dce8d26b\",\"width\":136.4},{\"isTransposed\":false,\"columnId\":\"1efef975-ba6d-4a6d-a987-1367ccf799fa\",\"width\":87.4}]},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and (user_agent.original.keyword: *YC/* or user_agent.original.keyword: *Terraform*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-ae148bdd-e6e4-4fec-9582-d7a1b4d7a8ef\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Подключения с YC/Terraform\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":34,\"w\":4,\"h\":7,\"i\":\"06c0287f-06e2-47d9-a1b6-fbd9791ff6a3\"},\"panelIndex\":\"06c0287f-06e2-47d9-a1b6-fbd9791ff6a3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"4be1d7a3-eb3e-451d-b34a-d68fd2a3e5e8\":{\"columns\":{\"bbe3b863-df88-422a-af6d-9b3a3956b5e1\":{\"label\":\"S3: ACL/Policy\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"bbe3b863-df88-422a-af6d-9b3a3956b5e1\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"4be1d7a3-eb3e-451d-b34a-d68fd2a3e5e8\",\"accessor\":\"bbe3b863-df88-422a-af6d-9b3a3956b5e1\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.storage.BucketAclUpdate or yandex.cloud.audit.storage.BucketPolicyUpdate)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-4be1d7a3-eb3e-451d-b34a-d68fd2a3e5e8\"}]},\"enhancements\":{},\"hidePanelTitles\":true}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":28,\"y\":34,\"w\":4,\"h\":7,\"i\":\"422935b7-1ebe-4b88-9f79-597f23579a11\"},\"panelIndex\":\"422935b7-1ebe-4b88-9f79-597f23579a11\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"83d7ff90-8bb3-40df-8e48-5ba560f5d24f\":{\"columns\":{\"8c3c4e3d-70cb-4e2f-b95c-a574639e9a4f\":{\"label\":\"Instance: создано Images \",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"8c3c4e3d-70cb-4e2f-b95c-a574639e9a4f\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"83d7ff90-8bb3-40df-8e48-5ba560f5d24f\",\"accessor\":\"8c3c4e3d-70cb-4e2f-b95c-a574639e9a4f\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateImage and cloud.image.source_uri: *\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-83d7ff90-8bb3-40df-8e48-5ba560f5d24f\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":34,\"w\":4,\"h\":7,\"i\":\"38133b0e-2694-455d-b943-688f801f5d56\"},\"panelIndex\":\"38133b0e-2694-455d-b943-688f801f5d56\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"6ba55144-17a1-4adf-bbd4-2131cb3f3019\":{\"columns\":{\"36aefc1c-b4bc-4a1e-9082-d0efe888ef21\":{\"label\":\"Instance: с Marketplace образом\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"36aefc1c-b4bc-4a1e-9082-d0efe888ef21\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"6ba55144-17a1-4adf-bbd4-2131cb3f3019\",\"accessor\":\"36aefc1c-b4bc-4a1e-9082-d0efe888ef21\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and details.product_ids: *\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-6ba55144-17a1-4adf-bbd4-2131cb3f3019\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":34,\"w\":4,\"h\":7,\"i\":\"f7f910c4-cdde-4d47-a5e0-2a09068287da\"},\"panelIndex\":\"f7f910c4-cdde-4d47-a5e0-2a09068287da\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"d1b94c2f-f419-4256-8fcf-5708d493a452\":{\"columns\":{\"c08f2387-053c-4cb3-9015-e8f0084521fe\":{\"label\":\"Instance: Serialport enable\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"c08f2387-053c-4cb3-9015-e8f0084521fe\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"d1b94c2f-f419-4256-8fcf-5708d493a452\",\"accessor\":\"c08f2387-053c-4cb3-9015-e8f0084521fe\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.outcome : success and event.action: yandex.cloud.audit.compute.CreateInstance and details.metadata_serial_port_enable: 1\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-d1b94c2f-f419-4256-8fcf-5708d493a452\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":40,\"y\":34,\"w\":4,\"h\":7,\"i\":\"26af1ab3-b833-4825-869a-6afb48cc5567\"},\"panelIndex\":\"26af1ab3-b833-4825-869a-6afb48cc5567\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"6f12b13b-9599-4207-b109-82e8f767e5fb\":{\"columns\":{\"6123044e-93be-4065-abc2-d9938a2288f5\":{\"label\":\"Роль: cloud.owner действия\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"6123044e-93be-4065-abc2-d9938a2288f5\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"6f12b13b-9599-4207-b109-82e8f767e5fb\",\"accessor\":\"6123044e-93be-4065-abc2-d9938a2288f5\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and user.name : mirtov8@yandex-team.ru \",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-6f12b13b-9599-4207-b109-82e8f767e5fb\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":44,\"y\":34,\"w\":4,\"h\":7,\"i\":\"1cfb9518-f016-4404-9fbd-ded93c48bf0d\"},\"panelIndex\":\"1cfb9518-f016-4404-9fbd-ded93c48bf0d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsMetric\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"7f8f6796-1b53-402f-bf38-205eacae3221\":{\"columns\":{\"ab948924-46d4-443f-819c-8bcdcca80586\":{\"label\":\"Instance: Без SG \",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"ab948924-46d4-443f-819c-8bcdcca80586\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"7f8f6796-1b53-402f-bf38-205eacae3221\",\"accessor\":\"ab948924-46d4-443f-819c-8bcdcca80586\"},\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.outcome : success and event.action: yandex.cloud.audit.compute.CreateInstance and not details.network_interfaces.security_group_ids: *\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"33978670-e543-11eb-b941-f7bd9d79b315\",\"name\":\"indexpattern-datasource-layer-7f8f6796-1b53-402f-bf38-205eacae3221\"}]},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":41,\"w\":48,\"h\":12,\"i\":\"8a3af145-9063-48a5-9bcb-277036573bee\"},\"panelIndex\":\"8a3af145-9063-48a5-9bcb-277036573bee\",\"embeddableConfig\":{\"columns\":[\"cloud.cloud.name\",\"cloud.folder.name\",\"event.module\",\"event.action\",\"user.name\",\"user.type\",\"user.authorization\",\"source.ip\",\"user_agent.original\",\"details.access_binding_deltas.access_binding.role_id\",\"details.rules.cidr_blocks.v4_cidr_blocks\",\"details.access_binding_deltas.access_binding.subject_name\"],\"enhancements\":{}},\"panelRefName\":\"panel_8a3af145-9063-48a5-9bcb-277036573bee\"}]","timeRestore":false,"title":"AuditTrails Dashboard Copy","version":1},"coreMigrationVersion":"7.13.4","id":"cff15580-e8b0-11eb-a019-4ff3eff5953f","migrationVersion":{"dashboard":"7.13.1"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"1a420cc7-552a-42f4-aec5-2261ed1a782f:control_1a420cc7-552a-42f4-aec5-2261ed1a782f_0_index_pattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"8fb6a7b3-ffc2-4485-a863-4ba941c7e888:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"8fb6a7b3-ffc2-4485-a863-4ba941c7e888:indexpattern-datasource-layer-30a39734-11b6-4bcc-9ac5-1eb44febe5e6","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"3602f5ce-c0b6-4379-a84c-8b3fe3c84281:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"3602f5ce-c0b6-4379-a84c-8b3fe3c84281:indexpattern-datasource-layer-ff37d407-c462-4db1-bf99-c9929764c729","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"30b0e422-b285-4bcf-a6c6-98e94c7d7dbf:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"30b0e422-b285-4bcf-a6c6-98e94c7d7dbf:indexpattern-datasource-layer-52c30ca7-88c5-4c3c-807b-378e4f70d9c6","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"e5c88ab4-2307-4a07-b726-73df9dd743c7:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"e5c88ab4-2307-4a07-b726-73df9dd743c7:indexpattern-datasource-layer-3c772265-edc5-4574-8267-f9ca287fcafc","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"76a70662-4b3c-43e6-b468-b36a4950dae4:layer_1_source_index_pattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"fc22f082-7346-438c-8957-7e6173117b30:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"fc22f082-7346-438c-8957-7e6173117b30:indexpattern-datasource-layer-aafee82f-6862-4848-8cbe-6bd4b92de589","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"fd1e70f6-f85b-4bf9-ba64-6df3aae2d5a6:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"fd1e70f6-f85b-4bf9-ba64-6df3aae2d5a6:indexpattern-datasource-layer-389d4809-63c0-49f8-b9c8-aa1adbeb0a2c","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"5b9a238b-fdf6-4d44-b577-edc53434aa23:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"5b9a238b-fdf6-4d44-b577-edc53434aa23:indexpattern-datasource-layer-e3bbd319-a964-4a87-84a8-cda2eaca6235","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"3ec0c171-b423-418b-a4e3-11fef52b9a2b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"3ec0c171-b423-418b-a4e3-11fef52b9a2b:indexpattern-datasource-layer-9d19caac-1d0f-485f-b7db-6d9203c62192","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"adf946af-25e9-45ea-b048-e72243908a4a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"adf946af-25e9-45ea-b048-e72243908a4a:indexpattern-datasource-layer-1f8c8696-1fd1-4865-9e86-c91fa77a52f3","type":"index-pattern"},{"id":"90405c70-e8af-11eb-a019-4ff3eff5953f","name":"96f69a41-93fd-4f07-b627-179105449376:search_0","type":"search"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"f53c19e7-7c18-425d-abd1-5eec9bce336c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"f53c19e7-7c18-425d-abd1-5eec9bce336c:indexpattern-datasource-layer-0fa0ed75-9f58-4433-95f1-58e6f01c2d70","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"ebc03174-1f1b-498e-9ae5-a910b0651059:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"ebc03174-1f1b-498e-9ae5-a910b0651059:indexpattern-datasource-layer-4b725bc2-fff0-46bf-a746-62c867dfbaf2","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"71ac527a-aeaa-40aa-8b60-d1111087904f:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"71ac527a-aeaa-40aa-8b60-d1111087904f:indexpattern-datasource-layer-8be86246-216d-45db-926b-de99062b206c","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"c630e4e9-a72d-49b5-9ecb-9b91aaf07de3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"c630e4e9-a72d-49b5-9ecb-9b91aaf07de3:indexpattern-datasource-layer-d8198233-262f-4f26-ae2d-4b6194eb3dff","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"488493d9-cae4-461f-be4d-6884ab178f69:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"488493d9-cae4-461f-be4d-6884ab178f69:indexpattern-datasource-layer-ae9f3c75-8001-40b9-bcdf-ce81aaad98a4","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"d1763e8d-e2cc-4bc6-8984-a9fd87226fc2:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"d1763e8d-e2cc-4bc6-8984-a9fd87226fc2:indexpattern-datasource-layer-ae148bdd-e6e4-4fec-9582-d7a1b4d7a8ef","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"06c0287f-06e2-47d9-a1b6-fbd9791ff6a3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"06c0287f-06e2-47d9-a1b6-fbd9791ff6a3:indexpattern-datasource-layer-4be1d7a3-eb3e-451d-b34a-d68fd2a3e5e8","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"422935b7-1ebe-4b88-9f79-597f23579a11:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"422935b7-1ebe-4b88-9f79-597f23579a11:indexpattern-datasource-layer-83d7ff90-8bb3-40df-8e48-5ba560f5d24f","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"38133b0e-2694-455d-b943-688f801f5d56:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"38133b0e-2694-455d-b943-688f801f5d56:indexpattern-datasource-layer-6ba55144-17a1-4adf-bbd4-2131cb3f3019","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"f7f910c4-cdde-4d47-a5e0-2a09068287da:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"f7f910c4-cdde-4d47-a5e0-2a09068287da:indexpattern-datasource-layer-d1b94c2f-f419-4256-8fcf-5708d493a452","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"26af1ab3-b833-4825-869a-6afb48cc5567:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"26af1ab3-b833-4825-869a-6afb48cc5567:indexpattern-datasource-layer-6f12b13b-9599-4207-b109-82e8f767e5fb","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"1cfb9518-f016-4404-9fbd-ded93c48bf0d:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"1cfb9518-f016-4404-9fbd-ded93c48bf0d:indexpattern-datasource-layer-7f8f6796-1b53-402f-bf38-205eacae3221","type":"index-pattern"},{"id":"0f828e70-e579-11eb-b941-f7bd9d79b315","name":"8a3af145-9063-48a5-9bcb-277036573bee:panel_8a3af145-9063-48a5-9bcb-277036573bee","type":"search"}],"type":"dashboard","updated_at":"2021-08-30T14:26:56.555Z","version":"WzU5MSwxXQ=="} {"exportedCount":1,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/audit-trail/detections.ndjson ================================================ {"id":"db8cc0f0-930f-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-21T12:14:48.896Z","updated_by":"admin","created_at":"2022-02-21T12:14:46.868Z","created_by":"admin","name":"DetectionRule: Yandexcloud: IAM sa connect from outside of cloud ","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud: IAM sa connect from outside of cloud ","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"49e4d14d-2dbf-466d-a124-cd672c2c5a3d","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and user.type: SERVICE_ACCOUNT and not source.ip: (\"51.250.0.0/17\" or \"31.44.8.0/21\" or \"62.84.112.0/20\" or \"84.201.128.0/18\" or \"84.252.128.0/20\" or \"130.193.32.0/19\" or \"178.154.192.0/18\" or \"178.170.222.0/24\" or \"185.206.164.0/22\" or \"193.32.216.0/22\" or \"217.28.224.0/20\") and source.ip: *","filters":[],"saved_id":"bfdff200-930f-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"b790db90-930b-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-21T11:45:10.388Z","updated_by":"admin","created_at":"2022-02-21T11:45:08.400Z","created_by":"admin","name":"DetectionRule: Yandexcloud: Compute metadata posible secret","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud:Compute posible key in metadata","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"9086ff48-68ab-4164-b166-cfe5d3f81c02","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.compute.UpdateInstance or yandex.cloud.audit.compute.CreateInstance) and details.metadata_keys: secret key password pass token oauth aws_access_key_id and event.outcome : success","filters":[],"saved_id":"8ca32c30-930b-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"c2dfdca0-92f0-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-21T08:32:12.439Z","updated_by":"admin","created_at":"2022-02-21T08:32:10.650Z","created_by":"admin","name":"DetectionRule: Yandexcloud: VPC sec-group action from user not in list","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud:VPC sec-group action from user not in list","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"6646ae6c-8031-4b0e-ab86-5bd7a90b8b63","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and (event.action: yandex.cloud.audit.network.CreateSecurityGroup or yandex.cloud.audit.network.UpdateSecurityGroup) and not user.name: mirtov8@yandex-team.ru kirill@yandex-team.ru","filters":[],"saved_id":"ae9a0ae0-92f0-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"87a88c30-92ec-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-21T08:01:55.413Z","updated_by":"admin","created_at":"2022-02-21T08:01:53.350Z","created_by":"admin","name":"DetectionRule: Yandexcloud: ObjectStorage bacome public through ACL","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud:ObjectStorage bacome public through ACL","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"ed7480ac-e96e-4094-909c-08e57cfea6cb","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.storage.BucketAclUpdate and details.acl.grants.grant_type: \"ALL_USERS\"","filters":[],"saved_id":"706b4c60-92ec-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"37a88190-92ec-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-21T07:59:41.570Z","updated_by":"admin","created_at":"2022-02-21T07:59:39.530Z","created_by":"admin","name":"DetectionRule: Yandexcloud: ObjectStorage become public","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule: Yandexcloud: ObjectStorage become public","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"8b86b152-fe28-4bbd-822b-6722cc937d00","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.storage.BucketUpdate and (details.objects_access: true or details.settings_read_access: true or details.list_access: true)","filters":[],"saved_id":"e6e68680-92eb-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"0a5d0180-92eb-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-21T07:51:15.473Z","updated_by":"admin","created_at":"2022-02-21T07:51:13.779Z","created_by":"admin","name":"DetectionRule: Yandexcloud: KMS delete key","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud:KMS delete key","risk_score":21,"severity":"low","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"9b952d2b-f61b-472e-9986-24375f72e509","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.kms.DeleteSymmetricKey","filters":[],"saved_id":"dfa221f0-92ea-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"c3ac1c80-915f-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-19T08:41:45.977Z","updated_by":"admin","created_at":"2022-02-19T08:41:43.952Z","created_by":"admin","name":"DetectionRule: Yandexcloud: Lockbox access bindings","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud: Lockbox access bindings","risk_score":21,"severity":"low","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"17737b64-3bf8-4d21-ab88-3be74ff10ee7","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.lockbox.UpdateSecretAccessBindings","filters":[],"saved_id":"a18f3380-915f-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"4766e8d0-915f-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-19T08:38:17.738Z","updated_by":"admin","created_at":"2022-02-19T08:38:15.711Z","created_by":"admin","name":"DetectionRule: Yandexcloud: Lockbox assign sa on vm with perm","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud:Lockbox assign sa on vm with perm","risk_score":21,"severity":"low","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"92e248b6-4144-410a-9b89-ab9d0d8d3a90","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.UpdateInstance and details.service_account_id: ajeg2ar8m8o25u63dj9f","filters":[],"saved_id":"2c9e1140-915f-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"8568e440-915e-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-19T08:32:51.760Z","updated_by":"admin","created_at":"2022-02-19T08:32:50.237Z","created_by":"admin","name":"DetectionRule: Yandexcloud: Lockbox read secret not from target user","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud:Lockbox read secret not from target user","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"bd15a964-8318-49d6-a2e2-c31c54b1855b","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.lockbox.GetPayload and not user.id: ajeg2ar8m8o25u63dj9f and details.secret_name: secret1","filters":[],"saved_id":"506d3390-915e-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"4891e630-915d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-19T08:25:34.487Z","updated_by":"admin","created_at":"2022-02-19T08:23:58.509Z","created_by":"admin","name":"DetectionRule: Yandexcloud: Lockbox read secret not from cloud","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud:Lockbox read secret not from cloud","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"2757105b-9ae4-41a2-837c-e19593ae076c","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":2,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.lockbox.GetPayload and not source.ip: (\"51.250.0.0/17\" or \"31.44.8.0/21\" or \"62.84.112.0/20\" or \"84.201.128.0/18\" or \"84.252.128.0/20\" or \"130.193.32.0/19\" or \"178.154.192.0/18\" or \"178.170.222.0/24\" or \"185.206.164.0/22\" or \"193.32.216.0/22\" or \"217.28.224.0/20\")","filters":[],"saved_id":"07515700-915d-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"44a9cd30-8f05-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-16T08:48:55.336Z","updated_by":"admin","created_at":"2022-02-16T08:48:53.400Z","created_by":"admin","name":"DetectionRule: Yandexcloud: MDB Delete Cluster","tags":[],"interval":"5m","enabled":true,"description":"s","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"3d76ee5e-adc0-4b54-8cc2-0c0b00ab7e85","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.mdb.*.DeleteCluster","filters":[],"saved_id":"20754ed0-8f05-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"e90d0060-8f03-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-16T08:39:12.870Z","updated_by":"admin","created_at":"2022-02-16T08:39:10.830Z","created_by":"admin","name":"DetectionRule: Yandexcloud: MDB Admin tasks from not trusted ip","tags":[],"interval":"5m","enabled":true,"description":"j","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"47246881-6b0a-4ecf-a382-0ef6094e3b4e","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trail-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.mdb.*.UpdateUser or yandex.cloud.audit.mdb.*.CreateUser or yandex.cloud.audit.mdb.*.CreateCluster or yandex.cloud.audit.mdb.*.UpdateCluster ) and source.ip : (\"2a00:1fa0:474:9876:4cac:6c43:12aa:2bd2\" or \"2a00:1fa0:474:9876:4cac:6c43:12aa:2bd1\" )","filters":[],"saved_id":"b2fe8020-8f03-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"7f3a0930-8efe-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-16T08:00:27.860Z","updated_by":"admin","created_at":"2022-02-16T08:00:25.832Z","created_by":"admin","name":"DetectionRule: Yandexcloud: MDB Create or Update user","tags":[],"interval":"5m","enabled":true,"description":"s","risk_score":21,"severity":"low","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"91aa39ab-0ab7-4aaa-8e91-8296e2a0c90c","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.mdb.*.UpdateUser or yandex.cloud.audit.mdb.*.CreateUser)","filters":[],"saved_id":"43c90e50-8efe-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"489272b0-8efd-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-16T07:55:56.206Z","updated_by":"admin","created_at":"2022-02-16T07:51:44.702Z","created_by":"admin","name":"DetectionRule: Yandexcloud: MDB Create cluster from not known admin","tags":[],"interval":"5m","enabled":true,"description":"d","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"f6aa7958-d776-439d-9b77-49b11893cb22","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":2,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.mdb.*.CreateCluster and not user.name : mirtov8@yandex-team.ru kirill@yandex-team.ru","filters":[],"saved_id":"e810ca40-8efc-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"40d74b00-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.893Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.887Z","created_by":"admin","name":"DetectionRule: Yandexcloud: resource-manager.cloud.owner events","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud: resource-manager.cloud.owner events","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"07bad1bd-0d51-46c5-b712-fedf1c18e5be","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and user.name : fdsgs","filters":[],"saved_id":"Yandexcloud: resource-manager.cloud.owner events","throttle":"no_actions","actions":[]} {"id":"40af50a0-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.889Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.887Z","created_by":"admin","name":"DetectionRule:Yandexcloud:Create public address without antiddos","tags":[],"interval":"2m","enabled":true,"description":"f","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-720s","rule_id":"5c24fd59-3469-42f0-afe7-72d4eddcc0f3","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.CreateAddress and not details.external_ipv4_address.requirements.ddos_protection_provider: qrator","filters":[],"saved_id":"Yandexcloud:Create public address without antiddos","throttle":"no_actions","actions":[]} {"id":"40acdfa0-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.880Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.886Z","created_by":"admin","name":"DetectionRule: Yandexcloud: Add public IP to VM","tags":[],"interval":"5m","enabled":true,"description":"s","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"42ba3879-ffe8-49ac-9fb0-eeecf423bb4e","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.AddInstanceOneToOneNat","filters":[],"saved_id":"Yandexcloud: Add public IP to VM","throttle":"no_actions","actions":[]} {"id":"409734c0-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.861Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.885Z","created_by":"admin","name":"DetectionRule:Yandexcloud:Create instance with Serialport","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud:Create instance with Serialport\n","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"0b0cc717-8f22-4515-9960-dc20f5d01efd","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.outcome : success and event.action: yandex.cloud.audit.compute.CreateInstance and details.metadata_serial_port_enable: 1","filters":[],"saved_id":"Yandexcloud:Create instance with Serialport","throttle":"no_actions","actions":[]} {"id":"40a95d30-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.865Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.884Z","created_by":"admin","name":"DetectionRule:Yandexcloud: Bind access rights to KMS key","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud: Bind access rights to KMS key","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"e5d280a4-344e-4dc9-850f-901c995e4dfc","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit. kms. *SymmetricKeyAccessBindings","filters":[],"saved_id":"Yandexcloud: Bind access rights to KMS key","throttle":"no_actions","actions":[]} {"id":"40d7e740-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.882Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.883Z","created_by":"admin","name":"DetectionRule:Yandexcloud: Any create or update SG (security group)","tags":[],"interval":"5m","enabled":true,"description":"j","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"cf51d89a-10ad-4ffb-9b42-a0c3bd622eb2","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.*SecurityGroup ","filters":[],"saved_id":"Yandexcloud: Any create or update SG (security group)","throttle":"no_actions","actions":[]} {"id":"4097f810-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.891Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.883Z","created_by":"admin","name":"DetectionRule:Yandexcloud: Add access binding VPC_publicAdmin","tags":[],"interval":"5m","enabled":true,"description":".","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"7f3baf3d-3aaa-4703-87cb-52933f9f6802","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: vpc.publicAdmin","filters":[],"saved_id":"Yandexcloud: Add access binding VPC_publicAdmin","throttle":"no_actions","actions":[]} {"id":"40abce30-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.873Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.882Z","created_by":"admin","name":"DetectionRule:Yandexcloud:Create dangerous 0.0.0.0 ACL:SG","tags":[],"interval":"5m","enabled":true,"description":".","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"e0d24656-6e91-4b00-8234-a81f32191c05","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":2,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and (event.action: yandex.cloud.audit.network.CreateSecurityGroup or yandex.cloud.audit.network.UpdateSecurityGroup) and details.rules.direction: INGRESS and details.rules.cidr_blocks.v4_cidr_blocks: *0.0.0.0*","filters":[],"saved_id":"Yandexcloud:Create dangerous 0.0.0.0 ACL:SG","throttle":"no_actions","actions":[]} {"id":"40d687b0-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.876Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.880Z","created_by":"admin","name":"DetectionRule:Yandexcloud: unauthorized events (permission denied)","tags":[],"interval":"5m","enabled":true,"description":"/","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"b0083d86-0aa6-42c3-ba5f-a32ab77e955d","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"threshold","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and error.message: Permission denied","filters":[],"saved_id":"Yandexcloud: unauthorized events (permission denied)","threshold":{"field":[],"value":3,"cardinality":[]},"throttle":"no_actions","actions":[]} {"id":"409782e0-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.870Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.880Z","created_by":"admin","name":"DetectionRule:Create instance without SG","tags":[],"interval":"5m","enabled":true,"description":"Create instance without SG","risk_score":99,"severity":"critical","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"2b2908f0-c6bd-4fa2-a0e6-fb9a9bbbe9a6","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.outcome : success and event.action: yandex.cloud.audit.compute.CreateInstance and not details.network_interfaces.security_group_ids: *","filters":[],"saved_id":"Yandexcloud:Create instance without SG","throttle":"no_actions","actions":[]} {"id":"40ae3f30-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.885Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.879Z","created_by":"admin","name":"DetectionRule:Yandexcloud:Create instances with public IP","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:Yandexcloud:Create instances with public IP","risk_score":21,"severity":"low","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"25bfca38-d61c-48c4-991b-81720652c2d9","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateInstance and details.network_interfaces.primary_v4_address.one_to_one_nat.address: *","filters":[],"saved_id":"Yandexcloud:Create instances with public IP","throttle":"no_actions","actions":[]} {"id":"40986d40-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.872Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.878Z","created_by":"admin","name":"DetectionRule: Yandexcloud: Connect admins from YC, Terraform","tags":[],"interval":"5m","enabled":true,"description":"\nYandexcloud: Connect admins from YC, Terraform","risk_score":21,"severity":"low","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"2b6594bd-9afc-4ad6-8715-9643a18e2817","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and (user_agent.original.keyword: *YC/* or user_agent.original.keyword: *Terraform*)","filters":[],"saved_id":"Yandexcloud: Connect admins from YC, Terraform","throttle":"no_actions","actions":[]} {"id":"40b08920-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.868Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.877Z","created_by":"admin","name":"DetectionRule: Yandexcloud: Create image from S3 uri","tags":[],"interval":"5m","enabled":true,"description":"\nYandexcloud: Create image from S3 uri","risk_score":21,"severity":"low","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"3185125a-4a91-468b-be49-0a998022d248","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateImage and cloud.image.source_uri: *","filters":[],"saved_id":"Yandexcloud: Create image from S3 uri","throttle":"no_actions","actions":[]} {"id":"40adf110-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.863Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.877Z","created_by":"admin","name":"DetectionRule:Yandexcloud:Creating of service-account's credentials (keys)","tags":[],"interval":"3m","enabled":true,"description":"DetectionRule:Yandexcloud:Creating of service-account's credentials (keys)","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-780s","rule_id":"8e2c23d7-fe29-4468-ba96-9c02356688d4","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.iam.CreateAccessKey or yandex.cloud.audit.iam.CreateKey or andex.cloud.audit.iam.CreateApiKey)","filters":[],"saved_id":"Yandexcloud:Creating of service-account's credentials (keys)","throttle":"no_actions","actions":[]} {"id":"40aabcc0-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.859Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.876Z","created_by":"admin","name":"DetectionRule:Yandexcloud: Create instance with marketplace image","tags":[],"interval":"5m","enabled":true,"description":"s","risk_score":21,"severity":"low","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"f39be9fe-3047-4c8d-b61d-9b87f99afc96","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":2,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and details.product_ids: *","filters":[],"saved_id":"Yandexcloud: Create instance with marketplace image","throttle":"no_actions","actions":[]} {"id":"40981f20-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.878Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.875Z","created_by":"admin","name":"DetectionRule:Yandexcloud: Bind IAM Admin role to resources","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud: Bind IAM Admin role to resources","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"a33bab4b-bbac-4b4a-9acd-997045226d0a","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: admin","filters":[],"saved_id":"Yandexcloud: Bind IAM Admin role to resources","throttle":"no_actions","actions":[]} {"id":"4097d100-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.884Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.871Z","created_by":"admin","name":"DetectionRule:Yandexcloud: Changes of S3 acl, policy","tags":[],"interval":"5m","enabled":true,"description":"s","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"88244e50-5974-434d-86ea-92db23c4796b","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.storage.BucketAclUpdate or yandex.cloud.audit.storage.BucketPolicyUpdate)","filters":[],"saved_id":"Yandexcloud: Changes of S3 acl, policy","throttle":"no_actions","actions":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/audit-trail/filters.ndjson ================================================ {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and (event.action: yandex.cloud.audit.network.CreateSecurityGroup or yandex.cloud.audit.network.UpdateSecurityGroup) and not user.name: mirtov8@yandex-team.ru kirill@yandex-team.ru"},"title":"Yandexcloud:VPC sec-group action from user not in list"},"coreMigrationVersion":"7.16.2","id":"ae9a0ae0-92f0-11ec-b8ee-4bf5e13b519b","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-21T08:31:36.083Z","version":"WzE5NTI4MywxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.storage.BucketAclUpdate and details.acl.grants.grant_type: \"ALL_USERS\""},"title":"Yandexcloud:ObjectStorage bacome public through ACL"},"coreMigrationVersion":"7.16.2","id":"706b4c60-92ec-11ec-b8ee-4bf5e13b519b","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-21T08:01:13.775Z","version":"WzE5NDM2NywxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.storage.BucketUpdate and (details.objects_access: true or details.settings_read_access: true or details.list_access: true)"},"title":"Yandexcloud:ObjectStorage become public"},"coreMigrationVersion":"7.16.2","id":"e6e68680-92eb-11ec-b8ee-4bf5e13b519b","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-21T07:57:23.057Z","version":"WzE5NDI2NywxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.kms.DeleteSymmetricKey"},"title":"Yandexcloud:KMS delete key"},"coreMigrationVersion":"7.16.2","id":"dfa221f0-92ea-11ec-b8ee-4bf5e13b519b","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-21T07:50:01.370Z","version":"WzE5Mzk1NCwxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and user.type: SERVICE_ACCOUNT and not source.ip: (\"51.250.0.0/17\" or \"31.44.8.0/21\" or \"62.84.112.0/20\" or \"84.201.128.0/18\" or \"84.252.128.0/20\" or \"130.193.32.0/19\" or \"178.154.192.0/18\" or \"178.170.222.0/24\" or \"185.206.164.0/22\" or \"193.32.216.0/22\" or \"217.28.224.0/20\") and source.ip: *"},"title":"Yandexcloud: IAM sa connect from outside of cloud"},"coreMigrationVersion":"7.16.2","id":"bfdff200-930f-11ec-b8ee-4bf5e13b519b","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-21T12:13:59.460Z","version":"WzIwMTg5MSwxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.compute.UpdateInstance or yandex.cloud.audit.compute.CreateInstance) and details.metadata_keys: secret key password pass token oauth aws_access_key_id and event.outcome : success"},"title":"Yandexcloud: Compute metadata key posible secret"},"coreMigrationVersion":"7.16.2","id":"8ca32c30-930b-11ec-b8ee-4bf5e13b519b","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-21T11:43:55.511Z","version":"WzIwMDkzMCwxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.outcome : success and event.action: (yandex.cloud.audit.compute.CreateInstance or yandex.cloud.audit.compute.UpdateInstance) and details.metadata_serial_port_enable: 1"},"title":"Yandexcloud:Create instance with Serialport"},"coreMigrationVersion":"7.16.2","id":"Yandexcloud:Create instance with Serialport","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-21T10:28:44.400Z","version":"WzE5ODY1NywxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.outcome : success and event.action: yandex.cloud.audit.compute.CreateInstance and not details.network_interfaces.security_group_ids: *"},"title":"Yandexcloud:Create instance without SG"},"coreMigrationVersion":"7.16.2","id":"Yandexcloud:Create instance without SG","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzY1LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.CreateAddress and not details.external_ipv4_address.requirements.ddos_protection_provider: qrator"},"title":"Yandexcloud:Create public address without antiddos"},"coreMigrationVersion":"7.16.2","id":"Yandexcloud:Create public address without antiddos","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzYzLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and error.message: Permission denied"},"title":"Yandexcloud: unauthorized events (permission denied)"},"coreMigrationVersion":"7.16.2","id":"Yandexcloud: unauthorized events (permission denied)","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzYyLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateInstance and details.network_interfaces.primary_v4_address.one_to_one_nat.address: *"},"title":"Yandexcloud:Create instances with public IP"},"coreMigrationVersion":"7.16.2","id":"Yandexcloud:Create instances with public IP","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzYwLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateInstance and details.network_interfaces.index: 1"},"title":"Yandexcloud:Create instances with 2 interfaces"},"coreMigrationVersion":"7.16.2","id":"Yandexcloud:Create instances with 2 interfaces","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzU5LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and (event.action: yandex.cloud.audit.network.CreateSecurityGroup or yandex.cloud.audit.network.UpdateSecurityGroup) and details.rules.direction: INGRESS and details.rules.cidr_blocks.v4_cidr_blocks: *0.0.0.0*"},"title":"Yandexcloud:Create dangerous 0.0.0.0 ACL:SG"},"coreMigrationVersion":"7.16.2","id":"Yandexcloud:Create dangerous 0.0.0.0 ACL:SG","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzU4LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.storage.BucketAclUpdate or yandex.cloud.audit.storage.BucketPolicyUpdate)"},"title":"Yandexcloud: Changes of S3 acl, policy"},"coreMigrationVersion":"7.16.2","id":"Yandexcloud: Changes of S3 acl, policy","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzU2LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: admin"},"title":"Yandexcloud: Bind IAM Admin role to resources"},"coreMigrationVersion":"7.16.2","id":"Yandexcloud: Bind IAM Admin role to resources","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzU1LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit. kms. *SymmetricKeyAccessBindings"},"title":"Yandexcloud: Bind access rights to KMS key"},"coreMigrationVersion":"7.16.2","id":"Yandexcloud: Bind access rights to KMS key","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzU0LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and details.product_ids: *"},"title":"Yandexcloud: Create instance with marketplace image"},"coreMigrationVersion":"7.16.2","id":"Yandexcloud: Create instance with marketplace image","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzUzLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.AddInstanceOneToOneNat"},"title":"Yandexcloud: Add public IP to VM"},"coreMigrationVersion":"7.16.2","id":"Yandexcloud: Add public IP to VM","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzUyLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.*SecurityGroup "},"title":"Yandexcloud: Any create or update SG (security group)"},"coreMigrationVersion":"7.16.2","id":"Yandexcloud: Any create or update SG (security group)","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzUxLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: vpc.publicAdmin"},"title":"Yandexcloud: Add access binding VPC_publicAdmin"},"coreMigrationVersion":"7.16.2","id":"Yandexcloud: Add access binding VPC_publicAdmin","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzUwLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and user.name : fdsgs"},"title":"Yandexcloud: resource-manager.cloud.owner events"},"coreMigrationVersion":"7.16.2","id":"Yandexcloud: resource-manager.cloud.owner events","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzQ5LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and (user_agent.original.keyword: *YC/* or user_agent.original.keyword: *Terraform*)"},"title":"Yandexcloud: Connect admins from YC, Terraform"},"coreMigrationVersion":"7.16.2","id":"Yandexcloud: Connect admins from YC, Terraform","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzQ4LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.mdb.*.DeleteCluster"},"title":"Yandexcloud: MDB Delete Cluster"},"coreMigrationVersion":"7.16.2","id":"20754ed0-8f05-11ec-b8ee-4bf5e13b519b","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-16T08:47:52.386Z","version":"WzI3Nzg2LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.mdb.*.UpdateUser or yandex.cloud.audit.mdb.*.CreateUser or yandex.cloud.audit.mdb.*.CreateCluster or yandex.cloud.audit.mdb.*.UpdateCluster ) and source.ip : (\"2a00:1fa0:474:9876:4cac:6c43:12aa:2bd2\" or \"2a00:1fa0:474:9876:4cac:6c43:12aa:2bd1\" )"},"title":"Yandexcloud: MDB Admin tasks from not trusted ip"},"coreMigrationVersion":"7.16.2","id":"b2fe8020-8f03-11ec-b8ee-4bf5e13b519b","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-16T08:37:39.239Z","version":"WzI3NTMyLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.mdb.*.CreateCluster and not user.name : mirtov8@yandex-team.ru kirill@yandex-team.ru"},"title":"Yandexcloud: MDB Create cluster from not known admin"},"coreMigrationVersion":"7.16.2","id":"e810ca40-8efc-11ec-b8ee-4bf5e13b519b","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-16T07:55:30.387Z","version":"WzI2NTEyLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.mdb.*.UpdateUser or yandex.cloud.audit.mdb.*.CreateUser)"},"title":"Yandexcloud: MDB Create or Update user"},"coreMigrationVersion":"7.16.2","id":"43c90e50-8efe-11ec-b8ee-4bf5e13b519b","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-16T07:58:45.178Z","version":"WzI2NjMzLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.iam.CreateAccessKey or yandex.cloud.audit.iam.CreateKey or yandex.cloud.audit.iam.CreateApiKey)"},"title":"Yandexcloud:Creating of service-account's credentials (keys)"},"coreMigrationVersion":"7.16.2","id":"Yandexcloud:Creating of service-account's credentials (keys)","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-15T14:52:46.910Z","version":"Wzc0MjgsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and not event.action: yandex.cloud.audit.compute.CreateImage and cloud.image.source_uri: \"https://storage.yandexcloud.net/action-log-123\""},"title":"Yandexcloud: Create image from S3 uri"},"coreMigrationVersion":"7.16.2","id":"Yandexcloud: Create image from S3 uri","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-15T13:47:05.499Z","version":"WzYwNTEsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.lockbox.UpdateSecretAccessBindings"},"title":"Yandexcloud: Lockbox access bindings"},"coreMigrationVersion":"7.16.2","id":"a18f3380-915f-11ec-b8ee-4bf5e13b519b","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-19T08:40:46.013Z","version":"WzEyMjE1MSwxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.UpdateInstance and details.service_account_id: ajeg2ar8m8o25u63dj9f"},"title":"Yandexcloud:Lockbox assign sa on vm with perm"},"coreMigrationVersion":"7.16.2","id":"2c9e1140-915f-11ec-b8ee-4bf5e13b519b","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-19T08:37:29.817Z","version":"WzEyMjA3MSwxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.lockbox.GetPayload and not user.id: ajeg2ar8m8o25u63dj9f and details.secret_name: secret1"},"title":"Yandexcloud:Lockbox read secret not from target user"},"coreMigrationVersion":"7.16.2","id":"506d3390-915e-11ec-b8ee-4bf5e13b519b","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-19T08:31:20.398Z","version":"WzEyMTgwMSwxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.lockbox.GetPayload and not source.ip: (\"51.250.0.0/17\" or \"31.44.8.0/21\" or \"62.84.112.0/20\" or \"84.201.128.0/18\" or \"84.252.128.0/20\" or \"130.193.32.0/19\" or \"178.154.192.0/18\" or \"178.170.222.0/24\" or \"185.206.164.0/22\" or \"193.32.216.0/22\" or \"217.28.224.0/20\")"},"title":"Yandexcloud:Lockbox read secret not from cloud"},"coreMigrationVersion":"7.16.2","id":"07515700-915d-11ec-b8ee-4bf5e13b519b","migrationVersion":{"query":"7.16.0"},"references":[],"type":"query","updated_at":"2022-02-19T08:24:31.577Z","version":"WzEyMTYyMCwxXQ=="} {"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":32,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/audit-trail/index-pattern.ndjson ================================================ {"attributes":{"fieldAttrs":"{\"cloud.cloud.id\":{\"count\":2},\"event.action\":{\"count\":4},\"cloud.cloud.name\":{\"count\":1},\"cloud.folder.name\":{\"count\":1},\"details.product_ids\":{\"count\":2},\"details.rules.cidr_blocks.v4_cidr_blocks\":{\"count\":1},\"event.id\":{\"count\":2},\"event.module\":{\"count\":3},\"event_time\":{\"count\":2},\"source.address\":{\"count\":2},\"source.ip\":{\"count\":2},\"user.authorization\":{\"count\":1},\"user.name\":{\"count\":1},\"user.type\":{\"count\":1},\"user_agent.original\":{\"count\":3},\"details.access_binding_deltas.access_binding.role_id\":{\"count\":1},\"details.access_binding_deltas.access_binding.subject_name\":{\"count\":1}}","fields":"[]","runtimeFieldMap":"{}","timeFieldName":"event_time","title":"audit-trails-*"},"coreMigrationVersion":"7.13.2","id":"33978670-e543-11eb-b941-f7bd9d79b315","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"type":"index-pattern","updated_at":"2021-07-15T14:58:22.148Z","version":"WzM5NDY0LDFd"} {"exportedCount":1,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/audit-trail/index-template.json ================================================ { "index_patterns": ["audit-trails-index*"], "template": { "settings": { "index": { "lifecycle": { "name": "audit-trails-ilm", "rollover_alias": "audit-trails-index" }, "number_of_replicas": "2" } }, "mappings": { "dynamic_templates": [], "properties": { "@timestamp": { "type": "date" }, "authentication": { "type": "object" }, "authorization": { "type": "object" }, "cloud": { "properties": { "cloud": { "properties": { "id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "folder": { "properties": { "id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "image": { "properties": { "id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "source_uri": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "instance": { "properties": { "id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "market_image": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "machine": { "properties": { "type": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "provider": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "service": { "properties": { "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "details": { "properties": { "access_binding_deltas": { "properties": { "access_binding": { "properties": { "role_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "subject_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "subject_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "subject_type": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "action": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "access_key_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "api_key_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "block_size": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "boot_disk": { "properties": { "auto_delete": { "type": "boolean" }, "device_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "disk_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "mode": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "boot_disk_spec": { "properties": { "auto_delete": { "type": "boolean" }, "disk_spec": { "properties": { "image_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "size": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "type_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "default_for_network": { "type": "boolean" }, "dhcp_options": { "type": "object" }, "disk_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "disk_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "folder_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "folder_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "fqdn": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "hostname": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "key_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "key_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "metadata_keys": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "metadata_serial_port_enable": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "network_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "network_interface_index": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "network_interface_specs": { "properties": { "primary_v4_address_spec": { "properties": { "one_to_one_nat_spec": { "properties": { "address": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "ip_version": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "security_group_ids": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "subnet_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "network_interfaces": { "properties": { "index": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "mac_address": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "primary_v4_address": { "properties": { "address": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "one_to_one_nat": { "properties": { "address": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "ip_version": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "security_group_ids": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "subnet_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "network_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "network_settings": { "properties": { "type": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "one_to_one_nat_spec": { "properties": { "ip_version": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "os": { "properties": { "type": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "placement_policy": { "type": "object" }, "product_ids": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "resources": { "properties": { "core_fraction": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "cores": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "memory": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "resources_spec": { "properties": { "core_fraction": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "cores": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "memory": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "rule": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "rules": { "properties": { "cidr_blocks": { "properties": { "v4_cidr_blocks": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "v6_cidr_blocks": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "description": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "direction": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "ports": { "properties": { "from_port": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "to_port": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "predefined_target": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "protocol_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "protocol_number": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "secondary_disk_specs": { "properties": { "auto_delete": { "type": "boolean" }, "disk_spec": { "properties": { "block_size": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "size": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "type_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "secondary_disks": { "properties": { "auto_delete": { "type": "boolean" }, "device_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "disk_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "mode": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "security_group_ids": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "security_group_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "service_account_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "service_account_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "size": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "source_image_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "subnet_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "subnet_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "type_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "update_mask": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "v4_cidr_blocks": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "zone_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "error": { "properties": { "code": { "type": "long" }, "details": { "properties": { "@type": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "locale": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "message": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "type": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "message": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "event": { "properties": { "action": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "category": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "dataset": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "kind": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "module": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "outcome": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "status": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "event_time": { "type": "date" }, "geoip": { "properties": { "location": { "type": "geo_point" } } }, "object_storage": { "properties": { "id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "request_metadata": { "properties": { "remote_address": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "request_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "resource_metadata": { "properties": { "path": { "properties": { "resource_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "resource_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "resource_type": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "security_group": { "properties": { "id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "source": { "properties": { "address": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "ip": { "type": "ip" } } }, "user": { "properties": { "authenticated": { "type": "boolean" }, "authorization": { "type": "boolean" }, "id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "type": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "user_agent": { "properties": { "original": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "aliases": {} } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/audit-trail/mapping.json ================================================ { "mappings" : { "properties" : { "authentication" : { "type" : "object" }, "authorization" : { "type" : "object" }, "@timestamp": { "type": "date" }, "geoip.location": { "type": "geo_point" }, "cloud" : { "properties" : { "cloud" : { "properties" : { "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "folder" : { "properties" : { "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "image" : { "properties" : { "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "source_uri" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "instance" : { "properties" : { "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "market_image" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "machine" : { "properties" : { "type" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "provider" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "service" : { "properties" : { "name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } } } }, "details" : { "properties" : { "access_binding_deltas" : { "properties" : { "access_binding" : { "properties" : { "role_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "subject_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "subject_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "subject_type" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "action" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "access_key_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "api_key_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "block_size" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "boot_disk" : { "properties" : { "auto_delete" : { "type" : "boolean" }, "device_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "disk_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "mode" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "boot_disk_spec" : { "properties" : { "auto_delete" : { "type" : "boolean" }, "disk_spec" : { "properties" : { "image_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "size" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "type_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } } } }, "default_for_network" : { "type" : "boolean" }, "dhcp_options" : { "type" : "object" }, "disk_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "disk_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "folder_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "folder_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "fqdn" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "hostname" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "key_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "key_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "metadata_keys" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "metadata_serial_port_enable" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "network_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "network_interface_index" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "network_interface_specs" : { "properties" : { "primary_v4_address_spec" : { "properties" : { "one_to_one_nat_spec" : { "properties" : { "address" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "ip_version" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } } } }, "security_group_ids" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "subnet_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "network_interfaces" : { "properties" : { "index" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "mac_address" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "primary_v4_address" : { "properties" : { "address" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "one_to_one_nat" : { "properties" : { "address" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "ip_version" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } } } }, "security_group_ids" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "subnet_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "network_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "network_settings" : { "properties" : { "type" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "one_to_one_nat_spec" : { "properties" : { "ip_version" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "os" : { "properties" : { "type" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "placement_policy" : { "type" : "object" }, "product_ids" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "resources" : { "properties" : { "core_fraction" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "cores" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "memory" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "resources_spec" : { "properties" : { "core_fraction" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "cores" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "memory" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "rule" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "rules" : { "properties" : { "cidr_blocks" : { "properties" : { "v4_cidr_blocks" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "v6_cidr_blocks" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "description" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "direction" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "ports" : { "properties" : { "from_port" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "to_port" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "predefined_target" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "protocol_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "protocol_number" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "secondary_disk_specs" : { "properties" : { "auto_delete" : { "type" : "boolean" }, "disk_spec" : { "properties" : { "block_size" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "size" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "type_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } } } }, "secondary_disks" : { "properties" : { "auto_delete" : { "type" : "boolean" }, "device_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "disk_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "mode" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "security_group_ids" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "security_group_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "service_account_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "service_account_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "size" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "source_image_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "subnet_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "subnet_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "type_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "update_mask" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "v4_cidr_blocks" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "zone_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "error" : { "properties" : { "code" : { "type" : "long" }, "details" : { "properties" : { "@type" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "locale" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "message" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "type" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "message" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "event" : { "properties" : { "action" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "category" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "dataset" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "kind" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "module" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "outcome" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "status" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "event_time" : { "type" : "date" }, "object_storage" : { "properties" : { "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "request_metadata" : { "properties" : { "remote_address" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "request_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "resource_metadata" : { "properties" : { "path" : { "properties" : { "resource_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "resource_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "resource_type" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } } } }, "security_group" : { "properties" : { "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "source" : { "properties" : { "address" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "ip" : { "type" : "ip" } } }, "user" : { "properties" : { "authenticated" : { "type" : "boolean" }, "authorization" : { "type" : "boolean" }, "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "type" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "user_agent" : { "properties" : { "original" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } } } } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/audit-trail/pipeline.json ================================================ { "description": "Audit Trails Ingest Pipeline", "processors": [ { "rename": { "field": "authentication.subject_name", "target_field": "user.name", "ignore_failure": true } }, { "rename": { "field": "details.instance_id", "target_field": "cloud.instance.id", "ignore_failure": true } }, { "rename": { "field": "details.instance_zone_id", "target_field": "cloud.availability_zone", "ignore_failure": true } }, { "rename": { "field": "details.platform_id", "target_field": "cloud.machine.type", "ignore_failure": true } }, { "rename": { "field": "details.instance_name", "target_field": "cloud.instance.name", "ignore_failure": true } }, { "rename": { "field": "event_type", "target_field": "event.action", "ignore_failure": true } }, { "rename": { "field": "event_source", "target_field": "event.module", "ignore_failure": true } }, { "rename": { "field": "event_status", "target_field": "event.status", "ignore_failure": true } }, { "rename": { "field": "event_id", "target_field": "event.id", "ignore_failure": true } }, { "rename": { "field": "authentication.subject_id", "target_field": "user.id", "ignore_failure": true } }, { "rename": { "field": "authentication.subject_name", "target_field": "user.name", "ignore_failure": true } }, { "rename": { "field": "authentication.subject_type", "target_field": "user.type", "ignore_failure": true } }, { "rename": { "field": "authorization.authorized", "target_field": "user.authorization", "ignore_failure": true } }, { "rename": { "field": "authentication.authenticated", "target_field": "user.authenticated", "ignore_failure": true } }, { "rename": { "field": "request_metadata.user_agent", "target_field": "user_agent.original", "ignore_failure": true } }, { "rename": { "field": "details.security_group_id", "target_field": "security_group.id", "ignore_failure": true } }, { "rename": { "field": "details.security_group_id", "target_field": "security_group.id", "ignore_failure": true } }, { "rename": { "field": "details.image_name", "target_field": "cloud.image.name", "ignore_failure": true } }, { "rename": { "field": "details.image_id", "target_field": "cloud.image.id", "ignore_failure": true } }, { "urldecode": { "field": "details.source_uri", "ignore_failure": true } }, { "rename": { "field": "details.source_uri", "target_field": "cloud.image.source_uri", "ignore_failure": true } }, { "rename": { "field": "details.bucket_id", "target_field": "object_storage.id", "ignore_failure": true } }, { "rename": { "field": "details.access_binding_deltas.access_binding.role_id", "target_field": "cloud.binding.role_id", "ignore_failure": true } }, { "set": { "field": "event.kind", "value": "event", "ignore_failure": true } }, { "set": { "field": "cloud.cloud.name", "value": "{{{resource_metadata.path.0.resource_name}}}", "ignore_failure": true } }, { "set": { "field": "cloud.folder.name", "value": "{{{resource_metadata.path.1.resource_name}}}", "ignore_failure": true } }, { "set": { "field": "cloud.cloud.id", "value": "{{{resource_metadata.path.0.resource_id}}}", "ignore_failure": true } }, { "set": { "field": "cloud.folder.id", "value": "{{{resource_metadata.path.1.resource_id}}}", "ignore_failure": true } }, { "set": { "field": "event.category", "value": ["configuration", "iam"], "ignore_failure": true } }, { "set": { "if": "ctx.event.status == 'DONE'", "field": "event.outcome", "value": "success", "ignore_failure": true } }, { "set": { "field": "event.dataset", "value": "yandexcloud.audittrail", "ignore_failure": true } }, { "set": { "field": "cloud.provider", "value": "yandexcloud", "ignore_failure": true } }, { "set": { "if": "ctx.request_metadata.remote_address != 'cloud.yandex'", "field": "source.ip", "value": "{{{request_metadata.remote_address}}}", "ignore_failure": true } }, { "convert" : { "field" : "source.ip", "type": "ip", "ignore_failure": true } }, { "geoip" : { "field" : "source.ip", "ignore_failure": true } }, { "convert" : { "field" : "source.ip", "type": "ip", "ignore_failure": true } }, { "set": { "field": "@timestamp", "value": "{{{event_time}}}", "ignore_failure": true } }, { "set": { "field": "cloud.service.name", "value": "audittrail", "ignore_failure": true } } ] } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/audit-trail/search.ndjson ================================================ {"attributes":{"columns":["cloud.cloud.name","cloud.folder.name","event.module","event.action","user.name","user.type","user.authorization","details.rules.cidr_blocks.v4_cidr_blocks","source.ip","user_agent.original","details.access_binding_deltas.access_binding.role_id","details.access_binding_deltas.access_binding.subject_name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["event_time","desc"]],"title":"Search:Yandexcloud: Yandexcloud: Interesting fields","version":1},"coreMigrationVersion":"7.13.2","id":"0f828e70-e579-11eb-b941-f7bd9d79b315","migrationVersion":{"search":"7.9.3"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2021-07-18T09:19:33.057Z","version":"WzE2NzYsMV0="} {"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and error.message: Permission denied\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["event_time","desc"]],"title":"unauthorized events","version":1},"coreMigrationVersion":"7.13.2","id":"90405c70-e8af-11eb-a019-4ff3eff5953f","migrationVersion":{"search":"7.9.3"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2021-07-19T16:37:10.206Z","version":"Wzc0MTQsMV0="} {"exportedCount":2,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-audit/dashboard.ndjson ================================================ {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":4,\"i\":\"ac6581bb-3b07-45af-b3d6-3c3e30b7fa0e\"},\"panelIndex\":\"ac6581bb-3b07-45af-b3d6-3c3e30b7fa0e\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Filters\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":12,\"h\":6,\"i\":\"df4da863-2133-4560-82f3-5c126ac27f14\"},\"panelIndex\":\"df4da863-2133-4560-82f3-5c126ac27f14\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1628927100713\",\"fieldName\":\"cluster_id.keyword\",\"parent\":\"\",\"label\":\"k8s-cluster_id\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_df4da863-2133-4560-82f3-5c126ac27f14_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Cluster filter\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":4,\"w\":12,\"h\":6,\"i\":\"58adfaa4-02bd-4b64-89cc-395d6ee0f968\"},\"panelIndex\":\"58adfaa4-02bd-4b64-89cc-395d6ee0f968\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1628927314788\",\"fieldName\":\"cloud_id.keyword\",\"parent\":\"\",\"label\":\"k8s-cloud_id\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_58adfaa4-02bd-4b64-89cc-395d6ee0f968_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Cloud filter\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":4,\"w\":12,\"h\":6,\"i\":\"7bd8bc93-77ba-4de0-a3ff-46dfb58b9109\"},\"panelIndex\":\"7bd8bc93-77ba-4de0-a3ff-46dfb58b9109\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1629308709541\",\"fieldName\":\"folder_id.keyword\",\"parent\":\"\",\"label\":\"k8s-folder_id\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_7bd8bc93-77ba-4de0-a3ff-46dfb58b9109_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Folder filter\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":4,\"w\":12,\"h\":6,\"i\":\"ff5a5c53-c294-4c2b-ad00-3011d042dbcb\"},\"panelIndex\":\"ff5a5c53-c294-4c2b-ad00-3011d042dbcb\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1629308369258\",\"fieldName\":\"objectRef.namespace.keyword\",\"parent\":\"\",\"label\":\"k8s-namespace\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_ff5a5c53-c294-4c2b-ad00-3011d042dbcb_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Namespace filter\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":10,\"w\":12,\"h\":4,\"i\":\"5c09dead-7faf-4100-8f5a-7dec81dfcae3\"},\"panelIndex\":\"5c09dead-7faf-4100-8f5a-7dec81dfcae3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\":{\"columns\":{\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\":{\"label\":\"Top values of cluster_url.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cluster_url.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"76b4703c-15ec-48d9-a55f-4f8b9ad61473\":{\"label\":\"Top values of cluster_id.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cluster_id.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"95107cd5-d71c-446d-be12-9ebe860cca6c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"76b4703c-15ec-48d9-a55f-4f8b9ad61473\",\"95107cd5-d71c-446d-be12-9ebe860cca6c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\",\"groups\":[\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"76b4703c-15ec-48d9-a55f-4f8b9ad61473\"],\"metric\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"hide\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"e2434170-8807-4c59-823d-345d4f235e8d\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Go to URL\",\"config\":{\"url\":{\"template\":\"{{event.value}}\"},\"openInNewTab\":true,\"encodeUrl\":true}}}]}},\"hidePanelTitles\":false},\"title\":\"Click on Cluster - go to YC concole\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":10,\"w\":12,\"h\":4,\"i\":\"ba1c70dc-01c5-4fe3-8920-0dc8b0285e9f\"},\"panelIndex\":\"ba1c70dc-01c5-4fe3-8920-0dc8b0285e9f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\":{\"columns\":{\"95107cd5-d71c-446d-be12-9ebe860cca6c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\":{\"label\":\"Top values of cloud_id.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cloud_id.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"95107cd5-d71c-446d-be12-9ebe860cca6c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\",\"groups\":[\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\"],\"metric\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"hide\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"e2434170-8807-4c59-823d-345d4f235e8d\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Go to URL\",\"config\":{\"url\":{\"template\":\"https://console.cloud.yandex.ru/\"},\"openInNewTab\":true,\"encodeUrl\":true}}}]}},\"hidePanelTitles\":false},\"title\":\"Click on Cloud - go to YC concole\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":10,\"w\":12,\"h\":4,\"i\":\"14c3ebb9-6592-4fb5-ab34-2a8ab1e0ab04\"},\"panelIndex\":\"14c3ebb9-6592-4fb5-ab34-2a8ab1e0ab04\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\":{\"columns\":{\"57147c6c-713f-4793-865a-1d671e3f141c\":{\"label\":\"Top values of folder_id.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"folder_id.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"95107cd5-d71c-446d-be12-9ebe860cca6c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"57147c6c-713f-4793-865a-1d671e3f141c\",\"95107cd5-d71c-446d-be12-9ebe860cca6c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\",\"groups\":[\"57147c6c-713f-4793-865a-1d671e3f141c\"],\"metric\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"hide\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"e2434170-8807-4c59-823d-345d4f235e8d\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Go to URL\",\"config\":{\"url\":{\"template\":\"https://console.cloud.yandex.ru/folders/{{event.value}}\"},\"openInNewTab\":true,\"encodeUrl\":true}}}]}},\"hidePanelTitles\":false},\"title\":\"Click on Folder - go to YC concole\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":14,\"w\":48,\"h\":4,\"i\":\"7a112312-c097-4205-9f74-38913eae2169\"},\"panelIndex\":\"7a112312-c097-4205-9f74-38913eae2169\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":true,\"markdown\":\"Main k8s audit Events\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":15,\"i\":\"8fbf0969-9a83-426c-b42a-0e8d2a8f10c2\"},\"panelIndex\":\"8fbf0969-9a83-426c-b42a-0e8d2a8f10c2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":false,\\\"id\\\":\\\"road_map\\\"},\\\"id\\\":\\\"99115329-feb3-42c6-b426-dff8bd1e1b3a\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"type\\\":\\\"VECTOR_TILE\\\",\\\"areLabelsOnTop\\\":false},{\\\"sourceDescriptor\\\":{\\\"indexPatternId\\\":\\\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\\\",\\\"geoField\\\":\\\"geoip.location\\\",\\\"filterByMapBounds\\\":true,\\\"scalingType\\\":\\\"CLUSTERS\\\",\\\"id\\\":\\\"5728ef62-6dc0-4b27-b048-7ffda088d201\\\",\\\"type\\\":\\\"ES_SEARCH\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"tooltipProperties\\\":[],\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"topHitsSplitField\\\":\\\"\\\",\\\"topHitsSize\\\":1},\\\"id\\\":\\\"04fbaa00-b4ba-40db-b46e-8a6dd6d12d04\\\",\\\"label\\\":\\\"success-connect-from-ip\\\",\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.91,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"VECTOR\\\",\\\"properties\\\":{\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"fillColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"}},\\\"lineColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#41937c\\\"}},\\\"lineWidth\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":1}},\\\"iconSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":6}},\\\"iconOrientation\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"orientation\\\":0}},\\\"labelText\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"\\\"}},\\\"labelColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"}},\\\"labelSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":14}},\\\"labelBorderColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"}},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}}},\\\"isTimeAware\\\":true},\\\"type\\\":\\\"BLENDED_VECTOR\\\",\\\"joins\\\":[],\\\"query\\\":{\\\"query\\\":\\\"not responseStatus.status : Failure\\\",\\\"language\\\":\\\"kuery\\\"}}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.41,\\\"center\\\":{\\\"lon\\\":78.63166,\\\"lat\\\":57.21062},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15d\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"event.dataset : yandexcloud.k8s_audit_logs and source.ip : * and not responseStatus.status : Failure\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"mapCenter\":{\"lat\":57.21062,\"lon\":78.63166,\"zoom\":1.41},\"mapBuffer\":{\"minLon\":-338.10414000000003,\"minLat\":-9.879624999999994,\"maxLon\":495.36745999999994,\"maxLat\":104.90343499999999},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Connect from ip\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":10,\"i\":\"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c\"},\"panelIndex\":\"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b770c4de-625b-4d6b-9cd2-caf7372d5d6a\":{\"columns\":{\"e0074aab-0bf9-478b-94c1-f607c5dbf1be\":{\"label\":\"Top values of event.dataset.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.dataset.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"8a74805c-8582-46c0-8d53-920a919f9b59\":{\"label\":\"stageTimestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"stageTimestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"e0074aab-0bf9-478b-94c1-f607c5dbf1be\",\"8a74805c-8582-46c0-8d53-920a919f9b59\",\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"top\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b770c4de-625b-4d6b-9cd2-caf7372d5d6a\",\"accessors\":[\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"8a74805c-8582-46c0-8d53-920a919f9b59\",\"palette\":{\"type\":\"palette\",\"name\":\"temperature\"},\"splitAccessor\":\"e0074aab-0bf9-478b-94c1-f607c5dbf1be\"}]},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-b770c4de-625b-4d6b-9cd2-caf7372d5d6a\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Events-by-time\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":28,\"w\":12,\"h\":14,\"i\":\"398a8ba3-0ffc-40ee-90e1-c1547938d171\"},\"panelIndex\":\"398a8ba3-0ffc-40ee-90e1-c1547938d171\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"c76f346d-f6d6-4f9e-acb8-f5dde656e783\":{\"columns\":{\"b659aca0-0f1f-4408-8cea-1eea232bfe93\":{\"label\":\"Top values of objectRef.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"b659aca0-0f1f-4408-8cea-1eea232bfe93\",\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"c76f346d-f6d6-4f9e-acb8-f5dde656e783\",\"groups\":[\"b659aca0-0f1f-4408-8cea-1eea232bfe93\"],\"metric\":\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.namespace.keyword: kube-system and verb : create and objectRef.resource.keyword: pods and objectRef.name : * and not objectRef.name : (*calico* or *dns* or *npd* or *proxy* or *metrics* or *csi* or *masq* or *hubble*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-c76f346d-f6d6-4f9e-acb8-f5dde656e783\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Create pod in kube-system\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":14,\"i\":\"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb\"},\"panelIndex\":\"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5\":{\"columns\":{\"71c8af00-7864-4ca6-a20d-0e43a80da354\":{\"label\":\"Top values of requestObject.status.containerStatuses.image.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"requestObject.status.containerStatuses.image.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"71c8af00-7864-4ca6-a20d-0e43a80da354\",\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5\",\"groups\":[\"71c8af00-7864-4ca6-a20d-0e43a80da354\"],\"metric\":\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and not requestObject.status.containerStatuses.image.keyword: *cr.yandex/* and requestObject.status.containerStatuses.containerID : *docker* and verb : patch and not requestObject.status.containerStatuses.image.keyword: (*falco* or *openpolicyagent* or *kyverno* or *k8s.gcr.io*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Images not from YC CR\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":33,\"w\":13,\"h\":9,\"i\":\"1d2c60a9-c570-45b0-8f49-e577c74e9ce3\"},\"panelIndex\":\"1d2c60a9-c570-45b0-8f49-e577c74e9ce3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"8e37793f-a2a3-48b0-a4b5-dda752e958b9\":{\"columns\":{\"239f6c81-2f8e-43e6-94ce-e92b61c1a91a\":{\"label\":\"Current Cluster Admins\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"239f6c81-2f8e-43e6-94ce-e92b61c1a91a\",\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"239f6c81-2f8e-43e6-94ce-e92b61c1a91a\"},{\"isTransposed\":false,\"columnId\":\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\",\"hidden\":true}],\"layerId\":\"8e37793f-a2a3-48b0-a4b5-dda752e958b9\"},\"query\":{\"query\":\"user.groups.keyword: *admin*\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-8e37793f-a2a3-48b0-a4b5-dda752e958b9\"}]},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":13,\"y\":33,\"w\":11,\"h\":9,\"i\":\"4d0ab419-47d3-48bd-9e5e-93a563e20aee\"},\"panelIndex\":\"4d0ab419-47d3-48bd-9e5e-93a563e20aee\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b5bee140-5f01-4de3-9395-d279acb203dc\":{\"columns\":{\"48e660f4-62fa-4dfa-a1b4-670c9af71d59\":{\"label\":\"Top values of objectRef.resource.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.resource.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"4eda6d99-05c3-4ab8-a294-4632c9442157\":{\"label\":\"Top values of requestObject.subjects.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"requestObject.subjects.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"48e660f4-62fa-4dfa-a1b4-670c9af71d59\",\"4eda6d99-05c3-4ab8-a294-4632c9442157\",\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b5bee140-5f01-4de3-9395-d279acb203dc\",\"accessors\":[\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"48e660f4-62fa-4dfa-a1b4-670c9af71d59\",\"splitAccessor\":\"4eda6d99-05c3-4ab8-a294-4632c9442157\"}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and requestObject.roleRef.name.keyword:(cluster-admin or admin) and objectRef.resource.keyword: (clusterrolebindings or rolebindings) and verb : create and not responseObject.reason : AlreadyExists\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-b5bee140-5f01-4de3-9395-d279acb203dc\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Assign Cluster-admin/admin\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":42,\"w\":17,\"h\":8,\"i\":\"9e45767a-451f-48a1-b421-17738c299cd9\"},\"panelIndex\":\"9e45767a-451f-48a1-b421-17738c299cd9\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"row\":false},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"NetworkPolicy:create/delete/update\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"cluster_id.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"split\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"verb.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and requestObject.kind.keyword: (NetworkPolicy or CiliumNetworkPolicy or DeleteOptions) and verb : (create or update or delete) and objectRef.resource : networkpolicies\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"NetworkPolicy:create/delete/update\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":17,\"y\":42,\"w\":17,\"h\":8,\"i\":\"7a0555be-d5f3-4aeb-9159-f48d7264d40c\"},\"panelIndex\":\"7a0555be-d5f3-4aeb-9159-f48d7264d40c\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"row\":false},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Exec to container\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"cluster_id.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Cluster_id\"},\"schema\":\"split\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"objectRef.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.subresource.keyword: exec\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Exec to container\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":34,\"y\":42,\"w\":14,\"h\":8,\"i\":\"b6d054cd-bca1-49a6-affb-7b115b76af5a\"},\"panelIndex\":\"b6d054cd-bca1-49a6-affb-7b115b76af5a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"18ea127c-2267-4d24-9893-d3ef85942514\":{\"columns\":{\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\":{\"label\":\"Unique count of user.name.keyword\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":false},\"c94a437d-970d-4c55-89a7-499d47032bc8\":{\"label\":\"ServiceAccounts\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":15,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true}},\"columnOrder\":[\"c94a437d-970d-4c55-89a7-499d47032bc8\",\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"18ea127c-2267-4d24-9893-d3ef85942514\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\",\"hidden\":true},{\"columnId\":\"c94a437d-970d-4c55-89a7-499d47032bc8\",\"isTransposed\":false,\"alignment\":\"left\"}]},\"query\":{\"query\":\"user.name : *serviceaccount*\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:certificate-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:certificate-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:coredns\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-1\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:coredns\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:cronjob-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-2\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:cronjob-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:generic-garbage-collector\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-3\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:generic-garbage-collector\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:job-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-4\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:job-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:endpointslice-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-5\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:endpointslice-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:endpoint-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-6\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:endpoint-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:calico-node\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-7\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:calico-node\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:kube-proxy\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-8\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:kube-proxy\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":null,\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"objectRef.namespace\",\"params\":{\"query\":\"kube-system\"},\"indexRefName\":\"filter-index-pattern-9\"},\"query\":{\"match_phrase\":{\"objectRef.namespace\":\"kube-system\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:kube-dns-autoscaler\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-10\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:kube-dns-autoscaler\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:daemon-set-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-11\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:daemon-set-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:metrics-server\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-12\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:metrics-server\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:pod-garbage-collector\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-13\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:pod-garbage-collector\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:node-problem-detector\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-14\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:node-problem-detector\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:typha-cpha\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-15\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:typha-cpha\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:service-account-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-16\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:service-account-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:resourcequota-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-17\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:resourcequota-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:replicaset-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-18\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:replicaset-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:namespace-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-19\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:namespace-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:typha-cpva\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-20\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:typha-cpva\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:gatekeeper-system:gatekeeper-admin\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-21\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:gatekeeper-system:gatekeeper-admin\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:cilium-operator\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-22\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:cilium-operator\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:cilium\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-23\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:cilium\"}},\"$state\":{\"store\":\"appState\"}}]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-18ea127c-2267-4d24-9893-d3ef85942514\"},{\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-1\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-2\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-3\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-4\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-5\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-6\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-7\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-8\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-9\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-10\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-11\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-12\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-13\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-14\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-15\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-16\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-17\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-18\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-19\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-20\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-21\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-22\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-23\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"}]},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":50,\"w\":34,\"h\":9,\"i\":\"96fdb671-a668-4ffc-9ad1-792d69551764\"},\"panelIndex\":\"96fdb671-a668-4ffc-9ad1-792d69551764\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"id\\\":\\\"dark_map\\\",\\\"isAutoSelect\\\":false},\\\"id\\\":\\\"1a56b9d3-c903-4286-8d75-48b62bf38532\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"type\\\":\\\"VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"indexPatternId\\\":\\\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\\\",\\\"geoField\\\":\\\"geoip.location\\\",\\\"requestType\\\":\\\"heatmap\\\",\\\"id\\\":\\\"65583363-2a0b-40ce-bf98-40ff54ad224e\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"resolution\\\":\\\"FINE\\\"},\\\"id\\\":\\\"519e1390-4055-4be7-a5bc-537bb78eea07\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.58,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"HEATMAP\\\",\\\"colorRampName\\\":\\\"theclassic\\\"},\\\"type\\\":\\\"HEATMAP\\\"}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.45,\\\"center\\\":{\\\"lon\\\":54.04753,\\\"lat\\\":56.32976},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15d\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"event.dataset : yandexcloud.k8s_audit_logs and responseStatus.reason : Forbidden and not user.name : (system*node* or *gatekeeper* or *kyverno* or *proxy* or *scheduler* or *anonymous* or *csi* or *controller*)\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"mapCenter\":{\"lat\":56.32976,\"lon\":54.04753,\"zoom\":1.45},\"mapBuffer\":{\"minLon\":-521.14941,\"minLat\":21.676450000000003,\"maxLon\":629.2444700000001,\"maxLat\":84.75865},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":34,\"y\":50,\"w\":14,\"h\":9,\"i\":\"bb843cd6-969c-4aae-a37c-978d2fe0bbef\"},\"panelIndex\":\"bb843cd6-969c-4aae-a37c-978d2fe0bbef\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"d401535b-665e-442b-a312-9edd3c1ebcc0\":{\"columns\":{\"61acda83-5d64-453e-9ca1-16b129cc2b42\":{\"label\":\"Top values of user.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"56667c46-e4e6-4a18-9613-12d027ca7a16\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"ece5248d-0578-44e8-b245-bc2de86f37f4\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"56667c46-e4e6-4a18-9613-12d027ca7a16\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"61acda83-5d64-453e-9ca1-16b129cc2b42\",\"ece5248d-0578-44e8-b245-bc2de86f37f4\",\"56667c46-e4e6-4a18-9613-12d027ca7a16\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"palette\":{\"type\":\"palette\",\"name\":\"gray\"},\"layerId\":\"d401535b-665e-442b-a312-9edd3c1ebcc0\",\"seriesType\":\"bar_stacked\",\"xAccessor\":\"ece5248d-0578-44e8-b245-bc2de86f37f4\",\"splitAccessor\":\"61acda83-5d64-453e-9ca1-16b129cc2b42\",\"accessors\":[\"56667c46-e4e6-4a18-9613-12d027ca7a16\"]}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseStatus.reason : Forbidden and not user.name : (system*node* or *gatekeeper* or *kyverno* or *proxy* or *scheduler* or *anonymous* or *csi* or *controller*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-d401535b-665e-442b-a312-9edd3c1ebcc0\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Unauthorized events\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":39,\"y\":91,\"w\":9,\"h\":9,\"i\":\"93384633-a71f-4441-8beb-cbb5cab7c514\"},\"panelIndex\":\"93384633-a71f-4441-8beb-cbb5cab7c514\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"goal\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"isDisplayWarning\":true,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":1}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"rgba(105,112,125,0.2)\",\"width\":2},\"type\":\"meter\",\"style\":{\"bgFill\":\"rgba(105,112,125,0.2)\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"uiState\":{\"vis\":{\"defaultColors\":{\"0 - 1\":\"rgb(0,104,55)\"}}},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Delete-OPA-Gatekeeper \"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"verb.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"group\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.name.keyword: gatekeeper-validating-webhook-configuration and verb : delete\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":59,\"w\":48,\"h\":4,\"i\":\"a64da002-402b-4924-857f-80adf4045df5\"},\"panelIndex\":\"a64da002-402b-4924-857f-80adf4045df5\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Falco\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":63,\"w\":24,\"h\":15,\"i\":\"bb303e9f-9d56-4352-8271-144e10090f10\"},\"panelIndex\":\"bb303e9f-9d56-4352-8271-144e10090f10\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b5f5f904-241e-4808-929b-d6c61b0d845e\":{\"columns\":{\"0b9303c6-773b-467e-b335-c7a13beed79b\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"c2e6d82b-b390-48c0-b1ff-afbdcbe9fa2d\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"3f101617-85f4-4a62-b192-27622ceca47f\":{\"label\":\"Top values of rule.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c2e6d82b-b390-48c0-b1ff-afbdcbe9fa2d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"3f101617-85f4-4a62-b192-27622ceca47f\",\"0b9303c6-773b-467e-b335-c7a13beed79b\",\"c2e6d82b-b390-48c0-b1ff-afbdcbe9fa2d\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"title\":\"Empty XY chart\",\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b5f5f904-241e-4808-929b-d6c61b0d845e\",\"accessors\":[\"c2e6d82b-b390-48c0-b1ff-afbdcbe9fa2d\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"0b9303c6-773b-467e-b335-c7a13beed79b\",\"splitAccessor\":\"3f101617-85f4-4a62-b192-27622ceca47f\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-b5f5f904-241e-4808-929b-d6c61b0d845e\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":63,\"w\":24,\"h\":15,\"i\":\"ee4203e6-a295-4720-9d5e-e20ee2a38a2b\"},\"panelIndex\":\"ee4203e6-a295-4720-9d5e-e20ee2a38a2b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"f1fa275e-3030-4d8d-93e0-038c0ba2aee2\":{\"columns\":{\"06cc94fc-d0df-4742-a836-9d9c3c683d1d\":{\"label\":\"Top values of priority.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"priority.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1aee363d-08e6-40a3-bc0c-1a62bc0178e0\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"1aee363d-08e6-40a3-bc0c-1a62bc0178e0\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"06cc94fc-d0df-4742-a836-9d9c3c683d1d\",\"1aee363d-08e6-40a3-bc0c-1a62bc0178e0\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"f1fa275e-3030-4d8d-93e0-038c0ba2aee2\",\"groups\":[\"06cc94fc-d0df-4742-a836-9d9c3c683d1d\"],\"metric\":\"1aee363d-08e6-40a3-bc0c-1a62bc0178e0\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-f1fa275e-3030-4d8d-93e0-038c0ba2aee2\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts priority\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":78,\"w\":24,\"h\":9,\"i\":\"4122552f-ee4a-4659-8ac3-f32f5c569040\"},\"panelIndex\":\"4122552f-ee4a-4659-8ac3-f32f5c569040\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"d7e22e01-f122-4914-9497-50a6c5131ec1\":{\"columns\":{\"0d3f381e-296a-44ed-b225-d294a723e50e\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"091825e2-e58b-4fff-90ee-b40ee8f67bdb\":{\"label\":\"Top values of rule.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"0d3f381e-296a-44ed-b225-d294a723e50e\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"a1d905fd-e30d-48c0-b6b8-1524c5599846\":{\"label\":\"Top values of output_fields.k8s.pod.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"output_fields.k8s.pod.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"0d3f381e-296a-44ed-b225-d294a723e50e\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"091825e2-e58b-4fff-90ee-b40ee8f67bdb\",\"a1d905fd-e30d-48c0-b6b8-1524c5599846\",\"0d3f381e-296a-44ed-b225-d294a723e50e\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"0d3f381e-296a-44ed-b225-d294a723e50e\",\"alignment\":\"center\",\"hidden\":false},{\"columnId\":\"091825e2-e58b-4fff-90ee-b40ee8f67bdb\",\"isTransposed\":true},{\"columnId\":\"a1d905fd-e30d-48c0-b6b8-1524c5599846\",\"isTransposed\":false}],\"layerId\":\"d7e22e01-f122-4914-9497-50a6c5131ec1\"},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_falco and not objectRef.namespace: falco\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-d7e22e01-f122-4914-9497-50a6c5131ec1\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts by pods\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":78,\"w\":24,\"h\":9,\"i\":\"2f6bdfef-a904-4646-8396-7acf1c0c1e18\"},\"panelIndex\":\"2f6bdfef-a904-4646-8396-7acf1c0c1e18\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"9fa77b9a-7144-42fc-af7f-eb840de9af1d\":{\"columns\":{\"c3fdbe00-8b18-43fc-befb-259232bd760e\":{\"label\":\"Top values of objectRef.namespace.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.namespace.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"80445d9d-55cc-4e28-b821-3b5148d04bf3\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"80445d9d-55cc-4e28-b821-3b5148d04bf3\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"c3fdbe00-8b18-43fc-befb-259232bd760e\",\"80445d9d-55cc-4e28-b821-3b5148d04bf3\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"9fa77b9a-7144-42fc-af7f-eb840de9af1d\",\"groups\":[\"c3fdbe00-8b18-43fc-befb-259232bd760e\"],\"metric\":\"80445d9d-55cc-4e28-b821-3b5148d04bf3\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_falco and not objectRef.namespace: falco\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-9fa77b9a-7144-42fc-af7f-eb840de9af1d\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts by Namespaces\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":87,\"w\":48,\"h\":4,\"i\":\"5abb0208-9bcf-42f2-8376-ee20d8047f2a\"},\"panelIndex\":\"5abb0208-9bcf-42f2-8376-ee20d8047f2a\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Policy Engine\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":91,\"w\":5,\"h\":9,\"i\":\"e1d27ba4-c45c-431e-933b-0a174c71d48c\"},\"panelIndex\":\"e1d27ba4-c45c-431e-933b-0a174c71d48c\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":1},{\"from\":1,\"to\":100000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":76}}},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"OPA-Gatekeeper-Detections\"},\"schema\":\"metric\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\\\" admission webhook \\\\\\\\\\\\\\\"validation.gatekeeper.sh\\\\\\\\\\\\\\\" denied the request\\\" and not objectRef.namespace : falco and not user.name : system\\\\\\\\\\\\:serviceaccount\\\\\\\\\\\\:kube-system\\\\\\\\\\\\:daemon-set-controller\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":5,\"y\":91,\"w\":9,\"h\":9,\"i\":\"f9181782-c266-4c44-860e-dc37a48bf08f\"},\"panelIndex\":\"f9181782-c266-4c44-860e-dc37a48bf08f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"6f2deb01-002f-4a18-bee7-7968ad39a8a7\":{\"columns\":{\"443941ae-37bd-4230-a7c2-3eec6b193f37\":{\"label\":\"Top values of user.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1708471f-d516-4b55-a792-7263d51215ba\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"1708471f-d516-4b55-a792-7263d51215ba\":{\"label\":\"OPA-Gatekeeper detection\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"443941ae-37bd-4230-a7c2-3eec6b193f37\",\"1708471f-d516-4b55-a792-7263d51215ba\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"6f2deb01-002f-4a18-bee7-7968ad39a8a7\",\"groups\":[\"443941ae-37bd-4230-a7c2-3eec6b193f37\"],\"metric\":\"1708471f-d516-4b55-a792-7263d51215ba\",\"numberDisplay\":\"value\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\\\" admission webhook \\\\\\\\\\\\\\\"validation.gatekeeper.sh\\\\\\\\\\\\\\\" denied the request\\\" and not objectRef.namespace : falco and not user.name : system\\\\\\\\\\\\:serviceaccount\\\\\\\\\\\\:kube-system\\\\\\\\\\\\:daemon-set-controller\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-6f2deb01-002f-4a18-bee7-7968ad39a8a7\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"opa-by-user(yc iam user get --id )\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":91,\"w\":10,\"h\":9,\"i\":\"2e60d3e4-f6f6-4666-9708-8af23008ed32\"},\"panelIndex\":\"2e60d3e4-f6f6-4666-9708-8af23008ed32\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"6f2deb01-002f-4a18-bee7-7968ad39a8a7\":{\"columns\":{\"33d5d2ad-315b-4fc7-8950-8b2aba74870d\":{\"label\":\"Top values of objectRef.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dd5a06c0-b486-4e3f-bdc0-d39cad693a1d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"dd5a06c0-b486-4e3f-bdc0-d39cad693a1d\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"33d5d2ad-315b-4fc7-8950-8b2aba74870d\",\"dd5a06c0-b486-4e3f-bdc0-d39cad693a1d\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"6f2deb01-002f-4a18-bee7-7968ad39a8a7\",\"groups\":[\"33d5d2ad-315b-4fc7-8950-8b2aba74870d\"],\"metric\":\"dd5a06c0-b486-4e3f-bdc0-d39cad693a1d\",\"numberDisplay\":\"value\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\\\" admission webhook \\\\\\\\\\\\\\\"validation.gatekeeper.sh\\\\\\\\\\\\\\\" denied the request\\\" and not objectRef.namespace : falco and not user.name : system\\\\\\\\\\\\:serviceaccount\\\\\\\\\\\\:kube-system\\\\\\\\\\\\:daemon-set-controller\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-6f2deb01-002f-4a18-bee7-7968ad39a8a7\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"opa-by-objects\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":91,\"w\":15,\"h\":9,\"i\":\"ad54fa9e-40c4-4c74-85c2-543efeef1004\"},\"panelIndex\":\"ad54fa9e-40c4-4c74-85c2-543efeef1004\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"07f20f17-d0d3-4d63-b030-7980f218c412\":{\"columns\":{\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"a22a71c8-b6c2-4025-a490-fb1bebc6c1ee\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"3h\"}},\"fa0a3f8e-d61b-4c02-b25d-e4b7fa9692b2\":{\"label\":\"Top values of objectRef.resource.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.resource.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"fa0a3f8e-d61b-4c02-b25d-e4b7fa9692b2\",\"a22a71c8-b6c2-4025-a490-fb1bebc6c1ee\",\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"07f20f17-d0d3-4d63-b030-7980f218c412\",\"seriesType\":\"bar_stacked\",\"xAccessor\":\"a22a71c8-b6c2-4025-a490-fb1bebc6c1ee\",\"splitAccessor\":\"fa0a3f8e-d61b-4c02-b25d-e4b7fa9692b2\",\"accessors\":[\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"]}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.apiGroup.keyword: constraints.gatekeeper.sh and (verb : delete or update) and not user.name : \\\"system:serviceaccount:gatekeeper-system:gatekeeper-admin\\\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-07f20f17-d0d3-4d63-b030-7980f218c412\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"OPA-constraint-delete/update\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":100,\"w\":24,\"h\":9,\"i\":\"52a3db41-876c-451f-9f9e-d36eba9c0e0b\"},\"panelIndex\":\"52a3db41-876c-451f-9f9e-d36eba9c0e0b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b268ea32-45f2-49ca-acc2-0f3b7663868a\":{\"columns\":{\"f55c68b6-5d53-4a2e-b042-8a8cf206dc02\":{\"label\":\"Top values of responseStatus.reason.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"responseStatus.reason.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c9e5ace9-d76e-4864-a4f6-0ba014cbaa50\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"f0ffb8b7-7d70-4a94-a059-52312f25611d\":{\"label\":\"requestReceivedTimestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"requestReceivedTimestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"1h\"}},\"c9e5ace9-d76e-4864-a4f6-0ba014cbaa50\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"f55c68b6-5d53-4a2e-b042-8a8cf206dc02\",\"f0ffb8b7-7d70-4a94-a059-52312f25611d\",\"c9e5ace9-d76e-4864-a4f6-0ba014cbaa50\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b268ea32-45f2-49ca-acc2-0f3b7663868a\",\"accessors\":[\"c9e5ace9-d76e-4864-a4f6-0ba014cbaa50\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"f0ffb8b7-7d70-4a94-a059-52312f25611d\",\"splitAccessor\":\"f55c68b6-5d53-4a2e-b042-8a8cf206dc02\"}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\\\" admission webhook \\\\\\\\\\\\\\\"validation.gatekeeper.sh\\\\\\\\\\\\\\\" denied the request\\\" and not objectRef.namespace : falco and not user.name : system\\\\\\\\\\\\:serviceaccount\\\\\\\\\\\\:kube-system\\\\\\\\\\\\:daemon-set-controller\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-b268ea32-45f2-49ca-acc2-0f3b7663868a\"}]},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"OPA detections\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":100,\"w\":24,\"h\":9,\"i\":\"c6b6d024-0094-4079-934f-37468ec76121\"},\"panelIndex\":\"c6b6d024-0094-4079-934f-37468ec76121\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"097ddfd1-df10-4f0c-b6f6-567a5c0de7f3\":{\"columns\":{\"eb7cdf1a-0219-41d8-9e2c-793f94c76d2e\":{\"label\":\"Constraint\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"responseStatus.reason.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"ccf0f200-e0e4-4085-bc47-f07b383d5bed\":{\"label\":\"User_id\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"01d7da50-fd9c-4044-8956-ecca57ba6241\":{\"label\":\"IP address\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.ip\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"a14d5ec1-9213-4ea8-9f6e-4d71237b5a60\":{\"label\":\"Namespace\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.namespace.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"4de4eb95-f0d5-4691-841c-bff0aee30ecb\":{\"label\":\"Cluster_id\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cluster_id.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"1dddd46e-3924-48c4-995a-32206cea8932\":{\"label\":\"Url \",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cluster_url.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"eb7cdf1a-0219-41d8-9e2c-793f94c76d2e\",\"ccf0f200-e0e4-4085-bc47-f07b383d5bed\",\"01d7da50-fd9c-4044-8956-ecca57ba6241\",\"a14d5ec1-9213-4ea8-9f6e-4d71237b5a60\",\"4de4eb95-f0d5-4691-841c-bff0aee30ecb\",\"1dddd46e-3924-48c4-995a-32206cea8932\",\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"eb7cdf1a-0219-41d8-9e2c-793f94c76d2e\",\"width\":183},{\"isTransposed\":false,\"columnId\":\"ccf0f200-e0e4-4085-bc47-f07b383d5bed\",\"width\":233.66666666666669},{\"isTransposed\":false,\"columnId\":\"01d7da50-fd9c-4044-8956-ecca57ba6241\"},{\"isTransposed\":false,\"columnId\":\"a14d5ec1-9213-4ea8-9f6e-4d71237b5a60\"},{\"isTransposed\":false,\"columnId\":\"4de4eb95-f0d5-4691-841c-bff0aee30ecb\"},{\"isTransposed\":false,\"columnId\":\"1dddd46e-3924-48c4-995a-32206cea8932\"},{\"isTransposed\":false,\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\",\"hidden\":true}],\"layerId\":\"097ddfd1-df10-4f0c-b6f6-567a5c0de7f3\"},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\\\" admission webhook \\\\\\\\\\\\\\\"validation.gatekeeper.sh\\\\\\\\\\\\\\\" denied the request\\\" and not objectRef.namespace : falco and not user.name : system\\\\\\\\\\\\:serviceaccount\\\\\\\\\\\\:kube-system\\\\\\\\\\\\:daemon-set-controller\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-097ddfd1-df10-4f0c-b6f6-567a5c0de7f3\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"ca676417-5a6b-4866-ac55-1c1106303bab\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Go to URL\",\"config\":{\"url\":{\"template\":\"{{event.value}}\"},\"openInNewTab\":true,\"encodeUrl\":true}}}]}}}},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":109,\"w\":48,\"h\":4,\"i\":\"65d3b016-7acd-4b7d-98c4-81be7dd52f6f\"},\"panelIndex\":\"65d3b016-7acd-4b7d-98c4-81be7dd52f6f\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Log Stream k8s audit\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":113,\"w\":48,\"h\":17,\"i\":\"ed79a50e-9a59-475a-8e0c-d41b0cb84acd\"},\"panelIndex\":\"ed79a50e-9a59-475a-8e0c-d41b0cb84acd\",\"embeddableConfig\":{\"enhancements\":{},\"columns\":[\"cloud_id\",\"cluster_id\",\"objectRef.namespace\",\"source.ip\",\"requestURI\",\"user.name\",\"objectRef.name\",\"verb\",\"responseObject.reason\"]},\"panelRefName\":\"panel_ed79a50e-9a59-475a-8e0c-d41b0cb84acd\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":130,\"w\":48,\"h\":4,\"i\":\"451d6aa9-4bfd-4990-8be4-eb9418118f68\"},\"panelIndex\":\"451d6aa9-4bfd-4990-8be4-eb9418118f68\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Log Stream Falco\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":134,\"w\":48,\"h\":14,\"i\":\"67217f20-9098-444f-abd6-89ef5f7086ba\"},\"panelIndex\":\"67217f20-9098-444f-abd6-89ef5f7086ba\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_67217f20-9098-444f-abd6-89ef5f7086ba\"}]","timeRestore":false,"title":"k8s-dashboard-opa","version":1},"coreMigrationVersion":"7.13.4","id":"08c3b370-1792-11ec-a10e-0d206e63071e","migrationVersion":{"dashboard":"7.13.1"},"references":[{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"df4da863-2133-4560-82f3-5c126ac27f14:control_df4da863-2133-4560-82f3-5c126ac27f14_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"58adfaa4-02bd-4b64-89cc-395d6ee0f968:control_58adfaa4-02bd-4b64-89cc-395d6ee0f968_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"7bd8bc93-77ba-4de0-a3ff-46dfb58b9109:control_7bd8bc93-77ba-4de0-a3ff-46dfb58b9109_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ff5a5c53-c294-4c2b-ad00-3011d042dbcb:control_ff5a5c53-c294-4c2b-ad00-3011d042dbcb_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"5c09dead-7faf-4100-8f5a-7dec81dfcae3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"5c09dead-7faf-4100-8f5a-7dec81dfcae3:indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ba1c70dc-01c5-4fe3-8920-0dc8b0285e9f:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ba1c70dc-01c5-4fe3-8920-0dc8b0285e9f:indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"14c3ebb9-6592-4fb5-ab34-2a8ab1e0ab04:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"14c3ebb9-6592-4fb5-ab34-2a8ab1e0ab04:indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"8fbf0969-9a83-426c-b42a-0e8d2a8f10c2:layer_1_source_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c:indexpattern-datasource-layer-b770c4de-625b-4d6b-9cd2-caf7372d5d6a","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"398a8ba3-0ffc-40ee-90e1-c1547938d171:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"398a8ba3-0ffc-40ee-90e1-c1547938d171:indexpattern-datasource-layer-c76f346d-f6d6-4f9e-acb8-f5dde656e783","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb:indexpattern-datasource-layer-f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"1d2c60a9-c570-45b0-8f49-e577c74e9ce3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"1d2c60a9-c570-45b0-8f49-e577c74e9ce3:indexpattern-datasource-layer-8e37793f-a2a3-48b0-a4b5-dda752e958b9","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"4d0ab419-47d3-48bd-9e5e-93a563e20aee:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"4d0ab419-47d3-48bd-9e5e-93a563e20aee:indexpattern-datasource-layer-b5bee140-5f01-4de3-9395-d279acb203dc","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"9e45767a-451f-48a1-b421-17738c299cd9:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"7a0555be-d5f3-4aeb-9159-f48d7264d40c:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:indexpattern-datasource-layer-18ea127c-2267-4d24-9893-d3ef85942514","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-0","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-1","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-2","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-3","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-5","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-6","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-7","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-8","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-9","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-10","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-11","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-12","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-13","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-14","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-15","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-16","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-17","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-18","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-19","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-20","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-21","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-22","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-23","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"96fdb671-a668-4ffc-9ad1-792d69551764:layer_1_source_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"bb843cd6-969c-4aae-a37c-978d2fe0bbef:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"bb843cd6-969c-4aae-a37c-978d2fe0bbef:indexpattern-datasource-layer-d401535b-665e-442b-a312-9edd3c1ebcc0","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"93384633-a71f-4441-8beb-cbb5cab7c514:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"bb303e9f-9d56-4352-8271-144e10090f10:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"bb303e9f-9d56-4352-8271-144e10090f10:indexpattern-datasource-layer-b5f5f904-241e-4808-929b-d6c61b0d845e","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"ee4203e6-a295-4720-9d5e-e20ee2a38a2b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"ee4203e6-a295-4720-9d5e-e20ee2a38a2b:indexpattern-datasource-layer-f1fa275e-3030-4d8d-93e0-038c0ba2aee2","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"4122552f-ee4a-4659-8ac3-f32f5c569040:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"4122552f-ee4a-4659-8ac3-f32f5c569040:indexpattern-datasource-layer-d7e22e01-f122-4914-9497-50a6c5131ec1","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"2f6bdfef-a904-4646-8396-7acf1c0c1e18:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"2f6bdfef-a904-4646-8396-7acf1c0c1e18:indexpattern-datasource-layer-9fa77b9a-7144-42fc-af7f-eb840de9af1d","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"e1d27ba4-c45c-431e-933b-0a174c71d48c:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"f9181782-c266-4c44-860e-dc37a48bf08f:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"f9181782-c266-4c44-860e-dc37a48bf08f:indexpattern-datasource-layer-6f2deb01-002f-4a18-bee7-7968ad39a8a7","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"2e60d3e4-f6f6-4666-9708-8af23008ed32:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"2e60d3e4-f6f6-4666-9708-8af23008ed32:indexpattern-datasource-layer-6f2deb01-002f-4a18-bee7-7968ad39a8a7","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ad54fa9e-40c4-4c74-85c2-543efeef1004:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ad54fa9e-40c4-4c74-85c2-543efeef1004:indexpattern-datasource-layer-07f20f17-d0d3-4d63-b030-7980f218c412","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"52a3db41-876c-451f-9f9e-d36eba9c0e0b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"52a3db41-876c-451f-9f9e-d36eba9c0e0b:indexpattern-datasource-layer-b268ea32-45f2-49ca-acc2-0f3b7663868a","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"c6b6d024-0094-4079-934f-37468ec76121:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"c6b6d024-0094-4079-934f-37468ec76121:indexpattern-datasource-layer-097ddfd1-df10-4f0c-b6f6-567a5c0de7f3","type":"index-pattern"},{"id":"0a358990-fcd0-11eb-b912-d99e9986f72b","name":"ed79a50e-9a59-475a-8e0c-d41b0cb84acd:panel_ed79a50e-9a59-475a-8e0c-d41b0cb84acd","type":"search"},{"id":"ed3ba9e0-0040-11ec-aa1d-f5144cfe34d1","name":"67217f20-9098-444f-abd6-89ef5f7086ba:panel_67217f20-9098-444f-abd6-89ef5f7086ba","type":"search"}],"type":"dashboard","updated_at":"2021-09-17T08:35:04.523Z","version":"WzM2ODU5MCwxXQ=="} {"exportedCount":1,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-audit/detections.ndjson ================================================ {"id":"089dc0c0-002c-11ec-aa1d-f5144cfe34d1","updated_at":"2021-08-18T13:56:06.674Z","updated_by":"admin","created_at":"2021-08-18T13:56:06.674Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:image-not-from-yc-registry","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:image-not-from-yc-registry","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"28ec2635-a78a-4c8d-a579-4042e09939f2","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and not requestObject.status.containerStatuses.image.keyword: *cr.yandex/* and requestObject.status.containerStatuses.containerID : *docker* and verb : patch","filters":[],"saved_id":"Yandexcloud:k8s:image-not-from-yandex-registry","throttle":"no_actions","actions":[]} {"id":"089dc0c1-002c-11ec-aa1d-f5144cfe34d1","updated_at":"2021-08-18T13:56:06.673Z","updated_by":"admin","created_at":"2021-08-18T13:56:06.673Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:network-policys-actions","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:network-policys-actions","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"474d9912-60ef-4eb5-9421-9c9f59293a21","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and requestObject.kind.keyword: (NetworkPolicy or CiliumNetworkPolicy) and verb : (create or update or delete)","filters":[],"saved_id":"Yandexcloud:k8s:network-policy-actions","throttle":"no_actions","actions":[]} {"id":"089d4b90-002c-11ec-aa1d-f5144cfe34d1","updated_at":"2021-08-18T13:56:06.672Z","updated_by":"admin","created_at":"2021-08-18T13:56:06.672Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:OPA-Getakeeper-detect","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:OPA-Getakeeper-detect","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"7c905776-61a1-41ee-bee2-ffab2039fe93","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and objectRef.namespace.keyword: kube-system and verb : create and objectRef.resource.keyword: pods","filters":[],"saved_id":"Yandexcloud:k8s:create-pod-in-kube-system","throttle":"no_actions","actions":[]} {"id":"08a0ce00-002c-11ec-aa1d-f5144cfe34d1","updated_at":"2021-08-18T13:56:06.672Z","updated_by":"admin","created_at":"2021-08-18T13:56:06.672Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:OPA-Constraint-delete/update","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:OPA-Constraint-delete/update","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"e999cbf9-caa1-400d-8ad8-7e1e65418f13","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and objectRef.apiGroup.keyword: constraints.gatekeeper.sh and (verb : delete or update) and not user.name : \"system:serviceaccount:gatekeeper-system:gatekeeper-admin\"","filters":[],"saved_id":"Yandexcloud:k8s:OPA-delete-constraint","throttle":"no_actions","actions":[]} {"id":"089d99b0-002c-11ec-aa1d-f5144cfe34d1","updated_at":"2021-08-18T13:56:06.671Z","updated_by":"admin","created_at":"2021-08-18T13:56:06.671Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:kyverno-detect","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:kyverno-detect","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"fc7e6413-a246-4587-a1e3-bd9aeec423f6","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":2,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\" admission webhook \\\\\\\"validate.kyverno.svc\\\\\\\" denied the request\" and not objectRef.namespace : falco and not user.name : system\\\\\\:serviceaccount\\\\\\:kube-system\\\\\\:daemon-set-controller","filters":[],"saved_id":"Yandexcloud:k8s:kyverno-gatekeeper-detection","throttle":"no_actions","actions":[]} {"id":"089de7d0-002c-11ec-aa1d-f5144cfe34d1","updated_at":"2021-08-18T13:56:06.670Z","updated_by":"admin","created_at":"2021-08-18T13:56:06.670Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:OPA-Getakeeper-detect","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:OPA-Getakeeper-detect","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"6e259e12-bcb7-465e-b77c-d99edd184fad","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\" admission webhook \\\\\\\"validation.gatekeeper.sh\\\\\\\" denied the request\"","filters":[],"saved_id":"Yandexcloud:k8s:opa-gatekeeper-detection","throttle":"no_actions","actions":[]} {"id":"089e0ee0-002c-11ec-aa1d-f5144cfe34d1","updated_at":"2021-08-18T13:56:06.669Z","updated_by":"admin","created_at":"2021-08-18T13:56:06.669Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:delete-OPA-Getakeeper","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:delete-OPA-Getakeeper","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"2fdb80ec-d83a-45d4-ba6b-0ebcad525897","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and objectRef.name.keyword: gatekeeper-validating-webhook-configuration and verb : delete","filters":[],"saved_id":"Yandexcloud:k8s:delete-opa-gatekeeper","throttle":"no_actions","actions":[]} {"id":"089d72a0-002c-11ec-aa1d-f5144cfe34d1","updated_at":"2021-08-18T13:56:06.668Z","updated_by":"admin","created_at":"2021-08-18T13:56:06.668Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:kyverno-delete-policy","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:kyverno-delete-policy","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"fc40233a-8b80-4bb2-9e7c-cf2cc6659321","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and objectRef.apiGroup.keyword: kyverno.io and (verb : delete or update) and objectRef.resource.keyword: *policies","filters":[],"saved_id":"Yandexcloud:k8s:kyverno-delete-policy","throttle":"no_actions","actions":[]} {"id":"089cfd70-002c-11ec-aa1d-f5144cfe34d1","updated_at":"2021-08-18T13:56:06.667Z","updated_by":"admin","created_at":"2021-08-18T13:56:06.667Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:exec-to-container","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:exec-to-container","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"45961de8-b47e-45ea-bb92-4ac60276d015","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and objectRef.subresource.keyword: exec","filters":[],"saved_id":"Yandexcloud:k8s:exec-to-container","throttle":"no_actions","actions":[]} {"id":"089d2480-002c-11ec-aa1d-f5144cfe34d1","updated_at":"2021-08-19T20:30:56.032Z","updated_by":"admin","created_at":"2021-08-18T13:56:06.667Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:unauthorized-events","tags":[],"interval":"4m","enabled":true,"description":"DetectionRule:k8s:unauthorized-events","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-840s","rule_id":"a063432d-83e2-4850-aa90-bd7f566fcfb0","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":3,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and responseStatus.reason : Forbidden and not user.name : (system*node* or *gatekeeper* or *kyverno* or *proxy* or *scheduler* or *anonymous* or *csi* or *controller*)","filters":[],"saved_id":"Yandexcloud:k8s:unauthorized-events","throttle":"no_actions","actions":[]} {"id":"089ab380-002c-11ec-aa1d-f5144cfe34d1","updated_at":"2021-08-18T13:56:06.666Z","updated_by":"admin","created_at":"2021-08-18T13:56:06.666Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:assign-cluster-admin_or_admin","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:assign-cluster-admin_or_admin","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"5f6a2573-014e-4837-a4cb-d0eca9aa38a5","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and requestObject.roleRef.name.keyword:(cluster-admin or admin) and objectRef.resource.keyword: clusterrolebindings and verb : create and not responseObject.reason : AlreadyExists","filters":[],"saved_id":"Yandexcloud:k8s:assign-cluster-admin_or_admin","throttle":"no_actions","actions":[]} {"id":"089ada90-002c-11ec-aa1d-f5144cfe34d1","updated_at":"2021-08-18T13:56:06.665Z","updated_by":"admin","created_at":"2021-08-18T13:56:06.665Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:kyverno-delete","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:kyverno-delete","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"b9d171b6-8bd6-4485-9289-80173c45b0fe","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and objectRef.name.keyword: kyverno-resource-validating-webhook-cfg and verb : delete ","filters":[],"saved_id":"Yandexcloud:k8s:delete-kyverno","throttle":"no_actions","actions":[]} {"id":"08423340-002c-11ec-aa1d-f5144cfe34d1","updated_at":"2021-08-18T13:56:06.664Z","updated_by":"admin","created_at":"2021-08-18T13:56:06.664Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:falco:delete","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:falco:delete","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"55f9b001-35a7-4a67-a9d1-09e6233e34db","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and verb : delete and objectRef.namespace.keyword: falco and objectRef.resource.keyword : daemonsets","filters":[],"saved_id":"Yandexcloud:k8s:falco:delete","throttle":"no_actions","actions":[]} {"id":"08419700-002c-11ec-aa1d-f5144cfe34d1","updated_at":"2021-08-18T13:56:06.661Z","updated_by":"admin","created_at":"2021-08-18T13:56:06.661Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:falco:alerts","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:falco:alerts","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"5489ba19-3ac0-4bde-8277-20edaa4a70ca","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-falco*"],"query":"event.dataset : yandexcloud.k8s_falco","filters":[],"saved_id":"Yandexcloud:k8s:falco:alerts","throttle":"no_actions","actions":[]} {"exported_count":14,"missing_rules":[],"missing_rules_count":0} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-audit/filters.ndjson ================================================ {"attributes":{"description":"","query":{"language":"kuery","query":"event.dataset : yandexcloud.k8s_audit_logs and source.ip : * and not responseStatus.status : Failure"},"title":"Yandexcloud:k8s:success-connect-from-ip"},"coreMigrationVersion":"7.13.4","id":"Yandexcloud:k8s:success-connect-from-ip","references":[],"type":"query","updated_at":"2021-08-14T06:41:36.105Z","version":"WzE4NzY1LDJd"} {"attributes":{"description":"","query":{"language":"kuery","query":"event.dataset : yandexcloud.k8s_audit_logs and objectRef.apiGroup.keyword: constraints.gatekeeper.sh and (verb : delete or update) and not user.name : \"system:serviceaccount:gatekeeper-system:gatekeeper-admin\""},"title":"Yandexcloud:k8s:OPA-delete-constraint"},"coreMigrationVersion":"7.13.4","id":"Yandexcloud:k8s:OPA-delete-constraint","references":[],"type":"query","updated_at":"2021-08-14T10:19:04.753Z","version":"WzIzODU3LDJd"} {"attributes":{"description":"","query":{"language":"kuery","query":"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\" admission webhook \\\\\\\"validation.gatekeeper.sh\\\\\\\" denied the request\" and not objectRef.namespace : falco and not user.name : system\\\\\\:serviceaccount\\\\\\:kube-system\\\\\\:daemon-set-controller"},"title":"Yandexcloud:k8s:opa-gatekeeper-detection"},"coreMigrationVersion":"7.13.4","id":"Yandexcloud:k8s:opa-gatekeeper-detection","references":[],"type":"query","updated_at":"2021-08-14T10:39:11.947Z","version":"WzI0NTE1LDJd"} {"attributes":{"description":"","query":{"language":"kuery","query":"event.dataset : yandexcloud.k8s_audit_logs and objectRef.name.keyword: gatekeeper-validating-webhook-configuration and verb : delete"},"title":"Yandexcloud:k8s:delete-opa-gatekeeper"},"coreMigrationVersion":"7.13.4","id":"Yandexcloud:k8s:delete-opa-gatekeeper","references":[],"type":"query","updated_at":"2021-08-14T13:34:34.285Z","version":"WzI3OTQ4LDJd"} {"attributes":{"description":"","query":{"language":"kuery","query":"event.dataset : yandexcloud.k8s_audit_logs and requestObject.roleRef.name.keyword:(cluster-admin or admin) and objectRef.resource.keyword: (clusterrolebindings or rolebinding) and verb : create and not responseObject.reason : AlreadyExists"},"title":"Yandexcloud:k8s:assign-cluster-admin_or_admin"},"coreMigrationVersion":"7.13.4","id":"Yandexcloud:k8s:assign-cluster-admin_or_admin","references":[],"type":"query","updated_at":"2021-08-14T15:14:22.880Z","version":"WzMwMjEzLDJd"} {"attributes":{"description":"","query":{"language":"kuery","query":"event.dataset : yandexcloud.k8s_audit_logs and requestObject.kind.keyword: (NetworkPolicy or CiliumNetworkPolicy) and verb : (create or update or delete)"},"title":"Yandexcloud:k8s:network-policy-actions"},"coreMigrationVersion":"7.13.4","id":"Yandexcloud:k8s:network-policy-actions","references":[],"type":"query","updated_at":"2021-08-14T15:45:06.806Z","version":"WzMwOTc1LDJd"} {"attributes":{"description":"","query":{"language":"kuery","query":"event.dataset : yandexcloud.k8s_audit_logs and objectRef.subresource.keyword: exec"},"title":"Yandexcloud:k8s:exec-to-container"},"coreMigrationVersion":"7.13.4","id":"Yandexcloud:k8s:exec-to-container","references":[],"type":"query","updated_at":"2021-08-14T16:44:55.898Z","version":"WzMyOTYwLDJd"} {"attributes":{"description":"","query":{"language":"kuery","query":"event.dataset : yandexcloud.k8s_audit_logs and not requestObject.status.containerStatuses.image.keyword: *cr.yandex/* and requestObject.status.containerStatuses.containerID : *docker* and verb : patch and not requestObject.status.containerStatuses.image.keyword: (*falco* or *openpolicyagent* or *kyverno* or *k8s.gcr.io*)"},"title":"Yandexcloud:k8s:image-not-from-yandex-registry"},"coreMigrationVersion":"7.13.4","id":"Yandexcloud:k8s:image-not-from-yandex-registry","references":[],"type":"query","updated_at":"2021-08-14T18:18:08.075Z","version":"WzM1Njk0LDJd"} {"attributes":{"description":"","query":{"language":"kuery","query":"event.dataset : yandexcloud.k8s_audit_logs and objectRef.namespace.keyword: kube-system and verb : create and objectRef.resource.keyword: pods and objectRef.name : * and not objectRef.name : (*calico* or *dns* or *npd* or *proxy* or *metrics* or *csi* or *masq*)"},"title":"Yandexcloud:k8s:create-pod-in-kube-system"},"coreMigrationVersion":"7.13.4","id":"Yandexcloud:k8s:create-pod-in-kube-system","references":[],"type":"query","updated_at":"2021-08-14T18:32:03.515Z","version":"WzM2MzM1LDJd"} {"attributes":{"description":"","query":{"language":"kuery","query":"event.dataset : yandexcloud.k8s_audit_logs and responseObject.status.keyword: Failure and responseObject.message :\" admission webhook \\\\\\\"validate.kyverno.svc\\\\\\\" denied the request\" and not objectRef.namespace : falco and not user.name : system\\\\\\:serviceaccount\\\\\\:kube-system\\\\\\:daemon-set-controller"},"title":"Yandexcloud:k8s:kyverno-gatekeeper-detection"},"coreMigrationVersion":"7.13.4","id":"Yandexcloud:k8s:kyverno-gatekeeper-detection","references":[],"type":"query","updated_at":"2021-08-15T07:26:17.210Z","version":"WzUyOTU5LDJd"} {"attributes":{"description":"","query":{"language":"kuery","query":"event.dataset : yandexcloud.k8s_audit_logs and objectRef.apiGroup.keyword: kyverno.io and (verb : delete or update) and objectRef.resource.keyword: *policies"},"title":"Yandexcloud:k8s:kyverno-delete-policy"},"coreMigrationVersion":"7.13.4","id":"Yandexcloud:k8s:kyverno-delete-policy","references":[],"type":"query","updated_at":"2021-08-15T07:37:31.671Z","version":"WzUzMzMwLDJd"} {"attributes":{"description":"","query":{"language":"kuery","query":"event.dataset : yandexcloud.k8s_audit_logs and objectRef.name.keyword: kyverno-resource-validating-webhook-cfg and verb : delete "},"title":"Yandexcloud:k8s:delete-kyverno"},"coreMigrationVersion":"7.13.4","id":"Yandexcloud:k8s:delete-kyverno","references":[],"type":"query","updated_at":"2021-08-15T07:51:19.771Z","version":"WzUzNzA0LDJd"} {"attributes":{"description":"","query":{"language":"kuery","query":"event.dataset : yandexcloud.k8s_audit_logs and responseStatus.reason : Forbidden and not user.name : (system*node* or *gatekeeper* or *kyverno* or *proxy* or *scheduler* or *anonymous* or *csi* or *controller*)"},"title":"Yandexcloud:k8s:unauthorized-events"},"coreMigrationVersion":"7.13.4","id":"Yandexcloud:k8s:unauthorized-events","references":[],"type":"query","updated_at":"2021-08-15T08:03:38.140Z","version":"WzU0MTExLDJd"} {"exportedCount":13,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-audit/index-pattern.ndjson ================================================ {"attributes":{"fieldAttrs":"{}","fields":"[]","runtimeFieldMap":"{}","timeFieldName":"stageTimestamp","title":"k8s-audit*"},"coreMigrationVersion":"7.13.2","id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"type":"index-pattern","updated_at":"2021-08-09T09:27:42.659Z","version":"WzMwODI4OCwyXQ=="} {"exportedCount":1,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-audit/index-template.json ================================================ { "index_patterns": ["k8s-audit-index*"], "template": { "settings": { "index": { "lifecycle": { "name": "k8s-audit-ilm", "rollover_alias": "k8s-audit" }, "number_of_replicas": "2" } }, "mappings": { "properties": { "@timestamp": { "type": "date" }, "annotations": { "properties": { "authentication": { "properties": { "k8s": { "properties": { "io/legacy-token": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "authorization": { "properties": { "k8s": { "properties": { "io/decision": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "io/reason": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "k8s": { "properties": { "io/deprecated": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "io/removed-release": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "auditID": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "cloud": { "properties": { "provider": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "service": { "properties": { "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "cloud_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "cluster_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "cluster_url": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "event": { "properties": { "category": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "dataset": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "kind": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "status": { "type": "long" } } }, "folder_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "geoip": { "properties": { "continent_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "country_iso_code": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "country_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "location": { "type": "geo_point" } } }, "level": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "objectRef": { "properties": { "apiGroup": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "apiVersion": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "namespace": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "resource": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "resourceVersion": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "subresource": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "uid": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "requestObject": { "properties": { "allowVolumeExpansion": { "type": "boolean" }, "apiVersion": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "kind": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "metadata": { "properties": { "annotations": { "properties": { "checksum/certs": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "checksum/config": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "checksum/rules": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "control-plane": { "properties": { "alpha": { "properties": { "kubernetes": { "properties": { "io/leader": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } } } }, "rbac": { "properties": { "authorization": { "properties": { "kubernetes": { "properties": { "io/autoupdate": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } } } }, "storageclass": { "properties": { "kubernetes": { "properties": { "io/is-default-class": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } } } }, "creationTimestamp": { "type": "date" }, "generateName": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "labels": { "properties": { "addonmanager": { "properties": { "kubernetes": { "properties": { "io/mode": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "app": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "controller-revision-hash": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "kubernetes": { "properties": { "io/bootstrapping": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "pod-template-generation": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "role": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "managedFields": { "properties": { "apiVersion": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "fieldsType": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "fieldsV1": { "properties": { "f:metadata": { "properties": { "f:annotations": { "properties": { "f:control-plane": { "properties": { "alpha": { "properties": { "kubernetes": { "properties": { "io/leader": { "type": "object" } } } } } } } } } } } } }, "manager": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "operation": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "time": { "type": "date" } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "namespace": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "ownerReferences": { "properties": { "apiVersion": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "blockOwnerDeletion": { "type": "boolean" }, "controller": { "type": "boolean" }, "kind": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "uid": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "resourceVersion": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "selfLink": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "uid": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "parameters": { "properties": { "csi": { "properties": { "storage": { "properties": { "k8s": { "properties": { "io/fstype": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } } } }, "type": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "provisioner": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "reclaimPolicy": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "roleRef": { "properties": { "apiGroup": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "kind": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "spec": { "properties": { "affinity": { "properties": { "nodeAffinity": { "properties": { "requiredDuringSchedulingIgnoredDuringExecution": { "properties": { "nodeSelectorTerms": { "properties": { "matchFields": { "properties": { "key": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "operator": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "values": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } } } } } } } }, "containers": { "properties": { "args": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "env": { "properties": { "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "image": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "imagePullPolicy": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "livenessProbe": { "properties": { "failureThreshold": { "type": "long" }, "httpGet": { "properties": { "path": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "port": { "type": "long" }, "scheme": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "initialDelaySeconds": { "type": "long" }, "periodSeconds": { "type": "long" }, "successThreshold": { "type": "long" }, "timeoutSeconds": { "type": "long" } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "readinessProbe": { "properties": { "failureThreshold": { "type": "long" }, "httpGet": { "properties": { "path": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "port": { "type": "long" }, "scheme": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "initialDelaySeconds": { "type": "long" }, "periodSeconds": { "type": "long" }, "successThreshold": { "type": "long" }, "timeoutSeconds": { "type": "long" } } }, "resources": { "properties": { "limits": { "properties": { "cpu": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "memory": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "requests": { "properties": { "cpu": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "memory": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "securityContext": { "properties": { "privileged": { "type": "boolean" } } }, "terminationMessagePath": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "terminationMessagePolicy": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "volumeMounts": { "properties": { "mountPath": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "readOnly": { "type": "boolean" } } } } }, "dnsPolicy": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "enableServiceLinks": { "type": "boolean" }, "hostNetwork": { "type": "boolean" }, "restartPolicy": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "schedulerName": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "securityContext": { "type": "object" }, "serviceAccount": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "serviceAccountName": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "terminationGracePeriodSeconds": { "type": "long" }, "tolerations": { "properties": { "effect": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "key": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "operator": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "volumes": { "properties": { "configMap": { "properties": { "defaultMode": { "type": "long" }, "items": { "properties": { "key": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "path": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "hostPath": { "properties": { "path": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "type": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "status": { "type": "object" }, "subjects": { "properties": { "apiGroup": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "kind": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "namespace": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "volumeBindingMode": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "requestReceivedTimestamp": { "type": "date" }, "requestURI": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "responseObject": { "properties": { "apiVersion": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "code": { "type": "long" }, "details": { "properties": { "group": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "kind": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "kind": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "message": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "metadata": { "properties": { "annotations": { "properties": { "control-plane": { "properties": { "alpha": { "properties": { "kubernetes": { "properties": { "io/leader": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } } } }, "kubectl": { "properties": { "kubernetes": { "properties": { "io/last-applied-configuration": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } } } }, "creationTimestamp": { "type": "date" }, "labels": { "properties": { "addonmanager": { "properties": { "kubernetes": { "properties": { "io/mode": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "k8s-addon": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "k8s-app": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "managedFields": { "properties": { "apiVersion": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "fieldsType": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "fieldsV1": { "properties": { "f:metadata": { "properties": { "f:annotations": { "properties": { "f:control-plane": { "properties": { "alpha": { "properties": { "kubernetes": { "properties": { "io/leader": { "type": "object" } } } } } } }, "f:kubectl": { "properties": { "kubernetes": { "properties": { "io/last-applied-configuration": { "type": "object" } } } } } } }, "f:labels": { "properties": { "f:addonmanager": { "properties": { "kubernetes": { "properties": { "io/mode": { "type": "object" } } } } }, "f:k8s-addon": { "type": "object" }, "f:k8s-app": { "type": "object" } } } } }, "f:roleRef": { "properties": { "f:apiGroup": { "type": "object" }, "f:kind": { "type": "object" }, "f:name": { "type": "object" } } }, "f:subjects": { "type": "object" } } }, "manager": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "operation": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "time": { "type": "date" } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "namespace": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "resourceVersion": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "selfLink": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "uid": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "reason": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "roleRef": { "properties": { "apiGroup": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "kind": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "status": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "subjects": { "properties": { "apiGroup": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "kind": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "namespace": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "responseStatus": { "properties": { "message": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "metadata": { "type": "object" }, "reason": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "status": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "source": { "properties": { "address": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "ip": { "type": "ip" } } }, "sourceIPs": { "type": "ip" }, "stage": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "stageTimestamp": { "type": "date" }, "user": { "properties": { "groups": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "uid": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "user_agent": { "properties": { "original": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "verb": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "aliases": {} } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-audit/mapping.json ================================================ { "settings" : { "number_of_replicas" : 2 }, "mappings": { "properties": { "@timestamp": { "type": "date" }, "annotations": { "properties": { "authentication": { "properties": { "k8s": { "properties": { "io/legacy-token": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "authorization": { "properties": { "k8s": { "properties": { "io/decision": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "io/reason": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "k8s": { "properties": { "io/deprecated": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "io/removed-release": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "auditID": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "cloud": { "properties": { "provider": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "service": { "properties": { "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "cloud_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "cluster_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "cluster_url": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "event": { "properties": { "category": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "dataset": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "kind": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "status": { "type": "long" } } }, "folder_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "geoip": { "properties": { "continent_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "country_iso_code": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "country_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "location": { "type": "geo_point" } } }, "level": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "objectRef": { "properties": { "apiGroup": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "apiVersion": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "namespace": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "resource": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "resourceVersion": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "subresource": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "uid": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "requestObject": { "properties": { "allowVolumeExpansion": { "type": "boolean" }, "apiVersion": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "kind": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "metadata": { "properties": { "annotations": { "properties": { "checksum/certs": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "checksum/config": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "checksum/rules": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "control-plane": { "properties": { "alpha": { "properties": { "kubernetes": { "properties": { "io/leader": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } } } }, "rbac": { "properties": { "authorization": { "properties": { "kubernetes": { "properties": { "io/autoupdate": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } } } }, "storageclass": { "properties": { "kubernetes": { "properties": { "io/is-default-class": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } } } }, "creationTimestamp": { "type": "date" }, "generateName": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "labels": { "properties": { "addonmanager": { "properties": { "kubernetes": { "properties": { "io/mode": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "app": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "controller-revision-hash": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "kubernetes": { "properties": { "io/bootstrapping": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "pod-template-generation": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "role": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "managedFields": { "properties": { "apiVersion": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "fieldsType": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "fieldsV1": { "properties": { "f:metadata": { "properties": { "f:annotations": { "properties": { "f:control-plane": { "properties": { "alpha": { "properties": { "kubernetes": { "properties": { "io/leader": { "type": "object" } } } } } } } } } } } } }, "manager": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "operation": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "time": { "type": "date" } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "namespace": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "ownerReferences": { "properties": { "apiVersion": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "blockOwnerDeletion": { "type": "boolean" }, "controller": { "type": "boolean" }, "kind": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "uid": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "resourceVersion": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "selfLink": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "uid": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "parameters": { "properties": { "csi": { "properties": { "storage": { "properties": { "k8s": { "properties": { "io/fstype": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } } } }, "type": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "provisioner": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "reclaimPolicy": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "roleRef": { "properties": { "apiGroup": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "kind": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "spec": { "properties": { "affinity": { "properties": { "nodeAffinity": { "properties": { "requiredDuringSchedulingIgnoredDuringExecution": { "properties": { "nodeSelectorTerms": { "properties": { "matchFields": { "properties": { "key": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "operator": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "values": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } } } } } } } }, "containers": { "properties": { "args": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "env": { "properties": { "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "image": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "imagePullPolicy": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "livenessProbe": { "properties": { "failureThreshold": { "type": "long" }, "httpGet": { "properties": { "path": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "port": { "type": "long" }, "scheme": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "initialDelaySeconds": { "type": "long" }, "periodSeconds": { "type": "long" }, "successThreshold": { "type": "long" }, "timeoutSeconds": { "type": "long" } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "readinessProbe": { "properties": { "failureThreshold": { "type": "long" }, "httpGet": { "properties": { "path": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "port": { "type": "long" }, "scheme": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "initialDelaySeconds": { "type": "long" }, "periodSeconds": { "type": "long" }, "successThreshold": { "type": "long" }, "timeoutSeconds": { "type": "long" } } }, "resources": { "properties": { "limits": { "properties": { "cpu": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "memory": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "requests": { "properties": { "cpu": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "memory": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "securityContext": { "properties": { "privileged": { "type": "boolean" } } }, "terminationMessagePath": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "terminationMessagePolicy": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "volumeMounts": { "properties": { "mountPath": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "readOnly": { "type": "boolean" } } } } }, "dnsPolicy": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "enableServiceLinks": { "type": "boolean" }, "hostNetwork": { "type": "boolean" }, "restartPolicy": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "schedulerName": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "securityContext": { "type": "object" }, "serviceAccount": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "serviceAccountName": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "terminationGracePeriodSeconds": { "type": "long" }, "tolerations": { "properties": { "effect": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "key": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "operator": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "volumes": { "properties": { "configMap": { "properties": { "defaultMode": { "type": "long" }, "items": { "properties": { "key": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "path": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "hostPath": { "properties": { "path": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "type": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "status": { "type": "object" }, "subjects": { "properties": { "apiGroup": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "kind": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "namespace": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "volumeBindingMode": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "requestReceivedTimestamp": { "type": "date" }, "requestURI": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "responseObject": { "properties": { "apiVersion": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "code": { "type": "long" }, "details": { "properties": { "group": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "kind": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "kind": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "message": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "metadata": { "properties": { "annotations": { "properties": { "control-plane": { "properties": { "alpha": { "properties": { "kubernetes": { "properties": { "io/leader": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } } } }, "kubectl": { "properties": { "kubernetes": { "properties": { "io/last-applied-configuration": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } } } }, "creationTimestamp": { "type": "date" }, "labels": { "properties": { "addonmanager": { "properties": { "kubernetes": { "properties": { "io/mode": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "k8s-addon": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "k8s-app": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "managedFields": { "properties": { "apiVersion": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "fieldsType": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "fieldsV1": { "properties": { "f:metadata": { "properties": { "f:annotations": { "properties": { "f:control-plane": { "properties": { "alpha": { "properties": { "kubernetes": { "properties": { "io/leader": { "type": "object" } } } } } } }, "f:kubectl": { "properties": { "kubernetes": { "properties": { "io/last-applied-configuration": { "type": "object" } } } } } } }, "f:labels": { "properties": { "f:addonmanager": { "properties": { "kubernetes": { "properties": { "io/mode": { "type": "object" } } } } }, "f:k8s-addon": { "type": "object" }, "f:k8s-app": { "type": "object" } } } } }, "f:roleRef": { "properties": { "f:apiGroup": { "type": "object" }, "f:kind": { "type": "object" }, "f:name": { "type": "object" } } }, "f:subjects": { "type": "object" } } }, "manager": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "operation": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "time": { "type": "date" } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "namespace": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "resourceVersion": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "selfLink": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "uid": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "reason": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "roleRef": { "properties": { "apiGroup": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "kind": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "status": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "subjects": { "properties": { "apiGroup": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "kind": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "namespace": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "responseStatus": { "properties": { "message": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "metadata": { "type": "object" }, "reason": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "status": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "source": { "properties": { "address": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "ip": { "type": "ip" } } }, "sourceIPs": { "type": "ip" }, "stage": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "stageTimestamp": { "type": "date" }, "user": { "properties": { "groups": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "uid": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "user_agent": { "properties": { "original": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "verb": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-audit/pipeline.json ================================================ { "description": "k8s pipeline", "processors": [ { "rename": { "field": "user.username", "target_field": "user.name", "ignore_failure": true } }, { "rename": { "field": "responseStatus.code", "target_field": "event.status", "ignore_failure": true } }, { "rename": { "field": "authentication.subject_id", "target_field": "user.id", "ignore_failure": true } }, { "rename": { "field": "annotations.authorization.k8s.io/decision", "target_field": "user.authorization", "ignore_failure": true } }, { "rename": { "field": "userAgent", "target_field": "user_agent.original", "ignore_failure": true } }, { "rename": { "field": "sourceIPs", "target_field": "source.ip", "ignore_failure": true } }, { "set": { "field": "event.kind", "value": "event", "ignore_failure": true } }, { "set": { "field": "event.category", "value": ["configuration", "iam"], "ignore_failure": true } }, { "set": { "field": "event.dataset", "value": "yandexcloud.k8s_audit_logs", "ignore_failure": true } }, { "set": { "field": "cloud.provider", "value": "yandexcloud", "ignore_failure": true } }, { "convert" : { "field" : "source.ip", "type": "ip", "ignore_failure": true } }, { "geoip" : { "field" : "source.ip", "ignore_failure": true } }, { "set": { "field": "@timestamp", "value": "{{{stageTimestamp}}}", "ignore_failure": true } }, { "set": { "field": "cloud.service.name", "value": "k8s_audit_logs", "ignore_failure": true } } ] } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-audit/search.ndjson ================================================ {"attributes":{"columns":["source.ip","requestURI","user.name","cloud_id","cluster_id","objectRef.namespace","objectRef.name","verb","responseObject.reason"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["stageTimestamp","desc"]],"title":"Search:Yandexcloud:k8s:Interesting fields","version":1},"coreMigrationVersion":"7.13.4","id":"0a358990-fcd0-11eb-b912-d99e9986f72b","migrationVersion":{"search":"7.9.3"},"references":[{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2021-08-14T08:28:04.534Z","version":"WzIxNTA2LDJd"} {"exportedCount":1,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-falco/detections.ndjson ================================================ {"id":"05bf3d70-fdb1-11eb-b912-d99e9986f72b","updated_at":"2021-08-15T10:10:31.661Z","updated_by":"admin","created_at":"2021-08-15T10:10:31.661Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:falco:delete","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:falco:delete","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"55f9b001-35a7-4a67-a9d1-09e6233e34db","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-audit*"],"query":"event.dataset : yandexcloud.k8s_audit_logs and verb : delete and objectRef.namespace.keyword: falco and objectRef.resource.keyword : daemonsets","filters":[],"saved_id":"Yandexcloud:k8s:falco:delete","throttle":"no_actions","actions":[]} {"id":"98fce720-fdae-11eb-b912-d99e9986f72b","updated_at":"2021-08-15T09:53:10.774Z","updated_by":"admin","created_at":"2021-08-15T09:53:10.774Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:falco:alerts","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:YandexCloud:k8s:falco:alerts","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qf8vrlg1hreulf6d5m.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"5489ba19-3ac0-4bde-8277-20edaa4a70ca","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-falco*"],"query":"event.dataset : yandexcloud.k8s_falco","filters":[],"saved_id":"Yandexcloud:k8s:falco:alerts","throttle":"no_actions","actions":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-falco/filters.ndjson ================================================ {"attributes":{"description":"","query":{"language":"kuery","query":"event.dataset : yandexcloud.k8s_falco"},"title":"Yandexcloud:k8s:falco:alerts"},"coreMigrationVersion":"7.13.4","id":"Yandexcloud:k8s:falco:alerts","references":[],"type":"query","updated_at":"2021-08-15T09:48:54.988Z","version":"WzU3MTA1LDJd"} {"attributes":{"description":"","query":{"language":"kuery","query":"event.dataset : yandexcloud.k8s_audit_logs and verb : delete and objectRef.namespace.keyword: falco and objectRef.resource.keyword : daemonsets"},"title":"Yandexcloud:k8s:falco:delete"},"coreMigrationVersion":"7.13.4","id":"Yandexcloud:k8s:falco:delete","references":[],"type":"query","updated_at":"2021-08-15T10:09:16.642Z","version":"WzU3OTg0LDJd"} {"exportedCount":2,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-falco/index-pattern.ndjson ================================================ {"attributes":{"fieldAttrs":"{}","fields":"[]","runtimeFieldMap":"{}","timeFieldName":"@timestamp","title":"k8s-falco*"},"coreMigrationVersion":"7.13.4","id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"type":"index-pattern","updated_at":"2021-08-15T09:43:51.394Z","version":"WzU2OTIzLDJd"} {"exportedCount":1,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-falco/index-template.json ================================================ { "index_patterns": ["k8s-falco-index*"], "template": { "settings": { "index": { "lifecycle": { "name": "k8s-falco-ilm", "rollover_alias": "k8s-falco" }, "number_of_replicas": "2" } }, "mappings": { "properties": { "@timestamp": { "type": "date" } } }, "aliases": {} } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-falco/mapping.json ================================================ { "settings" : { "number_of_replicas" : 2 }, "mappings": { "properties": { "@timestamp": { "type": "date" } } } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-falco/pipeline.json ================================================ { "description": "k8s pipeline", "processors": [ { "set": { "field": "event.kind", "value": "event", "ignore_failure": true } }, { "set": { "field": "event.category", "value": ["configuration", "iam"], "ignore_failure": true } }, { "set": { "field": "event.dataset", "value": "yandexcloud.k8s_falco", "ignore_failure": true } }, { "set": { "field": "cloud.provider", "value": "yandexcloud", "ignore_failure": true } }, { "set": { "field": "@timestamp", "value": "{{{time}}}", "ignore_failure": true } }, { "set": { "field": "cloud.service.name", "value": "falco", "ignore_failure": true } }, { "dot_expander": { "field": "k8s.ns.name", "path": "output_fields", "ignore_failure": true } }, { "rename": { "field": "output_fields.k8s.ns.name", "target_field": "objectRef.namespace", "ignore_missing": true, "ignore_failure": true } } ] } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-falco/search.ndjson ================================================ {"attributes":{"columns":["cloud_id","cluster_id","folder_id","output_fields.k8s.pod.name","priority","rule","cluster_url","objectRef.namespace"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Search:Yandexcloud:k8s:falco:Interesting fields","version":1},"coreMigrationVersion":"7.13.4","id":"ed3ba9e0-0040-11ec-aa1d-f5144cfe34d1","migrationVersion":{"search":"7.9.3"},"references":[{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2021-08-18T17:42:53.518Z","version":"WzU0NzUsMV0="} {"exportedCount":1,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-kyverno/dashboard-back2.ndjson ================================================ {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":4,\"i\":\"ac6581bb-3b07-45af-b3d6-3c3e30b7fa0e\"},\"panelIndex\":\"ac6581bb-3b07-45af-b3d6-3c3e30b7fa0e\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Filters\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":12,\"h\":6,\"i\":\"df4da863-2133-4560-82f3-5c126ac27f14\"},\"panelIndex\":\"df4da863-2133-4560-82f3-5c126ac27f14\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1628927100713\",\"fieldName\":\"cluster_id.keyword\",\"parent\":\"\",\"label\":\"k8s-cluster_id\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_df4da863-2133-4560-82f3-5c126ac27f14_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Cluster filter\"},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":4,\"w\":12,\"h\":6,\"i\":\"58adfaa4-02bd-4b64-89cc-395d6ee0f968\"},\"panelIndex\":\"58adfaa4-02bd-4b64-89cc-395d6ee0f968\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1628927314788\",\"fieldName\":\"cloud_id.keyword\",\"parent\":\"\",\"label\":\"k8s-cloud_id\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_58adfaa4-02bd-4b64-89cc-395d6ee0f968_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Cloud filter\"},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":4,\"w\":12,\"h\":6,\"i\":\"7bd8bc93-77ba-4de0-a3ff-46dfb58b9109\"},\"panelIndex\":\"7bd8bc93-77ba-4de0-a3ff-46dfb58b9109\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1629308709541\",\"fieldName\":\"folder_id.keyword\",\"parent\":\"\",\"label\":\"k8s-folder_id\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_7bd8bc93-77ba-4de0-a3ff-46dfb58b9109_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Folder filter\"},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":4,\"w\":12,\"h\":6,\"i\":\"ff5a5c53-c294-4c2b-ad00-3011d042dbcb\"},\"panelIndex\":\"ff5a5c53-c294-4c2b-ad00-3011d042dbcb\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1629308369258\",\"fieldName\":\"objectRef.namespace.keyword\",\"parent\":\"\",\"label\":\"k8s-namespace\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_ff5a5c53-c294-4c2b-ad00-3011d042dbcb_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Namespace filter\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":10,\"w\":12,\"h\":4,\"i\":\"5c09dead-7faf-4100-8f5a-7dec81dfcae3\"},\"panelIndex\":\"5c09dead-7faf-4100-8f5a-7dec81dfcae3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\":{\"columns\":{\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\":{\"label\":\"Top values of cluster_url.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cluster_url.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"76b4703c-15ec-48d9-a55f-4f8b9ad61473\":{\"label\":\"Top values of cluster_id.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cluster_id.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"95107cd5-d71c-446d-be12-9ebe860cca6c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"76b4703c-15ec-48d9-a55f-4f8b9ad61473\",\"95107cd5-d71c-446d-be12-9ebe860cca6c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\",\"groups\":[\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"76b4703c-15ec-48d9-a55f-4f8b9ad61473\"],\"metric\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"hide\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"e2434170-8807-4c59-823d-345d4f235e8d\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Go to URL\",\"config\":{\"url\":{\"template\":\"{{event.value}}\"},\"openInNewTab\":true,\"encodeUrl\":true}}}]}},\"hidePanelTitles\":false},\"title\":\"Click on Cluster - go to YC concole\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":10,\"w\":12,\"h\":4,\"i\":\"ba1c70dc-01c5-4fe3-8920-0dc8b0285e9f\"},\"panelIndex\":\"ba1c70dc-01c5-4fe3-8920-0dc8b0285e9f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\":{\"columns\":{\"95107cd5-d71c-446d-be12-9ebe860cca6c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\":{\"label\":\"Top values of cloud_id.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cloud_id.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"95107cd5-d71c-446d-be12-9ebe860cca6c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\",\"groups\":[\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\"],\"metric\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"hide\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"e2434170-8807-4c59-823d-345d4f235e8d\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Go to URL\",\"config\":{\"url\":{\"template\":\"https://console.cloud.yandex.ru/\"},\"openInNewTab\":true,\"encodeUrl\":true}}}]}},\"hidePanelTitles\":false},\"title\":\"Click on Cloud - go to YC concole\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":10,\"w\":12,\"h\":4,\"i\":\"14c3ebb9-6592-4fb5-ab34-2a8ab1e0ab04\"},\"panelIndex\":\"14c3ebb9-6592-4fb5-ab34-2a8ab1e0ab04\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\":{\"columns\":{\"57147c6c-713f-4793-865a-1d671e3f141c\":{\"label\":\"Top values of folder_id.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"folder_id.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"95107cd5-d71c-446d-be12-9ebe860cca6c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"57147c6c-713f-4793-865a-1d671e3f141c\",\"95107cd5-d71c-446d-be12-9ebe860cca6c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\",\"groups\":[\"57147c6c-713f-4793-865a-1d671e3f141c\"],\"metric\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"hide\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"e2434170-8807-4c59-823d-345d4f235e8d\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Go to URL\",\"config\":{\"url\":{\"template\":\"https://console.cloud.yandex.ru/folders/{{event.value}}\"},\"openInNewTab\":true,\"encodeUrl\":true}}}]}},\"hidePanelTitles\":false},\"title\":\"Click on Folder - go to YC concole\"},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":14,\"w\":48,\"h\":4,\"i\":\"7a112312-c097-4205-9f74-38913eae2169\"},\"panelIndex\":\"7a112312-c097-4205-9f74-38913eae2169\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":true,\"markdown\":\"Main k8s audit Events\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.14.1\",\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":15,\"i\":\"8fbf0969-9a83-426c-b42a-0e8d2a8f10c2\"},\"panelIndex\":\"8fbf0969-9a83-426c-b42a-0e8d2a8f10c2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":false,\\\"id\\\":\\\"road_map\\\"},\\\"id\\\":\\\"99115329-feb3-42c6-b426-dff8bd1e1b3a\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"type\\\":\\\"VECTOR_TILE\\\",\\\"areLabelsOnTop\\\":false},{\\\"sourceDescriptor\\\":{\\\"indexPatternId\\\":\\\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\\\",\\\"geoField\\\":\\\"geoip.location\\\",\\\"filterByMapBounds\\\":true,\\\"scalingType\\\":\\\"CLUSTERS\\\",\\\"id\\\":\\\"5728ef62-6dc0-4b27-b048-7ffda088d201\\\",\\\"type\\\":\\\"ES_SEARCH\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"tooltipProperties\\\":[],\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"topHitsSplitField\\\":\\\"\\\",\\\"topHitsSize\\\":1},\\\"id\\\":\\\"04fbaa00-b4ba-40db-b46e-8a6dd6d12d04\\\",\\\"label\\\":\\\"success-connect-from-ip\\\",\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.91,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"VECTOR\\\",\\\"properties\\\":{\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"fillColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"}},\\\"lineColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#41937c\\\"}},\\\"lineWidth\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":1}},\\\"iconSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":6}},\\\"iconOrientation\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"orientation\\\":0}},\\\"labelText\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"\\\"}},\\\"labelColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"}},\\\"labelSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":14}},\\\"labelBorderColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"}},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}}},\\\"isTimeAware\\\":true},\\\"type\\\":\\\"BLENDED_VECTOR\\\",\\\"joins\\\":[],\\\"query\\\":{\\\"query\\\":\\\"not responseStatus.status : Failure\\\",\\\"language\\\":\\\"kuery\\\"}}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.41,\\\"center\\\":{\\\"lon\\\":78.63166,\\\"lat\\\":57.21062},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15d\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"event.dataset : yandexcloud.k8s_audit_logs and source.ip : * and not responseStatus.status : Failure\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"mapCenter\":{\"lat\":57.21062,\"lon\":78.63166,\"zoom\":1.41},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{},\"hidePanelTitles\":false,\"mapBuffer\":{\"minLon\":-338.10414000000003,\"minLat\":-9.879624999999994,\"maxLon\":495.36745999999994,\"maxLat\":104.90343499999999}},\"title\":\"Connect from ip\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":10,\"i\":\"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c\"},\"panelIndex\":\"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b770c4de-625b-4d6b-9cd2-caf7372d5d6a\":{\"columns\":{\"e0074aab-0bf9-478b-94c1-f607c5dbf1be\":{\"label\":\"Top values of event.dataset.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.dataset.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"8a74805c-8582-46c0-8d53-920a919f9b59\":{\"label\":\"stageTimestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"stageTimestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"e0074aab-0bf9-478b-94c1-f607c5dbf1be\",\"8a74805c-8582-46c0-8d53-920a919f9b59\",\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"top\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b770c4de-625b-4d6b-9cd2-caf7372d5d6a\",\"accessors\":[\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"8a74805c-8582-46c0-8d53-920a919f9b59\",\"palette\":{\"type\":\"palette\",\"name\":\"temperature\"},\"splitAccessor\":\"e0074aab-0bf9-478b-94c1-f607c5dbf1be\"}]},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-b770c4de-625b-4d6b-9cd2-caf7372d5d6a\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Events-by-time\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":28,\"w\":12,\"h\":14,\"i\":\"398a8ba3-0ffc-40ee-90e1-c1547938d171\"},\"panelIndex\":\"398a8ba3-0ffc-40ee-90e1-c1547938d171\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"c76f346d-f6d6-4f9e-acb8-f5dde656e783\":{\"columns\":{\"b659aca0-0f1f-4408-8cea-1eea232bfe93\":{\"label\":\"Top values of objectRef.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"b659aca0-0f1f-4408-8cea-1eea232bfe93\",\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"c76f346d-f6d6-4f9e-acb8-f5dde656e783\",\"groups\":[\"b659aca0-0f1f-4408-8cea-1eea232bfe93\"],\"metric\":\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.namespace.keyword: kube-system and verb : create and objectRef.resource.keyword: pods and objectRef.name : * and not objectRef.name : (*calico* or *dns* or *npd* or *proxy* or *metrics* or *csi* or *masq* or *hubble*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-c76f346d-f6d6-4f9e-acb8-f5dde656e783\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Create pod in kube-system\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":14,\"i\":\"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb\"},\"panelIndex\":\"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5\":{\"columns\":{\"71c8af00-7864-4ca6-a20d-0e43a80da354\":{\"label\":\"Top values of requestObject.status.containerStatuses.image.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"requestObject.status.containerStatuses.image.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"71c8af00-7864-4ca6-a20d-0e43a80da354\",\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5\",\"groups\":[\"71c8af00-7864-4ca6-a20d-0e43a80da354\"],\"metric\":\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and not requestObject.status.containerStatuses.image.keyword: *cr.yandex/* and requestObject.status.containerStatuses.containerID : *docker* and verb : patch and not requestObject.status.containerStatuses.image.keyword: (*falco* or *openpolicyagent* or *kyverno* or *k8s.gcr.io*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Images not from YC CR\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":33,\"w\":13,\"h\":9,\"i\":\"1d2c60a9-c570-45b0-8f49-e577c74e9ce3\"},\"panelIndex\":\"1d2c60a9-c570-45b0-8f49-e577c74e9ce3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"8e37793f-a2a3-48b0-a4b5-dda752e958b9\":{\"columns\":{\"239f6c81-2f8e-43e6-94ce-e92b61c1a91a\":{\"label\":\"Current Cluster Admins\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"239f6c81-2f8e-43e6-94ce-e92b61c1a91a\",\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"239f6c81-2f8e-43e6-94ce-e92b61c1a91a\"},{\"isTransposed\":false,\"columnId\":\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\",\"hidden\":true}],\"layerId\":\"8e37793f-a2a3-48b0-a4b5-dda752e958b9\"},\"query\":{\"query\":\"user.groups.keyword: *admin*\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-8e37793f-a2a3-48b0-a4b5-dda752e958b9\"}]},\"enhancements\":{}}},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":13,\"y\":33,\"w\":11,\"h\":9,\"i\":\"4d0ab419-47d3-48bd-9e5e-93a563e20aee\"},\"panelIndex\":\"4d0ab419-47d3-48bd-9e5e-93a563e20aee\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b5bee140-5f01-4de3-9395-d279acb203dc\":{\"columns\":{\"48e660f4-62fa-4dfa-a1b4-670c9af71d59\":{\"label\":\"Top values of objectRef.resource.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.resource.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"4eda6d99-05c3-4ab8-a294-4632c9442157\":{\"label\":\"Top values of requestObject.subjects.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"requestObject.subjects.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"48e660f4-62fa-4dfa-a1b4-670c9af71d59\",\"4eda6d99-05c3-4ab8-a294-4632c9442157\",\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b5bee140-5f01-4de3-9395-d279acb203dc\",\"accessors\":[\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"48e660f4-62fa-4dfa-a1b4-670c9af71d59\",\"splitAccessor\":\"4eda6d99-05c3-4ab8-a294-4632c9442157\"}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and requestObject.roleRef.name.keyword:(cluster-admin or admin) and objectRef.resource.keyword: (clusterrolebindings or rolebindings) and verb : create and not responseObject.reason : AlreadyExists\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-b5bee140-5f01-4de3-9395-d279acb203dc\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Assign Cluster-admin/admin\"},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":42,\"w\":17,\"h\":8,\"i\":\"9e45767a-451f-48a1-b421-17738c299cd9\"},\"panelIndex\":\"9e45767a-451f-48a1-b421-17738c299cd9\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"row\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"NetworkPolicy:create/delete/update\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"cluster_id.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"split\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"verb.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and requestObject.kind.keyword: (NetworkPolicy or CiliumNetworkPolicy or DeleteOptions) and verb : (create or update or delete) and objectRef.resource : networkpolicies\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"NetworkPolicy:create/delete/update\"},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":17,\"y\":42,\"w\":17,\"h\":8,\"i\":\"7a0555be-d5f3-4aeb-9159-f48d7264d40c\"},\"panelIndex\":\"7a0555be-d5f3-4aeb-9159-f48d7264d40c\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"row\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Exec to container\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"cluster_id.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Cluster_id\"},\"schema\":\"split\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"objectRef.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.subresource.keyword: exec\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Exec to container\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":34,\"y\":42,\"w\":14,\"h\":8,\"i\":\"b6d054cd-bca1-49a6-affb-7b115b76af5a\"},\"panelIndex\":\"b6d054cd-bca1-49a6-affb-7b115b76af5a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"18ea127c-2267-4d24-9893-d3ef85942514\":{\"columns\":{\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\":{\"label\":\"Unique count of user.name.keyword\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":false},\"c94a437d-970d-4c55-89a7-499d47032bc8\":{\"label\":\"ServiceAccounts\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":15,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true}},\"columnOrder\":[\"c94a437d-970d-4c55-89a7-499d47032bc8\",\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"18ea127c-2267-4d24-9893-d3ef85942514\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\",\"hidden\":true},{\"columnId\":\"c94a437d-970d-4c55-89a7-499d47032bc8\",\"isTransposed\":false,\"alignment\":\"left\"}]},\"query\":{\"query\":\"user.name : *serviceaccount*\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:certificate-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:certificate-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:coredns\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-1\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:coredns\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:cronjob-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-2\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:cronjob-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:generic-garbage-collector\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-3\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:generic-garbage-collector\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:job-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-4\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:job-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:endpointslice-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-5\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:endpointslice-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:endpoint-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-6\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:endpoint-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:calico-node\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-7\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:calico-node\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:kube-proxy\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-8\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:kube-proxy\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":null,\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"objectRef.namespace\",\"params\":{\"query\":\"kube-system\"},\"indexRefName\":\"filter-index-pattern-9\"},\"query\":{\"match_phrase\":{\"objectRef.namespace\":\"kube-system\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:kube-dns-autoscaler\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-10\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:kube-dns-autoscaler\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:daemon-set-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-11\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:daemon-set-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:metrics-server\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-12\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:metrics-server\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:pod-garbage-collector\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-13\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:pod-garbage-collector\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:node-problem-detector\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-14\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:node-problem-detector\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:typha-cpha\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-15\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:typha-cpha\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:service-account-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-16\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:service-account-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:resourcequota-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-17\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:resourcequota-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:replicaset-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-18\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:replicaset-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:namespace-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-19\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:namespace-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:typha-cpva\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-20\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:typha-cpva\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:gatekeeper-system:gatekeeper-admin\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-21\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:gatekeeper-system:gatekeeper-admin\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:cilium-operator\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-22\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:cilium-operator\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:cilium\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-23\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:cilium\"}},\"$state\":{\"store\":\"appState\"}}]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-18ea127c-2267-4d24-9893-d3ef85942514\"},{\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-1\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-2\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-3\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-4\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-5\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-6\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-7\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-8\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-9\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-10\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-11\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-12\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-13\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-14\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-15\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-16\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-17\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-18\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-19\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-20\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-21\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-22\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-23\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"}]},\"enhancements\":{}}},{\"version\":\"7.14.1\",\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":50,\"w\":34,\"h\":9,\"i\":\"96fdb671-a668-4ffc-9ad1-792d69551764\"},\"panelIndex\":\"96fdb671-a668-4ffc-9ad1-792d69551764\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"id\\\":\\\"dark_map\\\",\\\"isAutoSelect\\\":false},\\\"id\\\":\\\"1a56b9d3-c903-4286-8d75-48b62bf38532\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"type\\\":\\\"VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"indexPatternId\\\":\\\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\\\",\\\"geoField\\\":\\\"geoip.location\\\",\\\"requestType\\\":\\\"heatmap\\\",\\\"id\\\":\\\"65583363-2a0b-40ce-bf98-40ff54ad224e\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"resolution\\\":\\\"FINE\\\"},\\\"id\\\":\\\"519e1390-4055-4be7-a5bc-537bb78eea07\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.58,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"HEATMAP\\\",\\\"colorRampName\\\":\\\"theclassic\\\"},\\\"type\\\":\\\"HEATMAP\\\"}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.45,\\\"center\\\":{\\\"lon\\\":54.04753,\\\"lat\\\":56.32976},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15d\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"event.dataset : yandexcloud.k8s_audit_logs and responseStatus.reason : Forbidden and not user.name : (system*node* or *gatekeeper* or *kyverno* or *proxy* or *scheduler* or *anonymous* or *csi* or *controller*)\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"mapCenter\":{\"lat\":56.32976,\"lon\":54.04753,\"zoom\":1.45},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{},\"mapBuffer\":{\"minLon\":-521.14941,\"minLat\":21.676450000000003,\"maxLon\":629.2444700000001,\"maxLat\":84.75865}}},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":34,\"y\":50,\"w\":14,\"h\":9,\"i\":\"bb843cd6-969c-4aae-a37c-978d2fe0bbef\"},\"panelIndex\":\"bb843cd6-969c-4aae-a37c-978d2fe0bbef\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"d401535b-665e-442b-a312-9edd3c1ebcc0\":{\"columns\":{\"61acda83-5d64-453e-9ca1-16b129cc2b42\":{\"label\":\"Top values of user.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"56667c46-e4e6-4a18-9613-12d027ca7a16\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"ece5248d-0578-44e8-b245-bc2de86f37f4\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"56667c46-e4e6-4a18-9613-12d027ca7a16\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"61acda83-5d64-453e-9ca1-16b129cc2b42\",\"ece5248d-0578-44e8-b245-bc2de86f37f4\",\"56667c46-e4e6-4a18-9613-12d027ca7a16\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"palette\":{\"type\":\"palette\",\"name\":\"gray\"},\"layerId\":\"d401535b-665e-442b-a312-9edd3c1ebcc0\",\"seriesType\":\"bar_stacked\",\"xAccessor\":\"ece5248d-0578-44e8-b245-bc2de86f37f4\",\"splitAccessor\":\"61acda83-5d64-453e-9ca1-16b129cc2b42\",\"accessors\":[\"56667c46-e4e6-4a18-9613-12d027ca7a16\"]}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseStatus.reason : Forbidden and not user.name : (system*node* or *gatekeeper* or *kyverno* or *proxy* or *scheduler* or *anonymous* or *csi* or *controller*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-d401535b-665e-442b-a312-9edd3c1ebcc0\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Unauthorized events\"},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":59,\"w\":48,\"h\":4,\"i\":\"a64da002-402b-4924-857f-80adf4045df5\"},\"panelIndex\":\"a64da002-402b-4924-857f-80adf4045df5\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Falco\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":63,\"w\":24,\"h\":15,\"i\":\"bb303e9f-9d56-4352-8271-144e10090f10\"},\"panelIndex\":\"bb303e9f-9d56-4352-8271-144e10090f10\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b5f5f904-241e-4808-929b-d6c61b0d845e\":{\"columns\":{\"0b9303c6-773b-467e-b335-c7a13beed79b\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"c2e6d82b-b390-48c0-b1ff-afbdcbe9fa2d\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"3f101617-85f4-4a62-b192-27622ceca47f\":{\"label\":\"Top values of rule.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c2e6d82b-b390-48c0-b1ff-afbdcbe9fa2d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"3f101617-85f4-4a62-b192-27622ceca47f\",\"0b9303c6-773b-467e-b335-c7a13beed79b\",\"c2e6d82b-b390-48c0-b1ff-afbdcbe9fa2d\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"title\":\"Empty XY chart\",\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b5f5f904-241e-4808-929b-d6c61b0d845e\",\"accessors\":[\"c2e6d82b-b390-48c0-b1ff-afbdcbe9fa2d\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"0b9303c6-773b-467e-b335-c7a13beed79b\",\"splitAccessor\":\"3f101617-85f4-4a62-b192-27622ceca47f\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-b5f5f904-241e-4808-929b-d6c61b0d845e\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":63,\"w\":24,\"h\":15,\"i\":\"ee4203e6-a295-4720-9d5e-e20ee2a38a2b\"},\"panelIndex\":\"ee4203e6-a295-4720-9d5e-e20ee2a38a2b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"f1fa275e-3030-4d8d-93e0-038c0ba2aee2\":{\"columns\":{\"06cc94fc-d0df-4742-a836-9d9c3c683d1d\":{\"label\":\"Top values of priority.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"priority.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1aee363d-08e6-40a3-bc0c-1a62bc0178e0\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"1aee363d-08e6-40a3-bc0c-1a62bc0178e0\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"06cc94fc-d0df-4742-a836-9d9c3c683d1d\",\"1aee363d-08e6-40a3-bc0c-1a62bc0178e0\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"f1fa275e-3030-4d8d-93e0-038c0ba2aee2\",\"groups\":[\"06cc94fc-d0df-4742-a836-9d9c3c683d1d\"],\"metric\":\"1aee363d-08e6-40a3-bc0c-1a62bc0178e0\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-f1fa275e-3030-4d8d-93e0-038c0ba2aee2\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts priority\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":78,\"w\":24,\"h\":9,\"i\":\"4122552f-ee4a-4659-8ac3-f32f5c569040\"},\"panelIndex\":\"4122552f-ee4a-4659-8ac3-f32f5c569040\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"d7e22e01-f122-4914-9497-50a6c5131ec1\":{\"columns\":{\"0d3f381e-296a-44ed-b225-d294a723e50e\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"091825e2-e58b-4fff-90ee-b40ee8f67bdb\":{\"label\":\"Top values of rule.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"0d3f381e-296a-44ed-b225-d294a723e50e\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"a1d905fd-e30d-48c0-b6b8-1524c5599846\":{\"label\":\"Top values of output_fields.k8s.pod.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"output_fields.k8s.pod.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"0d3f381e-296a-44ed-b225-d294a723e50e\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"091825e2-e58b-4fff-90ee-b40ee8f67bdb\",\"a1d905fd-e30d-48c0-b6b8-1524c5599846\",\"0d3f381e-296a-44ed-b225-d294a723e50e\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"0d3f381e-296a-44ed-b225-d294a723e50e\",\"alignment\":\"center\",\"hidden\":false},{\"columnId\":\"091825e2-e58b-4fff-90ee-b40ee8f67bdb\",\"isTransposed\":true},{\"columnId\":\"a1d905fd-e30d-48c0-b6b8-1524c5599846\",\"isTransposed\":false}],\"layerId\":\"d7e22e01-f122-4914-9497-50a6c5131ec1\"},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_falco and not objectRef.namespace: falco\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-d7e22e01-f122-4914-9497-50a6c5131ec1\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts by pods\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":78,\"w\":24,\"h\":9,\"i\":\"2f6bdfef-a904-4646-8396-7acf1c0c1e18\"},\"panelIndex\":\"2f6bdfef-a904-4646-8396-7acf1c0c1e18\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"9fa77b9a-7144-42fc-af7f-eb840de9af1d\":{\"columns\":{\"c3fdbe00-8b18-43fc-befb-259232bd760e\":{\"label\":\"Top values of objectRef.namespace.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.namespace.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"80445d9d-55cc-4e28-b821-3b5148d04bf3\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"80445d9d-55cc-4e28-b821-3b5148d04bf3\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"c3fdbe00-8b18-43fc-befb-259232bd760e\",\"80445d9d-55cc-4e28-b821-3b5148d04bf3\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"9fa77b9a-7144-42fc-af7f-eb840de9af1d\",\"groups\":[\"c3fdbe00-8b18-43fc-befb-259232bd760e\"],\"metric\":\"80445d9d-55cc-4e28-b821-3b5148d04bf3\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_falco and not objectRef.namespace: falco\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-9fa77b9a-7144-42fc-af7f-eb840de9af1d\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts by Namespaces\"},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":87,\"w\":48,\"h\":4,\"i\":\"5abb0208-9bcf-42f2-8376-ee20d8047f2a\"},\"panelIndex\":\"5abb0208-9bcf-42f2-8376-ee20d8047f2a\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Policy Engine\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":91,\"w\":5,\"h\":9,\"i\":\"78b273d8-00a9-401a-a41d-d5c337df7cbe\"},\"panelIndex\":\"78b273d8-00a9-401a-a41d-d5c337df7cbe\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":1},{\"from\":1,\"to\":1000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Kyverno-Failing-Policy_Results\"},\"schema\":\"metric\"}],\"searchSource\":{\"index\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_kyverno and Status : fail and not objectRef.namespace : \\\"falco\\\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":5,\"y\":91,\"w\":9,\"h\":9,\"i\":\"f9181782-c266-4c44-860e-dc37a48bf08f\"},\"panelIndex\":\"f9181782-c266-4c44-860e-dc37a48bf08f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"6f2deb01-002f-4a18-bee7-7968ad39a8a7\":{\"columns\":{\"443941ae-37bd-4230-a7c2-3eec6b193f37\":{\"label\":\"Top values of objectRef.namespace.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.namespace.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1708471f-d516-4b55-a792-7263d51215ba\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"1708471f-d516-4b55-a792-7263d51215ba\":{\"label\":\"Failing Policy Results per Namespace\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"443941ae-37bd-4230-a7c2-3eec6b193f37\",\"1708471f-d516-4b55-a792-7263d51215ba\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"6f2deb01-002f-4a18-bee7-7968ad39a8a7\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"443941ae-37bd-4230-a7c2-3eec6b193f37\",\"accessors\":[\"1708471f-d516-4b55-a792-7263d51215ba\"],\"yConfig\":[{\"forAccessor\":\"1708471f-d516-4b55-a792-7263d51215ba\",\"color\":\"#b64444\"}]}],\"yRightExtent\":{\"mode\":\"full\"},\"yLeftExtent\":{\"mode\":\"full\"}},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_kyverno and Status : fail and not objectRef.namespace : \\\"falco\\\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-layer-6f2deb01-002f-4a18-bee7-7968ad39a8a7\"}]},\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"opa-by-user(yc iam user get --id )\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":91,\"w\":10,\"h\":9,\"i\":\"2e60d3e4-f6f6-4666-9708-8af23008ed32\"},\"panelIndex\":\"2e60d3e4-f6f6-4666-9708-8af23008ed32\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"6f2deb01-002f-4a18-bee7-7968ad39a8a7\":{\"columns\":{\"dd5a06c0-b486-4e3f-bdc0-d39cad693a1d\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"17d76c53-d75c-4378-a22d-8918f87c31ba\":{\"label\":\"Top values of Policy.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Policy.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dd5a06c0-b486-4e3f-bdc0-d39cad693a1d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"17d76c53-d75c-4378-a22d-8918f87c31ba\",\"dd5a06c0-b486-4e3f-bdc0-d39cad693a1d\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"6f2deb01-002f-4a18-bee7-7968ad39a8a7\",\"groups\":[\"17d76c53-d75c-4378-a22d-8918f87c31ba\"],\"metric\":\"dd5a06c0-b486-4e3f-bdc0-d39cad693a1d\",\"numberDisplay\":\"value\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_kyverno and Status : fail and not objectRef.namespace : \\\"falco\\\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-layer-6f2deb01-002f-4a18-bee7-7968ad39a8a7\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Policy\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":91,\"w\":9,\"h\":9,\"i\":\"ad54fa9e-40c4-4c74-85c2-543efeef1004\"},\"panelIndex\":\"ad54fa9e-40c4-4c74-85c2-543efeef1004\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"07f20f17-d0d3-4d63-b030-7980f218c412\":{\"columns\":{\"baaec8a3-3489-431d-a70d-a7e210fa84ee\":{\"label\":\"Top values of Priority.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Priority.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"baaec8a3-3489-431d-a70d-a7e210fa84ee\",\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"07f20f17-d0d3-4d63-b030-7980f218c412\",\"groups\":[\"baaec8a3-3489-431d-a70d-a7e210fa84ee\"],\"metric\":\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_kyverno and Status : fail and not objectRef.namespace : \\\"falco\\\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-layer-07f20f17-d0d3-4d63-b030-7980f218c412\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Kyverno-Alerts-By-Priority\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":33,\"y\":91,\"w\":12,\"h\":9,\"i\":\"103ec45f-ad52-4a05-9e88-7e5fa85e42da\"},\"panelIndex\":\"103ec45f-ad52-4a05-9e88-7e5fa85e42da\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"07f20f17-d0d3-4d63-b030-7980f218c412\":{\"columns\":{\"baaec8a3-3489-431d-a70d-a7e210fa84ee\":{\"label\":\"Top values of Category.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Category.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"baaec8a3-3489-431d-a70d-a7e210fa84ee\",\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"pie\",\"layers\":[{\"layerId\":\"07f20f17-d0d3-4d63-b030-7980f218c412\",\"groups\":[\"baaec8a3-3489-431d-a70d-a7e210fa84ee\"],\"metric\":\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_kyverno and Status : fail and not objectRef.namespace : \\\"falco\\\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-layer-07f20f17-d0d3-4d63-b030-7980f218c412\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Kyverno-Alerts-By-Category\"},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":45,\"y\":91,\"w\":3,\"h\":9,\"i\":\"1ce2fc7d-64a0-494b-ab87-d8eaa6a05e66\"},\"panelIndex\":\"1ce2fc7d-64a0-494b-ab87-d8eaa6a05e66\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"goal\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"isDisplayWarning\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":1}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"rgba(105,112,125,0.2)\",\"width\":2},\"type\":\"meter\",\"style\":{\"bgFill\":\"rgba(105,112,125,0.2)\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"uiState\":{\"vis\":{\"defaultColors\":{\"0 - 1\":\"rgb(0,104,55)\"}}},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.name.keyword: kyverno-resource-validating-webhook-cfg and verb : delete \",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Kyverno delete\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":100,\"w\":24,\"h\":9,\"i\":\"52a3db41-876c-451f-9f9e-d36eba9c0e0b\"},\"panelIndex\":\"52a3db41-876c-451f-9f9e-d36eba9c0e0b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b268ea32-45f2-49ca-acc2-0f3b7663868a\":{\"columns\":{\"c9e5ace9-d76e-4864-a4f6-0ba014cbaa50\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"52595dc9-f48f-483c-af14-4507ab5edeec\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"3afd2824-24dd-47e1-8cbc-18cf80795e38\":{\"label\":\"Top values of Policy.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Policy.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c9e5ace9-d76e-4864-a4f6-0ba014cbaa50\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"3afd2824-24dd-47e1-8cbc-18cf80795e38\",\"52595dc9-f48f-483c-af14-4507ab5edeec\",\"c9e5ace9-d76e-4864-a4f6-0ba014cbaa50\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b268ea32-45f2-49ca-acc2-0f3b7663868a\",\"accessors\":[\"c9e5ace9-d76e-4864-a4f6-0ba014cbaa50\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"52595dc9-f48f-483c-af14-4507ab5edeec\",\"splitAccessor\":\"3afd2824-24dd-47e1-8cbc-18cf80795e38\"}],\"yRightExtent\":{\"mode\":\"full\"},\"yLeftExtent\":{\"mode\":\"full\"}},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_kyverno and Status : fail and not objectRef.namespace : \\\"falco\\\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-layer-b268ea32-45f2-49ca-acc2-0f3b7663868a\"}]},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Kyverno detections\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":100,\"w\":24,\"h\":9,\"i\":\"c6b6d024-0094-4079-934f-37468ec76121\"},\"panelIndex\":\"c6b6d024-0094-4079-934f-37468ec76121\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"097ddfd1-df10-4f0c-b6f6-567a5c0de7f3\":{\"columns\":{\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"01c7e1a2-1573-4188-a7d3-252a7b68e18b\":{\"label\":\"Namespace\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.namespace.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"36e53f7f-c3f7-4f32-8d81-990c83a5d5ac\":{\"label\":\"Kind\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Resource.Kind.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"0930a082-1531-4741-b9f3-fe9d1bf35cdd\":{\"label\":\"Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Resource.Name.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"91714fb8-030a-418f-a053-24a3dbe84dfd\":{\"label\":\"Policy\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Policy.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"ebaf2549-0f6e-4be9-82d7-9ec6470c5809\":{\"label\":\"Rule\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Rule.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"c29b7609-9295-49b8-8209-6c14a6a05dbb\":{\"label\":\"Severity\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Severity.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"0deef0fa-09bd-4b59-8ddb-a9c276839995\":{\"label\":\"Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Status.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"2cc8d1a4-0f0f-4132-a800-25c08979c651\":{\"label\":\"Category\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Category.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true}},\"columnOrder\":[\"01c7e1a2-1573-4188-a7d3-252a7b68e18b\",\"36e53f7f-c3f7-4f32-8d81-990c83a5d5ac\",\"0930a082-1531-4741-b9f3-fe9d1bf35cdd\",\"91714fb8-030a-418f-a053-24a3dbe84dfd\",\"ebaf2549-0f6e-4be9-82d7-9ec6470c5809\",\"c29b7609-9295-49b8-8209-6c14a6a05dbb\",\"0deef0fa-09bd-4b59-8ddb-a9c276839995\",\"2cc8d1a4-0f0f-4132-a800-25c08979c651\",\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\",\"hidden\":true},{\"columnId\":\"01c7e1a2-1573-4188-a7d3-252a7b68e18b\",\"isTransposed\":false,\"alignment\":\"left\"},{\"columnId\":\"36e53f7f-c3f7-4f32-8d81-990c83a5d5ac\",\"isTransposed\":false},{\"columnId\":\"0930a082-1531-4741-b9f3-fe9d1bf35cdd\",\"isTransposed\":false},{\"columnId\":\"91714fb8-030a-418f-a053-24a3dbe84dfd\",\"isTransposed\":false},{\"columnId\":\"ebaf2549-0f6e-4be9-82d7-9ec6470c5809\",\"isTransposed\":false},{\"columnId\":\"c29b7609-9295-49b8-8209-6c14a6a05dbb\",\"isTransposed\":false},{\"columnId\":\"0deef0fa-09bd-4b59-8ddb-a9c276839995\",\"isTransposed\":false},{\"columnId\":\"2cc8d1a4-0f0f-4132-a800-25c08979c651\",\"isTransposed\":false}],\"layerId\":\"097ddfd1-df10-4f0c-b6f6-567a5c0de7f3\"},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_kyverno and Status : fail and not objectRef.namespace : \\\"falco\\\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-layer-097ddfd1-df10-4f0c-b6f6-567a5c0de7f3\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"hidePanelTitles\":false},\"title\":\"Alerts\"},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":109,\"w\":48,\"h\":4,\"i\":\"65d3b016-7acd-4b7d-98c4-81be7dd52f6f\"},\"panelIndex\":\"65d3b016-7acd-4b7d-98c4-81be7dd52f6f\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Log Stream k8s audit\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.14.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":113,\"w\":48,\"h\":17,\"i\":\"ed79a50e-9a59-475a-8e0c-d41b0cb84acd\"},\"panelIndex\":\"ed79a50e-9a59-475a-8e0c-d41b0cb84acd\",\"embeddableConfig\":{\"enhancements\":{},\"columns\":[\"cloud_id\",\"cluster_id\",\"objectRef.namespace\",\"source.ip\",\"requestURI\",\"user.name\",\"objectRef.name\",\"verb\",\"responseObject.reason\"]},\"panelRefName\":\"panel_ed79a50e-9a59-475a-8e0c-d41b0cb84acd\"},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":130,\"w\":48,\"h\":4,\"i\":\"451d6aa9-4bfd-4990-8be4-eb9418118f68\"},\"panelIndex\":\"451d6aa9-4bfd-4990-8be4-eb9418118f68\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Log Stream Falco\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.14.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":134,\"w\":48,\"h\":14,\"i\":\"67217f20-9098-444f-abd6-89ef5f7086ba\"},\"panelIndex\":\"67217f20-9098-444f-abd6-89ef5f7086ba\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_67217f20-9098-444f-abd6-89ef5f7086ba\"},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":148,\"w\":48,\"h\":4,\"i\":\"5f09fa07-7e6b-44fd-a07b-e48ed270102e\"},\"panelIndex\":\"5f09fa07-7e6b-44fd-a07b-e48ed270102e\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Log Stream Kyverno\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.14.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":152,\"w\":48,\"h\":15,\"i\":\"d1d6f618-2694-4695-ba38-d79bbf7d2c9e\"},\"panelIndex\":\"d1d6f618-2694-4695-ba38-d79bbf7d2c9e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d1d6f618-2694-4695-ba38-d79bbf7d2c9e\"}]","timeRestore":false,"title":"k8s-dashboard-kyverno","version":1},"coreMigrationVersion":"7.14.1","id":"31794d20-1792-11ec-a10e-0d206e63071e","migrationVersion":{"dashboard":"7.14.0"},"references":[{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"df4da863-2133-4560-82f3-5c126ac27f14:control_df4da863-2133-4560-82f3-5c126ac27f14_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"58adfaa4-02bd-4b64-89cc-395d6ee0f968:control_58adfaa4-02bd-4b64-89cc-395d6ee0f968_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"7bd8bc93-77ba-4de0-a3ff-46dfb58b9109:control_7bd8bc93-77ba-4de0-a3ff-46dfb58b9109_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ff5a5c53-c294-4c2b-ad00-3011d042dbcb:control_ff5a5c53-c294-4c2b-ad00-3011d042dbcb_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"5c09dead-7faf-4100-8f5a-7dec81dfcae3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"5c09dead-7faf-4100-8f5a-7dec81dfcae3:indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ba1c70dc-01c5-4fe3-8920-0dc8b0285e9f:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ba1c70dc-01c5-4fe3-8920-0dc8b0285e9f:indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"14c3ebb9-6592-4fb5-ab34-2a8ab1e0ab04:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"14c3ebb9-6592-4fb5-ab34-2a8ab1e0ab04:indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"8fbf0969-9a83-426c-b42a-0e8d2a8f10c2:layer_1_source_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c:indexpattern-datasource-layer-b770c4de-625b-4d6b-9cd2-caf7372d5d6a","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"398a8ba3-0ffc-40ee-90e1-c1547938d171:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"398a8ba3-0ffc-40ee-90e1-c1547938d171:indexpattern-datasource-layer-c76f346d-f6d6-4f9e-acb8-f5dde656e783","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb:indexpattern-datasource-layer-f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"1d2c60a9-c570-45b0-8f49-e577c74e9ce3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"1d2c60a9-c570-45b0-8f49-e577c74e9ce3:indexpattern-datasource-layer-8e37793f-a2a3-48b0-a4b5-dda752e958b9","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"4d0ab419-47d3-48bd-9e5e-93a563e20aee:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"4d0ab419-47d3-48bd-9e5e-93a563e20aee:indexpattern-datasource-layer-b5bee140-5f01-4de3-9395-d279acb203dc","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"9e45767a-451f-48a1-b421-17738c299cd9:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"7a0555be-d5f3-4aeb-9159-f48d7264d40c:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:indexpattern-datasource-layer-18ea127c-2267-4d24-9893-d3ef85942514","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-0","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-1","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-2","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-3","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-5","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-6","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-7","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-8","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-9","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-10","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-11","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-12","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-13","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-14","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-15","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-16","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-17","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-18","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-19","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-20","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-21","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-22","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-23","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"96fdb671-a668-4ffc-9ad1-792d69551764:layer_1_source_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"bb843cd6-969c-4aae-a37c-978d2fe0bbef:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"bb843cd6-969c-4aae-a37c-978d2fe0bbef:indexpattern-datasource-layer-d401535b-665e-442b-a312-9edd3c1ebcc0","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"bb303e9f-9d56-4352-8271-144e10090f10:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"bb303e9f-9d56-4352-8271-144e10090f10:indexpattern-datasource-layer-b5f5f904-241e-4808-929b-d6c61b0d845e","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"ee4203e6-a295-4720-9d5e-e20ee2a38a2b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"ee4203e6-a295-4720-9d5e-e20ee2a38a2b:indexpattern-datasource-layer-f1fa275e-3030-4d8d-93e0-038c0ba2aee2","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"4122552f-ee4a-4659-8ac3-f32f5c569040:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"4122552f-ee4a-4659-8ac3-f32f5c569040:indexpattern-datasource-layer-d7e22e01-f122-4914-9497-50a6c5131ec1","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"2f6bdfef-a904-4646-8396-7acf1c0c1e18:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"2f6bdfef-a904-4646-8396-7acf1c0c1e18:indexpattern-datasource-layer-9fa77b9a-7144-42fc-af7f-eb840de9af1d","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"78b273d8-00a9-401a-a41d-d5c337df7cbe:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"f9181782-c266-4c44-860e-dc37a48bf08f:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"f9181782-c266-4c44-860e-dc37a48bf08f:indexpattern-datasource-layer-6f2deb01-002f-4a18-bee7-7968ad39a8a7","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"2e60d3e4-f6f6-4666-9708-8af23008ed32:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"2e60d3e4-f6f6-4666-9708-8af23008ed32:indexpattern-datasource-layer-6f2deb01-002f-4a18-bee7-7968ad39a8a7","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"ad54fa9e-40c4-4c74-85c2-543efeef1004:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"ad54fa9e-40c4-4c74-85c2-543efeef1004:indexpattern-datasource-layer-07f20f17-d0d3-4d63-b030-7980f218c412","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"103ec45f-ad52-4a05-9e88-7e5fa85e42da:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"103ec45f-ad52-4a05-9e88-7e5fa85e42da:indexpattern-datasource-layer-07f20f17-d0d3-4d63-b030-7980f218c412","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"1ce2fc7d-64a0-494b-ab87-d8eaa6a05e66:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"52a3db41-876c-451f-9f9e-d36eba9c0e0b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"52a3db41-876c-451f-9f9e-d36eba9c0e0b:indexpattern-datasource-layer-b268ea32-45f2-49ca-acc2-0f3b7663868a","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"c6b6d024-0094-4079-934f-37468ec76121:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"c6b6d024-0094-4079-934f-37468ec76121:indexpattern-datasource-layer-097ddfd1-df10-4f0c-b6f6-567a5c0de7f3","type":"index-pattern"},{"id":"0a358990-fcd0-11eb-b912-d99e9986f72b","name":"ed79a50e-9a59-475a-8e0c-d41b0cb84acd:panel_ed79a50e-9a59-475a-8e0c-d41b0cb84acd","type":"search"},{"id":"ed3ba9e0-0040-11ec-aa1d-f5144cfe34d1","name":"67217f20-9098-444f-abd6-89ef5f7086ba:panel_67217f20-9098-444f-abd6-89ef5f7086ba","type":"search"},{"id":"bf34d580-17ab-11ec-a10e-0d206e63071e","name":"d1d6f618-2694-4695-ba38-d79bbf7d2c9e:panel_d1d6f618-2694-4695-ba38-d79bbf7d2c9e","type":"search"}],"type":"dashboard","updated_at":"2021-09-18T11:41:49.974Z","version":"WzU2NzcsMV0="} {"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":1,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-kyverno/dashboard-backup.ndjson ================================================ {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":4,\"i\":\"ac6581bb-3b07-45af-b3d6-3c3e30b7fa0e\"},\"panelIndex\":\"ac6581bb-3b07-45af-b3d6-3c3e30b7fa0e\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Filters\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":12,\"h\":6,\"i\":\"df4da863-2133-4560-82f3-5c126ac27f14\"},\"panelIndex\":\"df4da863-2133-4560-82f3-5c126ac27f14\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1628927100713\",\"fieldName\":\"cluster_id.keyword\",\"parent\":\"\",\"label\":\"k8s-cluster_id\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_df4da863-2133-4560-82f3-5c126ac27f14_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Cluster filter\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":4,\"w\":12,\"h\":6,\"i\":\"58adfaa4-02bd-4b64-89cc-395d6ee0f968\"},\"panelIndex\":\"58adfaa4-02bd-4b64-89cc-395d6ee0f968\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1628927314788\",\"fieldName\":\"cloud_id.keyword\",\"parent\":\"\",\"label\":\"k8s-cloud_id\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_58adfaa4-02bd-4b64-89cc-395d6ee0f968_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Cloud filter\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":4,\"w\":12,\"h\":6,\"i\":\"7bd8bc93-77ba-4de0-a3ff-46dfb58b9109\"},\"panelIndex\":\"7bd8bc93-77ba-4de0-a3ff-46dfb58b9109\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1629308709541\",\"fieldName\":\"folder_id.keyword\",\"parent\":\"\",\"label\":\"k8s-folder_id\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_7bd8bc93-77ba-4de0-a3ff-46dfb58b9109_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Folder filter\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":4,\"w\":12,\"h\":6,\"i\":\"ff5a5c53-c294-4c2b-ad00-3011d042dbcb\"},\"panelIndex\":\"ff5a5c53-c294-4c2b-ad00-3011d042dbcb\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1629308369258\",\"fieldName\":\"objectRef.namespace.keyword\",\"parent\":\"\",\"label\":\"k8s-namespace\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_ff5a5c53-c294-4c2b-ad00-3011d042dbcb_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Namespace filter\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":10,\"w\":12,\"h\":4,\"i\":\"5c09dead-7faf-4100-8f5a-7dec81dfcae3\"},\"panelIndex\":\"5c09dead-7faf-4100-8f5a-7dec81dfcae3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\":{\"columns\":{\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\":{\"label\":\"Top values of cluster_url.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cluster_url.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"76b4703c-15ec-48d9-a55f-4f8b9ad61473\":{\"label\":\"Top values of cluster_id.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cluster_id.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"95107cd5-d71c-446d-be12-9ebe860cca6c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"76b4703c-15ec-48d9-a55f-4f8b9ad61473\",\"95107cd5-d71c-446d-be12-9ebe860cca6c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\",\"groups\":[\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"76b4703c-15ec-48d9-a55f-4f8b9ad61473\"],\"metric\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"hide\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"e2434170-8807-4c59-823d-345d4f235e8d\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Go to URL\",\"config\":{\"url\":{\"template\":\"{{event.value}}\"},\"openInNewTab\":true,\"encodeUrl\":true}}}]}},\"hidePanelTitles\":false},\"title\":\"Click on Cluster - go to YC concole\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":10,\"w\":12,\"h\":4,\"i\":\"ba1c70dc-01c5-4fe3-8920-0dc8b0285e9f\"},\"panelIndex\":\"ba1c70dc-01c5-4fe3-8920-0dc8b0285e9f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\":{\"columns\":{\"95107cd5-d71c-446d-be12-9ebe860cca6c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\":{\"label\":\"Top values of cloud_id.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cloud_id.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"95107cd5-d71c-446d-be12-9ebe860cca6c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\",\"groups\":[\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\"],\"metric\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"hide\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"e2434170-8807-4c59-823d-345d4f235e8d\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Go to URL\",\"config\":{\"url\":{\"template\":\"https://console.cloud.yandex.ru/\"},\"openInNewTab\":true,\"encodeUrl\":true}}}]}},\"hidePanelTitles\":false},\"title\":\"Click on Cloud - go to YC concole\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":10,\"w\":12,\"h\":4,\"i\":\"14c3ebb9-6592-4fb5-ab34-2a8ab1e0ab04\"},\"panelIndex\":\"14c3ebb9-6592-4fb5-ab34-2a8ab1e0ab04\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\":{\"columns\":{\"57147c6c-713f-4793-865a-1d671e3f141c\":{\"label\":\"Top values of folder_id.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"folder_id.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"95107cd5-d71c-446d-be12-9ebe860cca6c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"57147c6c-713f-4793-865a-1d671e3f141c\",\"95107cd5-d71c-446d-be12-9ebe860cca6c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\",\"groups\":[\"57147c6c-713f-4793-865a-1d671e3f141c\"],\"metric\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"hide\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"e2434170-8807-4c59-823d-345d4f235e8d\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Go to URL\",\"config\":{\"url\":{\"template\":\"https://console.cloud.yandex.ru/folders/{{event.value}}\"},\"openInNewTab\":true,\"encodeUrl\":true}}}]}},\"hidePanelTitles\":false},\"title\":\"Click on Folder - go to YC concole\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":14,\"w\":48,\"h\":4,\"i\":\"7a112312-c097-4205-9f74-38913eae2169\"},\"panelIndex\":\"7a112312-c097-4205-9f74-38913eae2169\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":true,\"markdown\":\"Main k8s audit Events\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":15,\"i\":\"8fbf0969-9a83-426c-b42a-0e8d2a8f10c2\"},\"panelIndex\":\"8fbf0969-9a83-426c-b42a-0e8d2a8f10c2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":false,\\\"id\\\":\\\"road_map\\\"},\\\"id\\\":\\\"99115329-feb3-42c6-b426-dff8bd1e1b3a\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"type\\\":\\\"VECTOR_TILE\\\",\\\"areLabelsOnTop\\\":false},{\\\"sourceDescriptor\\\":{\\\"indexPatternId\\\":\\\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\\\",\\\"geoField\\\":\\\"geoip.location\\\",\\\"filterByMapBounds\\\":true,\\\"scalingType\\\":\\\"CLUSTERS\\\",\\\"id\\\":\\\"5728ef62-6dc0-4b27-b048-7ffda088d201\\\",\\\"type\\\":\\\"ES_SEARCH\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"tooltipProperties\\\":[],\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"topHitsSplitField\\\":\\\"\\\",\\\"topHitsSize\\\":1},\\\"id\\\":\\\"04fbaa00-b4ba-40db-b46e-8a6dd6d12d04\\\",\\\"label\\\":\\\"success-connect-from-ip\\\",\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.91,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"VECTOR\\\",\\\"properties\\\":{\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"fillColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"}},\\\"lineColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#41937c\\\"}},\\\"lineWidth\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":1}},\\\"iconSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":6}},\\\"iconOrientation\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"orientation\\\":0}},\\\"labelText\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"\\\"}},\\\"labelColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"}},\\\"labelSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":14}},\\\"labelBorderColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"}},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}}},\\\"isTimeAware\\\":true},\\\"type\\\":\\\"BLENDED_VECTOR\\\",\\\"joins\\\":[],\\\"query\\\":{\\\"query\\\":\\\"not responseStatus.status : Failure\\\",\\\"language\\\":\\\"kuery\\\"}}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.41,\\\"center\\\":{\\\"lon\\\":78.63166,\\\"lat\\\":57.21062},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15d\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"event.dataset : yandexcloud.k8s_audit_logs and source.ip : * and not responseStatus.status : Failure\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"mapCenter\":{\"lat\":57.21062,\"lon\":78.63166,\"zoom\":1.41},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{},\"hidePanelTitles\":false,\"mapBuffer\":{\"minLon\":-338.10414000000003,\"minLat\":-9.879624999999994,\"maxLon\":495.36745999999994,\"maxLat\":104.90343499999999}},\"title\":\"Connect from ip\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":10,\"i\":\"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c\"},\"panelIndex\":\"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b770c4de-625b-4d6b-9cd2-caf7372d5d6a\":{\"columns\":{\"e0074aab-0bf9-478b-94c1-f607c5dbf1be\":{\"label\":\"Top values of event.dataset.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.dataset.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"8a74805c-8582-46c0-8d53-920a919f9b59\":{\"label\":\"stageTimestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"stageTimestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"e0074aab-0bf9-478b-94c1-f607c5dbf1be\",\"8a74805c-8582-46c0-8d53-920a919f9b59\",\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"top\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b770c4de-625b-4d6b-9cd2-caf7372d5d6a\",\"accessors\":[\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"8a74805c-8582-46c0-8d53-920a919f9b59\",\"palette\":{\"type\":\"palette\",\"name\":\"temperature\"},\"splitAccessor\":\"e0074aab-0bf9-478b-94c1-f607c5dbf1be\"}]},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-b770c4de-625b-4d6b-9cd2-caf7372d5d6a\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Events-by-time\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":28,\"w\":12,\"h\":14,\"i\":\"398a8ba3-0ffc-40ee-90e1-c1547938d171\"},\"panelIndex\":\"398a8ba3-0ffc-40ee-90e1-c1547938d171\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"c76f346d-f6d6-4f9e-acb8-f5dde656e783\":{\"columns\":{\"b659aca0-0f1f-4408-8cea-1eea232bfe93\":{\"label\":\"Top values of objectRef.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"b659aca0-0f1f-4408-8cea-1eea232bfe93\",\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"c76f346d-f6d6-4f9e-acb8-f5dde656e783\",\"groups\":[\"b659aca0-0f1f-4408-8cea-1eea232bfe93\"],\"metric\":\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.namespace.keyword: kube-system and verb : create and objectRef.resource.keyword: pods and objectRef.name : * and not objectRef.name : (*calico* or *dns* or *npd* or *proxy* or *metrics* or *csi* or *masq* or *hubble*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-c76f346d-f6d6-4f9e-acb8-f5dde656e783\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Create pod in kube-system\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":14,\"i\":\"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb\"},\"panelIndex\":\"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5\":{\"columns\":{\"71c8af00-7864-4ca6-a20d-0e43a80da354\":{\"label\":\"Top values of requestObject.status.containerStatuses.image.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"requestObject.status.containerStatuses.image.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"71c8af00-7864-4ca6-a20d-0e43a80da354\",\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5\",\"groups\":[\"71c8af00-7864-4ca6-a20d-0e43a80da354\"],\"metric\":\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and not requestObject.status.containerStatuses.image.keyword: *cr.yandex/* and requestObject.status.containerStatuses.containerID : *docker* and verb : patch and not requestObject.status.containerStatuses.image.keyword: (*falco* or *openpolicyagent* or *kyverno* or *k8s.gcr.io*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Images not from YC CR\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":33,\"w\":13,\"h\":9,\"i\":\"1d2c60a9-c570-45b0-8f49-e577c74e9ce3\"},\"panelIndex\":\"1d2c60a9-c570-45b0-8f49-e577c74e9ce3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"8e37793f-a2a3-48b0-a4b5-dda752e958b9\":{\"columns\":{\"239f6c81-2f8e-43e6-94ce-e92b61c1a91a\":{\"label\":\"Current Cluster Admins\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"239f6c81-2f8e-43e6-94ce-e92b61c1a91a\",\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"239f6c81-2f8e-43e6-94ce-e92b61c1a91a\"},{\"isTransposed\":false,\"columnId\":\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\",\"hidden\":true}],\"layerId\":\"8e37793f-a2a3-48b0-a4b5-dda752e958b9\"},\"query\":{\"query\":\"user.groups.keyword: *admin*\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-8e37793f-a2a3-48b0-a4b5-dda752e958b9\"}]},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":13,\"y\":33,\"w\":11,\"h\":9,\"i\":\"4d0ab419-47d3-48bd-9e5e-93a563e20aee\"},\"panelIndex\":\"4d0ab419-47d3-48bd-9e5e-93a563e20aee\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b5bee140-5f01-4de3-9395-d279acb203dc\":{\"columns\":{\"48e660f4-62fa-4dfa-a1b4-670c9af71d59\":{\"label\":\"Top values of objectRef.resource.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.resource.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"4eda6d99-05c3-4ab8-a294-4632c9442157\":{\"label\":\"Top values of requestObject.subjects.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"requestObject.subjects.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"48e660f4-62fa-4dfa-a1b4-670c9af71d59\",\"4eda6d99-05c3-4ab8-a294-4632c9442157\",\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b5bee140-5f01-4de3-9395-d279acb203dc\",\"accessors\":[\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"48e660f4-62fa-4dfa-a1b4-670c9af71d59\",\"splitAccessor\":\"4eda6d99-05c3-4ab8-a294-4632c9442157\"}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and requestObject.roleRef.name.keyword:(cluster-admin or admin) and objectRef.resource.keyword: (clusterrolebindings or rolebindings) and verb : create and not responseObject.reason : AlreadyExists\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-b5bee140-5f01-4de3-9395-d279acb203dc\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Assign Cluster-admin/admin\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":42,\"w\":17,\"h\":8,\"i\":\"9e45767a-451f-48a1-b421-17738c299cd9\"},\"panelIndex\":\"9e45767a-451f-48a1-b421-17738c299cd9\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"row\":false},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"NetworkPolicy:create/delete/update\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"cluster_id.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"split\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"verb.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and requestObject.kind.keyword: (NetworkPolicy or CiliumNetworkPolicy or DeleteOptions) and verb : (create or update or delete) and objectRef.resource : networkpolicies\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"NetworkPolicy:create/delete/update\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":17,\"y\":42,\"w\":17,\"h\":8,\"i\":\"7a0555be-d5f3-4aeb-9159-f48d7264d40c\"},\"panelIndex\":\"7a0555be-d5f3-4aeb-9159-f48d7264d40c\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"row\":false},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Exec to container\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"cluster_id.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Cluster_id\"},\"schema\":\"split\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"objectRef.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.subresource.keyword: exec\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Exec to container\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":34,\"y\":42,\"w\":14,\"h\":8,\"i\":\"b6d054cd-bca1-49a6-affb-7b115b76af5a\"},\"panelIndex\":\"b6d054cd-bca1-49a6-affb-7b115b76af5a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"18ea127c-2267-4d24-9893-d3ef85942514\":{\"columns\":{\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\":{\"label\":\"Unique count of user.name.keyword\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":false},\"c94a437d-970d-4c55-89a7-499d47032bc8\":{\"label\":\"ServiceAccounts\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":15,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true}},\"columnOrder\":[\"c94a437d-970d-4c55-89a7-499d47032bc8\",\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"18ea127c-2267-4d24-9893-d3ef85942514\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\",\"hidden\":true},{\"columnId\":\"c94a437d-970d-4c55-89a7-499d47032bc8\",\"isTransposed\":false,\"alignment\":\"left\"}]},\"query\":{\"query\":\"user.name : *serviceaccount*\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:certificate-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:certificate-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:coredns\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-1\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:coredns\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:cronjob-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-2\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:cronjob-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:generic-garbage-collector\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-3\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:generic-garbage-collector\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:job-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-4\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:job-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:endpointslice-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-5\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:endpointslice-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:endpoint-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-6\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:endpoint-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:calico-node\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-7\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:calico-node\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:kube-proxy\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-8\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:kube-proxy\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":null,\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"objectRef.namespace\",\"params\":{\"query\":\"kube-system\"},\"indexRefName\":\"filter-index-pattern-9\"},\"query\":{\"match_phrase\":{\"objectRef.namespace\":\"kube-system\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:kube-dns-autoscaler\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-10\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:kube-dns-autoscaler\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:daemon-set-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-11\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:daemon-set-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:metrics-server\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-12\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:metrics-server\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:pod-garbage-collector\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-13\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:pod-garbage-collector\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:node-problem-detector\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-14\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:node-problem-detector\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:typha-cpha\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-15\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:typha-cpha\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:service-account-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-16\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:service-account-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:resourcequota-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-17\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:resourcequota-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:replicaset-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-18\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:replicaset-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:namespace-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-19\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:namespace-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:typha-cpva\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-20\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:typha-cpva\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:gatekeeper-system:gatekeeper-admin\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-21\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:gatekeeper-system:gatekeeper-admin\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:cilium-operator\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-22\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:cilium-operator\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:cilium\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-23\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:cilium\"}},\"$state\":{\"store\":\"appState\"}}]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-18ea127c-2267-4d24-9893-d3ef85942514\"},{\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-1\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-2\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-3\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-4\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-5\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-6\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-7\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-8\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-9\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-10\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-11\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-12\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-13\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-14\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-15\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-16\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-17\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-18\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-19\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-20\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-21\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-22\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-23\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"}]},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":50,\"w\":34,\"h\":9,\"i\":\"96fdb671-a668-4ffc-9ad1-792d69551764\"},\"panelIndex\":\"96fdb671-a668-4ffc-9ad1-792d69551764\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"id\\\":\\\"dark_map\\\",\\\"isAutoSelect\\\":false},\\\"id\\\":\\\"1a56b9d3-c903-4286-8d75-48b62bf38532\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"type\\\":\\\"VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"indexPatternId\\\":\\\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\\\",\\\"geoField\\\":\\\"geoip.location\\\",\\\"requestType\\\":\\\"heatmap\\\",\\\"id\\\":\\\"65583363-2a0b-40ce-bf98-40ff54ad224e\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"resolution\\\":\\\"FINE\\\"},\\\"id\\\":\\\"519e1390-4055-4be7-a5bc-537bb78eea07\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.58,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"HEATMAP\\\",\\\"colorRampName\\\":\\\"theclassic\\\"},\\\"type\\\":\\\"HEATMAP\\\"}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.45,\\\"center\\\":{\\\"lon\\\":54.04753,\\\"lat\\\":56.32976},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15d\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"event.dataset : yandexcloud.k8s_audit_logs and responseStatus.reason : Forbidden and not user.name : (system*node* or *gatekeeper* or *kyverno* or *proxy* or *scheduler* or *anonymous* or *csi* or *controller*)\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"mapCenter\":{\"lat\":56.32976,\"lon\":54.04753,\"zoom\":1.45},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{},\"mapBuffer\":{\"minLon\":-521.14941,\"minLat\":21.676450000000003,\"maxLon\":629.2444700000001,\"maxLat\":84.75865}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":34,\"y\":50,\"w\":14,\"h\":9,\"i\":\"bb843cd6-969c-4aae-a37c-978d2fe0bbef\"},\"panelIndex\":\"bb843cd6-969c-4aae-a37c-978d2fe0bbef\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"d401535b-665e-442b-a312-9edd3c1ebcc0\":{\"columns\":{\"61acda83-5d64-453e-9ca1-16b129cc2b42\":{\"label\":\"Top values of user.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"56667c46-e4e6-4a18-9613-12d027ca7a16\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"ece5248d-0578-44e8-b245-bc2de86f37f4\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"56667c46-e4e6-4a18-9613-12d027ca7a16\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"61acda83-5d64-453e-9ca1-16b129cc2b42\",\"ece5248d-0578-44e8-b245-bc2de86f37f4\",\"56667c46-e4e6-4a18-9613-12d027ca7a16\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"palette\":{\"type\":\"palette\",\"name\":\"gray\"},\"layerId\":\"d401535b-665e-442b-a312-9edd3c1ebcc0\",\"seriesType\":\"bar_stacked\",\"xAccessor\":\"ece5248d-0578-44e8-b245-bc2de86f37f4\",\"splitAccessor\":\"61acda83-5d64-453e-9ca1-16b129cc2b42\",\"accessors\":[\"56667c46-e4e6-4a18-9613-12d027ca7a16\"]}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseStatus.reason : Forbidden and not user.name : (system*node* or *gatekeeper* or *kyverno* or *proxy* or *scheduler* or *anonymous* or *csi* or *controller*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-d401535b-665e-442b-a312-9edd3c1ebcc0\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Unauthorized events\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":59,\"w\":48,\"h\":4,\"i\":\"a64da002-402b-4924-857f-80adf4045df5\"},\"panelIndex\":\"a64da002-402b-4924-857f-80adf4045df5\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Falco\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":63,\"w\":24,\"h\":15,\"i\":\"bb303e9f-9d56-4352-8271-144e10090f10\"},\"panelIndex\":\"bb303e9f-9d56-4352-8271-144e10090f10\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b5f5f904-241e-4808-929b-d6c61b0d845e\":{\"columns\":{\"0b9303c6-773b-467e-b335-c7a13beed79b\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"c2e6d82b-b390-48c0-b1ff-afbdcbe9fa2d\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"3f101617-85f4-4a62-b192-27622ceca47f\":{\"label\":\"Top values of rule.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c2e6d82b-b390-48c0-b1ff-afbdcbe9fa2d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"3f101617-85f4-4a62-b192-27622ceca47f\",\"0b9303c6-773b-467e-b335-c7a13beed79b\",\"c2e6d82b-b390-48c0-b1ff-afbdcbe9fa2d\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"title\":\"Empty XY chart\",\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b5f5f904-241e-4808-929b-d6c61b0d845e\",\"accessors\":[\"c2e6d82b-b390-48c0-b1ff-afbdcbe9fa2d\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"0b9303c6-773b-467e-b335-c7a13beed79b\",\"splitAccessor\":\"3f101617-85f4-4a62-b192-27622ceca47f\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-b5f5f904-241e-4808-929b-d6c61b0d845e\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":63,\"w\":24,\"h\":15,\"i\":\"ee4203e6-a295-4720-9d5e-e20ee2a38a2b\"},\"panelIndex\":\"ee4203e6-a295-4720-9d5e-e20ee2a38a2b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"f1fa275e-3030-4d8d-93e0-038c0ba2aee2\":{\"columns\":{\"06cc94fc-d0df-4742-a836-9d9c3c683d1d\":{\"label\":\"Top values of priority.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"priority.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1aee363d-08e6-40a3-bc0c-1a62bc0178e0\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"1aee363d-08e6-40a3-bc0c-1a62bc0178e0\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"06cc94fc-d0df-4742-a836-9d9c3c683d1d\",\"1aee363d-08e6-40a3-bc0c-1a62bc0178e0\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"f1fa275e-3030-4d8d-93e0-038c0ba2aee2\",\"groups\":[\"06cc94fc-d0df-4742-a836-9d9c3c683d1d\"],\"metric\":\"1aee363d-08e6-40a3-bc0c-1a62bc0178e0\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-f1fa275e-3030-4d8d-93e0-038c0ba2aee2\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts priority\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":78,\"w\":24,\"h\":9,\"i\":\"4122552f-ee4a-4659-8ac3-f32f5c569040\"},\"panelIndex\":\"4122552f-ee4a-4659-8ac3-f32f5c569040\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"d7e22e01-f122-4914-9497-50a6c5131ec1\":{\"columns\":{\"0d3f381e-296a-44ed-b225-d294a723e50e\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"091825e2-e58b-4fff-90ee-b40ee8f67bdb\":{\"label\":\"Top values of rule.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"0d3f381e-296a-44ed-b225-d294a723e50e\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"a1d905fd-e30d-48c0-b6b8-1524c5599846\":{\"label\":\"Top values of output_fields.k8s.pod.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"output_fields.k8s.pod.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"0d3f381e-296a-44ed-b225-d294a723e50e\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"091825e2-e58b-4fff-90ee-b40ee8f67bdb\",\"a1d905fd-e30d-48c0-b6b8-1524c5599846\",\"0d3f381e-296a-44ed-b225-d294a723e50e\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"0d3f381e-296a-44ed-b225-d294a723e50e\",\"alignment\":\"center\",\"hidden\":false},{\"columnId\":\"091825e2-e58b-4fff-90ee-b40ee8f67bdb\",\"isTransposed\":true},{\"columnId\":\"a1d905fd-e30d-48c0-b6b8-1524c5599846\",\"isTransposed\":false}],\"layerId\":\"d7e22e01-f122-4914-9497-50a6c5131ec1\"},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_falco and not objectRef.namespace: falco\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-d7e22e01-f122-4914-9497-50a6c5131ec1\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts by pods\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":78,\"w\":24,\"h\":9,\"i\":\"2f6bdfef-a904-4646-8396-7acf1c0c1e18\"},\"panelIndex\":\"2f6bdfef-a904-4646-8396-7acf1c0c1e18\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"9fa77b9a-7144-42fc-af7f-eb840de9af1d\":{\"columns\":{\"c3fdbe00-8b18-43fc-befb-259232bd760e\":{\"label\":\"Top values of objectRef.namespace.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.namespace.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"80445d9d-55cc-4e28-b821-3b5148d04bf3\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"80445d9d-55cc-4e28-b821-3b5148d04bf3\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"c3fdbe00-8b18-43fc-befb-259232bd760e\",\"80445d9d-55cc-4e28-b821-3b5148d04bf3\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"9fa77b9a-7144-42fc-af7f-eb840de9af1d\",\"groups\":[\"c3fdbe00-8b18-43fc-befb-259232bd760e\"],\"metric\":\"80445d9d-55cc-4e28-b821-3b5148d04bf3\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_falco and not objectRef.namespace: falco\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-9fa77b9a-7144-42fc-af7f-eb840de9af1d\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts by Namespaces\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":87,\"w\":48,\"h\":4,\"i\":\"5abb0208-9bcf-42f2-8376-ee20d8047f2a\"},\"panelIndex\":\"5abb0208-9bcf-42f2-8376-ee20d8047f2a\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Policy Engine\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":91,\"w\":5,\"h\":9,\"i\":\"78b273d8-00a9-401a-a41d-d5c337df7cbe\"},\"panelIndex\":\"78b273d8-00a9-401a-a41d-d5c337df7cbe\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":1},{\"from\":1,\"to\":1000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Kyverno-Failing-Policy_Results\"},\"schema\":\"metric\"}],\"searchSource\":{\"index\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_kyverno and Status : fail\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":5,\"y\":91,\"w\":9,\"h\":9,\"i\":\"f9181782-c266-4c44-860e-dc37a48bf08f\"},\"panelIndex\":\"f9181782-c266-4c44-860e-dc37a48bf08f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"6f2deb01-002f-4a18-bee7-7968ad39a8a7\":{\"columns\":{\"443941ae-37bd-4230-a7c2-3eec6b193f37\":{\"label\":\"Top values of objectRef.namespace.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.namespace.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1708471f-d516-4b55-a792-7263d51215ba\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"1708471f-d516-4b55-a792-7263d51215ba\":{\"label\":\"Failing Policy Results per Namespace\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"443941ae-37bd-4230-a7c2-3eec6b193f37\",\"1708471f-d516-4b55-a792-7263d51215ba\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"6f2deb01-002f-4a18-bee7-7968ad39a8a7\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"443941ae-37bd-4230-a7c2-3eec6b193f37\",\"accessors\":[\"1708471f-d516-4b55-a792-7263d51215ba\"],\"yConfig\":[{\"forAccessor\":\"1708471f-d516-4b55-a792-7263d51215ba\",\"color\":\"#b64444\"}]}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_kyverno and Status : fail\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-layer-6f2deb01-002f-4a18-bee7-7968ad39a8a7\"}]},\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"opa-by-user(yc iam user get --id )\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":91,\"w\":10,\"h\":9,\"i\":\"2e60d3e4-f6f6-4666-9708-8af23008ed32\"},\"panelIndex\":\"2e60d3e4-f6f6-4666-9708-8af23008ed32\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"6f2deb01-002f-4a18-bee7-7968ad39a8a7\":{\"columns\":{\"dd5a06c0-b486-4e3f-bdc0-d39cad693a1d\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"17d76c53-d75c-4378-a22d-8918f87c31ba\":{\"label\":\"Top values of Policy.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Policy.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dd5a06c0-b486-4e3f-bdc0-d39cad693a1d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"17d76c53-d75c-4378-a22d-8918f87c31ba\",\"dd5a06c0-b486-4e3f-bdc0-d39cad693a1d\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"6f2deb01-002f-4a18-bee7-7968ad39a8a7\",\"groups\":[\"17d76c53-d75c-4378-a22d-8918f87c31ba\"],\"metric\":\"dd5a06c0-b486-4e3f-bdc0-d39cad693a1d\",\"numberDisplay\":\"value\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_kyverno and Status : fail\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-layer-6f2deb01-002f-4a18-bee7-7968ad39a8a7\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Policy\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":91,\"w\":9,\"h\":9,\"i\":\"ad54fa9e-40c4-4c74-85c2-543efeef1004\"},\"panelIndex\":\"ad54fa9e-40c4-4c74-85c2-543efeef1004\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"07f20f17-d0d3-4d63-b030-7980f218c412\":{\"columns\":{\"baaec8a3-3489-431d-a70d-a7e210fa84ee\":{\"label\":\"Top values of Priority.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Priority.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"baaec8a3-3489-431d-a70d-a7e210fa84ee\",\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"07f20f17-d0d3-4d63-b030-7980f218c412\",\"groups\":[\"baaec8a3-3489-431d-a70d-a7e210fa84ee\"],\"metric\":\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_kyverno and Status : fail\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-layer-07f20f17-d0d3-4d63-b030-7980f218c412\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Kyverno-Alerts-By-Priority\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":33,\"y\":91,\"w\":12,\"h\":9,\"i\":\"103ec45f-ad52-4a05-9e88-7e5fa85e42da\"},\"panelIndex\":\"103ec45f-ad52-4a05-9e88-7e5fa85e42da\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"07f20f17-d0d3-4d63-b030-7980f218c412\":{\"columns\":{\"baaec8a3-3489-431d-a70d-a7e210fa84ee\":{\"label\":\"Top values of Category.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Category.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"baaec8a3-3489-431d-a70d-a7e210fa84ee\",\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"pie\",\"layers\":[{\"layerId\":\"07f20f17-d0d3-4d63-b030-7980f218c412\",\"groups\":[\"baaec8a3-3489-431d-a70d-a7e210fa84ee\"],\"metric\":\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_kyverno and Status : fail\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-layer-07f20f17-d0d3-4d63-b030-7980f218c412\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Kyverno-Alerts-By-Category\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":45,\"y\":91,\"w\":3,\"h\":9,\"i\":\"1ce2fc7d-64a0-494b-ab87-d8eaa6a05e66\"},\"panelIndex\":\"1ce2fc7d-64a0-494b-ab87-d8eaa6a05e66\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"goal\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"isDisplayWarning\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":1}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"rgba(105,112,125,0.2)\",\"width\":2},\"type\":\"meter\",\"style\":{\"bgFill\":\"rgba(105,112,125,0.2)\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"uiState\":{\"vis\":{\"defaultColors\":{\"0 - 1\":\"rgb(0,104,55)\"}}},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.name.keyword: kyverno-resource-validating-webhook-cfg and verb : delete \",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Kyverno delete\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":100,\"w\":24,\"h\":9,\"i\":\"52a3db41-876c-451f-9f9e-d36eba9c0e0b\"},\"panelIndex\":\"52a3db41-876c-451f-9f9e-d36eba9c0e0b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b268ea32-45f2-49ca-acc2-0f3b7663868a\":{\"columns\":{\"c9e5ace9-d76e-4864-a4f6-0ba014cbaa50\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"52595dc9-f48f-483c-af14-4507ab5edeec\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"3afd2824-24dd-47e1-8cbc-18cf80795e38\":{\"label\":\"Top values of Policy.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Policy.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c9e5ace9-d76e-4864-a4f6-0ba014cbaa50\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"3afd2824-24dd-47e1-8cbc-18cf80795e38\",\"52595dc9-f48f-483c-af14-4507ab5edeec\",\"c9e5ace9-d76e-4864-a4f6-0ba014cbaa50\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b268ea32-45f2-49ca-acc2-0f3b7663868a\",\"accessors\":[\"c9e5ace9-d76e-4864-a4f6-0ba014cbaa50\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"52595dc9-f48f-483c-af14-4507ab5edeec\",\"splitAccessor\":\"3afd2824-24dd-47e1-8cbc-18cf80795e38\"}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_kyverno and Status : fail\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-layer-b268ea32-45f2-49ca-acc2-0f3b7663868a\"}]},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"OPA detections\"},{\"version\":\"7.13.4\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":100,\"w\":24,\"h\":9,\"i\":\"c6b6d024-0094-4079-934f-37468ec76121\"},\"panelIndex\":\"c6b6d024-0094-4079-934f-37468ec76121\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"097ddfd1-df10-4f0c-b6f6-567a5c0de7f3\":{\"columns\":{\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"01c7e1a2-1573-4188-a7d3-252a7b68e18b\":{\"label\":\"Namespace\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.namespace.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"36e53f7f-c3f7-4f32-8d81-990c83a5d5ac\":{\"label\":\"Kind\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Resource.Kind.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"0930a082-1531-4741-b9f3-fe9d1bf35cdd\":{\"label\":\"Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Resource.Name.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"91714fb8-030a-418f-a053-24a3dbe84dfd\":{\"label\":\"Policy\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Policy.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"ebaf2549-0f6e-4be9-82d7-9ec6470c5809\":{\"label\":\"Rule\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Rule.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"c29b7609-9295-49b8-8209-6c14a6a05dbb\":{\"label\":\"Severity\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Severity.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"0deef0fa-09bd-4b59-8ddb-a9c276839995\":{\"label\":\"Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Status.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"2cc8d1a4-0f0f-4132-a800-25c08979c651\":{\"label\":\"Category\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Category.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true}},\"columnOrder\":[\"01c7e1a2-1573-4188-a7d3-252a7b68e18b\",\"36e53f7f-c3f7-4f32-8d81-990c83a5d5ac\",\"0930a082-1531-4741-b9f3-fe9d1bf35cdd\",\"91714fb8-030a-418f-a053-24a3dbe84dfd\",\"ebaf2549-0f6e-4be9-82d7-9ec6470c5809\",\"c29b7609-9295-49b8-8209-6c14a6a05dbb\",\"0deef0fa-09bd-4b59-8ddb-a9c276839995\",\"2cc8d1a4-0f0f-4132-a800-25c08979c651\",\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\",\"hidden\":true},{\"columnId\":\"01c7e1a2-1573-4188-a7d3-252a7b68e18b\",\"isTransposed\":false,\"alignment\":\"left\"},{\"columnId\":\"36e53f7f-c3f7-4f32-8d81-990c83a5d5ac\",\"isTransposed\":false},{\"columnId\":\"0930a082-1531-4741-b9f3-fe9d1bf35cdd\",\"isTransposed\":false},{\"columnId\":\"91714fb8-030a-418f-a053-24a3dbe84dfd\",\"isTransposed\":false},{\"columnId\":\"ebaf2549-0f6e-4be9-82d7-9ec6470c5809\",\"isTransposed\":false},{\"columnId\":\"c29b7609-9295-49b8-8209-6c14a6a05dbb\",\"isTransposed\":false},{\"columnId\":\"0deef0fa-09bd-4b59-8ddb-a9c276839995\",\"isTransposed\":false},{\"columnId\":\"2cc8d1a4-0f0f-4132-a800-25c08979c651\",\"isTransposed\":false}],\"layerId\":\"097ddfd1-df10-4f0c-b6f6-567a5c0de7f3\"},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_kyverno and Status : fail\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-layer-097ddfd1-df10-4f0c-b6f6-567a5c0de7f3\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"hidePanelTitles\":false},\"title\":\"Alerts\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":109,\"w\":48,\"h\":4,\"i\":\"65d3b016-7acd-4b7d-98c4-81be7dd52f6f\"},\"panelIndex\":\"65d3b016-7acd-4b7d-98c4-81be7dd52f6f\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Log Stream k8s audit\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":113,\"w\":48,\"h\":17,\"i\":\"ed79a50e-9a59-475a-8e0c-d41b0cb84acd\"},\"panelIndex\":\"ed79a50e-9a59-475a-8e0c-d41b0cb84acd\",\"embeddableConfig\":{\"enhancements\":{},\"columns\":[\"cloud_id\",\"cluster_id\",\"objectRef.namespace\",\"source.ip\",\"requestURI\",\"user.name\",\"objectRef.name\",\"verb\",\"responseObject.reason\"]},\"panelRefName\":\"panel_ed79a50e-9a59-475a-8e0c-d41b0cb84acd\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":130,\"w\":48,\"h\":4,\"i\":\"451d6aa9-4bfd-4990-8be4-eb9418118f68\"},\"panelIndex\":\"451d6aa9-4bfd-4990-8be4-eb9418118f68\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Log Stream Falco\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":134,\"w\":48,\"h\":14,\"i\":\"67217f20-9098-444f-abd6-89ef5f7086ba\"},\"panelIndex\":\"67217f20-9098-444f-abd6-89ef5f7086ba\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_67217f20-9098-444f-abd6-89ef5f7086ba\"},{\"version\":\"7.13.4\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":148,\"w\":48,\"h\":4,\"i\":\"5f09fa07-7e6b-44fd-a07b-e48ed270102e\"},\"panelIndex\":\"5f09fa07-7e6b-44fd-a07b-e48ed270102e\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Log Stream Kyverno\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.13.4\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":152,\"w\":48,\"h\":15,\"i\":\"d1d6f618-2694-4695-ba38-d79bbf7d2c9e\"},\"panelIndex\":\"d1d6f618-2694-4695-ba38-d79bbf7d2c9e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d1d6f618-2694-4695-ba38-d79bbf7d2c9e\"}]","timeRestore":false,"title":"k8s-dashboard-kyverno","version":1},"coreMigrationVersion":"7.13.4","id":"31794d20-1792-11ec-a10e-0d206e63071e","migrationVersion":{"dashboard":"7.13.1"},"references":[{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"df4da863-2133-4560-82f3-5c126ac27f14:control_df4da863-2133-4560-82f3-5c126ac27f14_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"58adfaa4-02bd-4b64-89cc-395d6ee0f968:control_58adfaa4-02bd-4b64-89cc-395d6ee0f968_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"7bd8bc93-77ba-4de0-a3ff-46dfb58b9109:control_7bd8bc93-77ba-4de0-a3ff-46dfb58b9109_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ff5a5c53-c294-4c2b-ad00-3011d042dbcb:control_ff5a5c53-c294-4c2b-ad00-3011d042dbcb_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"5c09dead-7faf-4100-8f5a-7dec81dfcae3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"5c09dead-7faf-4100-8f5a-7dec81dfcae3:indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ba1c70dc-01c5-4fe3-8920-0dc8b0285e9f:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ba1c70dc-01c5-4fe3-8920-0dc8b0285e9f:indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"14c3ebb9-6592-4fb5-ab34-2a8ab1e0ab04:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"14c3ebb9-6592-4fb5-ab34-2a8ab1e0ab04:indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"8fbf0969-9a83-426c-b42a-0e8d2a8f10c2:layer_1_source_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c:indexpattern-datasource-layer-b770c4de-625b-4d6b-9cd2-caf7372d5d6a","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"398a8ba3-0ffc-40ee-90e1-c1547938d171:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"398a8ba3-0ffc-40ee-90e1-c1547938d171:indexpattern-datasource-layer-c76f346d-f6d6-4f9e-acb8-f5dde656e783","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb:indexpattern-datasource-layer-f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"1d2c60a9-c570-45b0-8f49-e577c74e9ce3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"1d2c60a9-c570-45b0-8f49-e577c74e9ce3:indexpattern-datasource-layer-8e37793f-a2a3-48b0-a4b5-dda752e958b9","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"4d0ab419-47d3-48bd-9e5e-93a563e20aee:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"4d0ab419-47d3-48bd-9e5e-93a563e20aee:indexpattern-datasource-layer-b5bee140-5f01-4de3-9395-d279acb203dc","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"9e45767a-451f-48a1-b421-17738c299cd9:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"7a0555be-d5f3-4aeb-9159-f48d7264d40c:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:indexpattern-datasource-layer-18ea127c-2267-4d24-9893-d3ef85942514","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-0","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-1","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-2","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-3","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-5","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-6","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-7","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-8","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-9","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-10","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-11","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-12","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-13","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-14","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-15","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-16","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-17","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-18","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-19","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-20","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-21","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-22","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-23","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"96fdb671-a668-4ffc-9ad1-792d69551764:layer_1_source_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"bb843cd6-969c-4aae-a37c-978d2fe0bbef:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"bb843cd6-969c-4aae-a37c-978d2fe0bbef:indexpattern-datasource-layer-d401535b-665e-442b-a312-9edd3c1ebcc0","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"bb303e9f-9d56-4352-8271-144e10090f10:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"bb303e9f-9d56-4352-8271-144e10090f10:indexpattern-datasource-layer-b5f5f904-241e-4808-929b-d6c61b0d845e","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"ee4203e6-a295-4720-9d5e-e20ee2a38a2b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"ee4203e6-a295-4720-9d5e-e20ee2a38a2b:indexpattern-datasource-layer-f1fa275e-3030-4d8d-93e0-038c0ba2aee2","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"4122552f-ee4a-4659-8ac3-f32f5c569040:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"4122552f-ee4a-4659-8ac3-f32f5c569040:indexpattern-datasource-layer-d7e22e01-f122-4914-9497-50a6c5131ec1","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"2f6bdfef-a904-4646-8396-7acf1c0c1e18:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"2f6bdfef-a904-4646-8396-7acf1c0c1e18:indexpattern-datasource-layer-9fa77b9a-7144-42fc-af7f-eb840de9af1d","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"78b273d8-00a9-401a-a41d-d5c337df7cbe:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"f9181782-c266-4c44-860e-dc37a48bf08f:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"f9181782-c266-4c44-860e-dc37a48bf08f:indexpattern-datasource-layer-6f2deb01-002f-4a18-bee7-7968ad39a8a7","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"2e60d3e4-f6f6-4666-9708-8af23008ed32:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"2e60d3e4-f6f6-4666-9708-8af23008ed32:indexpattern-datasource-layer-6f2deb01-002f-4a18-bee7-7968ad39a8a7","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"ad54fa9e-40c4-4c74-85c2-543efeef1004:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"ad54fa9e-40c4-4c74-85c2-543efeef1004:indexpattern-datasource-layer-07f20f17-d0d3-4d63-b030-7980f218c412","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"103ec45f-ad52-4a05-9e88-7e5fa85e42da:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"103ec45f-ad52-4a05-9e88-7e5fa85e42da:indexpattern-datasource-layer-07f20f17-d0d3-4d63-b030-7980f218c412","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"1ce2fc7d-64a0-494b-ab87-d8eaa6a05e66:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"52a3db41-876c-451f-9f9e-d36eba9c0e0b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"52a3db41-876c-451f-9f9e-d36eba9c0e0b:indexpattern-datasource-layer-b268ea32-45f2-49ca-acc2-0f3b7663868a","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"c6b6d024-0094-4079-934f-37468ec76121:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"c6b6d024-0094-4079-934f-37468ec76121:indexpattern-datasource-layer-097ddfd1-df10-4f0c-b6f6-567a5c0de7f3","type":"index-pattern"},{"id":"0a358990-fcd0-11eb-b912-d99e9986f72b","name":"ed79a50e-9a59-475a-8e0c-d41b0cb84acd:panel_ed79a50e-9a59-475a-8e0c-d41b0cb84acd","type":"search"},{"id":"ed3ba9e0-0040-11ec-aa1d-f5144cfe34d1","name":"67217f20-9098-444f-abd6-89ef5f7086ba:panel_67217f20-9098-444f-abd6-89ef5f7086ba","type":"search"},{"id":"bf34d580-17ab-11ec-a10e-0d206e63071e","name":"d1d6f618-2694-4695-ba38-d79bbf7d2c9e:panel_d1d6f618-2694-4695-ba38-d79bbf7d2c9e","type":"search"}],"type":"dashboard","updated_at":"2021-09-17T11:52:42.477Z","version":"WzM3NDI3OCwxXQ=="} {"exportedCount":1,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-kyverno/dashboard.ndjson ================================================ {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"syncColors\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":4,\"i\":\"ac6581bb-3b07-45af-b3d6-3c3e30b7fa0e\"},\"panelIndex\":\"ac6581bb-3b07-45af-b3d6-3c3e30b7fa0e\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Filters\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":12,\"h\":6,\"i\":\"df4da863-2133-4560-82f3-5c126ac27f14\"},\"panelIndex\":\"df4da863-2133-4560-82f3-5c126ac27f14\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1628927100713\",\"fieldName\":\"cluster_id.keyword\",\"parent\":\"\",\"label\":\"k8s-cluster_id\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_df4da863-2133-4560-82f3-5c126ac27f14_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Cluster filter\"},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":4,\"w\":12,\"h\":6,\"i\":\"58adfaa4-02bd-4b64-89cc-395d6ee0f968\"},\"panelIndex\":\"58adfaa4-02bd-4b64-89cc-395d6ee0f968\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1628927314788\",\"fieldName\":\"cloud_id.keyword\",\"parent\":\"\",\"label\":\"k8s-cloud_id\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_58adfaa4-02bd-4b64-89cc-395d6ee0f968_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Cloud filter\"},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":4,\"w\":12,\"h\":6,\"i\":\"7bd8bc93-77ba-4de0-a3ff-46dfb58b9109\"},\"panelIndex\":\"7bd8bc93-77ba-4de0-a3ff-46dfb58b9109\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1629308709541\",\"fieldName\":\"folder_id.keyword\",\"parent\":\"\",\"label\":\"k8s-folder_id\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_7bd8bc93-77ba-4de0-a3ff-46dfb58b9109_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Folder filter\"},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":4,\"w\":12,\"h\":6,\"i\":\"ff5a5c53-c294-4c2b-ad00-3011d042dbcb\"},\"panelIndex\":\"ff5a5c53-c294-4c2b-ad00-3011d042dbcb\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1629308369258\",\"fieldName\":\"objectRef.namespace.keyword\",\"parent\":\"\",\"label\":\"k8s-namespace\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_ff5a5c53-c294-4c2b-ad00-3011d042dbcb_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Namespace filter\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":10,\"w\":12,\"h\":4,\"i\":\"5c09dead-7faf-4100-8f5a-7dec81dfcae3\"},\"panelIndex\":\"5c09dead-7faf-4100-8f5a-7dec81dfcae3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\":{\"columns\":{\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\":{\"label\":\"Top values of cluster_url.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cluster_url.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"76b4703c-15ec-48d9-a55f-4f8b9ad61473\":{\"label\":\"Top values of cluster_id.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cluster_id.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"95107cd5-d71c-446d-be12-9ebe860cca6c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"76b4703c-15ec-48d9-a55f-4f8b9ad61473\",\"95107cd5-d71c-446d-be12-9ebe860cca6c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\",\"groups\":[\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"76b4703c-15ec-48d9-a55f-4f8b9ad61473\"],\"metric\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"hide\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"e2434170-8807-4c59-823d-345d4f235e8d\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Go to URL\",\"config\":{\"url\":{\"template\":\"{{event.value}}\"},\"openInNewTab\":true,\"encodeUrl\":true}}}]}},\"hidePanelTitles\":false},\"title\":\"Click on Cluster - go to YC concole\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":10,\"w\":12,\"h\":4,\"i\":\"ba1c70dc-01c5-4fe3-8920-0dc8b0285e9f\"},\"panelIndex\":\"ba1c70dc-01c5-4fe3-8920-0dc8b0285e9f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\":{\"columns\":{\"95107cd5-d71c-446d-be12-9ebe860cca6c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\":{\"label\":\"Top values of cloud_id.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"cloud_id.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"95107cd5-d71c-446d-be12-9ebe860cca6c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\",\"groups\":[\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\",\"2b8d71c3-ca49-4ab2-9315-33c0f7f9c79e\"],\"metric\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"hide\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"e2434170-8807-4c59-823d-345d4f235e8d\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Go to URL\",\"config\":{\"url\":{\"template\":\"https://console.cloud.yandex.ru/\"},\"openInNewTab\":true,\"encodeUrl\":true}}}]}},\"hidePanelTitles\":false},\"title\":\"Click on Cloud - go to YC concole\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":10,\"w\":12,\"h\":4,\"i\":\"14c3ebb9-6592-4fb5-ab34-2a8ab1e0ab04\"},\"panelIndex\":\"14c3ebb9-6592-4fb5-ab34-2a8ab1e0ab04\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\":{\"columns\":{\"57147c6c-713f-4793-865a-1d671e3f141c\":{\"label\":\"Top values of folder_id.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"folder_id.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"95107cd5-d71c-446d-be12-9ebe860cca6c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"57147c6c-713f-4793-865a-1d671e3f141c\",\"95107cd5-d71c-446d-be12-9ebe860cca6c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\",\"groups\":[\"57147c6c-713f-4793-865a-1d671e3f141c\"],\"metric\":\"95107cd5-d71c-446d-be12-9ebe860cca6c\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"hide\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"e2434170-8807-4c59-823d-345d4f235e8d\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Go to URL\",\"config\":{\"url\":{\"template\":\"https://console.cloud.yandex.ru/folders/{{event.value}}\"},\"openInNewTab\":true,\"encodeUrl\":true}}}]}},\"hidePanelTitles\":false},\"title\":\"Click on Folder - go to YC concole\"},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":14,\"w\":48,\"h\":4,\"i\":\"7a112312-c097-4205-9f74-38913eae2169\"},\"panelIndex\":\"7a112312-c097-4205-9f74-38913eae2169\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":true,\"markdown\":\"Main k8s audit Events\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.14.1\",\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":15,\"i\":\"8fbf0969-9a83-426c-b42a-0e8d2a8f10c2\"},\"panelIndex\":\"8fbf0969-9a83-426c-b42a-0e8d2a8f10c2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":false,\\\"id\\\":\\\"road_map\\\"},\\\"id\\\":\\\"99115329-feb3-42c6-b426-dff8bd1e1b3a\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"type\\\":\\\"VECTOR_TILE\\\",\\\"areLabelsOnTop\\\":false},{\\\"sourceDescriptor\\\":{\\\"indexPatternId\\\":\\\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\\\",\\\"geoField\\\":\\\"geoip.location\\\",\\\"filterByMapBounds\\\":true,\\\"scalingType\\\":\\\"CLUSTERS\\\",\\\"id\\\":\\\"5728ef62-6dc0-4b27-b048-7ffda088d201\\\",\\\"type\\\":\\\"ES_SEARCH\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"tooltipProperties\\\":[],\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"topHitsSplitField\\\":\\\"\\\",\\\"topHitsSize\\\":1},\\\"id\\\":\\\"04fbaa00-b4ba-40db-b46e-8a6dd6d12d04\\\",\\\"label\\\":\\\"success-connect-from-ip\\\",\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.91,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"VECTOR\\\",\\\"properties\\\":{\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"fillColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"}},\\\"lineColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#41937c\\\"}},\\\"lineWidth\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":1}},\\\"iconSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":6}},\\\"iconOrientation\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"orientation\\\":0}},\\\"labelText\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"\\\"}},\\\"labelColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"}},\\\"labelSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":14}},\\\"labelBorderColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"}},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}}},\\\"isTimeAware\\\":true},\\\"type\\\":\\\"BLENDED_VECTOR\\\",\\\"joins\\\":[],\\\"query\\\":{\\\"query\\\":\\\"not responseStatus.status : Failure\\\",\\\"language\\\":\\\"kuery\\\"}}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.41,\\\"center\\\":{\\\"lon\\\":78.63166,\\\"lat\\\":57.21062},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15d\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"event.dataset : yandexcloud.k8s_audit_logs and source.ip : * and not responseStatus.status : Failure\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"mapCenter\":{\"lat\":57.21062,\"lon\":78.63166,\"zoom\":1.41},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{},\"hidePanelTitles\":false,\"mapBuffer\":{\"minLon\":-338.10414000000003,\"minLat\":-9.879624999999994,\"maxLon\":495.36745999999994,\"maxLat\":104.90343499999999}},\"title\":\"Connect from ip\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":10,\"i\":\"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c\"},\"panelIndex\":\"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b770c4de-625b-4d6b-9cd2-caf7372d5d6a\":{\"columns\":{\"e0074aab-0bf9-478b-94c1-f607c5dbf1be\":{\"label\":\"Top values of event.dataset.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.dataset.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"8a74805c-8582-46c0-8d53-920a919f9b59\":{\"label\":\"stageTimestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"stageTimestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"e0074aab-0bf9-478b-94c1-f607c5dbf1be\",\"8a74805c-8582-46c0-8d53-920a919f9b59\",\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"top\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b770c4de-625b-4d6b-9cd2-caf7372d5d6a\",\"accessors\":[\"075661dc-8a85-4c07-b7c7-2a6bb6745c70\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"8a74805c-8582-46c0-8d53-920a919f9b59\",\"palette\":{\"type\":\"palette\",\"name\":\"temperature\"},\"splitAccessor\":\"e0074aab-0bf9-478b-94c1-f607c5dbf1be\"}]},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-b770c4de-625b-4d6b-9cd2-caf7372d5d6a\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Events-by-time\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":28,\"w\":12,\"h\":14,\"i\":\"398a8ba3-0ffc-40ee-90e1-c1547938d171\"},\"panelIndex\":\"398a8ba3-0ffc-40ee-90e1-c1547938d171\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"c76f346d-f6d6-4f9e-acb8-f5dde656e783\":{\"columns\":{\"b659aca0-0f1f-4408-8cea-1eea232bfe93\":{\"label\":\"Top values of objectRef.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"b659aca0-0f1f-4408-8cea-1eea232bfe93\",\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"c76f346d-f6d6-4f9e-acb8-f5dde656e783\",\"groups\":[\"b659aca0-0f1f-4408-8cea-1eea232bfe93\"],\"metric\":\"e4cb6a49-c1ea-4257-aeae-d65d1aed62f7\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.namespace.keyword: kube-system and verb : create and objectRef.resource.keyword: pods and objectRef.name : * and not objectRef.name : (*calico* or *dns* or *npd* or *proxy* or *metrics* or *csi* or *masq* or *hubble*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-c76f346d-f6d6-4f9e-acb8-f5dde656e783\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Create pod in kube-system\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":14,\"i\":\"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb\"},\"panelIndex\":\"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5\":{\"columns\":{\"71c8af00-7864-4ca6-a20d-0e43a80da354\":{\"label\":\"Top values of requestObject.status.containerStatuses.image.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"requestObject.status.containerStatuses.image.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"71c8af00-7864-4ca6-a20d-0e43a80da354\",\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5\",\"groups\":[\"71c8af00-7864-4ca6-a20d-0e43a80da354\"],\"metric\":\"1f45b75e-0ec2-4159-97e2-dd1f4f0aaf84\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and not requestObject.status.containerStatuses.image.keyword: *cr.yandex/* and requestObject.status.containerStatuses.containerID : *docker* and verb : patch and not requestObject.status.containerStatuses.image.keyword: (*falco* or *openpolicyagent* or *kyverno* or *k8s.gcr.io*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Images not from YC CR\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":33,\"w\":13,\"h\":9,\"i\":\"1d2c60a9-c570-45b0-8f49-e577c74e9ce3\"},\"panelIndex\":\"1d2c60a9-c570-45b0-8f49-e577c74e9ce3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"8e37793f-a2a3-48b0-a4b5-dda752e958b9\":{\"columns\":{\"239f6c81-2f8e-43e6-94ce-e92b61c1a91a\":{\"label\":\"Current Cluster Admins\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"239f6c81-2f8e-43e6-94ce-e92b61c1a91a\",\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"239f6c81-2f8e-43e6-94ce-e92b61c1a91a\"},{\"isTransposed\":false,\"columnId\":\"7759b675-c0f2-450e-b8d5-06e2a2c230a2\",\"hidden\":true}],\"layerId\":\"8e37793f-a2a3-48b0-a4b5-dda752e958b9\"},\"query\":{\"query\":\"user.groups.keyword: *admin*\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-8e37793f-a2a3-48b0-a4b5-dda752e958b9\"}]},\"enhancements\":{}}},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":13,\"y\":33,\"w\":11,\"h\":9,\"i\":\"4d0ab419-47d3-48bd-9e5e-93a563e20aee\"},\"panelIndex\":\"4d0ab419-47d3-48bd-9e5e-93a563e20aee\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b5bee140-5f01-4de3-9395-d279acb203dc\":{\"columns\":{\"48e660f4-62fa-4dfa-a1b4-670c9af71d59\":{\"label\":\"Top values of objectRef.resource.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.resource.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"4eda6d99-05c3-4ab8-a294-4632c9442157\":{\"label\":\"Top values of requestObject.subjects.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"requestObject.subjects.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"48e660f4-62fa-4dfa-a1b4-670c9af71d59\",\"4eda6d99-05c3-4ab8-a294-4632c9442157\",\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b5bee140-5f01-4de3-9395-d279acb203dc\",\"accessors\":[\"6dc3784e-658d-4b02-b8f6-a64e170b46f9\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"48e660f4-62fa-4dfa-a1b4-670c9af71d59\",\"splitAccessor\":\"4eda6d99-05c3-4ab8-a294-4632c9442157\"}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and requestObject.roleRef.name.keyword:(cluster-admin or admin) and objectRef.resource.keyword: (clusterrolebindings or rolebindings) and verb : create and not responseObject.reason : AlreadyExists\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-b5bee140-5f01-4de3-9395-d279acb203dc\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Assign Cluster-admin/admin\"},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":42,\"w\":17,\"h\":8,\"i\":\"9e45767a-451f-48a1-b421-17738c299cd9\"},\"panelIndex\":\"9e45767a-451f-48a1-b421-17738c299cd9\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"row\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"NetworkPolicy:create/delete/update\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"cluster_id.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"split\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"verb.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and requestObject.kind.keyword: (NetworkPolicy or CiliumNetworkPolicy or DeleteOptions) and verb : (create or update or delete) and objectRef.resource : networkpolicies\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"NetworkPolicy:create/delete/update\"},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":17,\"y\":42,\"w\":17,\"h\":8,\"i\":\"7a0555be-d5f3-4aeb-9159-f48d7264d40c\"},\"panelIndex\":\"7a0555be-d5f3-4aeb-9159-f48d7264d40c\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"row\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Exec to container\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"cluster_id.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Cluster_id\"},\"schema\":\"split\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"objectRef.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.subresource.keyword: exec\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Exec to container\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":34,\"y\":42,\"w\":14,\"h\":8,\"i\":\"b6d054cd-bca1-49a6-affb-7b115b76af5a\"},\"panelIndex\":\"b6d054cd-bca1-49a6-affb-7b115b76af5a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"18ea127c-2267-4d24-9893-d3ef85942514\":{\"columns\":{\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\":{\"label\":\"Unique count of user.name.keyword\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":false},\"c94a437d-970d-4c55-89a7-499d47032bc8\":{\"label\":\"ServiceAccounts\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":15,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true}},\"columnOrder\":[\"c94a437d-970d-4c55-89a7-499d47032bc8\",\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"layerId\":\"18ea127c-2267-4d24-9893-d3ef85942514\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"c4f2ec69-90f8-42ff-9f24-48fc0fa87a45\",\"hidden\":true},{\"columnId\":\"c94a437d-970d-4c55-89a7-499d47032bc8\",\"isTransposed\":false,\"alignment\":\"left\"}]},\"query\":{\"query\":\"user.name : *serviceaccount*\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:certificate-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:certificate-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:coredns\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-1\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:coredns\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:cronjob-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-2\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:cronjob-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:generic-garbage-collector\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-3\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:generic-garbage-collector\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:job-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-4\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:job-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:endpointslice-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-5\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:endpointslice-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:endpoint-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-6\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:endpoint-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:calico-node\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-7\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:calico-node\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:kube-proxy\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-8\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:kube-proxy\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":null,\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"objectRef.namespace\",\"params\":{\"query\":\"kube-system\"},\"indexRefName\":\"filter-index-pattern-9\"},\"query\":{\"match_phrase\":{\"objectRef.namespace\":\"kube-system\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:kube-dns-autoscaler\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-10\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:kube-dns-autoscaler\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:daemon-set-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-11\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:daemon-set-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:metrics-server\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-12\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:metrics-server\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:pod-garbage-collector\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-13\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:pod-garbage-collector\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:node-problem-detector\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-14\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:node-problem-detector\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:typha-cpha\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-15\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:typha-cpha\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:service-account-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-16\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:service-account-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:resourcequota-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-17\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:resourcequota-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:replicaset-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-18\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:replicaset-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:namespace-controller\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-19\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:namespace-controller\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:typha-cpva\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-20\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:typha-cpva\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:gatekeeper-system:gatekeeper-admin\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-21\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:gatekeeper-system:gatekeeper-admin\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:cilium-operator\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-22\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:cilium-operator\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"type\":\"phrase\",\"key\":\"user.name.keyword\",\"params\":{\"query\":\"system:serviceaccount:kube-system:cilium\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"filter-index-pattern-23\"},\"query\":{\"match_phrase\":{\"user.name.keyword\":\"system:serviceaccount:kube-system:cilium\"}},\"$state\":{\"store\":\"appState\"}}]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-18ea127c-2267-4d24-9893-d3ef85942514\"},{\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-1\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-2\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-3\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-4\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-5\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-6\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-7\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-8\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-9\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-10\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-11\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-12\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-13\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-14\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-15\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-16\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-17\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-18\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-19\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-20\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-21\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-22\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"},{\"name\":\"filter-index-pattern-23\",\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\"}]},\"enhancements\":{}}},{\"version\":\"7.14.1\",\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":50,\"w\":34,\"h\":9,\"i\":\"96fdb671-a668-4ffc-9ad1-792d69551764\"},\"panelIndex\":\"96fdb671-a668-4ffc-9ad1-792d69551764\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"id\\\":\\\"dark_map\\\",\\\"isAutoSelect\\\":false},\\\"id\\\":\\\"1a56b9d3-c903-4286-8d75-48b62bf38532\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"type\\\":\\\"VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"indexPatternId\\\":\\\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\\\",\\\"geoField\\\":\\\"geoip.location\\\",\\\"requestType\\\":\\\"heatmap\\\",\\\"id\\\":\\\"65583363-2a0b-40ce-bf98-40ff54ad224e\\\",\\\"type\\\":\\\"ES_GEO_GRID\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"metrics\\\":[{\\\"type\\\":\\\"count\\\"}],\\\"resolution\\\":\\\"FINE\\\"},\\\"id\\\":\\\"519e1390-4055-4be7-a5bc-537bb78eea07\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.58,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"HEATMAP\\\",\\\"colorRampName\\\":\\\"theclassic\\\"},\\\"type\\\":\\\"HEATMAP\\\"}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.45,\\\"center\\\":{\\\"lon\\\":54.04753,\\\"lat\\\":56.32976},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-15d\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"event.dataset : yandexcloud.k8s_audit_logs and responseStatus.reason : Forbidden and not user.name : (system*node* or *gatekeeper* or *kyverno* or *proxy* or *scheduler* or *anonymous* or *csi* or *controller*)\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"mapCenter\":{\"lat\":56.32976,\"lon\":54.04753,\"zoom\":1.45},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{},\"mapBuffer\":{\"minLon\":-521.14941,\"minLat\":21.676450000000003,\"maxLon\":629.2444700000001,\"maxLat\":84.75865}}},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":34,\"y\":50,\"w\":14,\"h\":9,\"i\":\"bb843cd6-969c-4aae-a37c-978d2fe0bbef\"},\"panelIndex\":\"bb843cd6-969c-4aae-a37c-978d2fe0bbef\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"d401535b-665e-442b-a312-9edd3c1ebcc0\":{\"columns\":{\"61acda83-5d64-453e-9ca1-16b129cc2b42\":{\"label\":\"Top values of user.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"56667c46-e4e6-4a18-9613-12d027ca7a16\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"ece5248d-0578-44e8-b245-bc2de86f37f4\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"56667c46-e4e6-4a18-9613-12d027ca7a16\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"61acda83-5d64-453e-9ca1-16b129cc2b42\",\"ece5248d-0578-44e8-b245-bc2de86f37f4\",\"56667c46-e4e6-4a18-9613-12d027ca7a16\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"palette\":{\"type\":\"palette\",\"name\":\"gray\"},\"layerId\":\"d401535b-665e-442b-a312-9edd3c1ebcc0\",\"seriesType\":\"bar_stacked\",\"xAccessor\":\"ece5248d-0578-44e8-b245-bc2de86f37f4\",\"splitAccessor\":\"61acda83-5d64-453e-9ca1-16b129cc2b42\",\"accessors\":[\"56667c46-e4e6-4a18-9613-12d027ca7a16\"]}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and responseStatus.reason : Forbidden and not user.name : (system*node* or *gatekeeper* or *kyverno* or *proxy* or *scheduler* or *anonymous* or *csi* or *controller*)\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"name\":\"indexpattern-datasource-layer-d401535b-665e-442b-a312-9edd3c1ebcc0\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Unauthorized events\"},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":59,\"w\":48,\"h\":4,\"i\":\"a64da002-402b-4924-857f-80adf4045df5\"},\"panelIndex\":\"a64da002-402b-4924-857f-80adf4045df5\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Falco\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":63,\"w\":24,\"h\":15,\"i\":\"bb303e9f-9d56-4352-8271-144e10090f10\"},\"panelIndex\":\"bb303e9f-9d56-4352-8271-144e10090f10\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b5f5f904-241e-4808-929b-d6c61b0d845e\":{\"columns\":{\"0b9303c6-773b-467e-b335-c7a13beed79b\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"c2e6d82b-b390-48c0-b1ff-afbdcbe9fa2d\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"3f101617-85f4-4a62-b192-27622ceca47f\":{\"label\":\"Top values of rule.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c2e6d82b-b390-48c0-b1ff-afbdcbe9fa2d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"3f101617-85f4-4a62-b192-27622ceca47f\",\"0b9303c6-773b-467e-b335-c7a13beed79b\",\"c2e6d82b-b390-48c0-b1ff-afbdcbe9fa2d\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"title\":\"Empty XY chart\",\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b5f5f904-241e-4808-929b-d6c61b0d845e\",\"accessors\":[\"c2e6d82b-b390-48c0-b1ff-afbdcbe9fa2d\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"0b9303c6-773b-467e-b335-c7a13beed79b\",\"splitAccessor\":\"3f101617-85f4-4a62-b192-27622ceca47f\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-b5f5f904-241e-4808-929b-d6c61b0d845e\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":63,\"w\":24,\"h\":15,\"i\":\"ee4203e6-a295-4720-9d5e-e20ee2a38a2b\"},\"panelIndex\":\"ee4203e6-a295-4720-9d5e-e20ee2a38a2b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"f1fa275e-3030-4d8d-93e0-038c0ba2aee2\":{\"columns\":{\"06cc94fc-d0df-4742-a836-9d9c3c683d1d\":{\"label\":\"Top values of priority.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"priority.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1aee363d-08e6-40a3-bc0c-1a62bc0178e0\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"1aee363d-08e6-40a3-bc0c-1a62bc0178e0\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"06cc94fc-d0df-4742-a836-9d9c3c683d1d\",\"1aee363d-08e6-40a3-bc0c-1a62bc0178e0\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"f1fa275e-3030-4d8d-93e0-038c0ba2aee2\",\"groups\":[\"06cc94fc-d0df-4742-a836-9d9c3c683d1d\"],\"metric\":\"1aee363d-08e6-40a3-bc0c-1a62bc0178e0\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-f1fa275e-3030-4d8d-93e0-038c0ba2aee2\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts priority\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":78,\"w\":24,\"h\":9,\"i\":\"4122552f-ee4a-4659-8ac3-f32f5c569040\"},\"panelIndex\":\"4122552f-ee4a-4659-8ac3-f32f5c569040\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"d7e22e01-f122-4914-9497-50a6c5131ec1\":{\"columns\":{\"0d3f381e-296a-44ed-b225-d294a723e50e\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"091825e2-e58b-4fff-90ee-b40ee8f67bdb\":{\"label\":\"Top values of rule.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"0d3f381e-296a-44ed-b225-d294a723e50e\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"a1d905fd-e30d-48c0-b6b8-1524c5599846\":{\"label\":\"Top values of output_fields.k8s.pod.name.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"output_fields.k8s.pod.name.keyword\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"0d3f381e-296a-44ed-b225-d294a723e50e\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"091825e2-e58b-4fff-90ee-b40ee8f67bdb\",\"a1d905fd-e30d-48c0-b6b8-1524c5599846\",\"0d3f381e-296a-44ed-b225-d294a723e50e\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"0d3f381e-296a-44ed-b225-d294a723e50e\",\"alignment\":\"center\",\"hidden\":false},{\"columnId\":\"091825e2-e58b-4fff-90ee-b40ee8f67bdb\",\"isTransposed\":true},{\"columnId\":\"a1d905fd-e30d-48c0-b6b8-1524c5599846\",\"isTransposed\":false}],\"layerId\":\"d7e22e01-f122-4914-9497-50a6c5131ec1\"},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_falco and not objectRef.namespace: falco\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-d7e22e01-f122-4914-9497-50a6c5131ec1\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts by pods\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":78,\"w\":24,\"h\":9,\"i\":\"2f6bdfef-a904-4646-8396-7acf1c0c1e18\"},\"panelIndex\":\"2f6bdfef-a904-4646-8396-7acf1c0c1e18\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"9fa77b9a-7144-42fc-af7f-eb840de9af1d\":{\"columns\":{\"c3fdbe00-8b18-43fc-befb-259232bd760e\":{\"label\":\"Top values of objectRef.namespace.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.namespace.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"80445d9d-55cc-4e28-b821-3b5148d04bf3\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"80445d9d-55cc-4e28-b821-3b5148d04bf3\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"c3fdbe00-8b18-43fc-befb-259232bd760e\",\"80445d9d-55cc-4e28-b821-3b5148d04bf3\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"9fa77b9a-7144-42fc-af7f-eb840de9af1d\",\"groups\":[\"c3fdbe00-8b18-43fc-befb-259232bd760e\"],\"metric\":\"80445d9d-55cc-4e28-b821-3b5148d04bf3\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_falco and not objectRef.namespace: falco\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"4c290ba0-fdad-11eb-b912-d99e9986f72b\",\"name\":\"indexpattern-datasource-layer-9fa77b9a-7144-42fc-af7f-eb840de9af1d\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Falco alerts by Namespaces\"},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":87,\"w\":48,\"h\":4,\"i\":\"5abb0208-9bcf-42f2-8376-ee20d8047f2a\"},\"panelIndex\":\"5abb0208-9bcf-42f2-8376-ee20d8047f2a\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Policy Engine\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":91,\"w\":5,\"h\":9,\"i\":\"78b273d8-00a9-401a-a41d-d5c337df7cbe\"},\"panelIndex\":\"78b273d8-00a9-401a-a41d-d5c337df7cbe\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":1},{\"from\":1,\"to\":1000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Kyverno-Failing-Policy_Results\"},\"schema\":\"metric\"}],\"searchSource\":{\"index\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_kyverno and Status : fail and not objectRef.namespace : \\\"falco\\\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":5,\"y\":91,\"w\":9,\"h\":9,\"i\":\"f9181782-c266-4c44-860e-dc37a48bf08f\"},\"panelIndex\":\"f9181782-c266-4c44-860e-dc37a48bf08f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"6f2deb01-002f-4a18-bee7-7968ad39a8a7\":{\"columns\":{\"443941ae-37bd-4230-a7c2-3eec6b193f37\":{\"label\":\"Top values of objectRef.namespace.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.namespace.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1708471f-d516-4b55-a792-7263d51215ba\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"1708471f-d516-4b55-a792-7263d51215ba\":{\"label\":\"Failing Policy Results per Namespace\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"443941ae-37bd-4230-a7c2-3eec6b193f37\",\"1708471f-d516-4b55-a792-7263d51215ba\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"6f2deb01-002f-4a18-bee7-7968ad39a8a7\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"443941ae-37bd-4230-a7c2-3eec6b193f37\",\"accessors\":[\"1708471f-d516-4b55-a792-7263d51215ba\"],\"yConfig\":[{\"forAccessor\":\"1708471f-d516-4b55-a792-7263d51215ba\",\"color\":\"#b64444\"}]}],\"yRightExtent\":{\"mode\":\"full\"},\"yLeftExtent\":{\"mode\":\"full\"}},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_kyverno and Status : fail and not objectRef.namespace : \\\"falco\\\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-layer-6f2deb01-002f-4a18-bee7-7968ad39a8a7\"}]},\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"opa-by-user(yc iam user get --id )\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":91,\"w\":10,\"h\":9,\"i\":\"2e60d3e4-f6f6-4666-9708-8af23008ed32\"},\"panelIndex\":\"2e60d3e4-f6f6-4666-9708-8af23008ed32\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"6f2deb01-002f-4a18-bee7-7968ad39a8a7\":{\"columns\":{\"dd5a06c0-b486-4e3f-bdc0-d39cad693a1d\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"17d76c53-d75c-4378-a22d-8918f87c31ba\":{\"label\":\"Top values of Policy.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Policy.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dd5a06c0-b486-4e3f-bdc0-d39cad693a1d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"17d76c53-d75c-4378-a22d-8918f87c31ba\",\"dd5a06c0-b486-4e3f-bdc0-d39cad693a1d\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"6f2deb01-002f-4a18-bee7-7968ad39a8a7\",\"groups\":[\"17d76c53-d75c-4378-a22d-8918f87c31ba\"],\"metric\":\"dd5a06c0-b486-4e3f-bdc0-d39cad693a1d\",\"numberDisplay\":\"value\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_kyverno and Status : fail and not objectRef.namespace : \\\"falco\\\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-layer-6f2deb01-002f-4a18-bee7-7968ad39a8a7\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Policy\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":91,\"w\":9,\"h\":9,\"i\":\"ad54fa9e-40c4-4c74-85c2-543efeef1004\"},\"panelIndex\":\"ad54fa9e-40c4-4c74-85c2-543efeef1004\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"07f20f17-d0d3-4d63-b030-7980f218c412\":{\"columns\":{\"baaec8a3-3489-431d-a70d-a7e210fa84ee\":{\"label\":\"Top values of Priority.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Priority.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"baaec8a3-3489-431d-a70d-a7e210fa84ee\",\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"07f20f17-d0d3-4d63-b030-7980f218c412\",\"groups\":[\"baaec8a3-3489-431d-a70d-a7e210fa84ee\"],\"metric\":\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_kyverno and Status : fail and not objectRef.namespace : \\\"falco\\\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-layer-07f20f17-d0d3-4d63-b030-7980f218c412\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Kyverno-Alerts-By-Priority\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":33,\"y\":91,\"w\":12,\"h\":9,\"i\":\"103ec45f-ad52-4a05-9e88-7e5fa85e42da\"},\"panelIndex\":\"103ec45f-ad52-4a05-9e88-7e5fa85e42da\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"07f20f17-d0d3-4d63-b030-7980f218c412\":{\"columns\":{\"baaec8a3-3489-431d-a70d-a7e210fa84ee\":{\"label\":\"Top values of Category.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Category.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"baaec8a3-3489-431d-a70d-a7e210fa84ee\",\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"pie\",\"layers\":[{\"layerId\":\"07f20f17-d0d3-4d63-b030-7980f218c412\",\"groups\":[\"baaec8a3-3489-431d-a70d-a7e210fa84ee\"],\"metric\":\"a0efc17d-8c48-4bec-83a3-05dbf24449e5\",\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_kyverno and Status : fail and not objectRef.namespace : \\\"falco\\\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-layer-07f20f17-d0d3-4d63-b030-7980f218c412\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Kyverno-Alerts-By-Category\"},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":45,\"y\":91,\"w\":3,\"h\":9,\"i\":\"1ce2fc7d-64a0-494b-ab87-d8eaa6a05e66\"},\"panelIndex\":\"1ce2fc7d-64a0-494b-ab87-d8eaa6a05e66\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"goal\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"isDisplayWarning\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":1}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"rgba(105,112,125,0.2)\",\"width\":2},\"type\":\"meter\",\"style\":{\"bgFill\":\"rgba(105,112,125,0.2)\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"uiState\":{\"vis\":{\"defaultColors\":{\"0 - 1\":\"rgb(0,104,55)\"}}},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"searchSource\":{\"index\":\"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5\",\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_audit_logs and objectRef.name.keyword: kyverno-resource-validating-webhook-cfg and verb : delete \",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Kyverno delete\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":100,\"w\":24,\"h\":9,\"i\":\"52a3db41-876c-451f-9f9e-d36eba9c0e0b\"},\"panelIndex\":\"52a3db41-876c-451f-9f9e-d36eba9c0e0b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b268ea32-45f2-49ca-acc2-0f3b7663868a\":{\"columns\":{\"c9e5ace9-d76e-4864-a4f6-0ba014cbaa50\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"52595dc9-f48f-483c-af14-4507ab5edeec\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"3afd2824-24dd-47e1-8cbc-18cf80795e38\":{\"label\":\"Top values of Policy.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Policy.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c9e5ace9-d76e-4864-a4f6-0ba014cbaa50\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"3afd2824-24dd-47e1-8cbc-18cf80795e38\",\"52595dc9-f48f-483c-af14-4507ab5edeec\",\"c9e5ace9-d76e-4864-a4f6-0ba014cbaa50\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"showSingleSeries\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"b268ea32-45f2-49ca-acc2-0f3b7663868a\",\"accessors\":[\"c9e5ace9-d76e-4864-a4f6-0ba014cbaa50\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"52595dc9-f48f-483c-af14-4507ab5edeec\",\"splitAccessor\":\"3afd2824-24dd-47e1-8cbc-18cf80795e38\"}],\"yRightExtent\":{\"mode\":\"full\"},\"yLeftExtent\":{\"mode\":\"full\"}},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_kyverno and Status : fail and not objectRef.namespace : \\\"falco\\\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-layer-b268ea32-45f2-49ca-acc2-0f3b7663868a\"}]},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Kyverno detections\"},{\"version\":\"7.14.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":100,\"w\":24,\"h\":9,\"i\":\"c6b6d024-0094-4079-934f-37468ec76121\"},\"panelIndex\":\"c6b6d024-0094-4079-934f-37468ec76121\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsDatatable\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"097ddfd1-df10-4f0c-b6f6-567a5c0de7f3\":{\"columns\":{\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"01c7e1a2-1573-4188-a7d3-252a7b68e18b\":{\"label\":\"Namespace\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"objectRef.namespace.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"36e53f7f-c3f7-4f32-8d81-990c83a5d5ac\":{\"label\":\"Kind\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Resource.Kind.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"0930a082-1531-4741-b9f3-fe9d1bf35cdd\":{\"label\":\"Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Resource.Name.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"91714fb8-030a-418f-a053-24a3dbe84dfd\":{\"label\":\"Policy\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Policy.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"ebaf2549-0f6e-4be9-82d7-9ec6470c5809\":{\"label\":\"Rule\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Rule.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"c29b7609-9295-49b8-8209-6c14a6a05dbb\":{\"label\":\"Severity\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Severity.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"0deef0fa-09bd-4b59-8ddb-a9c276839995\":{\"label\":\"Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Status.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"2cc8d1a4-0f0f-4132-a800-25c08979c651\":{\"label\":\"Category\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"Category.keyword\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true}},\"columnOrder\":[\"01c7e1a2-1573-4188-a7d3-252a7b68e18b\",\"36e53f7f-c3f7-4f32-8d81-990c83a5d5ac\",\"0930a082-1531-4741-b9f3-fe9d1bf35cdd\",\"91714fb8-030a-418f-a053-24a3dbe84dfd\",\"ebaf2549-0f6e-4be9-82d7-9ec6470c5809\",\"c29b7609-9295-49b8-8209-6c14a6a05dbb\",\"0deef0fa-09bd-4b59-8ddb-a9c276839995\",\"2cc8d1a4-0f0f-4132-a800-25c08979c651\",\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"af87e1ca-f893-4c79-8d8b-7cac33180b4c\",\"hidden\":true},{\"columnId\":\"01c7e1a2-1573-4188-a7d3-252a7b68e18b\",\"isTransposed\":false,\"alignment\":\"left\"},{\"columnId\":\"36e53f7f-c3f7-4f32-8d81-990c83a5d5ac\",\"isTransposed\":false},{\"columnId\":\"0930a082-1531-4741-b9f3-fe9d1bf35cdd\",\"isTransposed\":false},{\"columnId\":\"91714fb8-030a-418f-a053-24a3dbe84dfd\",\"isTransposed\":false},{\"columnId\":\"ebaf2549-0f6e-4be9-82d7-9ec6470c5809\",\"isTransposed\":false},{\"columnId\":\"c29b7609-9295-49b8-8209-6c14a6a05dbb\",\"isTransposed\":false},{\"columnId\":\"0deef0fa-09bd-4b59-8ddb-a9c276839995\",\"isTransposed\":false},{\"columnId\":\"2cc8d1a4-0f0f-4132-a800-25c08979c651\",\"isTransposed\":false}],\"layerId\":\"097ddfd1-df10-4f0c-b6f6-567a5c0de7f3\"},\"query\":{\"query\":\"event.dataset : yandexcloud.k8s_kyverno and Status : fail and not objectRef.namespace : \\\"falco\\\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"38774430-1722-11ec-a10e-0d206e63071e\",\"name\":\"indexpattern-datasource-layer-097ddfd1-df10-4f0c-b6f6-567a5c0de7f3\"}]},\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"hidePanelTitles\":false},\"title\":\"Alerts\"},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":109,\"w\":48,\"h\":4,\"i\":\"65d3b016-7acd-4b7d-98c4-81be7dd52f6f\"},\"panelIndex\":\"65d3b016-7acd-4b7d-98c4-81be7dd52f6f\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Log Stream k8s audit\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.14.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":113,\"w\":48,\"h\":17,\"i\":\"ed79a50e-9a59-475a-8e0c-d41b0cb84acd\"},\"panelIndex\":\"ed79a50e-9a59-475a-8e0c-d41b0cb84acd\",\"embeddableConfig\":{\"enhancements\":{},\"columns\":[\"cloud_id\",\"cluster_id\",\"objectRef.namespace\",\"source.ip\",\"requestURI\",\"user.name\",\"objectRef.name\",\"verb\",\"responseObject.reason\"]},\"panelRefName\":\"panel_ed79a50e-9a59-475a-8e0c-d41b0cb84acd\"},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":130,\"w\":48,\"h\":4,\"i\":\"451d6aa9-4bfd-4990-8be4-eb9418118f68\"},\"panelIndex\":\"451d6aa9-4bfd-4990-8be4-eb9418118f68\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Log Stream Falco\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.14.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":134,\"w\":48,\"h\":14,\"i\":\"67217f20-9098-444f-abd6-89ef5f7086ba\"},\"panelIndex\":\"67217f20-9098-444f-abd6-89ef5f7086ba\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_67217f20-9098-444f-abd6-89ef5f7086ba\"},{\"version\":\"7.14.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":148,\"w\":48,\"h\":4,\"i\":\"5f09fa07-7e6b-44fd-a07b-e48ed270102e\"},\"panelIndex\":\"5f09fa07-7e6b-44fd-a07b-e48ed270102e\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":21,\"openLinksInNewTab\":false,\"markdown\":\"Log Stream Kyverno\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"7.14.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":152,\"w\":48,\"h\":15,\"i\":\"d1d6f618-2694-4695-ba38-d79bbf7d2c9e\"},\"panelIndex\":\"d1d6f618-2694-4695-ba38-d79bbf7d2c9e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d1d6f618-2694-4695-ba38-d79bbf7d2c9e\"}]","timeRestore":false,"title":"k8s-dashboard-kyverno","version":1},"coreMigrationVersion":"7.14.1","id":"31794d20-1792-11ec-a10e-0d206e63071e","migrationVersion":{"dashboard":"7.14.0"},"references":[{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"df4da863-2133-4560-82f3-5c126ac27f14:control_df4da863-2133-4560-82f3-5c126ac27f14_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"58adfaa4-02bd-4b64-89cc-395d6ee0f968:control_58adfaa4-02bd-4b64-89cc-395d6ee0f968_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"7bd8bc93-77ba-4de0-a3ff-46dfb58b9109:control_7bd8bc93-77ba-4de0-a3ff-46dfb58b9109_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ff5a5c53-c294-4c2b-ad00-3011d042dbcb:control_ff5a5c53-c294-4c2b-ad00-3011d042dbcb_0_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"5c09dead-7faf-4100-8f5a-7dec81dfcae3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"5c09dead-7faf-4100-8f5a-7dec81dfcae3:indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ba1c70dc-01c5-4fe3-8920-0dc8b0285e9f:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"ba1c70dc-01c5-4fe3-8920-0dc8b0285e9f:indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"14c3ebb9-6592-4fb5-ab34-2a8ab1e0ab04:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"14c3ebb9-6592-4fb5-ab34-2a8ab1e0ab04:indexpattern-datasource-layer-a9cdd464-b2ee-4c71-978e-8dc871e9a4f4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"8fbf0969-9a83-426c-b42a-0e8d2a8f10c2:layer_1_source_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"d36f938f-5c6a-4fa4-bc28-812f4bf74f9c:indexpattern-datasource-layer-b770c4de-625b-4d6b-9cd2-caf7372d5d6a","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"398a8ba3-0ffc-40ee-90e1-c1547938d171:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"398a8ba3-0ffc-40ee-90e1-c1547938d171:indexpattern-datasource-layer-c76f346d-f6d6-4f9e-acb8-f5dde656e783","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"3e2f27b5-f148-4c2b-9c36-ccdb2b49bbcb:indexpattern-datasource-layer-f72786b2-64b8-4e0e-a0c9-5c1c2e2ba3d5","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"1d2c60a9-c570-45b0-8f49-e577c74e9ce3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"1d2c60a9-c570-45b0-8f49-e577c74e9ce3:indexpattern-datasource-layer-8e37793f-a2a3-48b0-a4b5-dda752e958b9","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"4d0ab419-47d3-48bd-9e5e-93a563e20aee:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"4d0ab419-47d3-48bd-9e5e-93a563e20aee:indexpattern-datasource-layer-b5bee140-5f01-4de3-9395-d279acb203dc","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"9e45767a-451f-48a1-b421-17738c299cd9:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"7a0555be-d5f3-4aeb-9159-f48d7264d40c:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:indexpattern-datasource-layer-18ea127c-2267-4d24-9893-d3ef85942514","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-0","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-1","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-2","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-3","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-4","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-5","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-6","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-7","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-8","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-9","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-10","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-11","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-12","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-13","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-14","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-15","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-16","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-17","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-18","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-19","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-20","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-21","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-22","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"b6d054cd-bca1-49a6-affb-7b115b76af5a:filter-index-pattern-23","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"96fdb671-a668-4ffc-9ad1-792d69551764:layer_1_source_index_pattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"bb843cd6-969c-4aae-a37c-978d2fe0bbef:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"bb843cd6-969c-4aae-a37c-978d2fe0bbef:indexpattern-datasource-layer-d401535b-665e-442b-a312-9edd3c1ebcc0","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"bb303e9f-9d56-4352-8271-144e10090f10:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"bb303e9f-9d56-4352-8271-144e10090f10:indexpattern-datasource-layer-b5f5f904-241e-4808-929b-d6c61b0d845e","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"ee4203e6-a295-4720-9d5e-e20ee2a38a2b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"ee4203e6-a295-4720-9d5e-e20ee2a38a2b:indexpattern-datasource-layer-f1fa275e-3030-4d8d-93e0-038c0ba2aee2","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"4122552f-ee4a-4659-8ac3-f32f5c569040:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"4122552f-ee4a-4659-8ac3-f32f5c569040:indexpattern-datasource-layer-d7e22e01-f122-4914-9497-50a6c5131ec1","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"2f6bdfef-a904-4646-8396-7acf1c0c1e18:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"4c290ba0-fdad-11eb-b912-d99e9986f72b","name":"2f6bdfef-a904-4646-8396-7acf1c0c1e18:indexpattern-datasource-layer-9fa77b9a-7144-42fc-af7f-eb840de9af1d","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"78b273d8-00a9-401a-a41d-d5c337df7cbe:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"f9181782-c266-4c44-860e-dc37a48bf08f:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"f9181782-c266-4c44-860e-dc37a48bf08f:indexpattern-datasource-layer-6f2deb01-002f-4a18-bee7-7968ad39a8a7","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"2e60d3e4-f6f6-4666-9708-8af23008ed32:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"2e60d3e4-f6f6-4666-9708-8af23008ed32:indexpattern-datasource-layer-6f2deb01-002f-4a18-bee7-7968ad39a8a7","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"ad54fa9e-40c4-4c74-85c2-543efeef1004:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"ad54fa9e-40c4-4c74-85c2-543efeef1004:indexpattern-datasource-layer-07f20f17-d0d3-4d63-b030-7980f218c412","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"103ec45f-ad52-4a05-9e88-7e5fa85e42da:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"103ec45f-ad52-4a05-9e88-7e5fa85e42da:indexpattern-datasource-layer-07f20f17-d0d3-4d63-b030-7980f218c412","type":"index-pattern"},{"id":"0c4550b0-f8f4-11eb-bf38-9dbfd3ede2c5","name":"1ce2fc7d-64a0-494b-ab87-d8eaa6a05e66:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"52a3db41-876c-451f-9f9e-d36eba9c0e0b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"52a3db41-876c-451f-9f9e-d36eba9c0e0b:indexpattern-datasource-layer-b268ea32-45f2-49ca-acc2-0f3b7663868a","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"c6b6d024-0094-4079-934f-37468ec76121:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"c6b6d024-0094-4079-934f-37468ec76121:indexpattern-datasource-layer-097ddfd1-df10-4f0c-b6f6-567a5c0de7f3","type":"index-pattern"},{"id":"0a358990-fcd0-11eb-b912-d99e9986f72b","name":"ed79a50e-9a59-475a-8e0c-d41b0cb84acd:panel_ed79a50e-9a59-475a-8e0c-d41b0cb84acd","type":"search"},{"id":"ed3ba9e0-0040-11ec-aa1d-f5144cfe34d1","name":"67217f20-9098-444f-abd6-89ef5f7086ba:panel_67217f20-9098-444f-abd6-89ef5f7086ba","type":"search"},{"id":"bf34d580-17ab-11ec-a10e-0d206e63071e","name":"d1d6f618-2694-4695-ba38-d79bbf7d2c9e:panel_d1d6f618-2694-4695-ba38-d79bbf7d2c9e","type":"search"}],"type":"dashboard","updated_at":"2021-09-18T12:39:00.034Z","version":"WzcxNzUsMV0="} {"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":1,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-kyverno/detections-back.ndjson ================================================ {"id":"789d5d10-17ae-11ec-a10e-0d206e63071e","updated_at":"2021-09-17T11:57:46.617Z","updated_by":"admin","created_at":"2021-09-17T11:57:46.617Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:kyverno-reporter-detect","tags":[],"interval":"5m","enabled":true,"description":"s","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9q6jr87k26gs8r4lr5p.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"67db9eb6-eebf-4ffa-b1f6-9311a347faf7","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-kyverno*"],"query":"event.dataset : yandexcloud.k8s_kyverno and Status : fail","filters":[],"saved_id":"Yandexcloud:k8s:kyverno-reporter-detect","throttle":"no_actions","actions":[]} {"exported_count":1,"missing_rules":[],"missing_rules_count":0} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-kyverno/detections.ndjson ================================================ {"id":"1e76f5d0-186c-11ec-be70-e5ceb8b6c285","updated_at":"2021-09-18T11:44:26.204Z","updated_by":"admin","created_at":"2021-09-18T10:35:19.724Z","created_by":"admin","name":"DetectionRule:YandexCloud:k8s:kyverno-reporter-detect","tags":[],"interval":"5m","enabled":true,"description":"s","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9q6jr87k26gs8r4lr5p.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"67db9eb6-eebf-4ffa-b1f6-9311a347faf7","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":2,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["k8s-kyverno*"],"query":"event.dataset : yandexcloud.k8s_kyverno and Status : fail and not objectRef.namespace : \"falco\"","filters":[],"saved_id":"Yandexcloud:k8s:kyverno-reporter-detect","throttle":"no_actions","actions":[]} {"exported_count":1,"missing_rules":[],"missing_rules_count":0} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-kyverno/filters-back.ndjson ================================================ {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset : yandexcloud.k8s_kyverno and Status : fail"},"title":"Yandexcloud:k8s:kyverno-reporter-detect"},"coreMigrationVersion":"7.13.4","id":"Yandexcloud:k8s:kyverno-reporter-detect","references":[],"type":"query","updated_at":"2021-09-17T08:55:03.619Z","version":"WzM2OTE4OCwxXQ=="} {"exportedCount":1,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-kyverno/filters.ndjson ================================================ {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset : yandexcloud.k8s_kyverno and Status : fail and not objectRef.namespace : \"falco\""},"title":"Yandexcloud:k8s:kyverno-reporter-detect"},"coreMigrationVersion":"7.14.1","id":"Yandexcloud:k8s:kyverno-reporter-detect","references":[],"type":"query","updated_at":"2021-09-18T11:38:19.976Z","version":"WzU0NTQsMV0="} {"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":1,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-kyverno/index-pattern.ndjson ================================================ {"attributes":{"fieldAttrs":"{\"Status\":{\"count\":2},\"Policy\":{\"count\":1},\"Priority\":{\"count\":1}}","fields":"[]","runtimeFieldMap":"{}","timeFieldName":"@timestamp","title":"k8s-kyverno*"},"coreMigrationVersion":"7.13.4","id":"38774430-1722-11ec-a10e-0d206e63071e","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"type":"index-pattern","updated_at":"2021-09-17T11:34:04.849Z","version":"WzM3MzU5NSwxXQ=="} {"exportedCount":1,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-kyverno/index-template.json ================================================ { "index_patterns": ["k8s-kyverno-index*"], "template": { "settings": { "index": { "lifecycle": { "name": "k8s-kyverno-ilm", "rollover_alias": "k8s-kyverno" }, "number_of_replicas": "2" } }, "mappings": { "properties": { "@timestamp": { "type": "date" } } }, "aliases": {} } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-kyverno/mapping.json ================================================ { "settings" : { "number_of_replicas" : 2 }, "mappings": { "properties": { "@timestamp": { "type": "date" } } } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-kyverno/pipeline.json ================================================ { "description": "k8s pipeline", "processors": [ { "set": { "field": "event.kind", "value": "event", "ignore_failure": true } }, { "set": { "field": "event.category", "value": ["configuration", "iam"], "ignore_failure": true } }, { "set": { "field": "event.dataset", "value": "yandexcloud.k8s_kyverno", "ignore_failure": true } }, { "set": { "field": "cloud.provider", "value": "yandexcloud", "ignore_failure": true } }, { "set": { "field": "@timestamp", "value": "{{{Timestamp}}}", "ignore_failure": true } }, { "set": { "field": "cloud.service.name", "value": "kyverno", "ignore_failure": true } }, { "rename": { "field": "Resource.Namespace", "target_field": "objectRef.namespace", "ignore_missing": true, "ignore_failure": true } } ] } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/update-elk-scheme/include/k8s-kyverno/search.ndjson ================================================ {"attributes":{"columns":["cloud_id","cluster_id","folder_id","objectRef.namespace","Policy","Rule","Priority","Resource.Kind","Resource.Name","cluster_url"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Search:Yandexcloud:k8s:kyverno:Interesting fields","version":1},"coreMigrationVersion":"7.13.4","id":"bf34d580-17ab-11ec-a10e-0d206e63071e","migrationVersion":{"search":"7.9.3"},"references":[{"id":"38774430-1722-11ec-a10e-0d206e63071e","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2021-09-17T11:38:15.651Z","version":"WzM3MzcxMCwxXQ=="} {"exportedCount":1,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/README.md ================================================ # Инструкция для workshop # Оглавление ## Обязательные требования перед workshop - :white_check_mark: убедиться, что вы получили по почте тестовую учетную запись в облаке - :white_check_mark: установить и настроить [yc client](https://cloud.yandex.ru/docs/cli/quickstart) - :white_check_mark: установить и настроить [git](https://git-scm.com/book/ru/v2/Введение-Установка-Git) - :white_check_mark: установить [terraform](https://www.terraform.io/downloads.html) - :white_check_mark: установить [jq](https://macappstore.org/jq/) - :white_check_mark: установить [helm](https://helm.sh/docs/intro/install/) ## Первая часть - Audit Trails Demo Шаг 0. **Проверить, что у вас настроен yc client** Шаг 1. **Выполните команду** для скачивания файлов: ``` git clone https://github.com/yandex-cloud/yc-solution-library-for-security.git ``` Шаг 2. **Перейдите в папку** c первым демо: ``` cd ./yc-solution-library-for-security/auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/audit_trails_demo/ ``` Шаг 3. **Выполнить команду** просмотра yc cli конфигурации: ``` yc config list ``` Шаг 4. **Скопируйте** вывод в файл private.auto.tfvars и замените ":" на "=" , "тире" на "нижнее подчеркивание" а также добавьте "" в значения переменных: ``` vim private.auto.tfvars ``` Шаг 5. **Выполнить команду** для инициализации terraform: ``` terraform init ``` Шаг 6. **Выполнить команду** и нажмите "yes": ``` terraform apply ``` Шаг 7. Не дожидаясь завершения **Зайдите в консоль облака** VPC -> провалитесь -> elk-subnet-a(...) -> Включить NAT в интернет Шаг 8. **Сохраните значение elk_fqdn** из output - это адрес ELK (например, elk_fqdn = "https://c-enpj9n0h87pi99mh3r26.rw.mdb.yandexcloud.net") Шаг 9. **Настройте Audit Trails**: - перейдите в audit trails (иконка в главном меню) - укажите имя - укажите сервисный аккаунт (trails-sa-...) - назначение: Object Storage - выберите Bucket (единственный) - префикс оставить пустым - выбрать единственное облако - выберите в фильтре folder только свой каталог - создать Шаг 10. **Подключитесь через браузер** к elk_fqdn (https://c-XXXXX.net) из п. 7 Шаг 11. **Укажите логин**: admin , пароль: ваш folder id (можно получить командой: yc config get folder-id) # ## Вторая часть - Kubernetes Demo Шаг 1. **Перейдите в папку**: ``` cd ../k8s_demo/example/ ``` Шаг 2. **Создайте sa и назначьте ему права**: ``` yc iam service-account create terraform-sa-$(yc config get folder-id) yc resource-manager folder add-access-binding --id=$(yc config get folder-id) --role=admin --subject=serviceAccount:$(yc iam service-account get --name terraform-sa-$(yc config get folder-id) --format json | jq -r '.id') ``` Шаг 3. **Выполните команду**: ``` yc iam key create --service-account-name terraform-sa-$(yc config get folder-id) --output key.json ``` Шаг 4. **Заполните файл provider.tf**: - cloud_id можно получить командой yc config get cloud-id - folder_id можно получить командой yc config get folder-id Шаг 5. **Заполните файл main.tf**: - folder_id можно получить командой yc config get folder-id - cluster_name можно получить yc managed-kubernetes cluster list --format json | jq -r '.[].name' - log_bucket_service_account_id можно получить yc iam service-account get --name terraform-sa-$(yc config get folder-id) --format json | jq -r '.id' - log_bucket_name: создайте отдельный бакет Object Storage и назовите его "k8s-bucket-<ваш folder_id>", подставьте значение в переменную - elastic_server : подставьте значение вашего fqdn сервера Elastic из предидущего демо (можно быстро получить командой - echo https://c-$(yc managed-elasticsearch cluster get yc-elk-$(yc config get folder-id) --format=json | jq -r '.id').rw.mdb.yandexcloud.net) - coi_subnet_id: зайти в UI консоль и посмотреть id подсети elk-subnet-a - elastic_pw: укажите ваш folder_id (можно узнать с помощью команды yc config get folder-id ) Шаг 6. **Выполнить команду**: ``` terraform init ``` Шаг 7. **Выполнить команду** и нажмите "yes": ``` terraform apply ``` Шаг 8. **Для подключения к k8s кластеру выполните следующую команду**: ``` yc managed-kubernetes cluster get-credentials $(yc managed-kubernetes cluster list --format json | jq -r '.[].name') --external --force ``` ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/audit_trails_demo/main.tf ================================================ //----------------------Подготовка тестовой инфраструктуры----------------------------------- // Генерация random-string для имени bucket--------------------------------------------------------- resource "random_string" "random" { length = 8 special = false upper = false } // Создание sa storage admin для создания Bucket for AuditTrail resource "yandex_iam_service_account" "sa-bucket-creator" { name = "sa-bucket-creator-${random_string.random.result}" folder_id = var.folder_id } // Создание статического ключа resource "yandex_iam_service_account_static_access_key" "sa-bucket-creator-sk" { service_account_id = yandex_iam_service_account.sa-bucket-creator.id } // Назначение прав для создания бакета resource "yandex_resourcemanager_folder_iam_binding" "storage_admin" { folder_id = var.folder_id role = "storage.admin" members = [ "serviceAccount:${yandex_iam_service_account.sa-bucket-creator.id}", ] } // Создание S3 bucket для AuditTrails resource "yandex_storage_bucket" "trail-bucket" { bucket = "trails-audit-log-bucket-${random_string.random.result}" access_key = yandex_iam_service_account_static_access_key.sa-bucket-creator-sk.access_key secret_key = yandex_iam_service_account_static_access_key.sa-bucket-creator-sk.secret_key } // Создание sa storage editor для работы от ELK с Bucket for AuditTrail resource "yandex_iam_service_account" "sa-bucket-editor" { name = "sa-bucket-editor-${random_string.random.result}" folder_id = var.folder_id } // Назначение прав resource "yandex_resourcemanager_folder_iam_binding" "storage_editor" { folder_id = var.folder_id role = "storage.editor" members = [ "serviceAccount:${yandex_iam_service_account.sa-bucket-editor.id}", ] } // Обязательно включить AuditTrail в UI на созданный bucket // Обязательно включить Egress NAT для подсети COI в UI на созданный bucket //----------------------Вызов модулей----------------------------------- /* module "yc-managed-elk" { source = "../modules/yc-managed-elk" # path to module yc-managed-elk folder_id = var.folder_id subnet_ids = yandex_vpc_subnet.elk-subnet[*].id # subnets в 3-х зонах доступности для развертывания ELK network_id = yandex_vpc_network.vpc-elk.id # network id в которой будет развернут ELK elk_edition = "gold" elk_datanode_preset = "s2.medium" elk_datanode_disk_size = 1000 elk_public_ip = false } */ data "yandex_mdb_elasticsearch_cluster" "foo" { name = "yc-elk-${var.folder_id}" } data "yandex_vpc_subnet" "subnet-elk" { name = "elk-subnet-a" } module "yc-elastic-trail" { source = "../modules/yc-elastic-trail/" # path to module yc-elastic-trail folder_id = var.folder_id elk_credentials = var.folder_id elk_address = "https://c-${data.yandex_mdb_elasticsearch_cluster.foo.id}.rw.mdb.yandexcloud.net" bucket_name = yandex_storage_bucket.trail-bucket.bucket bucket_folder = "" # указать название префикса куда trails пишет логи в бакет, например "prefix-trails", если в корень то оставить по умолчанию пустым sa_id = yandex_iam_service_account.sa-bucket-editor.id coi_subnet_id = data.yandex_vpc_subnet.subnet-elk.id } output "elk_fqdn" { value = "https://c-${data.yandex_mdb_elasticsearch_cluster.foo.id}.rw.mdb.yandexcloud.net" } // Выводит адрес ELK на который можно обращаться, например через браузер output "elk-user" { value = "admin" } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/audit_trails_demo/provider.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.60" } } } provider "yandex" { #service_account_key_file = var.token token = var.token cloud_id = var.cloud_id folder_id = var.folder_id } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/audit_trails_demo/variables.tf ================================================ variable "token" { description = "Yandex.Cloud security OAuth token либо ключ сервисного аккаунта" default = "key.json" # generate yours by this https://cloud.yandex.ru/docs/iam/concepts/authorization/oauth-token } variable "folder_id" { description = "Yandex.Cloud Folder ID where resources will be created" default = "b1g31gsjsn9ajhtvtea1" # yc config get folder-id } variable "cloud_id" { description = "Yandex.Cloud ID where resources will be created" default = "b1gq9j4sbpge1hdasvtp" # yc config get cloud-id } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/README.md ================================================ ## Yandex Cloud: Анализ логов безопасности k8s в ELK: аудит-логи, policy engine, falco  ![Logo-scheme](https://user-images.githubusercontent.com/85429798/133788649-452b4d2f-7cfc-4fcc-9b6b-339ba8facb18.png) ![Дашборд](https://user-images.githubusercontent.com/85429798/130331405-26a909ae-0171-47b2-93a2-c656632d262c.png) 1 ![2](https://user-images.githubusercontent.com/85429798/133788762-75152c1a-ad93-4291-999d-7fc0739d2438.png) # Version **Version-2.0** - Changelog: - добавлена поддержка авто-установки kyverno с политиками в режиме audit - Docker images: - `cr.yandex/crpjfmfou6gflobbfvfv/k8s-events-siem-worker:1.1.0` # Оглавление - [Описание](#описание) - [Связь с решением "Сбор, мониторинг и анализ аудит логов в Yandex Managed Service for Elasticsearch (ELK)"](#связь-с-решением-"Сбор-мониторинг-и-анализ-аудит-логов-в-Yandex-Managed-Service-for-Elasticsearch-(ELK)") - [Общая схема](#общая-схема) - [Описание импортируемых объектов ELK (Security Content)](#описание-импортируемых-объектов-ELK-(Security-Content)) - [Описание terraform](#описание-terraform) - [Процесс обновления контента](#процесс-обновления-контента) - [Опционально ручные действие](#опционально-ручные-действие) ## Описание Решение из "коробки" выполняет следующее: - ☑️ собирает [k8s AUDIT-LOGS](https://kubernetes.io/docs/tasks/debug-application-cluster/audit/) в [Managed ELK SIEM](https://cloud.yandex.ru/docs/managed-elasticsearch/) - ☑️ устанавливает [FALCO](https://falco.org/) и собирает его [ALERTS](https://falco.org/docs/alerts/) в [Managed ELK SIEM](https://cloud.yandex.ru/docs/managed-elasticsearch/) - ☑️ устанавливает [Kyverno](https://kyverno.io/) c политиками категории [Pod Security Policy(Restricted)](https://kyverno.io/policies/?policytypes=Pod%2520Security%2520Standards%2520%28Restricted%29) в режиме audit и собирает его [ALERTS (PolicyReports)](https://kyverno.io/docs/policy-reports/) (при помощи [Policy Reporter](https://github.com/kyverno/policy-reporter)) - ☑️ импортирует Security Content (dashboards, detection rules и др.)(см. в секции Security Content) в [Managed ELK SIEM](https://cloud.yandex.ru/docs/managed-elasticsearch/) для анализа и реагирования на события ИБ. - ✔️ *В том числе импортирует Security Content для [OPA Gatekeeper](https://open-policy-agent.github.io/gatekeeper/website/docs/) (в режиме enforce). (сам OPA Gatekeeper может быть установлен вручную дополнительно) - ☑️ Создает индексы в двух репликах, настраивает базовую политику rollover (создания новых индексов каждые тридцать дней или по достижению 50ГБ), для дальнейшей настройки в части высокой доступности данных и для настройки снимков данных в S3 - см. [рекомендации](../export-auditlogs-to-ELK_main/CONFIGURE-HA.md). ## Связь с решением "Сбор, мониторинг и анализ аудит логов в Yandex Managed Service for Elasticsearch (ELK)" Решение ["Сбор, мониторинг и анализ аудит логов в Yandex Managed Service for Elasticsearch (ELK)"](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/export-auditlogs-to-ELK_main) содержит информацию о том, как установить Yandex Managed Service for Elasticsearch (ELK) и собирать в него логи Audit Trails ## Общая схема ![Tech_scheme](https://user-images.githubusercontent.com/85429798/133788824-a1e2ae2d-c8e0-4a11-9ca9-f1a67607fc80.png) ## Описание импортируемых объектов ELK (Security Content) Подробное описание объектов по [ссылке](https://github.com/yandex-cloud/yc-solution-library-for-security/blob/master/auditlogs/export-auditlogs-to-ELK_main/papers/Описание%20объектов.pdf) ## Описание terraform Решение состоит из 2-х модулей Terraform: 1) [security-events-to-storage-exporter](./security-events-to-storage-exporter) (экспортирует логи в s3) - Принимает на вход: - `folder_id` - id каталога, в котором расположен кластер - `cluster_name` - имя кластера Kubernetes - `log_bucket_service_account_id` - id сервисного аккаунта, который может писать в бакет и имеет роль *ymq.admin* - `log_bucket_name` - имя бакета, куда нужно сохранять логи - `function_service_account_id` - (опционально) id сервисного аккаунта, который будет запускать фукнцию, если не указан, то используется `log_bucket_service_account_id` - Выполняет: - создание статического ключа для сервисного аккаунта - создание функции и тригера для записи логов кластера в s3 - установку falco и настроенного falcosidekick, который отправит логи в s3 - установку Kyverno и настроенного [Policy Reporter](https://github.com/kyverno/policy-reporter), который отправит логи в s3 2) [security-events-to-siem-importer](./security-events-to-siem-importer) (импортирует логи в ELK) - Принимает на вход: - ряд параметров из модуля (`security-events-to-storage-exporter`) - `auditlog_enabled` - *true* или *false* (отправлять ли аудит логи k8s в ELK) - `falco_enabled` - *true* или *false* (отправлять ли алерты falco в ELK) - `kyverno_enabled` - *true* или *false* (отправлять ли алерты kyverno в ELK) - адрес FQDN инсталляции ELK - id подсети, в которой создается ВМ с контейнером импортера - credentials ELK пользователя для импорта событий - Выполняет: - создание YMQ очередей с именами файлов логов в S3 - создание функций для push имен файлов из S3 в YMQ - создание тригеров для взаимодействия очередей и функций - генерацию и запись в файл и на ВМ ключей SSH - создание ВМ на базе COI ([container optimised image](https://cloud.yandex.ru/docs/cos/concepts/)) с контейнерами workers, которые импортируют событий из s3 в ELK #### Пререквизиты - :white_check_mark: Cluster Managed k8s - :white_check_mark: Managed ELK - :white_check_mark: Сервисный аккаунт, который может писать в бакет и имеет роль *ymq.admin* - :white_check_mark: Object Storage Bucket - :white_check_mark: Subnet для развертывания ВМ с включенным NAT #### Пример вызова модулей: См. Пример вызова модулей в /example/main.tf ```Python //Вызов модуля security-events-to-storage-exporter module "security-events-to-storage-exporter" { source = "../security-events-to-storage-exporter/" # путь до модуля folder_id = "xxxxxx" // folder-id кластера k8s yc managed-kubernetes cluster get --id --format=json | jq .folder_id cluster_name = "k8s-cluster" // имя кластера log_bucket_service_account_id = "xxxxxx" // id sa (должен обладать ролями: ymq.admin, write to bucket) log_bucket_name = "k8s-bucket" // можно подставить из конфига развертывания # function_service_account_id = "чч" // опциоанальный id сервисного аккаунта который вызывает функции - если не выставлен то функция вызывается от имени log_bucket_service_account_id } //Вызов модуля security-events-to-siem-importer module "security-events-to-siem-importer" { source = "../security-events-to-siem-importer/" # путь до модуля folder_id = module.security-events-to-storage-exporter.folder_id service_account_id = module.security-events-to-storage-exporter.service_account_id auditlog_enabled = true //отправлять k8s auditlog в elk falco_enabled = true // установить falco и отправлять его алерты в elk kyverno_enabled = true // установить kyverno и отправлять его алерты в elk log_bucket_name = module.security-events-to-storage-exporter.log_bucket_name elastic_server = "https://c-xxx.rw.mdb.yandexcloud.net" // url ELK "https://c-xxx.rw.mdb.yandexcloud.net" (можно подставить из модуля module.yc-managed-elk.elk_fqdn) coi_subnet_id = "xxxxxx" // subnet id в которой будет развернута ВМ с контейнером (обязательно включить NAT) elastic_pw = var.elk_pw // выполнить команду: export TF_VAR_elk_pw= (заменить ELK PASS на ваше значение) // пароль учетной записи ELK (можно подставить из модуля module.yc-managed-elk.elk-pass) elastic_user = "admin" // имя учетной записи ELK } ``` ## Процесс обновления контента Рекомендуем подписаться на данный репозиторий для получения уведомлений об обновлениях. Для того, чтобы использовать самую актуальную версию контента, необходимо - Поддерживать в актуальной версии контейнер, выполняющий синхронизацию - Поддерживать в актуальном состоянии Security контент, который импортируется в ElasticSearch В части обновления контента, необходимо убедиться, что вы используете последнюю доступную версию образа: `cr.yandex/crpjfmfou6gflobbfvfv/k8s-events-siem-worker:latest` Обновление контейнера можно выполнить следующим образом: - Можно пересоздать развернутый COI Instance с контейнером через Terraform (удалить COI Instance, выполнить `terraform apply`) - Можно остановить и удалить контейнеры (`falco-worker-*`, `kyverno-worker-*`, `audit-worker-*`), удалить образ `k8s-events-siem-worker`, перезапустить COI Instance — после запуска будет скачан новый образ и созданы новые контейнеры Обновление Security контента в Kibana (dashboards, detection rules, searches) — можно выполнить через запуск контейнера `elk-updater`: ``` docker run -it --rm -e ELASTIC_AUTH_USER='admin' -e ELASTIC_AUTH_PW='password' -e KIBANA_SERVER='https://xxx.rw.mdb.yandexcloud.net' --name elk-updater cr.yandex/crpjfmfou6gflobbfvfv/elk-updater:latest ``` ## Опционально ручные действие #### Установка OPA Gatekeeper (helm) В случае, если вы предпочитаете OPA Gatekeeper вместо Kyverno то выставите значение `kyverno_enabled` - *false* при вызове модуля и выполните установку вручную - Установите OPA Gatekeeper [с помощью helm](https://open-policy-agent.github.io/gatekeeper/website/docs/install/#deploying-via-helm) - Выберите и установить необходимые constraint template и constraint из [gatekeeper-library](https://github.com/open-policy-agent/gatekeeper-library/tree/master/library/pod-security-policy) - [Пример установки](https://github.com/open-policy-agent/gatekeeper-library#usage) ## Рекомендации по настройке retention, rollover и snapshots: [Рекомендации по настройке retention, rollover и snapshots](../export-auditlogs-to-ELK_main/CONFIGURE-HA.md) ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/example/README.md ================================================ ## Тестовый скрипт terraform Пререквизиты - ✅ Cluster Managed k8s - ✅ Managed ELK - ✅ Сервисный аккаунт, который может писать в бакет и имеет роль ymq.admin - ✅ Object Storage Bucket - ✅ Subnet для развертывания ВМ с включенным NAT ## 1) Заполните поля файла main.tf 2) Запустите: ``` terraform init terraform apply ``` ``` Пример вызова модулей: //Вызов модуля security-events-to-storage-exporter module "security-events-to-storage-exporter" { source = "../security-events-to-storage-exporter/" # путь до модуля folder_id = "xxxxxx" // folder-id кластера k8s yc managed-kubernetes cluster get --id --format=json | jq .folder_id cluster_name = "k8s-cluster" // имя кластера log_bucket_service_account_id = "xxxxxx" // id sa (должен обладать ролями: ymq.admin, write to bucket) log_bucket_name = "k8s-bucket" // можно подставить из конфига развертывания # function_service_account_id = "чч" // опциоанальный id сервисного аккаунта который вызывает функции - если не выставлен то функция вызывается от имени log_bucket_service_account_id } //Вызов модуля security-events-to-siem-importer module "security-events-to-siem-importer" { source = "../security-events-to-siem-importer/" # путь до модуля folder_id = module.security-events-to-storage-exporter.folder_id service_account_id = module.security-events-to-storage-exporter.service_account_id auditlog_enabled = true //отправлять k8s auditlog в elk falco_enabled = true // установить falco и отправлять его алерты в elk kyverno_enabled = true // установить kyverno и отправлять его алерты в elk log_bucket_name = module.security-events-to-storage-exporter.log_bucket_name elastic_server = "https://c-xxx.rw.mdb.yandexcloud.net" // url ELK "https://c-xxx.rw.mdb.yandexcloud.net" (можно подставить из модуля module.yc-managed-elk.elk_fqdn) coi_subnet_id = "xxxxxx" // subnet id в которой будет развернута ВМ с контейнером (обязательно включить NAT) elastic_pw = var.elk_pw // выполнить команду: export TF_VAR_elk_pw= (заменить ELK PASS на ваше значение) // пароль учетной записи ELK (можно подставить из модуля module.yc-managed-elk.elk-pass) elastic_user = "admin" // имя учетной записи ELK } ``` ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/example/main.tf ================================================ //Вызов модуля security-events-to-storage-exporter module "security-events-to-storage-exporter" { source = "../security-events-to-storage-exporter/" # путь до модуля folder_id = "b1g9divt1fgrifqrkvmb" // folder-id кластера k8s yc managed-kubernetes cluster get --id --format=json | jq .folder_id cluster_name = "k8s-cluster-b1g9divt1fgrifqrkvmb" // имя кластера можно получить yc managed-kubernetes cluster list --format json | jq -r '.[].name' log_bucket_service_account_id = "ajen8r7jo0vjmt0rblpi" // можно получить yc iam service-account get --name terraform-sa-$(yc config get folder-id) --format json | jq -r '.id' log_bucket_name = "k8s-bucket-b1g9divt1fgrifqrkvmb" // создайте бакет и подставьте } //Вызов модуля security-events-to-siem-importer module "security-events-to-siem-importer" { source = "../security-events-to-siem-importer/" # путь до модуля folder_id = module.security-events-to-storage-exporter.folder_id service_account_id = module.security-events-to-storage-exporter.service_account_id auditlog_enabled = true //отправлять k8s auditlog в elk falco_enabled = true // установить falco и отправлять его алерты в elk kyverno_enabled = true // установить kyverno и отправлять его алерты в elk log_bucket_name = module.security-events-to-storage-exporter.log_bucket_name elastic_server = "https://c-c9q35pusrt22bol7cgvu.rw.mdb.yandexcloud.net" // url ELK "https://c-xxx.rw.mdb.yandexcloud.net" (можно подставить из модуля module.yc-managed-elk.elk_fqdn) coi_subnet_id = "e9b5bgf5s1qg7ogf2cr7" // subnet id в которой будет развернута ВМ с контейнером (обязательно включить NAT) elastic_pw = "b1g31gsjsn9ajhtvtea1" // пароль учетной записи ELK (можно подставить из модуля module.yc-managed-elk.elk-pass) elastic_user = "admin" // имя учетной записи ELK } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/example/provider.tf ================================================ terraform { required_providers { yandex = { source = "yandex-cloud/yandex" } } } provider "yandex" { service_account_key_file = "./key.json" # or you can use: token = var.token for user account not sa cloud_id = "b1gq9j4sbpge1hdasvtp" // можно получить командой yc config get cloud-id folder_id = "b1g9divt1fgrifqrkvmb" // можно получить командой yc config get folder-id } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/images/Logo-scheme.drawio ================================================ 7LzXjuVKkx38NOdyBvTmkt57s80dvfeeTy9mdZ/PnX9+jKARIAlT6OrNnSST6WLFWhHJ+gPlulOao7E0hjRr/0Cg9PwD5f9AEBjF4ecDlFy/SmgY+1VQzFX6+6K/F3jVnf0uhH6XblWaLf904ToM7VqN/1yYDH2fJes/lUXzPBz/fFk+tP/81DEqsr8UeEnU/rX0VaVr+bsUJui/n5Czqih/P5pCyF8nuujPi3/3ZCmjdDj+oQgV/kC5eRjWX0fdyWUtGLw/x+XXfeJ/cPZvDZuzfv3P3ODuXv5vbL6SzUeoF/7fot3C/u13LXvUbr87/In6NDufMiPqn76lz5GXzXuVZH+ABxB/IOgzNyibD/MfHPIHA2lbnM19tj6zBL4Lv3u7Xn8O4dPxERxW3c9Ys3s2r9UzwnoUZ609LNVaDf1zPh7Wdej+4QKmrQpwYh3Gp/TndmYZf80yaEL055e8Op+G/r7k+Z5Ga/QHyvz6iojLXvyBsGf3jAZnyybyvVgsfp1bckNVJLtQwg+7jqZoeuGoceF70iW7UTOHwdF32iWVIqfjV3YH21Nus1KKSArHL1JCf35Pu7ZNIXXPeKgyOOZQeAP5+a3YLnqdi+2pW4zgrVJjnYKWpXWfx+ftDork0EoDnRbH3GZjXOaF4SYvnH+7n1dQvW4gwxcK4/4Uhl/y4NPisMP0C8y8mH+4h3nOF4UhGJheM7DFF+hPGcf883dQB/eP9xWbwQeYxSe/n/HUcX+jv7ddqU1fwYzmKykV9YyjWpnYx1+oRBKhiGObp3em4Rub5Tfw02LE55unRuawQE1+s5m3gfm8cOh1ghkVcxoehht1aoAnPT2BTN80jDrYjFrAlKdFT48vSzgus8Lwp84/68B9Xrmenhym97S+KU7jAufDyPeV67kP1msBN5vjNK8/71M2i2+e+wTob+fbz2Vw2PmUPc8C9TmHERzX066f8rD+87rRfFbA81zQhwDUg3i88tMHEzrAjIHnQJbfGuD80/bfzyhwMyhO08Mu4+dcAsYFf85Beq3gFngWh6E/93sYZvn/ONIqGkkt9PWU3a4+dSYJpP1rBT6j/mNx/fobIBGw/P8KAH9a82M/2fkPRb8BQcqGLlvn67nk91nqNzb9Bmf0T9Q9/g51NPGrqPwHkPuzLPoNrsXfKv47/jwHvyHofwKOkL/A0f86mrTgBBslTTEPW59yQ/sgF6gKzX9+/kPA+f+Gl39CoD8Bp1xX4I8Y0HtEnKPj34tqLbd4W7L58UzrM0P/njytQcQ8apNhyZJtrtZnvMSntNv6X8ddtKzZ/By0QzE8H+P81D9f/wa+/vvYF/81c46Q/zrp9L+TCP33H+IvawAmoL8uAgL99z+d4H/5OkD/L10H/+J4wJwhXBWylntAmlQMzPNjekEpBMVzBH4ZheGYz/PJQ5npE6CElU3OCx2FYwolZ8qmAoVMe3hiez8HunAwDHcaLKNOifRzQwu5YQkFCN2lclomXcA8zgzVu3aLULP+vNlW7+jri++bzT5tYJ3eC1w2lKuETOE8NmEYrMT8fKaTTcltgzsynVl8gqWnwF+fOW+RHGHUKmZWdzCedcwyhtq9isTwJWEShH0kM4c3q1DinVoIVKUW1IJBcMVsIrQQvu1VFOe7HKSIXLbkdc42SemSraKxtNtPbRmRgGeb55nOfgJj7xIl8qdNXxLJhYXpn3OzJCLpK62nW0KmcSK013XZ0+gKp1hKtRA/AFxG8HZzdHOKp85pndIp11AeUxA+t8cVqh13HyO2ngI4RVgDedGUIE6kQzOPG+oO3Hif1v0MiVS5S40t8/G0AAJGO01v6XDnMzetwMWpr4wiOBmIh5JLJu+pFUX5sUKGEDkdMFmV7oyUJH9su7u3/cOHRDl2o9R6DvZZjeDcWHVIRqoP40lovW996/smmmIolsQnGY3PdawJN3VaXKluJwA0UnT4mms9cBBXqOekfxfbN+FMebpB6FK1R31jzGq3CzqdWfVTSn7CZUwQxCrgw2GI9DiMN6yqYBytSp8Q0oMTRpiXibTNtsvf+nurSa93PAiNGYJ7mzMEgXmBOrzAHsbO2k/zWWlbNQO0p/fzzUbNGRGtov0erPIJt/VO/OeaKYPcJMzjF1kxcFo9Jd8FHW7yaBzmwxWKiFKURGTSt8u6VNij96rnnmif91MvSburDoOjMjNXHhM3oWCMVV1seAnuk4ifM6IeblG/6M9hZEqIH1y7dXUqHIUCAu/FizytgzFmCYHNJu3Vkj4pK03aqIq/SNSlCDHDeaqw46c3D3P+7E89AV3qDySJ9Jw5MejCCh1Jp08o6b4dPcS4D8euudRPFvEOTnrPnBwM5JiSCGnXl/uUMM5qMjx7mNtPI1t1xFtCrVQJWW/GqZtXv6AzanqWjJQYx1GtzjBXEMcBMkadXSpgVDkkHR+u9FQt62+i+HSsUjAfzV768TEAsfDf5FDsQUxDNP14CRZyF5UJdMesMZIc8ej1zR5Cq3cjyR3WcFqyVb21L3cUp6Ye7EdioDu9Uyxj7ZV2P0a8YVmVquzweVDlEm7X3GvaBX6nhDYiWFE5bCli9fuePJEzuGMHecCc7RmxUEzf23wDLE0LgAGeUQb/gtfscBaWkZ9G14+CEONP3wiGet+BVBxcQSJoYj7FaFjJI47cq4JR81PAXtEe94twqwkz2BScEGTtN8+F4dgTKOlAx/vQmL1NqrgrSYbsAw1M1WEbLUlxg/ZcCUza0o1r+t5EDXqwBecOv9WKkC3SLI78qV/pObpnrHLuE3Ipe/4AhpZq77c/bfNXPuRDYezHs+avaa0zJ7iQc9og02AprrDx19WFq39xfbCod01iHahJzYY2flHFFHfYakHqz7U6/lIufMsOUxUTCsDauDCDSZnrjTArf6OEtHCFTKDPHawqBgJjwyZj8rs4J3ShuZMutSSzXPKD8kzJOM+H0wBvoTjC89GoD4Ar3nPkCI+LYBjvsZGfUkbhBPb5UDnnn28VSuW5h3EK5fetf6nwn279qVBgOeCffm79S4X/3Zb/bsv/BW2p5jQfmPiNn18k6414qtp5GCP9wTh2aKFYeAme4S6+V4l18OAM87hEQnJl+WEOk/JIsGsSPDp+4RqTz7GUA1/MbvJDTtm7K9CkZfhP2ulY993SrXYV1F28EH0PCcOWzpo62IuzshifL4K36+GidpoxFkQR8b/wBbgCbTpeDClNQX5/3B2GIWLz9h/sTU4OtTKKQfi/soWSYgiFVKVZrAnJw38ECNvPbpX3CZT38sHB7QLJY0fsQp6Ktfu+pWfoetVWpV3W14cuWGQUGj3oW4qyGfPm+dN22j4qSMAv5ogCDo1gpIdnmuX7iy/rTeAxvUR4vjXgiWdfjGPS7TQqoIwg5wc7vD4wPH57kiJi2kUwGr4omrgNBkHGVd2/dvx5qlY2ioQdh2P0aTvzBImg7w8BDRbuewaM+fgQdqmQtBv7VILFvVsPjCE0BTAqG7ApWIL2N+CPIobT8EFRRvEXrvAay5UROBTmKtIdojea+8LU65WvJyTwtRQTaxts+cNDO9hPxdsHD5WnClPUbdAGvq5f8pTkpzLJh8ilp8ds2O/8aDD+afaM1ur5sebMoNEqgCkOsWsPllNt+lCAWXAFM7DpNMUJbZEkBQVPGYFyiXQYXxqCqelOj1nwZQ9+BYzDJ2kF4T2d4bNb4DTNGnl2tMWLgM0oG2osY+zHV2xRclt2ecH5doB2DZR42IRKuDTWnBQjsfWPUwX8mV3xn4GqSmWtsBh9SEL2zWqs0rM50BiruoQhIVVqbGXyYiAltxj+WVwmWmIMxRTEW6rWXqQDe8ftHfC/D28KCGCDsARYpuyRI3dwPGHUVUD8hCl+1p8Ha8insntGGtTY6jO54J+ror15jMyM/V8quc4vioXt8rleQw2mULGBiuk6dx+TfMs5LSY1sb1X31GYbOO1O1+6GcOw3ImKzt974ih4xkZ6c3+RQkaJjtJhQwrhjMDsMFfmFVYMJolhC6mPvT3avfFqC0d6eESuV5Fsm1/UIpXvQTHZI6nGNLUmYly/RJiuOqPw2eSFLzOUte8LshmHJUbcw2audXWkJTmGdxzUPB+7qfUOJ9nj+X4FW1yp1WZB6YNANu8n7hL7q+iwDI+HKIOwJ3IvTMES0xL5OCk+VEkxpf8nkPa/2/K/sS1c+QgJa+Uh7rHYUtgoSHhLC+lCT42AJXdSU32meJWfleZTEKRm2rq2CcPwcIARSOf2Hf3n1Wxoma4wfXIgyxla5EwHQlY8fSHpwTB26gtHFFvp/hVcCX50BO8IaOiO5GPEL5Km1K09l0daPdeiYVL/KNqAGCW02wHcUO87fpg+Q1ar22MUBloXM30WneEK2oO6pvV2K6W8nosL6/HMM5Vd8Bm+N59RmA1UkW/my5qVGseMiPXS+fP4RX7Yy8EGIoi0efgwEzsqK7VcPg7GQDIsiwvQqsBboGNOHjmj76+37EHudg7f02AgAWqxQehnGAW6ZA9BUKoA1DzZymbz6QeQn7lYkNjDY6EA11CHknCYBTxpVrcAr6C0fGoSg5bc+xp+mT4AX9Jx6TAyS+SDlAsM7+EiPdigv1e0xuitEoEHpTXiufJO0i1spnWhkFel1hvsK8zAbZ2FIxceGaAyrLS5gVMyOU6XOqtalkbyM2Eg/gXU6VaPEQS8Gh10YLAXh6mU+mP7JOGa/ged4ZAReBS2V6S+fkEsLOfg0emvK/dXDI2wzEuHwzoiNdYE9AWP3fHuhZ9nwSnBNh+XVb+k7v0uNgw45saWTSwyu1ccvY0+a1/fg2AquaxCvzmN+V7Goa6KRmASTpipfOcdat2yLoStvP+aN6z/ePwCNx5yBOf1j1hzeOaY9kddYzmY8gwEE57yBj9hRr2QCER+mpUmyM7gP9aL4hk2jqBQ1+EWnt3zh49cFIEfnFKZNYWtzjsi8q1WahjQERtmDI5DzH1sOSSnJyAOv6iaMS7jCvHrdTtZF08UTA6I0mYp/Xh8ZvNHT0EJOO1P6HxuWlZAo6z88Q5Amr9p6DJvj9hS6GVulwrCGu975w8eC4VUOxlTbxePl1EYeH3UgMmDwcjvSvLHL6do3B60Bn7ymNUsbiMIoHkcGWx2KO0SiVGpbe8+R3ubrSclrS9empu+1BLRc2WwzMnsym35UIBkTjL2YB42dAEnL24gpNNfXw3Y2vqqc6TFQLir0LC8AzGSk1ol3ceJBH16H+KfIaRdT8dg9H0Nn/pTtUIsYci5MBijQkqlWW7iBi57qcKQVnpL6GqBbUTvI7YeErgGb/Zc5bfVzt316QBlmvd3JMTpRH2pGwn2/fUlj8dlM0f2fw6C/p+E5v/dlv9uy3+mLTxNNn7MQNV08uvqYzwuMDy0IebKX9wo1ebfyizgyITos/dy/xNJenuLG//EpbIJd1HKZ2wPlrY3DOJaodLycQAA6Pl1GYbWUy93rU4OAwYyKYGRkRXe1Qk5V2Uaun+5NiAQuvGF+L3KkeuLaEBk9JAxuVGCeNhNQHk+m4GN9e7rflcziCGv8i7qhe3ATMDn0ynbK/mApzAG990TfcEVADFf0UlPmcPhZnDiK4jthQ/PZrhLuD0aBA1n5LVp8/NU/6hpeD7bCLYdvbvOhmEbY7ToLXNYBZYfNs5UB3BHTCdDg1LF8XuRGYtUMXp1d6TEWA4SGINlkTnuh0hBP1D+sdh2UzOLVyM4w9gC0HvmMJSv1e47vzry0NfZW1caGTnB/QFj8Fy2dzhkNDPupgspiczfeEEMhBBTZtrOsMWyfr8mS8SIO8BwHNDlYN2p7ROEEsznPBoGLyWMxF0tzM9xrHQKEUf9U/sPLzgTKXc8g5H42p7bHXFH/zrIL2pw7I8jlX0YAxg8gWjwdzEf7cOYIw3E1SDAYp3RC0nIObw/dOQiUV9lTJXhuQOg9XPRqw8o5sv2Wn4h6nwuQH2ju6MR7tP7TZjGHzKAbMH7BdsDcKPB98BsPd2u+evh65gy61Ew7Dr4EzWpTSa2JhQEIyrg1gW8UI6WAxIg+8xhPYJjHJr5NiO05Yt4xJMijRlhSz4I5Q6vBZ1TMreODDhQ0X4cGBPy8Qo43/3KzvSWXivJnVkwEK/XHO+vuiYzuuQH0REZa1zzR+NVZOqljz8D+Q8PTgT7i1jdSwfcIqilQ2T8+V+8/wu1BzeUo8Xb4YGwyZ3X8+6xUqFeCXTrzu7zhsmtOlvo0XL3aue+0Lj6eahKS0U8SlfJ/Ri2SyUIXWJ5Lrlz9Kr07WG4Yfy0DvsG0Uw/a+yEQNZk10qRwPMsempKGeS5M19yqZ1+nLzRp7OrN6UyYyCuDrj1GD5MAuuoltjNdq4fZkSjn/djbyybeChdF7xO/qf8O/yRkqdNteALoRBk1alJn4rOqupj6dYI0T4BZVn0KOM3DzJjYNC3tF8Bp2BWw2bAD6u6AS7MjVoUBUibgn//Jelo6F/S0Sjyl/wzjvw1/fxn2X957pn8a+75Z58T2P70Hx+IIK8P9kpVadZUSfP/Yr7ae3wYIzS/8tUcMLPgXn7Wxv9/xtrqn//48WBZ3PVRUMn/bMb68Y9/y1irMJqJfggPzxhEUesUxZoKylsUuUNxodD9Sh1iv6bwaok4zTTd/TK7NaKs67P6+nWcVmDdrzBpRhGOXMIWtVPa3+ZHIwDk7B8vrardV+Wtb2s/5J/lodnqdRvtRvaLvPd1fWN6KrvQn79EpahcMA1+yrtQ1BDPQ3nU6IOhz6lHgfVnQ9Mz2g0xuDhqKGV1JPYx8wgo1k1ImfeVbtp1N6uVyWwv8vGoWXVwy1PdWAAbNix0doZmVN3X9GtzebBHBOSl76LAMKcjohqEjx8EST4lk7h29gBtIez2m5Xk8sVG1WaDUOflNJMm3b6QyifQuJPLXCOnvkfVe74paatrm4saSbgQvgyjL6kyoFV2qW9CrIHGLe1XPb+Pfnn60OW3UQIFMsPX8PQLbCCYxGVWGU4cKZBZC8Jr4+YOxkgXFe7VysnVp92ufWC25tFwKx3f+aRTIkNsQm4G0uIupQpIJh4YnQB9q0a1aLhQLmvo21OSF1BRW1I9qAaea//EG0b+qt/c+zncp62097vokLgecJCsTl21PJ5n5BNJ4XKCb0A6C6smYjxNTANn+Vs1LAcxXtd6v+YmXBwQk54tro4CTZm8JpVQsKWHtaXsY1bdQJi+OXwd6WQWCGAkYc65u0ibeaiMZq+DI5nNcNyfDd81dyTVX9JP+qKCcftQKozFPZFOoYIcaxbF2AuElokid1/AllwpHGEt7+MCdqR4JKwqcHAYeRhiOpI02X69hTNYB8X4i6Qd4OVZyD7EgrDqsQ2sJBUanlplYMdCz9aM8r08qpO1Si8p3vDrIi1sFkr7lx7wWALRMdo5fY0wCsSZmhNe3h1+3z0cGGr6coQogLIebY1dZlXmJPodrQSxP1woMNqxVKvJ5fuO0BrueXo40himKpwF0ST9WnRMYU7aZeqzGrFp0J5Ry8ZM/y5vXvqe9skZiEDFWvZO+KX5gqnS+puESs6yZ8J09J/F9hktNMbaysA/ipkSof3Y0yvp44N8yfxApN/Hk+IPtDzm9lSADQE1NoV/WawK0gMs2Kh4l79nIBdATBp/6NLE2s9a+krOIDvHSUDCPFUSEjps9bgGzWttFKcTPrdHwnQjYkp5Zp3AsumjBKu/CxuOIYQ7m8pSg7vYAc7lgK5EW4SvvjuF7+CFJQIkPbzWNkMt/fqUoyfTxgXNQMOy90n7VB34qj1993gFP7lqdsskRMUnEBOwIetlNSIDAgRiacs5593oZyBAFAkdr28f2npm+QMsJFA1h83Lk0lMddyR0w12eS2a4oF0s/km7QddfjZrbiBEqHwBPnjHjGeDy+fB8q5MayTx+7tUD606zEsAwX0hu6RKeCmC6+VhgaffAvneg6Kjc3JED7wb+LgkJEXQohxH0uVASd+qnqF48Nc83iqs29sExtvygtl97I6yPKYvzcrbT4mavPVNrK7s1VPzTLiTUOZUcqcNG4cEmlg4HMoR4g2M2zPR6NPVI2NbTAapK9ezjiLiBpH6g0FCifsDnYE9BXHSR2ZTnxbNCydp4pyOsU1QddkRPq5UkM9En9zmaU06J4hTdCU9BAwni3IZwFjEz7igAUMicOsd5cvnV/qiSROLCfNiT95rh7vu9k78A8sbdqkoyOMawgfzQ3aDLzsdrBnvj6qFtJp8YQNmEd9vERCv469m1ANVEYnhVMsXxmXP0DJlzglg1uFhjh7orL4UgsMEmzHJUa7TyxmcIIPAPotuVXC6N2nt6TR81bnihQ+rxOJw0Bavb0WzVTb2FbDkWu9SCp73+rxOp9Hl6G3KYB34vSN4Q+x3+u7UuNfN8gnaNdZN188bQwf3er5DE8S3mAjiKDZ5BRXOC+G34ns0gyJj4oPes0UfZDybsdSVD8GW0wsaSuRhUr05W1mu6/1peKgmIO6DGNpebHLYUXuZcnHBVUxd790LTvVPg69fUI9fWXXIY7w7+FHbKxhnAYOdVpuCIknYfnZ6MR/T2hOwYeo1R00aWazreP2u6YjF5Str4SzLG4xH1Kb2AXjXvDWLKGZyJkh0Du2Y0gEmmF2/Lheb8ZOyBsKWgOTbNlLoEDcirSgJpa4enF2q693199uqPSnj62GtvvRAKgZk6bOAg5GF5skWMs1SzNHvH58rXZAKkZxH5fAU8iA2zGKefRQn2AqDGh7llwU3B/R7KeVKbkGmTJzBGu+SXnYQ2PAHAp0qsNiMOpm9KMI9SkzeL4fkOlsan9sAqkwbiQhXfRfDI9ixwpILAGOiS51K3uGcN1Um8CkVNs+Kh+bSIMdbOWGmzYN2CG8zgXCvGkgfX7GNjSj2Dsy1LugA45cSVp6eXenOkcFp1bM4fU+mwz/WwsqDLJa31oDAZQGmw1GK7vGwor9Lb1xM20Qi/O+eItLHub1pLlK0hOPGDL4NR/XEBGLr3mo0FfuyCDb6ZJ1vFl7UPY3VmKkaJR2eXcnIT+NOepPy+E+tOnrAHLpkgse8pOB5AAuTjSbsAlO1x1q+TPKVZHdfbTEqyr6WO9OHU9zwHPAJb5Kg+fIErDjm4H+FEcV902nj2WVR3WVySTa4shgXAExPK/eOWxwb+eUY1uLX3H2eG5cAZtiDaUYscDTYDfWagRIZz4Wgc2qQ/PxC0EGckaHIk/qyuAh/jbLWUL3t2wUNq/GDykCKz1NH54IZo9YYDTISnseQbZCwMVKAf44Yq9UlYDUAIEyi29nSACX/cE7uPrbrVsGqQ+/qjfepX1WSCsmJl0Cz4zex5onuwF+5tYGQzH4ieN1gBafcwIAIHZZD/mGaXkJ+F5QvWHUSBu8DMgFxUXLXrO7V+GD3+yhwhFowuWPupgglzc2JhPAz7SV2DB02e7GzB+0u7IGJ5HdP5MXySxxIahrhhjqVRvnwNgKqq64ujXIMmRnjTOl9Woy3wQK5f8JXAiYSjRJ6I9/CEpPGBwuKCvbaTyt5kbLjt4MpiYgh7IG+Fo4/FGZ6+p0igmzwcka86Q+8oy/Of/GxIiP3Xv4Ag4M+5ICvw4L6enZjOpVb1naVNW9ktV09q2fty8cUi3rDURczVXQee9p8eLzyzX4EKt7g/oO1Bbe/ckXCpM80X+ygG8JHxAzprZXcqzQbrydLHdu7I5+dx7HsBXuJC2f3X3jIOiU+eNzPbrV5YNeotVdQTxnO0P3aBy8q7lDh4Z4Gkka23b0IzAvSg31jJIW9+/dde3OzP+zWzlpnYlB3ei/CCEtNqygtAWMM9b4dfColkDQS+0yxlpv9PM6nE5DXY50v4amjYmTMbZxvrS90HdNTTtN8v4pfYHWK4aWwcX4aOCje2DnO9p2vReO/ATZP+SaIZ9+A7DubDl5SEofp0iTY9PDmyCqpdeVS9hblZjEJfe0FQQCyuLrhrmNLfO5zNP7VvkOSr+neJyZRTpSTgZmKmiPZvQWzvq+HBfVqiSmrFxDpxy5mmPDM/SPdh1YET0O5QnhtGAr21crXtMiz5gyzWE265T+r5S1m27v/VsMk88XnZpm+80VJWQRxFaHDFPVWNR5d0h1l9jNPdGvQyMNMzTpniPeRXw4aGi3g8IZcUKXY3xyIpOjqrewiZpFDoVnYzAp3mQwUiXYMF3TSw0a+DOQGK1Y2kfUI0+CyGVbBjYu/R8smGEhJtZGjkxA17c67nPqUauBJLP/RpNyJsKeIZx+/x12xm5BqZ0jB1LJkPvZTpEbvgd8QDX9Sk+hxoJan7WKoZ6X27aRYX5cPIxofVJzfY+JF2RWChByTpX2UmXf1ORx+QtFN0LRB68RX/FreDYjSyVD2Rr/0B4AYxwEPxDtIW70zeztWAENf6cWdSYCyXnqFBT/woxjYx+zqD2alKJq+Rl4TcCZYDVNigTIqSk8V+RtEEjW+WFsXzM592UbUhMqOqHYXapfD1kIOniYuJtLdL3I5ePb12JLAtpYZOa5HWT07Xnn2CtGbSJ3U6Zdmpt/s7rwMfmpSJYiGZqgpm1PvBOuVC5LBLh/2RwGFpkJFTWzXO3Urfo12JMjrqhR+R278Blah1U5NCOe50g/P11wMLF/jEkxMoWuITIcubjgOzvILAqgKPeKncwUY6oRWcWMK643LEyrzzHiSdDieKuCgqu9cQkfGnI3OfHs4H6cKEzxWUAmYDRmWKAoo7fXqdhjQXjy6g4uwL/vwpfubUebq8Q89YdspQQbt43/mxm9w13qDcIJsTul5qyOknzuA9Yu2UXXv8A1EGVSS+sxu/tkcrIyKDGIMfXl4kpb0b3HMmNiy7gdSZCUNLm0Mm7So5IZ/Oiw+pDPq8YpRF3pS7gWrjCqR3fz1OFU7LiU262uZonDLBlxLujNo638isXDAI5l0TM8adw0Umqq6HrBv/sypgvQB+Qg0hxgbwzUxt6DpS28wiJ8DdfUbmA3apE7emnIbx+QZMeLpXgjk92ko7MWUTtYOj1ZXuL6ZDeVBhv3QNq+HiaB7h6/G6N8jf78f9uo5j71xqKRIAX9o75Kekm6IxbhKCAO3B1K6BFrHp2ZmUs0nHH3/SfkPtd6H7yM7w2JWr9Br05QUUFlGwFp1rtmC5nevUCHtSUT1bVY45FepxTaJyBroMuaL+BbMhvGt8pDpzldHsNNLrH9oS7uUW2iFVEmL1AycnDKy9thcX1ocxX6Vxp52thL2FLUXLraSd4fXjG5FhiUczs2EIKtHIkI7DRu1Yq38zsWgcW/4hftHuTGRSvmX+PQeo6OP8zwUbHrbgxiZeucaLWgcPoaImTXzxUX/VczT0n30OI7e96Va4msnN/d7PXivvis0MH11u2EckzbjJpR0mjcJCxtlARTm3ZHPaehaok/A/DzjIwHdCkanq0PJaJD3IJebIwWJMzvaGnTl2IgvdYDtvuEG0W9xkd6Eljfrbih+NC2sa+R32gboispXaxo+HiwgrANFbfxYMsaFWolTP+l8txMC5lPhAtMkkYBop/fpBbKqJ7dM6pFG4ctrINBO+lHbW44B23xnsTlvp4fPW9uo1iDWPksIU0sEVAYUWVeVUxGQlFIHZrRr4C0Kp4GZazIGrOQmi7knJXKvyrRLF68d865DbNjfKSS5DC4Yzyz6oHGz+rAGESNkHPIsAYfTIHUYRsxcG1g+UncWMM0+tHgDrOMi8tvAswG/4l6GgBXftIZ3WSTEGKhc61BGsVWjiR54mTG9hvPqSvIaX4i0r3lvD5TbXPjwVOo1S5h9MqXPsx5PKnrHIKusTaGiaJ+GbJovtq/0OcYKVm3Ofb6qT5/fzQ54E05h/Kul8AX6LUfT9+EiFRpDc8AHSXhpZaTYBVZJqcMr9qc8WaJZxuXXxSXUOKGbytw5+s6lWSwdvhkWYmmBn7NVOa7JfjuGM01ui1TCspfGlGeCsITFlCzkg93RxmHuSjuFuLHYh9v9zpeJN+8XCsmkLybcxlFhydh7Q0bkNfQbZuaCi8JeaFScMz5sNvnC04DK/rrfLymiibmE+fcG4cqXSSljVj36GvMj5uoIEJV41yFX9OP1LVJ9HdvvXAGGIm2Acl/BJTYW4MoabqLwIQf8DOKABZi0Pdh9JuiYlJLh6FkLVpEKC8+ZKXRI8qOXuKCKK8ZEFCTYTlbTWn1Ra3CjRVlyiPQ7s/CXGcBOm+HKo+oIBQ9vR8V53qPRKrnNIW/zfEMwrVGk6iFtRD/3mG7YMkNCmPxi7qI6Ba+LzRpBQdQC2mVINHIuMdQGlm8EuT8+TDfbzbN3BzamhKlF0o2KFPMYb3wNqW2ap45RHl7UTO7jb2MiLI8MY/lDJRkeZBENoM4RE9ppjwk1IPNXsmH5LkFLq2Kn/itWEj6I+fsM9UFQSA6yVFXKRNzpVpFouMOvxGa8ofMjYIcaVe1cGFLqDnfZsytN0Dm9Zyaa9+vctQ7d11dDMiMGPxDF0U5SHm5kIUT9cV9cX0mQUqYrT1IxzkfNJ9yZsDWYKt6NUgoRt33bjhumwtuREffdbB6zMN+e96nDYgnYDx4ffQdYiTPL6EO0xu1fwfye5WENUpwuN6WBxe8cdf4MnQ1RgBCcwHU5S6eMh4wyGSQhRuYHupIIr+mW5jchi2omIKN3Wwy+MGRjDq+bPy5SomvqE2hIPrprxPQQ2M0TxyWz0EyNaEqK72aTarZMk5rQJ039efSCqmrKDFQ/nXUqebjA9ZSzXlJsKkI3YRLQJn14+fNKbay/iFpv1AR2oem72XFLgiQjTeTnowHQxfp5BythcmYOsrAvui1zBpl76NLxEaXRz2UGxPVBro0j03G65io0vomYGr37QxUFxD4UyyV4wpvQI+Xl2NfgZIhk7kOVhv6zUc4+qdfkhh5Zy0NQu2CzT/flYvp9Ig7c6FTYEP1Imf1tfCIRez8Nz/flwBw0XmaxvrJCMnCl/9kdteNn+kZP5UR2CYrjXDG/IPHh5o9xMfDgayBMOVVfvuh/QgLUYmmgbBjjMXbWEGnObaTsItlgH7WGfVq765LjG3cXfv2qU+czqLIcYNfU3BnnJmwV2g0Xcm+YU+jLXfNHL0babNcN6ZCJxnh25kwniMePwfXNXi7kwz4fMUdaW2heL12a6/H0AfZw7OZ8QyqHEu9m2rMTYzCbtTW6P4nwItAey9+fB8UzFNLC+BdGwgSzvmpTepybmSYlk9xpNGlf2rULvOXioAyCmpii/oNDBb3B4VGfw7G3GpWvYEFS+mUxIOPTL2rcez9qzZnzr2Uyrth3X+jpF8EcukE//UKlOGeW0uTbsyiir+Q87PXMNFGGAX3x5vEzMTnEduv6bu6B6Z2AFz63Mquy9vnUTiQw0zg1ohIeHRc4HevU3CeojqBUP7Na880kTcLH0lGShwdbEmZfntGP3VEdmcT53bfv2lEKHOwC5GcZ7ZQP2x4Pi96t9zQgH1Ll6gAZCbW1MxkZXWboCyoebT9N9CLJ4TEwXzkvfPvPGq3YoV0pMuWUKHzcdt0LRMMuKTj52Y2PikbK4QUvTSpwQvqxpFweOf2ihoJsHn81vaHqk8as5hr5rMbqtET4IaCMozuhX5paeAaCrAmDxB2voxwQpdY29fuR+KCN6csejMiJzlGH/UtvJxLfZx36oBwZ4rKWG/OYWA8VA/xtPIAAtHTgOvM85xwHHKWKxzvkMT/klJgwjacIrJn68/0Qt+taZh+ijooJy3dM0pU0qVePudp8u9pa6XFaF87GcjR3PabDaC+mp5j9UbPNw5wPKQZr+hjusB1fH6XwGqrX+Y/aOEgcfLFYMqrukSxTG8zS7G7Vg++8JZy1z0kRSuoii7Mv4aiTAcuOr+QXF3RzSGrxHdEL6PoAELHo1vUl0uo2SICPX8LzgcUqH7nJvll8eOSLb1OEESk2dOxkj6LJRyzOY9Rs6ZWf3YPTJO0vAWY8pXeJt/aVFaL+zuncUTJwrbwsdXtqXiCpuPND5RO1ic7VY4k3hJrXSGRylc1f6HGBCYufYuN7zQiHmNzj3cIw7UACs9IROI+gD0H0h3UxyCmBGDbLrhLsfCn8cpjoLrPipb9a4g3GLAIkD+cnbNnGl0QeZlhNCIbe80nJcotbsnpRfqETS9eeKpC83XzXOS6SJFPiIHmJVSBzBBXIJ/WbKLgJ1GJQjMcPC0Q3OLhb57ZhuNezUsRHTXT9NApSfW46H5Fg+/F1yLeBk/xSJRM683KB4OfOrSBGDF6utCrdrM1u9T3ClxGhyHCuKnFPAInO2Rs4AsVJitiRnerTZXexo6zTzRsBa2GQ9rrnVjAlggtYbxkh+sz2LJft8xzffoc7bWHCQ3Y/i9AvId0G0/SwoxWEspnQ/3KuCQ4fXpnTbKrPhFVpsenRD0nhyxswArkfJVH3lxgOEWI08jpVVVpT3kYrw41slvp3AdxKfjzC+aLdIkSZ7QAxoqkl35KjTj1kcC/9RDRBWZw1D92mUq+saW4pFj+z2b+i+4VSEBhidBo1fTGc7bTWEkQTA+QkQ6nRVvT2QCozciEWZn/oSvWYzKT1eaw2GPC5pVtnikfRujAO2/ahvJe1K2t9U2NFOuuzXOse/tnEzkDG9IkHN2OqDyN7FSalGSeI0HRHkOxXQgI2deDsgUarhgqQIDLeduBZ5uXWENxA0O17S4NgJ7SXJI5+LTK/UlpGyAB4sqTVZ9ffgsydVmHi34E/JMIiuWl6+flQBEn6GcuUbx5V/UgqeDoR6cbFeb1niN/aVt0cWES6KASbrWhs5AlH/kwYYiARbGrdi5zKib8kAZ8uBz+09vEplBU2YB8YSFTpmPw978cdrlZ5g1LxDL+ZrsaZied+hkZ8i73vfkR6s/i2w+KJN5a8B3FCB2N/7G+FaCGyv2+L5E1Het/Bz0vKqf0xZpstb4LQQLvsD0mv2FbsBFV/1mPF8R3nD9Zmio2NpLOc5mfO55gPP3DFuSC5QuJOKIax/IkV/zsr7nf+PL+uMvLHtJYgiyCXKsodIEIz9qUxFmFppt8BhyBtGz/J9AVGXnwpKUfLPtexHxrcN+Ke46d+go5SD9nBTpQg3oA35IjjHVI6FK90p5k8e1SaR9ngxfapO/DH6fI7/vG0CJ7JbEAIGbwEfPkq+Sxjy7KloYdhoQEtjytulV9zkgXvbybkDryc8KuWQ30BGuCaXQmjapqveKk0pxeiaL7wmQ03nsPpdSPzGjP+XJrKQ/DWYClTaDEfKaqh4892bQLMGXNryzAFdQXADS6ZUzQvsB/KtWTtevkyHg8PhRPNb36cDXwgCEylUmuP2tANx6u4QM5WfPWtBGWLicxxfRRJNmb2ER1mmS/laZ13I/MPkl+5DKB3of0qlc39FKhdExFetUQYt5zUBGgJnJpza4e3plTJBMX40gFIRZ6zCxHPRCjMeULbxAVh+ji26IhB8olohfJHKYGcEr5SOuNYT+dN/+0nYaTkdMEJPAFSnyFtAeuJU8vGJTVXWlqAWGnauLlBqKrdX7ZtfFKCjMtaTIgzP5CY1ZcvCL4hhyT0frjFpJP0uclUBwLvVgnSjzUKMwNEpNrEZHEguwiWWUFmY/GHBP5izNN4VV7kBoYxWPzk5fZFyXhaTIlxw5BXdJwwU3xrbqrbV2gAPy5Ht1OfqhsYq/lFR5ZvzFel2J7miUNit2lgDBzirUW1NaEem5r3xeAjHWeYdAxm07Jw05IACT/V+pPR+AYqLrjlxpQd+KsHzIePyyUcYxqDYgLdKWUHK+Ebyn79xhcE0k+0v9Se1bhPLfJXC8H3h+kK8SXoTrTpevdWYD6d8DhalLaqBqSOVt/ER9pWwaIV0VfWMGrIGeo62Bs+v9oD7Q5dEUcNT9TWA28ywhP0Wu7ztzp4c/cIf7Aw6K1X/NrEMydQufUm+cq6Bk7k4Kjg5OsX7EPkOBtnLxWbP8JLstHYmD/5JR5KbMHY2V26g1YdmYEoAaubzUkXOZAs1geYOX1T3KGmb4DhWiIhREnTkF9tJJhiXc8s27wW+llPO6XbAscWyJwRhyb54A9z+IT4XbXuwcoghDOqILOvTgVnj01oFINXORQwdSjwrGLZkzTGOIoVcKaRBMk2ZsUmK3mT4JIvCEewDoYrpdzGXB3U7u8p3IK3zLSBfm0CS2ktWMzf2+xx/QUUlOHLDIfPXtT5CQFIbufJPtrxoN2o/QG9ZWabweQtyWxoLvWVUElSbL+gR0yqANFUH4KkqfH6kpOio76P+uOyrTMccR3Nrg6bKkothNHAn8V5xjdWcbBZ6jkVxCjQqLRguCOLkEPqcpvNeS38oVbEbId4dNPPLn3YYwcxuVcjNTXgW825OE77hdMmehZZzX275QszSzEOSLRBdFBfQUOe1gcdTzmd6lDxQl83brCVGrw5CX9FkCNYGXF40cljmkuHm3SOQxXovxGEEqSXs4pcPbQ0eOLoIxWTnBjoTpI4n273hzP9fg2Sy6y1ySxFexHkC5eaY2vICXWq2UJAQkGklozJK6ZjzFfxNBe9pOKF8JUhlAS7hGJttKafgJ0exWPKCdUM7QZ/UkT3D7Ooh4PDjFpKo5MgjPs1p2jxSS+cAju1COMaeCZwoDi4/blFDlfIcTq4+bQEES/WUmKTR/dcYY7SLBmOA7yFmL880xSO1hnSLdgK2YB44kMhPHiXWOU+kgh1RzWxJsEkR1nzJyznIjgKswA7Jba+b6Pv5fqQi2tZnymy0eWlX++o3IDLihVNAwtzk/b7tZ9VApWPQ0cCdwGE5yusWH1rULlUw11hTZYDboUW2kMsGUhZ3GVdZjSe7lPGQ0BNe8oOZY/sT/lYHKVUzUT/JTx3m9awR99VCWa9BWT+FE0NwDDNL2CMpGplxkb0AQGLp+5XxNc1cRUjzphuKmO04H3UAKs64AJV9NaU6lTvOASWO+Fgj7DymktoUive5UcsqJtIeU/FotLmHr0dLvdW7NccpRGFv0FwGEShjI+FLNaneGelZovKu+HnPAp9do4VTzzYt4IIJ5pL0DSkI/rAtf0mF5DbiCQ0oVmajZiyN75DbGXPMCQ3LhnZNA/LWFQfokqyxNJkTKEdEZLfi44mcTptb4TLBTaRzEP3ThX1d2S+So8rv/vOVmXduI8UmLh3Chl0m3Gd7funjaWN4K6MdIFNUjeIrRxvSo1P/+k+UNGVNJ5qX9HEJJOWfd/1wT7su9d+zr7Dfg/zEBXJN+f0/eHA2fsCtkLQ1U32AH8HrZFoxkJYU6KU3pNTPlI7Sjm3hOahYmVtpUQ4s7G8cAFm+JmVQF0/vfto5XV4bIg/lszbOevhQBVLYhgFxWxuh7Gdq+Tp6mDqbVmJVkd4VN+HKd98eMtVDceHkPvmYf1suiabVqZvXo6pVCBlm8SzZ3xzPZGZPYsn94RK2HX3fbeKCprE0fAqEC+D3PJ1eqykDx1gEeVZCG7FSKE7uEo5rSgnJIqnudBwdIUWp8GxKR601AoYxEdJedO1dLt9gUQifn+Nhyhg8jtqTsxwimHJsq+apTQWb3oLeR1v35V8B+po0w7DwJn58yLnsif9jPIr6zGDtkGRQo7qyIHshi/EK0oZ9dGL+vyK9cdTOLUD66i2aMIRjwR8oNL6juHWiARNC4zJq7LqGoxFU2rhFVZNVg6pPKIPr9VfYZh51hgPluM2lFEY/sezQeoyZrzC4xSnK10V88M1G37ePF3lWEEOOS0oJhCObh57EmxOYT2VH0MgubIdwI2X0w1Nn+MrB6Y7vOUL+Cxclp2Qa3eO+K5bY3uTi3nCga4BrceSJrnY9rNHJwUuG3W0OfUh51tMDyW/3h5WPdNeTiBCtohBG+BrRjEyeIFCLJ3zy+I2ELS26k/aII/sxYeN8RFlTw4VejQQ8+Vh6xRreBUxVzHxj2LFtuoUXH7EfYgJlckOJIRxhW78DlsQYGPQHXZCpQv6DY59ce3sm77x2b1AC1RxtTWBbRkHsclDD9nwKGfR6MmTNKVuKsBfIGNVVxADb1Er6cjPPpuS2of6lroDByXznhwvLQb8HbjTopAv5CWN3qXbEPSMi/sL2yZy/zjBgIuXZDI+//BASouRN5iJIom9TazCn79pR9sKYSXrlLbJ8qG1St98VupZTnAeGucgxvGF93IkUdzZDcR9AfIKY2rMAb6LyHzp4AB961cctyXkTMbnlczVVggdyUjQt6qVHtVw9gPIlHgQNcg7xL4BFJP9FRmlkTV8Iki+61Wk3FysQaB3O+IFszZ8UdivItHFQOiCpnTW8EMGm8fDPNCVh4I7McMNG8uIo5d6Xsn2r91QTHcrH9W9DO/5Epx436GGigqco74YHVeyD2jDpl2J9ejg8UV+Ve/UKYJEpyYXp6EHCrtV6lPWLI1ewIMkH137Qma/Nm5zM8Z2JaeK1QcbmOLzvrvSBuT6/fk1HZQ8NRO/btAHpEpd+vOWer+olLpbrWwG2Y7oXXKcPKepT889unzgzPiWX+8tKF60khP9DcHMDh4MPtxeYSIBUVNH0Vwxq/ulPSrM9Ir4YY2bQAtOhErD7YYvEXkRNZT1/vfVtK1bSmKs80MEdripw88G7TU5juxASKc35TN7UUUIUqDunK4XRit5KqUBc1e0fnbvO4tRELBbXjklA7H56QrVdWTbKt/radDu/rUPNKQ4o+4nxqAnYuJERg8/XI3WtzN8AlZflZngG0bWnNtEvchPxGHB+ZeBvUoK4OuZqRwhfIStNA7VQY2oZAzMdykKG+Bo3d7y41uhL+wy1afc8X1qPnKQGWeqHOzs5c2HQzeQt4z5ogVJArmwP0dEFyVPQ7knpN6kTlVNodFTW92u1eVSwX7OTGAnmd8kvW/w03tSqm5X6wQ4cchYmajky8UXFCymYkOJROgdGo37419fJUnMOK91PlRw0HDt7fD2cVgb+vjLabeXWtd7mTUTin7+cAuuaW+OZEuYJpBXc2Fd6zi2pBKo14eC+T+Yeosl2ZFtW/RrXl8sRVMYYuaeOMSMX3/luWofe2XVWGkJ4TBhjEluXZXWm4in1H1LZpxaB2fA4HOF3MCdpTNlfbLsR0fPPFA7QAP0TpsSl76WKw4ye0Rfljfte+RY4uUegw7Wjwx/hQzDNBQ/3Sxr7KWN/RXeKPdlBDup7xxizGD8SoZjV1qu3gQhcxvscYm3UJlXCw2znqILfSqPeEl6BEtS9js8VpVBcV7AIJl3iOZf2IfEoaG5FY9x9hLUHTxFvV7BtZ+6UmNkF6S0p6kR1G2V9GXWlzMMpIpHOx7wFLypt9iB5ocmcRivRl/fVVOGyJIfykBD5aIL5SjPleJUGmK6Ayr6GTJ9ARxq2mdGM4hPD1MndXtH3NxPrSNIymGo9KMlU25Ynmqkqn+iZoMl/y/JFwCLk9MLAcM7rH/Iz9Hnu4/+FbkGMikcFBMAz43QpuMrQFMMwmbbLc4ZQ+GqX2oZA1ZNirtVJRSZMkbBRTOVRg2K2aFXqF4FQwD4HQlxEE3/ucl78NPt+A1w8YCct2E6IET8sFCxlxDk17fmMd7BfeU5gzAThBbJ2ux+JcqSt61Hj2ZBxRkjIX4sfPRZL8hvPoQKKy6HVd9FCGALzaWf4+5aryvlJWPsxnJiiFmfT2ZLL3oY2g9erKrKxHldKTptq/pTPCpBEfa8UkFSTrPugcMZbimBdwZ+ZYZSpKAJFmbYkCVokk+x58YRNHkTBcyIpFI9z7vb4r3sM3lzGy92l8wDIQsDRVGs2fGfEw+/15xNOQJYlToMY+FgeiLljBWVoADYbMN9BYEuJn1uFUTPKbKLzbQ8jaheonv5KYT1zKkcHGklVvodoSOKU/+GNihIIIqkyFTbtl8Gc0eiGedtmUQstvh/0/e4/eX4X5RbXHif7XIlAJL/2eW03ApboOm9O4kFqSxinpgmZmVZ5g1z4vzqmaEToBdlTINw1w0dUSK4T/LfXErQ2MP8738h/nxru3jKBRqmvlaaRAyv2LqoTx2y37GgIpihXwPTZwOnfw8yWaU0k878iuXn2/9VigGEJvDFdkrVJfy0Lwv9GL5A8Hr0e3gsfMD1TB4TA6TUaa7iL6H0uQPi/AuXAUpeKzh4iWPjwri5tpPmjlkvI0bDE4NcZ+7LG5k7EXnEnIRtn+kDcSfooaaCWz7YX3laG4IRP1VYQvPP7QgumZclX8TtYkHPGeN4UhArDEpsjjz7xqANE4Rn+5rS2PB+FjeBGZJ/CDrdELx94hNXu9fKYGjkwnUdLL2+jwAGtr+HjZKhYEFo51sC1giiLgDoxleyZcbx8dr6NviqtYJOcG1OgdJ0DiYBRFsgZRFaMuxH7MfzGNGmycTvsrkzpsO4Hm/foGjRdh976mMegvftzsJi75VqRma2WSNbwFw69q6Iq73yGzV/8ylPkKMQrh7FelP87JW50CDR4GcYjiU08M5sgBlWicAtWENCsvgkQGQ++83zb9M9ve47S1cYsc/ORPrBy7OBjnO/E7pTfUSF+sqaKXEnMGH8/QVdGGrj8F8o2A3zOh8k+vyZTALrjOyKXPRcVZbQ745FoX2XaFUlZ8kBQoK/DkD//mhf8Pwi/GFIj0GuDBFWPy3Ky9PJQN2QPzX6J51OUWgEQpkZEyYCIihXYiktgzomeaNF9DWEE63KUwx2U+4n7MYs5eI+lU60mFXgzK0TWd2ea5LYqR3lM+nEzoz+4lbvOy3vT9eXjHAj5rlE1U+rxhLicHu14NnnI4ZVSA3XaxXKx8Qw3EQtfqyl24jNcEW2z+lA+klZ5i6kpBnXABhF9VZThWuYABViGDCB6Xq+vv13mEeB14YPf7j4ezaL68NckJojYMg4ngZhlu/wH+BUr0w5o7gEN0O/nMf4CqV3ZDMxzkXa43GImew6yHfxTVOS/K0U6L/BPnlZ3ghF0mJB29j6oYR71ofyiBcFG1Hd052lFSVeY6xRQwO8H2j6B3HruHH4l75JgyGAC0Qe8RUtQCAeY+hDRz4w2kmdztiCn5yOZ0nnVziM9nYgtAZIr2HoKSXo5XD9oAzMdhMY0U3rOwaLKhahf35zPdZ1CPu2Q6IRsTTKi72BwaguOy9x9TWzlfYzzPJfrTxT3Vl9Xmm+VavuUKlok36dqiRJxI9scTRvi4AImJIEEP+NmqYpYPvV+Qn7mjcKN1IQN/jeDWNyIhihJ5z4tB3UjqDoFRd3xe6MmuJgjktLq8w4ohtvAL8tmWOFi50EWbi+zMZsP5Lj8IUEQT+cbyoJe+FtRVS1ULTEpZHMBVXW0YUpjmAwlLsJiGlW7MbT9hOzmEQaz46V8eLnPL7HtWqmYHPExtn4+eeXs6v8rBJE2sYKA81BryfhyBcpAb/uKcR7b9MmZuhyqOOLscwyy573P85k+mTVRBoTn0H2uElx2qX5Uxbh2C5jgqFvCLloAmxqF1fIYtVq4v/xk+Q9IJClWoIS/RtIy2IDWyvn8N5BVqwIIEEhX5wHuIoeG3jypo4n9IEwdx38wbCxHRBVH/4qpyr15IFpae7lRRbVOticLinIbOCRr6k0L2kjb56HbSj9LF2C0YkeJ9jXC+sn0vihSP0ZsA/yPdoGZh07pPc/0tzNrwNiEEOa/7D93TnEcLeMgqEhl8IFc0IiCQqocJTsfG3TUgfByutDAac4FrWiPv+dxZEV+75Z8b6Y2pQqkYjQ6bN9tkN+1qUemG2fPgaMYb8ZHZ9RmIUDS+0ByvO1MNt4ki0o3e4I/jdEjrHBuRVmtv+1d15+q/vzFXxR0Oh0EEja5OmGY9gJF4DVo/C5+b40kFCha7nXQV3ma6u8UmvLlc1FfsAidewjRwrGkHsOgL4VcOgAf/P6FodXXcViRe0ZGg1S+YuZyMgxwiwrROuXZiSoMDhtBAa6Z+Fg3XUATZ7/n0NnNNHdg8O8qGKD4D5NuKVm68w59ZcotT74iQf9fMieQB70tCtIYZjFJC/5oibe8EiZbTsAi8Jdl+NUANocSr073RIgV1v3Oc1EmPEsGabKnzPMeXJ+RdyNldXgoLg6t3aIM7U7UCNEXPRBon4pZZhuJEqE81QNHHAnOZ6G/LrL70lHHUd/Eo0cG6DVveD2DfeQmKS4BsvSlMlc9nOUXVWtO6a+Kr/qq3aIwOKKXTvZJN1POONvUwkHd3fNxIH/MnyEt+OIkBI+nvUVmKCwql8t1aDWmxWfW+Zfcn9hWfBdyXOhCaIXyYmZjXEL9TueUMdx4APR5j6qrjR7AQurXb1aACUBuOx6kUuhWd/JeHrysocZYoh740llV3wZEpT+yKi/ccrLcsRoX01XcvwJh7kEyUmDEzVYTsr7foggqxrogx7Czz80loN8x+FOhXDuG8iSMZwPUJu4JJoqKqY4f74g5iIeA4h0n0TuhbRd4dRff/ZgU9FlIw0UNbEP3xfHEv9k4is5/KWpB1o2Vagudemw0OtzqQrevsAEmYTVcBPyE6kdAgJVbfwtUDECvvdeLwgzBYHJJ35tjLwEFz6PI5GdPrj1QzKTBRzDQ1PhhxQlCZxDynRmJlfRSyGdh/2CJeSeWvQ9gTJ/DmLI96eQ66h7bZp2Cwp239tOfAwy71/uxP2HrFCUFNpY11HaCzHSTjzv7B9G7AxSp7E0ToKw+bDcub8/SHxegj2gmEKY1bciBOBoYO8XLP5sZ4Uh+j3yLoqtWZFmd+6VjXJSCCe5tnuTp1dyMSZFrU0bh4o+uGp2oC2/n5RiYeFSoup87E6OJKjGZdZNc2Ch/D3R4eZ5gZxGq0sD/M3Mwuq2vJjBOIeGEO7AruFkAsgHNr4caBEZQhLs/sWnH6W2rd1IzXpajXXZvcL0vZrcF2Ut+tdwT7v/q6B07f9A+8ia6UNHyuIr9K+Ck5+LomFWeu0oBAIZmOnEzW37QpPaiLdIlxhtfC7eHxdlvPRcThDF8s1zDflF49YsE3L+k2cLP2adCczcGE/xTc3Hx2BA1EcExSAEZ06jNZm49dl3HMmpJxg+1LgsF9e4N/7SaAY4T5/52lD25MXktbKchygmebXsO3nyA9POVgVbLzJesb3pG4tuVb9TAplufWW8yWo9Dp4Tmx/E9JXRlYf4bqPv16+7FU5duBGo2zgSC81MpKJffvwtMcEXH1lanQPkVwUMaIjNeXeS1V4xrcML/7WhWYXQXa+D8rZWnXn2jIrlmRkMfeIV/cPuoniSiSmEQsLZNcXICwhNEQRBNm3bHpLjHnwNzh3mvgn6Op5CKT9JIBTfzfnM40sLTyx7Ep2tRg1uNKamjiE/AvYMwmHT/2lya1vNyXdaVcM27LgBFyNDZaGEDup7SprzXBnpWNrHZFJxHTzsGLzoBOx3lBjItK84QUDkr8iWTpkRCL3zz2TkxuLN3jeWcDYqkyo2zTSKTm4N0ahnJjBwB6utAnhTOsXMGy4cA7fBLVUKPZfPQa2YYZQNyIej5Agz1RldmcHQk2z3mITWwLq1hpI7f9pu3YpjAHDzWov0eyQc38VYulRu4gcgTVK9kG8OjnthfIfqyI17mBZ55bZfozJfgVvm9XCbum9jb9f/uSeY6e/c+kroN9s0mqYjU2wfc2hQ2Zxs9lN/NyxCXmbulHMnM6U8AIXZqJimz7L8+Xpf2eV3Du4ssVl2guDsW14EOXFs48f3ogGeewD9XC36FyKc1MogqBb9PHzr5IclvyHAR8uhDC9Ay2ClNJFvProZtcpqoj/CC8RYdtFIKtTodHnsGJKPJhNabehANKpIUr0IOOk6AuEFzVOQeU4S8fRS5u6xFKjFAt+8Rqm5YwYnzbUvLimzsUf4UP8GCWj9pra1Il8zQiTu7MvIVqU270Hh8KlhjT4c+JJbenbusQscEpuBoM9xoLsHIO5fXt7+Kg61OO3i5St+rkAhB5CxbSXJ8mTW2riedUEMV9QVLCu0s/dOEG5C/cbzmPQT1mfs28qQ/HVmH08dEY53aaEAJXBKifhvkFD7Qg/0eiELdh7/EcXmF6KOKPAzwNnoYMyLilp19DelBQTRFbHTIGRzXYIR5CB+2bNDhRS+xHAskUhnzDpSjZ7Fe45/pfjLybFerQndHrEJ9k6oq2cZc1/JaCKkS//5Q8ZQped2YWIyasJMjzoASf4uK+qBPL/YHx1YlAb+FqFPoA3jSaWWYtK41PuzgR666l3yV6hHf9lrkVeAYzk+NSeI/okSX3byCTtB7AhiryEmkQpfkHaZBKCiibI2UgHwdSiy3CMFtzTluX+EL0ZJ0ia6tYadTez+fEXCe37OawHR9OOFrt7Ghbh8mTwACKW2uMzMPoILOi8YcxgGcuj7n8DbkOfEzYvVOu+vLjI4SlSEkr+KJKH2Ll8V2pkvTHEMr+VXVezwnj03a7+2vIBurQdfyMVVkdg03aGClq2c+3Hsv2SVsY3TosSM9DFb20Gg6vTh3HKs3KfBV10clFvcg9oFse8B+3NWJDejXq4T/VszGZLohVGA2An2A49LtUoSnF2hI0oQhtVEf2ahztta1sBCFNcd6UzvV5bl51wHKDF9vYH6o5BO9hYf4NSxV+peZX90D6X6l60s7buKwxNPn8ZXPIRbbGcQTVN1xvlLy1aNvobyYp4Nny14Pz67bsitmF3FTod4joGU+YvsjWOPu+gEZo/f4wXvcjdmWIWgP1lV85HAsR96Mj2fzwx/Dhvq9Tbkwz4vWM8idVmW3fjH1ddTirXekkgSRcUq4SorK0uZS9Nl35xuSdGDg0/nlNBJRg/DVU4kQH1ikiNUdICYkg7MaYskOGih8/UwHDtiS8OP/T+TxyqmOc9CNo1Qkqmjl5jRFq5oY++vyi89Gbl2SE4Qkal/0QNK02gmWv6az6xWBIyBXekQ+zqDwxFaOIGq9ewvSRWPvaWvyjOTNRWrtmp7W9nYKYHTGUyupufAiR+ySr2L2g3p8P7wSWMHhkgOebq+dw2X7Nf6UhSFkbnxRG2ZbsijL3B9ge4YAUa2F3982/oBvJXrWnmEEyjWXP6cQMjNAXQxoQ6fIeIf+ZJ6yXCGyPlQ2/UES1Fj9Wyt6feSS/yPAltTvBIZEXqZ9BqBwZezUPgiznVYG3L/LGcpmr3fJMDiWhLMR2AaZqjCcnEX334Xiz9XhVJHeYdwlrQDJrGvwDHqmUB5uMc4Q7oyN1N+roQg0/rgFLVBuhao4QMVHEQM7V0UhaLe9rAww/npISLWs3zbZgN7zsJUcrPFvujed8ewAdHOdt0NXpXf1BqyWpl1zmj1lPJofu+GNcgCu/LRBw3jcKMg72IL6TuCpubYGq2VeKqWu0Ff2cXqRZyf1d+cuNn+mxjzwa1KzEJ8lygw1kEQGZWnHR4IlP3bkRn9LqpMRhrp6X5fPKUKFkSt67Pwd27EBpntzsvgj5fBg8AhfY1Q6nibOiJoWtfYXDoGTykjGZYNk322tVcMuII9mOaFrYGR5TAzPwDzy9pL6u8eek3NcEe8o3879QdsgtocIgQGI25q8vGSc1crUCHgflR9ibjmFoaz8pU8YodL6IO1lpx7QoT6xkdern88CHHfSqO66PwBcRsPwp9is0wT6MVfvWfL9f7Lpy1wKooPwVrApIs+5fUZWdqnOKzxhZMoucFM5oESxZr9jeXOIMhrvpPPuugWJ7dx8u3r+UK9z8tIpjZz841YYNR2uFUlUn+wdsIiAFoRzFJgVd65XeVlc37RbPjnb5APCCbdcYRxXuFn9eoDeMCQmZQJNgRRafBotjfy6aTqhAk5ntf5zkYc4DYwZJF8o7o5IjtnT3Cvjh6rQxV7XblAExlErsZQ7q55YAWN5ar87qSJQw7Yr/1TBvMy4nRC6J5FpyM3D8TX1UbeQ8/jO7bpOAp/QkjOIRKBEKsAERRe6vDJQmKocXEAL5rkTT/bs496AfmNVJ+h2VNR5tRLkSKzUEFMCxUYg/JT/gT+MAnxQj3ZeyXNz95R0mkd5kExOQj8oRzxJE+UGV9z8wJ6ETuXh3W1fJaX3XPI4oXAY2xAZgTDfCiu+RbokC8ApcPHdY7OD6AMEB0UZqQGoQ3IgWGevJTdsNKlYUoqB2DmGAaI6NzpXEzM+mciRUH+2lX0Xa+OW906Pv0ffObJiWiRVJ3fAYI7aiu+Psi1EFSLZWWR2Fn/OmEJ7s+IFy+epO85u5VPfxoi+3Ogso1zKfcKHIAX3P7EbTaOy+8DgFFXd6kSMaBams+iqg5ftpX4jKt/xRukHjf7Fl9n8O4SsKNNsqxvhfGxhsTelV1368sv8a7jPu4zc0CS24g6OAg0LBJxcXyPXfwv02KKYgkgxHP9tmPtOcaqCYrSlJp80U/BNU1K3jZKxnscV4BrB2yhrIlFHeaDpN0jY7SS0uW7Db8vZeTEHZNXtBQBndfcUNDTqdg0pHu/I1AUiNG+rMyByMNA6pHDT4rU/OP/go4sY91oA9c+iSJ3x6iQv2SnwX0aePP9MlBeGwSBfhT2KjaVYR8MynWM1AMU64y7CE+km+Jv3FHFiwDA/X6W0veyKICAvJxdGGDZy6JaYz78Z8RTH/IN/7arTxRG4iVWitZVkf56nAFbh9J/zxrARrRV7naaX7+X741V+f+BvigQxWEe7W9yQUHT1vW+RwaabOXz/A1FEyB25lQs93q29EfeUn4ZnX3tWoQNmHALub3xaOvCv4l1jeLAM5wCTlR7IBdtXr7Ze2nevzoPMjihP2DC5zVsXhQsO6ztxexg7esSO/X7KfO8ERzntrjrJIiXmyL+ZKB0ZLFrmO6It1LvshwJhnGycXSxWZgDfQgEoFfBqG0NRHOMJE3J5rT+y7r9zR/C/hIvwXLMSb5//FyD3vV/z3JINpVsNQ+xWncu3M8HJ9WbAQmmVfbdfrtKalBvxMSp3ZPcFKrHkiVA7EqCkm7RbKUu7I8032Gnp+mnbZ+R1WkUWRTTnd9FZB4rt7lRyKjbwvGXPr/Ikh8gAlDuL4U0lm7Oe/WDARNNglwzUz73/U+EImnWxl58GXIYqmAyPdOhC1Bf4bIWR1yV/35O0JnrJrQ7q0OgeIXjuiSTLF41ceff92EyFH15s2V/kLFmteIv93WPMxwj8wG2l69ZihlbcdlaC0qL9MF72hK2PaL0qp+VRZkJ6nvAZ+cp9UwMgbB9nxe/ncgX5cNQcLz8dnirtdeIC4BONShu8jKoeTD244BrZBMdceG5Olv6OdfkfvPn2Aw3BIuzjp4S4C822SQtXgkqk5w9G+epygmPko/0oCsEL8uYgQN1WV37yuq3J0Llj3QLYbuxYHQHI4xTaQa+vC4xaNgRrLE/QB3G6MfgDFRre3LaTDgweJhxP/Dn+UB+Y3w8VRPtIHsX89qLQ/tOHpHRXCetZeWAdX2+LMJ5ZVtIwL90/teiohNs8nfxjTKRdIbFiMUYv5deogT+V3txYn3ppBRL8KPIAQ0bmP/0jP2221GrOlZAZbkhek9mztd9hMbdg477SpVtP+kdxmKVcbOdUInLSaAmmmpWoZZcramg1pVhFyuASTgL7sQUnD/8tdnRdMP/fQiCWqXBTpnrzi80GDszLewi4nXjBxCC4f69nAyryUVhoP6gXfwP9zux/J7h9zd6DA3wNVwWGx2e5ymf8/x7M3HfMwapSI8a5rpvsm5vw5iNyjiJ8v962iWv+Y+4fmHZ96Lre/ZaKt0+JooR5VZF8GsECHRT8UGxUc+cPU77IOrRpx8H1ixr+Rvx5+ZZ6adMqg/YAakKKH9gjo03lZvaGkRlfiANQ7Mn7/QBTNRrO8Q8PXgpNhNRGtJ/HRy09mOUfprD5/PJi5++Zgu6RPv3yfdX8GbYs6CX3cKxp9GaXGs25y1ioqso+Ve0xJSGvA899N7FPgejhA1zPv01A0P9OkFkfWvDN00L968Snj8okEwELNI7TGyFj9Aip9D8ol691PeHc9YeywINJ/hSBwWdDIYWuGLchnlRZnvHmjrkgnx3VV6lODvvFER72I8R8wMZ+Uta1YH+hIwLUR/rUJTYs7/2oNaX1M6642lCTYTz53EtpXTvjGVoqDNe03OACbaCha3giiXaucR8akAfIKk20xaX8fZK7XI8ysDrL1d8yX746AmLky9mHwPuO6VNUYZoG2+H69q8L6zl30tXKcCn2V0P1DLpTxbqt28IiOsd6j85AYmRoihpsqafn63+6ts4WmVGn/PL60jtR/BlVywHxLc18bUagedVYGfxO1hSUjRAMyTSIrPFv85fPyGxGI5WvdfhSn3ePtTSQhQfUnsJAjCM+cpH3uo6i0xlgUHbwNv8q1KXoWvAOoYhcDgm/jEZAZEOSPadho/3QD2dDLagIuzw3ECdvkTJD1zuj51WOVfNeHRl6q9w5Raacz4qIrbpDNa0Xiv6iZ+L/t0b255XLI6LfcsciN+fJX1P3sJiRqVbiXjCwk7m8+wnryMNtR7s9Fk2jr1vUY/OXpnx6pcosywRBD1sPdPzAf9oxY6j0ANqPM6IetXCeGqQA+tOLI57qIZDoAwIhePDg/UWsQE2KJvurtpunvuoXYLO0wV0FkH0oHuC2uN7+fo1H8MJC/gYHyrmeZj1LvbFYhgJ4EdVaw3V6kViEcQecnT/g+9Cr7SjiSJFWIJhlq6z6TskcIbi1HJh3Nf1qc8TgC7nMLiaChvF9Id0R7PjFWnTrpQPib4eRIt1zcsFfjN2MQr22NAXFTHNu3azqE9JbHtpmqwjvkKN1fopS7wxyPRGEdmkX0OgYfr8C4bOJFGz7kuzloVF1B3Qv4XTvXPc63zd9LxUAboIlxmbGjbw2BBRiYbvLwqYp/PfML9yIIQbsoMFJvV/EvqQrwqczJoovgFSCRPhDrn0iYuUzkJn/IpWcF1+V4nm4clrhxDjvE6+D6NC84NIq5/NTlVfuiq+prP4w9jLcmeDMa37SLnugdq5mjNA78am44wfstl+35JwhuvHKIRP+4M+yOKv9xgd06ESPFo6M3yQ/ExN1sB1cQrL/eHxDwQVDSxrPIvdpnRdJxlsWEl2NbRSMYbvpwIt8EffVyFJWrzB9PSrR0fzTxs/xUohPQGzARlAG+fshykr6bJMU6t2vwYeG6f+b26eQYnb+33iZJf+ehCH3csV1FSIFG6N6pyXYqhrpmyImr7qi058gvF17k2dLDnnjIOf1PAzxazTrpKufy466MaEjCINMMEi58/uEHhd25/47Cb1L575Hmk65aJwoGbH2+jui+tgbKL5LLI0MaNvpAarsqrFtkNWVTA83r/FB38OBq1AZglx0bJBICQ5CrHz4b0u/pzkzCtpvQY/9pO9GMU0wxeTPdTN6l3e4hdiAFt9U+KKqF9uwnGi/gsygxBaeLa/PaLdZ4FPWiDYHaxy3QVaRg7qE9FyaY12Yzbdn/TZstEbMmz8qjM+R0lgicX/rYrv+YORaK+J8S8Y9oN2SkJ736iq2DC8LepAjX4TSibeX8Wqg2n1rrpfi4caiag+z3C9Ou8saxXTbpNP7w5IC9uY5IvZBhnnfzReDfPtPxqdXxshRY3jlMcI/a++yDCEX+Q/wXJ9gD8uwS3GX19PBe8D3qqg+Y63fLujUyJvY8dR/R2hjP9OAT/+Hqutv9wPTgjpbKnX7g30SEgfJnT+EBY9SZaLpjqUrsryRIpCDM5NZLYT3/k0vdJqj8TauVCn1BncK0QoqInfosuFy6zVYqKC16CSqg4G4AyjS9GxbavUjZZU7ECLIWeddZge+9Msq4uGceCUUW6ME+b7Mnh7VbhAejQkiUDdCh2ADw50TgptAU4HboFEOKFTvhYg/ypzzASLv9gb8vL/Jd/D3NrkvzlCgCqYYoPrCE7XL6jo2vjreEL+M+kbZ+/HmAV14v6G+FI0a/MgUPc46wwKMTJb6aJPAUyqCGLXGG+BO/c6xZnl15ngoHKEilEXo77fojAkuTyeyz6vXntAVbbglHlK1jGhVthPE8lpN93TzuuHeio8ynd8FlOwJ4FIcfLld53bZy9mUWx5PCMBvs7MnAQba4j0pAaYg85BenZT86l9CgY0o9ZkOVwMVHoVf8gMiYpXSDCkjk6uQIU2vqIuPhZWZHwdGIooX4OibdFjZTUWqAjzxT5j+tLLcThOc8iv9RlG0YfYiISMK90nDlYfhCOGqPkZnPL3HFb7uub3V+eQCwPkg5kMeS9uzK+BCYKDL9qJ/970epIrXkkuJT0HTdujLB8YpJ4V9leuBwhcvdbQF9O/Mjv2ubOmDjzqXL8flJav/RWWMA1S+a/J6h8DYnDP7cMeM79ZZp1fOxG6FW7+XjNszJXfSCj5/ayYQhusmMjbubMDPWzw5AWFlsshkmaSHi4lxNcSrf8qPqG/t8+cnLxGsrkzVExJu9GE9bK9yBX0+oskaJZsBcXXr3GkUubGahgbaELOBzmVcw9BHdEHPE9hav1bqkn6ehaYQrvTBScNDmL51fFDWcjBznelWFhm4AWCokT8X2VC4otd/uoQ+v/97w1GJC/C24PzUDwo6gkeNf4glpO3Il3VnDTNCsjoRB9CtuaPX29ODQfbNicEjBTAU89b+Hqc+vCRWdm+sM0IvE1/BrTkV8m5VdKM2eSv796gSuh06Cpwbvfh5JeaAdp+W06R4J8LGAh3IPAPfv39tAheXROOpGya+a8zItYRqijR43GTW29e+J2VoL+y+I1ueVjPI7Q/u678X1gcPXQ9eUrLEf7YFT1hx7cwYxktRM9xZHNp40l5JX9+0fE8E8QjFQ2CAtRtxbOlfYcwKF7RkBilKQqcAQ99C3PptqZN5+DfZN3Tys5lhrXnFv1zyFtLZzmGjD49WPZDbs/2Yp+W+0v44d8yVf4c06YykZp/YFjAKIqqfngBphwL31IkSr1Ohsyd4u/Lfu8tXHanaR68vrK/PiQR8L9YRopH2r7aIV4TVcV6uqh6DYJcJrW+KLVxPsFmIbvHEyEY0HfH5wqhKHXn+Xt18zy1cZ/eRFKU2gt6eR0niL+afmDaac5pZ2N0quGXOVmXQaCeTahUw85RtE5Q2JsaJ/ib7Xsim8CSmEAFqllxWCvHPILSVrW5wH1y4mn1SvGLOxWG0lRYkRFRk5hL/700k9ZSX6M99NPcryu1LK+JD5FBiS5qqNqCpjC2/ZkulPt+MC3J3W/LCwz3X5y6diC+vqPGqEQn/8vMvwwJnQD5VCXEHG3vIe6/1wn2vm6nISLnesQ/WstuB9q9yCXRpeZlpOAqjqCAg7ZTHcS0x9bX+p+raZ/5jq0jDFHqw6ZtcBzkIkBVnvPfkFrrVaamU3edL2hUZggcxVkMFzha17AljW1wTcAyYHbw+oqT0wGxY+omCdYCjJsRsr95o69nz49n0yNsDaO7WX+3eFJfQ3SPaA1eg00+jzuXA3R1+vRys7hk9e3h7mEbRgl1Gf3h0YZyqEgcoH93J4hbEX23sJg3OIogZteDFxsTupIoO3v98gS4Ee/BBg2Omgv5YmpgrZon/VgOttuI/qjH/f18EelWxydIv0+IZFlocI2DLTpIZ1SIsnQ6g01Xhwf1UsZWxjWWNWCtxcjLSRGpbDhORh4ggrRUknVnxohk9XPM2uzlXzsDAUJqhHX5TMzcgH3ZX4d/qMB7L2r/fegfLjpUPmZ9GOQLMFPw3GRVzob7LYxW9XHwtmo6iZOfpM/k3ATWHOQ/+S66gGop228YZMNksaz60iA/BOdlGXs4CGNHdPzBfl3seLT0d02fq3t9X0pGxIhufdCl6BmC2kChWhuP7NCM5et+MtwHmboA4kTueDy1krKynH72CKUADvwHa4Y+VF8szwy+/osc8cH/BwCKgnOiDwd6ycDwSQFufFyte6Ua4QJNoPIYhpXNV6u4reKXoTQwO8xvM05n0Ir2rzpT39ZBGEEftBAd4YruaHmkw3GcVlaaRhgfqth8Q3f7sMSGkR46XGpM3KN+WeVl7Ce9eUz3qjbysvQpR3nZMhPp/loIS6nNDMwGdRuVKPYiCqzQR7nyGOiV/Pd6kw7tLetC01A7KmjhfdWVBbmkvdh4YoNScUuWLfXhG4T9ewNlBbYVx5A+OcJVzxoZIulpZQVFca3c45fvd5kfijHJTNoIK1ccokuHjwj0V5Q56QTHKRaNg3G0lKnNPasozPbp5b/U4YHdF0hNZN/PzhwLXYyMG20e64mz6Z20LGn46JUZ+XspEfyuLJX01C5uAanuyN15yfSKpSqT9qD5w7r8K/GZnEev4rW42yLCwNmX7HDQENAJsY6YmD5joYdIRhBpAnXqXBGW2+g8Mr8V4DUDPjIKi6qwgrvan6Mir9Fj8IiKBeTE319i0vND5XRsH6FuEhRIsCauWCXWxBAc3tJMrNcnIW7ZM+JrGPsTtsufMIF41i5XzHi1ZP0VDLr/UnowaR2crKj96MGxZRB2CZE6jdaeFD+H2a7AUP8I0fzTcyozPiIok3GdjEE/S1oOiV9T5BJM2vSpWHNl/14c4xW3OBOfBmIwGd+b2N5VpMg5ys+IBT7k0XeTwGKe1fDSuaygHi++BqMJVEdrJnLR/ObrOvSuxsjdBFu6PLT0jFLQIV2epx4kcqOE0eZrVtFfYNMvOUQ4yOM0Uc9oWehEr4+CLYJ0VYZhsNyhkSeapELlVnFEkpwWR/YY/qLnLpwCCNBqBbyOyBKcR5k6qrZvw2BVr+cFkJKtVEtl2jLlWli+V+K3LbWEH1OibPnHLgJiOelzShzgG5bAFoTz0yTnhVHGLOauS+U15ETRaqJdVmPVs18euFOOHrn1q6xO/zdFi2/LcKG+Y4cOZ1N3KyL4Wha0MKjvuw9/mQFoFJi2D7Si7FvX700ROQaPfDWycvAIP4MMFOk8TZIbUvIhaYs4om9GKjfe1q7QxUWo3nak+LJr8+iGjrxayzueMoi8Bzz62yskkP5qQAwOIR5RvGAD/sx2iiE/nLNANgLRpvC9w0lJqB+kYNXRn2fLTe3XRHoUU18URzXby9AaPvzXRwQzlH68Tgwa0M9DGCbqeJMmse2LeRi5HYl5PmYHCn7USjjt9VJrqYYkqxhzha+dj8bu599rZUikn35X3s/mqnW0Pl5q7o8LNBs7KR5Rl+MLHuwVUG3pD68Y09RBN9txcm5ymAr5oSeEgpwmqyeIbgzM4+t5teyfi99GCH6e21gKSwKCvuCfDzdxzhUfsfG5nDwp7sGjQSEtjhZE+P2NyVmRA+t9lTJUaGVC7duEUw5gkRa+4Dy7SmrCXDZqtuIoic2KNqoUsc0DovTlYuGISuWvQNi/oZT7OuaQsQAzXFQteaCDUkB9ASR+v3j4FXUsjZD1eEBW4uG+F2kSZFCmx/Dn80ZMuJ/iifzsmuexdnJrro9ZvddFOa7vF4IPrH0Xqll/L2TpjWwFi+D7lMioO5FPEdZiPDmN5NDMQ5OlI6UK9dVYobrBMnVI89wE+4QulvESsaD6h+WoH0q6aeX8VRGSBjfU1CvctmUG+5KAdBubIf08DXfgXn9AprKHUE+56r6RFfWJSPYGSneog0TxuNupXQWCfUBdZ+OsKJirRjdsO0FpzGXEhDLSocl31uXfnjLAtOVc+6P6AP4UuPUvci9ELUpOCD11k5P+luTTkFS1rkehE+86qXEOZfxEzNenZYucLFJ3PlFmxSjwpqYTlPtibBhWCnHINS8nsWUM4nLPZyxI8Xa+VawIRBYZ2ki05duko9vDOyYL+KA9HmUUyk09v6AcUA244gGgMc4j9SMeQIbbNB+dO5IPVSvL0WSuD8M58t0z9zmN+PN7ZmUCJioTPrc4fjbo/AB7AIrIhaMDh2wktoH/3g0EdMfQEsOR8pMhH22z4J/DCWalMfygN8uJO3BGVuk/3KbaIK/uxxwmK9pPwaj5AicFPsokZ1dGytIWY0Jb0W5KbqJ84etrTcW/Cmz4B6oE/UfAkwqkfmNXlGd2T7Dmt3X3omppXmgRhecezrcOSF24RI7VtgTZ1c8lcZpvP1ir2wi0zD+lmtMoceJ/76PkMNJCa+V4y4vOgq94vJJDQi/6iEwxiuqtVCdQUCvU+jbDAbGxhogWnDupglxuYHG0FQ6TFKFAn5bm1zBLIsL+X7tCOuBYATmXwgrm3tKEi4iXvRmP0xUGLyoST9dW11ON6uoymo56YXc/S6OnWiv21Nin+JLOyM5UMIxBoKJl/i6oOgz1FmwP/+9YGYKmaR8+naID5Tt3YLA7HL9sgtLj+LQmvRpoh51GlkvyvlGGpSxpg7u1+DtVch8IIA2BBJPUkgvIOhO8MSFpBcojsN1F7Etfs+OgJD8Jf9B7ikGREPcLjwSASDOVLGE8Zqyr6ph6gDVa6vDV0aXPoja6nPjSut7qg1855AY1pyWQmqudcacd1Vvl0PIoiyU1tkKGLQvsRIFAjeZO+DQpJhctddJPE+u8vlJxhp+ilfzsCLL6eMAPfjXa0WptcJoUmf/uZ57nDxBvaYQ+O87P89d0/koKKo0A1orKe21DpeIZXaEmsIR72RKPGrzazmir0AxOeK9SA7MNIrndsnqeRpjnBHYGtfXFsVrPoXYXljbk72TUOLb0Fxe0SN5Hl4/sSoN0VepUDNNPBnOyhWI9CxstfJos54tL2cKgXQ7CdX6Rv5OB1srE9n6WipfCBFkjeKwxulvyh88Mu+O9bNGengMucBzrHbf2jFiuIJjQ2GgAG5qg3RXRe6OC/TROeTR+mDeJfAOmDUXvOlmLbh1/DO/mPTJV1GmaixGRNxyQ6a2KPUPmI92sOP5rCfqShi3k4NMzEzONMuhQDvnZkLCvbgvTL4gMjqIM9FUX2fJ0GTGW2hs6MzFcLEmhx0W/KRFifL8MXU+LgJECcKsSR7fkczMvP94rl0Ddfz+axYq84l0VAELHWMBrBcJR2RARVh1NHGywd2qumfdxlRC8kZ7dEAi4Rc3h3drnh9dBw+4+zWnGlIJsez7v3R3YpaCb49+c9z1ToZEMQ+rlqthhJ4bzAYQ0/uYKQo+bXCUP2RWoHxiYLyo4Bxe78mTt19n7AOeBLKagAi7KgDTTX6uVseiVoc/1+q9wgb0uY3eFOnTrOjem7tGbjm55/Ott2X+GbgMf+kQfbHFkmY/biHiAhYB/X5Rsfl/JA9gfubsRBFg2k7KxLSQdtlIUx9hpq2VjlKl0V6erQEGJj2y08uNbHp3Ohcrh+RZtIAM8Pm70/KCVOjOvm5/4Tj5lSFRzXY8/x/oEvu/lrOhvXoi1W9uKGptCIc8rhYoAO6r35ksSGW8zXStW8dKAdxMcEvnFoRW6M3Sw2pBDUgIXvpq4RcckSG1MKD0UEeBuc7t5ML7BwxvJf8XttkVJIBR36pZu58RhucDCV0aaRIYy/NWwNEdGoRv4t6BnvSa7e95p9iu2qibLQ0PRmZf8jo3kPpnT664GK6dC9RxehF1YTKvymrSt4TnCUOuxh8XuMxB3e3jCBVUpdWLLQXLJxz1Q6MDr2YOEAhUjBKkmRTHacSTQY6OkZ4rlhiKbkG+YQ9RnKHppNnBOjZQaJWUv3wv19Ikg+OdHjdMyoPDMj3XloSINrO5qV2GLU8XrvPFLPZNal559rhbqGagH6hxfaV5jFNJyHpEZZvvL8aQ81tl+6P9S2fjAFx7kQ7HM2MawPaJZ6vjh0KckjWad7s9fbJ7vZFXpAKjAQa2fMM22nZWVj2N3Wq1bd+qua61ihnLpjmDcDwGvHjPw8NP906VKFSC6qYutyAV/LeP4SCMyvRux/IzST0YtqgMZm0HOlmcn3/UaXw/qyiwe/jVelc4ihvedvJgRoAcGagNT2sszpZnK5cml0/xqsYJ5Z63ZAWHu7TOBxkvVBV8g5rfhBM/v0v49h2T8mNPa+f5juVnlsRWyHzC5OfWrCX8FlJZijC9e41LoUYEBN1wjrZGYAsEYstzlhB9kTS6auakyZ3UZ5dHattRozvR9/UQuGFu4KJOjYkJJ7y/eIXCFAuk612Ukt2XXQnJx+fw9mMJdFi61Lh19bq/r181wbn4yr42ukeavgp2ZiO+dzQRMe4LfB3fcUZwVvviyN7ogcFhyGpS4oK/r7xlOZVZWMkqC5BMK/8Gc7UXfCJkfn/PbqSFVVz+2RbSIzrVt9L6FxVlgrKBQ3HH2EI12jWeMxNWznrSf+c/pMbfcPiyOcnX2DBdSoFFzpa4vnnSMeHG5rPrxMf7mgJRcGHwWDtjyMvIx9y6hLwT8VxDYPxegYw+VWRYOYUpDS0sizeIrgiejr1UqVHR8OUHopfUhA52q2gIJF/D+YivTnevVSj8ZzOV0vley2JBE2nGKJd6VLyyv5EJ8bcw8q9X2nkz+aS4DnxID+VUOTzKdTIDUzmLT1fflY3pyjMJawP4oF5pZSmmbfk/GorHvGOqR++KzdNYAvMu1XOUmQWzrQGOtNuIhMkCFyGeAhUwrgI23E+xPtkoR90AyhKH/mi9Bf6RQIjX2orrkPeEUysJv1P4UyTnbIC32fZbYugIBOzkCaZr9y/zB2Vtc73QG0YHoqoYKvhlShxMrZnoOTJjfi2yoyVikwhHIdRo2aTCS5xYvmoBKOYCumjqKgU6bGOq9Du+HbNlEU27wGon55422wQr6CtH44l2XAKUnCN6m9vNCxiPl5o5tz46z6Z+TGgYd6QJqBXfDNBb4MUsvis9qzJ7jsp7Os4K8YictJS/qFwb7oH+zbx08sl1BYRCi/GP5GliTNdIQyM6ZD5Tajkx74WczCOqUg5/wBX8DOt0kdForFz5eE0uRADxWKvFex9cSr6TJRB+srAiHNn5ag0ic03Y8R6peGalbto1K7wvTr3tGLGRPZOeXcZJXX0/wpSueyl7Knr+u9izJvRnONJfbFyy8nzqerPLdQWDoKiohmJWaUZ1pmHvAL5UTPBnL7LjDvq6pTC+6qWdl1rffzbCMCYsIeIyRpxB1/CnMqb1e/muKCbdbcgHAEd0Thj/iGytE+RwIt+rxZpWzgGkmI0sAy77XaZRVVv/DZb0oFzPwlrxvJee9+jLC6ZzByG8NkTbDs3zIkfVB7Go0s7xiMcz3x2qMHf7izTgt2xoRTfr6s/7+OssD1p1ydx4h1fbjYKdhmZl+NhuNoSZIddrhJQ0oqHLylN/vf59Q0w3eSlbFOjKr2PRfPP/CxKLczXoZ++BHxNKKbiTmeW7MXN+K/xuFQ5nbhLCsTFu6sP8Q69w+Xik8WGtl1kgnTbTXr2mqqroaQSukLBn4kuyKoUqytEZFZS4s/fki1kUzAgujDpuRm2L/tw9xFpOTXuVEChU7srV1DMi1CXC5b7HkX/TMk+iNDK4ybGUruqs4UNox8ZmpdpcfS8vSGKWroszdF454BE4ZZm5ABYwfM9C69Jx9Gyz4O9Yt0lDhqyOCiNbXgB5en81UltufG56JZlvWi+4RXrA0dBfzd70EfQV79qqIpCWDQwTVxhANQtEIeyh/08FFSwEPKIryS/3er4fqqV/Nr5sIRG4+Aq0UlfZRn5zMXw4vjKwAKgEnuio0IfBtW4aglqxttkVX7z0l9B+B7wtwV6MtMuj0bucWEtZ+In+caRNENUEWkeL+KFfMfyHy3e0PpCkZ5NP+7v6+sxxUcDlgx+/yaWK+N95+UdtpbfenQKS1J+CpHMxc6hmlQ1/L1RWB+zuPokmliWZJd74+SZE3a/vqF1ubWmeZX8BnsP7dsaTXmmXMMWy+jAAVf18WNg9M9Bgus8HaFqSqkFy3pY15/gZzX9VtMfoXeIXCyt6TmT5gStg8Kydw8J/D1tfAin98NGYeJdZWhWLt6mnOwJQFff+VY2v6iNy81EI/HrGkQsdl4+qVK1XlSDXLATesNucu5YtZ1QeMNGKYpEHqRrWhNBEBluZwXYZfr+2xfyhzidCVorgid7t8Wv1f8WSoTgL2PkV9ToMo7EWPf682gWSpkH1svfUsrhvVdill5l08qLL+O+ns9IOQW/MRYjMw7fcP6nNCNPT/15GXxOOOVBiIdYb++TXAjD4Qtz9rroL9xBpE77VsVn+J5o+md/NR50DH/x9779XrsJKkCf6aAnYfakBvHumN6L34Ri8akaI3v36ZOvdWV/ftAWYw3Yvu3XMAHUlUMhnpIr4wGUmTtjaBJ7Rte6gbtLPAPITC9HBTvMKy9/p6bIKvM1B7UVpdkig+l2kwC5F/a0M6pN2AKWG5FrjLQhtXZZOqvfXdrGUQ0XsfefDB3jqCcfPdI1Rxb7FE4an5wP3Q9ruO4xOUpnwrRJA1YuzKzon7GoEO9x1pACZcYVWxRE8Di+/J+KXVns1a3yhoMGNgWaOffkWHWMHsmrl208MYT2OpEU4QAdevF/mJybTe4sRlNC/AMCsDNXqXe6vxjdxgP1vEecmmW6usFpfMbE1j+OSnW415eJ+KIiYo7eyccTx9JuK/mZr4d0nga7TfehxaKzHNf4Lq1sq46iMlGjAACpzH8jsHU351NM/McvJ7DtqVsLG4AYxWOkEa1eQ2UnLZe9wCW8WL2vXHvPVIE+fa41P5Ti63Bj7Yqi4eT25jzq+1RpQCb3mE+OczBt4FhTOEkxu8pHY4DFZVj+4bT/BjNT1tqUWjjR827y151XG+4DLynvrmbInBA87gFUrtd1rXSBryfOMsRF683nKHXty9fgFQlxBPGTQLz2No2yYAYG02098H86HKIVa7T3fjL4W5gW/Rv5CaEVybZ1X9HTCPtSi56/Hp3XzA5mheuaR2j59h1fCqg/FAjSJGeQBoSZXB8Cae9DhOHzx8BUHSZ2J9ZTltBRikJyHOpczz1vcdpKSuoXp8IJE1EPftc+KWqt+8egBkgZCnPpnktUkFsh9zMFBvG7asJ150Df+h4+rUN1bTfyJ1xdJ97fdc6VtnL/JzwZMYfnrE3iMY8f6oXmNfucSyrmQuXoYsGrJxi2/NLeMuMMNsDAKWDtBUc9KRWvcoaCDqUxidrb6/9UNXVMKM5hxoHo4iyBsMWKFo78cwyKIDAr8diyMidTJz1PuoO5tZRV+3elZMxGsqg9afXjDXMh5ooHOLFOu7u1/SVlJq0qwl5he2PEvdDIrHODFC/TBIHlq+saEAdCCAnvKEgaPptZ2+GojK9N6oNtKJ1Mv5Zu7xYH0BDBqDxJzLR2nAZh4xaVqsp6gXavc6/3iCkWc/sMjIxK1rZEQkroLCdGa8xwySxbAMunM8EUBT/LC6TXg3PTrEBrC9yIC90Sh56dPPqhLhWaLnVqqa9nRhoMJVHUVlgIMf+NZiCJwhBQgamSTZN67EHB7NK8gmO1ADeiMv3ueBeiMJSAa9Goc6KMGVBkNe3uG9CoIAi0fA0sXKsYGXqHnwTCLJH4q2P9Kl7REScsrSwossXyh5HBSGBG3ox67okeR5WJkhRbMUU7mZ2BuNXlc2ECGMPtqFidHIhmVxIkAiI9ZvATt3O5zuTtJusPJez+MVxgTV9DJsEnkVHWptXeWWKfPi4fn7fAwbJ5fnxcZ9Vru52uTTSpviQR4MrmZcvLIIQP4dtok0CJPSl/qm0yIxeyfp50GcmqQjxNJAE1LgA5Dlq5kVTwxCvgkAHTS0vBMYVN0rfmhYyV44ddeU5bnxjZ+Kixib4SPZong19TQi817eK4SzNjBSRv/sCr6FzG05IcDQ9SBParDjtQvwomxdLdxd8/TYd8DdGh1PX8uQcBl7Ek93kDoXLjyEjLYKNj+IqWom+w1+J4wirdiMNttYSk4D9TTKdPssldBnfpjH6U/B64HGeP71GBfV6G2mLff4OiWzqtegj8vlOS/aBomBKBG5+ZFiA8ZultS4Y/8Bhm5rdg3n1rtmDpWZW2H4AOAPkNvVxvhJ01EQkqW9pjaWADt1Fdhgfz5M0TlDEb1N8N5ba1aKful9bNjK01hAoEBsfkapbyFLfERGGMgWagGh0NQCVN2KF0mGNDAJSnsXJ7JYKiBPk8gEJozTghtVMX0pSnkRELBXyIZBvnLLSjcU1ysKejE+HQbA5cDCUtB4ra60K5tNTLKy21CEpKTvXpndCjaOp3tKZW/Dv/iRvsdjn2O0ryNHFglS1+BbPR3VCLHGDyvNSEAoU9axaJneI349X+/o7CSy0685byhEGmk5/KQC2+ALTVJnQz0M1A98cabfukcHTgRUx6aaCPxt6kT+rtD12sFMxDNxSkA0/eH4gfikoTOuL4W5ESYrX9+Efp/6o/qbXL12YO+E08h+OW+Ne5ahhR/cMFHBAFkWkoJfrUFR56tITVdA2/5NF0z2jUjI8h2+YevcV6/61vjboLGdW2tdHu5nuOEpUL3tbH4mNYMcBBWUPplTxu5aOE8+rvmi/SAKXNcPFmzS4AJ2S+tkDOJjGph7gRhMMKPLC2medHoULy2M4y1BPiM0ea1t5jkxaIXHxzvPc+lMPnCKtAICuD75h9FpDWnVW7M5xNc5X2wZFHfA1tcmrnDyjmcFcXGioBm9kHeTE6hwIw54n8Xmuhb14wqCci940pdtYlMwTYCzjQOZPGJ3DaFAY6jqgbFTxQjsPTOS+putHTBW91AbYrblg+6DR6GvUJ0A/w2AMp9WgVqX956yS5dLvEgjmUyWjHPMkXG5eI8VUgf8cuuCbs7Gr0onmdBw7YB+l5qihw4d+8Gw547y7p8kMOuKE9hV/t0LbU+Xeuo81Sj1IsKML28obZ5XuTIUc9I+muldYyHw8n694FTyA9PcRsBkwhlwR7S+F3OZ9Y1qb8cq7g7qJBTLA+gDomWfD666EbBiMZoba+snCcX8fp4r3PAlHyW1ejyqylnFmBjGxwvronRJ00CQjVboEz8MmVsMIch5Pv9ITBgzWkpi+ea2p4mnHA1w8SvJKDPnx/jrfxNVzrJwppJrT4j1l/4SjjB+fEPDR00v7jYYn0vSiwP0QkNzXRs1GEE8GJ+K3kcXO+ij+m68xtb6PMKDxCOwMY/epvRNi3HFbGB5IJkPG16UyDsptKbX43nC+LeGIzPv1vzQazu+B5Xibr2gz7ci6nFuBL3lhUVdQGA//8BlRx2y97OkZ6tXC3lC9ScE7P1ySjzRPxjWHtKno3EOuC5pPHQU5M3b+gXmgwC9TVIoURIg6JCa6E1rU5fAe+y4cnVDpah/UAzDpKrrO+zNxgkhi8OJ82/A1VvkfCDhMWP0HPbd48I2OZBZXRj5heLhzy4LV8CSKiMMgfqg+HLZbKmEUa+q0Gx/vyxljWoorubsC7tYL13RZ+MNRXkVElahvbcnj2HkhnFogYJQ0XbgVOhykPdaJbotZR58nQFFk7mE95ufC4mRM8+H+0s/QvEZJZY3A/xjAn0LKS2EuOzMXDhCuQYBFaI9XbWDQpalYF6s0Lsi+2aKjFnHdychTxfuJDo7KHOaILXnRGzYvnuzlPXZHx47wC993tYSgFy0z/FSt+MmQE2nGObzLlFq4kuD8Ykh2uZ4cREYxv6lDwyMlY2fa74aejEZvcdqNMsNO24pAKx3jvndanNjGGYODeVh7LJXJU81quQhs9yMDnI+HxnzbirF4d0tHmqZpoiPdo+UxWBn+l1KkYr6KCzpZDSr8C132dYiwvnCIz8sbyX9kkVdyoZkk9j3/N1MARujMj629JEsFk4rZFoQLrBQWRgqux1PMemFqPWIpoTWnhQ9PGoYeN3hatmjONz2B7QGuus8bctNGLHFGNHmcCaShgRDSYy99bnekU9HWgHnv9re6mgBxRQK6nS3iFKTDHPjxXtDbp97LPG2gxANAInnu8duzRosTtD5R9vWxfWyaVE8H30hd4FjpunpQsQctbLYVRA21p8Bp2VEKL3GsoO5IW+UeAgvl1GWwv5gbMPcmpzqSTxM8t+8q99g6F7FwRZvupQwoI1t6hLUAECyZaRieFWgi/e1VXPUvfRRmqKVw2mZVhYw9M8U62r5wXRgCxep1mf8apjfvN606AgMDRoErHvmi+ZrOHEt5FURJRqVOs+C54lCdZWPA+zMGxTbUYcm7iqgjRBk4gjvPheVPbEnCXTJ4EFtrpv1zFywEWz4cTi1rWokfQABAADHguviN1Zs68Ep8KL1eCHQS/OapjFv+e9AIvKo+gNZYzHNYbTT1rL4oFjPn98HfKBvIvSo9fFHT7Kas1tVfg34YjqN+0Ugdo6CFqf10iRl6Uc6F2IMWsn0NN8IwNlrVxG1oXIy5fWBvJCkP9d81sAqYH8abdrsWCN7c7SQErGK8BuJEtHqpfl7RnfJZsRS0OMo2xMokC0XFKvfzCPicw7Dro885rqLZAvnGdYSASNVpBQ3PAxaFI1F66NvB8KsqtNCVQxpGcqmIdIWei/LQDzCahl8N7oIQBgH2TM6owEM7QwsZpy+kElHCNDDZs2Cf+9VgbvEO7Kh1UeVh+kaso7wo8F84yXP1Ahify7LrzV3xvFOkCO2XT+PG5I/SPySDiLtbnlfqCRG9va6rvzsFJV3uempfzTemrX4DcP62/JnJgg62NC3QZmt13Y1EGyoZL4dVloSNhZmoWa64wtNE/5Imse6NgO/AW2SqEbbmd4h9SIUg5Sx2mg/ce4wtYvJR82+MHardBAdxtpCW1s1ksOMxJ8a3GoW0kfCFlIPSkRh3Q9mpHAiQ5S8T4wtBNgtwmrEmVjmOlStHXxOpuk/risGtnRZkUfjXXwvSqjNdLXS5KuJbf5uFVYKvcmIERVtHxQoi9F7Qsjk8RpVXnpi+cfshczDdSPw3k1NZVbASCmnTNZxoqVA2hUrtLZWeoymKPDGUaLeNMsNPlW9ii9mTXVNBScysaN6mRvrBza7w0nEFxEvwUWhz2wHmc0NDaCXpQ+FjwBHnEh5gNGZCOXMC8mcD+CzYk9bbWhEGoiHD23hlPAvvzbyl0Wjn5If1qoJO/ql6Z2FWdaNqnTnuzohACAejAnAlycyEaaQY2corlBVhuuLYlF7b0rKVuJ5rop+Lg3wsaKxJ38eTD/la7ZC20RDAhDSVOwKDDmwHHDI+DhBPyebN9gNoj672zy5N6PazwJSBPfWoN+EfstLpWfEPXvyFcbMW0CU7QfJe5upzkNBoyaUbk3SIO8qVEY+sltPBWqSobrPQ7be6L3OShRsYOVvmZWx2I0tg+SupVYGjSEZZ2KEE8UrieTMgWVUQ7CVduTlFnReud3qCxzMrGZ0H1QuteC5F/BEe08kUJVFnJVaLl4A82yA7SRXCquQJlb3opV8nljHccICPdPFGPLvWlkZInKrhza63OiHGysu4xLEoPDp9OrlkxPp1vvsibzQ5UQ+Z6WwAuSYSBd5n5pGhWL3R2ZLlgY1MkpbM+9ZrOZpZyyoV18WT/W9u8n829IpRoaW0C2ENzIt1+e5kabiJCuy7IPT1t/I8G8GdPdG98nkfAouHUBsGatJgtVQP8D61jWCsLzL++ZglNOpL/qR8NEz0rExzSSSYB/t4I5jhYzjTKzT48gkDmlYN3OqmyW67h6eV9a55YiP49CofnveDwMK66QXvhjBK3dp1rlvYCsbBSXt88EqWuH6+A0MY8kZnkhHMwIziIwCYs0U7To2iscVKl0jaVkgkImPYW59xnQeOPdUlL+h/N9Qthz6xa2v4v6GQH8DrPtWOqBPMhX9AkogCPxzaSumpTj+6RIq/A3l3odUDO9ime4Ogv74FYeQn1vOn+8Ihf4PEP8OLu11vrz+qATGfq69irp6Lf/mYjL/XKj+UT1Qhn4eCtwOB1d03Z80fD8jUJ3/3ONsbvl3tlzI9ik0M//3ZDOxv/9BwJZ0a/FT7OfCvJzdHxfmV/IBH+t3cmuhKAuaXGdJpyVp0VnDXC/10N+/p8Oy3FIBZTvwA5tkbTUNa59zQzdM36rQ8vv3T3UwXV2Be5fhc19N5k+RgSaX9VHcVLPfRzJ/XoX+vHJ/zpMl+RvK/Hy9BXB/IwauDljT2aGHVA1gVG/O8hL86rvZkgGH8XDM837nocLwQNwbw8oG5wa2wjGVUjKvezWAv253xe66P2jCzjDcod+Lesyk7w0d5AQvyEfody7nr+ztMzmao9q7WxPUaJ4R22lv+ozxbbXYmwbW7r9KgFxnZA4DgwHgq1l50F+T5rrCbzKfWHyEAYLylnvEu1vCM2qdMosz6ADPMLr6DqtM9yRhFITtQxY3t6uDG/E1gq8qjaBWDIIrRpuglRB3Z1Ud0WuQEnJes/CYLJLSJEtFU2kDgeEFkYFnG8eRT14GY9ELJQD+ikmkFGYGWDMnSUTyMG/GS0LGz0g8wvO0xo8jHOJLaoRUgJRXAq8XR7eHeGjc4628lXN47eM3fCKt0cd+9SliaT/JgFgdCWlKEEfSphkOg947rkeHed1dItXO3GA3+7kp+GYBH8dI2p3pKA3Td3AqllEEJ31xV0rJ4F21pigvVcgAIscdJuuXMyEvkt/Xzdm6HqgscuokOUCo26QmcKkvGiQj9ZNxJbTZ1r7zPAPNMRTL0oNMvkGwBtw2eXXmmgXQZpkDm+rSDBzEVeoxavFseQZcAE8hoUn1lvStPqnvTdDo4nsUPfkM5k+GIGYF7zZD5PuuR/B338Fk1tqIkC6cMcI0j6RldO8y0qK1Id3ediFwMCYXGdN3Z1IBvfEK+0YCg1RP0ro8QPh72XvlaqHGdAPhqot3VnkG63J9VbixgJwsKNOQrBkYHOXAxjM6XOTe2syTqxQRpSiJKKT4XbxzYUuiRStd0TqA3ZeknUWDwadXYSw8Jq5CxeiLOlvw7F83AgNOEC1Yk37+HrdgSIjnn5t5vlU4CQQE3qqQPMyd0ScJgY02v4UHfSt+edYldRojyTtHiAkuc4X9PHtjN6Zv9nX/hgbADEpPhf09aXeB9uytjSjpRLYWYNyTY5dS6keTiPyD3gobiKvpk5MIaTWnc19h7MVgeHY31i+RnfrBO0KtVQlZLsZu2rCf0Qk1XFNGXhjHUZ3GMKefpj7ySd7WSwG9yiH559K/O6y1iKieb1apmOfDmvvPN3+1F5FDtfkpDdH090ASZ1YZX7ONBiPJD56EcXFBtfb+kNxuDocpm3X0iLm9Oh7qzj4lBrryK8cK1lpo56mnK1bUucoOz5urnMLlGFtDO+DIrhe0Ev6CykFHEYvX9+SBHP6V2gjwBtyYpVIMz109/asIAWaAF5TOh/BS7PbMMvJNdAM8PumzbwVdvS5fqnauIhE0A5gCDWr5gyPXomDU9AXfyZb2s3CpGTNYFJwRZOOBjCnB51YcSBvao/3BbF1Wp+8XyZC9/wBDtVt6R1LcAAJWwJI2Nf0c44sA2t9r9Y8NjtSakE3SqPbyrl/pObpnzNfUZ+T86vkdLLT8EUXeuE6xvMu7wli3LC3DcWkK2z+RY1whQ2cprrLw8HwHi3dyvT+rV0Nib1CTWgxdGlLVmL6xxYTUb1kND5UTX4vdUMUMhL2xn5kZDMpYLoRZ+AslpJmrZAK972BV0RcYCzYYg9/EKaOrhzNqUkcy8ynfXJ55Mfb9ZrdAWii2cL+16s3Ab4TFMLZwi4gbJdxr5HuVUTiBvd9Uzv7Xtwov5b6HsSvlj1v/UuG/uvVbocByQD59b/1Lhb+0/NLy34CWesrLgUkj/IiRotfTse6m4ZNowBs7dFAqhIKrO7Pn1mLj33yGuUUiITmyfCOHUamfzTkKLp2G+IMpp1QqgSxm168L8HpXaNYx/DN/a9g7XvO1cRTUmd0AjYaMYV/2kt+qPmcWKT6dBG81w0lt3yRJioj/BS/ANaBpDxlSGv3yejobDEPE6m5f3psdHGoWFIPwf0ULL4ohFFKVJrEhJBf/sYn3k1OXfQaVvbxzcDdD8udNbEKZi40TXdLddb1qqdIma8sNF0wyCfT+e6ocyhZMxPOHZXd9UpEAX0wJUJo6gpFunGm8ohifl4vAU3pO8HJtwROPvvp8svdGowLKCHK5s0P4hOFP3JMUkdIOgtHwSdHEpTMI8lnULbZSYGtTVoqEbZtjtHE9ygxJoPgLQP2Ziw+fMYA9aa6R/P3pcwkWt/eyYwwB4qPEr+N5gyVoiwB+FDGchneK0qu/YIXw81oYgUNhriadIYnQ0hPGXqs9LSOBrKWY9LHCpjcAn/6z5q2dh16HClPUpdM6viwxeUggklPyIHLu6U8xbFe5txh/kz2hjXo8zanQabT2YYpDrMaF5fwxPqnvuS4VM7D5eCuVtEmSFASM8wTKZdKuxzQEU+OV75PgyS4c+ozNZ3kN4T1d4JNT4TTN6mWxd1VIwEZSDA1WMNYtK9Yku0zrdcLlugO6BkrcLUIlHBprD4qR2OYrVAF+Zhf821H1S1lqLEVvkFDERYPVWjH5D8asT2HISJX6dDJ5MpBSmgx/Ty4DfWEMxVREJNVLL9K+teEWMFBJT94QQJSuBX8TaMgu+eF2jif0pvaJ7G9/pqJw4QfyrK2ekQY1NftCrvi7VLK19yIz0p+TXMSmPCkWtoDB7YHqTKViA5XSTencSzKSS1rMGmKNFs9WmGLlH1c5vycMw0o7qd7e1hN7xTMW0htbSAoFJdrKGxtyCL/V6g3mXmWNVYNBYthMap/e+li9HnaVLd04otTqRLaMGDVJJd4pprhVqk+emyPxWWIiyBeNUfhidIPQCORHHEIWY7PEB3exiescDelIjuFtGzWOe9002hsn2f3+fvprWqv1akL5zYEs3sucOfUW0WYZHg9QBmEP5JqZiiXGOfFwUryhkmJI/5/gtL+0/CfSwr1uRcJceIi7V+xLWClIiKSZdKC7RoCS31JbP8d0ke+Z5lEQpBaPZekyhuFhHyOQt9O/6T9Ls4FpOML4LIFaztAiZ9gQsuB5iOQ7w1i5J+xJauZbLDgSfOsRvC2ggfMh70UckjSlrt0x36rVXRYNsuar0frER0Lf35Q4VHSlN9JnyHpxeux7KHOQMn2RHMEC6EEdw4ycWvmeIl2Zt2SeqOKEjyBaPUYBu4tZqlyN0JyUBsf0hHXz6XnLRX7YXoMFlCDS4uHdyKzkVauv+WljDCTDsvhNHQSkBfopyb1ktC2MZBdy1mOID52BBKjDBqGfYBToJRswm75BYho2W1/t6tE3Q77HYkZSF0+FCpShdiXjMBNI0qIBWeJEKH/dNYl+R259A4cGSLoqkrZDB4nxQp7Ia4bhLZilmzdo0YI2GL3+nCxJf/MfXVm+Bu24zBQS1mqzwp7CDNz6NnHkxJPvXgHsZXEDpxRyms9NUXcsjZRHxkB8CLTTtfkkEJBqtP8GnT3bTK00T8sjCcfwnugEB4zAo7C1IM35w2JhuQSPzn9KbmEKfWCZl3abtUXq0xBQDB674e8QP46KU/x12k+zCaV3FFUrBgRza8kGlhjvME0ivS+6MN4JppZfdeC1hz5d82do6qoVmIwTJqrceJta1uIdwGbZx8YFa1+JX+H6DY7gsvkqazbP7ON2a9dYCYa8AMYEEE6BHzCjnkgCLD/tQhPkW+efZkjxDJsmUKBpcAdPzvHFIydF4Dun1EZDYYsdgWPkGqX5ul4tmNE5DjG2T8chJQ02UrIxqhaMwzhCGoaXXbzTkYLJAVG6Iqdvic+s3scFB+Tk/QEd900zCLzrzfKWDkA1j2joNC6XWHMoNNZTBWaN6Nr4nccCIX8cjKF1s8vLKAykPqrD5M5gZLyQ/P4jFPXLhRbfy+5lNYkrsMEzLkf6qxVIm0RiVG5Zm8fR7mpp2YvWZjcvDU/qCBA4589TNjly97ohQDZlBbszNxo6gZAXV2DS6c+fcIYlbEqkw4C5q3pg5RvYSA5qkTQPJzL0bn2AP4eAdlwNg9HoHJ7Ns+6EVMKQY2YwRoWU+mE6meM77KkKQ15rHaGpFbYSvYdYWkDgD3i1prq8zG56n883gEzTFiVCmo9UTF2Iv21hTO63yGb24r8OB/2vxM1/afml5X+FFp4mWy9loHo8+GXxMB4XGB5aEWPhT+4jNcY/roHsjKyQPLde7r+WpMidnfRrlypG3EEpj7FcWFojGNi1AqXjU7B7B6ABh2FoLXdLx3zLgc9ABiUwMrLAmzoix6KMw/vflPUJhG49IY0WOXE8EfWJgh4KptRfwB52EVBZToZvYb0TXlE9ARvyIm+iVlk2zPh8OR6ytZDgdMuPf1090VcciF5Cw+Sgx8LmcMM/8AXY9oIbZzPcKVwuyMotTki4Pqb7qd7e0PB0dAls2dr7PFqGbfWPSa+FzSqwfKNxpt6BOGLeMjQodZpGs8yYpIrRi7MhL4zlIIHRWRaZ0n5IFPQJlU+T7Va1MHk1gQuMrQC8Z3Zdic1u2/jFloe+KSJNaWXkAPf7jM5zxfbGIb2dcCefSUlk/oEL0m9ynlfx2Bi2mpc4NlgiRZwBhlOffg3mlVseQSj+dEwfXeeljJG4s4P5KU2Vt0KkSX/X/sUFRyaVtqszEt9YU7chzsc7dzJGdY79ClLZgzHAg0G4CBTPxq37MMbnJ0mbAItNQc8kIZfwdsORk0Q9lTFUhud2wK1BmFjvU0zM9o/yRNTpmIH2jW72g3Du1q/C+PmCAWT1oxC2vgml/HjHLJAbcYpdfPnkzLJXDLsM3kiNaluInQH5/gcVcPMEUqhEXwPiI9vEYT2CYxxaeBYjdK+QuJUnRfoUhCV5wJQ7hDM65WRp7gUQoKIFjkgL+HQBmO8KiyO/pHAhuaPwByIMp3QLm4Ys6Bc/iLbImJ+lvHW8mszd/JZnf/seApQJVoyY71D7HvPSSLvIeNO/kf4hag1OICezu8EDYZEbr5Xve5UKzUKg6/t4PyOYXOujg25d7lqs0hNaRzt2VemohEfpOrvuhe1QGUK/sLKUnCkJa229EW6Q3tRhsZ9M9D3Hvgl2yu3xEgm8LJK7ppxB7jvLuZS68Svk9T6fHK19KRMG7OoAW3+CG0lgb6ojNqObmhsZ0egzutcby2YuSjcVr5H/S/IdfkrZTVMjeEIg+EV9PKRnTRd1/TQ18wPRHgEVRXJrxhEPPGOg09e8XwCmYBbdYsAfqzo+LkytWlXV1xvN/8c4oDGQFv+fHNAoivzF+4wjf3U+/3ntP9z3TP/6nn99z7++51/f86/v+df3/Ot7/u+qP/3S8kvLr+/51/f863v+9T3/+p5/fc+/tPz6nn99z7++51/f86/v+f+v3PyXll9afn3Pv77nX9/zr+/51/eMIAT2X8z3DMN/cT7/X3rSr0n3f99XTevmhZCULEVbFNN/mle6H/ri/32HNBA+t5T6wyHdO+sDA4JJa7/n0WK9eeYc6gRwDI72FoHYwY29ZUVVHgMhWcKFFkECEnF5yGGCcsxuap9xCp2PiSkPpg3EXDwX/sGhTJemvssrQD2SPo34dKFiGOzBzYpdrx+VUiuPShVmkeFNyaFJFO1BYpfwfOqqAlLsXdaWAc8Tmd0PkjckAtknI4rEQQITlLoWzGUZRTuUkIm/x8hVOeDKKqtOMEEuOOlb163iDNb1PRmH1C1dnaxDUd1YWVspwjWQ/4uujIw7Z9TwfPzh9p+8HT1rK+0GcqtZM/YHZnS7KZ8BTOLYY+Suq/lMxsBOLW56Btp8HEJxeCYOGHXxg+jr2SwnuExR6PB0VnRsH2XoqrcSXmpe+/MBR2Vt7+RuYZm7h8XpP3l5QmQeOjR9Oy/sNfTfbBBKP5XcQbmy/3apDzDNmee+aCEyxiiBpRHPvyqkT3KoZLg+ieEgoGgUGdzV7j4poj0ZGgE3AYbvd3G3mDSlGwHjCZfjPpyU4aJBk5GHO88aa+eJqu8ZZVoNVkNAwXqNz1B+hSFJ3o1m7FG2H9yDAAnU20sHGeZKmBP8t8C5H/V7HP31fgz1FZWjC/S9lQuV4B2yO/f8njUyQUCdPRje0piHstyqfsIPRZkZuhzs7i3XkCRqUbp/YcuG0dIAqYxYVQLTRUmmkV1OXVQuiOwO8k3m1CwEjOv3KkWJmRBOE5qZkqe15lXOOSomPKRRjuUmITXnTbUo3Ro6jJAAnjEROHPW+2tJrNS0pgwF1KGXAuz9rWlydZXxQBF3LIO+6lXyTIzh2sMOxR7jMKFKOwQzXv7DMkO01G1xQbXqCIIoiKR0RbK0C2WYLhPRW6bZQ+o6rE0H0cA4dMODryL8hEi8Zoh1GuNKf0I62U2+KfMjjJx9jNpwFPD0iHcPD34hTmzN+gfBMMVV087E+qEqk1WgJdlbmmVqaxc2ZHpjeMae8xmBkUrTQTJ7VuOq4fJ0jXFa5fJhI1iVh6GybTOD/LlgSWPOEu6RD5ubxeT8SxDVILjBqUT2Xddt4zvqNAe5gYoefdcOACD5siKBz78y61UwWg634w4pN3g4BIJkOgQugDrdfh6OeJeEPZ+f4BElBc+yyPrM4Y26xV6qTSsjvFG3lYLY9nle8kYT4bjqyQvAO9IjlFoZBqQa5fXaBx3bLDyXfa02GzzjX9QQwEjqiHbYTUkhpeZdMMwfXD644PQFQuHMj4bESBrHyTxz3FDy+C5iwbs8Q+HzOMc8TO0pcfLCanEwzKI9iqnUPzRmUYI8jBl5+ngaHhw8Rb5wOemfdTHf4OyKH981oDNA3sDxWrx9kBfvgATiHTAUFwJfhw9L/gaPSOKlzTFAqb9LVMLZlhBCaALQgW1GwFZTYuU9REYXpqRat6jHDB9BaamdggKJevGOPFng7NMLgiA0sJXBiFmRgBqrQ6I4pZP3w5ZEYHMQtRt8mv3zEp8gBdqNcLL9ZYikdc8IR7thF9PdrfLnuMWQdiiUpqIS49HoDX/DtvYKqZYKxFdSPKn7ZQvwEgNUEDd2qaPUJx653CE3S500uJmDuqWup05fiJBL5dtHP09glog9AXNvhrDWzkgYZuxp5yPUKs3n8PcgXyKRXBksDT1WoyCzMgomHytVasTAtoHd7PsImfX5CkTdDfADn7frQmdwZJjo8jxgKzbiUM2HU47xSMEEI3D7qUtE/NYtRXgxju+LD+/TR+LKOyJefvQeTFYRtVQwcR8OWklwVDmjbwaQWMtXoJ+9yoN23vzi84C9tfs0YPCaw7dex0y1jN+5ovpujv6KdaWXF+HNdhp9nuUBzg/+HgEd11eGH24JHpWXDItB7fy2K81LDvJ74gRgK/krPd/v8sNdINChClCK/ywzG+mF4R0U4uBLiWycVTxsi2tUGaDBNntsONuAPIdzqI7XEnSn9pZvVEGZL8qyjBrRCOGBVsLj5StcDEEnCa9jrnOl864TuOtJ65ApoMqxI/B8kY+3+ikmW6sfXKBfDobijdK/lbxHk4WgisBfQz6nezJkBc+w0mWAHSeXzEVkMwSD9/k0U+zpX+IHIz/mJVKHS2xMDjIkZcyqx5/3NWEPT+x9FJ1tMx30W3hKvCXB0kvWIKelPbJESZAobATCuehb55bOBI2s5VWGqao92SBI4RZ6sKzjpJr5jCpU+0aGPEDKKtfl9DQn4X0n6racHtgCkbTiDtJDMm8NsnZTske7c9+t+MPfEsfanb3C/bM265i2POiMJpcYx+/Zv0BsPVxKeg/czVFzr+h76OXkbo+fuRUgYD4/F/YtcX3Bni2L6YWLjWNxGXIT3x1tSnJaGjiafmCbOB8shiyHXdOYQ+TcDe1q9S2HqP9o7JG4CJxOVSLrPBNawJKP+OoJ+Uma3C+NZhwMWfuAzlcJYJnihkp4xyBbOJl99zV9JimMv7re4rGUWZUoGfXu1nL2cn+58GpE6tOPXdagaWomuq4peP0TZoP/tr9Rezn6iMKBC1fLcd8OMvRad1LgQRqeQfAUIjsnIcXL0u/1l/PTCC+mAPLSspZ1lgOQ/iWJwusVz2jsNIZ5dR+sOlXxFjkvuaKest890OhCCUOM3lRFokh62CZ9wadZlWS6nlR787JIPbN+MySUHOqM92IErGq/UOHSZ8q3+z2+R+CEE49C6wOYv1kf66iLNiHbgQBT/FQ3BNmhj5qps5uZzDHVqydAuEvfX/jomkKDZF3sn4a79eXOUDfj/6i2/BlslNS/fgYd3TDKBMpi89Iec79vOliyS/s9/K6f1kJa6yoHvoIEz5NxHKdghIvNmsylpoRI/KBxB1sn4zVn8A6yAYNG76Ib3ENR1DDemgM9Xu6TDc1HxZJjURAZ53dRALkvLp5x5QYp+IPdzZ60WbjwehwnAFBVXYO3rodbbgevAIYSfVHao6JKo5gEHrmCsfM/c70DJMjGPQkKOUkopa5RUNH9FK6yOQTrFcLLVQ1J316qzAbmqqyZzWRNAXlgz0xkJjta1jIlm5z14y9AgA+Fom087WQieX+GJ1gbSqZ1gLk5LfSyZKyOzYwKu2tk3j7d431ZhlNwLyNN4mYOQ6R3WttGCROLDLozdFzL8RiFXGnMkmKYcLtP8iZ2X4k8y3E0j5u7jPBFN8xXbOpdZ+w7U3XeOh8MPsjUft5KyFQt8UwG33MIexdiP0l4PyVrHInN38cWb3zrjAouCr0YIK/8ceqD/cONK/sNfGSjPmgbB4kzP98DqcHdOToWInMvr4HTSBrGixzI+ZET2uQtqBl2dXwyNvLY0bnAd77WHkzP64t4Q6lvOrGHRkymmeJYVKh7W6bLagLO/nzWHgbtqP+qUZtaBKbKWI/XOmHOfTFIG4J+nJRzsPvzg2iVGng+vHxi1blpwyJubb1DAr6P8CIfpyiKkdh8tG2Yr0ImkTgxHFmpoHqegEfi0C+vUfH8uTYsEkCaGIfhvYDpRTc7XpBJmX9hnLEgZHorn7wJ89RJiUeiHeHTbYtAWWsjMPLXTy89Gm3PPnmDAf6CYHjT3bWdsBjk8SNucV3nkGbHdFl+W4D7NkU81dmoo+WmHfxzM0ZufIDE9+JmdCOIcQBp2CSnjVN8U5PHtLUxARZnNTKt+qakOioDrMHl14Yvm13V4KiJPD2HTQhbmrK7dxrPrsBKhyr0zeKkRmLgiqfLhX1EtRgWIEgz5K/PsV+6vy7jzRpsjt+b4E1+WmA9ScLuE+03gyQsvAYZQ0P4Yi+lAiqCeniBkYYQRa1bE6ZpFOBFulXxMnsjZfUWIzu36m+XTSJB2Kd+plGi3LMCSQY9u5XOxuHtWr/MazjQ1aRCt2IerM0i33N5AaP0pnWbOI1DXXOEWGMEB5ysB3Uu9OIwjhWHRb8RahCvIciozXBVxphWop/TN5srUAfU4XVKCbMuM5oKmtmlMx4wA63uOf0+4xcivrkh4FI0gC7QJ1gRbM/MPEiEaT8Wtco35E6bE6s2e4KochrXaSChTo0ZtFRuPk5v69GOWBwCyhKXWdeEX3IAGpVRUJ3usRrparnyFBu4/gauREZnkF3KqJVA80VHSW5cwUFK6IowViHPZQ/cqiy8yiD1J1tC9Aom0iaF0w2GEl6o26SZtlf/6jXLOlaYZ6cAb57N6gq0VdL6GpLJYts+V0UKo9AjQW/o8RhwlCq99f0cHcB+aBIoj9r3rMYQGGlYnvXLkr+Y2Ew7NQmG5DEQ2a3PqU7zQW/WjfS0bXNVCs6kF7UyRPHCl8u+8JrFbGWZp716CeC1z3BS5/M8r3EKRDkr7WR13Qsm3jnhUuPjnMslX00y2SpwWqC/c+Bc+8ejGk2YDsmscuEwAt3HBXmZD/1Kmy2fop4vX/Pw2G4on4slBKXqRm7LsmxzU9I7OIfxHb+dkLuQkEA7qCEiOZlHFjWyHCct0jD7oTTnbt9Mi6YdoCKf1WeKw0ezUM+pILOnyDzV2ctfp7ofLVXIrAphWHHej2m+uV4NRO0TPrSFEvjbVwuj+wc7RFDHq1JbCTIzy8b7sB+E3ijXTuUTYcGBPAALbHtDDtKUH/Nci5wN4n67147hxEDnpSj6Kd+dQ6Nnje1Rq1mnulrlJqol2jo0QnR+j9kA07ndXnuGPLKQDVWHoSSmknmOxiXhIbVecgGTMtP6n9LAxo9GszCPDd4LGtn2NXBPs/seDg0gUivKz2mArPKbznnVMgyaQznGD119cyiQg8HzOutRNzLoEUXAysWWotaQxHqOr/HFXyQjfT2x7Ay1TzSa5jjYK3YpNBuzJzBbc5hSrZ52LfHm7cRGQ1XgYBTyUm4I2/rKyCL17FRjQxfV9tC4BC5raRFkoXtxnPCqOJCw1A2Firn/Mcr9T1FciVEVl2PVp8vc/2zmdf+r6kHBaqtYYW7jdAFmZF9Un1PC3jqwctemAAM5w/3v1/tSnkz71zoelbZj/FKcD+ToBFbNAvdmdpg8MCMAtZDiDQlLZjskzTkAwbn6CQl8LqyzJ00wq88yxHjslBnrevLxgvjiAtBaGKhQgWtbGfPqOTLGLj/ODsm2FHccimyIgYz3kLX9maLi43Xtu9hXNIKkuC0IASPqkeqDyL20xwvXv7FuNu/Zs1cNek2mWrFjiVmbpXOoXCgyMP+GM8ZH7sSJBS88nQYGm+hBHUP1VgO4GA4SFcoKBJOZS/FcZMaTd7kDzEIDOzg+e/tA3+PbvIUgc9mXdZVBnpX8EGU7JWVMEG0rOA2AtWzk0LzFKMIYwA0E+UjhoSDMe5EJ15+AeO4zzmIiJghIQqgzLpxb16PodDU4py+SRbh/NyvhsuI3TMlPyduDvXGyteCqagq77yGAk1hTtlU4Q4fZ266Oe+zcTCx/vB4t4FXDzTIa6GYRSRYcdhmPl37m/TJ0qHcPPPP+tGdBCQtrDWnFbflsFu+KrbJqcGSMDD8JQMyC8OISc1mjzsFiB4N6p1mI5sYaTD1wlNys2OdEsbfox7Er3NPw2uNOu2BmoF62gmx82RbGJbOxzd+D0SXtp0S77Ra5xAvZMW9WHqPaq6G9bK34orknv/D08GE8afdh5XjOkdtzMAKWK4RwKZVYiMUx+Dp25lgK0QupGpvViYX4dFckZi4/dQy/hM4DHhSyNtuA4dH5u9fkLQ01jDcx6md49qZGjTsALLz7UKWZvkErVrV3XkCo2Bbc9EFKU20HmdfqCQTSALMzDcl0cPGPzUq62qmV8mOiD2uBpwM+qvqGyQpaARuf+MRCPeFW3t9pK3/5AqT0uUPXIwDHEadrdVs1Bdc8yeSzP+AkuLmwvDeUbxI1qdFknFPGOp6MIT0pvX/ygAdRjMAH92xvnzAvvaegpjKVxJnXg9dq6K7tbTU3Zmpi05hmmQEJl1EAmodPi2yEpXD2fA+xtCNMSBiV/KwOjzol5kDqUzdXLGSMh918HJ2d5OjpKRH3PUmmv+ItSnOcI7znrQsk/BzWblv11QPL9QerDEDZDoHanfnmd4lEOTuzibeT5bY78eoj6vlM6lLGEmy9YLrL0+nyJttt9egrWHhUyNU8fNKvJynMU7d6+jJJ1Oshp5zfNMSza+CB31ce6agso7usxlixV5YYXh8uA2nyW++ziPGHTexky88pcGjpNqayMmFFjTDLYwjGoYwl9Jk6ikTOMFlkAluQ8EPTRriSgFGG7uolotTd85f3vGbL1fcRk2Zu/cYWMKY7YqAV+qYG/xS02Kf984njnc1BBSR+eHHBpjra00P/2tNH1Y9RNVKyGYcUxoteLuHLTHGNGovwB0Fn3Yr6seRxiu35jszPN0Mq5/xZJj0dAVvEI6KO5xaZxPhEJVMQGa16WRLparuNwDnwczCT1+IEJCMb9ppfg/gEUufumY/LEmseRX5SY+M1L+36EW+ubSTrQiYP89RwsCcHWFVMKyp8WNa2jw+8EzCitx44HiaFHQdFH/SIs9FbE48cholbYcxYx2H196wDaczaDPOj5NGtu35G4QlANGn/T117/5TnGMbv7/MyDW0R/uGUQ/5jnH8k8q+df//YiPpPzj8K+qvz789r//HOP+Qvzr9n0ud3axBIT/qkKm7ZB7nFtNXZDXBubILC0Le3pr9xyN8YSOiSeamzuUim7PW9JPyfOwn/fTfgX71+/75j8K9uwHkDzOl4393BWbKBxCeLpeGxZhdUJ7IDZfywaWiO5ieO6id+az3ZpjfMrnP0lb+zWpHzTyw7g+Uql14rVSIFnxh5QX9+z99dl0PqVvBQrXPMrvD6+X3V7DsJj9ly1TVF8E5psLeCvl7mdezPyBkUyaaVFrrLC4h9MZVxYofR6JDBMajWCIh+2ZDCM5XuPStd0E+DwzD9eiLfa7d690/lbzqYw2h18P5P5RRIa6rLaJ7f8t96LpX/N/ft/6ocd9fTDbUixZ+bFdNKrcN6U51O+6y169+l/zA5DL7bANmXgGuNfpq8fT/rfjWAdn29n43dzzpB3XqNwfalgDYfWvNEvzR57Z9lDt1l/qzvuOtD/6WMcL8y8L4aTXYYoL3nn/UJ6F3++pdnZ/9ShvtHfVB4j1X87ub0HqcceX1yyf+ftumud7/rwcF9WsPgxq0I655y06nDoM67j/f78z3OwnnTeI9V9dNmT79foKwPaED084eGu88xoxEAHcg9trveZF86Ta+9QDtuGlGDf54/bfbPe3zu36v7d2H/aev9vEa/x1TAf+rw79+7+zn2qt80futwQX/cZWsMN3n/ArT90B8A2qtv2esJ/dDM/NTLYafetH9eO4yr/SnHt4gh/tM86PMhiZxOqQELVmsDe3ozlUkilHBse89wA7TmpuTuk3ukXUCBgt6tuSmtIP26W9sIoLXQHxQixqXcvaGc/2hNo3572OQFFMzi+3XPpgw2ePsArdbAjL1ngulixz2zLhP0qnv3Ku/fq6dajbuM+W3lczUuBrlnEnbfd/dmtd8jAD7jNhilmw7jen5HRQetv6rvSgEzCLzfNN899rxpvmddY3/r071v7576eZfnf0bu37b1f212fXtzyfpgjj2ojqO4S990G3NK9USOT8bBZx4e3d2fXf4Obq7htDcX+enfhrnpaHf9O9J3uz3ANUC/CNC3v+5Zblz+n21GdR7QL/z0B6Dd18GsxkFb7naCPgWrELtHHbvH5S7HfEfeAOV++uaPsmBmtMfd3urb5zVYTS/+Sw9f4ea3nxUw2/Y/y+nf2fut6/yugBpwHDAjlbsuHf1ZLWCV3nPjpw8v47ty7xnP3+Ms7KCvUcP7zpGbU/iw/n2mfv/eYsbPPYjpgRWo3Cu/xe4Z+zPH+Ar51nmCcWHwn2cymHHFP/d71f4dyxq7uUWF/9x/twOMa6Pc86j6o87s5nz+z7VGuWkCbcGQu1/PnzozxACr+K7T4Bn0jzrv+fhEf+5X9i/XasCcthHjbinof9Oz/7i/gn7uv+u/WviP+0EGA/Tn9ydketk/PX8HY3yYHnP9rIcK1r048TzlX1Z5o/z0q6ejYHXf8wS+1x6Y3/u/rDOWB1wZcJt/cGX3y2H+KCsc/8I1hB+O+1P2uNsPAVoU0Nc/8wr/mYP+da+p6qcNoL4/y/2DtuSfpCGaSB0Uu8pm1c+mkATS+pG0wGTxn3LkBI3+m6grCP/3jpyg/53AK/o/LfAK/c368Zv142+/WT9+s378Zv34zfrxm/Xjv+nOlV9afmn5zfrxm/XjN+vHb9aP36wfv1k/fmn5zfrxm/XjN+vHb9aP36wf/3/l5r+0/NLym/XjN+vHb9aP36wfv1k/EIT6L5f1A/tv6nx+Lcvn7ow/gjv7YvkMdb/8Pc/+RwZ244hpNwBeu3/+ng39AkbsHuZPNyQ5SAeAQDBgHBBQGIqu/TsMIdiBEuj/AE7s/6BIA+Rfh3gSfw3xpP+dEE8U/h8U/n8+2Jj299Iv7ZRBjxle5XrL9Prvfw00eJx3i/rhv8eQ/+/FG3y/Pv6IN2D0K2ub79KODNeBFGaasYz4hgE7ve3DLIgyaPaNeto+uKhmwivObj1Zq29cw2E1k0w1Givgt2cuBM9cNLa4d24WpXaMzL6SEIe0N97lHANpILIsdORQvMsrivATf/AqyBxSS/b4bkQt965bVkG3+UC0KUHrk+uRMMHs8ywI34fmDCIl6tOJqT0qraZe09Eag88pHdCK5b7mMVEQRdbHD4PXP6y7VF3T+txrmS8zXT7O2dEqmC8gTI8sM+4s7C2OpRhpwFJAv3olPY6RujVAFFjW/0Pedy3LiuxQfs28480jFLagcIV/w3tvCvj6Idnndsw/TEdHtNn7VCWZ0tJaklKQH+zgni6N/y/+KtTZB7GIaU8owFec/svmUtVno6UoVI0NwXLq9fyu0JqdhMZGE+KDahScdNkJd6KYWs2KvihhRHuKusSEBHbVzGnykznTQOe00257SpQTf9NVQIpvc9TgV0qVucp8U7ugXa1eEcFe6JSXQCgPoWxNE94OsxNE8u9zHqw8FJ2vptPt1mWuscdextERXSqU0UEc5mnfUAMHquS6/6xXfjXDJ9yZ2gVnjYwL1qgKGAcyz5gvnmvpARt6fvXmd+Ne986oIfVHs919+FjXvlWGTvVx2f6cZ9FuVz7ydxv1dA8Q5RAA6ma7BaMFufA793vWeXz6OQG/uMWrXNcZo9thSukG8/yYqXi9JFU89qNvGadsVekiBgoaUfn8mOccTm1/LurNQgvXQrcSO6ghnM2/E/sOHsiloe5qHuHFfZLUMOpKR/MqeFQGywiaCfRBTqJvmeIPQyQy78+kecarUYPS4q/hDWXZpr/C//talg+1T42uh5QGcKAgusOSI/bXh8SYYx+DtFH43RgPFBhSUaoeFGBKuYvmaBM1l35Xur4a2ftlvHj+OQDhC54cge/NlrSQen/tdc9wKVP+rUaOXgm9sNsSzIrXXiiz4tO/byyXL4A3KjnOFdcMwfw7J9koM0H1s5czfNFu+Fv6Sxw1cIfHxjXpWN0JQzvs+QnHeuVm6LBtpWfQ17PDc48ps0wVzfImpSH0/pYikjj934rYcqhicCH5E3UKwr//35VCoAiIjFur2PJ5phf1b1HcK3jbqYN+NReVz0V+Sa8/ey0/0iDVq4P6TffOTui/34e0eJaicd9ZxX5qVuY/r/iQvsr2hS+hUTnurAxaM1hQEiuDRHkWIkpDJ+Sxt8KzTaf3jiqgSefX/Fvo68bradmRLp5/VgNtJwtMX/79+/yFTXJyikj823CePYY0aFBi/vuptfbkNMX3T9UNO/lnq8x3oRgZIWkf2D+RD0Z29H9W8W4MhIzW+ScM2UG6//3/dVDr+Wa7wRf+dI+Ukxjqj1J+3t0tGEBJbJx+8OKnOt/ou6xI7O/f/mPxbEhQDc/ygkePymZM1lT2pCPuODGAe3r3Yz7mxQySPZE5qE7VpEiamqevLxZjn89iXzTlxOEG+tz8WnUqC1ybia/t8zxXoRRBmCfS1gWACs2lIdUGMKINxr1/zyEk2mHTDBpykkRl8fWfB94IiOVkVFZXJ8q4j1f/1ql9B8bdI+TNCX0eAS+9sOwvmrC3qq1Ig+bh0JfuDz779wIyoZJf/Nkqy8DDdZmjt3+CYa+xHbSiPV/HlZr6tGDV+PSr07lT5SAIgWLohr8rPIwhzvVkieRM8kd1btiTBXx+8jpur4Rzv+cdcMtbEDwbr45IWDL2WRfHH1kV5sS5mcFC1X2icb9ndxmstkJ6gxNF3Y3ovUEvUXdQ8K3/fs4U8RDXaHTMUKWoGII7AsH9zt/n+V5UeeZJ3b+u/N4Vqug6CS6Oan+oATGDgJMRGlkbXImKs4OZAcf3+bMc4yln9kE+4DRAw47W3PbOfVL6q2WLZRkoml+K7bZEvVYcQMbk+ca9eHCRmXOhTPi2LyDlVqM4SW+v2mNQ2kRBoJNERdoMWy2XFHQFCq/vceXdS+3gMMDrHZ8fO+ROPJPOKl8tYKuJFg1nxonnNbbKcbA5ZlyZIM4fg2AnBNL1Z3RC0Xbk+2Ovnd3NNHydUK/FFy1E+1XAqjLnVf7nwbYPbcQI/N5cn5vyDsuhOS8iHrhzWuVa5gVbnu42hBYYPXVqYgZ4jm350nWOYfiD23qt47he/sPEBpwFJ483sHPEWyTEjA1tYo4CEzlsJZ+WIgQ+rhia4popaKpcI3p8XZwm3SCqEzVIVnsbqa7JrlJf9JiJcU0rIvqYN+iCk5Y5yDsl7YfCsc9r2lXciE7rwdQ52QXa9iLB8MdeCcfXCYtIjLg+MYya3eIicjvD/emdt9oi1O+4+qdSIqfbrqDuqeRxYhaeMCrSZqrWB6Iat5A4k/zT4YRfgYEKIQiNWgLhKQfyF/4Shxkd+vnHs4pL0jEtn6qOkmZb3Sbf1NvbCHS1L65b5YIC/v5gG190cF66o1/nY7VmdIJqL0FZr2wPup5uHaJ8E/QHjk+hKWAxM4hhbiVY9RUrPEpRyPtgWD6W78I4RlUkRTw28voGLi4ddMS9c7120zWZxLXpFsRUWZLdyWEkPXcfpxB/nRpKNQtkuWhi3j6Uo7Z6n/5CIVIu9OqvVwifIqinsTeSAZzZWYbaubtSJ75ilxp5ejT0c3iMkpV/qdvnhrhTgy+GPx0P2sfZ0xjWNvSs64c/gVTC0lKU3C6bDkpf7J/fUTG4VY/XUszCSkIIe2W0N+NZYxPc/obcHbbtSZRIoAgZMe7OUGESHQO1qLxVRjdXaQBaSZCc6KnAKw98FPRf9tj4QIJYLDpiKCd6qQaH/A7hvQbH21MNLQD2KyTzpsdDFxcnHtMnhvSgp4B2kPEbd1qMry5pKyIvDi/454GN+EinsyUARt5/T4C5jC/nFaK/9YgDT+ZXshl9rxO3eDIvgMERkfVJyRN1WDlGNP8VYzAp7+joTGOMA1kBn+XYajQcUVM7fO8nZ18+uCLJsFWqZZls+CcJwbIvm8esV7KihQO45Zm50mRHmXgDTB2gSaQZHgGhjX/9JuE+Km/OEie5XYgPJ+i5ohmmWXAUj7Hg7huCYwvsI5jEx/bl9rb86GPdS7++JSlOrJPAtAwnFCre0QHwGBGQcX9Pfm915zOyv7ELRe39sHYq3vlNKoInbKPVOJLlHmDte5JGMtoVUf7Arpq/dQnCzXeyCll5+x/8ndebJdPbEG2EXWccMB6y/04PRwNBWq611pyk6R1fc/my4yNuskCKZvcIkLEBniSLunhWGdWEk3Ce5awhVOaVUq41KXyNaJkBluhr/U1DRvlK2AqILLlaFcnJBmHXEVF/77Cr9Bbt08jVDICx8gyo46YytYjKu4cl+7aCWFPNwk03KJNKTQntNENdzSPLA9iL4ouk4OI4+RNX+FyrGfJBdW5DxKjfhqTmjgcVz5+a8+WHOWcCTA0FxbMqKoVYvM/q9qZ2bjVE2btGVREUWHhnYLgTLlEOv7otysrjkAj14ZUnpzW0Q0v+H+NsOH/SY8j9Hsdb/wO1uaErMHUIpCQqgcVPBztPmqy2yFwuC/jMi+sJnI/WVOuMOFToPYF7gdgPyrIIVP5R4RMXGwIEJSDBXKxHHU9DJiRvenXGIBAKOdOCjvS2hL/iO9JysaTjbr5UoCdXDUlT9bav2SDT1kmwF23N9l0MUOlmNKV7b65XpD7Op9QZgxNPkG+CFzRa5fFPlulgA198jhFdvupL+71nunFOMKgmaSZ5cMKflnqf3YmypUoMCXzqW9neVbp/kEqdAgHsYqujBUQTyipTPZu2h3ydvx2BOXeXoy9l0MZb1QbPIwCt1U68h56F3yCX8/2LBzYZen9Q+GYgLe0O32W+71/kbeAWNGpCtAqrkJyFdwDWXxiP3rSPLo5elnaKX5AyjGd8iVtbELNpnTtUnpesgvaHhal2tDRbt39OtCJyq96nsixhlNje8f1nLP/tTq0K/Yvq2v+iOqSq9A2w1BRM7d5+AnnJ1RcNS8tLfVBDEuIsjd9gBNCNS5qOWgqXBlHyW1+nUW/RW8jg9qJNJFYk4B8m+M1QMKhmr7y4720RWFD6oeVzBrNcvmz2kGW5jsTezXVncxSQ4ZvTlR1rcNDhFy2ODlGhDez4V0POMrzE51P1iZbIsa1zbcjn2FR7r4UhO7MfhlrEMr/slfK7mag7Il9C8mVvmPAAX9y12gRMQKpozbk6e+3YO1y/a+L1abLFZVSSkvDeJqHudNqj331nATwIXqf3RY38x0Y+e6PrKGJSfzMNQBMX0t/OThR99E1Popr9MHIea7wlc5rrlML1qUrE8eXILR+XOpa++fx9RrWmfsl7n7nXdewO1APRtSLr2qplGPkCSY1AwzRkWL6uTd9IQaNrl/YOG9ZAQi/+3I7755LW3ge7TOiz37hgO3/yfox+U2g+7N8feh/5LJJ9t/nY2vVH1BWK5qUoh+zeMMy1vb18KRbbZJ1msAN0/tARISkq2iBw3VozwXnYKr6aWsNogNBx0+9g4vSqTV8Jmx4knYbg821n7/AVcjKisEJe4odkQLtJ11rErwMkmWY4H96MpV05zgMIcnQNDcfphL99UEs0VUw7M9la3zrVlxNfBxB5zWcblX5+EevtYwQGabugSPu9VjgSOIFAgWK4vqDdMdCrXAc49l38DD7xs1aJG40Satc7Qz79+nkOfMhw2CX9z0A0YFHy2r3x3vB0xYLsYx02LsmG1+YEywSLl46F6c2rQaEQRipfx7KywJEpPkBOJZkpCJSObs+9MaIRENjrYEr+uMfDkrTlwGvF21wlfbJyBCmTacY58PEtjF3I/Yl3nknSEL6jlg1mC7N0aJEzOAAZIf1ZDqLC8nnkaKlmBGmC9wRs52RwmO8P81NTLiAIaID9aoJPc8yLhojiwyNEsdWBlMEF3TJQH1kVUt0WegN/kq0O46HE8idaEh9McR33CpAQ+TgLl1smY1SIH/Cj74jGYS3Co3VR9M0M6a2Ec6nVj0vOBspuaQ3sPgV/OwfNNah2xyaJQcZT0N73f7idfoGdyyHmaak8s2FvzpRkSaInqAoglfbm+szK2ky5VlHLh7V/47buZQ5dPCNEp6/VT6rDf44no7+2oqrq2NUgbj59lt/745UdgTEXyAOtOXmLHDEdyB789peN80NZAJ0qtiBsDoqAgGCczhhrmQ0x1MArQRTidBOfsmqrup+T30LaTicocQaVPnP/wh0F2jsPqVLfITVMnUU6rCVIOCKbQovWEcbbaXEBxPeXLUG9wUutH5NKlMLOnNbVKSFZHd8RpzjzY4BlShiwcMk8/ZbO3kDkP2ZHf02xkYBC7F7/0+rO+aGzFt6WhlWapmYbvXlQFZ9PZsRbsly7+XbUWx1EkYSTIjrokGHL3vfzQXQyKcmvQFt2L2dO2i8QP/x4YToSOwCrk38p8LCmVOtS3xZWNCMSYhht1P5ccRNyEWnxZpA4kDlSHeN2D95tPt487Eyi1GVxzg5pIlt62MQDrGlTS33FmtRX89yIqiHj6MekyvugGJl8qQvS0AatYOT+iZObjCVxRewmsb+Lh0GDsEO7SQ1wbF791sHg7LiURfrCiER9J6VNeTJRTgQodnJ27g8u6ESKpXi29e9Vu4GhyzscgQy7K8AJ6mY2iFO69PvDP8KHMMx3kW6C2bWgbB32+8JdAxtMgX2jBCtIn5x+JgmX70BRq2vH17qyP1NJ56gcoFe8D+OUiHvo4qCDgTcMNCQ40C+sOmRfnu3sT3R5sJtVv92Y0z7lhSL0cEeBASPLTwqQMRSS1r0+9JcWJISkrpuI0sdW8caMAfkCIz9U61R+nc8A5HL9scIz8a0KMnrABYzFD59bb5fL6dsSUcH/ou/bGE/51pbZtd77fgtKcolR9AJypgxiO5G7ESlGGWtSYs5/NPkMfo1L9Bj7lrAAJUHl6Qd6QF6gKD0UGxga+C2pdHG8MjOcSqOKeJBvamoVt6wVjsuAr3D4RF+aVAmDxeVA+3boq7ssM6NCqe7lIW6T0QZ56WoepTdBdcBe0a7zDkmEFrg2N8OQ49tFx0fwrjMQDzJIVnQHJzV0vET1vGYwfgl89KEorsm+mzK8TvkFfvNT08ItnAFmGx7va4PqPlkI9/jcZ25boJDGetMrdSMpCbLg+sFR0v7CXuj9An5bAZxjt4PMRoD1dY5NfNPWUyrHHJ8R4E4XCy7MPZiIt9KuqdjwZh6mxz47ZbyLJbuCa8wFHlOJBelgHauT47lDsMAlNVdRT1KvWclvWRcuxPzq1M99GPn1MW4N5GQR6nAGYYn9kUCKVXUg2/3d9loMjBz8u1+4jMkyN7kq8SEAgAw64G6KQ3M/NBCzAGrJac0/Yf/ykMQ5NxzflmBZ63r7lLgyFYeSeLUgzDQrk8W4sqQ3ffe4RUMj/+q7/ESON0zN6V5d2iCDjKFFmtwpSp71E19jAk/rQBjtesmhGhkgMkQe8gmWsdz0tT8Zf8wDxQHG5NBxzHxAc0aBKXGn7C6Zy1PORi7I+LA3VACNH1vENVxpru2LWwGoja4c080f/IuzufrpJ6WZz9jzKwX5QGw5m37gEanBJ9ZXCeLc2mtZXl/icmHn2pats6Fo9b+G9vMb52eVRoeqZ+xYODbDAmJAiWSXuYkaCILFda7a9VbenDRGwv915ltle2KgwYS+CvGaQI45W9QQ+BiFmHm8ap6kDyvUnReZrDYO7uptp01PkZa9KDhHNjFO7yAjDIaIwioteEsEAnPvhhbBUiOO0JIe4MimBLfF90nFnT3cjjD56/Yh0Nuv3pSYL6RSFmwRyBjbPW35YWZ9d7mrX036plXbJXzCwZN1k+c12i8kR1UE0QGJGKwQ7UhKodjvzcxdzdieLsnqlbO0ssskYdaDEg6OxvZJnQOf1miu8Xjg5KRFEjGcWva4DKid/2pIsd1lHG/VmCIvjw1t0t04yQiQ8uZXQlWBK68j2AAaFzxffJINwA/JeozFPaiklu0dSj+EFcyeZLmJQSrE12doPozedbWI6hBZQaSO+mo+0I9g+KeQr5LRjd4HQ7cBGYEtkZi87rZxpS/mJXZ2SWIvZsJAVLC57f32g1tQZzjI9/SaNTwttKn0a4z6rY5+wcUReM4KzPn8aYOLoNs+3myR/kJX4YYmTsaQWpcAicEOygaZgQc7eUPpX+4zMxJ3v7g9DOIoBBjaatngVIv4/Ysqr7PN7ITpJh/OkHjNnqS+2CiueFGv4y/jdKYBUCswfrv5goepJRkAFCQqjc1SkvXGv3EfrE+6XKvB4W0k8mXUrivinqLkrUw6QcgmsNc3l/Bcb7APE1qIsBM/GNl8qPFzTifbgBTOfMddAFahOqkEIPgEyAnYEayBf9ICLApWMkdu4UtraglOPOCfPXaMw8bbG14LmPrKUjd8lfQL8uTx74UtaMnVm7LPF6Bc2qT5t4pjQhX6ETWXMxT6iV4B1vUFfqXHIEczHmZMfiSRCvhUh+dXm02oEyvqCPOgIKi8EG7/BKm1tIpDLGeAJ1qVSr5er8Fop0Dr3MJqKw/U6NekEDOsUN9DRTYOTwnQHRo6SaQyM1f2FQTnC1VNYjx4HQxvEKhPD7q5CvjsO+X9Rtr0EpweGNJnOgf4hcSwr0Np1MhNuLEKJtoOnoVb8eaJhrm55+p74QGX1fREofGkyICa1YxzW39dhRXs8Zd76i9DuNhO4ADTNXD3qQnXP77QAnCWn1+cEkoKWTR0WKNFjkfQg9gU63TuS4jTVk80YVtrSzwyCNDyZuiXNYMDT8g3QejLe6nndDJxGrq4XSxDpET3m2NF81SSXyZoKVhzajQfiPqb8zFJbP3Vlt8nu91q5UAe4AAxFbCINkElQtGjQj2+3xfk3yLrBeMim/f9cQs+vTZZdl0Sjf6gCuhNEUY6OWvCFfErpssapJwH3zuqPkLWesB7OLXV2SFfNFF2R7ZWrYTsi8CdpwvbVMtU2+d1ac8LIGw5n5vR8vpJR2TNd5AgcW5Q/X7QPFnhpHptIgbDRhuk9jAxsL7FGnJNSHLQ0K0VXC+/psmhdXSJfLy0qGlmQ22EqRwPiaHo9rE96+IpDfaWfmt3I7s9X9VyF6SJIraVNjTGW/rXLVEH8VI8kOaq394WwUO3z6Gz3hwtzQ3UB7e6hOw3GK+TzTQGOOz02hVP0Td+w2EEbeXJjchbWCP51F8sAGcxc7wYjyTmqc/EupR39HxGhVLcIbjun8mLX0zTZQFWe+IOB/dv1RJTurOBf7voxLOt2cCB7/L4HUkY/XnrAFrQ9GLc8Zi/AaIEP37JfmSfhb4PvzcVtCW7VpGxGi7Bo+1whx6928OVusXo0nPX9Iqw7P2eqr6Bf148YK9dTxBcagbIxhWFzqTqJ/q+kN9U7uk4PCYi7ocb5bK1Ne+dGrfunWvu6ODYEhMzCd/noGZBwVA2p6BPw+WRVhP0Fkxkwd6uQPfOqqGgd46lp3Q1cWDawHsSmkkbkrO9MO+5QXLrxfDKOnrfVKH8JdHz7qIwcnGWvfJ5Vb18oc04aId8r03jBjrH08ckJcbdhnN0BslLEn+ZePPZVCxihHfdoVITgYymEMWGnCRPndi7jw30YwmfH0iVbWC44/oRLkkbMTL9roj0CYgJ2SzWEI4qXHdtz8kOJKPaJQPQwX6kSqEq5UWCcagCyK6LHrv1WRveGKTennbzbYVsNVKv5y52YA0GuwJr4A+bIg9oNq7zL0vZiwx8gi94/ImtxJyODAXz9hFCaNhdIRb67jfVNfEDLnaWALet3U0oH3cdXqZZ71ZO/r6Hcb+seMUxL2Lu0/WFYuWT5nwfc2+VJIdgxqzceuvT9IZ4Yhg5eJHX0A73SdNPgUnX8YJ/GwADEtI0uB5T/hu0GtuI/6u91rIapZtTXgFWvuEnFSnWLpZh8AYNcc73WDiYIETOr/dY0OqUw7RLg+CoY4C3MeZgNi4Stz5sq8aIhL/6GayNc3qVd1xANNHPYTHs6+7zN7jqcI9wHGdMa+3pXo0xUK5nnnerEJUOrKdN6HZv0qivMgikUhqqdIgfYNs7IL5KJKQy1QuJda+85KQjB4ekr9yC4OOPcIBYFheoFSIjSmsNH2qhwQCJc+nh9mQykECBZGS9vpxtlGYfpH9v646YyYxvEle+tKLWfgMJ1lbVJNdQpFCu+vo0XLHmrawo33uGqmeeE9l7qDPEvFoBAvdjga0kopW/rhbeR4jKjd5+iAYvEr+8EBCSF7fEp9wx3DeuOb7S3Bp/NPVommORP2aOisgaM3WehKBrpunM929CQeLNscJBYkw9lTO1dtbCENuABZU+OETSGffK96B9xkzXU4BPMFNRC9+efI02PUN0SDC6QFjlb6xT0E706dLV5tGCuKJPu+2de8J1ZezOBx/npdJPO+x9orlFqdDNs06JJZmAHHjG8syvTX9xj8Tz/vpKef7+JiQTxD+5cRk0v7kPDowNTugVEgmEOqy3ATXk3BErYaOFNp+yfDq2lGFg4Vf5+R7kFpS/ofRsqz7maCLMZqEO8hYzay/t6nqTi0maJqpr3tyV0i2yjnpWHjv3xfgiKYLdNKSoWHbM5hOSEJ4Sab5fwWJV+3QZJ3pI3QjFq7D0hhJpqclfv7bh86ypmoq81b4C7EF/V7b2k3+Ua7bgE7S5WMdVZfERibYwVyEjQJ3nbRTzdc24AGNaAL01l++jbSEkvxXRWBGFn1P4Otym5NQRmvI10PwzYTCeTJW2vCgSFHKvGC/UlK26nI/WQT5P/9Rv3o5Mr4o1k5SMunX82IA+amMnFY0vf5uo+La6THaohxJPbVPNRJ0O5jr18pduvemMspRyiWiB+VWWkpv6pTGu383VxubnMFzRWCB7WujOBnM2Tut5SDR9t3NTEZSW9M1X3uc4fr9Vasy2brJQyJzyPokbxiHNkdHH2dv7nCXvZ/MOajxPIcK3kf49EGjU/jRA7XSxYmvgpxW+YpFzU8rdSgwwWuUalsvbtBE04j4zbIJg0NBO1uYp906lf96WlFVod6s2yYb76AW18WZgkfS6xNFrETsSAPn6gPvz2mDMSOHmXCRDqGSkiv9FesWJAQKfyc5BHIb0c5fDrJ+JnYL51fyGRtQWsnZqMpwNw2BalyC0e5CA1DCgGZvUlYn5N8mNP2cjQXT8kQFMQn7ZZ7GWhbPXDzeAXNoPgovtJi9XSfI+lRIEXE5GA8rckhKsUwCqAp9337L5Np8bJYix9ZQrsv2CdngqeDQ1spsXx3teIZmbAvb64GUNbpt8nRXWYjsnv107fnxgBQvOHW0UKv6Si7vA17TtP6lKvDc9s8gam6CmNEDHfdSoEFscNB2X85IUskuxxeReGnw7q6MJ9PwCLicowdNvVdXWuPog027FYXXyK3XGBB1hnTFVXZqFYlFOa7NrtPX7bNqD9Lo5JN4r6YFY7pbNvyX1BGHoBdqvYMv9U9FnMBDKttL5z5d2SAt/Z6c4e+6vu7n+kBOR21UC3WXt2y+UFtiCfzGFLaYcUetF9NEIGiFq11Aa7NbIH1l1UjgzplNv8A4mw2R5gRYlNuZYAozB9iCX1hGi3B2NQ8ouo8dblngHZVhFMrW3K2mheUlgfw2BGSodirfChDMmCn6EhL5eKVizWl3BtG9nBLoBvAQSldYrw7QuQLwJNJNUZ0XAoC9b3eTU07TwciwJvVKrSHM6cvaoee/y6w5zKYRgPHSo+Wf8hSrerljjRO3s5wWwfKe3vHbSMOjoDWzcxYKBQIJSiAUScevAC6S5pvv8I9Ib3dCWG6mD5lpTJYL9YoQ1N/tDwxIw+P5RB1ZkJwhHpEtCwmamV7ZJzB8ynT6cUW2/6+0RpCNXAd640U7qHGIfskB8nLAp/pJZofKjfcj2zKMvmNdy46eNTMpH9cqBSA7UCRnfcuMlccb1LRKFHX6VvIEWidxnZXtB8xelkDdTzLf8HfIpqrMjSYAT1hXMq2SFbewHmM0dRNbCefoUgop3m/RriILzBqrMIzZNo+YMTqfI9pJbX/Q0sHnpyzj2PjF7Ythv6BMURJHfVpr5OGgf4Ko66YremLvfcyFoHGBPBhxOsqydCIkaZPsgwa1qKX0VeQWHEQFI+gv4jX1At8glw4O4DA+K7SlZIA9CvTI9CPJ9/dCtyz5THk6+usbHwBj8cRagIjKcvUh/QrA8Yt9Y8L9UDQndyL8tA4SQfXoq4YQD1ESHGSlI3OW17CiKwxtw6qHpu7YnRpISnTtdWYQnp8Ns5OPd6LYeM4KRfLssFN0pcRhzu+E7o6EyBFEg8GV7UTvWukjAH2NDcr8+GFFucPf27A96c8xwwlBgY3jkqKU9nqMJjz0acAJsDDTYtCvOtdczXO6dcYdfrUKyQffp/nq98Q0xHXh3lQniV0cmPqUUyOacfTwvX1BsSP0X/k5Jzvx1QtYEm+TYt31mfRRcBDxNT95X+FFFvk2y0qw5m+Y2gSJf4aQcQB0LUEmD+2aV1me8v9ZH1mEpM/xxxujEzOwhVrKCOpmz6Ss8xvOv1V8ynZZsaK/Y+4sisbl23zKtFzvZSnguGwpI6mfgu6GUIPn8QR24WwhM/G00A0RAYZna0CfvBYgvdIp4K5/E7rNdilLfHPYLncV7ZzLUCXZYKDvz1qUu7b/R/Po2kmyDPTBQiE6npTa8ilgK3TXvM6hCC9Y5YWlQcbdICdaNLrgqdPoIOB1wE4tdVPw1bo6CahUVmfpqmQlRhHqWfTsfBeWu0RZggoIEu6lZeAQBNVmj4vYg2U5MjF/yGev+tQ4y6i8JHf9FcY+JaXprufB+ys1LdF/H8RbhfS7oWYee9kEYjYzc0/4I8Zr1oxsS/QRSI9DhIx3ErT8drEl6m887Fx+yJnnEb0Hb27dVeB6IhbLcAonDzghisQbLtWj4dYywcsxPGZI5Vh3M97t3IX86PtbMeNzyx4SaUEVpWwuficrSrzZUUT6GJHXCVUrs7/JloxQhAWfE+JpPUvyFMGT5Ns4v4Mb1hGFSMaeMl+xzZQibtYJvTIUXjSovsOBsdNVpF09IfK6WaSCiTa1smfhRnzP2/QwDqPK2+RDZ/pl1X8Ynk0plrL4FmUCD+bFASt5CINRXBLntCbYnidBzzG08kNV83mDUic1FuwCgnrzbF6EQCjxhfMiF9hpZWLW5bfX8r9irud8rUEgBMu63xKoxN+FkVlxyjhIw5unm1cFxm9RCaUghJWO0G5r8vcNK/gsaTmRTFEQgHwWR0CC6W3ZNa4vEVGm3s1IYvubbfVQjzo66Mzkzy4wuXWxi2xv6jnJG4Bo5JDH9VdR9BEsUkRF0JJ4Tgbw+2EI6loGl6fiLRqrCpi3+tju4FCXPALEc8C5FPqnegHp4FHnrqhotJLbuTv89A8JVudcM6Mv7DROYZGk00cSgP+VD3agabxOKoY5CvowcK2Bz1mMzG2yaj6p6TZP013MVTTbhWaCfyvct/abhe80GSB6nuNmEEEafOsgc6BF4m9FNe83gPMHHvyrzQ2ILES+2g+ZswLdtG65U1kZqiBtLMfioERJrinqwZ1QYWqIgBeyxwM+VilG+abbHlckmbtoP+b4hGEV4y3HLE4IISCpcezaOsfrJ8sX55TeCbocFlcwR+l4VG9ji1eyvhhvee3yHpdDrdwpEGBCJYfYwAxukTzTkJmlpG03Z4U0THuJf83UG5DvZJb2ESdRMtBPutreRlyBJ8GpDP2TbE4tIKv/xlZMVaaeI64HfoVe94swF6kqf6yjhqJP+1jbM5QT+BUR0GveTAHwVoqf5wzfHWZE2DZ4aV+R3csSr21Jb8Trn/DpyesIV5JZ0taqimyBmO0rTohfnac+xVHhj0dNsDLOFRxSLyDNi9D5ALpFfB7v94o7Dvj5Oo+eMgpR4TmPvKKF/5Lsli70SBPuOsUfPiH+WVOb7GRRSU5ID4Wjwr/uGr6zDCtKvUPvN0hkNGn7yDYBZ/pf33AbEC8cvTmGOw70Y1L0dADwj6UC3zv1d2jWDQRS5wFiFHYEucNaUHJcDhO+5+JuOAJaA6RhNV1I2DXoTcTGfusgVfk2x0yMRj3Cja7iWMl+/aiLzRvrv855Ve3y4B/rK7gcXS3Yacw+hx+omFEz8wxhFr0gwIZIeL4hUcpElUTEypIfAAZ8w9+yQF5750JZP+J5x3N7wNdqI0QSL4Og3LVWYims8cwccgDVcXdoCYUjZD1s4SP2+FpR5ST5gCR6cxt8HQXmcqHJjl/UMnzOfZwJ+6fQ5yazRoAF18oyzdmylQMrFpdHSsLJb4fIfbvzG4IVzrJ5yrvceq9ZYyCxoGGs7mM2vyGIzkFF655hUzcitY/ZsvOEdSxi2Gu+HpJkDwvMgRQqlo14RWWbKgqLmF73DKxe45lOfAHDd2FSW16A5TmgsUw4aOx4ldxjoZ9LjHKUNjgkvkmJ8iin5gn0N4cl9ucU8zw4XPnT75Y0cPcojIUxfA1i8agOQfWoRruzvV2ptD5GCNKfSOnczbbhO9bYN6LltBM7asIlSggyxYng2eLcnEgk7l4BHL15xOiCM9cm1Q5oCibY12xCCcImy1e0xdSCqFuCLFez8wnhiDG/65VopchM2XCwZfOvBEC9BfV8NB3Ccr8ANpPcYSPX0Eokyd3glXm4SvO2nRII4bAuMVFo8uhPgEW46LLoH+rrZvvkSHTt3RiSc1Mpxaewh+AnOAdFQ43O6X8nOFBxv29DSocHmLtLRbk0X1Uptb0Ou8zQNJ6LKRGxLf0B0dluaU4K99hNdZQ3m5bJLPnoolnQ3n3zVML5aR3x9wRMAqS3RbmkybMHS+cGvX7GUwes+BcixtMNya+1Dki/SSAFSfiqGOWqd0exU9ey1rHT6TLO3/CKqDCTeyCaDEweu56+5WmuTDoOBVBg2ZKBvshlMjXGmxsaR/ku38qUrVQx9OmXDn/tryY6ghbdjGc8ZPJ1aEbF3pA3sx1x2fvsm+pjF0aaqbJLSQX/b4ksHMZ0uGYzcWsywDHC4Rgu+x5tKg023pMi04fO87f3dexVJuKIdsUSpiT6H29e6GSVD1NI7mtR+NuGGGLC4pu5vswIPBWixYeeZ4hlilfLjdeAdRcLHOCKLZtLuR7jgdIX4fTOqywKy9obDePpQlIBl2mYmYsPJxRypcU+3v1zcHO0+YR2MKOrzyEAjuiRRGa0yHXp1cBLN3g81naxs76ip/a5E/Do1/dzAyAXRzgm0NxvBCCPzBbzoZhfNy5i+FgH1NsKtXWdE21aVkYivganbH5JvroFJmjItvS2BH8+zW9bABqfWlKiPEg1HF6FH58LmjvYcN+Zja4ZrreMLDGc4Or+y5cpRQBoKJWryFT9SGtGBPtaO3mRw65YR12yxX53UrJtOZuFev9aD13sKvCiI5WpkHGXvuFCOvNcrSVPUtsRFUKlbfN4cCzcqZa8bw51TG8TxVW8q6sQ3RAuUh9s+YOXX+eIlWEmGO3rKXmomGOS9auUOXFp/qBt7EbMFNx/LBOhZaH5hMier16SECyssyAkXmk/K/OoBMATAHxGa+sEaF5kbMR4xeMpOxvE1QsYfKOiG6JYVlA8bWVcn9AFyVGy+X0PBMn1p/d0t/JYb9z4KmINmAwAeD1p5BKa94pXQhJ9zTgKK7FF/7A5dw6+U2/nqxsHnvs39N/HCaKLMgNixpQ6wVnad2+J2T8dkivoK6EI74iFd5TeHQAHs10YBoQqFdMOJ/2iY9UsbtICTSKPCWROCT2c8BEgQCn0cAUL22Acrm0m6KZwdo5w3HCvfjE8L0Jcp3Ho93whzMtkN7VW0sCUL8DvAY9njht/k5pYZiRhTz4fZ+1O80gCfEB8GEhoneqXV8OrLCe8FJOH3rKL39xcBifMlQtdHQRjP+71rfkeNnUYBW746HeGavRurztc55LhkwkPQ9+hhBvVhRB3OFuLWp8fTGdr9LCdxLDifwlVyWANPN1qQv+YlJahYftUAFEHaIJKhI66v7C380u9XgMbvnxKqbzfyJKSlYvjjHuQCXbLRDMKVPMWD9x234lmZOvBVhokCGgkI+O/HHNM4gVnJwt/f+vc8WFZbmM1rr8G4V5pUz13fYNR1Il+tzUh134+zHN3xxn/Byqfb51nT6X1an5vUG7TjlMcK7+cGLZ3D2gioUFlg6BbNcxFHVktkqgS6BuIbIvbKoU0IzbgYQYmVp3ykptPfRb0Y8XNHbbTnwrVp1xK8KkngdyHdl6fxVuB0wi47ckdjEfH3aEfE23rK0K+9RLv29RlJ7z6c1zSHEM+JnUjJHP5Yh0sLFaZ9+VZsZo481RUMnLwBCvAf7eNaNhyf16aCBvIptMg/evYtrZHpUermNpHyXi1tG3rE18shllwhnYl/Kb4umMT0BTVxfdCD9l3n6kkHDwNMw/2JZwZfWeYMTuWto2Q3qmYR1FL1k0dHYrcM3sr5Rf4gwNlyJdnEdZbR5kjX6x2B2e5CVOQJch49arSt4mIFSg0/5ufNvhp2118H7Bv92rGhmUCetS1tfYDE1erwGzeeBl0JLOKec7RwSACBIfzGtfNnilZPsfm9rB7jOICeeKeLMknGLuZ8VY4D/gcyEdPGYihs5JJeZ8cds8CN7tcMcR+0Po7pMOyV6KJx94k8IL3fvNbkjB0/oVjlUDkcDeKh0686L7tP2HtNwINSdKetKtIGCz2bPTpDLKTf1gH6mwTyQzQomqfAynsMXMBA5Xuv3i4IRfuWnZn1Z/82T8+oinngJGMl41acAywen5yO/JMyRmpscUuVANXdhPmJNZ7uPHRlduSsoU/yhJ1f5gcjmnerDpodjpwI3oYt3GcJdok8P43IikjuQiRys1iyiN8wWWDd9mMFFeUmHyW47zRHQknCmzJcJD5gRtLcp3ecN7slKzvGts7YW9IYYxwABAYzHBvtlbfBPPFTgywyOR16roY72gR2e0MxuPOiGjj/Ha97mvzrx2Kt/X2btfZddPDcm1hKOV+QDRJ+9NlpS3JvaHO4TZq8aDlNIT14TloAzf1TB22wfuRWaUcxAf93N+G1MxjbTb5BRJxMw1yFW2V4RAGEZMY5H8OBHMDA3Rgtv1Lvtb7WkfGmLkWg3SYisDVL7n16ryZrjx2gyyk3zEtUdTqlZconSnqmlZy75QTapbiTpDdIPXOTjR0wUNyzxlPVuGclrMx2aujbfgPZSbCjHjqN7uu6ox+78ZEOwfjOcBL2/Spi+kMnLl1HzJSmU3rVfexlzU3XqX+3alqMjxQeOVCIvLLdQSH6rGBeWm7x16LlcRC/aTyQJd70CsEpSDokgPlmwiY3B61ATHFs4rTKY5RjChKC4u8AWk/rdP0+1iAYPqiYD178E3Hj9qCb6UaSMDESVeUE/e3m5P038e95w0SUZkZtMhtCv2DcTtRf7uw66u9UFn7l+EWRDBJfcnAFTQWBW6olvx5UGHpk5/8g5orkeuIXqCHm0WF1LFMbCDirm+tICMFiO2pNFL5qj6iJRg0kxvil4Uzg4PTNFCZb7Ybh+pfpi73wWofqCJKHq0FdyfsaBQpaJWiiEMXwIh8YvczuINDb6zFO7xhrJRx1IUzGVEYxwHQENl63oYGntqwIcw6FdKih1RYtMrXOlkzawM/AW7VZKvqSm5wWE48ECzKGCMH6D8YYDK0WOTYJnK2ZtLE61HiTqjYP6NOdnQWFOWf2+eOnqjkfkbdEqsvJxFqBEhk+nL5SvNh8agKHGTrYK7kdoYdFs2ARZIz4TgHJCseFteNVkl/sOk0tbZA40dSL5CsNIMTsrzk/FtJTwgWCRSl6geaJHho0yPxoJKR7FKH/5poxYk5yV+ow6euz3xQl2Q+TqQVb+ABBPvYwWz/XAeKI/uLS/jsD6BPLiXbshBGaooORIEMS9QZZZwzM2Jp19SYqeQQgEPahOP2O7RTOlEEH7puxGTXpOpmvOs1ZzUcy22wex9T/hdUwor5pdAKNXVh1AZ9hcWCqrG4ywZRwmyEs6JDI8o0KtD/7H4ClXXs0ceoRd/xMCWxIRiLiNSpC950ZDJ9Zvgy837IpowWnkTVimDiVxGwBpXlbg4vuh1E5oZEcKSfT/hSZxq8KHtxwP6+I9e3rvVKmiOZYeQkv+0k5rT5fGQrjyxUs5YWPNEti2yvDy7j7a+nYG7Dcygd6HUL7mu6Y7YuzvK/MugSf7aObOzqGcBGUlGb9br1kH071YfjNKyUwEoxNXen3lSTls9x/ElnI7VLWytbfoOm5tR0Ctno73ST/GBh/mIhkGKJV8IiX5Z5w+6/7HXA2m8fDjYSRI0sKa4Wfd0p/DuDTLGpv2Ryu8Y+QX+r0ehoNM5qbdI3gMoOqPyTx1GQgWfJ+KxSRZC1niApSOZls7AjWO8e755H8DzTUHwcdjBNOf22SFtglaxjKAMdzHhhg1R6QBXiI45C/dYVEkqdKKQR6jBA1LQPFG+m8BYJZrQThaQRJuh9/okC+hDdlx5K+oMziakq2wRN6GfIXUYKPPRpr5JdwPSwkXpFPYEQpTdIG9/y9whEjvyn7GZe27j4IDxcZfP5CAvrFuLpekupE2HSpmOajKz9q3JxPdfHWq7cmE+pf+CUEO5nWWn2TrwnNb50gvKfLpGqKcvJIoIdSQdYwN5ArliDDIZMDezHczyneAGV4Bm0i+SNZIMp5pP/B0EYO4IftgNkLI3z5huUh1AvDfVxwXnKkczVvJTyY+84OLi8Z9m+5hROtWHhLYrGYhkgPGXE9OWpoBKP//VbTunYrIKihJC0rNVZRD0peply8xYLd2Yx0vooxCXTTCr+43plEPac7Kngj/QJX56RMoqnnPnV0Mxe5IdATY9cf+7wJOtT1LRcFHCBRFNupp8AhTDZvKf1RCE3OZS//9rm/jff/gJqyodUVSPPc8b0IGJUBNGP6jRmt8XUOUZzlEOb+q7jz45AxenFXktCXlFoV3ntegz3Xw3rYlEvHTXMHM9KhyviN3ccVqLVySJgABjmPNVXPnFhT+FrVm91Me9u+1maLtr28Ye/vhqg8rLeg+jEiqzLLQrl1xmJFuYKmMFERRqB+gdnroIUMjdObFMVEH3c+O/2iaORI2IGfn5T4dGj42qqotGYLibRXpL+DJ/t6NLrwLsHxCpQESStxU/QUv4yO8iq1fG5Q5VsH5C+sCE/3FI2/mNfvbVss0NVL5+jPXVo1XK6gHRJr+ps3Y1krwgVQrJenuKc5sB+b8dDeNW/h70VUXEIe2U+GTkk8mOaxSdX0abjRgHsO6EaPINLwvHQNcwMbrWJnu424BW1DAmLoKtaW3fiNF59jmFcKVBwMIQXx0jb8K/DDTF5qv783X7lKV8irY9d/rJVpNvuCRYt2nqGPzfGGaXsxBJd8hXfE5WwHsEp29oKLBG7b968wWCrd5HJJRJ9W2AmUaWih775gL6ogYRkZnpbuQ9JOl8T7m5dS6gT+gU5mxKc4e9EHEKbG5NOTJuwpObx9jvzxmsyFg4pNgMYkZ39lGnzjS9JdchnvJzH0zv/uUDyDZuCiukINB/Oqv2+EG3EISxLzBPlkt7T4hNbo8phpdmUlPQHRk6OQt8AyOKDdxBSLUY2OcEvrC3pUWQ7QapeGyiU2TTzoIJhbRDrYI+d3qpLBU0HTurcCmnzf+jZkhXITyI91MvvGJiuOrIyOfeNPeUlSskPElwHIXLimFRdM8EPT4XlDGDrtQ3efY25sYEsAsNYV70L0kn926lbbAGL4p7vI+TAFHzuVcctWpK0quYSDadp1pAAh9EmciJRNlX0AxCbePP3+SiFr9z6OcBrPdmSjMe5ue+ac9bxtcwpc8cm9Z5724Dwb35SOg4YkvLBjxF/dTafX28Bty+C8V9FdpVWeccehTbC4PGoRUYef0nrUYu8AY9dt6UsBRsBMRREOjKbfaipjB5tcoQm5fDG23exzZYbP13tw8ahNFm5RHT4PhmJjdvXq95VArwCNvpZ2sM226nbvNwYk4TsCTJsyqswgbh5UajWDRT/jW9LI7zWHe2IstC8QxnJtkgsdcoxTZNLPMWlfPhDB7FvWgkjlTOE7Ikrcx8Obh7KB8a5whPAVDwQUc2KL8wWAPlh10lCYWQn3iorX6PjbQ7jOac8OfaQnst/Jv7gIxowKH3wqGP8si94Al8/ZimEBLpJxGU3NLdnz6C/WNDm7ghI8S+QO/6lyCwl+rxHXbh2Fz2++h5YEcVdUrbx4ZIffVbk3nAnxQUpAUTEyESORe4jmx86Ylce0A4dhWAfIveetf5PZS/2tLX2+J7ZNhxwheNM0MIMYkSQYJfM4dpNDtbJNrS/sLFC0pxJkJshC0cLqcOyP/Z5k/tFR035vs9lkLHxHYe+mbLuXTlo44NyTmhdgTvtmlt+iXRGZhj9KtVPlyHgBofdGlj0DsU8ATV2gPwqlkcMYwiP2SPrBYh/ahfrLdEQdi6sAPENdNylz4JUDSS0d4jdkWH0n2fF2r8y4p0yLNvGK+30YocThpSMhxcLcOg2HhhTA1AlwB84KYvtY3yCurwhad3pqOb6WWx+Pnv2mw+H2xxEKtugaKQwkct4iSjfw4+9ohhzqmueff8mQ38DwjRbO0o29/rZ7NkxzRCZVX5LfnSxGVfxt0hGw+suMU6Pixufi7e8LFsm0LTUjRHW8/y9735XtqLJs2yW8+QThQXj/hxfeI6D1j9Sqc9twxhunthu7agklmWHmjAwjqiR3qR9auKTS7NMAwtDhYThBXUR3Q8c+Luxl4nABRxfpXXyX5AIgCNbfYFfKYaDXB2u7KnYWNHR4nk4sZYbqj3ZZh5dxY3wNfSKuWmwfxUMRh/ZxK3/rd0hbry/uWzAVh219NyltmxXelPNZyjnM8zq2tIEWdGyPxFyvt2mM5q+5wKLuejbSMr0p9P4e1dATCbZJAEu7bcrrSR9u9G/+ls5llsKAyFKbxtKvrN7ZWw3gFtp/FWN5jWb1gj9A0EGBkOITbVVfu7pB851qpZyStuUWOWoooD6MM7kcuQ3Q+4SRGk2aXtdAtv2njvMBxOyHj3UejA6TXJaR2MnF2w0YXgvXDy/GsaacvO6z3NeeNlf45hCJFKuptKmDJkEUKbBpmKVpU5udxPog+LX/orA8n9LpIRMSE7MlMY5jHgReOj3KGE1dOSFS69aYTTA7uQRUMagTWnGBiQjXgkMQiCyxI520wGYQRdBLj8/q0VQycxdW7gdskhtYi2McH2tAdbzRvRdJy98dLsL1qyKl36Mh9mk6W7UO5suY8tK+A+5BtG1zVF32HU0Zl5IY2IzIZTcXfenf9fwYJaGV6/XRO+Ytzb+EJOBDqb5upmp00q9rAgHac23XpErS3dsk9hEeUD5UDB/RLroP21KCR76TtnQTCdVIf0z7pN7MBXzCrL1Jy40ZjNpeOD5vmCgPfnjEb7ro1bI10usCt1i8VoiV5QAnGvba1JJ3X2UJeRtxrOFAFLsETR9Q9mcsmQ9jWKEUCfkytdkjj+gpv6nP21oeLt3dUYQ8mF0dVmNh51f3Gkk08pFn13hIgx8GCSDsd25bATloyk9B6Ld+CYuKamLTfN+Vef5oyauqS678jK3tXqADDS6+HmYP/+m5Mm3DiDeiiN1EMLVULKtGi8rLnPlCUxYA2eibWcIShU9K4wjas57cpBzLyrY3Wo6vF//Y3MWmS/3IZmXNvOctbv1BHmpfuUuFSgYFgsZZhH5QKXs9iO77qng0C2kG3jNsBVcJrwiFVNYnUDNfkvt5UH7pZISjKkgnCHx1kDE0aYuUDUDXYlY2FstchzZizM7tssAkrljUFEmoHgw+B9KDiDYHuP2PSXoRVqJdu3bXO/uKqacc4Zr6BKvERw0ySKwqLwk3NNh8IIIiCyrY7acf4ubdz96QJm57eIE/rBfBD2Z2HB82SBacL5ZjWfU2GQdsYyLmUBvEzqlIfhlql95cb1/pogFckZRYWnN7BZ/c8E6WM8b4kliBcU36vqG1oSyTN0MXvOlRZLsopuTL+fw6y6qT7kH41TAG6JjwBYV/SsAt4Udin+cK3AhmNk7TanpR2SP4lICohdCxOnMdPbRDPPIGGBerxZZvAuZDNDfGWSmG3kIGDLs4f60HuCnrBIpehAH0GhemhazHocc/eypPdhj3STNsV6TcKR0j0/L2gip/dPf55itSQ8qZFC2lWnMWUxYV2+CjHZjIM7hcEMw4G4dC2m60yBE+DJTLOjOJZiV07+SN9ju7m6q0HYAJKlqN7YIuDPk21Cg9JsD1KbOp30RZUnswxyed7T3Jb8fXsuaFIj+03wy7gnEPnkTC6rqhESfzYDPOPC+V5LFgTGmRCvYR8depCCpQv5aV2mTe3KGYHw+eYXhNmyBtsPNLwEIIl1KJwRZfV/w3YQzrNHiL1R1fAUhmF8hH2i5xkG64ADqNRSxDQknYLw2n5zL9pdKFh4wgwEKjcSHFHaOXuBVRqMSvO1U9hK5laQg33z4ZObIxpTj5HjWXJh5PLhD2TIdwf1UU6F4lUMQ8eiDiWP5ViZb5bZ4IJNBJl52uav6K7VZ8AYmu34T9Hcnd+STp6+6w4BeVq0a++SgjHvNg7C5CARtB3jqGHCh+5iG24Ze+ENG3uu3Gr/eHYJlKinFfipU5elRQdcvbh6MM/MBdfAprqCyZmfpYJkJ6tFmhHSOYEXXr8EPekZUAAN14U78qV38gO0PGVQqDQziA7XePngmQ13M3gEXlyseeP//N0JRPuQu64V+TkM9jbR4PRVAIRv5iOQTwanYTImQBRNZs6ROVn0MJc6K0/K4xx9kH6LJpg5y2w3Q/s8dma3iS5ifWDyzXr61VOvdt3Nf7VqrviBLml6MnnZ7w64cWKzrEHRPoWYcAsaNpizd7DGPwDssXjtjERxaAt7+00ghhydmgRxVqSGmK5XTeC512Tpbdb13X3dkyFHuOqaHfMhfnS3Sgiine8F8y+OGvkwHoaky/k2siu2xb2H2bjV/0IwtOTLTMaGspDyWc+CWZghZPotQ6A7CE6UdEfGREQnYwFzebYAaE2DXaTO7ExBACmBQ0Zm2qoJaw86dsnJMCV7k8nSon3OHNv9sOhMSTt+UwZ5iSGoAxeCPBLnU40wafJuTDwCI7X2NXoY5EYjbLUxBz3A4kIsn8QWi977gtWXyQAfZ8Orcf/hCD6Kz+YUSnDK+5GJVV9qIcmdh1Wff9Qc33O4kzjZ7tnngcPttc5Bh4BXTAtIXg47/OWj04RmN2lptQTvV3AUYSOQ+HF9SBpD8b3DGBU7LEbF+WIuadJdCLNNjntjQmKB8ij8uOFwu/F72kyzjmwLusQ5HWX3XhhCadkqaZIExzmM/3ZZWpDQixgu9yaz3L7QJYL01TPt/JIx0L4ej0gOgiKvLYUJniY15ePyxwCmLZV0F39z0E9JSr97lqiO2VBX9eNcWWWYXLgZ0EDBprLBqPBfuSLGH54Jary2PzxjdhC5YlaWpxEaD6P3mw3y8nby00NMg6WKtlg/Ao/4mVmXAtL99KWlpvQbp2wrWHvmrh3JePJscGzwc7YzsQXPowAovRr8oS4h9gD3xmgeJB5CLycNs4ptIhf5RTcoXI7mdUhcOBX0S6c/B0ut0ij4MvtU3mYkh2/Jd/fNQeQrxiFhZ4UjpxET/4Bqg7sSBJ1cRh0UDu9r0CN4ZJTWKSyfxeC1gSw+mgxww7uVT3qM0SB4YyBTtWQqiKProxvhIdLHV5nMCv4iO5XHRPE58i3n63NtNO5jMKPXwHy9hWALgFWDE+cktJavfQSY38g8vyCciH+Hc3I9mc9HDfxaGwsCmOeasf0g1isZXV+OBLEJ2OB8l/3ecGvVQee9/1fZzquAhT9+5Alio7V18hLwsL17liL3cycIbWBb2GwhgWpZxCSmrjmHe1G8eEPgi1orqmb9GOGoQgPUzE/4C5V6zzaMqNGO/1WGWyAPYPclISpa5FZYFLIZV5NA/fGVB8Ik49dkMTSqhNG6zyq44HiGbwLc0gsCfgueu6dx68Npx7I+aAhu+LyvDynqDMBLy73+a3nKmhCBpQnMb4IrAiAoH9qrXS4gOHNv4i53qpvgd+SFls05B6HjAJrteM3GgfnjkJIXBsrjfBE+vEpwxiosCcE/3oQIHrPt4E9dUQhzzvxpqtSn6sg56ytBnyYAH1Anmen8f8ObTnJZ+jnpRa5GHRox4e+pcF/CA3vXMfmJkaqzJfAbTNU4R/sMJ2vkVZFLqxSSY5oik30JJn0iDr7EiKM4s2ZqpB4GNK0SJ30HzXiIfIRidUy18q317IYB9cRsznP3V6zU1MrGnuByBCx4rEXqJ0/uZ1KfCPnGG9rSU7OmeWeUiFvZvfEYlt06BMxJeBheDBnPVOGaYcvQdKZahmo20F9RKAvG+Ndms2/XUPr/pLI2NJ0/3+1mvEaXwR7BufEi9m4Mn863jflcIHhv8ldE7HnGc5rk41R4Yg1AnTIGIlIuvkwDzvpLZBFIpwu3TwyxefggArbfyWC7blHtyXDvjtCxIKrRTdddk6F6Z8USIItXhoQlv6/kFeSq9gEFnhEQIczuDM0RAUDhogqdDkciJK4n4LxwbjyDrf7kYIKKbIgn0ds4ocqeh0UGHQ7Zn5Igv/4hdTWMDC4yoigHnJknss3AnSq2FVCg8Q3JAY9dYJQDmMfrbf5qapmX6nhcs3o4t1oqLkNtER9BYMHj4n1qU+rhL3wVXd+ZM6GSi2FvPRoq0I9liC3m+aBCz/AXqSFxNmRmEQ6O2pBKhu23cy9CcGuoEO0WMbWHR+2aeHy8bzZ7SU8OXJPx415eP85a1kRYVcXuG/nFojv+Q1mmspXl19m7hfZm1c7PfEYSOJgxluQslxwffUkxm4bhm5DChPY6TXMRi1y7V/AW8l1VakM/lnJoJxbfz3WmI9z8TvksOTXxatAxOH4Pv9XF5vlWO/dlnutrkJL2KIQbtWNnkd/nQnVKHycmzyFR20bhqfKbWwWCw6H/oqRkSM8TxrgDnBcawqd7ERvhZVuR1EntHKhPManJ6DbLBux9wFuJ/xlZ09GfS3VwAjfDow/XBWjRFKFXdBmRCrWtzxezW+brKufsQil4VQrw88kNKqGr8rDG4Mjskst+10AAAxiXMokbJ6HWB/BOVMVxvKHkgLstnZbQbOcbIwtNW4L18ZRP09CP7Xpr9q/M2vD8aX+7m7q2rqfpcDyeBlc9Q0IHBQmyr62fDMSzp52QqRtg9/Iy71K9pv0YjBVVqPGPybriatfKTpwxCWSSAjMF6hWL5jgOSyjihJTkhAbWcIbyYU5PqAX9kMlQ9rIEElgNC34Er5M/66iAjUh60U1c3qR4QmWjRkFCnZZtm59Ou5/qMUADAF0tc6liPcBg4JdYDyY9q8PxIsiHnoYz/ElbRKKbBp/m31x/3kadPscvqVIdlmfmNjbZtjZw/r5EdSJcw3Al1CjtcOnT75+FS03f2PxRpGqxNLk2rk6wFLkxEj7wKhyTYHPvxlXPZEXAodSh1R4TtPhwZUIRh89GTuji5cpopDCLwvmK9N8sNceVFoMmLM/fa4AsZngQNvfMbej3s++IhQRwT51JrhsgB5Lrj/4H03liQekKV5eN9cJfBjpyMN/MqU/QPrbS9jZGvq5tuA9JluEmTkpY3zuWcTAzF20S+W6Sn4eErM8BYhcIdfmEsr2ZG9rBdaPhvwHufcEGc+3SU4ut8g63Mg2e8XtKbB7WVJIxmDuqHDkct2M7J/rckSnmxW0qwBt+RvwCgEdWI/IB4cM6s0G5voWKhnF5puHpQfj7/q92Ze8OBTAWstqUoBXSkeUg3zYY3ZY3w0t1lc0wzvw6hOmWLAyCXMShNdU6f3l38xb7g6vNRRCjr4bp1+i+hj2M0VVsv7YEYbc4wVEGYXri5nftYGAjDyXtv8WWwwEloIIm8upDktgBxBVsrH9gWIlJFZXaYCP7u9qEBc+wExqF5KVcwUW/C4xUh9dH6H1LdxFHgmVQm/6HBMycQLQ4m7XAg73h89Oe8Dv6+Vt4aW1guUMr+P0+jiH7MHle93En1lOLy1oaJXQ8eBCh/mRR/qi4b6DDuzKS/Xr5uifNsKqWv4z064oTrncAs1D3tCJMYWf5NBkmIFGO7FwFFOu0DbRRhTTLYpoN8dd3llfNJ+0hyzWDkKz9jEdDnig5FxHw8eufZ5aCFU/Pq2PCvYNfL4paMa+ufL2zMajBTmCjI5J7W7YBQjX3L60oCZqlRTxlYDLdUErSKeNZpD+gWo79uy3f1wMOTKYZPNbNrDr8YeMETHrJTYUe/hADnEvUtSQZDZRq/yhBdaA3CldzqElrleVx5cQH0qO1kVZBrj9QZJ5Pa0PTR8gAm3NBsd/y5E8Ycm4CKFcjLDl7520Vn4mLQn9q2Z1hu9JFc6Y6bVXYxMVMd8buuruaE3xYrVmf9aUQMXmf4moEE8khah0Yk0Wd5piJIeW2DFPHQL+mqRnowKkjSpd607naeMSRUqWVANByp+dQP6ahNvj/lMbhof2DhPKtRHcHNEZXfZD4zocV6zYioxFnyQ9ZF2Bqr775miCfPs8SZI0lTaypRgszZsoV583zauS9xCYueEYhuGyVLMvAljFK4wHwHyEzjwjX3xwVJaoOYNpn6Z70UP8qeo5BI+5WsopmQPA13ZjmkHkRcQnsp7vHvgpuMfj3AUrx5p+24XMNDk57OiIlUSJgjTBvLMHetjyQWraBhMHh69mB6rJsd8sjQguI4E32z5hU8Vx323xh0ZKfeOUQvmUX9EsZ6oTEtdDEXKZS+3sVi13e9LjcS3tFO0vXWkv6xN+sLSRh/o36SCQ4ol5mflXNiaXzPo0Q5tmVqbDrqvxUIM2tSad5QixGEDfxG0VTSP8MMhPcfBZ8pzO2bcWJu2zy3ysuzReAku4KFga0sy3tq9vvR9gqv15jMaTn8Q7LHfD1ZB0/LhUBNhxSyhmY997wnQPEyPZv7C0+2F+pHnhwOECllcoE5AgVYf8CSLGtVqWxg4tAO6j6azVzC2yr/yJRCkUByZ9DmKL6NA6F+k3wVA+Yrcg1U2s995NMfq4vvLgwvBOx+v1y+KiO29LX7wFXXgIpcj3KKXG9w8oBgM8S/O6+76IW3RWBPCxQNSSMMvM2LafYVtH4bVIYqnXmKyFjo27pcMGdpoFYtlsTi3iVrKwxlZMsU2Ag940QVuWkuwz7r1NkMeAxCB2RoGLy9PmnZa8LbXJM9/XR7n8QqHtSu6whl/383MWwSxPiSZ/EY5/LPdbgTqh3ekGgI93CSBWp8TB98iFO9LAh3V81D5No74bBF8QSSNOT35oVW6rJaHy+1Ggd20kYN9MQyL6az0OqdFeZhAd7SuVClM0dlbFiX7+FhkN27g/O0g6pfi+Jmgc0pYEqYgMvNjZO12wkRfPoCgbDPGOejUf43KgzT6nmu4f/cWC0AUPvZ4Erf/LjdKgaKwq24f3xaCFkHObv0Sh2SL0dUmGo+SYB71OH5didnMZHzlhToOgUlAAeHHIojIG3gYD6btBGQq3ImoE9yUL85L1p5DWK4reQdmG1KoinSph5hw6hOUHrjOrwFHCS7f1ayygyqlmi5fPCunI0nsq4OXAJqUnMpe71AIrfceXRLz6h9AvrC/Dg1TPpEP0gohiQLJDuVjnBhkWpLKZsNarStoG221+t01XHv46135ixuAS6hYFgDw1n8xlPaG3wpZC3/5XDzgOtd/6kYfCecfyo3fxhdjvKQ5yh564Nzzg8imW7f0sMN4ulJPm/ZzKUfIhrPhZSr1aJmRWRMN70rtt0P09SiwqU9DEcNRvzHNGUvbwPmS26xvV2E8KL4laG26wciUyy/gmkj29nfqjj4fQxt5rDo765JkGf4WzwHZ30ie6EWITeZjM3nLx+akOxzyBWGvkSQfpuABt2ts6f7nQUHILoZq/AvyYQR481VYFTk+LiRGYSldAKZ1cY525t+u4r/Alhrsx5LHXyw3visO/aUUgiuIGXPPL8gWQdPfKM1vffRoMc6ry7KdMjPdSnQil+vs5ai/UV2mwZIXhm0nCbqMf9urMuPFTEeidi8gXYVL/yQpHsYHpYr3bFXnJntZkTmQybjaS9X2QRTDIwkD+wVicn4tgH5+K+cgtwV/+1fzegXFy8IevuV2tPPgX0lluIA9brS2+p+s14dc/6vMFbYhs2wkGL5v5uWAeEiLRxVFPDj+0AptzM6Hbd5qG2YYqqwzCyQepNo0VZV/pJPzTkqGOmdsGlJTXK/miZD8DBIm1KoLa8TmW4W/gasg+l1RnKy1s39I9F6phgwZV8FYJvM895d9agbfaQEJ/rzqxn82qqVWdZTDMv3VPWAO/xxRvr3VoC8MUwbSN6majYm4UHexQsyzRfGi780PgHSc73Y1+/LZMRTmvXw87imaMZR7DJmVyvyWbpafgVwohjGZUHmnjjNJB3YuHGbFpoPX66plI5asDq6XnlWANBC/d8MEbSPm3bk9XZy669eAzY7P68TZ/TYYSd3UFYZd8VsBW/MsJAE7HnQagp8vTvos83B0QirfEq/hnQAwJ/XQNAGEMW0hwLLZb3rK/b4vTpyra4PoiK8ibI9OxxMNNzlALBj7nN+Jbjwr+93xG9xjIorwIqnb3jAvytAH1GDf6jffoB3IAk7xxiDEVrTWyJ2TttVBiUX2GsMZ2397jlXt7sgyP341uk/xr4z9JpGsOlexVxM0nyUQocoR6rP+9YPyxndGIfBjpwGqkiss/3Anedw2+vgYRpEzQF1zAr2DgPiO0Ac87P2VVZAhxSYFFIW45Z2rzHcaP5BNJr8zccnwX5njLJv7iCQ3YNF2lO+YshB808kIMY4QAUtA8z6PfhhFEBpg+9f5+zhKZ4dKfyu7QtZDSbW8X8919eomeI4mcPfFMO2DY//y0IX+m6kx+s0/j/Qo9lHf9Jh8zdharT+UnnxZxeQO+rjklc/PlUE2IhrmCHn8MFZH4Bbp9HqlHF93WgcPHNr8Udep5v0ug6kB0aRfTBVv4VcJdfrOtc3nrH8OqIIntKGaaYfNu2TSLtxQU2aQ81ZCc3EPWUNGRqPdANyL2XET7bYsCSOLXunUVQ0HobyIVnIr6H4AX9X8RfiHSQ9JCMId+0vTv2jvc4mOqF2omQqg/2QaegpHLD+0JZupq/cZsXAP00jG3nyMbtN0toZ9oEdFuSBAU6VTSrsNBe0e+6pJJeGx+tm8DpNBfMw4dEAqMTnHA0lNo3ayBLW3cbtKx1we7h3789EVv/gbMSR4qxR+zLqwP7h0P/jbF4MmUIE5RNYLClfvQol2gbn6OoAXebSr5c2ZPGpiXz+bZuqxUTdE6gcq/WjyTGhJww6p93njXUgOpQEvuOvOgAZa/pSQXMH5LLeF4pxuxWYkO0PbWLgOHCPW9NfAqAAuxkdFkPNN8cKZP+BVYLglnGHZaD/hg5r6l4KOpfbXVcW3jdliIxOYFIO2s2UT6XLDwbQGs9B9xt1AfhYr97s+q0bSnCDbcrO/IW7AyMf+wAQK9P8hsy9Qi/jdl0V2kEraFKm3AKx9HARpgzei+lmBRS1eU/0QaM8FsAyfpV97wWhsHzJOuqhQLu3rQYUmO6UBzEtm6FM4KLoU2hH464V+DwrydX4FBa/dU43/y6MAtuk3YuX5ewd7S/w1qwkKmbzgiXoflXqh36EpvFBXkiEvHmg8A/U61mthBmXsnW8xqbtmqMq+UynY0Ry0HxI6hD2nZ8PD9Hq/2AE2YO0/75rsP10ACale/iveULgNwbfAeoH5GKPWR01BS9AGYxS+nxqCKR5w03OSmZ6NQLjiyHUPXBWIMELczAqvcn41jrEoWn882Ohiu1lfiGrGhjfoAuehJvwiQQ7NGpqp5HGdlEvjO4HtffJ85Ahj4h2n7PPnVCih6hiBCitgw2viqJGvEo6QNEMr2H52adnm4uSC2R3AEDZbKMu5nqPubcdo45MS36Z3NPvKBJWdnUVlMQLgeMnt24ABEsfh5zOcNPyu9QcpBewW7Jv+WBc0wca7We9G9jiD1TQsbCE65n4NALQixd6+IYQ+bH6gzJyVeGpvYaPOAQ4ht0j5T4wAP0yfeB5mji3nHS4wj/pK+IK/HtbXUlP+9uK8aGQCWynuXcfPPhZLsiuL7CUz21OX2nmrC5a2dPu+qH5d+3gRPz/p51qmp5xgdHBu/5LpERfkszT4epjgRmRV32a9Fbj20DIB/XXpJ+4EW4MYtjMyap9/dbklRAvp95XJG7yhg/kp7AMSyJTiH1ypxPiHwPZxxA8AoDaQxX4+DLDeZuw7PoDQZ/FS43YEQwSm2TiRbs7cDazNz/fswvYsWRx3b3u01Hutf88ax3Uc++VKWM95mOUXRcVfHzj5yMsJF4Ik8iG/cF/hshUUctkjtQTKRaz2IdyJSkrfRUOT+YEOuURnW0Qndbo2ev394iP+I2zeo21hSIBo1zE+bMt+lUoxAl+opbgv6vb5kX7zph675r0Mjn9Y24wV65TMaU6+avwkiKrtYJ0xiCm6Mxxky9Sn7JVgwhSRuijf7ooCKBZA6PWV/PqOyeKDLGxSA/Z39JLahVdTzDbr3MkLBPrp1EmLrI+2rhyzUAw1cYM3uH2Bm9ov/2ZqnqoC9N2EQ8Ahzl+vaeyRhkoJ8VHa9lml4E9TF+H8WWcKUYYvpA39jHykrmy1nGjs0rUnF+nZQv/VH8cF0Y8V1S11+nBda7hGVeoVL817BW4k6bcDjZ0RXrdDVfTF8lm5DbCPv1E89P2Ok/oV/LDuPa/39pwvz5yq7kvo4Da7Iz0wV65jLxyWrwbnW7MPiwzq1Xo7fBYGZPHMMO/B+2gSZ3hE8Fz3awIstwbI+VCSaFR3KZAVd6xZY3HvKU/ZdlhvrlLub1q+771b5KCewW0NAx3ZnnrSb/zXPmfiaS8lMd3v+gvhayjtt4FMv2C7B3smpGZkH1nsg9xeOXBhjiCK8BcJwXXtzBcfKJdgEw3hVusirEHAfrY/Uzwhe2gEuju901tuX3/JKbMG6+5CfRhm3AqCeqzJ6/AV5sHJWc/JfFvOySU0a+bmSYjuJFRPJxLbAEzXWH485oCbqsDfcz2AyrC/5Vfpy5YA0TYLwWDJTCuOlS6FUjY7Bz/zxlFDZYkzF03CGQy3fGDduwmcEFPH5wjvIBpjaz+8im17f0br2/BEQA6xHNpsVlLBpMfV/VQp6P+mv0o4Dj+COPzwFcdU7MPmaCF3liL87CDkYv5yAaVC4+807bN8eZUgVybjPDz1f5N9NP7zCDHA8kK8PoAmTEtDA1pAML+UfQHPmSyyk4orr+zxYcxnfXtbyJ7DY8VveS+4dJrzmMVbLQX0xcChQBzExv94wKprISlY35f8YOrQJYxmePmnQnLAmtPOHUkP2pCkueSaZNWRecaCdXLmQcoubQACy/rl1abNc6BLivEOdeHygxWjHezGSYhMfBOyyPy3/JJf0PwgHwE/UxRJoZ1FBHSUXNWnGZ6xWf7lsmq4D4J9o/yv+tUcORSvmMbDPzRykyDrvFBnrvP56jGh/CPpgtNbmWoGxBQ6j11Hy5PhZvjZSyjTJpv+kKHAii+ZqV/yq397YVTq60I/QOAGAYe6fMXZhixpVQgPUq5yFqyjNV0JlPI10wPewibkyO7hIcgwYkZJRKNg2QxvxdwKKg0zdDg4tB+OI/UFq//7JqHXdhz0HBje48YYjr/vzG/E3vfzkuXKkfDaEB9OvN9p76/spRovjCIDwSr+Ps/2BoaTymJxreuV0qGikyqyVnBWclUzctVbiL31dE0/n1X2V0Yfac4H7O+zfI1EuEPTUWmQ4GY/Db6azBM6akXFrrLPyp/VXyGZFMds4lPEUKs17mBxrmA5f9/P9fL7fungky2mNeXDB3nw+88/MQfGvzyU5/mgZRny7+fNVhfXV2ZV/13/Xy8yq7+XnfvORn6pz+//pu26SUlsaXyZUfSQZIXbdZvna/fTkcQCgiv2J4AYrvcVS4+EIx4yDGQan73zCOD8UK2PQRju0BsG/gOrbOAxMp/Y5HzYjBG5YvtiUp7nXgpDJwzzycWKYVJZ4ByWoWeG/eivD2O5MsjoZ/SeYz/s6/ONLFk4LIZRWu6cmBcLJZbMrpb1llsOHpmXAD3PYtfK02Wee/iXyEMqz7LvKgBjdJHoLfK8KrEfpgroR9N6yxRbRpbsianEk2W+tWUGFSOH9sgw4sVaUGWZScVErjVaPH+xEVQxXFw967DGTORfbAoxzOvh/onFVPn/3ul/7/S/d/r/4Z2UkGBR7CGj1beqns9zWJ5dS+pB5Ot+vovtX+C7YhxMsbcE3pv+ugJd15dlGjAfgl3sLyJBhoz9OrfhSvbAqgaEgswNwtDvW0UQmjwk6j0xgz0M1ZHOr9dL36Bm98JvxES9hZEju7sjhjfHlpZVy9SC+DlRkJqet4TY8v3Nfsm6w3jK8FyE9LCUDgNi/HxccLMo6J/3GqTZ+rPL6uTmNene2XxPGYg0fLrv63l3JAA8/dw7DR62Ur9SqeV/t7TsmI1fFRsTvjo/V0OaxKu8oedB13biD2PD86Ym9w+mnwSjgR4wzvvxJikt6ber9Wp5o62XSac5f6d6EVqMcJ/NkSjiy1fl/taaY0Xv/JuVD4phDzJndOaVZiST5TNu5CNGrvHLBc0w2N+TIHTTRNIW1mq02mwCcc/3wY5MAGq9adpCKWXEkeHO8ihtpBVcDYkVm4x+9JvXdISg5ZF/56x9HtJA9ZdkvhbteHjXHaje1s5prU1Uy8Ike5wRE4xNj9ElTJEO7plvtEapjtEcy4tB/Yt5+3tE02ASEUtcI5Ki5G8csHAoxuDmPNj8Rdre3tXOlZgNv24p5b0w6sPFwdQSeMzx4BgIqGkKnXbRU/suX4cR5je3EyDHscDyhTBUg1TzvQx+U9cPhq7bJX8YubIwfy511vA2uAv12cwI7AhnMe1HGq/XG50cpG4O6MHrMNWSzUjMmunBEEnNX6aSnQhnsNL+5i2IAiw9iftcUwhFSkoUqOY4Z0a4FwxrNvQ9zPQLirGPyYMIkHuQvTaEKQWuQbiKUWAhKgo2g/Pwt8GGJKaqI1J+RIjKLZvfR+E8S8rvw7XyWeiUnKJG2s4/1NQxucpSiwB2TjQZ5I4/XK/lnW6+ZjH/gkS2qWJTd4AMbx7GhDFhfPL5ghBk4TKpjBEUJizDcOv74f1L26R9jcguLz9fyMcEvPCz+3CAfrWv+Q0YQeBQCoHRQzBKFC5Cnd7CjkbKX64eR0ZYSBmPalsfgsZ+M9D/m3+9GGrLZ4zy/Wnrym1cOidv0fb4Jkwn6DfoyDAITongSfSVqEe3BqgaIBhvjLcdwMVJR/51gzje+oaFTl/uNbO3KvCKANdBoZZADIzC1L8anIUEgbtsYISBPnp95cBUmy/epIzRf+jN57zheuE7peGLfvTfjUKiEOdeunSmiu5bE3uGLoqvHmQaiuG0xTYi+i+Nn2ccjRXeSLwSePmWVzQF4bpjoNUU64ZeSs9fbotF3+L1OmENJxTz/eijgcc8yZZytAW1OpAwM/UArB71sY01wpsLCgIB81W8lRpJeaA+18g8TgPeiB3IBWfBObgCG/HjFQCxxvMuSM58699p2YWM99LgsvRHvDFpkI10jCUMA42LblOlanCtdcqny9/r273OUZmUT6iV7xo9xdzPSvVnmV4rtpKdc94O7ch3Mfbku+EKCJJmBzcDs0GVIQUz7Cul8Wnad0pRelN06zjEfNVmn8X/qjqE9CwwqsemjyNk7eMOOr+vpSyL6BiFIQHFpofr2FLkbu5hfgeNG/QVfczJCHfy1p0USXkVY625fycCrVN3/z2ZJT/Ykz5fHI3WlB655HCeE35NBJTdtVnvrV36Ii+kkrpR8L65Zt09kvXiYKLcSk3F42+iExsE/IjSimqswgE3WxgIASYeK4sOh6MOPZhJY4ZWBWLVMLWtwQrHjYmUobUXyZK88+/4a0TVILsmq5pFEMhn8JVDlvcDU3nGkj/B1ffHtHRIVp7PyrHaz954Qi2FyVqMqBqdrtBT2kEejV57eX1aIQCJwAPm4gPr+UjpJ+iZluOoJDOKuhg2dsPsNA2/B4N7dLr7hRi24g74Ed+6VlLapJJ9yKYd1UCExh1O5xhlxZDYitWDGUXgOMVL0ilTE7zRYzm8xPt84+l91STa3gLN6yC6pacTutuB7QZ1F2s4moweCKQ8eKVlXH9K3xvNgBS2RtpUVoYBBW0rEulhBt3HnQTCyZ0eE65q1YNccCC1Au/gt6ET+crig06wmoLxGnyC6+N8y0gUcT1YBtm6moze1Lis5Ws1JYstbME3DPLza3bHtjhoA8elLdYpiJzfICerXNQX57EYwXDO2K0WmSgk1e7x+3uU/qOKs4IStdh5hVFbuuDL6eFLITRRaR7QdbUAP5iMW7k4H1jKEo2pXukrOeuqSBESqZpBnfHFwl8zmeI1ITiUzRaCzGUBgusq/SsuEdEEb/TuCKaIJTysYzMh6BEhTkl3o3xdda5eINxiF5bfTe0Uf5ZzZLShD2DETQJQlGCU8B0gV2sfL8KSogRMTNgLPR1ifTLR/Bb26NYy84AjftLOhXdcNF0QBS4nrmjMXk8hLBiHmKh+AavtjndU+hSxzGaeZKT6wpTjg9P0ldBS3s0EvrnRuElbJp9NcFwK1kjgVlT0L3PeRX3h+OJ+lRHMglQ10T0x0q2FGwg877dvPZI1hlopYfWEwM/Bz/BLzcMgr0egOf1TnAKnfsTujPLsXC+bQoe59wqXQm1w/RPCA9muFL/nIIKSCp+b80EvkK2f0yF1HBKZIiIcFBM9J3fv3ZYsP76lWq9ixgchIBNzRnb/49LoIMsgpq+6tNtjngS3Ej6bXbnex23EyISVyYE52T3wryuQ8sNuS3k6agDNZhiNDWvfPuguwW9jnTyreakdcOjU2YAegoLO0MhvzrpwHIgVZDEjJb7TlCHI5c5rc3iv1ImXUUOY9TDLxfXSBiLfi7lD8CKiYAbEGR0+jwZiUAj3+KqVLn8Ktu63PSjmF7kn17l8eHj7Zc3Ma4y9igiZeJY2t6N3maVfr2SWE7z+jZZ5X9VmoqOPcOAqG7ZQQi7gmCOo/gj2JPTf5ns+mar1YyWjS0abcD23j+v3Fo04inugDhrfLJDKnHoFDfdhTp9FKFmcnVlx9cX7rh+vIe7z5yaxLRZfMYBYWyAdqhP44mmsNP3LtPezyXopXmzkBfy+IU9G9nT+xDFj2yz1frzzOYA3UcCbdEdf+E7ag3hn45gopz3n4SYPlN9hd8u+OMyiQAxobmjkRCVgnrjqenGyeRFVpvvsLuTDMh22tn1Tgw/Xh2PrDkfMve1XpXbIIxsdJlXqJISKG904ctMAK5Em1xxkLEabWHkHLsoP0TL1tKWYhJ8aWRN5INY8BXsa/k0m3bDOeoDixLohREm5SUt5VOOSJ80stXf3uIVYK8G8bBKPq0YOKCQ7NYfpqH5r5f2BKV+j7t/YCb8dSA+WeLB5lUx3rVla+A53GsDfCygQZR3PLNuNkWv+tytl/tGUgmDJR7nIWJ+D8nEcRiCbZbUy1seUsXqfu6Pjku5VwHlU8kMazG1EgqsOHQe5K5LQ9GY8PoBQNXdWD2VP8GD96h9sA4xkAX0gL6XCHHlVNKVWnJAWcUKIusmXIi5opmE0oT6kK33YYYqBXoqkJTfvxMf4hfIZVZxTbdQ/atq3XFMjhKqh35l5W/t6g0UsRHUpComtw8qCJ1jVCi+hwLT32ID0rgR62Gzow01I9K1Zv7iAAaUMKsr03HtWk0d+vqei/eXblfV+jSWRudDK76MvROsBQJEUMc/3B1AqwJHSLnoZPDw9fCSgLLmROUGLRXZJU2Ne3Hc7jR+QjFCgMjv43SjhbJt+QGkIIDR+59J7grIvxrNIDVNAJvDDO/nP9i3OSrbgQNWRz8LJ7U3cOowFSafIdi/HYuSR0i896jk9qxaKJoGXLbH6lylk5RUw8pn48SSkIfRZo7T4gB+9gl9SCVDxlKz6NhTkFiCyx9Eyn5da/5L6JqK9FSPFtqVm0FNlvGT3wLghYSaqXdFp674LEVVMeKwKfAx5BqTxH3UgGq/fe4CsrylZYcWIIxxMfmedLys2ZQR4O60FwqncNve3DKXogU/eLwNN6lHfq5AfW7gbmuvvjjg2qMKiGYd4XFSvb0od1quye8A26hGj80ieYyk+yDe2DRUQYeGYvwF5mhv0muqf8gW4d8fmfhDe5j/OkIJX7v2YE3/PpNwNgqm3pxSMIfrhdd1idRHXeha14S6J26TB0/gDLuv0ohNeiLSADq+zT+EJtqe/TGOHMCXcfTC+w8NqSW7XoAaPmjPypRRTjU8L7vBugBIZlX56N/SCafcJ9DcbNgxnGdhbrUU+FbkelL9yEAeKW35nAuVxIJpcUap4irtNUKrI+A/EJFv/R17TTQ4CIjsoeLbCvHijxCfaL58vKxjcetq/e72tepft6jXJQ9kUeEZgCc7cdYM1hxK/ysfScqSeSb4FuUQlssWWcrDV4SliboNpB8KOAbO40/MnkWgp6g0F0FS9ZjhX36ig3MLAJ9X7IR4GekwXWFrpkNAG44KJoiKtYssXXyl7KxrJTnTRFLfFrSXaO0JTeXEgdHL7IP1XCITIAcrCCoXA+4mNGyZR7v0CcvwpkBfq4vrL0Aruw2BX8st3EvAhno9+/uxdZm4pNas8TBrgYa8anhTOkdF6HuIs55CZ0jgWqVWky11A/utomQlHTEUD31OTgVuqZsuPnYN3HjzmR23wqFNwenMgEVyomWJT5IKjULPuqwTrbRXcqUCQJTBg8M1IwwQCJYIWgo1vhgW2hbkc8jrbrF98ZWNYu/eFuVi/YQB1b85Bb5sy8pj6ztMUcomZQEnNWRR6uJ0LkJAHXntDq5w74eqUk9YQ7ND79m+kAybe0RFmGMtCANKQsKCyZQRpraCyVxtWaJ4ftLvhINdiFurxXLPvUOEalrc+csSJZL5SeCc+KX7k057nc3hRn6twuakWglzjbsOHN8VJgkKX/3J+t78JqqZhnZ4Ft509AZOyIcqw7RBny1QsM/ZIpWMuQLTixDNAENs3ARMNWFKyTsylHVFO0dApeRI7lqkVhkEmPFOH2ID4BBM884IroX4ZKhCd2lSRzJ9gCI9X8gg3Tkzabm+l8e2njhsPjOBfDbPoI4hdLMl8+I9Jop3BPL4tE4SUwHGxP6tiV5TXfoZA3VzGgUwh4PiHyT20JymC6SbKB4/auR9DxbV0xIGncncoA8jn+yv9NnUXGu2AtLXNWqKpM9vvAsvDYoTHjKTPm++plRDUg5Kj4LOmkHZi9Vf9WJKLeoFQbI3/EUC0Z6emopDNsJZbX9bjzoP7qiVPukdvbsNqhmnGFbtHeorh7qMtERz5qSDc+Khh02ES68umR0jZkZhF3x3nKkWXbfMCuy3Y3vHxFrdjqPtDQLvu14uJMtl6K3pxT2I9gusJtFoRstFRypykIKB64YdxbUFyw4WYR//5y5iZgSQmbkWUXhKuw8/URVxpgknW6HHb1fO58xsP/CB9SMahF2gO4xe9+eCkBUCz6AlK8eQOylJoZJyC+zWBwxKk0jx4rNgg5ozhQSCPu14boz/kS4J9Zf7e37YGBdUf5njDEQbBRP2TtNfFTBsnrp4ePj5P5Nt12Zre5WYcwUQR7sSJYZ6HkQ9QeL9hLMIucNntYiaobwY9ENlczcZ5bwLevPvHm/exTechmLoKYULH7/HtJ/HX3ExGQ/CsNava3/hUR4yT1Gvjg79HcFX3GDeO+FUssMM7TXcMiTWD+2aVGltoiHMBrJ8np4R+u/RzMT9ydmW22tkW9IjXd4eabkKcLwqn1ttkfyuD4pvYZ8KIqkHHiRFyCTjv1htfGOz7LOgOyP3QfzkkWPIgK3x9ZG91QflOA4x7/TVlGrT4vz4iSlE8MMp9ZDHQp5gGqGSJuj5qgcXFcROi+wS+gx4+L4Sk0sKuGA0belig4dy2pXlJMZ2hGiiof9PkFlGCitEla+WD84bgdo19Tth1EYc02S5KnZyT2gHabnrpKfZvkmLUj9nr/ZIX7T5xgZ4+m/HrLkDihC7qKgkWgaCu5r3XNbOaXl+//OHTmzsdvpBL78D5FW8ZWk+O5yGSVBa5yK9MaTzp4/QU5bhYRXpMQNt1TX914yaFpbmsg4LQLwMbpC1bLQuOuMtjWPHUst+ckG1WI2LMkNJ9Lxk6FPFn28mAr3XKqrS2Rxfj+A2xBBUlhmJIbdjMj58lVnGJS5VUE6u8PUU12e0ilpteMxsy5TP0fFIk8Kjq/EO6QYbGY0yIIQm2KfxcukU1QlKxg0rHn652uk2vRi0YbXCWNuxR2WhPOhya0xxIdI1gOLbWVuhe+gcXqE1Vfqxwlx96T/VYYb8+vmaYS1e/RGCMuNZkHvr7nBleINB22gyxc7v7nJS6vZBk8XcjENUYxLKZL6MlMn7oMBi8oiDl+RZUlt4Cuu8DWcmtNaQGzuFSOAxD6zscoy+6g+deni+80IjmN/u8Ty3UlflDIVwqzjcCw2/U17UssOfGTQunnizjmAMdvk4W9HcT5EJiEs73b0pw3KteYipqn7WSSkaYxJk2zedF0gb3bGMr4nae0tFm8SdOHER8IrdpQb3wDQ0ibPGDrFJ9ba2CTh9ztBu+yTrM7xo83Deinwk9AtmgLbos3QXjrpTucDKmpDrjrlVyv3oxi5ETAGyGelmGuH49QhC0ygGRUZc0pI3omRngz2OAFQBBTO51+hulpg/S+6UmaXF0vXVZiEcwWJHdAwVPvBtAzfPNsIUvvjSPtGCB13/FvxrYYWFrB5SYogH0CaNAr76V+W6/USuBn6GP/DvMfb395wcj4+hXOKSUR/v2oK662zNMFfc001yeHfJmv6kL8jl7R4dik9elKmVqYkmwtiDEcWzgZw2/9eXUVT5+fOg+vxRRoXkswRuitWR7I1phP6c0mCCbG5+eZw01/8HFaESGcZkkEPtqxhYbjSB7H3lMVAGOY/JBqt8vF8lDsM/AAGp/kHNaVHOxrFyTilc98VsjtI9a8/A7oDiG+fRDN9GAeV/FI5Gz5fXZLOyFoWhYetfh5XQk1LIpdSL4g82zLCFx9YOrc3XCIDeXFZ+HCfy6UUo9mCHmtq/ePYUEIn3az/5W0OCgQF8YxsRVo3dHPSQwfuSgG1pSXXH5E+QOjsNWucSDSSxnhEzk1xPUbsozDJJOg+Y8Y5PNh0Sn1TtyCAy1MyUxPmmPay2hzgGBYVi3gauAkRFmFi5bOyxQno/H9DfD5+u1eZ7kg6oShfSciixVC0NhqmPweKih4m8yg+uFs7gfVf+bHXA6G3ye06OXv0L8z3Pe+qp/MUx7uGDoddxl+Ey3ZSO874agngawFV1ksSNkSQGbLknt/DIFX60p435SzBTsoJf/+UpfU6eumy4D5/raf7UF3tgHTJnhD5Rq6DjN1Rhc5rGDBQTBBsh29dHw2ed8BoklmPhoLCvouXrMOIS1UySdPaVIaYCSYqt1IOvtejOvQiDdS3UDAG7t9nnWPFXXkmer51LuWtiLOpJEPFU8pUso+3bK/ta+BVlD+dhdj3SzwVRsFXSqwBdtF3puGo6M4H9AQOJiTCX2g8CIyOeRv940DfNuG43C3x9pnylPnbUtnYhHF6aBonwk7L10GeqXBh8WNmQ+bTLKXomSoAfwPRLbnnwmQRHu7WM/EOUTpHG0LrdXWIzJFozwq97T/bemSY81tdD3WxIeaDL+cdN6zY+uvgR5QleWY3wWwG3y9/UFkCJwqg/KKfKATA6fdW0O9c3y4nWF+yzZ/U7Z8xM+COhnc3VlLZj0GOrarQVwZkwDRPjeuNB9XfgwFnayuO7hI3dqiq3Ck21kvUbv/HUxUBE3eIHgxflo+hanRkxuGF9R/6+462hyHjeiv8ZHu5jDURSzmDN5Y845SOSvN6H5dr22t8rliz01NTWCCJBE6H6vge5u9Ph7ctM86BCcjY1I8Q2VMPqRgjhKj2pjwA4RXouP4vHcNMDithjvsbLxorAXW3+Z5cO/9djabIpBGCXFmiIcgviWzMfaX68bc/jsaXizXmB9T+LYOGCPW7sJse36tCDkHZhLiF45W7gcOCG0/gwiUzKBmFGra5/kKX5nqPiduil601VU+8g3DKYhquOdC2xQhi5Z3HNRW25oH1WmSnrJd9uxt7xsSG0LWGwvV5OBow7zAid9a1/BoxADyrGR1AxYIDLnOkyBU/hDJDxNLLpbOsQPUu9J11Ag4iV+8DWBU5jJ7fKRuQK+gw7dg155ITurYi12P4+VfD1skKFCQe5rvpaBjUx/U3y6Xgf/41/vlhSXH9+3VEEdkuCvyyumrmFx6CbTYH1HSq+SyMdFXbaxv2okv0c0tvIZGERQ3mu+nmOM+dDHOZvzaYk8bB3rG3/MsN9DlAI8Kc5q9xUlwTpjtdjSOhekj4elwev6m7rzWg2JYed33j7JQRS5bzj+LkzMPIut61YtqoQnuGjhgrwBKw0Td4juaxJshQGQ1cTelOS2Az/DBlYsqgVYI7G3vXuhgyi04djlt75pBfZroSTypbmqZ5G+0JypI1M05ujWTM2PmvSTS+VnQ9uAmQd+Q2dzz76ActhTcnynY62LUh8zrxervs1ySJoBWxe3hpAzkUWN7EYPlQjgfkHc64PDreP4hrtfZgkjza22HPFiXHuP0Fs2REA2VDSpa9WmJfSNgbzB12sBsdTcfo9OsJLsWXhe21zpzbW7DVZ7mhQ/yB5cWe1XbxWnKTYSk8Oq5rBjsWtY+C4C+Rb45xvqYUz76CUddQQClkKMdeDReMMuCgoWmA1Gu3KhaX9mNgDEv6ZTEE1AkRepQs0tJ7/5OyNMYUQy7kaZpDlN1e4Zu5DevdJqKfZtAzle6GKmNnkLYkRzw0I3JT398QmsZlmLIvyifovGZ71+dlTKJgnPnxp+p4w6dvL3FGiXVPRgzt9GYy7osUVVnEIxEJlegK90DETKmBFDJbRPAql8Fm77nr/0BFuvnK/NFDYVt0sbJa3hOEKTGrmXb/NNtfDZbz7uR2eqP8XXEt+AdaqzCljvyKX4BqFlFHz8hPAaFzh9tyrrn5ykJLDhsGR+Wd631xfB/1SqwdqT56O1heSqfeTez31B/3WLbJBY1w/XCrS0VUha6PiYTeO+zLDeQ0U1LeJOXLGrq8Am29Gi70aP2EVfHx9i0hcLtdkY8kaFAfbp8mYBlDd3koS0PYQbeLlvjD6uMlt+Ps4An1MKyfCt726N0ma2yKXg+q/lZngmUxd77bpGNsjK2gwLrVBor201HgNB4zNw1M8IRuLbXr2ghSDwwoi6r/kFGQVYnSJse0okSk2scz+ye3CmXsmEu6zpEp5gXd/iXtodN+38ZN+mEWR7TiF/ot6PPJwVDwimasbcod67h3MEvEe++wOz+eePZxpC9H3VzQxWiO4lWx45F+wap9S6Q9rH7trtCj448Fx/frWDYu3uEzaeLQZNdgTf4/WwSadJ0Lt2QOO9zDgg8lI/Y4hfQcSjo6kLHuSjbrgB9WypJkeozVTc/95/oy6DyPvqo4gieq6OgZ83ooPLQmgSROZM/5vI7Y1BuQYPOVRC02NWuhcp9T0xhGoxKvqCTOrHAfZWEMF/MKTtaxkhkLbiFEObad/UxH6uYY6yt++ZoFjNs1JwtqB/v9XNGrf8nXfPGwF0WdHTDh7w+rBnQ32R00c+BWhJerMCjJcXVpZvTO3lbpbXsJdrvYTnAZUouprtZBejOZRPHz7nJUS4SZijbwozkyO8OrOTsZzJavbm+nOTYJEb/CpMWIzeM76kYNceuzTs9oNrZTGuUXKXsLg3e/dRxOe0PQ6kGgupJdPgMvlOdTJbnkykzm5+5rXRBr/3kvcW3hy+yR2EtnvCN02sg29wxXC/sdNpLwziuj+QE3PTGagWTFcHMq7mRPlud4A4j5U0bVkdkQHytWmAN7heDy25NElT6s7yLmJreURG9Buvo/wERsjnkuktP3fMYwZP3sHBrrBrZbCRzbunH7wdlsw7pj0cdjY+so61VArfgnLPqveKW8aetzO2c5PKBbkNE6astclb0XjKpJw2T/Z9BDgXW7qhh4vxId8aa08OX8aQo30Fh80cJUMWtd1SG74/WHh3YfENGMYtxno73XKT1Oqoot92f5KjWmm4mWXXGAEDXoP2WMsb8yBWszCTHuxmtjkExEK52wAMUCyO5jSqFHxJLh/Z9qGgwGSWLGBP1PgHPK8CUp3SjE+w61ZEhauwBKSdDf7skWT2IPceEwzOLWGcT1uyC2wIDOwlyI1PXm6eBPEux6nFg00VO3ufCR2rL5ezCvgfsRNNLExdjPYmccE2EtfbSvn0cJTxL2VP3PMoCCD7Aq4HdF8/hN3RUfzkBrANvozdNEuyBo9pBzKMDDdTQLz9kHUNJ7kPIy2vRVk255OWTGbemqjdC2TchvDuT+LKk/rzbCf5+LD6oiRQ0Aum/ryxdrfbxjfViMLg+yLUtGyMT8daCkhgUdiAsV1tbV+PP5rKtkNT705jbp9gr2cAVrVXYRN2Qo4Y3T14oCuV9zswXSAUQ7tw0m29YPMWlo8HhfKjuA5y8t4TVN+ucaDQBzNUWfgJqbZo8GQAMKHF0rBmrWxkNrTf71E9Y3PH6VAz6lvAFY3kcu+hKfMu9r/spSVVjLQgyoc/TEkFGBdYbtAbyxjb3LQk7LvIPgWM77Iwn5WqO8ckY5WnFJIgPq+nurdIvPSEzfWL4JX0L74p9kTbrdvE0AZhGybfV98cVU/J0MjBTmd5gp+5rlywSHLCQYEYFRlxph0sf3LPOoJ+0AdJRF30FWvU4BN+O71ilaRBFMedUQ3derE48E/jZVGMmV1/KkNlAYAQX7ZRUVqtFxd1tB2LTltBAuirzTLwT2yjid6CURVI+GM734RAQgSjhPDScpQO3SLL8QfyNpAYhj462Dmtm89uoaTy4KL2x79apwO9yObYbsc1jVUCdm9tSuWxGW9OEbjIKKJZJTkCEDJprBzzg4urAhd8JUc9uJMts0UnZzO2GUJu0e+aXVNo+BTpAgfBl7BuqZDWE/CrztHn/JiOxjQmZaB7JUZaORbQKa0C7cFfBaOA46NMI5fgSEQXYUGuAGM0n3T2TWgDwtXaWjYyDupIUY2IzacKlOJLQa2BLvsm0WokXlRJM+Y3xSbHshOmc1fENaZ1f7UJM12pHqzc+lbsAnZd9LvmtrMbKLh8qk/HfxzRQpjd6IqfDHpblZso+jqfe6vFXYxPBb64/aHJb2yYCqw7OiUwTCbMOugdFfiHCgkTHs2TfNvp5xDCjqRL0w8vqJcSrC8iBBgrF5x0VmvdXEU2RJXG5gfYDvsGal3mb3RuostJ5FQij2Y6I6nLJ6SctbJI55UcIhw1tnziId12QrDOPISlCcKtVMHa5Nx/UI6SqTo3P6FuF4DbKdcLWC9v2QiBXh5Tnkr64GazzR5ZMwmYU/MxROwNa7gBul9hSDZ58w9ZaFg4Eltgs6oG1Z92DJP2WpIP3qFlOgxwUSjOVOL6G8LomgR9Oiuk3Y94fsiCE3lIkyaO51GLiV4lY/C0k0KVu6ZWkGfeAKAUyqXRZxTaHfDpYtOWMHTeJ5fTkSElhS58mol7A2G3DSLP8JA9fyO4gVl+z48E247KS/boEirC6Y7E/PBQSufG/mAWT8S1vgdRIsa4kmTglOsqe00KjAeZRuGH2mtEA930wny5dJ8K4kf8S4aIpgfepoR5ECH/xxrwPOKRCadcZIi51yIHT0HchOM1MlKXbnWQlUabOvGB+yzqF61KKZoIT87M94ydx1VVzrPhQ+1V+97FP+y33V1959Z4k0hhqPfg7UiHG59I7x5wZYxpdKLfCCcTZVD2osvXPQe5J5lOjDX5s8zNdFzKcZ0vJ7Y6hKWm5vkNIeQ9PzejnZ+ky+/B+ars1VkM3POTgAyIOjdqhxy9ijUDfZoxvspok1dc53yhl7zBWzhCgntQAih/HvCZDgmkkITcw7S0orwK2K1wTIvnXA5f51rTGA16LpqOjl7wch81sA0Hjf0T8WXhq04u+MtkzM46qEbhy+8ZgcqM/MyigvECmoaTvSx/YZWladZHixNk87v1RKnXyNmyw0CLwz7alZrjLcNVj70KY5a8juII+lXKYdLusnnphVUVide8r9fSFNc8OhqTT5yLvzG0s8eRDdW7TYOq7zZf9hw4FkyH26rfcxrwFGV5k+/Xw3o18bRnt5RDeXgqdo69powRyFPJzlZHOHWlGjjNzJdsLQGe+ZQuaYvtkHnkMfgDK21ohzJ3G2/kVzLxoW+lPYBU1gzVMUwQ5/mivhb21mbxoJxaZ18FLXrqJoWpCevcmH7D7nVUTYK97PbGUoBZ9mivUs2mD1wacs4HptqjRvfADrQg6L1HbD3BKc7n8/x4fOE81dTOQDWKYzLILBR8JZLVcQISUu5rmxgQB7boQTSgW5ZPXa/LXzb+jbfpmUL7rNB7Ij+oJUa345EOtWu8vJeF61qwu5Q2C544UA7xel6WOPsy2jf3VyLMzK8HAvyOcx7nH6+Oo9CRwI9QAUv7lnsMOGH8nldJYj3KR63KWKj3xpK+d7o7xLydeIje2FH1c1b1vZdq5muywPrTtCBEB80LlE0cvMfL0kOpOwh9JDaK4/teCwxadLmmsTpOFkH8Wf5hAfJv8gnITPtRsgBeQhwd1MQGcApHOVQK3ZlCwtVGve9m1n4cuv+qSZP9xt6xND0druZ7hDmh5y/1QCQ4eLqP3hMyDcFuSjHI2ZWn3f56KOsMNE8bZZvS7ysVfHhUBMgbH3TsXnSxf7QUFFkIJ1H85HcHDrtM++xvOWuPz/TqLJuHQiXrp/xDvQjqVWrOFWUFd6j44O+4WPhtfr7W53tyRA5CvRpEC2G84t0u97R1HsuKtT0Y9ZU+Ye3cOxbwmmteHxKrP9umsoC0vcXWANA/doPwmPe2lMB33E/ho/fzC1v1VugZJSG2/m1ETX5XMgtJ1CYAp6MvYL0JvR7VtUfkGVe99rnmtOmN7w6XFtwwcOUrj7n9efAbRBtG5Z98dxg3K97NKAfXziINnDwxAwfR46PL0ceh6Qva4jWA6oXie4os6O1HIDZjYGjepqkhrBLyopo2TSB5+d4JydgF3LACdwHgjKmlIwvFnms6OoPxtpZUAsocg7i55NF/DXA1In/9OurHbr28aNk0YJD0wflSRbIR36lu0CXzQW7xGTAagKF0L4aJ5g3r9ux7ynnEgJxgbrnPBkVDbFL+in3U48uVneGmtExHkqMlIAmOHZ39VMmC97dRRttEgdVYecqPpHScYohRPNGSYUWmPbeEyrMSrVeEe3FTIx3xpwBj7eP5DJE3G5W3Fvl/Oz/8b36euOaTYN/mbcQW8fS6Rn3+fMPIlotzSyuXZfkXlP3+MsU4bHZ9s1CUvckses/Le5lCR75s+QdcgSDwT9EUL/mw/aEI5f6CPvuPkI99vi039IV+VSBh6KfK+fMZoaG/4dRP0bvOtupXI9Cvy6q8LqvtXwrj9aeg/L15YJb4uSnYdv8886777Rm+/yNQnf3UwZS/Fm5hJg/0s8K7WB+pWv+V+PVmcbfnP5f9FKw3Xv1VkA/ZY1nG9/1pGIe7kKm2/r4JC/9JR4HPz7Ebl29dFPr+/N6BeVbm/233/aFv8D/pmt/KlpudbfXxz83/WXf9uoMx1veN/zA6+D+NDob9S4+v476k+a9a/+j0f2uIgv5DQ1u8lPn2bw19R+/31/6zAf3y8XH74+VLPFXqmOXgir8D ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/images/Tech_scheme.drawio ================================================ 7H3Z1qJKtu7T1OWuQatyGbSi0gmIeEcvjaCA0jz9iQD8M3Nl7qrau3LVqVNHx8rlD0QEEbP95oyJ/IXkbr1Ue/erUoVR8RcCC/u/kPxfCIKhVvD/6MQwn1hR2HwiqdNwPoV/O2GmY7ScfDd7pmHU/NCwraqiTe8/ngyqsoyC9odzXl1X3Y/N4qr48a53L4l+OmEGXvHzWScN2+tyFl8x3y5sozS5LrfeEOv5ws17N15W0ly9sOq+O0UKfyG5uqra+a9bz0UFot2bLnM/8b+5+jWxOirbf6SDbmRSr/ENt/+v+nZyri9nlP8Lp+dhXl7xXFa8zLYd3iSoq2cZRmgU/C8k213TNjLvXoCudpDn8Ny1vRXL5a9VYvAgKbymWf5u8qgNrstBXJXtwmt8BY+9Ongfosue31TFs43At9OoU1oUXFVUNTwuqzJCg7Z1lUfvk38hSBInaXIDr/xMnYVgr6huo/67Uwu1pKi6RW09wCbL1fXCuEVyiYVU3TcxYMilyfU7CVgzS0NvEb3ka+Rv3IF/LAz6HzCL+M/iFcsIGKC/rrzVi/w93FsRP7LvbXe+Yx/BrH5mH/5u+NvZt/rPYh8NbV0c/yZm0fRf3/q18Gvzs7pBhv11Tf9C436DwhmN3phhXuqXLitOwMKG7vRfb1v+n8KyOA59KvxJ44jfw0Sc/oPBJH5WuQ3xC5WjN79B5XZ6dbzK+XFF6nrouHLJrrT/wsn/LAb+Tp2j8NUP7FqtNz+xC6eoX1hInPiTLOTmJ+ZEIURjy2FVt9cqqUqvEL6dZb+xD5H2W5tDVd0XymZR2w4Lpb1nW/3I0qhP2/N3f7toqL/SyxHfLyNPB8P7oITLPX9/8F0vdPit23T07veP+sC/qZFN9ayD6G+YLWrBpq1XJ1H79wEFIvLflJg6Krw2ff0IiX+7tX1P+z9FWf9cfEP+QX1/hW/oX8DT34Jvfs2/n9n1L1Tfbyrrfnfl1+rbQM1oAYoOv2cfPCemaMmL4obvFgESnTSYTy5N8F9xfDV9frM2vxv+Pi1duupVCufyLdyhfxQomvmDoMzmZOn1B1n5msY/AbbeKvAfov5fvvpPAVurP6g/wfxC/ze/0P8vVPb7wRb97+O+13+O//5eWOg/GpJvZuJ7W4L/aEsWaflmSH4JC9bYmtlg/xwI+BkD/Jpr/2Yg4GME/gcR1x9SVF+B1PcQnvkVCHhj/d/Ov58DLs3PUGKWwMy2qlG29Y/8hCy6oz/T25SLZdH60wCaAM+PCr1q0jatSnjdr9q2un3XABRpgi60yFSwU3fQ3Ocs8MS290Gc9khe2OUOfOi13l9IMB8SYvNK/kKwPZQZgtO3KnEZWMp3+mcwYqm3PWIBX70OZEiGA00qA/0KbsFLyUCncMwY3oJU3ob3y/ZY6aY8KqmceNLpfiGu2Ps4vBVFiO1eEY+lCgc6mVeG6V/K3jynb3Rz9/QJupAz6iaT16s29p17PlayZDByjsH2AmGMIFEHqlczBVM5QB4ygVBGA5N5kCiWmyii2xmjjB2yZFQzeMwBeO/v26F7CsQpQ2Ohv79rmxlPjVcINZ369NN34Y5KrvyhP/i+bfcez4FrvNyKxofrk0d70PiddEzll566WSQJa33LXkMpmdtw+BA6fQHXXIS3E1z3MYd0yHyp6A7nHe5LNiPfTsTFoV8XyUgXGgxwXhRcH5xD8ITrHxSTIuDfcD5ComJJr9hKr3AUNp2zJlrBvwU4x6ujWKysZDtHE++qkinw+o6fv4V5rBSNJfSQJohGvQn7GWOOrvWKCWh07pAZiWbC48LtVSEZFNyFf99VdE614TGmDMpA4bAtjmiLvlEfBf2zLg68Pz/9nclPSDvUFt5THt//TL7gtWn+6Dh5t6PQnGaewXOWjeZETeNa9jQf9QTXZKFx4RqtK69YyVM14fhw7ui6Zk5zQmugjXH6XvonaPxe45Z/QgLXBWk40w3eVxi/tUW0Kvj5O5/6ze1kJAPT9/cyEBLXeyjZ6WF8y3P3CshLqSdI4dF/PznS32AMiXf8+IVff85nkMTPtvB97rebwn8gnP0fm74CXWC9IE8mL/hDbg99/lvr+Gtb+IO5/G+s472E1pFLT6x27LC9lFQAflTTvgp2Av9C/4AMOKDAb56/p5aMzgBS5cyTIXMg8ykbDjO1486s7Jxhy231AoBdHTohhtfi1w5dlc5H0dkeLZ+4YCEhDheDhVY3eHoOXQeEeg0k++mTu/IGrTW1kdCIHWtY4lFEjHr/Bz6fz+fz+f/yww0aSRnwD53B7Jy2ABAg3jJENglkzqgOPMA0vgdH4arY4tE9S2zuSX0Xbq+bRDblbMfZt92Q3Pdp0xxM6qXwwgDRD65mAaVZ1VqHhpJgdYxljVwVjvZlawrF3sR61coZwz7trJN4ck749eIUbXA+0bErialLHIvLLaw85177Eg5tGNsHpYqF5wsZbYtVRPZMXMKBQeLu+avsSFcq3aXVU8nclZ7vJDOnzVNxj9zb5eGXOyIqV9y1emj53fPKx/72eKyGtn7AEbrG34/twSHadUo/6+fm5a+gTeyULddtLLFvYnkI6sOokNrI8Ees1W089M+EWnoEBLNkiyw1FR0yWjvfYDzPZvfV89Wso/Vro28H6FFFC2deMQzT2Lhew0MdIn521WUXFdJdgn/vdkdBtCO1bsnzLeELO4beXeRHUgufz0NKMfVOqoLkecJO3mGPezRr369mf4zC0yFdO/ZdDA5pbu4vezhYXnBm/qBB1dwcOnxQLbk9Rzq8ULU0PV7GZrhE0YUeXzFJk/htfD3ocVRH+t6NVyXdDyXil3NYF9f9haK1cXdTtREUwtOs4KTcB7eF17fdqSYerxM8YzvbMvdesJcoqjJ1Xr2Y9hryGTx2GNYqIkp/UXWEVxhJ0edq8jjs7oCptqScGhHYp27jBMF2qBKX81aE3QNN9RGdcBFrbqWSlgI7nnWjh/0ggly7Yi0ourOxt405JuLLfPGG0Mec4ybRCheOaCK1zBErccDZ88C+ipNn7LfjSnwUbDgIEG74ndJu9Fh3xkKm4uKiAH1jU0JiVeVOsbVmLcvEi5bUPTPC0Wj7gceJcQlES7Nww+ucFVkn7JOWctp+zi50p/nOk+XbUTz3ZmDwJe5X55UCr5zWBAVsoQTmnl5lBgt2hmA9w8cJJNyJPYyHk0ldgGiYUBc1oJga9PIdC+McFiIEo+N6GXrtEuxlwRCAC4rEIt2G6wAwO3DwK7wABpvwLi80sF0DhKRIbJCwGBwKNpLgUCLGAgnohtLt4T18IO1OEHe47JHLQMIDteJdBAGYZCvc4bcAgJF2MjDAEfAAYhdOAI0ZAKAYoN/BMVkgCFLDwYa2IXcQh7BXcBAKOKYAAtNG8wcc56D5Cx3sAsfcAknewvlToAcjAkByANwcNuUTUeAUBIX6RE2gPvAaHEOYxjDBNIYEx0AA6QzHiBM0Bg1wuFKwC0BVYAAc4BiajcbAEy1x4BhPYJs4nLgB5+GxBgfXwR4PcIw74OQzHEMGIRwDrk3I4RhwHkrCCXsbrcmDY6CJDUAwCzQGx4FpDAuOsZ/G2Ms6GoNFY+SwLxwjx9AYkiBNY6zgGOY0hm0iWnfwHAZnAw4dK+TwewNpyyA6SPAvGfbVgWwcDLhM7gXvu0N9eIHFOHi/NexzRX1YFqioD7dhj7KA+tiGDkQgcyQkKESHsMkVMt7gE9XlAJKRsRMEB35HAME8R+GbCLAGcLk+QWcyYMP+nMt1CZdAocmAr3NgD7hEAUhWYsAmhxubS4C1ASvCSeiJ1MFuLCEAjoc0wdXiGEYbCtFBaEDcWGvXYA2pAsTW4G32ARg2gf/fXFW24wrgZGssYYFn8B4c0ZAw9qYDUPE2X1ecB+fEyk//JPeuD22XU+OGC4XaTmhwi6i4tgijJkovQej4mWJ8WCODO5qMgh2c19gV1JntRHAvKvBIGK84M2ybvA6wTTGO8m3jnHc8Y620x7EfwKmQr4B1ykbT0yPxWjsvySSYxN+YxUlOyES62eAuI7M94AhyszCYYl8JsvclR4PxYe9yEB9NNuDbnrRqeH416AyceNsdt37VVck+sIHF5cZhtno0rW+gyxEDaPRF85DzaPCDDANuMwGVqmodONb06YlzT/sCgyWWl8sgYaNTIoJVUWfsM7s7a8f3oOlUexsIIp1iCZ/F3otICJ9RJC2FIZS49ZKDhz/lodwnbHLmuSj1g2G/cZt48zBG6bzxnx0f8SBhNluR24x7zAiALld1syE93UfOAq34HF0Kz1gLLqAErFFjjLtpu+wVP/3idtzKCUsJVuS2r/qllxSbq+yArQ8Ym4CXVBKhc3mVrW7iVHHSb8paNxMZ8TfcXmolJ/FXRNN3B95FSVtN7zhju3oqBPlaD4IVP/r1oxlKvRH4tdCxILxbKiI/bL7muwi3UueYmod7hlGjvYXKrKTatqxbfR8E6dmwt15A7nngAMnauvXq1IwPS1YMXENhaeobNiBiBvkijjXirNodC0uhklMAdWCohjLub6ps72X/vM6e0AQhh83nlNPtMVYTxrq0dODywUohC5VHIiJ6m/GYCTugWRLHrUqtk4VKhoQUh/Fog5G7DKsCMpkTnsoLbOGK/GYst/XDlJUz6esigcZzFBYqOGUn/DnosPyfwnUpa4Ine+ihHj8SXmZE5Kh0PJb1ur+6SDdBz64YGclLcU8VC2pab7BIsy73/TqMJdjTTuRQUzZlkRlQkPgKMFvPXxkNGKC8vooALmSDQ9t2AoiwD//56PYJBa0i2z02W+lQKdCLYMDrOrCVN1tkRQq4tpVur6DdYRMdaUUwbKDIVOBaph1mBeDIStAkIU+nQUPE3SSwc3kDPKCbuXISEiGwh+33wdZnoLDBJrbaGN0Bg/qQgHSdXiMkZnffCle4HfQ9VgwaXr6AwdGdQ3INg9NOpSjgMGa6cqN9sS6BwD7XkgK9Pdveaee5fTEI24yUdDhvYmZ4eDa0iZ0crJ+DRUZH54GPUcJ7zzzrSbx/tNCvX4pxd7GsvXWW+TC+oyzpvRE07LapIBXKY7a/RNbjEhX9ltzea7O87Rqpjs+IA3dJBnipXNqzdnZ3ccYAEsSb/TN/vPZFxOQyZCFH4z4ztMGuKK9Y15gOjlT04jx27Hn9ukBYkujlhj+sufqqMR6zivedOhTjOoXtrrj+IuWChCYXiOWx1DfcjcMy0t7hSN0zu87F3h9oswUBa4hyfnlxLUEJwn5YFymdXqAVH4xnTK+DMk8gytCeG/x8oaCj2qWJQquzcpoJg4Res3fczTKg+40lirw2GdHZWqecVjZGxikIQLueYdPzpZJZagt8wtMnhMaTAavYZN9WjKc/A7rpu2gC2JtSQgK8gaiJ32JnrkdWWPfHvczCj1chbrmhQ2ZAYdm7SK6HZJXdrCY0j3y2KQaeuq6iIH/RUKa67SXEorK8jC/NC8yu6Nyu393OGum/VmO0xpGwS4FTeqx3PFtaAsQD4VxPjAfBTSNnTlFh7kOMJKyUzpew0EMIGLDVdTPUstr27v4APX/jnO/cimLBQalX5qZ1SDYuIp7QsZIm68NGwxXQ8enKqf0YC6t8ELfDZdN4yCVT9LXAz49SuosJgrN5eCrOFMQgirsKRYom1kViMI/bxcM5AXkmA66a3DREuiYv18PmsSXt6uq2EBFVQ3FlgG8qkG4npnjZFPSNijyGp3sAMkNHZr53mkMi79NEAu65s2krYK87K7jwNy2Bg1Bk5m5S99EQD5T0XzPV9WarJAQiFHX14frhSW1TbZ8oyLAKPNcvEEklQmnr0uuSQOqz1xhYysv0CEwGu0z07aC5kWzn6oinpXO+IJhtZ0Bi+/2YnR/XrX5KygdP8cVe47yhS4AjeNmrVchyFOs+t1nW4oNa5ctw011woU69WnTLfue02qVd9x3hNb0PGBgiiqrb35QLcSFWJ8KMiljt7gpX4bV/Zq1m33YCEDd1geTHv2AwFHHy4WB12tp/qM+HDJA7FMu4soyyXbfykS1c+3qN4kqNntcAgpd4fzpjcrcvC2gIahk77I9r73xiKB35+pdK7dtrGdWOePK220pZ78hQl3NIq+cLf9ExWYKq5RGOaaHzPXcA267qYbtLlQvQjgFLjLk0hpWNaY/VCdHpBJGlzIUeyjT6rfOkVqa9OYcnmsfuDUj2vds9T6MDg2D+6DfYaLWEKF8orN74GttCFJocohoNhDM4ufcuim69+stonbWNVQR8DEgjhT7vpeaIKDVbI+TS7JCGSWsyWNUKiu02N0DxAgzhCubA2ygmJC6HQj3Qm4osOg70UtJEo0mda9/2o2AVPM81BK+DPNJxUJ5KRSkZilvRu3UqPaCPsCvN95EEnZBMmESza7Qn216kJsCPEKXn7L0mXBQDBvQpsCPKv3tSzfArk8GoGgJj1X+eGe8U79RI2ZMNforS14XWXS5Re1fWw7jenwMR55P2LPxzKZN/6MPNfuoexcwVyMkA9pLlb6sTVO8CSAadMxAEJOwexIkO/8agPzwY2k4/SfftkHDASVj5dekONhIMGfpYGBabT3c2mw2PcJMNkX4BduyUY2D23pMsYLzE8Td0b5F+dWe9NK7s2drmhL6DbWR2DSOfZyxpu1csnc+7rqaQIAgGn/ePK3iNj+b2Qii3LRTVYDfPOyGwoGFfIl+xUBoldliVmVGyENXqe4a0Fmwkk0y7l9hVjOwDYpHMwAgO8to5D8ODdG1+9Vpb2h6jfIhzckepSGgwiCTKZmD8Gn2jPjKywXcIk90NbG3tjqaORNwodTpK7FFXa0O3wYkbDYHmmW5lRLyp41xddKWH3MnZQ9pevhQCzopRMjMbdPrqgmO0C1v6Hgvrdb4pYKyBrfarS689PL2NNiM/jFTdS0DgEdWQrN+aAdGZ2FjntAg2F9FzMcIGnaxRuDeq7QnZOYT5Rmq3uhTRxYWMjPvaudWIeBAh+89L8TwmkK7dblffbtZpfb5tUYDwIg57l9tyAGJnpIIqsSZonzlpgxXUfQ/DTHEtXg6ahMgY+q23IfYbbw8j8e7A7lHIFg1MQWFr7I7fIbc3KSPfGGrHxPuWeDa56KKgUaSlxt7AsVd3n7GfbpngzxedQh8QHdvOTda+foiO8Qsa+UISIwEGnmUenlGqakth1hrCchTtiCt1JWdGZ4BYSXESpVbYsEqJfVDqaYNIvooZsY2xJgkqwB0K7JDFG7Lhz+k9PtAsvW1jjlyFtmQIGYOF1vqFlvWkSl01SbpzY3+9w8dXyGg1BJeGfXt1aYbRt8flfsF9go+LmBmRPRhVGUJDdMtG98XLdStvEyDLrimYbbRubEq4VPpGCk8vr0BOyr7nfKLJ7L9A0f81H6VC4inJu+4eU/IDBtuscPhnBhw7LjB0CFwMB+wdyRUotDlkgGkrCn1NRhJ9oRzE918TUacv1OP7LwN+USfjYTyvz94A3XDxxginuQZGdfwFOmpmq7T4JkQJRmt7TJ2gWLFGG5tIKjKUQQwjYY3Csjv23N/3CgSaW4xF5uwOXih0A/tgGLMyfu3RySDCiUPDp9619jQ/LTF153t59Vjj0uVcKbgMgdEVELW2zXa+4h9p5I/tTG/PZV1J1ICknH5tHWQ/b+cDNjhB7VzWvbjFJbODyxHZrCtK63KByJypUbOB7Ff5zbrIK/3wrIxEd1mwTbaytqVj5Xlq+ubZ0GL71MNjShiazrIDm3NrGKRsQMFmtUsU2CY0662KYK2vqVfVJcLuklgGDJvB1kA4ZAjbWNWREl4uob9WL3H2OpEGZ2iNAnYUkCSzxtb7vUOcL+td1mbHRMO3NudK0NfoiH3MOo495eRSZBlumyPuHtiOwy6dCPSKXW8IEofChNLfYrgOKINwx2LddAqIcUMAag6cNmtaSkBTiM87fGOkLdXAG2MrCP0lAeUzjucybg8QUZFnPZVG+cRDStgqcIFmcCtkqs5qWBzIMsPpYyjp/IsqnPN2dmC1Jfd+PP+N+M1s9a1+Rnjj1tFMiRhFpMiZlL5rsx7XQPD7AM2rl5xTPq7rdUev18PLaTArfEburr4cg5iuYdiATMSuJ4dW8luNFrHEYh98CDowAHu8KSgsU0jigZ8l6DVkU3g9d9vsSO0aLMQJZROq9iboUDS7gzKuG+yWIMINcp4X+unS6zNFdOqmparHWXU3di6uZUHnEtgQRquQ9OHtMqD1IaeYP4YXjJ5vgcrWtR+g7QrqPjx3yZiEPEQ04JIcStLowp0W5PfUH46ahHIJeEuAWPOofdodjDvEAlDR7wggpjyRvfYri1E2ARP40H/DkMWljiLkeolDZGEmh1flDu5qSJNr3peJ55xWERfeOul6MFkTtNcO7ICUlN2hPURyJZOu7MqjuDlqLsU0MmDACip9ADStMhh6KFqRDIXLumbTk3unLnHqaq4QpFAKWGWnrGieRtDPOl45tLw1fbzpyl5bFx10szqlAlEGsYCFdlsc9UyvYijRZS9BoVgXIcRhO6zhE8gcZ3XtHTuG3ih6rm4vT9NCj36s+icP7QpCQCeUdTYECJ37uNzt2itoGCS+FR2vLkokdJERdpAAMLor+Ud+u6tN2x4uujTW93102dhhD9S7CRcPAcgdN/lm+7yYt2AszqR6ueBROgbJ4wAY9glRFQmEy/E6jk95F/urU38jsr5tL0SkJFGnQhU5Qz0yj8RwSIdo6FM/Ge8Ks4e3I+RtJ65uhQExgdSAdXTNUDatLI3Xpi7X2nrz2DRlLKZax97iQG6UtBGBRLGFsrpBftrCBstvNpUgIOTtUCbjujO3IgHEwXNHBD2g8eWAcl0zgnBAVTfPS4XUlD60Qh+bO5y+sh1LF+fycQINIMEu6UnpLF7Ph6tU9mV90bfCIyaUBkLMnWP1AjCgnRwcbjgjlYPQ3toyaqH6O4aSSDKN1i7It5TD99CesldwGv2XbkW7i7CLb1F8OZBJobVRvDYkGGa4RkzlW5Sbp+7xmBLMnghQCIvcV/tUQbYixtHaJjzR5uea68ATXLjhdhqJ67p2Y/NhHHcb6rhiKbSZla2PdAMG9rDysfAAZPYAuGN4IeAtX6+WDMF4No2hglYovJxxoFo7ZE02FJ/wAWjZeHvwxuNqr+pSbe3WWGUfenIlKjUBjoC8gUhmIDMPARiELGxiD1kPbzjk9ire3I9gc1pdrRWeiRjrFU0uiGhnRuaxPQOKYMsleGwiV0aMwXh8CWizx7yfmEbs9jj3vFJQSpSOVF/XQdRRAQYm9yothKxbb0n1EHvXFnTwvIiVYyRBncPB9sALrrat82B7ozCVfwD9VUhJJJKVvX5d2IbT5BOGbAT0tlYiGUrlr6OerD2ytwal23pDb7x2z/ZC2RfA8Yr9tPje4JEh45434yKcrvensM0jvYZW4CC6PZXxxwDYu/CCcrGGCaDTNbhaU/pdF1cZCz2Ou8JauiKurW6eBej46ZQp9TsEbANUSlO/P2DwWzNutGUZdXs3GnuNrVe4SqUQtXS3fqtD8aIBSOnNGGXS+XpiwPp1PDJYg/H9s9VKMm24hB93hUZ7UEOFRLFIch+8KJmPbrf+Fne3Y+uclXXcq0bCmWErx7Xb8Gj3hhPy6IH8UcgMt/B8ZJ7KFiMufc3XzibJgNTpA4qWSCKX0IaQvLdcTFRXIDscAiEgqoqhnAdLjYAUdo4MBj5WGFzZQzrwELV6xFZdpaREAUO8JUHoJuZYqWbhmbYA+MvV705oJ0gB8tEu6Vjgypum73Pk1/TcThLsjAkvqYOoaihON/PE5uAOw8G7kt/qYqTxkd/2KnKKV3pz2KGdCqm8s9oRSLaO4XN0lArQrl3gYuO8Sc7Z/bk1JcqImjtD3Xa0AmM1F7C3dOMqBkDbVJygEuoJhjBs1Fcd59fekVzZ4Ut6lLsRKLf1yt2MEG4kUsfRqYqxAXscO/XpIZtzFkdFB0oE40SFuD+TPQgBlxO7WFkfvTHcp35pO1GUiy9rhSSmucDIdevtNv6ag3cPgVCkl+chNs9MAMdjbxj0GCjEqzoLCISb2iPk25TF3e0il69fMATDV2dv/XD9qvL8OIXUXCu11PQBm2w7QG/txy2OLhbaxqF3wD4T9oDxBUE9AqhjitWEFsWjTTZbPqy4ItNi/mGMN8cY7eMW2wcMDT3Mc2NiLk9BmQ3BgwtfBJ3oNbG7eWq9YeM01B+EY3ScyBDFDRpE6EiGJL7FF8w83CpbDB3sRlz2bni9dpyrbW5QXw9At5SxPyj3zVOhn9GF9ZVm0HhRsVxw5WXQbRXAqPt+//R5JX41Nde0MWx98xkG7A0a6NmGDzgnO+O+IQb+3pLHwfekEgpf0/FgRFkiUup4G5fxjFRipb5vtmmR325bXyFzI3U68CghbkPyf4UgoXxoe0kfTRQymfTmXB7P3Em/5um1AaPkQbfFk3Qo7FY95vrCebMPlW0H5TAgHjvS2FV1vztDn60BmX8K3CqkufWWC8VDJPgdOx4TEwW4yAmdT4n8UjG0xcGutA7CGYM3OMLNrqGjCSu5XDNnS4t2vuVwWa5nl1EVYoGGXqH17tyeY3uXbgqbuhx21DELa7rImTVRHwq1zxXuoJ7XxvnuQwld04wBcp67PAmLvbnbg+SZ6jZpTXz3SkcsoZ75DngqjvzLLjKkjjoM/AacX9WwMXCg+3gxVCCCiFOVyDvAvDNTlRZhGuvVkaGyi4vf74fLPTIw7Voyp9G7rSVulNCPVYgXtFLJmco1FDvnEqkuT4ZqoF/oYH10ehDL8/H5xNT2dVMtXSxkfSWWqkAeHMZSPSkGLgpfL1PT+9hgV4Tv8LI+hcGWoMSo9i9Np/tASQ+PRKJc+Sm85OFMFIqcvuKzE7F3VdIRokSwknpJZ4Y5UFvi2RFOFavXBm0h2ozm8h6fOShGkrejCc24aKx3rAc0usxQ2LwOwguykg5d2/pLYhGcvLR6qhiikp9f4EHT5Ivxa4gbn5QtnyJ9rd2lw8ZSBakM1ic1QSgdduJwETm9zW0burS7TYMt0G5XUeawir4nazBepHQ0rMeUQglriydt6P9ZxU8PVpXVcqiek6ttMlEYvobSGiKtXKuP09p/3vHbKYUWmnKxB4TGN+LFeA6l2WzV5HmphY4nPbX0EjwSHU8hcFjLbqYYRNKe2YM1svtVqR1PGkXWmBfG7r4gbmv8llVHoHX+XpJdQ5cJLF7Hl9J8bUnGk3en6+nlVK3gVCftdRDuOfCeZgUefKMr23lDY6Vd7NNOZU87mlhXqXfMuZVJkPGtayASCKPRc+pO9GIOQQGRihSWwtcERuXPdRTeHkbT3slkzRmpZPMP2z1LIFpHfv0sWjrbYI2P607+ymFELLZ+ItLMQPsrh8Ah1rQlwJvHVVECH/mBVg3xkrYxC95ryz93I8fcn+Nhl6yI134tR4jJ4aDkAthcXqfo2m+IM1/X1Pbl4M0tWKvF/rohxccdxjasl4v3pixel+KmDCcW7E01eCnsrcaJYT/cVaa/7mjRaPCYkPbhUdlPxGAD2fYsJcEstH+NxF9p2/ug7JNtI0gvBZr/nFwhC3Fdv3CSzEKdQPtCtEpap6eGHr8S126JfKN3Xz+u+8pzkcTuHxYJLZ3IX3ljB1bptBHkKZXwCFFIyNIUktYrIeixVZaPrNindzMLGuVVHf0pm3BWBA0pSVXc7cP1cd4+V6Vzd/Xo7B+uFIreLDOWtVpnmtVNP7GiKp9tXhSYS8nvLf0pdkewZaTcqVViHT6cgxrI56jgjtErEgqvPFj7a9CGhHePCAsiADm7e5HwD+RIOJY9g/7ZePGTTxOwfaQeSiLsykQQ853EvV5CZmcyx+WsD1nG6iQFQt1zUqjB5vlubSxfMcpkKhg43jqb2MPbXaVU7hQTlbU8MsJVrNJUQMU+PN26Hg9H+SyvXsd1Lu3wo0RLT4gtEmbPwGAv2R9bTy+S/uDlgzoYbR5b7KB7R+Iuu4nv6UnSy+ROv/s0v8KCyWu/EptJhycYZIQ6T8A5HlhThGFOdW1g+FEILmnkZFldlatI3rVrigxx4JU5ymQcubumJgMnb8ph2DwMMRTkpHIKdE0WYMPH49D3HBL/JLziq0p6sDsuKcmDoJ3hZbY8rPM8AW57YPORiUXFeTZ+Pag1KlILDbbAsrp9bVgaSDCUZI+Hx5zdMu2TdtzTnCvLc/X873h0iPnx0aFfPf1P/eLJoT/t6eH3Dz59yuU/5fKfz+fz+fz5n0+5/Kdc/lMu/ymX/5TLf8rlP+Xyn3L5T7n8p1z+Uy7/KZf/lMt/yuU/5fKfcvlPufz/7vMpl/+Uy3/K5T/l8r/p8ymX/5TLf8rlP+Xyn3L5T7n8p1z+Uy7/KZf/lMt/yuU/5fKfcvlPufynXP5TLv8pl/+Uy3/K5f/UcnmCov/NyuX/gbclfcrlP+Xyn8/n8/n8ns+nXP5TLv8pl/+Uy3/K5T/l8p9y+U+5/Kdc/lMu/ymX/5TLf8rlP+Xyn3L5T7n8p1z+f/f5lMt/yuU/5fKfcvnf9PmUy3/K5T/l8p9y+U+5/Kdc/lMu/ymX/5TLf8rlP+Xyn3L5T7n8p1z+Uy7/KZf/lMt/yuU/5fJ/ark8if2b/bo88Wf8uvyva+F/Ln3/dXX8z7XwzQvF7/0NrobTtypxGVjKd/pnMGKptz1iAV+9DmRIhgNNKgP9Cm7QEmWgUzhmDG9BKm/D+2V7rHRTHtVUTjzpdL8QV+x9HN6KIsR2r4jHUoUDncwrxPQvZW+e0ze6uXv6BF3IGXWTyetVG/vOPR8rWbrcfalrg/LUXCwsvZwvhX9j8gsnJy7R3wMOH0KnL2D/Iryd4BjHHI6Zw2NVsZJEERSoQhStjHYC7wvnAqhDBgh1/rvXBAV9L23cRMmCp2Yp+Dw/gULfxpg8Fd5dzoF3m/lv68rDcd9jzt8mWh/qy3rf1idnqiVTSn6R5HSDUFCqUq7VbAJJxDxubnU473Bfshn5diIuDv26SEYqS2oDEeEvKXCB1LQsCGMyA95Nxg9ZQipY1ysmhStwVUpKjZol8oolPJVMwWCb4ZDJA5whbAOvmxQ1UcmCwVwmPFU+wU+ZgB0yu1cwBbXpVY7q1TFPvo0hjIcsgFIA3vfplYEiFP6iKFaAxoBtYVhiyZgxorkFhMYB+pDluDqCEVEGzmGEc/jDOXtA91Pg/ZTsqCiZgcbq5/u5nZpDTnIUqWYBHF95qmOAzWuGUrjMU+PROmzILYD6zevAXbROTONP/Ldrcg9p1cN5fRszk+H6ZMhVGUP0nOgz0U+F60qekHvT2BofjHBd0xogDQY1pTrI+R5K0DKOC+9hJF+0WPo4OQbvh9IF8Bpam+WOFi/DtdkdkkA4R0LN0Bzh2jIFX/iDwzWh+SKaY3CshU8uieYO6Q75l5PzeqAk85epv8bnxHTdpAYF0m/un2OKNfdXeLtf+tMqug9HUZp1deB1yDcwGON37S0DSjukxzDfT7NcaqZtQMN1JfP9BFodJh7ANdj43H+Zr4XWqgyTPCI5Ge2FN0avmdM5HGrX1E4ZFdyaZMHAkHYivinjkUf0V0ZATfJhUqM6yTtqJ+DqLL/wukyhOUAad3DNUFsFRBMY6IU84oXGG6QyjzkqUE/gdSibLq3yi2yPLqbNfIRjBtM5lVcwOB+oMwaN5gPXN87zkVF7QpvlDpt1CMmPjeiJzuHKKAzy1FegII1mOmQuptpQr1Io47w9vOkIZXnuz0M5n/vDeQXj3B9MOqaaqI/oQKs78RfK4Psa4jPU0a85DLM8QH1COppC2bfcWW4yJHNo3TY+WT04TzVTZ/osuqDwaK6Q3umPx1BusVk3bELB7+ok37M9QPZnsKa1QA7OcyUUC8oi1FPNytE6ccTveb3w+twGyqa98B19n972Y9F5mUY2SJ1kXJh0Hspj/+b7JAsDpMkko0g/Ab30I1Wsm/Vp4i2S34SEMonoNU48Q/dGPEM6zwNymd+oDosecvMaVP406z4P3uvslVxBMgblyqWXc+SkB4hmlv0lQ/C+2DxXMMzt7F5F3mKSxQRHvJnbBcv1AJ/1ZaIBNtFx0pe3Ldl95012pCcV2MWUX3rqZpEkrPXZE6MQgGSbtq7yyFkQD0RLbJwWxa8eqvsNiGtFrn5AXF8I7DvE9W7yPeJ6n/v9iIv4BeJaFfC2bJi+fkBeq8ezQufhUtv/8mYwBWCLAJIjqr9dh38ly/c0TnNHZQy/GCiuyva/mnSM5nFw+t7/96OgxrBR7AU/DnKNileE8N3PXTnYxUtLNDdMu7fpDd4KAnNMnoHcPC6k2jz0j7ebah3RvH86PZHlffYP2BSRBp7vrmkbmfd5ql3tIbx5bSFgJHn8N8nR+u/LEYH9ArqTfxp0p/8+dEfPq97/8dVD0arKEmJyz3+PgP1tqjB/oMpm9RNVcOIXVMGxP02/yL9PlukpXhRxTNLxd4QHhj9h1S0hS1J4TbP83eRRG1yXAyTS5qRZPL5CsU0dvA+nUMdvquLZRuDb6Z/tXkRG/mT3Zgv5vlJWZfRLIf7bYvH3Rfv/HpNw5icm6UN7rZDZEp9lMEWU/9FxqPKHOFT5dRw6TP/+bhxqMHKOobgOIi+QQM/cI/QDkQL03ALy0tgcD0KkJbodRBsQ6SQQqbpT3Am9+Xft0D0FAkZacCz093dtYWSgwTgTIqQZSaHvwh0h6vhDf/B92+49ngPXeLkVjQ/XJ482RCk76Zh+hxK27DWUknfkOKGyBUGOKkJbEHlO0QtCi+OMnmC8iyKIYUZX9ozaIQqa0NcUkcgT8oQIG5+RZz4hY4g8iWkMOJZmAeqUyR1C9tqMgEl1ih4AimaIGekiVD61odQ5quxUFBmgNrA/RLwI3c2RBELYw9RmnO+B2hg/zhGhW343o1A+oeax7RlZoah2iobQ/ZUlolHeYw/KiPpNEejSD0V6c4SjoCjTyiF9BHLu506IUUORxYQYYRQ15vR8LacUO5mjhAxFyHDMESzzdHsVXUNoebxM/eBaFtQPowtBQddgJCDP0ciIkLiL+NHP0Q2YULCKaDnOUTeUyX6OuudoaFqLOSFJGkYkqM2MlkcUVaK6BIRQkym6UeY1dBNdUATPT4gaRukC+p5pgNDvFEEFS5sJ5dIoAtDm6L1Ts4U+fP7uR2ond8oWqBmKntA1ZV6TNdEe9lc69Z1RmO6fQzQ96UmPoi8kMxqKipB+TZFZskQCMArl5khRHeV5bZlNLf3IL7Ru/thG4eUlQrTJhT6Umr3p7FJL5mI6htETviB4Sp3leph0FaFyS8C+8atD44zzHFEUL+DmNMd8VOE1DUXHU6Q4RSS9OY0poMiJgOufIuiJtpPsIT7P8jnT2oZ9EB+QLObYEsXAyFOeI/ox9KA+DwvfUeRGI/lB0Z+KoitkK+Z1oLlSS3QHZWKOPOHY/WKHaDXvUD9am8ZGNiYZoO4ivaKtRU9VbonmLXWKhiE/hjnL4NLKTKNeXbIDs9wK0zhLJgNlUCDtZWzJKszZJA5GekjWUR9rkWdrHgNG7Djs001ZDm7KzNBvmYfrx+fMlr3Im9yrc/YG2icUhX61QVmfQXnrBVp7NskgsfSj5zbQVyAaTNHxIstZQM33dztt1hNsjoxnnZtlGLx1jph1DemZ0S/9RkSXKQNkBUs/sESIArnoDq6+dXWKFJFtmuwBylRgS5tR42fZgzZmWOY9LFEntGnivF5+shFQrnJoI1GmLcGnDA20ydBOJxrKLCH+QjmDfIK0hfo2BtTcR+nm7JzQabN96VEkDecOI91ktkE8ssdIR6c1zJnHqY9CTvcxIU8tBd1nsZfQtllHHh5Tsw7aU8ZmsQ/U0qfTLGXhqTHrCbTNC9+pJduCa1NU/0Wb2W5/Tz9kg3iV/47GU8YS2ehvvFFQf2y+/8wbKIeDgnzTVxvk0wJ8aTPxHcoUlAl7kU23n/VJpjR7khfobxeZgL5qnrc8LjKBfWVGJ1lE1wTiy0ZDmzfT5vSdvCKeTJmqWe4HlF9+21QbZQCpKYOFKbPuQLujcYtNmLK1LpSPBH2Ts63LO2XKf8vE1AdlLpEscMieLRkoKyfmPsHikxV8vo9MI9uP1g/nhvqME9aZbAfiA8rQJX84vjpIJhV7sifIBpPIhyz+H/I6RziqW7J6yG4s8wyQjpKL3iDdIBEttEnWArSeiTbqlGOHNnhEtiFBOfl5vSPA0bc64Ql0fl7TfJwjmSJR+/l45sO8xqBfZATazGmNS7YZ8RPKLqLxnEHsUEYKHauju9A6QcfzHsLk1wxinhO6tzBlmyd+zlk/lImipmML4F90FhSkc/giZ5MMQpnoZ5mSl/WhPsm4ZLpwBZv6UAsWgr4zn/rM9nPKkhPLfYiv7JuN+oC3rgzITs++dfZNUCboiW48WHCRO8C5IVlbxki6mV7GnO1CfaHv1KadgtlXKRA3GWMw4b7ZPsj9jJUX/GVCeYD3Q/yf9RnZA4W0+KU/xLkIz8J74irWIbmhF6xDIAwxZWknH+w+5x0EdK8JixAIEyiTrkx+APWhkU9FuvFlOyf7iGQgXzJ7MsoMUhMOnzNvEK9d+Ykuk1yjbKecTPhosg1TRhmbaTvpM8r00bNNdBdsouDqtPMx8wf5fyXLv+Mpkg8k5188pZc5f8kBstPIJ2pT9tddcKfbT30mWZqxqbLYBnXBr9qs18ue1oyNJ3nkkTygPsliC5IlWwyIeYzgvXMwLuuf7PjsJ7/Xo8mXoow8kosJcyAd/6ZXyM9PMQya17DsNpDINs2+M5iwBYwdRrQW6FfIGX8Eb3tJzLspCLfk1Hd2YcY2k3+c4grksxcdAvQX9rGUJRv+HjennBybaDPp7LTTgnCTMs79EX4Q+q+s9zhnh9Upe436ywPUm2GKSRD/J1zz3llR+mV3o5uytQivTNn/abetgxgUXRvfWA2udeknU8vOD65N2WiEc5T+vZsz76JM2AC16Sa/g9pY8vjm4YLD4DXlzWds7gdj4uEtC+60Fqgf5FcsM2MoaqbTJFPjnCFPsAmnTHKnzP2gTn3J5ryrSM22f5Jfeuk3ZfW1t++c+inUlx6Yy/2mnTGEv/Nh7pe/sQs1x3oKwuZLRtx97xr10/qmLLjKz/QFCyaXMeW9i2QZb91e6BtQUyZ/0n8YdyB5Q0V6i41Ac5risiWuUqcxJ1mZfP1sa2BcNvl7F8UVJLRJ0JbBuF/oZvw843AoRRd+3rG0l90E+S2L0M/N+AfyfplXMiw2sJt2pya8+94Vy4llPaM621ZKWXA05FP/tsfQf898n2LDyWaTs7zl2NJvUN98/8JJ8LygTHxQeeE7//CNfzMdk+/5PvuZXPmO729f9E1e3v5quR/29mnTPNNpN2vZ4VrknJ92ffvJl5jfyfDsO5cdRGFYdpmHOcZHNAjoJfbtFzpBHC8vPlqh537yHKchP57l3+njF+b60keEuWbevdtMPhtf7BcxYy6lW/QF7cYinwVxMJIntB7U9o1JJr2FYwTvuA3SD/EX4fGEns5DXVtw0BIzID+EZFZGsRXyyygORnFhf8omTAX15Os8msuEQbQpls0XHJYsMYqx4L2cmvtM9oGadsTm2HKKn2e8N+dM4PypBSMi2nXI/s5+UCYWu9MvvgSb9GvafZaHxXeiPj3CBW//s+SSIH0mPDtO8cKUS0rwGXsF5NwnePOon+cyxd3jzKN3HgnisdkXkNPu4HRvhV4wN60ge4zuYc35J7i29074O/9EqUuMB/3ge3ewn2R52kXO33EAsfSjFx0gZx+B7rfsUPKTTPbTbv2w7ARni1+cYkS0y50vtjt44yRs7pP3X/o+5ZwQzpYXOzH5H6Qr9BLTzzkr5HugbZvbBP2X/Zz0b64oWHzIPDbE0xM9pjZzXDfvlqKx3WFpM862BMXrYIn1DHLR0X7OySA7lyz0yAftjZ+WygFIz8U2Cwh7TrulX3Z3yl0tNFp2L9WvypJ5Z1OzdovfnXAxNWGjd/5x4gfabbXp7/k44fDJ7n/xcYq1F/lc+J8vu7SonzHt8qLYUxOmnWByqaYYZj/wlrVpruOCdyaZnf2z/JY/6lse4cp/k+M516B8VW28/WvSv+//5d9nGvVv/w4x9oLZgmkHfsJEyH4hXbRQPDPnR5Q5z0bNVSdTDmWY1233i/0i3r4byhKx5F4gtu+mHN7bziL8csqmvA71vjbh7Smvg/R3yr29K2Fo9Y0537noudpjslNf2GuKrad4bMFGOb1gjcmWLxUlb5z1r9m1/mc3aparFPXDZhv1814bSfxiA5L4s3baqP/cnWynqvNpGzv4tqX9b7R9/ZsE6t3jOwla/0u3sDf/b+7VLjuyP27TQhNAExviuw3c743F7yhBwLC//vhr2zTzc/kwwTB/XdO/2Mxd/VlcJP9/qyH+7N3+jb1b1ObXdc+ZLxXdr6uIJxpAvwxoE2IFiAkG+N2dsmLaN0KY2oRYcz4vQMwgDE6OId9PwuN+Po8qRKd9pmlv05zmPbWnUdXw9/MPies9lOz0ML550b0C8lLqCRLWqdb/X1yj9kfFXmH4Xzc/6/a/1L2Tv/ol/d/r3v8Xjvn3IAPXgz4FnscUr4T2AdWomVH9SuE84HQq5PgF6D3gFJoIeofr3/fy/w0m+DepXcP+SvxRwH7hOf6l5Wvkz04iCpPIXA6rur1WSVV6hfDtLPsNDCDb/63NoULuYaJXFrXtsPht79lWP1Iz6tP2jLpDhZuP3O+u8P0y8nQwvLFD69UtqOsJWAQIVKTB+7SYFl9Dl+G70YIP4JnlOvYrtLCaPv8ztNBUz3pRlr+ttXBySfS30OK7ISL63xSiOiq8Nn1FP8zj94vDPwAF/6NAxOdBpH/xg0hLSjhAD3Gg9BH93jJXRnF+aIIHUxnCfG4qNximVO5ShoK2L5Z0cvcuK1Ot09w3y5fSH7A8OJEQc9kSesBhSh29ywKWtKQwwbCv61Ma5b3FbHTL1gI9b+FO96YtXl5S1/aonFDajCLRts+yzbKUxAjv7R18pq6MSlNQWp6a0ijT/L9rP/WB448nCJ2mdOmozqlrOK8ljTxtA09bSdjy4BGmvreErCVll+VLeghMD0PN2ynvFD+i5ZT+J5YHv0jtvX0zp7OHKa2E1oQesEI0neY0pQinEhJl3sLD5xIcgNa49JPxpZxunOeLHiBKlm3EYEkP2e8HiegvXqAHVawpxYTSjN2P11FqCZVOfY0xPTA0Hyu0KkzlhZj2dR+ln8tm0BaZ8a1ML3uXJYJuOQfXdlSmdnM6cF43No3XzZqF1v3eQhf6Zd3UvM07bS3139F52hKZtkvevJjKCdEWxxe/pnSwms1bf6isBK552gL6ekhr2m5xUTnTFDIscoPN6TdjmLeKpvkvW6dL2jxTFrkwaFW8q9/4Kczbvbg7lecoixzN/ET0Xsok3/xE6eBRwL7j55QO/pGf07bY9/ycUr/fdMv9Iz+/u/7m5zTGXM6E0ujc+z4qP6fak/eW3Lg8IDNOW3iWu5Q2yt3St3vTDOo8emjpzeOpDFCbHi5Cafn3fN1uSbHT8zYFWGSQfW+/THK+pLX7ZWudUH7QkZmmmugu90ChzqRT74e60DlnshVjyM/93KWcI5gfqJt00p7tySSbU/p93lZIv+m7ytuL7Xun/4VueVgLvXHlO95P9rGbtu04lPJdbOBkC75kZyptnFLMy8NwUAapmU/2+6G35br9XLbUCG0p90APvn3dx57kfdlmQHbJXnTTftvlUVm2TWY9mR+OW/QLbRUt9LCJudwJ6WHyfhANlT/iX/o6j0eqWeHM8pOPsx0F7xIyYt7+mErYJt5qk/4lSzlkTs5bVvODgV/Xp3JjYSk7cb/n75SqVgv3zct/1weqNsQfg1Xm//IjVeTPTxN8sOMHO36w4wc7frDjBzt+sOMHO36w478DdlxT1L8bdqT+f9u8/GDHD3b8YMcPdvxgxw92/GDHD3b8fwU7brB/u7wj9asKmf+E8sXfUnPyE7t+8Vun+OYXJSd/WqHiu2D6n69oQiTC/lhptLn3c/HPP1uy9PcG+h+VTf0T95urpP7KFdUz/L9Y/jzJ+9Lp63iR7M3vkVaS+PF3rL5+cPc7WWX+ldVR1J9RDlOgC6wX5MlklX5lqH8duf46Tv0hlP1vItd7CSNXLj2x2rHD9lJSoV9WVk37KtjolV8K+h8vc/Mrw1ItK9Gb3qsRKwTjdKRKrWdMqst7uoy2zPmE3vFVli855qWzXGX5dU9zK5y63cW1ogOnoGSPTHS1ddGLhAgYI6/X6xcXr91rRnTngL8mAnphlAzaTrzKTY1Hh2Hc5Xpi7C6yFwTZNRDcEWN0C73Ft3yu7EjML7eTc9z26L2Se73e18/HrWbkbYN+zRouK1vNP2yOfrod/YC6nGroZ/3FG3sNR/RL3RtL2deKt+tfkVrIRV+xp7IhupZ7etezt8bry+tAl6ZVBppx4SB7b7eEEnpAYVKGfjCbjVjttqvRL+/fbkqnXVYheo/mcefc9gc0T6VUg3wt48lG2tDo5QAR7orh2jpd1o5yCH33sWVU9DaHu/NE7496MqokBjQM3WP0JnjNRb8MHpsEWk4Xyc0orLnuXjZ0b/Y70TzhpfFyyM2IXhMQsyfTxIzj2iwZ3mhPTydgcjne9rbDBfK4LzmD8MRHwpbWq2Zlr286Tjm4w7NTQHseb5fNsUXv7TjBcR+OyEi3rnjKQ6K1ecwYvG0w9tNvcTbbnhMqPfDshVPKK1ue9PuVw10SUXjzPCj7gnbHHbHVrdsOvWkL85FsHOUXPFntkit66QU4na1VFBBHDfcexSDu1KA9vbLO2F+2YhA+LtGBV+OMOjzRS0aq1SaLHgL1CNHP9uOk+SSi7PnIpJ7cyi19KDO52h8kVyQ6V9Uee7rT7LZN732+dQF6ncFWrXwyiOMXRfva2g5d9Iv3argfcorEsJ0tnIyb7r0yvzWoGygdUQu6k25IsRMD4xEJDyofh9cKc0i94sKXtwqqg1gmyvTqhajamRiJXk4pkPVedgbmCEoTveNs2+iXOj9FNXMVDCM4G9i5t5XTudQiMAiKvymxa3ax78fenaU02Xnm2RRtzR6L8ql3Oenwao7epuK/rJtw8q58t+OTmMdW9NbkB7MT4379oH1yr6TXjdYk46XW40G0avWhRJsxfrld3N5zu3a2ieb4ZnPYV4/OF53RQL/wf69OsqL7h0YLuRH9GD+VAFbdXcXrCb2CGX/EoNmiF0dWW58/prW5HTYAvUScXLGavvMdFRR+Ko/ScES/CsemihJXorYLDVNmnCdxUm9Xjw25XoaB2KFqs2Zwh52PWxvGm8Q+fWgPuynQ+wFs/+pfdnu/41mH97eF2HJV5qVHC7tSVa7bh+dt4x+uaqazYCtCoTZ7kFQ9X5ztHPpJiUjYc74Lyavv9GKMqwwDGuK6psIW184c59Zc5tcyI9cH3K1FvhwTh3k0pnM1Y7/XToPYn1xjXY9pmO4Z9VCLoYlp4thqbZ+B9bZQipvyrEfvIho0UXTa3ZVreqsVvXVnpXXpHJ8Wcb/xB+5APJxmyzfAfWZSSV8Trzmfw5WRhFd9t+PiPgAgl1RcfDpmGlqv/b3Z9Wzc0fUpdthXUONH747eavAcxYI39KAu0ZtKVox/OrmCJQJjbVxPBs9atypiRSrtAKmtxpGTpI4M+jp9NNVaXFX5Bb2zirBUbpeI7brZbfkC56GmaFaHfB971BDPNka1yrhe9YboaEWvziyiaB9eXfQr/nma+OkKf4J90GgbvqWuLP9k2zGVwdGgBYs8newKVHFSdgDzGylErxjDnFa9uWVZ8SpO7bxmDUgy3fjQ2kHHIe4uVmXv0569SKKRD7WSJ7lWgx1eu/oKvHbk3UrPHN+Lr6OuhBlU9pIiMFLiAm2vVKcxrSXQ1sXxBETXeoSrXbDSOPmpbyn/wOrb1ZX2qfiK+RvJPal20mrNRn0yyA0kyrqpjHP10LGNOL3u4OgVLBUFm9X48PwzN1CP5FH1TgO25vbGHiTtWakrZ1dzd2/EbuSKst29bAs7UaIjg++03nDD3JD1vHjZcR3uXhJG4YnfZWR7bl6WUawNTyh0GASXPX7VHgW+fZJsfxBo73k58tWjtkCmdQIp532Fy+6qHFOvUnKv3A2WWl73niAKRLGrt417OPpyUK7IlO6Se9qnarG57Z8djBcerU9FbSdtT/7pKpVq1TykmHMeDA/I1/3FkcjaOaBctRGncKmv7woHvX5h3TavOvJfDkGi991u4MARNyLByFq2PutHlm106JtzqTp4jqDiUrezE4vj8YNdtc8dt71jW/u4R+7PBtHRjqtAx0ritl4nHnrpVbettUM5dqdTIUX4zU5M0JGpNETpq5KQUbsLGHkPi8s5s7TEQK8LZl352Q5b0iyywl6ffLI13MO2fK7VMnM9Wcl3GzZ8yVy95/dWUqROZaZNSw6VeGys0XpUdtJzPfKXCVe8rnd2egsmu1fG/Ug6QXzx7+W2QD7hGudBFUBXIhfxTg5ZbW+3uGiWgDVpPEgPzPVpOZJrPS+aurbGU7ZupJ7iT9pZ9uqjgzyug17gFBOPs6I9paKoHPxwysJVzXM9fw3Oyphzm9DHi1CukSOc3u6NoT4Ff5VYbJ+ISaga7q2nnEOh0ft8vWJjMZJfzW0vHVlxpWzTa1+hpPdwJIQTSOkZ0AzkJWvXgcacTtnugp49FZ0qZrqR5x2gRVrXkPXmEFhCOIDz5S/zezj1F7t6bJBWr48rA2n+6BjHky/1RuJmNjSaFnp5zFgo7R0oGurjNGciokZCrVVle4QnxOOqESBbO5n2NnqxZ9BrTg/IOnEneq1GryCUsjtH3gE/2PZJJwc9lB9uhe+IJss8arPNlZNhdoVEH/u7hwE52qwr5RSulDK3qTYMq9Y/K6XBHG5824eJf25vKRk/k42PSMipCF/t64fLcYpgpmnO6abQcLZ7tm/72IoLjt1f725liU/oPIhnsXuUHHPA8j4kFN/iBZ883cS1utJgpJJm4TkrBTIbd/busDdUT5XFK3oNUkiAjEfvRBIMoPHQCxTOdp82YE8ZFnPhH67ZHnaEjXORnNw7ELqmOvR3mdE26QYJ30VjH5ftiigKJvZF7j7E16EtE0e5rW32eqDSx/5+uOtMYD/21XBkEwhey4dLNZvyZO1N087P8ZpB2Kff6cwDWsfXzse2p7ZtdEp5DPfVa3Xd1wTuZs0JWmIFgeqgpFb1o+n70ypjxdcWwnD6aPTrY++dVrS++j/kvdeO7MqSJfhFDVAGyUdqrTXfqEVQMyi/fuh57tyuqqnpp1HAbGADGZlBp7u5ibXMXGxP9OR4TeSl7VSWjsefo/lh9/A2GeGhzerqd5+0TaJiv3MQeYY5tVxkIVaDK8jYCek/9yq2rV8EzA8Z2iFYgcEKDbKfvzmCnzH9lKzZB0T6qrH+SN9FRtw7PgLVLyFnMKPiOHtpX9Lu1fxg/AQi5V22JXrq1rhhBI2uXa5LtAByYgWPAsa0f161Y/ZPsIYEy15VhpD8xszqSveuANGjfa10lHvAf1UokS4QdHavXMTFEfHn08V2/YKW0zuTpH9WO8KWpI9Dv3iDzcNF4Fpx1jlLKuVM6zeGWot8E0HsoaD7TGKbfLlfb6WzffzOYGhOOh0beJODRWC1OC8wl1yCdUlS4bnwIdYWFPm9dkwW85Vs2tfny+8K8YH+bcfCARepgU528d3nTf44oRp7E67/EBcamBTbBN8TruSrrnEogZuUOAf1b1GCqGOdiuGNe1fH68GnwtvRF5I91MfQfAyPT0whhPFmSqBOXj7fPSRT78eT35u9hTQ/2ZqwZCUDOs1xO95j4htNRJr06qVpUXBxGa05+ImwuWu7jzS9vy0n//OZ1cspt58VUsH85QLMEYEXOsd8H8k7juUy3ANq117MJgujm1GPBm4pdUM/FHXYmNKSWFRNEHCT7whsFVDRxx9E1IRAmsdhO0D46dAatPk1PFO61XjwhUvlFEZs3Wmfr2sL7XyVBDghLvC1+nokdUl0RWCinqrbKX/OUUejWAKMDsJEGdwQFalzmxfXT8Wt8yxcrIfKAguoucPsy0+B9xQGn/fKovACDbkcL6W2U/jHQUpGtnptHYfKnvyxu/IrSqhhQaYjgMNWOD2Ull39nlEZFHZwLcgleQw3EcBPvKoNkaTbnojylOnDBvW4mKeut9hx9/JeNgkVq2Hr1vt2NhpfXE5WCRBrhxjZgFtgKYiwFLU2Jgzs9GIug6MiOi5meTEG9zvaRNeLdqnMB055PPSSJT1b5orvZxVadRjctTRRRxc3Mo5ci2Vq/8SJOp8z3D3Dapm8Pks/rIGrh3834Stv2pGiKjzhcGUi9LWkR9EQMIf633V2kyBy/PRasD4zbYuIswq4TqvxHnMy2I/D7LedrhFipIO3JKSNYSzxkVge9CqwTh+oyj7vlqugDT5yTdjtJmJ9JwgTCwrdGbvSdpXWJO8ycAc1V1AUIMcNf36b1OmLtlclE2Vq2CW+sKaftE53tq3OssoM2ve3paU+Mi3rbEwIrhVHJ/ZvChmOzyemHJ1fNMztiAIMDYZk+7ggh+FrmNuJSu0Twq5QUzQ2IlPs05eoanyAmev7TR6Y6B/Z1qkrjcZfR6/sctJmLfZkQrcqPTPPXw6BKy3LlRLtCrTCcpx9MbeEKdd7n6bvb7yTd/qM4yA9U76poStUowtL7nLcdaaDUL5D/Gn0qZNGyDo3MhCVQPCu3L0hWJbFaFVb4wpBnkpcOBCFgCt8yfDICS8xR0bcN7nBsOtb/SzQOV8+ErN7+mWXTWhpQRL0Fzu0U5O3ix7w8A8c6c0YuHXXQeDhetDhZt4tp9LFynDp6ajKBK00F8/LL3VNR3b4CX1sqo3X3+z8weiQSuZp8J9fhUMNnQaUB27/47H4jcKSUMcD3+va+vXLCJ8vrk57B/eEsJERm/38jCgkEnZ4Ve34Z5LSMpa8T2V4Sblv0qP7QQHSNV8v1PIZy1f595zSlRhv0BUEQTtX10YbZdn2KHQoilvz6uJxxFHhBtl+Byvwq5XaZ3DQkB8TdNJmD5mvwCYFVV46JQV99d2ocWAmGSOQ4gDYtFpsAoVFSKesy1ZrWo2BkFSDtktNhRBlkjGRU7xCUoctVKpRNbbqU/RUbjmrPe5lgRQ0QERULN0rX3n2wDjbjIi9nLYvSA7P9sGATvND9uDxAPOz1Esot15fmU4uWF0TCiG4e8qGi69CpBG3ivu9YuOgZrTL1+dZ0fZ7bDf+zRJnUuMuDPX0RdXu5TdJT7bhgB49D6o9ny7jTA+ylITdfgjusc+kT7+m3tjLUkh9cbHsjfVT+ner5S71wCpQ+Lkto8tuw8hnVNWWeE9Y8UUy9nNkm6KvyvBcMPtFIeiDFNH1K9df9yFYKS+vE7hRXES7jXG5ncbaVDq+mLVVOtZGMbmIgSqUjkWd34X4/l2xCVehgHAT6MDqe42VbKIXfgOOXxq2QvHGKshH6UsXE9WIF6OxKU4P12J64ZugJz/1YqLjl1/wY4Guqxhw7AXCRR5AisoJ8UwGdhF6UzcOtbq0yrUKLyLMHKmv1ka18Xz3YmLIq/y2JQZVHbzin5E77tsWM2RBZuu85R8TKMFzNO63fD2dGeMOuNjwAAqr2z+QnJAOg52M5EdXk6INuj2SsJ57SmeRK0D1KitGXhbX4P75DF4vptFj2Fp7JUtAVvNcVy3xs1RR+iuNvzFXvc3M2rJtYU36FXO7EATFESEukKyorpKNs3dGg9Awr2t64JbPxPxJowBVsih5P4h1+o+DpwHwK+qnKBvQY4wuKYoG3YYZ9Dm0KzavgFszyajj5mnJ5nISymM7HUyhvjI5e5X5FBwP6HebQCAsOyrBXsz66od2wTxBkBZ3ob8D+eSIiBKTBfWTdzCPyKSJ7T1hBTgbIdM+bhQb4wSr+NXlaoWuRo5xCmKs9fKWT9hs9a6RLx/0hH9SXUMsKhuZZwRIfXWQ+QYyIWJkyIxZXRqz059/44N7XGyM7bQ2qKu+Ed3v+WzVrSpYjyskahRX+zR//IfNUDLJOkxa4Q+XXhXIQkQVihW8OKcfv+QVyJZZpfzQciuWV14XvghDUZZha6GRJEJHsiV7+HrCfwFwhgzPN2FwJStLECdoXXg2ZOwzmJLOjwW12foSajele472KOn3dI5SusL+ciihxzsGRFB0Nf2XtgwtbXG1G8oBjfQeYGos3D8WuPOzStZv5n+Y4MiI5cTEqR7fgM9qlNqNjOsX4RZL2E4NqSX6SLCQL4i/r6l+2bzQL5mzIc2YMpCulIcNOB7ZHefdhS/ZAobmElrGEfeFY14pQYb24iUwnkk4n89o48W0k4GTrAHW0HNPcr8QOnrS0AK4CCetKi/0HwVj4fku8q+JrAzAFB8YTBd+pX44F9FjaeW6fr0DcxM4cxlrELcGFkKM/uX5y/ew8qx7KiABAx/R06sOCi5WKSqPZOKiDJF/inr530sxeJlUt48JUaGdHK6PAJMrUxlGByNl0bykspfN/w64BfIDQO9syp36RHdDHcULR03XFUg3d2ygwJzAq4XWCGb3LeiJD+Xvh0wuVXU/l6Z3xO8g6MewXzYAEp6MVV3/xKWr+VGZqXX7BTCFq/1YAiflIgu9ISzFIgkJg4qnHs8ddptFPP6RLGfiXKa2h8WVusosK/0vKAlu2q47ABMA7k+VFFjJwz2Q1Xuj6cq9bL9ghzfx4FNMBEaNFpnneawd2O2EEnmRZ8BURjIRVNoSxb0dmQhGzvxdgop1pjUPqxOTEYibpG7oeKMoMq2PE5/gvl6lmzxhfkENysFWgd98d3eOn2Shu5CGOOCQEhAGjeTYQP8q9DdF3bNXu1PwvcPg8qxD3vlIsroKeGj0vd7/2rOQfeTolZ+XS7BTjwkige6QUi6Nf8B60q3Fd5yTPB7SIj+hyLLY/qlesm7CMYoq3CSCpZIW8+KzY3q9gQl6wuvYIYl7R4zlgBesXxHMjmIwOtdot6MEQ7hJCqPidrKdkX1YCwVSPa49HTCg9JT8j8RhFDEv7yLtDzZ36CGbV2K5dsg0VZOJF+q0FiWmYh84+ydcyFogn3BvWdAByINIOkj3bMjjxZMYUJ9YwICMp40lntq8AU07DF2fQO4ZlOsxQBsJcO8zt/wcY/o9iOvjQ4t9YvTw8o3gzvIxx5JsZoKwl2RI7RXc4J0O8McHKieBZ4tHMVYER/bJKwYj/KH3N1uLB05IbqfsF1fTmMnsWHB24G3U9P3zGDrBJpa6BYHAxaz2oDMHEEAFn/wMwePLNr9BccDr+ukzBNWID308ontXAGR/CxS8F2t9bchHj/czePgVnWhe9fJLn8GCx/GYknDciMADJlv5ACkcGfq0g822L7mFsX4qCv5L0PJrt5M9DfYgQOAq7TWnv+zhBHj/OCtqan63Z1kR/Qrrlpxt03638Pt8yuA25Oqo9QszBvGXa98pKXqrfOhdqyr7u4wMFyBZjQ4zIScssnsKsymuw64otYJ6AfzTZh6kB0ov0r7Sl2ruP4/aVRAbPiAWRsQr0Tkg0xuG9HxEgH63wt0Mr9QpKVbpYgST3gzlPJZIgQSeyCbfec3JO6ex4O4KndS13Y4r0HBuXBeRjVBE4CPdHui0SsHOzT5+/GXHRlicpAMAdPIXfYgHh7KzlHKTupIP0toMDlU94wuyhHxHXOkTGh7TlGi9gAfZz5nYTVDPUmv/r450L5yuzeJabmyki7tmh7cp9i9418wqKMF5XMJeGJ/ZECIbBSVP4eX5pRKtMbYSG4AhIjfnOQWSeBTMRnttfC40WyGmf1kMqfPp5Utwr6DdC88EN764JMXXquzvNUqIBFSZcjEcv4hk0iJ5uUR46mz9fI5EwNRyzoUVRxAfqo72jpnltrtssFvfMj0ia9eZ3dHPNqPILBfQMm1uC5nSdsdPG1RVgys0gCdQg9JiSqL2o3rz3dq/IDjCqFnkbgmmdutqPSwl7sXwKuzXdRSXTsz1323+KPKn3PQ/IzL8UJAUkAVcn3DyXAog/UXDUMUbn9NwU0pT+tcEt/axqJIQ49N5Qdyu8qNttx5lVyg1mMEQtUTbXpeJluT3g7E7cbg3LmCPiJbfDg/kX4EaIzs/l559TkemqgSzct4qhncYZcPnJlAPP+p2St+sgEj9y9Wl/oMSgkjU65pnQFtB9UWlgPE9SBIlXJGnoBSKQryw7fCV+00HamvPHn2Kv6UhzD+RiFB+/O9+DbgQoHgDbHxLtqL7VcAGbCLygaIDqnqBwYfPH/NtAnA28qe3ctoEhp4VGYVw1OflHtLcCpUMrNmyuLQvfL5vubOLrW8fBQAs8EpVEq4fJ7RPWN7chGlfVfmoUN/P7/vT8CRzpTTrNLS/QjCoi3LQ2Lrt8rCwr1twdh/QjpNVWACRZqjuGZiqAgddnwt7Rx5XL4DZacZ954XaZ4bEOLOsOcMc3vFpgCo3m6Xyp7BCEhaVivCASdwjXteIPgBZOlSh47zkVnPAFwA/ploGH8qmXjuU/3Ie63z6nJ1h0U9xMqSppFpx+0AFIPPAdMx5eOd9T/8q5ahZxD3+awS7UJc8Nc4586X8cWvVps4GrukpUPZnWj7ROunQnUPUcR1HZ5zAXoEEIMknPTTViYjhqFNyMa0Px/EHfxF+O0bN9e2sOArukp0mQK5I1g5rFY4qQNfNAFFzxRJlClcOiSECYAOZntBF2F39SiQOqFb9Mve2pTcDM7CcuQ3TRb+YSo7b3QHfYfUgiH9vFKxzA76oZ4zFQLawz+VLltHL01z0Xjcqq2QkMhFdlzXtVuXz/HYzlHhT0oGC9VZWfwWBAzQnqlzchz+sj6e6NSZv1COOy9+eGof6RX8+t8dT4jXIN5f6PNfyGl+vUWSvI2qHnahGaEcmBszyYpH6eDxr6Mw+Yl0GGOCyjaah74eept69BoXpLC9NEHkz59Uqu0t953u/MXXg1wiN/RgoqoPMJfCtDin5wRQEi+6BjLiiC+KiYHY8RFR9gO5b+XTyP88vLaVFOPJoyaLUY/Bs8SO2f3JDIIfyh8uWSoIRdYmCbiraRzovgDXn5yELoIX5LoLs65cAT7PikfW85spx7wUv72WyaYnVqxNBJGV2XJuXuuSOiGvmMGizMUfTbSnaEpR4kipaI0hDuWLoCk+6L0l3Heinfh3sDlbiermygUfBX829OlEUo//pJlg3QK1IQ+zwrfvrdH6mShZMXUgTeumYVpfzvJR7QFR+dSy8uNMqCLUgKZ1CG6oYwBD30/prZePUd9r0jyeSPdytd0wp7BksIbl9kFRz6YmU7wMUtFohCSt/v4Fz4sl/nJD55QBWeb03WhwUISroPEGcu8dy0pnKxDexFBR/eSCB/RqwD/XpdxP5FxfqM8Ze6xGMhDWMI6mh6AQyLiQBIlNgAPXeCfdLjSDjlpI6nPK3epjbqi/pw070tWmDdijtBNEjfUc8X6cNiTsEjgPzayXnYSMCs4CqCd1uIS/H8MvhDFD79CMFNl2B1Vvi7DGy3vwONYjgJeuW0rgv43F6/Rc/noBNTgWIVEW/gMQGDMCqgWGbgcUgGzX3bjbeIeshjUKTkz0vaj8s7NwTil0lVVaad5KwaTqKKomHyRm5jjhwYiJRnv4nto2km38YFCOSJPQVlxwC6aBrLslAYl3Sl1/qEcPWRLj7yanzVl6QarP76ZSdKfUm/LUUiBO+RZpN07rGy2sd0eJ2v+UsIJBV0f2IBNCjrOED/U6btfUQxSFGp6QNxqsRc4OJXObF/8W3wy0r98Y7qFdwTTF1AEGZtTX7UaMFrWPlL1jUsQNo9U8OtPZ+GSB8pCjRz3yjGvTrT3WlL7QcPyMpAzUN5g3G4deqXops8Ft2CrwiCTBdy0HEPJst5tdnOz0QjB5wnjbhAwl81REd8JKKYqqiaqp2Rf4TxujyQp3yKt8wZFrOuHIfhjWmQhRlJ5TXUEUhu5VGuAqx3CQ2TWYIADtNY8I/W+Rdm9EmqtdyR+fndRuLGsJaPNF3GqxPsgkiMJ/tr8ccdFnftlXV5Ism2NehsEKAl81kgEkzA6o0ScQyCD0xTAquWrhTZ6qJSC2iyQOtRATKOde+lxNQj/HjPWpJf0cTc8eWQVGGW6KXyH9AIvHsSRyrLvepjaS+8gNmdzGPSXgmuBaef85eYZwWUQm36ywFSu4PWuCjHrsyH7jAKWzqD02CAOVTwlxwatr50Y3m784JMlRjRC2uRi8Ev3Wad+82p4nNgzZg1RHkJK845lZdIhGjVRD2F52XsyrVVGOq3Olcqb2wcaHdsYOzheoBm/kQfDNH2lBOtVzhn7C+ZTm6yFXq0VTC/IO5EOaP5Ekfx1WKecGR8biPceNy+Qv1M908UnCUZQGYM8nTNjalncoVhRiMtSHt+JFF2ReOZmcDroXEYqgJ2mEdU6BxKql8B1UONKS3Lz1wlz5sAkewhvBgPvVyAlLfaoMIN/s5/8ggKVlxVK8+Ewe+gBumA9jXRQurfnI17xw8DCeViN1U2L2Llbbmtrn8tRbgeJhjx8kaMoahyj6zP5S+vxh0vp8mZlNIedmCnPqaUXcvok35yehmI0JY+UwKkI23RuyN4+8PMqh7o5ugSQGDk5tY/wQfT4mnx48P5QJoOB7SmmlRPekBYQVq1mJKwU1CywbkC3LmHo0bL6uzWvyAfgHg9wELArJJYIogzFgziY1PkBjdwqs0lyCiPLOTId6Coni9XX75IGM/1HAwTkZnBOFHyy6XVjwQTcK8fKduHJCEGny1W+gbJlJi1IYeUYy2u+fXZ1cqfZWvZjlF7CJV3TkHGZcVrJ192ZZnAOvJS5iNBWfWFInN6auowf5hd0Wopuv3PGgOOWNVtj+LvwBVRo5TaLsj3xZibrJMLPz4/k0t/K1UKPERdbIY29kUTfdt/5BdQrmKjpzCHTE/k73MEUop81WxrMDRbC2EH7r8qNviMBbFT8OyKS9gbMv5CSNp/oirKkjMCsNN6r0T5x5W/2wzIoNKT/yFyHNBYxjuZkeIYvxLhCrssO7uM1dAE0vxRhbiIJZ2q9w/zwSIiaBbYHbDM6HF8MMOa+MFga2uTM/j0blM1neW3bZJDr4MdiLP2jf2jgKIfSanKyAhMaWe4lkQDtSCEA2tVO+0qT7+uErhsn0HVGqQ1zmOhurYX5fops1fu7Sy5/aVPYqDFTSsQ43yDh2Gv/OVqVNC0zRqp1af3ftIL1GRmp5HtDWfWiaPqHgHdfH8aLmwBGkhhuTheBIIw6tYRY3Aip+7xbFr9qz7GKZ8NHZrh8g0fapfwrK8An9bXezU12nqWFsp86Hu4fp+O9VXVyzH6lJcH78/AD83H+n8QiDRUGwHm06Vnku7/1JuDAT0hGst1lRkX3H88mP9VUMHBD2Imgj8iqB+RQ3iPD4fJchh6d9OdlDW1ZuSg+EpuSam7V+/MHsfM/i65iC3u/6DbyHcP4W6A1syz7Wq7jEM2LyaNwkUw/zCCGDBjN4u8MZHxC3zN4HVx1G99E5s6h1i4ky66TOSf8jRGDEAE9/e2UzkGGR0qmC+BY96xxMsYGEJ09/DArGtJGKwDP8NIvgsHneI/qNkODJXNeVUz19pVv/esFsynkxe86dZ4JbXFnGhp+37+LE/O5xnqWLdmF+lyOdcjkBiQuAQwO8CCatYSdU3Iz35Sf5bhq1FLxcP0k8Iu78PW0SF4bJoCMSt7KtaLBo6Q0V8/A6uuzFrktCZXS/YJwAE7NoEmXMn5EHICK6a0ZrP1EIi05upb4ZxwM++GHwu1kmuOhnww2zN9d4Wy1M/+j9uJyBj4xEZlpwjBwm2ouKHHzMHtMY+HdZKsNCojh9dQ+5k3pQ6s3oMovZ8LO3BlbCrR+jTL3zX0WWRRAWuVoz+YQL1xeSbVMVBOTk8UVOK7PX0eAeHSewt5Vqdi/v3+EDY1SBRjvOlgAQOqzwiqwX0DMKfJ5f40OxL3cItQ7vLUX3Txm2PYikRB1TMPXn4wkZV2XyYjLMdPlUcv474wyLidm1QJITNMkSP4JdGgNOdWvejPdFQ/tqSeorJSxftBZHqX3ic5GjhJ8Bq8xwD/Pzg51dLHEkIA7kv8yvj/IYJwn16Krww7ZC+vz+/kvYHgr5lvme9eIslgawbqifji23mzPZN9hvOITthkbcWGXNeHtqsLpPpcB8N1fPbqNPsZkb2YG2ffopKvozwIFJmS3pllzDmZZ4s/ln+eF7YDuSZnCxBS+LLvHtVlIuTIhLWZCutB3wQ7Z06bPNGvga+cQTXuU16Rycgp8rYh8bz0TcKVDVS+5gJU24gRp8vPQ66UegtZzI/bRWENhqD+MiapV5UqsHanXWJA2fnNKAFb8yqdNH6rLTOMh2wUnY1oNZMixe1ecTzPdhPwNqsH8wQlaoposrfHk2uENApNR9/hALhfhrpycJ7wcgM9B4Q0BTNK/lYQOhSH1u0NQoEgOW4rpteSaqRa1BTuyP+sv+aD3rv6S/0vPS16ysxNXlu66XpkmyZlTMKgvJCi/0YKPdJWmuFBDh/LAZK82FskNrytia0bKVXote5/NSludFxExWHV18cH6CAtD0Of8Xtor5A97YpOXWiT1Xx+grIIM8ZqtYSNMTAlZkcJCze3x4u9cdy7t2duxyAcjITxmH+47sDSLGXU0wzl2gqrkirXjMKpAW3PUrUPGBoQ5/zIvUzvnNp8m3EQVJL6KflBzD5HbwYFkFZzhfQcQLMLMrDOw2EzSmQdjcWHbEecyM64nsNWqNMA9lg0+qu1NVGGNbxZDgX5n79shssaJCrN/6sMyLlWe61Q3mqOtRyvsM2ulGhUdppJLZubgCCWhliHYbRF92Gw63oL9XhRT2xEd8ZwUSJSrbhxwG8ugAmFy697U5TXYVZfHh2gpZZQle14gYpvy4xuejDg0wQWIeOrG5RZI/QNvQiZc8t0/EPrtQ+D0TibgvKHK9dyDJS+4eDnlFeOiAEMDoWJr+t2IctuttG1FUqh/jMmcl9LhIVAPzfsEvGuPgD9bfY6ju9ji/btNy6S9z6OJziDcoL9XFCdiEQMMNcfVm3sQLPyUfoDbhJmpAnyeFO0MZ1Zj1DeLZKY8se4ZTVhWVh9liEG/+U2fz+/iaZPD/2lK7dHi932duCzdjSLPEjb/9w+KHC5vMp77sZy7MIf4+CrSHKQa/bs/TF9Dr7+eiXmWQrgfKa6Nr708YC4bFgV6TQQyg8FciEw/yiglKVUIUXbHKFibWYRcJfvzTzn+4EW8yGIb4T6ckNyQDEJgx4zhwFFY7ssRdE1xGKYH3UugrnaMrhlWL0LIh/qnoR8RkKfCD4nebb+Wn79oSntHP5mMv6LBnW+jdO/MItfQE6Q45PnNogC0KKYfQ2kXZccxlCovi0tbplfs1o29NVBD9O4RgxIUnXsXIwe2Ri01j08fsBV9KeliA7RNDg2zDLMjc7Q0r6DuyBcMWlMaWR5kSe+FjkhApmOXQjzNwH4jVHk9o92SckrSof3QAcLBZoc2bqfpkYZb1rkB/w6qMVI/KW9kBUbqt9bvQHd1YvRkqmW3G2XaxmSXE7PvfFcdm3NzROVC+pocnblHVTlkGg/lbLzzB0pKxc5cSRnZytD/KGo2hNOdGH3m5zU5R7C32wUXIzIgaJs95/0gqRZfqKd/LlF6Hczoq8CuY6ogqpBBOtcNMwyd+lyRbuqj8RvSkFsShV7L48PTWOoGDU7qoVzewgbv4KtHMSjI27q2pSSkPBTqUKniU2MjHf6/pLrw8DoZ6ZNCmcc5r3pW1bX8sVDSyRuXeGzfELnpSBsZtkUBxG+/EG2taNtSVr6pH14NCDHSNUmNQsKvw4xxKJEp3vksr6yfbQCja89vINLWEqVauvKQFr05TT6UgnCVrXM16h+lZmU+0OtcKt2zUbMvMnmwgGlu1XymnbC1dfWVQvK97PjqO9jNSDaOjw8OLNSXXvYzw/KFxQbk1UFuNfvvgNTTMqUckDs3kyg4aWmLMVAVgVX1k0ZfGSIcpEs14gMUyGmhzeVlhBa6oUh1VcK/2jugTA4+I3he5Wy7nubgL+7ZlgtI+el3VfzT+m4w/B36pFNZTIU4XXJ9XClbh5ERGX6Wn0Qv/bNlAG1SQi6njFWX0jp0hi0AQcM/f1j/guW6VLT/vbAB5dlD9eqsaE6+hRGvCBB56o7Ad9LDCBQOq+4+lwg7kPFue63DP0bWkEW/rTGIJg+vzgprYzyqGDKDrJTgHFzZq4xLid2Il2GV1vYT5S6T8/vGuvyz9kJ+8Q7GyEPUDgAEpdFGMZrJj2h3D9K8gmtSh6+XBCzMXET90bry1bTT+Mbdu1D5VTdWH8DCE4mqFxWP1pcSjmxucb2ExiSxdNq/J+ltbL3a0xdGQshrWwD3nkM1FfilyMNfhBiQHKInzFUS/d8k4u+cT9uiiJY7k6bp4iQTscYvKPN4Xp1yCpRs3LUVGQzFYRcVQ0xLRqjqXKZ3LJfHPtmoFwkn+uF7SkopRhzreLQOl4cw/ZOn1JeGTq3sV+M37DAht5VV9DMBl1bbmGGX8vYmN67KAZs1yhS1K52rO7OkTL4DNWowepxC4xS7G806I6dzxObrR+2Sf80T6oLEwQ6nMbhtajKxM/h8W+rmvJxu0pXAzn+zU1EkiFWELyfaI1viz7C3Z/MbtOnmyIU8IuM+Sh2N+tkDXRBLlFJB7nFpGHfBvTDpJX/cIW37hwvOOq5vJ/YDp9bZC0kDP9NwJot493QCNqbNWTl5bnCKd7Q0nomRQo5v6DEZlpRa2pSWTcNJ5DiL0ohPkA6vbFmJr/W8nZL1QzDa4C8ktI20+A6sq3k6HR4ynYmINem8/CEh4aW5hXJAQgBLSc/+7OCFW/SZtSLYh7YSeehtPXVBuiOWDKSTMU9ZEmjIQKlBFom/5X9prS5hKWP/gMculgAynNvLQQ59evUtf/8wqP/yu2BRPYv+/S+dfOYOL/uDEY/282BuP/d20Mxv/vv5Xj/7VLt+78f/wdXdBO4//o22xN1/t/VNP6P7aX/6zt7/7/zB70/ws0C/3PG87/m/3m/89uOMeR/19sOCfBZyP6Z8M501J/8R9sRBeQnrNhRrEhvfYl5QB3Bb2AknblIQjOIvbJbzj2P5elvz+e5ufJK5hyjkqAxWNW/9K+qnwZxif0tq2HH+PYwfahF7keNiZR4XjTaDnU6D+u9ZJtJ9eM3itnmd1XFD0q4DVBNga1hpEDMNX0enSgBRpKlmBMEEWtRfvKycChs49u6h4/D1/rHYwksLSwsBeiKxuBtbJPMz1hwWgZ5Vr4NfGsHcx/tsECFhX6ZnA24kl/6V35djNbMJXg0BIDF2tcCyfDmpSdPfphCLvetG9fvyxNOy/q8j9BHMW3N0ete7HxB2qKVjs5OWAS7UsvdD3XqA6SzAW761PL9Sn5fMlX0QJe2k8IrvPWpDiL/a7pTfDt4MpeAnJi7cubfninYI+QrIZzaTosyAPIpI0dTXwJEJOF+wG1PTzdPEOKxWM+fUPn7URqR1EqXlo5NFN9CaUMNr+Y7pnLTSBrBI9B3XZVzT609eQMgHXeTPY554lhanrCNI60Wy58e97cU3f1g5D1X64FgQx1dAHfc83WlfMYnG1tJ3QkH42xw+QK0uKp9ezmQBLBtcTVUDDb5+3zJDgPSV8MV4BtRaEygvUF3RUnzPoS9PmhO/XrARTzAD14vGJ7+LhuG+cxJg/L4qmWBWWpP/3I5tV9Lk+s6X26Mfm5Ujf0YdlZuzJLyFOpG6U6t1Byds6Tm/Pq7ygC8Sxffpt4uDAEo7N12+ag+aMzcpogl02q5MJJFdE/cWzInxjAPjcM9C4Rd+omP0arJPcJ8zY73oyE0CzvPErM4jJD3OaZJgClKgWk1OxZ0+yXbj9nL46iZcpfHX2wjtZwDGRN5Z2nMWLPu6EMWUsFK8v05RNYLfyarI14AAs7dIKzoxysWPPBxAtTRxg/EVMzd32PJdi4MiEEi+kskbd1WVkMEmE4eO5PluYOsGi0YTFl07bLeDAwrT3JQiXmDs3f0k05VyzbJWou3njPddwEdq7y9R4S/n2lVXlsSos3oSjNI/OXSJ3xNmZ0FTHozVD3dQ2YsnI8EfIDutbjo0NMulKjyqwjtSCh9cHG5IUnVqdS9TqwNXYJ5FEf2PPbqVD3Qe+o5ZKl48uQvy2IYj49DRP7FdcXr72YVcY8Tbco22amtQpS9ly31FcnnrEkZkD1iBMz9VlXutysfyUojO+OHGtTnv0DqgnCc4F6CE0Y6M7USpn22wE163b116gn8M+If3OKPDUjG0Q2B4ckYi+KhOI4IIg53zAaE+RXr8aqYE+Olv8qVjGoTRLzYWJcsIGqp0+P5vVtTwf3ZxgzzxjMLUNxfIQF4peWRJrxBpn85bSzn/SB1Z9vLfEux3B0FnSnkfCSSZJ0uzGnXzvqKQ2niIf0iNDGcvLCKXIuKAIz9LbT7V5/8ZOnbq4qeCua6IakP7pMN6w91LJUCHTB8N1Fq5eTnM5rtRXr++3Xtr+s3wMJybUcxu5m84vtL3aOxKgvr2R74eJzi+GXJQaOYnnuFo8vjy1NINgB7KcGlA8TSFAvRrNwzoc9ISGHGZIS2IJFPkIKs9yHNT7CCKnj5BH+y9F0PT5N+2KWVApDzRxYMuzaoFWTmg4xOYiRIBaC1PrlYAUs461he8KthPKtt5XJzkbb49IkM1SdWdVuRcNl96vqrmpAqZtbywaA9CY6v1DdZEy9MyrLZjwPywr5sq+G01hrk6+zjjC0erlzIypvPHAas+YPcuPjbr7kiDdyb7/qqBURPiA95hy+fp0q9O6a95BfrNZ/p1lGoFpy1UJBU0Biobq8LWGIMn4zZbYEW5dLm82bHgc6+PX35CA77mzn2xkVM1+Em5C+wVb/IHxf4VtDuRCv1q/TdprQmIrZpunXxxPv12uL6uQTdfcHbkY9VQYgfa+BzXZudIOUWmDdoJzsZn+vao2gCec3YkXmLC9T+hkDmLP8NyqhBrMag5kI7sfroV/mpsM4pjQ1S5c3sX2snvaUN6mvCvZisD9I1a6oF2TIP5xgBKWqeO3bb+ln92Cq9XdG3A1XD97vlzZQBShSeykN2mQd7k5SP/mcvagNLLC7kzIa1dYO4gssCBRiXJ3yqewjfQE5z2+MxtzuIpUXUBwKAQcESslwqCxtupzpOi9tuDCwTwRy5QeGt8GhFuDLL1gU2P8gQc2JhqizprfF+DVIokaGA0vV3sEWp7LclQ88ZluSAk5N6xKZfUmFGgxQbZp9lBMZmpUSmy0WOzc1GHzB5nUcCh3Gh26DNKR+gYRbfLjUsTIBw3ZRKYjA1iLz56pgdekOIWso/qIQoonw+WXFPFJ6CYvSVJrD94M8rpn6z8QfEVVw/SckXCtFCQY2jU+O6omI9+OQm59wnJlyUCgpW4uyNT7KMQEfVUcfrpqsh61Frs5mptn0oYZFTvON5Bp2vT2fg92/ye1ssJhCTtoZi4VebSbmebx2ya6P+D4N56sdyuEPxYnOSf8Z9jQO5rF8pZaaya8fRAj9PI70OKgOkef6qFQyMakpdLdGOEnxPVsvYrNLgQPjs4ovkJuzt99hWCWJnl7sai/bsFyl16X5yDU4WADmIjfItf+k9HzWqnjHbDhb0i8+wnnxYaXw7w6z4NeUpGkmTVH/KHBgzCc4Yp+C0Q/AKyEk7ZsONbhvrjZeSQqUMzEBd7VhNl9c8ebAtPLP8jSSmeLnsTtMXgl3uM8X6EDZLR9lXctfB2tPof3OG9SAQ8Ka8UbHfAKgJya8dgIjbhRByw8pQbelxHghrZ+yVMj9uQ/T6TE+upC9gh/jAL6OgojTKjUU2SobKOqFPqCAQ6wf7YgpDKvwl+uAkaMRBk416ABAVirCOh+bg2pjobeYHW05YhpMmWpbYFRITusx5N7IHZyZxXlBWq7tUhbcwgqOXPpNB2mGfYaNVlh2GphjllyIRZ5TB7Q4FGiCrUkdbf5KCLo8ym3V/MxR+FyWq358sstcOXKyRIBSa3BMxCqb6scTEFhe1H/0ND6nuQtCPUqGTAQnBDEPMMPdUDH06BQyPrr1TibloF+EYCivcgF4dqkSSO52FsLdXfXJuEdVkx+SJo8y/avooGxPMSQbWG9i+snDDaP+bRPa7wmATz+evo5CJIhfzPQWXJcGjdjW8oxQljSVN8zCF5q1IxrGM+EOo0rCHgrLyEwjQ5mGwVw/VxV14xFEM5iIjYCoa2zEwk8mvL8GG05w9f6upkEKESb+k/q48jEbHxxN+hCxo6Sqht1Mtqf5ug3dIawjNZooPC9aJfHV1TweLLhqq/W2LHkhu5eb4DCaaMRdWQRJ1dHAwvFRKnH1Bb5Xs8ezKRFplVdYuK8K1qqkPKRN2VoHd8ufW39CARRK9ohxP2v4OvhxlUjq1Nb6p7K/+2iD1fbTJt9V9CHBAmLGKnxfdWK1Hefg/W25n311BWO4/fqdyqooir/E1Tva+l1V90GOOP0QZGZZDzxTEvxJNyLoxl0kpHJXwJQccyY+JworNqhaMmlk/TAsC61OAZs1vvBhgAVpSaWN+jE8o7BNIZRk5ZoK2UDkSdYDAEVEBh4eo8GCIprafJff/QtfcFQ8v7E6SGN2DtggEnI0PeKH7QhxcL+nCMUgD7JU2tnieCiT2qIjq0ZgHnOUVvj6cStgNwvgQCH1AiAYR/YiHQ4U5PrhKsCqsC0nkdtOEpJGm3j19AgjiqgT0Sa/Tc430Eemqi/6oQqv++bm5uC3BTsYYgbNp5Pu3+sipsigMXj2Ithoc6i4kKpcb/hK0R4RqfCAwwrifk4eaD9cm71eMIUZSiwcJ0trNqjkYLbPb5TWyEgJHNEstAIA3fIeySleZHB/RIm7IuUHbudkeo2YCzOSUqqybrAGcVgwPBKprQCbuAXqlQux2YTUbcnq/crUhKE3QCzDiyoW6u9QrZJCQbpw87PTK3e0vgkk8lf8l/3G+UsdWY7/APKp7ux5PgNRoolAgDIk5hENKOr40mxTPbfGBdDkxyIcyDziktCsFWgD5RduVwIAm3QwSfIegaPATLDeSiFCGfeNWsffRlkcbeuFhV1/p5iA4hX1PZw6BRXAHsRXQNTU/pPvXYWOFOxhvkUBMukezEJZYWpc87GAdTfpgUBF1/xr2SVLrGjeEVhNptLfvnZzpID/uTz0U4zyn8P9PjDQuUGCgbY5601V+ATvzWR8D/rbnILOdXbP2HTU55zN73SCFSbN1iq07pHDcHMViCxYEy6w0LEnDnMyixWzshgntCqdnSZzXGvKS0X/rHGWylPynwEnb96N4yFfOz8UjKtjG0pyDGqiv8IENmGwciw5aGJ16ydxyW95lrT+jK6JU3FrMeQB/cjx9H6Wv9YAnX3HwodXjKuLGP7LuCqvtib5SdNC69M0E/evV3QVC/zJHtLAiQuhMTxu7jIE2uPQOeLB30sRPul//pElN2NZxPySyGlkqfllIv6YY03Jg/DNEKU3h/fzAPeFyB9yy2Dm2PxyyVktV4m9gK5thLoTl4a1zt51FvBftqVrmbvuRIw//tcR/2eryjfp/hcH5Xtf3HTJU2/JW29h8PwvR/u9EAVMC/FHvv/dOvs/3+CIwROjyvz2ac4QrM4HZzAHoc3QAByr3/77+//7/3/3xpmTIX7H2UCFRH+0m9rzG28SkWoTFwfyOgqxH5KWvLSOPuR6+s/tsP/70f9zX77fe+UxFZJzmi15ZKP+b1nHCPXTkABLw/jQXezUbln9z+3Q9Tsf2/vMJxH1/9ifs4hecj288r2pb3xTfSYGvyTEofwGfeL/V31655T+X46tFIVTe/h3zsjW+s/tkH/j7mY3iYwjkwIoDak9CPG54LDbYqn3czKYvdLnyOuCIiB3PMiGHvo/aYfLEPjMh+DJkf7IOgz+dxvft/2Iud/3POAd/yfPx/77bIZc8PsZPH8ZnE1q6N/8vZHwP/YD+48a8o+W/OtN1P3GeqBLf6OxOv7fLXiv9gCpxv/rFvr+P8njbQEyuPP4Vx+T/9LH/zTHlvg3/x9f7LEkvGJH7ME8/jPm7ovqbztJ1MxvO3YaNX0mNHwawn02Gv99j/407k96InX7KNPECIjyuvfvdl6ZX0feG2ccGv1/let/flf/X95lcj6YoX/e0TNzKQZb6L+yeeX3rxn8L6NzOnM04HiY+xi1/2tv/4Ot+khwac9/eZp9dfuZ37CuLElo/B90CPgq88UTydub0neaQvwbaUdfxjOdejf9HTFuen8/Q0CS//0T/0WCwD4+Nqr076y/cnKODAFx8l8z9Pv7bUs/Whe/evJ6PG7mXg1+26LuQHwDJvc/R/GO4L/zRP/2hOfx55N6hXdeyb3f/seHin8+FXwLVOYC5YZomqdp13eYQKoZQkGN0nGUnkgygrxL4dx4YWn6OlkLQra3WkvoWBZtxqW1lD1pjeE+az/q3lazU4FuqQxxFYgwBeoHjgUPyeuKHYX84L+YXVa9w3afetmPPnrQ3/6r4h9kC34iwaEC/NuZhgVx5A00vGyDE0rtjlShfMBpnmHfP//Hv1dsSR9qXIHv8fIbiv7+1NAys/+z0U14/jkSRKgqxJM7+WzeL8j/PAy+rtvDZlU/hKhiRqwp8Hzt8Pzxwux8LNDf0zXP8+8+Wg8Ochfqau3tyrUvpIte3kg8WFqhHDiDVKB+4x+BzNt/P4QeEeBuVFGNMjbbL8L6gJFrbt7p5D89EVifttSPKmB3c9L80IonpKOafHTeDFEFfcXVMIyWdQUUZRQVhaBg45vgooy1/rPEcgULZYUZ7EMQbv4fGdA6g0u+2L7TRdstZO/c8vnOAeE8OvSzPuGVeWtmt+UDRd3Bgecx9H6+n5h7xVwHNP81yubh4U52WLZmvOfJYWPGP0RFSbZ/gr3+q/YFo34qRoENLG8xXjbfKbG09Ij7WaZtkoebEJpha/9BU7dnG2wNJF4uIf4DZQnmzCXzp+Tqpz7/ZF+e71ur5JvIDcMydjvR/E+Ngw9YnES5QdvN/M54G4zKWQfbHn7Q68+zI7lkWM42aulbFMcfPI3tnL9rEro0+z7oCbf8rjnWXRxdJIBlNtayLQlmsbbrjT/pMoP1mnxnQ2dzhvOOjd6DfvlbvW0YDzyld3sJdM4UnEvGdi3TCr01K4+kNd+wsuvTaTjqtvmIv+d5gbw57YWwp+Ep5Q6IhTJPg/6ZoH/lFs4WZqfyQI+G5UKw5n5/3if9jAus+WHt4+MH7Lgz+sS7197fcB/oPCc7NYOPNtSLPrCRTVFNh3P7xQ2BJbvwdXg5Q7PiOdaI8ZGbWH/7yVygn9iZtmXDTN8vPS5gT9PtS9Sy1YIPthBLxjY8vtrLNMsEtiZ/YL+t5JxmDFmW1dHbJSEUJ1GI4aNB6jX1tp3fbmBnrS/LLKl9xcBiebuxWdeclj7LCu8Gfu21udk/BljJchXOil1FvnzN0K8M7PqBoFpOWLfmzcWSHhLkHF9XpQZ9r7CM9XunCebSt2n36/avxHV6orduBYeBcbJYM5rHtdcTSK9BftV5KAfN9n7MSxj3Qn72ovN3wih/TnS2kGczOJpl1MJBfNuo9oQuzTJtoWPGtsovdY6M2oLCZCXckMypEvAtMq3JKTEx76yd/MnnMKADDSZvBN0j/m+0EW2A0d8SMLz26q3U/y5H82mAbWZ2Cb4u/LepHjIQylAZiC3sRo7AkSHfYoZc1fZfC3vd2CuKy6Ah/lQz1m3tvbeC10uWo6x2799pm5uz6vXtKiITtmTM8qutvhLT5DptEapKNQ+xYwo8AAZODBcEAf5tWOaztQazkQ34jeR/dpSYe7pmWK1uau1CYmhK6UkqGIEL9mtw6L/jPsC6Dc2cmwLAe49l2WOmuC6iX79hMwEap8Wi+hQ9o2Z1ZNsQxMUW5ERa26+Z1n2tnUjatAsTSzOjrUk7TbSc4h/ze90s/6mHM5/HHBIJXSDoDZHOV1Nvc2t6vubqPJb/N6a+Y0laJlb2ae4e00CzxHvv2eEa7z1Pf6j5/nPi7iYmeqbLqKRMKUuVq5ovJ2c6Pz+/imiM2qv1eyd1WTHRcLJ3MbzTojQJY5SyiJYDXRB3fhfH6IoCe/3ca/atJIOXYHmzAxL61ISjQGPY9vXyPSdLYIpsP+FAyXzzVKJ6v4BUHLpsx1BxXcR5Zhhn4ZmVXhuhqbD60c4cWTOnU5bD3n6q2S6NJh2l0L9SyW8hcmL22/1Gn6JfW8HPKphGtGC0KketgMYlA902rmBY27BUrlZh/Ovp1Guaj6B6AyzFtEGJff6Mn0fymR9lECBzsJ4TZ8kTbbia2UBknAS2Ls4ZHQk94zBH/0S/LiIZi9d87K/VHIhGkU7s4yjPRR6Wr5Wte/yE6RLul2zc1FlT7+pV7xq0fKmWcrIus0ph/UJNlvpGCU0m6c39aE/xTHI20hR3OhYMIVHtTcJ7EkHSu1h8hXx8Lnh9NzBqB9JcMS2TFr1TRysr6kP/Wj1+kcQSSQpFtJ9dZjKHWcMAVTXdEqijlW55yO0geeIBtHeZDYujPA1EGKHheL+sDAt47QWYsXxv/KijFDb+6pI1CLBxC38Bm/yQddJtYzdS9MIEB5kQhQJTJ8MxlTDqK+VNYrwYftiwXGzh1EwVNuznp0eP3Msa7Wg52Uo5XeY9pQhcjU1t3KcYMUJxK9Rhxq2bLw5LccwirxdvB7wlegyzrn8iprVR1RUvqJmz2Oi13m1VtNe8Wu31kvf7OUmnGYa6lci0FDoH3irvYfGx1+bUHv4qLyF3+LLU2Demf311luKWSmer8kpKEipaZkML6m22VGWaZoO7KD+cJb3LJMrJJ1AlVZ1Ymh4ri733yle97Ats4nXdVtpFCeVYKsBS+2IODfQE7jrTFgeqvO+YDpN4Df1r3VxJRTH0wruOflGQSk3LPZtwxuWtKok3VXIccws7a8+8kto6Faj5ZiKj+S6c5Aj2woNkiZzKqZKufAazXAbW15BN9yNKHKenHSJLz7sKJ6jJrFsRZ5TFvHMulxuOSneEXIhViRQGZhur5COvqEwhlCVp71+3ujBCs3G/iE6M90iewr5kl0DOeveNl28EsKhKjet1CJQBY7lJE14XOTpvVAxt6+jDtS9VFkl5NHl3G2Fc9lo9hPCC7QBri9aXAlLdo1WYv32wL55Zkt277u4PO9LVG5yDuyK0WrZshePoosNpZZg+r+84yQArECujbCoaVhgnfwnhrzaC1IpNj+UXaG6Quey3yHmDh/Izh/e4764MpvkzM39MVyr2AdLLK9ZqRf9TmA1BEN8nNqDyysDOQBSB+vu4u0Mb0bu7/wbsPrXPJiAb1TKSVUHrhcUy+8beoG+pN04n57tg1CwwLgCAUEpf8ztxiX033DjQJqJ5r6w06cN8hzUxVxhyJe1JtrCbxDd0cz09tdHrtb6oD3zLfBvDSUcSyA0H+cEponJV2eTYf4hZbRiuag8UJfxB+10YLCTvuY/okp6ayPhAzvxuj8cmSmzJo1mpkRGhWsKM/Emzzs+mDZjMcor/EoiulgqVPqHv0q7DaJwOclvXE6+ot9U6LOfzC4kZTq6Ul7C4EwyqECD4Eutsd5f5RsAv9aVfOAcchQnkIXopYBkPgqsyROFoeu/kdorNwwaZ8KC7X/fDEGz3EmXJoX9bpqxB6BxitNneO7fxjYxvaGn0J6IRLyzbvj2p1S7oR/s8PyQ+tZC/ClNsSDEwYbMSTqvkZIGaBmt5SfdOl2orTfNP77OuNDNcgT538smo5GNA0b3NTMm9Dj4oA1rYXoQfEcrceVXJiTRPhc16yy0U2y1jCG6/bdEvXg2nLcuXE9CMXSoyJ6tK/K0am1xsTHvxIxk4XKxTL+KMTr33dqVcXxZzaZaMv+jEeHpno7+vVTbATzSB6uWkR3XL4LsCD9CSoyHU9w+9VZysUYX+jsud9oEL6PnzgGrwoEMS5QXvZmbRJnoNNisJBx7peD2M2NjJPllT80lWq/NX7ksTaQ78Iyx8bsqDK5j/q05ChFFb5x+5qZiU+m519Xh/epiLpYoHEfi+T6WN2hIGGfR8xpV0s4OXtZwv02CT8QiXx/oMkDa370apocZp7zdlkecz1kJlAa3ockI8zoO1U/+PyrHnEDG9KePFsM4/1vpIlsDk1PuLwepEpE4pXkteh/DbJIuh7bIa71lHisDGCA6E92DhWrrwv74eJZ48gCrR70CHpzpadHJfJ/Tu/OupjdJwYJtN1YjUfpJKa28cJ13JNFnbtMotUeiaq1eBc6t5+KtZgH4sbo3U9tdJe2w9HaEakdOJ3jUBqr2kIsFpxk/ZulNpp6zefvou3+BKqaGjPCNNBBSWwBMS3JQkgif8xXQdjk2PZd9OM7oqq8P0ikW+wvdlxjzoJ/mUZ73WpoMB/MAAPsw4B3YRWRr3oYoAzSzePujzDfHvklyXK4hx8ymsm36W/dtqpUo5KAwZMreMYRkePVWilzbd7CZRCm7R1vg9XmOChMl54eEBMAOKbQJOd1k3LeQwU9WmclLpBHFoDVNVOHtbYXID3kCIJf9XHMpWyRn7/OQe9V3F85ofihD5GgxQkFrexT9v/AmnFeXsMLM5dscnw+VuZdMJsUKoiAHMsV2x2/wUPmTvJcGO7ZyjctrB474rEp1/+UYHgJCTGcR/gd1nRc0GSKU/tMRFICZoxbPOmP8ftwdLIM7XX9uCdwy98BENNYHT4i4mHhUdxJqlvhOGlQClADmtrqz9bQxnposLjzyz3jobTi//lQD/bV2O1bnACSYxQBqpt/ht+pQlA/jgEOTJv0rEbG6k1CAcrCqTsP1d2MKmdIBzNEf1G/rLX8SCpRcN1YbQQhQCZH8kkpap8PjVHy9XadFS4ytp5MjU/CrDJrDbKs6DmRO/x8060fQrD+DflwXw0M0gBx47h30U27NtQ62xo4rYAP9IWEvEaXrXj9DNSDgWnzf+JVHYNjPL9o4dtsyNTGkPmlb+5Rywbx/bZUexjxhBSdXPvhS9fHB9AZip2ZCyDe+K9ifZOW65YK3i7j4bXmINx2m75ftJOXjwkJyX3C8aGE5iVnog4hyRjIHSqKW+wyiDZmn8xgVUMD5vcFcu+68v1tXqFu/c6rJbHcTlh4PkavYe4Ht7grlbye+Fzx8lOHuAw/qMdgnmw7zYO7OzRiYw1Sv6I9uTWh6HuIZlUYc00Jmyg/5Oy0NKRCyefXvvyp+g1njiyXBGsgdounkhYBe1o7qu61UuX3BD1zCbCOpmJlhb0nog1s6mOUG60p1h12LkyNP1xV4eMckcTHxSYH3bDrnrkGrRYc/kGDTBvCTJtU0+FDF1tdvPlCbxKG4Nb+tx5n/tF36PLCDNzKF9pXbGW67XvE+XsPIX5b3+sVUH8xNbIqVkN5107W6QiluUn5bRLdc4Isg/hCvyhacmbnh8rW8jAb1pAl33AjOy1VjYPxK3pB0P9X6bPiIowxlPV5YJIwvukrN/XPd6Le4rrXZTAKEzvXh/eTFextWk8bhNxx0VmlLg74/mApUxH/eWgqbl5jBoyrvjsXyZ6H62d6F829Uuf4Hte4QmKITrN2NKQT3BP+5SIUTfbzznIvVGfhS8fCM/65MR92H4KwuLOvvEJzQWp0T7pscV8pVUEpMhOfQzllVC7zleGxrhs9Pzpv/lzerPbiljwrIjvGcq61ammdauVEYkucZ5A22rvoBClhpWaMIwlnC6wSZuVIKExqwy7y/oL1KIqZQvzLzs36FQZc8OK+V8rIvq5VkR4FJeaBpojs7JZN6KSrxQA/93MpjVtngspFroYk45AVm0VH4XAiccxPhq3F0GH53jfBbvsWGPCY+13gPPuiXOI0Cy0FXHJBXOBn5uDz8at4qYFj/4qzbSpXy+GMHD3theyZaaoWlWRBr0u5U2LZFUH7zNxx14X2lWESwBYoohRELwVgf/tX5LTObCAC9F/+SH25KmB7a1N6lGs84XdAHhA9orvhIY+84v5samAc7gSLAy6bk6wuLlwUWbVuKmky7lIxd/SN4Hi0lWsxku8PeRNm9wP4MMTgDgOBmIH3FLGu5gr13bPDU/hZb0Aq7HcuCK9y+N86rsO2WwPFKH0a2fPhFsQzvPEQjIDEduAP4oDnu0+NmxhL+mtSvo2EEHaHmU6c21XYpjCPgYFiFIy2AzsWL1U4vviEs4xgxK+CG5lHQZSVF52GH3nyQ7yYh2+HjUtxlVu1Fjp2WPsPLcs3WFJWKBlvfkUTJ8ViVvRyp+Xm+IPD6DIoPfM6dXEGCWeY82o5D+NTcpXlwD3xBND+67oUYnrX9qk2yLjt5iqBD8j92rg5vLmw6ykTp+ZO5UMMB9M4xrB+wr3dTALQ1oocO54jmFeoh/BCBE4DwWnimFtdlx0Hs85qv+kmcYEX9C377u8xwBblY4Fesljdk1uy3jFWbObrHh39jszbj4j6JaLeuu7xAWHN/HxvlUYaq4r49pRrveEGapRZ8L2wIqNg7BcW/ev5Enu+ecIZAiwR0lauWYMI5wchGTVc+YDAtKbKgQPl00fNgvXZyEd30J2fpUX+Vb1V7JlhHHbcoDfwqu4q5W/NRz4lJi0PfeYUUMoq5z/Bia1aqbZ5HPu4h/2fiVgOy6Ms4vgvhmlqje/oYarE+ghj8rlSouNCDN143NHyBHi9seS5qcrzzxbA5XFuuMlniaphpVHJ3JryXsJWjoVMXrXXUv8W5JhjYADiw7SC1tpCn6wTeXUF3pZLu6Xp1iwf19rIBmLWQ2k5eHnwQVWLtLSGMGlOQaatITecF/2QAnygSvoMLAFL7ObAUv4cy6XA1Y/VktOl9Hl0pLNbcGnIuLb//CIp5uWWRwWrlXLxFw0uZD89DgMXXretRwcuDqO+3OocHxybNkSuQx1FmNSmsIldo96h8ABXN3hsaNGa+q7k+xxb/9xqBbeFkv/zfLqpBfD1EKn6Fewi9+yXlC86Uz0fF0jyJlUPKtQ1WFg8rGi3Jf17m5KyHXpuy2HUDN8kdtdNWFQxGiIhcKi2zmT5FiauOpFm5ubUEIR24uzrMtl0/xSLtnUjt4RIcfdf7yvhL+mU/FGhnBKsu10SlXez1sDCvNod1g5vGHilRrDT7KdmTRa7BF4jESn9E0C06M8Xj5cyx+iZL144CwR+PWi0pJLb7WkU59NEbLZrlXamJLhWdUdopuASSp8252nABbf4f7ZVZurV7c2eci3nTsJvo6fitrQiq9SjWeFLHSsurYblse2Ui6uWVVqd77SQyYd9i3hx7mOvCa6Gn1YmznVFnSw3lU6yPxQVsI8kxBXOFfw7DhL/U5Z3NwYNAUoDBBf0KaiXSnRUqGKpDvbAbfnCleFFQMgBGnNk3FegG9EA2GleghVNhv0aFdJzZsE4AUZwMecUiIstrCjedwbfoCurHrXG9LYx6bsTBICs1tn/3nBdDLysTSMgLPglsdSRt25nmn9NuBm7Sb7i/nBeqJ3WbiUKKLhis1LGDMLMT85d01wLl3YluAq5102K55NHYw4XWuxzXvBuwdLseAvObBnpwA57xp0mckFkAotRj1Eu33NGhSwGSn/pL997eh4Yn3Ka2O5hPhhA/8LyGnL+u/rhT12WueEj+C6XrJg5hrfK/WfHuqYFk4XL8sNTmhbZIMFv/FBjykm5IOf6hxoVuYZIf9uSZUEmgqeuPvxzwra+Ne3jlrXreYXhD8edDA/nWuEVmJXFCm3iZS8+85JF6vdu7zhKLkbyjHbP5fA8VWj7b+vz4CoKzyXDRKgJ4F4IEH/v6J8YrkOGAPTI+S7AW6nYH6nl+2Y9Ce4Ek+XjmVAVtJF+SmsJu1nnwatrzNVK1rqFP4wtde2uynTROEjG7JVfQfMuJaMxfL73fsW0iLLUtxfyIVo4z8viDMgyhQUl9JqiaKQQrmMmANYWXXaonPJIfpGyId+4tAZN9jzZaaJU9VbOR6zO7X0D6xJEf2WPSBjXLVsufzOXMQx4yTBRP12ycprLLOzSKpwWOZUMcrVpJaM1MKGsO8oeM9Df7a7pEg+XnZL60pi6+N/jUxev8BpDCyCExmzVFz98pRoWUv8F8wgAd/NV7z0i1WjLmt/6ypjr5cHclnx9YQe44QF6wvCSObGCLuzMBWCnIWC5CBzsiz3j7LUNYAKYi1eINzut3r/nH03C9JQgqJfOabTP/0rRZXqSrz+nF9ZGYjg/vTbbFs3kF1rV65zZh5VK9WUq2ZuJDDn166VCjj9skeeVEXEh1I20pEwNU40O+/hyeOAsMSY9d8rVXAmjocq3JM+18r/WdNDeMQubMpqS/R2Nuw2CxVEBAj63SYBLsufbgkVOup6Iql+CFr3EGRRnYsRSkLTTvidBSWK3YZFqv4YMODt3YXWn5BLeWnvlDT6rZBV38Bausmv7hGLTsrqOutlgsVCsnXU3MbcppehzUSEhwZbJ2BDInB/Gng3BDwY8NtL44k4h6R0fVR0o/rFl3UeGzJSSaTl3Iq+o2FBHg34BY0EswZnUjCHBQ2FAss/D0J+Kh8GvJcgtVwmcrUpmkjR9Gi9EJv/e8y2qUVb0TnPh45BGIkyk0iaAeUGFtGbgleYAtTq6lxxfoXjD+kHCgDCjqh6NK9/2JuemqQBYGrwUBHQCuiItmnuObv9Eb8foR4MSKVbmSakiyFQyg2qG9OjlLsp95t2VAqyzaxpKLGC/m38ONqjug2CZQ/A5+431xiq9eOKI9BrQhiemPx5LSRDloz3Hjfk7Q6HEKEO9YolqxLE+g6OyYP5l2BFydQPk1n+fMD3G/AU+ARDzryBRuPYcrcHyBepA8wm5hmOUr+LH/5W6GHSDRLxeubA1KAG9uEaS3953E/9BO6XvJk/LZ5B9Ii8hfEjcv7WGkCxyNjKji1W1gN0amLW8dEhMj9Gm2/MkTtWJhoSVYvC9SgfJ1aeC5D8ziCzq7Kx6HsbI0sIK7zq7NRqzipcw3Nx4IN7ByAddscw7GUUArYmnqIvh6InG88adiP4+I593mpgXhsSE7j7SdA3kU8UfauKyI26LWWQebQsiQl20zpWmTyThKbhQ9aX/shQySLGuoDtaeXK89NqR99F9yR3vQhBC+H166BtX3+NBJY7ZSehxsBG9suYdCiXtcdGu0x5JWl+UsmLLThtUM6Xxdf3gjlrky5o0XR8lieqkx634dzw0g5rGaQ5m8edMOx/OhUJmu4/3pjrl21q7CiYr/jFTVO16OJlw+s6XvBQoQhs7abX7kKLc8tT6oF7fblXgqxlNm7YVqaqqjTaak6+GIr1XrOY5r/Ike4V85T2x56umCd7gUb8cd+kq5bqFZ1IJELaIYtS45CUUzgV1vXFJCKCNLqK8uooqSnKiXgyCCwewJmqUcytjmql3CNxFi0mPzVbHdGqH2ZjzwnpfuN6AFBaKFPB2sZd1OfS+ou3blmBDX2Ly/2MWg49PzV09/oAQQeG84kJ2eUN1OlyRN9AzwxpR1U67QcW9g7CUDFFVjpPcU4m0wDd0SYeAb6RTNUKa5M0JPGmNdJs4MbN5PdprO6yunn+3wHx+J/alL+ZW9eB4NBabi9DPl15Mx2rEWgpf7HOz+cpFMO9evq3PtiRjPNcy4/MOyDvNDLSdH1ypnvjFoljaWZ59y/0AqeCxMm2WzQtI6OgEwoZDhsIARyBA5h9WMXVr7ufsfwyERY0X8dL8QIFBZSoqRW3lWV3wx0x/o5hrUD1DP1uRfGaM6s2K6H6jxRL5yhHgdqm2d6D2c7cX5Ntqo2CzTpmd5D1CpSGNjeNQIFDH3K2RESDvT9onoT/YS/DlrspnqePm925+TbXjqMBd3phOd3v9bj5Mk4d7CuNoouBBvkihjfAEmZ+K/+IrPv7ib1Gpuu38btVELf4byemN9BHmUtSQiZ5s4qo3/dv9Pte36ErFbiP0GU+yKsEh39itta8icT5lXruJd0i3dN34/wHsLT4XWhm8yrWqZ+vnDUm5918HN0sgTKKj/yl+GAzIQTuhcbz9dpuBCpuCDvC3L/sffBXvxA7gtJ+Mn34q59kRSbYjiTNi2NM5FGoH5BjgTTNDXNahseTh0Coe3i0k18sAv4AYl66L+8lgu+X3popHfaoDREK86p58NF7ITxg41h8ynl38FKka4HySvoLpHCTS74RuLGal0Kh+GfeGtbRUh1b/15j6tSR3JCbB4x1zoXnfWsaF16Xdm4f8OZATyg5UPF3X/sIzjTUjyU/rU8xaGBGqTlLkrs+oC7OoYFeqeXrQIAA9XM0RPcZGBfU4uDvm3YKTvLEWr/VGpv9Kf++kYZW9cgeQ8Mj4CgQIaTIwvQviszu1hOCvCzKeisIUrscecSqnINgzU6xvmnc5MEjWZdZN3Ux52IJIFi1xqy/sUKJuCV9P5Itxq6jq4GRYvK5mIRVvxPR2dRLSOMYocGFNbaOJIdyROioykiILH314ZoE2C7AqO8vmj/bd2EtFc1RPhiM6/5//RpRmlggao3YYP9SOg4sMIc/SJAk777h21+soDEw08Qa+Oi+K8pijgDRu/JBkV0sYOwGao/npom6/qNOXPHIdwjV45qr819wRRuO7qHvaxATfczg5gfCwO2+Y6fk17mY6l5Vksrohds6HMQIf+K8/vT3W+17HjqweOFw0iC/gYzbKjwgy0RhXnauwZ0JEcsE9bBTR5o/Wklugl20SgYBWTpZ/b1C+HcCREsKEhRBpsafFm+pPHxT0MXyT41EYzZjNjfM0QsYZ4OBEkz8+92Lo9dx9dgbFAFE0ZX+K3buST79DUPSAI7cFoG+6cZ/AHNyuPRBpvnFAS2/FiSj+aP0ASa7JHPKF3xHee3GBqiiHZVmiKx9zqzk5N2Jijzz5msOYSk8MJi3M8FWzdNRcggIagFowbiZSVMfG4kKMKVkO6oBYpU6kP/i96cl48k/wCYZ+q5ccknCBCbt7+foNNt0yEah4Jo3oy4nxvw5gcPzxuv5Ukp/VNVlprUMt7Nxhqy8LTkKIoPnF9QGobOraA6V51ZNz/gZJxIgTPbhomV8afUFBvapKv00SxQl4C3GDABvllOJOb4KYETDO1LczN9QaX/5IslRI20Etw6pqDe1kckmSfJqBXJaexelb6cG+1QJV5qi3oCu71G/POiWaBy4phSffEG5/Hv91lxhn+QqB9wSRVDeX1EZzjT58eCuhqaki98IiCbLbMKmPnGVdTQLYykZ/r1TCQO3Yl5SL+FWv+uXkMeZ6rtbZuMtUX61/1nAt//9KHkf4WkLcQz6fq3ZBDzmpLX6OCay/H5BkZDOqQH+vHz5J8o1H/++AzZ7aDOofWIVgqMdY8sClNZ+vEQyxw6noBZmKm/Xycz/qrj74nYT0fitm40yHRCPjXgCVz1vVaDT2sEKanPDL3oiCv/BYCMq2k51u9wIRXoSX6W9B0m40Q6flhN1vrKjN9fZeC/wQ6XWjDaRYnmcLE/uNF08etcsz8trndWI6/OxA4fRhT4yWF8ph7YlCvn9KmsATLojRd/guHu/WVu5wdw/XSC8Nf+ib9jYE9exEg0ZvpcKeuG/23ge6E+iruGMnwEcKmsL9x4TwuU2v7oHLIJyp7dDzV+6Eb8V3lCX5rR0iVQ0UkfY5nnzVTQ9OvAx5heHk+01fYjGbjyaJgftZD7q+qxqqNsIfJr8xDtf9hPAgWKFS92val7bG3AI6B8OJMIMgk8NgGaCA9WoItZYq8483I2xtvk2wCX4LicS82/Zvbb8hOHwnYRB+xg4Hp8atgzirRz/jd1BtSHqdl1fDitg/MHWncf4cLfZLEAx4lmkOvvRP1R+OzHJqmDymrC1INdoRLfuhr3AjSCcobpHWJ6F82+wBdJsPsJh5FHtqMIMTDFDEcn8d9UGoHag4+EzvOzBkXE/KvxCRxNJpSWytnDRPhXr3mDy93bsEF4+QQzf3pEplIsypAO3cmHDufsK9vW7MiOUk9Jz67+GmBzK6E9XYsVUa5aYGddmNVSpz6Wv3eXuNkihGOx/BbtqZcj30AzquyEQivUh+G4spe4ftPjD+G4SOjjgaz5Cafn7PR1tHhLv656f48rs3/7rUCM2OXId14vNWeOF70ehLoUZWjf3U9XsCIFVtp8CsP7hMBluCtndMFG+cDD8P3iV5SeQorV867elHHNG3VVv/Osd95aEUFexZgNo0+nO0CqHdLOcam2vlovrj8PA1+mQlbBe21yaMDVFy++Asderz/nQF43WZB3EMrMQ3QiBJeNULub21/oVnUDPWdXXj71gu9JHYefbhBQ7cX94LGPYd83olGuBnTO7gBxDTW+vXoLIdoT4iSY4Ur/h4QAnM4sLSg592Lj71/VIP2OTLPy2ZqEsL5MafwlrPKv8fEB05JWQOKsh/cm14g2CqK4rZrH7n1QDPIVLfpg5rm82OaLvHWAmsDtBC6ltdGBqItfouDwMnUFMaH+u8UO611sMt1ClvGvyGzPqH/5y1aLA9KDHMJEr2sJzkEfdSw/GpsUK5AGMvWcD+YhinYKVTMDbYP6mK1GWU0rO/+0hKneY6Nacvd6YAT1IilSi/V5Ovf1s7DHv/NNL11QY5IiWjr3U/XE3hWANO/tPQYILPKwNa9w+h3Q8yOJmanAYwJ78BsA7gCjPMN5mCFrAjP1JSqwlDJ+2SPf+H/pGWVZ0mPpcNSFt4o+VOZW9wsd58gm5zv0zlRNf3j43UCw52+p1GQmqG7JIV+X3xNSekPMt8X9D/+CtE9L5e5JCkj5fiLKUjqUPMrioLIaBf3nky9BONFEzMUhg0iQ+brh7ka8yX06BTo9+WUk9+TlcHkljROXKvhOZtMsUHFugkP00v1TBxE508AZTP2TIwZBbHAdN1NLf7iIZh0tOeULXvhzW08vIpkA8jDTRQr29dll9bvhOD2kLfOJ8PfMbVqw8hc31uO0+mELBxFkcKkDZF7hD7rtW7E+WWBjj9YbHldWEbWLEloV5dHG4KMnVs21/2k02RjwpQPZ4ZkzelIwjflF9Iix3ze/xbkirVVK3t1Z1LtHqaZ1jWsCKRkzhsDp0ghcsdaBherklpLO2ZSxp8D56vev37jUSFALxqjK5wPMcO1izRHNUy3YJIItnRJsm/icxMMUXcd6xHoCVtL1jTgdnJ95Qpufoze4GrMK6u8WhveiAToYFtM/fnlKTDoBS6kGummyf4LhDN2cNNPcTuwb/XdSoyvy6nlvLsQ/RUX72pnYoNSHHU+QgINZmNw1bT/4weLYXaQ6IIW0WEK48TINp9VFrs+R/4YotpElbuSwn3qIsZCaq8pF3d2jhkyRDuueXvioYm/SHiz35BvEhulHwG0/NeT3L3WjITAIetBTPQ0j9ypq6mqXtpX4QvL79OQFM4/ulD/UcPzD8UDj0QoCZr9g1CUnc2UNnXGi7gSKUXCPs8mdbu0/Q4i2iS4h/ZV56MT6ud3BB/6sQG9Ci9UYn7WaY9D2BMrnoiKrpcmwgX/nsvAdcrHCUl5uouG+w2+q7g3lF7SqhMnTgyOUhEyTLl/CxcfzCjGNOQTxiYC2EWeYyNEE8ua/Bf7wCe7M1SBFaCLHjCOfL0vs6KMhhqNtHppeoWvlxhVOCsJtcj533rlv3vDlDlLakNfhq+GQY2v2S7VxMGd01xU9ItdGXl6goHwY8rgo62XNSi3S8PdrE8UsJfQ69cJkluisJp84UjWiS0r/dLgmzwoKE17nyTU3ShQE89ELvvz9sI7VYfwSq19mtyxa1nUuR6frzWSABpZeUFaiBwE+7ePSQplTTJZmm4SkbX2wSPj3CaCMTiNU2ASPy0Ibmnjf1fo4MpK9J54xDoqeLOzCGlzeXEeVOijLi2e4cPN7XnQWWqKZt9Vlqfmu+H4+g5l4zYIeZWNicgjcOL5PUZ+Gi9dtfrr8A6BjsxwkLfqT6XQTXBWmqK/V11tTWndEONZjFfWrl6Us8zcc+OY7JjIhyio8pfocw4EqCnA1vPiM8iTDmeNM/GH9PnlK6xZ+KLxmnMxqQDxLvCdTmN9b6yDw8GCnJvlMUrLzCQ95KJ7AO5gzecJ7CHqb9caTH2QlWdxGeY8Y7kPKgyhJ6PFfKwpbFZ2tUJtAPkOlKS9fwL+K6Tag/uplr6+vxRKJ5FznyuNFSMmLqwLD9b2mqa8t4o2kEWX5nWJfLW90Qkbw5AmvRzuGFr1Wo4S1N9sAxZQjPg7Qx15Wh1Fm5Hi3/P1KMWNT7382EBEveGOoPi4ANHiwzM/28bYlDvNNKdXHiG4SSyNNZVu0JitOqIinKLxW4sLDIhT7dZqtjLO9lcjgdR5eRL6LsfeGhU0gUmtQdjAT8mx7JOr66+QGTR7w7e/BonitR8S58dbYeuBmSPfy9A0+Kvf+e2MMcrf4pbGF/fpiCe0uqps3l+c1w9SE8ogvxllH7Ve905SqR+QyxPgtMqcXAGqwmoebe8xiiFkC9RbTq+uVUGVuBcqqs0Qg4K0KOSWOUYqXGbqO3WcP8WZe/gvI8Ofsr6P6BPRSFDcy2DxmbhGGZyiF1k687+TwfTQkf7kjKg6gN4k062f0+dL2Nta0Ok6NVqtrSJFsuKx6ZjqnYBI/YoBuY5NTw2sYF2++v+aD6JqqeCTaty3514Nf3lVepGodc0sFT82Amj6cNKEe44Nr+I9A7MJKFtpS+n9EwQEQBvR+MFxY5o8xcIdb6rH9HcBujMJgfJHaA/0EaFyUrYc59hNZ3kmDi0gZzH5j1xiNIcESMu5KofjOcGuK2QHu1f2OPtTUzn59dORwuJAc+hW5wc8b9QdXXr+t5upwpAjZOS85dJjy+q2etrk40UoyCx5qmNkC1V+OBhdsdeCg+p1OOuaVF7iXwqdBjl6Y6+D6BOc9faRq22/dJ5NebnvaFfz3YuYML1tnT1dlLkbMhTP/A9QG+f7+nf1il9DMP0lsCLDaLZYkbzbtIZxce3wd+XIz/N2/sYfGudlKA6bJjoFMFVHKd5WJd9r8pQ83wFG4tfrBIOcnca9v2d1JCrJqi7O/wrDyoC0HkzfVfmjZPCg7lL/PPV09bU6xHyZJdTq/G/k26g1toPc+MKI79g+sUS9j4+1TSRIrQb+uUYXpqd7W+9vqRlrH4uA1SG/rGVcRWz2QAnSsa8N98ld+Dl+toZ0lluUyO3oNUJcxhjwjVYolgzn3HDM48pclBsoMO0YxVvhq5hIqdFIN+RICbVWATPYuzuVyGbo6MNaqGAQ5/hxsYkEveZrLAewFIlFQoIzpOJcKVyAONxkDRZCDTeTnfCW6x/p75LNZxyoSlNglcwI7H/dANX74Vme9uEGE0i/wtPd1faHZr6c2dbOS0O7/thGttnbFR8h/fcBLPNRm1PHG9j/nuw4pcHm9cDNfN0ddPAF5hjBHdLWuW6HoOhZQYJ51H9OrVa3bmYDYb8YFslS6GXHNxj6kphyanbykFImaFiZ/YT7htE3ahP+eCin65Yp3hVP2zM8lIIDHxsHLi4uGSLh02+6wOH5QUOAGB8TH9III5r80FsusgXNArouQiRrrdQqqnoHXocIw2kgnVKHtXC5Ho7nSQwSoUR37zwYnNf+1DyonxQUj7TS0pi+G02SPaHNumJLSVoyeIMdr9eFroyKoQ6YA1jw61+GTZ/1wTdJpXjWW8ceyG/0yuiZQA7+gS9abPbdV0yAML3yBmWzmCcLpSXmdf2HVGAsnM582wN01sMBUc1UIwFotPgF0sfQl8Lj6QeDG2Sbpm5XzWf1H0vGXUnQt+UPFYHixDhQiZGVu28WUnxCW+JBJM9F794sHSK2NfuU9wIpWYM3fE1mdaaMINV/rNKg8ngijR673P+EvD88PvTw8anDaioHfCdav++s1VBwTXnR3BOkk2cPxTUJO4aKGsc/TmBAalsVzmtvXKk/K80Kom4hAaspvi+eHifrPhhJbi0D3Kn7efTOt9zz+7ZUDDiDr2xyUKn+iodniiVAI/e3nzpsTmx4SwiyRNp4s4xoQBQW0hxL41GAzHvdTYNfH1TisH+mqpLlf2CDlO/jJ7yEalWKY45dkm8yG7lLbnUH326kTLO1OV/lvrIDlkIk7t3sq9F/vO8xcmcm4d1nBul+RMArrkDg2Cm3eMXEHf2fblK2KmoZapX2tXvIpA9fhqIVAlyiYAombuJIa8I5NSt+3Tl+u8X09OTFhqA/ukqbqJv/kqAu+MSN/K0riLdpwf37uBMSdiGLxg8O2OhgRSmEYCFj4PtisPl04NKkSCFLa6LAXHhmF/26au0xmRX7nEH5fdYToBm4QlmhEefqezmjq8l5csI/y9xClj2M40x6VPBljA6iDuc0AW6dBQu3O45In/98d9JBmLO75rctEJqaO82y8TbQp460yMGS7ki84lesPWu724MFQy4GLOzJNtxoOGkGRyzRgFPPdXiqQ2lEVPxJOon/vyyz7FnOcWVSFeujuOf5l7ziR5izzB/UMV2eVWzvKErSxGBows6jE3/kOZVEav3+yoVZtfwHQG4kCKfV/N+9bTb5ovihqb6lcxKtxHdIaziCEBbF54rDAm0e0IPysIIhsvFa0pJA7kErWYurdA7dmvA4SHzINXLdl1BC+sgyIYpYIfb2PTQ6kp8JX+vHcv8J+UvPV38ujSNIpCbjPBmZhng3H0oI9l0MHLq1voC8+Pf9aPSdvwcCX44eSH2PlN3koUJz91ysABFhadZRbWkMg2bmRFDnUTKAPOzbBlRXahf03rIZ5js9UfQdrw5CzWNQ1ljzWv+xnaw1Sm9ixvXHSR2P2CH3PiZ8amo+GwcKNHya6hR5HyBLEkv/tMTCddm23i1Ta8KOAsJIcdoUdcYe4egHD9awYebwSpZVV1t+9H8HS7m1zXdURDf2sGoz4xMrHpphgW8bbOPQKzHIISMW+Nu0S/ssJM1R4yhXI76nvPPJTKC6UIInqZDBcfyHvX3zzh3P/RFIVKNGIPYjOgs6flPUvw9+8304jQnBmCOcRxmuHFEzAe8Sa38jhU6NUREn612Oh+HK6oY0fjpgMlVHJ/mhJZyqYYjdFoPfdxQOMZPih5uHvEdn+q0edfMRkDcWztEiXKQJbEPgwFfZk3dAlzHpqmJAItWDsX5cGjmqpaUJ5nn4Zcht9X5Y5hLh+mLgMks5TfCrVkvoEzJ2ggvV/XSAkyYaMu0m0rQTJWs16/e3Yv0v3O6UUEkOS0NuHbP654tk2T9r6+7YvNS25CMC3Pd+QgQtXzX1/vjuxE7A0Fae/NbX0a7DvhPagCmfeH9b8NzfJ2dkQdHqg/fvuPBzlS/6R0O8xigj1/ZlzDQDDryw+8nssvRB0l0Tvxn/Pn0DwJ/dvvhA1zLIYIIZ0Eis3QVnxQ1j8+BMPR9+Dcj/X+AhUG7T1vz2rNYlhQo+wNsmwo07cLpoxHLYGtz4/aVsr+7jD5SU5AmVnkuP8b3+M6D0MXE3Cxqi3+aPC0akeKp5+Qeiip/idYwn4izWSDSP968UBXsemqUBtux7y0hh0EdntjHX3LduGBnm+zUJA1RUGvyMQLAl8z7uLOufRhXodgP78zJeBxU5dxG3Ixmj9V4QE0Yj0Rvz1w/Fg9xWZj80X7uvfY1wrLOqB8FdHfAfB7hcTSXpbE8BqsNwY3L97B78Tq9MncK9fE6QZyl7N6Db/arCSy1GE1drp3wbmO1rYaoyjRNYsIa6QnMC9I7tDTv27EWtlHEN9ZBqWoPiJtCOdVRJmq0t+z0Ue1ntmwvYA9c+YcKvBpuc8rpArfmoe1NmtvzvtG2x9DhnJB0C7BlG0sabstf0DFT68CfnL4bLP5wOFLFEEjV9+mL8jz1ONfgnWd634YA6FLBBtfm8Lxcyn66upfy3kOnMRwf0lerCQs6O/CAu/I/H7Kd1jQsK/L4uxPszrGnkKKLBUe9Akh7BIaXiPGkjeySAy0OARVDxu1a2sCN0H2HKOWrpovjIflRV10gYNMrruF5WRK8EmT+ZZQhaLv3oIB09FhY3tfA1WXxb5lBufh3LNxtsfqC4lS6DefU+pXztXorqsbU78BCv9+9q8qMhJsWe+2RWCUM+hZo8DA5pbyWAiitLLAxW7gZrhG7ohPg/xBdxxQBL4wsRsgpesjWnwHC0U3twHHJ/l//trs3R3Q8g6ng9ge/t71crl9ov8VzCKtk/6hmySr3/AbAtT6EneMheVLGC18oUHQz7kS93yOaqoP8kA8Aw08znUT1u8BCKQ0hnftzl+uIzR/YQ82zyN+473DBKe2XImJy4uhJ4PBniSaMOxrH91OvtmPa5+Cc4iMyjmFCLMF/P3x9XWbccv6OujF0bqgkhBgs3+WWBEwX9ZS0C9x4IL5pTk2UvjNPxUSogrPPgN7nbo2Ea0y8Nnq5MOdDkoV2b0kzwgLJzwtPFKet3ypC2cnkBOk5z3+SKBUDF160zMctjM5rJQSPHjSNef/uikWRSliGQSKIPC1qTYLGJtKjSgpXtg72CAumfTIi/P2WXkeaHDTbVjT+r1nDVnUH+XMbzF07DV0DloJGYK0pwKM8PsNyrL/lr2l76F7vzcj/th/6z+nTT7UyCFyxD5//3XLoeuDr76WnnpN3cwaYlut0htwFcYfd/zoxy1927AB4XA2uKne/7lPuGIKcV8bmBvTZFKJqC1sOGBxxmcmAcAqn/fl+b0NMhJ8WBngASozET6+SSwO/Gjf79BjtYSiLhiNcwcmc14ZAhBXuorc2hzde3rnZmGNt94RLd7U+opRHp/Lq227Hq4g0hs8/iSmxdxtzc5YaJ3Gy3+hgY7kTWmfDEM7FHE+gL5bQoDoQkyvt2Kz9L8EIr67NyXsVfoZp/rn5bq9SQt982vf+MSXFsW33FF8GeZjJ26A/fmnCxuhQHUvrKMy1WSCutfqmMWa3wJbyv+OhuKcs2DgSEdNM5YuB9NtJDXer3g2bT+1aerZZer8WhOIWE+ZL1z7UuqPq12hh5JlnLkAhdLxhMk2+DecPz6SKlIEz36sP3ZGxKxKbXYbk5CKk3VqvIYAKxr4EP/gYnm5wqxxILuN7QkAH+NeAC9q134/Dua6tDhfbAKl5bZX3Df7E/bsyF46QbtvXKee+j+DEpleYmDEIrifrg3DYuo5Hv6L5P99ycDASqgf3X8glHKDYNvJ5xmyL+21jd7fJ/mZZOXbtjIXwap6CiCNvzvimBpZowz8jPDXXixZAQEPrv7ycUJ+xoHwFXUKWm52muCVtBikCUgcQNIxscnXzrbGmb2AZUGeiCP5it+WhOEtB+1/J0rimJD59M4HfFfdYsf7hW+zfZ1Vn6nfXiyoLHBK8Tru7BtEPxGri9Yb7RIcO9+Z1zWil3nNSysezR49QcxMGRsp/bfbbzUEeeEnShejtqWRr3wFVms1ciVLBAfvIhkxKWqPMcbaU89XYsz1h4n5X9cRUFoE/IfEbd+Trk8vUA2DX2n7PK8aElrS0rigve7OewlLUMXMIbaS+w1RBn2qPjNkpJWveySNmNoED7QGDSC9YbAJpI1yupIaLec6LOWLHLKRBP42L+zfVjTOahh33E2powFohSPrL9M8lunR31/bspiOKGWSuOTqIA+BqiPXdtUylyVnWuUf7otp4uS2fHPEJ5q6n4LbJW++gVUH4n1fqyy7hBj35lKTMC+Vnv9blV5QY2USudnWYo+O1zooESn1gUkf2O+KjAFRSiCVR62aQ06z/Txoegr7lzfIUKzaUFcgoGwANJTACFadPvnqj791zTQ4cS//zwD3/Bb/FRlU5/lfWGmEvx2OQxtKdZwO8mUUwr5K/93Jd54SQzogXYrnwGJroHHCHuranltsq3u8lspvvBK2ZIrczvONpXcAHNDDwO2k8iKCauoQV8iIMxTqHTiRkJUAjZVWO3gAGrzUWkiTiMagno5VgI0BlEObvt3B+0nT6j2Dz0WGrcZv+TGsqPxixsqFvllKRV4bBxc9VuICSLf2CvOPcDKNCkDn/JMKKKgRa4LeAY42cb51G+00JTEIb/I+qTa2voacgWI0uMnw+xHSQgU8Trb0iY+cFcbDjPZEerrE8Mjo4rdOxZJYLKaFgu7S5HwY71hLJfx4rf7VtgWJ+Aux0X+3AkDkQKKxPjOZvlvP8zSpv40khv3a0gSlPS6qr+X54iXGelszk/H+qKmVn/iVv/JuBF9tax2syDkUCGaKTx7YRNd5qV8K0IznjhioTZlp5v5t5g21BPwgRLEX1euJ3OvsRGb15HxN3zB6YsbkkD3TMHaN3P5+koQ9Yf4d/UG8LKw7MY/stJhSRjCK+qrpV/9FR5/D+zjQ6j+jgF6OS9XU0mEEmjA3fLrOE4Dyj35RzwvxkAfC27+uqYAPZxJ6xZtBJhmImiW4ku0l8ZtSMviFCVxvYAsHQKPQ6pkFnpzU/Tc8ujX6HrGK9UPUCU/fHJc0cTvfLc0F1fXT4yAl0l4Wgo3oriOFC+SUm78ObdWxFrJzpMCY/VtSZ1eXH2CPQfvF9PH8qJ2MJU0hfx8H48eqPzQdPZwqb+kfJ2MRXlpaCVHYTBDeQqQ4GsNVhFDmCk0qQaYeUjzJakkZCw99SlB9VHxOH1wOKXv2cQlhJ8MN5w70OJ1QeN6HOhrRlLDSAi9bRLPjNQqwwJxJVeBVd8dBW03ASHXSd7ZfnOlhNgyeHLOeP89IcvK9Alwlk59ifMdAhxcMIYj982HSbEK3l6d+MOSL1skw4X5hSe57AcsThdi8zBPQKz77N76lw9ZPjLHBuG7e6+1PFyFX6jA/+5igbFhxEavN4AFvUBF3szUff908bVg+uvnRo/1SVVSNbxo4Gf8CwwHIbga1MshgUgchw1Eu4XH4nTrM7tCVf9FlXHLo0VUyGb0mj+uS0eczjV12z1Wbzavi9VT9fMCGHiYZO79D4U81tYVaw780y/ZMhERraQ3aP1p5eiyt95RrCs0DVf/w9qJpEcSfn1bDvK+1uLnqissWjYi5M/snVWmVll7CW/Fnq5FDzZDEPiKPusbPrPd7zXgYJb53lM+3he/fb//d0icWRzdPmWUOGoRvN/GXE6AcWccTUU4sAmRtVuyTj75y/3/h6z3WHQUWLJFfwlvhnjvPTO8N0IYia9/pHad0933TWpQGxBkZkSsFbZ7DCYcP8yZZLcFJy5Qa3aY16v+V4pVn7CG2aHwJl61LZNUZNPWrdS+4vz6ObaLeNpkBe0mwa8i8CNBhCmDhgpQbdzTZWfml8g/mA4j8q9VSS3fBqTnRUaDEmoBqpLPgtyg6uSxR4pQjGNdlxtAHlKXkNNWqXxMdijwEqxrQa6SaM9ABq5i2O5Bvb5uAjxtZmMLd4fO5QcrnHpDC/++fqehM//6J7CK/FX5cdvf11RzTqs1hbMI4HcfrSqa46cGVdlGVTrCQCY2AA8sCwtr2hL2KlE0vtG0DLlKNvSRrqckjFNY5hBI0NRKArw0V7ewVMSuiovDHDYHHLnTIoWnWFL7E57H5CWdKEiLsTr9kxOL/uYmqgmS4UAAupYZJfNs0fd5D/1b+cahqQPjK4q5i32jMfpR8Wd7xmPvHUA53h3cKp/hzx/FtpbDGCt/3O3BZ9ODT9lq+aV/9mlWnnADUJSaheR5BvJzROmMJLWmL0bw/9WPrMPcMLSgF86zJr3jWzdF0zfqZ4j1olgaIW/zIm2nRloyH830wTQUVJjtTM5YAdsOIj/YWxNMnrxYPf28Z7+Ov0qFCMgbYAvkjDXleI0n+nW3trnfn8/hEx6wKaB3E8iM5/51IM0cD/pin+gSGnIkTeGya0KJXmXVdFK+76QfOYqdd3Jj4j193pr/L/tzEDhmxxQVUlObcqF6OR9ZW9qBXPJxj9/AmG4YN1JVJqz/5T+WYcejFDLCUYFdKJ5diNqxBBc4Dyy3Jkg6R1R5ngAWCXhPKYlnqX7TwsJ9eNZK8038l/tNsezeVBYPEEuxASrcSTS+70DdxI4+0AHr7KmpRiRwGIS9Cm0uKX6JcajW6+e/WUAoiqFZQ3/AUU+AKjeQ9CueBoi1sseJBPF5J9ReyugDyn85niJa18N+TDzCw68jiBF+z4i7AZV5QGc+PPWW2HwRemyxo0ePULYA4W/c9aeTzF9nnZSVAA9f1XFdDd92Owga9dJ/2dhcwaJJAH+icDZa9a0KLPUVkvfcEIj2omkQdckf5I9/+1z4cUmXmJn3T88pjNC9mYpD1t6gMbTaof7hMFzYPCsnesx0nqBQlViWbuwLEUZD95oc67cGnNGwd/LStgFQFhAZFFv7UeWTddZOWb3x3aAWbsz4XNy5qL6X4S9kwHPFZcsfIzYKIPdm5mWDyFsPD4AL6ziHzLa/hAeC3DBJPaSaMHq4+agSEKXBhcR8JeRe/2EbRWX5f+pPa8jirakzp3Dn/uwgkM0byjyKnpAbfWBKHwtz7/B3bmpY4SY/6UkZxTiNefm1NTjq4IDnID2NvhWE4DzRDc2RPJUE+NE5yG4VmRXOpJxx27/kfptvezZqsr93YbmqhV+XkjF3SlWrSaNkxuk0mqyPXOBHOlVbhUzJg1AEM1/xUQJV6NI4F23616mJc3yByQSnRKQeoif3KmTN+7XEod6uA4vxNDV2POzZPVkgNBOUXRhClsxTzstYzPuvR6ehCsyXECZA41wawqhCprXqlLP3FoMkUHYhBa8lmHLFFvSa/QxNPaURfushNC4EtGtKZ1+M3R5SQEPAT1C86MWHSbJue1CD57F5vvhcGSKW7o8/nzTy/CClf8uOT6ZB/0SB1Uvz5ypoDgWlUg0inBY5A4obxp+I+6gixRU+VLskIQlY++GaX0UHxVp+37GfxbqiKbkqBMPHr/VFq3n7IDkHF/B9kgSVCJUAIf/J427SRZCUzc94EPOnq0PVkLtIJ/uLnKUQGnUcma8GWDHnHedoBj82xttV5p8vHWcaf11zESZ1xBLOaXv24jmno+CETjTo/Dm2hw9j5P5RVSpzLJ8+7LGPnMx6/9VyDKoEFluk34NKgiAcu/MWTFRACT36850Pe2SQWL5akhpC3MvEpb62ft3MVK5kGPMrjbrMT7f8fqE1/O63uifheg6p0o1ET3KVIP8MoMzUkRisARlKwHOoevnQYCbI5RO3VDf1BNROPkAVfSmkdR6NH4Wp+YATvwpWUFsmxe+I8P66IC8sxwLg9NirFrcS7s0+xwSQcJQDDwzNrlym6DQrK76lSwVKOGMMSf/y7jEzwa+eQGAExBMoHpzjxtwPMy1uBMmHsbLIzAEhneMF9LMJpAublcEajK8j/Pn/GsUA7Fsu3syHJF15PFBVo8qI6j9lGQMb4AEEtBrFDjff9IEEf0jGcsbFDnlaLdD76p5XJ5Yi/5QeOFp2LoDfThxqe809QpJd0Tl55GB/a8dKTHNbXM2U34uXz12oHPIBJyScZX/fDk2mHcMQAhw1VLN/pPYwfjor7Xyww726Ur+hgv2uWjuojI9AQBmNHBJLqwBtyoQKwYXEkOEx2l/y7q8GqNgiWbarIeQrMPdhThRyT6sc91sUYN/jFWv1jEcGvh+O8afPFfbzIT5d5BL+XBT1ASfXBN2arRISPhKfD1wHVdAI7ej1HYQ7168z4KNDaIUZni/bMqaHTzPnjj4/yi+JU6C7Noh/GnGSBL19JVRtf3BSPIafZ8jRmIypU82DeJowpf4gD7JlLXMmFDU9FvvTHemObmYFEAKttydw60gDnEN0ef8Qy5dXTJDS/Kv3VDjWegtL3EUsqvSurYz7VzrltnsonCQw3NllWiJ4K/RXDzY4DF86KrX9kI+mKbu8a8/16Vss6jh464+SZoIRETmG3i3QWfVhtaZg88S9DUttFJVJlVw+WXEmPAcWxRR3xE9SLWj2E2Jy9RDGizLrBcTo2GbA+EGUbDgyTSWedgneu3saOvvU00V90frRt8+5wAsTW5EuTXqv+Ku07Vq1OQSSIeiIJcNYyX3z88CGbYPzT9WGO4HAad+bVUqJivrrxf6gLJSn8G0oLICKz4dzimWetODEfao9DCWyCArCgKH4M/SD8FfR7V9t5zkldxmnvmom/MKbODrLGKrkFj82Gd1YeIhMQ+IqdCe5qPzTnQzop5g4hR73uuLR6JEc+pcq7fv7nnSMJck4/uA/fh1Dpu2dCCYB+s3EFyDz8Y2JINanMCWzbhlhB1bc+t+rEFmovudvfwcgRaSQcD2M3SBuykIJyS24VY0HbRKATw7hfHZR6V553ZeypyqIi4l6Rjy6CFRDvufEa9J6eC0peIs2EhqV+XU2TFhcjrg4v7UGfvRhPJWQbd+zpf9uG/kUeh+kaF2s85V/OkBshkaghstbK7x4OMyjVPsgtTPQq5F67CEM4u2B3tFnjEKEKAEvTZQd2XyUFC/EPvUS/2rwNmYHh7f22rrVZXqVu6FOMfQ1tdZs3H5zxtm6lbENmWn/uQhKkSx1cDHur/jE5VrHHZYMHnm6Iw3nVCXf+uhAOdNatyEZdC+0iJHOpWj+8tfrnAO9xhJtPI1MruQo2dYzObYbyZqxAJ+700VVuJ+jKzuh+Wnqi11YmzNU8ZQIe/aKe2LLeH5Oj4jVPmtIQyXNlYxG0kAw48995WVASbHgcSBC1rUn/2qw/ZbJ4njOXjU+FqZV5JU4lhfmfazG+eMSkjNd2GhwtfZLBHiddmmiAojdqX1kKRq9BVpi/Js1kEwQU7RIKEEjwYOAgPa+o0dzbztFTAFJK85He6QlbJTi79sfTp3wsUiL4pSfhdTDlk8yxwYDZUvHK02EJrRw4v33fHYZBaYI0th1RGJ0Vh4TTBu8Ew8duz5jN/+d18jxSIVO0pv9WXJ+A/04ODeHpMF/QRNC5KA/vk/NL/roCauSoUF/+InClkOQpP+xqNGvWtT6VHgcOCk+rlWFgsJqFoWnYUjsJauFw+NkhhD+1tfNQD8/f+OCkBicjzhO0YjNpVFM/ikSt+uJwDR4nG68nN/nOL0BKrPnhC8J7DwUFWV3/fO8HgtZboElFZNU2KabkS85HfNv2kKifsTJ0jMa7hfCoqZ0Ufx6oOtPVFgT0OV29UeOboDQECfdMF25TamRX2BowIPtTUVoummBRhiaD9Yxfs419KC3HYtrH52O+CbfbwlXLzRvqR6XmSY0fprEFBamTeHGUqt2FcSD0B4mGZb9tccL1boF/CVN72UAbzjG6o9mpPtsrQuiCSx9pbsQhrFQLMmttQ6h8AdWepU/tPUWLCbxb1bsCBocT715MCSWunY+liUbt9RbwmwbuZpLn6j+Qv94pu+yjSRQl0CTGyu1kr8J24ZBzHfEzPO/UxGYf9JCsdtzHWfjvzEFCnFtb75GTHZxc1dyXqwavn9PLZ1WCERn9HgcozRW2E97IvyYKPHpFccTHQtvdIaRI6lmyeod4d98DU1IuuYF+uODyAbTt8yaimVFEW6ODcro/69JGtFDfY3zyiofnmnUxlfhbOj0U3ab0v5niofviheRw8e30dQxj7fTIb4bEIkO9Rvzf2Z6yCcrfohfi4xj2+6cdCuS2texYPoKMIQyFhlE+M/8D5zTGPpe4m+x4Ygax+PzobMUcMDdM752Gf2X77CoFHOhoFvw/BuVfpxulSMPWQa8jERJnDbopmJ/bX1qu3cSI5jC9zCRyWS+Zp5Ad/wxfcrCNH9f/G3lhl97CT6CkrI3AtnKHn31KDKFQ2ecoUY/Zov6Q82/FQBx8bTurir+isUZmdzrHIlzwTf7ZO8ATV9K+9/5Jf5bEBgayXmJUh+JxbLvtHYel3Urey/Fvxknza/lD+vZegtyzvbX8jAfnPMfMTYkyVUX/V/+hTMJG7PGLfOrF9jF9bL/85e/DKUHwzCeUf3GPUoKF5Gd31BjLN1j5v+uUpj7wZNT5qSw5N4cbDz6vudhXS22luTm23SPqx7++7SEcQt2qbBRnnW5tBaa3uiEQr583Rj/55ctTmpEESeT5OQT4b+zW8DfOSFmXo/mOOIDdGYQC3LJsEgCvY7/tPLiG+yYWnMIh+HYq5FukMt6vN+7Yw62+YJvDdYXrLDkrCq/4j/cIHHiVaEPrzKFXsHD9fV5KcuWv9dy6UB6ypHyoCe/uY1fVTWaj/GvKrhjJoT7wuFdsTKKsoTNKsVYQtZX/Y/fNj126eP9z/sbwpvhIvmBXu9Xu92V2+V3URJK6qRa+Z+z/utCyzh3OafLw/pOOJwKEhG4H7r8zzWSwcqf08A86t7b8Mss/3vOzaAe7BejcqNXPmMKi5UEWcF6L4dI52qDpcXv0t+K8Yn/GJ06r26jXnTqOS9J1kT/e80bgdOBXdHDZY9VyOYbktvTQfqhbvmhzHpwyuzkr8c1JaJYZZ/DRd3w1J3wLF8PgNS5W6sdTLyeZxn8mxV7MlkWNRYWBTgp9iRS/Xi+fwxkV/Q8JXRHd1cRWcT/WTeSWROXidvzLEPH/n9nAYVNm9AinieBQf/Pt/0rT1cV0DF2MFSV/z8zfh4LYYGumHECRB/4L/73FCFFcsFXK5jkyv/nrufP+/s3OYJF39RMdI8aOuFBpaNY6gacLu0/vfUAHY63TN+3PG9+7+EDW6K9687YIw0c1d3vEKDaibJ40XpSu/2xGJ3lG0mkug4uoNlY6Tb93VODfBxHN/kb5FX8z7vwjHxJz64tdRou0FCwoAevCCGGU1qgo9gfqhmu3qCUmdA3AWIrGCmtzv2/65c/gHKjkQfJ2c8nZ2X1cM08+UNsPsa2p0rZ5730YE5IOnL1HYkFPY1x1DxMWHHai2eqz+5A9LO9OB/TzP9vxQblt2L34nn90jgW3xAaDjTPvy7drNMZvAuFUjsbQ8T0ybPC9I4sYba5ahPjeKjMX/m/72wwA1N5sJebzssPQJ8rWGW/f7X1TMKyJ7+W+1ajv+aanD8GoN/9tkgZjei+lts7HnsS/u8UiA8Xx0zrY9yP8L6tzPK486+33/+dCoWDatM7MGoAuQkjgZEYmA6Z3eN2kZ+ziqlvhrF3hPhDGtBttC2yCINZwL+KBZx6hZKRkboi+/a/jvsNpg4MYAotRKD/MgHkkVAP1/n1am/XF7euQmOKuNDj1s/vzTM14+Qga6ts/QcngNlId6HVwdtxH5zbRZL1x2ulB7UxEikIotdLAHn7cSCCtM7/ddKxxwY+cg/UfIlAgwLlaNp5LciTmwXFkH357Qd77HKXptEpKout3GNvgWB73bQb49f9XJg4noVMRAJZzWsMyalknxpZL9/mMzi8W2FzYzEQ9+/Vk+Mo+5xcB/SD8st2IagLewB01/MMVMI0v1e8/thX7Y1d+uO7yvGwK+i4na2vlrnR7wPH7T2Es/esEJ6J3f/ySR7kWIAVr/0GOPIIWvpbywFUO3bp/gVryYvE/1pL+aGcfQE/FksdwKmbzeeC/qtepexAWo+oP871nBPgs0F6+zcgtvn1W04x14YyQ8WYIO2Ty/+bHfaRG72yKFKacX74mzEzr6D+KE2u4QoWanTnv8xr46Mz6q30tfKqnnX6VkOOiTySgd5rJq9af/7i327v/3Z7Bbtd3tCrfr8dJ3kVhafc0H8lPftJujqrCkfNLUhqcxNqWgSkos8adUHChcT9k/5ARZh2OkGYUTRDFXqx998u/0UcQDAETc/G3LpODxtc2j2jHeKLZGzh/iMCb0HS8BsppLGVmUdbJdH+7U4Rj3vm8iOuBm4Sxazz7+dPz/SPLB8SGRSiS4KpVzSQQpEDafzOa2tW/s8j+WKSfAtlrYDv6+HG8a0ud/RoKc3VDYxMAoZ96NEl8+XLkhZ6dh75P1femFqtkSUCdPh2rp+XTWskiYDd72wWFJhJorp/3bfYqqrHYNEC42avQGLCXRX+ohCQn2jsgchtUPsK2/0YPO6DZLJ/Fmq63sbZ5YxpjgSz/HRDz5rNYuCLApAP8AVad14sGzqVoy1lpTqEC5nqb1pZgMYWMJDvRBNZg+/fgGR28jdr+5fdFKHpAN12gdBHPi/TKpuemU/06YfRShQbRnxFc8Js7WcrxMfoiWa5id53BDz3l2ENNo46Ql0jgzISfrC18DoafTVJuWo4oATcpIKoJVTK7slGTflPyyFCxijxkk+533tKA+W9VaWhWxnfsPv0pOuaElVON+eLjvfLa06Y1nrlZUvWAIA7VhLEs0kaeVv77uS9tTOhX2UIUMsAOYnSWxmXRe67Ud7wGrlHCO91HutKB4iQr3vwecfsRVWp8XW2/8zrY94sX2DvIOXEVC1UrBP6W1pTKY3j86j8cLMOElOBq7Xq83NzrB9zZji+ICzpBY87fdHNw+AJtJjHY41hSkPCj3E+C+sU/6QLGH8nn08+vTQXLz4NcyI0sjxU9lBWqn2rAgOyCNr/9qAxOIpljxLYltAiWDClAV2jRJLKU7tCJwe55SdOoT6q8f8Q3crq/gX2RiqDiztA/dz7S7fbSeevNvt8QP5u9dVPg6zKpL++GBH8wmJOaygV/6V7SPza7h1nWOEcN0wrOMs/9MVN2M/Juim1BL/4iauA8OqQq+jQOzKr2MlZgfZK2vcjecndG9XH0J6PaKJEMbjPbH7iTvFPj2uHbCyLQyHLoh3okNAM2vVaDGBs1PJv1MS/f7UOa9MujpzUAfyuD+H8gF95LkpI6Ay8+MFZ1Wjiulrf2YGFq3wBe/xl/1odmbAZa/2yMXVlJ8FD7EkjOyO+1cfq1I12c8zMwBujGRznJ728o2MWqfpunw4uvMy/cmBYLoggWF7MvHC1He+RNtff9p8HJ3EcSNR31HOw3smW8gEn79e0x/F2GK84SJ087g2A6UUQ2SQ8arnWH6IyGOvhMqJ1McBjUn08c3AURk+2DbeJpY78WMMry9+hvhpceQlnHLrEn7aXrn4RhKTKIfNe/f6rJCstJZSIDrSCfrV7yEDn49zrNe4PjWIMAA0slq53OyVsWVXwF3LzSWM9YhIJqhKFJSU18R8KLVm2E8qvqoFUL96rPnBbPBCS2reRV+Z/gOGAOOz7a04/PEB3H98yUPTApg/hD4syASfNWO+attWc20FORFR0I6Q00vOk1/hwsRGEqXpBX/utFPPlC0Ve/Z9Kgjd/WdcWvwznSB27ImCRVmSzG2l8M2IVf0UeUocq0p0fkrJYFnpNBfsPWXbPjlCsis1Fe8DIoLQjIpA2YdHkC8nD63iPRo698i/N35KgUypvFP9ai3lNU1abRVzNHolp9QmMn/ddRnLa0ICPMdYeZfMLx8UkOX+bTSkiVPtVBQCZBVUJtKSLg6W03TdRr1EgT+ArYAXM4ruEDTbX2WhwMkMFuJCoLiUwKWFzpi8vPuN/E3qyRvErTiWVLxyEH70J+UEOFN94lv/C3yNc68nzcKD/QC7aaI6mwwR/fiG2/Xb0kl0hE+S0bPjFcw92yLEIPwscLpRxwXBvs0bc1IsN8oiZRxWv76giCE16xU0nK8RF+r/9gV/xstcqN4TylEjpL/E/bM+D3YRG+sVMmIXl87TKadN/Ww4hEpPT/SJ+zz9pF8FfgoZv5QanCArI6p1RsdiI39DA/3z1V5zWBwMT42OQNqiHZ5AdiFcydtBxb5EP+xvbfDH543qtHMj0eSzAxcdlNOfKJ9SEL5HZNLk92AxNKXxoC7igWlRsUsRW/b8qioiLGAJ9hZ4in/HzKErEYoK7+jflkrarJN+amhrGyreG+cXXZEb8+YTjRJ/VCareYteCpZ7stOKIXl+zH8k+8OxhpDvsDnI5nsiyJWAtN1ZmS5iUAo8YnNQUN9rlN7CWDH42A7P2wkW+uZVZge+GExoGRoNy+RohMTNHqKxwlcEw3Lzg2sTfVTX6jU9ZJPNyNEcB/aVExixhOTZJ0Xm+Doha6KXPemREAIcqpo3QGBwMaMjEBcbg/ercnOfvLnpXOBpHSlW1oeb8kgcTJh7L9n5bJP8qfl2XgIPseb7p7WScBjaJRrC+ef0PS7JKSJwzi06bjd38cb++3OA8du/67Ycf+0qrvRYPDyCTQHOa0tIUGiN0xGWAYNiZC7YAHxeH2jYC2f2wVjMphzsBQeKA5Ohp+SAgF55tZqXMIPL9PmG2uT27v6hSm64+Oq2eR9lj+0Qg6FgjdK8giIBHhb+lpPGb8Gm3VzEr3+qOlj89JiJc/vlPMotIgs5fOwycK/u07YE9r1z3Mf28R5FofwweEZ2wR8Q8kSAfIOKlsBB2j6BRH67snyeVZpxvnx3rKz2NhT+D6fjMPNK0LweGSX4joeO4TXKm8aTx/wtoBdu+XZCpgnX/2Kn9KCiLW5XcmRlw3ahWbCh33AnS2zP/lY/4ntQxgVSvsziKDW3ZvKFHSFV+edyzwW0hQSlHhq8JecdmNMTa6/2LN6Xh58gnTJPS8G1+lMaVnF5scJDV6hCc1MTZF06E1mZmUvPBFN5uJec2+dLsy3ir4s7ARn56WKXMZ4HuhERMUH4gvNnga/Cggr8uNTBH/Ms6XCAvEDvF1uZiRV6/8vBqbS+qhrvvJxqnNpzdBfSafdbB0EGICAw32QJi71jONZI/HsFyKehuJAN1xuXhFgFdw4O2fOdvqEDFidkeMaeY6/TzpYF9znf5oHXfOeGa9Dj3P/nxz+LyC9cqsQG1FtCyO0LdLzuHhzl7GEy1VTqs7VuEYFeRfgJXwbJGArZKHLiNTb4jMv27i9tGsGWZY1YVCuOpHxPOmVfr4WKYp0i8IMDJ82sGCLx+Bn03MdHJFYIciRBsO96/0I72J/jGL6nuTOGjMO7rUdEPPQ4YSWiLzyxR/r5vKOnlITLyv9ybBJ3BSolbBh+VIXPlc99zupgE3KeB+wx8499Fbb5TPkckGXwVAQjwo2hfc58hY9+SD/hSYY2Sg/4dGuOvaeIvp1jJJM3Apamcz1fHAAczm8NX8BKXFJQw0Zx0ihl9huSec8SNdtMmlzJPK4UtE0voQsJ/mAf2hwDS3QQNyHot2TE+vxHtEAlroO4HJ2zogmamAPS57ebdSigCrNGQ9bAGVv3LXskUnQG1aX+TCSeie32hhYAbW8nINw1v4n7qmPHej7R+EWneVfNDR4CjAhyl/Me6w0aYe5hc95BLtjiNpHfZXdIp71olP8TxQRgf4rtxG/omMhWp0e2DL/CuP9ZjYf8irzADSm/wbc8zOIKqrY+YCxtnPq+6+Vu1R1q9i9Im+ai5O1w14axUrHRmoPRX3yl1RqMADPOhtEOJwBkwM2dgN853h477hHmQVi8yrGBgQuKX80mtqTd92eOpcpOzSRuAv+ehaBzqqxRTRrbj7rjoGGxc1q/YQ9WMqlsYbSxd+UDHW1wUV4qIzWzAwgM11wdKxpE+dMPBVZ+UqBRfjEvk7Bqfc5s4I15zDlRHyXeAOav49E2wt+IdMBDIP1iYNG81bEVDK7PShO2pMu2xNR/2ykpXDKujZ+VmCqnNh/yuL9s8RmH7yzYelMwIhvGQdTY2CXvBR0f44Gf9m1++oplq8fN/NWBV8+2vEnwUI1xUgrG2UWKPtfahkrzDG+W/jiE0jWPCjxr9bHHsqJmGTaMzfFOgWVRJeZfBGKvh2knllJ3q91WMJBlAL7NKU/K1yKAAB0+P7wnnmhdg9Z6+NnftQON1ZmJyF/bLlf+O6tCJ5S7HDEkbZKcX4waX/Ue78oFOmc9LyjJ/EvwWRnwrCh/dr40PNJxYnYazou0pugIIZ5PmXdWr4sFE5zX9rCpMESf6wGlbroDA9Az3LDdBCmLLE6aogZpGfmHP1O3zZWSVe4gYhaCXEypfWZxkZCjoMGPxYK3IifaP7QJGPj1FF6S4p/5G2z+PAEqfhUQEXvDDu8w1KtFtxYXHbdN7CMRDheN1uNo2QCqN3uLBIb8diNGkTNVMMRmBH6jiX6yf+pyozaphByYRVo0PcQf5r1KxXAh0e3bVH34pgz/g82j2aU4m/RP1aFCoBwV0wbQZgWR8NsC4E17+UEWkQVX5j6vMijL1WHUC+5sD9yuvz4xTgJ6jG8+OxGaTwbx9YICr2UN6ydZvdPysjW89UrQ2derpq3J/XDB15mVPTw6hdOnEM3H6jugHNDFlvyxy2vG8PxxEc0y2XpsjegTdgbSrEY9rc9bUAN+IMh7E/FJr4Umu76OWIu83TAp8MQ3wAunMOdL+ngW/rPij76Ry7KrIU9gZw3tJoPuotkQzgErboZBTZG1iDDJzCYzOeIAG8HgkMvm6Y/Bld5hYYoL0rwIjra/Oe7EzaDK6JW5nIs731bxYi3GgoZa/1KmHL7j8TPvn8D5oTbOoPbKnh9IvH0Ze4S87jwrOFvXldlehpezOmKSPl4EH4i+LHVhYjkyRWi2hdJDlpqxZC5EeRL+hxJXLN6lb7RDAOBXp4gUcoCxvbHqiMsvlQDS8nHCL0dXuAuubmWFEluSGHu0XByh+LTfr3F/Daee0ZzmkMIFq6+t4DFR3p5PBDTYjY+KRRjuSSrf+3vCTJokReRMVvHdHn5wIaaG77mOARX55GTiU0X3LTcmNOosdNrOa3Ptzdci6QI4hhAwFcclz2jSlMX4jmftPApLf9DaarPm5mvfdY3hY4V7An6/+IVaTPPjcqb/V80EaZr5b9JYfDdyq6yN9EGtlEMxAvk2/nr+v373MTFQXOP4gyFCCjxAmMXRRlXrZJrdpXrrD13WQvm0Cx2Thr7pH5IreVJVpkjxW9L7y7TQuBZzInQsTqJYB+YmSX4aA8zbTObpIk0yQUmt9WQtB3o7Lye7zIoiRfNL+IHK0zmyUdIwSOvZsLCuApNg8cYKWeo4+SCq5JxM1+68v9etDfb00nyoYeLelzmo43SnEBU3JKOSO97GBtQ0bBGAn4p3Ku6ht1PiiIb3gfxntQtJXvCfTPCyEsPiQmNUy5SvGQC0qyFKUnGGxxq6a+hh1pLkMstcb8UEC7ic/IxwzSZ4xv8hZPwaVOu8kQ/idVkVzWPUr+Cgb9uayvTGYN2t7yjaglpkqTSzl7UyiTvmnXKoUGHPfX3Io2KcOTmI8lAPzIU3B59f19ztivg4C/nL3VcjnJe9nEWdrJ/oMyp73hNjPBeb8KuKWD+XBSx8gfPH3ObxxMxgZPeLbZkq50dcxgq58rVNUBKASKHn4WpmhcavHuMNxFxCfuAyYSC5h7jKI10VWfv9nurLDXw4knMotEomN3vDasUEGdRW586rthYCG2ZHL9Tmj298d0mWMkdZgzM20S70b3iy/W9Bhmc2KKIKbAr1r1Jo+sV8yIJbDUrKUKmorTSHU3KLwdXFnXGqoSEVcLOfeGR/b9WFaPZLaAbLProppL3kYVBjieXj7cF0f6fex9Kg6gWyGd13HgL44vYJqo3cGXPXdc0eZH9ZGAtZ2JEpmE53b2KqOQQberXLrK24h0499xFE7C/cqQzEZ4N+N+0H3NnXXtwQ80hOCr4J/p7d7eOzANGPCVG/9EJ2y4ww3bEHGb42fL3iTJuweu7aAclAfwGP1gHX2ywWm566Cuno+YPNGfAmSV5uGIB/Ka9WkVTSqOiONi4TRS09gtCjqDx18ne9HccbvWHBViFRU7nioTivTkssIPWngXK2RCIlDdRs7mcjMffkQsUX620sCXCqueaNX829aW20flPsZDyyPTzB3BKFPAIHlFL2qHZ9Tuq6QM87dRb0kMZFen+hC5b8Im/Wx/D/8GjHySo6/4Q00sQVhBHsHcNDK7RLZ5+4l9peHaymbU6y/leyCvXOrX4P+jb58nrdw8lJHESvR6te/Kwaxo9Kj+d0g8Hrb+qN5VFPRnW5byhZw1mI7FTIvbTY/vYf4BWp+QTYh5QZ/laqGJ8tmpG1T7mRU+4CY9yvxYHz2RT6Dh5VSt1/nwecWq+4C8l3TPFnu5BcYW1h/fTeNVRkJ7sjj0K4A6WUYIzMPgXWQE0zrKSDe8HpkNUJ0CX1868UHtwYCSpsdcVijy7SBonGun63Z/l3Lu4205epylvcYhPgk2/hagezU2ncAhkreHgO5UorpqVsHS/kZwL8xXnrndBRhwKk9EkAMafY2tqgrXwu79Wby2OwPbD32vuED7sYxGiKNT+HxEcmreu0CQFLzPXg139Xt1NBT4ByHZpqlf/xhrvex0b22hUSOGJeFmJ4NWT0z7N4ScsPY2Drf8iEbBCggAXilD1OqCZietbwDbraoF5G7x01Ee3F5xVmlSUrZNIpNSz545Px0i6v7xJcrh7LppX40t/1eR12fAwMaFRymq3hKzxq8p7F7iw5czOnVLzlR7IFwqQdXtZ/wrnqE3p+jbehb0SqXjXCQ/KpupdedMKkeDQeF+mE/KjzHnebzmKE2sJjZx8ngFGjtjs65jV7ZOeX+ulZjiRFaXVZ1c3AzDiUWCEJojEp8bKiCoPxNeO0rcdWtFtOhA8G5iXhNnpWDEzaVPatAeszadWUhh92OGgFmDkRDNNIQ4+3dRwB25S4xx07y9gaW1Btmk5HLUvNee5zAjsenn1ucpWp7CMLuBb4XGLhp5hjhYyzHQjw/A9j0fn3niTh9e1rUU+sNZnw3Q4xEo1namRGn3iMP+hLqwbGtUKwwQwOxwmINs3ot0TRx7fsMdMaLOeVYy6oD4ljMYr+AFijxK5EWNtfRfXhnZUkVvl9McUixwS1cOAH8sWqUCtQx8BCoIzhM35CVIxVUTwxRzKWFRvAPthn3/sNR2fAqVLNbvtywFdv566lJ9g5x0YpBbpdFHCwybqjQ8zp8iJ/HAE8TsCripKzG+PUy/+Kq49gdvvtJhRg/a9a+hRsEh0pFn3aJRH+9/8rLpyqNgknjWB+1XI2ENzTnx0ArfrDJ7IKSebKgBTZedBeCvH9m9SFNxOZesJoCdtewBKyqxcOmOD7liwAz5D8lKbHFK9nxt/iQJC6Ub/gtdkRKVMb3wgLozBGNm+GhDyyEfOPSgU8XtIrYQ4izgDTskb+4i9XLr77cKy5ZstA7LvS98xyLzfDWmDcSdfq3KR80Q/WbjPRA9S7a8gYzdHztgzV2RKGgUGoVbz2avB/OAe6AqumGsfohRNOpYDwP5OX5KD2gRhWtP49WwdqFte5CZo4Hcb0r1A+0FPQJfpHD7t2t3eNCnnv48fJKJ3DgJMf7cRTVhkgmPGhBO/zf8B8Lg2APOxWWUT3mMVnPHoP/d3fmN2dEUjmRHT19pnSr3EGGYDg01AOdtVX68O0C1UlZd3jEzZbXPyBw9+DsNRbKrXfYg8McRHXt0JVVZyPeyicluKCqtcXYK7uEXuK0kaATRHJkBb+IL5b14VXF3mGJ0qF3xM2i+JCBKrYjRNA+Tgmoiq6Iq7G7j0LDXYLp2yt2V7v+jXCgqTiWeEIb2lyETRz58Buhj7sLQJEmIXV5EEeZrg81AoYSRwbgCRVNOKUAB/hyzexuJQvhSl+1B0GZVRWerR8Sej+kIX1L/fT2VkHpqNgT47xZzJCG3iyrNW/ZTksBAJk5okkl70/yIKRZCLIHRz7bxL7ODH3Npk2AMNdOi691MJbHdka1P4o5NBPn5u8S6KYTzQCBHqsTb/QvfJePXxw4xvRsI1s6bc1ylzLvg/cin6QNHKyIkpWvCKezwi4OCQM8sNsdPPRcgbeyZF7vfn4ueKC+wWSNV9rz1sXzmtB1bqMsVn+jrbxp3FBhiQJFRBGPr1n1XlTmzWGLBhJo8vdCfTtm3o7gXQNWtAfyg4+j1O4dB2IqY0RFMEVd/n7t6kZ2TCsdlvc12cWqY6K+gyfQ6pwsGx1mfOFErQjZgCAAy/KbzqzEDq6jz+mRGE20c6BJx+Joga1iIXkiS3Ale4+QudtIsWZh6GFQNoOMkCiFQbEPnY0mz2mX89atAB420Zjx8U4BGp14ciwTL1HpCe6cUlYIw+A2AO0UnUdekIuoZPxzim+RFzP4yczrPmXrbi/vVHetEW/BCVKPCPSouNjn00CZbgZL3cvrgpeDuIoNRzXVrwr+G2eoOWlMiOdZcHR16tyVsJRW0RCku+RjBcuXfgQ7UgHXg1JgUZ45RPaFnsMrExC5C/VjjUyTXNwXrO5B4UIyyKcS7Q8Fc7OpljlB1SpKMOq5HXmoHR8/bva6teGxBHEKT+xt8H7vV9AsX8qn2WThpvaUiCoZFhKYg1fq58XnFUFkmCmT7Ej0G1E39V75iNGyX2hvJfITp9+mD6wGkK6NHrdAazghTQj4Ct5IuCiJib/L/AztjibQN5KTZV+oRmj5A+akkoVHwVkjoXi6PvcYLxOiSwlbpcBHubfxG1CwwvklwPbQ0/YFhlF0Lqpvp5vEh7fsGwOhUKDTYJeP8IUnDhHQPQ5X9B1WYnpX2q4T3Of4NIuX9ZzWxMRD467m0eFsxnd+wBGQ3pvT7Ziit8qKAHqbibIaYOmWIEVcHAcdvt89bx2aXaFTfSDQrgRC91aD1o0CK3r4kwgvypTS8bAgHlwKC56Rznjmu4FrW/6KeQtHlbBdzZDqf46HqdWbWRBEYFg7al6I6zmGD7kiDLpsfFuUxAdFRt3+MSN7qQZs2+qcJAHMumPTK3o/ZL7pDxgSb/yC5fbRyzuaYL60d+Xy5ihctvvZanBLcCOY8xCO23EzFzngu1HFNT52pfenuDbZnMDCkDb2jGQL88ZyVWMsBZsjSHlnzXXPW6ocJgUCEoSZ2FNeTCNDsE7jQL40ekDM37NXIen3PHklRBWAg8rn8wEP4V4WriJ5md2/SO7DIz+QTWSaAM2RetsfJ1rG4n4Yw5hZR3YJRwCHDwRo80U3BYJaPIazWkm2JEkY3OjnM/LuDY2LuRQRtQ2yMdhoa64JF+mKBidgkGMDWOuL3W8H2XMW0j/V8KBmn2k68QsnkvrJR2VYqBXwRCG846QjPlelIeCFX9VfKyMWjk/Utlfx6NhhWndJRNOLP5Djiz+WGKjedH11cXuyFhmTs08nC5+HkEV+LzyjCD452llLV04JOevRA/HuOCEyr42OKscGhey9aqyurta6VUefExG0HtND8/2h3gsx6n91MdimE9bl6aP+JbQrThe4eJkQdUHAvcS6QiDF620/OitlsCVOSsTaZDRWug9VPwZjhZwu/a53TBSq7iBcagXBV9nlwA+zyOMc10GY2bGM4N143AGEWbCVV/eleX9+l0WpPHomHuEyrcTRSk1EIZk4tEOgYC2yPJ6/Ti0FZV1rrFGmjnpkMrYcIVSDWQS5zQ5SzeYApbNR2fOVXMEDeWVfmGiytX+DMml4eTfbbUFWtEdm3O59lQQ9sR8RgTp7CY6VvrIWRKzCvhLchiD3O5LRNKNfFiwxxyYJuQcjLS54EwIVb50VTHwrUvEXGc/og7UNkEWSBLc/O5tJfFL4YRZEtH1JQJ3O0lUjZiTRN9GYdQfBQCydio6ol4UE295ccVzs+vwZ2q8AT6nEiM1XfTMYJBGSTUZGe5oVJ0ye/5z5oVqVCrmm91pRE6jTX7ttvD4v/8W9ufcdf3HAE9RZP5hr+Ep1RypGgkzBXRaWuWjwaMHPObz3SwQ3w3rDPAeKGCFEJeQLfw9laYagA2uMJtLgT9zIru/8UbS6BZXVozbdcXWN80XbXkBon8Wdawftnl2FJ+1RRHK5Fws6HerdDvHattvozWvtd5ebsbn/+mWuwGfF2bBpOPKstrxDHOajktwjH0j3mNKiRIi3lDktsYlsbFYZbLRfGDHJ0vXPPe8XvIWHl0eh/PRJ/doKHjamIBJGGz7MPtyN7XuYFrvD3jx/9T52c3S7Odn3LSx9f+xJHicq/5mzSgN7GIoCUHT/kmfGltGzFMUoJqqN6Hk9pAzzhHPKBm6yg2Tn+diCCf7kinICY+Fmk7zJRglvca08WkWoW1yJl90amMnKXtMsZ05gvhg0uKayopa1Oz8T8P8lK8NUVUcoGcetitHDGxzTuZg4+1189ETDdunUkGRoj8x6t6OZ+x9Vj4v4pcKaNOMlFf7lLXHiIRp7+aqLXqkg3/aP11bVxrATiUpJfr7bExeKBBpCNIrIxPapRZ2eDRAcQ97vKkOTc6rteYFHWOoJ6ueEcSdQOx5PUOpPKlDh8QMivnR9Ltfdrpl0pMBmIfJK3LleOQoxCCW7AUlAxrnYU0Frmcu0992l4uHz83rWPiUNe8VBTvHLbkQBs9rtGV3fKJ3a3FuPoBGFCeqjIVaUCCju9xO6Wdl+UuKrLz2T2H6NgSoEsNGpUpV1xiwup6SoHwcnKPSMvkvUA5bDOolmfy7cCIo2Q2Y/tgl/lVfnJ+tfOquI03iglyJRXQPfVIpdR7opMnYobiZVeFZqzKyWOJBBfJ2UpHd2FQY1kAGk8+S8qiQKxvTWIjcEZR4NhLWXOZDhol117Lp08IV2h/bH6RBrxbfaF/3djA6XGhn+enwWDe0nBj6bNfxINAy/3g5DgrjV/mb9TfSpbargN38oQtvepGZNNMZ/5arKmdaKucQBkRDkRn9ev/4bNZ5bZxoEznDfIy7NMovL8Y+eK7ivQJgBurruT87Z6aDJlea2TLzpKJenvKz2dR8ZCF+rHknMyCXecBxW3eeD8vT0sA7hE/viO1pZAU+0YJhL3zIEIMGAVQBYVxaCcUSZlAokGWDEgYHNgQd1YfKbtgoWapj5QU80fVFCAr75RFvVKEBhwrXwWpmqVyEq0m5ZF0Zm0Wg2oyCRB0Z2OXJhfZV9Jd/SwEMfiikE36jeBpmdHDPvae/ehfaj5VYwIR+i+dZamSCIOTXxF45/QZEuekF12bSMYsbpGnS2vbMGWY78uWftig7fhSxkig1l8728lOpN5qAClk0pVUDIwQXWnXBd7PWBmddz+r+plj4W3iUWF+J2/4yzLdzvNxtL+YQQ3PJok6a0fKSQ2Sv2uK3yG5CGBxEwnmnPCchRqxqf1y9V2tJr7WHWyeBTny2FpDwnD0pCFjOrvn7vHFv7k+35sNWsETTcoQm6+laA9hTsAQXO1/Z4871LBmZ1NIvb92dOvK9nwtcmzqAqV3lx83vkCfZl5cqLzVOi+zzPgbS99rEmk0vhCj8u6MI2wSG6BYifmMcxa80ZzxbzmtTl0tThhHnQ6zfHGUwtk3fmL1nAXOPflInQrRfp3amp2+iP7W/vZ0l4LNA3/LYvmOar7H5e3ZVdxhLfvcnR5QtzBG8mM8k+Ll4ck1st4AcqFzITNPlw0KMUqrpwMw9TBcoVkqozf0vADwcOfdKA1l3tVj5sDrgfUatpa2UaCDouPveN9yOZn7oWw3B5h4G5LowBkgDErWqaETodHxLhut5Az2nTvrTmQfnOAfUK6v8cCI8NAc5cCf88gkGgH2v0kiH9gozWM0nnswhbCUS4QGf1mnHSYVTst/tbivbrDQ/pBHk8/duD4bclz6Ti/+o8fN83yX1K7pQ70l7LVHKDou/UWDkPu4QtB0h51JWLJsQQY295l9Qc/fGbuZN7kjLVL/NLejovfLe/6yKsDOjJIIbXUhXwgwwGMpIfuxiyWmbkqQKjO5zyrY65n7ipkJel82Q7hcDzUc3kqF6NoX65HUMu7ltzyEAqX6aEFgd5DHwYvF04HL8KoV/oSaN5R7SCtksKxR80M/YOTcrZFzn6C7d+4OxuBWVl5Wu/VE9qaksbVqbuupU54Xxn3QfyA3/kd3pbp1nXVfUSFyTX8S7cLL8wpVpDohfeOjs8lQi33Wd3wddjpdBXyQXVJKg8aq2uXTjLdg/QtAhjujw4rBzEWcPnAd30j2v5MAq3nB+zAQgihX5pZ1boE/tCWH2fIxQ+CGtuo+Gj4b9RqrL39krTcv0QU95G/mKRCbPDWRPmKchgyVhtcV60FJ+UGdUHH7HsLP7q/TVDq7ne/UJ0OBRYyLe2Sun8Fn4bYPmCGtv4yt90xp1ipb3HM/UyKeB+HluAxxw+ZXOk9unXCZoeospXeX+oUDs/6jyEs+/n3aXmJS2rzESRF7f+GgUwa/0RpBvGY/iXjjMvCjIjSaASepLkVRtFSnd/CkejcZFFPOuhttxXoQCfhrX5Wn/2vEDqvlMhNNY3OoOFmahuzty8/HQajIBhJCqqLaqcTXsoDUGGiYOnx2/gofaGJW+uj4l3cTxbJHDYl6k3fuWxPoLm1DtOo5vbH+62SuOZRedxYYMRqJkyzoghdRvDew/qFomBipeP8J4zeu9fpOJg7IoG5a5v/KB6gxQETFVD/rYwVm6gbcFl/CYAv2R4fj+o2bCgzXPTNjKWxXbnjQlf9YVLZW9YGwogtsrBnp+Ttu/y/KoZGxfOg0CVyoWJnWHQBAYShYeAeaiZHVynzEaantOKLEjN55rg6oxfWP8WqFZo7M6pPVQnzkPItukknCABvXbDiRFKEMuyeTggeDR+qM/nNUJmbZY5c8C+IDll9ugsl/lAMvG6vIbFz+AlkB9DIbgk+VnuD2b5K7zRy6gGNgBXba6gLF5Fs2iz8baE2TlEPXzZJ0p+D0+CkUBuuMEeD9Ei+ArMabkFo0Y9CEs8h6VzgZ1TYRDM1lQe6hTDcnzQkqOsATMR6inv8nhhBLJrK4i8rMkLWb79lVneGzS8w5Nt63GknLOpfsxmMfclbveu6lnycmKctUjSQ0RGt1GJwUzf+HI9ei80mHWpBPTh1/SZR98EHo/zYpXynbb7ZV2Xqa94lv9/tL3HsqvQtiX4Na9ZGXjTxHsv4XogvBcevj5Z2ufmexFZzarTOLGFEGaZOceY9sVw+cOAtNcUM9lAJOgcPEplEXOiZn0FMLVxfFasbU7EmbGU/s5LItgGmY0vufUZkyQYZBpFB4rhdnwJv4hv1JmAJ7Mmo/XbEcg1yiuGisECImHYu9tWQGYPsJFTDqa+jdnakvmVHdA2pPq49rHOjss9j/Pg7jXr5GjBWfRNNJsoq9lzdQ3Txw2NnnUDL+pKhPbaxA3O0JfDjnbIkrmiB92chhUtcY21bI885jLsgywtrIUH6OT+8SCYubipxG9v7VSHJdgZ/iMXZHtKTFktCsGgKTYNYBslvy8t4rp5ctfd82FfdMUYxKKE/OtVN77GcqAXxWik9hvl7iklq3tKXvKiyj5DYuTDByW6qJUy/0AUAsxSCiW9jzJMdyGy0o1vq3nbzVB/NoNPolh0T4eaIB/SvoBiXV++9NbzVIcnLB5NaKLJfNsFlJzVXUXSfqC/OLHvx4B/vPEB9rLTl/SGl1notNFZnJJzQSzo2CZb3R1mCcbg9tu6m2enSDOMkNmeEeyEBdlwlx1OvL6THiN0a45knBaf++e5pY/1JpIEREKJX0IwLR2EqJVMmUfKLpN0sBtB/10QMSaykk9Aq4yyzDfitdJ8CMBhOQtFWvWpQgaN0YMYoqxSaohcmDwi3WKbi5aVNaNs03oq+88w4USwa2PiL5AvD2Jw7d/t+2AVYvzO2/pR5aIvyTuv8zrsGXzhXm8au0clGV798dDQEGrZ8l0KAX+07Rzeq/i2OHkwo3msPiI6EG+D//RyRtCIg7MgBJZnyQFA0nffjFC63CyCfscpykzF6UH0FHE4EBMWtCJ8SkgwmZVMIqT77nkVu9XrV9WVa3Umf8HpeF+YkTww1p6NZ/uFIQJFQ2arzlvAKsl5jePU5VpsgR2hZ6/lEYxagRgdcJxZs/+9D+cK3gzzcGC25QkN64EhPzr3pUEgNbA9IpO5E4ru0dOOE66jlWXHoeT06nb3o3uWiOQ98HBXOJuPEXe4tu6nOGHMQretWiUb8cj+YT6ecvKvAjJw0ypr6MXxJdKPa4/s1jZ+HjQocG/6EACL+FC47TuYOpdfvoUc2CC9bz6VDrZ5aL+bgZ20fjeCyj4U/2Fx3s8ip2TRT03A71pW5SQ4F9Hc+V4X2OM6eu+R+qxTK1UQshh7waS3SMuCNIZoRirzKjWK/uAqhHR5sJ1F5ImWROZN4DzAnYZz9t49KjQDZqh3AH45g2REWOC0mpCHrGqLqCec/1Qn4ErFTANdyXrzKhqJ1OpPM3+KF1TVYakMcD1JWcFS2/Bl2vN+5VuHG8kvC4czOGkf+K2nfJib7ZEzG3M13s/uwd7UMzEt2zX9fttEu+s1nvDw/XLq8swomT6xlOIPSWYN5atiOaKbTIumMURdX+fjrvFn2dILIhWClls1oWAuLKDEw60PD8o8stvwmoDquojF8UDdElBPo0H7gTiaiEtPIEIRMwWOn41LoQWjDZtQr/3Sdpe0fPZ+Lap4m/zgOEeSDPlbFdw9I18j88sRl0bpL4JRCv1aKoJXTyaoQpwAZUduMQnXvWZ0SHRdRjiS9nUhEKmBn8cvjpB0eWf2pitRXvlDC4lhllDlS72wKIMjZQtls17Ze5WeHa2RtvRhy1/FroyZJ9UKm7BfznTetoOiPG/M37QQ9tnF29czF5kp7jMVEULNuUjxaPCSFzgfzsKzn4QsiHrMMnrTCWpbYYnXvXQsRWSewq5xprAsGLneZcjyr0rStBn3R4tzOSY+A1uPnBiABKleKJpH6G0tdQ+xeMj4/GjS6tHnVcq4+APyjZWcM3ERUCIWSriYhc+ZuPkLonmPZlGm/1e5I3p0RPpG3FUPNqjoFwT+Ct4Xs1Grkj9Y46mkvpHALpqw1CdVk+3O8D3tiVqKSMRZmNdDwMPhe+CTB2mbA0Im2HCQX95urzNJHapjRVb2efbdO0B+/TPrzB7a25weQS1mMJyje5opVxh+VTXKfmL6zmaWG60yL0FOtZtTbEH6hUIDrzW8FeL9Ejt1dr/MxxDLKz6aRzg7nvzi3nEeEQ0itWVyw1TgmS7F5+qboP7VKmHLUmE3d5Lg1btKKYLH5DBoKlx8SsRBh5ItRsPxsnDbfXGovF0g4q1f+LK86NI7wAr+sjab+1C2zS23OmeGU6gdAx89X472G/5QKPwtW/8YFprJQAWX6RohZVcuxNBKJ0HhiKPM+2cIpoFp6kU11F9OCP8sSD4vMXNKpn7Orsw30nMN3s/4Hndpetp7bD+NDjx1Y+zQxidAqXVKfcEeSMoy+ERVBIZlDveQ1/ViG/9L6LiBz5bEH8tpCCRujdmEXOyDMJdC7Y+Z6bkOz8NH6dwww63n5QTC0iF+zLiAnDgiHh7BdQoMmgQdVOYiJ8TN6ysl9gRMi6K4N8H6Kp+Rtyw001MBz4YYyTT2w1Lw8cCs/XtX3ntnNUVZB/uBFn95qRKX170An+mFlBoHiSlo17FRuUbfQevZkKvHbVywYguveFKacmjWc4yF9n+yjiZDwXQkr4BIj1syHNv7oWt6SuQegCWZ7LQzzOW7UXbyAeoPEAHwC7/fBTsszTfh9yB2ELXdeV3jHaF9MPfmZQrav95sH5/VamcyMXN5Ywdnsjql1X/inQxOkexne9JDfnGwUWjJa7VaRLhCb7X70f5VNdiYtJFcE3VTSfxU36CZWQd+AXrO5vj9kbeD076ROTX9KD7vQ3XHB3e+z058ZplN+ORO9Rc8up9/VuIdmBnFaPXtpd8k+u6BWdF+P4LviNMXHx6WU6sHlv8LZ1BK91cJSX9xVtOXcxQ4e5QOa/LwecLcOZLz0e292F8B3jt0JPn4k6RK9tb+6mEIkQdJSEf7qOE+A/5BNXH0xigrzF3mfaa0OOfdxiXc+jK8iJzSwTwtpIDA2Rfly58qPEBOoMKWrdEf0j75aqQRyS06a4HkF5oTsIK8d+7MOuHbhQt4yc/8eqSh2G0eLFdv6PuM7jBNv2wlSjCYNEWOKcdlXfboUZJvhibnckhdmtnFf9Li/CwjFiymMz2Q4UOnpOsgD6qGhUVN4yMvpOGWoxuTHN3nco6eR4LKRiHJT2Tx4kDsW9XmXqjtzOqoPpoYxKBo/my/qk19FIK6d2RgccuJeaaGuXWDnB7KEL/sk1wQMntlgos+Rm8JNA7wLkckwjXCqCGb3G9wxHrubFUI/+sQEBDN0jQT8oLQh3ZRw1tyZC0kpL8s3Z6Z6F2OfxUANKt5n8ReEl5t4BB7eLLwrLsbYWZBYgN03OyfP63MYn8F0BRYo9YMcwhgMmXhsnVkUyPYcP/qJAX3KI4W+stZfaK4lvBVYlvRsDyTw+hH+CUSws1En9E6jQ5ncgcREN3mdP0bJvR/yQDuiNKjosrXv2o/Gpuy60QchW32j0AjjrdJgAGAIIMuWEdZShLBhNlTkyMszWgHQnJ/z1/KWUhjkTnTGd62STyc7MvK3v0FuV/hrSajY5pfnOseBSBxzjVl3gBkHlxtmzcGsU6lZrQ2+mQFKYwsWtQGQV8wMTO8FULEo+lite87AQWugne+ZN8AO/M+IAqVtzswKqKuWuuUcU4xlHOY00jfBvKjLt6Si4dfBZos/thMan1Q3S/HR63FUjeVY2uNNWNgZBiJcxrxRwJtXrGEWsqlPb59XX9cX4zYplXKh/1n2bFVcvBUDuuCF5z6rSg8upUvfyu099pH8d6HGFcuFSNDscdaxcPH/Dtxn8WLL+Y0T6O9Bog0Nsq8f+G3X5UOqJYDRTKC0FH7Faug9rU+gub+t+zwsGy1EWn3LHktyNd1x202180drQl7TdZ3+gZkZh0a96ERmjWwpVF/2e6MOhLom7wghF87Uo52SkG3JU41j3746N/M8xV/eIkOG+z5aOu52BtnwVzJ85DZNTzlCnBlysa+tHMiLXbaDxezHanCpoEVhF+/3vfok+V5APdLfi7t04OqGK9fFfGOCCsHNd4cK8ajmr3CC8/p40smBM0RmnfTHkXktAB81wzH1o7nwKfB3gNBpOOmrWhKGY3FLmZ6wzFUXyp0lsASe75xPqTOZjywj43ULjXMqtlVkxaFnwBSYMHqFnoMg2wON0ausu5ZxfcHt7IamnEV46h0naXE2kx8NfrznEIQVEcKTrE8iCS/kXc1qyL9CY0z2HWEY655uctau/FU6Z6lVVBpkQSNebxxFXBq0q8gP0TWPQ3Qu39U9Fdo2RwmvGy9Loh+JzkCdi148hhD237oFFCLpV2nlyl8le/9WpGLWZiJZN6/Zj+/JrnAGAgskWQ4kNVwe3ndTsAHXBVZ9tooQsulmyrnO6uxgBFBvUVuYnVRkRC0rf2uKJGoH2Zwp9ewqk4F5fKCxwy6diPJhWmi5MoircUvLAtsQE7VPYGUPGigjbn4NO8HG8c5f7jisv2qAcWtnz7aHaGFl5KaEilA68nidmioj6KsPvwB6hHKV6a6gvjG1M8eUviHC2zRQ4QZX85ock5/wu3kO/EPrJrC9SozxAcW+huMzxori021w25L65vZXrAmHu3dlkweQ248BwsuQokxxP4XyBq3XAFIKcB/3Rmd76ofW1CLSiVsPfuq71fZ7/GDGu5YejbvHZCbenfCFRNglQG7+GLJD4d6uLApY/dgoyRJ0nO6fww2W7b3tLSlESB1lAb80NKd6OGZDcLViRmhqFe34jGQq3rwedNNdMUj1cwUkpwDKrZmtvZute6ZmPfNsmUk1m/9gwYic33IfnjuwzoFmzrRPmxgtVptPIydF/t/spoTbl3pzvKguprTgk1yDKPWr3A92376IPFLfInv2n8wTrI4PvSvZ2zArCsuUda9vFizWXdUo/JIEdizPgNHEwIp20dUUoSpVc6EZ4/WMoJHbj1XsjRHdQjr+XmvdkWNtMGAWraetBb0zow3Ubj7Wn70vDbCxMk9+JH2wvcXKYPMxAparaSGqz0wQjFl5IOxLI+vlq4E6DvWKi7+fmuNFejcaNiUiCUfdF4CeISJXMjkViY+Jnddyzq6ApNuEA0QkYhHkQnEl2d7D4G2aqws4vlnMBoEpmLgtbFodEIEzFsZE58XIgnXgbxwZpgDhLohWz6XIILSffulwULeo7fTBYckhU4nBIl80Y4Qo0oshaDWgBN7OeZDc0OsdSNQ7gL9f0wANrucc6grbtCQyNujFrHyo2TjsHMf04b+9Rm1DsEU+QYQOwItF5XLf67phmiyEJdDsUeGrPhCWWyL/bNI3/eH7cTcZNuTFf/q+C3qwjJ7POhQJ62nlkWQ9uYL2RVLi3GAfzZ9W3cYEPl2NjGJiVFhal+Brn8V612ZVYo8eSOsUFqG+wb8uMqBdXPc4u8UTPX0IFOOaan67aZqyA59Jgc9wsvh6gXSHRQjMnLNkj4M23rQ0zAuFO5pO1k47Gr7VoCUnd2GlsAmlwC/XtyDmJcAOJq3II6vpJFtE2mlPP7QF//A1V/lH5gLKsafD7jYlhx/2CdoIex0O6rY+gmClfVkZSG/MmAN4aEAqoEK+Aw650ClrQx/1SzfSs5UvWJeUjMX67Sj81HNulC0Ef3o0yIgi6Y+na23iiitPygozrEPh/arHiZ7rOatpuuF+hf4PESBtl/kW/3k2zraOM+xLGlHL++WhpaXuASDsPTigrIN1sGotLcC8Uv26hHcPO3SBNXjia54EM+mMsNXdqb5B8oz2WsXlQ8CSKbZU2XCkhLM0Li04Eb6tZsYtBXRGae324g5Z3QdEQuZ9llmx6Pt0U+tTTlDYxmPSN9JELStwtirPeKH4B+T6T4I0uaOPp8tX5TFVReBg6K9lwIS8xsK8s8khyBuzWPTPdLltc8ofZ8a5eEXx6vTHOmEKTh6WGs/P9/B2xxUJiBVFmx5/6lB15YP9bvQJC8rhk2SZo5yhpociUT9Bu5e1EGuKHl+58wOv8mCNP/QYrFcYvCQOGy+Fn4iSxEwHO50YXt4JX3rc9XKB1RHCVNJsbh3mOi2S7z2lSMBsRPt9uBkmx2fnmds8ulYmX49aRX2ZqopEZNeWSu8jmuUqtLngZapkEAuSda9S3zKDRrN0NQP6XyE4bmRjk32v5b1YP8kKbvoYY9wzvj6RlBbqJO+8SYHys5DIxNiG67uVHx0SyApPbTtomxvHU96wrrF7s1P6aMgBdN7x8820OwPkYEaw3YU5odsd0gm1Epwva2TC6fG/r6+ULcfSa/i7Q30r18i3+dmZEQCBxFLznA3WwX+dr6KkOU+xhqCC6o8Umi0dNiibFgLk0avFfusEfuMD9bD4sDmSKCGnr9FQ8MFHju0dW93cNO6mRkrVsjNSR+RbvbCBurpLZATMWWWXF/aeBR0g4W9zqPX1kv8PswwsTfYZgmSr50Ejk7V0psizjqgCiamaGz1vm3RjFwiES7f7EtCubfCv8R1q7hnL15pjBSdaXknSF6aLG9ZVJAL2L/T/H44C275aroYKrCXDmYwdtaJ2OU3FPqFUBBaOyH17l0cR9Mz3tEbH6fM+cuyutO89Uu79Wn2UtoTuQ0sffR8prmtBerMyWX1zXkdT2dX4YC/nqoq83XtKF0Ax0lNNKPcmY1+I5E4rD0RhNmJJ+/vYuY1U5k1RqaWC2dfcDkG1Oosv4qs4nrownJPLYx5Zp8BRC+Fx1vfc7VOUSSSdLEi2V+QecUTc1I9ezro2VFsPg6o/yIw1RitwWIgw3eZXR+/5Bd4NvBK+Z7h8sc7K9mKUaHhLIY9WIvRF05kpLJsGMEpa4ZTHFdhfMaPJL+MRuZrGPewRdElCZOKZAnwyKMjSJo9OpL0dyi5Z+Q7b3su+oNIUvPo4VdaKfn73bn1XbMDTjR21Yc3uX0ePQL6QzsO4nAceppHJL6eXUBMC64Fn49Pj1mah7Ko+QD1WQNFD3Hgv/s7oI1RRoF3wJT7n62BNVXvwOKbZpTjqBS+GiQyGHfOA43LbtgSV6BWPRzSEWU12YSel1n3PqqFhKqvLvD+0jH+fuVVOpJ3e0c8U5Zvr2W5S+JlnDdDJq/KvPJRFXjj5k+Pad3XOt7k+en88JYu041lUoqfFf6oAdVjyphUq4fL3D1ST61hcJoFjdY343Duk/eIKQaFY356yHFP4mNjZgy37nFJKuhu3T3P30qGKomi3M9RdUoNGeXnF3HDrx6Kr5GQGmBfeSH5a2Smtaf7tjBu4PmwX06PtvlxWUCrzQJVm/r8IZ/5j8DEK2qPHcknXytanEfXJ0MieGv5s4Y2lLcIOt9ZME6lciiKIjJYmd21MOeIQ5WPSPTTkNsUGUr21ic8B5mQTFFeWyQHqSV91jpk1WbTOIGE4uvAH9A868nneZm+tcFcbbDhopmNqGGwA6yiVrPDX3Qb8SMdwZE2DO7nZTay2YG8OHbiE+bkC1dkRq58SO3SoO8HpRyv6DUU1zaoRUyYJHuPFj1IoaZqVw7soxXfJyN4/k5gSpOUP1ftCY3tiePZyUx/gawu1nPU4crCV1/8XNF5pQ23pHYfer/8FjjhBiklvLcXyP4DDPl4rKzc3SYChPIbLsV+q2af5teNhodmqdOpXm/TKrUahuAPF+EGcAwNfcHdHcEOcFMbJzFij+xbXpcCzSsIbEny2sUf9t4eZkLUMIbitqSQoBt647YUc/VcbxeMHwIsWWIYOn390mrgJizFGXi0BWPjRRDr4T/Txuf16JGPuNao9DPAnstgNn8uV87EryoVh1KaFJblouEZStp3DYrs1ACixAWHTxeo2JT6dVTTXxBm8SVuBYNFaq0pLiD4sE2aZ4ZoY9cVg8nk+Ysf4vzLTJDsFkOar/uNJZ4wsRJ8i09XbkGB9enR3zXIRY9ImqB7dCqxSwL2QJ7LvV41TcLSyT2n9QBMgn2kDMWNa0Ye2rdPwni8pjSKkWyA/RoaaznDN80isVF3NTrcGSwd4BmyqoL5q6y33IgyF1/ADTtYkbmp6rROMiB8ZgVvB0NmY3+y4ja9yMPZaK0A9tTJVrgWj63IR/lLjgMq6HnEyPurHd15Q6KA3TpN38A1BYF1yxAySJPx5wB+MQdpZLleY3vCi7sq9+IC5ZuvN+gL7Rc8r+HRLtrd0fJVwPKkkBx+bU2G1sfsF9mCrgA5YE1IIDRmjzVj2FGZ8mNVGuzBjHpw0EMGTRayl4EB8pU+jSJ/aRmwSCKoc1SXxNDID9WOH/CYEVTuWl8BI/A6EYX5LqqpHkMk4CELrGobx9n7+sgvAMNY1TyChUG/w5TNfaLpYVrMdE8HOKAr7qaMKd18mhEkxA3MH4xCURQ2m872Uigy4geOCYJdW46ELVuKtmprpgWVdTRrJ3njcgx6NI4I0mUiWl6UYyL5NRsYyi2KvROv3PikCqI6uiF82l1tPr51q2bB6C8YF8pUhtnLs4zw4Is7jjoquuVpROPL9Tz5Jc+VJB02U0NtRZUSklscohtTmkKDYcCocHI0uiBj68Y1wht48CWVl8SYNcQ0rOTxtzWPMK/2NO5TzIIRNSWmysPFASdKTyAh7lW0AesEzsBk82jHebV1eT+ryuBm13L4lz6LAVe04nCuzYXhKhfsIMTuJqP+HZsfPb7n/CUV0PcMh7otLSmEYUl69Ir3fTmIx/P6keRD3szh1kADuzOPbM8va95H45aDDF78yw0KIZEVQeOMUgo+nPrCMepyqeMe8Zh5xC6wK6XFRFf0+02XODP+Kj1ot5KMjuB8VYtJ1V+7dnnCcqFKdYrDcW9QCDyhC7xYh89fmXZ2f01hhFAm9oCPztlDkjTkbilAVoERXRvHsQ4XyR9uUPlLgioTy7QXN3uNVM3Ww1yJuP+KdYhu9fRoPNkAPS8JnXrkBJY9wyuk+hD6KPqlYkVYJ5zUPzCxJJu4dtizfYxX7WNoUcqLCfD6Q5xBSuCqb5lYG0rGDLEVRQ9dVpoKNNR98IJbgwAzah/EG6I3plqBmCqT8O9ldJFD5ZkvprWFlmDPiBbB42JlGyRarjv97CB5g68OKuxR6Vu/vX261GmQITXlRWJIkeBDJvhONA94C0t67nd8NBfQGl7Iah1I4XBukjS+/sTJv25QX7iAZJ1CJZC4b6wUuaWvjBKnV/QGnf1cQnHhYoEnAgsUlFzlAMgVCWmdjMnE2aeUnOW0v7BLhND4yWI0dU1PnEKiOYByFXRzF+91JXkuOLp8QpLzf9R0A+bqY2B/Hb8n9VdQh5tWY/zZpeTDzL7JIaIxsco+IrSNFtlt3ZOgRAVrjgfqBaBiLlw936LyTtJfOHuEIL0uHD+gJKHFdMweDyunzo4rvU2ouX2m9WNjPyw3L+HUtmn6VtuW/rVWX88yP5kx8LEXPCzYZ9V6KIvVnQL2wZdqWckDL/NKeDjlWkFbmZTZdf9SNrHtkaUPlxiWU1X2wKgf8a9Mn1Mxh5YG9quPWZQ5a/x7VvONCkGFinJKPPr6YYV1clQbrILa2Nz7exOHdzX+C3lQyTGjFrBRov3ZBveVD+QAnkbsmW+oJqc8AyCJQLC2QbSvtXdozEyhE37zykFfu2Ml1MSMJC28jawmu9QS/8jsN30kvJMwnzyGmQdAhfOf84t6/o0kvwSkhuIcfxI011AX2Z53n0/te+mBZ4ZUIXNWUC5cYVXI2qngjmrHOSrc4TqRI1b9NDPKnK9dqsJWfu9H38w4RwT9i0D1qr916Gb29aMzz1Rt35pwpfVyid1cLDRqgba7Q6BaaTMBE428TdSCiBv6jgoufvYd43Ez8dZfvOFMdMD27meRHetg1ajOaLOVqgwcW0lHPvCUg77TQgfxEfX73ULQJAmOIzFyWVwgPjg3EZawOrQl+tAmKCHN8nrO8KziHPkBUa1ekAJUs4WAG4RJ5xfeKqo1HHCyhq+fCg+L+uUOuvJiMJgUMI67chngbZHALafdkeBZq8PUl+9kUplzuDHLFilm9QZCuDiQj0ba3qfJ2VNkV0T/pNClrOMXCm1gkpJ2kRQWL8HLD1tT6zdQ+MIBmCfoQMXlSeXOytJe/kuKdr7kcNk/9XUgykkZ27rhQGU4uEQmYBSHXKTo+RgfEqAbNaLpfwVjll91f/J6WG1ZuXDuVa1ujJk4WD4jd3QXpTJ0skr5gB9yf0GZOlcNr4jl20WFB6qZgSXsKsm9P1HkgM6NbJ6hXem9UGATv4wZ6iOY4Qby3S64BFNsw8V8GB3Dtzg3tta75Y2G6QbjRfXhlgOs8Soo+sYRHigeHuu7C+FZPqncm98r0uqBCxMEqJferjb/Q1BGrN489GbUm9WfWxJyDknUUjpDt4Y8HEiFgQLxIjbC4F7xwBoU3eSMKwke94sYkl+5l7MP//0MKfGCutGcSrhv6Qw4zDKJaqlqxvL50gmnDa7sO+LcWQh0rITDKk115mgq+85qTQ4+sh1onBfpMW6/FXDTkqgXJso9+GM7M11O8Mvq1YE4fLxHxjdTqITIE1l+6goLV94SwxhU2WGwwBI7P+9Cvj8xjVdU98Xy1gxfM5hHb5SnqoqXbwS9lAc57wcTmEB+DYZ+/gGecHa1N4TUAmNN7RC/mfmmCLADmIetF3CcvNq11NE+WxD20oQL6luzmvaQe2kGbgZRvyhJ1jksbntrXsLU0Kram9ATgBjnFK1yVXmk8cf9BQQQSENh/YztUORaOlFbuwUHGakowhxvzHsMXCiL8Pl9XZkbWqmxKA+/Xgs8K9MXmS71DrI4ig7nou2sJlC5jt2q5Tln+LXORjl515KvSuQ0ojway2+NNWp79cE9L4x8l/qiquyzgl4WabhhjJVE9vKxkEiFXtyDBvwW4CMSU7XPsy4/ouIv6GnPqSr8IacBVb6nBY9ifV4KZQTl87zt5JMwwXMubjt1+6oMZ1Nf4VpKcSlFrEM++u1K0O5Qgqhslee8n01yopeWVR9sfQxS5hSqeMp4/S8KAdSth2FEReKlo4x/tXgINzGSN4ANQRs4FSKpdEsMx4ZPmVvx9Zao70c+AaBDvMvTRt4z9+zcExRikeTM4/7Y8ru+sgJniM5U9kzhXtHKhAfwmBHZ6ljHq1di5hXD+tKbzWAbRio6DwIW2JI5PKsZySt4s2lKsX631nxpVTAP1YkuKGV4lD3yIfIi2hmzbLkfnhqFtuLccfBZXXO2iy+fnfTIMfcyoEN2hPd2FR2/yxNEy7BQPoScZSDndcGBX2topGjZpIozyMpnPi2I3bntV3RHIGDAH4/wIHuN0uO4YY4Hc5alwLgsq0F3iVW1v7/gNsSOS+lVjyVsr7NKCBYcHQWo3SwPhuNUV1HEwOD8kWxmUUDh5iUyrjATeZko18QlFTqo35FyQSla0eP0E6M8tfBNPZiKhrf6qFTkkWZgl3+1GbPnJqQroDuV8gz0yYi5rfENT7/Ll0IQvvIMz8gUgeVQw1SB+7Ou4LB+43yIo1Nb1WOIWEr5yj3tkajQO871sXWA8/8ZGJ3hGD8wNIhB8WQUAD88AeG7imfNoY2c0msb5SfdI7X2N9MwL26PTnrplAQ4q5nU6efkWJhf+vfnhTejXRKR8+C2enEExseO2Xn5LcMUGsFw2SOfKQ5xMbgn3P5LuxT8QIIWi55HeS7fPixfRAmMyu30z/zMhuFUU5f4XFBWFeeNHa6OqPijzWKMBpo5poDTHFWJ6BmgsjFeG6+2V2HV+CNZylZTa5YIU/bWLRhh1vYwnSndc3ut9Iv/G1GjDG+u941nwq3dMZElBqwXIFSO9x0Qv4qfGj/QArhB1KpfSftIWlOZ7crQ8veeZ/uYj9fbIh/mAM55pl9mHyWVkZVuRF4hCeb3NJzdJzPWjQ7+YQPwZJlFCLzy9gIf7p8tzyGET9ln0RR5HmCZtOx9nxX/8Hpz01tRIZcjW5RBdxvdLZ/TNUZgVhg3Ij1Qi4aTxrFW5Cnr+GWJS+UZ5YWM8vsF0YZ6NorwW8sGs7LseRXlEumXeQAY/Epcn0lL96qHjteoQjr39Nkd1wMkBK7kGcWWmxujrf41F4VGKbHfCTWzc+SzWCJoaBkOYbpGPrG8Ae0rNA7ciGG47vC8Es/od2zZwIPSa+xRlh8FYXCVBfartYk476RH6qowQRBrtWR1qftwaTYsgvuL3cdvY0bH7VkYOf2RegPMGLDgVAyXW/ZLv7iDhX7nintpWeu3LMc8ubUhOllGkTqOq6pQ+UJ5PoKWjVlz0fGn+bBqRAMjqChs4GHBMwlL/DzTKY7chwVyXzOgr5Lw7eKqslEaLCtF/ai4Z7xw0oz3zztwyf4B/p3njunBN/PnmRG2Y9oxAhvoly57fSqwk7l3wqfguZn40zdkKj3vdcxuybG5U45RfMlfWEqViyXQ+Nal8DJLVZcT6OH7Dsc+Uu+55P0iiSsvj0cfOpkfIYTtKFjhwTNyfkKRnuLtdH7zizF1VxX2H7/ZY7M+O/ktYeLOcp5cSHb1/iwCX2LW88aWBjIsdcGsLYbRVuFdIvUzB/B0W2j5VmoRe4Ru+w4uxWkL9Asniy3f+JJkclCXj6SxTlsxdAL/bOF/vEW/JkSzDEYVRA/u42at+Ny1/DMkg2I3EJ3GEXOcIjNKCldhubx9wkdrcFoaPFygXjzlkUEVMLl+obJtlddWDYV9U7QSJgP0k+X2oSBovsvPNhHcSnLyG9IGCocFsjKuB/iENGLFFcTpLqcsNgkRPkhn7QdQlJuVBZ2eFbd032otEjtn/qIvLvkAb1GoMkGuCHknd+RUIpDPQA4EbtOaN7s0w59gwORDEPDaZ3485he6XMLCu/EjVBVfLf6wNE3Tn/l48xJb2EYQxVDqU2/EKBGWKXsHPt7EGWua+uW/S9CgAXtwnHx0giRkfgwVEmZhSsVGA8gHep23QcdMadTbEa3Ls8q8R5JFuIWmK+bCU453cBkprflJP6rSie3GXBwZmG4iOeoifGYWr/R3RtMzZH93XQFRDrJKRV6YKjhzV5p1NMB2bb/vHtozPzUcRfEFr0TOskWwwYMrH++8LgUab/dDOwiziTV/MRk45SnT2gLzcRQSkFTm5UPW5wHHwZ6kiRruFEZNlQdDpJT/gufWZNoXYu5n2znV24kedrloZqPVzoP0s9G34pUfWWVYYRF+pMjwfnm2WNOzECwJmV4gf7yUr3wGlqbf4Hucy8dT+KsvWPGPIhEerehxns7no7UsmycARsLfffrVSqdedvPOhy9xbUcPdpdVVi2wOW98edjcVuL78uA8UIyK9vA+YgXh4athxS4LMwqmMLDMzSRZvPQrQBwB+WgznWoZTyW9bO6dnp9ZppnncAepMtPSOSKGEuhXmqG0/KuPDYYqRUE805d4GCpwl/AJm2pBsUGeJlJrPq3vqjR4kzWauSc7TIwknAud2kIyJhTPz80jIeWKTMQtAmdta26MhJDWPOBK7HnuDw0kS48u9u/rMKJPZGF0n61R/6ychVmHH7oN9Y7oCl3eYn/8MMy8qK2Zk1LQswejCPuG7dFouey7TplRrjmzEbamDgOW4bCj/kXV2BgRocwEyt7/Ilz33dW1Ln5TGhw8+0YYy9zj1bklwf32XyVi7L1BqQKYrwN4h8AnmaDWL8fUru3R7A/ev6MmQpjv4ub2DCWRB9sq78sSWwP564ikzZvNwSlHCSnDspDWLQT2CGTR5PLjw9RceME/uvHu4FFmbOZBSGiPSVXAEk4FSZ79wNve+qqCE6gTc1VJ892tmzZevXM8ktZ53gxZHfP6ACz4CDe5Nl3EGAxxuXMZx3JOO3nFKjhXVIYNfhhRBck9G7Ad+OW1seYFcc7RKnFJddNJcdcpOHNHWGvcOppCMaDa5Ys4lNLFBFY3SQc0mU3eqipeWbkEwvf8ZQfPN4Ra8aN6xZpT+fBMGw406XAF5shPBhlcLuoNrvkVSKy/X2slUwU1/IFXUpYFFgh2gvvLedgRx4Pf/oX/sY9k0iJ0j6Jnvg3nkh7ekLnqwibbMAa748qRCvbWBBjJgozPknoeLncCQ8SlSBg53w7epoKIjvwWLmv/hsb4qGzMu8wWQt/YL8qwGB6MzhycI2zr63tq03/9dzcwz4kgjgGypWd2jfTm6OQwdmNV6aG9ILdMvEeeYpd3w9pR9cj0r6rIbYyDpQPwp6MZoJ+yJAPovrCPduhNlIbMZ+WC26jMUTmwYz348wGTtciE82KAqroOl/8ZHMV51tG2uYs+PwroATYosSqrjxxJK9/cKjx60Tr0lg4/mC1Ipeao2XP625zQrDOpOD8X9ruPiNHh8oMuaDA3AIPKnqQIBJfxcVZ8ff+58tsMaUvqHwWi0sDWULy7qYIYndVn2u0UOQ9jBB41OpWuwNHzO2wi5p2gEcmHzId52NLDLG+qCC6mWnqBQws0vRbcIMbKvQ6MgOhn57+/c0TkA/Vf/0I7j2vfc+WRmWVleBH3sAGtX1xubFvWc8np63Hyqu1wuvsCPu+n5/vZrjOG+8ORj7zjfOJgSw9x3qySn781sEwkfXjf0HkDplCDPesWde/2PM/qXyebVfnV0raJXNKUZeKDe79pa9EPnylg5B0nDwiLhOWZs2XNP2sieM9eF1zkmbLvLyGj3LrcV5awLYbXJJPJNK97OAtmqR2A28DY1YwuwiRsgQfI1/512tRD13/hOFW/TuLdAMOmtiqfxHzWxSFodcyEHQjmjaqFV9j3sHYs7EDFW3936Eh857G+8BpEpfvAEquhzrc9mbEV2GtNtyKRMLJlX+PIaKEquNkoGsuzlIEEq5gS2CdXByoj4BDsBVXI1gylCahB6lzcsqasiAUh7kVxHYshwT7M7pICfjHc6dr9h4ySdZnMZSMj4x1XSfUgHfoLLlcDS4drRselMYfAcO8MlLy4L/vf3qU+UI+h7Sh8QGToERgxrJ320f5qmoEHA5EEeqjFovJsb+ZrPHggbyjrh5kfIt0kzQJMjbB5eZ4bl/ZAaLJ1e2m+si+gO+XEeV7ULAMwywDBElfwsIznG3B7VlVNyMlJhWxx3Lu6mH5A8il7oHadaO5Ff7J7gsu3gjH/jeH+3qwxGHiNkWFpxx70rtp5xxjOS9pdSOmMgg6903bsRv8xUhNoVQkF6Bk6pXF4c8MWmN24ojiwQbRd7oVuurWddaOFm9iv2VzbbVylC0/z6w3x7CMAlUfuJ/jnQVo15FmshLuQ0+b8iqtdq5DHiPfu6fKonFVf4syoH/w9nlF/1mk8sqPHOB4CtBo7v/diQGRhOjmqyIzI79H7Ikypuch70Pf0oxfNRSVBTnYkqgPPv8IzK9A6SIdLJcSCToOQFOQhC8bp+8H2kBzWIwhlfaiogLQ3+r2phQbHA0mG2wBI9u8iLzAL6sxJrsOw4J1+HkOpdg+ZTkx1NjmO+2PwgDc/vBdMFPDsAENWYprDs/2QgwH/vLdvuRrOPdDov1D+v9BnOp+ToCmZ82EFRxAE/ju05/Oan//jECr8F8r1p5SPfb7OjwyF/n2LIeT/QvC/X11/h0j4f+Ew/d///n171Nla/Z2B/ztU5XVZ/bszRv0vjPo7nCx/h8r/czew3f+eAdDHk8u77j+P9Psbgers7zfOYi9e1g52fDSdz7yg6/D/Hxz991pJt+V/53n5Z5trEEUAceOwggH4nbKsV/fvlHnchiwH14WfsTqqes29KfmAb485mZ5j1dp3/75eqiQbj+cD9Hwou2RZ/v29tPn6qf59KJ5befUNLgETz+dk/vznI/g6SZexe1Ac89+HwRXWeWxzbuzG+TkyjEMOrlR33X8O/ReCsrQAMfj/N1OKgoy//zGfMAr9XzMIY9D/yxRC/3/NH/V/zd//NVvPBEzgz7pPSjBA4H3rT9LpSZp39rjUaz0Oz/fpuK5j/5zQgS/Y5NOWv4n+H4NZ/P79j2swXV2C364jmPVkmR4d9nws6hMsD/Z3S+Y/R6H/HHn+zpI1+S+U+fuIiNPwiD2u9lnLPSBNKkewK03vXT18G2xe8B+HcQyQ25z0dQEQAscZoRMc38XC7aIz+uzcGOghdCtyE4S2WDxzeNV4GHfJXKVWP3LC8MSK4euzYUrOIpapDjA/BCCxsZcH4deHGLKmh9yPMjNK0DnHcYFUiVrn5nH7ZVlAemD0P22Co25IZ7Zf5BhOYyhavUCx0UPedzvJ+CwM/Tft+3D86xRYLR6bK9ijZHDcapASyXYkRxURgSNDt+5tMGB/N2Y4rGTxnd1Ap6gjPd1Wmffde/C/jxpXF1/L3q6HalXg+8lZ+77Gf5Lj+04uREv8R33L3yBD030mOlGj5rOQks/XyxOvE2/inhIUvRqAoK1CfundSso6fRIhYKpf/yFVDxjG226GaxzdCek76W2nCt7WjdVVqwYF6tNcOr7YtSEjVofNr2zTtDfR+Vrq++cqdSbwUO/fz3e4UtYLQbxQPrhNig7iDEwpK2WxKzA2oBBtK3dXF7a5U7D2Yr+i3vQ38HphiC3OGYkt3M5Sqd2AiC0HRKBRfOSMlL23d9wiFLYZLs3d9JskkvuE9NhaiTvGfnUreAoB1Um+t++vBJbLpDrU2dnW/uslZOJAm9d5wuw7FsUPcGfTgOAWpmmMTvVCwCT6RV9/SuphpWUBClmj3yNH5a/81sdiXyW8sqLRfncihGnPDLmfWfRo5+2/vAR4d2ZPCCz0K4jnG6qklybJtCFyKMfCTXau/rjaKbEBTBLs7+S1yUQj0DSCJCtOF8RozfrDuvRFDitGNz6nOu8zfg8ZtPpJqCq7QJxcfDtoYTmKVAkIwS/DXWccu9MW/CJcB+l/MQw9+zw98XLWZttl4Dtmu3l7zxJR+L8GPoA0gAg14m7uElAIysRNFaAIycrDnoAgbWJdhfloxODR/G+rqkrnLSXIwpuC7Ejfi4CVilz8vCM1WiHqYHqkK01sN/VH+m1GqvI/UKPBwL8jvm1/7IYyRBeAn3BbaA0a3VA0uU429GjILZmYPQnMb9a6CioHqeiUWYmqlsrogc8NaP8lhvqAQxPwPVPp2DtMqTxXocm9UgHwA8znk/MbRH52LRmwLjNIdqTfbTyvM2gtLULC5mn2JHg5mNjj1rrvJQRqgViR9tFhp1tUbWsRcCFKuMoGdWK34737kyPICuKXkM4yUxi5UmrMZxJf4RvPiZRGkw6UTmWfIbOdPtNjZ3B9F/yA7xk7rbUD2KVtcdXY5uVQs+ws0wKpfFMHtr+SEjBoz+4kg7mhYTp2C9QOo68DIrw/6P6OzarCAtbVmI8BZgSsM/RTOanomPUXqbsbNDW6pn5lHqg/JybZt1xJTLjKJKff6QHnTO0XFhZ0DlE65wLSf28PXUEbfZhjwV6cEoRJ5JsAj2s2UM+KBjNePMDruhgg80jiC78iruzEL5KKw0Tx6C++D0jdDzrl4Tj4BJLBPHs1UeNnB4TzHwmVLIRhpCj+BNlXMSVgsMW+4tcezVwUc5J/Bqjm9LKXUcTwVYhjRV/+bM+FgbClNfzzteWupMlXXoT3QLb+RqYnakTkEh7AyqWyhHSvqS5EsyFArKQBPr0t9zEwBvKima1NK+DEqnuDK2j3HEetPkG+COvnVb1cuqG7LdWmn+j76y2M70jSbHIOJINarHChhwVp9oBn7La9b4gKYwpBex+Mql7AkP8FZz4av4Dx3V+Khl++GFQwi4gfmLOKwbdwte85fko2puDvcoTxG5JX6iXlcrngJKlQ0jCmwUUVNFTsQo0q9VElgu8zUHnqlXPQ+idLPBQnKUxthFDFF8m4XGkLwmKQp1DJpQATxLioeYc2g724IpQ8eic79gEUKRHTG9QyLNz5ddHFZJFFgUwhevQvpJ52sv+uuqieMi+hU3wOnuDJmeAAa4CJH41sIWKpv1fgbnBq2BQVsvNmfromvjM8SuLtIHyhgvBxmGyLWz5luzWg7QAupJ0v7XkKk21A0SIHIqnEnGFx2tqQfNNNkNZ1Bw7/M4CUNJJuo4VncLe/vqqwFgPvRMrBCo++FjG3onlCsUZa89/RBBSq/MJu2xDIu+R0jZ0ilDbPCFp1PJqAcX9oEJIgiO/QL7R+vLyvgSmPYGAM5WtfERPajqI1ehIZplTtLXaOVCoiLLkw7kGDLP0ADn5F4sCfu+vFmKxV7kaDODDCtyd6z1ZSZffyuKS3zXiyG/By0B11QKiMGvlwlvIEX8uHY5vhsxEtK+7ylTyDxKknP0nP2u2EtrZdcioZjEbTpjuvEGTvi0rQEG3i6uf2bM+fGRflWXu1kIHncAV9UAe1M8f6orIdEznps3gFUVDQtw7kww7Qsb9fHJC2TZxJHJp3sCiyymDaotqzRQUy9Mdw7WIQsZSaHbDP7Oqjer8buBdasXCG7BTDyVVbWhbOTBya+geYvZkrQC4mm0I1V2S91tg/i20MwTz63KTOzO3PioSf6/oL4qUG3h71GeubHQSJbp4HxBZuld0FgAI+vkF+KNcp7ZbzkZYyYsXz72VBXNWPzXGo+DYGUr38Xh/qhSdrVHcJCtst/jKxMxYIfCt4BL6VNHY3fz8YyYM3xoCZidoWCZFKyln1GUKY7OJptShvt3+Fas4Mn65k+baJbujV2e4COjOK5E8loqQwUaGt8xSqpWGh+yW5W0gf8pjng9jcjIPoUXj5mue9FM2weNYUetjtZ7hiVksTuAzWicwscQW4aHLBkXHSJyEB07mBvmWJGAkZY+9O4sqmJsmADVaE2AsURY4CjMlmoTwFLCHwa9m2HtbbtDNpKfNKkdv0pTXNsjJFzvPWMmkLWlusYiSD6HRizhRdTRFcR3hzc/usQ1Dw0u2/x7dLnl0+0Jia54hNyf5100FGC8C/KoJINSG3ma1iFcaoTfdyzOjNZXrzTrjiWppuK2LWRRpQM5GFTB3qvKCdC7PsBywsHc9a8PSXPTJ/Ek3kRZyJ7v6FmmF5/qLETuXtxp/uUQaYaNUjVH4KqcYrLRrM5UJQb+caRRixrlYSReRfChRpRRJrVH/iajAGDAZ1zbWcDOfcjngBeNXwoWaUTc6ZVh5981XWBcs7jVFq/W+CDuUX3X+dFGS0ZyvJZ/PmxF8NWihrCG/XgR84WJw4AAMTMGPEue/ZbJa9OAn16yYvJZciOtXq3/r+NV7rbWxxoUQftleYkOdoTZNvTjfMLDKQycQWG6QC479q7qUklq8X0hsydHpFaUokv5puAC14uaZulQHcIwOeL8bmhqYn/r9Zuopd260l+DVvboahmdnbNDMzs7/+2edGUaQoh7a9enVXVRN4/Q26wBp5vwXTsl8Ejm92+UBXCG0uU4gc8QJmZlUI3fh3uWrJpvTOZBtGG1oziABaQx7bNIWSS2mPdyEy7o6/1QoZfmIaHGFsTmSY8hS42FuqX34Nw6Z9IX2aqtsIv/+XOjzxGdiz0RAZkF/w3XRpw5mJFJ4q+4SSDSKwWWqUOtqOwq3q11FJgxVkFcNfi6WczdbVFogILnMqkBKckIgRa9X5NHXNlLGmjNmvVe3PeYJBt5HF558K93I+xQ15/+49TGlefd1DdIST2V/N3hgsNHuRCXzV0/5xPmtcz8u5LETt3VlrfpIu+UCvNdqU07P1IgcJer/oqvNl3AVPl84tOEFjMCfu+wkzsp2TcjHaFxRyh3b8VfNXGgMoS8G9QHHlwMOHi2D7tjXSiSF+DmsJKhQz6zYJrLhcmY+dFICG+PyyuhgimtgXXUEAVDjH6OnfV9BO38+MWSJve8ozbk0CdjmJpP2R+L88XQOVN4y9iY5Ut0teSWGrZt8on6V2cS3VRsyMzFE2fpWDgjbUfrimlHxIFGoeR3e/92fEJDh6r8kYt6b6RfIb3k9IsMzpSrb/eHWasKKF2zIFZYD5USdzsJ428Kak1BJ7158dLs3pWk98JfU+aTnEjdS+lKN5s791PIHDx/M4zyaMDyx35l/52AwsIOL/bapseY7GsL+JBhlEHrWDRSYe9EvdObK8XoPxa6JTO6+R89+g+P7shlLmF/tp+n7jFaCUQRolrOG7d+XbmK0R59d74JnaBS+U9EuL90/AYmbKBiV/brCb9kCFSDJWWLfDr+2M3ZTQYrbyFGQEG8DmEY6rkVGqq4JyouOCld0J2XJ1KLGR8dyunF17xoi92oeVN+BXxUhcAYR+K42nHfsOT7RHplBzQQL9+QVTJnO0PgV3TSGgIKO0rs5wT2SW4U3ilHKx6Hl4PVffX9oh1qwmS4SFGieMrGN9kO2hTOJOdOrSquNMVY1EOTGiNcdKF0uuzgUgXJtvVNlX6idIIeqsHJSKrtS7bnUGW0Ty3ywh6MKiLRhsBSdxzNGjw8QIiirhwv/LIQVxPDYI+vp/f0P0CAWMXaI9hq3wqRJ4x0IBNmYRq5CVbhVWVczI+tEnIGvJCg8D7JqsgWKzT3HnFzl9YJsO85xcP/mZmLDsbz7iomt5284KWG6lWTOxwcE8PzMnSZGM0lOy9XdPaEpFuE2X+f55ag2GRDBatG76boJdyM5kwBQR/tIv273+RqjYA/do3sD4eegsFWVCjXUtRfbKsTKbae3f+jIEJLh5aVPpH5n/UjA0L9cTVLwTdr5H6Hn3SgoPp/W3fNhAZX/+IZhnrWpabZTwjtxvkCqmO5AAa2fv7fhpmknVucnZWYXv5HxeyaErP0ZodlY1kWK65jl1R4wf/gKZS4ZbyxG+PX+dfXxWANf1X3qMFMg5zTCOLpsPqR2xM1tbooMQcJPn9kEr8zbGPrnTovsxHJCEzNUXjMWqHkXUgJrR3Vjt4B20UFl8l+JZvfJ4YTnSxexw4vUy8ZL9N9EfFM6FzjXQfVF58u+v79Piav/+cxy/OY/L1WdaEGJqnFOjC9TSd+GwQFe/JV2Pr0U2lt5yu3V48NPo2j8os7UBoaA894c2WcCZirP7hSbsMArUs7c/hAP35qgIFGZ07jjJZTJYH6ntkYcmDkhlN9PYj7/GNh2fk82lhQ5v40P8NgqFaz0WKDMw9HUxg6nTFIjwAskx6NdfQNVHGMLbG+idukJ9vp3sJgLpOrxo9BJnIjef8uVo3LVXiEbJ12VeeKnGEToX56+iaIc+0QEwI749v6uDVPQ6y0dWL2BDoDoOw1Hzt5cirfAEPXgePo6GOI5PRv3b4H20RYCqmgHDsA6Saq3N7U+HisWfHXy0H4wqgEw97+yyjc4iuO7HF8F6ITLXHZtrLaxxZ5KR1txkcsLJinVTasvftuBMsYvc7HNa7ezLFftC5VHlSCiQm87RIytQ7xhpro9y4B7cOf5kMFHEKovc+uHwjLxI9wFM+QELh3wsbQuwqK8Iwt2r+LK9r4HsWKuZsOyZB8fPHwuKcVjTGDLqo2wOSirYQEadjWcriJ3gTB3NuEkUNIAzW8Bbga9Dn8HFrss4XFWRsmotAOUdRuJi6Q6sfucVlOnBIZOQZikDdgQOSE9zZZPfx9jSz6q8K9sOqCNulO4fye81lV6loOdukvje+m3SiJn4z9fERnxBXYdfY2bkK6o0RWJe3km8RmKqNe0Zf1ufIm+suq9DaL1TMcnndDzoylHurpQMLc7TeXsijjcDPfdZtqCU8IQa/hNFrcwnrmk9oVVnuSsQUriX78i0UM6pHqqBW7NkhbBJyxNOSb7FXJnzmpIWAztnpRy3wSLEvbz8Ud3VYcCalV4MkTkBpyFIkn+Y8FAIuaSLhO1ZkJmiEBWQ97tD03NZi/KL1Jog2vHIvzrufUxPeWXZhYVMc5VEqk427UsgQxiR18mqUr1Mv3j+flKHn2UvcfutC9zgmLHteT7lWS7tQ+/sE2QpJzAAJ6SNayZxkgtHv64Mtb64tgXY8JIzWvmh7bn9zbAyKEOT7K82i1hcBt0CRKxO4PNXAlHpCTGvKjl/EmMDoJ4a/KpqTpoY0uknLjedHYDBXb9J+M6OevpF2ReWL1OyyGzt2FvOl0abUcj2vJHPkZR4ac/neMbjU27x+dNSkDLbITHgkcPY93n54JkLuHRNf0zK1Y4eV+FBxo6nxuEjbXX1K+/zXsRBzrO+ABqA66Garbaj3798qjs8Du3w96nqFc/O2CUQrpo9gbne3tjzW/weSe/44TzlbAR0u7GVJMIY7mFPvBVRy0YAnzutb2jsBPve6cPaI07i49ZW/P29A0/5V8TUDwHMfDvJ+AB4aEcT0lJU7DFzMtFPNyIEVdFrnPAafx4SPY+VbJx2XF+qmR5vwZL0/LQ57OQ8bW0vZ5HYPBwNWeDgHTCqYTdpmoz0PGvt6LkIFLCjz3mGiI2ETM73bniLzValvNlp8kcCmMSIpOeF85irQKhcWHMMcJO/wCY6Hp8aB9O/9xEQp3J/4+3okB876nCvXU4jsH5fGAR2DXRl/tKJe3GuYKJVv99dUxNMo/rpnRTb1deNy6gqd73H8r6kSRxSKUJWT/FkH8ZQzS6AizhEfNydzkwLMDlasUhjXdhnAyasTYpLW8AYJ1faaa843rBp+S1YomGUp/aHXEcWSCozqIL3aUUh1L2x62OVLUmFmPKTrQ/gqQOsXVHAcWHmxp32ux9GGT4eAbkBwNM0jCUk0IMQdwqIBbHiJrjsp4T+bYWHfnWtLLf5chAgucoKOwb206N0P0s9+hQ/aW63xT81W3ygmyAIlMRweZRgyQVrR5CsiAWUZjsruFIueX/4M1J9tOtEI9Rje0MvSv7424MvxE/+ucvZTXdMMRCWDapAjivw0m/uEfQG62U8AwfRpeqvzyPXaNFPBPcX4ppH37QU2ScSOP5LeMivdrgFSqFFFjXmvr0VPdVh7LQPuUH6AyBk5QHXPqwSsVGXF9SUVlQWpxU3vWb7WkmzuUwZyOGuG/4VDreiXhm1DEMBKUajCgjieVRdkj3wvwoIEjZBVUuEaiwDEUdjcjSHQwVA11QpKL+jHwAJvAVPCnun/cY/EQaDCai3Xkd9wI++QwudxHg9Lh5lUnoNjhRAL4+ObmdmuoIfGvjXdVC0yj7SpGx+fbYtObdYIiJLX7FwzPiTQNsBA1OdDUP2jORznaJlixXw9Um1rH0WZN7yscRSYQJ+y2MUzdP5T52N0Otv1oMS39d41MJQkskvVzq+JNdBvA3rA1zA/UYEjmfMXL6RBluaq+lPCDJ8k9Hh8ExXekdetJbi4PdCNP+HJzGa4Heh6OaSHU5IFqGMci/2+dzUFW9AhIkCj/ThQkFBku6MCl0rb+UGgdEjn/3uz7T+FvYMpsZRhUKhoRmy/yRL2KgRwrMaKYevT+yByJHU+FDQh7IVZgbXD7cWoJBMsxI/4I2HI5ytyp8E/ukiY7AW2hAsgcelLspP6sq4okgypAQqnusN1/XNBOBZwpu8iwf4QCNVYBd6S1Iua8mNjta6+qjCTs2IpY3p5P5Ic5jllMK/pPgGYbjqMg4qInE4pXtRf35KgZ8nO8SiKmyRs1sE9LqXz2nw3AhSEnNaI8fUwafFf0t9zOB7ztfBGG0xQNNP+00iq4nXGhWCK9u0OI0Yqu9sEn1IQfmn8WIeM6ZweZ9QpCTlyYu0EymFI09sKe0mfj2Zmf/DZMzvwrXGt3fQ9NZmXhHaU6hVTIYboEbs6x1PwpFvwORsxeivugWptqchVV8T0PSvoddakb6w1arnpJFlhhdTOR43nKIoREnrOXSisr0dxQP/e0GLdb2/MF/WkNkLR8Edrd0QOr/Cq84MbtTh7YeSHyW6B/WTkMniSobXV3ccTt0d7AtkShwB/5GODCZx3I5XKvlx6g01sfcxhwJzVaEyjgFXba+zFet8n86lf94a9zpeULQdzSpxGyilfRhJa0suhg/3O7fuyaVQODdiGYBLlJ9xvkpXhBhN7p9RzNKWPiKjm1VYm0r+sQ3pR2Nc+cXjDLG+z8ymNlczP0nhWoIQzG82eVQEGnvB4HV8vh2Qan+2XvRCU/OpfuMmIlW1rg3bu2yJccfBTZdDvEO2KkJw95KXsQUeyIW8QzLHv6V8vFsfxK6ZQS9dRkgtkdV2a+oIqsjxaOnbkUT8DAflXhL7aWG+q0pCqubNG7ZsyRB3EmagDoV3uqJV6oa8Wu2e7Yg6TPwixDOgGzXlQjK8oRU3FANuEWdjWyhLcuwqitQUZQsNRNb6WW5HQvm2899zwVsE6groa+lEbVIjU/1yXWFxjPA6X16+PRYwT81OC7dRDC3aFAFWpnyPY+MfjSnWlJyuIVBzUCleGOVKrmo1Jzp+4KyKohN5CZk/swP4ZejoLiZGCjz5ZwFqlAhfO5pB5Zt3eqhs5+7EpguGKNxTlNVONXNph3kRna5wummMWfB7/n1kpPT/dPjwN2tV8vKNcOWr1kVas/ahdYYaIfruqTJscEz+KTCvP/iS9DdXxw9waUzztUYNNd7N+1MKmG0a2Zep4BKH15apcILfJvfHdwwQ4wddUZjxn460S3rFIibs/VYA/FtJthOQ/z0q8tIH5QszK55DtXYAJQV8htnU5dn+rem6oEWIH4Pg0kVOPFIatuzHpbp9CG4AHs4KbnAGZ+DMP4lGsdVd72ZBcsv0XKAHDnyKDm6uAu+JfqYklX2IBkjnTFGt+9veQNMkF4sl/4rSb3R9Jao3Uh38GxYEhykspBkI2BYF//O99MkLS1B/NFnWQtnOorhAox/5nO9j5cxxGWKl7utf9w5URctWz1TDx+umP8idfC79eZYDh2LufnnvFwkQ3/nN2EFHy8hwNKdRgblPZYVH7fyXJ0RrgOX5CUlnv5eMwYMmyx4xOoSGOpwE0JTpCREoREUCPdHO53MR7ZguJAb99WnNwffMorkhJ/BEx6ZbIZ+9WPt/Xzu/pAWGz1MRD5yQgLCwt7Z+SysvRresfbybfgdxRGbgF/hMXfyp8FmYk/u9oOkFhMWnY06XsNa0fh/OU3t8aDjLj6C0Q4uxUS7lm44aN98V2QT/xrDm+faBF7rzJ3msc61PAOx7KVcLVRXcS1qhxanJYPCuhbGAp9d1h/h2tS8BVuEMEOCJQZrOPTw0WodsyWAXQMRvqYPEfiEcI9J0u9dlwhdPOTE4KQmCalGtggmFcUfbt7CS2J1fYw4J72241UkEA2CmZKl+JO4GUO6gajsYJls68Bgz5ibWV5VAgdmXoNlmjGeVpsJ8Im5Aq7ZdQPh1IrbITvQ91d4YYh1d5MtAceNpHhh7vl7sD24HTJgpbk466yTsY1zmWV5Av+khyeZHLYRoywY+lTIR6jw1+uSgnT8UkzYfr5SXEqzzCTBfNe7nuwcmfHys70ZJuq6C6ENQOYKcSB+AenkkWJp6jaJCvXPxTEOKFVOJhcGXG4V3vg7nU/EwV58mqy4/iNe5RknzADsAIF68xWpRVryzrSRo1ujBm8Abs6d7LFwvyDk/m0m4KPEv99p/WBoL0cmXWUGhm0D4XjMiy5hrtl2DfSr8RZk+o6aeiBgmG5/8GP2lZA+0hsM0fz6rDCaE8jQyYbudMrg3WpC3efT2X25/dlSvr+JTi81A8HY/z8yEJodQ239dH3Easz6Y6ckzup05GM1URU9YUOiEolQaxiK6cvJ13V/SbqmjkdY3QnNq5D4mP5EVvcLi1IqPCb9HLSo40hHSJyXQ6iSEzPW3mnDX5usNErnezAuxF97vP1wyN6ZoXqWhQmvd/cb916zvVWt+3ijgoDwRCGXev/LoNNv4/Tg8ssuV/fL5dLsFrJUgdg0Bf+3/LrblYHP288tBpRkJQgIq1WdVsm7pnOpzudRm4ip4kKezdXxvIuJemenOt2tz6zPjNI4KaRXfWTwVqqFD/K1mvKcmGyiRilJHJxK29GwXn14jU6MRSCEc41/EhxMV8tuJg6qxcBnpXmY46sV+9sVEldwvaPSQJcbieKjTHp7mt1At0etbvgMVFfT8zBncDhrzURYp2+c36QnYhe8dvrDAda3N94IP40YEaP8Vy+ApTiSMjRQeQp/Xk34Ax7iBb3HgB8UuZlISEGlpvxSj9ODlUtUih66mOO8aBUoq/5iFxwq7XPrJqgN40eVs23VIGvt3IAn+Xo/1fZ3rydjbDFO6KUi2crTrYbW7pXEhTemyoBQzQG2qkrHXQ6d7FdxF5TyxBPhs8WVXlnEddOx6QTkbgUmbadvBzP+GOB1fxb381exgy05vqCzWSEpvKY18wwRidLNazlCdabO7zDCIpjptSgji12vbQQsIOfijE37KS9HXNm2STWq1PtZj8A09xzSaT61PryL08c0EdX1T/vH6n+cwpXMqRcv5yV70Wjmy3lU2nVeBst4mTrkZfhMOnb7D5ZcE7iuJmy0P4XArQpIu05uByczAXQMWIjWpgAO7YpB+asoXnXkNwfnJvz/JjNeX/UGQH4YggSU1H07YYxr85qdsWCzWhBz45Es0zyxKcflQjbOjZs7T3h9Eztulu3bdQsdBJtrqEo0uOdq4bTlWwTBWAxcxvVCm8RcGzrfCjH5c5aSg+nlFxiySxHR2daGjKO/LGYkS9ug0Eb774tDifkAHHh03HJKHeTBF9xcqDlZ2WP4yjROlKBUctVCN6hJHymm/B/2b7cW7pQ8/G49nPeCJa20POd1KHb+xYfqkL2F86YASxwGE+5Ssx9XKL7m81nNkQp35fIrxpWz4fuPpZ8e/T8vCgfyF2kXin0ou/qyfZNt+4Cs2UD87bo+uO7BOuvptARn0CRHkTEc/Zqr7mlfpZ9q/7MYEx8ztZITsF5sPuMunsvAdVN7XuZFPG+brH+NLCQrtaIZj3Elw0m3oa1bq7prXp8zmzDh+pOguhHmX0P0G+z5rf9Lm1N022H6yPfj+0d1cYCtVfOSnaTrKV6PVz/uWztIdB91rjge3WskFVyS8PvebQfkfP89OzX9G2WFfcuWZlmAklm4uK706tXXBJN7j+x/LOZK7WWqrZaHP9F+qherJRHyMJ01XflysZKOSciOh/0ZN1Lz2GjulfRrcxC4DT8ih9TPf6w1SJ4+IKrjUAsYm5/XaqGYpkIu98OUzwKKx94IEwKCDeWzkzd412OXLpomfdVibATfDIP2ALFZaf/UPNPLZzTFnR5bshsHz8/drsJybskCF2B/9azs2damt+A17jM7jhH2s3kwPTTfyQyPvAEj+3TnqXM4kxKaysXIr0LVSrMJwwHPRssLXc/jHtciXwzA0I3NXQuPiRz0lCSIOlGrLoUn0VodYBKYhVYcQZuFwkabk9IsqxsMGInhbf/sPakNjR85OFIZXfO2bORlTct3pd0R/4moT3X37kk0dUJ/aAb7FdFxeDbTmiu0S1QtMOkEXeAdcHPugVp4VHD7TKECvKRwtn6kh75+jbeSJV7vNEalqrxz3ZCM+0sM0+VlcSaeo+pd4JLvbuX88E3aiFK7UsmIcBmPReiirgy/xazgVG34leb6RkZgIPqrx8iV3YckNxhEXB5/NJJmVVKpjYveKOVMFZaLa2QvUE+sjzHhsbfHiDRMQjhKf5tIfyt8am084I227A2UZVcvLTj4nOGMR0uzOB6kOny8clful9voJ/N7C3AgxcT6sEQxzIkG6MA1F03odSn73+gtspSjma6yw6Rcvce707aKX9j1/XHGf+4BpQ/Z7+0z7CyiSLi+C4FWkkVLub8bemal/NHw4zis9gj+ZHJ4w2zfIXkBDxmirr7Sk9+MHBJevLAIWBLZxxnR7+SMVGlK+dTJMCZupCNy3Px1lMbRdkFW9prgNRrQ9E5WeTAm8hz0aQfW8VqPsv8xMkcII0wT0YvlX2aoMdpynOXCxRe/Q3Vaf1Wte27PvZc8JLEM/WQ8l780roPcTmCzZU4wIisb9vVMmz9CiBpctbAUhLMuAeiYLJZmxqhpUtp1+KMf5O4jQknQlpITy2ZGWV1ZPOPBRHtEMPXZe1+feLCxntQBRoPPfUvaGFAMyF4NfNnBXZjEQg19MRxx6Si0N1sbSPdH3yVTmyoGXdx2XxjsARXcMgxnjCcZQLyLcYfi4Urf31pJLplr4Tc0L6XyGfHzZxfUy8B31NYHb1ETUDmzv8wzend4SuoZWQy462XBPJwBc7LC7eAKqZFbjehS4aaixMsWGjkQne4XwJUdi1NSwZmpjwt1KdzEAMM9NZJWT7ptTElJa0+wCWuKcM7hIwUa8tmnM/gIJfU4Ij8OqBMwvV7eX99x/QvjSBKWeC8GWz8QJIzpbXvABrO9RdKtizCHipAzVXSB5xzzwqYGPe/Mv0amFMdx3H5V8KyXw26l+KkGGzAnYdAhcUc3G919RR77wrnnP3cI+6Me5/krzzGpKdSekpBBvMB09jqISxXjCuAn7K4TBWIo9yr2d1cC8fbU+cu8yaw1ix6dt2XhbNDxFzsBY8zWR9XLW97tQngg6BZSjLy7AfB2EQ2zPyO6HM5EwnMONsPvUSDmrroOnYVWmrAuTKr+GrfE/sMJMU3KuRrHeMfQjHmdVHloILiJSwT4Z6AGGaABBvwETH9QrZDiDYLbegg9ONQKgp+RfpGdIVF00YjpWNLamH2g+rz1D2EXBCKaqAwGNTuogganWXS8OYvI5IovQlzDofQRkKBetW3UReY/2X+a5vdGFVHVQWWqsmlAYWVEmZ13AZEtnOWGQBQKPijBXo8ntHpwzd9eGlfmueWad5tuw6mtZAAxjN9loArBe/If7WQcDcvUBojgtAzFPCZiHsWF83PP9riNGrTGuhLMSO6oXpLloyauFTWm5ih+67jFOZa1Bcamj8nqfRFn2gzcaWg2ollStAn7TZoSvX24cJRVgQ6MEXmiZTzURAb6lHI3Xy9RjRHP8ZJJgg4qbixnH+HESOAGilXMlRqy7LA69/qK08WK68BGf7K8U8ruoYJDnWRad8wB4sH2COCRZza+UZO93R5ZhgQhD2GAZ3LjMZNW9QxDkG3YUylVHVR7Sp1X2pGeF/1UpgDlppDCb/fnnIOVQBJvqWu8JApRLb539H+LtHjJPdP/N7Y3rqDYdkCUT1MzDdg1XPTyEdKRLMUWPCW3RcNTWldRITj2/Hc+06K/5tQ61o4RW336lQU3ZUQyK5zwsETLr6qtjq3omL9e4S2VCnn3fSkkacl9ixIZypm6YRfXbvQiyw9o/rZLB6odA++qEsZKtGjJdD/GadfHTSwxVgZixpUugc2iKreDuWVD4dqjNFn+TPQtqpUnhB3bCuO+fHPXwCJK5/PDRI4lsNv3xSyEgvv5J0UeL3BY8phkJnU4NNehurNOvukh8dyjAP3lPYwWdpDh7h11kpvfsAKB4S9uv5nwi+C+tkrIa/ukO7vs0QKss2+HnR58v8LFSmClj3PA5p7GsCIfhnFpBDyu/httfUY9EGlc4AlsYflZ6sL1/S/4hGvHa2Q1V8pDMXsYzM4HzofwBZlFdM80CssUT7W4NhIVRY2Yrq/DiUTMjVjtLj7OZaV8EwyicoHkL94w9ReRIxS/r9luqwZp3v2iDTUBk7nWurcWYsuiAxvYYgN5U0Y+gb0SolYprUQgl5Dq2oCzSMPkideRLNPzOhnEcq6J+qdPQPWYBOaxUkeoYDUZdwjM/6MkK0R77VzufF1nWCnCmCDH/qoOaUoH4BMjPdWbJ0YRC4a2owp/IXDKV+D3mdpSNmENkB0aN90uESVe8fBO1X6m5vpuyMcw3p6dVrGQwFDobCixWj1mixP2bQbCefks/RztsjcS4oeUZQCtci3EqExcl9jDXU+upNyUlkUq4Ou3L/1UL7UclZEUl5USWVvhpZv4b04vyQgQvzk6cAVd6iKrW5OyVAoHSksydUAuGd2STyoJO4I7JQGySh0tEIumCJxoePT6mMCWWrqzfX8MAx1VKlF7cdAMRI4/65pmLcbZI+c3fqENa0CXZUCL04qvAQDlKt1qkymlZnRpME2HY9DhrT6hwY7lE0AkLYWh6O2r6Z+qhhl+jeP30UcWBxsTu+eUQkDaXHiwjGbvC/P6TBDa4BF+QvLmigqA1OC3UpwUfyqxrPEHaW/dnklCj2GUTY1dVZOtV/nxON8w+aWPyU693nUIrhKU15py0w8ZnEVB+4qd4q9XvKleV2yWzYqbxzHctglZ7HK+gIEn8FAMSJcksSGz05WAlUMKmuVEfkF5m6rUzZPJ6BD4YGXCtnFFGwNr6Xo0e7qQ628iEH7XRLGLyQEMbrgVDdW94/IbLDtTaRvozet+UtmxzRiyrH1yVycgciczFX7YBvIADhdPwOEMhX94DB7QRJEKeSUma70bo5pwmhOWC817M6Y+WKd20KWJ/EJqGjhPaVtgndakp/aDzy2pFE0A9Gj1g4khso1yAgJbTF32I0z83K2M4AZN8nR+5dDqTN4dq9tDqgt+sevoSH96CBVPOLclIGRNVza7lSLk4z/2Vg3b7a+FIRs1YuAi/F5O5qsm8lpcoI9iDy3sz8k/UQd4LJMQQFOMhstP2TSE8yuA8GDniEV4H4/qsdlfUWb84cFQhi/+AB88jKtjpDLxJ+pSQFSLqVNz1i3yLi7buhvViDAfxUHVUxhWKvE9nTD6AeGVy/CNFNnFNuEqeF1oyL3wcWKpuNOBSFLE1gIaX53MR6g1zykjGiAOZ4hMl4UI1F3vKmobHEtbC/vJf3r9BFim3HIPjd/KWrQHYeMdKNzDeIyP6usr0F3k100g+6PpjGNndEKAiAmbhG3wTvE5phTvMJh/LeJyfB1gEmDBsIPC57zo1hpzy6F/TXkLdCjfXAN18JV4v/Xahv7wuXbnzL048CNzNHKN+F0amj4sAI0kzEjjq4gwlfnyKDWExVdhRqeGL6izvxfxXpdiEmbOlThdR/rhzEtY+Ehk1oJduC/wc1WrCQkzUHmbgyvovsIMv7qQrRz779axnV/qczAfNv9lr8oa9zDzHbOL9J1GS/nQ20IXqX2wbu9D/aPI3wofc+gRxORh+HP3+viu1Fkf7UZ8ewRCJ3GZIChe/mdCV5btYWUDaEFDGnzOTXn2KULfFu7wO0qvKyrvRVrRm/Our3a792mL3ZKRfUlh/KFh6g9pUswBa06uxhOeBrg/tWHyJaNRflQvqrwQ1TPu1qrlMSvJR8LMVq1QkiE/cweNjyLcRo1OzU9A282WLkFnDnhxHie17hwxokXL1qzu+j6762CV/YBk7HAEdkEQyvxck/ZWhcppwKRymMwNNc97m7Hu6tbWLFP6+WBEi3ypdVGsp7D1EKsvE1UDT3hW/4WCvV3mg9/sYCYLlchNyKbES3DPkr8JHnRYPHnCxcO7+/VL33aOvGZguKMi+CQkQ7aOLxMYnJUhHz+PuX1yYmYJJsLcKUq/fv5q2EXffCL+aprTJf+xS8Lhkh1eaYoNYjtcqhjSHCNHvdSBixDzxWQokJtMgL+4yUGG2yAT03w6etVOVaQDmTkbnwLTe1zSR+WukqhQiWBAKpICmAzQsXz6cNCf1OuyYrDiRMbP8My7mZbxVWUe6aR4LMZAgy7fNZ1ky3nDp3J5D4OZe85dBRrF5mzuHR3EEEO71o4Z0U9tHM8kSXF1dpKAcucf8sYojCP7vv6kzfISLDexiEvZ7Abw2XBBi+AWNSAw9lRrxxXNlJ605EWhPtJOPd48OWrp0XU3K6+hfCGxdLzh9pl9GBeVX99OkhfW48xL9zWtezcu9gBMaeRshRPwjln8rGKy8go+XznvepUQJKpuXdageZkNkmzONEUOVHiUIKAy6BG2PtR7g9+s+/R9JrtwkRPrpr80uX9+lX1+iM+oSFZGCftZvRq9zXorX3+JCE2t131/kZw9zHmXwe+Nc4wJ6VhGUnuiww4gX6vS6T/3HmHQJG3dFyv4GxQSOLJew7gKOmgLB/gJ79yQeETdmjYL2tEe+NvZzVPcx4KMlbwEYTP9N8+Hd92BjIozdDPphUxQ22TOnG7cx4NJdTLvM7wkKFKUAW595lZDiTxEMQ6Ri4AQewt8zJuMlftrk3RJfV/R3VPvZ11gNmnjwtLNfFHmw02rGE9PXP6NYaLhTmWOj/fe98tCuhcvInKWVPtInWD6sBtsQGw1gSSn6oWRJEXMPvfFit5d3/ZVW0pjJWcz5t02uXkIMC2yaAjdwVcf2p2PubQiNJnNVZT8979XgZWqEkLsWQq4cj8t4h2Xc+tsOtST2wxxcvH/5C1OjUbZa1Ll4gTg8LfWvAtSdnLkMumIuWRy6pJs5D6IBl5FoP+9bAjT2PiyLMI8vx4++RTOpMHXrWaE1fbfl/Q7osRBkuqYJDk1RIdavmhSFJTGnqiZHV+KOHxRF7rXG8BOiOfiO5V77tjXQJ1p8O3gOcqfW4/gqyQbnQ0GgaeidZlsdPcSOfrYv9JpJdRie2z5vwJ2/8yChn+KRlJEQosQ20O5DJalt6ALjM6Relz6Qh0pNbX6xc2Q0latsuRQZcO6qifZQEVASyYUZGUpEp0z+Cq9AP/cUveHowP+bOPuYtXawUrui0suSPnXsMM30snf3L/0zLR3A8OBMIVTP/JyXZPqF+AJdQGD12Shqi/157282Kw5KEsOFisAIgfzMyOD8Bu0pnvAXMEcp6b4eF5QLnzCbTMJVQv/9oLX/sAW63xFDUY1kN1jrDbI+IcwdMnea9SEj2nBNUZqIdULXYNLdrumRUloKWNAjq5/1UeO/wYkCCQ1q8NWa4AkWujtLfvzqJQIPeGwaU7EK6PyM2LDpUB03Q+f00h0ciHnvRlDEhSp52sbw9k6q2/VdLRe5jQjNdpmyoniaTUULgvRrsc5ALFI/hw0gPWC2C6TaKjq0oRR/X8W5l44OwS8+5zRxwW+MQU4mxge3ir5G00T09nPRUSJnqR3t3Lze6ATvdM7aQuHs+aeNKNirqTHSukmsa8w8uehMmBW1vYuVGktAdTZMDEJHbURoDatY1hsVhKWMWcPQXMnhHSvwHmAYlHilJxhjHcjIXAC/GOOjy3TvpJ2ndrNLasUeddH9X8OBNFwI3ftgan4dU99CrMI02KAFdm+EVT1mYLqieheAV0lOpQVodQsGr/kv/WA8JQcOIRKvGqEpJKizsBymdiVKcCvBd9v+0gIgyEWP76UpYm3FgGA9LKMzMPLv5z+Vo9gfIsBwFYP78SDWF+eEvG+U3LKfBgmZg2jN3xzM+opetJFK15K894oF9s8KBsZTMzpHZuq7dBUydqHGpq8jBmrsjNjdb/78Gr0XJssA5BSUKemxyHegfHaHF8WkQ4twpfJMYTzHqorROLzXdC+N54UXreHHcfnVeCiYpL98YDMiJL6EL06UNOPFBoJiA5SkaZFvQFdcpVnMf5OqPvmE3o1+qdAPtjpk8Q0WAMB2McyUrCw+qEIqAwnBCo1SnhEiPB+tcr4eBy30A6DdU43ts+fHSlLiLEgeI+3WeOWQCIMAzUdsML8JMwcb5Biv/TVfKC/Os+tDjir2xRHnI6t+pRQQZ42YmxyVYTArvn/tazSdjPnlMipKKUFxe5aVmlDl5VAIf7JlYUZLTOPTXtEftDo5dkJrgtx0fYJ/XzZ/VzuKBz7ZQlYHfXV29Im43bHlYGVn5mG3xn7pFEsIPlknKryRhlxCqQZBL/GTESrHoJHrYk4ww2cDO7MGTyI7u1Q5M02QmCSvj98n1jCCrSmNiSpYKEZGV3+Jpu+QmR9HsZXZv2jPsYN+RSY0xbiEY1dm8jRYUFj3ezgakvSNTo1Ijhp9E/mojw46oPeuh+U6miYIp8QPP71+aFQaxCeu6B695Ped3inewzx/yeJJeCYbxaP309FeWLQN0xu/mJEm0V47L9gOPz2OAY8yIk6Ol11wCkYQcyNfwBVtnsjP+5Oyo+tchgYRt/kybe9SI95XXUc8rXH6vGQOqHG7QUA092qiLN4PzEnU/6+nJCwhCgyNpjXRE7IpLWP37vq+xpEor2yokBU740x0YHSXs/FuUFdZuFbzE5Hmhv8+ELboyTcJisbEQ0C6RAR4QMsrG1loWSlI5RmFfAqlCUKvL49UfSVb2PaBqIRqMx/L1jr0W9waSqyD4wi+YQs4XB8kl3uL6LSrkqwXl5RsK3WZ7P2mMfYulM8Jd1Cifn+Yq7sHRE+9D4I3WuX6rTZLbg1aTfYEyYgdDovB6dxDd/TAP9Bo+YbO65Vf+H9J2SrdXOSrkpqNXU6ubPczyBm/siral9btN7x4Ln85X8Pkk/3gZzpC0EplHIf/rVl7vXxebR9d+aSUr8cQuT7U6dmYaOfBIvn98rrdH5YWKVs0++SJfbTA2UITU+c6/nfbi2pVjRthy/mldOnfncaI15m8N3zK3B+yZ6xsTiZkvw7CtxpHbXLGo6w1R+m1whCqAVDNPitnRfR6kfc55CLW5ubrJ9DbC1PcIRpKlHcrC/i8MOpJ6txeRxemEQVCEn7VpdXHJ5cTmmco7uXWBy7xhqHu9+zpPhTBcx+IbulYZMZk9J6pzQsGx4tReEOlnBPIVGyPr03kGARXFNthzWUl92UA57r7qx+798/yNSSwyD5AEJds+A2ZmlTvPq2VI2O5UHB3IT+gOFdkpO2G6Wg2jiBzefiJ+HCKQaWaXS2+UpTj4bTAkZdg1dLC4y00tRWP4L5hlwSRZgIEe8lXu1BDL6b5qjbAFL/vDQ+nz+U4Hu4mDiYAaWw342jZVO2bwJNubZkCrs7SOEMC4LVU2FAKsWxR2+IPHmWSGgVoxa8t/fs5GqnXmhzusPFfBMj95ohzw15tut5qjq1o8nvshGnICQKwLN85LVDU2UUC49B2n7PAx+nG8+G7Lc4MNiyncF5K5KwLT8ox0dWm9Va5WBnnPVlBRVeclPoqp86DbYLF6ML8uwOgMFW6E4h6ITVMtWxl81ra994+Cdk5XPhr0qA/XTOP2GdZjmEW7VCojiiDe0eQme5ZeRu1n0dgu3oKM496cTm1YzqbFu9xVryzU4GXbqVfyhRj9WNa8j4C0htkIqfUF5qkGpCdQc/NWoyoyXgfbsIb8sc1vQS52PtgWIEzNRPHjxMEAP/VR0dDkboUXLMs98IuspdK/Ybso84PSk+Q1dzy+CF2EsApir1SY2AjsSYc2ogpnynbz3NuWgKsFF5G1u+rp0wnyFCtgEPFyeDfa2T6wbnqbH5zjyWN8gaSGS4wc4EFsUJ7fss1+5O5BqIvRIeXIE/AMHHsxtbBHhkfw99GXMdYjpujK+GLSp8iwhrUN/OKphYwfwOaYrZE8UfcWriTbIdf9YPNjFWdPB6vAIK+HViB3WpANO6KOXtubp+7aZvMBhf83E37bLchYhnfCUEoPWKbl7nx+9H7/Zq08BlWLWaciRU4vl7URQkLkIf05/t4nhWsQpMf/K8RyP9zwx+0H0gfCTKZfDCsKnRGiYZes5rvDWV+wVGNHwj1mtUgx49FIiMSpA10yYWU31CsgAhVD6yp5ks3SvbxI6cZt01pq1cSVe4maxyn28SGaYYTlAJ1TS/NrL3WVbOWxvjK5The41MeEVvRo3ICTxE3wTZa1P7zuuxw9R/WYSKPPnNMLpruMRXn8EPXHgJe9PSgMIOvduJv8AT+11xj+KvNxDBIUdbhqsv9YDiHZV+lFd2PkK87I7TrCpLhmUC3kzMakgUzfMGr1ZJt0Avj+BbcWyN92mvr/cidKB2xFf0D9A+aCdfUUiMRNaHvbzOnptqTp/E6b34ZeODsd4tzDiPDiqZYyz+ltRkDR4lS2bjUz9ikw+g09IERs9dFYMYf+lsYrvjbLXQb3tPoai/cTmchkWpUm38GqN5YA+SnlR63+HQ7nujIYxhC1Lkf+Y7CCYKSOUnmOG7DRgP6U8K3i1NILFM+zgXbL8/w6bS2kFx7vbG26VT4YDUVH8pVqgj/Ap2vK5n/hdCQzv6JcnnAq0GjfQYQM0J0zDP1N8Of/lzJ9xIbPydxIHkE3Cl+YBKVAoJ9QW3V9e834QuAT0GzRbhejJtriauFdoR/TKz09eyQgheNharlz41Cay6zjykvgMO7qmvuRJ1k1Y0E7WZt1iKy6l9+2cxeV96djLHl+EXM8Zr1QRRTRNazsNnVgloEQk+pWTQNVikstMS45EH2SVGiGiwOAcB+uWz8q+2plWaF3MwyuPjz60R7tOpHgn/kFcfPp5jQ9bPgtkPMlOVb+8orL+ChCa/30llouSynbi4zhu2g1+E+NS62LApZLyjWDAmw2N4i/c+3z89yuML1DMkg0TzsZBcbxMxEhDtrplrusdrOMGsoOU25XTdOl7ba2LArjm4YUMda/ZXX1YJINaAakqIHvNTUUEFWibCV0iCM1eLuAuMdLx4Jib/P/QIcEhP4tecPqGxTTf+7EC9aFdAG+jjHJZpO4eFS1Z5ymCTa8hP7ZRHQb9lf8suwzoQTGSxk7QS/V1PvznMK7SdMxhgEZiCHnucy1X+EtICzC8Vi2fWaiNP0AEl1l8PsF7gIlKV8P3OwQjreFj45Movb9+gU3+GjgVTdNih9ipoDfKkietkAUN/TSqXfkwkEbu1ElXTkTR3CT9qMTHQswuoj1tAydG6YFSTR2TvhQQZ/fVUOElXpJtT/ETc4/lwgU0tsI95KqhGbvXC/Ce04p/E7puPgqo/u52Lv+sexi9pvHNBJJMuYQ2xN26fk8RMC1fkLrHXPUmwhTuFk/aUdyTrObwt/KcKewilcNVI/wP0L3zPWqJDWDZUVjr5vcZBCcRajktqKJP904oxIRALLofh4P8prxmP1t8DR9AF8NnNSzZfrWkPAdIHAuj25mB8v4T/u5B7FiXn8o5m+gsYglpfEryk6+0bQ4yzEUNFVOBD4fHShT0JZbs7yiyGfK2DyP3VFTScrX0MqigDeC14ScDXDg44GpfwRZTz8UQzLS6CM8gGR6jVxLRTzc7X1wd1B+CqVwvIqM15pW6trvqbvRgJ0Gh8MCGef51QomwbomZU6Kk4kcuVF30qAajDwbOTkYFdYb2b7AYK2onBKCEN2gaezDqCQND7E5Tqt9A+PkFfrjaXWpnPQxXiDIVlpcVqPPuevvEaaUWim82Ooh6wDKeU2J8sBG1uKbqOiMKd44Zc4C9/w+bGx1NBt5jMuK0foyXewUJ2/Wi/llhBLGZODGaFvtw7OQdAgnlziSJMXkr/kb4Dh+2/wQNDfIKKUCP+lTfkFlwituIVkfmkHU7pLf5NZkonCj+vc19mmxYfcu2/9BNvqzLbOh7E32Bj2Ks1M1VGRbBmmSmyWVaZMUoO+97ZuaVnSSvh9k8LHqeYX1gTBVvBSBJa6QJL6y1NC2qVOX+r8ye63XvwgBQCrfHpCUWFhGnXV9AhuCu6dhcnZ7O/u7uGZZpy3SyI+ehGHhq5mWAfu0VFz/M/sjAD35tcyjFlnXjNCPxRQPcBLfUuh+96BYpgRUNxwyuYR1UfsHR8+9yIuILez+WUgTkZDR/uVvqVhYZkfI33Z4sx+PA2WUPHIV/FB07oGNNwFxRiCmfL1tRhBHslVwIBmdsr67R8DqVhMf4HWwohaOtimab4GjBmRR70BR4GPd51oK4JlD55UYFRGN4ZE+LUOOhxNQmvKQANPkuWsLQp0IJVewrxo1MDItnjSBR2qJiJIgZ3nsqKNM72MrZrGTK3vMvm9sBaXtRiQmsIKsX9tf4YuOTXXRbIebHLjfmJMAvKXpKmiZEm4XRnLQt6a93odcImX+tPlMCzf5iCB4fN0dmy/fNQDYjVCinRpwJoydb5sKUeZh7FES27MHruDZE1utD0ENQ6YX7YWbUNi3gyXtJS43VIKK6Tf70XlHv8n6jqW5NSW4C/hzRLvvWeHN4338PUPRjfirRQhaXoaTp2qzCz3DOyvf6N0uSetsKi3+7t8yUmMF4gjDy2WNqxsL3mCsTUjATq8agvEWnTcW+sUBnaURhM7+KFf9YBpl671+kpaUUOcy5HmpK5y5UA/80wESPF6OWmxmniXI2jDamIjsqSagH8c8y+jZn2JR/XnuMSu0d2oV49YzXLKlK6YUog63PH4N6HK+qXAT2Tfy3Tva2Cq6Vh+JRaYt+o/VbKQ5aGp3Qhm+2thymFcJN1h1TzN8GwlU5bKm6IvfzNFdaSn23DPtahENDdM/L0W0YvnZbzKLPpTvGWIciLcvHB+Tr9IOQfuAViyFq1CW+bn2glxHWcmIdozNzhJh1jaanlI0c9Ulr2fnRsCOwU99wIkPmt8fwqu52/z+So4X/AjMdvAyx3M/2bFkIsVDLqBmZg7St3LSvLobHKirisUO1tW2SVEzEgaUdNIXjwroYNvu8Yp28VrkJH8tbLJLd9nuMMySddLqaDpZ2y84CIsOnyHtL6mR1VrHO0aqnVYRocJT/PRVn6IR/xCy3LdsuJPmGxTm8jJLF7Zb4bchehUEhlT65lKz1yrt7y0fhWUVc3A8yewVGImGibCtj4qE6/fwqzRs/GaHIUoU5N2qaUvXtx//u6iZxFtvnKlsKRheFbSjj6xCWz/lmNDbaB5Aj3U2Htxjdc15sp49AOWGaD/XQVQtV+SuBJ5Ik49nn5aRNvByZoMAaBSiCP+Dd0JU9ACofmw5ccOEHQFlzt7CIFAopP1WTpZL/UMOG0YGhgVYuPORizElfe9R4uH+rPv9/i3kpYfvsK4fh9gE9dndAIWpwfMckAYnyBVoD7xANvUsy+ME+zB4EMjAdW7MY7wJLIn1Aiw4kO5xjXRwyngttYjYdQ797yM/stVy2EanqsrSjLOl+Z50lJICUVjQzMymnVmA/91gMclBhj9I/fz4SircZd49vdm6Fmhq9Ll4p434EmAk96j6RZX9BUifnVT37cXAw6qDz+uRrbmudxOzUuuQqGiJK/CKJpLO2P2sZdF3VXdXdhfWbIpjmBHoVEYO7sVe5bBOHjxW9AGR3+DAkQlFDM4KERfeaPQSz81Gq97vsP9ATFHVGF8mtWiPl+PC4lrdBA/edjQkUtMf+r/tqfn2+jbKI4CunQFKtrzhFFRL/EGKoHr9nLqZbGN/V87ShmCqj9gaIbym7pNr4Ll9OkGJLme4wTfAzEJAajRn0gWGEQtfaJslAT9lX71gxkSeECKjfav8i2Kkihatjneq1nwqKUqJ3SY2QU4a2fG9g6unGYExfP/b+U9zRoXvE/9mWbuZjQl7dMhAgbarYQo+FsPlVfGUVBRBeRyFXNBquC7kSXXPgzJmhHZdwCF+til0FFKvD0Dw9lp0NiDe9rhujCVyZOAG/YQV+1ahPVfXMP0b3r0y+0/HZJ0eAv+NExTRxdqdL9s2fPAQv2N4jd7T3doCUvfaE35g8FrgN5VUbi58rDy7U/5W+uJ/sDnZeMSEYHfSgV6us7Gl+Pm/npjSjr6NOCB4kWPzuCEFBzeswp/bsussiQNUWboewHzPPRAYSKEal/u66hsegUUThZ0Rl/N9I2djPH6dpp2Yq4VYZwXryrD5vxhFXcwtABqFfbz2Zqe+QLdsjtbiWH40QTmdQ7GMjhyL4oEx5Xq5GgWMtAK+p4PE8F6o1SOvk2e+F1pPHDwrISaGlZptxuYmFK4eUIHzR0qdbRymvYm5z5lmm7OZSiA+uUdqK0Docb8buXwIJY/+ciTd+17ahrGtx+nZTOE+zU1VItVdWC8B09Vx5Vazm7l1OPi/YT+zDtlduLnwhJuib/6fFx9EcfQ9oWMmpXwfmW5kTKJt1s07ixnqw4K4Y3EZGIXfy+C4drOS1luoYUl+fyV/E6yZ0EV44V9VDdL/bCdh/gm3K39VBJARKEb9n9cEojtC24QAG9sAUvEr0lLwGdw6gb1oyD7ANUr+J4UB8Gvj9JyrQozbz08lp80Pf1K53l5r/Oz8jKmhttQTL6CM/Zn3ZayRkrzaZ55ZSu+jtySjSY1TMIJYekgr1qdnGxJZSVx6QMF/wkS8ohnL65Hfw/K+dPRVj2vUhRlS9KZ3X2zeF4MSe5jXQehBrI8e/ZrFSggww39gn9Pomt1IDS6iJAnl5oE3H6t/jdKOHpK+MBGDG2sHDnylEhUKmhYb39khapqhrnzD8YN2MDg33PHG1BmDyddigxyM8OVpYbFL/jfSSC9MLe28dqdRiqKLBnq7z1zOiqwvu3c9M9otzCPdpVMBJszCkUZNK+aQLropVLCgVX+S9OnbGZaYOGndY739Zf1nHMU5NvZfvGcvdDIS/Igigw+lu89Lbxh/m7sxaD/GMtnNKuOD4NP4FZS603udR96CmlIrhb/tIH1SBjAf+2+MSOP0Otzz1Qzp3o87PNiJ8BwL4oMHuT9ImUPojT6MZIUwUenfZ/iaW5dAY8EriyAQ8GPDTy1jHijnFSBQgkZ3mw1o+Av4vkQhtXoczRUoV51YQqcFG0JQSTnzIHRST+0i2EUyYbPkEHh1vuojfj083EJPVWjUu/8qnA9WuKvJ1jlbmgW3yuCGM9vESRWfIPcomONaqRwnOXZmP41kMEiWYLeqJEwZUlsGlVPIWhi5f+brqrwns280aSObcANfpuy+Z9cCAL1awCObSdZrr2gFoVf1Mq3ZzjW7TH0FOtwbL8BC1gDNYI3ps25A/Gj/N8vzaVgLETA4UjLaseWBjomk9fehccZ/mxL1lfgv+KOYRrxfH7iWKwqefoZavLN+ObdT4LWBSrf1gDLCoqT/7rx51WI2i/q9FuUeuvWY4a6mSDVWpL020KR1VK8UjOKuHuateaXEaEF4LwmKVKGjOApL53gdAnABlyZtPObjG7sc65i4hHYKFjoAejTCNpGmPQ+gH/DBfhFXr4DHV4g/+SFmto01bZOCfYwpCtUsdGrhNplccoxFkfb5nsFrosLE1v3dIXGr+h1WmP1X4MgImD6NOzdPO0KL5jUni/bxsk8yf6M28kiiGNjoB6BGwRwOrHzBx6rUDol1OtqdDSdfMh9k2YnNeIdPCEnDWVL3JM5LfGaqIz6DG36P8UEKBYo0cGLiXzCMejyB4VH7e96YL+h52+AoR+Ywo8SVN+XiulLPNE4LbDRE5MPwu0yvScVrIPV0AnhwbXcZTplxPq//MsQJHPHudFeoQhOedjjgYdKheHftnDDEM9q0LgXTXx6M/kXH0PE7Bktkaj+p1m/DWT8yV77Lcbb1q12LqzOwDHKv+QD6GWJkCoT94bmBhbjSxgSg3siUbt4HbuseuILcFpZLaa21J7A4Q3CLiBFhMt+TwX064kypgUow+HCzbyVpp0E+JnP3OaBAy0oWtLGE1kBWfXV/9I+bRPFvLD7hnphCV/aFjG6UDM2OyNZ26+XkVBLZFSHV/04n7rer7olccruvdb1H8aVXj+xCOOh2uoeN/QzZKhwl9hpXzawpFa/5Jgl5WwtD8flhnxPQxtt+54Ls6kDecpGH8sI689Ay387IKwnadBPeBGBSnaLxCpqxkgu5NLNRViVIICLLVLMIOBOhQP6D8tQOZwiRipD1YHQL/d6mgLbPq+qZFS8Y62X3wRdCXYjBVkH6JHb4hcNG+5AfW3yvKLZWw7zJZ+TTF0hKiw9B9pSBe3BT97KjDL3GP43/XoOPwmOgD+R5EjDD8co7JeRkH/U6LxgJLuMgtrRrR3FqTAieqKEewch4kJVqdGVSslIAzjP5N6IZ9gLKI6nX1uWX+KYboTK2CNA5s9PJIz2Qnk8S74QTh4pKc6/UR38SYE/XtozP5ML5G+LKd+FrBzUEQ4rAfV5heA+vrRVCjgMgsS6tUSwCFvtsesPrCBzJX04gXHiDsyx7g6ZiI8ECDfChRVkMYWUuULglhBS3SwQ+jNhPBTK8um62CCmmKbM91zfs2CpVg/E42+7nAmXpvEl98FGTEuaqlpnRfsIATUqhDmP75s8se31K10WdFiVfp9U56AuL+VSLS95QxMqy3Qwby4ajy1h7xYIx2EvoE1cCYn7nyDtS1bilA39es2qMOZYFK+x0o4ALIsmAuyxqzewdtBa9QbNrvBfhh6I/+lZvCvEGPjDXGgGERGlkToGSKKuJKasAFoQLmc6o14QpxGdHMIqAxJ7jwN4DNKpFCeg0qSgKsonDK9+StvuMYyneN9AgGxI4SXkPo2AII2jPTKkhUPCfXEHYH+zPpyTz+mIvRyGMykRkqZ9dRKGPc0jFRo6u+w470ub6GatwcR7tDJoRQneyhplpnpOn6jyhxY9VNdq4GHqvFERIotaujAWNdo9C6i0lp5Jb1pVIpkVXGfL2htW5612Ivob3zJTqQPId6uu2PwdCrB4NZj+1UXZ0I3p8GF9cLvQAoSoJ+3FD39NNhIOHpT0aM/MpeIJkRhHmRegL6kgKHQzpgb80bF1J0H+Y80DEHaVYpgPpf2lKq6/nEKJg2ZBCvRtRcE1k0Ghq8wVOYLB2HFkJwicFZmciLp2TpaFOZiD0w+gRrXVCI1qjWy5wEZonwj0K8XU3d7rdabyd9t3Um8z+Yj0Q5EksMLb/eUDRxAi6xK8frnL0+5TQ/I9y8Oy3BT6hkEADssWHWbufAD7ffbskmmEs00C0m12435HnqlzG/peqw4u9MNRWOzuLJWg9Ltk12CciWKkVMA4eXz6oYmYchf5cQoJfi4Eb2REieD2T1a4+Yddf7aFh54rGhlF7zTey9TsiSw7lvE5W4QsLCUgysGFXVVIgRF4x7mnP6VE24Bc/WIwnVlCIHreoUWw0mu9CO+XEOklp1McI2zb3HoWdxD7Z+XTvh/jt57XvyNKIC3SprJqEHEMK3xchP+a6fc5UMvDh3PpOx7Jnwssx/BdSrNO/l1jRxlBPE3KnDqISZbQPqXLtm/QF/gJ868z9kv6uQnx/S+zWCKQFsxgD1sq11UtktfYaYEqOAknwqZGXxfyK5fKSt14MAKj4e/HtSTQig1o2e2mNIWePmjzNfeSH40zU+qeuxT8NMhm6W5iHnuR1j33z79OiTNixMzA5uHMam45TaLrtUMxIRmfdaSzurIX3KWh1mScasb8zQ10vtLOdZ/dA6SvPfcCyeEWFW00BYV1UfLb2av3vhdJ8So6Rsj9bYoW6imPtQzNAX/+TVtGN6JKPy7yi81eqQbhijygRfXzT3sx7e1lGwaDOent7l8emd5TvgMaFrGfeO/QM2/uEa2WxhgaRzSbbwAl5lA7+7KaOi4rql3w/exnZEg17NcNvLjKpPuspPHGi5ivRll+vf8kstLn2FkcRaDl+BsKxc7JXzJ/sTCIBLMFDWzbASZeTMLA+xXTlAYPqMuBP4f01snqlJpesM8K1M2uwcU4epZXHwhF99GXKaEZ2Uy0sxW9Tfs6QjPo1l87b47ZQrHXoBlNXBfFYJ60A77kMgA7btGA1n28h7MMhKI5fp6RoMp3d/LJL6XRc2qiZ7WQ5ZXKhpZDkFs6Qc8HUYiq/k7nIPy/fVBOaGNczHHsXwOJzuCIwwVe80b82iqI/XKwUeIMl3BVUi4d3LaSx8uunAzBYHjw4PgklQVkB+vXV781iBrIkTUrLcJD59F5qKn0eXmvd7kidYMXfAKqfsBzBf+3HfQjKmLzsI4ttsJRIGiD/cDT/21Cx1DqD0xRjmEZIXK5AMp/G2S/3sYGRvLc9pFj8uYJx8NDimkAcEpALJvbqNtlNiCvnn66XHZ7icOnHcdaXEOoGJwxYqGAgIvz/RG1PvNOKv6k9pHPcmLhdYWMC7ryMJgXlyvBAFsJEN2ZeDSpvM0Lv4Fp/dC1nRzuCQAowXw8Ar4pO2xp8yc1X2Q0LekOuF/zqZHGgPcEfQx0ibLxczhuY9F03EoNys0nsoNzx9VaOg8P0RYYLg7wbQaDArCCzerlg7RZYoNnJES+SAQQw3wDbuob8c0HHA35X/UWXTc3UQZq+B2Ej6nD6HkY/1evTH7Duf52L3obLxQJ8cJiVqR8Mx1wfU+WgQ/y+1h6H6SjGrqnXGu5cDstsB/9KgtrdGpOzehBY2S43TlTkiKBxs9hT1/Ybq3gQTVxgsC4uRcPLjKG5cXd2OlsDsp1qq2bpV1dUcKI7KJLQxtvDLTbmO1BgKEu6aFsZ8izrT/HIlpHjX7WzmVqwmK8cbQbgyo6OPqe3vPe6oCRkZRHDSqT2gT2usu59UApNVXpR6jz5zYoQFdZtHQCPJz8oOeIT/8N57yD0l36WYfT+JdsXvrjtYvOZAos6udp25ram785ylLXmgk+ikOq6lC7UXIsu7NwKBWwUwtelLPOV4nAH3vghHno+1+QI0R+A0/i2w6gP9mspzepEX2odtPnvkhMK02QjTdhKBGZ+R2TZKLlxzqPQ8vIHBHzrqnA4akSmF6K8HUeiTM7noqsDuqgD7CWQwk1OfJkwdZBAIQv4KeXoQucw/YmDjHTQhSPcZxi/IkY592r1+tn3JgCVIXUpYTufyHj+GqWBVl7+l+egh9F1nk/+ntmaC7L/uGkkWhO6eUkX+18mn77LmhP1Dcg24j0hpTIwLcM/XwHnGrtJ3usUCsmG6Tv2XTZy/AeS+kS1/BXPvhFLPIlzG5LBd/No6epZjScnyJZheEUK80ADhcYAPlMDXzIy4yRTWJr9NVW+X6zPUQUV16jvm/S3hI5alOCrKafRDJ2lUBppBO48N+cG6O7q6+SHoSFQGJX6Zi+pHWF8Zz0ohLtRcDW52ZuYagJcEzxD7/82+BK4olhh5lwJTZFMuYv6Nba1VRaoGJ2NpkcdFJ8BO+7+KtpzMaUJGFOiatGEWwzh+dWrUGNiVrhSbnEjtkVZB3IZI9MHGPtx0rY43DZxIdVAaa+0v+trT20e0DyDBtFNx/R96Khx3O/hFpZFjD+Ob1ZSKyCwPfxMlASZdnfxjEvV/ogXpklD3ajflkWphWijwWHwBIrp54Gp4s6UOCZa5YR51XdX4qWyHarWuErF6JuGWOd2xVBVWkb/+dz++KDFRUKVZQM74KhGEFit++j8feyLL/pnvYXgofrz3MLSrP2eeARJUgb+PqF82wOqr3at+UaZyWd0rrFUBowjWxTyGldcQhmZFmWxN06X9kqeQN2ndHnMLlD4K3XLtmRmaCLo9I0jNC2/Ot7VjpCxcEDJ8DKbwjPdXuJUAy7My61t+22n1HFE4JPvriqsMqEifY/Q+EgaiIunmXd2B7QN8KsujMDFSQS0znGMSqz1UvV2ZiMRPFvsk1zOunGNfjRd1jiQeCaAZ7RuPmTnuw5kVJImPMB2WgskXTq6mxtze1DlM++BodKzzhxjik0kq60rMRWNFdMjurH5pCrdOj+BQF7wICPEkyFqnsrHY8S3X/lRrz53+6AWQz094EzVwHYCf1Wg9ESGG59lToGS9e+9vpbvNbjhhtrI3tpkido1gqgAClT0/Er1BnL4mIrnwc4v/XePBrzWB9AxHcHSkekwUzOBFt0wI4L7Px9CgyOwCWjvmWHye3Uy1ao2xcaGuKAwVW5m4dOouigA0ti+VYSjrjV2MjY6SDJH0HTwSz8WhL4R+Jau2ZlS/8kZmqRMeV1HjKgHTbzdYM4z9D7511uQk2guScAX3p118BaHryNATElsQVuLXscYB4FZxOBgk8fcPQX9Be165hZh98RYAsg65PO2qfwEwNfygUhJRcc6rR9Affkf1k0XBweazvLYBlIdVWEF293fqNtXFx64/Q8XXuaWpIWxdRegEq1tZTz1BcKjk/dmd0Z+ncWUqY1O80rIN1lx+G4lGItL3jinXQ4ORvmQbBQhoVc8G38KoSMlyCWgHYxSo9opW3wSSBipRWKKtGlGPUoPgANMadceyPk8eqZXlgmQUp9Dm2v+xnqS2kKQy6lWn7YwMxUM9WtQM2fccVddwmEJYsdgaTsmN/c0MjDirTvlMLuXDlDLEI/IkO5wvXhcJ5WaFr7VfPTEjPFS2f8gix6ndMnjP316iFYvk85dhUWD8RIvoJbOnZKYBRT/iUAYwZOR6BKtXH1VfLB4w8H8n013A8O5c3m7yYQv1GjOSKM0Fh8nlZYBFjm9/vNNBPJWgPpqVIJAZiNDjTlKDCYlK1jdLV8RWAoYIBsPlbEFMGb21F2HsJjwG572Fes/1z9j17y6YPUTDd/7nl3ZZo2P/9eH562/biWWfsSdI0c+oB+QuaciAXoj1LeACdjhctiriDyrSANgurPx7JDpvM52M+zR86LQdJpbqdF42krkgTGlfz3ZVizbB92tHs6/z5gaClC17gUYMBqJItG5TnhPv7yhHevLg9BxqWqr03blcdYIVN73Ti6gtEQv7x8S6BQHFEuYR6AQ1FB8DPJDlfcKBmBvR8CEAHD1xbdqBpdIojHBiVXkuzfIexUTeCJ+FGaZ7ry+ZBJsDO4H6CwRBsHCfjMKI7Yf7scYtEFOwuedTKfpDwKI+H22JBCaeO26nxIJlXJGIhoeoFzO9iOqCUKQ3yr/qEe1Jy6ED0p53k5L3DLpcmgMhx/5MAIWQFT6GNJ1rC+cg+ixu1F0IAg04NMyR8l4Xj5PHTFil8fTrepwwkm446eSzEn8zun/D7BTMjJzl6ef3nRGbkWCBp8yhoR9CIsWml7/gc4a+XYPcZqusNgDMs6NESa68UJjs3MxWFAcgMmf1UsrcknfC69iAzWAuvyKiBwdV8ocboaS9RhlQ/zPr/NDlaOn/M3eJf6KEkiIqjY7zVtPU6evz0Evk+noGDcM/XejK+r3ObWuOXy7KBqjVEoZ6Hc0/64L6o7NwGnIr3TR7AbksVJwvWCf/QHeosMllMUMaF3esNMQyvu0MTD/qIFTuTD/8CTqr1h9hhwpzKVApzJQF617iJDCb/Wha0edMmE7jyWriOUDf/CQHPxwCNYfU1657fymjbdEP8gE/pUWZnQ1f5ZHG3R6pJo1bjc2kN14oiUZ8vNagzORvZ5wLFz5Kz9EVa0CSuSemSK1zHju7f+z7OR9jePnK9iKcPHl7J+seFbAkubXyJ5Z2ESsba/DXE1wlFUbsieNCbaYPCDREkqqwSanKiSwYCiOHEXXadIMjW/hm50LEINEhBQdG9MBdo/D22zPZAsMz4ClsTIOHeKaaNwegQB1y1KTCsgsa+xgPKFK7oXV28+f7Jn+Xxsk4Hv5jvxp0HM9GLlwOPs8Mu3btJAUCrrMlH1oe5nMT9zS76dGp9lEzKDhzhEFPAX9QxZrmB1M74g9SnB9kXi5/rNzPGPk2BuDos/rWPs9V65P0deP9M0DQeSKWOgYF9F4VHajQUA6Ub9yQqI/zdwSu6VgFyq4rC+atNaamFVc2Reh9cwbiFYUyI46PHe7Esek3xOtPwkagRCARX9Z7JOwgPU6e0ncQ6/pyF69sD9wzAbCk36FinRlkf4Jc/3GmumqO+6ZO8+Cz85hDYtNauTW8BMqYPPXXz0lrG7tHuM2Nhc6IXPVtcxJl6tOP0rZx5qfAAYRJpulehv5qBk2Lpa/kBVfYq9EFAc9IuJDlQR0qoi42sQsrhmCF+SKBsRTTJ1eRPAWJmiN19536Ub9qAouIqv6bJgEjfF9DILbbQu9CsL4JGXsTkVyHeXRcKlOUvTJ3gTyNDhKgDb06c+hV+nOck3JBoHKXHNpdp23xU4Q53fPwbUMWh7u0cnLHhOjwnuxy5MvhfB/thqAib5+KLSz3zXL6LxqbNc8rWkVf05nKeRU6r8k980aG7Uc8NRDEBq7BAMkq1QWUf3Vjd+lKYC4ZEuIfCUa7GRvIMS88tBETMpTMG4tnYYszEKDtIH7HjG4dKip9Pl6r/89zYpn/+oyT8AMEGdVWrfXEdebNBjwVS/nqE4dKUXCVe4UtafFC8ug5IUwQtEB9Vp6RIePvxZHjuemsnmCx2FhG610RNZGT6Llo7hR/7kJnuvLt0b6f7a5Qccw8zzu8P6xNpU8OW1XLcLg9RcZdcWh64HFmyNWVNn7IPyReULfNj6gvFDrXB7Lk+cln5dP8Od/TN1UVcdYigS6eJUCIwVsyxkERvmSeg//WAlgaT3auoU4BUD+aBCcRjuz5bC4R9S6tbp0PhNzwNJwzfAmmZ8lNvBVvZGNGSO99i3A2cHqIPX6fhmvWUpq2IDVty98S+N2vhrLfmsTUTHwqeBhLQzSRKXMZsqn7BgqfRBloEqtM25jps0VTkcMcu1YA8Mo6sts5e/aCIn02Mwxx1RlNmH/PvaMYHXYbjBj9F/t/hWs3T0vXY36JjcMLdDiY+o5qYAA+QFTYSSwlCAP+eXcoKXbTnJwCQqhxwaRtW8QmBtgb8kTlIqCbKtNnOPyrcSoSLUA7uu2O55qjlJEhe7F1ug3bT6HrVpUgREuVY5kUK11IwQKvRjLOtBqf69HtD2ZZZWSJNWhKnFBPbDAkM+J4/73XW9CD3Sij9evXHUmCocdkURQMTyt5pF+gSGiJzYqXGSgmeiDU6UqOyF6MSfxUrOr3mAPiDX3KZM+Vvmm3MAVl69gedwOTsH1hg1wdcbBM/j3gtpE+g75hgMsPeOO6CVdb5gvLhed5+B4t+SD1IR1s8NGfmaGBR1UR888yjGEmtsKnn/BltFm7Fxee7WzRb6UPGfKEzEsBFQnoMiesHuPtdfyJltaQ6VU+DH7PqcAfQR9sFCJhLAwIl6QjIAd+gpdOEPsqzwscmphOvSHFVX78hG7Xea9bhmvP8OGVn3T96qjOUMP7Da9dUPoCGAeDYjPcfvTZx+m/Q29L6qJQeQxM8JIWpRccZ7NwgAr1++EIhjDb2Xx+PlKVlXkUepZYWCNMMV8nkW3Medm3lDO+oG+cbEiSVvFYaHzme8yaFM+ukF/o++/bVtOOVfQP2ikF7+6d1vPDVDqjDX7YvDEZSaxoTFh0vkL3z+E8TH0GR+WEdMcvz1tjhHpzdNPv/tTKFxvTrZVZDbltFQ+yEJEeE9jYpZ0jEHjwjY/KIWklpVCwTkzOstof4dX5PS+6egYDYOYUP3ozmK51Wi9X7SLVB6gpGcKsUUXTPQyj8XP9V7DD4xiGevlfAvRlRQFCDm2TdkNS30KA3w7R+Q+Er0v21ioa1NabiuBYP58t9EsdgQyM4C03CUGA0MhE1tLGmvRkalIKD1bO5LXgB97C2arSWXyRigaKwjTpW+NnqxQSQZHyMRucYRbEgsHbuPy6clxwo9yEnO/NW23Xcw4wgdYhQFOj/XdK5+XXNJ8wWm1QKaPQVF6lwsmErrUiyxvzdIPdvrPshRicX0fW1X6Kd/TcG3WfYzhu3Y1p5pzWKR9lKVQYWbPnrMLIbAo9zpiJa8lxEJKdwsf1eA8oC/bbY8Iav+gMl7Gb/I5Pf+NMcQVj0OzovLr13/EsOOu2oliGBEixvRbekFOTeKkXO42oiU8Lskw6KZH9RejXCO5JcBtDA/WDFvtUT08SQdZdOFjsUKNaoPT9uHpNiJHIt0j9hKbAZuxBX6vqdNJDnuLAL53hyilsYwASvhe5mg737RRTY7nt9ZudrlnxJGJrIYwoPv+5neGkHiSh8vHzfdNHGQAGHAXJrpdaFL6lhCyM/uj+Js6Oxks8SW62+VSVJdTS5UURTQBCWsqZqMzsZl/U+nzCkB0GpyCq7NgWCdJVs3xCP+3Sm80F7qHkQslNvmX7B6LnJWxYirGcmtgd6quKo0yxRPD9ut/EIxLjKPVA13X2fR2V8LDM7rvJdywR/RhzbQCSatjTTLRJi/Bi4iLw2o8p0gHB2qJNKDumG8VXKCggRXiRPXy3+ol8/3oDywkCODj3a/L9eaOA3bLdL+C2jSVPtppMZc4I/0Vq04ej/2mmTNpBtofEPrR6XRb67Ox6w5x6RMDX9ZMah3d9BqHlSHvCR2546fX9Enh9UVILBJ4Ytpy2RHWLIYuBwQnD5j1XxNtUTaCSFhXgJPAqCqtMGEI/g8F/NXfIersfRbROtgam/Ne06DkpnbhsYfCIHqlhmoZnBCqyIC4O3zJd/ZhJLTROqLCK5rDOFJWvv+RNHmBsm8gftk0gVPvHf2ZzlS2Lu76QWVapgWFQAPp30+bFxV51MovpAkITHwnJY1qshLNuM8NFl4GM9/oJssvoV0XlO609TezNTHbTq3t6UM3w0ZMCgyeKaa+12KBtF2hzhVRpl1fQ5CKKotJYZxS4bhUjdKe5P1xp5lPgnyQhTEvZLZxTlsMXu3EthUBvrefF4OIZEIfGgnSnFS6y8I2HgfVZQ6NazdtWnb8WYKK/3V0Qcs11SRalBn1dO6Dx4mJYqXORd01LmbUByY0g1Er+dINwhBMPxb3cHnq2LQWQaf/vLTsTYjCPJzfEHQQ/jukjp97Vv5y7yMalrpiVWJgCitshHSAVDnryUfO2m20BUSiYglfmxk1DRy2C3l3rTDsonrcL8PJAihKIsvBi7qNdPTL+mYUqo4nb21ny5MeYkJu/fGPE0M89Dq+/KTqKpI5yd4UELKmdvTLzdSFZ0RwvukngQZEL464KHqfpoduHNBoURnhkzH6uaiRuX+WZRsC/KSF0yqRuZVQwiJItox02ua3OCVmwyaojNJFAW8nEM3b/HdhkorOMhI312PuQiqDb893K1HWrMG9zpWFAW7VQbJ+CzCDRNpxzsQ6fQFQcdt85iM25NCkP607j7UzzKJRDVy+0FFIwnVud+EVBRFVRTXcZZv0//E6INOEYCtQQUL7M1wqYa1dCE+v4nptcg9lPUoYsCFMKmiIInEeo5ZK92eHMC4dHAWYyq5mqyLXf1CIWHVgPjb9hfZolOz/pVtqmZlWQlRm7JiiWJUUjblfshrrkkr12O4BO2WvyROHVPyQi/kibrsSIlBj34DiKiuTd2fx/TDQawlEHLhmO397UOFeJbegVXJcoq+P8wU1+DAx5N2hCM9PFme408DiO9l+azWG0iqFX8eixbg3/g/IB3M5CW/BI6fXvm7GDI1unjHHowoiOINUUjdxarCuwdXdng3ea9r15U0tgckKgD+xEb4SG54htpvbjeMvzgnGGA/rkTJenHdFz+3ZazdSNJY/9BfTJPTeiZpPdBT4m8Qx2DcQA3x3kNNHTyRdH4+8lLE0T4bCpZuFie0Tk/SNFhEF7AL87i3d7cUxxdng1sb/ZTNbegVBEaCZnhPHukz6M1s8XNPkwSxiq7+NYuKV6ArlsPvuomy4SuWUOTOaR6S1MY9AKHjEMmf2uV0L6UiHD0iIuZrgUmIcD+HdU+0zcxX/HYUv+ZGOwpKFCGY1At/xwDeB5cVOXQjXOgnwacARKCUSDbkLMz9RsnYK+brgxKh9n2BF87hu/2h6vMadRFfXu5F2kjxEa3SJsHvrt4TUkbN3Wugc3ZIMcCs5kj4c9DSIpW2yMdNNU/VMSTTx4TphkGSr+6As4LxoREypEQawGxuAfFQsP6Im4GaSFPIVczX6geoeClbvUOCWguI9D14xOVoNDY65WdOXOxZanF9kEJZ2T7LBFpac72fNNRA/Iu8+5fW0VpOTQBx7I6dgNOBF0ghMquwzFnJdhJgpHv014qp1nb0qAyP4K63sTSQ19lPk8DPV25T1X35ScvisqvjqXOJzP113aLczFxEt8Dn9K/HcxcG5XiWPXVbPs1YVy1Hlz1goymqDCWCJutoYhekU9/f8ULMnn1ddsh+aP6BJ5DjvkEkgtzHa49L1b10C/1pvD+p15e6aBQfnN+wNcxJ09mp9owwzRg+7dpcMPs0THxjENshL0lLBeWfJQ5hqJTT9i8efVjnfZIi4uaqFhTB1FFKNYOPBxhPml8FATVWAZypQn4rTGiE/9su8os3N70btp5tkcKXNtCQXK4O7I2pTzAnBEbiXedKhR1FFsnuNS5tVkwQOSBtAsMcA72tIOhor5v5Ob8f9zVt0ws1Yl+i4ebHT2kK4e1vTYeEi19kbQo3KBbGWw1//uEcFF20kOaGkWgaaFoVWKyjGyTfXlQaqRwpWrxW+vd8PuoNOSw83MZw5pR7mwI+BLn8rb+GigYiUqDktUqLIol1nYCFXqMlEUy3tP1gYaOANJqCsbxa2Vq9dVopU3a+wSSk48W4Z0nFLcU51g613AGAhxY7i/21SYulp7YffCvUOAQeBVqgVk7SbmBmQuD6vSiK+y1rlWJRMxih6dJ/uxw+/HIQ+f5zBHyXd5aOIk14JK5yJd15jBefBZYkDfOZUegPgfluuMPcqD47TRRCpjVDZ3HkUVeoHLNH0jDW+66Vl+maKSF+A30o3pzz8nBTD32xFYjE+HT293FMXGYIX8TBgZ9Y7rWyM3Vnj1tGIfd6D5ObnlDh4KrWuyQMFzihIN+v/VuN+vtrR0WKlxRMX8fFrw3wxzIn3y2Hqpjy4B8POhTYpRG/L2VQ3x4rAR8+u+aCrT13q/DnDXON5++lfeq4U1G++eM7d23n3a6r14CTLm3705yF8U4EvdTsSu33ZoWt2dOsPW/OIDppTujsuZHlv5qR+MBf53jdf2s+4/WhMfKXzQy3LghgN0RCWwoGfiKauMBJf+PmCmYYsOyflAxPoV0l+w+x7uCCtEiqIRfxNCyepcbZh21cgaiWfg2KgkozDXFo+b+xMdlmbTmqVV3DwoLnXGO/q8vGLPpBBJMthA/Y241SMlv69TpVPKKYa+uVqEy+vnh7gckcjP5JsJ91GgIXlFfFog7Ng2p547eCmd5WOudtxRhhTDFctx18R0KrjSlgFTN6HITp140tZU7TyxE30AruNDM0hNZwZ4x44Qx4eKkUuapV6vBsISsJH7PxyOmg/9ygCklqWamkZmlCaBVxwEjIKiQkbUTzK5mo5wM9zUHL3qcXx7CA7+ICZsUu7Neiz5Xoka0ozhIy+mLdcFkAii3HBv2ZNXOBo7yEnGnpWBY6lAvaFofY4PS9M0VQGM+LVsMZ+Oup0f5G+2/4Emwj6r7/WYsK7+kYyyYTZNJS4YG7tvMRzdfqmHwMDmxcy/2QnBpiHHTsnvMVTPirOCawZX7holNEjqJoo410Q9NYa7zJ0LnUhL1V8xSg6i8Bo0MgLkx6WhNKnIuXb0VlhqTHCVwEFmAvL5AiX1XlAiK3ZAx9rsbUmaNH3QbpymMGMeh7j5k+Gb5+OXhjzXclxpdI/6hVqrCks13R7SpzurODbgRg1x1a5xRFkySuBXvBldHCkjkPGm0H38rkUXkHzeHeh76hEDSW3D9MW99TC0BCqncaeAMiN37ty3S0l+IluyT5Oek8YIN8E44h33jWUb8M4beQQcas0eYU3xhqD+elHcDYjR/Olf6LL6utfYS5eInPkE/E/XH3cfhJdibVWuKeoN4w6A+HoEFNdS2ibXG6BvuxXwygVLLHWMv7+E80WRfZZ2v85RDQWBTUyfFEVgB8ubSEwHn5isYPYsdGkwJYseeooQgG00BQLdZzpef9XqzCyC9wZvBWGlh7w7Ht5zE5XQ1I/wXb5NKdLWfg6W5q0udkkXrsgPmT/FWCQlN3YpOxHGaVSGcuSeMaDl9jmwxF7lQdBSlOpgM/fkJeNnjh97BQ61lI9UKhIB/yIBZhEFacORw8qvhldefLhLrXgM9wBR5T1+TFO+GRS+HVEIGoydMNGDjsvNm9gMxbN2FY2iv7fRqC5nN2bM8dV1h6EM8RyjSN1VGY2CR22jktrr4BMxo3r0YT5ffEJZCUbjNqjz8UuND2fxxq3LBqu3CQpSjbuX/J6EFY5mHra25Z7RHfUgN6Emg2fk25SqK8h45Lt9qz+C7Q6R3VIvN4gOaB3cT4MHhF4ZRAIcYxGR2CuryeM5qiOma8+YwDtZaV+Gx5pZOkSLY/NbjJaisaSUfrJiEaGv4lvNUeqQ4DPUlEeOApdK0H4IOGSoh0LgqvWrUA5TgmAQjOTfNQ4W2NlsYRA6qSeOviCpFCPkdVPksVMxXwUkGG/x3fVlf2NG4xcAoEJfhHup2b0Pw4/4l7duHIPtMGVYHh8ZVF8ZgCapd5sMSep+niMRjuuzXRbL98UEjiCgesqkQipG0uvWqNclMhUAMwVPFra83PtUaRfFoXyOpyBh6utYLi0bU/o4rCwjLxC6pzPjqadSJivU2d4K+Lrnum7I16q4K6iMnKmmLBLf2LvNp5COv0EQp6z2qBIRhrh5ulNAtj0dVbD2zfCIBo9lMqfOGiPzC78TP8L+EbYrTG2ubcCNoC/WiGAR9oXMDBosFKMKk7JQnUgEAUDr6sZNy5dpFt+ZpPdt1wxhIpGiielzN23YLjz0OkOVGoA6igsTwPLt/uGqjNZql+QiLcWXhOoPOkR4840gy9loKzLTsTyFbGEh5mbB4QaTeNWCSCfGnnVnBHOvlSrFJ4qaDASuNkiAmqA1d1GE22PfEyM/oB/NBPukkSGccpBIAVi9g0b7aLwU3Oe/0qRrwQLjGkbB4vbx7U+e0QTkg0Tj/xUVo/LsmPSk0N5NcJv2o+Ojtkqcq8LdQZ7z+f9sPAX+K5x22Gr8t7IA1nvBPx75RlKKmypn03HLINvhRaKPzpnslBIGyW0RASIc1/AjPYXkzZhM3t8Z/woJNlzQF3dBXPMkUMRI4RzFbkBGFfKaNnFfBY7u/l/Vt4DR968Tde6a6hjkBhBjKitQpGOmCcKQKkjIi8HLHORShm8dfyKlxOoqWWDq7siBoaFqCFiVWXk0Ew5Rn343aNs/1r2SUFk1vtrhl9KZ3PhhLE8jV6Kw7SXhKcaZlB4DK60+iEaY1nGtzRxKnr5VNmBhCDOXN67HsvfiiLBD9qoN/lD6QspzdKmu7Ghx9ZBGg79v13Tg3X2ANbJD47/BSVWpmd7ihFCEQIlnRepKeHH/PAJBpEZcRGi8umNGKlqCORkV+G609QENMBH2H9SXpbDXkxqXeQU9rRtg/+eRJxSFfl9LqboD5druAAnsa8UitRA1XcnoscWDIdEyMepgVNXJvU4PJx42w08AI1kc2Tf8AdlsBV29UhX7PY47KZD8ekyTKR1i0P/LIYm1F+UiQDliuHmmfk0b9fFdH8i0S2c2DaHgXE2Y4h6L+dGbo5fDbwHS2xpd+RikSZEDwDo+ni2yU7va/yqdCSozHeBcd8h7TYcTI9fbHdXGDYdqpDPab1i7Xy1Fmgr4QdAhmKWTX/FyLxBhyd0oJAkwFrTAmi1IB+m0TH/AfpEOshckqeY+F9/yxNQYtLFTUt/jnx+PhpRuFIEviJkj9eGkyJuYVQ4ogjZ644lDsCWPgObtcoRIDGG769XCDVklzy17tUYUuwc7cczNtU/A1SvfanIF+cXq881R6xsd8hpvIwRv4xn2B7XiDJpHPwDTPgv2xe7sfllIkHOt6zeo0dX7lbkONHay61H4Y6B4e9NgM7WTBXmvkK6LX3caemEUe1LVGcOlt2278/TkVxvX3E41mQ07OEKarOa4uwG8FZD8FxAtj6SIBP6INs+FK03jH0POoPR5+iQpBrkCYrivdvVxyvmh34t03619YS8kMOT3MhcSJ+701axyZxII8NINX4iUHFpgGjbqDW3eNab4ehy41NbMKp94nOsG3YDCDMfD5iVmZ36rZlOLO6uuhudo86GrkxW569Q36VAm/Ij++THvnaMDEaxFsjCitAaYpi76H71En9fsgAUD/HFwU2ujBDtX53kGl2/5tzDAH8upktE1h1jKKl0OVQovpjutC6mrqlsse6pC0I3zoeR/lgjGcNiRYwJBU3P6dg9nQ3CNpcNDr1SdKEWN5Q6DtepgWlUhNmQSdtjsCdGP3ABHZHKqQaxFP5IG4Nce+JEmhevC8J7k2VIuqZVfVS8R6PAqypkbj/Ut1aPeyVLoKK+ccb7was49CmUqhuCueyUeCbOEnzG3HYeRpCK6jMZYEQvO+JOEJ+z2pA0p9gFB6hh8CsXeDQTK1Caxv3muoDsmE0kt6xUEurDFlQztXvLdVZN8sXtVgQTZjvry7YXb38RwApOTRVY+5fTmD8aj2ZvrMU85Rc3IzzDj0KuuFwgVavcsUkVx2lrvrBmvNXlogvn4JXd/AR4Aswu4ukM5j5/u3yl7FUvlKlalXvjV+WlXO7jjDQK77ZRG37l6e8Br+/RtRYef1G7UASGuMsyZ4nuLqSicL2Jc2a0/sZVZy0GiWYTM0S0vvQWjtp+E1pvTjto5rU0qRCKU6x4xzFn6FeTZzYwBobvR/bp9jfjGHzBrUBxCpggfwuXC6+0fZbo7WUtYQiRdfHRv30e73e0WXjg2ZZaRpy+GUaHg65dXlb+FEh/Q9mXiiJUz9WAUsCNjZLFLK2qFWkl8w703XXpWHxkxXYgimhnLIXR1/h5+kVOvfTn5AmiTU525k4ki8cjsX0L03tdaXHl5XmE1guU8q2yKerBy2hGGed0t+pHoYMP5flUOl1n9+yOKOaN1NlSbIBj391obS0viwEKZPrb7IEXopCNX0hFz+hQ8IL+tjKmMHky52EsA4H+n80XceWrNiu/Jo3x5sh3nvPDEi89+brL9TpN+qzVldlJUJbighpS86evejHGmtXJ/zX0PpK/5TbFtl19ujr+obaVRdxj5t1vzBJ1CaH5++1c7ClrwRM+eiKvQMBMk2J1JCmGFhUndpqLn+tIJ8UyiE5yZ2PWFIVz2oo1+yVT429AlpP23LKb2/0Ne5a4BhvhsXDQwbP5uc+D/CkW4fKsO1gnnORLPBG9C8mPJ18Eir9+9SpXx/dI6iW54Q2tCgb87r+4gkAfRW97bITrbIn7Ya9SBx71jdX70jWnyv8aQ/yfjTAh7D+zUunI8I0d4pjSe/OXVCXpWiN/HpDkWP387OeccgKKY7GtfJFH8r663ewyp5t5YTWH+CZB2b/85xH69MHWruITDE03uS0aE47zEPjnyrG/1IyMV9y+f4TOaFNHI/BTv/m7tnFQf7b90YL8EoiwyIn38J1CGo2OmnZlUjs6yKqMFqwbW1wPX/t0XCtWNpiuJQHRB3iI9DcX0FL5KrzTeqAlEe71WVdgKgQdoEqUPn1tBOfA9ca/5SS5RFno1wMBa79S5M/vKaQmCy5Lt5VwiKe1gZepUJTxXcVkGcftqOXg2qe8cPF8EsrihYt2C5xXTPr8jCZ9qBPMNz0v8xGjk8xmKkxXG7XHt+jqRsc0O/RibZcCB+MkOxlTFAzaPxfe1asFTj7VHGtwbELyzMks8ov8wR2Cwk/4EBTPccVROB0nn/zHkNTeVrTn27JMw/HY65ZXqFY2Jtp92EimmFW/UjXS7p2ofo5pAvlSD0NTyj5wv3PmSxScjhquDToUge78RIY/Xqm+lyt1htjSPJZep0JdayiA2+Tp+wuTRITUoBHDdg8EhvMsx9BDle8K3+jPV/aoKiu/mAX4U+JTfxwlxtdAddbUHV82i+oFfUd24tACa69HGCEQXIRFvHhm/mbvdMmrErbe7Snw2Q0dTEbaN8g6OVnhAT1FiXZ8Xdrli8e3c7w3lKyvO8VBtBq7gdoxYokrglKxhsfsFgZNrRXPIQrG9D2brPLpPkQM0vNegZs5agJMxm9A3O1fjUS7eDrKGA89UJ7TH2gketq1h9GYtcOYVz3JjnlmwSAtCTArb70e93R64sH89FwQzeHsHDVoiyfmNvldsHsct3WM7/utym3c5TObwEcrgNluZ9fMDlAWMuWJhO5dc/Z77+ngX3qCsAkB/C0gcHhDy4gWbYqm/xZxn3PcqD5eBiWZfHzdeg7xhaz2NyHBzPKSYVYSUaaVSlGIhtGJY+/aoG15eLXTAAQMPK3mZ2WHsZ7qRsUZNu4Ni/pZEFY/PGMfVnCC3cDzNx+0IU58AxwvLLZ4Zp+fyszvnManCWZZls+7ROpVYuqPQj6ebZ4/kL2IbQKVdmeM5IrpTUQ4Et/p5Xm/Oz4wkJB1vRxc5uQosRZkuya86sGdQSJY7kbnluZGVPHPbH+/LR5UXi54tjKcpCeN8siUeZC9kkQf9fmUGcIU0NIvHHLgpGvm2JOFn36WUg2Aq2a3IDmeTb0UxDnEBjCUy1NVw6X74B947ybTKas7cBHByolBVcbxfls4LPGTbYwXJb5g4CYN5uqi6f8m4hGIM1EEAIJB4ry5XTV+U1qSmat06S/L32Sgm8L4ZseYlPGCxZf/pLkiyF1sUC3D/o6uE8gIxxYkawUfEKcViyQ1wmK8oh3AzVfEUlsEZCheuDf4D8uMs9kih/jCu7C+EK5j/hAjduQMzHpsLmksXEnXWM/NXVvYj1B8b1AFDdHUoqkkLcl2N+b0bnvzoh4dbVKv6Zf6pc7SSrFraLixxBaq8YEAz0ddS6jTwIK1cjS+QdhvfbB8tz6famsXl5XA1+o7g4rCLWKpZGxyNJO2zNFQxw1wOikDMXSgCPHOSf8Ly8SLTcX/BnR95wfinm52WIH+C/k8PmrUO0hjnhmAJs519gZQeXUplW+SnalzNfhqT3OxM/DA4bdG0mYg4o/iybIJsCP/Tk2OF1B8XE2t87ahz3sv8llLQ2eRHQQ1PN0QlRejvakjs/p28Uq8nX6eQgjf9OYRC7pDBpN+NIQecqSikxvMPe3wAcB6m51lL7W3gk/3OvxtUGiuz9GdE5Dqif97Z6cwoqmSwMDhprtZWD2cFVD73pPt6t7o59ZFOwvhfu22WCLk4g9wJOVNKBlAfvhjTzfvjWeLY0tc/yqfW7vZpcsTKUfopg+uSxoU7y8/+tXyjP5B1A8Hp7bj7Cc+zX7m/VGp3bqjNPbUyu7n7z62G8AwuVhNRXIeCmS7OTHkRNNC9vf0lPaocYu/nHeRQCYq9dwnv0NjfoBaDKZRFd6UE005F/rLGbs5oQ/m9q9nAiBp0drTPo+WRNwNPALJb/7cGY7mVbUQ99DiF0tYwo2+XKcl3Ej+AZD9V9PMdlCRdrZ5jf9RBRNTbO0DzAdvLog9/lNCuTl7htBRa+kYxXUIbd/B0UYAuzDArCBXMtH1u7UsNjF+AoqCUUcBhr/8mWXQUeU8pqDtnPt3H4yhAw/D0Cxhzz3gvzAO9jxnHkd8O8zjt3MQ3eaQ2ICeJ01FzUUh5XwKmjE5YGPCUShhcqvKDKqELx8o6ytwZkR4VTo87IMOL0XG3ogsKeIjACRRx3ISYrbJW2tdqysOk0V2EbNXahFt2N0f38znjUYMH8RJeWGJMW5WdWci5GAymQdI7BeHEFK5T4DDqrVi4ZRgr6WIBjYOsJrwzXj6TOXdUDOG1417q64JOOXnzEkUyIDhFxSZjle32FKjL+xJZuQhscRPGhDIFLi9MDddDi+keKwpAuMY0mVuI7OJECMsVcYj0+kS1lCfERmo8tZKNfkb6Ux7qR1NFWP9tf31P+UN1OJS9IT8VcRaBJbbMPT4UFccVAD4x6Q+zos9Cbbivxf5No49TkqHO6s74gWGUmC1Rk8V7QFfbz9vh8pv9qjxZJKQZCxztXmR7aTD5YMa8haX/mkF6ED9ALqiLQkZDsFmOKE/S6K8FhLYgFqZE7XzfuVGHzPbAc3eolSoNYRbIIaEaDFlYqciyjUsOgoVZrK2738NS7tE1JW3qQbBR+ABM7ycjSApojWMgYZVsH83cCQWyWHYo6J+N5vdpy3NwDKAhTVkjcnQKmKj2hl/ienGjradmUXK8gfXYLP6/sET++BxCfEs+LfB/sgMG7Ky0xsg3XuzCUrivo3Uv4aimxjz1qiq8QB07ZxRBUqkRHpp3SClx3ZV3dDefh6valTv3U6L/MVWUBJ/na4M3s0ypfOu1VdnfhnnVZZDV1xA/EN6lcChamb7kco4v3xg38C8Gt15Gok+NjW4vDBTERw7YqE20bB2g/a5cdIDKNuWEWmjAmk+vcKrYsKhe7FnppLesBGAUvZpogL+YR8TC87irNipBgEZ3TojUXUZUo3aU9iO8WKbMUUI6/U2rSpZFUGQoS8Q6gPnFR8G82kAd6GS7XpCgV0Jb+cM6AMzlOElhP6e5pei+A6YLUvwYyxbbMLLWBHIwDv389QFqeJFrqqPeTcR17yePpIESrQ259B1Xk0uAuDPyxCLL1S6KZpu3nLdFttN1H6iXhoFWcp0Q4vyvrIGgEvz3fkQFT8fUe/BvIjCRKUDHH1JEZOD0jUNMq4c5qJl6pvBGWj1IfUjpZ0WEruPSobBgYSV/vn3JXGMtpUOqKhXBZDu3RUKLa1XWYKXLQu7yI9Ujn0FATEgIj9fA5iGgo7tvjqd9XHOBhuyHtChQjrJic78EeK9glJC9tlCFG73mU9tYzU/G5G06lVkDamVRDG7+MBBPjHiT/StcLkH5p5muYTVm5nKKWjpyA5joFsDL4HjxVqTAimthVElHry5ZrspviceXCYtQd3x/9AJpLU5Rm/8kwQCbbxBDO7auibAvLX4dj7rGJ1Zcwgw3WY0tOcGT0e4wk9+34jiqhFzzlH8vaZWoHWcyS9c52pdFW3nTaaUGNG6CIk9pkdPOxT5p0RYC2R2r1S6XoT/fAgJU4rJpAS0xeybcQvVgVCSXQ1ylJI76UXLzDcweTvMq3+uo3tnrJ4fQveWSi5XlZrlXllmOlmFoa48mS9XPwkgxnRKqyoBzK7PPJ6VLrVief3nV2RVdERPP4ZMZRTYHMk+qgHXAfJZhmn5BeAGIxaOS5ZLYUz8DWY0bF8kUDg+GDHeJqvgDDDwTGm37PkNs0ILfjYCQiN1bmWe3uoIS/fOb4BFp38dUl8WgUEm8/yQcbhazXLf+ZuKuX2uiGqfH0P9IfhSRJvxUm5IHgd6gaTiO4JqPyImfvvBuBHPg+cGGq0/muH3pccf+P/92eu4v22slSyjFVSXWmxllLRcEz1TdT9gNKYa027mBoZCbv6jog6S98nok2GSK0OFLuGUaeM4gzKda8HBGDFWDWrfiBJfX3uwGF18sGkMMwwWNKvwZQv/jbIEGVO4DMOgmphGGE4D7w+rTwjHxELKyx3FKtXDrarnjw5NU/QSV4Zl9c+zZsfcNR9GH685jMWndcknCV1c8+oLHZeIEUHbhbWT9GiX3plzbTr/cT0HqisIf9k0r+1iZDibKbxvc1Q+rfvp4/AcSXjQr/3/1pFCPDKyZH+zNfGNbIvtqD6jOhnsFZL+Mjk/i9sAkMLAQ364jkvv0H7b8rX1N3XmOgJ2ZmdoHHWdquxlv3djvzKAFlgM8lhsTOL2b8OUozQ3ALp6rVhK57AFXFkmYb0u8AGK9GV//ZMw6Q63Upq3XeGhh8UhI8MiBIE7jSCXqJjypzSMoO9+CatHnQO5j5uqS50tEdC+PFJuTylDd80Px7pLMKjdf2nScmN0rtF7+NGd2jkljMvP51IyW1dQk/l9p1hWK6yC4qszthUUNiN9eXIMAii0V8jBvKTx/Wr9fgLuLTWVV+A+DLQN02lErlT1oXPdP0tb6O/nj06MGKaEwZ2hsq7fT354YWg1hswAEjc0IYQxFyzs/bdkWVUQG95p9YU07ojEOH0YF5WMHBz0gB05Xp8dIjVhS7CMIDtjzRTQ28jQbag2pfC3F8JIWnO3gfgYPsy7tcvRmIdaNd9CDxEjSCvSTgawrIaZ3aUGSJr/vKoWTBde35tGy82yM39iJcHm68/vLgniejI29podi0pT7yCxMJSyN/ey4u1D/YDQ0MGSpGenZ3CZH3pQIMZh8geu1ZBqztsCOet7+cJhirCj4aKJrZm+IiTwnpMPHZ3Nv26z8e8PINAs0drOmiU1V2DENmeBtZjZVss40LS/zRUap+ISru+SxEzvfJv6kNjZdzThhZ5GjJPjj+5hbY9Xvq+a5wlFJdYEuuBMJO0Iq9/SGX2zY5Ev0zj+g0ECwddbIWR1hcJyQ6weiMrYL2ejSnS59U1pdALTTF3W0XfRhyrnFJdz8tpEv67Y3Jv1MU/5+10iJR3ljzeOUdbW/K13Hsw3PV5ZuZ/A1q2nB3AYUDPJBuOw4zCBEzF43nmftvh7lPJO/FFt32q96Z4VLnItE0jWkrmVezwYmPfIYzK+btB2pw0AFaf8QH4+l6GC4YFQGG95fI21301OuHzUUrkSeqAmxcOOe/bByTyYgWxQZiPwGFGg/Vn2L3sX0ZhTDQ8rvYm0aBcXYi6qdU0UtcAgrN/QbklF3MH8jFUa5aYIpiMJsQWCgNWQXPJQP/VnNiSVLfPKhbManqUfTchaS1i5GmUpUtt2aax6sq5eMP5G2chQWSFZ99DzGiKIxnOUhTFUJTj2bQvAcEPCwHyxyU3/AVP5HJGpgx7/AvmsJDCy3bgHJoyCg3ZDuo07y/1nBOAmrd32sWVmMV9dJhZ/WFyM3TixHHS6ysV2muQTpW9GrnUUASm7KzQNs+0tvpGjJJzzInhFjI+NsNZTk44M203MjXB552jTB51hr9dGONsknF7jzp1gUBnL6NrTGgg7tr5+Nj4adMlW2Vx87KMiqyoxYrtQHDWJODixvYouuvQIrRzKbo9136DyG/t8TBhN46tpdBpq2ekr48ACBzCyCx1El8a5lVg7Mgi16BRNKT5cff53FnRuPrBYlsvMGu58qHDLB6lR+5r0AWTbl7Wxai0UKpgb4+ZOd3GJfzCsbbihan1K6tOwVo3xjxBG5HMZCoEUwk2nS64PmXc9lYPC09oeTzCG3uRb6y+rBi1MESJTtZthhNuKlm+Vf68euq2AsqkdFHl00veaje+NawYAgIh5cRkhORvm2fsRb1Vysfvku6+AGSqFultZDXPVVRCHfty+AGW/vEpnnDEzcM+a7K+LIWdQKVY+qm9351DZH386cakiQjmPQhEMLPuOSxz84X3pYzjDb7MiUCPKfnsIwEpVug9rDBk7rBCk2PI1Iwz4vGJKrIpMJJXnz8aFUdnsRSpTQ4s0TgfpSXXQaTAhL0ng1z6UzOjZ6CbMk2A/fEYhIS2mT3ObYsnZxfeJypd+bR4VZpciFI/X2letgdBbp+H4Orm9iI85vA+ZT6UZHbnkviBkq9uSYw1jgy5liRpWbXhXQQn5khX6izs8dqG6QUT0/HntGyrwLojy8ioW0KZjm5XgULflY81TYW5oHpFpB66fYrujNTpEbc7lryvdsJ3Qz4NIvCGSzuKx0lEGSlvXlo9l+AJtd7qQrk8i9ia/xVI/P4NU9LkL1RD4K3EXj+5NGNuVOw4HmPrO99z99CWdfU6w3hf4fCRaIbr2u9U224xQ8x3BlGW+LpVFTxx4dI1oFYTKl5jWfLyo42aF4mPYgOJZvqUTU2YsohuRdMLJxa/8Cj8Q2CJtW/Dc0S3GECAyys69+I9Xq4tQCq+7b10H+Ufcf72LPvfQplo1Y2ScO7RZfofdd4iyd0NzV4l5bIIbd2pRZfdgAfkB05+tT/BcP8j/XbcNcVqgsn84eFnR5gze3ETcWz/qvWevVL4rrWVi08RpbnnVkbtPlCWDEPRT+kwo0N5EfMR2l6Tr8NecZx7zYo3B7kjKUqxtgW3U1tINQYivuZ57uTxnkulVgHBbDg5J4ha3oQIPPpGbilcEKtyJ5AHhXwiVsNrXpkoRi+rAhfTSUE3kycDSCx77++myhut3Wzqv2SO4GbgokSCKrHeBNlFLeVc1UTQhZ+kQjNmZDyiWudVoRymZTrUAoMvwrNJVVA2dVFIh1kYxsk9h5PYmjQDKOa/vvBixcgBx+pk6aarCjjNMe6r/DmuNa6m8KvgfF1CuCUj5XI5pJaiQCYp+QPsVhoHwMYnWk02wpkOGtMTboie17AFkI11vETjwd+VPd4apcyqw6L0ZZ1qHkl0uDpWOGRUkvcb16tgU7ITauXF8IalqBTmA73y/YwodlSoZCVjTWhfI4kjnUH5t2bmJVlJyb8ZPsKEElGSlKMsB0odshwsdJcLKVNtxE2eBb25v6YtESSSPAiZhvVu6MSGiwu6yYp49r6/3JbA6yVhea86nDCm12qFy3vedUyQzzfM+5pG2QFB6Cb4kA8M/xVsfh1MYwutEplfCZOVp7epeT0dvAn/a1MZT0M8M7Nup6JnbqVneRGFgHsezd2lr5N9n9Ible7bYMhfbHfKQFiVN+NTyRVFJi+J/iQzpwyiin7TsS6epy07nOclSoYx4O22HyygLz9z9ftREsZW1l1obfqJYMrXDjIr9E85KTLtEbWJrTW3kykq7XWAgilcyJhC9Bsmiu9Q/CWGOGTzvSfnS5dxJ7omZaVSumElLmovJjWj+LC2tRDN2hxq/ROJAAsE/oZ4KGfVeIOjs9iY8HJJfsZO4hI9sHTzHFL25kiAtA9RwAdd75Rj/6WNBgS1yQh+uCcwriUPts3SlojXt09Ok5V1XmuL1dZILPU+NpiwtFb3abVAT1oiYsRc87JNTOWqucaqQijwUFga3fjLe6C1VHKYANjY0C+15G38crLSUyEmO60fhNoSJV0ho+njOfBJ78lMwbo/Y+4OM4bDX5Q5zPS9FIti6foqnKi7d8NmW5U/QD1FSRgH/vqfoEPxOy388pQ36euhyXj1eu+3WOh9PkNRUBIvkzibKAvvuBgDkryQuOvrCuMq8baKXdGV/OWJdFRlv5mDHs+kJcNeuKY3ekViLTu7C376cWRZFzVodq6bizKrZHL36R+KrxYfZKWMfLiCw/i9oCQ+VkfPRWAL/zYTh3DSrdasZ1l7O9Qdz9ZGFyVRuyv9SWCVuX166FV86kABaTRMEZxUXYHEuMpsC/k37p6TFinDDjGDJUlNaigBVEW/UuUK5A8UG4P5n2Y4CNY3L4I2AzBO/Xp2712SzvaXFS8ufk8G6y/oSqgUoQ0zwteR2yQDsbeSFjaLB2AP32LqIPFWUZa2kLa10P1x3VgzjnMYt5RLUf6o6nIIK0YLB40zy2Ye3t+3O1Crr46mTyI2agVHQUjJlxvZjac/nh34xpqTSs6Hdojd+afuSmA9Fari+qRRxBIpUb95ySqXjVujlhktF0WGEv35Z/YFYR2rj8J7vFVR9xUmrQeJhfyF1Gj9t7JcOlnd/42iLzr1JSfl6jm5xRNaSYSHhD3eJuany0O/piQMz+U51GHozAmDIFyTbayOzSkk+O6z8oi8bqQHrarElv7eC77grLthbp4KXxVjiza8m8qQ48/pZyN7kbW0hROEeTc6fmNIWhx31vmRr9i0J7aWUzcm6o13kPTupovy7/jiQZy623ylqbUyhyBLFpEpHQS9DOosdei1qqPj6wpsql54oT6uCsKxUGpsar7ASPK5G/Z0NfESa/aH5glxru0AjcgdCopPo8wLyLf1uwKAJRB8VKdXdmCJ3bjttAO8/luCxKLhsDbdaPmixlZJIGim9FvmKzxDiubXz4XYqi4Cu6yoX695frlQysl2HI3VteFnnn8Lqf1+fy6fOyPqqZ3rGljeI1q9ktLPgLX4JqzSUv4yUDiQtaRNA/5QeIsHK4KnMy5m7+5C1DHsWwLfOuqJ8eTTUbDSyyxOV0mVCK/7kWQM+Y2NOYV1N/koCHJvzsLJAft7Ga6/D8NucHvTS6mVEEtZiqsF5SWlV7pOP/WvyuWX9yhMydGf+IUe8IWgmV8USXPD8ndkDAj4jl71oj/0ZCI0+pjcCy4xsog8kzGhBvE977Ck+tywb1I7P7IyUU527DfRWiDZQB/1L+FrEIfnetWtp2p95zm7rzydX9QHWdDIuxq+FIEEpa+vUFhuCNywWpuNcCl1NajQWsOvDuPy+WZHXAkWIXez7rB8FyJKPROjRpptXhFsYllY2ZHrO5OJr1OI7nsjesG1g8q1R0wLVYkmEsmFGk50hzUEcJA0QnJyUXp+bW83dqlvwuUc2oQWRdyqRx8IpdH5tdp82A1cjX5Iq4e8NlOoN1Fyiwq0Ij6204KZLYxQ+Eue4bN/4Z5C/k2RZlzjJotjuazEifC0FUadC0WIPCpFZUuIClwQIz/w+0hqIGDiF1DOkQVrPCrp29M+GDsyNGVY1IMh4V8fqjPHmXc56NXtRTCNIJyMPit6P17YHEBKQsACWgQcw6u/Wxwlxz2INRW4XOqNTRg1SVu1OvxG5yJ43DVDxw0jiBReFhPKxVn+3eeA8pvWgb0A1YDLB7qebBElTkqG729CzIsvPp6oNrCUOOPEPOXEEDdcHAK5IF95hPft42UAGii6pzKpyKTbTgCApaRZsIqTsnFDez17gv7Q80FdPYvRxnwfz1CyoQ+mMurdMV9Y/TBj1WI5X1P5iwlA19y7JJlvFqrT6mcMvpAw6aT0vr4r8sBerAnfFIKGhFyFEY9Xoh9Jw1fA/JhdITdnxlolEoZfPzDUfULrlyThyWKiZ+MAF4YgE4aQFP+ThBun7n3LozLFTLI86uwIMkQTkn5GFUxV8oxE6pmRw9YN6ktG9Kud1rfCCaH6hWFPSTAaKteNuuO88jUACHyjfeh2RYHfrUZBeYcxYY5X9ZUHJG8w1dfNk0TtLNm29w8VcAFYFVP8O1m/H2MWF/7GVJ+m5GDNl9Yk5nRAD/N4cywjOlJuxY9k/c0yv1INW1AfC1jl/1Sg5veF1T0See7iFKnK6ZMLPT1Xf9RX/OUL2/jYoNKNC68NScOfR2vzsWPeGKk3orFj+9QX95XiXscwOSM6JTPGEhFL3zVlmjaCErH2CDW7OzOqKV0bppABG9pEGsWR0K8wjECMBVfW7hzsgLs/AIbe2wlj01iAZG5Cw3XnnGukQuWMByZk1WByo0T1yPzxK9UNLODkb+AgVBnIOLLBib9hHROA9o39AKDEOHwVPdrPKCkHvqaaty1h2m3fTjq/dE8kVMRr660fFa4C/Wjyp/B8BY5DG/B/c0XzT6IC1s5y2yTNYfwMARNeZAg4dUdHadwHjrMd2UIwQpq/6vxF+7ImkIlpa2TKbwzoGpsBVRQWJ1RHpFiTQ76i3TYKcBbLdxtHhGeNa4c9R6GQdt7Ce3ml15DjrT6AYlf5zTiZayrg7dL5W3jm3WHHv0T3lHgthxHLfOLscxfmhWiw+gkD5x3QMOlKvVWaSmQrdSm0h95zGJegbj1pnLu2EV1Jnu2d/nbEp6uAv5DnL6kfvFaay4Do01YJ8yZCve6xJKqEVPXLjkTU+4cwnX5FM/GbuSc82aFOPcmXznkcxAjZ9wKwRptQKqQJrlWYfkhT1Fm717enUOigNRfJhdI4mo0b7TuCm7EDXGx3hiEIM65QvEMTgP9ckvWjOeEBy1VWe/dvVJU+kjEMX/ytxb/OvAA7S0kxKcx0HQ4MPr7kaZNGH3Jl9BgTe4611XMs6q4cn1skRPXOLtqgGq+fY/8aAdlVYMSA9qA2+sCz9WzkekA+lG+zyJvByTm0LZ8d8DFMGUHb2qCAucF6VOxW6VCmK2/uMmxEqf7HW5xBAa5c7pSVtyt0UIF+OJ811NixDV787i2JdPibKut3HXTBFSMVfvUct5BK15EwkOW+Yoi/aze0qXLmoUaDIHL3pHyWIYrk+vxfS/06mw974g8oDmHSAyCVMU27MAKf7n/8boZ3YhA2Qu6nEGo4WdeGl1CGPZUhIoJYU8nNLoOfgmeA8iUxSkm1E2j/tdaM6eKcPaUHApEX1TCHy5yR9bOjxwbq9ig3vBdrlcOkqxt23GihM+LrZl/VnhePtGQd1N7iJdO2UyQ4GljA4C2WKxRHyd9+OePv9ozjwJ8MTV7Tagj0+dhFmuUE2VTwghcneABO+bMYib53rj3GdcAUtZFncPWG1dN8EOhv+1eRsg8KiBVFmMUAjWQfoCDon/l4xPQwhvnxqtCWv8xPBqU/Ajb5GTLeM3oBQcaNWLbihTvdT5b8/FxrHmD+RaNCAgCYREQ3T10T1jLrJl/QI7I6rEI399tlWvV8GpJKgGHKa4zHmuvnIo4sKt/tOSGbLQB+CL2FoiQEX1hnZKG2RpFnUhlJGtrEDhc+kS+gzDacY/+qg1+4CX1JuazqiaBvlNcnMybA0aisc8GpIFdfti/HJwaCzU7UEBUxxuSRKk0G1saVTTc4eO62R6EB8Hgh5NeWknfd7SDtOvL7GC90PavTSs6/bWmb6VePyvNFjEgrRFe9KBvmDMPpSPZoywEm1twM/E9U+1ue+gmgfFwWISb//lV+XuQsDmS7i+RYYD47jVe9AtKGpvOCdLJpW1FFzGMm1MfZNQzAEVonCIUD7nTIKhxPBWzGC7SlU8fiQoIYFgIsiHUtS0ZX/Z6BnSqzM//Ij4RtHtjhUhHd0vzjN1vrjpStgu1IOmlkH0Od2e2CZ1NETlidnZFHhNHk+B/9MVlaoor6qzPyqGFYtk3kshmzyrH1a01oglSBI92lDr84L1AgNEbOHXX/YG0S08cXmTSJibYqCd9nqP5RxYmsUII4bCnTY4g56foT476kof6GuZt6cHv0lnerUrHHNtt5YfpsyHKjH/ONLR8I3dCexStsljJPYwvgnyLRNBF0JIAO2CT7RSb0UzC5GN2qHj08bhY4g2R5VZ/dBxBtQQJxuxdUqevVIQHNupX354sMmVQc7hdmDKjoJgzFtkopxayFyA2FyYb/K8F+cMG6p1ueX8dycGeJvqj5w6l88q5EE3BPTy6cerjs4IlrQzJT1RTIQhv5QidNvg/39jeBGueKeNm5DCAeS6srT0ryw8Jg2vC8+qAtwlbPoWXSRFjRi5SbkWsbqajoD4lq3RsChtfrgFCRz+Kv+ezEdbgfrH3/w18TcdXdyaWadAuBsFundCZ7Tc2tJ/iPTPDNr5La9eIr23CZ9UC2J5n9i5I6LveYobOOSmXz1fxKvgMofQ6Q4j2hLQHDiRGCWUWoDusDwJT+ctRh9L6a80b+DBo9ZSZxkl5qhFlnfqYge541ud4f+rYlvHW4GjlTrJTHxhoIsIU40Z0atSAJYaJEGnNsp0O4skpI/a6HYepSjV3Omdvku0Basdb/q0IDKYLdaz8T4sEoM73tdGX/jUd1mCktcVGFHXCSVYgH7cghn19v6V/vDHEn3f1//z+4g5AWHc1UWBbmT1NfElhM0+9pM48+FDGiksFt7PlZPYpfAswRSUeH+brO3dtjryRMuESef5/ccvmdK2WBwA6059igfhXM5VYgFyUR3c1z7FCpFlpg237AUE+o1qZmhuS4shM3wzzVgznGMhsrM6wkiVTOn02E+fm52lS59lheC32GdUlcoNbGB8cCKU1DQpsxLFxvP+sh5+NgmvNz+6u3XFK0DpJ78TKz1gnJwKNlARTtMlvA6NWe2vXVagDjUnS+sEnbcKhMdABX0FiqVy5k/7abgmo7AemqHS4vOxmTALe1fUmiTlGNydOi/8XYlNDMtO/yNZB5GCqUXqu9iWE/f1xxFwKjKMbPk1fVmZvw8oeLwpfOUYwpNzOFyAZohkR0kt/YMfcsq/LL9B20SN+g26/xDZZKFfo5TqSqP+HIbAdSAdo1V/nT35RROvsbX0QmsM7e1arcAtdVLzb5Yn2sVoQ1SFNzltCWBmi9JwOWtTdUzNW9swRiEo3v5toXpJ8O8Ha7ag4GsLQKVjDzGiOF6kgB4O/5hjmr0ceYx60gNOZ6SepV0tbTFol61L8oKVMIvvT1tXxCgsJIupbZ9fOFIbIdY3Mlf63fBSZWA05X6jn0U/ktDG/ZWhitRiVaHVyX1VJ/wO5fWXzu97dKGCHztXd0Fa7WLSYTaCLQIQ+KguH3JRbr4aFXqQdzn3HPjYjlHms+l+4EDGAShSuDUEzij0YcX8e0i+CJOe7I4R3RghMKMM2UbEwnymoBcQjv0ybC/r3S97AESCWFJ0rL57F4ghke5Uj5h/mcKvJdJ6RJYxCP5T0Jkyqtg+QfMjTgsIgXw0ZhPwZDEejL3RaHBhb3aZ4n13MEqN2XRU/Oi1o5L0R0xgQnMJUM6zNU2IkBxv0ul1R67pMXxvwsC+9ki8uybGbq+sD4Pqm6XkBQUXDmgerMX4GmlCNwdQsVRnWs8Q/fI11XjkVdyAXDJl8v0kvW0Oei4+X1FyN9cHQxKNxHbDqQw6v4xV/Nbu95nMHcEVt5YnPHsy/qBJMJh/DNn1k3twLQaYndTwatU9MR0Skohr3tsUns2Tp43bhqGQ2JdRx5aK8CbJT+S3ZSYfy3WKjaR6hb193hLSugeVx0f8WnOQRI/8ObIPfaSJNCAAn66mqP6U31+I+CV3AbjGmNCRa4XzBldaXF8Gn8Wdc3J2lknNGX9w7IWPVP8FYX+Hg68zADdcZCYfL3AydYAirWQgDZQHxpCy5hmFNOAaOgVtZzyZ1ezFqGdZ/bhfcxJWB5BCxsXsgJxlqaJAjSR/lcSswv4YSX5/QFqLnaMd3AGjIPEbvWyrxxm2fWkbYKLfoGQLNx9iO+owUlCs+yHsdB4Jhyv7/B2YwACY5TLflZfLmb2ldf56XYjPtpCQJQ/MKpXjcVlGNsWvKG9hOGG/gqVl/2FddKcTU960Y7yjRzwL7zYmk9+C0e/37ogViItFVl8o1n03+yyUFXV236+h2DXds8xA8Xq0ndUXtxnTDAct29QcceghG8odMFGSTU9xTPs79WQ1j/tIwFc0CR4JX/OoLJ66NyUGoPyN/0O0Zbv6IivUbiS0jJwshftMzQB8UtikHBaRSchRZvu65YIyVo0U5VTSIdwo8VrtdyzOGTIxFFRQ/6nCydQ2PRPHZjHdPB6kWTPr/RrdIHrv/TPF7kgcf/OXCtgfmnp8RYM1WMfgP+JBYtym/OMavCnPhrXHc8v/GaVoMhSxkCkwI/0g6fZ/KPH2e+B8t7FgXJ4A5kgHDC/Eozj1mDzd08CqUt0UqdpL0N4b8VTnzYwMC3LIE/F8RKuo4IAJcGoArQkNXIJrJ9AjcpgpbVw2stIwjavmxNrwZxoaVMnFF7JW41rWedjT0LeqhemXq04b9qGRozGQKaOY3t444uOfK3o9m5I6hW8vtrwUEjviSxoAn/Kltf2EVhYL9kRs9Jg21YCM0/5dxJm/NHa5R+7oECZdm9jnqXA7L14vqXGW8NdUMKxm7sHqX8d/+eV7FqxdG2l883r70kzPGhr3z5M3w64iPWVbQmrPBqMiUaeH5VD4E69ODwI7T8OQkuvadEomVFR290JnjJ1gP45DilUBdQ4DvHARNvRo3s7VwzAaQaTHYgC7FzjI7e07e3tSKXC9+NrYwUtnO9YYBA157IInXa89nwJ3RgeFMM2JhsduDQWZoXTYYcBP2fL/IhhBhzbGZ7yGK/ru+9l8kKopj+3XUhN7gknm8lnJmxwDhFfh9wd2F7HjrSFMk9hlQEL7Id0+IuEhqkiCg58SKUS0IpUGdAxYRTh1v6GliQabIdS1ly0PDKX0DOMNNFjktNvlwGjvPF8ew1+7Bg0qirYnleKJJflL9WwwaB+e8oLhS8U361miDE9+MbEoV/bd+0kBaFEGG5HDbCC+/D03Tm9UlW2kos9Ix2RtNyE/y80BNVn8d53l4HOfYyu1T/FqVX0kRn5lSJpXvxL7TxhY7nlAzV/FLHqsqRLPvsFX3LZpR5LdOQ1CyymUp+h3aSfNRxtKApadAPON1emk4tz7p2uIGxkmCdNh6Elr3wwZFFaKZyRpr5ittn2WKBbNzX5tbs1wcY8trSJhmGscLXUMkrUDH2lnXec1d+ZRw1uUYvbQ01rUpAGV+rqvROYZ8dwLst9jBUvygedGjseV6lhS9QKAiUdFhwz1hwnqNKGwHpsR711+OoODlmR123QM1vCD2ddmc6TrtwRXZ1TtAJQ7wJjuv/JEqmoC75ijm5Vw5ECijsNH+7lkRiaYni39stHF1g3jzU5a5TySykoHLJjaChCBbza3edkn7m2GjSrlhQ2j0/WYZvp9REIOME5UIMio6CJPX3v/sp8BXDBKnGtLiY541+hJ2syaH4GPux7Wh9O0rnl2hEDQ7Rm2RAS1GDesBN6/4FjybWPW2XABFLtI9E/lEuwwUwIcs678YvGem45W/3nALffcXzSRBFiOURE84elMpWwCVQS7hyGqgIl8xxdGjLKn429lQHPm2obXjvnuj7kaWvK8GIKt5FHLtgCJSoR/twSr8+MDt+X9cfOpKwAOGa2Y9Qd1eEfGxmPWlA2bcI7N7/Q201jA6nQHD9ocx24gGPjRHimE7X+56fgH9AlRiWr7/vXB8Wqg1BqUmU5hnZhwBslq6EZajorPOqJOQUzglCC2B+zlbxi/CsUtel9OYHvDD3OfcI8MeeDrp2FkWw+GPZ2vt5K2uwxaq94KE5LfmN6OIaCo4E+ZqbXHs06PiEWRavs5frLKtmhItT6sR8/W0/9EjxIfGHP+HXeLWVFS9QwkCjLjnkZ/zuOGrby6vOdCrDNypgU+zQJ875n6xCLB1w8WJASlP/acptF2mzpbn/ohNbKq0g0y7qzbd/V97cCtLx5TPFCND4HEXIe6x8iz/T5o+G+W0n4EKtwNX+sJJAfp6ptVLZRaOEjPNVKKJPKVL+vIR/nTqvX4DVkSo/ibdfPxhiGerMhT6lfqjBIabdff8kXLQ3K3+qP4bv3PD31TAkX8Ay/H2KgY/FjFfYEFD5f4PGy8vA7jl7E2Slh4d25bxshYZHeWfH90e//iatqqDzvpyAKC4EqfyOv6KPHlBWT/zt/uBtG7hjmAp1Hz5oWqg4aANWwxCfJGMtbRgYqln1T8t7BJ33oud2BaUlR03vVbvXJ+HMAMDA68iUkkxzW50SAvr2OpA3a+vxF/C+kYToBh/0tEHwoO0byUTnX2Ost0H4UpIcvjk+9ZJ9QQu/GxUmbJ111BKkEpGuOrc470qJ4iaZXjn3StCCCp+77gZadsVK2bSMR8xcGrmxXk/5uNLvn/+AWWSYLviiQQEpqUj0XQMonOC2rgttghrr4wOjKq6Ii+iWG6QmJS1fr5K8kIeDhHJkSuvQ4dPTNDutFQl/Gi87RGXEcxHZ+QGTwlgtZ/I37sS6fViRE8Cw+K2dyFlzUQIFm58Z5c4/x+o7T0HOeA37ADz733Klu4IPJRLFkUxjI35/XQ705W05lHkRPXADbWbyj7qD4NYk8K+X/5982Hg6H3Emd4S6KwSf5IFfbFG8oO82g2qfN01ucZcmqTyIMF4GabQyU3reoxsbQqoDP14iVDn+tyFqD6Rh98g5BudQTuaLVXPz+BgYvy6QGn6XPX1BJUnIAos1OF314SkJoUstvHPPWBQ98Q1aV8TMp1pd8xPSj5g4v74TU/KZJv+UMt2+DuPzw9loz6OgPs8HhWM9SRxL4GtpKK5dF8BkoIs9YLXYjvyYnU4EU+ppwTgWusITER7g5ToS5JndUuZvBP8qvng1h0YhWFd0dofU8lArWKqzco2pFeVcM/Ynth8IJlxLZDbfjgFhnuvE9u4wV504TDdNgfKFVULeqHHfKFF94Go56/nuk2ZceaLM9fiuWPOyqYZ/Jag/lHL44FIzu7+0fH0Vf6N3Dq46doFGUqgB/LUPqrGsvmqSOAAfOZ73RBLA6cFtP9pIV5AzR2wniPCBybPOmWsNzEPck/FMlxBNc1sAq3/Mij1NVx2J1uOWisaMSdLfYLlT5V/S8gpjH9z1ON83LP1dAsGgNb01NQKZMx5glGclBI/aEPqO+IS/jD4GbIh4A9CjeLhD1Mgv7rz40+YD/Vs7z7NJTasprzS0s5/8Axl8qcAxgfigBv0nQWlSxcNKa3Ta7Z4UJVG0bHO812bIjhfcTfxJAdkaN+rvbyaXlecZP3H2eWTtuFNOJ7thviwMN2cOAPx1DCaFMQ1fbJaePRKStbLhUzV1vR9IDYGdfDBM7KZwip1J6TsEvb/SZcyM3vaS0fxTMwmS+P7LGx7WY2sIQf9dv3JSKNW/RZjUus2D/lJwvgVrevTuShM0XlT80oC5xAZvps8yGVMPWNFmjujG3jnFzE4RjOASbR//sWJGeKT4SKQaTqCpK/sDf5zFJSX8Ze+/+jnukuQtjj99v7XTAzM2wEzi9fmrIvNNuVaraom9xBPsYCJHapi8P/GZJ56Mmdp8/lUzYkuRVB9ARHZAEIOP6oSssZxTBqJ4hD6AMTcoD+MUxXUjnmsZyMf6PHL6zPfQU6rZns0yzVFghJubebN8r7XPLFoMrgQmERTqarcRdMc7h9r6+pbov0vVEhddpkO9hPgTh82QZzrTpAR5Els2sinUY2pOw6PJ6IRltZWg73q+pIB20PQjLmsBPszkGCBV33+nuCdyGqfEhyFFcrjtnhynQ99WRFZoMQwdCAa9udrb/ThzbPpx2HqtNQ1UBOBXyt5sV13vpn8yV6TaTkGPTS1fFXVgUHAjKtd3pMevhDCsoBKtsFctVghY6XGW0LgwvDPH1s/54mUAWvnOO4is/aACCVjJInIezEkOphXkI8vk8QRMkyH3FS+flkBToHAIdFQBjEqImEvreuHcb5Rzs/dBA0AX9cJc/TpLFcSP3E7qvVmONr4/B4ZBso9RqPAzLheZ4RP9W32lkf6mtL1gf+kWfAFJJFq1PxrE5dpXYqBi+zMTy/0aKuS+2QPdbLAr4nfnVx3/uR74RmLMHisDw0SF+ejD35VfnroreZQ8LXswgv7+NC+7jv06D92mAP9wDWW57+nU+FZCRQmR2PQsMR1GpuJrhSh2HGSPa3ZpJz6KLA+vJtIOSmcZMNRb3qB2gr6BS7W9F/Vl5cZwOxpd36DTD/4r1tzRfE0/ZL2gBXHsNSI1tTR6FGItjM1pEjeHvaeaonzaBNd2zngxD1qRuvPS9O8RgDXbKmCLSVytA0WKVzloULRgETiHIihkjmm81omixCeXa8YwWzVrw+Llu256cL6TnJnNR0Lsw2VV/6qXfb4fCu/LUb6UtgcrPYHq7Fue5Q05N8c4IL9BUpQpAnSil7bQhuKw9g8Jwb9ZEeC/5NqHZg+/oc+YJcn5/d0tGwPyt6lHVTAcmXIxpTkTqQ/zUHie0HBjBChWgQZ/WtZ6dK686B/rk91P6f0MNXvJP0WNxn94c+At+guX1bzzs8+rr9UqeSAYS/CLwA5bZcwtFtqtK/g1jXQY6lFG9VKBevlGNKs8G5TN/5h6ryVJlWBL9GvO4x1DJvCI1omWb2itSdTXD1G9z7Ups+6qIitJIMLd13KpFKWDrocx3aQHkx0q+R4O3cBc7aVuE7h9B5mg7yX8WxCdn4L6W3VqfvN1eJtf+3kZrihaJyGT7VKN3OVEWs2PBB+WS5VFO/0yLeBT2yvRUSSnkvPiWIIAHhP80AQbNcKiQyfAC9K0zHPsoeYss/2LYac1pDCFOpDYVUr/RbqKXTnQbn+Qakb4lVd8FzlXtNrSwc0Hdc/DkPYmHnZOPNbFuYmRbiZum+uNL7tS99w37V4XWiIoxfA3sDM61cQVDJzbWS+v1fb7Mi66Dol4ZozB8t1CpFoE9F//KyZMhyfUrzwp+Bv6he+T/B3DIv4VF5a3hXmmx7pc2RWOk8mTyQzfmFXxoIfkNL5R2yM8BiSkyQMZlpsr0g7P6YPm53XCqSMKrK/Ry9bODVF6zPRXqVQEdw4jfH9TyGIS1XqW632baqspA/lIbko8eUGKHSsDtQL+CQoHlpSXIkXVI5Z9NTnpJs6qhcRDjYsp8jJsYROlxJwzUHC20puQkhtbdmOjzH5zkQIUnndIUKGS+rmH0+l966CWg+E/ECrTlo9Y3nXTn7Jq/FrDZh04I4NFP5VwBBQ7Z0+hqYkNDuf9wvFfGSiHoCxkswvKF/DXXPzuCKlUu6EiCW29toecP+osCPHEfEWbUYCz2lJvau8LAMYa+hSo+xVF9EsYc+PBawV9mCgRynU7e68vP0XQd9WlDy9QPb/sMdQAXU6mGfqs6o6sioVatm+KfIHZQcLxTZ/TESIm1830pBbQY6GeHGauEyH6at6ad6mS2HNV2kfq+xtgSyzDB5VsPwZxhkWjhBvpM/J0+ddK7Ec0MQl7I0bp/L6TSq91M/GWfgn+b/+MOHzoQYxXo1zZDc2fTljTks8N54dwGEcZaN12T0cOk6ca9QdzRe57fPpyI3B69fFovGyw87Qx+uEHqBOb0ez4mWXvohfksp1sMQKhtciHnPAcn0lLjL/zHzzcY6hwPIHdjmN6MQLN08X07PD34anNjfkexekEYHxxMb+IQUdi3bhMU++rEpFskC1VuCnzS60jUcy3u/sbUaytAo2eZr0Vh2Sy1v0zQkIg7WT1QHzFUylFnA6ktUc9Ccf9uJOaPZ9DvdKM/84LuqKrVAtaDCzivEcgvvxJIrQVaM00ryWqSkbuXnTOGX5mxUrdtmpeP7SpSfoNA18/JLiW/sxijdKRD6cfbvXw8gYglEh+RaGhYOG1udzvG30qyOxLfBmCDqUr4+AJ4LFV9h7/g/ioD0O6V3ntZfc/qXtuJeNTWbpjVeCq+Dm7TuBxIo/NDSZi2L5kFUEHnWEeAGPSvTXttq8Tkqo1qOqHj+13Qcx43wo0VTIcrrsIoLtlmFLGy38ijSZBoPOvAPxq9w+LOQ7PGlEaFfE8OCDPFKiXwhcOzmwZ3PtZFe8es6W9RloYo35ZciRlFy5DEYs3guaukGZ0I6iNaH9qJvSLBSySQQr8Nyh+q07XmjhnyobVLVXD6xbZqVd5ycYo5RUpL0QSzWGTcD8/JtTARXuChudKO7hU9deN/ziGXYGBwEiV/dfXO02VdoHLpBSV+tup/R09l3O6tf3Bj3arPhtb6Suj+OUpuJicGQfNSUdCEXMhtcPlZL59ZAG98WsOIc1FeFyjKH2bSttfcvrMWckkhwEwaZ4IlYwkCZOS+Gcn7G7OIGQsVwj1V1UqnLzJid2lfV+k34GN4SJY2LU8w6l1hwSCXiuCJjeTvno/5ztoWOY2xDnjS+CSkNBbT+22FU16mMWUKmoWzKOv1iLXnTiR/ME4KvB+cGqcs2Io1z8UdQGCBv4hYr8LPeErhw1qysvAfnup4Y1eTnnLyUZkXQzFljAeSfD0fZdI3dYSaUlOnj/r3ycAvXgEKFGs2f96wJsPVTq745+VxCRFiaB6ApJkRd9RSMQKYbFCKP+IyG4OvXT00ekVyTR7BXyYbBrD5CuR067HiN3NzkBgzG3J6R41n1yVPSU+WeDyWOOVTkYU7rKAkbyeLtZXU45WY6u6jD6/wO+s2UzALaox6yzXeuVCISu7usWUgv4Eq3wsr1Ya/s9LAOqMeUkbnEz85TC4XLM5Z51nRmmooJrNN0eTqo5ZOoiZex+VVvojcnaoPt3F0Z99TtycTyOyej5n56I2Jd62otVtun3FPx82zGbUD4wIEawsp9LreuU0xIMlqOmKW+ffX3zJBK8LD35m968Cpu8FNEg2OcFTFOcXMsbLhAYiu8tsT5HvaYnlQtId+asl/Bdp5ccIQQICf0HGuk2qLFRfjI0MsPmy0e9ynhb946EDIz7+xkoROVBaIVIchuQL6Az9DDhVFO8X7uZzff+N5BL42mGprqrh5dvexe7+bN1nbqQw+AcmE4nJaSb4wffGwb3Z7U0l6C4m9PVabv6Z+wJTacuXzeRIPe7HZziMuXQuo9lYaCLh3r4I2Dz6MGkm65gqB+LvUJUxyrwJr+IF23P5cjlYR9Awg9EJiY/vZvI6+IQ3l8q7KlXUlYNfvJuvSV/v4E8bLzGOOF/Yl85kzkPaK1fAExp8daWkRx6+8ig5Yc5DNJz9PByDw2odrakWIr1djGgYFihBiV+XWV5rhA0ynh5j+LX/1RbeFbE0nXh2g0Tcl47pg6UZdCNwzCr5Z6UMbS3MknNGPPtK1Ustm4r8ePTXivrZM4YRPPoqzXfgScjW9llXZ1a7zyO9jCXUTgGjjvDISpc4PR00OdTAMPR4/nbKml3CduFbDDA44zz1IFhBy8FqLznxOhhcgcybk4s/IaFx8ZgqT7OuZ0dsVZxKA0/MFsyeLrL9r0hII2YKmJmblW2+85TfZgyc6eW6bBtJXZ7OJjJWSVZCwxJ+sMqIl8zqQf/G9fJeel37alS0uz5dp2akuYzmrakkFypvlCmXwT7w++JgrC7xP1UP2ST6eaweLfsA7nsxSmIbyCSratpI1KwMxzL4Dc+ueRKdDE2RxFOmTlDeMxp/J/ePa5NYoZaKYZ8/svrKIZOdyEt6nunG9/zqPRn0SWBgZP5KNJ/YXIeka6j9UBwXvY6WsmiJqXuiDzPwW5CKP8LrWJFq7YwRPaBd5FfTSUBfFRa7GX0NW4c7ofcjejZ4DXb349HuxaNoGkO1qwO3IJvmSiRjCiEXAfuqofnwKQZECtlTIVd6sL5tDuMfMWDxvDMBP22DCO0Hj4n5gbNEbRq0Z6gqYfr8QpC2dCELAXLG21w+PiapD7eNdBK/x9ckE1/PZ560IHY5JNpy/kuEU9jlb4R7S9xkpx+5iJAR2F3q1v4WobLwPv3XbVaIyL8J98j1+eDv5akGpYQRGdzh3kbIhH/TEvpLBMQmDmT4nb+jKKa/rl4MhGhOHNwg7ccqdC6sjyNUoufOjpJie6TMkyHzUU3/M7CLL/lXpp7FeX2fUvqmzjeAJys1/O3A8pDTJGkYbl9lupMf/QwhHB9Awdfw1xGPtaE0qdgPaMFRYP/SYNc2+rH3wvN2cZ+cDEuBxFs9Qg4/WO+G5N1Ba6KsdIvVnFKXN5GS1Mus3GckbVeyQY1wM9l5XsImTMPwx6QqdJyvBPa6XR7J/ghuJApHynHOIy09eSy4QCzM7oX7i3BC+LmA/FNLG0Sy7VabYz81GVcd8AkwhulWT2N4zzHk710Cl9Kv9jjoeVROMgZ840baVYtM0k5KG6g2+BV/7QBRHP1c6iBkewuRAcC/Tyu/9jiMx3LgJk/yEGCOPrSbcm7JsF3aVVQBEEEoK/ckx+J3azeGhl1dOXmrWS9X+KFaXJZMBCEXQKD16dPe37ik4QTVv8Q0IodP/6geXSyC1RWOjBjLZ9K/+Vy9C3AwwM1HVkT+FhP7x8PslOctmq8w3ePkfp9w3mANQQZ+KiGaov6UFeziFW66MObrT2S3yQz+PSLkkYNs2hCWvAxlGsAWUj8Kfmo4Jmt5wDtcgMIHRByaP+MQ2pfiKssWNzz1NoQx7H+T8sANTELIRpCv2Lh3wf4GooTeGeRUpCn2iG0QVUm6FENwgMiYmDxXjgb1vcuUysbA3tWNMga3667PgnWgkaD/KuulR3D51yPxvqK8kL4u2OpqO6fnOoC735D0+1uxUzdtvH/pFawNHAcpwL9PerN2sIqyweO7RFytcbXzl7YCYJkeLpuaL4/x7RhnXOkSI8tftChdf16mpxB0lKCL6y3RTU02L+0+19vQAFaVuz++wQ09Mhblwyi2RAnuRiycLySfCN9ZuZ552HVAksp5LkEDylfxF6iLeiBWq/a73sduZWMn/qIz7KptzZYw8caqWYLWktnfNpgm+4QhUwwvXbIitkN/KCC0aGg0MJEfZMxe3tp9GCMVqaGYQo3+EEfU94+q0PAwG0eKAHfJi6uzzxX0FhDyNHkoCkY2D+3X2iP+vHDMfX4+onmY5jGUhGmhZ/ozJWGBIE1zNYpjN+FDjgdoOsdYr7QJtOd+Zs0XzfB5JcG2Mzs7xtKwjeZjC3wsCX9dWxo5asbCBfKwAE8Ypj+imq1Clh6oQ0HKpU/R5X83ifas66vAZ6ERv0p7ASsxg95sK66x4pYUfxUg1AcaEHnT679Wf/Gh8ZeMgCyl/rWd+It8LYbEs5U6ceVbmilcExhtjOFxjoZyXovD8jT1HAWwvSm1lp+5yySy48NPSLKC81ETaxK/q6CoVWEZHN/2SMtgZQPGQCxaQhsWdB3P1FdQIlI2i7x4jzib6XgkuimlZ0VOqGLUHuEji5FBdcBOwhR5hOVn0CmirE8v1ATC2krC/vO2seQmQl3fGPkorx3GVpptfP62yAmBpjsXG2h28GqdVrAnzBrXWslp2hzEZSxywT0L8FQVfelYJuAVMQ7A3IbHAy7wJ+5ZVRpj/miZ5DUkoviFGfKMU26u+TBT8Xfxj22a5oVzBKydb94OSiH0xZu5iXfnrz/u6CJ+mnokanpxFha1HFijE2DoKGLcrDlriNxzt/sHX5pLusLZcYp8GuvmK4m6308g5/iHyAlEGvBYGXvRZj+QKz5iv7ykpS3ZAHLIdvwLNEBYkCPwy5Pni+FENy1xu44ERdNx0DVwxMCWtxUBmQWc3V1w7nv2SfrcWK7/YeYZv8pW+7IMPI3qWPQSpaGfRGQCPfGEi/Y1zTvXijI/tWdImUfYcViA4eN/UzgQipjMUPJruzDCu8Nu4xbYKx9QuCWu7dWpi/D4IR8Glov5i7pldc3N0TL5OiiJFRDV9AzDk14q0BUabKFV+exUU5kYgbP0Xty8WMa62fm2AaaHJ8dLO1CqpHwXeEw3DMS7qe0wEzMgUZAvz0yn10MbiePn9Ffx4dOlK1V9zlUdJQvebzcKevQqoW6/vjHoNTm+qivT6LqnXtICTXpgUZs36ru6wILGv1csJgcw/xNt+xURmcLSRE/eSy6nqSQ0OnrPBfLtKdTq0W1Q0BRZEEWBuygHS8kuAOMypdzOYAb6qUBG5kHC8xe6zZcdS4woJFyvSbMUwFvQ5cRj1taWSTG8wo2U+NvyYoDmmOJbe17sIqGjdMAjbBjZemIRBZQCGKn3oJiDHOlx5tHnZkDY+TsHZ55piBE5dCYontUksvRNvPOjNBANPNnPSc004JK8gnpede7Usm5lyMeeJpi7iqXhPt49hm3gb0I8b9M2bGK89lccjhqkofHwV1y3ANVlCbNV8ZMswWW7XH5N7CEvC7cEFpPcw4T9jICvJSc05+1vKuve9kH0O2fkU+cHkpYG9I9rEXKX2xBvyTiMQo/3FVF1R9ETfm4iKBlD/lET9VuP6Nng7ynyqlKdYQj8mDliuO5V0jyjuXyibtMci+Vk+K9YBeNfH3KQ0wiJP7b1G8vUIhEcO2823DeCMWH2ExMM8e1C4LaoQApMbO2/uuh/7ERLpGuhXASDt8DtfhOfkyI+n+dYuW99mBdKQt7A5Uf4+yFpiqBg4nz0lZquXHLeYhRK0mpCb6oIQAf6Za09n51y1QYe45w+xUoWZBMVa339oh+EfFoXqg/9XGhitSnRxKi1f2VzV5HdLmJtV80JtPzSI9gJIDEySZXXiyKPoloe5OK1Gbd13FXTZzr5V7zxL6QQVpcC/EjDAK+4zWtXGjjDM9f9Pd8ClQXAyPo+9F6BfeqGpQcJ3CZBGlQnCV17Gh2h73nBgNFcV2euqXneuNSxsbCxbTKm0xD0r+A+Jd1XcEtPHcWhGUtVpbJ21b7knYA7q9Hf4IJe4LwP/nU/ODczgXG5BDWkQBeYfvxBfglBdZ8vd/bXbLCVgTwk9Nn008kbcgy+Uqhzz1+bQjVWY2XW5eZ7PI8AbVLlQSSyb55tOawhlV8fIhsd168Ku6zskiKTrff7s0fAYVduQz/F8cyzJCGo72ZJWe1v8o9xmK5IQvmvGEz3OTVxaEcF8r1xr7DPaQnF5ChkwrGcXmmtKvLboczYE4sqIfgN+1/aomxDIPxvNNJQmix8PXW4CcRZeg/cB9PhSVeNrE91Twsr5xlFdAcHffIigDaRf3JOtzmhEHc+CYkoTuQ7KKDPVH5kiWonC6Fe0sQ2uz12X5mZGrL5G3nAFulrYDarnTyny5m9CWEakgGsY4FTJA5buZmypxoRh48Rh/aFyMimoWae77gClrSe92CCDcIwlgQlufmJilO7U21r4WL/GuUmAIokDLWsecj1i80xc5Jkk0fL8qNZSaorKVhibelalgMUQIwZlD7c7dzA2csocvaXNwU7n2t7q47YyhQGC5f1UWrPHB6G4mOxAc2ZGOxl6pU0cD8PXderLcgt2s3itX9AS1CJofsrY8mrNaY7iNzj6cilEB9cKpZ1uEXMzSqsBnue3WlNEbOQQVJBf80168QHIewrob1IlUm80xM5sRm3iy5R8eiLZv2km2QmQuxqnNvWpjzPk7CbhkECkqSUIAxsr1Nw2X+R8vN3/c2eBcPNmLois4wW69wTYhENJvLWFq7IzqiRpNcWVv41dLOtF6avbiD+mD7zV6VPpP4eoH7Xi9xOmNSl4vrGdUrLgNy7UlSt5sornW6Vw8W/dR4ZzeJaJ8WK5xOUYgqPdwkyhoUxhCGRuraFvAaVKdz8L6NiQUYCvlfglSSyg8rnlU1cs570Z0pUNfuUonO6IFrSlfuCrVHvrD8El8ai8zk6+0aoIS4posesNoIifYYABcT39/jrGEKSo0adpzBKp1T/3L+mK39pHyhIJf99gvGyRBIErqsM03Xxt/+U4Wc7zuxShe94aNj8FkD9Ou9dIfhhPPUWWhxBcZbp3DJ5PvLJPHucatU3K7zipr/wljnmp2m6j+LwLJd251IGu4SdnonLN6vbKvmiAonBbrY6BF4dTZz/mjrl7wXVoXVbuctioc1Xpj+Zm92/6HEVJrtzZ4APRqxrhP7Fqb+bh1Fg+j/fgaY0AipqBPFnB4ko1CxknbbEGMmcXjkTX8rlZFDf5hx64LdO2MoMwf+GpJFSseYUdeDug1K4Jj8ApLmOWNilfp/Qn7q5r9R+HwEzedVAOLncmeoScc0PJhamtopBZlvqW2SPO638MMQ7DgXgwpDgVZcCQQIPmcqq7rTU1Q7CkFm5wB5T0HovL1k31Zfb0H0jqHW3pxpLp9xUAWL8+eW89rk6ztjmCR79GuJrnvrOoWj7Ex8V9gyc8j64YPBPm3SiDVoEHWXqD3yb6Ym5+2vwguH4JUspmitSWA/Ur2VvRS3aiX46k02o9dRlbNJkHzdmMEe1fhiNAjvzpavmXxrF3brlbsn8X3YU8DA+6VUb4n789Vp4+GCeB+13CuoZPDEkLjCWKi5Pa7vqxAxl84X829cgy30oNM2kyuXjnjsriXQ5mRvEmlm8LFjgZZE7QZL+5UEblk8TeDKZV75xxnrRYubny5+Litx6vpzYvUCwrEWMOzyXG14gDLNbdyhLRGKftDx+gSY0x0U4nWhBz/MRqH8hJDQtpNF6cZ+Cox1MBpYP1dcgN25XV2O2Gza8qW3MzQTYH7OaXL/qbsn2kAfmJav+/ksD5L9Gxp8f9MHJb38xpKWSOHQP+O9JeKI9le0vWzdBuR2zGF3kbXX/DCEcL+dX4Ug9K1z4vJyXgAIp3RvF+k2rPnm5wlubf5U67HP5cgqftl1f4qpPVDi8ui6AeFmzmleD2mVzW0xQU4ba24VD/vTQRauYjKN1DQTcXlLNmnyvEWHca7X0C+PhYx08gnWWYqoe158vOZcjg0cCX284xzWmUrf6l3T/+OyvK3wvxRRMIHlelDy5sIp2XxR1E5lbsPHX4OY5WRFgQiRULmnaTXVr4qw1VuH0XVbxrwaPh9X7Y9FV6SPEi7b0LW9+7yY+cGH//JmKL/GeBy3K4hiSXqNfdoH37GQFdU6M3xr7QApwpe5/UvNVSxXNik/3eSlw5zD2R50yZ4zlx7wbT65DWHmN8iwLwyPsBgUcYGesHoKGNEOnCwUtgfCSw/GGvnybnt5evQU5RXF78uBREcdD8hIX6xJ4MFHD1y43ogjG/Z6itTZPkClGzi7LqWkQxe4YwGL9pLZfTpXVagufNvqVMa+V+S9AgSdTF9MynjgJ2Hc1+zfRB30s71XMQDlkNQfwLigkuZFjaoesaGoyzklZwl3ofpRGVn02QnL6M47Cbyb50oW83bGen0N7rIt+9FYKysaK+C+Y5yLQ4INAmyhh/cyeWRZdetheTUlV6ydfEOHh104D7j30RkcKIfLS2C1iY+0qbFNkYB7khqCPHq+d5AAPneX3s1Vw6e0IqvaCxOqTEVDclFEZLl8vdy9eZW3iJQFbgs77ikb6l2vRXa23Go/Q3nZC3LryLJtBbgT7Dc8AQZlKqnBmJmqTtRZb0IfbULv71UMp7CAZX4EUX9UQK9JNosnnPUeeeQCslY4VaqAgrrA9rM44Hfew9z3/G6EglEpvpWwjRZZvS9pgvVpT/kUEb8rYAqXYSFVqFgHp/xv32OHx1o9onan04pZT/5/+ZPYKmOCikZUfdam/GY0yn54F35Ujl60wiydSkPiKKJgCXJJlfxU+DMqBZWJK3XRem3xB62aKLSn1zMtQudAsazIjNI4gI84EhUOTxl0jeLgA8b/CpBHaC7h3v0PaVoqgiIkw7BOzeYjiC1qIQmkSaiTV2D4myURqHJeeEtl3Vm+nzIBNNNdAzJ4G2wdZIpUfS3bzFQw3yPYnnb8i/4xVyUxiyItsWdBEbOmCWwx907Av+7irieUkvXuu2VJzgHeYqXICV4OB5lpauHa1Xrwt+77l7xV7rMNuW9yl7MNOgs7B3cR1PmQYBkd/woXZk2xG6c/3iabB2Izoi0z2XUVUqnSiM8ySnrIx/j3aojdOnjyG7icEW0e0jtq7J3sMr33DkXt+0DGSqyQ9sHYL4ra4zyOK0k9dXOkXcWSheDSYXEpDtSb3zGSRZe7glhmaaQYLdEUTMOO+P3Ok03Q1RVzlOuzOoyemNMiZsJhaV0kBIhmOVD7aX6avjwJVQWV7uQ4DWZQRg12OiyacQ4GUmJdM4iRWIN+/9BYJMEeSG4RSFINSzsa+z5hstLckBkrTiWp7JH10ijQrC8NuVpvq/vWW8G3t6IHqnTU3FdMhT9e4Dkm8pO9BZzOGVjjRJpuWx0uz/w6CB1uBaQ2c8zcRcYRA4yIGATrM/2tSphtwIgTTwth479uadlF6d6PHKosMU+g17fcveOuHHQTPWAazNy10lIYGzhaEH7tGUFpnpAVWVXnFFgcoYZREbng5qvoEgqDnBUyTfhYHLOH03v05sDwR64R8CDixel7y4UJlO7eqvZRKVZHJxkhs65zJH5FveerD/BIxRKRxP7FjD6yIJU3OBSIw9Aj+wanV1g22VAWMuMWr0+PoA30OqNAvJDbb19b9vMkk7GcM6G5i5AcuQjglEOOf3QXgJN6pMkdhAiUlfXV7xM6Razq+NVHTSp1v8YiiNULtHMiTAqi8I0nxb866WDPOVXnhHV8rZ/cuW5j3R/vH0CSlYFNsD74qvteYLJBDqES6QBdc3wq0DuReiwSn34t9KszgHl/x9Er/uytbeCR7FnjHLFqYQSjRxDdRQo6KYWsK/ldkvGFsCZP1PRb1xWYgEsjLGLgVGRU2tctjS/SaZa8cFtJAugsDHf5J0zSnQz1v+a4tUt9gy+4LCZRP9DRXawF9NtZpmmTHWtzi8ylgATsndnM/2grcf00WtGqvIVxfdSXH1Onn66GSfkYDwhrshMZZLbPPwMT81ebIubF7K/11IEBeOgdsyd/0LnDgNSk80H/Hpx//rUICzxGXF9QKm5XlS5rRgnTS70QAghFRwI/OsZFJWOePO4/mqnIfhIhEHbkd+ymENGRpwld71jYGSNkyU2IYr+saxRH8utWa5ZyMOVhVLI28Hz3Vs6WjQpSNU+WGFP6guBnMIL7RS+rvJ/PANfDttfJSAgaQAsjXKjyEfq9AeucjMHn0NQ6T8xzWkZc25Lf1fjxYDKtqd1jEjtV9IM98Lq4SEgvQt1gQgWjWH1bhE4VcdWEwl5HqNF0QKxtLn31XBJpP/8p0f3DYNpvM7ZXqPTsah0kOr6WLc11xkwR8iIzxWv4zJ6/2h44kH+rqSWNf5WUWXqbnLGZWQgpOhMC6cM3E/Td6ZkSM7TA1vv9zLr2SXhjh9fPAU0TRIIQPrFCF1v4V6MOMkXC8yoMA+x3jRoDMoxgFE6sEsG3jJFMDCVTSGOPD+CjSL+fnlPRjZVXI/ERfOp/PztI4VrMHrKGYa0zAOKmteYF7jYRTTC7q2VJobhx1qQh39ZkVXlt/3qvH3Ix0hEQkAn/5wPVuf4opnDo443rrzAX1m7wcXXGWg3XrhZGh0/w+fH5YRc81ohb/tffoNRfpUaj8NSVD82hXHEZaBv/NkS7wDk0jKLaCp/D1gLxVgs1p4KaMTlPD1wUklG4xjA9BakYkzJziRLVUwBfvZfa0jwtjzbWadIaRsbc0mLoqFHCKHt79syChRSCZPpIBR8qg6MwUfhySKlfNwjdkJfr185QEIskI0bfY0b1b28nisPttSDoPOIEBFGWkOfYpE0CkC35CehzKBHpyj+gpzdSmFhkSrHgLGRlhcCqQsOJVaB4yYJ/VZBsPN4K/Supvj+U9X9RfWsJCFFrxST3HIJSeMDKLsR2l3wQnE7Sm0BQ1wgbXRe6ImF/ONnU9dSQ7c9mBaNFLtrXyRmOMd2mwEVp4siHc+eD5FFIph4cSsYFw014+AlCpCtKt9q2N9NLR1/2ZKq/ilkII1DIC+lwhIPh0E3W0G5W+po5/7RnwTpdYq10tk+Vxr9Lgi+8Ft3N+1sCy/4O+C4f8DwK9NKEY9/8BLlcE/nfoKNa9uP6fQyj/Pyg7XGIxDcW+voIM/ffqB/78H/zfm+7/jmDI/yHJf4fOJt/r/w5D/w7VRVPV/30aAv8fBP13ONn+Har+/0/4yzr4+1xgky626Pv/vYy/nxGoyf+9x9rMzcm70YzPtvfpF5yf/v+HU//dStL/in9/9+/Att/9fwe2OpnBj82QVO93Btx2k708J0mL3py2Zm+m8X09nfZ9Gt4/6MELTJJ11Tr9xpyd+mn9OxVa/n39P+eg+6YC792n+T2abHORgbsum6t4L5v5+0j6f49C/3vk/TlP9uR/UPrfr4gwjy/LZRufMewTUsVqAsv4dbya96r3Jx38x8ksLYPjjdGOyvt9ev4Mko2NxkU52Nld+FhIVOgDlT+Oh1xyYihPbVerOPuBsWEWCN2kgx6TE7Qyv3sELAjCYClBEAdbElHdImeYcXUFBnAKMr2fQi1vK1xoLxPqXvOixHKSZW2d8S+Mosy/fPzx9/EKoYsHP7ClC8SVVHNV198yrJQsbTcIHhp2+69L1x80BGpUbowUILmBqfMHcCbS1dVVT5TrKL693F8T448bcu7sL6nDhIDX+NDw0XHHzLBi9l3eYagw/qIxSARJeQJTMMagrCDWNQz6acSf3P8L5gWDClruMfr4zTpChitSJPE/DQFHQk64fkwEupan0SJRgEc8cwB4CPajvqKQ4fGclu/jZ40IqPTSAY5U4yzk7eEJ9pzHDb+cSxEcHx6tI0DJB1jnkvEdB7Jswhkpztr9X5BRnVxKlxewmfyoI2shibBUzOgeKyMn13ayuhbdv1On9/AZYhJEbhnaf8+7BAIlDmf/k+/K2LuSsjjPorxfusNMK4UV1mgcE7P6WDOjb841C0cASgvkT9PVHo8eBZFMdwAhDQFKwd6w5eM9OCkViIehtB+6nyJD7BfMLv0tKN9s94/2tNRYErL8JeMa9y1bTPuBkMT0Idti4bElBy4TGHV+SNH+lla8UEnecW1s5UnVxEhAztfQLyp+Gt6+N/PVSRENLKb0nVI0K8sDw1OD8PII+Ni+uXp3GApBisf71mAmR5vuFjbQYyAY2embllgGJW0tBb9g3XMfHyhAzYnNj+STTZowVjq4ZaKYFAdCgVOAR1dVDm7KpkcHoBNpM19K7RcrVfPWSwosKLw83Q9Ho6BvXk/JEarb2JttUIwDdmmlJE7oCJ7hPf34M88ODbhvBwh8ergD7yc1dypcVXLQB5cc7nZOobyIBU9RVW9q0tiqJ17N8hbc9bvoBfmUR3SW+9x5ayBVRpA6m6ZOy5kKwWOhfzEAX9bNVNuMnH0AA8cqmvkqtVD7oKAXXkp6+5uzMkkpZzerI90kDQJw6IcxTCUNvnSfNvIj3vZfGm2j6+UkGEpuOTIV/BD/O9QJk7OX7Ha4Nu3tdke3ksIu+Tel+pmbxVi8rQdBEC+t01hR05NjAi6VemFnpzZpbBeqsakzPe03kKlWf1sTjKR5N7VzvTzv4vrQ62ByFpGKCTslR+s0uIQS/lIUvSE1geU7bIQsG61sm64yJa8aHK0CNz5VQC2bE9ROmV6GfwuXH1nE+jR5o1JfbRVyBzKEZzf2q6UJqdf7Qf+tTxILFo70pzFH8opLRn+5MyMSY2D/XGQeOI3VkCXYJG6jo18rjvhLO7cwzD9WldemorDlldF0J35h4Rc4Te4e6rwpF1Oe+OqXAXNkK2wnM8js+j1Cz1lmtgK/AfOhUt+PeFegLcKqfYtj3GEqGAFrTho1Ps/DiuKJZtfaLNtECJ+pi/9c0e6XVSphJzZF4nqYeyXFcE9g+xjbAGtGWtOnZa9vche2Wxyn0xeFmtcRaAvcNVXafOAfrWabQXI7VjPcj9mfRqZtC+dd1Pe9iZ7KajxpKN3EHEALKNi/QzSOE/eFMSXZCBpFGzJ9td1rOAQldidPbS4mFgWru1e9qzpjpRV4jcwPfSjo7DYhy13CYZt63r7CPmIIhIpsZqj65D/NKtL72ts+LUTukn+U7GOw8s+UsFRjTOlT4ylW1lBKipH/9ard2Mjvj/qblKkT22SF02JC5F8Le9BJlsGKjPw8S/JSkhtbqmW6go2WHGlgNNH4Td9PoKzsnDzQgH4wEJnyeEUQ8cLiTuOyoryzZLPrD69cc+UQIQyu0rNF93A7XKsnrITvTberxguujaWHpR/KXBqPJ7/Y5qZldenWOHlU7q4JlqPP+DTJpHfJqNzud6zVhBd4pFdWaYs0O5Wz8YM2+FnNzdV8e3JQf+c0FsueYsV+ipKf+rU4fqdtEUs2WCiORo/5YFGg7QJ6/OwFq7NNaip98Bcs2beXOqZHgIC+BAL5nrhgwVhQpt2ZNTRthtnM1zZ34qQlAf+FxVPxKpflYM2b9p/CSjMkebYKzJ9HF7ZXTpkJjchAEBUYQCqc0mpo43P6fi8W8OBVDn2ijXgXzTGBoFw68xA6530ctq5RWQUIOETyb78l1Onb3iP8FN2tSJPGH/Ed2yiR9U4hmfyQ2VXlVLfqm2Bymm1H70mwN/dxl8mrLvYC9rJi+6OemRXEDRhVf9QHDbIyTudR6oFNqMsum7LXlMh9qcg5Y6jeDgvOSDMODmeNRtU/NxAj9xcbX8J9/JbYxAvjfCOUk9UOgMUN/k0wWELd+Il9PwWw5rf5Z+XYi6uzUH86lsxTuM/lFRhC4PT1/1qv91wtMpBaCVX+taLhwgKtN3C1Iz5MKRTysQ2qaDPCR5ea+vpLM79thPfpBv8HaF583+5EZlC+3yoxBmJBwVRS58NxAW0UxrmhK6llLp/fdBj/C5RN5sF8FhJINWF/LCD5T2DZfipeVhW13qs0XUAInl7fZ1oHiflCsIVIgT3Id/3qEuh5ItifjX+X9ZTxhDR7lQK5XhrQTqyPE9/iyHKxnVl0prnb83wTvc1cXqIJVpCtbROMlDrdt5yzF3H7mhOIlguSmHQ//+hj52F7nk97GuqjRWkDt195lYb70KDlryJT8AjZL8BX6rpELKvzTtN0rOnwG+tFoTeopVv2LKPWczS5wu81HsivV5aRpTSou3JET13u5ez+IBDfjzGNe9PmYTvyaPsonqKp1jf5ykJN/WWs0C0HkgR4iza41wr0gaQ2G61ilkvF3BI5u6YgHswWcjWfdB453/uaZcogm7+q+dhgllj6IH1PlanAzndZ3/tYBfpAeEytYc2iztpsUpm3qNNtM9ULXsclwjZy9F3VcbwuLAkKYJ9LManl1Y6HkkKSv++bienLPX+OT62uCBy1m/9qYhCYR7Lx5ZTLdl3+p2WEQ3phOG5bF2Ffif/Bzc/2hE+GV0RWWHZp6nj0Oeodu4f3lCEeWKyudr9J2yQq8lobkWeYU4tFFiLVv/yUfZnt517FpvFyn9mRoRn8v0JroUZ+5z6H8DMmn4I1ep9I3m2sP1K3yIhzR4evegVkD0aYH2cv/ZakfXe+P358kXIvyxRddaudIIRGxyrWJfxzO5n+A1zRyO9j/wWr/TUgWPYqU4TkN2ZWV7p3BIgerWulw8wF+qtEiWSBoLN9n4u42CL+fNrIql7QcrpnHPfPaoXYEvdR4OWvsXm4vxnDrH0WVMIZ5j4GWoN0sSD2kN9+JrGJO27vzWS2jv30h/qkk7GGN9lfBFaLshxzyMVflzgRngsfIm1Bkf2VYzKfr3jTOo8vuhXifb1rxtwGnBlcZBvdfVZnjx2okTvh+o440MAk2CZ4rnDFnbpGwd8sL85GvVuUIOpYp3x47d7V8rr/KfFm9IT4F+hjYDxfl48NIYDxeoqhVl4+3S8gE3fnye5mbyHJTrYiTFkB7iWG4354j4mvNRFp0gWDnFAQ9aA1Gz8RNnMs55Gm92gxeZ/PrF52se1mQPlzx/mYLQItdI7ZbyTvKJKL4OdTP+3FbLIwOin1aH8RtsALRB3+TklBLKomCLjBtwS2Cqjo4Q8iaoIvzeOwHcD8tGgFztl9XUO61WjwhEvlFEZsnOk3X9cWWNkqCXBMgCHQTHU9krrEuiIwYU9VIFvmHHU0jCTA6CBMlIH3I1TnJsuvXcXN88wdrIeKHPOpucWsy0uA9hQGj3eLPHd9DblsN6G2U/inIKVvurpNFQXKL/5jd0UnSujXhAxbyC6Z4/RAWn5qd4aFn1v+tSCX5DLcRPz1EjlOiCSd5kSUp0ge1q/GxTh1vcGOu5d/RR1TkRo0TvXbzlrj88tOSwFirQAj67/GlhBhKmr1nTAI+PuvL0eFdJTP8vIdnG60iLYXrUKZD5xyeeglS3q6zCXfzyq06jBIspuoo41qGUeuxTS0f3aiyuYUd86gXCa3T5MP+8XVw7vr4H3etC2FZXDCwcqE6CtJj6Ihfy2PBLArJkHk+OmVYH1mmgYRZxVwnUbjXeZksJ3DrPc8bS1ESAtvcUB/h7HAR2J50CvHWn2gSuu8G66ENvjINOFn1SHr2X4Qm1DgzNiVNKu0xlmbAgcll1MUIMc1f3Z1Yvd506uSgTIV7BAdrOknrdOtZamzrDKD1u1bUugj07D2xvw5z9CJ/VtChuOziSlGew+HuRlR5Z//n7E8XJCD4BXM7USl5glgR6goGhuRKfLoS1Q13seMv6Y/QET/yLZOXaCitqVXdjlpoxJ7MqYblZ6Z58+HwBWm6Uixdvlabtr2bzG2mCnW+zdN3T7e8bt83+MgXUO+qaHN1W8bFNxlO+tM+4F8B/hT61MrjZB5bqQvKr7gXplzQ7Asi+GqNt8rAH4qcQFRJ7C+yEuGR054iTky4p7BDV+rutXPAp3z5SER+0s6dtmEhhYkQX+xQzPVWbPoPg/vMBD/L27ele+7uO63uJG1y6m0kTJcejKqMkEr9cXz8ktdk5EddqGPDLV2+5udPxgdUPE8Dd6zlzhU04lPucC1zGPRa4UloYoGvte1tfOKEJ8vrkp6G3eFoJYRi/3s3zAgYnZ4t9rxb5GSIpLcT/l14+K3SY/u+Tlw13RuoGUzlq3y/pzSFX9foysIgnaujoXWyrL9wsCmKG7NyovHEVuFa2TbD1bgVzOxTv+gIS8i6LhJHzJbgUwKqry0SgKu1XPC2oaZeAyBiwNg03KxCBQWIZ0yL0utaPUvSqx+aavQVAhRJhkTOcXNJXXYAqUc1e9WfvKeykx7tcZfkSM5iKkJVCTdK1+61sDY24yIvZw0L0gOzubBwJ7mh/TBowHmZ6mXUG69OpmOL1hdYwohuHtKh4svA6QWt5Lb38fGQfVoFa/OM8Ntfywn2meJM6jxJwzV1KFq+/KbuCebYECPngcRwU+bcoYLmUrMbjuCu+wz6dNeVxt7mQqpLw6WvrZ+SoAzLP1JPZAKFH5u89um9/ebzaiqLdEvZsUXyVjPkW6KvirDc8Fsh0LQB8nDay/Wvf0QrJQV1wnUKC6i7cY43I/GmkQ6OszcSh1rwohcRF8VCtukzm4hOgANRbgMBORfS7vVc2sz3kQ36HyOX2q2RPHazMlH6QsHE9WQF8Oxzk8X1yJ64Wu/Jz/VYqBjxy/4sUDXlQ849gLhPPMhReWEaCZ9Kw/cqR2HSl0a5VqFFxGmttSXa61aePZzI2LIyuy2JAZVbbzkn5E77tsSU2RBZvO85Z3xFf85aqcrXk1nRLgNwp4H2LC6tQPnhHR82ekb73Q5Kdqgg/7heuYqrUmC1EVfZcXQTaO/KYEpvF5MrUewufZKGgOv5rmuWuyliaL0VxJ1EVe+p5m1ZduCivRK5nYgCIpCQlwgWVEdJR1n9wwHoWZe1fTADZ+K2ZOEPqqkYfz+Ilb/RUdoAPzy6smLvxZzGF1QFA0uG2bQ59CuyLh8bk2lbxXVT0PWlx1TLtvqYAn1lcnYq8gm/3jAdTcxBMyyrRLsxazv/tAumCcI0uQudD+QT4aIKDGZUD+5B/OITBJb7hOAMGREyLSHf/ONsf1V7HS5XKGrliOcghhzvdzlE9Rb9dPIlw+6/7U+GyJR2cgsJf5GUkLGa8iEkJEhI2J1aUxPb97HB3e56Ds201qjjvpadK/n01U3S389roCoUFztk+zxHjZFyThtMWmFP1xygUHpTFiiWM6Lc/LxCl6BLJlVig8tN2JxZVXuiTAUpim25hpJInQom7KLryf8ZwBn6Ot6BgyiiixBnODswrMhY5/ClHR+TKhJ15dQOwndc7RLSfvT2krhCL+XQwk93jLAgqKr4b20ZWhok6ucQPZppHcBU2Ph/jFB7LeM1y71Pox/pMRyYuJUja/BZzVKbUfG8fJgiyTsRw2JKXqIv5AviL+vv/xAoV9Se0PqMWEgXSkOC3A8sj3Ouw1esgUEzSG0lCPuC8fcQoK+2ouXwP1Mwvl8RgsHfe58O159rKbnnuT2ADp68qv5cB5MWllc6L8NxsLznWedgaygBw7zgcFy4VfiBXMePqZWrGvnHpgTw6nDmIO41bAQYPSeZS/fw4qz6ikfVGUxI3q65UHB+SqFxRFPXJgi8q6ol9ddypeXSXX7GBAVWPHheAgQuSKRYXT4JiyaFVT6svn9gEEuFQuA3lkXP+oT3jV15C8cNRxHIJ3MBvlGNifwaq7VgtF2OT3xgdx9yPhSVedzaXpL7AdBP1/rZQPA4cmY5X8zva96p1JDa38XwBSOtrMETsp5GrhDUIh5HBBfKpp6PLPZbRbxaCdZzsC5VG0Okyt0lVlW+j8oCdKVKlDGKwDcnygJkJKHeyCzd0fDkXvZesEOb+D+J58IjBpNMsuySDuw2w4k8iJPnym/8URQSUPk93akIrhzBtz5hLWGOQ+rHZEhsJuk/tXxWlFkWh8nPsY9vUw2ecK8nBqUgy19r+5+zhw98UK3AQ1xQCHFwAx+42P7i+Wh+xS2z6/82Tnf2wwuzzrkno8kq6uAB9++1/u9OXPZQ45e2d1Mgu1qjBEJXA4pZdL4B6wn3Vw82z7J4yFN8hOILIv9PuVL1g04QlGFm0SQVmkyLz47plcbGOBKeB07JPHXEmMx4DnrlQTzQzEYnSu0/aEEQzhxAqPidrLtN/2w5l/DkeP6JQMGNj0l/3viMIoYl3uR1gebW/SQjSs2HStg6rJOxQu1G5MSE7H37d8nWMhKIJ/g1/w1B4FciKT95JcOWbS40l+9zl813/dpIgm0bhnQpMXQ9fHlnkG5HgO0kQCpY9yy299pfxDHA4NiPxF6uNlGcGfxGGNB1jNBWEs8JNYKkhiTAf54YMtJ4L35o3xXBEd+k5sP32BH7y5d8weOSe5HWS+upjGD+WH+CRKRCGrq/jSGTrCxqW6+L3ARqz3ozAEEUMInP0Pw+LLNzs8PeF0/fYqgGvGhj0d07hKA7O7/kvceS7PrSpfY02h4O4qeHNIUvauiLc7ovS36pxdQ+1z3379bEVIrNFDEPnG+ciQIZK5cK5EAMrjZkYjXnt6ng/v0EqRfs0ayznJe47u3kWHYxygYvpTvQpctvN9hWgl21/2Lr4G4RfBuzLJnS7EK8NvxNfavXnzA0oUlZVt+f/tEd78XzNK9ZkuSLFwz+5Lf36++XuJKkrl/mUqxl8aJm720pno7wqOg8pvd9KJ4tfPACT6alFg/UUrEo5urcl/VefMLxixwvgBZ9ekJ0wO5G+qt3DLV9UPUpnjwwQ1jYUiBHp18Or6Qh5EOKLTvWryqHvQ6I380NhvgoFd9Pg05mqG+K/FROy0pfaUs7l9NZtCGvr0+Bbxwap4nlQyPkCIGtt6xcZH9TZg8Yv9lxwZEGuX9Vxa2hiR1E4/kyOXUYs6IROsXRzyKjvNERUbbgVC7iEWGOKZq13/C7OdEbRacz9JK7zePdM2CoU/Skn/50JA2/RVcltQB8q5bhZ+jcEi2zCQnUwxfGJzyFIHOz9Vw+eAL9YU0RBKmNGVgEo9B+HArTfLEkuXBdUDF0MYzPj0Z6VSsAfRMdD6nEMXEUuTdtYQRFcFZplQKhhaVLVaiT4cKDoMvb3KPRFzLp1RcCBT1HsVeXx9uvl5N0r9qz7ZcKqmXid8w8jth6KRkj3n8OvXDkr/X5679oqgIlYX05FFhrBTT2OvW3OmqX6vv70FYzUoz+2P9bUojyGUBcHgN8coy/OTvj9C134lUFTL/Gj8nMr1AlFWYBVzuYHQdBjL9Wccx1R3uw3RiRlc74ILf+raZnJI+xxuQuE17Dq9X7TKvAmN6y+/Dmqrr87SwnG5JnN+o3bkIEb8lLG/h4X9rhpkDP92nkZDHW2GKCLfTp53B5bJ59UwtaB5e2GyM8bV9KvZOx5A7EqNEiSqXJYVlJr8zCTUGOt+NRmEkZGkMp0Kxx1P8bsiZetVvS/l7C8msTv9Qut/+cur6XC/gwJn4+MAKxfEbfbNmLaAPvKgQ1o/BhXUiPNZXDO6f8q18Q2gvsrNT1oKOnmQJgwoMCbSHPNVioUBvtm0h7jLv2dXC0Xzstgt9SBaeapFTjveJWI+y3akK4q4o0kFlWnJtV52IEkeOk0bHuhMuT0VP5o197OuV7zbeOpnw6nz2/U4K3H/QVqBtCRyqjIBNn7LXht6OkUG3083rSjOtS0yZe0+K/u6n4PocJpzl5pNYITM7oBFJLSgXusQ1EGWJGnB9LPJmMoN4yk4x+U9YQdvHeoLs6lc7t0e6pk+88dhjevezcUijKY85U0tf8gEXz1jQdaypB+O+xb+ZcszKPh2xVuIr0+Y0No8p8eT0dkrtxRwVUrLwbIt7nMlwGY3HlT6Y/dz3xjygv8IeeMge7WKxQYWcwByyg+tdMAwrPFPouw+6472SbM+EU3lXPnqGir7bi7gXPrZ8f+dYL3ikjsEioJ8HBbmBwo7YLG6OcUayAE2rBMq9rtmviZt4yl2m5WAtrtHD92ogdthwj9CovTD8z36HYseZs4l+gy5VTkXBTld3sGv5MkmhoKGFGoai65emHEfbTI/IHaMGTlh/8+I3IbDDy0ma8OmCFe8+Y1mbozsYoSCkoKXmrrXY6gnbZ4zcCm1TuUtTPS2J5Rwk/tzDut+oYnhs6Pg7cna2aWPY7yV4Tx5qnyZ8wPk7WKax7UYcu9fiZ9Z7BjJBelrpUyuSKze2Z+dVlgFxjdJ50sQwA2YuIba+adnzR9+fDRdmxFVDlGYVf336kCl32Hw7HY/n6nq5rdaoQO81neXGB/42W6nvn9wQzKH8eNlcyAiqzaHfjFl9y8cJueZ033QGrTDdJJh9bSn4a17ak+6pO8qnc32ge7lknD/a2Ui/bQM3Qp/mMhf2UKimwK+TIcXi75zVOZziiYpwCR86JmR9k7nydcqG836sWvvGL3+hTqCVTSL0f3PuxYFhOPunmbBugFnQitqQy/CW8SDHQhEtQ4wjdm642lDSNFc6KFTW8iMC3mlnlJbRjMFgFZP9NuHdDvt3la+ggWEzSFeiO6RZrg+j8oc/B/SXRGPdYUdauXY4oVWLUVB4GyyOxn4bkkKvaeGWyzJAbyzbGUpSsWl8CM72UaLGUsdn9ZH97JcHEvnWRLxHF7df6Ql4oTHh/Lns/kDZ/TDQOoaNMONCUzAy+SY0741yWmaAGbeYNpD4eWm79V2MOb75kT2/eq/vaj0+2IG9wuezjCuaeFMEAd2vlt83H1I43HZcFJvNRoHG8PL+8LHX4YUqYjkib9TU0eF0+fUazKR8INZttXKA4nl3xvq5XREf3wUUUgULCMkLKgC7hI5t+TaHfpmpc5LhCngXrVSWHl/TrHX9zE8dpb6KqEhy64oiPo4HSaOJIDpC5y31ghTJjGv8uu1Ls9UfBcVJNP1opTl9wHTQOeW0L/MO7SlAenwQe6Sc7RC06ZufD+3Fb8c7byy5s5DWVh+C2GZxMo7L8pmBd4Sz06zzkT1gVsXwQhpSj7xEdqwdv/a3ezACajZqXOFPLeSu35Y30+ytn+stzIsA4t2jUwldtQxIQbmltrpBZ0W94ZUWFnVskFr9yYGW7ppAwUdLMntPF6Y/1u7QFvbE8oEcaAWaqT99EQKB578dvPn8Jof4VGURYUvFD7n7+5LSk/weLgxGt3mnJeXBHmi1AeuJnAk/TMGUTOlITzL4YDOgOvmZgzBk2e9hEUiON8dMkpR3oCyBhj1etTwgRYCnFvXVFY6CtNMyR4L8hu75NetIc2thb7y0rD+SjvL2k+oaHTFGxYIR+JlsADF7QzG+30XTlZOleAAovOgTeTWacNAsn8ktGrVNyohMi0GKGmm0ialCWg9ZescKCX2kgvO65uO3+I10by1n28HCnaHmMIwT5hAIeRImEo+OJvDidO7SjMoz3RF+k9IPjUyUUCPT+t4KXNBDJhI2g2d+J4FhGTEYH0d5+g4Eha+2YpHvY8+YsmZ44PNzcMKp3QRReZQ4VUqL2Yn+uozT5l7WOPKpX/u8NsCc5Pn5CIsh06hZqyi/hsf5XtRiLHFNaQwh1wFtnFlnaJBkZjqoZkjqWU2h3udjqRQEGZSXooQnvcgdFsu4t3Mnyv1Enky+HTWbZgId9msfvkKqtI9uYqtb9vc8z6Bypp/sCx/jRhOyTPKH0pQ3Yk/CpEXC6f2F0ELjn0fl1/0yxNDiNFpte03xdbR7nYbvzF1Q+W/R7oOdI8v5t8FqrfcSUm3HtNJ+lPPSoJ1dIvXPDKm4BnJfB8vs8k61tHkTQTBq1MeJxc09eflbXS8hBd4CgYfbN4IuH2bfFwk5eX3uebPJptth4S8Gzc+XqMSebpYNYLTxczSbyQxRXjmiDGbj7QEHcRz8ocB5b+wr6rLPEfRXKlfRI2Lq7oidZOAmPt6wy3DLtnI0fMr2taTG1UwYxZr3aUBypg77VG5SJqVEwnb9VhTCgoBkFLnMDxLeij4m6UdmMz81VohQSZn40ZQuUVXd7pW3Tz/hSabfuXfCJhTlhfOm5Panp6qIA3qnrN4wCdV7WjOzF0LF1KD3HaqadXNNALMLjT1zYFnv7OOgRdm8d/qTF4h+dHmdHz5iREAwmzPBLTH6scZW1fyN5DdVLMZzvW8sfbyHIq9X+3lCqYzuh1g3e/qdqalKEinzPtc61khbaI/IQ7XR5l7vr6ob3svbFYdSz6yhx2BDLXJ8zVOIMep0FjwvCixfigHJ5qT2nd+czTzHfv6qgDDW+XQHoTyR0qKJMrcgSBW7YOCc3e7u74T+TpL5tA/6mLEPgjTTWww/REsFGvLmnc3jTp+l5gxEFmqn5vpbOD9kgsJENGw4usERsVJA8v1Sub7/0hauexLhMY92OylOXUX7M/c3Kk1qEHsHEcY+SzDU39a3sau69oP4bX0jmXquXXFVkN6wyMH8bXtMrlAAjoOpvV+tQzXj11uauHhNNeh7jIAVNPybGRR4ypK3PQvLYMSqqrRGK8jNJWUgVOSqe6L6ko41l4bMZ4Pz4uleC0EO00Ic/UQ+o0iZbsGrWggrfq6awM/Jta+9H9PB3OztQcfxXawRzz9VpK0NqdEAaBp4XajTrm3BAr4dG4sj5UNxqo5HXORvq15SPtoHTDRk352Px8JI5c0Dkvu35jwSapu3VMVT315O2r/Z0B7FdqqkfK+gmDUrYZwnpj2HOSyjbZQ3xjtGlQsIMkbnyNUdwIXJJS2/daxeqTdjRS4x2MhM26AvWcdSFNcQ+HxaTF8ZToZ5mekjohWCJjxNUiJsax1h9XFYzt37YxkNahFc/DUmNCXpwRxwSBNB615c+Dbp8NDgeIsuA57Hn2FhCddd/fzga1nCEQX5PYRPzq6wS96tJgQ6FSXzLu7f1KzRXoiTc65CnxNZzUj91GdpZsdve3sfb3oLrq1JZWW1apZOqRLCxIQo/BbM+jJe8LJmfM34eI7KrwxbD4EW92MyQJyV5LMwMx0eC37HjG2Lls06Nj2yz77uQnPh9ihjE7+ciEdBCtjUETql7+AJQ4Z/lpxekWP9kLjOij0r+PjPyZN88uTf0VlGPbFbtbVc39l2NdL4Azs+/TFviePpKXyj/jcrnv3KTT6r83eD1zIiVtrbC88+fSfuGL8nbe8l/SZt/SbUoCmHB9nNz6Zh8ywKM0IrOIPkfA1w8q9cfPx8fD+pklEVt2OHy98taqsZx24cwruG+4GfFRqmxDMXUf/Nq7fE6z4Ll2p9XSUn+mqbyxqpOdaZ96KNK6feszlH33DG3FX6FjGL4vUMomF6BXfx+QAgJnlU+p7fRygG1dyHt+jlpk+wjVZ2w2tkHynwJe2QIiAXXzMql2uwH/RgEwfkatMED9SFe5y2evSWxcBXujw9E8GrOD/YxrsgMusVsFe7eoW83Y9Hm6db0kmXlFPo8sWMaADcZkpensW3wRTwIx66S5Zwx+li1eJwiYF0YV/c65c5rGbiFBfRt3FVNRoowp2KuW/UqZuMc0B58gQ5/3ReUPf0ER08xcoSUN6dJinZwVARb/GF/jv3AeveZVCnlXL2z+otOu/LYjdshP1UmFtfuR4GokBRoqWHWwjj+FJItuzQG2Zm1ILFrfoiinU4+J89qeZy1pgKrzfeoXaCn2KfFd0hKeJZ75LcPvK4x3PF0aFZczWRldb+ma7+dfv8i/f86cHEWoxqStth0RlAOaWlw0qpD8KLQyOan64/cD27+dRjDKeFvm3Y6XL3sVl7EClIywnDsNyc1kLHZMZ6Q715WysSu7Z4DVw3Bn59RpauTHU5V02UzJN6hL6fn1i27T3j3FFtLw8RSW+be8RpP1RoabvfKrBfaqeGAFxWba4ubPhK6vupAR7vY1C03e/n+alnDRDd68Uo8Tski+JpLFAMPgVT02uKfXBIYUU7jUhX2yG5cdvva3OmJoWknE7EoZ9+ereHKfZ8/LDcKVmqI7GaWw0ibSN1h1HlEyq0vkufErOa7ZRbzzoUHnJNGYft+Qjd9u4HgYsWRU/EhhEqszANrtgXv+8MrTdzNlD7tr5UQ7Vnr1fq2NMVPi7Owpx1iOPNkw6mzNrONblgQYNSgPizTKicJqlb9/mhGY9a8N58ZZgFFsaNTuPL1/FhUMsDvMFx9mTroL9UA0idp2REL9R7D3CgJDX5EvsOUV2Eg4vk7veKY0NDeKK/N4pVeMrQ9OyCKb8msoSQfP6OqVinFl2cLEtusa7YWU7uS2E/K1JoXepL1FVnjDWcm5gktP5Hgx5hmv8Ot+cMPIjWb7b13/CqK8nQmPTxTN4TvU1ZpEGCv/abbA6z1zO/Yqt2BMCXfPXUvnLCJt+C6vYqoPoEpTgPGDCDVAOq21wgcj5D7ILaJI7ogxaIt19/ysS+++Co1eqluNQ7L048CZLbppzPqk5Wu/4GmT7I1xgvzfaZr7x7iS/uJU/yc3i+VgK5maAiyfy6qiE/smC9VXwJMOEBYM82ZsttXjdpnFaULBT21CXntd31R6RcHoPd2j0wZMzQkUCeswanqsQiOBFLyCy8xm0aab3cSlfj7X8/fBAQGxUfQh/1sNvEnki5PWOCgd+3jGoaShVtUiuLYArHFFkYzkj8z6ppJ/U5AvHpi16je6/0eHmvkYjZ9+nhDu/xdFAa7SfyMif3xMcRCM/oXZp0RskfBLsstB6WVHmg4ed46WXNrdXweo1n5q+CKnBSRNPO24YrSTk6erF4SHpdT6hxx8qPV4Bifltx8zxVG0fLxgb9gXKkubLkgRWkJ0Xa9IiJVt43A8JdO+pWexW/OrqLaFZTScP8LXMUWWviym4eOXW5frtSu+VeSyF9yZsvqZdd3xe2Io3dSaGaGPYn+Z68bsuferivUxCStjN1QdJOuWLpy1IMS4HbMnFtMa+maaB54agHgW70ZJMoCEfhEguS9wDNFsYwdWd258Po4iT8IU1GR8YFqijs+dlooC8CpZ5UZRGtZcBUWvVHVhXGflTauUpm4SzJkP2qGTWrxccBOj02dz/jtOYsVd1qHsLUiuz7oLgX4SxwS9yKQd6FJrq2VCnUdC3LGp8k98BcK6piJBV0t2VfL2PJF8y3Je7aOD4lTmRUe+5VRb365vT1aWJ1WdnfaIlduuzfbP/6oEwQlTwmrsLblqgcm66cSbrx5WIFYrr16Zl6xBWaXp5jBGvT1OPd0O/Irx3XBJ3q2cmLqbdHLV7Gq+QDbiKTkeIQ5QV6Oa478ewKm+kU1V1fn3DLQ22nKjbY3c/3HRsuad7rI5gxYYk0Hn8CvdgGlhXmmOzC0Ty4Xsdy/P3NfFgVX9gsYz9lU1KoajlhYpgOdCW47KB4LLGa7XZ2LuzKNBGkx9k6Bs63VFLD+YpE23H+8Nq7p2J4Wkpab6/3f1WLWiDTh4Ysd6wHC3U9JVSax7syMuO3bCD3i1FCteH8JOWFHhKNP0YIzELr7Z8rr9UmPl4tPCFMzPL1KRdDJDTsIPdE/4RIlHe9MWS4SKFl1zzZ4IsIJP5JDaXj2MvWKT73xuG3a9C9IlX5Spg364fhQTcqnNwsqVP61CM/sg4Hj9N9hhr7w+FNB5C/K++0QfGjEjcfRfxH7GA4z+HZuN2U451+MmpZ1in7O8AdXCLLzgS+bFddP9R1U99MypSZuZqiv1d99eaNuyYeH2G4W//FRS/5ZFlN2Y7cBtrdHoK3gn8QPeiCJ0qOTMvQs7n46yMy4bTIsxAYILfcQ4jIT7fMavS2HYOwDoli3wJqPW93DOLWpJlKS/NBVdHkpaHSoOqoZZcCz+T36NDp13mV3IOgn/cJSEssyQn+bpsQTh1/nV2xD08Wb4W5Nqn7mms/I2ZalGfvj2ZZ2o5pfdqT+nIdvrOclS+PU9aE0n01ZYDlPjkUg/vQqE3m5mwGw6K9r88wOuHS8newsh6cWRgfmCd8cawcHIVa3zzeOo6tmJerCh8k3c6xkmEqxBaj9g6Xz2m/Wrj6i9sM+uADghE3haN39dV+M0WXLJhbRD/DVKNKn36HuHkoi3His2eeBNEIRXV6KxxOT+9lPRAsD0QA/fKIBlpEiS9GBGR5igqG2+eUkci+am0rgipcLelVSaPDV38KKLVlmTjBvYnyFufK56+Ss5uZauwd9Xccdt2Nvx1LrneChber4kMKW23dM0+52MfG3SyCy/dFVknXqzEDzaviKtcy6pr58ckiMXDViqp2hHnHCYZ5aBWEYgGnEdgX+1f2mtGnHFFIYoK5dLiAFB4p5xHPpVXLsoQLWuG//x3Lg1GS/LfFwSj2+I+VwcR/szL47+/9P1kWbL8a6bSEL6/9ben9oNqDW/kb8x+LgPOszJ2/Xo7LWo3lOMTd85/vcr+1vnDV7m+d7j+/o49wba+AgDebfF0vp77hReJtHcFb1dp3f32an/Ua/svfH3ip/0H89Uo4/7ry78X114vvuoxt/i8rjDnm+WCJf3wS/NWBKPzhALrmHzeAL/7lDvDlP2/xe/X3e/xPB/g7bkua/y+68a+11Gu8lPlfPy02ktF7/cm85oXRx2g9rONvfy0Nh338vzSXJe/itd7zf2vFfzf4f/3UHmvQ5H+YGY0+/s3MMPK/2M+fhv71q3+aELss8fUvX5vgF77/8/sw2L/fB0Ee/3q5/8vvYwT5Xyz4Twv+ac//6JP/+yaO/TcL38kOjBKX1fu/2T45A1EL3gfOvP4t/rNgHUDEA+D+mi///Bz8Vf71/991ivH3kEWc/vt1qrzb8/U3R/4/++l3gkdw/DdtgNf82/fnQbAJCDGd/3mVKwaOeP7ttzb+b0te1t+fWfy5NJwp/V393+8IKfmvvf/x9q87/v7uf0EF2CXg/aOq19yZ/jzoscTTvzs2vPDfsQP537GbAoX+D+rft1PA/xMwEQr/T8TE/t9CTOL/F/so/KKgwvLsB+6n8MhNl/zFRdnkHf+l8GypFGzV1r9dNLrDEbsb/h45wLezlHvVdZL/ftA93n718FCmz+SsSnuPzbAM0/tuizGz+YRcp/fMFRH7ZnOgDTzLOt6b8+U6pTKEeki+X+TJST0MmXMkQUq8WuKf/ujZ7lXWpn/zKlB7ShP12ko3z1ztNf7ZPg9AIh/PY35EnPb23iantIiXva9xLt0t8Bz2bYjU8bB4/p167XMwxz5+vF5PJUdjm4mt8qgeDLVjQZ5f+y8z4iFL/Cvdg1lhDLPRHGhlhBio6O20/Fstsq7DSgTIJBcVWN5R5RB0H6d6Y2qwqtJmackqz86pjoNt6zdygT52fE0ueiEXvJJxEiW3OOpjCjc69IycUqmPCgqNdZm2hTLM9npNVnNfzkmsUDUE9eAGlhrMLULkjI8Oa9d8/DOp/V2y5Z2VsOhApJ+yYO/hlDzVlOtfOPsISJxrpWSPuJvO6M/52zstmrju4lo+HnMJVuuc2YEOzIC9WvrhetxjO3D2Ekxk/22oBFNdIvXldWJFn6sxGqypfpNowtjH/v3KLaZoj4uF9zpidi3MQaXRF+vxzsTiEau5EdroOzfFH/tep6o82Ed/ELWGZZCgFlmpu5rACk6iw4MEuMlDqeiAh1Oc1BW3fvBhWymCTJGjKLKwt8/RZ1QFbtdfxDNiHx8UF3fTTvmumg+uZeM0lsrguGlppmWbK6kZ7u/egOefXnHKRmxMDwmL0UXCeuv9KfmX39XACGHlhdfOPdmGzmd/OiUYZdlVWEfVPeVlseqzzYwSWNb6qsDTts4bPPWzdhD+Kfx/+92KfD37vNteFVyDRgiPHe6P22ECofaq0XqwroGnSoNm/YMvWIHwnX0Y+A++xB8cjKai9VfJYr/j1tmBtna2wB1+6JZq8Frh3XAlN1XpY2TNO7EPe/Bomz3x7yBK3SSxfCtmnxJ+Zqbc3nVwQn6VRNMJ9lZpgUfcLSzHVhl1rV9EtlKmI0/HDZ5CI+9TMDimeH/wNXpfxPukWvvFDqz0MvnV5hoyJ56Imk0MZhBwtqg7RDbokYRAoGD5LabyDy53bAmzdq8mxcNiV3NGb33jjnAp6xrm5QbUDXM3ba4XWy7JJPIv7nXfOXxM+oJzLuZ29lN24XwnRp92D1kR58TtgOVxJs2fU/ROgO0rCL8OrPby/XYmnm7FYAOWNicwsglrycLc3tbsG4fg1O3XwXm97GX4hT8FFkJx0f2RqZTbCoqG4p9wz+/M9X/VK9YWYVReN4f66HMrZ6TJxIEHckgklm4qXEccNl/7VyW2b2tRSnngVdH0iLXHA/iT94VH24g8f/x2qKeL8sCfa31/3LXgPkAM14jSN8CaNJfqcqdCOOGQLRbHhad5rbhm64GXdpsQdHoIsWzt14+jl2rOi8dz5w8pSijNZm+smz59/QDXcbK2fxW4noNYIC9R5/arqGs9Gj2SZ/uBl/AioGh/udXia5bxkAru1XeF9JROIn6ynuA4v+mgZ1PaKNRh9Yuh2YSfO92cQpEMfFwABt5+pqk4fJp3y3ps7f0l48Ont7VgKAWFB5r3TfAya9G2ogrY1/4CmOfaxk0PAAz1W9PCPPR2XE/5+UhiXaDKhaZaV26H1w4tsO8uZzhgpeIpu8VzqGYt9+7niejPLw68bua87ySX0NASWuX2weY+bcPCT97gk+jgGDvTy6ZtTmrsTfUAWBwnkRXp085RJ9ARpnI0Htv2n+8VW+x9w0sNOPBGjt6m4oZzdRreWi+jjONI03xaDBudG8OPUPQkjz8anuX5qQyke1S+vWVCmBo2Flgp65TaW6qGrxwaFr7Aag+4c7ZYg5YtQZzMcP+AzTNK7dU79RDC0lk6zaMqK2EMKEYOnXIaPKU09ZsaHsDQhHd19s41dF+li9tl6WAfR+04hcBe5KH/uL/S8EKBIXJSAbrzDsLsuNrsMg/wpMrSBwvQBNFToWjuW3qS2Qi8ImI9zvFIb7P16SAkGR1IJZyDVGKfw50askLczNbWZNvs7cpKHe9kH+E8rKQqC0/L6fWwV01zC2umMrHdQFA1c9b20pRoZGFsVTVGWRaEs9c/4iScGoXewOFPtyxyD4x2m7+aQzYl2VIG52qLgRyL2c1yduIkqYS+XuP8nVsCBzMO8m9Kd8NjubJg0oxACdvMuIs3gXm/zuYbWRLcJUrcH+eBmaSJJSQGRr8JQEuen8+y98X3Ew9D86RXFDyp1FswyllGceOwupIT0DeGPz2XodQv/EQGsWuSn2gCKxELWxNyhjIK6RDQXnvpAFngNVLjJZa3bIZHVrI0nBx1M15ELnjnwj7gUjsxs+jWdtdILQD3eJTl73fFufw2+3n0ZKAQTYitENU51mJNgwrfN1WwOof+4z0F5z7WA8aGVHrxbZocz68c/QqBf/uPm5qI8K1Qwgc6uIU4LtZ8/p4y/b7k8ryS6dP0ZpE/wHvtE7KDe/eaAZYhtKm0p0t5wTxQWr9/5VaQ7oD/XjWTjqyiYPccyTZG2OdvX+DLmnQSXYvZwnmMnSLJYDlFId5OUko/UFSOm+jr7vJupvGL0FuIs3YyR4XRsWmKcGlpnNHbtiWDly7EN7IREpyhN1tv9740ZDT456IF+5dWp8rtqIs5PgHHdXgDcpjzLD9syWVWqpydUcSwoLXej9pp4xZYsved6Zzgg2BSmFKjuQ1/4DdAR/YxTn92TeJeK8M7FGunnHB+z9/dQ28i0Pa1OhlyQeIygxjI/Yos2k9GSDaXPCnnJmVSTz8wz2bZj91NFcArsWZne4tOQHx9IMegeI9dj0M35MfrSvFqfTGwx5sEIGq1AicJWeqBvS5SJ+18WmRghKXz7clnOA+lyPbA8KL3fmBla63uoLoPAl7z2rXEfJ73vABsD99GCrPVc14fPOBLb8KWhZVTclIMK0cLwi/XGrqS9g3gGfB58QeNCDlXAJjESpPtR/YGvfx06q7g9MhItYYBFjzkafk8iXnBXZ/ubUmwaSESdsrJWGC7i5sbpng2pWD1efWhsZfFJIGROcVBlL2loF3JqmzvPxcCYjjvPk9sI7wutzPp7KuVhNWX3RNa2L5P0Q87rerTDqwJLJdQlfTGvAVJUu52rq5hzm7UvoPNVgwsAtFg/nwW4EJFymcAKw/4z6MFKG6Ubnx5aR0e02lkSYUdYxDE/Lsih2A5OKwuSop+2EEKoKVT0lo43vEn4Vg4VSAJ9dnJOlYZeXrrQkmdVw9nCD7wQ7h7MrCY4rYrwwkrQWEfTzLw9iPJjUKswoNIzeFak/lp2D4mrQq0ikOjIZF+bjf+Al7ImypTOhtbktDwTOAvNQ1i6O2DpmYtKrkQtKwPMcO5QQYDgin3B/Um+0l5ghHSjE5UNw7D815etAKu6yl1wkwtg6G460VoRi8eIg1X6eWwsJP5nYDeX8IUQmZfXr4341Bpb5shLHS08Ylq4UlCCfE7UumWOvjtEy1rAcnmYtHs3omQ2dmj2TjnhPMeNytGKx7y89bt54pLN8TylA+M/Slbj551U1YvI+NTPPYCeotNAhODbYCofarBk23VSaHLpiwOy459YaPwp16+NvZ6AFtEKP0VKbQolE7O4siuu3BjXW8pVTxPtEcfQ56NAP79wkW9fDNzYEcoLutlgks7ZtDCr2SbyovjkxVC8UWl/aeg8E89dM6BLM4KUac0Vbc3pFJH+yHdYW47WQ5d6jo4ZMZ2SpN4fNgZ0CX3gAPF7xe4Zn4p+u/MiOcxEZ+IMC8dOSWacxTU9xocTjg/ixIugE2y69Bw1m3Sw2fm+wAa0HtOhG+zcBa7pTj5CPLnZyLS/U5ad25fwM8nu5pa0WZjssgu5qa5gm1DKgyJsYB48aZtjyEsjqFJqsPhrBBnVqmzdA02IortGqwjm4Gz9E1nqzWuht4G5fE697SwH20aPmYiYgC/17E7ADyYrQaUb2oYzxqM9kNFpbXJuWoMtOjtEMBa1ycv5UeaCvqRb7JtUd5dUTi0K/85EshXLIL6tkBv6tq3t1kpZXcg8e4N+y4SvCeMIJ43RZXDNsv7EICWLKv1IWDHi/4wJENp8FpccQJeF/ZAA9TkB2hG7dUByiWX6cYCrUpBToPhgsw9wLfQ37dSieBaLk6BrmKRW8bLP1P9hnUuhv36xp8nwYLmz7xLsTL92/3/onOkbwTE2Lnw/G3azjjeYP9ar34Ba/HImpqgsF9+fouYxO7IqvP80shjVE94PwXezz7etPkmmFs7XSjzNT/9rZaSVDHo0x5IKrNlrpzmA6RmDghqc8zMDiHnLiVQewRUFlTvYaQObJ6yDbrCMq3OFoqbXNMMSUrO1LU3s4Zi4ewuINIGorZt2uVQCyH3UK7Qr5idrVMObmrP2S20BnGJQvl32NebEBBVXoNjmd9U+ooAuhutftg5b9/UCc+QFd8i+ts31/tTv5WfcFonTbj03DEaFuCyMUA6Cj1/FSlzDhjiDLCHxMW7nM4ZEo1GPy6AfjyUel/58ghhKBPaLPuw+C0zPPrUe87ENxSz2V8Bj2Njx9Zeqk5z4dNOjpBOaCkpR+sB710Kwn53Y26QqFRkaHIDpq3arUko9CTBK+xwpG6gohWyKyizeW2FGx4OaIEerEQ6qeYhbOzrStZ4X7dRJjpaWaQsDjYYEW6vdqorJcTffFgCN74WLVwI2Sfz29OAtQ3hxpzUOqmpHtcTPdmiwtvBcm39rELAtqEeMQh4MhYHRojZQnt0cO3tXDPiyo2rFl8hOgTRlYcUklPWPFKAODB0YItT7zbLcwC9e9srCy260614r8ho36yufAH1fSKocJLdEG4nwbxLGivMGF8W59hZr3QdXdmuYPCg1caIbB86439FCf1tN8Eahul+DNOHhI0puC+uj+10+RFC8duqaykbcZIzKJ8sEguS9i8EMcILwQD2A3XxIod9IwVpgmVe/T6TNrwmuPXbgTofqRt1aIfc1bG3m+7QVi6qNHF2uHvg62c125g8EjEpTS+ag0r79gY0AcEwqAcwYtViGKmZXrgcdp22xd2JvXKfYEFkTfl34+37g43kdiELqMzdtr5cQgERvnhlvzWR1i44IH686zvBWcgo67mT2YDuzGnRcFrU2+Y6HJcytWPRXaB99ZfQbpdD8O6sNsHK0LCaVsC4UssD+hx8DF2FpsycPMDGLX1aTkuoeDiZaKkCPmAhCj0082cpgpVGmd5dsgIZmm0CRLtyke8Xlvg3HrxmvYAopmwm+Zj0M3597Q8LbpwSLFVr6wgrUWzQ8wdnBfA0R0mGMZDdAwQzrYMxLXYmtLQNXKwagm7KFaOUf3slVj9PzHck/SA6rHl9Fwtmpe+kF61xveLcIh9f9eZangTi2HZ2dcM16yEXv40GouMp68RcwkQDS6ujNVGUlNxw/Z/oNuX4GPIhf7+FfNV4mo6AHgCUIWQlXJRNnmJeOedPkbM2+W69I40pk5S//+DTtv+FCFPqI5MClAii0x1JDnBDKuPcICJUOmL9Cq7MmKSeqvqdNrL7wuxBA9etcE1YxTjEgzgWAZMQMmcHeKDRwjLLK67ToFf2D2rtpXDzNDNi3kAHaDUHBe8Ds5B9gGlgmJf3a2DFV0co6StBKzdfGVjux9X6riePpdleYBzqBIyOCcw6pmW3rrvQlPCleWN3yY/ao82H7Z3iFuy3e2efuDBs958YIqLSQPfun6SkdQJ6UTZ4rqp3e1/0Bzw6NR2cB9R/DlkUVZMDRNweoLUMMCjr7a1JStSIu+QwrWQQkyho3xLLP+jxwxHBXfbwM9LaqD+ZJzHNUL+1XAKRaH1liW93sIOU1Q9yOZ6jGviRiDoPXFhiYcdhjFvIsjRgiYGZbT+JlDk2Eq37qRPvptxqZ1D9IfxqlNcJBhu0nSrMxqY1W5vmwzIru7b0Z5qRXmdFR8wJH1QfHkiWyT1x7mEXJBZQlGvHvym1aWGyUHivf19SWpog4twN7sJJG7x/E7AP3kOBJMJDSfmhJQDsQNULcTeCWR7tstU0c8UPDnrIni7y+7nMO9hQ0ms5hMWSZr7SvN29M7vDtQZj9HIB0o6kE0ZAJ8vlax1hTIYaQQ6rScu98Rf9UKdusc7XLLaDqUfxjT7orinL+lXI+ufupjgGMUvXmEA9WIxNgYUWd4a0GUM0+Tob9v0VSDjIejeR+sABYLfcSRbX2FVzduWcfrPXCNYE9u4OQGCpN7l1nJGsQ66I9lAeu9+GaF8byJ9RC5xIT9sI4eF2QL+F/7QwsE/6SKFN0S/one2VvYpHgZn8DQCAn1UpbdEYAVDZPqKDf5hA8AjRCSEGpjQuux0Y7Y86Jc8hQLi2Rb0+l4eVxBkDCIc48Bw4ZlnylF7suvOO7dr/BQ8U2ZLL/b4kjPHev+NmMvPcAgx2KB6rKqZiXXtQi9PD51CCgOBDtge0RJqg2w/UCGmCmUiZG1SfBBp7ANzFvCgmy9mHiHdz+27ZVeUlCpsLh0Kw/LEW40DBr5I6+J0PgD1yGbz5rJg8NYiIVft7GbsRDwFcv9r+igk9ZLMf5hfcdIiy5ZY7Nktw/5CO+7X6XMe4G44uhSW2bwSYxxqIRayDpq4CDzEmg51Wy3OdbO2MqxkkZsgyfwlHVkaapcoH8LyFTDcVyMCYfzwjIIiyHxa468FnPztrCoDZmm0O3A55jQCvuai/FjDyC9FlQP6U75D8QQNsKppWGPVOo0t9VmYsYH5HugNtZjMXDe8utv27gCrphwmksRk7wuKgv7OzZU0uU5nZynOFmYBFLUz6porNIoOeA1GXNscZ7lTx2zTlKbXvPfHPkK40Fm3nS//20yEHYKQPPYv3j/CCy8I3uFNpZScStJqKgIlAv3gbKYc4HmF+Z6IKgZmyeuBGnIm0vyXwJ0zJvLOiSNQzdNBKhcmPYW9pzKwJRix8ZpvBjcNQk16At6oK0xKHWCgxCiGTyQ4L8K7zptfYkhh6rBC7sMJfX020+u0ip4i+gZhnaRmxxh3Kgl9uI0PCw1Y5YFeJz7fbae/OefiW7SRt3fWhAW4FQhCAAOIwwseQ/A5vWo6207XH70mlefPSwZiIoCnVzMX8eqfYKu0tGIkAANQxiBJs+5gQZWAFWr8l4nfak76r1C9VTwaDLOToKDAuFjwAvZRARO55x4zRXcxfHfjtcOXWn0OQAe3aD2x0swRWLNPfCEHiZ/tGlJ0/79dmv4a5+FFlSW+2bnpDDFt5h1KLNiPrpe/+YgTCzrIpbL62+XiCoIYdML8Fb8KjpeWlXS7r0f1AQaPHiFVQwGSaOXzYFPQ4J5/CaSYWoAzIpX4ls09HiYAtmWsiyLZdECVeID49VFiC4zg0zumxu+PFaQI5yD9LaM59Epa23Irgscn7kw9M6W3uABravrAlHj2cJfkM8OzuAAJFAVzfrhjcd4ZuBU895YhGA6hYUgF0KJSO1sDFWhwibOutFtDmWVc7LNlAWuClMLYsjLu/xTvfIJahD9XIHIaiPgvAgovsQy4gZkAJ9Kv9suiMg9gdQTQw/3B0QECSUnlA1+zG4MBWBJYzBsxGIhXpWFxMaLT57TfAaGZAH4WRBexSFmZo2GtM4TBEVsmiUCTUAqGqCr23tdVvTsF2EAQChzFUHU5NsfIFjy7jHQpIFYqL9kNOjv0wcDGsNdhzXIAVbF6UC2KHiHwwSlJ6dJuHmwPgLEDeUCMKRUSVP9jauPeP5ctIAIl5KK25H9WUuq8OwkbfpKNIcxuaAEWFJT9LlhExgc+nL24C6E0yx0XYIhHPMAa/ocmSg9zfg1mZMxXUsz9+W0LQHM87y3O9tIFl/vTYa0eC4/WR4d9+nWvMPuoUBpcl42JWn0cRqW5LnksgpvpV9exdhxFQg20mNc0DSu1W73Qysn48E7Bhd1bWXTYvgARh8Kain8eyAyuPPkSC5YCzFez5rxyBr+4Fn7FC+M15vMi+qBeA3sKv13/4bQJMGGELTq5nBdACV0SN9Q9TnLK3ec3EBnli/uzQiCGDnB8BFfvpVgToeBkw8vEG+E22IDqrHM3qs7vCgnacD4DO+PEjLaT8B7hO9L5Mm3XIPu+7EOV4wqSV57BUnz5WDpPlEI15LjXH7Js3HGkaPCfiDz48OiW266/sNTQFtEWx8bKqEVabBphZRinrr0eaIBn5xH7rU8A/HfIev83fCtkHoFPmkBmSRAYE+/P0gF1hqoTzC/RI7LBo1m0+h0//6hhKQ/ZuxjUx92u7bhlv7g7ulpTYMtciALLo1c7WWNzhF6PAMGVwQlGaif3XSV5rjV+ql7MfL/CAeNaltfAboRW+T82xBV3NU75bOYzeD4l+DrUEM6ASbQ6AWID7jhgwuVwGIfIKO8Cy+2PpE0P6sOBZXmHpWhwC+cJLANy0Q9QtRs6Q7GLnfZg761MA/9ywNM0U0b+xwHJ6MlKFnJD+LxrhKlTA1dhanwj2E04x0pShLk77YLRYNfJb5HJ2LiY76keqBXDHrylzITHvuGvhbTFHmBkfjCizq9flPeqG1eAhSpCy3cof0NLLwoOIg+vBgyvmHkSGENiIhio0cHZhY12gpsJHlv0kZYC1uwSermt74OoWGEmGQ2mdznIhPEQWfil2n+ZAo4MH2diy3ul3f0s4kOoEsNwZWG4DsO5QoYNQy6+S2w+Gd8pDV1eYUwu7NgBxH06PcDiwA6ydMlGGy1wh0rCHzZYVzAReEi2YTbrtbx9HQmFPYYAzhrvUCzjEsGBZrskSk2zFro6wVz+s2AXvrO1SAWFMlP5V6YFHkDiMmbYXWuAvzLsxV4e07YOyTDrkYeBkENvrFGcpngUaUwtzN8wb2RbJXs9dyt80spW8/TKtiSAKyfydFlINXQ4lewhfPI2DBZKuzR0Dl20Ykffji8tu4x0+E7upCaflEGGG1oxu1exhbMSYaR87NkTH8APuzZbg3jqWwXxjDFDG30hZ1HFqdoje/YAOBZoMoh/z/FVPg3iTQYoOdHR9q3Bj7FKex6kP/pJqYQki8eTe+gHhfoYzowTovi/OFZMKTGFtw41vVA5P1kbwZW5kCSf0eNosWBrqgTM7PvzQ2dA+u7E87qF8WSMxxuHAQgzPCOXVxv6ZsBfN3U/JaVKeWH8FFMQDY3nAvxugZTR04NSw7ZnkfLwAg/ER3XYYwD3XLwMwKnYWNWkbaGUmtLIEphC5n5U5RTZYQkqX4bxt+lqRqcXNhEUrcLo/X9H77Nn3pKROgizYfTuMs0k53umP4dNZn4bsUpG4f/n57/S+8twiw1CRPgboc15XN7LGbvS306ZMCxYr4tWP407q4xwEK3+5qFxoZkWCqH2BOKrRbSOtydo2BmsQbiviz7uEMXx/cORApeufZxUFbUewA/ATWZ6WQxo6X8+xpNrM4wD8jqMhcU5WBMDIir1A9N/Q7nZ+v1TdXtq6Qi1G6I0xo8vcjVPjcj++7PMxQx3glsH6y8JW+0jjj0R2j+5+6QfVdTDy++kXRv7YYmPCSoceIoEfDqDFT2Jo7HUrpou6Nmo6Q6/PnEFRmPDEAjAq2My0LxDhG/UNWNYb4EeRrIC1Jgdwe/f2gRUDwmQQBDl4KSOswm9DLXkpryvrVKafPtnlEewt8LD6i0MKR0bCdS0S4B/tQsjtF1CVw7IANpJQkLJzgkD2kZUxa3r19TvgwNyp7iRjBp6bIrIF9K22Irx2+wH6JcQTYEU1+dvzVUanNEM74grYIeLaEMTt0vqnGq6ohQSaRdjJt2iqV2J2gu1nzBTI452KcDc57Qt4JEYCVvRVLEd+Thmja1MatOHuVbE2mKmoo2K+kPQ8yNmUv4xD/rSoY6t9yg1/olSfCtU94zwz9a97WJ4AHiiWkogk5+QDvSLYMxXomZaASXa2JJbmPOPQaxxmA54TtnUM+BgIoZlkJd0dg/+jB7Bq0DGgyx7ekAvIaaA0TJnONK8DH7bTnQ9XdtK0JPe8CRd3tSKbfu1+s/K1atHF2thB8S5Zqg59PmXNFeqzH+vCvHdI/XRS20ebpWfrqFJLMIwczPU9Ca1Nc1Qk6oA93udeYG3zh9F/cIABq5qqMvRjHbbvG3c7oMh7CPNyLMG1K4xSFMH+aW2yCchhPP84FGlM9y3McQ5/yGyBPR040MThxLQrHiEiMHfj4AS+QcP8t9dYN8PJIV50tiUz7BVmIJ44o2Be+ktXFjiHbJ7xUlUZtGhIhe7vOX/wuLAf5FJ/tMfAwkxkOUyQHD4T4VGCiHhlRESosqldlKHPCes112fjzIM3kg77bUgnKxPxpmOECNopEtoKlwCYMd/QBu6s9V1np4+lWUPs5bCq/RUIBgbB7WeVcDrjsZET0Lb1qoLRUr8gbH/tc8QZLWTrPPB6QN3kdPN33AHtz2DtwEGmPPLnCdaD27jmp+DaxW2qwe7f20hk4g4UEIhpV0IAP6TM+aDE68sAf4OdHcNOgwEena8sMMnH4jhtd/G2Rxcd4K017AeZiH1AlZRvlztfEm7RxwXHn1yMBZQMfaZi0X4/yT379hgRSYIycGpvl9nOGyx3UcODWszFPIAfcDbZ0CzT/zRjqZf+Y5xClEh9AgRKC0hVjuZvtEvzej9mcoUHi4qxz78EeF4oZ66HDGIotEjIib8JngI+3a5OpwqM/AcIBhgB4fQQl/swVfIQd9I5OBWpPYJL6vxPDhmKR19IYZ3nc3UsgE/ZYSOyfWXVHNgsSdhpO/+i+/19O/chGGkoK2vmikrEAAqdOxnPqEM7Zhzx42kOxKEoh8xflWE0tw/rT+pjAOzlIL7Q+ya7Te5vkMxW0VsnMOfyxoHux9S1bz4ZpurmA9pmM5t/1v9z929qwpdnrpIwU8MXJxs5503IQASsAeBe2GPJaAt1zsGXg2iMSpir2qF0wCU9Fnai4HwidfZuAjxGDbqr60RYU0Sb0PupnviH9zM2vdVS5mW/cwf4F1mFrJCyOuCUoAnqn0w/0+Sr1q7RaElp4QioDO3jxePKp10etXMuPoa2asFOTZM46j6ZeE/XdIIAKHadRnURWW6LwHRgModOMjpMy095eRY0QSE6zOABR5HaOAABv2LgSn/sSnJvnuzBHZPWDDDG4vU+skgv3F1/VXDmwS5Mln9HwnnaoR8QdfGhgIBxJltC2W6TYNz81VHl/8dfm/iBe5fsZ+nyFNZNUSaJO17vmMKKsXMqJNcgHCrjXAsN8a9KuZO+buvRO1/giPXBshzdqe8nsDbRCll11bU8LJCSTxsFtll99gtVNXP/2/lfu+B75a/2qa1dBH9SZZ2sr99WtH8qGBxEKbLyXayvDpt0cB+YJxI/s53fDLn+9bsPurH/J3vv1ew4spyL/hpF3PsgBbx5hHeENyTwBkc4wnv8+oNiz8weJ7OPZktHEeroXr1IuEJVZeaXVZlfHhmk+arSXKnDkYXdu5HanvuPCOv/SDQ2wbwleeT8pmrixnVU8yTVUYYpsCOlah+eLVi1qYeGUZlm9HWJEVrXbG2m4dzB3kPGjRQiuucGOBeED6Tsk3dUuLBkBl+lW3Sf2BvIqT+PBojJ7Q1SogAcPzYwrnN8bKgMaG1FyddD2uX67e5NLWW6a7LfEw1v7PaNLkMi9G8/l/2iLb9+91SyQXYe0l8G3xdYQKIqNK9IbEm+U2UB2zPk/LefeAtZq0lvB1OjgtxaqRVaRdk9NOnLKABqE4rr9befS4JbBEgqEjeT7tD3QRb8Q2eskIcsq0UvW7ktRb794TnYc06ojJDpnyrwEvlxDsCFYFlxN/EpN8gV1v18JhPQbQ5qIdtCQqlLfzNS7k4CSvWYviR3+bEVMcwxfDkfso7+iIurH98rQ2TQ8xgm3frPr2Hri4MviMlAFMMf+n73n8T0ZAx3/USamsPtl8gxYjsU9B9dP8F0x+j6bd7Qvd5QA17AZkqACPf0UBrStf+bI77/99z/Pfd/z/3fc/8bztXE4FavCQgm9lKxfv3Q/tI80cetZwGahZdiPBhmma/htugjov7QqcEvOjVGdzEsme9q1SGDSs0io7y2hDqMNKaWEv4AjX6r3qtGDIykH0lx4h9RCyPstkDoPnkvYJoquLgdrAiYyZ9/oufjtpIWTSLXG5hMA+DvG4kCO7ybnyk3p2FHje7c7hYnv7T4h2Uok/fI2Ae529CgMYAln6UF9Ej52fudmSPB0jhYOFoWi6zvht/28GDxGqTwscBD2yjHyy1+6KQvciIS/PETYSmp/+7/b+7D1uQGegCjeeJj4NcPEMwYGI+5xDB5KSBLY1baKLgNOP56nn2N3c8o4rh+soHDEDSwVdFpId6wxc5rBmJcklIAUiK9/e8YY1BGj91ZkN32wfbz7545SPEKzZVq1Rtz+fCNJpNEX/dFbRbPFwtwTgf2tl8nQ6fMqzDQDlX2xo1G2sSEjvyo2uoI2DsjM1fVGrXBtiE7Q78YVOazf3PcpspRoflImXZfh8jJGKEf2KzQN7UnDPdGb59E7jL7eG/6jg9WaZHUdL6mIpf4G/NXZBqZriq11JS5X2bilaF3BOzsAfcFIKpdu1v5id85Jmh/ksf3b6JMMNPfc2fpXHUK+mP+Zk26fmA6Gs6FivKX8QuQGP278uM0/Id8WZT6k3RZ6h+ULkv+q9nX/2rqc/oj/RWkPU9F8v/don3/vZ8O/eq3/x/8CroM+iZKv2MQ7f/jmvtGcTt8D6Io9rs07N8e+e1NfpVtTYBs698c+9FKcLDrpzb+/Pbw/lNXguPYj3Z+D37yZcmnf75fNa264k+v/9eSzX99uOqy75wAx6FfNe17cJnibn7fN/359l3+ywl7P2W/ffqvL09+yTj+59/1OYJRv/Q1gtF/+x3/Vc9n1Tx84p96veo+1a8e/P708fLrBv0xAV5sqPmf8+1+sfnu+rz957uxTQ4a8YmXfF7+1Tz2/6vU9L8iG53A/wX5rXTBf8LfgfxMvvBr+YL/gnT0P2WUgP9Evn7XQX/j64D//X6ayzjr959yx4tPPM8/E3A0+ZKWP334Jvr/oPeACZCHPqU/fwSH42TuP+uSM3/7GlxUfT4/p7Z/J8WfsHpAECmK4l8zXjD5W7YJhP7jYKEo8cfB+seN1h/JA9w8XadqAc3m7k7NfyLk+H9x/H47WD+N4K8H9desLH+FvFG/Jcv5Zax+zf2A/YmwYX/B8KlW75RK4xCoZWXPUOlYwvyPCNvfzf3w58QOf+Rx+HOqhz8SO8wb2MM97gmBcJZsINHJYsnzWNMLqmLZgVK+3x5ohmYnjuonvqVtuuk1s+scfWVtWilyNkSy01uuchmVUsRSMERICf38OWs/nwxSt5yHKp1jdoXXke+/im3j5zFbrromCP5RaqxV0LI0r2MPX06vSDatNNBhcsxlNPppnBhu8MLxy/W8gj7qBtI9odCvsNC9kgf/mxy2G16BGSfzq2uY+3hR6IKOPWoGNvkC/X7HMb/9DO7B/fq6YtV5HzP59Kdn3Pe4ovhvbVdqw1MwvYkkpQILdWplYKE3U6kkQjHHNvfbGbqnr6bXwHeLEY9v7jsyuwnu5DWrcemYxwv7o04xvWIO3cVwvc508KT7TSDDM3S99le9FjDlbtH9xqcp7KdRYfh9z5/vgXu8ct5vshvu3fqmOPQTHA9iz1PO+zr4UQu40eyHcf58nbKafHNfJ0C/HP+Ep85hx/3d/SxwP3vX/f282/X9Pqh/Pm8w7hlwPxe8gw/ug7i88n0HA9rBiIHnQKb30cHxu+0/PaPADb84DBc79e+xFPQLfh+DHrWCm+BZHIZ+r3cxzPR+3dMqGksfKHKVzarCOpcE0voxA8FK4b9lGf7EjPwVxoLCfk81g9DkH+3Fn5iLn7/7y9UN8j8SO+P/i53/wdhZj7tb12f38QYsZP8/BpMRBP+9JKHQn7A2YfQ/hrXpT0UJ+0N//Bfy3P2N2y781ZE/57n7hbsOAr7Gr+nr/h3yuj8oTBIiaeo/TGv3p732E3Xar2nt7Nma3azprGivPwHjQece/Ny7fzGt3d/LRodgv8WLGI3/et788XyY+rfO/6f/LBvdv9Wlv9LpXxmG4jUDMQXQpy/m/9EewPv9BpQVf5FR/p0HgP+JHvkzd/v3fId/nQcA/Y9TJL8jwST/PRbMX88M/B+kWPA/KpY/PY/4qxXLf2rw/6dS/5XLMsxfQAGWtqd4/5eiWso1Wed8Sn8sOvxL2gPWiXf8Sfv5lyUJ8f62Xbsfv7fx/AVX4q2iwJb7MN33n85/Bh//BdAJ/iUij1LEv8DIb6Wexv4g9TT9C8b4DX64v/5HjT4M/2G0/0tFn/y/AhF/F4b4rxB94r8LU/ynBp/4Hyr6fx/rp2vfP4TmB+sn9w1Yuub/AO+n2QGW0GFnWdzxUPs/yfupwmguegHc330Qxx+7KJZMUF6iyO2KAwVOJLWI9RyD80MkWa49nIjZzAFlHY99LJFtfwTWiYRR04tg4FK2qO3Sir7VLVFQfq/j7EZV20jlzehjgXhCHprM7mGh7cBGyGtblhf2yGQH+vkfUSkq54+9l/EOFDfE/VAe1Tu/794ULL+7o6HpCW37BJwcN5Sy2BKrTBioE8euQsa8zmzVzqtZzFxmO5FPBs2s/Use68YEBFMrFtgbQzPqw9Me5+rwQM0CfXwVBYbZLRHXX2r0LkvDkkkdK0dzrxA268VKcvlk42q1QMTmaTejJl2ekMkHCO4bHeYcOPU1qCDaW8k+D211UD0NZsKTYfQpVTq0yA4VpcTia9z8idQjkibxfof2fekl4Oub4LO/3wswbIziPKkMJw7Ut8RLcK7c1MIY6aDCtZhvcvFop/30hFXzaLCWtmeH2ZjKEJuSq458cIdSBSQXd4xOwfa0Gtei7kBvWUNfrpKCbCt9Tas+rMFzQaVMlhr4s35xIFx1G9fS2q6iRZK6x0FEfOao5X4/4z2SFC6n+JdiRVg0EeNpYuw501urft6J4TyX6zk1wQxq8imTydWxrymj22QSCqwia0l5aFRtTxie0Ue2dDAzBAIICGN6O7O0GrvKaNbS25LR9PsVrvimOQOotgrcbilCBf3yoEwYimsk7UIF5jGPE+wZkYdEFG/nCWTJkYIB1t5dUsC2lAyEWfk2DiMuw2QDSZOfyJ05nbVRjD9J2h7Ahjhk7WJBmPXw8c00ExqeWmQgx0LH1owSnS7Vylr1KCle9+oiKywWyrrnw+exFKITtLW7GmEUiDM0OzjdK4heHezrava0hdiH8g796JvMqsxBdBtaCWK3O5Cvf4ZSrUaH71pCa7j76cFAY5iqcCZEk/RzfmAKc9AOUx/VgI29dvdaPuSPaH7xUnRYB6cjApVo+Svl5yYCQ6V1FwmVnGlNhGE/vpMtHEw0wT6VjoeKkRGBdcvTM+2SnXzKfE9kkUjg+K1amm81N6z3qaEpvNNkv/UlWLA4e5U/jcAbBJS6eCZ7I2vdcymS7F6294OAhGmsJCSw2epW85r7sVCcTvm3NRCGExNjxjMLSBmjuzjF6mhmgyGAcHtVWap3ZsvHuTdIa4rXGF88Zwxe/hNLBUjqiM4yAi2LPMp+pOPK+U1Pw7IbZl2m9nz1OTxnf/oXAcIE11xCVHwEqdEWZD7NRmRWIEClJb8590LDnrhfiUWHM+oC65GbXg8LKVRNQfN0ZRJTbWfgHjo7P2dNASGwg/EirVu7fBeoVwDrlC8hrrtPeN47/NufX5VhDiR+RXP1XMjdOAWElUIhP6VKeCqC476DAs+iAomuXnmgU7rHt3rX8WFOSYqgRTmJpdOG0u6jurriwpGxv1T4Ya0j6G/T9SfnljvKdJmuNCp3OyRqdJcXsTiyW4/NPeB2ShljyR0WrO8gOkUpbA7lCPECwu0aaBy29cBYJpND6sJ1rK2IuE5kXq+TUOp8VadvjX6SdrHR1IdJ88JBGjj3wNjGB7WggtuUCvKRPkanuVuTTSliF21J9z7DyaJc+jAW8xMuaECQCNx8xe85/BFk02SpyQTvYktfS4s7zvpKvR17N+xcUZDLNYQHxodse0+2W1jTX6GqBbSaRrAOs4jnfRDAs8OfzfDwVUUk+kMtnxiX313LlG9OAKMO91N8q84qohAcJticSfdyGZ92b/s5BCJg20XB6c6gtful4bN+K26glAGWBL02u91HND7Kyj59llzqTQKh5vwzfB5285DjlyGDeeB1tuD2idc+NrvG3XaSD9CuoW7abloZ2r+W4xWAkHnArsRRbPr0K5wXgqjiOzSHYn3k/c61RA8kDjRD+VBCgi3HJ9SXyI2KOmMy8/fj0R26i2oC4twaQ9uKVQ5aaiszLim4iqnrrX3C2SNs8AWEJbNeZdYBj/FO78WfTsE4EwjsuFgUFEvCt4SvxISGuQEWK/E5xU0Wm6xju92mPRCTey+sibMsrzMuURtaCPRd89JMopjIiSDRKbC+pbZYzGi7ZT7ZnB+VxRfW9FsNeKDQPmlEWlFSSl1cOD9Vx73qKPqoHSnjy24unnSr1C+F1z2B/YGFptEScs1UjMHrbpsrnZAKkZxLveEx4D9gxmCutRegdA+L6i7llQU3+fRrLuVK/kiAFO8bgdWmnWwjsO71BDpWYLLpdTq5cYy7lJi+njbJtZY03JcBrTKuJCKc9VX0Hz7BClMugBoTHepQ3i3OuWNlAJtSYdOkuOhb6uVkLUfMsPhv4ZqXkUK4W/Wkhy/YysYUe/nGUhe0j/FzCSv3m53ZxpH+YdaTOEYH0+KhObNyL4vlpTWAyKsAw2ErRQsinbxNeuFi9kklwou2DJFC+3LHqcjQEk4aw48ajuqIb6a7u+hNxT5Ngo3DvPWMwo3bu7EaM1aD9IAnR9Lfh36lnUG5fFir9sNn9odkgMc8Jf9+AAuTjSZsAlN99qV8GuQzza+uWhNUlD3tbY8hpzjB0eMj3qR+E/EErNhG70XCgOKeYX+SyWHRhwMC93WuLIb5G1Ji+FvLzTaojAo+L8WPsQvvC2cfZtidaQbMtzXYCR41qKuIvwW/tWuQRhtB0E4csa7Io/o0uRh/DrLWUJ3lWQUNq8mtle+zxmls6bdgJKg5xL2MBMfe5yskrIzk4+GeYLU6++yXK5JJH1Y+NyBG78ac3LWv5/WtDY9e1QvvMq+qJBWSUzeFJttrEs0VnZ4/3+YK8ta3A8HrBis45QICRDxgOeBvpOmmZDSjfMGqo9C7IXDNk6LkzkndquHW3a+9wBFqxuSWuZoikDTnTaSEl2tPsWXooNmKjd1pZ2Z3TCSjLZVn0ytBvgVJI1xfZ9Ig7+5KQHXV1qVeDgEzYZwhvQ6TcVdYILcweKZgINE4pVfyJcwJqYeYX1Sw+wk/khsrG37ZmJKKGMLu6HPm+F1hxvu9M0SQdV7OiRcdwhv65Lwnnygycm3lVzHY6A0O+DooqMi1GsOunLK2qrx5IYvlPPJ60iI+oVjU7fe6mKiiddnD4oP9+V6t2xHFG9y7dW3Bbc+3ImFSOE4n2z90IRQxXXppJfcsjcbtyPKBbe3+nuzbsGwFe4ozZ3UR3Oetkuw87uWX2txqV6+1p1+POc7Q3dL5TyppUeHGnjqSxZbVPkF2TLazL4yksFf3ump3arYb3Vr5xx4Z1BlfszDAUvNRlA8BYwz1umx8LCURjGeXK+Z8seFtfFoBed7S+RTue1SMjDmNHdWPma4TenzTNN8tYgSkTtHdDNaPsIH94oUdw2Rd76VovBfQzeN7FcSjaxIQh5r1bloSu+GALUw2fHFkldYP5VS2D8pNYhp42hOCgMri6oY79zX1uHBvvPPzCki+pjuPGEU5VQ4GZipqimXnEoz6OnFAB1tiyuL6RBZaxQQTrrGF0rVrhX83lCuE54qh38qY5zjLk2b3k1iND9O7Z8tLzNdXF1X9KPNFeLFM13qipMyCuIjQboiPj6rffkm7l/l3nOiPTiM3MjXqN0O89vdpo4EOGCMUXS6oUuwuDmQvPtRL2UTMJPtCM7GJFa4y7SkSbRnOb6UbjUQM5PgLVgKuVvbjnxbDKrh+8tdgWgQDKZk2cHQaoIbVuqddH1INLInpAbbfA2EPEc9Dr8MdsR2RamNIwdDydNq3Q6QG91a/AQqIWGYU3XfUdLVNDB55qUWtlDyWOWREPUTF6TWkbpyfwZerL8+6ODeuKtxtfkTRVdC0XmvFZ/KcXw3IM5Oh/IVGdPil/+W+xPY28qleubXuC1BDkfTkjtRHWTc7g4Lv+UH0rX1yHrfOylA0ew68JuCMv+iG9KXyKEpXFflrBGicL5aPA0bnOi09bgJlQ1SrDbTTZmvh/S3GOBtIez3JeefZ5y1LAvsxjdh2XMrs2OF8588AvYjMzuxubib6xW72U+fHJlP8uG/6mrI49UqxTjmhb1g3+/WAAkOh4iax6o26FK9GWxLk4agUfsVO8gJSodV2TQjHsdA3ztccDExf/RQMTKFriMz6Nmk4Ds7fJwS0KnQ7P60jwFArfBQnobBOP12hMo6cJ0mb46kC9qv6ekvowBiT3hovF+eTTGH8WwoqAbMg3RRFAaXdTl13HdqK2+/gYixib7x0RTllLC5/wxP2M6ZIr4VeODVegzvmCywnyMaYHZc6QI8DJBaKJ22h6tbigARVVEkqnJx3uNpYGRc5xOiP+cZJWtq9xCFnEtO8bpUiK5l/akPQZEUlN/z9wuINOuMOrxh1pkflmrFKr1LZeT9vo2olpcTmXS1TFG5aAGtJVw6tHZh9b9jnkVzax3uOOzoKjVVd91j0vsdUQTqfvB00mxga3TEwp6Dp89FgED/56uI1MOt/0jp9acql76OrJ4j7cINvEpWusCdT2vmnv311heuaSVduzbDt2up2MOG3r+DZ6N1r4K/XjV5d+5Y3DpUUyed37VXSY9r2iZhUKaHjVk9Kp0A/8LGZmEzzCPuxWcDL7utHF7z2/AiKST0D95NlpIDKMgLmqn1OJjS9OoUKaFciqqhZ4IBfpA+2SkTeQKc+nURUMCvGf5QbTLeeOvQgJr/+wpbPXK6BGVAlLVKA8JxVBtYamjOixUHsFmnoaHstYVdRO+FkK3mzeU1vF6Sfg/5YDQgyOyQmtEO3UDPRymgqeo17wU/c28uViVXKO8X77TE6DkHW9je910+QsbPPwYSGPtRFzKiZCBe9ZzGNcxs+kiR+Xadqis+NXJ3ovPW9+qpQ3/DU9YJxTFr1i1CycVolLGiUGUCYV0veh6FzjkP/m0/ghxLwW0HvtHUg6Q3y6uVytSU/tSdbW/wWMPs+1R62uobrRe+Di/QqfHijbvvi69PCD42MxrWHzrh8fgzdw78EBD4Uf5JbkjEu0EocZClkttMKPhNWuMA0aSwg2uGGnUBW9eiUaT3QKHy6DQTaSd/e9vrGgGy+8sSY1sPFp/XTqGYv1h5LCOOH8KkceGRtVY6FT1JK7RvxpgngbRqYOUe9x0puNJlrVGLnrAyrdPDaNq46wPrtlUGSw+CCfo+iBxo3qTdqEDFCxiHXFHA48zObYcTcsYDkI3VrAtHsApPXwTwuYu/ju9aXHfypC1gRZTW8ySIhJsDLNXdlED9qPNI9LzOG23BuXUlu4wmxFhnXeqtyiwtunEo9JwmzDqb0eNblSeXRMsgia2OgKFrYkE0TYdtCH0OiYNVqX8ezCrv31WwAN+EUxj8/FD5DP7mj2Wt3kApNoMnn/TQ4tTJWrAKrpMzmFSssD5Zo5mH+cXIJNXbgZDJ3DJ59aiZLBy+GhVha4Kd8UfZztF62bo+j80EqYd5KfXzngjAHxZjO5K2745XDnIW2C3FlsZDbvNaTiRfvFQrJZE8mWIdBYcnEfUF67Db0C2amgouDTmhUnNNDNh894W5AZUVOFJEimhpz8I4usFz5NChlyKvbv8a8mDlbAqxKvOqAK7rhjIrssQyfaKoAQpFWALlP/xQbE2BlDTdQeJd9fgLrgKAihbj5m8f4LZNRMhzfc8EsMmHmOSODdkm+/SXOr5KKMRAF8deD1bTPY1ZrcKFJmXKAdBsz86fhw/Ynx5XbqyMUPLhsFed5l0ar9DL69+f9XhFMaxSpukEb0U0d9tAtmSEhTH4yV1EdgtsmRo2gYNUC2mRI1N9cqqsNLF8IcoUeTDfrxbNXCxKggswk6UZFimlIVr6G1E/2zmy93N24GZ3b3iZEUO45xvK7SjLf5CAdeOeIAW20ywQacPMXsmH5NkVLs2LHLhIrCe/F9+sIHr2gkBxkqqqUi7jdLiLRcLtXic1wQUcoYLsaV5+p0KXM6a+yYxeaoN/0lhvou1um9mPTXX02JDNg8K2iONpOy92JTYSoQ+fJdZUEKWW28CSV4HzchMHGBB+dqZJNL6UAcT4vy3aCTHjZMuK8mtVlZibqeI/aTZaAPf+20ZePlTgzDx5Ea9wWCUZ0lLvZS0k2X5QGJr+91++76yyIAoDgAKbLnltl2GWUySEJ0XPPfyip8BwvaXoRsqjmAjK4l8ngM0M2Rv+8+P0kJbqmQl9D3oOzxEwHgWTwJCmZmWZqRFMyfDOaTLNkmtSELm3q8PYXVFVTpi+DYN6q5Jcouy+nR0mxmQhdhEFAqxTycvjMLKw7ifrRqCnsQGO0WsmHBGnQNPE+bh8AnU0TLPGkzJuZ/DzoinbN7V7mbri0h6I0eG+ZAev6gKmAI7NhPKcq0KNUzPTO+UJFAbF2xXQInnBHdM94OfE0OO1jmQupUn8AZ4iyDuo5OoFL1nLv1w5IRGojLqFfB2LDzYMKGqIbKKO79DAWsdfd8Pc275iNJvMk1mdeSDqudCNYPt3wI3uhh3IgmwQlyVsxvqypzvsWLgbuPcDos45VxBfdd0mAmk0NfNcPyZDYS4A0xzpQVpGusIea/TYu7XnKyYU7M79E6th6DKrMewUWd1r9WIW1Qtv+RK4Vs4vHfNX83omxNll1Q9pkqjGuldvjAdbjB/+M8qcDebDHx8ye1Sb6ruc2ez+SMQTysG/GdEEqhxKvZtzyA2Mwi7U0ujuI4CTQDnu/wluL5yikBckPHQkTzPKsDek2bkaWlkx6ZfGoRbRjFfiHS/zS92tijLsQhwp6hYO9Pvp9+2jUewETknqcJgN2fLpZTTr3663Z0zsyDcYRuzaC7vcimP2h0/d7oVLyZubS4D9HUcSRZN/o9cg1UYYBfHGnIRyZN8S2y/Jqrp7pbJ8XwkuZVFkLw9qOBWYcxkZUgr3lfLtl7ZoL/Wr3SzWc1JpvRmkUQvOBkjzcW5IwefKEhlZLtWSavK/u86ptpQB1NEV+ktFWCdnPfqPozXyNPRKSKlf7yECoHyuXkcFh+q6gksHysvRRpG948I3nmxeiLlziBdu1M0PGNyUKofNZtgLRsFPyD35ykr2ikbJ/wnOTCZyQhab0lgfucVJ9QTa3vRpfUBVmCas5+ntSE3WcY3wXUMZ+2IFXGlpw+IKsCb3E7c+97BGl1lY1CiXe/yT0afV6bMfH8IC98/EZSXybHlCIcmSAy9pbn4bUvKEYwG/DDhxA8wFM5/v95mwb/JYpLm+T+3SDU2LENJ4isGbsjtcN3M5znjyI2ismKF8JSVfSqJ4d5mjT5WhL9UiyurBXlqO58xYdRnsyHcVstzfb3Mh5lxIwp/f+Cj7DM1QKt6G6Bx+qjY0kfoQlkl61t8syfvxJmpy1uvU7bwpH7XFSjJIPkcXZp7DXaY/leyR5xQldHJKZfEt0ArrcCoiYH+YZEVl16YDAVowI1wMSq4Ryk0d5srvkk/9kCCNSbGBb6RbHo4eYnMuo+dyBfQN/Hkdpewow4yqdQ7y0SFaIOpqyqaW+JOC8LLVbZpxgU3Hj+8ojagOdqlsSLwg1zoHI5SqfIug2gSmLH2Ljuc0AB5jc4e3MMJ+eBGL1QOB3DIUE0e3mySCH9GVxYBcJtiMKP20mvsq8eD6eH+IF+iz+VkrkR2xeh6dE7kZQjQiGXtNByfIHN2X1pLziQczt51CBy9tOV/3GRZJkShxsXmIV2DmCCiTMvCb2LwI1GRTjcUAf46Yc3C7Tp2G45z1TxNubaLtxEKT6WB98TJ4AW+zypeMkP1fpiE68XCD4sXGAl2UF+Zxm9TBqo108l/BkRChynKtK3BXARufk9hyB4iRFbMhGddm8Odhe1tnqfotVM8jnvKaPYEgE57PuPED0kW/5W7aOY3h5LW5/CgPu8+uehF4JPSwwTDc6Wr4F9QIv4pxvbb0bV75pNntMhFlpieHSN0jhywsgArkbJPHhzQkcIMSgv+tMVWlNeekfGW5ko3xEM8BW8m0RjiftFAHKrD9I6T7kS7LVsYN07vk4EE1QZnt5B05TqWfeNJeUiOFkdM/4eqIU4Dll0XHQHrNur4e5gFTVxEcOMpAabUEvF2xlxg7EwuwXrlS3yIxa907UBgM2t3TqXHEp+iEM/bqGlPs0N2WpL2qoSHu5p2vdwfaXqQvSxzDpnZypQkZ2K0zKck4QofGKIdmrhBQEaODsjsaLhgqQIDLuuuN57r7N3gdl0cRt+9BgsRPaShJHI5N8nxktI6QPLFn6eUyOt/q5My7CyL98r0+FWXKy7PTefeGnWTiUGd/cXvXtUsHjgUgXLk7LNUH8+vmoqw2LSBsHoEQYjQ08YcvhiCE6EsOG1j7JsRz5UxLw8bTxXfvcNoUygwbkKoCNqgcmR8d1m8PFLC/wrXgEUf5Qk9zA316OxvwHe13dgHRGEX362RUvLH314oj2+nbL3wLRQmxFL5PkDVt6XT5gKRkzK9Qniy0vgtBAu6yQpBdsLTaCqsNlX3B8w/mdtZhiZWPpKMfpHvMp4YMQrjgHbK6QuB2IQSKHieJFk+JEU3j/c5SB38el/BbIKVWU28EKzdCV+lAEpZFFPQ5B2jqE6RgBIS8iSnqjZfd+YF8Y3DXi9saPxwFelLrBDnagBPECuOGN2O4uZX3xzDaaeee3l+ZSlrHU/dju+G10+Q0PXS2GJzLvEUIGXF2np5L3NDZNS+o7GBYa0PKk4hb5OaW5/4py4W3D8wE/azl4zMAHOCdHwqia5iteKo3xiSiaJ4ST7iRTMD4vZFoSxptKQ7kB3uLPZQbNxu2Kauj94mAzEIwZc2lzP/p1BZQbXDKHaJyArMwxZe18ejKe9KAUqhG996OBdxCMmkkfa9D6tt+fxUl8eYG7jwTls4FMSb0XaT7k1h7vRvmey8M8rkbmb01+vmWgemfaqzLZ2A6B2jQR4VVThHHTzgygLYFRsy9td5eMKhm/GJ7fWgyxa29CzDMxCnOu8GmSgjA8HJsfiE7yqWgGcqiUwJ0SIimbcKyj300XdaMwUHI24wSeAlefIS0B64hDy4c5MxZamoGz0nyS5gJLVZ/taVl6mBFkUtZiShzvHUnYxxyBxTdkl4TOC9aEtNPubTDVjsCbWYLtxxqFmR4iMm1k8sSXHQTLTT+3sCQErM+P4Z0li/IkV9CN/uylT6crSsbVEkpMGoY84/2AmSKqubH+PAMd2HE5vuz6UB1fX4wIHVi+MZ6VYrmaK/ap9cl8vecQdymqtQkeiaG5EQbv2TDBpK0zq5YHq5b6SBBWy3dHI/JVXHDKlSlbNGEIJuSTcg6GhMaghEA3StnATIgC2atf+IxAjwPtTrVjNS6sRf78QPAVMm0hPoWHHa+PR/tSYD4b8SSelU9V9UgdL56BD7Slgkkros+8YdSA09Wlt1Z8en52tN0fijhoeKp+XEB1BY/Qc76On7yDF3cNcIgFfmc+k+cqHm8ClT/uKJ9528Cp7O8VnEZewd5AjrNw9lSxKRSekoUm+hS+T3FXEhPGjvZ82GjVkjlYJWAfRnPQxRu4LGYIxJy+KG5XsxfQ4VoqIURJ05BXrSQY4scjNy3jnOl7Pm3UwxI4tkCmnNi1b3Ew1iPEaNHaW1f6AZxTBZlHD8o/OmxEY0DCJCpg6FBgWcWyI2mMsRXT5ww99dN1yItVVt5NikueIOz+0uuOlHErc7bQZ3uNweq/AB/e41wFltI+YDJHl9HhjyfwoHRPZjh8cuPWSwkAcltX9tAW0OSzqPUtM8JMFoPJa5pb0FQ+FkIlSfETgTdiMgU4TfUuSJqaLE85LVoqur0/Ll9b3RaXwWjroKnizEQYjQZlec4buuIgWOo+5Cco8FFpQXcGFiH7zOFWi3M/cEgtiPHpk8HJwk0K2X0Da3LPRmpqgLeaY7btTwRnTXxPspqL2jmCmbkYeiReIdqvT78hDzNEh0POxjpQ3MB76Bf0T18OERGORLBHsDBi/6TTWzTnFjfoNw5V4P11P5CgRzmpyNlBc4On9mOgEpIT/YedpnbYbl5/ZFGkk1xuLk1uKtqTIJ+41OxrQ46oXU0mwn2p3uaceVdMyxjP4m4uekrFE+ErXSgJdg7EWv8YXgoiPYpblFOq6T8rHGbIw9uNou53DtNrKYsPgtCv55ShRZidOPWtwaCfPc/4NpT4lzd9kN0R3jjtX3xWghUv1lQSg0e3t8LspVEyHAdwCzFFPNMUttbq0iVYCtmA9cQbQrjwJrHKtacx6gxqao6CQQ6y5o3Ym4vhOMh97JDY+rr0rpPrXS7OebmHyELn5+N8xeUKTFaiaBqYmKu0Xc/tqFKovA064jszADyRsGD1pUHlXPVXhTX5G2ArtNBuYMlAyuzMyzyhyXgdMh4AaNpRViC7ZHfI+2wrpWqkjx+O52bRGnb7d1WKmS8BmcKiqYEyzN4nEEZSNXN9JTqfgMXj4VVE5Bi4ihFHQjeVPpjwNmgAVe1wgSqPjyHV2aPlEFhuhZ3dg8ptTqHJzGSTb2dBXUXKvW8sKp+3S6+7w70U6znFWUzhL7A4DFah9NBEZjMsXnmpWaLyavjpHQceOyWKK+7sS0GEA31L0NhnA3qra+tFzmBvI5bQlGZpNmbKTo/6xMzvbkgvXNLzcernoahCokrz1NRkTKFtEZJf8wNNk2xcXwj3FthUMvaHe6iotyHTWbpcGW0bW5V149yuwMi9MkinPznXWp53WFjWCM7CSCcIkrrA2sr+otTk8O7XB150JQ2H2lU0McqkaV1XvbM3+u6079FX0G3BO0BF8sXZXbfbcP46gawQdHWRHdC/vdZINGMirCFRSufKGR+rLaUca0rzULGwllIinNGYbjADMQwnxVeXsHNuX3npbxni9zl3N868MVDFkhhGQQn7toLEeqvk4TzA0FuyEi+2cHt9IVO++OCSqxpOduHtGbsJVH1HNh+Zvng5oTKBlC0Sz+/+fT9SmdnyZHQOqIQdZ9s2s6igURx0FxSdtCGnfB4uKz36FqCI8igEp2KkwOkdpRwXlBNSxdUcqN/bQksyf18VF5prBXTi7Um54zm3m/WtI4pfkX4DBUx+xc2B6XbRz3keqXlGY8n6+EBuy1tXJV++Oli0zTBwbpTAk5q3tJtQfmFdptdWKFbIQR04sLvhCcmCUnq9d+JjeiaP21LYtQ0/UG3WhD0ZCHhHpeWVwB89FjTN10e3yquz12dNqYVnUDV52WfygN649vEMgtw1h6Q3baeh9EL3QtcCW5cJ4xYup9ht6aiYFyx5TwGktsiJguxyVlCML+ztNHQkCE5hXZUfAuBy5RtQN+6bbmj6GJ5vILr9Sz6BzcJl2Q64z8YR0bI2ljs6mCvs6OLTj0TSJAdbvzE6GTDZqK1NmQfZUTHekPx8uVh1D3s5fnmwRf/j40tOMXIPVqtK+4hY3AIOraV6o9bLA3vyQaOHouzKgUIPOmI8XWwZEw2vYuYsRv72WLG1OgSHH3APYgJltHwJYRyhHaJ+9X1s8NvdSqlsRiN/32bHyqPshU/OCVqgioulCeyHsRGL3B8BG+zlJOodeZCG1I4FwygM+2XldGe1kvb30eVjWntQ96Eu30bJd0cOp5YA/A7MaVHIJ/KUBvd8WBB094vzQ7eN5Bbafo+Lp2QwHn/jQEpLkBcYiSJN3FWsgm9aCG0phJkuY/ZJ55DWqsfqsVLHcoJ9wzgb0fcI3sqBRHF70xEHMGcJMKYmHMC7iMyXNg60b/1Mkk8J2aMePtOpWguhJRkJiqpa6VANZ0MApsSdqMG+Q+LpwGOyIpFRGlnDR4Lk205FytXBGgR6fQa8YJaGLwrrWaQP0RdavyntJQhJf3V5mAd+5a7gdsJw/coy4uBmrluy3XPTFcNZy9vrnvvXdAp2sm1QQ8UFzlERRieV7AHYsGpnat5+8PAkI9U9HhRBomPzFse+Ax72R6kPWTM1egYPkjx06QqZjSzc4iaMbUtOFasQ65kifF1taQFw/fpRJlik5LEZ+WWFvvSfDh2+pM4rKqVuFzOfwG5H/Co5Tp6yzKOnDp1DONejMnJfguLGCznSUQBGtne/5OBOpzCxgKiZrWiOmNfd/NkrzHCL5EaNq0ALdoxK/eUETxF5EjWUd170bD4fp5TE5MH3MYhwU/tvgPaS7nu+I6TdGfKRP6kiAFugzpQtJ0Yr70zKfOaq6MfRvq48AfRr7/n5BlzW7BC2herYsmWWr+XQaWeLrB0NKE6vu5HR6ZEYOZF5BCFXo/Vl96HPPhZlIviGkTX7MlA39lKxn3H+qWPP8ltg+MhVjhBCYS31XbVRPS4ZHfMcisJ6OF7Wl3zbViiCHaYKyw3fxiaU/Vw/MmVnJ/fdhBwKCsaICV98wCaBXFjhHtNFydPQ2xUyd1THqqbQ+L5b/Vmq06H87ZgY30pzr0k7T+fH16hU7abWKTDikL4wccmXsycoWEIluhKL0CvQG+drX58lSUw4r7UeVHBQf26f/uXhsNZ3ScRpl5uZ52ueNAOKwSpDhmvaiyPZEqYJ5NmcWPuxbUtSCdTtAsGwj0JvLcTXqrYhU/5RPfcni48FcgJzloyUTadpyYTX2FErQAPMylgKn9yaK3qmTo/eXt6wrqFry4e3dQZoP9J9Axm6octLw3pX2O02tsfrRHmJFZ24OjOItZ69pJiuU+jZ4yQIlV9gn4/9iUr9SqzZeZc9iC584nbSQ1hR0nLzuYcKgvOeLJL6m2x9l31IHOrqU/NZd32DuIMrr+bjeay7oVUY+XkmjK8/QuizFIrEzrfP0JEPPFzxp0DBy+OUPyD5oY5d1q/Q23ZVlClzJE2Z6Es7mFzb3vtM8Q8GYj8blLcjZAUi6NSkTc26k68Wpnbq9LeoPq/KQJCEx1ClZBRLrTmBqpWivcJ6gZXgu8n3BBonYyYChlfYoEl6a7M1QL9Brk+VFDeKfQLLjTCWG2hAUkzC4ZolylhT44sysc0OKwbNW4o3FFoqRsF5PbzNCgSzQ/ekugUMFLpie0LuZCu4TvLsgmTZyg7OL7DnbVouWCK+OChf3xAUVKfus/7GS+qYQpgFlhbJyvqUb5QjT8cIL92G8j1CXvg2CSE9H1BQ08QD1jweK6RJfMI2miml6616a2jvQ8W4hePlF2bTdOooN3roGhrP58eDjbKq0AzGeRhXfj0IinDGmXrG72E0fNA53anE8MrC95yhNOVZPye2W5DpWcd0vmbm9qyzOnyyPZIo1TiuXoO3asBm9Wne2F2xNoTMTRRFsXrFSzfqyludDRkCvKpH1/W5ixmxkrF2+AYBwFbzWmew0MUm1/kAq+cU+Yms5L2bYTWF51RqhH2NifrckkIujDNEexSnKhB/x2rIU5ZJmS2WZT1M9gxlK8qadxxy2BQAWwQWBqtKQvnJg9fRec8EQPKl8x6mU+NyNDlXN7ahB4dYO6bL6fv9zmp2x4XZt17uEz0oc+jEs6qZkJLBeH6rgP3Tj8LUP/8VI1qqnPx6T1A3tJVWx/LriOyDoqsXJ/U5FcIscyuYNu14Q9rIeFaSVNmzI1Ivqf1GigGEJgr5sivFIZa6xEElK+QIXvVBC/d5AHw9S8DkJ/I2GL4QDvEd8BvEBweuApQ8F/DzdhxrD8atuRl0r09bFTFrgejUKvVuv5E9Y1lArEFc1pHZEG+ALmrI+YnGvuFpzQvU2ixeb2gsvQ/Bx+M0ZZO8HBzIOWNdX3lGGosSi6uOgdnp3QDh6TonDNbdz+KHrPoBMKxkQfDminb88bm1DIaGHlxVz6k11h7AwKa8uDDucg4s7Uhv4DV+K+iBFYMjXlJzo/2mOk2haOznR/QcXoOSZHwOIlhtgbRJbMhX22OlIGBEk8SDsKrWylou6/mCc4KgRce7nKGNBAhelzN95WurFSMycvUcOiLmMZF/hHzlv6WwBh5fvIM9CvFoUay1ZHotrIkBGw1BiuFYzADrzD0x034jcAPaEJMcPogQmY1Bff146ZaZ15VjCoxYR3cgg+ftZwMZ58sdOhOjR8XqSOsh9gbAqnRfYIhdZW7BDQU/3TiPG4leX5VJYB8zPUIP3ecHRxjnh0OhdVWYx4McFcArz+K3ATCkkglEP8hfJYa0GOSpEGG3w6Tdfjr5fCzIV4x+zE43B8WRKStlX7GIiNoR21rDoq5FnmgeSqa4o8V7l5+rpbYDdmK2dvB0YRANZuc4expEWjX7HMdO4oTZSLqRO6Jl1BjtR8/a3QsU87UQ4/hGH3TziBTE5ddiwlOall/Fi+qOWyu8LwvDcAu1hb5STjOyXjOy0LsLGTtlW6uYkFZUAWAUVktF5Z5pAVSIYUAFJvN+2/Zys7Ycr8wApvlI2uvJC2D+mVg98JBxPHm+0myFv4DzcaTaHkbvby3b2+cxJfHtb+lI9GOetHj0wixu7tQzl5KEJMuZAvk3GJ293ydCkYycMw4205R4jkb33qJJw3rU8A13amRF0Fm719En3nYMU0L83C88LjEnabIEMIHIJd9TCzgQl9m1L1fdMMZN3I+5PEs16fc3kx2vrneWDWF04PSappFQovHujhJKO7ASz8peUp0RaFQ+ie1VjlVfVS84cFwSDYmp1m7sDRRGcTjZG3/carbQS9N6/4iVZ4szrfYjyZZiNlwqkR0yqJIHSRLRpdo8IziABFa0FAUg/hO1LEvE1uMTxNyt3ijcTMC6gXTWrMXLMkB7Oz4sG7UiKHpE+VlwK/tI8Jh4rw3zYPseXQQT2G3F6gtc/iiQjRvTaI7OpbiukCsQVOJCXSjYDW8LoqjEvCEOnWQPqLC3zyvBEQyGMi8Ga5oFtwiMc0UcppDmtWLvaAoyAV+j6mEl33qmC+/g+9cup8ebnhWIdMwZBpKDHlfMkzdSAnbd14h73IZFTtFpe/Q3xrLeaXrdf3iLbeNZlxlMvjrV5wfNbab6KyzithzmAEPSC/JQUN1b/EQFMtnVIw6+/kl8dxDYpZqebzQEbiWHdVyl7d09Bmk+I8AJegn5voGhaLFOIE9qu14BmMyfD0xjWN90yMPovpFTxWMXgGqpz+lGFsXcObyhaMho4mGgPxhB0XvB2jfH1NpROUTzI/u86Bw3rB9Is0SRiu4wGpG2poY513kx69dp/oy3AWIRUxm/2P78uER3NqyGoS8+gXN2h2QSBFDhKPkJ9EVPXAR7HzQFjGKfV9rj+qkvtjRf18WO1snSh0QLZYRJroVeNvWap6pjl3WgTRjDyhHtr14cxQ1LnA7Ksjm3mmhQbShZzhD2fughB/RbbqXrN73zCBojGI+nhIJEp41AkjpLFhzDdjgHXj0K70sQKB0J5Yae+R/okwb6rM7U3PDv+iBp0EgDo9VQw1hyzQDQt5882sFSVp1yd4urnM+oM0K9SWrfNRMV2XqY48RwlhhWgXKT13ugoFsOfs6rAaDJ9SuDzuqytz4366DyBYLbJOaniqtSdzduR6kJvrVLUJomWwK50N0pII1lJ4s81IMaBNMnVa75AFj0Wg01SkQgzS+l9YZTAc7V8qF3KxZHPI27oQjGFHOvTJgRb+HUx3Oj+CqzV4i39PP5CBF5MjqFKhPKtLxQVgj3Kmr4ye9kv5vqbS6lnQk/PEPHOtnXQKpb0Wtr/iIxRfNMjmMoiz2ca3t/imJescct8rMx65sMNK78aQaHZNoBZ4NleMPP83OMxIaXKd7Dy7aFyBvervmeMM/cLspKqUCsNydfpyrczv2BpU9pJveJIYhWJgd2NPvlZZzRgLquC2+IPrZhcSTpDVg4/WgfORASgMuOG7nkui0N5tWSh9ONEEuci0BqqxaokKi1W0p13+XPaYvQthiOePtODmt6xjsDetTkeCVr2y6E7KJjNqZ70T/QWAb2OzZvyMV9XcAuGcsHALXJU6w/ZM2SR1oCay7y9q3CvROZ/2KcAqe++dmdQ4WHg9RQWEcBfB48R/yYE5LiCof+2NB3XbweU/V2Oei2uVQBL9KX2pywa35ASplaITChikU4RSpCwLF7eMEy0/NpCXFQmb2gwHkg4EjoJBdul0hqccDH8NFELJH8TQLjkLAfK1WL8HYh3Yv7lubN/EfetgTKfg1El61Xrlbh59Zp+ilq2HkuK0GbZNbevhP/E7JCUVJsIsNAGf+FkU7s+3t7sfLHJA0GS6L4+appjt/X+0SCvh3sDsU0wiqkghCBoYH98jkFo5Pmphy0yN0oruJkhlv5e268B41w42M5F3W4Zy7GJqi96H1XMBtfjC60ZOeVUBwsHlpY7JfzUUMFqnCV85IMaKhgjQ24vm4gpzOPqQb2ZuTgxzLdmMHcu5oQz6dTwfEAkA9sSjxIEeleJHj7G5/SWuXYq5lY1TCb87T6uRX4FblO2py3t+Ie1qAsoGRuv6C956zkYkJtCjSmLOC49FD0lb79phefIvm0koEfm+aGJpUZLaGhsHp/HULQT1p/GJkaI5odWPv8Eiadn9NUzAQ6SyehTz8WUHN9NEQnNW60yYJVHxkEgxC8NfT2YOE2va44klHXs6OpfpoOvvZO/HajWWA8A1ZyoPTK8sFvVDV7oZjiV2rgZnGpoAQ8a9h8kNGMrXVb20zzCD7aU2WaQOtPspi3TeD/D09XkSW7siS3JIahWClmmolTkGJefSvqvt+zqlOQAQ5mTiG3X4j91WZfHfK7jd9vlbytdJvSi0HdxpHaaG4hNfPyY6nCxEB+lM/qHiC/KmJAQxzev9O88ctpHV74rw/tKkbeeh2Uv3XaLHBnXC7PzGLok6zoH3aX5ZNMLTESU95pKFZZQGiKIAiy7bru+LjeITTg3GFeStHX8ZRqRaehWEqbS8/jSwtPLH9Sg6tHHW51tqGOoThC7gyjAbzM9tcJ6NjtKfR63cAO7HohnyBDbaOEAep7Kob3PQXpOSbAFFL1XDzqWbzsRex7VBjItK84QUDkt8yXXp0RCL0LejILc/FnX0o+OBdXaZ1YVhbHJ79GaPxjJ/AOJdbYJfCmTIZZN1y6Ju6AW6pVZq6eg1ox06xakA9HyRFm6zO+cpNlJsX5YR+0AdatM9XC/dN2+1ZdE4Cb11pk0pHyQp9g2VJ7aRCCNEn9Qr45PO6FDVyqJzf+YTvkldvfGlfFCtyyYETb1Euts13/755g9ncXtvRBpXzTGYaJLbl7rKFFFWtyOLqRNixGXmbuVnOvsJUyAIXZqIRhzqr6BsavdippDu88dThuguBcqi6CnHiuDZJ70QHPPYB+rjbzjRD+0ykgqBZ/fXzrlYcjpQjgo+VQhxeg5bBaWYhUjF5OrYqWGo/4AjGOW3SSinQmWx4ngZSjzcVOH3oQjSrTzChD/nMdofiC5inMfTeNBWapCu9YStTmgG9e48zaMZP/zE0gLxm7cUf0UP8GCei/TesaVblmhEi9OVCQrc4cwYeigW5gnTlc+FI6ZnbvsQ9dEpuBoM9JaHgHIO6SoGx/FYd6kvXJIsn0FarkADK23edj+wpnb/yP80AMVzZULC/18+efINyEBq3vsxkdNWcSOOqQ/nVmH08TE65/6ZEIpXBGyfh3+KDOhR7o9UIW7Dz+I4rtN0JdWRRmgLPRwZwXDbWb+G9KCwiiq3KvQ8jmeQQrKmHysmeXiih8SeDkQyK9ORtIPfq24LvBleEvJ8d+WkMYzohNsH9CfTMrmPdKRhsjffbPH7Km9nluDyYmsyGs7GhCkOQHj9AN5Clhf3RgUVtYKqOAQFvW/1R6hn3GpdmfDfTQ1e+SJbEZg2VvZEEFjuWgG16UgxMlJG4KCCdFnBjiriEhkRpfkG6ZRKCiqbq2nxLg60jm+OcT3p+pKIIjejFKmrXxrbfcbGE3LcmE/3zd1wKiGe1HntElpbxIbBEChNLYfG7ltOiBzgvWGoaBHH6/ryg4kO8m7YvVev+vLjI8KlSG0r+KJLHxr0ATu1koLXmMruVb19zwnj0/69+uuoBurYdQKuVVk9g03ZGKVp1SBEkSvGSVdczTpuScDDBH30Gg6gzgwnbtImDAd30SVlvy+3vt8/cD7M9dkcKKf0qTGlLD5khqlGYJYifYFwzU7dQ0PPvSQNQwiuqJoWexKbpG0cFCVM8bmdz4rRwnzIUBUGL2egPtSyG94i8BwKnjT21+GvdlflBmSFxt69IqD08y0W2g+gi/OO4gW5bmjrPEKHaDvobyYp8Nn214P+jdMJVOzq9yZyK8wEDK/EX25rEnfXwCsyfsyYL3hZewnEowdF43QizyHM1Mlh8IuRnMUUu93oZ8uOcF63msLcuym/+4+np+Ev1nf0gSReU65Ws7ryqFz7Jl39x+ydCDh0/3/KCTgh6mp55IiAbEpMSo7AIxJV2Y15eP6KKlITTDcOyI8xm+3P+bPE61rHkW82mE0lwb/dSKt2hFW2d/VX75kbHnROQEEbn2Fz2gdJ1h4+Wv+czuZMAYuJWJMMkdXJ7QowlUred/Sapk/NnGqj4z2VCJ5miOv1WtkxE4k8PkavkunAYRpza7rN+QAe+PkLZOaMrkUGTre9dwxUm2RFEURhbmE3dVtiGPscDNBbpjRBjZXvwhdc0DeCvfd8oIp1Cie8I5gZDb35vJKXUELJF8yZfUf0x3iF2a2q4nXMoGa2Z7zaRLqfA/CmxPyUrkROTnn9cIDIGSR6KEuNdhb8j9td2lbPff9gEsriPBfAS2ZYc6qhZvCZx3sfhz1Sh1VHcE52k3YB/uFThWO1OoiPYEZ0lP4WcqKNQIZFofnKI2yNBDLXqgkoeIobvLslS12xkWdjjpH0QkRl5s22xiz1laamF1mITuv/4YNiDa+W544avym9ZAdqdw7hmvvlod7ffdsA7ZYFcB+qBREm0U5F9c+ZFG0NSc2KO9Ek/d8TfoK7s4o0yKswa368/O38QYGrdrOY/w/UOBsQ6izGoC4wpAoJzvjsyotGgKGeukbwS/8qk0sCBqXZ9FuAszMcl8d18Gf7wMHgQOmWuEMtfftBFBs6bB5so1BUodyahq2Zze1p9qwjXsw4wgbi2MLIeVByGYRdZdn9/9g15TM9yx4BpSr32BTdDaQ4bAY0GbltJ+eu5aDSoEPFozlphvb3E460AtYm64xF+4Nh/3nhCxufFRUJqvAELct9pqHjrTIG7jQ/hTbrZlAb34q/fs+F/w8mkbnIoaQLAestliTEVzxrZOl4c9vnASJTeYzX1Qothw37HaWQR5zXdKr4th80qXpNKvmS/Up19GMnW5V2zEAqOOy68akQWDvRM2AdCKaFUipwnu7akvmwvKdsPpv0E+IJh0JzHG+2WQN2sA4AFL5p9cdCCIysJHd/xRyCbNICzI9f0+cDfiALeBIcsnMOubJ/Jz9kXv6pmxPjT5Z6gXaCKDyNUcqt2zDqxksEJT3p20ScQD+7XTVTgvI86khOHbTDby80BInj4KPnoe0thl4yj+CSE5R0gMQqwiRFB4ZcAnB8mRzichvOgff/o6vnM0C8hvZMYMzb6GsqdRyRSZRypi2ajImlSQCSfwh2mEl9rJ3Stp0XtPfU77sA6K/XsmHuWJJ33i3JSszQ+ZRe49ATa06lleds8jix8Bj7EBmRFN66H4VirRoVgASoeP6xzdL0AZIDoozkgDQhuQC8MCeam7aWdLy1ZUAcDMMQwQ0XvTuViY/c9EyqIiOXUsrVfPr16TnMEXPov0RPT4U5/SAME9tZVSAHItBNVheVWmTv57nfAH/p2xIF8Cydxzfqv07zRl7utCVZcUn8IvcQBecIdOunwcly8NgFHf9Jkas6BaWsjjuoletpUGrGdI8g1Sj5tzy68zeHcJ2NH2sW2pxoRERxL/yq+7C5SXeDfJL/nl1oCktxn3cBjqWCzj8vgeu/xfpsWS5QpAiOf6bsf641m7IShKVxvyRT8l37YZeTsomexJUv+93suV6pra1GE9SNY/CsaoGVO92wh+lYKcuGsJqp4hoPOaH0pmOlWHgQz/e4SqCrG6xCk8iDwMpBG7wqR+2n/8XzSQZWxafeC7J1WV/hhV8pvuDLhPE28liYWKxiQIlFa5q9w0lnswqDAw0ghRrDfvMjqRfkqkpKfKFwGA+6WXKvDzOISAvJx9FGL5y6I6cz6CZ8SzAArM4HZqOo5i+ZJrVe/r2Hg9zoCtQxW8Zw1gI9qpdzfNr98r9taug/9AXxzK8jCPjpReUNh2TbPvsYmmW/U8f0PRRIibeQ0r/B9XBaNgq9+cySWnkWETJrxS6W483vrob2Jdq7rwDGeAEzU+yEVbV2D9/Kz4vToPMjhRMGAi/Ro2Pw6XHdb3cnax7nWJvSbRVVG0ouveNn+dBPFyUySYTJSJbW6Nsh3xV+pdlvuBYZxsXUNuF/ZAHwIB6FU0G0cH0RwzzTKyPe3/sm5/84ewv8RLuBxzWux0UOjQu37prIZ008hO9xG78+bSo2mc1G4WJJhWJfB+21VRg3YjFk7t/sfLoGasOALErj5Q2i+6ozalQ3/mO+qNLKO77hk5g0GRRbW8+V1E7nNKV5ilgnodnEjMKSFLcYAIQLW/FNJc+rn4aTQGTDQJcs1s9dz3PxGKP7M+/uSXIUeR5oEaih5dgPqKl7248qr+93uiwV43od95EwHFK13PI9l08euJP/9+DpORHCibowSDgrWrnUi85B1nNMbWA2yv0HAUO3bysnU2lJXZg/8YW9z2mDLq36wu6kxQ0gGfva82MzGE4iY9L347EQkVokh0/eJ2Bbtz1pgPgU61KG4JCqh5MPfjgBtkk115EfgmX35zoSu/LZgTK9oQLMl7ZkqBv9gUi7QFNawtcvYdXKBqNzoqITbCvhT9PGcHHtRl9d0rq9KPiNQ/0i1G3caB0R2sOE6VFQbKuiSgYUe0x98B6jDGIAFnoNnbUzBWytMgWODRMP3QUNCatK/pshPm72Jee3Ho0uQTOcP3n7WqXbAuWuIQ3q+68gP8Sx9INhWfYJPfS2jViWRyLEFs1vy+9BIl8L/aixP7VW5GcYQwyjzQsIH9T884qduORjOwEqqqDTF+ZO5K3iO23h72vPSpHefJ7iiR65yfnZRKPf4DaqKpdhWbj6e3NdR5CuxhJTAJZ8mfmIoLR7C2O5pt+L8PQVC7Mrkp97z5hQZjb2WlU8aCYX4BQjC9v9diYC29KAzUH3RLQPPfEyvuGX7/4oehIb5Gy+Kgw/M81XOeAO1A+56zSE361DA3vzbv9y5KuLhK0rj4r6f947f/EVcJVgI/vqTzp2efO8BkOaa8ugy/rQiBbiohLDfqmfPH7R5EO34Z7cK6bS9/I/68Iq+CjM2MATsgTQXlD+yxCZZ6U1uLaOwXpGEY7hTcXwgTzdoNicAMfobNRJxFzF8HB6N/WfU3zdFD00X5NdZ8QZd4l55ifwVvhn0betktnPg6oyuN7vD+IqeGhpJ/RUtsZSr78IPeu9jncPxgw1xMf83A0G+dILK59UHKstL7q4QXDgokEwGL9A8LW+EjsskpsiTUb5bmpnl3/WF5qOOEUBmgoJPF0BJXzdu0Lsrq7kTXhkJU7r4u6gzn5p2CGB/7snJxIKNwfVZtYOiI9SCKtg9VTXxHcgatuT7dbLi+LjZENNOPZ6uVd+ccy0C9+ZqegwHvY9rYCq74w7iXXEwt6AMktXbakirZXqldjkcdBOPlii/Zjx4j5XDyxexjyEtT1pZVhHbJdnieIwTiWtGMviIZwKf53QzUMhlPHhl3YIqI5x/aPzkBiZGyrBiyYZ6vo32b2zw6dUafUxIMpAli+HJqjgfi21n4Wo/A86qwuwQ9/FEzNERzJNZjq8Ml96+fkFhMV6/f6/A+v6J7qKWDKCGi9goEYFjrlY+iMwwOmaoSg7ZBcIRXpS7T0IF1jCLgcCyctlgR+RyQEritkOyhdro5bENl1OOFibq/CiVpuNofJ6sLvp7x+Mq1b+kpHTQXQlzGXNubnGW/VpROnov53hvXnVcij4tzKzyI358Vc0/+wmFmbdipfMLiThbzHKSvI430H9jps2w8d9+yEZ8/dcbrb6rOyocgmGH7sT8hFB693HEUekCNxxlTr1qYTwNyYP2JJckPauAIKANC4fjwYD+b2AAbVCxv1xyvKALUqUDn6QI6iyBmMHxR++F79fq1AMMJG/iYACrneZiNPgnkchgJ4Ec1e420+kViMcQdSnz/g+/iT+1GC0XKqALDLD13M3ZI5E3VbZTSvK+Lbs4TgC73MPmGilrVCoZsR/PjFWnLqVWaRF8PoieG7heisJm7HId7YhqLhljW3Xh5/MtIbHtpmmIggUqN9UpXFd6aZHajiGIxryHQMWP+hkNvkajV/CqrUcRFNlzQv4UzP/e41/m6mXmpQ3QRLyuxdGwQsCGmUh3fXxQwT+e/YX7VQIg35IQLTBr/JPQhXxU42TVVAxOkEibCG4oPnZQZk0fuKMl2eF1BX8vW4StrjxDjvE5BAKNi+4VI+zdbvaa9dFV+TWf5h7GX5c4Hc1r3kfK8A3UKrWCB3o1tz5tfZHOCX0fCOW4coxg93ReikSVY7zE+pkMjBLRyZ/gghZma7IHvkwxWfocvPBBUtrCiCxx2W5/rOslwwyqyb6CVSjB8P1VogWljX8U07fAWMzLJiI/2nzbS5UohPwLmQjKENt7dD0tRs2WZpk7rvy08tm7z39w8k5K39+fEyS2/60Fcbq9WUFMhU7g9anNRyZGhW4op68ZqLAZBh+Pr3NsmXQreHYcgbeBnSji3Wz+GQV9M2I8pGcc6YIJlIZz9IQqGvj/J2U/aXzzzPdJsKmTxQK1ecNA9kNfB3GTrWZTPxI6BmZmcxmk21w15XcPweH+XAPw7GLQCWRXEx8sGgZDkKCYuLfh9Qp/kLKhZs4Zfjs5fjGJZ0YvJHurmjL7o8Asxga2+KXlFNImfcJxo/oLMIIQWnd13jxnvWeCTEQluB6tcd5FRkIOiY0ap7NFprbb/kz5HMX+mApvf+kzO8SNyxBJ8VzXwg8FM9dfEBBcMB2E3pZGzb1RdbhjelU2oxd8JJVP/r2LVxfRm1zzJFqD2Q9T0M1yvzrvLWieM1xbTuwPSxjY2lTDHJJPij8ZrUbH9R6OLayM+ceu61TFC/6svMk3xGwdPuFw08McVuMVECoxM9GmGYWpG6AU7cHomI4oucV0t2BHK/O8U8AP7y0dJ/BdOic/ZUa/dG5iR+NBs5P4hLGb62B6aGVC2qssTqyoxuDeRO25yF9P0SqszEmvvQb3a5PBPJSJRS4MOXS5c4ewOk1W8AZVUTTgAZxhfqoFtW61tzEfDDrQcCs5dh+lx6HZZPTRKQreKC3OcsCBQKLDMC6RHI5IIta0EzzuLPOicFLsSnA7cAYlwI7d6LUAhqXPChkuwOBvy8v+l2KPC3pS/OUKAKlhyixsIzjQvqOi7RHJ9sfhazI1z92POojbxf0N8KYZzBBCoe9x1BoUYuaP2MV0CkyqD2DUm2ODO/V51Z+V1JjioHKES1MMoSSpL86NUx3M55/XTH1CVLbpVkZFNQmg19tVlctot73SK5qGeGo+LHZ/lDOwJvBtNvvyu9375i1lURxnPWISvM7cm0cFaIjupAeahc/g8u6UH1D6FA5pTa7ocHgYqvco/ZIbE5SskGNLEJ1+iYpdccZ8cCyezgQEMRVysYdl16LFyOgdUhJUwesxeejkOx2kNxbU+wygHEBeTkHll+8TD2oPwxBC3X5N/ZQBcwOua3z+dIz4KERqzWPJevERYQwsEB1+0k4CLK5/0SlaSz0jfRbPuqKoHBqlnlftW6wECV681DOTsr8yOe+68bUKfOleJRhnl2l9hibIwU/6arP4xIBb3vV/0wywpz+1TclKxX+EWzGhlW2sVNhJKv187odAWKyfydu/8QA9HK/abQqvlkEkrzQ6PEpNridd/FZ/QATC+W5DXSLZ3jsoZ6bS6uF6OH3ui0UhIiubpVlJC8xpHKmNvrIGxgSGUYlAypfAR1JUDwPNUtjGkSkuz17PAFNqfHjhpcBDLt0keykYObr5r1cZyEy/Bi5fJf5UJaSD3xatD6L9vgecvyuj24SKSD4p6wkdLaMR2i05m6ob/TLMKMjoxTSj2TAfN5jZwuG1zSsAIeDqMnbfo9TjNESCzukmww4qCw9ADWgnrx7010kq49K/v3qQq6HSZOnRv7+GVl5oB2n7bbpni9AUMhDcQOI1ff78t10Apj7Rq2/mvMyIxEKqs0OPx0ttoX/idV6C/svyOXnXYzyN2X6epg29UHj/oeoqMUWL8cWpmwg6ptBIFLWXfdRVr6ZJJfSV/ftHxPBPE8ylbBAWo205mW5eGKCxf0fiwaluWOGsDXDBXXmc5TAG+Jpsfo+58btp7YTNfl7z1bFYSyPxlB8fR5PZsL/bp+L+EHy5VmfrnmDaNjbWChmERoyiq/uIlmHIsSpVMVEaTDrk3JdLLfu8tWna3bR+8ufK/PiQZ8L9EQcrns0n6IV8TVSdGtmgGeOmJtaj1RamtS4ebjey+QERgQN+dnCuEotRdFO/VzfPUJb/sJtKy0l/QKxg4QfzV9APTzvBuN5ujWw/f3M37HAL1bGKtmU6Bok2Kwv7UuuHfbN8T2USOxEQq1KyaxzolERCUsevNA+6Tl0/7p5bfpNdgKMvEFRkRLU34v0BKO2bN59egP+ire5L36ThBlx8ih1JD1lGtA01hXPe1PKgIgnBa0vu3LS8w3L9J5jmh/PqOBqNSg/wvM/8yJHQC5FP7INbo+A9x/71OsP+abhpicm5GnNY7bjvQ/kUuqfFpX0YKruIISzjses1FLGfsAv339XSdnu/EPqIIpWgu68LjIBcRqotCkCJqbVaFmk7DcyXQqMwSOIpzGC7yjKFjS5Y44JqAZcCc8PUVJ28AYsc2bRquJRg3I+Z/80Zfz14cz2bE2BrFd7t+b/mkJFP2jngNX4NNPo83VwN09cb0crOk4ozt4e9hG8YP6rHGI6At5VKxPED/7k6UtzKWtqicNziOIXY3whcbE4aaqjt3fYsUuBH/wQYdjtsLkTAttFfd/3w5Hna6mKG145ZoCfnc2viEmfRESJ5HJt+62GKAdEaNqEtvsNh09XjYLFVi53xr2wPW2ayynBSRKabr5uQBIkhL/bHv3ByRvHmOWZ/9QnJyECCkRthQztQqTDhQgnX4hwr896L2L818cdmlijH/RWGxADMFz21eF1y03+Jo17SLd3Xbf3jlSX+5UljAmoP8p9DHF1AtdfsOg2JaHJbXEgPyQ3BRVYmPgzB2zCQ09u0T12c+f9dEX/3r+zIyJkZ0+4V9hp4RqA0U67X1yR7NOaH5Tab3IFMfQrzMH4+v1Z+8qqavM0IZgAP/wZrhF2kvlmeHwPjGrvzg/wMAZcm7Mc2DXjIwfFKE2wDXmp9aj3CJplB1DMPKFatd3nb5zVEGmB32u5mnO+hl91edaWzrII6gD1qMj2hFd7Q6suE4TjuvLDNKDk1upcjbaI7YMNJHh0tLiHs0Lru6zP1kNp/tX9VGXpY+Faig2Fb6uSUb4SitnYHZoG6zluWfjAIrRKtXkQC9UkDzIWtAe8d50DQ0rgZaeF915UAuaS83gdigTN7SZcsC+AZh/5+JciLXyWPEnDzhaWeDDPHn6RQVRXG92pOX7/d5EMkJyU76CKtXEqFLj48I9FeUORkEz6s2g4NxtJSlzz9OVdmN/il/qcMDuy+QmsglemePhSlH1os3n/Pl2fJPRvno+OhXOfl9KRH8riz7GJlT3iJS37G3Cx/LL5e6SruDEQ77Cq40YAsBvcrX4m6LDANnX3HDwUBAJ+QmZhPmTMQfRLKizBCo2xSquNxm75PFrQKvGQqxWdpUjZX81X1dDXmNHovHVCIiJ/7+EZudNFUwiXNEhkVQIMGaenKd2hNL8HjHsInRnIS85c+Ir1ESTNiu0FEKCZxTrZj5asn6LVl0/2bMYDEGOFlZ/zKD6ygg7BIhTRavP1KmD6tbgaH+ErL1p+dUbtIyKJPx3JxF6SWrhjRoKHIJJ32ia85awZxjlhFUrzzTgAFiMJnSTWzvKjLkHJVnxMIA8pm7TWG5yBt46T1O1I4XX4PRBJqrtxO56EEreS6zawlyt+GWLQ/zecZP2CN9UWQ+JPPjB2Os16yi39BhXnKI8JDP67KRM4rYy/4vDrcYMjQFhsFyh1aZGJKK1FvDkc/H7XBkT2AJPXfxFEGAVi/hdUSW8DyqzNX0fRsGu349L4CUXK3ZGttVGd/Byr0S321pPvgxpepW0E4ZEsvJnFPqAt+whI4onnSbnhdGmbNceB5VNJAbx6uF9nmD1c9++eBOeWbkV0ld3d/fFC2hq6KFksYeHc626VdEDPQ87GBQ33cfwTID0Ciy3S/Uy+rXecHPkpFj8MlXI2sXj/EzzEGRztOmhflJaZKxiSOWclK98a7xxD4pI+12YjVQPEdAN3QUtEbZ8YxFlD0U0O9eI+HnrwbE5BHikeULNmF6djIM+eK8DbIRiD5F7x1Oakp9IRWrj995dvzUSRbyQzHtRXFUu70MrRWif31EMEsZx+vEoAGlH8K0UNef9A/XvZiHVbqRmOdjdqHwS62E210vtf400Mcux0IVGpfWuf28QDgQiY0z6Kv72TytidfHz6z98YBmYyclINpySAwgJ6i+/A6/HLPMRTfHdQt+ctka+aInhIKcJmekiGEO7BMYRb3s9CVsIwQ/z20upf0Bgr7gNM1PvHslR2LSl1uk5T34DCikxdGSiKTvmJ41OXC+pFaRyqgT6twWnPEAi3TwBRf5VVET5nFxu5VHRWx2vFGVjG0+ECWJT8QjrtS/AuHghjJecq0h5wBmuKjm44MOShENRJD4lfBIkg0si5H1eEBW4uGli7QIMqyyY/jzeSMm3k/5xEF+zfPYuIU9N8es3euiHpckQfCBde9CdfvvhSyjVexwEYOAklltJ4opxjpMIKeRHNp5aPNspDSxuVo70jZYoY7PPLfhPqGLbb5ELKz/YTnqi5JeVrt/VYSkyQ8N9Qq3Y1vhvqQg3cblyG+ehjv0rj8gUztDZGR8fd/IigZErPgDZbjUQaJ40u/UrgHBPqC+d3BOFq1VZ1qum6As4XNiQtnPoSt33hfSjzLBtOVC/6P6AP6UuP0vci/GHUpOCDP1k5t9l5RuSape16M0iHed1DhHCn4i1uvT8kVJl09/PnFuJyjwppYbVvtibhhWiUnEty8ncRQM4gs/YG1I9XehU+0YRBZZxkz1RWqz0fvBO6aI+KA/PmWW6k0937AaUB244gGgMd4njSMZQIbbsh6DP1KaatTlaHMvgOECkfbce04zob/PrE7AROUifcsjvUEnDewBKCIXjx4cspk6Jv59NxAyPct8WJ5Unhyh9c2Gvy4vWrXOCoPRLifuwjlZZ/9wm+aAvHqQ8Jii6l8Vo+YLnBT4KIucPQWpKkdOCH1F+ym9ieqFr681lf8qsOEvqBIMHhFPwRuvYuLJysztKdZ+t/5eND0rSj2m8MLHhc4FqQuPKLDG+UBO/fVInBE6GusMB4GW+avWcxanbvLvfZQCRjporV1/edFZKMnHKzkk9KKP2JLjuNkqbQIFtWJjbDMcEhtnymjJe5MmKtUGFsfY0TB9YhTo09J+W3ZJZTj4a1fIBhwrIfdSOdHaO4bwEPlyNvNx+9IUZPUjMI3d/6hW8wwFzUajdPqvrTNTo5d7Zu5Tcn3O2Mk1MIxBpOJllhZUG4ZmC7dH+HesLMEwTACfbtmD8p07NLkdTl42QRlJctqTUQ+My00jx6fFr1WHpaoYk7/1RJpq5ReKIA2BhNOnIxeQdSYEc0KyGpRHYLuHOJex5sdBfYI0+kLvKYZlStwvPBIBIs01soLxhLWvumebAdaZT4+vrvGhF601lDT4rOutPfhVQF7Y8HoKaYXWm3fWUz+7GjoB5bC0wVbIdBSRmygQqNG9CZ8m1eLjpUl/08S5r69U3eGr6pUwu6KiPT7wg5LOuHqjD26bIfPf/czzTAPx/owQvePCPEuW+1dSUOsEsFZU8dM39FM+oyc2BJbyL1sSUFPQuhntVIbFCf9VamC2QSS3X1bf1wnrnMDOoK65eE7/8ajTR5UDBTsZt67z+YsL2qQQoAuteJ/hc9XaVA7TVwFzssVyPUsHLQOGrOaLz7jSZDwewg1hUaTJRBt14n5BnsmXyoZ5K/qcOXpb+ofPTKcX/HzRnx8PXOA4Njtu7zmxXGE4oYnZAjY0Qbsno/dGhftpnspofjF/koUWTBuK33VyNtO5wRjd7XtkmmwwDJ8gsmC6INNbl3uOzEe22Uny1xIkkaYjFuDTcwuzzCrsUR75OpC4r14HMy+IDI+yCo3VkLnq9Fg5+XQ3dOZytNgflRkX46ZkiA2CKvJ8PQZGCsCtWh69SiisoqL9Vy6Bun+/DIeVRS14GgCErrmA1wrEo3YgIqp7hji4cO+1Qrfu46ogeCN9pyUQcIu6K3hNIAyvg4a9fZqznK1ExfEDwb97sEvRsMa/Oe97rkEjGUXUy1Wxw0lNlwaENJEKFWHGTanTh+xLNAhNLJBVnIfLXX3yTnL3X4gLQBYzUAEX50CaGcnuFCx+ZYi+Xv8VLbDf59yuUodhX+fGNj/0ZuJbGf96W/avaTjAhz4xjS2uoghJFxMPsBDwV0LJ9it9fID9kbsfQYBlsygH2yLS5WpVdc2dsTsuQdna8AymDlWUoBWzU57A9plsLjUeL7Z4Axng8fHi5wut1Jn7/fwkd0pXEVHPTTN+XZsOg8AvODnY/Ajrtq6TdS6DIkFQSw0BdtT4WS9JZP3N8uxEwysT3i1wSKSEQyt05+hgdxGPZAQuSrq8xcckfrqEUH9QTIC7LZz2wYQWj26k+Ja315UVgVD8adiGUxCH7QELX5tZGpvq8FfD0h45hW7ga9HIf7ri7UWvO6/YarqiDC3F5H76PTaSp3P3Z3g6rJ4q9ePxMuqjclrV16RtrcATptaMP1ju6YG4u8MXL6jOqBNbDpJPae9AoQNvZh8SS1SOEaSeVNXsxpFAj436PFOitBTZRkLLHrIxQ/FLs4Fzaj+ZWVHOIl2ob0wEITxfapyWAYVnYWxqH5UZYHVXp446nCpf541f2pk2xufZ53qhnoF6oN4N1PY1RhGjFDGZY06wHE8mYL0TRME3U0wavvCwGMplxjaW+yG6rY00jz4VabbrdNN/sXmhVzS1B6ACB7V+4jQ7Tl7VAY7dWb1u/Wl4nr3KOcpnO4LxX4QFmBAevkZwelSlAUQ39Ykde+C/5bwQ60Ru9CNWnHFG59SiuZC5meRs+04qrdf4elBP4fDor/Gqchc5uu/0xYwAPbBQF1qfvTozhq09gVx6PagXO5x3zp5dEObe6Ak0Xmoe+AaxpJYX/aDPfu85pCNtTWsfBI/t5bXP1ch+wOTmNq8m/BVQ2qo5vniNz6BHAwbc9MysQRIKBGPIaldSYVB0pWznts7d1WPVR++6Smd4KwiME7lgbOHjXInLCSX9v3iHyJcqZBh8n5P8ll8LySfV8/dgCn/Z+KfzmJi+/f63bqZ7C5N1bUyDtH8V7OxESHc+EzDji8EvvJOe4u3oxZc/sw9DlyOnQU1K5rr+nuFUZ3Ul4zRM6Uj8D+ZsL/pGyOKgT6nXIqqpv1yH6DFT6NvoS6XN22CsoFjeSf4QrX6NZ4Ik9bOeTJAHz+mzt9I9HI7yTf4MF1KicXtlXiCfTIL4SbWsxkGbf3NAKj4K6YUHtryKA8y7K0iCgP8KQ+frAXTsowrHwRFM6Whlf0irlOSXkIXX+ik1dHw5QeRnzaEAnaq7EokW8P5ipzC95zfqbzLZy+0Dv+KwIY3145QrvK9eWF4rpfzamHnW6u09mYJuLxOfUhP51q5Asr1CgNTO4jC19PIxIz1GcS3hYFRK3ao+WZdJJ2szmDRGRuy9+CybdQDvCr3Q+EmUuybUObuLBYgMUTEOWGAhsxpg4+0E+1PsSsZ9kAxhmb/mS9AfKVZIg72oLn1POIPySIq7r/pxzy7Myn2fP1xTg4CdEoM0zS6xf3D2ltc7m0F0IL7qoYZvljTg1E7YHw8mzO9lPjRkIlPRCOQ6i9osHMlzSxZdRD8FgK66NsqhwVgY6r8O74ts+cRQXvgaifnrj47JicYKMfjiX5cIZScI3mbO80LGI+PnnuvOnneYr5uZJhMbImqHd8u2Nvg12yhLejVn3/U43xA4UVmxk/mkL+oXB+dgvnNgHwKyXWFpErLy5YQGWJM11hHIKVgayhxXYfyI3kyCOpXwK0rgf0Cnl0ZuZxci7bfJJxaBx8o+gt8LzUdQs3RiDk5RxUMf6c4kUvd0XN/91K+MNB3XxZUvwczrnhEb2VPF/eb8x2+uJ5SYWqDyl7IXr6s9K3JvhzMrlO4FC++njienSjsIDF1lLYaz2rCaOw3zD/BL9QRPxrI77nKva6qyi2mbWZ2N7XuzHGvBMgIeYxQoRBu/Knvqr5eXLDnld1spAThifoQZjPjGiXExh+Kt+YJVFxxgmunIEcCy700W57X9++KKUVaLFfpL8es+7nv1VYwzBYuRUgORDitwQsSTzUHsWjxzgmqzrPTldNaJvslmnrZjj4j+kYLZeP+cEwDrzvi7iJF6+/Kw23LszDybgyZQG2YG4wofHSioegpU8Nv/PqFhWrz72DXnKpzqMH/x/AuTy2q3mmX8hV8i+azoRmK+7yXsJdXC3ygcytomhOMUxjbE/YvY50b7lfhgnZ3bI5O28d68pqmum3oErZDKx8SXdFdN7aN81risrYVjaAmxL4YVORh1uZzcVOe/fciznJ7MqqSfSHViR1/HkFzbEFd+HZb+i575H2Yjw6uKOsWO7zoJ1W5MA3ZqvOXLMcpnjLNVVedegmMBgTOWnVtQARMkLLQuP965TQ78H/uWGagMtBFBZFsyoUcwZitTlO7rRWeqO7b9ontEEG0d3eXiXS/BXOGevyry0dPBJcJ6Y4kWoRiEO9S/6eCyrYIHFGXlpX7v90P9NK/mN20MIje0yKhlrdPaU5DFy+HFkRNBJeDE1KUuhoHjKBDUkY3Ddejqv6eE/iPwvxLc1ejILDq927nFlHOeOBhnxgJRTZBFpPg/ypUIEkS+u/2CNCWL0N33/t13XoAKLhfs+F0+Q8z3Jjgvajvt7aZL5LP+CHiqBqv4/Fi1R1/L1Zeh9z2Pss0+E8OR3nzRaVm0a/fqF9dYem9bEuAz2O/d8cdodNucE9h6GQEqfyUOtg5M9lk+d8DaFqSukcJwPhv7/A3mvurbZg0JeIXSzt+TmWgwJWye1RM4ePpwjDW0k68Qj7lPyY1do1i3+ro7sFXJ3H/l2LoxIrfw6aCvgNif0sAV8/qpV6YpsWZVA27aXcFfqoTZNQ1GGrFs2iJNqzlQlsoAS/O4ocCv1/a5P5S5xOhKUXxZeH0xrcG3fHLUIAF7n+JfwYAo7MWMf682gWSpmNOO0fk2349at1QK+y4eVFn/nXR+BmHEr8UIcTmY9vsH9XkxHn7/35GXJuOO1BiIdUbBKZlgRh+I258NX8NBag+y/1o2+3fJ1pdhduvR5tDAadLWFvAJXdddygGdLAgPoTA9viveYdn7/mVsgr9koPaltKYiUXytsmAVIv9lQzqkvYApZbkOpMtCG1dkk2q8/dfuVRDR5xB58MW+HMF47e4VKri3WaIQaz5IP3TDqeP4AmUZ3wkRZM0Yu7Nr6n5nwOH+bhqACVfYFSzVs8DiBzL5ao1ns9ZfFTSQGFjW6Niv6RArmVMz935Rjfk2tgbhBBFY/WaTY0ym9Q4nHqP9AoNZG6gxuNxPSV7kBvv5Jq5bvrysst5cMrc1jeHTf8dqrOPv/nzEFKWdkzOu2Gci/m9SE/+rCHyPzpfHoc0nofkpqF9WxtWTlGogAChwHsufHEz59dXGueUUrwzatXCwuAGCVjpBGvXitlL62GfSgVjFlzp1dT0GpE0KTZ1q3ynkzsBHW9HFK+YO5v6L1ohS4G1qiE/THHgPFK4QTh7wltnhOFp1M7s/PMWv3fS0rRGNLlFt3tuKuud8wWXkM/PN1RIDFc7hHcrsX9Y0SBbyfOtsRFF+f3KPPtyrvwCoS4j3GTULLxLoOBYAYG02138XM1HVmCj91L/468O8wLccvkjDCK7Ns4r+Cxh1LyvuUafBLUZsjdadSxv3+netGl73MB4oUcR8VAAtqSoYf0RMz/My4eE3CNIhF5snL2grwCA9DXEuY+KX7ztIRT1jrU6QyBqI+/M58ciUv7l6AGSBkqchXeS9zQRymAtwUT8btqwYL/uWn+ikvvWD1fR/lbpi5X7PV1aGzjnL4t7wNIFjjzgHBCN+k+K19lNILOtK5ublyKYhB7f51tox7gYzzMEgQHUAUy1IR+rcq6SBq89gdLWG4eWHrvgJc5pzoHW8yqBoMRCFor1/gUEWHRH451gcESmLWaDepJxsbpVD0+l5uRDfpQo6f/nCXMd4YIPO61Ksv+5+SdtJqc3yjli/2BZXuhmU6rwwQqMaJA9tf7WhAHQgYD3VDYNE0/e4fSUQP8vvoLpIJzKv4Nt1wIP9CzBoAgZzbtOnBc08Ytp22EBRX9QedF6Nwc2zEywyMvFyjZyIxF34ML2ZnAmD5Aksg+OcbwSsKVGt/hB+7YCOiQFiLzIwbzRKPvryT6tEeJXotZPqtrtdGFC4uqeoHFjwCz86DIFzpARFI4sk+8aTmqPafoN8sQMloA/y4X0e0BtJQHLo2zrURQmuNBry9gtfLQgCLJmBSRdrxwZZolblmVSSJ4q2J+nRzggJuc/WwZssPyh5XRSGBF3oJ67okeR9WbkhRauUUIWZ2geNPk8+EiGMqt3GJGhkw7K4EGCQEet3wJy7PU73N2m3WPXq8/yECUG1gwybRFFHl9JYT3Xkn3Xz8OJ3q+PBydX9sMmQN26htMWy06Z4kReDKzmX7CwCkH+PHSINyqT0rXnXaZGYfZJ0fBG3JukIsbXQgpT4CHz5buZljEHI3wBABw0t7wYBVfdJVA2r2Aen3v+UF4XxVz+VlAm2wld6RMlu6llEFoN81ghnHeCmjCHuS76DzGO7IWDQ9aBIG9Dx2gd4WXWuFp6ueXvsL+BeRsfTzzamXM7eROyOUu/CpYeQ0VHD5oSYimayf8XvhFFmNZvTZpdI6W2gnkaZ7pBnEhoXl3nd/hJ8VTTBi7+McVnP3mHa8oDvS7oqegPOuNriddMOSAxEiSjMSUoMGHtNUuvOwwQC3dbqGs7Lu1YOlZmXMEwA+APk9nQJftN0FIRkZe+ZjaUgTl0HNujPhym6YChisAne+2ntTtFffUgM+xMbGygUSMxploYOskQ1MsJAtlALOIW2EaD6JV4kGdIgJCidfZLKYvUBc5pEJjBhnBbcqE7o5/OpHgIC8QrZMMhvYVnZgeJ6TUFfxqfDAKQcWFgKWq/TP93O5guT7uwxliEp6adX5S/BxvHszKj8Z/gPP9PvfZxrgg5N5MgiQeoa/NLTWYkQa55YaUUC4rPkPYtW2XvjT/z9RXcvkb3+rEVLIdJMy+GUCWyLbzRJ3S2lGqgf+OJK/3SPDpwIUMe2Xgj8Z+pE8avR/TmBJOK5uKSgmv5y/ECMaehOmufDvAiTlZ+/gX5TMyn+IdffE8Q74Syyv85P4+IqtPCLGxcqGCHLQjLwU2v8KOtTZqYroN3wo0sm/6tIyIsTfmHrOtTf5mX8XdDazstaN9WdxheeAupt52ucNgxyEVRQ+WRBGadr4TypPutD+0EUuK4fbNiiwSXsVtbNGMRkGpj7gBpMINHVg7QxnV3lVwuT5EiRaYYWr7PNoiBGrfT45OR5LltJFadIKyBA6pNXjV5rSas52sMh/pLz5ZFDSQ9ifV3qCjfveFaQlDcKtjEIRb84gQK34ogPeWLue9moTxBUZ8mTvmwTxwfTBDg/ODDJI3H3EAo0hqpVjF1qRmBfyUibv2ntwLC6l9ISqy1f9BCopb5DTQryNwDKTN0H6lzei2WXrrZkk2YyXSwZ55gr5wrxvSukCfjt5YJuwSbfWieZ0HDtgP5V2kcPHTrxg/EsnM9viEkQ1hUX0FX+1wttL49y6zzVfppNhBlfPlDavJ9qZyjmpn001/vWQuDt9/3CmeQHpnnMwMiEK7COaPMqc5UPrWIf1y6eDuqkFMsD6AOqZWOVq18E/LEYzU20fUpDsXg/zxVe+FLMklKral07u5gQ46x+sT7KtiwLBNnohCH1w5B53RCC3Hf832DChNEyEisOt7tNPONogIu/aU6ZBT8nf/k3UeEsC2dqufGERP/qX+EKE/WvNHzW9PLdgzE9kl5e4BRamuu7qMUIQmV8KvpdfeKgav3XeI3tzX2FF4lHoDGPPpbsR4tJzRxAPZDchw0vSuWTFDrTG/AiZfyX4cjMrzMneu/m36hQ3MsLhuIoowHnZnBaXlg2JQT6+Ucuv5qQfT9Liju93sgbaqYQmPfHqfBUnzCsu6Spp3EOpC5pPHQ+yI+39QfIgwD9TFKoUBIg6JBa6EPrMpfAB+x6CuVApWhQKYZhMsX1HfY144SQJ+HC+S/gGixyvZDwWjF6DYdefbBDDmRWF2Z+o3h4OmXhCVhSYYQxUFSKr7bDlioY9eoazc/f1/rsUQMl9Zr/wS7Wy3Y0br2xrJ5Swmp08M5UHWdunMcOEISatgOnRreLfHWV6I+MUfkmB0STeYTfj19LiZFzz4eHR79CMY5Sy1sB/jEB30IqCyEeOzc3jvg8o4AK0Znt2kUh21YyX1YYXJH9MWXO7POvl5DYhXuJzi/KXBZIGTgRG4+/3qzPHg+Xx47wV1+PvQIgFx0KvNLtpA1Q0ynH9X5/o9LErwbjC0N07fXlInCNw1cfGRirWr/QfCX0EjL6zfVsVgd2vV4ARO8c86/V5sUwzBoaH9U4Za9OYyWq5TG33JwOCr6YGfPdKsXh/eseGpmmiEl7b8pisDv7U6VIQX0UlnQyWhX49btsZxHh+uCRH1YvSX9kUZfyMT0k9rf+NVPAxvyZ1SNT083C6Q+ZlYQLIlQWhspuz1NM9iBKM6MZoXU3RY9qA4OsO1xvZ5SEx6lCe6C7TmxbbsqIHcaINoczkTSmGEpi7MvnBke+HWkHlv/pBqunBRT7UFCvu2WUmWRYGF/eGwv7PhOJtx2EaAFIvH8D9jJroJzg8K+ua8rna9OieKtDKfeBY2bZ7ULEGnWy2NcQNjfTiNMyIlRea9nB2pIvSryEr8t8ttKeMLZlXianeBIPk/zf3NW/YuhBwUGLN11JGGBjh7IFDQCQbBUpGF6X6Ob9xao56lV9lKboz+V0TCcLGPq/EetKNWE6iIWLVOczfj2uP15vO3QGgQYNAtE980vzDZy6FvKtiQqNKp1nweeJQv1U6gU688aP7Shjm/Q1YCMEmTrCbyjEz5naiwSOZPSgrtDNZmUe2AgO/LqcxlY0kr6AAwCAY8N18a9W7BjAK/CipX4R6Kt5bduar/93IBFR6+FC9kTMChjttb0qJxQb+PvvAybobxB61Pm4OpCs5pxWXTwjvplO6/4hELtAwY6zZmvTqvIjnQsxBq1lellfBOCcjfsRtbF28s93gryQpKdnvRsQFbCnVlsOO9HIwfw/9t5s6VUlSxN8mjSrvogyZsQlEkIgMUlivmOe50HA05c76N9nn4jI6OqMyM62yt52jv0CH1i+fA3fWg7unYbFmBZZ+5soNnPfJOMTMKU3K+7NrEn8XFM49C0b4t73nUd4Z7CssrZ1dgNVgvGiK9powySVLUYAHpoFjru81srzgrHT/VUgiYtIAX72LayI5FoQoHtE77G5f+hyhc7YDBx7tRs4tQPMmF3kkfZK6oo8nmc14qpPEpFvqrKfyGTg4kN9K4KMcZ3C7u9Lrr5iusYQx3s2dyDJ8irY52JqHwCSP2hyuy2UXwJ/H91pgq6f0zRxwytK9O3tr3IrcdoguRWKypVmDKxplqgiz404aOm85Qiq3OlwXjQ/pp6EFViS+u5S3Pe4xcsf05Q33AyjSSrpnq++sk4pJSq0QGRK0brhi83ehLBk55Q4z4kM3w47P69FpmVYiLI3bpXQQtKw2r7O1ulx4nFUNswBi162wt/01iVGCn4tcpao1dPUqUmKp9mubF637zdvPm+bZusMWbpAKZEikO+JJGy5++TAqIj4Wqssb5/sucVhsGhXPUZ7j7S7czeHCFu1vgY6KSumXuXZKdBM9uZfxF5bVjy+0s/kfC2eUqyzkiii8+XEy3k+AvB5lxN3Yydflu7wRKZzd9/U+WyYz/MH9WwusrkbGkXycC4RNQfQAEk1uYkMDC7E8ScdGjoVO72GkWbXB1yzOq/Pe85gt4Z6GMhs9R6XGpkSphqDtzHXTElulUwqyaVGaBpAVfJr104EAogHq0LwpfOsTYh0Vyri+5okytvg+SjTq9MtmChnnUR5HXO4xoq7utA+2LoPp2BC5p5BrtBJn9z3laWb8wUuyBgkxTj9k1POM3JqP+/cuVTs/elEiHh9gwi6omTgL8Wa5T+BwyUEO8wmFRctFtZPNlkXEbdz6wYiSYUGXdxZYQlAnArDJOX+dhZBq3CgZzEOP2DlgM8KzgTAlqYHesnERmJp9tWz1xUnkxt9UZsze1euT7HoOKGAzItnEL6g5nCWlLLFhVgynU+E9ozuYOZdHPlBzIQohZhnhmbH23z0jkh8ApT2ZnDU1HU9YcqBzLuIAXo9CwgVajUyM/HMPN6u+GbfFNWInN+ntbBeeKbQ248njEzc084gRpqJLT39xqpVkk4WX353tjwzsEdWLDK2Gvhk6D+shtT3VONOdf2eBa7S5BMrIKP1jq4V1o9b68y0Kr68CRs/zavI9jfD9x3Q3wDde/2rjS5+A98tO0u3q5afDmANYg3TikF9Q22UuF/lUV48znZsmej84EZT50fRvLsuwbpuoKb+sQS3C5af38ErASbx/f5Y6xaU77gju67J70axgofBgLWXI4O30emySdr6meGnbCfEK5zHWZSit0ECYOjeXo2DlQx7ZRueFeG7ZqK0LfOJI8WTP9m3cUTgTnwsC+IZ9fUgL44o/hvO/Rt+jpt6fGdbBK4AyICmGwQdSOv1UT3CGhiGHrfmqB+j5bdb+PXf8Eu13KKmisYeMAj5luLI6X+SR6P1uEOgyHH9ycIxPe6RzHErjbIkHf98zxuO6+RX3zASOp4I1xyWS1SWPwTsvzEkC482d615pWLxonBNCy1HrM+U+pdvv8O4ltFRLQqT6P29bPoxbZKm9srrH3fPfTPVYQR7RcDVH3Wkpmkht8DNPBrH9cs9bxobcCsdq/JbGi3ZaH+bw98O/P0/ye8Vt/xWxK0/FzUYrv3TAbz4rRW8/KPZfvXT7q+ncRj7poguTdn0+3hxGqGZE/KPJnhopj74cidoK/U0WeMt+gtqXb0+oVLtL996I7iMxn/AbPyoBzn8D8Wlj0pvzOboT1T8van/NtWaDJD8S8wIlPqTkOEE9SN2P50cQ/q2+ysR+kXIf1yqfgj4rxEr9D8iVsg/K1ZeP7J933zAnbqpo597fAZZ9+0h/KkRlN4wZMFx81sF/eel8+9PBva/KZ4o8a+Wz3/KNP3QPXvl9H0UP9XBmDX130jXkHot/JlVHqT9DG1yFgDZ8fyo1Joh21vhnN+MI4Ctf1RgyyyBBSOUsfPenB3aKBi/c+b9XMTZAmXz/H0CF3qj9284e1zCLSlhvLIAWcQumqBg7nomfGuZgg3JPOGFBFwzS3iIhyuJyys5B1Uwyzn7kS/MFlZBJgph6wqvRnuLm5yJiXczWxdLkZ/rsCrLELnPEYdk8oX9iJy87v9n58qzlkF73+EZFaWYE5WIp6m6LR/HBsjr9mTEAgH1r9hzYxNlJRYllxHlwuJSfsXk7YmIHAvPe0tk3vk8NxGR8mRTcnB9YcGzf68Hn3nFzBz2BX//Vjd/TionY0q2t1n2v6WzyYX8V+3Z3+t+fvqzwBjdqhx8MD5xM1aVu99emThrmZNHtyutCec0vCWJC8p1/YpK+XMBz1nlN7EpiLwoF4KUuSfo+zopWwHG85zkPNgAjZDmTcqNRX2D+oW8yIAHcm6AuiKoJwJaniiot0h5gYE6oF8C2/sAfak6S5i5+AHPQ1RDhmW4wgWgjJ0UzsFA3yvgAQ7awzoEGBPs/wPKjjqg/XODzxfXnd4LgcrrXmc7ngHrPP9MI6ijcHdO1mVAW0IcfRvIztcLmD/d+D5fBmVXMAfyT9+rvMF2T1D2045dlaMdJnNXMN5igp9EHu0cDMgBeCaxyZwpy7oxyVtBHmUFIRsJbIfIuSvvfW7sl05nUWDZG/S5uXs7MJbt4IWDqVcZlpEKB/kL52M/TxDOxwLqAD6zqPyGMgJ4uSWgDIwllxfAJyArIqFA/sCxwDormNcN0g1lNIG0wz6AnF4JwHdy5/cxhs/OF9CXzLFwDCSQO/j34AGY932cefCtA+UR1nmu+5xfQPv8yx+u+GmHq6azABlDlfzFHWXyMSZ95z1oL392ekEdeX9+MYF5W49xPkkoMyqQTQXqF2zHJZB+QHtAqpe9HaJs4jG23CC+7XAop6DdQdtvdWRORI86Bv7lD6HkP3x2iIOHwX6t6g6sC64NQjnket11VYebe16RP+brA/vZDhplQMcVfe80FpsCygAdmKInu06perK89z6vqw50F4yfhOPfebvLHpznQz4PXhugDZwHKIsFAscDZAMBerfrl7yFHtDn9TvvK9RjKD+AVjBm47AVxzggrQSU813Xt+DQXR3Kw26HSKX4wHYA94tfG5OsQHehXpH6V0+BvK9A9zBZBzMJ2oP5gHYMyjQpHzxaDv2Wv3J73fs56gQb4C/gvYgAHYb94PIhq4QMZR220b/yrB99yHmCgjZg7PK2PxvQ9yPzYPzQ7qyQvkPeRMCbvQ6wTy73Wx3wzGSVf/QCjj3fZRD7tiOPOsBXQB5A+/Ejy3lAHM93PuqhJ4i8y/Chc4cMsz86hx26BvXsuXzbbZAvQAaQfUx7OxY5ZPiKf3UHVX50VU93uoEObYfsOci3zqZyh+wBG7N+6V4hTbtP0vljvNxuI4BcFcBGsoC2BIW0AVuBATudAPrRfX6BnIF5ArwF+rYFxNEG6OIbtrl+1MO+gLksEkA7DubwsEEctMdQR/cxoFAm5L2NjO/PeYM51WX4nK+9BLZNf3Hgmjh0ENpIkfjaB+Lb5qPq8ndOn4eeANv8nXdipwXwSOWK5DfeHHb7d/5BG8Qp3G88hjIHZfa3uZFhe+R4/jE3QA5XGfqmX3WgTwvQb5193oFMAZkwvrLpLIc+iYRq7PIC/O1XJoCvOugWt69MIAr3u7zCsiv2y0YDm3fwxvxNXuGcQJ/4lfuVhbbkK+MGDughoL5Bv73rDrA7UL52mwD0Tc4dIB8J/Isftq74AL0HbURsb5NBPj1hG2DPDjsAZB072gRfnyyjx3NEEtp+OH5AG2yz7Vhntx1wHhJI619dpxaUSdnY7Qm0wTj0IV//D+a6gDjqIx+2GdqNL50B1FH8qzdQN3DIC3WXtQCOZ+eNAnQHXgM7AOQ3AeXyMd6NReFfZccT8P4xpuO6gDKFw/rH9TEPxxiD5SsjwGbuY8SVr59TNiC7kMfZTusH8BeWg/lyvrxO4DWwp1//pD+xgyb4bDgm6K/AfHLGevCVJfZrnUV/8fkqQ51Dv3K2yyCQieWQKfE7Ptgm2Q6ZFlEZ2dsQXywEfGextznsJ7S9cB7352CHrgD9MGAb9kdXVminD996+CYgE+TON4794iJnBbRBWfv2kXwOfgEsd9n7IKHvVCGm2g5fJQPc9NyCHfcd9kFcDqz8xV9vIA/geXD+D32G9kDGde7bHuBciGfBM1EF+UC5Ib9YB4MYArRDDx/sQDy1QTlQ9R2LYBATyLuu7H4AtiGhT4W68ct27vYRysBuAyBe2oCcETsOz3ZbCvBayu182eUayBkcI8RHu20IIN5FDt7u+kxAGg+b6HyxiYyCMf+aH+j/5bz4bU6hfEA5/zWn5JfmX3IA7TT0ibCNvNMOcaez7G12WTqwqfy1DcoXv6qHXh/y+MXGuzxyUB5gm+RrC3afDLEkdvQRQF3Y44Hv+Hc7fvjJ3/Vo96WEvPPM2TEH1PE/9Ar6+T2GgXSt6uXr5/V9LMB3Bju2ALHDBscC/Ap+4I/gx15iu+7tuKUgfrMLB7bZ/eMeV0Cf/dUhlvyFffRDZ+T8p9+CsApk582uszmwsztukrejPcQP1+WLi/DdluUiHPM3PhNXoDfrHpPA+d9xzXU7xikfMRS0ZdvzwCvbdT36FD8Ag8Ky7QergbF+24mEcsReKNSFA+dALAF5C3raYJ0dG8A6n93vwDq6uP3M4ReHgTL5Z56Rox2IidcfWXD2sQD9wH/FMgeGIg4+7TIFnwexHbLjlF3u5KMd0Klfspkd7Q7bv8sv+W0Hyw4Z3/kj7r77lx68v8+DseWOv4v1aFf8YBfiiPVkiM3XL+ZZv3xd9vFBHYR+fecv+8XkIqR3PWzf80e3v/wNCGjPD/0HcQeUN85Af2wEpGmPy75xlbL3ucvK7usPWwPist3fOzCuwIFNArYMxP3Xz4GfDxwOpMjd+1c4A//aux9ZBH7uwD9g7r90JevXBgLbF3IH3jWWb7yIfcezKYdtJeQvjgbztPzYY+C/j3nfY8PdZuOHvBXIt92q/Mz7L5wE7l/lfR4U7vqbf/hj/g4+Jr/P++FnCvm3ef/xRX/Iy4+/+j4P+fFpO50Qq3NffMF95ZyDNnv3ix/1/ZsMH74T/cr+gdXfUGeLLw8C8hv7Ll8+ARwvfn20TB7txCNOg348L37Tx1+Y65c+Qsx1zN1Pnd1no1/7hR2YS/589QVgzyv0WQAHQ3mC44F1fzDJrregj+AnbgP8g/ML8XhC7veBrn1x0DdmgH4IyqwIYyvol2EcDOPCxcx3TAX05Nd9SMuOQdQ9li2+OCz5xijPL94riKPNbh+gH8S/seUePx9478iZAPqJL0aEvPtA+3v4QRH72p3l60uQXb+gH9j1c/edsM0CccGP//nmkgB/djy77fHCnktK0AN7BfjRJviZo+WgZY+7t2OOfvJIAI8dvgD4DVM+ni2TX8xNytAew2foR/4JjO3rl+Sf/BOhfGM84AfJrywvuyzDfBd87hEHYN925FcH8MNHwOcZRw6M22US5gv2PIUC+Z5//eIeIz6hr/ja7uAHJyFHm2L5pe97zgnibPFrJ3b/A3WF/Mb0R84K+h5g2446wfLLfu76Z0A+/viQo2+Ap3d+7HWOuE7ebQrs21m/dbbDlsB4nf3Gek/8q6PLkZOBdi758qNY1R/8tNMN5yj42uYrxJ6Qj9gvu7vnrr48OjAUpkDb94uPEKPdv353x8XEjo1+8o/7fCSwLvn7PO44fLf7v+Zxj7W/8vmdfxgPwPgAtntu6uHDYE5ml0f5qLsefuBH1nZaty/e2WX28M/ij/wRf+QRUu4POT5yDV+6sSNvK+45nZ/n//LvB4+WH/8OMPYXswWokn0xEbRfUBd1GM8c+RH5yLMRii7+5FDWY9zG8rVf2I/vBrKEfXMvANt/9hzej52F+MXM97wO8VO24+09rwP1d8+9LZAHO47/wZw/uWjdIX7s1C/stcfWezz2xUYF+cUauy1XjtzrD87yfsut496tRNz3b/noI28PXx3631hjRBCa53lYMyvLn/vfVaJ/wboygeN/WvCjGOxvVpVx7G9XlX/u/euXbk7/pcvKv9b8nN+X/P4frf/R/yctABJ/uwD4HLThHRa15n7y0mR1ZP2Yf8H+cxaowZjhliS/KrRw2Xn499evSfzP69cUgfwukX9bn0b+qfoERf2VxB8U/2uXxIm/Wc105Of/v5D533YhE9a5oGtoLSUYcxlWJhj3qwB8yP1b+ZHsO3zfnxErE3MtcnZvz+zLgxUueMnmAXx3QHs4P5jkSPZE2jVZ5D0pBwEwS37rgL+lBQAp9wVse4LtCDSPRTSldBZ5T8oeic0D1EJwsyeVwf+8KOdnT9f3QBcF492D7wPYfkE27GsHGOBvkSz7gisA/bAODIB+1d37VAA9JXf8Lo62e104rj0R8QHPgAnV9QCUxRHE7fSze9JTMUBQWrbKDmp1V5T1175w+mtcx+IBDJ73BQlzT9z8BLTfBa8dROz9rcoV9HcEqRCcIN//j7r7GCHNMDh6HqDzu6Ak7kEnTHD8WQZCLG3Dm5FJ2488f+YAd2st2V8z+3tvmv2/DR9I7K/s5385fKD/xlb+G0aVI+RN69V/sphUNzWwIDjYwkLvlPj/A4wI/Acej/z26/+CPyHLEMjyv8RelZXr0QZ05FXtXojjBMQVUTlH0LL+TcmfOxn2iYNdoGS7/FXZQSUsrJu+8so/F3++vITlxEHnXlgClBP1fwFDDbI6+bvtwcyOf/EOkw+LAzD7Uf/n4gygqfrbPfIbaXvh2Hv1EINOf7oHwvRT4dP04Z+f/ntz3wuKZMdqf/krnmPE6RevMYL54zf5G+fDbGhL78v1rC6z3x4cl403/k7Qz+SCXwn8q01DCod5yAL0Vrs4HIV/40vhQMH9T5qN0RsMB97+9F77Z9T4n/CeJ0H9WaFo8vQ3CnVC/o5CIf9ZCvXf8DXP/y/A8X+Isv9v4fi//HW8/xgax05/Rss484/R9V/V/0Hb/159gkT+qfoU9Sd6/mn0/o/e8P3NIWlNmQWQj9c62W3YPwvkS1hw/mVcf5O5eP/372L9v4/s/wT+/x2s3wL7jl0y86y+PsjjljTwRXjlbaRXIwG/9ssHe2Ed+EPegiLfX5W3lfcLEdl+IALqCW+86qeBnln2suSf+eQ8DXjzHlxTN/iwrJSJoIjIWK/PcFeEZU54NZ2Qh/vJvnDHvpcsQMWeRSJSRZbhhQVoHCBJ6yVYPKgvitf9O0ohjWgQOsTnBX7s94w/ZTlOV/nJmfzzdJVqb3t4rDkY3BlusY4MAULfTm3J+89OLKT71i+F0hgXsYRf1wh1xhH8lefPBgkziO35PSZlXhiXdBw21R/b11oycJs0Hn6ZTcfBZY2es+veXCyHW2DsW+2WTNfZ9znX6JnTNFomFi5h/7v8S6TehptNsOWKOORIHjv8n0+ZPDGC50rahBHx6bLX5ctnJeC+VrhkA0/BEDY94FackLL+oQ4P12OshzT4lAC5+owZWo6MrmFixiinOaTS7jrXAgul7cIq6CU8pbHEvkM9YUwlHzFeH5jwKsCPEF0kGsPgqrvRCr/Le+/zcRabpLKlsMMIKY2V8zKnvrd4m4REjOO7cVgXp4aDX26p9k6veCka2Z3Z3IRzjbUDUUj7mSR9T9i3dUzhJ/zCXvWCGO2c10arYLms6ObcyK9tnjJNPdV+Wn6MnWizSuFGJv3UquHsYI+Fhx/HRPMLxRN6uM7cZ6dzkes+gBUnfxTzPGJV3Q1PqsbuxWx2VVNaIn3be6d+eM4y9UbAzd69dC++cgYnlR8Tt3q+RHO+GqkZfqO8Ft8ZezcW/GAHN8fn4m6cHISalmcqHmfO8wqfz/LKE37VHdP4XTxdF+1GRdYh0lfWynHtpPhvzWrStAw/iX089nx1QfyFj4sQOqjzwFTjTLdA4fd/z7b24eZ87ntirZEUtPAmZLsVYFOx8npvuikmc89UddSi+0W7XK/7BPBvOHIMBcwWFPd0f+vjHJFC9PhSI3qXgBnO0+D0D6vccHYku+8T0+ENzdspWNaRVDT+ecyTqKURL9nRxWjeeNUcpF9urQI/htRJRVhGsyPwithLuLOVTpqK6q9wdeq8N67cLspnNvN6cRJCF7m/0xsWGPVB0Tltsv2oKNmrHtj1/julCPxaFmun8gFC5zXcTl+iuItz10MDfysmLq6DeBEuh7ymstAI+WjgdlHdoxX5VR9R/F7w2nk+P3Rox8D9Qytk2pbgifEC7qXtfBZfcB+c/RtgJ3jshNyEpuJj3xrRXmdCwNEHPFL6U3wJvQB73Q0zVvn951Ug03qGoi9+vv0P5yCmO48m3wVn6a3LwK+A2V+lr7Gmu84HpdJErNedVc978tAiSlBk1F4xmaAr5pdU3AsNo72x//BNtNDmr/tjI+V9yMIvyeUKnhELtOyk7WXyvSoV+Pkp1XYfdLBD9Vqos/gQzp8v/wm/1wQkR3txIL3ree/w/HzMQUUBP9HAbSDAMHfxYhtB7+gYboOZ0zf6qVjqeDkT572v84U5Gb47wU8g7VwyshfcJcLfJnkfV/JIHDcOhKly4L6RfaoJ+b7t24SS1nccfKAsOsPiLicIp8jffmkgsIBETHtptlU3kbTJ7Eun8m5Yc/awO8fX8b6F80ZEhzc5X7d3RmvMFXVtAXS81vcBnl4g2Mkhq2cWbbbt2Vqz7DRzTsxwd4X9cVyqSPAQhTgnu08e9pUkOo4Lv6qumufRVLv1efe60T19XbJ1gns1LKe95LIArURju74aIeyRt3QyWzx+iM47Xdx1iTI3ptbp6QynvA4U7rNzlyXyl8tMaPCQZs27T8jlpho4fOq3nE38xs9xb+mR7CERGGnwFPdZP/L+XPyRtMfn4Y/PPcMfqkrDLbmUw2ogbMOTtId7rwnNbg9jht8CLu+9LcdajzWSMRk/dsDglQLIOyeHzFuJhtdLw/F4e+hmSeVjxkHLGOxPnJPdLrJ9zKfBtawT5HGOcZJmpktusTjzxKGjE24PYdJ0KR1CCRJ0eS9bXF2kCnUdMp/JfpdDbiUjYc3i8QVlNVC8Zo2427q15WNZzjGhbRF/62WNOncYoqowaOaTsqLvsj5WetUz6LYiteJvDO/NW4JKjz7O4kODdRuZqBbq/XOE7WbjzOHx9YZZ8Hv4LFYiy5nicNYRPCGYrpKCp0PGxBQPVWVomt2YpVUahmnFH+JWwLngxBYYdo6636hbdHZ1qvecJ7boj7gbEnc/Dk5THuYzhLtcjR7TXjZOEYARVakcbn9lTbQ0BrN0euNLT7VjmFGe/ARGF860yCHWKigfHPXtq6JsCbDojOp0lRHtB5Z5vGbD7XDby4reMB8zbappFb0kbxhQBrjBhTXqN6SeSen4mNQzqmlz8voU7Ep8Rjt4ulV/ytWGytrJpdYgliuSsjO4HZALXaMSIGTIwU9r7cF3I8a1Y9l6JZugEkrcZdVJ6HVp6uynWgIhUKU62VQJjvs277btmlRonJqtncdtNkYMfB+Xf4xbNDtVzZQGld4pRkb9lS8S9BZpVNOXAirZj5e7pDc+rp1mkF+2iZLEKaNP1C4jl7djksLCeNw9VnMzHIPuNhbVgD2lM32e6aalLXNuO5e8rAp+KgbkZeLBE+hQjOsSmP3hhAkxX0uf+kHZJ+p0g716IjRnehThemyOp5UciU3yLNVr6t5dWuEVv09A5xq/kpw3AXfO4CVFNubQR5UJX/N8x09wR4ehPJ3EcphU+NHz+dC7kw/P8CBzwT+jj4Di50wrAeIZ/SfcbAgxZ1TXu5tAw5172Jtfre6DDVQC7nkVl4/WjCUGGq3ACVZ8faDjFeqoRS9qTbS7Sbglg4ppjxXfJI3DPgt/H53lbkma4kD55YN+Uv2m8pOV9JmVwGq4exZjYO3brxSfHE1af9yut+aCfizICFlYjSmAZuR+jIAwWVuMM0y9qx4HR2Zn4tN7byv5utJxAgWO8l5ySK+4cRZ9TLEvPoHS4oy3Rtf6JAwr0DVtS4VBvVNXNvtpOhf7DOXknIVKFImavdIIKtric+nVTHwobgO/uo9ModO96AYMTO7ggadoFoXghb19Oh5MldVHgREAFbq6HbKffuWGkbMku7CQ5h1BfXheQizDLajrdLq/bE9+AdK3d0rfurMRoIyIBif8BrwDxDE3CMbtOfjcpfka0TWwXTiuz8trPvnzdRISZ3fbeNa2dDo7RHnvhJb25sdNlFFTiu+qgJDPezDyUQr0D333I0DJzNR4E6Xn0b7DEF2/ux2jQSct5kr57ITu7m99etH9xS8iR/B6c3GwtoCaJN7U25pFp8Lt+HVNe3g2oZUKsVKE6NbiaQRRoq3UAIa04hac4T49uJiND8GIGn5WsZt6n1HzUb8Ym8G2ooGI9crCvVFC8TTcHvcaFXQgBb4iPRMznJBISJWHq4cRbioWnS5QXh72jeZNkqQ/txFdx6xH7Gzfxe/m1VMT5NyyW8X1I8XXVGbXnoI7vcFtKzIv5f0bmCugTWVfKthjrgpJwnAo4ZVGkIY7eDF6qSYvSpdFoKQdV66cUjAGI9gH4iw4u1N9xHwvy109jFpfMBncyACmJjL+TK4Gsa4MnU3ec9heUGcuXE2RV28MlUrz3QczB2jNU/Nyer0oXPyc3N0vFtS+cSWobxI1blgK1mFxUUs9gUBXyD1fyBICSaj2IzWxkvMFlTTjIYN7pkgu/ZSs6f0ssG6qBNTypmJ6D9oNiqDyqO6TaSWhTV7D0+rvu4hh74BMGDyL/Y8oMs4EH7y2HpNe8k353HumMNb9hNaiExvD/SihJc+GFw1ZoAmw1/tjumfhLGOZ1Dk85GKp4gnCUI9RPNXnsFzEbf3MGMqZs+i9Txqj3SWlsSwKwlplJfcDASQXGLn4Wl+uUCZd6zCFdxZRwmqxTfZ9/3jWBLdzwJ8II6ESIkYucMDqhbjiAPYxyVKLwny6Dljq+j05+KXO36Ju7Ctc7IcoQ+YdhUm6NxRTNcsrnlHxK5+7NE1RnJruPmjzsu9mV0rI16srP14dkSQGGNhT53TlXMqOOMTShUGF4SLtVkPg/Sj073BTcmCXFBV/PbjQ8YLPeFm1fPLufISWG/PE/IcA9QOeWsW7vHYq5szy61q/QQkKZUZc+89SnN7naAfLYu7dajNWjcmAp5DxfTie27za90HDk6XCJGSCHH8r2Jq6274NMa92jEC3ZR4rTdz7T6m2ShTRI31HqIkvXoc5e3wAEjVb7E0Jtmg1HemQgzlmE0/wWOaNMZdHl5m4u+N7DKw6DCY/9VJa4O9Tx+eVyljMva5e0B44l9V641r8OXv2GVjX9kYINUAaECYOtD2t1e1m43emu0nRh6D7NidLOma46pGY9im7keSwxC+bFKozA/A8mKNckd404DN32ZbZQGoYdI3YOJZS6no2T59aGMMUtJtetkmdaF5hcpOxFh1VYGLPl4HiHir5mmtnFim1twsTsvMjzktrF4lio3DTQzDl/Y2uq8kmxqpevCp5KFaIc9hsNU2f69PFFvxbGYxdDznAxDsc4YMkYzSKVF9jxBs7WiXHp1KwCgR0XPdZWD/c8qf9cIsaJp0aR36XvbXYD7rTPDfDLjeZZuH+rlX5oj4VBMkMy9nopA3lyHEWtCBLVTCoH3bk3b4ALj8lQlkj8TXe1VOddtfcQeitX0svteONGoGOUQSizPxDmAGtqMdzPIXvx6694S5gjprF+6ns78GO0JVcc4kC1ig4zWqliaud7+Mgm4hETdqWG2rf80QcqztZa5b6eCH6MjYTF0TNZTKcoUNvm0q4IcDVcFdzFMtslYjShMQ6f4E5laA/IXDLNaC5wEYUPIZaFXoSZXPZUZIyLGT+sCbzEe5ZOYoW6TDiDHR5J9rMx3Z3NeDeSDxCzvhLp6D1ZNwX3cMJEDHa7kXHS172FVvKU7Fva3nvoOysLIle6+Up5ycTAgTcIT45dQ1jwvIa73R1FxcnRgN5NCbcvhmpvVeGZUBCgeEPotFgLZwajqAlsOF2ee28H+guLmtickOntQ/qA/Xo3eK+m9/Q9rWdGIAMmSlFY6FUl02MmpNeMgrk/gl9VwYeK0hutkXgL/vOoXdwYVbqth/YgLD5vv9K1MzFGtJnmqqpUwYtlXLn6ugVldFjG29K3Iz1ndRVKzKYhIcWs3u/6k4yrjLk09SO5U2SVGIrMDPu5OFzl620ogh2g3mgMaZBkHMLG7qGtd9nP14eA4RTyeS4xXKi9nPfu9UnSnbCNMmxUuiFOPVJdlE2ZdXHiEEgrYcdEhiNxKyxvZHGA5krC8tC26AVQupvjJsLCL94+glPSoNvgdKSPPTvF11Aau0qlLZPP7wQNfowz1YBi3IfeJxkjZcGFU98Q7hDZKkgdLYaKv6wM/4pkomGEGK26o+SV8YH7xUXSBqRKYoUTcxkIZm/7pkRa4hiBeBtr35VyImmjBBT4Z6F57S27bi5GZEQxJujDLMVsytjJ5jtypYbttQMjdV6vTzQZgxPpXl6l+hD0TzeR/FCqteRfCImJgxWDxMHIkdLrV/Ozr2MW4DD1sALzTPJ6S5DRUONPkmHKMrwJV18Raizvi9ukiaSuPw8pWCiWJG+SANWMBrzIOhZ9gMAxgI/o+YnNd+THUFDt8OYQQ7tWD/apUGg0bI9BuGNYsLp3T3K8EoHjxWDETvdG6DjhAkEX/B7XX1vueloqjijcKn5bPJogJuRDv2UKnwO+0fZCEHYJlZ16HlMTrqK2nVijo7+InDyjlNnXpBjhoehYXp3HlK2zeSYZ7rcpUyMiw6++XPTdsFtdk0S0FxcNQ13KQ7uySUZdJ2uZW93TLqcp1d+N31OkdMNx5gGeIGGoFM5hJbR5YPS3GTmzfACRp82AESZZcquWk/A8AXFPrhSSVe4fAhzuXabkdHtLvEivqAJSvg7nhuBysUMkESct9/4HQjjKoLYMtpGwHcQUNKDj+MbDGdSx9cDsWqxpBWJIqT6+MPQMOp5+Cm+tHVJvSAkwcXuUwBMeoGnejXJBDdGfqencDCsNNKMTDklfiMCaPpKQFjLL5uGbm4je2+GlijtTIqO8q7wS7W9ntHJFfJabPwyaHWYl876VrhTpwrKK15V1iLckAHNn5OmiT5Q0XYPeMceBg8iTFZUCycUjD94eT9GKLnxV08+nbgiek+P5rKKF1hTzhkeBM7QZmvW1VYaydyzEOYigznXXye4hZzVXULTEwIncrYP6gXlx6352k7Q+8tBYwIoSK85RJ3HRHctyrwLRZ+7RlQOWeLMX5tIlsKsSERzZ3ekd945pd2TIdqcrY35KyFRA1ahKpEHiwfFeEDTU595NX269I8YhHXuQPWXSpLBZMSbrIEYyIg83OA06nWrlwB5vLIKZrvf05zfHC2Gv+3EZJ9nFoCrlGwcaJDhHn8A4jDcB3dukYOUdDfGsltfLCww1okkp8EZxjyf5JR8dMnyCKyc53vmLNJJO55pq3vPfom7WvxWZ3H3HHf01IdztimNCDOGL/rJrTfBen1ulzZAu7GhtHLcRFfyNOgZPAuTnaFNJ3WsV9ZuY+cBz9LkDcb3WXjg4jkhHn71mE06Frv47Jkw43MGpgLG+P6L2potjJV5MPed6r0tJtTnB/34UZ991PWkPK8w97uFMB9IDGtRN1dMKMjubEsUtU7lNgyXN7WZqLFNw1TpiDfab0352IXxeaVahUurb7xIokd5TEMCQU/jJ65hGOHnsaTnUwowqY+5vv4FS2m5EvAoG2ZLblsHc8zRIO1b/Z2wZ+yPiiWozYhU60YHo04W0O2sOtN5SnQ5oTE23fwQOBm+0W44KjG8NXjQMdem+6LOp5bEGEF1SGx6OEDi6yDj1hotW5T+VHPjqOVbLVLC5kMhciYPZoz1mnnZbvR6z2KVX4rwzki6SdmUQQbjJPajN29YjEsYpkIQ0bxcvKJPj9P5DZC5qWjTBGUku8Rn5jGLNPXMm4fbGMq5DvIY6rTCcIV1hUpOv2jKR8OX3g4NrsefHHno5tC2IGoMsYt1dnXanDhBc7AU4Cs+y+DGqy1kAEPyln3bkw1QD+m89W+zkwnluTZO6sKP+wHbXMdiGWarPdIvWm2aineqMPGBCdXprdgwfuwhp+JR0KrWkgl8arAWyhJNiOOsa1t4YS+3Sk9p4sJ2BPQKOjfd77YDAuqIhPmeWnk1Htx/MxQ+hZbfpdZOON+D48zgmR0fpTExfJpbgBaZN7IlpvskaR+R8hRaYshBUaMjOLD1qj3qC8RH54k036TeNLeWdwi8VKLGyIbb+/Aql7WM9ICtOhuNMH+M9qT+rXiYt+10WY6M0xrCnUPPKAnUfCDd8CVo0CgIp9B/poKoFjaw+5A+YTNfBYlOLRUPrbJtHrcvSoLIpOL5qIO8BljCMq1GX57IQLnVTSboQj618tqt52I/dRP4XWisXKmTKAjwKZgT0D1UgX8ZHr3xr6D3zMQWxvDFG35DyrNvaItOlsC8JujpLQpV836Eb5gn9z8XYsBTLp8ec79ByKV0ig2iONaVkA+VczF7wmXv4hBVnZBbuDSi15NuxMZL4EkQT1VkvJVRhxv+Q2rRK1wQfFwwbpad8DWUD4MaVocMlCwUbDUfnVYP9+1Yq9eULrhWj0Fyi4hEujcZXRjXE48A11AJt1P0jB/zuB8siEtPql2u6n4A+0mu4RalCbrW1eN+x8pw440aCpLcrQ16wXzUVpHQK8TCnc4P4qYbZOROyf1KFSzAnqNtuQuaZt3uhdr1RDunXoo4s7THkR8hj9/cvv7SuINuOAYUXY009zXh/HNNFGc/H+bjh9QjRF4MsrzaF90uTg19k68ysS1gRnnsmn0uX1Ng0Y6DpwChb6/9yIOAvlOUOtyHvA+7J8kgGzffUhdL8RlgLK/vUvrNOuUJVYwcjxsqf8dXn6ameivT957dLpW0ofeNqQkJoogywAXqoXqJtLzfF8QGQdYFJW/nuK4XEPCp+fN8HodAYWT8Ad/44lsmWHPKvJGbz6Q5TDk3trVktYeNeUPWaKhLvUFfGCqtlmjMSgGbB55bVxPVTyWbTfJlU6CDWHQx7ov2ZdWdiomKbWBOYACj+pbxOBjRILtMNwJFtdIJ9aZjUXXyFWzrsGBhEBArmFa8dZ3BqPjg2WT6OnX92VVa9BSTLtUk1dyWa57sS4P1SwWxuxYBzZeU2IRpIu9cChPukyXzqQavQq6C39DPUQXa5qFNNfeuMQKMFsYabt8gm6JPo13Wc6SwUGG7y/ywHup0nUgUw0uxMz0aBNZY3NXbGRrnW2RYPukJ7L4+46tCXDH96iWPBLjgvIY51uFNKKrIo1JNAXcAauUCm5q9Rr4rbyWjqZjghM9i+25pFP9YI9wRjFeTdib9KzAQKSy+iLanr4k6N5/7ySnT85h52qiZ1BUvG+B61Gp2xxMIRoea27qLR0T3e5fVBfqx/Ia4zGqAkULRIDr5eDCRkH1uts3HAMpBu88vHeXXDbBy0Vg+AafaqbrHitkaJDH4VE+jYB6kyEnYk849cOjTkSXMOuTOP7GBuJs8Uxujgp+h3DFdOD5JKNpQewKGDQua0y03rrlGMPNBs9LcuwOokH4CD/KYdj2TPJ+3uB8lKx6Yp++UTTznTw0YOsNS2yCk2llHY7yHyUuavDzJQp4kwmP5e17hQuHtx/Z6viYGwb5ObIFpg6+O8fIHpsomeFLqKPOboLQEHb5HTJAdqsOm11njl8wdZ2WO6Qomo8ohgqbjLAvZ45Q9LvQE19Vgdv1mnac6Kl1ggySgaQBvP+hSodW8r3wDVVDIFVTZt0a+XSHMJtXr5fWYkwj2YPPWdSVGqg9b9oRe9cVFcLfaXMK1zXeoKjcZHmuZQrv9ms3gZJOmcRWZswUiJ3ueXb8eRjLj2AvV1+F4wYl0T3Pel75+pTSHEVr/APGWXNTabSUIurE8q2AMTg5DOSGEbbmgnwkaAxpRFDRvw+vbKZVzcftZe81FyQsnI90cIr2jeyrylptERKAT0vjxtSbc5gldZH+5twkjdTHKmAx0jioBcRv7bJ6FifmljeqS1mLuJ7egESQ5NYsrzqEK72OcCeJtzv3b2XJ39kiSZJ+vsWZqySfgcj0LBd+lMhVKTxkw5VyEXp1F8DQMvjilBvXZT+aFwPfh8aF4qvngBShPOWGJ4SSpIzdgZPuhDBgs3wak5D3NC3OFbHK+ICCIM5kGaDLtCHCBpD1bddrrOHPeLf19GmfsGfTkJHDpRUly5dPQkLYsp7niRPPpqI77C1fnJ4isTvZ+6LoVWYanz67KUv34cjC0bhNipDEl/VQ5f19cXCzUUqYKMgnsdMOgSx7MlOxiQzPvpGLYjwLE+O1T9brev12Xnjt5dE481SuNIFvPMJFtA0BBk8Uyok6gdfUpZnNlzfnG1yEKSm04ibTRzpltIXNPPE0LHpLHs12S8++avrQ60yOMS7EqT73ST5uH8HUiuQpH/Yon1ObJ5TRX5ormmTYbMtn2Q6auulvbVAGCUr7qe/V0S+kA5sCj85X9lOHHrzG/ny9vIY7v74BmHf8jFiaLxwD7kFDY0IAZkRuFnZbXXUMKuq+okdLxROlXUVwNXYgISPiWyu+Fnpz006SW/sqX3uuoZzGcFhoEM2MtzNIIwEUndN2pKu7cFjIlNrZqlC4z9yauSZA481MTvGSYCf0a0BS/L5HG8+YMr2zuNm3FF6FqEX/kh1p7eEr4vG6fsrjGUZEVGQ2i/QeUB/We6cpH/JzM5360u9InYztKZ7LFvMmNJURzcAMuDdj9tvUkjxKKg9wV81p700AJdnnD/ceN/xiJraJlSHcVpTzeGh7LHYGSQZcpw+VEw4XczScTKTxnVXz1xkZcV3tVAW7Hukt2fgYh7VVjK+sQPiptJSSFLb4LL3mXqkhXuAW/KTu7uRTdVMbp89CKL+rrzkSn1yMdPIZnP9nrET/VTWFNu+qz6RyvTbN5bYLNYaIaE8rpJKPGLlXU1cx1iZO+hHc8Xm2Ou84gSvXPpRkMJ6wPrzZNatoi9J5W+9Hdktf0akf9DNd49oUIW8fqe0PhXvlRILRTb9k5h3qakSPhGQBSzq9Aa2ASthk2a1JaeOrEANfAHadR8EpU+i621kcNAxU3yvAKRG2CjtbeBSn9SSM84bLdWqvEdI+H4EuG2+0rjdZjiRlznojgghY+7DdWPwwfWuA1mDmEI7C6r2L0bEe36kHYWX9HWlzno7IrIvLsuk43Do6r1zABqRAwZixCU6T6TycWdh+1FFVdlwjaJOwTycNrGDh9lLkG5tI+CJpMALxsKX21TyFFoWmnFXCZW3g4Y+fAVQH5XpfneOrX6cTf/Ne+XBHNGzKjXXLFQy0CuNif4wyLzBCi191e5vB4v7cxooqvx/S7KlvZhlIwkNxSeu7DHuLbzF9zRrf3VCVZP61nEhU6depCB2/nVjm5xGDgYTusm/Cgq5AYntxFQYGyGgrP9BeocvzD2d+3yvJXO9ow0/7y3Wy9jqfVpxiPqLQuq8LIvSVpNxazwrw+8qTsll59NoF1Cer9WMhhskFI3SEEvsHXr1C4jTYsWJ2GekwjE39sYUYU97NWD2OO7XF+jh9sxcRyFODbZeXdTh4llAV7YxP9FnJUriaerFAMRuWm9igIECPLomSEaKR1q1qQFUq7wXCBryidfe5MwYPRLMRkVIxKZ0PhsLSKmBaEJdZy0l5J0JVAlRT3uQmQvxrPNpmK+FPyRCPWcz6UgF8uIaRZyjanm6fVg28DWAFye5RW6oZ5Av2NozxpqX/wBPI+ZwCcWoribsZLwLfwlYQx4xmzV9xn8QLcXIhgxBVZpFhuP65EliNRGF7Z23ECJd+oX1bZKQSy1BrRzreERWCCkvd5GjNzx3KEPmfqWL4xE1MwL9OTGsV8ddkN8ovlx/hZLwoRvC/nIzp4eXqAcVQ4BDT6jNRMf1K9TIedzGnZ9NnuFkUbYuaQhenNtMph+iLylGy4RXIks9zHh7ER3XoudcJeBmA/dax7yJKVNlSw4IbL2i/THwKjHe83KtHd9yMukEGg5/4xXZD+jZ+wO5v0IPxt4s7LoyUIoBLmGXqV6IyYzjIUG+BExsTY31NwsqtZhG/txht3GJVZ1KQopz5Cw87TrQDEFzUDZV54s4Y+d+wcaPodkZ2ESmIgpZFNwtcHuCwPqqTW+uoDD/vm2wa1RIjhhNdrplwq30/q5s0sF8JLEmeo61EQpF+g3ugLAoJc2l2oTbMQX++CAbEQ3ErDhaLv2wefqkjuYrezpdFfGla7LmsCV0Satb4xsgvJo+bpDG9JCuaang0kA7qQudtXwikDRhMVoYUwcRfnovF4GFcNDS08vOd6xwpCoHKrKd7QzqgIHZMtYN3GpccI+loOw4mpHr7rc7NmG60msRSVYOimW17Z5uqNQmVtwmI7X9ibWJAm0GwZBxjT7QgcyhjpGVKqt2v7RNsadzge1RoGMm3zY+UC8yPuPeIWOxv5YELA7H5qtbC1W9hczVGkqE/uPckuPMFszlr7/fCGiw2hfSHvIc09PxUfFc4kGDqQz6j2nI1Cu27P+/KfUxJPnfgoxvgcxjqFY29+PRkQOiZwJQ2ti1EY4apQo9Tea3k9elQ2Wm8lntEOrMQHbkTGpI5o6/efUr2ITJieXX0k7m8c859j9U7DfNCDKUX7tDjBkHo/i057pDD5LOMGWg0UcftMDAuDgOT1VJo6uA8w+MI77/qKu1slT9vjkQMM+0bW5D6zEW44M8qn1RPEpSZj3/F4exeCqEMeaDjChN2Qa1ZGDYlqPsEcZO4LVTl+KPDb/KIFVNUqZ8vwTuZJxuG6M7Gd/LcGMAquZCfvqY6vZ0AlrhpF78rG4XJXq/ModUJ4vcjPaAsdajB6CdAgUQ+exHWIe6L6vjrISp/ANezLidtFTFHLl4nOq1hcbuZlWe43dO4TpleR/fVBFPe02FIOQDxGdWu6VN3B1Aiy2FiFcONHhTQJ9yeM9J87WBMs6jPgJdBtCe0baji9zATz3Upz/FsOyX0x6GVp0cfS78uQ7DLupyoBLsT7Gx9jpO1q+WFdhc+8sMx5uTtF4VtpMi9uXfq0ollIzff0ouMnSoDKSFzzaxCSF4yl07u2viE2zjuCEJI+ZK1g7jONn14jfGLIXxj8cYEER60pdfNtRW7wKlagR+tK8fUkl3ztibfcNHCVt4wbT7fXqHqzNh1kEvuqS5gJ1NjPGYaSIBBw1RHDgDyheidQakyYhQWzmjyMXatbse0H2fJ73u2NnbATHKG/iIlyac+opHPTaNnvWy3Fdv1A3BME43ZJjQoLACc7koKxpBAxdwBXOwsQqeGkYIkQtN6sKeIbuJX44xTc7Rzi0APZOPSEGlWBsKsbS8w/pXrZPxLNVmy99nLMmHGzp3t26PGh8p/EdEferRhRpEI3gc+8H9K8n1N6w1r4RuLaUdhFJgbaeGlEGLYfrz1lRDf573KGx92IPbRYBjyE7Bpkdwg9rBMN4qocT4RzXq32vYeAKzO3HsKX+x2lCOGlMFTh7wfSnoBV9acOh8e90xctJhL02av+M2p05upl+RgG4afmMoYu3DXB5cy2XyqA4XN+drDYD8ln4SIEs6owc6B68Lg9AHufzrrC7i/ZU6aJgfIH3cDjs3Mty9IdT1HpSS6pDUlj45pLjSFuoZaWEXiKwxSwdYZ6/sjYxzuMZj97ngMzrJt4njDiRFnDAsITinLokzvWZ98n8j3L58ebXfCq7ianoPfw+/jQoSxuxXwpuOY++8AtuVY9n6CHgZ4YPS9PR4fpEwUDIC0svS5arK4jXfL9vKwOfQ9mQU1RGn8GyopW012LU5gkuJSu7Z7LlfDoU/y5ZkaUhNXjNi4kcL3S5kcmjK7UPvcC7rQy71xHuZgi3xCIdu28UhCvIkzXy9diWTNaZ+CoyYd4DxZ/NMvTlFzWPt6WmOnIBwZCulyS8Im/RTPOMDfLj8OaO59cYIv2l43Rc2JRyXC7sjfvvsBc4nVs9PJNGsb5IhuFGrMPLCVjhrh7AfOh7yWdzBnP68DHLjV7OyQpjefVSYQipRvKUNBP9XYvUUUktJ3h+v3MRAx84See9mMCj7zn1GCW277JE2EY3IXFTaAAcIy0gYA497MpWw8PsY159pXoHnwL/PwUDJODgA8GGl3YQrMERUcrqvSkM/DdRPIWd5Vn8p8imZmW8lu0UBVSCdm3nRXeE1j6Nw7xiN7u2AO/RGDgt/TctbGFMW0GAAXrfwj2oWZ0FgLK2w2hH/HtTOM3TxN2ALcfYzVHizhcWZl52ZRtaQvQhrdWeqzCvyiOuTNCRkikcmWBw4G2hstTnac0IfoQA4dI78uAsxfBhijBQkP/vVvQK0llsTaLakT2kX1lnetQqX0QvVqNgdDJ0tbc0B8Jlg4mg6faKwIR7lXm2rffQbFQQ8607m1WagMdOQX7mhZ2sjM6mTSsFe4xIWQ9BuKYOWqBeScC9py1YJAMuyBk7IRY8qhOF49Oo8eA4883Dtwr55jPfX0CmutCP0VxDl+O44vXU3QK3W8Fs2n2sxPb3gsLkuAv9Im1T2x6Tc6Xxl25Nzc817UieZkp31ctxpd0CainrUBbPCoNDPukxB3Pn0+qlDVC80IfCmNf9YxmGtld15D9ayM415pOpQKi3TL2enbu5Yp5/MwFcOjJxQ8bjH3JsbIInSMwuqJrvOMOXjSaNSE1VFZC+/Jy5uvAWjcfndTNfIUYAGzkLWXJqabg+w/SfSs4aMevGfwC6d46Qt5dblQaG9eHPwAQPM2rQEM/rPOskL6u+EzBIQA4fDMX/ALQ/vNyM/TYaDG3kzLDZIgd4AckB4OGnOzDeQtmNuGuuo4MFe5M5iAs5VRUXv7I9amJ1SvDoMFNYr1zycjQO5slwz2cObcDVTpr7MU8D3Fr4URQATx5yVFyfC3+9oYjgKG2wJjpkz0nZyZeruP7loo0hFyI8VKWl5krMk1faC2EllLOWHbJVVbRQ8nSxzRTmTWM7uKFyiKYeKOLCA0MNO/fz/E1FmHTaFhGEE20H8jePBXW6AqdxOo3U4qb+sh8RK4eE7l/vxbMGJ5YMxFdOe3KhC+Pmitah/LzHObr9A7UNvK9SZLOQcg4NZDFiwp9OpOyBD2VhPbS4ORqJXyO1aXaOZyCJFIaed7TNbWV0ZR5070zlSo3myP1bZy0lKVy4e51Ut0/0YJqCD8/gae9HAuH1mIi1jUkI+yVirvWcRAyy9rivRg2rD6UCWeX9+8AUW0vGNYCc+h38unEE5EyPYNbwYlJ70l+zZSf+DYZCphhdcpbr449DfeYlMZFPItU5FKhgddbH/xpRGkJvKby2YLb28iZ/QuMmL/pMYXXz4LXXO95gVoE0EVx0br3i0JqHePGqtK8acpS70aOzlPVZfpabA0bFGmYWlOA7pqnl2eNaIxceXi1FygkPvA13ic6t5RrO7Gyrmjma2wvcIuvpbIzXcyMB0xD4VROX/w9lMZUGB8rS/1kyRcII7b+dX6rtPICcDJy5/wyLle1PskwtuPy/8XedSS7jWzZ1fQc3gxhCYAgvJ/BE97b1TeSr6rX8KPjK1RSlCQSicxrzrkukXGU/fNGefJZryRNcdsSN0FlXvlReBZuVMpZN4a/pjZMkrveVNRNHhMtUj7uBACV3xcnSPA7HR7vKfuZmWKQz9Xvx3Fp/alu7E3MFtx8LBNYz1ILSpO5WL0mJVxcYVFO+cj8hczvHhiGEOgjQlMHrPGxuRHjmYC37GQcX2NkPEBCN0K3vKQC2Mi7OqVPEKNii/0eSpbpv9Zfb6H93XjlLGEemg1g8ARQyiMy7Z2shCYe7jWJKLLH/bm7dA1zGb8L1WMHf/02z0+Cw2jimwOy40gdQK3sOrflo56uyZT1HdKldiZDtsoKj0AhHNRGCaFvCumGCz9omA2+DigBJ5FGhfMmAt/O+AigIBT6UwQI2ZMArGwm6aZ0d4xyFTh527mQlaAuU3z4erER5mSyG9qraOlIFsB3AMey52N+0wdb5iRiTL0Q5cqn5LIQn5AABhQaJ/p3q+GVzYvKAoLwe17Ru2IjIHC+xOj6YxAGCIAitbCjxk6jAC3fnY7wzd6NVRfoPHLeMuEjqDL6mEF9mJcO5wvx8NPzVxnaHZabuhZcTNEquayBZxstyrZ5Syn6+tpqCJIgbRjL0JnUd66IR2bbIjTaf0yoftTIl5CWSuCPd5ILdMtGM4h3+kseKI/fSub31IFHGSYKYCQA4MfBnNM4idlfeAowI/s6WVZbmM1v78F4VppWv17fcNR1olitzcj0IEjyAt3xJuDg96fb51nT6X1af53UG7TjlM+Kyq+Dli5gbQRQ6Fti6BbPc5nEVkvkqgSqBpLHROyVS5sQmvMJghKrQAVITWfHTXHM6/N4bbTno7Vp1y8DJF7YxWxffoW3Iq8TzrcjdzR5IcEe78jrkZ5vFNR+qt37+gHQ3PthXtMcIrwgdiIjC/hjnR4tVphmC+2rmXnyUldwSeVjoAD+0T6e5cDJdW8qKCCfIov8g2f21xqZHqUebBO/ldXStqFHAv07JJInZjPxT4ivC6dXxkFNUp/0oNnrXP3CwcMA03B/4bkhVJY5g1NRdJTsRtUsw1qqDnl0JXbL4e07c+QBAcxWvNPttc4y2pzZeitxDjQ7LosUuc4eNdr27WElSg0Hc/hzoEbd/VcBq6C2kxiaCehZ29LWB1BcrY7spPE16E7hF+67ZwtHBCAY4jGuXTBTtHq9moOzeozngfXEO/0lk2TiYa6t8jzQPxCJmDYWQ2GjkPQ6Px+fBTq6uRniP2h9ntNpOCvRxeMeEEVI+se81uSMnYdYrnL0Pl0NEqArqDo/f07Y5yagQRm601YVa4OFXs0eXxEW0Yp1gvomkfwQDYoWGZDyHgMNGKj87JXiAVe0b/mVW3/y7wj0jKqYD04yeef8ivMAxeOT25F/VMbIjC1pqS+w6l7KHK8az3YBunMndtcoIAXCKW7zgxGN0qqD5kQj/6IAQHnOEuwSeX2aF/tCCg8ikQfFkmWiwGSJddvBiirKTwFK8PY0x+KXhLf3cJP4gBlp85zeeT3olqycBNs6Y29JY0xwYCAwmOHZeK/8DRaIQw3z2OR16Nca7moT2O0NxeDOj2ug/I+/7mnyrx6LtXblEWvNXnTw3tvrKxVCSTZI9NFnt/2Se0ObwyPS5E3LWQbp4e+kRVDcP3XQButnYX2dOCHg/+tN4HYGY7spMIiYl2mYr3DrG51xCCG5cc3ncCInEHAvQb+21PttoHVksqlLGWqPiIhszZJ7nz2rydtzB9blkhuGe6k6ndEyFRBfeqbfBf/QCbTLcDfNHiMFDuM2doBAcd8aL1XjfythZbZTo8AJGshJwx310Wn0uPvxfuwmxDoE4zvDS5htv1/ZgU58to6YKU2XxNV94ufNA9epf7pqWkyI3wJyohB557uLQvRVwYK0POSvRb/nSRzTeCJLsukVglOQdErA5pspmz4YtAI+xXWIy/qeo5xQkPi7LB6YYl/rdP051jAcPuirGPzkeOHGo0EP0o0lcWIkqioI2u7mVDn+/CBI0sRZbtQmsyE0B+NOqh6Fu+tosFN5ZMsJR5EMktxyeIdNBYEu1a+wnlQU+WQXHBBzx3I9CQvUEPPosjqWqw0ElNUrdCSC4Fc7ak0ccbVP1ESjhhJjHFk0Ezg4fTODyVZ7zHB95PriLILWoTqCFNFqUHeq3KNIQasETRTyNvw4AEIvs+AeXdFZz3FSEqyVcNSDMBlTmbcBpiOwyboNDTy134ow50jMhhpanZdFZtbVkmkbBnkJVJeKbXKTs3ISkHBBxggh2OBnYwyGVssCm0Te0UzaWF1qfEBVW4T05c3ugsK8OwfCeahqIcTkQ5Hq72RirUi9GCGabClZHCEzgcIMHex/+R2hh0Wz4BeIGAndGwQrXA/WTu5L2th9mVrWIEmqqTcpVNrvgtFgLYSxlH4pXEBY3mUv0gLRQ4MGmR+NhHSfIvRjrhkj4SVvpU6Tvj/7A1HS/TSZWnTEDyDkYw+z9a8dIIlpG5f24wqhTyKn2rkTRmS+XIwEEZK4N8g6Z2DG0ay7N1HJJwCAcM632+/YTuHMN+xAvxmbU5Ouk8Wq07zVfCSzzedxzIIjqoYRDUyjE2nsxqob6AyLV79bfE0mnFJ+M8QFHVJZfqwCHczBB9jSrj2bJPOJx39mBDakIxELGhWj+84MRsAsNgPvD23KadFtZI0YJl4lMUdEacHR4LI7MKogNJIn5XTaf0mm0VbBixveh4vZwLmVlTJfaIF9b5FzfiGnNRAq480EcgVLRRkgzZI6zsoIMu4dLZ34A1ZYxUCvQ+Tc0+Ozg9cs7yuzLuFn++jmjo4RXIZfSrOOhy85p1t9GGHzv1IOVpB50mFL0vuzPJ9EFnK732vl6Aooem4dl4Ct3sk2KTgHJhgmIh2GeBV9grO8C27/qX4HmM0R8GgjYeTM09Ja4RcoU/mcQKdZ1NnyOVqTg5A5deJ+hYY5zU+6RvC5QdUfkvjlZCBZ8o8VikmylnNEBaGcXDZ2BOvdU+kFcB0veJR68NDJuNH0VyZpgV2yhuEb4nghAAGs2hOyAA5xXfJYV+hFCtRXigAfI16aloPkjXQ9BMGsVoLwNYIkvU8wUSBeIpiya0k2SLN42jvf4Am9DdlG3uHHGY01Dr5wPSwkDq4bfxwjSmmSNnjXwUUjRtoZ+xmXtu4+iACXOXwdEQEdCa6ut6S6MTbdKqYF6CqMGj8XU10qeqVoMqH+uV9CdNJprVWF5Ca0eHiCqEy3SdUU5RaxSA/fN7JGhYHciQQZLpmeGMfwh1sqwMoIDNrE8keygJfzyeCDoY0cwj+0A2YvjPAdGJaPUByGB7jocnKs87VgpcJbBprvCZLhHMtDnOi3hbcklryyCOkhI6knV42McAxsu5rWtVsBQI0kaVmpsYp7kPIy5VJ5lezO5qRrv41JpJtWPJJ6Z1L1mh6v4I80B1rnpFyiqV8/dfwgF7kh0Atj14ONfn11ur4VLxEHlihOnMx/wxFMNoqUHRRCk/O3l4997h/h/R+QUza0ugJhnse/lyGjMgBmTMeY05pQFxDFWy5h7kfFXx+XTNCbv9OUvqXMqvDe9xvs1x7Ww6b8db2scDEjG6pc2Nh9XAFb+w4pE8Ig5rFm6lUQawbfq/qgm2lvW25ttnjbv4/Z++sQlYf1IVQH82JVZlkor85ZrPyuoCjs9RZHwH6B2OughAxNsgcUJUSfdAE7HXE88iTswr+/+eLTqeFrq6LSmi8k0t6xroS/6OvZ6KLyBccrUhIkrcQD0TP8NjrKr9Tvr4Oq2DpAf+G3+KueonGO4Q7FsVjAq5fO1X+9tGq03GE7pNb0N2/GslaED6FE/16vPSuA/DiMj/ae+RB/P6aSL+ST/WTolCSAaR6bVE2fhh8NuOcBb/QJIouuW9cwL3TQKnG3R4hbUDYkIoauYu23G+1kCXiG4TLA4mAIKQlO23BbFIaZvNV+V7bgfX89sajOXT9YK9ccloNfFu0mIK7QnApMO4sheiQXPR6Xd1yAKtnZD28SqG3fc1G4VLrJF9IL/ZXCTiBNQ4t9Z4O9qMKUZWR4WroPSbtdmuyKIGXUBfQDncxYyHD2pk9ATI0poCdN3DNyUAKePARN5qNBxSYAY9Krv3MNfuxL2t3yN9kvYujdf3sofoNm4LK6Iw1/MbxpKwg/4hCWpuYF4sne1xJSWqO/50yzKyvpYGqmyFOIIrIMDmA3MSWvuEZHuKX1BT2rvADWapeGyiM27XXSYTi3iHSyZyHsVCWDt4KmdW9FNLUVfRvy8v0AyI91MfvGpiuOrIyO2cnne0tSukOEzQDLXHqmlZRMeKDZkAIQgU770D3nWBgb2BJgWOtK8CB6KT479bBtYGKEX3WR+2FKIXEr46GtSFtV8hcOp2nXkRK40F/g5EU51LcPAdnEm1+9/7uUtWcfRzhLZid20AT3tj13r3retjkDqviLvee+9rPzbPJAOh4a0ujGzhHnugdOr4+AO5bB+1zZ3V/reyUdjzbh4gmoRcQdfknrWb96Fwi77kg2BRABM5VlNDCa/rCpnB0ccoUm5A5eiePlnzs3AqHew1tAHbL0yuoMBIpnWMypuH5fCfQO0di2tJNttlV3+qAxIAnfESDalFHlBvHgoK9WM1h8GPaXRg5ujvbUWOhAJIzl3iQPOuUEp8i0nxPSuQNAgllF1sJY5U3RHpF30ieDIkD5wPh3NEL4iociirmJxQcisD5YddFQlFspz8UlN7rB9gNc17Tnpz7SE9nv5J9fXEBV2QefSia4vmVvgOZztmJYYBfJ5BtPzUPZi/jP1zQFu4IUPEsUrvCpCgsJD27EtYdH4bMi9NCSIt6KqpWfjOxw3JX3mDMxOUkJMCpGJhIk9s6X+XFyZhUw7cRhGNaB5d6LNnjA7K0ea0tfysS22VAghGCaBmYQI5KGo2Se527yqPZtM8uG3QWK90yCzBRZKFpcXZ49WPsii4+Omo6yzWaTs/Djhf0Hsu1+NmnRgPO/0LwI85qdW0GLdmVsGsEo1W5VIOMNiJ6CLHsOfJ8IirpAfRRKI6cxRGfik/TPFgfQLtY20xF18lpFoBnqukm5C688CGrpkLAhwxq46Y63e2UmPWVatIlX/PFhxC8OLx0JvS3Mq7NoaEgRTJ0APXBWmDjnqgC/viJo3emZ5QZaYX18eg6aDofbgyfe2KJrpDiQyPWQKN3Az7+jGQqoa36//wVDjoERGi2apcf2BtvuOzDNE7lU2aSwu3mCqrhi0jGQ+ttMMqPix1/j7WGDRTJtS80IUZ3K603y1/tLi5dUGF3iQxjaPwzHr/LwrunIw8WtiG3e5+k8ufNjji8AgmDtA3al6Ht6ebC288bOnIZ219WIuUhR7dEuc3dTfoiuvotfixpZe/5QxL553Mrf+m3S0qqLP3Km5LG1a0eladLcHTMhTXibeV7HklYwgo7tkIjvtCaJ0Iybcixsr2cjTcMdA/fvq2p6JME2iWBpt0W5HenBtXZkH+mcJynwiTSxaCw55Pedft4+3EDbr2Msq9C0mvEHCNooEFJ8pM3ysMobDN8pF8ouaEtukL2CfOrL2KPDk2sPfU4YqdC47jQVVNt/qyjrQcy+/5rnzmgwyacpiZ18tN6A4TVw9fBiHKuL0W2/831tSX0FHx6RyFc5Fha10ySIIvkWDbM0baiTHZtfBL+2XxRWEBI62WVCYiK2IIZhyHzfTcZHGcOxLUZEapwKswhmI2efyvv3iJa8byDiNeMQBCJL7EDHDbAZRO530uOzOjSRjMyBlfsBm+QK1mLr+9fsUQ2vNZcjafnY4DxYjjdSeB0aYN+6td7mzhyMIc/Nx+cfRNvUe9mmx2DIuBRHwGaEDrs6KKcdy/nVC0ItluurtcxHmn4FScCHUl1Vj+VgJ4djAAHaMnVTpVLSnNsgtgHuUSFQdA9RL7oLmkKCB6GV1mR9EW89+THtk/owF/AJk/ohTSdiMGrlcHxasZfce8Eefei8exeNnlwXyGIJav4qTRs40aBTx4a8uzKNyVuPIhUHotjGaPKAsj9jyXwZ3QykUMzmsUkfeURP+UN9P+b8cOn2DkPkwezvftFnduJabiDR0EOeXRMgFX4YJICwx9Q0IrLTlJeA0G/FifMbVV91fXxK4/zREq6sCr74Do3lXGACDf7iHmYP/+m5Mq79gNevF3YT/thQkfzWG1Sep9QT6yIHyEZbjQKWKHxUaltUn/VkBmWbZrp+0GLgOOGxubNFF9qeTsqSus9b3NqDPN5d6cwlKukUCBqnIfpFpZR7EN3BlQKaBjQDbym2gFQCF6LQm/UI1Mjm+H6+KLs0MsTRNygn8L13L2No3OQJ66+gNlXWZ9NY+iZkjNZpU98gruilKpJYPhh88qUHEa02cPtfg3RDrEDbZmmvT3q8ElfZgyXxCFaJ9gpUkJhlVhBOoLNZT/h56pew040/xC04360mDdxy8Rx/WC+C78xk2x6skyw4XyzD0vJjMDbYxviVQY0f2acieUWgXlp9fTylDXuQIimwpOK3Ej75/hPPZ4QJBbEA4xp3XU2rfVHEH4bOBcOlyGZWDMmTs4k7i7KV7l789TD66BALOYV/C8At4Udin+8V+YED4YpxMdyw6BB8jEHUQmxZjbn2DtogAfkAjItVr0aofeZL1DfGmwmG3mIKDPtrOswHuCnLCJpexJ4Fv44zWQ19h3+3RB6tIOriul+vULkTOkLG+eP6Zfbo7vPkK3wHlD0qakI1xvRKWPTV+F91x14Cg8s5wQyTviuk5YSzHOJ9TzmsPZFoWkD3Rt5ot7Gb8ZbWHTBBRa2wTdTEPlv7CqWHGLg+ZTK0mygKavOn6KTTrSOFdT9Mc5op8kt7db8pGP/gSSQorxsacDLzV/3MskKJHwvGFCapYN8Xzp2K+Abq17BSE0+r0+fT48FTDK9oA5QNtl4BWAjhUG+it17cFf2qhx/eoMJr9N7wBYBkdoY8pGljG2n7C6DT6IWlSCCJ26Xi9FQkv1K6YJcRBFhoNMqlqGW0AjdDCpWEZaPKh9A1LA3hxscjQ1vWxwQnP4Pq0MTjyUXCmugA7q6SAtOrRIqYBhdEHIu/LtEiu40TgUQ6btPTeRu/ZrsFn0Gh6xGzvyO5W48kPc3pZ/yisreerR7KvPap1zcHoYCNIG8NQ3YUP7MAW/FLm4nwKG+r9qrtIViGkmD8QbEyTw8K+l6z5uEovdDzl5DAKipLRvp+LBMhPdqs0LbuT8h7bfFd3pCFAABd/1C/LlevJ1tdxt8UBgewD1ufDj1jIK/npgOLyhePPX9+T9FESPgLuuHfkJDvY20eD0VQCEb+YjkE8GpWHSBkDkTWaOgTlZ9DCTKiML22NobJA+iybvyMtoJkO9PHZqt4nGQn1vUs3y2NWdj3rd/X51bKY0AJ4+DpUaNH/PqhxZIOcNsAetYiQOxo2hSMDsMYvMWymSfW1yMLwNtfaqEHsGSv0KMKFaTU+Xzan5lOWjtN74+mac5k6oo1RVTframDCwXaU/kYrfivGHz3llEHdDWiP/E1km26zuy2Tvov+pH6J/YyjXBtKBcl7IiTDFGNxpfU2D2whMn3hXjIgARsb8xOOsIMCLGrtBHfsYEhBDApaMRaVE7NQeuN6TDFOf7ms2Qs7WCDV+9uWhASjz+mzZxBQqoAxuC1BDvUbo8rfBqQB26DYu1D395QSyIRm2YJiDmuOxKSZPYgtM6znYbMv0gPux6dWQ9/iEB0VvsyL7sIrikflEV2wwwZ2WVetu1BzfcnjlKVnqyOeBw+W1/k4Ls5tMO0ieDDP5O1wC02oj7Z800o5/uXACOJTICDC2pB0Z8FckzglMxXus1zHgn27Gt54m9TU+gjlPWhy6c7x8KfWSvoIop48C5LnyfV8Z55sU7GuK5HCFNt5ntwZpFYgBAr+CY35rPc1oe1wjDk8xM/0jETtkb3iPZCXwLWl8brMS/cDwuc4qvoSr+9uw4CespX21TWxMql/p9XTbB5esNFz44iBg0VFg77jB0kS5geyHK1WWTc+Cqu/jzHdfWaRaj6tw72OHh5baC+RpbeXEwLhEeFb6RMhGO62VrQ0nKL0rURjtV3ZQNnnrzXGda7HtgZy4bgwoMR+BX+uiwh4QH2wGfmKO6HDiL3t4VjbzoQ9mKMrwDZvJQqcdj38lCzd4FO1vsl4OChlsFcDMkO/9Qf75WLEFzEwqJASif+wnehBupOzEhc1lGQ15CzHpfvRDCpSkw8Gsc1gyUxvAZmzLCjQ7WP2syRryujv2EFhL7RRzcGLtbAUufHCfw6PuLLQbck9iji47VLPW5kNqHQw3ewlG1EgFuAFRNCp5CkZgvsRM++uCyfgHy8/nIzksVLD/edbQoL6nyf1uoh3SAWW5q1Bx6CaHTUSx53nyvEvQXsc1f3fr6HWRzbTwuqVNmpPMSsyE1c4/Ot2Ejf7hsHzBoKIvglZRRSUCvPfMpN30f0Qagl1dZdg7ZUL/rJbiDedwN0wn405Ub0z7IvMpkD+wfZCYlS1/xmgUshlWkwds/uUXwkTi1yAgOKqVXtzeJ4DzuIZggNzSCwK+KZ4zh35nMrzn8Qo0eDz0WleHGPUGoA3t2t00dO38ELDKA49YEjsDwEgf2yMZP8CwcWzpFTNZfHju9SGlk09D53mATpNT3Tm4dnjmIAHJvjjvDI2tEpg5goMOdEN9iQ7ziPN0G9d4BDrntj9VrGP9ZBj2lS95k/g36BLMvOffru6vOSz1GPSvUS4JdLPTz0rwr4QW5a6zwwM9EXZbp8aJ3GEP9iuWUfeZHnmr5KBjmgCd/TkmvQoOpsj/MzDVdmrEDgY0zQPLPRbFOJh8iGJ1TJB5WtHNJbO58S0/mPOnFTHRFLknk+iNCxL2IrUDr7CJrke3vGsO7akC2dMfPUJ+LWTp+QxNaxV0biYGDRfzBntVG6IYefnnozVL3SloK6MUDet0o7FZv8poeX3aWSkaRqXndrFWLX3gvsm5AQHNMLZHbY7rFQeM8Iv4LOcZ+yNMPfY8WTAQh1wjSIWL2QZbRhQbATSydyRbwd2v/Vi4++jxUWfss52/AP7kt6/PZECYUWim7bdJlyQ76oFwi1uGhMm9r2RTilUzCILPEQAQ6nt6ew93Mb9ZFErDM5fkmv7Rb3FcaRZbqdlRBRTJFF69qnN7InL7uFcp1uztR7sfAvfjEGOSw+riIEmJcs+MfCnaC8Gn5LwQ6CGxLzvjUCUA69m6yPsarvVLuT3BHqwcHal6JkFtES9Or3Lj7F5vV+XCXugVTd+ZM6GSi2GgnhrC4I9liCzqvrGCz/AXqSGxFGSmEQmO2p+KhmWXfcdycGpoH24WMbWHTirNPFZf35O1qKheIUHo+aCFHGuQtZUgGflfivplbPLnkJp0qKFkdbR/5XWRvl2z3y2EDiG4iyFjzvH6cWT8B1y8ilQ1kSIZ2GwahVLB0HvJVUmaHGZN+J8Iel9j5LgXUCE30KHo9/VbQ2TOyi53VTcX3ePHtYRbFZxipyRB+Bca1szO3eeMdU/hbkyBBK2m+cJDoTamax6GV/6SsfkFeEZ2kNzAmOY2WxvWrxMKnSaSHyDBcmmBb/dG1khTUr4i/A/fRDtre41z5uDozwacP0w1lVRizeuAPahNi3ye+/VxOqOm2rRywyWQy0asd9KSnL4VhgkDHYR6NY19MGAMQgzr5AipLbwf6IypksFpQ+kBZUs7PrBJzjaGJoo/KHUOpEdeyE8BvTX9be6lU748nd1N5lOba/5EDcu+kU1jUIHFTGG/2ueOrGrTyv+Yu2dm8lrvfxsj4vPQKptA7RhQ9djmrxSNOXIUyDQAZgvIJX8YkAkktboiB5MQa9nQG8GpCfaT1+pRNUPKyBBJ0AYteAlPJ3+E0REakvWypvJ60eERrply6jSMHW88Ynh+t4j1IAwORLh7nPe7D2PBJoAOVHtHF/JVh8ZYGH/RBX3CiFyCbZ0WiP+8mSut7k5JAh2WKq7ZEdy+LZycVa+ZFUCfN0X5OQndug0yMfn4o2m/c1WV1vNGKuE5XkHrA06hHyyRGabDLgwzn9skbiUuhAaokS3wQ60KESweC9IzNncOAiUWxCFDzR4FbJCzKFo9B4wJj74/I5jE8iD974jNwf93zwEfEeEORbqbrDAuQ5496D951IkgRAlqb+c/OlKAythtQwlyrbF9aaTsbIxtCMjw5pE13HyCBIK+/xzyb6r8hBDyzVEvDxhJjgNUTgFr8wh1bSPeVMDi2eDfgMU6a/JiHZJDi8P6DqsyfZ4wCjaXBrnpNQxqC2b3HkspyU7LglnoOTTQua1eGG/ALRgaD21fWIC0fMIk36+rJN1LVyVTN2youGX/d7Pc24/y2BtZbeSg5dCR5QNfNl9cllPDSzWFxVdffLvO0iwYCRi5mFJtq6Su5D4JgPXO5uYis57R9rq90v9DHsxgK/i3tnBguz9QUQZgcuL3t61gYCMPJWWcKZrzASmAgirw6k2g2AHH5ayPt6AETKyKwmU76X3m6YI471gBhUK6QyYvLVf9xi+H50foPeH33P8VQqY2HW4IiSCQ5DibuYCSvaHj057x2/r0Uw+4bWcpQyjsdptNGP2YPO9zsODxkObrUv6UXXcKDCu3HR+5ujoS7FznTMiuVwElRoGjFxdO/ZCSd4TxncQPXDnhCJsV6/m0HifAEYjmPgMKMdoO0vGFMMts6hX467uFIhbr5JhpmsHAZnZGCaHAr+wDiPBw8d69zVAMp/c1ueFWwquf/KUXXtewjWhPoDhTmiTE5x5cwYxciXnHAqMFPl25CxRUeLd4yWocDq9S79AtT3bVrOttsYcmWwwaYW7eJXbfUYomFmQmyo+3CADOI/BakgyGShV3HCM60CuNLZLULLfKcpDy6gvqUVLwoyDtFygyJya1wfGt7DhFMYtYYfM5H/oQk4T6CMTPG5qxx0Er8G7b66xkiqlZ7jK5kww2wvRibKfTrXhatv6EOxr/LMfqOogYtMQLnDg8qRJA/09kWTxZ0EKOmyOZZPfTujXIN0ZJiTpEF9Ks1uXWWIy0BJ/bLf0deh6dChjoI1ZBO5qoJv4QKpUF/RyZA3u8mer4eP85oUQ4kw/4ssj7QzUNUdZ4LGzLPHqyhJY2EpY4xNar8GWn58LFyT+JnEzhHFVgyTpYj5EPogXkE2AOQn8uCJXf7FElqkphWmfpXveQfqp6j4Er8F1+djvAW+pqz7uIHICwhPZR3ePnDT9vZHOHKuQ5qu3UQMDPn5LuiLKggDhGl9eeL35bHkopnXDCb3j16Mj1WTIyGeaxBcR/wjnX/hU8V2Po1+h3rCfyLUhAXUG1CsI0rDfM+6ImWym1lY9Lacg3uHr4+0UbS1tqQ3L3XCYUmt9fTvpoJdiiTmZ+Uc2Jy4Ccxoh9b0XRk2ui35TPTq2Bh3mCDEbgF/4TdlOA3wwyFd28YnynVaZlhZi7bONXTT9NF4Cc7hPmcrU9I/6r1w2jbC5XILKQ0nPwj22O8Hq6BJ8XCokTAjllCNx753BBgepoWTcOHJyqFe6HpBD6FiGuWo7VNg1Ac8yi+VatQ18G3aBtNHk8nNGestcNnsi1LwGpjkOYqDUSD0L9LvAKB8hc7OKqvRbQKaYVV+/OrgAvDOO8f9oojY1lmvL76gNpxncoib9HyDzAOKwZDA8W57Vw9pC4eKEC8BkEIa5oyQabYFtjwYfvdhNHYSkzbQvvK/YsjAQsvoVeSzfRuoqTyckSUTbCVwX3g5wE2rMfZd1s5iyL0HIjCZfe9mxUnTdgPe9hrl6W/K4zRcQb+0eZvbw+/ZzLSGEOtBkiGslC082+2EoH94Q8re14JVEqnlOXHwFDH/XBKYqJ4FylHbr2eL4AsiaczuyC/9potyfrjcpufYTesZ2BddN5nWTK5znJWHCbR740ilwuSttaZhvA2PRXaiGs4+NvI+KF6YCDqjxDlmciI1vnrarCdMdMUDCIomZeydTjxuUB6k0XV8zf+Tt5gBovCwx5M43THfKAWawq6qeXxbAEYE2Zv5KxySTUZ71+GwFwTzqMf+m0rMpgbjKRxq2wQmAQWEH4vwQj7Aw7gwbcWgUuGOXxrBj9lsc7L6HMJ8XfHHN5qAQt9Im7iIASceQWm+Y/8GcBQg+f5OS8svE6pus9k1MzqUXl25CxJAk5JdWssdiIH52cJLYrjuAeQz+5vQMGYj+SCtAJIoUOxQPMaJQcY5Li02qN5VCa2D9S5/uYZrC36zK39xA5CEimQRAG/tF0NpbvijkJX4V88lAK5z/ds3+ki48FBu/NYPjHHjei866IFzzz9EVs28pYcdRuOVuOq4nXMxQBac9pyhVINphEZF1IIjNUeLaMueY2OXBC8MR73aMCYsaXz7INdJW69cf1B8Q9DqeIMrUy4vhysi3prfqdvatPdN6LLvyV7mOE3xz+vske2DZLGWB9hoPDZTMD1sitvdJjkI4waSfJiCC9yuvibbnwcFIbsIqvAD1MOI8Oq94feLF6JcYhSW0kRgWmd7bybh4ygeB7ZUZ7+mPPxiudFd8uivpBCkICbMOQ9QLYImIIJyH9XeofkwLQ7LtsrEtAvRvvhMYy/7/buqy9BZ8sKw9STBlPGjuUojmo1kICrnAtKVO/RPkqJ+eFDq657M8lxlN81TGzIYR+Xe6ta/XsEeB77FgZicV4lgnt/C28htwkfH1Rzn55yJPXzLaWn7wb/Sm+F9dr/Ryux+sl7tcvVPZ6649qlpIX5/fBjOBvGQBg9Linhw/K7m6pCeD9u8302QYqiyTCyQeFBqU5dl9pVO3j0pGWrtoa5JVXHcSiAC8ttLmFi9HVglVs/MvRWkguhPSfGy2kzeLtFb+dZlSL9yxjSY53t/1aeGf4wzKPAX3k70Z6MaankPclAkv74HzBaeI8rWz9vvct2QgfSNb9XCXrhYtZFCTJNJCS/PnR4AadvHetXb/N0wFBbcbNjvMZwwlH8MmZnIwpqsppeCWiiGMZhA+SS2PUo7ds48ZkaGjVfLoqYDFi82rhWumYMyEK9zghhtQubTOh2dn5rjVYDNDs/rROn90Rnpvb4XGHZeRwlszbOQGOy436oIfnK89J2nfm/FRL4lQcVbEWBO6qFpIghjWqKPpZNXd5RzfC7+NZXXCtGhUIbYFp62+9KdeAexYOx7HiNdu2b6y/Hr/GMi8uAiqdtaMTdM0QfUYEf5u9+g6ckcTvBaJ17Ny1xCZ4qbRgMtFik3BBO2/fYcK5vNlmVhOFS6S/BDxn43kSwaX7JX7dff2X9BpS1WZ/WbB+UOn5RC4MdOA1Qll1j25U9yvy308TGMIqeAumYEevs+cQzQF3zZ55DfoEKKjXMoDHDTPRdZaFWhJ+tU/qSvOcV/bY6TbGwDEt+ARVthtmHKTAh1KyPEMEAELAHN+z76oed+oIPtX6bjcZT2BhXeWrS5rAXS23R/M9ffVzvCUziC3BfDNA+O/atDF7sjfUfokX0f6VGsvbrpIT6MyFzMP5QeH6xi8Du9X/IiZOfCICsR9lOIPH4Yq0KQRTrdTikG7k4q/4FDqzdoGlV/PoU/1iCa9Iup4g3MFVCrbXxTf8/q54BKeERrqh432LgLJmmDFTVkBjlvJTBmZ5dVZGBU2vFBXsyK6nCzZEkcWPRKxraseQgVXmgpN6Lm+fBVTgciPEy6jwMQ7tg4VTvQzuNjDXm3gWoogP6TSeAqPDH/0JZsJI7WpcTMP0wjHjrjMbp13Voq9oUeFeV9H02UVimsJhDVe+jKOpHEx+qn09KPOvE1osAGpcTkFPUkNQ7qyRLU1kTNIu1TsTt35E17m//ib0Qf442SexHrwF7v0F3vrQcGjaADsw9NDgoW90KJZob56tqBF3m0qxGMidwrYlu+q2pokV7VROL5b/rR5IlQ45rtE/f7wduA7AsdnnHHmQANNL0xJvmc91h+DV5TsuarHm8MbWHB0vPMq6IPHaN8OB8eFUHODyWIZ/aAV5Hh52CCZb35Bg9q6jgFHQr1b6qKZ+mTyYYGMCk6baXz+qKLFQe3NRi55jHOCuqzWLnbtOmtx/UJqi1X6whwHUa+1hcmUKD/D5nlQC/isc2zbCOltCpSZwJY+zgI0gJvRHWTAr/UaEm0XaRdB8AyfJJ+4wXDoXnIOOmgYjE33IMKDXZMfFiQjMCjcNB0KTYD8Ncz/ekV5LB/DQXc5r71/6ujALbpd8XK83MDe0v8Davxc5m84JH67OX7Qo++zt1AU+I+yx9oPAH12pdrZnpl6OwjH9+bqr+VbaMSsKMZGD8ktgh7js+GB8n14dge1mH133eNt58ugIJUN/s1byj8iuCrb3LgfoxB7cI6pyVohTEK304VwRQXuOkpTg3XQiBcseWqA64KRBghfmJFrpi42tZnRe32BxtdbDtpM1FOWP8BU+Bc1IA5EtTQLIGRSC7fSpk0fGLY2kbXQ/YgIj5Rwj5/TwUS+h5C0GEFbHhF7BVyKMEASRO0gO1n54atL17Omc0GDGG1xKKYqilsP1aE1h4pCU1yh5OnjFDRWmlY5AMAjpfcfHQYIHEcfj7DS/0vrd9LCWC3YN+0x7qgMTbc9XLXssvrrKpiQQPREf8bAKDmCfbxdDHwYOMLpcakRGNziyt19nAAOXkifCME+GH6xLMgtS05a3GRedRXwmece1hfQ43Zx42yvJYJbKH4TxU9+5jP8abMshtPbEdd79ZdHLC0ud22+e1VlYfn0fMvvUxNtYQX9RbOrF8xPeKAepYaX3YDZESW98eo1hxXH1omor8p/cQdY4sfwVZKhs3zS5uZYjiTXlcagi7oGrg/hX1AAplQwoMrlQj/Etg2DPgOANQKqtjPhwFW64QdwwMIPRYvVH5DMERk6pV/0fWZOb65etmWXtiWxrPtbE2HFlqndp9J5fmWZw++gLVMgFlhVt4494XjrzyfcC5KLyEQZv4QL0tBIYfdE1OkHMRsHsIdv0npmFU0nh7okEl0uoZ0XCVLrVXHgQ/4j7C5j7YFAQGiXfvwsC2LK5R8AL5QTXDvpVnnV/rdN/XYNZfTeeFhbROWL2M8JRnJVfhJEGXTwhqjE2N4pziolqlO2S3ADVNE4qBCsykKoFgAoVdX/Js7Jr8eZGGRKrC/gxtXDrwYr3Q1z428QKCfTuwkT7twbYshDV6B+lrhFW44kKk9hA9TCVTpo5866H0esf9mTWOPNJRKgA/Suk1vCv7WVR5M32WiEKU/ILXvJuQrtUWjZkRtFY41OkjH5tqv/zjKiW4oqXaukofrmv01vKVOcZOsU+Bakn47UFsp4bYbVIYHlk3KrYN9/F3FQ9+fKK44/4d172m51+d8BeZ8a56E9k692dIDc+UqcoN+PlQ4W+utn2XQr9ZZwbMwIItnirkP3kfjKMVDQuDb3xBgudFBzYcSh8N7k3xZcYaK1WfnHrOEbfrl5kvlPpLic2/tLPvVBLI1DLSnW+JKv+u/til9ndZcEOP9qQ4IXwJpu3Vk/AXbXdg1oHdKdqHJPsiNy4ALs8XXCz6QAKRrJyH/QpkEG2gAN2obYjUC9rP5meIR2QLd15zxk9xyw/0Vp0wqrDkz9WWYYc0J6rEm3O4pzIOT046XhaaY4kusl9TJ4gDdSKgaTySyAJiusGx/zAE/lr63ZZoPFUF3y1zhyaYI0RYLwWDJTPMaSk0KpHSyd2ES9L2CigJnLpqEUxhuBN+8NwM4IaaKzgHeQDTGUn94FVu37gyXj+6+ADnEMmi1WOkNbnpcnG+ZgPlvGlfAUfAVX/0PX/FMyT5sjhYze86D7wZCLsavFlDKVeFOki7NZq4AtTIp7+KJ97vZRxW+jxADLC9GywNogqTQVaAFBPMr2RfxjElDKy754kofH8Z8l4+7BuzZP1b8lrecT8Ypi1i8URNAX3Qc8l/9q/a+LrDqakCK5sHJD6YOHEKve847FZIH1py271B60IYkTQVfx4uGTBPmL6M99VJ6qT0QWNYrriapnwOdE0ywqQuXH6wYbmA3TuLFRDchv5j/lB8yB00P8hHxM0GRBNpYREQHyXl7NCMwFitwDvsOtl60blT4db8aA4/iJVO7+JdGbhJUnefviW89oXxMqPBIumh3Zvo2fGIM7Meuo8XJ8BP87CWUqqNFf8lAZF+czFSczHUfNwgLbZnpBwjcIOBQFVyUrsiclLn4IOUyY8E6GsORQCtfPT7gLagDnmwfHoL0A6YXRDiIpsUIZsQvoNMwRfudR7t+3xNPNLu/J4mduuFg5kD/GVZGt71tY35X7B1fTpZLW8Ir/fVw4u1OOm9hr7fOYRTpi2b+93m20zGcVGaTbxy3kPY3Or5frOmfpVxWjFx2JmKtHV3Rz2eVjUvpPckEn/19VqiQELdpOix0EmT2E/9QZYHQUDPMtzf7rPxZ/RWQcb5PBj6GDLWYwwYW54im/fd8vpM/N6eBTzaYWhcPHxTAnz//RTy4/uWhPM8HTVOXf//eaLTXwqVm+Z/1/9Uss9pn3vhj0rPr/fz577ZdJy6INYkuIwwfkqzwm2YJQuV8W5KYQXDF+voQw3eeYmqhuEd9ioFK47OzHwGcHqr11Qnd6Ttdx39glfVdRhZii5x2i9FD59VwTCIIPKcwdMww3+xVMkwii7zNMvTEsF+N+zKmI4OKfkbrePbLct8jNGVxNxlGafhzZDgWik2ZXUzzIzc8PDCcCD3fxS6lq8kC//CvlwC9BZb9lD64RhcJPy9BeEvslyl9+tG0zjReDSNL1siUr5Nljso0/JKRA2tgmNfFmlBpGnHJhI45mIJwsSFUMnxUPuswh/QlcGwCMQz3cP/YZMrsv+/033f67zv9f3gnJSBYFHvIaHmU5fN5HsvSa05ciOTu51lsx4FnRTi4xd4UBXf8mwp0XQfL1OB+CHa2DkSCdBn7TW7DlfSBVTUIBRkrhKHH540gNLlL1Gdkeqvvyz2ZOI7TVqje3OAImbAzMXJgN2fA8Hpfk6JsmEp8fU8UlKZnDfFqhO5mD7JqMYHSXQchXSyhA58Yvl8HZBZF7ftZ/CRdfnb5PTpZRTp3Ot1jCiIN3/bgnndHfMDTz61V4X4ttCuRGuGXpWWHdDje2BAL5fm9atIguOKGni+61hN/GBue1RW5fTHtJBgVzICxP483SWhJux21exc32ripdBrTMVaz2GCE82yORBGHUBbbR633Bb2zIy0eFMPuZMZoDJekJJNmE65nA0YuEeeAYRjs75sgdFVfpCUu5WA26Qjinp+dHRgf9HrTtIlSyoAj/Z1mYVJLC0gNvUo2Hrzwd1/THoCRR96dsda5Sz3VXZLBzer+8K7bf7trMyWVOlINC5PsfoaMP9QdRhcwRdq4a3zQCqVaRrVNNwL9L8btbSFNg5uIWOIakAQlf9cBi7ui904mgM2fpfXjXs1UvtL+Ny2luGfm/XBxcGsJPGS4v/cEVNe5RjvoqR7zYTPi9OE3AtQ45lg2E/pbJ9/ZVvi/W9d3hq6aOXsYuTIzfy51UvHGv/P3s5kh2BHeZJqvNFzcBx1tpKp36MHrMNWQ9UBMquHCEElNB1PKdogzWGEdWQOiAHNH4h5f52KekBIFujnOiRHvGcPqFf30E81BEfY1BBABcnayU/sgoUAahC8ZBRbDPGdTOAt+G6xLr+RtvygvJF7KLRvHo3CuKWX37pjZJLZKRlEDbWVfamyZ7M1Sswh27mUwyB19+U7NWs3gpld2gEK2sWQTp4d0d+qHmDFgfPSEnBBl8TKolBEVJiiCYO26/vMr26Q9lUgvNzs55GsAXvjdPNhHD/UwDp8RRR6lEBjdRb1A4TzQ6DVoaaT41erxZIgFlP6otvklaOx3B/p/8g+OodZswijPG9e2WIe5tbMGbfYjZlpRu8FEhl60CwSPw0OiHt3qobKHYLzWP5YP5ycdetcN4njLBxZbbb6X1FpL3819XAONWiLRMwpT/XpwZhIE7tKeEXt677SFB7faHHidMHr3pVePd/uLwzdKxWdt746VQsIA5zlNOhNF88yRPQMHxRcXMnRFt5t8HRDtV8YvMLbKih8kWgi8+MgLmoBw3d7T7wRr+05Kzl9ti0nfr4s7YRUnFOPz6KOORwLJFnK4+tW7J2Fm7ABY3at9HSpEMGYUBAKmK/8oFZIIQH2ugXmcBrwSG5AL3oQzkAIb8J3zgVjjWevHZ7Z2n6RoA8blVLgovAGvDRpUI+1DAcNA48LbeFMVSGud8ukI9/JxrnNQRuUbqMWnQs9X5qXF+2eZuAVbyNY+b5u25TsfOvJT8zkESZONG75Ro0qfgDvsS6X2aNqzi5f0oejGtonpqowujf7p6hCTM8eoDhu/tpg2jztova6S0jSkIxSGRBQbH65jSaGzOrtx9Crfawv6mJMBbuW1PSmSckvGXDLvjkVao+7uOJk529mTPjmeRitKCx2yP88Rv0YCSu/KqLbGKryXICbSe6XgbXWMqn0ki+NholgL9Y1HR6wRKwT8iNK83tEb9vnJxEAIMHZZ+WXzOGrTvRHXRmCWIFYNU+viL3BUG0gRmFsez/EnO4bfIKoa2VT5rZoEgXx7T9lleduxt8CY8te/um4f5xZJi/NZOVZ56QePqTk3WJN5vfVWU+gxaSGXRq+tuL6N6INC4B5z8J51PaTwYvRMimFQ4glFHQwb2n6y61rY/N7ZW805IIYt+R1+xLeqlIQ2qHjr03FDVRChcfrT3gdZ0SW2ZDV/QhE4SvCCtIvEAG/0WA43dr9HNH6uikSbW6QFDUS3tGREN8u3HL9qIxVH48EFgZQHrzSM443JZ6UZUMJWS+ublWFAQZuSRDqYQbdhI4Fw8qfLBMu77EAtOJBaUbDxW9eIbGHxXiNYVcEEFT5B+jhbUxJFHBeWQbWuKqM3NcxLwS2GZLK5JXq6Tn5/w+7YBgdj4PikwVoFkbMb1GQV85vjXRYjGN4e2sUkY4Wkmi36HHvhPao4KShRvVo31ytTEz052T0pgEYqyXy6KmfgB+NhLWb7C0tprDIll3DxWZV5gpBIWffvCZ9NnJvIBK8I0aYsNhdlPvURXHvTv+aSFxrjtdbu/hiyhIu1bCr6HSJGCemslKe97asTCSffxPmXqR2j73wOjNp3Pow4sQ+aEvQCvn3kaqydI0wpjMGNCVuuJX2kjQaa3eIW3mpq7HAojOo5C7aDJjOiwMXI57XRaQmE+UMfEeUvYLXe0YZK3zyS2dSV9ESbmWJ4cJq2EGoiOKko1Dca1UnDZJMBjkvBaglkRV/eZUzbS5t5Ib+5IoRZUKr2ck6MdCrxBgIveM1HC2WVof63uOtYllRbrl+j6Qu8GULhofB+hi28hwK+Xuw6V0+K0Fzq7uiIwykoYOfOXCvtSgmrJwR+Dj7DLzUPg7wegeb0qjgFTq3E7ozy7Fwvm0KHufcKl0JtEP4J4YFsV4rfc+BBSYXq5nzQC2Tr53RIHYdEpogIB8VEz8nde7cly8q3VOtVzPggBGRizsjuVy6NDrIMfPqqS7s95klwK+Gz2ZXrfdxGjExYmRyYk90D/7oCKT/stpSnowbQbIbR2LD2rUJ3CX4b6+RZzUvtgEGnzgb0EBR0hkZ+c9aF40CsIIsZKfGdpgxBLndem8N7pU68jBrCrIdZLq6XNhD5XswdghcRBTPAz+jweTQQg0K4x1f96HJVsHW/7UExv8g9uc6l4uHtlzUzrzH2KiJk4lna3I7eZZZ+vZJZTvD6N1rmfX02Ex19hAOhbNhCCbmAY46g+iPYk9B/m+/5ZD6tHysZXTLahOu5fVy/p2jEUdwDddD4ZoFU5tQ/0HAf5lQtQsni7MyKqy/ed/1YDXGfq5vEtlh8xQBibYF0qE7gi6ex0vQv097PJuuleLGRF/D7hjwZ2dO5imPGtlnq/VjncwBPooAn6Y6+8J20B/7OxjFRTnvWw00eKL/D7pZ9cZhFgRjQ3NDIiUrAPHHV9eJk8yKqTFftLuTDMh22tn1Tgw/Xh2PrDkfMve1/Su2QRzY6TKrUSQgVN7px5KYBWiJNrjnIWIw2sfIOXJQfomXqaUsxCT81sibygK95CvY0/JtMumGd9QDFiXVDiJJyk5byqMYlT5pZau/ucQuxVoJ52SQeU40cUEh2ag7TUf3WyruCKV+j7t/YCb8dSA+WePDyPjLdtWZp4TvcaQB/L6BAlHU8s2w3Rq7531sp80pTCoIln81FxvoclI/hMALZLD8rY1WmjNX73B0dl3SvAs6jkh/SYG4jEoQ6dBzkrkhC05vx+ABC1dxZPZQ9wYP1q3+wDVCSBVRBXkqFOfL60JT64YS0iBNC1E2+FHFBMw2jCfUhXenDDlMM9FIkLbl5Jz7GL5TPqOKcaqNeqWnfck2NEKqGfmfmbe3rDW5iIT6XopDYOqwsuIL1WeElFJj2HhuQ3pVAD5sNfbgJib416xcXMKCUQUWZnnvPavLIz/dUtL98u7Ler7EkMhda+X30hWg9ACiSIub5/gBKBThS2kUvg4enh48ElCU3MidoscguaWrMi/tup7ECyQgFKrOD340SzrZpBUpDAKHxO5feE5R9MZ5FapgCMoEf3slX27c4P7IFB6qOVAsntzdx6zAWJJ0i270ci5FHSr/0qGf1rFoomgRetsTqX6aQlVfAyGfix5OQhlC1RmlRgY9ewS+pBGzxlPz0bSjILUBkj6Flqpda/5L6JqK9FSPFtqVm0FNlvGT3wLghYSY+u6LT1n0XIqqY8Pgp8DHkGZDGf9SBaLx+zwGyvqZkhRUjjnAw+Z11vqzYlBHg7bQWCKdy29zfbShFD2zyfhloUo/6/gn5sYW7obn+YsSxQRUWzTjEY6J6fVPqsF6V3QO6UY8YnUfyHEvxQb6xbfgAERaO+RuQp7lBr6n+bb4A9+7Y3A/C2/zHGFLwyr0fdeLvmZS7QTD19pSCMUQ/vK5brC7iWs+iNtwlcZs0eBpXIFinF53wQqQFdHidfQpPsD39ZRo7hCnh7oPxHR5WS3K7BjV4tjkjX0ox1fi04A7vBiiRUWnVu6EXTLtPoL/ZsGE4y0Dfai1Sfcj1oPyVgzhQ3PJbEyiPA9HkilLFU9xtglJFxn9ATLL1f+Q13eQgILKDgmcrzIs3SlTRfvl8+YFB1NP+xfW2z7tsV69JHsqmwDMCS3DmrhusOZT4VSpLy5F6JvkW5BKVyBZbysF+Dk8RcxtMOxB2DKjFnZ6rRKKlqDcUQFP1muFcfaOCcgsDn1Tvh3gY6DFd4NZKh4Q2GBdMFBVpFVu++ErZW9FIdqKLprgtbi3R3hGayosDrpPbB+m/QiBEDtgsrFAIvJ/YuGES5d4vIMefAnmhLq6/DK3gKga7kl++k4AP8Xz0c7V3mbml1KzyMGmAi71qeFI4R0breYiznENmSuNYpFaRLncB+a+jZSYcMRUNfE9NBm6pmi0rOwfPPHjMj9rgUafg9OZAIgiomWJT5IKjULPuqwTrbR+4U4EgS2DA4JuRhgk4SgQtBC++GRbYFuZyyOtss37+lY1h7d4X5mL9hgHUvTkHvW3KyGPqO09TyCVmAiU1Z1Ho4XYuQEIeeOwN/eTcCX9OOWkNwQ69b/9GOqDiHR1hhrEsBCANCQsqW0aQ1goqe7Vhheb5QbsbDnItZqEezzX7Dh9cw/LWR444kcxXCu9EleJHPu15PocXVV2Fy021EOQadxs+vClOEhS6/Jfzu/1NUDUN6/QsuO3sCaiUDVGGbYc4W6ZimbFHKh1zAaIVJ54Bgti+CZhowJKSdWIu7YhyioZOyZPYsUytMAwy4Zk6xAZEFUzwzAuuhPplqEB0alNFMlfBEB6v5BFunJi03d5K49tPHTceGMG/GmbRR+C7WJL58B+VRDuDeXxbJggpgeNif1bFriiv/QzBdnMZBzKFgOMfJvfQnqQIppsoHzxq534MFdfSEQeeyt2hDCCf76/029RdaLQD0tY2a4mmzmy/CywPixEeM5I+T76nVkJQD0qOgmpNIe3E6q9aWZKLeoFQbI1fCcDbs1NTUchmWMutL+tx58H9pyVPukdvbsNqhmnGFbtHeorhrtKWCI78VBBufNSw6TCJ9WXTI6TsSMyi745zlaLLtnmB3Ra83vGxFrdjqPtDQLvu14uJMtl6K3pxT2I9gusJtFoRstFRypykILD1wopxbUFyw4WYR//5a8zMQBITtyJKLwnX4WfqIq40wSRr9Jjtz3Pe+Y0HfpAqknHoBZrD+EVvPlhpAdAseoJSPLmDshQaGafgfk3gsASpNA8eKzaIOWN4EMjjrtfG6A/5kmBfmb/3t61BQXXFHG84wiCYqH+S9rqYaePE1dPDx+aJfLsuW9O73IwjmCjCnTgxzHMx8gEK7zeMRdgFgt0uZoL6ZtADkc3VbJz3JuDNu3+seR/bdB6CqasQJnT8Ht9+En/NzWQ0BM9a81P7G5/qiHGSem1U+HsEobpHuXHEr2KBHd5pumNIrBncN/uosYWGOBfA+nlySui3Sz8X8yNnV2arnW1Bj3h9d6jpJsT5onBqvU32d2dQfBP7TBjRZ9BxYoRcAs679cYXBvs+N3QH5H7ovxwSLHmQFb4+sre6oHynAcq9/poyDVr8X5WIUhQPlHIfWQxUFdMAlSxR10ctsLg4bkJ0n8B20EP1QkgqLewPo2FDDws0nNu2NC8ppjNUAwX1b5rcIkpQMbpkrVQ4bwhu19jnhF0XcUiT7aLUyTmpHaDtppeeYv8mKUb9mL3eL3nR7hMX6KnajF93ARIndFFXSXATCOpq3ntdM6vp9fXLHz69udPhC7n0Dpxf8Zah9eR4HiJJZZGL/MqUxpM+Tk9RjotVpEcFtF3X9Fc3blJYmss6KAj9MrBB2rLVsuCIuzyGFU8t+80J2WY1IsYMKd33kqFDEVfbTgZ8rVPWR2t7dDGO3xBLUFFiKIbUhs382FliFZe4VEk1scrbU1ST3S5iuek1syFTPkPPJ0UCjz6df0g3yNB4lAkxJME2hdWlW1QjJB92UOm46mqn2/TPqAWjDdbShj0qG+1Jh0NzmgOJrhEMx9baCt1Lr3CB2lTlxwp3+aH3VI8V9qvyNcNcuvolAmXEtSbz0N9nzfACgbbTZoid291npdTthSSLvxuBqMbAl818GS2R8UOHweAVBSnPt6Cy9BbQfR/ISm6tITVwDpfCYRha3+EYfdEdPPfyfOGFRjS/2ed9aqGuzBWFcKk43wgMv1Ff17LAnhs3LZx6soxjDnT4OlnQ302QC4lJON+/KcFxr3qJqah97pVUMsIkzrRpqhdJG9zzGlsRt/OUjjaLP3HiIOITuU0L6oVvaBBhix/kJ9XX1iro9FFHu+GbrMP8wuDhvhH9TOgRyAZt0WXpLhh3pXSHkzEl1Rl3rZL71YtZjJwAYDPUyzLE9esRgqBVDoiMuqQhbUTPzAB/LgO0AHBicq/T3yg1fZDeLzVJi6PrrctCPILBiuweKHji3QBqnm+GLXzxpXmkBQu8/iv+1cAbFrZ2QIkpGkCfMAr06luZ7/YbtRL4GfrIv8Pc19t/PhgZR7/CIaU8u28P6k93e4ap4p5mmsvzhrzZb+qCfNbe0aHY5HXpkzI1sSRYWxDiODbwcw+/+8upq3zs+NBVvxRRoXk0wRuitWR7I1phP6s0mCCbG5+eaw01X+FiNCLDuEwS8H01Y4uNRpC9jzwmPgGOY/JBqt8vF8lDsM9AAWp/kHNaVHOxrFyTilc98VsjtM+25uF3QHEMU/VDN9GAeV/FI5Gz5fXZLOyFoWhYetfh5XQk1LIpdSL4g82zLCFxtcLV+XPCIDeXFZ+LCfy6UUo9mCHmtq/ePYUEIn3az/7uoMFBgb4wjImrRu+Oekhg/MhBN7SkuuJyFeQOjsNWucSDSSxnhEzk1xPUbsozDJJOg+Y8Y5PNh0Snn3fkEBhqZ0piVGmPay2hzgGBYVi3gVDAyAgzC5etHRYoz8dj+pvh8/XaPE/yQVWJQnpWRZY+C0NhqmPweKih4m8yg+uFs7gfn/43O+B0Nvg8p2df/grxq2e99VX/Ypj2cMHQ67jL8Jluy0Z43w1BPQ2gK7rIYkfIkgI2XZLa+WUKvlpTxv2kmCnYQS+/+kpfU6eumy4D5/raf7UF3tgHTJnhD5Rq6DjN1RgE89jBAoJgA2S7+mj4vOd8BoklmPjsWFbQc/WYcQhrp0g6e0qR0gAlxVbrQNbb9WZehUC6l+oGANza7XOtefpcS56tnku5a2Ev6kgS8fThKV1C2bdT9rf2LcgaysfueqSbDaZi+0CnCmzRdqHnpuHICH4ADomLMZXYDwIjIp9L/nrTNMy7bTQKf1fSPlOeOmtbOhHPXpgGivKRsPfSZahfGnxY2JD5tMko+0eUBD2A75HY9qSaBEW4t8p+IEoVpHG0LrdXWIzJFozwq97T/bemSY82tdD3WxIeaDL+cdN6zY+uvgR5QleWY3wWwG3y9/UFkCKwqg/KKfKATA6fdW0O9c3y4nWFq5bsfqfsWYUPAvrpXF1ZCyY9hrp2awGsGdMAEb43LnRfFz6MhZ0srnv4yJ2aYqvwZBtZr9E7f10MVMQNXsB5cT47fYtTIyY3jP9QjZH8Mjetg45AbmxMSl/oA6OnHCZxdlQbCyJEeC0xJfPadMDitgTvsU/jx1EvtcEyK0fw2LG12TSTMD8UZ0lwBPpbsqe9q+qDOQLuMv3ZKLG+J3FsHDDmsW5i4ngBLYpFB2QJMSp3i5YDJ8Q2mEFnSjaUcmr1nIu8pJ+ESj/RzdCHrqL6qTwwmIaoTnBvEKCMPLJ8ZFFfHmgfV9ab9NNf2LG3/XzIHBt4bG9PV0ChDquCTN860PA4woBxbOR3DjwQuXsflshrwiERvi6V3aMdEoY0etIzNYhQpRNfUziD2cL5MLkn4jt4oXvYayqyc2+sxZ77sdNfhQ0yVCiYfS3UCvCRGV9KyNb7EP7q670PxRfH7ynf4BySEO7bL6eu4XDoIdNgf8da/yaR00M9rnF+ZqR4VjSxixk4RFDBb36VY6zFGOOcz8W0xD62jvWDP2Y46CFKA5UUV7UHmpZinbna3Me+FqRPhqXB6/o3uvNeTZnl5m/RvshBkvhfO/4uSq0iT+z7MS1vGU9xycZFZQNeGjbpECPQZdiOQqCrib35kNsO6gwbWLOpFmCN1Nn2TkUHSWyjsSsee9OK3M9DSRRLc1evMlPRgq1jSzLn+LFMzZ+ZDNL7LcymvgE3D/yFruaRvpByuUt2A7fj7Jt6M7NglKuxzUpEWiFXl4+FUHKJQ838QQ+VBOB+STz7g8ft4/i1u19mGSOtrbZd6WY9Z4/RRzfEQDdUNGno1aan9IOB/CEwahGx34XzHd1wJbmr9P22ubOHa3cb/O5pUjqRPbzzOqi+b5ymuFhKD7uao47D7mERuhjMWxBeX6iHMf00PnTcEQjYCgnWgVsTTKcsKVhkNxjtPgtNBzO7ASD+c52CbgKassgVam0F+ZvfGWMaK5FJNyokzetv/ZHYhfSfnVbLSeCYyKGii5U55KOIEd2LSsOSjeyvJrCaFT2O8Zv6r258tvoXUfk0aXT9nRF02mhgl/CIQLtkkg/zwTaac0mPLfrGKRQDnelF+M7GUKLMGTHfhH6m0FvIo23fC9VIsfUuhNrKYEvzuqzRshpOYjStkWf7Nr9RC+f+8PEgvjLjJalL8gDWqc4r4L0jl/LXhJbV8PGM4DUpcfq5qmKcBUnJIOCw5MHn83y9sYjBWb1Nzpn8AK1tpHg7R+H/fS94f92imCTW9cO9Aittl7IeuQHm0HigsJzPvFFdj/kL15zqLrHJcfX4F+iRuvhX40NMxmKjDpdA/qixwD/9eVgA5c+dLCNtD+Em/tk31hhXhfucpzvA15RBCvzYu8eitLkj8Rn4/M9zM7zSqUv8dl1jB0xlbYaF1ii017caT4CiCVg47mcEI/Ftr1RoIQi8NOPu535BRhF+TzG2vWQSpSbOfW7ZO3jLqBTCW9ZsiS6wrx91L++ul3VBum/TCKY9Z1AwUV+miGbNB4qpmjFvqPeOcY9Q8Mlvf2CO8PqrTEOIvq+6mcVKybsV2yfnkluTjFp3SD+drt3u8MRB5frrZx00e/desPlqMWhyYvhZL8Yh3SZFn7NDGu8V1gWdl/oZQ4IKIpiOpm54UI664QfUd+SaHKE2f+PB7/s36jaJoq9OTZLQa3VN/HoQHfwpxSZFFN4KfoPcvhhU6PBQQB9oYmatU0m574khepejZizI9D5d4G8FHfwHU95+nhECaSteM/WZDixd6uca5iln++UEJe8i/4juFvbf73uzx634Ft3rQQBdXva0i4eCMez5UN/kdCqXCC1pb1WA8QriygmNpaveZvsNd3u2Kr4O6IOiq9VOTjlaw+cVwNe8RAg/iXP8G2Fm8YRf5046fmaymv25Ph8SLPFDUEUph9F7Lnwo2HPGLou6/eBbRUpqlNxlLOmt3mPK5Jo25kCqsZRbMgtvS+jebu4ok4XU+cPP/Dbe4O/+EfxFsIbfcAex7V7wQxPr8NdcMdof7HQ5C4t43h/kxLxsBqYFM94DmVRzqv3CHaDPYyVPW17HZIj8fBrgCW6V0dNbl3Wt7mz/JrZWQBTEePA6KkxghQI+nb7Ka8d8dvCVHSR2RV2rgEC24F1B+HU5sujY9nC52TwVA2upDH4U5Z5X3xW3zb1oZ2znpzcfFg5MWIrepl9NFyiLctsi3fcR4Fxs6YYeLkdGeSzWnh6BgiFHq4aHwx4flixrp6U2fGc4ePdg6QsYxqPGeifbCovU67iiv05/keO70nErz+8xBg68Bu2xVjDnQapmcSZ92MsdawiJhfK2ATigOBwtaFQrhQ+5nIoTQGGJKRxZwr6kCww8ryJSXfKMT7DnVUSFv2EZaDsH/LfHstWD2XtsOLiPhnHP9sMtsCmysJ8iDz5RvSINk11JMlsAQRUn/14pnbxVj7dL+L97J1pYlHkY7U/Sgm0kbrSVdvZwnAuqtqfedZQE0H0h3wO6bxzi7hoofvEDCIMvYzfNsqLDY9aBCSPDwxQQfz8UQ8dJ/mTlRV20ZXPP7MPm1mOJ2r1Exm2InvdJ3EVan692Uo6TMxYthcJetIzXg7W73TF/o0Y0Ft8XsaYVc3y59lJCIofCJozt79YJjOTU31w7NPXuNtZ2hns9A7Cqq6VDOCk5YnTHCMBWat9vaHlAKUZO6WbbesPWoywZhkKFUVoHJf3uKWps9zhQKMMOVR6dEdWWDZ4OACa0WBbVnJ2P7Ib2+7OqV2LtOB3pZv0ouLKRPf47NJ+iS4Ife2nJN0baEBXAJ/uhQowPbS/szWVMHH5aUu5b5mcJ47sizlf1NtxjUrDK10pZlF736723SLL0hMP3i+h/6H/4ptQTbbduE0ubhGNaQl/9ZlS9ZFMnByeblQl+FYZ2wxLJiwcFelTkxJV1sHIWvn2E/WAMsoR6qJro1BAQQTupyZukQRfHnX2bhq1yOKhPExRJStjdeGlDZQOAkNyOWVF6bZQ3dbQdh05bSQLoq88KqE9s44newvEtkvDpuL+BQGIMo4So6gVKR16ZFziDfE0kgaHTAJHTujl3GyU1ho/bv/pqgw6NMp8Tpx3XLHkTsPdYU6pIrGRzy9BDRgnNK9kVgZLJEu2YGT6pSlwMtAL14U6xrRad3M3cZgh5VL9ndU2p41NsiDwE3+K6ZWJWT6CuukBfMzMdjWVO2kD3WoK0SiKiU1aFOiPcJauB9FG2UT4gJaKLsbDQgDNaSDvnIbQh4eltrZg5D3Wk9I6JLaBKlBI+4rsGtuw3RKuRBelNWomwaQ45fjpxunZNWhPaCFaHsLKV6sHOrR/DLmL3TX9rfru6gYI/r/fLDZgjXgirGz3pzKGvXXmpZqzztbd60iX4VOKL1x+68sWGqcS6o9NC02KjvIO+cYmfVERY8Ghd5NfJzkOMOpL+WEF0Q72cYn0ZI8BZueCku9rr5mmKKb1pbGZAOOzXqHWZf925ia4gkUuLfZrtzLT+vCDtqrVFvu70kOC4cZQLj+i2E8N1FiAsSxF+pUrOIef+RHlKoerCOiPDKQG3024VeC8f3QiBtzxmApX24cNmmz22ZxIwp+Y0JewL67gJXr/Gklz6FRhFbDg4llrgs6qGdzDtGCbvtawcgksrdBTiklhemcz3D4QxdBk6OzuivVO6TrLkJQHS5YkXBNRmY/XDmgLtZlDlrZkdFrk/ACiF8ll8jmK7Az5dbvoSRe734gs6NuW0NMSzmfgvUHbbIAmsADnzr4MbkPJHPlJsOyo/3eNbrAi3O1LrFKCMLsydYRdfwvW+B10ixqSSFVCU62l7TYqsD1lmGUS6OqKhYflRsdxGQIUJk/yjQyTLB0/zgQXQIf/PG/A6kpGNpkJiibnXYxfPQN+EQx1Zucu2Osw/Zpu5yYEHHBqU7ZvSdAme3FnoWadIquozz2YAtXcd+LfAOF+nu/vOq/EmlaPI6MHTkS4/vpDeO+DKHLP4Qn8dTibKpJzFUO5HBvkXmU2sPQWzws908lGSulgubHUJ+51Z16+FkP86H0Y7v0hP2MNLrZzVXUzcD9KQDIm6MGuXHP2Ks0JjmjGhymlL0Dz3UtFb2eAtGiHROygRHH8d8JUNKaSRhNLDtLyiwhuwW/GYFt+9XaEu9KYxG/RadAMd/VD1mBr4hsPG+ev4sghVp5TCbbFWZx9UowmfX45AZcVBblPheANLwyt+XqhYZeu6fepJimxBt14opY68o7gstLgc067UnGw5/va5uzRn2e8onqDVjxKl7a5Yt1HaVZn6zfdWl6a859HV2WLiPfyLoZ0zjlz0fq5pUvVzTdWZQ9eG6WhbjUemAU/Rli/5VRlbbZJpzx8thwrwVO48d085K5KXll+tgfDvlWrgLLdUxV5CPA8oQ9YXxyWL2GdxBvs40A7l3jY+yO/DJoexfZwBjLJmqY5lw6Qolre6cI81Swbt0jvnLmnJf29ylFmwwY/Zr+1eR9UkiGW3D5YCzLJH+zfVbMbAZxHvnjDVHjW6h06oh2HvM4n9Almcr9d1+kLpvt6Zk4PTKJ7NIavU8JVIV9cNSUh7PtskgDhwZQ+6AT26fOp6Q/mx8V+/Td8S21eFPoLMUEuCbgeTDbVnqr5q44Ye7h6lz6IvDZRLqK/bluZAQfvm+ZUEs7PKIKDuuBBwgVE7nkJHAj8iDWztR++xIMP4O6+yzPlUgNqVuVDfjSMD//J2iP26yRB/saPq57zqez/TLXWywf7T9TBCB90PtU0afEa1jUjuDsIYiY3ihb7XQ5OWPL5p7I5XJNB/VmBsQP4tIQWTaU8tD+ElwtHhnToATuEoj8qRN1NItDqo/wtm7cdhBGpNWtyv946tG9lwN78U5pSef9QDkeHw5TG9L+Y6gj2UYlDyu8i6XWW0dQaWp43zTev3lQpPAZUA8sYHA3s2XRIcLQXFNsLLlDAF3YHDHtu++kfPOuMruzvbEaBIy/upOCmVoNSP7t5xXvLHGx+CHZfKoC0udX19J1fiIdSvQbcQ1i+/7fKIrcssK9b2YNVX+oL1a+84wGvueWVkzni1TWUDbfuorQGgf+wB4YngbxmB73iQwUcfFDe2Gq3Ys1pKbP3XjJviOckqZUmfAJyOf4D1IfRGXNc+UeR8pe5zzevTF99dPiv5YeA/apHw++sQNog2zSq4hO4wH1a8W3EBPjtLNCjyxEwcdI+Pb9cYh6YvaVvQAaoXy18WWdg7TCg1Y2jq/qa/I/hNKMvbcmgCKT7fnZDNXcRNO/QWAM7YWj7ySOr5pqNzGG9r+U1AuWsSD5c8+p8DrkaUX11Hzey26sfLpgOHZADySzXZQQK3ekCXIoSFLeTAaQCW0rtZNp43rNvzX5bziAE9wT56nwvLhtjkQk0C1Bc+KzfDzce2XFmJl5AkeG509+tNlkKwjQraphr8TrSXwqQf1y2HBMVTPR1WZNoLW6x8O9V7TXw2NzXSsXCJMNYyr1eEfLn481iR/+/ih/+bPy9cD0gQt/maiU28/K55v/5+wyq2h/NLq3w+n/9Aud+/Rw6fbQkdxbIVJziCIPDfoSlZimH7H4dQ/j/QV3+KxdgX2/JAXeifEzAY/hdK/p11/R1C6H9+/tb5Vv0dw+l/Ifjf0aqoP9X2vw4n69+hz7+/Argi/r4YhNrPV9F1//5xGcftf/xOXJKpeo95AT7xnw== ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-siem-importer/01-function-and-mq.tf ================================================ resource "yandex_iam_service_account_static_access_key" "sa_static_key" { service_account_id = var.service_account_id description = "static access key for object storage and s3 " } data "archive_file" "function" { type = "zip" source_dir = "${path.module}/pusher" output_path = "${path.module}/pusher.zip" } resource "random_string" "project_suffix" { length = 10 upper = false lower = true number = true special = false } #--------AUDIT----------- resource "yandex_message_queue" "log_queue_for_auditlog" { count = var.auditlog_enabled ? 1 : 0 access_key = yandex_iam_service_account_static_access_key.sa_static_key.access_key secret_key = yandex_iam_service_account_static_access_key.sa_static_key.secret_key name = "log-queue-auditlog-${random_string.project_suffix.result}" visibility_timeout_seconds = 600 receive_wait_time_seconds = 20 message_retention_seconds = 1209600 } resource "yandex_function" "s3_ymq_for_auditlog" { depends_on = [yandex_message_queue.log_queue_for_auditlog] folder_id = var.folder_id name = "s3-ymq-auditlog-sync-${random_string.project_suffix.result}" runtime = "python38" entrypoint = "main.handler" memory = "256" execution_timeout = "30" environment = { YMQ_URL = yandex_message_queue.log_queue_for_auditlog[0].id AWS_ACCESS_KEY_ID = yandex_iam_service_account_static_access_key.sa_static_key.access_key AWS_SECRET_ACCESS_KEY = yandex_iam_service_account_static_access_key.sa_static_key.secret_key AUDIT_LOG_PREFIX = var.auditlogs_prefix } user_hash = data.archive_file.function.output_base64sha256 content { zip_filename = data.archive_file.function.output_path } } resource "yandex_function_trigger" "s3_ymq_auditlog_trigger" { depends_on = [yandex_message_queue.log_queue_for_auditlog,yandex_function.s3_ymq_for_auditlog] folder_id = var.folder_id name = "s3-ymq-auditlog-trigger-${random_string.project_suffix.result}" function { id = yandex_function.s3_ymq_for_auditlog.id service_account_id = var.service_account_id } object_storage { bucket_id = var.log_bucket_name prefix = var.auditlogs_prefix create = true update = false delete = false } } #--------FALCO----------- resource "yandex_message_queue" "log_queue_for_falco" { count = var.falco_enabled ? 1 :0 access_key = yandex_iam_service_account_static_access_key.sa_static_key.access_key secret_key = yandex_iam_service_account_static_access_key.sa_static_key.secret_key name = "log-queue-falco-${random_string.project_suffix.result}" visibility_timeout_seconds = 600 receive_wait_time_seconds = 20 message_retention_seconds = 1209600 } resource "yandex_function" "s3_ymq_for_falco" { depends_on = [yandex_message_queue.log_queue_for_falco] folder_id = var.folder_id name = "s3-ymq-falco-sync-${random_string.project_suffix.result}" runtime = "python38" entrypoint = "main.handler" memory = "256" execution_timeout = "30" environment = { YMQ_URL = yandex_message_queue.log_queue_for_falco[0].id AWS_ACCESS_KEY_ID = yandex_iam_service_account_static_access_key.sa_static_key.access_key AWS_SECRET_ACCESS_KEY = yandex_iam_service_account_static_access_key.sa_static_key.secret_key FALCO_LOG_PREFIX = var.falco_prefix } user_hash = data.archive_file.function.output_base64sha256 content { zip_filename = data.archive_file.function.output_path } } resource "yandex_function_trigger" "s3_ymq_falco_trigger" { depends_on = [yandex_message_queue.log_queue_for_falco,yandex_function.s3_ymq_for_falco] folder_id = var.folder_id name = "s3-ymq-falco-trigger-${random_string.project_suffix.result}" function { id = yandex_function.s3_ymq_for_falco.id service_account_id = var.service_account_id } object_storage { bucket_id = var.log_bucket_name prefix = var.falco_prefix create = true update = false delete = false } } #--------KYVERNO----------- resource "yandex_message_queue" "log_queue_for_kyverno" { count = var.kyverno_enabled ? 1 :0 access_key = yandex_iam_service_account_static_access_key.sa_static_key.access_key secret_key = yandex_iam_service_account_static_access_key.sa_static_key.secret_key name = "log-queue-kyverno-${random_string.project_suffix.result}" visibility_timeout_seconds = 600 receive_wait_time_seconds = 20 message_retention_seconds = 1209600 } resource "yandex_function" "s3_ymq_for_kyverno" { depends_on = [yandex_message_queue.log_queue_for_kyverno] folder_id = var.folder_id name = "s3-ymq-kyverno-sync-${random_string.project_suffix.result}" runtime = "python38" entrypoint = "main.handler" memory = "256" execution_timeout = "30" environment = { YMQ_URL = yandex_message_queue.log_queue_for_kyverno[0].id AWS_ACCESS_KEY_ID = yandex_iam_service_account_static_access_key.sa_static_key.access_key AWS_SECRET_ACCESS_KEY = yandex_iam_service_account_static_access_key.sa_static_key.secret_key KYVERNO_LOG_PREFIX = var.kyverno_prefix } user_hash = data.archive_file.function.output_base64sha256 content { zip_filename = data.archive_file.function.output_path } } resource "yandex_function_trigger" "s3_ymq_kyverno_trigger" { depends_on = [yandex_message_queue.log_queue_for_kyverno,yandex_function.s3_ymq_for_kyverno] folder_id = var.folder_id name = "s3-ymq-kyverno-trigger-${random_string.project_suffix.result}" function { id = yandex_function.s3_ymq_for_kyverno.id service_account_id = var.service_account_id } object_storage { bucket_id = var.log_bucket_name prefix = var.kyverno_prefix create = true update = false delete = false } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-siem-importer/02-coi-worker.tf ================================================ resource "tls_private_key" "ssh" { algorithm = "RSA" rsa_bits = "4096" } resource "local_file" "private_key" { content = tls_private_key.ssh.private_key_pem filename = "pt_key.pem" file_permission = "0600" } data "template_file" "cloud_init" { template = file("../security-events-to-siem-importer/worker/cloud-init.tpl.yaml") vars = { ssh_key = "${chomp(tls_private_key.ssh.public_key_openssh)}" } } data "template_file" "docker-declaration-auditlog" { template = file("../security-events-to-siem-importer/worker/docker-declaration-auditlog.yaml") vars = { ELASTIC_AUTH_USER = "${var.elastic_user}" ELASTIC_SERVER = "${var.elastic_server}:9200" ELK_PASS_ENCR = "${yandex_kms_secret_ciphertext.encrypted_pass.ciphertext}" KIBANA_SERVER = "${var.elastic_server}" KMS_KEY_ID = "${yandex_kms_symmetric_key.kms-key.id}" S3_BUCKET = "${var.log_bucket_name}" S3_KEY_ENCR = "${yandex_kms_secret_ciphertext.encrypted_s3_key.ciphertext}" S3_SECRET_ENCR = "${yandex_kms_secret_ciphertext.encrypted_s3_secret.ciphertext}" SLEEP_TIME = "300" AUDIT_LOG_PREFIX = "AUDIT/" YMQ_URL = "${yandex_message_queue.log_queue_for_auditlog[0].id}" } } data "template_file" "docker-declaration-falco" { template = file("../security-events-to-siem-importer/worker/docker-declaration-falco.yaml") vars = { ELASTIC_AUTH_USER = "${var.elastic_user}" ELASTIC_SERVER = "${var.elastic_server}:9200" ELK_PASS_ENCR = "${yandex_kms_secret_ciphertext.encrypted_pass.ciphertext}" KIBANA_SERVER = "${var.elastic_server}" KMS_KEY_ID = "${yandex_kms_symmetric_key.kms-key.id}" S3_BUCKET = "${var.log_bucket_name}" S3_KEY_ENCR = "${yandex_kms_secret_ciphertext.encrypted_s3_key.ciphertext}" S3_SECRET_ENCR = "${yandex_kms_secret_ciphertext.encrypted_s3_secret.ciphertext}" SLEEP_TIME = "300" FALCO_LOG_PREFIX = "FALCO/" YMQ_URL = "${yandex_message_queue.log_queue_for_falco[0].id}" } } #----KYVERNO----- data "template_file" "docker-declaration-kyverno" { template = file("../security-events-to-siem-importer/worker/docker-declaration-kyverno.yaml") vars = { ELASTIC_AUTH_USER = "${var.elastic_user}" ELASTIC_SERVER = "${var.elastic_server}:9200" ELK_PASS_ENCR = "${yandex_kms_secret_ciphertext.encrypted_pass.ciphertext}" KIBANA_SERVER = "${var.elastic_server}" KMS_KEY_ID = "${yandex_kms_symmetric_key.kms-key.id}" S3_BUCKET = "${var.log_bucket_name}" S3_KEY_ENCR = "${yandex_kms_secret_ciphertext.encrypted_s3_key.ciphertext}" S3_SECRET_ENCR = "${yandex_kms_secret_ciphertext.encrypted_s3_secret.ciphertext}" SLEEP_TIME = "300" KYVERNO_LOG_PREFIX = "KYVERNO/" YMQ_URL = "${yandex_message_queue.log_queue_for_kyverno[0].id}" } } #------------ data "yandex_compute_image" "container-optimized-image" { family = "container-optimized-image" } #--COI AUDITLOG resource "yandex_compute_instance" "instance-based-on-coi-auditlog" { name = "k8s-auditlog-siem-worker" hostname = "k8s-auditlog-siem-worker" zone = "ru-central1-a" service_account_id = var.service_account_id boot_disk { initialize_params { image_id = data.yandex_compute_image.container-optimized-image.id type = "network-ssd" size = 100 } } network_interface { subnet_id = var.coi_subnet_id # не забыть включить NAT для subnet, где COI } resources { cores = 2 memory = 2 } metadata = { user-data = "${data.template_file.cloud_init.rendered}" docker-container-declaration = "${data.template_file.docker-declaration-auditlog.rendered}" } } #----COI FALCO resource "yandex_compute_instance" "instance-based-on-coi-falco" { name = "k8s-falco-siem-worker" hostname = "k8s-falco-siem-worker" zone = "ru-central1-a" service_account_id = var.service_account_id boot_disk { initialize_params { image_id = data.yandex_compute_image.container-optimized-image.id type = "network-ssd" size = 100 } } network_interface { subnet_id = var.coi_subnet_id # не забыть включить NAT для subnet, где COI } resources { cores = 2 memory = 2 } metadata = { user-data = "${data.template_file.cloud_init.rendered}" docker-container-declaration = "${data.template_file.docker-declaration-falco.rendered}" } } #---COI KYVERNO--- resource "yandex_compute_instance" "instance-based-on-coi-kyverno" { name = "k8s-kyverno-siem-worker" hostname = "k8s-kyverno-siem-worker" zone = "ru-central1-a" service_account_id = var.service_account_id boot_disk { initialize_params { image_id = data.yandex_compute_image.container-optimized-image.id type = "network-ssd" size = 100 } } network_interface { subnet_id = var.coi_subnet_id # не забыть включить NAT для subnet, где COI } resources { cores = 2 memory = 2 } metadata = { user-data = "${data.template_file.cloud_init.rendered}" docker-container-declaration = "${data.template_file.docker-declaration-kyverno.rendered}" } } #------------ resource "yandex_kms_symmetric_key" "kms-key" { name = "kms-key-${random_string.project_suffix.result}" description = "Key for secrets encryption" default_algorithm = "AES_128" } resource "yandex_resourcemanager_folder_iam_binding" "binding" { folder_id = var.folder_id role = "kms.keys.encrypterDecrypter" members = [ "serviceAccount:${var.service_account_id}", ] } resource "yandex_kms_secret_ciphertext" "encrypted_pass" { key_id = yandex_kms_symmetric_key.kms-key.id plaintext = var.elastic_pw } resource "yandex_kms_secret_ciphertext" "encrypted_s3_key" { key_id = yandex_kms_symmetric_key.kms-key.id plaintext = yandex_iam_service_account_static_access_key.sa_static_key.access_key } resource "yandex_kms_secret_ciphertext" "encrypted_s3_secret" { key_id = yandex_kms_symmetric_key.kms-key.id plaintext = yandex_iam_service_account_static_access_key.sa_static_key.secret_key } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-siem-importer/README.md ================================================ # Security-events-to-siem-importer Описание: Модуль, который через очередь читает логи из бакета и кладет их Elastic ### Принимает на вход: - folder_id - ID каталога - log_bucket_name - имя S3 бакета, логи из которого нужно обрабатывать - service_account_id - (опционально) ID сервисного аккаунта, который будет запускать фукнцию, создавать очереди и писать в очереди - auditlog_enabled - Включать ли поставку аулит лога (по умолчанию - true) - falco_enabled - Включать ли поставку аудит лога - elastic_server - URL в виде "https://xxx.rw.mdb.yandexcloud.net" - elastic_user - Имя пользователя с административными правами в ElasticSearch - elastic_pw - Пароль пользователя ElasticSearch - coi_subnet_id - ID подсети, в которой будут созданы worker контейнеры для обработки данных ### Выполняет: - Создание статического ключа для УЗ - Создание функций и тригеров для записи логов в очереди и обогащения логов параметрами 'cloud_id','folder_id','cluster_id','cluster_url' - Обработка логов из очереди через worker-контейнеры - Выгрузка логов в ElasticSearch Пререквизиты: 1) Сервисная учетная запись с правами *ymq.writer*, *serverless.functions.invoker*, *storage.editor* 2) ID подсети для создания контейнеров 3) Включенный NAT на выбранной подсети 3) Кластер ElasticSearch ### Вызов модуля ``` module "bucket_baby" { source = "../../../yc-solution-library-for-security/auditlogs/export-k8s-events-to-siem/security-events-to-siem-importer" # путь до модуля folder_id = "xxxxxx" // folder-id кластера k8s yc managed-kubernetes cluster get --id --format=json | jq .folder_id log_bucket_name = "lugs-bucket" // можно подставить из конфига развертывания service_account_id = "xxxxxx" // id выданный администратором } ``` ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-siem-importer/pusher/Makefile ================================================ all: clean dependencies package clean: rm -rf dist/ dirs: mkdir -p dist/ dependencies: dirs docker run --rm \ -v $(shell pwd)/dist:/dist -v $(shell pwd):/app \ -w /app \ python:3.7-stretch \ pip3 install -r /app/requirements.txt --target /dist/ install-code: dirs cp main.py dist/main.py cp s3.py dist/s3.py package: dirs install-code rm -f dist.zip cd dist && zip --exclude '*.pyc' -r ../dist.zip ./* .PHONY: clean dirs dependencies install-code package all ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-siem-importer/pusher/main.py ================================================ import boto3 import json import os client = boto3.client( service_name='sqs', endpoint_url='https://message-queue.api.cloud.yandex.net', region_name='ru-central1' ) s3_client = boto3.client( service_name='s3', endpoint_url='https://storage.yandexcloud.net', region_name='ru-central1', ) def handler(event, context): queue_url = os.environ.get('YMQ_URL') for message in event['messages']: if os.environ.get('AUDIT_LOG_PREFIX') is not None and message['details']['object_id'].startswith(os.environ.get('AUDIT_LOG_PREFIX')): log_type = 'AUDIT' elif os.environ.get('FALCO_LOG_PREFIX') is not None and message['details']['object_id'].startswith(os.environ.get('FALCO_LOG_PREFIX')): log_type = 'FALCO' else: log_type = 'UNKNOWN' metadata_list = message['details']['object_id'].split("/") data = { 'log_type': log_type, 'bucket_id': message['details']['bucket_id'], 'object_id': message['details']['object_id'], 'cloud_id': metadata_list[1], 'folder_id': metadata_list[2], 'cluster_id': metadata_list[3], 'cluster_url': "https://console.cloud.yandex.ru/folders/"+metadata_list[2]+"/managed-kubernetes/cluster/"+ metadata_list[3] } print(data) log_obj = s3_client.get_object(Bucket=message['details']['bucket_id'], Key=message['details']['object_id']) file_content = log_obj['Body'].read() print(file_content) client.send_message( QueueUrl=queue_url, MessageBody=json.dumps(data), MessageGroupId = "%s\%s" % (message['details']['bucket_id'],log_type) ) print('Successfully sent message to queue') ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-siem-importer/pusher/requirements.txt ================================================ botocore boto3 ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-siem-importer/pusher/test.py ================================================ def test(a): pass ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-siem-importer/variables.tf ================================================ variable "folder_id" { } variable "log_bucket_name" { } variable "service_account_id" { #functions.invoker, storage.editor, ymq.editor } variable "auditlog_enabled" { default = true } variable "auditlogs_prefix" { default = "AUDIT/" } variable "falco_enabled" { default = true } variable "falco_prefix" { default = "FALCO/" } variable "kyverno_enabled" { default = true } variable "kyverno_prefix" { default = "KYVERNO/" } variable "elastic_pw" { } variable "elastic_user" { } variable "elastic_server" { default = "https://c-xxx.rw.mdb.yandexcloud.net" } variable "coi_subnet_id" { description = "subnet id for COI instance" } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-siem-importer/versions.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.5" } } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-siem-importer/worker/Dockerfile ================================================ FROM python:3.9.1-slim RUN apt-get update # docker build нужно запускать из папки auditlogs чтобы был правильный контекст при подборе include файлов # пример docker build команды: # docker build -t k8s-events-siem-worker:latest -f ./export-auditlogs-to-ELK_k8s/security-events-to-siem-importer/worker/Dockerfile . COPY /export-auditlogs-to-ELK_k8s/security-events-to-siem-importer/worker/function /app/function COPY /export-auditlogs-to-ELK_main/update-elk-scheme/include /app/include WORKDIR /app RUN python3 -m pip install --upgrade pip RUN pip install -r /app/function/requirements.txt CMD ["python3", "function/main.py"] ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-siem-importer/worker/cloud-init.tpl.yaml ================================================ #cloud-config #ssh_pwauth: no users: - name: yc-user sudo: ALL=(ALL) NOPASSWD:ALL groups: sudo shell: /bin/bash ssh_authorized_keys: - "${ssh_key}" ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-siem-importer/worker/docker-compose.yml ================================================ version: "3.6" services: app: build: . stdin_open: true tty: true volumes: - .:/app ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-siem-importer/worker/docker-declaration-auditlog.yaml ================================================ spec: containers: - env: - name: KMS_KEY_ID value: ${KMS_KEY_ID} - name: ELASTIC_SERVER value: ${ELASTIC_SERVER} - name: ELASTIC_AUTH_USER value: ${ELASTIC_AUTH_USER} - name: ELK_PASS_ENCR value: ${ELK_PASS_ENCR} - name: KIBANA_SERVER value: ${KIBANA_SERVER} - name: S3_BUCKET value: ${S3_BUCKET} - name: S3_KEY_ENCR value: ${S3_KEY_ENCR} - name: S3_SECRET_ENCR value: ${S3_SECRET_ENCR} - name: YMQ_URL value: ${YMQ_URL} - name: AUDIT_LOG_PREFIX value: ${AUDIT_LOG_PREFIX} - name: SLEEP_TIME value: ${SLEEP_TIME} - name: PYTHONUNBUFFERED value: 1 image: cr.yandex/crpjfmfou6gflobbfvfv/k8s-events-siem-worker:latest name: k8s-auditlog-siem-worker securityContext: privileged: false stdin: false tty: false restartPolicy: Always ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-siem-importer/worker/docker-declaration-falco.yaml ================================================ spec: containers: - env: - name: KMS_KEY_ID value: ${KMS_KEY_ID} - name: ELASTIC_SERVER value: ${ELASTIC_SERVER} - name: ELASTIC_AUTH_USER value: ${ELASTIC_AUTH_USER} - name: ELK_PASS_ENCR value: ${ELK_PASS_ENCR} - name: KIBANA_SERVER value: ${KIBANA_SERVER} - name: S3_BUCKET value: ${S3_BUCKET} - name: S3_KEY_ENCR value: ${S3_KEY_ENCR} - name: S3_SECRET_ENCR value: ${S3_SECRET_ENCR} - name: YMQ_URL value: ${YMQ_URL} - name: FALCO_LOG_PREFIX value: ${FALCO_LOG_PREFIX} - name: SLEEP_TIME value: ${SLEEP_TIME} - name: PYTHONUNBUFFERED value: 1 image: cr.yandex/crpjfmfou6gflobbfvfv/k8s-events-siem-worker:latest name: k8s-falco-siem-worker securityContext: privileged: false stdin: false tty: false restartPolicy: Always ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-siem-importer/worker/docker-declaration-kyverno.yaml ================================================ spec: containers: - env: - name: KMS_KEY_ID value: ${KMS_KEY_ID} - name: ELASTIC_SERVER value: ${ELASTIC_SERVER} - name: ELASTIC_AUTH_USER value: ${ELASTIC_AUTH_USER} - name: ELK_PASS_ENCR value: ${ELK_PASS_ENCR} - name: KIBANA_SERVER value: ${KIBANA_SERVER} - name: S3_BUCKET value: ${S3_BUCKET} - name: S3_KEY_ENCR value: ${S3_KEY_ENCR} - name: S3_SECRET_ENCR value: ${S3_SECRET_ENCR} - name: YMQ_URL value: ${YMQ_URL} - name: KYVERNO_LOG_PREFIX value: ${KYVERNO_LOG_PREFIX} - name: SLEEP_TIME value: ${SLEEP_TIME} - name: PYTHONUNBUFFERED value: 1 image: cr.yandex/crpjfmfou6gflobbfvfv/k8s-events-siem-worker:latest name: k8s-kyverno-siem-worker securityContext: privileged: false stdin: false tty: false restartPolicy: Always ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-siem-importer/worker/function/main.py ================================================ import base64 import boto3 import botocore import json import os import requests import time # Function - Get token def get_token(): response = requests.get('http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token', headers={"Metadata-Flavor":"Google"}) return response.json().get('access_token') # Function - Decrypt data with KMS key def decrypt_secret_kms(secret): token = get_token() request_suffix = kms_key_id+':decrypt' request_json_data = {'ciphertext': secret} response = requests.post('https://kms.yandex/kms/v1/keys/'+request_suffix, data=json.dumps(request_json_data), headers={"Accept":"application/json", "Authorization": "Bearer "+token}) b64_data = response.json().get('plaintext') return base64.b64decode(b64_data).decode() # Configuration - Get ElasticSearch CA.pem def get_elastic_cert(): file = '/app/include/CA.pem' if os.path.isfile(file): return file else: url = 'https://storage.yandexcloud.net/cloud-certs/CA.pem' response = requests.get(url) with open('/app/include/CA.pem', 'wb') as f: f.write(response.content) return file # Configuration - Keys elastic_auth_pw_encr = os.environ['ELK_PASS_ENCR'] kms_key_id = os.environ['KMS_KEY_ID'] s3_key_encr = os.environ['S3_KEY_ENCR'] s3_secret_encr = os.environ['S3_SECRET_ENCR'] # Configuration - Setting up variables for ElasticSearch elastic_auth_pw = decrypt_secret_kms(elastic_auth_pw_encr) elastic_auth_user = os.environ['ELASTIC_AUTH_USER'] elastic_server = os.environ['ELASTIC_SERVER'] kibana_server = os.environ['KIBANA_SERVER'] elastic_cert = get_elastic_cert() # Configuration - Setting up variables for S3 s3_bucket = os.environ['S3_BUCKET'] s3_key = decrypt_secret_kms(s3_key_encr) s3_local = '/tmp/data' s3_secret = decrypt_secret_kms(s3_secret_encr) # Configuration - Sleep time if(os.getenv('SLEEP_TIME') is not None): sleep_time = int(os.environ['SLEEP_TIME']) else: sleep_time = 240 # Configuration - Log type if os.getenv("AUDIT_LOG_PREFIX") is not None: s3_folder = os.environ['AUDIT_LOG_PREFIX'].rstrip("/") elastic_index_alias = "k8s-audit" elastic_index_name = f"{elastic_index_alias}-index-000001" elastic_index_template = f"{elastic_index_alias}-template" elastic_index_ilm = f"{elastic_index_alias}-ilm" elastic_index_pipeline = f"{elastic_index_alias}-pipeline" elif os.getenv("FALCO_LOG_PREFIX") is not None: s3_folder = os.environ['FALCO_LOG_PREFIX'].rstrip("/") elastic_index_alias = "k8s-falco" elastic_index_name = f"{elastic_index_alias}-index-000001" elastic_index_template = f"{elastic_index_alias}-template" elastic_index_ilm = f"{elastic_index_alias}-ilm" elastic_index_pipeline = f"{elastic_index_alias}-pipeline" elif os.getenv("KYVERNO_LOG_PREFIX") is not None: s3_folder = os.environ['KYVERNO_LOG_PREFIX'].rstrip("/") elastic_index_alias = "k8s-kyverno" elastic_index_name = f"{elastic_index_alias}-index-000001" elastic_index_template = f"{elastic_index_alias}-template" elastic_index_ilm = f"{elastic_index_alias}-ilm" elastic_index_pipeline = f"{elastic_index_alias}-pipeline" # State - Setting up S3 client s3 = boto3.resource('s3', endpoint_url = 'https://storage.yandexcloud.net', aws_access_key_id = s3_key, aws_secret_access_key = s3_secret ) sqs = boto3.client( service_name = 'sqs', endpoint_url = 'https://message-queue.api.cloud.yandex.net', region_name = 'ru-central1', aws_access_key_id = s3_key, aws_secret_access_key = s3_secret ) # Configuration - YMQ sqs_url = os.environ['YMQ_URL'] # Function - Create config index in ElasticSearch def create_config_index(): request_suffix = f"/.state-{elastic_index_alias}" response = requests.get(elastic_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw)) if(response.status_code == 404): request_suffix = f"/.state-{elastic_index_alias}/_doc/1" request_json = """{ "is_configured": true }""" response = requests.post(elastic_server+request_suffix, data=request_json, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"Content-Type":"application/json"}) print('Config index -- CREATED') print(f"{response.status_code} -- {response.text}") else: print('Config index -- EXISTS') print(f"{response.status_code} -- {response.text}") # Function - Get config index state def get_config_index_state(): request_suffix = f"/.state-{elastic_index_alias}/_doc/1/_source" response = requests.get(elastic_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw)) if(response.status_code != 200): return False return response.json()['is_configured'] # Function - Create ingest pipeline def create_ingest_pipeline(): request_suffix = f"/_ingest/pipeline/{elastic_index_pipeline}" data_file = open(f"/app/include/{elastic_index_alias}/pipeline.json") # заменить на прямую ссылку github когда репо станет публичным data_json = json.load(data_file) data_file.close() response = requests.put(elastic_server+request_suffix, json=data_json, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw)) if(response.status_code == 200): print('Ingest pipeline -- CREATED') print(f"{response.status_code} -- {response.text}") # Function - Create an index template def create_index_template(): request_suffix = f"/_index_template/{elastic_index_template}" data_file = open(f"/app/include/{elastic_index_alias}/index-template.json") data_json = json.load(data_file) data_file.close() response = requests.put(elastic_server+request_suffix, json=data_json, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"Content-Type":"application/json"}) if(response.status_code == 200): print('Index template -- CREATED') print(f"{response.status_code} - {response.text}") def create_lifecycle_policy(): request_suffix = f"/_ilm/policy/{elastic_index_ilm}" request_json = """{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "rollover": { "max_age": "30d", "max_primary_shard_size": "50gb" } } } } } }""" response = requests.put(elastic_server+request_suffix, data=request_json, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"Content-Type":"application/json"}) if(response.status_code == 200): print('Index lifecycle policy -- CREATED') print(f"{response.status_code} - {response.text}") # Function - Create an index def create_first_index(): request_suffix = f"/{elastic_index_name}" response = requests.put(elastic_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw)) if(response.status_code == 200): print(f"Index {elastic_index_name} -- CREATED") print(f"{response.status_code} - {response.text}") # Function - Create an index alias def create_index_alias(): request_suffix = f"/_aliases" request_json = """{ "actions" : [ { "add" : { "index" : "%s", "alias" : "%s" } } ] }""" % (elastic_index_name, elastic_index_alias) response = requests.post(elastic_server+request_suffix, data=request_json, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"Content-Type":"application/json"}) if(response.status_code == 200): print('Index alias -- CREATED') print(f"{response.status_code} - {response.text}") # Function - Refresh index def refresh_index(): request_suffix = f"/{elastic_index_alias}/_refresh" response = requests.post(elastic_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw)) if(response.status_code == 200): print('Index -- REFRESHED') print(f"{response.status_code} -- {response.text}") # Function - Check detection engine index def get_detections_engine(): request_suffix = f"/s/default/api/detection_engine/index" response = requests.get(kibana_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): return True else: print(f"{response.status_code} - {response.text}") return False # Function - Preconfigure Kibana def configure_kibana(): # Index pattern file = f"/app/include/{elastic_index_alias}/index-pattern.ndjson" if os.path.isfile(file): data_file = { 'file': open(file, 'rb') } request_suffix = '/api/saved_objects/_import' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): print('Index pattern -- IMPORTED') print(f"{response.status_code} -- {response.text}") # Filters file = f"/app/include/{elastic_index_alias}/filters.ndjson" if os.path.isfile(file): data_file = { 'file': open(file, 'rb') } request_suffix = '/api/saved_objects/_import' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): print('Filters -- IMPORTED') print(f"{response.status_code} -- {response.text}") # Search file = f"/app/include/{elastic_index_alias}/search.ndjson" if os.path.isfile(file): data_file = { 'file': open(file, 'rb') } request_suffix = '/api/saved_objects/_import' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): print('Searches -- IMPORTED') print(f"{response.status_code} -- {response.text}") # Dashboard file = f"/app/include/{elastic_index_alias}/dashboard.ndjson" if os.path.isfile(file): data_file = { 'file': open(file, 'rb') } request_suffix = '/api/saved_objects/_import' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): print('Dashboard -- IMPORTED') print(f"{response.status_code} -- {response.text}") # Detections # Pre-create detections index if not get_detections_engine(): request_suffix = '/s/default/api/detection_engine/index' response = requests.post(kibana_server+request_suffix, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): print('Detections -- SIEM rules index pre-created') print(f"{response.status_code} - {response.text}") file = f"/app/include/{elastic_index_alias}/detections.ndjson" if os.path.isfile(file): data_file = { 'file': open(file, 'rb') } request_suffix = '/api/detection_engine/rules/_import' response = requests.post(kibana_server+request_suffix, files=data_file, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), headers={"kbn-xsrf":"true"}) if(response.status_code == 200): print('Detections -- IMPORTED') print(f"{response.status_code} -- {response.text}") # Function - Clean up S3 folder def delete_object_s3(s3_bucket, s3_object): b = s3.Bucket(s3_bucket) b.delete_objects( Delete={ 'Objects': [ { 'Key': s3_object }, ] } ) # Function - Delete SQS message def delete_sqs_message(msg): sqs.delete_message( QueueUrl=sqs_url, ReceiptHandle=msg.get('ReceiptHandle') ) # Function - Process JSON logs batch def process_s3_batch(bucket, folder, local=None): print('JSON processing -- STARTED') parse_substring = '".": {}, ' processing = True request_suffix = f"/{elastic_index_alias}/_bulk?pipeline={elastic_index_pipeline}" while processing: b = s3.Bucket(bucket) messages = sqs.receive_message( QueueUrl=sqs_url, MaxNumberOfMessages=10, VisibilityTimeout=60, WaitTimeSeconds=20 ).get('Messages') if(messages == None): processing = False continue for msg in messages: msg_body = json.loads(msg.get('Body')) source = msg_body['object_id'] cloud_id = msg_body['cloud_id'] folder_id = msg_body['folder_id'] cluster_id = msg_body['cluster_id'] cluster_url = msg_body['cluster_url'] if source[-1] == '/': delete_sqs_message(msg) continue target = source if local is None \ else os.path.join(local, source) if not os.path.exists(os.path.dirname(target)): os.makedirs(os.path.dirname(target)) try: b.download_file(source, target) except botocore.exceptions.ClientError as e: sqs.delete_message( QueueUrl=sqs_url, ReceiptHandle=msg.get('ReceiptHandle') ) continue with open(target, "r") as raw_file: lines = [] for line in raw_file: lines.append('{"index":{}},') line = line.replace(parse_substring, "") lines.append(f"{line.rstrip()[:-1]}, \"cloud_id\": \"{cloud_id}\", \"folder_id\": \"{folder_id}\", \"cluster_id\": \"{cluster_id}\", \"cluster_url\": \"{cluster_url}\"}},") lines[-1] = lines[-1][:-1]+"\n" data = "\n".join(lines) response = requests.post(elastic_server+request_suffix, \ data=data, verify=elastic_cert, auth=(elastic_auth_user, elastic_auth_pw), \ headers={"Content-Type":"application/json"}) if(response.status_code == 200): delete_object_s3(s3_bucket, source) delete_sqs_message(msg) os.remove(target) print(response.text) else: print(response.text) print(f"JSON processing -- COMPLETE") # Process - Upload data def upload_logs(): if(get_config_index_state()): print("Config index -- EXISTS") process_s3_batch(s3_bucket, s3_folder, s3_local) refresh_index() else: create_lifecycle_policy() create_index_template() create_first_index() create_index_alias() create_ingest_pipeline() configure_kibana() create_config_index() process_s3_batch(s3_bucket, s3_folder, s3_local) refresh_index() ### MAIN CONTROL PANEL upload_logs() print("Sleep -- STARTED") time.sleep(sleep_time) ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-siem-importer/worker/function/requirements.txt ================================================ boto3 requests botocore ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/00-infra.tf ================================================ data "yandex_iam_service_account" "bucket_sa" { service_account_id = var.log_bucket_service_account_id } data "yandex_kubernetes_cluster" "my_cluster" { folder_id = var.folder_id name = var.cluster_name } data "yandex_resourcemanager_folder" "my_folder" { folder_id = var.folder_id } resource "yandex_iam_service_account_static_access_key" "sa_static_key" { service_account_id = data.yandex_iam_service_account.bucket_sa.id description = "static access key for object storage" } data "yandex_client_config" "client" {} provider "helm" { kubernetes { host = data.yandex_kubernetes_cluster.my_cluster.master.0.public_ip == true ? data.yandex_kubernetes_cluster.my_cluster.master.0.external_v4_endpoint : data.yandex_kubernetes_cluster.my_cluster.master.0.internal_v4_endpoint cluster_ca_certificate = data.yandex_kubernetes_cluster.my_cluster.master.0.cluster_ca_certificate token = data.yandex_client_config.client.iam_token } } /* data "local_file" "yc-mk8s-ca" { filename = "${path.module}/templates/yc-mk8s.ca" } data "template_file" "kubeconfig" { template = file("${path.module}/templates/kubeconfig-template.yaml.tpl") vars = { context = var.cluster_name cluster_ca_certificate = data.local_file.yc-mk8s-ca.content endpoint = data.yandex_kubernetes_cluster.my_cluster.master.0.public_ip == true ? data.yandex_kubernetes_cluster.my_cluster.master.0.external_v4_endpoint : data.yandex_kubernetes_cluster.my_cluster.master.0.internal_v4_endpoint token = data.yandex_client_config.client.iam_token } } resource "local_file" "kubeconfig" { content = data.template_file.kubeconfig.rendered filename = "${path.cwd}/foo.bar" } provider "kustomization" { kubeconfig_raw = data.template_file.kubeconfig.rendered } output "cluster" { description = "A kubeconfig file configured to access the GKE cluster." value = data.yandex_kubernetes_cluster.my_cluster.master } output "kubeconfig_raw" { description = "A kubeconfig file configured to access the GKE cluster." value = data.template_file.kubeconfig.rendered } /* locals { kubeconfig_raw_vars = { context = var.cluster_name cluster_ca_certificate = data.yandex_kubernetes_cluster.my_cluster.master.0.cluster_ca_certificate endpoint = data.yandex_kubernetes_cluster.my_cluster.master.0.public_ip == true ? data.yandex_kubernetes_cluster.my_cluster.master.0.external_v4_endpoint : data.yandex_kubernetes_cluster.my_cluster.master.0.internal_v4_endpoint token = data.yandex_client_config.client.iam_token } } locals { kubeconfig_raw = trim(yamlencode(templatefile("${path.module}/templates/kubeconfig-template.yaml.tpl",local.kubeconfig_raw_vars)),"|-") } output "kubeconfig_raw" { sensitive = true description = "A kubeconfig file configured to access the GKE cluster." value = local.kubeconfig_raw } */ ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/01-audit-export.tf ================================================ //выдача прав на создание функции resource "yandex_resourcemanager_folder_iam_binding" "create_funct" { count = var.function_service_account_id != "" ? 0 : 1 folder_id = var.folder_id role = "serverless.functions.admin" members = [ "serviceAccount:${data.yandex_iam_service_account.bucket_sa.id}", ] } //-------- data "archive_file" "function" { type = "zip" source_dir = "${path.module}/function" output_path = "${path.module}/sync.zip" } resource "yandex_function" "k8s_log_exporter" { folder_id = var.folder_id name = "k8s-log-exporter-for-cluster-${data.yandex_kubernetes_cluster.my_cluster.id}" runtime = "python38" entrypoint = "main.handler" memory = "128" execution_timeout = "30" service_account_id = var.function_service_account_id != "" ? var.function_service_account_id : data.yandex_iam_service_account.bucket_sa.id environment = { AWS_ACCESS_KEY_ID = yandex_iam_service_account_static_access_key.sa_static_key.access_key AWS_SECRET_ACCESS_KEY = yandex_iam_service_account_static_access_key.sa_static_key.secret_key BUCKET_NAME = var.log_bucket_name CLOUD_ID = data.yandex_resourcemanager_folder.my_folder.cloud_id CLUSTER_ID = data.yandex_kubernetes_cluster.my_cluster.id FOLDER_ID = var.folder_id } user_hash = data.archive_file.function.output_base64sha256 content { zip_filename = data.archive_file.function.output_path } } resource "yandex_function_trigger" "logs-trigger" { name = "k8s-log-trigger-${data.yandex_kubernetes_cluster.my_cluster.id}" folder_id = var.folder_id function { id = yandex_function.k8s_log_exporter.id service_account_id = var.function_service_account_id != "" ? var.function_service_account_id : data.yandex_iam_service_account.bucket_sa.id } log_group { log_group_ids = [ data.yandex_kubernetes_cluster.my_cluster.log_group_id, ] batch_cutoff = 10 batch_size = 100 } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/02-kubernetes-falco.tf ================================================ resource "helm_release" "falco" { depends_on = [ helm_release.policy_repoter ] name = "falco" chart = "falco" repository = "https://falcosecurity.github.io/charts" namespace = "falco" create_namespace = true values = [ "${file("${path.module}/templates/falco-base.yaml")}" ] set { name = "fakeEventGenerator.enabled" value = var.fakeeventgenerator_enabled } set { name = "ebpf.enabled" value = "true" } } resource "helm_release" "falcosidekick" { depends_on = [ helm_release.falco ] name = "falcosidekick" chart = "falcosidekick" repository = "https://falcosecurity.github.io/charts" namespace = "falco" values = [ "${file("${path.module}/templates/falcosidekick-base.yaml")}" ] set { name = "config.yandex.accesskeyid" value = yandex_iam_service_account_static_access_key.sa_static_key.access_key } set { name = "config.yandex.secretaccesskey" value = yandex_iam_service_account_static_access_key.sa_static_key.secret_key } set { name = "config.yandex.s3.bucket" value = var.log_bucket_name } set { name = "config.yandex.s3.prefix" value = "FALCO/${data.yandex_resourcemanager_folder.my_folder.cloud_id}/${var.folder_id}/${data.yandex_kubernetes_cluster.my_cluster.id}" } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/03-kyverno.tf ================================================ resource "helm_release" "kyverno-policies" { depends_on = [ helm_release.kyverno ] name = "kyverno-policies" chart = "kyverno-policies" repository = "https://kyverno.github.io/kyverno/" namespace = "kyverno" set { name = "podSecurityStandard" value = var.podSecurityStandard } set { name = "validationFailureAction" value = var.validationFailureAction } } resource "helm_release" "kyverno" { name = "kyverno" chart = "kyverno" repository = "https://kyverno.github.io/kyverno/" namespace = "kyverno" create_namespace = true } resource "helm_release" "policy_repoter" { depends_on = [ helm_release.kyverno ] name = "policy-reporter" chart = "${path.module}/charts/policy-reporter" repository = "https://kyverno.github.io/kyverno/" namespace = "kyverno" set { name = "target.yandex.accesskeyid" value = yandex_iam_service_account_static_access_key.sa_static_key.access_key } set { name = "target.yandex.secretaccesskey" value = yandex_iam_service_account_static_access_key.sa_static_key.secret_key } set { name = "target.yandex.bucket" value = var.log_bucket_name } set { name = "target.yandex.prefix" value = "KYVERNO/${data.yandex_resourcemanager_folder.my_folder.cloud_id}/${var.folder_id}/${data.yandex_kubernetes_cluster.my_cluster.id}" } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/README.md ================================================ # security-events-to-storage-exporter Описание: Модуль для включения логирования кластера k8s. На текущий момент он настраивает отправку audit логов в s3. ### Принимает на вход: - folder_id (id каталога в котором лежит кластер) - cluster_name (имя кластера k8s) - log_bucket_service_account_id - id сервис аккаунта который может писать в бакет - log_bucket_name - имя бакета куда писать лог - function_service_account_id - (опционально) id сервисного аккаунта который будет запускать фукнцию , если не указан то используется log_bucket_service_account_id ### Выполняет: - создание статического ключа для УЗ - создание функции и тригера для записи логов кластера в s3 - установку falco и настроенного falcosidekick, который отправит логи в s3 - установку OPA Gatekeeper ### TBD - настройку библиотек OPA Gatekeeper Пререквизиты: 1) Учетная запись под, которой вызывается сам модуль (должна обладать правами на создание кластера k8s и назначением права *serverless.function* на sa) Пример вызова модуля (находится рядом в папке): ### Вызов модуля ``` module "cilium_cluster_1_export" { source = "../k8s-security-exporter/" # путь до модуля folder_id = "xxxxxx" // folder-id кластера k8s yc managed-kubernetes cluster get --name=<имя кластера> --format=json | jq .folder_id cluster_name = "cilium-cluster-1" // bucket id выданный администратором log_bucket_service_account_id = "xxxxxx" // id выданный администратором log_bucket_name = "logs-bucket" // можно подставить из конфига развертывания } ``` ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/charts/policy-reporter/Chart.yaml ================================================ apiVersion: v2 appVersion: 1.8.5 dependencies: - condition: monitoring.enabled name: monitoring repository: "" version: 1.4.2 - condition: ui.enabled name: ui repository: "" version: 1.8.5 - condition: kyvernoPlugin.enabled name: kyvernoPlugin repository: "" version: 0.5.2 description: 'K8s PolicyReporter watches for wgpolicyk8s.io/v1alpha1.PolicyReport resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord ' name: policy-reporter type: application version: 1.8.8 ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/charts/policy-reporter/config.yaml ================================================ loki: host: {{ .Values.target.loki.host | quote }} minimumPriority: {{ .Values.target.loki.minimumPriority | quote }} skipExistingOnStartup: {{ .Values.target.loki.skipExistingOnStartup }} elasticsearch: host: {{ .Values.target.elasticsearch.host | quote }} index: {{ .Values.target.elasticsearch.index | default "policy-reporter" | quote }} rotation: {{ .Values.target.elasticsearch.rotation | default "dayli" | quote }} minimumPriority: {{ .Values.target.elasticsearch.minimumPriority | quote }} skipExistingOnStartup: {{ .Values.target.elasticsearch.skipExistingOnStartup }} slack: webhook: {{ .Values.target.slack.webhook | quote }} minimumPriority: {{ .Values.target.slack.minimumPriority | quote }} skipExistingOnStartup: {{ .Values.target.slack.skipExistingOnStartup }} discord: webhook: {{ .Values.target.discord.webhook | quote }} minimumPriority: {{ .Values.target.discord.minimumPriority | quote }} skipExistingOnStartup: {{ .Values.target.discord.skipExistingOnStartup }} teams: webhook: {{ .Values.target.teams.webhook | quote }} minimumPriority: {{ .Values.target.teams.minimumPriority | quote }} skipExistingOnStartup: {{ .Values.target.teams.skipExistingOnStartup }} ui: host: {{ include "policyreporter.uihost" . }} minimumPriority: {{ .Values.target.ui.minimumPriority | quote }} skipExistingOnStartup: {{ .Values.target.ui.skipExistingOnStartup }} yandex: accesskeyid: {{ .Values.target.yandex.accesskeyid }} secretaccesskey: {{ .Values.target.yandex.secretaccesskey }} region: {{ .Values.target.yandex.region }} endpoint: {{ .Values.target.yandex.endpoint }} bucket: {{ .Values.target.yandex.bucket }} prefix: {{ .Values.target.yandex.prefix }} minimumpriority: {{ .Values.target.yandex.minimumpriority }} skipExistingOnStartup: {{ .Values.target.yandex.skipExistingOnStartup }} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/charts/policy-reporter/templates/_helpers.tpl ================================================ {{- define "policyreporter.name" -}} {{- "policy-reporter" }} {{- end }} {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} {{- define "policyreporter.fullname" -}} {{- $name := .Chart.Name }} {{- if .Values.global.fullnameOverride }} {{- .Values.global.fullnameOverride }} {{- else if contains $name .Release.Name }} {{- .Release.Name | trunc 63 | trimSuffix "-" }} {{- else }} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} {{- end }} {{- end }} {{/* Create chart name and version as used by the chart label. */}} {{- define "policyreporter.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Common labels */}} {{- define "policyreporter.labels" -}} helm.sh/chart: {{ include "policyreporter.chart" . }} {{ include "policyreporter.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- with .Values.global.labels }} {{ toYaml . }} {{- end -}} {{- end }} {{/* Selector labels */}} {{- define "policyreporter.selectorLabels" -}} app.kubernetes.io/name: {{ include "policyreporter.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* Create the name of the service account to use */}} {{- define "policyreporter.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} {{- default (include "policyreporter.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} {{/* Create UI target host based on configuration */}} {{- define "policyreporter.uihost" -}} {{ if .Values.target.ui.host }} {{- else if .Values.ui.enabled }} {{- printf "http://%s-ui:%s" .Release.Name (.Values.ui.service.port | toString) }} {{- else }} {{- "" }} {{- end }} {{- end }} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/charts/policy-reporter/templates/clusterrole.yaml ================================================ {{- if .Values.serviceAccount.create -}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" {{- include "policyreporter.labels" . | nindent 4 }} name: {{ include "policyreporter.fullname" . }} rules: - apiGroups: - '*' resources: - policyreports - policyreports/status - clusterpolicyreports - clusterpolicyreports/status verbs: - get - list - watch {{- end -}} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/charts/policy-reporter/templates/clusterrolebinding.yaml ================================================ {{- if .Values.rbac.enabled -}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ include "policyreporter.fullname" . }} labels: {{- include "policyreporter.labels" . | nindent 4 }} roleRef: kind: ClusterRole name: {{ include "policyreporter.fullname" . }} apiGroup: rbac.authorization.k8s.io subjects: - kind: "ServiceAccount" name: {{ include "policyreporter.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end -}} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/charts/policy-reporter/templates/deployment.yaml ================================================ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "policyreporter.fullname" . }} labels: {{- include "policyreporter.labels" . | nindent 4 }} {{- if .Values.annotations }} annotations: {{- toYaml .Values.annotations | nindent 4 }} {{- end }} spec: replicas: {{ .Values.replicaCount }} {{- if .Values.deploymentStrategy }} strategy: {{- toYaml .Values.deploymentStrategy | nindent 4 }} {{- end }} selector: matchLabels: {{- include "policyreporter.selectorLabels" . | nindent 6 }} template: metadata: labels: {{- include "policyreporter.selectorLabels" . | nindent 8 }} {{- with .Values.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.global.labels }} {{- toYaml . | nindent 8 }} {{- end }} annotations: checksum/secret: {{ include (print .Template.BasePath "/targetssecret.yaml") . | sha256sum | quote }} policy-priorities/enabled: {{ .Values.policyPriorities.enabled | quote }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "policyreporter.serviceAccountName" . }} automountServiceAccountToken: true containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if .Values.securityContext }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} {{- end }} args: - --config=/app/config.yaml ports: - name: http containerPort: 2112 protocol: TCP - name: rest containerPort: 8080 protocol: TCP livenessProbe: httpGet: path: /ready port: rest readinessProbe: httpGet: path: /healthz port: rest resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: - name: config-file mountPath: /app/config.yaml subPath: config.yaml env: - name: NAMESPACE value: {{ .Release.Namespace }} volumes: - name: config-file secret: secretName: {{ include "policyreporter.fullname" . }}-targets optional: true {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/charts/policy-reporter/templates/prioritymap.yaml ================================================ {{- if and .Values.policyPriorities.enabled .Values.policyPriorities.mapping -}} apiVersion: v1 kind: ConfigMap metadata: name: policy-reporter-priorities labels: {{- include "policyreporter.labels" . | nindent 4 }} data: {{- with .Values.policyPriorities.mapping }} {{- toYaml . | nindent 4 }} {{- end }} {{- end }} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/charts/policy-reporter/templates/role.yaml ================================================ {{- if .Values.policyPriorities.enabled -}} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "policyreporter.fullname" . }} labels: {{- include "policyreporter.labels" . | nindent 4 }} rules: - apiGroups: - '' resources: - configmaps verbs: - get - list - watch {{- end }} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/charts/policy-reporter/templates/rolebinding.yaml ================================================ {{- if .Values.policyPriorities.enabled -}} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "policyreporter.fullname" . }} labels: {{- include "policyreporter.labels" . | nindent 4 }} roleRef: kind: Role name: {{ include "policyreporter.fullname" . }} apiGroup: rbac.authorization.k8s.io subjects: - kind: "ServiceAccount" name: {{ include "policyreporter.serviceAccountName" . }} namespace: {{ .Release.Namespace }} {{- end }} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/charts/policy-reporter/templates/service.yaml ================================================ {{- $apiEnabled := .Values.api.enabled -}} {{- $uiEnabled := .Values.ui.enabled -}} {{- if .Values.service.enabled -}} apiVersion: v1 kind: Service metadata: name: {{ include "policyreporter.fullname" . }} labels: {{- include "policyreporter.labels" . | nindent 4 }} {{- with .Values.service.labels }} {{- toYaml . | nindent 4 }} {{- end }} {{- with .Values.service.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: type: {{ .Values.service.type }} ports: - port: {{ .Values.service.port }} targetPort: http protocol: TCP name: http {{- if or $apiEnabled $uiEnabled }} - port: {{ .Values.global.port }} targetPort: rest protocol: TCP name: rest {{- end }} selector: {{- include "policyreporter.selectorLabels" . | nindent 4 }} {{- end }} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/charts/policy-reporter/templates/serviceaccount.yaml ================================================ {{- if .Values.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "policyreporter.serviceAccountName" . }} labels: {{- include "policyreporter.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} {{- end }} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/charts/policy-reporter/templates/targetssecret.yaml ================================================ apiVersion: v1 kind: Secret metadata: name: {{ include "policyreporter.fullname" . }}-targets labels: {{- include "policyreporter.labels" . | nindent 4 }} type: Opaque data: config.yaml: {{ tpl (.Files.Get "config.yaml") . | b64enc }} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/charts/policy-reporter/values.yaml ================================================ image: repository: cr.yandex/crpjfmfou6gflobbfvfv/policy-reporter-test pullPolicy: Always tag: latest imagePullSecrets: [] # Deploy not more than one replica # Policy Reporter doesn't scale yet. # Each pod will report each change. replicaCount: 1 deploymentStrategy: {} # rollingUpdate: # maxSurge: 25% # maxUnavailable: 25% # type: RollingUpdate # Key/value pairs that are attached to Deployment. annotations: {} # Create cluster role policies rbac: enabled: true serviceAccount: # Specifies whether a service account should be created create: true # Annotations to add to the service account annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" service: enabled: true ## configuration of service # key/value annotations: {} # key/value labels: {} type: ClusterIP # integer nubmer. This is port for service port: 2112 securityContext: runAsUser: 1234 runAsNonRoot: true privileged: false allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: - all # Key/value pairs that are attached to pods. podAnnotations: {} # Key/value pairs that are attached to pods. podLabels: {} resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # memory: 30Mi # cpu: 10m # requests: # memory: 20Mi # cpu: 5m # enable policy-report-ui ui: enabled: false kyvernoPlugin: enabled: true monitoring: enabled: false namespace: cattle-dashboards serviceMonitor: # labels to match the serviceMonitorSelector of the Prometheus Resource labels: {} global: # availale plugins plugins: # enable kyverno for Policy Reporter UI and monitoring keyverno: false # The name of service policy-report. If you changed ReleaseName you have to replace it backend: policy-reporter # Service Port number port: 8080 fullnameOverride: "" # additional labels added on each resource labels: {} # DEPRECTED - Can be removed # Policy Reporter watches now for both existing versions by default crdVersion: v1alpha1 # DEPRECTED - Can be removed # Policy Reporter uses a new internal cache instead cleanupDebounceTime: 20 api: enabled: false # Policy Priorities policyPriorities: enabled: false # configure mappings from policy to priority # you can use default to configure a default priority not passing results # example mapping # default: warning # require-ns-labels: error mapping: {} # Supported targets for new PolicyReport Results target: loki: # loki host address host: "" # minimum priority "" < info < warning < critical < error minimumPriority: "" # Skip already existing PolicyReportResults on startup skipExistingOnStartup: true elasticsearch: # elasticsearch host address host: "" # elasticsearch index (default: policy-reporter) index: "" # elasticsearch index rotation and index suffix # possible values: dayli, monthly, annually, none (default: dayli) rotation: "" # minimum priority "" < info < warning < critical < error minimumPriority: "" # Skip already existing PolicyReportResults on startup skipExistingOnStartup: true slack: # slack app webhook address webhook: "" # minimum priority "" < info < warning < critical < error minimumPriority: "" # Skip already existing PolicyReportResults on startup skipExistingOnStartup: true discord: # discord app webhook address webhook: "" # minimum priority "" < info < warning < critical < error minimumPriority: "" # Skip already existing PolicyReportResults on startup skipExistingOnStartup: true teams: # teams webhook address webhook: "" # minimum priority "" < info < warning < critical < error minimumPriority: "" # Skip already existing PolicyReportResults on startup skipExistingOnStartup: true ui: # teams webhook address host: "" # minimum priority "" < info < warning < critical < error minimumPriority: "info" # Skip already existing PolicyReportResults on startup skipExistingOnStartup: true yandex: accesskeyid: "" # yandex access key secretaccesskey: "" # yandex secret access key bucket: "" # Yandex storage, bucket name prefix: KYVERNO minimumpriority: info # minimum priority "" < info < warning < critical < error skipExistingOnStartup: true # Skip already existing PolicyReportResults on startup # Node labels for pod assignment # ref: https://kubernetes.io/docs/user-guide/node-selection/ nodeSelector: {} # Tolerations for pod assignment # ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] # Anti-affinity to disallow deploying client and master nodes on the same worker node affinity: {} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/example/main.tf ================================================ // Вызов модуля module "cilium_cluster_1_export" { source = "../../security-events-to-storage-exporter/" # путь до модуля folder_id = "xxxxxx" // folder-id кластера k8s yc managed-kubernetes cluster get --id --format=json | jq .folder_id cluster_name = "cilium-cluster-1" // имя кластера log_bucket_service_account_id = "xxxxxx" // id выданный администратором log_bucket_name = "xxxxxx" // можно подставить из конфига развертывания # function_service_account_id = "чч" // опциоанальный id сервисного аккаунта который вызывает функции - если не выставлен то функция вызывается от имени log_bucket_service_account_id } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/example/provider.tf ================================================ terraform { required_providers { yandex = { source = "yandex-cloud/yandex" } } } provider "yandex" { service_account_key_file = "./key.json" # or you can use: token = var.token for user account not sa cloud_id = "xxxxxx" folder_id = "xxxxxx" } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/function/Makefile ================================================ all: clean dependencies package clean: rm -rf dist/ dirs: mkdir -p dist/ dependencies: dirs docker run --rm \ -v $(shell pwd)/dist:/dist -v $(shell pwd):/app \ -w /app \ python:3.7-stretch \ pip3 install -r /app/requirements.txt --target /dist/ install-code: dirs cp main.py dist/main.py cp s3.py dist/s3.py package: dirs install-code rm -f dist.zip cd dist && zip --exclude '*.pyc' -r ../dist.zip ./* .PHONY: clean dirs dependencies install-code package all ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/function/main.py ================================================ import json import os import sys import uuid import boto3 import string import random from datetime import datetime def get_random_alphanumeric_string(length): letters_and_digits = string.ascii_letters + string.digits result_str = ''.join((random.choice(letters_and_digits) for i in range(length))) return result_str client = boto3.client( service_name='s3', endpoint_url='https://storage.yandexcloud.net', region_name='ru-central1' ) def handler(event, context): for log_data in event['messages']: full_log = [] for log_entry in log_data['details']['messages']: kubernetes_log = json.loads(log_entry['message']) full_log.append(json.dumps(kubernetes_log)) bucket_name = os.environ.get('BUCKET_NAME') # object_key = os.environ.get('LOG_PREFIX')+'/'+datetime.now().strftime('%Y-%m-%d-%H:%M:%S')+'-'+get_random_alphanumeric_string(5) object_key = 'AUDIT/'+os.environ.get('CLOUD_ID')+'/'+os.environ.get('FOLDER_ID')+'/'+os.environ.get('CLUSTER_ID')+'/'+datetime.now().strftime('%Y-%m-%d-%H:%M:%S')+'-'+get_random_alphanumeric_string(5) object_value = '\n'.join(full_log) client.put_object(Bucket=bucket_name, Key=object_key, Body=object_value, StorageClass='COLD') print(object_value) ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/function/requirements.txt ================================================ botocore boto3 ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/function/test.py ================================================ def test(a): pass ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/outputs.tf ================================================ output "service_account_id" { value = data.yandex_iam_service_account.bucket_sa.id sensitive = true } output "folder_id" { value = data.yandex_resourcemanager_folder.my_folder.id sensitive = true } output "log_bucket_name" { value = var.log_bucket_name sensitive = true } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/templates/falco-base.yaml ================================================ image: registry: docker.io repository: falcosecurity/falco pullPolicy: IfNotPresent docker: enabled: true socket: /var/run/docker.sock containerd: enabled: true socket: /run/containerd/containerd.sock falco: jsonOutput: true jsonIncludeOutputProperty: true httpOutput: enabled: true url: http://falcosidekick:2801/ customRules: rules-cilium.yaml: |- # disabling cilium false positives - rule: Packet socket created in container desc: Detect new packet socket at the device driver (OSI Layer 2) level in a container. Packet socket could be used for ARP Spoofing and privilege escalation(CVE-2020-14386) by attacker. condition: evt.type=socket and evt.arg[0]=AF_PACKET and consider_packet_socket_communication and container and not proc.name in (user_known_packet_socket_binaries) and not container.image.repository=cr.yandex/crpsjg1coh47p81vh2lc/k8s-addons/cilium/cilium output: Packet socket was created in a container (user=%user.name user_loginuid=%user.loginuid command=%proc.cmdline socket_info=%evt.args container_id=%container.id container_name=%container.name image=%container.image.repository:%container.image.tag) priority: NOTICE tags: [network, mitre_discovery] ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/templates/falcosidekick-base.yaml ================================================ # enable falcosidekick deployment image: tag: 2.24.0 ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/templates/kubeconfig-template.yaml.tpl ================================================ apiVersion: v1 clusters: - cluster: certificate-authority-data: ${cluster_ca_certificate} server: ${endpoint} name: ${context} contexts: - context: cluster: ${context} user: ${context} name: ${context} current-context: ${context} kind: Config preferences: {} users: - name: ${context} user: token: ${token} ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/templates/yc-mk8s.ca ================================================ LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1EWXhNREE0TlRBMU0xb1hEVE14TURZd09EQTROVEExTTFvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXNDCnhocFpIQTB0b096RVRFV05CbGJremljTUg0NTdhK0ltajExc1ZweHlRYnM1U1B6cXdkRUVTMVN3MHpxZnAvbTQKYi9LSDVmNVY4MEFBekdnY2RqUXBYREQ2VFYzeThDSmdzbTE0TjllZzQxWHF2MUZFOTV5U0tpeFhHQjlkbk01Kwp5N0V1SXY1Z1FoZTBCMWUvRmRtM0h1QWNUblJkbzdLdEV6bGI4c3luSVVVNnRZaUVYNVd2cFBsaDRlcHo1eHo4ClBFd2xyZWJsaDRNaE85OWE3bmswYXd5RGV5OFdmNkM0eXdadHUrUG5XNGw1UzVjTnF6Wi9pcWJnN0pmeFZVU3EKYTBzWHJoNzRPMDI3SStlQ3dOVGxCYU5lVUNJY3owYm9nQ3o3dkh6ZnNkODhIdXJ2RnphSTRURGtyMHd4dkNkdApRQVFUUDdPVmp1d2hISXpteE9FQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZOUTlmQWNBemowd2FHS3NXdFU5bWpkeDdXQXFNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFBR3V5cFFaMDM0RzQ4RHhtVzl1MFFFZ0pNNUlRVHYzUnZDNEFnenkxVnlkd0tVNG8zOApheHQrY2RGYWgrTFFoRVd3amErYzhCY1VzU0lGQVRaU2V2a3p6MkVOVVpwNlVHVmY4QjFKNjZEQU5nYXY4cks4ClN3VktSMHFuV2czSHVqZGlpcWZvK3dyQnRRUUk3VUxuU0p6R3RYTjNZMlZPT2tyR1YxVUZOV3NhUzE0aklLRG4KMlMwYmovbVBxN2FnK3M0T0FMb1ltcGRybjNSZGN5RGdJUTE3MkNQM0doZ1hkd2VUYkV4UmtsYzVvUUhOYkV5NAo2b1l3em1FK0tqdG5Kd3FKYTRmRVM3WkExd2dzRW9HQXkzaUx3TlNBdDFEN2RZWGI0RU1reDZ6UTA0d2RIWDNGCnNGWHRJdFY3NjdJSmVEV1BmQjNiMHNxYkpqSE9kZ1pmcnhmTwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/variables.tf ================================================ variable "folder_id" { } variable "cluster_name" { } variable "log_bucket_service_account_id" { } variable "fakeeventgenerator_enabled" { default = true } variable "podSecurityStandard" { default = "restricted" } variable "validationFailureAction" { default = "audit" } variable "log_bucket_name" { } variable "function_service_account_id" { default = "" } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/k8s_demo/security-events-to-storage-exporter/versions.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.5" } kustomization = { source = "kbst/kustomization" version = "0.5.0" } } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/modules/yc-elastic-trail/cloud-init_lin.tpl.yaml ================================================ #cloud-config #ssh_pwauth: no users: - name: yc-user sudo: ALL=(ALL) NOPASSWD:ALL groups: sudo shell: /bin/bash ssh_authorized_keys: - "${ssh_key}" ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/modules/yc-elastic-trail/docker-declaration.yaml ================================================ spec: containers: - env: - name: ELASTIC_SERVER value: ${ELASTIC_SERVER} - name: KIBANA_SERVER value: ${KIBANA_SERVER} - name: ELASTIC_AUTH_USER value: ${ELASTIC_AUTH_USER} - name: ELASTIC_INDEX_NAME value: ${ELASTIC_INDEX_NAME} - name: S3_BUCKET value: ${S3_BUCKET} - name: S3_FOLDER value: ${S3_FOLDER} - name: SLEEP_TIME value: ${SLEEP_TIME} - name: PYTHONUNBUFFERED value: 1 - name: ELK_PASS_ENCR value: ${ELK_PASS_ENCR} - name: S3_KEY_ENCR value: ${S3_KEY_ENCR} - name: S3_SECRET_ENCR value: ${S3_SECRET_ENCR} - name: KMS_KEY_ID value: ${KMS_KEY_ID} image: cr.yandex/crpjfmfou6gflobbfvfv/s3-elk-importer:latest name: audittrails-worker securityContext: privileged: false stdin: false tty: false restartPolicy: Always ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/modules/yc-elastic-trail/main.tf ================================================ # Сервисная учетная запись data "yandex_iam_service_account" "bucket_sa" { service_account_id = var.sa_id } # Создаем static key resource "yandex_iam_service_account_static_access_key" "sa_static_key" { service_account_id = data.yandex_iam_service_account.bucket_sa.id description = "static access key for object storage" } # Работаем с ssh ключем resource "tls_private_key" "ssh" { algorithm = "RSA" rsa_bits = "4096" } resource "local_file" "private_key" { content = tls_private_key.ssh.private_key_pem filename = "pt_key.pem" file_permission = "0600" } data "template_file" "cloud_init_lin" { template = file("../modules/yc-elastic-trail/cloud-init_lin.tpl.yaml") vars = { ssh_key = "${chomp(tls_private_key.ssh.public_key_openssh)}" } } # Создаем docker-declaration data "template_file" "docker-declaration" { template = file("../modules/yc-elastic-trail/docker-declaration.yaml") vars = { ELASTIC_SERVER = "${var.elk_address}:9200" KIBANA_SERVER = "${var.elk_address}" ELASTIC_AUTH_USER = "admin" ELASTIC_INDEX_NAME = "audit-trails-index" S3_BUCKET = "${var.bucket_name}" S3_FOLDER = "${var.bucket_folder}" SLEEP_TIME = "300" ELK_PASS_ENCR = "${yandex_kms_secret_ciphertext.encrypted_pass.ciphertext}" S3_KEY_ENCR = "${yandex_kms_secret_ciphertext.encrypted_s3_key.ciphertext}" S3_SECRET_ENCR = "${yandex_kms_secret_ciphertext.encrypted_s3_secret.ciphertext}" KMS_KEY_ID = "${yandex_kms_symmetric_key.key-elk.id}" } } # Развертывание Container-Optimised Image data "yandex_compute_image" "container-optimized-image" { family = "container-optimized-image" } resource "yandex_compute_instance" "instance-based-on-coi" { name = "elk-sync" hostname = "elk-sync" zone = "ru-central1-a" service_account_id = data.yandex_iam_service_account.bucket_sa.id boot_disk { initialize_params { image_id = data.yandex_compute_image.container-optimized-image.id type = "network-ssd" size = 100 } } network_interface { subnet_id = var.coi_subnet_id # Не забудьте включить NAT для подсети, где будет размещен COI! } resources { cores = 4 memory = 4 } metadata = { user-data = "${data.template_file.cloud_init_lin.rendered}" docker-container-declaration = "${data.template_file.docker-declaration.rendered}" } } # Создание KMS ключа resource "yandex_kms_symmetric_key" "key-elk" { name = "key-elk" description = "description for key" default_algorithm = "AES_128" } # Назначение роли на sa на расшифровку ключа resource "yandex_resourcemanager_folder_iam_binding" "binding" { folder_id = var.folder_id role = "kms.keys.encrypterDecrypter" members = [ "serviceAccount:${data.yandex_iam_service_account.bucket_sa.id}", ] } resource "yandex_kms_secret_ciphertext" "encrypted_pass" { key_id = yandex_kms_symmetric_key.key-elk.id plaintext = var.elk_credentials } resource "yandex_kms_secret_ciphertext" "encrypted_s3_key" { key_id = yandex_kms_symmetric_key.key-elk.id plaintext = yandex_iam_service_account_static_access_key.sa_static_key.access_key } resource "yandex_kms_secret_ciphertext" "encrypted_s3_secret" { key_id = yandex_kms_symmetric_key.key-elk.id plaintext = yandex_iam_service_account_static_access_key.sa_static_key.secret_key } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/modules/yc-elastic-trail/variables.tf ================================================ variable "folder_id" { description = "Yandex.Cloud ID каталога, где будут созданы ресурсы" default = "" # yc config get folder-id } variable "elk_credentials" { description = "Пароль для аутентификации в ElasticSearch" default = "" } variable "elk_address" { description = "FQDN-адрес инсталляции ElasticSearch вида https://c-xxx.rw.mdb.yandexcloud.net" default = "" } variable "bucket_name" { description = "Имя бакета, куда сохраняются логи AuditTrails" default = "" } variable "bucket_folder" { description = "Имя каталога, куда сохраняются логи AuditTrails" default = "" } variable "sa_id" { description = "ID сервисной учетной записи для работы с бакетом, с разрешением storage.editor" default = "" } variable "coi_subnet_id" { description = "ID подсети, где будет размещен container-инстанс" default = "" } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/example/modules/yc-elastic-trail/versions.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.60" } } } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/preparation/folders.txt ================================================ b1g31gsjsn9ajhtvtea1 b1g9divt1fgrifqrkvmb ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/preparation/main.tf ================================================ //----------------------Подготовка тестовой инфраструктуры----------------------------------- // Генерация random-string для имени bucket--------------------------------------------------------- locals { folders_format = replace(file("./folders.txt"), "\n", ",") folders = split(",", local.folders_format) } // Создание сети resource "yandex_vpc_network" "vpc-elk" { count = length(local.folders) folder_id = element(local.folders, count.index) name = "vpc-elk-${element(local.folders, count.index)}" } resource "yandex_vpc_subnet" "elk-subnet-a" { count = length(local.folders) folder_id = element(local.folders, count.index) name = "elk-subnet-a" zone = "ru-central1-a" network_id = element(yandex_vpc_network.vpc-elk[*].id, count.index) v4_cidr_blocks = ["192.168.1.0/24"] } //----------------------Создание ELK----------------------------------- resource "yandex_mdb_elasticsearch_cluster" "yc-elk" { count = length(local.folders) folder_id = element(local.folders, count.index) name = "yc-elk-${element(local.folders, count.index)}" environment = "PRODUCTION" network_id = element(yandex_vpc_network.vpc-elk[*].id, count.index) config { edition = var.elk_edition admin_password = element(local.folders, count.index) data_node { resources { resource_preset_id = var.elk_datanode_preset disk_type_id = "network-ssd" disk_size = var.elk_datanode_disk_size } } } host { name = "datanode-${element(local.folders, count.index)}" zone = "ru-central1-a" type = "DATA_NODE" assign_public_ip = true subnet_id = element(yandex_vpc_subnet.elk-subnet-a[*].id, count.index) } } //создание k8s cluster #Create k8s cluster ------------------------------------------------------------------------ resource "yandex_kubernetes_cluster" "k8s-cluster" { count = length(local.folders) folder_id = element(local.folders, count.index) name = "k8s-cluster-${element(local.folders, count.index)}" network_id = element(yandex_vpc_network.vpc-elk[*].id, count.index) master { version = "1.20" zonal { zone = "ru-central1-a" subnet_id = element(yandex_vpc_subnet.elk-subnet-a[*].id, count.index) } public_ip = true maintenance_policy { auto_upgrade = true maintenance_window { start_time = "15:00" duration = "3h" } } } service_account_id = element(yandex_iam_service_account.editor-sa[*].id, count.index) node_service_account_id = element(yandex_iam_service_account.editor-sa[*].id, count.index) release_channel = "RAPID" network_policy_provider = "CALICO" /* depends_on = [ element(yandex_resourcemanager_folder_iam_binding.editor-sa-binding[*].id, count.index) ] */ } #Create k8s nodes----------------------------------------------------------------------------------- resource "yandex_kubernetes_node_group" "my_node_group" { count = length(local.folders) // folder_id = element(local.folders, count.index) cluster_id = element(yandex_kubernetes_cluster.k8s-cluster[*].id, count.index) name = "my-nodes-${element(local.folders, count.index)}" description = "description" version = "1.20" instance_template { platform_id = "standard-v2" network_interface { nat = true subnet_ids = [element(yandex_vpc_subnet.elk-subnet-a[*].id, count.index)] } resources { memory = 2 cores = 2 } boot_disk { type = "network-hdd" size = 64 } scheduling_policy { preemptible = false } } scale_policy { fixed_scale { size = 1 } } allocation_policy { location { zone = "ru-central1-a" } } maintenance_policy { auto_upgrade = true auto_repair = true maintenance_window { day = "monday" start_time = "15:00" duration = "3h" } maintenance_window { day = "friday" start_time = "10:00" duration = "4h30m" } } } # Create service accounts for k8s------------------------------------------------------------------ resource "yandex_iam_service_account" "editor-sa" { count = length(local.folders) folder_id = element(local.folders, count.index) name = "editor-sa-${element(local.folders, count.index)}" } #Bind iam policy to service accounts---------------------------------------------------------------- resource "yandex_resourcemanager_folder_iam_binding" "editor-sa-binding" { count = length(local.folders) folder_id = element(local.folders, count.index) role = "editor" members = [ "serviceAccount:${element(yandex_iam_service_account.editor-sa[*].id, count.index)}", ] } //Create sa for trails----------------------------------- resource "yandex_iam_service_account" "trails-sa" { count = length(local.folders) folder_id = element(local.folders, count.index) name = "trails-sa-${element(local.folders, count.index)}" } resource "yandex_resourcemanager_cloud_iam_binding" "trails-sa-binding" { count = length(local.folders) # folder_id = element(local.folders, count.index) cloud_id = var.cloud_id role = "audit-trails.viewer" members = [ "serviceAccount:${element(yandex_iam_service_account.trails-sa[*].id, count.index)}", ] } resource "yandex_resourcemanager_folder_iam_binding" "trails-sa-binding2" { count = length(local.folders) folder_id = element(local.folders, count.index) role = "editor" members = [ "serviceAccount:${element(yandex_iam_service_account.trails-sa[*].id, count.index)}", ] } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/preparation/provider.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.60" } } } provider "yandex" { service_account_key_file = var.token # token = var.token cloud_id = var.cloud_id folder_id = var.folder_id } ================================================ FILE: auditlogs/export-auditlogs-to-ELK_main/workshop-guide/preparation/variables.tf ================================================ variable "token" { description = "Yandex.Cloud security OAuth token либо ключ сервисного аккаунта" default = "key.json" # generate yours by this https://cloud.yandex.ru/docs/iam/concepts/authorization/oauth-token } variable "folder_id" { description = "Yandex.Cloud Folder ID where resources will be created" default = "b1g88oud6hi0r8j4mv71" # yc config get folder-id } variable "cloud_id" { description = "Yandex.Cloud ID where resources will be created" default = "b1gq9j4sbpge1hdasvtp" # yc config get cloud-id } variable "zones" { description = "Yandex.Cloud default Zone for provisoned resources" type = list(string) default = ["ru-central1-a", "ru-central1-b", "ru-central1-c"] } variable "network_names" { description = "Yandex Cloud default Zone for provisoned resources" type = list(string) default = ["a", "b", "c"] } variable "app_cidrs" { type = list(string) default = ["192.168.1.0/24", "192.168.50.0/24", "192.168.70.0/24"] } variable "elk_edition" { description = "Редакция установки ELK (basic, gold, platinum)" default = "gold" } variable "elk_datanode_preset" { # see https://cloud.yandex.com/ru-kz/docs/managed-elasticsearch/concepts/instance-types#available-flavors description = "Размер ВМ для data узла" default = "s2.small" } variable "elk_datanode_disk_size" { description = "Размер диска data узла, в GB" default = 50 } ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/CONFIGURE-HA.md ================================================ # Recommendations for high data availability In terms of high data availability, the following mechanisms are used: - Multiple nodes for data. - Multiple replicas for indexes. - Indexes roll over according to the recommended schema: - When the index reaches 50GB, a new index is created; - A new index is created every thirty days. - The data is sent to the alias linked to the active index, that is, the index rollover must not affect operability of the schema in the example. ## Index rollover Index rollover uses the following Elasticsearch entities: - Indexes and index aliases. - Index template. - Index lifecycle policy. The first index in the example is created with a numeric suffix. This is to ensure that a new index with a modified suffix is created as a result of rollover. An alias is assigned to the created index, and this alias is then assigned to the new index at rollover. ## Index template An index template contains all the necessary parameters to create a new index as a result of the rollover: - Index pattern. Newly created indexes that meet the pattern are automatically created with the template parameters. - Index settings. In our case, this is the name of the index rollover policy, the number of data replicas, and the `rollover_alias`, that is, the alias that will be moved to the new index. ``` { "index": { "lifecycle": { "name": "audit-trails-ilm", "rollover_alias": "audit-trails-index" }, "number_of_replicas": "2" } } ``` - Mapping parameters. ## Index lifecycle policy The index lifecycle policy tracks the lifecycle of our data. As the data becomes older, you can move it to lower-end servers or disks, and, finally, delete them, after a certain period. In our example, we configured only the hot phase, with only default metrics for the rollover procedure enabled. But for production deployment, we recommended to plan for the process of data obsolescence (that is, moving it to "slow" nodes), and deletion. It is recommended to enable data deletion when you have no other phase but the hot one. After a certain period, indexes with obsolete data will be deleted. If you have set up data snapshots, you can enable the delete option only if a snapshot is present. In this case, specify the name of the snapshot policy. ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/CONFIGURE-HA_RU.md ================================================ # Рекомендации для высокой доступности данных В части высокой доступности данных в примере применены следующие механизмы: - Несколько нод для данных - Несколько реплик для индексов - Индексы ротируются (`rollover`) по рекомендованной схеме, а именно: - По достижению индексом размера в 50ГБ, создается новый индекс, или - Каждый тридцать дней, создается новый индекс - Данные отправляются в алиас (`alias`), который привязан к активному индексу, то есть ротация индекса не должна повлиять на работу схемы в примере ## Ротация индекса Ротация индекса использует следующие сущности в ElasticSearch: - Индексы и алиас (`alias`) индекса - Шаблона индекса (`index template`) - Политика жизненного цикла индекса (`index lifecycle policy`) Первый индекс в примере создается с цифровым суффиксом — это необходимо, чтобы в результате ротации создался новый индекс с измененным суффиксом. На созданный индекс назначается алиас, который в процессе ротации переносится на новый индекс. ## Шаблон индекса Шаблон индекса содержит все необходимые параметры для создания нового индекса в результате ротации: - Паттерн индекса (`index pattern`). Новосозданные индексы, подпадающие под паттерн, будут автоматически созданы с параметрами шаблона. - Настройки индекса. В нашем случае, это имя политики ротации (`index rollover policy`), количество реплик данных и `rollover_alias` - алиас, который будет перенесен на новый индекс. ``` { "index": { "lifecycle": { "name": "audit-trails-ilm", "rollover_alias": "audit-trails-index" }, "number_of_replicas": "2" } } ``` - Параметры сопоставления (`mapping`). ## Политика ротации Политика ротации (`index lifecycle policy`) отслеживает "жизненный путь" наших данных. По мере устаревания данных, данные можно переносить на менее производительные серверы или диски, а по истечении определенного времени — и, вовсе, удалить. В нашем примере настроена только горячая фаза (`hot phase`) и была включена рекомендованный по умолчанию метрики для процедуры rollover. Но в продуктивном развертывании рекомендуется спланировать, как процесс устаревания данных (перенос на "медленные" ноды), так и их удаление. Удаление данных рекомендуется включить и при отсутствии других фаз, только для горячей фазы. По истечении определенного времени, индексы с устаревшими данными будут удалены. Если настроены снимки данных (`snapshots`) — можно включить опцию удаления только при наличии снимка. В этом случае, необходимо указать имя политики создания снимков (`snapshot policy`) ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/README.md ================================================ # Сбор, мониторинг и анализ аудит логов Yandex.Cloud в Yandex Managed OpenSearch ![image](https://user-images.githubusercontent.com/85429798/184665197-01f0cbca-78f3-4b32-90f1-ee6a4fa71d8e.png) ## Version **Version-1.1** - Changelog: - Docker images: - `cr.yandex/sol/s3-opensearch-importer:1.1` ## Описание решения Решение позволяет собирать, мониторить и анализировать аудит логи Yandex.Cloud (Audit Trails) в OpenSearch из следующих источников: - [Yandex Audit Trails](https://cloud.yandex.ru/docs/audit-trails/) > Решение является постоянно обновляемым и поддерживаемым Security-командой Yandex.Cloud. > Важно! По умолчанию данная конструкция предлагает удалять файлы после вычитывания из бакета, но вы можете одновременно хранить аудит-логи Audit Trails в S3 на долгосрочной основе и отсылать в Elasticsearch. Для этого необходимо создать два Audit Trails в разных S3-бакетах. Первый бакет будет использоваться только для хранения, а второй — для интеграции с OpenSearch. ## Что делает решение - ☑️ Отправляет данные в существующий Yandex Managed OpenSearch кластер (если у вас нет кластера OpenSearch то воспользуйтесь инструкцией ниже) - ☑️ Разворачивает COI Instance с контейнером на базе образа s3-elk-importer (`cr.yandex/sol/s3-opensearch-importer:latest`) - ☑️ Загружает Security Content в OpenSearch (Dashboards, Detection Rules (с alerts), etc.) - ☑️ Обеспечивает непрерывную доставку json файлов с аудит логами из Yandex Object Storage (Audit Trails) в OpenSearch - ☑️ Создает индексы в двух репликах, настраивает базовую политику rollover (создания новых индексов каждые тридцать дней или по достижению 50ГБ), для дальнейшей настройки в части высокой доступности данных и для настройки снимков данных в S3 - см. [рекомендации](./CONFIGURE-HA.md). ## Схема решения image ## Security Content **Security Content** — объекты OpenSearch , которые автоматически загружаются решением. Весь контент разработан с учетом опыта Security команды Yandex.Cloud и на основе опыта Клиентов облака. Содержит следующий Security Content: - Dashboard, на котором отражены все use cases и полезная статистика - Набор Saved Queries для удобного поиска Security событий - Пример Alert на которые настроены оповещения (Клиенту самостоятельно необходимо указать назначение уведомлений) - Все интересные поля событий преобразованы в формат [Elastic Common Schema (ECS)](https://www.elastic.co/guide/en/ecs/current/index.html), полная табличка маппинга в файле [Описание объектов](https://github.com/yandex-cloud/yc-solution-library-for-security/blob/master/auditlogs/export-auditlogs-to-ELK_main/papers/Описание%20объектов.pdf) Подробное описание в файле [ECS-mapping.docx](https://github.com/yandex-cloud/yc-solution-library-for-security/blob/master/auditlogs/export-auditlogs-to-ELK_main/papers/ECS-mapping_new.pdf) ## Процесс обновления контента Скоро..к следующей версии ## Установка отказоустойчивого OpenSearch Yandex Managed Service for OpenSearch https://cloud.yandex.ru/docs/managed-opensearch/quickstart ## Установка решения с помощью Terraform Для установки с помощью terraform перейдите в раздел [terraform](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/add-opensearch-solution/auditlogs/export-auditlogs-to-Opensearch/terraform) По результатам выполнения tf скрипта и ручных действий указанных ниже, в указанный вами OpenSearch будут загружаться события audit trails из облака и будет загружен security content (dashboard, filters, mapping etc.) для работы с ними По итогу установки у вас будет создан tenant "at-tenant", в котором находятся все объекты ## Настройка Alerts и Destination Алертинг и правила реагирования в OpenSearch выполняется с помощью механизма [Alerting](https://opensearch.org/docs/latest/monitoring-plugins/alerting/index/) Наше решение уже загружает пример monitor, вы можете взять его как пример для старта и сделать алерты по аналогии. Перейдите во вкладку Alerting - Monitors и найдите там "test". Нажмите кнопку edit, промотайте вниз и раскройте вкладку triggers и в ней укажите action. Выберите там заранее созданный канал [нотификации](https://opensearch.org/docs/latest/notifications-plugin/index/) (например slack) ## Самостоятельная Установка all-in-one Openasearch на ВМ Для устновки opensearch можно воспользоваться оффициальной документацией. Например [установка с помощью docker](https://opensearch.org/docs/2.1/opensearch/install/index/) Для настройки TLS в opensearch dashboard используйте [инструкцию](https://opensearch.org/docs/2.1/dashboards/install/tls/) Для генерации самоподпсанного SSL сертификата используйте [инстуркцию](https://opensearch.org/docs/2.1/security-plugin/configuration/generate-certificates/) Либо загружите ваш собственный сертификат Здесь представлены тестовые примеры файлов для установки opensearch в разделе [deploy-of-opensearch](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/add-opensearch-solution/auditlogs/export-auditlogs-to-Opensearch/deploy-of-opensearch) p.s: не забудьте предоставить необходимые права доступа на файлы с сертификатом и ключем ## Рекомендации по настройке retention, rollover и snapshots: [Рекомендации по настройке retention, rollover и snapshots](./CONFIGURE-HA.md) ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/README_EN.md ================================================ # Collection, monitoring and analysis of Yandex Cloud audit logs in Opensearch ![image](https://user-images.githubusercontent.com/85429798/184665197-01f0cbca-78f3-4b32-90f1-ee6a4fa71d8e.png) ## Version **Version-1.1** - Changelog: - Docker images: - `cr.yandex/sol/s3-opensearch-importer:1.1` ## Solution Description The solution allows you to collect, monitor and analyze Yandex.Cloud audit logs (Audit Trails) in Opensearch from the following sources: - [Yandex Audit Trails](https://cloud.yandex.ru/docs/audit-trails/) > The solution is constantly updated and maintained by the Yandex.Cloud Security team. > Important! By default, this construct suggests deleting files after being subtracted from the bucket, but you can simultaneously store Audit Trails audit logs in S3 on a long-term basis and send them to Elastic. To do this, you need to create two Audit Trails in different S3 buckets:. The first bucket will be used for storage only. The second bucket will be used for integration with Opensearch ## What the solution does - ☑️ Sends data to an existing Opensearch cluster (if you don't have an Opensearch cluster, use the installation instructions at the end of the page) - ☑️ Deploys COI Instance with container based on s3-elk-importer image (`cr.yandex/sol/s3-opensearch-importer:latest`) - ☑️ Upload Security Content to Opensearch (Dashboards, Detection Rules (with alerts), etc.) - ☑️ Provides continuous delivery of json files with audit logs from Yandex Object Storage (Audit Trails) to Opensearch - ☑️ Creates indexes on two replicas, configures a basic rollover policy (create new indexes every thirty days or when 50GB is reached), for further tuning in terms of data high availability and for configuring data snapshots in S3 - see [recommendations] (./CONFIGURE -HA.md). ## Solution diagram image ## Security Content **Security Content** - Opensearch objects that are automatically loaded by the solution. All content is developed taking into account the experience of the Yandex.Cloud Security team and based on the experience of Cloud Clients. Contains the following Security Content: - Dashboard showing all use cases and useful statistics - A set of Saved Queries for easy search of Security events - An example of Alert for which alerts are configured (The client himself needs to specify the purpose of notifications) - All interesting event fields are converted to the [Elastic Common Schema (ECS)] format (https://www.elastic.co/guide/en/ecs/current/index.html), full mapping table in the [Object description](https://github.com/yandex-cloud/yc-solution-library-for-security/blob/master/auditlogs/export-auditlogs-to-ELK_main/papers/Описание%20объектов%20eng.docx) Detailed description in the file [ECS-mapping.docx](https://github.com/yandex-cloud/yc-solution-library-for-security/blob/master/auditlogs/export-auditlogs-to-ELK_main/papers/ ECS-mapping_new.pdf) ## Content update process Coming soon..to the next version ## Installing the solution with Terraform To install using terraform, go to the [terraform](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/add-opensearch-solution/auditlogs/export-auditlogs-to- opensearch/terraform) Based on the results of executing the tf script and the manual actions indicated below, audit trails events from the cloud will be loaded into the opensearch specified by you and security content (dashboard, filters, mapping etc.) will be loaded to work with them As a result of the installation, you will have a tenant "at-tenant", in which all objects are located ## Set up Alerts and Destination Alerting and response rules in Opensearch is done using the [Alerting mechanism](https://opensearch.org/docs/latest/monitoring-plugins/alerting/index/) Our solution already loads the monitor example, you can take it as an example to start and make alerts by analogy. Go to the Alerting - Monitors tab and find "test" there. Press the edit button, scroll down and expand the triggers tab and enter an action in it. Select a pre-created [notification] channel there (https://opensearch.org/docs/latest/notifications-plugin/index/) (for example, slack) ## Install Openasearch To install opensearch, you can use the official documentation. For example [install with docker](https://opensearch.org/docs/2.1/opensearch/install/index/) To set up TLS in opensearch dashboard, use [instruction](https://opensearch.org/docs/2.1/dashboards/install/tls/) To generate a self-signed SSL certificate, use [instruction](https://opensearch.org/docs/2.1/security-plugin/configuration/generate-certificates/) Or upload your own certificate Here are test files for installing opensearch in the [deploy-of-opensearch] section(https://github.com/yandex-cloud/yc-solution-library-for-security/tree/add-opensearch-solution/auditlogs/ export-auditlogs-to-opensearch/deploy-of-opensearch) p.s: don't forget to give the necessary file permissions with the certificate and key ## Recommendations for configuring retention, rollover and snapshots: [Recommendations for configuring retention, rollover and snapshots](./CONFIGURE-HA.md) ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/deploy-of-opensearch/docker-compose.yaml ================================================ version: '3' services: opensearch-node1: #image: opensearchproject/opensearch:2.0.1 image: opensearchproject/opensearch:2.1.0 container_name: opensearch-node1 environment: - cluster.name=opensearch-cluster - node.name=opensearch-node1 - bootstrap.memory_lock=true # along with the memlock settings below, disables swapping - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM - "DISABLE_INSTALL_DEMO_CONFIG=false" # disables execution of install_demo_configuration.sh bundled with security plugin, which installs demo certificates and security configurations to OpenSearch - "DISABLE_SECURITY_PLUGIN=false" # disables security plugin entirely in OpenSearch by setting plugins.security.disabled: true in opensearch.yml - "discovery.type=single-node" # disables bootstrap checks that are enabled when network.host is set to a non-loopback address ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systems hard: 65536 volumes: - opensearch-data1:/usr/share/opensearch/data ports: - 9200:9200 - 9600:9600 # required for Performance Analyzer networks: - opensearch-net opensearch-dashboards: volumes: - /usr/share/opensearch-dashboards/config/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml #add config - /usr/share/opensearch-dashboards/config/client-cert.pem:/usr/share/opensearch-dashboards/config/client-cert.pem - /usr/share/opensearch-dashboards/config/client-cert-key.pem:/usr/share/opensearch-dashboards/config/client-cert-key.pem - /usr/share/opensearch-dashboards/config/root-ca.pem:/usr/share/opensearch-dashboards/config/root-ca.pem #image: opensearchproject/opensearch-dashboards:2.0.1 image: opensearchproject/opensearch-dashboards:2.1.0 container_name: opensearch-dashboards ports: - 5601:5601 expose: - "5601" environment: #- 'OPENSEARCH_HOSTS=["https://opensearch-node1:9200"]' - "DISABLE_SECURITY_DASHBOARDS_PLUGIN=false" # disables security dashboards plugin in OpenSearch Dashboards networks: - opensearch-net volumes: opensearch-data1: networks: opensearch-net: ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/deploy-of-opensearch/opensearch_dashboards.yml ================================================ server.host: "0.0.0.0" opensearch.hosts: ["https://opensearch-node1:9200"] opensearch.ssl.verificationMode: none opensearch.username: "kibanaserver" opensearch.password: "kibanaserver" opensearch.requestHeadersAllowlist: [ authorization,securitytenant ] server.ssl.enabled: true server.ssl.certificate: /usr/share/opensearch-dashboards/config/client-cert.pem server.ssl.key: /usr/share/opensearch-dashboards/config/client-cert-key.pem opensearch.ssl.certificateAuthorities: [ "/usr/share/opensearch-dashboards/config/root-ca.pem" ] opensearch_security.multitenancy.enabled: true opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"] opensearch_security.readonly_mode.roles: ["kibana_read_only"] opensearch_security.cookie.secure: true #disable_security_dashboards_plugin: false ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/functions/Dockerfile ================================================ FROM python:3.9.1-slim RUN apt-get update # docker build нужно запускать из папки export-auditlogs-to-Opensearch чтобы был правильный контекст при подборе include файлов # пример docker build команды: # docker build -t s3-opensearch-importer:latest -f ./functions/Dockerfile . COPY /functions /app/functions COPY /update-opensearch-scheme/include /app/include WORKDIR /app RUN pip install --upgrade pip RUN pip install -r functions/requirements.txt CMD ["python3", "functions/main.py"] ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/functions/main.py ================================================ import requests import json import os import boto3 import time import base64 # Function - Get token def get_token(): response = requests.get('http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token', headers={"Metadata-Flavor":"Google"}) return response.json().get('access_token') # Function - Decrypt data with KMS key def decrypt_secret_kms(secret): token = get_token() request_suffix = f"{kms_key_id}:decrypt" request_json_data = {'ciphertext': secret} response = requests.post('https://kms.yandex/kms/v1/keys/'+request_suffix, data=json.dumps(request_json_data), headers={"Accept":"application/json", "Authorization": "Bearer "+token}) b64_data = response.json().get('plaintext') return base64.b64decode(b64_data).decode() # # Configuration - Get ElasticSearch CA.pem # def get_elastic_cert(): # file = '/app/include/CA.pem' # if os.path.isfile(file): # return file # else: # url = 'https://storage.yandexcloud.net/cloud-certs/CA.pem' # response = requests.get(url) # with open('/app/include/CA.pem', 'wb') as f: # f.write(response.content) # return file # Configuration - Keys kms_key_id = os.environ['KMS_KEY_ID'] elastic_auth_pw_encr = os.environ['ELK_PASS_ENCR'] s3_key_encr = os.environ['S3_KEY_ENCR'] s3_secret_encr = os.environ['S3_SECRET_ENCR'] # Configuration - Setting up variables for ElasticSearch elastic_server = os.environ['ELASTIC_SERVER'] elastic_auth_user = os.environ['ELASTIC_AUTH_USER'] elastic_auth_pw = decrypt_secret_kms(elastic_auth_pw_encr) elastic_index_name = f"{os.environ['ELASTIC_INDEX_NAME']}-000001" elastic_index_alias = "audit-trails-index" elastic_index_template = "audit-trails-template" elastic_index_ilm = "audit-trails-ilm" elastic_index_pipeline = "audit-trails-pipeline" kibana_server = os.environ['KIBANA_SERVER'] fals = False #tls validation disable (please enable it when you use valid certificate) #elastic_cert = get_elastic_cert() # Configuration - Setting up variables for S3 s3_key = decrypt_secret_kms(s3_key_encr) s3_secret = decrypt_secret_kms(s3_secret_encr) s3_bucket = os.environ['S3_BUCKET'] s3_folder = os.environ['S3_FOLDER'] s3_local = '/tmp/s3' # Configuration - Sleep time if(os.getenv('SLEEP_TIME') is not None): sleep_time = int(os.environ['SLEEP_TIME']) else: sleep_time = 240 # State - Setting up S3 client s3 = boto3.resource('s3', endpoint_url = 'https://storage.yandexcloud.net', aws_access_key_id = s3_key, aws_secret_access_key = s3_secret ) # Create tenant def create_tenant(): request_suffix = "/_plugins/_security/api/tenants/at-tenant" request_json = """{ "description": "A tenant for the yandex cloud audit trails events." }""" response = requests.put(elastic_server+request_suffix, data=request_json, verify=fals, auth=(elastic_auth_user, elastic_auth_pw), headers={"Content-Type":"application/json"}) if(response.status_code == 200): print('Tenant -- CREATED') print(f"{response.status_code} - {response.text}") # Function - Create config index in ElasticSearch def create_config_index(): request_suffix = f"/.state-{elastic_index_alias}" response = requests.get(elastic_server+request_suffix, verify=fals, auth=(elastic_auth_user, elastic_auth_pw)) if(response.status_code == 404): request_suffix = f"/.state-{elastic_index_alias}/_doc/1" request_json = """{ "is_configured": true }""" response = requests.post(elastic_server+request_suffix, data=request_json, verify=fals, auth=(elastic_auth_user, elastic_auth_pw), headers={"Content-Type":"application/json"}) print('Config index -- CREATED') else: print('Config index -- EXISTS') print(f"{response.status_code} - {response.text}") # Function - Get config index state def get_config_index_state(): request_suffix = f"/.state-{elastic_index_alias}/_doc/1" response = requests.get(elastic_server+request_suffix, verify=fals, auth=(elastic_auth_user, elastic_auth_pw)) if(response.status_code != 200): return False print(f"{response.status_code} - {response.text}") return True # Function - Create ingest pipeline def create_ingest_pipeline(): request_suffix = f"/_ingest/pipeline/{elastic_index_pipeline}" data_file = open('/app/include/audit-trail/pipeline.json') data_json = json.load(data_file) data_file.close() response = requests.put(elastic_server+request_suffix, json=data_json, verify=fals, auth=(elastic_auth_user, elastic_auth_pw), headers={"securitytenant":"at-tenant"}) if(response.status_code == 200): print('Ingest pipeline -- CREATED') print(f"{response.status_code} - {response.text}") # Function - Create an index lifecycle policy def create_lifecycle_policy(): request_suffix = f"/_plugins/_ism/policies/{elastic_index_ilm}" data_file = open('/app/include/audit-trail/ism-policy.json') data_json = json.load(data_file) data_file.close() response = requests.put(elastic_server+request_suffix, json=data_json, verify=fals, auth=(elastic_auth_user, elastic_auth_pw), headers={"Content-Type":"application/json", "securitytenant":"at-tenant"}) if(response.status_code == 200): print('Index lifecycle policy -- CREATED') print(f"{response.status_code} - {response.text}") # Function - Create an index template def create_index_template(): request_suffix = f"/_index_template/{elastic_index_template}" data_file = open('/app/include/audit-trail/index-template.json') data_json = json.load(data_file) data_file.close() response = requests.put(elastic_server+request_suffix, json=data_json, verify=fals, auth=(elastic_auth_user, elastic_auth_pw), headers={"Content-Type":"application/json", "securitytenant":"at-tenant"}) if(response.status_code == 200): print('Index template -- CREATED') print(f"{response.status_code} - {response.text}") # Function - Create an index def create_first_index(): request_suffix = f"/{elastic_index_name}" response = requests.put(elastic_server+request_suffix, verify=fals, auth=(elastic_auth_user, elastic_auth_pw), headers={"securitytenant":"at-tenant"}) if(response.status_code == 200): print(f"Index {elastic_index_name} -- CREATED") print(f"{response.status_code} - {response.text}") # Function - Create an index alias def create_index_alias(): request_suffix = f"/_aliases" request_json = """{ "actions" : [ { "add" : { "index" : "%s", "alias" : "%s" } } ] }""" % (elastic_index_name, elastic_index_alias) response = requests.post(elastic_server+request_suffix, data=request_json, verify=fals, auth=(elastic_auth_user, elastic_auth_pw), headers={"Content-Type":"application/json", "securitytenant":"at-tenant"}) if(response.status_code == 200): print('Index alias -- CREATED') print(f"{response.status_code} - {response.text}") # Function - Refresh index def refresh_index(): request_suffix = f"/{elastic_index_alias}/_refresh" response = requests.post(elastic_server+request_suffix, verify=fals, auth=(elastic_auth_user, elastic_auth_pw), headers={"securitytenant":"at-tenant"}) if(response.status_code == 200): print('Index -- REFRESHED') print(f"{response.status_code} - {response.text}") #---- # Function - Preconfigure Kibana def configure_kibana(): #Index pattern data_file = { 'file': open('/app/include/audit-trail/index-pattern.ndjson', 'rb') } request_suffix = '/api/saved_objects/_import' response = requests.post(kibana_server+request_suffix, files=data_file, verify=fals, auth=(elastic_auth_user, elastic_auth_pw), headers={"osd-xsrf":"true", "securitytenant":"at-tenant"}) if(response.status_code == 200): print('Index patterns -- IMPORTED') print(f"{response.status_code} - {response.text}") # Filters data_file = { 'file': open('/app/include/audit-trail/filters.ndjson', 'rb') } request_suffix = '/api/saved_objects/_import' response = requests.post(kibana_server+request_suffix, files=data_file, verify=fals, auth=(elastic_auth_user, elastic_auth_pw), headers={"osd-xsrf":"true", "securitytenant":"at-tenant"}) if(response.status_code == 200): print('Filters -- IMPORTED') print(f"{response.status_code} - {response.text}") # Search data_file = { 'file': open('/app/include/audit-trail/search.ndjson', 'rb') } request_suffix = '/api/saved_objects/_import' response = requests.post(kibana_server+request_suffix, files=data_file, verify=fals, auth=(elastic_auth_user, elastic_auth_pw), headers={"osd-xsrf":"true", "securitytenant":"at-tenant"}) if(response.status_code == 200): print('Searches -- IMPORTED') print(f"{response.status_code} - {response.text}") #Detections Alerts monitors request_suffix = "/_plugins/_alerting/monitors" data_file = open('/app/include/audit-trail/alert.json') data_json = json.load(data_file) data_file.close() response = requests.post(elastic_server+request_suffix, json=data_json, verify=fals, auth=(elastic_auth_user, elastic_auth_pw), headers={"Content-Type":"application/json", "securitytenant":"at-tenant"}) if(response.status_code == 200): print('Alert monitor uploaded -- CREATED') print(f"{response.status_code} - {response.text}") #Dashboard data_file = { 'file': open('/app/include/audit-trail/dashboard.ndjson', 'rb') } request_suffix = '/api/saved_objects/_import?overwrite=true' response = requests.post(kibana_server+request_suffix, files=data_file, verify=fals, auth=(elastic_auth_user, elastic_auth_pw), headers={"osd-xsrf":"true", "securitytenant":"at-tenant"}) if(response.status_code == 200): print('Dashboard -- IMPORTED') print(f"{response.status_code} - {response.text}") # Function - Download JSON logs to local folder def download_s3_folder(s3_bucket, s3_folder, local_folder=None): print('JSON download -- STARTED') bucket = s3.Bucket(s3_bucket) if not os.path.exists(local_folder): os.makedirs(local_folder) for obj in bucket.objects.filter(Prefix=s3_folder): target = obj.key if local_folder is None \ else os.path.join(local_folder, os.path.relpath(obj.key, s3_folder)) if not os.path.exists(local_folder): os.makedirs(local_folder) if obj.key[-1] == '/': continue # Downloading JSON logs in a flat-structured way bucket.download_file(obj.key, local_folder+'/'+target.rsplit('/')[-1]) print('JSON download -- COMPLETE') # Function - Clean up S3 folder def delete_objects_s3(s3_bucket, s3_folder): bucket = s3.Bucket(s3_bucket) for obj in bucket.objects.filter(Prefix=s3_folder): if(obj.key != s3_folder+'/'): bucket.delete_objects( Delete={ 'Objects': [ { 'Key': obj.key }, ] } ) print('S3 bucket -- EMPTIED') # Function - Upload logs to ElasticSearch def upload_docs_bulk(s3_bucket, s3_folder): print('JSON upload -- STARTED') request_suffix = f"/{elastic_index_alias}/_bulk?pipeline={elastic_index_pipeline}" error_count = 0 for f in os.listdir(s3_local): if f.endswith(".json"): with open(f"{s3_local}/{f}", "r") as read_file: data = json.load(read_file) result = [json.dumps(record) for record in data] with open(f"{s3_local}/nd-temp.json", 'w') as obj: for i in result: obj.write('{"index":{}}\n') obj.write(i+'\n') data_file = open(f"{s3_local}/nd-temp.json", 'rb').read() response = requests.post(elastic_server+request_suffix, data=data_file, verify=fals, auth=(elastic_auth_user, elastic_auth_pw), headers={"Content-Type":"application/x-ndjson"}) os.remove(s3_local+"/"+f) if(response.status_code != 200): error_count += 1 print(response.text) print(f"{response.status_code} - {response.text}") if(os.path.exists(f"{s3_local}/nd-temp.json")): os.remove(f"{s3_local}/nd-temp.json") print(f"JSON upload -- COMPLETE -- {error_count} ERRORS") if(error_count == 0): delete_objects_s3(s3_bucket, s3_folder) refresh_index() # Process - Upload data def upload_logs(): if(get_config_index_state()): print("Config index -- EXISTS") download_s3_folder(s3_bucket, s3_folder, s3_local) upload_docs_bulk(s3_bucket, s3_folder) else: create_tenant() create_lifecycle_policy() create_index_template() create_first_index() create_index_alias() create_ingest_pipeline() configure_kibana() create_config_index() download_s3_folder(s3_bucket, s3_folder, s3_local) upload_docs_bulk(s3_bucket, s3_folder) ### MAIN CONTROL PANEL upload_logs() print("Sleep -- STARTED") time.sleep(sleep_time) ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/functions/requirements.txt ================================================ requests boto3 ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/images/elastic.drawio ================================================ 7H1Zu6JItvav6cs+D6PDZTCKyiSgwh0CIoOggDL8+i8iwJ07M3dXdZ/Kqu7Tnz6VpUBEELFiDe8a2PyN5q+dXPm3i1qGUf43igi7v9HC3yiKpFkSfqEz/XhmSSzHE3GVhFOjbyesZIimk8R09pGEUf1dw6Ys8ya5fX8yKIsiCprvzvlVVbbfNzuX+fd3vflx9NMJK/Dzn88ekrC5TGfJ2fLbhVWUxJfp1gtqPl64+q/G00rqix+W7adTtPg3mq/Kshl/XTs+yhHxXnQZ+0n/4OrHxKqoaP6ZDoaZyp0u1Pzm79V1f7g8D4Pyd5Idh3n6+WNa8TTbpn+RoCofRRihUci/0Vx7SZrIuvkButrCTYfnLs01ny5/rJKAB3Hu1/X0u86iJrhMB+eyaKa9Jmfw2K+C1yG67J/qMn80Efh2GnVK8pwv87KCx0VZRGjQpiqz6HXybxRNQ46jF/DKz9SZCPaMqibqPp2aqCVH5TVqqh42eV1dzsYuE+tSE63ab3ywIJjx3OUTC8yXU0N/4r34Y+hv2wN/TDv09W6ZtVFbYVYYXpvme2ATfbv/+4u3/lt263wOT0z4ceUlYNSv2T+K/mH/XpL4aQPnDPHzBrIL4o9v4Jfitvhpu6IQqpvpsKyaSxmXhZ+L385y3zYUEftbm21Z3iZap1HT9BPt/UdTfr/JUZc0x0+/XTTU/7DTkdBNI+OD/nVQwOUePx986oUOv3XDR69+P20xtxQJwP5rW1yXjyqIfkMOmEn5Nn4VR81v0HsSD0Tk3+SYKsr9Jnl+r/N/ufi+pv3fIr7/YG/pXyO+NPm9+DI/Sy/FfiG9JPMLpPfr/ft5u/5C8f0msu6nK1+Lbw0lowEI/nzePnhOStCSJ8ENXy0CxDpJMJ6cmpBf7fgMf36xNL8a/jopnboaZQLn8sFQc/Z7hmLnPzDKqE6mXj/wysc0/oD1fonAf4n4sxDsns9/lvWe/SD+0HP4Wf4XX8j/h5n/I/J/fsyW2+tWXJr3arktvabV278z/+3W+0s5/F+a6J8t9G8Ixb/NIr8l8l/A04sf9OfiZ4kkl19Z5PniT9o/+qf9008pCgNQhNWUFfLtf9xPuEU39DO5Ys+fQ+tPoL+/9U9RbpR10iRlAa+fyqYpr58agDyJ0YUGCS6Hu4P6NsYc8La9Ds5Jh/iFm+4ghH7j/40G4yEl1c/4bxTXQZ6heGOlUV7PMadD9wgGIvFXOyIQyueWDumwZ2m1Z5/BNXiqKWhVfjmE1yBRVuHNW+1Kw1IGNVFiX97fPOpCvI7Da56HxPoZCUSi8qBVBLXH/xLu6h+62rDWjxPF5krKXBX6ctGHrnWPu1KRzaWSEbC9SJkDiLWe6bRUJTQe0NtUpNTBJBQBxKrtxqrktuagENs0HrQUHvMA3vtzO3RPkdqnaCz0+1Pb1HzogkppCe7T4e/cHdRM/aE/+Ny2fY13gGv0rnl9gutTBqfXhbW8S5SnkbhpJItzY8VdQjke2/BkHx66HK45D697uO5dBumQnuS83R7X5El2lsp1T3kH9unJZjLRoIfzYuD64ByCB1x/r1oMBX/D+YixRsSd6qidyjMEPmdjWsHfIpzj5aDanKKm64Mu3TQ1VeH1tTB+i+NYCRpL7CBNEI06C/Yzhwxd61QLsOjcNjVj3YLHudtpYtyrpAt/3zR0TnPgMaH2as+QsC2JaIu+UR8V/bO9A7y/gH+nygPSDrWF91SG1z9LyAUdzx8dx692DJrTuGfwnO2gOTF4XNvB89H2cE02Gheu0b4Iqh0/NAuOD+eOrusWnhNaA2sO+HvqH6PxO52f/okxXBek4Ug3eF9x+NYW0SoXxu8M9xvbKYgH8PdnHgipyy2UnWQ7vPi5fQa0VxgxEnj033cKl/1F3smM/V4ZLhc/KUOa+lkXvs79clX4T/iW/7Lqy9EFzg+yGFvB7yI36PMPtePXuvA7dfkPtOOtgNqRT/acvmuJjRyXAH40y7mITgx/oX9AATxQ4bcg3BJbQWcArfHW3lR4kJ4YBw6D2/FHTjkcYctV+QSAm21b8QyvnZ9rdFU+7qTDamefKI8IKan3TA5q3eDhH9gqoLRLIDuPE70urlBbMwsZjdhypi3tJLRRr//A+/P+vD//X374XqcZE/4wloSTsTYAIsRbpsTFgcKb5VYAhC50YCdeVEfauUeZy3y5a8PVZRErlpKueee67uPbJqnrrcU8VUHsIfohtTRgdLucG1BRUpxBcJyZaeLO8VaWmG8sotPsbGk6+7W9l/aHPXnxDnkTHPfs2ZWlxKV2uXcNS/9wq04yCXUY1wWFRoRHj45W+Syiu+W5gAOD2N0IF+UgX5hknZQPNXVnRraWrYy19vktcq/e/VSsqaiY8Zfyrmc33y/um+v9Puub6g5HaOvTZmi2B6qZJ+yjeiyeJ+giSK264tuFLXX1WemDajuotD4shR3RGA4Zno6UVvgUBLN0gzQ1E21TVj9eoT3l0tvs8azn0fy5MFY9tKiSTS6fZ+imcedqDg8NiPi5WZt6GqS7DH+v1ztRciKtaujjNRZy5wytuyQMtB4+HtuEWVZruQzix57Y+9sN6bOcc7tY3S4K99tkfnBuUrBNMmvjbeBgWc5b2Z0FZX09sOGdaejVMTLghbJh2cEb6t6LIo8dnmeapcnr8Lyzw6AN7K0dLmqy6Qu0X4ftPL9sPIbVh/VV0weQiw+rhJNy7/wKXl+1+4q6P/fwjHNYFZn/hL0kSVOY4+y5bC6hkMLjw5Kz84gxnkwVkSVBM+yxxBaHW28JzZHVfS0BZ98uDkGw6svY5f0Z5XRA106ITqRE1NdCTQqRG46G2cF+EEHOXakSVeOwcFa1NcTS03oKptid+YMbRzNS3KGJVApPzaSe5I4998z3vrlZDTPpnnNhL0K4cWrVZmGcjcOQK8w591RgLBxGjO2yWKuOXs8VhXqysrZZDnA01rmT59j0AsnWbdL028OMrmLuwcoZ6zxGE7rWT4cHJzSDdOyswBQK8lQeZyq8sp9TDHDEAlgbdpaaHFibov0I73sQ83tuO2z3FuMBybSgLOpAtXRo5VsO+jkcRAhmy3cKtNoF2CiiKQIX5LFNuzXfAmC1YHsqyRyYXCy4gljDdjUQ4zx2QMwRcCjYSIZDSQQHZGCYaruB9zgBeb2HuMPldnwKYgFopeAiCLCMV+INfosAmEmrABPsgAAgduFFUFsBAKoJujUckwOiKNc8bOiYSgtxCHcBWzGHY4ogsBw0f8DzBzR/sYVd4JgrICsrOH8GdGBAAEgJgJvBpkIsibyKoFAXazGUB0GHY4h4DAvgMWQ4BgJIRzjGOUZjsICEKwXrAJQ5AcAWjqE7aAwy1uMDHOMBHIuEEzfhPHzO5OE6uN0WjnEDvHKEYygghGPAtYkZHAPOQ415ceOgNflwDDSxHohWjsbgeYDHsOEYGzzGRjHQGBwaI4N94RgZgcaQRRmPMYNjWHgMx0K0buE5As4GbFtOzOD3AtJ2ieggw18K7GsAxdyacJn8E953jfoIIkfw8H5z2OeC+nAc0FAffsHtFBH1cUwDSEDhaUhQiA5hkwvceFOINZcHiEeGVhQP8DsCCOYdVKGOAGcCl+9idCYFDuzPu3wb8zFkmhScDB5sAB+rAPHKGXDx9splMuAcwElwEkYst7AbR4mAFyBNSC3fhdGCQXQQa3Cu7blrcqZcAmplCg53B0suhv9fXDSu5XNwSOdEzAHfFHw4oikT3NUAoBQcoSp5H86JUx6nvdK5J6i7DhVpupCpnZgF14g5VzZlVlThxwgdPxJCCCukcAdrqRLbw3Noc+bItRK45SW4x0s/Py65Jn5uYZt8GJTr4nBcC0t7pt93XQ/2uXIB3KGodSPZUc/54Slb1DI+Lax8r8R0LF8dcFOQ2u5JBLk56Exxzxjp+4JnwXB31hk47ywuEJqOtit4ftYbSzjxpt2tTmVbxpvAATafmdtR67GssYAmRwqg0pesbSagwbcKdLitGJSaprdgV7H7B8k/HA86S5ygFEHMRftYArO8SrlHejvMDycfqk6tc4AosQkRC+nZf1IxdVqqsp5AF0pa+fHWJx9KX2xiLj4KfJScgn6zcOvz4m4O8nFxerRCJIB4uVhJ/GLYEGYADKWs6gXtGydkLNCKj5GX++ZcdAEjErV2Jvirvk6f58cpv+5WSswxoh25zbN6GgXDZRrXE/MtwcXgKRdUePCeRWNYJJPvjas6N6xYQfsbrrxKzWjyGbHs7QDvoiaNbrS8uZo9VIp+znvRPt+7+b3uC6MWhbnYciC82RoiP2w+F9qItJPDLrG2t5RgBmcFhVlN9FVRNcYmCJKj6az8gN4I4ABke+VWs3093G1FNUkduaXJyXQAdV4iW8Rz5jkt17vcVpl4H0AZ6Mu+OHdXTXE2yuk4Tx9QBSGDLWTMod0QnC4OVWEbwBWCmUrnmoBYRPIXwy4V10C3ZZ6fFXqriKUCCSn1w84BA+/1sxxuMi8+1CdYwRWd6qFYVXdLUY/0yZAoNN5B5aCAM04sHIOWyP4Qrks4Czy4bQfl+B4LylJChsogz4pRdRcXySbouNlSQfyS3xLVhpLWmRySLO+2mYdnGfZ0YiXU1UWRpyZkJKEEy5V/mpk16CG/PvMALmRBQt22B4iw99Pj3m5iBmpFrr0vVvK2VKEVIYDftmClLFZIi+RwbTPDmUG9w8UGkoqgX0CWKcGlSFrCDsCOk6FKQpZOh4qIv8pg7QomuEMzc+FlxEJgA9tvgtVpCZkNNnG02my3BJSHGCTz5BIhNrud7HBGOkHXEXmvk8UTmDzbHmi+XpLsoVRVsB1SQ72yJ6kqgMg95rIKrT3X3NjDY/VcImwzMPL2uDgv+7vvQJ3YKsH80dt0tDvcySGKBf+RpR1NdvcG2nUvH9aebW/soyKE5xuKkt5qUSeuixJSodilGy+y716Udyt6daus4rqu5ep8RDtwkxVAFqrXHPWjuz6nS0CD82LzyO7PTR4tMwVuIc+Sp2XfBOu8uBBtbR1IJKLe4b7mjvOnB2FJbBQLYTvnq4u+9Jez86bV+nyYJ7DdhTSetJLTUOUCqdgVxoK/8kRKO2sSiXvqVJnUnXrWakDAmZKSeU++oRhR3PTzPGETD2rx3nyc2XlQZDFEGfpjQR49BhqqdRKrrDYKpxUvEdPrzpq/2iY0v2eZoS91SrWO3qr7mUPQ5wQEoJmPsOnx1Og0cUQhFtg9QuNxT5RcvGnKpW88Arbu2ggD7EUhIwZeQNQkrIgj3yEtbJyGjcLBj1+i3XLDA50CleNuEj3v41l6tevQ2gnpIu8F5jKLguzJQp5qV15IREXhDU/dD6w2b922W1+POn16zoZoTiJml4ND4XP+7mjrMZC21OGyX/oQ3NRKeshLwr1LkUwU8tELcyOEgIGYXRZ9pWhN52620PLXh+ONnzEc2KrVzFo0B5o755FAGUTB0tV2oZMqaIVkdqhOZyIss15a9d6i9pFJZthLTh7vhXyTYgRns3CfHxmIQVR3FkoMS83z2Fzer55P8iKyTCZcNb2oqWROe5ft4r6infLiNhARlX1+WYKTpUK67Zf502GgbVSVIdzfApCaBlLz3aHexsomiWXgHluHtQPusrYDT7jqMRyEoVN3kbj3mrqjoP98WV6ujkZDIMIwlxNcPzypL8rVAzkZdk5mhgeRVCwWjiE/vRhSn7ucga0+LZ8iFLBOpZMT1Feaa10D7WlxOHoIZjspkLluM6TH+2Vl7OPiLjBCvtF5v29jcBD99NmodDFIVZc5HGcLQaUJRbhoPVKsEr+S3KJbHxrda+ZdS/l1dwJL6CJKmttdVY/yqNmesqL8rLU3lS/J6nTk7HrTtCKQFlWO+OfkEdAVOWT91m71+emuPe4KQOZQKs6lbRbNvFF2XO46l0t0LrXocQkgeDlv9kdCaTdFDhVBpRDbzW7uH/dLxkC2/qkxm+ZSRNVB2vurVanO13RoKBmk1eNJPtkzXYCyERCOaaDxPbaAWM2qfrVOVA/ou4CjhkwewtIh9Ptsj+i0h8hS4UMfRRpPzeHBzCxncQz3rEDcahBvOrd97IcDdIKF3akmBruhJMVjiGpx0rkGotB4G1VoIHJJ0hvfUw372XmDfdQXdh4IZ0CbCbR5Ty1DRKm4CiGXeo0kTJ7TwaxSkW+3uAJGEKELly+3goN8Qsrb5tqWXZR03vKgk+M6GizmWJ2cUxTMgsexguC1Vwb2HBT7QlWLJcPP2PU8ke/QRjilfjohDtojnrCoel3rD67x5DogdxClZ9ytolzkAwbsPnAi5nTz5WopzKwlwVQQGGunx3Hp789rLVI3dE3uo+TpsYbLx1rnKkZ4rjbHQCKFuDmKfyxk8k99+NFO3aLz8gKUuAcb2T6tyj0U7xzIJpstIQiIuQ04xwb8TUB7uDX1tbGXb6s+5sEh5pSn124dxBgKtLHQLbYe7qg2awHhJgci/RysORxjWG78B51Df4kXrujeEvtsj0ZhXrijvcooYw3bKNwcej6Ps6yvn2f5eFy3FYMYQTSFrLtfwHO419cnQrlNrmomt3jcKJEDNfeUhJKD3Chz/axIzYKDqNbYLGl7wkYKvWw2Mjc7I/2AtkhZQg8O7vXh2Pd32nWE2XNu6xuCOUGckx3UkoYKg4qjdATGz+FkVrulYgotwmQ3k5jb651lIBY3C4ONYmcwtMo0HLDnB1NkhWU7MyPBMki+ytvCR+bk6CNpL54qBWe1VFMr7Q324oJdtA4b9nYW5/NskUNfg5htZl6n332jiRaD0A9M1clAFBDVEK9f6x7RmVrYxyQPFp7kuwTlgFbRGdIftGaP9BzCfAOznnl55LlwI89ddbhWiHgQIZ8eXv7YxZCu7XpdXa/2fn68rpCD8KS2G5df8QBiZySCGjWn2NNyr/d2UHUddDOlueRtdRmRMTw1/oLaLPwN9MTbLbdBLlvUL3OGmBM38gZ3e5EsleuSWS/Pm4Z61JnkIqdRYuXaWcCxZ7fT0nm4RUw+nmwCbUC0a1o3np+MbbQ7P6GSz2UpEqHjWWThEYWqVgxhzyEsR96ONNNmSmq2JjirCUmj0AoXlgm1CQojqRHJZ+el1JyJOg5KwG9zYpueF3QtHJPbecty7Ko58/QsdGRTTJdEaM+faFkPpjA0i2Zb93yar8nhGS71CoJL07k+2yQl2Ovdu3nkiRLO+Xk5IH0waAqEhuiWtXGSvMtKWcVAUVxLtJpoXjuM6JXGQg73Tz9HRsq5ZUKsK9xfIOh/zUctEXvKyrq9nRnlDp1tTtz+kQGHlg9MAwIX8wA2B9kVGZQcMgFORaEvrCTRF4pBfP7CRMVfqMfnLxN+MXvzbj4uj84Ebe/5Q0SyfA29OsGDhnq5UhtyEaIAo73aJYcgn3Fmc7YQV6QoghhG4hy5ZTfisbltVAg0VwSH1NkNPJHrBjZBP6TF+blBJ4OIpLa1kPiXytdPSUFo65Oflfc5KXvHUiUVCIwugKr0Vbo+qacdi+yxkxrNsahKmekRl7PP1QHpz+txS/SHoDp4805akbLVwuVIXNrmhe15EJkvK9Ssp7tZdrU9ZWZsH6UZGy4HVvFK0VfsWX3s665+1KzUPIxwl1CmbnBcz2X8HDopC5BzaeVSObEIrWqlIVh70rWL5lJh68W2Cd1msDIRDunD5qwZSAg9LzzNNe+cPve0yZt6rYI1A2TZqoj5ZnOgjt58nTbpLtbJlcO7MrQ1Btq+5fx89tW9y9BFuKp3pLvlWp7wWgkYJTdfUDQJmQmFv6VwHjAm5Q75vG5VcCZNEWgZODRp3TAimsL5uCYXZtIwNbwxMYPQXxZRPGN3LM7NFiIq+mgk8qDsBUgJRwMu0E1+hlTVUQvzLV2kJLsLZUN4MvnhuBoNWGUr3ek8/kb7vVwZK+OI8Ma1ZZcF2igqQcakOLkO5/M1BL93UD87+bDPhnk1b9n5vH8easIOH5G7rrxdcGYr6DYgFbHu6L6RT43OSkRsc3chBC3ogTNcVeSWqTR1J48ytBqKJT4f61W6Y9Y1EZKUugg1ZxG0yJtdQx43TG5FUeECGU+Pfbjs/MhQrbZomPJ+1NyFk0lzRTT4GDaE3iokfXj1erQ+ZBSze/+E3vM10LiqOgUoXcHc+sc6HuJQgIgGePG2oM02XOtBdktO/U6XUSyBbChw1n1mk7Rb8waxABT0GwKIiUClz83MXqqLYBmcoP2GLovL7CS46wUJkYUVb5+l27uzPokvWVfE/mE/i/jw2sqXrcVZoLm0YA3kuGi3zTZSSoV2FVcZpMVOd5llrYAlmEGhD4Cul+aS7fNGokPRm1dcsndvjHdOXN0VgwRyAaeu1RkrsAj62bsLj5Y3Z3dXQ93o87yFZtZgNCAp4CwSodPkOyM1yjPk6KKTIVPM8xDisDVRCzHcnMPs0h2cM7RG0WN2ffq6HvrsfdY9BKhXEALao6izKULo3J2L9bq5gHqJ2LdkzzNPjcQ2MsMWEgB6d4Vwz643rW6arWfIQ3XbRN7CCTug3Sy4eAhAbqQl1KuHZ12DIT/SmueRUTIE8X0LltwDoioaiN7uMgwPZX0+zfbdlUq7pvGoSI2jVoMicoRyZO2ofpv0Ud8lp3i4qcsNvB2lrFppds1NiAnkGsyjS4qiaUVhPhdVMdfni/uiLs5Sorfc9RwotZrUEpAZLldnV7ifjrggsqvDxAgI+WsUybisrZVEAan33QFBD6h8eaBe5ktR3KKqm4dXIjFlt43Yna01yV64lmPzY3HfgxrQYB13tHyULsftRS66ovKMlXg/U2oNIeb6YHciMKGe7A98f0QiB6G9vVpquXZaLxmZppNo7oJsxRyEDupT7gL2w+lp2NHaE9fna3T2tnSc6010npsydDNc88xkKxSbZ27nIaGWGypALiwyX81DA+mMGgZ7FQtUkx0rvgUP4PH9dT9Ql3nlnq27uVsvmN2MY1AyK53v2Br03HZ2IsItULgt4HehR8FbPp8NHYLhaJl9CbVQ6B1JoNlrpE0WjBALAWi482rrD7vZRjPkyl7PidLZdvRMUisK7AB9BZGyhJu5DUAvpmF99pH28Ptt5szOi9sOLPaziz0jU4ng/LzORAllZhSB2CxBHqz4mDxbyJRRQzDsniJK9li3/bKW2g3JPy4M5BK1pbXnpZcMVIBBKJ3GiiHnVita2579SwNaeF4iiiGSocyRYLUVRFdfVVmwujKEJtyB8czlOJLo0pk/Pa7mdWWPHteSoLW1Y9lUy9M86ujKpzu7V9uV33fmc/1oPMbxAC+ozsMWOlNAiox/XE1P3F9uD3GVRUYFtcBWcjsmFXYBcNahh2KxpgWg0TX5Sle7dXsuUw5aHHdGNGxJXRrDOorQ8LPJsjBuELD1UCgt43aHzm+1dKMVt9RWN7N25sR8RmpMAlFLe+1WBmQvFoCEXQxRKh8v+yWYP3e7JVETQvdo9IJOaj4WhnWusz6UUDFWbZreBE9GEaLrtbue2+uuORzV+bnTzJi3wkY5V24toOwNL2bRHdmjcNlfw+Nu+VBXBOV1lVAdFnEK5NbokbdEU5mMEkLKxnYJSZuBdLsNxIAqyyVzuHPMAGhxfVBAL5zVJaluIB0EiFp9aqXNElpmgCld4yB0Y2soNSv3LUcEgnc5tXuUCVKBsnMK9izyxVU3Nhmya0bmxDFxJMSn3EJU1ef7q7XnMnCD7uBNza5VPrDkIKw6DRnFC7vYrlGmQi5unL4DsmMQ5OgdJSLUax5c7Dmr42N6e6wsmTGj+rZkrmtWhb6aC7hrsnBVE6A0FS9qlLaHLgwXdWXLnyp/R8+c8Cnfi/UA1Ot85i4GCDdiueXZRCO4gNsNrfbwkc45SoNqADWCfqJK3R7xBoSAz6j1WZ3v/CHcJKfCOURRJj3tGeKY2oOe68pfL05zHt49BGKeeI/t2TouAzgedyWgxUAuXtnaQKTcxBngvuEo7noduUL1hC4YOTv687t7Kkv/dE4gNedqJdddwMWrFrAr5349R56N0jjsGjhHyukJIaeYewBlTLXr0GYElGRzlO2Mz1P9LNzN4XowB2e3IjbBkoUW5rGwCFdgIM+G4M6HT4qNjYpaX32tWnDnJDTu1MFseWlJ5VeoEKEh6ePz9ewR1vZaOlJ4IK6Ut3HDy6XlXX1xhfK6BYatDt1WvS0eKvuIPO6k1r0uSKrtgouggHalgqW26TaPk6Cen3XF180Ztr6elkuwMVlgpAsh4A/pkTyZUnDa2MrQn3y5gMxXtwIYUJSIllvBIRUypdWzWt0WqyTPrtfVSaUzMzm04F5A3Ib4/wJBQnHXN7IxWMhlstjFsdgd+b1xyZJLDQbZh2ZLoNlQXM86wj2Jx8UmVFct5MOAuq9pc11W3foIbbYOFOEh8rOQ5ecrPpS2kXhquWEXW8jBRUbouI+Vp0agFAc301sIZ0zB5Ck3vYQHXZwpxXx5tPVofbIPfJoZqTdo4llkoVVo/Bu/4bnOZevcYbztmtmlYcXm2XJOVdtc6zKV32rHuXm8nSCHztmlCTKB9x6UzV3d1Vb2LW0VNxa5fiYDETOPbA18jUT2ZR2Zcstse2EBjs+yX5gkME5k3pcggohTk+kbIPzjsixsyjLns92SST2XvN223i0yCf1SLPeDf53L/CCjR6MlD61UPuByDdXJ+Fiuir2pmcwMnjmh071UHHePB6E1z6tmG1KuGDOp0ER6e1jami+fgYvcVw83vQ01cUH4jiyqfRisKEaKqpNXt8YJqMn2HsuMqzzEp9IfqVxVkuf5eIi4myYbCFEiWMk85eNyuWVW1KOlDuVZu9QohegsdVfwhfSAfCRlNVhQjUvmfM35QGeLFLnN8yD0kJY8sJVjPGUOwUmvMRLVlNTs+AR3lqWfy1MFceODcZR9ZMz1m7xd2JooF8F8r8UIpcNOPCkho7e4rkKXdVdJsAL69SIpPFGyt3gOBk9OBtO+4xBKWNkC7UD7z6mnZGuXaaWE2jG+ONYyCsNnX9h9pBdz7b6fnx438rpPoIZmXOIOofGVei79A6M7XFlnWaGHB19+6IkX3GODTCBwmCtuqppU3By5rT1wm1mh7/Y6Q1eEH57dTU5d5+Q1LXdAb08bWXFNQ6GI8/zsFdZzRS99Zb2/7J+HshEP5V5/bsVbBvyHVYK7UBvqakxozHTP2a81br9mqXmZ+LuMn1kUfb62NUQCYTT4h6qV/DOPoIDERCrHkHOKYLLHPAqvd7NubnQ8581EdoS74x5lEM2jU/XIGzZdEPWJNA7ZM4MesdScYold9uxpdqBIiDUdGQjWbpYX4ITsQKOFZME6hA3vtRIe64Ff3h7Ddh3PqOdmrkRok8NezUSw8J776NItqKNQVczqeSDrazDX8s1lQUv3G/RtOD+TbnWRP738qvZ7DmwsLXiq3LUiqX7T37Rld1mzklmTZ0rehDt1g4nBBYrj22pM2Ch/jdhfbZpbr27iVS3KTxWq/4yeIQ1xmT9Jmk5Dg0J5IVaj7f1DR89CSXO3QLbRv83vl03pu4hjN3ebhppOEi6CuQazBCeCfLUU7yFyCTmWQdx6oUTjbBfFPc03yc1Kg1p9lrsTjiYcVVFHQlLmN2d7uR9Xj1lxuLlGdDxtLwzy3mzrrOiVsaxnV2PPSZpydARJXHqFsLGNh9TuwGopZ4dKo+bh/bDVAuUY5fwuekZi7hdbe3MJmpDybxFlQwSgpDc/Ev+JGAnPcUfQPWr//BCSGKzuiY+CCOsiFqVsLfPPp5g6qcLzGXeCW8YZNANCwz8kUIKt481e2CfVLGJcMLC7tg61gbe7yInSqhYqa7mnlKvahaWCkrv7hn3ZbXfKUZk9d/NMXpM7mZUfEFvEy80SOnvxZtf4Rh53Wz/rtd5ssrPN9Ya/o26KG598I447hV4btxMrzIgAW+1n7CyT/gF6BaHOPTjstpwlQTenvNTQ/chFlzYzuigv6kWib/olQYo48IsMRTJ2/E3X4p5XFkXfL+6mFIpKXB5ydE0RYcP7fdt1PGL/OLyQs1K+c2s+LuitqB/hZa7YzrMsBm6z5bJheZbUw6M+Vb1WoSK10ORyIq2a54JjgQxdSW63vY/RLcvZ67sNy7uKMlbP/4pqeeL7R4dm85+r5b96Ev9Pe5T39edF3uXy73L59+f9eX/+/M+7XP5dLv8ul3+Xy7/L5d/l8u9y+Xe5/Ltc/l0u/y6Xf5fLv8vl3+Xy73L5d7n8u1z+f/d5l8u/y+Xf5fLvcvlf9HmXy7/L5d/l8u9y+Xe5/Ltc/l0u/y6Xf5fLv8vl3+Xy73L5d7n8u1z+XS7/Lpd/l8u/y+Xf5fJ/brn8jPwPK5f/J15d9C6Xf5fLvz/vz/vzaz7vcvl3ufy7XP5dLv8ul3+Xy7/L5d/l8u9y+Xe5/Ltc/l0u/y6Xf5fLv8vl3+Xy73L5/93nXS7/Lpd/l8u/y+V/0eddLv8ul3+Xy7/L5d/l8u9y+Xe5/Ltc/l0u/y6Xf5fLv8vl3+Xy73L5d7n8u1z+XS7/Lpd/l8v/qeXyDPnv++vy58dsub1uxaV5r5bb0mtavf07/VNxfBTGkTUdllVzKeOy8HPx21kO18CjanZcv/6tzbZENe8CCU+mUdP0VjKgQfxHU8JTl+aaT1ejLmmOqPv/sNOR++mK0E0j44P+dVDA5X7qhA7dz9e+dcNHr37j+tCivtuyL3axLh9VEP3WowUTsRq/iqPmNxoyX/NAFeV+kzy/n8ivfwCC/v0HIL7tICJ6e0mayLr5ePFt5d++36364odlO5Ezzv26nn7XWdQEl+ngXBbNtOGQx2nOr4LXIbrsn+oyfzQR+HYadUry/PUwRVEWiLnqpiqz6NMTFiy1oPATFuOVwyQo1C96foX6/vkV5iVpnwSSpL+QSJL8055gYX7aQPAIk8au/CT/48+yfP2gys/PpXz96MrPD6rUTxRc6yC7ULyx0iiv55jToXsEA5H4qx0RCOVzS4d02LO02rPP4AphQgpalV8O4TVIlFV481a70rCUQU2U2Jf3N4+6EK/j8JrnIbF+RgKRqDxoFUHt8b+Eu/qHrjas9eNEsbmSMleFvlz0oWvd465UZHOpZARsL1LmAGKtZzotVQmNB/Q2FSl1MAlFADF0tGJVVHuNZxh1cCl8blA+t4fzAJ2Wqej7UzuF2KbxoKUubo/HGdbCD/3a79rxcJy8TBTZu53kdqkkKqmmcb/L3GQ7fDn/TucZEq6BMAeR3aYq9A1NeC/4L0VzVx/w3gy8V4/GVhOGNAcFrbnbpi6N52RnrzadaoHXeB0cj/7WBsVLAvT90NKg09B6+9d4Ig3bD9/uHXxrw3+MRxzgXnnXvD7BfQqpyy2UnX+4JjhuC8dhUb9tClgt3QmqrcB5qiQaE9K4hb/hPos9nCPcq3hcM0SOqo3aOmgOlNqPc4A0Z7RURPOg4N62ahrgeep2NqB1wDnSmuD245qdHu4PvB7D62I7rhXeL1XhnorsOIYDr+fwPuZDhXPEY1iIHrBtwrC64AxobuP892juMW47uMQ4ZzCOyzO9mmavc502ZGM7IaM06RMfFGHpH3e5kiyQC5pojGvXi0CWCJ/nMsjhGloNnAmkCdxpC81AoeFq4ExjQh3galMRrZaYZkhpgwKpofQfq0nXmMK6INKIi+E/yE0BqQlmh1a9RRwLOUG3mA5y1qAjqlqQqoIDpSd+aLCNjlfpPrQBUJCTGNgPUjNu4Q6g36yJdgnOQxtcvCsqWv0QY0lBHIS+4ZwhxVw4Z8h1qYnHU21M3V7tYXth3Lkf1/rPcRemZhMU+9qzicQ7evnpusw8XoldqrsFPNmHhy6H9MzD6x5qjV0GtchI3xTAeWStincarttGWgPRRSQwvSCXa4PzWjOtCmj+4kgPNHdHRVzNorXAdSKaIilk4K4zcF9gO4B3XkPtRtpMbRFnZB1cb4xpniBpugh4PkLM6pjOCuK29tVOxdyLx+qxBCRI4yCOVOBYKj1KC5JSyBsjDQcNSy7keAHus9giWtOajXkEagqHVPE9VXg9Y7SxD6XbSAIVKPkZAzl25DEhpvCYPdoXwI73BIw2eGN/O27xXiYM1BYxO/aH60D7miqQj+JpzABqPmc8lypwTmgtDAXp2o9jBpSGpBiOqQmAnsaE/OjSY3/oviCtlSKeNikNrhTRX7fNqX9MjP3h+ENGTv1pqIXp8bpL6Hbw6f4t2uNOt8EwykNMqrbn27byTcpTZaSrrdJIuiGfkFD2EH+33+SME5BWRtrmQytbWMNMbcXum9YQR407tu3g+gk0FwXReuQrduRBZ4AyFY9rQOO92n3Mzf9kDWlfzgnPUp5G4qaRLM6N0dIi//t7nMb+Igw1pyEm/w5FzX5GUTT1M4h6nfvlGIr6M16a9Z+MnLQfkJP2NXKi8L/fRU5/QI/a8YimoH5QBwchHjgXgPQgpY2/O11U0ffUBulRZKlVcpyfyKBvZHOgLpjOgVeb8bcNdRX/Meb4bYF27Mt9kgUlhTqOUTNP/tKy4lbb45o8yc5Sue4p78A+PdmEdlmr/SP4kgIepKZtIytgIs1MYmtAtEgqydGyMoNuS0i6H1B7EaO2UXrNwpoAaVYGUwlrLyT9MblPkRQ7nUqoo7aAmmjECq8xEP4KaKTtp/t0o7b0VKyRBDQesmDYwtJIe0JrAjVHBq0W1miQSpArrB/POT26H9J8arpToUVGY3Xj/dwWYl6Ed2msSZFWGwJiXDPkwmmeOrZIDtwtMGk2uA7SReskdAFpzdc1ZGliiMXAtzGh9oX/JixtMqr1op+mImulIcQB+0PrMcB14TUg6wMtXjvhvmkciCJe2BTRYupzGPEzga0fWpvtDja2Hg7CZ9jKaVizw7WlEIuP+0PqWEtjK0WMVgpraRrNHdId7l9Gj+uBnCx4L8tJ4esWQjEY7SDLSUCsivurgtNN/VmMGKAfoduXA8KycO8gNv3UHlp3aMmYydLCdi4z0jaYLCm6n8hqGP+iNTjk2H+aL0IHNrKIYLSqgzPtjflCWiRGMBizqqSNecEktMm6qAPC2FACB8Bg/kAIAvM7aieS2si/o18x4usWrpkc/Q7kJ4QCxt+CSU8Wa4B+Dj2iJ5fVhIm3IV7Wx32EY07+B0QoNkZFJjth6GGcD/IPXEof+Y4YZQjxj4Poic5BCytOPoPIfKAkaOm1EZ1B9OT0LzpqCDWj/gLk87E/nFcwTFgdy5iG0LAgHRAaQ/sLefB1De0zlNGPOfQTksKIDN4Logt35JsU8Rz2O0ht9B9JLdVG+kyyoAqjPzL5lx/HkG+JUTYcSiVv2ojqsD5A+qe38VrUYZorBRELRh8QcaJ1kmi/Jx9r9NcwbzrTvqPv/Ut/TDKvsEgHaZjHxdG/tDHv4H3HvAD925FHkXwiBIj70RrRjvIkZBP/xtBDwehwwHuG7o32DMk8RHTT/IYX2tRGjwP234+yL4DXOjs1UxGPQb5y2ekcjeUA0cx2PngI3peYUHc/tnM6DVkLzIsQ0fWvdsF0fUKhIw1G7wnLy0uXrP95ZPVzfOpzeOvz3wr5BZhrRn8fSKaJLxDX7AvENfuzEBf1BeKa5fC2XJg8v0Nes/ujROfhUpu/+yOYArBFAMkRVd+uw1/x9I3HqW+oOvuLgRCm/XuNQS0ah2Rv3T8eBTWGjc5+8P0glyh/Rgjf/dyVh138pEBzI/Rbk1zhrUL4WxmB3DgupNo49Pe3QzgPz/un05gsr7M/YFNEmt+PzP4KPpr/Ph9RxBfxT/rPCn9S7O9Dd/RneG7//Ooha5VFATG5f3qNQPw2VZY/UGUx+zkqTH0VFSb+NPn6PxrWh3ovoqPTpwj+DwH/n7fxt9ni91n737dJ5PKnTTL65lIitSU9igB7lP/Vfui/LYIvuS1EG58j7QgVfWqHo8kU9LTgWDiu9a0t9Ax06GdChDQiKfSduwNEHT/0B5/btq/xPscmlcGBKGUt75JPKGHFXUI5fnmOGJVNCHLQENpCsUDsoaDY6RQhToNhiu8gb2VE7RAFYfQ1xs3iMZ5rTjG8jBoj1Cj2O8XqbMDsU6VFyF4fETCtYe8BIG+GGpEuQuW4DaONXmWr4dgmQOiOgYgXobv+FQPF6LaH88b3QG3M7+eI0K2wHlGoEDPj2M6IrJBXi70hdH918mjU19g9yp5gxP7RD3l6o4eD4552BumDsxEohowRo448C4wYoRc1ZFNGIWNUJx69hBR5yCaKWU/zdDsNXUNoefBwP7iW4ZVp0EUVXYOegDJ6I4M6xqjToBu9G4BRsIZoOYxeN+TJKZsyekN4LWPMj4UeyRT7jdHccVx49GRj7N2o4xpaTBfkweOYKo47s2PMF9IAoV/sQQVTG4xyWeQB6KP33mrpRB8he/Wj9b2LowVjdgVdU8c12Zj2KObfaq+IAr5/BtE0lpMOeV+IZ3TkFY0ZopeXwGAvlJ/ikDjzBdeW4tg46kd/oHXr+zaqoEweokNP9GG09EVnl5kiF/gYek/khOAZbeTrHssqjr+KxLf9atE4wzhH5MWLpIXnmA0avKYj7xh7itgj6Sw8pog8Jwqunx0zO8jDRLyH9nnkz5HWDsoQsSMvZsTkxRA424M8+iH0oTz3074jz41F/IO8Pw15V0hXjOtAc2Um745VJ88Tjt1NeojVsrYb49fKpGPiHsoukivWnuRU4ydv3tawN/wtlu6y6kijTpuiAyPf4nj9K96OIiiQ9goxRRXGaBLKZiJeR33siZ/tcQzosaPsX4ujHDyOzLAvnldxtg15d87Eb0qnjdEbqJ+QF/rRBkV9evUlF1OuSsOxPNyPHdtAW4FogL3jiZfTgBnv77b6KCfE6BmPMjfyMHjJHDXKGpIzs5v6DVPGkxijC6gfmDxEkZ5kh9Resoo9RaSbsD6gcY5gbDPowsh7UMf007z7yeuEOk0a1ytgHUHhPE0PcA5BG/MzFMqconzBRw5NCCBtUWY2YMY+ajtG58RWt6acDvSkUeZSx9E9FOFC+hjJKF7DGHnEfVQa38eCe2qr6D6TvoS6zd4JOJ+FZdDBEZtJPzBTn1a31WlPzVFOoG6e9p2Zoi2kjr36D9qMevsz/ZAOEjThE41xxHLKA057g/IiOBv6sTc454dzYq82yKYF5NQG7zvKQmupM/GmO+XMFEZ3ML9AezvxBLRV47yVYeIJ4iMyOmaHW2TPP3Q01Hkjbfaf+BXtCY5UjXzfo/jyS6c6KALI4AgWoY6yg3Km/KQTcLQW5a9i9E2Pui5rVRz/VijcB0UuES/wSJ9NESg7o8Y+wWSTVXK8j8Ii3Y/Wj3KNOoqEYT2n4Mw27jNFoL4dXw6IJ1UH6xOkg2lkQyb736JcJM52j7oZ6Y1pngGSUXqSGyQbNKKFjnktQOvBtNFwjB3q4AHpBpRBV8f1DoBE3xrGE+j8uKbxOEM8ReM8cvqirUiNawxeuWKoM/Eap2gz2k/Iu4jGYwQR5/vQMcqFjbSO0fGYQ8B2zaTGOWXUuCZkr7LHFPXDeUp8bAPyg86iimSOnPgM8yDKgY88pUzrQ33iYYp0kSqB+zATFoK2M8N9Rv2Jo+TUdB/qI/rmoD7gJSs90tOjbR1tE+QJFtNNABMucns4N8Rr0xhxO9LLHKNdqC+0nTrOFIy2SoW4yRwCjPtG/aB0I1ae8JcF+QHeD+3/KM9IH6i0LUz9Ic5FeBbek9SIFvENO2EdCmEIHKXFNhjXAAyID/Qx4kYhTKBiWcF2AFdJIJuKZONDd2L9iHggmyJ7CooMMhiHj5E3iNcuAqbLRw5biTE+wroBR5SJkbZYnlGkjx11ojthE1xB8rE/yP6rafZpTxF/ID7/2FN2mvMHH+C8rqCMtRCCO+FOt8N9MC+N2FSddIM24Vd9lOsppzViY8yPwpgjRns46oJ4ihYDahwjeGUOhmn9WI+PdvKzHGFbiiLyiC/GPD2U8W9yhew89mHQvPop20Aj3TTazgBjC+g7DGgt0K7QI/4IXvpyyrkj3JIxn/TCiG2wfcR+BbLZkwwB9gP72OoUDX+NmzGHjMC0wTKLMy0IN6nD2B/hB7H7iHoPY3RYw9Fr1F/pxxqHaf8xrnllVtRuym60OFqL8AqO/uNsWwsxKLo2vLAaXOvUT2GmzA+p42g0wjlq98rmjFkUcaw3QHyH8SCKgqMajHEPJxzW4iqicZ+JsR9oMbYaI9VjbYJt0h++zIihmJFOmKeGMUIeExinYL5Tp5oGkfrgzTGryIy6H/MvO/XDUX39ZTtxP5X5kIOpZkKfaj9UIevHftkLuzCjr6cibD5FxN1X1qgbq6RQFFwTRvqCCZMrhPrKItnmS7Yn+ga40myUf+h3IH5Dzx5NOgLNCftlk1+l4TExr7RT/QvkQeiXYXvvIr+ChjqJxPVJYjvi5xGHQy7yhDFj6UzZBOXFi9DOjfgH7v00r7ifdGCLs1MY776yYhk1rWeYqs8YdcLRcJ+6lz7GNSbYP1ZeOnuqJcmIqV+vvfb9AyfB86I61a6In+zDt/0b6Rh/3vfRzmTqp31/2aJv/PKyV9P9iJdNe9XCYF8AZ7gmPhdw1rfDtsT6xMOj7ZwyiGI/ZZn70cdHNMCVekhfdeqrTgvjSWSjVXbsp4x+GrLjafZJHj8w14c8IsylTvVCYxtss8lJf1Ej5lLbSV5QNhbZLIiDET+h9aC2L0yC5RaOEbz8Nki/8KN+Cp+HsjbhoMlnQHYI8ayCfCsWV+v1OFbU7VOMqfqx7gafR3PBGETHvmw24bB48lHMCe9lzNhnrIfDGbHRt8T+84j3xpgJnD8zYUREuxbp39EOKtSkd7rJlhBjpSfyvZV+sp2oT4erIif7M8WSIH0wnh2wv4BjSTE5Yq+AHvsErz3qxrlgv3uqLXvFkYJusgU0zg7ie6vshLlZFeljdA97jD/Btb0y4a/4E6NNPh60g6/sYId5GWeRs5cfQE392EkG6NFGoPtNGUoB82SHs/X9lAlOJ7uIfUSU5c4m3R28cBIx9sm6D3m3xzozON9JT6ivWjl28unHmNVUCza2CboP/Ynlb6womGzIqxK0xfTAbZSplhHpFFxf1k9tBvWj9g1Mvp5JTzLajTEZpOfiiR5Zr7/w01Q5AOk56WYRYU+cLf3Quzh2NdFoyl5qH5UlY2ZTt9eT3cW4mMHY6BV/xPuBsq0O+3kfx4pZTfi0j9jXnvhz2v9sytKifibO8iLfUxdxJpieqin60Q68eA3PdZjwDubZ0T6/ahExj05xhIvwjY/HWIP6UbXxsq9x97r/h30fadS97DvE2BNmC3AGHmMipL9wzafIvOIj6hhnY8aqExxD6cd1O92kv6iX7Ya8RE2xF4jtWxzDe+lZhF/2KY7rMK9rGG/juE421fSpr0oYVnthzlcseqz2wHrqA3th3xr7YxM2ytgJa2BdPlWUvHDWX5O1/qOJmtdDUcwPxYP/5trBn5+/+G/MZP8HZa1/ER+9enxinPlfmrle/N9M0f57nryavaoKJrFn519UHiyX/zNnv8jgzv6sPaT/fyscfidsfyNhi9p8XeycnuS8/bp0GNMAFf6zFgQIEAj08LvdpzlOFiEgbUGAOZ4XIVAQ+0NG4AdL4HE3nkdloTi5hBOaFp43bs+iUuHffhimfQa0VxgxYlb83PJfXJj2o1jT/7P4+SHnv9Si01+9E+zXWvT/hS3+NWDA9aE9gecJ1S+gdkBlaVZUPRM4DzidEpWsidBywCnUEbQMl9+38P8AD/xnlKvNvhmEF4Mt/t0Va/TPJuI/9CH6uvGrBlQVBhUBAhRJ8DotJfnH0EX4ajRhA3hmuk58hRRm+POvIYXffdz+JbW/+7j9q+EPD/n/ux7Ap/8JGPhfBSHezx79xc8evZ6QRM9toIgR+8qSq4M0PichAPL1/PZUYYCfP35VnqCMxRRBbl+VZJq9H/um2VTtA6ZnJWJqrFRCzzTgaNGrEmCKRIoYhH1cx5GTV1bZbKdsAjtmbfG9WXt8IhhFdAZ1745PZjpqP2VWpioY8ZXRIUfqKuT09DCDIyfj89jf2uM+6GnPPXpqE0VIB22MVsN5TZFjnPnF2SNietaI0F5ZoI+nQbMpIgTw809jBuUV1Ue0xBF/anrWi9ZfGZsxgt3jSBJaE3qmyt6PUUX8/I2Cq0bUMWtHjlU3AK1x6qeQUwXdMM4XPTMUT5nDYIoIOa9nh9iPvUDPptg4qoQii+3311E0CVVLfYyBnxEaj1VWE3FFIaF/3EftxkoZlBUzv1Xmpa9KRNBO5+DadipuN0YAx3UTeLx2lCy07lfWXOymdTNjZhdnk7pPdMZZEG18unncC1xBiLIaH/uFI8Baak5PBWfoWTec9fl4LkuYnsjGz3dgHmOmp85xtdyYHcLzn7KlU6Q8VSe+MFlNumnf9lMcM7ykiyty1ImPxv1E9J4qI1/7iSLAg0h82k8cAf5+P3Em7PN+jn9T4EO23B/389P1137iMcYKJhQ551/30aanj+NXFm6YnokZcNbOdqdqRqWd+rYvmkGZR88pvfYYV/7p+HkiFIl/zddtp6g6++1vUMTjU89jxqUbn4YeI/BTNp1Sv5ORkaa65E73CPFT1pjO03NY8NwB64ohFMZ+7lTBEYzP0GGZdEZ9gnkTR9zHTELyTd41wZl03yviL7bT81no3ZGf9n76mw0oU8ejKO+kA7Eu+OAdXM2Io8rT82+QB5lxn5zXc27TdecxZdEofarw+O5vQziY36fMAtJLziSbzksvD+qUKRnlZHwebpIvlB2a6OFQY4UTksP49ewZqngkP+R1HI/W0vww8k82jHoUvKrGqDHjgavW8N7iJ+OndcD29JilGp8F/LiOK4zFqdLE/by/ODqt5e5rL/9Tn6FaUN95ErMZ9bOf+lc+Q0X//PjAGzm+keMbOb6R4xs5vpHjGzm+keMbOf4nIMf5DyUL/3bkyPz/lrZ8I8c3cnwjxzdyfCPHN3J8I8c3cvy/ghwXxH9YzJH5qjbmv6Fo8VcEiOc/bBb7xR+HX3xRavKnlSe+aqP/eCUTIhDxY4XR4taNRT9/tFTp9wb6l8ql/sD9xuqo/+Hz8hH+G0ueMbdPnT6OJ75e/Bpepanv/2QV9cWLDJZ/ZVUU82eUweToAucHWYx10ldK+muv9Wsf9Ts39h94rbcCeq18suf0XUts5LhE74bRLOciOuilxSr6n6Dw40uPEz0t1vC7HIhcNPc7ptC7pcW0WccW0Wp53KO3FBfFUzkL8lEp0+yyYfkZyVxv0lw1wCFnFJ+ODa1x0atQKegfz+fzJ3+eu5eUao+BcIlF9MpbBTStdFHqioy2/bDOjNhce4ofBOklEN2BWBr2gO70mDmRlHnX/WG36gx4ZmNUm+pxv1ZLZVWj9/HAZaWz8dVM6OVT6BVQSqKjF5NJV+4SDuhdQwtb3VSqv+6ekZYreVdy+6Km2oZ/+JejPycr77llC8suAt30eLi912vMiB1gCDlFr/zhIk6/riv07rDrVW11bxbu0Zt91ofrZovmqRZakM0VMl7ICxa93iwiXSmc23tvflC34cm9r5Yaeh/d7fBAb8B9LDVZCljotp8h+XndRe82OlsUWk4bKfUgzvn2VtRsZ3VrydqThfk80IsBvejszO0tizB3c6tYCmazfxyCZaacV51z4ANl2BS8SfnSPeYK+1lxit/VLa9u3f7RqqA5DldvsWvQmwf3cNz7QVrK1zZ/KH2sN9l5aQqOuXQep4bk0tUxZpKtwHm8Wly4Ym/cLjzp0ojCi8dW3eSsO6yplWFf1+hdwcQJ8cZOecKT5Tq+oNf2gf3RnkUBtdNJ/5730loLmv0zbc2Nt5KC8O5FW0E7p8z2gV6TWM4WaXQXmXuIXjxG0taDitLHPZU7eqU07LZIlXKzlV2Jal1Nv2/YVneaJrl12coF6IVsK6080cH5/GTYkz53Qhe9s0sLN33G0ASxdsS9eTX8Z3pqTOYKioOkB+3eMOXz4QzMeyTemWzonzPiQBslHz79WVBupSJW8cvjonJtETRka0mkq41y6Jc7UFjoLc2r2vCqbB9Vy4tomsHRJI6do+6PhR6BXlRPi4K4pJ5z23XuyKXx2reOluTozpAXD6PN6IOgZeh9kKenfRX3/kVo10J8FogZu7KE3mqlcze/syd6oyaXhV7Hg1cZ516yK+2uRovh/HTbc3PLnOqwivXDyaq3m/LenqTDYKJ3lN3KvaIap22th/yAXifGxIDT1hfpsu/Qy/juZ1CvjujlYauTsEsqa9UvgINecDbjdGN9OmggPyXKIPc79AfguERVz6Wkr0PTUpaHB7XXrhefC/lOgU7YtmzSunf79Ym0F0sfs31y1+9OnaM3nDmny8lbb06twB2E0yqXGr5M/WRnExemzAxn+7guTtuLlhocWEmQqa0OxGUn5Ecng3ZSpmLumK1D+nI6dNKZ1JZLUFOXORM2pH7kebfi01OlLJVqS7qVJBRDfFjea+twsc6nTt/3Urd3zXk1JGGyWWrbSgotQpeGRm+6FMxXuZpf1Uc1+J5kslTe6jdXqdiVnnf2jZPnxWH3sKnbVdjyW+p+qFdCDdxHKhfsJfbr4zGcmXF4MdZr/twFAGSyRkqPg5WE9nNzq9cdd27Zan8+cM+gInf+Db2X7TFIuWAaQVWgdy3Olqf93hVtCZhz87I3Bc6+lhEnMUkLaH02DLwst3TQVcm9LufSrMw89NZdytb4dSw183q9EnJSgJKi2y2yfdxOR3u2MMtZynea30c7O3q2Vh5Fm/DioveQZUl8SmbkA2yCWl8IDXPhhAfXDIkCdiYr2vR+75SgPMdFC4hTLYfoJcnEodGublGUgkYya7+eA5pOFieo7aDhkNaeXTqbpOM8WTKzvlKzONMrsCYr15iB55q+2cmRFzrpuTPUMIXCXjAUQct8oG/Ucj8klQyaKt/tgeTa93C2DmY6rzyMFXPacsZqdmFPzPlCnBayu9ecuNHrhfZYIjMQq/O6NI/l3SAWEn5h287POSYKFrPh7p+OfM/c43vZHWqwslZXbivrj1KbHdYVf/MH4krPGMfdKI64lmQ2MoVW70w3zEzFyPKnc67C9VMmGDI+tSndHOunbeZz0xdzAzrARUde9HtOrh40121F1n94O6G8VzZI9VaklawrScWdFUPil2rmF+ve1orLxhclkcrX1ap2t7uTEhQzOmHb+JZ0iZYvrptHC72Fe3NioqaVV/vT/iIXWlnf5TN/uC8FQD9vT55G2u4AilkT8SqfnIx1fkAvkJs39bOKTs8DRdtId8OBI35AjJE2XHU0dhxXG9A2Z3K59Q+iRsrt2oltXiC3Ttk81vzqRqyc3QaZPwdEO+dcBgZRUNf5PPbRa3vbVaVvi6Hd73M5Iq9ObIGWTuQ+Sp6ljJTaTSToW5h7x9TWYzNCbwN3lUfTr2grT3Nnvj/RjeluV8VjrhWp6ytqtl5w4VPhq42wseM8OZRWUjd0X0q72h7se+nEHd8hexnz+fNy4yr0InRuow6bgT4EZ+90K1Y5sgmXcxaUATQlSn5eKyGnb5yGlKwCcBZLBsl2eXnYB9m1H56uze1hn85ruWOEvX5U/Gp3QBb3gF5Be6buR1V/yHleHsjtPg1nlcB3wiU4qkPGL8ITmYdKhQwhBATSnkB9cuEic8QmluJQM91rxxy2uc5usvmMO0uR8qyvG3nHSTN1lVy6EgW8+x0l7kHCjoCmp720mQf6cr9P1x7K2UiH8rxsB0E4AD3S25quFtvAFsMeHD38omTp/5H3XjuyK0uW4Bc1ENTkI7XWmm/UIqgZlF8/9Dx3blfV1PTTKGA2sIGMzKDT3dzEWmbm5GQdDL6QwKoJB7eB5T+h7QSZeNl13Pmv0/TA6y+fXv/NtG6Ca8Itgkv0gY3V0CXn/YXg4Bv/buspYylp9Sr1IgZBA96JDTDCKI+8ELuZRWaau30/sJDbKuQlniAF3rouRUnpqwe2e/Yi5lxz+qHlkiQmPShwffz66K8opl8W6aNNaQP3u4o6i35Di1R7TWZAhKwB8JW6LjHL6rzbtl/WcvmN9ePIH9TKq3qWUZs5njxhf4MHvPfKMrKU9vleBaxnHsdnSDAIhIGbL1NpuyLqRh7pHsVXNNU2UkMWGvAi1wKmOw681ZW3aZN7o0AfSmq70Spqe1TCLbH70xTYh9hSrueTLmLXuK9ZpkyyBb1XTGIySyLhcN9TVSaw810192+sQ30gfKbR0HZRZ222qNxf1Ol2mPoFr+MSoxs5Bp7quv43qggKYJ9Lsajl9Y6Hkn2k4PfbLFRf7hk/8EZdYSjutuD1xDoA1fmI4uuyXVeAd4xwSC8Mxxz7IpwrDXDMwrcnenKsJvLSdipLx2L8aH7oPbxDRlhos7r63Sdtk6jY7xxYniFOLRdZiNXgCjJ2gnv8XsW29YuA+cFDOwQrMFihgffzN0fQM6Z4yZp9QKSvGuuP9F1k2L3jI1D98uMMZlQcZy/tS9q9mh+MeCBS3mVboqdujRtGn9G1y3WJFkBOrOBRwJp2/FU7ZseDNSRY9qoymOQ3ZlZXuneFDz3a10pHuQf8V4UQ6fL5nN0rF3FxROzBu9iuX9ByemeS9M9qR+iS9HHoF2+webiIABrlnCWVcqb1G0Othb+JIPafoMMnsU2+3K+30tk+fmcwNCedjg20ycEisFqcF6hLLsG6JKnwXNgQawsC/147Jov5Sjbt6/Pld/3wgf5tx8IBr4IGk+ziu8+b/HFCNfYmTP/B7mdgUnQTfE+4kq+6xqEE3gXLOYh/i9KHOtapGN64d3W8HuAV1o6+kOyhPobmY3h8YgohhDVT8unkBf/uIZl6P5783uwtpPnJ1oQlKxnQaY7bsR4V32gi0qRXL02LgFcv05qDnTCbu7b7SNP723LycXxWL6fcflZIBfOXC1BHBF7oHPN9JO84lstwD6hdezGbLIxuRj3a9P7dDf1Q1CFjSktiUTVBwEy+I9BVQEQfe2BREwJpHoftAOGnQ2ow5tfwTOlW48EXLpVTGLF1p32+ri2081USoIS4wNfq65HUJdEVgYl6qm6n/DlHHYliCTC6DyrK4B23kTq3eXH9VMw6z8JF+09ZoAE1d6h9+SnwnsLg815ZFF6gwZfjpdR2Cv84SMnIVq+t41DZkz92V35FCTGsj+kI4LkqnB5Ky65+z6gMCju4FviSPIabCOAnXtX+kKTbnrDylOnDBvW4mKeut+hx9/JeNgkVq2Hr1vt2NhpfXE5WCR/WDlGyefWdoT6Epai1MaHghBdzGRwV0XExy4sxuN/RJrpetEtlPjDK4z8vWdKzZa74flY/qw6Bt8VO1NHFjYzB12KZ2j9xos7nDHPPsFomr89SnDUw9fDvJnzlTTtSVIUnFK5MhLyW9CgaDPZQ/3sh9ySIHD+9FqzPTNvC4qwCrtNqvMecDPrjUPsdp2uEGO6gLQlpYxhLbCSWB7kKtNMHqrLPu+WqzwYduSbsdhOxvhOEifUJ3Rm90naV1iTvshBoZkFRgBw3/PltUqcv2l6VTISpIZf4Qpp+0jrd2bY6yyozaN/flpb6yLSsszHhB5CRif3bQobj84kpR+cXDXM7IgBDgyXZPibIYfga5nYiUvuEkCvUFI2O8BT79CWqGh+g5vp+kwcm+ke2depKo/HX0Su7nLRZiz2Z0K1Kz8zzl0PgSstypUS7Aq2wHGdfzC1hyvXep+n7G+/k3T7jOEjPlG9q6ArV6MKSuxx3nekglO8Qexp96qTxY50bGYhKIHhX7t4fSJbFaFVb4wpBnkpcOBCFgCt8yfDICS8xh0fMN7nBsOtbxZfPOV8+HLN7+mWXTWhpQRL0Fzu0U5O3ix7w0A88vZsxMOuug8DD9KDDzLxbTqWLleHS01GVCVppLp6XX+qajuzwE/rYVBuvv9kZR+mQSuZp8J9fhX0aOg0oD7y/nEfjNwpLQh0PfK9r69cvI2y+uDrtHcwTwkaGbRb/GVFIJOzwqtrxzyalZSx5eGV4Sblv0qP7QQHSNV8v1PIZzVf595zSlRhv0BUEQTtX10YaZdn2KHQoilvz6uIx2FGhBt5+Byvwq5XaZ3DQHz8m6KTNHjJfgU0Kqrx0Sgrm6rtR40BMMkYgxQGwabXYBAKJH52yLlutaTUGQlIN2i419QMrk4yKnOIVkjpsoVKNqrFVeNFTueWs9riXBVzQABFRsXSvfOXZA+NsMyz2ctq+IDk82wcFOs0P2YPFA8TPUi8h3Hp9ZTq5IHVNKJjg7ikbLr4K4UbcKu73io37NKNdvj7PirbfY7vxb5Y4kxp3YainL6J2L79JerINB+ToeVDpwbuMM72PpSTs9oMxj30mffo19cZelkLqi4tmb6yfUpAMy3apB1aBQM9tGV12G0Y+I6q2xHvCii+SsZ8j2xR9VYbngtgv8vngcBFdv3L9dTjBSnl5ncCNYiLSbYzL7TTaptLxRa2t0tE2islFDFShdCzq/C7EF0BDEapCAeYmMIHV9xor2UQv/AYcvzRshWCNVZCP0pcuKqoRL0ZjU5wepsX0wjdBT+L1YiLjl1+wY/lcVzFg6AuEizz4KConxDMZ2EXoTd041OrSKtcqvIgwc6S+WhvVxvLdi4khr/LblhhEdbCKf0buuG9bzOAFnq3zln9MoATP0bjf8vV0Zow54NXsB1BY3f6B5IR0GOxkJD+6mhRt0O2RhPTcUzqLXAGqV1kx8rK4nt8PGbReTKPHkLX2SpaArOa5rlriZ6mi9Fcaf2OueoeZtWXbwpr0K+Z2P59PHBHi8pEV1VWycfbOaBAa5nVND9TymZg/aRQgShYl7wexTv9x8DQAfkX9FGUDZozSJUXRYNoQgzyHdsXmFXBrJhl13Dwt2VxOQnlsp4Mt1FcmZ68yn4LjAfNukw8Iy45KsBezvvqhXRBPEKTFXcjvgPEcFhFisj795B3MIzJpYntPWAHORsi0jxnFxjjBKn51uVo/VyPHGPVhrPXyFjxstnrXyJcPesI/qa4hFpWNzDMCpL66j/kGMiFi5I8Zs7o0Zqc//8YH87jYGNtpbRBXfSO63/PZqltVsB5XSNQIpvZp/vgPmyFkknWotEI4l14VyEJEFYIWvDinuF/yyseWWaXEabkVyyuvC1+EPlGWoWuhkSRMR7Ile9h6Qn8BcP4Ynm9CN4CHBHGC0YVng8c+gyjpxK1Pm60voXZTuudoj5J+T+copSvsL4cSeqxjQARFVtN/acvQ0hZXu6Ec0HDvAabGQv1jQcAFJes383EmODJiOVFxqsc34LMapXYj4/pFuMUSulNDaok+HCzkC+Lva6pfNi/0S+ZscDOmzEdXysMGHI/sjvPuwpdsAUNzCS3jiPvCUK+UPob24iWwnkk4H3y0sWLaycBJ1gBt6LknuV/4OXrS0AKoCCetKi/kHwVjofku8q8JrwzAFDgEtgu7Uj+ci+ixtHJdv96BugmUuYw1iFsDCSFK//L85XtoedY9FZCAgY/I6VUHBRWrFJVHMnFRBss/Rb3876UYvEyqG25+qNBODteHgcmVqQwhg5GySF5S2cvmfwfUAvkBoHc25U7h0d1QR/HCUdN1BdLNHRsoMCfwaqE1gtl9C3riQ/mLk8mlqi5+aXpH/A6Cfgz7ZQMg4clY1fVPXLqaH5WZWrdfAFO42o8lMFIustAbwlIskpAwqHjqsdxht1nE4h/JcibGZWp7WFypq8yy0v+CkifI5XYAJgDcnyopsJKHez5W742mK/ey/YId3sQCvJgIlBotMs/zWDvQ2wkl8iLPgKmMZCKotCWKezsyEaycASuf0M605mF1YjICcZPUDR1rFEWm9XHiE8zXq3STJ9QvqEE52Crwm+/uzvGTLHQX0h8OOKQEhEEjOTYwvwr5TVH37NXuFHzvMJg86x/vfCRZXQUsNPpe73/tWcg+fPTKz8slyKnHBJbAdEgpl8Y/YD3p1uI7zkkeD2mReCiyLLrj1UvWTShGEIWbRNAmaTEvPjum1xuYYCa8jh6SuHfEWA5YwfoVwewICiFzjXQ7QjCEm6QQIm4n2xkZzloIkOpx7emAAqWn5H8kDiGweXkXaePo3CGHbF6J5doh01RNJl6I01qUmIp94Ox4uJC1QD7h3rJgAh/vQ9JBumdDHi+exID6xAIWZDxtLPHU5g1I2qHI+gRyzyBcjwLaSOwAAy4/x5h+D+z62NCieIwcXr4R3Fk+5liSzUwQ9pIMqb3S77fTAcJ9oHISuLZ4FGOFMXifvGIwwh9yf7O1eKCE5HbKfnE1jZrMjgZnB+5GTd8/j6ETbGKpWxAIXMxqDzJzAAFU0MnPH2h82eY3KA5oXfE+gxGNwOnjEd27AiD7WyDgvmjra0M+eryfQcOv6ETzqpdf+gwWNI7HlITjRgQeMNnKB0jhyJCnHWy2fckthPZTUfBfgpZfu53sabAH4fPiJmHN6S97OAHWP86KmJrf7VlWRL/CuiVn27TfLfxwvAxuQ66OWr9QYxB/ufadkqK3yofetaqyv8vIcAGc1cgwE3LCwrunMJviOuyKUCuoF0A/beZBeqD0Iu0rfanm/vOoXfVhwwfEwoh4JToHZHpDHz0fYaDfrXA3wyt1SopVuhjBpjdDOY8lXMCBJ7LJd15z8s5pNLi7Qid1bbfjCgycG9dFZOMnIrCRbg9kWqVg52YfO/6yYyMkTtIBADr5i3DiwT7ZWUq5SV0JDrc2g32qnvEFWYK/I6b0CQ2NaUq0XsCD7OdM7CaoZ6m1/1dHuhdO12ZxLTc20sVds8PbFPsXvGtmFZTgGVzCXhj4bAiRjYCSp/Dy/FKJ1hhdiQ3AEJGb85wCSTwKYqO9NvALydYP078shtT59PIlqFeQ7oVnghtfXJJia1X29xolRAKqTLkYjl9YMmmRvFwiPHW2fvAjEVC1nHNhxWDY/1RHe8fMcttdNtitb5kekbXrzO4Ivs0IPMvFZ5k2t/2Y0nbHTxtUVYMpNIAnnwahxZRE7Ef15ru1f0FwhFGzyN0STO3W1XpYStyL4VXIr+soLp2Y67/bjCsyXm76nxEZfihICsgCrk84eS4FkP6ioYjijc9puCmlKf1rglv7WFRJiPHpvCBuV/nRtluPsiuEGsxgiFqiba/LREryi6PsThzujQnoIyLlt8MC+VcgxsjOz6Vn+OnIVJWgVs5bxfAuo2z43ATq4UfdTumbFRCpf7m61OMIIYhEva55BrQVVF9UChjfAydRwhV5CkqhyIcXth26cr/pQG3t2SO8+GsNYf6JRITy43/3a8CF8Ik3wMa3ZCu6XwVswCYiHyg6oKoXWHz4/DHfJgCPQcZ7K6dNYOhZkVEwR+Ev95DmVqhkYM2WxaV94fN9y51dbH37KABggVeqknD9OKF9wvLmJkz7qspHhfriv+9Pw5LMldKs05D+CsGiLspBYuu2y8NCv27B2X1AO05WocGHNEN1z8BWFRiY+lzYO/y4egHMTjPuOy/UPjMkxpllzRnm8I5PA1S52SyV8cIKSUhUKsIDJnGPWF3D+gBk6VCFjvGSW80BXwD8mGoZdCibeu2f/JfzaOfT5+wMi36KkyFNJdWKG/4pAJkHpmPOw7vve/pXKUfMIu6xXyPYhbrkqXHOmS/lj1urNnU2UE1PgbI/04JH66R/7vxDHddxdMYJ7BVI4CP5pIekOhExHHVKLqr14Tj+oC/Mb8eoub6dFUfBXbLTBPAVydphrcJRBci6GSBqrmiiTOHKwfGHANhApidkEXZXvxKJA6pVv8y9benNQA00Z27DdJEvqpLjdnfAd1g9COLfGwFdbsAX9YyxGPAW9rl8yTJyeZqL3OtGZZUMRyas67Km3ap8nt9u/iTelHSgYL2V1V9B4ADDiSoX9+EP7eOpbo3JG/WI4/J3psahfpGfz+3xlHgN/M2lPs+1vMbWaxTZ64jaYSeq8bPDEwN2ebFIfTyeNXRmH7YuAyxw2UbT0PdDT1PvXoPCdJaXJoi8mfNqld2lvvO935g68GuExuIGguggcwl8q0NKfjAFwaJ7ICOu6IK4KKgdDxFVH2D6Vj6d/M/zS0tpYY48WrIo9RhcW/yI7Z/cEMih/OGypZIgWF2ioJuK9pHOC2DN+XnIAmhhvosg+/olwNWseGQ9r7ly3HvBy3uZbFpi9epEEEmZHdPmpS65I+KaOQzabMyRdFuKtgQlnqSK1uijIVwxdIUn3Zeku87np34d9A5W4nq5soFFwV/NvToRBKX/mSboG6BWuCF26Nb9dTrxqZIFUxfShF46ptXlPC/lHhCVXx0LL+60CkItSEqnkIYqBrDE/bT+Rtk49d02HfdEsoe69Y4phT2DJSQ3HE41l55I+T5AQasVkrDy9xs4J578xwmZXw5gldd7I8VBEaKCzNOHc/dYTjpTmfgmloLiLw8ksF8D8j99+t1E/sWF+oyy13oEI2EN40hqCDKBjAtJgMgUGEC9d8L9UiPIuKWkDqX8rR7mtupL+rATfW3aoB1KO33okb4jnq/ThsQcAsOA+bWS87ARgVpA1YRut+CXY/jlcAaIffqRApmuwOotcfYoWW9+hxhE8JJ1S2ncl/E4vf6LH09AJ6cCRKqiX0BiAwZg1cCwzcBi4I2aezcb75D14EahycmeF7UfFnbuCcWukiorzTtJ2DQdRZXEwuSMXEccODGRKE//E9tG0s0/DIoRSfLzFZf8A9JB11ySgcS6pC+/1COGrIlw95NT5628PqrN7qdTdqbUm9DXUj6c8C3SbJrWNV5e64gWt/stZ/EBWRXdj0gAPcoaOpDvtFlb/6E42OiUtEF5NWJusJHLvPi/+Ha4ZeXeePfpFUxTTB1AUGZtzX7UaEHrWPkLmjp2AK3+yYHW3i8DhI8UJfqZb0T7/PpTXekLKUd8JGWgpsG8QRj0WtVLkQ1+y06BVyQBoms5iJhns8X8wrfTA8HoAY/OJnwgga86IgNWUlFMVVRN1a7I42GMLC/UKa/yDUOm5YwrhzOsMRWiKDuhvIYq8rFbaYSqEM1NYtNkhgCw0zQmDN8i79qMNlG9ljs6P6/bWNRg1uKJvtMgfZJNEIH5bH895qDL+ratqiZfNMG+DoUVAqxsJgNsmhlQpUnClkHoiWFSUNVCnTpTTURqEU0eSCXCn5xz7Xs5AfUYce9RS/o7mqg7tgyCMNwSvUQeB4nEsycxtLrcpzaS+soPiN3FPCahmeBaaP45e4VyWkQl3K6zFCi5P0iBjXrsynzgAqewqT8kCQKETwlzwahp50c3mr87J8ifGiVqcTV6Ifit07x7tzlNbB60AauOICd5xTG36hIJG60Cs7/ovJxVqaYaVeVO50rthY0L7Y4dlC1UD9gMTvDNHGlDOdVyheFhfctydJGr1COphPoHc8HMH8mTcMdVinnB4PG4j3Hjcvn76We6eaTgKMsCMGeSp210SjuVKwoxGGtD2rEji7IvFM3OBlwLicafJmiHdUyBxqmk8h1UOdDg3r70wF36sAkcwRrCg8Hr5QSkvtUGEWr2c/6RQVKy4qhefSYOfAE1TAewr4sUVv3kat45WBhOKhG7qbB7FyttzW1z+WstwPEwx46R9ccYhirDZ38ofX8x6Hw/TdSm4PKyBTn1NaPuXkSb8pPRzUYEs/KZFCAbb43oG8ffH2RQ90Y2QZMCBiM3sf4JPpYST48dOOUCaDge0pppUT3pAWEFataiSsFNQssG5Aty5h6JGy+rs1rEwbwA8MNBQ0A2CUwRhBlrJrGBB4nRLbxKcwksyjM7GeItKIrX2+WXDzIWp4aDcTI6Iwg/Wna5tOKBaBLm5Tt144Ak1OCr3ULfEJESozb0sGK03T2/PrtS6at8NcspYheu6s45yLisIO3sy7Y8A0hPXsJsLBizpnBsTl9FDXac3RWhmq7f8yD5xxmrsv1Z/AWoMnycQtsd+bYQc5NlYuHH929qoW+lfhIfVieLsZ1N0XTf9g/ZJZSr6Mgp3GETn+xljhBKma+KZQWOZmshxOkSV7fFYSyKn4ZlU17A2JbzE0bSjIurKkjMCkFN6r0b5x5W/2wzLINKT/z9kOeCxBDUzY4QxdiXCFXIYd3dZ66AJpbijSzEQSztVrl/ngkQE0G3wO6GZ0KLIc4Oa+MFga2uTM9j0blM1neW3bZJDr4MdiLP2jf2jgKIfSanKyAhMaWe4lkfDKgFIRpaqd5pU+H+uErhsn0HRGrg1zmOhurYX5fops1fu7Sy5/aVPYKBDhrWoUZ5/xyGv/OVqVNC0zRqp1b47uHSS1Skpudhbc2nlskjKt5BXTw/Wi4sQVqIIXkongTC8CpWUSPQ8XO3GHrNnnUfw5SPxm7tHzJNn+qXsCyvQN9WFzv1dZo62lbKfKh7uL7fTvXVFcuxuhTXx24c4OcGl87vByQaiu1g06nSc2n3X8qNgoCecK3FmorsK45f4tZfNXSAkYOoicCvCOpX1CDOY/NRghyW/u1kB2FdvSk5CJqSa2La/vULs4ebwdc1B7nd9R90C+GOF+oObMk816q6xzBg82reJFAM8wsjgAQzeqfAG7iIWeZvAt3HUb30TmzqHWxiTLrpM5zj5GiMKICJ7+xsJnIMMjpVsN+CR73rCRbQWML097B82FYSUUiG/hYR4IvHHaL/KBkGz1VNOdXzV5rVvzfklownk9eMNwvU8toiLvS0fR8/9meH8yxVrBvzqxT5nMsRSEwIHAz4XSChFSup+makJz/Jf23YWvRy8SDFQ8j94WwRFYbLIiEQt7KvarFoyPwp4uN3cN2NWpOEzOx6QT4BIGDXJvCcOyEPQkZw1YzW4FP7EZneTH0zjAN+9sUAv1gnuepkwA6zNdd7WyxPxfV/3E5AxsYjMiw5Rw4cbEXFDz9mDmiNfTq0lSChUR0/uobcybwpdWb1GETtwS3twZSwq8cP3i9819FlkUQFplaMjjOB+mLyTarioJwcnqgpRfZ6eryDwyT2lnKtzsX8e3w+6NXAUY7xpQAHDqs8IqsF9AzCnyeX2NDsS91CLUO7y1F908Ztj2IpYQdUzD15+EJGVdl8mIyzHT5VHL+OGGdhcbu2TySEzTJEj+CXRoDRnVr3oz3Rn/y1JfUUk5cu2gss1b/wOMnRwk6A1eY5Bvj5wc6vljiSEAZyX+ZXxvkNE4T79FRYYdohfX9/fiXtz+fzLfM968VbLAl43RA9GV9sM2e2b7LfcA7ZCY28tciY8/KQZnWZTIf6aKie30adZjczsgdp+/RTVPJlhAeRMlvSK7uEMi/zZDF8+eN5YTuQZ3KyBC2JL/PuVVEuTopIWJOttB7wQaR36rDNG/ka+MYRXOc26R2ZgJwqYx8az0feKFDVcO2jJkS5gRjhX3ocdKPQW85kftoqCG00BvGRNUu9qFSDtjvrEgfGzmlAC96YVemi9VlpnWU6oKXsakCtmRYravOI53uwn4C1WT+YP1SqprAqf3skuUJAp9R8/BHKB/PTSE8W3gtGZqD3gPhM0bySjwWELvWxRVujQABYjum66ZWkGrkGNbU77C/7r8GRe09/oeelr11fianJc1svTZdky6ycURCUF1Lsx0C5T9Ja60eA8sdiPmk+jA1cW97WhJat9Er0OpefujQ3Mm6i4vDqi+MDBJC2x+GvuF3UF+jeNiWnToRXFa+vgAzynKFqLUF/GKgyk4OExPvbQ6X+WM69u3OXA1BOZsI4zH98dwAp9nKKaeYSTcUVadVrRoG0oLZHiJoHDG3oc16kfsZ3Lk2+jbiP1BL6afkBRH4HL4ZEUJbzBWScADOL8vBOA2FzCrjdjUWHrcfciI74XoPWKNNANui0uit1tRGKdjwZzoW5X7/sBg0NcvXGn3WGpTzLvXYoT1X/tJzvsI1uVEiUdhqJrpsbgKBWhmiHovRFt+FwK/pLdXhRT2zYd0awUaKSbdhxAK8ugM2FSm+701RXIRYbnp2gZZbQVa24QcqvS0wuwnmQCQJ96PDqFkX2CG1DL1L23DId/6BK7fNAJO62oMzx2oUsI7V/OOgZ5aUDQgCjo2Hy24p92KK7bURdpfIPnzkzuc9FogKA/xt2yRgXf6D+mq2+0+v4sk3LrbvELNzhFG9QXqiPEbL7AQEzzNWXdRsr8Jx8hNyAm6QJeZIc5gRtXGfWM4RnqzS27BFOWV1oFmaPRbjxT5nN7+9vk8kTt6d07fZ4ucveFmzGlmaJH3n7h0EPFTY4Xt53M5ZnEf4eBV1DhPu8bs/SF9Pr7AfXLzPJVgLhNdG196eNBcJjwZlIof8g0FTAEwbxiwpKVUIVXpDJFSbaohYJff3SzH+6E2wxG4bYTqQnNyQDEJswYDlzFFQ4ssdeEF1HKIKFq3UVztGUQyvF6FkQ/1T1IuIzFPhA8DvNt/PT9u0JS2nn8lGX9VkyrPVvnPiFW/rC5ww5PnFqgywIKYaQ24Tbcc3lDxzFp63VLfNrRtueriL4cQrHiAlJuo6Vg90jE5tGI9zvB0xJe1r62CGMBN+GWZa52RlS0ndgD4QrLo0pjTQn8gRukRMimOXQjRBzH7DXHE1q92SfkLSq4LoBOFgs0ObM1P0yMcp61yA/4NVHK0bkLe2BqNxW+9zID+qsXoyUTLfibLtYzZLidnzui+Oyb29onKheUkOTtynrpiyDQP2tlp9h6HBZucqJwTs5Wzj8hqNoTTnR/7zT5qYo9xb6YKPkZkT0I856j6cVLMv0Fe/kyy9CuZ0VeRXMdUQUUgkmWuGmYZK/S5Mt3FXjEb0pBbEoVey+PD01jqBg1O6qFc3sPtz8FWjnJBgbc1fVpJSGgpxKFTxLbGRivtf1l14480E8M2lSKOc070vbtr6WKxJYInPvDJtjFzQpA2M3yaA4jPbjDaStG2tL1tQj68GhBzuGqTCpWUT4cY4lEiUy3yWV9ZPtIRVkeO3lG1rCVKpWX1MCetOU0+lIJwla1zNeofpWZlPt/mmFW7drNmRmPJsIBpLtV8pp2wtXX1lULyvez46jvYzUg2jo8PDizUl1Dzee3ydcEG5NVBblX774DU0zKhHJA7t5MoOGlKizFQHoiq8smrJ4yRBlolkvkBgmQ00ObyusPmuqFIdVXCv9o7oEwOPiN4XuVsu57m4C9u2ZYLSPnpd1X81x0/GH4K9rUQ0l8lSh9Um1cCVuXoTFZXoavdD/jg2UQTWJsDpecVbf8CmS6GcCjpn7+kd8l63Spaf9bQCPLsofL1VjwnX0KA3YwANPVPaDPhaoQMB13/F0uEEcjsa5LvcMfVsawZb+NIYgmD4/qKntjHLoIIpOslNAcbMmLjFuJ3aiXUbXW4iPVPrPD+/a6/IP2ck7GD0bYQ9gKPikLoKyDFpM+0O4/hVkk1oUvXw4IeqiIl73xmvLVtMPY9t27UPlVF0YP0MIjmZoHFZ/WuwTc+PzDWwmsaWLplV5P0vr5e7WGDoyGkNa2Ic8jE/UlyIXYw1+n8QAZRG+4qiXbnknl+Bxvy5K4liujpmnSNAOB5v8401h+jVIqlHzclQUOLNVWBwVDTatmmOp8plcMt9cu2Y+GMk/1wtaUlHKUOfbRaB0vLmHbJ2+JDwyde9ivxm/YYGMvKqvIZiMurZcw4y/F7ExPXrQjFmun0tSudqzuzpEygAfq9H7qMQuMUuxvNuiOnc8Tm60ftkn/NE+qCxMH8TnNhSpR1cmfg6Lfl3Xko3bU7gYyvdraiSQCrGE5PtEa3xZ9hec/mJ2nTzZEKOEXWbIQ7G/WyFroglyi3A8zi0sD/k2pt1HXvULXXzjwrCOq5rL/4Ht9LVB0kLO9N8IoN0+1gGNqNFVT15ansOc7g0loWdSoJj7D4JlphW1pibhcdN4Dib2ohDmA6jbF2Vq/q+Ts1+oZhpcBeSX4LafANWVbydDosdT0DEHszafhSU8JLZQr0gIQAhoOf/dnRGqfpM2pVoQ98JOPA2lr6k2RHNAlJNmCOLDTRgJFSgj0Db9r+w1pc0lJOPYDHLp4AApzby0EOPXr1LX//PFHf9XHAsm0P/6woT/5j072H9zMBj7v+tgMPZ//9s4/l97v9ad/4+/Bxe00/g/+jZb0/X+H9W0/o/t5T9r+7v/P3MG/f8CzUL+84Hz/+a8+f+zB84x+P8XB85J8NmI/jlwzrTUX/wHB9EFuOdsiFHsj177knKANwS9gJJ25SEIziL2yW849j+Xpb8/nubnySuYco5KgMVjVv/Svqp8GcYn9Lathx/j2MGG04tcDxuTqFC8abQcavQf13rJtpNrRu+Vs8zuK4IcFfCaIBuDWMPIAZhqej0y0AL9SZZgTGBFrUX7ysnAoTNcN3WPn4ev9S5GElhaWNgL1pWNQFvZp5mesCCkjHIt/JpY1g7mP8dgAYsKfTM4G/Gkv/SufLuZLZhKcGiJgYo1roWTYU3Kzh79MIRdb9p3rl+Wpp0Xdfl4EEfx7c1R615sjH+aotVOTg6YRPvSC13PNaKDJHPB7vrUcn1KPl/yVbSAl/bzA9V5a1KcxX7X9Cb4dnBlLwE5sfblTT+sU9BHSFbDuTQdEuQBZNLGjia+BIjJwv2A2h6Wbp4hxeIxn76h83YitaMoFS+tHJqpvoRSBodfTPfM5SaQNYJHP912Vc0+tPXkDIB13kyGn/PEMDU9oRpH2i0XvjNv7qm7+kHI+i/XgkCGOLqA7blm68p5DM62thMyko/G2GFyBWnx1Hp2cyCJ4Friaiio7fP2eRKcB6cvhivAsaJQGUF/QXfFCbO+BH1+6E79egDFPEAPHq/YHj6u28Z5jMlDs3iqZUFZarwf2by6z+WJNb1PNyY/V+r+4Cw7a1dmCXkqdaNU5xZCzs55cnNe/T2KQDzLl98mHiYMwehs3bY5SP7ojJwm8GWTKrlwUkX0TxwbMh4D2OeGgd4l4k7dJG60SnKfEG+z481IMM3yzqPELCYzxG2eaQJQqlJ8lJo9a5r90i1+9uIoWqb81ZEH7WgNQ0HWVN55GiX2vBvKkLVU0FmmL3hgtdBrsjbsASzs0AnGjnKwog2OiheqjhB2wqZm7voeS5BxZUIImukskbd1WVkMEmY4aO5PluYO0DTasKiyadtlPCjY1p5kPyXqDs1f66acK5btEjUXb7znOm4COVf5eg8J+77Sqjw2pcWbUJTmkflLpM54GzO6ihjkZqj7ugZUWTmeCPkBWevx0T9MulKjyqwjtcChhaNj8sITq1Opeh3YGr0E8qgP9PntVKj7YHbUcsnS8WXI3xZEMZ+ehon+iuuL1V7MKmOepluUbTPTWgUpe65b6qsTz2gSM6B6xImZ+qwrXW7WvxIUxneHj7Upz/4B1QThuUA9hCYMZGdqpUz77fg063b116gn0M+If3MKPzUjG0Q2B4ckoi+K/MRxQBBzvqE0KsivXo1VwZ4cLf9VrGJQmyTmw0S5YANVT58ezevbng7mzxBqnjHYW4bi+AgNxC8tiTTjDTL5y2lnP+kDrfFvLfEux3B0FnSnkfCSSZJ0uzGnXzvqKQ2niIX0CNPGcvLCKXIuKAIz9LbT7V5/sZOnbq4qeCua6IakcV2mG9YealkqBLpg+O6i1ctJTue12or1/fZr21/W74GE5FoOY3ez+cX2FzuHY8SXV7K9MPG5xfDLEgNHsTx3i8eXR5cmEOwA8lPjkw8TSFAvRrNwDs6eHyGHGJIS2IKFcSGFWA5nDVwYP+o4eYT/cjRdj0/TvpgllcJQMweWDLs2aNWkpkNUDmI4iIUgtX456IBlvDVsT6iVEL71tjLZ2Wh7XJpkhqozq9qtaKjsflXdVQ0odXNr2QCQ3kTn91M3GVPvjMqyGc9DskK+7KvhNNba5OusIxSpXu7ciMobD5zGrPmD3Pi4my854o3c2686akWYD0iPOYevX6cKvbvmPeQXq/XfaZbhTy25aqEgKSCxn7q8LWGIMn4zZbYER5dLm82bHgM6+PX35CA77mzn2xkVM1+Em5C+wVb/Pti+QreGcCFWrV+n7TShMRWzTdOvjyXer9cW1ckn6u4PzIx6qgxA+l4Dh+3c6AYptcC6QTnZzf5u1RpBE85vxIrMWV6mFB8DiLP8NyohBrMag5kILu71n1/mpsM4pjQ1S5c3sX2snvaUN6mvCvZisL+Pql1RL8gf/3CCEZSq4rVvv6Wf3YOp1t8ZdjdMPXi/X9pAFT6R2ktp0CbrcHeSiudz9qI20GB3J2U0qq0dxBdoCBRiTJ3yqewjfQE5z2+MxNzuwpUXUBzyAQ4IlJKhUFnadDnTdV7acGEgnwjkyg8Mb4NCLcCWX7AokI/DQc2JhqizprfF2DVIokaGA0vV3sEWp7LclQ88ZluSAkZN6xKZfUmFGgRQbZrhygkPzUqJzRaLnZsaDLag8zoOhQ5hQ7d9NLh+gYRb4FzqWJmAoruoFERga5H5c1XQXbp/4DUUf1H4oYnw+WXFPFJ6CYnSVJrDF4cf10z9Z+KPiCq4Hg8J10oRgoFMA88RPRGxfhxyEw/HmSkHhZKytShbA1eOCfioOsK5arIetha5OpuZZtOHGhI5zTeSa9j19nwOdv8mt7NBYvpx0s5YLORqMzHP47VLdn3E9mk4X+1QDn8oTmROenzY0ziYx/KVWmomv34QPwj+ONLjIPqHPNdHpZKJSU2huzXCSYrv2XoRm10KFBj4Kr5Abs7eeYdhlSR6erGrvWzDcpVel+Yj12CgAcyFb5Br/0np+axV8a7ZcLakX3yY8+LDSqHfHWbBrylJ00yaov5R4IExeHDEPgUhOMAr4UfaN/3TYL652lglKZ+ciQmoqw2z+WKKNwemlePL00hmip3H7jB5JdzhPl9gAmW34Mq6lr8O0p5C+503qAGHhDVjjY76BEBPTHjtBErcCIyUOCl9bkuJsUJa8bJUyP25D9PpUT664L2CHuMAvo76EKdVagi8VTZQ1At5QAGHWHHtiCkUrbCX64CVIxEKnmrQAYCsVIR1Pjb3qY2F3mJ2tOWIaVBlqm2BUT9yWo8h90bu4MwszgvScm2XsuAWVnDk0m+6j2bYZ9hohWWngTlmyQVb5Dl1QItDgSbYmtSR5q+EoMuj3FbNzxwF/LJcFffJLnPlyMkS4ZNag2PCVtlUP574gPaiHtfT+JzmLgj1KBkyETwhiHmAGe6GiiJHp5Dx0a13MikH/SIEQ3mVC8CzS5VAcrezYO7uKjzjHlVNfnCaPMr0r6KDsj3FkGyg38T0k4cbRv3bJrTfEwCf4p6+jkIkiF/U9BZMlwaN2NbyjBCWNJU3zEIXkrUjEsYz4Q6jSkIeAsnwTMNDmYbBXD9XFXXjEUQz2IiN+FDX2IiFn0xYfw02lGDq/V1NgxQiVPwn9XHlYzY+GJL0IWxHSVUNu5lsT/N1G7qDWUdqNFF4XrRKYqureTxouGqr9bYseSG7l5tgEJJoxF1ZBEnV0cBC8VEqcfUFvlezx7MpYWmVV0i4rwrSqqQ8pE3ZWgdzy59b46EACiV7xLj4Gr4Oflwlkjq1tf6p7O8+2mC1/bTJdxV5SNBAzFiF76tOrLbjHLy/Lfezr65gDLdfv1NZFUXxl7h6R1u/q+o+8BGnOEFmlvVAMyVBeLoRQTfuIiGVuwK25Jgz8TkRSLFB1ZJJI+uHollodQo4rPGFDgM0pCWVNurH8IzCNoWfJCvXVMgGIk+yHgAoIjKw8BgNFhTR1Oa7/O5f+IKj4vmN1UEas3NABpGQo+kRP3SHiYP7PUUoBnmQpdLOFsdDmdQWHVk1AvOYo7TCVtytgN0sgAOF1AuAIAzei3Q4EJDrh6oArcK2nERuO8mPNNrEq6dHGFFEnYg2+W1yvvngMlV9EZwqvO6bm5uD3RbkoLAZNHgn3b/XRUyRQaPQ7EWQ0eaf4oKrcr2hK0V6WKTCAwqrD/dz8kD7Ydrs9YIpzJ/EwjCytGaDSg5mw3+jtEZGSmCwZiEVAOiW90hO8SKDGxcl7oqUH3grJ9NrxFyYkZRSlXWDHsRhQbFIpLYCHOIWqFcuxGYTUrclq/crUxP6vAFiGV5UsVB/D9UqKQSkCzc/O71yR+qbgCN/xX7Zb5y/1JHl2A8gn+rOngcfiBJJBAKUIVGPaEBRx5dmm+q5NS6AJj8W4XzMIy4JzVqBNlB+4XYlALBJB5Ek7xEYAswE7a30QyjjvlHr+Nsoi6NtvbDQ6+8pJqB4RX0Pp05BBbAH8RUQNbXH872rkJGCPNS3KEAm3YNZKCtMjWs+FtB3kx7wp+iaf7VdssSK5B2B1mQq/Z1rN0cK+J/LQ/BilP8c7veBgM4NEgS0zVlvqsImaG8m43vQ3+YUdK6ze8amoz7nbH6nE7QwabZWP+seOQw3V4HIgp5wgf0ce+IwJ7NYMSuLcUKr0tlpMse1prxU9M8aZ6k8Jf8ZMPLm3Tge8rXzQ8G4OrahJMegJvorTOAQBivHkoMkVrfiiUt+y7Ok9Wd0TYyKW4shj8+PHE/vZ/lrDdDZdyx8aEW5uoihv4yr8mprkp80LbQ+TTNx/3pFV7HAn+whDZy4EBrD4+Yugz97HDpHPPh7KUIn/c8/suRmNIuYXxI5jSw1v0zEHnOsKXkQvhms9Obwfh6gvhD5Q24Z1BybXy45q+UqsRfQtQ1Td+LSkNbZu84C/su2dC1z152IMe5/HfF/jqp8k+5/8ZB874uZLnnqLXnrLQSu/+VIvxeigGoh9sj3v0dn/+cdHDF4YkSZ3znNGYzW+eAM5iC0GRKAR+q3//7+//7/37Nx5mSI33U2n0Kice2m9vzGmkSk2sTFgLyOQuyHpCUvraMPuZ7+8zjs//7Y/7kv3++98pgKyTnNljyyUf+3rGOY+mlwgKZhfOguemq3rP7ncej63Y/tvQZPRP0/zucsopdcD698b+ob31SficEvCbFPfoM58f+rOb17Sv8v11aKwqk9/LtnZGv953HIv3V3s5tExpFJwScNqT0Isbng0NtiqfdzMpi90ufw64IiIHcsyIb+838yDpfB0JkPwZPD/ZF1KPTvMb7v+BFzv/d5wD3+T66P/ffaDL6g9zO4/jI4m9SQv/17I+F/nAf6HzXkHy35152o+431QJf+VmN1/L9H8F7tAVKN/9cj9P1/ksc7wsfgzuNfc0z+yxz/0x5b4t/+477Yo0l4xY7Yg338Z83dF9HfcZKomd9x7DRq+kxo+DSE+mw0/vsZ/Wncn/RE6vYRpolhEOV179/jvDK/jrw3zjg0+v8q1/98r/6/3MvkfLBD/9yjZ+ZSDLbQf2Xzyu9fO/hfVud05mhA8TD3MWL/19n+B1v14eDSnv9yNfvq9jO/YV1ZktD4P+gQ8FXmiyeSdzal7zSF+LfSjr6MZzr1bvp7vLjp/f38AZL876/4LxIE9oHbiNK/u/7KyTkyGMTJf+3Q7++3Lf1oXfzqyevxuJl7Nfgdi7oD8Q2Y3P9cxbuC/84T/dsTnsefT+oV3nkl9377Hx8q/vlU8C1QmQuU+0PTPE27vsMEUs0QCmKUjqP0RJIR5F0K58YLS9PXyVoQsr3VWkLHsmgzLq2l7ElrDIev/ah7W81OBbKl8oerQIQpED9wLGhIXlfsKCSO/WJ2WfUO3X3qZT/66H3+zl8V/yBb8BMJHirAv5NpWBBH3kDDyzZ4QqndkeonHzCaZ9j3z//x7xVb0ocaV+B7vPyGor8/NbTM7P8cdBOefx4JIlQV7MmdfDbvF+R/LgZf1+1hs6ofTFQxI9YUuL52eP54YXY+Fsjv6Zrn+fccrQcDuQt1tfZ25doX0kUvbyQeNK0QDjyDVKB+4x+BzNt/X4QcEeBuVFGNMjrbL8LCwco1N+908p+ZCKxPWyquCujdnDQ/tOL50RFNPjpv/lAFfcXVMIyWdQUUZRQVBSPg4JvgIoy1/tNiuYJGWWEG5xCEm/9HBrTOYJIvtu920Xb7sXduwb9zQDiP/vlZeHhl3prZbfl8ou7gwPUocj9fPOZeMdcBzX+Nsnl4qJMdlq0Z73lyyJgxnKgoyfZPcNZ/1b5g1U/FKJCB5i3Ky+a7JZaWHnE/y7RN8lATfmbI2n+fqduzDbIGEiuXEPuBsgRz5pL5U3IVr88/2Zfne9cq+SZyw7CM3U40/1PjAAfNSZQbtN3M74y3QYicdZDtYQe9/jw7kkuG5Wyjlr5FcfzB09jO+bsmP5dm3wc9YZbfNce6i6MLB5DMxlq2JcEs1na98SddZpBek+9u6GzOcN6x0XvQL3/d24bxQFN6t5dA50zBuWRs1zKt0Fuz8nBa8w0ruz6dhqNum4/4e54XyJvTXgh7Gp5S7oBYKPM0mJ8J5ldu4WyhdioP9GhY7gfS3O/Pw1N8XCDND2sfG3Fw4s7oE+9ee3/DfKDznOzUDDban170gY1simo6nNsvbggs2YWuw8sZmhXPsYYNXG5i/Z0nc4F5omfalg0zfb/0uIAzTbcvUctWCz44QiwZ2/D4ai/TLBPYmoxDflvJOc0Ysiyro7dLQihOohBDRwPXa+ptO7/dwM5aX5ZZUvuKgcXydmOzrjktfZYV3g382mtzs38MkJLlKpT9b0x9x5bkOozs17y9TKbMUt57r51cynuvrx+x+s6ct+tTnVVJAwIRQBDMdwVpuZKm3jWwygeCSilmnJIzZlN8CJBzfF2V4nedzNDm9m4TzCbvn3Zap3tXXKNGam0W0AyMlYSSVl22vh5ffA9kq0x90auWu9EvYdxz6dnzxttxvdjs8Kwh16K/aJqSMwtxdaVYIzpX87gGthFZCjeXGTKoMwoTP/6GJFYRgW+RKFVK8JF+d+3kTi6DAR2oPtKKUx3ibYOFqD2MbrNPc+prt2K3XbbqUQDbTMzstw78d6ke0hFSV2iIya1KCkHLkDafIEexvPeEvW7sXYpLpyDuVFLGqa29M/3XSxaDpDTv/1MWO6W/17criIRboj5Jr7V6ckQRy7iGqCKWHMQMCfAAH9AxnOd5eFs/qceUKsyEFuA3ooftKD51VEkzalmV6oVE0JhQo5jTPOvvV29Tf+0+gG5DNaYqB/DeZRjmmEi2CanXb1i0j0ZJPiseSU2o8TvStfejfPUzPCmt95iWXameSFLVMx2JE60ucT2OlJR8MaO9bobDyv7MpiGDBFzjcWpFxPO11NtYq44r2TKLpFzVfDk50/n5+VVEf6m9Wok7qcuKiYaTvYvhnRalSV9GKYtoOdAFced3cYyuKL6vn3vNvpVk8AYsb3ZAQp+acBRoDNu+Xr7nZAlMke0nDCiZb55KVO8XkIpDl+0YKq6LOM8MYyw8s9JrIzQVVj/amSNr5nTKctjbTzXbpdGkoxT6Vyr5LUROzBLdb/Qp+rUV7KyCaUQLRqty1ApoTDLQbeMKhrUNS+VqFcYIT6de03wE1RtgKaYNSuzzZ/w8ks/8KAMHmYP1nDhLnmjD1cwGIuMksHVxzuhI6BmHOfon+nURyVi85n//Ws2BaBTp+D6O8lzkYfla2brHT5gu4X7Jxk2dNfWuXvWuQcuXaikn6zKr1LdfqMlS3yihySS9uR/tKZ5Jzkaa4k7HgiEkqr1JeE8iSHoXi6+Qj88Fr+8GRu1AmiumZdKid+poZUV96F+rxy+SWCJJofD2s8tM5jBrGKCqplsCdbTSLQ+5HSRPPID2LrNhcZSngQgjNBzvl5VhAa+9ADOW740fdZT6jr+6ZA0cbNzCX8AmP2SddNvYjRS9MMFBJnihwNTJcEwljPpKeZMYL4YfNiwXWxg1U4UN+/np0SP3skY7Wk62Uk6XeU8pAldjUxv3KUaMUNwKdZhx6+aLw1Ics8jrxdsBb4kew6zrn4hpbVR1xQpq5iw2eq13WxXtNa9We73k/X5O0mmGoW4lMi2FzoG3yntYfOy1ObWHv8pLyB2+LDX2jemEr85S3FLpbFVeSUlCRctsaEG9zZaqTNNscBflh7Okd5lEOfkEqqSqE0vTY2Wx9175qpcRwCZe122lXZRQjqUCLLUv5tBAT+CuM21xoMr7jukw8dfQCevmSiqKoRfedfSLglRqWu7ZhDMub1VJvKmS45hb2Fl75pXU1qlAzTcTGc134SRHsBceJEvkVE6VdOUzmOUysL6GbLofUeI4Pe0QWXreVThBTWbdijijLOadc7nccFS6I+RCrIqnMDDbWCUfeUVlCqEsSXt/u9WFEZqN+0V0YrxH8hT2JbsEcta7b7x8I4BFVWpcr0OgDF+WmzThdZGj80bF0LaOPlz7UmWRlEeTd7cRxmWv1UNwL9gOsLZofSkg1T1ahfnbB/vimSXZvevu/rAjXb3BObgrXKtly1Y4ji46jFaG6fP6jpMMvgViZZRNRcMKY+Qvwf3VRpBasemxJIDmBpnLfoucN3goP3N4j/vuymCaPzPzx3SlYh8gvbxirVb0P4XZ4DhOPLEBlVcGdgaicNTfx90d2oje3f03fO9T+2wCslEtI1kVtF7fWGbf2Bv0LfXG6eR8F4yaBcYFABBK6Wt+Jy6x74YbB9pENO+VlSZ9GGJYE3OFIVfSnmQLu0l8QzfX01MbvV6LQH3gW+bbGE46kkBuOMgPThGVq8omx/5DzGrDcFV7oCjuD9rv+sJC8p77iC7pqYmMD+TM7/Z4bKLEljyalRoZEaolzMifNOv8bNqAySyneAJHdLVUqPQJfZd2HUbjdJDbup54Rb2t1mE5n19IzHBypbyExZ1gUIUAwRdfZ7u7zDcCEhRBv3AOOAoTyEP0UvhmPAiuyhCFo+m9k9spNg8bZMKC7n7dD4Oz3UuUJYf+bZmyBqFziNFme+/cxjcyvqGl0Z+IRrywbPv2pFa7oB/t8/yQ+NRC/ipMsSHFwITNSjitkpMFahqs5SXdO12qrTTNP73PutLMMAX63Mkno5KPAUX3NjMl9zr4oAxoYXsRfoQrc+dVJSfSPBU26y23UGy3jCG4/bZFv3g1nLYsX05AM3apyJysKjFRNTa52F/txY9k4HCxTr2IMzr13tuVcn1ZzKVZMvaiE+PpnY0mXqtsgJ9oAtXLSY/qlsF3BR6gJUdDKOIPvVWcrFGF/o7LnfaBC+j584Bq8KBDEuUF72Zm0SZ6zXdWEg480vF6GLGxk32ypuaTrFbnrxxB42kO/CMsfG7KgyuY/6tOQrhRW+cfuamYlCK2unq8Pz3MxVLFgwh836fSRm0Jgwx6PmNKutnBy1rOl2mwyXiEy2N9Bkib23ej1FDjtPebssjzGWuhsoBWdDnBH+f5tlP/j8qx5xAxvSljxbDOP9b6SJbA5NT7g8HqRKROKV5LXofw2ySLoe2yGu9ZR4rA/uIcCO/BwrV04RO+HiWePIAq0e9Ah6c6WnRyXyf07vzrqY3ScGCbTdWI1H6SSmtvHCddyTRZ27TKLVHomqtXgXOrefirWYB+LG6N1DbhpP13PR2hGpHTid41Aaq9pCLBacZO2bpTaaes3n76Lt/gSqmhozwjTQQUFscSEtyUxIMn/MV0HY5N/82ITjO6KqvD9IpFvsL2Zf560E/yKc96rU0HA/iBAXyYcQ7sIrI07kMVAZpZvH3Q5xvi3yW5LlcQ4+ZTWDf9LDvRaqVKOSgMGTK3jGEZHj1Vopc23ewmUQpm0dZIHK8xQcLkvPDwAJgB/W4CRndZNy3kMFPVpnJS6QRxaA1TVTh7W33lBryBEEv+rziUrZIz9vnJPeq7iuc1PxTB8zUYoCC1vIt/3vgTTivK2WFmc+yOTYbL3cqm42KFUBEDmGO7fm/zU/iQvZc4O7ZzjsppB4/7rkh0TvCNDgAhJzOI/wK7z4qaDZBKf2iJi0BM0Ipnnb/+f9weLIE4X39tC94x9MJHNNQETou7mHhUdBBrlvpOGFYclALktLqy9rcxnJkuLjzyzHrrbDi9/FcC/Ld1OVbnAieYxABppN7it+lTlgzgg0OQJ/8qEbO5kVKDcLCqTML2d2HrO6UDnKM5qt/QX/4iFiy9aKg2hBa8ECD7I5G0TIXHr/54uUqLlhpfSSNHpuZX2XcCu61iPJg5/nvcrBNNv/IA/n1ZAA/dDHJgsXPYR7E92zbUGjuqiA3wj/Rt8ThN7/oRuhkJx+Lzxr8kCttmZtnescOWuZEp7UHTyr+cw5foY7vsKPYRIyip+tmXopcPri8AMzUbUrbhXdH+JDvHLZdvq7i7z4aXWMNx2m75flIOFjwk5yX3iwaGE5+VHog4RyRjoDRqKWIYZdAsjd+4gArG5w3uymX/9cW6Wt3inVtddquDuPxwkFzN3gN8b08wdytJXNj8UYKzBzisz2gXZz7Mi70zO2tk/Kt6RX9ke1LL4xDXsCzqkAY6U3bQ32l5SAmPxbNv7135E9QaTzwZzkj2AE03LwTsonZU13W9yoUAN3QNs4mgbmaCtSWtB2LtbJoTpCvdGXYtRo48XV/s5RGTzPmKTwqsb9shdx1SLTrsmRyDJpiXJLm2yYcipq52+5nSJB7FreFtPc58wn7h98gC0swcGiG1M9ZyveZ9uoSVCZT3+sdWna+f2BIpJbvppGt3g1Tcovy0jG65xhFB/iFcEQKemrjhsbW+jQT0pgl03QvMyFZjYf9I3JJ2PNT7bfqIoAxnPF1ZJowsuEvO/nHd67U4QlrtpgBCZ3rx/vJivIypSeNxm445KjSlwN8fzQUqYz7mLQVNy81h0JR3x2P5MtH9bO9CIdrVLn+B7Xu4Jii46zdjSkE9zj/uUiF432885yL1Rn4UrHwjP+uTEfdh+CsLizr7xCc0FqdE+6bHFfKVVBKTITn0M5ZVQu85Xhsa4bPT86b/5c3qz24pY/pmR3jPVNatTDOtXamMSHKN8wbaVhGAQpbat9CEYSzhdINNzKgECY1ZZd5f0F+kEFMpBMy87N+hUGXPDivl/G8X1cuzIsClvNA00Bydk8m8FZV4oQb+72Qwq23x35BqoYs55QRk0VL5XQgMdxCD0Li7DD46x/ks1n+HPcY91noPPOuWGI8AyUJXHZNUOBv4d3v40bhV+LT4wV+1kS7l88UI3veN7ZVsqRmaZkWkQb9badMSSfXB23zMgfeVZhXBEiCmGEIkBG918IT1W2IyFwZ4KfonP9yWND2wrb1JNZp1vqALCB/QXvGVwNh3fjE3Ng0wBkOClUnP1REWLw8u2rQSN510KR+5+EPyPlhMsprNcIGJR9q8wf0MMjgBgONkIH7ELWm4g712bfPU/BRa0gu4HsuBK96/NM6rMmLKYHmkDqNbP30i2IZ2niMQkBmO3AD8URz2aPGzYwl/TWtX0LGDDtDyKNOba7sU+yLgY98IQVrmO+Prt35q8R1xCcdfgxJ+SC4lXUZSVB523/tPkp1keDt8PIpoRtVu1Nhp2SOsPPdsXWGJWKDlPXmUDJ9VyduRip/XGyKPz6DI4PfM6RU4mGXeo80opH/NTYoX18A3RNOD+26o0Unrn9ok26KjtxgqBH9j9+rg5vKmg2ykjh+ZO5Uv4L7Zl2uHLyHd1MAtDWihw7niOYV6iH0EIETgPBaeKYW12XHQeyzmq/6SZxgRf0Lfvu7zHAFuVjj120sas2t2W8YrzJzdYsO/sdmbcfEfRbVa1l3fISwYto+N86nCVHFfH9OMdr0hzFKLPhe2BVRsHIJh3rwTkSe755whkCLBHSVq5ZgwjnByEZNVz5gMC4pvqBA+XTR8WIIuTty7CFy2PhWhEFXtlWwZcdymPPCn4CruasVPPScuJQZ97x1WxCDqOsePoVmtunkW+byL+JeNX3HIrivjJBDEN7NE9fY31Hz7BGr4s1Kp4kID0nzd2PwBcrS47b9Jk/OVJ57N4cpindEST9NUo4qjM/m19H0JGjpV8XpX3Uu8W5KhDYADyw5SSxtpin7wzSVUVzrZrq5Xp1hwfx8roFkLmc3k5eEnTgXW7uLSmAEluYaa9ERe8F82wIkywSuoMDAFwpmt4CWcWZerAas/q0Xn6+hSaanm1oBxcUH0Lyzi6ZZFBqeVe/USASdtPjQPDR5Tt65HDScHrr7T7hwaHJ88S6ZEHkOd1ai0hlCp3aP+AVAwd2do3Jjxqur+FFv82+8vdAsv6+X/ZlkV8ushSuEz1EtIYJecJzRfOhMdT/coUgYl3zpUVRiobLwo93Wdm7vicm3KbtsB1Cx/1EZXXTgUISpyobDIZv4UKaY2nmrh5tYWhHDk5uI823L5FI+0eya1g0d0+FHnL4+QsM98KtbICFZZro1OudrrYWNYaQ7tBjOPP1SkWmvwUbYji16DLRKPkfiMpllwYozHy59j8UuUrB8HhD0as15USmrxtY506qMxWjbLvVITWyo8o7JTdAsgSZ13s+ME3/V3uASzcmv14s4+F7GmYzfR17FbWRNS6VWq8aSIlZZV/+625ZGNpJtbVpXqvZ/48PUO+/bQw1wHXhM9rV6M7ZwqS3o4j2p9JD5oC0GeKYgrjDAMGyaozzmbgwODpgCFCfoT0kykOy1SMlSBELMZEDlTvCioGAAjTm2aivUCeiEaDCvRg6uw36JDu05s2CYAKc4GPGKQEGW1hRnP4dr0BXRj17nelsY8NmN9ISk0t332nxdALysTS8sIPAtmdSRt2JnnndJvB27Sbrq/nBeoJ3abiUGJLhqu1LCAMbMQ85d31wDn3vFtAa520mG75tHY+Qqvcz2ueTdg73A5BuQ1D/bkBDjnTZM+I7EAQqnFqJdov6dBkwImO/WX7L8/DQ1PvE9pdTQfDyds4H8JORGs/7pS1GeveUr8CKbrJQ9irvG9WvPtqYJl4XD9stTkhLZJMlj8FxvwkG5KOvyhxoVuYZId9ueaUEmgqeiNvx/zrKyNe3nnrHndYnpB8OdBA/vXuUZkJXJBmXqbSM2/55B4vdq5zxOKkr+hHLP5fw0UWz3a+v/6CICyynPRKA56FoAHHvj7J8YrkmOAPTA9SrIX6HYG6nt+2Y5Be4In+XjlVIbvSrogN/W9WevJp2HL20zVuoY6BQK+9tJmP22aIGR0S66i/5AR05q5WH6/Y99CWmxZivsTqRhl5PcFbh54gZL6SlI1XgxSMJcBawgru1ZLfCY5TN8Q6dgEApF9/2221Cx5qmIj12N2v4b2iSU5sv9GH9goVy17Pp8zB3HMOFkwUb99ksIq69wskho8lgl1vGIlqTUzpaAxzBs63tPgr+0eCZKfl/3SmrL42uhfE6P3D0AKI4vAZNYcNXevHBVa9gL/BQNY8FfjNS/dYsWY2/rPmuroy9WRfHZsDbHnCHHB+pIwsokh4s4MbKUgZ7EAGeiMPOvtswxlDZCCWIs3OKfbve4fQ8/9kiSkkMhnvsn0T99qcZWqMq8f10dmNjK4P932m807qK7VK7cZM4/q1UqqNRMXcvjTS5cKZcw+2SMv6kKiA2lb8Qi4Ggf6/ffwxFF8v4mxa77WKmBNHY5VOab9r5X+s6aGcYjc2ZQUgTf2Niw2SxU4xMg6HSbBrksfLgnVeiq6Yil+yBp3UKSRHUtRykLTjjgdheWKXfaNVWyw4cFbuwstCVBL+akv1LS6bdDVX4DauskvrlHLzgrqeqvlQoVC8vXU3IacptdhjbgERwZbZyBDYjB/Gjg3BPzYcNuLI/G4R2R0fZT047pFFzUeW3KSyeSlnIp+YyEB1g2YBY04c0YnkjAH9R2KBRb+ngR8VD4NeS751nCZytSmaSNH0aL0Qm/97zLapRVvROc+HjkEYiTKTSJoB5QYW0ZuCVZ8F6ZWU+OKdQKMP6QcKAMKOqHo0r0nvm56apAFgavBQEdAK6Ii2ae45u/0Rux+hHgxIpVuZJqSLIVDKDaob06O0u9PvduyoVSWbWJJRY0X8m/hx9Uc0W0SKH8GPnGJXGKr144oj0GtCGJ6Y/HktJEOWjPceN+TtDocXIQ71iiWrEsT6Do7Jg/mXYEXJ1A+TWf58wPcb8BT4BEPOvIFG4thytwfIF6kDzCbmGY5Sv4sf/lboYdINEvFi8gBKcCMbfpqLf3ncT/0E7pe8mT8tnkH0iIyAeLG5X2sNIHjkTEVjNqtbw3RqYtZx4SHyP0abb8yeO1YX9GSrF4WqEEhnFp4LkPzOJzOrsrHoOxsjSzAr5PQ2ahVnNS5huZjwcb3HIB12xzDsZRQCt819RB9PRA533jSsB/HxXLu81ID8diQnMbaT4C8i3ii7F1XeGzQay2DzKFlSUq2mdK1yOSdJDYLH7S+9kOGSBY11AdqTy9XnptSP/ouuCO96UMIXg6vXQNr+/xpJL61U3oeZgRsbLu4QYt6XXdotMeQV5bmL5m+oQ2vHdL5uvjyRih3ZcodLYqWx/JUZdIjHs4NI+WwmkGaiTzohmP50alM1nBPeGOuXbWrsKJiv+MVNU7Xo4mXj2/T94KFCENmbTe/chVanlueVAva7cu9FGIps3fDtDRVUafTUnVAfFeq9ZzHNP9FjnCvnKe2PfR0wTrdy3fEHvtJum6hWtWBRC6gGbYsOQpFvwK/2rqmgFREkFaELKOKkp6qlIAjg8DuCZilHsnfzVG9hGskxqLF5K9muzNC7ct85Dkp3W94DwhCC306WMu4m/pcUnfpzjUjqLETvNjHoOHQ81dPf6MHEHhsGJOcnFHeTJUmT0QEWGJKO6jWafl3Ye8kABVXYKX3FGNsMg3cEX3FM9AvmqFKcWWCnjTGvE6aHdy4mew2ndVVTj/EQwyOxf/UpPzL3rwO5gul4fYy5NeRM9uxFoGW+h/v/HCSTjnUr6tzj/gazTTPufzAsA/yQi8nRdcrZ4gZtUr6m2aec/9CK3iurzDJZoOmdXQEZEIhw2EDIZAjcAirH7uw8nX3O4ZHxsOK/ut4IUagsJDiJbXyrqr8ZqA71s8xrB2gnqnPvTBGc2bFdj1U54l64Qz1OFDbPNN7ONvxkzDZqtos0KRneg9Rq0hhYHvXCBQw9ClnR4g7EEGgehP9hL8OWuymep4+b3bn5NteOowF3emE5Xe/1uPkyRh3sK42ii4EG+SKGESApEz8V3+R2Xd3k3qNTddv43YqIWI4ryfmd5BHWUsSQqa5s8roX/fvdCPOj5DVSvwniHJfhFWio19xW0v+ZNy8ah3zkm7xron4CO8hPB1eF7rJvKpl6ucLQ735WQc/RydLoKzyIxMMB2QmnNC92Hi+TsOFSMUFeV+Q+4+9z/fFD+S+kLifEBd37Yuk2BTDmbRpaZyJNAL1C3IkmKapaVbb8DDqEHBtF5du4oNdwA5I1EP/5bVcQBD00EjvtEFpiFacU8+HC99x4wcbw+ZTyr+DlSJdD5JX0F0ihZtc8I3EjdW6FAbDP/HWtgqX6t768x5XpY7khNg8Yq51LjrrWdG69LqycSfCmQE8oOVDxd1/7CM401I8lE5YnuLQQA3Schcldn3AXR3DAr3Ty1YBgIFq5uhxbjK+hKnFQd827JSd5Qi1fyq1N/pTf32jjK1rkLwHhodDUCDDyZEFaN+VmV0sJwX42RR01hAl9rhzCVW5hsEaHeP807lJgkazLrJu6uNOeJJAsWsNWf9iBRPwSnp/pFsNXUdXg6JFZXOxcCv+p6OzqJYRRrFDA+rb2hiSHckToqMpIiCx99eGaBNguwKjvAi0J1o3Ie1VDRG+2Mxr/j99mlEa30DVm7D5/kjoOL6FOfpFgCZ99w/b/GQBiYefINbGRfGEKYoYA0bvyQaFd7GDsBmqP56aJutKxJy5YxDmkStHtdfmvmAKsx3d+76sQE33M4OYHwsDtvmOn5Ne5mOpeVZLK6IXbOhzEC7/ipP46S5RLTuWevB4YTCSoL/BDBsq/HyXiPp62rsGdCRHLBPWwU0eaP1pJboJdtEoGAVk6Wf29Qvh3AkRLChIUQabGhAsX9LY+Kehi2SfmnDGbMbv3zNELG6eDgRJM/Pvdi7/vQ7CYGxQBRNGV/it27kk+0SYBySBHTgtg/3TDP6AZuXxaIPNcwoCW34syUfzR2gCTfbIZ5Su+I7zWwwNUUS7Kk2R2Hud2clJOxOU+edM1hxCUnhhv9zPBVs3TUXIICGoBaMG4mUljH9uJCjCFZfuqAWKVOpD/4venJePJP8AmGfquXHJJwgQm7e/n6DTbdMhGoOCaN6MuJ8b8OYHD88br+VJKf1TVZaa1DLezcYasvC05CiKD5xfUBqGzq2gOledWTc/4GScSIEx2/YVK+NPqSk2tElX6aNZoC4BbzFgAnyznEjM8VMCJ1+0L83N9AWV/pMvlhA10kpw618F9bY+Isk8SUatSE5j96r05dxohyrxUlvUE9jtNWKfF80ClRPHlOqLNziPf7/PijPsg0T9gEmqGMrrIzrDmT4/FtTV0JR84RMO2WyZVcDMN66ihm5hJD3Tr2ciMehOzEP6LdT6d/Ua8jhTbW/bZKwt0gn3nwkQ/+lDyf8KSVuIZdL1b8kg5jUlr9HBNZfjQwRGQzqkB/rx8+SfKNR//vgM2e2gzqH1iFYKjHWPLApTWfrxEMscOh6HWZipCcLJjL/q+Hsi9tORuK0bDTKdkE8NeAJXEddq8GmNICX1maEXHXHlvwCQcTUtx/odLqQCPcnPkohhMk6k44fVZC1CZvz+KgP/DXaY1ILRLko0h4v9wYymi1/nmv1pcb2zGnl1xnf4MKLATw7jM/XAplw5p09lDZBBb7z4Ewx37y9zOz+A66cThL32j/8dA3vyIkaiv6bPlbJu+EQD3wv1Udw1lOEjgEtlfeHGe1qg1PZH55BNUPbsfqjxQzf8v8oT+tKMli6Bik76GMs8b6aCpoQDH2N6eTzeVtuPZODKo2F+1ELur6rHqo6yhcivzUO0/31/EihQrFix603df9cGPALKhzOJIJPAfydAE+HBCnQxS+wVY17OxnibfBvgEhyXc6n518x+W37iUNgu4oAdDFyPTw17RpF2zv+mzoD6MDW7jg+ndXD+QOvuI1z4mywW4DjRDHL9Ha8/Cp/92CR1UFlNmHqwK1TiW1fjXoCGU84wvUNM76LZF/gicXY/4TDyyHYUIQammOHoJJ5IpRGoPfhI6Dw/a1BEzAmNT+BoMqG0VM4exsO/es0bXO7ehg3cyyeY+dMjMpViUYZ06E4+dBhnX9m2Zkd2lHpKenb11wCbW3Ht6dpvEeWqBXbWhVktdepj+Xt3iZstXDgWy2/Rnno58g00o8qOK7RCfRiOK3uJ6zc9/uCOi4Q+Fsian3B6zk6Eo8VbSrjqTRxXZv/2W4EYscsRYl4vNWeOF70euLoUZWjf3U9XvkUKrLT5FIb3CYHLcFfO6IKN8oGH4fvFryg9hRSr5129KeOaN+qqfudZ77y1IoK8ijEbRp9Od4BUO6Sd41JtfbVeXH8eBrZMhayC99rk0IArAisIgWOv159zIK+bLMg7CGXmIToRgstGqN3NbQK6Vd1Az9mVl0+9YHtSx+GnGwRUe3E/eOxj2PcNb5SrAZ2zO0BcQ41vr95C8PaEOAlmuNL/ISEApzNLC0rOvdiY+KsapMTINCufrUkI68uUxgRulX+Njw+YlrQCEmc9vDe5RrRREMVt1Tx274NikK9o0Qczz+XFNl/krQPUBG4ncCmtjQ5EXfwSBYeXqSuICfXfLXZY72KT6RayjH9FZntG/ctftlockB7k0Ff0uhbnHPRRx/KjsUmxAmkgU8/5YB6iaKdQNTPQNqiP2WqU1bSy809LmOr9d1RL7l6PL069SIrUYn2ezn39LOzx73zTSxfUX0kRLZ37qXpi7wpAmvf2HgMEFnnYmlc4JQb0/EhiZirwmMAe/AaAO/hSnuE8zJA1gZn6EhVYShm/7JFv/L/0jLIs6bF0GOrCW0UfKnOr+4WOc2ST8x16Z6qmPywkNhDs+VsqNZkJqltyyNfl97iU3hBDtJj/4V+Q9mmp3D1JASnfT0RZSoeSR1kcVFajoP988iUIJ5qIuThkEAkyXzfc3Yg3uU+nQKcnv4zknrwcLq+kceJSBd/JbJoFKs5NcIheun/qICJnGjiDqX9yxMDxDa7jZmrpDxfRrKMlp3zBC39u6+lFJBNA3td0kYJ9fXZZ/W44Tg9py3w8/D1zmxasTGDGepxWP2zhIIIMLnWAzCv8Qbd9K9YnC+zvo/WGx5VVRO2ihFZFebQx+Oj5reba/zSabAzY0oHs8MwZPSmYxvwiesTY75vf4lyR1iol7+4s6t2jVNO6xjWBlIwZQ+B0aQSuWOv4hurklpLO2ZSxp8D56vev37jUSFAL/lKVzwdfw7WLNUc0T7VgEw+2dEq+28TnJBam6DrW47fHYSVd34jTwfmZJ7T5OXqDq79WQf3dwvBeNEAHw2L6xy9P8UnHYSnVQDdN9k8wnKGbk2aa24l9o/9OanRFXj3vzYX4p6hoXzsTG5T6vscTJOBgFiZ3TdsPfr5x7C5SHZBCWiwh3HiZhtHqItfnyBMh+t3IEjNy2E89xFhIzVXlou7uUUOmSId1Ty98VLE3aQ+We/INfPvqR8BtPzXkd4K60RAYBD3oqZ6GkXsVNXW1S9tKfCH5fXrygplHd8ofajj+4Xig8WgF4Wu/YNQlJ3NlDZ1xou4EilFwj7PJnW7tP0OItokuIf2VeejE+rndwQf2rEBvQovVGJ+1mn+h7QmUz0VFVkuTYQP/zmXhO+RihaW83ETDfIffVN0bSgK0qoTJ04MjlIRMky5fwsXH8woxjTkE8YmAthFnmMjRBPLmvwX+8AnmzNUgRWgix4wjny9L7OijwYejbR6aXqFr5cYVTgrcbXI+d965b95AcAcpbcjr8NVwyL9r9ku1cTBndNcVPSLXRl5eoKB8GPK4KOtlzUot0jBB2HgxSwm9Tr0wmSU6q8knjlQN75LSPx2uybOC+gqv8+SaG8ULnPnoBV/+ft+O1WHsEqtfZrcsWtZ1Lken681kgAaWXlBWogcBNu3j0kKZU0yWZpu4pG19sEgY8QRQRqcRKmyCx2WhDU2872p9HBnJ3uPPGAdFTxZ2YQ0ub66jSh2U5cUzXLj5PS86Cy3RzNvqstR8VxCfz2AmXrOgR9mYXzkEbhzbp6hPw8XrNj9d/gHQsVkOkhb9yXS6Ca4KU9TXivDWlNYdEY71WEX96mUpy0yEA98QYyLjoqzCU6rPMRyoogBXw4vPKE8ynDnOxN+33ydPad3CD4XXjJNZDfBnifdkCvN7ax0EHp7vqUk+k5TsfMJDHoon8A7mTJ7wHoLeZr3x5AdZSRa3Ud4jhvuQ8iBK4nr814rCVkVnK9QmkM9QacrLFzBCMd0G1F+97PX1tVgikZzrXHm8CCl5cVVguL7XNPW1RbyRNKIsv1Psq+WNTsgInjzh9Wj/okWv1Shu7c02QDHliI8D9LGX1X0pM3K8WyYIKWZs6v3LBiJiBW8M1ccFgAYLlvnZPt62xGG+KaX6GNFNftNIU9kWrcmKEyr8KQqvlbjwsHDFfp1mK2NsbyUyeJ2HFxFiMfbesL4TiNQalB3MhDzbHom6/jq5QZMHbPt7sChe6xFxbqw1th64GdK9PH2Dj8q9/94Yg9wtfmlsYb++WEK7i+rmzeV5zTA1oTzii3HWUftV7zSl6hG5DDF+i8zpBYAarOZh5h6zX8QsgXqL6dX1SqgytwJl1Vk8ELBWhZwS+1KKlxm6/r3PHuLNvPwXkOHP2V9H9QnopShuZLD5r7lFXyxDKbR24n0nB+LRkPzljqg4gN4k0qyf0Yeg7W2saXWcGq1W15Ai2XBZ9cx0TsHEf/gA3cYmp4bXMC7WEL/mg+iaqngk2rct+deDX95VXqRq/euWCpaaATV9OGlCPcYH1/AfAd+FlSy0pfT/iIIDIAzo/WC4sMwfY+AOt9R/93cAuzEKg0EgtQf6CdCYKFsPc+wnsryTBheRMpglYtcYjSH5JmTclUJBzHBritkB7tX9jj7U1M5+fXTkcJiQHPoVucHPG/UHU16/rebqcKQI2TkvOXSY8vqtnra5GN5KMgseapjZAtVfjgYXbHVgoPqdTvrXKy9wL4VPgxy9vq6D6ROc9/SRqm2/dZ9MerntaVfw34uZM7xsnT1dlbkYMRfO/A9QG4T4/Tv7xS6hmX+S3yH41m6xJHmzaQ/u5Nrj6wjBzTCxE7GHxrnZSsNXkx0DmSq8lO8qE++0+UsfboCjcGv1g0HOT+Je37K7kxRk1RZnf4Vh5UFbDiZvqv3QsnlQdigTzz1dPW1OsR8mSXU6vxshGvWGNtB7HxjRHfvHt1EvY+PtU0kSK0EJ16jC9FRv6/1pdSOtY3HwGqS39Yyr+F09kAJ0rGvDfPJXfg5fraGdxZflMjt6DVCXMYY8I1WKJYM59xwzOPKXJQbKDDtGMVbYauYSKnRSDfkSAm1VgEz2Ls7lchm6OjDWqhg4Of6c78SCXvI0lwPYC0SioEAZ03EuFa6AH24yBoogB5vIz/mKd4/198hns45VJCixS+b493zcA9X4gajOenGDCKVf4Gnv6/pCs19PbepmJaHd/20jWm3tio2Q//qAl3iozahjje1/zncdUuDyeuFmCDdHXSwBeYYwR3S1rluh6DoWUGCedR/Tq1Wt25kA32/GBbJUuhkxzf5+SE05NDt5SSkSNS1M/sJ8wmibtHH/PRVS9MsV7wqn7JmfS0AAj42DlxcXDZ5w6bbdYXH8oKDADA6Ij+kFEcx/aSyWWQPngFwXIRM11usUVD0Dr0OFYbSRTqhC27lcjkZzpYdwUKM69p8NTmr+ax9UTooLRtppaE1fDKfJHtHm3L5KSlsxeoIcr9WHr42KoA6ZAljz6FyHTZ71wzRJp3nVWMYfy270y+iaQA38gi5Zb/bcVk2DMLywBWaymcdxpyfldf6FVWMsnMx82gBz18ACU81VIQBrtfg40MXSl8Bj6geBG2ebJCIr57P6j6RjL6XoWvKHisHwYh0oRMjK3LaLKT8hLPEhk2ai9+4XD5BaG/3Ke4AVrfg2f09kdaaNItR8rdOg8lgijB653v+Evzw8P/Ty8KjBaesX/Eywft1fr6HimLCiuyNIJ8kejm8ScgoXNYx9nsYE175ZPKe5fa3ypDwvhLrxCKSm/LZ4fl9R/9lQYmsR6F7Fz7tvpvWex7+9csABZH2bg1LlTzQ0WzweCqG//dx5c2LTQ0KYxdPGk2VMA6KggPZQHJua74zF/RTY9XE1DutHuippLgEbpHwHP/k9RKNSDHP8kmyT2dBdarsz6H47dYKl3ekq/40VsBwyced2T4We8Ihh5spMxrzLCtb9ioRRWIfEsVFo846JO/g726ZsVdQ01CqNsHrJpwxMh6MWAl2iYAokbuJKasA7Nil93zp9uQbxenJ8+qI+uEuaqpv8k6MuIGJGJipK4i3acH9+7gT4nYhi8YPDtjoYEUphGAhY+D7YrD5dODSpEghS2uiwFx4Zhf9umrtMZkV+5+B+X3W46AZuEJZoRHn6ns5o6vJeXLCP8vcQpY99MaY9KnkyxgZQB3ObAbZOg4TancclT/6/O+ghzVjc81uXiUxMHePZeJtoU8ZaZWDIdiVfcCrXH7Tc7cGDoZYDF3dkmm41DDSCIpdp+FIMsb1UILWjKn4kjET/3pdZ9i3mOLOoCvXQ3XP8y95xIs1Z5g/qGa7OKrd2lCVoYzE0YGZR8b/zHcqiNBJ/sqFWbX8B0BuJAin1fzfvW02+aL4oam+pXMSrMR3SGs7AhQWxefywwJtHtCD8rCCIbKxWtKSQO5BK1mLq3QO3ZrwOEh8yDVy3ZdQQvrIMiGKWCH29j00OpKfCV/rx3L/CflLz1d/Lo0jSKQm4zwZmYZ4Nx9KCPZdDBy6tb6AvPj3/Wj0nb8HAluOHkh9j5Td5KFCM/dcrAARYWnWUW1pDINm5kRQ51EygDzs2wZUV2oX9N6yGeY7NVH0Ha8OQs1jU9Td5rH/Zz9YapDaxY3vjpI/G7BH6nhM/NTQfDYOFGz9MdAs9hpAliCX/22NgOu3abheptOFHAWElOezqe8Qd4uoFDNezYuTxipdWVll/934ES7u3zXVVRzT0s2q++CdWPjbFBNsy3sahV2CWQ0Aq9rVpl/BfTpihwlOuQH5PfeeRn0JxoTiJVyfzxfQX8v7FN384908kVYESjd8H0VnQ+ZOy/mX4m/fbaUQIzgzhPNx47ZCCcXiPWJOIHD41SkWUpH89FgqC0w1t/HD4ZKiMSvZHSzpTwRS7KQK97y4eYCTDDzUPf4/I9l896uQjJmsonqVFukwR2ILAh6mwJ+uGLmHWU8OERKjly/51aeColpomlOfplyG3EfGyzCHE9MPEZJB0nuJTqZbUx2HuBBWs/+sCIUk2ZNxNom0lSNZq1utvx/5dut8ppZAYkrjePmTzzxXPtnnS1t+3EdS05CIA3/Z8QwYmXDVH/Hx3YidgaSpGEzW19Guw77j2oApn3h/W/Dc3ydnZEHR6oP377jwM5Uv+kVDiGEWEIn7mXAPA8CuLj/weSy8E3SXRu/Hf8yfg/Mn9my9EDbMsBoghnfjKTVBW/BAWO/7EwxFxUO7nGh+BaoO2/rdntSYxTOjh1iYZdtSJ20UzhsPW4NbnJ21rZR93uLwkR6DsTHKc/+2PEb2HgatJ2Bj1Nn9UODrVQ8VSAoQueorfOZaAv1gj2TDSv14c4HVsmgrUtushL41BF5Hdzlh337JtaJCHaBYcqq4w+B2BYEnge95d1DmPLtTrAPTnZ74MLHbqIm5DNkbrvyIkiEakN2KvH44Hu6/IfGwIuK9/j3GtsKgHwl8d8R0Eu19MJOltjQOr+ebG4P7dO/id3zp9Avf6NUGaoezVjG7zrwYruRyFW62d/m1gvqOFrcYYimfNEmIKyQncO7I75NS/G7FWxjHUR6ZhCYqfSDvSWSVhtrrk91zkYb1nJmwPUP+MCbcabHrO4wq54qfmQZ3d+rvTvsHW55CRfAC0axBF+9uUvbZ/oMKHNyF/OVz2+XygkMWLoPHLD/N35Hmq0S/BItaKD+ZQyALR5ve2UMx8ughN/Wsh15mLCO4v0YOFnB1NICz8jsTvp3SPcQkjXhZjfZjXNfIUUGCp9qBJDm6R0vAeNZC8k0FkoMEjqFjcqltZ4boPsOUctXTREDIflRV10gYNMrougcrIlXwnT+ZZXBaLv3oIB09F9R3b+RqsvizyKTc+D+Wajbc/UF1KlkC9+55Sv3auRHVZ2xz/CVb697V5UZGTYs98sys4rp5DzR7HF2huJYOJKEovD1TsBmqGb+iG+DzEFnDHAUng6ytmE7xkbUyD52ih8OY+4Pgs/99vm6W7G0LW8XwA29vfq1Yut1/kv4JRtH3SN2STfP0DZluYQk/ylrmoZAGrlS88X+RDvtQtn6OK+pMMAM9AM59D/bTFSyACKZ2xfZvjh8sY3U/Is83TuO94zyDhmS1ncuLiQuj5YIAniTYcy/pXp7Nv1uPql+AsMoN+nUKE+WImflxt3Xb8gr4+emGkLogUJNjsnwVGFPyXtQTUeyy4YE5Jnr00TsNOpYS4woPf4G6Hjm1Euzx8tjrpQJeDcmVGP8kD3MJwTxuvpNctT9rC6QnkNMl5ny8SCBVTt87ELIfNbC4LhRQ/jnT96Y9OmkVRCk8mgTKo75oUm4WvTYUGtHQP7B0MUPdsWuTlObuMPC90mKl27Em9nrPmDOrvMoa3eNp3NXQOGvGZgjSn+pph9huVZX8tm6BvoTs/9+N+2D+rfyfN/hRI4TJE/n//tcuhq4OvCCsv/eYOJi3R7RapDfgKI+I9P8pRe+8GfFAIrC12uudf7hOOmFLM5wb21hSpZBxaCxseeIzB8HkAoPpHvDSnp0FOigc7AyRAZSbSzyeB3Ykf/fsNcrSWQPgVq2HmyGzGI0MI8lKEzKHN1bWvd2Ya2nzjEd3uTamnEOn9ubTasuvhDiKxzeNLbl7E3d7k9BW922ixNzTYiawx5YthYI/C1xfIb1MYCE2Q8e1WfJbmh1DUZ+cIxl6hm32uf1qq15O0HJFf/8YluLYsvuOK4M8yGTt1B+7NOVncCgOofWUZl6skFda/VP9arEHg3lb8dTYU5ZoHA0M6aJy/4X400UJe6/WCZ9P6V5+ull2uxqM5hYT5kPXOtS+p+rTaGXokWcqRC1wsGU+QbIN7w/HrI6UiTfTow/Znb0j4ptRiuzkJqTRVq8pjALCugQ39B8abnyvEEgu639CSAPw14gH0rnbh8+9oqkOH9cEqXFpmE+C+2Z+2Z0Ow0g3ae+U899D9GZTK8hIDIRTF/HBvGhZRyff0Xyb771cGHFRA/+r4BaOU2xe+nXCaIf/aWt/ssX2al01eumEjfxmkoqMI2vC/K/JNM2OckZ8Z7sKLJSMg8NndTy5OX8I4AK6iTknL1V4TtIIWgywBiRtAMj4++dLZ1jCzD6g00AN5NIT4aU0Q0n7U8neuKIoNnU/jdPh/1S1+uFf4NtvXWfmd9uHJgv4OXiFexMK2QfAbub5gvdEiwb37nXFZK3ad17C+3aPBqz+IgSF/d2r/3cZLHTFO2PHi5ahtadQLX5HFWo1cyQLxwYtIRkyqynO8kfbU07U4Y+1xUv7HVRSENiH/ETHr55TL0wtk09B3yi7Pi5a0tqQkLni/m/u+pGXoAsZQe4m9hij7Pip2s6SkVS+7pM0YGoQPNAaNYL0hsIlkjbI6EtotJ/qsJYucMt4E/vff2T6s6RzUsO84+6uMBaIUj6y/TJKo06O+PzdlMZxQS6XxSVRAHwPU/17bVMpclZ1rlH+6LaeLktmxzxCeauoSxXeVCP0Cqo/Eej9WWXf4Zd+ZSkzAvlZ7/W5VeUGNlErnZ1mKPjtc6KBEp9YFJH9jviowBYUrglUetmkNOs/08aHoK+ZcxBCh2bQgLs5A3wDSUwAhWnT756o+PWEa6HBixD/PwDf8Fj9V2dRneV9fUwl+uxyGthRrmJ1kyimF/JX/uxJvvCQG9EC7lc+ARNfAf3F7q2p5bbKt7vJbKQh4pWzJlbkdY5tKboC5oYcB20lkxbhV1KAvERDmKVQ6cSMuKgGbKqx2cAC1+ag04acRDUG9HCsOGoMoB7f9u4P2kydU+4ceC43bjF9yf7Oj8YsbKhb5ZSkVeGwcXPVb8Aki39grzj3AyjQpA5/yTCiioEWuC1gGONnG+dRvtNCUxCC/yPqk2tr6GnIFiNLjJ/vaj5LgKOJ1tqVNfOCuNhxmsiPU1yeGR0YVu3csksBkNS0Wdpci4cd6w1guY8Vv962wLU7AXY6L/LnTF0QKKBLjO5vlv/0wS5v600hu3K8hSVDS66r+Xp4jXmakszk/HeuLmlr9iVv9J2NGRGhZ7WZByKFCNFNY9sImusxL+VaEZjwxxEJtyk43828xbajH4QPF8b+uXE/mXmMjNq8j42/4gtMXNySB7pmCtW/mQvhKEPWH+Hf1BvCysOzGP7LSfZMwhFfUV0u/+is8/h7Yx4ZQ/R0D9HJerqaSCMXRgLvl13GcBpR78g9/XoyBPhbc/HVNAXo4k9Yt2gi+momgWYot0V4atyEti1OU+PUCsnQIPA6pklnozU3Rc8ujX6PrGa9UP0CV/PDJcUUTv/Pd0lxcXT8xAl4m4Wkp3PDiOlKsSEq58efcWhFrJTtPCozVtyV1enH1CfYcvF9MH8uL2sFU0hTy8308eqDyQ9PZw6T+kvJ1MhblpaHV/5D1HouOAku26C/hzRDvvWeG90YII/H1j9Suc7r7vkkNagOCzMiItcKqSRy9oDIHSPCRBqdKIdyW+twAzDxmxYbWMjpV7u5SoO5sRYI9BYIxj2IVMjLM5i9cetAWjFHvBwLoa0Yz80JKk2uT9wvpdI4HyZVCC1b98DR02CWEfq/qwU+7r2TkXsCrd6VHfcc8r7IXwFkmQ5HX8wpw9IFxAvl+xTir3lJwtBdx8/TDFul44+r4orfjhOX1g7giLJIQ799H8P75QzZMFfgofnbvkZZbaIkPKon1t9pgfF7wJZgsIEEPUFF3O/efW7fQiNZfPzd26S6mVdr5QQO19WcYTlLyDWhSYxJRBAGfyWGPz80b3/fLl9ruZ1WWvUw2WaP7Jeh/XJdNBFPou2G8ncnuHxVr5jr2ABh4XlXheUKlLp3zSQ0Prs2P6tiIjLbKY7R+uXJsMznPW7zf0Dp/phofVppdaPjRbSXw+zpbWOq+tBnFgtC1PXlvlXmrxkN4W/7yHXZ2OZIk3uj9fsxncYSTARTM9voeuZgeWzg8v1+fimBX53isBSMvRgIfX+vVrIBxFwLLJASQCZl3B7rLsPLh/t1jMOH4Yc4kuy04cYFas8O8XvW/Uqz6hDXMDoU38aptmaQim7ZupfYV59fPsV3E0yYraDcJfhWBHwkiTBk0VIBq454uOzO/RP7BdBiRf61Kavk2ID0vMhqUUAtQlXwW5AZVJ489UoRiHOu63ADykLqEnLZK5WOyQ4GXYF0LcpVEewZn4CqG7R7U6+smwNNmNrZwd+hcfrDCqTe08O/rJw2d+dc/gVXkr8qP2/6+pppzWq0pnEUAv/toVdEcPzWoyjaq0hEGMrEBeGBZWFjTlrBXiaLxjaZlyFWyoY90PSVhnMIyh0CCplYS4KW5uoWlInZVXBzmsDngyJ0WKTzFktqf8DwmL+lEQVqM1emfnFj0NzdRTZAMBwLQtcwomWeLvs976N/KNw5NHRhfUcxd7BuN0Y+KP9szHnvvAMrx7uBW+Qx//ii2tRzGWPnjbg8+mx58ylbLL/2zT7PyhBuAotQsJM8zkB8RpTOS1Jq+GMH/Vz+yDnPD0IJeOM+a9I5v3RRN36ifIdaLYmmEvM2LtJ0aacl8NNMH01BQYbYzOWMFbDuI/GBvTTB58mL19POe/Tr+KhUiIG+ALZAz1pTjNZ7o193a5n5/PodPeMCmgN5NIDOe+9eBNHM86It9oktoyJE0hcuuCSV6lVXTSfm+k37kKHbeyY2J9/R5a/6/7M9B4JgdU1RITW3KherlfM7a0g7kko97/AbGdMO4kaoyYf0v/7EMOx6lkBGOCuxC8exC1I4luMB5YLk1QdI5osrzBLBIwHtKSTxL9ZsWFu7Ds1aab+K/3G+KZfemsniAWIoNUOFOovF9B+omdvSBDlhnT001IoHDIOxVaHNJ8UuMQ7VeP//NAkJRDM0a+gOOegJUuYGkX/E0QKyVPU4kiM87ofZSRh9Q/svxFNG6HvZj4hEefh1BjPB7RtwNqMwDOvPhqbfE5ovQY4sdPXqEsgUIf+OuP51k/jrrpKwEePiqjutq+LbbQdCol/7LxuYKFk0C+BOFs9Gqb1Vgqa+QvOeGQLQXTYOoS/4gf/zb58KPS7rEzLx/ek5hhO7NVByy9gaNodUO9Q+H4cLmWTnRY6bzBIWqxLJ0Y1+IMBq61+RYvzXgjIa9k5e2DYCygMig2NqPKp+ss3bK6o3vBrVwY8bn4s5F9b0MfyEDnisuW/4YsVGAc29mXjaIvPXwALiwjnPIbPtLeCDIDZPUQ6oJo4ebjyqBozS4kJivhNzrP2yjqCz/T/1pDVm8NXXmFO7cnx0EZ/OGMo+iJ+RGH5jSx8LcO/ydmxpWuMnv9KSMYpzGvPzaGhx1cMBzkJ5G3wpCcJ7ohuZInkoC/OgcZLeKzApnUs647V9yv823PRs12d+7sFzVwq9LyZg7parVpFEy43QaTdbnXOBHOlVbhUzJg1AEM1/xUQJV6NI4F23616mJc3yByQSnRKQeoif3KmTN+7XEod6uA4vxNDV2POzZPVkgNBOUXRhClsxTzstYzPuvR6ehCsyXECZA41wawqhCprXqlLP3FoMkUHYhBa8lmHLFFvSa/QxNPaURfushNC4EtGtKZ1+M3R5SQEPAT1C86MWHSbJue1CD57F5vvhcGSKW7o8/nzTy/CClf8uOT6ZB/0SB1Uvz5ypoDgWlUg0inBY5A4obxp+I+6gixRU+VLskIQlY++GaX0UHxVp+37GfxbqiKbkqBMPHr/VFq3n7IDkHF/B9kgSVCJUAIf/J427SRZCUzc94EPOnq0PVkLtIJ/uLnKUQGnUcma8GWDHnHedoBj82xttV5p8vHWcaf11zESZ1xBLOaXv24pHTUXBCJxp0/hzbw4cxcv+oKpU5lk8f9thHTma9/2o5BlUCiy3S70ElQRCO3XkLJiqghB79+c6HPTJILF8tSQ0h7mXiUl9bv25mKlcyjPmVRl3mp1t+v9Aafvdb3ZNwPYdU6UaiJ7lKkH8GUGbqSAzWgAwl4DlUvXxoMBPk8olbqpt6AmonH6CKvhTSOo/Gj8LUfMCJXwUrqC2T4ndEeH9dkBeWYwFweuxVi1sJ92YfMQEkHOXAA0OzK5cpOs3Kim/pUoESzhhD0r+8e8xM8KsnEBgB8QSKB3LcmPthpsWNIPkwVhaZOSCkc7yAfjbB6cJmZbAG4+sIf/6/RjEA+5aLN/MhSVceD1TVqDKi+k9ZxsAGeAABrUaxw803fSDBH5KxnHGxQ55WC/S+uufViaXIP6UHRMvOBfDbiUNtr7lHSLIrOiePHOxv7ViJaW6Lq5nye/HyuQuVQz7ghISz7O/bocm0YxhCgKOGavaP1B7GT2elnQ92uFdX6jdUsN9VaweV8REIKKORQ2JpFaBNmVAhuJAYMjxG+0ve/dUAFVsky3Y1hHwF5j7MiULuaZXjfosC7Hu8Yq2e8cjA98Mx/vS5wn4+xKeLXMKfi6I+4OSaoFuzVULCR+LzgeugChqhHb2+g3Dn+nUGfHQIrTDD82VbxvTwaebc0edH+SVxCnTXBvFPI06SoLevhKrtD06Kx/DzDDkakzF1qnkQTxOm1B/kQbasZc6EoqbHYn+6I93RzawAQqD19gRuHWmAc4gu7x9i+fKKCVKaf/WeCsdab2GJu4hFld61lXH/Sqfcdg+FkwSGO7tMSwRvhf7qwQaH4UtHpbYf8tE0ZZd37bk+fYtFHQdv/VHSTDAiIsfQuwU6qz6s1hRsnri3YamNojKpkssnK86ER2BRTHFH/CTVgmY/ISZXD2G8KLNeQIyObQaMH0TJhiPTVOJpl+C9u6ehs089XdQXrR99+8gFXpjYinRp0nvFX6Vt16rNIZAMQUcsGcZK7pufBzZsG5x/qjbcCQRO+96sUkpU1F8v9gdloTyFb0NhAVR8PpxTLPOkBRL3qfYwlMgiKAgDhuLP0A/CX0W3f7Wd55TcZZz6qpnwC2/i6CxjqJJb/NhkdGPhITINiavQneSi8k93MqCfYuIUetzrikejR3LoX6q07+970jGWJOP4g//4dQyZtncimAToNxNfgMzHNyaCWJ/ClMy6ZYQdWHHrf69CZKH6nr/9HYAUkULC9TB2g7gpCyUkt+BWNR60SQA+OYTz2UWle+V1X8qeqiAuJuoZ8egiUA35nhOvSevhtaTgLdpIaFTm19kwYXE54uL81hr40YfxVEK2fc+W/rtt5FPofZCidbHOV/7pALEZGoEaLm+t8OLhMI9S7YPUzkCvRuqxhzCItwd6R58xChGiBLw0UXZk81FSvBD71Ev8q8HbmB0Ib+21davL9Cp3Q51i6Gtqrdm4/eaMs3UrYxsy0/5zEZQiWergYtxf8YnLtY47LBk88nRHGs6pSr710YFyprVuQzLoXmgRI51L0fzlr9c5B3qNJdp4GplcyVGyrWdybDeSNWMBPneni6pwP0dXdkLz09QXu7A2Z6jiKRH27BX3xJbx/EiPiNU+a0hDJc2VjEbSQDDjz33lZUBJseBxIELWtSf/arD9lsnieGSvGh8L0yryShzLC/M+VuP8cQnJmS5sNLha+yUCvE67NFEBxO7UPrIUjd4CLTH+zRpIJogpWiSUoJHgQUBAe9/Ro7m3nSKmgKQV56M9pyVslOLv2x9OnfCxSIvilJ+F1MOWTzLHBgNlS8crTYQmtHDi/fd8dhkFpgjS2HVEYnRWHhNMG7wTDx27PmM3/53XyPFIhU7Sm/1Zcn4D/Tg4N4ekwX9BE0LkoD++T80v+ugJq5KhQX/4icKWQ5Ck/7Go0a9a1PpUeBw4KT6uVYWCwmoWhadhSOwlq4XD42SGEP7W181APz9/44KQGJyPOE7RiM2lUUz+KRK364nANHicbryc3+c4vQEqs+eELwnsPBQVZXf987weC1lugSUVk1TYppuRLzkd82/aQqJ+xMnSMxruF8KipnRR/Hqg609UWBPQ5Xb1R45ugNAQJ90wXblNqZFfYGjAg+1NRWi6aYFGGJoP1jF+zjX0oLcdi2sfnY74Jt9vCVcvNG+pHpeZJjR+msQUFqZN4cZSq3YVxIPQHiYZlv21xwvVugX8JU3vZQBvOMbqj2ak+2ytC6IJLH2luxCGsVAsya21DqHwB1Z6lT+09RYsJvFvVuwIGoin3jwYEktdOx/Lko1b6i1hto1czaVPVH+hfzzTd9lGEqhLoMmNlVrJ34RtwyDmO2Lm+d+pCMy/00Kx23MdZ+O/MQUKcW1vvkZMdnFzV3JerBq+f08tnVYIRGf0eByjNFbYT3si/Jgo8ekVxxMdC290hpEjqWbJ6h3h33wNTUi65gX644PIBtO3zJqKZUURbo4Nyuj/r0ka0UN9jfPKKh+eadTGV+Fs6PRTdpvS/meKh++KF5HDx7fR1DGPt9Mhvhs4Eh3qN+b/zPSQT1b8EL8WGce23TnpViS1r2PB9BVgCGUsMojwn/kfOKcx9L3E32LDETWOx+dDZynggLtnfO0y+i/fYVEp5kJBt+D5Nyr9ON0qRx6yDHgZiZI4bdBNxf7a+tR27yRGMIXvYSKTyXzNPIHu+GP6lIVp/r7428oNv/YSfAQlZW8EspU9+upRZAqHzjhDjX7MFvWHmn8rAOLiad1dVfwVizMyudc5EueCb/bJ3gGavpT2v/NL/LcgMDSS8xKlPicWy77T2nlc1q3svRT/Zpw0v5Y/rGfrLcg521/Lw3xwzn+OsSFJrrro//IvnEnYmDVumV+9wC6ul/2fv/xlKD0YhvGM6jfuUVK4iOz8hhpj6R4z/3eVwtwPnpwyJ4Ul9+Zg49H3PQ/rarG1JDffpntc9fDfpyWMW7BLhY3yrMultdD0RicU8uXrxvg/v2xxUiOKOJkkJ58I/53dAv7OCTHzejTHER+gM4NYkEuGRRLodfynlRffYMfUmkM4DMdejXSDXNbj/d4dc7DNF3xrsL5ghSVnVfkV/+EGiROvCn14lSn0Ch6ur89LWbb8vZZLB9JTjpQHPfnNbfyqqtF8jH9VwR0zIdwXDu+KlVGUJWxWKcYSsr7qf/y26bFLH+9/3t8Q3gwXyQ/0er/a7a7cLr+LklBSJ9XK/8j6rwst49zlnC4P6zvhcCpIROB+6PI/10gGK39OA/Ooe2/DL7P87zk3g3qwX4zKjV75jCksVhJkBeu9HCKdqw2WFr9LfyvGJ/5jdOq8uo160alHXpKsif73mjcCpwO7oofLHquQzTckt6eD9EPd8kOZ9eCU2clfj2tKRLHKPoeLuuGpO+FZvh4AqXO3VjuYeD3PMvg3K/ZksixqLCwKcFLsSaT68Xz/GMiu6HlK6I7uriKyiP+zbiSzJi4Tt+dZho79/84CCps2oUU8TwKD/p9v+1eeriqgY+xgqCr/f2b8PBbCAl0x4wQcfeC/+N9ThBTJBV+tYJIr/5+7nj/v79/kCBZ9UzPRPWrohAeVjmKpG3C6tP/01gN0ON4yfd/yvPm9hw9sifauO2OPNHBUd79DgGonyuJF60nt9sdidJZvJJHqOriAZmOl2/R3Tw3ycRzd5G+QV/E/78Iz8iU9u7bUabhAQ8GCHrwihBhOaYGOYn+oZrh6g1JmQt8EiK1gpLQ69/+uX/4Ayo1GHiRnP5+cldXDNfPkD7H5GNueKmWf99KDOSHpyNV3JBb0NMZR8zBhxWkvnqk+uwPRz/bifEwz/78VG5Tfit2L5/VL41h8Q2g40Dz/unSzTmfwLhRK7WwMEdMnzwrTO7KE2eaqTYzjoTJ/5f++s8EMTOXBXm46Lz8Afa5glf3+1dYzCcue/FruW43+mmty/hiAfvfbImU0ovtabu947En4PykQHy6OmdbHuJ/D+7Yyy+POv95+/3cqFA6qTe/AqAHkJowERmJgOmR2j9tFfmQVU98MY+8I8Yc0oNtoW2QRBrOAfxULOPUKJSMjdUX27X8d9xtMHRjAFFqIQP9lAsgjoR6u8+vV3q4vbl2FxhRxocetn9+bZ2rGyUHWVtn6D04As5HuQquDt+M+OLeLJOuP10oPamMkUhBEr5cA8vbjQARpnf9L0rHHBj7nHqj5EoEGBcrRtPNakCc3C4oh+/LbD/bY5S5No1NUFlu5x94Cwfa6aTfGr/u5MHE8C5mIBLKa1xiSU8k+NbJevs1ncHi3wubGYiDu36snx1H2ObkO6Afll+1CUBf2AOiu5xmohGl+r3j9sa/aG7v0x3eV42FX0HE7W18tc6PfB47bewhn71khPBO7/+WTPMixACte+w1w5BG09LeWA6h27NL9C9aSF4n/tZbyQzn7An4sljoAqZvN54L+q16l7EBaj6g/zvXICfDZIL39GxDb/Potp5hrQ5mhYkyQ9snl/80O+8iNXlkUKc04P/zNmJlXUH+UJtdwBQs1uvNf5rXx0Rn1VvpaeVXPOn2rIcdEHslA7zWTV60/f/Fvt/d/u72C3S5v6FW/346TvIrCU27ovyc9+510dVYVjppbkNTmJtS0CEhFnzXqgoQLift3+gMVYdrpBGFG0QxV6MXef7v8F3EAwRA0PRtz6zo9bHBp94x2iC+SsYX7jwi8BUnDb6SQxlZmHm2VRPu3O0U87pnLj7gauEkUs86/nz890z9n+ZDIoBBdEky9osEpFDmQxu+8tmbl/zySLybJt1DWCvi+Hm4c3+pyR4+W0lzdwMgkYNiHHl0yX74saaFn5zn/58obU6s1skSADt/O9fOyaY0kEbD7nc2CAjNJVPev+xZbVfUYLFpg3OwVSEy4q8JfFALyE409ELkNal9hux+Dx32QTPbPQk3X2zi7nDHNkWCWn27oWbNZDHxRAPIBvkDrzotlQ6dytKWsVIdwIVP9TSsL0NgCBvKdaCJr8P0bkMxO/mZt/7KbIjQdoNsuEPrI52VaZdMz84k+/TBaiWLDiK9oTpit/WyF+Bg90Sw30fuOgOf+MqzBxlFHqGtkUEbCD7YWXkejryYpVw0HlICbVBC1hErZPdmoKf9pOUTIGCVe8in3e09poLy3qjR0K+Mbdp+edF1Tosrp5nzR8X55zQnTWq+8bMkaAHDHSoJ4Nkkjb2vfnby3dib0qwwBahkgJ1F6K+OyyH03yhteI/cI4b3OY13pABHydQ8+75i9qCo1vs72n3l9zJvlC+wdpJyYqoWKdUJ/S2sqpXF8HpUfbtZBYipwtVZ9fm6O9WPODMcXhCW94HGnL7p5GDyBFvN4rDFMaUj4Mc5nYZ3i3+kCxt/J55NPL83Fi0/DnAiNLA+VPZSVat+qwIAsgva/PWgMjmLZowS2JbQIFkxpQNcokaTy1K7QyUFu+YlTqI9q/D9Et7K6f4G9kcrg4g5QP/f+0u120vmrzT4fkL9bffXTIKsy6a8vRgS/sJjTGkrFf+keEr+2e8cZVjjHDdMKzvIPfXET9nOybkotwS9+4iogvDrkKjr0jswqdnJWoL2S9v1IXnL3RvUxtOcjmihRDO4zm5+4U/zT49ohG8viUMiyaAc6JDSDdr0WAxgbtfwbNfHvX63D2rSLIyd1AL/rQzg/4FeeixISOgMvfnBWNZq4rtZ3dmDhKl/AHn/Zv1ZHJmzGWr9sTF3ZSfAQe9LIzohv9bE6daPdHDMz8MZoBsf5nV7e0TGLVH23TwcXXuZfOTAsF0QQLC9mXrjajvdIm+tv+8+DkzgOJOo76jlY72RL+YCT92va43g7jFccpE4e9wbA9CKIbBIetVzrD1EZjPVwGdG6GOAxqT6eOTgKoyfbhtvEUkd+rOGV5e9QXw2uvIQzDl3iT9tLV78IQlLlkHmvfv9VkpWWEkpEB1pBv9o9ZKDzce71GveHRjEGgAYWS9e7nRK2rCr4C7n5pLEeMYkEVYnCkpKa+A+FlizbCeVX1UCqF+9VH7gtHghJ7dvIK/M/wHBAHPb9NacfHqC7j28ZKHpg04fwh0WZgJNmrHdN22rO7SAnIiq6EVIa6XnSa3y42AjCVL2gr/1WivnyhSKv/k8lwZu/rGuLX4ZzpI5dEbBIK7LZjTS+GbGKvyIPqUMV6c4PSVksC72mgv2HLLtnRyhWxeaiPWBkUNoREUibsGjyheThdbxHI8de+Zfmb0nQKZU3in+txbymKavNIq5mj8S0+gTGz/suIzltaMDHGGuPsvmF42KSnL/NphQRqv2qAsCZBVUJtKSLg6W03TdRr1EgT+ArYAXM4ruEDTbX2WggmaECXEhUlxKYlLA505cXn/G/CT1Zo/gVp5LKFw7Cj96E/CAHim88y3/h7xGu9eR5ONB/IBdtNEfTYYI/vxDbfjt6ya6QCXJaNvziuQc75FiEnwUOF8q4YLi3WSNu6sUGecTMo4rXd1QRhCa94qaTFeIi/d/+wK942WuVG0J5SqT0l/gftufBbkIj/WImzMLyeVrltOm/LYcQicnpfhG/55+0i+AvQcO3cgMpggKyemdULDbiNzTwP1/9Faf1wcDE+BikDerhGWQH4pWMHXTcW+TD/sY2X0z+uF4rBzJ9Hgtw8XEZzbnyCTXhS2Q2TW4PNkNTCh/aAi6oFhWbFLFV/6+KIuIihkBfoafIZ/w8ihKxmOCu/k25pO0qybempoax8q1hfvE1mRF/PuE40Wd1gqq32LVgqSc7rTii19fsR7IPPHsY6Q67g1yOJ7JsCVjLjZXZEialwCMGJzXFjXb5Dawlg5/NwKy9cJFvbmVW4LvhhIaB0aBcvkZIzMwRKitcZTAMNy+4NvF3VY1+41MWybwczVFAfymRMUtYjk1SdJ6vA0ct9NJnPTIigEMV00ZoDA4GNGTiAmPwfnVuzvN3F70rHI0jparaUHN+yYMJE49le78tkn8Vv65LwEH2PN/0djJOA5tEI1jfvP6HJVklJM6ZRafNxm7+uF9fbnAeu3f99sOPfaXVXouHB5BJoDlNaWkKjRE64jJAMOzMBVuAj4tDbRuB7H5Yq5mUw52AIHFAcvS0fBCQC882s1JmEPl+nzDb3J7dX1SpTVcfnVbPo+yxfSIQdKwRulcQRMCjwt9S0vhN+LTbq5iVb3VHy58eExEu//wnmUUkQeevHQbOlX3a9sCeV677mH7eo0i0PwaPiE7YI2KeSJAPOOKlsBB2j6BRH67snyeVZpxvnx3rKz2NhT+D6fjMPNK0LweGSX4joeO4TXKm8aTx/wtoBdu+XZCpgnX/2Kn9KCiLW5XcmRlw3ahWbCh33AnS2zP/lY/4ntQxgVSvsziKDW3ZvKFHSFV+edyzwW0hQSlHhq8JecdmNMTa6/2LN6Xh58gnTJPS8G1+lMaVnF5scJDV6hCc1MTZF06E1mZmUvPBFN5uJec2+dLsy3ir4s7ARn56WKXMZ4HuhERMUH4gvNnga/Cggr8uNTBH/Ms6XCAvEDvF1uZiRV6/8vBqbS+qhrvvJxqnNpzdBfSafdbB0EGICAw32QJi71jONZI/HsFyKehuJAN1xuXhFgFdw4O2fOdvqEDFidkeMaeY6/TzpYF9znf5oHXfOeGa9Dj3P/nxz+LyC9cqsQG1FtCyO0LdLzuHhzl7GEy1VTqs7VuEYFeRfgJXwbJGArZKHLiNTb4jMv27i9tGsGWZY1YVCuOpHxPOmVfr4WKYp0i8IMDJ82sGCLx+Bn03MdHJFYIciRBsO96/0I72J/jGL6nuTOGjMO7rUdEPPQ4YSWiLzyxR/r5vKOnlITLyv9ybBJ3BSolbBh+VIXPlc98jXUwC7tPAfQa+8e+iNt8pnyOSDL6KAAT4UbSvuc+QsW/JB3ypsEbJQf8OjfHXNPGXU6xkkmbg0lTO56tjgIOZzeEreIlLCkqYaE46xYw+Q3LPOeJGu2mTS5mnlcKWiSV0IeE/zAP7QwDpboIGZL2W7Bif34h2iIQ1UPeDEzZ0QTNTAPrcdvNuJRQB1mjIelgDq/5lr2SKzoDatL/JhBPRvb7QQsCNrWTkm4Y3cT91zHjvR1q/iDTvqvmhI8BRAUQp/7HusBHmHibXPeSSLU4j6V12l3TKu1bJD3F8EMaH+G7chr6JTEVqdPvgC7zrj/VY2L/IK8yA0ht82/MMjqBq6yPmwsaZz6tu/lbtkVbvorRJPmruDldNOCsVK50ZKP3Vd0qd0SgAw3wo7VAiIANm5gzsxvnu0HGfMA/S6kWGFQxMSPxyPqk19aYvezxVbnI2aQPw9zwUjUN9lWLKyHbcHRcdg43L+hV7qJpRdQujjaUrH+h4i4viShGxmQ1YeKDm+kDJONKHbji46pMSleKLcYmcXeMjt4kz4jXnQHWUfAeYs4pP3wR7K94BA4H8g4VJ81bDVjS0MitN2J4q0x5b82GvrHTFsDp6Vm6mkNp8yO/6ss1jFLa/bONByYxgGA9ZZ2OTsBd8dIQPfta/+eUrmqkWP/9XA1Y13/4qwUcxwkUlGGsbJfZYax8qyTu8Uf7rGELTOCb8qNHPFseOmmnYNDrDNwWaRZWUdxmMsRqunVRO2al+X8VIkgH0Mqs0JV+LDApw8PT4nnCueQFW7+lrc9cONF5nJiZ3Yb9c+e+oDp1Y7nLMkLRBdnoxbnDZf7QrH+iU+bykLPMnwW9hxLei8NH92vhAw4nVaTgr2p6iK4BwNmneVb0qHkx0XtPPqsIUcaIPnLblChyYnuGe5SZIQWx5whQ1UNPIL+yZun2+jKxyDxGjEPRyQuUri5OMDAUdZiwerBU50f6xXcDIp6foghT31N9o++cRQOmzkIjAC354l7lGJbqtuPC4bXoPgXiocLwOV9sGSKXRWzw45LcDMZqUqZopJiPwA1X8i/VTnxO1WTXswCTCqvEh7iD/VSqWC4Fuz676wy9l8Ad8Hs0+zcmkf6IeDQr1oIAumDYjkIzPBhh3wssfqog0qCr/cZVZUaYeq05gf3PgfuX1mXEK0HN049mR2GwymLcPDHA1e0gv2fqNjp+18a1HitamTj19Ve6PC6bOvOzpySGULp14Jk7fEf2AJqbsl0VOO573h4NojsnWa3NEz0F3IO1qxOPanDU1wDeijAcxv9RaeJLr+6ilyPsNkwJfTAO8QDpzjrS/Z8EvK/7oO6kcuyryFHbG8F4S6D6qLdEMoNJ2KOQUWZsYg8xcAqMzHqABPB6JTL7uGHzZHSaWmCD9q8BI66vzXuwMmoxuiduZiPN9NS/WYhxoqOUvderhCy4/0/45vA9a0yxqj+zpofTLh5FX+MvOo4KzRX253VVoKbszJunjZeCB+MtiBxaWI1OkVksoHWS5KWvWQqQH0W8oceXyTepWOwQwTkW6eAEHKMsbm56ozHI5EA0vJ9xidLW7wPpmZhiRJbmhR/vFAYpfy80699dw2jntWQ4pTKDa+joeA9Xd6WRwg83ImHik0Y6k0q2/N/ykSWJE3kQF793RJydCWuiu+xhgkV9eBg5ldN9yU3KjzmKHzawm9/5cHbIukGMIIUNBXPJIm6Y0xm8kc/9JQPKb3kaTNT9X8757DA8r3Av489U/xGqSB5879bd6PkjDzHeL3vKjgVt1fU4fxFoZBDOQb9Ov5+/rdy8zE9UFjj8IMpTgI4RJDF1UpV62yW2al+7wdR2kb5vAMVn4q+4RuaI3VWWaJI8Vva98O41LASdy58IEqmXg/ETJL0PAeZvpHF2kSSZIqbW+rIUgb8flZPd5EcRIPml/EDlaZzZKOkYJHXs2lhVAUmyeOEFLPaIPkkruyUTN/utL/fpQXy/NpwoG3m2psxpOdwpxQVMyCrnjfWxgbcMGAdiJeKfyLmobNb5oSC/4X0a7kPQV78k0DwshLD4kZrVM+YoxUIsKshQlZ1issaumPkYdaS6D7PVGfJCA+8nPCMdMkmfML3LWj0GlzjvJEH6nVdEcVv0KPsqGvblsbwzmzdqesg2oZaZKE0t5O5OoU/4plyoFxtz3lxwK9qmDkxgP5cB8SFPw+XX9/Y6Yr4OAv9x9FfJ5yftZxNnaiT6Dsuc9IfZzgTm/irjlQ3nw0gccvvj7CG/cDEZGj/i2mVJu9HWMoCtf6xQVAagESh6+VmZo3Oox7nDcBcQnLgMmkkuYuwzidZGV3/+ZruzwlwMJp3KLRGKjN7x2bJBBXUXuvGp7IaBhduRyfc7o9neHdBljpDUYczPtUu+GN8vvFnRYZrMiiuCmQO8ataZP7JcMiOWwlCylitpKUwg1tyh8XdwZlxoqUhEXy7l3xsd2fZhWj6R2gOyzq2LaSx4GFYZ4Ht4+XNdH+n0sPapOIJvhXdcxoC9Or6Da6J0BV3333FHmh7WRgLUdiZLZROc2tqpjkIF3q9z6ilvI9GMfcdTOwr3KUEwG+HfjftC9Td31LQGP9ITgq+Df6e0eHjswzZgw1Vs/RKfsOMMNW5DxW+PnC96kCbvHri2gHNQH8Fg9YJ39coHpuaugrp4P2LwRX4Lk1aYhyIfyWjVpFY2qzkjjImH00hMYLYr6Qwdf5/tRnPE7FlwVIhWVOx6q08q05DJCTxqQqzUSIXGobmMnE5m5Lx8itkh/e0mAS8U1b/Rq/k1rq+2Dcj/jgeXxCeaOIPQJILCcole143NK1xVyxrm7qJckJtLrE12o/Bdhsz6W/4dfI0ZeyfE3vIEmtiCMYO8ADlq5XSL73L3E/vJwLWVzivW3kl2wd271a9C/0ZfP8xZOXuooYiVa/fp3xSB2VHo0vxsEXm9bfzSPaiq6021L2QLOWmynQualzean9xC/QM0vyCak3OCvUtXwZNmMtG3KnYxqHxDzfiUejM++yGfwsFLq9us8+Nxi1V1AvmuaJ8ud/AJjC+uv76axKiPBHXkc2hUgvQxjZOYhsA5ygmk9BcQbXo+sRoguoY9vvfjg1kBAabMjDmt0mTZQNM71szXbv2t5t5G2XF3O8h6DEJ9kG18rODu19h2AoZK3x0CulGJ66tbBUn4G8G+Ml945HUUYcGqPBDiGNHsbW9SVr4XdejN5bPYHth573/ABd+MYDZHGp/D4iORVvXYBIKn5Hrya7+p2augpcI5DM83SP/4w1/vY6F7bQiJHjMtCTM+GrJ4Zdm8JuWFsbJ1v+ZANAhSQALzShynVBEzPWt4BN1vUi8jd4yaivbi84qzSJKVsGsWmJR88cn66xdV94suVQ9n0Uj+a236vo67PgQGNCg7TVTylZw3e09i9RQcu5vTql5wo9kC41IOr2k94Vz1C749oG/pWtMplIxwkv6pb6XUnTKpHw0GhftiPCs9xp/k8ZqgNLGb2cTI4BVq7o3Nuo1d2Trm/rtVYYoRWl1XdHNyMQ4kFghAaoxIfG6ogKH8TXvtKXHWrxXToQHBuIl6TZ+VAwqayZxVIj1m7rizksNtRI8DMgWiIRhpivL37CMCu3CXm2Ene3sCSesNsMnJZat5rjxPY8fj0c4uzVG0PQdi9wPcCAzfNHCN8jOVYiOdnAJver+88EadvT4t6ar3BjO9miJFoNEs7M+LUe86DvoR6cGwrFCvM0ECssFjDrF5LNE1c+z4DnfFiTjnWsurAcSxmsV9AC5T4lUgLm+voPryzsqQK3y+mOKTY4BYunAD+WDVKBeoYeAjUERymb8jKkQqqJ4Yo5tJCI/gH24x7/+GobHgVqtktX27Yiu389dQke4e4aMUgt8siDhYZN1ToeR0+xM9jgKcJWBVxUlZj/HqZf3HVcewO3/1OhRg/a9a+hRsEh0pFn3aJRH+9/8rLpyqNgknjWB+1XI2ENzTnx0ArfrDJ7IKSebKgBTZedBeCvH9m9SFNxOZesJoCdtewBKyqxcOmOD7liwAz5D8lKbHFK9nxt/iQJC6Ub/gtdkRKVMb3wgLozBGNm+GhDyyEfOPSgU8XtIrYQ4izgDTskb+4i9XLr77cKy5ZstA7LvS98xyLzfDWmDcSdfq3KR80Q/WbjPRA9S7a8gYzdHztgzV2RKGgUGoVbz2avB/OAe6AqumGsfohRNOpYDwP5OX5KD2gRhWtP49WwdqFte5CZo4Hcb0r1A+0FPQJfpHD7t2t3eNCnnv48fJKJ3DgJMf7cRTVhkgmPGhBO/zf8B8Lg2APOxWWUT3mMVnPHoP/d3fmN2dEUjmRHT19pnSr3EGGYDg01AOdtVX68O0C1UlZd3jEzZbXPyBw9+DsNRbKrXfYg8McRHXt0JVVZyPeyicluKCqtcXYK7uEXuK0kaATRHJkBb+IL5b14VXF3mGJ0qF3xM2i+JCBKrYjRNA+Tgmoiq6Iq7G7j0LDXYLp2yt2V7v+jXCgqTiWeEIb2lyETRz58Buhj7sLQJEmIXV5EEeZrg81AoYSRwbgCRVNOKUAB/hyzexuJQvhSl+1B0GZVRWerR8Sej+kIX1L/fT2VkHpqNgT47xZzJCG3iyrNW/ZTksBAJk5okkl70/yIKRZCLIHRz7bxL7ODH3Npk2AMNdOi691MJbHdka1P4o5NBPn5u8S6KYTzQCBHqsTb/QvfJePXxw4xvRsI1s6bc1ylzLvg/cin6QNHKyIkpWvCKezwi4OCQM8sNsdPPRcgbeyZF7vfn4ueKC+wWSNV9rz1sXzmtB1bqMsVn+jrbxp3FBhiQJFRBGPr1n1XlTmzWGLBhJo8vdCfTtm3o7gXQNWtAfyg4+j1O4dB2IqY0RFMEVd/n7t6kZ2TCsdlvc12cWqY6K+gyfQ6pwsGx1mfOFErQjZgCAAy/KbzqzEDq6jj/RIjCbaOdCkY3G0wFaxkDyRJbiSvUfI3G2kWLMw9DAom0FGSJTCoNiHzkaT57TLeetWAA+baMz4eKcAjU48OZaJl6j0BHdOKSuEYXAbgHaKziMvyEVUMv45xbfIixn8ZOZ1n7J1t5d3qrvWiLdAgtQjAj0qLvb5NFCmm8FS9/K64OUgrmLDUU31q4L/xhlqThoT4nkWHF2dOnclLKVVNATpLvlYwfKlH8GOVMD1oBRYlGcOkX2hR3hlAiJ3oX6skWmSi/uC1T0oXEgG+VSi/aFgbjbVMieoWkUJRj23Iw+14+PHzV63NjyWIE7hib0N3u/9CprlS/k0myzc1J4SUSXDQgJz8Er9vPi8IogMM2WSHYl+I+qm3isfMVr2C+2tRH7i9Nv0gdUAp2ujxy3QGk5IEwK+gjcSLkpi4u8yP0O7own0jeRk2ReqEVr+gDmpZOFRcNZIKJ6uzz3Gy4ToUsJWKfBR7m38BhSscH4JsD30tH2BYRSdi+rb6Sbx4S37xkAoFOg02OUjfOGJQwR0j8MVfYeVmN6VtusE9zk+zeJlPac1MfHQuKt5dDib8Z0fcASk9+Z0O6borbIigN5moqwGWLolSBEXx0GH73fPW4dmV+hUHwi0K4HQvdWgdaPAih7+JMKLMqV0PCyIB5fCgmekM575buDalr9i3sJRJWxXM6T6n+NhavVmFgQRGNaOmhfiesTwIVeEQZeNb4uS+KDIqNs/ZmQv1YBtW52TJIBZd2x6Re+HzDf9AUPijV+w3D56eUcTzJf2rlzeHIXLdj9bDW4JbgRzHsJxO27mIgd8N6q4xseu9P4U1yabE1gY0saekWxh3liuaoylYHMEKe+sue55S5XDpEBAgjATe8qLaWQI1mkcyJdGDxzz9+xVSPo9T14JUQXgoPL5fMBDuJeFq0heZvcvkvvwyA9kE5kmQHOk3vbHiZaxuB/GMGbWkV3CEcDhAwHafNFNgaAWj+GsVpItSRIGN/r5jLx7Q+NiLkVEbYNsDDbammvCRbqiwQkY5NgA1vpi99tB9pyF9E81PKjZZ5pO/MKJpH7yURkWagU8UQjvOOmIz1VpCHjhV/XXyoiF4xO17VU8OnaY1l0S0fTiD+T44o8lBqo3XV9d3J6sRcbk7NPJwuchZJHfC88ogk+OdtbSlVNCznr0QLw7TojMa6OjyrFBIXuvGqurq7Vu1dHnRAStx/TQfH+o90KM+l9dDLbphHV5+qh/Ce2K0wUuXiZEXRBwL7GuEEjxetuPzkoZbImTErE2GY2V7kPVj8FYIadLv+sdE4WqOwiXWkHwVXY58MMs8jjHdRBmdiwjeDced4DDLNjKq/vSvD+/y6JUHj0Tj3CZVuJopSaikEwc2iFQsBZZHs9fp5aCsq411ihTRz0yGVuOEKrBLILcZgepZnOA0tmo7PlKruCBvLIvTDTZ2r9BmTS8vJvttiAr2iMzbve+SoKe2I+IQJ29BGKlr6wFEauwrwS3Icj9jmQ0zeiXBUvMsUlC7sFIiwvehEDFW2cFE9+KVPxFxjP6YG0DZJEkwe3PzmYSnxR+mAURbV8SUKezdNWIGUn0TTRm3UEwOJZORUfUy0KCbW+uOC52ff4M7VeAp1RixOarvhkMkgjJJiOjPc2KEybPf2R+qFalQq7pvVbUBOr0124br8/Lf3Fv7n3HXxzwBHXWD+YavlLdkYqRIFNwl4VlLho8WvAjh/d+ieBmWG+YR6CIEUJUQr7w91CWZgg6sMZoIg3+xI3s+s4fRatbUFk9atMdV9c4X7TtBYT2Wdy5dtDu2VV40h5FJJd7saDTod7tEK9tu43evNZ+d7kZm/uvX+YKfFacDZuGI89qyzvEYT4qyT3ygXSPKS1KhHhLmdMSm8jGZpXBRvuFEZMsXf/c837BW3h4eRTKT5/Ur63gYWMKImG04cPsw93YvodpsTvszfNX72M3R7ebk33fwtL3x57kcaLynzmrNLCHoSgARfcveWZsGT1LUYxiotqIntdDyjBPOKds4CY7SHaejy2Y4E+uKCcwFm42yZtslPAW18qjVYS6xZV42a2BmazsNc1y5gTmi0GDayoralm78zMB/1+yMkxVdYSScdyqGD28wTGdi4mz38VHTzRsl04NSYb2yKx3O5q5/1H1uIhfKqxJM15S4V/eEiceorGXr7rolQrybf94bVVtDDuRqJTk57s9caFIoCFEo4hMbJ9a1OnZAMEx5P2uMjQ5p9qeF3iEpZ6gfk4YdwK14/EEpf6kAhUePyDiS9fnct3tmklHCmwWIq/EneuVoxCDULIbOAnIOBd7Kmgtc5n2vrtUPHx+Xs/ap6RhrzjIKX7ZjShgVrs9o+sbpVObe+sRNKIwQX00xIoSAcX9fkI3K9tPSnz1pWcS268xUIUANjpVqrLOmMXllBT14+AEhZ7Rd4l6wHJYJ9Hsz4UbQdFmyOzHNuGv8ur8ZP1LZxVxGg/0UiSqa+CbSrHrSDdFxg7FzaQKz0qNmdUSBzKIr5OS9M6uwqAGMoB0npxXlUTBmN5a5IagzKOBsPYyBzJctKuOXZcOvtDu0P44HWKt+Fb7or+b0eFSI8Nfj8+iof3EwGezhh+JhuHX22FIELfa36y/iT61TRX85g9FaNub1KyJxvivXFU501oxlzggEoLc6M/r13+jxnPrTIOADPc94tIss7gc/+i5gvsKhBmgq+v+zjk7HTS50tyWiTcd5fKUl9W+7iMD4WvVI4kZucQbjsOq+3xQnp4e1iF8Yl98Rysr4IkWDHPpW4YATjBgFQDWlYVgHFEmpQJJBhhxYGBz4EFdmPymrYKFGmZ+0BNNX5SQgG8+0VY1ClCYcC28VqbqVYiKtFvWhZFZNJrNKEjkgZFdjlxYX2Vfybc08NCHYgrBN6q3QWYnx8x72rt3of1ouRVMyIdovrVWJghiTk38heNfUKSLXlBdNi2jmHG6Bp1t76xBliN/7lm7osN3IQuZYkPZfC8vpXqTOaiAZVNKFRBycIF1J1wXe31g5vVI/zfV0sfCu8TiQtzun3G2hfv9ZmMpnxCCWx5t0pSWjxQye8Uet1V+A9LwIALGM+2RgBy1qvF5/VKlLb3WHmadDD712VJIynPyoCRkMbPq6/fOsbW/sz0ftpo1goY7NEFX3wrQnoI9oMD52h5vvnfJwKyOZnH7/syJ9/VM+NrEGVTlKi9ufo88wb6sXHmxeUp0n+c5kLbXPtZkcilc4ccFXdgmOES3APET8zhmrTnj2WJek7pcmjqcMA96/eY4g6ll8s78JQuYa/ybMhG69SK9OzV1G/2x/e39LAmPBfqG3/YF03yV3c+ru7LLWOK7Nzm6fGGO4M1kJtnHxYtjcqsF/EDlQmaCJh8OepRCVRdu5mGqQLlCUnXmbwn44YDQJw1o3dVu5cPmgPsRtZq2VqaBoOPic994P5L5qWsxDJd3GJjrwhggCUDcqqYZodPxIRGu6w30nDbtS2selO8cUK+g/s+B8NgQ4MyV8M9zMAj0Y41eMqRfkNF6Jul8FmErgQgX6KxeM046jIr9dn9L0X694SGdII+nf3sw/LbkmVT8X52H7/smuU/JnXJH2muZSm5Q9J0aK+dhl7DlACmPunLRhBhi7C3vkpqjP34zd3JPUqb6ZX5JT+eF7/Z3XYSVAT0ZxPBaqgJ+kMFARvJjF0NWy4w8VWB0h1O+1TH3EzcV8rJ0nmynEHg+qpkc1asx1C+3Y8jFfWsOGUjly5TQ4iCPgQ+DtwuH41ch9As9aTTviFbQdkmh+INmxt6hSTn7Ikd/4dYPnN2toKysfO2X6klNbWnDytRdtzInnO+s+0B+4I/8Tm/rNOu6ql7iguQ63oWb5RemVGtI9MJbZ4enEuG2++wu+HqsFPoquaCaBJVHrdW1C2fZ7gGaFmFMlweHlYM4a/g8oJv+cS0fRuGW82M2AEGk0C/tzAp9Yl8Iq+9zhMIHYc1tNHw0/DdKVfbeXmlarh9iytvIXywyYXY4a8I8BRksGastzouW4pMyo/rgI5adxV+9v2ZoNde7X4gOhwIL+dZWKZ3fwm8DLF9QYxtf+ZvOuFOstPd4pl4mBdzPYwvwmMOnbI7UPv06QdNDVPkq7w8VaudHnYdw9v28u9S8pGWVmSjy4tZfowBmrT+CdMN4DP/SceZFQWYkCVRCT5K8aqNI6e5P4Wg0LrKIZz3UlvsqFODTsDZf68+eF0jddyqExvpGZ7AwE9XNmZuXn06DETCMREW1RZWzaQ+lIcgwcfD0+A081N6w5M31MfEujmeLBIR9mXrjVx7rI2hOveM0urn94W6rNJ5ZdB4XNhjB/0fbeyy7Cm1bgl/zmpWBN02898KpB8J74eHrk6V9br4XkdWsOo0TWwhhlplzjGnVROkGxJDqmeG9B3WLREtF4yksQ0KvzZdUHIydUD9b9ZlvVa+VfJ/JC+g1j4yVGmj14RJ+FoBdMtivEzVLFpR5LqtSxpLIrr0u5vPm41LJAmvtB2xbZWP3c6ftO9svNWGjj/MgUCV3YWJlGDSGwY7CA8A81MT2j11mQ01PaUUWpPI8ejjfoy/WLAJVCaVdO4WH6sS+Ccnc74Tjx6DWbtAzQgZ8WTYP+wSPRg/1Ob8dZBZmljIb/BIkJ0semeUyJyQT38MrWXz3vwJ5GgrBxfFPc5+Y9ZrgmR471bcBuKpSBWXxPBxEm43mMUj2Nmzgw95R8to8CUZ8ueRau9tEi+Bz0KflFowC9SAs9hyWTgV2eAutYFam8lCnCJajjZYcZfKZnlB3eZW7AyOQVZuA52WKv8h4NUdieQsoeIfH89zgSDYkffGozc/QZLjduKpnyeOOcdYoSQ8R6dxSJVrzveDj8ci9wGCmMRfQh1/TexpeMdxt+8Eq2fKu1sM6DlOf8CR9MVz+MCDtNb2ZbCASdA4fpbKIOVGzgQKY2jg+K9Y2J+LMWEr385IIt0Fm35fcBoxJEgwyjaIDveF2fAm/iG/UmYAnsybj9dsRyDXKK4aK4QIiYdi721ZAZg+wkVMOpr6N2dqS+ZUd0Dak+rj2sc6Oyz2P8+DuNevkeMFZ1CeaTZTV7Lm6hunjhsbPuoEXdSUie23eDc7Ql8OOdsSSuaKH3ZxGFS1xjbVsjzzmMuyDLC2sRQfo5P7xIJi5uKnEb2/tVIcl2Bn+Ixdke0pMWS0KwaApNg1gGyW/Ly3iunly193zYV90xRjEokT861U3gcZyoBfFaKS2j3L3lJLVPSUveVHlgCEx8uGDEl3USpl/IAoBZimFkvyjjNJdiK1049tq3nYz0p/NEJAoFt/ToSbIh7QvoFjXVyD5ep7q8IS9RxOaaDLfdgElZ3VXkbQf6C9O7Psx4B9vfIC97PQlveFlFjltfBan5FwQCzq2yVZ3R1mCMbjtW3fz7BRphhEy2zOCnbAwG+6yw4nXd9LfCN2aI/lOi8/989zSx3oTSQIiocQvIZiWDkLUSqbMY2WXSTrcjbD/Loj4JrKST0CrjLLMN+K10nwEwGE5C0Va9alCho3RgxiirFJqiFyYPCbdYpuLlpU1o2zTeir7zzDhRLhrYxIsUCAPYnjt3+37YBVi/M7b+lHloi/JO6/zOuoZfOFePo3do5IMr/54aGgEtWzpl0LIH207R/cq+hYnD2Y8j9VHRAfCN/hPL2cEjTg4C0JgeZYcACT1+2aE0uVmEfQ7TnFmKk4PoqeIw4GYqKAV4VNCgsmsZBIj3XfPq7dbvX5VXblWZ/IXnI73hRnJA2Pt2Xi2XxQhUDxktur4AlZJzmscpy7X3hbYEXr2Wh7BqBWI0QHHmTUH3/twrtBnmIcDsy1PaFgPDPnxuS8NAqmh7RGZzJ1QfI+edpxwHa8sOw4lp1e3ux/ds0Qk74GHu8LZ/Btxh2vrfooTxix026pVshGP7B/m4ykn/yogAzetsoZeHF8i/bj2yG5t4+dBgwLn04cAWMSHwu3AwdS5/PIt5MAG6X3zqXSwzUP73QztpA26EVT2ofgPi/NBFjsli35qAvZrWZWT8FxEc+d7XWCP6+i9R+qzTq1UYcRi7AWT3iItC9IYohmrzKvUKPqDqxDS5eF2FrEnWhKZN6HzAHcaztl796jIDJmh3gH45QySEWGB02pCHrKqLeKecP5TnYArFTMNdSXrzatoJFKrP838KV5QVUelMsD1JGUFS23Dl2nP+5VvHW4kvywczuCkfeC3ngpgbrZHzmzM1fCf3YP51DMxLds1/X7bRLvrNZ7w8P1y6vLMKJk+sZTiD0lmDeWrYjmim0yLpm+Iur7Ox13fn2VLL4hUCFpu1YSCuaiAEg+3Pjwo88huw2sCqusiFscDdUtAPY0G7QfiaGIuPYEIRcwUOH42LoUWjDZsQr32S9td0grY+7Wo4m3yg+McSTLkviq4e0a+RuaXIy6N0l8EoxQFtVSEr55MUIU4AcqO3WISrnvN6IjouoxwJO3rQiBSAz+PXxwh6fLO7E1XorzyhxYSwyyhypd6YXEGx8oWyWa9svcqPTtaI23pw5a/il0ZM0+qFTVRv5zpvG0HRXnemPu0EPXZxdvXMxeZKe4zFRNCzblI8Wjwkhe4AM6is5+ELIx7zDJ60wlrW2GJ1710LEVknsKu70xhWTByvcuQ5V+VpGkz7o/2zuU38RnYeuTEECRI9ULRPEJva6l7eIuHjM+PJq0efV6ljIs/IN9YyTkTFwEl3kIJF7PwORM3f0E079EsyvT/KnfEj45IfcRd9XCDin5B4K/gfTEbtSr5gzWeSuobCeyiCUt9UjXZ7gzf056opZhEnIV5PQQ8Gr4HPnmQtjkgZIKNBvnl7fY6k9ShOlZsZZ9n3/kh8uufWWf20N7m9AhqMYPhHN3TTLmi6KuqcfYT03c2s9xolXkJcqrdnGILMigUGnit4a0Q75fYqbP7ZT6GWF7vo3mEs+PJL85/5zHRIFJbJjdMhZ7pUnyu+gT1r1YJW5YKu7mTBK/eVUoxPCaHQVPRElAiDjqUbG80Gi8Lt90Xh8rbBSLe+oUvy4suvQOs4C9rs3kAZdvccqtzZjiF2m/go+fL0fbhD4XC37INjmGhmQxUcJmuEVJ25UIMrXQSFI45yrx/hmAamKZeVEP95YTwz4Lk8xIzp2Tq5+zKAiM919B/xve4S9PT/LH9NDrw1I1vhzY+IUqtUxoI9kBSlsEnqiIwLHO4h7yuF9sEX0LHDXy2JP5YTkMgcWvMJuRiH4S5FGp/zEzPdXgePUrnhhluPS8nFJYOCd6MC8iJI+LREV6nwKBJ2EFlLnLCu3l9pcSegGlRFPcmXF/lM/KWhWZ6KuDZ8EYyjf2wFHw8MGv/3pXn76ymKOtgP9DiLy9V4vK6F+AzvZBS4yAxBe06NirX6DtsPRty9Xf7LlixhVc8KU05Muv5jUX2f7KOJkPBdCSvgEh/t2Q0tvdD1/SUyD0ASzLZaWeYy3ej7OQD1B8gQuAX9v2CHZbmm/B7+HYQtd15XeMdoX0w9+ZlCtq/fLZ/n9VqZzIxc3ljh2eyOqXVf947GZ4i2c/2pEf84mCj0JLXarWIcEXeavej/atqsDFpI7km6qaS+Km+YTOzDvwC9JzN8fsjbwenfWNzavpRfN6H6o4P7nyfnfjMMpvwyZ3qL3h0P/+sxDswM4rxGthLv0n03QOzou0/gu94py8+OiynVg8s/xfOoJTurxKS/uKspi/nOHT2OB3W5OHzhLlzJBegm7/YXwHeO3Qk+fcnSZXM1/7qYQixB0lIRweo4T4D/kE1cfTGOCvMXeYDprQ4x2/fJdwGMryInNLBPC2kgMDZFxXInyo6QE6gwpat0R/SPgVqrBHJLTprgeQXmhOwgvg7d2ad8O2iBbzkZ3490lDsNg+WKx/6PqM7TNMvW4kSDCZNkWPKcVmXPXqU5JuhybkcUpdmdvGftDg/y4iFi+lMD2T40CnpOsiDqmFhUdP3kRfScMvxjUmOHnA5R88jQWWjkOQnsnjvUOxb1eZeqO3M6qg+mhjEoGjBbL+qTX0Ugrp3ZGhxy4l5poa5dYOcHsoQv+yTXBAye2XCiz5Gbwk1DvAuRySiNcaoIZvcb3i89dzZqgj+1yEgJJqlaSbkBaEP7aIGX3JkLSKkvyzdnpnoXX7/KgBoVuOfxF4SXm3gEHt4svCsuxthZkFiQ3Tc7J8/rczewQqgKbBGrRnmEMBkysJl68imRrDR/tVJCu5RHC30l7MGRHEt0avEtqJheSaH0Y/wSySEm4k+43UaHc7kDiIkus3peh8m9H/JAO6I0qOiyte/aj8am7LrRByFbfaPQCMO3yTAAECQQResoywliWDC7KnJEZVmvAMhufvzl3IW0lhkznQG3zaJh5N9Wdm7vyD3K7rVZHRM84tz3aMAJM65pswbgMyDq23zxvCtU6kZr40+WWEKI4sWt2HYF8ybGXyFEPF4uljt6yegwFXo50v2DbEz70OiUHm7A6Mi6qq1ThnnFEM5RzmN9G0oP+rCl1w8+irQZPHHZlLrg+p+OT5qLZa6qRxba6wZAyPDSJzTiD8SaPOKJdJSLu3x7esG4/pixDatUj7qP8uOrZKDp3JUF7zg1L6i8OhWvoKt0Py1j997H2FcuVSMDL091ioePhbcifssXnwxp3ka7TVEpLFR5v0L+0FVOqBaDhTLCELH7VeswjrQ+hia+9+yw6Oy1Uak3bPktSBf1x232Vw3d7Qm7DVZ3+kbkpl1aNyHRmjWwJZG/WW7M+pIoD55QQi/dqQc75SCbss71Tz64aN/M89X/OElOmyw56Ot52JvnAVzJc9DZtfwlCvElSkb+9LOibTY6SBazHakCpsGVhB+/Xrfo0+W5wHcL/m5tE8PqmK8flXEOyKqHNTwOVZ8j2r2ii48p48vmRA0R2jeTXsUkdMC8F0zHFs7ngOfBnsPBJGOm7aiKWU0FruY6Q2/ofpSobMEltjTx/mIOpvxwD42UrvUMKtmV01aHH1CSIEFq1voMQqzOdoYucq6ZxXfH9zKamjGVYyj0nWWEmsz8dXoz3OKQFAdKTjF8iCS/Eb8alZF+hMZZ7jrCMdc83KXtXbjqdI9S6ug0iIJG/PwcRVwajKooCBC1j0N0bt/VPRXaNkcJrxsvS6I9pMcAbsWPPkbQ9t+6BRQi6Vdp5cpfJXv/VqRi1mYiWT8X7OfX5NcYAwElkgyGshquL28bifgA66KLHttFKHl0k2V853VWMiIoN4iN7G6qEgI2tZBV5RI3A8zuNNrWFWngnJ5wd8MunYjyUVpouTKIq3FLywLbEBO1T2BlDxooI25+DT+g43fOX+44rL9qgG92yB9tDtCCy8lNSVSgNaTxe3IUB9FWX34A9QjlK9MdQXRx9TPHlH4hwtt0UOEGV/OeHLOYMLt5DvxD6yaovUqMyQAFvobjM/6Vhabaofdllaf2V6wJh7t3ZZM/obc9xwuuAglxvAOvkDWuOUKQEoB/uvO+PSrfmxBLSqVsPXsq/qvst/fD2q439Kzee+Q3NS7E643AVYZsIsvlvxwqIcLmzJ2DzZKkiQ9p/vHYLNl86elLY0QqeM05IeW7kQPz2wQrk7MCEW9uhV/A7mqhx+fbuLrPVLNTCHJOaBia2Zr71brnol53yxbRmL91j9oIDbXh+xH5z6sU7ipEx3ABlar1cbD2Hmx/yerOeHWle4sD6qrOS3YJMcwav0K17Ptpw/yfokv0a+DB+MkixNA/3rGhsy64hJl3cuLNZt1RzUqjxWBPeszdDQhlLJ9RCVFmFrlTHj2aC0jfOTWcyVLc1SHsJ6f92pX1EgbDqhl60lrQX5m+ETh7mv50fPaiBIn9+BH2gvfX6QMMhMraLWSGq72wAjFlJEPxrI8vlq6EqL+W6u49/dba6xA50bDpsRbCkDnJYBHmNiFTG5l3sfkrmtZx1do0g2iASIS8ygygfjybO8h0FaNlUU8/wxGg8DUG3htLBqdEAHzVsbE54VIonUgL5wZ5hChbsiWzyWMoXTffmmwkPfo7XTBIUmh0wlB4kC0Y8SoEkshqDXkxF5+85G5Ida6ESh3gf4/JgCbXc451PVu0IjI26MWsfKjZOOwcx/Thv71GbUOwRT5BhA7Ai0Xlct/rumGaLIIlyOxR4as+ELZ2xb7Z5H694ftxNxk25MV/+r4LerCMvt70KFOWk8tiyHN5wvZFUuLcYB/NvWtOwqJfDubN4mJcWFqX4GufxXrXZlVijzxEVYoLcP1AT+ucmDdHLf3dwqnenqQKce0VO27qRqxQ5/JYY/wcrR6oXSHxYiMXLOkD8O2HvQ0jAuFe9pOFg672oEVImVnt5ElsMklwK8X9yDmJQSO5i18v6+kkW0TaaX8/aEv/oGrv8o/MBdWTDAfcLEtOf6wT9BC2Ol2VLH1EwQr68nKQkFlwBrCQyFUAxXwGXTOgUpbGf6qWfpKzlS9Yl5SMxfrtKPzUc26ULQx/ejTIiSLpj6drbeKOK0/KCjOsQ+H9qseJnus5q2m60X6F/g8RIG2X6SvfvJtHW2c51iWtOOXd0tDy0tcgkFYenFh2YbrYFSar0D8kr16BDdPuzRB9XiiKx7Es6nM8JWdaf6B8kz22kXlwxCSafZUmaikBDMyLi28kX7tJgZtRXTG6e023pwzuo6IRUz7LLPj0fbop9amnKGxjEek7yQI2lZh7NUe74fgH5PpPgjS5o4+n61AlMVVF4GDor2XAhLzGwrzzyRHIG7NY9M91uW1zyh9nxrl4RfHq9Mc6YQpOH5Yaz8/38HbHFYmIFUWbHn/qUHXlg/1u9AkLyuGTZJmjnOGmhyJRIMG7l7UQa4oeX7nzI6+yYI0/9BisVxi+JA4bL4WfiJLETAc7nRhe3glfRtw1cqHVEcJU0mxuHeY6LZLvPaVYwGxE+324GSbnYCeZ2wK6Lcy/XrSKuzNVFMiJr2yVnj9rlGqSp8HWqZCArkkWeeX+JQbNJqhaRDR+QjDcyMdmxx8LevB/klSdvHDHuGcCfSNoLZIJwPDJwfKziMjE942XN2p+OiWUFJ6aNtF2d46nvSEdXu7Nz+lj4IUTM9/P9tAsz9EBmoM23GUH7LdIZlQK+HlWycXTY39fX2hbj+SXsXbG+jfoES+z83ImAQOIpac4W62Ctx3voqQ5QHGGoILqjxSaLx02KJsWAuTRq8V+6wR+4wP1sPiwOZIoIaev0VDwwX+dmjr3u7wpnUzM1askJuTPmLd7IUN1NNbICdmyiy5vrTxKOgGi3qdR6+tl/h9mGFib7DNEqRAOwkcnaqlN0WcdUAVTEzR2Mq/bdGMXSIRrsDsS0K5tyK4xHWruGcvXukbKTrT8k6QvDRZ3rKoIBew99P8fjgLbgVquhgqsJcOZjh21onY5TcS+oVQEFo7IfXuXRxH0/O9ozc+Tpnzl2V1p3kblHYb0OyltCdyG1j66PlMc1sL1JmTy+qb8zqezq7CAX89VVXm69pRugCOk5poRrkzG/1GYnFYeyKMshNP/O9i5jVTmTVGppYLZ19wOQbU6iy/iqzieuTCck8tjHlmnwFEL0WHr++5WqcoEku6WJHsL8i84ok5qZ49HfbsKDYfB9R/EZhqjNdwMZDhu8xugF/yCzwbeKV8z3D5452VbL1RoeEshj1Yi9EXTmSksmwYwSlrhlMcV2ECJoiloIxH5msY97DF8SUJk4pkCfDIoyNImj06kgx2KLln5Dtvey4Gg0hS8+jhV1opue93bn3X7IATjV310U1un0ePgP7QjoM4HIee5hGLr2cXENOCa+HnE9BjluaRLGoBQH3WQNHDOwz8/g5pY5RR4B0w5f5na2BN1Tuw900zynFUCl8NEhmOO+eBxmU3bIkrUKseDumIsppsQs/LrHsf1UIiNVAXeH/pGH+/8iodybu9Y54pS99rWe6SeBnnzYjJqzKvAlQF3rj502Na97UOnzw/XRDd0mW6b5mU3s8Kf9SA6jHlm1Srh8vcPVJPrWFwmgWN1jfjcO6T94gphoVjfnrIcU/iY2PmG27d45JU0N26e56/lQxVEkW5n+PqlBoyzs8v4kZfPRJfIyE1wL7yQvLXyExrT/dtYdzA82G/nB5t8+OygFabBao29flDPvMfg4lX1B47kk++VrQ4j25ARkToa/mzhjaUtwg631kwTqVyKIoiMliZ3bUw54hDlY9IDNKI2xQZSvY2IDwHmZBMUV5bLIepJX3WOmLVZtM4gYTe14E/oHnWk8/zMn1rg7naYMNFMxtRo3AHWEWtZoe/6DbmRzqGY20Y3M/LbGSzA3lx7MQnzMkXrsiMXPmQ2qVB/QelHK/4NRTXNqjFmzBJ9h4tepAiTdWuHNhHK75PRvD8ncCUJil/rtoTGtsTx7OTmf4CWV2s56jDlUWvvvi5ovNKG25J7T70fgUtcMINUkp4vhfKwQMM+fdYWbm7TQQI5Tdciv1WzT7NrxuNDs1Sp1O9fNMqtRqG4A8X4wZwDA19wd0dwQ5wUxsnMWKP7FtelwLNKwhsSfLaxR/23h5mQtQwhuK2pJCgG3rjthRz9VxvF0wQASxZYhg6fYPSauAmKsUZeLQFY+NFEOsRPNPG5/XokY+41qj0M8Cey2A2fy5XzrxfVSoOpTQpLMvFwzOUdOAaFNmpIUSJCw6fLlCxKfXrqKa/IMziS9wKB4vUWlNcQPBhmzTPDNHGrisGk8nzFz/E+ZeZINkthjRf9/uWeMLESvAtPl25BYXWp0d/1yAXPSZpgu7RqcQuCdgDeS73etU0CUsn95zWQzAJ9pEyFDeuGXlo3z6J3uM1pfEbyQY4qKGxljN80ywSG3VXo6OdwdIBniGrKpi/ynrLjShz8QXcsIMVmZuqTuskA8JnVvB2MGQ29icrbtOLPZyN1wpgT51shWvx2Ip8lL/kOKCCnkeMfLDa8Z03JArYrdP0DVxTEFi3DCGDNJlgDuEXc5BGlus1tie8uKtyLy5QvgV6g77QfsHzGh7tot0dLV8FLE8KyeHX1mRofcx+kS3oCpAD1kQEQmP2WDOGHZcpP1alwR7MqIcHPWTQZCF7GRogX+nTKPKXlgGLJMI6R3VJjIz8UO33Ax4zgspd6ytgBF4nojDfRTXVY4SEPGSBVW3jOHtfH/kFYBirmke4MOh3mLK5TzQ9SouZ7ukQB3TF3ZQxpZtPM4KEuIH5g1EoisJm09leCsXG+4FjgmDXliNhy5airdqaaUFlHc3aSd64HIMejSOCdJmYlhflmEh+zQaGcoti78QrNz6pgqiObgifdlebT2Ddqlkw+gvGhTKVYfbyLCM6+OJ+xx0V3/I0ou/L9Tz5Jc+VJB02U0NtRZUSklscohtTmkKDYcCocHI0uiBj675rhDfw8EsqL4kxa4hpWMnjb2seYV7taTygmAUjakpMlYeLA06UnkBC3KtoA9YJnIHJ5tGO82rr8n5WlcHNruXwL30WQ65oxeFcmwvDVS7cQYjdTca9/zY/+vue85dUQN8zGuq2tKQIhiXp0Sve9+UgHs/rR5IPeTNHWwMN7M48sj2/rHkfjVsOM3gJLjcshERWBI0zSin8cOoLx6jLpY57xN/MI3aBXSktJrqifZ8ucWb8VXrQbiUZHcH5qhaTqr927fKE5UKV6hSH496gEHhCF3ixDp+/Mu3s/pqiGKFM7AEfnbNHJGnI3VKArAIjvjaOYx0ulj/coPKXBFUmlmkvbvYaqZqth7kS7/4r1hG61dOj8WQD9LwkdOqRE1j2DK+Q6kMUoOiXeivCOuGk/oGJJdnEtcOe7WO86gBDi1JeTIDXH+IMUgJXfcvE2lAyZnhbcfzQZaWpQEPdBy+4NQgwo/ZBvCF6Y6oViKkyif5eRhc5VJ75YlpbaAn3jGgR/F2sbIPEy3Wnnx0kb/DVQUU9Kn1r39unS50GGVJTXiSGFAk/ZILvRPOAt6ik537HR3MBreGFrNaBFI7mJknf1584+dcN6gsXkKxTqAQS942VIrf0lVHi9Ip90NnPJRQXLhZ4IrBQQclVDoFckZDWyZhMnANKyVlO+wu7RAiNnyxGU9f0xCkknkMoV0E3d/FeV5LnwqPLJyQ5/0dNN2CuPgb21/F7Un8FdbhpNcafXUo+zOybHCL6JlY5QIS20WK7rXsSlKhgzfFAvRBUzIWr51tU3kn6C2ePEKTXheMHlCS0N/1mj4eVU2fHld4m1Nw+0/qxsR+Wm5doats09dW2pX+t1dezzE9mDAPsBQ8L9lm1Hsre6k4B++BLtazkgZd5JTyccq2grUzK7Lp/KZvY9sjSh0sMy6kqe2jUj/hXps+pmENLA/vVxyzKnDX+Pavpo0JYoaKcEo++flhhnRzVBqugNjbnf2/i8K4meCEPKjlm1AI2SrQ/2/C+8oEcwNOIPfON1OSUZwAkEQjWNogOtPaOjJkpdCJoXjnoa3eshJqYsaRFt5HVZJda4h+Z/aaPhHcS5pO/YeYBUNH85/yinn8jyS8hqaE4x58EzTXURbbn3edT6y898MyQKmTOCspFK6wKWTsV3FHtOEdFO1wncsyqn2ZGmfO1S1XUyv5+9M2Mc0TYvwhUr/pbh25mXz8680zV9q0JV1ovl9jNxULjFmi7OwKqlTYTMNGIb6IWRNzQd1Rw8bPvGI+bibf+4g1nogO29yCL7bcOVo3qjDZbqcrAsZV05ANPOaifFjqIj6h9v4WgSRIcR2LksrhAfHBuIixhdWhL9JFNUEKa5fWc4VnFOfIDolq9IAWoZgsBNwiTzi+8VVRrOOBkjV4/FR4V9csddOXFYDApYBx35TLA2yKBW067I+GzVoepL/1kUplzuDHLFilm9QZCuDiQj0ba3qfJ2VNkV0T/pNClrOMXimxgkpJ2kRQWL8HLD1tT6zdU+MIBmCfsQMXlSeXOytJewUuKd77kcDk49XUgykkZ27rhQGU4uEQmYBSHXKTo+Tc+JEA3akTT/wrGLL/q/uT1sNqycuHcq1rdGDNxsAJG7uguTmXoZJXyAT/k/oIyda4aXhFL30WFB6qZoSXsKsn5nzh2QOdGNs/QrvReKLCJX8YM9THMcAPptwsuwRTbcG8+io/hW5wbW+vd4qNRusF4UX245QBrvAqLvnGEB4pHx+p3ETzLJ5V7s78irR66MEGAeuntavM/BGW81ZuHfEa9Wf25JSHnkEQtpTN0a8TDoVQYKBAvYiMM7vUeWIOim5xxJcHjfhFD8iv3cvbhv58hJV5QN5pTCfctnQGHWSZRLVXNWD5fOuG04ZV9R5w7C4F+K9GwSlOdOZrK+lmtyeFHtkON82L9jdu+Am5aEvXCxLkHf2xnpssJflm9OhBHgPfI6DOFSog8keWnrrBw5S1vGIMqOwoXWGLn511I//Om8YrqvljemtFrBvPojfJUVe/lG0Mv5UHO+8GEJpBfg6Gff4Anml3Nh5BaYKypHd4+M98UAXYA87D1An4nr3YtdbTPFoS9NOGC+taspj3iXpqBm2HcL0qSdQ6L296alzA1tKrmE3oCEOOcolWuKo80/ri/gAACaSisn7Edil1LJ2prt+AwIxVFmN8b44+hC2UxPvvXlbmRlRqL8vDrtcCzMn2R6VLvIIuj6HAu3s5qApXr2K1annOGX+tslJN3LfmqRE4jyqOxgtZY47ZXH9zzwki/1BdVZZ8V9LJIw43eWElkrwCLiFToxT1swG8BPiIxVfs86/IjKsGCnvacqsIfchpQ5Xta8CjW56VQRlg+z9tOAQkTPOfitlO3r8pwNvUVraX0LqWYdchHv10J2h1KGJet8pz3s0lO9NKy6oOtj0HKnEIVTxmv/0UhgLr1MIyoyHvpKONfLR7CTYzEB7AhbEOnQiSVbonh2PApcyu+3hLVf+QTADqEX5424s/cs3NPUIhFkjOP+2PLfn1lBc4QnansmcK94pWJDuAxI7LVsY5Xr7yZ1xvWl95sBtswUtF5ELDAlszhWc1IXqHPpinFBt1a86VVwTxUJ7qglNFR9siHyIt4Z8yy5X54ahTainPHIWB1zdkuvnx20iPH3MuADtkR/O0qOn6XJ4iWYaF8CDnLQM7rgsOg1tBY0bJJFWeQlc98WhC7c9uv+I5BwEAwHtFB9hqlv98NczyYsywFxmVZDbpLrKqD/QW3EXZcSq96LGF7nVVCsODoKEDtZnkwHKe6iiKGBheMZDOLAgo3L5FxhZnIy0S5Ji6p0EH9jpQLStGKHqefGOWpRWDq4VQ0vNXHpSKPNAO7/KvNmD03IV0B3amUZ6BPRsxtjW942i9fCkEEyjM8I1OElkMNUwXuz7qCwwaN8yGOTm1VjyHeUspX7mmPRIXe71wfWwc4/5+B0RmOCUJDgxgUT0YB8MMTEL6reNYc2sgpvbZxftI9Umt/Mw3z4vbopJdOSYCzmkmdfk6Ohfml9z8vvBntkoidB7fViyMwAXbMzitoGabQCIbLHvlMcYiLwT3h9l/apeAHErRY/DzKc/n2YfkiSmBUbqd/5mc2iqaausTngrKqOD52uDqi4o82e2M00MxvCjjNUZWInwEqG+O18Wp7FVaNP5KlbDW1ZokoZW/dghFmbQ/TmdI9t9dKv/i/ETXK6Ob6wHgm3NodE1negPUChMrxgQPiV/FT4wdaADeIW/UraR9JayqzXRla/t7zbB/z8fIt8mEO4Jxn+mX2UVIZWelG7BWSYH5Pw9kDMmPd+OAfNgBPlllEwCtvL/Dh/tnyHEL4lH0WT7HnAZZJy973WfEPrzc3vRUVcjmyRRl0t9Hd8jldYwRmhXEj1kO1aDhpHGtFnrKOX5Z3qTyjvJBxfr8g2lDPRhF+a9lgVpY9r6JcYv0yDwCDX4kbMGnpXvXQ8RpVSOeePrvjeoCEwJU8o9hyc2O01b/motAo5R10Qs3sHPkslhgaWoZDmK6RTyxvQPsKjQM3YhiuOzyvxDPaf1s28KD0GnuU5UdBGFxlgf1qbWLOO+mRuipMEMRaLVld6j5cmg2L4P5i9/HbmNFxexZGTn+k3gAzBiw4FcPllv3SL+5god+54l5a1votyzFPbm2IT5ZRpI7jqipSvlCej6BlY9Zc9PvTfFg1poERVBQ28LDgmYTl/TzTKY7chwVyXzOgr5Lw7eKqslEaLCvF/ai453vhpBnvn3fgkv0D/DvPHdODb+bPMyNsx7RjDDbQL132+lRgJ3N+wqfguZn3p2/IVHre65jdkmNzpxzj9yV/YSlVLpZA37cuRZdZqrqcQA/fdzj2kXrPJe8XSVx5eTz60MmCGCFsR8EKD56R8xOJ9PTeTuc3vxhTd1Vh//Gb/W3WZyf7EibuLOfJhWRX/mcR+BKznje2NJBhqQtmbTGMtgp+idTPHMDTbaGlr9Qi9gjd1g8vxWkL9Asniy3f+JJkcliXj6SxTlsxdAL/bNF/vEW/JkSzDEYVRA/u42at+Ny1/DMkg2I3EJ2+Y+Y4RWaUFK7Ccnn7RI/W4LQ0fLhAvXjKI4MqYHL9QmXbKq+tGgr7pmglSgboJ8vtQ0HQfJefbSK4leTkN6QNFA4LZGVcD/CJaMR6VxCnu5yy2CREBCCdtR9AUW5WFnR6VtzS9dVaJHbO/EVfXPIB3qJQZYJcEfJO7tipRCCfgRwI3aY1b3Zphj/BgMmHIOB1wPx4zC90uYQFvwliVBVfLf6wNE3Tn/nweYktbCOM31AaUD5ilAjLlL0DHz5xvjVN/fLfJWzQkD04Tj46QRKy4A0VEmZhSsXGA8gHep23Qb+Z0qi3I16XZ5V5jySLcQtNV8yFpxzv4DJWWvOTflSlE9uNuTgyNN1EctRF+MwsXul+RtMzZH93XQFRDrJKxV6UKjhzV5p1NMB2bft3D+1ZkBqOogSCVyJn2SLY4MFVgHdelwKNtweRHUbZxJq/mAyc8pRpbYH5OI4ISCrz8iHr84DjYE/SRA13CqOmyoMhUip4wXNrMu0LMfez7ZzKd+KHXS6a2Wi18yD9bAys98qPrDKssAg/UmTwX54t1vQshEtCphfIHy/lK5+Bpek3+B7n8u8p+tUXrPhHkQiPVvQ4T+fz0VqWzRMAI+HvPv1qpVMvu3nnw5e4tqMHu8sqqxbYnDe+PGxuK/F9eXAeKEZFe3gfs4Lw8NWoYpeFGQVTGFjmZpLsvfQrQBwh+WgznWoZTyW9bO6dnp9ZppnnaAepMtPSOSKGEuhXmqG0/KuPDYYqRUE805d4GCpwl/AJm2phsUGeJlJrPq1+VRq8yRrN3JMdJsYSzkVObSEZE4nn5+aRiHJFJuYWgbO2NTdGQkhrHnAl9jz3hwaSpUcX+/d1GPEntjC6z9a4f1bOwqzDD91Gekd0hS5v72D8MMy8qK2Zk1LYswejCPuG7fFouaxfp8wo15zZCFtTRyHLcNhR/6JqbIyIUWYCZe9/Ea777upa9/YpDQ6ffSOMZe7x6tyS4H77rxIx5m9QqgDm6wDeIfBJJqj1yzG1a3s0+4P377iJEea7uLk9Q0nswbbKB7LE1kD+OiJp82ZzcMpRQsqwLKR1C6E9Alk0ufz4MDUXXvCPbvgdPMqMzTwICe0xqQpZwqkgybMfeNtbX1VwQnVirippvrt108ard45H0jrPmyGrY14fgAUf4SbXposYgyEudy7jWM5pJ69YBeeKyrDBDyOqILlnQ7YDv7w21rwgzjla5V1S3XRS3HUKztwR1vpuHU2hGFDt8kUcSuliAqubpAOazCa+qopXVi6h8D1/2cHzDaHW+1G9Ys2pfHSmDQeadLgCc+QngwwuF/cG1/wKJNbfr7WSqYIawcArKcsCCwQ7wf3lPOyI48Fv/8L/2EcyaTG6x/Ez34ZzSQ9vyFx1YZNtGMPdceVYBXtrAoxkQcZnST0PlzuhIeJSLIxcYIe+qSCiI/vCZe3fyBgflY15l9lCqI/9ogyL4cHozME5wra+vqc2/dd/dwPznBjiGCBbembXSG+OTw5jN1aVHtoLcsvEe+QpdvEb1o6rR6Z/VUVu3zhYOgB/OpoB+ilLMoDuC/toh95Each8Vi64jcoclQM71oM/HzBZi0w0Lwaoqutw+Z/BUZxnHW2bu+jzo4AeYIMSq7IGyJG08s2twqMXrUNv6eiD2YJUao6aPaf75oRmnUm983Nhv/uIGB0uP+iCBnMDMKjsSYpAcBn/zopvEDxX9s2ItqT+USAqDWwNhd9NFcTorD7TbqfIefRG4FGjU+kKHT2/oyZm/ASNST5iPszDlh5meVNFeDHV0gscWqDpteAGMVbudWAERD873//OMZEP1H/9C+08rn3PlUdmlpXhxdzDBrR+cbmxbVnPJaevx8mrtsPpHgj4vJ9eEGS7zhjuD0c+8o4LiIMtPcTxWSU/f2tgmUj68L6R4wOmUIM96xZ17/Y8z+pfJ5tV+dXStolc0pRl4oN7v2lr0Q+fKWDEfycPCIuF5ZmzZc0/ayJ4z14XXOSZsu8vIaPcujxQlqgthtckk8k0r3s0C2apHYDbwNjVjC7CJGyBh8jX/nXa1CM3eOE4Vb9Owm+AYVNblU9iPuviELT6zUQdCOaNq4VXWH9YOxZ2oMLX/Q4die881hdeg6j0AFhiNdT5ticztgJ7relWJBJGtuxrHBktUgU3G0VjeZYykGAVUwL75OpAZQwcgr2gCtmaoTQBNUidi1vWlBWxIMS9KK5jMSTYh9ldUsAvhjtdu/+QUbIuk7lsZGz47yqpHqRDf8HlamDpcM34uDTmEBjOz0DJi/uy/+1d6gP1GNqOwgdEhh6h8Ya10z7aX00z8GAgkkCPtLeoPNub+RoPHsgbyvph5odIN0mzAFMjbF6e575LeyA02bq9NF/ZF9CdcuI8L2qWIZhlgGCJK3xYxvMNuD2rqibk5KRCtjjuXd2bfkDyKXugdp1o7kV/snuCy7eCMf+N4f7erDEYeH0jw9KOPehdtfOOMZyXtLuQ0hkFHXmn7diN/mOkJtCqEgrQM3RK4+Bzwxaa3biiOLBBtF3uRW66tZ11o4Wb2K/ZXNttXKULT/PLh3j2EYDKI/cT/PMgrRryLFbCXchpc37F1a5VyGPEe/d0eVTOqi9xZtQP/h7PqD/r9D2yo8c4HgK0Gjv7ezEgsjCdHFVkRhz06H0RptRc5D3oe/rRi+aikjAnOxLVgedf4ZkVaB2kw6USYkGnQUgK84gF4/T9YHtEDusRRrI+VFRI2hvtb2qhwe+BJKNtACT7d5EXmAV15iTXYVjwTj+PoVS7h0wnpjqbHMf9MXjAmx/eCyYKeHaAISsxzeHZfsjBgH+eH1iuhnMPNPovlP8v9JnO5yRoSuZ8WMERBIH/Du35vObn/ziECv+Fcv0p5WOfr/MjQ6F/32II+b8Q/O9X198hEv5fOEz/979/3x51tlZ/Z+D/DlV5XVb/7oxR/wuj/g4ny9+h8v/cDWz3v2cA9PHk8q77zyP9/kagOvv7jbPYi5e1g/0+mi5gXtB1BP8Pjv57raTb8r/zvPyzzTWIIoC4cVjBAPxOWdar+3fKPG5DloPrws9YHVW95t6UfMC3x5xMz7Fq7bt/Xy9Vko3H8wF6PpRdsiz//l7afP1U/z4Uz628+gaXgInnczJ//vMRfJ2ky9g9KI7578PgCus8tjk3duP8HBnGIQdXqrvuP4f+C0FZWoAY/P+bKUVBxt//mE8Yhf6vGYQx6P9lCqH/v+aP+r/m7/+arWcCJvBn3SclGCDwvvUn6fQkzTt7XOq1Hofn+3Rc17F/TujAF2zyacvfRP+PwSx+//7HNZiuLsFv1xHMerJMjw57Phb1CZYH+7sl85+j0H+OPH9nyZr8F8r8fUTEaXjEHlcHrOUekCaVI9iVpudXD98Gmxf8x2EcA+Q2J31dAITAcUboBCdwsWi76Iw+O/cN9BC6FbkJQlssnjm8ajyMu2SuUqsfOWF4YsXw9dkwJWcRy1SHWBABkNjYy4Pw60OMWNND7keZGSXonOO4QKrErXPzuP2yLCA9MPqfNsFRN6IzOyhyDKcxFK1eoNjoIe+7nWR8FkWBTwcB/P51CqwWj80V7FEyOG41SIlkO5KjiojAsaFb9zYYcLAbMxxVsuhnN9Ap6khPt1XmfecPwfdR4+oSaJnveqhWhUGQnHUQaPwnOb5+ciFaEjzqW/6GGZruM9GJGjWfhZR8vl6eeJ14E/eUoOjVAARtFfJL71ZS1umTiABT/QYPqXrAMN52M1zj6E5I30lvO1Xwtm6srlo1KFCf5tLxxa4NGbE6bH5lm6b5RBdoaRCcq9SZwEO9fz/f4UpZLwLxQvngNik6iDMwpayUxa7A2IBCtK3cXV3Y5k7B2ov9inrT38DrhSG2OGcktnA7S6V2AyK2HBCBRvGxM1L23t7vFqGwzXBp7qZ9kkjuE9Lf1krcb+xXt4KnEFCd5HsHwUpguUyqQ52dbR28XkImDrR5nSfM+m9R/AB3Ng0IbmGaxuhULwRMYlD09aekHlZaFqCQNfo9clT+yr4+Fvsq4ZUVj7bfiRCmPTPkfmbRox0/eHkJ8O7MnhBa6FcQTx+qpJcmybQhcijHwk12rsG42imxAUwS7n7y2mSiEWgaQZIVpwtitGb9YV36IkcVoxufU533Gb+HDFqDJFKVXSBO7n07aGE5ilQJCMEvw11nHLvTFvwiXAfpfzEMPfs8PfFy1mbbZeA7Zrt582eJKIJfAx9AGkCEGnE3dwkoBGXipgpQhGTlUU9AkDaxrsJ8NGLwaP63VVWl85YSZOFNYXak/iJgpSIXP+9IjVaIOpge6UoT2039kX6bkaqCD9RoMPDviL4djN1QRugC8BNuC61BoxuKJtfJRh4NuSXzZk8CC5q1rsLKQSo6ZVaiqqUyfuBzA9p/iZE+4NAEfM9UOvYOUyrPVWhyr1QA/ADz+eT8BpGfXUsGrMsMkh1pv33P6wxaS4uQsHmaPQleDib2uLXuewmhWiBWrH102OkWVdtaBFyIEq6yQZ232/He/ckRZAXxS0hnmSmMXCk15jOJr/CN50RKo0kHSqeyz5DZTp/pb2dwAxf8gO8ZO621A9ilbXHV2OblULPsLNMCqXxTh3awkhIwaM/uJIO5oWH67RaoHcVfB0R4f9Ddf5tVhYWsqzEfA8wIWGfop3JS0THrL1J3N2hqdE39yjxQf05Msm+5kphwlUnOoNNDzpnaLyws6ByhdM6FZOBvD11BG32Y34K9OCUIk8g3AR7XbKCeFQ1mvHiA13UxQOaRxBd+xVzZiV8kFYeJ4tFffB+Quh90yqNxCAgkg3n2auImyA4I5z8SKlkIw0jx+xNmX8WUgMEW+4pfezRzUcxJ/hmgmtPLXkYRI1AhjhUD+bM9FwbCltbwz9eWu5ImX3kR3QPZBhuZnqgRk0t0ACuXyhLSvaa6EM+GALGSBvj0ttzHwBjIi2a2Nq2AE6vuDa6g3XMctfoE+SJskFf1cumG7rZUm37i76+3ML4jSbPJOZAMarHChR4VpNkDnrHb9r4hKowpBO19MKp6AUP+F5z5aPwCxvdgKRp++WJQwSwifmDOKobfwtW+5/gp2TcFf5cjevuQvFIvKZfLBSdJhZKGMQ0vqqChYhdqVKmPKhGCgIHKU6+cg9Y/WeKhOElhaiNEKr5IxuVKWxgVgzxFSi6FmCC+i5p3aDPciytGyaN3smMfQJESMb1BLcPCnV8XXUwWWRTIFKFH/0LqaSf776qL6inzEjq9z8ETPDkTHGANMPGjkS1ELHV/Be4Gp4ZNUSE7b+ana+I7w6Mk3g6jFyoIH4fJtnfLp2y3hrQdwoW086U9T1GyDSha5EAklZgzLE5bG1JgugnSuu7A4X8GkJJG0m208Azu9tdXFdZi4J1YOVjh0dci5lY0TyjWSGuBH09Aocov7LYNgbxLTtfYKUZp84yhVcfjCRj3hwYhCYL4Dv1C68fL+xqY8ggGxlC+9hUzke0oWqMnsWFK1d5i50ilIsKSC+MeNMjSD+HwVyQO/Lm73huTtcrdaBAHRgT2RO/ZSqrsXh6X5NuMJ7shL4fdUYeEyqhxAGcpT/C1fDi2GT0b0bLeXb6SZ5g49RQk6Vm7ndDWtktOJYPRaNp05xWB7H1RCRuiTVz93J7t+TPjojxrrxYy8ByuoA/qoHbmWF9UtmMiJ30WryAKCvrWoXzYITr294sD0rZ5ZxKH5h0siqwymLao9mxRgQz9MVq7N4hYSs0O2Gd29VG93w3cC61YOEN2iuHkqi0tC2cmDk2DA8zezBUgF5NNoZorsl5r7J/F9g3BPPrcpM7M7c+KhJ/r+gvipQbeHvUZ65sdBIlungfEFm6V3QWAAj76ID+U65R2y/lYSxmx4nl/WRBXDd7mOFR8+wZSvfxeH+qFJ2tcdwkK2y3+MrHzLRD4VvAIfCvp292C/WAkD94YA2YmalskRCopZ9VnCGGyi6fVorzd/hWpOTN8upLl2ya+oVdnuwvozCiSP5WIksJERbbOU6iWRoUelORuIX3EY14AYnMzDqJH4RVonvdSNMPiWVPoYbef4YpZLU3gMlgnMrPEFeCiyQVHxsmAhARM5wb6liViJOT/zdJV7NpuLcGveXMzDM3M3qaZmZn99c8+N4oiRTm07dWru6qaEPrpBKZsahz3aX+DsKOAYegsvneyGzBLfEoI6K773oNqm3Q6KWROyTO7ura6XlY6zzjOVsZtQSqrUYy4H15WxOi8rUicbXE/ZmlfO/wGXtr9fM5d/N7ygUTkPIdMQvTuh/Qzkvvyq/xXqcblJrVXtERptW7flh7+mExtfjFT3GvT7UVE21DzzUykAV0FOsdvl0Iv+wEJSssxVjT56x5Z0ljhWR6lwqd3YT0or78qsUv62VHavcEA4Y16BMq0EGq0UsJBX28Idg6mkbgR6WoplnjWlYBQKeJIIfoLlf3RpxCga+71ohjrsfj7g1cNGyha2eSMbuThnG+iyhnOpY1C680xPJQzfPxtUhDhnq4Ej86bC3UbuJC2ANzvEz3RzzjRDwxMn4wR5Z5j0lnmMgLs1U1eCjaBdbLR/9Rj1tzt0faokMKU7iUqYBlSUcSHUTU9CzVo0pHV/FqB0b9p7qXAl64L9ZoIXE5R6gLObrrtAytaboldZR/uET+ez0f6DicXCl5/gy6wRt5vwbTsF4Hjm10+0BVCm8sUIke8gJlZFUI3/l2uWrIpvTPZhtGG1gwigNaQxzZNoeRS2uNdiIy742+1QoafmAZHGJsTGaY8BS72luqXX8OwaV9In6bqNsLv/6UOT3wG9mw0RAbkF3w3XdpwZiKFp8o+oWSDCGyWGqWOtqNwq/p1VNJgBVnF8NdiKWezdbUFIoLLnAqkBCckYsRadT5NXTNlrClj9mtV+3OeYNBtZPH5p8K9nE9xQ96/ew9Tmldf9xAd4WT2V7M3BgvNXmQCX/W0f5zPGtfzci4LUXt31pqfpEs+0GuNNuX0bL3IQYLeL7rqfBl3wdOlcwtO0BjMift+woxs56RcjPYFhdyhHX/V/JXGAMpScC9QXDnw8OEi2L5tjXRiiJ/DWoIKxcy6TQIrLlfmYycFoCE+v6wuhogm9kVXEAAVzjF6+vcVtNP3M2OWyNue8oxbk4BdTiJpfyT+L0/XQOUNY2+iI9XtkldS2KrZN8pnqV1cS7URMyNzlI1f5aCgDbUfriklHxKFmsfR3e/9GTEJjt5rMsatqX6R/Ib3ExIsc7qS7T9enSasaOG2TEEZYH7UyRyspw28KSm1xN71Z4dLc7rWE19JvU9aDnEjtS/laN7sbx1P4PDxPM6zCeMDy535Vz42AwuI+H+bKlueozHsb6JBBpFH7WCRiQf9UneOLK/XYPya6NTOa+T8Nyi+P7uhlPnFfpq+33gFKGWQRglr+O5d+TZma8T59R54pnbBCyX90uL9E7CYmbJByZ8b7KY9UCGSjBXW7fBrO2M3JbSYrTwFGcEGsHmE42pklOqqoJzouGBld0K2XB1KbGQ8tytn154xYq/2YeUN+FUxElcAod9K42nHvsMT7ZEp1FyQQH9+wZTJHK1PwV1TCCjIKK2rM9wTmWV4kzilXCx6Hl7P1feXdog1q8kSYaHGCSPrWB9keyiTuBOdurTqOFNVI1FOjGjNsdLFkqtzAQjX5htV9pX6CVKIOisHpaIr9a5bncEWkfw3Swi6sGgLBlvBSRxz9OgwMYKiSrjw/3JIQRyPDYK+/t/fED1CAWOXaI9hK3yqBN6xUICNWcQqZKVbhVUVM7J+9AnIWrLCwwC7Jmug2OxT3PlFTh/YpsM8J9dPfiYmLPubj7joWt62swKWW2nWTGxwMM/PzElSJKP0lGz93ROaUhFu02W+f55agyERjBatm76bYBeyMxkwRYS/9Mt2r78RKvbAPZo3MH4eOktFmVBjXUuRvXKszGZa+7e+DAEJbl7aVPpH5r8UDM3L9QQV74Sd7xF63r2SwsNp/S0fNlDZn38I5lmrmlYbJbwj9xukiukOJMDa2Xs7fppmUnVucnZW4Ts5n1dy6MqPEZqdVU2kmK55Tt0R44e/QOaS4dZyhG/PX2cfnxXAdf2XHiMFck4zjKPL5kNqR+zM1pboIATc5Ll90Mq8jbFP7rTofgwHJCFz9QVjsapHETWgZnQ3Vjt4By1UFt+leFavPF5YjnQxO5x4vUy8ZP9N9AeFc6FzDXRfVJ78++v7tLjav/8cx2/O43L1mRaEmBrn1OgCtfRdOCzQ1W9J1+NrkY2lt9xuHR78NLr2D8psbUAoKM/9oU0WcKbi7H6hCTuMAvXs7Q/hwL05KgKFGZ07TnKZDNZHanvkoYkDUtnNNPbjr7FNx+dkc2mhw9v4EL+NQuFajwXKDAx9Xcxg6jQFIrxAcgz69RdQ9RGG8PYGeqeuUJ9vJ7uJQLoOLxq9xJnIzad8ORp37RWiUfJ1mRdeqnGEzsX5qyjaoU90AMyIb8/v6iAVvc7ykdUL2BCojsNw1PztpUgrPEEPnoePoyGO45NR/zZ4H20RoKpmwDCsg6Raa3P706Fi8WcHH+0HowogU887u2yjswiu+/FFsF6IzHXH5loLa9yZZKQ1N5mccLJi3ZTa8rctOFPsIjf7nFY7+3LFvlB5VDkSCuSmc/TICtQ7Rprroxy4B3eOPxlMFLHKIrd+ODwjL9J9AFN+wMIhH0vbAizqK4Jw9yq+bO9rIDvWaiYse+bB8fPHgmIc1jSGjPoom4OSCjaQUWfj2QpiJzhTRzNuEgUN4MwW8Fbg69BncLHrMg5XVaSsWgtAeYeRuFi6A6vfeQVlenDIJKRZyoAdgQPS01zZ5PcxtvSzKu/KtgPqiBul+0fye02lVynouZskvrd+mzRiJv7zNbERX1DX4deYGfmKKk2RmJd3Eq+RmGpNe8bf1qfIG6vu6xBa71RM8jkdD7pylLsrJUOL83TenojjzUDPfZYtKCU8oYb/RFEr84lrWk9o1VnuCoQU7uU7Mi2Uc6qHauDWLFkhbNLyhFOSbzFX5rympMXAzlkpx22wCHEvL39Ud3UYsGalF0NkTsBpCJLkHyY8FEIu6SJhexZkpihEBeT97tD0XNai/CK1Joh2PPKvjnsf01NeWXZhIdNcJZGqk037EsgQRuR1sqpUL9Mvnr+f1OFn2UvcfusCNzhmbHueT3mWS/vQO/sEWcoJDMAJaeOaSZzkwtGvK0OtL65tATa85IxWfmh7bn8zrAzK0CT7q80iFpdBtwARqxP4/JVAVHpCzKtKzp/E2ACopwa/qpqTJoZ0+onLTWcHYHDXbxK+s6OeflH2heXLlCwyWzv2lvOl0WYUsj1v5HMkJV7a8zme8fiUW3z+tBSkzHZIDHjkMPZ9Xj545gIuXdMfk3K1o8dVeJCx46lx+EhbXf3K+7wXcZDzrC+ABuB6qGar7ej3L5/qDo9DO/x9qnrFszN2CYSrZk9grrc39vwWv0fSO344TzkbAd1ubCWJMIZ72BNvRdSyEcDnTusbGjvBvnf6sPaIk/i4tRV/f+/AU/4VMfVDADPfTjI+AB7a0YS0FBV7zJxM9NONCEFV9BonvMafh0TPYyUbpx3Xl2qmx1uwJD0/bQ47OU9b28tZJDYPR0MWOHgHjGrYTZomIz3PWjt6LgIF7OhzniFiIyGT870b3mKzVSlvdpr8kQAmMSLpeeE85ioQKhfWHAPc5C+wiY7Hp8bB9O99BMSp3N94Ozrkx4463GuX0wis3xcGgV0DXZm/dOJenCuYaNXvd9fUBNOofnonxXb1deMyqspd77G8L2kSh1SKkNVTPNmHMVSzC+AiDhEfd6cz0wJMjlYs0lgX9tmACWuT4tIWMMbJlXbaK443bFp+C5ZoGOWp/SHXkQWSygyq4H1aUQh1b+z6WGVLUiGm/GTrA3jqAGtXFHBcmLlxp/3uh1GGj0dAbgDwNA1jCQn0IMSdAmJBrLgJLvspoX9b4aFfXSvLbb4cBEiussKOgf30KN3PUo8+xU+a223xT80WH+gmCAIlMVweJVhywdoRJCtiAaXZzgqulEveH/6MVB/tOtEI9dje0IuSP/724Avxk3/ucnbTHVMMhGWDKpDjCrz0m3sEvcF6Gc/AQXSp+uvzyDVa9BPB/YW45tE3LUX2iQSO/xIe8qsdboFSaJFFjblvb0VPdRg77UNukP4ACFl5wLUPq0Rs1OUFNaUVlcVpxU2v2b5W0mwuUwZyuOuGf4XDrahXRi3DUECK0agCgngeVZdkD/yvAoKETVDVEqEay0DE0ZgczeFQAdA1VQrK7+gHQAJvwZPC3mm/8U+EwWAC6q3XUR/wo+/QQicxXo+LR5mUXoMjBdDLo6PbmZmu4IcG/nUdFK2yjzQpm1+fbUvOLZaIyNJXLBwz/iTQdsDAVGfDkD0j+VynaNliBXx9Ui1rnwWZt3wssVSYgN/yGEXzdP5TZyP0+pv1oMT3NR61MJRk8suVji/JdRBvw/oAF3C/EYHjGTOXb6TBluZq+hOCDN9kdDg805XekRetpTj4vRDN/+FJjCb4XSi6uWSHE5JFKKPci30+N3XFGxBhosAjfbhQUJCkO6NC18pbuUFg9Mhnv/szrb+FPYOpcVShUGhohuw/yRI2aoTwrEbK4esTeyByJDU+FPShbIWZwfXDrQUoJNOsxA944+EIZ6vyJ4F/usgYrIU2BEvgcamL8pO6Mq4okgwpgYrnesN1fTMBeJbwJu/iAT7QSBXYhd6SlMtacqOjta4+qrBTM2JpYzq5P9IcZjml8C8pvkEYrrqMg4pIHE7pXtSfn1Lg58kOsagKW+TsFgG97uVzGjw3gpTEnNbIMXXwafHfUh8z+J7zdTBGWwzQ9NN+k8hq4rVGheDKNi1OI4bqO5tEH1JQ/mm8mMeMKVzeJxQpSXnyIu1ESuHIE1tKu4lfT2bm/zAZ87twrfHtHTS9tZlXhPYUahWT4QaoEft6x5Nw5BswOVsx+qtuQartaUjV1wQ0/WvotVakL2y16jlpZJnhxVSOxw2nKApR0noOnahsb0fxwP9e0GJd7y/MlzVk9sJRcEdrN4TOr/CqM4MbdXj7oeRHie5B/SRksriS4fXVHYdTdwf7ApkSR8B/pCODSRy345VKfpx6Q03sfcyhwFxVqIxjwFXb62zFOt+nc+mft8a9jhcUbUezStwGSmkfRtLakovhw/3OrXtyKRTOjVgG4BLlZ5yv0hUhRpP7ZxSztKWPyOhmFdamkn9sQ/rRGFd+8ThDrO8zs6nN1cxPUriWIATzm00eFYHGXjB4HZ9vB6Tan60XvdDUfKrfuIlIVa1rw/YuW2LccXDT5RDvkK2KENy95GVsgQdyIe+QzPFvKR/v1gexa2bQS5cRUktktd2aOoIqcjxa+nYkET/DQbmXxH5amO+qkpCqefOGLVsyxJ2EGahD4Z2uaJW6Ia9Wu2c7og4TvwjxDOhGTbmQDG9oxQ3FgFvE2dgWypIcu4oiNUXZQgORtX6W25FQvu3891zwFoG6AvpaOlGb1MhUv1xXWBwjvM6Xl2+PBcxTs9PCbRRDizZFgJUp3+PY+EdjijUlp2sI1BxUihdGuZKrWs2Jjh84q6LoRF5C5s/sAH4ZOrqLiZECT/5ZgBolwteOZlD55p0eKtu5O7HpgiEK9xRltVPNXNphXkSnK5xuGmMW/J5/Hxkp/T8dPvzNWpW8fCNc+ap1kdasfWidoUaIvnuqDBsck38KzOsPviT9zdXxA1wa03ytUUONd/P+lAJmm0b2ZSq4xOG1ZSqc4LfJ/fEdA8T4QVcUZvynI+2SXrGICXu/FQD/VpLtBOR/j4q89EH5wsyK51CtHUBJAZ9hNnV5tn9rui5oEeLHILh0kROPlIYt+3Gpbh+CG4CHs4IbnMEZOPNPolFsdde7WZDcMj0X6IEDn6KDm6vAe6KfKUllH6IB0jlTVOv+tjfQNMnFYsm/ovQbXV+J6o1UB/+GBcFhCgtpBgK2RcH/fC998sIS1B9NlrVQtrMoLtDoRz7n+1g5c1yGWKn7+te9A1XRstUz1fDxuukPciefS3+e5cChmLtf3vtFAsR3fjN20NEyMhzNaVRg7lNZ4VE7/+UJ0RpgeX5C0tnvJWPwoMmyR4wOoaEOJwE0ZXpCBApRkUBPtPP5XEQ7pguJQX99WnPwPbNobsgJPNGx6VbIZy/W/t/Xzi9pgeHzVMQDJyQgLOytrd/SyovRLWsf76bfQRyRGfgFPlMXfyp8Fubkfi9oegFh8emY0yWsNa3fh/PUHh8azvIjKO3QYmyUS/mmo8bNd0U2wb8xrHm+feCF7vxJHutc6xMA+17K1UJVBfeSVmhxajIYvGthLODpdd0hvl3tS4BVOAMEeGKQpnMPD43WIVsy2AUQ8VvqILFfCMeINN3udZnwxVNODE5KgqBaVKtgQmHc0fYtrCR259eYQ8J7G251EsEAmClZqh+JuwGUO6jaDobJlg48xoy5ifVVJVBg9iVothnjWaWpMJ+IG9CqbRcQfp2ILbITfU+1N4ZYRxf5MlDceJoHxp6vF/uD2wETZoqbk846CfsYl3mWF9Bvekiy+VELIdqygU+lTIQ6T40+OWjnD8Wkzccr5aUE63wCzFeN+/nugQkfH+u7UZKuqyD6EFSOICfSB6BeHgmWpl6jqFDvXDzTkGLFVGJh8OVG4Z2vw/lUPMzVp8mqyw/ida5R0jzADgCIF2+xWpQV72wrCZo1evAm8Mbs6R4L1wtyzs9mEi5K/Mu99h+WxkJ08mVWUOgmEL7XjMgy5ppt12CfCn9Rps+oqScihsnGJz9GfynZA63hMM2fzyqDCaE8jUzYbqcM7o0W5G0evf2X258d1eur+NRiMxC83c8zM6HJIdT2X9dHnMasD2Z68oxuZw5GM1XRExYUOqEolYaxiK6cfF33l7Rb6mik9Y3QnBq5j8lPZEWvsDi14mPC71GLCo50hPRJCbQ6CSFz/a0m3LX5eoNErjfzQuyF9/sPl8yNKZpXaajQWne/cf8163vVmp83CjgoTwRCmfevPDrNNn4/Do/scmW/fD7dbgFrJYhdQ8Bf+7+LbTnYnP38clBpRoKQgEr1WZWsWzqn+lwutZm4Ch7k6Wwd35uIuFdmuvPt2tz6zDiNo0JaxXcWT4Vq6BB/qxnvqckGSqSi1NGJhC0928Wn18jUaARSCMf4F/HhRIX8duKgaixcRrqXGY56sZ99MVEl9wsaPWSJsTge6rSHp/ktVEv0+pbvQEUFPT9zBreDxnyURcr2+U16Anbhe4cvLHBda/O94MO4EQHaf8UyeIoTCWMjhYfQ5/WkH8AxbuBbHPhBsYuZlAREWtovxSg9eLlUtcihqynOu0aBkso/ZuGxwi6XfrLqAF50Odt2HZLG/h1Igr/XY31f53oy9jbDlG4Kkq0c7XpY7W5pXEhTuiwoxQxQm6pk7PXQ6V4Fd1E5TywBPlt82ZVlXAcdu15QzkZg0mbadjDzvyFOx1dxL381O9iy0xsqizWS0ltKI98wgRjdrJYzVGfa7C4zDKKpTpsSgvj12nbQAkIO/uiEn/JS9LVNm2STWq2P9Rh8Q88xjeZT69OrCH18M0Fd35R/vP7nOUzpnErRcn6yF71Wjqx3lU3nVaCst4lTbobfhEOn73D5JYH7SuJmy0M43IqQpMv0ZmAyM3DXgIVITSrgwK4YpJ+a8kVnXkNwfvLvTzLj9WV/EOSHIUhgSc2HE/aYBr/5KRsWizUhBz75Es0zi1JcPlTj7KiZ87T3B5HzdumuXbfQcZCJtrpEo0uONm5bjlUwjNXARUwvlGn8hYHzrTCjH1c5Kah+XpExiyQxnV1d6CjK+3JGooQ9Ok2E7744tLgf0IFHxw2H5GEeTNH9hYqDlR2Wv0zjRClKBUctVKO6xJFy2u9B/2Z78W7pw8/G41kPeOJa20NOt1LHb2yYPulLGF86oMRxAOE+JetxtfJLLq/1HJlQZz6fYnwpG77fePrZ8e/TsnAgf6F2kfinkos/6yfZth/4ig3Uz47bo+sOrJOufltABn1CBDnT0Y+Z6r7mVfqZ9i+7McExczsZIfvF5gPu8qksfAeV93Vu5NOG+frH+FKCQjua4Rh3Epx0G/qalbq75vUpszkzjh8pugth3iV0v8G+z9qftDl1tw22n2wPvn90NxfYShUf+WmajvLVaPXzvqWzdMdB95rjwa1WcsEVCa/P/WZQ/sfPs1Pzn1F22JdceaYlGImlm8tKr05tXTCJ9/j+x3KO5G6W2mpZ6DP9l2qhejIRH+NJ05UfFyvZqKTcSOi/URM1r73GTmmfBjexy8ATcmj9zPd6g9TJI6IKLrWAscl5vTaqWQrkYi98+QywaOy9IAEw6GAeG3mzdw12+bJp4mcd1mbAzTBIPyCLldZf/QONfHZzzNmRJbth8Pz8/Ros56YsUCH2R//ajk1dait+wx6j8zhhH6s300PTjfzQyDsAkn93jjqXMwmxqWys3Ap0rRSrMBzwXLSs8PUc/nEt8uUwDM3I3JXQuPhRT0mCiAOl2nJoEr3VIRaBaUjVIYRZOFykKTn9oorxsIEI3tbf/oPa0NiRsxOF4RVf+2ZOxpRcd/od0Z+42kR3375kUwfUp3aAbzEdl1cDrbliu0T1ApNO0AXeARfHPqiVZwWHzzQK0GsKR8tnasj752gbeeLVbnNEqtorxz3ZiI/0ME1+FlfSKar+JR7J7nbuH8+EnSiFK7WsGIfBWLQeyurgS/waTsWGX0meb2QkJoKParx8yV1YcoNxxMXBZzNJZiWV6pjYvWLOVEGZqHb2AvXE+ggzHltbvHjDBISjxKe59Ifyt8bmE85I2+5AWUbV8rKTzwnOWIQ0u/NBqsPnC0flfqm9fgK/tzA3QkycD2sEw5xIkC5MQ9G0XoeS373+AlspivkaK2z6xUucO3276KV9zx9X3Oc+YNqQ/d4+0/4CiqTLiyB4FWmklPubsXdm6h8NH47zSo/gTyaHJ8z2DbIX0JAx2uorLen9+AHB5SuLgAWBbZwx3V7+SIWGlG+dDFPCZioC9+1PR1kMbRdkVa8pboMRbc9EpSdTAu9hj0ZQPa/VKPsvM1OkMMI0Ab1Y/lW2KoMd52kOXGzRO3S31Wf1mtf27HvZcwLL0E/WQ8l78wro/QQmS/YUI4KicX/vlMkztKjBZQtbQQjLMqCeyUJJZqyqBpVtpx/Kcf4OIrQkXQkpoXx2pOWV1RMOfJRHNEOPndf1uTcLy1ktQBTo/LeUvSHFgMzF4JcN3JVZDMTgF9MRh55SS4O1sXRP9H0ylbly4OVdx6XxDkDRHcNgxniCMdSLCHcYPq7U7b215JKpFn5T80I6nyEfX3ZxvQx8R31N4DY1EbUD2/s8g3ent4SuodWQi0423NMJABc77C6egCqZ1bgeBW4aaqxMsaEj0cleIXzJkRg1NayZ2phwt9JdDADMcxNZ5aT75pSElNY0u4CWOOcMLlKwEa9tGrO/QEKfE8LjsCoB88vV7eU9958QvjRBqedCsOUzccKIzpYXfADrexTdqhhziDgpQ3UXSN4xD3xq4OPe/Et0amEM991HJd9KCfx2qp9KkCFzAjYdAldUs/H9V9SRL7xr3nO3sA/6ca6/0jyzmlLdCSkpxBtMR4+jqEQxnjBuwv4KYTCWYo9yb2c1MG9frY/cu8xag9jxaVs23hYNT5EzMNZ8TWS9nPX9LpQngk4B5eiLCzBfB+EQ2zOy++FMJAzncCPsPjVSzqrr4GlYlSnrwqTKr2Fr/A+sMNOUnKtRrHcM/YjHWZWHFoKLiFSwTwZ6gCEaQNBvwMQH9QoZziCYrbfgg1ONAOgp+RfpGRJVF42YjhWNrekHms9rzxB2UTCCqepAQKOTOkhgqnXXi4OYfI7IIvQlDHofARnKRetWXUTeo/2XeW5vdCFVHVSWGqsmFEZWlMlZFzDZ0llOGGSBwKMizNVocrsH58zdtWFlvmueWaf5Nqz6WhYAw9hNNpoArBf/4X7WwYBcfYAoTstAzFMC5mFsGB/3fL/riFFrjCvhrMSO6gVpLlryamFTWq7ih657jFNZa1Bc6qi83idRlv3gjYZWA6olVauA37QZ4euXG0dJBdjQKIEXWuZTTUSAbylH4/Uy9RjRHD+ZJNig4uZixjF+nAROgGjlXIkR6y6LQ6+/KG28mC58xCf7K4X8LioY5HmWRec8AB5snyAOSVbzKyXZ+92RZVggwhA2WAY3LjNZde8QBPmGHYVy1VGVh/RplT3pWeF/VQpgThopzGZ//jlIORTBprrWe4IA5dJbZ/+HeLuHzBPdf3N74zqqTQdkyQQ187Bdw1UPDyEd6VJM0WNCWzQctXUlNZJTz2/HMy36a36tQ+0oodW3X2lQU3YUg+I5D0uEzLr66tiqnsnLNe5SmZBn37dSkobclxixoZypG2ZR/XYvguyw9k+rZLD6IdC+OmGsZKuGTNdDvGZd/PQSQ1UgZmzpEugcmmIruHsWFL4darPF32TPglppUviBnTDu+ydHPTyCZC4/fPRIIptNf/xSCIivf1L00SK3BY9pRkKnU0MNuhvr9KsuEt8dCvBP3tNYQScpzt5hF5npPTsAKN7S9qs5nwj+S6ukrIZ/uoP7Pg3QKst2+PnR5wt8rBRmyhg3fM5pLCvCYTinVtDDyq/h9lfUI5HGFY7AFoaflR5s79+Sf4hGvHZ2Q5U8JLOX8cxM4Hwof4BZVNdMs4Bs8US7WwNhYdSY2coqvHjUzIjVztLjbGbaF8EwCido3sI9Y08ROVLxy7r9lmqw5t0v2mATEJl7nWtrMaYsOqCxPQagN1X0I+gbEWql4loUQgm5ji0oizRMvkgd+RINv7NhHMeqqF/qNHSPWUAOK1WkOkaDUZfwzA96skK0x/7VzudFlrUCnClCzL/qoKZUID4B8nOdWXI0oVB4K6rwJzKXTCV+j7kdZSPmENmBUeP9EmHSFS/fRO1Xaq7vpmwM883paRUrGQyFzoYCi9Vjlihx/2YQrKff0s/RDlsjMW5oeQbQCtdinMrERYk9zPXUeupNSUmkEq5O+/J/1UL7UQlZUUk5kaUVfpqZ/8b0orwQwYuzE2fAlR6iqjU5e6VAoLQkcyfUguEd2aSyoBO4YzIQm+ThEpFIuuCJhkePjylMiaUr6/fXMMBxlRKlFzfdQMTIo7555mKcLVJ+8zfqkBZ0STaUCL34KjBQjtKtFqlyWlanBtNEGDY9ztoTKtxYLhF0wkIYmt6Omv6Zeqjh1yheP31UcaAxsXt+OQSkzaUHy0jGrjC//ySBDS7BFyRvrqggaA1OC/VpwYcy6xpPkPbW/Zkk1Ch22cTYVRXZepU/n9MNs0/amPzU612n0AphaY05J+2w8VkElJ/4Kd5q9bvKVeV2yayYaTzzXYug1R7HKyhIEj/FgERJMgsSG305WAmUsGlu1Aekl5l67QyZvB6BD0YGXCtnlBGwtr5Xo4c7qc42MuFHbTSLmDzQ0IZrwVDdGx6/4bIDtbaR/ozeN6Ut25wRy+oHV2UyMkcic/GXbQAv4EDhNDzOUMiX98ABbQSJkGdSkua7Ebo5pwlhueC8F3P6o2VKN22K2B+EpqHjhLYV9kldako/6PyyWtEEUI9GD5g4EtsoFyCg5fRFH+L0z83KGE7AJF/nRy6dzuTNoZo9tLrgN6uevsSHt2DBlHNLMlLGRFWzazlSLs5zf+Wg3f5aOJJRMxYuwu/FZK5qMq/lJcoI9uDy3oz8E3WQ9wIJMQTFeIjstH1TCI8yOA9GjniE18G4PqvdFXXWLw4cVcjiP+DB84gKdjoDb5I+JWSFiDoVd/0i3+KirbthvRjDQTxUHZVxhSLv0xmTDyBemRz/SJFNXBOukueFlswLHweWqhsNuBRFbA2g4eX5XIR6w5wykjHiQKb4REm4UM3FnrKm4bGEtbC//Jf3b5BFyi3H4PidvGVrADbesdINjPfIiL6uMv1FXs00kg+6/hhGdjcEqIiAWfgG3wSvU1rhDrPJxzIe5+cBFgEmDBsIfO67To0hpzz617SXULfCzTVAN1+J10u/Xegvr0tX7vyLEw8CdzPHqN+FkenjIsBI0owEjro4Q4kfn2JDWEwVdlRq+KI6y3sx/1UpNmHmbKnTRZQ/7pyEtY9ERg3opdsCP0e1mrAQE7WHGbiy/gvs4Is76cqRz34969mVPifzQfNv9pq8YS8zzzGbeP9JlKQ/nQ10ofoX28Yu9D+a/I3wIbc+QVwOhh9Hv7/vSq3F0X7Up0cwRCK3GZLCxW8mdGX5LlYWkDYElPHnzKRXnyLUbfEur4P0qrLybrQVrRn/+mq3a7+22D0Z6ZcU1h8Klt6gNtUsgNb0aizheaDrQzsWXyIa9VflgvorQQ3Tfq1qLpOSfBT8bMUqFQniE3fw+BjybcTo1OwUtM182SJk1rAnx1Fi+94hA1qkXP3qju+jqz52yR9Yxg5HQAckkczvBUl/ZaicJlwKh+nMQNOctzn7nm5t7SKFvy9WhMi3ShfVWgp7D5HKMnE10LR3xW842OtVHuj9PkaCYLnchFxKrAT3DPmr8FGnxYMHXCycu3+/1H336GsGpgsKsm9CAkT76CKx8UkJ0tHzuPsXF2amYBLsrYLU6/evpm3E3TfCr6YpbfIfuxQ8LtnhlabYIJbjtYohzSFC9HsdiBgxT3yWAonJNMiLuwxUmC0yAf23g2ftVGUagLmT0Tkwrfc1TWT+GqkqhQgWhAIpoOkADcuXDyfNSb0OOyYrTmTMLP+Mi3kZb1XWkW6ax0IMJMjybfNZlow3XDq35xC4udf8ZZBRbN7mzuFRHAGEe/2oId3U9tFMsgRXVxcpKEfuMX+s4giC//tv6gwf4WIDu5iE/V4Arw0XhBh+QSMSQ0+lRnzxXNlJa04E2hPt5OPdo4OWLl1Xk/I6+hcCW9cLTp/pl1FB+dX9NGlhPe68RH/zmlfzci/ghEbeRggR/4jl3woGK6/g46XznncpUYLK5mUdqofZENnmTGPEUKVHCQIKgy5B22OtB/j9uk//R5IrNwmRfvprs8vXd+nXl+iMukRFpKCf9ZvR65yX4vW3uNDEWt33F/nZw5xHGfzeONe4gJ5VBKUnOuww4oU6ve5T/zEmXcLGXZGyv0ExgSPLJay7gKOmQLC/wN49iUfEjVmjoD3tka+N/RzVfQz4aMlbAAbTf9N8ePc92JgIYzeDftgUhU32zOnGbQy4dBfTLvN7ggJFKcDWZ14lpPhTBMMQqRg4gYfw94zJeImfNnm3xNcV/R3VfvY1VoMmHjzt7BdFHuy0mvHE9PXPKBYa7lTm2Gj/fa88tGvhMjJnaaWP9AmWD6vBNsRGA1hSin4oWVLE3ENvvNjt5V1/pZU0ZnIWc/5tk6uXEMMCm6bADVzVsf3pmHsbQqPJXFXZT897NXiZGiHkroWQK8fjMt5hGbf+tkMtif0wBxfvX/7C1GiUrRZ1Ll4gDk9L/asAdSdnLoOumEsWhy7pZs6DaMBlJNrP+5YAjb0PyyLM48vxo2/RTCpM3XpWaE3fbXm/A3osBJmuaYJDU1SI9asmRWFJzKmqydGVuOMHRZF7rTH8hGgOvmO5175tDfSJFt8OnoPcqfU4vkqywflQEGgaeqfZVkcPsaOf7Qu9ZlIdhue2zxtw5+88SOineCRlJIQosQ20+1BJahu6wPgMqdelD+ShUlObX+wcGU3lKlsuRQacu2qiPVQElERyYUaGEtEpk7/CK9DPPUVvODrw/ybOPmatHazUrqj0sqRPHTtMM73s3f1L/0xLBzA8OFMI1TM/5yWZfiG+QBcQWH02itpif977m82Kg5LEcKEiMEIgPzMyOL9Be4on/AXMUUq6r8cF5cInzCaTcJXQfz9o7T9sge53xFBUI9kN1nqDrE8Ic4fMnWZ9yIg2XFOUJmKd0DWYdLdreqSUlgIW9MjqZ33U+G9wokBCgxp8tSZ4goXuzpIfv3qJwAMem8ZUrAI6PyM2bDpUx83QOb10Bwdi3rsRFHGhSp62Mby9k+p2fVfLRW4jQrNdpqwonmZT0YIg/VqsMxCL1M9hA0gPmO0CqbaKDm0oxd9Xce6lo0Pwi885TVzwG2OQk4nxwa2ir9E0Eb39XHSUyFlqRzs3rzc6wTuds7ZQOHv+aSMK9mpqjLRuEusaM08uOhNmRW3vYqXGElCdDROD0FEbEVrDKpb1RgVhKWPWMDRXcnjHCrwHGAYlXukJxlgHMjIXwC/G+Ogy3Ttp56nd7JJasUdddP/XcCANF0L3PpiaX8fUtxCrMA02aIHdG2FVjxmYrqjeBeBVklNpAVrdgsFr/ks/GE/JgUOIxKtGaAoJ6iwsh6ldiRLcSvDdtr+0AAhy0eN7aYpYWzEgWA/L6AyM/Pv5T+Uo9ocIMFzF4H48iPXFOSHvGyW37KdBQuYgWvM3B7O+ohdtpNK1JO+9YoH9s4KB8dSMzpGZ+i5dhYxdqLHp64iBGjsjdvebP79G74XJMgA5BWVKeizyHSif3eFFMenQIlypPFMYz7GqYjQO7zXdS+N54UVr+HFcfjUeCibpLx/YjAiJL+GLEyXNeLGBoNgAJWla5BvQFVdpFvPfpKpPPqF3o18q9IOtDll8gwUAsF0MMyUriw+qkMpAQrBCo5RnhAjPR6ucr8dBC/0AaPdUY/vs+bGSlDgLksdIuzVeOSTCIEDzERvMb8LMwQY5xmt/zRfKi/Ps+pCjin1xxPnIql8pBcRZI+YmR2UYzIrvX/saTSdjfrmMilJKUNyeZaUmVHk5FMKfbFmY0RLT+LRX9AetTo6d0JogN12f4N+Xzd/VjuKBT7aQ1UFfnR19Im53bDlY2Zl52K2xXzrFEoJP1okKb6Qhl1CqQdBL/GSEyjFo5LqYE8zw2cDOrMGTyM4uVc5MEyQmyevj94k1jGBrSmOiChaKkdHVX6LpO2Tmx1FsZfYv2nPsoF+RCU0xLuHYlZk8DRYU1v0ejoYkfaNTI5KjRt9EPuqjgw7ovethuY6mCcIp8cNPrx8alQbxiSu6Ry/5fad3ivcwz1+yeBKeyUbx6P10tBcWbcP0xi9mpEm0184LtsNPj2PAo4yIk+NlF5yCEcTcyBdwRZsn8vP+pOzoOpehQcRtvkzbu9SI91XXEU9rnD4vmQNq3G4QEM29miiL9wNzEvX/6ykJS4gCQ6NpTfSEbErL2L27vq9xJMorGypkxc44Ex0Y3eVsvBvUVRau1fxEpLnhvw+ELXryTYKiMfEQkC4RAR7Q8spGFlpWClJ5RiGfQmmC0OvLI1VfyRa2fSAqodrMx7K1Dv0Wt4YS6+A4gm/YAg7XB8nl3iI67aok68UlJdtKXSZ7v2mMvQvlc8IdlKjfH+bq7gHRU++D4I1WuX6rzZJbg1aTPUEyYofDYnA699AdPfAPNFq+ofN65Rf+X1K2SjcX+aqkZmOXkyvb/Qxyxq+sivaldfsNL57LX87XMPlkP/iZjhC0UhnH4X9r1l4vn1fbR1c+KeXrMUSuD3V6NibaebBIfr+8bveHpUXKFs0+eWIfLXC20MTUuY7/3faiWlXjRthyfild+nenMeJ1Ju8NnzL3h+wZK5uTCdmvg/CtxlGbnPEoa81Req0whGoAVLPPylkRvV7kfQ65iLW5+foJ9PbCFHeIhhLl3coCPi+MepI6t9fRhWlEgZCEX3Vp9fHJ5YTmGYp7ufWBS7xhqPs9e7oPRfDcB6JbOhaZMRm9Z2rzgsHxYhTeUCnnBDIV2+NrEzkGwRXFdlhzWcl9GcC57v7qx+79s3wNCSyyDxDEJRt+Q6Ym1btPa+XIWC4U3F3IDyjOFRlpu2E6mo0jyFwefiI+nGJQqWZXi68U5Xg4LXDkJVi1tPB4C01txSO4b9glQaSZAMFe8tUu1NCLab6qDTDF73vDw+lzOY6Hu4mDCUAa2804WjZV+ybwpFtbpoCrszTOkAB4LRU2lEIsW9S2+INHmaRGAVrxa0v/fo5G6rUmhzts/BcBcr854tywV5uut5pjK5r8HjthGnKCACzLd04LFHV2kcA4tN3nLPBxuvF8+G6LM4MNyymclxI568KTckx0tWm9VS5WxnlPVlDRFSelvsqp82CbYDG6MP/uAChMle4Eol5IDVMtW9m8lva9t09Cdg4X/po06E/XzCP2WZZjmEU7FKojyuDeEWSme1beRu3nEdiunsLMo15cTu2YzqbFe5wV7+xU4KVb6ZcyxVj9mJa8j4D0BpnIKfWFJqkGZGfQc7MWI2oy3oeb8Ib8cU0vQS72PhhW4EzNxPHjBAHAf/XR0VCkLgXXLMu9sIvspVK/Ifuo84PSE2Q1tzx+iJ0EcIpir9QY2EisCYc2YspnyvbznJuWACuFl5H1++op0wkyVCvgUHEy+PcamX5wrjqb39xjSaO8gWSGC8xcYEGs0J7fcs3+ZK6B6AvR4SXIEzBMHLuxdbBHxsfwtxHXMZbj5uhK+KLSp4iwBvXNvKKpBczfgKaYLVH8EbcW7iTb4Vf9YDNjVSePxyuAoG8HVmC3GhCNu2LOnpvb527aJrPBBT930z7bbYhYxndCEEqP2OZlbvx+9H6/Ji18hlWLGWdiBY6vF3VRwgLkIf35Pp5nBavQ5Af/awTy/9zwB+0H0keCTCYfDKsKnVGiodes5ntDmV9wVOMHQr1mNcjxY5HIiARpA11yIeU3FCsgQtUDa6r50o2SffzIacZtU9rqlUSVu8kax+k2sWGa4QSlQF3TSzNrr3XVrKUxvnI5jtf4lEfEVvSonMBTxE2wjRa1/7wuO1z9h3WYyKPPHJOLpntMxTn80LWHgBc9PSjM4Kud+Bs8gf811xj+ajMxDFKUdbjqcj8YzmHZV2lF9yPk684I7bqCZHgm0O3kjIZkwQxf8Gq1ZBv0wji+BffWSJ/22no/cidKR2xF/wD9g2bCNbXUSERN6PvbzKmp9uRpvM6bXwYeOPvd4pzDyLCiKdbyT2ltxsBRolQ2LvUzNukwOg19YMTsdRGY8Yf+FoYr/nYL3Yb3NLraC7fTWUikGtXmnwGqN9YA+Wmlxy0+3Y4nOvIYhhB17ke+o3CCoGROkjmO27DRgP6U8O3iFBLLlI9zwfbLM3w6rS0k115vrG06FT5YTcWHcpUqwr9A5+tK5n8hNKSzf6JcHvBq0GifAcSMEB3zTP3N8Kc/V/K9xMbPSRxIHgF3ih+YRKWAYF9QW3X9+034AuBT0GwRrhfj5lriaqEd4R8TK309O6TgRWOhavlzo9Cay+xjygvg8K7qmjtRJ1l1I0G7WZu1iKz6l182s9eVdydjbDl+EXO8Zn0QxRSR9SxsdrWgFoHQU2oWTYNVCgstMS55kH1SlKgGi0MAsF8uG/9qe2qlWSE3swwu/vw60R6t+pHgH3nF8fMpJnT9LLjtEDNl+da+8soLeGjC6710Flouy6mby4xhO+h1uE+Niy2LQtYLijVDAiy2t0j/8+3zsxyucD1DMkg0DzvZxQYxMxHhzpqplnustjPMGkpOU27XjdOlrTY27IqjGwbUsVZ/5XW1IFINqIak6AEvNTVUkFUibKU0CGO1uLvAeMeLR0Li73O/AIfEBH7t+QMq21TT/y7Ei1YFtIE+znGJplN4uFS1pxwmibb8xH5ZBPRb9pf8Mqwz4UQGC1k7we/V1LvznEL7CZMxBoEZyKHnuUz1HyEt4OxCsVh2vSbiND1AUt3lMPsFLgJlKd/PHKyQjreFT47M4vY9OsV3+GggVbcNSp+i5gBfqoheNgDU97RS6fdkAoFbO1ElHXlTh/CTNiMTHYuw+og1tAydG2YFSXT2TniQwV9flYNEVboJ9X/EDY4/F8jUEtuIt5JqxGYv3G9CO85p/I7pOLjqo/u52Lv+ceyi9hsHdBLJMuYQW9P2KXn8hEB1/gJr3bMUW4hTOFl/aUeyjvPbwl+KsKdwCleN1A9w/8L3jDUqpHVDZYWj71scpFCcxaiktiLJP504IxKRwHIoPt6P8prxWP0tcDR9AJ/NnFTz5brWEDBdILBuTy7mx0v4jzu5R3FiHv9opq+gMYjlJfFris6+EfQ4CzFUdBUOBD4fXeiTUJabs/xiyOcKmPxPXVHTycrXkIoigPeClwRczfCgo0Epf0QZD38Uw/ISKKN8QKR6TVwLxfxcbX1wdxC+SqWwvMqMV9rW6pqv6buRAJ3GBwPC2ec5FcqmAXpmpY6KE4lcedG3EqAaDDwbOTnYFdab2X6AoK0onBLCkF3g6awDKCSND3G5Tiv9wyPk1XpjqbXpHHQx3mBIVlqc1qPP+SuvkWYUmun8GOoh60BKuc3JcsDGlqLbqCjMKV74Jc7CN3x+bCw1dJv5jMvKEXryHSxU56/WS7klxFLG5GBG6Nutg3MQNIgnlzjS5IXkL/kbYPj+GzwQ9DeIKCXCf2lTfsElQituIZlf2sGU7tLfZJZkovDjOvd1tmnxIffuWz/BtjqzrfNh7A02hr1KM1N1VCRbhqkSm2WVKZPUoO+9rVtalrQSft+k8HGq+YU1QbAVvBSBpf5/oq5iy1JtCf4SLkPc3ZnhcnCHr39Qfdd6ox501akDO3dmRKQJJKm/PCWiXeoMpC6Y7H7rxQ9SALDKZycUlxamUVdDj+Cm4P5ZmpzNend3D88047xdEcnRizg0dA3DOnCPjpoTfGZnhLg/v5ZhzDrzmhH6oYD6AV7qWwnd9w4Uw4yB8oYztoipPmbv5Ai4F3EBhZ3PLwNxcho6fl/pWxaVlvkx0pctzuzH02AJFY9iFR80axpAw11QTCCYqV5fixHkkV4lDGhmp6zf/jGQSsTMC7UfjKiVg22aFmjAmBNF3BtwHAZ414m2Ilj24EslRuV0a0hE0Oigw9EktGYMNPAkWc3aokAHUusVzItGA4zsD0+7sEPVVAQpsPNdVrRxppexVdOY6Re4THEvrMXlPwzITGGF2L+2P0OXnIbrYlkPN7l1PzEmBflL0lRRsiTcro1lIW/Nf70OuCRL8+lyGFZsc5jC8Hk6O7ZfAeoDiRojZba0YEOZOl/9KEeZh7FCK27MH7uDZE1utT0CNQ6YX7YWb0Nq3gyX/ihxu6UMVsig38vaPZ6B/fVvlC73pBUW9XZ/ly85ifECceShxdKGle0lTzC2ZiRAh1dtgViLjntrncLAjtJoYgc/9KseMO3StV5fSStqiHM50pzUVa4c6GeeiQApXi8nLVYT73IEbVhNbESWVBPwj2P+ZdSsL/Go/hyX2DW6G/XqEatZTpnSFVMKUYc7Hv8mVFm/FPiJ7HuZ7n0NTDUdy6/EAvNW/adKFrI8NLUbwWx/LUw5jIukO6yapxmerWTKUnlT9OVvpqiO9HQb7rkWlYjmhom/1yJ68byMV5lFf4q3DFFOhJsXzs/pFynnwD0AS9aiVWjL/Fw7Ia7jzCREe+YGJ+kQS1stDyn6mcqy97NzQ2CnoOdegMRnje9PwfX8bT5fBecLfiRmG3i5g/nfrBhysYJBNzATc0epe1lJHp1NTtR1hWJnyyq7hIgZSSNqGsmLZyV08G3XOGW7eA0ykr9WNrnl+wx3WCbpeikVNP2MjRdchEWH75DW1/Soao2jXUO1DsvoMOFpPtrKD/GIX2hZrltW/AmTbWoTOZnFK/vNkLsQnUoiY2o9U+mZa/WWl9avgrKqGXj+BJZKzETDRNjWR2Xi9VuYNXo2XpOjEGVq0i619MWL+8/fXfQsos1XrhSWNAzPStrRJzaB7d9ybKgNNE+ghxp7L67xusZcGY9+wDID9L+rAKr2SxJXIk/EqcfTT4toOzhZkyEAVApxxL+hO2EKWiA0H7b82AGCruByZw8hEEh0sj5LJ+ulngGnDUMDo0Js3NmIhbjyvvdo8VB/9v0e/1bS8sNXGNfvA2zi+oxOwOL0gFkOCOMTpArUJx5gm3r2hXGCPRh8aCSgejfGEZ5E9oQaAVZ8KNe4Jno4BdzWeiSMeueel9F/uWo5TMNzdUVJxvnSPE9aCimhaGxoRkazzmzgvw7wuMQAo3/kfj4cZTXuEs/+3gw9K3RVulzc8wY8CXDSezTd4oq+QsSvbur79mLAQfXhx9XI1jyX26l5yVUoVJTkVRhFc2lnzD72sqi7qrsL+ytLNsUR7Cg0CmNnt2LPMhgHL34L2uDob1CAqIRiBgeF6CtvFHrpp0bjdc93uD8g5ogqjE+zWtTn63EhcY0O4icPGzpyielP/d/29HwbfRvFUUCXrkBFe54wKuol3kAlcN1eTr0strH/a0cpQ1D1BwzNUH5Tt+lVsJw+3YAk13Oc4HsgJiEANfoTyQKDqKVPlI2SoL/Sr34wQwIPSLHR/lW+RVESRcs2x3s1Cx61VOWEDjO7AGftzNjewZXTjKB4/v+tvKdZ44L3qT/TzN2MpqR9OkTAQLuVEAV/66HyyjgKKqqAXK5iLkgVfDey5NqHIVkzIvsOoFAfuxQ6Som3Z2A4Ow0ae3BPO1wXpjJ5EnDDHuKqXYuw/otrmP5Nj365/adDkg5vwZ+GaeroQo3uly17Hliov1H8Zu/pDi1h6RutKX8weA3QuyoKN1ceVr79KX9rPdEf+LxsXCIi8FupQE/X2fhy3Nxfb0xJR58GPFC86NEZnJCCw3tW4c9tmVWWpCHKDH0vYJ6HHihMhFDty30dlU2vgMLJgs7oq5m+sZMxXt9O007MtSKM8+JVZdicP6ziDoYWQK3Cfj5b0zNfoFt2ZysxDD+awLzOwVgGR+5FkeC4Up0czUIGWkHf82EiWG+UytG3yRO/K40HDp6VUFPDKu12AxNTCjdP6KC5Q6WOVk7T3uTcp0zTzbkMBVC/vAO1dSDUmN+tHB7E8icfefKufU9Nw/j247RshnC/poZqsaoOjPfgqeq4UsvZrZx6XLyf0J95p8xO/FxYwi3xV5+Pqy/iGNq+kFGzEt6vLDdSJvF2i8ad5WzVQSG8kZhM7OLvRTBc23kpyy20sCSfv5LfSfYsqGK8sI/qZqkftvMQ34S7tZ9KAogodMP+j0sCsX3BDQLgjS1gifg1aQn4DE7doH4UZB+gegXfk+Ig+PVRWq5VYeath8fyk6anX+k8L+91flZextRwG4rJV3DG/qzbUtZIaT7NM69sxdeRW7LRpIZJOCEsHeRVq5OTLamsJC59oOA/QUIe8ezF9ejvQTl/Otqq51WKomxJOrO7bxbPiyHJfazrINRAlmfPfq0CBWS4oV/w70l0rQ6ERhcR8uRSk4Dbr9X/RglHTwkf2IihjZUjR54SiUoFDevtj6xQVc0wd/7BuAEbGPx77ngDyuzhpEuRQW5muLLUsPgF/zsJpBfm1jZeu9NIRZElQ/29Z05HBda3nZv+Ge0W5tGukolgc0ahKIPmVRNIF71USjiwyn9p+pTNTAss/LTO8b7+sp5zjoJ8O9svnrMXGnlJHkSRwcfyvaeFN8zfjb0Y9B9j+Yxm1fFh8AncSmq9yb3uQ08hDcnV4p82sB4JA/iv3Tdm5BF6fe6ZauZUj4d9XuwEGO5FkcGDvF+k7EGURj9GkiL46LTvUzzNrSvgkcCVBXAo+LGBp5YRb5STKlAoIcObrWYU/EU8H8KwGn2OhirUqy5MgZOiLSGI5Jw5MDrph3YxjCLZ8BkyKNx6H7URn34+LqGnalTqnV8VrkdL/PUEq9wNzeJ7RRDj+S2CxIpvkFt0rFGNFI6zPBvTvwYyWCRL0Bs1EqYsiU2j6ikETaz8f9NVFd6zmTea1LENuMFvUzb/kwtBoH4NwLHtJMu1F9Si8Ita+fYMx7o9hp5iHY7tN2ABa6BG8Ma0OXcgfpT/+6W5FIyFCDgcaVnt2NJAx2Ty2rvwOMOfbcn6CvxX3DFMI57PTxyLVSVPP0NNvhnfvPtJ0LpA5dsaYFlBcfJfN/68ClH7RZ1+i1Jv3XrMUDcTpFpLkn5bKLJaildqRhF3T7PW/DIitACc1yRFypARPOWlE5wuAdiAK5N2fpPRjX3OVUw8AhsFCz0AfRpB2wiT3gfwb7gAv8jLd6DDC+SfvFBTm6ba1inBHoZ0hSo2epVQuyxOOcbiaNt8r8B1cWFi656u0PgVvU5rrP5rEEQETJ+GvZunXeEFk9rzZds4mSfZn3E7WQRxbAzUI3CDAE4ndv7AYxVKp4R6XY2OppMPuW/S7KRGvIMn5KShbIl7MqclXhOVUZ+hTf+nmADFAiU6eDGRTzgGXf6g8Kj9XQ/sN/T8DTD0A1P4UYLq+1IxfYknGqcFNnpi8kG4Xab3pIJ1sBo6ITy4lrtMp4xY/5d/GYJk7jg32isUwSkPezzwUKkw/NsWbhjiWQ0a96KJT28m/+JjiJg9oyUS1f8067eBjD/Za7/FeNu61c6F1Rk4RvmXfAC9LBFSZeLe0NzAYnwJQ2JwTyRqF69jl1VPfAFOK6vF1JbaEzi8QdgFpIhw2e+pgH49Uca0AGU4XLiZt9K0kwA/85nbPHCgBUVL2ngiKyCrvvpf2qdtopgXdt9QLyzhS9siRhdqxmZnJGv79TISaomM6vCqH+dT1/tVtyRO2b3Xuv7DuNLrJxZhPFRb3eOGfoYMFe4SO+3LBpbU6pccs6ScreXhuNyQ72loo23fc2E2dSBP2ehjGWH9GWj5bweE9SQN+gkvIlDJbpFYRc0YyYVcurkIqxIEcLFFihkE3KlwQP9hGSqHU8RIZag6EPrlXk9TYNvnVZWMines9fKboCvBbqQg6wA9clv8omHDHaivTZ5XNHvLYb7kc5KpK0SFpedAW6qgPfjJW5lR5h7D/6Zfz+EnwRHwJ5IcafjhGIX9MhLyjxqdF4xkl1FQO7q1ozgVRkRPlHDvIERcqCo1ulIpGWkA55ncG/EMewHF8fRry/JLHNONUBl7BMj8+YmE0V4oj2fJF8LJIyXF+Teqgz8p8MdLe+ZncoH8bTHlu5CVgzrCYSWgPq8Q3MeXtkoBh0GQWLeWCBZhqz12/YEVZK6kDycwTtyBOdbdIRPxkQDhRriwgiymkDJXCNwSQqqbBUJ/JoyHQlk+XRcbxBTTlPme63sWLNXqgXj8bZcz4dI0vuQ+2IhpSVNV66xoHyGgRoUw5/F9kye2vX6ly4IOq9Lvk+oc1OWlXKrlJW9oQmWZDubNReOxJezdAuE47AW0iSshcf8TpH3JSpyyoV+vWRXGHIviNVbaEYBl0USAPXb1BtYOWqveoNkV/svQA/E/PYt3hRgDf5gLzSAiojRSxwBJ1JXElBVAC8LlTGfUC+I0opNDWGVAYu9xAI9BOpXiBFSaFFRF+YTh1U9p2z2G8RTvGwiQDSm8hNynERCkcbRHhrRwSLgv7gDsb9aHc/I5HbGXw3AmJULStK9OwrCneaRCQ2eXHed9aRPdrDWYeI9WBq0owVtZo8xUz+kTVf7QoofqWg08TJ03KkJkUUsXxqJGu2cBldbSM+lNq0oks4LrbFl7w+q81U5Ef+NbZip1APlu1RWbv0MBFq8G07+6KBu6MR0+rA9uF1qAEPWkvfjhr8lGwsGDkh7tmblUPCES4yjzAvQlFQSFbsbUgD86tu4kyH+seQDCrlIM86G0v1TF9ZdTKHHQLEiBvq0ouGYyKHSVuSJHMBg7juwEgbMikxNR187JsjAHc3D6AdSothqhUa2RLRfYCO0TgX6lmLrbe73OVP5u+07qbSYfkX4okgRWeLu/fOAIQmRdgtcvd3nafWpIvmd5WJabQt8wCMBh2aLDzJ0PYL/Pnl0yjXC2SUC6zW7c78gzdW5D32vVwYV+OAqL3Z2lEpR+l+wajDNRjJQKGCePTz80EVPuIj9OIcHPheCNjCgR3P7JCjf/sOvPtvDQc0Ujo+idxnuZmj2RZccyPmeLkIWlBEQ5uLCrCikwAu849/SnlGgbkKtfDKYzSwhEzzu0CFZ6rRfh/RIiveR0imOEbZtbz+IOYv+sfNr3Y/zW8/p3RAmkRdpUVg0ijmGFj4vwXzP9PgdqefhwLn3HI/lzgeUYvktp1sm/a+woI4inSZlTBzHJEtqndNn2DfoCP2H+dcZ+ST83Ib6fMoslAmnBDPawpXJd1SJ5jZ0WqIKTcCJsavR1Ib9yqazUjQcjMBr+fl1LAq3YgJbdbkpT6OmDNl9zL/nRODOl7rlLwU+DbJbuJuaxF2ndc//865Q4I0bMDGwezqzmltMkul47FBOS8VlHOqsre8FdGmpNxqlmzN/cQOcr7Vz32T1A+tpzL5AcblHRRlNQWBclv529eu97kRSvomOE3N+maKGe8ljL0Bzw59+0ZXQjqvTjIr/Y7JVqEK7IA1pUP/+0F9PeXrZhMJiT3u7+5ZHpPeU7oGER+4n3Dj3z5h7RammMoXFEs/kGUGIOtbMvq6njsqLaBd/PfkaGVMN+3cCLq0y6z0oab7yI+WqU5df7TyIrfY6dxVEEWo6/oVDsnPwl8xcLg0gwW9DAth1g4sUkDLxfMU1p8IC6HPhzSG+drE6p6QX7rEDd7BpcjKNnefWBUHQffZkSmpHNRDtb0du0ryM0g279tfPmmC0Uew2a0cR1UQzmSTvgSy4DsOMWDWjdx3s4y0AomuPnGQmqfHcnn/xSGj2nJnpWC1leqWxoOQS5pRP0fBCFqOrvdA7C/9sH5YQ2xsUcx/41kOgMjjhc4DVvxK+tgtgvBxslznAJVyXl0sFtK3m87MrJEAyGBw+OT1JZQHawfn31W4OogRxZs9IiPHQenYeaSp+X93qXK1I3eMEnoOoHPFfwf9tBP6IiNg/r2GIrHAWCNtgPPP3fJnQMpf7AFOUYlhEilwug/LdB9uttbGAkz20fOSZvnnA8PKSYBgCnBMSyuY26XWYD8urpp8tlt5c4fNpxrMU1hIrBGSMWCgi4ON8fUesz76TiT2of+SwnFl5XyLigKw+DeXG5EgywlQDRnYlHk8rbvPAbmNYPXdvJ4Z4AgBLMxyPgm7LDljZ/UvNFRtOS7oD7NZ8aaQx4T9DHQJcoGz+H4zYWTcet1KDcfCI7OHdcraXz8BBtgeHiAN9mMCgAK9isXj5ImyU2eEZC5ItEADHMN+CmvhHffMDRkP9Vb9F1cxNloIbfQfiYOoyeh/F/9crkN5zrb/eit/FCkRAvLGZFyjfTAdf3ZBn4IL+PpfdBOqqhe8q1lgu30wL70a+ysEan5tSMHjRGhtudMyUpEmj8HPb0he3WCh5UEycIjJt78eAiY1he3I2dzuagXKfaulna1RUljMguujS08cZAu43ZHgQY6pIeynaGPNv6cyyiddToZ+1cpiYsxhtHuzGoooOj7+k9760OGBlJedSgMqlNYK+7nFsPlFJTlX6EOn9ugwJ0lUVLJ8DDyQ96jvj033DOOyjdpZ91OI1/yealP1676EymwKJ+nratqb35m6Msda2Z4KM4pKoOtRslx7I7C4dSATu14EU563yVCPyxB06Yh77/BTlC5DfwJL7tAPqTzXp6kxrRh2o3fe6LxLTSBNl4E4YSkZnfMUkmWn6s8zi0jMwRMe+aChyeKoHppQhf55E4s+OpyOqgDvoAazmUUJMjTxZsHQRA+AJ+ehm6wDlsb+IQMy1E8RjHKcafiHHevXq9fsaNKUBVSF1K6P4XMo6vZlmQtaf/5Sn4UWSd96O/Z4bmsuwfThqJ5pReTvLVzqfpt++C9kR9A7KNSG9IiQx8y9DPd8Cp1n6yxwq1YrJB+p5Nl70M77GULnENf+WDX8QiX8LstlTw3Tx6mmpGw/kpklUYTrHSDOBwgQGQz9TAh7zMGNkktkZfbZXvL9tDRHHlNer7Ju0tkaM2Jchq+kkkY1cJlEY6gQv/zbkxurv6KulBWAgkdpWO6UtaVxjPSS8q0V4EbH1u5haGmgDHFP/wy78NriSeGHaYCVdiUyRj/oJurV1NpQUqZmeTyUEnxUfwvou/msZsTEkS5pS4ahTBNnN4btUa1JioFZ6US+yYXUHWgUz2yMQx1n6shD0Ol018WBVg6iv939raQ7sHJM+wUXTzEX0vGno890uolWUB45/Tm4XEKgh8Hy8DJVGW/W0c83KlD+KVWfJgN+qXZWFaIfpYcAgssXLqaXC6qAMFnrlmGXFe1f2laIlst6oVvnIh6pYx1rldEVSVtvF/PrcvPlhRoVBFyfAuGIoRJHb7Php/L8vym+5pfyF4uP48t6A0a58HHlGCtIGvXzjP5qDaq31brnFW0imtWwylAdPINoWc1hWHYEaWZUncrfOVrZI3YNcZfQ6TOwTeeu2SHZkJujgqTcMIbcu/vmelI1QcPHACrPyG8Fy3lwjFsDvjUnvbbvsZVTwh+OSLqwqrTJho/zMUDqIm4uJZ1o3tAX0jzKo7M1BBIjGdYxyjMlu9VJ2NyUgU/ybbNKeTblyDH32HJR4ErhngGY2bP+nJnhMphYQ5H5CNxhJJp67O1tbcPkT57GtwqPSME+eYQiPpSstKbEVzxeSofmwOuUqH7l8QsAcM+CjBVKi6t9LxKNH9V27Em//tDpjFQH8fOHMVgJ3QbzUYLYHh1lepY7B07Wuvv8VrPW64sTaylyZ5gmatAAqQMjUdv0KdsSwutvJ5gPNb782jMY/1AUR8d6B0RBrM5EywRQfsuMDO36fA4AhcMupbdpjcTr1shbp9oaEhDhhclbt56CSKDjqwJJZvJeGIW42NjJ0OkvwRNB3Mwq8lgX8krrVrVrb0T2KmFhlTXuchA9phM183iPMMvX/e5SbUBJp7AvClV3cNrOXB2xgQUxJb4NayxwHmUXA2ESj49AFHf0F/UbuOmXX4HQG2ALI+6ax9Cj8x8KVcEFJywaFO2xdwT/6XRcPF4bG2swyWgVRXRXjxduc32sbFpTdOz9O1p6klaVFM7QWoVFtLOU99oeD41J3ZnaF/ZyFlWrPTvALSXXYcjksp1vKCJ95Jh5OzYR4EC2VYyAXfxq9CyHgJYgloF6P0iFbaBp8EIlZaoagSXYpRj+ID0BBzyrU3Qh6vnumFZRKk1OfQ9rqfob6UpjDkUqrlhw3MTDVT3QrU/BlX3HWXQFiy2BFIyo75zQ2NPKxI+04p7M6VM8Qi9CMylCtcHw7naYWmtV81Py0xU7x0xi/Iotc5fcLYX68eguX7lGNXYfFAjOQruKVjpwRGMeVfAjBm4HQEqlQbV18lHzz+cCDfV8P94FDebP5uAvEbNZojwgiNxedphUWAZX6/30wzkaw1kJ4qlRCA2ehAU44Cg0nZOkZXy1cEhgIGyOZjRUwRvLkdZechPAbstod9xfrP1f/oJZ8+SM108+eed1emafPz7/XhaduPa5m1L0HXyKEP6CdkzolYgP4o5Q1wMla4LOYKIt8K0iCo/nwsO2Q6n4P9PHvkvBgkneZ2WjSetiJJYFzJf1+GNcv2YUe7p/PvA4aWInSNSwEGrEayaFSeE+7jL0949+ryEGRcqvratF15jBUytdeNoysYDfHLy7cECsUR5RLmATgUFQQ/k+xwxY2SEdj7IQARMHxt0Y2q0SWCeGxQciXJ/h3CTtUEnogfpXmmK58PmQQ7g/sBCku0cZCAz4ziiP23yyEWXbCz4Fkn80nKozASbo8NKZQ2bqvOh2RSlYyBiKYXOLeD7YhaojDEt+of6kHNqQvRk3Kel/MCt1yaDCrD8UcOjJAVMIU+lmQN6yv3IGrcXgQNCDI9yJT8URKOl89DV6z49eF0mzqcYDLu6LkUczK/c8rvE8yEnOzs5fmXF52Ra4GgwaesEUEvwqKVtud/gLNWjt1jrKY7DMawrENDpLlenODYzFwcBiQ3YPJXxdKafMLn0ovIYC2wLq8CAlf3hRKnq7FEHVb5MO/z2+xg5fg5f4N3qY+SJCKCiv1e09bj5PnbQ+D7dAoKxj1T7834usptbo1bLs8OqtYYhXIWyj3tj/uiunMTcCrSO30EuyFZnCRcL/hHf6C3yGA5RRETeqc3zDS04g5NPOwvWuBEPvwPPKnaG2aPAXcqUynAmQzkVesuMpTwa13Y6kGXTOjOY+k6QtnwLww0Fw88gtXXpHd+K69p0w3xDzKhT5WVCV3tn8XRFq0uiVaNy609VCeOSHm23KzG4GxknwccO0fO2h9hRZuwIqlHpngdM7576/88G2l/88j5KpYyfHwp6xcbviWwtPklkncWJhFr+9sQVyMcReWG7Eljog0GP0iUpLJKoMmJKhkMKIoTd9F1iiRT82voRsci1CABAUX3xlSg/fPQNtsDyTLjI2BJjIxzp5g2CqdHEHDdosS0AhL7GgsoX7iie3H15vMne5bPxzYZ+G6+E38axEwvVg48zg6/fOsmDQSlsi4TVR/qfhbzM7fk26nxWTYhM3iIQ0QBf1HPkOUKVjfjC1KfEmxfJH6u38wc/zgJ5uaw+NM6xl7vlftz5PUzTdNwIJkyBgr2VRQepd1YAJBu1J+sgPh/A6fkXgnIpSoO66s2raUWVjVH5nV4DeMWgjUlgoMe782+5DHJ50TLT6JGIBRQ0X8m6yQ8QJ3efhLn8HsaomcP3D8Ms6HQpG+REm15hF/yfK+xZor6rkv27rPwk0No01KzOrkFzJQ6+NzFR28Zu0u7x4iNzYVe+Gx1HWPi1YrTv3LmocYHgEGk6VaJ/mYOSoatq+UPVNWn2AsBxUG/mOhAFSGtKjK+BiGLa4bwJYmyEdEkU5c3AYyVKXrzlfddumEPioKr+JouCyZxU0wvs9BG60K/sgAeeRmbU4F8d1kkXJqzNH2CN4EMHa4CsD196lP4dZqTfEOicZAS11yqbfddgTPU+f1jQB2Dtrd7dMKC5/SY4H7swuR7EeyPrSZgko8vKv3Md/0iGp86yyVfS1rVn8N5Gjmlyj/5TYPmRj03HMUApMYOwSDZCpV1dG9140dpKhAe6RICT7kWG8k7KDG/HBQxk8IUjGtrhzEbo+AgfcCOZxwuLXo6Xa7+y39vk/L5j5r8AwAT1Fml9s115MUGPRZM9esZikNXepFwhStl/Unx4jIoSRG8QHRQnZYu4eHDn+Wx46mZbL7QUUjoVhs9kZXhs2jpGH7kT26y9+rSvZHur11+wDHMPL87rE+sTQVfXst1uzBIzVV2bXHoemDB1pg1dcY+KF9UvsCHrS8YP9QKt+fyxGnp1/Uz3Nk/Uxd11SGGIpEuToXAWDHLQhaxYZ6E/tMPVhJIeq+mTgFeMZAPKhSH4f5sKRz+IaVunQ6N3/Q8kDR8A6xpxke5HWxlb0RD5niPfTtwdoA6eJ2Ob9ZblrIqNmDF3Rv/0qiNv9aSz9pEdCx8GkhIO5MkcRmzqfIJC5ZKH2QZqELbnOu4SVOVwxGzXAv2wDC62jJ7+YsmcjI9BnPcEUWZfci/rx0TeB2GG/wY/XeLbzVLR99rd4OOyQ1zO5T4iGpuCjBAXtBEKCkMBfhzfikneNmWkwxMonLIoWFUzSsE1hb4S+IkpZIg22oz96h8KxEqQj2w64rtnqeakyRxsXuxBdpNq+9RmyZFQJRrlRMpVEvNCKFCP8ayHpTq3+sBbV9maYU0aUWYWkxgPyww5HPyuN9d14vQI63449UbR42pwmFXFAFELH+rWaRPYIjIiZ0aJyl4JtrgRInKXohO/Fms5PyaB+gDcs1typS/Zb45B2Dl1Rt4Dpezc2CNURN8vUHwPO69kDaBvmOOwQB777gDWlnnC8aL63X3GSj+LfkgFWH93JCRr4lBURf1wTOPYiyxxqaS92+wVbQZG5fnbt1soQ8V/4nCRAwbAeU5KKIX7O5z/YWc2ZbmUDkFfsyuzxlAH2EfLGQiAQycqCckA3CHnkIX/iDLCh+bnEq4Ls1RdfWObNR+p1mPa8b775CRdf/krcpYzvADq11f/QAaAohnM9Jz/N7E6bdJb0Pvq1pyAEn8nBCiFhVnvHeDAPD65QuBONbQe3k8Xp6SdRV5lFpWKEgzXCGfZ8F93LmZN7SjbpBvTJxY8lZheOh8xpscyqSfXuD/6Ntf24ZT/gXULwrp5Z/e/cZTM6QKc92+OBxBqWlMWHy4RP7C5z9BfAxN5od1xCTHX2+Lc3R60+Tz384UGterk10FuW0ZDbUfkhAR3tOomCUdc/CIgM0vaiGpVbVAQM683hLq3/E1Kb3/Cgpm4xA2dD+ao3heJVrvJ90CpScYyalSTNE1A638c/FTvcfgE4N49loJ/2JEBUUBYp59Q1bTQo/SAN/+AYmvRP/bJhba2pSG61owmC//TRSLDYHsLDANR4nRwEDY1MaS9mpkVAoCWs/mvuQF0MfeotlacpmMAYrGOuJU6WujFxtEkvExEpFrHMGGxNKx+7h8WnKs0IOc5Mxfbdt9BzOO0CFGUaDzc03n6tc1lzRfYFotoNlTUKTOxYKptC7FEvt7g9Szve6DHJVYTN/XdoV++tcUfJtlP2PYjm3tmdYsFmkvVRlUuOmjx8xiCDzKnY5oyXsZkZDCzfJ3BSgP+NtmyxOy6g+YvJfxi0x+729zDGHV4+C8uPza9S8x7LirVoIIRrS4Ed2WXpBzoxg5h6uNSAm/SzIsmvlB7dUI50h+GUAL84MV81ZLRB9P0lE2XehYrFCj+vC0fUiKncixSPeIrcRm4EZcoe972kSS484ikO/NIWppDBOwEr6XCfruF11ks+P5nZWrXf4pYWQiiyE8+L6f6a0RJK708fJx000TBwkQBsylmV4XuqSOJYT87P4ozobOTjZLbLn+Vpkk1dXkQhVFAU1QwpqqyehsXNb/dMqcEgCtJqfg2hwI1lmydUM84t+dwgvtpe5BxEK5bf4Fq+ciZ1WMuJqR3BrorYqrSrNM8fSw3covFOMi80jVcPd1Fp39tcDgvM57KRf8EX1oA51g0tpIs0yE+WvgIvLSgCrfCcLRoUoiPagbxlslJyhIcJU4cb38h3r5fA/KAws5Mvho9/tyrYnTsN0i7b+AJk21n0ZqzAX+SG/ViqP3Y69J1ky6gcY3tH5UGv3m6nzMmnNMytTwlxWDencHreZBdchLYnfu+PkVfXJYXQECmxS+mLZMdoQli4HLAcHpM1bN11RLpJ0QEuYl8CQAqkobTDiCz3Mxf8V3uBpLv0W0Dqb21rznNCiZuW1o/IEQqG6ZgWoGJ7QqIgDePl/ynU0oOU2kvojgusYQnqS1708UbW6QzBu4TyZd8MR7Z3+WI4W9u5teUKmGaVEB8HDa58PGVXU+heILSRISA89pWaOKvGQzzkOThYfx/Ae6yeJbSOc1pTtN7c1Mfdymc3tbyvDdkAGDIoNnqrnfpWgQbXeIU2WUWdfnIISi2lJiGLdkGC51o7Q3WW/sWeaTIC9EQdwrmV2cwxazdyuBTWWg783n5RASicCHdqIUJ7X+goCN91FFqVPD2l2bth1vprDSXx19wHJNFakGdVY9rfvgYVKieJlzQUeduwnFgSndQPR6jnSDEATDv9UdfL4qBp1l8OkvPx1rM4IgP8cXBD2E7y6p09e+lb/My6imlZ5YlQiI0iobIR0Adf5a8rGTZgtdIZGIWOLHRkZNI4fdUu5NOyybuA73+0CCEIqy+GLgol4zPf2SjimlitPZW/vpwpSXmLB7b8zTxDAPrb4vP4mqinR+ggclpJy5Pf1yI1XRGSG8T+pJkAHhqwMequ6n2YE7FxRKdGbIdKxuLmpU7p9FybYgL3nBpGpkXjWEkCiiHTO9pskNXrnJoCk6k0RRwMs5dPMW322otIKDjPTd9ZiLoNrw28PdeqQ1a3CvY0VRsFtlkIzPItwwkXa8A5FOXxB03DaPybg9KQTpT+vuQ/0sk0hUI7cfVDSSUJ37TUhFUVRFcR1n+Tb9T4w+6BQB2BpUsMDeDJdqWEsX4vObmF6L3ENZjyIGXAiTKgqSSKznmLXS7ckBjEsHZzGmkqvJutjVLxQSVg2Iv21/kS06Netf2aZqVpaVELUpK5YoRiVlU+6HvOaatHI9hkvQbvlL4tQxJS/0Qp6oy46UGPToN4CI6trU/XlMPxzEWgIhF47Z3t8+VIhn6R1YlSyn6PvDTHENDnw8aUc40sOT5Tn+NID4XpbPar2BpFrx57FoAf6N/wPSwUxe8kvg+OmVv4shU6OLd+zBiIIo3hCF1F2sKrx7cGWHd5P3unZdSWN7QKIC4E9shI/khmeo/eZ2w/iLc4IB9uNKlKwX133xc1vG2o0kjfUP/cU0Oa1nktYDPSX+BnEMxg3UEO891NTBE0nn5yMvRRzts6Fg6WZxQuv0JE2DRXQBuzCPe3t3S3F8cTa4tdFP2dyGXkFgJGiG9+SRPoPezBY/9zRJEKvo6l+zqHgFumI5/K6bKBu+YglF7pzmIUlt3AMQOg6R/KldTvdSKsLRIyJivhaYhAj3c1j3RNvMfMVvR/FrbrSjoEQRgkm98HcM4H1wWZFDN8KFfhJ8CkAESolkQ87C3G+UjL1ivj4oEWrfF3jhHL7bH6o+r1EX8eXlXqSNFB/RKm0S/O7qPSFl1Ny9BjpnhxQDzGqOhD8HLS1SaYt83FTzVB1DMn1MmG4YJPnqDjgrGB8aIUNKpAHM5hYQDwXrj7gZqIk0hVzFfK1+gIqXstU7JKi1gEjfg0dcjkZjo1N+5sTFnqUW1wcplJXts0ygpTXX+0lDDcS/yLt/aR2t5dQEEMfu2Ak4HXiBFCKzCsuclWwnAUa6R3+tmGptR4/K8AjuehtLA3md/TQJ/HzlNlXdl5+0LC67Op46l8jcX9ctys3MRXQLfE7/ejx3YVCOZ9lTt+XTjHXVcnTZAzaaospQImiyjiZ2QTr1/RsvxOzZ12WH7IfmH3gCOe4bRCLIfbz2uFTdS7fQn8b7k3p9qYtG8cH5DVvDnDSdnWrPCNOM4dOuzQWzT8PENwaxHfKStFRQ/lniEIZKOW3/4tGHdd4nKSJurmpBEUwdpVQz+HiA8aT5VRBQYxXAmSrkt8KERvi/7SK/eHPTu2Hr2RYpfGkDDcnl6sDemPoEc0JgJN51rlTYUWSR7F7j0mbFBJED0iYwzDHQ2wqCjva6mZ/z+3Ff0za9UCP2JRpufvyUphDe/tZ0SLj4RdamcINiYbzV8OcfzkHRRQtpbhiJpoGmVYHFOrpB8u1FpZHKkaLFa6V/z+ej3pDDwsNtDGdOubcp4EOQy9/6a6hoICIFSl6rtCiSWNcJWOg1WhLBdEvbDxY2CkijKRjLq5Wt1VunlTJl5xtMQjpejHuWVNxSnGPtUMsdAHhosbPYX5u0WHpq+8G3Qo1D4FGgBWrlJO0GZiYErt+LorjfslYpFjWDEZou/bfL4cMvB5HvP0fAd3ln6SjShEfiKlfSncd48VlgSdIwnxmF/hCY74Y7zI3qs9NEIWRaM3QWRx51hcoxeyQNY73vWnmZrpkS4jfQh+LNOS8PN/XQF1uBSIxPZ38fx8RlhvBFHBz4ieVeKztTd/a4ZRRyr/cwuekJFQ6uar1LwnCBEwry/dm/1ai/v3ZUpHhJwfR1XPzaAH8sc/LdcqiKKQ/+8aBDgV0a8ftSBvXtsRLw4bNrLtjac7cKf94w13j+XtqnjjsV5Zs/vnPXdt7tunoNOOnStj/NWRjvRNBLza7Ufm9W2Jo9zdrz5gyik+aEzp4bWf6rGYkP/HWO1/235jNeHxojf9nMcOuCAHZDJLSlYOAnookLnPQ3bq5ghgHL/knJ8BTaVbL/EOsOLkiLpBpyEU/D4llqnH3YxhWIaunXoCioNNMQh5b/GxuTbdaWo1rVNSwseM419ru6bMyiH0Qw2UL4gL3dKCWzpV+vU8Ujirm2XonK5OuLtxeYzMHonwT7WachcEF5VSzq0Dyoljd+K5jpbaVz3laMEcYUw3XbwXcktNqYAlYxo8dBmH7d2FLmNL0ccQOt4E4zQ0NoDXfGiBfOgIeXSpGrWqUOzxaykvAxG4+cDvrPDaqQpJaVSmqWJoRWEQeMhKxCQtJGNL+SiXo+0NMctOx9enEMC/guLmBW7MJ+LfpciR7ZiuIsIaMv1g2XBaDYcmzQn1kzFzjKS8iZlo5loUO5oG1xiA1O3ztTBIXxvGg1nIG/nhrtb7T/hi/BNqLu+8NaVHhPx1g2mSCTlgoP3LWdj2i+VsfkY3Bg41ruh+TUEOOgY/ecr2DCX8UxgS3zCxedInIURRttpBuaxlrjTYbOpSbsrZqnAFV/CRgdAnFh0tOaUOJcvHwrKjMkPU7gIrAAe3mBFPmqKhcQuSVj6HM1ps4cPeo2SFceM4hB33vM9Mnw9cvBG2u+KzG+RPpHrVKFJZ3tim5XmdOdHXQjALvu0DqnKJokcS3YC66MFpbMedBoO/hWJo/KO2gO9z70DYWgseT+Ydr6nloAElK908AbELnxa1+mo70UL9klyc9J5wEb5JtwDPnGs476ZQi/hQwyZo02p/jGUHs4L+0Axm78cK70X3xZbe0jzMVLfIZ8Iu6Pu4/DT7IzqdYS9wT1hkF/OAQNaqprEW2L0zXYj/1iAKWSPcZa3sd/osm6yD5b4y+HgMaioE6OJ7IC4MulJQTOy1c0fhA7NpoUwIo9Rw1FMJgGgmqxnis97/diFUZ+gTODt9LA2huObT+PyelqQPov2CaX7mw5A093U5M+J4vUYwfMn+SvEhSauhObjOUwq0Q6c0ka13D4GttkKHKn6ihIcTId+PET8rLBC7+HhVrPQqoXCgX5kAexCIOw4szh4FHFL6s7XybUvQZ8hivwmLomL94Jj1wKr4YIRE2ebsDAYefN7gVk3roJw9Je2e/TEDSfs2N77rjC0oN4jlCmaayOwsQmsdPOaXH1DZjRuHk1mii/Jy6BpHSbUXv8ocCFtv/jUOOGVduFgyxF2c79S0YPwjIPW19zy2qP+JYa0JNAs/FrylUS5T10XLrVnsV3gU7vqBaZxwM0D+wmxofBKwqnBAoxjsnoENTl9ZzRFNUx481nHKi1rMRnyyudJEWy/anBTVZb0Ug6WjcJ0dDwL+Gt9kh1GOhJIsIDT6FrPQAfNFRCpHNReNWqBSjHMQlAcG6ahwpva7Q0jhhQlcRbF1eIFPI5qvJZqpipgJcKMvzv+La6sqdxi4FTICjBP9Lt3ITmx/lP3LMLR/aZNqgKDI+vLIrHFFC7zIMl9jxNF4/BcN+tiWb75YNCElc4YFUlEiFtc+lVa5SbCoEagKGKX1trfq41iuTTukBWlzPwcK0VFI+u/RlVFBaWiV9QnfPR0awTEett6gR/XXTdM2Vv1FsV1EVMVtYUC27pX+TVzkNYp49Q0HtWCwzBWDvcLKVZGIuu3npg+0YARLOfUuELF/2B2Y2f4X8J3xCjNdY250bQFuhHMwz4QOMCDhYNVoJJ3SlJoAYEonDwZSXjzrWLbMvXfLLrhjOWSNFA8bycsesWHH8eIs2JQh1ABY3leXD5dtdAbTZL9RMS4c7CcwKdJz16xJFm6LUUnG3ZmUC2MpbwMGPzgEi7acQiEeRLO7eCO9LJl2KVwksFBVYaJ0NMUB24qsNosu2Jl5nRD+CHftJNksg4TiEArFjEpnmzXQxuct7rVzHihXCJIWXzeHnzoM5vh3BConH6iY/S+nFJflRqaiC/TvhV89HZIUtV5m2hznj/+bQfBv4Szz1uM3xd3gNpOOOdiH+nLENJlTXtu+GQbfCl0ELhT/dMDgJhs4yGkAhp/hOYwfZiyiZsbo//hAedLGsOuKOreJYpYiByjGC2IicI+0oZPauAx3J/L+/fwmv40Iu/8Up3DXUECjOQEa1VMNIB40wRIGVE5OWIdS5CMYu/llfhchIttXRwZUfU0LAALUysupwMginPuB+3a5ztX8suKZjcanfN6EvpfDaUIJav0VtxkPaS4EzLDAKX0Z1GJ0xrPNPgjiZOXS+fMjOAGMyZ02Pfe/FDWST4UQP9Ln8gZTm9UdJ0Nz78yCJA27Hv/3NquMYe2CLx2eGnqNTK7HRHKUIgQrCk8yI9PfyYBybRICojNlpcNqURK0UdiYz8Mlx/goKYDvgI60/S22rIi0m9g5zSjrZ98M+TiEO6KqfX3QT16XIFB/A05pVaiRqo4vZc5MCS6ZgY8TAtaOLapAaXjxtno4EXqIlsnvwD7rAErtquDvmaxR6XzXw4Jk2WibRueeCXxdiM8pMiGbBcOdQ8I4/+/aqI5l8ksp0D0/YoIM52DEH/7czQzeGzge9oiS39jlQkyoTgGRhNF98u2el9lU+FlhyN8S445jukxY6T6emL7eYCw7ZTHeoxrV+slafOAn0l7BDIUMyq+b8QiTfg6JQWBJoMWGNKEKUG9NskOuY/SIdYD5FT8hwL7/tnaQpaXKqoafHPicfHTzMKR5LAT5T88dJgSswthBJHHDlzxaHcEcDCd3C7RiECNN7w7eUCqZbkkr/epQpbgp275WDepuJvkOq1PwX54vR65an2iI39DjGVhzHyj/kE2/MCSSadg2+YAf9l83I/LqdMPNDxntVr7PjK3YIcP1pzqf0w1Dk47LUZ2MmCudLMV0CvvY87NY04qm2J4tTZstv+/XUqiuvtIx7PgpyeJUxRdV5bhN0IznoIjhPA1kcCfEIfZMOXovWOoedRfzj6FBWCXIM0WVG8f7vieNXswL9t0r+2lpAfcniaC4kT8Xtv0jo2iQN5bACpxk8MKjYNGHUDte4e13o7DF1ubGITTr1PdIZtw2YAYebzEbMyu1O3LcOZ1dVFd7N71NHIjdny7B3yqxR4Q358n/TI14aJ0SDeGlFYAUpTFHsP3adO6vdDBoD6Ob4osNGFGar1u4NMs/vfnGMI4NfNbJnAqmMULYUuhxLVH9OF1tXULZU91iVtQfjW8TjKB2M8a0i0gCGpuPk5BbOnu0HQ5qLRqU+SJsTyhkLf8TItKJWaMAs6aXME7sToByawO1Ih1SCeygdxa4h7T5RA8+J9SXBvqhRRz6yql4r3eBRgTY3E/Zfq1uphr3QRVMw/3ng3YB2HNpVCdVM4l40C38RJmt+Iw87TEFpBZS4LhOB9T8QR8ntWA5L+BKPwCD0EZu0Ch2ZqFVrbuNdUH5ANo5H0joVaWmXIgnKufm+pzrr/o+k6tmTFduXXvDneDPHee2Z4bxIPX3+hTr9R9+quykqEthQR0payfFGLBdGE3/31Bburl3cEkJJjUzXm/tUEpq/Xkxl6SzFPycXNOO/Ro6AbDhdo9SpXTHLVSeqrDtacv7ZEfPkUvLqHjwBfgJ+7SDqDme9/Xf4qlsrXqlSt6r3xy7Jybt8TBnrFN5uo7fDylNfh99eJGiuv36wdSEJjnCU58ARXVzJR2L6kWb/0fiYVJ61GCWZTs4T0PrTWThp+U1ovToeoJrU0qVCKU+w4R/FnrFcTJzawxiavY4cU+5sxbN6gNoJYBSyQ34fLxTfafmu0lrKWUKTo+tion37m9Y4+mx40y0rTkMOv0vBwyK3L28JPCul/MPNCSZzqWAUsCdjYLFHI2qJWkUEy70zXXZeGxU9WYAumhHLKXhx9hZ9nUOjcTzshTRJrdrYzcSRfOByLGV6aOujKgC8rzSewXKaUbZFPX49aQjHOOqfdqR6GDD+X5VDpdZ/fsjij+m2mypJkAx7/+kJpaX1ZCFIm199kCbwUhWr+Ui5+QoeEF/SxlTGDyZc7C2EdjrSzZy/6sabG1Qn/NbS+0rly2yK7/jz6ur6hdvVF3NNm3S9MErXZ4fl77R1sGWoBUz66Yu9AgMxzIrWkKQYW1aS2WshfK8gnhXJIQXLnI1ZUzbMayrV77VPToIDW03Wcku+tvsZ9BxzTzbB4eMjg2ebu8wBPuvWoDNsO5jkXyQJvRP9iwtPLJ6HS+adO5UN0T6BanTPa0qJs/NY1j2cA9FX0tqtetKqBtFv2InHsWd9cvSPZcK7wpz3I+9ECH8L6Ny+djgjT3CmOJb27cEFdlqI18psNRY7dL87mh0NWSHE0rlUv+lDWfNjBOnu2lRM6f4R/PPDzP895tCF9oLWPyBRD401Oy/a0wyI0/qlifJ6SifmSy/dfkRPaxOkY7fRv7p5dHuS/fW+0AK8kMi5y8i1ch6B2o5OOXYnEvi6iDqMF29YW14vXHi3XiZUthkt1QNQhPgLN/RW0RK4+36QOSEW0W33WB4gKYReoArXfzDvxOXCj8U8lWR5xtsrFUOA6vDT5w2sKicmS6+J9LSziaW3gVSk0VX5XAXn2YXt6Oaj2mT5cDL+0ouzQku0T1zWzvgiTeQ+GBMNN/8ts5PSUo5ka4+X23fE9mrrBAf0enWgrhPDBCMlepgQ1g9bPu7NmrcDZ55rrDI5dWJ4hmVV+mSewW0j4AQeaGjiuJAKn9/yb9xiaKtKG/nRLnnk4HnPN6grF0t5MewgT0QyzOiddL+m7hRp+IV0qR+ppeELJF+5/zmSRksNR46VBlzrarZfA6NczNRRqvd4YQ5LPMuhMqGM1HXibPGd3ZZKYkAI8asDmkdhgkeUEOV7xrvyN9nxpg6K6+oNdhD8nNpHjLje5Aq53oOr4tF9SK+o7theBEtx4BcAIo+QiLOLDN/M3e6dLWJW292hPx9lom/JnoEOLoJefERI0WJRkx9+tWb58dDvDB0vJimFQGEBruBzQyhVJXBOUjDc+YLEybuigeAhXtaDt3WafSb9DzCw1Gxiwk6M2zGT0DszVyhsk2sHXUcB4HoTumIdAI9fVbD6MxK49wrjuTXLKNwkA6UiAW30pf93RG8oH89FwQzeHsHDVoiyf+HXL7YLZ5bqdZ37db3NhFyhd3AI4XgfKcrlfMgVAWMuWJjO59c857PnTwj51BWBSAHjawuD4BxeQLFuVTf4s475nOdB8PAyrqsx9HfqOscUsNvfhwYxyUiFWkolmVYqRyJZRyeOvWmBthfg1EwAEjPxtZqelh/Fe6gYF2Tat7Us6WRAWc56xL0t44W6AmVsOXZgD/wCOVzY7XNPvb2XGd06DsyLTbCvmfSa1elG1B0E/zxbPPGQfQqtRlR04I7lSWgMBvvJ3WmnPz44vLBRkTZ82tw0pSvxJkt1wft2ijiBxLHfDv05mptRxT2w4P21eFF6uOHWyHKTnzbJIlLmQfRLE37U51BnD1BASb9qyYOKbtvwliz7nFpJNQKcmN6B5ng3lCuIcAkN4qqXpyuHyPbBvnHeTyZx1PfjoQK2k4GqjOJ+NfNa6yRaGy/L7ICDm/UzVxVP+TUQTkGYiCIGEA0XFcrrq701qSmat86y/L32Wgm8L4ZseYlPGSxZf/pLkiyF1sUS3D/o6uE8gExxYkayUfEKcViyQ1wmK8oT3I/W7IpLYIiBD9cC/wX9c5PcjU/yYVnAXphfKfcQHat2W/BGzDptLGht30rf201D3JjYzFN8LRHG/SEqRFPK2BPt7Mzr33RkRr75R6df0S/NyJ0mluFVU/BhCG9WYYWCgo95l9FlAoQZZev8grNc+WFFY+ZfKmuV1NfCF6u64glCnWBoZiyztdANTtsTRAIxOylAsjThynL+Ez4sy0QpzwZ8Jfc/5oZiXmy12gOchh/++CtUe4ohnBrBZcK2dEVRBbVrtq2RfyXwTntrjzPxvfMCwfyMJc1DxZ9EE2QT4sT/HBucrKD/O5jZZ97CH/Te5rKPBk4gOgnqeXoiqy9Ge1PE5fbtYRb5Ovwhh5G8ak8glvUGjCV8ZIk9ZUpnpLebmC3wQoO7WR+Vr3Z3w470eXxskuvtTRBc0pHrS3+7JOaxpujIwYGzYQQZ+Hq5q6N3s6Xb1b/Qzy5LNU3jo2g22OInYAzxZSQNaFnAY38jz7Vvj2crYMsevu+f2bnbJwlTKEcX0yWVB2/Ll/V+/UpHJOUDxeHhuOWE592v2N+tNTuM0Gad3p1b1ubz6WD4C4fKwmgpkvBRJdpJz5EzTwva39JR2qKmPc867CABz9QYusr+hUTmAJrNJ9JUHNURL/rXOYsZuzvizqf3LiRB4frTWpO+TNQFHA79Qkt+H87OTeUU99D2E2NUxpmCTL8d5GTeCbzDU/PUUkx1Upr1tftNPRNHUNEv7ANPBqwtyn9+kQF7uvxFU9Eo6Vkkdcvd3UIQxwD4sABvItXxk7U4Ni12Mr6CSUMRhoHFeLLsMOqJUNBy0nWvvDrMhZPh5AIo9FoUXFAfew47n/NYR/z7j2M0idOdfSMwAr7PmoobiuBJeDU24PPIxgSi0UPs1RUY1gldvlLU1ODMinAp9XpYBZ/BiQw8E9hSRCSCKqAc5SXH7pGvUnpVVp60D22i4C7Xoboru72/GPw0GzDyipMKQpLgw64ZzMRJQmaxnBNaLI0ip3WfEQbV+0TBK0NcSBCPbRHhjuGY8f+ayDsh5w6vG3TWXZPySG2MyJzJAyBVlVtP1HabE+BtbsglpeBzBg7YEIiXOANxtj+MbKY5LusA4ltSJ6+hMAsQYe4Xx9ES6lCXER2Q2uvoJ1Zr8rTTGnbSJ5vrR/vqehlx5M5W4JAMRfxWBNrHFLjwdHsQVBzUw7gG5r8NCb7OtLP5Fro1Tn6PG4d76jmiZkSRYn8FzRVswxFv+/Uj11R4tllRKgox1rjE/sp18sGRcQ9b6yieDCB2gF1BHpCUh2yvAHCfsd1GExzoSC1Ajc/r+t1+JwQ/MdnCTlyglah3BJqgRAVpcpciFiEIti05Sram8Pchf49I+I1XtzbpR8gFI4CwvRyNoimgjY5BhlczfDQy5Uwoo5piIH/x2x3l7A6AsQFEteXMClKr4hNbmf3KqoaNdX/WxgvzRJfi8vk/w9AFIfEI8a/59sA8C46a8/IhttM6duWRFUf9Gyl9jmW3s2Uh0nThg2rWOqEIVMiHDnM7wsiP76m4oD1+vN/Xqt07nZb4iCyjJ3w53Zo8m+dJ5t27qE/+s0ymroStuIL5B/UqgMHXT/QhFfDhyOBeAvNORq5XgY1vLwwczEcG1KxJuGwUbP+iWnJEYRt2wmkwZE0j17xVaFxUK/Ys9NZf0gI0ClqpLERfyCfmYX3YUZ+VEMQjO6NAbi6jLlG7SnsVujhXZiilGXqm17VLJqg2ECHmHUB84qfku+pEGeBsu1aUrFNC1/HLOgDI4TxE6ThjueX4tguuA1b0EM8a2zS61gJ2MALzz3FAWp40Wum485NwnXvJ4+kgRKtC73KCaIhrdhcEfFiGWQSl107TdomP6rbHbKP1EPLSOs5ToxhdlfWSNgJfnO3IgKubf0W+A4kiCBCVDXD2JidMDEjWNKu6ddual+htB2SrNIXWTJR2WUniPyoaBgcT1/jl3rbGMNleOaCiXxdAuHZWKbW2XmQIXrcu7SE9UAT0lATEgYj+fg5iGwk4dvvp9/TEOhhuLgVAhwrrJ2Q78iaJ9QtLCbhlD1G52WU8tIzW/m9F0apWkjWk1hPH7dAAB/nHij3StMPmHZp62/YSV2xkr6RgoSI5jIJuC78FjhZoSgmlsBRGlgXy5JrspPmceHGbtwd3zOchEkro801eeCSLBNp7gx64a+qaA4nU49j7rWF0ZM8hwHab0tGAmj8d4Qs++34giatELzpG8/UetQOc5kt67zly5qtvNG02oMSP0ERL7zA4e9inzzgSwlkjtXqX0g4l+eJAS5xUTSIkZStk24herAqEkuhplKaT30osXGO5g8neZVn/dxnZPWby+Be8slFwvq7WqojbMdDNLQ1x5slkufpbBjOgUVtQDmV0eeT1q3erF8/vOrsiq6AQe/4wYyimwORJ9NCOug2S7THOSByAGo1aBS1ZH4Qx8jWZ0LF8kEDg+2DGe5msgzHBwiun3LLltO0ELPvUCQmNNoRXeHmrIy3eOb4BFL39dEp9WAcHms3yQcfxazYrc3E2l2l43RJWv74H+MDxJ4p04KxcEr2PTYhLRPwFVHDFz/90A/MjngRNjgzZ/7dD7UuBv/P/+zFW+31aWKpaxKqqvLNZSahqOqaGN+hyojF+jaRfTIBNh198RUX/S94lomyFSpwPlrmHUKaM4g3L96wEBWDNWw6ofSFJfnztwWJ19MCkNMwyW9Gsw5cu/DTJEVRD4DwdBtTSMMPyNvD6vPCMfEQsrLHeUq1eNtquePDm3T9BLXhVX1z7/Nj/gqPsw/Hgtflh0XrNwVtTNPZOy2EWJlD24WdgwR4t+6bX1o10vF9N7pLKW/JNJ/9YmQoqzmcb3NkPp376fIQKnlYxL/d7/axUhwKsgJ/ozXxc3yL7Yguozop/BWiPhE1P4edgGhhYCGvTFc15+g/bflK+5v68p0ROyN3tB46ztVmMt+7sd+ZUBssBmksNifyxm5z2kGKG5BdI1aONWPoEr4sgyj+l3gQ1WoqvI90zDpCbdKmrdd4aGHxSEjwyIEgTuNYJeomPOnMoyg738Jq0edAEWPm6pLnR0R0L48Um5PKWN3zQ/HuktwqN1Pdek5Ebp3aL3aaN7NHKrHy8/vUjJXVNBT+0OvWFYrrILiqz+sLmksBsbqolhEESjv0YMJJen9av1+Au4dNbVXID4MtA3TaUSuVPWhf/o5lveRn89e3RgxDQnjOwPqu7u9eSHF4JGb8EAIHFDG0MQc83e2ndHllEBveWdWlNM649AhNODeVnByP2SFqBr1+OjQ6wvdBHGEexy0kwNvYsE2YIaXwoLfyWEpD0HH4CD7cu4X78YifWg3Qwh8BANgrwm4WgIyxqc2VFmjKzfl0fNkum782vbeLFBYe5HvDzY7/rDi3uSiI68ra1mN5LyxCtILCyF/O29vFj7YD8wNGagFOnZ2StMNlQONJpxiOyxa5W0usOGcN76fp5gqCL8ZKhoYmuGjzgprMfEY/dnO6z77/gtzyjQ7NGZDhplTd8iRLangfVY2RbLuJAMuYZK3RNRaT/0KWKmV/FNfWitjHu60CJPQ+bJKZc7aNvjZRj61llCcYklsRkJM0lr8vqHVH6+2ZPol2lcv4Vg4aDLrTTS5iIh2QFWb2IFbNCzKUWGor7mFHqhKeZuq+jbiGNVc6rrRTXPwn93TO6NuvjnvJ0ekYrekqe74GhrS76Wew+G+6HIzOJvQMtWsCM4juiZZONxmFGYgKl4PM9v2Ha4/1TyXnzR7ZDqgykedSEyXduKlpJ5NTu+2Nh3CKN2/m6QticNgPVnfAC+vpfhgmEJUNhgubzN9V+NTvh8lBJ5kjrg9oVDzvv2AYm8WEFsEeYjcJjRYsMZ9i/7l1EYEw2Pa7xZNChXF6J+7jSN1DWA4Ow8qLbkYu5APsZ6zRJTBJPJhNhSYcA6aC8ZGL6aE1uR6vZZxYJZTY+y7yYkrUWMPE+ydKkd27ZWUzsXbzh/4ywkiKzx7HuIH5riSIazFEUxFOV4Nu1LQJBjIUDmXHLDX/BELmdiqnDAv2AOCym8bAfOoSmj0JDtoE77/tLAOQGoeXuvXVyFWdxHh5nVH2c3Q2dOnGa9uVKhu0bpVNmrlSsNRWDKzkpt80xra27EqDjHnBluIeNjM5zl5IQz03YjUxP8t3OUyaPO+LcLY/qZZNzdk05dINDby+QaMxqIu3Y+PjZ92nTF1lncviyjJmtqsWI7EJw1Cbi4tT2K7nu0DO1Cim7Ptd8gkq8DHibsxrGNFDpd/Uz09REAgUMYmaVO4kvDvApMPVkWGjSJhvR73P137qxoXMNosZ0XmI1c+9Bhlo8yIPc16oJJty/rYlRaqFRwsKfMnG/jEvJwaqx4YRr9yupTsNaNMU/QRiQzmUvBVIJNp0tuSBm3u9XDwhNano7wxl7kG6svK0YtDFGik3Xb8YTbWpZvlT+vgbqtgDIpXVT59JK3xo1vDSvHgEBIOTEZIfnb5hl70WBV8pFf0j2UgEw1Ir1NrOa5ikqo01CNOWDpH5/iCUfcPOyzJuvLUtgLVIqln9r73TlE1sefb0yaieC3B4EIZtb9C6vCfOF9JeN4iy+/RKCnlHz2iYAUK/QeVhgzd1yh2TFk6ocz4vGJKrIpMJLXnDmNipOzWIrUJQeWaJyP0pLrIFJgwt6TQS79qZnRM9JtlSbA/ngMQkLbjz3ObYtnZxfeJ6pc+bR4VZpdiFI/X2lftgdB7lCE4OoW9iI85vg+ZTFWZHYXkviBkq9uSUwNjoyFliRpVXfhXQYn5khX6izs8dqGGQQT0/HntGyrxPojy8ioX0KZjm5XgULflY81TYVfSQ2KSD1095T9GanzI253LHlf7YTvx2IeReANl3YUT7OIMlLRvrT6V4En1HmrCxXyT8TW4q9A4g9vmJJmf6FaAu8k9srlyoy5SbHjeIqt73z/+oe2rGvQGcb7CoePRDNc332n2nbLH8R8ZxBlia9bVcETF65cA+o0oeY1liUvP9qo3yLxUWwg0Y8+ZVMT5iyiO9H0wpnFLzwK/xBYYu3b+BzRLQYQ4PKKzr14j5cbC5DKb3svPUTFR5y/Pcv+t1AmWnWjIpx7cpkhp85bJLm7pdmrolwWoa07teiqH/GA/MBJ3vgzDA856XfTrilWG8xmjoefHWHOHMRNxLH9q9Z79krhu9bVLj5HlOaeWxV1+0hZMgxFudJjRo/yIuYjtL0mX4e94jj3mpVvDnInUpRibQtup7GQegpEfC2KwinivZAqrQaCn+EUnCBqRRsi8OQbhaVwQazKvUAeFPKJWC2veVWiGIOsClxMJyXdzp4MILHsvb+bKm+0drN5+JI5gpuBixIJqsR6G2QXtVS/uiGCPvwkFZoxI+MR1aaoS+UwLdOhFhh8EZ5NqoKyqYtCOszCME7hOZzENqQZQDH/9YWXK0aOONYkSz9fdcBpjnFfVe641rSaQl7DxbqEcEdGyuVySCNFgUxS8gfYrTQOgI1PtIZshTMdNWYg3BA9r3ELIBvreYnGg78re7w1SZnVhGXlyzrVPpLocE2scMikJO83blbBpmQn1KqL4Q1LUSnMBwbl+xlR7KlQySrGmtGhQRJHOoPqb83MS7KSin8zfIQJFaIkKUdZDpQ6ZDVa6C6XUqbaiJs8C3pzf01bIkgkRRAyLevd0ImNFxf0sxXx7H1/uS2B10vCikF1OGFKr9UKl/e865ggn2+Y9zWNsgOC0E3wIR8Y/ivY5D1MYwutEplfC7NVpLepeQMdvAn/a1OZTkM8M7Pp5nJgbmVgeRGFgPs3mbtLXyf7PqU3Kf23wZC/2P6UgbCubsankiuKTF4S/VlmThlEFf2mY108T1t2OM9LlAxjwNvtPlhAX37m6vejJIytrLvQ2fQTwZSvHWRW6p9yUmbaI2oz22huL1NUOugABVO4kDGl6LdMFN+hmCeGOGa/e0/Oly7jTnTNykqldMtKXNRdTGpG8WFtaymajTk2+icSARYI/A3xUM669UZHZ7Ep4eWK/IydxBV6YOnmOaTs/SIB0j5EAR90s1OO/Zc2WhDUZiPIcU9gXEsebZulLRFvbp+cZyvrvc4W662VWOp9bDBhaa0Z0nqBnrRCxIi5fss2M7WrFhqrCqHAQ2Fl9FNeDEBnqeQ4A7CxoV9qKbr45WSVp0JMdlo5hNoSJV0ho+nTOfLJ4MlMybq58esPM4bDPMocZv5eikWxdHOVTtTfu2GzncofoJ6iJIwDf/1P0KH4vRZ+ecqb9fXQZLx+vfdbLPQ+n6EoKIlXSZzNlIX3XIwBSVFK3PV1hXG1eFvlruhK8fJEOqqz/MdBj2fSkmEvXDsYgyKxlp3dJT/nHFk1ZQOavesWoswqmdx/+ofiq+UHWSmjGK/gMPIXlMTH6uiFCGzh32biEE761frpWdbdDnXHP2ujy4po3JX+JLDa3D499Co/daCENBqmCE6qr0BiXOVnC8U37p6TFinDDjGDJUlNGigBVEW/UuUK5A8UG6P5n2Y4CtY3L4I2AzBO/ebn3rsknV2elS8ufk8G6y/oSqgUoY0/hG8it01GYu8kLWwXD8AevsPUUeKtsqpsIe0aof/jurFmHOc4bSmXovxRN9UY1owWjhpnVu1vfH/f7kGtuXqaPonYaBQcBSGlWG5kN57heHbgG2tOKgUf2iF2F5+6K4HNXKqK65NGGUukROW/JatdNu6MRma0QhQZSvR/uTmUhHWsPgrv8VZH/VeYtB4kFooXUqPN38py6WR1P59EX3SaS06q1XMKiye0iggPCXu8TSxOl4fytiIMz+U51GHozAmDIFyTbaqPzSkl+B6y6oi8fqJHra7Fjv7eC77grLthbpEKXxVjiza8n6uQ4885t5G9zDrawgnCvFsdvzEkLY876/3IV2zaEzvLaVoT9aY7SAZ300U5P754EKfu9rvS1FqZQ5Ali8iUHoJeBnVWOvRa1dHxdQU2VS+9UJ9WBeFYKDU2tVhgJPncDXv6hniJNZujRUKcazdCE3KHguLTKPMC8m39rgBgCQQf9elVPVhhN2473Qiv/5YgsWg4rm0/Wb6osXUSCJop5cvvCs+Qovn1cyG2bsrArmoqHzTPrxZKOdmeo7GmMfzM828htd/vzxW/3ogGauf6Fpb3iFavpPIzYC2/Cau0VLwMFA5kLenSgD8U3uLBmuDpjIvZu78QdQqHjsC3nnpiPPl0FKzyMovTVVIlwut+JBlD8qk157DpZx8FQe7NWTg5Yn8vw/X3cdwNbm8HKbUSYqkqcbWgoqL0Wtfpp8nrQn55j8JUHP2JX+gBXwia+WWZtDcsf0fGgIDv6NUv+kNPJkKjj8m94BIjy8gzGRNqEd/zDktqzg37JrXzEysT1WzHfhutJZKN9NHkCd+AOPxrVt166s53nrP/ytPFRX2QBY28q+UrEUhQ+voKhdWGwC2rddkEV1LfgAqttfzqMC5fbHbEVWAZcjfrjst3IaLSMzFqpZ/NK4JNLAsrO3JzZzLxdQrRw2BEL7h2ULnxiHmhatFEIrlUw5nusZYADpJGSE4uK89v7O3GLvVNuJxDm9CiiFv96COhtDq/1psPu4Gr0Q9pDZDXZQr1JkpuUYFOxKduXjCzgxEKf8kzfA4v3FPIvynSjGvcZHksl5U4EZ52wqRzoQiRR62obAVRgQti5Ad+H0kNBEz8Aso5sWCDRxV9e9oHYyeGpgyLejAk/OtDdX5x5l0OevV7GcwTCCeTz4pezgubA0hJCFhAh4BTeA13h6PktAexpgKXS72xCaNmaatXh9/oQgSPu2HouGUEkcKrcka5OCu++xxQcdM6sJegGnDFSDezLaLEScnw/U2IefHFxxPVFpYSZ5qZp5oZ4obLQyAX5CuP8L59vAxAA0X3VGYVmXXbCQCwkjQLVnFSNm5ob36eoD/076CugcVo43cfz1ixoQ+mMurdMV9aw/jD6sVyvqbyFxOArrn3SfK7WahJ69wYfSFh0lkZfH1X5JG9WBO+KQQNCbkOIx6vRT+Sxq+A+TG7Um7PjLUqJAy/fmCo/4TWL0nCs8VEz8YBLgxBJgwhKf4nCbdOM/iWR2WKmWRF1NsRZIgmJOVGHcx18kxE6pmRwzYt6ktGlDdO51vhjFDDwrCnJBgtVehG03Ne9RoABL7RPnS3okB+q1FQ3WFMmNNVf+UByRtN9XXzJFF7S7bt/UMFXADW5RznJ+sPU8ziwt+Y6tOUHKz90prEnA7oYR5vTlVER8qt+JGsv1kmr9SwA/WphFX+TwVq8y+s7pHIcxenSHVBn1zo6YWaU1/xly9t42ODSj8tvDYmLX8enc3HjnljpN6Kxo7t81DeV4p7PcMUjOhUzBRLRCx915Rp2ggqxNoj1OzvzKjndG2ZUgZsaBNpFEdCv8YwAjEWXFn7c7QD7v4AGHpvJ4zNUwmShQmN111wrpEKtTMdmJDVo8lNEjUgv49fqW5gASd/AwehykDGkS1O/A3rmAF0aO0HACXG4evo0XKjohz4mhvetoR5t3076f3KPZFQEa9tsHIqXAX60eRP4fkKHIc24v/mihafRAWsveV2SVrA+BkCJrzIEHDqjo7SuA8cZzexpWCENH81xYv2ZU0gE9PWyJTfGNA1NgOqKSxOqJ5IsbaAfEW7bRTgLJbvN44IzwbXDvsXhULaewvvFbXeQI63+gCKXdU34+TXUAFvV87fwjPvDnv+JbqnxGsFjFjmE2efuzAvRIPVTxg474CGSVcarMpUIltpKqE79IHDuAR1m1nj3LWL6FrybO/0tyM+XQXMQ56/pGH0OulXBcSQdkpYtBHq9Y8lURWkql92JKLBP4T59Guaid/MPePJDvXqSb50zuMgRsi+F4C12oxSIU1wncIMY5qiztq/vj2HQg+thUgulMbRbNxq3xHcjB3gYrs3DEH44QrFOzQB+M8lWTnNCQ9YrbI6uH+jqvSJjGH44m8tznvzAuwsJcWkNNN1PDD4+JKnTRpDyFXRY8zsOTXWwLGou3J8YZEQNTi7aINqvH6OnbcCsqvAhAHdQW30gWfr2crNiHwo32aRN4OTv9C2fHbEpzBlBG3rghLmRutRsVulQ5muvV+fYRNKDTlvcQYFuHK1U1bRrdBBBfrhfNZQY8c2ePG7tyTSYT7XVn4ddMmVExV+9Ry3lCrXkTCQ5b5iiL9rN7SpcuahRosgcv+kfJYhiuT6/F9L/fozH/bEH1Acw2QAQCpj2m5hBD7d//jdD96JUdgIeZhDqOVkXRtfQhkOVIaICGLNFfdzGfwUPAOUL4lRKqqbQfuvtWZKF+ccKD0QiKKsx1+4/DKyeXb02EDdnuSW92Ktdph0dcOemyz0h/i6OdSN58UTLVkHtXd4xXTdHAmOBpYweIvVCsVR8rdfzvi7PeM48CdDk9e8GgJ9PnaZZgVBtjW84OUJHoBT5RYj0ffOdce0jpiitvIPXL1x9TQfBIbbzmtS9kEBsaIIsxiglewDFAT9Mx+PmB7GMDmvCl2VZ34yKsMRsEluyPjA6CUEGTdi2YoX7vQwW/KTu9ZvhPkXjQoJAGASEd08dc1Yx6ybfEGPyOqwCt1cvsu06vk0JFUAw1TXFE8NN/zKOLKoYrd/CdluAZAj9BaKkhB8YZ2RhcaaRJ5JZSRpaRM7XPhEvoDys+EC+1cd/MJN6EvKZdVPBH2jvD6ZMQGOVmWdC04Fuf6yfTU9MRBsdqKGqIgxJo/UaTKyNq5susHBv357FBoAjxdCfm0pRd/fDtKtE79P8UI3P3VeyV++LV07582kPF/EiLRSdNWLsmHOMJyeZI+uGmFiLczA/0S1v+WpnwDKx1UZYnL+r/LzImdxJLtdJKcS89l5upoVkDY0/S1IL5u2FdXEb8qE5jj7lgE4QusFoXTAnQ5ZheOpgM14gbZ06lhcSBDDUoAFsWlkyejr/BnZuTZ784/8SNjmgT0uldEt/XJ+s7X+SNk62I6klyb2MdQfu13wzxSRE1Z/zsQjwmRyfE5/TJaWqLL56ow8ahiWbROFbMascmzD2hCaINXgRPepwy/OCxQIjZELR90/WJvE9PFFJk1ioq1OwvcZ6n9UcSZrlCAOW8r0GGJOuvnEuC9pqPn46+cB3B694926Uuypy3ZemD8bstzkx3xrywdCt7Rn8QqbpczT2gL4p0i0bQQdCaADNsl+kQn9FEwuRrd6QA+P+wmcQbK8qv/cBxBtQQJxexBUqR/UMQHNppP354sMmVQe7hdmDKjsZwzFtlqpxKyDyA2FyZb/K8F+cMG651v+vY7l4M4SfVEzx6li9q5EE3BPTy6cerjs4IlrQzJT1RTIQlv5QmdNvg/39jeBmn418bJzGUA8llZXnpTkh4XBtOV59UE7hK2fQ8ukmbCiFym3E9e1UlnTHxLV+jcEjK/XAaEin+Vf89mJ6/AwWvv+h79m4mr6k0s16RYCYbdO6Uz2hvp1nuA/MsG3eS1168XXtuEy64FsT/LzL0rqucJjxt46apUtVvMr+Y6g9DlAig+EtgQMJ0YIZpWhOq4PAFP6y1HHyftqzhuZGzR6ykziJIPUCj+dyU1B9jxrdr0/9G1LeOdwDXKmWCVPrTUSYAdxoju3akkSwkyJNObYTo9wVZ2Q+t2M49ynGrucP26T7xLpxEb/rwoNpAh2r8OPEA9G+dHbTtf233hUh5nTChdV2AFnWYV40I4c8skHS/96Z4g76e//+//BHYS06GimwrLw+zT1JYHFNP2eNvPoQxEjKhnd1v49q0fxS4A5IunoMN80hXt77JWECZfIv/yTWy6/d6UsENiR9hwb1K+Sudwa5KIkovvfL3aoVAstsOs+YKgnVGdTP4bkuKoXN8M81YM5piqbajOsJYlUztwmwuL8XG2uXXuqroU+w6YiLlDr4oNjgZSmIaHLGBZuttx6yN9xMO35uf01WC4pWgfJvXiZWZuEZODJsgCKdpktYPR6T+3m6jSAcSm6WNikazlUJnqAK2ks1WsXsvPtpqDGTkC67sbLy07GJMBt7V6SqFNUa/K06H8xNiU0Mx36Yg1kHoZKZdAab2bYzx9X3IXAKIrx8+RV9cfNeJXjovClcxRjqs1MIbIF2jERnSSfeub+yar8Mn0HLdM36A5rfIOVUod+gROp6s848rMDqQTthqv9+W/KKJ39jS8iE1hn73pVboHr6xebfLE+VmvCGqW5PStoSwO02ZMRy7obKn/1vbMEYhKt7xbaF6SfHvB2u24PBrC0GlYw85oihepJAeDv3w1zVqtPMY9bQWj8miVpVklbT1skmkn/oqRMIfgyNNfyCQkKI+laZjfPF4bIborNlcw7vw9MrAGcvtILKFf5LQxv2VoYrUElWh1dl9VSf8TuvCo/9/tbJYyQxTo4ugrX6xaTCTQT6FgEZcnw+xKLzfjQqzSAhc+450bE8oC1n0v3AgYwicJVQSgm8Ucjjq9j2kXwxJx25PCOaMEJBZh/lGzMJ8pqAXEI79Mmwv690vewBEgthSdKy+exeIIZHtVE+Yf5nCryXSekSWMUj+U9CbMqraPkHzI04rCIl+NGYTmDoQj05W6LQwOL+zTPkxs4AtTuy6Jn50WtnBciOmOCM5hKhvUZKuzFAOPyyyWVgfvkhak4q9I72fKyLJuZ+yEwvk+qrxcQ1BSceaD6469AU6oJuPqFCqMm1viHH5C+r6ayKeWSYZOvF+kla+hz0fHy+ouRPji6GBTuIzYdyOFV5vFXs9sHHmcwd8JWntjc6RzKJsFkwiF8Mzeb9lYAOq2w+8mgdW57IjoFxbC3PTaJPVtHr59WLaMhsYkjDx1UgI3Sf8lOKo3/FgvV+wT167o7vGUFNI+Lbl5+mkOADDneBoXXRZoUAkgw1Fd3zG+qx3MKXsFtNOY1JljgfsGU1VcWw6fxZ13fnKWJcSZf3nsgY9U/wVtd4OPpzcMM1B8WCrO/HzjBElC5lgLIBuJLW3AJw5xqDhgFtbKBS+70YtYqbIbCLr2PKQHLI2Bh+0JOMNbSJEGQISp+lcTkCSe8PGcoQc3VjvkG1pB5iNi1VuaN2zyzTrRVatE3AJqNs5z4jhaUKDzLehwHgVPK5X+DsxkBEhynXoqz/HI3ta++zkuxGQ/zEgSg+IVTvWlrqMDYtOINLRfGG/gqVl/2FddacTU96yc7yjRzxL7zYmkD+C0e/37ogViItFVl9o1n03PZ5KCrrzd9/Y7Brm0e4oeL1abupL24ThhhuenfoGOPwQTe0OmCDBLqe4oX2V+rIax/WsaCOaBI8Mp/HcHk9VE5KLVH5G/6HaOtX1GRXiPxJaRkaRQvWmbog+IWxaDgNArOUou3XVesiRK0aKfqNpEOIWeF67Ucc/jkRERROYA+J0vn2Fo0j91Yz/SwetGkz290pwyB6+eax4s88Pi5AzcaWHx6Soy1c83oN+DPYtmh/OYcP1X4Jf4aNz3Pb7ymNWDIUobApEBO2uHzzP6Rc+Z7sLxnUZAM7kEGCGfMrzXz+GmwuZtHqXQVWquztHch/LfCiQ9bGPiWJfDnglhJ3xMB4NIAVAMashrZTHZP4CZl0LF6eK1VBEHbl63p1SAutJKJM+quxK3n9WyyaWBBD9VrU482PK+XsTWTMaCZ09g+7uiSE387ml04gmol+V8LDhrxFYkFbfhX2frCLgoD+yUzekEabMtCaPEp507anjmtUfq5BwqUZfc66X0ByNaL619mvLXUDSkYu7F7lPLf/XtexeoVR7tBPt+89pIwx4e+8mVu+HTER6yraG1Y4/VsSjTw5PUAgTr04PAjdPw5Cy69p0SiZWVPb3QmeMk2APjsOJXQlFDgO8cBE29GjeztXDMBpFpMdiALsQuMjt7Tt3eNIlcL30+djJS2c71hgEDXgcgidd6Ln+HP6MjwphiwMdnuwKGzNC+aDDkK+j9f5EMIMX6xme0hi+X9MHgvkxVEMf2760JucEU830o4M2OBaY78IeDu0vY8dKIpknsMqQxeZDul5V0mNEgRUXLiZShXhFKizoiKCaeOt/Q1sCDzbDuWshSg4VV5QP5gpo8cl5p9uQoc54vj2Wv2ccGkSVfF6rxQpLgof63HDQKL/CgvFLxTfrXaIMT34xsShX9t37SQlqUQYYUctsIL78PTdH7rk6y0lVjoGe2MphUm+HmhJ6o+j/O8vY5y7GV2pf4tSq+lmc7MuRYr9+JfaOMLPc8pGar5lY7VtSNZ9jko+pb9UOa1TEtSP5HNVPI7tLPko46jBW1Fg37A6fbS9mp1No3DjYyVBOu88SC07KUPTixCM7Uz0cxX3D6rDgtk4742t2G/PsCQ15YuyTCMFb6GSl6BymmwrPP+9dVXxlGTa/LSzlDTugKU6bWqSu8U9tkBvLtyD0P1i+JBj8ae59Va+AKFkkBJhwX3jAV/v6jWJkB6rEfNBxwVZ8fsqesWqN8bQk+n25me0y5ckV2dE3TCEG+C44Y/iZIpqUu+Yk4elAORAgo7zXzXkkisLFH8e7ulowvMm4f6wnVqmYUUVK64CTQUwWLybtcpKTenVpN2xYLS/sllGb6dShOBjBOUCzEoOgqS1N//7qfAVwwTpBrT4mKeN/oRdrIhx/Jj7Me2o83tKL1foRE1OsRgkgEtRS3qATet+xc8mVj/dH0CRCzRPRL5R7kMF8CELOu9G79kpOeWv91zCnwPNc8nQRQhlkfMOHtQKlsDl0At4cppoCJcMsfRoS2r+NnacxP4tKF24b17ou9Hlr6uBCOqeB9x7IIhUKIe3cMpw/rA7PR9XX/sScIChOvHfoS6vyLkYzPrSQPKvkVg//4famtgdDwFghsO5WcnHvDYGCFO6Xy97/kJ+AdUiXH5+vvO9WGhxhCUhkRpnpF9CMB+0pWwDBWdTVFXhJzCBUFoAcz/slX8IjyrNE0lvfkBL839V3gEmLOng669RREs/li29n7eyhpsuWoveGhPS34juriGgiNBvuYm1x6NOj5jlsXr7OU6y6oZ4eJUOvG7/rYfeqT4kPjDn/BrvMbKyhcoYaDRVBySG/kdR113efWZzlX4RgVsjh36xDn/k1WIpQcuXgxIaR4+TbnrI+1nae6/6MRWSifItIt6v9u/a+/XCdLx5TPFCND4nETIe6xiiz/TFo+G+V0v4EKjwPX+sJJAfp6pdVLVR5OETL+rVESfUqTieQn/OvfesACrI9V+Em/5MBpiFerMhT6VfqjBIab9fecSLtqbVTz1H8N3bvj7ahhSLGAV5p9i4GMx45U2BNT+36Dx6jKw+5e9CbLWw0O7Cl62QsOjvLPnh2NY81mra+i8LycgygtBar/nr+ijB5Q1EH+7P3jbBu4YpkLdhw+aFmoO2oDVMMQnyVhLG0eGalf90/IeQee96LldQenISdMH1R70WTgzADDwJjKlJNPcTqeEgL69HuTNxnr8BbxvJCH60Qc9bRQ8aPtGMtHF1xjrbRC+VCSHb45PvWRf0MLvRoUJW2cTdQSpRKSr/jqcd6VEcZNMr517JWhBhc9ddwMtu2KlajvGI35cGrmx3szFtNLvn/+AWWSYLviiQQGpqEj0XQMoneC2rgttgwYb4gOjaq6My+iWW6QhJa1Yr4q8kIeDhGpiKuvQ4dPTNDttFAl/Wi87RGXCCxHZ+RGTwlitfmQ+7cS6fViRE8CwzNde5KxfWQElW5wZ5f5yxxp6T0HOeA2HADyHfLnSXcHHConiSKaxCb+/Lgf68rYCyryIHrmRNjM5p+4guDUJ/Ovl/ycftp7OR5zJHaHuCsEneeAXW5Yv6LvNoN5/myZ3uEuTVBFEGC+DNFqbKf3boxsbQ6oHP14i1AX+tyFqD6Rx98hfDP5COfldrFqYx8fA+HWB1PC77OkLKklCFliuwemqD09JCF1p4V14xqLoiW/QuiJmPtXpmp+QfsTExfWdmIrPNDlXqnT7OozPD2ejA4+C+u93UDg2kMSxBL6WhuLa9wFMBro4AFaH7UjO7HQimNJAC8ax0DWeiPAIL9eRIM/PrWT+RvCv4ovXv9AoBeuKzv6QOh7qBEt1Vq41tbL6NYz9ie0HggnXEpntt2NA+P2axPbusFCdOEw3TYGKhVVC3mhw36hQfeQaORv4/pNmXHmmzPX4rljzsqmGfyWoP5Ry+ODSMLu/dHxzlX+jdw6uPnaBRlKoBfx1COqpqr9qkjgCHzn+7YkkgPOD2360ka4gZ47YzRDhA7NnnT+uMzAPcU/GM11CNM1tAazhMWv2NF11IjqPW2oaM2ZJf4PlTlV/ScsrjX101+N837D0dwkEg9b01tQIZM54hFGelRA86kLoO+Iz/jL6GLAh4g1Aj+LhDtEgedx78afNB/q3dp5nk4ZWU15paWc/+Qcy+EqBYwLxQQ36T4LSpJqHlc7otds9KUqiaNnmeK/LkB0vuZv4kwKyNW7V/G8ml1UUGT9z9nlk3bRTTi+7YbEsDPfLHAD46xhMSmMev9gsPXskJGttw6dq6vowkhoCO8VomNhN4RT7I6XvEAz+SlcxM3nbS0aLT80kSOL7J2942ICtIQT9d/3KSaFU/xZhUuv2G/WXgvMd2NCTd9eaoPGi4lcGzCU2eDNDlsmYesCK9uOIfhqcU8zsFMEILtH26R8rZoRHio9EauAEmvtqOPDHWVxSwl/2njfPcVckb3H86fudnR6YsQFmEq/PXxWZb6u1XlVLHCSeYEcTOVLD5P2ZzzzxZMzU5ouvmhFbiqT6ACKyI4IYfNQkZIMVnDIS5SMMAYy5QXUYpyiuG/Fcy0g+1ueR82e+h55TzfZslmmPEiPcwiza5XutQ2bRYnAlMImgUN+4raA73jk21te3RP9dqpa46DId6iXEnzhshjzTmyYlyLPYsZFNoR7TcBoezUYvLKutBEM/8BUFdKOmH3HVCPBhJscIqfqen+KeyGmcEh+GFMnxtgdymg99WxFZocUwdCAY9H713u3HWWBzzmHrtTY0UBOAXyt7u11Ns5v+yVyRajslPbWNfNXUgUHBjajc0JMevxLCuIJKtMJevVghYKXHWUHTwvDOL7Zy54uXAWgVO+8gspZDJRKwkkUUPFiQHEwryEeWyeMJmDZD7itePi2BpkDhEOioBhiVEDGX1vXSud8o52bvgwaALuqlufpNliqIH7m9NHg/Odr44RwZBsk+RqHCz7RcZIbPdL76Siv9TWl7wf7SL/gCkki0an80iCu0r8RAxfZnpv8x9V7LkWrRlujXnMfbgU3gEe8Tb9/w3pO4r2+Wap8bXRFVJSEJYdaac4wxHcfnLR3yoPdAvxjchvn9CaLjuevBryX+2FNtfD6SygL68FfyK9B3rUyyp2fPh2TArxYU17HfxcN0KSQ8fEtb7rs7daGTcUnGZC49q88XxeYSpEKUPwLmjmtxGSc+yqwIrzbSD/rLsXD47QSD/pHMDV2a7b2oL6t2lv/h0QUanQL4r1pLzwgN81DNipfk8WswuW3kyaMxa2VtXpf5JRw8zZSU0yb5rnemi33wmvo6L00HtwBt2V5De0wRWhOocrwpQYvjJYehBRIhIXvM07XNNC09hdKwhtlpWReWL99104P3neTMbCESYx+t6iavX/b5nhT9rUf1UtoBrr8J0mRgeJY3FvwSE5DyGklJoUnYiV7awhiqw9k5FsJ/vSLgf851CM0BfU2fsciyk//Vlk0Ble/aUZcsT6V8TOvOTH3HZSw9T2z5KYJUq8SDPy1rO3pXWb+A9SkuUHrBg1q85J+ixhA50R5Eh+fhupl3cQ5FDVKtkgdBPwlxkZ/D1lhzj8Vu70thS6Mvigw4q3mpSL98I1o0gQuqVilKB10PY7pJDyY7VPI9HLqBu9pL3SZw+w4yQd9L+LcgOj8F9bfq1Pzm6/A2v/bzMlxRtE5CJtulGrnLibSaHwk+LJcqi3b6ZVpAU9sr0VEkp5Lz4liCAB4T/NAEGzXCokMnwAvStMxz7KHmLLP9i2GnNaQwhTqQ2FVK/0W6il050G5/kGpG+JVXfBc5V7Ta0sHNB3XPw5D2Jh52TjzWxbmJkW4mbpvrjS+7UvfcN+1eF1oiKMXwN7AzOtXEFQyc21kvr9X2+zIuug6JeGaMwfLdQqRaBPRf/ysmTIcn1K88Kfgb+oXvk/wdwyL+FReWt4V5pse6XNkVjpPJk8kM35hV8aCH5DS+UdsjPAYkpMkDGZabK9IOz+mD5ud1wqkjCryv0cvWzg1Resz0V6lUBHcOI3w/U8hiEtV6lut9m2qrKQP5SG5KPHlBih0rA7UC/gkKB5aUlyJF1SOWfS056SbOqoXEQ42LKfIybGETpcScM1BwttKbkJIbW3Zjo8x+c5ECFJ53SFChkvq5h9PpfeugloPhPxAq05aPWN5105+yavxaw2YdiJHBop9KOAKKnbOn0NTEBofzfuH4rwyUQ1AWstkF5Qv4ay5+d4RUqt1QkYS2Xt9Dzh91FoR4Yr6izShArLbUm9r7AoCxhj4F6n63IvoljLnx4LWCPkyUCOW6nb3Xl58i6Lvq0ocXqJ5f9hhqgC4n0wx9VnVHVsVCLds3Rb7A7CDh+KbP6QgRk+tmelIL6LFQTw4z14kQfTVvzbtUSey5Ku0j9f0NsCWW4YNKth+DOMOiUcKN9Bl5uvxrJfYjmpiEvRGjdH7fSaXXupl4S78E/7d/Rhw+9CDGq1Gu7IbmTyesacnnhvNDOIyjDLRuu6cjh8lTjfqDuSL3PT59uRE4vfp4NF42WHnaGP3wA9SJzWh2/Myyd9ELctlOthiB0FrkQ054js+kJcbf+Q8e7jFUOJ7AbscxvRiB5ulienb4+/DU5sZ8j+J0AjC+uJhfxKAjsW5cpqn3VYlINsiWKtyU+aXWkSjm2939jSjWVoFGT7PeikMyWev+GSEhkHayeiC+4qmUIk4H0tqjnoTjftxJzZ7PoV5pxn/nBV3RVaoFLQYecd4jEF/+JBHaCrRmmtcSVSUjdy865ww/s2Klbls1rx/a1CT9hoHWDwmupT+zWKN05MPph1s9vLwBCCWSX1FoKHjx2lzu940+FWT2Jb4MQYfSlXHwBFBslb3H/yA+6sOQ7lVee9n9T+qeW8n4VJbuWBW4Kn7OrhN4nMhjc4OJGLYvWUXQQWeYB8CYdG9Nu+3rhKRqDar64WP7XRAz3rcCTZUMh+suAthuGaaU8fKfSKNJEOj8KwC/2v3DYo7Ds0aURkU8Dw7IMwXmpfCFgzNbBvd+VsW7x2xpr5MWxqhflhxJ2YXLUMTijaC5K6QZ3QhqI9qfmgn9YgGLZJAC/w2K36rTtSbOmbJhdUvV8LpFdupVXrIxSnlFyguRRHPYJNzPjwk1cNGeoOG50g4uVf114z+OYVdgsGGkyv7r652mSrvAZVKKSv3t1P6Onss53dr+4Ee7VZ+NrfSVUfzyFFxMzoyD5qQjoYi5kNrhcjLfPrKA3vg1h5DmIjyuUZS+TaXtLzl95qxkksMAuDRPhEpGkoRJSfyzE3Y3ZxAyliuE+qsqFU7e5MTu0r4v0u/AwnARLOxanuHUukMCQa8VQZObSV+9n/MdNCxzG+Kc8SVwSUjorad224omPcxiShU1C+bRV2uR606cSP5gHBWoH5wa56wYyvUPRV2AoIE+ROx3oSd85bBBTXkZWG8vNbzRyylvOdmIrIuh2BLGIwmevu8SqdtaIi3JyfNn/fsEoBePACWKNftfD6j5UKWzO/5ZSUxSlAiqJ7CTrOg7ColYISxWCOUfEdnNoZeOPjq9Iplmr4APk01jmHx35LTrMWJ3szMQGHNbcrpHzSdXZU+JTxZIHmu80smIwl0WMJLX08X6WsrRamxVl9HnF/idNZsJuEU1Zp3lWq9cKGRlV7eYUtCfYJWP5dVKw/+pBKDOmJe0wcnEXw6DyzWbc9Z5ZpSGCqrZfHM0qeqYpYOYufdRaaU/ImeH6tNdHP3Z58TN+TQiq+dzdi5qU+JtK1rdpttX/NOwYTajfmBEiGBlOZVe17tPQzxYgpquuHX+/cWXTPB14cHP7P5VwPW9gAbJJid4iuL8QsZ4mdBAZHeZ7SnyPS2xXEi6I3+1hP8irfwYIUhA4C/IWLdJlYXqi7GRARZfNvpdztOifzx0YMTH31gpIgdGK0SKw5B8AZ2hnwGniuL9wt18ru+/kVwCXzss1VU1vHzbu9jdn637zI0UBv/AZCIxOc0EP/jeOLg3u72pBN3FhL5ey80/c19gKm35spkcqcf9+AyHMZfOZTQbC00k3NsXAYtHHybNZB1T5UD8HaoyRpk34TW8YHkuXy4H7xE0zGB0QuLju5m8Dj7hzaXyrkoVdeXgF+/ma9LXO/jWxkuMI84X9qUzmfOQ9soV8IQGX10p6ZGHrzxKTpjzEA1nPw/H4LBaR2uqhUhvFyMahgVKUOLXZZbXG2GDjKfHGH7tf7WFd0UsTSee3SAR96Vj+mBpBt0IHLNK/lkpQ1sLs+ScEc++u+qllk1Ffjz6a0X97BnDCB59leY7UBKytX3W1ZnV7vNIL2MJtVPAqCM8stIlTk8HTQ41MAw9nr+dsmaXsF34FgMMzjhPPQhW0HKw2ktOvA4GVyDz5uTiT0hoXDymytOs69kRWxWn0sATswWzp4ts/ysS0oiZAm7mZmWb7zzltxkDZ3q5LttGUpens4mMVZKV0LCEH6wy4iWzetC/cb28l17XvhoV7a5P16kZaS6jeWsqyYXKG2XKZbAP/L44GKtL/E/VQzaJfh6rR8s+gPtejJLYBjLJqpo2EjUrw7EMfsOza55EJ0NTJPGUqROU94zG38n949okVqilYtjnj6y++5DJTuQlPc9043t+9Z4M+iQwMDJ/JZpPbK5D0jXUfiiOi15HS1m0xNQ90YcZ+C1IxR/hdaxItXbGiB7QLvKr6SSgrwqL3Yy+jq3DndD7ET0bvA67+/Fo9+JRNI2h2tWBLMimuRLJmELIRcC+Zmg+fIoBkUL2VMiVHqxvm8P4RwxYPO9MwE/bIEL7wWNifuAsUZsG7RmqSpg+vxCkLV3IQoCc8TaXj49J6sNtI53E7/E1ycTX85knLYhdDom2nP8S4RR2+Rvh3hI32elHLiJkBFaXurW/RagsvE//dZsVIvJvwj1yfT74e3mqQSlhRAZ3uLcRMuHftIT+EgGxiQMZfufvKIrpr6sXAyGaEwc3SPuxCp0L6+MIlei5s6Ok2B4p82TIfFTT/xzs4kv+lalncV7fp5S+qfMN4MlKDX87sDzkNEkahttXme7kRz9DCMcHUPB1/HXEY20oTSr2A1ZwFNi/NNi1jX7svfC8XdwnJ8NSIPFWj5DDD9a7IXlX0JooK91iNafU5U2kJPUyK/cZSduVbFAj3Ex2npewCdMw/DGpCh3nK4G9bpdHsj+CG4nCkXKc80hLTx4LLhALs3vh/iKcEH4uIP/U0gaRbLvV5thPTcZVBzQBxjDd6mkM7zmG/L1LICn9ao+DnkflJGPAN26kXbXIJO2ktIFqg1/x1w4QxdHPpQ5CtrcQGQD8+7Ty64/DeCwHbvIkDwHu6EO7KeeWDNulXUUVABGEsnJPcix+t3ZjaNjVlZO3mvVyhR+qxWXJRBByAQRanz7t/Y1LGk5Q/UtMI3L49I/q0cUiWF3hyIixfCb9m8/VuwAHA9x8ZEXkbzGxfzzMTnneovkK0z1O7vcJ5w3WEGSgUwnRFPWnrGAXr3DThTFffyK7TWbw7xEhjxxk04aw5GUo0wCWkPpR8FPDMVnLA97hAhQ+IOLQ/BmH0L4UV1m2uOGptyGMYf+blAduYBJCNoJ8xca9C/Y3ECX0ziCnIk2xR2yDqErSpRiCA0TGxOS5cjSo712mVDYG9q5ulDG4XXd9FqwDjQT9V1kvPYLLvx6J9xXlhfR1wVJX2zk91wHc/Yak39+Knbpp4/1Lr2Bt4DhIAfo+6c3awSrKBo/vK+Jqjaudv7QVAMv0cNnUfHmMb8c440qXGFn+okXp+vMyPYWgowRdXG+JbmqyeWn3ud6GBvBWufvjG9zQI2NRPoxiS5TgbsTC+ULyifCdleuZh10HJKmc5xI0oHwVf4G6qAditWq/633sVjZ24i86w67a1mwJE2+smiVoLZn9bYNpsk8YMsXw0iUrYjv0hwJCi4ZGAxP5Qcbs5a3dhzFSkRqKKdToD3FEff+oCg0Ps3GkCJBLXlydfa6gt8AmT5OHomBk89B+rT3iT4Vj7vPzEc3DNI+hJEwLPdOfKQkLBGmaq1EcuwkfcjxA0znGenebQHvuZ9Z80QyfdyfYdmZnx1gattF8bIGPJeGva0sjR81YuGA/LEAJw/RHVLNVyNIDdShIufQpuvzvJtGedX0V+Cw04ldpL2AlZtCbbcU1VtyS4q8ChPpAAyJvev3X6i8+NP6SEZCl1L++E3+Rr8WQeLZSJ658SzOFawKjjTE8ztFQzmtxWJ6mnqMAvjel1vIzd5lEdnz4CUlWcD5qYk3idxUUtSosg+PbHmkZrGzAGIhFS2jDgq7jmfoKSkTKZpEX7xFnMx2PRDel9KzICVWM2iN8ZDEyqA7YSZgij7D8DDpFlPXphZpAWFtJ2H9qG0tuItT1jZGP8tphbKXZxudviZwQaLpzsYFmB6/VaQV7wqxxrZWcps1BXMYiF9yzAE9V0ZeOZQJeEeMAzG14PCCBP3HPqtIY80fLJK8jEcUvzJBnnHJzzYeZir8v/9imaV44R8Da+ebtoBRCX7yZm3hX/vrjji7ip6lHoqYXZ2FRy4E1OgGGjiLGzZqzhsg9d7t/8KW5pCucHafIp7FuvpKo+/0Eco5/iJxApAGPlbEXbfYDueIj9stLWtqSDSCHbMe/wAKEBTkCXZ48XwwnummJ23UkKJqOg66BIwaWvK0IyCzg7O6Cc9+zT9LnxnL9DzPP+DW22pdl4GlUx6KXKA39JCIT6IknXLSvad65VpT5qT1DyjzCjsMCDB//m8KBUMRkhpJf24UR3h12G7fAXvmAwi1xba9NXYTHD/kwsFzMX9Qtq2tujpbJ10FJrICopmcYnvRSga7QYAutymenmsrECJyl9+LmxTLWzc63DTA9PDle2oFSJeW7QDHdMBDvprbDTMyAREG+PDOdXg9tJI6f01/Fh0+XrlT1OVd1lCx4v90o6NGrhLr9+sag1+T4mq5Mo+ueekkLNOmBRW3eqO/qAgsa/16xmBzA/U+07VdEZApLEz15L7mcppLQ6Og9F8i3p1CrR7dBQVNkQRQF7qIcLCW7AJzLlHI7gxnopwIZmQcJz1/oNl92LDGikHC9Js1SAG9BlxOPWVtbJsXwCjdS4m/LiwGaY4pv7Xmxi4SO0gGPsGFk64lFFDAKYKTeg2IOcqTHmUefmwFh5+8cnHmmIUbk0JmgeFaTyNI38c6P0kA0ULKfk5ppwCV5BfW86typZd3KkI89TTB3FUvDfbx7DNvA94R43qZt2MR47a84HDVIQ+Phr7huAarLEmar4idZgst2ufy62ENeFm4JLCa5hwn7GQFfS05oztvfVNa97YPod87Ip84PJC0N6B/XIuQutyHeknEYhR7vK6LqjqIn/NxEUDKG/KMm6rce0bPB31PkVaU6wxDomDliuO5V0jyjuXyibtMci+Vk+O+2Csa/PuQgpxESf2zrN5apRSI4dt5suG8EY8LsJyYY4tuFQLaoQApMbO2/uuh/7ERLpGuhXASDH4Hb/SY+J0V8Ps+xct/6MC+UhLyBy4/w90PSFEHBxPnoKzVdueS8xSiUpNWE3lQRgA70y1p7Pjvlqg08xjl9ipUsyCYq1vr6RT8I+bQuVB/6udDEalOiiVFr/8rmriK7XcTarpoTaPmlR7ATQGJkkiqvF0UeRbU8yMXrM27ruKumz3Tyr3jjX0ghrC4F6EjDAK+4zWtXGjjDM9f9Pd8ClQXAyfo+9F6BfeqGpQcJ3CZBGlQnCV17Gh2h73nBgNFcV2euqXneuNSxsbCxbTKm0xD0r+A+Jd1XcEtPHcWhGUtVpbJ21b7knYA7q9Hf4IJe4LwP/nU/ODczgXG5BDWkwBaYfvxBfglBdZ8vd/bXbLCVgTwk9Nn008kbcgy+Uqhzz1+bQjVWY2XW5eZ7PI8AbVLlQSSyb55tOawhlV8fIhsd168Ku6zskiKTrff7s0dAsCu3oZ/ieOZZkhDUd7GkrPY3+cc4TFckofxXDKb7nJo4tKMC+d64V9jntIRichQy4VhOr7RWFfntUGbsiUWVEPyG/S9tUbYhEP43GmkoTRa+njrcBOIsvQfug+nwpKtG1qe6p4WV84wiuoODPnkRQJvIPzmn25xQiDufhEQUJ/IdFNBnKj+yRLWThVAvaWKb3R67r8xMDdn8jTxgi/R1MJvVTp7T5czehDANyQDWsUAUicNWbqbsqUbE4WPEoX0hMrJpqJnnO66AJa3nPZhggTCMJUFJbn6i4tTuVNtauNi/RrkJgCIJQy1rHnL9YnPMnCTZ5NGy/GhWkupKCpZYW7qW5QAFEGMGpQ93Ozdw9jKKnP3lTcHO59reqiO2MoXBwmV9lNozh4eh+FhsQHMmBnuZeiUN3M9D1/VqC3KLdrN4/R+wElRi6P7KWPJqjekOIvd4OnIpxAeXimUdbhFzswqrwZ5nd1pTxCxkkFTQX3PNOvFBCPtKaC9SZRLv9ERObMbtoktUPPqiWT/pJpmJELsa57a1Kc/zJOymYZCAJCklCAPb6xRc9l+k/Pxdf7NnwXAzpq7ILKPFOveEWESDiby1hSuyM2ok6fWFlX8N3WzrhemrG4g/ps/8VekTqb8HqN/1IrcTJnWpuL5xndIyIPeuFFWrufJKp1vlcPHvPY+MZnGtk2LF8wlKMYXHuwQZw8IYwpBIXdtCXoPKFG7+l1GxICMB3ytQJYnsoPJ5ZRPXrCf9mRJVzT6l6JwuiJZ05b5ga9Q76w/BpbHofI7OvhFqiEuK6DGrjaBInyFAAfH9Pf46hpDkqFHnKYzSKdU/96/pyl/aBwpSyX+fYLwskQSB6yrDdF387T9l+NmOM7tU4TseGja/BVC/znvfEPwwnnoLLY6gOMt0bpk8H/lknj1OteqbFV5x0194yxzz0zTdR3F4lku7cymDXcJOz8Tlm9VtlXxRgcRgN1sdAq+OJs5/TZ3y94Lq0Lqt3GWx0OYr05/Mze5f9LgKk925M8AHI9Y1Qv/i1N/Nwygw/Z92oCmNgIoaQfz5QSIKNQtZpy0xRjKnV87El3I5GdS3OYce+K0TtjJD8L8haaRUrDlFHbj7oBSuyQ8Aaa4jFnap3yf0Z27uK7XfR8BMXjUQTi53prpEXPODiYWprWKQ2Zb6FtnjTis/DPGOQwG4MCR4zaVAkEAhU1nVnZa62kEYMisX2GMKWu/lJeum+nIbum8Ete72VGPplJsqQIw/v5zXPlfHGds8waNfQ3zNU985FG1/4qPCnoEo74MLBn+1SSfaoEXQUab+wLeZnpi7vw4vGI5fspSiuSKF9UD9WvZW1KKd6Kcz2YRaT13GJk32cWMGc1Trh9EosDJfumr+pVHcrVvulsz/ZUcBhfFJr9oQ9+Ov18LDB/M8aL9TUM/giSFxgbFUcXla21UnZiibL+TfvgZZ7kOhaSZVLh/33FlJpMvJ3CDWzOJlwQKVRe4ESfqXB21YPk3gyWRe+cYZ60WLmZ8vfxIVufV8ObF7gWBZixh3eC43vEAYZrfuUJaIxD5pefwCTWiOi3A60YKe5yNQ/0JIaFpIo/XiPgVHO5gMLB+qr0Fu3K6uxmw3bHhT25ibCbA+ZjW5ftXdku0hD8xLVv39lwbIf42MPz/og5Pf/mJISyVx6B7w35PwRHsq21+2boJyO2Yxusjb6v4ZQjhezq/CkXpWuPB5OS8BBbt0bxTrN6365OUKb23+Veqwz+XLKXzadn2Jqz5R4fDaugDiZc1qXgtql81tMUFNGWpvFw7500MXrWIyjtY1EHB7STVr8r1GhHGv1dIvjIePdfAI1lmKqXpcf77kXI4MHgl8veEc15hK3epf0v3js7+u8L0UUzCB5HlR8uTCKtp9UdRNZG7Bxl+Dm+dkRYALkVC5pGk31a2Js9ZYhdP3tYp/NXg8rN4fi65KHyFetKVvefN7F/GBC/vnz1V8ifc8aFEWx5D0Gv2yC7xnJyuoc2L81tgHUoCUuv/tmq9aqmhWfLrPS4E7h7E/6pQ5Yyw/5t14ch3CyuuUZ1kYHmE3KCCAnbF6CBrSDJ0uFLQEwksOxxv68m16envtFuQUxe3Jg0dFHA/JS1ysS+DBRA1fu9yIIhj3e4rW2jxBphg5uyynpkEUu2MAi/WT2n45VVarLXza6FfGvFbmvwAFSqYupmU8cRLw72r2b6IP+ljea5iBcchqDuBdUEhyI8fUDlnR1GSck7KEu9D9KI2s+myE5PRnHIXfTPKlC3m7Yz0/h/ZYF/3orRSUjRXxXzDPRaDBLwJtooT1M3tmWXTpYXs1JVWtn3xBhIdfOw3Ie+iNjhRC5KWxW8TG2lXYpsjAPMgNQR89XjvJAQqd5fezVXDp7Qiq9oLE6pMRUNyUURkuXy93L15lbeIlAVuCzvuKRvqXa9Fdrbcaj9DedkLcuvIsm0FuBPsNzwBBmUqqcGYmapO1FlvQh9tQu/u1QynsIBlfgRRf1RAr0k2iyec9R555AKyVjhVqYCCusD2szjgd97D3Pf8boSCUSm+lbCNFlm9L2mC9VlP+RQRvytgCpdhIVWoWgd3/N+6xw+OtH9E6U+nFLaf+P/vJ7BVwwUUjKz/qUn8zGmU+PQu+K0cuW2EWT6Qg8RVRMAVIkmV/FT4MyoFlYkrddF6bfEHrZootKfXMy1C50CxrMiM0jiAjzgSFQ5PGXSN4uADxv5tJI7QXcO9+h7StFEERE2HYJ2bzEMUXtBCF0iTUSKqxfUySidQ4Lj0lsu+s3k6ZAZtoroGYPQ22D7JEKj+W7OYrGG6Q7U86f0X+GauSmcSQF9myoInY0gW3GPqmYV/2cVcTy0l691yzpeYA7zBT5QSuBgPLtbRw7Wq9eFv2fcvfK/ZYh922uEvZh50EnYO7iet8yDAMjv6EC7Mn2YzSn+8TTYOxGdEXmey7iqhU6URnmCU9ZWP8e7RFb5w8eQzdTwi2jmgdtXdP9hhe/4Yj9/ygYyRXSXpg7RbEbXGfRxSln7q40i/iyELxaDC5lIZqTe6ZySLL3MEtMzTTDBboiiZgxn1/5kin6WqKuMp12J1HT0xpkDNhMbWukgJEMhypfLS/TF8fBaaCyvZyHQayKCMGuxwXTTiHAikxL5nESaxAvn/pLRJgjiQ3CKUoBqWcjX2fMdlob0kMjKYT1fZI+ugUaVYWht2sNtX96y3h29rRA9U7a24qpkOernEdknhJ34POZgytcKJNNi2Pl2b/HQQPtgLTGjjnbyLiCIHGRQwCbJj/16RMN+BECKaFsfHetzXtovTuRo9VFhmm0Gva71/w1g87CJ6xDGZvWugoDQ3EFoQfu0ZQWmekBVZVecUWByhhlERueDmq+gSCoOcFTJN+Fgcs4fTe/QlYnoh1Qj4EnFg9L/lwobKdW9VeSqWqyGRjJLZ1zuSPyLc89WF+iRgi0rif2LEHVsSSJueCLTD0CP7BqdXWDbZUBYy4xavT4+gDfQ6o0C8kNtvX1/28ySTsZwzobmLkBy5COCUQ45/fBeAk3qkyR2ECJSV9dXvEzpFrOr41UdNKnW/xiKI1Qu0cyJMCqLwjSfFvzrpYM85VeeEdXytn9y5bmPdH+8fQJKVgU2wPviq+15gskEOoRLpAF1zfCrQO9r0WCU6/F/tUmME9vtvTK/3vrmzhkexZ4B2zaGEGoUQT30QJOSqGrSn4X5HxhrElTNb3WNQXm4FIIC9j4FZkVNjULo8t0WuWvXJYSAPpLgx0+CdN05wO9bzlu7ZIfYMtuy8kUD7R01ytBezZWKdpkh1rcYvPp4AF7JzYzf1oK5D/mixo1V5DuL7qSo6p08/XQyX9jAaENdgJjbNaZp+BifmrzZFzY/dW+utAgLx0DviSv+ld4MDrUnhg/45PP/57Cwk8R1xeUCtsVpYvaUYL0km/EwEIRkQBHZ1jI5Owzh93Hs1V5T4IEYk6cjv2UwhpyNKEr/asbQyQsmWmxDBe1zWKI/h1qzXLORlzsKpYGnk/eqpnS0eFKBunyg0p/EFxM5hBfKOX1N9P5oE08O218lICBpACyNcqPIR+74b0zkdg8uhrHCbnOawjL23Ib+v9eLAYVtXusIgdq/tAnvlcXCUkFqBvsSCCrVl/WIVPFHLVhcFcRqrTdEGsbCx99l0RaD79K9P9wWHbbDK3V6r37GgcJjm8li7OdcVNEvAhMsbr+c+cvNofOpJ8qKsnjX2Vl1l4mZ6zmFkJKTgRAuvCNRP33+iZETG2w9T4/k9cend6YYTXzwNPEUWDED6wQhVa+1egDzNGwvEaDwKsd4wbATKPYhRMrBLAso2TTA0kUEljjA/jo0i/nJ9T0o+VVSHzE33pfD47S+NYzR6whmKuMQHjpLbmBe41Ek4xuahnS6G5cdSlItzVZ1Z4bf15rx1zM9IREpEI/OUD17v9KaZw6uCM660zF9Rv8nJ0xVkO1q0XRoZO8/vw+WEVPdeIWvzX3qPXXKRHofLXlAzNo11xGGkZ/DdHusA7NI2g2AqewtcD8lYJNqeBTBmdpoavC0go3WIYH4LUjEiYOcWJaqmAL97L7GkfF8aaazXpDCNjb2kwdVUo4BQ9vPtnQUKLQDJ9JAOOlEHRmSn8OCRVrpqFb8hK9OvnKQlEkhGib7Gje5e2k8Vh99uQdB5wAgMoykhz7FMmgEgX/IT0OJQJ9OQe0VOaqU0tMiRY8RYyMsLgVCBhxWvQPGTAPqvJNh5uBH+V1N8ey3u+qL+0hIUotOKTeo5BKD1hZBZjO0q/CU4maE2hKWqEDa6L3BExv5xt6nrqSHbmsgPRopdsa+WNxhjv0mAhtPBkQ7jzwfMppFIODyViA+GmvXwEYFIVpFvtWxvppaOv+zNVXsUthRCoZQTsuUJA8Okm6mg3Kn1NHf/6M6BOl1irXS2T5XGv0uAP3wtu5/ysgWX/B31fHPI/CPTShGLc/wdIrgj879BRrHtx/T+HUP5/UHa4xGIain19NzL031c/8Offj9z/+zn2f0jy36Gzyff6v8PQv0N10VT1f78Lgf8Pgv47nGz/DlX///n/cg7+fivwSBdb9P3/XsTfxwjU5P9+xtrMzcm70YzPtvfpF5qf/v+HU//dSNL/in/f9+/Att/9fwe2OpnBh82QVO//DLjpJntZTpIWvTltzd5M4/v1dNr3aXi/oQdfYJKsq9bpN+bs1E/r36nQ8u/P/3MOum8q8LP7NL9Hk20uMnDXZXMV72Uzf7+S/t+j0P8eeT/Okz35H5T+9ykizOPLcdnGZwz7hFSxmsBL/DpezXvV+5EO/uFklpbB8cZoR+X9f3r+3JGNjcZFOdjZXfhYSFToA4M/jodccmIoT21Xqzj7vrBhFgjdpIMekxO0Mr97BPwHwmApQRAHWxJR3SJnmHF1BcZvCjK9n0ItbytcaC8P6l7nosRykmVtnfEviKLMv2z88ffxCqGLBz+wpQtElVRzVdffMqyULG03CB0advuvR9cfMARGVG6MFOC4ganzBzAm0tXVVU+U6yi+vdxfE+OPG3Lu7C+pw4SA1/jQ8NFxx8ywYvZ9vcNQYfxFY5AIUvIEpmCMQVlBpGsY9NOIP7n/F8oLBhU03GP08Zt1hAxXpEjif/YBjoSccP2YCHQtT6NFogCLeOYAsBDsR31FIcPjOS3fx88aETDopQNkVOMs5O3hCfacxw2/nEsRHB8erSNAyQf45pLxHQeybMIZKc7a/V+QUZ1cSpcXsJn8qCNrIYmwVMzoHisjJ9d2sroW3b9Tp/fwGWISxG0Z2n/PuwQCJQ5n/5Pvyti7krI4z6K8X7rDTCuFFdZoHBOz+lgzo2/ONQtHAEgL5E/T1R6PHgWRTHcAAQ0BSsHasOXjPTgpFYiGobQfup8iQ+wXyi79LSjfbPeP9rTUWBKy/KXiGvctW0z7gYDE9CHbYuGxJQeCCYw6P6Rof0srXqgk77g2tvKkamIkIOfr5hcVPw1v35v56qSIBv5S+k4pmpXlgeGpQXh5BBS2b67eHYZCkOLxvjWYydGmu4UN9BgIRnb6piWWQUlbS8EvWPfcxwcKUHNi8yP5ZJMmjJUObpkoJsWBUCAJ8OiqysFN2fToAGwibeZLqP1ipWreeimBBYWXp/vhaBT0zespOUJ1G3uzDUpxwCqtlMQJHcEzvKcff+bZoQH37QB9Tw934P2k5k6Fq0oO+uCSw93OKZQXseApqupNTRpb9cSrWd6Cu34XvSCf8ojOcp87bw2kyghSZ9PUaTlTIXgs9C8C4Mu6mWqbkbMP4N9YRTNfpRZqH5TzwktJb39TViYp5exmdaSbpEH4Df0whqmkwZfu00Z+xNv+S6JtdL2cBEPJLUemgh/if4c6YXL2kt0O16a93e7oVlLYJf9mVD9zsxiLt/UgBOKldRoranpyTMClUi/s7NQmje1CNTZ1pqf9BjLV6m9rgoE076J2rpflXVwfeh1MziJSMWGn5GidBpdQwl+KojekJrB8h42QZaOVbdNVpuRVg6NV4ManCqhlc4LaKdPL8G/h8iOLWJ8mb1Tqq61C7kCG8OzGfrU0IfV6P+i/9UliwcKR/jTmSF5xyegvd2ZEYgzsn4vMA6exGrIEm8RtdPRrxRF/SecWhvnHqvLaVBS2vDKa7sQvLPwCp8ndQ5035WLKE1/9MmCObIXtZAZ5Xb9H6DnLzFagGjAfKvX9iHcF2iKs2rc4xh2mghGw5qRR4/M8rCieaHatzbJNhPCZuvhPiHa/rFIJO7EpEtfD3LtTDPcEvo+xDfDOSGv6tOz1Te7CdovjdPqiUPM6Ak2Bu6ZKmw/8o9VsM0hux2qG+zH708i0beG8i/q+N9FTWY0nDaWbmANgAQX7d4jGceK+MKYkG0GjaEOmr7V7HYegxO7kqc3FxKJgdfeqd1VnrLQCr5H5oQ8Fnd0mZLlLOGxTz9t3s48YAqEimxmqPvlPs4r0vva2TwuRu+QfJfsYrPwzJSzVGFP61HiKlTWUkmLkf71qNzby+6P+5mTqxDZZ4bSYEPnXwB70kWWwIiM/z5K8hOTGlmqZrmCjJUcaGE00ftP3EygrOycPNKAfDMSlPF4RRLywuNO4rCjvLNns+sMr11w5RAiDq/Rs0T3cDtfqCSvhe9PtqvGCa2PpYemHMpfG48kvtrlpWV26NU4elbtrguXoMz5NMuldMiq3+x1rNeEFHumVVdoizU7lbPygDX5Wc3M1354c1N85jcWyp1ixn6Lkp34tjt9pW8SSDRaKo9FjPlgUWLuAHj97wepsk5pKH/yFSvbtJY7pESCgK4FAvicuWDAUlGl3Zg1Nm2E28/XNnThpScB/YfFUvMplOVjzpv2nsNIMSZ6tAvfn0YXtlVNmQiMyEEQFxo8Kp7Qa2vicvt+LBTx4lUOfaCPeRXNMICSXzjyEznkfh61rVFYBwg2R/NtvCXX6tvcIP0V3K9Kk8Ud8xzZKZL1TSCY/ZHZVOdWt+iaYnGbb0XsS7M193GXyqou9gL+s2P6oZ2YFUQNG1R/1QYOsjNN5lHrgE+qyy6bsdSVyXypyzhiqt8OCM9KMg8NZo1H1zw3EyP3FxpdwH78lNvHCON8I5WS1A+Bxg3/zC5ZQN35i308BrPlt/lk59uLqLNSfjiXzFO5zeQWOEEi+/l/j9Z6rRQZSK6HKv1Y0XFig9QaudsSHKYVCPrZBFW1G+OhSU19/Sea3jfA+3eD/AM2L7tudyAzK91slxkAkKJhK6nw4LqCNwjg3dCW1zOXzmw7jf2GyyTyYz0KCXU3YHwvs/CewbD8VL6uKWu81mi6gA0+v7zOtg7R8IdhCpMAe5Lt+dQl0PBHsz8a/r/WU8YQ0e5UCmV4asE6sjxPf4shysZ1ZdKa52/N8E73NXF6iCVaQrW0TjJQ63becsxdx+5oTiJYLkph0P//oY+dhe55Pexrqo0VpA7dfeZWG+9Cg5a8iU/AI2S/AV+q6RCyr807TdKzp8BvrRaE3qKVb9iyj1nM0ucLvdR7Ir1eWkaU0qLtyRE9d7mXs/iAQ348xjXvT5mE78mj7KJ6iqdY3+cpCTf3lq9AtB1IEeIs2uNcL9IGkNhutYpZLxdwSObumIB7MFnI1n3QeOd/7mmXKIJu/mvnYYJZY+iB9T5WpwM53Wd/7WAX6QHhMrWHNos7abFKZt6jTbTPVC17HJcI2cvRd1XG8LiwJCmCfSzGp5bWOh5JCkr/vm4npyz1/jk+trggctZv/WmIQlkey8WWUy3Zd/qdlhEN6YThuWxdhX4n/wc3P9oRPhldEVlh2aep49DnqHbuH95QhHlisrna/SdskKvJaG5FnmFOLRRYi1b/8lH157edexabxcp/ZkaEZ/L8ya6FGfuc+h/AzJp+CNXqfSN5lrD9St8iIc0eHr3oFZA9GmB9nL/2WpH1Xvj9+fJFyL8sUXXWrnSCERscq1iX8E51M/wFCNPL72H+han8NCJa9yhQh+Y2Z1ZXuHQGiR+ta6TBzgf0qUSJZIOhs3+ciLraIP582sqoXtJzuGcf9s1ohtsR9FHj562we7m/CMGufBZVwhrmPgdYgXSyIPeS3n0ls4o7bezOZrWM//aE+6WSs4U32F4HVoizHHHLx1yVOhOfCh0hbUGR/9zGZz1e8aZ3HF90K8b7eNWNuA8YMLrKN7j6rs8cO1MidcH1HHGhgEmwTPFe44k5do+Bvkhdno94tShB1rFM+vH7vannd/5R4M3pC/Av0MTCer8vHhhDAeD3FUCsvn+4XkIm782R3s7eQZCdbEaasAHGJ4bgf3mPi601EmnTBGCcUxDxozcZPhM0cy3mk6T1aTN7nM6uXXWy7GVD+3HE+ZovACp1j9hvJO4rkIvj51E97MZssjE5KPdpffC3wAlGHv1NSEIuqCQJu8C2BrQIqeviDiJrgS/M4bAdwPy1agXN2X9eQbjUaPOFSOYURG2f6zde1BVa2SgIcE2AENFNdj6Qusa4ITNhTFciVOUcdDSMJMDoIE2WgfYTq3GT5tau4eZ65g/VQkWM+NbeYdXkJsJ7C4PFukeeuryGX7SbUdgr/DKT0TVe3qaJA+cV/7K7oRAn9mpBhC9klc5weSMtP7c6w8HPLvxbkklyGm4i/TiLHCZGk05yI8hTJw/rVuBinrjfYcffyr6hjKlKDxql+21lrfH7ZaSlArBVgZP3X1hIiTEWtvhMGAbX/+nJUSEf5LC/fwelGi2h70SqU+cApl4desqSny1zy/axCqw6DFLuJOtqolnHkWkxD++cnqmxOcecMymVy+zT5sF9cPby7Dt7nTdtSWAYnHKxMiL476VE05K/hkQBWxSSIHD+9O1ifmaZBxFkFXKfReJc5GWznMOs9T1sLEdLCWxzQ32Es8JFYHvTKsVYfqNI674YroQ0+Mk34WXXIerYfxCYUODN2Jc0qrXHWpkCe5HKKAuS45s+uTuw+b3pVMlCmgh2igzX9pHW6tSx1llVm0Lp9Swp9ZBrW3pg/6Qyd2L9XyHB8NjHFaO/hMDcjqvxT/xnLwwU5CN6NuZ2o1DwB7AgVRWMjMkUefYmqxvuY8dfyB2zRP7KtUxeop23plV1O2qjEnozpRqVn5vnTELjCNB0p1i5fy03b/i3GFjPFev+mqdvHO35f3/c4SNeQb2poc/XbBgV32c46034g3wH+1PrUSiNknhvpi4ovuFfm3BAsy2K4qs33CoBOJS4g5gTeL/KS4ZETXmKOjLhncMPXqm71s0DnfHlIxP6Sjl02oaEFSdBf7NBMddYsus/DOwy2/xc378r3XVz3W9zI2uVU2kgZLj0ZVZmglfriefmlrsnIDrvQR4Zau/3Nzh+MDqh4ngbv2UscqunEp1wgLPNY9HphSaiige91be28IsTni6uS3sZdIahlxGI/+zcMiJgd3qV2/HtJSRFJ7qf8unHx26RH9/wcyDWdG2jZjGWrvD+ndMXf1+kKgqCdq2OhtbJsvzCwKYpbs/LiccRW4RrZ9oMV+NVMrNM/aMiLCDpu0ofMVrAnBVVeWiUB1+o5YW3DTDyGQOIA2LRcLAKFRUinzMtSK1r9ixGrX9oqNBVClEnGRE5xc0kdtkApR/W7lZ+8pzLTXq3xV+RIDiJqAhVJ98qXrjUw9jYjYi8nzQuSg7N5MLCm+SF98GiA+VnqJZRbr06m4wtW15hCCO6e0uHiywCpxa3k9vexcVA9WsVr88xw2x/LifZZ4gxq/AlDNXWo2r78Ju7JJhjQo+dBPPDTppzhQqYSs9uO4C77TPq019XGXqZC6ouDpa+vnxIghqU/qQe7AoWf2/y26f39ZjOqakv0i1nxRTLWc6Sboq/K8Fww26EQ9EHy8NqLdW8/BCtlxXUCM4qLaLsxDvejsSaRjg4zt1LHmjAiF9FXhcI2qbNbiA5AQxEuAwH519Bu9dzajDfRDTqf45eaLVG8NnPyUfrCwUQ15MVwrPPTxbWIXvja78lPtRjo2PELfizQdeUDjr1AOM98SFE5IZpJ38oDd2rHoVKXRrlW4UWEqS315VqrFp793IgYsjK7LYlBVRsv+Wfkjvu2xBRZkNk8b3lnfMV/jtrpitfSGRFug6DnARasbu1AnJCOLzt9450uJ0UbdNA9XM9cpTVJkLjoq6wYumn0NyMwhdeLqfUINtdeSWOgap7rqsVemihKfyVRF3Hle5pZW7YtqEivZG4HgqAoJMQFkhXVUdJxds9wEGrmNU0P3PCpmD1J6KNKGsbvJ2L1X2yEBsAvr568+Gswh9EFRdHgsmEGfQ7tiozL59ZU+lZR/TRkfdkx5bKtDl6hvjIZexXZ5B8PuO4mhoBbtlWCvZj1XR/aBfMEQZrche4H8skQESUmE+on92AekUliy30CEISMCJn28G++Mba/ip0ulyt01XKEUxBjrpe7fIJ6q34a+fJB97/GZ0MkKhuZpcTfQErIeB2ZEDIyZESsLo3p6c37+OAuF33HZlpr1FFfj+71fLrqZumvxxUQFYqrfZI93sOmKBmnLSat8IdLLjAmnQlLFMt5cU4+XsErkCWzSvGh5UYsrqzKPRGGwjTF1lwjSYQOZVN28fWE/xzgDH1dz4BBTJEliBOcXXg2ZOxTmJLOjwk16foSaiehe452KWl/WlspHOH3ciihx1sGeFB0NbyXtgwNbXKVE8g+jfQuYGos3D8miPyW8dql3ofxj5RYTkycqvF1+KxGqe3IOF4ebJGE/aghMUUP8RfyBfH39ZcdKPRLam9IPSYMpCvFYQGOR7bHebfBS7bARnMILeWI+8Ixt5Cgr/biJXA/k3A+n9HCQZc7345XH6vpuSe5PYCOnvxqPpwHk1YWF/pvgbHwfOdZZyAr6IDDfGDwuvAr8YI5Dx9TK9a1cw/MieHUYcxB3GpYCDB6z7KX72HFWfWUD2qymBE93fKg4HyVwuKIJy5MEXlX1MvrLuXLy6S6fQyICqz4cDwEbLkikWF0+CYsmhVU+rL5/YBBJhULgN5ZFz/qE941deQvHDUcRyCdzAbZRjYn8Gqu1YLRdjk98YHcfcj4UlXnc2l6S+wHQT9f62UDQPBkzPK/id5XvVOpobW/C2AKR9tZAiflPA3cISjEPA6ILxVNPZ7Z7DaLeLSTLGfgXKo2h8kVusosK/0flATJShUo4hUA7k+UBOySh3sgs3dHw5F72XrBDm/g/iefCIwaTTLLskg7sNsOJPIiT58pv/FEUElD5Pd2pCK4cwbc+YS1hjkPqx2RIfCbpP7V8f9L3nstPa8j2YJPVCdET17SiN5JtOIdvei9ffoB9O+q6mpzOmamT8zFRPw79idHgkBi5VqJROKrqgpr9MMzIjyjiBdlwL2M6dSdL3zv22zO+Lmjia0D9iFAQIqgGzSjffmt5GHrENb3Vmzv7Nm+OUIZjYd73LKizSIRmG1rtGt1ZIqH7q26uqmMvMs+QmXYHFpO5f5HrAfDnrz3+6D3m7ZpMpB4Ht/IAoh1C/lgmCoMEkyqtDnAz/YBoIEFW/I08F2Wtprq847IeK+guA3DEWwssXrDKI5yohjBpOXgazMheftXbmQ/t7jDodEzyp8eRzDUOt2TfpH4WGO7Yp2R7bwC7lt8E+nE3pXNSLHU+u+NDCa6FOk72KpfaZCH+6BZP96SLv1MrvzbrfPby2fe1UeGhVs6LK5xbL59peUwocWhbKRg4pgwrW9zWG/U8eAxseQH2910oYQjv60+p78jRb2mqItfM0xhjDuE9KDJyfC32a2aM0qg2+BmnRms2NUkc3YjES1szAvwaha3uA33D5iGRDFD80MMg+IjW1t8XxQ+vH5jowAZQIEcz/GB9EBtNn62I/NMtgmK6RTJ7rfkXAUk2U0GSx2JeOXpXdq7Ty9BujWrJesspzW+Oxvp+32Ign6hfBdO2cL7HaWVYHfVvfgKiFsEb4csezYUq4B5O7yG7tWJD5i4MKdsw+9vn2jv94xZuldvSZKFa2Zf8ntZ9PUSV5LM/ctUir00TtzspDXVmwEeBJXf7KYXxauZek7w0aTEupFSIh7dXJVbVOfNzxgzw/UCZNXHJwwP5G6oN3LDfK8fotbFgw9u6AtDCvTo6NPxhTyMtEehfVfi9e1ArzPyR2OzHg76t8vHPkcz1HclPmrGOaWvlMX9q84M2tC316eAF07N86SS/hFSRM9WOzbMsr8Jo0fsv+hYj0iDvP+SwtaQpG7ikRy5nFrMGZFo9eKIR9FynqjIaNMTahuxSB/HVOX6Txj9HKnNgutZWun91pGuSTD0UZrzhQ8NadNfwWVJLSDvulX4OQqHZMtMcjTF8IXBJU8R6PxcDecPPlMLpCGSMKYpA4N4DMKHW2mSJ5bMD64FKoY2nvHpyUirYjWgZ6LzOYUoJuYib685jKgIrjKlUtA3qGyxEn06VHAYfHmTeyTiWj6m4kygqPco9ur6cNP1qpPuVXm25VJJNY/8hpHLiKGjkj2mYXGqhyUv1+eu/KL4EioL6cnji7FSTGOvW3PHq3qtvr8H4XdS6skfqqUujSCXBcDhNcQry/CTvz9C2ywjqSpkvhi/SWR6gSirMAo438HgOgxk+pOOY6rb34fpxIyutmAKLtVtMzklfY43IHGb9uxfr8plXgXGdJbfhRVVVedpYTndkDi/UbtzESJ+S1jewKP/1gwze368TyMhj7fCFBFup087g5tl8+8ztaB5eGG9McZi+1TsnY4htyRGiRJVznMKk0x+JxJqDJx8NxqFkZClMVwKxR5PcdmQM/W+v4Ly9xaSWZX+oXS/6nLq+lwvMIEz8fGB+YnDEi1ZvRZwDryoEGaPwW11IjzUVwzun/L9+obQXGRrp6wFJ3qSJQwqMCTQHvJYiYUCZ7NtC3Gbec+2Eo76Yzdt6EOy8FSLnHK8T8R6lO2O3yBuiyLtVaYh12bViShx5Dipdaw94eZU9GTe2Me+Xvlu442TCa/WZ9/vpMD9B20F2pbAocoI2PQxe23o7RgZnHa6eV1pprWJKXPvUdHf3Rhcn8OEq9x8EitkZgc0IqkF5cIpcfVEWaIG3B2LvJnMIJ6yU4z+E+bPdrGeILu6aOf2SNf0idcee4zvbjIOaTDlIWcqaSEfcOuMBaeONXZg3Lf4t1KOWdmnJdav+Mq0KY3NY0w8Ob2dUnsxxxcpWXiyxT1MZDgPxuNKH8x+7nttHnC+wh54yB7tYrFBhZzAHLKD623Q9ys8UWjZe93xXkm2Z8KpvL8+eoaKvtuzuBc+Ni+/U6xnPFKHYBbQz4OC3EBhB2wSN8c4I1mAplUC5V5V7GLiJp5yl2k5WINrdL9cNcQOG1YIjZoLw/9UOxRbzpxMdAnaVDkVBTtd3cGueWGSQkFDCzUMRdcvTTmOph4fkTtENVywXvLityCww8tJmvBpgxVvP0NZmYPbG6EgpKCl5q412OoJ22eI3C/apHKbpnpaEvPZS/y5h1W3UUX/2NDhd+DsZNNGv99z8B491D5N+IDT0lumse1GHLvX7GfWewIyQXpa6VMrkis3tmfrfS0D4hql86SJYQaMXEJsfdOy5w++PxkujIirhihNKv76dCFT7rD5djocz9X1clutUIHeKzrLjQ/8bbZSy5/YEIyh/HjZVMgIqk2hXw9ZdcvHCbnmeN90Bq0w3SQYfW0o+Gte2pP2qTvKp3V9oHu5ZJg+2llLv6KBG6GPU5kLeyh8x8Cvkj7F4mXKqhwu8URFOIcPHROyrs5c+Tplw3k/Vq1545c/UyfQyiYR+r819+LAMJz900yYN8DM6JfakMvw5uEgh0IRLUOMI3aqucpQ0jRXWihU1vIjAt5pZ5SW0YzBYF8m+5Xg3Q77d5VF0MCwGaQr0S1Sz9eHUfnDnwJ6IdFYd9iBVq4dLmhVYhQU3gZTo7FfOVI4axpYcFkG6I1lO0NJKjYOD8HZPkpUW+rw/H5kP/vFgUS+MRHv0cbNIj0BLzRGnD/n3e8pu+t7WsewAUZcaAp6Jt+E5r1RTsP0MOIW0wYSPy9tt5bZmOKbH9hz0Tt9V6vhwfbsFT6fZfyliTdFEHD6VfL75kMKh0XHRbHebBRoDC/vDh97HV6oIpYj8kZFHS1Ol4tXYyblA7Fuq18HKJ53a6yf2xXx4V1AIVWwgJC8oAKwSzixLd/m0IUZWyfpr4B30a/K0sNrnLS2m/ixpdRXERVJbl1RxMdxL2k0EURH6LylTpAimXGNX7ctNPv9o6A4iaYfjTSlDxgOOsec9mXeoT0FSI8PYg+Usx2CNi75+dBe/Ha889qSWwtpbPUhiE0WJ8Mwz58JzI5wcup1OrIHjKoYXkhD6pGXyI41w2Iv7YMRULNW4y/+1ELu+hW8GSdv/VxvYZoF4O8erUroqmVACsrNldX2OivqNa80MKljg9TqTwy0dNcECj5aktl7vDD9sbaHNrMnlvdkTyvQTP1xQQgEnv528OZzSQ7xqcoiwpaKH3L38pLSk1wOFzqj27zTkvJgDzRaj3VEzoQfpmBKpnSkJxl8sAlQnfzMgRuy7Hc/CyTHm0MmSco7UOZAwx6vSu6RIsBTi1p0haMg7bTMgSCX0D0Xs4o0txL22kvL6iPpKG8/qbbWEWNQLOiBn8kGELMzFGNZZk1XTpbiAaDwok/k38GEg2b5TG7RqG1SRmRaDFJUSK2NzDek9ZCld6yQ0EcqOK9rOn5b30j31nK26S3c6SsOwzhhCoGQJ2Eg8WhpAi9O5y7NqDzTHeE3Kf3QyEgJFTKu763ABT1kImEzeOZ3DhiWEb3xcZSn70BQWLQVi3wfe8aUNcHjnp+9E47NJojKo8SpUprNVvTXeRg397KGgU/9yue1HsYkz89HmA2ZRs1KRfk1PM73rBZDiWtKbQi5DmjjxDp9jSQT00I1Q1LP7xjqXT6USkGQQXkpSnjSs9xisYx7O3ei3E/kyeTbUbNxItB+v/Z+EVKlebQj+71lf8/zDCpn+sm+8CGuNSHLJL8vTXkj9iRMGiQc3wuEFhr/PL5+1c19DC1Oo9Wm0xRfR9vXafjO1AZf/y3aXbBzZDn9yqtWeich3+0YV9qPcl7qtbNNpO6ZIV+uhtzXwTK7vFMtrd9EEAwa9XFicXNPXl6+10tIwWyBwMPtG0GXD7PrioQcvS73vMlk0+2w8BeD5udLVGJPN8saMNr4OZj1aIYorxxRBqPxdo8DPw7+UOC6N7aIuuxzBL1I5Sp6REzdLbGTDCzh4/W7DAu2lYPhU7avJRWuZsIgVrxPA5Izttjn6yZlUkokbNdvPyFMCEgGkcv8IOGt6GOSfmTW01NjhQiVlJEfTOkSVdVtX3nz9BOeZLqdeydsQlFeOG1Kbn866htxQO+U3zcMQnWeVk/shVAx1etdi6pmVV8jwOxCY88cWNY7+zhoUdbvnf7kBaIfbV7lh48YERDM5kRwc4x+rKFRNX8j+U0Vi+Fc7xtLH+++yKvVfp5QKqP7IVb1ni4TNX6TRMq8z7UOFdIU2iPyUG2wudd7UXXDe3m74lDqmdX0EGyoRQ6vaQwxRh3PgudFgeVLMSDZnNSW6c3ZzHPopkUFhLHKxzsI5ZGUZk2UuRlBvrELBs7Z7fZeRvR3jsynedDHhH0QpB7fYvghGirQkDfvbB53+iw1ZcCzUDs1VUvh/JAJChPRsOHoBkfESgHJd/PX9f2XNnPtkwiPabCbUXGqb7Q/c3+j0qQCvrcXoe+zBEP9Fb6NXdW1H8Sv8I1k6rl2xd+C9PpZDqal6TD5iwJw7E3t/Wocqh4Wb67j4jVWoO8xAmbQ8G+mV+AZS972LCyDEb/fr1ZrBbm5pAyEivxtn6g+p0PFpSHz2eC6eLpXQpDDsBBHP5HPIFKmW/CqFsKMn6si8HN07WvvhrQ3N3t70HF8F2vE808VaSpDqjUAmgZeFeq4a1swg2/HxuxIeV+cquMRF/kr1EvKR/OAgYZs2fl4KIxU3jwguX87ziOhsnlLVTz17eWk/VsN7VBsp0rK9wqKWbMS+nli3HMYwzKaWnljvGN8cwFBhugcuKoFuDC6pOU3jtUp1WasyCUGG5lpG5xL1jEXxdUHPp8W4yLDxTAvM31EtELQhKdJSoRtrQPMPg7LqX1/LKNGLYKLF2NEU5LuzR6HNBG07sWFb5MODw2Ot+gy4Hn8CSaWcO3VTQ++kiUcUZDfQ/jk5Aq75N1qQqBjUTLv4v4tzRrNhTg55yr0OZLfCame+iRN7LA0t/fxxrfg2ppUfq1GzdIxVUIYmBCF33ZZX8YLXtaMxYyP56D80rD1EGhxPyYDxFlJPgsz0+Gx4HfI2DZr2aRj4yP77Osu1BduDzI28vOJeBSkgHUVoWP6Dp7QZfhnyelfcqgeEtdasWcFH/85epJPnvw7OsuoI3arsuZrmWxXI40/sOPTH/OWOJ4ewzfqL1nx7FZu9Fmdv2u8khHxq7298OzSd+IO8XvU9k7Sb9LWb0IN6rJ/kO30rGs2z6IwI7SCM0jO1wAnX+Ti4+fD+0mVjKq4Ldtf/m5RW8U4du0Q3tXfD/z8omFKPHMR9d+8eku87rNwo9biKjnRfbeprJCKY51pL5r461R7NuXoG66Yu0rXIGZRvJ5B1I+v4C4+HwDEJI9Ky7k8QjH4Tl14i15u+gRba2Xbvwb2kYK5pB1SBOTia0Llcg32g+5t4oBcbRzhcbqwwmmjR29ZDHylzdMzEbwv5wfbcBdEZr0C9mpWr5C3+/Fo8nRLWumScgqdF8yIesBtxuTlWXwTjAE/4KE7Zwl3nC72nR0uMZA27Ip7XZjDqkdOcRF9G1ZVo4Ei3KmYW6JW3WScA8qTJ8jpp/OCqqOP6OApVpaA8m41SckOhop4iy/036kPWPsugyr9Kmf3/L5F531Z7IYNsJ8Kc+u+rocBL1CUaOnhFsI4vhSSDdt3hpkZlWBxqz6LYhX2/mdPvlM5acwXrzbeoXaCH2OfFd0+KeJJb5PcPvK4w3PF0aFZcxWRldb+Ga/udfv8i/f88cHEWoxqStNi0RlAOaWl/UqpD8KLQyOanq7fcx27+dRjCMeZvm3Y6XL7sVm7FylIywnDsNyc1kLHZIZqQ71pW78kdm3xGrhuDOb1GVm6Mlbl9K2jZBrVI/T9/MSybe8Y544qe36ISHrb3CNOu/6Llra7fAP7pbZqCMBl1abvhfWLpL6fGuDxPgZF2/1+np9q0gDRvV6MEr9DsiiexgzF4FMwNb2i2AeHFFa004h0NS2SG7f9vjZnrFNIyulE7Lvxp3c7GGLPhw/LnZKlOhKrud9epG2kajGqfEKF1rXpU2JWsxlz61mFwkOuKOOwPR+hm879IHDLouiJWD9AZRamwRX74vLO0GozJwO1b2uhaqo5O/2rDh39xYfZmZmzCnG8ftLBmFnbuSYXTGhQCuB/5hGV0yR1qy4/NONRCd6b/xpmgYVxrdP4vDg+dGp5gNc4zp5sFXSXagCp85SM6IV67x4OlKQmC7HvENVFOLhI7i5XHBsawhPdvVGswlOGpmcXDPnVkSWE5PN3SMU6NujsZFlyi9WXneTkvhT2syKF1qa+RF1Vxlj9uYlJQut/NOgRpvnvaHvOwINoXbKtW8Kr+kqGxqSPZ/Ie6W3MIg0S/LXbZLOfvI75JVs1AwC+ZNFT+8oJm3wLqtupgOoTlOI8oMMMUg2obnOGyPkMsQtqkziiD1og3n71KRP77oKjUr8vxaXeeXHiSZDcNuV8VnW0mvU3yPRBvoZ4rrfPdOXtS3xxL3mUn/3ztRLIzQRfksyv69vnRxast4rPASY8AOzZxmS59esmjdOKkpnCnrrkvLa7+oiUy2OwW9sHhgwZOhDIc9LgUpVYBCdiCZmFV7hNI42XW+lqvP3lwwcBsVHxIXRRB7tN7IiU2zMm6Pl9y6i6plTRJrWyCMZwSJGZ4YzE/6yadlKfIxCfvujVuvdKj5f3GoiYfZ8e7vAeTwel0XwiL3NyT3wcgfCM3qVJZ5T8QbDLQqt+TpUHGn6Ol15W3PrtX6/hzPxVUAVOimjaedtwHylHRy8WD0mv7Qg1bln58QpQzG++3DSN342jZWOD84FypOlryT0rSE+KtOkBE628q3uEu3bU/e7f+NXSbUSzmkoa5m+To8haI1e208Cp8/WrSe2WeyWF9CVvvqRednVf2IrUdiuFamLYn2Q5ed2WP1V/X6cgJE1r6oKknfKXpS9LMSwFFmXimmJaTdNA88JRDwLd6NEmUeCOwjkWJO8Bmi0MYepO7M6H0cVJ+EMajZaMC1RR2POz0UBfBEo1qsosWnOPqbTqD6wqDN2gNNM3mYSzJEN2UTNqUouPA3R6bO5+xmn1Waq6VT+EsRHZ90FxL8KZYUHcL4O8C010bemrUOM1z2t8ktwDc63oGyOpoLsN+3oZcz5jvi1x18bxKXEig9pxr2/UqW9OX58mVpVfe4nm2KXL7s12rw/KBFHJY+IqvG2JyrHxypmkHV4uViCmW52eqUdcoenlOUQwN0093jX9jvzKcU3QqZ6dvJhqe1TiZbxKPuBGMhkoDlFeoJfjqhXPtrCZVlHd9fUJtzzUdurLBrv7Wd6x4ZLmvT6CCRPmSOPxJ9CLTWBZYY7JLhzNg+t0LMffS+bDrPjCZhn7KZuSQn3nEwaG6UBXgssOisccq9luZ+fMrkwdQXqcrUPgLKWSGs4iEk3L+f1rb5+K4Wkpab29zv9lLWqBTB8aMt+xHszU9ZRQaRrur5EZv20DuV8MEqr15ycpL/SQaPwxQGAWGm//XHml1vHxauD5YGKWr0+56COhZnu5I7onRKK87Yw+w0UKLdv6yQYLIpD4JzWUlmMvW6f43Bv6X82ge0W+5Sth3qwfhgddq3Bxs6RO6VMN/MA6HDxM9xlq7A+HNx1A/q680xrFj6+4+SjiP2IHw3kOz4btphzv9JNBy7JW2d8B7uASWbYmmMv2t+36qqqrm0mZMjNXU/T3b/d988ZdEY+P0N+N/+Kil3yyrKZsR24D7W73wVvBP4getMETJQemYejJnP31EZlwWeRZCAyQW+4hROSnnSc1etuOQViHRLFvAbWetzsEcWPSzFdL815V0eSloVKv6qhllwLP5Pfg0OnivEruQdDP+wSkJZbkBH83dQiXjhdnV+zDk8VbYa5Nahdz7SbETIvy7PzBLEvbMa1Pc1IL1+I7y1n5/DhlTSjdV10GWO6TfdG7D43aZG7KJjAs2vv69IMTzg1/ByvrwZWF4YF5woJjZe8o1Prm8cZxbMW8XFX4IOl2Dl8ZhkJsMWrucP6c9quBu7+4zaAPPiAYcVM4eldfzZIpumTB2CL66ccKVbp06eP6oczGiU+eeRJELRTf01vhcHp6J+uBYHnAA+iXR9TQIkp8NiIgy1NUMNwup4xE9lVrWxFU4SpJ/5Y02i/6U0CpLcvEEVYmyhucK5+/TM52Yr5D56i/w7CrdvjVK7neCRberor3KWy1dU885WIfG3ezCG7eF1klXa/aDDTvG39zLaOuiR+eLBKDqfqlvjvCvOMEwzz0G4RiAZcR2Bf7V/Sa0cccUUhihLF0uIEUHijnEc+5UcuyhBta4b//ic3BKPmvm4NR7PEfdgYT/8nO4L+/9/9mW7D9qqXTEhZe+9vc+cF3D27lb8x/2AScZ2Xu/PVymNfvUA593D7/+S732+sLd+3+9un+8zv6APf2Cgh4s87X9XKqG14k3tYBvPVdu/avT/OzWsN/8/cHXup/EX+9Es6/rvx7cf31Ylnnocn/zQ5jjnk+WOIfnwR/dSAKf9iDrvnHDeCLf3MH+PKft/i9+vs9/ssBXoZtTvP/TTf+tZd6jecy/+unxUYyeqc/mdc0M/oQrYd1/I348z3Yx/9bc5nzNl6rPf+XVvxng//XT+2hAk3+h5nR6ONfzAwj/539/GnoX7/6pwmx8xxf/+ZrI/zC8l/fh8H+9T4I8vi3l/tvv48R5L+z4D8t+Kc9/6NP/p+bOPrfb3z/p0VDizm+1Zo7Y/wb8WOOx3+13uUbZ8Pxl8mUbbwsfzfRJl/T718viqFf/5oACAl3vM/p31/Cj+NkGdptzdl/vg1/VLXt3028H/r8/4bdY/9D1Qv+3Qjh/xGf/lOAQvD/UwiF/SfDR7bgtlxW7f8yjOS0DfB98Kjr3+I/9QYAwj+A217z+Z+fg7/Kv/7/uw4cKvC1Ik7/9TrfvN3z9Zfi8F/9dBnh+Sn/SRvgNf+2/EYWNgEhxvM/XuWKgdWdf/uVNvjbnJfV8uuwP5eGC92/q//rHaGi+rX3P7z9646/v/vvDBx2yX9v2T+b/etHyP+EMVHo/6KI/86eEAr/j/aE/Z8yJ+L/F2UwfiRGYXn2A8thPHLTJX+0RjZ5x38pPFsqBfttql8JlPZwxPaGv0cO8O0s5V5VleS/H7SPt/99eCjTZXL2TTuPzbAM07t2izGz/oRcq3fMFRH7ZnOgDTzLOt6b8+UqpTKEeki+X+TJST0MmXMkQUq8SuKf/uDZ7lVWpn/zKhDrSh112krXz1ztNP7ZPA+gAR7PY3pEnPb23ianNIiXva9hKt0t8Bz2bYjU8bB4/p16zbM3hy5+vF5PJUdjm4mt8vg+GGrHgjy/9l9gy0Pm+Jd5CYP6GGaj+UogCNFT0dtp+LdaZG2LlQhQuS4qsLyjyiHoPk71htRgVaXJ0pJVnq3zPQ62qd7IBfrY8TW56IRc8ErGSZTc4qiPKdxo3zFySqU+Kig01mbaFsowWO/VWcUtnJNYoWoI6sH1LNWbW4TIGR8d1q75+GdUu7tkyzsrYc6ISD9lwd7DMXmqKde9cPYRkDjXSMkecTed0Z/zV/guGrn24ho+HnIJJlud2YH2TI+9GvrhetxjO3D2Ekxk/1XDgpFKkVp4nVjR52oMBmuqSxKNGPvYl0VuMEV7XCy81xGza2H2Ko2+WI93RhaPWM2N0FrfuTH+2Pc6fsuDfXQHUWlYBvVFkZW6qwms4CQ6PAWCGz2Uig54sshJXXHjBx+2kSJI9DmKIgt7+xxdRn3B7bqLeEbs44Pi4m7aKd9+p4Nr2DiNpTI4blqaaNnmSmqCxflr8PzjK07ZiI3pPmExukhYb70/Jf/y2woYIUyc8ZqpI5vQ+exPpwSjLLsK66i6p7wsVn02mVECy1pfX/C0jfMGT/2sHIR/Cv/ffvdLvp5d3m6vL9xCSAiPHRY3bjGBUDvVaDyYlsJTpUGz/sEXrED4zt73/Aef4w8ORlPRuqtkMRPiBNvT1s4WuMP37fztvUZ411zJjd/0MbDmndiH3Xu0zZ740otSO0os34jZp4SfmSm3ty3Mp1gl0XSCvVEaMCPuBmbTq4y6Vi8iWynTkcfjBk+hkfcpGBxTvD/4Gr0v4n1Sjf1ie1Z6mfxqczWZE09EzUYGMwi42NceIht0SEIgUG/+9sL5B5c7toRZu1eR4mGxqzmht75xRziXVQXDqj3qhrmb1teLLedkFPkX97rvHD4mfcElM3M7uzG7cL4Vo0+zh6yIc+J2wOxGk+bPMXonwPYVhF97Vnv5fjMRT/fLYD2W1icwshFryMLc3tbkG4fgVM3i4LxedjL8wp/8GKG46O7IVMptBEVD8U+453fm+r/kI2uLMCqv6kN9dLmVM9Jo4mAGckgklm4qXEcc1ov9S/Lbt7UopTzwvtH4iLXHA8wnb4HnEok8f/yOF6CL8sCfa3V/3LXgPvgHqRClq4E1aS7V5s4X4YRDtlgcF57mteKarQde2m5C0OohxLK1Wz+OXqo5Lx7PnT+kKKE0m72xdvx01QNcx8ma7lXgeg58gTxHrdutoq51aPRIns0HXsKLNKH8hcaLxSzjPhXcq2sL6SmdRPxkPcFxfqt5z7q0USijqxdDswk/tbo5hiIZ+LgADLz5jGNx+DTvltXQ2PtLxvtPZ2tBXwoK3zjOm+Bl1qJtRRWwxV4AzHNN7aYHAIbqrWlhHno7rqf8dCSxLlDlTFONKzf9a4cW2LWX0x8w0fSU3eLZfyct9+7niejPBQezbuK8ZZRLaGgJrXJ7b3OfpmbhJ2/wSXRwjJ3pZd3UJzV0pnoALI6TyIr0ceeoE8hAUzlqj226z3LFFnvf8FI9DmYjR29jccOlVg1vrJdRxnGkaT4thrXODeFHKDqSxx81z/L8WAbSPShLZ5kQpvqNBVbKOqX2lr79IoeGhc8wWQeWPRcr0LI5iJMJln/YPKPUXp1T9SHMfKbTPPpmJfQBxcChY06Dp5TGblPDAxia8P6enXP17aK0cTPPLezjqBnGENiL3Hcf95fZXyjQRY4qQHfeQZgdV+td5gGefLP0wQI0QfRUKOr7lp5kNoBZEbEe53ikt9n6eBCSjPakEk5BKrHP/k4NWSFuZmsqsqn3ZmWllneyj3AeVvItC0/L6fWwV01zC2uiMrHZgFM1c9b20pSoZWFoVDVGWRa4s9c//CRc2YazgcOfblnkHhjtJn/Vh2xKsqX0ztUUPTkUk5vl7MhJUgnneoXzd24JHAwYyb8V+Q2P5a8FY54ESthmxl28Ccz7ddZLZEmwyJe4P84DM0kTS0gMjH4dgJY8P59574rlE/d9/aRXFDyp1FnQy1lGceMwOZYT0DeGPz2XodQFfiID3zXKTzSBiaSFrQk5QxmFdAhop710gCzwGqnxEstbNsMjK1karm27GS8iF7xzYR9wp6SYWXRju2ukFoB7PMry97vinH+1mh4dGShEHWIrRHWOtVjToML3TRWszqH/eE/BuY/1gL4hlV58kybHc5GjXx73r3i8qYkI3wglfKCDm4njYs3n7ynT5SWX55WMn7ozi/wB3muekB3cu1f3MIukSaU9ncsLhvHS6v3LloN0B/z3qph0YBUFu6dItjHCPn9FnS9r1El0LSYL5zF2jCSD5RSFeDtJKf1AUTluoqvay7uZ2i9CbybOyskcFXrHui7CuaFxRm+ahgxeuhDfyEZIMMHCbLzdW2jIaPDPRQv2b1WEKrejKqb4BBzX4Q3IYc6z/LAll1mpcrZGEcN85Go/KqeJG2DJ3jLROcEHwagwpUZzG/7Ab4CO7GMY/xS94l4rwzsUa6eccC7n7+6hNxJo81qdDLkgcZmAD+R+OTLNJyMkm0uelHOTMqmnHxgmtezH7qYK4JVYvbOdRSfAvz6Qo1e8x67HoRvyw3Wl+Hd9MbDH6wQg6ncFkyRkqQf2ukidtPNxloERls7Skc9w6kuR7YDhRe/9wMrGWt1edR8EvOa1a4n5PO9pBtgevo0ULjZMeXXwgC+9CVsWVk7JSTH8OloQLlxj6Era1YBnwOfFHzQi5FwBYBIrTbYb2Bv08tOp2oLTIyPVagZYcJ+n5fMkphl3fbqzJcGmhUjYKSdjge3Obm6Y4lmXgtXl3w+NvSwmCYzMKQ6i7CwFbUtWZTv/ORMQw3n3eWIb4bW5nUln911JmDzbPqGF7fsY/bDT+n6anjWB5RKqkt6YNyNJyt3O1dbM2Q7a0tvsl4E5PBpc/pgEuM+U8hnAygP+82gAihulG19eWoXHeBpZ8sWOIQhi/v0l+2A+OKwqSop+2EEKoKVV0ko43vEn4Vi40iMJ1dnKOvY18vTWhZI6rw4u8Hzgh7D0NbCY4ra/hhN+BYV9PMnA248kNwrxGx5EavbXmkxPw/YxaVWgVRwaDYn0c7vxF5iFvKkypbOxJQkNzwTzpaKBD7190NSsQSUXgpb1ISa4tMtgQDDlfq/eZDcqTzBCmtGK6sZheN7Js1bAbVmlTpipZTAUd70IzejEQ6ThJssc5uUyv+Pru0sYQ8jsy8v3Jhwq7W0zhJmONj5RLTxJKCF+RyrdUAe/faJ5LSDZnC2a3VsRMjt7MGvnHHHe4ybFaMRDft66/Vxx6YZYnvKBsT9l69GxbsrqZWR8isdewNlik8DEYBsgap9q8GQbdVTosi6Lw7JjX9go/KmXr429HsAWEUp/RQotCqWTsziy6y6siuzNpYrnifboYsizEcC/X7iol29mCuwIxWW9THBpxwxa+GXcU3lxfLJCKBZU2n8KCv9UfescyOysEHVKU3U7Qyp1tOvTHS5NJPOhS20Lh8zYTmkUjw87AbrkHnCg+P0C18wvRf8d+PE8RuITEealI6dEc46C+l6Nw3yBZ1HC/ctJdh0azrp1evjMdB9AA3rPkfBtFiYhNBQnH0H+/IxEut9J407NC8zz0f6OjWizMVlkF3PTXME2IRWGxFBAvHjTtscQFsfQJNXicFGPM7+pM7c1NiCK7RqsI5uBM3d1a6sVrobeBuXxOnW0sB9NGj4mImIAv9exOwA8mP32KF9X0J/VGO2Hikpro3NVGGjR2yGAta5PXsqPNBX0I99k26K8+0vh0K7850Agi1gE1W2B3tS1pbNZKWV3IPHuDVtmCd4TehDPG6Ovw9bz+xCAliy/60PAjhf9YUiG0uC1uOIEvC7sgAaoyA/QjNqrBZRLLtONBVqVgpwGwwWZe4Bvob9vpRLBNVycAl3FIreMl38yNQzrnA37tcSfJ8GC5k+8S7Ey/Tu64aJzpKsFxNi58PxV3Gccr7d/rVcXwFo8sqJGKOzn37xFTGJ3ZNV5LjTyGNQT3k+B97OPN22+CebWThfKfM1Pf5vdJFUMurQDkspsmCun+QCpmAOC2hQzk0PIuUsJ1B4BlQXVexipPZunbI2uMMuutYXiJtc0Q5KSM3XtzayhWDi7C4i0gahNk7Y51ELI3ZcrnFfMzlYpB08k4OwGWoM4R6H8O6ntTQiIKq/BMU9vKn1FAN2NRj/snLdv6oQHAItvEf0VPfb+pN/lJ1yVSxMuPXeMhvnTbAyQjkLPX0LRlAOGOAHsIXHxLsdzgkSj1o8LoB8Ppd4iXx4h9GVCm2UXFr9dokeXes+JWEIxm/wV8Dg2dmztpeo0Fz7t5AjphJaScrAe8N6lIOx3O+QGiUpFhiY3YNqq3ZiEQo8SvMIOR+oGKloh24Iy69dWuOHhgBbowUqko2oewsa+rmSN93UbZKKllVnK4mCDHuH2Kud7pYT4W85MYNVy0cKFkH0yv5IUrG0IN+ak1kmN1bCe6MkWX7zpLdfWz28I2DbUIwYBjzXjwAgxW2gPDq69nWtCXLl21WIRokMQXblPITllzSMFiANdBzY71W6zPAfQu7O9stCiO92K94oM9s3qygKo7xNBhZNs+3A7CeZd0lhhxvg8O8fOeqXr6Mp2Bb0HrTZGZPvQGX8RJfRXLYQ1DNP9GKYPCRtTcAuuD814+RFC8duqaykbcZLTK58sEguS9i8EMcILwQD2A3XxIvt9IwVphFl63T6RNrwmuPXbgTofqWq1b/rc1bG3m+7QVi6qNHG2vzsw18/vZGPyQMSkNL5oDirt2+vRBDjDoOrBiH1nw0jN9MLlsG21LW5P7JX7BAs8a8q/a2/fH2wkNzNZQGXuNtXlEgrw8MUr+21ptXbBAf7jXd0JzkJGWU2tzAZ0a46zhtOi3tTX4biUqR2z7gLtq7+EZrscgncntQ5WhobJ0ALGlVoe0GfvY+gq1GXm5AE2bOnTchpCxcPRREsV8AELUei+nj5zEaw0ynTunBVIX28jINpfF1kWuEOj9uA1qxl4MWUzyceon/FrsT8suHFKsFSlrQNMJLJBzx+cFcCjOCUZ+kB2DxDMtA7GtNiJ0NImcLFvH7Rjrhil/Ct1+f3NxHxH0g+iw5TldzFjVvpOOtEa1ivOLfKxqDfX8CQQx7azqxuuWQ+5+NWJiI6nrBNTCQMNLK0O1khRUnLD7ZuiW5fDo8/7/P0W8lXjaToCegBQhpCVcFE2eYp55Zw/Rs5a57v1jjSmTFL+/oNP2/4XIoypj4wKUCKITrck2cN6Ysa5QUT46oj1y5czY5J6quoybmS7wOhBDbcdcXX4jXGIB3EsAiYhZM4O8ECjhXmSV1ynQa/sH9TaS+HmaWbAvJ4O0O8UFLwPzEL2AaaBYZ7fr54VXy2hpK8E/br5ysBsTa7Sdz15zPX2AuNQJWB0TGDWMS27VdWGpoTP9Ru7S37QHk3eb+8Ut2C/3Tv7xIV+u//4EBGVerpz/wQlrRPQi7LGc1W9m/uiP+DRqfHgPKD+c8iiqIrsIeJ2AK1lgEFZZ291UqJG3CaHaSW9mERB85ZY/kEPH44I7rKDn5HWRv2JPIlphvqN5RKIROsrSyztwfZSVj3I+XgOauBHIuo8cGGOhR2HPm4my9KAGSJmtv0kUubYSLTup06863KrnF71+3DRKK8VDDZoWlWYjE2rtybN+3lSdm3uzjQjvdaKjpgTPqjeP5Askzvi3MM2SCygKNeWf1Nq3cBgofBe/74juDSBx7lr3IWLNnj3JmAfvPsCSYSHkvJ9QwDYgaoX4m4EozzaZatp5oofHPSQPV7k8rnMO9hQ0ms4hMWSerrSvNm9M7vDtQJj9HIB0g6kE0ZAJ8vlax2gT4YaQQ6/o5Z7w8/7oU7VYK2vWWwLQ4/iG33QbV2W1auQ9c/djnEMfJauMYF6sBibAgst7gxpMoao83Uy7HsRSDjIejuSes8BYLfcURbX2FVzduWcbrPXCKZ0du4OQGCuNrlxnIGsQq6I9lAe2l89u8UG8mfQAifS0yZCeFjN6Ve3gRZ69kkfKbQp+gVnZ3Nlr+JRYCZ/AwDgJ1VKGzRGAFQ2j+jgHyYQPEJ0QoiBIY3LbnpG+6NOybMPEK5pUK/L5X4lccYAwiEOPAeOWZY8pRe77rxju/a/wwNFtuRyvy8JY7z376ygzDy3AIMdiseqiqlY2xzU7HTwOZQgIPiQ7QAtkUY47XtqgDTBTKTMDb6fBBp7AKaLeVFMlrMPEW+n5t2wq8pLFDYVDoVg+WMthp6CXyV18DsfAHvkMnj9WTF5rBER++7veWgHPARw/Wq6Kyb0kM1+mF9w4yHKllvu2CTB8i8t92v1uQ5x2x9tCjOk3wgwjzUQi1gHTV0FHmJMBjutkqcq2ZoJVzNIzJB5WghHVgaapcoHmHkzmW4qkIEx/3hGQBBlPyxw14PPfnZWFwCzNdvsuR3yGgFec1Z/LWDkF6LLgPwpS5/8QQNsLOpGGPRWo0t9UiYsYDDY70Cb2cxFw7uLTfcuoEr6YQJpbMaOsDjo7+xsWJPLVGay8lxhRmBRM5O+qWKzyKDjgNelzWGChUZ+NW+eUvPeE/8M6a/Gos106Us3HnIARvrQs3j/CC+4q3+DhWa/diJBq/kSMBDoF28j5RDHI8xlIr4hMFNWD9yIM5HmV8HghCGZd1YUiXqGDvpVYfCj3xsaMyuCEQuf2SZw4zDUpBfgrarCNMQhFkqMQshkssMCvOu86TW2JIYevohdWOGvr0ZaXdrIKaIlEPMsLSPWuENZ8MttYEh4Ui4H7Crx+WY77d05D9+ynaSp2i40wK2ACwIQQBxG+OiT38lb89G0uvb4Pak0bV7aGyMR1KWauZhf7RT7TTsLeiIAAFUMvATbPEZE6VmB1m+J+B3Vpe8q9QvVk0EvCzk6CIyLBQ9ALyXgkTveMWN0F/NXC37bX7n15wRrQLv2AxvcLIEJ5/QSIUj8bN6IsvPn/drsVz8VP6os6fXWjm+IYSvvUGrRZGQ1d+1fjEDYWTaFzdc2H08Q1LAD5rdfUXg0tDw382U92h8oaPQQsQoKmEw9hQ+bgjPOycdwnIgZKANyrl7J5NNRImBz5poIsm0XRIkX8E8PFWaSOA6Nc3rs7nhxmkAO8s8SmnOXhKUtNyJ4bPL+5D1Tepvbg4Y2L2yOBw9nST4DPLs9gEBRANe3vwzuO327gqcec0SjAVTMqQA6FEpHq+diLQ4RtvFWC2jzrK0clqwhLfBS6Ftmxt3f4p1vEMvQh2pkDkNRnxlgwUV2IRcQE6AE+tUsLDrhwHdHEA3MPxwdEJCkVB5warZDcGArArNRA2YjkS/pWFxMaLS5dBtgNBOgj8LAAnYpCxM07DWmcOgiv8msUCTUAqGqCp23Nd/fmoLtIAgEDqP/tjg1xsoCHl3GWxSQKhQX7YecHPth4GJYabDnuAAr2LwoZ8QOEflglKT06CYPNwfAWYC8oUYUiogqf7C1ce8fy5eRABLzUFpzP6oodV8dhI2WpKVIc+vrAEWFOT9LlhExgc/HBTcB9CaZ4yJskYhnGIPf0GTJQe7vwajMmQrq2R2/ih40x/PO/FwvrWeZPz322pHgeH1k+Ldf5RqzDzqFwV3luJhV51FEqtuQ5xyIqX59O/auwgiowSaT6voBpXajtzoZWT+eCdiwOynrLpsXQIIweFPRb8ayPSsPPkSC+YCrFez5bzkC/71nfMIK4bfm8SK7opoBegu/Xv/htwkwYYAtOLmOFUALXBE11j9Mccze5jURG+SJ+bNFI4YMcn4AVOynWxGg42XAyIcb4DfZAO+scjSrT+4K9yPgfAB0xo8faSHlP8B1ovdl2qxDdnnXhijHEyatPPv5++li5TBZDtGY51xxzL55/ZGmwXMk/uDDo1Viu1pkr6YpoC2KjZdVjbCaNMDMMkpZfz3SBMnIJ/bbXgT+6ZD3+E3+VsguAJ0yhUyfJDIg2J+nB+wKUyWcn+GMxA6LZt36c/j0L4+hNGTvZlwTcxfbdct4c3dwt6TE5qkSAZBFr2ayhuIOF4wCw5TBBUVpIvZfJ3mNNSxUJ2c/XuAB8axLa+HXQiMsT82xBV3NU75dOYzeD4l+9pUEI6ASbfaAWID7DhgwuVwGLvIKW8Cyu2PuEkP6sOBZXmHpWhwC+cJLANy0RdQtRs6QbGPnfZg761MA/9ywNM0U0ZdYYDk9GahCTkj/541wFSrg79BYnwj2E04x0pihLk77YLRYNfIb5HJ2LiZb6keqBXDHxZS5kJh23LXwppgizIwPRpTZ1WvzDnXDb+8hSpCy7cof0NLLwoOIg+vBgyumDniGENiIhio0mOzCxrpATYWPLPtJygBrdgk8Xdt0YKpbYCQZDqV1OsuF8BBZ+KXYfZo9jfYeZGPzeqfL/pZwINUJYLkTsNwaYN2hwglCzb9EfD/o3ykPp7rCnFrYNgHw+3B5hMOBHWDNmIky3KUMkYY9bLb8wkjgJdGCWafb/vZxJBT2FDo4o79LvYBDDPPN5YosMclW7O8RduqHFdvgnTVtKiCMidK/JEvwCBKHMeP2Qgv8hXk35uqQtn1Qlkn7PAycDGJ7leIsxbNAY2ph7oZ5Ldsi2em5S/mbRjaSt1+mNRJEIZm/w16+fZtDyR7CF0/jYIGka3LHwGUbeuT9WHDZrb3DZ2I3NeGyHCJM0JrR7Tt5GBsxZtrFjg3RMfyAe7MluLeOZTDeGAOU8TdSFnWcmhyicz+gQ4Emg+jHPH/J78DfZJCiAx1d3Sqsa17K0zB2wV9SLSyBJx7dWz8g3E9wZZQA3bfgXDGqwBTWJtz4WuXwZK0FX+YGlnBCj6fNgqWhHjiz48P3rQ3tsx3K4+7LlzUQQxz2LMTwjFBeTeyfCXvR3P2UnDrlifWXQEE8MJYH/LsGWkZDe04Nm45JzscLMBgf0W2HAdxzXRiAUbEzq0lTQyszoZUlMITI/azMKbLeElK6DKdt09cvmVrcRFi0Apf78xW9z459j0rqJMiM3bfDOJuU463+6D+t9anJNhWJ+xefX8b3lecWGYaK9DFAn/O6upEVdqO/QqkyLVisiH9/HHdUH2cvWPnLReVCM78k8NoX8KMa3dTSmqxNbbAG4TYi/rxL6MP3B0f2VLr+eVZR0HYEOwA/keVxPqS+9fUcS76beRyA33E0JM7JigAYWbEX8P4b2t7O75eq20lbW6jFAGdjzOgyd+PUMN+PhX0+JqgD3DJYf1HY7z7Q+COR3aO9X/pBtS30/H66QM8fW2xMWGnfQSTwwx60+En0tb1uxXhR10aNZ+h1mdMrChOeWABGBZuY5gU8fK2+Act6A/wokhWw1uQA0969fWDFgDAZBEH2XsoIq/CrhybP5XVlrcp04ye7PIK9BR5mf3FI4chIuK5FAuZHMxNyswCqclgWwEYSClJ2ShDIPrIyZk2vun7nU5g71Z5kzMBjb0S2gHOr+RJes/0A/RLiEbCiivyV7JXRMc3QlrgCto+4JgR+u7T+qYa/1EwCzSLs5Fs01SsxW8H2M2YM5OFORVgMUFsAj8RIwIoWxXLk55gxujamQRPu3jfWejMVdVTMZ5Keejkb85dxyJ8GdWy1S7n+j5fqUuF7TzjPjN3r7ucngAeKpSQiyTn5QK8I9swX9ExDwCA7WxJzfZ5x6NUOs4GZEzZVDPgYcKGZZCXtHYP/owewatAxoMseXp8LyGmgNAyZTjSvgzlspzsfruyoaUnueSMu7uqXrLu1/a3KV6pFF2ttB8W7ZKkq9PmUNVeoz36sC/PeIfXTSU0XbZaerYNKzUE/cDDW9yS0Js1RkagC9nife4E19R9G/8EBBqxqqspwHuuwfUvc7oAi7yGMy7EE16zQS1EE+6e1ySYgh/H8M6FIY7xvYYpz+ENmC+zxwIEmDkemWfEIEYG5Gwcn8DUa5r9Sce0EF4d40dnmzLBXGIF44oyCeekvXFngHLJ5xktVZdCiPhXav8f8wePCfpBL/dEcPQsjkWU/QnL4TIRHCTzilRERocqmdlGGPiWsV1+fjTMP3kha7FdPUFZG4k3HCBE0YyQ0X1wCYMYsoQ2ms9a1rZ0+5noNsZfDqvYiEAx0gtvPKuFyxmMjR6Btq1UFo6UuwG0v9jngjBayVR54HaBucrr5O+6A9mcwd+AgUx758wTrwW1c/VNwzezW397u3ttAZOIOFBDwaVdCgHlImdNBidfCgPkGOzuGnQYdPDpdWWCSj9lxmvbibY8uWsBbK9gPMhH7gCopS5s7CwkrLHLB8ScWYwElQ5+pWDTLJ7kn3x4iIklQBi7t7TLber3lzmp4ULM5mweYB5xN1jTLdD/NWOql/xjGECVSnwCO0gJSlaP5G23TvNqPiVzhqbBi7PMvAR72ypnrIQMfCi0ScuIlwVPAp5vVaVWBkf8AQQ89IFwe4nL//2rvypZbRZLo13RE94MnWAU8FtoQkgAJbfAmVrEKAWLR13clkm3J1r1zu8cz3T1xIxxlTBVQzsrKzCryHGCrhBhVPb0WZTJYs6IVuNc9ZFg8bgY25HkOS13F9smpNVLSWudw2mqox2p2dOq8+6VY6pd6MLd30qR0VqOJKeAQ2tWdviCn0dER2S5O08EOmS5E/rIE3lyr1evWR4qjl5otYPZlWmRdiq11Ur1EbbA6+xcGr/tpuUxCw6HlmUKAboYn5UrfIF66VxMb6SQexrQyZXLdOYr6kpXwIqDc4tiLJnKHVym9STfS1jyaPuxVVbB0YMaz/aBiPXHD2noVZziOkbdxG8cjyCniFZj9XMK+zX5B48/B2Fk73Wcj+oveYYcGNprhmBJ3Qb7u9AuhW06j0jyqY9vTB5QE+rHoMxMjyolAb/INTUWyh7IwtHS5yhQm4QPeIrEpXumhvCIlKfK2ig6bObzl8DvbN/x2rYIKDsxa2RIwitxZxCagSwY+zIhqYl3Oa2kNhFelgyNGb7GsHXPmrarZ4gBvHjRPQf2lOWgabbfZsoFncHgBo2famELxeQx+s8ujcn+5cTDiZ/vIyGPXhrwpTukx+jrRlUFJo5M9sNp0UMuC3uY82L+DLTZ8e1GJRC/wRAxqhEQ+lpdDrG0jdYfkcjZ1dx7p9+1wAn2Wh0nOHcJT0n24YdrCOb/LfYqCFckMOT+wykXHJHzNYNDJief4S69cxHQ2w8+BfaKRcdLci9Arb9cZ1Bk1DjFdy5PoYi/7nL846qactPU1w/pHsrF7yBtLp/46CqJ9pC9lteXkk0Ty8EZKnsYD0RflKMwiJKPotJ6P0TDR1WSBor6eLWoD6eakZ2LdgLaQPmCL28FSJn1NQux5jKfulvFgnq6LkwI5uUeFG/MQjjcVjGuxbypaAlbi0Xg9NwS9f6ywNKc2Si/5wssFshKrLruMMun3sqwvgrYOvSNvVcTCNYSOgHkHG0h8QLsBx5RWpyolvJ7hiveSTQjtrApVg0J6KCWarRmaf0hn03FHCAGflhydL+9labFaDzBho0oVUtprOH8wmyPNGBCaltCXxQR7Crf69BxmW1i805OE2+eTe27TZrCEEMVRrbK5q3Bncr52C84CsS1pjapKjrB1oUOkYCGBUW3yjqPQbSp/T/bR4FA00py+5sWFs+5Kg8rm7p7k9PD5NWJ46ZMXAjmQxfBJ9vV628u3SNHPsTmVXTLpeDhNMaVBfkK4BXVnhNBTcegeVrRClvAyZUMNsXpMIk5f/MUZ3z/b/mz7s+3Ptn9B2+log82rBcnEK3sU7q7Wf1zkQoPtLESzZOmfGoTK4pJhj36i5KtN3bzZ1D1dj4wD6narGgk+sz1Ck11l8Y1i7/nyQMZg0bHpvYSUwnDCzPJbNh5NDZPBHoiu89UOXFNA+niBZYKbfC3pdoa9pCZw1MUDl6lA/I0jUfDDtRrnrppnNa2kbYV7bL31+OoZDpZ3QouGqxdENkXwkQNRGNKNPShWH9wcB1vjsHFUlhoX4o5jf9iIbAgQPhFWaBW/XLnaIEvHXeTUs9jZjW+Wm3/43WEfqshV6AacZsueNutwBsmMG2VWHBhGKn1Cm6KzoPj9Chb+c9fpnN1rFNFcbj4wyzYRqQWC7Y9w2LJwQ0QgneMnEClxq/oPjDF8BVGsRUC3xUzd/mHNofydoZ75RMYx15rE0aRlzc91KUflaj3yoU0K77Z3LRJstPMVOqUndaSbJ0FlhikXy9Pzcsh4Dufo8jSSI6bKnNZY+5mM4rrDuOXBUiaKxkZJfc7MpYOGx0x0/HklH3uKjqO32JJSZ9F41bxmM+2gcXze7nLfHQ9wzB9wtqnq8jjhc0fviKXPSKgpeLMHyxeIqOop7mW891xmOH2C4/tulAma7hWpNu8H7XA+KzrUpL7eqMsp2zcmky+jh+DoR3oIgfyElqX5J2BZ/r8Elu39f0HnWYqnOjTul2CbiX9Rj9hmnv2MbeafYOVfIdFfPlzcN6Hy38Sp21fpAEY9961fcW/xD346cXf0GxyC0IgO1e7tAZpxvQbfaJ9kXSVNMx8w8481jze5g8b3ABr/UHftJVSmxzzZx4/V9U2UUM9c+9lVxm5ZuvkL/lftIPWfXv8tZoD76gCrc3q7PXHXta6yzPdp4eGbvt4eK9prg/qYO49Pv7/ceoOHv3yQOcXwb7KmGOH9mL2TvBMUWby/ST1I4+DuwV583Jf3HfrMVjAq6Bc3jl6CJDvm8C/TKN6XblF+k23gTxEIfMW84j/NK/IJSQ5FPZlY5BeQBjylbfls9v6HLDnvzDjGXc1zlpw35ps7shvjgevme8w3H2hp/i0VzlNZ3drdU+EsCq3QnSjVzDqMN2hFtPXmhaSf68EPU9/8RyP6qpd3phILQiB+wQLmaTgWma7kuzPQtvtT7MphV9K3Breq60nyrtn1PLod/10956ObvPnOe3d65bEAIOOronyazk9U5cc5sIQn05t5Nr2/ghTke7RMd9qgu/Y5D0rodh8L1b3xJP1Tx++NNOgLxq/HP44f/Rq03sc9z8bvT1AEQfB+BF/2TgiFRXuYHx0XWvwO ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/terraform/README.md ================================================ ## Развертывание примера через Terraform По результатам выполнения tf скрипта и ручных действий указанных ниже, в указанный вами opensearch будут загружаться события audit trails из облака и будет загружен security content (dashboard, filters, mapping etc.) 1) Скачайте репозиторий: ``` git clone https://github.com/yandex-cloud/yc-solution-library-for-security.git cd перейти в папку решения auditlogs/export-auditlogs-to-Opensearch/terraform ``` 2) Создайте сервисный аккаунт для тераформ или используйте токен. Если используете sa то скачайте ключ ``` yc iam service-account create --name my-sa yc iam key create --service-account-name my-sa --output key.json ``` 3) Заполните файл tfvars.tf (он по сути заполняет `variables.tf`) значениями для: - opensearch_pass - opensearch_user - opensearch_dashboard_address вида "https://c-c9qct655ceh02mhabb4i.rw.mdb.yandexcloud.net" - opensearch_node_address вида "https://rc1a-xxx.mdb.yandexcloud.net" - folder_id - cloud_id - token (тут указать путь до файла ключа sa , по умолчанию key.json) - subnet_id (указать айди подсети в которой надо развернуть вм перекладчика, должна иметь доступ к opensearch) !!Переименуйте файл, чтобы он назывался **"terrafrom.tfvars"** 4) Для заполнения поля token создайте [ключ](https://cloud.yandex.ru/docs/iam/operations/authorized-key/create) для сервисного аккаунта для аутентификации в terraform либо используйте ваш OAuth токен yc 5) Запустите: ``` terraform init terraform apply ``` Terraform модуль создает следующий набор объектов в Yandex.Cloud: 2) Сервисный аккаунт с ролью `storage.admin` для создания бакета в Object Storage 2.1) Статический ключ для сервисного аккаунта 2.2) S3 бакет 3) Сервисный аккаунт с правами `storage.editor` для дальнейшей работы с бакетом 5) Контейнер и COI-инстанс из модуля для загрузки событий и контента По окончанию установки необходимо развернуть сервис [AuditTrails](https://cloud.yandex.ru/docs/audit-trails/quickstart) через консоль Yandex.Cloud, создать сервисную учетную запись по инструкции, и указать созданный модулем бакет. > **Важно:** Необходимо указать пустой префикс для бакета, либо изменить префикс в вызове в файле `main.tf`. > **Важно:** Необходимо включить NAT на созданных подсетях. --- ## Requirements | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.14 | | [yandex](#requirement\_yandex) | ~> 0.60 | ## Providers | Name | Version | |------|---------| | [random](#provider\_random) | n/a | | [yandex](#provider\_yandex) | ~> 0.60 | ## Modules | Name | Source | Version | |------|--------|---------| | [yc-opensearch-trail](#module\_yc-opensearch-trail) | ./modules/yc-opensearch-trail/ | n/a | ## Resources | Name | Type | |------|------| | [random_string.random](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | | [yandex_iam_service_account.sa-bucket-creator](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/iam_service_account) | resource | | [yandex_iam_service_account.sa-bucket-editor](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/iam_service_account) | resource | | [yandex_iam_service_account_static_access_key.sa-bucket-creator-sk](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/iam_service_account_static_access_key) | resource | | [yandex_resourcemanager_folder_iam_binding.storage_admin](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_folder_iam_binding) | resource | | [yandex_resourcemanager_folder_iam_binding.storage_editor](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_folder_iam_binding) | resource | | [yandex_storage_bucket.trail-bucket](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/storage_bucket) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [cloud\_id](#input\_cloud\_id) | Yandex.Cloud ID where resources will be created | `string` | `"xxxxxx"` | no | | [folder\_id](#input\_folder\_id) | Yandex.Cloud Folder ID where resources will be created | `string` | `"xxxxxx"` | no | | [opensearch\_dashboard\_address](#input\_opensearch\_dashboard\_address) | FQDN-адрес инсталляции Opensearch вида https://c-xxx.rw.mdb.yandexcloud.net | `string` | `""` | no | | [opensearch\_node\_address](#input\_opensearch\_node\_address) | FQDN-адрес инсталляции Opensearch вида https://rc1a-xxx.mdb.yandexcloud.net | `string` | `""` | no | | [opensearch\_pass](#input\_opensearch\_pass) | Пароль для аутентификации в Opensearch | `string` | `""` | no | | [opensearch\_user](#input\_opensearch\_user) | Пользователь для аутентификации в Opensearch | `string` | `""` | no | | [subnet\_id](#input\_subnet\_id) | subnet\_id where you need to place your coi\_instance. Need to connect to Opensearch host | `string` | `""` | no | | [token](#input\_token) | Yandex.Cloud security OAuth token либо ключ сервисного аккаунта | `string` | `"key.json"` | no | ## Outputs | Name | Description | |------|-------------| | [bucket-for-trails](#output\_bucket-for-trails) | ## Outputs | ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/terraform/backup_README.md ================================================ ## Deploying the example via Terraform According to the results of executing the tf script and the manual actions indicated below, audit trails events from the cloud will be loaded into the opensearch specified by you and security content (dashboard, filters, mapping etc.) will be loaded. 1) Fill the `variables.tf` file with values for: opensearch_pass, opensearch_user, opensearch_address, folder_id, cloud_id, token. To install into an existing subnet, specify its id in the main.tf file in the coi_subnet_id variable (by default, a new network is created) 2) To fill in the token field, create a [key](https://cloud.yandex.ru/docs/iam/operations/authorized-key/create) for a service account for authentication in terraform or use your OAuth token yc 3) Run: ``` terraform init terraform apply ``` The module performs the following actions: 1) Creates a VPC network 2) Creates three subnets (one for each availability zone: a, b, c). 3) Creates a service account with the *storage.admin* role to create a Bucket (Object Storage). 4) Creates a static key for this SA. 5) Creates a bucket. 6) Service account with permissions `storage.editor` for bucket jobs 7) Container and COI instance from module for loading events and content After that, [create Audit Trails](https://cloud.yandex.ru/docs/audit-trails/quickstart) manually from the UI and specify the bucket created > **Important:** You must specify an empty prefix for the bucket, or change the prefix in the call in the `main.tf` file. > **Important:** You must enable NAT on the created subnets. ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/terraform/main.tf ================================================ ## Example infrastructure # Создания random-string resource "random_string" "random" { length = 4 special = false upper = false } # # Создание VPC сети # resource "yandex_vpc_network" "vpc-opensearch" { # name = "vpc-opensearch-${random_string.random.result}" # } # # Создание подсети # resource "yandex_vpc_subnet" "opensearch-subnet" { # folder_id = var.folder_id # count = 3 # name = "app-opensearch-${element(var.network_names, count.index)}" # zone = element(var.zones, count.index) # network_id = yandex_vpc_network.vpc-opensearch.id # v4_cidr_blocks = [element(var.app_cidrs, count.index)] # } # Создание service account resource "yandex_iam_service_account" "sa-bucket-creator" { folder_id = var.folder_id name = "sa-bucket-creator-${random_string.random.result}" } resource "yandex_iam_service_account" "sa-bucket-editor" { name = "sa-bucket-editor-${random_string.random.result}" folder_id = var.folder_id } # Создание статического ключа для service account resource "yandex_iam_service_account_static_access_key" "sa-bucket-creator-sk" { service_account_id = yandex_iam_service_account.sa-bucket-creator.id } # Назначение прав на service account resource "yandex_resourcemanager_folder_iam_binding" "storage_admin" { folder_id = var.folder_id role = "storage.admin" members = [ "serviceAccount:${yandex_iam_service_account.sa-bucket-creator.id}", ] } resource "yandex_resourcemanager_folder_iam_binding" "storage_editor" { folder_id = var.folder_id role = "storage.editor" members = [ "serviceAccount:${yandex_iam_service_account.sa-bucket-editor.id}", ] } # Создание S3 бакета resource "yandex_storage_bucket" "trail-bucket" { bucket = "trails-audit-log-bucket-${random_string.random.result}" access_key = yandex_iam_service_account_static_access_key.sa-bucket-creator-sk.access_key secret_key = yandex_iam_service_account_static_access_key.sa-bucket-creator-sk.secret_key } # Добавление правила для HTTPS-доступа в default security group #resource "yandex_vpc_security_group_rule" "opensearch-https" { # security_group_binding = yandex_vpc_network.vpc-opensearch.default_security_group_id # direction = "ingress" # description = "incoming-https" # v4_cidr_blocks = ["0.0.0.0/0"] # port = 443 # protocol = "TCP" #} # Добавление правила для HTTPS-доступа в default security group #resource "yandex_vpc_security_group_rule" "opensearch-9002" { # security_group_binding = yandex_vpc_network.vpc-opensearch.default_security_group_id # direction = "ingress" # description = "incoming-9002" # v4_cidr_blocks = ["0.0.0.0/0"] # port = 9200 # protocol = "TCP" #} # Обязательно включить AuditTrail в UI на созданный bucket # Обязательно включить Egress NAT для подсети COI в UI на созданный bucket # ## Modules # module "yc-managed-opensearch" { # source = "../modules/yc-managed-opensearch" # path to module yc-managed-opensearch # folder_id = var.folder_id # subnet_ids = yandex_vpc_subnet.opensearch-subnet[*].id # subnets в 3-х зонах доступности для развертывания opensearch # network_id = yandex_vpc_network.vpc-opensearch.id # network id в которой будет развернут opensearch # opensearch_edition = "basic" # opensearch_datanode_preset = var.var_opensearch_node_preset # opensearch_datanode_disk_size = var.var_opensearch_node_disk_size # opensearch_public_ip = true # opensearch_name = "opensearch-${random_string.random.result}" # } module "yc-opensearch-trail" { source = "./modules/yc-opensearch-trail/" # path to module yc-elastic-trail folder_id = var.folder_id opensearch_pass = var.opensearch_pass opensearch_user = var.opensearch_user opensearch_dashboard_address = var.opensearch_dashboard_address opensearch_node_address = var.opensearch_node_address bucket_name = yandex_storage_bucket.trail-bucket.bucket bucket_folder = "" # указать название префикса куда trails пишет логи в бакет, например "prefix-trails", если в корень то оставить по умолчанию пустым sa_id = yandex_iam_service_account.sa-bucket-editor.id #coi_subnet_id = yandex_vpc_subnet.opensearch-subnet[0].id coi_subnet_id = var.subnet_id } # ## Outputs output "bucket-for-trails" { value = yandex_storage_bucket.trail-bucket.bucket } # output "opensearch-pass" { # # Вывод пароля opensearch через команду: terraform output opensearch-pass # value = module.yc-managed-opensearch.opensearch-pass # sensitive = true # } # output "opensearch_fqdn" { # # Вывод FQDN для доступа к opensearch # value = module.yc-managed-opensearch.opensearch_fqdn # } # output "opensearch-user" { # value = "admin" # } ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/terraform/modules/yc-opensearch-trail/cloud-init_lin.tpl.yaml ================================================ #cloud-config #ssh_pwauth: no users: - name: yc-user sudo: ALL=(ALL) NOPASSWD:ALL groups: sudo shell: /bin/bash ssh_authorized_keys: - "${ssh_key}" ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/terraform/modules/yc-opensearch-trail/docker-declaration.yaml ================================================ spec: containers: - env: - name: ELASTIC_SERVER value: ${ELASTIC_SERVER} - name: KIBANA_SERVER value: ${KIBANA_SERVER} - name: ELASTIC_AUTH_USER value: ${ELASTIC_AUTH_USER} - name: ELASTIC_INDEX_NAME value: ${ELASTIC_INDEX_NAME} - name: S3_BUCKET value: ${S3_BUCKET} - name: S3_FOLDER value: ${S3_FOLDER} - name: SLEEP_TIME value: ${SLEEP_TIME} - name: PYTHONUNBUFFERED value: 1 - name: ELK_PASS_ENCR value: ${ELK_PASS_ENCR} - name: S3_KEY_ENCR value: ${S3_KEY_ENCR} - name: S3_SECRET_ENCR value: ${S3_SECRET_ENCR} - name: KMS_KEY_ID value: ${KMS_KEY_ID} image: cr.yandex/crpjfmfou6gflobbfvfv/s3-opensearch-importer:latest name: audittrails-worker securityContext: privileged: false stdin: false tty: false restartPolicy: Always ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/terraform/modules/yc-opensearch-trail/main.tf ================================================ # Сервисная учетная запись data "yandex_iam_service_account" "bucket_sa" { service_account_id = var.sa_id } # Создаем static key resource "yandex_iam_service_account_static_access_key" "sa_static_key" { service_account_id = data.yandex_iam_service_account.bucket_sa.id description = "static access key for object storage" } # Работаем с ssh ключем resource "tls_private_key" "ssh" { algorithm = "RSA" rsa_bits = "4096" } resource "local_file" "private_key" { content = tls_private_key.ssh.private_key_pem filename = "pt_key.pem" file_permission = "0600" } data "template_file" "cloud_init_lin" { template = file("./modules/yc-opensearch-trail/cloud-init_lin.tpl.yaml") vars = { ssh_key = "${chomp(tls_private_key.ssh.public_key_openssh)}" } } # Создаем docker-declaration data "template_file" "docker-declaration" { template = file("./modules/yc-opensearch-trail/docker-declaration.yaml") vars = { ELASTIC_SERVER = "${var.opensearch_node_address}:9200" KIBANA_SERVER = "${var.opensearch_dashboard_address}" ELASTIC_AUTH_USER = "${var.opensearch_user}" ELASTIC_INDEX_NAME = "audit-trails-index" S3_BUCKET = "${var.bucket_name}" S3_FOLDER = "${var.bucket_folder}" SLEEP_TIME = "300" ELK_PASS_ENCR = "${yandex_kms_secret_ciphertext.encrypted_pass.ciphertext}" S3_KEY_ENCR = "${yandex_kms_secret_ciphertext.encrypted_s3_key.ciphertext}" S3_SECRET_ENCR = "${yandex_kms_secret_ciphertext.encrypted_s3_secret.ciphertext}" KMS_KEY_ID = "${yandex_kms_symmetric_key.key-elk.id}" } } # Развертывание Container-Optimised Image data "yandex_compute_image" "container-optimized-image" { family = "container-optimized-image" } resource "yandex_compute_instance" "instance-based-on-coi" { name = "opensearch-sync" hostname = "opensearch-sync" zone = "ru-central1-a" service_account_id = data.yandex_iam_service_account.bucket_sa.id boot_disk { initialize_params { image_id = data.yandex_compute_image.container-optimized-image.id type = "network-ssd" size = 100 } } network_interface { subnet_id = var.coi_subnet_id # Не забудьте включить NAT для подсети, где будет размещен COI! } resources { cores = 4 memory = 4 } metadata = { user-data = "${data.template_file.cloud_init_lin.rendered}" docker-container-declaration = "${data.template_file.docker-declaration.rendered}" } } # Создание KMS ключа resource "yandex_kms_symmetric_key" "key-elk" { name = "key-elk" description = "description for key" default_algorithm = "AES_128" } # Назначение роли на sa на расшифровку ключа resource "yandex_resourcemanager_folder_iam_binding" "binding" { folder_id = var.folder_id role = "kms.keys.encrypterDecrypter" members = [ "serviceAccount:${data.yandex_iam_service_account.bucket_sa.id}", ] } resource "yandex_kms_secret_ciphertext" "encrypted_pass" { key_id = yandex_kms_symmetric_key.key-elk.id plaintext = var.opensearch_pass } resource "yandex_kms_secret_ciphertext" "encrypted_s3_key" { key_id = yandex_kms_symmetric_key.key-elk.id plaintext = yandex_iam_service_account_static_access_key.sa_static_key.access_key } resource "yandex_kms_secret_ciphertext" "encrypted_s3_secret" { key_id = yandex_kms_symmetric_key.key-elk.id plaintext = yandex_iam_service_account_static_access_key.sa_static_key.secret_key } ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/terraform/modules/yc-opensearch-trail/variables.tf ================================================ variable "folder_id" { description = "Yandex.Cloud ID каталога, где будут созданы ресурсы" default = "" # yc config get folder-id } variable "opensearch_pass" { description = "Пароль для аутентификации в ElasticSearch" default = "" } variable "opensearch_user" { description = "Пользователь для аутентификации в ElasticSearch" default = "" } variable "opensearch_dashboard_address" { description = "FQDN-адрес инсталляции Opensearch вида https://c-xxx.rw.mdb.yandexcloud.net" default = "" } variable "opensearch_node_address" { description = "FQDN-адрес инсталляции Opensearch вида https://rc1a-xxx.mdb.yandexcloud.net" default = "" } variable "opensearch_address" { description = "FQDN-адрес инсталляции ElasticSearch вида https://c-xxx.rw.mdb.yandexcloud.net" default = "" } variable "bucket_name" { description = "Имя бакета, куда сохраняются логи AuditTrails" default = "" } variable "bucket_folder" { description = "Имя каталога, куда сохраняются логи AuditTrails" default = "" } variable "sa_id" { description = "ID сервисной учетной записи для работы с бакетом, с разрешением storage.editor" default = "" } variable "coi_subnet_id" { description = "ID подсети, где будет размещен container-инстанс" default = "" } ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/terraform/modules/yc-opensearch-trail/versions.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.60" } } } ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/terraform/provider.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.60" } } } provider "yandex" { service_account_key_file = "./key.json" # token = var.token cloud_id = var.cloud_id folder_id = var.folder_id } ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/terraform/terraform_tfvars ================================================ opensearch_pass = "password" opensearch_user = "admin" opensearch_dashboard_address = "https://c-xxx.rw.mdb.yandexcloud.net" opensearch_node_address = "https://rc1a-xxx.mdb.yandexcloud.net" folder_id = "XXXXX" cloud_id = "XXXXX" subnet_id = "XXXXX" ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/terraform/variables.tf ================================================ variable "opensearch_pass" { description = "Пароль для аутентификации в Opensearch" default = "" } variable "opensearch_user" { description = "Пользователь для аутентификации в Opensearch" default = "" } variable "opensearch_dashboard_address" { description = "FQDN-адрес инсталляции Opensearch вида https://c-xxx.rw.mdb.yandexcloud.net" default = "" } variable "opensearch_node_address" { description = "FQDN-адрес инсталляции Opensearch вида https://rc1a-xxx.mdb.yandexcloud.net" default = "" } variable "subnet_id" { description = "subnet_id where you need to place your coi_instance. Need to connect to Opensearch host" default = "" } variable "token" { description = "Yandex.Cloud security OAuth token либо ключ сервисного аккаунта" default = "key.json" # generate yours by this https://cloud.yandex.ru/docs/iam/concepts/authorization/oauth-token } variable "folder_id" { description = "Yandex.Cloud Folder ID where resources will be created" default = "xxxxxx" # yc config get folder-id } variable "cloud_id" { description = "Yandex.Cloud ID where resources will be created" default = "xxxxxx" # yc config get cloud-id } # variable "zones" { # description = "Yandex.Cloud default Zone for provisoned resources" # type = list(string) # default = ["ru-central1-a", "ru-central1-b", "ru-central1-c"] # } # variable "network_names" { # description = "Yandex Cloud default Zone for provisoned resources" # type = list(string) # default = ["a", "b", "c"] # } # variable "app_cidrs" { # type = list(string) # default = ["192.168.1.0/24", "192.168.50.0/24", "192.168.70.0/24"] # } # variable "var_elk_node_preset" { # default = "s2.micro" # } # variable "var_elk_node_disk_size" { # default = "60" # } ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/update-opensearch-scheme/content-for-transfer/dashboard.ndjson ================================================ {"attributes":{"fieldAttrs":"{\"cloud.cloud.id\":{\"count\":2},\"event.action\":{\"count\":4},\"cloud.cloud.name\":{\"count\":1},\"cloud.folder.name\":{\"count\":1},\"details.product_ids\":{\"count\":2},\"details.rules.cidr_blocks.v4_cidr_blocks\":{\"count\":1},\"event.id\":{\"count\":2},\"event.module\":{\"count\":3},\"event_time\":{\"count\":2},\"source.address\":{\"count\":2},\"source.ip\":{\"count\":2},\"user.authorization\":{\"count\":1},\"user.name\":{\"count\":1},\"user.type\":{\"count\":1},\"user_agent.original\":{\"count\":3},\"details.access_binding_deltas.access_binding.role_id\":{\"count\":1},\"details.access_binding_deltas.access_binding.subject_name\":{\"count\":1}}","fields":"[{\"count\":0,\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_type\",\"type\":\"string\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.cloud.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.cloud.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.cloud.id\"}}},{\"count\":0,\"name\":\"cloud.cloud.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.cloud.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.cloud.name\"}}},{\"count\":0,\"name\":\"cloud.folder.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.folder.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.folder.id\"}}},{\"count\":0,\"name\":\"cloud.folder.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.folder.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.folder.name\"}}},{\"count\":0,\"name\":\"cloud.image.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.image.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.image.id\"}}},{\"count\":0,\"name\":\"cloud.image.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.image.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.image.name\"}}},{\"count\":0,\"name\":\"cloud.image.source_uri\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.image.source_uri.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.image.source_uri\"}}},{\"count\":0,\"name\":\"cloud.instance.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.instance.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.instance.id\"}}},{\"count\":0,\"name\":\"cloud.instance.market_image\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.instance.market_image.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.instance.market_image\"}}},{\"count\":0,\"name\":\"cloud.instance.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.instance.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.instance.name\"}}},{\"count\":0,\"name\":\"cloud.machine.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.machine.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.machine.type\"}}},{\"count\":0,\"name\":\"cloud.org.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.org.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.org.id\"}}},{\"count\":0,\"name\":\"cloud.org.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.org.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.org.name\"}}},{\"count\":0,\"name\":\"cloud.provider\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.provider.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.provider\"}}},{\"count\":0,\"name\":\"cloud.service.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.service.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.service.name\"}}},{\"count\":0,\"name\":\"details.access_binding_deltas.access_binding.role_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.access_binding_deltas.access_binding.role_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.access_binding_deltas.access_binding.role_id\"}}},{\"count\":0,\"name\":\"details.access_binding_deltas.access_binding.subject_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.access_binding_deltas.access_binding.subject_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.access_binding_deltas.access_binding.subject_id\"}}},{\"count\":0,\"name\":\"details.access_binding_deltas.access_binding.subject_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.access_binding_deltas.access_binding.subject_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.access_binding_deltas.access_binding.subject_name\"}}},{\"count\":0,\"name\":\"details.access_binding_deltas.access_binding.subject_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.access_binding_deltas.access_binding.subject_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.access_binding_deltas.access_binding.subject_type\"}}},{\"count\":0,\"name\":\"details.access_binding_deltas.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.access_binding_deltas.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.access_binding_deltas.action\"}}},{\"count\":0,\"name\":\"details.access_key_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.access_key_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.access_key_id\"}}},{\"count\":0,\"name\":\"details.acl.grants.grant_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.acl.grants.grant_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.acl.grants.grant_type\"}}},{\"count\":0,\"name\":\"details.acl.grants.permission\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.acl.grants.permission.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.acl.grants.permission\"}}},{\"count\":0,\"name\":\"details.acl.grants.subject_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.acl.grants.subject_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.acl.grants.subject_id\"}}},{\"count\":0,\"name\":\"details.acl.grants.subject_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.acl.grants.subject_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.acl.grants.subject_name\"}}},{\"count\":0,\"name\":\"details.acl.grants.subject_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.acl.grants.subject_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.acl.grants.subject_type\"}}},{\"count\":0,\"name\":\"details.allocation_policy.zones.zone_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.allocation_policy.zones.zone_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.allocation_policy.zones.zone_id\"}}},{\"count\":0,\"name\":\"details.api_key_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.api_key_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.api_key_id\"}}},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.healthy_threshold\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.healthy_threshold.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.attached_target_groups.health_checks.healthy_threshold\"}}},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.http_options.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.http_options.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.attached_target_groups.health_checks.http_options.path\"}}},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.http_options.port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.http_options.port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.attached_target_groups.health_checks.http_options.port\"}}},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.interval\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.interval.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.attached_target_groups.health_checks.interval\"}}},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.attached_target_groups.health_checks.name\"}}},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.timeout\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.timeout.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.attached_target_groups.health_checks.timeout\"}}},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.unhealthy_threshold\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.unhealthy_threshold.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.attached_target_groups.health_checks.unhealthy_threshold\"}}},{\"count\":0,\"name\":\"details.attached_target_groups.target_group_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.attached_target_groups.target_group_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.attached_target_groups.target_group_id\"}}},{\"count\":0,\"name\":\"details.backup_config.backup_settings.backup_schedule.daily_backup_schedule.execute_time.hours\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.backup_config.backup_settings.backup_schedule.next_execute_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.backup_config.backup_settings.backup_time_to_live\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.backup_config.backup_settings.backup_time_to_live.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.backup_config.backup_settings.backup_time_to_live\"}}},{\"count\":0,\"name\":\"details.backup_config.backup_settings.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.backup_config.backup_settings.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.backup_config.backup_settings.name\"}}},{\"count\":0,\"name\":\"details.backup_config.backup_settings.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.backup_config.backup_settings.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.backup_config.backup_settings.type\"}}},{\"count\":0,\"name\":\"details.backup_settings.backup_schedule.daily_backup_schedule.execute_time.hours\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.backup_settings.backup_schedule.next_execute_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.backup_settings.backup_time_to_live\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.backup_settings.backup_time_to_live.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.backup_settings.backup_time_to_live\"}}},{\"count\":0,\"name\":\"details.backup_settings.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.backup_settings.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.backup_settings.name\"}}},{\"count\":0,\"name\":\"details.backup_settings.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.backup_settings.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.backup_settings.type\"}}},{\"count\":0,\"name\":\"details.block_size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.block_size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.block_size\"}}},{\"count\":0,\"name\":\"details.boot_disk.auto_delete\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.boot_disk.device_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.boot_disk.device_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.boot_disk.device_name\"}}},{\"count\":0,\"name\":\"details.boot_disk.disk_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.boot_disk.disk_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.boot_disk.disk_id\"}}},{\"count\":0,\"name\":\"details.boot_disk.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.boot_disk.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.boot_disk.mode\"}}},{\"count\":0,\"name\":\"details.boot_disk_spec.auto_delete\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.boot_disk_spec.disk_spec.image_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.boot_disk_spec.disk_spec.image_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.boot_disk_spec.disk_spec.image_id\"}}},{\"count\":0,\"name\":\"details.boot_disk_spec.disk_spec.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.boot_disk_spec.disk_spec.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.boot_disk_spec.disk_spec.size\"}}},{\"count\":0,\"name\":\"details.boot_disk_spec.disk_spec.type_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.boot_disk_spec.disk_spec.type_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.boot_disk_spec.disk_spec.type_id\"}}},{\"count\":0,\"name\":\"details.boot_disk_spec.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.boot_disk_spec.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.boot_disk_spec.mode\"}}},{\"count\":0,\"name\":\"details.certificate_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.certificate_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.certificate_id\"}}},{\"count\":0,\"name\":\"details.certificate_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.certificate_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.certificate_name\"}}},{\"count\":0,\"name\":\"details.certificate_status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.certificate_status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.certificate_status\"}}},{\"count\":0,\"name\":\"details.cluster_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.cluster_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.cluster_id\"}}},{\"count\":0,\"name\":\"details.completed_at\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.compute_status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.compute_status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.compute_status\"}}},{\"count\":0,\"name\":\"details.connection_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.connection_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.connection_id\"}}},{\"count\":0,\"name\":\"details.created_at\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.database_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.database_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.database_id\"}}},{\"count\":0,\"name\":\"details.database_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.database_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.database_name\"}}},{\"count\":0,\"name\":\"details.default_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.default_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.default_algorithm\"}}},{\"count\":0,\"name\":\"details.default_for_network\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.deploy_policy.max_expansion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.deploy_policy.max_expansion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.deploy_policy.max_expansion\"}}},{\"count\":0,\"name\":\"details.deploy_policy.strategy\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.deploy_policy.strategy.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.deploy_policy.strategy\"}}},{\"count\":0,\"name\":\"details.destination.data_stream.database_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.destination.data_stream.database_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.destination.data_stream.database_id\"}}},{\"count\":0,\"name\":\"details.destination.data_stream.stream_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.destination.data_stream.stream_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.destination.data_stream.stream_name\"}}},{\"count\":0,\"name\":\"details.disk_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.disk_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.disk_id\"}}},{\"count\":0,\"name\":\"details.disk_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.disk_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.disk_name\"}}},{\"count\":0,\"name\":\"details.document_api_endpoint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.document_api_endpoint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.document_api_endpoint\"}}},{\"count\":0,\"name\":\"details.domains\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.domains.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.domains\"}}},{\"count\":0,\"name\":\"details.endpoint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.endpoint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.endpoint\"}}},{\"count\":0,\"name\":\"details.execute_mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.execute_mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.execute_mode\"}}},{\"count\":0,\"name\":\"details.folder_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.folder_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.folder_id\"}}},{\"count\":0,\"name\":\"details.folder_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.folder_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.folder_name\"}}},{\"count\":0,\"name\":\"details.fqdn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.fqdn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.fqdn\"}}},{\"count\":0,\"name\":\"details.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.hostname\"}}},{\"count\":0,\"name\":\"details.instance_group_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_group_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_group_id\"}}},{\"count\":0,\"name\":\"details.instance_group_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_group_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_group_name\"}}},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.disk_spec.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.disk_spec.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.boot_disk_spec.disk_spec.description\"}}},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.disk_spec.image_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.disk_spec.image_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.boot_disk_spec.disk_spec.image_id\"}}},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.disk_spec.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.disk_spec.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.boot_disk_spec.disk_spec.size\"}}},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.disk_spec.type_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.disk_spec.type_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.boot_disk_spec.disk_spec.type_id\"}}},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.boot_disk_spec.mode\"}}},{\"count\":0,\"name\":\"details.instance_template.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.description\"}}},{\"count\":0,\"name\":\"details.instance_template.labels.managed-kubernetes-cluster-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.labels.managed-kubernetes-cluster-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.labels.managed-kubernetes-cluster-id\"}}},{\"count\":0,\"name\":\"details.instance_template.labels.managed-kubernetes-node-group-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.labels.managed-kubernetes-node-group-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.labels.managed-kubernetes-node-group-id\"}}},{\"count\":0,\"name\":\"details.instance_template.metadata.etc-kubernetes-bootstrap-kubeconfig-conf\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.metadata.etc-kubernetes-bootstrap-kubeconfig-conf.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.metadata.etc-kubernetes-bootstrap-kubeconfig-conf\"}}},{\"count\":0,\"name\":\"details.instance_template.metadata.etc-kubernetes-pki-ca-crt\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.metadata.etc-kubernetes-pki-ca-crt.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.metadata.etc-kubernetes-pki-ca-crt\"}}},{\"count\":0,\"name\":\"details.instance_template.metadata.internal-metadata-live-update-keys\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.metadata.internal-metadata-live-update-keys.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.metadata.internal-metadata-live-update-keys\"}}},{\"count\":0,\"name\":\"details.instance_template.metadata.k8s-runtime-bootstrap-yaml\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.metadata.k8s-runtime-bootstrap-yaml.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.metadata.k8s-runtime-bootstrap-yaml\"}}},{\"count\":0,\"name\":\"details.instance_template.metadata.kubelet_secondary_env_options_file\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.metadata.kubelet_secondary_env_options_file.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.metadata.kubelet_secondary_env_options_file\"}}},{\"count\":0,\"name\":\"details.instance_template.metadata.ssh-keys\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.metadata.ssh-keys.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.metadata.ssh-keys\"}}},{\"count\":0,\"name\":\"details.instance_template.metadata.user-data\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.metadata.user-data.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.metadata.user-data\"}}},{\"count\":0,\"name\":\"details.instance_template.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version\"}}},{\"count\":0,\"name\":\"details.instance_template.network_interface_specs.subnet_ids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.network_interface_specs.subnet_ids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.network_interface_specs.subnet_ids\"}}},{\"count\":0,\"name\":\"details.instance_template.network_settings.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.network_settings.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.network_settings.type\"}}},{\"count\":0,\"name\":\"details.instance_template.platform_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.platform_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.platform_id\"}}},{\"count\":0,\"name\":\"details.instance_template.resources_spec.core_fraction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.resources_spec.core_fraction.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.resources_spec.core_fraction\"}}},{\"count\":0,\"name\":\"details.instance_template.resources_spec.cores\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.resources_spec.cores.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.resources_spec.cores\"}}},{\"count\":0,\"name\":\"details.instance_template.resources_spec.memory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.resources_spec.memory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.resources_spec.memory\"}}},{\"count\":0,\"name\":\"details.instance_template.service_account_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.service_account_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.service_account_id\"}}},{\"count\":0,\"name\":\"details.issued_at\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.key_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.key_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.key_id\"}}},{\"count\":0,\"name\":\"details.key_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.key_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.key_name\"}}},{\"count\":0,\"name\":\"details.key_status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.key_status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.key_status\"}}},{\"count\":0,\"name\":\"details.list_access\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.list_access.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.list_access\"}}},{\"count\":0,\"name\":\"details.listeners.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.listeners.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.listeners.address\"}}},{\"count\":0,\"name\":\"details.listeners.ip_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.listeners.ip_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.listeners.ip_version\"}}},{\"count\":0,\"name\":\"details.listeners.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.listeners.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.listeners.name\"}}},{\"count\":0,\"name\":\"details.listeners.port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.listeners.port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.listeners.port\"}}},{\"count\":0,\"name\":\"details.listeners.protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.listeners.protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.listeners.protocol\"}}},{\"count\":0,\"name\":\"details.listeners.target_port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.listeners.target_port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.listeners.target_port\"}}},{\"count\":0,\"name\":\"details.location_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.location_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.location_id\"}}},{\"count\":0,\"name\":\"details.max_size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.max_size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.max_size\"}}},{\"count\":0,\"name\":\"details.metadata_keys\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.metadata_keys.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.metadata_keys\"}}},{\"count\":0,\"name\":\"details.metadata_serial_port_enable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.metadata_serial_port_enable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.metadata_serial_port_enable\"}}},{\"count\":0,\"name\":\"details.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.name\"}}},{\"count\":0,\"name\":\"details.network_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_id\"}}},{\"count\":0,\"name\":\"details.network_interface_index\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interface_index.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interface_index\"}}},{\"count\":0,\"name\":\"details.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.address\"}}},{\"count\":0,\"name\":\"details.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version\"}}},{\"count\":0,\"name\":\"details.network_interface_specs.security_group_ids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interface_specs.security_group_ids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interface_specs.security_group_ids\"}}},{\"count\":0,\"name\":\"details.network_interface_specs.subnet_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interface_specs.subnet_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interface_specs.subnet_id\"}}},{\"count\":0,\"name\":\"details.network_interfaces.index\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interfaces.index.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interfaces.index\"}}},{\"count\":0,\"name\":\"details.network_interfaces.mac_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interfaces.mac_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interfaces.mac_address\"}}},{\"count\":0,\"name\":\"details.network_interfaces.primary_v4_address.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interfaces.primary_v4_address.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interfaces.primary_v4_address.address\"}}},{\"count\":0,\"name\":\"details.network_interfaces.primary_v4_address.one_to_one_nat.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interfaces.primary_v4_address.one_to_one_nat.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interfaces.primary_v4_address.one_to_one_nat.address\"}}},{\"count\":0,\"name\":\"details.network_interfaces.primary_v4_address.one_to_one_nat.ip_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interfaces.primary_v4_address.one_to_one_nat.ip_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interfaces.primary_v4_address.one_to_one_nat.ip_version\"}}},{\"count\":0,\"name\":\"details.network_interfaces.security_group_ids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interfaces.security_group_ids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interfaces.security_group_ids\"}}},{\"count\":0,\"name\":\"details.network_interfaces.subnet_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interfaces.subnet_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interfaces.subnet_id\"}}},{\"count\":0,\"name\":\"details.network_load_balancer_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_load_balancer_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_load_balancer_id\"}}},{\"count\":0,\"name\":\"details.network_load_balancer_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_load_balancer_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_load_balancer_name\"}}},{\"count\":0,\"name\":\"details.network_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_name\"}}},{\"count\":0,\"name\":\"details.network_settings.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_settings.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_settings.type\"}}},{\"count\":0,\"name\":\"details.not_after\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.not_before\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.objects_access\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.objects_access.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.objects_access\"}}},{\"count\":0,\"name\":\"details.one_to_one_nat_spec.ip_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.one_to_one_nat_spec.ip_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.one_to_one_nat_spec.ip_version\"}}},{\"count\":0,\"name\":\"details.os.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.os.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.os.type\"}}},{\"count\":0,\"name\":\"details.path_filter.root.any_filter.resource.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.path_filter.root.any_filter.resource.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.path_filter.root.any_filter.resource.id\"}}},{\"count\":0,\"name\":\"details.path_filter.root.any_filter.resource.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.path_filter.root.any_filter.resource.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.path_filter.root.any_filter.resource.type\"}}},{\"count\":0,\"name\":\"details.primary_version_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.primary_version_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.primary_version_algorithm\"}}},{\"count\":0,\"name\":\"details.primary_version_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.primary_version_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.primary_version_id\"}}},{\"count\":0,\"name\":\"details.primary_version_status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.primary_version_status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.primary_version_status\"}}},{\"count\":0,\"name\":\"details.product_ids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.product_ids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.product_ids\"}}},{\"count\":0,\"name\":\"details.query_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.query_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.query_id\"}}},{\"count\":0,\"name\":\"details.region_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.region_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.region_id\"}}},{\"count\":0,\"name\":\"details.resources.core_fraction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.resources.core_fraction.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.resources.core_fraction\"}}},{\"count\":0,\"name\":\"details.resources.cores\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.resources.cores.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.resources.cores\"}}},{\"count\":0,\"name\":\"details.resources.memory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.resources.memory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.resources.memory\"}}},{\"count\":0,\"name\":\"details.resources_spec.core_fraction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.resources_spec.core_fraction.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.resources_spec.core_fraction\"}}},{\"count\":0,\"name\":\"details.resources_spec.cores\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.resources_spec.cores.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.resources_spec.cores\"}}},{\"count\":0,\"name\":\"details.resources_spec.memory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.resources_spec.memory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.resources_spec.memory\"}}},{\"count\":0,\"name\":\"details.route_table_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.route_table_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.route_table_id\"}}},{\"count\":0,\"name\":\"details.rule\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rule.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rule\"}}},{\"count\":0,\"name\":\"details.rules.cidr_blocks.v4_cidr_blocks\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.cidr_blocks.v4_cidr_blocks.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.cidr_blocks.v4_cidr_blocks\"}}},{\"count\":0,\"name\":\"details.rules.cidr_blocks.v6_cidr_blocks\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.cidr_blocks.v6_cidr_blocks.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.cidr_blocks.v6_cidr_blocks\"}}},{\"count\":0,\"name\":\"details.rules.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.description\"}}},{\"count\":0,\"name\":\"details.rules.direction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.direction.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.direction\"}}},{\"count\":0,\"name\":\"details.rules.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.id\"}}},{\"count\":0,\"name\":\"details.rules.ports.from_port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.ports.from_port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.ports.from_port\"}}},{\"count\":0,\"name\":\"details.rules.ports.to_port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.ports.to_port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.ports.to_port\"}}},{\"count\":0,\"name\":\"details.rules.predefined_target\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.predefined_target.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.predefined_target\"}}},{\"count\":0,\"name\":\"details.rules.protocol_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.protocol_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.protocol_name\"}}},{\"count\":0,\"name\":\"details.rules.protocol_number\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.protocol_number.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.protocol_number\"}}},{\"count\":0,\"name\":\"details.scale_policy.fixed_scale.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.scale_policy.fixed_scale.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.scale_policy.fixed_scale.size\"}}},{\"count\":0,\"name\":\"details.secondary_disk_specs.auto_delete\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disk_specs.disk_id\"}}},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_spec.block_size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_spec.block_size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disk_specs.disk_spec.block_size\"}}},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_spec.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_spec.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disk_specs.disk_spec.name\"}}},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_spec.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_spec.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disk_specs.disk_spec.size\"}}},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_spec.type_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_spec.type_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disk_specs.disk_spec.type_id\"}}},{\"count\":0,\"name\":\"details.secondary_disk_specs.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disk_specs.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disk_specs.mode\"}}},{\"count\":0,\"name\":\"details.secondary_disks.auto_delete\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.secondary_disks.device_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disks.device_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disks.device_name\"}}},{\"count\":0,\"name\":\"details.secondary_disks.disk_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disks.disk_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disks.disk_id\"}}},{\"count\":0,\"name\":\"details.secondary_disks.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disks.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disks.mode\"}}},{\"count\":0,\"name\":\"details.security_group_ids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.security_group_ids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.security_group_ids\"}}},{\"count\":0,\"name\":\"details.security_group_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.security_group_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.security_group_name\"}}},{\"count\":0,\"name\":\"details.serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.serial\"}}},{\"count\":0,\"name\":\"details.serverless_database.enable_throttling_rcu_limit\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.serverless_database.storage_size_limit\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.serverless_database.storage_size_limit.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.serverless_database.storage_size_limit\"}}},{\"count\":0,\"name\":\"details.serverless_database.throttling_rcu_limit\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.serverless_database.throttling_rcu_limit.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.serverless_database.throttling_rcu_limit\"}}},{\"count\":0,\"name\":\"details.service_account_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.service_account_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.service_account_id\"}}},{\"count\":1,\"name\":\"details.service_account_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.service_account_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.service_account_name\"}}},{\"count\":0,\"name\":\"details.settings_read_access\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.settings_read_access.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.settings_read_access\"}}},{\"count\":0,\"name\":\"details.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.size\"}}},{\"count\":0,\"name\":\"details.snapshot_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.snapshot_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.snapshot_id\"}}},{\"count\":0,\"name\":\"details.snapshot_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.snapshot_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.snapshot_name\"}}},{\"count\":0,\"name\":\"details.source_image_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.source_image_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.source_image_id\"}}},{\"count\":0,\"name\":\"details.started_at\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.static_routes.destination_prefix\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.static_routes.destination_prefix.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.static_routes.destination_prefix\"}}},{\"count\":0,\"name\":\"details.static_routes.labels.ClusterId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.static_routes.labels.ClusterId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.static_routes.labels.ClusterId\"}}},{\"count\":0,\"name\":\"details.static_routes.labels.NodeName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.static_routes.labels.NodeName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.static_routes.labels.NodeName\"}}},{\"count\":0,\"name\":\"details.static_routes.next_hop_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.static_routes.next_hop_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.static_routes.next_hop_address\"}}},{\"count\":0,\"name\":\"details.status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.status\"}}},{\"count\":0,\"name\":\"details.storage_class\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.storage_class.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.storage_class\"}}},{\"count\":0,\"name\":\"details.subnet_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.subnet_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.subnet_id\"}}},{\"count\":0,\"name\":\"details.subnet_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.subnet_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.subnet_name\"}}},{\"count\":0,\"name\":\"details.target_group_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.target_group_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.target_group_id\"}}},{\"count\":0,\"name\":\"details.target_group_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.target_group_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.target_group_name\"}}},{\"count\":0,\"name\":\"details.targets.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.targets.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.targets.address\"}}},{\"count\":0,\"name\":\"details.targets.subnet_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.targets.subnet_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.targets.subnet_id\"}}},{\"count\":0,\"name\":\"details.text_length\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.text_length.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.text_length\"}}},{\"count\":0,\"name\":\"details.trail_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.trail_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.trail_id\"}}},{\"count\":0,\"name\":\"details.trail_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.trail_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.trail_name\"}}},{\"count\":0,\"name\":\"details.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.type\"}}},{\"count\":0,\"name\":\"details.type_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.type_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.type_id\"}}},{\"count\":0,\"name\":\"details.update_mask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.update_mask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.update_mask\"}}},{\"count\":0,\"name\":\"details.user_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.user_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.user_name\"}}},{\"count\":0,\"name\":\"details.v4_cidr_blocks\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.v4_cidr_blocks.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.v4_cidr_blocks\"}}},{\"count\":0,\"name\":\"details.visibility\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.visibility.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.visibility\"}}},{\"count\":0,\"name\":\"details.zone_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.zone_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.zone_id\"}}},{\"count\":0,\"name\":\"error.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"error.details.@type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"error.details.@type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"error.details.@type\"}}},{\"count\":0,\"name\":\"error.details.locale\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"error.details.locale.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"error.details.locale\"}}},{\"count\":0,\"name\":\"error.details.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"error.details.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"error.details.message\"}}},{\"count\":0,\"name\":\"error.details.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"error.details.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"error.details.type\"}}},{\"count\":0,\"name\":\"error.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"error.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"error.message\"}}},{\"count\":0,\"name\":\"event.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.action\"}}},{\"count\":0,\"name\":\"event.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.category\"}}},{\"count\":0,\"name\":\"event.dataset\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.dataset.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.dataset\"}}},{\"count\":0,\"name\":\"event.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.id\"}}},{\"count\":0,\"name\":\"event.kind\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.kind.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.kind\"}}},{\"count\":0,\"name\":\"event.module\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.module.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.module\"}}},{\"count\":0,\"name\":\"event.outcome\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.outcome.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.outcome\"}}},{\"count\":0,\"name\":\"event.status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.status\"}}},{\"count\":0,\"name\":\"event_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geoip.continent_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"geoip.continent_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"geoip.continent_name\"}}},{\"count\":0,\"name\":\"geoip.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"geoip.country_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"geoip.country_iso_code\"}}},{\"count\":0,\"name\":\"geoip.country_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"geoip.country_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"geoip.country_name\"}}},{\"count\":0,\"name\":\"geoip.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"object_storage.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"object_storage.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"object_storage.id\"}}},{\"count\":0,\"name\":\"request_metadata.remote_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_metadata.remote_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_metadata.remote_address\"}}},{\"count\":0,\"name\":\"request_metadata.request_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_metadata.request_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_metadata.request_id\"}}},{\"count\":0,\"name\":\"request_parameters.access_binding_deltas.access_binding.role_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.access_binding_deltas.access_binding.role_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.access_binding_deltas.access_binding.role_id\"}}},{\"count\":0,\"name\":\"request_parameters.access_binding_deltas.access_binding.subject.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.access_binding_deltas.access_binding.subject.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.access_binding_deltas.access_binding.subject.id\"}}},{\"count\":0,\"name\":\"request_parameters.access_binding_deltas.access_binding.subject.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.access_binding_deltas.access_binding.subject.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.access_binding_deltas.access_binding.subject.type\"}}},{\"count\":0,\"name\":\"request_parameters.access_binding_deltas.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.access_binding_deltas.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.access_binding_deltas.action\"}}},{\"count\":0,\"name\":\"request_parameters.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.action\"}}},{\"count\":0,\"name\":\"request_parameters.backup_config.backup_settings.backup_schedule.daily_backup_schedule.execute_time.hours\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"request_parameters.backup_config.backup_settings.backup_time_to_live\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.backup_config.backup_settings.backup_time_to_live.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.backup_config.backup_settings.backup_time_to_live\"}}},{\"count\":0,\"name\":\"request_parameters.backup_config.backup_settings.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.backup_config.backup_settings.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.backup_config.backup_settings.name\"}}},{\"count\":0,\"name\":\"request_parameters.backup_config.backup_settings.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.backup_config.backup_settings.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.backup_config.backup_settings.type\"}}},{\"count\":0,\"name\":\"request_parameters.backup_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.backup_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.backup_id\"}}},{\"count\":0,\"name\":\"request_parameters.certificate_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.certificate_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.certificate_id\"}}},{\"count\":0,\"name\":\"request_parameters.cluster_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.cluster_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.cluster_id\"}}},{\"count\":0,\"name\":\"request_parameters.config_spec.autofailover\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"request_parameters.config_spec.backup_retain_period_days\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.config_spec.backup_retain_period_days.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.config_spec.backup_retain_period_days\"}}},{\"count\":0,\"name\":\"request_parameters.config_spec.performance_diagnostics.sessions_sampling_interval\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.config_spec.performance_diagnostics.sessions_sampling_interval.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.config_spec.performance_diagnostics.sessions_sampling_interval\"}}},{\"count\":0,\"name\":\"request_parameters.config_spec.performance_diagnostics.statements_sampling_interval\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.config_spec.performance_diagnostics.statements_sampling_interval.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.config_spec.performance_diagnostics.statements_sampling_interval\"}}},{\"count\":0,\"name\":\"request_parameters.config_spec.resources.disk_size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.config_spec.resources.disk_size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.config_spec.resources.disk_size\"}}},{\"count\":0,\"name\":\"request_parameters.config_spec.resources.disk_type_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.config_spec.resources.disk_type_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.config_spec.resources.disk_type_id\"}}},{\"count\":0,\"name\":\"request_parameters.config_spec.resources.resource_preset_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.config_spec.resources.resource_preset_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.config_spec.resources.resource_preset_id\"}}},{\"count\":0,\"name\":\"request_parameters.config_spec.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.config_spec.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.config_spec.version\"}}},{\"count\":0,\"name\":\"request_parameters.database_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.database_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.database_id\"}}},{\"count\":0,\"name\":\"request_parameters.database_specs.lc_collate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.database_specs.lc_collate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.database_specs.lc_collate\"}}},{\"count\":0,\"name\":\"request_parameters.database_specs.lc_ctype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.database_specs.lc_ctype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.database_specs.lc_ctype\"}}},{\"count\":0,\"name\":\"request_parameters.database_specs.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.database_specs.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.database_specs.name\"}}},{\"count\":0,\"name\":\"request_parameters.database_specs.owner\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.database_specs.owner.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.database_specs.owner\"}}},{\"count\":0,\"name\":\"request_parameters.default_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.default_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.default_algorithm\"}}},{\"count\":0,\"name\":\"request_parameters.environment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.environment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.environment\"}}},{\"count\":0,\"name\":\"request_parameters.execute_mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.execute_mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.execute_mode\"}}},{\"count\":0,\"name\":\"request_parameters.folder_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.folder_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.folder_id\"}}},{\"count\":0,\"name\":\"request_parameters.host_specs.priority\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.host_specs.priority.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.host_specs.priority\"}}},{\"count\":0,\"name\":\"request_parameters.host_specs.subnet_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.host_specs.subnet_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.host_specs.subnet_id\"}}},{\"count\":0,\"name\":\"request_parameters.host_specs.zone_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.host_specs.zone_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.host_specs.zone_id\"}}},{\"count\":0,\"name\":\"request_parameters.key_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.key_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.key_id\"}}},{\"count\":0,\"name\":\"request_parameters.location_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.location_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.location_id\"}}},{\"count\":0,\"name\":\"request_parameters.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.name\"}}},{\"count\":0,\"name\":\"request_parameters.network_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.network_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.network_id\"}}},{\"count\":0,\"name\":\"request_parameters.query_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.query_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.query_id\"}}},{\"count\":0,\"name\":\"request_parameters.serverless_database.enable_throttling_rcu_limit\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"request_parameters.serverless_database.storage_size_limit\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.serverless_database.storage_size_limit.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.serverless_database.storage_size_limit\"}}},{\"count\":0,\"name\":\"request_parameters.serverless_database.throttling_rcu_limit\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.serverless_database.throttling_rcu_limit.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.serverless_database.throttling_rcu_limit\"}}},{\"count\":0,\"name\":\"request_parameters.state_load_mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.state_load_mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.state_load_mode\"}}},{\"count\":0,\"name\":\"request_parameters.text_length\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.text_length.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.text_length\"}}},{\"count\":0,\"name\":\"request_parameters.trail_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.trail_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.trail_id\"}}},{\"count\":0,\"name\":\"request_parameters.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.type\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.allocation_policy.zones.zone_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.allocation_policy.zones.zone_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.allocation_policy.zones.zone_id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.deploy_policy.max_expansion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.deploy_policy.max_expansion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.deploy_policy.max_expansion\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_group_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_group_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_group_id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.description\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.image_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.image_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.image_id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.size\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.type_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.type_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.type_id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.mode\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.description\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.labels.managed-kubernetes-cluster-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.labels.managed-kubernetes-cluster-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.labels.managed-kubernetes-cluster-id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.labels.managed-kubernetes-node-group-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.labels.managed-kubernetes-node-group-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.labels.managed-kubernetes-node-group-id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.metadata\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.metadata.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.metadata\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.network_interface_specs.subnet_ids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.network_interface_specs.subnet_ids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.network_interface_specs.subnet_ids\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.platform_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.platform_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.platform_id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.resources_spec.core_fraction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.resources_spec.core_fraction.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.resources_spec.core_fraction\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.resources_spec.cores\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.resources_spec.cores.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.resources_spec.cores\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.resources_spec.memory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.resources_spec.memory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.resources_spec.memory\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.service_account_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.service_account_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.service_account_id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.scale_policy.fixed_scale.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.scale_policy.fixed_scale.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.scale_policy.fixed_scale.size\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.service_account_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.service_account_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.service_account_id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.update_mask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.update_mask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.update_mask\"}}},{\"count\":0,\"name\":\"request_parameters.user_specs.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.user_specs.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.user_specs.name\"}}},{\"count\":0,\"name\":\"request_parameters.visibility\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.visibility.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.visibility\"}}},{\"count\":0,\"name\":\"resource_metadata.path.resource_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"resource_metadata.path.resource_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"resource_metadata.path.resource_id\"}}},{\"count\":0,\"name\":\"resource_metadata.path.resource_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"resource_metadata.path.resource_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"resource_metadata.path.resource_name\"}}},{\"count\":0,\"name\":\"resource_metadata.path.resource_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"resource_metadata.path.resource_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"resource_metadata.path.resource_type\"}}},{\"count\":0,\"name\":\"response.operation_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"response.operation_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"response.operation_id\"}}},{\"count\":0,\"name\":\"security_group.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"security_group.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"security_group.id\"}}},{\"count\":0,\"name\":\"source.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"source.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.address\"}}},{\"count\":4,\"name\":\"source.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"user.authenticated\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"user.authorization\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"user.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"user.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.id\"}}},{\"count\":0,\"name\":\"user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.name\"}}},{\"count\":0,\"name\":\"user.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"user.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.type\"}}},{\"count\":0,\"name\":\"user_agent.original\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"user_agent.original.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user_agent.original\"}}}]","runtimeFieldMap":"{}","timeFieldName":"event_time","title":"audit-trails*"},"id":"33978670-e543-11eb-b941-f7bd9d79b315","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2022-08-14T13:06:23.156Z","version":"WzEwNSwxXQ=="} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"folder-filter","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"folder-filter\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1660319376465\",\"fieldName\":\"cloud.folder.name.keyword\",\"parent\":\"\",\"label\":\"Folder-filter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}"},"id":"714b3fe0-1a56-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-12T15:50:08.861Z","version":"WzQ5LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"folder-filter (copy)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"folder-filter (copy)\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1660319376465\",\"fieldName\":\"cloud.cloud.name.keyword\",\"parent\":\"\",\"label\":\"Cloud-filter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}"},"id":"90a57640-1ae1-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-13T08:26:46.386Z","version":"WzYxLDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"folder-filter (copy 1)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"folder-filter (copy 1)\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1660319376465\",\"fieldName\":\"cloud.org.name.keyword\",\"parent\":\"\",\"label\":\"Org-filter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}"},"id":"92454390-1ae1-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-13T08:33:23.598Z","version":"WzY0LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Types of events","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Types of events\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"aff2df40-1a57-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-12T15:59:31.726Z","version":"WzUyLDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Events","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Events\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.module.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"338918e0-1ae1-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-13T08:23:25.293Z","version":"WzU2LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"User types","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"User types\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"user.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"group\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"event_time\",\"timeRange\":{\"from\":\"now-15d\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"756e1380-1ae3-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-13T08:39:34.839Z","version":"WzY2LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Map","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Map\",\"type\":\"tile_map\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2,\"useGeocentroid\":true,\"isFilteredByCollar\":true},\"schema\":\"segment\"}],\"params\":{\"colorSchema\":\"Yellow to Red\",\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":1.5,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"\",\"options\":{\"version\":\"\",\"layers\":\"\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"\",\"styles\":\"\"},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":14,\"attribution\":\"Map data © OpenStreetMap contributors\"}}}}"},"id":"41af8bd0-1ae5-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-13T08:52:27.020Z","version":"WzcxLDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: vpc.publicAdmin\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"vpc.publicAdmin","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vpc.publicAdmin\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Role: vpc.publicAdmin\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"80c5cb80-1ae6-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-13T09:01:22.360Z","version":"Wzc0LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit. kms. *SymmetricKeyAccessBindings\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"kms binding","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"kms binding\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Role: binding on KMS key\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"b8b6c760-1ae6-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-13T09:02:56.214Z","version":"Wzc1LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.iam.CreateAccessKey or yandex.cloud.audit.iam.CreateKey or yandex.cloud.audit.iam.CreateApiKey)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Creation of sa key","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Creation of sa key\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Creation of sa keys\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"b3b4ebd0-1bc1-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:10:27.596Z","version":"Wzc3LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: admin\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"role admin","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"role admin\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Role: Admin\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"f3cb2bd0-1bc1-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:12:15.117Z","version":"Wzc4LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.AddInstanceOneToOneNat\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"add public ip","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"add public ip\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"VPC: add Public IP to VM\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"7f192e10-1bc4-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:30:27.824Z","version":"Wzg2LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and (event.action: yandex.cloud.audit.network.CreateSecurityGroup or yandex.cloud.audit.network.UpdateSecurityGroup) and details.rules.direction: INGRESS and details.rules.cidr_blocks.v4_cidr_blocks: *0.0.0.0*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"sg with 0","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"sg with 0\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"VPC: SG with 0.0.0.0/0\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"b174b870-1bc4-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:32:33.754Z","version":"Wzg4LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateInstance and details.network_interfaces.index: 1\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"vm with 2 int","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vm with 2 int\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"VM with 2 interfaces\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"f0ec9590-1bc4-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:33:38.793Z","version":"Wzg5LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.*SecurityGroup \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"actions with sg","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"actions with sg\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"VPC: Create/change/delete SG\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"1a4bb5b0-1bc5-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:34:48.202Z","version":"WzkwLDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.CreateAddress and not details.external_ipv4_address.requirements.ddos_protection_provider: qrator\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"without ddos","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"without ddos\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"VPC: Create pub IP without AntiDDos\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"8d3680a0-1bc5-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:38:37.270Z","version":"WzkyLDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and error.message: Permission denied\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Permission deny","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"Permission deny\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Unauthorized action\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Ip address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"597cb0b0-1bc3-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:24:43.986Z","version":"WzgzLDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and error.message: Permission denied\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"deny","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"deny\",\"type\":\"gauge\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Unauthorized events\"},\"schema\":\"metric\"}],\"params\":{\"type\":\"gauge\",\"addTooltip\":true,\"addLegend\":true,\"isDisplayWarning\":false,\"gauge\":{\"alignment\":\"automatic\",\"extendRange\":true,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":50},{\"from\":50,\"to\":75},{\"from\":75,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":true,\"labels\":false,\"color\":\"rgba(105,112,125,0.2)\"},\"type\":\"meter\",\"style\":{\"bgWidth\":0.9,\"width\":0.9,\"mask\":false,\"bgMask\":false,\"maskBars\":50,\"bgFill\":\"rgba(105,112,125,0.2)\",\"bgColor\":true,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"de0781c0-1bc3-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:25:57.596Z","version":"Wzg0LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"(event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.storage.BucketAclUpdate and details.acl.grants.grant_type: \\\"ALL_USERS\\\") or (event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.storage.BucketUpdate and (details.objects_access: true or details.settings_read_access: true or details.list_access: true))\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"s3 public","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"s3 public\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"S3: Become Public\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"f1c302f0-1bc5-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:40:49.694Z","version":"WzkzLDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.storage.BucketAclUpdate or yandex.cloud.audit.storage.BucketPolicyUpdate)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"s3 change","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"s3 change\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"S3: Change ACL/Policy\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"2dbc1990-1bc6-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:42:30.313Z","version":"Wzk0LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and user.type: SERVICE_ACCOUNT and not source.ip: (\\\"51.250.0.0/17\\\" or \\\"31.44.8.0/21\\\" or \\\"62.84.112.0/20\\\" or \\\"84.201.128.0/18\\\" or \\\"84.252.128.0/20\\\" or \\\"130.193.32.0/19\\\" or \\\"178.154.192.0/18\\\" or \\\"178.170.222.0/24\\\" or \\\"185.206.164.0/22\\\" or \\\"193.32.216.0/22\\\" or \\\"217.28.224.0/20\\\") and source.ip: *\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"sa outside","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"sa outside\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"IAM: sa connected from outside\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"82bd6c00-1bc6-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:44:52.927Z","version":"Wzk1LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and user.name : fdsgs\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"cloudowner","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"cloudowner\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Actions from cloud.owner\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"1c81bda0-1bc7-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:49:10.906Z","version":"Wzk3LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.outcome : success and event.action: yandex.cloud.audit.compute.CreateInstance and not details.network_interfaces.security_group_ids: *\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"vmwithoutsg","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vmwithoutsg\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"VM without SG\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"5be109b0-1bc7-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:50:57.227Z","version":"Wzk4LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and (user_agent.original: *YC/* or user_agent.original: *Terraform* or user_agent.original: *Yandex Cloud*)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"tforyc","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"tforyc\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"user_agent.original.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"user.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event_time\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"d83be840-1bc7-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T12:07:57.491Z","version":"WzEwMiwxXQ=="} {"attributes":{"columns":["cloud.cloud.name","cloud.folder.name","event.module","event.action","user.name","user.type","user.authorization","details.rules.cidr_blocks.v4_cidr_blocks","source.ip","user_agent.original","details.access_binding_deltas.access_binding.role_id","details.access_binding_deltas.access_binding.subject_name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["event_time","desc"]],"title":"Search:Yandexcloud: Yandexcloud: Interesting fields","version":1},"id":"0f828e70-e579-11eb-b941-f7bd9d79b315","migrationVersion":{"search":"7.9.3"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2022-08-05T08:18:46.223Z","version":"WzQ0LDFd"} {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"2.1.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":9,\"h\":7,\"i\":\"0e44c295-48f8-4ecc-a965-53889de2946f\"},\"panelIndex\":\"0e44c295-48f8-4ecc-a965-53889de2946f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":9,\"y\":0,\"w\":7,\"h\":7,\"i\":\"6185559e-c99b-4ca1-bc9f-47d5682a37c1\"},\"panelIndex\":\"6185559e-c99b-4ca1-bc9f-47d5682a37c1\",\"embeddableConfig\":{\"title\":\"cloud-filter\",\"hidePanelTitles\":false},\"title\":\"cloud-filter\",\"panelRefName\":\"panel_1\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":8,\"h\":7,\"i\":\"d600af34-caff-4d44-a5e3-330e02c04fde\"},\"panelIndex\":\"d600af34-caff-4d44-a5e3-330e02c04fde\",\"embeddableConfig\":{\"title\":\"org-filter\",\"hidePanelTitles\":false},\"title\":\"org-filter\",\"panelRefName\":\"panel_2\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":12,\"i\":\"fdaa5a66-eb33-4864-a866-d938557a9ac9\"},\"panelIndex\":\"fdaa5a66-eb33-4864-a866-d938557a9ac9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":10,\"i\":\"40613c0f-8190-4d9a-aa1b-a5c61429a731\"},\"panelIndex\":\"40613c0f-8190-4d9a-aa1b-a5c61429a731\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":24,\"y\":12,\"w\":24,\"h\":10,\"i\":\"d1e54c71-312e-4e68-a926-8798b42623c2\"},\"panelIndex\":\"d1e54c71-312e-4e68-a926-8798b42623c2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":0,\"y\":17,\"w\":24,\"h\":12,\"i\":\"98695507-21a5-4964-80fd-a322ef573868\"},\"panelIndex\":\"98695507-21a5-4964-80fd-a322ef573868\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_6\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":24,\"y\":22,\"w\":7,\"h\":7,\"i\":\"6a3555c2-6579-4382-b379-cb9097ee5874\"},\"panelIndex\":\"6a3555c2-6579-4382-b379-cb9097ee5874\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":31,\"y\":22,\"w\":6,\"h\":7,\"i\":\"54ad5c43-c565-4baf-8c16-f90674385c4e\"},\"panelIndex\":\"54ad5c43-c565-4baf-8c16-f90674385c4e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":37,\"y\":22,\"w\":5,\"h\":7,\"i\":\"12878024-5641-4f48-b5bf-b616013b345d\"},\"panelIndex\":\"12878024-5641-4f48-b5bf-b616013b345d\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":42,\"y\":22,\"w\":6,\"h\":7,\"i\":\"800643f4-5618-42b1-ab1e-43f931257372\"},\"panelIndex\":\"800643f4-5618-42b1-ab1e-43f931257372\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_10\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":0,\"y\":29,\"w\":5,\"h\":9,\"i\":\"c16dfec3-f7f3-4764-9a24-0c50f6ac9d18\"},\"panelIndex\":\"c16dfec3-f7f3-4764-9a24-0c50f6ac9d18\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_11\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":5,\"y\":29,\"w\":4,\"h\":9,\"i\":\"f0f4c7f0-a323-4f9e-8258-fa6bda0aa345\"},\"panelIndex\":\"f0f4c7f0-a323-4f9e-8258-fa6bda0aa345\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_12\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":9,\"y\":29,\"w\":4,\"h\":9,\"i\":\"79fbbc6c-f690-4b53-83d5-caf69cd5a7ce\"},\"panelIndex\":\"79fbbc6c-f690-4b53-83d5-caf69cd5a7ce\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_13\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":13,\"y\":29,\"w\":6,\"h\":9,\"i\":\"3214853c-0256-45f9-8328-4038a758c19a\"},\"panelIndex\":\"3214853c-0256-45f9-8328-4038a758c19a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_14\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":19,\"y\":29,\"w\":5,\"h\":9,\"i\":\"4bb223f8-1930-420a-81ee-13a2fd25053c\"},\"panelIndex\":\"4bb223f8-1930-420a-81ee-13a2fd25053c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_15\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":24,\"y\":29,\"w\":13,\"h\":8,\"i\":\"2b4b1b01-9c70-4804-bd60-04c3118f2563\"},\"panelIndex\":\"2b4b1b01-9c70-4804-bd60-04c3118f2563\",\"embeddableConfig\":{},\"panelRefName\":\"panel_16\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":37,\"y\":29,\"w\":11,\"h\":8,\"i\":\"7f135715-8180-41a5-b48f-7617b4c6f1a7\"},\"panelIndex\":\"7f135715-8180-41a5-b48f-7617b4c6f1a7\",\"embeddableConfig\":{\"vis\":null},\"panelRefName\":\"panel_17\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":24,\"y\":37,\"w\":5,\"h\":9,\"i\":\"5034d64f-5543-4cfd-9b6d-8007290a484c\"},\"panelIndex\":\"5034d64f-5543-4cfd-9b6d-8007290a484c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_18\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":29,\"y\":37,\"w\":4,\"h\":9,\"i\":\"31736d26-c08a-4a82-bd1b-e5d37a9a8d3d\"},\"panelIndex\":\"31736d26-c08a-4a82-bd1b-e5d37a9a8d3d\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_19\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":33,\"y\":37,\"w\":5,\"h\":9,\"i\":\"7881ef87-8678-4671-92d1-03243b7de696\"},\"panelIndex\":\"7881ef87-8678-4671-92d1-03243b7de696\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_20\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":38,\"y\":37,\"w\":4,\"h\":9,\"i\":\"f689ead4-2083-4933-8642-563080a0fe3e\"},\"panelIndex\":\"f689ead4-2083-4933-8642-563080a0fe3e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_21\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":42,\"y\":37,\"w\":6,\"h\":9,\"i\":\"7f4242d8-f8cb-4223-9ce9-4f651474799e\"},\"panelIndex\":\"7f4242d8-f8cb-4223-9ce9-4f651474799e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_22\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":24,\"h\":8,\"i\":\"49a188b5-0e1c-4fd4-8d7f-549905637158\"},\"panelIndex\":\"49a188b5-0e1c-4fd4-8d7f-549905637158\",\"embeddableConfig\":{},\"panelRefName\":\"panel_23\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":0,\"y\":46,\"w\":48,\"h\":12,\"i\":\"89e6396d-c8f7-468b-bc49-6412dc0ec13a\"},\"panelIndex\":\"89e6396d-c8f7-468b-bc49-6412dc0ec13a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_24\"}]","timeRestore":false,"title":"Audit-trails-dashboard","version":1},"id":"ad8fb760-1a56-11ed-93c1-096eb1b59e0f","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"714b3fe0-1a56-11ed-93c1-096eb1b59e0f","name":"panel_0","type":"visualization"},{"id":"90a57640-1ae1-11ed-93c1-096eb1b59e0f","name":"panel_1","type":"visualization"},{"id":"92454390-1ae1-11ed-93c1-096eb1b59e0f","name":"panel_2","type":"visualization"},{"id":"aff2df40-1a57-11ed-93c1-096eb1b59e0f","name":"panel_3","type":"visualization"},{"id":"338918e0-1ae1-11ed-93c1-096eb1b59e0f","name":"panel_4","type":"visualization"},{"id":"756e1380-1ae3-11ed-93c1-096eb1b59e0f","name":"panel_5","type":"visualization"},{"id":"41af8bd0-1ae5-11ed-93c1-096eb1b59e0f","name":"panel_6","type":"visualization"},{"id":"80c5cb80-1ae6-11ed-93c1-096eb1b59e0f","name":"panel_7","type":"visualization"},{"id":"b8b6c760-1ae6-11ed-93c1-096eb1b59e0f","name":"panel_8","type":"visualization"},{"id":"b3b4ebd0-1bc1-11ed-93c1-096eb1b59e0f","name":"panel_9","type":"visualization"},{"id":"f3cb2bd0-1bc1-11ed-93c1-096eb1b59e0f","name":"panel_10","type":"visualization"},{"id":"7f192e10-1bc4-11ed-93c1-096eb1b59e0f","name":"panel_11","type":"visualization"},{"id":"b174b870-1bc4-11ed-93c1-096eb1b59e0f","name":"panel_12","type":"visualization"},{"id":"f0ec9590-1bc4-11ed-93c1-096eb1b59e0f","name":"panel_13","type":"visualization"},{"id":"1a4bb5b0-1bc5-11ed-93c1-096eb1b59e0f","name":"panel_14","type":"visualization"},{"id":"8d3680a0-1bc5-11ed-93c1-096eb1b59e0f","name":"panel_15","type":"visualization"},{"id":"597cb0b0-1bc3-11ed-93c1-096eb1b59e0f","name":"panel_16","type":"visualization"},{"id":"de0781c0-1bc3-11ed-93c1-096eb1b59e0f","name":"panel_17","type":"visualization"},{"id":"f1c302f0-1bc5-11ed-93c1-096eb1b59e0f","name":"panel_18","type":"visualization"},{"id":"2dbc1990-1bc6-11ed-93c1-096eb1b59e0f","name":"panel_19","type":"visualization"},{"id":"82bd6c00-1bc6-11ed-93c1-096eb1b59e0f","name":"panel_20","type":"visualization"},{"id":"1c81bda0-1bc7-11ed-93c1-096eb1b59e0f","name":"panel_21","type":"visualization"},{"id":"5be109b0-1bc7-11ed-93c1-096eb1b59e0f","name":"panel_22","type":"visualization"},{"id":"d83be840-1bc7-11ed-93c1-096eb1b59e0f","name":"panel_23","type":"visualization"},{"id":"0f828e70-e579-11eb-b941-f7bd9d79b315","name":"panel_24","type":"search"}],"type":"dashboard","updated_at":"2022-08-14T12:11:04.727Z","version":"WzEwNCwxXQ=="} {"exportedCount":27,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/update-opensearch-scheme/content-for-transfer/filters.ndjson ================================================ {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and (event.action: yandex.cloud.audit.network.CreateSecurityGroup or yandex.cloud.audit.network.UpdateSecurityGroup) and not user.name: mirtov8@yandex-team.ru kirill@yandex-team.ru"},"title":"Yandexcloud:VPC sec-group action from user not in list"},"id":"ae9a0ae0-92f0-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-21T08:31:36.083Z","version":"WzE5NTI4MywxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.storage.BucketAclUpdate and details.acl.grants.grant_type: \"ALL_USERS\""},"title":"Yandexcloud:ObjectStorage bacome public through ACL"},"id":"706b4c60-92ec-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-21T08:01:13.775Z","version":"WzE5NDM2NywxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.storage.BucketUpdate and (details.objects_access: true or details.settings_read_access: true or details.list_access: true)"},"title":"Yandexcloud:ObjectStorage become public"},"id":"e6e68680-92eb-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-21T07:57:23.057Z","version":"WzE5NDI2NywxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.kms.DeleteSymmetricKey"},"title":"Yandexcloud:KMS delete key"},"id":"dfa221f0-92ea-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-21T07:50:01.370Z","version":"WzE5Mzk1NCwxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and user.type: SERVICE_ACCOUNT and not source.ip: (\"51.250.0.0/17\" or \"31.44.8.0/21\" or \"62.84.112.0/20\" or \"84.201.128.0/18\" or \"84.252.128.0/20\" or \"130.193.32.0/19\" or \"178.154.192.0/18\" or \"178.170.222.0/24\" or \"185.206.164.0/22\" or \"193.32.216.0/22\" or \"217.28.224.0/20\") and source.ip: *"},"title":"Yandexcloud: IAM sa connect from outside of cloud"},"id":"bfdff200-930f-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-21T12:13:59.460Z","version":"WzIwMTg5MSwxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.compute.UpdateInstance or yandex.cloud.audit.compute.CreateInstance) and details.metadata_keys: secret key password pass token oauth aws_access_key_id and event.outcome : success"},"title":"Yandexcloud: Compute metadata key posible secret"},"id":"8ca32c30-930b-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-21T11:43:55.511Z","version":"WzIwMDkzMCwxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.outcome : success and event.action: (yandex.cloud.audit.compute.CreateInstance or yandex.cloud.audit.compute.UpdateInstance) and details.metadata_serial_port_enable: 1"},"title":"Yandexcloud:Create instance with Serialport"},"id":"Yandexcloud:Create instance with Serialport","references":[],"type":"query","updated_at":"2022-02-21T10:28:44.400Z","version":"WzE5ODY1NywxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.outcome : success and event.action: yandex.cloud.audit.compute.CreateInstance and not details.network_interfaces.security_group_ids: *"},"title":"Yandexcloud:Create instance without SG"},"id":"Yandexcloud:Create instance without SG","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzY1LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.CreateAddress and not details.external_ipv4_address.requirements.ddos_protection_provider: qrator"},"title":"Yandexcloud:Create public address without antiddos"},"id":"Yandexcloud:Create public address without antiddos","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzYzLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and error.message: Permission denied"},"title":"Yandexcloud: unauthorized events (permission denied)"},"id":"Yandexcloud: unauthorized events (permission denied)","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzYyLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateInstance and details.network_interfaces.primary_v4_address.one_to_one_nat.address: *"},"title":"Yandexcloud:Create instances with public IP"},"id":"Yandexcloud:Create instances with public IP","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzYwLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateInstance and details.network_interfaces.index: 1"},"title":"Yandexcloud:Create instances with 2 interfaces"},"id":"Yandexcloud:Create instances with 2 interfaces","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzU5LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and (event.action: yandex.cloud.audit.network.CreateSecurityGroup or yandex.cloud.audit.network.UpdateSecurityGroup) and details.rules.direction: INGRESS and details.rules.cidr_blocks.v4_cidr_blocks: *0.0.0.0*"},"title":"Yandexcloud:Create dangerous 0.0.0.0 ACL:SG"},"id":"Yandexcloud:Create dangerous 0.0.0.0 ACL:SG","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzU4LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.storage.BucketAclUpdate or yandex.cloud.audit.storage.BucketPolicyUpdate)"},"title":"Yandexcloud: Changes of S3 acl, policy"},"id":"Yandexcloud: Changes of S3 acl, policy","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzU2LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: admin"},"title":"Yandexcloud: Bind IAM Admin role to resources"},"id":"Yandexcloud: Bind IAM Admin role to resources","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzU1LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit. kms. *SymmetricKeyAccessBindings"},"title":"Yandexcloud: Bind access rights to KMS key"},"id":"Yandexcloud: Bind access rights to KMS key","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzU0LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and details.product_ids: *"},"title":"Yandexcloud: Create instance with marketplace image"},"id":"Yandexcloud: Create instance with marketplace image","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzUzLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.AddInstanceOneToOneNat"},"title":"Yandexcloud: Add public IP to VM"},"id":"Yandexcloud: Add public IP to VM","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzUyLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.*SecurityGroup "},"title":"Yandexcloud: Any create or update SG (security group)"},"id":"Yandexcloud: Any create or update SG (security group)","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzUxLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: vpc.publicAdmin"},"title":"Yandexcloud: Add access binding VPC_publicAdmin"},"id":"Yandexcloud: Add access binding VPC_publicAdmin","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzUwLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and user.name : fdsgs"},"title":"Yandexcloud: resource-manager.cloud.owner events"},"id":"Yandexcloud: resource-manager.cloud.owner events","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzQ5LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and (user_agent.original.keyword: *YC/* or user_agent.original.keyword: *Terraform*)"},"title":"Yandexcloud: Connect admins from YC, Terraform"},"id":"Yandexcloud: Connect admins from YC, Terraform","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzQ4LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.mdb.*.DeleteCluster"},"title":"Yandexcloud: MDB Delete Cluster"},"id":"20754ed0-8f05-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-16T08:47:52.386Z","version":"WzI3Nzg2LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.mdb.*.UpdateUser or yandex.cloud.audit.mdb.*.CreateUser or yandex.cloud.audit.mdb.*.CreateCluster or yandex.cloud.audit.mdb.*.UpdateCluster ) and source.ip : (\"2a00:1fa0:474:9876:4cac:6c43:12aa:2bd2\" or \"2a00:1fa0:474:9876:4cac:6c43:12aa:2bd1\" )"},"title":"Yandexcloud: MDB Admin tasks from not trusted ip"},"id":"b2fe8020-8f03-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-16T08:37:39.239Z","version":"WzI3NTMyLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.mdb.*.CreateCluster and not user.name : mirtov8@yandex-team.ru kirill@yandex-team.ru"},"title":"Yandexcloud: MDB Create cluster from not known admin"},"id":"e810ca40-8efc-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-16T07:55:30.387Z","version":"WzI2NTEyLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.mdb.*.UpdateUser or yandex.cloud.audit.mdb.*.CreateUser)"},"title":"Yandexcloud: MDB Create or Update user"},"id":"43c90e50-8efe-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-16T07:58:45.178Z","version":"WzI2NjMzLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.iam.CreateAccessKey or yandex.cloud.audit.iam.CreateKey or yandex.cloud.audit.iam.CreateApiKey)"},"title":"Yandexcloud:Creating of service-account's credentials (keys)"},"id":"Yandexcloud:Creating of service-account's credentials (keys)","references":[],"type":"query","updated_at":"2022-02-15T14:52:46.910Z","version":"Wzc0MjgsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and not event.action: yandex.cloud.audit.compute.CreateImage and cloud.image.source_uri: \"https://storage.yandexcloud.net/action-log-123\""},"title":"Yandexcloud: Create image from S3 uri"},"id":"Yandexcloud: Create image from S3 uri","references":[],"type":"query","updated_at":"2022-02-15T13:47:05.499Z","version":"WzYwNTEsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.lockbox.UpdateSecretAccessBindings"},"title":"Yandexcloud: Lockbox access bindings"},"id":"a18f3380-915f-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-19T08:40:46.013Z","version":"WzEyMjE1MSwxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.UpdateInstance and details.service_account_id: ajeg2ar8m8o25u63dj9f"},"title":"Yandexcloud:Lockbox assign sa on vm with perm"},"id":"2c9e1140-915f-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-19T08:37:29.817Z","version":"WzEyMjA3MSwxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.lockbox.GetPayload and not user.id: ajeg2ar8m8o25u63dj9f and details.secret_name: secret1"},"title":"Yandexcloud:Lockbox read secret not from target user"},"id":"506d3390-915e-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-19T08:31:20.398Z","version":"WzEyMTgwMSwxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.lockbox.GetPayload and not source.ip: (\"51.250.0.0/17\" or \"31.44.8.0/21\" or \"62.84.112.0/20\" or \"84.201.128.0/18\" or \"84.252.128.0/20\" or \"130.193.32.0/19\" or \"178.154.192.0/18\" or \"178.170.222.0/24\" or \"185.206.164.0/22\" or \"193.32.216.0/22\" or \"217.28.224.0/20\")"},"title":"Yandexcloud:Lockbox read secret not from cloud"},"id":"07515700-915d-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-19T08:24:31.577Z","version":"WzEyMTYyMCwxXQ=="} {"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":32,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/update-opensearch-scheme/content-for-transfer/monitor.json ================================================ { "size": 10, "query": { "bool": { "filter": [ { "range": { "@timestamp": { "from": "{{period_end}}||-1h", "to": "{{period_end}}", "include_lower": true, "include_upper": true, "format": "epoch_millis", "boost": 1 } } }, { "match_phrase": { "event.action": { "query": "yandex.cloud.audit.iam.CreateAccessKey", "slop": 0, "zero_terms_query": "NONE", "boost": 1 } } } ], "adjust_pure_negative": true, "boost": 1 } } } ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/update-opensearch-scheme/content-for-transfer/search.ndjson ================================================ {"attributes":{"columns":["cloud.cloud.name","cloud.folder.name","event.module","event.action","user.name","user.type","user.authorization","details.rules.cidr_blocks.v4_cidr_blocks","source.ip","user_agent.original","details.access_binding_deltas.access_binding.role_id","details.access_binding_deltas.access_binding.subject_name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["event_time","desc"]],"title":"Search:Yandexcloud: Yandexcloud: Interesting fields","version":1},"id":"0f828e70-e579-11eb-b941-f7bd9d79b315","references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2021-07-18T09:19:33.057Z","version":"WzE2NzYsMV0="} {"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and error.message: Permission denied\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["event_time","desc"]],"title":"unauthorized events","version":1},"id":"90405c70-e8af-11eb-a019-4ff3eff5953f","references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2021-07-19T16:37:10.206Z","version":"Wzc0MTQsMV0="} {"exportedCount":2,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/update-opensearch-scheme/content-for-transfer/trigger_action_example.json ================================================ Monitor {{ctx.monitor.name}} just entered alert status. Please investigate the issue. - Trigger: {{ctx.trigger.name}} - Severity: {{ctx.trigger.severity}} - Period start: {{ctx.periodStart}} - Period end: {{ctx.periodEnd}} - Action: {{ctx.results.0.hits.hits.0._source.event.action}} - Source ip : {{ctx.results.0.hits.hits.0._source.source.ip}} ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/update-opensearch-scheme/include/audit-trail/alert.json ================================================ { "name": "test", "type": "monitor", "monitor_type": "query_level_monitor", "enabled": true, "schedule": { "period": { "unit": "MINUTES", "interval": 1 } }, "inputs": [ { "search": { "indices": [ "audit-trails-index" ], "query": { "size": 0, "aggregations": {}, "query": { "bool": { "filter": [ { "range": { "@timestamp": { "gte": "{{period_end}}||-1h", "lte": "{{period_end}}", "format": "epoch_millis" } } }, { "match_phrase": { "event.action": "yandex.cloud.audit.iam.CreateAccessKey" } } ] } } } } } ], "triggers": [ { "query_level_trigger": { "id": "4-GknIIBRFYBrLZDkWVh", "name": "test", "severity": "1", "condition": { "script": { "source": "ctx.results[0].hits.total.value > 0", "lang": "painless" } } } } ] } ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/update-opensearch-scheme/include/audit-trail/dashboard.ndjson ================================================ {"attributes":{"fieldAttrs":"{\"cloud.cloud.id\":{\"count\":2},\"event.action\":{\"count\":4},\"cloud.cloud.name\":{\"count\":1},\"cloud.folder.name\":{\"count\":1},\"details.product_ids\":{\"count\":2},\"details.rules.cidr_blocks.v4_cidr_blocks\":{\"count\":1},\"event.id\":{\"count\":2},\"event.module\":{\"count\":3},\"event_time\":{\"count\":2},\"source.address\":{\"count\":2},\"source.ip\":{\"count\":2},\"user.authorization\":{\"count\":1},\"user.name\":{\"count\":1},\"user.type\":{\"count\":1},\"user_agent.original\":{\"count\":3},\"details.access_binding_deltas.access_binding.role_id\":{\"count\":1},\"details.access_binding_deltas.access_binding.subject_name\":{\"count\":1}}","fields":"[{\"count\":0,\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_type\",\"type\":\"string\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.cloud.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.cloud.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.cloud.id\"}}},{\"count\":0,\"name\":\"cloud.cloud.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.cloud.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.cloud.name\"}}},{\"count\":0,\"name\":\"cloud.folder.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.folder.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.folder.id\"}}},{\"count\":0,\"name\":\"cloud.folder.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.folder.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.folder.name\"}}},{\"count\":0,\"name\":\"cloud.image.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.image.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.image.id\"}}},{\"count\":0,\"name\":\"cloud.image.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.image.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.image.name\"}}},{\"count\":0,\"name\":\"cloud.image.source_uri\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.image.source_uri.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.image.source_uri\"}}},{\"count\":0,\"name\":\"cloud.instance.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.instance.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.instance.id\"}}},{\"count\":0,\"name\":\"cloud.instance.market_image\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.instance.market_image.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.instance.market_image\"}}},{\"count\":0,\"name\":\"cloud.instance.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.instance.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.instance.name\"}}},{\"count\":0,\"name\":\"cloud.machine.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.machine.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.machine.type\"}}},{\"count\":0,\"name\":\"cloud.org.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.org.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.org.id\"}}},{\"count\":0,\"name\":\"cloud.org.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.org.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.org.name\"}}},{\"count\":0,\"name\":\"cloud.provider\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.provider.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.provider\"}}},{\"count\":0,\"name\":\"cloud.service.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.service.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.service.name\"}}},{\"count\":0,\"name\":\"details.access_binding_deltas.access_binding.role_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.access_binding_deltas.access_binding.role_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.access_binding_deltas.access_binding.role_id\"}}},{\"count\":0,\"name\":\"details.access_binding_deltas.access_binding.subject_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.access_binding_deltas.access_binding.subject_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.access_binding_deltas.access_binding.subject_id\"}}},{\"count\":0,\"name\":\"details.access_binding_deltas.access_binding.subject_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.access_binding_deltas.access_binding.subject_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.access_binding_deltas.access_binding.subject_name\"}}},{\"count\":0,\"name\":\"details.access_binding_deltas.access_binding.subject_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.access_binding_deltas.access_binding.subject_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.access_binding_deltas.access_binding.subject_type\"}}},{\"count\":0,\"name\":\"details.access_binding_deltas.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.access_binding_deltas.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.access_binding_deltas.action\"}}},{\"count\":0,\"name\":\"details.access_key_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.access_key_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.access_key_id\"}}},{\"count\":0,\"name\":\"details.acl.grants.grant_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.acl.grants.grant_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.acl.grants.grant_type\"}}},{\"count\":0,\"name\":\"details.acl.grants.permission\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.acl.grants.permission.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.acl.grants.permission\"}}},{\"count\":0,\"name\":\"details.acl.grants.subject_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.acl.grants.subject_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.acl.grants.subject_id\"}}},{\"count\":0,\"name\":\"details.acl.grants.subject_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.acl.grants.subject_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.acl.grants.subject_name\"}}},{\"count\":0,\"name\":\"details.acl.grants.subject_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.acl.grants.subject_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.acl.grants.subject_type\"}}},{\"count\":0,\"name\":\"details.allocation_policy.zones.zone_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.allocation_policy.zones.zone_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.allocation_policy.zones.zone_id\"}}},{\"count\":0,\"name\":\"details.api_key_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.api_key_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.api_key_id\"}}},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.healthy_threshold\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.healthy_threshold.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.attached_target_groups.health_checks.healthy_threshold\"}}},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.http_options.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.http_options.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.attached_target_groups.health_checks.http_options.path\"}}},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.http_options.port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.http_options.port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.attached_target_groups.health_checks.http_options.port\"}}},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.interval\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.interval.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.attached_target_groups.health_checks.interval\"}}},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.attached_target_groups.health_checks.name\"}}},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.timeout\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.timeout.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.attached_target_groups.health_checks.timeout\"}}},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.unhealthy_threshold\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.unhealthy_threshold.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.attached_target_groups.health_checks.unhealthy_threshold\"}}},{\"count\":0,\"name\":\"details.attached_target_groups.target_group_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.attached_target_groups.target_group_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.attached_target_groups.target_group_id\"}}},{\"count\":0,\"name\":\"details.backup_config.backup_settings.backup_schedule.daily_backup_schedule.execute_time.hours\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.backup_config.backup_settings.backup_schedule.next_execute_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.backup_config.backup_settings.backup_time_to_live\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.backup_config.backup_settings.backup_time_to_live.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.backup_config.backup_settings.backup_time_to_live\"}}},{\"count\":0,\"name\":\"details.backup_config.backup_settings.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.backup_config.backup_settings.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.backup_config.backup_settings.name\"}}},{\"count\":0,\"name\":\"details.backup_config.backup_settings.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.backup_config.backup_settings.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.backup_config.backup_settings.type\"}}},{\"count\":0,\"name\":\"details.backup_settings.backup_schedule.daily_backup_schedule.execute_time.hours\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.backup_settings.backup_schedule.next_execute_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.backup_settings.backup_time_to_live\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.backup_settings.backup_time_to_live.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.backup_settings.backup_time_to_live\"}}},{\"count\":0,\"name\":\"details.backup_settings.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.backup_settings.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.backup_settings.name\"}}},{\"count\":0,\"name\":\"details.backup_settings.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.backup_settings.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.backup_settings.type\"}}},{\"count\":0,\"name\":\"details.block_size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.block_size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.block_size\"}}},{\"count\":0,\"name\":\"details.boot_disk.auto_delete\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.boot_disk.device_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.boot_disk.device_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.boot_disk.device_name\"}}},{\"count\":0,\"name\":\"details.boot_disk.disk_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.boot_disk.disk_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.boot_disk.disk_id\"}}},{\"count\":0,\"name\":\"details.boot_disk.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.boot_disk.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.boot_disk.mode\"}}},{\"count\":0,\"name\":\"details.boot_disk_spec.auto_delete\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.boot_disk_spec.disk_spec.image_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.boot_disk_spec.disk_spec.image_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.boot_disk_spec.disk_spec.image_id\"}}},{\"count\":0,\"name\":\"details.boot_disk_spec.disk_spec.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.boot_disk_spec.disk_spec.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.boot_disk_spec.disk_spec.size\"}}},{\"count\":0,\"name\":\"details.boot_disk_spec.disk_spec.type_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.boot_disk_spec.disk_spec.type_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.boot_disk_spec.disk_spec.type_id\"}}},{\"count\":0,\"name\":\"details.boot_disk_spec.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.boot_disk_spec.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.boot_disk_spec.mode\"}}},{\"count\":0,\"name\":\"details.certificate_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.certificate_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.certificate_id\"}}},{\"count\":0,\"name\":\"details.certificate_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.certificate_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.certificate_name\"}}},{\"count\":0,\"name\":\"details.certificate_status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.certificate_status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.certificate_status\"}}},{\"count\":0,\"name\":\"details.cluster_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.cluster_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.cluster_id\"}}},{\"count\":0,\"name\":\"details.completed_at\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.compute_status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.compute_status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.compute_status\"}}},{\"count\":0,\"name\":\"details.connection_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.connection_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.connection_id\"}}},{\"count\":0,\"name\":\"details.created_at\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.database_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.database_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.database_id\"}}},{\"count\":0,\"name\":\"details.database_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.database_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.database_name\"}}},{\"count\":0,\"name\":\"details.default_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.default_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.default_algorithm\"}}},{\"count\":0,\"name\":\"details.default_for_network\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.deploy_policy.max_expansion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.deploy_policy.max_expansion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.deploy_policy.max_expansion\"}}},{\"count\":0,\"name\":\"details.deploy_policy.strategy\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.deploy_policy.strategy.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.deploy_policy.strategy\"}}},{\"count\":0,\"name\":\"details.destination.data_stream.database_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.destination.data_stream.database_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.destination.data_stream.database_id\"}}},{\"count\":0,\"name\":\"details.destination.data_stream.stream_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.destination.data_stream.stream_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.destination.data_stream.stream_name\"}}},{\"count\":0,\"name\":\"details.disk_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.disk_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.disk_id\"}}},{\"count\":0,\"name\":\"details.disk_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.disk_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.disk_name\"}}},{\"count\":0,\"name\":\"details.document_api_endpoint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.document_api_endpoint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.document_api_endpoint\"}}},{\"count\":0,\"name\":\"details.domains\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.domains.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.domains\"}}},{\"count\":0,\"name\":\"details.endpoint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.endpoint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.endpoint\"}}},{\"count\":0,\"name\":\"details.execute_mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.execute_mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.execute_mode\"}}},{\"count\":0,\"name\":\"details.folder_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.folder_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.folder_id\"}}},{\"count\":0,\"name\":\"details.folder_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.folder_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.folder_name\"}}},{\"count\":0,\"name\":\"details.fqdn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.fqdn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.fqdn\"}}},{\"count\":0,\"name\":\"details.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.hostname\"}}},{\"count\":0,\"name\":\"details.instance_group_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_group_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_group_id\"}}},{\"count\":0,\"name\":\"details.instance_group_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_group_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_group_name\"}}},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.disk_spec.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.disk_spec.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.boot_disk_spec.disk_spec.description\"}}},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.disk_spec.image_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.disk_spec.image_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.boot_disk_spec.disk_spec.image_id\"}}},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.disk_spec.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.disk_spec.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.boot_disk_spec.disk_spec.size\"}}},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.disk_spec.type_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.disk_spec.type_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.boot_disk_spec.disk_spec.type_id\"}}},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.boot_disk_spec.mode\"}}},{\"count\":0,\"name\":\"details.instance_template.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.description\"}}},{\"count\":0,\"name\":\"details.instance_template.labels.managed-kubernetes-cluster-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.labels.managed-kubernetes-cluster-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.labels.managed-kubernetes-cluster-id\"}}},{\"count\":0,\"name\":\"details.instance_template.labels.managed-kubernetes-node-group-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.labels.managed-kubernetes-node-group-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.labels.managed-kubernetes-node-group-id\"}}},{\"count\":0,\"name\":\"details.instance_template.metadata.etc-kubernetes-bootstrap-kubeconfig-conf\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.metadata.etc-kubernetes-bootstrap-kubeconfig-conf.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.metadata.etc-kubernetes-bootstrap-kubeconfig-conf\"}}},{\"count\":0,\"name\":\"details.instance_template.metadata.etc-kubernetes-pki-ca-crt\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.metadata.etc-kubernetes-pki-ca-crt.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.metadata.etc-kubernetes-pki-ca-crt\"}}},{\"count\":0,\"name\":\"details.instance_template.metadata.internal-metadata-live-update-keys\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.metadata.internal-metadata-live-update-keys.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.metadata.internal-metadata-live-update-keys\"}}},{\"count\":0,\"name\":\"details.instance_template.metadata.k8s-runtime-bootstrap-yaml\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.metadata.k8s-runtime-bootstrap-yaml.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.metadata.k8s-runtime-bootstrap-yaml\"}}},{\"count\":0,\"name\":\"details.instance_template.metadata.kubelet_secondary_env_options_file\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.metadata.kubelet_secondary_env_options_file.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.metadata.kubelet_secondary_env_options_file\"}}},{\"count\":0,\"name\":\"details.instance_template.metadata.ssh-keys\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.metadata.ssh-keys.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.metadata.ssh-keys\"}}},{\"count\":0,\"name\":\"details.instance_template.metadata.user-data\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.metadata.user-data.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.metadata.user-data\"}}},{\"count\":0,\"name\":\"details.instance_template.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version\"}}},{\"count\":0,\"name\":\"details.instance_template.network_interface_specs.subnet_ids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.network_interface_specs.subnet_ids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.network_interface_specs.subnet_ids\"}}},{\"count\":0,\"name\":\"details.instance_template.network_settings.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.network_settings.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.network_settings.type\"}}},{\"count\":0,\"name\":\"details.instance_template.platform_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.platform_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.platform_id\"}}},{\"count\":0,\"name\":\"details.instance_template.resources_spec.core_fraction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.resources_spec.core_fraction.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.resources_spec.core_fraction\"}}},{\"count\":0,\"name\":\"details.instance_template.resources_spec.cores\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.resources_spec.cores.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.resources_spec.cores\"}}},{\"count\":0,\"name\":\"details.instance_template.resources_spec.memory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.resources_spec.memory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.resources_spec.memory\"}}},{\"count\":0,\"name\":\"details.instance_template.service_account_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.service_account_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.service_account_id\"}}},{\"count\":0,\"name\":\"details.issued_at\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.key_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.key_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.key_id\"}}},{\"count\":0,\"name\":\"details.key_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.key_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.key_name\"}}},{\"count\":0,\"name\":\"details.key_status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.key_status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.key_status\"}}},{\"count\":0,\"name\":\"details.list_access\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.list_access.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.list_access\"}}},{\"count\":0,\"name\":\"details.listeners.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.listeners.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.listeners.address\"}}},{\"count\":0,\"name\":\"details.listeners.ip_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.listeners.ip_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.listeners.ip_version\"}}},{\"count\":0,\"name\":\"details.listeners.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.listeners.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.listeners.name\"}}},{\"count\":0,\"name\":\"details.listeners.port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.listeners.port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.listeners.port\"}}},{\"count\":0,\"name\":\"details.listeners.protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.listeners.protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.listeners.protocol\"}}},{\"count\":0,\"name\":\"details.listeners.target_port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.listeners.target_port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.listeners.target_port\"}}},{\"count\":0,\"name\":\"details.location_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.location_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.location_id\"}}},{\"count\":0,\"name\":\"details.max_size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.max_size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.max_size\"}}},{\"count\":0,\"name\":\"details.metadata_keys\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.metadata_keys.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.metadata_keys\"}}},{\"count\":0,\"name\":\"details.metadata_serial_port_enable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.metadata_serial_port_enable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.metadata_serial_port_enable\"}}},{\"count\":0,\"name\":\"details.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.name\"}}},{\"count\":0,\"name\":\"details.network_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_id\"}}},{\"count\":0,\"name\":\"details.network_interface_index\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interface_index.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interface_index\"}}},{\"count\":0,\"name\":\"details.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.address\"}}},{\"count\":0,\"name\":\"details.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version\"}}},{\"count\":0,\"name\":\"details.network_interface_specs.security_group_ids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interface_specs.security_group_ids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interface_specs.security_group_ids\"}}},{\"count\":0,\"name\":\"details.network_interface_specs.subnet_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interface_specs.subnet_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interface_specs.subnet_id\"}}},{\"count\":0,\"name\":\"details.network_interfaces.index\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interfaces.index.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interfaces.index\"}}},{\"count\":0,\"name\":\"details.network_interfaces.mac_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interfaces.mac_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interfaces.mac_address\"}}},{\"count\":0,\"name\":\"details.network_interfaces.primary_v4_address.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interfaces.primary_v4_address.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interfaces.primary_v4_address.address\"}}},{\"count\":0,\"name\":\"details.network_interfaces.primary_v4_address.one_to_one_nat.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interfaces.primary_v4_address.one_to_one_nat.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interfaces.primary_v4_address.one_to_one_nat.address\"}}},{\"count\":0,\"name\":\"details.network_interfaces.primary_v4_address.one_to_one_nat.ip_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interfaces.primary_v4_address.one_to_one_nat.ip_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interfaces.primary_v4_address.one_to_one_nat.ip_version\"}}},{\"count\":0,\"name\":\"details.network_interfaces.security_group_ids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interfaces.security_group_ids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interfaces.security_group_ids\"}}},{\"count\":0,\"name\":\"details.network_interfaces.subnet_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interfaces.subnet_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interfaces.subnet_id\"}}},{\"count\":0,\"name\":\"details.network_load_balancer_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_load_balancer_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_load_balancer_id\"}}},{\"count\":0,\"name\":\"details.network_load_balancer_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_load_balancer_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_load_balancer_name\"}}},{\"count\":0,\"name\":\"details.network_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_name\"}}},{\"count\":0,\"name\":\"details.network_settings.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_settings.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_settings.type\"}}},{\"count\":0,\"name\":\"details.not_after\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.not_before\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.objects_access\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.objects_access.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.objects_access\"}}},{\"count\":0,\"name\":\"details.one_to_one_nat_spec.ip_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.one_to_one_nat_spec.ip_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.one_to_one_nat_spec.ip_version\"}}},{\"count\":0,\"name\":\"details.os.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.os.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.os.type\"}}},{\"count\":0,\"name\":\"details.path_filter.root.any_filter.resource.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.path_filter.root.any_filter.resource.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.path_filter.root.any_filter.resource.id\"}}},{\"count\":0,\"name\":\"details.path_filter.root.any_filter.resource.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.path_filter.root.any_filter.resource.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.path_filter.root.any_filter.resource.type\"}}},{\"count\":0,\"name\":\"details.primary_version_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.primary_version_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.primary_version_algorithm\"}}},{\"count\":0,\"name\":\"details.primary_version_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.primary_version_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.primary_version_id\"}}},{\"count\":0,\"name\":\"details.primary_version_status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.primary_version_status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.primary_version_status\"}}},{\"count\":0,\"name\":\"details.product_ids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.product_ids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.product_ids\"}}},{\"count\":0,\"name\":\"details.query_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.query_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.query_id\"}}},{\"count\":0,\"name\":\"details.region_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.region_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.region_id\"}}},{\"count\":0,\"name\":\"details.resources.core_fraction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.resources.core_fraction.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.resources.core_fraction\"}}},{\"count\":0,\"name\":\"details.resources.cores\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.resources.cores.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.resources.cores\"}}},{\"count\":0,\"name\":\"details.resources.memory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.resources.memory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.resources.memory\"}}},{\"count\":0,\"name\":\"details.resources_spec.core_fraction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.resources_spec.core_fraction.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.resources_spec.core_fraction\"}}},{\"count\":0,\"name\":\"details.resources_spec.cores\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.resources_spec.cores.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.resources_spec.cores\"}}},{\"count\":0,\"name\":\"details.resources_spec.memory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.resources_spec.memory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.resources_spec.memory\"}}},{\"count\":0,\"name\":\"details.route_table_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.route_table_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.route_table_id\"}}},{\"count\":0,\"name\":\"details.rule\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rule.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rule\"}}},{\"count\":0,\"name\":\"details.rules.cidr_blocks.v4_cidr_blocks\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.cidr_blocks.v4_cidr_blocks.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.cidr_blocks.v4_cidr_blocks\"}}},{\"count\":0,\"name\":\"details.rules.cidr_blocks.v6_cidr_blocks\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.cidr_blocks.v6_cidr_blocks.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.cidr_blocks.v6_cidr_blocks\"}}},{\"count\":0,\"name\":\"details.rules.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.description\"}}},{\"count\":0,\"name\":\"details.rules.direction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.direction.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.direction\"}}},{\"count\":0,\"name\":\"details.rules.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.id\"}}},{\"count\":0,\"name\":\"details.rules.ports.from_port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.ports.from_port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.ports.from_port\"}}},{\"count\":0,\"name\":\"details.rules.ports.to_port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.ports.to_port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.ports.to_port\"}}},{\"count\":0,\"name\":\"details.rules.predefined_target\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.predefined_target.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.predefined_target\"}}},{\"count\":0,\"name\":\"details.rules.protocol_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.protocol_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.protocol_name\"}}},{\"count\":0,\"name\":\"details.rules.protocol_number\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.protocol_number.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.protocol_number\"}}},{\"count\":0,\"name\":\"details.scale_policy.fixed_scale.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.scale_policy.fixed_scale.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.scale_policy.fixed_scale.size\"}}},{\"count\":0,\"name\":\"details.secondary_disk_specs.auto_delete\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disk_specs.disk_id\"}}},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_spec.block_size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_spec.block_size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disk_specs.disk_spec.block_size\"}}},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_spec.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_spec.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disk_specs.disk_spec.name\"}}},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_spec.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_spec.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disk_specs.disk_spec.size\"}}},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_spec.type_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_spec.type_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disk_specs.disk_spec.type_id\"}}},{\"count\":0,\"name\":\"details.secondary_disk_specs.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disk_specs.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disk_specs.mode\"}}},{\"count\":0,\"name\":\"details.secondary_disks.auto_delete\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.secondary_disks.device_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disks.device_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disks.device_name\"}}},{\"count\":0,\"name\":\"details.secondary_disks.disk_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disks.disk_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disks.disk_id\"}}},{\"count\":0,\"name\":\"details.secondary_disks.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disks.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disks.mode\"}}},{\"count\":0,\"name\":\"details.security_group_ids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.security_group_ids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.security_group_ids\"}}},{\"count\":0,\"name\":\"details.security_group_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.security_group_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.security_group_name\"}}},{\"count\":0,\"name\":\"details.serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.serial\"}}},{\"count\":0,\"name\":\"details.serverless_database.enable_throttling_rcu_limit\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.serverless_database.storage_size_limit\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.serverless_database.storage_size_limit.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.serverless_database.storage_size_limit\"}}},{\"count\":0,\"name\":\"details.serverless_database.throttling_rcu_limit\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.serverless_database.throttling_rcu_limit.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.serverless_database.throttling_rcu_limit\"}}},{\"count\":0,\"name\":\"details.service_account_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.service_account_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.service_account_id\"}}},{\"count\":1,\"name\":\"details.service_account_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.service_account_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.service_account_name\"}}},{\"count\":0,\"name\":\"details.settings_read_access\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.settings_read_access.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.settings_read_access\"}}},{\"count\":0,\"name\":\"details.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.size\"}}},{\"count\":0,\"name\":\"details.snapshot_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.snapshot_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.snapshot_id\"}}},{\"count\":0,\"name\":\"details.snapshot_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.snapshot_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.snapshot_name\"}}},{\"count\":0,\"name\":\"details.source_image_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.source_image_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.source_image_id\"}}},{\"count\":0,\"name\":\"details.started_at\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.static_routes.destination_prefix\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.static_routes.destination_prefix.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.static_routes.destination_prefix\"}}},{\"count\":0,\"name\":\"details.static_routes.labels.ClusterId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.static_routes.labels.ClusterId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.static_routes.labels.ClusterId\"}}},{\"count\":0,\"name\":\"details.static_routes.labels.NodeName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.static_routes.labels.NodeName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.static_routes.labels.NodeName\"}}},{\"count\":0,\"name\":\"details.static_routes.next_hop_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.static_routes.next_hop_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.static_routes.next_hop_address\"}}},{\"count\":0,\"name\":\"details.status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.status\"}}},{\"count\":0,\"name\":\"details.storage_class\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.storage_class.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.storage_class\"}}},{\"count\":0,\"name\":\"details.subnet_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.subnet_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.subnet_id\"}}},{\"count\":0,\"name\":\"details.subnet_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.subnet_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.subnet_name\"}}},{\"count\":0,\"name\":\"details.target_group_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.target_group_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.target_group_id\"}}},{\"count\":0,\"name\":\"details.target_group_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.target_group_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.target_group_name\"}}},{\"count\":0,\"name\":\"details.targets.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.targets.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.targets.address\"}}},{\"count\":0,\"name\":\"details.targets.subnet_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.targets.subnet_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.targets.subnet_id\"}}},{\"count\":0,\"name\":\"details.text_length\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.text_length.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.text_length\"}}},{\"count\":0,\"name\":\"details.trail_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.trail_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.trail_id\"}}},{\"count\":0,\"name\":\"details.trail_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.trail_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.trail_name\"}}},{\"count\":0,\"name\":\"details.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.type\"}}},{\"count\":0,\"name\":\"details.type_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.type_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.type_id\"}}},{\"count\":0,\"name\":\"details.update_mask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.update_mask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.update_mask\"}}},{\"count\":0,\"name\":\"details.user_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.user_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.user_name\"}}},{\"count\":0,\"name\":\"details.v4_cidr_blocks\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.v4_cidr_blocks.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.v4_cidr_blocks\"}}},{\"count\":0,\"name\":\"details.visibility\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.visibility.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.visibility\"}}},{\"count\":0,\"name\":\"details.zone_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.zone_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.zone_id\"}}},{\"count\":0,\"name\":\"error.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"error.details.@type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"error.details.@type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"error.details.@type\"}}},{\"count\":0,\"name\":\"error.details.locale\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"error.details.locale.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"error.details.locale\"}}},{\"count\":0,\"name\":\"error.details.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"error.details.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"error.details.message\"}}},{\"count\":0,\"name\":\"error.details.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"error.details.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"error.details.type\"}}},{\"count\":0,\"name\":\"error.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"error.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"error.message\"}}},{\"count\":0,\"name\":\"event.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.action\"}}},{\"count\":0,\"name\":\"event.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.category\"}}},{\"count\":0,\"name\":\"event.dataset\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.dataset.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.dataset\"}}},{\"count\":0,\"name\":\"event.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.id\"}}},{\"count\":0,\"name\":\"event.kind\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.kind.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.kind\"}}},{\"count\":0,\"name\":\"event.module\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.module.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.module\"}}},{\"count\":0,\"name\":\"event.outcome\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.outcome.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.outcome\"}}},{\"count\":0,\"name\":\"event.status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.status\"}}},{\"count\":0,\"name\":\"event_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geoip.continent_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"geoip.continent_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"geoip.continent_name\"}}},{\"count\":0,\"name\":\"geoip.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"geoip.country_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"geoip.country_iso_code\"}}},{\"count\":0,\"name\":\"geoip.country_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"geoip.country_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"geoip.country_name\"}}},{\"count\":0,\"name\":\"geoip.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"object_storage.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"object_storage.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"object_storage.id\"}}},{\"count\":0,\"name\":\"request_metadata.remote_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_metadata.remote_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_metadata.remote_address\"}}},{\"count\":0,\"name\":\"request_metadata.request_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_metadata.request_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_metadata.request_id\"}}},{\"count\":0,\"name\":\"request_parameters.access_binding_deltas.access_binding.role_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.access_binding_deltas.access_binding.role_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.access_binding_deltas.access_binding.role_id\"}}},{\"count\":0,\"name\":\"request_parameters.access_binding_deltas.access_binding.subject.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.access_binding_deltas.access_binding.subject.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.access_binding_deltas.access_binding.subject.id\"}}},{\"count\":0,\"name\":\"request_parameters.access_binding_deltas.access_binding.subject.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.access_binding_deltas.access_binding.subject.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.access_binding_deltas.access_binding.subject.type\"}}},{\"count\":0,\"name\":\"request_parameters.access_binding_deltas.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.access_binding_deltas.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.access_binding_deltas.action\"}}},{\"count\":0,\"name\":\"request_parameters.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.action\"}}},{\"count\":0,\"name\":\"request_parameters.backup_config.backup_settings.backup_schedule.daily_backup_schedule.execute_time.hours\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"request_parameters.backup_config.backup_settings.backup_time_to_live\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.backup_config.backup_settings.backup_time_to_live.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.backup_config.backup_settings.backup_time_to_live\"}}},{\"count\":0,\"name\":\"request_parameters.backup_config.backup_settings.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.backup_config.backup_settings.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.backup_config.backup_settings.name\"}}},{\"count\":0,\"name\":\"request_parameters.backup_config.backup_settings.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.backup_config.backup_settings.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.backup_config.backup_settings.type\"}}},{\"count\":0,\"name\":\"request_parameters.backup_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.backup_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.backup_id\"}}},{\"count\":0,\"name\":\"request_parameters.certificate_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.certificate_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.certificate_id\"}}},{\"count\":0,\"name\":\"request_parameters.cluster_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.cluster_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.cluster_id\"}}},{\"count\":0,\"name\":\"request_parameters.config_spec.autofailover\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"request_parameters.config_spec.backup_retain_period_days\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.config_spec.backup_retain_period_days.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.config_spec.backup_retain_period_days\"}}},{\"count\":0,\"name\":\"request_parameters.config_spec.performance_diagnostics.sessions_sampling_interval\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.config_spec.performance_diagnostics.sessions_sampling_interval.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.config_spec.performance_diagnostics.sessions_sampling_interval\"}}},{\"count\":0,\"name\":\"request_parameters.config_spec.performance_diagnostics.statements_sampling_interval\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.config_spec.performance_diagnostics.statements_sampling_interval.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.config_spec.performance_diagnostics.statements_sampling_interval\"}}},{\"count\":0,\"name\":\"request_parameters.config_spec.resources.disk_size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.config_spec.resources.disk_size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.config_spec.resources.disk_size\"}}},{\"count\":0,\"name\":\"request_parameters.config_spec.resources.disk_type_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.config_spec.resources.disk_type_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.config_spec.resources.disk_type_id\"}}},{\"count\":0,\"name\":\"request_parameters.config_spec.resources.resource_preset_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.config_spec.resources.resource_preset_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.config_spec.resources.resource_preset_id\"}}},{\"count\":0,\"name\":\"request_parameters.config_spec.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.config_spec.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.config_spec.version\"}}},{\"count\":0,\"name\":\"request_parameters.database_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.database_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.database_id\"}}},{\"count\":0,\"name\":\"request_parameters.database_specs.lc_collate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.database_specs.lc_collate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.database_specs.lc_collate\"}}},{\"count\":0,\"name\":\"request_parameters.database_specs.lc_ctype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.database_specs.lc_ctype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.database_specs.lc_ctype\"}}},{\"count\":0,\"name\":\"request_parameters.database_specs.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.database_specs.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.database_specs.name\"}}},{\"count\":0,\"name\":\"request_parameters.database_specs.owner\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.database_specs.owner.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.database_specs.owner\"}}},{\"count\":0,\"name\":\"request_parameters.default_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.default_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.default_algorithm\"}}},{\"count\":0,\"name\":\"request_parameters.environment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.environment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.environment\"}}},{\"count\":0,\"name\":\"request_parameters.execute_mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.execute_mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.execute_mode\"}}},{\"count\":0,\"name\":\"request_parameters.folder_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.folder_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.folder_id\"}}},{\"count\":0,\"name\":\"request_parameters.host_specs.priority\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.host_specs.priority.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.host_specs.priority\"}}},{\"count\":0,\"name\":\"request_parameters.host_specs.subnet_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.host_specs.subnet_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.host_specs.subnet_id\"}}},{\"count\":0,\"name\":\"request_parameters.host_specs.zone_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.host_specs.zone_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.host_specs.zone_id\"}}},{\"count\":0,\"name\":\"request_parameters.key_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.key_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.key_id\"}}},{\"count\":0,\"name\":\"request_parameters.location_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.location_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.location_id\"}}},{\"count\":0,\"name\":\"request_parameters.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.name\"}}},{\"count\":0,\"name\":\"request_parameters.network_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.network_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.network_id\"}}},{\"count\":0,\"name\":\"request_parameters.query_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.query_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.query_id\"}}},{\"count\":0,\"name\":\"request_parameters.serverless_database.enable_throttling_rcu_limit\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"request_parameters.serverless_database.storage_size_limit\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.serverless_database.storage_size_limit.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.serverless_database.storage_size_limit\"}}},{\"count\":0,\"name\":\"request_parameters.serverless_database.throttling_rcu_limit\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.serverless_database.throttling_rcu_limit.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.serverless_database.throttling_rcu_limit\"}}},{\"count\":0,\"name\":\"request_parameters.state_load_mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.state_load_mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.state_load_mode\"}}},{\"count\":0,\"name\":\"request_parameters.text_length\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.text_length.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.text_length\"}}},{\"count\":0,\"name\":\"request_parameters.trail_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.trail_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.trail_id\"}}},{\"count\":0,\"name\":\"request_parameters.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.type\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.allocation_policy.zones.zone_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.allocation_policy.zones.zone_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.allocation_policy.zones.zone_id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.deploy_policy.max_expansion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.deploy_policy.max_expansion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.deploy_policy.max_expansion\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_group_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_group_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_group_id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.description\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.image_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.image_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.image_id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.size\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.type_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.type_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.type_id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.mode\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.description\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.labels.managed-kubernetes-cluster-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.labels.managed-kubernetes-cluster-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.labels.managed-kubernetes-cluster-id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.labels.managed-kubernetes-node-group-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.labels.managed-kubernetes-node-group-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.labels.managed-kubernetes-node-group-id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.metadata\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.metadata.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.metadata\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.network_interface_specs.subnet_ids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.network_interface_specs.subnet_ids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.network_interface_specs.subnet_ids\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.platform_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.platform_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.platform_id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.resources_spec.core_fraction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.resources_spec.core_fraction.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.resources_spec.core_fraction\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.resources_spec.cores\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.resources_spec.cores.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.resources_spec.cores\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.resources_spec.memory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.resources_spec.memory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.resources_spec.memory\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.service_account_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.service_account_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.service_account_id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.scale_policy.fixed_scale.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.scale_policy.fixed_scale.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.scale_policy.fixed_scale.size\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.service_account_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.service_account_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.service_account_id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.update_mask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.update_mask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.update_mask\"}}},{\"count\":0,\"name\":\"request_parameters.user_specs.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.user_specs.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.user_specs.name\"}}},{\"count\":0,\"name\":\"request_parameters.visibility\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.visibility.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.visibility\"}}},{\"count\":0,\"name\":\"resource_metadata.path.resource_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"resource_metadata.path.resource_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"resource_metadata.path.resource_id\"}}},{\"count\":0,\"name\":\"resource_metadata.path.resource_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"resource_metadata.path.resource_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"resource_metadata.path.resource_name\"}}},{\"count\":0,\"name\":\"resource_metadata.path.resource_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"resource_metadata.path.resource_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"resource_metadata.path.resource_type\"}}},{\"count\":0,\"name\":\"response.operation_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"response.operation_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"response.operation_id\"}}},{\"count\":0,\"name\":\"security_group.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"security_group.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"security_group.id\"}}},{\"count\":0,\"name\":\"source.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"source.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.address\"}}},{\"count\":4,\"name\":\"source.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"user.authenticated\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"user.authorization\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"user.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"user.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.id\"}}},{\"count\":0,\"name\":\"user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.name\"}}},{\"count\":0,\"name\":\"user.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"user.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.type\"}}},{\"count\":0,\"name\":\"user_agent.original\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"user_agent.original.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user_agent.original\"}}}]","runtimeFieldMap":"{}","timeFieldName":"event_time","title":"audit-trails-*"},"id":"33978670-e543-11eb-b941-f7bd9d79b315","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2022-08-14T13:06:23.156Z","version":"WzEwNSwxXQ=="} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"folder-filter","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"folder-filter\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1660319376465\",\"fieldName\":\"cloud.folder.name.keyword\",\"parent\":\"\",\"label\":\"Folder-filter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}"},"id":"714b3fe0-1a56-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-12T15:50:08.861Z","version":"WzQ5LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"folder-filter (copy)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"folder-filter (copy)\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1660319376465\",\"fieldName\":\"cloud.cloud.name.keyword\",\"parent\":\"\",\"label\":\"Cloud-filter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}"},"id":"90a57640-1ae1-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-13T08:26:46.386Z","version":"WzYxLDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"folder-filter (copy 1)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"folder-filter (copy 1)\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1660319376465\",\"fieldName\":\"cloud.org.name.keyword\",\"parent\":\"\",\"label\":\"Org-filter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}"},"id":"92454390-1ae1-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-13T08:33:23.598Z","version":"WzY0LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Types of events","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Types of events\",\"type\":\"horizontal_bar\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"aff2df40-1a57-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-12T15:59:31.726Z","version":"WzUyLDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Events","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Events\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.module.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":15,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}}}"},"id":"338918e0-1ae1-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-13T08:23:25.293Z","version":"WzU2LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"User types","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"User types\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"user.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"group\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"event_time\",\"timeRange\":{\"from\":\"now-15d\",\"to\":\"now\"},\"useNormalizedOpenSearchInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"756e1380-1ae3-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-13T08:39:34.839Z","version":"WzY2LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Map","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Map\",\"type\":\"tile_map\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2,\"useGeocentroid\":true,\"isFilteredByCollar\":true},\"schema\":\"segment\"}],\"params\":{\"colorSchema\":\"Yellow to Red\",\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatClusterSize\":1.5,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"\",\"options\":{\"version\":\"\",\"layers\":\"\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"\",\"styles\":\"\"},\"selectedTmsLayer\":{\"origin\":\"elastic_maps_service\",\"id\":\"road_map\",\"minZoom\":0,\"maxZoom\":14,\"attribution\":\"Map data © OpenStreetMap contributors\"}}}}"},"id":"41af8bd0-1ae5-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-13T08:52:27.020Z","version":"WzcxLDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: vpc.publicAdmin\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"vpc.publicAdmin","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vpc.publicAdmin\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Role: vpc.publicAdmin\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"80c5cb80-1ae6-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-13T09:01:22.360Z","version":"Wzc0LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit. kms. *SymmetricKeyAccessBindings\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"kms binding","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"kms binding\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Role: binding on KMS key\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"b8b6c760-1ae6-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-13T09:02:56.214Z","version":"Wzc1LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.iam.CreateAccessKey or yandex.cloud.audit.iam.CreateKey or yandex.cloud.audit.iam.CreateApiKey)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Creation of sa key","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Creation of sa key\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Creation of sa keys\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"b3b4ebd0-1bc1-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:10:27.596Z","version":"Wzc3LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: admin\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"role admin","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"role admin\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Role: Admin\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"f3cb2bd0-1bc1-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:12:15.117Z","version":"Wzc4LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.AddInstanceOneToOneNat\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"add public ip","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"add public ip\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"VPC: add Public IP to VM\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"7f192e10-1bc4-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:30:27.824Z","version":"Wzg2LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and (event.action: yandex.cloud.audit.network.CreateSecurityGroup or yandex.cloud.audit.network.UpdateSecurityGroup) and details.rules.direction: INGRESS and details.rules.cidr_blocks.v4_cidr_blocks: *0.0.0.0*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"sg with 0","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"sg with 0\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"VPC: SG with 0.0.0.0/0\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"b174b870-1bc4-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:32:33.754Z","version":"Wzg4LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateInstance and details.network_interfaces.index: 1\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"vm with 2 int","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vm with 2 int\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"VM with 2 interfaces\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"f0ec9590-1bc4-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:33:38.793Z","version":"Wzg5LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.*SecurityGroup \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"actions with sg","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"actions with sg\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"VPC: Create/change/delete SG\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"1a4bb5b0-1bc5-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:34:48.202Z","version":"WzkwLDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.CreateAddress and not details.external_ipv4_address.requirements.ddos_protection_provider: qrator\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"without ddos","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"without ddos\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"VPC: Create pub IP without AntiDDos\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"8d3680a0-1bc5-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:38:37.270Z","version":"WzkyLDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and error.message: Permission denied\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Permission deny","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"Permission deny\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.action.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Unauthorized action\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Ip address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"597cb0b0-1bc3-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:24:43.986Z","version":"WzgzLDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and error.message: Permission denied\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"deny","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"deny\",\"type\":\"gauge\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Unauthorized events\"},\"schema\":\"metric\"}],\"params\":{\"type\":\"gauge\",\"addTooltip\":true,\"addLegend\":true,\"isDisplayWarning\":false,\"gauge\":{\"alignment\":\"automatic\",\"extendRange\":true,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":50},{\"from\":50,\"to\":75},{\"from\":75,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":true,\"labels\":false,\"color\":\"rgba(105,112,125,0.2)\"},\"type\":\"meter\",\"style\":{\"bgWidth\":0.9,\"width\":0.9,\"mask\":false,\"bgMask\":false,\"maskBars\":50,\"bgFill\":\"rgba(105,112,125,0.2)\",\"bgColor\":true,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"de0781c0-1bc3-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:25:57.596Z","version":"Wzg0LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"(event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.storage.BucketAclUpdate and details.acl.grants.grant_type: \\\"ALL_USERS\\\") or (event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.storage.BucketUpdate and (details.objects_access: true or details.settings_read_access: true or details.list_access: true))\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"s3 public","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"s3 public\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"S3: Become Public\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"f1c302f0-1bc5-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:40:49.694Z","version":"WzkzLDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.storage.BucketAclUpdate or yandex.cloud.audit.storage.BucketPolicyUpdate)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"s3 change","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"s3 change\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"S3: Change ACL/Policy\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"2dbc1990-1bc6-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:42:30.313Z","version":"Wzk0LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and user.type: SERVICE_ACCOUNT and not source.ip: (\\\"51.250.0.0/17\\\" or \\\"31.44.8.0/21\\\" or \\\"62.84.112.0/20\\\" or \\\"84.201.128.0/18\\\" or \\\"84.252.128.0/20\\\" or \\\"130.193.32.0/19\\\" or \\\"178.154.192.0/18\\\" or \\\"178.170.222.0/24\\\" or \\\"185.206.164.0/22\\\" or \\\"193.32.216.0/22\\\" or \\\"217.28.224.0/20\\\") and source.ip: *\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"sa outside","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"sa outside\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"IAM: sa connected from outside\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"82bd6c00-1bc6-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:44:52.927Z","version":"Wzk1LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and user.name : fdsgs\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"cloudowner","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"cloudowner\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Actions from cloud.owner\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"1c81bda0-1bc7-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:49:10.906Z","version":"Wzk3LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and event.outcome : success and event.action: yandex.cloud.audit.compute.CreateInstance and not details.network_interfaces.security_group_ids: *\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"vmwithoutsg","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vmwithoutsg\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"VM without SG\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"id":"5be109b0-1bc7-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T11:50:57.227Z","version":"Wzk4LDFd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and (user_agent.original: *YC/* or user_agent.original: *Terraform* or user_agent.original: *Yandex Cloud*)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"tforyc","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"tforyc\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"user_agent.original.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"user.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event_time\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"d83be840-1bc7-11ed-93c1-096eb1b59e0f","migrationVersion":{"visualization":"7.10.0"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2022-08-14T12:07:57.491Z","version":"WzEwMiwxXQ=="} {"attributes":{"columns":["cloud.cloud.name","cloud.folder.name","event.module","event.action","user.name","user.type","user.authorization","details.rules.cidr_blocks.v4_cidr_blocks","source.ip","user_agent.original","details.access_binding_deltas.access_binding.role_id","details.access_binding_deltas.access_binding.subject_name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["event_time","desc"]],"title":"Search:Yandexcloud: Yandexcloud: Interesting fields","version":1},"id":"0f828e70-e579-11eb-b941-f7bd9d79b315","migrationVersion":{"search":"7.9.3"},"references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2022-08-05T08:18:46.223Z","version":"WzQ0LDFd"} {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"2.1.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":9,\"h\":7,\"i\":\"0e44c295-48f8-4ecc-a965-53889de2946f\"},\"panelIndex\":\"0e44c295-48f8-4ecc-a965-53889de2946f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":9,\"y\":0,\"w\":7,\"h\":7,\"i\":\"6185559e-c99b-4ca1-bc9f-47d5682a37c1\"},\"panelIndex\":\"6185559e-c99b-4ca1-bc9f-47d5682a37c1\",\"embeddableConfig\":{\"title\":\"cloud-filter\",\"hidePanelTitles\":false},\"title\":\"cloud-filter\",\"panelRefName\":\"panel_1\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":8,\"h\":7,\"i\":\"d600af34-caff-4d44-a5e3-330e02c04fde\"},\"panelIndex\":\"d600af34-caff-4d44-a5e3-330e02c04fde\",\"embeddableConfig\":{\"title\":\"org-filter\",\"hidePanelTitles\":false},\"title\":\"org-filter\",\"panelRefName\":\"panel_2\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":12,\"i\":\"fdaa5a66-eb33-4864-a866-d938557a9ac9\"},\"panelIndex\":\"fdaa5a66-eb33-4864-a866-d938557a9ac9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":10,\"i\":\"40613c0f-8190-4d9a-aa1b-a5c61429a731\"},\"panelIndex\":\"40613c0f-8190-4d9a-aa1b-a5c61429a731\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":24,\"y\":12,\"w\":24,\"h\":10,\"i\":\"d1e54c71-312e-4e68-a926-8798b42623c2\"},\"panelIndex\":\"d1e54c71-312e-4e68-a926-8798b42623c2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":0,\"y\":17,\"w\":24,\"h\":12,\"i\":\"98695507-21a5-4964-80fd-a322ef573868\"},\"panelIndex\":\"98695507-21a5-4964-80fd-a322ef573868\",\"embeddableConfig\":{\"mapCenter\":null,\"mapZoom\":null},\"panelRefName\":\"panel_6\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":24,\"y\":22,\"w\":7,\"h\":7,\"i\":\"6a3555c2-6579-4382-b379-cb9097ee5874\"},\"panelIndex\":\"6a3555c2-6579-4382-b379-cb9097ee5874\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_7\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":31,\"y\":22,\"w\":6,\"h\":7,\"i\":\"54ad5c43-c565-4baf-8c16-f90674385c4e\"},\"panelIndex\":\"54ad5c43-c565-4baf-8c16-f90674385c4e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_8\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":37,\"y\":22,\"w\":5,\"h\":7,\"i\":\"12878024-5641-4f48-b5bf-b616013b345d\"},\"panelIndex\":\"12878024-5641-4f48-b5bf-b616013b345d\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_9\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":42,\"y\":22,\"w\":6,\"h\":7,\"i\":\"800643f4-5618-42b1-ab1e-43f931257372\"},\"panelIndex\":\"800643f4-5618-42b1-ab1e-43f931257372\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_10\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":0,\"y\":29,\"w\":5,\"h\":9,\"i\":\"c16dfec3-f7f3-4764-9a24-0c50f6ac9d18\"},\"panelIndex\":\"c16dfec3-f7f3-4764-9a24-0c50f6ac9d18\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_11\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":5,\"y\":29,\"w\":4,\"h\":9,\"i\":\"f0f4c7f0-a323-4f9e-8258-fa6bda0aa345\"},\"panelIndex\":\"f0f4c7f0-a323-4f9e-8258-fa6bda0aa345\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_12\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":9,\"y\":29,\"w\":4,\"h\":9,\"i\":\"79fbbc6c-f690-4b53-83d5-caf69cd5a7ce\"},\"panelIndex\":\"79fbbc6c-f690-4b53-83d5-caf69cd5a7ce\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_13\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":13,\"y\":29,\"w\":6,\"h\":9,\"i\":\"3214853c-0256-45f9-8328-4038a758c19a\"},\"panelIndex\":\"3214853c-0256-45f9-8328-4038a758c19a\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_14\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":19,\"y\":29,\"w\":5,\"h\":9,\"i\":\"4bb223f8-1930-420a-81ee-13a2fd25053c\"},\"panelIndex\":\"4bb223f8-1930-420a-81ee-13a2fd25053c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_15\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":24,\"y\":29,\"w\":13,\"h\":8,\"i\":\"2b4b1b01-9c70-4804-bd60-04c3118f2563\"},\"panelIndex\":\"2b4b1b01-9c70-4804-bd60-04c3118f2563\",\"embeddableConfig\":{},\"panelRefName\":\"panel_16\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":37,\"y\":29,\"w\":11,\"h\":8,\"i\":\"7f135715-8180-41a5-b48f-7617b4c6f1a7\"},\"panelIndex\":\"7f135715-8180-41a5-b48f-7617b4c6f1a7\",\"embeddableConfig\":{\"vis\":null},\"panelRefName\":\"panel_17\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":24,\"y\":37,\"w\":5,\"h\":9,\"i\":\"5034d64f-5543-4cfd-9b6d-8007290a484c\"},\"panelIndex\":\"5034d64f-5543-4cfd-9b6d-8007290a484c\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_18\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":29,\"y\":37,\"w\":4,\"h\":9,\"i\":\"31736d26-c08a-4a82-bd1b-e5d37a9a8d3d\"},\"panelIndex\":\"31736d26-c08a-4a82-bd1b-e5d37a9a8d3d\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_19\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":33,\"y\":37,\"w\":5,\"h\":9,\"i\":\"7881ef87-8678-4671-92d1-03243b7de696\"},\"panelIndex\":\"7881ef87-8678-4671-92d1-03243b7de696\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_20\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":38,\"y\":37,\"w\":4,\"h\":9,\"i\":\"f689ead4-2083-4933-8642-563080a0fe3e\"},\"panelIndex\":\"f689ead4-2083-4933-8642-563080a0fe3e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_21\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":42,\"y\":37,\"w\":6,\"h\":9,\"i\":\"7f4242d8-f8cb-4223-9ce9-4f651474799e\"},\"panelIndex\":\"7f4242d8-f8cb-4223-9ce9-4f651474799e\",\"embeddableConfig\":{\"hidePanelTitles\":true},\"panelRefName\":\"panel_22\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":0,\"y\":38,\"w\":24,\"h\":8,\"i\":\"49a188b5-0e1c-4fd4-8d7f-549905637158\"},\"panelIndex\":\"49a188b5-0e1c-4fd4-8d7f-549905637158\",\"embeddableConfig\":{},\"panelRefName\":\"panel_23\"},{\"version\":\"2.1.0\",\"gridData\":{\"x\":0,\"y\":46,\"w\":48,\"h\":12,\"i\":\"89e6396d-c8f7-468b-bc49-6412dc0ec13a\"},\"panelIndex\":\"89e6396d-c8f7-468b-bc49-6412dc0ec13a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_24\"}]","timeRestore":false,"title":"Audit-trails-dashboard","version":1},"id":"ad8fb760-1a56-11ed-93c1-096eb1b59e0f","migrationVersion":{"dashboard":"7.9.3"},"references":[{"id":"714b3fe0-1a56-11ed-93c1-096eb1b59e0f","name":"panel_0","type":"visualization"},{"id":"90a57640-1ae1-11ed-93c1-096eb1b59e0f","name":"panel_1","type":"visualization"},{"id":"92454390-1ae1-11ed-93c1-096eb1b59e0f","name":"panel_2","type":"visualization"},{"id":"aff2df40-1a57-11ed-93c1-096eb1b59e0f","name":"panel_3","type":"visualization"},{"id":"338918e0-1ae1-11ed-93c1-096eb1b59e0f","name":"panel_4","type":"visualization"},{"id":"756e1380-1ae3-11ed-93c1-096eb1b59e0f","name":"panel_5","type":"visualization"},{"id":"41af8bd0-1ae5-11ed-93c1-096eb1b59e0f","name":"panel_6","type":"visualization"},{"id":"80c5cb80-1ae6-11ed-93c1-096eb1b59e0f","name":"panel_7","type":"visualization"},{"id":"b8b6c760-1ae6-11ed-93c1-096eb1b59e0f","name":"panel_8","type":"visualization"},{"id":"b3b4ebd0-1bc1-11ed-93c1-096eb1b59e0f","name":"panel_9","type":"visualization"},{"id":"f3cb2bd0-1bc1-11ed-93c1-096eb1b59e0f","name":"panel_10","type":"visualization"},{"id":"7f192e10-1bc4-11ed-93c1-096eb1b59e0f","name":"panel_11","type":"visualization"},{"id":"b174b870-1bc4-11ed-93c1-096eb1b59e0f","name":"panel_12","type":"visualization"},{"id":"f0ec9590-1bc4-11ed-93c1-096eb1b59e0f","name":"panel_13","type":"visualization"},{"id":"1a4bb5b0-1bc5-11ed-93c1-096eb1b59e0f","name":"panel_14","type":"visualization"},{"id":"8d3680a0-1bc5-11ed-93c1-096eb1b59e0f","name":"panel_15","type":"visualization"},{"id":"597cb0b0-1bc3-11ed-93c1-096eb1b59e0f","name":"panel_16","type":"visualization"},{"id":"de0781c0-1bc3-11ed-93c1-096eb1b59e0f","name":"panel_17","type":"visualization"},{"id":"f1c302f0-1bc5-11ed-93c1-096eb1b59e0f","name":"panel_18","type":"visualization"},{"id":"2dbc1990-1bc6-11ed-93c1-096eb1b59e0f","name":"panel_19","type":"visualization"},{"id":"82bd6c00-1bc6-11ed-93c1-096eb1b59e0f","name":"panel_20","type":"visualization"},{"id":"1c81bda0-1bc7-11ed-93c1-096eb1b59e0f","name":"panel_21","type":"visualization"},{"id":"5be109b0-1bc7-11ed-93c1-096eb1b59e0f","name":"panel_22","type":"visualization"},{"id":"d83be840-1bc7-11ed-93c1-096eb1b59e0f","name":"panel_23","type":"visualization"},{"id":"0f828e70-e579-11eb-b941-f7bd9d79b315","name":"panel_24","type":"search"}],"type":"dashboard","updated_at":"2022-08-14T12:11:04.727Z","version":"WzEwNCwxXQ=="} {"exportedCount":27,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/update-opensearch-scheme/include/audit-trail/detections.ndjson ================================================ {"id":"db8cc0f0-930f-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-21T12:14:48.896Z","updated_by":"admin","created_at":"2022-02-21T12:14:46.868Z","created_by":"admin","name":"DetectionRule: Yandexcloud: IAM sa connect from outside of cloud ","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud: IAM sa connect from outside of cloud ","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"49e4d14d-2dbf-466d-a124-cd672c2c5a3d","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and user.type: SERVICE_ACCOUNT and not source.ip: (\"51.250.0.0/17\" or \"31.44.8.0/21\" or \"62.84.112.0/20\" or \"84.201.128.0/18\" or \"84.252.128.0/20\" or \"130.193.32.0/19\" or \"178.154.192.0/18\" or \"178.170.222.0/24\" or \"185.206.164.0/22\" or \"193.32.216.0/22\" or \"217.28.224.0/20\") and source.ip: *","filters":[],"saved_id":"bfdff200-930f-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"b790db90-930b-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-21T11:45:10.388Z","updated_by":"admin","created_at":"2022-02-21T11:45:08.400Z","created_by":"admin","name":"DetectionRule: Yandexcloud: Compute metadata posible secret","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud:Compute posible key in metadata","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"9086ff48-68ab-4164-b166-cfe5d3f81c02","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.compute.UpdateInstance or yandex.cloud.audit.compute.CreateInstance) and details.metadata_keys: secret key password pass token oauth aws_access_key_id and event.outcome : success","filters":[],"saved_id":"8ca32c30-930b-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"c2dfdca0-92f0-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-21T08:32:12.439Z","updated_by":"admin","created_at":"2022-02-21T08:32:10.650Z","created_by":"admin","name":"DetectionRule: Yandexcloud: VPC sec-group action from user not in list","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud:VPC sec-group action from user not in list","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"6646ae6c-8031-4b0e-ab86-5bd7a90b8b63","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and (event.action: yandex.cloud.audit.network.CreateSecurityGroup or yandex.cloud.audit.network.UpdateSecurityGroup) and not user.name: mirtov8@yandex-team.ru kirill@yandex-team.ru","filters":[],"saved_id":"ae9a0ae0-92f0-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"87a88c30-92ec-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-21T08:01:55.413Z","updated_by":"admin","created_at":"2022-02-21T08:01:53.350Z","created_by":"admin","name":"DetectionRule: Yandexcloud: ObjectStorage bacome public through ACL","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud:ObjectStorage bacome public through ACL","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"ed7480ac-e96e-4094-909c-08e57cfea6cb","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.storage.BucketAclUpdate and details.acl.grants.grant_type: \"ALL_USERS\"","filters":[],"saved_id":"706b4c60-92ec-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"37a88190-92ec-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-21T07:59:41.570Z","updated_by":"admin","created_at":"2022-02-21T07:59:39.530Z","created_by":"admin","name":"DetectionRule: Yandexcloud: ObjectStorage become public","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule: Yandexcloud: ObjectStorage become public","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"8b86b152-fe28-4bbd-822b-6722cc937d00","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.storage.BucketUpdate and (details.objects_access: true or details.settings_read_access: true or details.list_access: true)","filters":[],"saved_id":"e6e68680-92eb-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"0a5d0180-92eb-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-21T07:51:15.473Z","updated_by":"admin","created_at":"2022-02-21T07:51:13.779Z","created_by":"admin","name":"DetectionRule: Yandexcloud: KMS delete key","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud:KMS delete key","risk_score":21,"severity":"low","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"9b952d2b-f61b-472e-9986-24375f72e509","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.kms.DeleteSymmetricKey","filters":[],"saved_id":"dfa221f0-92ea-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"c3ac1c80-915f-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-19T08:41:45.977Z","updated_by":"admin","created_at":"2022-02-19T08:41:43.952Z","created_by":"admin","name":"DetectionRule: Yandexcloud: Lockbox access bindings","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud: Lockbox access bindings","risk_score":21,"severity":"low","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"17737b64-3bf8-4d21-ab88-3be74ff10ee7","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.lockbox.UpdateSecretAccessBindings","filters":[],"saved_id":"a18f3380-915f-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"4766e8d0-915f-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-19T08:38:17.738Z","updated_by":"admin","created_at":"2022-02-19T08:38:15.711Z","created_by":"admin","name":"DetectionRule: Yandexcloud: Lockbox assign sa on vm with perm","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud:Lockbox assign sa on vm with perm","risk_score":21,"severity":"low","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"92e248b6-4144-410a-9b89-ab9d0d8d3a90","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.UpdateInstance and details.service_account_id: ajeg2ar8m8o25u63dj9f","filters":[],"saved_id":"2c9e1140-915f-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"8568e440-915e-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-19T08:32:51.760Z","updated_by":"admin","created_at":"2022-02-19T08:32:50.237Z","created_by":"admin","name":"DetectionRule: Yandexcloud: Lockbox read secret not from target user","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud:Lockbox read secret not from target user","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"bd15a964-8318-49d6-a2e2-c31c54b1855b","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.lockbox.GetPayload and not user.id: ajeg2ar8m8o25u63dj9f and details.secret_name: secret1","filters":[],"saved_id":"506d3390-915e-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"4891e630-915d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-19T08:25:34.487Z","updated_by":"admin","created_at":"2022-02-19T08:23:58.509Z","created_by":"admin","name":"DetectionRule: Yandexcloud: Lockbox read secret not from cloud","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud:Lockbox read secret not from cloud","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"2757105b-9ae4-41a2-837c-e19593ae076c","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":2,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.lockbox.GetPayload and not source.ip: (\"51.250.0.0/17\" or \"31.44.8.0/21\" or \"62.84.112.0/20\" or \"84.201.128.0/18\" or \"84.252.128.0/20\" or \"130.193.32.0/19\" or \"178.154.192.0/18\" or \"178.170.222.0/24\" or \"185.206.164.0/22\" or \"193.32.216.0/22\" or \"217.28.224.0/20\")","filters":[],"saved_id":"07515700-915d-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"44a9cd30-8f05-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-16T08:48:55.336Z","updated_by":"admin","created_at":"2022-02-16T08:48:53.400Z","created_by":"admin","name":"DetectionRule: Yandexcloud: MDB Delete Cluster","tags":[],"interval":"5m","enabled":true,"description":"s","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"3d76ee5e-adc0-4b54-8cc2-0c0b00ab7e85","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.mdb.*.DeleteCluster","filters":[],"saved_id":"20754ed0-8f05-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"e90d0060-8f03-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-16T08:39:12.870Z","updated_by":"admin","created_at":"2022-02-16T08:39:10.830Z","created_by":"admin","name":"DetectionRule: Yandexcloud: MDB Admin tasks from not trusted ip","tags":[],"interval":"5m","enabled":true,"description":"j","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"47246881-6b0a-4ecf-a382-0ef6094e3b4e","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trail-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.mdb.*.UpdateUser or yandex.cloud.audit.mdb.*.CreateUser or yandex.cloud.audit.mdb.*.CreateCluster or yandex.cloud.audit.mdb.*.UpdateCluster ) and source.ip : (\"2a00:1fa0:474:9876:4cac:6c43:12aa:2bd2\" or \"2a00:1fa0:474:9876:4cac:6c43:12aa:2bd1\" )","filters":[],"saved_id":"b2fe8020-8f03-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"7f3a0930-8efe-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-16T08:00:27.860Z","updated_by":"admin","created_at":"2022-02-16T08:00:25.832Z","created_by":"admin","name":"DetectionRule: Yandexcloud: MDB Create or Update user","tags":[],"interval":"5m","enabled":true,"description":"s","risk_score":21,"severity":"low","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"91aa39ab-0ab7-4aaa-8e91-8296e2a0c90c","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.mdb.*.UpdateUser or yandex.cloud.audit.mdb.*.CreateUser)","filters":[],"saved_id":"43c90e50-8efe-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"489272b0-8efd-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-16T07:55:56.206Z","updated_by":"admin","created_at":"2022-02-16T07:51:44.702Z","created_by":"admin","name":"DetectionRule: Yandexcloud: MDB Create cluster from not known admin","tags":[],"interval":"5m","enabled":true,"description":"d","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"1m","kibana_siem_app_url":"https://c-c9qec6ilgop0vdtvpoi2.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-360s","rule_id":"f6aa7958-d776-439d-9b77-49b11893cb22","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":2,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.mdb.*.CreateCluster and not user.name : mirtov8@yandex-team.ru kirill@yandex-team.ru","filters":[],"saved_id":"e810ca40-8efc-11ec-b8ee-4bf5e13b519b","throttle":"no_actions","actions":[]} {"id":"40d74b00-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.893Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.887Z","created_by":"admin","name":"DetectionRule: Yandexcloud: resource-manager.cloud.owner events","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud: resource-manager.cloud.owner events","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"07bad1bd-0d51-46c5-b712-fedf1c18e5be","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and user.name : fdsgs","filters":[],"saved_id":"Yandexcloud: resource-manager.cloud.owner events","throttle":"no_actions","actions":[]} {"id":"40af50a0-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.889Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.887Z","created_by":"admin","name":"DetectionRule:Yandexcloud:Create public address without antiddos","tags":[],"interval":"2m","enabled":true,"description":"f","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-720s","rule_id":"5c24fd59-3469-42f0-afe7-72d4eddcc0f3","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.CreateAddress and not details.external_ipv4_address.requirements.ddos_protection_provider: qrator","filters":[],"saved_id":"Yandexcloud:Create public address without antiddos","throttle":"no_actions","actions":[]} {"id":"40acdfa0-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.880Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.886Z","created_by":"admin","name":"DetectionRule: Yandexcloud: Add public IP to VM","tags":[],"interval":"5m","enabled":true,"description":"s","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"42ba3879-ffe8-49ac-9fb0-eeecf423bb4e","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.AddInstanceOneToOneNat","filters":[],"saved_id":"Yandexcloud: Add public IP to VM","throttle":"no_actions","actions":[]} {"id":"409734c0-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.861Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.885Z","created_by":"admin","name":"DetectionRule:Yandexcloud:Create instance with Serialport","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud:Create instance with Serialport\n","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"0b0cc717-8f22-4515-9960-dc20f5d01efd","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.outcome : success and event.action: yandex.cloud.audit.compute.CreateInstance and details.metadata_serial_port_enable: 1","filters":[],"saved_id":"Yandexcloud:Create instance with Serialport","throttle":"no_actions","actions":[]} {"id":"40a95d30-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.865Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.884Z","created_by":"admin","name":"DetectionRule:Yandexcloud: Bind access rights to KMS key","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud: Bind access rights to KMS key","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"e5d280a4-344e-4dc9-850f-901c995e4dfc","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit. kms. *SymmetricKeyAccessBindings","filters":[],"saved_id":"Yandexcloud: Bind access rights to KMS key","throttle":"no_actions","actions":[]} {"id":"40d7e740-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.882Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.883Z","created_by":"admin","name":"DetectionRule:Yandexcloud: Any create or update SG (security group)","tags":[],"interval":"5m","enabled":true,"description":"j","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"cf51d89a-10ad-4ffb-9b42-a0c3bd622eb2","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.*SecurityGroup ","filters":[],"saved_id":"Yandexcloud: Any create or update SG (security group)","throttle":"no_actions","actions":[]} {"id":"4097f810-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.891Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.883Z","created_by":"admin","name":"DetectionRule:Yandexcloud: Add access binding VPC_publicAdmin","tags":[],"interval":"5m","enabled":true,"description":".","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"7f3baf3d-3aaa-4703-87cb-52933f9f6802","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: vpc.publicAdmin","filters":[],"saved_id":"Yandexcloud: Add access binding VPC_publicAdmin","throttle":"no_actions","actions":[]} {"id":"40abce30-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.873Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.882Z","created_by":"admin","name":"DetectionRule:Yandexcloud:Create dangerous 0.0.0.0 ACL:SG","tags":[],"interval":"5m","enabled":true,"description":".","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"e0d24656-6e91-4b00-8234-a81f32191c05","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":2,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and (event.action: yandex.cloud.audit.network.CreateSecurityGroup or yandex.cloud.audit.network.UpdateSecurityGroup) and details.rules.direction: INGRESS and details.rules.cidr_blocks.v4_cidr_blocks: *0.0.0.0*","filters":[],"saved_id":"Yandexcloud:Create dangerous 0.0.0.0 ACL:SG","throttle":"no_actions","actions":[]} {"id":"40d687b0-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.876Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.880Z","created_by":"admin","name":"DetectionRule:Yandexcloud: unauthorized events (permission denied)","tags":[],"interval":"5m","enabled":true,"description":"/","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"b0083d86-0aa6-42c3-ba5f-a32ab77e955d","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"threshold","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and error.message: Permission denied","filters":[],"saved_id":"Yandexcloud: unauthorized events (permission denied)","threshold":{"field":[],"value":3,"cardinality":[]},"throttle":"no_actions","actions":[]} {"id":"409782e0-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.870Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.880Z","created_by":"admin","name":"DetectionRule:Create instance without SG","tags":[],"interval":"5m","enabled":true,"description":"Create instance without SG","risk_score":99,"severity":"critical","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"2b2908f0-c6bd-4fa2-a0e6-fb9a9bbbe9a6","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.outcome : success and event.action: yandex.cloud.audit.compute.CreateInstance and not details.network_interfaces.security_group_ids: *","filters":[],"saved_id":"Yandexcloud:Create instance without SG","throttle":"no_actions","actions":[]} {"id":"40ae3f30-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.885Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.879Z","created_by":"admin","name":"DetectionRule:Yandexcloud:Create instances with public IP","tags":[],"interval":"5m","enabled":true,"description":"DetectionRule:Yandexcloud:Create instances with public IP","risk_score":21,"severity":"low","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"25bfca38-d61c-48c4-991b-81720652c2d9","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateInstance and details.network_interfaces.primary_v4_address.one_to_one_nat.address: *","filters":[],"saved_id":"Yandexcloud:Create instances with public IP","throttle":"no_actions","actions":[]} {"id":"40986d40-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.872Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.878Z","created_by":"admin","name":"DetectionRule: Yandexcloud: Connect admins from YC, Terraform","tags":[],"interval":"5m","enabled":true,"description":"\nYandexcloud: Connect admins from YC, Terraform","risk_score":21,"severity":"low","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"2b6594bd-9afc-4ad6-8715-9643a18e2817","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and (user_agent.original.keyword: *YC/* or user_agent.original.keyword: *Terraform*)","filters":[],"saved_id":"Yandexcloud: Connect admins from YC, Terraform","throttle":"no_actions","actions":[]} {"id":"40b08920-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.868Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.877Z","created_by":"admin","name":"DetectionRule: Yandexcloud: Create image from S3 uri","tags":[],"interval":"5m","enabled":true,"description":"\nYandexcloud: Create image from S3 uri","risk_score":21,"severity":"low","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"3185125a-4a91-468b-be49-0a998022d248","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateImage and cloud.image.source_uri: *","filters":[],"saved_id":"Yandexcloud: Create image from S3 uri","throttle":"no_actions","actions":[]} {"id":"40adf110-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.863Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.877Z","created_by":"admin","name":"DetectionRule:Yandexcloud:Creating of service-account's credentials (keys)","tags":[],"interval":"3m","enabled":true,"description":"DetectionRule:Yandexcloud:Creating of service-account's credentials (keys)","risk_score":47,"severity":"medium","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-780s","rule_id":"8e2c23d7-fe29-4468-ba96-9c02356688d4","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.iam.CreateAccessKey or yandex.cloud.audit.iam.CreateKey or andex.cloud.audit.iam.CreateApiKey)","filters":[],"saved_id":"Yandexcloud:Creating of service-account's credentials (keys)","throttle":"no_actions","actions":[]} {"id":"40aabcc0-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.859Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.876Z","created_by":"admin","name":"DetectionRule:Yandexcloud: Create instance with marketplace image","tags":[],"interval":"5m","enabled":true,"description":"s","risk_score":21,"severity":"low","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"f39be9fe-3047-4c8d-b61d-9b87f99afc96","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":2,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and details.product_ids: *","filters":[],"saved_id":"Yandexcloud: Create instance with marketplace image","throttle":"no_actions","actions":[]} {"id":"40981f20-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.878Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.875Z","created_by":"admin","name":"DetectionRule:Yandexcloud: Bind IAM Admin role to resources","tags":[],"interval":"5m","enabled":true,"description":"Yandexcloud: Bind IAM Admin role to resources","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"a33bab4b-bbac-4b4a-9acd-997045226d0a","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: admin","filters":[],"saved_id":"Yandexcloud: Bind IAM Admin role to resources","throttle":"no_actions","actions":[]} {"id":"4097d100-8e4d-11ec-b8ee-4bf5e13b519b","updated_at":"2022-02-15T10:51:41.884Z","updated_by":"admin","created_at":"2022-02-15T10:51:39.871Z","created_by":"admin","name":"DetectionRule:Yandexcloud: Changes of S3 acl, policy","tags":[],"interval":"5m","enabled":true,"description":"s","risk_score":73,"severity":"high","license":"","output_index":".siem-signals-default","meta":{"from":"10m","kibana_siem_app_url":"https://c-c9qfr7e8e470ghr1lanf.rw.mdb.yandexcloud.net/app/security"},"author":[],"false_positives":[],"from":"now-900s","rule_id":"88244e50-5974-434d-86ea-92db23c4796b","max_signals":100,"risk_score_mapping":[],"severity_mapping":[],"threat":[],"to":"now","references":[],"version":1,"exceptions_list":[],"immutable":false,"type":"saved_query","language":"kuery","index":["audit-trails-*"],"query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.storage.BucketAclUpdate or yandex.cloud.audit.storage.BucketPolicyUpdate)","filters":[],"saved_id":"Yandexcloud: Changes of S3 acl, policy","throttle":"no_actions","actions":[]} ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/update-opensearch-scheme/include/audit-trail/filters.ndjson ================================================ {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and (event.action: yandex.cloud.audit.network.CreateSecurityGroup or yandex.cloud.audit.network.UpdateSecurityGroup) and not user.name: mirtov8@yandex-team.ru kirill@yandex-team.ru"},"title":"Yandexcloud:VPC sec-group action from user not in list"},"id":"ae9a0ae0-92f0-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-21T08:31:36.083Z","version":"WzE5NTI4MywxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.storage.BucketAclUpdate and details.acl.grants.grant_type: \"ALL_USERS\""},"title":"Yandexcloud:ObjectStorage bacome public through ACL"},"id":"706b4c60-92ec-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-21T08:01:13.775Z","version":"WzE5NDM2NywxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.storage.BucketUpdate and (details.objects_access: true or details.settings_read_access: true or details.list_access: true)"},"title":"Yandexcloud:ObjectStorage become public"},"id":"e6e68680-92eb-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-21T07:57:23.057Z","version":"WzE5NDI2NywxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.kms.DeleteSymmetricKey"},"title":"Yandexcloud:KMS delete key"},"id":"dfa221f0-92ea-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-21T07:50:01.370Z","version":"WzE5Mzk1NCwxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and user.type: SERVICE_ACCOUNT and not source.ip: (\"51.250.0.0/17\" or \"31.44.8.0/21\" or \"62.84.112.0/20\" or \"84.201.128.0/18\" or \"84.252.128.0/20\" or \"130.193.32.0/19\" or \"178.154.192.0/18\" or \"178.170.222.0/24\" or \"185.206.164.0/22\" or \"193.32.216.0/22\" or \"217.28.224.0/20\") and source.ip: *"},"title":"Yandexcloud: IAM sa connect from outside of cloud"},"id":"bfdff200-930f-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-21T12:13:59.460Z","version":"WzIwMTg5MSwxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.compute.UpdateInstance or yandex.cloud.audit.compute.CreateInstance) and details.metadata_keys: secret key password pass token oauth aws_access_key_id and event.outcome : success"},"title":"Yandexcloud: Compute metadata key posible secret"},"id":"8ca32c30-930b-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-21T11:43:55.511Z","version":"WzIwMDkzMCwxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.outcome : success and event.action: (yandex.cloud.audit.compute.CreateInstance or yandex.cloud.audit.compute.UpdateInstance) and details.metadata_serial_port_enable: 1"},"title":"Yandexcloud:Create instance with Serialport"},"id":"Yandexcloud:Create instance with Serialport","references":[],"type":"query","updated_at":"2022-02-21T10:28:44.400Z","version":"WzE5ODY1NywxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.outcome : success and event.action: yandex.cloud.audit.compute.CreateInstance and not details.network_interfaces.security_group_ids: *"},"title":"Yandexcloud:Create instance without SG"},"id":"Yandexcloud:Create instance without SG","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzY1LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.CreateAddress and not details.external_ipv4_address.requirements.ddos_protection_provider: qrator"},"title":"Yandexcloud:Create public address without antiddos"},"id":"Yandexcloud:Create public address without antiddos","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzYzLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and error.message: Permission denied"},"title":"Yandexcloud: unauthorized events (permission denied)"},"id":"Yandexcloud: unauthorized events (permission denied)","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzYyLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateInstance and details.network_interfaces.primary_v4_address.one_to_one_nat.address: *"},"title":"Yandexcloud:Create instances with public IP"},"id":"Yandexcloud:Create instances with public IP","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzYwLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.CreateInstance and details.network_interfaces.index: 1"},"title":"Yandexcloud:Create instances with 2 interfaces"},"id":"Yandexcloud:Create instances with 2 interfaces","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzU5LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and (event.action: yandex.cloud.audit.network.CreateSecurityGroup or yandex.cloud.audit.network.UpdateSecurityGroup) and details.rules.direction: INGRESS and details.rules.cidr_blocks.v4_cidr_blocks: *0.0.0.0*"},"title":"Yandexcloud:Create dangerous 0.0.0.0 ACL:SG"},"id":"Yandexcloud:Create dangerous 0.0.0.0 ACL:SG","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzU4LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.storage.BucketAclUpdate or yandex.cloud.audit.storage.BucketPolicyUpdate)"},"title":"Yandexcloud: Changes of S3 acl, policy"},"id":"Yandexcloud: Changes of S3 acl, policy","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzU2LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: admin"},"title":"Yandexcloud: Bind IAM Admin role to resources"},"id":"Yandexcloud: Bind IAM Admin role to resources","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzU1LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit. kms. *SymmetricKeyAccessBindings"},"title":"Yandexcloud: Bind access rights to KMS key"},"id":"Yandexcloud: Bind access rights to KMS key","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzU0LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and details.product_ids: *"},"title":"Yandexcloud: Create instance with marketplace image"},"id":"Yandexcloud: Create instance with marketplace image","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzUzLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.AddInstanceOneToOneNat"},"title":"Yandexcloud: Add public IP to VM"},"id":"Yandexcloud: Add public IP to VM","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzUyLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.network.*SecurityGroup "},"title":"Yandexcloud: Any create or update SG (security group)"},"id":"Yandexcloud: Any create or update SG (security group)","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzUxLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and details.access_binding_deltas.access_binding.role_id: vpc.publicAdmin"},"title":"Yandexcloud: Add access binding VPC_publicAdmin"},"id":"Yandexcloud: Add access binding VPC_publicAdmin","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzUwLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and user.name : fdsgs"},"title":"Yandexcloud: resource-manager.cloud.owner events"},"id":"Yandexcloud: resource-manager.cloud.owner events","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzQ5LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and (user_agent.original.keyword: *YC/* or user_agent.original.keyword: *Terraform*)"},"title":"Yandexcloud: Connect admins from YC, Terraform"},"id":"Yandexcloud: Connect admins from YC, Terraform","references":[],"type":"query","updated_at":"2022-02-15T10:51:33.513Z","version":"WzQ4LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.mdb.*.DeleteCluster"},"title":"Yandexcloud: MDB Delete Cluster"},"id":"20754ed0-8f05-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-16T08:47:52.386Z","version":"WzI3Nzg2LDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.mdb.*.UpdateUser or yandex.cloud.audit.mdb.*.CreateUser or yandex.cloud.audit.mdb.*.CreateCluster or yandex.cloud.audit.mdb.*.UpdateCluster ) and source.ip : (\"2a00:1fa0:474:9876:4cac:6c43:12aa:2bd2\" or \"2a00:1fa0:474:9876:4cac:6c43:12aa:2bd1\" )"},"title":"Yandexcloud: MDB Admin tasks from not trusted ip"},"id":"b2fe8020-8f03-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-16T08:37:39.239Z","version":"WzI3NTMyLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.mdb.*.CreateCluster and not user.name : mirtov8@yandex-team.ru kirill@yandex-team.ru"},"title":"Yandexcloud: MDB Create cluster from not known admin"},"id":"e810ca40-8efc-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-16T07:55:30.387Z","version":"WzI2NTEyLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.mdb.*.UpdateUser or yandex.cloud.audit.mdb.*.CreateUser)"},"title":"Yandexcloud: MDB Create or Update user"},"id":"43c90e50-8efe-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-16T07:58:45.178Z","version":"WzI2NjMzLDFd"} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: (yandex.cloud.audit.iam.CreateAccessKey or yandex.cloud.audit.iam.CreateKey or yandex.cloud.audit.iam.CreateApiKey)"},"title":"Yandexcloud:Creating of service-account's credentials (keys)"},"id":"Yandexcloud:Creating of service-account's credentials (keys)","references":[],"type":"query","updated_at":"2022-02-15T14:52:46.910Z","version":"Wzc0MjgsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and not event.action: yandex.cloud.audit.compute.CreateImage and cloud.image.source_uri: \"https://storage.yandexcloud.net/action-log-123\""},"title":"Yandexcloud: Create image from S3 uri"},"id":"Yandexcloud: Create image from S3 uri","references":[],"type":"query","updated_at":"2022-02-15T13:47:05.499Z","version":"WzYwNTEsMV0="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.lockbox.UpdateSecretAccessBindings"},"title":"Yandexcloud: Lockbox access bindings"},"id":"a18f3380-915f-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-19T08:40:46.013Z","version":"WzEyMjE1MSwxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.compute.UpdateInstance and details.service_account_id: ajeg2ar8m8o25u63dj9f"},"title":"Yandexcloud:Lockbox assign sa on vm with perm"},"id":"2c9e1140-915f-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-19T08:37:29.817Z","version":"WzEyMjA3MSwxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.lockbox.GetPayload and not user.id: ajeg2ar8m8o25u63dj9f and details.secret_name: secret1"},"title":"Yandexcloud:Lockbox read secret not from target user"},"id":"506d3390-915e-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-19T08:31:20.398Z","version":"WzEyMTgwMSwxXQ=="} {"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"event.dataset: yandexcloud.audittrail and event.action: yandex.cloud.audit.lockbox.GetPayload and not source.ip: (\"51.250.0.0/17\" or \"31.44.8.0/21\" or \"62.84.112.0/20\" or \"84.201.128.0/18\" or \"84.252.128.0/20\" or \"130.193.32.0/19\" or \"178.154.192.0/18\" or \"178.170.222.0/24\" or \"185.206.164.0/22\" or \"193.32.216.0/22\" or \"217.28.224.0/20\")"},"title":"Yandexcloud:Lockbox read secret not from cloud"},"id":"07515700-915d-11ec-b8ee-4bf5e13b519b","references":[],"type":"query","updated_at":"2022-02-19T08:24:31.577Z","version":"WzEyMTYyMCwxXQ=="} {"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":32,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/update-opensearch-scheme/include/audit-trail/index-pattern.ndjson ================================================ {"attributes":{"fieldAttrs":"{\"cloud.cloud.id\":{\"count\":2},\"event.action\":{\"count\":4},\"cloud.cloud.name\":{\"count\":1},\"cloud.folder.name\":{\"count\":1},\"details.product_ids\":{\"count\":2},\"details.rules.cidr_blocks.v4_cidr_blocks\":{\"count\":1},\"event.id\":{\"count\":2},\"event.module\":{\"count\":3},\"event_time\":{\"count\":2},\"source.address\":{\"count\":2},\"source.ip\":{\"count\":2},\"user.authorization\":{\"count\":1},\"user.name\":{\"count\":1},\"user.type\":{\"count\":1},\"user_agent.original\":{\"count\":3},\"details.access_binding_deltas.access_binding.role_id\":{\"count\":1},\"details.access_binding_deltas.access_binding.subject_name\":{\"count\":1}}","fields":"[{\"count\":0,\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_type\",\"type\":\"string\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.cloud.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.cloud.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.cloud.id\"}}},{\"count\":0,\"name\":\"cloud.cloud.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.cloud.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.cloud.name\"}}},{\"count\":0,\"name\":\"cloud.folder.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.folder.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.folder.id\"}}},{\"count\":0,\"name\":\"cloud.folder.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.folder.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.folder.name\"}}},{\"count\":0,\"name\":\"cloud.image.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.image.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.image.id\"}}},{\"count\":0,\"name\":\"cloud.image.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.image.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.image.name\"}}},{\"count\":0,\"name\":\"cloud.image.source_uri\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.image.source_uri.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.image.source_uri\"}}},{\"count\":0,\"name\":\"cloud.instance.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.instance.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.instance.id\"}}},{\"count\":0,\"name\":\"cloud.instance.market_image\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.instance.market_image.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.instance.market_image\"}}},{\"count\":0,\"name\":\"cloud.instance.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.instance.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.instance.name\"}}},{\"count\":0,\"name\":\"cloud.machine.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.machine.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.machine.type\"}}},{\"count\":0,\"name\":\"cloud.org.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.org.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.org.id\"}}},{\"count\":0,\"name\":\"cloud.org.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.org.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.org.name\"}}},{\"count\":0,\"name\":\"cloud.provider\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.provider.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.provider\"}}},{\"count\":0,\"name\":\"cloud.service.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"cloud.service.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"cloud.service.name\"}}},{\"count\":0,\"name\":\"details.access_binding_deltas.access_binding.role_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.access_binding_deltas.access_binding.role_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.access_binding_deltas.access_binding.role_id\"}}},{\"count\":0,\"name\":\"details.access_binding_deltas.access_binding.subject_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.access_binding_deltas.access_binding.subject_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.access_binding_deltas.access_binding.subject_id\"}}},{\"count\":0,\"name\":\"details.access_binding_deltas.access_binding.subject_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.access_binding_deltas.access_binding.subject_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.access_binding_deltas.access_binding.subject_name\"}}},{\"count\":0,\"name\":\"details.access_binding_deltas.access_binding.subject_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.access_binding_deltas.access_binding.subject_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.access_binding_deltas.access_binding.subject_type\"}}},{\"count\":0,\"name\":\"details.access_binding_deltas.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.access_binding_deltas.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.access_binding_deltas.action\"}}},{\"count\":0,\"name\":\"details.access_key_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.access_key_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.access_key_id\"}}},{\"count\":0,\"name\":\"details.acl.grants.grant_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.acl.grants.grant_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.acl.grants.grant_type\"}}},{\"count\":0,\"name\":\"details.acl.grants.permission\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.acl.grants.permission.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.acl.grants.permission\"}}},{\"count\":0,\"name\":\"details.acl.grants.subject_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.acl.grants.subject_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.acl.grants.subject_id\"}}},{\"count\":0,\"name\":\"details.acl.grants.subject_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.acl.grants.subject_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.acl.grants.subject_name\"}}},{\"count\":0,\"name\":\"details.acl.grants.subject_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.acl.grants.subject_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.acl.grants.subject_type\"}}},{\"count\":0,\"name\":\"details.allocation_policy.zones.zone_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.allocation_policy.zones.zone_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.allocation_policy.zones.zone_id\"}}},{\"count\":0,\"name\":\"details.api_key_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.api_key_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.api_key_id\"}}},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.healthy_threshold\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.healthy_threshold.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.attached_target_groups.health_checks.healthy_threshold\"}}},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.http_options.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.http_options.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.attached_target_groups.health_checks.http_options.path\"}}},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.http_options.port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.http_options.port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.attached_target_groups.health_checks.http_options.port\"}}},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.interval\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.interval.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.attached_target_groups.health_checks.interval\"}}},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.attached_target_groups.health_checks.name\"}}},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.timeout\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.timeout.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.attached_target_groups.health_checks.timeout\"}}},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.unhealthy_threshold\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.attached_target_groups.health_checks.unhealthy_threshold.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.attached_target_groups.health_checks.unhealthy_threshold\"}}},{\"count\":0,\"name\":\"details.attached_target_groups.target_group_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.attached_target_groups.target_group_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.attached_target_groups.target_group_id\"}}},{\"count\":0,\"name\":\"details.backup_config.backup_settings.backup_schedule.daily_backup_schedule.execute_time.hours\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.backup_config.backup_settings.backup_schedule.next_execute_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.backup_config.backup_settings.backup_time_to_live\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.backup_config.backup_settings.backup_time_to_live.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.backup_config.backup_settings.backup_time_to_live\"}}},{\"count\":0,\"name\":\"details.backup_config.backup_settings.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.backup_config.backup_settings.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.backup_config.backup_settings.name\"}}},{\"count\":0,\"name\":\"details.backup_config.backup_settings.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.backup_config.backup_settings.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.backup_config.backup_settings.type\"}}},{\"count\":0,\"name\":\"details.backup_settings.backup_schedule.daily_backup_schedule.execute_time.hours\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.backup_settings.backup_schedule.next_execute_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.backup_settings.backup_time_to_live\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.backup_settings.backup_time_to_live.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.backup_settings.backup_time_to_live\"}}},{\"count\":0,\"name\":\"details.backup_settings.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.backup_settings.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.backup_settings.name\"}}},{\"count\":0,\"name\":\"details.backup_settings.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.backup_settings.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.backup_settings.type\"}}},{\"count\":0,\"name\":\"details.block_size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.block_size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.block_size\"}}},{\"count\":0,\"name\":\"details.boot_disk.auto_delete\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.boot_disk.device_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.boot_disk.device_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.boot_disk.device_name\"}}},{\"count\":0,\"name\":\"details.boot_disk.disk_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.boot_disk.disk_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.boot_disk.disk_id\"}}},{\"count\":0,\"name\":\"details.boot_disk.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.boot_disk.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.boot_disk.mode\"}}},{\"count\":0,\"name\":\"details.boot_disk_spec.auto_delete\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.boot_disk_spec.disk_spec.image_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.boot_disk_spec.disk_spec.image_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.boot_disk_spec.disk_spec.image_id\"}}},{\"count\":0,\"name\":\"details.boot_disk_spec.disk_spec.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.boot_disk_spec.disk_spec.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.boot_disk_spec.disk_spec.size\"}}},{\"count\":0,\"name\":\"details.boot_disk_spec.disk_spec.type_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.boot_disk_spec.disk_spec.type_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.boot_disk_spec.disk_spec.type_id\"}}},{\"count\":0,\"name\":\"details.boot_disk_spec.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.boot_disk_spec.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.boot_disk_spec.mode\"}}},{\"count\":0,\"name\":\"details.certificate_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.certificate_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.certificate_id\"}}},{\"count\":0,\"name\":\"details.certificate_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.certificate_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.certificate_name\"}}},{\"count\":0,\"name\":\"details.certificate_status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.certificate_status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.certificate_status\"}}},{\"count\":0,\"name\":\"details.cluster_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.cluster_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.cluster_id\"}}},{\"count\":0,\"name\":\"details.completed_at\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.compute_status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.compute_status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.compute_status\"}}},{\"count\":0,\"name\":\"details.connection_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.connection_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.connection_id\"}}},{\"count\":0,\"name\":\"details.created_at\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.database_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.database_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.database_id\"}}},{\"count\":0,\"name\":\"details.database_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.database_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.database_name\"}}},{\"count\":0,\"name\":\"details.default_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.default_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.default_algorithm\"}}},{\"count\":0,\"name\":\"details.default_for_network\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.deploy_policy.max_expansion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.deploy_policy.max_expansion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.deploy_policy.max_expansion\"}}},{\"count\":0,\"name\":\"details.deploy_policy.strategy\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.deploy_policy.strategy.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.deploy_policy.strategy\"}}},{\"count\":0,\"name\":\"details.destination.data_stream.database_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.destination.data_stream.database_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.destination.data_stream.database_id\"}}},{\"count\":0,\"name\":\"details.destination.data_stream.stream_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.destination.data_stream.stream_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.destination.data_stream.stream_name\"}}},{\"count\":0,\"name\":\"details.disk_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.disk_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.disk_id\"}}},{\"count\":0,\"name\":\"details.disk_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.disk_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.disk_name\"}}},{\"count\":0,\"name\":\"details.document_api_endpoint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.document_api_endpoint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.document_api_endpoint\"}}},{\"count\":0,\"name\":\"details.domains\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.domains.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.domains\"}}},{\"count\":0,\"name\":\"details.endpoint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.endpoint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.endpoint\"}}},{\"count\":0,\"name\":\"details.execute_mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.execute_mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.execute_mode\"}}},{\"count\":0,\"name\":\"details.folder_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.folder_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.folder_id\"}}},{\"count\":0,\"name\":\"details.folder_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.folder_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.folder_name\"}}},{\"count\":0,\"name\":\"details.fqdn\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.fqdn.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.fqdn\"}}},{\"count\":0,\"name\":\"details.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.hostname\"}}},{\"count\":0,\"name\":\"details.instance_group_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_group_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_group_id\"}}},{\"count\":0,\"name\":\"details.instance_group_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_group_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_group_name\"}}},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.disk_spec.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.disk_spec.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.boot_disk_spec.disk_spec.description\"}}},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.disk_spec.image_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.disk_spec.image_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.boot_disk_spec.disk_spec.image_id\"}}},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.disk_spec.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.disk_spec.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.boot_disk_spec.disk_spec.size\"}}},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.disk_spec.type_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.disk_spec.type_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.boot_disk_spec.disk_spec.type_id\"}}},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.boot_disk_spec.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.boot_disk_spec.mode\"}}},{\"count\":0,\"name\":\"details.instance_template.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.description\"}}},{\"count\":0,\"name\":\"details.instance_template.labels.managed-kubernetes-cluster-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.labels.managed-kubernetes-cluster-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.labels.managed-kubernetes-cluster-id\"}}},{\"count\":0,\"name\":\"details.instance_template.labels.managed-kubernetes-node-group-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.labels.managed-kubernetes-node-group-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.labels.managed-kubernetes-node-group-id\"}}},{\"count\":0,\"name\":\"details.instance_template.metadata.etc-kubernetes-bootstrap-kubeconfig-conf\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.metadata.etc-kubernetes-bootstrap-kubeconfig-conf.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.metadata.etc-kubernetes-bootstrap-kubeconfig-conf\"}}},{\"count\":0,\"name\":\"details.instance_template.metadata.etc-kubernetes-pki-ca-crt\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.metadata.etc-kubernetes-pki-ca-crt.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.metadata.etc-kubernetes-pki-ca-crt\"}}},{\"count\":0,\"name\":\"details.instance_template.metadata.internal-metadata-live-update-keys\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.metadata.internal-metadata-live-update-keys.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.metadata.internal-metadata-live-update-keys\"}}},{\"count\":0,\"name\":\"details.instance_template.metadata.k8s-runtime-bootstrap-yaml\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.metadata.k8s-runtime-bootstrap-yaml.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.metadata.k8s-runtime-bootstrap-yaml\"}}},{\"count\":0,\"name\":\"details.instance_template.metadata.kubelet_secondary_env_options_file\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.metadata.kubelet_secondary_env_options_file.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.metadata.kubelet_secondary_env_options_file\"}}},{\"count\":0,\"name\":\"details.instance_template.metadata.ssh-keys\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.metadata.ssh-keys.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.metadata.ssh-keys\"}}},{\"count\":0,\"name\":\"details.instance_template.metadata.user-data\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.metadata.user-data.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.metadata.user-data\"}}},{\"count\":0,\"name\":\"details.instance_template.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version\"}}},{\"count\":0,\"name\":\"details.instance_template.network_interface_specs.subnet_ids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.network_interface_specs.subnet_ids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.network_interface_specs.subnet_ids\"}}},{\"count\":0,\"name\":\"details.instance_template.network_settings.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.network_settings.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.network_settings.type\"}}},{\"count\":0,\"name\":\"details.instance_template.platform_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.platform_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.platform_id\"}}},{\"count\":0,\"name\":\"details.instance_template.resources_spec.core_fraction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.resources_spec.core_fraction.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.resources_spec.core_fraction\"}}},{\"count\":0,\"name\":\"details.instance_template.resources_spec.cores\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.resources_spec.cores.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.resources_spec.cores\"}}},{\"count\":0,\"name\":\"details.instance_template.resources_spec.memory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.resources_spec.memory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.resources_spec.memory\"}}},{\"count\":0,\"name\":\"details.instance_template.service_account_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.instance_template.service_account_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.instance_template.service_account_id\"}}},{\"count\":0,\"name\":\"details.issued_at\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.key_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.key_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.key_id\"}}},{\"count\":0,\"name\":\"details.key_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.key_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.key_name\"}}},{\"count\":0,\"name\":\"details.key_status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.key_status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.key_status\"}}},{\"count\":0,\"name\":\"details.list_access\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.list_access.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.list_access\"}}},{\"count\":0,\"name\":\"details.listeners.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.listeners.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.listeners.address\"}}},{\"count\":0,\"name\":\"details.listeners.ip_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.listeners.ip_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.listeners.ip_version\"}}},{\"count\":0,\"name\":\"details.listeners.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.listeners.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.listeners.name\"}}},{\"count\":0,\"name\":\"details.listeners.port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.listeners.port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.listeners.port\"}}},{\"count\":0,\"name\":\"details.listeners.protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.listeners.protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.listeners.protocol\"}}},{\"count\":0,\"name\":\"details.listeners.target_port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.listeners.target_port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.listeners.target_port\"}}},{\"count\":0,\"name\":\"details.location_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.location_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.location_id\"}}},{\"count\":0,\"name\":\"details.max_size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.max_size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.max_size\"}}},{\"count\":0,\"name\":\"details.metadata_keys\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.metadata_keys.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.metadata_keys\"}}},{\"count\":0,\"name\":\"details.metadata_serial_port_enable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.metadata_serial_port_enable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.metadata_serial_port_enable\"}}},{\"count\":0,\"name\":\"details.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.name\"}}},{\"count\":0,\"name\":\"details.network_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_id\"}}},{\"count\":0,\"name\":\"details.network_interface_index\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interface_index.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interface_index\"}}},{\"count\":0,\"name\":\"details.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.address\"}}},{\"count\":0,\"name\":\"details.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version\"}}},{\"count\":0,\"name\":\"details.network_interface_specs.security_group_ids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interface_specs.security_group_ids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interface_specs.security_group_ids\"}}},{\"count\":0,\"name\":\"details.network_interface_specs.subnet_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interface_specs.subnet_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interface_specs.subnet_id\"}}},{\"count\":0,\"name\":\"details.network_interfaces.index\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interfaces.index.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interfaces.index\"}}},{\"count\":0,\"name\":\"details.network_interfaces.mac_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interfaces.mac_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interfaces.mac_address\"}}},{\"count\":0,\"name\":\"details.network_interfaces.primary_v4_address.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interfaces.primary_v4_address.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interfaces.primary_v4_address.address\"}}},{\"count\":0,\"name\":\"details.network_interfaces.primary_v4_address.one_to_one_nat.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interfaces.primary_v4_address.one_to_one_nat.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interfaces.primary_v4_address.one_to_one_nat.address\"}}},{\"count\":0,\"name\":\"details.network_interfaces.primary_v4_address.one_to_one_nat.ip_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interfaces.primary_v4_address.one_to_one_nat.ip_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interfaces.primary_v4_address.one_to_one_nat.ip_version\"}}},{\"count\":0,\"name\":\"details.network_interfaces.security_group_ids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interfaces.security_group_ids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interfaces.security_group_ids\"}}},{\"count\":0,\"name\":\"details.network_interfaces.subnet_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_interfaces.subnet_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_interfaces.subnet_id\"}}},{\"count\":0,\"name\":\"details.network_load_balancer_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_load_balancer_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_load_balancer_id\"}}},{\"count\":0,\"name\":\"details.network_load_balancer_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_load_balancer_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_load_balancer_name\"}}},{\"count\":0,\"name\":\"details.network_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_name\"}}},{\"count\":0,\"name\":\"details.network_settings.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.network_settings.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.network_settings.type\"}}},{\"count\":0,\"name\":\"details.not_after\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.not_before\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.objects_access\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.objects_access.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.objects_access\"}}},{\"count\":0,\"name\":\"details.one_to_one_nat_spec.ip_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.one_to_one_nat_spec.ip_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.one_to_one_nat_spec.ip_version\"}}},{\"count\":0,\"name\":\"details.os.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.os.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.os.type\"}}},{\"count\":0,\"name\":\"details.path_filter.root.any_filter.resource.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.path_filter.root.any_filter.resource.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.path_filter.root.any_filter.resource.id\"}}},{\"count\":0,\"name\":\"details.path_filter.root.any_filter.resource.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.path_filter.root.any_filter.resource.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.path_filter.root.any_filter.resource.type\"}}},{\"count\":0,\"name\":\"details.primary_version_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.primary_version_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.primary_version_algorithm\"}}},{\"count\":0,\"name\":\"details.primary_version_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.primary_version_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.primary_version_id\"}}},{\"count\":0,\"name\":\"details.primary_version_status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.primary_version_status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.primary_version_status\"}}},{\"count\":0,\"name\":\"details.product_ids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.product_ids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.product_ids\"}}},{\"count\":0,\"name\":\"details.query_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.query_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.query_id\"}}},{\"count\":0,\"name\":\"details.region_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.region_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.region_id\"}}},{\"count\":0,\"name\":\"details.resources.core_fraction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.resources.core_fraction.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.resources.core_fraction\"}}},{\"count\":0,\"name\":\"details.resources.cores\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.resources.cores.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.resources.cores\"}}},{\"count\":0,\"name\":\"details.resources.memory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.resources.memory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.resources.memory\"}}},{\"count\":0,\"name\":\"details.resources_spec.core_fraction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.resources_spec.core_fraction.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.resources_spec.core_fraction\"}}},{\"count\":0,\"name\":\"details.resources_spec.cores\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.resources_spec.cores.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.resources_spec.cores\"}}},{\"count\":0,\"name\":\"details.resources_spec.memory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.resources_spec.memory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.resources_spec.memory\"}}},{\"count\":0,\"name\":\"details.route_table_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.route_table_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.route_table_id\"}}},{\"count\":0,\"name\":\"details.rule\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rule.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rule\"}}},{\"count\":0,\"name\":\"details.rules.cidr_blocks.v4_cidr_blocks\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.cidr_blocks.v4_cidr_blocks.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.cidr_blocks.v4_cidr_blocks\"}}},{\"count\":0,\"name\":\"details.rules.cidr_blocks.v6_cidr_blocks\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.cidr_blocks.v6_cidr_blocks.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.cidr_blocks.v6_cidr_blocks\"}}},{\"count\":0,\"name\":\"details.rules.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.description\"}}},{\"count\":0,\"name\":\"details.rules.direction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.direction.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.direction\"}}},{\"count\":0,\"name\":\"details.rules.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.id\"}}},{\"count\":0,\"name\":\"details.rules.ports.from_port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.ports.from_port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.ports.from_port\"}}},{\"count\":0,\"name\":\"details.rules.ports.to_port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.ports.to_port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.ports.to_port\"}}},{\"count\":0,\"name\":\"details.rules.predefined_target\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.predefined_target.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.predefined_target\"}}},{\"count\":0,\"name\":\"details.rules.protocol_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.protocol_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.protocol_name\"}}},{\"count\":0,\"name\":\"details.rules.protocol_number\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.rules.protocol_number.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.rules.protocol_number\"}}},{\"count\":0,\"name\":\"details.scale_policy.fixed_scale.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.scale_policy.fixed_scale.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.scale_policy.fixed_scale.size\"}}},{\"count\":0,\"name\":\"details.secondary_disk_specs.auto_delete\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disk_specs.disk_id\"}}},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_spec.block_size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_spec.block_size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disk_specs.disk_spec.block_size\"}}},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_spec.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_spec.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disk_specs.disk_spec.name\"}}},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_spec.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_spec.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disk_specs.disk_spec.size\"}}},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_spec.type_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disk_specs.disk_spec.type_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disk_specs.disk_spec.type_id\"}}},{\"count\":0,\"name\":\"details.secondary_disk_specs.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disk_specs.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disk_specs.mode\"}}},{\"count\":0,\"name\":\"details.secondary_disks.auto_delete\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.secondary_disks.device_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disks.device_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disks.device_name\"}}},{\"count\":0,\"name\":\"details.secondary_disks.disk_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disks.disk_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disks.disk_id\"}}},{\"count\":0,\"name\":\"details.secondary_disks.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.secondary_disks.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.secondary_disks.mode\"}}},{\"count\":0,\"name\":\"details.security_group_ids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.security_group_ids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.security_group_ids\"}}},{\"count\":0,\"name\":\"details.security_group_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.security_group_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.security_group_name\"}}},{\"count\":0,\"name\":\"details.serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.serial\"}}},{\"count\":0,\"name\":\"details.serverless_database.enable_throttling_rcu_limit\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.serverless_database.storage_size_limit\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.serverless_database.storage_size_limit.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.serverless_database.storage_size_limit\"}}},{\"count\":0,\"name\":\"details.serverless_database.throttling_rcu_limit\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.serverless_database.throttling_rcu_limit.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.serverless_database.throttling_rcu_limit\"}}},{\"count\":0,\"name\":\"details.service_account_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.service_account_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.service_account_id\"}}},{\"count\":0,\"name\":\"details.service_account_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.service_account_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.service_account_name\"}}},{\"count\":0,\"name\":\"details.settings_read_access\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.settings_read_access.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.settings_read_access\"}}},{\"count\":0,\"name\":\"details.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.size\"}}},{\"count\":0,\"name\":\"details.snapshot_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.snapshot_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.snapshot_id\"}}},{\"count\":0,\"name\":\"details.snapshot_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.snapshot_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.snapshot_name\"}}},{\"count\":0,\"name\":\"details.source_image_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.source_image_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.source_image_id\"}}},{\"count\":0,\"name\":\"details.started_at\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"details.static_routes.destination_prefix\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.static_routes.destination_prefix.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.static_routes.destination_prefix\"}}},{\"count\":0,\"name\":\"details.static_routes.labels.ClusterId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.static_routes.labels.ClusterId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.static_routes.labels.ClusterId\"}}},{\"count\":0,\"name\":\"details.static_routes.labels.NodeName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.static_routes.labels.NodeName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.static_routes.labels.NodeName\"}}},{\"count\":0,\"name\":\"details.static_routes.next_hop_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.static_routes.next_hop_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.static_routes.next_hop_address\"}}},{\"count\":0,\"name\":\"details.status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.status\"}}},{\"count\":0,\"name\":\"details.storage_class\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.storage_class.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.storage_class\"}}},{\"count\":0,\"name\":\"details.subnet_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.subnet_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.subnet_id\"}}},{\"count\":0,\"name\":\"details.subnet_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.subnet_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.subnet_name\"}}},{\"count\":0,\"name\":\"details.target_group_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.target_group_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.target_group_id\"}}},{\"count\":0,\"name\":\"details.target_group_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.target_group_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.target_group_name\"}}},{\"count\":0,\"name\":\"details.targets.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.targets.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.targets.address\"}}},{\"count\":0,\"name\":\"details.targets.subnet_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.targets.subnet_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.targets.subnet_id\"}}},{\"count\":0,\"name\":\"details.text_length\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.text_length.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.text_length\"}}},{\"count\":0,\"name\":\"details.trail_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.trail_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.trail_id\"}}},{\"count\":0,\"name\":\"details.trail_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.trail_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.trail_name\"}}},{\"count\":0,\"name\":\"details.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.type\"}}},{\"count\":0,\"name\":\"details.type_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.type_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.type_id\"}}},{\"count\":0,\"name\":\"details.update_mask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.update_mask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.update_mask\"}}},{\"count\":0,\"name\":\"details.user_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.user_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.user_name\"}}},{\"count\":0,\"name\":\"details.v4_cidr_blocks\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.v4_cidr_blocks.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.v4_cidr_blocks\"}}},{\"count\":0,\"name\":\"details.visibility\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.visibility.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.visibility\"}}},{\"count\":0,\"name\":\"details.zone_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"details.zone_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"details.zone_id\"}}},{\"count\":0,\"name\":\"error.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"error.details.@type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"error.details.@type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"error.details.@type\"}}},{\"count\":0,\"name\":\"error.details.locale\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"error.details.locale.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"error.details.locale\"}}},{\"count\":0,\"name\":\"error.details.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"error.details.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"error.details.message\"}}},{\"count\":0,\"name\":\"error.details.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"error.details.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"error.details.type\"}}},{\"count\":0,\"name\":\"error.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"error.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"error.message\"}}},{\"count\":0,\"name\":\"event.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.action\"}}},{\"count\":0,\"name\":\"event.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.category\"}}},{\"count\":0,\"name\":\"event.dataset\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.dataset.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.dataset\"}}},{\"count\":0,\"name\":\"event.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.id\"}}},{\"count\":0,\"name\":\"event.kind\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.kind.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.kind\"}}},{\"count\":0,\"name\":\"event.module\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.module.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.module\"}}},{\"count\":0,\"name\":\"event.outcome\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.outcome.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.outcome\"}}},{\"count\":0,\"name\":\"event.status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"event.status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.status\"}}},{\"count\":0,\"name\":\"event_time\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geoip.continent_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"geoip.continent_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"geoip.continent_name\"}}},{\"count\":0,\"name\":\"geoip.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"geoip.country_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"geoip.country_iso_code\"}}},{\"count\":0,\"name\":\"geoip.country_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"geoip.country_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"geoip.country_name\"}}},{\"count\":0,\"name\":\"geoip.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"object_storage.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"object_storage.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"object_storage.id\"}}},{\"count\":0,\"name\":\"request_metadata.remote_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_metadata.remote_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_metadata.remote_address\"}}},{\"count\":0,\"name\":\"request_metadata.request_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_metadata.request_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_metadata.request_id\"}}},{\"count\":0,\"name\":\"request_parameters.access_binding_deltas.access_binding.role_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.access_binding_deltas.access_binding.role_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.access_binding_deltas.access_binding.role_id\"}}},{\"count\":0,\"name\":\"request_parameters.access_binding_deltas.access_binding.subject.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.access_binding_deltas.access_binding.subject.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.access_binding_deltas.access_binding.subject.id\"}}},{\"count\":0,\"name\":\"request_parameters.access_binding_deltas.access_binding.subject.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.access_binding_deltas.access_binding.subject.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.access_binding_deltas.access_binding.subject.type\"}}},{\"count\":0,\"name\":\"request_parameters.access_binding_deltas.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.access_binding_deltas.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.access_binding_deltas.action\"}}},{\"count\":0,\"name\":\"request_parameters.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.action\"}}},{\"count\":0,\"name\":\"request_parameters.backup_config.backup_settings.backup_schedule.daily_backup_schedule.execute_time.hours\",\"type\":\"number\",\"esTypes\":[\"float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"request_parameters.backup_config.backup_settings.backup_time_to_live\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.backup_config.backup_settings.backup_time_to_live.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.backup_config.backup_settings.backup_time_to_live\"}}},{\"count\":0,\"name\":\"request_parameters.backup_config.backup_settings.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.backup_config.backup_settings.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.backup_config.backup_settings.name\"}}},{\"count\":0,\"name\":\"request_parameters.backup_config.backup_settings.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.backup_config.backup_settings.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.backup_config.backup_settings.type\"}}},{\"count\":0,\"name\":\"request_parameters.backup_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.backup_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.backup_id\"}}},{\"count\":0,\"name\":\"request_parameters.certificate_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.certificate_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.certificate_id\"}}},{\"count\":0,\"name\":\"request_parameters.cluster_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.cluster_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.cluster_id\"}}},{\"count\":0,\"name\":\"request_parameters.config_spec.autofailover\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"request_parameters.config_spec.backup_retain_period_days\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.config_spec.backup_retain_period_days.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.config_spec.backup_retain_period_days\"}}},{\"count\":0,\"name\":\"request_parameters.config_spec.performance_diagnostics.sessions_sampling_interval\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.config_spec.performance_diagnostics.sessions_sampling_interval.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.config_spec.performance_diagnostics.sessions_sampling_interval\"}}},{\"count\":0,\"name\":\"request_parameters.config_spec.performance_diagnostics.statements_sampling_interval\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.config_spec.performance_diagnostics.statements_sampling_interval.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.config_spec.performance_diagnostics.statements_sampling_interval\"}}},{\"count\":0,\"name\":\"request_parameters.config_spec.resources.disk_size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.config_spec.resources.disk_size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.config_spec.resources.disk_size\"}}},{\"count\":0,\"name\":\"request_parameters.config_spec.resources.disk_type_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.config_spec.resources.disk_type_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.config_spec.resources.disk_type_id\"}}},{\"count\":0,\"name\":\"request_parameters.config_spec.resources.resource_preset_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.config_spec.resources.resource_preset_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.config_spec.resources.resource_preset_id\"}}},{\"count\":0,\"name\":\"request_parameters.config_spec.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.config_spec.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.config_spec.version\"}}},{\"count\":0,\"name\":\"request_parameters.database_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.database_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.database_id\"}}},{\"count\":0,\"name\":\"request_parameters.database_specs.lc_collate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.database_specs.lc_collate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.database_specs.lc_collate\"}}},{\"count\":0,\"name\":\"request_parameters.database_specs.lc_ctype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.database_specs.lc_ctype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.database_specs.lc_ctype\"}}},{\"count\":0,\"name\":\"request_parameters.database_specs.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.database_specs.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.database_specs.name\"}}},{\"count\":0,\"name\":\"request_parameters.database_specs.owner\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.database_specs.owner.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.database_specs.owner\"}}},{\"count\":0,\"name\":\"request_parameters.default_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.default_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.default_algorithm\"}}},{\"count\":0,\"name\":\"request_parameters.environment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.environment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.environment\"}}},{\"count\":0,\"name\":\"request_parameters.execute_mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.execute_mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.execute_mode\"}}},{\"count\":0,\"name\":\"request_parameters.folder_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.folder_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.folder_id\"}}},{\"count\":0,\"name\":\"request_parameters.host_specs.priority\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.host_specs.priority.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.host_specs.priority\"}}},{\"count\":0,\"name\":\"request_parameters.host_specs.subnet_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.host_specs.subnet_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.host_specs.subnet_id\"}}},{\"count\":0,\"name\":\"request_parameters.host_specs.zone_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.host_specs.zone_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.host_specs.zone_id\"}}},{\"count\":0,\"name\":\"request_parameters.key_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.key_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.key_id\"}}},{\"count\":0,\"name\":\"request_parameters.location_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.location_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.location_id\"}}},{\"count\":0,\"name\":\"request_parameters.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.name\"}}},{\"count\":0,\"name\":\"request_parameters.network_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.network_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.network_id\"}}},{\"count\":0,\"name\":\"request_parameters.query_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.query_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.query_id\"}}},{\"count\":0,\"name\":\"request_parameters.serverless_database.enable_throttling_rcu_limit\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"request_parameters.serverless_database.storage_size_limit\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.serverless_database.storage_size_limit.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.serverless_database.storage_size_limit\"}}},{\"count\":0,\"name\":\"request_parameters.serverless_database.throttling_rcu_limit\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.serverless_database.throttling_rcu_limit.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.serverless_database.throttling_rcu_limit\"}}},{\"count\":0,\"name\":\"request_parameters.state_load_mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.state_load_mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.state_load_mode\"}}},{\"count\":0,\"name\":\"request_parameters.text_length\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.text_length.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.text_length\"}}},{\"count\":0,\"name\":\"request_parameters.trail_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.trail_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.trail_id\"}}},{\"count\":0,\"name\":\"request_parameters.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.type\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.allocation_policy.zones.zone_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.allocation_policy.zones.zone_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.allocation_policy.zones.zone_id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.deploy_policy.max_expansion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.deploy_policy.max_expansion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.deploy_policy.max_expansion\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_group_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_group_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_group_id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.description\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.image_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.image_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.image_id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.size\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.type_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.type_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.disk_spec.type_id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.boot_disk_spec.mode\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.description\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.labels.managed-kubernetes-cluster-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.labels.managed-kubernetes-cluster-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.labels.managed-kubernetes-cluster-id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.labels.managed-kubernetes-node-group-id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.labels.managed-kubernetes-node-group-id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.labels.managed-kubernetes-node-group-id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.metadata\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.metadata.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.metadata\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.network_interface_specs.primary_v4_address_spec.one_to_one_nat_spec.ip_version\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.network_interface_specs.subnet_ids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.network_interface_specs.subnet_ids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.network_interface_specs.subnet_ids\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.platform_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.platform_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.platform_id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.resources_spec.core_fraction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.resources_spec.core_fraction.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.resources_spec.core_fraction\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.resources_spec.cores\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.resources_spec.cores.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.resources_spec.cores\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.resources_spec.memory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.resources_spec.memory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.resources_spec.memory\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.service_account_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.instance_template.service_account_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.instance_template.service_account_id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.scale_policy.fixed_scale.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.scale_policy.fixed_scale.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.scale_policy.fixed_scale.size\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.service_account_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.service_account_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.service_account_id\"}}},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.update_mask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.update_request_parameters.update_mask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.update_request_parameters.update_mask\"}}},{\"count\":0,\"name\":\"request_parameters.user_specs.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.user_specs.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.user_specs.name\"}}},{\"count\":0,\"name\":\"request_parameters.visibility\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"request_parameters.visibility.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request_parameters.visibility\"}}},{\"count\":0,\"name\":\"resource_metadata.path.resource_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"resource_metadata.path.resource_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"resource_metadata.path.resource_id\"}}},{\"count\":0,\"name\":\"resource_metadata.path.resource_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"resource_metadata.path.resource_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"resource_metadata.path.resource_name\"}}},{\"count\":0,\"name\":\"resource_metadata.path.resource_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"resource_metadata.path.resource_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"resource_metadata.path.resource_type\"}}},{\"count\":0,\"name\":\"response.operation_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"response.operation_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"response.operation_id\"}}},{\"count\":0,\"name\":\"security_group.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"security_group.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"security_group.id\"}}},{\"count\":0,\"name\":\"source.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"source.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.address\"}}},{\"count\":0,\"name\":\"source.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"user.authenticated\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"user.authorization\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"user.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"user.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.id\"}}},{\"count\":0,\"name\":\"user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.name\"}}},{\"count\":0,\"name\":\"user.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"user.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.type\"}}},{\"count\":0,\"name\":\"user_agent.original\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"user_agent.original.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user_agent.original\"}}}]","runtimeFieldMap":"{}","timeFieldName":"event_time","title":"audit-trails-*"},"id":"33978670-e543-11eb-b941-f7bd9d79b315","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2022-08-13T08:30:57.093Z","version":"WzYzLDFd"} {"exportedCount":1,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/update-opensearch-scheme/include/audit-trail/index-template.json ================================================ { "index_patterns": ["audit-trails-index*"], "template": { "settings": { "plugins.index_state_management.rollover_alias": "audit-trails-index", "number_of_replicas": 2 }, "mappings": { "dynamic_templates": [], "properties": { "@timestamp": { "type": "date" }, "authentication": { "type": "object" }, "authorization": { "type": "object" }, "cloud": { "properties": { "cloud": { "properties": { "id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "folder": { "properties": { "id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "image": { "properties": { "id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "source_uri": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "instance": { "properties": { "id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "market_image": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "machine": { "properties": { "type": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "provider": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "service": { "properties": { "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "details": { "properties": { "access_binding_deltas": { "properties": { "access_binding": { "properties": { "role_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "subject_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "subject_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "subject_type": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "action": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "access_key_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "api_key_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "block_size": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "boot_disk": { "properties": { "auto_delete": { "type": "boolean" }, "device_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "disk_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "mode": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "boot_disk_spec": { "properties": { "auto_delete": { "type": "boolean" }, "disk_spec": { "properties": { "image_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "size": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "type_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "default_for_network": { "type": "boolean" }, "dhcp_options": { "type": "object" }, "disk_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "disk_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "folder_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "folder_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "fqdn": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "hostname": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "key_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "key_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "metadata_keys": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "metadata_serial_port_enable": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "network_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "network_interface_index": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "network_interface_specs": { "properties": { "primary_v4_address_spec": { "properties": { "one_to_one_nat_spec": { "properties": { "address": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "ip_version": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "security_group_ids": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "subnet_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "network_interfaces": { "properties": { "index": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "mac_address": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "primary_v4_address": { "properties": { "address": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "one_to_one_nat": { "properties": { "address": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "ip_version": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "security_group_ids": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "subnet_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "network_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "network_settings": { "properties": { "type": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "one_to_one_nat_spec": { "properties": { "ip_version": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "os": { "properties": { "type": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "placement_policy": { "type": "object" }, "product_ids": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "resources": { "properties": { "core_fraction": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "cores": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "memory": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "resources_spec": { "properties": { "core_fraction": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "cores": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "memory": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "rule": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "rules": { "properties": { "cidr_blocks": { "properties": { "v4_cidr_blocks": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "v6_cidr_blocks": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "description": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "direction": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "ports": { "properties": { "from_port": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "to_port": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "predefined_target": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "protocol_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "protocol_number": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "secondary_disk_specs": { "properties": { "auto_delete": { "type": "boolean" }, "disk_spec": { "properties": { "block_size": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "size": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "type_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "secondary_disks": { "properties": { "auto_delete": { "type": "boolean" }, "device_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "disk_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "mode": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "security_group_ids": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "security_group_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "service_account_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "service_account_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "size": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "source_image_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "subnet_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "subnet_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "type_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "update_mask": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "v4_cidr_blocks": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "zone_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "error": { "properties": { "code": { "type": "long" }, "details": { "properties": { "@type": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "locale": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "message": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "type": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "message": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "event": { "properties": { "action": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "category": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "dataset": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "kind": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "module": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "outcome": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "status": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "event_time": { "type": "date" }, "geoip": { "properties": { "location": { "type": "geo_point" } } }, "object_storage": { "properties": { "id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "request_metadata": { "properties": { "remote_address": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "request_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "resource_metadata": { "properties": { "path": { "properties": { "resource_id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "resource_name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "resource_type": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "security_group": { "properties": { "id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "source": { "properties": { "address": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "ip": { "type": "ip" } } }, "user": { "properties": { "authenticated": { "type": "boolean" }, "authorization": { "type": "boolean" }, "id": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "name": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } }, "type": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } }, "user_agent": { "properties": { "original": { "type": "text", "fields": { "keyword": { "type": "keyword", "ignore_above": 256 } } } } } } }, "aliases": {} } } ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/update-opensearch-scheme/include/audit-trail/ism-policy.json ================================================ { "policy": { "description": "hot warm delete workflow", "default_state": "hot", "schema_version": 1, "states": [ { "name": "hot", "actions": [ { "rollover": { "min_index_age": "30d", "min_primary_shard_size": "50gb" } } ], "transitions": [] } ], "ism_template": { "index_patterns": ["audit-trails-index*"], "priority": 100 } } } ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/update-opensearch-scheme/include/audit-trail/mapping.json ================================================ { "mappings" : { "properties" : { "authentication" : { "type" : "object" }, "authorization" : { "type" : "object" }, "@timestamp": { "type": "date" }, "geoip.location": { "type": "geo_point" }, "cloud" : { "properties" : { "cloud" : { "properties" : { "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "folder" : { "properties" : { "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "image" : { "properties" : { "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "source_uri" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "instance" : { "properties" : { "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "market_image" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "machine" : { "properties" : { "type" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "provider" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "service" : { "properties" : { "name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } } } }, "details" : { "properties" : { "access_binding_deltas" : { "properties" : { "access_binding" : { "properties" : { "role_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "subject_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "subject_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "subject_type" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "action" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "access_key_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "api_key_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "block_size" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "boot_disk" : { "properties" : { "auto_delete" : { "type" : "boolean" }, "device_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "disk_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "mode" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "boot_disk_spec" : { "properties" : { "auto_delete" : { "type" : "boolean" }, "disk_spec" : { "properties" : { "image_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "size" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "type_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } } } }, "default_for_network" : { "type" : "boolean" }, "dhcp_options" : { "type" : "object" }, "disk_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "disk_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "folder_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "folder_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "fqdn" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "hostname" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "key_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "key_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "metadata_keys" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "metadata_serial_port_enable" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "network_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "network_interface_index" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "network_interface_specs" : { "properties" : { "primary_v4_address_spec" : { "properties" : { "one_to_one_nat_spec" : { "properties" : { "address" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "ip_version" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } } } }, "security_group_ids" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "subnet_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "network_interfaces" : { "properties" : { "index" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "mac_address" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "primary_v4_address" : { "properties" : { "address" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "one_to_one_nat" : { "properties" : { "address" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "ip_version" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } } } }, "security_group_ids" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "subnet_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "network_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "network_settings" : { "properties" : { "type" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "one_to_one_nat_spec" : { "properties" : { "ip_version" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "os" : { "properties" : { "type" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "placement_policy" : { "type" : "object" }, "product_ids" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "resources" : { "properties" : { "core_fraction" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "cores" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "memory" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "resources_spec" : { "properties" : { "core_fraction" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "cores" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "memory" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "rule" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "rules" : { "properties" : { "cidr_blocks" : { "properties" : { "v4_cidr_blocks" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "v6_cidr_blocks" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "description" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "direction" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "ports" : { "properties" : { "from_port" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "to_port" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "predefined_target" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "protocol_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "protocol_number" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "secondary_disk_specs" : { "properties" : { "auto_delete" : { "type" : "boolean" }, "disk_spec" : { "properties" : { "block_size" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "size" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "type_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } } } }, "secondary_disks" : { "properties" : { "auto_delete" : { "type" : "boolean" }, "device_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "disk_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "mode" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "security_group_ids" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "security_group_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "service_account_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "service_account_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "size" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "source_image_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "subnet_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "subnet_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "type_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "update_mask" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "v4_cidr_blocks" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "zone_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "error" : { "properties" : { "code" : { "type" : "long" }, "details" : { "properties" : { "@type" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "locale" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "message" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "type" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "message" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "event" : { "properties" : { "action" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "category" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "dataset" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "kind" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "module" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "outcome" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "status" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "event_time" : { "type" : "date" }, "object_storage" : { "properties" : { "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "request_metadata" : { "properties" : { "remote_address" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "request_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "resource_metadata" : { "properties" : { "path" : { "properties" : { "resource_id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "resource_name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "resource_type" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } } } }, "security_group" : { "properties" : { "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "source" : { "properties" : { "address" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "ip" : { "type" : "ip" } } }, "user" : { "properties" : { "authenticated" : { "type" : "boolean" }, "authorization" : { "type" : "boolean" }, "id" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "name" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } }, "type" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } }, "user_agent" : { "properties" : { "original" : { "type" : "text", "fields" : { "keyword" : { "type" : "keyword", "ignore_above" : 256 } } } } } } } } ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/update-opensearch-scheme/include/audit-trail/pipeline.json ================================================ { "description": "Audit Trails Ingest Pipeline", "processors": [ { "rename": { "field": "authentication.subject_name", "target_field": "user.name", "ignore_failure": true } }, { "rename": { "field": "details.instance_id", "target_field": "cloud.instance.id", "ignore_failure": true } }, { "rename": { "field": "details.instance_zone_id", "target_field": "cloud.availability_zone", "ignore_failure": true } }, { "rename": { "field": "details.platform_id", "target_field": "cloud.machine.type", "ignore_failure": true } }, { "rename": { "field": "details.instance_name", "target_field": "cloud.instance.name", "ignore_failure": true } }, { "rename": { "field": "event_type", "target_field": "event.action", "ignore_failure": true } }, { "rename": { "field": "event_source", "target_field": "event.module", "ignore_failure": true } }, { "rename": { "field": "event_status", "target_field": "event.status", "ignore_failure": true } }, { "rename": { "field": "event_id", "target_field": "event.id", "ignore_failure": true } }, { "rename": { "field": "authentication.subject_id", "target_field": "user.id", "ignore_failure": true } }, { "rename": { "field": "authentication.subject_name", "target_field": "user.name", "ignore_failure": true } }, { "rename": { "field": "authentication.subject_type", "target_field": "user.type", "ignore_failure": true } }, { "rename": { "field": "authorization.authorized", "target_field": "user.authorization", "ignore_failure": true } }, { "rename": { "field": "authentication.authenticated", "target_field": "user.authenticated", "ignore_failure": true } }, { "rename": { "field": "request_metadata.user_agent", "target_field": "user_agent.original", "ignore_failure": true } }, { "rename": { "field": "details.security_group_id", "target_field": "security_group.id", "ignore_failure": true } }, { "rename": { "field": "details.security_group_id", "target_field": "security_group.id", "ignore_failure": true } }, { "rename": { "field": "details.image_name", "target_field": "cloud.image.name", "ignore_failure": true } }, { "rename": { "field": "details.image_id", "target_field": "cloud.image.id", "ignore_failure": true } }, { "urldecode": { "field": "details.source_uri", "ignore_failure": true } }, { "rename": { "field": "details.source_uri", "target_field": "cloud.image.source_uri", "ignore_failure": true } }, { "rename": { "field": "details.bucket_id", "target_field": "object_storage.id", "ignore_failure": true } }, { "rename": { "field": "details.access_binding_deltas.access_binding.role_id", "target_field": "cloud.binding.role_id", "ignore_failure": true } }, { "set": { "field": "event.kind", "value": "event", "ignore_failure": true } }, { "set": { "field": "cloud.org.name", "value": "{{{resource_metadata.path.0.resource_name}}}", "ignore_failure": true } }, { "set": { "field": "cloud.cloud.name", "value": "{{{resource_metadata.path.1.resource_name}}}", "ignore_failure": true } }, { "set": { "field": "cloud.folder.name", "value": "{{{resource_metadata.path.2.resource_name}}}", "ignore_failure": true } }, { "set": { "field": "cloud.org.id", "value": "{{{resource_metadata.path.0.resource_id}}}", "ignore_failure": true } }, { "set": { "field": "cloud.cloud.id", "value": "{{{resource_metadata.path.1.resource_id}}}", "ignore_failure": true } }, { "set": { "field": "cloud.folder.id", "value": "{{{resource_metadata.path.2.resource_id}}}", "ignore_failure": true } }, { "set": { "field": "event.category", "value": ["configuration", "iam"], "ignore_failure": true } }, { "set": { "if": "ctx.event.status == 'DONE'", "field": "event.outcome", "value": "success", "ignore_failure": true } }, { "set": { "field": "event.dataset", "value": "yandexcloud.audittrail", "ignore_failure": true } }, { "set": { "field": "cloud.provider", "value": "yandexcloud", "ignore_failure": true } }, { "set": { "if": "ctx.request_metadata.remote_address != 'cloud.yandex'", "field": "source.ip", "value": "{{{request_metadata.remote_address}}}", "ignore_failure": true } }, { "geoip" : { "field" : "source.ip", "ignore_failure": true } }, { "set": { "field": "@timestamp", "value": "{{{event_time}}}", "ignore_failure": true } }, { "set": { "field": "cloud.service.name", "value": "audittrail", "ignore_failure": true } } ] } ================================================ FILE: auditlogs/export-auditlogs-to-Opensearch/update-opensearch-scheme/include/audit-trail/search.ndjson ================================================ {"attributes":{"columns":["cloud.cloud.name","cloud.folder.name","event.module","event.action","user.name","user.type","user.authorization","details.rules.cidr_blocks.v4_cidr_blocks","source.ip","user_agent.original","details.access_binding_deltas.access_binding.role_id","details.access_binding_deltas.access_binding.subject_name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["event_time","desc"]],"title":"Search:Yandexcloud: Yandexcloud: Interesting fields","version":1},"id":"0f828e70-e579-11eb-b941-f7bd9d79b315","references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2021-07-18T09:19:33.057Z","version":"WzE2NzYsMV0="} {"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset: yandexcloud.audittrail and error.message: Permission denied\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["event_time","desc"]],"title":"unauthorized events","version":1},"id":"90405c70-e8af-11eb-a019-4ff3eff5953f","references":[{"id":"33978670-e543-11eb-b941-f7bd9d79b315","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2021-07-19T16:37:10.206Z","version":"Wzc0MTQsMV0="} {"exportedCount":2,"missingRefCount":0,"missingReferences":[]} ================================================ FILE: auditlogs/export-auditlogs-to-Splunk/README.md ================================================ # Collecting, monitoring, and analyzing audit logs in an external SIEM Splunk ![Dashboard](https://user-images.githubusercontent.com/85429798/130447006-c5a604b3-d1ed-4f47-b132-5e83f02494c8.png) ![Dashboard](https://user-images.githubusercontent.com/85429798/130446967-926e892c-0dcb-4a97-93bc-92fe67b078dd.png) ## Solution description The solution lets you collect, monitor, and analyze audit logs in Yandex.Cloud from the following sources: - [Yandex Audit Trails](https://cloud.yandex.ru/docs/audit-trails/) - [Yandex Managed Service for Kubernetes](https://cloud.yandex.ru/docs/managed-kubernetes/) **(to be announced)** ## Use cases and searches The Yandex.Cloud security team has collected the most relevant use cases in the [folder](../_use_cases_and_searches) of the auditlogs repository. ## Solution features implemented via Terraform - [x] Deploy a COI Instance with a container based on the s3-splunk-importer `cr.yandex/crpjfmfou6gflobbfvfv/s3-splunk-importer:1.0` image. - [x] Provide continuous delivery of JSON files with audit logs from Yandex Object Storage to Splunk. ## Solution diagram ![Diagram](https://user-images.githubusercontent.com/85429798/130447027-efdd1ee7-0c1b-46fb-b0f2-36577bb5e6a4.png) ## Deployment using Terraform ## Description #### Yandex Cloud prerequisites - :white_check_mark: Object Storage Bucket for Audit Trails. - :white_check_mark: Audit Trails is enabled in the UI. - :white_check_mark: VPC network. - :white_check_mark: COI Instance has access to the internet to download the container image, for example, from the source NAT to the subnet. - :white_check_mark: ServiceAccount with the *storage.editor* role for actions in Object Storage. ##### See the example of the prerequisite configuration in /example/main.tf #### Splunk prerequisites - :white_check_mark: Configured [HTTP Event Collector](https://docs.splunk.com/Documentation/SplunkCloud/8.2.2105/Data/UsetheHTTPEventCollector#Configure_HTTP_Event_Collector_on_Splunk_Enterprise). - :white_check_mark: Token for sending events to HEC. Terraform module /modules/yc-splunk-trail: - Creates static keys for the SA to work with JSON objects in a bucket and encrypt/decrypt secrets. - Creates a COI VM with a Docker Container specification using a script. - Creates an SSH key pair and saves the private part to the disk and the public part to the VM. - Creates a KMS key. - Assigns the *kms.keys.encrypterDecrypter* rights to the key for SA to encrypt secrets. - Encrypts secrets and passes them to Docker Container. #### Example of calling a module: ```Python module "yc-splunk-trail" { source = "../modules/yc-splunk-trail/" #path to module yc-elastic-trail folder_id = var.folder_id splunk_token = var.splunk_token // Run the command export TF_VAR_splunk_token= (replace with your value) splunk_server = "https://1.2.3.4" // format: https:// bucket_name = yandex_storage_bucket.trail-bucket.bucket // Specify the name of the bucket with audit trails if the call is not from example bucket_folder = "folder" // Specified when creating Trails sa_id = yandex_iam_service_account.sa-bucket-editor.id // Specify an SA with bucket_editor rights if the call is not from example coi_subnet_id = yandex_vpc_subnet.splunk-subnet[0].id // Specify the subnet_id if the call is not from example } ``` ================================================ FILE: auditlogs/export-auditlogs-to-Splunk/README_RU.md ================================================ # Сбор, мониторинг и анализ аудит логов во внешний SIEM Splunk ![Дашборд](https://user-images.githubusercontent.com/85429798/130447006-c5a604b3-d1ed-4f47-b132-5e83f02494c8.png) ![Дашборд](https://user-images.githubusercontent.com/85429798/130446967-926e892c-0dcb-4a97-93bc-92fe67b078dd.png) ## Описание решения Решение позволяет собирать, мониторить и анализировать аудит логи в Yandex.Cloud со следующих источников: - [Yandex Audit Trails](https://cloud.yandex.ru/docs/audit-trails/) - [Yandex Managed Service for Kubernetes](https://cloud.yandex.ru/docs/managed-kubernetes/) **(скоро)** ## Use cases and searches Команда безопасности Yandex.Cloud собрала наиболее интересные сценарии use cases в [папке](../_use_cases_and_searches) репозитория auditlogs. Вы можете описанные сценарии для реагирования на события в части информационной безопасности. ## Что делает решение (через Terraform) - [x] Разворачивает COI Instance с контейнером на базе образа s3-splunk-importer (`cr.yandex/sol/s3-splunk-importer:1.0`) - [x] Обеспечивает непрерывную доставку json файлов с аудит логами из Yandex Object Storage в Splunk ## Схема решения ![Схема](https://user-images.githubusercontent.com/85429798/130447027-efdd1ee7-0c1b-46fb-b0f2-36577bb5e6a4.png) ## Развертывание с помощью Terraform ## Описание #### Пререквизиты Yandex Cloud - :white_check_mark: Object Storage Bucket для Audit Trails - :white_check_mark: Включенный сервис Audit Trails в UI - :white_check_mark: Сеть VPC - :white_check_mark: Наличие доступа в интернет с COI Instance для скачивания образа контейнера (например source NAT на подсеть) - :white_check_mark: ServiceAccount с ролью *storage.editor* для действий в Object Storage ##### См. Пример конфигурации пререквизитов в /example/main.tf #### Пререквизиты Splunk - :white_check_mark: Настроенный [HTTP Event Collector](https://docs.splunk.com/Documentation/SplunkCloud/8.2.2105/Data/UsetheHTTPEventCollector#Configure_HTTP_Event_Collector_on_Splunk_Enterprise) - :white_check_mark: Токен для отправки событий в HEC Модуль Terraform /modules/yc-splunk-trail: - создает static keys для sa (для работы с объектами JSON в бакете и шифрования/расшифрования секретов) - создает ВМ COI со спецификацией Docker Container со скриптом - создает ssh пару ключей и сохраняет приватную часть на диск, публичную в ВМ - создает KMS ключ - назначает права *kms.keys.encrypterDecrypter* на ключ для sa для шифрование секретов - шифрует секреты и передает их в Docker Container #### Пример вызова модуля: ```Python module "yc-splunk-trail" { source = "../modules/yc-splunk-trail/" #path to module yc-elastic-trail folder_id = var.folder_id splunk_token = var.splunk_token // выполнить команду: export TF_VAR_splunk_token= (заменить SPLUNK TOKEN на ваше значение) splunk_server = "https://1.2.3.4" // формат "https://" bucket_name = yandex_storage_bucket.trail-bucket.bucket // указать имя bucket с audit trails, если вызов не из example bucket_folder = "folder" // указанный при создании Trails sa_id = yandex_iam_service_account.sa-bucket-editor.id // указать sa с правами bucket_editor, если вызов не из example coi_subnet_id = yandex_vpc_subnet.splunk-subnet[0].id // указать subnet_id, если вызов не из example } ``` ================================================ FILE: auditlogs/export-auditlogs-to-Splunk/docker/Dockerfile ================================================ FROM python:3.9.1-slim RUN apt-get update # docker build нужно запускать из папки export-auditlogs-to-Splunk чтобы был правильный контекст при подборе include файлов # пример docker build команды: # docker build -t s3-splunk-importer:latest -f ./docker/Dockerfile . COPY /functions /app/functions WORKDIR /app RUN pip install --upgrade pip RUN pip install -r functions/requirements.txt CMD ["python3", "functions/main.py"] ================================================ FILE: auditlogs/export-auditlogs-to-Splunk/docker/docker-compose.yml ================================================ version: "3.6" services: app: build: . stdin_open: true tty: true volumes: - .:/app/functions ================================================ FILE: auditlogs/export-auditlogs-to-Splunk/functions/main.py ================================================ import requests import json import os import boto3 import time import base64 # Function - Get token def get_token(): response = requests.get('http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token', headers={"Metadata-Flavor":"Google"}) return response.json().get('access_token') # Function - Decrypt data with KMS key def decrypt_secret_kms(secret): token = get_token() request_suffix = f"{kms_key_id}:decrypt" request_json_data = {'ciphertext': secret} response = requests.post('https://kms.yandex/kms/v1/keys/'+request_suffix, data=json.dumps(request_json_data), headers={"Accept":"application/json", "Authorization": "Bearer "+token}) b64_data = response.json().get('plaintext') return base64.b64decode(b64_data).decode() # Configuration - Keys kms_key_id = os.environ['KMS_KEY_ID'] splunk_token = os.environ['SPLUNK_TOKEN_ENCR'] s3_key_encr = os.environ['S3_KEY_ENCR'] s3_secret_encr = os.environ['S3_SECRET_ENCR'] # Configuration - Setting up variables for ElasticSearch splunk_server = os.environ['SPLUNK_SERVER'] splunk_auth_pw = decrypt_secret_kms(splunk_token) # Configuration - Setting up variables for S3 s3_key = decrypt_secret_kms(s3_key_encr) s3_secret = decrypt_secret_kms(s3_secret_encr) s3_bucket = os.environ['S3_BUCKET'] s3_folder = os.environ['S3_FOLDER'] s3_local = '/tmp/s3' # Configuration - Sleep time if(os.getenv('SLEEP_TIME') is not None): sleep_time = int(os.environ['SLEEP_TIME']) else: sleep_time = 240 # State - Setting up S3 client s3 = boto3.resource('s3', endpoint_url='https://storage.yandexcloud.net', aws_access_key_id = s3_key, aws_secret_access_key = s3_secret ) # Function - Download JSON logs to local folder def download_s3_folder(s3_bucket, s3_folder, local_folder=None): print('JSON download -- STARTED') bucket = s3.Bucket(s3_bucket) if not os.path.exists(local_folder): os.makedirs(local_folder) for obj in bucket.objects.filter(Prefix=s3_folder): target = obj.key if local_folder is None \ else os.path.join(local_folder, os.path.relpath(obj.key, s3_folder)) if not os.path.exists(local_folder): os.makedirs(local_folder) if obj.key[-1] == '/': continue # Downloading JSON logs in a flat-structured way bucket.download_file(obj.key, local_folder+'/'+target.rsplit('/')[-1]) print('JSON download -- COMPLETE') # Function - Clean up S3 folder def delete_objects_s3(s3_bucket, s3_folder): bucket = s3.Bucket(s3_bucket) for obj in bucket.objects.filter(Prefix=s3_folder): if(obj.key != s3_folder+'/'): bucket.delete_objects( Delete={ 'Objects': [ { 'Key': obj.key }, ] } ) print('S3 bucket -- EMPTIED') # Function - Upload logs to ElasticSearch def upload_docs_bulk(s3_bucket, s3_folder): print('JSON upload -- STARTED') request_suffix = "/services/collector/event" error_count = 0 for f in os.listdir(s3_local): if f.endswith(".json"): with open(f"{s3_local}/{f}", "r") as read_file: data = json.load(read_file) result = [json.dumps(record) for record in data] with open(f"{s3_local}/nd-temp.json", 'w') as obj: for i in result: obj.write('{\n') obj.write('"time":'+' '+ str(time.time()) + ','+ '\n') obj.write('"event":'+ ' '+i+'\n') obj.write('}\n') obj.write('\n') data_file = open(f"{s3_local}/nd-temp.json", 'rb').read() response = requests.post(splunk_server+request_suffix, data=data_file, verify=False, headers={"Authorization":"Splunk "+ splunk_auth_pw}) os.remove(s3_local+"/"+f) if(response.status_code != 200): error_count += 1 print(response.text) if(os.path.exists(f"{s3_local}/nd-temp.json")): os.remove(f"{s3_local}/nd-temp.json") print(f"JSON upload -- COMPLETE -- {error_count} ERRORS") if(error_count == 0): delete_objects_s3(s3_bucket, s3_folder) # Process - Upload data def upload_logs(): download_s3_folder(s3_bucket, s3_folder, s3_local) upload_docs_bulk(s3_bucket, s3_folder) ### MAIN CONTROL PANEL upload_logs() print("Sleep -- STARTED") time.sleep(sleep_time) ================================================ FILE: auditlogs/export-auditlogs-to-Splunk/functions/requirements.txt ================================================ requests boto3 ================================================ FILE: auditlogs/export-auditlogs-to-Splunk/images/splun.drawio ================================================ 7H1Zu6JItvav6cvuh9HhMhhFZVJQ4Y5JZBAUUIZf/0UEuHNn5u7qOqeyqvv0p09lKRARRKxYw7sGNn+j+WsnV97topZhlP+NIsLub7TwN4oiKZaBX+hMP50hCHo8E1dJOJ37dmKfDNGr4XT2kYRR/V3DpizzJrl9fzIoiyIKmu/OeVVVtt83O5f593e9eXH004l94OU/nz0mYXOZzpKz5bcLqyiJL9OtF9R8vHD1Xo2nldQXLyzbT6do8W80X5VlM/66dnyUI+q96DL2k/7J1Y+JVVHR/J4OhpnKnS7U/Obv1fVwvDyPg/J3kh2HeXr5Y1rxNNumf5GgKh9FGKFRyL/RXHtJmmh/8wJ0tYW7Ds9dmms+Xf5YJQEP4tyr6+l3nUVNcJkOzmXRTHtNzuCxVwWvQ3TZ8+syfzQR+HYadUrynC/zsoLHRVlEaNCmKrPodfJvFE2TNEsv4JWfqTMR7BlVTdR9OjVRS47Ka9RUPWzyurqcjV0m3qUmWrXf8cHE4JdPPDBfTi29ifnij7G/7Q/8MW3R19tl1ka9D7PCcNs0PwCL6NvD31/M9d+yXedz6DPhx5WXhFG/ZgMp+ocNfInipx2cM8TPG8guiD++gV/K2+Kn7YpCqG+mw7JqLmVcFl4ufjvLfdtQROxvbbZleZtonUZN00+09x5N+f0mR13SnD79dtBQ/2CnI6GbRsYH/euggMs9fT741AsdfuuGj179ftpibikSgP2fbXFdPqog+g05YCbt23hVHDW/Qe9JPBCRf5Njqij3muT5vdL/5eL7mvZ/i/j+k72lf4340uT34sv8LL0U+4X0kswvkN6v9+/n7foLxfebyDqfrnwtvjWUjAYg/PN5++A5KUFLngQ3fLUIEOskwXhyakJ+teMz/PlSmv+3GuN/rwVeDX+Q7u/Vwtc9F39QDUxdjTKBk/7g2Dn7Pcey8x84cZzY1OsHZvyYxh+ABy8Z+y/RLyyE0+fznwUPZj/oF2r5hYJZfKFgPnDEH1Ew58dsub1uxaV5r5bb0m1avf07898OD/6Ayf+9ov21Uvi3mfy3RP4PAPviB/25+FkiyeVXJn+++JP2j/5p/3Q/RYEGitg3ZYWiBz/uJ9yiG/qZXHFsgUPrTwIokJ4f5UZZJ01SFvC6XzZNef3UAORJjC40SHA53B3UtzGqgbftdXBOOsQv3HQHIfQa7280GA8pqX7Gf6O4DvIMxRsrjXJ7jvGP3SMYiMRb7YhAKJ9bOqTDnqXVnn0G1+CppqBV+eUQXoNEWYU3d7Urjb0yqIkSe/Lh5lIX4nUcXvM8JNbPSCASlQetIqg9/pdwV+/Y1cZ+/fApNldS5qrQl4s+dK1z2pWKbC6VjIDtRcocQKz1TKelKqHxgN6mIqUOJqEIIFYtJ1YlpzUHhdim8aCl8JgH8N6f26F7itQhRWOh35/apuZDF1RKS3CfDn/nzqBm6g/9wee27Wu8I1yje81rH65PGexeF9byLlGeRuKkkSzOjRV3CeV4bMOTfXjscrjmPLwe4Lp3GaRD6st5uz2tSV+2l8r1QLlH9unKZjLRoIfzYuD64ByCB1x/r+4ZCv6G8xFjjYg71VY7lWcIfM7CtIK/RTjHy1G1OEVN10ddumlqqsLra2H8FsexEjSW2EGaIBp1e9jPHDJ0rVP3gEXntqkZ63t4nDudJsa9Sjrw901D5zQbHhNqr/YMCduSiLboG/VR0T/LPcL7C/h3qjwg7VBbeE9leP3bC7mg4/mj4/jVjkFzGvcMnrNsNCcGj2vZeD7aAa7JQuPCNVoXQbXih7aH48O5o+v6Hs8JrYE1B/w99Y/R+J3OT//EGK4L0nCkG7yvOHxri2iVC+N3hvuN7RTEA/j7Mw+E1OUWynayHV783D4D2i2MGAk8+u87hcv+Ivdnxn6vDJeLn5QhTf2sC1/nfrkq/B3O6/9Y9eXoAucFWYyt4HehIfT5p9rxa134nbr8J9rxVkDtyCcHTt+1xEaOSwA/2t6+iHYMf6F/QAE8UOG3INwSS0FnAK3x+4Op8CD1GRsOg9vxJ045nmDLVfkEgJttW/EMr52fa3RVPu2k42pn+ZRLhJTUuyYHtW7w8I5sFVDaJZDth0+viyvU1sxCRiO2nGlJOwlt1Os/8P68P+/P/5cfvtdpxoQ/jCVhZ6wFgAjxlilxcaDwZrkVAKELHdiJF9WWds5J5jJP7tpwdVnEyl5J17x9XffxbZPU9XbPPFVB7CH6IbU0YHSrnBtQUVKcQXCcmWniznZXezHf7IlOs7KlaR/W1kE6HA/kxT3mTXA6sGdHlhKH2uXuNSy9463yZRLqMK4LCo0ITy4drfJZRHfLcwEHBrGzES7KUb4wyTopH2rqzIxsLe8zdn/Ib5Fzde9+saaiYsZfyrue3TyvuG+u9/usb6o7HKGt/c3QbI9UM0/YR/VYPH3oIkituuLbhSV19Vnpg2o7qLQ+LIUd0Rg2GfonSis8CoJZukGamom2KaufrtCecult9njW82j+XBirHlpUySKXzzN007hzNYeHBkT83KxNXQ3SXYa/1+udKNmRVjX06RoLuX2G1l0SBloPH49twiyrtVwG8eNAHLzthvRYzr5d9t0uCg/bZH60b1KwTbL9xt3AwbKc32d3FpT19ciGd6ahV6fIgBfKhmUHd6h7N4pcdnieaZYmr8Pzzg6DNrC3drioyaYv0H4dt/P8snEZVh/WV00fQC4+9iWclHPnV/D6qj1U1P15gGfs46rIvCfsJUmawpxmz2VzCYUUHh+XnJVHjPFkqogsCZphTyW2ONx6S2i2rB5qCdiHdnEMglVfxg7vzSi7A7rmIzqRElFfCzUpRG44GWYH+0EEOXekSlSN48Je1fshlp77p2CK3Zk/OnE0I8Udmkil8NRM6knu1HPP/OCZm9Uwk+45F/YihBt+qzYL42wch1xhzrmrAmNhM2JslcVatfV6rijUk5W1zXKAo7H2nTzHphtIlm6RptceZ3QVcw9Wzlj7MZrQte4fH5zQDNKp2wemUJB+eZqp8MphTjHAFguw37Cz1OTA2hStR3g/gJg/cNthe9gzLpDMPZRFHah7HVr5loN+DgcRgtnynQKtdgE2imiKwAF5bNFOzbcA7Fuw9UsyByYXC44g1rBdDcQ4j20QcwQcCjaS4VASwQEZGKbabuA9fCCvDxB3ONyOT0EsAK0UHAQBlvFKvMFvEQAzaRVggh0QAMQuvAjqfQCAaoJuDcfkgCjKNQ8b2qbSQhzCXcBWzOGYIgj2Npo/4Pkjmr/Ywi5wzBWQlRWcPwM6MCAApATAyWBTIZZEXkVQqIu1GMqDoMMxRDzGHuAxZDgGAkgnOMY5RmOwgIQrBesAlDkBwBaOodtoDDLW4yMc4wHsPQknbsJ5eJzJw3Vwuy0c4wZ45QTHUEAIx4BrEzM4BpyHGvPixkZr8uAYaGI9EPc5GoPnAR7DgmNs8BgbxUBjcGiMDPaFY2QEGkMWZTzGDI6xx2PYe0TrFp4j4GzAtuXEDH4vIG2XiA4y/KXAvgZQzK0Jl8k/4X3XqI8gcgQP7zeHfS6oD8cBDfXhF9xOEVEf2zSABBSehgSF6BA2ucCNN4VYc3iAeGRoRfEIvyOAYN5RFeoIcCZw+C5GZ1Jgw/68w7cxH0OmSYFv8GAD+FgFiFfOgIu3Vy6TAWcDToKTMGK5hd04SgS8AGlCavkujBYMooNYg3NtzR2TM+USUCtTsLk7WHIx/P/ionEtn4NjOidiDnim4MERTZngrgYApWALVcl7cE6c8vAPSuf4UHcdK9J0IFPbMQuuEXOuLMqsqMKLETp+JIQQVkjhDvulSmyPz6HNmRPXSuCWl+AeL738tOSa+LmFbfJhUK6L42ktLK2Zft91PTjkygVwx6LWjWRHPefHp7ynlrG/2OcHJaZj+WqDm4LUdk8iyM1BZ4p7xkjfFzwLhru9zsB5t+cCoeloq4LnZ72xhBNv2t3KL9sy3gQ2sPjM3I5aj2WNBTQ5UgCVvrTfZgIafKtAh3sfg1LT9BbsKvbwIPmH7UJniROUIoi56BBLYJZXKfdIb8f50feg6tQ6G4gSmxCxkJ69JxVT/lKV9QS6UNLKi7ce+VD6YhNz8Ungo8QP+s3Cqc+LuznIp4X/aIVIAPFysZL4xbAhzAAYSlnVC9ozfGQs0IpPkZt75lx0ACMStXYm+Ku+Tp/nh59fdysl5hjRipzmWT2NguEyjeuJ+ZbgYvCUCyo8us+iMfYkkx+Mqzo39rGC9jdcuZWa0eQzYtnbEd5FTRrdaHlzNXuoFP2c96J1vnfze90XRi0Kc7HlQHizNER+2HwutBFpJcddst/eUoIZ7BUUZjXRV0XVGJsgSE6mvfICeiOAI5CtlVPNDvVwtxTVJHXklia+aQPqvES2iOfMc1qud7mlMvEhgDLQl31x7q6aYm8U/zRPH1AFIYMtZMyx3RCcLg5VYRnAEYKZSueagFhE8hbDLhXXQLdknp8VequIpQIJKfXDzgYD7/azHG4yLz7UJ1jBFfn1UKyq+15RT7RvSBQa76hyUMAZOxZOQUtkfwjXJdwePLhtB+X4HgvKUkKGyiDPilF1FwfJJui42VJB/JLfEtWCktaZHJIs97aZh2cZ9rRjJdTVRZGnJmQkoQTLlefPzBr0kF+feQAXsiChbjsARNi7/7i3m5iBWpFr74uVvC1VaEUI4LUtWCmLFdIiOVzbzLBnUO9wsYGkIugXkGVKcCmSlrACsONkqJKQpdOhIuKvMlg7ggnu0MxceBmxENjA9ptg5S8hs8Emtlab7ZaA8hCDZJ5cIsRmN98KZ6QddB2R9zpZPIHJs+2R5uslyR5LVQXbITXUK+tLVQFE7jGXVWjtuebGHh+r5xJhm4GRt6fFednfPRvqxFYJ5o/eoqPd8U4OUSx4jyztaLK7N9Cuu/mwdi1rY50UITzfUJT0Vos6cV2UkArFLt24kXV3o7xb0atbtS+u61quzie0AzdZAWShus1JPznrc7oENDgvNo/s/tzk0TJT4BbyLOkv+yZY58WFaOv9kUQi6h7va+40f7oQlsRGsRC2c7666EtvOTtvWq3Ph3kC211I40krOQ1VLpCKXWEs+CtPpLS9JpG4p3aVSZ3fs/sGBJwpKZn75BuKEcVNP88TNnGhFu/Nx5mdB0UWQ5ShPxbkyWWgoVonscpqo3Du4yViet1e81fLhOb3LDP0pU6p1tZb9TCzCfqcgAA08xE2PZ4anSa2KMQCe0BoPO6Jkos3Tbn0jEfA1l0bYYC9KGTEwAuImoQVceI7pIUNf9goHPx4JdotJzzSKVA57ibR8z6epVerDvc7IV3kvcBcZlGQPVnIU+3KDYmoKNzhqXvBvs1bp+3W15NO+8/ZEM1JxOxycCw8ztudLD0G0pY6Xg5LD4KbWkmPeUk4dymSiUI+uWFuhBAwELPLoq8UremczRZa/vp4uvEzhgNbtZrtF82R5s55JFAGUbB0tV3opApaIZkdK/9MhGXWS6veXdQeMskMe8nJ072Qb1KM4GwWHvITAzGI6sxCiWGpeR6by/vV9UheRJbJhKumFzWVzGn3sl3cV7RdXpwGIqKyzy9L4O9VSLfDMn/aDLSNqjKEh1sAUtNAar471ttY2SSxDJxTa7NWwF3WVuAKVz2GgzB06iwS515TdxT0ny/Ly9XWaAhEGObiw/XDk/qiXD2Qk2HlZGa4EEnFYmEb8tONIfW5yxlY6nPvUYQC1qnk20F9pbnWMdCeFseTi2C2nQKZ6zZDerpfVsYhLu4CI+Qbnff6NgZH0UufjUoXg1R1mc1xlhBUmlCEi9YlxSrxKskpuvWx0d1m3rWUV3c+WEIXUdKc7qq6lEvNDtQ+ys9ae1P5kqz8E2fVm6YVgbSocsQ/vktAV+SY9Vur1ef+XXvcFYDMoVScS8ssmnmj7LjcsS+X6Fxq0eMSQPBy3hxOhNJuihwqgkohtpvd3DsdloyBbP1TYzbNpYiqo3TwVqtSna/p0FAySKvHk3yyZ7oAZSMgHNNA43tqAbGaVf1qnagu0HcBRw2ZPISlTej32QHR6QCRpcKHHoo0+s3xwcz29uIUHliBuNUg3nRO+zgMR+gECzu/JgaroSTFZYhq4etcA1FovI0qNBC5JOmN56qG9ezcwTrpCysPhDOgzQTavKeWIaJUXIWQS71GEibP6WBWqci3W1wBI4jQhcuXW8FGPiHlbnNtyy5KOm950MlxHQ175lT5th8Fs+BxqiB47ZWBPQfFoVDVYsnwM3Y9T+Q7tBF2qfs+4qAD4ok9Va9r/cE1rlwH5A6i9Iy7VZSDfMCAPQR2xPg3T66Wwmy/JJgKAmPNf5yW3uG81iJ1Q9fkIUqeLms4fKx1jmKE52pzCiRSiJuT+MdCJr/rw4926hadlxegxD3YyJa/Kg9QvHMgm2y2hCAg5jbgHBvwNwHt4dbU18ZBvq36mAfHmFOebru1EWMo0MZCt3j/cEa1WQsIN9kQ6edgzeEYw3LjPegc+ku8cEX3lthnezIK88KdrFVGGWvYRuHm0PN5nGV9/TzLp9O6rRjECKIpZN39Ap7Dvb4+EcptclUzucXjRokcqLmnJJQc5EaZ62dFahYcRLXGZklbEzZS6GWzkbnZGekHtEXKEnpwcK+Pp76/044tzJ5zS98QjA9xTnZUSxoqDCqO0hEYPwffrHZLxRRahMluJjG31ru9gVjcLAw2iu3B0CrTsMGBH0yRFZbtzIyEvUHyVd4WHjInJw9Je/FUKTirpZru095gLw7YReuwYW9ncT7PFjn0NYjZZuZ2+t0zmmgxCP3AVJ0MRAFRDfH6te4RnamFdUryYOFKnkNQNmgVnSG9QWsOSM8hzDcw65mbR64DN/LcVcdrhYgHEbL/cPPHLoZ0bdfr6nq1DvPTdYUchCe13Tj8igcQOyMR1Kg5xfrLg95bQdV10M2U5pK71WVExtBvvAW1WXgb6Im3W26DXLaoX+YMMSdu5A3u9iJZKtcls16eNw31qDPJQU6jxMq1vYBjz27+0n44RUw+nmwCbUC0a1onnvvGNtqdn1DJ57IUidDxLLLwhEJVK4aw5hCWI29HmmkzJTVbE5zVhKRRaIULy4TaBIWR1Ijks/NSas5EHQcl4Lc5sU3PC7oWTsntvGU5dtWceXoW2rIppksitOZPtKwHUxjanmZb5+zP1+TwDJd6BcGlaV+fbZIS7PXu3lzSp4Rzfl4OSB8MmgKhIbplbfiSe1kpqxgoirMX9000r21GdEtjIYeHp5cjI2XfMiHWFe4vEPS/5qOWiD1lZd3ezoxyh842J27/yIBDywemAYGLeQSbo+yIDEoOmQCnotAXVpLoC8UgPn9houIv1OPzlwm/mIN5Nx+XR2eCtne9ISJZvoZeneBCQ71cqQ25CFGA0VrtkmOQzzizOe8RV6QoghhG4hy5ZTfisbltVAg0VwSH1NkNPJHrBjZBP6TF+blBJ4OIpLa1kHiXytP9pCC0te9l5X1Oyu6pVEkFAqMLoCp9la591d+xyB7bqdGciqqUmR5xOftcHZH+vJ62RH8MqqM776QVKe9buByJS9u8sFwXIvNlhZr1dDfLrparzIztozRjw+HAKl4p+oo9q49D3dWPmpWahxHuEsrUDY7ruYyfQydlAXIurRwqJxbhvlppCNb6unbRHCps3dgyodsMVibCIX3YnDUDCaHrhv5cc8/p80CbvKnXKlgzQJb3FTHfbI7UyZ2v0ybdxTq5snlHhrbGQNu3nJ/PnnpwGLoIV/WOdLZcyxNuKwGj5OYLiiYhM6HwtxTOA8aknCGf160KzqQpAi0DxyatG0ZEUzif1uTCTBqmhjcmZhD6yyKKZ+xOxbnZQkRFn4xEHpSDAClha8ABusnPkKo6aWG+pYuUZHehbAhPJj+eVqMBqyyl88/jb7Tfy5WxMk4Ib1xbdlmgjaISZEwK37E5j68h+L2D+tnJx0M2zKt5y87n/fNYE1b4iJx15e6CM1tBtwGpiHVH943sNzorEbHF3YUQtKAH9nBVkVum0tSdPMnQaih78flYr9Ids66JkKTURajZi6BF3uwa8rhhciuKChfIeLrsw2HnJ4ZqtUXDlPeT5izsTJorosHHsCH0ViHpw6vbo/Uho5jd+yf0nq+BxlWVH6B0BXPrH+t4iEMBIhrgxtuCNttwrQfZLfH7nS6jWALZUOCse8wmabfmDWIBKOg3BBATgUqfm5m1VBfBMvCh/YYui8PsJLjrBQmRxT7ePkund2Z9El+yroi942EW8eG1lS/bPbcHzaUFayDHRbtttpFSKrSjOMogLXa6wyxrBSzBDAp9AHS9NJdsnzcSHYruvOKSg3Nj3HPi6I4YJJALOHWtzliBRdDP2l14tLw5u7sa6kaf5y00swajAUkBZ5EI7SbfGalRniFHF50MmWKehxCHrYlaiOHmHGeX7mifoTWKHrPr09P10GPvs+4hQL2CENABRZ1NEULn7lys180F1EvEviV7nrlqJLaRGbaQANC7K4R7dr1pddNsXUMeqtsmchd22AHttoeLhwDkRu6FevVw99dgyE+05rpklAxBfN+CJfeAqIoGoru7DMNDWZ/92aG7UmnXNC4VqXHUalBETlCO9juq3yZ91HeJHw83dbmBt6OUVSvNrrkJMYFcg3l0SVE0rSjM56Iq5vp8cV/UxVlK9Ja7ngOlVpNaAjLD5ersCvfTFhdEdrWZGAEhb40iGZf1fiVRQOo9Z0DQAypfHqiX+VIUt6jq5uGWSEzZbSN25/2aZC9cy7H5qbgfQA1osI47Wj5Jl9P2IhddUbnGSryfKbWGEHN9tDoRmFBP9ke+PyGRg9DeWi21XPPXS0am6SSaOyBbMUehg/qUu4DD4D8NK1q74vp8jc7ulo5zvYnOc1OGboZjnplshWLzzO08JNRyQwXIhUXmq3loIJ1Rw2CtYoFqslPFt+ABXL6/HgbqMq+c8/5u7tYLZjfjGJTMSuc7tgY9t535RLgFCrcF/C50KXjL57OhQzCc9mZfQi0UuicSaNYaaZMFI8RCABruvNp6w2620Qy5stZzorS3HT2T1IoCO0BfQaQs4WZuA9CLaVifPaQ9vH6b2bPz4rYDi8PsYs3IVCI4L68zUUKZGUUgNkuQBys+Js97ZMqoIRh2TxEle/a3w7KW2g3JPy4M5BK1pbXnpZcMVIBBKJ3GiiHnVCta2569SwNaeF4iiiGSocyRYLUVREdfVVmwujKEJtyB8czlOJLo0p4/Xa7mdeVAIB0Bra0Vy6Za+vOooyuP7qxebVde35nP9aNxGdsFvKDaD0voTAEpMv5xNV3xcLk9xFUWGRXUAlvJ6ZhU2AXAXocuisWaewCNrslXutqt23OZctDiODOiYUvq0hj7kwgNP5ssC+MGAVsPhXJv3O7Q+a2WTrTiltrqZtb2nJjPSI1JIGppr93KgOzFApCwiyFK5dPlsATz5263JGpC6B6NXtBJzcfCsM511oMSKsaqRdOb4MkoQnS9dtdze901x5M6P3eaGfP7sFHOlVMLKHvDi1l0R/YoXPbX8LRbPtQVQbldJVTHRZwCuTV65C3RVCajhJCysRxC0mYg3W4DMaDKcskc7xwzAFpcHxXQC2d1SaobSAcBolaPWmmzhJYZYErXOAideD+U2j739rYIBPfitweUCVKBsrML9izyxVU3Nhmya0ZmxzFxIsSn3EJU1eeH6/7AZeAG3cGbml2rfGDJQVh1GjKKF3axXaNMhVzcOH0HZNsgyNE7SkSo11y42HNWx6f09ljtZcaM6tuSua5ZFfpqDuCuycJRTYDSVLyoUdoBujBc1JUt71fejp7Z4VO+F+sBqNf5zFkMEG7EcsuziUZwAbcbWu3hIZ1zkgbVAGoE/USVuj3iDQgBn1HrszrfeUO4SfzCPkZRJj2tGeKY2oWe68pbL/w5D+8eAjFP3Mf2vD8tAzgedyWgxUAuXtlaQKScxB7gvuEo7nodOUL1hC4YOTt587vjl6XnnxNIzblayXUXcPGqBezKvl/PkWuhNA67BvaJsntCyCnmHkAZU606tBgBJdlsZTvj81Q/C3dzuB7Nwd6tiE2wZKGFeSz2hCMwkGdDcOfDJ8XGRkWtr55WLbhzEhp36mi2vLSk8itUiNCQ9PH5enaJ/fZa2lJ4JK6Uu3HCy6XlHX1xhfK6BYalDt1WvS0eKvuIXM5X614XJNVywEVQQLtSwVLbdJuHL6jnZ13xdXOGra/+cgk2JguMdCEE/DE9kb4pBf7GUobe9+QCMl/dCmBAUSJabgWbVMiUVs9qdVuskjy7Xle+SmdmcmzBvYC4DfH/BYKE4q5vZGPYI5dpzy5Oxe7EH4xLllxqMMgeNFsCzYbietYRji+eFptQXbWQDwPqvqbNdVl16xO02TpQhIfIz0KWn6/4UNpGot9ywy7eIwcXGaHTIVaeGoFSHNxMbyGcMQWTp5z0Eh51caYU8+XJ0qO1bx35NDNSd9DEs8hCq9B4N37Dc53D1rnNuNs1s0vDis2z5ZyqtrnWZSq/1U5z83TzIYfO2aUJMoF3H5TFXZ3VVvb22ipu9uT6mQxEzDyyNfA0EtmXdWTKLbPthQU4Pct+YZLA8Mm8L0EEEacm0zdAeKdlWVjU3pzPdksmdR3ydtu6t8gk9EuxPAzedS7zg4wevpZctFL5iMs1VDvjY7kqDqZmMjN4xkene6k47R4PQmueV80ypFwxZlKhifT2uLQ0Tz4DB7mvLm56G2rigvAdWVSHMFhRjBRVvlu3hg/UZHuPZcZRHuJT6U9UrirJ83w6RtxNkw2EKBGsZJ7yabncMivq0VLH8qxdapRCtJe6I3hCekQ+krIa9lCNS+Z8zXlAZ4sUuc3zIHSRljyylW08ZQ7BSbcxEtWU1Oz0BHeWpZ9Lv4K48cHYyiEy5vpN3i4sTZSLYH7QYoTSYSeelJDRW1xXocM6qyRYAf16kRSeKNlbPAeDKyeDad1xCCWsLIG2of3nVD/ZWmVaKaF2ii/2fhmF4bMvrD7Si7l2P8z9x428HhKooRmHuENofKWeS+/I6DZX1llW6OHRkx964gb32CATCBzmipOqJhU3J25rDdxmVui7g87QFeGFZ2eTU9c5eU3LHdBbfyMrjmkoFHGen91i/1zRS09ZHy6H57FsxGN50J9b8ZYB77EvwV2oDXU1JjRmumsf1hp3WLPUvEy8XcbP9hR9vrY1RAJhNHjHqpW8M4+ggMREKseQc4pgssc8Cq93s25udDznzUS2hbvtnGQQzSO/euQNmy6I2ieNY/bMoEcsNX4sscue9WdHioRY05aBsN/N8gL4yA40WkgWrE1Y8F4r4bEe+OXtMWzX8Yx6buZKhDY57NVMBAv3eYgu3YI6CVXFrJ5Hsr4Gcy3fXBa0dL9B34bzMulWF/nTza9qf+DAZq8FT5W7ViTVb/qbtuwua1Yya/JMyZtwp24wMbhAsT1LjQkL5a8R+6tNc+vVTbyqRfmpQvWf0TOkIS7zJ0nTaWhQKC/EarR1eOjoWShp7hTINnq3+f2yKT0HcezmbtFQ00nCRTDXYJbgRJCnluI9RC4hxzKIWy+UaJytorin+Sa57dOgVp/lzsfRhJMq6khIyvxmby/30+oxK443x4hO/vbCIO/N2p8VvTKW9exqHDhJU062IIlLtxA2lvGQ2h1YLeXsWGnUPLwft1qgnKKc30XPSMy9YmttLkETUt4toiyIAJT05kXi74iR8Bx3At2j9s4PIYnB6p54KIiwLmJRytYy/3yKqZ0qPJ9xPtwyzqAZEBreMYESvD/drIXlq2YR44KB3bW1qQ283UVOlFbdo7KWe0o5qlXsVVByd8+wLrvtTjkps+dunslrciez8gNii3i5WUJnL97sGs/I427rZb3Wm012trje8HbUTXFi3zPiuFPotXHzWWFGBNhqP2N7mfQP0CsIdR7Acbfl9hJ0c8pLDd2PXHRoM6OL8qJeJPqmXxKkiAOvyFAkY8ffdC3ueWVR9P3ibkqhqMTlMUfXFBE2vN+3Xccj9o/DCzkr5Tu35uOC3or6CV7miu08y2LgNFsuG5ZnST0+ar/qtQoVqYUmlxNp1TwXHAtk6Epyu+19jG7t7YO+27C8oyhj9fyvqJYnvn90aDb/uVr+q0f9/7RnhV9/wORdLv8ul39/3p/358//vMvl3+Xy73L5d7n8u1z+XS7/Lpd/l8u/y+Xf5fLvcvl3ufy7XP5dLv8ul3+Xy7/L5f93n3e5/Ltc/l0u/y6X/0Wfd7n8u1z+XS7/Lpd/l8u/y+Xf5fLvcvl3ufy7XP5dLv8ul3+Xy7/L5d/l8u9y+Xe5/Ltc/l0u/+eWy8/I/7By+d/x6qJ3ufy7XP79eX/en1/zeZfLv8vl3+Xy73L5d7n8u1z+XS7/Lpd/l8u/y+Xf5fLvcvl3ufy7XP5dLv8ul3+Xy//vPu9y+Xe5/Ltc/l0u/4s+73L5d7n8u1z+XS7/Lpd/l8u/y+Xf5fLvcvl3ufy7XP5dLv8ul3+Xy7/L5d/l8u9y+Xe5/Ltc/k8tl2fIf99flz8/ZsvtdSsuzXu13JZu0+rt3+mfiuOjMI7202FZNZcyLgsvF7+d5XANPKpmx/Xr39psS1TzLpDwZBo1Tb9PBjSI92hKeOrSXPPpatQlzQl1/wc7HTmfrgjdNDI+6F8HBVzup07o0Pl87Vs3fPTq9083rS4fVRD91pMEE20ar4qj5jcaMmM7RLjf5IEqyr0meUbfTePXPwBB/+sHIL7tICJ6e0maaH/zMDXayrt9v1v1xQvLdiJnnHt1Pf2us6gJLtPBuSyaacMhj9OcVwWvQ3TZ8+syfzQR+HYadUry/PUwRVEWiLnqpiqz6NMTFiy1oPATFuOV4yQo1C96foX6/vkV5iVpnwSSpL+QSJL8055gYX7aQPAIk8aqvCT/48+yfP2gys/PpXz96MrPD6rUTxRc6yC7ULyx0ii35xj/2D2CgUi81Y4IhPK5pUM67Fla7dlncIUwIQWtyi+H8Bokyiq8uatdaeyVQU2U2JMPN5e6EK/j8JrnIbF+RgKRqDxoFUHt8b+Eu3rHrjb264dPsbmSMleFvlz0oWud065UZHOpZARsL1LmAGKtZzotVQmNB/Q2FSl1MAlFADF0tGJVVHuNZxh1cCh8blA+t4fzAJ2Wqej7UzuF2KbxoKUObo/HGdbCD/3a79rxcJy8TBTZvflyu1QSlVTTuN9lTrIdvpx/p/MMCddAmIPIblMV+oYmvBf8l6K5qw94bwbeq0djqwlDmoOC1txtU4fGc7KyV5tO3YPXeB0cj/7WBsVLAvT90NKg09B6+9d4Ig3bD9/uHXxrw3+MRxzhXrnXvPbhPoXU5RbK9j9dExy3heOwqN82BayW7gTVUuA8VRKNCWncwt9wn8UezhHuVTyuGSJH1UJtbTQHSu3HOUCaM1oqonlQcG9bNQ3wPHUrG9A64BxpTXD6cc12D/cHXo/hdbEd1wrvl6pwT0V2HMOG13N4H/OhwjniMfaIHrBtwrC6YA9obuP8D2juMW47OMQ4ZzCOyzO9mmavc502ZGM7IaM06RMfFGHpnXa5kiyQC5pojGPVi0CWCI/nMsjhGloNnAmkCdzpPZqBQsPVwJnGhDrA1aYiWi0xzZDSBgVSQ+k/VpOuMYV1QaQRF8N/kJsCUhPMDq16izgWcoK+ZzrIWYOOqLqHVBVsKD3xQ4NtdLxK56ENgIKcxMB+kJpxC3cA/WZNtEtwHtrg4F1R0eqHGEsK4iD0DecMKebAOUOuS008nmph6vZqD9sL4879uNbfx12Ymk1QHGrXIhL35Ob+dZm5vBI7VHcLeLIPj10O6ZmH1wPUGrsMapGRvimA88haFe80XLeFtAaii0hgekEu1wb7tWZaFdD8xZEeaO62iriaRWuB60Q0RVLIwF1n4L7AdgDvvIbajbSZ2iLOyDq43hjTPEHSdBHwfISY1TGdFcRt7audirkXj9VjCUiQxkEcqcCxVHqUFiSlkDdGGg4allzI8QLcZ7FFtKY1C/MI1BQ2qeJ7qvB6xmhjH0q3kAQqUPIzBnLsyGNCTOExe7QvgB3vCRhtcMf+VtzivUwYqC1iduwP14H2NVUgH8XTmAHUfPZ4LlXgnNBaGArStR/HDCgNSTEcUxMAPY0J+dGhx/7QfUFaK0U8bVIaXCmiv26ZU/+YGPvD8YeMnPrTUAvT43WH0K3g0/1btMedboFhlIeYVC3Xsyzlm5SnykhXS6WRdEM+IaHsIf5uv8kZJyCtjLTNh1beYw0ztRW7b1pDHDXu2LaD6yfQXBRE65Gv2JEH7QHKVDyuAY33avcxN++TNaQ9OSfcvfI0EieNZHFujJYW+d/f4zT2F2GoOQ0x+XcoavYziqKpn0HU69wvx1DUn/HSrP9k5KT9gJy0r5EThf/9S+T0B/SoFY9oCuoHdbAR4oFzAUgPUtr4u9NFFX1PbZAeRZZaJcf5iQz6RjYH6oLpHHi1GX9bUFfxH2OO33vQjn25T7KgpFDHMWrmyl9aVtxqe1qTvmwvleuBco/s05VNaJe12juBLyngQmpaFrICJtLMJLYGRIukkhwtKzPoloSk+wG1FzFqG6XX9lgTIM3KYCph7YWkPyYPKZJiu1MJddQWUBONWOE1BsJfAY20/XSfbtSWroo1koDGQxYMW1gaaU9oTaDmyKDVwhoNUglyxf7Hc3aP7oc0n5ruVGiR0VjdeD+nhZgX4V0aa1Kk1YaAGNcMuXCap44tkg13C0yaDa6DdNA6CV1AWvN1DVmaGGIx8G1MqH3hvwlLm4y6f9FPU5G10hDigP2h9RjguvAakPWBFq+dcN80DkQRL2yKaDH1OY74mcDWD63NcgYLWw8b4TNs5TSs2eHaUojFx/0hdaylsZUiRiuFtTSN5g7pDvcvo8f1QE4W3JflpPD1PUIxGO0gy0lArIr7q4LdTf1ZjBigH6FblyPCsnDvIDb91B5ad2jJmMnSwnYOM9I2mCwpup/Iahj/ojXY5Nh/mi9CBxayiGC0qoM97Y35QlokRjAYs6qkhXnBJLTJuqgDwthQAgfAYP5ACALzO2onktrIv6NfMeLrFq6ZHP0O5CeEAsbfgklPFmuAfg49oieH1YSJtyFe1sd9hGNO/gdEKBZGRSY7YehhnA/yDxxKH/mOGGUI8Y+N6InOQQsrTj6DyHygJGjptRGdQfRk9y86agg1o/4C5POxP5xXMExYHcuYhtCwIB0RGkP7C3nwdQ3tM5TRjzn0E5LCiAzeC6ILZ+SbFPEc9jtIbfQfSS3VRvpMsqAKoz8y+Zcfx5BviVE2bEolb9qI6rA+QPqnt/Ba1GGaKwURC0YfEHGidZJovycfa/TXMG/a076j78NLf0wyr7BIB2mYx8XRv7Qw7+B9x7wA/duRR5F8IgSI+9Ea0Y7yJGQT/8bQQ8HocMB7hu6N9gzJPER00/yGF9rURo8D9j+Msi+A1zo7NVMRj0G+ctjpHI3lANHMsj94CN6XmFB3P7azOw1ZC8yLENH1r3bBdH1CoSMNRu8Jy8tLl6x/P7L6OT71Obz1+W+F/ALMNaO/DyTTxBeIa/YF4pr9WYiL+gJxzXJ4Wy5Mnt8hr9n9UaLzcKnN370RTAHYIoDkiKpv1+GvePrG49Q3VJ39xUAI0/69xqAWjUOyt+6fj4Iaw0ZnL/h+kEuUPyOE737uysMuXlKguRH6rUmu8FYh/K2MQG4cF1JtHPr72yGch+f902lMltfZH7ApIs2/jsz+Cj6a/2s+oogv4p/0nxX+pNh/Dd3Rn+G5/f7VQ9YqiwJics9/jUD8NlWWP1BlMfuJKuxi8UVUmFj+Y/5nRfap/6ORfaj6IjryPwXxf4j5/7yTv80Z/5q7P0fvqa+i98SfpQfJ5U+bZPTNpUSaS3oUAXYq/6td0X9bEF9yWgg4PgfbETD61A4HlCnobMGxcGjrW1voHOjQ1YQgaQRT6Dt3Bgg8fugPPrdtX+N9Dk8qgw2BylreJZ+Awoq7hHL8ch4xMJtA5KAhwIXCgdhJQeHTKUicBsMU4kEOywjcIRDCAGwMncVjSNecwngZNQapUfh3CtdZgDmkSovAvT6CYFrDDgRADg01gl0EzHEbRhsdy1bD4U2AAB4DQS8CeP0rDIoBbg/nje+B2pjfzxEBXGE9AlEhZsax7RFcIccWO0To/urk1KivsXuUQMGg/aMfcvZGJweHPq0M0gcnJFAYGYNGHTkXGDRCR2rIpqRCxqh2PDoKKXKSTRS2nubpdBq6hgDz4OJ+cC3DK9mgiyq6Bp0BZXRIBnUMU6dBNzo4AANhDdFyGB1vyJNTQmV0iPBaxrAfC52SKfwbo7nj0PDozMbYwVHHNbSYLsiJx2FVHHpmx7AvpAECwNiJCqY2GOiyyAnQRwe+1dKJPkL26kfrBwcHDMYEC7qmjmuyMO1R2L/VXkEFfP8MAmosJx1ywBDP6MgxGpNEL0eBwY4oP4UicfILri3F4XHUj/4A7Pvv26iCMjmJNj3Rh9HSF50dZgpe4GPoQJETiGe0ka97LKs4BCsS3/arReMM4xyRIy+SezzHbNDgNR05yNhZxE5Jt8djish5ouD62TG5g5xMxHton0f+HGltoyQRO/JiRkyODIETPsipH0IPynM/7Tty3ljEP8gB1JCDhXTFuA40V2Zy8Fh1cj7h2N2kh1gta7sxhK1MOibuoewiuWKtSU41fnLoLQ07xN/C6Q6rjjTqtClAMPItDtm/Qu4oiAJprxBTYGEMKKGEJuJ11Mea+Nkax4BOO0oAtjjQwePgDPvieRUn3JCDZ0/8pnTaGMCB+gk5oh9tUOCnV19yMaWrNBzOw/3YsQ20FYgG2EGeeDkNmPH+TquPckKMzvEocyMPg5fMUaOsITkzu6nfMCU9iTHAgPqByUkU6Ul2SO0lq9hZRLoJ6wMapwnGNoMujLwHdUw/zbufHE+o06RxvQLWERRO1fQApxG0MUVDoeQpShl8pNGEANIWJWcDZuyjtmOATmz1/ZTWgc40Sl7qOMCHglxIHyMZxWsYg4+4j0rj++zhnloqus+kL6Fus3YCTmlhGbRx0GbSD8zUp9UtddpTc5QTqJunfWemgAupY8f+gzaj3v5MP6SDBE34RGMctJxSgdPeoNQIToh+7A1O++G02KsNsmkBObXB+44S0VpqT7zpTGkzhdFtzC/Q3k48AW3VOG9lmHiC+AiOjgniFtnzDx0Ndd5Im8MnfkV7goNVI9/3KMT80qk2CgIyOIhFqKPsoLQpP+kEHLBFKawYfdOjrstaFYfAFQr3QcFLxAs80mdTEMrKqLFPMNlklRzvo7BI96P1o3SjjoJhWM8pOLmN+0xBqG/HlyPiSdXG+gTpYBrZkMn+tygdiRPeo25GemOaZ4BklJ7kBskGjWihY14L0HowbTQcZoc6eEC6ASXR1XG9AyDRt4bxBDo/rmk8zhBP0TiVnL5oK1LjGoNXuhjqTLzGKeCM9hPyLqLxGETEKT90jNJhI61jdDymEbBdM6lxThk1rgnZq+wxBf5wqhIfW4D8oLOoIpkjJz7DPIjS4CNPKdP6UJ94mIJdpErgPsyEhaDtzHCfUX/iQDk13Yf6CMDZqA94yUqP9PRoW0fbBHmCxXQTwISLnB7ODfHaNEbcjvQyx4AX6gttp46TBaOtUiFuMocA475RPyjdiJUn/LWH/ADvh/Z/lGekD1TaEqb+EOciPAvvSWpEi/iGnbAOhTAEDtRiG4zLAAbEB/oYdKMQJlCxrGA7gAslkE1FsvGhO7F+RDyQTcE9BQUHGYzDx+AbxGsXAdPlI42txBgfYd2Ag8rESFsszyjYx4460ZmwCS4i+dgfZP/VNPu0p4g/EJ9/7Ck7zfmDD3BqV1DGcgjBmXCn0+E+mJdGbKpOukGb8Ks+yvWU1hqxMeZHYUwToz0cdUE8BYwBNY4RvJIHw7R+rMdHO/lZjrAtRUF5xBdjqh7K+De5QnYe+zBoXv2UcKCRbhptZ4CxBfQdBrQWaFfoEX8EL305pd0RbsmYT3phxDbYPmK/AtnsSYYA+4F9LHUKiL/GzZhjRmDaYJnFyRaEm9Rh7I/wg9h9BL6HMUCs4QA26q/0Y5nDtP8Y17ySK2o3JThaHLBFeAUnAHDCrYUYFF0bXlgNrnXqpzBT8ofUcUAa4Ry1eyV0xkSKOJYcIL7DeBAFwlEZxriHEw5rcSHRuM/E2A+0GFuNweqxPMEy6Q9fZsRQzEgnzFPDGCSPCYxTMN+pU1mDSH3w5phYZEbdj/mXnfrhwL7+sp24n8p8yMFUNqFP5R+qkPVjv+yFXZjR11MRNp+C4s4rcdSNhVIoEK4JI33BhMkVQn0lkizzJdsTfQNcbDbKP/Q7EL+hx48mHYHmhP2yya/S8JiYV9qpBAbyIPTLsL13kF9BQ51E4hIlsR3x84jDIRe5wpi0tKeEgvLiRWjnRvwD936aV9xPOrDFCSqMd1+JsYya1jNMBWiMOuFouE/dSx/jMhPsHysvnT2Vk2TE1K/XXvv+gZPgeVGdylfET/bh2/6NdIw/7/toZzL1076/bNE3fnnZq+l+xMumvcphsC+Ak1wTnws48dthW7L/xMOj7ZySiGI/JZr70cdHNMDFekhfdeqrVAvjSWSjVXbsp4x+GrLjafZJHj8w14c8IsylTiVDYxtss8lJf1Ej5lLbSV5QQhbZLIiDET+h9aC2L0yC5RaOEbz8Nki/8KOECp+HsjbhoMlnQHYI8ayCfCsWF+z1OFbUHVKMqfqx9AafR3PBGETHvmw24bB48lHMCe9lzNhnLInDSbHRt8T+84j3xpgJnD8zYUREuxbp39EOKtSkd7rJlhBjsSfyvZV+sp2oT4cLIyf7M8WSIH0wnh2wv4BjSTE5Yq+AHvsErz3qxrlgv3sqL3vFkYJusgU0ThDie6vshLlZFeljdA9rjD/Btb2S4a/4E6NNPh60g68EYYd5GSeSs5cfQE392EkG6NFGoPtNSUoB82SHE/b9lAxOJ7uIfUSU6M4m3R28cBIx9sm6D3m3xlIzON9JT6ivcjl28unHmNVUDja2CboP/YnlbywqmGzIqxi0xfTAbZSpnBHpFFxi1k9tBvWj/A1Mvp5JTzLajTEZpOfiiR5Zr7/w01Q8AOk56WYRYU+cMP3Quzh2NdFoSmBqH8UlY3JTt9aT3cW4mMHY6BV/xPuBEq42+3kfx6JZTfi0j9jXnvhz2v9sStSifiZO9CLfUxdxMpieCir60Q68eA3PdZjwDubZ0T6/yhExj05xhIvwjY/HWIP6Ubjxsq9x97r/h30fadS97DvE2BNmC3ASHmMipL9w2afIvOIj6hhnY8bCExxD6cd1292kv6iX7Ya8RE2xF4jtWxzDe+lZhF8OKY7rMK9rGG/juE42lfWpr2IYVnthzlcseiz4wHrqA3th3xr7YxM2ytgJa2BdPhWVvHDWX5O4/qOJmtdzUcwP9YP/5vLBnx/B+G9MZv8HJa5/ER+9enxinPlfmrxe/N9M0f57Hr4iidfTVpPcs/Mvqg+Wy3/M2S9SuLM/axPp/9+Kh98Z29/I2KI2Xxc8p76ct1+XD2MaoOJ/dg8RAkQCPfxuD2mOs0UISe8hwhzPixApiP0xI/DDJfC4G8+j0lCcXcIZzT2eN27PonLh334gpn0GtFsYMWJW/OzyX1qcRhLzH+Wa/sfi5yed/1KbTv8sxP+hjzrXjVc1oKqw3g+Qzk+C12kpyT+GLsJXo0l9wzPTdeIrZT7Dn/+ZMv91DzVPXY0ywZDlxSrkYvmPxfz7x0dmPz5bOz6rPXX9xgdfjLYkfnuk8WHun0bCHPWxqj/AZL/D/v9XmY73cyd/8XMnr6fjUM0+ChWwr/SoOkhjjbwAyNezu1NqGT97+io5QKHqKXTYvkqINOsw9k2zqcwDTHXyMTWWqKB6dhwmeKWApxCUiI3vx3XsMr/SiWY7hZHZMV2H781a49OgyJUf1IMzPpVnq/0UUp/KH8RXKJ8cqauQ05OjDHaZx2dxv7XHfdCTfgf0xB4KjQ3aGKaE85pChjjlh9MGxPScCaG9wv8fTwJmUygA4GdfxtD5K5yLaIlDvdT0nA+tv0L1Y+iyxyEEtCb0PI11GMNJ+NkLBZcLqGO6hhzLLQBa49RPIafSqWGcL3peJJ5SRsEUCrBfz42wH3uBnkuwcDgBhZTa76+jMAIqk/kYAz8fMh6rrCbiUjJC/7iP2o0lEigdYn4ryUpfJWignc7Bte1U3G4M/YzrJvB47ShZaN2vdKnYTetmxpQeTiN0n+iMw9/a+GTruBe4dAyFsz/2C4f+tNScngjN0HNOONz/8UyOMD2Ni2v7MY8x0xPHuExqTAvg+U9psilEmqoTX5isJt20b/spjqk90sGlGOrER+N+InpPJXGv/UShv0EkPu0nDv19v584BfJ5P8fnyT9ky/lxPz9df+0nHmMsXUEhU/51H2168jR+pV+G6XmIAadrLGcqY1PaqW/7ohmUefSMymuPccmXjp8lQSHY13yddgqnst/+/kA8PvE6htq78UnYMfQ6pVEp9TsZGWmqS850jxA/YYvpPD2DA88dsa4YQmHs50yp+2B8fgrLpD3qE8ybONQ6hpCTb/KuCfak+16hXrGdns1B7w38tPfT8/ooRcOj8N6kA7Eu+OAdXMaGw4nTs0+QB5lxn+zXM07TdfsxpU8ofUrtf/d3AWzM71NIGekle5JN+6WXB3UKkY9yMj4LNckXSgtM9LCpsbQFyWH8eu4IlbqRH/I6jkdraX4c+ScbRj0KXuVC1BjqxuVKeG/xU9HTOmB7ekxPjM+BfVzHpaXiVGLgfN5fHJbUcue1l/+hz8+Q5AuZvZDijPrZP/krH6Chfy4cf0PHN3R8Q8c3dHxDxzd0fEPHN3R8Q8f/DOi4YP6zoCPz/1vC6g0d39DxDR3f0PENHd/Q8Q0d39Dx/wx0pJj/sKgjQ/5r6Ph/smDtlwB98ofdYr/44+CLL+oL/7TStFdh7B8vTEUUIn6sNV3curHU848Wrf6rgf5Hdat/4H6OBzm3+wefl4/w31jvitl96vRxPDH24tcwK019/yeLqC/+kP3yryyFZf6MUpgcXeC8IIuxUvpKTX/tt37tpX7nyP4Tv/VWQL+VTw6cvmuJjRyX6N0g2t6+iDZ6aa2K/ico/PjS20RPizX8LgciF83Djin0brln2qxji2i1PB3QW2qL4qmcBfmklGl22bD8jGSuN2muGuCYM4pHx4bWOOhVmBT0kOfz+ZM/z51LSrWnQLjEInrlqQKaVroodUVG235YZ0Zsrl3FC4L0EojOQCwNa0B3eszsSMrc6+G4W3Xozegbo9pUj/u1WiqrGr2PBS4rnY2v5kEvH0KvAFISHb2YSrpyl3BA75pZWOqmUr1194y0XMm7kjsUNdU2/MO7nLw5WbnPLVvsrSLQTZeH23u9xozYAYaQU/TKFy7i9Ou6Qu+Oul7VVndnIXoT/G59vG62aJ5qoQXZXCHjhbxg0eutItKRwrl1cOdHdRv6zn211ND7yG7HB3oD6mOpyVLAQsf9DMnP6w56t815T6HltJFSD+Kcb29FzXb7bi3tD2RhPo/0YkAvujpzh/2eMHfzfbEUzObwOAbLTDmvOvvIB8qwKXiT8qR7zBXWs+IUr6tbXt06/aNVQXMaru5i16A3zx3guPejtJSvbf5Q+lhvsvPSFGxzaT/8huTS1Slmkq3AubxaXLjiYNwuPOnQiMKLx1bd5KwzrKmVYV3X6F2xhI94Y6c84clyHV/Qa9vA4WTNooDa6aR3z3tprQXN4Zm25sZdSUF4d6OtoJ1TZvtAr8krZ4s0uovMPUQvniLp/YOK0sc9lTt6pTTstkiVcrOVHYlqHU2/b9hWt5smuXXZygHohVwrrfTp4Hx+Mqyvz+3QQe9s0sJNnzE0Qaxt8WBeDe+Z+o3JXEFxlPSgPRimfD6egXmPxDuTDf1zRhxpo+TDpzcLyq1UxCp+eVhUrvcEjV6vLtLVRjn2yx0o9ugtvavacKvsEFXLi2iawckkTp2tHk6FHoFeVP1FQVxS177tOmfk0njt7U97ydbtIS8eRpvRR0HL0PsA/ad1FQ/eRWjXQnwWiBm72gv9vpXO3fzO+vRGTS4LvY4HtzLOvWRV2l2NFsP56bTn5pbZ1XEV60d/X2835b31peNgondU3cqDohr+ttZDfkCvk2JiwGnri3Q5dOhlbPczqFfo1eflyhd2SbVf9QtgoxdczTjdWPtHDeR+ogxyv0N//YtLVPVcSvo6NPfK8vigDtr14nEh3ynQDduWTVr3Tr/2SWux9DDbJ3f9btc5esOV7V98d73xW4E7Cv4qlxq+TL1kZxEXpswMe/u4LvztRUsNDqwkyNT7DsRlJ+QnO4N2UqZi7pStQ/riHzvpTGrLJaipy5wJG1I/8bxT8alfKUul2pJOJQnFEB+X93p/vOzPfqcfeqk7OOa8GpIw2Sy1bSWFe0KXhkZvuhTMV7maX9VHNXiuZLJU3uo3R6nYlZ531o2T58Vx97Co21XY8lvqfqxXQg2cRyoX7CX26tMpnJlxeDHWa/7cBQBkskZKj+M+Ca3n5lavO+7cstXhfOSeQUXuvBt6L9djkHLBNIKqQO/amy39w8ERLQmYc/NyMAXOupYRJzFJC2h9Ngy8LLd00FXJvS7n0qzMXPTWVcrS+HUsNfN6vRJyUoCSolstsn3cTkd7tjDLWcp3mtdHOyt6tvs8ijbhxUHvocqS2E9m5ANsglpfCA1z4YQH1wyJAnYmK1r04WCXoDzHRQsIv5ZD9JJc4thoV6coSkEjmbVXzwFNJwsfajtoOKS1a5X2Juk4V5bMrK/ULM70CqzJyjFm4Lmmb1Zy4oVOeu4MNUyhsBcMRdAyH+gbtTwMSSWDpsp3ByA51j2crYOZzisPY8X4W85YzS6sz5wvhL+QnYNmx41eL7THEpmBWJ3XpXkq7waxkPALu3ZezjFRsJgNd88/8T1zj+9ld6zBar+6cltZf5Ta7Liu+Js3EFd6xtjORrHFtSSzkSm0emc6YWYqRpY/7XMVrp8ywZCx36Z0c6qflpnPTU/MDegCFx150e85uXrQXLcVWe/h7oTyXlkg1VuRVrKuJBVnVgyJV6qZV6x7SysuG0+URCpfV6va2e58JShmdMK28S3pEi1fXDePFroL98ZnoqaVVwf/cJELrazv8pk/3pcCoJ+3J08jbXcExayJeJVPfGOdH9ELxOZN/awi/3mkaAvpbjhwxA+IMdKGq07GjuNqA9rmTC633lHUSLld27HFC+TWLpvHml/diJW92yDzZ4NoZ5/LwCAK6jqfxx56bWu7qvRtMbSHQy5H5NWO96ClE7mPkmcpI6V2Ewn6FubuKbX02IzQ26Ad5dH0K3qfp7k9P/h0YzrbVfGYa0XqeIqarRdc+FT4aiNsrDhPjuU+qRu6L6VdbQ3WvbTjju+QvYz5/Hm5cfg97txGHTYDfQzOrn8rVjmyCZdzFpQBNCVKfl4rIadv7IaU9gXg9iwZJNvl5WEdZcd6uLo2t4ZDOq/ljhEO+knxqt0RWdwjegXpmbqfVP0h53l5JLeHNJxVAt8Jl+CkDhm/CH0yD5UKGUIICKQDgfrkwkXmiE0sxaFmOteOOW5znd1k8xl3liLlWV838o6TZuoquXQlCnn3O0o8gIQdAU1Pu2kzD/Tl4ZCuXfSMoXQsz8t2EIQj0CO9relqsQ0sMezByf3b/yPvv5ZkV5YsQfCLasTBgUdwzjnewImDw0G/vmFxbt3KzM6up56Rlp4tskXCIxwGMzUla6ka+ecmeetg8IUEVk04uA0s/wltJ8jEy67jzn+dpgeuP3x6/TfTugmeCbcILtEHNlZDl5z3F4KDb/w7raeMpaTVq9SLGAQNeCc2wAijPPJC7GYWmWnu9v3AQm6rkJd4ghR467oUJaWvHtju2YuYc83ph5ZLkpj0oMD18eujv6KYflmkjzalDdzvKuos+g0tUu01mQERsgbAV+q6xCyr827bflnL5TfWjyN/UCuv6llGbeZ48oT9DR7w3ivLyFLa53sVsJ55HJ8hwSAQBm6+TKXtiqgbeaR7FF/RVNtIDVlowEWeBUx3HLjVk7dpk3ujQB9KarvRKmp7VMItsfvTFNiH2FKu55MuYte4r1mmTLIlgfIlJrMkEg73PVVlAjvfVXP/xjrUB8JnGg1tF3XWZovK/UWdboepX/A6LjG6kWPgqa7rf6OKoAD2uRSLWl7veCjZRwp+v81C9eWe8QNv1BWG4m4LXk+sA1Cdjyi+Ltt1BXjHCIf0wnDMsS/CudIAxyx8e6Inx2oiL22nsnQsxo/mh97D22SEhTarq9990jaJiv3OgeUZ4tRykYVYDa4gYye4x+9VbFu/CJgfPLRDsAKDFRp4P39zBD1jipes2QdE+qqx/kjfRYbdOz4C1S8/zmBGxXH20r6k3av5wYgHIuVdtiV66ta4YfQZXbtcl2gB5MQKHgWMacdftWN2PFhDgmWvKoNJfmNmdaV7V/jQo32tdJR7wH9VCJEun8/ZvXIRF0fEHryL7foFLad3Jkn/rHaELkkfh37xBpuHiwigUc5ZUilnWr8x1Fr4mwhi/wk6fBLb5Mv9eiud7eN3BkNz0unYQJscLAKrxXmBuuQSrEuSCs+FDbG2IPDvtWOymK9k074+X37XDx/o33YsHHAVMOhkF9993uSPE6qxN2H6D3Y/A5Oim+B7wpV81TUOJXAXKOcg/i1KH+pYp2J4497V8XqAV1g7+kKyh/oYmo/h8YkphBDWTMmnkxf8u4dk6v148nuzt5DmJ1sTlqxkQKc5bsd6VHyjiUiTXr00LQKu3qU1BzthNndt95Gm97fl5OP4rF5Ouf2skArmLxegjgi80Dnm+0jecSyX4R5Qu/ZiNlkY3Yx6tOn9uxv6oahDxpSWxKJqgoCZfEegq4CIPvbAoiYE0jwO2wHCT4fUoM2v4ZnSrcaDL1wqpzBi6077fF1baOerJEAJcYGv1dcjqUuiKwIT9VTdTvlzjjoSxRJgdB9UlMEdp5E6t3lx/VTMOs/CRftPWaABNXeoffkp8J7C4PNeWRReoMGX46XUdgr/OEjJyFavreNQ2ZM/dld+RQkxrI/pCOBQDU4PpWVXv2dUBoUdXAt8SR7DTQTwE69qf0jSbU9Yecr0YYN6XMxT11v0uHt5L5uEitWwdet9OxuNLy4nq4QPa4co2bz6zlAfwlLU2phQcCY1cxkcFdFxMcuLMbjf0Sa6XrRLZT4wyuM/L1nSs2Wu+H5WP6sOgdtCJ+ro4kbG4GuxTO2fOFHnc4a5Z1gtk9dnKc4amHr4dxO+8qYdKarCEwpXJkJeS3oUDQZzqP9dyDwJIsdPrwXrM9O2sDirgOu0Gu8xJ4P+ONR+2+kaIYY7aEtC2hjGEhuJ5UGuAu30gars82656rNBR64Ju91ErO8EYWJ9QndGr7RdpTXJuywEmllQFCDHDX9+m9Tpi7ZXJRNhasglvpCmn7ROd7atzrLKDNr3t6WlPjIt62xM+AFkZGL/ppDh+HxiytH5RcPcjgjA0GBIto8Jchi+hrmdiNQ+IeQKNUWjIzzFPn2JqsYHqLm+3+SBif6RbZ260mj8dfTKLidt1mJPJnSr0jPz/OUQuNKyXCnRrkArLMfZF3NLmHK992n6/sY7eafPOA7SM+WbGrpCNbqw5C7HXWc6COU7xJ5Gnzpp/FjnRgaiEgjelbv3B5JlMVrV1rhCkKcSFw5EIeAKXzI8csJLzOER801uMOz6VvHlc86XD8fsnn7ZZRNaWpAE/cUO7dTk7aIHPPQDRzczBmbddRB4mB50mJl3y6l0sTJcejqqMkErzcXz8ktd05EdfkIfm2rj9Tc74ygdUsk8Df7zq7BPQ6cB5YH7q3k0fqOwJNTxwPe6tn79MsLmi6vT3sE8IWxk2GbxnxGFRMIOr6od/0xSWsaSh1eGl5T7Jj26HxQgXfP1Qi2f0XyVf88pXYnxBl1BELRzdW2kUZZtj0KHorg1ry4egx0VauDtd7ACv1qpfQYH/fFjgk7a7CHzFdikoMpLp6Sgr74bNQ7EJGMEUhwAm1aLTSCQ+NEp67LVmlZjICTVoO1SUz+wMsmoyCleIanDFirVqBpbhRc9lVvOao97WcAFDRARFUv3yleePTDONsNiL6ftC5LDs31QoNP8kD1YPED8LPUSwq3XV6aTC1LXhIIJ7p6y4eKrEG7EreJ+r9i4TzPa5evzrGj7PbYb/2aJM6lxF4Z6+iJq9/KbpCfbcECOnge1HrzLONP7WErCbj8Y89hn0qdfU2/sZSmkvrho9sb6Kf27l32XemAVCPTcltFlt2HkM6JqS7wnrPgiGfs5sk3RV2V4Loj9Ip8PDhfR9SvXX4cTrJSX1wncKCYi3ca43E6jbSodX9TaKh1to5hcxEAVSseizu9CfP8uiYeqUIC5CXRg9b3GSjbRC78Bxy8NWyFYYxXko/Sli4pqxIvR2BSnh2kxvfBN0JN4vZjI+OUX7Fg+11UMGPoC4SIPPorKCfFMBnYRelM3DrW6tMq1Ci8izBypr9ZGtbF892JiyKv8tiUGUR2s4p+RO+7bFjN4gWfrvOUfEyjBczTut3w9nRljDria+wAKq9s/kJyQDoOdjORHV5OiDbo9kpCee0pnkStA9SorRl4W1/P7IYPWi2n0GLLWXskSkNU811VL/CxVlP5K42/MVW8zs7ZsW1iTfsXc7ufziSNCXD6yorpKNs7eGQ1Cw7yu6YFaPhPzJ40CRMmi5P0g1uk/Dp4GwK+on6JsQI9RuqQoGnQbYpDn0K7YvAJuzSSjjpunJZvLSSiP7XQwhfrK5OxV5lNwPKDfbfIBYdlRCfZi1lc/tAviCYK0uAv5HTCewyJCTNann7yDeUQmTWzvCSvA2QiZ9jGj2BgnWMWvLlfr52rkGKM+jLVe3oKHzVbvGvnyQU/4J9U1xKKykXlGgNRX9zHfQCZEjPwxY1aXxuz059/4YB4XG2M7rQ3iqm9E93s+W3WrCtbjCokawdQ+zR//YTOETLIOlVYI59KrAlmIqELQghfnFPdLXvnYMquUOC23YnnldeGL0CfKMnQtNJKE6Ui2ZA9bT+gvAM4fw/NN6AbwkCBO0LrwbPDYZxAlnbj1abP1JdRuSvcc7VHS7+kcpXSF/eVQQo91DIigyGr6L20ZWtriajeUAxruPcDUWKh/LHBrfZWs38zHmeDIiOVExake34DPapTajYzrF+EWS+hODakl+nCwkC+Iv6+pftm80C+Zs8HNmDIfXSkPG3A8sjvOuwtfsgUMzSW0jCPuC0O9UvoY2ouXwHgm4Xzw0caKaScDJ1kDtKHnnuR+4efoSUMLoCKctKq8kH8UjIXmu8i/JrwyAFPgEJgu7Er9cC6ix9LKdf16B+omUOYy1iBuDSSEKP3L85fvoeVZ91RAAgY+IqdXHRRUrFJUHsnERRks/xT18r+XYvAyqW64+aFCOzlcHwYmV6YyhAxGyiJ5SWUvm/8dUAvkB4De2ZQ7hUd3Qx3FC0dN1xVIN3dsoMCcwKuF1ghm9y3oiQ/lL04ml6q6+KXpHfE7CPox7JcNgIQnY1XXP3Hpan5UZmrdfgFM4Wo/lsBIuchCbwhLsUhCwqDiqcdyh91mEYt/JMuZGJep7WFxpa4yy0r/C0qeIJfbAZgAcH+qpMBKHu75WL03mq7cy/YLdngTC/BiIlBqtMg8z2PtQG8nlMiLPAOmMpKJoNKWKO7tyEQwcgaMfEI705qH1YnJCMRNUjd0rFEUmdbHiU8wX6/STZ5Qv6AG5WCrwG++uzvHT7LQXUh/OOCQEhAGjeTYQP8q5DdF3bNXu1PwvcNg8qx/vPORZHUVsNDoe73/tWch+/DRKz8vlyCnHhNYAt0hpVwa/4D1pFuL7zgneTykReKhyLLojlcvWTehGEEUbhLBQkmLefHZMb3ewAQ94XX0kMS9I8ZywArWrwhmR1AImWuk2xGCIdwkhRBxO9nOyHDWQoBUj2tPBxQoPSX/I3EIgc3Lu0gbR+cOOWTzSizXDpmmajLxQpzWosRU7ANnx8OFrAXyCfeWBR34eB+SDtI9G/J48SQG1CcWMCDjaWOJpzZvQNIORdYnkHsG4XoU0EZiBxhw+TnG9Htg18eGFsVj5PDyjeDO8jHHkmxmgrCXZEjtlX6/nQ4Q7gOVk8CzxaMYK4zB++QVgxH+kPubrcUDJSS3U/aLq2nUZHY0ODvwNmr6/nkMnWATS92CQOBiVnuQmQMIoIJOfv5A48s2v0FxQOuK9xmMaAROH4/o3hUA2d8CAe9FW18b8tHj/QwafkUnmle9/NJnsKBxPKYkHDci8IDJVj5ACkeGPO1gs+1LbiG0n4qC/xK0/NrtZE+DPQifFzcJa05/2cMJsP5xVsTU/G7PsiL6FdYtOdum/W7hh+NlcBtyddT6hRqD+Mu175QUvVU+9K5Vlf1dRoYL4KxGhpmQExbePYXZFNdhV4RaQb0A+mkzD9IDpRdpX+lLNfefR+2qDxs+IBZGxCvROSDTG/ro+QgD/W6FuxleqVNSrNLFCCa9Gcp5LOECDjyRTb7zmpN3TqPB3RU6qWu7HVeg4dy4LiIbPxGBjXR7INMqBTs3+9jxlx0bIXGSDgDQyV+EEw/2yc5Syk3qSnC4tRnsU/WML8gS/B0xpU9oaExTovUCHmQ/Z2I3QT1Lrf2/OtK9cLo2i2u5sZEu7pod3qbYv+BdM6ugBAcwCXth4LMhRDYCSp7Cy/NLJVpjdCU2AENEbs5zCiTxKIiN9trALyRbP0z/shhS59PLl6BeQboXnglufHFJiq1V2d9rlBAJqDLlYjh+YcmkRfJyifDU2frBj0RA1XLOhRWDYf9THe0dM8ttd9lgt75lekTWrjO7I/g2I/AsF59l2tz2Y0rbHT9tUFUNptAAnnwahBZTErEf1Zvv1v4FwRFGzSJ3SzC1W1frYSlxL4ZXIb+uo7h0Yq7/bjOuyHi56X9GZPihICkgC7g+4eS5FED6i4Yiijc+p+GmlKb0rwlu7WNRJSHGp/OCuF3lR9tuPcquEGowgyFqiba9LhMpyS+OsjtxuDcmoI+IlN8OC+RfgRgjOz+XnuGnI1NVglo5bxXDO4yy4XMTqIcfdTulb1ZApP7l6lKPI4QgEvW65hnQVlB9USlgfA+cRAlX5CkohSIfXth26Mr9pgO1tWeP8OJvaQjzTyQilB//u18DLoRPvAE2viVb0f0qYAM2EflA0QFVvcDgw+eP+TYBOAMX762cNoGhZ0VGwRyFv9xDmluhkoE1WxaX9oXP9y13drH17aMAgAVeqUrC9eOE9gnLm5sw7asqHxXqi/++Pw1LMldKs05D+isEg7ooB4mt2y4PC/26BWf3Ae04WYUGH9IM1T0DU1VgoOtzYe/w4+oFMDvNuO+8UPvMkBhnljVnmMM7Pg1Q5WazVMYLKyQhUakID5jEPWJ1DesDkKVDFTrGS241B3wB8GOqZdChbOq1f/JfzqOdT5+zMyz6KU6GNJVUK274pwBkHpiOOQ/vvO/pX6UcMYu4x36NYBfqkqfGOWe+lD9urdrU2UA1PQXK/kwLHq2T/rnzD3Vcx9EZJ7BXIIGP5JMekupExHDUKbmo1ofj+IO+ML8do+b6dlYcBXfJThPAVyRrh7UKRxUg62aAqLmiiTKFKwfHHwJgA5mekEXYXf1KJA6oVv0y97alNwM10Jy5DdNFvqhKjtvdAd9h9SCIf28ELHMDvqhnjMWAt7DP5UuWkcvTXOReNyqrZDgyYV2XNe1W5fP8dvMn8aakAwXrraz+CgIHaE5UubgPf2gfT3VrTN6oRxyXvz01DvWL/Hxuj6fEa+BvLvV5ruU1tl6jyF5H1A47UY2fHZ4YMMuLRerj8ayhM/uwdRlggMs2moa+H3qaevcaFKazvDRB5M2cV6vsLvWd7/3G1IFfIzQWNxBEB5lL4FsdUvKDKQgW3QMZcUUXxEVB7XiIqPoA3bfy6eR/nl9aSgtz5NGSRanH4NniR2z/5IZADuUPly2VBMHqEgXdVLSPdF4Aa87PQxZAC/NdBNnXLwGeZsUj63nNlePeC17ey2TTEqtXJ4JIyuyYNi91yR0R18xh0GZjjqTbUrQlKPEkVbRGHw3hiqErPOm+JN11Pj/166B3sBLXy5UNLAr+au7ViSAo/U83wboBaoUbYodu3V+nE58qWTB1IU3opWNaXc7zUu4BUfnVsfDiTqsg1IKkdAppqGIAQ9xP66+VjVPfadNxTyR7qFvvmFLYM1hCcsPhVHPpiZTvAxS0WiEJK3+/gXPiyX+ckPnlAFZ5vTdSHBQhKsg8fTh3j+WkM5WJb2IpKP7yQAL7NSD/06ffTeRfXKjPKHutRzAS1jCOpIYgE8i4kASITIEB1Hsn3C81goxbSupQyt/qYW6rvqQPO9HXpg3aobTThx7pO+L5Om1IzCEwDJhfKzkPGxGoBVRN6HYLfjmGXw5ngNinHymQ6Qqs3hJnj5L15neIQQQvWbeUxn0Zj9Prv/jxBHRyKkCkKvoFJDZgAFYNDNsMLAbeqLl3s/EOWQ9uFJqc7HlR+2Fh555Q7CqpstK8k4RN01FUSSxMzsh1xIETE4ny9D+xbSTd/MOgGJEkP19xyT8gHXTNJRlIrEv68ks9YsiaCHc/OXXeyuuj2ux+OmVnSr0JfS3lwwnfIs2maV3j5bWOaHG733IWH5BV0f2IBNCjrKED+U6btfUfioONTkkblFcj5gYTucyL/4tvh1tW7o13n17BNMXUAQRl1tbsR40WtI6Vv2BRxw6g1T850Nr7ZYDwkaJEP/ONaJ9ff6orfSHliI+kDNQ0mDcIg16reimywW/ZKfCKJEB0LQcR82y2mF/4dnogGD3g3GTCBxL4qiMyYCUVxVRF1VTtijwexsjyQp3yKt8wZFrOuHI4wxpTIYqyE8prqCIfu5VGqArR3CQ2TWYIADtNY8LwLfKuzWgT1Wu5o/Pzuo1FDWYtnug7DdIn2QQRmM/212MOuqxv26pq8kUT7OtQWCHAymYywKSZAVWaJGwZhJ4YJgVVLdSpM9VEpBbR5IFUIvzJOde+lxNQjxH3HrWkv6OJumPLIAjDLdFL5HGQSDx7EkOry31qI6mv/IDYXcxjEpoJroXmn7NXKKdFVMLtOkuBkvuDFNiox67MBy5wCpv6Q5IgQPiUMBeMmnZ+dKP5u3OC/KlRohZXoxeC3zrNu3eb08TmQRuw6ghyklccc6sukbDRKjD7i87LWZVqqlFV7nSu1F7YuNDu2EHZQvWAzeAE38yRNpRTLVcYHta3LEcXuUo9kkqofzAXzPyRPAl3XKWYFwwej/sYNy6Xv59+pptHCo6yLABzJnnaRqe0U7miEIOxNqQdO7Io+0LR7GzAtZBo/GmCdljHFGicSirfQZUDDe7tSw/cpQ+bwBGsITwYvF5OQOpbbRChZj/nHxkkJSuO6tVn4sAXUMN0APu6SGHVT67mnYOF4aQSsZsKu3ex0tbcNpe/1gIcD3PsGFl/jGGoMnz2h9L3F4PO99NEbQouL1uQU18z6u5FtCk/Gd1sRDArn0kBsvHWiL5x/P1BBnVvZBM0KWAwchPrn+BjKfH02IFTLoCG4yGtmRbVkx4QVqBmLaoU3CS0bEC+IGfukbjxsjqrRRz0CwA/HCwIyCaBKYIwY80kNvAgMbqFV2kugUV5ZidDvAVF8Xq7/PJBxuLUcDBORmcE4UfLLpdWPBBNwrx8p24ckIQafLVb6BsiUmLUhh5WjLa759dnVyp9la9mOUXswlXdOQcZlxWknX3ZlmcA6clLmI0FY9YUjs3pq6jBjrO7IlTT9XseJP84Y1W2P4u/AFWGj1NouyPfFmJuskws/Pj+TS30rdRP4sPqZDG2syma7tv+IbuEchUdOYU7bOKTvcwRQinzVbGswNFsLYQ4XeLqtjiMRfHTsGzKCxjbcn7CSJpxcVUFiVkhqEm9d+Lcw+qfbYZlUOmJvx/yXJAYgrrZEaIY+xKhCjmsu/vMFdDEUryRhTiIpd0q988zAWIi6BaY3fBMaDHE2WFtvCCw1ZXpeSw6l8n6zrLbNsnBl8FO5Fn7xt5RALHP5HQFJCSm1FM864MBtSBEQyvVO20q3B9XKVy274BIDfw6x9FQHfvrEt20+WuXVvbcvrJHMLCChnWoUd4/h+HvfGXqlNA0jdqpFb57uPQSFanpeVhb86ll8oiKd1AXz4+WC0uQFmJIHoongTC8ilXUCKz4uVsMvWbPuo9hykdjt/YPmaZP9UtYllegb6uLnfo6TR1tK2U+1D1c32+n+uqK5VhdiutjNw7wc4NL5/cDEg3FdrDpVOm5tPsv5UZBQE+41mJNRfYVxy9x668aOsDIQdRE4FcE9StqEOex+ShBDkv/drKDsK7elBwETck1MW3/+oXZw83g65qD3O76D7qFcMcLdQe2ZJ5rVd1jGLB5NW8SKIb5hRFAghm9XeANXMQs8zeB1cdRvfRObOodbGJMuukznOPkaIwogIlv72wmcgwyOlUw34JHveMJFrCwhOnvYfmwrSSikAz9DSLAF487RP9RMgyeq5pyquevNKt/b8gtGU8mrxlvFqjltUVc6Gn7Pn7szw7nWapYN+ZXKfI5lyOQmBA4GPC7QEIrVlL1zUhPfpL/lmFr0cvFgxQPIfeHs0VUGC6LhEDcyr6qxaIh86eIj9/BdTdqTRIys+sF+eA2XqZrE3jOnZAHISO4akZr8Kn9iExvpr4ZxgE/+2KAX6yTXHUyYIfZmuu9LZan4vo/bicgY+MRGZacIwcOtqLihx8zB7TGPh3aSpDQqI4fXUPuZN6UOrN6DKL24Jb2YErY1eMH7xe+6+iySKICUytGx5lAfTH5JlVxUE4OT9SUIns9Pd7BYRJ7S7lW52L+PT4f9GrgKMf4UoADh1UekdUCegbhz5NLbGj2pW6hlqHd5ai+aeO2R7GUsAMq5p48fCGjqmw+TMbZDp8qjl9HjLOwuF3bJxLCZhmiR/BLI8DoTq370Z7oT/7aknqKyUsX7QWW6l94nORoYSfAavMcA/z8YOdXSxxJCAO5L/Mr4/yGCcJ9eiqsMO2Qvr8/v5L25/P5lvme9eItlgS8boiejC+2mTPbN9lvOIfshEbeWmTMeXlIs7pMpkN9NFTPb6NOs5sZ2YO0ffopKvkywoNImS3plV1CmZd5shi+/PG8sB3IMzlZgpbEl3n3qigXJ0UkrMlWWg/4INI7ddjmjXwNfOMIrnOb9I5MQE6VsQ+N5yNvFKhquPZRE6LcQIzwLz0OulHoLWcyP20VhDYag/jImqVeVKpB2511iQNj5zSgBW/MqnTR+qy0zjId0FJ2NaDWTIsVtXnE8z3YT8DarB/MHypVU1iVvz2SXCGgU2o+/gjlg/lppCcL7wUjM9B7QHymaF7JxwJCl/rYoq1RIAAsx3Td9EpSjVyDmtod9pf91+DIvae/0PPS166vxNTkua2XpkuyZVbOKAjKCyn2Y6DcJ2mt9SNA+WMxnzQfxgauLW9rQstWeiV6nctPXZobGTdRcXj1xfEBAkjb4/BX3C7qC3Rvm5JTJ8KritdXQAZ5zlC1lqA/DFSZyUFC4v3toVJ/LOfe3bnLASgnM2Ec5j++O4AUeznFNHOJpuKKtOo1o0BaUNsjRM0Dhjb0OS9SP+M7lybfRtxHagn9tPwAIr+DF0MiKMv5AjJOgJlFeXingbA5BdzuxqLD1mNuREd8r0FrlGkgG3Ra3ZW62ghFO54M58Lcr192gwUNcvXGn3WGpTzLvXYoT1X/tJzvsI1uVEiUdhqJrpsbgKBWhmiHovRFt+FwK/pLdXhRT2zYd0YwUaKSbdhxAK8ugMmFSm+701RXIRYbnp2gZZbQVa24QcqvS0wuwnmQCQLr0OHVLYrsEdqGXqTsuWU6/kGV2ueBSNxtQZnjtQtZRmr/cNAzyksHhABGR8PktxX7sEV324i6SuUfPnNmcp+LRAUA/zfskjEu/kD9Lbb6Tq/jyzYtt+4Ss3CHU7xBeaE+RsjuBwTMMFdf1m2swHPyEXIDbpIm5ElymBO0cZ1ZzxCerdLYskc4ZXWhWZg9FuHGP2U2v7+/SSZP3J7Stdvj5S57W7AZW5olfuTtHwY9VNjgeHnfzVieRfh7FHQNEe7zuj1LX0yvsx9cv8wkWwmE10TX3p82FgiPBZsihf6DQFMBTxjELyooVQlVeEEmV5hoi1ok9PVLM//pTrDFbBhiO5Ge3JAMQGzCgOXMUVDhyB57QXQdoQgWrtZVOEdTDq0Uo2dB/FPVi4jPUOADwe80385P27cnLKWdy0dd1mfJsNa/ceIXbukLnzPk+MSpDbIgpBhCbhNuxzWXP3AUn7ZWt8yvGW17uorgxykcIyYk6TpWDmaPTGwajXC/HzAl7WnpY4cwEnwbZlnmZmdISd+BPRCuuDSmNNKcyBO4RU6IYJZDN0LMfcBeczSp3ZN9QtKqgusG4GCxQJszU/fLxCjrXYP8gFcfrRiRt7QHonJb7XMjP6izejFSMt2Ks+1iNUuK2/G5L47Lvr2hcaJ6SQ1N3qasm7IMAvW3Wn6GocNl5SonBu/kbOHwG46iNeVE//N2m5ui3Fvog42SmxHRjzjrPZ5WsCzTV7yTL78I5XZW5FUw1xFRSCWYaIWbhkn+Lk22cFeNR/SmFMSiVLH78vTUOIKCUburVjSz+3DzV6Cdk2BszF1Vk1IaCnIqVfAssZGJ+V7XX3rhzAfxzKRJoZzTvC9t2/parkhgicy9M2yOXdCkDIzdJIPiMNqPN5C2bqwtWVOPrAeHHuwYpsKkZhHhxzmWSJTIfJdU1k+2h1SQ4bWXb2gJU6lafU0JWJumnE5HOknQup7xCtW3Mptq908r3LpdsyEz49lEMJBsv1JO2164+sqielnxfnYc7WWkHkRDh4cXb06qe7jx/D7hgnBrorIo//LFb2iaUYlIHpjNkxk0pESdrQjAqvjKoimLlwxRJpr1AolhMtTk8LbC6rOmSnFYxbXSP6pLADwuflPobrWc6+4mYN+eCUb76HlZ99UcNx1/CP5WLaqhRJ4qtD6pFq7EzYuwuExPoxf637aBMqgmEVbHK87qGz5FEv1MwDFzX/+I77JVuvS0vw3g0UX546VqTLiOHqUBG3jgicp+0McCFQi47jueDjeIw9E41+WeoW9LI9jSn8YQBNPnBzW1nVEOHUTRSXYKKG7WxCXG7cROtMvoegvxkUr/+eFde13+ITt5B6NnI+wBDAWf1EVQlkGLaX8I17+CbFKLopcPJ0RdVMTr3nht2Wr6YWzbrn2onKoL42cIwdEMjcPqT4t9Ym58voHNJLZ00bQq72dpvdzdGkNHRmNIC/uQh/GJ+lLkYqzB75MYoCzCVxz10i3v5BI87tdFSRzL1THzFAna4WCTf7wpTL8GSTVqXo6KAme2CoujosGmVXMsVT6TS+aba9fMByP553pBSypKGep8uwiUjjf3kK3Tl4RHpu5d7DfjNyyQkVf1NQSTUdeWa5jx9yI2pkcPmjHL9XNJKld7dleHSBngYzV6H5XYJWYplndaVOeOx8mN1i/7hD/aB5WF6YP43IYi9ejKxM9h0a/rWrJxewoXQ/l+TY0EUiGWkHyfaI0vy/6C3V/MrpMnG2KUsMsMeSj2dytkTTRBbhGOx7mF5SHfxrT7yKt+oYtvXBjWcVVz+T8wnb42SFrImf4bAbTbxzqgETW66slLy3OY072hJPRMChRz/0GwzLSi1tQkPG4az8HEXhTCfAB1+6JMzf+t5OwXqpkGVwH5JbjtJ0B15dvJkOjxFHTMQa/NZ2EJD4kt1CsSAhACWs5/d2eEqt+kTakWxL2wE09D6WuqDdEcEOWkGYL4cBNGQgXKCLRN/yt7TWlzCck4NoNcOthASjMvLcT49avU9f+6tOH/jm3BBPr/+S+n6/83d6xg/83GYOz/WxuDsf/uyIH/l1yudOf/4+/kgnYa/0ffZmu63v+jmtb/sb38Z21/9/9j9qD/36BZyH/ecP7f7Df//+2Gcwz+/4sN5yT4bET/bDhnWuov/oON6ALcczbEKPZHr31JOcDtMC+gpF15CIKziH3yG479z2Xp74+n+XnyCqacoxJg8ZjVv7SvKl+G8Qm9bevhxzh2sOH0ItfDxiQqFG8aLYca/ce1XrLt5JrRe+Uss/uKIEcFvCbIxiDWMHIApppejwy0QH+SJRgTWFFr0b5yMnDoDNdN3ePn4Wu9g5EElhYW9oJ1ZSPQVvZppicsCCmjXAu/Jpa1g/nPNljAokLfDM5GPOkvvSvfbmYLphIcWmKgYo1r4WRYk7KzRz8MYdeb9u3rl6Vp50VdPh7EUXx7c9S6Fxvjn6ZotZOTAybRvvRC13ON6CDJXLC7PrVcn5LPl3wVLeCl/fxAdd6aFGex3zW9Cb4dXNlLQE6sfXnTD+sU9BGS1XAuTYcEeQCZtLGjiS8BYrJwP6C2h6WbZ0ixeMynb+i8nUjtKErFSyuHZqovoZTB5hfTPXO5CWSN4NFPt11Vsw9tPTkDYJ03k+HnPDFMTU+oxpF2y4Vvz5t76q5+ELL+y7UgkCGOLmB7rtm6ch6Ds63thIzkozF2mFxBWjy1nt0cSCK4lrgaCmr7vH2eBOfB6YvhCrCtKFRGsL6gu+KEWV+CPj90p349gGIeoAePV2wPH9dt4zzG5KFZPNWyoCw13o9sXt3n8sSa3qcbk58rdX9wlp21K7OEPJW6UapzCyFn5zy5Oa/+jiIQz/Llt4mHCUMwOlu3bQ6SPzojpwl82aRKLpxUEf0Tx4aMxwD2uWGgd4m4UzeJG62S3CfE2+x4MxJMs7zzKDGLyQxxm2eaAJSqFB+lZs+aZr90i5+9OIqWKX915EE7WsNQkDWVd55GiT3vhjJkLRWsLNMXPLBa6DVZG/YAFnboBGNHOVjRBkfFC1VHCDthUzN3fY8lyLgyIQSL6SyRt3VZWQwSZjho7k+W5g6waLRhUWXTtst4UDCtPcl+StQdmr+lm3KuWLZL1Fy88Z7ruAnkXOXrPSTs+0qr8tiUFm9CUZpH5i+ROuNtzOgqYpCboe7rGlBl5Xgi5AdkrcdH/zDpSo0qs47UAocWjo7JC0+sTqXqdWBr9BLIoz7Q57dToe6D3lHLJUvHlyF/WxDFfHoaJvorri9WezGrjHmablG2zUxrFaTsuW6pr048o0nMgOoRJ2bqs650uVn/SlAY3x0+1qY8+wdUE4TnAvUQmjCQnamVMu2349Os29Vfo55APyP+zSn81IxsENkcHJKIvijyE8cBQcz5htKoIL96NVYFe3K0/FexikFtkpgPE+WCDVQ9fXo0r297Opg/Q6h5xmBuGYrjIzQQv7Qk0ow3yOQvp539pA+0xr+1xLscw9FZ0J1GwksmSdLtxpx+7ainNJwiFtIjTBvLyQunyLmgCMzQ2063e/3FTp66uargrWiiG5LGdZluWHuoZakQ6ILhu4tWLyc5nddqK9b3269tf1m/BxKSazmM3c3mF9tf7ByOEV9eyfbCxOcWwy9LDBzF8twtHl8eXZpAsAPIT41PPkwgQb0YzcI5OHt+hBxiSEpgCxbGhRRiOZw1cGH8qOPkEf7L0XQ9Pk37YpZUCkPNHFgy7NqgVZOaDlE5iOEgFoLU+uVgBSzjrWF7Qq2E8K23lcnORtvj0iQzVJ1Z1W5FQ2X3q+quakCpm1vLBoD0Jjq/n7rJmHpnVJbNeB6SFfJlXw2nsdYmX2cdoUj1cudGVN544DRmzR/kxsfdfMkRb+TeftVRK8J8QHrMOXz9OlXo3TXvIb9Yrf9Oswx/aslVCwVJAYn91OVtCUOU8ZspsyXYulzabN70GNDBr78nB9lxZzvfzqiY+SLchPQNtvr3wfYVujWEC7Fq/TptpwmNqZhtmn59LPF+vbaoTj5Rd39gZtRTZQDS9xrYbOdGN0ipBdYNyslu9veq1giacH4jVmTO8jKl+BhAnOW/UQkxmNUYzERwca///DI3HcYxpalZuryJ7WP1tKe8SX1VsBeD/X1U7Yp6Qf74hxOMoFQVr337Lf3sHky1/s6wu2Hqwfv90gaq8InUXkqDNlmHu5NUPJ+zF7WBBXZ3Ukaj2tpBfIEFgUKMqVM+lX2kLyDn+Y2RmNtduPICikM+wAGBUjIUKkubLme6zksbLgzkE4Fc+YHhbVCoBdjyCxYF8nE4qDnREHXW9LYYuwZJ1MhwYKnaO9jiVJa78oHHbEtSwKhpXSKzL6lQgwCqTTNcOeGhWSmx2WKxc1ODwRZ0Xseh0CFs6LaPBtcvkHALnEsdKxNQdBeVgghsLTJ/rgpWl+4feA3FXxR+aCJ8flkxj5ReQqI0lebwxeHHNVP/mfgjogqux0PCtVKEYCDTwHNET0SsH4fcxMNxZspBoaRsLcrWwJVjAj6qjnCumqyHrUWuzmam2fShhkRO843kGna9PZ+D3b/J7WyQmH6ctDMWC7naTMzzeO2SXR+xfRrOVzuUwx+KE5mTHh/2NA7msXyllprJrx/ED4I/jvQ4iP4hz/VRqWRiUlPobo1wkuJ7tl7EZpcCBQa+ii+Qm7O332FYJYmeXuxqL9uwXKXXpfnINRhYAObCN8i1/6T0fNaqeMdsOFvSLz7MefFhpdDvDrPg15SkaSZNUf8ocGAMHhyxT0EIDvBK+JH2Tf80mG+uNlZJyidnYgLqasNsvpjizYFp5fjyNJKZYuexO0xeCXe4zxfoQNktuLKu5a+DtKfQfucNasAhYc1Yo6M+AdATE147gRI3AiMlTkqf21JirJBWvCwVcn/uw3R6lI8ueK+gxziAr6M+xGmVGgJvlQ0U9UIeUMAhVlw7YgpFK+zlOmDkSISCUw06AJCVirDOx+Y+tbHQW8yOthwxDapMtS0w6kdO6zHk3sgdnJnFeUFaru1SFtzCCo5c+k330Qz7DButsOw0MMcsuWCLPKcOaHEo0ARbkzrS/JUQdHmU26r5maOAX5ar4j7ZZa4cOVkifFJrcEzYKpvqxxMfsLyox/U0Pqe5C0I9SoZMBCcEMQ8ww91QUeToFDI+uvVOJuWgX4RgKK9yAXh2qRJI7nYWzN1dhWfco6rJD06TR5n+VXRQtqcYkg2sNzH95OGGUf+2Ce33BMCnuKevoxAJ4hc1vQXTpUEjtrU8I4QlTeUNs9CFZO2IhPFMuMOokpCHQDI80/BQpmEw189VRd14BNEMJmIjPtQ1NmLhJxPWX4MNJZh6f1fTIIUIFf9JfVz5mI0PhiR9CNtRUlXDbibb03zdhu5g1pEaTRSeF62S2OpqHg8WXLXVeluWvJDdy00wCEk04q4sgqTqaGCh+CiVuPoC36vZ49mUsLTKKyTcVwVpVVIe0qZsrYO55c+t8VAAhZI9Ylx8DV8HP64SSZ3aWv9U9ncfbbDaftrku4o8JFhAzFiF76tOrLbjHLy/Lfezr65gDLdfv1NZFUXxl7h6R1u/q+o+8BGnOEFmlvVAMyVBeLoRQTfuIiGVuwKm5Jgz8TkRSLFB1ZJJI+uHollodQrYrPGFDgMsSEsqbdSP4RmFbQo/SVauqZANRJ5kPQBQRGRg4TEaLCiiqc13+d2/8AVHxfMbq4M0ZueADCIhR9MjfugOEwf3e4pQDPIgS6WdLY6HMqktOrJqBOYxR2mFrbhbAbtZAAcKqRcAQRi8F+lwICDXD1UBWoVtOYncdpIfabSJV0+PMKKIOhFt8tvkfPPBZar6IjhVeN03NzcHuy3IQWEzaPBOun+vi5gig0ah2Ysgo80/xQVX5XpDV4r0sEiFBxRWH+7n5IH2w7TZ6wVTmD+JhWFkac0GlRzMhv9GaY2MlMBgzUIqANAt75Gc4kUGNy5K3BUpP3DfJ9NrxFyYkZRSlXWDNYjDgmKRSG0F2MQtUK9ciM0mpG5LVu9Xpib0eQPEMryoYqH+DtUqKQSkCzc/O71yR+qbgCN/xX7Zb5y/1JHl2A8gn+rOngcfiBJJBAKUIVGPaEBRx5dmm+q5NS6AJj8W4XzMIy4JzVqBNlB+4XYlALBJB5Ek7xEYAswE7a30QyjjvlHr+Nsoi6NtvbDQ6+8UE1C8or6HU6egAtiD+AqImtrj+d5VyEhBHupbFCCT7sEslBWmxjUfC1h3kx7wp+iafy27ZIkVyTsCrclU+tvXbo4U8D+Xh+DFKP853O8DAZ0bJAhom7PeVIVN0N5Mxvegv80p6Fxn94xNR33O2fxOJ2hh0mytftY9chhurgKRBWvCBfZz7InDnMxixawsxgmtSmenyRzXmvJS0T9rnKXylPxnwMibd+N4yNfODwXj6tiGkhyDmuivMIFNGKwcSw6SWN2KJy75Lc+S1p/RNTEqbi2GPD4/cjy9n+WvNUBn37HwoRXl6iKG/jKuyqutSX7StND6NM3E/esVXcUCf7KHNHDiQmgMj5u7DP7scegc8eDvpQid9D//yJKb0SxifknkNLLU/DIRe8yxpuRB+Gaw0pvD+3mA+kLkD7llUHNsfrnkrJarxF5A1zZM3YlLQ1pn7zoL+C/b0rXMXXcixrj/dcT/1aryTbr/zTH53hczXfLUW/LWWwg8/8uRfi9EAdVC7JHvf7fO/q83OGLwxIgyv32aMxit88EZzEFoMyQAh+q3//7+//z/7944czLE7zibTyHRuHZTe35jTSJSbeJiQF5HIfZD0pKX1tGHXE//uR32fx78P/fl+71XHlMhOafZkkc26v+WdQxTPw0O0DSMD91FT+2W1f/cDl2/87G9z+CJqP/H/pxF9JLr4ZXvTX3jm+ozMfglIfbJb9An/n/Xp3dO6f/t2EpROLWHf+eMbK3/3A75N+5udpPIODIp+KQhtQchNhccelss9X5OBrNX+hx+XVAE5I4F2dB//i/a4TIYOvMheHK4P7IOhf7dxvdtP2Lu9z0PeMf/xfOx/z6bwRf0fgbPXwZnkxryN39vJPyP/UD/o4b8oyX/ehN1v7Ee6NLfaKyO/3cL3qs9QKrx/76Fvv9P8nhb+Bjcefyrj8l/6eN/mmNL/Jt/3Bd7NAmv2BF7MI//jLn7IvrbThI189uOnUZNnwkNn4ZQn43Gf9+jP437k55I3T7CNDEMorzu/budV+bXkffGGYdG/1/l+p/f1f+Xd5mcD2bon3f0zFyKwRb6r2xe+f1rBv/L6JzOHA0oHuY+Ruz/2tv/YKs+HFza81+eZl/dfuY3rCtLEhr/Jx0Cvsp88UTy9qb0naYQ/0ba0ZfxTKfeTX8HjJve388fIMn//on/IkFgH7iNKP0766+cnCODQZz81wz9/n7b0o/Wxa+evB6Pm7lXg9+2qDsQ34DJ/a9RvCP47zzRvz3hefz5pF7hnVdy77f/8aHin08F3wKVuUC5PzTN07TrO0wg1QyhIEbpOEpPJBlB3qVwbrywNH2drAUh21utJXQsizbj0lrKnrTGcPjaj7q31exUIFsqf7gKRJgC8QPHgobkdcWOQuLYL2aXVe/Q3ade9qOP3udv/1XxD7IFP5HgUAH+7UzDgjjyBhpetsEJpXZHqp98wGieYd8//8e/V2xJH2pcge/x8huK/v7U0DKz/7PRTXj+ORJEqCrYkzv5bN4vyP88DL6u28NmVT+YqGJGrCnwfO3w/PHC7HwskN/TNc/z7z5aDwZyF+pq7e3KtS+ki17eSDxoWiEcOINUoH7jH4HM238/hBwR4G5UUY0yOtsvwsLByDU373Tyn54IrE9bKq4K6N2cND+04vnREU0+Om/+UAV9xdUwjJZ1BRRlFBUFI2Djm+AijLX+s8RyBQtlhRnsQxBu/h8Z0DqDSb7YvtNF2+3H3rkF/84B4Tz652fh4ZV5a2a35fOJuoMDz6PI/XzxmHvFXAc0/zXK5uGhTnZYtma858khY8ZwoqIk2z/BXv9V+4JRPxWjQAaatygvm++UWFp6xP0s0zbJQ034mSFr/32mbs82yBpIrFxC7AfKEsyZS+ZPyVW8Pv9kX57vW6vkm8gNwzJ2O9H8T40DHCxOotyg7WZ+Z7wNQuSsg2wPO+j159mRXDIsZxu19C2K4w+exnbO3zX5uTT7PugJs/yuOdZdHF04gGQ21rItCWaxtuuNP+kyg/SafGdDZ3OG846N3oN++Vu9bRgPNKV3ewl0zhScS8Z2LdMKvTUrD6c137Cy69NpOOq2+Yi/53mBvDnthbCn4SnlDoiFMk+D/pmgf+UWzhZqp/JAj4blfiDN/f48PMXHBdL8sPaxEQc77ow+8e619zfMBzrPyU7NYKP96UUf2MimqKbDuf3ihsCSXeg6vJyhWfEca9jA5SbW334yF+gneqZt2TDT90uPC9jTdPsStWy14IMtxJKxDY+v9jLNMoGtyTjkt5Wc04why7I6erskhOIkCjF0NHC9pt6289sN7Kz1ZZklta8YWCxvNzbrmtPSZ1nh3cCvvTY3+8cAKVmuQlnxfzD1HVuS6zCyX/P2MpkyS3nvvXZyKe+9vn7E6jtz3q5PdVYlDQhEAEFwV5CWK2nqXQOrfCColGLGKTljNsWHADnH11UpftfJDG1u7zbBbPL+aad1unfFNWqk1mYBzcBYSShp1WXr6/HF90C2ytQXvWq5G/0Sxj2Xnj1vvB3Xi80OzxpyLfqLpik5sxBXV4o1onM1j2tgG5GlcHOZIYM6ozDx429IYhUR+BaJUqUEH+l3107u5DIY0IHqI6041SHeNliI2sPoNvs0p752K3bbZaseBbDNxMx+68B/l+ohHSF1hYaY3KqkELQMafMJchTLe0/Y68bepbh0CuJOJWWc2to703+9ZDFISvP+P2WxU/p7fbuCSLgl6pP0WqsnRxSxjGuIKmLJQcyQAA/wAR3DeZ6Ht/WTekypwkxoAX4jetiO4lNHlTSjllWpXkgEjQk1ijnNs/5+9Tb11+4D6DZUY6pyAO9dhmGOiWSbkHr9hkX7aJTks+KR1IQavyNdez/KVz/Dk9J6j2nZleqJJFU905E40eoS1+NISckXM9rrZjis7M9sGjJIwDUep1ZEPF9LvY216riSLbNIylXNl5MznZ+fX0X0l9qrlbiTuqyYaDjZuxjeaVGa9GWUsoiWA10Qd34Xx+iK4vv6udfsW0kGz8DyZgck9KkJR4HGsO3r5XtOlsAU2X7CgJL55qlE9X4BqTh02Y6h4rqI88wwxsIzK702QlNh9aOdObJmTqcsh739VLNdGk06SqF/pZLfQuTELNH9Rp+iX1vBziqYRrRgtCpHrYDGJAPdNq5gWNuwVK5WYYzwdOo1zUdQvQGWYtqgxD5/xs8j+cyPMnCQOVjPibPkiTZczWwgMk4CWxfnjI6EnnGYo3+iXxeRjMVr/vev1RyIRpGO7+Moz0Uelq+VrXv8hOkS7pds3NRZU+/qVe8atHyplnKyLrNKffuFmiz1jRKaTNKb+9Ge4pnkbKQp7nQsGEKi2puE9ySCpHex+Ar5+Fzw+m5g1A6kuWJaJi16p45WVtSH/rV6/CKJJZIUCm8/u8xkDrOGAapquiVQRyvd8pDbQfLEA2jvMhsWR3kaiDBCw/F+WRkW8NoLMGP53vhRR6nv+KtL1sDBxi38BWzyQ9ZJt43dSNELExxkghcKTJ0Mx1TCqK+UN4nxYvhhw3KxhVEzVdiwn58ePXIva7Sj5WQr5XSZ95QicDU2tXGfYsQIxa1Qhxm3br44LMUxi7xevB3wlugxzLr+iZjWRlVXrKBmzmKj13q3VdFe82q110ve7+cknWYY6lYi01LoHHirvIfFx16bU3v4q7yE3OHLUmPfmE746izFLZXOVuWVlCRUtMyGFtTbbKnKNM0Gd1F+OEt6l0mUk0+gSqo6sTQ9VhZ775WvehkBbOJ13VbaRQnlWCrAUvtiDg30BO460xYHqrzvmA4Tfw2dsG6upKIYeuFdR78oSKWm5Z5NOOPyVpXEmyo5jrmFnbVnXkltnQrUfDOR0XwXTnIEe+FBskRO5VRJVz6DWS4D62vIpvsRJY7T0w6RpeddhRPUZNatiDPKYt45l8sNR6U7Qi7EqngKA7ONVfKRV1SmEMqStPe3W10Yodm4X0QnxnskT2FfsksgZ737xss3AlhUpcb1OgTK8GW5SRNeFzk6b1QMbevow7UvVRZJeTR5dxthXPZaPQT3gu0Aa4vWlwJS3aNVmL99sC+eWZLdu+7uDzvS1Rucg7vCtVq2bIXj6KLDaGWYPq/vOMngWyBWRtlUNKwwRv4S3F9tBKkVmx5LAmhukLnst8h5g4fyM4f3uO+uDKb5MzN/TFcq9gHSyyvWakX/U5gNjuPEExtQeWVgZyAKR/193N2hjejd3X/D9z61zyYgG9UyklVB6/WNZfaNvUHfUm+cTs53wahZYFwAAKGUvuZ34hL7brhxoE1E815ZadKHIYY1MVcYciXtSbawm8Q3dHM9PbXR67UI1Ae+Zb6N4aQjCeSGg/zgFFG5qmxy7D/ErDYMV7UHiuL+oP2uLywk77mP6JKemsj4QM78bo/HJkpsyaNZqZERoVrCjPxJs87Ppg2YzHKKJ3BEV0uFSp/Qd2nXYTROB7mt64lX1NtqHZbz+YXEDCdXyktY3AkGVQgQfPF1trvLfCMgQRH0C+eAozCBPEQvhW/Gg+CqDFE4mt47uZ1i87BBJizo7tf9MDjbvURZcujflilrEDqHGG22985tfCPjG1oa/YloxAvLtm9ParUL+tE+zw+JTy3kr8IUG1IMTNishNMqOVmgpsFaXtK906XaStP80/usK80MU6DPnXwyKvkYUHRvM1Nyr4MPyoAWthfhR7gyd15VciLNU2Gz3nILxXbLGILbb1v0i1fDacvy5QQ0Y5eKzMmqEhNVY5OL/dVe/EgGDhfr1Is4o1PvvV0p15fFXJolYy86MZ7e2WjitcoG+IkmUL2c9KhuGXxX4AFacjSEIv7QW8XJGlXo77jcaR+4gJ4/D6gGDzokUV7wbmYWbaLXfGcl4cAjHa+HERs72Sdraj7JanX+yhE0nubAP8LC56Y8uIL5v+okhBu1df6Rm4pJKWKrq8f708NcLFU8iMD3fSpt1JYwyKDnM6akmx28rOV8mQabjEe4PNZngLS5fTdKDTVOe78pizyfsRYqC2hFlxP8cZ5vO/X/qBx7DhHTmzJWDOv8Y62PZAlMTr0/GKxOROqU4rXkdQi/TbIY2i6r8Z51pAjsL86B8B4sXEsXPuHrUeLJA6gS/Q50eKqjRSf3dULvzr+e2igNB7bZVI1I7SeptPbGcdKVTJO1TavcEoWuuXoVOLeah7+aBejH4tZIbRNO2n/X0xGqETmd6F0ToNpLKhKcZuyUrTuVdsrq7afv8g2ulBo6yjPSREBhcSwhwU1JPHjCX0zX4dj034zoNKOrsjpMr1jkK2xf5q8H/SSf8qzX2nQwgB8YwIcZ58AuIkvjPlQRoJnF2wd9viH+XZLrcgUxbj6FddPPshOtVqqUg8KQIXPLGJbh0VMlemnTzW4SpWAWbY3E8RoTJEzOCw8PgBnQ7yZgdJd100IOM1VtKieVThCH1jBVhbO31VduwBsIseT/ikPZKjljn5/co76reF7zQxE8X4MBClLLu/jnjT/htKKcHWY2x+7YZLjcrWw6LlYIFTGAObbr9zY/hQ/Ze4mzYzvnqJx28LjvikTnBN/oABByMoP4L7D7rKjZAKn0h5a4CMQErXjW+ev/x+3BEojz9de24B1DL3xEQ03gtLiLiUdFB7Fmqe+EYcVBKUBOqytrfxvDmeniwiPPrLfOhtPLfyXAf1uXY3UucIJJDJBG6i1+mz5lyQA+OAR58q8SMZsbKTUIB6vKJGx/F7a+UzrAOZqj+g395S9iwdKLhmpDaMELAbI/EknLVHj86o+Xq7RoqfGVNHJkan6VfSew2yrGg5njv8fNOtH0Kw/g35cF8NDNIAcWO4d9FNuzbUOtsaOK2AD/SN8Wj9P0rh+hm5FwLD5v/EuisG1mlu0dO2yZG5nSHjSt/Ms5fIk+tsuOYh8xgpKqn30pevng+gIwU7MhZRveFe1PsnPccvm2irv7bHiJNRyn7ZbvJ+VgwUNyXnK/aGA48VnpgYhzRDIGSqOWIoZRBs3S+I0LqGB83uCuXPZfX6yr1S3eudVltzqIyw8HydXsPcD39gRzt5LEhc0fJTh7gMP6jHZx5sO82Duzs0bGv6pX9Ee2J7U8DnENy6IOaaAzZQf9nZaHlPBYPPv23pU/Qa3xxJPhjGQP0HTzQsAuakd1XderXAhwQ9cwmwjqZiZYW9J6INbOpjlButKdYddi5MjT9cVeHjHJnK/4pMD6th1y1yHVosOeyTFognlJkmubfChi6mq3nylN4lHcGt7W48wn7Bd+jywgzcyhEVI7Yy3Xa96nS1iZQHmvf2zV+fqJLZFSsptOunY3SMUtyk/L6JZrHBHkH8IVIeCpiRseW+vbSEBvmkDXvcCMbDUW9o/ELWnHQ73fpo8IynDG05VlwsiCu+TsH9e9XosjpNVuCiB0phfvLy/Gy5iaNB636ZijQlMK/P3RXKAy5mPeUtC03BwGTXl3PJYvE93P9i4Uol3t8hfYvodrgoK7fjOmFNTj/OMuFYL3/cZzLlJv5EfByjfysz4ZcR+Gv7KwqLNPfEJjcUq0b3pcIV9JJTEZkkM/Y1kl9J7jtaERPjs9b/pf3qz+7JYypm92hPdMZd3KNNPalcqIJNc4b6BtFQEoZKl9C00YxhJON9jEjEqQ0JhV5v0F/UUKMZVCwMzL/h0KVfbssFLO/3ZRvTwrAlzKC00DzdE5mcxbUYkXauD/Tgaz2hb/DakWuphTTkAWLZXfhcBwBzEIjbvL4KNznM9i/XfYY9xjrffAs26J8QiQLHTVMUmFs4F/t4cfjVuFT4sf/FUb6VI+X4zgfd/YXsmWmqFpVkQa9LuVNi2RVB+8zccceF9pVhEsAWKKIURC8FYHT1i/JSZzYYCXon/yw21J0wPb2ptUo1nnC7qA8AHtFV8JjH3nF3Nj0wBjMCRYmfRcHWHx8uCiTStx00mX8pGLPyTvg8Ukq9kMF5h4pM0b3M8ggxMAOE4G4kfckoY72GvXNk/NT6ElvYDrsRy44v1L47wqI6YMlkfqMLr10yeCbWjnOQIBmeHIDcAfxWGPFj87lvDXtHYFHTvoAC2PMr25tkuxLwI+9o0QpGW+M75+66cW3xGXcPw1KOGH5FLSZSRF5WH3vf8k2UmGt8PHo4hmVO1GjZ2WPcLKc8/WFZaIBVrek0fJ8FmVvB2p+Hm9IfL4DIoMfs+cXoGDWeY92oxC+tfcpHhxDXxDND2474YanbT+qU2yLTp6i6FC8Dd2rw5uLm86yEbq+JG5U/kC7pt9uXb4EtJNDdzSgBY6nCueU6iH2EcAQgTOY+GZUlibHQe9x2K+6i95hhHxJ/Tt6z7PEeBmhVO/vaQxu2a3ZbzCzNktNvwbm70ZF/9RVKtl3fUdwoJh+9g4nypMFff1Mc1o1xvCLLXoc2FbQMXGIRjmzTsRebJ7zhkCKRLcUaJWjgnjCCcXMVn1jMmwoPiGCuHTRcOHJejixL2LwGXrUxEKUdVeyZYRx23KA38KruKuVvzUc+JSYtD33mFFDKKuc/wYmtWqm2eRz7uIf9n4FYfsujJOAkF8M0tUb39DzbdPoIY/K5UqLjQgzdeNzR8gR4vb/ps0OV954tkcrizWGS3xNE01qjg6k19L35egoVMVr3fVvcS7JRnaADiw7CC1tJGm6AffXEJ1pZPt6np1igX397ECmrWQ2UxeHn7iVGDtLi6NGVCSa6hJT+QF/2UDnCgTvIIKA1MgnNkKXsKZdbkasPqzWnS+ji6VlmpuDRgXF0T/wiKebllkcFq5Vy8RcNLmQ/PQ4DF163rUcHLg6jvtzqHB8cmzZErkMdRZjUprCJXaPeofAAVzd4bGjRmvqu5PscW//f5Ct/CyXv5vllUhvx6iFD5DvYQEdsl5QvOlM9HxdI8iZVDyrUNVhYHKxotyX9e5uSsu16bsth1AzfJHbXTVhUMRoiIXCots5k+RYmrjqRZubm1BCEduLs6zLZdP8Ui7Z1I7eESHH3X+8ggJ+8ynYo2MYJXl2uiUq70eNoaV5tBuMPP4Q0WqtQYfZTuy6DXYIvEYic9omgUnxni8/DkWv0TJ+nFA2KMx60WlpBZf60inPhqjZbPcKzWxpcIzKjtFtwCS1Hk3O07wXX+HSzArt1Yv7uxzEWs6dhN9HbuVNSGVXqUaT4pYaVn1725bHtlIurllVane+4kPX++wbw89zHXgNdHT6sXYzqmypIfzqNZH4oO2EOSZgrjCCMOwYYL6nLM5ODBoClCYoD8hzUS60yIlQxUIMZsBkTPFi4KKATDi1KapWC+gF6LBsBI9uAr7LTq068SGbQKQ4mzAIwYJUVZbmPEcrk1fQDd2nettacxjM9YXkkJz22f/eQH0sjKxtIzAs2BWR9KGnXneKf124CbtpvvLeYF6YreZGJToouFKDQsYMwsxf3l3DXDuHd8W4GonHbZrHo2dr/A61+OadwP2DpdjQF7zYE9OgHPeNOkzEgsglFqMeon2exo0KWCyU3/J/vvT0PDE+5RWR/PxcMIG/peQE8H6rytFffaap8SPYLpe8iDmGt+rNd+eKlgWDtcvS01OaJskg8V/sQEP6aakwx9qXOgWJtlhf64JlQSait74+zHPytq4l3fOmtctphcEfx40sH+da0RWIheUqbeJ1Px7DonXq537PKEo+RvKMZv/10Cx1aOt/6+PACirPBeN4qBnAXjggb9/YrwiOQbYA9OjJHuBbmegvueX7Ri0J3iSj1dOZfiupAtyU9+btZ58Gra8zVSta6hTIOBrL23206YJQka35Cr6DxkxrZmL5fc79i2kxZaluD+RilFGfl/g5oEXKKmvJFXjxSAFcxmwhrCya7XEZ5LD9A2Rjk0gENn332ZLzZKnKjZyPWb3a2ifWJIj+2/0gY1y1bLn8zlzEMeMkwUT9dsnKayyzs0iqcFjmVDHK1aSWjNTChrDvKHjPQ3+2u6RIPl52S+tKYuvjf41MXr/AKQwsghMZs1Rc/fKUaFlL/BfMIAFfzVe89ItVoy5rf+sqY6+XB3JZ8fWEHuOEBesLwkjmxgi7szAVgpyFguQgc7Is94+y1DWACmItXiDc7rd6/4x9NwvSUIKiXzmm0z/9K0WV6kq8/pxfWRmI4P7022/2byD6lq9cpsx86heraRaM3Ehhz+9dKlQxuyTPfKiLiQ6kLYVj4CrcaDffw9PHMX3mxi75mutAtbU4ViVY9r/Wuk/a2oYh8idTUkReGNvw2KzVIFDjKzTYRLsuvThklCtp6IrluKHrHEHRRrZsRSlLDTtiNNRWK7YZd9YxQYbHry1u9CSALWUn/pCTavbBl39Baitm/ziGrXsrKCut1ouVCgkX0/Nbchpeh3WiEtwZLB1BjIkBvOngXNDwI8Nt704Eo97REbXR0k/rlt0UeOxJSeZTF7Kqeg3FhJg3YBZ0IgzZ3QiCXNQ36FYYOHvScBH5dOQ55JvDZepTG2aNnIULUov9Nb/LqNdWvFGdO7jkUMgRqLcJIJ2QImxZeSWYMV3YWo1Na5YJ8D4Q8qBMqCgE4ou3Xvi66anBlkQuBoMdAS0IiqSfYpr/k5vxO5HiBcjUulGpinJUjiEYoP65uQo/f7Uuy0bSmXZJpZU1Hgh/xZ+XM0R3SaB8mfgE5fIJbZ67YjyGNSKIKY3Fk9OG+mgNcON9z1Jq8PBRbhjjWLJujSBrrNj8mDeFXhxAuXTdJY/P8D9BjwFHvGgI1+wsRimzP0B4kX6ALOJaZaj5M/yl78VeohEs1S8iByQAszYpq/W0n8e90M/oeslT8Zvm3cgLSITIG5c3sdKEzgeGVPBqN361hCduph1THiI3K/R9iuD1471FS3J6mWBGhTCqYXnMjSPw+nsqnwMys7WyAL8OgmdjVrFSZ1raD4WbHzPAVi3zTEcSwml8F1TD9HXA5HzjScN+3FcLOc+LzUQjw3Jaaz9BMi7iCfK3nWFxwa91jLIHFqWpGSbKV2LTN5JYrPwQetrP2SIZFFDfaD29HLluSn1o++CO9KbPoTg5fDaNbC2z59G4ls7pedhRsDGtosbtKjXdYdGewx5ZWn+kukb2vDaIZ2viy9vhHJXptzRomh5LE9VJj3i4dwwUg6rGaSZyINuOJYfncpkDfeEN+baVbsKKyr2O15R43Q9mnj5+DZ9L1iIMGTWdvMrV6HlueVJtaDdvtxLIZYyezdMS1MVdTotVQfEd6Vaz3lM81/kCPfKeWrbQ08XrNO9fEfssZ+k6xaqVR1I5AKaYcuSo1D0K/CrrWsKSEUEaUXIMqoo6alKCTgyCOyegFnqkfzdHNVLuEZiLFpM/mq2OyPUvsxHnpPS/Yb3gCC00KeDtYy7qc8ldZfuXDOCGjvBi30MGg49f/X0N3oAgceGMcnJGeXNVGnyRESAJaa0g2qdln8X9k4CUHEFVnpPMcYm08Ad0Vc8A/2iGaoUVyboSWPM66TZwY2byW7TWV3l9EM8xOBY/E9Nyr/szetgvlAabi9Dfh05sx1rEWip//HODyfplEP9ujr3iK/RTPOcyw8M+yAv9HJSdL1yhphRq6S/aeY59y+0guf6CpNsNmhaR0dAJhQyHDYQAjkCh7D6sQsrX3e/Y3hkPKzov44XYgQKCyleUivvqspvBrpj/RzD2gHqmfrcC2M0Z1Zs10N1nqgXzlCPA7XNM72Hsx0/CZOtqs0CTXqm9xC1ihQGtneNQAFDn3J2hLgDEQSqN9FP+OugxW6q5+nzZndOvu2lw1jQnU5YfvdrPU6ejHEH62qj6EKwQa6IQQRIysR/9ReZfXc3qdfYdP02bqcSIobzemJ+B3mUtSQhZJo7q4z+df9ON+L8CFmtxH+CKPdFWCU6+hW3teRPxs2r1jEv6RbvmoiP8B7C0+F1oZvMq1qmfr4w1JufdfBzdLIEyio/MsFwQGbCCd2LjefrNFyIVFyQ9wW5/9j7fF/8QO4LifsJcXHXvkiKTTGcSZuWxplII1C/IEeCaZqaZrUND6MOAdd2cekmPtgF7IBEPfRfXssFBEEPjfROG5SGaMU59Xy48B03frAxbD6l/DtYKdL1IHkF3SVSuMkF30jcWK1LYTD8E29tq3Cp7q0/73FV6khOiM0j5lrnorOeFa1LrysbdyKcGcADWj5U3P3HPoIzLcVD6YTlKQ4N1CAtd1Fi1wfc1TEs0Du9bBUAGKhmjh7nJuNLmFoc9G3DTtlZjlD7p1J7oz/11zfK2LoGyXtgeDgEBTKcHFmA9l2Z2cVyUoCfTUFnDVFijzuXUJVrGKzRMc4/nZskaDTrIuumPu6EJwkUu9aQ9S9WMAGvpPdHutXQdXQ1KFpUNhcLt+J/OjqLahlhFDs0oL6tjSHZkTwhOpoiAhJ7f22INgG2KzDKi0B7onUT0l7VEOGLzbzm/9OnGaXxDVS9CZvvj4SO41uYo18EaNJ3/7DNTxaQePgJYm1cFE+YoogxYPSebFB4FzsIm6H646lpsq5EzJk7BmEeuXJUe23uC6Yw29G978sK1HQ/M4j5sTBgm+/4OellPpaaZ7W0InrBhj4H4fKvOImf7hLVsmOpB48XBiMJ+hvMsKHCz3eJqK+nvWtAR3LEMmEd3OSB1p9WoptgF42CUUCWfmZfvxDOnRDBgoIUZbCpAcHyJY2Nfxq6SPapCWfMZvz+PUPE4ubpQJA0M/9u5/Lf6yAMxgZVMGF0hd+6nUuyT4R5QBLYgdMy2D/N4A9oVh6PNtg8pyCw5ceSfDR/hCbQZI98RumK7zi/xdAQRbSr0hSJvdeZnZy0M0GZf85kzSEkhRf2y/1csHXTVIQMEoJaMGogXlbC+OdGgiJccemOWqBIpT70v+jNeflI8g+AeaaeG5d8ggCxefv7CTrdNh2iMSiI5s2I+7kBb37w8LzxWp6U0j9VZalJLePdbKwhC09LjqL4wPkFpWHo3Aqqc9WZdfMDTsaJFBizbV+xMv6UmmJDm3SVPpoF6hLwFgMmwDfLicQcPyVw8kX70txMX1DpP/liCVEjrQS3/lVQb+sjksyTZNSK5DR2r0pfzo12qBIvtUU9gd1eI/Z50SxQOXFMqb54g/P49/usOMM+SNQPmKSKobw+ojOc6fNjQV0NTckXPuGQzZZZBcx84ypq6BZG0jP9eiYSg+7EPKTfQq1/V68hjzPV9rZNxtoinXD/mQDxnz6U/K+QtIVYJl3/lgxiXlPyGh1cczk+RGA0pEN6oB8/T/6JQv3nj8+Q3Q7qHFqPaKXAWPfIojCVpR8Pscyh43GYhZmaIJzM+KuOvydiPx2J27rRINMJ+dSAJ3AVca0Gn9YIUlKfGXrREVf+CwAZV9NyrN/hQirQk/wsiRgm40Q6flhN1iJkxu+vMvDfYIdJLRjtokRzuNgfzGi6+HWu2Z8W1zurkVdnfIcPIwr85DA+Uw9sypVz+lTWABn0xos/wXD3/jK38wO4fjpB2Gv/+N8xsCcvYiT6a/pcKeuGTzTwvVAfxV1DGT4CuFTWF268pwVKbX90DtkEZc/uhxo/dMP/qzyhL81o6RKo6KSPsczzZipoSjjwMaaXx+Nttf1IBq48GuZHLeT+qnqs6ihbiPzaPET73/cngQLFihW73tT9d23AI6B8OJMIMgn8dwI0ER6sQBezxF4x5uVsjLfJtwEuwXE5l5p/zey35ScOhe0iDtjBwPX41LBnFGnn/G/qDKgPU7Pr+HBaB+cPtO4+woW/yWIBjhPNINff8fqj8NmPTVIHldWEqQe7QiW+dTXuBWg45QzTO8T0Lpp9gS8SZ/cTDiOPbEcRYmCKGY5O4olUGoHag4+EzvOzBkXEnND4BI4mE0pL5exhPPyr17zB5e5t2MC9fIKZPz0iUykWZUiH7uRDh3H2lW1rdmRHqaekZ1d/DbC5Fdeerv0WUa5aYGddmNVSpz6Wv3eXuNnChWOx/BbtqZcj30Azquy4QivUh+G4spe4ftPjD+64SOhjgaz5Cafn7EQ4WrylhKvexHFl9m+/FYgRuxwh5vVSc+Z40euBq0tRhvbd/XTlW6TASptPYXifELgMd+WMLtgoH3gYvl/8itJTSLF63tWbMq55o67qd571zlsrIsirGLNh9Ol0B0i1Q9o5LtXWV+vF9edhYMtUyCp4r00ODbgisIIQOPZ6/TkH8rrJgryDUGYeohMhuGyE2t3cJqBb1Q30nF15+dQLtid1HH66QUC1F/eDxz6Gfd/wRrka0Dm7A8Q11Pj26i0Eb0+Ik2CGK/0fEgJwOrO0oOTci42Jv6pBSoxMs/LZmoSwvkxpTOBW+df4+IBpSSsgcdbDe5NrRBsFUdxWzWP3PigG+YoWfTDzXF5s80XeOkBN4HYCl9La6EDUxS9RcHiZuoKYUP/dYof1LjaZbiHL+FdktmfUv/xlq8UB6UEOfUWva3HOQR91LD8amxQrkAYy9ZwP5iGKdgpVMwNtg/qYrUZZTSs7/7SEqd5/R7Xk7vX44tSLpEgt1ufp3NfPwh7/zje9dEH9lRTR0rmfqif2rgCkeW/vMUBgkYeteYVTYkDPjyRmpgKPCezBbwC4gy/lGc7DDFkTmKkvUYGllPHLHvnG/0vPKMuSHkuHoS68VfShMre6X+g4RzY536F3pmr6w0JiA8Gev6VSk5mguiWHfF1+j0vpDTFEi/kf/gVpn5bK3ZMUkPL9RJSldCh5lMVBZTUK+s8nX4JwoomYi0MGkSDzdcPdjXiT+3QKdHryy0juycvh8koaJy5V8J3Mplmg4twEh+il+6cOInKmgTOY+idHDBzf4Dpuppb+cBHNOlpyyhe88Oe2nl5EMgHkfU0XKdjXZ5fV74bj9JC2zMfD3zO3acHKBGasx2n1wxYOIsjgUgfIvMIfdNu3Yn2ywP4+Wm94XFlF1C5KaFWURxuDj57faq79T6PJxoAtHcgOz5zRk4JpzC+iR4z9vvktzhVprVLy7s6i3j1KNa1rXBNIyZgxBE6XRuCKtY5vqE5uKemcTRl7Cpyvfv/6jUuNBLXgL1X5fPA1XLtYc0TzVAs28WBLp+S7TXxOYmGKrmM9fnscVtL1jTgdnJ95Qpufoze4+msV1N8tDO9FA3QwLKZ//PIUn3QcllINdNNk/wTDGbo5aaa5ndg3+u+kRlfk1fPeXIh/ior2tTOxQanvezxBAg5mYXLXtP3g5xvH7iLVASmkxRLCjZdpGK0ucn2OPBGi340sMSOH/dRDjIXUXFUu6u4eNWSKdFj39MJHFXuT9mC5J9/At69+BNz2U0N+J6gbDYFB0IOe6mkYuVdRU1e7tK3EF5LfpycvmHl0p/yhhuMfjgcaj1YQvvYLRl1yMlfW0Bkn6k6gGAX3OJvc6db+M4Rom+gS0l+Zh06sn9sdfGDPCvQmtFiN8Vmr+RfankD5XFRktTQZNvDvXBa+Qy5WWMrLTTTMd/hN1b2hJECrSpg8PThCScg06fIlXHw8rxDTmEMQnwhoG3GGiRxNIG/+W+APn2DOXA1ShCZyzDjy+bLEjj4afDja5qHpFbpWblzhpMDdJudz55375g0Ed5DShrwOXw2H/Ltmv1QbB3NGd13RI3Jt5OUFCsqHIY+Lsl7WrNQiDROEjRezlNDr1AuTWaKzmnziSNXwLin90+GaPCuor/A6T665UbzAmY9e8OXv9+1YHcYusfpldsuiZV3ncnS63kwGaGDpBWUlehBg0z4uLZQ5xWRptolL2tYHi4QRTwBldBqhwiZ4XBba0MT7rtbHkZHsPf6McVD0ZGEX1uDy5jqq1EFZXjzDhZvf86Kz0BLNvK0uS813BfH5DGbiNQt6lI35lUPgxrF9ivo0XLxu89PlHwAdm+UgadGfTKeb4KowRX2tCG9Nad0R4ViPVdSvXpayzEQ48A0xJjIuyio8pfocw4EqCnA1vPiM8iTDmeNM/H37ffKU1i38UHjNOJnVAH+WeE+mML+31kHg4fmemuQzScnOJzzkoXgC72DO5AnvIeht1htPfpCVZHEb5T1iuA8pD6Ikrsd/rShsVXS2Qm0C+QyVprx8ASMU021A/dXLXl9fiyUSybnOlceLkJIXVwWG63tNU19bxBtJI8ryO8W+Wt7ohIzgyRNej/YvWvRajeLW3mwDFFOO+DhAH3tZ3ZcyI8e7ZYKQYsam3r9sICJW8MZQfVwAaLBgmZ/t421LHOabUqqPEd3kN400lW3Rmqw4ocKfovBaiQsPC1fs12m2Msb2ViKD13l4ESEWY+8N6zuBSK1B2cFMyLPtkajrr5MbNHnAtr8Hi+K1HhHnxlpj64GbId3L0zf4qNz7740xyN3il8YW9uuLJbS7qG7eXJ7XDFMTyiO+GGcdtV/1TlOqHpHLEOO3yJxeAKjBah5m7jH7RcwSqLeYXl2vhCpzK1BWncUDAWtVyCmxL6V4maHr3/vsId7My38BGf6c/XVUn4BeiuJGBpv/mlv0xTKUQmsn3ndyIB4NyV/uiIoD6E0izfoZfQja3saaVsep0Wp1DSmSDZdVz0znFEz8hw/QbWxyangN42IN8Ws+iK6pikeifduSfz345V3lRarWv26pYKkZUNOHkybUY3xwDf8R8F1YyUJbSv+PKDgAwoDeD4YLy/wxBu5wS/13fwewG6MwGARSe6CfAI2JsvUwx34iyztpcBEpg1kido3RGJJvQsZdKRTEDLemmB3gXt3v6ENN7ezXR0cOhwnJoV+RG/y8UX8w5fXbaq4OR4qQnfOSQ4cpr9/qaZuL4a0ks+ChhpktUP3laHDBVgcGqt/ppH+98gL3Uvg0yNHr6zqYPsF5Tx+p2vZb98mkl9uedgX/vZg5w8vW2dNVmYsRc+HM/wC1QYjfv7Nf7BKa+Sf5HYJv7RZLkjeb9uBOrj2+jhDcDBM7EXtonJutNHw12TGQqcJL+a4y8U6bv/ThBjgKt1Y/GOT8JO71Lbs7SUFWbXH2VxhWHrTlYPKm2g8tmwdlhzLx3NPV0+YU+2GSVKfzuxGiUW9oA733gRHdsX98G/UyNt4+lSSxEpRwjSpMT/W23p9WN9I6FgevQXpbz7iK39UDKUDHujbMJ3/l5/DVGtpZfFkus6PXAHUZY8gzUqVYMphzzzGDI39ZYqDMsGMUY4WtZi6hQifVkC8h0FYFyGTv4lwul6GrA2OtioGT48/5TizoJU9zOYC9QCQKCpQxHedS4Qr44SZjoAhysIn8nK9491h/j3w261hFghK7ZI5/z8c9UI0fiOqsFzeIUPoFnva+ri80+/XUpm5WEtr93zai1dau2Aj5rw94iYfajDrW2P7nfNchBS6vF26GcHPUxRKQZwhzRFfruhWKrmMBBeZZ9zG9WtW6nQnw/WZcIEulmxHT7O+H1JRDs5OXlCJR08LkL8wnjLZJG/ffUyFFv1zxrnDKnvm5BATw2Dh4eXHR4AmXbtsdFscPCgrM4ID4mF4QwfyXxmKZNXAOyHURMlFjvU5B1TPwOlQYRhvphCq0ncvlaDRXeggHNapj/9ngpOa/9kHlpLhgpJ2G1vTFcJrsEW3O7auktBWjJ8jxWn342qgI6pApgDWPznXY5Fk/TJN0mleNZfyx7Ea/jK4J1MAv6JL1Zs9t1TQIwwtbYCabeRx3elJe519YNcbCycynDTB3DSww1VwVArBWi48DXSx9CTymfhC4cbZJIrJyPqv/SDr2UoquJX+oGAwv1oFChKzMbbuY8hPCEh8yaSZ6737xAKm10a+8B1jRim/z90RWZ9ooQs3XOg0qjyXC6JHr/U/4y8PzQy8Pjxqctn7BzwTr1/31GiqOCSu6O4J0kuzh+CYhp3BRw9jnaUxw7ZvFc5rb1ypPyvNCqBuPQGrKb4vn9xX1nw0lthaB7lX8vPtmWu95/NsrBxxA1rc5KFX+REOzxeOhEPrbz503JzY9JIRZPG08WcY0IAoKaA/Fsan5zljcT4FdH1fjsH6kq5LmErBBynfwk99DNCrFMMcvyTaZDd2ltjuD7rdTJ1jana7y31gByyETd273VOgJjxhmrsxkzLusYN2vSBiFdUgcG4U275i4g7+zbcpWRU1DrdIIq5d8ysB0OGoh0CUKpkDiJq6kBrxjk9L3rdOXaxCvJ8enL+qDu6Spusk/OeoCImZkoqIk3qIN9+fnToDfiSgWPzhsq4MRoRSGgYCF74PN6tOFQ5MqgSCljQ574ZFR+O+muctkVuR3Du73VYeLbuAGYYlGlKfv6YymLu/FBfsofw9R+tgXY9qjkidjbAB1MLcZYOs0SKjdeVzy5P+7gx7SjMU9v3WZyMTUMZ6Nt4k2ZaxVBoZsV/IFp3L9QcvdHjwYajlwcUem6VbDQCMocpmGL8UQ20sFUjuq4kfCSPTvfZll32KOM4uqUA/dPce/7B0n0pxl/qCe4eqscmtHWYI2FkMDZhYV/zvfoSxKI/EnG2rV9hcAvZEokFL/d/O+1eSL5oui9pbKRbwa0yGt4QxcWBCbxw8LvHlEC8LPCoLIxmpFSwq5A6lkLabePXBrxusg8SHTwHVbRg3hK8uAKGaJ0Nf72ORAeip8pR/P/SvsJzVf/b08iiSdkoD7bGAW5tlwLC3Yczl04NL6Bvri0/Ov1XPyFgxsOX4o+TFWfpOHAsXYf70CQIClVUe5pTUEkp0bSZFDzQT6sGMTXFmhXdh/w2qY59hM1XewNgw5i0Vdf5PH+pf9bK1BahM7tjdO+mjMHqHvOfFTQ/PRMFi48cNEt9BjCFmCWPK/PQam067tdpFKG34UEFaSw66+R9whrl7AcD0rRh6veGlllfV370ewtHvbXFd1REM/q+aLf2LlY1NMsC3jbRx6BWY5BKRiX5t2Cf/lhBkqPOUK5PfUdx75KRQXipN4dTJfTH8h719884dz/0RSFSjR+H0QnQWdPynrX4a/eb+dRoTgzBDOw43XDikYh/eINYnI4VOjVERJ+tdjoSA43dDGD4dPhsqoZH+0pDMVTLGbItD77uIBRjL8UPPw94hs/9WjTj5isobiWVqkyxSBLQh8mAp7sm7oEmY9NUxIhFq+7F+XBo5qqWlCeZ5+GXIbES/LHEJMP0xMBknnKT6Vakl9HOZOUMH6vy4QkmRDxt0k2laCZK1mvf527N+l+51SCokhievtQzb/XPFsmydt/X0bQU1LLgLwbc83ZGDCVXPEz3cndgKWpmI0UVNLvwb7jmsPqnDm/WHNf3OTnJ0NQacH2r/vzsNQvuQfCSWOUUQo4mfONQAMv7L4yO+x9ELQXRK9G/89fwLOn9y/+ULUMMtigBjSia/cBGXFD2Gx4088HBEH5X6u8RGoNmjrf3tWaxLDhB5ubZJhR524XTRjOGwNbn1+0rZW9nGHy0tyBMrOJMf53/4Y0XsYuJqEjVFv80eFo1M9VCwlQOiip/idYwn4izWSDSP968UBXsemqUBtux7y0hh0EdntjHX3LduGBnmIZsGh6gqD3xEIlgS+591FnfPoQr0OQH9+5svAYqcu4jZkY7T+K0KCaER6I/b64Xiw+4rMx4aA+/r3GNcKi3og/NUR30Gw+8VEkt7WOLCab24M7t+9g9/5rdMncK9fE6QZyl7N6Db/arCSy1G41drp3wbmO1rYaoyheNYsIaaQnMC9I7tDTv27EWtlHEN9ZBqWoPiJtCOdVRJmq0t+z0Ue1ntmwvYA9c+YcKvBpuc8rpArfmoe1NmtvzvtG2x9DhnJB0C7BlG0v03Za/sHKnx4E/KXw2WfzwcKWbwIGr/8MH9Hnqca/RIsYq34YA6FLBBtfm8Lxcyni9DUvxZynbmI4P4SPVjI2dEEwsLvSPx+SvcYlzDiZTHWh3ldI08BBZZqD5rk4BYpDe9RA8k7GUQGGjyCisWtupUVrvsAW85RSxcNIfNRWVEnbdAgo+sSqIxcyXfyZJ7FZbH4q4dw8FRU37Gdr8HqyyKfcuPzUK7ZePsD1aVkCdS77yn1a+dKVJe1zfGfYKV/X5sXFTkp9sw3u4Lj6jnU7HF8geZWMpiIovTyQMVuoGb4hm6Iz0NsAXcckAS+vmI2wUvWxjR4jhYKb+4Djs/y//22Wbq7IWQdzwewvf29auVy+0X+KxhF2yd9QzbJ1z9gtoUp9CRvmYtKFrBa+cLzRT7kS93yOaqoP8kA8Aw08znUT1u8BCKQ0hnbtzl+uIzR/YQ82zyN+473DBKe2XImJy4uhJ4PBniSaMOxrH91OvtmPa5+Cc4iM+jXKUSYL2bix9XWbccv6OujF0bqgkhBgs3+WWBEwX9ZS0C9x4IL5pTk2UvjNOxUSogrPPgN7nbo2Ea0y8Nnq5MOdDkoV2b0kzzALQz3tPFKet3ypC2cnkBOk5z3+SKBUDF160zMctjM5rJQSPHjSNef/uikWRSl8GQSKIP6rkmxWfjaVGhAS/fA3sEAdc+mRV6es8vI80KHmWrHntTrOWvOoP4uY3iLp31XQ+egEZ8pSHOqrxlmv1FZ9teyCfoWuvNzP+6H/bP6d9LsT4EULkPk//dfuxy6OviKsPLSb+5g0hLdbpHagK8wIt7zoxy1927AB4XA2mKne/7lPuGIKcV8bmBvTZFKxqG1sOGBxxgMnwcAqn/ES3N6GuSkeLAzQAJUZiL9fBLYnfjRv98gR2sJhF+xGmaOzGY8MoQgL0XIHNpcXft6Z6ahzTce0e3elHoKkd6fS6stux7uIBLbPL7k5kXc7U1OX9G7jRZ7Q4OdyBpTvhgG9ih8fYH8NoWB0AQZ327FZ2l+CEV9do5g7BW62ef6p6V6PUnLEfn1b1yCa8viO64I/iyTsVN34N6ck8WtMIDaV5ZxuUpSYf1L9a/FGgTubcVfZ0NRrnkwMKSDxvkb7kcTLeS1Xi94Nq1/9elq2eVqPJpTSJgPWe9c+5KqT6udoUeSpRy5wMWS8QTJNrg3HL8+UirSRI8+bH/2hoRvSi22m5OQSlO1qjwGAOsa2NB/YLz5uUIssaD7DS0JwF8jHkDvahc+/46mOnRYH6zCpWU2Ae6b/Wl7NgQr3aC9V85zD92fQaksLzEQQlHMD/emYRGVfE//ZbL/fmXAQQX0r45fMEq5feHbCacZ8q+t9c0e26d52eSlGzbyl0EqOoqgDf+7It80M8YZ+ZnhLrxYMgICn9395OL0JYwD4CrqlLRc7TVBK2gxyBKQuAEk4+OTL51tDTP7gEoDPZBHQ4if1gQh7Uctf+eKotjQ+TROh/9X3eKHe4Vvs32dld9pH54s6O/gFeJFLGwbBL+R6wvWGy0S3LvfGZe1Ytd5DevbPRq8+oMYGPJ3p/bfbbzUEeOEHS9ejtqWRr3wFVms1ciVLBAfvIhkxKSqPMcbaU89XYsz1h4n5X9cRUFoE/IfEbN+Trk8vUA2DX2n7PK8aElrS0rigve7ue9LWoYuYAy1l9hriLLvo2I3S0pa9bJL2oyhQfhAY9AI1hsCm0jWKKsjod1yos9assgp403gf/+d7cOazkEN+46zv8pYIErxyPrLJIk6Per7c1MWwwm1VBqfRAX0MUD977VNpcxV2blG+afbcroomR37DOGppi5RfFeJ0C+g+kis92OVdYdf9p2pxATsa7XX71aVF9RIqXR+lqXos8OFDkp0al1A8jfmqwJTULgiWOVhm9ag80wfH4q+Ys5FDBGaTQvi4gz0DSA9BRCiRbd/rurTE6aBDidG/PMMfMNv8VOVTX2W9/U1leC3y2FoS7GG2UmmnFLIX/m/K/HGS2JAD7Rb+QxIdA38F7e3qpbXJtvqLr+VgoBXypZcmdsxtqnkBpgbehiwnURWjFtFDfoSAWGeQqUTN+KiErCpwmoHB1Cbj0oTfhrRENTLseKgMYhycNu/O2g/eUK1f+ix0LjN+CX3Nzsav7ihYpFfllKBx8bBVb8FnyDyjb3i3AOsTJMy8CnPhCIKWuS6gGWAk22cT/1GC01JDPKLrE+qra2vIVeAKD1+sq/9KAmOIl5nW9rEB+5qw2EmO0J9fWJ4ZFSxe8ciCUxW02JhdykSfqw3jOUyVvx23wrb4gTc5bjInzt9QaSAIjG+s1n+2w+ztKk/jeTG/RqSBCW9rurv5TniZUY6m/PTsb6oqdWfuNV/MmZEhJbVbhaEHCpEM4VlL2yiy7yUb0VoxhNDLNSm7HQz/xbThnocPlAc/+vK9WTuNTZi8zoy/oYvOH1xQxLonilY+2YuhK8EUX+If1dvAC8Ly278IyvdNwlDeEV9tfSrv8Lj74F9bAjV3zFAL+flaiqJUBwNuFt+HcdpQLkn//DnxRjoY8HNX9cUoIczad2ijeCrmQiapdgS7aVxG9KyOEWJXy8gS4fA45AqmYXe3BQ9tzz6Nbqe8Ur1A1TJD58cVzTxO98tzcXV9RMj4GUSnpbCDS+uI8WKpJQbf86tFbFWsvOkwFh9W1KnF1efYM/B+8X0sbyoHUwlTSE/38ejByo/NJ09TOovKV8nY1FeGlrJ/0PWeyw6CizZor+EN0O8954Z3hshjMTXP1K7zunu+yY1qA0IMiMj1gqbxNELKnOABB9pcKoUwm2pzw3AzGNWbGgto1Pl7i4F6s5WJNhTIBjzKFYhI8Ns/sKlB23BGPV+IIC+ZjQzL6Q0uTZ5v5BO53iQXCm0YNUPT0OHXULo96oe/LT7SkbuBbx6V3rUd8zzKnsBnGUyFHk9rwBHHxgnkO9XjLPqLQVHexE3Tz9skY43ro4vejtOWF4/iCvCIgnx/n0E758/ZMNUgY/iZ/ceabmFlvigklh/qw3G5wVfgskCEvQAFXW3c/+5dQuNaP31c2OX7mJapZ0fNFBbf4bhJCXfgCY1JhFFEPCZHPb43Lzxfb98qe1+VmXZy2STNbpfgv7HddlEMIW+G8bbmez+UbFmrmMPgIHnVRWeJ1Tq0jmf1PDg2vyojo3IaKs8RuuXK8c2k/O8xfsNrfNnqvFhpdmFhh/dVgK/r7OFpe5Lm1EsCF3bk/dWmbdqPIS35S/fYWeXI0nijd7vx3wWRzgZQMFsr++Ri+mxhcPz+/WpCHZ1jsdaMPJiJPDxtV7NChh3IbBMQgCZkHl3oLsMKx/u3z0GE44f5kyy24ITF6g1O8zrVf8rxapPWMPsUHgTr9qWSSqyaetWal9xfv0c20U8bbKCdpPgVxH4kSDClEFDBag27umyM/NL5B9MhxH516qklm8D0vMio0EJtQBVyWdBblB18tgjRSjGsa7LDSAPqUvIaatUPiY7FHgJ1rUgV0m0Z3AGrmLY7kG9vm4CPG1mYwt3h87lByucekML/75+0tCZf/0TWEX+qvy47e9rqjmn1ZrCWQTwu49WFc3xU4OqbKMqHWEgExuAB5aFhTVtCXuVKBrfaFqGXCUb+kjXUxLGKSxzCCRoaiUBXpqrW1gqYlfFxWEOmwOO3GmRwlMsqf0Jz2Pykk4UpMVYnf7JiUV/cxPVBMlwIABdy4ySebbo+7yH/q1849DUgfEVxdzFvtEY/aj4sz3jsfcOoBzvDm6Vz/Dnj2Jby2GMlT/u9uCz6cGnbLX80j/7NCtPuAEoSs1C8jwD+RFROiNJremLEfx/9SPrMDcMLeiF86xJ7/jWTdH0jfoZYr0olkbI27xI26mRlsxHM30wDQUVZjuTM1bAtoPID/bWBJMnL1ZPP+/Zr+OvUiEC8gbYAjljTTle44l+3a1t7vfnc/iEB2wK6N0EMuO5fx1IM8eDvtgnuoSGHElTuOyaUKJXWTWdlO876UeOYued3Jh4T5+35v/L/hwEjtkxRYXU1KZcqF7O56wt7UAu+bjHb2BMN4wbqSoT1v/yH8uw41EKGeGowC4Uzy5E7ViCC5wHllsTJJ0jqjxPAIsEvKeUxLNUv2lh4T48a6X5Jv7L/aZYdm8qiweIpdgAFe4kGt93oG5iRx/ogHX21FQjEjgMwl6FNpcUv8Q4VOv1898sIBTF0KyhP+CoJ0CVG0j6FU8DxFrZ40SC+LwTai9l9AHlvxxPEa3rYT8mHuHh1xHECL9nxN2AyjygMx+eektsvgg9ttjRo0coW4DwN+7600nmr7NOykqAh6/quK6Gb7sdBI166b9sbK5g0SSAP1E4G636VgWW+grJe24IRHvRNIi65A/yx799Lvy4pEvMzPun5xRG6N5MxSFrb9AYWu1Q/3AYLmyelRM9ZjpPUKhKLEs39oUIo6F7TY71WwPOaNg7eWnbACgLiAyKrf2o8sk6a6es3vhuUAs3Znwu7lxU38vwFzLgueKy5Y8RGwU492bmZYPIWw8PgAvrOIfMtr+EB4LcMEk9pJowerj5qBI4SoMLiflKyL3+wzaKyvL/1J/WkMVbU2dO4c792UFwNm8o8yh6Qm70gSl9LMy9w9+5qWGFm/xOT8ooxmnMy6+twVEHBzwH6Wn0rSAE54luaI7kqSTAj85BdqvIrHAm5Yzb/iX323zbs1GT/b0Ly1Ut/LqUjLlTqlpNGiUzTqfRZH3OBX6kU7VVyJQ8CEUw8xUfJVCFLo1z0aZ/nZo4xxeYTHBKROohenKvQta8X0sc6u06sBhPU2PHw57dkwVCM0HZhSFkyTzlvIzFvP96dBqqwHwJYQI0zqUhjCpkWqtOOXtvMUgCZRdS8FqCKVdsQa/Zz9DUUxrhtx5C40JAu6Z09sXY7SEFNAT8BMWLXnyYJOu2BzV4Hpvni8+VIWLp/vjzSSPPD1L6t+z4ZBr0TxRYvTR/roLmUFAq1SDCaZEzoLhh/Im4jypSXOFDtUsSkoC1H675VXRQrOX3HftZrCuakqtCMHz8Wl+0mrcPknNwAd8nSVCJUAkQ8p887iZdBEnZ/IwHMX+6OlQNuYt0sr/IWQqhUceR+WqAFXPecY5m8GNjvF1l/vnScabx1zUXYVJHLOGctmcvHjkdBSd0okHnz7E9fBgj94+qUplj+fRhj33kZNb7r5ZjUCWw2CL9HlQSBOHYnbdgogJK6NGf73zYI4PE8tWS1BDiXiYu9bX162amciXDmF9p1GV+uuX3C63hd7/VPQnXc0iVbiR6kqsE+WcAZaaOxGANyFACnkPVy4cGM0Eun7iluqknoHbyAaroSyGt82j8KEzNB5z4VbCC2jIpfkeE99cFeWE5FgCnx161uJVwb/YRE0DCUQ48MDS7cpmi06ys+JYuFSjhjDEk/cu7x8wEv3oCgREQT6B4IMeNuR9mWtwIkg9jZZGZA0I6xwvoZxOcLmxWBmswvo7w5/9rFAOwb7l4Mx+SdOXxQFWNKiOq/5RlDGyABxDQahQ73HzTBxL8IRnLGRc75Gm1QO+re16dWIr8U3pAtOxcAL+dONT2mnuEJLuic/LIwf7WjpWY5ra4mim/Fy+fu1A55ANOSDjL/r4dmkw7hiEEOGqoZv9I7WH8dFba+WCHe3WlfkMF+121dlAZH4GAMho5JJZWAdqUCRWCC4khw2O0v+TdXw1QsUWybFdDyFdg7sOcKOSeVjnutyjAvscr1uoZjwx8PxzjT58r7OdDfLrIJfy5KOoDTq4JujVbJSR8JD4fuA6qoBHa0es7CHeuX2fAR4fQCjM8X7ZlTA+fZs4dfX6UXxKnQHdtEP804iQJevtKqNr+4KR4DD/PkKMxGVOnmgfxNGFK/UEeZMta5kwoanos9qc70h3dzAogBFpvT+DWkQY4h+jy/iGWL6+YIKX5V++pcKz1Fpa4i1hU6V1bGfevdMpt91A4SWC4s8u0RPBW6K8ebHAYvnRUavshH01TdnnXnuvTt1jUcfDWHyXNBCMicgy9W6Cz6sNqTcHmiXsbltooKpMquXyy4kx4BBbFFHfET1ItaPYTYnL1EMaLMusFxOjYZsD4QZRsODJNJZ52Cd67exo6+9TTRX3R+tG3j1zghYmtSJcmvVf8Vdp2rdocAskQdMSSYazkvvl5YMO2wfmnasOdQOC0780qpURF/fVif1AWylP4NhQWQMXnwznFMk9aIHGfag9DiSyCgjBgKP4M/SD8VXT7V9t5Tsldxqmvmgm/8CaOzjKGKrnFj01GNxYeItOQuArdSS4q/3QnA/opJk6hx72ueDR6JIf+pUr7/r4nHWNJMo4/+I9fx5BpeyeCSYB+M/EFyHx8YyKI9SlMyaxbRtiBFbf+9ypEFqrv+dvfAUgRKSRcD2M3iJuyUEJyC25V40GbBOCTQzifXVS6V173peypCuJiop4Rjy4C1ZDvOfGatB5eSwreoo2ERmV+nQ0TFpcjLs5vrYEffRhPJWTb92zpv9tGPoXeBylaF+t85Z8OEJuhEajh8tYKLx4O8yjVPkjtDPRqpB57CIN4e6B39BmjECFKwEsTZUc2HyXFC7FPvcS/GryN2YHw1l5bt7pMr3I31CmGvqbWmo3bb844W7cytiEz7T8XQSmSpQ4uxv0Vn7hc67jDksEjT3ek4Zyq5FsfHShnWus2JIPuhRYx0rkUzV/+ep1zoNdYoo2nkcmVHCXbeibHdiNZMxbgc3e6qAr3c3RlJzQ/TX2xC2tzhiqeEmHPXnFPbBnPj/SIWO2zhjRU0lzJaCQNBDP+3FdeBpQUCx4HImRde/KvBttvmSyOR/aq8bEwrSKvxLG8MO9jNc4fl5Cc6cJGg6u1XyLA67RLExVA7E7tI0vR6C3QEuPfrIFkgpiiRUIJGgkeBAS09x09mnvbKWIKSFpxPtpzWsJGKf6+/eHUCR+LtChO+VlIPWz5JHNsMFC2dLzSRGhCCyfef89nl1FgiiCNXUckRmflMcG0wTvx0LHrM3bz33mNHI9U6CS92Z8l5zfQj4Nzc0ga/Bc0IUQO+uP71Pyij56wKhka9IefKGw5BEn6H4sa/apFrU+Fx4GT4uNaVSgorGZReBqGxF6yWjg8TmYI4W993Qz08/M3LgiJwfmI4xSN2FwaxeSfInG7nghMg8fpxsv5fY7TG6Aye074ksDOQ1FRdtc/z+uxkOUWWFIxSYVtuhn5ktMx/6YtJOpHnCw9o+F+ISxqShfFrwe6/kSFNQFdbld/5OgGCA1x0g3TlduUGvkFhgY82N5UhKabFmiEoflgHePnXEMPetuxuPbR6Yhv8v2WcPVC85bqcZlpQuOnSUxhYdoUbiy1aldBPAjtYZJh2V97vFCtW8Bf0vReBvCGY6z+aEa6z9a6IJrA0le6C2EYC8WS3FrrEAp/YKVX+UNbb8FiEv9mxY6ggXjqzYMhsdS187Es2bil3hJm28jVXPpE9Rf6xzN9l20kgboEmtxYqZX8Tdg2DGK+I2ae/52KwPw7LRS7PddxNv4bU6AQ1/bma8RkFzd3JefFquH799TSaYVAdEaPxzFKY4X9tCfCj4kSn15xPNGx8EZnGDmSapas3hH+zdfQhKRrXqA/PohsMH3LrKlYVhTh5tigjP7/mqQRPdTXOK+s8uGZRm18Fc6GTj9ltyntf6Z4+K54ETl8fBtNHfN4Ox3iu4Ej0aF+Y/7PTA/5ZMUP8WuRcWzbnZNuRVL7OhZMXwGGUMYigwj/mf+BcxpD30v8LTYcUeN4fD50lgIOuHvG1y6j//IdFpViLhR0C55/o9KP061y5CHLgJeRKInTBt1U7K+tT233TmIEU/geJjKZzNfME+iOP6ZPWZjm74u/rdzway/BR1BS9kYgW9mjrx5FpnDojDPU6MdsUX+o+bcCIC6e1t1VxV+xOCOTe50jcS74Zp/sHaDpS2n/O7/EfwsCQyM5L1Hqc2Kx7Dutncdl3creS/Fvxknza/nDerbegpyz/bU8zAfn/OcYG5Lkqov+L//CmYSNWeOW+dUL7OJ62f/5y1+G0oNhGM+ofuMeJYWLyM5vqDGW7jHzf1cpzP3gySlzUlhybw42Hn3f87CuFltLcvNtusdVD/99WsK4BbtU2CjPulxaC01vdEIhX75ujP/zyxYnNaKIk0ly8onw39kt4O+cEDOvR3Mc8QE6M4gFuWRYJIFex39aefENdkytOYTDcOzVSDfIZT3e790xB9t8wbcG6wtWWHJWlV/xH26QOPGq0IdXmUKv4OH6+ryUZcvfa7l0ID3lSHnQk9/cxq+qGs3H+FcV3DETwn3h8K5YGUVZwmaVYiwh66v+x2+bHrv08f7n/Q3hzXCR/ECv96vd7srt8rsoCSV1Uq38j6z/utAyzl3O6fKwvhMOp4JEBO6HLv9zjWSw8uc0MI+69zb8Msv/nnMzqAf7xajc6JXPmMJiJUFWsN7LIdK52mBp8bv0t2J84j9Gp86r26gXnXrkJcma6H+veSNwOrArerjssQrZfENyezpIP9QtP5RZD06Znfz1uKZEFKvsc7ioG566E57l6wGQOndrtYOJ1/Msg3+zYk8my6LGwqIAJ8WeRKofz/ePgeyKnqeE7ujuKiKL+D/rRjJr4jJxe55l6Nj/7yygsGkTWsTzJDDo//m2f+XpqgI6xg6GqvL/Z8bPYyEs0BUzTsDRB/6L/z1FSJFc8NUKJrny/7nr+fP+/k2OYNE3NRPdo4ZOeFDpKJa6AadL+09vPUCH4y3T9y3Pm997+MCWaO+6M/ZIA0d19zsEqHaiLF60ntRufyxGZ/lGEqmugwtoNla6TX/31CAfx9FN/gZ5Ff/zLjwjX9Kza0udhgs0FCzowStCiOGUFugo9odqhqs3KGUm9E2A2ApGSqtz/+/65Q+g3GjkQXL288lZWT1cM0/+EJuPse2pUvZ5Lz2YE5KOXH1HYkFPYxw1DxNWnPbimeqzOxD9bC/OxzTz/1uxQfmt2L14Xr80jsU3hIYDzfOvSzfrdAbvQqHUzsYQMX3yrDC9I0uYba7axDgeKvNX/u87G8zAVB7s5abz8gPQ5wpW2e9fbT2TsOzJr+W+1eivuSbnjwHod78tUkYjuq/l9o7HnoT/kwLx4eKYaX2M+zm8byuzPO786+33f6dC4aDa9A6MGkBuwkhgJAamQ2b3uF3kR1Yx9c0w9o4Qf0gDuo22RRZhMAv4V7GAU69QMjJSV2Tf/tdxv8HUgQFMoYUI9F8mgDwS6uE6v17t7fri1lVoTBEXetz6+b15pmacHGRtla3/4AQwG+kutDp4O+6Dc7tIsv54rfSgNkYiBUH0egkgbz8ORJDW+b8kHXts4HPugZovEWhQoBxNO68FeXKzoBiyL7/9YI9d7tI0OkVlsZV77C0QbK+bdmP8up8LE8ezkIlIIKt5jSE5lexTI+vl23wGh3crbG4sBuL+vXpyHGWfk+uAflB+2S4EdWEPgO56noFKmOb3itcf+6q9sUt/fFc5HnYFHbez9dUyN/p94Li9h3D2nhXCM7H7Xz7JgxwLsOK13wBHHkFLf2s5gGrHLt2/YC15kfhfayk/lLMv4MdiqQOQutl8Lui/6lXKDqT1iPrjXI+cAJ8N0tu/AbHNr99yirk2lBkqxgRpn1z+3+ywj9zolUWR0ozzw9+MmXkF9Udpcg1XsFCjO/9lXhsfnVFvpa+VV/Ws07cackzkkQz0XjN51frzF/92e/+32yvY7fKGXvX77TjJqyg85Yb+e9Kz30lXZ1XhqLkFSW1uQk2LgFT0WaMuSLiQuH+nP1ARpp1OEGYUzVCFXuz9t8t/EQcQDEHTszG3rtPDBpd2z2iH+CIZW7j/iMBbkDT8RgppbGXm0VZJtH+7U8Tjnrn8iKuBm0Qx6/z7+dMz/XOWD4kMCtElwdQrGpxCkQNp/M5ra1b+zyP5YpJ8C2WtgO/r4cbxrS539GgpzdUNjEwChn3o0SXz5cuSFnp2nvN/rrwxtVojSwTo8O1cPy+b1kgSAbvf2SwoMJNEdf+6b7FVVY/BogXGzV6BxIS7KvxFISA/0dgDkdug9hW2+zF43AfJZP8s1HS9jbPLGdMcCWb56YaeNZvFwBcFIB/gC7TuvFg2dCpHW8pKdQgXMtXftLIAjS1gIN+JJrIG378Byezkb9b2L7spQtMBuu0CoY98XqZVNj0zn+jTD6OVKDaM+IrmhNnaz1aIj9ETzXITve8IeO4vwxpsHHWEukYGZST8YGvhdTT6apJy1XBACbhJBVFLqJTdk42a8p+WQ4SMUeIln3K/95QGynurSkO3Mr5h9+lJ1zUlqpxuzhcd75fXnDCt9crLlqwBAHesJIhnkzTytvbdyXtrZ0K/yhCglgFyEqW3Mi6L3HejvOE1co8Q3us81pUOECFf9+DzjtmLqlLj62z/mdfHvFm+wN5ByompWqhYJ/S3tKZSGsfnUfnhZh0kpgJXa9Xn5+ZYP+bMcHxBWNILHnf6opuHwRNoMY/HGsOUhoQf43wW1in+nS5g/J18Pvn00ly8+DTMidDI8lDZQ1mp9q0KDMgiaP/bg8bgKJY9SmBbQotgwZQGdI0SSSpP7QqdHOSWnziF+qjG/0N0K6v7F9gbqQwu7gD1c+8v3W4nnb/a7PMB+bvVVz8NsiqT/vpiRPALizmtoVT8l+4h8Wu7d5xhhXPcMK3gLP/QFzdhPyfrptQS/OInrgLCq0OuokPvyKxiJ2cF2itp34/kJXdvVB9Dez6iiRLF4D6z+Yk7xT89rh2ysSwOhSyLdqBDQjNo12sxgLFRy79RE//+1TqsTbs4clIH8Ls+hPMDfuW5KCGhM/DiB2dVo4nran1nBxau8gXs8Zf9a3Vkwmas9cvG1JWdBA+xJ43sjPhWH6tTN9rNMTMDb4xmcJzf6eUdHbNI1Xf7dHDhZf6VA8NyQQTB8mLmhavteI+0uf62/zw4ieNAor6jnoP1TraUDzh5v6Y9jrfDeMVB6uRxbwBML4LIJuFRy7X+EJXBWA+XEa2LAR6T6uOZg6MwerJtuE0sdeTHGl5Z/g711eDKSzjj0CX+tL109YsgJFUOmffq918lWWkpoUR0oBX0q91DBjof516vcX9oFGMAaGCxdL3bKWHLqoK/kJtPGusRk0hQlSgsKamJ/1BoybKdUH5VDaR68V71gdvigZDUvo28Mv8DDAfEYd9fc/rhAbr7+JaBogc2fQh/WJQJOGnGete0rebcDnIioqIbIaWRnie9xoeLjSBM1Qv62m+lmC9fKPLq/1QSvPnLurb4ZThH6tgVAYu0IpvdSOObEav4K/KQOlSR7vyQlMWy0Gsq2H/Isnt2hGJVbC7aA0YGpR0RgbQJiyZfSB5ex3s0cuyVf2n+lgSdUnmj+NdazGuastos4mr2SEyrT2D8vO8yktOGBnyMsfYom184LibJ+dtsShGh2q8qAJxZUJVAS7o4WErbfRP1GgXyBL4CVsAsvkvYYHOdjQaSGSrAhUR1KYFJCZszfXnxGf+b0JM1il9xKql84SD86E3ID3Kg+Maz/Bf+HuFaT56HA/0HctFGczQdJvjzC7Htt6OX7AqZIKdlwy+ee7BDjkX4WeBwoYwLhnubNeKmXmyQR8w8qnh9RxVBaNIrbjpZIS7S/+0P/IqXvVa5IZSnREp/if9hex7sJjTSL2bCLCyfp1VOm/7bcgiRmJzuF/F7/km7CP4SNHwrN5AiKCCrd0bFYiN+QwP/89VfcVofDEyMj0HaoB6eQXYgXsnYQce9RT7sb2zzxeSP67VyINPnsQAXH5fRnCufUBO+RGbT5PZgMzSl8KEt4IJqUbFJEVv1/6ooIi5iCPQVeop8xs+jKBGLCe7q35RL2q6SfGtqahgr3xrmF1+TGfHnE44TfVYnqHqLXQuWerLTiiN6fc1+JPvAs4eR7rA7yOV4IsuWgLXcWJktYVIKPGJwUlPcaJffwFoy+NkMzNoLF/nmVmYFvhtOaBgYDcrla4TEzByhssJVBsNw84JrE39X1eg3PmWRzMvRHAX0lxIZs4Tl2CRF5/k6cNRCL33WIyMCOFQxbYTG4GBAQyYuMAbvV+fmPH930bvC0ThSqqoNNeeXPJgw8Vi299si+Vfx67oEHGTP801vJ+M0sEk0gvXN639YklVC4pxZdNps7OaP+/XlBuexe9dvP/zYV1rttXh4AJkEmtOUlqbQGKEjLgMEw85csAX4uDjUthHI7oe1mkk53AkIEgckR0/LBwG58GwzK2UGke/3CbPN7dn9RZXadPXRafU8yh7bJwJBxxqhewVBBDwq/C0ljd+ET7u9iln5Vne0/OkxEeHyz3+SWUQSdP7aYeBc2adtD+x55bqP6ec9ikT7Y/CI6IQ9IuaJBPmAI14KC2H3CBr14cr+eVJpxvn22bG+0tNY+DOYjs/MI037cmCY5DcSOo7bJGcaTxr/v4BWsO3bBZkqWPePndqPgrK4VcmdmQHXjWrFhnLHnSC9PfNf+YjvSR0TSPU6i6PY0JbNG3qEVOWXxz0b3BYSlHJk+JqQd2xGQ6y93r94Uxp+jnzCNCkN3+ZHaVzJ6cUGB1mtDsFJTZx94URobWYmNR9M4e1Wcm6TL82+jLcq7gxs5KeHVcp8FuhOSMQE5QfCmw2+Bg8q+OtSA3PEv6zDBfICsVNsbS5W5PUrD6/W9qJquPt+onFqw9ldQK/ZZx0MHYSIwHCTLSD2juVcI/njESyXgu5GMlBnXB5uEdA1PGjLd/6GClScmO0Rc4q5Tj9fGtjnfJcPWvedE65Jj3P/kx//LC6/cK0SG1BrAS27I9T9snN4mLOHwVRbpcPavkUIdhXpJ3AVLGskYKvEgdvY5Dsi07+7uG0EW5Y5ZlWhMJ76MeGcebUeLoZ5isQLApw8v2aAwOtn0HcTE51cIciRCMG24/0L7Wh/gm/8kurOFD4K474eFf3Q44CRhLb4zBLl7/uGkl4eIiP/y71J0BmslLhl8FEZMlc+9z3SxSTgPg3cZ+Ab/y5q853yOSLJ4KsIQIAfRfua+wwZ+5Z8wJcKa5Qc9O/QGH9NE385xUomaQYuTeV8vjoGOJjZHL6Cl7ikoISJ5qRTzOgzJPecI260mza5lHlaKWyZWEIXEv7DPLA/BJDuJmhA1mvJjvH5jWiHSFgDdT84YUMXNDMFoM9tN+9WQhFgjYashzWw6l/2SqboDKhN+5tMOBHd6wstBNzYSka+aXgT91PHjPd+pPWLSPOumh86AhwVQJTyH+sOG2HuYXLdQy7Z4jSS3mV3Sae8a5X8EMcHYXyI78Zt6JvIVKRGtw++wLv+WI+F/Yu8wgwovcG3Pc/gCKq2PmIubJz5vOrmb9UeafUuSpvko+bucNWEs1Kx0pmB0l99p9QZjQIwzIfSDiUCMmBmzsBunO8OHfcJ8yCtXmRYwcCExC/nk1pTb/qyx1PlJmeTNgB/z0PRONRXKaaMbMfdcdEx2LisX7GHqhlVtzDaWLrygY63uCiuFBGb2YCFB2quD5SMI33ohoOrPilRKb4Yl8jZNT5ymzgjXnMOVEfJd4A5q/j0TbC34h0wEMg/WJg0bzVsRUMrs9KE7aky7bE1H/bKSlcMq6Nn5WYKqc2H/K4v2zxGYfvLNh6UzAiG8ZB1NjYJe8FHR/jgZ/2bX76imWrx8381YFXz7a8SfBQjXFSCsbZRYo+19qGSvMMb5b+OITSNY8KPGv1sceyomYZNozN8U6BZVEl5l8EYq+HaSeWUner3VYwkGUAvs0pT8rXIoAAHT4/vCeeaF2D1nr42d+1A43VmYnIX9suV/47q0InlLscMSRtkpxfjBpf9R7vygU6Zz0vKMn8S/BZGfCsKH92vjQ80nFidhrOi7Sm6Aghnk+Zd1aviwUTnNf2sKkwRJ/rAaVuuwIHpGe5ZboIUxJYnTFEDNY38wp6p2+fLyCr3EDEKQS8nVL6yOMnIUNBhxuLBWpET7R/bBYx8eoouSHFP/Y22fx4BlD4LiQi84Id3mWtUotuKC4/bpvcQiIcKx+twtW2AVBq9xYNDfjsQo0mZqpliMgI/UMW/WD/1OVGbVcMOTCKsGh/iDvJfpWK5EOj27Ko//FIGf8Dn0ezTnEz6J+rRoFAPCuiCaTMCyfhsgHEnvPyhikiDqvIfV5kVZeqx6gT2NwfuV16fGacAPUc3nh2JzSaDefvAAFezh/SSrd/o+Fkb33qkaG3q1NNX5f64YOrMy56eHELp0oln4vQd0Q9oYsp+WeS043l/OIjmmGy9Nkf0HHQH0q5GPK7NWVMDfCPKeBDzS62FJ7m+j1qKvN8wKfDFNMALpDPnSPt7Fvyy4o++k8qxqyJPYWcM7yWB7qPaEs0AKm2HQk6RtYkxyMwlMDrjARrA45HI5OuOwZfdYWKJCdK/Coy0vjrvxc6gyeiWuJ2JON9X82ItxoGGWv5Spx6+4PIz7Z/D+6A1zaL2yJ4eSr98GHmFv+w8Kjhb1JfbXYWWsjtjkj5eBh6Ivyx2YGE5MkVqtYTSQZabsmYtRHoQ/YYSVy7fpG61QwDjVKSLF3CAsryx6YnKLJcD0fBywi1GV7sLrG9mhhFZkht6tF8coPi13Kxzfw2nndOe5ZDCBKqtr+MxUN2dTgY32IyMiUca7Ugq3fp7w0+aJEbkTVTw3h19ciKkhe66jwEW+eVl4FBG9y03JTfqLHbYzGpy78/VIesCOYYQMhTEJY+0aUpj/EYy958EJL/pbTRZ83M177vH8LDCvYA/X/1DrCZ58LlTf6vngzTMfLfoLT8auFXX5/RBrJVBMAP5Nv16/r5+9zIzUV3g+IMgQwk+QpjE0EVV6mWb3KZ56Q5f10H6tgkck4W/6h6RK3pTVaZJ8ljR+8q307gUcCJ3LkygWgbOT5T8MgSct5nO0UWaZIKUWuvLWgjydlxOdp8XQYzkk/YHkaN1ZqOkY5TQsWdjWQEkxeaJE7TUI/ogqeSeTNTsv77Urw/19dJ8qmDg3ZY6q+F0pxAXNCWjkDvexwbWNmwQgJ2IdyrvorZR44uG9IL/ZbQLSV/xnkzzsBDC4kNiVsuUrxgDtaggS1FyhsUau2rqY9SR5jLIXm/EBwm4n/yMcMwkecb8Imf9GFTqvJMM4XdaFc1h1a/go2zYm8v2xmDerO0p24BaZqo0sZS3M4k65Z9yqVJgzH1/yaFgnzo4ifFQDsyHNAWfX9ff74j5Ogj4y91XIZ+XvJ9FnK2d6DMoe94TYj8XmPOriFs+lAcvfcDhi7+P8MbNYGT0iG+bKeVGX8cIuvK1TlERgEqg5OFrZYbGrR7jDsddQHziMmAiuYS5yyBeF1n5/Z/pyg5/OZBwKrdIJDZ6w2vHBhnUVeTOq7YXAhpmRy7X54xuf3dIlzFGWoMxN9Mu9W54s/xuQYdlNiuiCG4K9K5Ra/rEfsmAWA5LyVKqqK00hVBzi8LXxZ1xqaEiFXGxnHtnfGzXh2n1SGoHyD67Kqa95GFQYYjn4e3DdX2k38fSo+oEshnedR0D+uL0CqqN3hlw1XfPHWV+WBsJWNuRKJlNdG5jqzoGGXi3yq2vuIVMP/YRR+0s3KsMxWSAfzfuB93b1F3fEvBITwi+Cv6d3u7hsQPTjAlTvfVDdMqOM9ywBRm/NX6+4E2asHvs2gLKQX0Aj9UD1tkvF5ieuwrq6vmAzRvxJUhebRqCfCivVZNW0ajqjDQuEkYvPYHRoqg/dPB1vh/FGb9jwVUhUlG546E6rUxLLiP0pAG5WiMREofqNnYykZn78iFii/S3lwS4VFzzRq/m37S22j4o9zMeWB6fYO4IQp8AAsspelU7Pqd0XSFnnLuLekliIr0+0YXKfxE262P5f/g1YuSVHH/DG2hiC8II9g7goJXbJbLP3UvsLw/XUjanWH8r2QV751a/Bv0bffk8b+HkpY4iVqLVr39XDGJHpUfzu0Hg9bb1R/OopqI73baULeCsxXYqZF7abH56D/EL1PyCbELKDf4qVQ1Pls1I26bcyaj2ATHvV+LB+OyLfAYPK6Vuv86Dzy1W3QXku6Z5stzJLzC2sP76bhqrMhLckcehXQHSyzBGZh4C6yAnmNZTQLzh9chqhOgS+vjWiw9uDQSUNjvisEaXaQNF41w/W7P9u5Z3G2nL1eUs7zEI8Um28bWCs1Nr3wEYKnl7DORKKaanbh0s5WcA/8Z46Z3TUYQBp/ZIgGNIs7exRV35WtitN5PHZn9g67H3DR9wN47REGl8Co+PSF7VaxcAkprvwav5rm6nhp4C5zg00yz94w9zvY+N7rUtJHLEuCzE9GzI6plh95aQG8bG1vmWD9kgQAEJwCt9mFJNwPSs5R1ws0W9iNw9biLai8srzipNUsqmUWxa8sEj56dbXN0nvlw5lE0v9aO57fc66vocGNCo4DBdxVN61uA9jd1bdOBiTq9+yYliD4RLPbiq/YR31SP0/oi2oW9Fq1w2wkHyq7qVXnfCpHo0HBTqh/2o8Bx3ms9jhtrAYmYfJ4NToLU7Ouc2emXnlPvrWo0lRmh1WdXNwc04lFggCKExKvGxoQqC8jfhta/EVbdaTIcOBOcm4jV5Vg4kbCp7VoH0mLXrykIOux01AswciIZopCHG27uPAOzKXWKOneTtDSypN8wmI5el5r32OIEdj08/tzhL1fYQhN0LfC8wcNPMMcLHWI6FeH4GsOn9+s4Tcfr2tKin1hvM+G6GGIlGs7QzI0695zzoS6gHx7ZCscIMDcQKizXM6rVE08S17zPQGS/mlGMtqw4cx2IW+wW0QIlfibSwuY7uwzsrS6rw/WKKQ4oNbuHCCeCPVaNUoI6Bh0AdwWH6hqwcqaB6YohiLi00gn+wzbj3H47Khlehmt3y5Yat2M5fT02yd4iLVgxyuyziYJFxQ4We1+FD/DwGeJqAVREnZTXGr5f5F1cdx+7w3e9UiPGzZu1buEFwqFT0aZdI9Nf7r7x8qtIomDSO9VHL1Uh4Q3N+DLTiB5vMLiiZJwtaYONFdyHI+2dWH9JEbO4Fqylgdw1LwKpaPGyK41O+CDBD/lOSElu8kh1/iw9J4kL5ht9iR6REZXwvLIDOHNG4GR76wELINy4d+HRBq4g9hDgLSMMe+Yu7WL386su94pIlC73jQt87z7HYDG+NeSNRp3+b8kEzVL/JSA9U76ItbzBDx9c+WGNHFAoKpVbx1qPJ++Ec4A6omm4Yqx9CNJ0KxvNAXp6P0gNqVNH682gVrF1Y6y5k5ngQ17tC/UBLQZ/gFzns3t3aPS7kuYcfL690AgdOcrwfR1FtiGTCgxa0w/8N/7EwCPawU2EZ1WMek/XsMfh/d2d+c0YklRPZ0dNnSrfKHWQIhkNDPdBZW6UP3y5QnZR1h0fcbHn9AwJ3D85eY6Hceoc9OMxBVNcOXVl1NuKtfFKCC6paW4y9skvoJU4bCTpBJEdW8Iv4YlkfXlXsHZYoHXpH3CyKDxmoYjtCBO3jlICq6Iq4Grv7KDTcJZi+vWJ3tevfCAeaimOJJ7ShzUXYxJEPvxH6uLsAFGkSUpcHcZTp+lAjYChxZACeUNGEUwpwgC/XzO5WshCu9FV7EJRZVeHZ+iGh90Ma0rfUT29vFZSOij0xzpvFDGnozbJa85bttBQAkJkjmlTy/iQPQpqFIHtw5LNN7OvM0Nds2gQIc+20+FoHY3lsZ1T7o5hDM3Fu/i6BbjrRDBDosTrxRv/Cd/n4xYFjTM82sqXT1ix3KfM+eC/ySdrAwYooWfmKcDor7OKQMMADu93BQ88VeCtL5vXu5+eCB+obTNZ4pT1vXTyvCV3nNspi9TfaypvGDRWWKFBEFPH4mlXvRWXeHLZoIIEmfy/Ut2Pm7QjeNWBFeyA/+DhK7d5xIKYyRlQEU9Tl79eubmTHtNJheV+TXaw6Juo7eAKtzsmy0WHGF07UipANCAKwLL/pzErs4Dr6SI/EaKKdA006FkcLbBULyRNZgivZe4TM3UaKNQtDD4OyGWSERCkMin3obDR5Truct24F8LCJxoyPdwrQ6MSTY5l4iUpPcOeUskIYBrcBaKfoPPKCXEQl459TfIu8mMFPZl73KVt3e3mnumuNeAskSD0i0KPiYp9PA2W6GSx1L68LXg7iKjYc1VS/KvhvnKHmpDEhnmfB0dWpc1fCUlpFQ5Duko8VLF/6EexIBVwPSoFFeeYQ2Rd6hFcmIHIX6scamSa5uC9Y3YPChWSQTyXaHwrmZlMtc4KqVZRg1HM78lA7Pn7c7HVrw2MJ4hSe2Nvg/d6voFm+lE+zycJN7SkRVTIsJDAHr9TPi88rgsgwUybZkeg3om7qvfIRo2W/0N5K5CdOv00fWA1wujZ63AKt4YQ0IeAreCPhoiQm/i7zM7Q7mkDfSE6WfaEaoeUPmJNKFh4FZ42E4un63GO8TIguJWyVAh/l3sZvQMEK55cA20NP2xcYRtG5qL6dbhIf3rJvDIRCgU6DXT7CF544RED3OFzRd1iJ6V1pu05wn+PTLF7Wc1oTEw+Nu5pHh7MZ3/kBR0B6b063Y4reKisC6G0mymqApVuCFHFxHHT4fve8dWh2hU71gUC7EgjdWw1aNwqs6OFPIrwoU0rHw4J4cCkseEY645nvBq5t+SvmLRxVwnY1Q6r/OR6mVm9mQRCBYe2oeSGuRwwfckUYdNn4tiiJD4qMuv1jRvZSDdi21TlJAph1x6ZX9H7IfNMfMCTe+AXL7aOXdzTBfGnvyuXNUbhs97PV4JbgRjDnIRy342YucsB3o4prfOxK709xbbI5gYUhbewZyRbmjeWqxlgKNkeQ8s6a6563VDlMCgQkCDOxp7yYRoZgncaBfGn0wDF/z16FpN/z5JUQVQAOKp/PBzyEe1m4iuRldv8iuQ+P/EA2kWkCNEfqbX+caBmL+2EMY2Yd2SUcARw+EKDNF90UCGrxGM5qJdmSJGFwo5/PyLs3NC7mUkTUNsjGYKOtuSZcpCsanIBBjg1grS92vx1kz1lI/1TDg5p9punEL5xI6icflWGhVsAThfCOk474XJWGgBd+VX+tjFg4PlHbXsWjY4dp3SURTS/+QI4v/lhioHrT9dXF7claZEzOPp0sfB5CFvm98Iwi+ORoZy1dOSXkrEcPxLvjhMi8NjqqHBsUsveqsbq6WutWHX1ORNB6TA/N94d6L8So/9XFYJtOWJenj/qX0K44XeDiZULUBQH3EusKgRSvt/3orJTBljgpEWuT0VjpPlT9GIwVcrr0u94xUai6g3CpFQRfZZcDP8wij3NcB2FmxzKCd+NxBzjMgq28ui/N+/O7LErl0TPxCJdpJY5WaiIKycShHQIFa5Hl8fx1aiko61pjjTJ11COTseUIoRrMIshtdpBqNgconY3Knq/kCh7IK/vCRJOt/RuUScPLu9luC7KiPTLjdu+rJOiJ/YgI1NlLIFb6yloQsQr7SnAbgtzvSEbTjH5ZsMQcmyTkHoy0uOBNCFS8dVYw8a1IxV9kPKMP1jZAFkkS3P7sbCbxSeGHWRDR9iUBdTpLV42YkUTfRGPWHQSDY+lUdES9LCTY9uaK42LX58/QfgV4SiVGbL7qm8EgiZBsMjLa06w4YfL8R+aHalUq5Jrea0VNoE5/7bbx+rz8F/fm3nf8xQFPUGf9YK7hK9UdqRgJMgV3WVjmosGjBT9yeO+XCG6G9YZ5BIoYIUQl5At/D2VphqADa4wm0uBP3Miu7/xRtLoFldWjNt1xdY3zRdteQGifxZ1rB+2eXYUn7VFEcrkXCzod6t0O8dq22+jNa+13l5uxuf/6Za7AZ8XZsGk48qy2vEMc5qOS3CMfSPeY0qJEiLeUOS2xiWxsVhlstF8YMcnS9c897xe8hYeXR6H89En92goeNqYgEkYbPsw+3I3te5gWu8PePH/1PnZzdLs52fctLH1/7EkeJyr/mbNKA3sYigJQdP+SZ8aW0bMUxSgmqo3oeT2kDPOEc8oGbrKDZOf52IIJ/uSKcgJj4WaTvMlGCW9xrTxaRahbXImX3RqYycpe0yxnTmC+GDS4prKilrU7PxPw/yUrw1RVRygZx62K0cMbHNO5mDj7XXz0RMN26dSQZGiPzHq3o5n7H1WPi/ilwpo04yUV/uUtceIhGnv5qoteqSDf9o/XVtXGsBOJSkl+vtsTF4oEGkI0isjE9qlFnZ4NEBxD3u8qQ5Nzqu15gUdY6gnq54RxJ1A7Hk9Q6k8qUOHxAyK+dH0u192umXSkwGYh8krcuV45CjEIJbuBk4CMc7GngtYyl2nvu0vFw+fn9ax9Shr2ioOc4pfdiAJmtdszur5ROrW5tx5BIwoT1EdDrCgRUNzvJ3Szsv2kxFdfeiax/RoDVQhgo1OlKuuMWVxOSVE/Dk5Q6Bl9l6gHLId1Es3+XLgRFG2GzH5sE/4qr85P1r90VhGn8UAvRaK6Br6pFLuOdFNk7FDcTKrwrNSYWS1xIIP4OilJ7+wqDGogA0jnyXlVSRSM6a1FbgjKPBoIay9zIMNFu+rYdengC+0O7Y/TIdaKb7Uv+rsZHS41Mvz1+Cwa2k8MfDZr+JFoGH69HYYEcav9zfqb6FPbVMFv/lCEtr1JzZpojP/KVZUzrRVziQMiIciN/rx+/TdqPLfONAjIcN8jLs0yi8vxj54ruK9AmAG6uu7vnLPTQZMrzW2ZeNNRLk95We3rPjIQvlY9kpiRS7zhOKy6zwfl6elhHcIn9sV3tLICnmjBMJe+ZQjgBANWAWBdWQjGEWVSKpBkgBEHBjYHHtSFyW/aKlioYeYHPdH0RQkJ+OYTbVWjAIUJ18JrZapehahIu2VdGJlFo9mMgkQeGNnlyIX1VfaVfEsDD30ophB8o3obZHZyzLynvXsX2o+WW8GEfIjmW2tlgiDm1MRfOP4FRbroBdVl0zKKGadr0Nn2zhpkOfLnnrUrOnwXspApNpTN9/JSqjeZgwpYNqVUASEHF1h3wnWx1wdmXo/0f1MtfSy8SywuxO3+GWdbuN9vNpbyCSG45dEmTWn5SCGzV+xxW+U3IA0PImA80x4JyFGrGp/XL1Xa0mvtYdbJ4FOfLYWkPCcPSkIWM6u+fu8cW/s72/Nhq1kjaLhDE3T1rQDtKdgDCpyv7fHme5cMzOpoFrfvz5x4X8+Er02cQVWu8uLm98gT7MvKlRebp0T3eZ4DaXvtY00ml8IVflzQhW2CQ3QLED8xj2PWmjOeLeY1qculqcMJ86DXb44zmFom78xfsoC5xr8pE6FbL9K7U1O30R/b397PkvBYoG/4bV8wzVfZ/by6K7uMJb57k6PLF+YI3kxmkn1cvDgmt1rAD1QuZCZo8uGgRylUdeFmHqYKlCskVWf+loAfDgh90oDWXe1WPmwOuB9Rq2lrZRoIOi4+9433I5mfuhbDcHmHgbkujAGSAMStapoROh0fEuG63kDPadO+tOZB+c4B9Qrq/xwIjw0BzlwJ/zwHg0A/1uglQ/oFGa1nks5nEbYSiHCBzuo146TDqNhv97cU7dcbHtIJ8nj6twfDb0ueScX/1Xn4vm+S+5TcKXekvZap5AZF36mxch52CVsOkPKoKxdNiCHG3vIuqTn64zdzJ/ckZapf5pf0dF74bn/XRVgZ0JNBDK+lKuAHGQxkJD92MWS1zMhTBUZ3OOVbHXM/cVMhL0vnyXYKgeejmslRvRpD/XI7hlzct+aQgVS+TAktDvIY+DB4u3A4fhVCv9CTRvOOaAVtlxSKP2hm7B2alLMvcvQXbv3A2d0KysrK136pntTUljasTN11K3PC+c66D+QH/sjv9LZOs66r6iUuSK7jXbhZfmFKtYZEL7x1dngqEW67z+6Cr8dKoa+SC6pJUHnUWl27cJbtHqBpEcZ0eXBYOYizhs8Duukf1/JhFG45P2YDEEQK/dLOrNAn9oWw+j5HKHwQ1txGw0fDf6NUZe/tlabl+iGmvI38xSITZoezJsxTkMGSsdrivGgpPikzqg8+YtlZ/NX7a4ZWc737hehwKLCQb22V0vkt/DbA8gU1tvGVv+mMO8VKe49n6mVSwP08tgCPOXzK5kjt068TND1Ela/y/lChdn7UeQhn38+7S81LWlaZiSIvbv01CmDW+iNIN4zH8C8dZ14UZEaSQCX0JMmrNoqU7v4UjkbjIot41kNtua9CAT4Na/O1/ux5gdR9p0JorG90BgszUd2cuXn56TQYAcNIVFRbVDmb9lAaggwTB0+P38BD7Q1L3lwfE+/ieLZIQNiXqTd+5bE+gubUO06jm9sf7rZK45lF53FhgxGo/x9t77HsKrRtCX7Na1YGRrgm3nuvHgjvhYevT5b2ufleRFaz6jRObIGEWWbOMaZN5G5AdLGeac59ULeAt2Q0nvwyJNTafAnZfjET6merNnOt4rai79N5AXnzSJupjlYfNuFmHtglg/06UaNkQJnnsiqlVxJZtdvFXN58HDJZYLX9gG0rb8x+7pR1Z/ulJEz0sR8EKucOjK80jcYw2FFYAJiHklj+sUtMqGopJUu8WJ5HD+d79H01C09WfGnVduGiGr5vfDL3O277Mai1G/Q0nwFflsXBPs6h0UN9zm8HGYWRpfQGe7xoZ8kjsxz6hCT8e7glg+3+lydOXcbZOP5p7vNlehM8U2On+BYAV1UqowyWh4NgMdE8Bsnehg18WDtKXJsrwogvlWxrdZtg4lwO+rTcvF6gLvSKXZuhUp4Z3nzLG5UhP9QpgqVoo0Rbnny6x5VdWqXueOHIqk7A8zLFX2S8miMx3QUUvMPieW4wJBuSvnjU5mdoMsxqHMU1pXF/seYoig8R6ZxSwVvjvWDj8ci9QKenMefRh19TexpeMdxt+8HI2fKu1sM8DkObsCT1aDZ/GJDqTW86G/AEncNHqSxCjtdMIAOmNo7PirWMCT8zhtT8vMTDbZCY9yW1AW0QOI1Mo2BDb7gdPf4X8Y3aE/Bk1kS8fjscuUZpfaFCuIBIGObuthWQ2QNs5JSFyW9jtJZofCUbtA2pPo51rLPtsM/jPLh7zTopXjAG9fFmEyQle66uvrRxQ+Nn3cCLsuKRtTbvBqOpy2ZGK2KIXNbCbk6jihLZxly2Rx6z2euDLC2sRgfo5P5xIZi+2KnEbnftFJvBmRn+IxdEe4p0WS0yTqPpaxrANkp+J038ujli15zzYV9URev4Ikec59VNoDIs6EUx6qnlo+w9pUR1T4knLYoU0MSLePigSBW1XOYfiESAWUomRf8oo3TnYzPduLaat92ItGczBAT6iu/pUBLkQ1gXUKyrF4i+lqcaPL3eowFNFJFvO48Ss7IrSNoP1BfD9/0YsI87PsBesvuS2rAyi+w2PotTtC+IAR3bJLO7oyx50Zjlm3fz7BRxhhEi2zOcmV5hNtxlh+Hed9LeCNUaI/FOi8/989xSx3rjSQIioYQvzhumBkLUSrrMY3mXCCrc9bD/LojwxrOSS0CrjLLMN9xbKS4C4LCc+SKt+lQmwkbvQQxRVsk1RCx0HhNOsc1Fy0iqXrZpPZX9Z5gwPNzVMQkWKJAGIbz27/Z9sAo+fudt/ShS0ZfEndd5HfU0trCeT73uUU4Grz8eGhpBLVP6JR9yR9vO0b0KvslKgxHPY/UR0AH3de7TSxlOITbGgBBYjiEGAEn9vhmhdLkZBP2OU5wZst2D6Cn8sCE6KiiZ/5QQb9ArkcRI993z6u1U3q+qK9tqdO7B6XhfLz15YKw168/2iyIEiofMUmyff1Wi7Y3j1OXq2wQ7Qsu85RGMaoHoHXCcmXPwvQ/7Cn2afjgw03K4+uqBIT8+96VBICW0XDyT2BOK79FVjxOu45VhxqFktep29qN7lojoPvBwl1mLeyPOcG3dT3HCLxPdtmoVLcQl+of5uPLJeQWkY4ZZ1pDHciXSj2uP7OY2fh40yLM+dfCARXxIzArslzKXX66FbFgn3G8+lfZrc9F+N0IraYNuBJV9SO7DYFyQxXbJoJ8ah/1aUqQkPBfB2Lle45njOnr3kfqMXctVGDEv5oIJdxGXBWl0wYgV2itVkvpgCoR0ebidRewKpkjkTWg/wJ2Cc+beXTIyQnqodwB+WZ2gBZhn1RqXhqxqi7jH7f9UJ2BL2UhDTc564yoakVDrTzN/Cg+q6qiUB7iexKxgyG340u15e/nWYXryy8JhdVbcB27ryQBmZ2tkjcZYdf/ZPS+ffCamZbqm328Lb3etxhIOvj27Ls+MlKjzlZLcIUqMLn+VV45oBt2i6Rsir6/9cdb3Z9nSCyJknJJaJSFhNiqgxMXMDwfKPDLb4E1AdV34Yrugbgmop9Gg/YAfTcymJxChiJECx8/GptDyonQLV679UneHMAPm9hZFuA1usO0jSYbcV3hnzwhvpH854uIo/kUwilFQi0Xo9USCyvgJUHbsFBN/3WtGRXjXZbgtql8HApEa2Hn84ggJh7Nnd7oS2csfWogPs4jKX9J7xRkcy1skGfXK3Kv47GiVsMQPU/4qdmX0PClm1ET9cqbzth0k6bpj7lN81GcXZ13PXGSGsM9kjPM16yDFo8FLjmcDOIvOfuKzMO5fpt4bdlhbMoN799IxJJ65MrO+M5lhwMj1Dk2Uf1WSpk2/P+o7l974Z2DqkRVCkCDV80XzCL2tJe/hLRwSNj+atHr0eZXSDvaAfH0l5kxYeBR/8yVczPznTJzcgyjOpRiU7v9V7ogfHZH6iLNq4QYV/YLAX979vizUrKTPq3EVQtsIYBdNGPKTKsl2Z9ie9ngtxgRiL7T3EPBo+B7Y5ELqZoOQCSYaJM/drXUmyEOxzdjMPs++80Pk1z+zzqyhvY3pEdRCBsM5uqeZfEXRV1Hi7Cem72xm2NEs8xLkVDs5yRREUMgU8FrDWyHcntAps/OlP7pQXu+jeYSz7Uoe67/zGG8QsS2TGyZD13BILld8nPxXq4QpS5nZnEmEV/cqxRgek0OnyGgJSAEDHUq2NxqNl4lZjsei0naBiLd+4cryokr3ACv4y1hMHkDZNrfsap8ZRqLWG/jouXK0fPhDovC3bINjWCg6AxVcpmuE5F2+EF0t7QSFY5Y07p8hmAKmKY9syL+cEO5ZkFxevowpmfo5u7JAT8819J/xPe7ScFV/bD+NBjx149um9E+IkuuUBrw1EKSpc4ki8zRDH84hrevFNMEX1zAdm02RO5ZT5wnMHLMJuZgHYS6F0h8z3bMdlkeP0rlhml3Pyw75pUOCN+0AcmILWHSE18nTaBJ2UJkLLP9uvK+YWBMwLQrC3oSrVz4jb5popqU8lg1vJFOZD0PCxwOz9u9duf7OqLK8DtYDLf7yUkU2r3sePtMLKVUWElLQrmMjc5W6w9a1IEd7t++CEVp4xZLSkCKjnt+vyPpP1tGkyy8NySsg0t8tEY3t/dA1LcVzF8CSTLLbGWbzXS876QD1B/AQ+IV9v2CGpfkm3B6+bURpd05TOZtvH8y9uZmM9p7P9O+zWq1Mwmc2b6zwTFa7NPvPeyfCUyD62Zq0iFvs18i3xLWaLcJfkbta/Wj9qhpsdNqIjoE6qSh8qm/YzIwNe4CeMzl2f6TtYNVvbExNPwrP+5Dd8cHs77MTn1lmEi65U82DR+fzz0q8AzOjEK+BtfSbSN09MCta/iP4jnfqcdFh2rVyvPJ/4Qxy6fwqIWkeazZ9OcehvcfpsCYPn8eNnSXYAN38xfry8N6hI8G9P0kqZ776Vw+Dj11IRDoqQHXnGfAPqgqjO8ZZYewSF9Clydp++y7hNpDgRWDlDuYoPgUEzrrIQPpU0QFyAmWmbPX+EPcpUGIVT27BXgskv9Ach2XE39kz6/hvFy3gJT+z90hDodtcWKp86PuM7jBNv2wlktfpNEWOKcckTXKpUZRumiLmckgdit6Ff9Li/CzjK1wMe3ogw4dKCcdGHlQN84uSvo+8EIdbiu+XaGsBm7PUPOJkNvJJfiKL+w6FvlUs1kMte1ZG5dHEIAZFDWbLqzblUQjK3hGhyS7nyzXUl1M3yOmiNP7LPsl5PrNWOryoY3SXUGUB77IFPFrjFzlkk/MNj7eW21sVwf86BIR4szTNhHgQ+tAucvBFW1IjXPzL0u3pidql968CgGo2/onvJe7WOgYxhyvxz7q7EXrmRSZEx836+dPK7B2sAJoCa9SavWwcmEwZuGxtyVBxJtq/GkHCPYqhhebZa4AX1xJ55WsrGoajcxj98L9EQriZqDNep9FmDfbAQ7zb7K73YVz7lwzgjCg1yop0/av2ozIps074UVhG/wg0/PANHAwABOlUwdjyUhLIi59dJTmi0oh3ICR3f/6S9kLoi8Qa9uBbBv5wsi8jufcX5H5Ft5KMtmF8MbZ7FIDI2teUuQOQeXC1be4YvjUyNeK10SYzTGFkUeM2DPuCftODL+MCFk8Xo379BBS4Cv18yb7h68z7EC8UzurAqAiaYq5TxtrFUM5RTiF9G0qPuvBFB4u+MjSZ3LEZ5Pqgul+Oj1ILpWbIx9bqa0bDyDDi5zRijwTa3GKJ1JRNe2z7OsG4erTQplXKRf1n2V+raGOpFNUFx9u1L8scupVesBWqv/bxe++jF1suFS1Bb5cxi4ePBXfiPIsXW4xpnkZrDRFxbOR5/8J+UJU2qJYDxRKCUHH7FaqwDtQ+hub+t+ywqGzVEWn3LPEW5Os44zYb6+aM5vTyJvM7fUMiMw+V/VAIxeivpVF+2e60MuKoT1wQwq0dIcU7KaPb8k5Vl3r46N/McxV3uIkG68z5aOu52Bt7eTmi6yKzo7vyFWLylI19aeV4WuxUEC1GO5KFRQErCLd+3e/RJ8vzAM6X+FzqpwdVMbxfFfEOjyob1X2WEd6jknnRheXU8SUSnGJx1b0pl8Rzige+a5platu14VNn7gHH03FTVzQl9cZkFiO94TdUXwp0lsASe/oYF5FnMx6vj4XUDjnMitFVkxpHnxCSYd7sFmqMwmyONlqqsu5ZxfcHM7MamjHlxZLpOouJuRnYqvfnOUUgqI7g7WJ5EEl+I341KwL1ifQz3DWEpa95uctavbFU7p6lVZBpkYSNcfiYAjg1EVRQECHrnobo3T8q+su3TA7jbrZeF0T5SY6AXQue/P1C237oZFCLpV0nz+C/8vf2VuSiF3oiaP/X7OfXJBcYA4ElkogGohpuN6/bCfiAqyLLvI3E1Vy8yXK+s/oV0gKot8hOjCbIIoK2ddAVJRL3wwzu5A2rYldQLi3Ym0bXbiTYKE3kXF7EtfiFZYENyCqayxOiCw2UPhefxn+w8TvnDkdYtl81oHcbpI92Ryjek1NDJHhoPRnMinTlUZTVhztAPULpyhSHF/yX8tkjEvuwoSW4CD9jyxlP9hlMmJV8J+6BVVO0XmWGBMBCf4PxWd/yYpHtsFvi6tObB6vC0d5tSedvyHnP4YIJUKIP7+ALZI1TrgCkFOC/7oxPv+rHFtSiUnBLy76K75X9/n5Qw/0Wn817h8Sm3B1/vXGwyoBdfDGlh0M9XNiQXvdgoQRBUHO6f3QmWzZ/WtpSD5E6TkNuaKlOcLHMAuHq+IyQpNet2BvIVS38+FQTX++RbGYSSc4BFVojW3unWvdMyPtm2TLi1W/9gwZiY33IfnTuwzqFmzJRAay/aqXaOPh1Xsz/yWpO2HWlOtOF6mpOCybJXy9y/fLXs+2nD/L2BE/w6+DBOMliB9C/nrEhva6YSJr34jFGs+6oSuaxzDNnfYa2yodito+oKPNTK58JxxytqYeP3HquZKq2YuPm8/Ne6YoaacMBNS0taU3Iz3QfL5x9LT9aXutRYucu/Eh7/vuLlEFmfAWtVlLdUR8YIRsS8nkxDIetpiaHqP9WK/b9/dYqw1O53jAp/hYD0HkJ4BE6diCDXen3MTnrWtbxFRpUg6iAiMQcikwgvjzbewi0VWMkAcs/g94gMPkGXhuTQieEf7krbWDzgifROhAXRg9ziJA3ZEnnEsZQum+/NFjIffR2umCQKFPphCBxIFgxoleJKePkGrJCL725yNgQc91wlL1A/x8DgM0uZ23yejdohOftUQuv8iNn47CzH8OC/vUZNQ/eELgGEDscLReFzX+u6QZvsgiTIqFHhqz4QtnbEvpnkfr3h+mE3GDakxH+6vgtysLQ+3vQoE5cTzWLIdXnCskRSpO2gX829c07CvF8O5s38RLiwlC/PFX/KtY7EiMXeeIjDF+auuMDflzlwLo5bu/vFE719CBTlm7J2ndSJWKGPpPCHuGkaHVD8Q6LERnZZkkfhm0+6GkYFxJz1Z0obGa1AjNEys5qI5NnkouHPY99EPMSAkfzFr7fV9JIloG0Yv7+UBf3wNVf5R+YDSs6mA+42JYce9gnaCFsdzsqW9oJgpW1ZGWgoNJhFeGgEKqBCvgMGmtDpSUPf9UsfTmnq142LrGZi3Xa0fmoZo0v2ph69GkREkVTn/bWm0Wc1h8UFOfYh0P9VQ+TXEZ1V8NxI+0LfB4CT1ke4SuffFtHC+NYhiGs2HNvcWg5kU1e0Cu92LBsw3XQK9WXIW7JvB7BjNMqDVA9Hu+KB/FsCj18JXuaf6A8k9x2UbgwhCSKORU6KkneiPRLDW+kX7uJRlsBnTFqu/U3a4+OLbwiun2W2fFoe/RTq1NOU6+MQ8TvxPPqVr2Yqz3eD8E/JsN5EKTFHn0+m4EgCasmAAdFey8FJOQ3FOafSYpA3JrLpHusSWufkdo+NfLDLw6vU23xhEk4flhrPz/n4G0OKwOQKhM23f/UoGvLh/pdaJKXFc0kSTPHOU1OtkigQQN3HnkQK0qc3zmzom+yIM0/tFgslxA+JO41Xws3EaUAGA57OrA1eEnfBmy1ciHZkfxUkgzmHga67SKnfqWYR6xEvV042WY7oOb5NQXUW55+PWll5qarKRGSXl4rrH7XKFmlzwMtUyGCXJKs80tsynUKzdA0iKh8hOG5EY9NCr6m+WD/JCm7+GGPcE4H2oaTW6QRge4TA2nlkZ7xbwuu7lR4dEsoyj207YJkbR1HuPy6vZ2bm9JHQfKG67+fbaBaHzwDNYatOMoPyeqQjK/l8PLNk42mxvp6X6jbj6RXsPYG+jcoke9zMyImgIOIIWa4m80C8+2vzGd58GJ03gFVHkk0XrrXIm+vFib0Xi32WcX3GRvMh8WBzZFADTV/i4aCC+xtU+a93eFNaUamr69Cak7qiDWj5zdQT2+B7Jgus+T6UvqjoJtX1Gscem29yO3DDON789pMXgzUE8fQqVp6Q8AYG1TBfMkqU/m3JRixgyf8FRh9icv3VgSXsG4V++zFK30jRWeY7gmSlybTXRYF5AL2fprfD2fBzEBJF10B9tLBCMfOPBGr/EZ8v+AyQqknpNy9g2Foer539MbGKbP/sqzuNG+D0moDirnk9kRu/ZU+ej5TndYEdeaksvrmnIalsyOzwF9PVpXhXTtKFcBxUuPNKHVGo91ILAxrj4dRdmKJ/12MvKYro34RqenA2Rdcjga1OsuvLCmYFjmw1JMLbZzZZwDRS9Hha3uu1CmKxKImVATzCzKvOHxOqmdPhz0zCs3HBvVfeLoa4zVcdGT4LrMTYJfkgWcDr5TvGSZ93LOSzDfKN6xJMwdj0trCCrRYlg3N22VNs7LtyHRAB7EYlPFIf3X9HrY4vkR+UpAsAR55dARJs0dHEMEOJfeMfOdtz4VgEAhyHl3sSis59/3Oqe+aGTC8sao+uont8+gR0B/athGbZdHTOGLBe3YBPi2YGn4+ATVmaR5JghoA1GcOJDW8w8Dv75DSRwkF3gFD6n+2BsZQ3OP1vilaPo5K5qpBJMJxZ13QuOyGTWEFatXFIA2RV4NJqHmZNfejmEikBMoC75724m4vr9KRuNs75uiy9N2WYS+RkzDOiOi8KvMqQBXgjZs//UvtvubhE+enC6JbvAznLRHi+1nhjxpQXLp8E0r1cJm7R+qp1XVWNaHR/GYsxn7yHjGEsLCNTw/Zzol/rJfxhlvnuEQFdLfunudvRV0RBUHq57g6xYaI8/OLONFXiwRvxMUG2Fc8JPdGelp7qm8L/QaeD8uze7TNj8sEWm3mydrQ5g/xzH8MJl5W+teRfPK1ooR5dAIiwkNfzZ81tKGciVP5zoBxKuVDlmWBfpXZXfNzjthk+YjEII3YTZagZG8D3LWRCclk2dtiKUxN8bPWEaM0m8ryBPS+DuwBzbOWfJ6X6VsLzNUG6w6aWYgShTvAKko129xFtTE3UjEcq8PgfDyjkYwO5MUxE5fQJ1c4Aj2y5UNqlwb1H5RyeLE3FNc2KMUbNwjmHk1qECNVUa8c2Ecrrk9G8PwdT5cGIX2u2uUbyxXGs5Po/gJZXYxrK8OVRV5f/FzReaUOt6h0H2q/ghY44QYxxV3fDaXgAYbce6zM3NkmHITy6w7JfKtmn2bvRqNDNZXpVC7fMEu1hiH4w8aYDhxDQ1+wd4czA9zU+omPr0f2Ld4lQ/MKAluSvHawh723h5HgNfxCMUuUCdANvXFakr56trcKOogAlixfL3T6BqXZwE1UCjPwaPP6xgkg1iN4po3L69ElHnGtkulngF2HflncuVw5/faqVBhKcZIZho2HZyipwNFJolNCiBQWDD4doGJT8tdRTfOgl8mVmBkOJqG2hrCA4MM2aZ4ZovRdk3U6k+YvdgjzLzNBtNoX0nyd71vkcONVgrPYdOUmFJqfHv1dg1i0mKBwqken8nWJwB7IsbnbK4aBmxqx55QWgkmwjpQm2XHNiEP99kn0Hq8pjd9INsBBDY21lGGbahKvUXNUKtrpVzrAM2RWBf1XWW+5EXkuvoAbdrAssVPVqZ2oQ9jM8O4Ohsx6/cmK23BjF2PitQLYUyNa/lpcpiIe5S/aNqig5+IjF6xWfOcNgQJ2azd9A9ckBNYtjUsgTSaYQ9ijD0LPcq1+7Qkn7IrUCwuUb4HWoB7aL1hew6NVtLut5iv/ypNCtLm1NWhKG7NfZAu6AuTwaiIcoV7WWNO6FZcpN1alzhz0qIUHNWTQZCJ7GeogX+nTyNKXkgCLxMM6RzVRiPT8UKz3Ax4znMwd88u/cKxOBH6+i2qqxwgJOcgEq9rCMOa+PpIHYBijGEe40Oh3mLK5T1QtSouZ6qkQA3TF2eQxpZpPM4KEuIH+g1EoisJG01luCsX6+4FjPG/Vpi2+li1FW6U10oLMOoqxkrxxWBo9GlsA6TIxJS3yMRHcmg006RTF3glXrn9SGVFsTec/7a40n8C8FaOgNQ/G+DKVYOZyTT06uOJ+xx0Z39I0ou/LcV3Jk+ZKFA+LrqG2IksRyU0W0fQpTaFB12GUP1kKXZCxdd41wulY+CVkT6SNGqIbRnS525xHmFN6CgtIennhNSmk8sPFASdKTyAh7lWwAOsEzsBkcynb9tq6vJ9VpbOzY9qcp81CyBatMJxrc70whQ13EGJ3E3Hvv42P9r7n3BML6HtGQ92WphjBsCg+esX9ejbicpx2JPmQN3O0NdDA7PQj2/PLnPdRv6Uwg5fgcsKCTySZV1m9FMMPq3jYi7wc8rhH7E0/YhfYldJioirK96kSo8dfpQf1lpPR5u2vYtKp8mvXLk2vnK9SjWQxzB1kHEuoAivW4fNXpp3ZvSmKEdJ4PeCjs/eIIHSpWwqQVaDH18ayjM3G0ocdFO4Socp4ZarHzm4jVrP5MFf83X+FOkK3eno0nqSDnpe4Rj5y4pU9w8un2hAFKPol3zK/ThihfWB8STZh7V7P9tG9OnihRSktBsDrD3EGKYGrtmVCrcsZPbzNOH7ostxUoKHugxecGgSYkfsg3BC10dUKxFSZRH8vowksKs1cMa0ttIR7hrcI9i5WpkHi5brTzw6SN7jqIKMeFb+17+7TpUyDBCkpJ+BDioQfIsF2vHnAW1RSc79jo7GA1vB8VmtACkdzk6Tv60+c/OsG9YULSNJIVASJ+/pKElvqZaQwebEPOvs5uOzAxQJP+CuUUWKVQiBXRKS1MzoT5oCUc4ZV/8IuEVzlJpNWlTU9MRKJ5xDKFdDNXbjXleDY8OjyCUnO/1HTDZirj4H5dfyelF9BHXZa9fFnl5IOI/smh4C+8VUKEL5t1Nhq654AJSoYYzxQNwQVc+HqOYtKO0F94ewRgtS6sNyAErj6pt7M8bBy8uzY0t34mt1nSjs25sOw8xJNbZumvtK21K+1+nqW+UmPYfDy4GF5fVa1h7K3spPAPugpppk88DKv+IdTrhW0lUmZXfcvZfO1PbL04RLDciryHur1I/7l6XPKxtBSwH71MYoyZ/R/z2r4KB9WqCCl+KOvH1ZYJ0e1wQqojc363xs/3KsJPORBJceMmsBGifZnG95XPhADeBqhp7+RkpzSDIAkAsHqBlGB2t6RPtOFhgeNl4O+dseKK4kRi2p061lNdKkp/JHZb/pIeDuhP/kbph8AFc1/zi/y+TcS3BISKoqx3IlTbENeRHvefT61/tIDzwyhQMYso2y0wgqftVPBHtWOsWS0w3UixYzyaWaUPr1drKJW8vejb2aMxcPew1Gt6m8Nuul9/Wj0M1Xbt8Ydcb0cfDcWE41boO3uCKhWykjARCO+gZoQfkPfUcaEz76/OMxI3PUXbzjjHbC9B1lsvTWwahR7tJhKkQeWqcQjHzjSRv200EB8RO37LQRNIm/bIi2VxQXig3MDYXCzQ1u8jyyc5NMsr+cMyyrWlh4Q1WoFwUM1U/CYjhtUfmGtrJjDASdr5P1UeFTUnjNoske/YIJ/seyVSwBvCzhm2u2OhM9aHaa+9JNJoc/hfpmWQNKrO+D8xYJ8NMJyP03OnAKzItonhS55Hb9QZAGTlLgLBL+4CVZ+mJpcv6HMFTbAPGEHKi5PCntWpuoFnhjvXMliUnBq64CXkzy2dcOCynBwiUzAKA45SNFzb2xIgG5U8ab/FYxZftX9iethtWXlwLlbtZo+ZsJgBrTUUV2cStDJyOUDfojdgzJlrhpOFkrfQfkHqhmhye8KwfqfOLZB50Ymz9CudD0U2MQvfYb6GKbZgfDbBRNhkmnYNxfFx/Atzo2ptW7x0SjdYKyoPuxygDVehUXf2PwDxaNj9bsInqWTzN3ZX5FWCx0Yx0G99Ha1uB+C0t/KzUE+rdyM9twSl3JIJJfSHro14uBQLHQUiBeh4Qfneg+MTlJNTjsi77K/iCHJy92cefjvZ0hxD+pGYyrhvqUy4DDLRLIlq/mVz5eG2214Zd8RY8+Cp95yNKziVGe2qjB+VqtS+JGsUGXdWHtjli+Dm5Z4vdBx7sIfy56pcoI9s1cG/AiwHhl9ulBwgcOz/NRkBq7c5Q2/oMqKwgUWmfl5F8L/vCmsIrvvK2+NyJvBPLqjNFXVe/nGkCc/yHk/6NAA8mvQtfMP8ESzo/oQUvO0ObXD26fnm8TBDqAftl7A78Rr11JD+2xBmEvlL6hvjWraI9ZTdcwI436Rk6yzGcxy17yEyaFVVB/XEoAY5xStckV+pPHH+QUE4EhDvvr5tUOxY2p4be4mHGaELPPze6P9MXSgLMZm/7oyJzJTfZEffr0WWFamHpEu9Q6yOIoOY+PtrCZQuY7ZquX5zvBrnY2y0q4mXwXPKUR+NFbQ6mvc9sqDe7wX4ZfaoijMs4I8k9Cd6P0q8cwLXhGe8r2whw34LcBHxEtRP8+6/AhysKCnNacK/4ecBlT+niY8CvV5yaQels/ztlNAwDjHOphl161X6fameNFaiu9SjBmbePTblaDdIYdx2crP9342yYlaWkZ5sPUxiJldKMIpYfW/KARQtx6GEQV5Lx2p/6vFgzuJnvgANoRtaFeIqFAtPhwbNmVOxdVboviPfAJAB/fL00L8mX127gkKsYhS5rJ/bNmvr6zAaLwz5D2TWS9e6egAHjM8W23z8Hr5TXtvWFt6oxksXU8F+0HAPFPSh2s2I3GFPpOmJBN0a82VZgVzUJ1ovFxGR9kjHzwv4p02ypb94amRbyvWGYeA0VR7u7jy2UmPHHMuHTokm/e3q+i4XZogSoL58iHkDA3Z3gWHQa2isaxmkyLMICuf/rQgdue2vPiOQcBAMB7RQfQqqb3fDX08mLMsedphGBW6y1dVB7sHt9HruORecRnccjuzhGDe1lCA2o3yoFlWcWRZCHU2GIlmFngUbjyBdvgZz8tEviY2qdBB+Y6kA0rRCi6rnS/SVYrA0MKpaDizj0tZGikadjivzeg9NyBNBt2p5GegT1rILZVrOMovPRnHA/kZnpEuQtMmh6kC92cc3maCxv7gR6e0ikvjbzHlKue0RrxC73euja0NnP/PwGg0SwehrkI0iiUjD/jhCQjfVTxrDm2klFrbOD+pHqnVv5mGOWF7dJKnkSLgrEZSp5+TZWBu6f2PhzWjVeKx/eC2erF5Ongds+0FLU0XKk6z2SOfSRZxXnCPO/2Xckj4gQTtK34e5bl8+7B8AcVfZG6lf+ZnJoqmmryE54KSItv+63A0RMEebfZ+UUAzv0ngNEcVPH4GqGx0b+OU9irMGnskS9mqSs3gUcrcmgkj9Noehj2le26tlXZxfyOql9HN9oH+TLi52wayvAHrBQiV5QIbxK9ip8oNFA9uELfKV1Q/otpURrvSlPS959k65sPzTeJhDuA7z/RLzKOkMqLS9NgtRN74nrq9B0TGOPHBPWwAnkyjiIBX3lrgw/mz5dk4/yn7LJ5i1wUsk5Lc77PiH15vbForyMRyZIs8aE6jOeXzdZXm6RXG9FgLlaJhxXGsZWnKOm5Z3qX8jPJCxPntQZSunI3M/9ayTq8Mc15FucTaZRwABnuJE9Bp6Vz10HEqWYjnnj6743qABM+WHC1bUnO/KLP35qJQSfkddHxN7yzxLJYYGlqaReiukc5X3oD2FSoLbkTTbHe4bolllP82LeBB6VXmKMuPjNCYwgD71drErHtSI3lVL54XaqVkNLH7sGk2LLzzi93Hbn1Gx+1ZGDn1EXsdzBiw4FQ0m5uWp13swUC/7wp7aZrrtyzHPLnVIT4ZWhY7lq2qSP5CeT6Clo1Zc1HvT/NhlJgCRlCB38DDgmfil/fzTKcwsh8GyH1Vh75ywrWLo0h6qTOMGPej7JzvhRVnrH/egU32D/DvPHdMD66ZP8+MMB3djjHYQL902etTgZ3M+gmXguem35++IVLxea9jdkqWye1yjN+X9IXFVL4YHH3fmhhdRqloUgI9fN9mmUfqPZe8PQK/8vJ49KGdBTGCW7b8Klx4Rs5PJFDTezvt3/y+6LqrCuuP3+xvoz47yRdfws6wrlSIVuV/Fp4rX+bzxqYKMiw13qhNmlZX3i+R+pkDeLpNtPTlWng9Qrf1w0u22wL9wsliSTe2JJkU1uUjaczTknUNxz5b9B9v0a8J0SyBUQXRg/u4mSs2dy33DMkgWw1Epe+YPk6BHkWZrV65tH2iR2uwaho+XKBeXPmRQRUwuX6hsm1lb6uGwrpJSo6SAfrJcuuQETTfpWeb8E4l2vkNqQOJwTxR6dcDfCIKMd8VxGoOKy8WAeEBSGftB1CUm5F4jZplp3R8pRbwnTV+0ReXdIC3KBQJJ1aEuJM7tisByGcgB0KnaY2bWZrhTzC8pIPnsTqgfzzmF7pcwrzfBDGqCF6LPSxNVbVnPnxOZApLD+M3lAakj+glwtBlb8OHj59vVVW+3HcJGzRkDpaVjo4X+Sx4Q4X4Ml9yxcQDyAfyzlun3nSp19sRr8uzytxHksWYiabry4GnHOvgMpZb45N+FLkT2o2+WCI0nES0lYX/zAxWaX5GUTNkfXdNBlEOkkLGbpTKGH1Xqnk0wHZt+XcP7VmQ6rYsB7xbImfZIq/BhasA69wuBRpvDyIrjLKJMX4xGRjpytPaAvNxHOGQWOblQ9bnAcPAnqTwGu5kWknlB0OkZODBc2vQrYcY+9l2duXb8cMuF9Vo1Np+kH42BuZ75UZGHlZYgB8pMvieawk1NfPhkhDpBfLHS+nKZ2Bp+g2+yzrce4p+9QUr7lEk/KMVXdbVuHw0l2VzecBIuLtPv2pp18tu3Pnwxa/t6MHuMsuqBTbnjSsPi91KbF8enAeKUVEu1scMzz98NaqYZaFH3uAHhr7pJHsv/QoQR0g82kwjW9pVCDebe7vnZoZu5jnaQarMtHS28EJx9CvOUFr+1ccGQ5WiIJ7piz8MFbhLuIRJ1bDYIFcVyDWfVr8qdc5g9Gbuie4lxCLGRnZtIhkdCefn5pCIdAQ6ZheeNbc110ecT2sOcCXmPPeHBhKlSxX71zv0+BObL6rP1rh/Vs5Cr8MP3UZah3eFJm3vYPzQ9LworZETYtgzBy3z+/ba49F0GL9O6VGqWaPht6aOQoZmX0f9i6qxXniM0hMoe/+LcN13R1O7t0+qcPjsG34sc5dT5pYA99t/lYhf/galMmC+NuAdPJdkvFJ7tqFe26PZH7x/x02M0N/Fya0ZSmIXthQukESmBvLXFgiLM5qDlY8SkodlIcybD60RyKLJ4caHqTnwgn003e/gUaIt+kFIaP8Sq5DB7QoSXeuBt735VXg7VCb6qpLmu5s3pXu9fTyS1n7eDFlt4/oALPgIN6k2HEQfdGG5cwl75ax6crJZsI4gDxv8MKIKknomZDrwy2tjjAti7aOV3yXZTSfJXidvzx1uru/WVmWSBtUuPfyQS+fFM5pB2KDJbOIrinBl5RLy3/OXHTzfEGq+H9Ur1KzCRWfasKBJh8PTR37SyOCwca+zza9AYv39miuRyqgeDJycMgywQDAT3F/2w45YDvz2L/yPeSSTGqN7HD/zrduX+PCGzFEWJtmGMdxtR4oVsLcmwEgWZHyW1PNwuR3qAibG/MgGVugbMiLYks9f5v6N9PFR2S/3MloI9V+/KMNieDA6fbA2v63e91Sn//rvbmCuHUMsDWRLT+8q4c7xyb6YjVHEh/aC3DLhHjmSWfyGseLqkelfRZbaNwaWDsCftqqDfsqiBKD7wjzaoTdQCjKelQtuo9BHZcO2+eDPB0zWAh3Niw6q6tps/mdwFOZZQ9vmLvr8KKAH2KD4Kq8BciStdLMr/+hF89BaKvq8LF4sVVvJnq/7xoRmnUG+83NhvvuI6B0mPeiCAnMDMKjkijKPsxn3zopvEDxX9o2IMsX+USAKBWwNhd9NFURrjDZTTidLefRG4FGlUvEKbS2/oyam/QSNCS6iP/TDlh5meZNFeNHV0vMsWqDptWA6PlbOdbxwiHp2vv+dYzwfyP/6F9p5XPuey4/MLCvdjdmHDaj94rBj2zKuQ0xfl5VWdYfTPeCxeT/dIMh2jdadH4585B0b4AdTuojtM3J+/tbAMhHU4X4j2wdMoQZ71inq3uk5jtG+djYrktdSloFc4pRlwoN7v2lrUg+fKWDEfycPCIv55ZmzZc0/a8K7z17nHeSZsu8vIaPcujyQl6gtBm+SiGSa1z2aeaNUD8Bt4NfVjA5CJ0yBhcjX+nXa1CIn8DCMrL0T9xtg2FRX+ZMYz7o4eLV+01EHgnnjauFkxh/WjoFtqPA1v0NH/DuP9YXVICo9AJZYFbW/7UmPLc9ca7oVifgiWsYbR1qNFN7JRkFfnqUMJFhFl8A+udpQGQOHYM8rfLZmKIVDDVLnwpY1ZYUvCH4vsmObNAH2YXaXJPCLYXbX7j9klKzLZCwbEev+u0qqB+lQX3C5Glg6HCM+LpU+eJr1M1Dy4r6sf3uX/ED9C21H/gMiQ49Qf8PqaR3tr6YZeDAQSaBF6luQn+1Nf/UHD+QNaf4w80Okm6RZgKkRNi7Xdd6lNeCqZN5umq+MB3SnlNjPixplCGYZIFj8Ch+W8ZwBt2cUxYDsnJCJFsPcq3tTD0g+JRfUrhOMvehPZk8w6ZZf9H9juL83a3QaXt/IsLRjD3pX7ZytD+cl7g4kd3pBRe5p2Vaj/RipAbSqiAL0DJ3iOPjssIVGN64oBmwQbZe7kZNubWfeaOEkljcba7uNq3hhaX75EMc8AlB+5H6CfR6kVUOuyYiYA9ltzq2Y0rUycYxY75wOh0pZ9cXPjPzB3+MZ9WedvkdmdGnbRYBWY2Z/LwZE4qeTJYtMj4MevS/cEJuLuAdtTz9a0VxkEuZER6Aa8PzLHL0CrYN0mFhCDOg0CIlhHjFgnL6f1x4Rw3qEkaQNFRkS1kb5m1Ko8HsgiGgbAMn+XcQDs6DMrOjYNAPe6ecxFGvnkKjEUGaDZdk/Bg9488N7wUQBzw4wZCWGMTzbDzlo8M/1A9NRMfaBRv+Fcv+FPtP5fAmakjkfVnAEQeC/Q3s+r/n5Pw6h/H+hbH+K+djn6/zIUOjf2RdC/C8E+/vV9XeIgP8XBlP//e/f2aPO1urvG9i/Q1Vel9W/O7/I//Ui/w4ny9+h8v/cDWz3v2cA9PFk8677zyP9/kagOvv7jb1Yi5u1g/U+mi6gPeg6gv8HQ/+9VtJt+d/33PyzzTWIIoDYcVjBAPy+sqxX9+8r87gNWQ6uCz9jdVT1mrtT8gFnjzmZnmPV2nf/Ti9Vko3H8wF6PpRdsiz//l7afP1U/z4Uz63c+gaXgPHnczJ//vMRnE7SZeweFEf/92FwhXUe25wdu3F+jgzjkIMr1V33n0P/haAMxUM09v/NlKIg4+9/zCeMQv/XDMIv6P9lCqH/v+aP+r/m7/+arWcCJvBn3SclGCDwvvUn6bQkzTtrXOq1HofnfDqu69g/X+jACSb5tOVvov/HYBa/f//jGnRXl+C36whmPVmmR4c9H4v6BMuD+d2S/s9R6D9Hnr+zZE3+C6X/PiLCNDxij60DxnQOSBXLEexKw/Wrh28/f+ngP05+gBE4XpvNoIB2TDfU8XbgvAbzpNzX0Z7YkEtUFAAtMgy7XHBiJI9NWz1b+9GU/SQQukWH3UtO0NIy1hiEczyQG5Rl3NmCiKsGOaIPV5U80BkyvR5CJS8znGvXrbRWaStvOfl8murDxzdEWR4oRTRsuJ8L7bsPQkc6AXdRrVmdt28/U7K0XD8PrtPgf0oKUGNAyuTaTIH3rGeq7AbhLqSnq7OeKOeeG53cnSMTDAtyrOz2qMCEgOf3rmGD6w0f036zz/T2ffniT1DNrgGGEyZnzF6ZgUG57/XDfOMZCCRxlLBXNfCc+mB8WkKGS1IkMWCGyuFYyAgveBOhrmVp/JUowPTvKdx+zlLKEIUP9p7SAtiqzF+MV/FXC+zI5eXmCfaYhgU73VMR3AAe7D1EyftXkpwJXBeyHcIdKM5egy38UK1cSKcfsh/5VgfWRhLhWzKDt8+MnJzLwepa/DBOnV6ju3+ToIcYQwfPdb+hQIn90W3yVZprW1A259uPTkhXmGmkqHzVGse8WX2omCGwpoqFY/RXKn7TdLXD4ltBJMvrFVAvBkrB2nDk/Tk4KiUwbKN0EHl4/kEcE9QzvgTF+KzB3hy2+paET/Z95xpnFM1L2wB+GHGyyb/865v98vNRd0PyZvs24olK8oppQyOPqibGAnLEhvlVscP017WezlaKaZDOIhljin6KYn9hqUn4WQyseEamXu0LhSDF5wO7t5K9SVf71dNDKJifI7BssQgL2v7m/PfV3teOQyFqjWy2J/hn1ISh1MErE/mouBAKonF4dFbl8KIcenBBkIy0WO+5DfKZqnjb/kQ2FJ2+HkSDmdMXr6fkAFXN25+cM/5bpaWSuJEr+KZ/d8P2wCg05IwWeA7T3ev5IKm4Q+HKgoNwTHK5yz2E4iS+WIqqel2R5lLe79kqLuHBH189J+9ij49inVp/DqXSDFN30dTxe6RCeNugYcQ0BrJupdpiZuwNsO+rpBlDqYQqAPZr+FvQiwR8qqOUck49u9JF0sA4h+KMaSlpaNBdWsu3eDkj2Ni1rhejYCqZ7cpUuCGB0VcJk7Gn/JA8bVyb5YovJYU98pe7dU/11/z6SwdKMPlplb4VNT04JuRSqRNWdmyS2vGg6jW2lq9tPZlqldFYDC0Jz6J2T7ocT66L/BYmJxEpmah9mFGVhqdQwAZF0QtSEa9shc2IZeOZbdJZpuRZg+NZ4Ia7DKnv4oaVW6SnGVzCGcQ2Md91VquUoc1C5kKmcK/mejY0IXV61+vbfCdvwcaQ7jCnWJ4xyexOb2JEYgidzUOmntNYDfmGi8QtdLw14oBVZbJEUYbbZVZZisIW54emW9GAhS1068zb1WlRTqY4sDkoQmb/zLCTTCCZc7uFjrOtzzyAMEWcSoMg5j2Btgm7CmyO8foxZ4RXfdCoid83K4oH+jnn+ruMhICP7RvUXkM8g1VKYSUWReI6mHt2iukdQPcxDoghY0h7xBv2NJIrd7x8P9wuz9WsigHxbesyrXF4o9XPYpLc+qoYbmPWu5Zpx8Z4Dw0Cf6THohwOGkoXMQMsAApXo4+HYeQM+KUkC0GjaE2mj7R7FIegvL3RV+uTeYuC3V6z3patOdMKPMcWTu8KOnl1xHKnsDuWnjXPZh9eCISK7MdU9TG461mk17lzAlqIvW+GKx/cZOXNkl6pxlgSXmHpq6iglBTjwPDL1VxIY6OAGih1YhntaPxaEAlYNx04Sce88g+J398kjdjr9S2/4xkutORKPaOJ5jYaePjg3Sm5oR7FX36syj6vCCKW29xhnnactbZstd3uF3Om7CL0gsv0aNA1WnbP7gg74TvLa8vhhCvz28HShjKnxmPJ9na48Tt7dGMePCq35wjLMT7cdTLqbTIol2cMlZrwAo90yiwtseak8mfA0Ro7yqk+a6Mje3U7HgD2XdNXvh6iFKRBJQ7GuHzFgg2/FEej+7SzKJB2IT3ga87qbJ1aSheCwCpiXfY5T/cQAYXjBPK5cM7ev4Z7KzNHlsMwi/Xo5lYctSTkDVg8FL/0WA7W/HHdFFaaIMl3VKD+fDp3/GL8WNCA9ARRJiAl/ZBmUxvuIwg6MYd7v3TpA63FK6/3UQRCbeIhdMq6d9R4ZmnnIEwxlrf1klC3azqfCFJ0tWNNGjbCGJo4kfVWIZlsl9lZ5VSv7OpwdOtlRa9RcBbv9r6jX57s+WsDyXZ7NTEzoOKMqt/qjYaf4p1Og9QBnVAV7Wf8PKpE7gpFzhhT9VdYcAeacTH4U2tUtXmhGHvb2zQI7w4aYhHPFxeYkZzMTvj6eaaB2kW+kW5uYteNIawFTYbPHHty1SfS75YlsxTuMnkGihDUCAog8JuOq0QGUkuhzAw77s9XqHUmprYEzhRCLu9Lr4oOI+C6VFfnCEwpl4PwAV3/Y90X+m5W4mNSQdAo7xeICwrHgjpujgtpMzePBZ1J7ePx2UVH7z8b02jtDP4lwa4mHNwGO/8ObSdIxdMu48Z/hKYH/BF3p68TrZvgN+ESIfnrRozZ0CUQGiM4+MI/03rIWEJanUqBOu8akE5sgBFGvn8ysZlYdKK5y/cDC72sTP7GI6wgS9MkL1Jq9cB2j+4hv+eUQLSck8SoBxmuD63/WrNsXNNIH2xK67n1zMr0f5P3HkuzM9m12NNo2DcKHhjCe1PwwAwF703BP72QdX6yu9nkpUJBhRShwYnzlQMSmdustU1muPY1Umwl+QFTyBoAX6nLHLGszjt13bKWw39ZLwq9Xi3comMZtZqi0RW2x3nAW6fMA0tpr/bMYP3jcvwH8XuBMHDzIT91k4XNwCPNrXiKpr6NxJCFCoT1MphuOBAV4N+0yT1eoAsktf7SKvp2qZibI2fVFNiD2Fwup4POIse4zkmmTLL+bfkdm8wcSw/d7qjiI7DTVVTXOpSB3hMeU2loPauTNllU6s3qeNlM+YDXYY7QLzn4ruo4XhsWBAWwz6lY1PxYx135vCR/Xb8Wqs/XhO94pS4wFDVf/7HEoNkOTgcUX+bvefp4wwi79MBwzH6fhH0mPo5Z+PcO7xQriTR/24WlYxG+Vyt69c8lQyx4s7rabqP2lajIa2xYniBOzWdZiFT/9D/sCHf4tYh17WU+s8J93fsLUFihgrdjnULoHhI8Z83OJ5JHjPVbamcZdq5o91Uvf9m9GWb70UnbnDSP5PsD7ouUe74t0VW/lROEr8F558sczoCcWP4NClnhDQd1SBvuLwHBsmfxgUn+y0zqQneO8KKH97nQYeq6f3J8yfx6Hc0zL+Jsi9iNN9G7fEDL4R5x3N3LO0TnuIsCL3uczc2FYKtZ1j5yKuFMax0CrYbbWBC7l9/go1jHLbd2VjK99/Xw++qgk6GCvrI/C6wWpRnqkLO/zHEi3CfWR9qMwOujx2Q2nfFXaz0+b5cX7+ttPWQ2KGcFg2yiq0ur9LYDNXJHTF9h59UzCfoVPFc441ZdouBXC87ZiHeJ0ovalzHrH793Nrzu4wVWD54Qb4E+BOZtuHxsCgGEVWP8auQZb7eATNyVJ9uLvYQkPdiSsGTlV7XAcRvWoeLjTUSadMu5qhGwlyCt2dgBs6nzdm5pfN7NRw/HJ/W08+9qBZQ/tZyP2mDLROYY0m0gryiS82DzqU17MJssDM6HujVQkucEXiDqkDEmOTGrmiBgJt8Q6CIgoofdsKgJvjQN/fdXV90gv8xTa7imdKlR7wmnyimMWDvjNp3nN3iniyRAMQGSD0x53pI6x7oiMGFHlfWY3segI2EkAUb3QkUZ5JZDdarT7FxVzDqOzEG7V56hPjU16Pv0EmA9hd7j3TzLXF+DT9tNqO/x1/HNkvFZ3LqMAmWLf+wub0UJMayXaQvpKXOcHkjzprZHmPvZ2z9n+JRchhsJYCce0X6RpFMfsHLnyc365TCbh67X6H518pZXMRWpQe2U2/eoND477U8hvNh3gJLg+AuGehGWopbGiL5Af8hpcFRIR9kkz0bvtMObaDrxnSvTjlEu/3rIkv6Zp4LvJvW16L9N2Edqb6JKxuBztkztj58o0+mDOUdQzKPbfRKcNTB1964qeOabtqWwCA4oWJgQeTTpVjQYrKEuAKkYBZHjx0eD9Ympa1icVMB1ao13mYNBVw59P9dpKnDqJPSNA9rohxwbiPlGzgxt9J4q3sdVc8XrC+2pJmzvKmQ92w9i6xU4E3om9SItcdr8tubhMgrsVSRU/NFWid1ldadKJsKUkEO0kKYftE4377c6ySrTa+36TXJ9YGrW/jLBn3419k86h+PTkckHew37qR4QgKHBI709TJCD4FHM74FI9R1AjlBSNDrAY+TRp6hqvI+CVmYG9D7+ersPnTqTcFgbemHngzZLsSNjulbpibl/MQQutyxHirXT1zLLtrfZ/MZMvlzbOLbrcMXP8hn7TrqmfFF9k6lGE+TcaTvLRPsB2NLirvSxkYaXdXxJX1R8wT1T53pBsiyGi1obZwDiVOIMahPB+sIPGR444SHm8IB5Jtcb7/JS8fl1TKcHR+yWtOz8FWpakAT9wQ71WKX1rPs8tEJA/Q3MukrfdzHdbzAzbeZDaSKlP/VkUGWCVqqT5+WHuiYD269CF5lq5XYXO+EoHVDxNPbevRbYq6ITn3JBsSWPRo8XloQy6vlO15bWy0NsOrky6WzMFYJKht8svhphQMRs/4ja/meRkjySXLww3DjfvtKte34GwjWtG2jphKaLvN6HdMbG43QFQdCOxXkjlTJ/tzCwKYpb0uLkMdhWoQr+rjsr8IuVvA9/p19eRNBx/bnJdAE6Kajy3CgJGKvnhJUNMfEQghAHwKbF/CYQSHzplHW+1ZJWIzBJqkG/c019wcoooyKnuJmk9t9AKQbV+BZ41lGpZS/vYcszOKMBIqIi6Vr4wn33jP2dYLGTk/oBycFR3yiQab7/3FjUQ/wkdRLCLWcr0/EJqUtMwQR3jZ/+5IsArsRvwa3PtHGvanjnj82zwu96v51onSTOpIZN6MuxRdTm4TdxR9ZBj+wdD9rq8ObDme7LUmL2u8KYy96jPq5V+WVPSyH12UE/j68fExAM+2xSB7QCge7LMprPZRjphKjaHG0xKz5I5n3vn6+iL0p/nxDbIq8XDmfhuebL2uAEK6X5eQAziolI82UcbqPROpH2FrW+hY7WYUTOoq8KuW1RRzsTLYCGIlQEAsyNYACL51ZW/BXdoPU5fq7YAsEqKyNvpcsdVFRDXgyHKjtcTIvoma/8jsTL2USGlp+xfX6dZ9Zj6AOEs9R/KSonRBPpv7PAHZuhL9W5Vs5FeBDhx5a6YqnUN5ZubkT0aZFeb4lBVBsr+Hvg9ut6ix94hifruOSV8RX/3iunzR9LZ0aY/assBQKrv1cQnJB2gx2NeKWLUdF6/T2QkJ66SmORIMnlq6wYup+oBOmUD7ScTKVHkLV0yicGUc1jWbTY+ySK0p1J1EZc8Vxm0ubvNyhJr2Au5/V6RSEhzi9ZUR3lM0zuEfZCxTym6YZq/iOmdxL6iPIJ4+eFWCZ/DDwNgF9W3llegRGjdE5RNBg2xCD3rp2Refrc8pGMMqrumqxOO6ZcttHBEuoLk7Jnno7+foNx1/ELuGVbJdiTWR750E6IJwjS4k5k3WE8hUWEGK1XN7o7c4tMEr/d+7fxWUTItIcZ2Zex/UVsdblYXmclRxj1YqzldGc8qL7lppEPH3T/pN2FPhKVL5l+CBD6al7m48iEkJFfZsTq0vA5vGkdbszlImOox6VCHPXx6F7HfxbdKvxlPwOiRDC1S9Lbu9kPQsafBpUWCOeSswBRiLBA0IwXpwT3cl55vWVWyXFarsX8TMvME6FX+PmgS6aRJEyHsiW72HJAPwc4vQzXM6FfrSVBHODqwv2Fh+4DUdKBW6/6szyE2knojqNdSlrvxlZyR9geDiV0WAO2zmGQxfQe2tLXtMWVTiD7NNy5gKmxUHdboEOjiJf24+GMv3+I+UDFsRweh89qlNoMjONlwTeS0I3qE0v0YH8mHxB/nWMJKpi6+WN/4WpImJeu5PsbcDyy2Y+rCR6yBRTNIbQPR1wnhrq59DK0By+B5xmF48aHN5aNG+nb8eKjFT11JLcGr70jDc2HsmDUivxE/ggYC01XlrYmvDAAU+DgnHkGOxMvmLLwtrR8WVp3R50Y+jiM1YvfChIClF7T9OF7aH6UHeWD2hFmQA632CkoW6Qw3+ORCz+wvCrq6bWnYvAyqX5x80UF73h3PBioXJ7IENIbCYukOfV52Py6g9M7BRYAvaPKNwoPr4rasweOmo4jkE5qg3SjzQm8mmmVYDZtRo98ILc4GZ+q6uCnpjfEuhP0bbwfNgACnoxVnH/80lmt1MfUmu0EmMLRVpbASDkDu5IEuZjFAWFQ0dhhqc1+JxGLVpLlTIz7qPVucbmuMvNC/wUlQbNW2QCYAHB/oiRAS27uflmdO5iO3MnvB+zwJubj2Uig1GCRaZpG2o5ediCRJ3n4TGHEI0ElNZFd3/0jgidnwJOPaGNaU7/YERn+Dq/VDR2rFEWm9WHkY8zTi+Qrj6iXUb2ys4XvVe3mTNEdz3QT0C8OGKQYuEEj3n/dwAWyjmFzb8VmZ3xnM5g86S/3uCVZXQQsMLpO79b6yGQP3jtldVMJssshhiUwHFJKpeEHrEfdmj3bPsj9Ji0SD0SWRTe8eMi6CUUIonCjCBrCLObBZ/v4WAMTjITX0V0St4YY8h7LWK8gmA1BIWQqkWZDCIZw4gRCxO/BNsYHZy0EzOp+bkmPAqGn5D8zDiGwebon+cbRqUF22Txjy3kHTFVUH/FE7NqixETsfHvDg5ksBfIOtpoFA3i5L5IGRyz3aTS7EgPyEzN4IOOuI4mnvm6PJA2KLLcvdwzCdejvlB2wJR43r7YxrjfseFhfg7qz3U2/BHfktznkZDURxHuO++S9gBM3kx7CPSByEvhtdivGAmPwNrpZbwQrcrWfJbuhGJxQ8H5wNY2azIb6BzjQk6DG9mcxdIKNLfXr+wIXsdqNTBxAAAV08NMLGh622frZDi0L3n1gRCNwer9F5yoAyG4zBNwXrT2tTweX9z5Qv2aNaJ7lvCZ3b0HDsI9xMHwJ3/2Ve3kAKewf5K77N1s/5BZCuzHL+Jag5Udvx/fYv3vhBRo8l5Ru2d32se62F8TUvGb7fLJwzaxLsr9fbb2EFcdz/zLkYi/1EzV6cU21doyzzspvetOK4t3OA8P58KdE+omQYxbeXIX5Ko7NLgj1a0+HVm3iQXggd0OtlVqqun4WtSlebHADXxgSz4xOPplc0EtPBxjIdy1cVf/MOiVFKp39jkKu+nwacjiDfVdk43ZaUvJKadS/mkwndW17R+D0XCE1zpP4DK+QwAa63pFxkfyNmzxs/0XHBkgcpR0AdHINceLGXp8jl1KTOmMcBpUzr6JjPEGW4HbAlC6moSFJiNr1eRD9nIjNBPkstfR+eaRr5nRtEpf8y4a6uGnv4DLF7gHvmln4OQyWZMsMfDKE8I2AlKfw8PxcCZcIXYgvgCEiN6UpBYJ4FMSGW2ngJ/JZXkz3sBhS55PTk6BOQZoHnglOdHJxgi1F3l1LGBMxyDKlYjC0sGTSInk6RHDobHnjeyygaj6lwoLBsPcq9vqKmPl6N5/+XXuW6RKfepnYDcG/EwJPcvaax69Tv0zpe0V37RdFhSk0gCevCqHFhETet+pOV/1efX8PwmqWm9kf629T6kEucQ+GVyGvLMMotyOua78Trsh4/tV/SmR4gSApIAq43MHoOhRA+rOGIoo73IfhJJSmdI8KfuvbonJCjA77AXGbyg/vd+1S7wKhetPvw5qo6/M0kZxscZTdiN25MAG9RSRvG8yX1wwxBna6T/2DH7ZMFTFqpbyVgQ7TvOJTE4iHFzYbpX8tn0i809GlDkcIQSTKZUlByzDQWFilgPLdcBzGXJYmIBWKvHjhu0Fn6lUNyK3dW4hndfoH0gFPRCgrv16PAmfCKwItF+M3/mbNWgAdeBPgzCUmBFT1BA8f3D/mW/k61154Z6W0CRT9k30omKPwh3tIUy0UMtBmy+KSLvP4ruaOJrLaLvQBWOCVIiccL4ppj7DcqQqSrijSAbRcre2qYfHHkZJPoyHdrwsHPikbiazrne8W2joZ9+582rY/Beq/SDNQt8/vhGEMDH3K3ht8O3oG1E4zrivN1O5jSIw9yZrdT8EVHQbIcrOfRMYzKyAhUSkIF6jENWBlCf/OsoRsKtMxXnKKyed/bRuJ9oF25aue2ytdUx5tPPqY7H7WD3E0pDGnavGLv0ADmQlUx5z6Z9235JcpR8ws6rC1Et6ZOqeJcUwfT0pvp1Tf1FFBJT36ynaPMx4uo/660he1n/veGL/zGMAMvCSPdJFEJ0KGow7JQbUuGIYVamH+uw+a470/2Z5xp2xXPnyGsrZbi7AXPrJ8DeA1FzRWxmDh4OhFAGwg0yMyC5ujn7HEAdEqH+Ze1/TXQA00ZS7DdJAWVcnhezXAdlhg54i4vR5P+cf/dYwxG/A36FL5lGXkdDUHuZYv9SlkODRhXZc17VLl42ib6RW7Y9yAhPU3L34JgR1cTlS5qAtWtIvGsjZGd9BDjkufkRq72iKrx23RGLsV3KZSl6ZaWmLLOYjsuYd1vxHF8Nrg8XeW6WyR+rDfS2BPHmydBnjA+TuYhr7tepK41+Jnpj0/NEHkzZRXi8+V6xvfeZWpA7tGaCxuIIgOIpfAttqk5Pmj78+6CyLiii6Is4K+oz6kSlDPLljpePCr6+WWUsMcuddkluvR7/SElfj+iQ2BGMoPl82FBMHqHPrNmNW3dJwAa073TWZACtNNBNHXlgC/ZsX90/GaI0ed6z+8l/mMc6SejQg8KbNh2jSXObeHXDUFfv0ZUiT5zlmdgxRPXIRL+NIQLuubzJWuU9Id+7WqrY1e/kKcD1c2sND/5dyLA0FQ+s8wQd0AtcAVsUGX7i3jgY+FLJi6kMT03DC1LqdpLneAqKxlJDy408oINSMpnUIqKut/+1sc1u8qX059lk3HXZHsoGa5IkphD38OyC8OJ5pDj6R87SChVQtxUHgb2L8A4f80YDJmC7p0pcd6I9lOEaKCTOOLc7ZIjhtTGfkqkvzsFwcS2NaAvFeXtF+Rf3ChPqHsuez+QFj9MJAagowg4kISwDP5BhDvjXBa6rftbkLqUMJf6m5+F31Obnakz6/Wa7tSjy96oK+Q58ukIjGbwDCgfrVk32xIoBYQNaHZLPjhGF7eHz7yPrxQgUxHYPWaODqULL9egxiE/5B1S6mch/HYnb5Gtyugo10AIlXQDyD5nURnlUCxTd9i4C81dc5nuALWhSuFJsf3NKtdP7NTRyjvIi4+uXnFMZskg6iSWBAfoWOLPSfGEuXqv2n7knT1h0ExIkm+WnFOXyAcdE456UusQ3ryQz0iyBoJZzs4dfrm50t9s9th540pdSbUWsqLE9os+YzjskTzox3h7DTrfGSv365FXkgC6JGX0I6049f6di+Kg41GSSqUV0PmAgs5T7O3RpfNzQv3+LtXp2CaYuoAgjJLbXaDRgtaw8otKOrYALT6EwMt3fUDCB8pSvQ9XYj2WrtDXegTyQd8IGUgpv70hTDo0aqHIhv893MIvCIJEF3Kfsjc37eYnvj3cIEzuo07LQkPzECrDkiP5VQYUQVVUqUj8ngQIfMDdfIzf9yQadnDwuEMa4yZKMp2IC+BirzetTRARYCmJvHVZAY0bgimMWL4N3TPr1HHqltze+OlZR2JGsxaPNE1GqSPsgk8MP/ZHovZ67L+/S6qJp80wT4GhRV8LK9GAyya6VO5ScKWQeixYVJQUUONOlFVSGohTe5IIcKvlHPe13wA6jHg7q3mdDuYqDPUDIIw3Bw+RB4HgcSjIzG0OJ27NOLyTHeI3cQ0IqGJ4GpoWu2tQDktpGJu01kKpNxvJMMGPXJk3neAUfiqKxL7PsInhDlj1LjxgxNO7cYJ8qtEiVJcjE7w12WcNvcyx5FN/dpn1QHEJM8o4hZdImGjVmB2DY/TXpRiLFFVbnQu1x7YONPO0ECfmeoAm8EJvppCrc/HUi4wPCgvWQ5PcpE6JJFQb2dOmPmRPAm3HSWbZgwe9msfvlwqt69uoqtb8vc8zwBzJnn6jY5Jo3JZJvpDaUgbtn/CTwuFk/0FpoVEo1fl1/0yJL/D40ml7VXZ1+Dufeq+M3dB5duC1Qc7g5fzAUh9rfUiVG3HtJJ+nLPioJ7dR+z5DKqYBmBfB8ms8k7VtLGxIBhVInISYXNPVvpW15tLH20BhofZN4wsX0bfFx988vrc82aDTrfDRN8UnJ9vQU48zSibB9Em/Gg0kxHCrHzEGYjGWwP6+PHnDxnkvZGvoEk+g5FfsVwFD0uIu8N2nAI96N6wS8tHC8tR9wnLVz81qmTcKNSsTz4gZ+qQqHI/5acUcTAuAPxwUBDwGQUm84MPa8aRgfux0cy8SnMxLMoTOxriJSiK273zlvc/LE71O2N/6A9BeOG8ybkV9UQVMw/fKSsbBKF6T21m+oKIhBi0voMVo26u6bHZhUqf+SNZdhY5cFE29k5GeQFpR5fX+eFDevwQZmPGmCWBI3NsFdXfcHZThGI81/tG0pc9FHm9WjzYV8GA90Oomz39zsRUfT5i5kXXOtZQW6iv2IPV0WLe9lfRdO/t7bJDKGfWkGOwwSY+vucpRChlOguWFTiaLYUAp3Nc/c42Y1H82M9f5QGMdT7dQShNuLiogsQsEFQl7rNwzm5193eCZZDpidoXecxIBEHNZAthhLVEoEI262wec/o0MWePZyF2Yq6/hfOzTICYCLoFVjc4YloMcLZfKtf33+rCdDwWHvNotZPs1FW887m/EemnfnzvAFppBZPTf+fKjomruNYLA2JBiIaWq1dSFbg3LFIwf9sekSr4MY6Dodrv1iGa8estTVK8p/qZewQDFTSsTQ3y9toNb+MLU6eEqqrURi3wzcWlh6hIVcfD2pKONZOGVLSBvHi611yQg7AQQ/JQNAqE4Rasooag4ueqMfScXOva+zEdjM3aXmSS3MUasyyvQG2ti436GE0drQtl2tUtWJ5vJ/riiPlQnIrjYRcO8HOFS0f7AoGG7LuzyVjoqbR5D+VGgUOPudpiTUX2FNvLceuXDe1hZCdKwvcKgloz0KDCYNOegxiW3jayjbCOXuUcBI3xOTJ199iFycVNv3XMXq43fYUuIdjwTN2ALpnHUhTXEPhsWkxfCSTDvMzwIcEMnyHwBi5ilrmOoPo4LOfOjky9gU2MSb76BKc4ORgDCmDiM7o3E9oGGR4qWG/BpZ7n8WdQWMJ0Vz+/2FoSUUiGfg/h47PL7aJ3Kx8MnoqSsov7l5rV2wtycsaVyXPCqxmqeW0WZ3r8trcXeZPNuZYqlpXZKlk6pXIIAhMCBwN+50towUqq/jWSgx/lXxm2Fj5c3E/wAHJWnM3CzHBYJADTrWyLms0aMr2yaF93rrlQa5SQiV1OyCMABGzqGJ5SO+CBy/DPktEqfKxfItOZiWcGkc9PnujjJ2vHZxn32G7W5nJ9Z8tVcf2P2fHJyLhFhiWn0Ib9b1bw/cpMPq2xd4PWEiRUqu2FZ5/aH3dM7Ende1G7cUu7MSVoyuGFdzPfNHSexWGGqQWj44yvPpj8KxWRn482T5SUIrsdPVz+bhJbTTlW42DeNdwv9KzgMMX4XIB9m1VukdV8GmzJ93XlHOurbS5rqGZoZ96LNqmces/mHLZBxtyV+xYyiuLNB/EwvYO7iKLHEOMsLH7P7ysUgmruw1vwcsPH6EYtu+E90q/00SX1EOOHLr5nWCrXYD/IwcIOgNWmKQL4+caOVottSQh8ucvT88N5FeMH23gXWGa+A/pqV6+Qtvv1avN0+3TiJeYEvHwRPR4ebDN93p7JtsEUsCMaukv2YY7TRarFYT461IV9ca9f6jCbiZFdSNvGVVHJhxHuRMJ8407ZJBQcoMhi+PzjeUHdk0d8sAQtiQ/z7lRRzg6KiFmTLbQO8EGks8ugTiv57PnKFhz7MukNGcE8FcbWV66HPF6gKOHSQ02IcnwxxFt66HUj02vOZFZtEYQ6HPxo/1RzOatUhdYb6xA7xk6JTwvu8CmSWes+uXXkSY/msqMBsWZqLCvNPZqu/n377Jv1/OlFJWoCq3LbIfEZADqlpsNKKC/MS0I9nnnXH5ie3nziNYbTQt4WmHSpiyzaGgQCwHJM1003J9XQMaix3mBv3tYKR64tWQPXTR69PmNTk6e6nKsm/syTcoS+n59Itu095dxxbS0vAUpvi3klaT9UcGm53yqw3kqnhI9xWdW5upDhKyo2rz443kcAabtt/ozqWX2A7vWm5MQO8aLg9QWQQZ4zVK0m6BcDFWa8k5B4tR2U67dlX5szNSkA5eRHGPrpx3d7EGLPx4hmTtFUHJFW3WoQSAuqO4QoecDQ+i7lRWo12ik3+TrkXlJN6Ifl+RDZ9m4EiSAt5wnIMAJmFqbBlfjC187gejNmHbZu80s0RHv2WqWMPVmh4+Is1FmHKNrwZDBl5naunwsUNMjF43+WCZbST+rWfX6o+qvmPJutdKNAwqTRSHT5Oj5wanmANihKn3Qd9JeiP1SHF/X4DXv2ABZKVD5fbN9/bYdgcaHc/V5JoqsQi/X3RtAyS+iqll0g5NfEJhfiPIgEgTp0eHGy7HMLdUXP0ue+ZDpaoULtUl8krjqjzOHchM+H1P5w0CNMcxu4AEZHg3j9Zlv/Da+6EnWVSl/8x57IbcpiFQD8td8kY5i9nvoVW7XjY/g+Xy21rhyzcJtT3F55oD5GyM4LOMwgVR/WbSzAcvIhcgFuksTkQXKY7ddR+bHuPjhqpXrLLmHnxYl+gs9tEU60KpPZrr9FJg/8PSZLs0XzlXdv4c28pUniB/69YtBNBRWO59dVDfmRBeutoEuAcK/H7Fn6bLrN+8b104w/C4Hwmui8t7uOBMJlkd+REi8EGjN4xCB+VkGqSiiCEzK5zERr1CKh1svNdNVt/xuxQYBtRHJwfdyDaRN6LGX2jAoGdt8yomkIRbBwtSyCKRxTaKEY/eNHq6qeRHQEAu8LXqN57/R4e+8RS2j79FCH9VgyKPU2ir3MyT3hdQQcH9ulQWaEFEHIZcL1sKTyCw6j462VNbNWw/s9npm/cgrHiDFJOrYFeqIZMn7TaIh7XY8pSUdLr3cAI35bMfM8VRtDSvoG9IFwxLkypYHmRJ7ALXJEBDPvmwFirh12q71K3h3ZxSStKrhuAA4WCbQ5MWU3j4yyXCWID7jlXosheUmbLyqXVd8XskKN1Ymh8tGt6PM9Wc2Sonq4r5PjPm1naJyonlJFk5cp66YsA0fdFvNqGDqcF45yYPBGThYOP+4oXBJO9F7PsLkxTN2Z3tkwvhgRfYmT3uFJAcsyfUYb+fCLQK4nRV4EcxkQhVT8kVa4sR/ldq4+M3eWeEh/lYyYlSJyHp6eGLufMWpzlopmNi9uagXaPgjmjTmLalJKRUF2oQquJVYyMV3LsiYnzrwQ14yrBEo5zW3p91tf8gXxLZG5NoZNsRMalZ55V3Gv2Iy28gZSl5X1jZfEJcvepvt3BFNBXLKIsHK2JRI5Ml059enGt4sUkOHWp2doMVOoWnmOMahNUw67Ie3Yrx3XeCbVsz5vqt5etXDp75INmAn/jAQDye9nlpO6E86usKhOVtz1HYVbHqo7UdHB7kZfO9Fd3LjXVzAj3BKrLMo/fLENTDPMEQmcasYcTK8hOWp/Mx9UxRcWTVm8ZIgyUS0nCAyTgSYHlxUUryVRst3KzoVeqSYG8Dhbx8D5lnKqO18BazvGH957x8u6p6a4aXu9/6taVAOJPFRouRMtWIiLF2FxHu9Kz/Rf20DuF6MIq8MZfcoLPkQSfY3AMHOtt0dXXitNcrzbCvDoLF95qRhirqEHqcd6HliivOv1IUMFAi67hqeDL8ThaJTqcsfQl6URbO6NQwCc6b1CVfn+UDbth+FBNgpIbpbEKUb1yI60w+h6DfGhSv/s8KY9Jn+X7bSB0aMSNh+G/FfiICjLoNm43YTjnf5nVLOsk3c7QB1UxMvOeHTZqrp+qOumvqmUKjNjNQR/r/rKZvW7xl4RN9yt/2bit3TStCpvR2493N0aAltGI0gLuoCH8ZFqKXI2Fn99xQZIi/AFRz10yz24GI+6ZVZi23J0zDxEgrY52ORvdwyS1iCpSk3zQVHgz1uFxUHRYNMqOZbK79Eh06/zLpkXRvL3+YCWRJQ+qN02IUgdf51dtg5PEm6Zujax+xprP0NGWpRn749GWVqOYUbtSXyZDt1pxsyX1ympXOm+mzJAch8fisF9qcQmMXM2P8ui2lc0jE64tOwdrDTYb04YX4jHfVGkHByZWG0WbR3Hko3LVbgISrdzrKTfDllC3N7hEp3WuwXdX8ymkwcbYJSwyQy5K+/2m8maaP7Oyo6GqYblPv0OSfOSF/1EZ884Mazhiur0VrCcntZLWsCZ3uMBtMvDGiARJbro8UPLU5jT3T4n9I/kK+a2QrDM1KJWlSQ8fDWeg4kty4QJbJmZtyhT8r9Kzm6mqrF3FBBfgutuBFRXvuwPEt6ugg4pGLV5zyzhIpGFullMAEJAy+l6NUagelVS5WpGXDM78jSUPKpaEdUOUXbyQRAProJQKEAagX7Tf0WvKW3KIRnHJhBLBw2kNPPQQoxfWqUsy1+f9/9QqzeM4//UFwz/J33B2H/SFoz9D7QFW+9GPE3uy6p/W3o/qPbglv9G/UsTcJ6VufPXy3FZq7Ech6Tj//4u8/embtCn+/fvaCPo7f31Wzf5ul5/9V8n2zr+c6N3ftZr+A9/R+BS/wv76xV3/nXl34vr33rA/6mD+x/btf98Evw1gTD44fBMzb/fALz4hzuAl3+/xe/Vv93jv1zg77gtaf6/mca/eqnXZCnzv35abDil9RpPveeF0sYYnMz+t7+a9sEc/2/FZcm7ZK33/J9G8Z8t/l8/tcYadN//m5iR8OufxAzB/4P8/BnoX7/6uwjRy5Jc//C1CXzh+1/fh0L++T4Q9PrHy/2330cw/D9I8J8R/F2e/31O/u+LOPzfN77/f2Wbgn/ckeCvTQr+r8o98j9joPD/sELov9qn/9RAQf8TGxf8p8v3r/tO/B8w3j23ZbJ6/6dlxOdtBO8/j7r+Lfmz38Bj4V+P217z5e+fP3+Vf/3/uw5YqudrRZL+83WqvNvz9Vfi8F/99Dslw386BnDNv31/KwuGAGHT+a9XuZJH6s6//bY2+NuSl/X3N2F/Lg0S3b+r//MdAaP6jfdf3v5Nx7+9+x8EHEzJfy/ZP5n960fQ/4QwEfD/IrD/Tp4gAv1XeUL+nxIn7P8X22D8QIxMszTYvoh75YaL/2CNZLCO/5ZZupQLumrr35423eEI3Q1+Dx3Pt7OUedf1J//9oHvZfvXyYKrPpKxKe4/OkAzR+m5LEKOJQqbTeuqKsX2zmGcMLNghx2Z8qU6JDCJeou8X+eckXrrEOCInfrxaZHl/9Cz3KmvDv1nlIetyE/fqSjZ8rvQqy7f88XCAF3/Mr5hRbc82GLmFvMy+xrl0t8BzaFsXiONlsqydei0/GGOfvN5vXs7hxKISszyqF0XsSJDn1++Mn9mDluRXeQmC+ghiwfmKQRA2ELHttKytFFnXISX0sFwX5mjWUaTwmT5G8cZUpxW5zVJwRHfnVMdBt7UNXc8cO74qFT2Xc15JOR85NxkiMrgbHnpKSonUhzmZRLpM3UIJBOu9JquZL+N8zFDROeVgBpoYjC2GpIyND3NXfTSalP4u6fLOSlAzIpC8xFl7OH14JWX6N0q/AhxlWvGzx8xNZmR0QqDfMJ6Y7mJaNhlzERRbndkBD9SAvFvy5XrMaztQ+uIMaOdB0g5EKgXiy2rYCvOrPuq0oXw/8YTQr/37lVpEVl8XDe51JPRaGINCwm/aY52JRmNadWO40XZmSiLrXqeqPOhXf2C1imS/HeuyUnNVjuacjwaDgNXkwUR8EGVBnsSVtH4Q0a0YA6DPEAReWFt09BlRPbfrL4yP6VcEo8JuWCnbVfPBtHSSJmIZHDcpzqRkMSUxg92kmuf5p3eS0jGdkMOHRsjiQ3vrHZXs2+/qRwhB4YzXzj3ehk608075rLLkyrSjaJ78NmmFbzO9fCRrfVfP07aO/Tw1XzsQy3P/7363wt98n3fbuwIthBj32m3HmTqEw5Re0VsPlKWwRKmTtH+wBc1hvrMPAxuhSxKhz2rKan+VNGIAO0EPpLnTBeqwQ7dUg9dydsOUzFSlr5E27o91WINHWvSJfgdB7CaRZlshi0rwmZEye9eBeopVFAwn2Fu5fTTibkE1vUIpa/3GspUwHGk67ucpVPw+OZ2hCjtC19i+MPskWutND7T4NtjVYho8x3hIySYK0cGWpkx3CHTQQx8MAnzz1wvnH0zuWCJi7l6NC4dJr8YM39rGHOFS1jUIqw6wG+Zu2lxvulw+k8C+mfd95+Axyd/Gh8Z29lN2oWwnxFG7h7SAMsJ2gOpGg2TPKbY/j+zLELsOtPr2/XbGeLeikAFJm/MRsglp8cLYbHP29YNz6vbroKxW9hL4wp/6GK64yP7IFMJtOVmF0Sjc8ztz/V/xkbnFCJHXzaG8+tzMKXEy0EcDGSgWSjflriMJm6/1K/Lbt7UoxTzwqnh6Jerr9eiT983BY7LsAXrvX2RRHii/1nfkrgUToRFUQ3LfPNKkukSXOxXEcIdk0ijK8ca1oqqlBV7abVzQaSGwZWu/Ro5WKjkrHPzOHmL8IVSLvpFuivr69VzHydr+XaBa/vgCaYk7t18FTe3h+PXh2whcwotVrvyFxouvUSZDyrlX3xUiL55YwtMe5zi/bB7flBYMaHT9pkj6w86dZkyhgAc+yj0C3kbTVBw+ybplPbbW/pbQIeotNRhKTmZbx7ExVqJN0pIVDvla38fMM23jpsdjGGpbVcM89HZUS9n5+CQaR5QLSbSu1A7vHUhg313OcIBC01NyC36oZjX3bv6ENP6LPlo3M953kkogaB9SYfbBYqK2ocEn9vNJfDCUlWll0zYnMfaGcjy2OPnEZqxNO0OcDw005KPx6LaPvldi0vcNLjWgjzYy5DYVN0i1qmhrvvUySWJV9UkhbDRmDCOu6HEWfTUszbJTGYj3KH970/idarXRj5TSTqnaYjV8pVA30QUU64DNAoX6GdkSJJ8ZbP+weXqpvnunHkJQ+UymeVxlJfABxcjAU04+TylO/aaExyNonF2dvXMN3VfuknZZOjDHcTtO4SMv0tBH7q+yv5CBi5yUx7qzDkTtqNLsEvvYkypLX/RjTSAt5YrmvkUez8ZHK2LaYxwP9zZLmw5MlOABl8M5SEWaH+5Ul2Tspra2xttmb1da7Fgni7jzMD9VWXhqTq6HtaqqW5gzkQnt9jhVI6ctL02xRuLGVlESmKYfd/b+dz8JMttAGxiUd8si957VbvN3c0iGKJny4FxtMeBjMbtZTk+MKJZA12uUvXOTY0DASPpl5Dc0kSoTxDwxGLOMjLlY4xHv99l8Y1MEm3wJ++s8EAM3kA+OPKvfBM9I+Cha9r74RskwNDy5ws+Tir0JvJypFzcKimMZDrYRlPdcilC+4BPp8V2TxMMfUEhaWCqXU4ReiAcH9+pbeywLuEaqv4XylozwyEqaBLltN2MF6AJ3LqwDdEoKmUm2lrvGSvFgj1dZ/n5XnMtvr6ZXjwcy1oTICqw6Q5u0oROhfRMFrTHwv78no0xkvoBvSMU326afg/9K8a+OG5STuIYqQGzLleCBDmbBjos2+N9Tpt+3VJ7XZ4qa3ijy1/NeywN0cO9eM4AqkjYV93QpLxDGS2v7Vy0H4M7z711T6UjLMnLPsWQhmHUCqeUvc9JweC1mE2UReopFnWZkGbOdTyn+jKJ83Fhfd5d3U41fhN6CnbWTOQrwjk1ThEtLopTWti0evDUuuaENE0GBhdF6u/clAaJBo4vkrF9WhCi3oy7m5HwwrsPqAMOcZxnRJZOZqXx2epGAeuR6P2qnTdpHkr3vTOYYGwSTTJUqyWzoC70f60i/xunPplfMe6VYh6CtlOHO7/m7e+hNGNy+VyeDLgBc5scHMr8amTbKMNFiPjzh3LiEa2kEwqSm9drdVH5wJdLsdG+Sn8e/vqBjkL3XriWhG7LjdaVotb4pMOPN57Go1fooSUgTL+R94Rpu5dMiPUJYOt8e58N5KAW6fwQvtvcDKVtzdQfFfWHgmteufgz+vOflse2hracg2TDn9cE+eMnGLIlbGTnHhbBy1CD8Mq2uyWnfPDgDPC/6IiEuZ4rHTCKlQfcjfT+zzDt1VzBarKdqQz0SPORpyZ/YvKCuT/aWyFkkF3M74WT0I7uLm+uGcDYlZ/Z5FZHI26Q+gZ45xYGVvSnDXUkrdO/zCwZsOOvyJ7JhXpdbmXj21YqD4tmOBxK271P8s51mFbUDbTySiylyeiPeAn1S5naurqHOblS/g0VXFKjh+e2ePHOgz5TwqQeVB2z0ah8rrpducnlpHR7TqWefCjnGIEhYu8KHYDkYpC5KgnxZQfqYlk5Oa+6wk+jD0CDTI3LgSAANqfQ8vTWuJM6rBwmeCHzIfQ7pkZjitirdCStOpl88Hnj78cn1QqjCA0uN4Vo/M69bPiKuMpCKQyUBkOa3G30/WsgaClU6G13iQPCMR19q8vGht/8MNWth0QVGy4yw35k4FPIQptwflBvvJ5l/VkjVO0HZGATNe2lRC9CWVWqYkZo6RTDXG1P1XjgEEjRZ5qAul3qBqH5/cVMIkH15+d6MAqa9bTq3kPHGfhQT/XwILrFjhWyJg92ieFkLADYXk6T3TgDIzhqNxjknlPWYWdZb4ZD4W7P4FRVvYMtTNtB3XjJfPe2mtFbGelS89gJoi4U/IgbGAKz2qQQ83SqTTJZNWRymlfjcRqC8Vr43+no9sggR2juWSYErnZxGoV1zwfl03lIqaP5RX30CcDb04O83KmilTc2BFcOopJUfVNwRneR+FfdEXhxRVnDFFxb3H4NCo3ronANanBVYndJQ3F4XSw3uh3QHqYnPcmhi14El07dTnIQjoucHLrkHWCh2v55r5pesoeAb/DFhUYwZlwadIsk4Mux7DQrqBfiiBP3Ln+w6VJR2m/Twqfk+Hg7o8RPmWzQoQmgJRjqCnI8mLN3vT+vO7fvR88mqplaw6AQvsou6Saag25AIQ2wsgL2wScujMJOhSJzoUJDUY4wqdZauQUZItlyddiQjcJa+6SylRpXQ2wA9Xuee5PajTcPXjMXUg+815A4eHExXA8w2NfBnDUL6oayQ6uRcNfKMyHawR1pXnhXzI0057cg3yTIJ764IFMiVz48Y9BWKoL7NZzY19dtbtJjS+0Px7g35LiK4J/AgnjfFlUM3i31wD5csq/XFIcebjCicIlRwLaY4H1wX9g8HqPHo4Yzqu3sgl1SmG/1wVQJgGgTlJOb1fAv+fSsVMaZlkvThVTR0S2j5p1JDN89Ft97fJOIx+hn+zLoELZEgLWRcZA71DQfpOxOeHfCSlOMN1m/0yvdBLR5eExMg9stPbyED2x1JcfgvCb1G5QT3k8H9rMMmDRujbvV0Ac1X/fTX7CYqQtCn/UOpjJa6cpINoJo6gFGbE2p2MCl3CY7Y44dlAfYexspA5yndwCuosussrrjxNc2gT8kYmmpTaygUzu4+QFqHlLZNuxxwIegeyhXoFbXTdcpUYI6tFkiDsMShRP+a5zEOUqQ1OJbZJtJ3/Fh3vdUOK2etmzhn4MltAY73P14dXCw/QVYu/TDpuSMkqJ+mk8fSEfD5Kyia8wchzo/twVHhLqdzBkCj0Y7rsX4soHpf6fIwbig/pFH2YfHrEj361ONn7BsK2eyvD46jE8dS34pGMiFvfY6Q/JDipxzNF7h3yXH73Y25jsNikcGf+0HaitUamExOIrjCDlbqfli0jHcFYTTvrXDDw3lGoAUrlk6KcXAb/b4+a7Kv2yhhHSkvYpYEG/AIt1c71ZViwi+d+Xn/Tv5GuZDmqd+WFLSlczfipOZJTPW4nvBJFxXaDqZraWcVPmgb8BEd49oqZZ4VorbQGh1UtZ1rhlypcZXiy8UHJ7jSkAJwShtH+lgc4DqQxal3i2aZx3r3llcWanynW2Gv0GjdtCZ/H+jLQzB34t0QbidG2SWJFEaCLotz7LRXuo4mb1cweEBqE0iyDo3yv4II/3YLoXXdcCPd8AFgowrmi2pjO11+DBHstmpqSseM6AxylMVCgZP+BUF6eEHIY/sfdvHGh33DOXECVXr9PuPW7yyKZbEdwPOhulGGdshdDbHddAeychGlgdLD3T+6flazhUgjluDi9CYZwLRvb4A/jzMM6uFZsWrR9dRIL1QKu07dku5E3rmP0Y9nTVm78fb9RcdSu+AFYOZuW18uJj8evnhnv5ZWc+ecx3/Y9f1BaYAo67mT6IDsjGlRUVLQ2uY6HJcw1GPR3If7am+u3S4HY91ZaYKVIkExNIcwpZoH5Dn4CLxyTZk5eYCMW8qbTospaDgZcKk8eMCEZHJo5mgpgpWEqd5dsgIamm16gHblQt8v6NBoPHDNenm8mLwZ+GvSzuT9tSL6uXGK0UStriMoJLKemT8YM8gKWhIl4APpPYAQwzwow6RnTE3bwEWqIeimXNZL6bfVZfXTxHyH0gjSQMmyXSyImdqfXjDH9UpyE399lZtpWfwhx5azKxuqmi+p+O0TER+8pGFzCQINNKmM5kQQ4ucG7ZuC25Tja8iH3La5fFVZkowfPvBAhpAWUUEyWIJ654w/xc7a5LtpxypVflL2/mOftv0vizClPjTJDxOBNLLD8QHsJ6afG7AIlQaZv3o5I8EJXlG+04Z3XxA9aEDbEdOEVYICe5AkwoMkuMzZH3ugktwySyuqkc+s7BFs7iV3syQ1It5ABnA1BwXrP2Ih+Y9Ne5Z5sd8DLbw7TE7fH7hy85UC1ZpMre3a57U02/tZh/rzrI7xiHVCSm5dd6EhoktjI3fJjuqrzYfNTlETzNu90zzKDdv9x4cIsDiQvfsnKGmeD7woGzRXlLu9LzJ6Hp2YDsZ72H8OUBRR4wOwuP1jraXHBmW9tTWfEtaT7nMY5mcQPnHQ2iLNvsgxYrDgLnvwGW5uxJ/Ik5BmsN+aLgaJpLbS2Lc76EHM6he+HPyoBH4swM4L5ZaE21Hg4xa8LHVQIWJk248iZY4Fxet+apjdlFvtDIo/hF+V8DpOp4O2U7hZ39Rma9N8WGZ5V5f+TDPc68z4SBgugrXhBWWZ1GPnHnbBx3wY5dqxNqE0LQgWcvb6bx3BpfF4nLtBXZC0QXsbA3NgDwX04V5yyg4t9pgdwHqB3Y1BlEe9LCXNXCFCnxmypgv/RpdxBxuMey0D0cinma80b3fvzO5wrZ81eruPpR1xJ4wfniyV73UEPhlwBCmsJjX3xp/3g526RTpfNenud5qSDb/IrinL+l1IWnR3U5I8PktTqUA5aIROHwkt7gxqMwpr8nXWrfvL4b9z2rsJ1wbmMeymO0nCmrhKTq+M02/WGoOSzt7dHyOw1JvUOs6I1yFTxHsojd1vP7uv9dCfUQ2cWEvbGGLBbk6/fRtIbqB58kh/h/a+gXa2V/YuXgVisPdjANhZEdMWTqDHVLav+GBfxkN4uPgEJgaENC6rHSj1DzvFzyGAmLaFvT6XhhVHKf0hDkngOWDNsg8vvul1Zx3Ltf6DPZAlUyr3+xIRyrMhYFsy49wCBEwomigKoiBdexCL04PnkIMAY0O6f2CJOAG1H4gRwATjI2ZuUEUfIOzBoy7GRVBZTv+f7V3ZsqNIkv2aNpt5qDL25TEQkhBCgIRYpJc2dolN7CB9/Xigm1k3K7Papqezp6fHyixNqSsCCDzcjx+PCHeIDVM0+SlHvbra8nSTWDxJx0SfPCoeN+U0OM8BYL+eRSa79LRSZ+SGvo2n9lE8GA/g+piXT5/VPBQtmJ9I9bRRjHM60s0Wl38ppKXXc//wi2oqQrxD+kSCevTuJvE16GovrzDGRFhod6W5B0PeMGqEiRnZNh1rKbuHgPiUAMtruXBQIQz0V8T6CgFRtGDBuZ9W0aJnWQKYvTf1Shoxr5HxNVt16YGoHElNAfK366rgjQZ0nWS5/NCKvZBqza6hXZHGcofYzBSfAr77Ji9PCY6SFkzgDsNhJBED8o7mHOlSpIqNEcc7sQaNasXwxCeDwbmlBF5X0B8NLjSy1LxZb/PTGDizJ9z2iMqbp9aV9aS4MNKTFvnjRT7irP4BF5q9mcEWa82NxROBTnI6hBJp2azeNezNAzVFmnu+SjqZLxUMZjwlc4qSJFBnz6JuKp78qMZcoPU7K24SRxwauLHn7bdH4K3qTszZaZPsfApDphhNBvCu+SX0vrEVhceNNBPDW2RVC2pXXK3k2rmbOArTKzq8PEV20uEhciTuL+hV4KzyYTZHa54cw7SC/F6U3gFuBS4IIICdDh5RBTiMndspL7Q9sTzpthnssDrUrJulanSmnfvIo1tYGtgTAQDcffASKCdqclchWdBeWxYrdKaNKr9M1XNupcgx9ZDFM+0SQC+34JHLlaX71LiJjwWcWz3jpSDfQrvGiX6cowBvOBe6K0n66/xE7sbV/DoO5rFqkoUqb7VsKOoTxrB+ZfFqkkfcvS2LD0YgjwgtL5zdDw4TkNTBdMUlX1EmckFp8/ZpEMUCCnvhcUU7CphM1niEyWOLs+Laqxu2hciAa+/HoHGEayDTbXTWSXIYnhgljuCfCBXvJLEsgZE0/zwyyaxDOLhap1idy8BLTSXfwGNzr0tciak9nCvoaH6kW/9hM4hbRcCziwkClB1wffMmMo5VFT08dR2TewGgog1lECgOHY1K8ve+R6Lc7g2IzaPibiEuw7TADrFvacXzeNq84gFjGUWoh8gSef7SAhY8udKTXLYBSqA98w5RDQO++4rRQH9zdCAgQbojsGkWD3eiexLvRnXFgSNvnGVIPrsX9K4cgNE0QB/lBwJ2qcgNVuze5xnsIm9Bu+M5HAt4qiqX9pDfljUF0yJJDByH6lYwfO3vOnh0hSkoIFUUszEJJZjG6cBsvPseS05y6QTFSdqSpkcqk7gLUlvIY2+wAM5c8oRjRDm58ukCW4N0Wli+QrqYmHvbPnaud14de4tE1y4oeE4fqsylKLmN5xSJG1pexXXH6AC9QWSdSZQEm9nz4RyBSyXM/W08KzOHsjqX01LRQ5BWK6td9899hcS3xI4j6U7Hi4K/O/d4L44PjadxVjmzie7zlFzVc87NrbsJteetRK+7d4VoMI+2WUbgUDvXCo27GgvPBDZ8bnb9qOhPQALPPfHXxWJRhZSHg5GgnfBqBZo/c4TV7dUyDZ3Iy5rHkSuTewvoLS9SX/BbB0x44B7MUolk6MF5Qx36N1Oso5P+bNgB88R4XVBXkXPj1QOo2BK3khDHK8DIHy/Aby4H76xKAtKac4/zEZiVC3HGwo/2Hu8QcJ3r6ambyOLKuCw8SlqxurBbV+3tUvq7SUcSuRfX7V0Sx8GupjB01zX7xgei2PnmvVPsTOAhtkiGlaLuWSMPXVpPryFy+ikMyIhb00t6EfzTMO9x8vi040oXhNJ4YhUEChDsy9oGvaLVLbNqsUXSkyGgc3aZHGHZx5AeFPslnnX63Jnnc+oP5xHuFqR029w3AGTXY94Yj+TldTQPwxQtb5hu2HERkp0bj44vlWjhBTYEz9q2T5xMzuVuvbdMWVPjcFX0Ei2M01ZYV/ctngHdCnoFxALu+6BB5WIFXOTTK4Bll1NbBoftBcGzHL30bEgk5gtHGbhpQaqDT84eV/jWadJH5PCAf2cv1fWQ1DpfRpIWPPhECThn8UaMiiPg2yM3LlcsJ4YXt3VEnRnBgdFC6tXJyac1Sj5X8AupluGOna5IHtuMzNlg8qS50ro/iRsF9XYRl9TZu1U2uXNDVPSrCWt6mtgYcRjNJaSkKcEzeKAje2ongLHLAzpDNOURUbSElC6dj1t4uiIvwdQNGElRogRNiGLZmzYIN/LPa70SqMrGbKztX2E3nrYMhOosaG4DmpsB1k0qNhC+XTbiO251ClfY1HfivPeK3AW/j5dHJAb0gM7raKPgLGWMNGgyUXrDM4HPrSDrWTiMJ4chPXkMsYM7VK9US/AQ4/3myp1L6a25M2+TV6oXtCncU5QXoUyKOiUsmyzhEbYSLdbDkUqYI22/6LOGaduFQmJYxZ5rRRjb7yGD+BWCGHPvxWcvzhRzw5VafOadYc/lW3t86kbNsslWX172cquKGIfsHv5jfZgQhHR5bB0YxcQeeZw6Rjln9uSI/jnU8bIcKTdYm6nh1tg0uop6WPqWidHRu8C9UQr31ugIzzf6gDLOwCkbjeEbiy3PFxAoxGQY/cT1svkd/E2EKTrE0feXiuuap0rzqEv3I1TzUvDE9fmlTRjuG7wyyoL4OkZKahVUoc+9YZWpEhP0mewo0gOxlmevBD1BAo4H5mi6rKrCxPpZPNLpVaVH48E+fK9CGMMjdnfMfWcO0FOQXuutlYUrtl82ULAEjVbAvzOIZfZUJaleXorBTByBwTikZloicM++EwGjfKtVgzzDWqZjLQvwFKK0aJmVRJUhh0LqNcOg9TcuNKSGNYQdXu6Pe+o1l+hU70IrIFv69bJEa9jGTKER1aUwLhlXhBv2tczPd/XpGccG53m77eUAMl9p6sDd6Re1FEpVBNlAG+a2cNxaJeZKNuLjmVKSvX7jwGs/wY/uhTzb9kGfZwd0YM/5hlm/UuzDR0LiKj7s38+6kfcjSU/ATxSlbqdtVThaTAe3QZ8m4HfS8s7xoCcBRnr6CN5/oIqXtZypnsvtUCRq8sDW6IuaIr0Y/tG+iA6tiQbHAefU7ZdZ2Nv4EBgiUM5T8TpqE18U2PM7YYc9v28gnzXCqsRI4HgV9HjNVpnZD0n95J8DX8+eXUZWtduJ3ky7MCp0I+ZH8PCZegKWdQL8SIIeWGswgdmfXw5oMRCmA8tylR2Kci8v9dCUNn0+o0IVy/oSPW0WveQV3v0lkYmlkF7fJwHYR96ySt4BVZkMA7CRwwEpagISs48o9ZFu35/L+yn0kS9mzhfxa282KMG2ld9YOx8WQH/Kfg2s6M4tJXsVqg4jqmCfLqquUu6B306N36LhG99yELPII3fa6Ooz0AvZdCKxdpXHK9zgYoD7DngkzQEr6naGpazrSNT2dejm3mjf/H2lhxuN2sQtJzSVEtXx8TApl5yyTLUMpertpcpQvr0aZiXW5fFVtWuABx7xWzaIJWWinlcsmRtIJmfxJDtK2TabZ9+zM0scwHK8/O4DHwMXGm2NoHj58D81gVaDYEBkhF3FMjkfKAFPmTbCSgMbNsNx5fWo3u+D2LZrZjOqNy4r+2JZlb+rhpD0mekmpxTxd89ZhUjvcXy2sC7aPnn8Eifl5XUwtKh/qHzrVg8Jz/Wt2X0extSGvbtoOs1jQufZm9FfGMCAXg1VBduxhvvX+cUIFHn08LwcYqW8x16KZ9G7t8Egk9Nh/TYo7lC/XnLjx/hEcXDNemIgJvZqMe+ZK7kBdT9MkrzKKC9eSsUVDV4cWm2soY0OZo9nINaMuKPtcJmuTBiJHOzDUVUV6FEVysWXOX94XCwHJdWIfKoQnolMqxqTw3UgEyl4xGfEXllV0fdP/qA1AbKz52WQ9Gl1CAp6qSeo7Gr2JPgk6+b1Vc5vzBbATOw8E8x5XxaFGRJt1nv00UKq2cmsiJ3gsGglXs4gBq6G2PbeqzBaagduuzPnByPuPXSPXbsE6qaEgzMyFvQ/wnsHJi5cke8n6CdpkLIlgsvbc3arzPI0PNhoM0IEBD7tGbBgh7zeTPzm2Ylgb1jYPhYadvBU84xcnSNay8qL58q0haQA3nrHclBY3wGqtOuK2Oo4XGFRcqf3XIwBkYwwh5sk7y7Bq3HMx5UNAkrES3ujggq7Ms6t6k18q7f6BHYgmVwmILFcYsZUSx3iUXsUGzosOEoDQlVJWL2oIozv49RwPYXVwHdWR1nGOx70flLAh2KNxJy4C5gQ+HTeW4Uqi8obCCrsAfHykBQ7eKqE2IycNUkqebdZKbjH7zlkHDw6coj3ea57ywB8iiaTVMxndGtcE3GsGebN4t1f3cl6TfIh9JRdH503u6sIFDq2opWoVvkjktiFp1kYh64xZv6qgr25ORnvqY8K2MvEdtj6ajMPXp0bNEZSGjOoc/piIO6n1b7MLhGtajqBdTNr9Hf5Bum1LE04SiPdtrS+Z1orekjWiVUgCOhd4F400UaCQVlz5Sju9XFN8VzViEMHZqv58sgmksOG1ljUwGNUt3gWxQbvKRJ0bP18yX61ftEUhvs2sqPltRGrI3fzkBwiDTgldEF9z/SLWdzv8/76MLZhYsmUgvXjuGJ2l7wl7tbcOjSVqwmqsyyw1LHWmVK4CwEJUHy2MvVMKkqeuLqFJ3OEIBK8ML2kT9vAKihfJ90l8CjygwQQsGwGvmnEuAteg63YuOBVHwFjTI6nKbpqyXnUjje88mAmOlqdrvI8m57jsvfkwkMAY9XmlkLFsMV+c9lHFf/lowYj3DtFl7aIQ7xvitc5xrJLS5d7GjWhHDwreVJF69kKGP9uoTQLz5dBlFYHhnifEJKEQj2tQds2hofUXtvHXkKmqzDb4T6r67Llb1lTLi9u2D/xb+my9ym/n0lmzaf3oD8ulYTfOxgscpdE6SnpjwVda3AfPE+0uTRm/BK5/uO8CzWgOSL2trrLX+FpxafHh3VVy+f03mH939mNzaFkqzQrO7/nfm6dVOPJq41CCnhFSt0XspRKap7VOVJR3tiHLVqXllEeUb6y6uN0QdZ1x11BN3BbvH0glFz5pJKpqSB22ILpukyC7dTuGh3vyX3o/FbAdHwe8bh2/jzSCq5KvNnah4torR4jSHMfourVHpNWJEdpXHaXUVf6t89+eommnSUPIRiJY3wRlwLMHp5AEu50fOeZPlhUpcfLM3z32ydbEuZgiOOMMnqtlGZoXsz0Vmn77VIQAr9acjO8fvvsA9bkcE7YZjTEik5mPpW1AzIvMmGaJf067sBTxON392HcLhAiThGrt4Zx8fyscQghSZvJYNtY5wfyYMcdH2CxnWiTGnueCC1xyUgBIWFQndulRmE8j6lPrpB862blQL/3xWXacuaFqg+xT/JW9uNzpOy1Il8EivAuhu9kP9ku17pIt4biuldjslzqcF6lisbyEzMXqzsjZokB1D0baZ3s8WKKQ61BPXY5bx3/xTu+/2z7Z9s/2/7Z9l/Qdr9xAF4DvJn4HG4y743+264VZ8BZzGbJPm1mhPruVYNHbyj1janOV0z16WlzuaFltmpWdIy5aOeNgTDroS/0N7LAiA7Q+8ooneFFLUifbLHZX64MeCB6as8edk13MoUA64rd5JdP+qmBlzRFnnol2GXqmH8DE8V+eDKKNjbaeqL16jlCj4OvPX57hluQNOg489ORqPcIv+RAEtf0HMrd+XdujsdT43jiqO9NPoOOgz+cJTbDKXwSjtBG4XSOTbmutgtz4gJW+6g3yx9+9/+S+zDmsU7P2Gk+2caxMw1vZnR0rbsxjNKnhLlHg6inqxEH/oc4WpzdFxYxvz58YF07OWnexTDdAG05xhkikMULO8yU+PP0d4wxfguiNEk4u61gpuffrTlU6l2MQShV4Fw2CWwyCA7D1Kt5f7Y3KW5T4bVt74nEEHmpTlf0bsqtayMazLriC3U/nNZMEvGRpe5zNWfGOnpe7LRWUTEtOW7t/aQS3Ryichrq6ylC60ctRelhVB+cbgF7KwKlio5zMh4mtjZvJi+0T69N460MnP/Oh1fDUrel0EbWUlh6QOJE4ZU9HL5gRjXtoZeFn8TMev+DPL6/yTKxpiddZR5W9+f6oHVL1qRlO8Zpz64uu91PKw/B09+WhxDJ77JlaeEHybLCPylZlvv/lTrPUgK1ZOP+lNxm4lfq29xmgf0+t1kUv2ZAfx6xL7/99BHj/zBb/g9T1cO3gHCaepsG/wFQDP/g7sSnb/+Jv2K5EUtie+Lj7Iz3OXAhv6yXgzTN/C5t/tsj317kU3Y8h7Pjvzn27iU+WD3a0i++PTx9iBIfZ979XA4Wcd/H7S/wqOG9Sn94/h8VB/h8+A4aXX1cnvjUteVg3/pVl8BFv1wedO1Lg+nRRt/e/fPpwdcM8V9+J3OKEb7KmmLE376znyQf3bu68D+kfq+K+6cbJ8XD7z936PuCBZuOhq4VQ5X/ci/rR4ufmkaF38dd/4c1B/5HZQR+hnUJ31kX+YNSOdSXOifflKL4CaUDfli85Xvw+1+slfNbfZzLpyM/rpXztf7Np5I3l28q3vwD9W9+KJqPdp/r3xw7s7OivDKvU1Y46Ew8J+cX8qOax88rgPMPjegXvfyEliAIkfgLCFig8XeJWT6F5RfcdvlTWj7Xyyf90eDj0PtH8lOz9+/o4/v/Vf/5rbP88KCfneq7mgVOZ/znVMISf2DezI/M+2eUBvlbxZk+aYMVh0N773G3VyDU+KNa0r/r+H0tHfRTEPrb8aO/UNfP7OdH4/czCgV5ystsqemvfWg4hHSYd2b3+pEx/1tUdrn1fd0tvhtHLmPwC9z01xavj0w1EIUPtdsMNfj4CE9sAmHCr5Eg8OY8a/Hofy3Aq/yKa8J8GdvvBvIHw/2HY0t+HbiPwWV/YJwk8aNIhPqV+/vBGodoD0xXfiv7BaZzOzyiGLf4Lw== ================================================ FILE: auditlogs/export-auditlogs-to-Splunk/terraform/example/README.md ================================================ ## Тестовый скрипт terraform 1) Заполните файл variables.tf 2) Запустите: ``` terraform init terraform apply ``` Модуль выполнит следующие действия: 1) Создает сеть VPC 2) 3 подсети (по одной в зонах доступности: a,b,c) 3) Создает service account с ролью *storage.admin* для создания Bucket (Object Storage) 4) Создает статический ключ для данного sa 5) Создает бакет 6) Создает service account с правами *storage.editor* для дальнейшей работы с бакетом 7) После этого необходимо руками создать Audit Trails из UI и указать созданный бакет 8) Руками включить Egress NAT для подсети subnet-a (зайти в настройки подсети и в правом верхнем углу нажать "включить NAT") 9) Далее скрипт вызывает целевой модуль ================================================ FILE: auditlogs/export-auditlogs-to-Splunk/terraform/example/main.tf ================================================ //----------------------Подготовка тестовой инфраструктуры----------------------------------- //Генерация random-string для имени bucket--------------------------------------------------------- resource "random_string" "random" { length = 8 special = false upper = false } //Создание сети resource "yandex_vpc_network" "vpc-splunk" { name = "vpc-splunk" } //Создание подсетей resource "yandex_vpc_subnet" "splunk-subnet" { folder_id = var.folder_id count = 3 name = "app-splunk-${element(var.network_names, count.index)}" zone = element(var.zones, count.index) network_id = yandex_vpc_network.vpc-splunk.id v4_cidr_blocks = [element(var.app_cidrs, count.index)] } //Создание sa storage admin для создания Bucket for AuditTrail resource "yandex_iam_service_account" "sa-bucket-creator" { name = "sa-bucket-creator-${random_string.random.result}" folder_id = var.folder_id } //Создание стат ключа resource "yandex_iam_service_account_static_access_key" "sa-bucket-creator-sk" { service_account_id = yandex_iam_service_account.sa-bucket-creator.id } //Назначение прав для создания бакета resource "yandex_resourcemanager_folder_iam_binding" "storage_admin" { folder_id = var.folder_id role = "storage.admin" members = [ "serviceAccount:${yandex_iam_service_account.sa-bucket-creator.id}", ] } //Создание S3 bucket для AuditTrails resource "yandex_storage_bucket" "trail-bucket" { bucket = "trails-audit-log-bucket-${random_string.random.result}" access_key = yandex_iam_service_account_static_access_key.sa-bucket-creator-sk.access_key secret_key = yandex_iam_service_account_static_access_key.sa-bucket-creator-sk.secret_key } //Создание sa storage editor для работы от ELK с Bucket for AuditTrail resource "yandex_iam_service_account" "sa-bucket-editor" { name = "sa-bucket-editor-${random_string.random.result}" folder_id = var.folder_id } //Назначение прав для изменения бакета resource "yandex_resourcemanager_folder_iam_binding" "storage_editor" { folder_id = var.folder_id role = "storage.editor" members = [ "serviceAccount:${yandex_iam_service_account.sa-bucket-editor.id}", ] } //Обязательно включить AuditTrail в UI на созданный bucket //Обязательно включить Egress NAT для подсети COI в UI на созданный bucket //----------------------Вызов модулей----------------------------------- module "yc-splunk-trail" { source = "../modules/yc-splunk-trail/" #path to module yc-elastic-trail folder_id = var.folder_id splunk_token = var.splunk_token //выполнить команду: export TF_VAR_splunk_token= (заменить SPLUNK TOKEN на ваше значение) splunk_server = "https://84.252.128.64" //формат "https://" bucket_name = yandex_storage_bucket.trail-bucket.bucket // //указать имя bucket с trails если вызов не из example bucket_folder = "folder" //указанный при создании Trails sa_id = yandex_iam_service_account.sa-bucket-editor.id //указать sa с правами bucket_editor если вызов не из example coi_subnet_id = yandex_vpc_subnet.splunk-subnet[0].id //указать subnet_id если вызов не из example } ================================================ FILE: auditlogs/export-auditlogs-to-Splunk/terraform/example/provider.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.60" } } } provider "yandex" { service_account_key_file = var.token #token = var.token cloud_id = var.cloud_id folder_id = var.folder_id } ================================================ FILE: auditlogs/export-auditlogs-to-Splunk/terraform/example/variables.tf ================================================ //------------Служебные параметры terrafromf variable "token" { description = "Yandex Cloud security OAuth token" default = "key.json" #generate yours by this https://cloud.yandex.ru/docs/iam/concepts/authorization/oauth-token } variable "folder_id" { description = "Yandex Cloud Folder ID where resources will be created" default = "xxxxxx" #yc config get folder-id } variable "cloud_id" { description = "Yandex Cloud ID where resources will be created" default = "xxxxxx" #yc config get cloud-id } variable "splunk_token" { } //------------ variable "zones" { description = "Yandex Cloud default Zone for provisoned resources" type = list(string) default = ["ru-central1-a", "ru-central1-b", "ru-central1-c"] } variable "network_names" { description = "Yandex Cloud default Zone for provisoned resources" type = list(string) default = ["a", "b", "c"] } variable "app_cidrs" { type = list(string) default = ["192.168.1.0/24", "192.168.50.0/24", "192.168.70.0/24"] } ================================================ FILE: auditlogs/export-auditlogs-to-Splunk/terraform/modules/yc-splunk-trail/cloud-init_lin.tpl.yaml ================================================ #cloud-config #ssh_pwauth: no users: - name: yc-user sudo: ALL=(ALL) NOPASSWD:ALL groups: sudo shell: /bin/bash ssh_authorized_keys: - "${ssh_key}" ================================================ FILE: auditlogs/export-auditlogs-to-Splunk/terraform/modules/yc-splunk-trail/docker-declaration.yaml ================================================ spec: containers: - env: - name: SPLUNK_SERVER value: ${SPLUNK_SERVER} - name: S3_BUCKET value: ${S3_BUCKET} - name: S3_FOLDER value: ${S3_FOLDER} - name: SLEEP_TIME value: ${SLEEP_TIME} - name: PYTHONUNBUFFERED value: 1 - name: SPLUNK_TOKEN_ENCR value: ${SPLUNK_TOKEN_ENCR} - name: S3_KEY_ENCR value: ${S3_KEY_ENCR} - name: S3_SECRET_ENCR value: ${S3_SECRET_ENCR} - name: KMS_KEY_ID value: ${KMS_KEY_ID} image: cr.yandex/crpjfmfou6gflobbfvfv/s3-splunk-importer:1.0 name: my-container securityContext: privileged: false stdin: false tty: false restartPolicy: Always ================================================ FILE: auditlogs/export-auditlogs-to-Splunk/terraform/modules/yc-splunk-trail/main.tf ================================================ //Импортим sa data "yandex_iam_service_account" "bucket_sa" { service_account_id = var.sa_id } //Создаем static key resource "yandex_iam_service_account_static_access_key" "sa_static_key" { service_account_id = data.yandex_iam_service_account.bucket_sa.id description = "static access key for object storage" } //Работаем с ssh ключем resource "tls_private_key" "ssh" { algorithm = "RSA" rsa_bits = "4096" } resource "local_file" "private_key" { content = tls_private_key.ssh.private_key_pem filename = "pt_key.pem" file_permission = "0600" } data "template_file" "cloud_init_lin" { template = file("../modules/yc-splunk-trail/cloud-init_lin.tpl.yaml") vars = { ssh_key = "${chomp(tls_private_key.ssh.public_key_openssh)}" } } //Создаем docker-declaration data "template_file" "docker-declaration" { template = file("../modules/yc-splunk-trail/docker-declaration.yaml") vars = { SPLUNK_SERVER = "${var.splunk_server}:8088" S3_BUCKET = "${var.bucket_name}" S3_FOLDER = "${var.bucket_folder}" SLEEP_TIME = "300" SPLUNK_TOKEN_ENCR = "${yandex_kms_secret_ciphertext.encrypted_pass.ciphertext}" S3_KEY_ENCR = "${yandex_kms_secret_ciphertext.encrypted_s3_key.ciphertext}" S3_SECRET_ENCR = "${yandex_kms_secret_ciphertext.encrypted_s3_secret.ciphertext}" KMS_KEY_ID = "${yandex_kms_symmetric_key.key-elk.id}" } } //Развертывание Container-optimised image data "yandex_compute_image" "container-optimized-image" { family = "container-optimized-image" } resource "yandex_compute_instance" "instance-based-on-coi" { name = "splunk-sync" hostname = "splunk-sync" zone = "ru-central1-a" service_account_id = data.yandex_iam_service_account.bucket_sa.id boot_disk { initialize_params { image_id = data.yandex_compute_image.container-optimized-image.id type = "network-ssd" size = 100 } } network_interface { subnet_id = var.coi_subnet_id #не забыть включить NAT для subnet, где COI } resources { cores = 4 memory = 4 } metadata = { user-data = "${data.template_file.cloud_init_lin.rendered}" docker-container-declaration = "${data.template_file.docker-declaration.rendered}" } } //Создание KMS ключа resource "yandex_kms_symmetric_key" "key-elk" { name = "key-elk" description = "description for key" default_algorithm = "AES_128" } //Назначение роли на sa на расшифровку ключа resource "yandex_resourcemanager_folder_iam_binding" "binding" { folder_id = var.folder_id role = "kms.keys.encrypterDecrypter" members = [ "serviceAccount:${data.yandex_iam_service_account.bucket_sa.id}", ] } resource "yandex_kms_secret_ciphertext" "encrypted_pass" { key_id = yandex_kms_symmetric_key.key-elk.id plaintext = var.splunk_token } resource "yandex_kms_secret_ciphertext" "encrypted_s3_key" { key_id = yandex_kms_symmetric_key.key-elk.id plaintext = yandex_iam_service_account_static_access_key.sa_static_key.access_key } resource "yandex_kms_secret_ciphertext" "encrypted_s3_secret" { key_id = yandex_kms_symmetric_key.key-elk.id plaintext = yandex_iam_service_account_static_access_key.sa_static_key.secret_key } ================================================ FILE: auditlogs/export-auditlogs-to-Splunk/terraform/modules/yc-splunk-trail/variables.tf ================================================ variable "folder_id" { description = "Yandex Cloud Folder ID where resources will be created" default = "" #yc config get folder-id } variable "splunk_token" { default = "" } variable "splunk_server" { default = "" } variable "bucket_name" { default = "" } variable "bucket_folder" { default = "" } variable "sa_id" { description = "subnet_ids" default = "" } variable "coi_subnet_id" { description = "subnet_id" default = "" } ================================================ FILE: auditlogs/export-auditlogs-to-Splunk/terraform/modules/yc-splunk-trail/versions.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.60" } } } ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/README.md ================================================ ## Интеграция Yandex cloud с Wazuh Вашему вниманию представляется пример как можно интегрировать [Wazuh](https://wazuh.com/) для анализа [Yandex Audit Trails](https://cloud.yandex.ru/docs/audit-trails/) Прежде чем интегрировать давайте пройдем небольшой чек-лист: Необходимо - [Yandex Audit Trails](https://cloud.yandex.ru/docs/audit-trails/) - Terraform не ниже версии v1.1.3 - Packer не ниже версии v1.7.8 - YC_FOLDER_ID и YC_TOKEN ## Подготовка образа Прежде чем создавать инфраструктуру, необходимо собрать новый [образ](https://cloud.yandex.ru/docs/compute/concepts/image) с помощью [Packer](https://www.packer.io/plugins/builders/yandex) Меняем директорию ```shell cd packer ``` В базовой конфигурации в сборку будет включены два wodle, wodle это Wazuh module. Первый wodle для интеграции с Yandex Audit Trails и второй для сканирование [Yandex Object Storage](https://cloud.yandex.ru/docs/storage/) на предмет вирусов с помощью [ClamAV](https://www.clamav.net/) ### Основные переменные для Ansible роли ## Ansible variables `packages_to_install` - Список пакетов для установки: ```yanl packages_to_install: - python3-pip - awscli - apt-transport-https - curl - lsb-release - unzip - wget - libcap2-bin - software-properties-common - gnupg2 - net-tools - htop ``` `pip_packages_to_install` - Список python модулей, которые будут установлены в систему ```yaml pip_packages_to_install: - docker==4.2.0 - boto3 ``` `wazuh_pip_packages` - Список python модулей, которые будут установлены для внутреннего framework ```yaml wazuh_pip_packages: - clamd ``` `clamav_packages` - Список пакетов для интеграции с ClamAV ```yaml clamav_packages: - clamav-daemon - clamav-freshclam - clamav ``` `wazuh_version` - Версия Wazuh ```yaml wazuh_version: "4.3" ``` `yandex_wazuh_app_url` - Url для Kibana приложения ```yaml yandex_wazuh_app_url: "https://artifacts.comcloud.xyz/wazuh-1.2.0.zip" ``` `local_mirror` - Настройка использования локального зеркала для ClamAV ```yaml local_mirror: true ``` `local_mirror_url` - Доменное имя локального зеркала ```yaml local_mirror_url: "clamav.comcloud.xyz" ``` `use_clamav` - Использовать или нет интеграцию с ClamAV ```yaml use_clamav: true ``` `yandex_wodle_url` - URL где расположен wodle для интеграции с Yandex Audit Trails(на данный момент менять не нужно) ```yaml yandex_wodle_url: "https://artifacts.comcloud.xyz/yandex.py" ``` Фактически при использовании настроек по-умолчанию вы получите полностью настроенный образ со всеми интеграциями Далее необходимо клонировать правила для Yandex cloud, переходим в директорию `ansible/roles/wazuh/files` и клонируем с github(необходимо использовать последний [релиз](https://github.com/opennix-solutions/wazuh-yandex-cloud-rules/releases)) ```shell cd ansible/roles/wazuh/files git clone --depth 1 --branch v0.1.0 https://github.com/opennix-solutions/wazuh-yandex-cloud-rules.git rules ``` После настройки переменных можно приступать к сборке, начале экспортируем переменные ```shell export YC_TOKEN=$(yc iam create-token) export YC_FOLDER_ID=$(yc config get folder-id) ``` После этого перейдите обратно в директорию packer и запускаем сборку образа(запускаем в папке `packer`) ```shell packer build . ``` После сборки вы получите id нового образа ```shell ==> Builds finished. The artifacts of successful builds are: --> yandex.wazuh: A disk image was created: wazuh-19-aug-22-03-25-59 (id: fd84rq5trb9f3sck0vqk) with family name ``` После того как мы собрали образ, можно приступать к разворачиванию инфраструктуры Переходим в директорию `terraform/deployment` и задаем переменные такие как, - folder_id - cloud_id - image_id Инициализируем ```shell terraform init ``` Выполняем plan ```shell terraform plan ``` Проверьте результат и запустите разворачивание ```shell terraform apply ``` После завершения Wazuh WebUI будет доступна по адресу https://${lb_ip} ## Логины и пароли Все логины и пароли хранятся локально на сервере в архиве `/var/ossec/wazuh-install-files.tar` Подключитесь по ssh к серверу, перейдите в папку /var/ossec/ и распакуйте архив. ```shell ssh ubuntu@ ``` ## Схема ![Yandex Trail](./img/wazuh_yandex.png) ## Настройка Yandex Audit Trails Перейдите в Yandex cloud webui ![Yandex Cloud](img/yandex_main.png) Перейдите в Audit Trails ![Yandex Trail](img/yc_audit.png) Создайте новый tail ![Yandex Trail](img/new_tail.png) Заполните следующие поля Name/Имя - Имя Trail например wazuh Resource/Ресурс - Выбираем нужное, в моем случае я выбрал Облако Cloud/Облако - выбираем ваше облако Folders/Каталоги - выбираем нужные каталоги Destination/Назначение - выбираем Object storage Bucket/Бакет - Выбираем бакет которые был создан через terraform Object prefix/Префикс объекта - Префикс задаем wazuh Service account/Сервисный аккаунт - Выбираем сервис аккаунт, который был создан через terraform После этого наживаем создать. Через некоторое время Audit Trail начнет писать события в бакет ## Wazuh WebUI Yandex application В реализации используется оригинальное Wazuh kibana приложение с добавлением специфики для Yandex cloud ![Yandex Trail](./img/wazuh_main.png) При нажатии на иконку "Yandex cloud" и при наличии trails вы должны видеть примерно следующую картину ![Yandex Trail](./img/yandex_dashboard.png) При переходе к событиям(Events), появляется возможность поиска в классическом синтаксисе Например последние события ![Yandex Trail](./img/yandex_events.png) Так же если включена интеграция с ClamAV, то мы можем искать уже события связанные с обнаружением вирусов в бакетах Для этого с главного экрана нужно перейти в Security events и далее выбрать Events ![Yandex Trail](./img/yandex_clamav.png) В данном примере мы видим следующее: `data.url` который нам показывает что по пути `~/tmp/scan/clamav/eicarcom2.zip` найден вирус Win.Test.EICAR_HDB-1(e4968ef99266df7c9a1f0637d2389dab:308) в архиве eicarcom2.zip. Путь до вируса формируется следующим образом `base_directory/bucket_name/object_name`, в примере выше вирус был найден в бакете clamav. После сканирования папка очищается тем самым локально не хранятся вирусы. Впоследствии такой подход будет изменен на более оптимальный ## Авторские права и отказ от ответственности ЭТА ПРОГРАММА ПРЕДОСТАВЛЕНА ВЛАДЕЛЬЦАМИ АВТОРСКИХ ПРАВ И/ИЛИ ДРУГИМИ СТОРОНАМИ «КАК ОНА ЕСТЬ» БЕЗ КАКОГО-ЛИБО ВИДА ГАРАНТИЙ, ВЫРАЖЕННЫХ ЯВНО ИЛИ ПОДРАЗУМЕВАЕМЫХ, ВКЛЮЧАЯ, НО НЕ ОГРАНИЧИВАЯСЬ ИМИ, ПОДРАЗУМЕВАЕМЫЕ ГАРАНТИИ КОММЕРЧЕСКОЙ ЦЕННОСТИ И ПРИГОДНОСТИ ДЛЯ КОНКРЕТНОЙ ЦЕЛИ. НИ В КОЕМ СЛУЧАЕ НИ ОДИН ВЛАДЕЛЕЦ АВТОРСКИХ ПРАВ И НИ ОДНО ДРУГОЕ ЛИЦО, КОТОРОЕ МОЖЕТ ИЗМЕНЯТЬ И/ИЛИ ПОВТОРНО РАСПРОСТРАНЯТЬ ПРОГРАММУ, КАК БЫЛО СКАЗАНО ВЫШЕ, НЕ НЕСЁТ ОТВЕТСТВЕННОСТИ, ВКЛЮЧАЯ ЛЮБЫЕ ОБЩИЕ, СЛУЧАЙНЫЕ, СПЕЦИАЛЬНЫЕ ИЛИ ПОСЛЕДОВАВШИЕ УБЫТКИ, ВСЛЕДСТВИЕ ИСПОЛЬЗОВАНИЯ ИЛИ НЕВОЗМОЖНОСТИ ИСПОЛЬЗОВАНИЯ ПРОГРАММЫ (ВКЛЮЧАЯ, НО НЕ ОГРАНИЧИВАЯСЬ ПОТЕРЕЙ ДАННЫХ, ИЛИ ДАННЫМИ, СТАВШИМИ НЕПРАВИЛЬНЫМИ, ИЛИ ПОТЕРЯМИ, ПРИНЕСЕННЫМИ ИЗ-ЗА ВАС ИЛИ ТРЕТЬИХ ЛИЦ, ИЛИ ОТКАЗОМ ПРОГРАММЫ РАБОТАТЬ СОВМЕСТНО С ДРУГИМИ ПРОГРАММАМИ), ДАЖЕ ЕСЛИ ТАКОЙ ВЛАДЕЛЕЦ ИЛИ ДРУГОЕ ЛИЦО БЫЛИ ИЗВЕЩЕНЫ О ВОЗМОЖНОСТИ ТАКИХ УБЫТКОВ. ## Ссылки [Wazuh Documentation](https://documentation.wazuh.com/current/index.html) [Yandex Audit Trails](https://cloud.yandex.ru/docs/audit-trails/) [Wazuh Yandex RuleSet](https://github.com/opennix-solutions/wazuh-yandex-cloud-rules) [Wazuh Prometheus exporter](https://github.com/pyToshka/wazuh-prometheus-exporter) [Wazuh Docker agent](https://github.com/pyToshka/docker-wazuh-agent) [Wazuh Terraform module for kubernetes](https://github.com/pyToshka/terraform-wazuh-kubernetes-module) внимание в данном модуле нет интеграции с Yandex Cloud ## Создатель и кого пинговать [pyToshka](https://github.com/pyToshka) ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/README_RU.md ================================================ ## Интеграция Yandex cloud с Wazuh Вашему вниманию представляется пример как можно интегрировать [Wazuh](https://wazuh.com/) для анализа [Yandex Audit Trails](https://cloud.yandex.ru/docs/audit-trails/) Прежде чем интегрировать давайте пройдем небольшой чек-лист: Необходимо - [Yandex Audit Trails](https://cloud.yandex.ru/docs/audit-trails/) - Terraform не ниже версии v1.1.3 - Packer не ниже версии v1.7.8 - YC_FOLDER_ID и YC_TOKEN ## Подготовка образа Прежде чем создавать инфраструктуру, необходимо собрать новый [образ](https://cloud.yandex.ru/docs/compute/concepts/image) с помощью [Packer](https://www.packer.io/plugins/builders/yandex) Меняем директорию ```shell cd packer ``` В базовой конфигурации в сборку будет включены два wodle, wodle это Wazuh module. Первый wodle для интеграции с Yandex Audit Trails и второй для сканирование [Yandex Object Storage](https://cloud.yandex.ru/docs/storage/) на предмет вирусов с помощью [ClamAV](https://www.clamav.net/) ### Основные переменные для Ansible роли ## Ansible variables `packages_to_install` - Список пакетов для установки: ```yanl packages_to_install: - python3-pip - awscli - apt-transport-https - curl - lsb-release - unzip - wget - libcap2-bin - software-properties-common - gnupg2 - net-tools - htop ``` `pip_packages_to_install` - Список python модулей, которые будут установлены в систему ```yaml pip_packages_to_install: - docker==4.2.0 - boto3 ``` `wazuh_pip_packages` - Список python модулей, которые будут установлены для внутреннего framework ```yaml wazuh_pip_packages: - clamd ``` `clamav_packages` - Список пакетов для интеграции с ClamAV ```yaml clamav_packages: - clamav-daemon - clamav-freshclam - clamav ``` `wazuh_version` - Версия Wazuh ```yaml wazuh_version: "4.3" ``` `yandex_wazuh_app_url` - Url для Kibana приложения ```yaml yandex_wazuh_app_url: "https://artifacts.comcloud.xyz/wazuh-1.2.0.zip" ``` `local_mirror` - Настройка использования локального зеркала для ClamAV ```yaml local_mirror: true ``` `local_mirror_url` - Доменное имя локального зеркала ```yaml local_mirror_url: "clamav.comcloud.xyz" ``` `use_clamav` - Использовать или нет интеграцию с ClamAV ```yaml use_clamav: true ``` `yandex_wodle_url` - URL где расположен wodle для интеграции с Yandex Audit Trails(на данный момент менять не нужно) ```yaml yandex_wodle_url: "https://artifacts.comcloud.xyz/yandex.py" ``` Фактически при использовании настроек по-умолчанию вы получите полностью настроенный образ со всеми интеграциями Далее необходимо клонировать правила для Yandex cloud, переходим в директорию `ansible/roles/wazuh/files` и клонируем с github(необходимо использовать последний [релиз](https://github.com/opennix-solutions/wazuh-yandex-cloud-rules/releases)) ```shell cd ansible/roles/wazuh/files git clone --depth 1 --branch v0.1.0 https://github.com/opennix-solutions/wazuh-yandex-cloud-rules.git rules ``` После настройки переменных можно приступать к сборке, начале экспортируем переменные ```shell export YC_TOKEN=$(yc iam create-token) export YC_FOLDER_ID=$(yc config get folder-id) ``` После этого запускаем сборку образа(запускаем в папке `packer`) ```shell packer build . ``` После сборки вы получите id нового образа ```shell ==> Builds finished. The artifacts of successful builds are: --> yandex.wazuh: A disk image was created: wazuh-19-aug-22-03-25-59 (id: fd84rq5trb9f3sck0vqk) with family name ``` После того как мы собрали образ, можно приступать к разворачиванию инфраструктуры Переходим в директорию `terraform/deployment` и задаем переменные такие как, - folder_id - cloud_id - image_id Инициализируем ```shell terraform init ``` Выполняем plan ```shell terraform plan ``` Проверьте результат и запустите разворачивание ```shell terraform apply ``` После завершения Wazuh WebUI будет доступна по адресу https://${lb_ip} ## Логины и пароли Все логины и пароли хранятся локально на сервере в архиве `/var/ossec/wazuh-install-files.tar` Подключитесь по ssh к серверу, перейдите в папку /var/ossec/ и распакуйте архив. ## Настройка Yandex Audit Trails Перейдите в Yandex cloud webui ![Yandex Cloud](img/yandex_main.png) Перейдите в Audit Trails ![Yandex Trail](img/yc_audit.png) Создайте новый tail ![Yandex Trail](img/new_tail.png) Заполните следующие поля Name/Имя - Имя Trail например wazuh Resource/Ресурс - Выбираем нужное, в моем случае я выбрал Облако Cloud/Облако - выбираем ваше облако Folders/Каталоги - выбираем нужные каталоги Destination/Назначение - выбираем Object storage Bucket/Бакет - Выбираем бакет которые был создан через terraform Object prefix/Префикс объекта - Префикс задаем wazuh Service account/Сервисный аккаунт - Выбираем сервис аккаунт, который был создан через terraform После этого наживаем создать. Через некоторое время Audit Trail начнет писать события в бакет ## Wazuh WebUI Yandex application В реализации используется оригинальное Wazuh kibana приложение с добавлением специфики для Yandex cloud ![Yandex Trail](./img/wazuh_main.png) При нажатии на иконку "Yandex cloud" и при наличии trails вы должны видеть примерно следующую картину ![Yandex Trail](./img/yandex_dashboard.png) При переходе к событиям(Events), появляется возможность поиска в классическом синтаксисе Например последние события ![Yandex Trail](./img/yandex_events.png) Так же если включена интеграция с ClamAV, то мы можем искать уже события связанные с обнаружением вирусов в бакетах Для этого с главного экрана нужно перейти в Security events и далее выбрать Events ![Yandex Trail](./img/yandex_clamav.png) В данном примере мы видим следующее: `data.url` который нам показывает что по пути `~/tmp/scan/clamav/eicarcom2.zip` найден вирус Win.Test.EICAR_HDB-1(e4968ef99266df7c9a1f0637d2389dab:308) в архиве eicarcom2.zip. Путь до вируса формируется следующим образом `base_directory/bucket_name/object_name`, в примере выше вирус был найден в бакете clamav. После сканирования папка очищается тем самым локально не хранятся вирусы. Впоследствии такой подход будет изменен на более оптимальный ## Авторские права и отказ от ответственности ЭТА ПРОГРАММА ПРЕДОСТАВЛЕНА ВЛАДЕЛЬЦАМИ АВТОРСКИХ ПРАВ И/ИЛИ ДРУГИМИ СТОРОНАМИ «КАК ОНА ЕСТЬ» БЕЗ КАКОГО-ЛИБО ВИДА ГАРАНТИЙ, ВЫРАЖЕННЫХ ЯВНО ИЛИ ПОДРАЗУМЕВАЕМЫХ, ВКЛЮЧАЯ, НО НЕ ОГРАНИЧИВАЯСЬ ИМИ, ПОДРАЗУМЕВАЕМЫЕ ГАРАНТИИ КОММЕРЧЕСКОЙ ЦЕННОСТИ И ПРИГОДНОСТИ ДЛЯ КОНКРЕТНОЙ ЦЕЛИ. НИ В КОЕМ СЛУЧАЕ НИ ОДИН ВЛАДЕЛЕЦ АВТОРСКИХ ПРАВ И НИ ОДНО ДРУГОЕ ЛИЦО, КОТОРОЕ МОЖЕТ ИЗМЕНЯТЬ И/ИЛИ ПОВТОРНО РАСПРОСТРАНЯТЬ ПРОГРАММУ, КАК БЫЛО СКАЗАНО ВЫШЕ, НЕ НЕСЁТ ОТВЕТСТВЕННОСТИ, ВКЛЮЧАЯ ЛЮБЫЕ ОБЩИЕ, СЛУЧАЙНЫЕ, СПЕЦИАЛЬНЫЕ ИЛИ ПОСЛЕДОВАВШИЕ УБЫТКИ, ВСЛЕДСТВИЕ ИСПОЛЬЗОВАНИЯ ИЛИ НЕВОЗМОЖНОСТИ ИСПОЛЬЗОВАНИЯ ПРОГРАММЫ (ВКЛЮЧАЯ, НО НЕ ОГРАНИЧИВАЯСЬ ПОТЕРЕЙ ДАННЫХ, ИЛИ ДАННЫМИ, СТАВШИМИ НЕПРАВИЛЬНЫМИ, ИЛИ ПОТЕРЯМИ, ПРИНЕСЕННЫМИ ИЗ-ЗА ВАС ИЛИ ТРЕТЬИХ ЛИЦ, ИЛИ ОТКАЗОМ ПРОГРАММЫ РАБОТАТЬ СОВМЕСТНО С ДРУГИМИ ПРОГРАММАМИ), ДАЖЕ ЕСЛИ ТАКОЙ ВЛАДЕЛЕЦ ИЛИ ДРУГОЕ ЛИЦО БЫЛИ ИЗВЕЩЕНЫ О ВОЗМОЖНОСТИ ТАКИХ УБЫТКОВ. ## Ссылки [Wazuh Documentation](https://documentation.wazuh.com/current/index.html) [Yandex Audit Trails](https://cloud.yandex.ru/docs/audit-trails/) [Wazuh Yandex RuleSet](https://github.com/opennix-solutions/wazuh-yandex-cloud-rules) [Wazuh Prometheus exporter](https://github.com/pyToshka/wazuh-prometheus-exporter) [Wazuh Docker agent](https://github.com/pyToshka/docker-wazuh-agent) [Wazuh Terraform module for kubernetes](https://github.com/pyToshka/terraform-wazuh-kubernetes-module) внимание в данном модуле нет интеграции с Yandex Cloud ## Создатель и кого пинговать [pyToshka](https://github.com/pyToshka) ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/README.md ================================================ # Packer template for building Yandex Image Packer template for building all-in-one Wazuh image for Yandex cloud ## Preparing Checkout wazuh rules ```shell cd ansible/roles/wazuh/files git clone --depth 1 --branch v0.1.0 https://github.com/opennix-solutions/wazuh-yandex-cloud-rules.git rules ``` ## Ansible variables `packages_to_install` - Deb packages for installation default: ```yanl packages_to_install: - python3-pip - awscli - apt-transport-https - curl - lsb-release - unzip - wget - libcap2-bin - software-properties-common - gnupg2 - net-tools - htop ``` `pip_packages_to_install` - Python libraries for installations default ```yaml pip_packages_to_install: - docker==4.2.0 - boto3 ``` `wazuh_pip_packages` - List of packages for Wazuh internal python default: ```yaml wazuh_pip_packages: - clamd ``` `clamav_packages` - List of ClamAv packages(optional) default ```yaml clamav_packages: - clamav-daemon - clamav-freshclam - clamav ``` `wazuh_version` - Wazuh version default ```yaml wazuh_version: "4.3" ``` `yandex_wazuh_app_url` - Custom Wazuh application for Yandex cloud ```yaml yandex_wazuh_app_url: "https://artifacts.comcloud.xyz/wazuh-1.2.0.zip" ``` `local_mirror` - Use or Not ClamAv local mirror, default ```yaml local_mirror: true ``` `local_mirror_url` - Local mirror domain name ```yaml local_mirror_url: "clamav.comcloud.xyz" ``` `use_clamav` - Use integration between Yandex S3 and ClamAV default ```yaml use_clamav: true ``` ```yaml yandex_wodle_url: url for Yandex wodle ``` ## How to build image Export system variables ```shell export YC_TOKEN=$(yc iam create-token) export YC_FOLDER_ID=$(yc config get folder-id) ``` Run packer build ```shell packer build . ``` ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/ansible.cfg ================================================ [defaults] allow_world_readable_tmpfiles = True ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/playbook.yaml ================================================ --- # playbook.yml - name: 'Provision Image' hosts: default become: true roles: - role: "roles/wazuh" ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/configs/local_internal_options.conf ================================================ # local_internal_options.conf # # This file should be handled with care. It contains # run time modifications that can affect the use # of OSSEC. Only change it if you know what you # are doing. Look first at ossec.conf # for most of the things you want to change. # # This file will not be overwritten during upgrades. sca.remote_commands=1 ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/configs/ossec.conf ================================================ yes yes no no no smtp.example.wazuh.com wazuh@example.wazuh.com recipient@example.wazuh.com 12 alerts.log 10m 0 131072 3 12 100000 1000 plain secure 1514 tcp 131072 no yes yes yes yes yes yes yes 43200 etc/rootcheck/rootkit_files.txt etc/rootcheck/rootkit_trojans.txt yes yes 1800 1d yes wodles/java wodles/ciscat no yandex-cloudtrail /bin/bash /var/ossec/wodles/yandex/yandex 1m yes yes 0 no yes yes /var/log/osquery/osqueryd.results.log /etc/osquery/osquery.conf yes yes 10m yes yes wazuh /cnp8bjbhhi1eoob9ik9m/ no 1h yes yes yes yes yes yes yes 10 yes yes 12h yes yes 5m 6h yes yes trusty xenial bionic focal jammy 1h yes stretch buster bullseye 1h yes 5 6 7 8 9 1h yes amazon-linux amazon-linux-2 1h yes 1h yes 1h yes 2010 1h no 43200 yes yes no /etc,/usr/bin,/usr/sbin /bin,/sbin,/boot /etc/mtab /etc/hosts.deny /etc/mail/statistics /etc/random-seed /etc/random.seed /etc/adjtime /etc/httpd/logs /etc/utmpx /etc/wtmpx /etc/cups/certs /etc/dumpdates /etc/svc/volatile .log$|.swp$ /etc/ssl/private.key yes yes yes yes 10 100 yes 5m 1h 10 127.0.0.1 ^localhost.localdomain$ 127.0.0.53 disable-account disable-account yes restart-wazuh restart-wazuh firewall-drop firewall-drop yes host-deny host-deny yes route-null route-null yes win_route-null route-null.exe yes netsh netsh.exe yes firewall-drop local 5712,5710,5758 1800 60,120,180 command df -P 360 full_command netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d netstat listening ports 360 syslog /var/ossec/logs/active-responses.log full_command last -n 20 360 ruleset/decoders ruleset/rules 0215-policy_rules.xml etc/lists/audit-keys etc/lists/amazon/aws-eventnames etc/lists/security-eventchannel etc/decoders etc/rules yes 1 64 15m no 1515 no yes no HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH no etc/sslmanager.cert etc/sslmanager.key no wazuh node01 master 1516 0.0.0.0 NODE_IP no yes syslog /var/ossec/logs/active-responses.log syslog /var/log/auth.log syslog /var/log/syslog syslog /var/log/dpkg.log syslog /var/log/kern.log ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/decoders/local_decoder.xml ================================================ local_decoder_example ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/local_internal_options.conf ================================================ # local_internal_options.conf # # This file should be handled with care. It contains # run time modifications that can affect the use # of OSSEC. Only change it if you know what you # are doing. Look first at ossec.conf # for most of the things you want to change. # # This file will not be overwritten during upgrades. sca.remote_commands=1 ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/agent-template.conf ================================================ ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/ar.conf ================================================ restart-ossec0 - restart-ossec.sh - 0 restart-ossec0 - restart-ossec.cmd - 0 restart-wazuh0 - restart-ossec.sh - 0 restart-wazuh0 - restart-ossec.cmd - 0 restart-wazuh0 - restart-wazuh - 0 restart-wazuh0 - restart-wazuh.exe - 0 firewall-drop1800 - firewall-drop - 1800 ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/agent.conf ================================================ yes yes 24h yes /var/ossec/etc/shared/log4j_check.yml /var/ossec/etc/shared/bpfdoor_check.yml ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/bpfdoor_check.yml ================================================ policy: id: "bpfdoor_check" file: "bpfdoor_check.yml" name: "BPFDoor backdoor malware check" description: "Checking BPFDoor malware infection for Unix/Linux based systems." requirements: title: "Checking for BPFDoor observables on Unix/Linux based systems." description: "Check that system is Unix/Linux based." condition: any rules: - 'f:/etc/passwd' checks: - id: 19900 title: "Check for BPFDoor malware observables in the \"/var/run/\" directory" description: "Check for BPFdoor artifacts on Unix/Linux based systems." condition: none rules: - 'c:find /var/run/ -name "haldrund.pid" -> r:/var/run/haldrund.pid$' - 'c:find /var/run/ -name "kdevrund.pid" -> r:/var/run/kdevrund.pid$' - 'c:find /var/run/ -name "xinetd.lock" -> r:/var/run/xinetd.lock$' - 'c:find /var/run/ -name "syslogd.reboot" -> r:/var/run/syslogd.reboot$' ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/cis_apache2224_rcl.txt ================================================ # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2017 # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://github.com/ossec/ossec-hids/blob/master/LICENSE # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - p (process running) # - d (any file inside the directory) # # Additional values: # For the registry , use "->" to look for a specific entry and another # "->" to look for the value. # For files, use "->" to look for a specific value in the file. # # Values can be preceeded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for Apache Https Server # Based on Center for Internet Security Benchmark for Apache HttpSserver 2.4 v1.3.1 and Apache HttpsServer 2.2 v3.4.1 (https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308) # # $main-conf=/etc/apache2/apache2.conf,/etc/httpd/conf/httpd.conf; $conf-dirs=/etc/apache2/conf-enabled,/etc/apache2/mods-enabled,/etc/apache2/sites-enabled,/etc/httpd/conf.d,/etc/httpd/modsecurity.d; $ssl-confs=/etc/apache2/mods-enabled/ssl.conf,/etc/httpd/conf.d/ssl.conf; $mods-en=/etc/apache2/mods-enabled; $request-confs=/etc/httpd/conf/httpd.conf,/etc/apache2/mods-enabled/reqtimeout.conf; $traceen=/etc/apache2/apache2.conf,/etc/httpd/conf/httpd.conf,/etc/apache2/conf-enabled/security.conf; # # #2.3 Disable WebDAV Modules [CIS - Apache Configuration - 2.3: WebDAV Modules are enabled] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^# && r:loadmodule\sdav; d:$conf-dirs -> load -> !r:^# && r:loadmodule\sdav; f:/etc/httpd/conf.d -> !r:^# && r:loadmodule\sdav; d:$mods-en -> dav.load; # # #2.4 Disable Status Module [CIS - Apache Configuration - 2.4: Status Module is enabled] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^# && r:loadmodule\sstatus; d:$conf-dirs -> load -> !r:^# && r:loadmodule\sstatus; f:/etc/httpd/conf.d -> !r:^# && r:loadmodule\sstatus; d:$mods-en -> status.load; # # #2.5 Disable Autoindex Module [CIS - Apache Configuration - 2.5: Autoindex Module is enabled] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^# && r:loadmodule\sautoindex; d:$conf-dirs -> load -> !r:^# && r:loadmodule\sautoindex; f:/etc/httpd/conf.d -> !r:^# && r:loadmodule\sautoindex; d:$mods-en -> autoindex.load; # # #2.6 Disable Proxy Modules [CIS - Apache Configuration - 2.6: Proxy Modules are enabled] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^# && r:loadmodule\sproxy; d:$conf-dirs -> load -> !r:^# && r:loadmodule\sproxy; f:/etc/httpd/conf.d -> !r:^# && r:loadmodule\sproxy; d:$mods-en -> proxy.load; # # #2.7 Disable User Directories Modules [CIS - Apache Configuration - 2.7: User Directories Modules are enabled] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^# && r:loadmodule\suserdir; d:$conf-dirs -> load -> !r:^# && r:loadmodule\suserdir; f:/etc/httpd/conf.d -> !r:^# && r:loadmodule\suserdir; d:$mods-en -> userdir.load; # # #2.8 Disable Info Module [CIS - Apache Configuration - 2.8: Info Module is enabled] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^# && r:loadmodule\sinfo; d:$conf-dirs -> load -> !r:^# && r:loadmodule\sinfo; d:$conf-dirs -> conf -> !r:^# && r:loadmodule\sinfo; d:$mods-en -> info.load; # # #3.2 Give the Apache User Account an Invalid Shell [CIS - Apache Configuration - 3.2: Apache User Account has got a valid shell] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:/etc/passwd -> r:/var/www && !r:\.*/bin/false$|/sbin/nologin$; # # #3.3 Lock the Apache User Account [CIS - Apache Configuration - 3.3: Lock the Apache User Account] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:/etc/shadow -> r:^daemon|^wwwrun|^www-data|^apache && !r:\p!\.*$; # # #4.4 Restrict Override for All Directories [CIS - Apache Configuration - 4.4: Restrict Override for All Directories] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^# && !r:\w+ && r:allowoverride && !r:none$; d:$conf-dirs -> conf -> !r:^# && !r:\w+ && r:allowoverridelist; f:$main-conf -> !r:^# && !r:\w+ && r:allowoverride && !r:none$; f:$main-conf -> !r:^# && !r:\w+ && r:allowoverridelist; # # #5.3 Minimize Options for Other Directories [CIS - Apache Configuration - 5.3: Minimize Options for other directories] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^# && r:options\sincludes; f:$main-conf -> !r:^# && r:options\sincludes; # # #5.4.1 Remove default index.html sites [CIS - Apache Configuration - 5.4.1: Remove default index.html sites] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:/var/www -> index.html; d:/var/www/html -> index.html; # # #5.4.2 Remove the Apache user manual [CIS - Apache Configuration - 5.4.2: Remove the Apache user manual] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:/etc/httpd/conf.d -> manual.conf; d:/etc/apache2/conf-enabled -> apache2-doc.conf; # # #5.4.5 Verify that no Handler is enabled [CIS - Apache Configuration - 5.4.5: A Handler is configured] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^# && r:/wsethandler; f:$main-conf -> !r:^# && r:/wsethandler; # # #5.5 Remove default CGI content printenv [CIS - Apache Configuration - 5.5: Remove default CGI content printenv] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:/var/www/cgi-bin -> printenv; d:/usr/lib/cgi-bin -> printenv; # # #5.6 Remove default CGI content test-cgi [CIS - Apache Configuration - 5.6: Remove default CGI content test-cgi] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:/var/www/cgi-bin -> test-cgi; d:/usr/lib/cgi-bin -> test-cgi; # # #5.7 Limit HTTP Request Method [CIS - Apache Configuration - 5.7: Disable HTTP Request Method] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$main-conf -> !r:; # # #5.8 Disable HTTP Trace Method [CIS - Apache Configuration - 5.8: Disable HTTP Trace Method] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$traceen -> !r:^# && r:traceenable\s+on\s*$; # # #5.9 Restrict HTTP Protocol Versions [CIS - Apache Configuration - 5.9: Restrict HTTP Protocol Versions] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:/etc/httpd/conf/httpd.conf -> !r:loadmodule\srewrite; d:$mods-en -> !f:rewrite.load; f:$main-conf -> !r:rewriteengine\son; f:$main-conf -> !r:rewritecond && !r:%{THE_REQUEST} && !r:!HTTP/1\\.1\$; f:$main-conf -> !r:rewriterule && !r:.* - [F]; # # #5.12 Deny IP Address Based Requests [CIS - Apache Configuration - 5.12: Deny IP Address Based Requests] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:/etc/httpd/conf/httpd.conf -> !r:loadmodule\srewrite; d:$mods-en -> !f:rewrite.load; f:$main-conf -> !r:rewriteengine\son; f:$main-conf -> !r:rewritecond && !r:%{HTTP_HOST} && !r:www\\.\w+\\.\w+ [NC]$; f:$main-conf -> !r:rewritecond && !r:%{REQUEST_URI} && !r:/error [NC]$; f:$main-conf -> !r:rewriterule && !r:.\(.*\) - [L,F]$; # # #5.13 Restrict Listen Directive [CIS - Apache Configuration - 5.13: Restrict Listen Directive] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^# && r:listen\s80$; d:$conf-dirs -> conf -> !r:^# && r:listen\s0.0.0.0\p80; d:$conf-dirs -> conf -> !r:^# && r:listen\s[\p\pffff\p0.0.0.0]\p80; f:$main-conf -> !r:^# && r:listen\s80$; f:$main-conf -> !r:^# && r:listen\s0.0.0.0\p\d*; f:$main-conf -> !r:^# && r:listen\s[\p\pffff\p0.0.0.0]\p\d*; f:/etc/apache2/sites-enabled/000-default.conf -> !r:^# && r:listen\s80$; f:/etc/apache2/sites-enabled/000-default.conf -> !r:^# && r:listen\s0.0.0.0\p\d*; f:/etc/apache2/sites-enabled/000-default.conf -> !r:^# && r:listen\s[\p\pffff\p0.0.0.0]\p\d*; f:/etc/apache2/ports.conf -> !r:^# && r:listen\s80$; f:/etc/apache2/ports.conf -> !r:^# && r:listen\s0.0.0.0\p\d*; f:/etc/apache2/ports.conf -> !r:^# && r:listen\s[\p\pffff\p0.0.0.0]\p\d*; # # #5.14 Restrict Browser Frame Options [CIS - Apache Configuration - 5.14: Restrict Browser Frame Options] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$main-conf -> !r:header\salways\sappend\sx-frame-options && !r:sameorigin|deny; # # #6.1 Configure the Error Log to notice at least [CIS - Apache Configuration - 6.1: Configure the Error Log to notice at least] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$main-conf -> !r:^# && r:loglevel\snotice\score\p && r:warn|emerg|alert|crit|error|notice; f:$main-conf -> !r:loglevel\snotice\score\p && !r:info|debug; # # #6.2 Configure a Syslog facility for Error Log [CIS - Apache Configuration - 6.2: Configure a Syslog facility for Error Log] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$main-conf -> !r:errorlog\s+\p*syslog\p\.*\p*; # # #7.6 Disable SSL Insecure Renegotiation [CIS - Apache Configuration - 7.6: Disable SSL Insecure Renegotiation] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$ssl-confs -> !r:^\t*\s*# && r:sslinsecurerenegotiation\s+on\s*; f:$ssl-confs -> !r:^\t*\s*# && r:sslinsecurerenegotiation\s*$; # # #7.7 Ensure SSL Compression is not enabled [CIS - Apache Configuration - 7.7: Ensure SSL Compression is not enabled] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$ssl-confs -> !r:^\t*\s*# && r:sslcompression\s+on\s*; f:$ssl-confs -> !r:^\t*\s*# && r:sslcompression\s*$; # # #7.8 Disable SSL TLS v1.0 Protocol [CIS - Apache Configuration - 7.8: Disable insecure TLS Protocol] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$ssl-confs -> !r:^\t*\s*sslprotocol; f:$ssl-confs -> !r:^\t*\s*# && r:sslprotocol\s+all; f:$ssl-confs -> !r:^\t*\s*# && r:sslprotocol\s+\.*tlsv1\P\s*; f:$ssl-confs -> !r:^\t*\s*# && r:sslprotocol\s+\.*sslv2\P\s*; f:$ssl-confs -> !r:^\t*\s*# && r:sslprotocol\s+\.*sslv3\P\s*; # # #7.9 Enable OCSP Stapling [CIS - Apache Configuration - 7.9: Enable OCSP Stapling] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:/etc/httpd/conf/httpd.conf -> !r:^loadmodule\s+ssl; d:$mods-en -> !f:ssl.load; f:$ssl-confs -> !r:\t*\s*# && r:sslusestapling\s+off; f:$ssl-confs -> !r:\t*\s*sslusestapling\s+on; f:$ssl-confs -> !r:\t*\s*sslstaplingcache\s+\.+; # # #7.10 Enable HTTP Strict Transport Security [CIS - Apache Configuration - 7.10: Enable HTTP Strict Transport Security] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:/etc/apache2/apache2.conf -> !r:Header\salways\sset\sStrict-Transport-Security\s"max-age=\d\d\d\d*"; f:/etc/apache2/apache2.conf -> !r:^# && r:Header\salways\sset\sStrict-Transport-Security\s"max-age=1\d\d"; f:/etc/apache2/apache2.conf -> !r:^# && r:Header\salways\sset\sStrict-Transport-Security\s"max-age=2\d\d"; f:/etc/apache2/apache2.conf -> !r:^# && r:Header\salways\sset\sStrict-Transport-Security\s"max-age=3\d\d"; f:/etc/apache2/apache2.conf -> !r:^# && r:Header\salways\sset\sStrict-Transport-Security\s"max-age=4\d\d"; f:/etc/apache2/apache2.conf -> !r:^# && r:Header\salways\sset\sStrict-Transport-Security\s"max-age=5\d\d"; # # #8.1 Set ServerToken to Prod or ProductOnly [CIS - Apache Configuration - 8.1: Set ServerToken to Prod or ProductOnly] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^# && r:servertokens\s+major; d:$conf-dirs -> conf -> !r:^# && r:servertokens\s+minor; d:$conf-dirs -> conf -> !r:^# && r:servertokens\s+min; d:$conf-dirs -> conf -> !r:^# && r:servertokens\s+minimal; d:$conf-dirs -> conf -> !r:^# && r:servertokens\s+os; d:$conf-dirs -> conf -> !r:^# && r:servertokens\s+full; # # #8.2: Set ServerSignature to Off [CIS - Apache Configuration - 8.2: Set ServerSignature to Off] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^# && r:serversignature\s+email; d:$conf-dirs -> conf -> !r:^# && r:serversignature\s+on; # # #8.3: Prevent Information Leakage via Default Apache Content [CIS - Apache Configuration - 8.3: Prevent Information Leakage via Default Apache Content] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^\t*\s*# && r:include\s*\w*httpd-autoindex.conf; d:$conf-dirs -> conf -> !r:^\t*\s*# && r:alias\s*/icons/\s*\.*; # # #9.1:Set TimeOut to 10 or less [CIS - Apache Configuration - 9.1: Set TimeOut to 10 or less] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$main-conf -> !r:^# && r:timeout\s+9\d; f:$main-conf -> !r:^# && r:timeout\s+8\d; f:$main-conf -> !r:^# && r:timeout\s+7\d; f:$main-conf -> !r:^# && r:timeout\s+6\d; f:$main-conf -> !r:^# && r:timeout\s+5\d; f:$main-conf -> !r:^# && r:timeout\s+4\d; f:$main-conf -> !r:^# && r:timeout\s+3\d; f:$main-conf -> !r:^# && r:timeout\s+2\d; f:$main-conf -> !r:^# && r:timeout\s+11; f:$main-conf -> !r:^# && r:timeout\s+12; f:$main-conf -> !r:^# && r:timeout\s+13; f:$main-conf -> !r:^# && r:timeout\s+14; f:$main-conf -> !r:^# && r:timeout\s+15; f:$main-conf -> !r:^# && r:timeout\s+16; f:$main-conf -> !r:^# && r:timeout\s+17; f:$main-conf -> !r:^# && r:timeout\s+18; f:$main-conf -> !r:^# && r:timeout\s+19; f:$main-conf -> !r:^timeout\s+\d\d*; f:$main-conf -> !r:^# && r:timeout\s+\d\d\d+; # # #9.2:Set the KeepAlive directive to On [CIS - Apache Configuration - 9.2: Set the KeepAlive directive to On] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$main-conf -> !r:^# && r:keepalive\s+off; f:$main-conf -> !r:keepalive\s+on; # # #9.3:Set MaxKeepAliveRequests to 100 or greater [CIS - Apache Configuration - 9.3: Set MaxKeepAliveRequest to 100 or greater] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$main-conf -> !r:^maxkeepaliverequests\s+\d\d\d+; # # #9.4: Set KeepAliveTimeout Low to Mitigate Denial of Service [CIS - Apache Configuration - 9.4: Set KeepAliveTimeout Low] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$main-conf -> !r:keepalivetimeout\s+\d\d*; f:$main-conf -> !r:^# && r:keepalivetimeout\s+16; f:$main-conf -> !r:^# && r:keepalivetimeout\s+17; f:$main-conf -> !r:^# && r:keepalivetimeout\s+18; f:$main-conf -> !r:^# && r:keepalivetimeout\s+19; f:$main-conf -> !r:^# && r:keepalivetimeout\s+2\d; f:$main-conf -> !r:^# && r:keepalivetimeout\s+3\d; f:$main-conf -> !r:^# && r:keepalivetimeout\s+4\d; f:$main-conf -> !r:^# && r:keepalivetimeout\s+5\d; f:$main-conf -> !r:^# && r:keepalivetimeout\s+6\d; f:$main-conf -> !r:^# && r:keepalivetimeout\s+7\d; f:$main-conf -> !r:^# && r:keepalivetimeout\s+8\d; f:$main-conf -> !r:^# && r:keepalivetimeout\s+9\d; f:$main-conf -> !r:^# && r:keepalivetimeout\s+\d\d\d+; # # #9.5 Set Timeout Limits for Request Headers [CIS - Apache Configuration - 9.5: Set Timeout Limits for Request Headers] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:/etc/httpd/conf/httpd.conf -> !r:^loadmodule\s+reqtimeout; d:$mods-en -> !f:reqtimeout.load; f:$request-confs -> !r:^\t*\s*requestreadtimeout\.+header\p\d\d*\D\d\d*; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D41; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D42; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D43; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D44; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D45; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D46; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D47; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D48; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D49; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D5\d; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D6\d; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D7\d; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D8\d; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D9\d; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D\d\d\d+; # # #9.6 Set Timeout Limits for Request Body [CIS - Apache Configuration - 9.6: Set Timeout Limits for Request Body] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:/etc/httpd/conf/httpd.conf -> !r:^loadmodule\s+reqtimeout; d:$mods-en -> !f:reqtimeout.load; f:$request-confs -> !r:\t*\s*requestreadtimeout\.+body\p\d\d*; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p21; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p22; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p23; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p24; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p25; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p26; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p27; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p28; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p29; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p3\d; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p4\d; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p5\d; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p6\d; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p7\d; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p8\d; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p9\d; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p\d\d\d+; # # #10.1 Set the LimitRequestLine directive to 512 or less [CIS - Apache Configuration - 10.1: Set LimitRequestLine to 512 or less] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$main-conf -> !r:^limitrequestline\s+\d\d\d; f:$main-conf -> !r:^# && r:limitrequestline\s+5\13; f:$main-conf -> !r:^# && r:limitrequestline\s+5\14; f:$main-conf -> !r:^# && r:limitrequestline\s+5\15; f:$main-conf -> !r:^# && r:limitrequestline\s+5\16; f:$main-conf -> !r:^# && r:limitrequestline\s+5\17; f:$main-conf -> !r:^# && r:limitrequestline\s+5\18; f:$main-conf -> !r:^# && r:limitrequestline\s+5\19; f:$main-conf -> !r:^# && r:limitrequestline\s+5\2\d; f:$main-conf -> !r:^# && r:limitrequestline\s+5\3\d; f:$main-conf -> !r:^# && r:limitrequestline\s+5\4\d; f:$main-conf -> !r:^# && r:limitrequestline\s+5\5\d; f:$main-conf -> !r:^# && r:limitrequestline\s+5\6\d; f:$main-conf -> !r:^# && r:limitrequestline\s+5\7\d; f:$main-conf -> !r:^# && r:limitrequestline\s+5\8\d; f:$main-conf -> !r:^# && r:limitrequestline\s+5\9\d; f:$main-conf -> !r:^# && r:limitrequestline\s+6\d\d; f:$main-conf -> !r:^# && r:limitrequestline\s+7\d\d; f:$main-conf -> !r:^# && r:limitrequestline\s+8\d\d; f:$main-conf -> !r:^# && r:limitrequestline\s+9\d\d; f:$main-conf -> !r:^# && r:limitrequestline\s+\d\d\d\d+; # # #10.2 Set the LimitRequestFields directive to 100 or less [CIS - Apache Configuration - 10.2: Set LimitRequestFields to 100 or less] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$main-conf -> !r:^limitrequestfields\s\d\d*; f:$main-conf -> !r:^# && r:limitrequestfields\s+1\d1; f:$main-conf -> !r:^# && r:limitrequestfields\s+1\d2; f:$main-conf -> !r:^# && r:limitrequestfields\s+1\d3; f:$main-conf -> !r:^# && r:limitrequestfields\s+1\d4; f:$main-conf -> !r:^# && r:limitrequestfields\s+1\d5; f:$main-conf -> !r:^# && r:limitrequestfields\s+1\d6; f:$main-conf -> !r:^# && r:limitrequestfields\s+1\d7; f:$main-conf -> !r:^# && r:limitrequestfields\s+1\d8; f:$main-conf -> !r:^# && r:limitrequestfields\s+1\d9; f:$main-conf -> !r:^# && r:limitrequestfields\s+11\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+12\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+13\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+14\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+15\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+16\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+17\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+18\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+19\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+2\d\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+3\d\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+4\d\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+5\d\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+6\d\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+7\d\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+8\d\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+9\d\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+\d\d\d\d+; # # #10.3 Set the LimitRequestFieldsize directive to 1024 or less [CIS - Apache Configuration - 10.3: Set LimitRequestFieldsize to 1024 or less] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$main-conf -> !r:^limitrequestfieldsize\s+\d\d*; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+1\d25; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+1\d26; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+1\d27; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+1\d28; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+1\d29; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+1\d3\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+1\d4\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+1\d5\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+1\d6\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+1\d7\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+1\d8\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+1\d9\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+11\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+12\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+13\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+14\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+15\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+16\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+17\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+18\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+19\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+2\d\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+3\d\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+4\d\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+5\d\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+6\d\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+7\d\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+8\d\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+9\d\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+\d\d\d\d\d+; # # #10.4 Set the LimitRequestBody directive to 102400 or less [CIS - Apache Configuration - 10.4: Set LimitRequestBody to 102400 or less] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$main-conf -> !r:^limitrequestbody\s+\d\d*; f:$main-conf -> !r:^# && r:limitrequestbody\s+0\s*$; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d24\d1; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d24\d2; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d24\d3; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d24\d4; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d24\d5; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d24\d6; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d24\d7; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d24\d8; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d24\d9; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d241\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d242\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d243\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d244\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d245\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d246\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d247\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d248\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d249\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d25\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d26\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d27\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d28\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d29\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d3\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d4\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d5\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d6\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d7\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d8\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d9\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+11\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+12\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+13\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+14\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+15\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+16\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+17\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+18\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+19\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+2\d\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+3\d\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+4\d\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+5\d\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+6\d\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+7\d\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+8\d\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+9\d\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+\d\d\d\d\d\d\d+; ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/cis_debian_linux_rcl.txt ================================================ # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2008 Daniel B. Cid - dcid@ossec.net # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://www.gnu.org/licenses/gpl.html # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - p (process running) # - d (any file inside the directory) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for Debian/Ubuntu # Based on Center for Internet Security Benchmark for Debian Linux v1.0 # Main one. Only valid for Debian/Ubuntu. [CIS - Testing against the CIS Debian Linux Benchmark v1.0] [all required] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/debian_version; f:/proc/sys/kernel/ostype -> Linux; # Section 1.4 - Partition scheme. [CIS - Debian Linux - 1.4 - Robust partition scheme - /tmp is not on its own partition {CIS: 1.4 Debian Linux}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/fstab -> !r:/tmp; [CIS - Debian Linux - 1.4 - Robust partition scheme - /opt is not on its own partition {CIS: 1.4 Debian Linux}] [all] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/opt; f:/etc/fstab -> !r:/opt; [CIS - Debian Linux - 1.4 - Robust partition scheme - /var is not on its own partition {CIS: 1.4 Debian Linux}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/fstab -> !r:/var; # Section 2.3 - SSH configuration [CIS - Debian Linux - 2.3 - SSH Configuration - Protocol version 1 enabled {CIS: 2.3 Debian Linux} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:Protocol\.+1; [CIS - Debian Linux - 2.3 - SSH Configuration - IgnoreRHosts disabled {CIS: 2.3 Debian Linux} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:IgnoreRhosts\.+no; [CIS - Debian Linux - 2.3 - SSH Configuration - Empty passwords permitted {CIS: 2.3 Debian Linux} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:^PermitEmptyPasswords\.+yes; [CIS - Debian Linux - 2.3 - SSH Configuration - Host based authentication enabled {CIS: 2.3 Debian Linux} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:HostbasedAuthentication\.+yes; [CIS - Debian Linux - 2.3 - SSH Configuration - Root login allowed {CIS: 2.3 Debian Linux} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:PermitRootLogin\.+yes; # Section 2.4 Enable system accounting #[CIS - Debian Linux - 2.4 - System Accounting - Sysstat not installed {CIS: 2.4 Debian Linux}] [all] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] #f:!/etc/default/sysstat; #f:!/var/log/sysstat; #[CIS - Debian Linux - 2.4 - System Accounting - Sysstat not enabled {CIS: 2.4 Debian Linux}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] #f:!/etc/default/sysstat; #f:/etc/default/sysstat -> !r:^# && r:ENABLED="false"; # Section 2.5 Install and run Bastille #[CIS - Debian Linux - 2.5 - System harderning - Bastille is not installed {CIS: 2.5 Debian Linux}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] #f:!/etc/Bastille; # Section 2.6 Ensure sources.list Sanity [CIS - Debian Linux - 2.6 - Sources list sanity - Security updates not enabled {CIS: 2.6 Debian Linux} {PCI_DSS: 6.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:!/etc/apt/sources.list; f:!/etc/apt/sources.list -> !r:^# && r:http://security.debian|http://security.ubuntu; # Section 3 - Minimize inetd services [CIS - Debian Linux - 3.3 - Telnet enabled on inetd {CIS: 3.3 Debian Linux} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/inetd.conf -> !r:^# && r:telnet; [CIS - Debian Linux - 3.4 - FTP enabled on inetd {CIS: 3.4 Debian Linux} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/inetd.conf -> !r:^# && r:/ftp; [CIS - Debian Linux - 3.5 - rsh/rlogin/rcp enabled on inetd {CIS: 3.5 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/inetd.conf -> !r:^# && r:shell|login; [CIS - Debian Linux - 3.6 - tftpd enabled on inetd {CIS: 3.6 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/inetd.conf -> !r:^# && r:tftp; [CIS - Debian Linux - 3.7 - imap enabled on inetd {CIS: 3.7 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/inetd.conf -> !r:^# && r:imap; [CIS - Debian Linux - 3.8 - pop3 enabled on inetd {CIS: 3.8 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/inetd.conf -> !r:^# && r:pop; [CIS - Debian Linux - 3.9 - Ident enabled on inetd {CIS: 3.9 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/inetd.conf -> !r:^# && r:ident; # Section 4 - Minimize boot services [CIS - Debian Linux - 4.1 - Disable inetd - Inetd enabled but no services running {CIS: 4.1 Debian Linux} {PCI_DSS: 2.2.2}] [all] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] p:inetd; f:!/etc/inetd.conf -> !r:^# && r:wait; [CIS - Debian Linux - 4.3 - GUI login enabled {CIS: 4.3 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/inittab -> !r:^# && r:id:5; [CIS - Debian Linux - 4.6 - Disable standard boot services - Samba Enabled {CIS: 4.6 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/init.d/samba; [CIS - Debian Linux - 4.7 - Disable standard boot services - NFS Enabled {CIS: 4.7 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/init.d/nfs-common; f:/etc/init.d/nfs-user-server; f:/etc/init.d/nfs-kernel-server; [CIS - Debian Linux - 4.9 - Disable standard boot services - NIS Enabled {CIS: 4.9 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/init.d/nis; [CIS - Debian Linux - 4.13 - Disable standard boot services - Web server Enabled {CIS: 4.13 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/init.d/apache; f:/etc/init.d/apache2; [CIS - Debian Linux - 4.15 - Disable standard boot services - DNS server Enabled {CIS: 4.15 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/init.d/bind; [CIS - Debian Linux - 4.16 - Disable standard boot services - MySQL server Enabled {CIS: 4.16 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/init.d/mysql; [CIS - Debian Linux - 4.16 - Disable standard boot services - PostgreSQL server Enabled {CIS: 4.16 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/init.d/postgresql; [CIS - Debian Linux - 4.17 - Disable standard boot services - Webmin Enabled {CIS: 4.17 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/init.d/webmin; [CIS - Debian Linux - 4.18 - Disable standard boot services - Squid Enabled {CIS: 4.18 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/init.d/squid; # Section 5 - Kernel tuning [CIS - Debian Linux - 5.1 - Network parameters - Source routing accepted {CIS: 5.1 Debian Linux}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/proc/sys/net/ipv4/conf/all/accept_source_route -> 1; [CIS - Debian Linux - 5.1 - Network parameters - ICMP broadcasts accepted {CIS: 5.1 Debian Linux}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts -> 0; [CIS - Debian Linux - 5.2 - Network parameters - IP Forwarding enabled {CIS: 5.2 Debian Linux}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/proc/sys/net/ipv4/ip_forward -> 1; f:/proc/sys/net/ipv6/ip_forward -> 1; # Section 7 - Permissions [CIS - Debian Linux - 7.1 - Partition /var without 'nodev' set {CIS: 7.1 Debian Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/fstab -> !r:^# && r:ext2|ext3 && r:/var && !r:nodev; [CIS - Debian Linux - 7.1 - Partition /tmp without 'nodev' set {CIS: 7.1 Debian Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/fstab -> !r:^# && r:ext2|ext3 && r:/tmp && !r:nodev; [CIS - Debian Linux - 7.1 - Partition /opt without 'nodev' set {CIS: 7.1 Debian Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/fstab -> !r:^# && r:ext2|ext3 && r:/opt && !r:nodev; [CIS - Debian Linux - 7.1 - Partition /home without 'nodev' set {CIS: 7.1 Debian Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/fstab -> !r:^# && r:ext2|ext3 && r:/home && !r:nodev ; [CIS - Debian Linux - 7.2 - Removable partition /media without 'nodev' set {CIS: 7.2 Debian Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nodev; [CIS - Debian Linux - 7.2 - Removable partition /media without 'nosuid' set {CIS: 7.2 Debian Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nosuid; [CIS - Debian Linux - 7.3 - User-mounted removable partition /media {CIS: 7.3 Debian Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/fstab -> !r:^# && r:/media && r:user; # Section 8 - Access and authentication [CIS - Debian Linux - 8.8 - LILO Password not set {CIS: 8.8 Debian Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/lilo.conf -> !r:^# && !r:restricted; f:/etc/lilo.conf -> !r:^# && !r:password=; [CIS - Debian Linux - 8.8 - GRUB Password not set {CIS: 8.8 Debian Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/boot/grub/menu.lst -> !r:^# && !r:password; [CIS - Debian Linux - 9.2 - Account with empty password present {CIS: 9.2 Debian Linux} {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/shadow -> r:^\w+::; [CIS - Debian Linux - 13.11 - Non-root account with uid 0 {CIS: 13.11 Debian Linux} {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/passwd -> !r:^# && !r:^root: && r:^\w+:\w+:0:; ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/cis_mysql5-6_community_rcl.txt ================================================ # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2017 # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://github.com/ossec/ossec-hids/blob/master/LICENSE # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - p (process running) # - d (any file inside the directory) # # Additional values: # For the registry , use "->" to look for a specific entry and another # "->" to look for the value. # For files, use "->" to look for a specific value in the file. # # Values can be preceeded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for MYSQL # Based on Center for Internet Security Benchmark for MYSQL v1.1.0 # $home_dirs=/usr2/home/*,/home/*,/home,/*/home/*,/*/home,/; $enviroment_files=/*/home/*/\.bashrc,/*/home/*/\.profile,/*/home/*/\.bash_profile,/home/*/\.bashrc,/home/*/\.profile,/home/*/\.bash_profile; $mysql-cnfs=/etc/mysql/my.cnf,/etc/mysql/mariadb.cnf,/etc/mysql/conf.d/*.cnf,/etc/mysql/mariadb.conf.d/*.cnf,~/.my.cnf; # # #1.3 Disable MySQL Command History [CIS - MySQL Configuration - 1.3: Disable MySQL Command History] [any] [https://workbench.cisecurity.org/files/1310/download] d:$home_dirs -> ^.mysql_history$; # # #1.5 Disable Interactive Login [CIS - MySQL Configuration - 1.5: Disable Interactive Login] [any] [https://workbench.cisecurity.org/files/1310/download] f:/etc/passwd -> r:^mysql && !r:\.*/bin/false$|/sbin/nologin$; # # #1.6 Verify That 'MYSQL_PWD' Is Not In Use [CIS - MySQL Configuration - 1.6: 'MYSQL_PWD' Is in Use] [any] [https://workbench.cisecurity.org/files/1310/download] f:$enviroment_files -> r:\.*MYSQL_PWD\.*; # # #4.3 Ensure 'allow-suspicious-udfs' Is Set to 'FALSE' [CIS - MySQL Configuration - 4.3: 'allow-suspicious-udfs' Is Set in my.cnf'] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:allow-suspicious-udfs\.+true; f:$mysql-cnfs -> r:allow-suspicious-udfs\s*$; # # #4.4 Ensure 'local_infile' Is Disabled [CIS - MySQL Configuration - 4.4: local_infile is not forbidden in my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:local-infile\s*=\s*1; f:$mysql-cnfs -> r:local-infile\s*$; # # #4.5 Ensure 'mysqld' Is Not Started with '--skip-grant-tables' [CIS - MySQL Configuration - 4.5: skip-grant-tables is set in my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:skip-grant-tables\s*=\s*true; f:$mysql-cnfs -> !r:skip-grant-tables\s*=\s*false; f:$mysql-cnfs -> r:skip-grant-tables\s*$; # # #4.6 Ensure '--skip-symbolic-links' Is Enabled [CIS - MySQL Configuration - 4.6: skip_symbolic_links is not enabled in my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:skip_symbolic_links\s*=\s*no; f:$mysql-cnfs -> !r:skip_symbolic_links\s*=\s*yes; f:$mysql-cnfs -> r:skip_symbolic_links\s*$; # # #4.8 Ensure 'secure_file_priv' is not empty [CIS - MySQL Configuration - 4.8: Ensure 'secure_file_priv' is not empty] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> r:^# && r:secure_file_priv=\s*\S+\s*; f:$mysql-cnfs -> !r:secure_file_priv=\s*\S+\s*; f:$mysql-cnfs -> r:secure_file_priv\s*$; # # #4.9 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES' [CIS - MySQL Configuration - 4.9: strict_all_tables is not set at sql_mode section of my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:strict_all_tables\s*$; # # #6.1 Ensure 'log_error' is not empty [CIS - MySQL Configuration - 6.1: log-error is not set in my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> r:^# && r:log_error\s*=\s*\S+\s*; f:$mysql-cnfs -> !r:log_error\s*=\s*\S+\s*; f:$mysql-cnfs -> r:log_error\s*$; # # #6.2 Ensure Log Files are not Stored on a non-system partition [CIS - MySQL Configuration - 6.2: log files are maybe stored on systempartition] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:log_bin= && !r:\s*/\S*\s*; f:$mysql-cnfs -> !r:^# && r:log_bin= && !r:\s*/var/\S*\s*; f:$mysql-cnfs -> !r:^# && r:log_bin= && !r:\s*/usr/\S*\s*; f:$mysql-cnfs -> r:log_bin\s*$; # # #6.3 Ensure 'log_warning' is set to 2 at least [CIS - MySQL Configuration - 6.3: log warnings is set low] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:log_warnings\s*=\s*0; f:$mysql-cnfs -> !r:^# && r:log_warnings\s*=\s*1; f:$mysql-cnfs -> !r:log_warnings\s*=\s*\d+; f:$mysql-cnfs -> r:log_warnings\s*$; # # #6.5 Ensure 'log_raw' is set to 'off' [CIS - MySQL Configuration - 6.5: log_raw is not set to off] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:log-raw\s*=\s*on; f:$mysql-cnfs -> r:log-raw\s*$; # # #7.1 Ensure 'old_password' is not set to '1' or 'On' [CIS - MySQL Configuration - 7.1:Ensure 'old_passwords' is not set to '1' or 'on'] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:old_passwords\s*=\s*1; f:$mysql-cnfs -> !r:^# && r:old_passwords\s*=\s*on; f:$mysql-cnfs -> !r:old_passwords\s*=\s*2; f:$mysql-cnfs -> r:old_passwords\s*$; # # #7.2 Ensure 'secure_auth' is set to 'ON' [CIS - MySQL Configuration - 7.2: Ensure 'secure_auth' is set to 'ON'] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:secure_auth\s*=\s*off; f:$mysql-cnfs -> !r:secure_auth\s*=\s*on; f:$mysql-cnfs -> r:secure_auth\s*$; # # #7.3 Ensure Passwords Are Not Stored in the Global Configuration [CIS - MySQL Configuration - 7.3: Passwords are stored in global configuration] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:^\s*password\.*; # # #7.4 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' [CIS - MySQL Configuration - 7.4: Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER'] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:no_auto_create_user\s*$; f:$mysql-cnfs -> r:^# && r:\s*no_auto_create_user\s*$; # # #7.6 Ensure Password Policy is in Place [CIS - MySQL Configuration - 7.6: Ensure Password Policy is in Place ] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:plugin-load\s*=\s*validate_password.so\s*$; f:$mysql-cnfs -> !r:validate-password\s*=\s*force_plus_permanent\s*$; f:$mysql-cnfs -> !r:validate_password_length\s*=\s*14\s$; f:$mysql-cnfs -> !r:validate_password_mixed_case_count\s*=\s*1\s*$; f:$mysql-cnfs -> !r:validate_password_number_count\s*=\s*1\s*$; f:$mysql-cnfs -> !r:validate_password_special_char_count\s*=\s*1; f:$mysql-cnfs -> !r:validate_password_policy\s*=\s*medium\s*; # # #9.2 Ensure 'master_info_repository' is set to 'Table' [CIS - MySQL Configuration - 9.2: Ensure 'master_info_repositrory' is set to 'Table'] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:master_info_repository\s*=\s*file; f:$mysql-cnfs -> !r:master_info_repository\s*=\s*table; f:$mysql-cnfs -> r:master_info_repository\s*$; ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/cis_mysql5-6_enterprise_rcl.txt ================================================ # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2017 # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://github.com/ossec/ossec-hids/blob/master/LICENSE # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - p (process running) # - d (any file inside the directory) # # Additional values: # For the registry , use "->" to look for a specific entry and another # "->" to look for the value. # For files, use "->" to look for a specific value in the file. # # Values can be preceeded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for MYSQL # Based on Center for Internet Security Benchmark for MYSQL v1.1.0 # $home_dirs=/usr2/home/*,/home/*,/home,/*/home/*,/*/home,/; $enviroment_files=/*/home/*/\.bashrc,/*/home/*/\.profile,/*/home/*/\.bash_profile,/home/*/\.bashrc,/home/*/\.profile,/home/*/\.bash_profile; $mysql-cnfs=/etc/mysql/my.cnf,/etc/mysql/mariadb.cnf,/etc/mysql/conf.d/*.cnf,/etc/mysql/mariadb.conf.d/*.cnf,~/.my.cnf; # # #1.3 Disable MySQL Command History [CIS - MySQL Configuration - 1.3: Disable MySQL Command History] [any] [https://workbench.cisecurity.org/files/1310/download] d:$home_dirs -> ^.mysql_history$; # # #1.5 Disable Interactive Login [CIS - MySQL Configuration - 1.5: Disable Interactive Login] [any] [https://workbench.cisecurity.org/files/1310/download] f:/etc/passwd -> r:^mysql && !r:\.*/bin/false$|/sbin/nologin$; # # #1.6 Verify That 'MYSQL_PWD' Is Not In Use [CIS - MySQL Configuration - 1.6: 'MYSQL_PWD' Is in Use] [any] [https://workbench.cisecurity.org/files/1310/download] f:$enviroment_files -> r:\.*MYSQL_PWD\.*; # # #4.3 Ensure 'allow-suspicious-udfs' Is Set to 'FALSE' [CIS - MySQL Configuration - 4.3: 'allow-suspicious-udfs' Is Set in my.cnf'] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:allow-suspicious-udfs\.+true; f:$mysql-cnfs -> r:allow-suspicious-udfs\s*$; # # #4.4 Ensure 'local_infile' Is Disabled [CIS - MySQL Configuration - 4.4: local_infile is not forbidden in my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:local-infile\s*=\s*1; f:$mysql-cnfs -> r:local-infile\s*$; # # #4.5 Ensure 'mysqld' Is Not Started with '--skip-grant-tables' [CIS - MySQL Configuration - 4.5: skip-grant-tables is set in my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:skip-grant-tables\s*=\s*true; f:$mysql-cnfs -> !r:skip-grant-tables\s*=\s*false; f:$mysql-cnfs -> r:skip-grant-tables\s*$; # # #4.6 Ensure '--skip-symbolic-links' Is Enabled [CIS - MySQL Configuration - 4.6: skip_symbolic_links is not enabled in my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:skip_symbolic_links\s*=\s*no; f:$mysql-cnfs -> !r:skip_symbolic_links\s*=\s*yes; f:$mysql-cnfs -> r:skip_symbolic_links\s*$; # # #4.8 Ensure 'secure_file_priv' is not empty [CIS - MySQL Configuration - 4.8: Ensure 'secure_file_priv' is not empty] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> r:^# && r:secure_file_priv=\s*\S+\s*; f:$mysql-cnfs -> !r:secure_file_priv=\s*\S+\s*; f:$mysql-cnfs -> r:secure_file_priv\s*$; # # #4.9 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES' [CIS - MySQL Configuration - 4.9: strict_all_tables is not set at sql_mode section of my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:strict_all_tables\s*$; # # #6.1 Ensure 'log_error' is not empty [CIS - MySQL Configuration - 6.1: log-error is not set in my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> r:^# && r:log_error\s*=\s*\S+\s*; f:$mysql-cnfs -> !r:log_error\s*=\s*\S+\s*; f:$mysql-cnfs -> r:log_error\s*$; # # #6.2 Ensure Log Files are not Stored on a non-system partition [CIS - MySQL Configuration - 6.2: log files are maybe stored on systempartition] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:log_bin= && !r:\s*/\S*\s*; f:$mysql-cnfs -> !r:^# && r:log_bin= && !r:\s*/var/\S*\s*; f:$mysql-cnfs -> !r:^# && r:log_bin= && !r:\s*/usr/\S*\s*; f:$mysql-cnfs -> r:log_bin\s*$; # # #6.3 Ensure 'log_warning' is set to 2 at least [CIS - MySQL Configuration - 6.3: log warnings is set low] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:log_warnings\s*=\s*0; f:$mysql-cnfs -> !r:^# && r:log_warnings\s*=\s*1; f:$mysql-cnfs -> !r:log_warnings\s*=\s*\d+; f:$mysql-cnfs -> r:log_warnings\s*$; # # #6.4 Ensure 'log_raw' is set to 'off' [CIS - MySQL Configuration - 6.4: log_raw is not set to off] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:log-raw\s*=\s*on; f:$mysql-cnfs -> r:log-raw\s*$; # # #6.5 Ensure audit_log_connection_policy is not set to 'none' [CIS - MySQL Configuration - 6.5: audit_log_connection_policy is set to 'none' change it to all or erros] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r^# && r::audit_log_connection_policy\s*=\s*none; f:$mysql-cnfs -> r:audit_log_connection_policy\s*$; # # #6.6 Ensure audit_log_exclude_account is set to Null [CIS - MySQL Configuration - 6.6:audit_log_exclude_accounts is not set to Null] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:audit_log_exclude_accounts\s*=\s* && !r:null\s*$; f:$mysql-cnfs -> r:audit_log_exclude_accounts\s*$; # # #6.7 Ensure audit_log_include_accounts is set to Null [CIS - MySQL Configuration - 6.7:audit_log_include_accounts is not set to Null] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:audit_log_include_accounts\s*=\s* && !r:null\s*$; f:$mysql-cnfs -> r:audit_log_include_accounts\s*$; # # #6.9 Ensure audit_log_policy is not set to all [CIS - MySQL Configuration - 6.9: audit_log_policy is not set to all] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:audit_log_policy\s*=\s*queries; f:$mysql-cnfs -> !r:^# && r:audit_log_policy\s*=\s*none; f:$mysql-cnfs -> !r:^# && r:audit_log_policy\s*=\s*logins; f:$mysql-cnfs -> r:audit_log_policy\s*$; # # #6.10 Ensure audit_log_statement_policy is set to all [CIS - MySQL Configuration - 6.10: Ensure audit_log_statement_policy is set to all] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:audit_log_statement_policy\.+errors; f:$mysql-cnfs -> !r:^# && r:audit_log_statement_policy\.+none; f:$mysql-cnfs -> r:audit_log_statement_policy\s*$; # # #6.11 Ensure audit_log_strategy is set to synchronous or semisynchronous [CIS - MySQL Configuration - 6.11: Ensure audit_log_strategy is set to all] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:audit_log_strategy\.+asynchronous; f:$mysql-cnfs -> !r:^# && r:audit_log_strategy\.+performance; f:$mysql-cnfs -> !r:audit_log_strategy\s*=\s* && r:semisynchronous|synchronous; f:$mysql-cnfs -> r:audit_log_strategy\s*$; # # #6.12 Make sure the audit plugin can't be unloaded [CIS - MySQL Configuration - 6.12: Audit plugin can be unloaded] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:^audit_log\s*=\s*on\s*; f:$mysql-cnfs -> !r:^# && r:^audit_log\s*=\s*off\s*; f:$mysql-cnfs -> !r:^# && r:^audit_log\s*=\s*force\s*; f:$mysql-cnfs -> !r:^audit_log\s*=\s*force_plus_permanent\s*; f:$mysql-cnfs -> r:^audit_log\s$; # # #7.1 Ensure 'old_password' is not set to '1' or 'On' [CIS - MySQL Configuration - 7.1:Ensure 'old_passwords' is not set to '1' or 'on'] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:old_passwords\s*=\s*1; f:$mysql-cnfs -> !r:^# && r:old_passwords\s*=\s*on; f:$mysql-cnfs -> !r:old_passwords\s*=\s*2; f:$mysql-cnfs -> r:old_passwords\s*$; # # #7.2 Ensure 'secure_auth' is set to 'ON' [CIS - MySQL Configuration - 7.2: Ensure 'secure_auth' is set to 'ON'] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:secure_auth\s*=\s*off; f:$mysql-cnfs -> !r:secure_auth\s*=\s*on; f:$mysql-cnfs -> r:secure_auth\s*$; # # #7.3 Ensure Passwords Are Not Stored in the Global Configuration [CIS - MySQL Configuration - 7.3: Passwords are stored in global configuration] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:^\s*password\.*; # # #7.4 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' [CIS - MySQL Configuration - 7.4: Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER'] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:no_auto_create_user\s*$; f:$mysql-cnfs -> r:^# && r:\s*no_auto_create_user\s*$; # # #7.6 Ensure Password Policy is in Place [CIS - MySQL Configuration - 7.6: Ensure Password Policy is in Place ] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:plugin-load\s*=\s*validate_password.so\s*$; f:$mysql-cnfs -> !r:validate-password\s*=\s*force_plus_permanent\s*$; f:$mysql-cnfs -> !r:validate_password_length\s*=\s*14\s$; f:$mysql-cnfs -> !r:validate_password_mixed_case_count\s*=\s*1\s*$; f:$mysql-cnfs -> !r:validate_password_number_count\s*=\s*1\s*$; f:$mysql-cnfs -> !r:validate_password_special_char_count\s*=\s*1; f:$mysql-cnfs -> !r:validate_password_policy\s*=\s*medium\s*; # # #9.2 Ensure 'master_info_repository' is set to 'Table' [CIS - MySQL Configuration - 9.2: Ensure 'master_info_repositrory' is set to 'Table'] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:master_info_repository\s*=\s*file; f:$mysql-cnfs -> !r:master_info_repository\s*=\s*table; f:$mysql-cnfs -> r:master_info_repository\s*$; ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/cis_rhel5_linux_rcl.txt ================================================ # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2014 # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://www.gnu.org/licenses/gpl.html # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - p (process running) # - d (any file inside the directory) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for Red Hat / CentOS 5 # Based on CIS Benchmark for Red Hat Enterprise Linux 5 v2.1.0 # TODO: URL is invalid currently # RC scripts location $rc_dirs=/etc/rc.d/rc2.d,/etc/rc.d/rc3.d,/etc/rc.d/rc4.d,/etc/rc.d/rc5.d; [CIS - Testing against the CIS Red Hat Enterprise Linux 5 Benchmark v2.1.0] [any required] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/redhat-release -> r:^Red Hat Enterprise Linux \S+ release 5; f:/etc/redhat-release -> r:^CentOS && r:release 5; f:/etc/redhat-release -> r:^Cloud && r:release 5; f:/etc/redhat-release -> r:^Oracle && r:release 5; f:/etc/redhat-release -> r:^Better && r:release 5; # 1.1.1 /tmp: partition [CIS - RHEL5 - - Build considerations - Robust partition scheme - /tmp is not on its own partition {CIS: 1.1.1 RHEL5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r:/tmp; # 1.1.2 /tmp: nodev [CIS - RHEL5 - 1.1.2 - Partition /tmp without 'nodev' set {CIS: 1.1.2 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nodev; # 1.1.3 /tmp: nosuid [CIS - RHEL5 - 1.1.3 - Partition /tmp without 'nosuid' set {CIS: 1.1.3 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nosuid; # 1.1.4 /tmp: noexec [CIS - RHEL5 - 1.1.4 - Partition /tmp without 'noexec' set {CIS: 1.1.4 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nodev; # 1.1.5 Build considerations - Partition scheme. [CIS - RHEL5 - - Build considerations - Robust partition scheme - /var is not on its own partition {CIS: 1.1.5 RHEL5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r^# && !r:/var; # 1.1.6 bind mount /var/tmp to /tmp [CIS - RHEL5 - - Build considerations - Robust partition scheme - /var/tmp is bound to /tmp {CIS: 1.1.6 RHEL5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> r:^# && !r:/var/tmp && !r:bind; # 1.1.7 /var/log: partition [CIS - RHEL5 - - Build considerations - Robust partition scheme - /var/log is not on its own partition {CIS: 1.1.7 RHEL5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> ^# && !r:/var/log; # 1.1.8 /var/log/audit: partition [CIS - RHEL5 - - Build considerations - Robust partition scheme - /var/log/audit is not on its own partition {CIS: 1.1.8 RHEL5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> ^# && !r:/var/log/audit; # 1.1.9 /home: partition [CIS - RHEL5 - - Build considerations - Robust partition scheme - /home is not on its own partition {CIS: 1.1.9 Debian RHEL5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> ^# && !r:/home; # 1.1.10 /home: nodev [CIS - RHEL5 - 1.1.10 - Partition /home without 'nodev' set {CIS: 1.1.10 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r:^# && r:/home && !r:nodev; # 1.1.11 nodev on removable media partitions (not scored) [CIS - RHEL5 - 1.1.11 - Removable partition /media without 'nodev' set {CIS: 1.1.11 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nodev; # 1.1.12 noexec on removable media partitions (not scored) [CIS - RHEL5 - 1.1.12 - Removable partition /media without 'noexec' set {CIS: 1.1.12 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:noexec; # 1.1.13 nosuid on removable media partitions (not scored) [CIS - RHEL5 - 1.1.13 - Removable partition /media without 'nosuid' set {CIS: 1.1.13 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nosuid; # 1.1.14 /dev/shm: nodev [CIS - RHEL5 - 1.1.11 - /dev/shm without 'nodev' set {CIS: 1.1.14 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:nodev; # 1.1.15 /dev/shm: nosuid [CIS - RHEL5 - 1.1.11 - /dev/shm without 'nosuid' set {CIS: 1.1.15 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:nosuid; # 1.1.16 /dev/shm: noexec [CIS - RHEL5 - 1.1.11 - /dev/shm without 'noexec' set {CIS: 1.1.16 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:noexec; # 1.1.17 sticky bit on world writable directories (Scored) # TODO # 1.1.18 disable cramfs (not scored) # 1.1.19 disable freevxfs (not scored) # 1.1.20 disable jffs2 (not scored) # 1.1.21 disable hfs (not scored) # 1.1.22 disable hfsplus (not scored) # 1.1.23 disable squashfs (not scored) # 1.1.24 disable udf (not scored) ########################################## # 1.2 Software Updates ########################################## # 1.2.1 Configure rhn updates (not scored) # 1.2.2 verify RPM gpg keys (Scored) # TODO # 1.2.3 verify gpgcheck enabled (Scored) # TODO # 1.2.4 Disable rhnsd (not scored) # 1.2.5 Disable yum-updatesd (Scored) [CIS - RHEL5 - 1.2.5 - yum-updatesd not Disabled {CIS: 1.2.5 RHEL5} {PCI_DSS: 6.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:noexec; p:yum-updatesd; # 1.2.6 Obtain updates with yum (not scored) # 1.2.7 Verify package integrity (not scored) ############################################### # 1.3 Advanced Intrusion Detection Environment ############################################### # # Skipped, this control is obsoleted by OSSEC # ############################################### # 1.4 Configure SELinux ############################################### # 1.4.1 enable selinux in /etc/grub.conf [CIS - RHEL5 - 1.4.1 - SELinux Disabled in /etc/grub.conf {CIS: 1.4.1 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/grub.conf -> !r:selinux=0; # 1.4.2 Set selinux state [CIS - RHEL5 - 1.4.2 - SELinux not set to enforcing {CIS: 1.4.2 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/selinux/config -> r:SELINUX=enforcing; # 1.4.3 Set seliux policy [CIS - RHEL5 - 1.4.3 - SELinux policy not set to targeted {CIS: 1.4.3 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/selinux/config -> r:SELINUXTYPE=targeted; # 1.4.4 Remove SETroubleshoot [CIS - RHEL5 - 1.4.4 - SELinux setroubleshoot enabled {CIS: 1.4.4 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dsetroubleshoot$; # 1.4.5 Disable MCS Translation service mcstrans [CIS - RHEL5 - 1.4.5 - SELinux mctrans enabled {CIS: 1.4.5 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dmctrans$; # 1.4.6 Check for unconfined daemons # TODO ############################################### # 1.5 Secure Boot Settings ############################################### # 1.5.1 Set User/Group Owner on /etc/grub.conf # TODO (no mode tests) # 1.5.2 Set Permissions on /etc/grub.conf (Scored) # TODO (no mode tests) # 1.5.3 Set Boot Loader Password (Scored) [CIS - RHEL5 - 1.5.3 - GRUB Password not set {CIS: 1.5.3 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/boot/grub/menu.lst -> !r:^# && !r:password; # 1.5.4 Require Authentication for Single-User Mode (Scored) [CIS - RHEL5 - 1.5.4 - Authentication for single user mode not enabled {CIS: 1.5.4 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/inittab -> !r:^# && r:S:wait; # 1.5.5 Disable Interactive Boot (Scored) [CIS - RHEL5 - 1.5.5 - Interactive Boot not disabled {CIS: 1.5.5 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/sysconfig/init -> !r:^# && r:PROMPT=no; ############################################### # 1.6 Additional Process Hardening ############################################### # 1.6.1 Restrict Core Dumps (Scored) [CIS - RHEL5 - 1.6.1 - Interactive Boot not disabled {CIS: 1.6.1 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/security/limits.conf -> !r:^# && !r:hard\.+core\.+0; # 1.6.2 Configure ExecShield (Scored) [CIS - RHEL5 - 1.6.2 - ExecShield not enabled {CIS: 1.6.2 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/proc/sys/kernel/exec-shield -> 0; # 1.6.3 Enable Randomized Virtual Memory Region Placement (Scored) [CIS - RHEL5 - 1.6.3 - Randomized Virtual Memory Region Placement not enabled {CIS: 1.6.3 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/proc/sys/kernel/randomize_va_space -> 0; # 1.6.4 Enable XD/NX Support on 32-bit x86 Systems (Scored) # TODO # 1.6.5 Disable Prelink (Scored) [CIS - RHEL5 - 1.6.5 - Prelink not disabled {CIS: 1.6.5 RHEL5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/sysconfig/prelink -> !r:PRELINKING=no; ############################################### # 1.7 Use the Latest OS Release ############################################### ############################################### # 2 OS Services ############################################### ############################################### # 2.1 Remove Legacy Services ############################################### # 2.1.1 Remove telnet-server (Scored) # TODO: detect it is installed at all [CIS - RHEL5 - 2.1.1 - Telnet enabled on xinetd {CIS: 2.1.1 RHEL5} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/xinetd.d/telnet -> !r:^# && r:disable && r:no; # 2.1.2 Remove telnet Clients (Scored) # TODO # 2.1.3 Remove rsh-server (Scored) [CIS - RHEL5 - 2.1.3 - rsh/rlogin/rcp enabled on xinetd {CIS: 2.1.3 RHEL5} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/xinetd.d/rlogin -> !r:^# && r:disable && r:no; f:/etc/xinetd.d/rsh -> !r:^# && r:disable && r:no; f:/etc/xinetd.d/shell -> !r:^# && r:disable && r:no; # 2.1.4 Remove rsh (Scored) # TODO # 2.1.5 Remove NIS Client (Scored) [CIS - RHEL5 - 2.1.5 - Disable standard boot services - NIS (client) Enabled {CIS: 2.1.5 RHEL5} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dypbind$; # 2.1.6 Remove NIS Server (Scored) [CIS - RHEL5 - 2.1.5 - Disable standard boot services - NIS (server) Enabled {CIS: 2.1.6 RHEL5} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dypserv$; # 2.1.7 Remove tftp (Scored) # TODO # 2.1.8 Remove tftp-server (Scored) [CIS - RHEL5 - 2.1.8 - tftpd enabled on xinetd {CIS: 2.1.8 RHEL5} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/xinetd.d/tftpd -> !r:^# && r:disable && r:no; # 2.1.9 Remove talk (Scored) # TODO # 2.1.10 Remove talk-server (Scored) [CIS - RHEL5 - 2.1.10 - talk enabled on xinetd {CIS: 2.1.10 RHEL5} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/xinetd.d/talk -> !r:^# && r:disable && r:no; # 2.1.11 Remove xinetd (Scored) # TODO # 2.1.12 Disable chargen-dgram (Scored) # TODO # 2.1.13 Disable chargen-stream (Scored) # TODO # 2.1.14 Disable daytime-dgram (Scored) # TODO # 2.1.15 Disable daytime-stream (Scored) # TODO # 2.1.16 Disable echo-dgram (Scored) # TODO # 2.1.17 Disable echo-stream (Scored) # TODO # 2.1.18 Disable tcpmux-server (Scored) # TODO ############################################### # 3 Special Purpose Services ############################################### ############################################### # 3.1 Disable Avahi Server ############################################### # 3.1.1 Disable Avahi Server (Scored) [CIS - RHEL5 - 3.1.1 - Avahi daemon not disabled {CIS: 3.1.1 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] p:avahi-daemon; # 3.1.2 Service Only via Required Protocol (Not Scored) # TODO # 3.1.3 Check Responses TTL Field (Scored) # TODO # 3.1.4 Prevent Other Programs from Using Avahi’s Port (Not Scored) # TODO # 3.1.5 Disable Publishing (Not Scored) # 3.1.6 Restrict Published Information (if publishing is required) (Not scored) # 3.2 Set Daemon umask (Scored) [CIS - RHEL5 - 3.2 - Set daemon umask - Default umask is higher than 027 {CIS: 3.2 RHEL5}] [all] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/init.d/functions -> !r:^# && r:^umask && <:umask 027; # 3.3 Remove X Windows (Scored) [CIS - RHEL5 - 3.3 - X11 not disabled {CIS: 3.3 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/inittab -> !r:^# && r:id:5; # 3.4 Disable Print Server - CUPS (Not Scored) # 3.5 Remove DHCP Server (Not Scored) # TODO # 3.6 Configure Network Time Protocol (NTP) (Scored) #[CIS - RHEL5 - 3.6 - NTPD not disabled {CIS: 3.6 RHEL5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] # TODO. # 3.7 Remove LDAP (Not Scored) # 3.8 Disable NFS and RPC (Not Scored) [CIS - RHEL5 - 3.8 - Disable standard boot services - NFS Enabled {CIS: 3.8 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dnfs$; d:$rc_dirs -> ^S\d\dnfslock$; # 3.9 Remove DNS Server (Not Scored) # TODO # 3.10 Remove FTP Server (Not Scored) [CIS - RHEL5 - 3.10 - VSFTP enabled on xinetd {CIS: 3.10 RHEL5} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/xinetd.d/vsftpd -> !r:^# && r:disable && r:no; # 3.11 Remove HTTP Server (Not Scored) [CIS - RHEL5 - 3.11 - Disable standard boot services - Apache web server Enabled {CIS: 3.11 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dhttpd$; # 3.12 Remove Dovecot (IMAP and POP3 services) (Not Scored) [CIS - RHEL5 - 3.12 - imap enabled on xinetd {CIS: 3.12 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/xinetd.d/cyrus-imapd -> !r:^# && r:disable && r:no; [CIS - RHEL5 - 3.12 - pop3 enabled on xinetd {CIS: 3.12 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/xinetd.d/dovecot -> !r:^# && r:disable && r:no; # 3.13 Remove Samba (Not Scored) [CIS - RHEL5 - 3.13 - Disable standard boot services - Samba Enabled {CIS: 3.13 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dsamba$; d:$rc_dirs -> ^S\d\dsmb$; # 3.14 Remove HTTP Proxy Server (Not Scored) [CIS - RHEL5 - 3.14 - Disable standard boot services - Squid Enabled {CIS: 3.14 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dsquid$; # 3.15 Remove SNMP Server (Not Scored) [CIS - RHEL5 - 3.15 - Disable standard boot services - SNMPD process Enabled {CIS: 3.15 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dsnmpd$; # 3.16 Configure Mail Transfer Agent for Local-Only Mode (Scored) # TODO ############################################### # 4 Network Configuration and Firewalls ############################################### ############################################### # 4.1 Modify Network Parameters (Host Only) ############################################### # 4.1.1 Disable IP Forwarding (Scored) [CIS - RHEL5 - 4.1.1 - Network parameters - IP Forwarding enabled {CIS: 4.1.1 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/proc/sys/net/ipv4/ip_forward -> 1; f:/proc/sys/net/ipv6/ip_forward -> 1; # 4.1.2 Disable Send Packet Redirects (Scored) [CIS - RHEL5 - 4.1.2 - Network parameters - IP send redirects enabled {CIS: 4.1.2 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/send_redirects -> 0; f:/proc/sys/net/ipv4/conf/default/send_redirects -> 0; ############################################### # 4.2 Modify Network Parameters (Host and Router) ############################################### # 4.2.1 Disable Source Routed Packet Acceptance (Scored) [CIS - RHEL5 - 4.2.1 - Network parameters - Source routing accepted {CIS: 4.2.1 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/accept_source_route -> 1; # 4.2.2 Disable ICMP Redirect Acceptance (Scored) [CIS - RHEL5 - 4.2.2 - Network parameters - ICMP redirects accepted {CIS: 4.2.2 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/accept_redirects -> 1; f:/proc/sys/net/ipv4/conf/default/accept_redirects -> 1; # 4.2.3 Disable Secure ICMP Redirect Acceptance (Scored) [CIS - RHEL5 - 4.2.3 - Network parameters - ICMP secure redirects accepted {CIS: 4.2.3 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/secure_redirects -> 1; f:/proc/sys/net/ipv4/conf/default/secure_redirects -> 1; # 4.2.4 Log Suspicious Packets (Scored) [CIS - RHEL5 - 4.2.4 - Network parameters - martians not logged {CIS: 4.2.4 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/log_martians -> 0; # 4.2.5 Enable Ignore Broadcast Requests (Scored) [CIS - RHEL5 - 4.2.5 - Network parameters - ICMP broadcasts accepted {CIS: 4.2.5 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts -> 0; # 4.2.6 Enable Bad Error Message Protection (Scored) [CIS - RHEL5 - 4.2.6 - Network parameters - Bad error message protection not enabled {CIS: 4.2.6 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses -> 0; # 4.2.7 Enable RFC-recommended Source Route Validation (Scored) [CIS - RHEL5 - 4.2.7 - Network parameters - RFC Source route validation not enabled {CIS: 4.2.7 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/rp_filter -> 0; f:/proc/sys/net/ipv4/conf/default/rp_filter -> 0; # 4.2.8 Enable TCP SYN Cookies (Scored) [CIS - RHEL5 - 4.2.8 - Network parameters - SYN Cookies not enabled {CIS: 4.2.8 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/proc/sys/net/ipv4/tcp_syncookies -> 0; ############################################### # 4.3 Wireless Networking ############################################### # 4.3.1 Deactivate Wireless Interfaces (Not Scored) ############################################### # 4.4 Disable ipv6 ############################################### ############################################### # 4.4.1 Configure IPv6 ############################################### # 4.4.1.1 Disable IPv6 Router Advertisements (Not Scored) # 4.4.1.2 Disable IPv6 Redirect Acceptance (Not Scored) # 4.4.2 Disable IPv6 (Not Scored) ############################################### # 4.5 Install TCP Wrappers ############################################### # 4.5.1 Install TCP Wrappers (Not Scored) # 4.5.2 Create /etc/hosts.allow (Not Scored) # 4.5.3 Verify Permissions on /etc/hosts.allow (Scored) # TODO # 4.5.4 Create /etc/hosts.deny (Not Scored) # 4.5.5 Verify Permissions on /etc/hosts.deny (Scored) # TODO ############################################### # 4.6 Uncommon Network Protocols ############################################### # 4.6.1 Disable DCCP (Not Scored) # 4.6.2 Disable SCTP (Not Scored) # 4.6.3 Disable RDS (Not Scored) # 4.6.4 Disable TIPC (Not Scored) # 4.7 Enable IPtables (Scored) # TODO # 4.8 Enable IP6tables (Not Scored) ############################################### # 5 Logging and Auditing ############################################### ############################################### # 5.1 Configure Syslog ############################################### # 5.1.1 Configure /etc/syslog.conf (Not Scored) # 5.1.2 Create and Set Permissions on syslog Log Files (Scored) # 5.1.3 Configure syslog to Send Logs to a Remote Log Host (Scored) # 5.1.4 Accept Remote syslog Messages Only on Designated Log Hosts (Not Scored) ############################################### # 5.2 Configure rsyslog ############################################### # 5.2.1 Install the rsyslog package (Not Scored) # 5.2.2 Activate the rsyslog Service (Not Scored) # 5.2.3 Configure /etc/rsyslog.conf (Not Scored) # 5.2.4 Create and Set Permissions on rsyslog Log Files (Not Scored) # 5.2.5 Configure rsyslog to Send Logs to a Remote Log Host (Not Scored) # 5.2.6 Accept Remote rsyslog Messages Only on Designated Log Hosts (Not Scored) ############################################### # 5.3 Configure System Accounting (auditd) ############################################### ############################################### # 5.3.1 Configure Data Retention ############################################### # 5.3.1.1 Configure Audit Log Storage Size (Not Scored) # 5.3.1.2 Disable System on Audit Log Full (Not Scored) # 5.3.1.3 Keep All Auditing Information (Scored) # 5.3.2 Enable auditd Service (Scored) # 5.3.3 Configure Audit Log Storage Size (Not Scored) # 5.3.4 Disable System on Audit Log Full (Not Scored) # 5.3.5 Keep All Auditing Information (Scored) # 5.3.6 Enable Auditing for Processes That Start Prior to auditd (Scored) # 5.3.7 Record Events That Modify Date and Time Information (Scored) # 5.3.8 Record Events That Modify User/Group Information (Scored) # 5.3.9 Record Events That Modify the System’s Network Environment (Scored) # 5.3.10 Record Events That Modify the System’s Mandatory Access Controls (Scored) # 5.3.11 Collect Login and Logout Events (Scored) # 5.3.12 Collect Session Initiation Information (Scored) # 5.3.13 Collect Discretionary Access Control Permission Modification Events (Scored) # 5.3.14 Collect Unsuccessful Unauthorized Access Attempts to Files (Scored) # 5.3.15 Collect Use of Privileged Commands (Scored) # 5.3.16 Collect Successful File System Mounts (Scored) # 5.3.17 Collect File Deletion Events by User (Scored) # 5.3.18 Collect Changes to System Administration Scope (sudoers) (Scored) # 5.3.19 Collect System Administrator Actions (sudolog) (Scored) # 5.3.20 Collect Kernel Module Loading and Unloading (Scored) # 5.3.21 Make the Audit Configuration Immutable (Scored) # 5.4 Configure logrotate (Not Scored) ############################################### # 6 System Access, Authentication and Authorization ############################################### ############################################### # 6.1 Configure cron and anacron ############################################### # 6.1.1 Enable anacron Daemon (Scored) # 6.1.2 Enable cron Daemon (Scored) # 6.1.3 Set User/Group Owner and Permission on /etc/anacrontab (Scored) # 6.1.4 Set User/Group Owner and Permission on /etc/crontab (Scored) # 6.1.5 Set User/Group Owner and Permission on /etc/cron.hourly (Scored) # 6.1.6 Set User/Group Owner and Permission on /etc/cron.daily (Scored) # 6.1.7 Set User/Group Owner and Permission on /etc/cron.weekly (Scored) # 6.1.8 Set User/Group Owner and Permission on /etc/cron.monthly (Scored) # 6.1.9 Set User/Group Owner and Permission on /etc/cron.d (Scored) # 6.1.10 Restrict at Daemon (Scored) # 6.1.11 Restrict at/cron to Authorized Users (Scored) ############################################### # 6.1 Configure SSH ############################################### # 6.2.1 Set SSH Protocol to 2 (Scored) [CIS - RHEL5 - 6.2.1 - SSH Configuration - Protocol version 1 enabled {CIS: 6.2.1 RHEL5} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:Protocol\.+1; # 6.2.2 Set LogLevel to INFO (Scored) # 6.2.3 Set Permissions on /etc/ssh/sshd_config (Scored) # 6.2.4 Disable SSH X11 Forwarding (Scored) # 6.2.5 Set SSH MaxAuthTries to 4 or Less (Scored) # 6.2.6 Set SSH IgnoreRhosts to Yes (Scored) [CIS - RHEL5 - 6.2.6 - SSH Configuration - IgnoreRHosts disabled {CIS: 6.2.6 RHEL5} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:IgnoreRhosts\.+no; # 6.2.7 Set SSH HostbasedAuthentication to No (Scored) [CIS - RHEL5 - 6.2.7 - SSH Configuration - Host based authentication enabled {CIS: 6.2.7 RHEL5} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:HostbasedAuthentication\.+yes; # 6.2.8 Disable SSH Root Login (Scored) [CIS - RHEL5 - 6.2.8 - SSH Configuration - Root login allowed {CIS: 6.2.8 RHEL5} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:PermitRootLogin\.+yes; # 6.2.9 Set SSH PermitEmptyPasswords to No (Scored) [CIS - RHEL5 - 6.2.9 - SSH Configuration - Empty passwords permitted {CIS: 6.2.9 RHEL5} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:^PermitEmptyPasswords\.+yes; # 6.2.10 Do Not Allow Users to Set Environment Options (Scored) # 6.2.11 Use Only Approved Ciphers in Counter Mode (Scored) # 6.2.12 Set Idle Timeout Interval for User Login (Not Scored) # 6.2.13 Limit Access via SSH (Scored) # 6.2.14 Set SSH Banner (Scored) # 6.2.15 Enable SSH UsePrivilegeSeparation (Scored) ############################################### # 6.3 Configure PAM ############################################### # 6.3.1 Set Password Creation Requirement Parameters Using pam_cracklib (Scored) # 6.3.2 Set Lockout for Failed Password Attempts (Not Scored) # 6.3.3 Use pam_deny.so to Deny Services (Not Scored) # 6.3.4 Upgrade Password Hashing Algorithm to SHA-512 (Scored) # 6.3.5 Limit Password Reuse (Scored) # 6.3.6 Remove the pam_ccreds Package (Scored) # 6.4 Restrict root Login to System Console (Not Scored) # 6.5 Restrict Access to the su Command (Scored) ############################################### # 7 User Accounts and Environment ############################################### ############################################### # 7.1 Set Shadow Password Suite Parameters (/etc/login.defs) ############################################### # 7.1.1 Set Password Expiration Days (Scored) # 7.1.2 Set Password Change Minimum Number of Days (Scored) # 7.1.3 Set Password Expiring Warning Days (Scored) # 7.2 Disable System Accounts (Scored) # 7.3 Set Default Group for root Account (Scored) # 7.4 Set Default umask for Users (Scored) # 7.5 Lock Inactive User Accounts (Scored) ############################################### # 8 Warning Banners ############################################### ############################################### # 8.1 Warning Banners for Standard Login Services ############################################### # 8.1.1 Set Warning Banner for Standard Login Services (Scored) # 8.1.2 Remove OS Information from Login Warning Banners (Scored) # 8.2 Set GNOME Warning Banner (Not Scored) ############################################### # 9 System Maintenance ############################################### ############################################### # 9.1 Verify System File Permissions ############################################### # 9.1.1 Verify System File Permissions (Not Scored) # 9.1.2 Verify Permissions on /etc/passwd (Scored) # 9.1.3 Verify Permissions on /etc/shadow (Scored) # 9.1.4 Verify Permissions on /etc/gshadow (Scored) # 9.1.5 Verify Permissions on /etc/group (Scored) # 9.1.6 Verify User/Group Ownership on /etc/passwd (Scored) # 9.1.7 Verify User/Group Ownership on /etc/shadow (Scored) # 9.1.8 Verify User/Group Ownership on /etc/gshadow (Scored) # 9.1.9 Verify User/Group Ownership on /etc/group (Scored) # 9.1.10 Find World Writable Files (Not Scored) # 9.1.11 Find Un-owned Files and Directories (Scored) # 9.1.12 Find Un-grouped Files and Directories (Scored) # 9.1.13 Find SUID System Executables (Not Scored) # 9.1.14 Find SGID System Executables (Not Scored) ############################################### # 9.2 Review User and Group Settings ############################################### # 9.2.1 Ensure Password Fields are Not Empty (Scored) # 9.2.2 Verify No Legacy "+" Entries Exist in /etc/passwd File (Scored) # 9.2.3 Verify No Legacy "+" Entries Exist in /etc/shadow File (Scored) # 9.2.4 Verify No Legacy "+" Entries Exist in /etc/group File (Scored) # 9.2.5 Verify No UID 0 Accounts Exist Other Than root (Scored) [CIS - RHEL5 - 9.2.5 - Non-root account with uid 0 {CIS: 9.2.5 RHEL5} {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/passwd -> !r:^# && !r:^root: && r:^\w+:\w+:0:; # 9.2.6 Ensure root PATH Integrity (Scored) # 9.2.7 Check Permissions on User Home Directories (Scored) # 9.2.8 Check User Dot File Permissions (Scored) # 9.2.9 Check Permissions on User .netrc Files (Scored) # 9.2.10 Check for Presence of User .rhosts Files (Scored) # 9.2.11 Check Groups in /etc/passwd (Scored) # 9.2.12 Check That Users Are Assigned Home Directories (Scored) # 9.2.13 Check That Defined Home Directories Exist (Scored) # 9.2.14 Check User Home Directory Ownership (Scored) # 9.2.15 Check for Duplicate UIDs (Scored) # 9.2.16 Check for Duplicate GIDs (Scored) # 9.2.17 Check That Reserved UIDs Are Assigned to System Accounts # 9.2.18 Check for Duplicate User Names (Scored) # 9.2.19 Check for Duplicate Group Names (Scored) # 9.2.20 Check for Presence of User .netrc Files (Scored) # 9.2.21 Check for Presence of User .forward Files (Scored) # Other/Legacy Tests [CIS - RHEL5 - X.X.X - Account with empty password present {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/shadow -> r:^\w+::; [CIS - RHEL5 - X.X.X - User-mounted removable partition allowed on the console] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/security/console.perms -> r:^ \d+ ; f:/etc/security/console.perms -> r:^ \d+ ; [CIS - RHEL5 - X.X.X - Disable standard boot services - Kudzu hardware detection Enabled] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dkudzu$; [CIS - RHEL5 - X.X.X - Disable standard boot services - PostgreSQL server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dpostgresql$; [CIS - RHEL5 - X.X.X - Disable standard boot services - MySQL server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dmysqld$; [CIS - RHEL5 - X.X.X - Disable standard boot services - DNS server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dnamed$; [CIS - RHEL5 - X.X.X - Disable standard boot services - NetFS Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dnetfs$; ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/cis_rhel6_linux_rcl.txt ================================================ # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2014 # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://www.gnu.org/licenses/gpl.html # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - p (process running) # - d (any file inside the directory) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for Red Hat / CentOS 6 # Based on CIS Benchmark for Red Hat Enterprise Linux 6 v1.3.0 # RC scripts location $rc_dirs=/etc/rc.d/rc2.d,/etc/rc.d/rc3.d,/etc/rc.d/rc4.d,/etc/rc.d/rc5.d; [CIS - Testing against the CIS Red Hat Enterprise Linux 5 Benchmark v2.1.0] [any required] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/redhat-release -> r:^Red Hat Enterprise Linux \S+ release 6; f:/etc/redhat-release -> r:^CentOS && r:release 6; f:/etc/redhat-release -> r:^Cloud && r:release 6; f:/etc/redhat-release -> r:^Oracle && r:release 6; f:/etc/redhat-release -> r:^Better && r:release 6; # 1.1.1 /tmp: partition [CIS - RHEL6 - Build considerations - Robust partition scheme - /tmp is not on its own partition] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> !r:/tmp; # 1.1.2 /tmp: nodev [CIS - RHEL6 - 1.1.2 - Partition /tmp without 'nodev' set {CIS: 1.1.2 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nodev; # 1.1.3 /tmp: nosuid [CIS - RHEL6 - 1.1.3 - Partition /tmp without 'nosuid' set {CIS: 1.1.3 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nosuid; # 1.1.4 /tmp: noexec [CIS - RHEL6 - 1.1.4 - Partition /tmp without 'noexec' set {CIS: 1.1.4 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nodev; # 1.1.5 Build considerations - Partition scheme. [CIS - RHEL6 - Build considerations - Robust partition scheme - /var is not on its own partition {CIS: 1.1.5 RHEL6}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> !r^# && !r:/var; # 1.1.6 bind mount /var/tmp to /tmp [CIS - RHEL6 - Build considerations - Robust partition scheme - /var/tmp is bound to /tmp {CIS: 1.1.6 RHEL6}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> r:^# && !r:/var/tmp && !r:bind; # 1.1.7 /var/log: partition [CIS - RHEL6 - Build considerations - Robust partition scheme - /var/log is not on its own partition {CIS: 1.1.7 RHEL6}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> ^# && !r:/var/log; # 1.1.8 /var/log/audit: partition [CIS - RHEL6 - Build considerations - Robust partition scheme - /var/log/audit is not on its own partition {CIS: 1.1.8 RHEL6}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> ^# && !r:/var/log/audit; # 1.1.9 /home: partition [CIS - RHEL6 - Build considerations - Robust partition scheme - /home is not on its own partition {CIS: 1.1.9 RHEL6}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> ^# && !r:/home; # 1.1.10 /home: nodev [CIS - RHEL6 - 1.1.10 - Partition /home without 'nodev' set {CIS: 1.1.10 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> !r:^# && r:/home && !r:nodev; # 1.1.11 nodev on removable media partitions (not scored) [CIS - RHEL6 - 1.1.11 - Removable partition /media without 'nodev' set {CIS: 1.1.11 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nodev; # 1.1.12 noexec on removable media partitions (not scored) [CIS - RHEL6 - 1.1.12 - Removable partition /media without 'noexec' set {CIS: 1.1.12 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:noexec; # 1.1.13 nosuid on removable media partitions (not scored) [CIS - RHEL6 - 1.1.13 - Removable partition /media without 'nosuid' set {CIS: 1.1.13 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nosuid; # 1.1.14 /dev/shm: nodev [CIS - RHEL6 - 1.1.14 - /dev/shm without 'nodev' set {CIS: 1.1.14 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:nodev; # 1.1.15 /dev/shm: nosuid [CIS - RHEL6 - 1.1.15 - /dev/shm without 'nosuid' set {CIS: 1.1.15 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:nosuid; # 1.1.16 /dev/shm: noexec [CIS - RHEL6 - 1.1.16 - /dev/shm without 'noexec' set {CIS: 1.1.16 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:noexec; # 1.1.17 sticky bit on world writable directories (Scored) # TODO # 1.1.18 disable cramfs (not scored) # 1.1.19 disable freevxfs (not scored) # 1.1.20 disable jffs2 (not scored) # 1.1.21 disable hfs (not scored) # 1.1.22 disable hfsplus (not scored) # 1.1.23 disable squashfs (not scored) # 1.1.24 disable udf (not scored) ########################################## # 1.2 Software Updates ########################################## # 1.2.1 Configure rhn updates (not scored) # 1.2.2 verify RPM gpg keys (Scored) # TODO # 1.2.3 verify gpgcheck enabled (Scored) # TODO # 1.2.4 Disable rhnsd (not scored) # 1.2.5 Obtain Software Package Updates with yum (Not Scored) # 1.2.6 Obtain updates with yum (not scored) ############################################### # 1.3 Advanced Intrusion Detection Environment ############################################### # # Skipped, this control is obsoleted by OSSEC # ############################################### # 1.4 Configure SELinux ############################################### # 1.4.1 enable selinux in /etc/grub.conf [CIS - RHEL6 - 1.4.1 - SELinux Disabled in /etc/grub.conf {CIS: 1.4.1 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/grub.conf -> !r:selinux=0; # 1.4.2 Set selinux state [CIS - RHEL6 - 1.4.2 - SELinux not set to enforcing {CIS: 1.4.2 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/selinux/config -> r:SELINUX=enforcing; # 1.4.3 Set seliux policy [CIS - RHEL6 - 1.4.3 - SELinux policy not set to targeted {CIS: 1.4.3 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/selinux/config -> r:SELINUXTYPE=targeted; # 1.4.4 Remove SETroubleshoot [CIS - RHEL6 - 1.4.4 - SELinux setroubleshoot enabled {CIS: 1.4.4 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dsetroubleshoot$; # 1.4.5 Disable MCS Translation service mcstrans [CIS - RHEL6 - 1.4.5 - SELinux mctrans enabled {CIS: 1.4.5 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dmctrans$; # 1.4.6 Check for unconfined daemons # TODO ############################################### # 1.5 Secure Boot Settings ############################################### # 1.5.1 Set User/Group Owner on /etc/grub.conf # TODO (no mode tests) # 1.5.2 Set Permissions on /etc/grub.conf (Scored) # TODO (no mode tests) # 1.5.3 Set Boot Loader Password (Scored) [CIS - RHEL6 - 1.5.3 - GRUB Password not set {CIS: 1.5.3 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/boot/grub/menu.lst -> !r:^# && !r:password; # 1.5.4 Require Authentication for Single-User Mode (Scored) [CIS - RHEL6 - 1.5.4 - Authentication for single user mode not enabled {CIS: 1.5.4 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/inittab -> !r:^# && r:S:wait; # 1.5.5 Disable Interactive Boot (Scored) [CIS - RHEL6 - 1.5.5 - Interactive Boot not disabled {CIS: 1.5.5 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/sysconfig/init -> !r:^# && r:PROMPT=no; ############################################### # 1.6 Additional Process Hardening ############################################### # 1.6.1 Restrict Core Dumps (Scored) [CIS - RHEL6 - 1.6.1 - Interactive Boot not disabled {CIS: 1.6.1 RHEL6}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/security/limits.conf -> !r:^# && !r:hard\.+core\.+0; # 1.6.2 Configure ExecShield (Scored) [CIS - RHEL6 - 1.6.2 - ExecShield not enabled {CIS: 1.6.2 RHEL6}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/proc/sys/kernel/exec-shield -> 0; # 1.6.3 Enable Randomized Virtual Memory Region Placement (Scored) [CIS - RHEL6 - 1.6.3 - Randomized Virtual Memory Region Placement not enabled {CIS: 1.6.3 RHEL6}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/proc/sys/kernel/randomize_va_space -> 0; ############################################### # 1.7 Use the Latest OS Release (Not Scored) ############################################### ############################################### # 2 OS Services ############################################### ############################################### # 2.1 Remove Legacy Services ############################################### # 2.1.1 Remove telnet-server (Scored) # TODO: detect it is installed at all [CIS - RHEL6 - 2.1.1 - Telnet enabled on xinetd {CIS: 2.1.1 RHEL6} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/xinetd.d/telnet -> !r:^# && r:disable && r:no; # 2.1.2 Remove telnet Clients (Scored) # TODO # 2.1.3 Remove rsh-server (Scored) [CIS - RHEL6 - 2.1.3 - rsh/rlogin/rcp enabled on xinetd {CIS: 2.1.3 RHEL6} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/xinetd.d/rlogin -> !r:^# && r:disable && r:no; f:/etc/xinetd.d/rsh -> !r:^# && r:disable && r:no; f:/etc/xinetd.d/shell -> !r:^# && r:disable && r:no; # 2.1.4 Remove rsh (Scored) # TODO # 2.1.5 Remove NIS Client (Scored) [CIS - RHEL6 - 2.1.5 - Disable standard boot services - NIS (client) Enabled {CIS: 2.1.5 RHEL6} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dypbind$; # 2.1.6 Remove NIS Server (Scored) [CIS - RHEL6 - 2.1.6 - Disable standard boot services - NIS (server) Enabled {CIS: 2.1.6 RHEL6} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dypserv$; # 2.1.7 Remove tftp (Scored) # TODO # 2.1.8 Remove tftp-server (Scored) [CIS - RHEL6 - 2.1.8 - tftpd enabled on xinetd {CIS: 2.1.8 RHEL6} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/xinetd.d/tftpd -> !r:^# && r:disable && r:no; # 2.1.9 Remove talk (Scored) # TODO # 2.1.10 Remove talk-server (Scored) [CIS - RHEL6 - 2.1.10 - talk enabled on xinetd {CIS: 2.1.10 RHEL6} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/xinetd.d/talk -> !r:^# && r:disable && r:no; # 2.1.11 Remove xinetd (Scored) # TODO # 2.1.12 Disable chargen-dgram (Scored) # TODO # 2.1.13 Disable chargen-stream (Scored) # TODO # 2.1.14 Disable daytime-dgram (Scored) # TODO # 2.1.15 Disable daytime-stream (Scored) # TODO # 2.1.16 Disable echo-dgram (Scored) # TODO # 2.1.17 Disable echo-stream (Scored) # TODO # 2.1.18 Disable tcpmux-server (Scored) # TODO ############################################### # 3 Special Purpose Services ############################################### # 3.1 Set Daemon umask (Scored) [CIS - RHEL6 - 3.1 - Set daemon umask - Default umask is higher than 027 {CIS: 3.1 RHEL6} {PCI_DSS: 2.2.2}] [all] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/init.d/functions -> !r:^# && r:^umask && <:umask 027; # 3.2 Remove X Windows (Scored) [CIS - RHEL6 - 3.2 - X11 not disabled {CIS: 3.2 RHEL6} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/inittab -> !r:^# && r:id:5; # 3.3 Disable Avahi Server (Scored) [CIS - RHEL6 - 3.2 - Avahi daemon not disabled {CIS: 3.3 RHEL6} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] p:avahi-daemon; # 3.4 Disable Print Server - CUPS (Not Scored) # 3.5 Remove DHCP Server (Not Scored) # TODO # 3.6 Configure Network Time Protocol (NTP) (Scored) #[CIS - RHEL6 - 3.6 - NTPD not disabled {CIS: 1.1.1 RHEL6} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] # TODO. # 3.7 Remove LDAP (Not Scored) # 3.8 Disable NFS and RPC (Not Scored) [CIS - RHEL6 - 3.8 - Disable standard boot services - NFS Enabled {CIS: 3.8 RHEL6} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dnfs$; d:$rc_dirs -> ^S\d\dnfslock$; # 3.9 Remove DNS Server (Not Scored) # TODO # 3.10 Remove FTP Server (Not Scored) [CIS - RHEL6 - 3.10 - VSFTP enabled on xinetd {CIS: 3.10 RHEL6} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/xinetd.d/vsftpd -> !r:^# && r:disable && r:no; # 3.11 Remove HTTP Server (Not Scored) [CIS - RHEL6 - 3.11 - Disable standard boot services - Apache web server Enabled {CIS: 3.11 RHEL6}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dhttpd$; # 3.12 Remove Dovecot (IMAP and POP3 services) (Not Scored) [CIS - RHEL6 - 3.12 - imap enabled on xinetd {CIS: 3.12 RHEL6} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/xinetd.d/cyrus-imapd -> !r:^# && r:disable && r:no; [CIS - RHEL6 - 3.12 - pop3 enabled on xinetd {CIS: 3.12 RHEL6} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/xinetd.d/dovecot -> !r:^# && r:disable && r:no; # 3.13 Remove Samba (Not Scored) [CIS - RHEL6 - 3.13 - Disable standard boot services - Samba Enabled {CIS: 3.13 RHEL6} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dsamba$; d:$rc_dirs -> ^S\d\dsmb$; # 3.14 Remove HTTP Proxy Server (Not Scored) [CIS - RHEL6 - 3.14 - Disable standard boot services - Squid Enabled {CIS: 3.14 RHEL6} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dsquid$; # 3.15 Remove SNMP Server (Not Scored) [CIS - RHEL6 - 3.15 - Disable standard boot services - SNMPD process Enabled {CIS: 3.15 RHEL6} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dsnmpd$; # 3.16 Configure Mail Transfer Agent for Local-Only Mode (Scored) # TODO ############################################### # 4 Network Configuration and Firewalls ############################################### ############################################### # 4.1 Modify Network Parameters (Host Only) ############################################### # 4.1.1 Disable IP Forwarding (Scored) [CIS - RHEL6 - 4.1.1 - Network parameters - IP Forwarding enabled {CIS: 4.1.1 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/proc/sys/net/ipv4/ip_forward -> 1; f:/proc/sys/net/ipv6/ip_forward -> 1; # 4.1.2 Disable Send Packet Redirects (Scored) [CIS - RHEL6 - 4.1.2 - Network parameters - IP send redirects enabled {CIS: 4.1.2 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/proc/sys/net/ipv4/conf/all/send_redirects -> 0; f:/proc/sys/net/ipv4/conf/default/send_redirects -> 0; ############################################### # 4.2 Modify Network Parameters (Host and Router) ############################################### # 4.2.1 Disable Source Routed Packet Acceptance (Scored) [CIS - RHEL6 - 4.2.1 - Network parameters - Source routing accepted {CIS: 4.2.1 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/proc/sys/net/ipv4/conf/all/accept_source_route -> 1; # 4.2.2 Disable ICMP Redirect Acceptance (Scored) #[CIS - RHEL6 - 4.2.2 - Network parameters - ICMP redirects accepted {CIS: 1.1.1 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] #f:/proc/sys/net/ipv4/conf/all/accept_redirects -> 1; #f:/proc/sys/net/ipv4/conf/default/accept_redirects -> 1; # 4.2.3 Disable Secure ICMP Redirect Acceptance (Scored) [CIS - RHEL6 - 4.2.3 - Network parameters - ICMP secure redirects accepted {CIS: 4.2.3 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/proc/sys/net/ipv4/conf/all/secure_redirects -> 1; f:/proc/sys/net/ipv4/conf/default/secure_redirects -> 1; # 4.2.4 Log Suspicious Packets (Scored) [CIS - RHEL6 - 4.2.4 - Network parameters - martians not logged {CIS: 4.2.4 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/proc/sys/net/ipv4/conf/all/log_martians -> 0; # 4.2.5 Enable Ignore Broadcast Requests (Scored) [CIS - RHEL6 - 4.2.5 - Network parameters - ICMP broadcasts accepted {CIS: 4.2.5 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts -> 0; # 4.2.6 Enable Bad Error Message Protection (Scored) [CIS - RHEL6 - 4.2.6 - Network parameters - Bad error message protection not enabled {CIS: 4.2.6 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses -> 0; # 4.2.7 Enable RFC-recommended Source Route Validation (Scored) [CIS - RHEL6 - 4.2.7 - Network parameters - RFC Source route validation not enabled {CIS: 4.2.7 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/proc/sys/net/ipv4/conf/all/rp_filter -> 0; f:/proc/sys/net/ipv4/conf/default/rp_filter -> 0; # 4.2.8 Enable TCP SYN Cookies (Scored) [CIS - RHEL6 - 4.2.8 - Network parameters - SYN Cookies not enabled {CIS: 4.2.8 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/proc/sys/net/ipv4/tcp_syncookies -> 0; ############################################### # 4.3 Wireless Networking ############################################### # 4.3.1 Deactivate Wireless Interfaces (Not Scored) ############################################### # 4.4 Disable ipv6 ############################################### ############################################### # 4.4.1 Configure IPv6 ############################################### # 4.4.1.1 Disable IPv6 Router Advertisements (Not Scored) # 4.4.1.2 Disable IPv6 Redirect Acceptance (Not Scored) # 4.4.2 Disable IPv6 (Not Scored) ############################################### # 4.5 Install TCP Wrappers ############################################### # 4.5.1 Install TCP Wrappers (Not Scored) # 4.5.2 Create /etc/hosts.allow (Not Scored) # 4.5.3 Verify Permissions on /etc/hosts.allow (Scored) # TODO # 4.5.4 Create /etc/hosts.deny (Not Scored) # 4.5.5 Verify Permissions on /etc/hosts.deny (Scored) # TODO ############################################### # 4.6 Uncommon Network Protocols ############################################### # 4.6.1 Disable DCCP (Not Scored) # 4.6.2 Disable SCTP (Not Scored) # 4.6.3 Disable RDS (Not Scored) # 4.6.4 Disable TIPC (Not Scored) # 4.7 Enable IPtables (Scored) # TODO # 4.8 Enable IP6tables (Not Scored) ############################################### # 5 Logging and Auditing ############################################### ############################################### # 5.1 Configure Syslog ############################################### # 5.1.1 Install the rsyslog package (Scored) # TODO # 5.1.2 Activate the rsyslog Service (Scored) # TODO # 5.1.3 Configure /etc/rsyslog.conf (Not Scored) # 5.1.4 Create and Set Permissions on rsyslog Log Files (Scored) # 5.1.5 Configure rsyslog to Send Logs to a Remote Log Host (Scored) # 5.1.6 Accept Remote rsyslog Messages Only on Designated Log Hosts (Not Scored) ############################################### # 5.2 Configure System Accounting (auditd) ############################################### ############################################### # 5.2.1 Configure Data Retention ############################################### # 5.2.1.1 Configure Audit Log Storage Size (Not Scored) # 5.2.1.2 Disable System on Audit Log Full (Not Scored) # 5.2.1.3 Keep All Auditing Information (Scored) # 5.2.2 Enable auditd Service (Scored) # 5.2.3 Enable Auditing for Processes That Start Prior to auditd (Scored) # 5.2.4 Record Events That Modify Date and Time Information (Scored) # 5.2.5 Record Events That Modify User/Group Information (Scored) # 5.2.6 Record Events That Modify the System’s Network Environment (Scored) # 5.2.7 Record Events That Modify the System’s Mandatory Access Controls (Scored) # 5.2.8 Collect Login and Logout Events (Scored) # 5.2.9 Collect Session Initiation Information (Scored) # 5.2.10 Collect Discretionary Access Control Permission Modification Events (Scored) # 5.2.11 Collect Unsuccessful Unauthorized Access Attempts to Files (Scored) # 5.2.12 Collect Use of Privileged Commands (Scored) # 5.2.13 Collect Successful File System Mounts (Scored) # 5.2.14 Collect File Deletion Events by User (Scored) # 5.2.15 Collect Changes to System Administration Scope (sudoers) (Scored) # 5.2.16 Collect System Administrator Actions (sudolog) (Scored) # 5.2.17 Collect Kernel Module Loading and Unloading (Scored) # 5.2.18 Make the Audit Configuration Immutable (Scored) # 5.3 Configure logrotate (Not Scored) ############################################### # 6 System Access, Authentication and Authorization ############################################### ############################################### # 6.1 Configure cron and anacron ############################################### # 6.1.1 Enable anacron Daemon (Scored) # 6.1.2 Enable cron Daemon (Scored) # 6.1.3 Set User/Group Owner and Permission on /etc/anacrontab (Scored) # 6.1.4 Set User/Group Owner and Permission on /etc/crontab (Scored) # 6.1.5 Set User/Group Owner and Permission on /etc/cron.hourly (Scored) # 6.1.6 Set User/Group Owner and Permission on /etc/cron.daily (Scored) # 6.1.7 Set User/Group Owner and Permission on /etc/cron.weekly (Scored) # 6.1.8 Set User/Group Owner and Permission on /etc/cron.monthly (Scored) # 6.1.9 Set User/Group Owner and Permission on /etc/cron.d (Scored) # 6.1.10 Restrict at Daemon (Scored) # 6.1.11 Restrict at/cron to Authorized Users (Scored) ############################################### # 6.1 Configure SSH ############################################### # 6.2.1 Set SSH Protocol to 2 (Scored) [CIS - RHEL6 - 6.2.1 - SSH Configuration - Protocol version 1 enabled {CIS: 6.2.1 RHEL6} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:Protocol\.+1; # 6.2.2 Set LogLevel to INFO (Scored) # 6.2.3 Set Permissions on /etc/ssh/sshd_config (Scored) # 6.2.4 Disable SSH X11 Forwarding (Scored) # 6.2.5 Set SSH MaxAuthTries to 4 or Less (Scored) # 6.2.6 Set SSH IgnoreRhosts to Yes (Scored) [CIS - RHEL6 - 6.2.6 - SSH Configuration - IgnoreRHosts disabled {CIS: 6.2.6 RHEL6} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:IgnoreRhosts\.+no; # 6.2.7 Set SSH HostbasedAuthentication to No (Scored) [CIS - RHEL6 - 6.2.7 - SSH Configuration - Host based authentication enabled {CIS: 6.2.7 RHEL6} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:HostbasedAuthentication\.+yes; # 6.2.8 Disable SSH Root Login (Scored) [CIS - RHEL6 - 6.2.8 - SSH Configuration - Root login allowed {CIS: 6.2.8 RHEL6} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:PermitRootLogin\.+yes; # 6.2.9 Set SSH PermitEmptyPasswords to No (Scored) [CIS - RHEL6 - 6.2.9 - SSH Configuration - Empty passwords permitted {CIS: 6.2.9 RHEL6} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:^PermitEmptyPasswords\.+yes; # 6.2.10 Do Not Allow Users to Set Environment Options (Scored) # 6.2.11 Use Only Approved Ciphers in Counter Mode (Scored) # 6.2.12 Set Idle Timeout Interval for User Login (Not Scored) # 6.2.13 Limit Access via SSH (Scored) # 6.2.14 Set SSH Banner (Scored) ############################################### # 6.3 Configure PAM ############################################### # 6.3.1 Set Password Creation Requirement Parameters Using pam_cracklib (Scored) # 6.3.2 Set Lockout for Failed Password Attempts (Not Scored) # 6.3.3 Use pam_deny.so to Deny Services (Not Scored) # 6.3.4 Upgrade Password Hashing Algorithm to SHA-512 (Scored) # 6.3.5 Limit Password Reuse (Scored) # 6.4 Restrict root Login to System Console (Not Scored) # 6.5 Restrict Access to the su Command (Scored) ############################################### # 7 User Accounts and Environment ############################################### ############################################### # 7.1 Set Shadow Password Suite Parameters (/etc/login.defs) ############################################### # 7.1.1 Set Password Expiration Days (Scored) # 7.1.2 Set Password Change Minimum Number of Days (Scored) # 7.1.3 Set Password Expiring Warning Days (Scored) # 7.2 Disable System Accounts (Scored) # 7.3 Set Default Group for root Account (Scored) # 7.4 Set Default umask for Users (Scored) # 7.5 Lock Inactive User Accounts (Scored) ############################################### # 8 Warning Banners ############################################### ############################################### # 8.1 Warning Banners for Standard Login Services ############################################### # 8.1 Set Warning Banner for Standard Login Services (Scored) # 8.2 Remove OS Information from Login Warning Banners (Scored) # 8.3 Set GNOME Warning Banner (Not Scored) ############################################### # 9 System Maintenance ############################################### ############################################### # 9.1 Verify System File Permissions ############################################### # 9.1.1 Verify System File Permissions (Not Scored) # 9.1.2 Verify Permissions on /etc/passwd (Scored) # 9.1.3 Verify Permissions on /etc/shadow (Scored) # 9.1.4 Verify Permissions on /etc/gshadow (Scored) # 9.1.5 Verify Permissions on /etc/group (Scored) # 9.1.6 Verify User/Group Ownership on /etc/passwd (Scored) # 9.1.7 Verify User/Group Ownership on /etc/shadow (Scored) # 9.1.8 Verify User/Group Ownership on /etc/gshadow (Scored) # 9.1.9 Verify User/Group Ownership on /etc/group (Scored) # 9.1.10 Find World Writable Files (Not Scored) # 9.1.11 Find Un-owned Files and Directories (Scored) # 9.1.12 Find Un-grouped Files and Directories (Scored) # 9.1.13 Find SUID System Executables (Not Scored) # 9.1.14 Find SGID System Executables (Not Scored) ############################################### # 9.2 Review User and Group Settings ############################################### # 9.2.1 Ensure Password Fields are Not Empty (Scored) # 9.2.2 Verify No Legacy "+" Entries Exist in /etc/passwd File (Scored) # 9.2.3 Verify No Legacy "+" Entries Exist in /etc/shadow File (Scored) # 9.2.4 Verify No Legacy "+" Entries Exist in /etc/group File (Scored) # 9.2.5 Verify No UID 0 Accounts Exist Other Than root (Scored) [CIS - RHEL6 - 9.2.5 - Non-root account with uid 0 {CIS: 9.2.5 RHEL6} {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/passwd -> !r:^# && !r:^root: && r:^\w+:\w+:0:; # 9.2.6 Ensure root PATH Integrity (Scored) # 9.2.7 Check Permissions on User Home Directories (Scored) # 9.2.8 Check User Dot File Permissions (Scored) # 9.2.9 Check Permissions on User .netrc Files (Scored) # 9.2.10 Check for Presence of User .rhosts Files (Scored) # 9.2.11 Check Groups in /etc/passwd (Scored) # 9.2.12 Check That Users Are Assigned Valid Home Directories (Scored) # 9.2.13 Check User Home Directory Ownership (Scored) # 9.2.14 Check for Duplicate UIDs (Scored) # 9.2.15 Check for Duplicate GIDs (Scored) # 9.2.16 Check for Duplicate User Names (Scored) # 9.2.17 Check for Duplicate Group Names (Scored) # 9.2.18 Check for Presence of User .netrc Files (Scored) # 9.2.19 Check for Presence of User .forward Files (Scored) # Other/Legacy Tests [CIS - RHEL6 - X.X.X - Account with empty password present {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/shadow -> r:^\w+::; [CIS - RHEL6 - X.X.X - User-mounted removable partition allowed on the console] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/security/console.perms -> r:^ \d+ ; f:/etc/security/console.perms -> r:^ \d+ ; [CIS - RHEL6 - X.X.X - Disable standard boot services - Kudzu hardware detection Enabled] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dkudzu$; [CIS - RHEL6 - X.X.X - Disable standard boot services - PostgreSQL server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dpostgresql$; [CIS - RHEL6 - X.X.X - Disable standard boot services - MySQL server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dmysqld$; [CIS - RHEL6 - X.X.X - Disable standard boot services - DNS server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dnamed$; [CIS - RHEL6 - X.X.X - Disable standard boot services - NetFS Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dnetfs$; ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/cis_rhel7_linux_rcl.txt ================================================ # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2014 # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://www.gnu.org/licenses/gpl.html # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - p (process running) # - d (any file inside the directory) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for Red Hat / CentOS 7 # Based on CIS Benchmark for Red Hat Enterprise Linux 7 v1.1.0 # Vars $sshd_file=/etc/ssh/sshd_config; # RC scripts location $rc_dirs=/etc/rc.d/rc2.d,/etc/rc.d/rc3.d,/etc/rc.d/rc4.d,/etc/rc.d/rc5.d; [CIS - Testing against the CIS Red Hat Enterprise Linux 7 Benchmark v1.1.0] [any required] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/redhat-release -> r:^Red Hat Enterprise Linux \S+ release 7; f:/etc/redhat-release -> r:^CentOS && r:release 7; f:/etc/redhat-release -> r:^Cloud && r:release 7; f:/etc/redhat-release -> r:^Oracle && r:release 7; f:/etc/redhat-release -> r:^Better && r:release 7; f:/etc/redhat-release -> r:^OpenVZ && r:release 7; # 1.1.1 /tmp: partition [CIS - RHEL7 - Build considerations - Robust partition scheme - /tmp is not on its own partition] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:/tmp; # 1.1.2 /tmp: nodev [CIS - RHEL7 - 1.1.2 - Partition /tmp without 'nodev' set {CIS: 1.1.2 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nodev; # 1.1.3 /tmp: nosuid [CIS - RHEL7 - 1.1.3 - Partition /tmp without 'nosuid' set {CIS: 1.1.3 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nosuid; # 1.1.4 /tmp: noexec [CIS - RHEL7 - 1.1.4 - Partition /tmp without 'noexec' set {CIS: 1.1.4 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:noexec; # 1.1.5 Build considerations - Partition scheme. [CIS - RHEL7 - Build considerations - Robust partition scheme - /var is not on its own partition {CIS: 1.1.5 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r^# && !r:/var; # 1.1.6 bind mount /var/tmp to /tmp [CIS - RHEL7 - Build considerations - Robust partition scheme - /var/tmp is bound to /tmp {CIS: 1.1.6 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && !r:/var/tmp; # 1.1.7 /var/log: partition [CIS - RHEL7 - Build considerations - Robust partition scheme - /var/log is not on its own partition {CIS: 1.1.7 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && !r:/var/log; # 1.1.8 /var/log/audit: partition [CIS - RHEL7 - Build considerations - Robust partition scheme - /var/log/audit is not on its own partition {CIS: 1.1.8 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && !r:/var/log/audit; # 1.1.9 /home: partition [CIS - RHEL7 - Build considerations - Robust partition scheme - /home is not on its own partition {CIS: 1.1.9 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && !r:/home; # 1.1.10 /home: nodev [CIS - RHEL7 - 1.1.10 - Partition /home without 'nodev' set {CIS: 1.1.10 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/home && !r:nodev; # 1.1.11 nodev on removable media partitions (not scored) [CIS - RHEL7 - 1.1.11 - Removable partition /media without 'nodev' set {CIS: 1.1.11 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nodev; # 1.1.12 noexec on removable media partitions (not scored) [CIS - RHEL7 - 1.1.12 - Removable partition /media without 'noexec' set {CIS: 1.1.12 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:noexec; # 1.1.13 nosuid on removable media partitions (not scored) [CIS - RHEL7 - 1.1.13 - Removable partition /media without 'nosuid' set {CIS: 1.1.13 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nosuid; # 1.1.14 /dev/shm: nodev [CIS - RHEL7 - 1.1.14 - /dev/shm without 'nodev' set {CIS: 1.1.14 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:nodev; # 1.1.15 /dev/shm: nosuid [CIS - RHEL7 - 1.1.15 - /dev/shm without 'nosuid' set {CIS: 1.1.15 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:nosuid; # 1.1.16 /dev/shm: noexec [CIS - RHEL7 - 1.1.16 - /dev/shm without 'noexec' set {CIS: 1.1.16 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:noexec; # 1.1.17 sticky bit on world writable directories (Scored) # TODO # 1.1.18 disable cramfs (not scored) # 1.1.19 disable freevxfs (not scored) # 1.1.20 disable jffs2 (not scored) # 1.1.21 disable hfs (not scored) # 1.1.22 disable hfsplus (not scored) # 1.1.23 disable squashfs (not scored) # 1.1.24 disable udf (not scored) ########################################## # 1.2 Software Updates ########################################## # 1.2.1 Configure rhn updates (not scored) # 1.2.2 verify RPM gpg keys (Scored) # TODO # 1.2.3 verify gpgcheck enabled (Scored) # TODO # 1.2.4 Disable rhnsd (not scored) # 1.2.5 Obtain Software Package Updates with yum (Not Scored) # 1.2.6 Obtain updates with yum (not scored) ############################################### # 1.3 Advanced Intrusion Detection Environment ############################################### # # Skipped, this control is obsoleted by OSSEC # ############################################### # 1.4 Configure SELinux ############################################### # 1.4.1 enable selinux in /etc/grub.conf [CIS - RHEL7 - 1.4.1 - SELinux Disabled in /etc/grub.conf {CIS: 1.4.1 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/grub.conf -> r:selinux=0; f:/etc/grub2.cfg -> r:selinux=0; # 1.4.2 Set selinux state [CIS - RHEL7 - 1.4.2 - SELinux not set to enforcing {CIS: 1.4.2 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/selinux/config -> !r:SELINUX=enforcing; # 1.4.3 Set seliux policy [CIS - RHEL7 - 1.4.3 - SELinux policy not set to targeted {CIS: 1.4.3 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/selinux/config -> !r:SELINUXTYPE=targeted; # 1.4.4 Remove SETroubleshoot [CIS - RHEL7 - 1.4.4 - SELinux setroubleshoot enabled {CIS: 1.4.4 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dsetroubleshoot$; f:/usr/share/dbus-1/services/sealert.service -> r:Exec=/usr/bin/sealert; # 1.4.5 Disable MCS Translation service mcstrans [CIS - RHEL7 - 1.4.5 - SELinux mctrans enabled {CIS: 1.4.5 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dmctrans$; f:/usr/lib/systemd/system/mcstransd.service -> r:ExecStart=/usr/sbin/mcstransd; # 1.4.6 Check for unconfined daemons # TODO ############################################### # 1.5 Secure Boot Settings ############################################### # 1.5.1 Set User/Group Owner on /etc/grub.conf # TODO (no mode tests) # stat -L -c "%u %g" /boot/grub2/grub.cfg | egrep "0 0" # 1.5.2 Set Permissions on /etc/grub.conf (Scored) # TODO (no mode tests) # stat -L -c "%a" /boot/grub2/grub.cfg | egrep ".00" # 1.5.3 Set Boot Loader Password (Scored) [CIS - RHEL7 - 1.5.3 - GRUB Password not set {CIS: 1.5.3 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/boot/grub2/grub.cfg -> !r:^# && !r:password; ############################################### # 1.6 Additional Process Hardening ############################################### # 1.6.1 Restrict Core Dumps (Scored) [CIS - RHEL7 - 1.6.1 - Interactive Boot not disabled {CIS: 1.6.1 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/security/limits.conf -> !r:^# && !r:hard\.+core\.+0; # 1.6.1 Enable Randomized Virtual Memory Region Placement (Scored) # Note this is also labeled 1.6.1 in the CIS benchmark. [CIS - RHEL7 - 1.6.1 - Randomized Virtual Memory Region Placement not enabled {CIS: 1.6.3 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/proc/sys/kernel/randomize_va_space -> !r:^2$; ############################################### # 1.7 Use the Latest OS Release (Not Scored) ############################################### ############################################### # 2 OS Services ############################################### ############################################### # 2.1 Remove Legacy Services ############################################### # 2.1.1 Remove telnet-server (Scored) # TODO: detect it is installed at all [CIS - RHEL7 - 2.1.1 - Telnet enabled on xinetd {CIS: 2.1.1 RHEL7} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/telnet -> !r:^# && r:disable && r:no; f:/usr/lib/systemd/system/telnet@.service -> r:ExecStart=-/usr/sbin/in.telnetd; # 2.1.2 Remove telnet Clients (Scored) # TODO # 2.1.3 Remove rsh-server (Scored) [CIS - RHEL7 - 2.1.3 - rsh/rlogin/rcp enabled on xinetd {CIS: 2.1.3 RHEL7} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/rlogin -> !r:^# && r:disable && r:no; f:/etc/xinetd.d/rsh -> !r:^# && r:disable && r:no; f:/etc/xinetd.d/shell -> !r:^# && r:disable && r:no; # TODO (finish this) f:/usr/lib/systemd/system/rexec@.service -> r:ExecStart; f:/usr/lib/systemd/system/rlogin@.service -> r:ExecStart; f:/usr/lib/systemd/system/rsh@.service -> r:ExecStart; # 2.1.4 Remove rsh (Scored) # TODO # 2.1.5 Remove NIS Client (Scored) [CIS - RHEL7 - 2.1.5 - Disable standard boot services - NIS (client) Enabled {CIS: 2.1.5 RHEL7} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dypbind$; f:/usr/lib/systemd/system/ypbind.service -> r:Exec; # 2.1.6 Remove NIS Server (Scored) [CIS - RHEL7 - 2.1.6 - Disable standard boot services - NIS (server) Enabled {CIS: 2.1.6 RHEL7} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dypserv$; f:/usr/lib/systemd/system/ypserv.service -> r:Exec; # 2.1.7 Remove tftp (Scored) # TODO # 2.1.8 Remove tftp-server (Scored) [CIS - RHEL7 - 2.1.8 - tftpd enabled on xinetd {CIS: 2.1.8 RHEL7} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/tftpd -> !r:^# && r:disable && r:no; f:/usr/lib/systemd/system/tftp.service -> r:Exec; # 2.1.9 Remove talk (Scored) # TODO # 2.1.10 Remove talk-server (Scored) [CIS - RHEL7 - 2.1.10 - talk enabled on xinetd {CIS: 2.1.10 RHEL7} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/talk -> !r:^# && r:disable && r:no; f:/usr/lib/systemd/system/ntalk.service -> r:Exec; # 2.1.11 Remove xinetd (Scored) [CIS - RHEL7 - 2.1.11 - xinetd detected {CIS: 2.1.11 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/usr/lib/systemd/system/xinetd.service -> r:Exec; # 2.1.12 Disable chargen-dgram (Scored) [CIS - RHEL7 - 2.1.12 - chargen-dgram enabled on xinetd {CIS: 2.1.12 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/chargen-dgram -> !r:^# && r:disable && r:no; # 2.1.13 Disable chargen-stream (Scored) [CIS - RHEL7 - 2.1.13 - chargen-stream enabled on xinetd {CIS: 2.1.13 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/chargen-stream -> !r:^# && r:disable && r:no; # 2.1.14 Disable daytime-dgram (Scored) [CIS - RHEL7 - 2.1.14 - daytime-dgram enabled on xinetd {CIS: 2.1.14 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/daytime-dgram -> !r:^# && r:disable && r:no; # 2.1.15 Disable daytime-stream (Scored) [CIS - RHEL7 - 2.1.15 - daytime-stream enabled on xinetd {CIS: 2.1.15 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/daytime-stream -> !r:^# && r:disable && r:no; # 2.1.16 Disable echo-dgram (Scored) [CIS - RHEL7 - 2.1.16 - echo-dgram enabled on xinetd {CIS: 2.1.16 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/echo-dgram -> !r:^# && r:disable && r:no; # 2.1.17 Disable echo-stream (Scored) [CIS - RHEL7 - 2.1.17 - echo-stream enabled on xinetd {CIS: 2.1.17 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/echo-stream -> !r:^# && r:disable && r:no; # 2.1.18 Disable tcpmux-server (Scored) [CIS - RHEL7 - 2.1.18 - tcpmux-server enabled on xinetd {CIS: 2.1.18 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/tcpmux-server -> !r:^# && r:disable && r:no; ############################################### # 3 Special Purpose Services ############################################### # 3.1 Set Daemon umask (Scored) [CIS - RHEL7 - 3.1 - Set daemon umask - Default umask is higher than 027 {CIS: 3.1 RHEL7} {PCI_DSS: 2.2.2}] [all] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/sysconfig/init -> !r:^# && r:^umask && <:umask 027; # 3.2 Remove X Windows (Scored) [CIS - RHEL7 - 3.2 - X11 not disabled {CIS: 3.2 RHEL7} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] p:gdm-x-session; # 3.3 Disable Avahi Server (Scored) [CIS - RHEL7 - 3.2 - Avahi daemon not disabled {CIS: 3.3 RHEL7} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] p:avahi-daemon; # 3.4 Disable Print Server - CUPS (Not Scored) # 3.5 Remove DHCP Server (Scored) [CIS - RHEL7 - 3.5 - DHCPnot disabled {CIS: 3.5 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/usr/lib/systemd/system/dhcpd.service -> r:Exec; # 3.6 Configure Network Time Protocol (NTP) (Scored) [CIS - RHEL7 - 3.6 - NTPD not Configured {CIS: 3.6 RHEL7} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/ntp.conf -> r:restrict default kod nomodify notrap nopeer noquery && r:^server; f:/etc/sysconfig/ntpd -> r:OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid"; # 3.7 Remove LDAP (Not Scored) # 3.8 Disable NFS and RPC (Not Scored) [CIS - RHEL7 - 3.8 - Disable standard boot services - NFS Enabled {CIS: 3.8 RHEL7} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dnfs$; d:$rc_dirs -> ^S\d\dnfslock$; # 3.9 Remove DNS Server (Not Scored) # TODO # 3.10 Remove FTP Server (Not Scored) [CIS - RHEL7 - 3.10 - VSFTP enabled on xinetd {CIS: 3.10 RHEL7} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/vsftpd -> !r:^# && r:disable && r:no; # 3.11 Remove HTTP Server (Not Scored) [CIS - RHEL7 - 3.11 - Disable standard boot services - Apache web server Enabled {CIS: 3.11 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dhttpd$; # 3.12 Remove Dovecot (IMAP and POP3 services) (Not Scored) [CIS - RHEL7 - 3.12 - imap enabled on xinetd {CIS: 3.12 RHEL7} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/cyrus-imapd -> !r:^# && r:disable && r:no; [CIS - RHEL7 - 3.12 - pop3 enabled on xinetd {CIS: 3.12 RHEL7} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/dovecot -> !r:^# && r:disable && r:no; # 3.13 Remove Samba (Not Scored) [CIS - RHEL7 - 3.13 - Disable standard boot services - Samba Enabled {CIS: 3.13 RHEL7} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dsamba$; d:$rc_dirs -> ^S\d\dsmb$; # 3.14 Remove HTTP Proxy Server (Not Scored) [CIS - RHEL7 - 3.14 - Disable standard boot services - Squid Enabled {CIS: 3.14 RHEL7} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dsquid$; # 3.15 Remove SNMP Server (Not Scored) [CIS - RHEL7 - 3.15 - Disable standard boot services - SNMPD process Enabled {CIS: 3.15 RHEL7} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dsnmpd$; # 3.16 Configure Mail Transfer Agent for Local-Only Mode (Scored) # TODO ############################################### # 4 Network Configuration and Firewalls ############################################### ############################################### # 4.1 Modify Network Parameters (Host Only) ############################################### # 4.1.1 Disable IP Forwarding (Scored) [CIS - RHEL7 - 4.1.1 - Network parameters - IP Forwarding enabled {CIS: 4.1.1 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/ip_forward -> 1; f:/proc/sys/net/ipv6/ip_forward -> 1; # 4.1.2 Disable Send Packet Redirects (Scored) [CIS - RHEL7 - 4.1.2 - Network parameters - IP send redirects enabled {CIS: 4.1.2 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/send_redirects -> 1; f:/proc/sys/net/ipv4/conf/default/send_redirects -> 1; ############################################### # 4.2 Modify Network Parameters (Host and Router) ############################################### # 4.2.1 Disable Source Routed Packet Acceptance (Scored) [CIS - RHEL7 - 4.2.1 - Network parameters - Source routing accepted {CIS: 4.2.1 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/accept_source_route -> 1; # 4.2.2 Disable ICMP Redirect Acceptance (Scored) [CIS - RHEL7 - 4.2.2 - Network parameters - ICMP redirects accepted {CIS: 1.1.1 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/accept_redirects -> 1; f:/proc/sys/net/ipv4/conf/default/accept_redirects -> 1; # 4.2.3 Disable Secure ICMP Redirect Acceptance (Scored) [CIS - RHEL7 - 4.2.3 - Network parameters - ICMP secure redirects accepted {CIS: 4.2.3 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/secure_redirects -> 1; f:/proc/sys/net/ipv4/conf/default/secure_redirects -> 1; # 4.2.4 Log Suspicious Packets (Scored) [CIS - RHEL7 - 4.2.4 - Network parameters - martians not logged {CIS: 4.2.4 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/log_martians -> 0; # 4.2.5 Enable Ignore Broadcast Requests (Scored) [CIS - RHEL7 - 4.2.5 - Network parameters - ICMP broadcasts accepted {CIS: 4.2.5 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts -> 0; # 4.2.6 Enable Bad Error Message Protection (Scored) [CIS - RHEL7 - 4.2.6 - Network parameters - Bad error message protection not enabled {CIS: 4.2.6 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses -> 0; # 4.2.7 Enable RFC-recommended Source Route Validation (Scored) [CIS - RHEL7 - 4.2.7 - Network parameters - RFC Source route validation not enabled {CIS: 4.2.7 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/rp_filter -> 0; f:/proc/sys/net/ipv4/conf/default/rp_filter -> 0; # 4.2.8 Enable TCP SYN Cookies (Scored) [CIS - RHEL7 - 4.2.8 - Network parameters - SYN Cookies not enabled {CIS: 4.2.8 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/tcp_syncookies -> 0; ############################################### # 4.3 Wireless Networking ############################################### # 4.3.1 Deactivate Wireless Interfaces (Not Scored) ############################################### # 4.4 Disable ipv6 ############################################### ############################################### # 4.4.1 Configure IPv6 ############################################### # 4.4.1.1 Disable IPv6 Router Advertisements (Not Scored) # 4.4.1.2 Disable IPv6 Redirect Acceptance (Not Scored) # 4.4.2 Disable IPv6 (Not Scored) ############################################### # 4.5 Install TCP Wrappers ############################################### # 4.5.1 Install TCP Wrappers (Not Scored) # 4.5.2 Create /etc/hosts.allow (Not Scored) # 4.5.3 Verify Permissions on /etc/hosts.allow (Scored) # TODO # 4.5.4 Create /etc/hosts.deny (Not Scored) # 4.5.5 Verify Permissions on /etc/hosts.deny (Scored) # TODO ############################################### # 4.6 Uncommon Network Protocols ############################################### # 4.6.1 Disable DCCP (Not Scored) # 4.6.2 Disable SCTP (Not Scored) # 4.6.3 Disable RDS (Not Scored) # 4.6.4 Disable TIPC (Not Scored) # 4.7 Enable IPtables (Scored) #[CIS - RHEL7 - 4.7 - Uncommon Network Protocols - Firewalld not enabled {CIS: 4.7 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] #f:/usr/lib/systemd/system/firewalld.service -> TODO; ############################################### # 5 Logging and Auditing ############################################### ############################################### # 5.1 Configure Syslog ############################################### # 5.1.1 Install the rsyslog package (Scored) # TODO # 5.1.2 Activate the rsyslog Service (Scored) # TODO # 5.1.3 Configure /etc/rsyslog.conf (Not Scored) # 5.1.4 Create and Set Permissions on rsyslog Log Files (Scored) # 5.1.5 Configure rsyslog to Send Logs to a Remote Log Host (Scored) # 5.1.6 Accept Remote rsyslog Messages Only on Designated Log Hosts (Not Scored) ############################################### # 5.2 Configure System Accounting (auditd) ############################################### ############################################### # 5.2.1 Configure Data Retention ############################################### # 5.2.1.1 Configure Audit Log Storage Size (Not Scored) # 5.2.1.2 Disable System on Audit Log Full (Not Scored) # 5.2.1.3 Keep All Auditing Information (Scored) # 5.2.2 Enable auditd Service (Scored) # 5.2.3 Enable Auditing for Processes That Start Prior to auditd (Scored) # 5.2.4 Record Events That Modify Date and Time Information (Scored) # 5.2.5 Record Events That Modify User/Group Information (Scored) # 5.2.6 Record Events That Modify the System’s Network Environment (Scored) # 5.2.7 Record Events That Modify the System’s Mandatory Access Controls (Scored) # 5.2.8 Collect Login and Logout Events (Scored) # 5.2.9 Collect Session Initiation Information (Scored) # 5.2.10 Collect Discretionary Access Control Permission Modification Events (Scored) # 5.2.11 Collect Unsuccessful Unauthorized Access Attempts to Files (Scored) # 5.2.12 Collect Use of Privileged Commands (Scored) # 5.2.13 Collect Successful File System Mounts (Scored) # 5.2.14 Collect File Deletion Events by User (Scored) # 5.2.15 Collect Changes to System Administration Scope (sudoers) (Scored) # 5.2.16 Collect System Administrator Actions (sudolog) (Scored) # 5.2.17 Collect Kernel Module Loading and Unloading (Scored) # 5.2.18 Make the Audit Configuration Immutable (Scored) # 5.3 Configure logrotate (Not Scored) ############################################### # 6 System Access, Authentication and Authorization ############################################### ############################################### # 6.1 Configure cron and anacron ############################################### # 6.1.1 Enable anacron Daemon (Scored) # 6.1.2 Enable cron Daemon (Scored) # 6.1.3 Set User/Group Owner and Permission on /etc/anacrontab (Scored) # 6.1.4 Set User/Group Owner and Permission on /etc/crontab (Scored) # 6.1.5 Set User/Group Owner and Permission on /etc/cron.hourly (Scored) # 6.1.6 Set User/Group Owner and Permission on /etc/cron.daily (Scored) # 6.1.7 Set User/Group Owner and Permission on /etc/cron.weekly (Scored) # 6.1.8 Set User/Group Owner and Permission on /etc/cron.monthly (Scored) # 6.1.9 Set User/Group Owner and Permission on /etc/cron.d (Scored) # 6.1.10 Restrict at Daemon (Scored) # 6.1.11 Restrict at/cron to Authorized Users (Scored) ############################################### # 6.2 Configure SSH ############################################### # 6.2.1 Set SSH Protocol to 2 (Scored) [CIS - RHEL7 - 6.2.1 - SSH Configuration - Protocol version 1 enabled {CIS: 6.2.1 RHEL7} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:Protocol\.+1; # 6.2.2 Set LogLevel to INFO (Scored) [CIS - RHEL7 - 6.2.1 - SSH Configuration - Protocol version 1 enabled {CIS: 6.2.1 RHEL7} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && !r:LogLevel\.+INFO; # 6.2.3 Set Permissions on /etc/ssh/sshd_config (Scored) # TODO # 6.2.4 Disable SSH X11 Forwarding (Scored) # TODO # 6.2.5 Set SSH MaxAuthTries to 4 or Less (Scored) [CIS - RHEL7 - 6.2.5 - SSH Configuration - Set SSH MaxAuthTries to 4 or Less {CIS - RHEL7 - 6.2.5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:$sshd_file -> !r:^\s*MaxAuthTries\s+4\s*$; # 6.2.6 Set SSH IgnoreRhosts to Yes (Scored) [CIS - RHEL7 - 6.2.6 - SSH Configuration - IgnoreRHosts disabled {CIS: 6.2.6 RHEL7} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:IgnoreRhosts\.+no; # 6.2.7 Set SSH HostbasedAuthentication to No (Scored) [CIS - RHEL7 - 6.2.7 - SSH Configuration - Host based authentication enabled {CIS: 6.2.7 RHEL7} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:HostbasedAuthentication\.+yes; # 6.2.8 Disable SSH Root Login (Scored) [CIS - RHEL7 - 6.2.8 - SSH Configuration - Root login allowed {CIS: 6.2.8 RHEL7} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:$sshd_file -> !r:^\s*PermitRootLogin\.+no; # 6.2.9 Set SSH PermitEmptyPasswords to No (Scored) [CIS - RHEL7 - 6.2.9 - SSH Configuration - Empty passwords permitted {CIS: 6.2.9 RHEL7} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:$sshd_file -> !r:^\s*PermitEmptyPasswords\.+no; # 6.2.10 Do Not Allow Users to Set Environment Options (Scored) # 6.2.11 Use Only Approved Ciphers in Counter Mode (Scored) # 6.2.12 Set Idle Timeout Interval for User Login (Not Scored) # 6.2.13 Limit Access via SSH (Scored) # 6.2.14 Set SSH Banner (Scored) ############################################### # 6.3 Configure PAM ############################################### # 6.3.1 Upgrade Password Hashing Algorithm to SHA-512 (Scored) # authconfig --test | grep hashing | grep sha512 # 6.3.2 Set Password Creation Requirement Parameters Using pam_cracklib (Scored) # 6.3.3 Set Lockout for Failed Password Attempts (Not Scored) # 6.3.4 Limit Password Reuse (Scored) # 6.4 Restrict root Login to System Console (Not Scored) # 6.5 Restrict Access to the su Command (Scored) ############################################### # 7 User Accounts and Environment ############################################### ############################################### # 7.1 Set Shadow Password Suite Parameters (/etc/login.defs) ############################################### # 7.1.1 Set Password Expiration Days (Scored) # 7.1.2 Set Password Change Minimum Number of Days (Scored) # 7.1.3 Set Password Expiring Warning Days (Scored) # 7.2 Disable System Accounts (Scored) # 7.3 Set Default Group for root Account (Scored) # 7.4 Set Default umask for Users (Scored) # 7.5 Lock Inactive User Accounts (Scored) ############################################### # 8 Warning Banners ############################################### ############################################### # 8.1 Warning Banners for Standard Login Services ############################################### # 8.1 Set Warning Banner for Standard Login Services (Scored) # 8.2 Remove OS Information from Login Warning Banners (Scored) # 8.3 Set GNOME Warning Banner (Not Scored) ############################################### # 9 System Maintenance ############################################### ############################################### # 9.1 Verify System File Permissions ############################################### # 9.1.1 Verify System File Permissions (Not Scored) # 9.1.2 Verify Permissions on /etc/passwd (Scored) # 9.1.3 Verify Permissions on /etc/shadow (Scored) # 9.1.4 Verify Permissions on /etc/gshadow (Scored) # 9.1.5 Verify Permissions on /etc/group (Scored) # 9.1.6 Verify User/Group Ownership on /etc/passwd (Scored) # 9.1.7 Verify User/Group Ownership on /etc/shadow (Scored) # 9.1.8 Verify User/Group Ownership on /etc/gshadow (Scored) # 9.1.9 Verify User/Group Ownership on /etc/group (Scored) # 9.1.10 Find World Writable Files (Not Scored) # 9.1.11 Find Un-owned Files and Directories (Scored) # 9.1.12 Find Un-grouped Files and Directories (Scored) # 9.1.13 Find SUID System Executables (Not Scored) # 9.1.14 Find SGID System Executables (Not Scored) ############################################### # 9.2 Review User and Group Settings ############################################### # 9.2.1 Ensure Password Fields are Not Empty (Scored) # 9.2.2 Verify No Legacy "+" Entries Exist in /etc/passwd File (Scored) # 9.2.3 Verify No Legacy "+" Entries Exist in /etc/shadow File (Scored) # 9.2.4 Verify No Legacy "+" Entries Exist in /etc/group File (Scored) # 9.2.5 Verify No UID 0 Accounts Exist Other Than root (Scored) [CIS - RHEL7 - 9.2.5 - Non-root account with uid 0 {CIS: 9.2.5 RHEL7} {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/passwd -> !r:^# && !r:^root: && r:^\w+:\w+:0:; # 9.2.6 Ensure root PATH Integrity (Scored) # 9.2.7 Check Permissions on User Home Directories (Scored) # 9.2.8 Check User Dot File Permissions (Scored) # 9.2.9 Check Permissions on User .netrc Files (Scored) # 9.2.10 Check for Presence of User .rhosts Files (Scored) # 9.2.11 Check Groups in /etc/passwd (Scored) # 9.2.12 Check That Users Are Assigned Valid Home Directories (Scored) # 9.2.13 Check User Home Directory Ownership (Scored) # 9.2.14 Check for Duplicate UIDs (Scored) # 9.2.15 Check for Duplicate GIDs (Scored) # 9.2.16 Check That Reserved UIDs Are Assigned to System Accounts (Scored) # 9.2.17 Check for Duplicate User Names (Scored) # 9.2.18 Check for Duplicate Group Names (Scored) # 9.2.19 Check for Presence of User .netrc Files (Scored) # 9.2.20 Check for Presence of User .forward Files (Scored) # Other/Legacy Tests [CIS - RHEL7 - X.X.X - Account with empty password present {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/shadow -> r:^\w+::; [CIS - RHEL7 - X.X.X - User-mounted removable partition allowed on the console] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/security/console.perms -> r:^ \d+ ; f:/etc/security/console.perms -> r:^ \d+ ; [CIS - RHEL7 - X.X.X - Disable standard boot services - Kudzu hardware detection Enabled] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dkudzu$; [CIS - RHEL7 - X.X.X - Disable standard boot services - PostgreSQL server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dpostgresql$; [CIS - RHEL7 - X.X.X - Disable standard boot services - MySQL server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dmysqld$; [CIS - RHEL7 - X.X.X - Disable standard boot services - DNS server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dnamed$; [CIS - RHEL7 - X.X.X - Disable standard boot services - NetFS Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dnetfs$; ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/cis_rhel_linux_rcl.txt ================================================ # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2014 # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://www.gnu.org/licenses/gpl.html # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - p (process running) # - d (any file inside the directory) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for Red Hat (RHEL 2.1, 3.0, 4.0 and Fedora Core 1,2,3,4 and 5). # Based on CIS Benchmark for Red Hat Enterprise Linux v1.0.5 # RC scripts location $rc_dirs=/etc/rc.d/rc2.d,/etc/rc.d/rc3.d,/etc/rc.d/rc4.d,/etc/rc.d/rc5.d; # Main one. Only valid for Red Hat/Fedora. [CIS - Testing against the CIS Red Hat Enterprise Linux Benchmark v1.0.5] [any required] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/redhat-release -> r:^Red Hat Enterprise Linux \S+ release 4; f:/etc/redhat-release -> r:^Red Hat Enterprise Linux \S+ release 3; f:/etc/redhat-release -> r:^Red Hat Enterprise Linux \S+ release 2.1; f:/etc/fedora-release -> r:^Fedora && r:release 1; f:/etc/fedora-release -> r:^Fedora && r:release 2; f:/etc/fedora-release -> r:^Fedora && r:release 3; f:/etc/fedora-release -> r:^Fedora && r:release 4; f:/etc/fedora-release -> r:^Fedora && r:release 5; # Build considerations - Partition scheme. [CIS - Red Hat Linux - - Build considerations - Robust partition scheme - /var is not on its own partition] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/fstab -> !r:/var; [CIS - Red Hat Linux - - Build considerations - Robust partition scheme - /home is not on its own partition] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/fstab -> !r:/home; # Section 1.3 - SSH configuration [CIS - Red Hat Linux - 1.3 - SSH Configuration - Protocol version 1 enabled {CIS: 1.3 Red Hat Linux} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:Protocol\.+1; [CIS - Red Hat Linux - 1.3 - SSH Configuration - IgnoreRHosts disabled {CIS: 1.3 Red Hat Linux} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:IgnoreRhosts\.+no; [CIS - Red Hat Linux - 1.3 - SSH Configuration - Empty passwords permitted {CIS: 1.3 Red Hat Linux} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:^PermitEmptyPasswords\.+yes; [CIS - Red Hat Linux - 1.3 - SSH Configuration - Host based authentication enabled {CIS: 1.3 Red Hat Linux} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:HostbasedAuthentication\.+yes; [CIS - Red Hat Linux - 1.3 - SSH Configuration - Root login allowed {CIS: 1.3 Red Hat Linux} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:PermitRootLogin\.+yes; # Section 1.4 Enable system accounting #[CIS - Red Hat Linux - 1.4 - System Accounting - Sysstat not installed] [all] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] #f:!/var/log/sa; # Section 2.5 Install and run Bastille #[CIS - Red Hat Linux - 1.5 - System harderning - Bastille is not installed] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] #f:!/etc/Bastille; # Section 2 - Minimize xinetd services [CIS - Red Hat Linux - 2.3 - Telnet enabled on xinetd {CIS: 2.3 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/xinetd.c/telnet -> !r:^# && r:disable && r:no; [CIS - Red Hat Linux - 2.4 - VSFTP enabled on xinetd {CIS: 2.4 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/xinetd.c/vsftpd -> !r:^# && r:disable && r:no; [CIS - Red Hat Linux - 2.4 - WU-FTP enabled on xinetd {CIS: 2.4 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/xinetd.c/wu-ftpd -> !r:^# && r:disable && r:no; [CIS - Red Hat Linux - 2.5 - rsh/rlogin/rcp enabled on xinetd {CIS: 2.5 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/xinetd.c/rlogin -> !r:^# && r:disable && r:no; f:/etc/xinetd.c/rsh -> !r:^# && r:disable && r:no; f:/etc/xinetd.c/shell -> !r:^# && r:disable && r:no; [CIS - Red Hat Linux - 2.6 - tftpd enabled on xinetd {CIS: 2.6 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/xinetd.c/tftpd -> !r:^# && r:disable && r:no; [CIS - Red Hat Linux - 2.7 - imap enabled on xinetd {CIS: 2.7 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/xinetd.c/imap -> !r:^# && r:disable && r:no; f:/etc/xinetd.c/imaps -> !r:^# && r:disable && r:no; [CIS - Red Hat Linux - 2.8 - pop3 enabled on xinetd {CIS: 2.8 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/xinetd.c/ipop3 -> !r:^# && r:disable && r:no; f:/etc/xinetd.c/pop3s -> !r:^# && r:disable && r:no; # Section 3 - Minimize boot services [CIS - Red Hat Linux - 3.1 - Set daemon umask - Default umask is higher than 027 {CIS: 3.1 Red Hat Linux}] [all] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/init.d/functions -> !r:^# && r:^umask && >:umask 027; [CIS - Red Hat Linux - 3.4 - GUI login enabled {CIS: 3.4 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/inittab -> !r:^# && r:id:5; [CIS - Red Hat Linux - 3.7 - Disable standard boot services - Samba Enabled {CIS: 3.7 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dsamba$; d:$rc_dirs -> ^S\d\dsmb$; [CIS - Red Hat Linux - 3.8 - Disable standard boot services - NFS Enabled {CIS: 3.8 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dnfs$; d:$rc_dirs -> ^S\d\dnfslock$; [CIS - Red Hat Linux - 3.10 - Disable standard boot services - NIS Enabled {CIS: 3.10 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dypbind$; d:$rc_dirs -> ^S\d\dypserv$; [CIS - Red Hat Linux - 3.13 - Disable standard boot services - NetFS Enabled {CIS: 3.13 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dnetfs$; [CIS - Red Hat Linux - 3.15 - Disable standard boot services - Apache web server Enabled {CIS: 3.15 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dapache$; d:$rc_dirs -> ^S\d\dhttpd$; [CIS - Red Hat Linux - 3.15 - Disable standard boot services - TUX web server Enabled {CIS: 3.15 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dtux$; [CIS - Red Hat Linux - 3.16 - Disable standard boot services - SNMPD process Enabled {CIS: 3.16 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dsnmpd$; [CIS - Red Hat Linux - 3.17 - Disable standard boot services - DNS server Enabled {CIS: 3.17 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dnamed$; [CIS - Red Hat Linux - 3.18 - Disable standard boot services - MySQL server Enabled {CIS: 3.18 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dmysqld$; [CIS - Red Hat Linux - 3.18 - Disable standard boot services - PostgreSQL server Enabled {CIS: 3.18 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dpostgresql$; [CIS - Red Hat Linux - 3.19 - Disable standard boot services - Webmin Enabled {CIS: 3.19 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dwebmin$; [CIS - Red Hat Linux - 3.20 - Disable standard boot services - Squid Enabled {CIS: 3.20 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dsquid$; [CIS - Red Hat Linux - 3.21 - Disable standard boot services - Kudzu hardware detection Enabled {CIS: 3.21 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dkudzu$; # Section 4 - Kernel tuning [CIS - Red Hat Linux - 4.1 - Network parameters - Source routing accepted {CIS: 4.1 Red Hat Linux}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/proc/sys/net/ipv4/conf/all/accept_source_route -> 1; [CIS - Red Hat Linux - 4.1 - Network parameters - ICMP broadcasts accepted {CIS: 4.1 Red Hat Linux}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts -> 0; [CIS - Red Hat Linux - 4.2 - Network parameters - IP Forwarding enabled {CIS: 4.2 Red Hat Linux}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/proc/sys/net/ipv4/ip_forward -> 1; f:/proc/sys/net/ipv6/ip_forward -> 1; # Section 6 - Permissions [CIS - Red Hat Linux - 6.1 - Partition /var without 'nodev' set {CIS: 6.1 Red Hat Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/fstab -> !r:^# && r:ext2|ext3 && r:/var && !r:nodev; [CIS - Red Hat Linux - 6.1 - Partition /tmp without 'nodev' set {CIS: 6.1 Red Hat Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/fstab -> !r:^# && r:ext2|ext3 && r:/tmp && !r:nodev; [CIS - Red Hat Linux - 6.1 - Partition /opt without 'nodev' set {CIS: 6.1 Red Hat Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/fstab -> !r:^# && r:ext2|ext3 && r:/opt && !r:nodev; [CIS - Red Hat Linux - 6.1 - Partition /home without 'nodev' set {CIS: 6.1 Red Hat Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/fstab -> !r:^# && r:ext2|ext3 && r:/home && !r:nodev ; [CIS - Red Hat Linux - 6.2 - Removable partition /media without 'nodev' set {CIS: 6.2 Red Hat Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nodev; [CIS - Red Hat Linux - 6.2 - Removable partition /media without 'nosuid' set {CIS: 6.2 Red Hat Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nosuid; [CIS - Red Hat Linux - 6.3 - User-mounted removable partition allowed on the console {CIS: 6.3 Red Hat Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/security/console.perms -> r:^ \d+ ; f:/etc/security/console.perms -> r:^ \d+ ; # Section 7 - Access and authentication [CIS - Red Hat Linux - 7.8 - LILO Password not set {CIS: 7.8 Red Hat Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/lilo.conf -> !r:^# && !r:restricted; f:/etc/lilo.conf -> !r:^# && !r:password=; [CIS - Red Hat Linux - 7.8 - GRUB Password not set {CIS: 7.8 Red Hat Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/boot/grub/menu.lst -> !r:^# && !r:password; [CIS - Red Hat Linux - 8.2 - Account with empty password present {CIS: 8.2 Red Hat Linux} {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/shadow -> r:^\w+::; [CIS - Red Hat Linux - SN.11 - Non-root account with uid 0 {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/passwd -> !r:^# && !r:^root: && r:^\w+:\w+:0:; # Tests specific for VMware ESX - Runs on Red Hat Linux - # Will not be tested anywhere else. [VMware ESX - Testing against the Security Harderning benchmark VI3 for ESX 3.5] [any required] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] f:/etc/vmware-release -> r:^VMware ESX; # Virtual Machine Files and Settings - 1 # 1.1 [VMware ESX - VM settings - Copy operation between guest and console enabled] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> !r:^isolation.tools.copy.disable; d:/vmfs/volumes -> .vmx$ -> r:^isolation.tools.copy.disable && r:false; # 1.2 [VMware ESX - VM settings - Paste operation between guest and console enabled] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> !r:^isolation.tools.paste.disable; d:/vmfs/volumes -> .vmx$ -> r:^isolation.tools.paste.disable && r:false; # 1.3 [VMware ESX - VM settings - GUI Options enabled] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> r:^isolation.tools.setGUIOptions.enable && r:true; # 1.4 [VMware ESX - VM settings - Data Flow from the Virtual Machine to the Datastore not limited - Rotate size not 100KB] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> !r:^log.rotateSize; d:/vmfs/volumes -> .vmx$ -> r:^log.rotateSize && !r:"100000"; # 1.5 [VMware ESX - VM settings - Data Flow from the Virtual Machine to the Datastore not limited - Maximum number of logs not 10] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> !r:^log.keepOld; d:/vmfs/volumes -> .vmx$ -> r:^log.keepOld && r:"10"; # 1.6 [VMware ESX - VM settings - Data Flow from the Virtual Machine to the Datastore not limited - Guests allowed to write SetInfo data to config] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> !r:^isolation.tools.setinfo.disable; d:/vmfs/volumes -> .vmx$ -> r:^isolation.tools.setinfo.disable && r:false; # 1.7 [VMware ESX - VM settings - Nonpersistent Disks being used] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> r:^scsi\d:\d.mode && r:!independent-nonpersistent; # 1.8 [VMware ESX - VM settings - Floppy drive present] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> r:^floppy\d+.present && r:!false; [VMware ESX - VM settings - Serial port present] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> r:^serial\d+.present && r:!false; [VMware ESX - VM settings - Parallel port present] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> r:^parallel\d+.present && r:!false; # 1.9 [VMware ESX - VM settings - Unauthorized Removal or Connection of Devices allowed] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> !r:^Isolation.tools.connectable.disable; d:/vmfs/volumes -> .vmx$ -> r:^Isolation.tools.connectable.disable && r:false; # 1.10 [VMware ESX - VM settings - Avoid Denial of Service Caused by Virtual Disk Modification Operations - diskWiper enabled] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> !r:^isolation.tools.diskWiper.disable; d:/vmfs/volumes -> .vmx$ -> r:^isolation.tools.diskWiper.disable && r:false; [VMware ESX - VM settings - Avoid Denial of Service Caused by Virtual Disk Modification Operations - diskShrink enabled] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> !r:^isolation.tools.diskShrink.disable; d:/vmfs/volumes -> .vmx$ -> r:^isolation.tools.diskShrink.disable && r:false; # Configuring the Service Console in ESX 3.5 - 2 # 2.1 ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/cis_sles11_linux_rcl.txt ================================================ # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2014 # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://www.gnu.org/licenses/gpl.html # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - p (process running) # - d (any file inside the directory) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for SUSE SLES 11 # Based on CIS Benchmark for SUSE Linux Enterprise Server 11 v1.1.0 # RC scripts location $rc_dirs=/etc/rc.d/rc2.d,/etc/rc.d/rc3.d,/etc/rc.d/rc4.d,/etc/rc.d/rc5.d; [CIS - Testing against the CIS SUSE Linux Enterprise Server 11 Benchmark v1.1.0] [any required] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/os-release -> r:^PRETTY_NAME="SUSE Linux Enterprise Server 11"; f:/etc/os-release -> r:^PRETTY_NAME="SUSE Linux Enterprise Server 11 SP1"; f:/etc/os-release -> r:^PRETTY_NAME="SUSE Linux Enterprise Server 11 SP2"; f:/etc/os-release -> r:^PRETTY_NAME="SUSE Linux Enterprise Server 11 SP3"; f:/etc/os-release -> r:^PRETTY_NAME="SUSE Linux Enterprise Server 11 SP4"; # 2.1 /tmp: partition [CIS - SLES11 - 2.1 - Build considerations - Robust partition scheme - /tmp is not on its own partition {CIS: 2.2 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:/tmp; # 2.2 /tmp: nodev [CIS - SLES11 - 2.2 - Partition /tmp without 'nodev' set {CIS: 2.2 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nodev; # 2.3 /tmp: nosuid [CIS - SLES11 - 2.3 - Partition /tmp without 'nosuid' set {CIS: 2.3 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nosuid; # 2.4 /tmp: noexec [CIS - SLES11 - 2.4 - Partition /tmp without 'noexec' set {CIS: 2.4 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nodev; # 2.5 Build considerations - Partition scheme. [CIS - SLES11 - Build considerations - Robust partition scheme - /var is not on its own partition {CIS: 2.5 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r^# && !r:/var; # 2.6 bind mount /var/tmp to /tmp [CIS - SLES11 - Build considerations - Robust partition scheme - /var/tmp is bound to /tmp {CIS: 2.6 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> r:^# && !r:/var/tmp && !r:bind; # 2.7 /var/log: partition [CIS - SLES11 - Build considerations - Robust partition scheme - /var/log is not on its own partition {CIS: 2.7 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> ^# && !r:/var/log; # 2.8 /var/log/audit: partition [CIS - SLES11 - Build considerations - Robust partition scheme - /var/log/audit is not on its own partition {CIS: 2.8 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> ^# && !r:/var/log/audit; # 2.9 /home: partition [CIS - SLES11 - Build considerations - Robust partition scheme - /home is not on its own partition {CIS: 2.9 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> ^# && !r:/home; # 2.10 /home: nodev [CIS - SLES11 - 2.10 - Partition /home without 'nodev' set {CIS: 2.10 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/home && !r:nodev; # 2.11 nodev on removable media partitions (not scored) [CIS - SLES11 - 2.11 - Removable partition /media without 'nodev' set {CIS: 2.11 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nodev; # 2.12 noexec on removable media partitions (not scored) [CIS - SLES11 - 2.12 - Removable partition /media without 'noexec' set {CIS: 2.12 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:noexec; # 2.13 nosuid on removable media partitions (not scored) [CIS - SLES11 - 2.13 - Removable partition /media without 'nosuid' set {CIS: 2.13 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nosuid; # 2.14 /dev/shm: nodev [CIS - SLES11 - 2.14 - /dev/shm without 'nodev' set {CIS: 2.14 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:nodev; # 2.15 /dev/shm: nosuid [CIS - SLES11 - 2.15 - /dev/shm without 'nosuid' set {CIS: 2.15 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:nosuid; # 2.16 /dev/shm: noexec [CIS - SLES11 - 2.16 - /dev/shm without 'noexec' set {CIS: 2.16 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:noexec; # 2.17 sticky bit on world writable directories (Scored) # TODO # 2.18 disable cramfs (not scored) # 2.19 disable freevxfs (not scored) # 2.20 disable jffs2 (not scored) # 2.21 disable hfs (not scored) # 2.22 disable hfsplus (not scored) # 2.23 disable squashfs (not scored) # 2.24 disable udf (not scored) # 2.25 disable automounting (Scored) # TODO ############################################### # 3 Secure Boot Settings ############################################### # 3.1 Set User/Group Owner on /etc/grub.conf # TODO (no mode tests) # stat -L -c "%u %g" /boot/grub2/grub.cfg | egrep "0 0" # 3.2 Set Permissions on /etc/grub.conf (Scored) # TODO (no mode tests) # stat -L -c "%a" /boot/grub2/grub.cfg | egrep ".00" # 3.3 Set Boot Loader Password (Scored) [CIS - SLES11 - 3.3 - GRUB Password not set {CIS: 3.3 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/boot/grub2/grub.cfg -> !r:^# && !r:password; # 3.4 Require Authentication for Single-User Mode (Scored) # 3.5 Disable Interactive Boot (Scored) ############################################### # 4 Additional Process Hardening ############################################### # 4.1 Restrict Core Dumps (Scored) [CIS - SLES11 - 4.1 - Interactive Boot not disabled {CIS: 4.1 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/security/limits.conf -> !r:^# && !r:hard\.+core\.+0; # 4.2 Enable XD/NX Support on 32-bit x86 Systems (Not Scored) # TODO # 4.3 Enable Randomized Virtual Memory Region Placement (Scored) [CIS - SLES11 - 4.3 - Randomized Virtual Memory Region Placement not enabled {CIS: 4.3 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/proc/sys/kernel/randomize_va_space -> 2; # 4.4 Disable Prelink (Scored) # TODO # 4.5 Activate AppArmor (Scored) # TODO ############################################### # 5 OS Services ############################################### ############################################### # 5.1 Remove Legacy Services ############################################### # 5.1.1 Remove NIS Server (Scored) [CIS - SLES11 - 5.1.1 - Disable standard boot services - NIS (server) Enabled {CIS: 5.1.1 SLES11} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dypserv$; # 5.1.2 Remove NIS Client (Scored) [CIS - SLES11 - 5.1.2 - Disable standard boot services - NIS (client) Enabled {CIS: 51.2 SLES11} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dypbind$; # 5.1.3 Remove rsh-server (Scored) [CIS - SLES11 - 5.1.3 - rsh/rlogin/rcp enabled on xinetd {CIS: 5.1.3 SLES11} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/rlogin -> !r:^# && r:disable && r:no; f:/etc/xinetd.d/rsh -> !r:^# && r:disable && r:no; f:/etc/xinetd.d/shell -> !r:^# && r:disable && r:no; # 5.1.4 Remove rsh client (Scored) # TODO # 5.1.5 Remove talk-server (Scored) [CIS - SLES11 - 5.1.5 - talk enabled on xinetd {CIS: 5.1.5 SLES11} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/talk -> !r:^# && r:disable && r:no; # 5.1.6 Remove talk client (Scored) # TODO # 5.1.7 Remove telnet-server (Scored) # TODO: detect it is installed at all [CIS - SLES11 - 5.1.7 - Telnet enabled on xinetd {CIS: 5.1.7 SLES11} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/telnet -> !r:^# && r:disable && r:no; # 5.1.8 Remove tftp-server (Scored) [CIS - SLES11 - 5.1.8 - tftpd enabled on xinetd {CIS: 5.1.8 SLES11} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/tftpd -> !r:^# && r:disable && r:no; # 5.1.9 Remove xinetd (Scored) [CIS - SLES11 - 5.1.9 - xinetd detected {CIS: 5.1.9 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] # 5.2 Disable chargen-udp (Scored) [CIS - SLES11 - 5.2 - chargen-udp enabled on xinetd {CIS: 5.2 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/chargen-udp -> !r:^# && r:disable && r:no; # 5.3 Disable chargen (Scored) [CIS - SLES11 - 5.3 - chargen enabled on xinetd {CIS: 5.3 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/chargen -> !r:^# && r:disable && r:no; # 5.4 Disable daytime-udp (Scored) [CIS - SLES11 - 5.4 - daytime-udp enabled on xinetd {CIS: 5.4 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/daytime-udp -> !r:^# && r:disable && r:no; # 5.5 Disable daytime (Scored) [CIS - SLES11 - 5.5 - daytime enabled on xinetd {CIS: 5.5 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/daytime -> !r:^# && r:disable && r:no; # 5.6 Disable echo-udp (Scored) [CIS - SLES11 - 5.6 - echo-udp enabled on xinetd {CIS: 5.6 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/echo-udp -> !r:^# && r:disable && r:no; # 5.7 Disable echo (Scored) [CIS - SLES11 - 5.7 - echo enabled on xinetd {CIS: 5.7 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/echo -> !r:^# && r:disable && r:no; # 5.8 Disable discard-udp (Scored) [CIS - SLES11 - 5.8 - discard-udp enabled on xinetd {CIS: 5.8 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/discard-udp -> !r:^# && r:disable && r:no; # 5.9 Disable discard (Scored) [CIS - SLES11 - 5.9 - discard enabled on xinetd {CIS: 5.9 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/discard -> !r:^# && r:disable && r:no; # 5.10 Disable time-udp (Scored) [CIS - SLES11 - 5.10 - time-udp enabled on xinetd {CIS: 5.10 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/time-udp -> !r:^# && r:disable && r:no; # 5.11 Disable time (Scored) [CIS - SLES11 - 5.11 - time enabled on xinetd {CIS: 5.11 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/time -> !r:^# && r:disable && r:no; ############################################### # 6 Special Purpose Services ############################################### # 6.1 Remove X Windows (Scored) [CIS - SLES11 - 6.1 - X11 not disabled {CIS: 6.1 SLES11} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/inittab -> !r:^# && r:id:5; # 6.2 Disable Avahi Server (Scored) [CIS - SLES11 - 6.2 - Avahi daemon not disabled {CIS: 6.2 SLES11} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] p:avahi-daemon; # 6.3 Disable Print Server - CUPS (Not Scored) #TODO # 6.4 Remove DHCP Server (Scored) #[CIS - SLES11 - 6.4 - DHCPnot disabled {CIS: 6.4 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dhcpd$; d:$rc_dirs -> ^S\d\dhcpd6$; # 6.5 Configure Network Time Protocol (NTP) (Scored) #TODO Chrony [CIS - SLES11 - 6.5 - NTPD not Configured {CIS: 6.5 SLES11} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/ntp.conf -> r:restrict default kod nomodify notrap nopeer noquery && r:^server; f:/etc/sysconfig/ntpd -> r:OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid"; # 6.6 Remove LDAP (Not Scored) #TODO # 6.7 Disable NFS and RPC (Not Scored) [CIS - SLES11 - 6.7 - Disable standard boot services - NFS Enabled {CIS: 6.7 SLES11} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dnfs$; d:$rc_dirs -> ^S\d\dnfslock$; # 6.8 Remove DNS Server (Not Scored) # TODO # 6.9 Remove FTP Server (Not Scored) [CIS - SLES11 - 6.9 - VSFTP enabled on xinetd {CIS: 6.9 SLES11} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/vsftpd -> !r:^# && r:disable && r:no; # 6.10 Remove HTTP Server (Not Scored) [CIS - SLES11 - 6.10 - Disable standard boot services - Apache web server Enabled {CIS: 6.10 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dapache2$; # 6.11 Remove Dovecot (IMAP and POP3 services) (Not Scored) [CIS - SLES11 - 6.11 - imap enabled on xinetd {CIS: 6.11 SLES11} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/cyrus-imapd -> !r:^# && r:disable && r:no; [CIS - SLES11 - 6.11 - pop3 enabled on xinetd {CIS: 6.11 SLES11} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/dovecot -> !r:^# && r:disable && r:no; # 6.12 Remove Samba (Not Scored) [CIS - SLES11 - 6.12 - Disable standard boot services - Samba Enabled {CIS: 6.12 SLES11} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dsamba$; d:$rc_dirs -> ^S\d\dsmb$; # 6.13 Remove HTTP Proxy Server (Not Scored) [CIS - SLES11 - 6.13 - Disable standard boot services - Squid Enabled {CIS: 6.13 SLES11} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dsquid$; # 6.14 Remove SNMP Server (Not Scored) [CIS - SLES11 - 6.14 - Disable standard boot services - SNMPD process Enabled {CIS: 6.14 SLES11} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dsnmpd$; # 6.15 Configure Mail Transfer Agent for Local-Only Mode (Scored) # TODO # 6.16 Ensure rsync service is not enabled (Scored) [CIS - SLES11 - 6.16 - Disable standard boot services - rsyncd process Enabled {CIS: 6.16 SLES11} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\drsyncd$; # 6.17 Ensure Biosdevname is not enabled (Scored) # TODO ############################################### # 7 Network Configuration and Firewalls ############################################### ############################################### # 7.1 Modify Network Parameters (Host Only) ############################################### # 7.1.1 Disable IP Forwarding (Scored) [CIS - SLES11 - 7.1.1 - Network parameters - IP Forwarding enabled {CIS: 7.1.1 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/ip_forward -> 1; f:/proc/sys/net/ipv6/ip_forward -> 1; # 7.1.2 Disable Send Packet Redirects (Scored) [CIS - SLES11 - 7.1.2 - Network parameters - IP send redirects enabled {CIS: 7.1.2 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/send_redirects -> 0; f:/proc/sys/net/ipv4/conf/default/send_redirects -> 0; ############################################### # 7.2 Modify Network Parameters (Host and Router) ############################################### # 7.2.1 Disable Source Routed Packet Acceptance (Scored) [CIS - SLES11 - 7.2.1 - Network parameters - Source routing accepted {CIS: 7.2.1 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/accept_source_route -> 1; # 7.2.2 Disable ICMP Redirect Acceptance (Scored) [CIS - SLES11 - 7.2.2 - Network parameters - ICMP redirects accepted {CIS: 7.2.2 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/accept_redirects -> 1; f:/proc/sys/net/ipv4/conf/default/accept_redirects -> 1; # 7.2.3 Disable Secure ICMP Redirect Acceptance (Scored) [CIS - SLES11 - 7.2.3 - Network parameters - ICMP secure redirects accepted {CIS: 7.2.3 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/secure_redirects -> 1; f:/proc/sys/net/ipv4/conf/default/secure_redirects -> 1; # 7.2.4 Log Suspicious Packets (Scored) [CIS - SLES11 - 7.2.4 - Network parameters - martians not logged {CIS: 7.2.4 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/log_martians -> 0; # 7.2.5 Enable Ignore Broadcast Requests (Scored) [CIS - SLES11 - 7.2.5 - Network parameters - ICMP broadcasts accepted {CIS: 7.2.5 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts -> 0; # 7.2.6 Enable Bad Error Message Protection (Scored) [CIS - SLES11 - 7.2.6 - Network parameters - Bad error message protection not enabled {CIS: 7.2.6 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses -> 0; # 7.2.7 Enable RFC-recommended Source Route Validation (Scored) [CIS - SLES11 - 7.2.7 - Network parameters - RFC Source route validation not enabled {CIS: 7.2.7 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/rp_filter -> 0; f:/proc/sys/net/ipv4/conf/default/rp_filter -> 0; # 7.2.8 Enable TCP SYN Cookies (Scored) [CIS - SLES11 - 7.2.8 - Network parameters - SYN Cookies not enabled {CIS: 7.2.8 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/tcp_syncookies -> 0; ############################################### # 7.3 Configure IPv6 ############################################### # 7.3.1 Disable IPv6 Router Advertisements (Not Scored) # 7.3.2 Disable IPv6 Redirect Acceptance (Not Scored) # 7.3.3 Disable IPv6 (Not Scored) ############################################### # 7.4 Install TCP Wrappers ############################################### # 7.4.1 Install TCP Wrappers (Not Scored) # 7.4.2 Create /etc/hosts.allow (Not Scored) # 7.4.3 Verify Permissions on /etc/hosts.allow (Scored) # TODO # 7.4.4 Create /etc/hosts.deny (Not Scored) # 7.5.5 Verify Permissions on /etc/hosts.deny (Scored) # TODO ############################################### # 7.5 Uncommon Network Protocols ############################################### # 7.5.1 Disable DCCP (Not Scored) # 7.5.2 Disable SCTP (Not Scored) # 7.5.3 Disable RDS (Not Scored) # 7.5.4 Disable TIPC (Not Scored) # 7.6 Deactivate Wireless Interfaces (Not Scored) # 7.7 Enable SuSEfirewall2 (Scored) # 7.8 Limit access to trusted networks (Not Scored) ############################################### # 8 Logging and Auditing ############################################### ############################################### # 8.1 Configure System Accounting (auditd) ############################################### ############################################### # 8.1.1 Configure Data Retention ############################################### # 8.1.1.1 Configure Audit Log Storage Size (Not Scored) # 8.1.1.2 Disable System on Audit Log Full (Not Scored) # 8.1.1.3 Keep All Auditing Information (Scored) # 8.1.2 Enable auditd Service (Scored) # 8.1.3 Enable Auditing for Processes That Start Prior to auditd (Scored) # 8.1.4 Record Events That Modify Date and Time Information (Scored) # 8.1.5 Record Events That Modify User/Group Information (Scored) # 8.1.6 Record Events That Modify the System’s Network Environment (Scored) # 8.1.7 Record Events That Modify the System’s Mandatory Access Controls (Scored) # 8.1.8 Collect Login and Logout Events (Scored) # 8.1.9 Collect Session Initiation Information (Scored) # 8.1.10 Collect Discretionary Access Control Permission Modification Events (Scored) # 8.1.11 Collect Unsuccessful Unauthorized Access Attempts to Files (Scored) # 8.1.12 Collect Use of Privileged Commands (Scored) # 8.1.13 Collect Successful File System Mounts (Scored) # 8.1.14 Collect File Deletion Events by User (Scored) # 8.1.15 Collect Changes to System Administration Scope (sudoers) (Scored) # 8.1.16 Collect System Administrator Actions (sudolog) (Scored) # 8.1.17 Collect Kernel Module Loading and Unloading (Scored) # 8.1.18 Make the Audit Configuration Immutable (Scored) ############################################### # 8.2 Configure rsyslog ############################################### # 8.2.1 Install the rsyslog package (Scored) # TODO # 8.2.2 Activate the rsyslog Service (Scored) # TODO # 8.2.3 Configure /etc/rsyslog.conf (Not Scored) # 8.2.4 Create and Set Permissions on rsyslog Log Files (Scored) # 8.2.5 Configure rsyslog to Send Logs to a Remote Log Host (Scored) # 8.2.6 Accept Remote rsyslog Messages Only on Designated Log Hosts (Not Scored) ############################################### # 8.3 Advanced Intrusion Detection Environment (AIDE) ############################################### # 8.3.1 Install AIDE (Scored) # 8.3.2 Implement Periodic Execution of File Integrity (Scored) # 8.4 Configure logrotate (Not Scored) ############################################### # 9 System Access, Authentication and Authorization ############################################### ############################################### # 9.1 Configure cron and anacron ############################################### # 9.1.1 Enable cron Daemon (Scored) # 9.1.2 Set User/Group Owner and Permission on /etc/crontab (Scored) # 9.1.3 Set User/Group Owner and Permission on /etc/cron.hourly (Scored) # 9.1.4 Set User/Group Owner and Permission on /etc/cron.daily (Scored) # 9.1.5 Set User/Group Owner and Permission on /etc/cron.weekly (Scored) # 9.1.6 Set User/Group Owner and Permission on /etc/cron.monthly (Scored) # 9.1.7 Set User/Group Owner and Permission on /etc/cron.d (Scored) # 9.1.8 Restrict at/cron to Authorized Users (Scored) ############################################### # 9.2 Configure SSH ############################################### # 9.2.1 Set SSH Protocol to 2 (Scored) [CIS - SLES11 - 9.2.1 - SSH Configuration - Protocol version 1 enabled {CIS: 9.2.1 SLES11} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:Protocol\.+1; # 9.2.2 Set LogLevel to INFO (Scored) [CIS - SLES11 - 9.2.1 - SSH Configuration - Loglevel not INFO {CIS: 9.2.1 SLES11} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && !r:LogLevel\.+INFO; # 9.2.3 Set Permissions on /etc/ssh/sshd_config (Scored) # TODO # 9.2.4 Disable SSH X11 Forwarding (Scored) # TODO # 9.2.5 Set SSH MaxAuthTries to 4 or Less (Scored) [ CIS - SLES11 - 9.2.5 - SSH Configuration - Set SSH MaxAuthTries to 4 or Less {CIS - SLES11 - 9.2.5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:$sshd_file -> !r:^\s*MaxAuthTries\s+4\s*$; # 9.2.6 Set SSH IgnoreRhosts to Yes (Scored) [CIS - SLES11 - 9.2.6 - SSH Configuration - IgnoreRHosts disabled {CIS: 9.2.6 SLES11} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:IgnoreRhosts\.+no; # 9.2.7 Set SSH HostbasedAuthentication to No (Scored) [CIS - SLES11 - 9.2.7 - SSH Configuration - Host based authentication enabled {CIS: 9.2.7 SLES11} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:HostbasedAuthentication\.+yes; # 9.2.8 Disable SSH Root Login (Scored) [CIS - SLES11 - 9.2.8 - SSH Configuration - Root login allowed {CIS: 9.2.8 SLES11} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:$sshd_file -> !r:^\s*PermitRootLogin\.+no; # 9.2.9 Set SSH PermitEmptyPasswords to No (Scored) [CIS - SLES11 - 9.2.9 - SSH Configuration - Empty passwords permitted {CIS: 9.2.9 SLES11} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:$sshd_file -> !r:^\s*PermitEmptyPasswords\.+no; # 9.2.10 Do Not Allow Users to Set Environment Options (Scored) # 9.2.11 Use Only Approved Ciphers in Counter Mode (Scored) # 9.2.12 Set Idle Timeout Interval for User Login (Not Scored) # 9.2.13 Limit Access via SSH (Scored) # 9.2.14 Set SSH Banner (Scored) ############################################### # 9.3 Configure PAM ############################################### # 9.3.1 Set Password Creation Requirement Parameters Using pam_cracklib (Scored) # 9.3.2 Set Lockout for Failed Password Attempts (Not Scored) # 9.3.3 Limit Password Reuse (Scored) # 9.4 Restrict root Login to System Console (Not Scored) # 9.5 Restrict Access to the su Command (Scored) ############################################### # 10 User Accounts and Environment ############################################### ############################################### # 10.1 Set Shadow Password Suite Parameters (/etc/login.defs) ############################################### # 10.1.1 Set Password Expiration Days (Scored) # 10.1.2 Set Password Change Minimum Number of Days (Scored) # 10.1.3 Set Password Expiring Warning Days (Scored) # 10.2 Disable System Accounts (Scored) # 10.3 Set Default Group for root Account (Scored) # 10.4 Set Default umask for Users (Scored) # 10.5 Lock Inactive User Accounts (Scored) ############################################### # 11 Warning Banners ############################################### # 11.1 Set Warning Banner for Standard Login Services (Scored) # 11.2 Remove OS Information from Login Warning Banners (Scored) # 11.3 Set Graphical Warning Banner (Not Scored) ############################################### # 12 Verify System File Permissions ############################################### # 12.1 Verify System File Permissions (Not Scored) # 12.2 Verify Permissions on /etc/passwd (Scored) # 12.3 Verify Permissions on /etc/shadow (Scored) # 12.4 Verify Permissions on /etc/group (Scored) # 12.5 Verify User/Group Ownership on /etc/passwd (Scored) # 12.6 Verify User/Group Ownership on /etc/shadow (Scored) # 12.7 Verify User/Group Ownership on /etc/group (Scored) # 12.8 Find World Writable Files (Not Scored) # 12.9 Find Un-owned Files and Directories (Scored) # 12.10 Find Un-grouped Files and Directories (Scored) # 12.11 Find SUID System Executables (Not Scored) # 12.12 Find SGID System Executables (Not Scored) ############################################### # 13 Review User and Group Settings ############################################### # 13.1 Ensure Password Fields are Not Empty (Scored) # 13.2 Verify No Legacy "+" Entries Exist in /etc/passwd File (Scored) # 13.3 Verify No Legacy "+" Entries Exist in /etc/shadow File (Scored) # 13.4 Verify No Legacy "+" Entries Exist in /etc/group File (Scored) # 13.5 Verify No UID 0 Accounts Exist Other Than root (Scored) [CIS - SLES11 - 13.5 - Non-root account with uid 0 {CIS: 13.5 SLES11} {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/passwd -> !r:^# && !r:^root: && r:^\w+:\w+:0:; # 13.6 Ensure root PATH Integrity (Scored) # 13.7 Check Permissions on User Home Directories (Scored) # 13.8 Check User Dot File Permissions (Scored) # 13.9 Check Permissions on User .netrc Files (Scored) # 13.10 Check for Presence of User .rhosts Files (Scored) # 13.11 Check Groups in /etc/passwd (Scored) # 13.12 Check That Users Are Assigned Valid Home Directories (Scored) # 13.13 Check User Home Directory Ownership (Scored) # 13.14 Check for Duplicate UIDs (Scored) # 13.15 Check for Duplicate GIDs (Scored) # 13.16 Check for Duplicate User Names (Scored) # 13.17 Check for Duplicate Group Names (Scored) # 13.18 Check for Presence of User .netrc Files (Scored) # 13.19 Check for Presence of User .forward Files (Scored) # 13.20 Ensure shadow group is empty (Scored) # Other/Legacy Tests [CIS - SLES11 - X.X.X - Account with empty password present {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/shadow -> r:^\w+::; [CIS - SLES11 - X.X.X - User-mounted removable partition allowed on the console] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/security/console.perms -> r:^ \d+ ; f:/etc/security/console.perms -> r:^ \d+ ; [CIS - SLES11 - X.X.X - Disable standard boot services - Kudzu hardware detection Enabled] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dkudzu$; [CIS - SLES11 - X.X.X - Disable standard boot services - PostgreSQL server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dpostgresql$; [CIS - SLES11 - X.X.X - Disable standard boot services - MySQL server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dmysqld$; [CIS - SLES11 - X.X.X - Disable standard boot services - DNS server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dnamed$; [CIS - SLES11 - X.X.X - Disable standard boot services - NetFS Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dnetfs$; ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/cis_sles12_linux_rcl.txt ================================================ # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2014 # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://www.gnu.org/licenses/gpl.html # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - p (process running) # - d (any file inside the directory) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for SUSE SLES 12 # Based on CIS Benchmark for SUSE Linux Enterprise Server 12 v1.0.0 # RC scripts location $rc_dirs=/etc/rc.d/rc2.d,/etc/rc.d/rc3.d,/etc/rc.d/rc4.d,/etc/rc.d/rc5.d; [CIS - Testing against the CIS SUSE Linux Enterprise Server 12 Benchmark v1.0.0] [any required] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/os-release -> r:^PRETTY_NAME="SUSE Linux Enterprise Server 12"; f:/etc/os-release -> r:^PRETTY_NAME="SUSE Linux Enterprise Server 12 SP1"; f:/etc/os-release -> r:^PRETTY_NAME="SUSE Linux Enterprise Server 12 SP2"; f:/etc/os-release -> r:^PRETTY_NAME="SUSE Linux Enterprise Server 12 SP3"; f:/etc/os-release -> r:^PRETTY_NAME="SUSE Linux Enterprise Server 12 SP4"; # 2.1 /tmp: partition [CIS - SLES12 - 2.1 - Build considerations - Robust partition scheme - /tmp is not on its own partition {CIS: 2.2 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> !r:/tmp; # 2.2 /tmp: nodev [CIS - SLES12 - 2.2 - Partition /tmp without 'nodev' set {CIS: 2.2 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nodev; # 2.3 /tmp: nosuid [CIS - SLES12 - 2.3 - Partition /tmp without 'nosuid' set {CIS: 2.3 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nosuid; # 2.4 /tmp: noexec [CIS - SLES12 - 2.4 - Partition /tmp without 'noexec' set {CIS: 2.4 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nodev; # 2.5 Build considerations - Partition scheme. [CIS - SLES12 - Build considerations - Robust partition scheme - /var is not on its own partition {CIS: 2.5 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> !r^# && !r:/var; # 2.6 bind mount /var/tmp to /tmp [CIS - SLES12 - Build considerations - Robust partition scheme - /var/tmp is bound to /tmp {CIS: 2.6 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> r:^# && !r:/var/tmp && !r:bind; # 2.7 /var/log: partition [CIS - SLES12 - Build considerations - Robust partition scheme - /var/log is not on its own partition {CIS: 2.7 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> ^# && !r:/var/log; # 2.8 /var/log/audit: partition [CIS - SLES12 - Build considerations - Robust partition scheme - /var/log/audit is not on its own partition {CIS: 2.8 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> ^# && !r:/var/log/audit; # 2.9 /home: partition [CIS - SLES12 - Build considerations - Robust partition scheme - /home is not on its own partition {CIS: 2.9 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> ^# && !r:/home; # 2.10 /home: nodev [CIS - SLES12 - 2.10 - Partition /home without 'nodev' set {CIS: 2.10 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> !r:^# && r:/home && !r:nodev; # 2.11 nodev on removable media partitions (not scored) [CIS - SLES12 - 2.11 - Removable partition /media without 'nodev' set {CIS: 2.11 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nodev; # 2.12 noexec on removable media partitions (not scored) [CIS - SLES12 - 2.12 - Removable partition /media without 'noexec' set {CIS: 2.12 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:noexec; # 2.13 nosuid on removable media partitions (not scored) [CIS - SLES12 - 2.13 - Removable partition /media without 'nosuid' set {CIS: 2.13 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nosuid; # 2.14 /dev/shm: nodev [CIS - SLES12 - 2.14 - /dev/shm without 'nodev' set {CIS: 2.14 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:nodev; # 2.15 /dev/shm: nosuid [CIS - SLES12 - 2.15 - /dev/shm without 'nosuid' set {CIS: 2.15 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:nosuid; # 2.16 /dev/shm: noexec [CIS - SLES12 - 2.16 - /dev/shm without 'noexec' set {CIS: 2.16 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:noexec; # 2.17 sticky bit on world writable directories (Scored) # TODO # 2.18 disable cramfs (not scored) # 2.19 disable freevxfs (not scored) # 2.20 disable jffs2 (not scored) # 2.21 disable hfs (not scored) # 2.22 disable hfsplus (not scored) # 2.23 disable squashfs (not scored) # 2.24 disable udf (not scored) # 2.25 disable automounting (Scored) # TODO ############################################### # 3 Secure Boot Settings ############################################### # 3.1 Set User/Group Owner on /etc/grub.conf # TODO (no mode tests) # stat -L -c "%u %g" /boot/grub2/grub.cfg | egrep "0 0" # 3.2 Set Permissions on /etc/grub.conf (Scored) # TODO (no mode tests) # stat -L -c "%a" /boot/grub2/grub.cfg | egrep ".00" # 3.3 Set Boot Loader Password (Scored) [CIS - SLES12 - 3.3 - GRUB Password not set {CIS: 3.3 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/boot/grub2/grub.cfg -> !r:^# && !r:password; ############################################### # 4 Additional Process Hardening ############################################### # 4.1 Restrict Core Dumps (Scored) [CIS - SLES12 - 4.1 - Interactive Boot not disabled {CIS: 4.1 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/security/limits.conf -> !r:^# && !r:hard\.+core\.+0; # 4.2 Enable XD/NX Support on 32-bit x86 Systems (Not Scored) # TODO # 4.3 Enable Randomized Virtual Memory Region Placement (Scored) [CIS - SLES12 - 4.3 - Randomized Virtual Memory Region Placement not enabled {CIS: 4.3 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/proc/sys/kernel/randomize_va_space -> 2; # 4.4 Disable Prelink (Scored) # TODO # 4.5 Activate AppArmor (Scored) # TODO ############################################### # 5 OS Services ############################################### ############################################### # 5.1 Remove Legacy Services ############################################### # 5.1.1 Remove NIS Server (Scored) [CIS - SLES12 - 5.1.1 - Disable standard boot services - NIS (server) Enabled {CIS: 5.1.1 SLES12} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\dypserv$; f:/usr/lib/systemd/system/ypserv.service -> r:Exec; # 5.1.2 Remove NIS Client (Scored) [CIS - SLES12 - 5.1.2 - Disable standard boot services - NIS (client) Enabled {CIS: 51.2 SLES12} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\dypbind$; f:/usr/lib/systemd/system/ypbind.service -> r:Exec; # 5.1.3 Remove rsh-server (Scored) [CIS - SLES12 - 5.1.3 - rsh/rlogin/rcp enabled on xinetd {CIS: 5.1.3 SLES12} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/rlogin -> !r:^# && r:disable && r:no; f:/etc/xinetd.d/rsh -> !r:^# && r:disable && r:no; f:/etc/xinetd.d/shell -> !r:^# && r:disable && r:no; # TODO (finish this) f:/usr/lib/systemd/system/rexec@.service -> r:ExecStart; f:/usr/lib/systemd/system/rlogin@.service -> r:ExecStart; f:/usr/lib/systemd/system/rsh@.service -> r:ExecStart; # 5.1.4 Remove rsh client (Scored) # TODO # 5.1.5 Remove talk-server (Scored) [CIS - SLES12 - 5.1.5 - talk enabled on xinetd {CIS: 5.1.5 SLES12} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/talk -> !r:^# && r:disable && r:no; f:/usr/lib/systemd/system/ntalk.service -> r:Exec; # 5.1.6 Remove talk client (Scored) # TODO # 5.1.7 Remove telnet-server (Scored) # TODO: detect it is installed at all [CIS - SLES12 - 5.1.7 - Telnet enabled on xinetd {CIS: 5.1.7 SLES12} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/telnet -> !r:^# && r:disable && r:no; f:/usr/lib/systemd/system/telnet@.service -> r:ExecStart=-/usr/sbin/in.telnetd; # 5.1.8 Remove tftp-server (Scored) [CIS - SLES12 - 5.1.8 - tftpd enabled on xinetd {CIS: 5.1.8 SLES12} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/tftpd -> !r:^# && r:disable && r:no; f:/usr/lib/systemd/system/tftp.service -> r:Exec; # 5.1.9 Remove xinetd (Scored) [CIS - SLES12 - 5.1.9 - xinetd detected {CIS: 5.1.9 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/usr/lib/systemd/system/xinetd.service -> r:Exec; # 5.2 Disable chargen-udp (Scored) [CIS - SLES12 - 5.2 - chargen-udp enabled on xinetd {CIS: 5.2 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/chargen-udp -> !r:^# && r:disable && r:no; # 5.3 Disable chargen (Scored) [CIS - SLES12 - 5.3 - chargen enabled on xinetd {CIS: 5.3 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/chargen -> !r:^# && r:disable && r:no; # 5.4 Disable daytime-udp (Scored) [CIS - SLES12 - 5.4 - daytime-udp enabled on xinetd {CIS: 5.4 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/daytime-udp -> !r:^# && r:disable && r:no; # 5.5 Disable daytime (Scored) [CIS - SLES12 - 5.5 - daytime enabled on xinetd {CIS: 5.5 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/daytime -> !r:^# && r:disable && r:no; # 5.6 Disable echo-udp (Scored) [CIS - SLES12 - 5.6 - echo-udp enabled on xinetd {CIS: 5.6 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/echo-udp -> !r:^# && r:disable && r:no; # 5.7 Disable echo (Scored) [CIS - SLES12 - 5.7 - echo enabled on xinetd {CIS: 5.7 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/echo -> !r:^# && r:disable && r:no; # 5.8 Disable discard-udp (Scored) [CIS - SLES12 - 5.8 - discard-udp enabled on xinetd {CIS: 5.8 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/discard-udp -> !r:^# && r:disable && r:no; # 5.9 Disable discard (Scored) [CIS - SLES12 - 5.9 - discard enabled on xinetd {CIS: 5.9 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/discard -> !r:^# && r:disable && r:no; # 5.10 Disable time-udp (Scored) [CIS - SLES12 - 5.10 - time-udp enabled on xinetd {CIS: 5.10 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/time-udp -> !r:^# && r:disable && r:no; # 5.11 Disable time (Scored) [CIS - SLES12 - 5.11 - time enabled on xinetd {CIS: 5.11 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/time -> !r:^# && r:disable && r:no; ############################################### # 6 Special Purpose Services ############################################### # 6.1 Remove X Windows (Scored) [CIS - SLES12 - 6.1 - X11 not disabled {CIS: 6.1 SLES12} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/usr/lib/systemd/system/default.target -> r:Graphical; p:gdm-x-session; # 6.2 Disable Avahi Server (Scored) [CIS - SLES12 - 6.2 - Avahi daemon not disabled {CIS: 6.2 SLES12} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] p:avahi-daemon; # 6.3 Disable Print Server - CUPS (Not Scored) #TODO # 6.4 Remove DHCP Server (Scored) [CIS - SLES12 - 6.4 - DHCPnot disabled {CIS: 6.4 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/usr/lib/systemd/system/dhcpd.service -> r:Exec; # 6.5 Configure Network Time Protocol (NTP) (Scored) #TODO Chrony [CIS - SLES12 - 6.5 - NTPD not Configured {CIS: 6.5 SLES12} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/ntp.conf -> r:restrict default kod nomodify notrap nopeer noquery && r:^server; f:/etc/sysconfig/ntpd -> r:OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid"; # 6.6 Remove LDAP (Not Scored) #TODO # 6.7 Disable NFS and RPC (Not Scored) [CIS - SLES12 - 6.7 - Disable standard boot services - NFS Enabled {CIS: 6.7 SLES12} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\dnfs$; d:$rc_dirs -> ^S\d\dnfslock$; # 6.8 Remove DNS Server (Not Scored) # TODO # 6.9 Remove FTP Server (Not Scored) [CIS - SLES12 - 6.9 - VSFTP enabled on xinetd {CIS: 6.9 SLES12} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/vsftpd -> !r:^# && r:disable && r:no; # 6.10 Remove HTTP Server (Not Scored) [CIS - SLES12 - 6.10 - Disable standard boot services - Apache web server Enabled {CIS: 6.10 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\dapache2$; # 6.11 Remove Dovecot (IMAP and POP3 services) (Not Scored) [CIS - SLES12 - 6.11 - imap enabled on xinetd {CIS: 6.11 SLES12} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/cyrus-imapd -> !r:^# && r:disable && r:no; [CIS - SLES12 - 6.11 - pop3 enabled on xinetd {CIS: 6.11 SLES12} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/dovecot -> !r:^# && r:disable && r:no; # 6.12 Remove Samba (Not Scored) [CIS - SLES12 - 6.12 - Disable standard boot services - Samba Enabled {CIS: 6.12 SLES12} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\dsamba$; d:$rc_dirs -> ^S\d\dsmb$; # 6.13 Remove HTTP Proxy Server (Not Scored) [CIS - SLES12 - 6.13 - Disable standard boot services - Squid Enabled {CIS: 6.13 SLES12} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\dsquid$; # 6.14 Remove SNMP Server (Not Scored) [CIS - SLES12 - 6.14 - Disable standard boot services - SNMPD process Enabled {CIS: 6.14 SLES12} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\dsnmpd$; # 6.15 Configure Mail Transfer Agent for Local-Only Mode (Scored) # TODO # 6.16 Ensure rsync service is not enabled (Scored) [CIS - SLES12 - 6.16 - Disable standard boot services - rsyncd process Enabled {CIS: 6.16 SLES12} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\drsyncd$; # 6.17 Ensure Biosdevname is not enabled (Scored) # TODO ############################################### # 7 Network Configuration and Firewalls ############################################### ############################################### # 7.1 Modify Network Parameters (Host Only) ############################################### # 7.1.1 Disable IP Forwarding (Scored) [CIS - SLES12 - 7.1.1 - Network parameters - IP Forwarding enabled {CIS: 7.1.1 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/proc/sys/net/ipv4/ip_forward -> 1; f:/proc/sys/net/ipv6/ip_forward -> 1; # 7.1.2 Disable Send Packet Redirects (Scored) [CIS - SLES12 - 7.1.2 - Network parameters - IP send redirects enabled {CIS: 7.1.2 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/proc/sys/net/ipv4/conf/all/send_redirects -> 0; f:/proc/sys/net/ipv4/conf/default/send_redirects -> 0; ############################################### # 7.2 Modify Network Parameters (Host and Router) ############################################### # 7.2.1 Disable Source Routed Packet Acceptance (Scored) [CIS - SLES12 - 7.2.1 - Network parameters - Source routing accepted {CIS: 7.2.1 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/proc/sys/net/ipv4/conf/all/accept_source_route -> 1; # 7.2.2 Disable ICMP Redirect Acceptance (Scored) [CIS - SLES12 - 7.2.2 - Network parameters - ICMP redirects accepted {CIS: 7.2.2 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/proc/sys/net/ipv4/conf/all/accept_redirects -> 1; f:/proc/sys/net/ipv4/conf/default/accept_redirects -> 1; # 7.2.3 Disable Secure ICMP Redirect Acceptance (Scored) [CIS - SLES12 - 7.2.3 - Network parameters - ICMP secure redirects accepted {CIS: 7.2.3 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/proc/sys/net/ipv4/conf/all/secure_redirects -> 1; f:/proc/sys/net/ipv4/conf/default/secure_redirects -> 1; # 7.2.4 Log Suspicious Packets (Scored) [CIS - SLES12 - 7.2.4 - Network parameters - martians not logged {CIS: 7.2.4 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/proc/sys/net/ipv4/conf/all/log_martians -> 0; # 7.2.5 Enable Ignore Broadcast Requests (Scored) [CIS - SLES12 - 7.2.5 - Network parameters - ICMP broadcasts accepted {CIS: 7.2.5 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts -> 0; # 7.2.6 Enable Bad Error Message Protection (Scored) [CIS - SLES12 - 7.2.6 - Network parameters - Bad error message protection not enabled {CIS: 7.2.6 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses -> 0; # 7.2.7 Enable RFC-recommended Source Route Validation (Scored) [CIS - SLES12 - 7.2.7 - Network parameters - RFC Source route validation not enabled {CIS: 7.2.7 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/proc/sys/net/ipv4/conf/all/rp_filter -> 0; f:/proc/sys/net/ipv4/conf/default/rp_filter -> 0; # 7.2.8 Enable TCP SYN Cookies (Scored) [CIS - SLES12 - 7.2.8 - Network parameters - SYN Cookies not enabled {CIS: 7.2.8 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/proc/sys/net/ipv4/tcp_syncookies -> 0; ############################################### # 7.3 Configure IPv6 ############################################### # 7.3.1 Disable IPv6 Router Advertisements (Not Scored) # 7.3.2 Disable IPv6 Redirect Acceptance (Not Scored) # 7.3.3 Disable IPv6 (Not Scored) ############################################### # 7.4 Install TCP Wrappers ############################################### # 7.4.1 Install TCP Wrappers (Not Scored) # 7.4.2 Create /etc/hosts.allow (Not Scored) # 7.4.3 Verify Permissions on /etc/hosts.allow (Scored) # TODO # 7.4.4 Create /etc/hosts.deny (Not Scored) # 7.5.5 Verify Permissions on /etc/hosts.deny (Scored) # TODO ############################################### # 7.5 Uncommon Network Protocols ############################################### # 7.5.1 Disable DCCP (Not Scored) # 7.5.2 Disable SCTP (Not Scored) # 7.5.3 Disable RDS (Not Scored) # 7.5.4 Disable TIPC (Not Scored) # 7.6 Deactivate Wireless Interfaces (Not Scored) # 7.7 Enable SuSEfirewall2 (Scored) # 7.8 Limit access to trusted networks (Not Scored) ############################################### # 8 Logging and Auditing ############################################### ############################################### # 8.1 Configure System Accounting (auditd) ############################################### ############################################### # 8.1.1 Configure Data Retention ############################################### # 8.1.1.1 Configure Audit Log Storage Size (Not Scored) # 8.1.1.2 Disable System on Audit Log Full (Not Scored) # 8.1.1.3 Keep All Auditing Information (Scored) # 8.1.2 Enable auditd Service (Scored) # 8.1.3 Enable Auditing for Processes That Start Prior to auditd (Scored) # 8.1.4 Record Events That Modify Date and Time Information (Scored) # 8.1.5 Record Events That Modify User/Group Information (Scored) # 8.1.6 Record Events That Modify the System’s Network Environment (Scored) # 8.1.7 Record Events That Modify the System’s Mandatory Access Controls (Scored) # 8.1.8 Collect Login and Logout Events (Scored) # 8.1.9 Collect Session Initiation Information (Scored) # 8.1.10 Collect Discretionary Access Control Permission Modification Events (Scored) # 8.1.11 Collect Unsuccessful Unauthorized Access Attempts to Files (Scored) # 8.1.12 Collect Use of Privileged Commands (Scored) # 8.1.13 Collect Successful File System Mounts (Scored) # 8.1.14 Collect File Deletion Events by User (Scored) # 8.1.15 Collect Changes to System Administration Scope (sudoers) (Scored) # 8.1.16 Collect System Administrator Actions (sudolog) (Scored) # 8.1.17 Collect Kernel Module Loading and Unloading (Scored) # 8.1.18 Make the Audit Configuration Immutable (Scored) ############################################### # 8.2 Configure rsyslog ############################################### # 8.2.1 Install the rsyslog package (Scored) # TODO # 8.2.2 Activate the rsyslog Service (Scored) # TODO # 8.2.3 Configure /etc/rsyslog.conf (Not Scored) # 8.2.4 Create and Set Permissions on rsyslog Log Files (Scored) # 8.2.5 Configure rsyslog to Send Logs to a Remote Log Host (Scored) # 8.2.6 Accept Remote rsyslog Messages Only on Designated Log Hosts (Not Scored) ############################################### # 8.3 Advanced Intrusion Detection Environment (AIDE) ############################################### # 8.3.1 Install AIDE (Scored) # 8.3.2 Implement Periodic Execution of File Integrity (Scored) # 8.4 Configure logrotate (Not Scored) ############################################### # 9 System Access, Authentication and Authorization ############################################### ############################################### # 9.1 Configure cron and anacron ############################################### # 9.1.1 Enable cron Daemon (Scored) # 9.1.2 Set User/Group Owner and Permission on /etc/crontab (Scored) # 9.1.3 Set User/Group Owner and Permission on /etc/cron.hourly (Scored) # 9.1.4 Set User/Group Owner and Permission on /etc/cron.daily (Scored) # 9.1.5 Set User/Group Owner and Permission on /etc/cron.weekly (Scored) # 9.1.6 Set User/Group Owner and Permission on /etc/cron.monthly (Scored) # 9.1.7 Set User/Group Owner and Permission on /etc/cron.d (Scored) # 9.1.8 Restrict at/cron to Authorized Users (Scored) ############################################### # 9.2 Configure SSH ############################################### # 9.2.1 Set SSH Protocol to 2 (Scored) [CIS - SLES12 - 9.2.1 - SSH Configuration - Protocol version 1 enabled {CIS: 9.2.1 SLES12} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:Protocol\.+1; # 9.2.2 Set LogLevel to INFO (Scored) [CIS - SLES12 - 9.2.1 - SSH Configuration - Loglevel not INFO {CIS: 9.2.1 SLES12} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && !r:LogLevel\.+INFO; # 9.2.3 Set Permissions on /etc/ssh/sshd_config (Scored) # TODO # 9.2.4 Disable SSH X11 Forwarding (Scored) # TODO # 9.2.5 Set SSH MaxAuthTries to 4 or Less (Scored) [ CIS - SLES12 - 9.2.5 - SSH Configuration - Set SSH MaxAuthTries to 4 or Less {CIS - SLES12 - 9.2.5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:MaxAuthTries && !r:3\s*$; f:/etc/ssh/sshd_config -> r:^#\s*MaxAuthTries; f:/etc/ssh/sshd_config -> !r:MaxAuthTries; # 9.2.6 Set SSH IgnoreRhosts to Yes (Scored) [CIS - SLES12 - 9.2.6 - SSH Configuration - IgnoreRHosts disabled {CIS: 9.2.6 SLES12} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:IgnoreRhosts\.+no; # 9.2.7 Set SSH HostbasedAuthentication to No (Scored) [CIS - SLES12 - 9.2.7 - SSH Configuration - Host based authentication enabled {CIS: 9.2.7 SLES12} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:HostbasedAuthentication\.+yes; # 9.2.8 Disable SSH Root Login (Scored) [CIS - SLES12 - 9.2.8 - SSH Configuration - Root login allowed {CIS: 9.2.8 SLES12} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:PermitRootLogin\.+yes; f:/etc/ssh/sshd_config -> r:^#\s*PermitRootLogin; # 9.2.9 Set SSH PermitEmptyPasswords to No (Scored) [CIS - SLES12 - 9.2.9 - SSH Configuration - Empty passwords permitted {CIS: 9.2.9 SLES12} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:^PermitEmptyPasswords\.+yes; f:/etc/ssh/sshd_config -> r:^#\s*PermitEmptyPasswords; # 9.2.10 Do Not Allow Users to Set Environment Options (Scored) # 9.2.11 Use Only Approved Ciphers in Counter Mode (Scored) # 9.2.12 Set Idle Timeout Interval for User Login (Not Scored) # 9.2.13 Limit Access via SSH (Scored) # 9.2.14 Set SSH Banner (Scored) ############################################### # 9.3 Configure PAM ############################################### # 9.3.1 Set Password Creation Requirement Parameters Using pam_cracklib (Scored) # 9.3.2 Set Lockout for Failed Password Attempts (Not Scored) # 9.3.3 Limit Password Reuse (Scored) # 9.4 Restrict root Login to System Console (Not Scored) # 9.5 Restrict Access to the su Command (Scored) ############################################### # 10 User Accounts and Environment ############################################### ############################################### # 10.1 Set Shadow Password Suite Parameters (/etc/login.defs) ############################################### # 10.1.1 Set Password Expiration Days (Scored) # 10.1.2 Set Password Change Minimum Number of Days (Scored) # 10.1.3 Set Password Expiring Warning Days (Scored) # 10.2 Disable System Accounts (Scored) # 10.3 Set Default Group for root Account (Scored) # 10.4 Set Default umask for Users (Scored) # 10.5 Lock Inactive User Accounts (Scored) ############################################### # 11 Warning Banners ############################################### # 11.1 Set Warning Banner for Standard Login Services (Scored) # 11.2 Remove OS Information from Login Warning Banners (Scored) # 11.3 Set Graphical Warning Banner (Not Scored) ############################################### # 12 Verify System File Permissions ############################################### # 12.1 Verify System File Permissions (Not Scored) # 12.2 Verify Permissions on /etc/passwd (Scored) # 12.3 Verify Permissions on /etc/shadow (Scored) # 12.4 Verify Permissions on /etc/group (Scored) # 12.5 Verify User/Group Ownership on /etc/passwd (Scored) # 12.6 Verify User/Group Ownership on /etc/shadow (Scored) # 12.7 Verify User/Group Ownership on /etc/group (Scored) # 12.8 Find World Writable Files (Not Scored) # 12.9 Find Un-owned Files and Directories (Scored) # 12.10 Find Un-grouped Files and Directories (Scored) # 12.11 Find SUID System Executables (Not Scored) # 12.12 Find SGID System Executables (Not Scored) ############################################### # 13 Review User and Group Settings ############################################### # 13.1 Ensure Password Fields are Not Empty (Scored) # 13.2 Verify No Legacy "+" Entries Exist in /etc/passwd File (Scored) # 13.3 Verify No Legacy "+" Entries Exist in /etc/shadow File (Scored) # 13.4 Verify No Legacy "+" Entries Exist in /etc/group File (Scored) # 13.5 Verify No UID 0 Accounts Exist Other Than root (Scored) [CIS - SLES12 - 13.5 - Non-root account with uid 0 {CIS: 13.5 SLES12} {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/passwd -> !r:^# && !r:^root: && r:^\w+:\w+:0:; # 13.6 Ensure root PATH Integrity (Scored) # 13.7 Check Permissions on User Home Directories (Scored) # 13.8 Check User Dot File Permissions (Scored) # 13.9 Check Permissions on User .netrc Files (Scored) # 13.10 Check for Presence of User .rhosts Files (Scored) # 13.11 Check Groups in /etc/passwd (Scored) # 13.12 Check That Users Are Assigned Valid Home Directories (Scored) # 13.13 Check User Home Directory Ownership (Scored) # 13.14 Check for Duplicate UIDs (Scored) # 13.15 Check for Duplicate GIDs (Scored) # 13.16 Check for Duplicate User Names (Scored) # 13.17 Check for Duplicate Group Names (Scored) # 13.18 Check for Presence of User .netrc Files (Scored) # 13.19 Check for Presence of User .forward Files (Scored) # 13.20 Ensure shadow group is empty (Scored) # Other/Legacy Tests [CIS - SLES12 - X.X.X - Account with empty password present {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/shadow -> r:^\w+::; [CIS - SLES12 - X.X.X - User-mounted removable partition allowed on the console] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/security/console.perms -> r:^ \d+ ; f:/etc/security/console.perms -> r:^ \d+ ; [CIS - SLES12 - X.X.X - Disable standard boot services - Kudzu hardware detection Enabled] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\dkudzu$; [CIS - SLES12 - X.X.X - Disable standard boot services - PostgreSQL server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\dpostgresql$; [CIS - SLES12 - X.X.X - Disable standard boot services - MySQL server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\dmysqld$; [CIS - SLES12 - X.X.X - Disable standard boot services - DNS server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\dnamed$; [CIS - SLES12 - X.X.X - Disable standard boot services - NetFS Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\dnetfs$; ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/cis_win2012r2_domainL1_rcl.txt ================================================ # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2018 OSSEC Project # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://github.com/ossec/ossec-hids/blob/master/LICENSE # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - r (registry entry) # - p (process running) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceeded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for Windows Server 2012 R2 Domain Controller L1 # Based on Center for Internet Security Benchmark v2.2.1 for Microsoft Windows Server 2012 R2 (https://workbench.cisecurity.org/benchmarks/288) # # # #1.1.2 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0' [CIS - Microsoft Windows Server 2012 R2 - Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> 0; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> 3D; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> 3E; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> 3F; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:4\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:5\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:6\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:7\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:8\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:9\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:A\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:B\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:C\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:D\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:E\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:F\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:\w\w\w+; # # #2.3.1.2 Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts' [CIS - Microsoft Windows Server 2012 R2 - 2.3.1.2: Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> NoConnectedUser -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> NoConnectedUser -> 1; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !NoConnectedUser; # # #2.3.1.4 Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.1.4: Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> LimitBlankPasswordUse -> 0; # # #2.3.2.1 Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.2.1: Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> SCENoApplyLegacyAuditPolicy -> !1; # # #2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.2.2: Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> CrashOnAuditFail -> 1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> CrashOnAuditFail -> 2; # # #2.3.4.1 Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators' [CIS - Microsoft Windows Server 2012 R2 - 2.3.4.1: Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> AllocateDASD -> 1; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> AllocateDASD -> 2; # # #2.3.4.2 Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.4.2: Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers -> AddPrinterDrivers -> !1; # # #2.3.5.1 Ensure 'Domain controller: Allow server operators to schedule tasks' is set to 'Disabled' (DC only) [CIS - Microsoft Windows Server 2012 R2 - 2.3.5.1: Ensure 'Domain controller: Allow server operators to schedule tasks' is set to 'Disabled' (DC only)] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl -> !0; # # #2.3.5.2 Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' [CIS - Microsoft Windows Server 2012 R2 - 2.3.5.2: Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters -> LDAPServerIntegrity -> !2; # # #2.3.5.3 Ensure 'Domain controller: Refuse machine account password changes' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.5.3: Ensure 'Domain controller: Refuse machine account password changes' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> RefusePasswordChange -> 1; # # #2.3.6.1 Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.6.1: Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> RequireSignOrSeal -> 0; # # #2.3.6.2 Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.6.2: Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> SealSecureChannel -> 0; # # #2.3.6.3 Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.6.3: Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> SignSecureChannel -> 0; # # #2.3.6.4 Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.6.4: Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> DisablePasswordChange -> 1; # # #2.3.6.6 Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.6.6: Ensure 'Domain member: Require strong session key' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> RequireStrongKey -> 0; # # #2.3.7.1 Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.7.1: Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> DontDisplayLastUserName -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !DontDisplayLastUserName; # # #2.3.7.2 Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.7.2: Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> DisableCAD -> 1; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !DisableCAD; # # #2.3.7.3 Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' [CIS - Microsoft Windows Server 2012 R2 - 2.3.7.3: Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> 385; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> 386; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> 387; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> 388; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> 389; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:38\D; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:39\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:3\D\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:4\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:5\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:6\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:7\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:8\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:9\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:\D\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:\w\w\w\w+; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !InactivityTimeoutSecs; # # #2.3.7.7 Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' [CIS - Microsoft Windows Server 2012 R2 - 2.3.7.7: Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> 1; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> 2; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> 3; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> 4; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> 0F; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:1\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:2\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:3\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:4\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:5\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:6\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:7\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:8\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:9\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:\D\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:\w\w\w+; # # #2.3.7.9 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher [CIS - Microsoft Windows Server 2012 R2 - 2.3.7.9: Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> ScRemoveOption -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> !ScRemoveOption; # # #2.3.8.1 Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.8.1: Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters -> RequireSecuritySignature -> !1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters -> !RequireSecuritySignature; # # #2.3.8.2 Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.8.2: Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters -> EnableSecuritySignature -> !1; # # #2.3.8.3 Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.8.3: Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters -> EnablePlainTextPassword -> !0; # # #2.3.9.1 Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s), but not 0' [CIS - Microsoft Windows Server 2012 R2 - 2.3.9.1: Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s), but not 0'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> 0; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:1\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:2\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:3\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:4\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:5\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:6\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:7\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:8\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:9\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:\D\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:\w\w\w+; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> !AutoDisconnect; # # #2.3.9.2 Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.9.2: Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> RequireSecuritySignature -> !1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> !RequireSecuritySignature; # # #2.3.9.3 Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.9.3: Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> EnableSecuritySignature -> !1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> !EnableSecuritySignature; # # #2.3.9.4 Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.9.4: Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> EnableForcedLogOff -> !1; # # #2.3.10.5 Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.5: Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> EveryoneIncludesAnonymous -> 1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> EveryoneIncludesAnonymous -> 2; # # #2.3.10.6 Configure 'Network access: Named Pipes that can be accessed anonymously' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.6: Configure 'Network access: Named Pipes that can be accessed anonymously'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> NullSessionPipes -> !r:lsarpc|netlogon|samr; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> !NullSessionPipes; # # #2.3.10.7 Configure 'Network access: Remotely accessible registry paths' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.7: Configure 'Network access: Remotely accessible registry paths'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths -> Machine -> !r:System\\CurrentControlSet\\Control\\ProductOptions|System\\CurrentControlSet\\Control\\Server Applications|Software\\Microsoft\\Windows NT\\CurrentVersion; # # #2.3.10.8 Configure 'Network access: Remotely accessible registry paths and sub-paths' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.8: Configure 'Network access: Remotely accessible registry paths and sub-paths'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths -> Machine -> !r:Software\\Microsoft\\Windows NT\\CurrentVersion\\Print|Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows|System\\CurrentControlSet\\Control\\Print\\Printers|System\\CurrentControlSet\\Services\\Eventlog|Software\\Microsoft\\OLAP Server|System\\CurrentControlSet\\Control\\ContentIndex|System\\CurrentControlSet\\Control\\Terminal Server|System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig|System\\CurrentControlSet\\Control\\Terminal Server\\DefaultUserConfiguration|Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib|System\\CurrentControlSet\\Services\\SysmonLog|System\\CurrentControlSet\\Services\\CertSvc|System\\CurrentControlSet\\Services\\WINS; # # #2.3.10.9 Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.9: Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> RestrictNullSessAccess -> !1; # # #2.3.10.10 Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.10: Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> NullSessionShares -> r:\.+; # # #2.3.10.11 Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.11: Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> ForceGuest -> 1; # # #2.3.11.1 Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.1: Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> UseMachineId -> !1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> !UseMachineId; # # #2.3.11.2 Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.2: Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 -> allownullsessionfallback -> 1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 -> !allownullsessionfallback; # # #2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.3: Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\pku2u -> AllowOnlineID -> !0; # # #2.3.11.4 Ensure 'Network Security: Configure encryption types allowed for Kerberos' is set to 'RC4_HMAC_MD5, AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.4: Ensure 'Network Security: Configure encryption types allowed for Kerberos' is set to 'RC4_HMAC_MD5, AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters -> SupportedEncryptionTypes -> !2147483644; # # #2.3.11.5 Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.5: Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> NoLMHash -> 0; # # #2.3.11.6 Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.6: Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -> EnableForcedLogOff -> !1; # # #2.3.11.7 Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.7: Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> LmCompatibilityLevel -> 0; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> LmCompatibilityLevel -> 1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> LmCompatibilityLevel -> 2; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> LmCompatibilityLevel -> 3; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> LmCompatibilityLevel -> 4; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> !LmCompatibilityLevel; # # #2.3.11.8 Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LDAP -> LDAPClientIntegrity -> !1; # # #2.3.11.9 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.9: Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption''] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 -> NTLMMinClientSec -> !537395200; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 -> !NTLMMinClientSec; # # #2.3.11.10 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.10: Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 -> NTLMMinServerSec -> !537395200; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 -> !NTLMMinServerSec; # # #2.3.13.1 Ensure 'Shutdown: Allow system to be shut down without having to log on' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.13.1: Ensure 'Shutdown: Allow system to be shut down without having to log on' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> ShutdownWithoutLogon -> 1; # # #2.3.15.1 Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.15.1: Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel -> ObCaseInsensitive -> !1; # # #2.3.15.2 Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.15.2: Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager -> ProtectionMode -> !1; # # #2.3.17.1 Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.1: Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> FilterAdministratorToken -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !FilterAdministratorToken; # # #2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.2: Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> EnableUIADesktopToggle -> 1; # # #2.3.17.3 Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.3: Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> ConsentPromptBehaviorAdmin -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> ConsentPromptBehaviorAdmin -> 1; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !ConsentPromptBehaviorAdmin; # # #2.3.17.4 Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.4: Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> ConsentPromptBehaviorUser -> 1; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !ConsentPromptBehaviorUser; # # #2.3.17.5 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.5: Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> EnableInstallerDetection -> 0; r:HKEY_LOCAL_MACHINE\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !EnableInstallerDetection; # # #2.3.17.6 Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.6: Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> EnableSecureUIAPaths -> 0; # # #2.3.17.7 Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.7: Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> EnableLUA -> 0; # # #2.3.17.8 Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.8: Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> PromptOnSecureDesktop -> 0; # # #2.3.17.9 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.9: Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> EnableVirtualization -> 0; # # #9.1.1 Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On' [CIS - Microsoft Windows Server 2012 R2 - 9.1.1: Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> EnableFirewall -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> EnableFirewall -> 0; # # #9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.1.2: Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> DefaultInboundAction -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> DefaultInboundAction -> 0; # # #9.1.3 Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.1.3: Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> DefaultOutboundAction -> 1; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> DefaultOutboundAction -> 1; # # #9.1.4 Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No' [CIS - Microsoft Windows Server 2012 R2 - 9.1.4: Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> DisableNotifications -> 0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> !DisableNotifications; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> DisableNotifications -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> !DisableNotifications; # # #9.1.5 Ensure 'Windows Firewall: Domain: Settings: Apply local firewall rules' is set to 'Yes (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.1.5: Ensure 'Windows Firewall: Domain: Settings: Apply local firewall rules' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> AllowLocalPolicyMerge -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> AllowLocalPolicyMerge -> 0; # # #9.1.6 Ensure 'Windows Firewall: Domain: Settings: Apply local connection security rules' is set to 'Yes (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.1.6: Ensure 'Windows Firewall: Domain: Settings: Apply local connection security rules' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> AllowLocalIPsecPolicyMerge -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> AllowLocalIPsecPolicyMerge -> 0; # # #9.1.7 Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\*.log' [CIS - Microsoft Windows Server 2012 R2 - 9.1.7: Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\*.log'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFilePath -> r:\psystemroot\p\\system32\logfiles\firewall\\w+\plog; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFilePath -> r:\psystemroot\p\\system32\logfiles\firewall\\w+\plog; # # #9.1.8 Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16384 KB or greater' [CIS - Microsoft Windows Server 2012 R2 - 9.1.8: Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16384 KB or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFileSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFileSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFileSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFileSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFileSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFileSize -> r:3\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFileSize -> r:\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFileSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFileSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFileSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFileSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFileSize -> r:3\w\w\w; # # #9.1.9 Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.1.9: Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogDroppedPackets -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogDroppedPackets -> 0; # # #9.1.10 Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.1.10: Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogSuccessfulConnections -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogSuccessfulConnections -> 0; # # #9.2.1 Ensure 'Windows Firewall: Private: Firewall state' is set to 'On' [CIS - Microsoft Windows Server 2012 R2 - 9.2.1: Ensure 'Windows Firewall: Private: Firewall state' is set to 'On'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile -> EnableFirewall -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> EnableFirewall -> 0; # # #9.2.2 Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.2.2: Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile -> DefaultInboundAction -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> DefaultInboundAction -> 0; # # #9.2.3 Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.2.3: Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile -> DefaultOutboundAction -> 1; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> DefaultOutboundAction -> 1; # # #9.2.4 Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No' [CIS - Microsoft Windows Server 2012 R2 - 9.2.4: Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile -> DisableNotifications -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> DisableNotifications -> 0; # # #9.2.5 Ensure 'Windows Firewall: Private: Settings: Apply local firewall rules' is set to 'Yes (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.2.5: Ensure 'Windows Firewall: Private: Settings: Apply local firewall rules' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile -> AllowLocalPolicyMerge -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> AllowLocalPolicyMerge -> 0; # # #9.2.6 Ensure 'Windows Firewall: Private: Settings: Apply local connection security rules' is set to 'Yes (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.2.6: Ensure 'Windows Firewall: Private: Settings: Apply local connection security rules' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile -> AllowLocalIPsecPolicyMerge -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> AllowLocalIPsecPolicyMerge -> 0; # # #9.2.7 Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\*.log' [CIS - Microsoft Windows Server 2012 R2 - 9.2.7: Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\*.log'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFilePath -> r:\psystemroot\p\\system32\logfiles\firewall\\w+\plog; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFilePath -> r:\psystemroot\p\\system32\logfiles\firewall\\w+\plog; # # #9.2.8 Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16384 KB or greater' [CIS - Microsoft Windows Server 2012 R2 - 9.2.8: Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16384 KB or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFileSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFileSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFileSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFileSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFileSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFileSize -> r:3\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFileSize -> r:\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFileSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFileSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFileSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFileSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFileSize -> r:3\w\w\w; # # #9.2.9 Ensure 'Windows Firewall: Private: Logging: Log dropped packets' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.2.9: Ensure 'Windows Firewall: Private: Logging: Log dropped packets' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogDroppedPackets -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogDroppedPackets -> 0; # # #9.2.10 Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.2.10: Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogSuccessfulConnections -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogSuccessfulConnections -> 0; # # #9.3.1 Ensure 'Windows Firewall: Public: Firewall state' is set to 'On' [CIS - Microsoft Windows Server 2012 R2 - 9.3.1: Ensure 'Windows Firewall: Public: Firewall state' is set to 'On'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile -> EnableFirewall -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile -> EnableFirewall -> 0; # # #9.3.2 Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.3.2: Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile -> DefaultInboundAction -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile -> DefaultInboundAction -> 0; # # #9.3.3 Ensure 'Windows Firewall: Public: Outbound connections' is set to 'Allow (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.3.3: Ensure 'Windows Firewall: Public: Outbound connections' is set to 'Allow'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile -> DefaultOutboundAction -> 1; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile -> DefaultOutboundAction -> 1; # # #9.3.4 Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.3.4: Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile -> DisableNotifications -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile -> DisableNotifications -> 0; # # #9.3.5 Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No' [CIS - Microsoft Windows Server 2012 R2 - 9.3.5: Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile -> AllowLocalPolicyMerge -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile -> AllowLocalPolicyMerge -> 0; # # #9.3.6 Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No' [CIS - Microsoft Windows Server 2012 R2 - 9.3.6: Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile -> AllowLocalIPsecPolicyMerge -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile -> AllowLocalIPsecPolicyMerge -> 0; # # #9.3.7 Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\*.log' [CIS - Microsoft Windows Server 2012 R2 - 9.3.7: Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\*.log'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFilePath -> r:\psystemroot\p\\system32\logfiles\firewall\\w+\plog; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFilePath -> r:\psystemroot\p\\system32\logfiles\firewall\\w+\plog; # # #9.3.8 Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16384 KB or greater' [CIS - Microsoft Windows Server 2012 R2 - 9.3.8: Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16384 KB or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFileSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFileSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFileSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFileSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFileSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFileSize -> r:3\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFileSize -> r:\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFileSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFileSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFileSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFileSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFileSize -> r:3\w\w\w; # # #9.3.9 Ensure 'Windows Firewall: Public: Logging: Log dropped packets' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.3.9: Ensure 'Windows Firewall: Public: Logging: Log dropped packets' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogDroppedPackets -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogDroppedPackets -> 0; # # #9.3.10 Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.3.10: Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogSuccessfulConnections -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogSuccessfulConnections -> 0; # # #18.1.1.1 Ensure 'Prevent enabling lock screen camera' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.1.1.1: Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization -> NoLockScreenCamera -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization -> !NoLockScreenCamera; # # #18.1.1.2 Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.1.1.2: Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization -> NoLockScreenSlideshow -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization -> !NoLockScreenSlideshow; # # #18.3.1 Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.1: Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> AutoAdminLogon -> !0; # # #18.3.2 Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.2: Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters -> DisableIPSourceRouting -> !2; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters -> !DisableIPSourceRouting; # # #18.3.3 Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.3: Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> DisableIPSourceRouting -> !2; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !DisableIPSourceRouting; # # #18.3.4 Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.4: Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> EnableICMPRedirect -> 1; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !EnableICMPRedirect; # # #18.3.6 Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.6: Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters -> NoNameReleaseOnDemand -> !1; # # #18.3.8 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.8: Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> SafeDllSearchMode -> 0; # # #18.3.9 Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds' [CIS - Microsoft Windows Server 2012 R2 - 18.3.9: Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires' is set to 'Enabled: 5 or fewer seconds'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> ScreenSaverGracePeriod -> 6; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> ScreenSaverGracePeriod -> 7; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> ScreenSaverGracePeriod -> 8; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> ScreenSaverGracePeriod -> 9; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> ScreenSaverGracePeriod -> r:\w\w+; # # #18.3.12 Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less' [CIS - Microsoft Windows Server 2012 R2 - 18.3.12: Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> 5B; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> 5C; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> 5D; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> 5E; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> 5F; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> r:6\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> r:7\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> r:8\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> r:9\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> r:\D\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> r:\w\w\w+; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> !WarningLevel; # # #18.4.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.11.2: Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections -> NC_AllowNetBridge_NLA -> 1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections -> !NC_AllowNetBridge_NLA; # # #18.4.11.3 Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.11.3: Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections -> NC_StdDomainUserSetLocation -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections -> !NC_StdDomainUserSetLocation; # # #18.4.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.21.1: Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy -> fMinimizeConnections -> !1; # # #18.6.2 Ensure 'WDigest Authentication' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.6.2: Ensure 'WDigest Authentication' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest -> UseLogonCredential -> !0; # # #18.8.3.1 Ensure 'Include command line in process creation events' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.3.1: Ensure 'Include command line in process creation events' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit -> ProcessCreationIncludeCmdLine_Enabled -> !0; # # #18.8.12.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical' [CIS - Microsoft Windows Server 2012 R2 - 18.8.12.1: Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\EarlyLaunch -> DriverLoadPolicy -> !3; # # #18.8.19.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE' [CIS - Microsoft Windows Server 2012 R2 - 18.8.19.2: Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2} -> NoBackgroundPolicy -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2} -> !NoBackgroundPolicy; # # #18.8.19.3 Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE' [CIS - Microsoft Windows Server 2012 R2 - 18.8.19.3: Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2} -> NoGPOListChanges -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2} -> !NoGPOListChanges; # # #18.8.19.4 Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.19.4: Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableBkGndGroupPolicy -> !0; # # #18.8.25.1 Ensure 'Do not display network selection UI' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.25.1: Ensure 'Do not display network selection UI' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> DontDisplayNetworkSelectionUI -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> !DontDisplayNetworkSelectionUI; # # #18.8.25.2 Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.25.2: Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> DontEnumerateConnectedUsers -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> !DontEnumerateConnectedUsers; # # #18.8.25.3 Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.25.3: Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> EnumerateLocalUsers -> !0; # # #18.8.25.4 Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.25.4: Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> DisableLockScreenAppNotifications -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> !DisableLockScreenAppNotifications; # # #18.8.25.5 Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.25.5: Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> AllowDomainPINLogon -> !0; # # #18.8.31.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.31.1: Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fAllowUnsolicited -> !0; # # #18.8.31.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.31.2: Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fAllowToGetHelp -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fAllowToGetHelp; # # #18.9.6.1 Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.6.1: Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> MSAOptional -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> !MSAOptional; # # #18.9.8.1 Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.8.1: Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoAutoplayfornonVolume -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoAutoplayfornonVolume; # # #18.9.8.2 Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands' [CIS - Microsoft Windows Server 2012 R2 - 18.9.8.2: Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoAutorun -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoAutorun; # # #18.9.8.3 Ensure 'Turn off Autoplay' is set to 'Enabled: All drives' [CIS - Microsoft Windows Server 2012 R2 - 18.9.8.3: Ensure 'Turn off Autoplay' is set to 'Enabled: All drives'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer-> NoDriveTypeAutoRun -> !ff; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer-> !NoDriveTypeAutoRun; # # #18.9.15.1 Ensure 'Do not display the password reveal button' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.15.1: Ensure 'Do not display the password reveal button' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredUI -> DisablePasswordReveal -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredUI -> !DisablePasswordReveal; # # #18.9.15.2 Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.15.2: Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI -> EnumerateAdministrators -> !0; # # #18.9.26.1.1 Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.1.1: Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> Retention -> !0; # # #18.9.26.1.2 Ensure 'Application: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.1.2: Ensure 'Application: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:0\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:3\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:4\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:5\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:6\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:7\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> !MaxSize; # # #18.9.26.2.1 Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.2.1: Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> Retention -> !0; # # #18.9.26.2.2 Ensure 'Security: Specify the maximum log file size (KB)' is set to 'Enabled: 196,608 or greater' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.2.2: Ensure 'Security: Specify the maximum log file size (KB)' is set to 'Enabled: 196,608 or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:0\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:1\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:2\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> !MaxSize; # # #18.9.26.3.1 Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.3.1: Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> Retention -> !0; # # #18.9.26.3.2 Ensure 'Setup: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.3.2: Ensure 'Setup: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:0\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:3\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:4\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:5\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:6\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:7\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> !MaxSize; # # #18.9.26.4.1 Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.4.1: Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> Retention -> !0; # # #18.9.26.4.2 Ensure 'System: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.4.2: Ensure 'System: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:0\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:3\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:4\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:5\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:6\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:7\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> !MaxSize; # # #18.9.30.2 Ensure 'Configure Windows SmartScreen' is set to 'Enabled: Require approval from an administrator before running downloaded unknown software' [CIS - Microsoft Windows Server 2012 R2 - 18.9.30.2: Ensure 'Configure Windows SmartScreen' is set to 'Enabled: Require approval from an administrator before running downloaded unknown software'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> EnableSmartScreen -> !2; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> !EnableSmartScreen; # # #18.9.30.3 Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.30.3: Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoDataExecutionPrevention -> !0; # # #18.9.30.4 Ensure 'Turn off heap termination on corruption' is set to 'Disabled'[CIS - Microsoft Windows Server 2012 R2 - 18.9.30.4: Ensure 'Turn off heap termination on corruption' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoHeapTerminationOnCorruption -> !0; # # #18.9.30.5 Ensure 'Turn off shell protocol protected mode' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.30.5: Ensure 'Turn off shell protocol protected mode' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> PreXPSP2ShellProtocolBehavior -> !0; # # #18.9.47.1 Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.47.1: Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive -> DisableFileSyncNGSC -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive -> !DisableFileSyncNGSC; # # #18.9.47.2 Ensure 'Prevent the usage of OneDrive for file storage on Windows 8.1' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.47.2: Ensure 'Prevent the usage of OneDrive for file storage on Windows 8.1' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Skydrive -> DisableFileSync -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Skydrive -> !DisableFileSync; # # #18.9.52.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.2.2: Ensure 'Do not allow passwords to be saved' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> DisablePasswordSaving -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !DisablePasswordSaving; # # #18.9.52.3.3.2 Ensure 'Do not allow drive redirection' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.3.2: Ensure 'Do not allow drive redirection' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fDisableCdm -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fDisableCdm; # # #18.9.52.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.9.1: Ensure 'Always prompt for password upon connection' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fPromptForPassword -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fPromptForPassword; # # #18.9.52.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.9.2: Ensure 'Require secure RPC communication' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fEncryptRPCTraffic -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fEncryptRPCTraffic; # # #18.9.52.3.9.3 Ensure 'Set client connection encryption level' is set to 'Enabled: High Level' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.9.3: Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MinEncryptionLevel -> !3; # # #18.9.52.3.11.1 Ensure 'Do not delete temp folders upon exit' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.11.1: Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> DeleteTempDirsOnExit -> !1; # # #18.9.52.3.11.2 Ensure 'Do not use temporary folders per session' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.11.2: Ensure 'Do not use temporary folders per session' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> PerSessionTempDir -> !1; # # #18.9.53.1 Ensure 'Prevent downloading of enclosures' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.53.1: Ensure 'Prevent downloading of enclosures' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds -> DisableEnclosureDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds -> !DisableEnclosureDownload; # # #18.9.54.2 Ensure 'Allow indexing of encrypted files' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.54.2: Ensure 'Allow indexing of encrypted files' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search -> AllowIndexingEncryptedStoresOrItems -> !0; # # #18.9.61.1 Ensure 'Turn off Automatic Download and Install of updates' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.61.1: Ensure 'Turn off Automatic Download and Install of updates' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore -> AutoDownload -> !4; # # #18.9.61.2 Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.61.2: Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore -> DisableOSUpgrade -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore -> !DisableOSUpgrade; # # #18.9.70.2.1 Ensure 'Configure Default consent' is set to 'Enabled: Always ask before sending data' [CIS - Microsoft Windows Server 2012 R2 - 18.9.70.2.1: Ensure 'Configure Default consent' is set to 'Enabled: Always ask before sending data'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent -> DefaultConsent -> !1; # # #18.9.70.3 Ensure 'Automatically send memory dumps for OS-generated error reports' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.70.3: Ensure 'Automatically send memory dumps for OS-generated error reports' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> AutoApproveOSDumps -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !AutoApproveOSDumps; # # #18.9.74.1 Ensure 'Allow user control over installs' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.74.1: Ensure 'Allow user control over installs' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer -> EnableUserControl -> !0; # # #18.9.74.2 Ensure 'Always install with elevated privileges' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.74.2: Ensure 'Always install with elevated privileges' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer -> AlwaysInstallElevated -> !0; # # #18.9.75.1 Ensure 'Sign-in last interactive user automatically after a system-initiated restart' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.75.1: Ensure 'Sign-in last interactive user automatically after a system-initiated restart' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableAutomaticRestartSignOn -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> !DisableAutomaticRestartSignOn; # # #18.9.84.1 Ensure 'Turn on PowerShell Script Block Logging' is set to 'Disabled'[CIS - Microsoft Windows Server 2012 R2 - 18.9.84.1: Ensure 'Turn on PowerShell Script Block Logging' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging -> EnableScriptBlockLogging -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging -> !EnableScriptBlockLogging; # # #18.9.84.2 Ensure 'Turn on PowerShell Transcription' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.84.2: Ensure 'Turn on PowerShell Transcription' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription -> EnableTranscripting -> !0; # # #18.9.86.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.1.1: Ensure 'Allow Basic authentication' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client -> AllowBasic -> !0; # # #18.9.86.1.2 Ensure 'Allow unencrypted traffic' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.1.2: Ensure 'Allow unencrypted traffic' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client -> AllowUnencryptedTraffic -> !0; # # #18.9.86.1.3 Ensure 'Disallow Digest authentication' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.1.3: Ensure 'Disallow Digest authentication' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client -> AllowDigest -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client -> !AllowDigest; # # #18.9.86.2.1 Ensure 'Allow Basic authentication' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.2.1: Ensure 'Allow Basic authentication' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> AllowBasic -> !0; # # #18.9.86.2.3 Ensure 'Allow unencrypted traffic' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.2.3: Ensure 'Allow unencrypted traffic' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> AllowUnencryptedTraffic -> !0; # # #18.9.86.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.2.4: Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> DisableRunAs -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> !DisableRunAs; # # #18.9.90.2 Ensure 'Configure Automatic Updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.90.2: Ensure 'Configure Automatic Updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -> NoAutoUpdate -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -> !NoAutoUpdate; # # #18.9.90.3 Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day' [CIS - Microsoft Windows Server 2012 R2 - 18.9.90.3: Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -> ScheduledInstallDay -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -> !ScheduledInstallDay; # # #18.9.90.4 Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.90.4: Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -> NoAutoRebootWithLoggedOnUsers -> !0; # ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/cis_win2012r2_domainL2_rcl.txt ================================================ # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2018 OSSEC Project # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://github.com/ossec/ossec-hids/blob/master/LICENSE # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - r (registry entry) # - p (process running) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceeded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for Windows Server 2012 R2 Domain Controller L2 # Based on Center for Internet Security Benchmark v2.2.1 for Microsoft Windows Server 2012 R2 (https://workbench.cisecurity.org/benchmarks/288) # # #2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.4: Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> DisableDomainCreds -> !1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> !DisableDomainCreds; # # #18.3.5 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' [CIS - Microsoft Windows Server 2012 R2 - 18.3.5: Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> KeepAliveTime -> !493e0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !KeepAliveTime; # # #18.3.7 Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.7: Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> PerformRouterDiscovery -> !0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !PerformRouterDiscovery; # # #18.3.10 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' [CIS - Microsoft Windows Server 2012 R2 - 18.3.10: Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters -> TcpMaxDataRetransmissions -> !3; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters -> !TcpMaxDataRetransmissions; # # #18.3.11 Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' [CIS - Microsoft Windows Server 2012 R2 - 18.3.11: Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> TcpMaxDataRetransmissions -> !3; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !TcpMaxDataRetransmissions; # # #18.4.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.9.1: Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> AllowLLTDIOOnDomain -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> AllowLLTDIOOnPublicNet -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> EnableLLTDIO -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> ProhibitLLTDIOOnPrivateNet -> !0; # # #18.4.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.9.2: Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> AllowRspndrOnDomain -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> AllowRspndrOnPublicNet -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> EnableRspndr -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> ProhibitRspndrOnPrivateNet -> !0; # # #18.4.10.2 Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.10.2: Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Peernet -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Peernet -> !Disabled; # # #18.4.19.2.1 Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') [CIS - Microsoft Windows Server 2012 R2 - 18.4.19.2.1: Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters -> DisabledComponents -> !ff; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters -> !DisabledComponents; # # #18.4.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.20.1: Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> EnableRegistrars -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !EnableRegistrars; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> DisableUPnPRegistrar -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !DisableUPnPRegistrar; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> DisableInBand802DOT11Registrar -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !DisableInBand802DOT11Registrar; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> DisableFlashConfigRegistrar -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !DisableFlashConfigRegistrar; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> DisableWPDRegistrar -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !DisableWPDRegistrar; # # #18.4.20.2 Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.20.2: Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\UI -> DisableWcnUi -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\UI -> !DisableWcnUi; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # #18.8.24.1 Ensure 'Disallow copying of user input methods to the system account for sign-in' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.24.1: Ensure 'Disallow copying of user input methods to the system account for sign-in' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Control Panel\International -> BlockUserInputMethodsForSignIn -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Control Panel\International -> !BlockUserInputMethodsForSignIn; # # #18.8.29.5.1 Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.29.5.1: Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51 -> DCSettingIndex -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51 -> !DCSettingIndex; # # #18.8.29.5.2 Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.29.5.2: Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51 -> ACSettingIndex -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51 -> !ACSettingIndex; # # #18.8.39.5.1 Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.39.5.1: Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy -> DisableQueryRemoteServer -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy -> !DisableQueryRemoteServer; # # #18.8.39.11.1 Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.39.11.1: Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d} -> ScenarioExecutionEnabled -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d} -> !ScenarioExecutionEnabled; # # #18.8.41.1 Ensure 'Turn off the advertising ID' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.41.1: Ensure 'Turn off the advertising ID' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo -> DisabledByGroupPolicy -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo -> !DisabledByGroupPolicy; # # #18.8.44.1.1 Ensure 'Enable Windows NTP Client' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.44.1.1: Ensure 'Enable Windows NTP Client' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32Time\TimeProviders\NtpClient -> Enabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32Time\TimeProviders\NtpClient -> !Enabled; # # #18.9.37.1 Ensure 'Turn off location' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.37.1: Ensure 'Turn off location' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors -> DisableLocation -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors -> !DisableLocation; # # #18.9.52.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.2.1: Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fSingleSessionPerUser -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fSingleSessionPerUser; # # #18.9.52.3.3.1 Ensure 'Do not allow COM port redirection' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.3.1: Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fDisableCcm -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fDisableCcm; # # #18.9.52.3.3.3 Ensure 'Do not allow LPT port redirection' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.3.3: Ensure 'Do not allow LPT port redirection' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fDisableLPT -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fDisableLPT; # # #18.9.52.3.3.4 Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.3.4: Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fDisablePNPRedir -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fDisablePNPRedir; # # #18.9.52.3.10.1 Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.10.1: Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba2; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba3; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba4; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba5; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba6; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba7; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba8; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba9; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba\D; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbb\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbc\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbd\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbe\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbf\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbc\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbd\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbe\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbf\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dc\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dd\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:de\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:df\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:e\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:f\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:\w\w\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !MaxIdleTime; # # #18.9.52.3.10.2 Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.10.2: Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxDisconnectionTime -> !EA60; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !MaxDisconnectionTime; # # #18.9.54.3 Ensure 'Set what information is shared in Search' is set to 'Enabled: Anonymous info' [CIS - Microsoft Windows Server 2012 R2 - 18.9.54.3: Ensure 'Set what information is shared in Search' is set to 'Enabled: Anonymous info'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search -> ConnectedSearchPrivacy -> !3; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search -> !ConnectedSearchPrivacy; # # #18.9.59.1 Ensure 'Turn off KMS Client Online AVS Validation' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.59.1: Ensure 'Turn off KMS Client Online AVS Validation' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform -> NoGenTicket -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform -> !NoGenTicket; # # #18.9.61.3 Ensure 'Turn off the Store application' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.61.3: Ensure 'Turn off the Store application' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore -> RemoveWindowsStore -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore -> !RemoveWindowsStore; # # #18.9.69.3.1 Ensure 'Join Microsoft MAPS' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.69.3.1: Ensure 'Join Microsoft MAPS' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet -> SpynetReporting -> !0; # # #18.9.74.3 Ensure 'Prevent Internet Explorer security prompt for Windows Installer scripts' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.74.3: Ensure 'Join Microsoft MAPS' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer -> SafeForScripting -> !0; # # #18.9.86.2.2 Ensure 'Allow remote server management through WinRM' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.2.2: Ensure 'Allow remote server management through WinRM' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> AllowAutoConfig -> !0; # # #18.9.87.1 Ensure 'Allow Remote Shell Access' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.87.1: Ensure 'Allow Remote Shell Access' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\WinRS -> AllowRemoteShellAccess -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\WinRS -> !AllowRemoteShellAccess; # ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/cis_win2012r2_memberL1_rcl.txt ================================================ # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2018 OSSEC Project # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://github.com/ossec/ossec-hids/blob/master/LICENSE # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - r (registry entry) # - p (process running) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceeded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for Windows Server 2012 R2 Domain Controller L2 # Based on Center for Internet Security Benchmark v2.2.1 for Microsoft Windows Server 2012 R2 (https://workbench.cisecurity.org/benchmarks/288) # # #1.1.2 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0' [CIS - Microsoft Windows Server 2012 R2 - Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> 0; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> 3D; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> 3E; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> 3F; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:4\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:5\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:6\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:7\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:8\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:9\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:A\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:B\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:C\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:D\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:E\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:F\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:\w\w\w+; # # #2.3.1.2 Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts' [CIS - Microsoft Windows Server 2012 R2 - 2.3.1.2: Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> NoConnectedUser -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> NoConnectedUser -> 1; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !NoConnectedUser; # # #2.3.1.4 Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.1.4: Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> LimitBlankPasswordUse -> 0; # # #2.3.2.1 Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.2.1: Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> SCENoApplyLegacyAuditPolicy -> !1; # # #2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.2.2: Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> CrashOnAuditFail -> 1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> CrashOnAuditFail -> 2; # # #2.3.4.1 Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators' [CIS - Microsoft Windows Server 2012 R2 - 2.3.4.1: Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> AllocateDASD -> 1; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> AllocateDASD -> 2; # # #2.3.4.2 Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.4.2: Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers -> AddPrinterDrivers -> !1; # # #2.3.6.1 Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.6.1: Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> RequireSignOrSeal -> 0; # # #2.3.6.2 Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.6.2: Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> SealSecureChannel -> 0; # # #2.3.6.3 Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.6.3: Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> SignSecureChannel -> 0; # # #2.3.6.4 Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.6.4: Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> DisablePasswordChange -> 1; # # #2.3.6.6 Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.6.6: Ensure 'Domain member: Require strong session key' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> RequireStrongKey -> 0; # # #2.3.7.1 Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.7.1: Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> DontDisplayLastUserName -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !DontDisplayLastUserName; # # #2.3.7.2 Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.7.2: Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> DisableCAD -> 1; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !DisableCAD; # # #2.3.7.3 Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' [CIS - Microsoft Windows Server 2012 R2 - 2.3.7.3: Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> 385; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> 386; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> 387; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> 388; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> 389; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:38\D; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:39\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:3\D\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:4\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:5\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:6\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:7\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:8\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:9\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:\D\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:\w\w\w\w+; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !InactivityTimeoutSecs; # # #2.3.7.7 Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' [CIS - Microsoft Windows Server 2012 R2 - 2.3.7.7: Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> 1; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> 2; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> 3; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> 4; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> 0F; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:1\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:2\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:3\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:4\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:5\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:6\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:7\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:8\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:9\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:\D\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:\w\w\w+; # # #2.3.7.8 Ensure 'Interactive logon: Require Domain Controller Authentication to unlock workstation' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.7.8: Ensure 'Interactive logon: Require Domain Controller Authentication to unlock workstation' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> ForceUnlockLogon -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> !ForceUnlockLogon; # # #2.3.7.9 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher [CIS - Microsoft Windows Server 2012 R2 - 2.3.7.9: Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> ScRemoveOption -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> !ScRemoveOption; # # #2.3.8.1 Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.8.1: Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters -> RequireSecuritySignature -> !1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters -> !RequireSecuritySignature; # # #2.3.8.2 Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.8.2: Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters -> EnableSecuritySignature -> !1; # # #2.3.8.3 Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.8.3: Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters -> EnablePlainTextPassword -> !0; # # #2.3.9.1 Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s), but not 0' [CIS - Microsoft Windows Server 2012 R2 - 2.3.9.1: Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s), but not 0'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> 0; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:1\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:2\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:3\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:4\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:5\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:6\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:7\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:8\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:9\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:\D\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:\w\w\w+; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> !AutoDisconnect; # # #2.3.9.2 Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.9.2: Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> RequireSecuritySignature -> !1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> !RequireSecuritySignature; # # #2.3.9.3 Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.9.3: Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> EnableSecuritySignature -> !1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> !EnableSecuritySignature; # # #2.3.9.4 Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.9.4: Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> EnableForcedLogOff -> !1; # # #2.3.9.5 Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher [CIS - Microsoft Windows Server 2012 R2 - 2.3.9.5: Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -> SMBServerNameHardeningLevel -> !0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -> !SMBServerNameHardeningLevel; # # #2.3.10.2 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.2: Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa -> RestrictAnonymousSAM -> 0; # # #2.3.10.3 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.3: Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa -> RestrictAnonymous -> !1; # # #2.3.10.5 Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.5: Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> EveryoneIncludesAnonymous -> 1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> EveryoneIncludesAnonymous -> 2; # # #2.3.10.6 Configure 'Network access: Named Pipes that can be accessed anonymously' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.6: Configure 'Network access: Named Pipes that can be accessed anonymously'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> NullSessionPipes -> !r:lsarpc|netlogon|samr; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> !NullSessionPipes; # # #2.3.10.7 Configure 'Network access: Remotely accessible registry paths' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.7: Configure 'Network access: Remotely accessible registry paths'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths -> Machine -> !r:System\\CurrentControlSet\\Control\\ProductOptions|System\\CurrentControlSet\\Control\\Server Applications|Software\\Microsoft\\Windows NT\\CurrentVersion; # # #2.3.10.8 Configure 'Network access: Remotely accessible registry paths and sub-paths' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.8: Configure 'Network access: Remotely accessible registry paths and sub-paths'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths -> Machine -> !r:Software\\Microsoft\\Windows NT\\CurrentVersion\\Print|Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows|System\\CurrentControlSet\\Control\\Print\\Printers|System\\CurrentControlSet\\Services\\Eventlog|Software\\Microsoft\\OLAP Server|System\\CurrentControlSet\\Control\\ContentIndex|System\\CurrentControlSet\\Control\\Terminal Server|System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig|System\\CurrentControlSet\\Control\\Terminal Server\\DefaultUserConfiguration|Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib|System\\CurrentControlSet\\Services\\SysmonLog|System\\CurrentControlSet\\Services\\CertSvc|System\\CurrentControlSet\\Services\\WINS; # # #2.3.10.9 Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.9: Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> RestrictNullSessAccess -> !1; # # #2.3.10.10 Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.10: Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> NullSessionShares -> r:\.+; # # #2.3.10.11 Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.11: Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> ForceGuest -> 1; # # #2.3.11.1 Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.1: Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> UseMachineId -> !1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> !UseMachineId; # # #2.3.11.2 Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.2: Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 -> allownullsessionfallback -> 1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 -> !allownullsessionfallback; # # #2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.3: Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\pku2u -> AllowOnlineID -> !0; # # #2.3.11.4 Ensure 'Network Security: Configure encryption types allowed for Kerberos' is set to 'RC4_HMAC_MD5, AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.4: Ensure 'Network Security: Configure encryption types allowed for Kerberos' is set to 'RC4_HMAC_MD5, AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters -> SupportedEncryptionTypes -> !2147483644; # # #2.3.11.5 Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.5: Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> NoLMHash -> 0; # # #2.3.11.6 Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.6: Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -> EnableForcedLogOff -> !1; # # #2.3.11.7 Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.7: Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> LmCompatibilityLevel -> 0; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> LmCompatibilityLevel -> 1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> LmCompatibilityLevel -> 2; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> LmCompatibilityLevel -> 3; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> LmCompatibilityLevel -> 4; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> !LmCompatibilityLevel; # # #2.3.11.8 Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LDAP -> LDAPClientIntegrity -> !1; # # #2.3.11.9 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.9: Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption''] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 -> NTLMMinClientSec -> !537395200; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 -> !NTLMMinClientSec; # # #2.3.11.10 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.10: Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 -> NTLMMinServerSec -> !537395200; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 -> !NTLMMinServerSec; # # #2.3.13.1 Ensure 'Shutdown: Allow system to be shut down without having to log on' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.13.1: Ensure 'Shutdown: Allow system to be shut down without having to log on' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> ShutdownWithoutLogon -> 1; # # #2.3.15.1 Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.15.1: Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel -> ObCaseInsensitive -> !1; # # #2.3.15.2 Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.15.2: Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager -> ProtectionMode -> !1; # # #2.3.17.1 Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.1: Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> FilterAdministratorToken -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !FilterAdministratorToken; # # #2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.2: Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> EnableUIADesktopToggle -> 1; # # #2.3.17.3 Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.3: Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> ConsentPromptBehaviorAdmin -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> ConsentPromptBehaviorAdmin -> 1; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !ConsentPromptBehaviorAdmin; # # #2.3.17.4 Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.4: Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> ConsentPromptBehaviorUser -> 1; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !ConsentPromptBehaviorUser; # # #2.3.17.5 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.5: Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> EnableInstallerDetection -> 0; r:HKEY_LOCAL_MACHINE\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !EnableInstallerDetection; # # #2.3.17.6 Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.6: Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> EnableSecureUIAPaths -> 0; # # #2.3.17.7 Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.7: Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> EnableLUA -> 0; # # #2.3.17.8 Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.8: Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> PromptOnSecureDesktop -> 0; # # #2.3.17.9 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.9: Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> EnableVirtualization -> 0; # # #9.1.1 Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On' [CIS - Microsoft Windows Server 2012 R2 - 9.1.1: Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> EnableFirewall -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> EnableFirewall -> 0; # # #9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.1.2: Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> DefaultInboundAction -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> DefaultInboundAction -> 0; # # #9.1.3 Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.1.3: Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> DefaultOutboundAction -> 1; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> DefaultOutboundAction -> 1; # # #9.1.4 Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No' [CIS - Microsoft Windows Server 2012 R2 - 9.1.4: Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> DisableNotifications -> 0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> !DisableNotifications; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> DisableNotifications -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> !DisableNotifications; # # #9.1.5 Ensure 'Windows Firewall: Domain: Settings: Apply local firewall rules' is set to 'Yes (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.1.5: Ensure 'Windows Firewall: Domain: Settings: Apply local firewall rules' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> AllowLocalPolicyMerge -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> AllowLocalPolicyMerge -> 0; # # #9.1.6 Ensure 'Windows Firewall: Domain: Settings: Apply local connection security rules' is set to 'Yes (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.1.6: Ensure 'Windows Firewall: Domain: Settings: Apply local connection security rules' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> AllowLocalIPsecPolicyMerge -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> AllowLocalIPsecPolicyMerge -> 0; # # #9.1.7 Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\*.log' [CIS - Microsoft Windows Server 2012 R2 - 9.1.7: Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\*.log'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFilePath -> r:\psystemroot\p\\system32\logfiles\firewall\\w+\plog; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFilePath -> r:\psystemroot\p\\system32\logfiles\firewall\\w+\plog; # # #9.1.8 Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16384 KB or greater' [CIS - Microsoft Windows Server 2012 R2 - 9.1.8: Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16384 KB or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFileSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFileSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFileSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFileSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFileSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFileSize -> r:3\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFileSize -> r:\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFileSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFileSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFileSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFileSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFileSize -> r:3\w\w\w; # # #9.1.9 Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.1.9: Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogDroppedPackets -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogDroppedPackets -> 0; # # #9.1.10 Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.1.10: Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogSuccessfulConnections -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogSuccessfulConnections -> 0; # # #9.2.1 Ensure 'Windows Firewall: Private: Firewall state' is set to 'On' [CIS - Microsoft Windows Server 2012 R2 - 9.2.1: Ensure 'Windows Firewall: Private: Firewall state' is set to 'On'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile -> EnableFirewall -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> EnableFirewall -> 0; # # #9.2.2 Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.2.2: Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile -> DefaultInboundAction -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> DefaultInboundAction -> 0; # # #9.2.3 Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.2.3: Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile -> DefaultOutboundAction -> 1; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> DefaultOutboundAction -> 1; # # #9.2.4 Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No' [CIS - Microsoft Windows Server 2012 R2 - 9.2.4: Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile -> DisableNotifications -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> DisableNotifications -> 0; # # #9.2.5 Ensure 'Windows Firewall: Private: Settings: Apply local firewall rules' is set to 'Yes (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.2.5: Ensure 'Windows Firewall: Private: Settings: Apply local firewall rules' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile -> AllowLocalPolicyMerge -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> AllowLocalPolicyMerge -> 0; # # #9.2.6 Ensure 'Windows Firewall: Private: Settings: Apply local connection security rules' is set to 'Yes (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.2.6: Ensure 'Windows Firewall: Private: Settings: Apply local connection security rules' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile -> AllowLocalIPsecPolicyMerge -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> AllowLocalIPsecPolicyMerge -> 0; # # #9.2.7 Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\*.log' [CIS - Microsoft Windows Server 2012 R2 - 9.2.7: Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\*.log'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFilePath -> r:\psystemroot\p\\system32\logfiles\firewall\\w+\plog; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFilePath -> r:\psystemroot\p\\system32\logfiles\firewall\\w+\plog; # # #9.2.8 Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16384 KB or greater' [CIS - Microsoft Windows Server 2012 R2 - 9.2.8: Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16384 KB or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFileSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFileSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFileSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFileSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFileSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFileSize -> r:3\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFileSize -> r:\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFileSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFileSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFileSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFileSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFileSize -> r:3\w\w\w; # # #9.2.9 Ensure 'Windows Firewall: Private: Logging: Log dropped packets' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.2.9: Ensure 'Windows Firewall: Private: Logging: Log dropped packets' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogDroppedPackets -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogDroppedPackets -> 0; # # #9.2.10 Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.2.10: Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogSuccessfulConnections -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogSuccessfulConnections -> 0; # # #9.3.1 Ensure 'Windows Firewall: Public: Firewall state' is set to 'On' [CIS - Microsoft Windows Server 2012 R2 - 9.3.1: Ensure 'Windows Firewall: Public: Firewall state' is set to 'On'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile -> EnableFirewall -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile -> EnableFirewall -> 0; # # #9.3.2 Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.3.2: Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile -> DefaultInboundAction -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile -> DefaultInboundAction -> 0; # # #9.3.3 Ensure 'Windows Firewall: Public: Outbound connections' is set to 'Allow (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.3.3: Ensure 'Windows Firewall: Public: Outbound connections' is set to 'Allow'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile -> DefaultOutboundAction -> 1; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile -> DefaultOutboundAction -> 1; # # #9.3.4 Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.3.4: Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile -> DisableNotifications -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile -> DisableNotifications -> 0; # # #9.3.5 Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No' [CIS - Microsoft Windows Server 2012 R2 - 9.3.5: Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile -> AllowLocalPolicyMerge -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile -> AllowLocalPolicyMerge -> 0; # # #9.3.6 Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No' [CIS - Microsoft Windows Server 2012 R2 - 9.3.6: Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile -> AllowLocalIPsecPolicyMerge -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile -> AllowLocalIPsecPolicyMerge -> 0; # # #9.3.7 Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\*.log' [CIS - Microsoft Windows Server 2012 R2 - 9.3.7: Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\*.log'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFilePath -> r:\psystemroot\p\\system32\logfiles\firewall\\w+\plog; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFilePath -> r:\psystemroot\p\\system32\logfiles\firewall\\w+\plog; # # #9.3.8 Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16384 KB or greater' [CIS - Microsoft Windows Server 2012 R2 - 9.3.8: Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16384 KB or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFileSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFileSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFileSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFileSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFileSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFileSize -> r:3\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFileSize -> r:\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFileSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFileSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFileSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFileSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFileSize -> r:3\w\w\w; # # #9.3.9 Ensure 'Windows Firewall: Public: Logging: Log dropped packets' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.3.9: Ensure 'Windows Firewall: Public: Logging: Log dropped packets' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogDroppedPackets -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogDroppedPackets -> 0; # # #9.3.10 Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.3.10: Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogSuccessfulConnections -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogSuccessfulConnections -> 0; # # #18.1.1.1 Ensure 'Prevent enabling lock screen camera' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.1.1.1: Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization -> NoLockScreenCamera -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization -> !NoLockScreenCamera; # # #18.1.1.2 Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.1.1.2: Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization -> NoLockScreenSlideshow -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization -> !NoLockScreenSlideshow; # # #18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installed [CIS - Microsoft Windows Server 2012 R2 - 18.2.1: Ensure LAPS AdmPwd GPO Extension / CSE is installed] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{D76B9641-3288-4f75-942D-087DE603E3EA} -> !DllName; # # #18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.2.2: Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PwdExpirationProtectionEnabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> !PwdExpirationProtectionEnabled; # # #18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.2.3: Ensure 'Enable Local Admin Password Management' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> AdmPwdEnabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> !AdmPwdEnabled; # # #18.2.4 Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters' [CIS - Microsoft Windows Server 2012 R2 - 18.2.4: Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordComplexity -> !4; # # #18.2.5 Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more' [CIS - Microsoft Windows Server 2012 R2 - 18.2.5: Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordLength -> r:\d; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordLength -> r:a; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordLength -> r:b; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordLength -> r:c; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordLength -> r:d; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordLength -> r:e; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> !PasswordLength; # # #18.2.6 Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer' [CIS - Microsoft Windows Server 2012 R2 - 18.2.6: Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordAgeDays -> 1F; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordAgeDays -> r:2\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordAgeDays -> r:3\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordAgeDays -> r:4\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordAgeDays -> r:5\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordAgeDays -> r:6\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordAgeDays -> r:7\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordAgeDays -> r:8\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordAgeDays -> r:9\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordAgeDays -> r:\D\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordAgeDays -> r:\w\w\w+; # # #18.3.1 Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.1: Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> AutoAdminLogon -> !0; # # #18.3.2 Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.2: Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters -> DisableIPSourceRouting -> !2; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters -> !DisableIPSourceRouting; # # #18.3.3 Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.3: Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> DisableIPSourceRouting -> !2; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !DisableIPSourceRouting; # # #18.3.4 Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.4: Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> EnableICMPRedirect -> 1; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !EnableICMPRedirect; # # #18.3.6 Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.6: Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters -> NoNameReleaseOnDemand -> !1; # # #18.3.8 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.8: Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> SafeDllSearchMode -> 0; # # #18.3.9 Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds' [CIS - Microsoft Windows Server 2012 R2 - 18.3.9: Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires' is set to 'Enabled: 5 or fewer seconds'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> ScreenSaverGracePeriod -> 6; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> ScreenSaverGracePeriod -> 7; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> ScreenSaverGracePeriod -> 8; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> ScreenSaverGracePeriod -> 9; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> ScreenSaverGracePeriod -> r:\w\w+; # # #18.3.12 Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less' [CIS - Microsoft Windows Server 2012 R2 - 18.3.12: Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> 5B; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> 5C; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> 5D; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> 5E; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> 5F; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> r:6\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> r:7\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> r:8\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> r:9\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> r:\D\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> r:\w\w\w+; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> !WarningLevel; # # #18.4.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.11.2: Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections -> NC_AllowNetBridge_NLA -> 1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections -> !NC_AllowNetBridge_NLA; # # #18.4.11.3 Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.11.3: Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections -> NC_StdDomainUserSetLocation -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections -> !NC_StdDomainUserSetLocation; # # #18.4.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.21.1: Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy -> fMinimizeConnections -> !1; # # #18.6.1 Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.6.1: Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> LocalAccountTokenFilterPolicy -> !0; # # #18.6.2 Ensure 'WDigest Authentication' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.6.2: Ensure 'WDigest Authentication' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest -> UseLogonCredential -> !0; # # #18.8.3.1 Ensure 'Include command line in process creation events' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.3.1: Ensure 'Include command line in process creation events' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit -> ProcessCreationIncludeCmdLine_Enabled -> !0; # # #18.8.12.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical' [CIS - Microsoft Windows Server 2012 R2 - 18.8.12.1: Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\EarlyLaunch -> DriverLoadPolicy -> !3; # # #18.8.19.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE' [CIS - Microsoft Windows Server 2012 R2 - 18.8.19.2: Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2} -> NoBackgroundPolicy -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2} -> !NoBackgroundPolicy; # # #18.8.19.3 Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE' [CIS - Microsoft Windows Server 2012 R2 - 18.8.19.3: Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2} -> NoGPOListChanges -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2} -> !NoGPOListChanges; # # #18.8.19.4 Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.19.4: Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableBkGndGroupPolicy -> !0; # # #18.8.25.1 Ensure 'Do not display network selection UI' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.25.1: Ensure 'Do not display network selection UI' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> DontDisplayNetworkSelectionUI -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> !DontDisplayNetworkSelectionUI; # # #18.8.25.2 Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.25.2: Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> DontEnumerateConnectedUsers -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> !DontEnumerateConnectedUsers; # # #18.8.25.3 Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.25.3: Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> EnumerateLocalUsers -> !0; # # #18.8.25.4 Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.25.4: Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> DisableLockScreenAppNotifications -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> !DisableLockScreenAppNotifications; # # #18.8.25.5 Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.25.5: Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> AllowDomainPINLogon -> !0; # # #18.8.31.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.31.1: Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fAllowUnsolicited -> !0; # # #18.8.31.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.31.2: Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fAllowToGetHelp -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fAllowToGetHelp; # # #18.8.32.1 Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.32.1: Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Rpc -> EnableAuthEpResolution -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Rpc -> !EnableAuthEpResolution; # # #18.9.6.1 Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.6.1: Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> MSAOptional -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> !MSAOptional; # # #18.9.8.1 Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.8.1: Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoAutoplayfornonVolume -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoAutoplayfornonVolume; # # #18.9.8.2 Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands' [CIS - Microsoft Windows Server 2012 R2 - 18.9.8.2: Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoAutorun -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoAutorun; # # #18.9.8.3 Ensure 'Turn off Autoplay' is set to 'Enabled: All drives' [CIS - Microsoft Windows Server 2012 R2 - 18.9.8.3: Ensure 'Turn off Autoplay' is set to 'Enabled: All drives'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer-> NoDriveTypeAutoRun -> !ff; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer-> !NoDriveTypeAutoRun; # # #18.9.15.1 Ensure 'Do not display the password reveal button' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.15.1: Ensure 'Do not display the password reveal button' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredUI -> DisablePasswordReveal -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredUI -> !DisablePasswordReveal; # # #18.9.15.2 Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.15.2: Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI -> EnumerateAdministrators -> !0; # # #18.9.26.1.1 Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.1.1: Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> Retention -> !0; # # #18.9.26.1.2 Ensure 'Application: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.1.2: Ensure 'Application: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:0\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:3\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:4\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:5\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:6\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:7\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> !MaxSize; # # #18.9.26.2.1 Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.2.1: Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> Retention -> !0; # # #18.9.26.2.2 Ensure 'Security: Specify the maximum log file size (KB)' is set to 'Enabled: 196,608 or greater' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.2.2: Ensure 'Security: Specify the maximum log file size (KB)' is set to 'Enabled: 196,608 or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:0\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:1\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:2\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> !MaxSize; # # #18.9.26.3.1 Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.3.1: Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> Retention -> !0; # # #18.9.26.3.2 Ensure 'Setup: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.3.2: Ensure 'Setup: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:0\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:3\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:4\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:5\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:6\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:7\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> !MaxSize; # # #18.9.26.4.1 Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.4.1: Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> Retention -> !0; # # #18.9.26.4.2 Ensure 'System: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.4.2: Ensure 'System: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:0\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:3\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:4\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:5\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:6\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:7\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> !MaxSize; # # #18.9.30.2 Ensure 'Configure Windows SmartScreen' is set to 'Enabled: Require approval from an administrator before running downloaded unknown software' [CIS - Microsoft Windows Server 2012 R2 - 18.9.30.2: Ensure 'Configure Windows SmartScreen' is set to 'Enabled: Require approval from an administrator before running downloaded unknown software'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> EnableSmartScreen -> !2; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> !EnableSmartScreen; # # #18.9.30.3 Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.30.3: Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoDataExecutionPrevention -> !0; # # #18.9.30.4 Ensure 'Turn off heap termination on corruption' is set to 'Disabled'[CIS - Microsoft Windows Server 2012 R2 - 18.9.30.4: Ensure 'Turn off heap termination on corruption' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoHeapTerminationOnCorruption -> !0; # # #18.9.30.5 Ensure 'Turn off shell protocol protected mode' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.30.5: Ensure 'Turn off shell protocol protected mode' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> PreXPSP2ShellProtocolBehavior -> !0; # # #18.9.47.1 Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.47.1: Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive -> DisableFileSyncNGSC -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive -> !DisableFileSyncNGSC; # # #18.9.47.2 Ensure 'Prevent the usage of OneDrive for file storage on Windows 8.1' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.47.2: Ensure 'Prevent the usage of OneDrive for file storage on Windows 8.1' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Skydrive -> DisableFileSync -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Skydrive -> !DisableFileSync; # # #18.9.52.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.2.2: Ensure 'Do not allow passwords to be saved' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> DisablePasswordSaving -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !DisablePasswordSaving; # # #18.9.52.3.3.2 Ensure 'Do not allow drive redirection' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.3.2: Ensure 'Do not allow drive redirection' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fDisableCdm -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fDisableCdm; # # #18.9.52.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.9.1: Ensure 'Always prompt for password upon connection' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fPromptForPassword -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fPromptForPassword; # # #18.9.52.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.9.2: Ensure 'Require secure RPC communication' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fEncryptRPCTraffic -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fEncryptRPCTraffic; # # #18.9.52.3.9.3 Ensure 'Set client connection encryption level' is set to 'Enabled: High Level' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.9.3: Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MinEncryptionLevel -> !3; # # #18.9.52.3.11.1 Ensure 'Do not delete temp folders upon exit' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.11.1: Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> DeleteTempDirsOnExit -> !1; # # #18.9.52.3.11.2 Ensure 'Do not use temporary folders per session' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.11.2: Ensure 'Do not use temporary folders per session' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> PerSessionTempDir -> !1; # # #18.9.53.1 Ensure 'Prevent downloading of enclosures' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.53.1: Ensure 'Prevent downloading of enclosures' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds -> DisableEnclosureDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds -> !DisableEnclosureDownload; # # #18.9.54.2 Ensure 'Allow indexing of encrypted files' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.54.2: Ensure 'Allow indexing of encrypted files' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search -> AllowIndexingEncryptedStoresOrItems -> !0; # # #18.9.61.1 Ensure 'Turn off Automatic Download and Install of updates' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.61.1: Ensure 'Turn off Automatic Download and Install of updates' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore -> AutoDownload -> !4; # # #18.9.61.2 Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.61.2: Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore -> DisableOSUpgrade -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore -> !DisableOSUpgrade; # # #18.9.70.2.1 Ensure 'Configure Default consent' is set to 'Enabled: Always ask before sending data' [CIS - Microsoft Windows Server 2012 R2 - 18.9.70.2.1: Ensure 'Configure Default consent' is set to 'Enabled: Always ask before sending data'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent -> DefaultConsent -> !1; # # #18.9.70.3 Ensure 'Automatically send memory dumps for OS-generated error reports' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.70.3: Ensure 'Automatically send memory dumps for OS-generated error reports' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> AutoApproveOSDumps -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !AutoApproveOSDumps; # # #18.9.74.1 Ensure 'Allow user control over installs' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.74.1: Ensure 'Allow user control over installs' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer -> EnableUserControl -> !0; # # #18.9.74.2 Ensure 'Always install with elevated privileges' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.74.2: Ensure 'Always install with elevated privileges' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer -> AlwaysInstallElevated -> !0; # # #18.9.75.1 Ensure 'Sign-in last interactive user automatically after a system-initiated restart' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.75.1: Ensure 'Sign-in last interactive user automatically after a system-initiated restart' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableAutomaticRestartSignOn -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> !DisableAutomaticRestartSignOn; # # #18.9.84.1 Ensure 'Turn on PowerShell Script Block Logging' is set to 'Disabled'[CIS - Microsoft Windows Server 2012 R2 - 18.9.84.1: Ensure 'Turn on PowerShell Script Block Logging' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging -> EnableScriptBlockLogging -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging -> !EnableScriptBlockLogging; # # #18.9.84.2 Ensure 'Turn on PowerShell Transcription' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.84.2: Ensure 'Turn on PowerShell Transcription' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription -> EnableTranscripting -> !0; # # #18.9.86.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.1.1: Ensure 'Allow Basic authentication' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client -> AllowBasic -> !0; # # #18.9.86.1.2 Ensure 'Allow unencrypted traffic' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.1.2: Ensure 'Allow unencrypted traffic' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client -> AllowUnencryptedTraffic -> !0; # # #18.9.86.1.3 Ensure 'Disallow Digest authentication' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.1.3: Ensure 'Disallow Digest authentication' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client -> AllowDigest -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client -> !AllowDigest; # # #18.9.86.2.1 Ensure 'Allow Basic authentication' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.2.1: Ensure 'Allow Basic authentication' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> AllowBasic -> !0; # # #18.9.86.2.3 Ensure 'Allow unencrypted traffic' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.2.3: Ensure 'Allow unencrypted traffic' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> AllowUnencryptedTraffic -> !0; # # #18.9.86.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.2.4: Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> DisableRunAs -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> !DisableRunAs; # # #18.9.90.2 Ensure 'Configure Automatic Updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.90.2: Ensure 'Configure Automatic Updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -> NoAutoUpdate -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -> !NoAutoUpdate; # # #18.9.90.3 Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day' [CIS - Microsoft Windows Server 2012 R2 - 18.9.90.3: Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -> ScheduledInstallDay -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -> !ScheduledInstallDay; # # #18.9.90.4 Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.90.4: Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -> NoAutoRebootWithLoggedOnUsers -> !0; # # # ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/cis_win2012r2_memberL2_rcl.txt ================================================ # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2018 OSSEC Project # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://github.com/ossec/ossec-hids/blob/master/LICENSE # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - r (registry entry) # - p (process running) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceeded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for Windows Server 2012 R2 Domain Controller L2 # Based on Center for Internet Security Benchmark v2.2.1 for Microsoft Windows Server 2012 R2 (https://workbench.cisecurity.org/benchmarks/288) # # #2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' [CIS - Microsoft Windows Server 2012 R2 - Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> 5; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> 6; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> 7; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> 8; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> 9; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> a; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> b; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> c; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> d; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> e; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> f; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> \w\w+; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> !CachedLogonsCount; # # #2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.4: Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> DisableDomainCreds -> !1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> !DisableDomainCreds; # # #18.3.5 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' [CIS - Microsoft Windows Server 2012 R2 - 18.3.5: Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> KeepAliveTime -> !493e0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !KeepAliveTime; # # #18.3.7 Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.7: Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> PerformRouterDiscovery -> !0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !PerformRouterDiscovery; # # #18.3.10 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' [CIS - Microsoft Windows Server 2012 R2 - 18.3.10: Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters -> TcpMaxDataRetransmissions -> !3; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters -> !TcpMaxDataRetransmissions; # # #18.3.11 Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' [CIS - Microsoft Windows Server 2012 R2 - 18.3.11: Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> TcpMaxDataRetransmissions -> !3; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !TcpMaxDataRetransmissions; # # #18.4.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.9.1: Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> AllowLLTDIOOnDomain -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> AllowLLTDIOOnPublicNet -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> EnableLLTDIO -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> ProhibitLLTDIOOnPrivateNet -> !0; # # #18.4.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.9.2: Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> AllowRspndrOnDomain -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> AllowRspndrOnPublicNet -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> EnableRspndr -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> ProhibitRspndrOnPrivateNet -> !0; # # #18.4.10.2 Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.10.2: Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Peernet -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Peernet -> !Disabled; # # #18.4.19.2.1 Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') [CIS - Microsoft Windows Server 2012 R2 - 18.4.19.2.1: Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters -> DisabledComponents -> !ff; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters -> !DisabledComponents; # # #18.4.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.20.1: Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> EnableRegistrars -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !EnableRegistrars; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> DisableUPnPRegistrar -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !DisableUPnPRegistrar; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> DisableInBand802DOT11Registrar -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !DisableInBand802DOT11Registrar; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> DisableFlashConfigRegistrar -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !DisableFlashConfigRegistrar; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> DisableWPDRegistrar -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !DisableWPDRegistrar; # # #18.4.20.2 Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.20.2: Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\UI -> DisableWcnUi -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\UI -> !DisableWcnUi; # # #18.4.21.2 Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.21.2: Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy -> fBlockNonDomain -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy -> !fBlockNonDomain; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # #18.8.24.1 Ensure 'Disallow copying of user input methods to the system account for sign-in' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.24.1: Ensure 'Disallow copying of user input methods to the system account for sign-in' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Control Panel\International -> BlockUserInputMethodsForSignIn -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Control Panel\International -> !BlockUserInputMethodsForSignIn; # # #18.8.29.5.1 Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.29.5.1: Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51 -> DCSettingIndex -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51 -> !DCSettingIndex; # # #18.8.29.5.2 Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.29.5.2: Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51 -> ACSettingIndex -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51 -> !ACSettingIndex; # # #18.8.32.2 Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated' [CIS - Microsoft Windows Server 2012 R2 - 18.8.32.2: Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Rpc -> RestrictRemoteClients -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Rpc -> !RestrictRemoteClients; # # #18.8.39.5.1 Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.39.5.1: Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy -> DisableQueryRemoteServer -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy -> !DisableQueryRemoteServer; # # #18.8.39.11.1 Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.39.11.1: Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d} -> ScenarioExecutionEnabled -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d} -> !ScenarioExecutionEnabled; # # #18.8.41.1 Ensure 'Turn off the advertising ID' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.41.1: Ensure 'Turn off the advertising ID' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo -> DisabledByGroupPolicy -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo -> !DisabledByGroupPolicy; # # #18.8.44.1.1 Ensure 'Enable Windows NTP Client' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.44.1.1: Ensure 'Enable Windows NTP Client' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32Time\TimeProviders\NtpClient -> Enabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32Time\TimeProviders\NtpClient -> !Enabled; # # #18.8.44.1.2 Ensure 'Enable Windows NTP Server' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.44.1.2: Ensure 'Enable Windows NTP Server' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32Time\TimeProviders\NtpServer -> Enabled -> !0; # # #18.9.37.1 Ensure 'Turn off location' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.37.1: Ensure 'Turn off location' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors -> DisableLocation -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors -> !DisableLocation; # # #18.9.52.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.2.1: Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fSingleSessionPerUser -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fSingleSessionPerUser; # # #18.9.52.3.3.1 Ensure 'Do not allow COM port redirection' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.3.1: Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fDisableCcm -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fDisableCcm; # # #18.9.52.3.3.3 Ensure 'Do not allow LPT port redirection' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.3.3: Ensure 'Do not allow LPT port redirection' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fDisableLPT -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fDisableLPT; # # #18.9.52.3.3.4 Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.3.4: Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fDisablePNPRedir -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fDisablePNPRedir; # # #18.9.52.3.10.1 Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.10.1: Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba2; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba3; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba4; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba5; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba6; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba7; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba8; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba9; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba\D; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbb\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbc\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbd\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbe\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbf\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbc\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbd\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbe\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbf\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dc\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dd\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:de\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:df\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:e\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:f\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:\w\w\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !MaxIdleTime; # # #18.9.52.3.10.2 Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.10.2: Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxDisconnectionTime -> !EA60; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !MaxDisconnectionTime; # # #18.9.54.3 Ensure 'Set what information is shared in Search' is set to 'Enabled: Anonymous info' [CIS - Microsoft Windows Server 2012 R2 - 18.9.54.3: Ensure 'Set what information is shared in Search' is set to 'Enabled: Anonymous info'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search -> ConnectedSearchPrivacy -> !3; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search -> !ConnectedSearchPrivacy; # # #18.9.59.1 Ensure 'Turn off KMS Client Online AVS Validation' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.59.1: Ensure 'Turn off KMS Client Online AVS Validation' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform -> NoGenTicket -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform -> !NoGenTicket; # # #18.9.61.3 Ensure 'Turn off the Store application' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.61.3: Ensure 'Turn off the Store application' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore -> RemoveWindowsStore -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore -> !RemoveWindowsStore; # # #18.9.69.3.1 Ensure 'Join Microsoft MAPS' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.69.3.1: Ensure 'Join Microsoft MAPS' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet -> SpynetReporting -> !0; # # #18.9.74.3 Ensure 'Prevent Internet Explorer security prompt for Windows Installer scripts' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.74.3: Ensure 'Join Microsoft MAPS' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer -> SafeForScripting -> !0; # # #18.9.86.2.2 Ensure 'Allow remote server management through WinRM' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.2.2: Ensure 'Allow remote server management through WinRM' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> AllowAutoConfig -> !0; # # #18.9.87.1 Ensure 'Allow Remote Shell Access' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.87.1: Ensure 'Allow Remote Shell Access' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\WinRS -> AllowRemoteShellAccess -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\WinRS -> !AllowRemoteShellAccess; # ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/log4j_check.yml ================================================ policy: id: "log4j_check" file: "log4j_check.yml" name: "Log4j dependency check" description: "This document provides prescriptive guidance for identifying Log4j RCE vulnerability" references: - https://nvd.nist.gov/vuln/detail/CVE-2021-44228 - https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance requirements: title: "Check if Java is present on the machine" description: "Requirements for running the SCA scan against machines with Java on them." condition: all rules: - 'c:sh -c "ps aux | grep java | grep -v grep" -> r:java' checks: - id: 10000 title: "Ensure Log4j is not on the system or under 2.16" description: "The Log4j library is vulnerable to RCE on versions between 2.10 and 2.15." remediation: "Update the log4j library to version 2.16 or set log4j2.formatMsgNoLookups to true if possible." condition: none rules: - 'c:find / -regex ".*log4j.*.jar" -type f -exec sh -c "unzip -p {} META-INF/MANIFEST.MF | grep Implementation-Version" \; -> r: 2.10.| 2.11.| 2.12.| 2.13.| 2.14.| 2.15.' - id: 10001 title: "Ensure Java is not running or is properly configured" description: "The Log4j library is vulnerable to RCE on versions between 2.10 and 2.15." remediation: "Update the log4j library to version 2.16 or set log4j2.formatMsgNoLookups to true if possible." condition: any rules: - 'c:sh -c "ps aux | grep java | grep -v grep" -> r:java && r:Dlog4j2.formatMsgNoLookups=true' ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/merged.mg ================================================ #default !269 ar.conf restart-ossec0 - restart-ossec.sh - 0 restart-ossec0 - restart-ossec.cmd - 0 restart-wazuh0 - restart-ossec.sh - 0 restart-wazuh0 - restart-ossec.cmd - 0 restart-wazuh0 - restart-wazuh - 0 restart-wazuh0 - restart-wazuh.exe - 0 firewall-drop1800 - firewall-drop - 1800 !381 agent.conf yes yes 24h yes /var/ossec/etc/shared/log4j_check.yml syslog /var/log/apache2/access.log !28411 cis_apache2224_rcl.txt # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2017 # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://github.com/ossec/ossec-hids/blob/master/LICENSE # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - p (process running) # - d (any file inside the directory) # # Additional values: # For the registry , use "->" to look for a specific entry and another # "->" to look for the value. # For files, use "->" to look for a specific value in the file. # # Values can be preceeded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for Apache Https Server # Based on Center for Internet Security Benchmark for Apache HttpSserver 2.4 v1.3.1 and Apache HttpsServer 2.2 v3.4.1 (https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308) # # $main-conf=/etc/apache2/apache2.conf,/etc/httpd/conf/httpd.conf; $conf-dirs=/etc/apache2/conf-enabled,/etc/apache2/mods-enabled,/etc/apache2/sites-enabled,/etc/httpd/conf.d,/etc/httpd/modsecurity.d; $ssl-confs=/etc/apache2/mods-enabled/ssl.conf,/etc/httpd/conf.d/ssl.conf; $mods-en=/etc/apache2/mods-enabled; $request-confs=/etc/httpd/conf/httpd.conf,/etc/apache2/mods-enabled/reqtimeout.conf; $traceen=/etc/apache2/apache2.conf,/etc/httpd/conf/httpd.conf,/etc/apache2/conf-enabled/security.conf; # # #2.3 Disable WebDAV Modules [CIS - Apache Configuration - 2.3: WebDAV Modules are enabled] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^# && r:loadmodule\sdav; d:$conf-dirs -> load -> !r:^# && r:loadmodule\sdav; f:/etc/httpd/conf.d -> !r:^# && r:loadmodule\sdav; d:$mods-en -> dav.load; # # #2.4 Disable Status Module [CIS - Apache Configuration - 2.4: Status Module is enabled] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^# && r:loadmodule\sstatus; d:$conf-dirs -> load -> !r:^# && r:loadmodule\sstatus; f:/etc/httpd/conf.d -> !r:^# && r:loadmodule\sstatus; d:$mods-en -> status.load; # # #2.5 Disable Autoindex Module [CIS - Apache Configuration - 2.5: Autoindex Module is enabled] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^# && r:loadmodule\sautoindex; d:$conf-dirs -> load -> !r:^# && r:loadmodule\sautoindex; f:/etc/httpd/conf.d -> !r:^# && r:loadmodule\sautoindex; d:$mods-en -> autoindex.load; # # #2.6 Disable Proxy Modules [CIS - Apache Configuration - 2.6: Proxy Modules are enabled] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^# && r:loadmodule\sproxy; d:$conf-dirs -> load -> !r:^# && r:loadmodule\sproxy; f:/etc/httpd/conf.d -> !r:^# && r:loadmodule\sproxy; d:$mods-en -> proxy.load; # # #2.7 Disable User Directories Modules [CIS - Apache Configuration - 2.7: User Directories Modules are enabled] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^# && r:loadmodule\suserdir; d:$conf-dirs -> load -> !r:^# && r:loadmodule\suserdir; f:/etc/httpd/conf.d -> !r:^# && r:loadmodule\suserdir; d:$mods-en -> userdir.load; # # #2.8 Disable Info Module [CIS - Apache Configuration - 2.8: Info Module is enabled] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^# && r:loadmodule\sinfo; d:$conf-dirs -> load -> !r:^# && r:loadmodule\sinfo; d:$conf-dirs -> conf -> !r:^# && r:loadmodule\sinfo; d:$mods-en -> info.load; # # #3.2 Give the Apache User Account an Invalid Shell [CIS - Apache Configuration - 3.2: Apache User Account has got a valid shell] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:/etc/passwd -> r:/var/www && !r:\.*/bin/false$|/sbin/nologin$; # # #3.3 Lock the Apache User Account [CIS - Apache Configuration - 3.3: Lock the Apache User Account] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:/etc/shadow -> r:^daemon|^wwwrun|^www-data|^apache && !r:\p!\.*$; # # #4.4 Restrict Override for All Directories [CIS - Apache Configuration - 4.4: Restrict Override for All Directories] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^# && !r:\w+ && r:allowoverride && !r:none$; d:$conf-dirs -> conf -> !r:^# && !r:\w+ && r:allowoverridelist; f:$main-conf -> !r:^# && !r:\w+ && r:allowoverride && !r:none$; f:$main-conf -> !r:^# && !r:\w+ && r:allowoverridelist; # # #5.3 Minimize Options for Other Directories [CIS - Apache Configuration - 5.3: Minimize Options for other directories] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^# && r:options\sincludes; f:$main-conf -> !r:^# && r:options\sincludes; # # #5.4.1 Remove default index.html sites [CIS - Apache Configuration - 5.4.1: Remove default index.html sites] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:/var/www -> index.html; d:/var/www/html -> index.html; # # #5.4.2 Remove the Apache user manual [CIS - Apache Configuration - 5.4.2: Remove the Apache user manual] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:/etc/httpd/conf.d -> manual.conf; d:/etc/apache2/conf-enabled -> apache2-doc.conf; # # #5.4.5 Verify that no Handler is enabled [CIS - Apache Configuration - 5.4.5: A Handler is configured] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^# && r:/wsethandler; f:$main-conf -> !r:^# && r:/wsethandler; # # #5.5 Remove default CGI content printenv [CIS - Apache Configuration - 5.5: Remove default CGI content printenv] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:/var/www/cgi-bin -> printenv; d:/usr/lib/cgi-bin -> printenv; # # #5.6 Remove default CGI content test-cgi [CIS - Apache Configuration - 5.6: Remove default CGI content test-cgi] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:/var/www/cgi-bin -> test-cgi; d:/usr/lib/cgi-bin -> test-cgi; # # #5.7 Limit HTTP Request Method [CIS - Apache Configuration - 5.7: Disable HTTP Request Method] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$main-conf -> !r:; # # #5.8 Disable HTTP Trace Method [CIS - Apache Configuration - 5.8: Disable HTTP Trace Method] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$traceen -> !r:^# && r:traceenable\s+on\s*$; # # #5.9 Restrict HTTP Protocol Versions [CIS - Apache Configuration - 5.9: Restrict HTTP Protocol Versions] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:/etc/httpd/conf/httpd.conf -> !r:loadmodule\srewrite; d:$mods-en -> !f:rewrite.load; f:$main-conf -> !r:rewriteengine\son; f:$main-conf -> !r:rewritecond && !r:%{THE_REQUEST} && !r:!HTTP/1\\.1\$; f:$main-conf -> !r:rewriterule && !r:.* - [F]; # # #5.12 Deny IP Address Based Requests [CIS - Apache Configuration - 5.12: Deny IP Address Based Requests] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:/etc/httpd/conf/httpd.conf -> !r:loadmodule\srewrite; d:$mods-en -> !f:rewrite.load; f:$main-conf -> !r:rewriteengine\son; f:$main-conf -> !r:rewritecond && !r:%{HTTP_HOST} && !r:www\\.\w+\\.\w+ [NC]$; f:$main-conf -> !r:rewritecond && !r:%{REQUEST_URI} && !r:/error [NC]$; f:$main-conf -> !r:rewriterule && !r:.\(.*\) - [L,F]$; # # #5.13 Restrict Listen Directive [CIS - Apache Configuration - 5.13: Restrict Listen Directive] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^# && r:listen\s80$; d:$conf-dirs -> conf -> !r:^# && r:listen\s0.0.0.0\p80; d:$conf-dirs -> conf -> !r:^# && r:listen\s[\p\pffff\p0.0.0.0]\p80; f:$main-conf -> !r:^# && r:listen\s80$; f:$main-conf -> !r:^# && r:listen\s0.0.0.0\p\d*; f:$main-conf -> !r:^# && r:listen\s[\p\pffff\p0.0.0.0]\p\d*; f:/etc/apache2/sites-enabled/000-default.conf -> !r:^# && r:listen\s80$; f:/etc/apache2/sites-enabled/000-default.conf -> !r:^# && r:listen\s0.0.0.0\p\d*; f:/etc/apache2/sites-enabled/000-default.conf -> !r:^# && r:listen\s[\p\pffff\p0.0.0.0]\p\d*; f:/etc/apache2/ports.conf -> !r:^# && r:listen\s80$; f:/etc/apache2/ports.conf -> !r:^# && r:listen\s0.0.0.0\p\d*; f:/etc/apache2/ports.conf -> !r:^# && r:listen\s[\p\pffff\p0.0.0.0]\p\d*; # # #5.14 Restrict Browser Frame Options [CIS - Apache Configuration - 5.14: Restrict Browser Frame Options] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$main-conf -> !r:header\salways\sappend\sx-frame-options && !r:sameorigin|deny; # # #6.1 Configure the Error Log to notice at least [CIS - Apache Configuration - 6.1: Configure the Error Log to notice at least] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$main-conf -> !r:^# && r:loglevel\snotice\score\p && r:warn|emerg|alert|crit|error|notice; f:$main-conf -> !r:loglevel\snotice\score\p && !r:info|debug; # # #6.2 Configure a Syslog facility for Error Log [CIS - Apache Configuration - 6.2: Configure a Syslog facility for Error Log] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$main-conf -> !r:errorlog\s+\p*syslog\p\.*\p*; # # #7.6 Disable SSL Insecure Renegotiation [CIS - Apache Configuration - 7.6: Disable SSL Insecure Renegotiation] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$ssl-confs -> !r:^\t*\s*# && r:sslinsecurerenegotiation\s+on\s*; f:$ssl-confs -> !r:^\t*\s*# && r:sslinsecurerenegotiation\s*$; # # #7.7 Ensure SSL Compression is not enabled [CIS - Apache Configuration - 7.7: Ensure SSL Compression is not enabled] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$ssl-confs -> !r:^\t*\s*# && r:sslcompression\s+on\s*; f:$ssl-confs -> !r:^\t*\s*# && r:sslcompression\s*$; # # #7.8 Disable SSL TLS v1.0 Protocol [CIS - Apache Configuration - 7.8: Disable insecure TLS Protocol] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$ssl-confs -> !r:^\t*\s*sslprotocol; f:$ssl-confs -> !r:^\t*\s*# && r:sslprotocol\s+all; f:$ssl-confs -> !r:^\t*\s*# && r:sslprotocol\s+\.*tlsv1\P\s*; f:$ssl-confs -> !r:^\t*\s*# && r:sslprotocol\s+\.*sslv2\P\s*; f:$ssl-confs -> !r:^\t*\s*# && r:sslprotocol\s+\.*sslv3\P\s*; # # #7.9 Enable OCSP Stapling [CIS - Apache Configuration - 7.9: Enable OCSP Stapling] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:/etc/httpd/conf/httpd.conf -> !r:^loadmodule\s+ssl; d:$mods-en -> !f:ssl.load; f:$ssl-confs -> !r:\t*\s*# && r:sslusestapling\s+off; f:$ssl-confs -> !r:\t*\s*sslusestapling\s+on; f:$ssl-confs -> !r:\t*\s*sslstaplingcache\s+\.+; # # #7.10 Enable HTTP Strict Transport Security [CIS - Apache Configuration - 7.10: Enable HTTP Strict Transport Security] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:/etc/apache2/apache2.conf -> !r:Header\salways\sset\sStrict-Transport-Security\s"max-age=\d\d\d\d*"; f:/etc/apache2/apache2.conf -> !r:^# && r:Header\salways\sset\sStrict-Transport-Security\s"max-age=1\d\d"; f:/etc/apache2/apache2.conf -> !r:^# && r:Header\salways\sset\sStrict-Transport-Security\s"max-age=2\d\d"; f:/etc/apache2/apache2.conf -> !r:^# && r:Header\salways\sset\sStrict-Transport-Security\s"max-age=3\d\d"; f:/etc/apache2/apache2.conf -> !r:^# && r:Header\salways\sset\sStrict-Transport-Security\s"max-age=4\d\d"; f:/etc/apache2/apache2.conf -> !r:^# && r:Header\salways\sset\sStrict-Transport-Security\s"max-age=5\d\d"; # # #8.1 Set ServerToken to Prod or ProductOnly [CIS - Apache Configuration - 8.1: Set ServerToken to Prod or ProductOnly] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^# && r:servertokens\s+major; d:$conf-dirs -> conf -> !r:^# && r:servertokens\s+minor; d:$conf-dirs -> conf -> !r:^# && r:servertokens\s+min; d:$conf-dirs -> conf -> !r:^# && r:servertokens\s+minimal; d:$conf-dirs -> conf -> !r:^# && r:servertokens\s+os; d:$conf-dirs -> conf -> !r:^# && r:servertokens\s+full; # # #8.2: Set ServerSignature to Off [CIS - Apache Configuration - 8.2: Set ServerSignature to Off] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^# && r:serversignature\s+email; d:$conf-dirs -> conf -> !r:^# && r:serversignature\s+on; # # #8.3: Prevent Information Leakage via Default Apache Content [CIS - Apache Configuration - 8.3: Prevent Information Leakage via Default Apache Content] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] d:$conf-dirs -> conf -> !r:^\t*\s*# && r:include\s*\w*httpd-autoindex.conf; d:$conf-dirs -> conf -> !r:^\t*\s*# && r:alias\s*/icons/\s*\.*; # # #9.1:Set TimeOut to 10 or less [CIS - Apache Configuration - 9.1: Set TimeOut to 10 or less] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$main-conf -> !r:^# && r:timeout\s+9\d; f:$main-conf -> !r:^# && r:timeout\s+8\d; f:$main-conf -> !r:^# && r:timeout\s+7\d; f:$main-conf -> !r:^# && r:timeout\s+6\d; f:$main-conf -> !r:^# && r:timeout\s+5\d; f:$main-conf -> !r:^# && r:timeout\s+4\d; f:$main-conf -> !r:^# && r:timeout\s+3\d; f:$main-conf -> !r:^# && r:timeout\s+2\d; f:$main-conf -> !r:^# && r:timeout\s+11; f:$main-conf -> !r:^# && r:timeout\s+12; f:$main-conf -> !r:^# && r:timeout\s+13; f:$main-conf -> !r:^# && r:timeout\s+14; f:$main-conf -> !r:^# && r:timeout\s+15; f:$main-conf -> !r:^# && r:timeout\s+16; f:$main-conf -> !r:^# && r:timeout\s+17; f:$main-conf -> !r:^# && r:timeout\s+18; f:$main-conf -> !r:^# && r:timeout\s+19; f:$main-conf -> !r:^timeout\s+\d\d*; f:$main-conf -> !r:^# && r:timeout\s+\d\d\d+; # # #9.2:Set the KeepAlive directive to On [CIS - Apache Configuration - 9.2: Set the KeepAlive directive to On] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$main-conf -> !r:^# && r:keepalive\s+off; f:$main-conf -> !r:keepalive\s+on; # # #9.3:Set MaxKeepAliveRequests to 100 or greater [CIS - Apache Configuration - 9.3: Set MaxKeepAliveRequest to 100 or greater] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$main-conf -> !r:^maxkeepaliverequests\s+\d\d\d+; # # #9.4: Set KeepAliveTimeout Low to Mitigate Denial of Service [CIS - Apache Configuration - 9.4: Set KeepAliveTimeout Low] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$main-conf -> !r:keepalivetimeout\s+\d\d*; f:$main-conf -> !r:^# && r:keepalivetimeout\s+16; f:$main-conf -> !r:^# && r:keepalivetimeout\s+17; f:$main-conf -> !r:^# && r:keepalivetimeout\s+18; f:$main-conf -> !r:^# && r:keepalivetimeout\s+19; f:$main-conf -> !r:^# && r:keepalivetimeout\s+2\d; f:$main-conf -> !r:^# && r:keepalivetimeout\s+3\d; f:$main-conf -> !r:^# && r:keepalivetimeout\s+4\d; f:$main-conf -> !r:^# && r:keepalivetimeout\s+5\d; f:$main-conf -> !r:^# && r:keepalivetimeout\s+6\d; f:$main-conf -> !r:^# && r:keepalivetimeout\s+7\d; f:$main-conf -> !r:^# && r:keepalivetimeout\s+8\d; f:$main-conf -> !r:^# && r:keepalivetimeout\s+9\d; f:$main-conf -> !r:^# && r:keepalivetimeout\s+\d\d\d+; # # #9.5 Set Timeout Limits for Request Headers [CIS - Apache Configuration - 9.5: Set Timeout Limits for Request Headers] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:/etc/httpd/conf/httpd.conf -> !r:^loadmodule\s+reqtimeout; d:$mods-en -> !f:reqtimeout.load; f:$request-confs -> !r:^\t*\s*requestreadtimeout\.+header\p\d\d*\D\d\d*; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D41; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D42; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D43; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D44; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D45; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D46; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D47; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D48; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D49; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D5\d; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D6\d; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D7\d; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D8\d; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D9\d; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+header\p\d\d\D\d\d\d+; # # #9.6 Set Timeout Limits for Request Body [CIS - Apache Configuration - 9.6: Set Timeout Limits for Request Body] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:/etc/httpd/conf/httpd.conf -> !r:^loadmodule\s+reqtimeout; d:$mods-en -> !f:reqtimeout.load; f:$request-confs -> !r:\t*\s*requestreadtimeout\.+body\p\d\d*; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p21; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p22; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p23; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p24; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p25; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p26; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p27; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p28; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p29; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p3\d; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p4\d; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p5\d; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p6\d; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p7\d; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p8\d; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p9\d; f:$request-confs -> !r:^\t*\s*# && r:\t*\s*requestreadtimeout\.+body\p\d\d\d+; # # #10.1 Set the LimitRequestLine directive to 512 or less [CIS - Apache Configuration - 10.1: Set LimitRequestLine to 512 or less] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$main-conf -> !r:^limitrequestline\s+\d\d\d; f:$main-conf -> !r:^# && r:limitrequestline\s+5\13; f:$main-conf -> !r:^# && r:limitrequestline\s+5\14; f:$main-conf -> !r:^# && r:limitrequestline\s+5\15; f:$main-conf -> !r:^# && r:limitrequestline\s+5\16; f:$main-conf -> !r:^# && r:limitrequestline\s+5\17; f:$main-conf -> !r:^# && r:limitrequestline\s+5\18; f:$main-conf -> !r:^# && r:limitrequestline\s+5\19; f:$main-conf -> !r:^# && r:limitrequestline\s+5\2\d; f:$main-conf -> !r:^# && r:limitrequestline\s+5\3\d; f:$main-conf -> !r:^# && r:limitrequestline\s+5\4\d; f:$main-conf -> !r:^# && r:limitrequestline\s+5\5\d; f:$main-conf -> !r:^# && r:limitrequestline\s+5\6\d; f:$main-conf -> !r:^# && r:limitrequestline\s+5\7\d; f:$main-conf -> !r:^# && r:limitrequestline\s+5\8\d; f:$main-conf -> !r:^# && r:limitrequestline\s+5\9\d; f:$main-conf -> !r:^# && r:limitrequestline\s+6\d\d; f:$main-conf -> !r:^# && r:limitrequestline\s+7\d\d; f:$main-conf -> !r:^# && r:limitrequestline\s+8\d\d; f:$main-conf -> !r:^# && r:limitrequestline\s+9\d\d; f:$main-conf -> !r:^# && r:limitrequestline\s+\d\d\d\d+; # # #10.2 Set the LimitRequestFields directive to 100 or less [CIS - Apache Configuration - 10.2: Set LimitRequestFields to 100 or less] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$main-conf -> !r:^limitrequestfields\s\d\d*; f:$main-conf -> !r:^# && r:limitrequestfields\s+1\d1; f:$main-conf -> !r:^# && r:limitrequestfields\s+1\d2; f:$main-conf -> !r:^# && r:limitrequestfields\s+1\d3; f:$main-conf -> !r:^# && r:limitrequestfields\s+1\d4; f:$main-conf -> !r:^# && r:limitrequestfields\s+1\d5; f:$main-conf -> !r:^# && r:limitrequestfields\s+1\d6; f:$main-conf -> !r:^# && r:limitrequestfields\s+1\d7; f:$main-conf -> !r:^# && r:limitrequestfields\s+1\d8; f:$main-conf -> !r:^# && r:limitrequestfields\s+1\d9; f:$main-conf -> !r:^# && r:limitrequestfields\s+11\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+12\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+13\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+14\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+15\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+16\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+17\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+18\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+19\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+2\d\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+3\d\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+4\d\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+5\d\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+6\d\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+7\d\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+8\d\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+9\d\d; f:$main-conf -> !r:^# && r:limitrequestfields\s+\d\d\d\d+; # # #10.3 Set the LimitRequestFieldsize directive to 1024 or less [CIS - Apache Configuration - 10.3: Set LimitRequestFieldsize to 1024 or less] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$main-conf -> !r:^limitrequestfieldsize\s+\d\d*; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+1\d25; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+1\d26; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+1\d27; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+1\d28; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+1\d29; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+1\d3\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+1\d4\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+1\d5\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+1\d6\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+1\d7\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+1\d8\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+1\d9\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+11\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+12\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+13\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+14\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+15\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+16\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+17\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+18\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+19\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+2\d\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+3\d\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+4\d\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+5\d\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+6\d\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+7\d\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+8\d\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+9\d\d\d; f:$main-conf -> !r:^# && r:limitrequestfieldsize\s+\d\d\d\d\d+; # # #10.4 Set the LimitRequestBody directive to 102400 or less [CIS - Apache Configuration - 10.4: Set LimitRequestBody to 102400 or less] [any] [https://workbench.cisecurity.org/benchmarks/307, https://workbench.cisecurity.org/benchmarks/308] f:$main-conf -> !r:^limitrequestbody\s+\d\d*; f:$main-conf -> !r:^# && r:limitrequestbody\s+0\s*$; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d24\d1; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d24\d2; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d24\d3; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d24\d4; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d24\d5; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d24\d6; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d24\d7; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d24\d8; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d24\d9; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d241\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d242\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d243\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d244\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d245\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d246\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d247\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d248\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d249\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d25\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d26\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d27\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d28\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d29\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d3\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d4\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d5\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d6\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d7\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d8\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+1\d9\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+11\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+12\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+13\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+14\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+15\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+16\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+17\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+18\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+19\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+2\d\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+3\d\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+4\d\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+5\d\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+6\d\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+7\d\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+8\d\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+9\d\d\d\d\d; f:$main-conf -> !r:^# && r:limitrequestbody\s+\d\d\d\d\d\d\d+; !12576 cis_debian_linux_rcl.txt # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2008 Daniel B. Cid - dcid@ossec.net # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://www.gnu.org/licenses/gpl.html # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - p (process running) # - d (any file inside the directory) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for Debian/Ubuntu # Based on Center for Internet Security Benchmark for Debian Linux v1.0 # Main one. Only valid for Debian/Ubuntu. [CIS - Testing against the CIS Debian Linux Benchmark v1.0] [all required] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/debian_version; f:/proc/sys/kernel/ostype -> Linux; # Section 1.4 - Partition scheme. [CIS - Debian Linux - 1.4 - Robust partition scheme - /tmp is not on its own partition {CIS: 1.4 Debian Linux}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/fstab -> !r:/tmp; [CIS - Debian Linux - 1.4 - Robust partition scheme - /opt is not on its own partition {CIS: 1.4 Debian Linux}] [all] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/opt; f:/etc/fstab -> !r:/opt; [CIS - Debian Linux - 1.4 - Robust partition scheme - /var is not on its own partition {CIS: 1.4 Debian Linux}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/fstab -> !r:/var; # Section 2.3 - SSH configuration [CIS - Debian Linux - 2.3 - SSH Configuration - Protocol version 1 enabled {CIS: 2.3 Debian Linux} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:Protocol\.+1; [CIS - Debian Linux - 2.3 - SSH Configuration - IgnoreRHosts disabled {CIS: 2.3 Debian Linux} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:IgnoreRhosts\.+no; [CIS - Debian Linux - 2.3 - SSH Configuration - Empty passwords permitted {CIS: 2.3 Debian Linux} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:^PermitEmptyPasswords\.+yes; [CIS - Debian Linux - 2.3 - SSH Configuration - Host based authentication enabled {CIS: 2.3 Debian Linux} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:HostbasedAuthentication\.+yes; [CIS - Debian Linux - 2.3 - SSH Configuration - Root login allowed {CIS: 2.3 Debian Linux} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:PermitRootLogin\.+yes; # Section 2.4 Enable system accounting #[CIS - Debian Linux - 2.4 - System Accounting - Sysstat not installed {CIS: 2.4 Debian Linux}] [all] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] #f:!/etc/default/sysstat; #f:!/var/log/sysstat; #[CIS - Debian Linux - 2.4 - System Accounting - Sysstat not enabled {CIS: 2.4 Debian Linux}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] #f:!/etc/default/sysstat; #f:/etc/default/sysstat -> !r:^# && r:ENABLED="false"; # Section 2.5 Install and run Bastille #[CIS - Debian Linux - 2.5 - System harderning - Bastille is not installed {CIS: 2.5 Debian Linux}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] #f:!/etc/Bastille; # Section 2.6 Ensure sources.list Sanity [CIS - Debian Linux - 2.6 - Sources list sanity - Security updates not enabled {CIS: 2.6 Debian Linux} {PCI_DSS: 6.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:!/etc/apt/sources.list; f:!/etc/apt/sources.list -> !r:^# && r:http://security.debian|http://security.ubuntu; # Section 3 - Minimize inetd services [CIS - Debian Linux - 3.3 - Telnet enabled on inetd {CIS: 3.3 Debian Linux} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/inetd.conf -> !r:^# && r:telnet; [CIS - Debian Linux - 3.4 - FTP enabled on inetd {CIS: 3.4 Debian Linux} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/inetd.conf -> !r:^# && r:/ftp; [CIS - Debian Linux - 3.5 - rsh/rlogin/rcp enabled on inetd {CIS: 3.5 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/inetd.conf -> !r:^# && r:shell|login; [CIS - Debian Linux - 3.6 - tftpd enabled on inetd {CIS: 3.6 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/inetd.conf -> !r:^# && r:tftp; [CIS - Debian Linux - 3.7 - imap enabled on inetd {CIS: 3.7 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/inetd.conf -> !r:^# && r:imap; [CIS - Debian Linux - 3.8 - pop3 enabled on inetd {CIS: 3.8 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/inetd.conf -> !r:^# && r:pop; [CIS - Debian Linux - 3.9 - Ident enabled on inetd {CIS: 3.9 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/inetd.conf -> !r:^# && r:ident; # Section 4 - Minimize boot services [CIS - Debian Linux - 4.1 - Disable inetd - Inetd enabled but no services running {CIS: 4.1 Debian Linux} {PCI_DSS: 2.2.2}] [all] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] p:inetd; f:!/etc/inetd.conf -> !r:^# && r:wait; [CIS - Debian Linux - 4.3 - GUI login enabled {CIS: 4.3 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/inittab -> !r:^# && r:id:5; [CIS - Debian Linux - 4.6 - Disable standard boot services - Samba Enabled {CIS: 4.6 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/init.d/samba; [CIS - Debian Linux - 4.7 - Disable standard boot services - NFS Enabled {CIS: 4.7 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/init.d/nfs-common; f:/etc/init.d/nfs-user-server; f:/etc/init.d/nfs-kernel-server; [CIS - Debian Linux - 4.9 - Disable standard boot services - NIS Enabled {CIS: 4.9 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/init.d/nis; [CIS - Debian Linux - 4.13 - Disable standard boot services - Web server Enabled {CIS: 4.13 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/init.d/apache; f:/etc/init.d/apache2; [CIS - Debian Linux - 4.15 - Disable standard boot services - DNS server Enabled {CIS: 4.15 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/init.d/bind; [CIS - Debian Linux - 4.16 - Disable standard boot services - MySQL server Enabled {CIS: 4.16 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/init.d/mysql; [CIS - Debian Linux - 4.16 - Disable standard boot services - PostgreSQL server Enabled {CIS: 4.16 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/init.d/postgresql; [CIS - Debian Linux - 4.17 - Disable standard boot services - Webmin Enabled {CIS: 4.17 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/init.d/webmin; [CIS - Debian Linux - 4.18 - Disable standard boot services - Squid Enabled {CIS: 4.18 Debian Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/init.d/squid; # Section 5 - Kernel tuning [CIS - Debian Linux - 5.1 - Network parameters - Source routing accepted {CIS: 5.1 Debian Linux}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/proc/sys/net/ipv4/conf/all/accept_source_route -> 1; [CIS - Debian Linux - 5.1 - Network parameters - ICMP broadcasts accepted {CIS: 5.1 Debian Linux}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts -> 0; [CIS - Debian Linux - 5.2 - Network parameters - IP Forwarding enabled {CIS: 5.2 Debian Linux}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/proc/sys/net/ipv4/ip_forward -> 1; f:/proc/sys/net/ipv6/ip_forward -> 1; # Section 7 - Permissions [CIS - Debian Linux - 7.1 - Partition /var without 'nodev' set {CIS: 7.1 Debian Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/fstab -> !r:^# && r:ext2|ext3 && r:/var && !r:nodev; [CIS - Debian Linux - 7.1 - Partition /tmp without 'nodev' set {CIS: 7.1 Debian Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/fstab -> !r:^# && r:ext2|ext3 && r:/tmp && !r:nodev; [CIS - Debian Linux - 7.1 - Partition /opt without 'nodev' set {CIS: 7.1 Debian Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/fstab -> !r:^# && r:ext2|ext3 && r:/opt && !r:nodev; [CIS - Debian Linux - 7.1 - Partition /home without 'nodev' set {CIS: 7.1 Debian Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/fstab -> !r:^# && r:ext2|ext3 && r:/home && !r:nodev ; [CIS - Debian Linux - 7.2 - Removable partition /media without 'nodev' set {CIS: 7.2 Debian Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nodev; [CIS - Debian Linux - 7.2 - Removable partition /media without 'nosuid' set {CIS: 7.2 Debian Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nosuid; [CIS - Debian Linux - 7.3 - User-mounted removable partition /media {CIS: 7.3 Debian Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/fstab -> !r:^# && r:/media && r:user; # Section 8 - Access and authentication [CIS - Debian Linux - 8.8 - LILO Password not set {CIS: 8.8 Debian Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/lilo.conf -> !r:^# && !r:restricted; f:/etc/lilo.conf -> !r:^# && !r:password=; [CIS - Debian Linux - 8.8 - GRUB Password not set {CIS: 8.8 Debian Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/boot/grub/menu.lst -> !r:^# && !r:password; [CIS - Debian Linux - 9.2 - Account with empty password present {CIS: 9.2 Debian Linux} {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/shadow -> r:^\w+::; [CIS - Debian Linux - 13.11 - Non-root account with uid 0 {CIS: 13.11 Debian Linux} {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf] f:/etc/passwd -> !r:^# && !r:^root: && r:^\w+:\w+:0:; !7609 cis_mysql5-6_community_rcl.txt # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2017 # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://github.com/ossec/ossec-hids/blob/master/LICENSE # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - p (process running) # - d (any file inside the directory) # # Additional values: # For the registry , use "->" to look for a specific entry and another # "->" to look for the value. # For files, use "->" to look for a specific value in the file. # # Values can be preceeded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for MYSQL # Based on Center for Internet Security Benchmark for MYSQL v1.1.0 # $home_dirs=/usr2/home/*,/home/*,/home,/*/home/*,/*/home,/; $enviroment_files=/*/home/*/\.bashrc,/*/home/*/\.profile,/*/home/*/\.bash_profile,/home/*/\.bashrc,/home/*/\.profile,/home/*/\.bash_profile; $mysql-cnfs=/etc/mysql/my.cnf,/etc/mysql/mariadb.cnf,/etc/mysql/conf.d/*.cnf,/etc/mysql/mariadb.conf.d/*.cnf,~/.my.cnf; # # #1.3 Disable MySQL Command History [CIS - MySQL Configuration - 1.3: Disable MySQL Command History] [any] [https://workbench.cisecurity.org/files/1310/download] d:$home_dirs -> ^.mysql_history$; # # #1.5 Disable Interactive Login [CIS - MySQL Configuration - 1.5: Disable Interactive Login] [any] [https://workbench.cisecurity.org/files/1310/download] f:/etc/passwd -> r:^mysql && !r:\.*/bin/false$|/sbin/nologin$; # # #1.6 Verify That 'MYSQL_PWD' Is Not In Use [CIS - MySQL Configuration - 1.6: 'MYSQL_PWD' Is in Use] [any] [https://workbench.cisecurity.org/files/1310/download] f:$enviroment_files -> r:\.*MYSQL_PWD\.*; # # #4.3 Ensure 'allow-suspicious-udfs' Is Set to 'FALSE' [CIS - MySQL Configuration - 4.3: 'allow-suspicious-udfs' Is Set in my.cnf'] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:allow-suspicious-udfs\.+true; f:$mysql-cnfs -> r:allow-suspicious-udfs\s*$; # # #4.4 Ensure 'local_infile' Is Disabled [CIS - MySQL Configuration - 4.4: local_infile is not forbidden in my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:local-infile\s*=\s*1; f:$mysql-cnfs -> r:local-infile\s*$; # # #4.5 Ensure 'mysqld' Is Not Started with '--skip-grant-tables' [CIS - MySQL Configuration - 4.5: skip-grant-tables is set in my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:skip-grant-tables\s*=\s*true; f:$mysql-cnfs -> !r:skip-grant-tables\s*=\s*false; f:$mysql-cnfs -> r:skip-grant-tables\s*$; # # #4.6 Ensure '--skip-symbolic-links' Is Enabled [CIS - MySQL Configuration - 4.6: skip_symbolic_links is not enabled in my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:skip_symbolic_links\s*=\s*no; f:$mysql-cnfs -> !r:skip_symbolic_links\s*=\s*yes; f:$mysql-cnfs -> r:skip_symbolic_links\s*$; # # #4.8 Ensure 'secure_file_priv' is not empty [CIS - MySQL Configuration - 4.8: Ensure 'secure_file_priv' is not empty] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> r:^# && r:secure_file_priv=\s*\S+\s*; f:$mysql-cnfs -> !r:secure_file_priv=\s*\S+\s*; f:$mysql-cnfs -> r:secure_file_priv\s*$; # # #4.9 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES' [CIS - MySQL Configuration - 4.9: strict_all_tables is not set at sql_mode section of my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:strict_all_tables\s*$; # # #6.1 Ensure 'log_error' is not empty [CIS - MySQL Configuration - 6.1: log-error is not set in my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> r:^# && r:log_error\s*=\s*\S+\s*; f:$mysql-cnfs -> !r:log_error\s*=\s*\S+\s*; f:$mysql-cnfs -> r:log_error\s*$; # # #6.2 Ensure Log Files are not Stored on a non-system partition [CIS - MySQL Configuration - 6.2: log files are maybe stored on systempartition] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:log_bin= && !r:\s*/\S*\s*; f:$mysql-cnfs -> !r:^# && r:log_bin= && !r:\s*/var/\S*\s*; f:$mysql-cnfs -> !r:^# && r:log_bin= && !r:\s*/usr/\S*\s*; f:$mysql-cnfs -> r:log_bin\s*$; # # #6.3 Ensure 'log_warning' is set to 2 at least [CIS - MySQL Configuration - 6.3: log warnings is set low] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:log_warnings\s*=\s*0; f:$mysql-cnfs -> !r:^# && r:log_warnings\s*=\s*1; f:$mysql-cnfs -> !r:log_warnings\s*=\s*\d+; f:$mysql-cnfs -> r:log_warnings\s*$; # # #6.5 Ensure 'log_raw' is set to 'off' [CIS - MySQL Configuration - 6.5: log_raw is not set to off] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:log-raw\s*=\s*on; f:$mysql-cnfs -> r:log-raw\s*$; # # #7.1 Ensure 'old_password' is not set to '1' or 'On' [CIS - MySQL Configuration - 7.1:Ensure 'old_passwords' is not set to '1' or 'on'] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:old_passwords\s*=\s*1; f:$mysql-cnfs -> !r:^# && r:old_passwords\s*=\s*on; f:$mysql-cnfs -> !r:old_passwords\s*=\s*2; f:$mysql-cnfs -> r:old_passwords\s*$; # # #7.2 Ensure 'secure_auth' is set to 'ON' [CIS - MySQL Configuration - 7.2: Ensure 'secure_auth' is set to 'ON'] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:secure_auth\s*=\s*off; f:$mysql-cnfs -> !r:secure_auth\s*=\s*on; f:$mysql-cnfs -> r:secure_auth\s*$; # # #7.3 Ensure Passwords Are Not Stored in the Global Configuration [CIS - MySQL Configuration - 7.3: Passwords are stored in global configuration] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:^\s*password\.*; # # #7.4 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' [CIS - MySQL Configuration - 7.4: Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER'] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:no_auto_create_user\s*$; f:$mysql-cnfs -> r:^# && r:\s*no_auto_create_user\s*$; # # #7.6 Ensure Password Policy is in Place [CIS - MySQL Configuration - 7.6: Ensure Password Policy is in Place ] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:plugin-load\s*=\s*validate_password.so\s*$; f:$mysql-cnfs -> !r:validate-password\s*=\s*force_plus_permanent\s*$; f:$mysql-cnfs -> !r:validate_password_length\s*=\s*14\s$; f:$mysql-cnfs -> !r:validate_password_mixed_case_count\s*=\s*1\s*$; f:$mysql-cnfs -> !r:validate_password_number_count\s*=\s*1\s*$; f:$mysql-cnfs -> !r:validate_password_special_char_count\s*=\s*1; f:$mysql-cnfs -> !r:validate_password_policy\s*=\s*medium\s*; # # #9.2 Ensure 'master_info_repository' is set to 'Table' [CIS - MySQL Configuration - 9.2: Ensure 'master_info_repositrory' is set to 'Table'] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:master_info_repository\s*=\s*file; f:$mysql-cnfs -> !r:master_info_repository\s*=\s*table; f:$mysql-cnfs -> r:master_info_repository\s*$; !10297 cis_mysql5-6_enterprise_rcl.txt # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2017 # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://github.com/ossec/ossec-hids/blob/master/LICENSE # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - p (process running) # - d (any file inside the directory) # # Additional values: # For the registry , use "->" to look for a specific entry and another # "->" to look for the value. # For files, use "->" to look for a specific value in the file. # # Values can be preceeded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for MYSQL # Based on Center for Internet Security Benchmark for MYSQL v1.1.0 # $home_dirs=/usr2/home/*,/home/*,/home,/*/home/*,/*/home,/; $enviroment_files=/*/home/*/\.bashrc,/*/home/*/\.profile,/*/home/*/\.bash_profile,/home/*/\.bashrc,/home/*/\.profile,/home/*/\.bash_profile; $mysql-cnfs=/etc/mysql/my.cnf,/etc/mysql/mariadb.cnf,/etc/mysql/conf.d/*.cnf,/etc/mysql/mariadb.conf.d/*.cnf,~/.my.cnf; # # #1.3 Disable MySQL Command History [CIS - MySQL Configuration - 1.3: Disable MySQL Command History] [any] [https://workbench.cisecurity.org/files/1310/download] d:$home_dirs -> ^.mysql_history$; # # #1.5 Disable Interactive Login [CIS - MySQL Configuration - 1.5: Disable Interactive Login] [any] [https://workbench.cisecurity.org/files/1310/download] f:/etc/passwd -> r:^mysql && !r:\.*/bin/false$|/sbin/nologin$; # # #1.6 Verify That 'MYSQL_PWD' Is Not In Use [CIS - MySQL Configuration - 1.6: 'MYSQL_PWD' Is in Use] [any] [https://workbench.cisecurity.org/files/1310/download] f:$enviroment_files -> r:\.*MYSQL_PWD\.*; # # #4.3 Ensure 'allow-suspicious-udfs' Is Set to 'FALSE' [CIS - MySQL Configuration - 4.3: 'allow-suspicious-udfs' Is Set in my.cnf'] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:allow-suspicious-udfs\.+true; f:$mysql-cnfs -> r:allow-suspicious-udfs\s*$; # # #4.4 Ensure 'local_infile' Is Disabled [CIS - MySQL Configuration - 4.4: local_infile is not forbidden in my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:local-infile\s*=\s*1; f:$mysql-cnfs -> r:local-infile\s*$; # # #4.5 Ensure 'mysqld' Is Not Started with '--skip-grant-tables' [CIS - MySQL Configuration - 4.5: skip-grant-tables is set in my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:skip-grant-tables\s*=\s*true; f:$mysql-cnfs -> !r:skip-grant-tables\s*=\s*false; f:$mysql-cnfs -> r:skip-grant-tables\s*$; # # #4.6 Ensure '--skip-symbolic-links' Is Enabled [CIS - MySQL Configuration - 4.6: skip_symbolic_links is not enabled in my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:skip_symbolic_links\s*=\s*no; f:$mysql-cnfs -> !r:skip_symbolic_links\s*=\s*yes; f:$mysql-cnfs -> r:skip_symbolic_links\s*$; # # #4.8 Ensure 'secure_file_priv' is not empty [CIS - MySQL Configuration - 4.8: Ensure 'secure_file_priv' is not empty] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> r:^# && r:secure_file_priv=\s*\S+\s*; f:$mysql-cnfs -> !r:secure_file_priv=\s*\S+\s*; f:$mysql-cnfs -> r:secure_file_priv\s*$; # # #4.9 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES' [CIS - MySQL Configuration - 4.9: strict_all_tables is not set at sql_mode section of my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:strict_all_tables\s*$; # # #6.1 Ensure 'log_error' is not empty [CIS - MySQL Configuration - 6.1: log-error is not set in my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> r:^# && r:log_error\s*=\s*\S+\s*; f:$mysql-cnfs -> !r:log_error\s*=\s*\S+\s*; f:$mysql-cnfs -> r:log_error\s*$; # # #6.2 Ensure Log Files are not Stored on a non-system partition [CIS - MySQL Configuration - 6.2: log files are maybe stored on systempartition] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:log_bin= && !r:\s*/\S*\s*; f:$mysql-cnfs -> !r:^# && r:log_bin= && !r:\s*/var/\S*\s*; f:$mysql-cnfs -> !r:^# && r:log_bin= && !r:\s*/usr/\S*\s*; f:$mysql-cnfs -> r:log_bin\s*$; # # #6.3 Ensure 'log_warning' is set to 2 at least [CIS - MySQL Configuration - 6.3: log warnings is set low] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:log_warnings\s*=\s*0; f:$mysql-cnfs -> !r:^# && r:log_warnings\s*=\s*1; f:$mysql-cnfs -> !r:log_warnings\s*=\s*\d+; f:$mysql-cnfs -> r:log_warnings\s*$; # # #6.4 Ensure 'log_raw' is set to 'off' [CIS - MySQL Configuration - 6.4: log_raw is not set to off] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:log-raw\s*=\s*on; f:$mysql-cnfs -> r:log-raw\s*$; # # #6.5 Ensure audit_log_connection_policy is not set to 'none' [CIS - MySQL Configuration - 6.5: audit_log_connection_policy is set to 'none' change it to all or erros] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r^# && r::audit_log_connection_policy\s*=\s*none; f:$mysql-cnfs -> r:audit_log_connection_policy\s*$; # # #6.6 Ensure audit_log_exclude_account is set to Null [CIS - MySQL Configuration - 6.6:audit_log_exclude_accounts is not set to Null] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:audit_log_exclude_accounts\s*=\s* && !r:null\s*$; f:$mysql-cnfs -> r:audit_log_exclude_accounts\s*$; # # #6.7 Ensure audit_log_include_accounts is set to Null [CIS - MySQL Configuration - 6.7:audit_log_include_accounts is not set to Null] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:audit_log_include_accounts\s*=\s* && !r:null\s*$; f:$mysql-cnfs -> r:audit_log_include_accounts\s*$; # # #6.9 Ensure audit_log_policy is not set to all [CIS - MySQL Configuration - 6.9: audit_log_policy is not set to all] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:audit_log_policy\s*=\s*queries; f:$mysql-cnfs -> !r:^# && r:audit_log_policy\s*=\s*none; f:$mysql-cnfs -> !r:^# && r:audit_log_policy\s*=\s*logins; f:$mysql-cnfs -> r:audit_log_policy\s*$; # # #6.10 Ensure audit_log_statement_policy is set to all [CIS - MySQL Configuration - 6.10: Ensure audit_log_statement_policy is set to all] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:audit_log_statement_policy\.+errors; f:$mysql-cnfs -> !r:^# && r:audit_log_statement_policy\.+none; f:$mysql-cnfs -> r:audit_log_statement_policy\s*$; # # #6.11 Ensure audit_log_strategy is set to synchronous or semisynchronous [CIS - MySQL Configuration - 6.11: Ensure audit_log_strategy is set to all] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:audit_log_strategy\.+asynchronous; f:$mysql-cnfs -> !r:^# && r:audit_log_strategy\.+performance; f:$mysql-cnfs -> !r:audit_log_strategy\s*=\s* && r:semisynchronous|synchronous; f:$mysql-cnfs -> r:audit_log_strategy\s*$; # # #6.12 Make sure the audit plugin can't be unloaded [CIS - MySQL Configuration - 6.12: Audit plugin can be unloaded] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:^audit_log\s*=\s*on\s*; f:$mysql-cnfs -> !r:^# && r:^audit_log\s*=\s*off\s*; f:$mysql-cnfs -> !r:^# && r:^audit_log\s*=\s*force\s*; f:$mysql-cnfs -> !r:^audit_log\s*=\s*force_plus_permanent\s*; f:$mysql-cnfs -> r:^audit_log\s$; # # #7.1 Ensure 'old_password' is not set to '1' or 'On' [CIS - MySQL Configuration - 7.1:Ensure 'old_passwords' is not set to '1' or 'on'] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:old_passwords\s*=\s*1; f:$mysql-cnfs -> !r:^# && r:old_passwords\s*=\s*on; f:$mysql-cnfs -> !r:old_passwords\s*=\s*2; f:$mysql-cnfs -> r:old_passwords\s*$; # # #7.2 Ensure 'secure_auth' is set to 'ON' [CIS - MySQL Configuration - 7.2: Ensure 'secure_auth' is set to 'ON'] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:secure_auth\s*=\s*off; f:$mysql-cnfs -> !r:secure_auth\s*=\s*on; f:$mysql-cnfs -> r:secure_auth\s*$; # # #7.3 Ensure Passwords Are Not Stored in the Global Configuration [CIS - MySQL Configuration - 7.3: Passwords are stored in global configuration] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:^\s*password\.*; # # #7.4 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' [CIS - MySQL Configuration - 7.4: Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER'] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:no_auto_create_user\s*$; f:$mysql-cnfs -> r:^# && r:\s*no_auto_create_user\s*$; # # #7.6 Ensure Password Policy is in Place [CIS - MySQL Configuration - 7.6: Ensure Password Policy is in Place ] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:plugin-load\s*=\s*validate_password.so\s*$; f:$mysql-cnfs -> !r:validate-password\s*=\s*force_plus_permanent\s*$; f:$mysql-cnfs -> !r:validate_password_length\s*=\s*14\s$; f:$mysql-cnfs -> !r:validate_password_mixed_case_count\s*=\s*1\s*$; f:$mysql-cnfs -> !r:validate_password_number_count\s*=\s*1\s*$; f:$mysql-cnfs -> !r:validate_password_special_char_count\s*=\s*1; f:$mysql-cnfs -> !r:validate_password_policy\s*=\s*medium\s*; # # #9.2 Ensure 'master_info_repository' is set to 'Table' [CIS - MySQL Configuration - 9.2: Ensure 'master_info_repositrory' is set to 'Table'] [any] [https://workbench.cisecurity.org/files/1310/download] f:$mysql-cnfs -> !r:^# && r:master_info_repository\s*=\s*file; f:$mysql-cnfs -> !r:master_info_repository\s*=\s*table; f:$mysql-cnfs -> r:master_info_repository\s*$; !35781 cis_rhel5_linux_rcl.txt # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2014 # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://www.gnu.org/licenses/gpl.html # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - p (process running) # - d (any file inside the directory) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for Red Hat / CentOS 5 # Based on CIS Benchmark for Red Hat Enterprise Linux 5 v2.1.0 # TODO: URL is invalid currently # RC scripts location $rc_dirs=/etc/rc.d/rc2.d,/etc/rc.d/rc3.d,/etc/rc.d/rc4.d,/etc/rc.d/rc5.d; [CIS - Testing against the CIS Red Hat Enterprise Linux 5 Benchmark v2.1.0] [any required] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/redhat-release -> r:^Red Hat Enterprise Linux \S+ release 5; f:/etc/redhat-release -> r:^CentOS && r:release 5; f:/etc/redhat-release -> r:^Cloud && r:release 5; f:/etc/redhat-release -> r:^Oracle && r:release 5; f:/etc/redhat-release -> r:^Better && r:release 5; # 1.1.1 /tmp: partition [CIS - RHEL5 - - Build considerations - Robust partition scheme - /tmp is not on its own partition {CIS: 1.1.1 RHEL5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r:/tmp; # 1.1.2 /tmp: nodev [CIS - RHEL5 - 1.1.2 - Partition /tmp without 'nodev' set {CIS: 1.1.2 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nodev; # 1.1.3 /tmp: nosuid [CIS - RHEL5 - 1.1.3 - Partition /tmp without 'nosuid' set {CIS: 1.1.3 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nosuid; # 1.1.4 /tmp: noexec [CIS - RHEL5 - 1.1.4 - Partition /tmp without 'noexec' set {CIS: 1.1.4 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nodev; # 1.1.5 Build considerations - Partition scheme. [CIS - RHEL5 - - Build considerations - Robust partition scheme - /var is not on its own partition {CIS: 1.1.5 RHEL5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r^# && !r:/var; # 1.1.6 bind mount /var/tmp to /tmp [CIS - RHEL5 - - Build considerations - Robust partition scheme - /var/tmp is bound to /tmp {CIS: 1.1.6 RHEL5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> r:^# && !r:/var/tmp && !r:bind; # 1.1.7 /var/log: partition [CIS - RHEL5 - - Build considerations - Robust partition scheme - /var/log is not on its own partition {CIS: 1.1.7 RHEL5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> ^# && !r:/var/log; # 1.1.8 /var/log/audit: partition [CIS - RHEL5 - - Build considerations - Robust partition scheme - /var/log/audit is not on its own partition {CIS: 1.1.8 RHEL5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> ^# && !r:/var/log/audit; # 1.1.9 /home: partition [CIS - RHEL5 - - Build considerations - Robust partition scheme - /home is not on its own partition {CIS: 1.1.9 Debian RHEL5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> ^# && !r:/home; # 1.1.10 /home: nodev [CIS - RHEL5 - 1.1.10 - Partition /home without 'nodev' set {CIS: 1.1.10 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r:^# && r:/home && !r:nodev; # 1.1.11 nodev on removable media partitions (not scored) [CIS - RHEL5 - 1.1.11 - Removable partition /media without 'nodev' set {CIS: 1.1.11 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nodev; # 1.1.12 noexec on removable media partitions (not scored) [CIS - RHEL5 - 1.1.12 - Removable partition /media without 'noexec' set {CIS: 1.1.12 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:noexec; # 1.1.13 nosuid on removable media partitions (not scored) [CIS - RHEL5 - 1.1.13 - Removable partition /media without 'nosuid' set {CIS: 1.1.13 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nosuid; # 1.1.14 /dev/shm: nodev [CIS - RHEL5 - 1.1.11 - /dev/shm without 'nodev' set {CIS: 1.1.14 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:nodev; # 1.1.15 /dev/shm: nosuid [CIS - RHEL5 - 1.1.11 - /dev/shm without 'nosuid' set {CIS: 1.1.15 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:nosuid; # 1.1.16 /dev/shm: noexec [CIS - RHEL5 - 1.1.11 - /dev/shm without 'noexec' set {CIS: 1.1.16 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:noexec; # 1.1.17 sticky bit on world writable directories (Scored) # TODO # 1.1.18 disable cramfs (not scored) # 1.1.19 disable freevxfs (not scored) # 1.1.20 disable jffs2 (not scored) # 1.1.21 disable hfs (not scored) # 1.1.22 disable hfsplus (not scored) # 1.1.23 disable squashfs (not scored) # 1.1.24 disable udf (not scored) ########################################## # 1.2 Software Updates ########################################## # 1.2.1 Configure rhn updates (not scored) # 1.2.2 verify RPM gpg keys (Scored) # TODO # 1.2.3 verify gpgcheck enabled (Scored) # TODO # 1.2.4 Disable rhnsd (not scored) # 1.2.5 Disable yum-updatesd (Scored) [CIS - RHEL5 - 1.2.5 - yum-updatesd not Disabled {CIS: 1.2.5 RHEL5} {PCI_DSS: 6.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:noexec; p:yum-updatesd; # 1.2.6 Obtain updates with yum (not scored) # 1.2.7 Verify package integrity (not scored) ############################################### # 1.3 Advanced Intrusion Detection Environment ############################################### # # Skipped, this control is obsoleted by OSSEC # ############################################### # 1.4 Configure SELinux ############################################### # 1.4.1 enable selinux in /etc/grub.conf [CIS - RHEL5 - 1.4.1 - SELinux Disabled in /etc/grub.conf {CIS: 1.4.1 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/grub.conf -> !r:selinux=0; # 1.4.2 Set selinux state [CIS - RHEL5 - 1.4.2 - SELinux not set to enforcing {CIS: 1.4.2 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/selinux/config -> r:SELINUX=enforcing; # 1.4.3 Set seliux policy [CIS - RHEL5 - 1.4.3 - SELinux policy not set to targeted {CIS: 1.4.3 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/selinux/config -> r:SELINUXTYPE=targeted; # 1.4.4 Remove SETroubleshoot [CIS - RHEL5 - 1.4.4 - SELinux setroubleshoot enabled {CIS: 1.4.4 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dsetroubleshoot$; # 1.4.5 Disable MCS Translation service mcstrans [CIS - RHEL5 - 1.4.5 - SELinux mctrans enabled {CIS: 1.4.5 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dmctrans$; # 1.4.6 Check for unconfined daemons # TODO ############################################### # 1.5 Secure Boot Settings ############################################### # 1.5.1 Set User/Group Owner on /etc/grub.conf # TODO (no mode tests) # 1.5.2 Set Permissions on /etc/grub.conf (Scored) # TODO (no mode tests) # 1.5.3 Set Boot Loader Password (Scored) [CIS - RHEL5 - 1.5.3 - GRUB Password not set {CIS: 1.5.3 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/boot/grub/menu.lst -> !r:^# && !r:password; # 1.5.4 Require Authentication for Single-User Mode (Scored) [CIS - RHEL5 - 1.5.4 - Authentication for single user mode not enabled {CIS: 1.5.4 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/inittab -> !r:^# && r:S:wait; # 1.5.5 Disable Interactive Boot (Scored) [CIS - RHEL5 - 1.5.5 - Interactive Boot not disabled {CIS: 1.5.5 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/sysconfig/init -> !r:^# && r:PROMPT=no; ############################################### # 1.6 Additional Process Hardening ############################################### # 1.6.1 Restrict Core Dumps (Scored) [CIS - RHEL5 - 1.6.1 - Interactive Boot not disabled {CIS: 1.6.1 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/security/limits.conf -> !r:^# && !r:hard\.+core\.+0; # 1.6.2 Configure ExecShield (Scored) [CIS - RHEL5 - 1.6.2 - ExecShield not enabled {CIS: 1.6.2 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/proc/sys/kernel/exec-shield -> 0; # 1.6.3 Enable Randomized Virtual Memory Region Placement (Scored) [CIS - RHEL5 - 1.6.3 - Randomized Virtual Memory Region Placement not enabled {CIS: 1.6.3 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/proc/sys/kernel/randomize_va_space -> 0; # 1.6.4 Enable XD/NX Support on 32-bit x86 Systems (Scored) # TODO # 1.6.5 Disable Prelink (Scored) [CIS - RHEL5 - 1.6.5 - Prelink not disabled {CIS: 1.6.5 RHEL5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/sysconfig/prelink -> !r:PRELINKING=no; ############################################### # 1.7 Use the Latest OS Release ############################################### ############################################### # 2 OS Services ############################################### ############################################### # 2.1 Remove Legacy Services ############################################### # 2.1.1 Remove telnet-server (Scored) # TODO: detect it is installed at all [CIS - RHEL5 - 2.1.1 - Telnet enabled on xinetd {CIS: 2.1.1 RHEL5} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/xinetd.d/telnet -> !r:^# && r:disable && r:no; # 2.1.2 Remove telnet Clients (Scored) # TODO # 2.1.3 Remove rsh-server (Scored) [CIS - RHEL5 - 2.1.3 - rsh/rlogin/rcp enabled on xinetd {CIS: 2.1.3 RHEL5} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/xinetd.d/rlogin -> !r:^# && r:disable && r:no; f:/etc/xinetd.d/rsh -> !r:^# && r:disable && r:no; f:/etc/xinetd.d/shell -> !r:^# && r:disable && r:no; # 2.1.4 Remove rsh (Scored) # TODO # 2.1.5 Remove NIS Client (Scored) [CIS - RHEL5 - 2.1.5 - Disable standard boot services - NIS (client) Enabled {CIS: 2.1.5 RHEL5} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dypbind$; # 2.1.6 Remove NIS Server (Scored) [CIS - RHEL5 - 2.1.5 - Disable standard boot services - NIS (server) Enabled {CIS: 2.1.6 RHEL5} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dypserv$; # 2.1.7 Remove tftp (Scored) # TODO # 2.1.8 Remove tftp-server (Scored) [CIS - RHEL5 - 2.1.8 - tftpd enabled on xinetd {CIS: 2.1.8 RHEL5} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/xinetd.d/tftpd -> !r:^# && r:disable && r:no; # 2.1.9 Remove talk (Scored) # TODO # 2.1.10 Remove talk-server (Scored) [CIS - RHEL5 - 2.1.10 - talk enabled on xinetd {CIS: 2.1.10 RHEL5} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/xinetd.d/talk -> !r:^# && r:disable && r:no; # 2.1.11 Remove xinetd (Scored) # TODO # 2.1.12 Disable chargen-dgram (Scored) # TODO # 2.1.13 Disable chargen-stream (Scored) # TODO # 2.1.14 Disable daytime-dgram (Scored) # TODO # 2.1.15 Disable daytime-stream (Scored) # TODO # 2.1.16 Disable echo-dgram (Scored) # TODO # 2.1.17 Disable echo-stream (Scored) # TODO # 2.1.18 Disable tcpmux-server (Scored) # TODO ############################################### # 3 Special Purpose Services ############################################### ############################################### # 3.1 Disable Avahi Server ############################################### # 3.1.1 Disable Avahi Server (Scored) [CIS - RHEL5 - 3.1.1 - Avahi daemon not disabled {CIS: 3.1.1 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] p:avahi-daemon; # 3.1.2 Service Only via Required Protocol (Not Scored) # TODO # 3.1.3 Check Responses TTL Field (Scored) # TODO # 3.1.4 Prevent Other Programs from Using Avahi’s Port (Not Scored) # TODO # 3.1.5 Disable Publishing (Not Scored) # 3.1.6 Restrict Published Information (if publishing is required) (Not scored) # 3.2 Set Daemon umask (Scored) [CIS - RHEL5 - 3.2 - Set daemon umask - Default umask is higher than 027 {CIS: 3.2 RHEL5}] [all] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/init.d/functions -> !r:^# && r:^umask && <:umask 027; # 3.3 Remove X Windows (Scored) [CIS - RHEL5 - 3.3 - X11 not disabled {CIS: 3.3 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/inittab -> !r:^# && r:id:5; # 3.4 Disable Print Server - CUPS (Not Scored) # 3.5 Remove DHCP Server (Not Scored) # TODO # 3.6 Configure Network Time Protocol (NTP) (Scored) #[CIS - RHEL5 - 3.6 - NTPD not disabled {CIS: 3.6 RHEL5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] # TODO. # 3.7 Remove LDAP (Not Scored) # 3.8 Disable NFS and RPC (Not Scored) [CIS - RHEL5 - 3.8 - Disable standard boot services - NFS Enabled {CIS: 3.8 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dnfs$; d:$rc_dirs -> ^S\d\dnfslock$; # 3.9 Remove DNS Server (Not Scored) # TODO # 3.10 Remove FTP Server (Not Scored) [CIS - RHEL5 - 3.10 - VSFTP enabled on xinetd {CIS: 3.10 RHEL5} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/xinetd.d/vsftpd -> !r:^# && r:disable && r:no; # 3.11 Remove HTTP Server (Not Scored) [CIS - RHEL5 - 3.11 - Disable standard boot services - Apache web server Enabled {CIS: 3.11 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dhttpd$; # 3.12 Remove Dovecot (IMAP and POP3 services) (Not Scored) [CIS - RHEL5 - 3.12 - imap enabled on xinetd {CIS: 3.12 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/xinetd.d/cyrus-imapd -> !r:^# && r:disable && r:no; [CIS - RHEL5 - 3.12 - pop3 enabled on xinetd {CIS: 3.12 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/xinetd.d/dovecot -> !r:^# && r:disable && r:no; # 3.13 Remove Samba (Not Scored) [CIS - RHEL5 - 3.13 - Disable standard boot services - Samba Enabled {CIS: 3.13 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dsamba$; d:$rc_dirs -> ^S\d\dsmb$; # 3.14 Remove HTTP Proxy Server (Not Scored) [CIS - RHEL5 - 3.14 - Disable standard boot services - Squid Enabled {CIS: 3.14 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dsquid$; # 3.15 Remove SNMP Server (Not Scored) [CIS - RHEL5 - 3.15 - Disable standard boot services - SNMPD process Enabled {CIS: 3.15 RHEL5} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dsnmpd$; # 3.16 Configure Mail Transfer Agent for Local-Only Mode (Scored) # TODO ############################################### # 4 Network Configuration and Firewalls ############################################### ############################################### # 4.1 Modify Network Parameters (Host Only) ############################################### # 4.1.1 Disable IP Forwarding (Scored) [CIS - RHEL5 - 4.1.1 - Network parameters - IP Forwarding enabled {CIS: 4.1.1 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/proc/sys/net/ipv4/ip_forward -> 1; f:/proc/sys/net/ipv6/ip_forward -> 1; # 4.1.2 Disable Send Packet Redirects (Scored) [CIS - RHEL5 - 4.1.2 - Network parameters - IP send redirects enabled {CIS: 4.1.2 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/send_redirects -> 0; f:/proc/sys/net/ipv4/conf/default/send_redirects -> 0; ############################################### # 4.2 Modify Network Parameters (Host and Router) ############################################### # 4.2.1 Disable Source Routed Packet Acceptance (Scored) [CIS - RHEL5 - 4.2.1 - Network parameters - Source routing accepted {CIS: 4.2.1 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/accept_source_route -> 1; # 4.2.2 Disable ICMP Redirect Acceptance (Scored) [CIS - RHEL5 - 4.2.2 - Network parameters - ICMP redirects accepted {CIS: 4.2.2 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/accept_redirects -> 1; f:/proc/sys/net/ipv4/conf/default/accept_redirects -> 1; # 4.2.3 Disable Secure ICMP Redirect Acceptance (Scored) [CIS - RHEL5 - 4.2.3 - Network parameters - ICMP secure redirects accepted {CIS: 4.2.3 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/secure_redirects -> 1; f:/proc/sys/net/ipv4/conf/default/secure_redirects -> 1; # 4.2.4 Log Suspicious Packets (Scored) [CIS - RHEL5 - 4.2.4 - Network parameters - martians not logged {CIS: 4.2.4 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/log_martians -> 0; # 4.2.5 Enable Ignore Broadcast Requests (Scored) [CIS - RHEL5 - 4.2.5 - Network parameters - ICMP broadcasts accepted {CIS: 4.2.5 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts -> 0; # 4.2.6 Enable Bad Error Message Protection (Scored) [CIS - RHEL5 - 4.2.6 - Network parameters - Bad error message protection not enabled {CIS: 4.2.6 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses -> 0; # 4.2.7 Enable RFC-recommended Source Route Validation (Scored) [CIS - RHEL5 - 4.2.7 - Network parameters - RFC Source route validation not enabled {CIS: 4.2.7 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/rp_filter -> 0; f:/proc/sys/net/ipv4/conf/default/rp_filter -> 0; # 4.2.8 Enable TCP SYN Cookies (Scored) [CIS - RHEL5 - 4.2.8 - Network parameters - SYN Cookies not enabled {CIS: 4.2.8 RHEL5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/proc/sys/net/ipv4/tcp_syncookies -> 0; ############################################### # 4.3 Wireless Networking ############################################### # 4.3.1 Deactivate Wireless Interfaces (Not Scored) ############################################### # 4.4 Disable ipv6 ############################################### ############################################### # 4.4.1 Configure IPv6 ############################################### # 4.4.1.1 Disable IPv6 Router Advertisements (Not Scored) # 4.4.1.2 Disable IPv6 Redirect Acceptance (Not Scored) # 4.4.2 Disable IPv6 (Not Scored) ############################################### # 4.5 Install TCP Wrappers ############################################### # 4.5.1 Install TCP Wrappers (Not Scored) # 4.5.2 Create /etc/hosts.allow (Not Scored) # 4.5.3 Verify Permissions on /etc/hosts.allow (Scored) # TODO # 4.5.4 Create /etc/hosts.deny (Not Scored) # 4.5.5 Verify Permissions on /etc/hosts.deny (Scored) # TODO ############################################### # 4.6 Uncommon Network Protocols ############################################### # 4.6.1 Disable DCCP (Not Scored) # 4.6.2 Disable SCTP (Not Scored) # 4.6.3 Disable RDS (Not Scored) # 4.6.4 Disable TIPC (Not Scored) # 4.7 Enable IPtables (Scored) # TODO # 4.8 Enable IP6tables (Not Scored) ############################################### # 5 Logging and Auditing ############################################### ############################################### # 5.1 Configure Syslog ############################################### # 5.1.1 Configure /etc/syslog.conf (Not Scored) # 5.1.2 Create and Set Permissions on syslog Log Files (Scored) # 5.1.3 Configure syslog to Send Logs to a Remote Log Host (Scored) # 5.1.4 Accept Remote syslog Messages Only on Designated Log Hosts (Not Scored) ############################################### # 5.2 Configure rsyslog ############################################### # 5.2.1 Install the rsyslog package (Not Scored) # 5.2.2 Activate the rsyslog Service (Not Scored) # 5.2.3 Configure /etc/rsyslog.conf (Not Scored) # 5.2.4 Create and Set Permissions on rsyslog Log Files (Not Scored) # 5.2.5 Configure rsyslog to Send Logs to a Remote Log Host (Not Scored) # 5.2.6 Accept Remote rsyslog Messages Only on Designated Log Hosts (Not Scored) ############################################### # 5.3 Configure System Accounting (auditd) ############################################### ############################################### # 5.3.1 Configure Data Retention ############################################### # 5.3.1.1 Configure Audit Log Storage Size (Not Scored) # 5.3.1.2 Disable System on Audit Log Full (Not Scored) # 5.3.1.3 Keep All Auditing Information (Scored) # 5.3.2 Enable auditd Service (Scored) # 5.3.3 Configure Audit Log Storage Size (Not Scored) # 5.3.4 Disable System on Audit Log Full (Not Scored) # 5.3.5 Keep All Auditing Information (Scored) # 5.3.6 Enable Auditing for Processes That Start Prior to auditd (Scored) # 5.3.7 Record Events That Modify Date and Time Information (Scored) # 5.3.8 Record Events That Modify User/Group Information (Scored) # 5.3.9 Record Events That Modify the System’s Network Environment (Scored) # 5.3.10 Record Events That Modify the System’s Mandatory Access Controls (Scored) # 5.3.11 Collect Login and Logout Events (Scored) # 5.3.12 Collect Session Initiation Information (Scored) # 5.3.13 Collect Discretionary Access Control Permission Modification Events (Scored) # 5.3.14 Collect Unsuccessful Unauthorized Access Attempts to Files (Scored) # 5.3.15 Collect Use of Privileged Commands (Scored) # 5.3.16 Collect Successful File System Mounts (Scored) # 5.3.17 Collect File Deletion Events by User (Scored) # 5.3.18 Collect Changes to System Administration Scope (sudoers) (Scored) # 5.3.19 Collect System Administrator Actions (sudolog) (Scored) # 5.3.20 Collect Kernel Module Loading and Unloading (Scored) # 5.3.21 Make the Audit Configuration Immutable (Scored) # 5.4 Configure logrotate (Not Scored) ############################################### # 6 System Access, Authentication and Authorization ############################################### ############################################### # 6.1 Configure cron and anacron ############################################### # 6.1.1 Enable anacron Daemon (Scored) # 6.1.2 Enable cron Daemon (Scored) # 6.1.3 Set User/Group Owner and Permission on /etc/anacrontab (Scored) # 6.1.4 Set User/Group Owner and Permission on /etc/crontab (Scored) # 6.1.5 Set User/Group Owner and Permission on /etc/cron.hourly (Scored) # 6.1.6 Set User/Group Owner and Permission on /etc/cron.daily (Scored) # 6.1.7 Set User/Group Owner and Permission on /etc/cron.weekly (Scored) # 6.1.8 Set User/Group Owner and Permission on /etc/cron.monthly (Scored) # 6.1.9 Set User/Group Owner and Permission on /etc/cron.d (Scored) # 6.1.10 Restrict at Daemon (Scored) # 6.1.11 Restrict at/cron to Authorized Users (Scored) ############################################### # 6.1 Configure SSH ############################################### # 6.2.1 Set SSH Protocol to 2 (Scored) [CIS - RHEL5 - 6.2.1 - SSH Configuration - Protocol version 1 enabled {CIS: 6.2.1 RHEL5} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:Protocol\.+1; # 6.2.2 Set LogLevel to INFO (Scored) # 6.2.3 Set Permissions on /etc/ssh/sshd_config (Scored) # 6.2.4 Disable SSH X11 Forwarding (Scored) # 6.2.5 Set SSH MaxAuthTries to 4 or Less (Scored) # 6.2.6 Set SSH IgnoreRhosts to Yes (Scored) [CIS - RHEL5 - 6.2.6 - SSH Configuration - IgnoreRHosts disabled {CIS: 6.2.6 RHEL5} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:IgnoreRhosts\.+no; # 6.2.7 Set SSH HostbasedAuthentication to No (Scored) [CIS - RHEL5 - 6.2.7 - SSH Configuration - Host based authentication enabled {CIS: 6.2.7 RHEL5} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:HostbasedAuthentication\.+yes; # 6.2.8 Disable SSH Root Login (Scored) [CIS - RHEL5 - 6.2.8 - SSH Configuration - Root login allowed {CIS: 6.2.8 RHEL5} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:PermitRootLogin\.+yes; # 6.2.9 Set SSH PermitEmptyPasswords to No (Scored) [CIS - RHEL5 - 6.2.9 - SSH Configuration - Empty passwords permitted {CIS: 6.2.9 RHEL5} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:^PermitEmptyPasswords\.+yes; # 6.2.10 Do Not Allow Users to Set Environment Options (Scored) # 6.2.11 Use Only Approved Ciphers in Counter Mode (Scored) # 6.2.12 Set Idle Timeout Interval for User Login (Not Scored) # 6.2.13 Limit Access via SSH (Scored) # 6.2.14 Set SSH Banner (Scored) # 6.2.15 Enable SSH UsePrivilegeSeparation (Scored) ############################################### # 6.3 Configure PAM ############################################### # 6.3.1 Set Password Creation Requirement Parameters Using pam_cracklib (Scored) # 6.3.2 Set Lockout for Failed Password Attempts (Not Scored) # 6.3.3 Use pam_deny.so to Deny Services (Not Scored) # 6.3.4 Upgrade Password Hashing Algorithm to SHA-512 (Scored) # 6.3.5 Limit Password Reuse (Scored) # 6.3.6 Remove the pam_ccreds Package (Scored) # 6.4 Restrict root Login to System Console (Not Scored) # 6.5 Restrict Access to the su Command (Scored) ############################################### # 7 User Accounts and Environment ############################################### ############################################### # 7.1 Set Shadow Password Suite Parameters (/etc/login.defs) ############################################### # 7.1.1 Set Password Expiration Days (Scored) # 7.1.2 Set Password Change Minimum Number of Days (Scored) # 7.1.3 Set Password Expiring Warning Days (Scored) # 7.2 Disable System Accounts (Scored) # 7.3 Set Default Group for root Account (Scored) # 7.4 Set Default umask for Users (Scored) # 7.5 Lock Inactive User Accounts (Scored) ############################################### # 8 Warning Banners ############################################### ############################################### # 8.1 Warning Banners for Standard Login Services ############################################### # 8.1.1 Set Warning Banner for Standard Login Services (Scored) # 8.1.2 Remove OS Information from Login Warning Banners (Scored) # 8.2 Set GNOME Warning Banner (Not Scored) ############################################### # 9 System Maintenance ############################################### ############################################### # 9.1 Verify System File Permissions ############################################### # 9.1.1 Verify System File Permissions (Not Scored) # 9.1.2 Verify Permissions on /etc/passwd (Scored) # 9.1.3 Verify Permissions on /etc/shadow (Scored) # 9.1.4 Verify Permissions on /etc/gshadow (Scored) # 9.1.5 Verify Permissions on /etc/group (Scored) # 9.1.6 Verify User/Group Ownership on /etc/passwd (Scored) # 9.1.7 Verify User/Group Ownership on /etc/shadow (Scored) # 9.1.8 Verify User/Group Ownership on /etc/gshadow (Scored) # 9.1.9 Verify User/Group Ownership on /etc/group (Scored) # 9.1.10 Find World Writable Files (Not Scored) # 9.1.11 Find Un-owned Files and Directories (Scored) # 9.1.12 Find Un-grouped Files and Directories (Scored) # 9.1.13 Find SUID System Executables (Not Scored) # 9.1.14 Find SGID System Executables (Not Scored) ############################################### # 9.2 Review User and Group Settings ############################################### # 9.2.1 Ensure Password Fields are Not Empty (Scored) # 9.2.2 Verify No Legacy "+" Entries Exist in /etc/passwd File (Scored) # 9.2.3 Verify No Legacy "+" Entries Exist in /etc/shadow File (Scored) # 9.2.4 Verify No Legacy "+" Entries Exist in /etc/group File (Scored) # 9.2.5 Verify No UID 0 Accounts Exist Other Than root (Scored) [CIS - RHEL5 - 9.2.5 - Non-root account with uid 0 {CIS: 9.2.5 RHEL5} {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/passwd -> !r:^# && !r:^root: && r:^\w+:\w+:0:; # 9.2.6 Ensure root PATH Integrity (Scored) # 9.2.7 Check Permissions on User Home Directories (Scored) # 9.2.8 Check User Dot File Permissions (Scored) # 9.2.9 Check Permissions on User .netrc Files (Scored) # 9.2.10 Check for Presence of User .rhosts Files (Scored) # 9.2.11 Check Groups in /etc/passwd (Scored) # 9.2.12 Check That Users Are Assigned Home Directories (Scored) # 9.2.13 Check That Defined Home Directories Exist (Scored) # 9.2.14 Check User Home Directory Ownership (Scored) # 9.2.15 Check for Duplicate UIDs (Scored) # 9.2.16 Check for Duplicate GIDs (Scored) # 9.2.17 Check That Reserved UIDs Are Assigned to System Accounts # 9.2.18 Check for Duplicate User Names (Scored) # 9.2.19 Check for Duplicate Group Names (Scored) # 9.2.20 Check for Presence of User .netrc Files (Scored) # 9.2.21 Check for Presence of User .forward Files (Scored) # Other/Legacy Tests [CIS - RHEL5 - X.X.X - Account with empty password present {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/shadow -> r:^\w+::; [CIS - RHEL5 - X.X.X - User-mounted removable partition allowed on the console] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] f:/etc/security/console.perms -> r:^ \d+ ; f:/etc/security/console.perms -> r:^ \d+ ; [CIS - RHEL5 - X.X.X - Disable standard boot services - Kudzu hardware detection Enabled] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dkudzu$; [CIS - RHEL5 - X.X.X - Disable standard boot services - PostgreSQL server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dpostgresql$; [CIS - RHEL5 - X.X.X - Disable standard boot services - MySQL server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dmysqld$; [CIS - RHEL5 - X.X.X - Disable standard boot services - DNS server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dnamed$; [CIS - RHEL5 - X.X.X - Disable standard boot services - NetFS Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_5_Benchmark_v2.1.0.pdf] d:$rc_dirs -> ^S\d\dnetfs$; !33870 cis_rhel6_linux_rcl.txt # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2014 # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://www.gnu.org/licenses/gpl.html # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - p (process running) # - d (any file inside the directory) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for Red Hat / CentOS 6 # Based on CIS Benchmark for Red Hat Enterprise Linux 6 v1.3.0 # RC scripts location $rc_dirs=/etc/rc.d/rc2.d,/etc/rc.d/rc3.d,/etc/rc.d/rc4.d,/etc/rc.d/rc5.d; [CIS - Testing against the CIS Red Hat Enterprise Linux 5 Benchmark v2.1.0] [any required] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/redhat-release -> r:^Red Hat Enterprise Linux \S+ release 6; f:/etc/redhat-release -> r:^CentOS && r:release 6; f:/etc/redhat-release -> r:^Cloud && r:release 6; f:/etc/redhat-release -> r:^Oracle && r:release 6; f:/etc/redhat-release -> r:^Better && r:release 6; # 1.1.1 /tmp: partition [CIS - RHEL6 - Build considerations - Robust partition scheme - /tmp is not on its own partition] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> !r:/tmp; # 1.1.2 /tmp: nodev [CIS - RHEL6 - 1.1.2 - Partition /tmp without 'nodev' set {CIS: 1.1.2 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nodev; # 1.1.3 /tmp: nosuid [CIS - RHEL6 - 1.1.3 - Partition /tmp without 'nosuid' set {CIS: 1.1.3 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nosuid; # 1.1.4 /tmp: noexec [CIS - RHEL6 - 1.1.4 - Partition /tmp without 'noexec' set {CIS: 1.1.4 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nodev; # 1.1.5 Build considerations - Partition scheme. [CIS - RHEL6 - Build considerations - Robust partition scheme - /var is not on its own partition {CIS: 1.1.5 RHEL6}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> !r^# && !r:/var; # 1.1.6 bind mount /var/tmp to /tmp [CIS - RHEL6 - Build considerations - Robust partition scheme - /var/tmp is bound to /tmp {CIS: 1.1.6 RHEL6}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> r:^# && !r:/var/tmp && !r:bind; # 1.1.7 /var/log: partition [CIS - RHEL6 - Build considerations - Robust partition scheme - /var/log is not on its own partition {CIS: 1.1.7 RHEL6}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> ^# && !r:/var/log; # 1.1.8 /var/log/audit: partition [CIS - RHEL6 - Build considerations - Robust partition scheme - /var/log/audit is not on its own partition {CIS: 1.1.8 RHEL6}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> ^# && !r:/var/log/audit; # 1.1.9 /home: partition [CIS - RHEL6 - Build considerations - Robust partition scheme - /home is not on its own partition {CIS: 1.1.9 RHEL6}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> ^# && !r:/home; # 1.1.10 /home: nodev [CIS - RHEL6 - 1.1.10 - Partition /home without 'nodev' set {CIS: 1.1.10 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> !r:^# && r:/home && !r:nodev; # 1.1.11 nodev on removable media partitions (not scored) [CIS - RHEL6 - 1.1.11 - Removable partition /media without 'nodev' set {CIS: 1.1.11 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nodev; # 1.1.12 noexec on removable media partitions (not scored) [CIS - RHEL6 - 1.1.12 - Removable partition /media without 'noexec' set {CIS: 1.1.12 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:noexec; # 1.1.13 nosuid on removable media partitions (not scored) [CIS - RHEL6 - 1.1.13 - Removable partition /media without 'nosuid' set {CIS: 1.1.13 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nosuid; # 1.1.14 /dev/shm: nodev [CIS - RHEL6 - 1.1.14 - /dev/shm without 'nodev' set {CIS: 1.1.14 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:nodev; # 1.1.15 /dev/shm: nosuid [CIS - RHEL6 - 1.1.15 - /dev/shm without 'nosuid' set {CIS: 1.1.15 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:nosuid; # 1.1.16 /dev/shm: noexec [CIS - RHEL6 - 1.1.16 - /dev/shm without 'noexec' set {CIS: 1.1.16 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:noexec; # 1.1.17 sticky bit on world writable directories (Scored) # TODO # 1.1.18 disable cramfs (not scored) # 1.1.19 disable freevxfs (not scored) # 1.1.20 disable jffs2 (not scored) # 1.1.21 disable hfs (not scored) # 1.1.22 disable hfsplus (not scored) # 1.1.23 disable squashfs (not scored) # 1.1.24 disable udf (not scored) ########################################## # 1.2 Software Updates ########################################## # 1.2.1 Configure rhn updates (not scored) # 1.2.2 verify RPM gpg keys (Scored) # TODO # 1.2.3 verify gpgcheck enabled (Scored) # TODO # 1.2.4 Disable rhnsd (not scored) # 1.2.5 Obtain Software Package Updates with yum (Not Scored) # 1.2.6 Obtain updates with yum (not scored) ############################################### # 1.3 Advanced Intrusion Detection Environment ############################################### # # Skipped, this control is obsoleted by OSSEC # ############################################### # 1.4 Configure SELinux ############################################### # 1.4.1 enable selinux in /etc/grub.conf [CIS - RHEL6 - 1.4.1 - SELinux Disabled in /etc/grub.conf {CIS: 1.4.1 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/grub.conf -> !r:selinux=0; # 1.4.2 Set selinux state [CIS - RHEL6 - 1.4.2 - SELinux not set to enforcing {CIS: 1.4.2 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/selinux/config -> r:SELINUX=enforcing; # 1.4.3 Set seliux policy [CIS - RHEL6 - 1.4.3 - SELinux policy not set to targeted {CIS: 1.4.3 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/selinux/config -> r:SELINUXTYPE=targeted; # 1.4.4 Remove SETroubleshoot [CIS - RHEL6 - 1.4.4 - SELinux setroubleshoot enabled {CIS: 1.4.4 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dsetroubleshoot$; # 1.4.5 Disable MCS Translation service mcstrans [CIS - RHEL6 - 1.4.5 - SELinux mctrans enabled {CIS: 1.4.5 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dmctrans$; # 1.4.6 Check for unconfined daemons # TODO ############################################### # 1.5 Secure Boot Settings ############################################### # 1.5.1 Set User/Group Owner on /etc/grub.conf # TODO (no mode tests) # 1.5.2 Set Permissions on /etc/grub.conf (Scored) # TODO (no mode tests) # 1.5.3 Set Boot Loader Password (Scored) [CIS - RHEL6 - 1.5.3 - GRUB Password not set {CIS: 1.5.3 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/boot/grub/menu.lst -> !r:^# && !r:password; # 1.5.4 Require Authentication for Single-User Mode (Scored) [CIS - RHEL6 - 1.5.4 - Authentication for single user mode not enabled {CIS: 1.5.4 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/inittab -> !r:^# && r:S:wait; # 1.5.5 Disable Interactive Boot (Scored) [CIS - RHEL6 - 1.5.5 - Interactive Boot not disabled {CIS: 1.5.5 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/sysconfig/init -> !r:^# && r:PROMPT=no; ############################################### # 1.6 Additional Process Hardening ############################################### # 1.6.1 Restrict Core Dumps (Scored) [CIS - RHEL6 - 1.6.1 - Interactive Boot not disabled {CIS: 1.6.1 RHEL6}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/security/limits.conf -> !r:^# && !r:hard\.+core\.+0; # 1.6.2 Configure ExecShield (Scored) [CIS - RHEL6 - 1.6.2 - ExecShield not enabled {CIS: 1.6.2 RHEL6}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/proc/sys/kernel/exec-shield -> 0; # 1.6.3 Enable Randomized Virtual Memory Region Placement (Scored) [CIS - RHEL6 - 1.6.3 - Randomized Virtual Memory Region Placement not enabled {CIS: 1.6.3 RHEL6}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/proc/sys/kernel/randomize_va_space -> 0; ############################################### # 1.7 Use the Latest OS Release (Not Scored) ############################################### ############################################### # 2 OS Services ############################################### ############################################### # 2.1 Remove Legacy Services ############################################### # 2.1.1 Remove telnet-server (Scored) # TODO: detect it is installed at all [CIS - RHEL6 - 2.1.1 - Telnet enabled on xinetd {CIS: 2.1.1 RHEL6} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/xinetd.d/telnet -> !r:^# && r:disable && r:no; # 2.1.2 Remove telnet Clients (Scored) # TODO # 2.1.3 Remove rsh-server (Scored) [CIS - RHEL6 - 2.1.3 - rsh/rlogin/rcp enabled on xinetd {CIS: 2.1.3 RHEL6} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/xinetd.d/rlogin -> !r:^# && r:disable && r:no; f:/etc/xinetd.d/rsh -> !r:^# && r:disable && r:no; f:/etc/xinetd.d/shell -> !r:^# && r:disable && r:no; # 2.1.4 Remove rsh (Scored) # TODO # 2.1.5 Remove NIS Client (Scored) [CIS - RHEL6 - 2.1.5 - Disable standard boot services - NIS (client) Enabled {CIS: 2.1.5 RHEL6} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dypbind$; # 2.1.6 Remove NIS Server (Scored) [CIS - RHEL6 - 2.1.6 - Disable standard boot services - NIS (server) Enabled {CIS: 2.1.6 RHEL6} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dypserv$; # 2.1.7 Remove tftp (Scored) # TODO # 2.1.8 Remove tftp-server (Scored) [CIS - RHEL6 - 2.1.8 - tftpd enabled on xinetd {CIS: 2.1.8 RHEL6} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/xinetd.d/tftpd -> !r:^# && r:disable && r:no; # 2.1.9 Remove talk (Scored) # TODO # 2.1.10 Remove talk-server (Scored) [CIS - RHEL6 - 2.1.10 - talk enabled on xinetd {CIS: 2.1.10 RHEL6} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/xinetd.d/talk -> !r:^# && r:disable && r:no; # 2.1.11 Remove xinetd (Scored) # TODO # 2.1.12 Disable chargen-dgram (Scored) # TODO # 2.1.13 Disable chargen-stream (Scored) # TODO # 2.1.14 Disable daytime-dgram (Scored) # TODO # 2.1.15 Disable daytime-stream (Scored) # TODO # 2.1.16 Disable echo-dgram (Scored) # TODO # 2.1.17 Disable echo-stream (Scored) # TODO # 2.1.18 Disable tcpmux-server (Scored) # TODO ############################################### # 3 Special Purpose Services ############################################### # 3.1 Set Daemon umask (Scored) [CIS - RHEL6 - 3.1 - Set daemon umask - Default umask is higher than 027 {CIS: 3.1 RHEL6} {PCI_DSS: 2.2.2}] [all] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/init.d/functions -> !r:^# && r:^umask && <:umask 027; # 3.2 Remove X Windows (Scored) [CIS - RHEL6 - 3.2 - X11 not disabled {CIS: 3.2 RHEL6} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/inittab -> !r:^# && r:id:5; # 3.3 Disable Avahi Server (Scored) [CIS - RHEL6 - 3.2 - Avahi daemon not disabled {CIS: 3.3 RHEL6} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] p:avahi-daemon; # 3.4 Disable Print Server - CUPS (Not Scored) # 3.5 Remove DHCP Server (Not Scored) # TODO # 3.6 Configure Network Time Protocol (NTP) (Scored) #[CIS - RHEL6 - 3.6 - NTPD not disabled {CIS: 1.1.1 RHEL6} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] # TODO. # 3.7 Remove LDAP (Not Scored) # 3.8 Disable NFS and RPC (Not Scored) [CIS - RHEL6 - 3.8 - Disable standard boot services - NFS Enabled {CIS: 3.8 RHEL6} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dnfs$; d:$rc_dirs -> ^S\d\dnfslock$; # 3.9 Remove DNS Server (Not Scored) # TODO # 3.10 Remove FTP Server (Not Scored) [CIS - RHEL6 - 3.10 - VSFTP enabled on xinetd {CIS: 3.10 RHEL6} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/xinetd.d/vsftpd -> !r:^# && r:disable && r:no; # 3.11 Remove HTTP Server (Not Scored) [CIS - RHEL6 - 3.11 - Disable standard boot services - Apache web server Enabled {CIS: 3.11 RHEL6}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dhttpd$; # 3.12 Remove Dovecot (IMAP and POP3 services) (Not Scored) [CIS - RHEL6 - 3.12 - imap enabled on xinetd {CIS: 3.12 RHEL6} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/xinetd.d/cyrus-imapd -> !r:^# && r:disable && r:no; [CIS - RHEL6 - 3.12 - pop3 enabled on xinetd {CIS: 3.12 RHEL6} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/xinetd.d/dovecot -> !r:^# && r:disable && r:no; # 3.13 Remove Samba (Not Scored) [CIS - RHEL6 - 3.13 - Disable standard boot services - Samba Enabled {CIS: 3.13 RHEL6} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dsamba$; d:$rc_dirs -> ^S\d\dsmb$; # 3.14 Remove HTTP Proxy Server (Not Scored) [CIS - RHEL6 - 3.14 - Disable standard boot services - Squid Enabled {CIS: 3.14 RHEL6} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dsquid$; # 3.15 Remove SNMP Server (Not Scored) [CIS - RHEL6 - 3.15 - Disable standard boot services - SNMPD process Enabled {CIS: 3.15 RHEL6} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dsnmpd$; # 3.16 Configure Mail Transfer Agent for Local-Only Mode (Scored) # TODO ############################################### # 4 Network Configuration and Firewalls ############################################### ############################################### # 4.1 Modify Network Parameters (Host Only) ############################################### # 4.1.1 Disable IP Forwarding (Scored) [CIS - RHEL6 - 4.1.1 - Network parameters - IP Forwarding enabled {CIS: 4.1.1 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/proc/sys/net/ipv4/ip_forward -> 1; f:/proc/sys/net/ipv6/ip_forward -> 1; # 4.1.2 Disable Send Packet Redirects (Scored) [CIS - RHEL6 - 4.1.2 - Network parameters - IP send redirects enabled {CIS: 4.1.2 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/proc/sys/net/ipv4/conf/all/send_redirects -> 0; f:/proc/sys/net/ipv4/conf/default/send_redirects -> 0; ############################################### # 4.2 Modify Network Parameters (Host and Router) ############################################### # 4.2.1 Disable Source Routed Packet Acceptance (Scored) [CIS - RHEL6 - 4.2.1 - Network parameters - Source routing accepted {CIS: 4.2.1 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/proc/sys/net/ipv4/conf/all/accept_source_route -> 1; # 4.2.2 Disable ICMP Redirect Acceptance (Scored) #[CIS - RHEL6 - 4.2.2 - Network parameters - ICMP redirects accepted {CIS: 1.1.1 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] #f:/proc/sys/net/ipv4/conf/all/accept_redirects -> 1; #f:/proc/sys/net/ipv4/conf/default/accept_redirects -> 1; # 4.2.3 Disable Secure ICMP Redirect Acceptance (Scored) [CIS - RHEL6 - 4.2.3 - Network parameters - ICMP secure redirects accepted {CIS: 4.2.3 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/proc/sys/net/ipv4/conf/all/secure_redirects -> 1; f:/proc/sys/net/ipv4/conf/default/secure_redirects -> 1; # 4.2.4 Log Suspicious Packets (Scored) [CIS - RHEL6 - 4.2.4 - Network parameters - martians not logged {CIS: 4.2.4 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/proc/sys/net/ipv4/conf/all/log_martians -> 0; # 4.2.5 Enable Ignore Broadcast Requests (Scored) [CIS - RHEL6 - 4.2.5 - Network parameters - ICMP broadcasts accepted {CIS: 4.2.5 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts -> 0; # 4.2.6 Enable Bad Error Message Protection (Scored) [CIS - RHEL6 - 4.2.6 - Network parameters - Bad error message protection not enabled {CIS: 4.2.6 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses -> 0; # 4.2.7 Enable RFC-recommended Source Route Validation (Scored) [CIS - RHEL6 - 4.2.7 - Network parameters - RFC Source route validation not enabled {CIS: 4.2.7 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/proc/sys/net/ipv4/conf/all/rp_filter -> 0; f:/proc/sys/net/ipv4/conf/default/rp_filter -> 0; # 4.2.8 Enable TCP SYN Cookies (Scored) [CIS - RHEL6 - 4.2.8 - Network parameters - SYN Cookies not enabled {CIS: 4.2.8 RHEL6} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/proc/sys/net/ipv4/tcp_syncookies -> 0; ############################################### # 4.3 Wireless Networking ############################################### # 4.3.1 Deactivate Wireless Interfaces (Not Scored) ############################################### # 4.4 Disable ipv6 ############################################### ############################################### # 4.4.1 Configure IPv6 ############################################### # 4.4.1.1 Disable IPv6 Router Advertisements (Not Scored) # 4.4.1.2 Disable IPv6 Redirect Acceptance (Not Scored) # 4.4.2 Disable IPv6 (Not Scored) ############################################### # 4.5 Install TCP Wrappers ############################################### # 4.5.1 Install TCP Wrappers (Not Scored) # 4.5.2 Create /etc/hosts.allow (Not Scored) # 4.5.3 Verify Permissions on /etc/hosts.allow (Scored) # TODO # 4.5.4 Create /etc/hosts.deny (Not Scored) # 4.5.5 Verify Permissions on /etc/hosts.deny (Scored) # TODO ############################################### # 4.6 Uncommon Network Protocols ############################################### # 4.6.1 Disable DCCP (Not Scored) # 4.6.2 Disable SCTP (Not Scored) # 4.6.3 Disable RDS (Not Scored) # 4.6.4 Disable TIPC (Not Scored) # 4.7 Enable IPtables (Scored) # TODO # 4.8 Enable IP6tables (Not Scored) ############################################### # 5 Logging and Auditing ############################################### ############################################### # 5.1 Configure Syslog ############################################### # 5.1.1 Install the rsyslog package (Scored) # TODO # 5.1.2 Activate the rsyslog Service (Scored) # TODO # 5.1.3 Configure /etc/rsyslog.conf (Not Scored) # 5.1.4 Create and Set Permissions on rsyslog Log Files (Scored) # 5.1.5 Configure rsyslog to Send Logs to a Remote Log Host (Scored) # 5.1.6 Accept Remote rsyslog Messages Only on Designated Log Hosts (Not Scored) ############################################### # 5.2 Configure System Accounting (auditd) ############################################### ############################################### # 5.2.1 Configure Data Retention ############################################### # 5.2.1.1 Configure Audit Log Storage Size (Not Scored) # 5.2.1.2 Disable System on Audit Log Full (Not Scored) # 5.2.1.3 Keep All Auditing Information (Scored) # 5.2.2 Enable auditd Service (Scored) # 5.2.3 Enable Auditing for Processes That Start Prior to auditd (Scored) # 5.2.4 Record Events That Modify Date and Time Information (Scored) # 5.2.5 Record Events That Modify User/Group Information (Scored) # 5.2.6 Record Events That Modify the System’s Network Environment (Scored) # 5.2.7 Record Events That Modify the System’s Mandatory Access Controls (Scored) # 5.2.8 Collect Login and Logout Events (Scored) # 5.2.9 Collect Session Initiation Information (Scored) # 5.2.10 Collect Discretionary Access Control Permission Modification Events (Scored) # 5.2.11 Collect Unsuccessful Unauthorized Access Attempts to Files (Scored) # 5.2.12 Collect Use of Privileged Commands (Scored) # 5.2.13 Collect Successful File System Mounts (Scored) # 5.2.14 Collect File Deletion Events by User (Scored) # 5.2.15 Collect Changes to System Administration Scope (sudoers) (Scored) # 5.2.16 Collect System Administrator Actions (sudolog) (Scored) # 5.2.17 Collect Kernel Module Loading and Unloading (Scored) # 5.2.18 Make the Audit Configuration Immutable (Scored) # 5.3 Configure logrotate (Not Scored) ############################################### # 6 System Access, Authentication and Authorization ############################################### ############################################### # 6.1 Configure cron and anacron ############################################### # 6.1.1 Enable anacron Daemon (Scored) # 6.1.2 Enable cron Daemon (Scored) # 6.1.3 Set User/Group Owner and Permission on /etc/anacrontab (Scored) # 6.1.4 Set User/Group Owner and Permission on /etc/crontab (Scored) # 6.1.5 Set User/Group Owner and Permission on /etc/cron.hourly (Scored) # 6.1.6 Set User/Group Owner and Permission on /etc/cron.daily (Scored) # 6.1.7 Set User/Group Owner and Permission on /etc/cron.weekly (Scored) # 6.1.8 Set User/Group Owner and Permission on /etc/cron.monthly (Scored) # 6.1.9 Set User/Group Owner and Permission on /etc/cron.d (Scored) # 6.1.10 Restrict at Daemon (Scored) # 6.1.11 Restrict at/cron to Authorized Users (Scored) ############################################### # 6.1 Configure SSH ############################################### # 6.2.1 Set SSH Protocol to 2 (Scored) [CIS - RHEL6 - 6.2.1 - SSH Configuration - Protocol version 1 enabled {CIS: 6.2.1 RHEL6} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:Protocol\.+1; # 6.2.2 Set LogLevel to INFO (Scored) # 6.2.3 Set Permissions on /etc/ssh/sshd_config (Scored) # 6.2.4 Disable SSH X11 Forwarding (Scored) # 6.2.5 Set SSH MaxAuthTries to 4 or Less (Scored) # 6.2.6 Set SSH IgnoreRhosts to Yes (Scored) [CIS - RHEL6 - 6.2.6 - SSH Configuration - IgnoreRHosts disabled {CIS: 6.2.6 RHEL6} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:IgnoreRhosts\.+no; # 6.2.7 Set SSH HostbasedAuthentication to No (Scored) [CIS - RHEL6 - 6.2.7 - SSH Configuration - Host based authentication enabled {CIS: 6.2.7 RHEL6} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:HostbasedAuthentication\.+yes; # 6.2.8 Disable SSH Root Login (Scored) [CIS - RHEL6 - 6.2.8 - SSH Configuration - Root login allowed {CIS: 6.2.8 RHEL6} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:PermitRootLogin\.+yes; # 6.2.9 Set SSH PermitEmptyPasswords to No (Scored) [CIS - RHEL6 - 6.2.9 - SSH Configuration - Empty passwords permitted {CIS: 6.2.9 RHEL6} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:^PermitEmptyPasswords\.+yes; # 6.2.10 Do Not Allow Users to Set Environment Options (Scored) # 6.2.11 Use Only Approved Ciphers in Counter Mode (Scored) # 6.2.12 Set Idle Timeout Interval for User Login (Not Scored) # 6.2.13 Limit Access via SSH (Scored) # 6.2.14 Set SSH Banner (Scored) ############################################### # 6.3 Configure PAM ############################################### # 6.3.1 Set Password Creation Requirement Parameters Using pam_cracklib (Scored) # 6.3.2 Set Lockout for Failed Password Attempts (Not Scored) # 6.3.3 Use pam_deny.so to Deny Services (Not Scored) # 6.3.4 Upgrade Password Hashing Algorithm to SHA-512 (Scored) # 6.3.5 Limit Password Reuse (Scored) # 6.4 Restrict root Login to System Console (Not Scored) # 6.5 Restrict Access to the su Command (Scored) ############################################### # 7 User Accounts and Environment ############################################### ############################################### # 7.1 Set Shadow Password Suite Parameters (/etc/login.defs) ############################################### # 7.1.1 Set Password Expiration Days (Scored) # 7.1.2 Set Password Change Minimum Number of Days (Scored) # 7.1.3 Set Password Expiring Warning Days (Scored) # 7.2 Disable System Accounts (Scored) # 7.3 Set Default Group for root Account (Scored) # 7.4 Set Default umask for Users (Scored) # 7.5 Lock Inactive User Accounts (Scored) ############################################### # 8 Warning Banners ############################################### ############################################### # 8.1 Warning Banners for Standard Login Services ############################################### # 8.1 Set Warning Banner for Standard Login Services (Scored) # 8.2 Remove OS Information from Login Warning Banners (Scored) # 8.3 Set GNOME Warning Banner (Not Scored) ############################################### # 9 System Maintenance ############################################### ############################################### # 9.1 Verify System File Permissions ############################################### # 9.1.1 Verify System File Permissions (Not Scored) # 9.1.2 Verify Permissions on /etc/passwd (Scored) # 9.1.3 Verify Permissions on /etc/shadow (Scored) # 9.1.4 Verify Permissions on /etc/gshadow (Scored) # 9.1.5 Verify Permissions on /etc/group (Scored) # 9.1.6 Verify User/Group Ownership on /etc/passwd (Scored) # 9.1.7 Verify User/Group Ownership on /etc/shadow (Scored) # 9.1.8 Verify User/Group Ownership on /etc/gshadow (Scored) # 9.1.9 Verify User/Group Ownership on /etc/group (Scored) # 9.1.10 Find World Writable Files (Not Scored) # 9.1.11 Find Un-owned Files and Directories (Scored) # 9.1.12 Find Un-grouped Files and Directories (Scored) # 9.1.13 Find SUID System Executables (Not Scored) # 9.1.14 Find SGID System Executables (Not Scored) ############################################### # 9.2 Review User and Group Settings ############################################### # 9.2.1 Ensure Password Fields are Not Empty (Scored) # 9.2.2 Verify No Legacy "+" Entries Exist in /etc/passwd File (Scored) # 9.2.3 Verify No Legacy "+" Entries Exist in /etc/shadow File (Scored) # 9.2.4 Verify No Legacy "+" Entries Exist in /etc/group File (Scored) # 9.2.5 Verify No UID 0 Accounts Exist Other Than root (Scored) [CIS - RHEL6 - 9.2.5 - Non-root account with uid 0 {CIS: 9.2.5 RHEL6} {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/passwd -> !r:^# && !r:^root: && r:^\w+:\w+:0:; # 9.2.6 Ensure root PATH Integrity (Scored) # 9.2.7 Check Permissions on User Home Directories (Scored) # 9.2.8 Check User Dot File Permissions (Scored) # 9.2.9 Check Permissions on User .netrc Files (Scored) # 9.2.10 Check for Presence of User .rhosts Files (Scored) # 9.2.11 Check Groups in /etc/passwd (Scored) # 9.2.12 Check That Users Are Assigned Valid Home Directories (Scored) # 9.2.13 Check User Home Directory Ownership (Scored) # 9.2.14 Check for Duplicate UIDs (Scored) # 9.2.15 Check for Duplicate GIDs (Scored) # 9.2.16 Check for Duplicate User Names (Scored) # 9.2.17 Check for Duplicate Group Names (Scored) # 9.2.18 Check for Presence of User .netrc Files (Scored) # 9.2.19 Check for Presence of User .forward Files (Scored) # Other/Legacy Tests [CIS - RHEL6 - X.X.X - Account with empty password present {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/shadow -> r:^\w+::; [CIS - RHEL6 - X.X.X - User-mounted removable partition allowed on the console] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] f:/etc/security/console.perms -> r:^ \d+ ; f:/etc/security/console.perms -> r:^ \d+ ; [CIS - RHEL6 - X.X.X - Disable standard boot services - Kudzu hardware detection Enabled] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dkudzu$; [CIS - RHEL6 - X.X.X - Disable standard boot services - PostgreSQL server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dpostgresql$; [CIS - RHEL6 - X.X.X - Disable standard boot services - MySQL server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dmysqld$; [CIS - RHEL6 - X.X.X - Disable standard boot services - DNS server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dnamed$; [CIS - RHEL6 - X.X.X - Disable standard boot services - NetFS Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_6_Benchmark_v1.3.0.pdf] d:$rc_dirs -> ^S\d\dnetfs$; !36957 cis_rhel7_linux_rcl.txt # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2014 # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://www.gnu.org/licenses/gpl.html # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - p (process running) # - d (any file inside the directory) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for Red Hat / CentOS 7 # Based on CIS Benchmark for Red Hat Enterprise Linux 7 v1.1.0 # Vars $sshd_file=/etc/ssh/sshd_config; # RC scripts location $rc_dirs=/etc/rc.d/rc2.d,/etc/rc.d/rc3.d,/etc/rc.d/rc4.d,/etc/rc.d/rc5.d; [CIS - Testing against the CIS Red Hat Enterprise Linux 7 Benchmark v1.1.0] [any required] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/redhat-release -> r:^Red Hat Enterprise Linux \S+ release 7; f:/etc/redhat-release -> r:^CentOS && r:release 7; f:/etc/redhat-release -> r:^Cloud && r:release 7; f:/etc/redhat-release -> r:^Oracle && r:release 7; f:/etc/redhat-release -> r:^Better && r:release 7; f:/etc/redhat-release -> r:^OpenVZ && r:release 7; # 1.1.1 /tmp: partition [CIS - RHEL7 - Build considerations - Robust partition scheme - /tmp is not on its own partition] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:/tmp; # 1.1.2 /tmp: nodev [CIS - RHEL7 - 1.1.2 - Partition /tmp without 'nodev' set {CIS: 1.1.2 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nodev; # 1.1.3 /tmp: nosuid [CIS - RHEL7 - 1.1.3 - Partition /tmp without 'nosuid' set {CIS: 1.1.3 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nosuid; # 1.1.4 /tmp: noexec [CIS - RHEL7 - 1.1.4 - Partition /tmp without 'noexec' set {CIS: 1.1.4 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:noexec; # 1.1.5 Build considerations - Partition scheme. [CIS - RHEL7 - Build considerations - Robust partition scheme - /var is not on its own partition {CIS: 1.1.5 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r^# && !r:/var; # 1.1.6 bind mount /var/tmp to /tmp [CIS - RHEL7 - Build considerations - Robust partition scheme - /var/tmp is bound to /tmp {CIS: 1.1.6 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && !r:/var/tmp; # 1.1.7 /var/log: partition [CIS - RHEL7 - Build considerations - Robust partition scheme - /var/log is not on its own partition {CIS: 1.1.7 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && !r:/var/log; # 1.1.8 /var/log/audit: partition [CIS - RHEL7 - Build considerations - Robust partition scheme - /var/log/audit is not on its own partition {CIS: 1.1.8 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && !r:/var/log/audit; # 1.1.9 /home: partition [CIS - RHEL7 - Build considerations - Robust partition scheme - /home is not on its own partition {CIS: 1.1.9 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && !r:/home; # 1.1.10 /home: nodev [CIS - RHEL7 - 1.1.10 - Partition /home without 'nodev' set {CIS: 1.1.10 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/home && !r:nodev; # 1.1.11 nodev on removable media partitions (not scored) [CIS - RHEL7 - 1.1.11 - Removable partition /media without 'nodev' set {CIS: 1.1.11 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nodev; # 1.1.12 noexec on removable media partitions (not scored) [CIS - RHEL7 - 1.1.12 - Removable partition /media without 'noexec' set {CIS: 1.1.12 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:noexec; # 1.1.13 nosuid on removable media partitions (not scored) [CIS - RHEL7 - 1.1.13 - Removable partition /media without 'nosuid' set {CIS: 1.1.13 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nosuid; # 1.1.14 /dev/shm: nodev [CIS - RHEL7 - 1.1.14 - /dev/shm without 'nodev' set {CIS: 1.1.14 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:nodev; # 1.1.15 /dev/shm: nosuid [CIS - RHEL7 - 1.1.15 - /dev/shm without 'nosuid' set {CIS: 1.1.15 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:nosuid; # 1.1.16 /dev/shm: noexec [CIS - RHEL7 - 1.1.16 - /dev/shm without 'noexec' set {CIS: 1.1.16 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:noexec; # 1.1.17 sticky bit on world writable directories (Scored) # TODO # 1.1.18 disable cramfs (not scored) # 1.1.19 disable freevxfs (not scored) # 1.1.20 disable jffs2 (not scored) # 1.1.21 disable hfs (not scored) # 1.1.22 disable hfsplus (not scored) # 1.1.23 disable squashfs (not scored) # 1.1.24 disable udf (not scored) ########################################## # 1.2 Software Updates ########################################## # 1.2.1 Configure rhn updates (not scored) # 1.2.2 verify RPM gpg keys (Scored) # TODO # 1.2.3 verify gpgcheck enabled (Scored) # TODO # 1.2.4 Disable rhnsd (not scored) # 1.2.5 Obtain Software Package Updates with yum (Not Scored) # 1.2.6 Obtain updates with yum (not scored) ############################################### # 1.3 Advanced Intrusion Detection Environment ############################################### # # Skipped, this control is obsoleted by OSSEC # ############################################### # 1.4 Configure SELinux ############################################### # 1.4.1 enable selinux in /etc/grub.conf [CIS - RHEL7 - 1.4.1 - SELinux Disabled in /etc/grub.conf {CIS: 1.4.1 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/grub.conf -> r:selinux=0; f:/etc/grub2.cfg -> r:selinux=0; # 1.4.2 Set selinux state [CIS - RHEL7 - 1.4.2 - SELinux not set to enforcing {CIS: 1.4.2 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/selinux/config -> !r:SELINUX=enforcing; # 1.4.3 Set seliux policy [CIS - RHEL7 - 1.4.3 - SELinux policy not set to targeted {CIS: 1.4.3 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/selinux/config -> !r:SELINUXTYPE=targeted; # 1.4.4 Remove SETroubleshoot [CIS - RHEL7 - 1.4.4 - SELinux setroubleshoot enabled {CIS: 1.4.4 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dsetroubleshoot$; f:/usr/share/dbus-1/services/sealert.service -> r:Exec=/usr/bin/sealert; # 1.4.5 Disable MCS Translation service mcstrans [CIS - RHEL7 - 1.4.5 - SELinux mctrans enabled {CIS: 1.4.5 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dmctrans$; f:/usr/lib/systemd/system/mcstransd.service -> r:ExecStart=/usr/sbin/mcstransd; # 1.4.6 Check for unconfined daemons # TODO ############################################### # 1.5 Secure Boot Settings ############################################### # 1.5.1 Set User/Group Owner on /etc/grub.conf # TODO (no mode tests) # stat -L -c "%u %g" /boot/grub2/grub.cfg | egrep "0 0" # 1.5.2 Set Permissions on /etc/grub.conf (Scored) # TODO (no mode tests) # stat -L -c "%a" /boot/grub2/grub.cfg | egrep ".00" # 1.5.3 Set Boot Loader Password (Scored) [CIS - RHEL7 - 1.5.3 - GRUB Password not set {CIS: 1.5.3 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/boot/grub2/grub.cfg -> !r:^# && !r:password; ############################################### # 1.6 Additional Process Hardening ############################################### # 1.6.1 Restrict Core Dumps (Scored) [CIS - RHEL7 - 1.6.1 - Interactive Boot not disabled {CIS: 1.6.1 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/security/limits.conf -> !r:^# && !r:hard\.+core\.+0; # 1.6.1 Enable Randomized Virtual Memory Region Placement (Scored) # Note this is also labeled 1.6.1 in the CIS benchmark. [CIS - RHEL7 - 1.6.1 - Randomized Virtual Memory Region Placement not enabled {CIS: 1.6.3 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/proc/sys/kernel/randomize_va_space -> !r:^2$; ############################################### # 1.7 Use the Latest OS Release (Not Scored) ############################################### ############################################### # 2 OS Services ############################################### ############################################### # 2.1 Remove Legacy Services ############################################### # 2.1.1 Remove telnet-server (Scored) # TODO: detect it is installed at all [CIS - RHEL7 - 2.1.1 - Telnet enabled on xinetd {CIS: 2.1.1 RHEL7} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/telnet -> !r:^# && r:disable && r:no; f:/usr/lib/systemd/system/telnet@.service -> r:ExecStart=-/usr/sbin/in.telnetd; # 2.1.2 Remove telnet Clients (Scored) # TODO # 2.1.3 Remove rsh-server (Scored) [CIS - RHEL7 - 2.1.3 - rsh/rlogin/rcp enabled on xinetd {CIS: 2.1.3 RHEL7} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/rlogin -> !r:^# && r:disable && r:no; f:/etc/xinetd.d/rsh -> !r:^# && r:disable && r:no; f:/etc/xinetd.d/shell -> !r:^# && r:disable && r:no; # TODO (finish this) f:/usr/lib/systemd/system/rexec@.service -> r:ExecStart; f:/usr/lib/systemd/system/rlogin@.service -> r:ExecStart; f:/usr/lib/systemd/system/rsh@.service -> r:ExecStart; # 2.1.4 Remove rsh (Scored) # TODO # 2.1.5 Remove NIS Client (Scored) [CIS - RHEL7 - 2.1.5 - Disable standard boot services - NIS (client) Enabled {CIS: 2.1.5 RHEL7} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dypbind$; f:/usr/lib/systemd/system/ypbind.service -> r:Exec; # 2.1.6 Remove NIS Server (Scored) [CIS - RHEL7 - 2.1.6 - Disable standard boot services - NIS (server) Enabled {CIS: 2.1.6 RHEL7} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dypserv$; f:/usr/lib/systemd/system/ypserv.service -> r:Exec; # 2.1.7 Remove tftp (Scored) # TODO # 2.1.8 Remove tftp-server (Scored) [CIS - RHEL7 - 2.1.8 - tftpd enabled on xinetd {CIS: 2.1.8 RHEL7} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/tftpd -> !r:^# && r:disable && r:no; f:/usr/lib/systemd/system/tftp.service -> r:Exec; # 2.1.9 Remove talk (Scored) # TODO # 2.1.10 Remove talk-server (Scored) [CIS - RHEL7 - 2.1.10 - talk enabled on xinetd {CIS: 2.1.10 RHEL7} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/talk -> !r:^# && r:disable && r:no; f:/usr/lib/systemd/system/ntalk.service -> r:Exec; # 2.1.11 Remove xinetd (Scored) [CIS - RHEL7 - 2.1.11 - xinetd detected {CIS: 2.1.11 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/usr/lib/systemd/system/xinetd.service -> r:Exec; # 2.1.12 Disable chargen-dgram (Scored) [CIS - RHEL7 - 2.1.12 - chargen-dgram enabled on xinetd {CIS: 2.1.12 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/chargen-dgram -> !r:^# && r:disable && r:no; # 2.1.13 Disable chargen-stream (Scored) [CIS - RHEL7 - 2.1.13 - chargen-stream enabled on xinetd {CIS: 2.1.13 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/chargen-stream -> !r:^# && r:disable && r:no; # 2.1.14 Disable daytime-dgram (Scored) [CIS - RHEL7 - 2.1.14 - daytime-dgram enabled on xinetd {CIS: 2.1.14 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/daytime-dgram -> !r:^# && r:disable && r:no; # 2.1.15 Disable daytime-stream (Scored) [CIS - RHEL7 - 2.1.15 - daytime-stream enabled on xinetd {CIS: 2.1.15 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/daytime-stream -> !r:^# && r:disable && r:no; # 2.1.16 Disable echo-dgram (Scored) [CIS - RHEL7 - 2.1.16 - echo-dgram enabled on xinetd {CIS: 2.1.16 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/echo-dgram -> !r:^# && r:disable && r:no; # 2.1.17 Disable echo-stream (Scored) [CIS - RHEL7 - 2.1.17 - echo-stream enabled on xinetd {CIS: 2.1.17 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/echo-stream -> !r:^# && r:disable && r:no; # 2.1.18 Disable tcpmux-server (Scored) [CIS - RHEL7 - 2.1.18 - tcpmux-server enabled on xinetd {CIS: 2.1.18 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/tcpmux-server -> !r:^# && r:disable && r:no; ############################################### # 3 Special Purpose Services ############################################### # 3.1 Set Daemon umask (Scored) [CIS - RHEL7 - 3.1 - Set daemon umask - Default umask is higher than 027 {CIS: 3.1 RHEL7} {PCI_DSS: 2.2.2}] [all] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/sysconfig/init -> !r:^# && r:^umask && <:umask 027; # 3.2 Remove X Windows (Scored) [CIS - RHEL7 - 3.2 - X11 not disabled {CIS: 3.2 RHEL7} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] p:gdm-x-session; # 3.3 Disable Avahi Server (Scored) [CIS - RHEL7 - 3.2 - Avahi daemon not disabled {CIS: 3.3 RHEL7} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] p:avahi-daemon; # 3.4 Disable Print Server - CUPS (Not Scored) # 3.5 Remove DHCP Server (Scored) [CIS - RHEL7 - 3.5 - DHCPnot disabled {CIS: 3.5 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/usr/lib/systemd/system/dhcpd.service -> r:Exec; # 3.6 Configure Network Time Protocol (NTP) (Scored) [CIS - RHEL7 - 3.6 - NTPD not Configured {CIS: 3.6 RHEL7} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/ntp.conf -> r:restrict default kod nomodify notrap nopeer noquery && r:^server; f:/etc/sysconfig/ntpd -> r:OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid"; # 3.7 Remove LDAP (Not Scored) # 3.8 Disable NFS and RPC (Not Scored) [CIS - RHEL7 - 3.8 - Disable standard boot services - NFS Enabled {CIS: 3.8 RHEL7} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dnfs$; d:$rc_dirs -> ^S\d\dnfslock$; # 3.9 Remove DNS Server (Not Scored) # TODO # 3.10 Remove FTP Server (Not Scored) [CIS - RHEL7 - 3.10 - VSFTP enabled on xinetd {CIS: 3.10 RHEL7} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/vsftpd -> !r:^# && r:disable && r:no; # 3.11 Remove HTTP Server (Not Scored) [CIS - RHEL7 - 3.11 - Disable standard boot services - Apache web server Enabled {CIS: 3.11 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dhttpd$; # 3.12 Remove Dovecot (IMAP and POP3 services) (Not Scored) [CIS - RHEL7 - 3.12 - imap enabled on xinetd {CIS: 3.12 RHEL7} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/cyrus-imapd -> !r:^# && r:disable && r:no; [CIS - RHEL7 - 3.12 - pop3 enabled on xinetd {CIS: 3.12 RHEL7} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/dovecot -> !r:^# && r:disable && r:no; # 3.13 Remove Samba (Not Scored) [CIS - RHEL7 - 3.13 - Disable standard boot services - Samba Enabled {CIS: 3.13 RHEL7} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dsamba$; d:$rc_dirs -> ^S\d\dsmb$; # 3.14 Remove HTTP Proxy Server (Not Scored) [CIS - RHEL7 - 3.14 - Disable standard boot services - Squid Enabled {CIS: 3.14 RHEL7} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dsquid$; # 3.15 Remove SNMP Server (Not Scored) [CIS - RHEL7 - 3.15 - Disable standard boot services - SNMPD process Enabled {CIS: 3.15 RHEL7} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dsnmpd$; # 3.16 Configure Mail Transfer Agent for Local-Only Mode (Scored) # TODO ############################################### # 4 Network Configuration and Firewalls ############################################### ############################################### # 4.1 Modify Network Parameters (Host Only) ############################################### # 4.1.1 Disable IP Forwarding (Scored) [CIS - RHEL7 - 4.1.1 - Network parameters - IP Forwarding enabled {CIS: 4.1.1 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/ip_forward -> 1; f:/proc/sys/net/ipv6/ip_forward -> 1; # 4.1.2 Disable Send Packet Redirects (Scored) [CIS - RHEL7 - 4.1.2 - Network parameters - IP send redirects enabled {CIS: 4.1.2 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/send_redirects -> 1; f:/proc/sys/net/ipv4/conf/default/send_redirects -> 1; ############################################### # 4.2 Modify Network Parameters (Host and Router) ############################################### # 4.2.1 Disable Source Routed Packet Acceptance (Scored) [CIS - RHEL7 - 4.2.1 - Network parameters - Source routing accepted {CIS: 4.2.1 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/accept_source_route -> 1; # 4.2.2 Disable ICMP Redirect Acceptance (Scored) [CIS - RHEL7 - 4.2.2 - Network parameters - ICMP redirects accepted {CIS: 1.1.1 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/accept_redirects -> 1; f:/proc/sys/net/ipv4/conf/default/accept_redirects -> 1; # 4.2.3 Disable Secure ICMP Redirect Acceptance (Scored) [CIS - RHEL7 - 4.2.3 - Network parameters - ICMP secure redirects accepted {CIS: 4.2.3 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/secure_redirects -> 1; f:/proc/sys/net/ipv4/conf/default/secure_redirects -> 1; # 4.2.4 Log Suspicious Packets (Scored) [CIS - RHEL7 - 4.2.4 - Network parameters - martians not logged {CIS: 4.2.4 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/log_martians -> 0; # 4.2.5 Enable Ignore Broadcast Requests (Scored) [CIS - RHEL7 - 4.2.5 - Network parameters - ICMP broadcasts accepted {CIS: 4.2.5 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts -> 0; # 4.2.6 Enable Bad Error Message Protection (Scored) [CIS - RHEL7 - 4.2.6 - Network parameters - Bad error message protection not enabled {CIS: 4.2.6 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses -> 0; # 4.2.7 Enable RFC-recommended Source Route Validation (Scored) [CIS - RHEL7 - 4.2.7 - Network parameters - RFC Source route validation not enabled {CIS: 4.2.7 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/rp_filter -> 0; f:/proc/sys/net/ipv4/conf/default/rp_filter -> 0; # 4.2.8 Enable TCP SYN Cookies (Scored) [CIS - RHEL7 - 4.2.8 - Network parameters - SYN Cookies not enabled {CIS: 4.2.8 RHEL7} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/tcp_syncookies -> 0; ############################################### # 4.3 Wireless Networking ############################################### # 4.3.1 Deactivate Wireless Interfaces (Not Scored) ############################################### # 4.4 Disable ipv6 ############################################### ############################################### # 4.4.1 Configure IPv6 ############################################### # 4.4.1.1 Disable IPv6 Router Advertisements (Not Scored) # 4.4.1.2 Disable IPv6 Redirect Acceptance (Not Scored) # 4.4.2 Disable IPv6 (Not Scored) ############################################### # 4.5 Install TCP Wrappers ############################################### # 4.5.1 Install TCP Wrappers (Not Scored) # 4.5.2 Create /etc/hosts.allow (Not Scored) # 4.5.3 Verify Permissions on /etc/hosts.allow (Scored) # TODO # 4.5.4 Create /etc/hosts.deny (Not Scored) # 4.5.5 Verify Permissions on /etc/hosts.deny (Scored) # TODO ############################################### # 4.6 Uncommon Network Protocols ############################################### # 4.6.1 Disable DCCP (Not Scored) # 4.6.2 Disable SCTP (Not Scored) # 4.6.3 Disable RDS (Not Scored) # 4.6.4 Disable TIPC (Not Scored) # 4.7 Enable IPtables (Scored) #[CIS - RHEL7 - 4.7 - Uncommon Network Protocols - Firewalld not enabled {CIS: 4.7 RHEL7}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] #f:/usr/lib/systemd/system/firewalld.service -> TODO; ############################################### # 5 Logging and Auditing ############################################### ############################################### # 5.1 Configure Syslog ############################################### # 5.1.1 Install the rsyslog package (Scored) # TODO # 5.1.2 Activate the rsyslog Service (Scored) # TODO # 5.1.3 Configure /etc/rsyslog.conf (Not Scored) # 5.1.4 Create and Set Permissions on rsyslog Log Files (Scored) # 5.1.5 Configure rsyslog to Send Logs to a Remote Log Host (Scored) # 5.1.6 Accept Remote rsyslog Messages Only on Designated Log Hosts (Not Scored) ############################################### # 5.2 Configure System Accounting (auditd) ############################################### ############################################### # 5.2.1 Configure Data Retention ############################################### # 5.2.1.1 Configure Audit Log Storage Size (Not Scored) # 5.2.1.2 Disable System on Audit Log Full (Not Scored) # 5.2.1.3 Keep All Auditing Information (Scored) # 5.2.2 Enable auditd Service (Scored) # 5.2.3 Enable Auditing for Processes That Start Prior to auditd (Scored) # 5.2.4 Record Events That Modify Date and Time Information (Scored) # 5.2.5 Record Events That Modify User/Group Information (Scored) # 5.2.6 Record Events That Modify the System’s Network Environment (Scored) # 5.2.7 Record Events That Modify the System’s Mandatory Access Controls (Scored) # 5.2.8 Collect Login and Logout Events (Scored) # 5.2.9 Collect Session Initiation Information (Scored) # 5.2.10 Collect Discretionary Access Control Permission Modification Events (Scored) # 5.2.11 Collect Unsuccessful Unauthorized Access Attempts to Files (Scored) # 5.2.12 Collect Use of Privileged Commands (Scored) # 5.2.13 Collect Successful File System Mounts (Scored) # 5.2.14 Collect File Deletion Events by User (Scored) # 5.2.15 Collect Changes to System Administration Scope (sudoers) (Scored) # 5.2.16 Collect System Administrator Actions (sudolog) (Scored) # 5.2.17 Collect Kernel Module Loading and Unloading (Scored) # 5.2.18 Make the Audit Configuration Immutable (Scored) # 5.3 Configure logrotate (Not Scored) ############################################### # 6 System Access, Authentication and Authorization ############################################### ############################################### # 6.1 Configure cron and anacron ############################################### # 6.1.1 Enable anacron Daemon (Scored) # 6.1.2 Enable cron Daemon (Scored) # 6.1.3 Set User/Group Owner and Permission on /etc/anacrontab (Scored) # 6.1.4 Set User/Group Owner and Permission on /etc/crontab (Scored) # 6.1.5 Set User/Group Owner and Permission on /etc/cron.hourly (Scored) # 6.1.6 Set User/Group Owner and Permission on /etc/cron.daily (Scored) # 6.1.7 Set User/Group Owner and Permission on /etc/cron.weekly (Scored) # 6.1.8 Set User/Group Owner and Permission on /etc/cron.monthly (Scored) # 6.1.9 Set User/Group Owner and Permission on /etc/cron.d (Scored) # 6.1.10 Restrict at Daemon (Scored) # 6.1.11 Restrict at/cron to Authorized Users (Scored) ############################################### # 6.2 Configure SSH ############################################### # 6.2.1 Set SSH Protocol to 2 (Scored) [CIS - RHEL7 - 6.2.1 - SSH Configuration - Protocol version 1 enabled {CIS: 6.2.1 RHEL7} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:Protocol\.+1; # 6.2.2 Set LogLevel to INFO (Scored) [CIS - RHEL7 - 6.2.1 - SSH Configuration - Protocol version 1 enabled {CIS: 6.2.1 RHEL7} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && !r:LogLevel\.+INFO; # 6.2.3 Set Permissions on /etc/ssh/sshd_config (Scored) # TODO # 6.2.4 Disable SSH X11 Forwarding (Scored) # TODO # 6.2.5 Set SSH MaxAuthTries to 4 or Less (Scored) [CIS - RHEL7 - 6.2.5 - SSH Configuration - Set SSH MaxAuthTries to 4 or Less {CIS - RHEL7 - 6.2.5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:$sshd_file -> !r:^\s*MaxAuthTries\s+4\s*$; # 6.2.6 Set SSH IgnoreRhosts to Yes (Scored) [CIS - RHEL7 - 6.2.6 - SSH Configuration - IgnoreRHosts disabled {CIS: 6.2.6 RHEL7} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:IgnoreRhosts\.+no; # 6.2.7 Set SSH HostbasedAuthentication to No (Scored) [CIS - RHEL7 - 6.2.7 - SSH Configuration - Host based authentication enabled {CIS: 6.2.7 RHEL7} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:HostbasedAuthentication\.+yes; # 6.2.8 Disable SSH Root Login (Scored) [CIS - RHEL7 - 6.2.8 - SSH Configuration - Root login allowed {CIS: 6.2.8 RHEL7} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:$sshd_file -> !r:^\s*PermitRootLogin\.+no; # 6.2.9 Set SSH PermitEmptyPasswords to No (Scored) [CIS - RHEL7 - 6.2.9 - SSH Configuration - Empty passwords permitted {CIS: 6.2.9 RHEL7} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:$sshd_file -> !r:^\s*PermitEmptyPasswords\.+no; # 6.2.10 Do Not Allow Users to Set Environment Options (Scored) # 6.2.11 Use Only Approved Ciphers in Counter Mode (Scored) # 6.2.12 Set Idle Timeout Interval for User Login (Not Scored) # 6.2.13 Limit Access via SSH (Scored) # 6.2.14 Set SSH Banner (Scored) ############################################### # 6.3 Configure PAM ############################################### # 6.3.1 Upgrade Password Hashing Algorithm to SHA-512 (Scored) # authconfig --test | grep hashing | grep sha512 # 6.3.2 Set Password Creation Requirement Parameters Using pam_cracklib (Scored) # 6.3.3 Set Lockout for Failed Password Attempts (Not Scored) # 6.3.4 Limit Password Reuse (Scored) # 6.4 Restrict root Login to System Console (Not Scored) # 6.5 Restrict Access to the su Command (Scored) ############################################### # 7 User Accounts and Environment ############################################### ############################################### # 7.1 Set Shadow Password Suite Parameters (/etc/login.defs) ############################################### # 7.1.1 Set Password Expiration Days (Scored) # 7.1.2 Set Password Change Minimum Number of Days (Scored) # 7.1.3 Set Password Expiring Warning Days (Scored) # 7.2 Disable System Accounts (Scored) # 7.3 Set Default Group for root Account (Scored) # 7.4 Set Default umask for Users (Scored) # 7.5 Lock Inactive User Accounts (Scored) ############################################### # 8 Warning Banners ############################################### ############################################### # 8.1 Warning Banners for Standard Login Services ############################################### # 8.1 Set Warning Banner for Standard Login Services (Scored) # 8.2 Remove OS Information from Login Warning Banners (Scored) # 8.3 Set GNOME Warning Banner (Not Scored) ############################################### # 9 System Maintenance ############################################### ############################################### # 9.1 Verify System File Permissions ############################################### # 9.1.1 Verify System File Permissions (Not Scored) # 9.1.2 Verify Permissions on /etc/passwd (Scored) # 9.1.3 Verify Permissions on /etc/shadow (Scored) # 9.1.4 Verify Permissions on /etc/gshadow (Scored) # 9.1.5 Verify Permissions on /etc/group (Scored) # 9.1.6 Verify User/Group Ownership on /etc/passwd (Scored) # 9.1.7 Verify User/Group Ownership on /etc/shadow (Scored) # 9.1.8 Verify User/Group Ownership on /etc/gshadow (Scored) # 9.1.9 Verify User/Group Ownership on /etc/group (Scored) # 9.1.10 Find World Writable Files (Not Scored) # 9.1.11 Find Un-owned Files and Directories (Scored) # 9.1.12 Find Un-grouped Files and Directories (Scored) # 9.1.13 Find SUID System Executables (Not Scored) # 9.1.14 Find SGID System Executables (Not Scored) ############################################### # 9.2 Review User and Group Settings ############################################### # 9.2.1 Ensure Password Fields are Not Empty (Scored) # 9.2.2 Verify No Legacy "+" Entries Exist in /etc/passwd File (Scored) # 9.2.3 Verify No Legacy "+" Entries Exist in /etc/shadow File (Scored) # 9.2.4 Verify No Legacy "+" Entries Exist in /etc/group File (Scored) # 9.2.5 Verify No UID 0 Accounts Exist Other Than root (Scored) [CIS - RHEL7 - 9.2.5 - Non-root account with uid 0 {CIS: 9.2.5 RHEL7} {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/passwd -> !r:^# && !r:^root: && r:^\w+:\w+:0:; # 9.2.6 Ensure root PATH Integrity (Scored) # 9.2.7 Check Permissions on User Home Directories (Scored) # 9.2.8 Check User Dot File Permissions (Scored) # 9.2.9 Check Permissions on User .netrc Files (Scored) # 9.2.10 Check for Presence of User .rhosts Files (Scored) # 9.2.11 Check Groups in /etc/passwd (Scored) # 9.2.12 Check That Users Are Assigned Valid Home Directories (Scored) # 9.2.13 Check User Home Directory Ownership (Scored) # 9.2.14 Check for Duplicate UIDs (Scored) # 9.2.15 Check for Duplicate GIDs (Scored) # 9.2.16 Check That Reserved UIDs Are Assigned to System Accounts (Scored) # 9.2.17 Check for Duplicate User Names (Scored) # 9.2.18 Check for Duplicate Group Names (Scored) # 9.2.19 Check for Presence of User .netrc Files (Scored) # 9.2.20 Check for Presence of User .forward Files (Scored) # Other/Legacy Tests [CIS - RHEL7 - X.X.X - Account with empty password present {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/shadow -> r:^\w+::; [CIS - RHEL7 - X.X.X - User-mounted removable partition allowed on the console] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] f:/etc/security/console.perms -> r:^ \d+ ; f:/etc/security/console.perms -> r:^ \d+ ; [CIS - RHEL7 - X.X.X - Disable standard boot services - Kudzu hardware detection Enabled] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dkudzu$; [CIS - RHEL7 - X.X.X - Disable standard boot services - PostgreSQL server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dpostgresql$; [CIS - RHEL7 - X.X.X - Disable standard boot services - MySQL server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dmysqld$; [CIS - RHEL7 - X.X.X - Disable standard boot services - DNS server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dnamed$; [CIS - RHEL7 - X.X.X - Disable standard boot services - NetFS Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dnetfs$; !17658 cis_rhel_linux_rcl.txt # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2014 # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://www.gnu.org/licenses/gpl.html # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - p (process running) # - d (any file inside the directory) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for Red Hat (RHEL 2.1, 3.0, 4.0 and Fedora Core 1,2,3,4 and 5). # Based on CIS Benchmark for Red Hat Enterprise Linux v1.0.5 # RC scripts location $rc_dirs=/etc/rc.d/rc2.d,/etc/rc.d/rc3.d,/etc/rc.d/rc4.d,/etc/rc.d/rc5.d; # Main one. Only valid for Red Hat/Fedora. [CIS - Testing against the CIS Red Hat Enterprise Linux Benchmark v1.0.5] [any required] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/redhat-release -> r:^Red Hat Enterprise Linux \S+ release 4; f:/etc/redhat-release -> r:^Red Hat Enterprise Linux \S+ release 3; f:/etc/redhat-release -> r:^Red Hat Enterprise Linux \S+ release 2.1; f:/etc/fedora-release -> r:^Fedora && r:release 1; f:/etc/fedora-release -> r:^Fedora && r:release 2; f:/etc/fedora-release -> r:^Fedora && r:release 3; f:/etc/fedora-release -> r:^Fedora && r:release 4; f:/etc/fedora-release -> r:^Fedora && r:release 5; # Build considerations - Partition scheme. [CIS - Red Hat Linux - - Build considerations - Robust partition scheme - /var is not on its own partition] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/fstab -> !r:/var; [CIS - Red Hat Linux - - Build considerations - Robust partition scheme - /home is not on its own partition] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/fstab -> !r:/home; # Section 1.3 - SSH configuration [CIS - Red Hat Linux - 1.3 - SSH Configuration - Protocol version 1 enabled {CIS: 1.3 Red Hat Linux} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:Protocol\.+1; [CIS - Red Hat Linux - 1.3 - SSH Configuration - IgnoreRHosts disabled {CIS: 1.3 Red Hat Linux} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:IgnoreRhosts\.+no; [CIS - Red Hat Linux - 1.3 - SSH Configuration - Empty passwords permitted {CIS: 1.3 Red Hat Linux} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:^PermitEmptyPasswords\.+yes; [CIS - Red Hat Linux - 1.3 - SSH Configuration - Host based authentication enabled {CIS: 1.3 Red Hat Linux} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:HostbasedAuthentication\.+yes; [CIS - Red Hat Linux - 1.3 - SSH Configuration - Root login allowed {CIS: 1.3 Red Hat Linux} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:PermitRootLogin\.+yes; # Section 1.4 Enable system accounting #[CIS - Red Hat Linux - 1.4 - System Accounting - Sysstat not installed] [all] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] #f:!/var/log/sa; # Section 2.5 Install and run Bastille #[CIS - Red Hat Linux - 1.5 - System harderning - Bastille is not installed] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] #f:!/etc/Bastille; # Section 2 - Minimize xinetd services [CIS - Red Hat Linux - 2.3 - Telnet enabled on xinetd {CIS: 2.3 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/xinetd.c/telnet -> !r:^# && r:disable && r:no; [CIS - Red Hat Linux - 2.4 - VSFTP enabled on xinetd {CIS: 2.4 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/xinetd.c/vsftpd -> !r:^# && r:disable && r:no; [CIS - Red Hat Linux - 2.4 - WU-FTP enabled on xinetd {CIS: 2.4 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/xinetd.c/wu-ftpd -> !r:^# && r:disable && r:no; [CIS - Red Hat Linux - 2.5 - rsh/rlogin/rcp enabled on xinetd {CIS: 2.5 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/xinetd.c/rlogin -> !r:^# && r:disable && r:no; f:/etc/xinetd.c/rsh -> !r:^# && r:disable && r:no; f:/etc/xinetd.c/shell -> !r:^# && r:disable && r:no; [CIS - Red Hat Linux - 2.6 - tftpd enabled on xinetd {CIS: 2.6 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/xinetd.c/tftpd -> !r:^# && r:disable && r:no; [CIS - Red Hat Linux - 2.7 - imap enabled on xinetd {CIS: 2.7 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/xinetd.c/imap -> !r:^# && r:disable && r:no; f:/etc/xinetd.c/imaps -> !r:^# && r:disable && r:no; [CIS - Red Hat Linux - 2.8 - pop3 enabled on xinetd {CIS: 2.8 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/xinetd.c/ipop3 -> !r:^# && r:disable && r:no; f:/etc/xinetd.c/pop3s -> !r:^# && r:disable && r:no; # Section 3 - Minimize boot services [CIS - Red Hat Linux - 3.1 - Set daemon umask - Default umask is higher than 027 {CIS: 3.1 Red Hat Linux}] [all] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/init.d/functions -> !r:^# && r:^umask && >:umask 027; [CIS - Red Hat Linux - 3.4 - GUI login enabled {CIS: 3.4 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/inittab -> !r:^# && r:id:5; [CIS - Red Hat Linux - 3.7 - Disable standard boot services - Samba Enabled {CIS: 3.7 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dsamba$; d:$rc_dirs -> ^S\d\dsmb$; [CIS - Red Hat Linux - 3.8 - Disable standard boot services - NFS Enabled {CIS: 3.8 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dnfs$; d:$rc_dirs -> ^S\d\dnfslock$; [CIS - Red Hat Linux - 3.10 - Disable standard boot services - NIS Enabled {CIS: 3.10 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dypbind$; d:$rc_dirs -> ^S\d\dypserv$; [CIS - Red Hat Linux - 3.13 - Disable standard boot services - NetFS Enabled {CIS: 3.13 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dnetfs$; [CIS - Red Hat Linux - 3.15 - Disable standard boot services - Apache web server Enabled {CIS: 3.15 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dapache$; d:$rc_dirs -> ^S\d\dhttpd$; [CIS - Red Hat Linux - 3.15 - Disable standard boot services - TUX web server Enabled {CIS: 3.15 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dtux$; [CIS - Red Hat Linux - 3.16 - Disable standard boot services - SNMPD process Enabled {CIS: 3.16 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dsnmpd$; [CIS - Red Hat Linux - 3.17 - Disable standard boot services - DNS server Enabled {CIS: 3.17 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dnamed$; [CIS - Red Hat Linux - 3.18 - Disable standard boot services - MySQL server Enabled {CIS: 3.18 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dmysqld$; [CIS - Red Hat Linux - 3.18 - Disable standard boot services - PostgreSQL server Enabled {CIS: 3.18 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dpostgresql$; [CIS - Red Hat Linux - 3.19 - Disable standard boot services - Webmin Enabled {CIS: 3.19 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dwebmin$; [CIS - Red Hat Linux - 3.20 - Disable standard boot services - Squid Enabled {CIS: 3.20 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dsquid$; [CIS - Red Hat Linux - 3.21 - Disable standard boot services - Kudzu hardware detection Enabled {CIS: 3.21 Red Hat Linux} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] d:$rc_dirs -> ^S\d\dkudzu$; # Section 4 - Kernel tuning [CIS - Red Hat Linux - 4.1 - Network parameters - Source routing accepted {CIS: 4.1 Red Hat Linux}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/proc/sys/net/ipv4/conf/all/accept_source_route -> 1; [CIS - Red Hat Linux - 4.1 - Network parameters - ICMP broadcasts accepted {CIS: 4.1 Red Hat Linux}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts -> 0; [CIS - Red Hat Linux - 4.2 - Network parameters - IP Forwarding enabled {CIS: 4.2 Red Hat Linux}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/proc/sys/net/ipv4/ip_forward -> 1; f:/proc/sys/net/ipv6/ip_forward -> 1; # Section 6 - Permissions [CIS - Red Hat Linux - 6.1 - Partition /var without 'nodev' set {CIS: 6.1 Red Hat Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/fstab -> !r:^# && r:ext2|ext3 && r:/var && !r:nodev; [CIS - Red Hat Linux - 6.1 - Partition /tmp without 'nodev' set {CIS: 6.1 Red Hat Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/fstab -> !r:^# && r:ext2|ext3 && r:/tmp && !r:nodev; [CIS - Red Hat Linux - 6.1 - Partition /opt without 'nodev' set {CIS: 6.1 Red Hat Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/fstab -> !r:^# && r:ext2|ext3 && r:/opt && !r:nodev; [CIS - Red Hat Linux - 6.1 - Partition /home without 'nodev' set {CIS: 6.1 Red Hat Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/fstab -> !r:^# && r:ext2|ext3 && r:/home && !r:nodev ; [CIS - Red Hat Linux - 6.2 - Removable partition /media without 'nodev' set {CIS: 6.2 Red Hat Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nodev; [CIS - Red Hat Linux - 6.2 - Removable partition /media without 'nosuid' set {CIS: 6.2 Red Hat Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nosuid; [CIS - Red Hat Linux - 6.3 - User-mounted removable partition allowed on the console {CIS: 6.3 Red Hat Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/security/console.perms -> r:^ \d+ ; f:/etc/security/console.perms -> r:^ \d+ ; # Section 7 - Access and authentication [CIS - Red Hat Linux - 7.8 - LILO Password not set {CIS: 7.8 Red Hat Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/lilo.conf -> !r:^# && !r:restricted; f:/etc/lilo.conf -> !r:^# && !r:password=; [CIS - Red Hat Linux - 7.8 - GRUB Password not set {CIS: 7.8 Red Hat Linux} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/boot/grub/menu.lst -> !r:^# && !r:password; [CIS - Red Hat Linux - 8.2 - Account with empty password present {CIS: 8.2 Red Hat Linux} {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/shadow -> r:^\w+::; [CIS - Red Hat Linux - SN.11 - Non-root account with uid 0 {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_RHLinux_Benchmark_v1.0.5.pdf] f:/etc/passwd -> !r:^# && !r:^root: && r:^\w+:\w+:0:; # Tests specific for VMware ESX - Runs on Red Hat Linux - # Will not be tested anywhere else. [VMware ESX - Testing against the Security Harderning benchmark VI3 for ESX 3.5] [any required] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] f:/etc/vmware-release -> r:^VMware ESX; # Virtual Machine Files and Settings - 1 # 1.1 [VMware ESX - VM settings - Copy operation between guest and console enabled] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> !r:^isolation.tools.copy.disable; d:/vmfs/volumes -> .vmx$ -> r:^isolation.tools.copy.disable && r:false; # 1.2 [VMware ESX - VM settings - Paste operation between guest and console enabled] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> !r:^isolation.tools.paste.disable; d:/vmfs/volumes -> .vmx$ -> r:^isolation.tools.paste.disable && r:false; # 1.3 [VMware ESX - VM settings - GUI Options enabled] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> r:^isolation.tools.setGUIOptions.enable && r:true; # 1.4 [VMware ESX - VM settings - Data Flow from the Virtual Machine to the Datastore not limited - Rotate size not 100KB] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> !r:^log.rotateSize; d:/vmfs/volumes -> .vmx$ -> r:^log.rotateSize && !r:"100000"; # 1.5 [VMware ESX - VM settings - Data Flow from the Virtual Machine to the Datastore not limited - Maximum number of logs not 10] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> !r:^log.keepOld; d:/vmfs/volumes -> .vmx$ -> r:^log.keepOld && r:"10"; # 1.6 [VMware ESX - VM settings - Data Flow from the Virtual Machine to the Datastore not limited - Guests allowed to write SetInfo data to config] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> !r:^isolation.tools.setinfo.disable; d:/vmfs/volumes -> .vmx$ -> r:^isolation.tools.setinfo.disable && r:false; # 1.7 [VMware ESX - VM settings - Nonpersistent Disks being used] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> r:^scsi\d:\d.mode && r:!independent-nonpersistent; # 1.8 [VMware ESX - VM settings - Floppy drive present] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> r:^floppy\d+.present && r:!false; [VMware ESX - VM settings - Serial port present] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> r:^serial\d+.present && r:!false; [VMware ESX - VM settings - Parallel port present] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> r:^parallel\d+.present && r:!false; # 1.9 [VMware ESX - VM settings - Unauthorized Removal or Connection of Devices allowed] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> !r:^Isolation.tools.connectable.disable; d:/vmfs/volumes -> .vmx$ -> r:^Isolation.tools.connectable.disable && r:false; # 1.10 [VMware ESX - VM settings - Avoid Denial of Service Caused by Virtual Disk Modification Operations - diskWiper enabled] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> !r:^isolation.tools.diskWiper.disable; d:/vmfs/volumes -> .vmx$ -> r:^isolation.tools.diskWiper.disable && r:false; [VMware ESX - VM settings - Avoid Denial of Service Caused by Virtual Disk Modification Operations - diskShrink enabled] [any] [http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf] d:/vmfs/volumes -> .vmx$ -> !r:^isolation.tools.diskShrink.disable; d:/vmfs/volumes -> .vmx$ -> r:^isolation.tools.diskShrink.disable && r:false; # Configuring the Service Console in ESX 3.5 - 2 # 2.1 !34376 cis_sles11_linux_rcl.txt # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2014 # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://www.gnu.org/licenses/gpl.html # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - p (process running) # - d (any file inside the directory) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for SUSE SLES 11 # Based on CIS Benchmark for SUSE Linux Enterprise Server 11 v1.1.0 # RC scripts location $rc_dirs=/etc/rc.d/rc2.d,/etc/rc.d/rc3.d,/etc/rc.d/rc4.d,/etc/rc.d/rc5.d; [CIS - Testing against the CIS SUSE Linux Enterprise Server 11 Benchmark v1.1.0] [any required] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/os-release -> r:^PRETTY_NAME="SUSE Linux Enterprise Server 11"; f:/etc/os-release -> r:^PRETTY_NAME="SUSE Linux Enterprise Server 11 SP1"; f:/etc/os-release -> r:^PRETTY_NAME="SUSE Linux Enterprise Server 11 SP2"; f:/etc/os-release -> r:^PRETTY_NAME="SUSE Linux Enterprise Server 11 SP3"; f:/etc/os-release -> r:^PRETTY_NAME="SUSE Linux Enterprise Server 11 SP4"; # 2.1 /tmp: partition [CIS - SLES11 - 2.1 - Build considerations - Robust partition scheme - /tmp is not on its own partition {CIS: 2.2 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:/tmp; # 2.2 /tmp: nodev [CIS - SLES11 - 2.2 - Partition /tmp without 'nodev' set {CIS: 2.2 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nodev; # 2.3 /tmp: nosuid [CIS - SLES11 - 2.3 - Partition /tmp without 'nosuid' set {CIS: 2.3 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nosuid; # 2.4 /tmp: noexec [CIS - SLES11 - 2.4 - Partition /tmp without 'noexec' set {CIS: 2.4 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nodev; # 2.5 Build considerations - Partition scheme. [CIS - SLES11 - Build considerations - Robust partition scheme - /var is not on its own partition {CIS: 2.5 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r^# && !r:/var; # 2.6 bind mount /var/tmp to /tmp [CIS - SLES11 - Build considerations - Robust partition scheme - /var/tmp is bound to /tmp {CIS: 2.6 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> r:^# && !r:/var/tmp && !r:bind; # 2.7 /var/log: partition [CIS - SLES11 - Build considerations - Robust partition scheme - /var/log is not on its own partition {CIS: 2.7 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> ^# && !r:/var/log; # 2.8 /var/log/audit: partition [CIS - SLES11 - Build considerations - Robust partition scheme - /var/log/audit is not on its own partition {CIS: 2.8 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> ^# && !r:/var/log/audit; # 2.9 /home: partition [CIS - SLES11 - Build considerations - Robust partition scheme - /home is not on its own partition {CIS: 2.9 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> ^# && !r:/home; # 2.10 /home: nodev [CIS - SLES11 - 2.10 - Partition /home without 'nodev' set {CIS: 2.10 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/home && !r:nodev; # 2.11 nodev on removable media partitions (not scored) [CIS - SLES11 - 2.11 - Removable partition /media without 'nodev' set {CIS: 2.11 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nodev; # 2.12 noexec on removable media partitions (not scored) [CIS - SLES11 - 2.12 - Removable partition /media without 'noexec' set {CIS: 2.12 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:noexec; # 2.13 nosuid on removable media partitions (not scored) [CIS - SLES11 - 2.13 - Removable partition /media without 'nosuid' set {CIS: 2.13 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nosuid; # 2.14 /dev/shm: nodev [CIS - SLES11 - 2.14 - /dev/shm without 'nodev' set {CIS: 2.14 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:nodev; # 2.15 /dev/shm: nosuid [CIS - SLES11 - 2.15 - /dev/shm without 'nosuid' set {CIS: 2.15 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:nosuid; # 2.16 /dev/shm: noexec [CIS - SLES11 - 2.16 - /dev/shm without 'noexec' set {CIS: 2.16 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:noexec; # 2.17 sticky bit on world writable directories (Scored) # TODO # 2.18 disable cramfs (not scored) # 2.19 disable freevxfs (not scored) # 2.20 disable jffs2 (not scored) # 2.21 disable hfs (not scored) # 2.22 disable hfsplus (not scored) # 2.23 disable squashfs (not scored) # 2.24 disable udf (not scored) # 2.25 disable automounting (Scored) # TODO ############################################### # 3 Secure Boot Settings ############################################### # 3.1 Set User/Group Owner on /etc/grub.conf # TODO (no mode tests) # stat -L -c "%u %g" /boot/grub2/grub.cfg | egrep "0 0" # 3.2 Set Permissions on /etc/grub.conf (Scored) # TODO (no mode tests) # stat -L -c "%a" /boot/grub2/grub.cfg | egrep ".00" # 3.3 Set Boot Loader Password (Scored) [CIS - SLES11 - 3.3 - GRUB Password not set {CIS: 3.3 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/boot/grub2/grub.cfg -> !r:^# && !r:password; # 3.4 Require Authentication for Single-User Mode (Scored) # 3.5 Disable Interactive Boot (Scored) ############################################### # 4 Additional Process Hardening ############################################### # 4.1 Restrict Core Dumps (Scored) [CIS - SLES11 - 4.1 - Interactive Boot not disabled {CIS: 4.1 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/security/limits.conf -> !r:^# && !r:hard\.+core\.+0; # 4.2 Enable XD/NX Support on 32-bit x86 Systems (Not Scored) # TODO # 4.3 Enable Randomized Virtual Memory Region Placement (Scored) [CIS - SLES11 - 4.3 - Randomized Virtual Memory Region Placement not enabled {CIS: 4.3 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/proc/sys/kernel/randomize_va_space -> 2; # 4.4 Disable Prelink (Scored) # TODO # 4.5 Activate AppArmor (Scored) # TODO ############################################### # 5 OS Services ############################################### ############################################### # 5.1 Remove Legacy Services ############################################### # 5.1.1 Remove NIS Server (Scored) [CIS - SLES11 - 5.1.1 - Disable standard boot services - NIS (server) Enabled {CIS: 5.1.1 SLES11} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dypserv$; # 5.1.2 Remove NIS Client (Scored) [CIS - SLES11 - 5.1.2 - Disable standard boot services - NIS (client) Enabled {CIS: 51.2 SLES11} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dypbind$; # 5.1.3 Remove rsh-server (Scored) [CIS - SLES11 - 5.1.3 - rsh/rlogin/rcp enabled on xinetd {CIS: 5.1.3 SLES11} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/rlogin -> !r:^# && r:disable && r:no; f:/etc/xinetd.d/rsh -> !r:^# && r:disable && r:no; f:/etc/xinetd.d/shell -> !r:^# && r:disable && r:no; # 5.1.4 Remove rsh client (Scored) # TODO # 5.1.5 Remove talk-server (Scored) [CIS - SLES11 - 5.1.5 - talk enabled on xinetd {CIS: 5.1.5 SLES11} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/talk -> !r:^# && r:disable && r:no; # 5.1.6 Remove talk client (Scored) # TODO # 5.1.7 Remove telnet-server (Scored) # TODO: detect it is installed at all [CIS - SLES11 - 5.1.7 - Telnet enabled on xinetd {CIS: 5.1.7 SLES11} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/telnet -> !r:^# && r:disable && r:no; # 5.1.8 Remove tftp-server (Scored) [CIS - SLES11 - 5.1.8 - tftpd enabled on xinetd {CIS: 5.1.8 SLES11} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/tftpd -> !r:^# && r:disable && r:no; # 5.1.9 Remove xinetd (Scored) [CIS - SLES11 - 5.1.9 - xinetd detected {CIS: 5.1.9 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] # 5.2 Disable chargen-udp (Scored) [CIS - SLES11 - 5.2 - chargen-udp enabled on xinetd {CIS: 5.2 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/chargen-udp -> !r:^# && r:disable && r:no; # 5.3 Disable chargen (Scored) [CIS - SLES11 - 5.3 - chargen enabled on xinetd {CIS: 5.3 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/chargen -> !r:^# && r:disable && r:no; # 5.4 Disable daytime-udp (Scored) [CIS - SLES11 - 5.4 - daytime-udp enabled on xinetd {CIS: 5.4 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/daytime-udp -> !r:^# && r:disable && r:no; # 5.5 Disable daytime (Scored) [CIS - SLES11 - 5.5 - daytime enabled on xinetd {CIS: 5.5 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/daytime -> !r:^# && r:disable && r:no; # 5.6 Disable echo-udp (Scored) [CIS - SLES11 - 5.6 - echo-udp enabled on xinetd {CIS: 5.6 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/echo-udp -> !r:^# && r:disable && r:no; # 5.7 Disable echo (Scored) [CIS - SLES11 - 5.7 - echo enabled on xinetd {CIS: 5.7 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/echo -> !r:^# && r:disable && r:no; # 5.8 Disable discard-udp (Scored) [CIS - SLES11 - 5.8 - discard-udp enabled on xinetd {CIS: 5.8 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/discard-udp -> !r:^# && r:disable && r:no; # 5.9 Disable discard (Scored) [CIS - SLES11 - 5.9 - discard enabled on xinetd {CIS: 5.9 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/discard -> !r:^# && r:disable && r:no; # 5.10 Disable time-udp (Scored) [CIS - SLES11 - 5.10 - time-udp enabled on xinetd {CIS: 5.10 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/time-udp -> !r:^# && r:disable && r:no; # 5.11 Disable time (Scored) [CIS - SLES11 - 5.11 - time enabled on xinetd {CIS: 5.11 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/time -> !r:^# && r:disable && r:no; ############################################### # 6 Special Purpose Services ############################################### # 6.1 Remove X Windows (Scored) [CIS - SLES11 - 6.1 - X11 not disabled {CIS: 6.1 SLES11} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/inittab -> !r:^# && r:id:5; # 6.2 Disable Avahi Server (Scored) [CIS - SLES11 - 6.2 - Avahi daemon not disabled {CIS: 6.2 SLES11} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] p:avahi-daemon; # 6.3 Disable Print Server - CUPS (Not Scored) #TODO # 6.4 Remove DHCP Server (Scored) #[CIS - SLES11 - 6.4 - DHCPnot disabled {CIS: 6.4 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dhcpd$; d:$rc_dirs -> ^S\d\dhcpd6$; # 6.5 Configure Network Time Protocol (NTP) (Scored) #TODO Chrony [CIS - SLES11 - 6.5 - NTPD not Configured {CIS: 6.5 SLES11} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/ntp.conf -> r:restrict default kod nomodify notrap nopeer noquery && r:^server; f:/etc/sysconfig/ntpd -> r:OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid"; # 6.6 Remove LDAP (Not Scored) #TODO # 6.7 Disable NFS and RPC (Not Scored) [CIS - SLES11 - 6.7 - Disable standard boot services - NFS Enabled {CIS: 6.7 SLES11} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dnfs$; d:$rc_dirs -> ^S\d\dnfslock$; # 6.8 Remove DNS Server (Not Scored) # TODO # 6.9 Remove FTP Server (Not Scored) [CIS - SLES11 - 6.9 - VSFTP enabled on xinetd {CIS: 6.9 SLES11} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/vsftpd -> !r:^# && r:disable && r:no; # 6.10 Remove HTTP Server (Not Scored) [CIS - SLES11 - 6.10 - Disable standard boot services - Apache web server Enabled {CIS: 6.10 SLES11}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dapache2$; # 6.11 Remove Dovecot (IMAP and POP3 services) (Not Scored) [CIS - SLES11 - 6.11 - imap enabled on xinetd {CIS: 6.11 SLES11} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/cyrus-imapd -> !r:^# && r:disable && r:no; [CIS - SLES11 - 6.11 - pop3 enabled on xinetd {CIS: 6.11 SLES11} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/xinetd.d/dovecot -> !r:^# && r:disable && r:no; # 6.12 Remove Samba (Not Scored) [CIS - SLES11 - 6.12 - Disable standard boot services - Samba Enabled {CIS: 6.12 SLES11} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dsamba$; d:$rc_dirs -> ^S\d\dsmb$; # 6.13 Remove HTTP Proxy Server (Not Scored) [CIS - SLES11 - 6.13 - Disable standard boot services - Squid Enabled {CIS: 6.13 SLES11} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dsquid$; # 6.14 Remove SNMP Server (Not Scored) [CIS - SLES11 - 6.14 - Disable standard boot services - SNMPD process Enabled {CIS: 6.14 SLES11} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dsnmpd$; # 6.15 Configure Mail Transfer Agent for Local-Only Mode (Scored) # TODO # 6.16 Ensure rsync service is not enabled (Scored) [CIS - SLES11 - 6.16 - Disable standard boot services - rsyncd process Enabled {CIS: 6.16 SLES11} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\drsyncd$; # 6.17 Ensure Biosdevname is not enabled (Scored) # TODO ############################################### # 7 Network Configuration and Firewalls ############################################### ############################################### # 7.1 Modify Network Parameters (Host Only) ############################################### # 7.1.1 Disable IP Forwarding (Scored) [CIS - SLES11 - 7.1.1 - Network parameters - IP Forwarding enabled {CIS: 7.1.1 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/ip_forward -> 1; f:/proc/sys/net/ipv6/ip_forward -> 1; # 7.1.2 Disable Send Packet Redirects (Scored) [CIS - SLES11 - 7.1.2 - Network parameters - IP send redirects enabled {CIS: 7.1.2 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/send_redirects -> 0; f:/proc/sys/net/ipv4/conf/default/send_redirects -> 0; ############################################### # 7.2 Modify Network Parameters (Host and Router) ############################################### # 7.2.1 Disable Source Routed Packet Acceptance (Scored) [CIS - SLES11 - 7.2.1 - Network parameters - Source routing accepted {CIS: 7.2.1 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/accept_source_route -> 1; # 7.2.2 Disable ICMP Redirect Acceptance (Scored) [CIS - SLES11 - 7.2.2 - Network parameters - ICMP redirects accepted {CIS: 7.2.2 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/accept_redirects -> 1; f:/proc/sys/net/ipv4/conf/default/accept_redirects -> 1; # 7.2.3 Disable Secure ICMP Redirect Acceptance (Scored) [CIS - SLES11 - 7.2.3 - Network parameters - ICMP secure redirects accepted {CIS: 7.2.3 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/secure_redirects -> 1; f:/proc/sys/net/ipv4/conf/default/secure_redirects -> 1; # 7.2.4 Log Suspicious Packets (Scored) [CIS - SLES11 - 7.2.4 - Network parameters - martians not logged {CIS: 7.2.4 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/log_martians -> 0; # 7.2.5 Enable Ignore Broadcast Requests (Scored) [CIS - SLES11 - 7.2.5 - Network parameters - ICMP broadcasts accepted {CIS: 7.2.5 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts -> 0; # 7.2.6 Enable Bad Error Message Protection (Scored) [CIS - SLES11 - 7.2.6 - Network parameters - Bad error message protection not enabled {CIS: 7.2.6 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses -> 0; # 7.2.7 Enable RFC-recommended Source Route Validation (Scored) [CIS - SLES11 - 7.2.7 - Network parameters - RFC Source route validation not enabled {CIS: 7.2.7 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/conf/all/rp_filter -> 0; f:/proc/sys/net/ipv4/conf/default/rp_filter -> 0; # 7.2.8 Enable TCP SYN Cookies (Scored) [CIS - SLES11 - 7.2.8 - Network parameters - SYN Cookies not enabled {CIS: 7.2.8 SLES11} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/proc/sys/net/ipv4/tcp_syncookies -> 0; ############################################### # 7.3 Configure IPv6 ############################################### # 7.3.1 Disable IPv6 Router Advertisements (Not Scored) # 7.3.2 Disable IPv6 Redirect Acceptance (Not Scored) # 7.3.3 Disable IPv6 (Not Scored) ############################################### # 7.4 Install TCP Wrappers ############################################### # 7.4.1 Install TCP Wrappers (Not Scored) # 7.4.2 Create /etc/hosts.allow (Not Scored) # 7.4.3 Verify Permissions on /etc/hosts.allow (Scored) # TODO # 7.4.4 Create /etc/hosts.deny (Not Scored) # 7.5.5 Verify Permissions on /etc/hosts.deny (Scored) # TODO ############################################### # 7.5 Uncommon Network Protocols ############################################### # 7.5.1 Disable DCCP (Not Scored) # 7.5.2 Disable SCTP (Not Scored) # 7.5.3 Disable RDS (Not Scored) # 7.5.4 Disable TIPC (Not Scored) # 7.6 Deactivate Wireless Interfaces (Not Scored) # 7.7 Enable SuSEfirewall2 (Scored) # 7.8 Limit access to trusted networks (Not Scored) ############################################### # 8 Logging and Auditing ############################################### ############################################### # 8.1 Configure System Accounting (auditd) ############################################### ############################################### # 8.1.1 Configure Data Retention ############################################### # 8.1.1.1 Configure Audit Log Storage Size (Not Scored) # 8.1.1.2 Disable System on Audit Log Full (Not Scored) # 8.1.1.3 Keep All Auditing Information (Scored) # 8.1.2 Enable auditd Service (Scored) # 8.1.3 Enable Auditing for Processes That Start Prior to auditd (Scored) # 8.1.4 Record Events That Modify Date and Time Information (Scored) # 8.1.5 Record Events That Modify User/Group Information (Scored) # 8.1.6 Record Events That Modify the System’s Network Environment (Scored) # 8.1.7 Record Events That Modify the System’s Mandatory Access Controls (Scored) # 8.1.8 Collect Login and Logout Events (Scored) # 8.1.9 Collect Session Initiation Information (Scored) # 8.1.10 Collect Discretionary Access Control Permission Modification Events (Scored) # 8.1.11 Collect Unsuccessful Unauthorized Access Attempts to Files (Scored) # 8.1.12 Collect Use of Privileged Commands (Scored) # 8.1.13 Collect Successful File System Mounts (Scored) # 8.1.14 Collect File Deletion Events by User (Scored) # 8.1.15 Collect Changes to System Administration Scope (sudoers) (Scored) # 8.1.16 Collect System Administrator Actions (sudolog) (Scored) # 8.1.17 Collect Kernel Module Loading and Unloading (Scored) # 8.1.18 Make the Audit Configuration Immutable (Scored) ############################################### # 8.2 Configure rsyslog ############################################### # 8.2.1 Install the rsyslog package (Scored) # TODO # 8.2.2 Activate the rsyslog Service (Scored) # TODO # 8.2.3 Configure /etc/rsyslog.conf (Not Scored) # 8.2.4 Create and Set Permissions on rsyslog Log Files (Scored) # 8.2.5 Configure rsyslog to Send Logs to a Remote Log Host (Scored) # 8.2.6 Accept Remote rsyslog Messages Only on Designated Log Hosts (Not Scored) ############################################### # 8.3 Advanced Intrusion Detection Environment (AIDE) ############################################### # 8.3.1 Install AIDE (Scored) # 8.3.2 Implement Periodic Execution of File Integrity (Scored) # 8.4 Configure logrotate (Not Scored) ############################################### # 9 System Access, Authentication and Authorization ############################################### ############################################### # 9.1 Configure cron and anacron ############################################### # 9.1.1 Enable cron Daemon (Scored) # 9.1.2 Set User/Group Owner and Permission on /etc/crontab (Scored) # 9.1.3 Set User/Group Owner and Permission on /etc/cron.hourly (Scored) # 9.1.4 Set User/Group Owner and Permission on /etc/cron.daily (Scored) # 9.1.5 Set User/Group Owner and Permission on /etc/cron.weekly (Scored) # 9.1.6 Set User/Group Owner and Permission on /etc/cron.monthly (Scored) # 9.1.7 Set User/Group Owner and Permission on /etc/cron.d (Scored) # 9.1.8 Restrict at/cron to Authorized Users (Scored) ############################################### # 9.2 Configure SSH ############################################### # 9.2.1 Set SSH Protocol to 2 (Scored) [CIS - SLES11 - 9.2.1 - SSH Configuration - Protocol version 1 enabled {CIS: 9.2.1 SLES11} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:Protocol\.+1; # 9.2.2 Set LogLevel to INFO (Scored) [CIS - SLES11 - 9.2.1 - SSH Configuration - Loglevel not INFO {CIS: 9.2.1 SLES11} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && !r:LogLevel\.+INFO; # 9.2.3 Set Permissions on /etc/ssh/sshd_config (Scored) # TODO # 9.2.4 Disable SSH X11 Forwarding (Scored) # TODO # 9.2.5 Set SSH MaxAuthTries to 4 or Less (Scored) [ CIS - SLES11 - 9.2.5 - SSH Configuration - Set SSH MaxAuthTries to 4 or Less {CIS - SLES11 - 9.2.5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:$sshd_file -> !r:^\s*MaxAuthTries\s+4\s*$; # 9.2.6 Set SSH IgnoreRhosts to Yes (Scored) [CIS - SLES11 - 9.2.6 - SSH Configuration - IgnoreRHosts disabled {CIS: 9.2.6 SLES11} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:IgnoreRhosts\.+no; # 9.2.7 Set SSH HostbasedAuthentication to No (Scored) [CIS - SLES11 - 9.2.7 - SSH Configuration - Host based authentication enabled {CIS: 9.2.7 SLES11} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:HostbasedAuthentication\.+yes; # 9.2.8 Disable SSH Root Login (Scored) [CIS - SLES11 - 9.2.8 - SSH Configuration - Root login allowed {CIS: 9.2.8 SLES11} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:$sshd_file -> !r:^\s*PermitRootLogin\.+no; # 9.2.9 Set SSH PermitEmptyPasswords to No (Scored) [CIS - SLES11 - 9.2.9 - SSH Configuration - Empty passwords permitted {CIS: 9.2.9 SLES11} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:$sshd_file -> !r:^\s*PermitEmptyPasswords\.+no; # 9.2.10 Do Not Allow Users to Set Environment Options (Scored) # 9.2.11 Use Only Approved Ciphers in Counter Mode (Scored) # 9.2.12 Set Idle Timeout Interval for User Login (Not Scored) # 9.2.13 Limit Access via SSH (Scored) # 9.2.14 Set SSH Banner (Scored) ############################################### # 9.3 Configure PAM ############################################### # 9.3.1 Set Password Creation Requirement Parameters Using pam_cracklib (Scored) # 9.3.2 Set Lockout for Failed Password Attempts (Not Scored) # 9.3.3 Limit Password Reuse (Scored) # 9.4 Restrict root Login to System Console (Not Scored) # 9.5 Restrict Access to the su Command (Scored) ############################################### # 10 User Accounts and Environment ############################################### ############################################### # 10.1 Set Shadow Password Suite Parameters (/etc/login.defs) ############################################### # 10.1.1 Set Password Expiration Days (Scored) # 10.1.2 Set Password Change Minimum Number of Days (Scored) # 10.1.3 Set Password Expiring Warning Days (Scored) # 10.2 Disable System Accounts (Scored) # 10.3 Set Default Group for root Account (Scored) # 10.4 Set Default umask for Users (Scored) # 10.5 Lock Inactive User Accounts (Scored) ############################################### # 11 Warning Banners ############################################### # 11.1 Set Warning Banner for Standard Login Services (Scored) # 11.2 Remove OS Information from Login Warning Banners (Scored) # 11.3 Set Graphical Warning Banner (Not Scored) ############################################### # 12 Verify System File Permissions ############################################### # 12.1 Verify System File Permissions (Not Scored) # 12.2 Verify Permissions on /etc/passwd (Scored) # 12.3 Verify Permissions on /etc/shadow (Scored) # 12.4 Verify Permissions on /etc/group (Scored) # 12.5 Verify User/Group Ownership on /etc/passwd (Scored) # 12.6 Verify User/Group Ownership on /etc/shadow (Scored) # 12.7 Verify User/Group Ownership on /etc/group (Scored) # 12.8 Find World Writable Files (Not Scored) # 12.9 Find Un-owned Files and Directories (Scored) # 12.10 Find Un-grouped Files and Directories (Scored) # 12.11 Find SUID System Executables (Not Scored) # 12.12 Find SGID System Executables (Not Scored) ############################################### # 13 Review User and Group Settings ############################################### # 13.1 Ensure Password Fields are Not Empty (Scored) # 13.2 Verify No Legacy "+" Entries Exist in /etc/passwd File (Scored) # 13.3 Verify No Legacy "+" Entries Exist in /etc/shadow File (Scored) # 13.4 Verify No Legacy "+" Entries Exist in /etc/group File (Scored) # 13.5 Verify No UID 0 Accounts Exist Other Than root (Scored) [CIS - SLES11 - 13.5 - Non-root account with uid 0 {CIS: 13.5 SLES11} {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/passwd -> !r:^# && !r:^root: && r:^\w+:\w+:0:; # 13.6 Ensure root PATH Integrity (Scored) # 13.7 Check Permissions on User Home Directories (Scored) # 13.8 Check User Dot File Permissions (Scored) # 13.9 Check Permissions on User .netrc Files (Scored) # 13.10 Check for Presence of User .rhosts Files (Scored) # 13.11 Check Groups in /etc/passwd (Scored) # 13.12 Check That Users Are Assigned Valid Home Directories (Scored) # 13.13 Check User Home Directory Ownership (Scored) # 13.14 Check for Duplicate UIDs (Scored) # 13.15 Check for Duplicate GIDs (Scored) # 13.16 Check for Duplicate User Names (Scored) # 13.17 Check for Duplicate Group Names (Scored) # 13.18 Check for Presence of User .netrc Files (Scored) # 13.19 Check for Presence of User .forward Files (Scored) # 13.20 Ensure shadow group is empty (Scored) # Other/Legacy Tests [CIS - SLES11 - X.X.X - Account with empty password present {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/shadow -> r:^\w+::; [CIS - SLES11 - X.X.X - User-mounted removable partition allowed on the console] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] f:/etc/security/console.perms -> r:^ \d+ ; f:/etc/security/console.perms -> r:^ \d+ ; [CIS - SLES11 - X.X.X - Disable standard boot services - Kudzu hardware detection Enabled] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dkudzu$; [CIS - SLES11 - X.X.X - Disable standard boot services - PostgreSQL server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dpostgresql$; [CIS - SLES11 - X.X.X - Disable standard boot services - MySQL server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dmysqld$; [CIS - SLES11 - X.X.X - Disable standard boot services - DNS server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dnamed$; [CIS - SLES11 - X.X.X - Disable standard boot services - NetFS Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_11_Benchmark_v1.1.0.pdf] d:$rc_dirs -> ^S\d\dnetfs$; !35081 cis_sles12_linux_rcl.txt # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2014 # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://www.gnu.org/licenses/gpl.html # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - p (process running) # - d (any file inside the directory) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for SUSE SLES 12 # Based on CIS Benchmark for SUSE Linux Enterprise Server 12 v1.0.0 # RC scripts location $rc_dirs=/etc/rc.d/rc2.d,/etc/rc.d/rc3.d,/etc/rc.d/rc4.d,/etc/rc.d/rc5.d; [CIS - Testing against the CIS SUSE Linux Enterprise Server 12 Benchmark v1.0.0] [any required] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/os-release -> r:^PRETTY_NAME="SUSE Linux Enterprise Server 12"; f:/etc/os-release -> r:^PRETTY_NAME="SUSE Linux Enterprise Server 12 SP1"; f:/etc/os-release -> r:^PRETTY_NAME="SUSE Linux Enterprise Server 12 SP2"; f:/etc/os-release -> r:^PRETTY_NAME="SUSE Linux Enterprise Server 12 SP3"; f:/etc/os-release -> r:^PRETTY_NAME="SUSE Linux Enterprise Server 12 SP4"; # 2.1 /tmp: partition [CIS - SLES12 - 2.1 - Build considerations - Robust partition scheme - /tmp is not on its own partition {CIS: 2.2 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> !r:/tmp; # 2.2 /tmp: nodev [CIS - SLES12 - 2.2 - Partition /tmp without 'nodev' set {CIS: 2.2 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nodev; # 2.3 /tmp: nosuid [CIS - SLES12 - 2.3 - Partition /tmp without 'nosuid' set {CIS: 2.3 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nosuid; # 2.4 /tmp: noexec [CIS - SLES12 - 2.4 - Partition /tmp without 'noexec' set {CIS: 2.4 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> !r:^# && r:/tmp && !r:nodev; # 2.5 Build considerations - Partition scheme. [CIS - SLES12 - Build considerations - Robust partition scheme - /var is not on its own partition {CIS: 2.5 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> !r^# && !r:/var; # 2.6 bind mount /var/tmp to /tmp [CIS - SLES12 - Build considerations - Robust partition scheme - /var/tmp is bound to /tmp {CIS: 2.6 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> r:^# && !r:/var/tmp && !r:bind; # 2.7 /var/log: partition [CIS - SLES12 - Build considerations - Robust partition scheme - /var/log is not on its own partition {CIS: 2.7 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> ^# && !r:/var/log; # 2.8 /var/log/audit: partition [CIS - SLES12 - Build considerations - Robust partition scheme - /var/log/audit is not on its own partition {CIS: 2.8 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> ^# && !r:/var/log/audit; # 2.9 /home: partition [CIS - SLES12 - Build considerations - Robust partition scheme - /home is not on its own partition {CIS: 2.9 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> ^# && !r:/home; # 2.10 /home: nodev [CIS - SLES12 - 2.10 - Partition /home without 'nodev' set {CIS: 2.10 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> !r:^# && r:/home && !r:nodev; # 2.11 nodev on removable media partitions (not scored) [CIS - SLES12 - 2.11 - Removable partition /media without 'nodev' set {CIS: 2.11 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nodev; # 2.12 noexec on removable media partitions (not scored) [CIS - SLES12 - 2.12 - Removable partition /media without 'noexec' set {CIS: 2.12 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:noexec; # 2.13 nosuid on removable media partitions (not scored) [CIS - SLES12 - 2.13 - Removable partition /media without 'nosuid' set {CIS: 2.13 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> !r:^# && r:/media && !r:nosuid; # 2.14 /dev/shm: nodev [CIS - SLES12 - 2.14 - /dev/shm without 'nodev' set {CIS: 2.14 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:nodev; # 2.15 /dev/shm: nosuid [CIS - SLES12 - 2.15 - /dev/shm without 'nosuid' set {CIS: 2.15 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:nosuid; # 2.16 /dev/shm: noexec [CIS - SLES12 - 2.16 - /dev/shm without 'noexec' set {CIS: 2.16 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/fstab -> !r:^# && r:/dev/shm && !r:noexec; # 2.17 sticky bit on world writable directories (Scored) # TODO # 2.18 disable cramfs (not scored) # 2.19 disable freevxfs (not scored) # 2.20 disable jffs2 (not scored) # 2.21 disable hfs (not scored) # 2.22 disable hfsplus (not scored) # 2.23 disable squashfs (not scored) # 2.24 disable udf (not scored) # 2.25 disable automounting (Scored) # TODO ############################################### # 3 Secure Boot Settings ############################################### # 3.1 Set User/Group Owner on /etc/grub.conf # TODO (no mode tests) # stat -L -c "%u %g" /boot/grub2/grub.cfg | egrep "0 0" # 3.2 Set Permissions on /etc/grub.conf (Scored) # TODO (no mode tests) # stat -L -c "%a" /boot/grub2/grub.cfg | egrep ".00" # 3.3 Set Boot Loader Password (Scored) [CIS - SLES12 - 3.3 - GRUB Password not set {CIS: 3.3 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/boot/grub2/grub.cfg -> !r:^# && !r:password; ############################################### # 4 Additional Process Hardening ############################################### # 4.1 Restrict Core Dumps (Scored) [CIS - SLES12 - 4.1 - Interactive Boot not disabled {CIS: 4.1 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/security/limits.conf -> !r:^# && !r:hard\.+core\.+0; # 4.2 Enable XD/NX Support on 32-bit x86 Systems (Not Scored) # TODO # 4.3 Enable Randomized Virtual Memory Region Placement (Scored) [CIS - SLES12 - 4.3 - Randomized Virtual Memory Region Placement not enabled {CIS: 4.3 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/proc/sys/kernel/randomize_va_space -> 2; # 4.4 Disable Prelink (Scored) # TODO # 4.5 Activate AppArmor (Scored) # TODO ############################################### # 5 OS Services ############################################### ############################################### # 5.1 Remove Legacy Services ############################################### # 5.1.1 Remove NIS Server (Scored) [CIS - SLES12 - 5.1.1 - Disable standard boot services - NIS (server) Enabled {CIS: 5.1.1 SLES12} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\dypserv$; f:/usr/lib/systemd/system/ypserv.service -> r:Exec; # 5.1.2 Remove NIS Client (Scored) [CIS - SLES12 - 5.1.2 - Disable standard boot services - NIS (client) Enabled {CIS: 51.2 SLES12} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\dypbind$; f:/usr/lib/systemd/system/ypbind.service -> r:Exec; # 5.1.3 Remove rsh-server (Scored) [CIS - SLES12 - 5.1.3 - rsh/rlogin/rcp enabled on xinetd {CIS: 5.1.3 SLES12} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/rlogin -> !r:^# && r:disable && r:no; f:/etc/xinetd.d/rsh -> !r:^# && r:disable && r:no; f:/etc/xinetd.d/shell -> !r:^# && r:disable && r:no; # TODO (finish this) f:/usr/lib/systemd/system/rexec@.service -> r:ExecStart; f:/usr/lib/systemd/system/rlogin@.service -> r:ExecStart; f:/usr/lib/systemd/system/rsh@.service -> r:ExecStart; # 5.1.4 Remove rsh client (Scored) # TODO # 5.1.5 Remove talk-server (Scored) [CIS - SLES12 - 5.1.5 - talk enabled on xinetd {CIS: 5.1.5 SLES12} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/talk -> !r:^# && r:disable && r:no; f:/usr/lib/systemd/system/ntalk.service -> r:Exec; # 5.1.6 Remove talk client (Scored) # TODO # 5.1.7 Remove telnet-server (Scored) # TODO: detect it is installed at all [CIS - SLES12 - 5.1.7 - Telnet enabled on xinetd {CIS: 5.1.7 SLES12} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/telnet -> !r:^# && r:disable && r:no; f:/usr/lib/systemd/system/telnet@.service -> r:ExecStart=-/usr/sbin/in.telnetd; # 5.1.8 Remove tftp-server (Scored) [CIS - SLES12 - 5.1.8 - tftpd enabled on xinetd {CIS: 5.1.8 SLES12} {PCI_DSS: 2.2.3}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/tftpd -> !r:^# && r:disable && r:no; f:/usr/lib/systemd/system/tftp.service -> r:Exec; # 5.1.9 Remove xinetd (Scored) [CIS - SLES12 - 5.1.9 - xinetd detected {CIS: 5.1.9 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/usr/lib/systemd/system/xinetd.service -> r:Exec; # 5.2 Disable chargen-udp (Scored) [CIS - SLES12 - 5.2 - chargen-udp enabled on xinetd {CIS: 5.2 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/chargen-udp -> !r:^# && r:disable && r:no; # 5.3 Disable chargen (Scored) [CIS - SLES12 - 5.3 - chargen enabled on xinetd {CIS: 5.3 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/chargen -> !r:^# && r:disable && r:no; # 5.4 Disable daytime-udp (Scored) [CIS - SLES12 - 5.4 - daytime-udp enabled on xinetd {CIS: 5.4 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/daytime-udp -> !r:^# && r:disable && r:no; # 5.5 Disable daytime (Scored) [CIS - SLES12 - 5.5 - daytime enabled on xinetd {CIS: 5.5 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/daytime -> !r:^# && r:disable && r:no; # 5.6 Disable echo-udp (Scored) [CIS - SLES12 - 5.6 - echo-udp enabled on xinetd {CIS: 5.6 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/echo-udp -> !r:^# && r:disable && r:no; # 5.7 Disable echo (Scored) [CIS - SLES12 - 5.7 - echo enabled on xinetd {CIS: 5.7 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/echo -> !r:^# && r:disable && r:no; # 5.8 Disable discard-udp (Scored) [CIS - SLES12 - 5.8 - discard-udp enabled on xinetd {CIS: 5.8 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/discard-udp -> !r:^# && r:disable && r:no; # 5.9 Disable discard (Scored) [CIS - SLES12 - 5.9 - discard enabled on xinetd {CIS: 5.9 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/discard -> !r:^# && r:disable && r:no; # 5.10 Disable time-udp (Scored) [CIS - SLES12 - 5.10 - time-udp enabled on xinetd {CIS: 5.10 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/time-udp -> !r:^# && r:disable && r:no; # 5.11 Disable time (Scored) [CIS - SLES12 - 5.11 - time enabled on xinetd {CIS: 5.11 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/time -> !r:^# && r:disable && r:no; ############################################### # 6 Special Purpose Services ############################################### # 6.1 Remove X Windows (Scored) [CIS - SLES12 - 6.1 - X11 not disabled {CIS: 6.1 SLES12} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/usr/lib/systemd/system/default.target -> r:Graphical; p:gdm-x-session; # 6.2 Disable Avahi Server (Scored) [CIS - SLES12 - 6.2 - Avahi daemon not disabled {CIS: 6.2 SLES12} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] p:avahi-daemon; # 6.3 Disable Print Server - CUPS (Not Scored) #TODO # 6.4 Remove DHCP Server (Scored) [CIS - SLES12 - 6.4 - DHCPnot disabled {CIS: 6.4 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/usr/lib/systemd/system/dhcpd.service -> r:Exec; # 6.5 Configure Network Time Protocol (NTP) (Scored) #TODO Chrony [CIS - SLES12 - 6.5 - NTPD not Configured {CIS: 6.5 SLES12} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/ntp.conf -> r:restrict default kod nomodify notrap nopeer noquery && r:^server; f:/etc/sysconfig/ntpd -> r:OPTIONS="-u ntp:ntp -p /var/run/ntpd.pid"; # 6.6 Remove LDAP (Not Scored) #TODO # 6.7 Disable NFS and RPC (Not Scored) [CIS - SLES12 - 6.7 - Disable standard boot services - NFS Enabled {CIS: 6.7 SLES12} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\dnfs$; d:$rc_dirs -> ^S\d\dnfslock$; # 6.8 Remove DNS Server (Not Scored) # TODO # 6.9 Remove FTP Server (Not Scored) [CIS - SLES12 - 6.9 - VSFTP enabled on xinetd {CIS: 6.9 SLES12} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/vsftpd -> !r:^# && r:disable && r:no; # 6.10 Remove HTTP Server (Not Scored) [CIS - SLES12 - 6.10 - Disable standard boot services - Apache web server Enabled {CIS: 6.10 SLES12}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\dapache2$; # 6.11 Remove Dovecot (IMAP and POP3 services) (Not Scored) [CIS - SLES12 - 6.11 - imap enabled on xinetd {CIS: 6.11 SLES12} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/cyrus-imapd -> !r:^# && r:disable && r:no; [CIS - SLES12 - 6.11 - pop3 enabled on xinetd {CIS: 6.11 SLES12} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/xinetd.d/dovecot -> !r:^# && r:disable && r:no; # 6.12 Remove Samba (Not Scored) [CIS - SLES12 - 6.12 - Disable standard boot services - Samba Enabled {CIS: 6.12 SLES12} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\dsamba$; d:$rc_dirs -> ^S\d\dsmb$; # 6.13 Remove HTTP Proxy Server (Not Scored) [CIS - SLES12 - 6.13 - Disable standard boot services - Squid Enabled {CIS: 6.13 SLES12} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\dsquid$; # 6.14 Remove SNMP Server (Not Scored) [CIS - SLES12 - 6.14 - Disable standard boot services - SNMPD process Enabled {CIS: 6.14 SLES12} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\dsnmpd$; # 6.15 Configure Mail Transfer Agent for Local-Only Mode (Scored) # TODO # 6.16 Ensure rsync service is not enabled (Scored) [CIS - SLES12 - 6.16 - Disable standard boot services - rsyncd process Enabled {CIS: 6.16 SLES12} {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\drsyncd$; # 6.17 Ensure Biosdevname is not enabled (Scored) # TODO ############################################### # 7 Network Configuration and Firewalls ############################################### ############################################### # 7.1 Modify Network Parameters (Host Only) ############################################### # 7.1.1 Disable IP Forwarding (Scored) [CIS - SLES12 - 7.1.1 - Network parameters - IP Forwarding enabled {CIS: 7.1.1 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/proc/sys/net/ipv4/ip_forward -> 1; f:/proc/sys/net/ipv6/ip_forward -> 1; # 7.1.2 Disable Send Packet Redirects (Scored) [CIS - SLES12 - 7.1.2 - Network parameters - IP send redirects enabled {CIS: 7.1.2 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/proc/sys/net/ipv4/conf/all/send_redirects -> 0; f:/proc/sys/net/ipv4/conf/default/send_redirects -> 0; ############################################### # 7.2 Modify Network Parameters (Host and Router) ############################################### # 7.2.1 Disable Source Routed Packet Acceptance (Scored) [CIS - SLES12 - 7.2.1 - Network parameters - Source routing accepted {CIS: 7.2.1 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/proc/sys/net/ipv4/conf/all/accept_source_route -> 1; # 7.2.2 Disable ICMP Redirect Acceptance (Scored) [CIS - SLES12 - 7.2.2 - Network parameters - ICMP redirects accepted {CIS: 7.2.2 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/proc/sys/net/ipv4/conf/all/accept_redirects -> 1; f:/proc/sys/net/ipv4/conf/default/accept_redirects -> 1; # 7.2.3 Disable Secure ICMP Redirect Acceptance (Scored) [CIS - SLES12 - 7.2.3 - Network parameters - ICMP secure redirects accepted {CIS: 7.2.3 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/proc/sys/net/ipv4/conf/all/secure_redirects -> 1; f:/proc/sys/net/ipv4/conf/default/secure_redirects -> 1; # 7.2.4 Log Suspicious Packets (Scored) [CIS - SLES12 - 7.2.4 - Network parameters - martians not logged {CIS: 7.2.4 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/proc/sys/net/ipv4/conf/all/log_martians -> 0; # 7.2.5 Enable Ignore Broadcast Requests (Scored) [CIS - SLES12 - 7.2.5 - Network parameters - ICMP broadcasts accepted {CIS: 7.2.5 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts -> 0; # 7.2.6 Enable Bad Error Message Protection (Scored) [CIS - SLES12 - 7.2.6 - Network parameters - Bad error message protection not enabled {CIS: 7.2.6 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses -> 0; # 7.2.7 Enable RFC-recommended Source Route Validation (Scored) [CIS - SLES12 - 7.2.7 - Network parameters - RFC Source route validation not enabled {CIS: 7.2.7 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/proc/sys/net/ipv4/conf/all/rp_filter -> 0; f:/proc/sys/net/ipv4/conf/default/rp_filter -> 0; # 7.2.8 Enable TCP SYN Cookies (Scored) [CIS - SLES12 - 7.2.8 - Network parameters - SYN Cookies not enabled {CIS: 7.2.8 SLES12} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/proc/sys/net/ipv4/tcp_syncookies -> 0; ############################################### # 7.3 Configure IPv6 ############################################### # 7.3.1 Disable IPv6 Router Advertisements (Not Scored) # 7.3.2 Disable IPv6 Redirect Acceptance (Not Scored) # 7.3.3 Disable IPv6 (Not Scored) ############################################### # 7.4 Install TCP Wrappers ############################################### # 7.4.1 Install TCP Wrappers (Not Scored) # 7.4.2 Create /etc/hosts.allow (Not Scored) # 7.4.3 Verify Permissions on /etc/hosts.allow (Scored) # TODO # 7.4.4 Create /etc/hosts.deny (Not Scored) # 7.5.5 Verify Permissions on /etc/hosts.deny (Scored) # TODO ############################################### # 7.5 Uncommon Network Protocols ############################################### # 7.5.1 Disable DCCP (Not Scored) # 7.5.2 Disable SCTP (Not Scored) # 7.5.3 Disable RDS (Not Scored) # 7.5.4 Disable TIPC (Not Scored) # 7.6 Deactivate Wireless Interfaces (Not Scored) # 7.7 Enable SuSEfirewall2 (Scored) # 7.8 Limit access to trusted networks (Not Scored) ############################################### # 8 Logging and Auditing ############################################### ############################################### # 8.1 Configure System Accounting (auditd) ############################################### ############################################### # 8.1.1 Configure Data Retention ############################################### # 8.1.1.1 Configure Audit Log Storage Size (Not Scored) # 8.1.1.2 Disable System on Audit Log Full (Not Scored) # 8.1.1.3 Keep All Auditing Information (Scored) # 8.1.2 Enable auditd Service (Scored) # 8.1.3 Enable Auditing for Processes That Start Prior to auditd (Scored) # 8.1.4 Record Events That Modify Date and Time Information (Scored) # 8.1.5 Record Events That Modify User/Group Information (Scored) # 8.1.6 Record Events That Modify the System’s Network Environment (Scored) # 8.1.7 Record Events That Modify the System’s Mandatory Access Controls (Scored) # 8.1.8 Collect Login and Logout Events (Scored) # 8.1.9 Collect Session Initiation Information (Scored) # 8.1.10 Collect Discretionary Access Control Permission Modification Events (Scored) # 8.1.11 Collect Unsuccessful Unauthorized Access Attempts to Files (Scored) # 8.1.12 Collect Use of Privileged Commands (Scored) # 8.1.13 Collect Successful File System Mounts (Scored) # 8.1.14 Collect File Deletion Events by User (Scored) # 8.1.15 Collect Changes to System Administration Scope (sudoers) (Scored) # 8.1.16 Collect System Administrator Actions (sudolog) (Scored) # 8.1.17 Collect Kernel Module Loading and Unloading (Scored) # 8.1.18 Make the Audit Configuration Immutable (Scored) ############################################### # 8.2 Configure rsyslog ############################################### # 8.2.1 Install the rsyslog package (Scored) # TODO # 8.2.2 Activate the rsyslog Service (Scored) # TODO # 8.2.3 Configure /etc/rsyslog.conf (Not Scored) # 8.2.4 Create and Set Permissions on rsyslog Log Files (Scored) # 8.2.5 Configure rsyslog to Send Logs to a Remote Log Host (Scored) # 8.2.6 Accept Remote rsyslog Messages Only on Designated Log Hosts (Not Scored) ############################################### # 8.3 Advanced Intrusion Detection Environment (AIDE) ############################################### # 8.3.1 Install AIDE (Scored) # 8.3.2 Implement Periodic Execution of File Integrity (Scored) # 8.4 Configure logrotate (Not Scored) ############################################### # 9 System Access, Authentication and Authorization ############################################### ############################################### # 9.1 Configure cron and anacron ############################################### # 9.1.1 Enable cron Daemon (Scored) # 9.1.2 Set User/Group Owner and Permission on /etc/crontab (Scored) # 9.1.3 Set User/Group Owner and Permission on /etc/cron.hourly (Scored) # 9.1.4 Set User/Group Owner and Permission on /etc/cron.daily (Scored) # 9.1.5 Set User/Group Owner and Permission on /etc/cron.weekly (Scored) # 9.1.6 Set User/Group Owner and Permission on /etc/cron.monthly (Scored) # 9.1.7 Set User/Group Owner and Permission on /etc/cron.d (Scored) # 9.1.8 Restrict at/cron to Authorized Users (Scored) ############################################### # 9.2 Configure SSH ############################################### # 9.2.1 Set SSH Protocol to 2 (Scored) [CIS - SLES12 - 9.2.1 - SSH Configuration - Protocol version 1 enabled {CIS: 9.2.1 SLES12} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:Protocol\.+1; # 9.2.2 Set LogLevel to INFO (Scored) [CIS - SLES12 - 9.2.1 - SSH Configuration - Loglevel not INFO {CIS: 9.2.1 SLES12} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && !r:LogLevel\.+INFO; # 9.2.3 Set Permissions on /etc/ssh/sshd_config (Scored) # TODO # 9.2.4 Disable SSH X11 Forwarding (Scored) # TODO # 9.2.5 Set SSH MaxAuthTries to 4 or Less (Scored) [ CIS - SLES12 - 9.2.5 - SSH Configuration - Set SSH MaxAuthTries to 4 or Less {CIS - SLES12 - 9.2.5} {PCI_DSS: 2.2.4}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:MaxAuthTries && !r:3\s*$; f:/etc/ssh/sshd_config -> r:^#\s*MaxAuthTries; f:/etc/ssh/sshd_config -> !r:MaxAuthTries; # 9.2.6 Set SSH IgnoreRhosts to Yes (Scored) [CIS - SLES12 - 9.2.6 - SSH Configuration - IgnoreRHosts disabled {CIS: 9.2.6 SLES12} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:IgnoreRhosts\.+no; # 9.2.7 Set SSH HostbasedAuthentication to No (Scored) [CIS - SLES12 - 9.2.7 - SSH Configuration - Host based authentication enabled {CIS: 9.2.7 SLES12} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:HostbasedAuthentication\.+yes; # 9.2.8 Disable SSH Root Login (Scored) [CIS - SLES12 - 9.2.8 - SSH Configuration - Root login allowed {CIS: 9.2.8 SLES12} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:PermitRootLogin\.+yes; f:/etc/ssh/sshd_config -> r:^#\s*PermitRootLogin; # 9.2.9 Set SSH PermitEmptyPasswords to No (Scored) [CIS - SLES12 - 9.2.9 - SSH Configuration - Empty passwords permitted {CIS: 9.2.9 SLES12} {PCI_DSS: 4.1}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/ssh/sshd_config -> !r:^# && r:^PermitEmptyPasswords\.+yes; f:/etc/ssh/sshd_config -> r:^#\s*PermitEmptyPasswords; # 9.2.10 Do Not Allow Users to Set Environment Options (Scored) # 9.2.11 Use Only Approved Ciphers in Counter Mode (Scored) # 9.2.12 Set Idle Timeout Interval for User Login (Not Scored) # 9.2.13 Limit Access via SSH (Scored) # 9.2.14 Set SSH Banner (Scored) ############################################### # 9.3 Configure PAM ############################################### # 9.3.1 Set Password Creation Requirement Parameters Using pam_cracklib (Scored) # 9.3.2 Set Lockout for Failed Password Attempts (Not Scored) # 9.3.3 Limit Password Reuse (Scored) # 9.4 Restrict root Login to System Console (Not Scored) # 9.5 Restrict Access to the su Command (Scored) ############################################### # 10 User Accounts and Environment ############################################### ############################################### # 10.1 Set Shadow Password Suite Parameters (/etc/login.defs) ############################################### # 10.1.1 Set Password Expiration Days (Scored) # 10.1.2 Set Password Change Minimum Number of Days (Scored) # 10.1.3 Set Password Expiring Warning Days (Scored) # 10.2 Disable System Accounts (Scored) # 10.3 Set Default Group for root Account (Scored) # 10.4 Set Default umask for Users (Scored) # 10.5 Lock Inactive User Accounts (Scored) ############################################### # 11 Warning Banners ############################################### # 11.1 Set Warning Banner for Standard Login Services (Scored) # 11.2 Remove OS Information from Login Warning Banners (Scored) # 11.3 Set Graphical Warning Banner (Not Scored) ############################################### # 12 Verify System File Permissions ############################################### # 12.1 Verify System File Permissions (Not Scored) # 12.2 Verify Permissions on /etc/passwd (Scored) # 12.3 Verify Permissions on /etc/shadow (Scored) # 12.4 Verify Permissions on /etc/group (Scored) # 12.5 Verify User/Group Ownership on /etc/passwd (Scored) # 12.6 Verify User/Group Ownership on /etc/shadow (Scored) # 12.7 Verify User/Group Ownership on /etc/group (Scored) # 12.8 Find World Writable Files (Not Scored) # 12.9 Find Un-owned Files and Directories (Scored) # 12.10 Find Un-grouped Files and Directories (Scored) # 12.11 Find SUID System Executables (Not Scored) # 12.12 Find SGID System Executables (Not Scored) ############################################### # 13 Review User and Group Settings ############################################### # 13.1 Ensure Password Fields are Not Empty (Scored) # 13.2 Verify No Legacy "+" Entries Exist in /etc/passwd File (Scored) # 13.3 Verify No Legacy "+" Entries Exist in /etc/shadow File (Scored) # 13.4 Verify No Legacy "+" Entries Exist in /etc/group File (Scored) # 13.5 Verify No UID 0 Accounts Exist Other Than root (Scored) [CIS - SLES12 - 13.5 - Non-root account with uid 0 {CIS: 13.5 SLES12} {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/passwd -> !r:^# && !r:^root: && r:^\w+:\w+:0:; # 13.6 Ensure root PATH Integrity (Scored) # 13.7 Check Permissions on User Home Directories (Scored) # 13.8 Check User Dot File Permissions (Scored) # 13.9 Check Permissions on User .netrc Files (Scored) # 13.10 Check for Presence of User .rhosts Files (Scored) # 13.11 Check Groups in /etc/passwd (Scored) # 13.12 Check That Users Are Assigned Valid Home Directories (Scored) # 13.13 Check User Home Directory Ownership (Scored) # 13.14 Check for Duplicate UIDs (Scored) # 13.15 Check for Duplicate GIDs (Scored) # 13.16 Check for Duplicate User Names (Scored) # 13.17 Check for Duplicate Group Names (Scored) # 13.18 Check for Presence of User .netrc Files (Scored) # 13.19 Check for Presence of User .forward Files (Scored) # 13.20 Ensure shadow group is empty (Scored) # Other/Legacy Tests [CIS - SLES12 - X.X.X - Account with empty password present {PCI_DSS: 10.2.5}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/shadow -> r:^\w+::; [CIS - SLES12 - X.X.X - User-mounted removable partition allowed on the console] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] f:/etc/security/console.perms -> r:^ \d+ ; f:/etc/security/console.perms -> r:^ \d+ ; [CIS - SLES12 - X.X.X - Disable standard boot services - Kudzu hardware detection Enabled] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\dkudzu$; [CIS - SLES12 - X.X.X - Disable standard boot services - PostgreSQL server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\dpostgresql$; [CIS - SLES12 - X.X.X - Disable standard boot services - MySQL server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\dmysqld$; [CIS - SLES12 - X.X.X - Disable standard boot services - DNS server Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\dnamed$; [CIS - SLES12 - X.X.X - Disable standard boot services - NetFS Enabled {PCI_DSS: 2.2.2}] [any] [https://benchmarks.cisecurity.org/tools2/linux/CIS_SUSE_Linux_Enterprise_Server_12_Benchmark_v1.0.0.pdf] d:$rc_dirs -> ^S\d\dnetfs$; !94877 cis_win2012r2_domainL1_rcl.txt # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2018 OSSEC Project # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://github.com/ossec/ossec-hids/blob/master/LICENSE # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - r (registry entry) # - p (process running) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceeded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for Windows Server 2012 R2 Domain Controller L1 # Based on Center for Internet Security Benchmark v2.2.1 for Microsoft Windows Server 2012 R2 (https://workbench.cisecurity.org/benchmarks/288) # # # #1.1.2 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0' [CIS - Microsoft Windows Server 2012 R2 - Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> 0; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> 3D; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> 3E; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> 3F; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:4\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:5\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:6\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:7\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:8\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:9\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:A\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:B\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:C\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:D\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:E\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:F\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:\w\w\w+; # # #2.3.1.2 Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts' [CIS - Microsoft Windows Server 2012 R2 - 2.3.1.2: Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> NoConnectedUser -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> NoConnectedUser -> 1; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !NoConnectedUser; # # #2.3.1.4 Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.1.4: Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> LimitBlankPasswordUse -> 0; # # #2.3.2.1 Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.2.1: Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> SCENoApplyLegacyAuditPolicy -> !1; # # #2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.2.2: Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> CrashOnAuditFail -> 1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> CrashOnAuditFail -> 2; # # #2.3.4.1 Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators' [CIS - Microsoft Windows Server 2012 R2 - 2.3.4.1: Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> AllocateDASD -> 1; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> AllocateDASD -> 2; # # #2.3.4.2 Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.4.2: Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers -> AddPrinterDrivers -> !1; # # #2.3.5.1 Ensure 'Domain controller: Allow server operators to schedule tasks' is set to 'Disabled' (DC only) [CIS - Microsoft Windows Server 2012 R2 - 2.3.5.1: Ensure 'Domain controller: Allow server operators to schedule tasks' is set to 'Disabled' (DC only)] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl -> !0; # # #2.3.5.2 Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' [CIS - Microsoft Windows Server 2012 R2 - 2.3.5.2: Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters -> LDAPServerIntegrity -> !2; # # #2.3.5.3 Ensure 'Domain controller: Refuse machine account password changes' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.5.3: Ensure 'Domain controller: Refuse machine account password changes' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> RefusePasswordChange -> 1; # # #2.3.6.1 Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.6.1: Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> RequireSignOrSeal -> 0; # # #2.3.6.2 Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.6.2: Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> SealSecureChannel -> 0; # # #2.3.6.3 Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.6.3: Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> SignSecureChannel -> 0; # # #2.3.6.4 Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.6.4: Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> DisablePasswordChange -> 1; # # #2.3.6.6 Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.6.6: Ensure 'Domain member: Require strong session key' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> RequireStrongKey -> 0; # # #2.3.7.1 Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.7.1: Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> DontDisplayLastUserName -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !DontDisplayLastUserName; # # #2.3.7.2 Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.7.2: Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> DisableCAD -> 1; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !DisableCAD; # # #2.3.7.3 Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' [CIS - Microsoft Windows Server 2012 R2 - 2.3.7.3: Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> 385; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> 386; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> 387; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> 388; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> 389; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:38\D; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:39\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:3\D\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:4\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:5\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:6\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:7\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:8\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:9\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:\D\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:\w\w\w\w+; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !InactivityTimeoutSecs; # # #2.3.7.7 Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' [CIS - Microsoft Windows Server 2012 R2 - 2.3.7.7: Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> 1; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> 2; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> 3; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> 4; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> 0F; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:1\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:2\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:3\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:4\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:5\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:6\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:7\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:8\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:9\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:\D\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:\w\w\w+; # # #2.3.7.9 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher [CIS - Microsoft Windows Server 2012 R2 - 2.3.7.9: Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> ScRemoveOption -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> !ScRemoveOption; # # #2.3.8.1 Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.8.1: Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters -> RequireSecuritySignature -> !1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters -> !RequireSecuritySignature; # # #2.3.8.2 Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.8.2: Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters -> EnableSecuritySignature -> !1; # # #2.3.8.3 Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.8.3: Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters -> EnablePlainTextPassword -> !0; # # #2.3.9.1 Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s), but not 0' [CIS - Microsoft Windows Server 2012 R2 - 2.3.9.1: Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s), but not 0'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> 0; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:1\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:2\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:3\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:4\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:5\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:6\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:7\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:8\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:9\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:\D\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:\w\w\w+; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> !AutoDisconnect; # # #2.3.9.2 Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.9.2: Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> RequireSecuritySignature -> !1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> !RequireSecuritySignature; # # #2.3.9.3 Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.9.3: Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> EnableSecuritySignature -> !1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> !EnableSecuritySignature; # # #2.3.9.4 Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.9.4: Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> EnableForcedLogOff -> !1; # # #2.3.10.5 Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.5: Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> EveryoneIncludesAnonymous -> 1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> EveryoneIncludesAnonymous -> 2; # # #2.3.10.6 Configure 'Network access: Named Pipes that can be accessed anonymously' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.6: Configure 'Network access: Named Pipes that can be accessed anonymously'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> NullSessionPipes -> !r:lsarpc|netlogon|samr; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> !NullSessionPipes; # # #2.3.10.7 Configure 'Network access: Remotely accessible registry paths' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.7: Configure 'Network access: Remotely accessible registry paths'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths -> Machine -> !r:System\\CurrentControlSet\\Control\\ProductOptions|System\\CurrentControlSet\\Control\\Server Applications|Software\\Microsoft\\Windows NT\\CurrentVersion; # # #2.3.10.8 Configure 'Network access: Remotely accessible registry paths and sub-paths' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.8: Configure 'Network access: Remotely accessible registry paths and sub-paths'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths -> Machine -> !r:Software\\Microsoft\\Windows NT\\CurrentVersion\\Print|Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows|System\\CurrentControlSet\\Control\\Print\\Printers|System\\CurrentControlSet\\Services\\Eventlog|Software\\Microsoft\\OLAP Server|System\\CurrentControlSet\\Control\\ContentIndex|System\\CurrentControlSet\\Control\\Terminal Server|System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig|System\\CurrentControlSet\\Control\\Terminal Server\\DefaultUserConfiguration|Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib|System\\CurrentControlSet\\Services\\SysmonLog|System\\CurrentControlSet\\Services\\CertSvc|System\\CurrentControlSet\\Services\\WINS; # # #2.3.10.9 Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.9: Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> RestrictNullSessAccess -> !1; # # #2.3.10.10 Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.10: Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> NullSessionShares -> r:\.+; # # #2.3.10.11 Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.11: Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> ForceGuest -> 1; # # #2.3.11.1 Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.1: Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> UseMachineId -> !1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> !UseMachineId; # # #2.3.11.2 Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.2: Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 -> allownullsessionfallback -> 1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 -> !allownullsessionfallback; # # #2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.3: Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\pku2u -> AllowOnlineID -> !0; # # #2.3.11.4 Ensure 'Network Security: Configure encryption types allowed for Kerberos' is set to 'RC4_HMAC_MD5, AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.4: Ensure 'Network Security: Configure encryption types allowed for Kerberos' is set to 'RC4_HMAC_MD5, AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters -> SupportedEncryptionTypes -> !2147483644; # # #2.3.11.5 Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.5: Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> NoLMHash -> 0; # # #2.3.11.6 Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.6: Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -> EnableForcedLogOff -> !1; # # #2.3.11.7 Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.7: Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> LmCompatibilityLevel -> 0; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> LmCompatibilityLevel -> 1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> LmCompatibilityLevel -> 2; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> LmCompatibilityLevel -> 3; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> LmCompatibilityLevel -> 4; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> !LmCompatibilityLevel; # # #2.3.11.8 Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LDAP -> LDAPClientIntegrity -> !1; # # #2.3.11.9 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.9: Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption''] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 -> NTLMMinClientSec -> !537395200; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 -> !NTLMMinClientSec; # # #2.3.11.10 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.10: Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 -> NTLMMinServerSec -> !537395200; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 -> !NTLMMinServerSec; # # #2.3.13.1 Ensure 'Shutdown: Allow system to be shut down without having to log on' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.13.1: Ensure 'Shutdown: Allow system to be shut down without having to log on' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> ShutdownWithoutLogon -> 1; # # #2.3.15.1 Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.15.1: Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel -> ObCaseInsensitive -> !1; # # #2.3.15.2 Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.15.2: Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager -> ProtectionMode -> !1; # # #2.3.17.1 Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.1: Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> FilterAdministratorToken -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !FilterAdministratorToken; # # #2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.2: Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> EnableUIADesktopToggle -> 1; # # #2.3.17.3 Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.3: Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> ConsentPromptBehaviorAdmin -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> ConsentPromptBehaviorAdmin -> 1; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !ConsentPromptBehaviorAdmin; # # #2.3.17.4 Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.4: Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> ConsentPromptBehaviorUser -> 1; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !ConsentPromptBehaviorUser; # # #2.3.17.5 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.5: Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> EnableInstallerDetection -> 0; r:HKEY_LOCAL_MACHINE\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !EnableInstallerDetection; # # #2.3.17.6 Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.6: Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> EnableSecureUIAPaths -> 0; # # #2.3.17.7 Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.7: Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> EnableLUA -> 0; # # #2.3.17.8 Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.8: Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> PromptOnSecureDesktop -> 0; # # #2.3.17.9 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.9: Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> EnableVirtualization -> 0; # # #9.1.1 Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On' [CIS - Microsoft Windows Server 2012 R2 - 9.1.1: Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> EnableFirewall -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> EnableFirewall -> 0; # # #9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.1.2: Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> DefaultInboundAction -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> DefaultInboundAction -> 0; # # #9.1.3 Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.1.3: Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> DefaultOutboundAction -> 1; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> DefaultOutboundAction -> 1; # # #9.1.4 Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No' [CIS - Microsoft Windows Server 2012 R2 - 9.1.4: Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> DisableNotifications -> 0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> !DisableNotifications; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> DisableNotifications -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> !DisableNotifications; # # #9.1.5 Ensure 'Windows Firewall: Domain: Settings: Apply local firewall rules' is set to 'Yes (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.1.5: Ensure 'Windows Firewall: Domain: Settings: Apply local firewall rules' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> AllowLocalPolicyMerge -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> AllowLocalPolicyMerge -> 0; # # #9.1.6 Ensure 'Windows Firewall: Domain: Settings: Apply local connection security rules' is set to 'Yes (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.1.6: Ensure 'Windows Firewall: Domain: Settings: Apply local connection security rules' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> AllowLocalIPsecPolicyMerge -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> AllowLocalIPsecPolicyMerge -> 0; # # #9.1.7 Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\*.log' [CIS - Microsoft Windows Server 2012 R2 - 9.1.7: Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\*.log'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFilePath -> r:\psystemroot\p\\system32\logfiles\firewall\\w+\plog; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFilePath -> r:\psystemroot\p\\system32\logfiles\firewall\\w+\plog; # # #9.1.8 Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16384 KB or greater' [CIS - Microsoft Windows Server 2012 R2 - 9.1.8: Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16384 KB or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFileSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFileSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFileSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFileSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFileSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFileSize -> r:3\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFileSize -> r:\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFileSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFileSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFileSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFileSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFileSize -> r:3\w\w\w; # # #9.1.9 Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.1.9: Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogDroppedPackets -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogDroppedPackets -> 0; # # #9.1.10 Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.1.10: Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogSuccessfulConnections -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogSuccessfulConnections -> 0; # # #9.2.1 Ensure 'Windows Firewall: Private: Firewall state' is set to 'On' [CIS - Microsoft Windows Server 2012 R2 - 9.2.1: Ensure 'Windows Firewall: Private: Firewall state' is set to 'On'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile -> EnableFirewall -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> EnableFirewall -> 0; # # #9.2.2 Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.2.2: Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile -> DefaultInboundAction -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> DefaultInboundAction -> 0; # # #9.2.3 Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.2.3: Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile -> DefaultOutboundAction -> 1; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> DefaultOutboundAction -> 1; # # #9.2.4 Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No' [CIS - Microsoft Windows Server 2012 R2 - 9.2.4: Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile -> DisableNotifications -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> DisableNotifications -> 0; # # #9.2.5 Ensure 'Windows Firewall: Private: Settings: Apply local firewall rules' is set to 'Yes (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.2.5: Ensure 'Windows Firewall: Private: Settings: Apply local firewall rules' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile -> AllowLocalPolicyMerge -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> AllowLocalPolicyMerge -> 0; # # #9.2.6 Ensure 'Windows Firewall: Private: Settings: Apply local connection security rules' is set to 'Yes (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.2.6: Ensure 'Windows Firewall: Private: Settings: Apply local connection security rules' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile -> AllowLocalIPsecPolicyMerge -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> AllowLocalIPsecPolicyMerge -> 0; # # #9.2.7 Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\*.log' [CIS - Microsoft Windows Server 2012 R2 - 9.2.7: Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\*.log'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFilePath -> r:\psystemroot\p\\system32\logfiles\firewall\\w+\plog; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFilePath -> r:\psystemroot\p\\system32\logfiles\firewall\\w+\plog; # # #9.2.8 Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16384 KB or greater' [CIS - Microsoft Windows Server 2012 R2 - 9.2.8: Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16384 KB or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFileSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFileSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFileSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFileSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFileSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFileSize -> r:3\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFileSize -> r:\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFileSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFileSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFileSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFileSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFileSize -> r:3\w\w\w; # # #9.2.9 Ensure 'Windows Firewall: Private: Logging: Log dropped packets' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.2.9: Ensure 'Windows Firewall: Private: Logging: Log dropped packets' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogDroppedPackets -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogDroppedPackets -> 0; # # #9.2.10 Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.2.10: Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogSuccessfulConnections -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogSuccessfulConnections -> 0; # # #9.3.1 Ensure 'Windows Firewall: Public: Firewall state' is set to 'On' [CIS - Microsoft Windows Server 2012 R2 - 9.3.1: Ensure 'Windows Firewall: Public: Firewall state' is set to 'On'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile -> EnableFirewall -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile -> EnableFirewall -> 0; # # #9.3.2 Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.3.2: Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile -> DefaultInboundAction -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile -> DefaultInboundAction -> 0; # # #9.3.3 Ensure 'Windows Firewall: Public: Outbound connections' is set to 'Allow (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.3.3: Ensure 'Windows Firewall: Public: Outbound connections' is set to 'Allow'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile -> DefaultOutboundAction -> 1; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile -> DefaultOutboundAction -> 1; # # #9.3.4 Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.3.4: Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile -> DisableNotifications -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile -> DisableNotifications -> 0; # # #9.3.5 Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No' [CIS - Microsoft Windows Server 2012 R2 - 9.3.5: Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile -> AllowLocalPolicyMerge -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile -> AllowLocalPolicyMerge -> 0; # # #9.3.6 Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No' [CIS - Microsoft Windows Server 2012 R2 - 9.3.6: Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile -> AllowLocalIPsecPolicyMerge -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile -> AllowLocalIPsecPolicyMerge -> 0; # # #9.3.7 Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\*.log' [CIS - Microsoft Windows Server 2012 R2 - 9.3.7: Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\*.log'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFilePath -> r:\psystemroot\p\\system32\logfiles\firewall\\w+\plog; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFilePath -> r:\psystemroot\p\\system32\logfiles\firewall\\w+\plog; # # #9.3.8 Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16384 KB or greater' [CIS - Microsoft Windows Server 2012 R2 - 9.3.8: Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16384 KB or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFileSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFileSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFileSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFileSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFileSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFileSize -> r:3\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFileSize -> r:\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFileSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFileSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFileSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFileSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFileSize -> r:3\w\w\w; # # #9.3.9 Ensure 'Windows Firewall: Public: Logging: Log dropped packets' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.3.9: Ensure 'Windows Firewall: Public: Logging: Log dropped packets' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogDroppedPackets -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogDroppedPackets -> 0; # # #9.3.10 Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.3.10: Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogSuccessfulConnections -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogSuccessfulConnections -> 0; # # #18.1.1.1 Ensure 'Prevent enabling lock screen camera' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.1.1.1: Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization -> NoLockScreenCamera -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization -> !NoLockScreenCamera; # # #18.1.1.2 Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.1.1.2: Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization -> NoLockScreenSlideshow -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization -> !NoLockScreenSlideshow; # # #18.3.1 Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.1: Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> AutoAdminLogon -> !0; # # #18.3.2 Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.2: Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters -> DisableIPSourceRouting -> !2; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters -> !DisableIPSourceRouting; # # #18.3.3 Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.3: Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> DisableIPSourceRouting -> !2; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !DisableIPSourceRouting; # # #18.3.4 Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.4: Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> EnableICMPRedirect -> 1; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !EnableICMPRedirect; # # #18.3.6 Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.6: Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters -> NoNameReleaseOnDemand -> !1; # # #18.3.8 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.8: Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> SafeDllSearchMode -> 0; # # #18.3.9 Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds' [CIS - Microsoft Windows Server 2012 R2 - 18.3.9: Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires' is set to 'Enabled: 5 or fewer seconds'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> ScreenSaverGracePeriod -> 6; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> ScreenSaverGracePeriod -> 7; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> ScreenSaverGracePeriod -> 8; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> ScreenSaverGracePeriod -> 9; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> ScreenSaverGracePeriod -> r:\w\w+; # # #18.3.12 Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less' [CIS - Microsoft Windows Server 2012 R2 - 18.3.12: Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> 5B; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> 5C; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> 5D; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> 5E; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> 5F; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> r:6\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> r:7\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> r:8\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> r:9\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> r:\D\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> r:\w\w\w+; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> !WarningLevel; # # #18.4.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.11.2: Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections -> NC_AllowNetBridge_NLA -> 1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections -> !NC_AllowNetBridge_NLA; # # #18.4.11.3 Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.11.3: Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections -> NC_StdDomainUserSetLocation -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections -> !NC_StdDomainUserSetLocation; # # #18.4.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.21.1: Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy -> fMinimizeConnections -> !1; # # #18.6.2 Ensure 'WDigest Authentication' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.6.2: Ensure 'WDigest Authentication' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest -> UseLogonCredential -> !0; # # #18.8.3.1 Ensure 'Include command line in process creation events' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.3.1: Ensure 'Include command line in process creation events' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit -> ProcessCreationIncludeCmdLine_Enabled -> !0; # # #18.8.12.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical' [CIS - Microsoft Windows Server 2012 R2 - 18.8.12.1: Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\EarlyLaunch -> DriverLoadPolicy -> !3; # # #18.8.19.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE' [CIS - Microsoft Windows Server 2012 R2 - 18.8.19.2: Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2} -> NoBackgroundPolicy -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2} -> !NoBackgroundPolicy; # # #18.8.19.3 Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE' [CIS - Microsoft Windows Server 2012 R2 - 18.8.19.3: Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2} -> NoGPOListChanges -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2} -> !NoGPOListChanges; # # #18.8.19.4 Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.19.4: Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableBkGndGroupPolicy -> !0; # # #18.8.25.1 Ensure 'Do not display network selection UI' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.25.1: Ensure 'Do not display network selection UI' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> DontDisplayNetworkSelectionUI -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> !DontDisplayNetworkSelectionUI; # # #18.8.25.2 Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.25.2: Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> DontEnumerateConnectedUsers -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> !DontEnumerateConnectedUsers; # # #18.8.25.3 Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.25.3: Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> EnumerateLocalUsers -> !0; # # #18.8.25.4 Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.25.4: Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> DisableLockScreenAppNotifications -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> !DisableLockScreenAppNotifications; # # #18.8.25.5 Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.25.5: Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> AllowDomainPINLogon -> !0; # # #18.8.31.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.31.1: Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fAllowUnsolicited -> !0; # # #18.8.31.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.31.2: Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fAllowToGetHelp -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fAllowToGetHelp; # # #18.9.6.1 Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.6.1: Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> MSAOptional -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> !MSAOptional; # # #18.9.8.1 Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.8.1: Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoAutoplayfornonVolume -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoAutoplayfornonVolume; # # #18.9.8.2 Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands' [CIS - Microsoft Windows Server 2012 R2 - 18.9.8.2: Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoAutorun -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoAutorun; # # #18.9.8.3 Ensure 'Turn off Autoplay' is set to 'Enabled: All drives' [CIS - Microsoft Windows Server 2012 R2 - 18.9.8.3: Ensure 'Turn off Autoplay' is set to 'Enabled: All drives'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer-> NoDriveTypeAutoRun -> !ff; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer-> !NoDriveTypeAutoRun; # # #18.9.15.1 Ensure 'Do not display the password reveal button' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.15.1: Ensure 'Do not display the password reveal button' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredUI -> DisablePasswordReveal -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredUI -> !DisablePasswordReveal; # # #18.9.15.2 Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.15.2: Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI -> EnumerateAdministrators -> !0; # # #18.9.26.1.1 Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.1.1: Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> Retention -> !0; # # #18.9.26.1.2 Ensure 'Application: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.1.2: Ensure 'Application: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:0\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:3\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:4\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:5\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:6\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:7\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> !MaxSize; # # #18.9.26.2.1 Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.2.1: Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> Retention -> !0; # # #18.9.26.2.2 Ensure 'Security: Specify the maximum log file size (KB)' is set to 'Enabled: 196,608 or greater' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.2.2: Ensure 'Security: Specify the maximum log file size (KB)' is set to 'Enabled: 196,608 or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:0\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:1\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:2\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> !MaxSize; # # #18.9.26.3.1 Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.3.1: Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> Retention -> !0; # # #18.9.26.3.2 Ensure 'Setup: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.3.2: Ensure 'Setup: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:0\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:3\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:4\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:5\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:6\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:7\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> !MaxSize; # # #18.9.26.4.1 Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.4.1: Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> Retention -> !0; # # #18.9.26.4.2 Ensure 'System: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.4.2: Ensure 'System: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:0\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:3\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:4\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:5\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:6\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:7\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> !MaxSize; # # #18.9.30.2 Ensure 'Configure Windows SmartScreen' is set to 'Enabled: Require approval from an administrator before running downloaded unknown software' [CIS - Microsoft Windows Server 2012 R2 - 18.9.30.2: Ensure 'Configure Windows SmartScreen' is set to 'Enabled: Require approval from an administrator before running downloaded unknown software'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> EnableSmartScreen -> !2; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> !EnableSmartScreen; # # #18.9.30.3 Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.30.3: Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoDataExecutionPrevention -> !0; # # #18.9.30.4 Ensure 'Turn off heap termination on corruption' is set to 'Disabled'[CIS - Microsoft Windows Server 2012 R2 - 18.9.30.4: Ensure 'Turn off heap termination on corruption' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoHeapTerminationOnCorruption -> !0; # # #18.9.30.5 Ensure 'Turn off shell protocol protected mode' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.30.5: Ensure 'Turn off shell protocol protected mode' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> PreXPSP2ShellProtocolBehavior -> !0; # # #18.9.47.1 Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.47.1: Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive -> DisableFileSyncNGSC -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive -> !DisableFileSyncNGSC; # # #18.9.47.2 Ensure 'Prevent the usage of OneDrive for file storage on Windows 8.1' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.47.2: Ensure 'Prevent the usage of OneDrive for file storage on Windows 8.1' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Skydrive -> DisableFileSync -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Skydrive -> !DisableFileSync; # # #18.9.52.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.2.2: Ensure 'Do not allow passwords to be saved' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> DisablePasswordSaving -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !DisablePasswordSaving; # # #18.9.52.3.3.2 Ensure 'Do not allow drive redirection' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.3.2: Ensure 'Do not allow drive redirection' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fDisableCdm -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fDisableCdm; # # #18.9.52.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.9.1: Ensure 'Always prompt for password upon connection' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fPromptForPassword -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fPromptForPassword; # # #18.9.52.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.9.2: Ensure 'Require secure RPC communication' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fEncryptRPCTraffic -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fEncryptRPCTraffic; # # #18.9.52.3.9.3 Ensure 'Set client connection encryption level' is set to 'Enabled: High Level' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.9.3: Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MinEncryptionLevel -> !3; # # #18.9.52.3.11.1 Ensure 'Do not delete temp folders upon exit' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.11.1: Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> DeleteTempDirsOnExit -> !1; # # #18.9.52.3.11.2 Ensure 'Do not use temporary folders per session' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.11.2: Ensure 'Do not use temporary folders per session' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> PerSessionTempDir -> !1; # # #18.9.53.1 Ensure 'Prevent downloading of enclosures' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.53.1: Ensure 'Prevent downloading of enclosures' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds -> DisableEnclosureDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds -> !DisableEnclosureDownload; # # #18.9.54.2 Ensure 'Allow indexing of encrypted files' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.54.2: Ensure 'Allow indexing of encrypted files' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search -> AllowIndexingEncryptedStoresOrItems -> !0; # # #18.9.61.1 Ensure 'Turn off Automatic Download and Install of updates' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.61.1: Ensure 'Turn off Automatic Download and Install of updates' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore -> AutoDownload -> !4; # # #18.9.61.2 Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.61.2: Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore -> DisableOSUpgrade -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore -> !DisableOSUpgrade; # # #18.9.70.2.1 Ensure 'Configure Default consent' is set to 'Enabled: Always ask before sending data' [CIS - Microsoft Windows Server 2012 R2 - 18.9.70.2.1: Ensure 'Configure Default consent' is set to 'Enabled: Always ask before sending data'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent -> DefaultConsent -> !1; # # #18.9.70.3 Ensure 'Automatically send memory dumps for OS-generated error reports' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.70.3: Ensure 'Automatically send memory dumps for OS-generated error reports' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> AutoApproveOSDumps -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !AutoApproveOSDumps; # # #18.9.74.1 Ensure 'Allow user control over installs' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.74.1: Ensure 'Allow user control over installs' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer -> EnableUserControl -> !0; # # #18.9.74.2 Ensure 'Always install with elevated privileges' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.74.2: Ensure 'Always install with elevated privileges' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer -> AlwaysInstallElevated -> !0; # # #18.9.75.1 Ensure 'Sign-in last interactive user automatically after a system-initiated restart' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.75.1: Ensure 'Sign-in last interactive user automatically after a system-initiated restart' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableAutomaticRestartSignOn -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> !DisableAutomaticRestartSignOn; # # #18.9.84.1 Ensure 'Turn on PowerShell Script Block Logging' is set to 'Disabled'[CIS - Microsoft Windows Server 2012 R2 - 18.9.84.1: Ensure 'Turn on PowerShell Script Block Logging' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging -> EnableScriptBlockLogging -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging -> !EnableScriptBlockLogging; # # #18.9.84.2 Ensure 'Turn on PowerShell Transcription' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.84.2: Ensure 'Turn on PowerShell Transcription' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription -> EnableTranscripting -> !0; # # #18.9.86.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.1.1: Ensure 'Allow Basic authentication' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client -> AllowBasic -> !0; # # #18.9.86.1.2 Ensure 'Allow unencrypted traffic' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.1.2: Ensure 'Allow unencrypted traffic' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client -> AllowUnencryptedTraffic -> !0; # # #18.9.86.1.3 Ensure 'Disallow Digest authentication' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.1.3: Ensure 'Disallow Digest authentication' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client -> AllowDigest -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client -> !AllowDigest; # # #18.9.86.2.1 Ensure 'Allow Basic authentication' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.2.1: Ensure 'Allow Basic authentication' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> AllowBasic -> !0; # # #18.9.86.2.3 Ensure 'Allow unencrypted traffic' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.2.3: Ensure 'Allow unencrypted traffic' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> AllowUnencryptedTraffic -> !0; # # #18.9.86.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.2.4: Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> DisableRunAs -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> !DisableRunAs; # # #18.9.90.2 Ensure 'Configure Automatic Updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.90.2: Ensure 'Configure Automatic Updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -> NoAutoUpdate -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -> !NoAutoUpdate; # # #18.9.90.3 Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day' [CIS - Microsoft Windows Server 2012 R2 - 18.9.90.3: Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -> ScheduledInstallDay -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -> !ScheduledInstallDay; # # #18.9.90.4 Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.90.4: Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -> NoAutoRebootWithLoggedOnUsers -> !0; # !28006 cis_win2012r2_domainL2_rcl.txt # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2018 OSSEC Project # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://github.com/ossec/ossec-hids/blob/master/LICENSE # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - r (registry entry) # - p (process running) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceeded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for Windows Server 2012 R2 Domain Controller L2 # Based on Center for Internet Security Benchmark v2.2.1 for Microsoft Windows Server 2012 R2 (https://workbench.cisecurity.org/benchmarks/288) # # #2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.4: Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> DisableDomainCreds -> !1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> !DisableDomainCreds; # # #18.3.5 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' [CIS - Microsoft Windows Server 2012 R2 - 18.3.5: Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> KeepAliveTime -> !493e0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !KeepAliveTime; # # #18.3.7 Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.7: Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> PerformRouterDiscovery -> !0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !PerformRouterDiscovery; # # #18.3.10 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' [CIS - Microsoft Windows Server 2012 R2 - 18.3.10: Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters -> TcpMaxDataRetransmissions -> !3; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters -> !TcpMaxDataRetransmissions; # # #18.3.11 Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' [CIS - Microsoft Windows Server 2012 R2 - 18.3.11: Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> TcpMaxDataRetransmissions -> !3; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !TcpMaxDataRetransmissions; # # #18.4.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.9.1: Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> AllowLLTDIOOnDomain -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> AllowLLTDIOOnPublicNet -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> EnableLLTDIO -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> ProhibitLLTDIOOnPrivateNet -> !0; # # #18.4.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.9.2: Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> AllowRspndrOnDomain -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> AllowRspndrOnPublicNet -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> EnableRspndr -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> ProhibitRspndrOnPrivateNet -> !0; # # #18.4.10.2 Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.10.2: Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Peernet -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Peernet -> !Disabled; # # #18.4.19.2.1 Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') [CIS - Microsoft Windows Server 2012 R2 - 18.4.19.2.1: Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters -> DisabledComponents -> !ff; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters -> !DisabledComponents; # # #18.4.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.20.1: Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> EnableRegistrars -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !EnableRegistrars; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> DisableUPnPRegistrar -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !DisableUPnPRegistrar; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> DisableInBand802DOT11Registrar -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !DisableInBand802DOT11Registrar; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> DisableFlashConfigRegistrar -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !DisableFlashConfigRegistrar; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> DisableWPDRegistrar -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !DisableWPDRegistrar; # # #18.4.20.2 Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.20.2: Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\UI -> DisableWcnUi -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\UI -> !DisableWcnUi; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # #18.8.24.1 Ensure 'Disallow copying of user input methods to the system account for sign-in' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.24.1: Ensure 'Disallow copying of user input methods to the system account for sign-in' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Control Panel\International -> BlockUserInputMethodsForSignIn -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Control Panel\International -> !BlockUserInputMethodsForSignIn; # # #18.8.29.5.1 Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.29.5.1: Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51 -> DCSettingIndex -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51 -> !DCSettingIndex; # # #18.8.29.5.2 Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.29.5.2: Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51 -> ACSettingIndex -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51 -> !ACSettingIndex; # # #18.8.39.5.1 Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.39.5.1: Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy -> DisableQueryRemoteServer -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy -> !DisableQueryRemoteServer; # # #18.8.39.11.1 Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.39.11.1: Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d} -> ScenarioExecutionEnabled -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d} -> !ScenarioExecutionEnabled; # # #18.8.41.1 Ensure 'Turn off the advertising ID' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.41.1: Ensure 'Turn off the advertising ID' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo -> DisabledByGroupPolicy -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo -> !DisabledByGroupPolicy; # # #18.8.44.1.1 Ensure 'Enable Windows NTP Client' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.44.1.1: Ensure 'Enable Windows NTP Client' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32Time\TimeProviders\NtpClient -> Enabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32Time\TimeProviders\NtpClient -> !Enabled; # # #18.9.37.1 Ensure 'Turn off location' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.37.1: Ensure 'Turn off location' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors -> DisableLocation -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors -> !DisableLocation; # # #18.9.52.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.2.1: Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fSingleSessionPerUser -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fSingleSessionPerUser; # # #18.9.52.3.3.1 Ensure 'Do not allow COM port redirection' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.3.1: Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fDisableCcm -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fDisableCcm; # # #18.9.52.3.3.3 Ensure 'Do not allow LPT port redirection' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.3.3: Ensure 'Do not allow LPT port redirection' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fDisableLPT -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fDisableLPT; # # #18.9.52.3.3.4 Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.3.4: Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fDisablePNPRedir -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fDisablePNPRedir; # # #18.9.52.3.10.1 Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.10.1: Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba2; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba3; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba4; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba5; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba6; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba7; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba8; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba9; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba\D; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbb\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbc\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbd\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbe\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbf\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbc\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbd\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbe\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbf\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dc\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dd\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:de\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:df\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:e\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:f\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:\w\w\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !MaxIdleTime; # # #18.9.52.3.10.2 Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.10.2: Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxDisconnectionTime -> !EA60; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !MaxDisconnectionTime; # # #18.9.54.3 Ensure 'Set what information is shared in Search' is set to 'Enabled: Anonymous info' [CIS - Microsoft Windows Server 2012 R2 - 18.9.54.3: Ensure 'Set what information is shared in Search' is set to 'Enabled: Anonymous info'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search -> ConnectedSearchPrivacy -> !3; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search -> !ConnectedSearchPrivacy; # # #18.9.59.1 Ensure 'Turn off KMS Client Online AVS Validation' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.59.1: Ensure 'Turn off KMS Client Online AVS Validation' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform -> NoGenTicket -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform -> !NoGenTicket; # # #18.9.61.3 Ensure 'Turn off the Store application' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.61.3: Ensure 'Turn off the Store application' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore -> RemoveWindowsStore -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore -> !RemoveWindowsStore; # # #18.9.69.3.1 Ensure 'Join Microsoft MAPS' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.69.3.1: Ensure 'Join Microsoft MAPS' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet -> SpynetReporting -> !0; # # #18.9.74.3 Ensure 'Prevent Internet Explorer security prompt for Windows Installer scripts' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.74.3: Ensure 'Join Microsoft MAPS' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer -> SafeForScripting -> !0; # # #18.9.86.2.2 Ensure 'Allow remote server management through WinRM' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.2.2: Ensure 'Allow remote server management through WinRM' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> AllowAutoConfig -> !0; # # #18.9.87.1 Ensure 'Allow Remote Shell Access' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.87.1: Ensure 'Allow Remote Shell Access' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\WinRS -> AllowRemoteShellAccess -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\WinRS -> !AllowRemoteShellAccess; # !100530 cis_win2012r2_memberL1_rcl.txt # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2018 OSSEC Project # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://github.com/ossec/ossec-hids/blob/master/LICENSE # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - r (registry entry) # - p (process running) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceeded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for Windows Server 2012 R2 Domain Controller L2 # Based on Center for Internet Security Benchmark v2.2.1 for Microsoft Windows Server 2012 R2 (https://workbench.cisecurity.org/benchmarks/288) # # #1.1.2 Ensure 'Maximum password age' is set to '60 or fewer days, but not 0' [CIS - Microsoft Windows Server 2012 R2 - Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> 0; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> 3D; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> 3E; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> 3F; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:4\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:5\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:6\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:7\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:8\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:9\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:A\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:B\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:C\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:D\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:E\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:F\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> MaximumPasswordAge -> r:\w\w\w+; # # #2.3.1.2 Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts' [CIS - Microsoft Windows Server 2012 R2 - 2.3.1.2: Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> NoConnectedUser -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> NoConnectedUser -> 1; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !NoConnectedUser; # # #2.3.1.4 Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.1.4: Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> LimitBlankPasswordUse -> 0; # # #2.3.2.1 Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.2.1: Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> SCENoApplyLegacyAuditPolicy -> !1; # # #2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.2.2: Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> CrashOnAuditFail -> 1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> CrashOnAuditFail -> 2; # # #2.3.4.1 Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators' [CIS - Microsoft Windows Server 2012 R2 - 2.3.4.1: Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> AllocateDASD -> 1; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> AllocateDASD -> 2; # # #2.3.4.2 Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.4.2: Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers -> AddPrinterDrivers -> !1; # # #2.3.6.1 Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.6.1: Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> RequireSignOrSeal -> 0; # # #2.3.6.2 Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.6.2: Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> SealSecureChannel -> 0; # # #2.3.6.3 Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.6.3: Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> SignSecureChannel -> 0; # # #2.3.6.4 Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.6.4: Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> DisablePasswordChange -> 1; # # #2.3.6.6 Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.6.6: Ensure 'Domain member: Require strong session key' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters -> RequireStrongKey -> 0; # # #2.3.7.1 Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.7.1: Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> DontDisplayLastUserName -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !DontDisplayLastUserName; # # #2.3.7.2 Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.7.2: Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> DisableCAD -> 1; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !DisableCAD; # # #2.3.7.3 Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' [CIS - Microsoft Windows Server 2012 R2 - 2.3.7.3: Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> 385; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> 386; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> 387; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> 388; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> 389; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:38\D; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:39\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:3\D\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:4\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:5\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:6\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:7\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:8\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:9\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:\D\w\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> InactivityTimeoutSecs -> r:\w\w\w\w+; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !InactivityTimeoutSecs; # # #2.3.7.7 Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' [CIS - Microsoft Windows Server 2012 R2 - 2.3.7.7: Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> 1; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> 2; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> 3; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> 4; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> 0F; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:1\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:2\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:3\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:4\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:5\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:6\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:7\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:8\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:9\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:\D\w; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> PasswordExpiryWarning -> r:\w\w\w+; # # #2.3.7.8 Ensure 'Interactive logon: Require Domain Controller Authentication to unlock workstation' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.7.8: Ensure 'Interactive logon: Require Domain Controller Authentication to unlock workstation' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> ForceUnlockLogon -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> !ForceUnlockLogon; # # #2.3.7.9 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher [CIS - Microsoft Windows Server 2012 R2 - 2.3.7.9: Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> ScRemoveOption -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon -> !ScRemoveOption; # # #2.3.8.1 Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.8.1: Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters -> RequireSecuritySignature -> !1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters -> !RequireSecuritySignature; # # #2.3.8.2 Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.8.2: Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters -> EnableSecuritySignature -> !1; # # #2.3.8.3 Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.8.3: Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters -> EnablePlainTextPassword -> !0; # # #2.3.9.1 Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s), but not 0' [CIS - Microsoft Windows Server 2012 R2 - 2.3.9.1: Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s), but not 0'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> 0; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:1\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:2\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:3\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:4\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:5\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:6\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:7\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:8\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:9\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:\D\w; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> AutoDisconnect -> r:\w\w\w+; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> !AutoDisconnect; # # #2.3.9.2 Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.9.2: Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> RequireSecuritySignature -> !1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> !RequireSecuritySignature; # # #2.3.9.3 Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.9.3: Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> EnableSecuritySignature -> !1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> !EnableSecuritySignature; # # #2.3.9.4 Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.9.4: Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> EnableForcedLogOff -> !1; # # #2.3.9.5 Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher [CIS - Microsoft Windows Server 2012 R2 - 2.3.9.5: Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -> SMBServerNameHardeningLevel -> !0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -> !SMBServerNameHardeningLevel; # # #2.3.10.2 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.2: Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa -> RestrictAnonymousSAM -> 0; # # #2.3.10.3 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.3: Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa -> RestrictAnonymous -> !1; # # #2.3.10.5 Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.5: Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> EveryoneIncludesAnonymous -> 1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> EveryoneIncludesAnonymous -> 2; # # #2.3.10.6 Configure 'Network access: Named Pipes that can be accessed anonymously' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.6: Configure 'Network access: Named Pipes that can be accessed anonymously'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> NullSessionPipes -> !r:lsarpc|netlogon|samr; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> !NullSessionPipes; # # #2.3.10.7 Configure 'Network access: Remotely accessible registry paths' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.7: Configure 'Network access: Remotely accessible registry paths'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths -> Machine -> !r:System\\CurrentControlSet\\Control\\ProductOptions|System\\CurrentControlSet\\Control\\Server Applications|Software\\Microsoft\\Windows NT\\CurrentVersion; # # #2.3.10.8 Configure 'Network access: Remotely accessible registry paths and sub-paths' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.8: Configure 'Network access: Remotely accessible registry paths and sub-paths'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths -> Machine -> !r:Software\\Microsoft\\Windows NT\\CurrentVersion\\Print|Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows|System\\CurrentControlSet\\Control\\Print\\Printers|System\\CurrentControlSet\\Services\\Eventlog|Software\\Microsoft\\OLAP Server|System\\CurrentControlSet\\Control\\ContentIndex|System\\CurrentControlSet\\Control\\Terminal Server|System\\CurrentControlSet\\Control\\Terminal Server\\UserConfig|System\\CurrentControlSet\\Control\\Terminal Server\\DefaultUserConfiguration|Software\\Microsoft\\Windows NT\\CurrentVersion\\Perflib|System\\CurrentControlSet\\Services\\SysmonLog|System\\CurrentControlSet\\Services\\CertSvc|System\\CurrentControlSet\\Services\\WINS; # # #2.3.10.9 Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.9: Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> RestrictNullSessAccess -> !1; # # #2.3.10.10 Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.10: Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters -> NullSessionShares -> r:\.+; # # #2.3.10.11 Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.11: Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> ForceGuest -> 1; # # #2.3.11.1 Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.1: Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> UseMachineId -> !1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> !UseMachineId; # # #2.3.11.2 Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.2: Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 -> allownullsessionfallback -> 1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 -> !allownullsessionfallback; # # #2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.3: Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\pku2u -> AllowOnlineID -> !0; # # #2.3.11.4 Ensure 'Network Security: Configure encryption types allowed for Kerberos' is set to 'RC4_HMAC_MD5, AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.4: Ensure 'Network Security: Configure encryption types allowed for Kerberos' is set to 'RC4_HMAC_MD5, AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters -> SupportedEncryptionTypes -> !2147483644; # # #2.3.11.5 Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.5: Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> NoLMHash -> 0; # # #2.3.11.6 Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.6: Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -> EnableForcedLogOff -> !1; # # #2.3.11.7 Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.7: Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> LmCompatibilityLevel -> 0; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> LmCompatibilityLevel -> 1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> LmCompatibilityLevel -> 2; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> LmCompatibilityLevel -> 3; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> LmCompatibilityLevel -> 4; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> !LmCompatibilityLevel; # # #2.3.11.8 Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LDAP -> LDAPClientIntegrity -> !1; # # #2.3.11.9 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.9: Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption''] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 -> NTLMMinClientSec -> !537395200; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 -> !NTLMMinClientSec; # # #2.3.11.10 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption' [CIS - Microsoft Windows Server 2012 R2 - 2.3.11.10: Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 -> NTLMMinServerSec -> !537395200; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0 -> !NTLMMinServerSec; # # #2.3.13.1 Ensure 'Shutdown: Allow system to be shut down without having to log on' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.13.1: Ensure 'Shutdown: Allow system to be shut down without having to log on' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> ShutdownWithoutLogon -> 1; # # #2.3.15.1 Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.15.1: Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel -> ObCaseInsensitive -> !1; # # #2.3.15.2 Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.15.2: Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager -> ProtectionMode -> !1; # # #2.3.17.1 Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.1: Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> FilterAdministratorToken -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !FilterAdministratorToken; # # #2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.2: Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> EnableUIADesktopToggle -> 1; # # #2.3.17.3 Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.3: Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> ConsentPromptBehaviorAdmin -> 0; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> ConsentPromptBehaviorAdmin -> 1; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !ConsentPromptBehaviorAdmin; # # #2.3.17.4 Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.4: Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> ConsentPromptBehaviorUser -> 1; r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !ConsentPromptBehaviorUser; # # #2.3.17.5 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.5: Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> EnableInstallerDetection -> 0; r:HKEY_LOCAL_MACHINE\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> !EnableInstallerDetection; # # #2.3.17.6 Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.6: Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> EnableSecureUIAPaths -> 0; # # #2.3.17.7 Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.7: Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> EnableLUA -> 0; # # #2.3.17.8 Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.8: Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> PromptOnSecureDesktop -> 0; # # #2.3.17.9 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.17.9: Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -> EnableVirtualization -> 0; # # #9.1.1 Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On' [CIS - Microsoft Windows Server 2012 R2 - 9.1.1: Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> EnableFirewall -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> EnableFirewall -> 0; # # #9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.1.2: Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> DefaultInboundAction -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> DefaultInboundAction -> 0; # # #9.1.3 Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.1.3: Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> DefaultOutboundAction -> 1; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> DefaultOutboundAction -> 1; # # #9.1.4 Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No' [CIS - Microsoft Windows Server 2012 R2 - 9.1.4: Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> DisableNotifications -> 0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> !DisableNotifications; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> DisableNotifications -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> !DisableNotifications; # # #9.1.5 Ensure 'Windows Firewall: Domain: Settings: Apply local firewall rules' is set to 'Yes (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.1.5: Ensure 'Windows Firewall: Domain: Settings: Apply local firewall rules' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> AllowLocalPolicyMerge -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> AllowLocalPolicyMerge -> 0; # # #9.1.6 Ensure 'Windows Firewall: Domain: Settings: Apply local connection security rules' is set to 'Yes (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.1.6: Ensure 'Windows Firewall: Domain: Settings: Apply local connection security rules' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile -> AllowLocalIPsecPolicyMerge -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile -> AllowLocalIPsecPolicyMerge -> 0; # # #9.1.7 Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\*.log' [CIS - Microsoft Windows Server 2012 R2 - 9.1.7: Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\*.log'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFilePath -> r:\psystemroot\p\\system32\logfiles\firewall\\w+\plog; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFilePath -> r:\psystemroot\p\\system32\logfiles\firewall\\w+\plog; # # #9.1.8 Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16384 KB or greater' [CIS - Microsoft Windows Server 2012 R2 - 9.1.8: Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16384 KB or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFileSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFileSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFileSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFileSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFileSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogFileSize -> r:3\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFileSize -> r:\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFileSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFileSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFileSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFileSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogFileSize -> r:3\w\w\w; # # #9.1.9 Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.1.9: Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogDroppedPackets -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogDroppedPackets -> 0; # # #9.1.10 Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.1.10: Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging -> LogSuccessfulConnections -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging -> LogSuccessfulConnections -> 0; # # #9.2.1 Ensure 'Windows Firewall: Private: Firewall state' is set to 'On' [CIS - Microsoft Windows Server 2012 R2 - 9.2.1: Ensure 'Windows Firewall: Private: Firewall state' is set to 'On'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile -> EnableFirewall -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> EnableFirewall -> 0; # # #9.2.2 Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.2.2: Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile -> DefaultInboundAction -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> DefaultInboundAction -> 0; # # #9.2.3 Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.2.3: Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile -> DefaultOutboundAction -> 1; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> DefaultOutboundAction -> 1; # # #9.2.4 Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No' [CIS - Microsoft Windows Server 2012 R2 - 9.2.4: Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile -> DisableNotifications -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> DisableNotifications -> 0; # # #9.2.5 Ensure 'Windows Firewall: Private: Settings: Apply local firewall rules' is set to 'Yes (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.2.5: Ensure 'Windows Firewall: Private: Settings: Apply local firewall rules' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile -> AllowLocalPolicyMerge -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> AllowLocalPolicyMerge -> 0; # # #9.2.6 Ensure 'Windows Firewall: Private: Settings: Apply local connection security rules' is set to 'Yes (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.2.6: Ensure 'Windows Firewall: Private: Settings: Apply local connection security rules' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile -> AllowLocalIPsecPolicyMerge -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile -> AllowLocalIPsecPolicyMerge -> 0; # # #9.2.7 Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\*.log' [CIS - Microsoft Windows Server 2012 R2 - 9.2.7: Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\*.log'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFilePath -> r:\psystemroot\p\\system32\logfiles\firewall\\w+\plog; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFilePath -> r:\psystemroot\p\\system32\logfiles\firewall\\w+\plog; # # #9.2.8 Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16384 KB or greater' [CIS - Microsoft Windows Server 2012 R2 - 9.2.8: Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16384 KB or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFileSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFileSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFileSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFileSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFileSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogFileSize -> r:3\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFileSize -> r:\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFileSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFileSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFileSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFileSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogFileSize -> r:3\w\w\w; # # #9.2.9 Ensure 'Windows Firewall: Private: Logging: Log dropped packets' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.2.9: Ensure 'Windows Firewall: Private: Logging: Log dropped packets' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogDroppedPackets -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogDroppedPackets -> 0; # # #9.2.10 Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.2.10: Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging -> LogSuccessfulConnections -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging -> LogSuccessfulConnections -> 0; # # #9.3.1 Ensure 'Windows Firewall: Public: Firewall state' is set to 'On' [CIS - Microsoft Windows Server 2012 R2 - 9.3.1: Ensure 'Windows Firewall: Public: Firewall state' is set to 'On'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile -> EnableFirewall -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile -> EnableFirewall -> 0; # # #9.3.2 Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.3.2: Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile -> DefaultInboundAction -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile -> DefaultInboundAction -> 0; # # #9.3.3 Ensure 'Windows Firewall: Public: Outbound connections' is set to 'Allow (default)' [CIS - Microsoft Windows Server 2012 R2 - 9.3.3: Ensure 'Windows Firewall: Public: Outbound connections' is set to 'Allow'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile -> DefaultOutboundAction -> 1; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile -> DefaultOutboundAction -> 1; # # #9.3.4 Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.3.4: Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile -> DisableNotifications -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile -> DisableNotifications -> 0; # # #9.3.5 Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No' [CIS - Microsoft Windows Server 2012 R2 - 9.3.5: Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile -> AllowLocalPolicyMerge -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile -> AllowLocalPolicyMerge -> 0; # # #9.3.6 Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No' [CIS - Microsoft Windows Server 2012 R2 - 9.3.6: Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile -> AllowLocalIPsecPolicyMerge -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile -> AllowLocalIPsecPolicyMerge -> 0; # # #9.3.7 Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\*.log' [CIS - Microsoft Windows Server 2012 R2 - 9.3.7: Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SYSTEMROOT%\System32\logfiles\firewall\*.log'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFilePath -> r:\psystemroot\p\\system32\logfiles\firewall\\w+\plog; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFilePath -> r:\psystemroot\p\\system32\logfiles\firewall\\w+\plog; # # #9.3.8 Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16384 KB or greater' [CIS - Microsoft Windows Server 2012 R2 - 9.3.8: Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16384 KB or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFileSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFileSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFileSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFileSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFileSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogFileSize -> r:3\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFileSize -> r:\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFileSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFileSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFileSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFileSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogFileSize -> r:3\w\w\w; # # #9.3.9 Ensure 'Windows Firewall: Public: Logging: Log dropped packets' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.3.9: Ensure 'Windows Firewall: Public: Logging: Log dropped packets' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogDroppedPackets -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogDroppedPackets -> 0; # # #9.3.10 Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes' [CIS - Microsoft Windows Server 2012 R2 - 9.3.10: Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging -> LogSuccessfulConnections -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging -> LogSuccessfulConnections -> 0; # # #18.1.1.1 Ensure 'Prevent enabling lock screen camera' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.1.1.1: Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization -> NoLockScreenCamera -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization -> !NoLockScreenCamera; # # #18.1.1.2 Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.1.1.2: Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization -> NoLockScreenSlideshow -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization -> !NoLockScreenSlideshow; # # #18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installed [CIS - Microsoft Windows Server 2012 R2 - 18.2.1: Ensure LAPS AdmPwd GPO Extension / CSE is installed] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{D76B9641-3288-4f75-942D-087DE603E3EA} -> !DllName; # # #18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.2.2: Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PwdExpirationProtectionEnabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> !PwdExpirationProtectionEnabled; # # #18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.2.3: Ensure 'Enable Local Admin Password Management' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> AdmPwdEnabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> !AdmPwdEnabled; # # #18.2.4 Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters' [CIS - Microsoft Windows Server 2012 R2 - 18.2.4: Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordComplexity -> !4; # # #18.2.5 Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more' [CIS - Microsoft Windows Server 2012 R2 - 18.2.5: Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordLength -> r:\d; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordLength -> r:a; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordLength -> r:b; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordLength -> r:c; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordLength -> r:d; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordLength -> r:e; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> !PasswordLength; # # #18.2.6 Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer' [CIS - Microsoft Windows Server 2012 R2 - 18.2.6: Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordAgeDays -> 1F; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordAgeDays -> r:2\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordAgeDays -> r:3\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordAgeDays -> r:4\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordAgeDays -> r:5\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordAgeDays -> r:6\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordAgeDays -> r:7\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordAgeDays -> r:8\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordAgeDays -> r:9\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordAgeDays -> r:\D\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft Services\AdmPwd -> PasswordAgeDays -> r:\w\w\w+; # # #18.3.1 Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.1: Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> AutoAdminLogon -> !0; # # #18.3.2 Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.2: Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters -> DisableIPSourceRouting -> !2; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters -> !DisableIPSourceRouting; # # #18.3.3 Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.3: Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> DisableIPSourceRouting -> !2; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !DisableIPSourceRouting; # # #18.3.4 Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.4: Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> EnableICMPRedirect -> 1; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !EnableICMPRedirect; # # #18.3.6 Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.6: Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters -> NoNameReleaseOnDemand -> !1; # # #18.3.8 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.8: Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> SafeDllSearchMode -> 0; # # #18.3.9 Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds' [CIS - Microsoft Windows Server 2012 R2 - 18.3.9: Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires' is set to 'Enabled: 5 or fewer seconds'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> ScreenSaverGracePeriod -> 6; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> ScreenSaverGracePeriod -> 7; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> ScreenSaverGracePeriod -> 8; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> ScreenSaverGracePeriod -> 9; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> ScreenSaverGracePeriod -> r:\w\w+; # # #18.3.12 Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less' [CIS - Microsoft Windows Server 2012 R2 - 18.3.12: Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> 5B; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> 5C; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> 5D; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> 5E; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> 5F; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> r:6\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> r:7\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> r:8\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> r:9\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> r:\D\w; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> r:\w\w\w+; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> !WarningLevel; # # #18.4.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.11.2: Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections -> NC_AllowNetBridge_NLA -> 1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections -> !NC_AllowNetBridge_NLA; # # #18.4.11.3 Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.11.3: Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections -> NC_StdDomainUserSetLocation -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections -> !NC_StdDomainUserSetLocation; # # #18.4.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.21.1: Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy -> fMinimizeConnections -> !1; # # #18.6.1 Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.6.1: Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> LocalAccountTokenFilterPolicy -> !0; # # #18.6.2 Ensure 'WDigest Authentication' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.6.2: Ensure 'WDigest Authentication' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest -> UseLogonCredential -> !0; # # #18.8.3.1 Ensure 'Include command line in process creation events' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.3.1: Ensure 'Include command line in process creation events' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit -> ProcessCreationIncludeCmdLine_Enabled -> !0; # # #18.8.12.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical' [CIS - Microsoft Windows Server 2012 R2 - 18.8.12.1: Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\EarlyLaunch -> DriverLoadPolicy -> !3; # # #18.8.19.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE' [CIS - Microsoft Windows Server 2012 R2 - 18.8.19.2: Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2} -> NoBackgroundPolicy -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2} -> !NoBackgroundPolicy; # # #18.8.19.3 Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE' [CIS - Microsoft Windows Server 2012 R2 - 18.8.19.3: Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2} -> NoGPOListChanges -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2} -> !NoGPOListChanges; # # #18.8.19.4 Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.19.4: Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableBkGndGroupPolicy -> !0; # # #18.8.25.1 Ensure 'Do not display network selection UI' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.25.1: Ensure 'Do not display network selection UI' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> DontDisplayNetworkSelectionUI -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> !DontDisplayNetworkSelectionUI; # # #18.8.25.2 Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.25.2: Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> DontEnumerateConnectedUsers -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> !DontEnumerateConnectedUsers; # # #18.8.25.3 Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.25.3: Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> EnumerateLocalUsers -> !0; # # #18.8.25.4 Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.25.4: Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> DisableLockScreenAppNotifications -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> !DisableLockScreenAppNotifications; # # #18.8.25.5 Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.25.5: Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> AllowDomainPINLogon -> !0; # # #18.8.31.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.31.1: Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fAllowUnsolicited -> !0; # # #18.8.31.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.31.2: Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fAllowToGetHelp -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fAllowToGetHelp; # # #18.8.32.1 Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.32.1: Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Rpc -> EnableAuthEpResolution -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Rpc -> !EnableAuthEpResolution; # # #18.9.6.1 Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.6.1: Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> MSAOptional -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> !MSAOptional; # # #18.9.8.1 Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.8.1: Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoAutoplayfornonVolume -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoAutoplayfornonVolume; # # #18.9.8.2 Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands' [CIS - Microsoft Windows Server 2012 R2 - 18.9.8.2: Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoAutorun -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoAutorun; # # #18.9.8.3 Ensure 'Turn off Autoplay' is set to 'Enabled: All drives' [CIS - Microsoft Windows Server 2012 R2 - 18.9.8.3: Ensure 'Turn off Autoplay' is set to 'Enabled: All drives'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer-> NoDriveTypeAutoRun -> !ff; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer-> !NoDriveTypeAutoRun; # # #18.9.15.1 Ensure 'Do not display the password reveal button' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.15.1: Ensure 'Do not display the password reveal button' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredUI -> DisablePasswordReveal -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredUI -> !DisablePasswordReveal; # # #18.9.15.2 Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.15.2: Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI -> EnumerateAdministrators -> !0; # # #18.9.26.1.1 Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.1.1: Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> Retention -> !0; # # #18.9.26.1.2 Ensure 'Application: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.1.2: Ensure 'Application: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:0\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:3\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:4\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:5\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:6\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> r:7\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> !MaxSize; # # #18.9.26.2.1 Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.2.1: Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> Retention -> !0; # # #18.9.26.2.2 Ensure 'Security: Specify the maximum log file size (KB)' is set to 'Enabled: 196,608 or greater' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.2.2: Ensure 'Security: Specify the maximum log file size (KB)' is set to 'Enabled: 196,608 or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:0\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:1\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> r:2\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> !MaxSize; # # #18.9.26.3.1 Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.3.1: Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> Retention -> !0; # # #18.9.26.3.2 Ensure 'Setup: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.3.2: Ensure 'Setup: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:0\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:3\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:4\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:5\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:6\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> r:7\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> !MaxSize; # # #18.9.26.4.1 Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.4.1: Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> Retention -> !0; # # #18.9.26.4.2 Ensure 'System: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater' [CIS - Microsoft Windows Server 2012 R2 - 18.9.26.4.2: Ensure 'System: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:0\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:1\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:2\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:3\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:4\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:5\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:6\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> r:7\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> !MaxSize; # # #18.9.30.2 Ensure 'Configure Windows SmartScreen' is set to 'Enabled: Require approval from an administrator before running downloaded unknown software' [CIS - Microsoft Windows Server 2012 R2 - 18.9.30.2: Ensure 'Configure Windows SmartScreen' is set to 'Enabled: Require approval from an administrator before running downloaded unknown software'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> EnableSmartScreen -> !2; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> !EnableSmartScreen; # # #18.9.30.3 Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.30.3: Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoDataExecutionPrevention -> !0; # # #18.9.30.4 Ensure 'Turn off heap termination on corruption' is set to 'Disabled'[CIS - Microsoft Windows Server 2012 R2 - 18.9.30.4: Ensure 'Turn off heap termination on corruption' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoHeapTerminationOnCorruption -> !0; # # #18.9.30.5 Ensure 'Turn off shell protocol protected mode' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.30.5: Ensure 'Turn off shell protocol protected mode' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> PreXPSP2ShellProtocolBehavior -> !0; # # #18.9.47.1 Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.47.1: Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive -> DisableFileSyncNGSC -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive -> !DisableFileSyncNGSC; # # #18.9.47.2 Ensure 'Prevent the usage of OneDrive for file storage on Windows 8.1' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.47.2: Ensure 'Prevent the usage of OneDrive for file storage on Windows 8.1' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Skydrive -> DisableFileSync -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Skydrive -> !DisableFileSync; # # #18.9.52.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.2.2: Ensure 'Do not allow passwords to be saved' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> DisablePasswordSaving -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !DisablePasswordSaving; # # #18.9.52.3.3.2 Ensure 'Do not allow drive redirection' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.3.2: Ensure 'Do not allow drive redirection' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fDisableCdm -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fDisableCdm; # # #18.9.52.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.9.1: Ensure 'Always prompt for password upon connection' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fPromptForPassword -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fPromptForPassword; # # #18.9.52.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.9.2: Ensure 'Require secure RPC communication' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fEncryptRPCTraffic -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fEncryptRPCTraffic; # # #18.9.52.3.9.3 Ensure 'Set client connection encryption level' is set to 'Enabled: High Level' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.9.3: Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MinEncryptionLevel -> !3; # # #18.9.52.3.11.1 Ensure 'Do not delete temp folders upon exit' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.11.1: Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> DeleteTempDirsOnExit -> !1; # # #18.9.52.3.11.2 Ensure 'Do not use temporary folders per session' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.11.2: Ensure 'Do not use temporary folders per session' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> PerSessionTempDir -> !1; # # #18.9.53.1 Ensure 'Prevent downloading of enclosures' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.53.1: Ensure 'Prevent downloading of enclosures' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds -> DisableEnclosureDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Feeds -> !DisableEnclosureDownload; # # #18.9.54.2 Ensure 'Allow indexing of encrypted files' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.54.2: Ensure 'Allow indexing of encrypted files' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search -> AllowIndexingEncryptedStoresOrItems -> !0; # # #18.9.61.1 Ensure 'Turn off Automatic Download and Install of updates' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.61.1: Ensure 'Turn off Automatic Download and Install of updates' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore -> AutoDownload -> !4; # # #18.9.61.2 Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.61.2: Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore -> DisableOSUpgrade -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore -> !DisableOSUpgrade; # # #18.9.70.2.1 Ensure 'Configure Default consent' is set to 'Enabled: Always ask before sending data' [CIS - Microsoft Windows Server 2012 R2 - 18.9.70.2.1: Ensure 'Configure Default consent' is set to 'Enabled: Always ask before sending data'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent -> DefaultConsent -> !1; # # #18.9.70.3 Ensure 'Automatically send memory dumps for OS-generated error reports' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.70.3: Ensure 'Automatically send memory dumps for OS-generated error reports' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> AutoApproveOSDumps -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !AutoApproveOSDumps; # # #18.9.74.1 Ensure 'Allow user control over installs' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.74.1: Ensure 'Allow user control over installs' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer -> EnableUserControl -> !0; # # #18.9.74.2 Ensure 'Always install with elevated privileges' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.74.2: Ensure 'Always install with elevated privileges' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer -> AlwaysInstallElevated -> !0; # # #18.9.75.1 Ensure 'Sign-in last interactive user automatically after a system-initiated restart' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.75.1: Ensure 'Sign-in last interactive user automatically after a system-initiated restart' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableAutomaticRestartSignOn -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> !DisableAutomaticRestartSignOn; # # #18.9.84.1 Ensure 'Turn on PowerShell Script Block Logging' is set to 'Disabled'[CIS - Microsoft Windows Server 2012 R2 - 18.9.84.1: Ensure 'Turn on PowerShell Script Block Logging' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging -> EnableScriptBlockLogging -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging -> !EnableScriptBlockLogging; # # #18.9.84.2 Ensure 'Turn on PowerShell Transcription' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.84.2: Ensure 'Turn on PowerShell Transcription' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription -> EnableTranscripting -> !0; # # #18.9.86.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.1.1: Ensure 'Allow Basic authentication' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client -> AllowBasic -> !0; # # #18.9.86.1.2 Ensure 'Allow unencrypted traffic' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.1.2: Ensure 'Allow unencrypted traffic' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client -> AllowUnencryptedTraffic -> !0; # # #18.9.86.1.3 Ensure 'Disallow Digest authentication' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.1.3: Ensure 'Disallow Digest authentication' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client -> AllowDigest -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client -> !AllowDigest; # # #18.9.86.2.1 Ensure 'Allow Basic authentication' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.2.1: Ensure 'Allow Basic authentication' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> AllowBasic -> !0; # # #18.9.86.2.3 Ensure 'Allow unencrypted traffic' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.2.3: Ensure 'Allow unencrypted traffic' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> AllowUnencryptedTraffic -> !0; # # #18.9.86.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.2.4: Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> DisableRunAs -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> !DisableRunAs; # # #18.9.90.2 Ensure 'Configure Automatic Updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.90.2: Ensure 'Configure Automatic Updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -> NoAutoUpdate -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -> !NoAutoUpdate; # # #18.9.90.3 Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day' [CIS - Microsoft Windows Server 2012 R2 - 18.9.90.3: Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -> ScheduledInstallDay -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -> !ScheduledInstallDay; # # #18.9.90.4 Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.90.4: Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -> NoAutoRebootWithLoggedOnUsers -> !0; # # # !376002 cis_win2012r2_memberL2_rcl.txt # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2018 OSSEC Project # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://github.com/ossec/ossec-hids/blob/master/LICENSE # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - r (registry entry) # - p (process running) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceeded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # CIS Checks for Windows Server 2012 R2 Domain Controller L2 # Based on Center for Internet Security Benchmark v2.2.1 for Microsoft Windows Server 2012 R2 (https://workbench.cisecurity.org/benchmarks/288) # # #2.3.7.6 Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' [CIS - Microsoft Windows Server 2012 R2 - Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> 5; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> 6; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> 7; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> 8; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> 9; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> a; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> b; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> c; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> d; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> e; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> f; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> CachedLogonsCount -> \w\w+; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> !CachedLogonsCount; # # #2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 2.3.10.4: Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> DisableDomainCreds -> !1; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa -> !DisableDomainCreds; # # #18.3.5 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' [CIS - Microsoft Windows Server 2012 R2 - 18.3.5: Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> KeepAliveTime -> !493e0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !KeepAliveTime; # # #18.3.7 Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.3.7: Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> PerformRouterDiscovery -> !0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !PerformRouterDiscovery; # # #18.3.10 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' [CIS - Microsoft Windows Server 2012 R2 - 18.3.10: Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters -> TcpMaxDataRetransmissions -> !3; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters -> !TcpMaxDataRetransmissions; # # #18.3.11 Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' [CIS - Microsoft Windows Server 2012 R2 - 18.3.11: Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> TcpMaxDataRetransmissions -> !3; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !TcpMaxDataRetransmissions; # # #18.4.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.9.1: Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> AllowLLTDIOOnDomain -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> AllowLLTDIOOnPublicNet -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> EnableLLTDIO -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> ProhibitLLTDIOOnPrivateNet -> !0; # # #18.4.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.9.2: Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> AllowRspndrOnDomain -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> AllowRspndrOnPublicNet -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> EnableRspndr -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LLTD -> ProhibitRspndrOnPrivateNet -> !0; # # #18.4.10.2 Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.10.2: Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Peernet -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Peernet -> !Disabled; # # #18.4.19.2.1 Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') [CIS - Microsoft Windows Server 2012 R2 - 18.4.19.2.1: Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters -> DisabledComponents -> !ff; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\Parameters -> !DisabledComponents; # # #18.4.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.20.1: Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> EnableRegistrars -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !EnableRegistrars; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> DisableUPnPRegistrar -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !DisableUPnPRegistrar; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> DisableInBand802DOT11Registrar -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !DisableInBand802DOT11Registrar; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> DisableFlashConfigRegistrar -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !DisableFlashConfigRegistrar; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> DisableWPDRegistrar -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars -> !DisableWPDRegistrar; # # #18.4.20.2 Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.20.2: Ensure 'Prohibit access of the Windows Connect Now wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\UI -> DisableWcnUi -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WCN\UI -> !DisableWcnUi; # # #18.4.21.2 Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.4.21.2: Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy -> fBlockNonDomain -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy -> !fBlockNonDomain; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # -> !1; # # #18.8.20.1.1 Ensure 'Turn off access to the Store' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.1: Ensure 'Turn off access to the Store' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoUseStoreOpenWith -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoUseStoreOpenWith; # # #18.8.20.1.2 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.2: Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableWebPnPDownload -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableWebPnPDownload; # # #18.8.20.1.3 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.3: Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> PreventHandwritingDataSharing -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TabletPC -> !PreventHandwritingDataSharing; # # #18.8.20.1.4 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.4: Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> PreventHandwritingErrorReports -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports -> !PreventHandwritingErrorReports; # # #18.8.20.1.5 Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.5: Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> ExitOnMSICW -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Internet Connection Wizard -> !ExitOnMSICW; # # #18.8.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.6: Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices; # # #18.8.20.1.7 Ensure 'Turn off printing over HTTP' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.7: Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> DisableHTTPPrinting -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Printers -> !DisableHTTPPrinting; # # #18.8.20.1.8 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.8: Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> NoRegistration -> !1; r:HKEY_LOCAL_MACHINE\Policies\Microsoft\Windows\Registration Wizard Control -> !NoRegistration; # # #18.8.20.1.9 Ensure 'Turn off Search Companion content file updates' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.9: Ensure 'Turn off Search Companion content file updates' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> DisableContentFileUpdates -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SearchCompanion -> !DisableContentFileUpdates; # # #18.8.20.1.10 Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.10: Ensure 'Turn off the "Order Prints" picture task' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoOnlinePrintsWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoOnlinePrintsWizard; # # #18.8.20.1.11 Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.11: Ensure 'Turn off the "Publish to Web" task for files and folders' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoPublishingWizard -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoPublishingWizard; # # #18.8.20.1.12 Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.12: Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> CEIP -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Messenger\Client -> !CEIP; # # #18.8.20.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.13: Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> CEIPEnable -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows -> !CEIPEnable; # # #18.8.20.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.20.1.14: Ensure 'Turn off Windows Error Reporting' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> Disabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting -> !Disabled; # # #18.8.24.1 Ensure 'Disallow copying of user input methods to the system account for sign-in' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.24.1: Ensure 'Disallow copying of user input methods to the system account for sign-in' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Control Panel\International -> BlockUserInputMethodsForSignIn -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Control Panel\International -> !BlockUserInputMethodsForSignIn; # # #18.8.29.5.1 Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.29.5.1: Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51 -> DCSettingIndex -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51 -> !DCSettingIndex; # # #18.8.29.5.2 Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.29.5.2: Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51 -> ACSettingIndex -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51 -> !ACSettingIndex; # # #18.8.32.2 Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated' [CIS - Microsoft Windows Server 2012 R2 - 18.8.32.2: Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Rpc -> RestrictRemoteClients -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Rpc -> !RestrictRemoteClients; # # #18.8.39.5.1 Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.39.5.1: Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy -> DisableQueryRemoteServer -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy -> !DisableQueryRemoteServer; # # #18.8.39.11.1 Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.39.11.1: Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d} -> ScenarioExecutionEnabled -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d} -> !ScenarioExecutionEnabled; # # #18.8.41.1 Ensure 'Turn off the advertising ID' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.41.1: Ensure 'Turn off the advertising ID' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo -> DisabledByGroupPolicy -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo -> !DisabledByGroupPolicy; # # #18.8.44.1.1 Ensure 'Enable Windows NTP Client' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.44.1.1: Ensure 'Enable Windows NTP Client' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32Time\TimeProviders\NtpClient -> Enabled -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32Time\TimeProviders\NtpClient -> !Enabled; # # #18.8.44.1.2 Ensure 'Enable Windows NTP Server' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.8.44.1.2: Ensure 'Enable Windows NTP Server' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32Time\TimeProviders\NtpServer -> Enabled -> !0; # # #18.9.37.1 Ensure 'Turn off location' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.37.1: Ensure 'Turn off location' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors -> DisableLocation -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors -> !DisableLocation; # # #18.9.52.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.2.1: Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fSingleSessionPerUser -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fSingleSessionPerUser; # # #18.9.52.3.3.1 Ensure 'Do not allow COM port redirection' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.3.1: Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fDisableCcm -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fDisableCcm; # # #18.9.52.3.3.3 Ensure 'Do not allow LPT port redirection' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.3.3: Ensure 'Do not allow LPT port redirection' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fDisableLPT -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fDisableLPT; # # #18.9.52.3.3.4 Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.3.4: Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> fDisablePNPRedir -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !fDisablePNPRedir; # # #18.9.52.3.10.1 Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.10.1: Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba2; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba3; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba4; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba5; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba6; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba7; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba8; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba9; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbba\D; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbb\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbc\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbd\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbe\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbbf\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbc\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbd\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbe\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dbf\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dc\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:dd\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:de\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:df\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:e\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:f\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxIdleTime -> r:\w\w\w\w\w\w; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !MaxIdleTime; # # #18.9.52.3.10.2 Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute' [CIS - Microsoft Windows Server 2012 R2 - 18.9.52.3.10.2: Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> MaxDisconnectionTime -> !EA60; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services -> !MaxDisconnectionTime; # # #18.9.54.3 Ensure 'Set what information is shared in Search' is set to 'Enabled: Anonymous info' [CIS - Microsoft Windows Server 2012 R2 - 18.9.54.3: Ensure 'Set what information is shared in Search' is set to 'Enabled: Anonymous info'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search -> ConnectedSearchPrivacy -> !3; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search -> !ConnectedSearchPrivacy; # # #18.9.59.1 Ensure 'Turn off KMS Client Online AVS Validation' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.59.1: Ensure 'Turn off KMS Client Online AVS Validation' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform -> NoGenTicket -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform -> !NoGenTicket; # # #18.9.61.3 Ensure 'Turn off the Store application' is set to 'Enabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.61.3: Ensure 'Turn off the Store application' is set to 'Enabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore -> RemoveWindowsStore -> !1; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore -> !RemoveWindowsStore; # # #18.9.69.3.1 Ensure 'Join Microsoft MAPS' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.69.3.1: Ensure 'Join Microsoft MAPS' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet -> SpynetReporting -> !0; # # #18.9.74.3 Ensure 'Prevent Internet Explorer security prompt for Windows Installer scripts' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.74.3: Ensure 'Join Microsoft MAPS' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer -> SafeForScripting -> !0; # # #18.9.86.2.2 Ensure 'Allow remote server management through WinRM' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.86.2.2: Ensure 'Allow remote server management through WinRM' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> AllowAutoConfig -> !0; # # #18.9.87.1 Ensure 'Allow Remote Shell Access' is set to 'Disabled' [CIS - Microsoft Windows Server 2012 R2 - 18.9.87.1: Ensure 'Allow Remote Shell Access' is set to 'Disabled'] [any] [https://workbench.cisecurity.org/benchmarks/288] r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\WinRS -> AllowRemoteShellAccess -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\WinRS -> !AllowRemoteShellAccess; # !1487 log4j_check.yml policy: id: "log4j_check" file: "log4j_check.yml" name: "Log4j dependency check" description: "This document provides prescriptive guidance for identifying Log4j RCE vulnerability" references: - https://nvd.nist.gov/vuln/detail/CVE-2021-44228 - https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance requirements: title: "Check if Java is present on the machine" description: "Requirements for running the SCA scan against machines with Java on them." condition: all rules: - 'c:sh -c "ps aux | grep java | grep -v grep" -> r:java' checks: - id: 10000 title: "Ensure Log4j is not on the system or under 2.16" description: "The Log4j library is vulnerable to RCE on versions between 2.10 and 2.15." remediation: "Update the log4j library to version 2.16 or set log4j2.formatMsgNoLookups to true if possible." condition: none rules: - 'c:find / -regex ".*log4j.*.jar" -type f -exec sh -c "unzip -p {} META-INF/MANIFEST.MF | grep Implementation-Version" \; -> r: 2.10.| 2.11.| 2.12.| 2.13.| 2.14.| 2.15.' - id: 10001 title: "Ensure Java is not running or is properly configured" description: "The Log4j library is vulnerable to RCE on versions between 2.10 and 2.15." remediation: "Update the log4j library to version 2.16 or set log4j2.formatMsgNoLookups to true if possible." condition: any rules: - 'c:sh -c "ps aux | grep java | grep -v grep" -> r:java && r:Dlog4j2.formatMsgNoLookups=true' !16174 rootkit_files.txt # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # rootkit_files.txt, (C) Daniel B. Cid # Imported from the rootcheck project. # # Blank lines and lines starting with '#' are ignored. # # Each line must be in the following format: # file_name ! Name ::Link to it # # Files that start with an '*' will be searched in the whole system. # Bash door tmp/mcliZokhb ! Bash door ::/rootkits/bashdoor.php tmp/mclzaKmfa ! Bash door ::/rootkits/bashdoor.php # adore Worm dev/.shit/red.tgz ! Adore Worm ::/rootkits/adorew.php usr/lib/libt ! Adore Worm ::/rootkits/adorew.php usr/bin/adore ! Adore Worm ::/rootkits/adorew.php */klogd.o ! Adore Worm ::/rootkits/adorew.php */red.tar ! Adore Worm ::/rootkits/adorew.php # T.R.K rootkit usr/bin/soucemask ! TRK rootkit ::/rootkits/trk.php usr/bin/sourcemask ! TRK rootkit ::/rootkits/trk.php # 55.808.A Worm tmp/.../a ! 55808.A Worm :: tmp/.../r ! 55808.A Worm :: # Volc Rootkit usr/lib/volc ! Volc Rootkit :: usr/bin/volc ! Volc Rootkit :: # Illogic lib/security/.config ! Illogic Rootkit ::rootkits/illogic.php usr/bin/sia ! Illogic Rootkit ::rootkits/illogic.php etc/ld.so.hash ! Illogic Rootkit ::rootkits/illogic.php */uconf.inv ! Illogic Rootkit ::rootkits/illogic.php # T0rnkit usr/src/.puta ! t0rn Rootkit ::rootkits/torn.php usr/info/.t0rn ! t0rn Rootkit ::rootkits/torn.php lib/ldlib.tk ! t0rn Rootkit ::rootkits/torn.php etc/ttyhash ! t0rn Rootkit ::rootkits/torn.php sbin/xlogin ! t0rn Rootkit ::rootkits/torn.php */ldlib.tk ! t0rn Rootkit ::rootkits/torn.php */.t0rn ! t0rn Rootkit ::rootkits/torn.php */.puta ! t0rn Rootkit ::rootkits/torn.php # RK17 bin/rtty ! RK17 :: bin/squit ! RK17 :: sbin/pback ! RK17 :: proc/kset ! RK17 :: usr/src/linux/modules/autod.o ! RK17 :: usr/src/linux/modules/soundx.o ! RK17 :: # Ramen Worm usr/lib/ldlibps.so ! Ramen Worm ::rootkits/ramen.php usr/lib/ldlibns.so ! Ramen Worm ::rootkits/ramen.php usr/lib/ldliblogin.so ! Ramen Worm ::rootkits/ramen.php usr/src/.poop ! Ramen Worm ::rootkits/ramen.php tmp/ramen.tgz ! Ramen Worm ::rootkits/ramen.php etc/xinetd.d/asp ! Ramen Worm ::rootkits/ramen.php # Sadmind/IIS Worm dev/cuc ! Sadmind/IIS Worm :: # Monkit lib/defs ! Monkit :: usr/lib/libpikapp.a ! Monkit found :: # RSHA usr/bin/kr4p ! RSHA :: usr/bin/n3tstat ! RSHA :: usr/bin/chsh2 ! RSHA :: usr/bin/slice2 ! RSHA :: etc/rc.d/rsha ! RSHA :: # ShitC worm bin/home ! ShitC :: sbin/home ! ShitC :: usr/sbin/in.slogind ! ShitC :: # Omega Worm dev/chr ! Omega Worm :: # rh-sharpe bin/.ps ! Rh-Sharpe :: usr/bin/cleaner ! Rh-Sharpe :: usr/bin/slice ! Rh-Sharpe :: usr/bin/vadim ! Rh-Sharpe :: usr/bin/.ps ! Rh-Sharpe :: bin/.lpstree ! Rh-Sharpe :: usr/bin/.lpstree ! Rh-Sharpe :: usr/bin/lnetstat ! Rh-Sharpe :: bin/lnetstat ! Rh-Sharpe :: usr/bin/ldu ! Rh-Sharpe :: bin/ldu ! Rh-Sharpe :: usr/bin/lkillall ! Rh-Sharpe :: bin/lkillall ! Rh-Sharpe :: usr/include/rpcsvc/du ! Rh-Sharpe :: # Maniac RK usr/bin/mailrc ! Maniac RK :: # Showtee / Romanian usr/lib/.egcs ! Showtee :: usr/lib/.wormie ! Showtee :: usr/lib/.kinetic ! Showtee :: usr/lib/liblog.o ! Showtee :: usr/include/addr.h ! Showtee / Romanian rootkit :: usr/include/cron.h ! Showtee :: usr/include/file.h ! Showtee / Romanian rootkit :: usr/include/syslogs.h ! Showtee / Romanian rootkit :: usr/include/proc.h ! Showtee / Romanian rootkit :: usr/include/chk.h ! Showtee :: usr/sbin/initdl ! Romanian rootkit :: usr/sbin/xntps ! Romanian rootkit :: # Optickit usr/bin/xchk ! Optickit :: usr/bin/xsf ! Optickit :: # LDP worm dev/.kork ! LDP Worm :: bin/.login ! LDP Worm :: bin/.ps ! LDP Worm :: # Telekit dev/hda06 ! TeLeKit trojan :: usr/info/libc1.so ! TeleKit trojan :: # Tribe bot dev/wd4 ! Tribe bot :: # LRK dev/ida/.inet ! LRK rootkit ::rootkits/lrk.php */bindshell ! LRK rootkit ::rootkits/lrk.php # Adore Rootkit etc/bin/ava ! Adore Rootkit :: etc/sbin/ava ! Adore Rootkit :: # Slapper tmp/.bugtraq ! Slapper installed :: tmp/.bugtraq.c ! Slapper installed :: tmp/.cinik ! Slapper installed :: tmp/.b ! Slapper installed :: tmp/httpd ! Slapper installed :: tmp./update ! Slapper installed :: tmp/.unlock ! Slapper installed :: tmp/.font-unix/.cinik ! Slapper installed :: tmp/.cinik ! Slapper installed :: # Scalper tmp/.uua ! Scalper installed :: tmp/.a ! Scalper installed :: # Knark proc/knark ! Knark Installed ::rootkits/knark.php dev/.pizda ! Knark Installed ::rootkits/knark.php dev/.pula ! Knark Installed ::rootkits/knark.php dev/.pula ! Knark Installed ::rootkits/knark.php */taskhack ! Knark Installed ::rootkits/knark.php */rootme ! Knark Installed ::rootkits/knark.php */nethide ! Knark Installed ::rootkits/knark.php */hidef ! Knark Installed ::rootkits/knark.php */ered ! Knark Installed ::rootkits/knark.php # Lion worm dev/.lib ! Lion Worm ::rootkits/lion.php dev/.lib/1iOn.sh ! Lion Worm ::rootkits/lion.php bin/mjy ! Lion Worm ::rootkits/lion.php bin/in.telnetd ! Lion Worm ::rootkits/lion.php usr/info/torn ! Lion Worm ::rootkits/lion.php */1iOn\.sh ! Lion Worm ::rootkits/lion.php # Bobkit usr/include/.../ ! Bobkit Rootkit ::rootkits/bobkit.php usr/lib/.../ ! Bobkit Rootkit ::rootkits/bobkit.php usr/sbin/.../ ! Bobkit Rootkit ::rootkits/bobkit.php usr/bin/ntpsx ! Bobkit Rootkit ::rootkits/bobkit.php tmp/.bkp ! Bobkit Rootkit ::rootkits/bobkit.php usr/lib/.bkit- ! Bobkit Rootkit ::rootkits/bobkit.php */bkit- ! Bobkit Rootkit ::rootkits/bobkit.php # Hidrootkit var/lib/games/.k ! Hidr00tkit :: # Ark dev/ptyxx ! Ark rootkit :: # Mithra Rootkit usr/lib/locale/uboot ! Mithra`s rootkit :: # Optickit usr/bin/xsf ! OpticKit :: usr/bin/xchk ! OpticKit :: # LOC rookit tmp/xp ! LOC rookit :: tmp/kidd0.c ! LOC rookit :: tmp/kidd0 ! LOC rookit :: # TC2 worm usr/info/.tc2k ! TC2 Worm :: usr/bin/util ! TC2 Worm :: usr/sbin/initcheck ! TC2 Worm :: usr/sbin/ldb ! TC2 Worm :: # Anonoiyng rootkit usr/sbin/mech ! Anonoiyng rootkit :: usr/sbin/kswapd ! Anonoiyng rootkit :: # SuckIt lib/.x ! SuckIt rootkit :: */hide.log ! Suckit rootkit :: lib/sk ! SuckIT rootkit :: # Beastkit usr/local/bin/bin ! Beastkit rootkit ::rootkits/beastkit.php usr/man/.man10 ! Beastkit rootkit ::rootkits/beastkit.php usr/sbin/arobia ! Beastkit rootkit ::rootkits/beastkit.php usr/lib/elm/arobia ! Beastkit rootkit ::rootkits/beastkit.php usr/local/bin/.../bktd ! Beastkit rootkit ::rootkits/beastkit.php # Tuxkit dev/tux ! Tuxkit rootkit ::rootkits/Tuxkit.php usr/bin/xsf ! Tuxkit rootkit ::rootkits/Tuxkit.php usr/bin/xchk ! Tuxkit rootkit ::rootkits/Tuxkit.php */.file ! Tuxkit rootkit ::rootkits/Tuxkit.php */.addr ! Tuxkit rootkit ::rootkits/Tuxkit.php # Old rootkits usr/include/rpc/ ../kit ! Old rootkits ::rootkits/Old.php usr/include/rpc/ ../kit2 ! Old rootkits ::rootkits/Old.php usr/doc/.sl ! Old rootkits ::rootkits/Old.php usr/doc/.sp ! Old rootkits ::rootkits/Old.php usr/doc/.statnet ! Old rootkits ::rootkits/Old.php usr/doc/.logdsys ! Old rootkits ::rootkits/Old.php usr/doc/.dpct ! Old rootkits ::rootkits/Old.php usr/doc/.gifnocfi ! Old rootkits ::rootkits/Old.php usr/doc/.dnif ! Old rootkits ::rootkits/Old.php usr/doc/.nigol ! Old rootkits ::rootkits/Old.php # Kenga3 rootkit usr/include/. . ! Kenga3 rootkit # ESRK rootkit usr/lib/tcl5.3 ! ESRK rootkit # Fu rootkit sbin/xc ! Fu rootkit usr/include/ivtype.h ! Fu rootkit bin/.lib ! Fu rootkit # ShKit rootkit lib/security/.config ! ShKit rootkit etc/ld.so.hash ! ShKit rootkit # AjaKit rootkit lib/.ligh.gh ! AjaKit rootkit lib/.libgh.gh ! AjaKit rootkit lib/.libgh-gh ! AjaKit rootkit dev/tux ! AjaKit rootkit dev/tux/.proc ! AjaKit rootkit dev/tux/.file ! AjaKit rootkit # zaRwT rootkit bin/imin ! zaRwT rootkit bin/imout ! zaRwT rootkit # Madalin rootkit usr/include/icekey.h ! Madalin rootkit usr/include/iceconf.h ! Madalin rootkit usr/include/iceseed.h ! Madalin rootkit # shv5 rootkit XXX http://www.askaboutskating.com/forum/.../shv5/setup lib/libsh.so ! shv5 rootkit usr/lib/libsh ! shv5 rootkit # BMBL rootkit (http://www.giac.com/practical/GSEC/Steve_Terrell_GSEC.pdf) etc/.bmbl ! BMBL rootkit etc/.bmbl/sk ! BMBL rootkit # rootedoor rootkit */rootedoor ! Rootedoor rootkit # 0vason rootkit */ovas0n ! ovas0n rootkit ::/rootkits/ovason.php */ovason ! ovas0n rootkit ::/rootkits/ovason.php # Rpimp reverse telnet */rpimp ! rpv21 (Reverse Pimpage)::/rootkits/rpimp.php # Cback Linux worm tmp/cback ! cback worm ::/rootkits/cback.php tmp/derfiq ! cback worm ::/rootkits/cback.php # aPa Kit (from rkhunter) usr/share/.aPa ! Apa Kit # enye-sec Rootkit etc/.enyelkmHIDE^IT.ko ! enye-sec Rootkit ::/rootkits/enye-sec.php # Override Rootkit dev/grid-hide-pid- ! Override rootkit ::/rootkits/override.php dev/grid-unhide-pid- ! Override rootkit ::/rootkits/override.php dev/grid-show-pids ! Override rootkit ::/rootkits/override.php dev/grid-hide-port- ! Override rootkit ::/rootkits/override.php dev/grid-unhide-port- ! Override rootkit ::/rootkits/override.php # PHALANX rootkit usr/share/.home* ! PHALANX rootkit :: usr/share/.home*/tty ! PHALANX rootkit :: etc/host.ph1 ! PHALANX rootkit :: bin/host.ph1 ! PHALANX rootkit :: # ZK rootkit (http://honeyblog.org/junkyard/reports/redhat-compromise2.pdf) # and from chkrootkit usr/share/.zk ! ZK rootkit :: usr/share/.zk/zk ! ZK rootkit :: etc/1ssue.net ! ZK rootkit :: usr/X11R6/.zk ! ZK rootkit :: usr/X11R6/.zk/xfs ! ZK rootkit :: usr/X11R6/.zk/echo ! ZK rootkit :: etc/sysconfig/console/load.zk ! ZK rootkit :: # Public sniffers */.linux-sniff ! Sniffer log :: */sniff-l0g ! Sniffer log :: */core_$ ! Sniffer log :: */tcp.log ! Sniffer log :: */chipsul ! Sniffer log :: */beshina ! Sniffer log :: */.owned$ | Sniffer log :: # Solaris worm - # http://blogs.sun.com/security/entry/solaris_in_telnetd_worm_seen var/adm/.profile ! Solaris Worm :: var/spool/lp/.profile ! Solaris Worm :: var/adm/sa/.adm ! Solaris Worm :: var/spool/lp/admins/.lp ! Solaris Worm :: # Suspicious files etc/rc.d/init.d/rc.modules ! Suspicious file ::rootkits/Suspicious.php lib/ldd.so ! Suspicious file ::rootkits/Suspicious.php usr/man/muie ! Suspicious file ::rootkits/Suspicious.php usr/X11R6/include/pain ! Suspicious file ::rootkits/Suspicious.php usr/bin/sourcemask ! Suspicious file ::rootkits/Suspicious.php usr/bin/ras2xm ! Suspicious file ::rootkits/Suspicious.php usr/bin/ddc ! Suspicious file ::rootkits/Suspicious.php usr/bin/jdc ! Suspicious file ::rootkits/Suspicious.php usr/sbin/in.telnet ! Suspicious file ::rootkits/Suspicious.php sbin/vobiscum ! Suspicious file ::rootkits/Suspicious.php usr/sbin/jcd ! Suspicious file ::rootkits/Suspicious.php usr/sbin/atd2 ! Suspicious file ::rootkits/Suspicious.php usr/bin/ishit ! Suspicious file ::rootkits/Suspicious.php usr/bin/.etc ! Suspicious file ::rootkits/Suspicious.php usr/bin/xstat ! Suspicious file ::rootkits/Suspicious.php var/run/.tmp ! Suspicious file ::rootkits/Suspicious.php usr/man/man1/lib/.lib ! Suspicious file ::rootkits/Suspicious.php usr/man/man2/.man8 ! Suspicious file ::rootkits/Suspicious.php var/run/.pid ! Suspicious file ::rootkits/Suspicious.php lib/.so ! Suspicious file ::rootkits/Suspicious.php lib/.fx ! Suspicious file ::rootkits/Suspicious.php lib/lblip.tk ! Suspicious file ::rootkits/Suspicious.php usr/lib/.fx ! Suspicious file ::rootkits/Suspicious.php var/local/.lpd ! Suspicious file ::rootkits/Suspicious.php dev/rd/cdb ! Suspicious file ::rootkits/Suspicious.php dev/.rd/ ! Suspicious file ::rootkits/Suspicious.php usr/lib/pt07 ! Suspicious file ::rootkits/Suspicious.php usr/bin/atm ! Suspicious file ::rootkits/Suspicious.php tmp/.cheese ! Suspicious file ::rootkits/Suspicious.php dev/.arctic ! Suspicious file ::rootkits/Suspicious.php dev/.xman ! Suspicious file ::rootkits/Suspicious.php dev/.golf ! Suspicious file ::rootkits/Suspicious.php dev/srd0 ! Suspicious file ::rootkits/Suspicious.php dev/ptyzx ! Suspicious file ::rootkits/Suspicious.php dev/ptyzg ! Suspicious file ::rootkits/Suspicious.php dev/xdf1 ! Suspicious file ::rootkits/Suspicious.php dev/ttyop ! Suspicious file ::rootkits/Suspicious.php dev/ttyof ! Suspicious file ::rootkits/Suspicious.php dev/hd7 ! Suspicious file ::rootkits/Suspicious.php dev/hdx1 ! Suspicious file ::rootkits/Suspicious.php dev/hdx2 ! Suspicious file ::rootkits/Suspicious.php dev/xdf2 ! Suspicious file ::rootkits/Suspicious.php dev/ptyp ! Suspicious file ::rootkits/Suspicious.php dev/ptyr ! Suspicious file ::rootkits/Suspicious.php sbin/pback ! Suspicious file ::rootkits/Suspicious.php usr/man/man3/psid ! Suspicious file ::rootkits/Suspicious.php proc/kset ! Suspicious file ::rootkits/Suspicious.php usr/bin/gib ! Suspicious file ::rootkits/Suspicious.php usr/bin/snick ! Suspicious file ::rootkits/Suspicious.php usr/bin/kfl ! Suspicious file ::rootkits/Suspicious.php tmp/.dump ! Suspicious file ::rootkits/Suspicious.php var/.x ! Suspicious file ::rootkits/Suspicious.php var/.x/psotnic ! Suspicious file ::rootkits/Suspicious.php */.log ! Suspicious file ::rootkits/Suspicious.php */ecmf ! Suspicious file ::rootkits/Suspicious.php */mirkforce ! Suspicious file ::rootkits/Suspicious.php */mfclean ! Suspicious file ::rootkits/Suspicious.php !5548 rootkit_trojans.txt # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # rootkit_trojans.txt, (C) Daniel B. Cid # # Imported from the rootcheck project. # Some entries taken from the chkrootkit project. # # Blank lines and lines starting with '#' are ignored. # # Each line must be in the following format: # file_name !string_to_search!Description # Common binaries and public trojan entries ls !bash|^/bin/sh|dev/[^clu]|\.tmp/lsfile|duarawkz|/prof|/security|file\.h! env !bash|^/bin/sh|file\.h|proc\.h|/dev/|^/bin/.*sh! echo !bash|^/bin/sh|file\.h|proc\.h|/dev/[^cl]|^/bin/.*sh! chown !bash|^/bin/sh|file\.h|proc\.h|/dev/[^cl]|^/bin/.*sh! chmod !bash|^/bin/sh|file\.h|proc\.h|/dev/[^cl]|^/bin/.*sh! chgrp !bash|^/bin/sh|file\.h|proc\.h|/dev/[^cl]|^/bin/.*sh! cat !bash|^/bin/sh|file\.h|proc\.h|/dev/[^cl]|^/bin/.*sh! bash !proc\.h|/dev/[0-9]|/dev/[hijkz]! sh !proc\.h|/dev/[0-9]|/dev/[hijkz]! uname !bash|^/bin/sh|file\.h|proc\.h|^/bin/.*sh! date !bash|^/bin/sh|file\.h|proc\.h|/dev/[^cln]|^/bin/.*sh! du !w0rm|/prof|file\.h! df !bash|^/bin/sh|file\.h|proc\.h|/dev/[^clurdv]|^/bin/.*sh! login !elite|SucKIT|xlogin|vejeta|porcao|lets_log|sukasuk! passwd !bash|file\.h|proc\.h|/dev/ttyo|/dev/[A-Z]|/dev/[b-s,uvxz]! mingetty !bash|Dimensioni|pacchetto! chfn !bash|file\.h|proc\.h|/dev/ttyo|/dev/[A-Z]|/dev/[a-s,uvxz]! chsh !bash|file\.h|proc\.h|/dev/ttyo|/dev/[A-Z]|/dev/[a-s,uvxz]! mail !bash|file\.h|proc\.h|/dev/[^nu]! su !/dev/[d-s,abuvxz]|/dev/[A-D]|/dev/[F-Z]|/dev/[0-9]|satori|vejeta|conf\.inv! sudo !satori|vejeta|conf\.inv! crond !/dev/[^nt]|bash! gpm !bash|mingetty! ifconfig !bash|^/bin/sh|/dev/tux|session.null|/dev/[^cludisopt]! diff !bash|^/bin/sh|file\.h|proc\.h|/dev/[^n]|^/bin/.*sh! md5sum !bash|^/bin/sh|file\.h|proc\.h|/dev/|^/bin/.*sh! hdparm !bash|/dev/ida! ldd !/dev/[^n]|proc\.h|libshow.so|libproc.a! # Trojan entries for troubleshooting binaries grep !bash|givemer! egrep !bash|^/bin/sh|file\.h|proc\.h|/dev/|^/bin/.*sh! find !bash|/dev/[^tnlcs]|/prof|/home/virus|file\.h! lsof !/prof|/dev/[^apcmnfk]|proc\.h|bash|^/bin/sh|/dev/ttyo|/dev/ttyp! netstat !bash|^/bin/sh|/dev/[^aik]|/prof|grep|addr\.h! top !/dev/[^npi3st%]|proc\.h|/prof/! ps !/dev/ttyo|\.1proc|proc\.h|bash|^/bin/sh! tcpdump !bash|^/bin/sh|file\.h|proc\.h|/dev/[^bu]|^/bin/.*sh! pidof !bash|^/bin/sh|file\.h|proc\.h|/dev/[^f]|^/bin/.*sh! fuser !bash|^/bin/sh|file\.h|proc\.h|/dev/[a-dtz]|^/bin/.*sh! w !uname -a|proc\.h|bash! # Trojan entries for common daemons sendmail !bash|fuck! named !bash|blah|/dev/[0-9]|^/bin/sh! inetd !bash|^/bin/sh|file\.h|proc\.h|/dev/[^un%]|^/bin/.*sh! apachectl !bash|^/bin/sh|file\.h|proc\.h|/dev/[^n]|^/bin/.*sh! sshd !check_global_passwd|panasonic|satori|vejeta|\.ark|/hash\.zk|bash|/dev[a-s]|/dev[A-Z]/! syslogd !bash|/usr/lib/pt07|/dev/[^cln]]|syslogs\.h|proc\.h! xinetd !bash|file\.h|proc\.h! in.telnetd !cterm100|vt350|VT100|ansi-term|bash|^/bin/sh|/dev[A-R]|/dev/[a-z]/! in.fingerd !bash|^/bin/sh|cterm100|/dev/! identd !bash|^/bin/sh|file\.h|proc\.h|/dev/[^n]|^/bin/.*sh! init !bash|/dev/h tcpd !bash|proc\.h|p1r0c4|hack|/dev/[^n]! rlogin !p1r0c4|r00t|bash|/dev/[^nt]! # Kill trojan killall !/dev/[^t%]|proc\.h|bash|tmp! kill !/dev/[ab,d-k,m-z]|/dev/[F-Z]|/dev/[A-D]|/dev/[0-9]|proc\.h|bash|tmp! # Rootkit entries /etc/rc.d/rc.sysinit !enyelkmHIDE! enye-sec Rootkit # ZK rootkit (http://honeyblog.org/junkyard/reports/redhat-compromise2.pdf) /etc/sysconfig/console/load.zk !/bin/sh! ZK rootkit /etc/sysconfig/console/load.zk !usr/bin/run! ZK rootkit # Modified /etc/hosts entries # Idea taken from: # http://blog.tenablesecurity.com/2006/12/detecting_compr.html # http://www.sophos.com/security/analyses/trojbagledll.html # http://www.f-secure.com/v-descs/fantibag_b.shtml /etc/hosts !^[^#]*avp\.ch!Anti-virus site on the hosts file /etc/hosts !^[^#]*avp\.ru!Anti-virus site on the hosts file /etc/hosts !^[^#]*awaps\.net! Anti-virus site on the hosts file /etc/hosts !^[^#]*ca\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*mcafee\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*microsoft\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*f-secure\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*sophos\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*symantec\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*my-etrust\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*nai\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*networkassociates\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*viruslist\.ru! Anti-virus site on the hosts file /etc/hosts !^[^#]*kaspersky! Anti-virus site on the hosts file /etc/hosts !^[^#]*symantecliveupdate\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*grisoft\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*clamav\.net! Anti-virus site on the hosts file /etc/hosts !^[^#]*bitdefender\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*antivirus\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*sans\.org! Security site on the hosts file !4466 system_audit_rcl.txt # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2007 Daniel B. Cid - dcid@ossec.net # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://www.gnu.org/licenses/gpl.html # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - p (process running) # - d (any file inside the directory) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). $php.ini=/etc/php.ini,/var/www/conf/php.ini,/etc/php5/apache2/php.ini; $web_dirs=/var/www,/var/htdocs,/home/httpd,/usr/local/apache,/usr/local/apache2,/usr/local/www; # PHP checks [PHP - Register globals are enabled] [any] [] f:$php.ini -> r:^register_globals = On; # PHP checks [PHP - Expose PHP is enabled] [any] [] f:$php.ini -> r:^expose_php = On; # PHP checks [PHP - Allow URL fopen is enabled] [any] [] f:$php.ini -> r:^allow_url_fopen = On; # PHP checks [PHP - Displaying of errors is enabled] [any] [] f:$php.ini -> r:^display_errors = On; # PHP checks - consider open_basedir && disable_functions ## Looking for common web exploits (might indicate that you are owned). ## Using http://dcid.me/blog/logsamples/webattacks_links as a reference. #[Web exploits - Possible compromise] [any] [] #d:$web_dirs -> .txt$ -> r:^ ^.yop$; [Web exploits (uncommon file name inside htdocs) - Possible compromise {PCI_DSS: 6.5, 6.6, 11.4}] [any] [] d:$web_dirs -> ^id$; [Web exploits (uncommon file name inside htdocs) - Possible compromise {PCI_DSS: 6.5, 6.6, 11.4}] [any] [] d:$web_dirs -> ^.ssh$; [Web exploits (uncommon file name inside htdocs) - Possible compromise {PCI_DSS: 6.5, 6.6, 11.4}] [any] [] d:$web_dirs -> ^...$; [Web exploits (uncommon file name inside htdocs) - Possible compromise {PCI_DSS: 6.5, 6.6, 11.4}] [any] [] d:$web_dirs -> ^.shell$; ## Looking for outdated Web applications ## Taken from http://sucuri.net/latest-versions [Web vulnerability - Outdated WordPress installation {PCI_DSS: 6.5, 6.6, 11.4}] [any] [http://sucuri.net/latest-versions] d:$web_dirs -> ^version.php$ -> r:^\.wp_version && >:$wp_version = '4.4.2'; [Web vulnerability - Outdated Joomla installation {PCI_DSS: 6.5, 6.6, 11.4}] [any] [http://sucuri.net/latest-versions] d:$web_dirs -> ^version.php$ -> r:var \.RELEASE && r:'3.4.8'; [Web vulnerability - Outdated osCommerce (v2.2) installation {PCI_DSS: 6.5, 6.6, 11.4}] [any] [http://sucuri.net/latest-versions] d:$web_dirs -> ^application_top.php$ -> r:'osCommerce 2.2-; ## Looking for known backdoors [Web vulnerability - Backdoors / Web based malware found - eval(base64_decode) {PCI_DSS: 6.5, 6.6, 11.4}] [any] [] d:$web_dirs -> .php$ -> r:eval\(base64_decode\(\paWYo; [Web vulnerability - Backdoors / Web based malware found - eval(base64_decode(POST)) {PCI_DSS: 6.5, 6.6, 11.4}] [any] [] d:$web_dirs -> .php$ -> r:eval\(base64_decode\(\S_POST; [Web vulnerability - .htaccess file compromised {PCI_DSS: 6.5, 6.6, 11.4}] [any] [http://blog.sucuri.net/2011/05/understanding-htaccess-attacks-part-1.html] d:$web_dirs -> ^.htaccess$ -> r:RewriteCond \S+HTTP_REFERERS \S+google; [Web vulnerability - .htaccess file compromised - auto append {PCI_DSS: 6.5, 6.6, 11.4}] [any] [http://blog.sucuri.net/2011/05/understanding-htaccess-attacks-part-1.html] d:$web_dirs -> ^.htaccess$ -> r:php_value auto_append_file; !3285 system_audit_ssh.txt # SSH Rootcheck # # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # $sshd_file=/etc/ssh/sshd_config; # Listen PORT != 22 # The option Port specifies on which port number ssh daemon listens for incoming connections. # Changing the default port you may reduce the number of successful attacks from zombie bots, an attacker or bot doing port-scanning can quickly identify your SSH port. [SSH Hardening - 1: Port 22 {PCI_DSS: 2.2.4}] [any] [1] f:$sshd_file -> !r:^# && r:Port\.+22; # Protocol 2 # The Protocol parameter dictates which version of the SSH communication and encryption protocols are in use. # Version 1 of the SSH protocol has weaknesses. [SSH Hardening - 2: Protocol 1 {PCI_DSS: 2.2.4}] [any] [2] f:$sshd_file -> !r:^# && r:Protocol\.+1; # PermitRootLogin no # The option PermitRootLogin specifies whether root can log in using ssh. # If you want log in as root, you should use the option "Match" and restrict it to a few IP addresses. [SSH Hardening - 3: Root can log in] [any] [3] f:$sshd_file -> !r:^\s*PermitRootLogin\.+no; # PubkeyAuthentication yes # Access only by public key # Generally people will use weak passwords and have poor password practices. Keys are considered stronger than password. [SSH Hardening - 4: No Public Key authentication {PCI_DSS: 2.2.4}] [any] [4] f:$sshd_file -> !r:^\s*PubkeyAuthentication\.+yes; # PasswordAuthentication no # The option PasswordAuthentication specifies whether we should use password-based authentication. # Use public key authentication instead of passwords [SSH Hardening - 5: Password Authentication {PCI_DSS: 2.2.4}] [any] [5] f:$sshd_file -> !r:^\s*PasswordAuthentication\.+no; # PermitEmptyPasswords no # The option PermitEmptyPasswords specifies whether the server allows logging in to accounts with a null password # Accounts with null passwords are a bad practice. [SSH Hardening - 6: Empty passwords allowed {PCI_DSS: 2.2.4}] [any] [6] f:$sshd_file -> !r:^\s*PermitEmptyPasswords\.+no; # IgnoreRhosts yes # The option IgnoreRhosts specifies whether rhosts or shosts files should not be used in authentication. # For security reasons it is recommended to no use rhosts or shosts files for authentication. [SSH Hardening - 7: Rhost or shost used for authentication {PCI_DSS: 2.2.4}] [any] [7] f:$sshd_file -> !r:^\s*IgnoreRhosts\.+yes; # LoginGraceTime 30 # The option LoginGraceTime specifies how long in seconds after a connection request the server will wait before disconnecting if the user has not successfully logged in. # 30 seconds is the recommended time for avoiding open connections without authenticate [SSH Hardening - 8: Wrong Grace Time {PCI_DSS: 2.2.4}] [any] [8] f:$sshd_file -> !r:^\s*LoginGraceTime\s+30\s*$; # MaxAuthTries 4 # The MaxAuthTries parameter specifices the maximum number of authentication attempts permitted per connection. Once the number of failures reaches half this value, additional failures are logged. # This should be set to 4. [SSH Hardening - 9: Wrong Maximum number of authentication attempts {PCI_DSS: 2.2.4}] [any] [9] f:$sshd_file -> !r:^\s*MaxAuthTries\s+4\s*$; !5214 win_applications_rcl.txt # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Application detection - (C) 2007 Daniel B. Cid - dcid@ossec.net # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://www.gnu.org/licenses/gpl.html # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - r (registry entry) # - p (process running) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). [Chat/IM/VoIP - Skype {PCI_DSS: 10.6.1}] [any] [] f:\Program Files\Skype\Phone; f:\Documents and Settings\All Users\Documents\My Skype Pictures; f:\Documents and Settings\Skype; f:\Documents and Settings\All Users\Start Menu\Programs\Skype; r:HKLM\SOFTWARE\Skype; r:HKEY_LOCAL_MACHINE\Software\Policies\Skype; p:r:Skype.exe; [Chat/IM - Yahoo {PCI_DSS: 10.6.1}] [any] [] f:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger; r:HKLM\SOFTWARE\Yahoo; [Chat/IM - ICQ {PCI_DSS: 10.6.1}] [any] [] r:HKEY_CURRENT_USER\Software\Mirabilis\ICQ; [Chat/IM - AOL {PCI_DSS: 10.6.1}] [any] [http://www.aol.com] r:HKEY_LOCAL_MACHINE\SOFTWARE\America Online\AOL Instant Messenger; r:HKEY_CLASSES_ROOT\aim\shell\open\command; r:HKEY_CLASSES_ROOT\AIM.Protocol; r:HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-aim; f:\Program Files\AIM95; p:r:aim.exe; [Chat/IM - MSN {PCI_DSS: 10.6.1}] [any] [http://www.msn.com] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSNMessenger; r:HKEY_CURRENT_USER\SOFTWARE\Microsoft\MSNMessenger; f:\Program Files\MSN Messenger; f:\Program Files\Messenger; p:r:msnmsgr.exe; [Chat/IM - ICQ {PCI_DSS: 10.6.1}] [any] [http://www.icq.com] r:HKLM\SOFTWARE\Mirabilis\ICQ; [P2P - UTorrent {PCI_DSS: 10.6.1}] [any] [] p:r:utorrent.exe; [P2P - LimeWire {PCI_DSS: 11.4}] [any] [] r:HKEY_LOCAL_MACHINE\SOFTWARE\Limewire; r:HKLM\software\microsoft\windows\currentversion\run -> limeshop; f:\Program Files\limewire; f:\Program Files\limeshop; [P2P/Adware - Kazaa {PCI_DSS: 11.4}] [any] [] f:\Program Files\kazaa; f:\Documents and Settings\All Users\Start Menu\Programs\kazaa; f:\Documents and Settings\All Users\DESKTOP\Kazaa Media Desktop.lnk; f:\Documents and Settings\All Users\DESKTOP\Kazaa Promotions.lnk; f:%WINDIR%\System32\Cd_clint.dll; f:%WINDIR%\Sysnative\Cd_clint.dll; r:HKEY_LOCAL_MACHINE\SOFTWARE\KAZAA; r:HKEY_CURRENT_USER\SOFTWARE\KAZAA; r:HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\KAZAA; # http://vil.nai.com/vil/content/v_135023.htm [Adware - RxToolBar {PCI_DSS: 11.4}] [any] [http://vil.nai.com/vil/content/v_135023.htm] r:HKEY_CURRENT_USER\Software\Infotechnics; r:HKEY_CURRENT_USER\Software\Infotechnics\RX Toolbar; r:HKEY_CURRENT_USER\Software\RX Toolbar; r:HKEY_CLASSES_ROOT\BarInfoUrl.TBInfo; r:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RX Toolbar; f:\Program Files\RXToolBar; # http://btfaq.com/serve/cache/18.html [P2P - BitTorrent {PCI_DSS: 10.6.1}] [any] [http://btfaq.com/serve/cache/18.html] f:\Program Files\BitTorrent; r:HKEY_CLASSES_ROOT\.torrent; r:HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-bittorrent; r:HKEY_CLASSES_ROOT\bittorrent; r:HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrent; # http://www.gotomypc.com [Remote Access - GoToMyPC {PCI_DSS: 10.6.1}] [any] [] f:\Program Files\Citrix\GoToMyPC; f:\Program Files\Citrix\GoToMyPC\g2svc.exe; f:\Program Files\Citrix\GoToMyPC\g2comm.exe; f:\Program Files\expertcity\GoToMyPC; r:HKLM\software\microsoft\windows\currentversion\run -> gotomypc; r:HKEY_LOCAL_MACHINE\software\citrix\gotomypc; r:HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gotomypc; p:r:g2svc.exe; p:r:g2pre.exe; [Spyware - Twain Tec Spyware {PCI_DSS: 11.4}] [any] [] r:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TwaintecDll.TwaintecDllObj.1; r:HKEY_LOCAL_MACHINE\SOFTWARE\twaintech; f:%WINDIR%\twaintec.dll; # http://www.symantec.com/security_response/writeup.jsp?docid=2004-062611-4548-99&tabid=2 [Spyware - SpyBuddy {PCI_DSS: 11.4}] [any] [] f:\Program Files\ExploreAnywhere\SpyBuddy\sb32mon.exe; f:\Program Files\ExploreAnywhere\SpyBuddy; f:\Program Files\ExploreAnywhere; f:%WINDIR%\System32\sysicept.dll; f:%WINDIR%\Sysnative\sysicept.dll; r:HKEY_LOCAL_MACHINE\Software\ExploreAnywhere Software\SpyBuddy; [Spyware - InternetOptimizer {PCI_DSS: 11.4}] [any] [] r:HKLM\SOFTWARE\Avenue Media; r:HKEY_CLASSES_ROOT\\safesurfinghelper.iebho.1; r:HKEY_CLASSES_ROOT\\safesurfinghelper.iebho; !4277 win_audit_rcl.txt # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Windows Audit - (C) 2007 Daniel B. Cid - dcid@ossec.net # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://www.gnu.org/licenses/gpl.html # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - r (registry entry) # - p (process running) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # http://technet2.microsoft.com/windowsserver/en/library/486896ba-dfa1-4850-9875-13764f749bba1033.mspx?mfr=true [Disabled Registry tools set {PCI_DSS: 10.6.1}] [any] [] r:HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools -> 1; r:HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools -> 1; # http://support.microsoft.com/kb/825750 [DCOM disabled {PCI_DSS: 10.6.1}] [any] [] r:HKEY_LOCAL_MACHINE\Software\Microsoft\OLE -> EnableDCOM -> N; # http://web.mit.edu/is/topics/windows/server/winmitedu/security.html [LM authentication allowed (weak passwords) {PCI_DSS: 10.6.1, 11.4}] [any] [] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA -> LMCompatibilityLevel -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA -> LMCompatibilityLevel -> 1; # http://research.eeye.com/html/alerts/AL20060813.html # Disabled by some Malwares (sometimes by McAfee and Symantec # security center too). [Firewall/Anti Virus notification disabled {PCI_DSS: 10.6.1}] [any] [] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> FirewallDisableNotify -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> antivirusoverride -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> firewalldisablenotify -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> firewalldisableoverride -> !0; # Checking for the microsoft firewall. [Microsoft Firewall disabled {PCI_DSS: 10.6.1, 1.4}] [all] [] r:HKEY_LOCAL_MACHINE\software\policies\microsoft\windowsfirewall\domainprofile -> enablefirewall -> 0; r:HKEY_LOCAL_MACHINE\software\policies\microsoft\windowsfirewall\standardprofile -> enablefirewall -> 0; #http://web.mit.edu/is/topics/windows/server/winmitedu/security.html [Null sessions allowed {PCI_DSS: 11.4}] [any] [] r:HKLM\System\CurrentControlSet\Control\Lsa -> RestrictAnonymous -> 0; [Error reporting disabled {PCI_DSS: 10.6.1}] [any] [http://windowsir.blogspot.com/2007/04/something-new-to-look-for.html] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting -> DoReport -> 0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting -> IncludeKernelFaults -> 0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting -> IncludeMicrosoftApps -> 0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting -> IncludeWindowsApps -> 0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting -> IncludeShutdownErrs -> 0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting -> ShowUI -> 0; # http://support.microsoft.com/default.aspx?scid=315231 [Automatic Logon enabled {PCI_DSS: 10.6.1}] [any] [http://support.microsoft.com/default.aspx?scid=315231] r:HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon -> DefaultPassword; r:HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon -> AutoAdminLogon -> 1; [Winpcap packet filter driver found {PCI_DSS: 10.6.1}] [any] [] f:%WINDIR%\System32\drivers\npf.sys; f:%WINDIR%\Sysnative\drivers\npf.sys; !7314 win_malware_rcl.txt # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Windows Malware list - (C) 2007 Daniel B. Cid - dcid@ossec.net # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://www.gnu.org/licenses/gpl.html # # [Malware name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - r (registry entry) # - p (process running) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # # Values can be preceded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # http://www.iss.net/threats/ginwui.html [Ginwui Backdoor {PCI_DSS: 11.4}] [any] [http://www.iss.net/threats/ginwui.html] f:%WINDIR%\System32\zsyhide.dll; f:%WINDIR%\Sysnative\zsyhide.dll; f:%WINDIR%\System32\zsydll.dll; f:%WINDIR%\Sysnative\zsydll.dll; r:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zsydll; r:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -> AppInit_DLLs -> r:zsyhide.dll; # http://www.symantec.com/security_response/writeup.jsp?docid=2006-081312-3302-99&tabid=2 [Wargbot Backdoor {PCI_DSS: 11.4}] [any] [] f:%WINDIR%\System32\wgareg.exe; f:%WINDIR%\Sysnative\wgareg.exe; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wgareg; # http://www.f-prot.com/virusinfo/descriptions/sober_j.html [Sober Worm {PCI_DSS: 11.4}] [any] [] f:%WINDIR%\System32\nonzipsr.noz; f:%WINDIR%\Sysnative\nonzipsr.noz; f:%WINDIR%\System32\clonzips.ssc; f:%WINDIR%\Sysnative\clonzips.ssc; f:%WINDIR%\System32\clsobern.isc; f:%WINDIR%\Sysnative\clsobern.isc; f:%WINDIR%\System32\sb2run.dii; f:%WINDIR%\Sysnative\sb2run.dii; f:%WINDIR%\System32\winsend32.dal; f:%WINDIR%\Sysnative\winsend32.dal; f:%WINDIR%\System32\winroot64.dal; f:%WINDIR%\Sysnative\winroot64.dal; f:%WINDIR%\System32\zippedsr.piz; f:%WINDIR%\Sysnative\zippedsr.piz; f:%WINDIR%\System32\winexerun.dal; f:%WINDIR%\Sysnative\winexerun.dal; f:%WINDIR%\System32\winmprot.dal; f:%WINDIR%\Sysnative\winmprot.dal; f:%WINDIR%\System32\dgssxy.yoi; f:%WINDIR%\Sysnative\dgssxy.yoi; f:%WINDIR%\System32\cvqaikxt.apk; f:%WINDIR%\Sysnative\cvqaikxt.apk; f:%WINDIR%\System32\sysmms32.lla; f:%WINDIR%\Sysnative\sysmms32.lla; f:%WINDIR%\System32\Odin-Anon.Ger; f:%WINDIR%\Sysnative\Odin-Anon.Ger; # http://www.symantec.com/security_response/writeup.jsp?docid=2005-042611-0148-99&tabid=2 [Hotword Trojan {PCI_DSS: 11.4}] [any] [] f:%WINDIR%\System32\_; f:%WINDIR%\Sysnative\_; f:%WINDIR%\System32\explore.exe; f:%WINDIR%\Sysnative\explore.exe; f:%WINDIR%\System32\ svchost.exe; f:%WINDIR%\Sysnative\ svchost.exe; f:%WINDIR%\System32\mmsystem.dlx; f:%WINDIR%\Sysnative\mmsystem.dlx; f:%WINDIR%\System32\WINDLL-ObjectsWin*.DLX; f:%WINDIR%\Sysnative\WINDLL-ObjectsWin*.DLX; f:%WINDIR%\System32\CFXP.DRV; f:%WINDIR%\Sysnative\CFXP.DRV; f:%WINDIR%\System32\CHJO.DRV; f:%WINDIR%\Sysnative\CHJO.DRV; f:%WINDIR%\System32\MMSYSTEM.DLX; f:%WINDIR%\Sysnative\MMSYSTEM.DLX; f:%WINDIR%\System32\OLECLI.DL; f:%WINDIR%\Sysnative\OLECLI.DL; [Beagle worm {PCI_DSS: 11.4}] [any] [] f:%WINDIR%\System32\winxp.exe; f:%WINDIR%\Sysnative\winxp.exe; f:%WINDIR%\System32\winxp.exeopen; f:%WINDIR%\Sysnative\winxp.exeopen; f:%WINDIR%\System32\winxp.exeopenopen; f:%WINDIR%\Sysnative\winxp.exeopenopen; f:%WINDIR%\System32\winxp.exeopenopenopen; f:%WINDIR%\Sysnative\winxp.exeopenopenopen; f:%WINDIR%\System32\winxp.exeopenopenopenopen; f:%WINDIR%\Sysnative\winxp.exeopenopenopenopen; # http://symantec.com/security_response/writeup.jsp?docid=2007-071711-3132-99 [Gpcoder Trojan {PCI_DSS: 11.4}] [any] [http://symantec.com/security_response/writeup.jsp?docid=2007-071711-3132-99] f:%WINDIR%\System32\ntos.exe; f:%WINDIR%\Sysnative\ntos.exe; f:%WINDIR%\System32\wsnpoem; f:%WINDIR%\Sysnative\wsnpoem; f:%WINDIR%\System32\wsnpoem\audio.dll; f:%WINDIR%\Sysnative\wsnpoem\audio.dll; f:%WINDIR%\System32\wsnpoem\video.dll; f:%WINDIR%\Sysnative\wsnpoem\video.dll; r:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run -> userinit -> r:ntos.exe; # [http://www.symantec.com/security_response/writeup.jsp?docid=2006-112813-0222-99&tabid=2 [Looked.BK Worm {PCI_DSS: 11.4}] [any] [] f:%WINDIR%\uninstall\rundl132.exe; f:%WINDIR%\Logo1_.exe; f:%Windir%\RichDll.dll; r:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> load -> r:rundl132.exe; [Possible Malware - Svchost running outside system32 {PCI_DSS: 11.4}] [all] [] p:r:svchost.exe && !%WINDIR%\System32\svchost.exe; f:!%WINDIR%\SysWOW64; [Possible Malware - Inetinfo running outside system32\inetsrv {PCI_DSS: 11.4}] [all] [] p:r:inetinfo.exe && !%WINDIR%\System32\inetsrv\inetinfo.exe; f:!%WINDIR%\SysWOW64; [Possible Malware - Rbot/Sdbot detected {PCI_DSS: 11.4}] [any] [] f:%Windir%\System32\rdriv.sys; f:%Windir%\Sysnative\rdriv.sys; f:%Windir%\lsass.exe; [Possible Malware File {PCI_DSS: 11.4}] [any] [] f:%WINDIR%\utorrent.exe; f:%WINDIR%\System32\utorrent.exe; f:%WINDIR%\Sysnative\utorrent.exe; f:%WINDIR%\System32\Files32.vxd; f:%WINDIR%\Sysnative\Files32.vxd; # Modified /etc/hosts entries # Idea taken from: # http://blog.tenablesecurity.com/2006/12/detecting_compr.html # http://www.sophos.com/security/analyses/trojbagledll.html # http://www.f-secure.com/v-descs/fantibag_b.shtml [Anti-virus site on the hosts file] [any] [] f:%WINDIR%\System32\Drivers\etc\HOSTS -> r:avp.ch|avp.ru|nai.com; f:%WINDIR%\Sysnative\Drivers\etc\HOSTS -> r:avp.ch|avp.ru|nai.com; f:%WINDIR%\System32\Drivers\etc\HOSTS -> r:awaps.net|ca.com|mcafee.com; f:%WINDIR%\Sysnative\Drivers\etc\HOSTS -> r:awaps.net|ca.com|mcafee.com; f:%WINDIR%\System32\Drivers\etc\HOSTS -> r:microsoft.com|f-secure.com; f:%WINDIR%\Sysnative\Drivers\etc\HOSTS -> r:microsoft.com|f-secure.com; f:%WINDIR%\System32\Drivers\etc\HOSTS -> r:sophos.com|symantec.com; f:%WINDIR%\Sysnative\Drivers\etc\HOSTS -> r:sophos.com|symantec.com; f:%WINDIR%\System32\Drivers\etc\HOSTS -> r:my-etrust.com|viruslist.ru; f:%WINDIR%\Sysnative\Drivers\etc\HOSTS -> r:my-etrust.com|viruslist.ru; f:%WINDIR%\System32\Drivers\etc\HOSTS -> r:networkassociates.com; f:%WINDIR%\Sysnative\Drivers\etc\HOSTS -> r:networkassociates.com; f:%WINDIR%\System32\Drivers\etc\HOSTS -> r:kaspersky|grisoft.com; f:%WINDIR%\Sysnative\Drivers\etc\HOSTS -> r:kaspersky|grisoft.com; f:%WINDIR%\System32\Drivers\etc\HOSTS -> r:symantecliveupdate.com; f:%WINDIR%\Sysnative\Drivers\etc\HOSTS -> r:symantecliveupdate.com; f:%WINDIR%\System32\Drivers\etc\HOSTS -> r:clamav.net|bitdefender.com; f:%WINDIR%\Sysnative\Drivers\etc\HOSTS -> r:clamav.net|bitdefender.com; f:%WINDIR%\System32\Drivers\etc\HOSTS -> r:antivirus.com|sans.org; f:%WINDIR%\Sysnative\Drivers\etc\HOSTS -> r:antivirus.com|sans.org; ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/rootkit_files.txt ================================================ # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # rootkit_files.txt, (C) Daniel B. Cid # Imported from the rootcheck project. # # Blank lines and lines starting with '#' are ignored. # # Each line must be in the following format: # file_name ! Name ::Link to it # # Files that start with an '*' will be searched in the whole system. # Bash door tmp/mcliZokhb ! Bash door ::/rootkits/bashdoor.php tmp/mclzaKmfa ! Bash door ::/rootkits/bashdoor.php # adore Worm dev/.shit/red.tgz ! Adore Worm ::/rootkits/adorew.php usr/lib/libt ! Adore Worm ::/rootkits/adorew.php usr/bin/adore ! Adore Worm ::/rootkits/adorew.php */klogd.o ! Adore Worm ::/rootkits/adorew.php */red.tar ! Adore Worm ::/rootkits/adorew.php # T.R.K rootkit usr/bin/soucemask ! TRK rootkit ::/rootkits/trk.php usr/bin/sourcemask ! TRK rootkit ::/rootkits/trk.php # 55.808.A Worm tmp/.../a ! 55808.A Worm :: tmp/.../r ! 55808.A Worm :: # Volc Rootkit usr/lib/volc ! Volc Rootkit :: usr/bin/volc ! Volc Rootkit :: # Illogic lib/security/.config ! Illogic Rootkit ::rootkits/illogic.php usr/bin/sia ! Illogic Rootkit ::rootkits/illogic.php etc/ld.so.hash ! Illogic Rootkit ::rootkits/illogic.php */uconf.inv ! Illogic Rootkit ::rootkits/illogic.php # T0rnkit usr/src/.puta ! t0rn Rootkit ::rootkits/torn.php usr/info/.t0rn ! t0rn Rootkit ::rootkits/torn.php lib/ldlib.tk ! t0rn Rootkit ::rootkits/torn.php etc/ttyhash ! t0rn Rootkit ::rootkits/torn.php sbin/xlogin ! t0rn Rootkit ::rootkits/torn.php */ldlib.tk ! t0rn Rootkit ::rootkits/torn.php */.t0rn ! t0rn Rootkit ::rootkits/torn.php */.puta ! t0rn Rootkit ::rootkits/torn.php # RK17 bin/rtty ! RK17 :: bin/squit ! RK17 :: sbin/pback ! RK17 :: proc/kset ! RK17 :: usr/src/linux/modules/autod.o ! RK17 :: usr/src/linux/modules/soundx.o ! RK17 :: # Ramen Worm usr/lib/ldlibps.so ! Ramen Worm ::rootkits/ramen.php usr/lib/ldlibns.so ! Ramen Worm ::rootkits/ramen.php usr/lib/ldliblogin.so ! Ramen Worm ::rootkits/ramen.php usr/src/.poop ! Ramen Worm ::rootkits/ramen.php tmp/ramen.tgz ! Ramen Worm ::rootkits/ramen.php etc/xinetd.d/asp ! Ramen Worm ::rootkits/ramen.php # Sadmind/IIS Worm dev/cuc ! Sadmind/IIS Worm :: # Monkit lib/defs ! Monkit :: usr/lib/libpikapp.a ! Monkit found :: # RSHA usr/bin/kr4p ! RSHA :: usr/bin/n3tstat ! RSHA :: usr/bin/chsh2 ! RSHA :: usr/bin/slice2 ! RSHA :: etc/rc.d/rsha ! RSHA :: # ShitC worm bin/home ! ShitC :: sbin/home ! ShitC :: usr/sbin/in.slogind ! ShitC :: # Omega Worm dev/chr ! Omega Worm :: # rh-sharpe bin/.ps ! Rh-Sharpe :: usr/bin/cleaner ! Rh-Sharpe :: usr/bin/slice ! Rh-Sharpe :: usr/bin/vadim ! Rh-Sharpe :: usr/bin/.ps ! Rh-Sharpe :: bin/.lpstree ! Rh-Sharpe :: usr/bin/.lpstree ! Rh-Sharpe :: usr/bin/lnetstat ! Rh-Sharpe :: bin/lnetstat ! Rh-Sharpe :: usr/bin/ldu ! Rh-Sharpe :: bin/ldu ! Rh-Sharpe :: usr/bin/lkillall ! Rh-Sharpe :: bin/lkillall ! Rh-Sharpe :: usr/include/rpcsvc/du ! Rh-Sharpe :: # Maniac RK usr/bin/mailrc ! Maniac RK :: # Showtee / Romanian usr/lib/.egcs ! Showtee :: usr/lib/.wormie ! Showtee :: usr/lib/.kinetic ! Showtee :: usr/lib/liblog.o ! Showtee :: usr/include/addr.h ! Showtee / Romanian rootkit :: usr/include/cron.h ! Showtee :: usr/include/file.h ! Showtee / Romanian rootkit :: usr/include/syslogs.h ! Showtee / Romanian rootkit :: usr/include/proc.h ! Showtee / Romanian rootkit :: usr/include/chk.h ! Showtee :: usr/sbin/initdl ! Romanian rootkit :: usr/sbin/xntps ! Romanian rootkit :: # Optickit usr/bin/xchk ! Optickit :: usr/bin/xsf ! Optickit :: # LDP worm dev/.kork ! LDP Worm :: bin/.login ! LDP Worm :: bin/.ps ! LDP Worm :: # Telekit dev/hda06 ! TeLeKit trojan :: usr/info/libc1.so ! TeleKit trojan :: # Tribe bot dev/wd4 ! Tribe bot :: # LRK dev/ida/.inet ! LRK rootkit ::rootkits/lrk.php */bindshell ! LRK rootkit ::rootkits/lrk.php # Adore Rootkit etc/bin/ava ! Adore Rootkit :: etc/sbin/ava ! Adore Rootkit :: # Slapper tmp/.bugtraq ! Slapper installed :: tmp/.bugtraq.c ! Slapper installed :: tmp/.cinik ! Slapper installed :: tmp/.b ! Slapper installed :: tmp/httpd ! Slapper installed :: tmp./update ! Slapper installed :: tmp/.unlock ! Slapper installed :: tmp/.font-unix/.cinik ! Slapper installed :: tmp/.cinik ! Slapper installed :: # Scalper tmp/.uua ! Scalper installed :: tmp/.a ! Scalper installed :: # Knark proc/knark ! Knark Installed ::rootkits/knark.php dev/.pizda ! Knark Installed ::rootkits/knark.php dev/.pula ! Knark Installed ::rootkits/knark.php dev/.pula ! Knark Installed ::rootkits/knark.php */taskhack ! Knark Installed ::rootkits/knark.php */rootme ! Knark Installed ::rootkits/knark.php */nethide ! Knark Installed ::rootkits/knark.php */hidef ! Knark Installed ::rootkits/knark.php */ered ! Knark Installed ::rootkits/knark.php # Lion worm dev/.lib ! Lion Worm ::rootkits/lion.php dev/.lib/1iOn.sh ! Lion Worm ::rootkits/lion.php bin/mjy ! Lion Worm ::rootkits/lion.php bin/in.telnetd ! Lion Worm ::rootkits/lion.php usr/info/torn ! Lion Worm ::rootkits/lion.php */1iOn\.sh ! Lion Worm ::rootkits/lion.php # Bobkit usr/include/.../ ! Bobkit Rootkit ::rootkits/bobkit.php usr/lib/.../ ! Bobkit Rootkit ::rootkits/bobkit.php usr/sbin/.../ ! Bobkit Rootkit ::rootkits/bobkit.php usr/bin/ntpsx ! Bobkit Rootkit ::rootkits/bobkit.php tmp/.bkp ! Bobkit Rootkit ::rootkits/bobkit.php usr/lib/.bkit- ! Bobkit Rootkit ::rootkits/bobkit.php */bkit- ! Bobkit Rootkit ::rootkits/bobkit.php # Hidrootkit var/lib/games/.k ! Hidr00tkit :: # Ark dev/ptyxx ! Ark rootkit :: # Mithra Rootkit usr/lib/locale/uboot ! Mithra`s rootkit :: # Optickit usr/bin/xsf ! OpticKit :: usr/bin/xchk ! OpticKit :: # LOC rookit tmp/xp ! LOC rookit :: tmp/kidd0.c ! LOC rookit :: tmp/kidd0 ! LOC rookit :: # TC2 worm usr/info/.tc2k ! TC2 Worm :: usr/bin/util ! TC2 Worm :: usr/sbin/initcheck ! TC2 Worm :: usr/sbin/ldb ! TC2 Worm :: # Anonoiyng rootkit usr/sbin/mech ! Anonoiyng rootkit :: usr/sbin/kswapd ! Anonoiyng rootkit :: # SuckIt lib/.x ! SuckIt rootkit :: */hide.log ! Suckit rootkit :: lib/sk ! SuckIT rootkit :: # Beastkit usr/local/bin/bin ! Beastkit rootkit ::rootkits/beastkit.php usr/man/.man10 ! Beastkit rootkit ::rootkits/beastkit.php usr/sbin/arobia ! Beastkit rootkit ::rootkits/beastkit.php usr/lib/elm/arobia ! Beastkit rootkit ::rootkits/beastkit.php usr/local/bin/.../bktd ! Beastkit rootkit ::rootkits/beastkit.php # Tuxkit dev/tux ! Tuxkit rootkit ::rootkits/Tuxkit.php usr/bin/xsf ! Tuxkit rootkit ::rootkits/Tuxkit.php usr/bin/xchk ! Tuxkit rootkit ::rootkits/Tuxkit.php */.file ! Tuxkit rootkit ::rootkits/Tuxkit.php */.addr ! Tuxkit rootkit ::rootkits/Tuxkit.php # Old rootkits usr/include/rpc/ ../kit ! Old rootkits ::rootkits/Old.php usr/include/rpc/ ../kit2 ! Old rootkits ::rootkits/Old.php usr/doc/.sl ! Old rootkits ::rootkits/Old.php usr/doc/.sp ! Old rootkits ::rootkits/Old.php usr/doc/.statnet ! Old rootkits ::rootkits/Old.php usr/doc/.logdsys ! Old rootkits ::rootkits/Old.php usr/doc/.dpct ! Old rootkits ::rootkits/Old.php usr/doc/.gifnocfi ! Old rootkits ::rootkits/Old.php usr/doc/.dnif ! Old rootkits ::rootkits/Old.php usr/doc/.nigol ! Old rootkits ::rootkits/Old.php # Kenga3 rootkit usr/include/. . ! Kenga3 rootkit # ESRK rootkit usr/lib/tcl5.3 ! ESRK rootkit # Fu rootkit sbin/xc ! Fu rootkit usr/include/ivtype.h ! Fu rootkit bin/.lib ! Fu rootkit # ShKit rootkit lib/security/.config ! ShKit rootkit etc/ld.so.hash ! ShKit rootkit # AjaKit rootkit lib/.ligh.gh ! AjaKit rootkit lib/.libgh.gh ! AjaKit rootkit lib/.libgh-gh ! AjaKit rootkit dev/tux ! AjaKit rootkit dev/tux/.proc ! AjaKit rootkit dev/tux/.file ! AjaKit rootkit # zaRwT rootkit bin/imin ! zaRwT rootkit bin/imout ! zaRwT rootkit # Madalin rootkit usr/include/icekey.h ! Madalin rootkit usr/include/iceconf.h ! Madalin rootkit usr/include/iceseed.h ! Madalin rootkit # shv5 rootkit XXX http://www.askaboutskating.com/forum/.../shv5/setup lib/libsh.so ! shv5 rootkit usr/lib/libsh ! shv5 rootkit # BMBL rootkit (http://www.giac.com/practical/GSEC/Steve_Terrell_GSEC.pdf) etc/.bmbl ! BMBL rootkit etc/.bmbl/sk ! BMBL rootkit # rootedoor rootkit */rootedoor ! Rootedoor rootkit # 0vason rootkit */ovas0n ! ovas0n rootkit ::/rootkits/ovason.php */ovason ! ovas0n rootkit ::/rootkits/ovason.php # Rpimp reverse telnet */rpimp ! rpv21 (Reverse Pimpage)::/rootkits/rpimp.php # Cback Linux worm tmp/cback ! cback worm ::/rootkits/cback.php tmp/derfiq ! cback worm ::/rootkits/cback.php # aPa Kit (from rkhunter) usr/share/.aPa ! Apa Kit # enye-sec Rootkit etc/.enyelkmHIDE^IT.ko ! enye-sec Rootkit ::/rootkits/enye-sec.php # Override Rootkit dev/grid-hide-pid- ! Override rootkit ::/rootkits/override.php dev/grid-unhide-pid- ! Override rootkit ::/rootkits/override.php dev/grid-show-pids ! Override rootkit ::/rootkits/override.php dev/grid-hide-port- ! Override rootkit ::/rootkits/override.php dev/grid-unhide-port- ! Override rootkit ::/rootkits/override.php # PHALANX rootkit usr/share/.home* ! PHALANX rootkit :: usr/share/.home*/tty ! PHALANX rootkit :: etc/host.ph1 ! PHALANX rootkit :: bin/host.ph1 ! PHALANX rootkit :: # ZK rootkit (http://honeyblog.org/junkyard/reports/redhat-compromise2.pdf) # and from chkrootkit usr/share/.zk ! ZK rootkit :: usr/share/.zk/zk ! ZK rootkit :: etc/1ssue.net ! ZK rootkit :: usr/X11R6/.zk ! ZK rootkit :: usr/X11R6/.zk/xfs ! ZK rootkit :: usr/X11R6/.zk/echo ! ZK rootkit :: etc/sysconfig/console/load.zk ! ZK rootkit :: # Public sniffers */.linux-sniff ! Sniffer log :: */sniff-l0g ! Sniffer log :: */core_$ ! Sniffer log :: */tcp.log ! Sniffer log :: */chipsul ! Sniffer log :: */beshina ! Sniffer log :: */.owned$ | Sniffer log :: # Solaris worm - # http://blogs.sun.com/security/entry/solaris_in_telnetd_worm_seen var/adm/.profile ! Solaris Worm :: var/spool/lp/.profile ! Solaris Worm :: var/adm/sa/.adm ! Solaris Worm :: var/spool/lp/admins/.lp ! Solaris Worm :: # Suspicious files etc/rc.d/init.d/rc.modules ! Suspicious file ::rootkits/Suspicious.php lib/ldd.so ! Suspicious file ::rootkits/Suspicious.php usr/man/muie ! Suspicious file ::rootkits/Suspicious.php usr/X11R6/include/pain ! Suspicious file ::rootkits/Suspicious.php usr/bin/sourcemask ! Suspicious file ::rootkits/Suspicious.php usr/bin/ras2xm ! Suspicious file ::rootkits/Suspicious.php usr/bin/ddc ! Suspicious file ::rootkits/Suspicious.php usr/bin/jdc ! Suspicious file ::rootkits/Suspicious.php usr/sbin/in.telnet ! Suspicious file ::rootkits/Suspicious.php sbin/vobiscum ! Suspicious file ::rootkits/Suspicious.php usr/sbin/jcd ! Suspicious file ::rootkits/Suspicious.php usr/sbin/atd2 ! Suspicious file ::rootkits/Suspicious.php usr/bin/ishit ! Suspicious file ::rootkits/Suspicious.php usr/bin/.etc ! Suspicious file ::rootkits/Suspicious.php usr/bin/xstat ! Suspicious file ::rootkits/Suspicious.php var/run/.tmp ! Suspicious file ::rootkits/Suspicious.php usr/man/man1/lib/.lib ! Suspicious file ::rootkits/Suspicious.php usr/man/man2/.man8 ! Suspicious file ::rootkits/Suspicious.php var/run/.pid ! Suspicious file ::rootkits/Suspicious.php lib/.so ! Suspicious file ::rootkits/Suspicious.php lib/.fx ! Suspicious file ::rootkits/Suspicious.php lib/lblip.tk ! Suspicious file ::rootkits/Suspicious.php usr/lib/.fx ! Suspicious file ::rootkits/Suspicious.php var/local/.lpd ! Suspicious file ::rootkits/Suspicious.php dev/rd/cdb ! Suspicious file ::rootkits/Suspicious.php dev/.rd/ ! Suspicious file ::rootkits/Suspicious.php usr/lib/pt07 ! Suspicious file ::rootkits/Suspicious.php usr/bin/atm ! Suspicious file ::rootkits/Suspicious.php tmp/.cheese ! Suspicious file ::rootkits/Suspicious.php dev/.arctic ! Suspicious file ::rootkits/Suspicious.php dev/.xman ! Suspicious file ::rootkits/Suspicious.php dev/.golf ! Suspicious file ::rootkits/Suspicious.php dev/srd0 ! Suspicious file ::rootkits/Suspicious.php dev/ptyzx ! Suspicious file ::rootkits/Suspicious.php dev/ptyzg ! Suspicious file ::rootkits/Suspicious.php dev/xdf1 ! Suspicious file ::rootkits/Suspicious.php dev/ttyop ! Suspicious file ::rootkits/Suspicious.php dev/ttyof ! Suspicious file ::rootkits/Suspicious.php dev/hd7 ! Suspicious file ::rootkits/Suspicious.php dev/hdx1 ! Suspicious file ::rootkits/Suspicious.php dev/hdx2 ! Suspicious file ::rootkits/Suspicious.php dev/xdf2 ! Suspicious file ::rootkits/Suspicious.php dev/ptyp ! Suspicious file ::rootkits/Suspicious.php dev/ptyr ! Suspicious file ::rootkits/Suspicious.php sbin/pback ! Suspicious file ::rootkits/Suspicious.php usr/man/man3/psid ! Suspicious file ::rootkits/Suspicious.php proc/kset ! Suspicious file ::rootkits/Suspicious.php usr/bin/gib ! Suspicious file ::rootkits/Suspicious.php usr/bin/snick ! Suspicious file ::rootkits/Suspicious.php usr/bin/kfl ! Suspicious file ::rootkits/Suspicious.php tmp/.dump ! Suspicious file ::rootkits/Suspicious.php var/.x ! Suspicious file ::rootkits/Suspicious.php var/.x/psotnic ! Suspicious file ::rootkits/Suspicious.php */.log ! Suspicious file ::rootkits/Suspicious.php */ecmf ! Suspicious file ::rootkits/Suspicious.php */mirkforce ! Suspicious file ::rootkits/Suspicious.php */mfclean ! Suspicious file ::rootkits/Suspicious.php ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/rootkit_trojans.txt ================================================ # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # rootkit_trojans.txt, (C) Daniel B. Cid # # Imported from the rootcheck project. # Some entries taken from the chkrootkit project. # # Blank lines and lines starting with '#' are ignored. # # Each line must be in the following format: # file_name !string_to_search!Description # Common binaries and public trojan entries ls !bash|^/bin/sh|dev/[^clu]|\.tmp/lsfile|duarawkz|/prof|/security|file\.h! env !bash|^/bin/sh|file\.h|proc\.h|/dev/|^/bin/.*sh! echo !bash|^/bin/sh|file\.h|proc\.h|/dev/[^cl]|^/bin/.*sh! chown !bash|^/bin/sh|file\.h|proc\.h|/dev/[^cl]|^/bin/.*sh! chmod !bash|^/bin/sh|file\.h|proc\.h|/dev/[^cl]|^/bin/.*sh! chgrp !bash|^/bin/sh|file\.h|proc\.h|/dev/[^cl]|^/bin/.*sh! cat !bash|^/bin/sh|file\.h|proc\.h|/dev/[^cl]|^/bin/.*sh! bash !proc\.h|/dev/[0-9]|/dev/[hijkz]! sh !proc\.h|/dev/[0-9]|/dev/[hijkz]! uname !bash|^/bin/sh|file\.h|proc\.h|^/bin/.*sh! date !bash|^/bin/sh|file\.h|proc\.h|/dev/[^cln]|^/bin/.*sh! du !w0rm|/prof|file\.h! df !bash|^/bin/sh|file\.h|proc\.h|/dev/[^clurdv]|^/bin/.*sh! login !elite|SucKIT|xlogin|vejeta|porcao|lets_log|sukasuk! passwd !bash|file\.h|proc\.h|/dev/ttyo|/dev/[A-Z]|/dev/[b-s,uvxz]! mingetty !bash|Dimensioni|pacchetto! chfn !bash|file\.h|proc\.h|/dev/ttyo|/dev/[A-Z]|/dev/[a-s,uvxz]! chsh !bash|file\.h|proc\.h|/dev/ttyo|/dev/[A-Z]|/dev/[a-s,uvxz]! mail !bash|file\.h|proc\.h|/dev/[^nu]! su !/dev/[d-s,abuvxz]|/dev/[A-D]|/dev/[F-Z]|/dev/[0-9]|satori|vejeta|conf\.inv! sudo !satori|vejeta|conf\.inv! crond !/dev/[^nt]|bash! gpm !bash|mingetty! ifconfig !bash|^/bin/sh|/dev/tux|session.null|/dev/[^cludisopt]! diff !bash|^/bin/sh|file\.h|proc\.h|/dev/[^n]|^/bin/.*sh! md5sum !bash|^/bin/sh|file\.h|proc\.h|/dev/|^/bin/.*sh! hdparm !bash|/dev/ida! ldd !/dev/[^n]|proc\.h|libshow.so|libproc.a! # Trojan entries for troubleshooting binaries grep !bash|givemer! egrep !bash|^/bin/sh|file\.h|proc\.h|/dev/|^/bin/.*sh! find !bash|/dev/[^tnlcs]|/prof|/home/virus|file\.h! lsof !/prof|/dev/[^apcmnfk]|proc\.h|bash|^/bin/sh|/dev/ttyo|/dev/ttyp! netstat !bash|^/bin/sh|/dev/[^aik]|/prof|grep|addr\.h! top !/dev/[^npi3st%]|proc\.h|/prof/! ps !/dev/ttyo|\.1proc|proc\.h|bash|^/bin/sh! tcpdump !bash|^/bin/sh|file\.h|proc\.h|/dev/[^bu]|^/bin/.*sh! pidof !bash|^/bin/sh|file\.h|proc\.h|/dev/[^f]|^/bin/.*sh! fuser !bash|^/bin/sh|file\.h|proc\.h|/dev/[a-dtz]|^/bin/.*sh! w !uname -a|proc\.h|bash! # Trojan entries for common daemons sendmail !bash|fuck! named !bash|blah|/dev/[0-9]|^/bin/sh! inetd !bash|^/bin/sh|file\.h|proc\.h|/dev/[^un%]|^/bin/.*sh! apachectl !bash|^/bin/sh|file\.h|proc\.h|/dev/[^n]|^/bin/.*sh! sshd !check_global_passwd|panasonic|satori|vejeta|\.ark|/hash\.zk|bash|/dev[a-s]|/dev[A-Z]/! syslogd !bash|/usr/lib/pt07|/dev/[^cln]]|syslogs\.h|proc\.h! xinetd !bash|file\.h|proc\.h! in.telnetd !cterm100|vt350|VT100|ansi-term|bash|^/bin/sh|/dev[A-R]|/dev/[a-z]/! in.fingerd !bash|^/bin/sh|cterm100|/dev/! identd !bash|^/bin/sh|file\.h|proc\.h|/dev/[^n]|^/bin/.*sh! init !bash|/dev/h tcpd !bash|proc\.h|p1r0c4|hack|/dev/[^n]! rlogin !p1r0c4|r00t|bash|/dev/[^nt]! # Kill trojan killall !/dev/[^t%]|proc\.h|bash|tmp! kill !/dev/[ab,d-k,m-z]|/dev/[F-Z]|/dev/[A-D]|/dev/[0-9]|proc\.h|bash|tmp! # Rootkit entries /etc/rc.d/rc.sysinit !enyelkmHIDE! enye-sec Rootkit # ZK rootkit (http://honeyblog.org/junkyard/reports/redhat-compromise2.pdf) /etc/sysconfig/console/load.zk !/bin/sh! ZK rootkit /etc/sysconfig/console/load.zk !usr/bin/run! ZK rootkit # Modified /etc/hosts entries # Idea taken from: # http://blog.tenablesecurity.com/2006/12/detecting_compr.html # http://www.sophos.com/security/analyses/trojbagledll.html # http://www.f-secure.com/v-descs/fantibag_b.shtml /etc/hosts !^[^#]*avp\.ch!Anti-virus site on the hosts file /etc/hosts !^[^#]*avp\.ru!Anti-virus site on the hosts file /etc/hosts !^[^#]*awaps\.net! Anti-virus site on the hosts file /etc/hosts !^[^#]*ca\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*mcafee\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*microsoft\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*f-secure\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*sophos\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*symantec\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*my-etrust\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*nai\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*networkassociates\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*viruslist\.ru! Anti-virus site on the hosts file /etc/hosts !^[^#]*kaspersky! Anti-virus site on the hosts file /etc/hosts !^[^#]*symantecliveupdate\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*grisoft\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*clamav\.net! Anti-virus site on the hosts file /etc/hosts !^[^#]*bitdefender\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*antivirus\.com! Anti-virus site on the hosts file /etc/hosts !^[^#]*sans\.org! Security site on the hosts file ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/system_audit_rcl.txt ================================================ # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Linux Audit - (C) 2007 Daniel B. Cid - dcid@ossec.net # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://www.gnu.org/licenses/gpl.html # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - p (process running) # - d (any file inside the directory) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). $php.ini=/etc/php.ini,/var/www/conf/php.ini,/etc/php5/apache2/php.ini; $web_dirs=/var/www,/var/htdocs,/home/httpd,/usr/local/apache,/usr/local/apache2,/usr/local/www; # PHP checks [PHP - Register globals are enabled] [any] [] f:$php.ini -> r:^register_globals = On; # PHP checks [PHP - Expose PHP is enabled] [any] [] f:$php.ini -> r:^expose_php = On; # PHP checks [PHP - Allow URL fopen is enabled] [any] [] f:$php.ini -> r:^allow_url_fopen = On; # PHP checks [PHP - Displaying of errors is enabled] [any] [] f:$php.ini -> r:^display_errors = On; # PHP checks - consider open_basedir && disable_functions ## Looking for common web exploits (might indicate that you are owned). ## Using http://dcid.me/blog/logsamples/webattacks_links as a reference. #[Web exploits - Possible compromise] [any] [] #d:$web_dirs -> .txt$ -> r:^ ^.yop$; [Web exploits (uncommon file name inside htdocs) - Possible compromise {PCI_DSS: 6.5, 6.6, 11.4}] [any] [] d:$web_dirs -> ^id$; [Web exploits (uncommon file name inside htdocs) - Possible compromise {PCI_DSS: 6.5, 6.6, 11.4}] [any] [] d:$web_dirs -> ^.ssh$; [Web exploits (uncommon file name inside htdocs) - Possible compromise {PCI_DSS: 6.5, 6.6, 11.4}] [any] [] d:$web_dirs -> ^...$; [Web exploits (uncommon file name inside htdocs) - Possible compromise {PCI_DSS: 6.5, 6.6, 11.4}] [any] [] d:$web_dirs -> ^.shell$; ## Looking for outdated Web applications ## Taken from http://sucuri.net/latest-versions [Web vulnerability - Outdated WordPress installation {PCI_DSS: 6.5, 6.6, 11.4}] [any] [http://sucuri.net/latest-versions] d:$web_dirs -> ^version.php$ -> r:^\.wp_version && >:$wp_version = '4.4.2'; [Web vulnerability - Outdated Joomla installation {PCI_DSS: 6.5, 6.6, 11.4}] [any] [http://sucuri.net/latest-versions] d:$web_dirs -> ^version.php$ -> r:var \.RELEASE && r:'3.4.8'; [Web vulnerability - Outdated osCommerce (v2.2) installation {PCI_DSS: 6.5, 6.6, 11.4}] [any] [http://sucuri.net/latest-versions] d:$web_dirs -> ^application_top.php$ -> r:'osCommerce 2.2-; ## Looking for known backdoors [Web vulnerability - Backdoors / Web based malware found - eval(base64_decode) {PCI_DSS: 6.5, 6.6, 11.4}] [any] [] d:$web_dirs -> .php$ -> r:eval\(base64_decode\(\paWYo; [Web vulnerability - Backdoors / Web based malware found - eval(base64_decode(POST)) {PCI_DSS: 6.5, 6.6, 11.4}] [any] [] d:$web_dirs -> .php$ -> r:eval\(base64_decode\(\S_POST; [Web vulnerability - .htaccess file compromised {PCI_DSS: 6.5, 6.6, 11.4}] [any] [http://blog.sucuri.net/2011/05/understanding-htaccess-attacks-part-1.html] d:$web_dirs -> ^.htaccess$ -> r:RewriteCond \S+HTTP_REFERERS \S+google; [Web vulnerability - .htaccess file compromised - auto append {PCI_DSS: 6.5, 6.6, 11.4}] [any] [http://blog.sucuri.net/2011/05/understanding-htaccess-attacks-part-1.html] d:$web_dirs -> ^.htaccess$ -> r:php_value auto_append_file; ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/system_audit_ssh.txt ================================================ # SSH Rootcheck # # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # $sshd_file=/etc/ssh/sshd_config; # Listen PORT != 22 # The option Port specifies on which port number ssh daemon listens for incoming connections. # Changing the default port you may reduce the number of successful attacks from zombie bots, an attacker or bot doing port-scanning can quickly identify your SSH port. [SSH Hardening - 1: Port 22 {PCI_DSS: 2.2.4}] [any] [1] f:$sshd_file -> !r:^# && r:Port\.+22; # Protocol 2 # The Protocol parameter dictates which version of the SSH communication and encryption protocols are in use. # Version 1 of the SSH protocol has weaknesses. [SSH Hardening - 2: Protocol 1 {PCI_DSS: 2.2.4}] [any] [2] f:$sshd_file -> !r:^# && r:Protocol\.+1; # PermitRootLogin no # The option PermitRootLogin specifies whether root can log in using ssh. # If you want log in as root, you should use the option "Match" and restrict it to a few IP addresses. [SSH Hardening - 3: Root can log in] [any] [3] f:$sshd_file -> !r:^\s*PermitRootLogin\.+no; # PubkeyAuthentication yes # Access only by public key # Generally people will use weak passwords and have poor password practices. Keys are considered stronger than password. [SSH Hardening - 4: No Public Key authentication {PCI_DSS: 2.2.4}] [any] [4] f:$sshd_file -> !r:^\s*PubkeyAuthentication\.+yes; # PasswordAuthentication no # The option PasswordAuthentication specifies whether we should use password-based authentication. # Use public key authentication instead of passwords [SSH Hardening - 5: Password Authentication {PCI_DSS: 2.2.4}] [any] [5] f:$sshd_file -> !r:^\s*PasswordAuthentication\.+no; # PermitEmptyPasswords no # The option PermitEmptyPasswords specifies whether the server allows logging in to accounts with a null password # Accounts with null passwords are a bad practice. [SSH Hardening - 6: Empty passwords allowed {PCI_DSS: 2.2.4}] [any] [6] f:$sshd_file -> !r:^\s*PermitEmptyPasswords\.+no; # IgnoreRhosts yes # The option IgnoreRhosts specifies whether rhosts or shosts files should not be used in authentication. # For security reasons it is recommended to no use rhosts or shosts files for authentication. [SSH Hardening - 7: Rhost or shost used for authentication {PCI_DSS: 2.2.4}] [any] [7] f:$sshd_file -> !r:^\s*IgnoreRhosts\.+yes; # LoginGraceTime 30 # The option LoginGraceTime specifies how long in seconds after a connection request the server will wait before disconnecting if the user has not successfully logged in. # 30 seconds is the recommended time for avoiding open connections without authenticate [SSH Hardening - 8: Wrong Grace Time {PCI_DSS: 2.2.4}] [any] [8] f:$sshd_file -> !r:^\s*LoginGraceTime\s+30\s*$; # MaxAuthTries 4 # The MaxAuthTries parameter specifices the maximum number of authentication attempts permitted per connection. Once the number of failures reaches half this value, additional failures are logged. # This should be set to 4. [SSH Hardening - 9: Wrong Maximum number of authentication attempts {PCI_DSS: 2.2.4}] [any] [9] f:$sshd_file -> !r:^\s*MaxAuthTries\s+4\s*$; ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/win_applications_rcl.txt ================================================ # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Application detection - (C) 2007 Daniel B. Cid - dcid@ossec.net # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://www.gnu.org/licenses/gpl.html # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - r (registry entry) # - p (process running) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). [Chat/IM/VoIP - Skype {PCI_DSS: 10.6.1}] [any] [] f:\Program Files\Skype\Phone; f:\Documents and Settings\All Users\Documents\My Skype Pictures; f:\Documents and Settings\Skype; f:\Documents and Settings\All Users\Start Menu\Programs\Skype; r:HKLM\SOFTWARE\Skype; r:HKEY_LOCAL_MACHINE\Software\Policies\Skype; p:r:Skype.exe; [Chat/IM - Yahoo {PCI_DSS: 10.6.1}] [any] [] f:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger; r:HKLM\SOFTWARE\Yahoo; [Chat/IM - ICQ {PCI_DSS: 10.6.1}] [any] [] r:HKEY_CURRENT_USER\Software\Mirabilis\ICQ; [Chat/IM - AOL {PCI_DSS: 10.6.1}] [any] [http://www.aol.com] r:HKEY_LOCAL_MACHINE\SOFTWARE\America Online\AOL Instant Messenger; r:HKEY_CLASSES_ROOT\aim\shell\open\command; r:HKEY_CLASSES_ROOT\AIM.Protocol; r:HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-aim; f:\Program Files\AIM95; p:r:aim.exe; [Chat/IM - MSN {PCI_DSS: 10.6.1}] [any] [http://www.msn.com] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSNMessenger; r:HKEY_CURRENT_USER\SOFTWARE\Microsoft\MSNMessenger; f:\Program Files\MSN Messenger; f:\Program Files\Messenger; p:r:msnmsgr.exe; [Chat/IM - ICQ {PCI_DSS: 10.6.1}] [any] [http://www.icq.com] r:HKLM\SOFTWARE\Mirabilis\ICQ; [P2P - UTorrent {PCI_DSS: 10.6.1}] [any] [] p:r:utorrent.exe; [P2P - LimeWire {PCI_DSS: 11.4}] [any] [] r:HKEY_LOCAL_MACHINE\SOFTWARE\Limewire; r:HKLM\software\microsoft\windows\currentversion\run -> limeshop; f:\Program Files\limewire; f:\Program Files\limeshop; [P2P/Adware - Kazaa {PCI_DSS: 11.4}] [any] [] f:\Program Files\kazaa; f:\Documents and Settings\All Users\Start Menu\Programs\kazaa; f:\Documents and Settings\All Users\DESKTOP\Kazaa Media Desktop.lnk; f:\Documents and Settings\All Users\DESKTOP\Kazaa Promotions.lnk; f:%WINDIR%\System32\Cd_clint.dll; f:%WINDIR%\Sysnative\Cd_clint.dll; r:HKEY_LOCAL_MACHINE\SOFTWARE\KAZAA; r:HKEY_CURRENT_USER\SOFTWARE\KAZAA; r:HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\KAZAA; # http://vil.nai.com/vil/content/v_135023.htm [Adware - RxToolBar {PCI_DSS: 11.4}] [any] [http://vil.nai.com/vil/content/v_135023.htm] r:HKEY_CURRENT_USER\Software\Infotechnics; r:HKEY_CURRENT_USER\Software\Infotechnics\RX Toolbar; r:HKEY_CURRENT_USER\Software\RX Toolbar; r:HKEY_CLASSES_ROOT\BarInfoUrl.TBInfo; r:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RX Toolbar; f:\Program Files\RXToolBar; # http://btfaq.com/serve/cache/18.html [P2P - BitTorrent {PCI_DSS: 10.6.1}] [any] [http://btfaq.com/serve/cache/18.html] f:\Program Files\BitTorrent; r:HKEY_CLASSES_ROOT\.torrent; r:HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-bittorrent; r:HKEY_CLASSES_ROOT\bittorrent; r:HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrent; # http://www.gotomypc.com [Remote Access - GoToMyPC {PCI_DSS: 10.6.1}] [any] [] f:\Program Files\Citrix\GoToMyPC; f:\Program Files\Citrix\GoToMyPC\g2svc.exe; f:\Program Files\Citrix\GoToMyPC\g2comm.exe; f:\Program Files\expertcity\GoToMyPC; r:HKLM\software\microsoft\windows\currentversion\run -> gotomypc; r:HKEY_LOCAL_MACHINE\software\citrix\gotomypc; r:HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gotomypc; p:r:g2svc.exe; p:r:g2pre.exe; [Spyware - Twain Tec Spyware {PCI_DSS: 11.4}] [any] [] r:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TwaintecDll.TwaintecDllObj.1; r:HKEY_LOCAL_MACHINE\SOFTWARE\twaintech; f:%WINDIR%\twaintec.dll; # http://www.symantec.com/security_response/writeup.jsp?docid=2004-062611-4548-99&tabid=2 [Spyware - SpyBuddy {PCI_DSS: 11.4}] [any] [] f:\Program Files\ExploreAnywhere\SpyBuddy\sb32mon.exe; f:\Program Files\ExploreAnywhere\SpyBuddy; f:\Program Files\ExploreAnywhere; f:%WINDIR%\System32\sysicept.dll; f:%WINDIR%\Sysnative\sysicept.dll; r:HKEY_LOCAL_MACHINE\Software\ExploreAnywhere Software\SpyBuddy; [Spyware - InternetOptimizer {PCI_DSS: 11.4}] [any] [] r:HKLM\SOFTWARE\Avenue Media; r:HKEY_CLASSES_ROOT\\safesurfinghelper.iebho.1; r:HKEY_CLASSES_ROOT\\safesurfinghelper.iebho; ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/win_audit_rcl.txt ================================================ # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Windows Audit - (C) 2007 Daniel B. Cid - dcid@ossec.net # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://www.gnu.org/licenses/gpl.html # # [Application name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - r (registry entry) # - p (process running) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # Values can be preceded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # http://technet2.microsoft.com/windowsserver/en/library/486896ba-dfa1-4850-9875-13764f749bba1033.mspx?mfr=true [Disabled Registry tools set {PCI_DSS: 10.6.1}] [any] [] r:HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools -> 1; r:HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools -> 1; # http://support.microsoft.com/kb/825750 [DCOM disabled {PCI_DSS: 10.6.1}] [any] [] r:HKEY_LOCAL_MACHINE\Software\Microsoft\OLE -> EnableDCOM -> N; # http://web.mit.edu/is/topics/windows/server/winmitedu/security.html [LM authentication allowed (weak passwords) {PCI_DSS: 10.6.1, 11.4}] [any] [] r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA -> LMCompatibilityLevel -> 0; r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA -> LMCompatibilityLevel -> 1; # http://research.eeye.com/html/alerts/AL20060813.html # Disabled by some Malwares (sometimes by McAfee and Symantec # security center too). [Firewall/Anti Virus notification disabled {PCI_DSS: 10.6.1}] [any] [] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> FirewallDisableNotify -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> antivirusoverride -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> firewalldisablenotify -> !0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center -> firewalldisableoverride -> !0; # Checking for the microsoft firewall. [Microsoft Firewall disabled {PCI_DSS: 10.6.1, 1.4}] [all] [] r:HKEY_LOCAL_MACHINE\software\policies\microsoft\windowsfirewall\domainprofile -> enablefirewall -> 0; r:HKEY_LOCAL_MACHINE\software\policies\microsoft\windowsfirewall\standardprofile -> enablefirewall -> 0; #http://web.mit.edu/is/topics/windows/server/winmitedu/security.html [Null sessions allowed {PCI_DSS: 11.4}] [any] [] r:HKLM\System\CurrentControlSet\Control\Lsa -> RestrictAnonymous -> 0; [Error reporting disabled {PCI_DSS: 10.6.1}] [any] [http://windowsir.blogspot.com/2007/04/something-new-to-look-for.html] r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting -> DoReport -> 0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting -> IncludeKernelFaults -> 0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting -> IncludeMicrosoftApps -> 0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting -> IncludeWindowsApps -> 0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting -> IncludeShutdownErrs -> 0; r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting -> ShowUI -> 0; # http://support.microsoft.com/default.aspx?scid=315231 [Automatic Logon enabled {PCI_DSS: 10.6.1}] [any] [http://support.microsoft.com/default.aspx?scid=315231] r:HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon -> DefaultPassword; r:HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon -> AutoAdminLogon -> 1; [Winpcap packet filter driver found {PCI_DSS: 10.6.1}] [any] [] f:%WINDIR%\System32\drivers\npf.sys; f:%WINDIR%\Sysnative\drivers\npf.sys; ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/shared/default/win_malware_rcl.txt ================================================ # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it # and/or modify it under the terms of the GNU General Public # License (version 2) as published by the FSF - Free Software # Foundation # # OSSEC Windows Malware list - (C) 2007 Daniel B. Cid - dcid@ossec.net # # Released under the same license as OSSEC. # More details at the LICENSE file included with OSSEC or online # at: https://www.gnu.org/licenses/gpl.html # # [Malware name] [any or all] [reference] # type:; # # Type can be: # - f (for file or directory) # - r (registry entry) # - p (process running) # # Additional values: # For the registry and for directories, use "->" to look for a specific entry and another # "->" to look for the value. # Also, use " -> r:^\. -> ..." to search all files in a directory # For files, use "->" to look for a specific value in the file. # # # Values can be preceded by: =: (for equal) - default # r: (for ossec regexes) # >: (for strcmp greater) # <: (for strcmp lower) # Multiple patterns can be specified by using " && " between them. # (All of them must match for it to return true). # http://www.iss.net/threats/ginwui.html [Ginwui Backdoor {PCI_DSS: 11.4}] [any] [http://www.iss.net/threats/ginwui.html] f:%WINDIR%\System32\zsyhide.dll; f:%WINDIR%\Sysnative\zsyhide.dll; f:%WINDIR%\System32\zsydll.dll; f:%WINDIR%\Sysnative\zsydll.dll; r:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zsydll; r:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -> AppInit_DLLs -> r:zsyhide.dll; # http://www.symantec.com/security_response/writeup.jsp?docid=2006-081312-3302-99&tabid=2 [Wargbot Backdoor {PCI_DSS: 11.4}] [any] [] f:%WINDIR%\System32\wgareg.exe; f:%WINDIR%\Sysnative\wgareg.exe; r:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wgareg; # http://www.f-prot.com/virusinfo/descriptions/sober_j.html [Sober Worm {PCI_DSS: 11.4}] [any] [] f:%WINDIR%\System32\nonzipsr.noz; f:%WINDIR%\Sysnative\nonzipsr.noz; f:%WINDIR%\System32\clonzips.ssc; f:%WINDIR%\Sysnative\clonzips.ssc; f:%WINDIR%\System32\clsobern.isc; f:%WINDIR%\Sysnative\clsobern.isc; f:%WINDIR%\System32\sb2run.dii; f:%WINDIR%\Sysnative\sb2run.dii; f:%WINDIR%\System32\winsend32.dal; f:%WINDIR%\Sysnative\winsend32.dal; f:%WINDIR%\System32\winroot64.dal; f:%WINDIR%\Sysnative\winroot64.dal; f:%WINDIR%\System32\zippedsr.piz; f:%WINDIR%\Sysnative\zippedsr.piz; f:%WINDIR%\System32\winexerun.dal; f:%WINDIR%\Sysnative\winexerun.dal; f:%WINDIR%\System32\winmprot.dal; f:%WINDIR%\Sysnative\winmprot.dal; f:%WINDIR%\System32\dgssxy.yoi; f:%WINDIR%\Sysnative\dgssxy.yoi; f:%WINDIR%\System32\cvqaikxt.apk; f:%WINDIR%\Sysnative\cvqaikxt.apk; f:%WINDIR%\System32\sysmms32.lla; f:%WINDIR%\Sysnative\sysmms32.lla; f:%WINDIR%\System32\Odin-Anon.Ger; f:%WINDIR%\Sysnative\Odin-Anon.Ger; # http://www.symantec.com/security_response/writeup.jsp?docid=2005-042611-0148-99&tabid=2 [Hotword Trojan {PCI_DSS: 11.4}] [any] [] f:%WINDIR%\System32\_; f:%WINDIR%\Sysnative\_; f:%WINDIR%\System32\explore.exe; f:%WINDIR%\Sysnative\explore.exe; f:%WINDIR%\System32\ svchost.exe; f:%WINDIR%\Sysnative\ svchost.exe; f:%WINDIR%\System32\mmsystem.dlx; f:%WINDIR%\Sysnative\mmsystem.dlx; f:%WINDIR%\System32\WINDLL-ObjectsWin*.DLX; f:%WINDIR%\Sysnative\WINDLL-ObjectsWin*.DLX; f:%WINDIR%\System32\CFXP.DRV; f:%WINDIR%\Sysnative\CFXP.DRV; f:%WINDIR%\System32\CHJO.DRV; f:%WINDIR%\Sysnative\CHJO.DRV; f:%WINDIR%\System32\MMSYSTEM.DLX; f:%WINDIR%\Sysnative\MMSYSTEM.DLX; f:%WINDIR%\System32\OLECLI.DL; f:%WINDIR%\Sysnative\OLECLI.DL; [Beagle worm {PCI_DSS: 11.4}] [any] [] f:%WINDIR%\System32\winxp.exe; f:%WINDIR%\Sysnative\winxp.exe; f:%WINDIR%\System32\winxp.exeopen; f:%WINDIR%\Sysnative\winxp.exeopen; f:%WINDIR%\System32\winxp.exeopenopen; f:%WINDIR%\Sysnative\winxp.exeopenopen; f:%WINDIR%\System32\winxp.exeopenopenopen; f:%WINDIR%\Sysnative\winxp.exeopenopenopen; f:%WINDIR%\System32\winxp.exeopenopenopenopen; f:%WINDIR%\Sysnative\winxp.exeopenopenopenopen; # http://symantec.com/security_response/writeup.jsp?docid=2007-071711-3132-99 [Gpcoder Trojan {PCI_DSS: 11.4}] [any] [http://symantec.com/security_response/writeup.jsp?docid=2007-071711-3132-99] f:%WINDIR%\System32\ntos.exe; f:%WINDIR%\Sysnative\ntos.exe; f:%WINDIR%\System32\wsnpoem; f:%WINDIR%\Sysnative\wsnpoem; f:%WINDIR%\System32\wsnpoem\audio.dll; f:%WINDIR%\Sysnative\wsnpoem\audio.dll; f:%WINDIR%\System32\wsnpoem\video.dll; f:%WINDIR%\Sysnative\wsnpoem\video.dll; r:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run -> userinit -> r:ntos.exe; # [http://www.symantec.com/security_response/writeup.jsp?docid=2006-112813-0222-99&tabid=2 [Looked.BK Worm {PCI_DSS: 11.4}] [any] [] f:%WINDIR%\uninstall\rundl132.exe; f:%WINDIR%\Logo1_.exe; f:%Windir%\RichDll.dll; r:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> load -> r:rundl132.exe; [Possible Malware - Svchost running outside system32 {PCI_DSS: 11.4}] [all] [] p:r:svchost.exe && !%WINDIR%\System32\svchost.exe; f:!%WINDIR%\SysWOW64; [Possible Malware - Inetinfo running outside system32\inetsrv {PCI_DSS: 11.4}] [all] [] p:r:inetinfo.exe && !%WINDIR%\System32\inetsrv\inetinfo.exe; f:!%WINDIR%\SysWOW64; [Possible Malware - Rbot/Sdbot detected {PCI_DSS: 11.4}] [any] [] f:%Windir%\System32\rdriv.sys; f:%Windir%\Sysnative\rdriv.sys; f:%Windir%\lsass.exe; [Possible Malware File {PCI_DSS: 11.4}] [any] [] f:%WINDIR%\utorrent.exe; f:%WINDIR%\System32\utorrent.exe; f:%WINDIR%\Sysnative\utorrent.exe; f:%WINDIR%\System32\Files32.vxd; f:%WINDIR%\Sysnative\Files32.vxd; # Modified /etc/hosts entries # Idea taken from: # http://blog.tenablesecurity.com/2006/12/detecting_compr.html # http://www.sophos.com/security/analyses/trojbagledll.html # http://www.f-secure.com/v-descs/fantibag_b.shtml [Anti-virus site on the hosts file] [any] [] f:%WINDIR%\System32\Drivers\etc\HOSTS -> r:avp.ch|avp.ru|nai.com; f:%WINDIR%\Sysnative\Drivers\etc\HOSTS -> r:avp.ch|avp.ru|nai.com; f:%WINDIR%\System32\Drivers\etc\HOSTS -> r:awaps.net|ca.com|mcafee.com; f:%WINDIR%\Sysnative\Drivers\etc\HOSTS -> r:awaps.net|ca.com|mcafee.com; f:%WINDIR%\System32\Drivers\etc\HOSTS -> r:microsoft.com|f-secure.com; f:%WINDIR%\Sysnative\Drivers\etc\HOSTS -> r:microsoft.com|f-secure.com; f:%WINDIR%\System32\Drivers\etc\HOSTS -> r:sophos.com|symantec.com; f:%WINDIR%\Sysnative\Drivers\etc\HOSTS -> r:sophos.com|symantec.com; f:%WINDIR%\System32\Drivers\etc\HOSTS -> r:my-etrust.com|viruslist.ru; f:%WINDIR%\Sysnative\Drivers\etc\HOSTS -> r:my-etrust.com|viruslist.ru; f:%WINDIR%\System32\Drivers\etc\HOSTS -> r:networkassociates.com; f:%WINDIR%\Sysnative\Drivers\etc\HOSTS -> r:networkassociates.com; f:%WINDIR%\System32\Drivers\etc\HOSTS -> r:kaspersky|grisoft.com; f:%WINDIR%\Sysnative\Drivers\etc\HOSTS -> r:kaspersky|grisoft.com; f:%WINDIR%\System32\Drivers\etc\HOSTS -> r:symantecliveupdate.com; f:%WINDIR%\Sysnative\Drivers\etc\HOSTS -> r:symantecliveupdate.com; f:%WINDIR%\System32\Drivers\etc\HOSTS -> r:clamav.net|bitdefender.com; f:%WINDIR%\Sysnative\Drivers\etc\HOSTS -> r:clamav.net|bitdefender.com; f:%WINDIR%\System32\Drivers\etc\HOSTS -> r:antivirus.com|sans.org; f:%WINDIR%\Sysnative\Drivers\etc\HOSTS -> r:antivirus.com|sans.org; ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/wodle/yandex/yandex ================================================ #!/bin/sh WPYTHON_BIN="framework/python/bin/python3" SCRIPT_PATH_NAME="$0" DIR_NAME="$(cd $(dirname ${SCRIPT_PATH_NAME}); pwd -P)" SCRIPT_NAME="$(basename ${SCRIPT_PATH_NAME})" source /etc/profile.d/wazuh.sh case ${DIR_NAME} in */active-response/bin | */wodles*) if [ -z "${WAZUH_PATH}" ]; then WAZUH_PATH="$(cd ${DIR_NAME}/../..; pwd)" fi PYTHON_SCRIPT="${DIR_NAME}/${SCRIPT_NAME}.py" ;; */bin) if [ -z "${WAZUH_PATH}" ]; then WAZUH_PATH="$(cd ${DIR_NAME}/..; pwd)" fi PYTHON_SCRIPT="${WAZUH_PATH}/framework/scripts/${SCRIPT_NAME}.py" ;; */integrations) if [ -z "${WAZUH_PATH}" ]; then WAZUH_PATH="$(cd ${DIR_NAME}/..; pwd)" fi PYTHON_SCRIPT="${DIR_NAME}/${SCRIPT_NAME}.py" ;; esac ${PYTHON_SCRIPT} "$@" ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/wodle/yandex-clamav/yandex-clamav ================================================ #!/bin/sh WPYTHON_BIN="framework/python/bin/python3" SCRIPT_PATH_NAME="$0" DIR_NAME="$(cd $(dirname ${SCRIPT_PATH_NAME}); pwd -P)" SCRIPT_NAME="$(basename ${SCRIPT_PATH_NAME})" source /etc/profile.d/wazuh.sh . /etc/profile.d/wazuh.sh case ${DIR_NAME} in */active-response/bin | */wodles*) if [ -z "${WAZUH_PATH}" ]; then WAZUH_PATH="$(cd ${DIR_NAME}/../..; pwd)" fi PYTHON_SCRIPT="${DIR_NAME}/${SCRIPT_NAME}.py" ;; */bin) if [ -z "${WAZUH_PATH}" ]; then WAZUH_PATH="$(cd ${DIR_NAME}/..; pwd)" fi PYTHON_SCRIPT="${WAZUH_PATH}/framework/scripts/${SCRIPT_NAME}.py" ;; */integrations) if [ -z "${WAZUH_PATH}" ]; then WAZUH_PATH="$(cd ${DIR_NAME}/..; pwd)" fi PYTHON_SCRIPT="${DIR_NAME}/${SCRIPT_NAME}.py" ;; esac ${WAZUH_PATH}/${WPYTHON_BIN} ${PYTHON_SCRIPT} "$@" ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/files/wodle/yandex-clamav/yandex-clamav.py ================================================ #!/var/ossec/framework/python/bin/python3 import clamd import boto3 import os endpoint_url = 'https://storage.yandexcloud.net' session = boto3.session.Session() s3 = session.client( service_name='s3', endpoint_url=endpoint_url ) s3_client = session.client('s3', endpoint_url=endpoint_url) def get_buckets(): bucket_name = [] get_all_buckets = s3.list_buckets() for bucket_names in get_all_buckets['Buckets']: kwargs = {'Bucket': bucket_names['Name']} resp = s3_client.list_objects_v2(**kwargs) if resp['KeyCount'] < 1: pass else: bucket_name.append(bucket_names['Name']) return bucket_name def get_matching_s3_keys(bucket_name, prefix='', suffix=''): """ Generate the keys in an S3 bucket. :param bucket_name: Name of the S3 bucket. :param prefix: Only fetch keys that start with this prefix (optional). :param suffix: Only fetch keys that end with this suffix (optional). """ kwargs = {'Bucket': bucket_name} if isinstance(prefix, str): kwargs['Prefix'] = prefix while True: resp = s3_client.list_objects_v2(**kwargs) for obj in resp['Contents']: key = obj['Key'] if key.startswith(prefix) and key.endswith(suffix): s3_client.download_file(bucket_name, key, f"{base_directory}/{bucket_name}/{key.split('/')[-1]}") cd = clamd.ClamdUnixSocket("/var/run/clamav/clamd.ctl") cd.scan(f"{base_directory}/{bucket_name}/{key.split('/')[-1]}") os.remove(f"{base_directory}/{bucket_name}/{key.split('/')[-1]}") try: kwargs['ContinuationToken'] = resp['NextContinuationToken'] except KeyError: break if __name__ == '__main__': buckets = get_buckets() base_directory = "/tmp/scan" if not os.path.exists(base_directory): os.makedirs(base_directory) for bucket in buckets: if not os.path.exists(f"{base_directory}/{bucket}"): os.makedirs(f"{base_directory}/{bucket}") get_matching_s3_keys(bucket_name=bucket, prefix='', suffix='') ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/handlers/main.yml ================================================ --- - name: "Restart clamav-freshclam" ansible.builtin.service: name: clamav-freshclam state: restarted - name: "Restart clamav-daemon" ansible.builtin.service: name: clamav-daemon state: restarted - name: "Restart wazuh-dashboard" ansible.builtin.service: name: wazuh-dashboard state: restarted ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/tasks/main.yml ================================================ --- - name: "Update Package Cache" apt: update_cache: true - name: "Install missing packages" ansible.builtin.package: state: "present" name: "{{ item }}" with_items: "{{ packages_to_install }}" - name: "Install pip missing packages" ansible.builtin.pip: name: "{{ item }}" with_items: "{{ pip_packages_to_install }}" - name: "Download Wazuh all in one installer" ansible.builtin.get_url: url: "https://packages.wazuh.com/{{ wazuh_version }}/wazuh-install.sh" dest: "/var/wazuh-install.sh" mode: "0777" - name: "Install Wazuh all in one" ansible.builtin.shell: "/var/wazuh-install.sh -a" args: chdir: "/var" - name: "Backup installations archive from remote to local" ansible.builtin.fetch: src: "/var/wazuh-install-files.tar" dest: "." - name: "Copy ossec config" ansible.builtin.template: src: "ossec.j2" dest: "/var/ossec/etc/ossec.conf" owner: "root" group: "wazuh" backup: true - name: "Copy local_decoder.xml" ansible.builtin.copy: src: "decoders/local_decoder.xml" dest: "/var/ossec/etc/decoders/local_decoder.xml" owner: "root" group: "wazuh" backup: true - name: "Copy Wazuh rules files" ansible.builtin.copy: src: 'rules' dest: '/var/ossec/etc' owner: "root" group: "wazuh" backup: true mode: 0644 - name: "Copy shared local_internal_options" ansible.builtin.copy: src: "shared" dest: "/var/ossec/etc" owner: "root" group: "wazuh" backup: true - name: "Copy yandex wodle" ansible.builtin.copy: src: "wodle/yandex" dest: "/var/ossec/wodles" owner: "root" group: "wazuh" backup: true mode: u+rwx,g+rwx,o-rwx - name: "Copy yandex clamav wodle" ansible.builtin.copy: src: "wodle/yandex-clamav" dest: "/var/ossec/wodles" owner: "root" group: "wazuh" backup: true mode: u+rwx,g+rwx,o-rwx - name: "Download yandex woodle" ansible.builtin.get_url: url: "{{ yandex_wodle_url }}" dest: "/var/ossec/wodles/yandex/yandex.py" group: "wazuh" owner: "wazuh" mode: u+rwx,g+rwx,o-rwx - name: "Backup wazuh-install-files to /var/ossec/" ansible.builtin.copy: src: "/var/wazuh-install-files.tar" dest: "/var/ossec/wazuh-install-files.tar" remote_src: true - name: "State for wazuh-install-files.tar" stat: path: "/var/wazuh-install-files.tar" register: wazuh_install_files - name: "Clean wazuh-install-files.tar" file: path: "/var/{{ item }}" state: absent when: wazuh_install_files.stat.exists loop: - wazuh-install-files.tar - wazuh-install.sh - name: "Install ClamAV packages" ansible.builtin.package: state: "present" name: "{{ item }}" with_items: "{{ clamav_packages }}" when: use_clamav | bool - name: "Install pip packages for internal Wazuh python" ansible.builtin.pip: name: "{{ item }}" executable: "/var/ossec/framework/python/bin/pip3" with_items: "{{ wazuh_pip_packages }}" when: use_clamav | bool - name: "Start and Enable clamav-freshclam" systemd: name: clamav-freshclam state: started enabled: true daemon-reload: true when: use_clamav | bool - name: "Start and Enable clamav-daemon" systemd: name: clamav-daemon state: started enabled: true daemon-reload: true when: use_clamav | bool - name: "Check freshclam.dat" stat: path: "/var/lib/clamav/freshclam.dat" when: use_clamav | bool register: freshclam - name: "Delete freshclam.dat" file: path: "/var/lib/clamav/freshclam.dat" state: absent when: freshclam.stat.exists and use_clamav | bool - name: "Copy freshclam config" ansible.builtin.template: src: "freshclam.j2" dest: "/etc/clamav/freshclam.conf" owner: "clamav" group: "clamav" when: use_clamav | bool notify: - "Restart clamav-freshclam" - "Restart clamav-daemon" - name: "Stop clamav-freshclam" systemd: name: clamav-freshclam state: stopped enabled: true daemon-reload: true when: use_clamav | bool - name: "Update clamav" ansible.builtin.shell: freshclam when: use_clamav | bool notify: - "Restart clamav-freshclam" - "Restart clamav-daemon" - name: "Creates a cron file under /etc/cron.d for wazuh-indexer" ansible.builtin.cron: name: "check_wazuh_indexer" weekday: "*" minute: "5" hour: "*" user: root job: "/usr/bin/systemctl is-active --quiet wazuh-indexer.service || /usr/bin/systemctl start wazuh-indexer.service" cron_file: check_wazuh_idexer - name: "Remove old Wazuh plugin" become: true become_method: su become_exe: sudo su - become_flags: '-s /bin/bash' become_user: wazuh-dashboard ansible.builtin.shell: "/usr/share/wazuh-dashboard/bin/opensearch-dashboards-plugin remove wazuh" args: chdir: "/tmp" when: yandex_wazuh_app_url is defined - name: "Install Yandex Wazuh plugin" become: true become_exe: sudo su - become_user: wazuh-dashboard become_method: su become_flags: '-s /bin/bash' ansible.builtin.shell: "/usr/share/wazuh-dashboard/bin/opensearch-dashboards-plugin install {{ yandex_wazuh_app_url }}" args: chdir: "/tmp" when: yandex_wazuh_app_url is defined notify: - "Restart wazuh-dashboard" - name: "Analyzing home directory" find: paths: "/home/ubuntu" patterns: "~*" use_regex: true file_type: directory register: for_delete - name: "Cleanup home directory" file: path: "{{ item.path }}" state: absent with_items: "{{ for_delete.files }}" ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/templates/freshclam.j2 ================================================ DatabaseOwner clamav UpdateLogFile /var/log/clamav/freshclam.log LogVerbose false LogSyslog false LogFacility LOG_LOCAL6 LogFileMaxSize 0 LogRotate true LogTime true Foreground false Debug false MaxAttempts 5 DatabaseDirectory /var/lib/clamav ConnectTimeout 30 ReceiveTimeout 0 TestDatabases yes ScriptedUpdates yes CompressLocalDatabase no Bytecode true NotifyClamd /etc/clamav/clamd.conf # Check for new database 24 times a day Checks 24 {% if local_mirror_url is defined and local_mirror | bool %} DatabaseMirror {{ local_mirror_url }} {% else %} DatabaseMirror db.local.clamav.net DatabaseMirror database.clamav.net DNSDatabaseInfo current.cvd.clamav.net {% endif %} ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/templates/ossec.j2 ================================================ yes yes no no no smtp.example.wazuh.com wazuh@example.wazuh.com recipient@example.wazuh.com 12 alerts.log 10m 0 131072 3 12 100000 1000 plain secure 1514 tcp 131072 no yes yes yes yes yes yes yes 43200 etc/rootcheck/rootkit_files.txt etc/rootcheck/rootkit_trojans.txt yes yes 1800 1d yes wodles/java wodles/ciscat no yandex-cloudtrail /bin/bash /var/ossec/wodles/yandex/yandex 1m yes yes 0 {% if use_clamav | bool %} no yandex-s3-clamav /bin/bash /var/ossec/wodles/yandex-clamav/yandex-clamav 10m yes yes 0 {% endif %} no yes yes /var/log/osquery/osqueryd.results.log /etc/osquery/osquery.conf yes yes 10m yes yes wazuh /cnp8bjbhhi1eoob9ik9m/ no 1h yes yes yes yes yes yes yes 10 yes yes 12h yes yes 5m 6h yes yes trusty xenial bionic focal jammy 1h yes stretch buster bullseye 1h yes 5 6 7 8 9 1h yes amazon-linux amazon-linux-2 1h yes 1h yes 1h yes 2010 1h no 43200 yes yes no /etc,/usr/bin,/usr/sbin /bin,/sbin,/boot /etc/mtab /etc/hosts.deny /etc/mail/statistics /etc/random-seed /etc/random.seed /etc/adjtime /etc/httpd/logs /etc/utmpx /etc/wtmpx /etc/cups/certs /etc/dumpdates /etc/svc/volatile .log$|.swp$ /etc/ssl/private.key yes yes yes yes 10 100 yes 5m 1h 10 127.0.0.1 ^localhost.localdomain$ 127.0.0.53 disable-account disable-account yes restart-wazuh restart-wazuh firewall-drop firewall-drop yes host-deny host-deny yes route-null route-null yes win_route-null route-null.exe yes netsh netsh.exe yes firewall-drop local 5712,5710,5758 1800 60,120,180 command df -P 360 full_command netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d netstat listening ports 360 syslog /var/ossec/logs/active-responses.log full_command last -n 20 360 ruleset/decoders ruleset/rules 0215-policy_rules.xml etc/lists/audit-keys etc/lists/amazon/aws-eventnames etc/lists/security-eventchannel etc/decoders etc/rules yes 1 64 15m no 1515 no yes no HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH no etc/sslmanager.cert etc/sslmanager.key no wazuh node01 master 1516 0.0.0.0 NODE_IP no yes syslog /var/ossec/logs/active-responses.log syslog /var/log/auth.log syslog /var/log/syslog syslog /var/log/dpkg.log syslog /var/log/kern.log ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/ansible/roles/wazuh/vars/main.yml ================================================ packages_to_install: - python3-pip - awscli - apt-transport-https - curl - lsb-release - unzip - wget - libcap2-bin - software-properties-common - gnupg2 - net-tools - htop - acl pip_packages_to_install: - docker==4.2.0 - boto3 - yandexcloud wazuh_pip_packages: - clamd - yandexcloud clamav_packages: - clamav-daemon - clamav-freshclam - clamav wazuh_version: "4.3" yandex_wazuh_app_url: "https://artifacts.comcloud.xyz/wazuh-1.2.0.zip" yandex_wodle_url: "https://artifacts.comcloud.xyz/yandex.py" local_mirror: true local_mirror_url: "clamav.comcloud.xyz" use_clamav: true allow_world_readable_tmpfiles: true ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/packer/template.pkr.hcl ================================================ variable "source_image_family" { type = string default = "ubuntu-2004-lts" } variable "ssh_username" { type = string default = "ubuntu" } variable "token" { default = env("YC_TOKEN") } source "yandex" "wazuh" { source_image_family = var.source_image_family ssh_username = var.ssh_username token = var.token use_ipv4_nat = "true" image_name = "wazuh-{{isotime \"02-Jan-06-03-04-05\" | lower }}" } build { sources = ["source.yandex.wazuh"] provisioner "ansible" { playbook_file = "ansible/playbook.yaml" roles_path = "ansible/roles/wazuh" extra_arguments = ["--extra-vars", "allow_world_readable_tmpfiles=true"] } } ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/terraform/deployment/README.md ================================================ ## Requirements No requirements. ## Providers | Name | Version | |------|---------| | [random](#provider\_random) | n/a | ## Modules | Name | Source | Version | |------|--------|---------| | [lb](#module\_lb) | ../modules/network_lb | n/a | | [s3](#module\_s3) | ../modules/s3 | n/a | | [vm](#module\_vm) | ../modules/vm | n/a | | [vpc](#module\_vpc) | ../modules/vpc | n/a | ## Resources | Name | Type | |------|------| | [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [cloud\_id](#input\_cloud\_id) | The ID of the cloud to apply any resources to | `string` | n/a | yes | | [folder\_id](#input\_folder\_id) | ID of the folder to attach a policy to. | `string` | n/a | yes | | [image\_id](#input\_image\_id) | A disk image to initialize this disk from | `string` | n/a | yes | ## Outputs | Name | Description | |------|-------------| | [lb\_ip](#output\_lb\_ip) | n/a | | [private\_ip](#output\_private\_ip) | n/a | | [public\_ip](#output\_public\_ip) | n/a | ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/terraform/deployment/main.tf ================================================ resource "random_pet" "this" {} locals { name = "wazuh-vpc" labels = { owner = "terraform" environment = "demo" } instance_name = "wazuh-${random_pet.this.id}" wazuh_profile = chomp(templatefile("${path.cwd}/profile.tftpl", { bucket_name = module.s3.bucket_name, bucket_path = "wazuh", username = "ubuntu", public_key = file("~/.ssh/id_rsa.pub") aws_key_id = module.s3.aws_key_id aws_secret_access_key = module.s3.aws_secret_access_key } )) } module "vpc" { source = "../modules/vpc" vpc_name = local.name labels = local.labels vpc_subnets = { private-ru-central1-a = { zone = "ru-central1-a", cidr = "10.216.0.0/20" } } } module "s3" { source = "../modules/s3" folder_id = var.folder_id name = "wazuh" roles = ["storage.admin","admin","audit-trails.viewer"] cloud_id = var.cloud_id } module "vm" { source = "../modules/vm" image_id = var.image_id instance_name = local.instance_name subnet_id = module.vpc.subnets_locations[0].subnet_id service_account_id = module.s3.iam_profile_id instance_type = "standard-v3" vm_metadata = { user-data = local.wazuh_profile } labels = local.labels use_nat = true memory = "12" cores = "4" core_fraction="20" } ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/terraform/deployment/outputs.tf ================================================ output "public_ip" { value = module.vm.vm_public_ip } output "private_ip" { value = module.vm.vm_private_ip } ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/terraform/deployment/profile.tftpl ================================================ #cloud-config users: - name: ${username} groups: sudo shell: /bin/bash sudo: ['ALL=(ALL) NOPASSWD:ALL'] ssh-authorized-keys: - ${public_key} write_files: - path: /etc/profile.d/wazuh.sh permissions: "0755" content: | export YANDEX_TRAIL_BUCKET="${bucket_name}" export YANDEX_TRAIL_BUCKET_PATH="${bucket_path}" export AWS_ACCESS_KEY_ID="${aws_key_id}" export AWS_SECRET_ACCESS_KEY="${aws_secret_access_key}" export AWS_DEFAULT_REGION="ru-central1" export DEBUG=0 runcmd: - "chmod +x /etc/profile.d/wazuh.sh" - echo ". /etc/profile.d/wazuh.sh" >> /etc/environment package_update: true package_upgrade: true ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/terraform/deployment/variables.tf ================================================ variable "folder_id" { description = "ID of the folder to attach a policy to." type = string } variable "cloud_id" { description = "The ID of the cloud to apply any resources to" type = string } variable "image_id" { description = "A disk image to initialize this disk from" type = string } ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/terraform/modules/s3/README.md ================================================ ## Requirements | Name | Version | |------|---------| | [yandex](#requirement\_yandex) | 0.77.0 | ## Providers | Name | Version | |------|---------| | [random](#provider\_random) | n/a | | [yandex](#provider\_yandex) | 0.77.0 | ## Modules No modules. ## Resources | Name | Type | |------|------| | [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | | [yandex_iam_service_account.this](https://registry.terraform.io/providers/yandex-cloud/yandex/0.77.0/docs/resources/iam_service_account) | resource | | [yandex_iam_service_account_static_access_key.this](https://registry.terraform.io/providers/yandex-cloud/yandex/0.77.0/docs/resources/iam_service_account_static_access_key) | resource | | [yandex_resourcemanager_cloud_iam_binding.this](https://registry.terraform.io/providers/yandex-cloud/yandex/0.77.0/docs/resources/resourcemanager_cloud_iam_binding) | resource | | [yandex_resourcemanager_folder_iam_binding.this](https://registry.terraform.io/providers/yandex-cloud/yandex/0.77.0/docs/resources/resourcemanager_folder_iam_binding) | resource | | [yandex_storage_bucket.this](https://registry.terraform.io/providers/yandex-cloud/yandex/0.77.0/docs/resources/storage_bucket) | resource | | [yandex_resourcemanager_cloud.this](https://registry.terraform.io/providers/yandex-cloud/yandex/0.77.0/docs/data-sources/resourcemanager_cloud) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [cloud\_id](#input\_cloud\_id) | The ID of the cloud to apply any resources to | `string` | n/a | yes | | [count\_format](#input\_count\_format) | Default count format | `string` | `"%01d"` | no | | [count\_offset](#input\_count\_offset) | Default count offset | `number` | `0` | no | | [folder\_id](#input\_folder\_id) | ID of the folder to attach a policy to. | `string` | n/a | yes | | [name](#input\_name) | Name of the network load balancer. Provided by the client when the network load balancer is created. | `string` | n/a | yes | | [roles](#input\_roles) | The roles that should be assigned | `list(string)` | n/a | yes | ## Outputs | Name | Description | |------|-------------| | [aws\_key\_id](#output\_aws\_key\_id) | n/a | | [aws\_secret\_access\_key](#output\_aws\_secret\_access\_key) | n/a | | [bucket\_name](#output\_bucket\_name) | n/a | | [iam\_profile\_id](#output\_iam\_profile\_id) | n/a | | [iam\_profile\_name](#output\_iam\_profile\_name) | n/a | ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/terraform/modules/s3/main.tf ================================================ resource "random_pet" "this" { length = 2 } resource "yandex_iam_service_account" "this" { name = "${var.name}-${format(var.count_format, var.count_offset)}-${random_pet.this.id}" description = "Service account to be used by Terraform" } resource "yandex_resourcemanager_folder_iam_binding" "this" { count = length(var.roles) folder_id = var.folder_id role = element(var.roles, count.index) members = [ "serviceAccount:${yandex_iam_service_account.this.id}", ] depends_on = [ yandex_iam_service_account.this, ] } resource "yandex_iam_service_account_static_access_key" "this" { service_account_id = yandex_iam_service_account.this.id depends_on = [ yandex_iam_service_account.this, ] } data "yandex_resourcemanager_cloud" "this" { cloud_id = var.cloud_id } resource "yandex_resourcemanager_cloud_iam_binding" "this" { count = length(var.roles) cloud_id = data.yandex_resourcemanager_cloud.this.id role = element(var.roles, count.index) members = [ "serviceAccount:${yandex_iam_service_account.this.id}" ] } resource "yandex_storage_bucket" "this" { access_key = yandex_iam_service_account_static_access_key.this.access_key secret_key = yandex_iam_service_account_static_access_key.this.secret_key bucket = "${var.name}-${format(var.count_format, var.count_offset)}-${random_pet.this.id}" force_destroy = true grant { id = yandex_iam_service_account.this.id type = "CanonicalUser" permissions = ["READ", "WRITE"] } depends_on = [yandex_iam_service_account.this] } ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/terraform/modules/s3/outputs.tf ================================================ output "iam_profile_name" { value = yandex_iam_service_account.this.name } output "iam_profile_id" { value = yandex_iam_service_account.this.id } output "bucket_name" { value = yandex_storage_bucket.this.bucket } output "aws_key_id" { value = yandex_iam_service_account_static_access_key.this.access_key } output "aws_secret_access_key" { value = nonsensitive(yandex_iam_service_account_static_access_key.this.secret_key) } ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/terraform/modules/s3/terraform.tf ================================================ terraform { required_providers { yandex = { source = "yandex-cloud/yandex" version = "0.77.0" } } } ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/terraform/modules/s3/variable.tf ================================================ variable "folder_id" { description = "ID of the folder to attach a policy to." type = string } variable "name" { description = "Name of the network load balancer. Provided by the client when the network load balancer is created." type = string } variable "count_offset" { default = 0 description = "Default count offset" } variable "count_format" { default = "%01d" description = "Default count format" type = string } variable "roles" { description = "The roles that should be assigned" type = list(string) } variable "cloud_id" { description = "The ID of the cloud to apply any resources to" type = string } ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/terraform/modules/vm/README.md ================================================ ## Requirements | Name | Version | |------|---------| | [yandex](#requirement\_yandex) | 0.77.0 | ## Providers | Name | Version | |------|---------| | [yandex](#provider\_yandex) | 0.77.0 | ## Modules No modules. ## Resources | Name | Type | |------|------| | [yandex_compute_instance.instance](https://registry.terraform.io/providers/yandex-cloud/yandex/0.77.0/docs/resources/compute_instance) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [az](#input\_az) | The availability zone where the virtual machine will be created. If it is not provided, the default provider folder is used. | `string` | `"ru-central1-a"` | no | | [boot\_disk](#input\_boot\_disk) | Disk type | `string` | `"network-hdd"` | no | | [core\_fraction](#input\_core\_fraction) | Specifies baseline performance for a core as a percent | `number` | `20` | no | | [cores](#input\_cores) | CPU cores for the instance | `string` | `2` | no | | [count\_format](#input\_count\_format) | Default count format | `string` | `"%01d"` | no | | [count\_offset](#input\_count\_offset) | Default count offset | `number` | `0` | no | | [disk\_size](#input\_disk\_size) | Size of the disk in GB. | `string` | `100` | no | | [image\_id](#input\_image\_id) | A disk image to initialize this disk from | `string` | n/a | yes | | [instance\_count](#input\_instance\_count) | Vm(s) count | `string` | `1` | no | | [instance\_name](#input\_instance\_name) | Resource name | `string` | n/a | yes | | [instance\_type](#input\_instance\_type) | The type of virtual machine to create. The default is 'standard-v1' | `string` | `"standard-v1"` | no | | [labels](#input\_labels) | Labels for resources | `map(string)` | `{}` | no | | [memory](#input\_memory) | Memory size in GB | `string` | `2` | no | | [service\_account\_id](#input\_service\_account\_id) | ID of the service account authorized for this instance. | `string` | `""` | no | | [subnet\_id](#input\_subnet\_id) | YID of the subnet to attach this interface to. The subnet must exist in the same zone where this instance will be created. | `string` | n/a | yes | | [use\_nat](#input\_use\_nat) | Provide a public address, for instance, to access the internet over NAT. | `bool` | `false` | no | | [vm\_metadata](#input\_vm\_metadata) | Metadata key/value pairs to make available from within the instance. | `map(string)` | `{}` | no | ## Outputs | Name | Description | |------|-------------| | [metadata](#output\_metadata) | n/a | | [vm\_private\_ip](#output\_vm\_private\_ip) | Virtual Machine private ip address | | [vm\_public\_ip](#output\_vm\_public\_ip) | Virtual Machine public ip address | ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/terraform/modules/vm/main.tf ================================================ resource "yandex_compute_instance" "instance" { count = var.instance_count name = "${var.instance_name}-${format(var.count_format, var.count_offset + count.index + 1)}" platform_id = var.instance_type hostname = "${var.instance_name}-${format(var.count_format, var.count_offset + count.index + 1)}" zone = var.az service_account_id = var.service_account_id resources { cores = var.cores core_fraction = var.core_fraction memory = var.memory } boot_disk { initialize_params { image_id = var.image_id type = var.boot_disk size = var.disk_size } } network_interface { subnet_id = var.subnet_id nat = var.use_nat } metadata = var.vm_metadata allow_stopping_for_update = true labels = var.labels } ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/terraform/modules/vm/outputs.tf ================================================ output "vm_public_ip" { description = "Virtual Machine public ip address" value = try(yandex_compute_instance.instance[0].network_interface.0.nat_ip_address, "") } output "vm_private_ip" { description = "Virtual Machine private ip address" value = try(yandex_compute_instance.instance[0].network_interface.0.ip_address, "") } output "metadata" { value = yandex_compute_instance.instance[0].metadata } ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/terraform/modules/vm/terraform.tf ================================================ terraform { required_providers { yandex = { source = "yandex-cloud/yandex" version = "0.77.0" } } } ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/terraform/modules/vm/variables.tf ================================================ variable "az" { default = "ru-central1-a" description = "The availability zone where the virtual machine will be created. If it is not provided, the default provider folder is used." type = string } variable "instance_count" { default = 1 description = "Vm(s) count" type = string } variable "instance_name" { description = "Resource name" type = string } variable "subnet_id" { description = "YID of the subnet to attach this interface to. The subnet must exist in the same zone where this instance will be created." type = string } variable "instance_type" { default = "standard-v1" description = "The type of virtual machine to create. The default is 'standard-v1'" type = string } variable "cores" { default = 2 description = "CPU cores for the instance" type = string } variable "core_fraction" { default = 20 description = "Specifies baseline performance for a core as a percent" } variable "memory" { default = 2 description = "Memory size in GB" type = string } variable "boot_disk" { default = "network-hdd" description = "Disk type" type = string } variable "disk_size" { default = 100 description = "Size of the disk in GB." type = string validation { condition = var.disk_size >= 50 error_message = "Disk size must be not less than 50Gb!" } } variable "count_offset" { default = 0 description = "Default count offset" } variable "count_format" { default = "%01d" description = "Default count format" type = string } variable "image_id" { description = "A disk image to initialize this disk from" type = string } variable "use_nat" { default = false description = "Provide a public address, for instance, to access the internet over NAT." type = bool } variable "vm_metadata" { default = {} description = "Metadata key/value pairs to make available from within the instance." type = map(string) } variable "labels" { default = {} description = "Labels for resources" type = map(string) } variable "service_account_id" { default = "" description = "ID of the service account authorized for this instance." type = string } ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/terraform/modules/vpc/README.md ================================================ ## Requirements | Name | Version | |------|---------| | [yandex](#requirement\_yandex) | 0.77.0 | ## Providers | Name | Version | |------|---------| | [yandex](#provider\_yandex) | 0.77.0 | ## Modules No modules. ## Resources | Name | Type | |------|------| | [yandex_vpc_network.this](https://registry.terraform.io/providers/yandex-cloud/yandex/0.77.0/docs/resources/vpc_network) | resource | | [yandex_vpc_subnet.this](https://registry.terraform.io/providers/yandex-cloud/yandex/0.77.0/docs/resources/vpc_subnet) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [labels](#input\_labels) | Labels for resources | `map(string)` | `{}` | no | | [vpc\_name](#input\_vpc\_name) | Yandex vpc name | `string` | n/a | yes | | [vpc\_subnets](#input\_vpc\_subnets) | Map of vpc zone with cidr | 
map(object({
    zone = string
    cidr = string
  }))
| n/a | yes | ## Outputs | Name | Description | |------|-------------| | [subnets\_locations](#output\_subnets\_locations) | Mapping Subnet Name to Subnet ID | | [vpc\_id](#output\_vpc\_id) | Yandex network id | ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/terraform/modules/vpc/main.tf ================================================ resource "yandex_vpc_network" "this" { name = var.vpc_name labels = var.labels } resource "yandex_vpc_subnet" "this" { for_each = var.vpc_subnets network_id = yandex_vpc_network.this.id name = each.key v4_cidr_blocks = [each.value.cidr] zone = each.value.zone labels = var.labels } ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/terraform/modules/vpc/outputs.tf ================================================ output "vpc_id" { description = "Yandex network id" value = try(yandex_vpc_network.this.id, "") } output "subnets_locations" { description = "Mapping Subnet Name to Subnet ID" value = [ for s in yandex_vpc_subnet.this : { subnet_id = s.id, zone = s.zone } ] } ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/terraform/modules/vpc/terraform.tf ================================================ terraform { required_providers { yandex = { source = "yandex-cloud/yandex" version = "0.77.0" } } } ================================================ FILE: auditlogs/export-auditlogs-to-wazuh/terraform/modules/vpc/variables.tf ================================================ variable "vpc_name" { description = "Yandex vpc name" type = string } variable "vpc_subnets" { description = "Map of vpc zone with cidr" type = map(object({ zone = string cidr = string })) } variable "labels" { description = "Labels for resources" type = map(string) default = {} } ================================================ FILE: auditlogs/export-k8s-to-s3/README.md ================================================ ## Export of kubernetes audit logs to s3/object storage ![image](https://user-images.githubusercontent.com/85429798/186873514-06d204c4-06e8-4239-93be-39817a197f4b.png) Prerequisites: - ✅ Cluster of Managed K8s. - ✅ Terraform - ✅ Ask cloud support or your architect for an alpha flag "TRIGGERS_CLOUD_LOGS_ALPHA" ## 1) If you doing this from Russia just create the file and fill it out like this to use yandex network mirror: ``` cat ~/.terraformrc provider_installation { network_mirror { url = "https://terraform-network-mirror.storage.yandexcloud.net/" } } ``` 2) Fill out the fields in the provider.tf file. 3) Fill out the fields in the terraform.tfvars.example file. (example below) 4) Run: ``` terraform init terraform apply ``` Example of terraform.tfvars.example file: ``` folder_id = "b1gvnphpkgt8oechmpo02" cloud_id = "b1g3o4minpkuh10pd2rj2" cluster_name = "k8s-for-export" log_bucket_name = "k8s-audit-logs-example" ``` ================================================ FILE: auditlogs/export-k8s-to-s3/terraform/00-sa-and-bucket.tf ================================================ #random resource "random_string" "random" { length = 4 special = false upper = false } # Create SA for creation bucket resource "yandex_iam_service_account" "sa-writer" { folder_id = var.folder_id name = "sa-for-k8s-export" } # Grant permissions send logs to bucket resource "yandex_resourcemanager_folder_iam_member" "create_bucket" { depends_on = [yandex_iam_service_account.sa-writer] folder_id = var.folder_id role = "storage.admin" member = "serviceAccount:${yandex_iam_service_account.sa-writer.id}" } # Create Static Access Keys resource "yandex_iam_service_account_static_access_key" "sa-writer-keys" { depends_on = [yandex_iam_service_account.sa-writer] service_account_id = yandex_iam_service_account.sa-writer.id description = "Static access/secret keys for SA" } # Create bucket resource "yandex_storage_bucket" "es-bucket" { depends_on = [yandex_resourcemanager_folder_iam_member.upload_logs] access_key = yandex_iam_service_account_static_access_key.sa-writer-keys.access_key secret_key = yandex_iam_service_account_static_access_key.sa-writer-keys.secret_key bucket = "${var.log_bucket_name}-${random_string.random.result}" grant { id = yandex_iam_service_account.sa-writer-to-bucket.id type = "CanonicalUser" permissions = ["READ", "WRITE"] } } #------ # Create SA for read/write bucket resource "yandex_iam_service_account" "sa-writer-to-bucket" { folder_id = var.folder_id name = "sa-for-writing-k8s-for-export" } # Grant permissions send logs to bucket resource "yandex_resourcemanager_folder_iam_member" "upload_logs" { depends_on = [yandex_iam_service_account.sa-writer-to-bucket] folder_id = var.folder_id role = "storage.uploader" member = "serviceAccount:${yandex_iam_service_account.sa-writer-to-bucket.id}" } # Grant permissions send logs to bucket resource "yandex_resourcemanager_folder_iam_member" "upload_logs2" { depends_on = [yandex_iam_service_account.sa-writer-to-bucket] folder_id = var.folder_id role = "serverless.functions.invoker" member = "serviceAccount:${yandex_iam_service_account.sa-writer-to-bucket.id}" } # Create Static Access Keys resource "yandex_iam_service_account_static_access_key" "sa-writer-to-bucket-keys" { depends_on = [yandex_iam_service_account.sa-writer-to-bucket] service_account_id = yandex_iam_service_account.sa-writer-to-bucket.id description = "Static access/secret keys for SA" } ================================================ FILE: auditlogs/export-k8s-to-s3/terraform/03-infra.tf ================================================ data "yandex_kubernetes_cluster" "my_cluster" { folder_id = var.folder_id name = var.cluster_name } data "yandex_resourcemanager_folder" "my_folder" { folder_id = var.folder_id } ================================================ FILE: auditlogs/export-k8s-to-s3/terraform/04-audit-export.tf ================================================ data "archive_file" "function_export" { type = "zip" source_dir = "${path.module}/function" output_path = "${path.module}/sync.zip" } resource "yandex_function" "k8s_log_exporter" { folder_id = var.folder_id name = "k8s-log-exporter-${data.yandex_kubernetes_cluster.my_cluster.name}" runtime = "python38" entrypoint = "main.handler" memory = "128" execution_timeout = "30" service_account_id = yandex_iam_service_account.sa-writer-to-bucket.id environment = { AWS_ACCESS_KEY_ID = yandex_iam_service_account_static_access_key.sa-writer-to-bucket-keys.access_key AWS_SECRET_ACCESS_KEY = yandex_iam_service_account_static_access_key.sa-writer-to-bucket-keys.secret_key BUCKET_NAME = "${var.log_bucket_name}-${random_string.random.result}" CLOUD_ID = data.yandex_resourcemanager_folder.my_folder.cloud_id CLUSTER_ID = data.yandex_kubernetes_cluster.my_cluster.id FOLDER_ID = var.folder_id } user_hash = data.archive_file.function_export.output_base64sha256 content { zip_filename = data.archive_file.function_export.output_path } } resource "yandex_function_trigger" "logs-trigger" { depends_on = [yandex_function.k8s_log_exporter] name = "k8s-log-trigger-${data.yandex_kubernetes_cluster.my_cluster.name}" folder_id = var.folder_id function { id = yandex_function.k8s_log_exporter.id service_account_id = yandex_iam_service_account.sa-writer-to-bucket.id } log_group { log_group_ids = [ data.yandex_kubernetes_cluster.my_cluster.log_group_id, ] batch_cutoff = 10 batch_size = 100 } } ================================================ FILE: auditlogs/export-k8s-to-s3/terraform/function/main.py ================================================ import json import os import sys import uuid import boto3 import string import random from datetime import datetime def get_random_alphanumeric_string(length): letters_and_digits = string.ascii_letters + string.digits result_str = ''.join((random.choice(letters_and_digits) for i in range(length))) return result_str client = boto3.client( service_name='s3', endpoint_url='https://storage.yandexcloud.net', region_name='ru-central1' ) def handler(event, context): for log_data in event['messages']: full_log = [] for log_entry in log_data['details']['messages']: kubernetes_log = json.loads(log_entry['message']) full_log.append(json.dumps(kubernetes_log)) bucket_name = os.environ.get('BUCKET_NAME') # object_key = os.environ.get('LOG_PREFIX')+'/'+datetime.now().strftime('%Y-%m-%d-%H:%M:%S')+'-'+get_random_alphanumeric_string(5) object_key = 'AUDIT/'+os.environ.get('CLUSTER_ID')+'/'+datetime.now().strftime('%Y-%m-%d-%H:%M:%S')+'-'+get_random_alphanumeric_string(5) object_value = '\n'.join(full_log) client.put_object(Bucket=bucket_name, Key=object_key, Body=object_value, StorageClass='COLD') print(object_value) ================================================ FILE: auditlogs/export-k8s-to-s3/terraform/function/requirements.txt ================================================ botocore boto3 ================================================ FILE: auditlogs/export-k8s-to-s3/terraform/provider.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = ">= 0.72.0" } } } provider "yandex" { folder_id = var.folder_id token = "example" #service_account_key_file = "./key.json" } ================================================ FILE: auditlogs/export-k8s-to-s3/terraform/variables.tf ================================================ # Variables for Import # Initial variables variable "folder_id" { description = "The Yandex.Cloud folder id." type = string } variable "cloud_id" { description = "The Yandex.Cloud cloud id." type = string } variable "region_name" { description = "The Yandex.Cloud Cloud Region name." type = string default = "ru-central1" } variable "cluster_name" { description = "The Yandex.Cloud K8s cluster name." type = string } # S3 Bucket Variables variable "log_bucket_name" { type = string } ================================================ FILE: auditlogs/export-k8s-to-s3-cloud-logging/README.md ================================================ # Export of Kubernetes audit logs to Object Storage This Terraform example deploys a Cloud Function with a Trigger and scraps the Kubernetes cluster audit logs from Cloud Logging group and stores the logs in the Object Storage bucket. Cloud Logging group can be created with Yandex Data Streams support, so your audit logs can be forwarded to Yandex Data Stream in parallel. See [Creating a log group using CLI](https://cloud.yandex.com/en/docs/logging/operations/create-group) instruction for more information. ![image](https://user-images.githubusercontent.com/85429798/186873514-06d204c4-06e8-4239-93be-39817a197f4b.png) Prerequisites: - ✅ Cluster of Managed K8s - ✅ Cloud Logging logging group - ✅ Terraform ## 1) If you apply this module from Russian Federation – create the `~/.terraformrc` file and specify Yandex Cloud network mirror: ``` cat ~/.terraformrc provider_installation { network_mirror { url = "https://terraform-network-mirror.storage.yandexcloud.net/" } } ``` 2) Fill out the fields in the `provider.tf` file: specify the token for authentication, or use service account key file. 3) Create a `private.auto.tfvars` file and fill the required variables. (see example of `private.auto.tfvars` file below) 4) Run: ``` terraform init terraform apply ``` Example of `private.auto.tfvars` file: ``` cloud_id = "b1g3xxxxxxxxxxxxxxxx" folder_id = "b1g7xxxxxxxxxxxxxxxx" cluster_id = "catsxxxxxxxxxxxxxxxx" logging_group_id = "e23oxxxxxxxxxxxxxxxx" storage_bucket_name = "audit-log-bucket-xxxxxx" ``` ================================================ FILE: auditlogs/export-k8s-to-s3-cloud-logging/terraform/function/main.py ================================================ import boto3 import json import os import random import string from datetime import datetime # Variables config = { 'bucket_name' : os.environ['BUCKET_NAME'], } # Function - Random string def get_random_alphanumeric_string(length): letters_and_digits = string.ascii_letters + string.digits result = ''.join((random.choice(letters_and_digits) for i in range(length))) return result # Boto client client = boto3.client( service_name='s3', endpoint_url='https://storage.yandexcloud.net', region_name='ru-central1' ) # Handler def handler(event, context): for log_data in event['messages']: full_log = [] for log_entry in log_data['details']['messages']: # Temporary filter try: if (log_entry['json_payload']['apiVersion'] == "audit.k8s.io/v1"): full_log.append(json.dumps(log_entry)) else: print("wrong apiVersion key") except KeyError: print("no apiVersion key") # Temporary filter end object_key = 'AUDIT/'+datetime.now().strftime('%Y-%m-%d-%H:%M:%S')+'-'+get_random_alphanumeric_string(5) object_value = '\n'.join(full_log) client.put_object(Bucket=config['bucket_name'], Key=object_key, Body=object_value) print(object_value) ================================================ FILE: auditlogs/export-k8s-to-s3-cloud-logging/terraform/function/requirements.txt ================================================ botocore boto3 ================================================ FILE: auditlogs/export-k8s-to-s3-cloud-logging/terraform/main.tf ================================================ # Various data "archive_file" "function" { type = "zip" source_dir = "${path.module}/function" output_path = "${path.module}/function.zip" } resource "random_string" "suffix" { length = 4 upper = false lower = true number = true special = false } # Cloud Function resource "yandex_function" "main" { depends_on = [ yandex_iam_service_account_static_access_key.sa-static-key, yandex_lockbox_secret_iam_binding.sa-viewer ] folder_id = var.folder_id name = "cloud-log-s3-${random_string.suffix.result}" runtime = "python39" entrypoint = "main.handler" memory = "256" execution_timeout = "60" service_account_id = yandex_iam_service_account.sa.id environment = { BUCKET_NAME = var.storage_bucket_name } secrets { id = yandex_lockbox_secret.secret-aws.id version_id = yandex_lockbox_secret_version.secret-aws-v1.id key = "access_key" environment_variable = "AWS_ACCESS_KEY_ID" } secrets { id = yandex_lockbox_secret.secret-aws.id version_id = yandex_lockbox_secret_version.secret-aws-v1.id key = "secret_key" environment_variable = "AWS_SECRET_ACCESS_KEY" } user_hash = data.archive_file.function.output_base64sha256 content { zip_filename = data.archive_file.function.output_path } } # Cloud trigger resource "yandex_function_trigger" "cloud-log" { name = "cloud-log-s3-${random_string.suffix.result}" description = "cloud-log-s3-${random_string.suffix.result}" logging { group_id = var.logging_group_id batch_cutoff = "30" batch_size = "100" stream_names = ["audit"] } function { id = yandex_function.main.id service_account_id = yandex_iam_service_account.sa-invoker.id } } # Create service account for bucket resource "yandex_iam_service_account" "sa" { folder_id = var.folder_id name = "cloud-log-s3-${random_string.suffix.result}" description = "cloud-log-s3-${random_string.suffix.result}" } resource "yandex_resourcemanager_folder_iam_member" "sa-log-reader" { folder_id = var.folder_id member = "serviceAccount:${yandex_iam_service_account.sa.id}" role = "logging.reader" } resource "yandex_resourcemanager_folder_iam_member" "sa-storage-editor" { folder_id = var.folder_id member = "serviceAccount:${yandex_iam_service_account.sa.id}" role = "storage.editor" } resource "yandex_resourcemanager_folder_iam_member" "sa-lockbox-payload" { folder_id = var.folder_id member = "serviceAccount:${yandex_iam_service_account.sa.id}" role = "lockbox.payloadViewer" } # Create service account for function trigger resource "yandex_iam_service_account" "sa-invoker" { folder_id = var.folder_id name = "cloud-log-s3-invoker-${random_string.suffix.result}" description = "cloud-log-s3-invoker-${random_string.suffix.result}" } resource "yandex_resourcemanager_folder_iam_member" "sa-invoker" { folder_id = var.folder_id member = "serviceAccount:${yandex_iam_service_account.sa-invoker.id}" role = "functions.functionInvoker" } # Static access key resource "yandex_iam_service_account_static_access_key" "sa-static-key" { service_account_id = yandex_iam_service_account.sa.id description = "cloud-log-s3-${random_string.suffix.result} static key" } # Lockbox resource "yandex_lockbox_secret" "secret-aws" { name = "cloud-log-${random_string.suffix.result}" } resource "yandex_lockbox_secret_version" "secret-aws-v1" { secret_id = yandex_lockbox_secret.secret-aws.id entries { key = "access_key" text_value = yandex_iam_service_account_static_access_key.sa-static-key.access_key } entries { key = "secret_key" text_value = yandex_iam_service_account_static_access_key.sa-static-key.secret_key } } resource "yandex_lockbox_secret_iam_binding" "sa-viewer" { secret_id = yandex_lockbox_secret.secret-aws.id role = "viewer" members = [ "serviceAccount:${yandex_iam_service_account.sa.id}", ] } ================================================ FILE: auditlogs/export-k8s-to-s3-cloud-logging/terraform/outputs.tf ================================================ output "function" { value = "${yandex_function.main.name}" } ================================================ FILE: auditlogs/export-k8s-to-s3-cloud-logging/terraform/provider.tf ================================================ terraform { required_providers { yandex = { source = "yandex-cloud/yandex" } } } provider "yandex" { # service_account_key_file = var.provider_key_file cloud_id = var.cloud_id folder_id = var.folder_id zone = var.zone token = "token" } ================================================ FILE: auditlogs/export-k8s-to-s3-cloud-logging/terraform/variables.tf ================================================ variable "folder_id" { description = "Yandex Cloud folder-id" } variable "cloud_id" { description = "Yandex Cloud cloud-id" } variable "logging_group_id" { description = "Cloud Logging group ID" } variable "storage_bucket_name" { description = "Yandex Object Storage bucket name" } variable "zone" { description = "Yandex Cloud region" default = "ru-central1-a" } variable "provider_key_file" { description = "Yandex Cloud provider key file" default = "./key.json" } ================================================ FILE: auditlogs/export-k8s-to-yds/README.md ================================================ ## Export of kubernetes audit logs to Yandex Data Streams/Kinesis Data Streams ![image](https://user-images.githubusercontent.com/85429798/186873675-1769f228-d965-406f-b917-165959755333.png) Prerequisites: - ✅ Cluster of Managed K8s. - ✅ Terraform - ✅ Ask cloud support for an alpha flag "LOGS_ALPHA" and "TRIGGERS_CLOUD_LOGS_ALPHA" - ✅ [Existing Yandex Data Streams](https://cloud.yandex.ru/services/data-streams) - ✅ To get the **yds_id** parameter, go to the deployed YDS and copy it from the endpoint tab, for example https://yds.serverless.yandexcloud.net/ru-central1/b1g3o4minpkuh10pd2rj/**etnrmbadnrson5algn3s**/stream-for-k8s-audit . Parameter etnrmbadnrson5algn3s is yds id ## 1) If you doing this from Russia just create the file and fill it out like this to use yandex network mirror: ``` cat ~/.terraformrc provider_installation { network_mirror { url = "https://terraform-network-mirror.storage.yandexcloud.net/" } } ``` 2) Fill out the fields in the provider.tf file. 3) Fill out the fields in the terraform.tfvars.example file. (example below) 4) Run: ``` terraform init terraform apply ``` Example of terraform.tfvars.example file: ``` folder_id = "b1gvnphpkgt8oechmpo0" cloud_id = "b1g3o4minpkuh10pd2rj" cluster_name = "k8s-for-export" yds_stream_name = "stream-for-k8s-audit" yds_id = "b1g3o4minpkuh10pd2rj" yds_ydb_id = "etnrmbadnrson5algn3s" ``` ================================================ FILE: auditlogs/export-k8s-to-yds/terraform/00-sa-and-bucket.tf ================================================ #random resource "random_string" "random" { length = 4 special = false upper = false } #------ # Create SA for read/write yds resource "yandex_iam_service_account" "sa-writer-to-yds" { folder_id = var.folder_id name = "sa-for-writing-k8s-for-export" } # Grant permissions send logs to bucket resource "yandex_resourcemanager_folder_iam_member" "upload_logs" { depends_on = [yandex_iam_service_account.sa-writer-to-yds] folder_id = var.folder_id role = "yds.writer" member = "serviceAccount:${yandex_iam_service_account.sa-writer-to-yds.id}" } # Grant permissions invoke resource "yandex_resourcemanager_folder_iam_member" "upload_logs2" { depends_on = [yandex_iam_service_account.sa-writer-to-yds] folder_id = var.folder_id role = "serverless.functions.invoker" member = "serviceAccount:${yandex_iam_service_account.sa-writer-to-yds.id}" } # Create Static Access Keys resource "yandex_iam_service_account_static_access_key" "sa-writer-to-yds-keys" { depends_on = [yandex_iam_service_account.sa-writer-to-yds] service_account_id = yandex_iam_service_account.sa-writer-to-yds.id description = "Static access/secret keys for SA" } ================================================ FILE: auditlogs/export-k8s-to-yds/terraform/03-infra.tf ================================================ data "yandex_kubernetes_cluster" "my_cluster" { folder_id = var.folder_id name = var.cluster_name } data "yandex_resourcemanager_folder" "my_folder" { folder_id = var.folder_id } ================================================ FILE: auditlogs/export-k8s-to-yds/terraform/04-audit-export.tf ================================================ data "archive_file" "function_export" { type = "zip" source_dir = "${path.module}/function" output_path = "${path.module}/sync.zip" } resource "yandex_function" "k8s_log_exporter" { folder_id = var.folder_id name = "k8s-log-exporter-${data.yandex_kubernetes_cluster.my_cluster.name}" runtime = "python38" entrypoint = "main.handler" memory = "128" execution_timeout = "30" service_account_id = yandex_iam_service_account.sa-writer-to-yds.id environment = { AWS_ACCESS_KEY_ID = yandex_iam_service_account_static_access_key.sa-writer-to-yds-keys.access_key AWS_SECRET_ACCESS_KEY = yandex_iam_service_account_static_access_key.sa-writer-to-yds-keys.secret_key CLOUD_ID = data.yandex_resourcemanager_folder.my_folder.cloud_id CLUSTER_ID = data.yandex_kubernetes_cluster.my_cluster.id FOLDER_ID = var.folder_id YDS_NAME = var.yds_stream_name YDS_YDB_ID = var.yds_ydb_id YDS_ID = var.yds_id } user_hash = data.archive_file.function_export.output_base64sha256 content { zip_filename = data.archive_file.function_export.output_path } } resource "yandex_function_trigger" "logs-trigger" { depends_on = [yandex_function.k8s_log_exporter] name = "k8s-log-trigger-${data.yandex_kubernetes_cluster.my_cluster.name}" folder_id = var.folder_id function { id = yandex_function.k8s_log_exporter.id service_account_id = yandex_iam_service_account.sa-writer-to-yds.id } log_group { log_group_ids = [ data.yandex_kubernetes_cluster.my_cluster.log_group_id, ] batch_cutoff = 10 batch_size = 100 } } ================================================ FILE: auditlogs/export-k8s-to-yds/terraform/function/main.py ================================================ import json import os import sys import uuid import boto3 import string import random from datetime import datetime def get_random_alphanumeric_string(length): letters_and_digits = string.ascii_letters + string.digits result_str = ''.join((random.choice(letters_and_digits) for i in range(length))) return result_str # client = boto3.client( # service_name='s3', # endpoint_url='https://storage.yandexcloud.net', # region_name='ru-central1' # ) client = boto3.client( 'kinesis', endpoint_url='https://yds.serverless.yandexcloud.net', region_name='ru-central1' ) def handler(event, context): yds_name = os.environ.get('YDS_NAME') yds_id = os.environ.get('YDS_ID') yds_ydb_id = os.environ.get('YDS_YDB_ID') folder_name = os.environ.get('CLOUD_ID') push_to_kinesis = [] for log_data in event['messages']: for log_entry in log_data['details']['messages']: push_to_kinesis.append({'Data': log_entry['message'],'PartitionKey': str(get_random_alphanumeric_string(5))} ) response = client.put_records(StreamName="/ru-central1/{folder}/{database}/{stream}".format(folder=folder_name, database=yds_ydb_id, stream=yds_name), Records=push_to_kinesis) num_of_records = len(push_to_kinesis) print(f'Records count - {num_of_records}') print(f'Response from YDS - {response}') ================================================ FILE: auditlogs/export-k8s-to-yds/terraform/function/requirements.txt ================================================ botocore boto3 ================================================ FILE: auditlogs/export-k8s-to-yds/terraform/provider.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = ">= 0.72.0" } } } provider "yandex" { folder_id = var.folder_id token = "example" #service_account_key_file = "./key.json" } ================================================ FILE: auditlogs/export-k8s-to-yds/terraform/terraformrc ================================================ provider_installation { network_mirror { url = "https://terraform-network-mirror.storage.yandexcloud.net/" } } ================================================ FILE: auditlogs/export-k8s-to-yds/terraform/variables.tf ================================================ # Variables for Import # Initial variables variable "folder_id" { description = "The Yandex.Cloud folder id." type = string } variable "cloud_id" { description = "The Yandex.Cloud cloud id." type = string } variable "region_name" { description = "The Yandex.Cloud Cloud Region name." type = string default = "ru-central1" } variable "cluster_name" { description = "The Yandex.Cloud K8s cluster name." type = string } variable "yds_stream_name" { description = "The Yandex.Cloud yds stream name." type = string } variable "yds_ydb_id" { description = "ID of YDB" type = string } variable "yds_id" { description = "ID of YDS" type = string } ================================================ FILE: auditlogs/trail_monitoring/README.md ================================================ ## Monitoring Audit Trails and events in Yandex Cloud Monitoring ![image](https://user-images.githubusercontent.com/85429798/134897482-37c00391-7a01-48c1-9b78-bae7513b42d0.png) ![image](https://user-images.githubusercontent.com/85429798/134897506-79fbbffa-0537-4028-b1f3-132486127fdf.png) ### Description The solution includes recommendations how to monitor Audit Trails performance and its security events using [Yandex Monitoring](https://cloud.yandex.ru/services/monitoring). - Audit Trails monitoring: - The status of the Trail object (Active or not Active). - Count of processed events (the presence of bursts). - Monitoring of security events: - The list is presented below. #### Audit Trails monitoring - Go to Audit Trails → Monitoring → Open in Monitoring. - Select the desired dashboard: Trails by status or Delivered events. - Click the ellipsis, select "Create alert". - Set up an alert according to the [documentation](https://cloud.yandex.ru/docs/monitoring/operations/alert/create-alert) for a certain threshold. For example, on the "Trails by status" dashboard, enter the condition: status is not equal to 1 in 5 minutes (once a second, Trail sends Metric 1 if alive). ![image](https://user-images.githubusercontent.com/85429798/134897575-762c94fc-e709-4aed-a143-ec512852b5da.png) #### Monitoring events from Audit Trails - Go to Audit Trails → Monitoring → Open in Monitoring → Metric Explorer. - Generate a request to the desired metric from the list below, for example: "trail.processed_events_count"{folderId="b1gh4nansv4ebqqmeu7b", service="audit-trails", event_type="yandex.cloud.audit.compute.CreateInstance"}" - Click the ellipsis → Create alert. - Set up an alert according to the [documentation](https://cloud.yandex.ru/docs/monitoring/operations/alert/create-alert) for your threshold, for example: greater than 0. ![image](https://user-images.githubusercontent.com/85429798/134897649-90cedcfc-ba5f-4037-9278-a5fd58beb12d.png) #### List of metrics related to Information Security - UpdateSecurityGroup: Updating a security group. - UpdateSecretAccessBindings: Assigning rights for a Lockbox secret. - AddInstanceOneToOneNat: Adding a public IP address for a VM instance. - RemoveInstanceOneToOneNat: Removing a public IP address from a VM instance. - DeleteInstance: Deleting a VM instance. - instancegroup.DeleteInstanceGroup: Deleting an instance group. - CreateAccessKey: Creating an access key. - CreateApiKey: Creating an API key. - DeleteFederation: Deleting a federation. - UpdateServiceAccountAccessBindings: Updating access bindings. - DeleteSymmetricKey: Deleting a symmetric key. - ScheduleSymmetricKeyVersionDestruction: Scheduling destruction of the symmetric key version. - DeleteCloud: Deleting a cloud. - DeleteFolder: Deleting a catalog. - BucketAclUpdate: Updating an ACL bucket. - BucketDelete: Deleting a bucket. - BucketPolicyUpdate: Editing bucket access policies. - CreateNetwork: Creating a cloud network. - DeleteNetwork: Deleting a cloud network. ================================================ FILE: auditlogs/trail_monitoring/README_RU.md ================================================ ## Мониторинг Audit Trails и событий в Yandex Cloud Monitoring ![image](https://user-images.githubusercontent.com/85429798/134897482-37c00391-7a01-48c1-9b78-bae7513b42d0.png) ![image](https://user-images.githubusercontent.com/85429798/134897506-79fbbffa-0537-4028-b1f3-132486127fdf.png) ### Описание Решение содержит рекомендации о том, как мониторить работоспособность самого сервиса Audit Trails и событий безопасности с помощью сервиса [Yandex Monitoring](https://cloud.yandex.ru/services/monitoring) - Мониторинг самого сервиса Audit Trails: - статус объета Trail (Active или не Active) - кол-во обработанных событий (наличие всплесков) - Мониторинг событий безопасности: - список представлен ниже #### Мониторинг самого сервиса Audit Trails - Перейдите в Audit Trails -> Monitoring -> Открыть в мониторинге - Выберите необходимый dashboard: "Trails by status" или "Delivered events" - Нажмите на "..."(троеточие) , выберите "создать алерт" - Настройте [алерт согласно документации](https://cloud.yandex.ru/docs/monitoring/operations/alert/create-alert) на интересующий вас порог,например на dashboard "Trails by status" условие "status не равен 1 в течении 5 минут" (раз в секунду trail шлет метрику 1, если жив) ![image](https://user-images.githubusercontent.com/85429798/134897575-762c94fc-e709-4aed-a143-ec512852b5da.png) #### Мониторинг событий из Audit Trails - Перейдите в Audit Trails -> Monitoring -> Открыть в мониторинге -> Обзор метрик - Сформируйте необходимый запрос к желаемой метрике из списка ниже, например: "trail.processed_events_count"{folderId="b1gh4nansv4ebqqmeu7b", service="audit-trails", event_type="yandex.cloud.audit.compute.CreateInstance"}" - Нажмите на "..." троеточие -> "Создать алерт" - Настройте [алерт согласно документации](https://cloud.yandex.ru/docs/monitoring/operations/alert/create-alert) на интересующий вас порог, например "Больше 0" ![image](https://user-images.githubusercontent.com/85429798/134897649-90cedcfc-ba5f-4037-9278-a5fd58beb12d.png) #### Список интересных метрик с точки зрения ИБ - UpdateSecurityGroup (Изменение группы безопасности) - UpdateSecretAccessBindings (Назначение прав на lockbox секрет) - AddInstanceOneToOneNat (Добавление публичного IP-адреса виртуальной машине) - RemoveInstanceOneToOneNat (Удаление публичного IP-адреса ВМ.) - DeleteInstance (удаление ВМ) - instancegroup.DeleteInstanceGroup (удаление группы ВМ) - CreateAccessKey (Создание ключа доступа) - CreateApiKey (Создание API ключа) - DeleteFederation (удаление федерации) - UpdateServiceAccountAccessBindings (Обновление списка привязок прав доступа) - DeleteSymmetricKeyy (Удаление симметричного ключа.) - ScheduleSymmetricKeyVersionDestruction (Запланирование уничтожения версии симметричного ключа.) - DeleteCloud (Удаление облака) - DeleteFolder (Удаление папки) - BucketAclUpdate (Изменение ACL бакета.) - BucketDelete (Удаление бакета.) - BucketPolicyUpdate (Изменение политик доступа бакета.) - CreateNetwork (Создание облачной сети.) - DeleteNetwork (Удаление облачной сети.) - др. ================================================ FILE: auditlogs/trails-function-detector/README.md ================================================ ## Yandex.Cloud Trails-function-detector: Alerts and response to Information Security events in Audit Trails using Cloud Logging and Cloud Functions + Telegram ![Logo-scheme](https://user-images.githubusercontent.com/85429798/132173603-0fde1851-2572-404a-82a0-33034e16d0ea.png) Kubernetes logo
Kubernetes logo
#### To be revised - Function_trigger on Cloud Logging in Terraform - Audit Trails in Terraform #### Description The solution uses Cloud Functions and Audit Trails to perform: - Telegram alerts for the following Audit Trails events (optional): - Create danger, ingress ACL in SG (0.0.0.0/0). - Change Bucket access to public. - Assign rights to the secret (Lockbox) to some account. - To be updated on request based on the [list of current use cases](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/_use_cases_and_searches). - Active response (optional): - Removing a dangerous security group rule: for Rule No. 1. - Removing assigned rights for a secret in Lockbox: for Rule #3. - Telegram alerting for any selected Audit Trails event. #### Generic diagram ![image](https://user-images.githubusercontent.com/85429798/134821478-46e3e6a4-4bf9-4425-8d8d-61bc87bc1bb2.png) #### Prerequisites: - :white_check_mark: A custom log group created in Cloud Logging ([instructions](https://cloud.yandex.ru/docs/logging/operations/create-group)). - :white_check_mark: Audit Trails service enabled with logs output to the Cloud Logging log group ([instructions](https://cloud.yandex.ru/docs/audit-trails/quickstart)). - :white_check_mark: Service account (it will be granted relevant rights). - :white_check_mark: A bot created in Telegram ([instructions](https://tlgrm.ru/docs/bots#kak-sozdat-bota)). - :white_check_mark: ID of the chat with a Telegram bot (to get the Chat ID, first write at least one message to the bot, then use https://api.telegram.org/bot/getUpdates to get the Chat ID). - :white_check_mark: After you run the Terraform script, enable the trigger for Cloud Logging in the UI (see details below). #### Terraform description Terraform module: - It accepts the following input: ```Python // Call the module module "trails-function-detector" { source = "../" // path to the module //General: folder_id = "XXXXXXX" // your_folder_id service_account_id = "XXXXXXX" // Your service account ID to which the serverless.functions.invoker rights will be assigned //Info for Telegram alerts: bot_token = " XXXXXX:XXXXXXXXXXXXXX" // A token of a Telegram bot for sending alerts. To get a token: https://proglib.io/p/telegram-bot chat_id_var = "XXXXXXX" // To get the Chat ID, first write any message to the bot, then use https://api.telegram.org/bot/getUpdates. //Enable Detection-rules: rule_sg_on = "True" // The rule: "Create danger, ingress ACL in SG (0.0.0.0/0)" (set to False if not needed) del_rule_on = "False" // Enable active response to the rule_sg_on rule: removes the danger rule from a security group rule_bucket_on = "True" // The rule: "Change Bucket access to public" (set to False if not needed) rule_secret_on = "True" // The rule: "Assign rights to the secret (Lockbox) to some account" (set to False if not needed) del_perm_secret_on = "False" // Enable active response to the rule rule_secret_on rule: remove rights for the secret assigned in Lockbox //Additional events for alerts without details any_event_dict = "yandex.cloud.audit.iam.CreateServiceAccount,event2" // Leave as is unless you need an alert for additional events, or "yandex.cloud.audit.iam.CreateServiceAccount,event2". To get event names, go to: https://cloud.yandex.ru/docs/audit-trails/concepts/events //TBD when we support triggers for Cloud Logging in Terraform //loggroup_id = "af3o0pc24hi1qmpovcss" //The ID of the log group to which Audit Trails writes events (you can view it in Cloud Logging, it was created along with the trail) } ``` - Assigns serverless rights.functions.invoker for the specified service account (if the response is enabled, it also assigns the rights vpc.SecurityGroups.admin, lockbox.admin). - Creates a function based on a Python script (the function executes the logic described above). - After Terraform (it will be packed in Terraform later), enable Function_trigger on Cloud Logging via the UI using the following parameters: Type: `Cloud Logging` Log group: The one created in Cloud Logging Waiting time: `10` Batch size: `5` Function: The function-for-trails function that you created by a Terraform script #### Example of calling a module: See the example of calling modules in /example/main.tf ================================================ FILE: auditlogs/trails-function-detector/README_RU.md ================================================ ## Yandex Cloud: Trails-function-detector Оповещения и реагирование на события ИБ Audit trails с помощью Cloud Logging/Cloud Functions + Telegram ![Logo-scheme](https://user-images.githubusercontent.com/85429798/132173603-0fde1851-2572-404a-82a0-33034e16d0ea.png) Kubernetes logo
Kubernetes logo
#### Будет доработано - Function_trigger на CloudLogging в terraform - AuditTrails в terraform #### Описание Решение выполняет c помощью CloudFunctions и AuditTrails: - Оповщение в telegram на следующие события AuditTrails (опционально): - 1)"Create danger, ingress ACL in SG (0.0.0.0/0)" - 2)"Change Bucket access to public" - 3)"Assign rights to the secret (Lockbox) to some account" - Будут добавляться по запросам желающих (из [списка актуальных Use cases](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/auditlogs/_use_cases_and_searches)) - (Опционально) Активное реагирование: - Удаление опасного правила группы безопасности (для правила № 1) - Удаление назначенных прав на секрет в Lockbox (для правила № 3) - Оповещение в telegram на любое событие AuditTrails (на выбор) #### Общая схема ![image](https://user-images.githubusercontent.com/85429798/134821478-46e3e6a4-4bf9-4425-8d8d-61bc87bc1bb2.png) #### Пререквизиты - :white_check_mark: Созданная custom лог группа в CloudLogging ([инструкция](https://cloud.yandex.ru/docs/logging/operations/create-group)) - :white_check_mark: Включенный сервис Audit Trails (с выводом логов в лог группу CloudLogging) ([инструкция](https://cloud.yandex.ru/docs/audit-trails/quickstart)) - :white_check_mark: Сервисный аккаунт (ему будут выданы необходимые права) - :white_check_mark: Созданный бот в telegram ([инструкция](https://tlgrm.ru/docs/bots#kak-sozdat-bota)) - :white_check_mark: ID чата с telegram ботом (для получения chat-id сначала пишем хотябы одно сообщение боту, далее используем https://api.telegram.org/bot/getUpdates для получения id чата) - :white_check_mark: После выполнения Terraform скрипта, необходимо в UI включить trigger на CloudLogging (подробности ниже) #### Описание terraform Модуль terraform: - Принимает на вход: ```Python // Вызов модуля module "trails-function-detector" { source = "../" // путь до модуля //Общие: folder_id = "XXXXXXX" // your_folder_id service_account_id = "XXXXXXX" // yout service-account id, которому будут назначены права: serverless.functions.invoker //Инфо для telegram уведомлений: bot_token = "XXXXXX:XXXXXXXXXXXXXX" // токен telegram бота для отправки уведомлений (Для того, чтобы получить токен https://proglib.io/p/telegram-bot) chat_id_var = "XXXXXXX" // для получения chat-id сначала пишем хоть одно сообщение боту, далее используем https://api.telegram.org/bot/getUpdates для получения //Включение Detection-rules: rule_sg_on = "True" // Правило: "Create danger, ingress ACL in SG (0.0.0.0/0)" (если не требуется то выставить в False) del_rule_on = "False" // Включение активного реагирования на правило rule_sg_on: удаляет опасное правило группы безопасности rule_bucket_on = "True" // Правило: "Change Bucket access to public" (если не требуется то выставить в False) rule_secret_on = "True" // Правило: "Assign rights to the secret (Lockbox) to some account" (если не требуется то выставить в False) del_perm_secret_on = "False" // Включение активного реагирования на правило rule_secret_on: удаляет назначенные права на секрет в Lockbox //Доп. события для получения уведомлений без деталей any_event_dict = "yandex.cloud.audit.iam.CreateServiceAccount,event2" // оставить как есть, если не требуется alert на доп. события, либо "yandex.cloud.audit.iam.CreateServiceAccount,event2", нащвания событий, можно получить https://cloud.yandex.ru/docs/audit-trails/concepts/events //TBD когда появится поддержка триггеров для cloudlogging в terraform //loggroup_id = "af3o0pc24hi1qmpovcss" //id лог группы, в которую AuditTrails пишет события (можно посмотреть в CloudLogging, создавалась при создании трейла) } ``` - Выполняет: - назначение прав serverless.functions.invoker на указанный сервисный аккаунт (в случае включения реагирования, назначает также права vpc.securityGroups.admin,lockbox.admin) - создает функцию на основе python скрипта (функция выполняет описанную выше логику) - Действия после terraform (будет упаковано в terraform позже): - необходимо через UI включить Function_trigger на CloudLogging со следующими параметрами: - тип: CloudLogging - лог группа: созданная в CloudLogging - время ожидания: 10 - размер группы сообщений: 5 - функция: созданная с помощью terraform скрипта функция "function-for-trails" #### Пример вызова модуля: См. Пример вызова модулей в /example/main.tf ================================================ FILE: auditlogs/trails-function-detector/example/README.md ================================================ 1) Download the files and go to the example folder. 2) Fill out the main.tf file with your values. 3) Run: ``` terraform init ``` ``` terraform apply ``` ```Python // Call the module module "trails-function-detector" { source = "../" // path to the module //General: folder_id = "XXXXXXX" // your_folder_id service_account_id = "XXXXXXX" // your service-account ID to which the serverless.functions.invoker rights will be assigned //Info for Telegram alerts: bot_token = "XXXXXX:XXXXXXXXXXXX" // A token of a Telegram bot for sending alerts (to get a token, go to: https://proglib.io/p/telegram-bot) chat_id_var = "XXXXXXX" // To get the Chat ID, first write at least one message to the bot, then use https://api.telegram.org/bot/getUpdates //Enable Detection-rules: rule_sg_on = "True" // The rule "Create danger, ingress ACL in SG (0.0.0.0/0)" (set to False if not needed) del_rule_on = "False" // Enable active response to the rule_sg_on rule: removes the danger rule from a security group rule_bucket_on = "True" // The rule "Change Bucket access to public" (set to False if not needed) rule_secret_on = "True" // The rule "Assign rights to the secret (Lockbox) to some account" (set to False if not needed) del_perm_secret_on = "False" // Enable active response to the rule rule_secret_on rule: remove rights for the secret assigned in Lockbox //Additional events for alerts without details any_event_dict = "yandex.cloud.audit.iam.CreateServiceAccount,event2" // Leave as is unless you need an alert for additional events, or "yandex.cloud.audit.iam.CreateServiceAccount,event2" (to get event names, go to: https://cloud.yandex.ru/docs/audit-trails/concepts/events) //TBD when we support triggers for Cloud Logging in Terraform //loggroup_id = "af3o0pc24hi1qmpovcss" //The ID of the log group to which Audit Trails writes events (you can view it in Cloud Logging, it was created when creating the trail) } ``` ================================================ FILE: auditlogs/trails-function-detector/example/README_RU.md ================================================ 1) Скачате файлы и перейдите в папку example 2) Заполните файл main.tf своими значениями 3) Выполните ``` terraform init ``` ``` terraform apply ``` ```Python // Вызов модуля module "trails-function-detector" { source = "../" // путь до модуля (нет необходимости изменять, ведет к модулю в корне) //Общие: folder_id = "XXXXXXX" // your_folder_id service_account_id = "XXXXXXX" // yout service-account id, которому будут назначены права: serverless.functions.invoker //Инфо для telegram уведомлений: bot_token = "XXXXXX:XXXXXXXXXXXXXX" // токен telegram бота для отправки уведомлений (Для того, чтобы получить токен https://proglib.io/p/telegram-bot) chat_id_var = "XXXXXXX" // для получения chat-id сначала пишем хоть одно сообщение боту, далее используем https://api.telegram.org/bot/getUpdates для получения //Включение Detection-rules: rule_sg_on = "True" // Правило: "Create danger, ingress ACL in SG (0.0.0.0/0)" (если не требуется то выставить в False) del_rule_on = "False" // Включение активного реагирования на правило rule_sg_on: удаляет опасное правило группы безопасности rule_bucket_on = "True" // Правило: "Change Bucket access to public" (если не требуется то выставить в False) rule_secret_on = "True" // Правило: "Assign rights to the secret (Lockbox) to some account" (если не требуется то выставить в False) del_perm_secret_on = "False" // Включение активного реагирования на правило rule_secret_on: удаляет назначенные права на секрет в Lockbox //Доп. события для получения уведомлений без деталей any_event_dict = "yandex.cloud.audit.iam.CreateServiceAccount,event2" // оставить как есть, если не требуется alert на доп. события, либо "yandex.cloud.audit.iam.CreateServiceAccount,event2", нащвания событий, можно получить https://cloud.yandex.ru/docs/audit-trails/concepts/events //TBD когда появится поддержка триггеров для cloudlogging в terraform //loggroup_id = "af3o0pc24hi1qmpovcss" //id лог группы, в которую AuditTrails пишет события (можно посмотреть в CloudLogging, создавалась при создании трейла) } ``` ================================================ FILE: auditlogs/trails-function-detector/example/main.tf ================================================ // Вызов модуля module "trails-function-detector" { source = "../" // путь до модуля //Общие: folder_id = "XXXXXXX" // your_folder_id service_account_id = "XXXXXXX" // yout service-account id, которому будут назначены права: serverless.functions.invoker //Инфо для telegram уведомлений: bot_token = "XXXXXX:XXXXXXXXXXXXXX" // токен telegram бота для отправки уведомлений (Для того, чтобы получить токен https://proglib.io/p/telegram-bot) chat_id_var = "XXXXXXX" // для получения chat-id сначала пишем хоть одно сообщение боту, далее используем https://api.telegram.org/bot/getUpdates для получения //Включение Detection-rules: rule_sg_on = "True" // Правило: "Create danger, ingress ACL in SG (0.0.0.0/0)" (если не требуется то выставить в False) del_rule_on = "False" // Включение активного реагирования на правило rule_sg_on: удаляет опасное правило группы безопасности rule_bucket_on = "True" // Правило: "Change Bucket access to public" (если не требуется то выставить в False) rule_secret_on = "True" // Правило: "Assign rights to the secret (Lockbox) to some account" (если не требуется то выставить в False) del_perm_secret_on = "False" // Включение активного реагирования на правило rule_secret_on: удаляет назначенные права на секрет в Lockbox //Доп. события для получения уведомлений без деталей any_event_dict = "yandex.cloud.audit.iam.CreateServiceAccount,event2" // оставить как есть, если не требуется alert на доп. события, либо "yandex.cloud.audit.iam.CreateServiceAccount,event2", нащвания событий, можно получить https://cloud.yandex.ru/docs/audit-trails/concepts/events //TBD когда появится поддержка триггеров для cloudlogging в terraform //loggroup_id = "af3o0pc24hi1qmpovcss" //id лог группы, в которую AuditTrails пишет события (можно посмотреть в CloudLogging, создавалась при создании трейла) } ================================================ FILE: auditlogs/trails-function-detector/example/provider.tf ================================================ terraform { required_providers { yandex = { source = "yandex-cloud/yandex" version = ">= 0.47.0" } } required_version = ">= 0.13" } provider "yandex" { service_account_key_file = "./key.json" # or you can use: token = var.token for user account not sa cloud_id = "XXXXXX" #your cloud_id folder_id = "XXXXXX" #your folder_id max_retries = 10 } ================================================ FILE: auditlogs/trails-function-detector/function/main.py ================================================ import json import os import sys import uuid import string import random from datetime import datetime import requests # -------------------------Env # Для того, чтобы получить токен https://proglib.io/p/telegram-bot bot_token = os.environ['BOT_TOKEN'] # Для получения chat-id сначала пишем хоть одно сообление боту, далее используем https://api.telegram.org/bot/getUpdates chat_id_var = os.environ['CHAT_ID'] # набор типов событий, на которые алертить, без деталей temp_any_event_dict = os.environ['EVENT_DICT'] # Включение detection rules with details rule_sg_on = os.environ['RULE_SG_ON'] rule_bucket_on = os.environ['RULE_BUCKET_ON'] rule_secret_on = os.environ['RULE_SECRET_ON'] # Active Remediations del_rule_on = os.environ['DEL_RUL_ON'] del_perm_secret_on = os.environ['DEL_PERM_SECRET_ON'] #--------------Преобразование any_event_dict any_event_dict = temp_any_event_dict.split(",") # ------------------------- def handler(event, context): # Общая функция, которую вызывает триггер вызова функции # Тригер преобразовывает исходный json передаваемый в event в dict c помощью метода json.loads. # https://cloud.yandex.ru/docs/functions/concepts/trigger/cloudlogs-trigger # https://cloud.yandex.ru/docs/functions/lang/python/handler # Вызов функции для парсинга main_parse(event) def main_parse(event): full_log = [] # Пробегаемся по сообщению и формируем dict с json событий trails for item in event['messages']: for log_entry in item['details']['messages']: full_log.append(log_entry['json_payload']) # вызов функций правиил: rule_any_event(full_log) # включено всегда # Включаем эти правила в зависимости от переменных if (rule_sg_on == "True"): rule_sg(full_log) if (rule_bucket_on == "True"): rule_bucket(full_log) if (rule_secret_on == "True"): rule_secret(full_log) def prepare_for_alert(json_dict): # Функция, которая готовит словарь с данными из ивента для алерта prep_dict = {} prep_dict['🕘 timestamp'] = json_dict['event_time'] prep_dict['👨 subject_name'] = json_dict['authentication']['subject_name'] prep_dict['☁️ cloud_name'] = json_dict['resource_metadata']['path'][0]['resource_name'] prep_dict['🗂 folder_name'] = json_dict['resource_metadata']['path'][1]['resource_name'] prep_dict['subject_id'] = json_dict['authentication']['subject_id'] prep_dict['subject_type'] = json_dict['authentication']['subject_type'].replace('_', '') prep_dict['folder_id'] = json_dict['resource_metadata']['path'][1]['resource_id'] return prep_dict # -----------------Detection rules def rule_sg(g): print('VIZOV KAGDIY RAZ RULE_SG!!!!!!') #Правило: "Create danger, ingress ACL in SG (0.0.0.0/0)" TUMBLR = False # Переключатель срабатывания правила for json_dict in g: if (json_dict['event_type'] in ["yandex.cloud.audit.network.UpdateSecurityGroup", "yandex.cloud.audit.network.CreateSecurityGroup"] and json_dict['event_status'] != "STARTED"): print('debug infor!!!!!!') print(json_dict['event_type']) for item2 in json_dict['details']['rules']: # print(item2['direction']) if (item2['direction'] == "INGRESS" and "cidr_blocks" in item2 and item2['cidr_blocks']['v4_cidr_blocks'] == ['0.0.0.0/0']): # print(item2['cidr_blocks']['v4_cidr_blocks']) TUMBLR = True # Кастомные поля для вывода в алерт custom_dict = {} # для добавления в url folder_id = json_dict['resource_metadata']['path'][1]['resource_id'] # для добавления в url security_group_id = json_dict['details']['security_group_id'] custom_dict[ '🔗 url_to_sec_group'] = f"https://console.cloud.yandex.ru/folders/{folder_id}/vpc/security-groups/{security_group_id}/overview" custom_dict['🕸 network_name'] = json_dict['details']['network_name'] custom_dict['security_group_id'] = json_dict['details']['security_group_id'] security_rule_id = json_dict['details']['rules'][0]['id'] custom_dict['security_group_name'] = json_dict['details']['security_group_name'] custom_dict['security_rule_id'] = json_dict['details']['rules'][0]['id'] custom_dict['ports'] = json_dict['details']['rules'][0]['ports']['to_port'] # Вызов функции подготовки базовых полей result_prep_f = prepare_for_alert(json_dict) # Вызов реагирования if (TUMBLR == True and del_rule_on == "True"): #and TUMBLR == True and print('debug infor!!!!!!') print('vizov function reagirovanya!!!!!!') del_rule(security_group_id, security_rule_id) custom_dict['Выполнено реагирование'] = "Опасное правило удалено" # Объединение базовых полей и кастомных sum_of_dict = {**result_prep_f, **custom_dict} # Вызов отправки в телеграм, если есть сработка event_type = json_dict['event_type'] if (TUMBLR): send_message(sum_of_dict, event_type) TUMBLR = False # ---- def rule_bucket(g): #Правило: "Change Bucket access to public" TUMBLR = False # Переключатель срабатывания правила for json_dict in g: if (json_dict['event_type'] == "yandex.cloud.audit.storage.BucketUpdate" and json_dict['event_status'] != "STARTED"): if ("true" in [json_dict['details']['list_access'], json_dict['details']['objects_access'], json_dict['details']['settings_read_access']]): TUMBLR = True # Кастомные поля для вывода в алерт custom_dict = {} custom_dict['🧺 bucket_name'] = json_dict['details']['bucket_id'] bucket_id = json_dict['details']['bucket_id'] # для добавления в url folder_id = json_dict['resource_metadata']['path'][1]['resource_id'] custom_dict[ '🔗 bucket_url'] = f"https://console.cloud.yandex.ru/folders/{folder_id}/storage/bucket/{bucket_id}?section=settings" # Вызов функции подготовки базовых полей result_prep_f = prepare_for_alert(json_dict) # Объединение базовых полей и кастомных sum_of_dict = {**result_prep_f, **custom_dict} # Вызов отправки в телеграм, если есть сработка event_type = json_dict['event_type'] if (TUMBLR): send_message(sum_of_dict, event_type) # ------- def rule_secret(g): #Правило: "Assign rights to the secret (LockBox) to some account" TUMBLR = False # Переключатель срабатывания правила for json_dict in g: if (json_dict['event_type'] in ["yandex.cloud.audit.lockbox.UpdateSecretAccessBindings"] and json_dict['event_status'] != "STARTED" and json_dict['event_status'] == "DONE"): for item2 in json_dict['details']['access_binding_deltas']: if (item2['action'] == "ADD"): TUMBLR = True # Кастомные поля для вывода в алерт custom_dict = {} # для добавления в url folder_id = json_dict['resource_metadata']['path'][1]['resource_id'] # для добавления в url secret_id = json_dict['details']['secret_id'] custom_dict['assigned_role'] = json_dict['details']['access_binding_deltas'][0]['access_binding']['role_id'] role_id = json_dict['details']['access_binding_deltas'][0]['access_binding']['role_id'] sa_id = json_dict['details']['access_binding_deltas'][0]['access_binding']['subject_id'] custom_dict['assigned_subject'] = json_dict['details']['access_binding_deltas'][0]['access_binding']['subject_name'] custom_dict['assigned_subject_type'] = "*" + \ json_dict['details']['access_binding_deltas'][0]['access_binding']['subject_type'] + "*" custom_dict['🔐 secret_name'] = json_dict['details']['secret_name'] custom_dict['🔗 url_to_secret'] = f"https://console.cloud.yandex.ru/folders/{folder_id}/lockbox/secret/{secret_id}/overview" # Вызов функции подготовки базовых полей result_prep_f = prepare_for_alert(json_dict) # Вызов реагирования if (TUMBLR == True and del_perm_secret_on == "True"): del_perm_secret(secret_id, role_id, sa_id) custom_dict['Выполнено реагирование'] = "Назначенные права удалены" # Объединение базовых полей и кастомных sum_of_dict = {**result_prep_f, **custom_dict} # Вызов отправки в телеграм, если есть сработка event_type = json_dict['event_type'] if (TUMBLR): send_message(sum_of_dict, event_type) # --------------------any-event-funct #Функция для легкого срабатывания по указанным событиям (не выводит деталей, не содержит реагирования) def rule_any_event(g): #Правило: "Change Bucket access to public" TUMBLR = False # Переключатель срабатывания правила for json_dict in g: if (json_dict['event_type'] in any_event_dict and json_dict['event_status'] != "STARTED"): TUMBLR = True # Вызов функции подготовки базовых полей result_prep_f = prepare_for_alert(json_dict) # Вызов отправки в телеграм, если есть сработка event_type = json_dict['event_type'] if (TUMBLR): send_message(result_prep_f, event_type) # --------Telegram def send_message(text, event_type): # Для того, чтобы получить токен https://proglib.io/p/telegram-bot # Для получения chat-id сначала пишем хоть одно сообление боту, далее используем https://api.telegram.org/bot/getUpdates # На входе для функции в vars вынести chat_id, token if event_type in ["yandex.cloud.audit.network.UpdateSecurityGroup", "yandex.cloud.audit.network.CreateSecurityGroup"]: result_text = '*⛔️ Detection rule* : "Create danger, ingress ACL in SG (0.0.0.0/0)":\n\n' elif event_type in ["yandex.cloud.audit.storage.BucketUpdate"]: result_text = '*⛔️ Detection rule* : "Change Bucket access to public":\n\n' elif event_type in ["yandex.cloud.audit.lockbox.UpdateSecretAccessBindings"]: result_text = '*⛔️ Detection rule* : "Assign rights to the secret (LockBox) to some account":\n\n' else: result_text = f'*⛔️ Detection rule on event* : "{event_type}":\n\n' for item in text: result_text = result_text + '*' + item + '*' + ': ' + text[item] + '\n' print(result_text) token = bot_token chat_id = chat_id_var url_req = "https://api.telegram.org/bot" + token + "/sendMessage" + \ "?chat_id=" + chat_id + "&text=" + result_text + "&parse_mode=Markdown" results = requests.get(url_req) print(results.json()) # -----------------------------#Active remediation # Get-token def get_token(): response = requests.get( 'http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token', headers={"Metadata-Flavor": "Google"}) return response.json().get('access_token') # ---------- # Удаление sg правила def del_rule(sg_id, sg_rule_id): token = get_token() request_json_data = {"deletionRuleIds": [f"{sg_rule_id}"]} response = requests.patch('https://vpc.api.cloud.yandex.net/vpc/v1/securityGroups/'+sg_id+'/rules', data=json.dumps(request_json_data), headers={"Accept": "application/json", "Authorization": "Bearer "+token}) print("START DEBUG--------------------------") #print(response) #print(request_json_data) #print(token) #print(response.request.url) #print(response.request.body) #print(response.request.headers) #return response print("STOP DEBUG----------------") # ---------- # Удаление назначенных прав на секрет def del_perm_secret(secret_id, role_id, sa_id): token = get_token() request_json_data = {"accessBindingDeltas": [{"action": "REMOVE", "accessBinding": { "roleId": f"{role_id}", "subject": {"id": f"{sa_id}", "type": "serviceAccount"}}}]} response = requests.post('https://lockbox.api.cloud.yandex.net/lockbox/v1/secrets/'+secret_id+':updateAccessBindings', data=json.dumps(request_json_data), headers={"Accept": "application/json", "Authorization": "Bearer "+token}) print("START DEBUG--------------------------") print(response) print(request_json_data) print(token) print(response.request.url) print(response.request.body) print(response.request.headers) return response print("STOP DEBUG----------------") # ----------------------------- # Отладочная загрузка файла json руками, в случае вызова cloud-functions json файл сам передается в handler ''' with open("test.json", "r") as read_file: data = json.load(read_file) handler(data, "d") ''' ================================================ FILE: auditlogs/trails-function-detector/function/requirements.txt ================================================ ================================================ FILE: auditlogs/trails-function-detector/images/Logo-scheme.drawio ================================================ 7X3Z0qM4tu7TVMQ5F9XBjH3JZAxmtME2vtnBPJjJGMzw9FsC/NdfmdlxOmLv6ug+7YrKso20pKU1fktSkb/hXDGIjVsnahWE+W8YEgy/4fxvGIaiCAU+4JNxfYIg+PIkbtJgffbHg1M6he+O69MuDcLnnzq2VZW3af3nh35VlqHf/umZ2zRV/+duUZX/edbajcOfHpx8N//56SUN2uS9MGr7R8M+TONknXqD0UtD4b47ryt5Jm5Q9d8e4cJvONdUVbt8KwYuzKH03nJZ6HZ/p/WLsSYs23+E4Pg6Rb+zUUvfHSF78r+7L534fVXGy827dcErs+34lgDgu4Zf02IWFfsKmzYFAlJcL8yN6pm2aVWCdq9q26oAHXLYwLr+PW6qrgy4Kq+aeSg8mv/5NgaTpzGkbasaPHWf9aLCKB1CwDU7T8m8nyLvJ+B74Lbubziz/MR2dRn/hnHpmdWPPXIQ44oB/2gnOxHsGHyDfxiJ4RgHfPJIqFkUfMLuNe50NiWOiaWISe4pfMjk/WmXT+CLIvQMww0qy8gPX5wJcuR4ThAb2xbBPkj8wmYCPMCVIu9cXMucK5srxXa8ka/OYAEPrFme7CN73qc+HaCRp6FAazs/GoDxsAHddWhBBw1LPlARPLBaYEY5FmGMnHpMe6zUAjxlVLm4xL5qicJDEF41HZq8lp5F3swEW5YyQY4ZjJS0u4vHwi0f43i4JpXo0s/OvwyNQW8U0ZBxT3wZYLSQ8uHc2jAEjeWjxDXBqQjwdKOxSHgyJWhrxB0WXILsMYnYo35Qh8s4Go/6KAy7RMwET0CkxEW7idveh92gcIdCKqSxSvqHfQbkXoof+qn0MEMJwE/wr4pdthth96DNLcMRSNGT6nXQJyASMT0+M+LZ9IADBCx293hcxf7YDJGm20dyc9vjGEnbu16KRI0/yelmY3kSfUboR4/SaXJssITm++51fOWlAOj33tENdPDl1cguGqmtguyx1GFOIp69ujK3LA0PCJzwvYF2a9CP1dB7FsRjoBg++BkFeHXT2qziEC6Wh4dyexqWhoYSWAaliOnLLe9qIxcvQdmGegae0s75WfsYpsdobzJU0PfqFZVlKEc9VR4YfUJ9RmieD9rQ8iK6Ktcuo0+leUJwj6G4q9YgCNQLUpAxQYBvBmCfFbv2oEJ+SivqDFxrsJ0e57eelZxz106+Bfo8QuTonyPvQqcMGqTgye2JVxPd303G4WJph282IhWKtyIsAuHlXlslOu2MYQLj0ttjq6DwWxJqLU/sOiFm1FZ+GujTngbKAy075dy55VMBX11NxCx7fOljIaPuWcDQV3yhB71n1EbEUO0elHKyHTZ64Odu6t0wtwgwqkGjQGJrp9R6rXFeYBx7myggJO22TWh6cAkt0vuF8sDp49VUzgTncGwbieVDp672sH2FZgQFWQc0RhvZeARPGLPVGJ7ttW5mMpdrMqfkVBaxdmLM7H4pn3iDayd9jyUEx21yhWFG2/NsrHYLI5GgVDksqCcVCnuvXKnYKVgpZpyD8Sxr4AC72LrSVfyyvS2y3TagF3J8yoytmFpG0HRNupdbOCGpUtQ01+vVoO/19Hq4cX08HOSedUQGmYIpIELWaLdHR/U6IkwDma0cEFVGYTpqr2x7rKDwkY6yW3x/zjdUa5UlPWCDPXkmxoFZS2YXS5p16iwVmqYOgwEZblT+grZhbz5ZZg+YzgbQ5jnlXVDlabLFuOdiGsN9DTzGz+m+JrGplYhNAx6wo/vyyqcwyT5TGRvUp+jMuoOO57qkcNpE+mt/YF65n3pFQjN0aR+gqnpDzekNVx1AT+jSuqKOj9tEZXAFnT280KucUnud1uI+AuNLJbctGT1pSp9+JiXfQ0cLDter9eia277f9xJjgLwVXR5tFpr2iA2PDtFUdsPFBnkZi3NrjVxpP+Upo4kCjiSHVe5dNvHDK4hWR+S5r0JepJHswl6Td/4GhrX6yVTaRmsnjGn5CafEJxfvKRxQsPLOFhgD1RiNf+0afxsfjg9FzGnmOe5BlGcSxgQf5h1mC8kUwMddBgFcOoFvpgBSBMOcgI/MTxmJE1jwIXPmn0mFRAI0jBlLK+lPA/6JdB5QYDmYn2bSnwb88PLh5d+Al7QJoorxruRww8JS9R5p3lS1q4AYx1Y54gkX4aQen9Yp3WU2iDMMSImUeNzvAXJ4SKmTjQ/htPUu5IGJGk+MYC5muz0Ap+xUxLifM7wTFApR3Lqgy44Sfnyezvi18hk2MdvAJC6cHnpkM1K8kVXj5rVl1Ccm7cif8AKaQp76C0OLDzuanOML1ijd6TXHXn/gcD3cMBj/M1pINgwl0bLY7DJKPJEQZ4MY3RzTqPSRqNz3HJo/kX1dUC8hCnbZ8TqJQHSlbMjia6+0AC7otHtWS7i2AGdD5srzg2HmpRvTEF807gYmNIoRAc7UkuuNfLYTRXrbp0tG3R3OOJRxXfvFa4sLOCPso56tLg6K1reS3lDe9ogRW3TcbKlJZTCsbuXXzfAcMLTUbWjUNDlGeXRD5GMucpsBqP3kboPNaCCHsM8UC4q6DER09yranmCogwQRlQHRFCoiryvEjzuC3KL9ZqPGP2GFS520jMDhKJfSx8q94pElPEoltRSfhrl2w3iHDtWtCsAO1kl5o+eRZJDRzWZStyrZtjd6EPdgMNFC6Ge5rcPqNUX9neAB2w2eyYOjN6G6xVMb3XCYkZ3QfXB4OBuILLiYqdjg8fD8rU7TG8QGzyic88VevW0RdPOYgr4RrP0JvdiMyftBipDlNiSbY0xut6wahX0eXyhUc8MqI0LGALmic/1JN5IRjboe8lVtdr1BydRxS9yHDSOy2ZxUIX5mW3IWVJpIbUp4OAAJ4S3MiFQJG/vA6OkoVD4tb+p8T48MIkU6wwPj0vCEYDZMTF3FtC13W9t4kcYL4j+H1wQMokFUhChzf6Jrrud4Ss1Sm/JnXA3t74QeMCc1SkasZE8vw33Mg17u6w6cTPOsudMui8YNixoJ6H/AVSaWiWrjbbPoCFzyuo+2Oz+jumtrmRITdvxhip5FQxBEZLpxYb1Kqo95xsBK7XWhhXCzM6WCqAKEZATmhXJJlBJxpdEE8aSVujRqo1QveWyKAEdESuruDe2G67R06zdMCEqqOgj0B1W3N+octAoj8eHjdL5o5/3hdkEMxmSpmjwRDZcfFSynOYY3TVwbgN9kSkHSbA9+j3bnpXLa6UgAIpDBW/7x6VntzmQZnjzjDMYO2PRkYpZ6PF2LpHcAKkma+P9FpP3w8hfywiWgkNBbHuGAxyZCt0GEq/ikjwgYEaLkQrynzsNr98DSrA2CyOGhbXOfYXjUJiisOJbF9t2bPevaUXg4ESzLme2O00wEa8ngggU9wxiBJfSupwevm3AUUVBH8KaAn481DZz4Qm83cpcPT1Bagb742c/mitamahEvXjDcbK6TB5A+Q6ftsSQ2BOTOY8rQHc4t5Ac/avr1mErJCDrHOsjMzSYc0eF87SxGYjo4RNRpF72RMpJQXfYUNA7Ii3z1SioDFkG0waO95htuksrJ0zEJBtmj+90T1qowW+B1RPcRo7wu1/0JOXZDdRtUBhGQnKiEskFxWJe8zuA/RQyhud8l987agoAMdPHEvBPpCTHss+klnyN0mEnDLIfxCgkSMNLOzulXmaEXzYLBlzaP27OrJZiDJU8UfZ2fIogNyrXFM2LbpTuYQbcHCvSc/KA73x/tc4NdUjnrUEtiKq4rdBIbSVeFgxGJwVWcFO694JmFac5usWjwGYS/wOq0y2oXgVltaxdQ2E+TSaXMMSyaOmqWgzfomRF4HDVaLBuXEIvuIzh1sPR8XTykRve82JusudvUGYXc4LQvsriQwxBzkt01/ahnF7G4XuOOgIn5buw1wtWKi+de1TLML7eeYtJ9kp6t+6A207OusjS+C4zPCc0mevHmpu3C4ozqUXnTJlSZM35MqgAcoVE2F2smz/SPF6iuiQiqPISbCeD5nRxQRh4xF+783NstRRcq7+iXDc+wnoucFQXN0eY4zHhk3FBkz0mplm2I1ry6VNRlUoZCOGKgjMpxmPaqcw6Ltg9YHN5wOWSOzFHwLpfJDAvvsUHpCpPyMNiCjM90Vn2ScAoNygEZANGzhTBKj0B2gKX5dYuM2nSiugC5aN0ow22N6/Tie544C8FhYDQlf574PY7CrI+rKN0zBH1rab5fkqI6nZDWtnzgVs2uq+EG2omj7c44iy+RJjaBYbwsbnvqDMVPtsrzFESaJeaUC3raz8Zvjvs8ARDAb/yQ7RmAhkaY5Hcd3NIpx9sB+lp7ySIsJ+B2V3wgogLukQybVlQskvJxsPoz6VTn7fGkECh+HSsnc9Jc8EQCG54MwciIlB70o3+0j+woC1WQKjmlyDHRUaWFGcqZIg9oZzRpNOl5U4xOASFT87q6ghc8NrfNhNmv1+VG9yBlM334rxNB/5Wi+YeXDy//CC/8lr5bHoOkj4FvW4vgSYHhkQ7TWn7kajHTvp7pMJEJrvMq9+W8k3Q9PY/evC8VPsgjvrEY44SK3RWF+1pnKec9GwYg8OfIMFslOEVHvdifbQbRNgKzx1r0JT+woZUeVfFDX5vCtndL8K7t3j1aO9ymwm0VMpGawP2wiUKiqNFsgyiPl+maNnAPud2/dkpsmChj89Fj2BstDYKnUNvTVFJlzMUwYl7cYfsITY7U7IFs4d7eGeBshhuF6bSFm4YNdukODZjV6rMt2gy5ixqmUozDnWHvaq1vu9BkJXQP0DiT9jAdMcUeqaTU867PPaPTMrFtjy8sIVgOERiVZbHGKytXwh0kcnQ27+RQ52UXDQk2hvCe6VXppuevF9+a+6rMwqsi3ffYAOltRuW58FWQiHpvyGPwpMUd84ULPFgIMUl4eDFs/GxvN42lPOxYoahnb5NKnwLDoijJboamVlVe9BmRG3OUbzxPKiTKc0sw+owLBl+MzJPKiHxmNPkLO9bW2NM3XOXYOZHuLZSAMfgBd4NvTw3UPoxWb2FxVQnoLgu3T5raR+gLwJGRxi2Z0WSG53oYrUGnS2lvmBtbHqIRk5vhCatv/GUeqCNYfSc86hkMYJ19vaBGBdOofesJQwm6sbmdyLYOmLaPGbatrMfmId/DXa4htl3jAqmPMAtFeFJhNvZqOKLESILDQ8tghDy5UKB4ksQ6pAzRglu51eWJNwEd6X0IE+jOAAmMOfNeCzHfdAmHYBIvLc0NoV1Rl0vjvS5ZRofbhK925o7R6zYCNV5KB6cA5DN4/nFCfcG4YXpxUSC2sDOx3zFW80P2v+BGdTzv3efphVaUQb94JSqAlwpZS+FdMRTOFaW7dMgRUMtNrRFZwv2oDL0s5RuXx7epPwHHPm58bJsQUSQeG/eSKh1AuGcPcEfcbLfZAhsbEHhq8jokO4qMQheMFDAYoIyekZg/5iSvlkFzVO6J1BBwXx1i6/oMkARRbHLqpeVNBpDRFneuwN9Y1j/h2yzmFfofyu+oI/qAp0ywhLNgh+lwEJ10G6apoyt6jWwtCglDF1TGVx6ejEGhd0HZQkzBtKrBwH9Y+WiTQnOX4ziGx6bwXzaqyva0nskiP5/8rofB8Fg1HL49Wk+CxbAqwrYBYBVZW7HNeky9nsuTJPk3cnnS/3HM/T4NTr4dcL+fuevBevw19h9nzxD1L8fPvz6K9g4U9TwzgbA3Hrv/uhU3pWh+R/8jjqJ5eATNoMtRNHNAjgk8auZ7IRfM87FiQ8x9XiVLPbLMZkCRWnKMGJoKs+/nD7E6PLjUEp3GlM3zTq/7TmPvldqrtSPGMbJjONYDZcKgZQPGKeGRuJDChYL5oUbYbAqL4+u2IzHEw0MUq/WJSG72OXHtccTZebPIUDK02AbZniBKTz+OZOboSUfTdBC61LLtpNi0hwRdQPZOgmDddXvMBkSTC3IL66VMx2Gxk05tT1pA7h65BRFeRa1ucPjDNLnd8YLitaxyu4qRlzNieLblVkGJ4UPBEtTlUZY9dpeOsFA1DvhVf+z20sTFSkHtINKn/eMTBuYwOzlJnRPECy83gdkcQJ3F5ggelNJAzYUyZ1b7Gs2xsRdBZn2cb2WmXLdOwHvi4SLfJH3Xw6O4Z0LLlzBAAr0fTmo6Tr3BSef4UMmVzCozABcDgL8JyunPLHODZ6eXU58nnoJ3fowWbKs1ccIfOHiw6Uh2jOhJPb5ER0TI9uU+DlLsWEBUcP+5cPbK6WQWKuuSHoJtUMerQosrzvYQF5ttcUdcXT6rZ3RXnsSKgP1GehIOmHcTpvHiRXq9kTMGJoqtJ9v1JS0R8nSU2p1YiedJurmuiYsB8USYxhBf9mV49RU2oRwyFddR3JWmBZI/Le7Ts1vdopFsAjichDqP2jyJsJxBqyh57o6qc36pZS3enhIBtIVK/mVjC0PHUUwTFI/B3J3IY3vL2NayBok7Hw/B/mJdaPfW23LYb6TcrOXDEG9Ro/OLB9f39mN7iRXVgLHYG1/maEdQk8r26GW3aj9UDHEzd3u1azc92noTFspupt6I7iKGvHPjupw5J1acWTtReoKIchBN1b0aiVjtzr0rOKdSt4eu6CPC1uPYvKO6x2imwyu1WZt9c8EvmkZZqhH6zuHcm6rOHvZKpQkPr7pIKohSbLJn5E6U454T7vzWCcfWYZ/BXUFggbqvEUTudDm+3HfMw6bvRPk6tC1jN7nd7yel9AfUbweYWYKIKnuLFXfBFMhwXxun7lU/Piwv60M9cgols8zizFB3P3ocicJIhhLeD7EMd9SrksWDEWoCZ44gabH2Y9AZLu2O0L6YTTwZVFoJrK1l9Wt47iSJhhX5MXhAYTbhcHoeyitdOL2secPmRhgY6xoSjp88v7b2Vz0+j3Drnr3uxP4unnci3AzQLtDjqBO7hWe2N84OKRHb6rtmx/VIF4xTLO7yxLAfExG424YCUPrScPcr3MeRZXS3O9ghapqv/NhiJTnv+sMthqiiuOToNGPl6XtMFhH9WdxigIWFVtlJo2wko4Z7l+CVtwGNIE0QyAgtYDeqxq5W9DjJDJHO1wb6+tXSltFMV7Y9cYEnJobq+v0dU5DuWhRR/TwfLqXmE/AAvRv2o9N707yFA/21nfOrkO+s+6kzC477KbGuv5dbaCjxGwyJv0ysv0i/fz/Xvu+yvXMtgfyUaaGsfsy0JP4XZVrsPyLTijYEU/GaaYUn8ALwufOROdMSTIj5L7c6q0eOiUyanZ7KBX3WoA7Q2kYEffmnckAEs2HMXXtWTZZrm/7cVZUMssJJOgQV9LQztb1m18GvCGA46ckbL0dMI/Z8+UIV+aW1Wl3Kt31Ils+hdmSfTL2aae4qPHBjWeTAYgfTRJzdocBzhspB/Wjgr6FvyXnLFIteUWmXXoFRPTofiUbI1WgeW5h9WMK4RGG3xcoApzfkkJWddGs6J6BHX6PUFj1dG5qmXAL0UPYeRlFRuB4c7UQKbszSjnItjjKeW0lzvvPPxptgsdIhT7WFqSU7yJMgqdfUPt4K2zuJtzgCgNdz6DDqFLGKE1tNGYVDLX/M8Cs20s4EZ9AI/2jepeImdsfiLiY9ZfN8fU684+bWmv7ecjkfIoTksb97hM9x0zk/7DadhfJbWzd2xycFKm6mq02dylknSm6PxGy2qH4t7vfd+LjTtB2ckTtX2xRq7/wHWD8RvC7kCwSsXarURxjEcps3H2JxcNjD4Vrh+7GqaOt4Me2DmVCbRgyP5Fif5jPcxyHOxT3TaKF5b2XmqJTuObyFskm24z7heC4Kq+5un5JpL9q7E8zgbboZDonOq6lPywePwIz8pCOOwOW3ztK4vIQjw+1tASQ7ZZdlE3qnxOPzUDnjMQxS6wAS58anVKeLCe1weTxZfzOU2RZueHJqdSXvmtsj510nxgBoeOVldyMPMGXep+KgJxd54lqzkq/h5W6fGUlRuAdzaEfSPGaZJKdS2AiP12FPCnL5ON09rqXNypHyLN9unvq1M4Jtt3loz9SqVPK2f5x8SjRb3rUPwmmYwrDty4Y4FYUn3Slev7B0Lp+02nLRV+dX7hEm73NupsozCOPHPXtublxWH9IzrscPJeFCd8vX8eW1rbdczp4MFYBMKbFzrDqeNsh+799Ou8SSSTNREkfSnfF+O5WrdeaYfTZqZriN9nhmHfZsPywFltrsOFJXOTxVHrOxbL0unl4WO8/oHFY2FaNBc3/JtmL5W7nmiVS7YptTAepZEo6CsPdTQ4twFC6r/Bw9JE/5gA2V2WfjlWHOC/Uu5vanRz80VLEJ0oeFiFcKlcZcO6NUdo4VLjcC5d7Jtna7txJCtY8EZl3ilDjuaG+eZhzI0RWXLq8ga060nsELlS+1wrY7J8G3eykSiFMnEF5yvapYi8kskT1v2WFM0qFTffw0tpWUkhfLDO7NIF5ePXJLSFJxKlJWXs21oBEZoHCa1Hw/5wW5yYnlAMKrib3UV63BmnrBClA95sCoZSscVDdJjUuNEpNCHPlJdP0MJIlCcOJRCjPVb7xDnTwGNz4zucf6tc3QfWse7hcCyGd3OIjEJU0sqsB2knJBEl8jHXjg/kgJl7nX0bX2jTpqRv3JI4mb1c7OvFTxIVe2uZ5QB+zGPvtLR28wLYs2r8IpBmKbpHeySC+be4R3tTTieZ1Nm+uWUhyZS14Yr/taXJR9P6B654VnL8oQbbzdHq/rM2gKSrn0j9sWXmyAF0eD1i2gmAXeYtx9d0rqreJujkdjIzYKBy8tKC17iuBhB9uTeFtSTz3c3yEgYA/0dTDS1hVaNjOogTIEOKKMp7YaOx4G9wYapb76EYVxiWnc4py/hQ+HqmVjOKsaqEf6Q91Oe8QIaoV8vfrH85AcI4Qd9rfjIVOgx0b+4ckltlLe1NDGUiFJ9mzEm9XOmU8Ju9uW3SayYpzhpU5EIR47mNWFnYw5DokprydBYuPNFFjuuk2swiHZITOeWxaRCc8CkSJhC/I06MpJs+hqTBrUqNvsbl97gePGQRhPLG/VHJ+j29Ht3UMznERR2DVFrHLjQ1bdk2GiY467PX1w44vUYVfi5J4okpfUTSobmzsl02fsfArhvVr3lCZMl/QX87rbZCblsDcAG0AhFXDNfPhGTtNe90386s/bjW4Zuc4RPW1Tfye7Z86n08KcdtLTNoChDY/+wEov94wcGAd1dgBJbk5zauhIItnf/x5e+4bPfrEx8j8CazhO/ADWsF9sjJDI++F3wEZs/iLA9lfc0v81GvsZfP0an/2Mxp6vGKa8AiyGM/YadhtZwrsMnT8hqbs/Ij5fvRQ8AEUNiasj+fIL/6VmTK9y2yko/FTaB/Vtf6yMkzSpqRS74rm+YQny/h0UeR4g8ivkkVTlmF7i1XH+k7KFexmexknuPIzMpYwoJDxJ9GnoneuxkkRzK90R0F/AzImJtZEYtExFNI7BlUzA1MlEJJ6JVcuJ1Z3Tm5OEKFk8aRn4zTFg7u/94JwCds7gWPD7t76Z2QE8gGnpTDPMn7kzqXf1B3rme9/+Pd4FrPFW5E8PrE+a7FHnZfGYSi8jdbJQFGhjzyaBGMc30G5ZAqpk5gDmGdUTMWmIOmgcQaq8CcYWOm26g/WYnZr5E+AR8jwpmT3oJ9AfoE8VyEDNbNBXAv0kwIuJgn6Dkt0x0AeMS2DzGGAs3WKIcyb1YD5Et1XYhmu8D9qYTuMdDIw9AhnggB72IcCa4Pg9aFv6AHpzgvNL48wvR6DqOPeZljlgH/PPPII+Gi/zqqUC3mJiGdtGZrlyQH+Wvc6vgjYB6EB9jz2qE6QzQdubjhm1hQ5TeQGs9w7kI+ALnYMBOwBzEpPKn1XVsjt1upNL251Q7RjSIWp2U+cxJ2bl0xk02HYCY063mQ6sZVpk4WC6oMI2UuOhfKE+VGhfUB8D6APkzKDqCdoIkOUUgzawlkwdgJyArUiEBuUD1wL7jECvE+Qb2mgMeYdjADsVCCB3cpb3soZ+lgsYS+UZuAYS2B38XGQA9D6vM/PXPtAeYR9znHXOAfpslQ9/f9Ph+tkZgI2hWnbklzZ1WZM1yx7Qq/3ML+ijzvPfO6C3cVmnSUKb0YFtatC/IB0fQ/4B7z6pczMdok3SsrbMJlY6HNopoFt4+9ZH5SV06WPjq3wILXvL2SEWGfrzb91yYF/w2ya0xa7H2VctH/AvIH/oq4fjTAuPKuBDQE8zj/dJA22AD0yz4tmndCseTvOYwmgB3wXrJ+H6Z9nOtgf1vNjnImsb0EA9QFu8I3A9wDYQ4Hezf6lT4AJ/Hle9j9CPof0AXsGa7SVWLOuAvBLQzmdfn/zFdy1oD3McIrV7D+lIfR4bxph4BL4L/Yq0Vj8F9j4C38NUC2gS0AN9wDgGbZpUFxkNi3+rq90K8zhLH38C8gWylxDgw3AcXF1slVChrUMaa7VnaxlDzWIU0IC1q9M8N+DvbfNg/TDujJC/xd4kIJu5D4hPN/5bHzBnPKpvv4Brz2YbxFY6cukDcgWUAYwfb1vOfGKZ3+n1xU8QdbbhxecWG2bePoctvgb9zBxWugnKBdgAMq9ppmOQxYYFfPUdVHv7qpXMfAMfmhbbc5C1z6Tzi+2BGDOufI+QpzknWbtlvfwcI4Bd3UGMZABvMQp5A7ECA3E6Bvyjs36BnQE9AdkCf5t8YqEBvniCNEKvL/EF6PIeA95xoMMlBvEwHkMfndeAQptQZxoVn+c5AZ1aKpxnjZcgtllHHvwmFh+EMVIi1vhArDS9bqmrTs3FT0BsXvVOzLwAGen8Pf4mmyVuf5cfjEG8xn+TMbQ5aLPfdKNCemSZf9ENsMNRhbnpqw/MaT669pn1DmwK2IS92qYzLP4kEbo92wvIt6tNgFy18C1Nq00gGv/dXmGbgH3FaBDzFtmcv9kr1AnMiavdjwyMJauN2zjgh4D+BvP27Dsg7kD7mmMC8Dc1c4B9xPATX2LdvQd+D2gkbKZJoZxMSAPi2RIHgK1jC42/5mQVXeaRSBj74foBb5BmmrHOHDugHmLI6w+/kwu0SdWe4wmMwTjMIWv+B7q+QxzVq0tshnFj5dOHPoqvfgN9A4ey0Gdb8+F6ZtlowHfgbxAHgP3GoF1d1jsxKPzUZjwBny9rWn7foU3hsP/ye9HDskZ/WG0ExMx5jbi25jltArYLZZzOvPZAvrAd6MtZZR3D3yCervnJMrGFJzg3XBPMV0CfvD0ucmWI+bfFoF9yFlToc+hqZ7MNApsYFpuS1vVBmnhabFpCVWSmIVYsBHLnfaZZ4ieMvVCP8zzY4ivAP2xIw7x9ZYRxesmtS24CNkHOcuOZFRc5I+AN2to6Rtwv8gJYjpvHIGHu1CGmmpZcpQLcZE7+jPuW+CANC1Ze8dcJ2AOYD+p/8WcYD1Tc4ld6gHMhngVzohrSQ7shV6yDQQwB6NAlBzsQT03QDnRrxiIYxATq7CtzHoA0JMyp0De+YuccH6ENzDEA4qUJ2Bkx4/B0jqUAryX8LJfZroGdwTVCfDTHBh/iXWSR7ezPBORxiYnOik1UFKz5Sz8w/6vZ/ZtOoX1AO//SKbny/GUHME7DnAhp1Jl3iDudYaaZbWnBpuoaG7QVv+qLXy/2uGLj2R55aA+QJl5jwZyTIZbEljF86AtzPbCuf47jS5787kdzLiXUWWbOjDmgj//hVzDPzzUM5GvUuTXPW/NaQO70Z2wBaocJrgXkFXzBH/47XmKz78245U58iwsLtpnz41xXwJy9+hBDfmEfa/EZNXuPeycud2SWzeyzGYizM25Sp4Ue4gdhWHERPseyTIJrXuszaQR+M841CdT/jGuEaVmnutRQMJZN5oJXJmFcxpR6gEFh2/TGamCtK51EaEvthUJfWHAOxBJQtmCkCfaZsQHs0895B/axpOmtwxWHgTb1rWdkoQM18fi2BWdeC/AP/KuWWTAUschptik4H8R2yIxTZrtTFzrgU1+2mS50S+yf7Zdc6WDbYuOzfKQ5d3/5wWmdD9aWM/6+jwvd/Y1diKXWUyE2H1fMM65yHeb1QR+EeX2WL7NicgnyOy6xz3z79ipfn4DxfPF/UHdAe+Nt9B0jIE9zXbbWVdo85mwrc65fYg2oy+Z878C6AgcxCcQyUPcL/YKfFxwOrOg2j6/xNr7Gu7ctgjy34B+g+5WveFxjIIh9Ab/gXXtY60VsXc+kLbGVUFccDfQ0vOMxyN+L3ufacI7Z+GJvd2SlG7W33r9wEnguqLMeNF74lh/+0N8ix/i73pc8c1e/6f2di/6wl3e+WudD3jlt5hNidX7FF/xq5zyM2XNe7PXTNxtecie62v6C1U/QZ++rDHxyrX2HVU4Ax0trjlbJhU5a6jSYx7P7N3/8wlxf/ggx16K7d585Z6Nr/MIWzKX2q78A7CnAnAVwMLQnuB7Y941JZr8FY/jvug3ID+oX4vGYnJ8DX1tx0FozwDwEbVaCtRXMy7AOhnXhcM5mTAX85Os55GXGIPpcy95XHBavNYq54r07sdDM8QHmQXytLef6ecF7y54J4J9YMSKUXQ/j75IHJWyNO8OaS5DZv2AemP1zzp2QZoC44J1/1r0kIJ8Zz05zvTDvJcXogr18fKHx3zoaFl7muntadPTeRwJ4bMkFIG+c1WVulVwxN6nCeAznsJb9J/h/Vaw6eO8/Edpa44E8SK62PMy2DPe74LxLHYCtdOTqA/iSI+B89rIHxs82CfcL5n0KDco9W/PiXCOaMFessdt/4yRkobkPX/4+7zlBnC2tcWLOP9BXyLWmX/asYO4BsW3p4w9f8XP2PxvK8Z1DlrEBnp7lMfdZ6jp1jilwbGdc+0xLLIH1OrPWeia++uiw7MnAOBev8riP+hs/zXxDHflrbBYg9oRyxL7i7rx3tcpowVCYBmPflxwhRpPXvDvjYmLGRu/9x1kfMexLftfjjMPnuP+lx7nWXu1z1T+sB2B9AOnMSV9yGNyTme1RXfqOSx5429rM67Tindlml/wsve2P+GMfIeH/sONlr2HlG1v2baV5T+c9/1d+X2Q0vPM7wNgrZvNRLV0xEYxf0BctWM8s+yPqss9GaJb03kMZl3Xbwxq/sHfuBraErXsvANv38x7eO85C/HLO5n0d4t024+15Xwf677z3NkAZzDj+jTnfe9GWQ7zj1Bf2mmvruR5bsdGdXLHGHMu1Ze/1jbPcb3vruCvmyO30bT962beHZ7Y4+2yb6v71giQMnsukef6rSyB/9fkNQaE/nN9Qvzi/ed/A+dPpDfIXnd4Q/xHXbT7vWPq8Y+nzjqXPO5Y+71j6vGPp846lDy8fXj7vWPq8Y+nzjqXPO5Y+71j694q0H14+71j67fOOpc87lj7vWPrt846lzzuWPrx8ePm8Y+nzjqXPO5Y+71j6D3vH0v/sKBrZ/qu9Y4n8xVE0lYNZWTC+C/8apcRtnuHCBvXo4N9NxHZt9Pvmj5/gW7x+zpTP2i3/dJr97ugvh9Ig3CJN7P0fIFLANPL++L/zEAgU+u+RW6T5uHRNwvwVwoPrb+3P+cIAbEWJevjesEwKW8qqKdx8acvDtg2b3wFnflrGP7cDnba/u8u5OGzzgUbD5ltbWgazkmEj8p5xbmkbt3xGYKz3qGW4tPZVE/x5xi9C7+uc/vcfZDL/L6NQHBixXb+Qb8kE6bPO3VUqaZmn75mivHLbH6b/UTlcXnUgxiG7rvTh3YHnW1vw/9ScFfZW4g83EeAiwfM+SdvwBFYDH/eNC68OJG2Rw2sb/4xbHPgPtzi2+E+Og/7qEgf+V13ioD6e86/lOST5dpg/vvxveo5SxTFk6N/Kb/AfU86v/Ab7Z/oN/fGb/wy/YbogbSHPjZvm/2bpZraR/5fbIP9Mt9n8m94ZTNoW/sWczLJl29XAcIK/9ek9LcIgdf9WNbBAhr9r+Bte1KuKYoYnuzbpCrgjDHdEN/AlIFaYh3HjFv8FnHD7XyAeV3+bXzKxQ2dL//3X7X+D9xT/902E3Px4r5T8G/aLi6XYL18M8vX0f91Qtn83vn6i5L8gLn/b7L9XfCTpfyA+/lPh+PuViv92AfJzqfpzqfpzqfpzqfpzqfpzqfpzqfrDy4eXz6Xqz6Xqz6Xqz6Xqz6Xqz6XqDy+fS9WfS9WfS9WfS9WfS9X/sdH8w8uHl8+l6s+l6s+l6s+l6s+l6h+PovEfjqL/ykvVMKpU8Pz+q01s3DpRqyCEPf4b ================================================ FILE: auditlogs/trails-function-detector/images/Tech_scheme.drawio ================================================ 7PzXsq1KliWKfk08ZhpaPCIGmoGWb2itNV9/Ya61I2JXRAo7N6rqWNpZtmxMcMBx965a6+74X2CmO/k5Gkt1SLP2LxCQnn+B2b9AEA5iz+9bcP0qIEj4V0ExV+mvIvBvBVZ1Z78Lgd+lW5Vmy59uXIehXavxz4XJ0PdZsv6pLJrn4fjzbfnQ/vmtY1Rk/1BgJVH7j6Vela7l71IQI/92Qciqovz9agLCf13ooj9u/t2TpYzS4fi7IvjzF5iZh2H9ddSdTNa+Y/fHuPx6jvsPrv61YXPWr/+dB47ZuVJspy7mxK5DTVGbUf/tdy/2qN1+d/h3Y9frjxGYh61Ps7cS8C8wfZTVmlljlLxXj0fkT1m5du3vy3/tJPCcFG20LL+PlyZbk/L3ST70629RP/oB09Gc/HH6Xo7iZWi3NaP+Vvw+VLUtM7TD/Jz3Q5+9la7z0GR/FP4FgtFn/PP8r1f+kNgz1vTvjmbzmp3/4QiCf5XLo8/Z0GXrfD23/H4ARX6L8rcuI+Tv8+PvNAP+XVb+nVKAf2hz9Fsbi7/W/TeBPQe/ZfbP5Wcs+mKlTa+HR926lA1ch/tvf2jb/xQB5nkaI+l/IsB/kNY/kel/KEAQ/bMA/2qbfydADPonAkSJf4EA/6kBwsg/yCtLHw/0+3SY13Iohj5qP38rpf8m0Xe0/3aPMgzj78Gus3W9fg9+tK3Dn6WcndXqv4//O/r7LPhd2XvMnn9/cv1x0j/9/buH3tPgj/rek7899nP2x3P/IGOOIwAA+AcZw3+V8TsA/7mJPuM1bHOS/ScDC/6OM2s0F9n6n92I/nOdmbM2Wqv9zy35l8v/D5fyJwPG2vW3kf1JM7BpG/648G/Lj2yp5wYQG8+/XfyJhX+M9d8KH8v6GfW/K8KK9y/VPuaz/PHOpw+/Xvvr4j/VTSWKnxj/J32K2qron+PkEVP2vJp+bbJ6oij1+0JXpekv1c2ehkfxT32vDoxD1a8/g4rSf0HZ/8xR/w7xvx/+W2D9e+34T2zsP/QK/wb8O0TC8J88w7/9Nsv/thL8rl1/u/N3VaN/rhXE/1zDkOfLo5z/qxL9tY3/z/XqD/X/nxIY/s9GdvifBIb/w5Edwf5Dx5BW+z/1C0//13/7bYqvY/irNf4A3z/7DOLxGT9O4H9xB3+8Yxmj/r/lfP6rin57sTxK/lxPmbV79vqIP7mu/+fvC6JHl89/Z9phS/9Db/bX4l/d+4fin5H9D1zfO7r/tZn8GMDvh/56/lvViX8NioEh7M8oBvlHZSX/ia7C/7tUFf1vsIjHfYzvYdX9EK6/BoifYKIPS7VWwxso4mFdh+65oX0v0FHSFD9u6k8Y8f33T4LM+qIfOlrGX0Qwr87XudE/r6T+KAX+KHmO02iNHrX6dQpxY1/8BWIql9bMA5D5YqCef1/LKT9O8Ryp7w8rMpT4llda3UvP3+EG2o/hmkivnaSFHM2J9plA+u7j6um+38Wc5X1xqJtSRhkMRLqRw1Wd8lpEjOBC/67Bo4g0RCMxjuM7k+NBWUOHn7Bl8cmfRonUenCluMxgply31OiFIYVilCR1mXyCGyB1+37ftGFOxjVh53qmcOpPiazP8rxN3UyKwnKJT4lm1o/m0D//OWR5K6+0GH5lTpfp/VgiR9iqPKuRdO7ZtxXbc6DdfoGOldmi0o9wcA53Be0tu080I2Qe8XZdgXxOCgH4+nkFR2e01kmz8tbZqYcWYqn7HJuS18nK2061/yYNLoIFwRNo+VzKwIBLcdsNcU9V0jiYBPL7FN+jtz23Ixv55bkEDcc4f4af0QL+NWoLertzZOJyf3DmGPsFPa1T4iwX7I3dg4n7id90TruWBRgmbvUka6zu5iVkI+bC6XhMIt5yzxhQxE0F3dv7TIvRuRyMqgTXdqjU6t9dSJiP76Ap96l38jiS7452E69CW5ucNFjHIJ0tXkG6FvwCqRSWDhm1L+ne1ceSAQP4HWFiU1S5RYNbggTd7iTtKQPiVzdMcX8KB6l4RoGGKde3sSyBTA2MpvbipG+yunt9GHIocEk6hZnCfvMaUbbjuX3AiDqbPsiUCs8ZCFsblNXbVPMnLIgrqvS1OMgKH3DQEXy1SUYPzVnXajwbIaCs5xHhO8Rwkuc7gsYa7qSB/BR+U/lqEBgAJOfjGp0e7XW8GkhH9R6nJYerG3zu5ZQxZZ8Jae5rxwAP1gcm3SMsGRSuL9S3y3g2SBYAP2rNfeBZFr2LNKneeqAQJyx6ODduNpPlxzAS3wD801Fdv9cy6vqoMdEDZR06o3kGv7S0kCLLtzhHc+623/SjgT322zyBgI53u/u4UckeElvkLIChgsVe1sHlJz6hMSyrVUloS3GHs55fnD1/JzUj7nwPjnwdG2f2hELzYmtR5GE6Ys67jccSHjzqiqoeK4uWMnf7amBB0V+p5Er3AdkcOOXUIvjP0SDErFnNlnARlPOcwxit6VLsfak2rsSbv8zhNexKVfOB06TUsETS2yD325URnTKnaDeoMqz1cgWXFIM2QUY/al9N2uQsbfOcOHEZh5IcHyztsbHQcisz1FFl2kCJDI3uKFtHxEr5rXWaErhHqa2TKoaTbX2neeIkDxW030gpXMbeyeXglySpBSpxJF1BzWeYYGbqeBZJcVbAYObY/i48closr7Ty+NTcizvdwMDnu0ormfwqM5dagMbdq7aeNYULrdp26jbfUcgZKNQe2hiIMypo7WmPNI/3nrnZ0NixCqNAk7cI7EIFW833aFlEi++nmFGkpS5JTH4mFNXwX5DbPKtK7V0eF+mk8wOd3dyj92QGzWiUnhHZbq5lDT2Z+8er0BgZu27wsTnKwI3SNVja7oaM5pDqoGANu2+G5w84OedqWgacw4YmVJ9KIPvLSAW34osksC3IPpai2ccb+2hTe2VGGANWM+c3ujLTzvbDarNMTsvAeB5uqiKuMHCj5GTRCHZFSprd6PWuRMo00I8Nu64zUENe9AcFxAufVk+FgLd+u6DvB/YLIlK04BQMV0T8eLsncHBSaA+OXJ10yHNGc81qUzTaTEngHOgYtUvwaFc+w57cbupqWj/G3iMQAPNMosnq4N7VzFPr3JouxQX2lGJSgmmMuOkCEiu0LmAlGiN5CcQEH7hfp1i1hfhu5BsGChVfBsMfJh0guKdzlGtGLY1kCYHdUxT7zIVMxTSc3kIJltDRCq9twxfzpJkZoxvoYAxxAll0PhLHo5nBHtppBGljiHrT7k4+p9LOAwhYxEcNr/6y20aLG9Gn1e2m6E+w1KYWFDaYPpUPGm2hyQ7TbFO1dnxgsTkHUAyw/q6iQW2iXrrsb1/K0Yf7QK00C0ugmLGY9BhcoUcxVmf1bYlO3o6HQExrjGTrwQtu7JZ8/x2Wic8ZbyJZCt7HnYFfb+dRPbZmjMpUsS613mPTNL4u+5zFuwfB9uu7n4oz5n4Vo17p2ddNml70JzY3/KBE3ucL8ofkFDbDgoozrJvECCMgOKb8hj+HykwnHxId6KEOx4vo8dTcIcya0t+H67Z8BnZOYVEHXPFXVu0D/zq18QPAY9qGfm1rhZHVT1kgbuslwFZbtw7uxvBqBIrQb/i3r4NIVBuJoNNdZGaZle2irbzBqpYVvgbOXOzbnganOJnzjZcF0+7lSM/TG6dl9ZZv2EvyMB57oX1jQpk3yZA8oURsc0lMaU12VpCzeoq2UDCpFLLcbI8P7C3Uvrh9uzW+8CfCupovRrPpvRHXa96wC02+qm182w4eqLh1is0sc7Jl4qt3wxBpDLapOL+B8AEEnAu8z7RsydOAXHBF+jWC7kQ8pdVQucExOucycV86mTdpDlOFqjwH4nniMqGPS1XoL0BzwWG94olGum4thcjTFs4bcvK4WdajtEw7FngmlMT+pBflhy/cfTy4vtPYRLxWjZuY8Vr+7RmmG/OnUQS18zhNW3sLW3UdKVV7n/EWH8qQG/rOX1UwnwLOxJbPI9ZDRCNCb2XyQQyc8nonxkXxb7YnKV+PDDxS7OU4rg5feipOwQBK0FLXEUIIjeoa1tHyqHmOEUCJGYEPqptiat84yJqmwxr7am+QSseuZ1rE/tpVcL4VRPwOIfN98ZU8TwHDqB+rqhpGtz4L4wS+08m5nbcMLZdjMNjc9gQPaGulqWdIBWjOFFJjm/3EsNtx+BfTHqZS1alf9x+4viVHUmTjG31FrnzgPZ1CVM0Wb0g3KI19okDrCXK1UDJi2GTIToG1KhLkgEwmFuNBpYH1vc5RJDWiIl7lCzV6CgUMalsyjzlmvPLyWvvCUzvcoUsFqSZ5VEadTJxJHi6TLh7w2k8BshC9a8uW5TR+jpMv9jklnZwe77hLMSC467roiDpdI7ZjpTxDYFAv7uOJ1RdUJz2CzdNyni5W09wuPDAcNY0TN8/IxVAdW27/TtACTzLDzHUVDbC9XJGre6r0Uc9gVLnZBmURyMCpTUgcQVbOJpELZPd0Y2aAWuya+apyUpdeoa7q3Pk1WK6EtmMdffDuIyxjtNbFo0eN1VtoJhGyrmB3ZScDzE7z0/1ohW2K6kfz3R5zedI+DZ235aW0PB/oLSObJ396yYnu3tLbpw171I7eMHf2cIY58xgiPgs9yjPVWhxA9cY5U35iv/4rh/FoAoCjfsaFn0wevbE6MIoHtBz2EYbtPRs+MoVt4DnpE2xu1sdfjTKPjIxYTV97T6mgJuT4FnBrbOCrsGHXVo9GY18PtysPKupLcBHdiWOUIEkRi5jceQoj7j7RLlAmGFofOybS8QwXpXE+WTMDH1dtqj4146cXbyPr4GqTMrlNTw7sAVVXyAI6OkIWzrG5M2zkOfCEh7ZwrAk7Fy8A5D4PaffEvbP+qC6Wo1XvcOHmqb2n3V/7E2qcB6LlEAK1OGHN5hGRvX6I5mIuLkoOpsB1UYpfnWbZDW0R/okmPEXYxVRWcPjifcVED4hJLMO6heEpzQYHw0b5NLNl1T3SHRvWRUz+9UJHn2w9cQWBmHmbS27Kg9lErrdi8laG57rlOR6vgt8hyvBJVjgO1T41jswczDvoDfEK5wpj3y37G35quHjrbL62Jlxy0DncKbMSzVfWsI3nuXhGMgscGOLne1tx3oI8harE0X5LFtWQ3Eevwn4gvIwOQHjxYYGcL49Vkp6rjOrHkVpIC2Qp4pJjjRinE73ek+ucj52lqe0q0GnaEbkc3C8HKXzj2a6KwJO28IfdZQ0vwF8d0EwuOUWWVT1h2uTm8DM3Ndxzgk7BptkBf/3Eo9oAQVjVAUl3Ft2MW/STdqhqhexXK25ZGZKB7FVWsS1HqXzS04xzDmAMDyHKR99pEsB1SS6+A/Jmrenzy5I+FaSjOH07q+kNvG55I5PGHSXtD/CQJTWexvzTjjIwq+DnJUnkXgeliELnpGvKrzhRJGOMWoeXT4PdxhHGfFF5d67Se8abMgU/9w7Qm2kffizplhTolaHKvVoxcDz7GR4LVke6qiB+lF+uUykfmz5oZGUR46mnLrkAqsEl9Khv12doj083fKZIrXZkbhxXxebAAu6Jwm1G6TOO6XqhDnjWiJxRNQtzmNSx92pmSpIvOS4/R1NGZptWrSxoMF2AFt6AinpQKlUbhjyKMt0pzbpEmdrTFWMutAe8ZGRgfkRIs59koLPeXP1urHr4xdBvlwwH5UTPewxzOWChuj3Q4gqSQnpoCBzq5GXl4yLa/Nz5eU30h2yr5Bn5/VpTMzMdlFbwLRFSlUyN9P2TQ2AzXbeEUDldJdVNc5u0JaSz+dqGoVn7K3zE9913wtbEi+zqVP7WXsaepjWPlOuJl4fepTrUQg/ox0K4vORy9plYFwCKIu/PcvU9vTdPxU/sG4VeV/iQ4Z7lHmIO9aijsd3XKC4Zm4BjPB0oYLaoYaaFqyhO4NQHO1RDmVST6n7AFXzN/4vqV+G6Nqq6Naol9XRIdSB1pxr1sohTUnl+PuJDXaOe6VauDTS5tNuLGTGE8shwHDrnXnMUKKnIJe3gbRQSPFFY4Iqg+7SqMjdO5qPjyRZRa6I255UiZDDY+vU9PGS6R9X2X0KKskCwsfxrh9m2CLfquOmbrmlsT0lGJJnF9T6EM/w+QZfjOOWYLQMupWnZfM8kSXZO8vODQqYMltCy7gz3mfXIONydApwAp8Iqvolkfm2Sk8WplqK3rY7llyZIh73/pjhebJpPBg6DPKCS+mnIBSUH7yDJX8rIFBmApEFEeFayU0HuFk/Ke/m75Fjakoluzka/ZSmUUi8iIgPhmj+5bXS0uYwQ34pR9YBk76hu5NXpTxffaNCBn1FoBZidz0akwhOU55CEcPYa4u785B5U8kvOrs+wsUDZG9nj83R/WW/DCtZRYDWy37iuGBpYrh9+E7ZE5XXw3n6SlxfWMavZgC6FzLJCqM3cgzqsZbEwpy4R6mQh8RPrh+hNhsWb0L5WAYP3pX/r+Pp+kxGWlSnYQoZ/kIxx7/EiqbPU3SfINDAAYFDqn2s2rzWGM0KSncfrRlEerhfaYjcKqSJhbxB9yVWk8gNi4l2Zy0ydPJoJb15oyIO5x0Hs8DZgduxSDxfe9hqX/Uwlk8NoqafELbWZhfCy/+H9vkwPG1UCavqUbktgxaTBffOZ0H0CzjPtUOQBwmniApLMcsFIuEbq2UPdd4U8VdI5cw8ijE2hzedSNtBkswO8S/LkMgQalk00/9w9u1+XwcfQBI36cYkr7UruvZdWkz2eTgtQ8/u0dX8VVjXWNzkh7F9m+IYrlQ+S0qlGT4BqYku1TswvqpcZ3rfjoBifkxicT7pUA1CfWykO36zmMc9K6MSRJLVnFDQBmz/VjMq0LF5BODl9WQAABD7OT4AoyZYU96N9+B1X0o9rusHqE/PJHfkuLMV++JzwRfTLwVMv8EuLO83Kt8UIlZEk9TYbpOF7V85AO112joVvEZR3RZSnGZI2U6uvCNWZTpgzSwZ3v992VyHwhmVTxpmTnh/9UE7wg+OEzp7wukNYAvEwPuhAO9g7ffN0FBr27eUvZ8NFykG/6UKb7sw3qpjPwFmKAUoCtD6f9oR55VJsCvHwQZv7lerqAl5aiCTG39RXDWhPION8WgS0gFGFPj6cce1v1GaDb18Ncwlb8hPRnfYTz6qeu/N+engBo3IbJbdzMzFMhHGNCDOIsdGZv1kIP4eR9MOPEeZkHwkwREbKMEqs+OxMitThQcCPY2ROFYKAKF/URRudD/AnAI7A13Y08HrhIY4fb+3cvUB9G4OkcGA6UMXzQ6itiGpZyiaF9a5NKbO47eFQXIvW9BtB4VlzHtrSVZTOFpYnuhTU2i9TY8D21sHXBYVzEzsY7e4xPh0IPxT9E/AZhZTrnrac1FsCAdnILtJ5B3In4gHx1zkUD5vn2ik2F6jsIxpQpWw3Xo5H1Ptx1d5Dtl5Ds3AlZvHrRBE7E4Cv8uCltz8Dd9xYb6DpsBGuGc4uUlJjS7CrB+wt8VVcMPUGJc9O+JeCMeB4pUmjQTP9YgoMfMWFnpHjjal/60o2z429I1YIxhatd/xSgpyHUGuSPHwPyY6iJV3iZeA9fNj5ToLpLPjZHg6sH0PiKsmn05zS9yMS8oJpAOkZ4W450GtyWSSCcPeNGDjJyPhh8+sOVu/4vUDvKLONxPyrJPf0gaOaZXGElZjGq8As95FTpeS0ukmp4eOJDUaEpyxb2KmoNb7uOHV/jYcNvAlPWs/PX3HpLFcy1pR6O19MYSkrg6OEmMae3XkZn4Ye/iWDoUUTk1lGHg1WgmE1lI3latfZTJXpaaZ+Q8njzeXWL0x4cX8kRa+V3OwN6K3da5bYisYDdj4a6mLpgCNkrxNJkgTKjlymJxAncbh0/g0HnIwqPL2WPebfntNvzwek1vSxm82A8N+4SahfFS0lSaTUfviEqKPm0SIOiJOSnbQzueuUzWaNwR1OVO1RAPs6pPANg99wX9725fA6+PW95ZuZflqTRsVRBezjFkR55lDv27Zqu1ZHKjrQ3kqrnQigWfQhJLzNIYRE6H+A9aDqk2OaB7HfhE5gHs8wyIblD1nXwACGJXbgn6hM6/SDz/bh8Qba25KPiuwCv9V4n3Voyjg5Tm8wAsJjAdcbjNO4FUYgzC8HU39jjNHflQvcfm5Rh7xKT4q/RhyEIe20T8LAkLGGd1E7Q90yPLrMy5g/YbPSST7iW9fcMG8iCo64va1i3gYANkBQbrTFXRJMtkC/8xPT26HvXQXCh1zsDo5qBJ5vV2xpmG2Rlzbi24sBp9X8DusNWQ7aVQgWwLudLDh7ZLfWZ0Q54rgxhV1kzNRzd9SBmPOqnPA+m97Sd4ZQaBvstPt6K3w18ZzeYEiwG2k8uJpCNHpD3KN+30YOzY/HUHEm1OXFdTk2YJQbHtkXAeTg8RkBsH/YZuOmOzjPWBtDsIJj1H7z1pW/ILtJ4fe9SOUoXdLbHycGuzWtee0spjW6Ox3s+30IvX7BXfs12dx5kcIew3fVGUz1kFsQaYc0/TQ4JT52OxhDZ3Qc8OAmbk6ohtlNF21vc4Y1xam3OE79NdUvwVwWZb24FcMy9/qK+V6oJ/Lt+DVRmiFMWz27qU3Jc6OZepp1obiAuxEXQwbabIleJMtkZpic3/kCcFXGz5seyGxfaYSGLK8fj1rnAOPdbyz08WdER5eILhBQkx569bvirrJ7Rp0UAplK+1foZZeNfQalkGvzTNiMc0JcCYW4V52qhKpsRpC/FSff88TjHvBxtKeqHR5mwd3Y0UH3n+xYD/KDsL8AnVh9DL9RID4yIdHIM8SgyqBRIG9phxMFqOlRqQ0psI8ivLLdz5v9HPFNe+ez5ML5mUe6JlZVRn7OFsZX+U0xvEvj2we8K1ruZtArki39YuOX8w34nfLkHp6fSf4cIDO+vDCEZ8ckId8kHgky/lZ8sROOZ4BuHxZDqJ/odASwleD6gWecFZxsGKFznrXX7Id4+M4yJbzXN5CgUTxxWrh3qExxY3vIIXI2JtyMQpAD5Ht1BfR0GXXcGZWjazYeV/PIbDC2jDA0iikwDYtVAZqwXMFduXleohL1whOghCk+ImDjlu3xqozVdXfPLyexntyhWupC9TKBfTC8DDpF4QeZGbBts4yYJGLZov4Y0dfxOEF6s4Dz7Q22Rb5If1IQWLL7+/haEalI7WOCS3XrZIbzwWE+IG6TP71hVDZp5DDZaW7nV3hVnacGZ0SDIcyG79aFcsjNw1lTo664pvC3Z8b7VGPsMEUyDxE9+ehp93QjKz+J9qqH49cbqS66i0fOaalCi8E4x+PFPCfxq63v7ItMvsZ3Q6EfsmkSvVOhMPDhlg08E6es37m1e/Ox9GdpCP0rEuHS+lmvx4BTDgiWl40v4ZLWa/7agIH7zqvoL1U938579w/zLV2VbS6s1RNKew09TmMSYkns4R7CWHG5+FqzrrNRmzqftmKPOtCb1ndfsPCR8gy3nCCkHFy3x9KL2jxPeolssLVZFTSMLSGKawVuT+/t1EmacKBfRrbrSGOlrNG6lGnGOeIChObJW/yKKkXfpo+psUG3paav2Snf60pSuY2/Am2OomJ2o3cFx/ed5WbiSMRS3SNAXspx+zWJq0eLAlK7dyxNMlXRj2Dlo/tJX/wYKTG4S4t8bkCyJh+kdqhjNLtJPfjhKwwZWfELBqQvmX9NRxu7R+5b9DNTDmtp0KJryRmpPCXR9xhjR0huq5AN8ijBghpcabuHCfPnQQWuBCD3c9/r7/Ha6zsCgOAQNhypuE+z5CFYiNJ6fb+CDfRZ9l6xHCNO95Q9RbN0odMXlV2fuT134Xn5vlFzRkJp8GYWCgD8xQYiNcATt1nqGQrsq1rFw9yrilq+yBdJ6OurWXCDyES/XPXrO/T2DeLN9UTKX/Gvpb/TF1q8NhFPUYRPW7Hga17IOBchX4NUVVSUSxaPo6lHILSHsH4nrJcs/5kQ2N/qeJkNWm9F2mAoqu9g96rPssnT0u8uN/DqsFswhHYJNYnQJomSFOh89jxz7n7VbXjeAxs00K+UJ51Q+/2ePXN0IP38vh2cll77qtuuRpF9zW6qmdNDE/iPlnzkPL4ydfu0Tqmpr1/DFQb7wrD6Zi5f32oSguMOrjup9psRl1SOnyTECDqfLPa3+XoyHJ/VdjJdqiCW2CsizdTgfTZd8eVXbujNofzgsikXQEiefLce0uoWjvPFmuN9E+mrhcnGv9nXBn+fZvg9bj+KJQat7T68l46HKZDPmn8jKb2hyjgVGbv7bDl6bhX3CRwtU1pl7xRPmPuzDygwm3Z1agvXKaiWCaxyYyKXO+Pnw5W/qO/+zLnnBwwj1K9mvusGyBkq8Q28VGceDmzIRU5TuSikppquVDFJMrF9icpaBNyDO/UUl1OCVEm4JNPu7eJ26D+1LKz8iE3FbJ5owXq+AlJiDnfyiAWDIsWiBkK89ndCq+JCL3e263VOH+KXE9Ia9sUqj/eG053EeQkeB4C1tkAMa00aPmUguOlPHohjmi/oAG3ULPznwYXqiDDnvLs9rnd9TygwPLwZFwJ/I5P7fdV7w62G7N+MW0SoYPS55F1bZnWKbmagzkXplF2qBoDqqcv/fIqoJFATR9HX/CrBvBkfR/RX1bh606GHYzhZd7iwcTi+BGoWx6gVfrQIUSxODX9x9yHrulRaD+MxW3UNbptDBjN/iVROPYDEeBmAXryGrbk6DS3k2Fpxf3mMDZUSRQzGOMltNzFji0tGHuZxpl1hyERRz8sE6oWHb5l8x/KhQNrqz7AtBFX+YlA0TxBAw08J8KaDzjEjXIGxCEd8qEcA6gNubQcrj0t2ArLBbIeZ1ZrQamCjSwDLNWkUD8M8B9NjHf5k1et0pMCbVVEdn3ihR1aAO9wMi760AMlC31qKSuQj+/T1CnIaJ2cNLpOdZvaJd0AroYqkqS8EpedKa3uF4pSaEZt3Ucf2QqtfOdDCXuOX8BG8QN3jBSvA2h7yTJ1w1mM9Ib5q6o4LiIKPVT0U+ftZ4oP7SAIHUoXo+vS9GHxyYsthv8Ho/t5JgTvvCDRyD3doRvoBmZMFWVj8B/MCeHqgTnZmTxjSdLOfWYxmvkPK86LpibMnw4BRCT2Ye0ii4Ysi0vgLO7XvgGKLb5/Ltwplu2L32kmKKuAViNE/eFsroDqI2huBP/H2eMxOFdVlmWVFPCmceRwKw7loVg7fV2iaS2YaAelfXA2/GgnmFVjLI1n6hOJTxA7nPAQkrGVc0/FSjx6zbzmjml5DrL6iYZhmJ/8h8u+3UvTREiiSn9ZdfMPiTHaQ2fgkIMARZytwXM0tR1jFJ0N2UxnynXK/4RTt1cASP671OoVFXuHQdeFPhGsTSg7bp7f8sdlYTgQKBC/4+dty7joP42Zf2jAwiVu5jNy/OckzCNhZFQjoW0kQs/rHac5SPhSILNYqmykPbJwoq6/BeCLbl81g+KccfaXLhkLMUcwrLlH0T2IWWjgSEGenT4j+IXkCZlpSOk4o1O/X3i9sIjZAO1LlLbh7lqUvcyY+lIEMUS2zacq7ffEVNnSP/bgB/dFcXtdCIAFQulU399GrcTIhNZ0sugrUGqfqWlPrla7J6Z2301gxHS+pr5SOB8vtGFfCDTOG7+Wzjfnuk4IlXb/Y14JTvbgTOalN1PMGGQ+siNvskxGW8jLY5LGW1/HQ+4YSBfDtujzGRqfLHGf6Usl2aIhBQtlpcGLkKN+ifhBt9Bm+9fj1IUY8wvTNxus98sTx50B8573hhVMEl0aJhS9WzkEj/G7RHSOtFxr2uzDHil8MqovrrhxXiJSyA1cxLvGAnLGFg9KOi7jgsbddL/DD3gUB8cDRqevFjBYGX8wNv/X0kSk2hHhxZIYvf3GSZLdG1nzcmMHIbqfNmIpx3PGnTcz0oMPLkH74TlGabxKqc+R6oi4Qj/Be6VpI+lb1NT4+O5epM3s0y0wDC8qL2tyJIMtB5WizKjtcUA0fwvydUHqOoEAbGkl2N4zZJC4fzvW+4QQw+zyrVv1zvlQZ2g+uqvdkmfCxjGM+dYJrHSqwyWUgdCB50GnDXCRFdQxnFy1cOtOaGLwN0rDBmEYfJqXxzBmGYymm4DyMyjB5mUxaJz9DNy3SAxirbLw9XxgxfpY5gZ5BsIzsR3DWrrf3MkLiO9MTNABxTHAAgvVocn6ANrgngyZjbQ59uhQ+pU9kwXd8qpbc+vFMLzHhVP2VrneEFO9hTDeXtusa8ky3H9Q/pkFvRtGqynD/ZO6GJ3H1xN6ee2OfxqrSm5AYIluydQB91QLnv0omX1GZY04/C960NB0slNDjHPuvbBqNhdfD4sx1lBtj9Yw9jL4raBiT7MUN2L/O9sk1leTKspRrOcc2GxMeoiKU7QdS5mSo6MQng+2dF0/2ivWyNy1EEx8wGDj8a+eMJPvvip+rQpFztPVr74ak/276BhBRdOdryDAfCWwqla/lx2mqSJVL4y5v3vzcHamzxWd9fkqWg17Yi59LTDga4E00pMvOREOuJsLmPJQbeQN6yFY6o0miI5lOhuk/s6EdBO94gbtOjpNrWrxxHh337M1hqU0tmjBjqWXGguAQngNdtY9fGG1McxtL68RqU1fw4rwNS+XttSXtmPP86j2XSfJxEd7JMCf9uiCn+U8TPl+MR3VtHd7Vx34xtWagqTWkoXS0qCOUYET/7ZEXJj6tM2jf/BL+Ib/y5mzy6Y87vQtL6PbqJoCpBB4BRfCnEy422ezOO7cUo9CYF6SZ3z9Ts2pzgVZG2yJxjlg5gdVHmfiJGpbmdgJnNFlbl/mi1BopTcZE9N/EBMdCL79zBSRnBFldvtHxGcSfZdiK/3BxN8I80FoxJvXTr8XA3jvc0jbL6aTAI5AG+7qz9YXogwCPzHyCDv5CwLoKoTExvc8bMtyzoJUSGyqAp1stcjQvcD+jw7vYyZjhWYQdumuVNl/LpNsypv5yOy4RfG+eZojRNyF3SfNPt9KjSynMXSOVAHKlbDr+2SVmbA+ROcp7xys3pis3Knl10QNYO33qmsrS0E9ROadVjHblB5MvQh642WB+8IKURLul+svdNXyrSEuvLdS5+htAzhLyE/STcZBrMtLNM4pLjW/4s8UM7cptKiqwoilr2vMmKq1qT6cMMt8Zc1vsGvCb58bHC/vR8O48CB5HjDEQv5wL4HNeOXX+zTnZ10WpWi7a3hgoIHlsST748KGLxgQJxertB9Hr6PFitXEMXvx8o0ejhKbAea7YZskZs05Ju9423DmaaoZHXc3q5MJ2A0CTJVvc8hef4dC8wGrYP9hmjA1HYxpv9JgB8e05jenjtOFytuhYBVu/y+91IQ+tHmnRBpVtWCWZeBjhjkf0ErbSJiD0wzwZFJt+eJ5XdcQRHgxOCfzDvFuZF9ODxENGY3Klffkg3JqFVyWleHaf0uQs89KoDR7eccq/W1faDvxEgbyACgfRQNJyeR9rqL5Tv6lasRq9KjPHVX7vBntcTsUkkyVSbYyF7ygzRi7F2X2cR5PSxpl+ZFGHZKKlvGpNV2haaHswXp1xu4zBOO4IkJEcQbLYtHB4ei+dkpN+xSUAdSJfDaeP7fZ0R20uDgz+OBO3/g660AY6pfcc/sJyVFU1OyNk3/qSQ7VBzrStJQZfW7R6th09dn2GmiKOVTGVdRhPo3T4rpudcLrtHWndYaXPAAcmt04DUdL1JVTo9lJ6uiG1kv84l1WeygvuF14yP/KD4134JW23+TmDapIfoHsZpBiZPpbnH3V+yeCH/cpKhVMADeZauBMgfzUtmKm3bl6bNdbJC8qJmOu78Yfvdm+KPRsCij55TbJ4SrbLniN0sGphvPi8DK1rkw9Prt9mzLRP5bOAUOHqoTsuSDSdHYD8Oy3ncHA/vMzMT7wrcrnFTKFq+04qpN/agtd4c3ZKKQ0dUSLDbM3kWfkIUn8Ib0y17Vzj613QIOZP/JlHSEjixK667JBVoGIdkynVbw77Ua0QyLxY7hvUMg+pEYQ6qcrrLkl9qM6HV0MDcsz+FRQvxQu6769X517hgpm9XFGkyiCDdveGUyKDq7KSXm/Krw411sc+byboXYcOzVaaxjdXldQkxPclUsEK5nKbuDx+VSmp9efGxTGh/OKgh59k5hsCaBXxwnVJt27xr6rkVZlMgE9sjsQ2pqH8Avy124RvPzkd+bPYqhkexxcvSqJfGapjJivZnfRAfRQXLeANmF4iP6z7O7+e8+PD18tNopA4CBY13SooYv3uvKOSSkO0cTPLTyT24lvHrWCVRq1Zf4RMHJgxRHO9BdOVtQZn0IYwCp/+Y6woeJNeiWHZdZV9dqTeekvI7MEs8Lg9XZ00uzZuTD21MJ5x+KPwlrHdVcDhNgO/w9oCMDik0ICCn0l+p6q43DtBjU01pEJ0AmycTEtW1XSXgPE8dMOjg+3C7h02rkMTek9Jr2f2LcXrGpc4HZOL3Bv9IQFnklZjN1hl+cSDw+M+LufUimMkh+EYAxpR5ukgFuMwhFeoTRA6qZU5HHB47Cc0iy+R4kIAwpcGVf2ciADkB4ehFBW9lr1hDGfqrqzE0nxIEJapJ6/0iNCgEB9z2g6VopYSAMODYLcp6Wkay40mBHV77QG3+KnUhJ5i+Q+O6cQAc1rW1T1IXztkl3sZGS3RhgQlS5j6fTlYwFHaSBftNNDSfBVvfsAu9or3iUvYXF669Oq+4BWs9Zb3pVjVg3g5GUUXgqq/r5Nl46b9Kiwvn0JJEZcmqpoovoG6yaf1+1WhLLekA4U2YtQx6AlH/hyxvAM8zWYHP7Enamf88KJ5BOBHtcWiHBJF6gw24uEXnliNkjhz2tzDEiG5AyWxQzeIzVTGE3sWmE8tUopPUh5YD0+Pvrub0nJ9FpKi1QA7NhxlHjhtoNYsa6RUkqCZy5yt86WIj9c8r9GJ0QBsa2EZgQmr2A1lGOqczbCr8/S10UyCnuAgdbRRhp1k0sr6+cJVUepLOEc2UXQm1RkBRHphwcDcypo6j2fweGVk3A6GDefg165O56uEdC4rxTmE79o06TBrwgzdyrK/z6A6emyQ1QZU3KUaBePRIxYPOA2KxjPKUdVyZ5vrZCtK9moE/pb58o6XlLfbwWJGqo197xXwJpidQ5lBPg9fbDxN8zNYsF9pHnSnwBliLqn7rorPdYrUP8KXF/FyPt/EMOEponfpXg7MkZTuenrO1ErW4QuP03XwrKUQE9VaOLRpabc39vYjqo6cYJrpdO7PqkXZE4hDBuc7UrwZvz48xE/DXaqp+vPZQObmAw/J/RnExQUdPIEAw+uY2cbZgyurpDo6jKZ8eXSarR8h70O2pnqhQ7vP64mytlP7FOFwqGjrD+UtIIshQaKKLU1duoIzmTP03htM7xUsCyMmTcr1/YOopXdys8BPPqgGZqAsWlUr8OPL1I8f3pTH5e+imdQQcpTc5kKgC0QWjDA0kg7bjVvO6caDnKatuJseYiE8VrTfx5b1su36qqqrm0zIIv2uX87dy640GfWuUCBg+7txDTo0hJOiZHE7Mv3h7nrvmSISgIrXeh8IG8iGJKbv7K5A+H2nRT45Sz50yz7YEAvaeZJCU7dUVDt4nDJZSPvc9uBFzZcgSznJekmCYkOG+F5SIE0vWIbM7sEiksUyChpAic99PqAl4oUYMZvaf6eOF2sX9cMRuFskr41vl+/aTeA3yYuzc4dvUejWVwuaE1/oFtkpWstm4BRktrCNuvDgzMX6vLcBGd8EekqnRyyyeQX9YPlzw9zeSjnvzMIAwA67IHDRWyK+mgzSWJYufi9bYgMw2c6hFN5UiM6Fze3Pwakbzfv1F72pxMF4KMltIk3sktEsqajw2ptbhIJ+rCCxS5Y+qgFxVk9kcr4nitZsXp7O+orTUTpB8VjNeSKAcjlo/WpEgcxq+NDyBGJVu8twNRZcSdtWEBLpilfKgoD6RfmwEL6lKTfur7o1CF18flZythNZDp0lvfklqGqHl+qKlxnD/m1LSJ+8rdbuicFtONAROw3xlxBQYrJe9deTnTIqMznFr4kZPhQYPaZa4uUOkmYUw7ADlZ7P5e80AmVQv7PXpDJmoIih45tLfz8gpeiHFqKfuZGKong/aIXZf81nwRD2v3wWDP/jZ8HoP/ksGP0XfBb8T7cggMj/m1ub/HEc/Gmbk/9qa5O/39jk7/Y5+Q+2NvkXblcC/Td3KyH/r25W8o+bSihDsfzP2CUE+g+G9m+7hCAgifx5Pw/oX7JLyP/yPf8ftf7v3yQE+v/2CPnv7xECoX/ezOX/7O5f/9we/2862D/vHQX+Nx3sn/eOAv7POVj0v+lgof+rDhb5H+xg/+tdmP7sBsH//5zr/373if6j+3wG83ELjzAI+D2mkZ9f4qfkvffnlP75/fz8wr9v+H3pVyH4d7f9Kqd+H/+/1T3/2Rf/dtB/77N/7dsCxfm/yBkD//WGTX/dF+dPzvhfsQvOP9WGf7Zf0/+8TXB456UwBUMFb/lniU/i+cslvzfBoTIo2aPBVU2Gyg2cvhfFA5eRz43vOvPPveyiyMDHmCmDW13VoJl1PtxtGCS3kC1RTofpZ6KJ9Gv/TAbkUcbKii/PhL6IwPY7qEj7w87HXgqFDO2XcwykBK3ikZob9Z14pWlApiHZMICAkzu4pbDWpnQd3s9jffcpohMo3/Pe6eMOwg7wnVTacsDX54kM38ksRPfybCOhPoVxAj3rfhPDeQsezpd8MXUFH2aM41iEPHcoQvxwrjxLfk0bcTz2LsLEA8XvTAlu7XJ2G3aZ4/vNy23Aoq7v3GEtS/dHVP3KMcPOiS0+LHIFAeMAz/JN4YeidNSKUhjQTq4a9qELD+73DV8kMY1G7EJ+M7uGLw/MYdnRLWOTCFcjEeyISd6J13ISmhhJGOZ2W5kjNhtkSUfTOXPBbISlttHQsJYO8jKcSmMmQc3vmoa7pgbHndQFGmZ0MNDhkunpP5LuHrqHjMNVymi+CaTWYY2J7+SAlmV/gIVrGHDb9AxHNkqMmPnMRK/x3Uygnye5aHmBmr+Z0awSZSp95GZhJhnoegklwzJ5NmyNY5W3wDuc9fLztSJOudRYtUpwSY4RSG8tDQg+TBtu9pdp+7fmN33w8QpF4er6BhuMNxd5CC4zSytb5iyUSDA12ArkK3vTQifE2dfk+/kLow4+2nyjA3C5jS8gzot7jwvRd2Y4bu5O1kpPupnVGCQ/8xrHpURFYSZKXi/UMOtalCoxmz/TLgvoR+onq4mZFTeGQGzrliQWzd/0lNyI6btU9qCioTBZCcYbKxs58sc67yxbj35GrK6LxQZjNY/GW8n6jnYE7lsyRObPfGhrVMqSZsXU1AsRMvUoVy6sFZNSMllEsmPh7eRIMi1t6WoZOmLptNBgWgQgCElocaUtoUaplIGoBVcTWv1v7Wwhx9VH6gwv53LpgHadyVbeFUP0dWG+lFlDTBG2o43dEtdFsOTu+9VzAaZzs0uOYiekNLJI9fUhwurO9EbfWgC6sWb8zWzQTD0kLSiXiyRD52Ac9eVTlPvraa5gBGs6zhnriLSabID3MVC82q8LYrVbKEyrp0qzSc43bFYRwNbpnXrQEasMosshFqNIpdyHRW9P69nCtXelJr2rA0RyQQmTgph/EGv7IHHp+yq0QhKN1EtYy1dZnZuawNa1DmKFeraRNvPJe/sBhCWKKsGASso++x0OSFmE4eg3SVr2I80t8it5E4+IIB7DqtOG1r3LwGjXOCm1Xz+yGpWV7o0gciuIyd58lNRPkOg+QXGJWa0mcyyP5XRGhUu1MZ2MDoUfqyE3HvKMDyfLPOJVpY11ECcqHlAmX/SdaGKmComoZsz9MdHHfL60hQXKqB4DzvCGQm4VstVKTIZCejm8DSegb50Te/fumEGWVYN2lUc0ObyN4gW3Y30TPokpgcSUO8Rqybfo+uM4QW2LMzfOa+B7heG0+0s6d5jiHVNIvl8zHT/rRKPuHeYPa1ORsFnlSCoRYZo6wc/K+8ERray0lf98x3Og8Npji5YJzbujBy3j/qlXa/RZ6VrHTkz/vDVKcOWoRRBD7/cbszL6SY5BTGnoYdGyYTYF2Cjpp6t+mUI55HG9BUBPRwXd92Na5NLMAfoUQlOulddi80RemNJR+lDNHKj6lKVA56wxvItQaFfbQpImS0nRXftdZq8gE8f8rMyUoCBAIWVfEBS6QuNDMz5Z2l2A0metLyQNSEhsP56ipDvUOjXF+tr4cJUzqI9r3Tj+8WGY6/xcFs3aI8O2IHlFRyTPp8XzH27uCpW5JkmNLN0ArxaODlyOCk/cIB+xIgtDWVElKkknGkzCXci1snetRWRVJbWVh2f4HFEbWECHD2yQPSllZuxn+v2+BS0xYD9512HAUZ9HgQlaZJVwUuQyCV51xs2Ji6M/inZOh0yLe+QCMhWAAcc0PmH9hIYNRUqhoX4id8vZjbUZHcP8i7bQxPF/h/7MkFEY+XcU/Adchr4k8B+AGUL8b8Jl/40dsv8H4DL2B4+Bv3GZDJjl/ZYenx9cNtAZFC2+aKsmTREnCIxioBc/38sKP+s8KH6QJ6ay+WA2JMPltPHYvnQzqIc6BnxRABzF0HHRfM5vfUKMkpmIh3487J3+GgG6vrPO3EMOhYAYzkBo1G7kCU5uGTnX9bOzZp3rSg12ZFoLCNLHmnmhdaCVG47jafZ+if1O0yoOHgPplqJHUALQ5pNmfQJfqUPJ183U2s+XbtW9Hqj9jHuMkqoYqqC9nQEr33e0mR4Ij5LKcAMl/eX3Roc0Gg1pD8FnRyOYN/X9ATXiC2UIXYZ9beIE8X48Toe9a+FpPDGXn2mr2grKsUWQHe6J1Jjld+qtBeC0F8/3+xDCZ4xBGMEWug6eNqnJDfta8ckgZWP+MdxQ1LjjgTTcUuKSl6VAqh2npVbXfeiM+GDdQRokWuleyMmn0SdGsOBwaerFoJxnHW0ZK/CWFGBHr9+5KFmZeWfOAtEpAK0cr50PeABd92iSxSKwn6F68VMXCIplGZ1KR2gMQAQYxENmM53rnEVHkF0DRJrkqi7I9RY/IO99F35/ZCgOP/flxbk2ElJNvTCVjCVn9KoeQC1TXDl+4N1bDKPIgPkUWQDq/9fetXYljmztX/N+nF65qnxEAhjbSowkYPhylgY7kIDYKuby6999K0Rl5njmjN2enpm1ejGY2nXZtW+191Ph/nz4lEzqp2pttWbPaFeXzXBwG8W1+3g4PFmMr9bTb417P8PufDP9fheNhohhMNff5g+DC5WOn9Tt3XD64DuwW6afTY6Sfr3pHXTvZ6vvdQSB3MXjtDh+jOPa740vvs5OJvHk8GpaJac31ZG/jO5Ov9Z5xzzfZKvvvapKvncgKFTnGERdN09Rk3zDnTzrXFwX0/VJve4602hwojaPR5X5eN1aN6dXhZo6m8nwxkunvc2yO57HeREPhv4DWJSvw0hdXZ7Ph+vBuLrqp6PbMKk3q+qbk4R5HpVmeN0NotQ7u4vuoup+Yk+C4CBW5zdZ+nVcRSo8/npytg7636/XE18hpmJ+0j3dDE/zqtcvvU560zymxw+z8szAutbJnWGcbsLTfFIOut+Tw9K5ffr6+NhN7pdJddKe3Wa1mT3WCB6YfTu4reLj4WDWzhCHM7QPynXVfI+vi+om/Jauzoo4Wo27B2X27fuFszqf17d4KSY+v2rC9e2xPWtwJ+zuxXGijpPvddjtLTaEEeke5e35wWLdP06C4u6pfhj4PpZxzy9meC47u7+pRw9fby8PV2l1GsDZb+qcW8dX575tj66zu/jkMszHzQF2dTkYVuVwPBjirYRgghp3MDruYJ0YDhQ3B0OrEw7uB73K2MyaNh8OlvPz5HvrzK469wejfj65B7+F5ezTU3Mw+JrcmFH0tLx4tG5dhAcjlL/8tj7ozS/S+2Z9HZ5Yp0MjfFhN84tw1X88G/jN6fm8Cezryexp+Tg7NIz72ezUOOxb04M76zL+9n102nUQgdm5r+6eHg/j8/v28vhx1JtdD+fn6iqrSuvM2FyuVt/uHsZfJ7dB5mDhcFOfNGl1jar7EKG+Pn6MR92+xFe7U6uz1506b52pa3+QMz3a40z/+KXUf8Erpl+93/6/eL+0vPJ+M1sgzeP91WL5+6++//iXRb/J135ImWKv1JjWnhjsw3Jj9tvM5S/2Kxd/YaWi885KBb/i/2eVKuyjn7mlf6q6b/7ff1Tdf1NfNIxO5zP9cMnPxQJogMpH/3CJcP2NFb+4Wd3MFld4NPvFf77k6A8N/m/Gl4NDHQT82WKZLqM4Lyk+8PdJfl98XvjVnxwqyM9JGGfrPF/gCfyXihXe/qDZJ4gVzLc18M8sGYPNbfbHNuh/VTZexpH2/tPHh8nG3l8aMT/il0b2Z+reJub25+7eZuoenhCaW8PuWL3zk8CaNsfO9aTeZK2xuDq5MDJv/XRmz+AY7tqqcZ+yVfakim6lep12tsoW/snsbnpysT4f+a1a+PnVcHw3teaG/j5bLZcz4/TpxjMWqtetfE819G9xvLqa1A/no9PNteUu/cJZ+fZ8HrZ1lV5erP1h1PFLA9r3rajt5kHj1EGhjKDXtc+KvqXayPC9bq7iNFeDtIpa3zgr8jYo4HuvC2PvtsMx+9a4wL7w/3faFtEm9JQVLIimps9l2qpSvaLv7ratdH8TWON0tXy4hvX5bdKE3unwYuE/nS/S4mbYPzw/OZ7Phnk+hedx3DfPiqiGcRo1ctrAUHXQc1zlRdB3fxO0Jawn2qgia2GOOOf2rEjqcATtS1Ur4IEqEmjrQzsf5hKZ0K4+K0oL2kC/jkV9QF9h3HXGhV/BeEaYKHxmB14Gz7qbwEst6LsBHthAj20cWBP2X8EzbgP0UYvj+w3Nt+eYqqE2LY+BbaKXc4Q2gXfqqVjB3HKH+04M4msP9i9OZHwFz/qwB0r33agW6SJ4pum6TcB0lvL6sN4S+NO3mS61QA5gTKdV3lipONmotnT5WemoJEc6QxVTRX22XZlnWgf4bAR9tlOig7W0zIvUCvsKn7mBh/zF/VAoX7gfNbQBPndNNUIZAV62OTyDtRSqBj6BrPhOgPzBtWCbBva1xXmjjOY4d+wD5LTvAN9d4jevoSK+QF/K6+IaXJA7/GQewL7TOotM2qA8YpuooT3vAX0h/PFKTWeH47QGGTOD4sLjZ4rXFBPvgV5VNF9oo2j8cgP71vA6IxdlJgTZDFC/kM7Lcf4w98wNe0RnBK3PaysSR+hslFOg47nttFGeb3KbxBb+OEGh+Zw6zMOMvodxim3he+IELNcN6Wqcwfz7xvN+VdhPy3NUMI++OaI5lm0Az2AeVhDnpFNhnNcj6rPfxKC7sH4X10+8JdnDfWb5ZF4nQIP7gLJYGrgekA0D9I70S7WzK9DnRva9QT1G+YG5wpoTthW8Dpyrg3JOut5mrLsxygPZITcoK6RzQ+obbUzegO6iXrmx6CnIewO6Z6kYdhLoYT/QjqFMu4p5VLN+K5HbPvXDbbIW+Au89w3QYezHViyrjkJZR5pY5DnmPlSRm0ADa1ctjQ3z0zIP60e70+D8WN584A21Afs09XbawJh5o7Re4NoLkkFL6FxuA74CeYD2Q8tykTk8flqFrCeGIhlmnWMZ7mqds1jXUM+iWuha5AvIgEFrIrquwTLct0V3zEDrajyneYMOtSx7qSFt2tBj2QMb08i8G5wT+aR4wOv1yEaAXJVgI7swt9zEuYGtsMBO5zB/k/YX5Az2CXgL+tZmDtOALo6Qpl+FbF9gL8sc5m7DHrIN8tAeo47SGkyUCUU0yqZxRrCnscJxxF6CbYsvPPjusA6ijfQdsQ+O0FRhrGRPI9YTsM2y7w7NBXgUemW+wxu227v8QxvkBd4Oj1HmUGZ39kYhvcHj896AHDYKfdO2Dfq0zJQ2tO8gUyATichmWrM++U6YkLyAvxWZAF/F8/ZbkQkj8HblFZ/1ra2NBpvHvBnvyCvuCfpEkfumi7ZEZDyxYT4O6hv6bdIdsDsoX2QTQN9UkYJ85Phps60rK9B7oPEtolkgnyKkAXvGdgBk3WKaTHyyMnkc30Xbj+uHuSFNS7EO2Q7chxzn+ur7fIIyqRKyJ2iDbfQh4v9hr0uMoyrFthnthswzQx21RW9QN2zkRUiyluF6iDcB6A5+BzsA8pvDc8XrbbsmfgYUT+DfeU38vUSZsrE9f+d94DVmtcgI2Exaox2InwtakF3k8YLmWgF/8TnsVyq8zvE72FPxT3Fk8ZxwbFwT+ivYTy9pmK9dh77HXXPL575CnTNFzkgGQSZqlilf1oc0ecsy7ZvKIBpHYiHwnSXRsP1E24v7SONYrCugHwnSdLWuNGin2beybwKZcIlvXlfiorSBuaGsSR95xfyCWK5HfbjoO0OMqVr2VQripqjNKO5j++DXHCtL/DUCeYDxcP9Zn9EeKDv2hB7iXIxnYUwzMCqUG1diHQtjCKAz2QenGE+1KAdhTLGIhTGBIl0hP4A0LvpU1I2t7ST7iDJANgDjpRbkzKE4fEG2FOK1uUd8IbkGOcM1YnxEtiHDeNdg3pI+OzhHtompxCbKhDVv9wf9vyrKnT1F+UA53+6pK3PeygHaafSJSKNo7hh3pjXRkCxxbKrENgQSv4as1yyPEhuTPHooD0iTiy0gn4yxpMV9ZKgLdB6Q9ZMdZz+5q0fkSx1FPEsp5kAdf9Yr9PN0hsF5NWFP/HxMawHfmVFsAWeHFtcCfsXm+CPT9tIi3aO4pXR27ALHNuQf6VyBPlt0qOtuY5+YdUYVut/SmZQG8YZ0tgA7S3GTapke44d+LXGRTbas8HHNcj7zG9Cbhs4kuP8U1/RbXqfiMxTasjbieKXtN9ynX0EMis9aHavBWoXOdwI+e5moCxznYCyBvIWeWmxDsQG2qcjvYJvYb/UeShwGz5TeZ4Pp4EzcaFlIaS2gH/b2LMMxlMN8IpnC8TC2MyhOIblTTAc6tZXNBdOx7Sf5dYUOn7GME3988t1bPRjJeHi2pPi7bJiu1LGLw2c9hbF5IzFPI3ytaX2og+jXib9dicl9nG/Dti/Sui38zRy056z/cO5AefMSU9sInBOdy+RcFVCfJCvk69nWwLmM/H2K5wobbBLYMjj39yuOnzkOBymaUv+Bl9hi77Qsgp/j+Af2XuaVN2IDwfbNPI53k1rOi5aspw3YtjpK4mjYp1rbY/DfvO90NiSbbbO8lYbQNYHe922cBH/vK9qHwOvv+Ifn/WM+5rv7zn6mVDv7rn3Rs7xofyXjGdqn0TwxVvckvvBEzj202eQXq3C0I8PsO02RfY7VR6izpfAgc+XsWwufII73xUcrl+l8PqehHy/KHX3cxlxbfcSYi/dOtyGfbYr9sjjmUpXoC8SeffRZEAejPOF6sK2OSUhvoY9Mn9uAf7i/GI/nLv0ddE3iIDkzoB9CmfXxbIV+Gc/BeC6sxwXFVKAn27/jXCgGCeksW0oclssZJZJ4r3SYhuwD+kFbzpZ0fuZ4j3MmMH9HYkTkXYX2l/2gb4ndqcWXGKRf6AdIP8l3Ik2NcYH2P5JLAv5QPNvSeYFySbnJsVdmM02m96jmudC5u+U90nkkiMfYF4DfGCseW7kSc7sK7TGOEXP+CdYmfknp/JMTyBkP/KArslyTLGO+C8flc4AldK7ogM0+AsdLOAfmkUxivoDyFAHyvRC/SGfECH2F2O5Mx0kG05T1Vt8p54Rxti92gvwP6oorZ3rOWaHvAdvGbbJ6az9J/xLko/Yh3DfE08QPasPnOkU2BftOG2nTsi3B83pXznqRLTpac04G7Vwu/CibUMdPNG/co0xscx9jT+SjtbW7lLsSHnEMZQVo+7Z8xBjtVPwuxcUOxUY6/0j7kWNbd3cfKQ4nu7/dRzpri3zK/uN5AM8HSBe1IfswzMmQPCpu27Af0LJGc20l3iGZZf/sa/lznvMIc+9ZjjnXIPO2OG/rU05Hj7/178yjWvt3iLElZsvMYCExEdov1MUYzzOcH1GcZ3OC2Nc5lIbXndRivyztu0GWLMm9QGxfUQ5P21mMX8YF5XUc/YzibcrroP5S7q1GHlAcr2NOnYuOU0fbqW3sRWdrOo9JbFS6EmuQLQ8496rjrKud3Lp9NVwa09FOPprz9og23Xf1+O0tOAYI/y5C4P2vfHCPXtVoDo721Wj23YNzPqx8t+dW5B/fWvzJF8h39+oN5KND/31MtfXgp98fN/fdWfx8pdb4ZnmT31+tPrLC+oOrqQedL67R2fnvZxfd9wE7/xduScwfH+8eSO7wwtbmbrm+mn2pFuWCwEFf1vS7d/j9Dr/D/2fr1Yqq9YPH+WaFv0qBUOIjvFqg5exfIMOdf52t8/UXquUOTMsw7urf9j//gjcz/hohObK+vBQT0zh4a82tvddntn/965F+7htR+JHgzT+D9Pt57/Ex34vedPeLwg8C71lv1P3Xec+E/TusfcbLGR3beqFn8u2/RM/91rFeknwgfO4dQJjP8m6In//qHts8fGVYD9w974s42mNXPy740vL8yYMvjXMb3dw/LbKbXw3mZnfeIxo/Nhiz9mFj/0G5/UcoN0adlaqh7HOLVT+h30WqUdZ16uHnDhpuh0bQcH31EiH3BjEHfbygy7CC1mJlmsfAsU53sgh+EcS+o8rp0F/gj7mfLgInjR+OsuHAuOpxq7PLU/N6mHT81dia4ns4htHCHwYPV5fdx+x2/DCNjcX0crq8XnXKac/XeLja9+aIUYDREXuFObI8f/kd87J+Hen6UJFgjgpzKIZqCWOCOTvC0ow8bEf5N5NznJH829JxHQaxUQly+0U/WzrOT3WdEfS7i++bWfO72TBZnLWvd3F6dz2s9q4zteq7rGc2s0m9BClYzlZjkISLErhbwveAatleUuk6dxB3G6nDm2GcCfYqYiwE4ZlKW2pvtiK84A49Yo+KyGTMUGIyPkBRTgn65NpYXEruNKW6q64Nc56McvZWxLl7rNkYnOvGuh7mqaRO26ZSb9BjYH1J1YTJkDVI7qwN4rHgQhKNt3JVQfXa5zVSHY3yezv0gruKZ57mAeXhSDa67QseUJ4yqqh2wTwwduiV5oHg5uC5YA2RB5y3tDmXSHUkMyRMlGhTcexxrSqinJ3qveCBS3g4r//Mg5HUCry0ibc8YFxZGEeEHREe7M6bsZNc+6xJJj31TMPP3cArJZePz/1dvmm+CN/LhnLkz/ScY2wTM97yYDtnqXfodWDNT1mcUxSsI+E+fMHi0uczn6iWWTpKsEJglUz/xRjM+3i7H1yXAv4YgdQTZN5v93MhGELKne/Si8xjXWHLt12dwVypb73+WxBTXXQrYzFjCFrWCaxnJC1hQF/IuNaZrQxI/r+LdY3XugPWOgFLm7zQGdUgXiPfGaPakVPBlRJu1qdaquDOtK5jfpvr9zt6tKNnmh7xiIgZZAuPdZaR4GdjXY9Ma85hyzOpPzL2UnHdU56FwNeXNDnTML5TasGaBmsROdVp5JnUGsasZ0XfVc/PZI7PNDgHpJmgJ2x4DMHOwd5i7R1tEdgarkmzXpJdSKgOS20Jz/aCxhRbZrK8gjwKVmZLIzwAOXxNZ7+kwX/Td3jEMxtii9bBqOeP8rMfEhs6nZeR4dHbNJ0+SL4IDK2PCgzfHtt/7cAweBUYBvsDQ4v+/dvA8L8JKXIMAhuGoCd0HSIgWFAXzTq5fTBz+PncpsBSIZpuguY6+InQIuWl8rfuTht0jXMMInWf+rNi2uMfEzzaeHEBwUQEhjUqBrMXDIoAR1IL6LmVomLDINe+FB37jgSONV2AGKTkwFSMgHkpMHsa2N6txJiy4yUHpC8jEDgFnYYYxbliJ1q6MjcnEKcCTsnUf2MwM7bLCYASEBg1FfDxzrqWqTwL0MA7ZDwLLEjn5riQ8YpIiqF6PkqDssQpKRfBnwLucvVaAgqKfDH0SQ08QIdsMNgi2eETAcUsDTrTxUoC2DKvxZkSQI7nXVZi8IUH47uAC9IEqLUIpM8BozhMLJ5GdbxdP4FHGjLOCBAo6GCAoMlKgN0N0r36G+8/AnqB1zHNW9FlEXQysk/MC3DoKM1/HOBXT5k9vT1/fvf9jzXqjs59bo364VujfrDHqB98lFF/+1L1X9uo/3On7d/daePzN86V8EaMEUPsNd1TCxOK0V3+3iV1lbNELWeJmu794FmGcdiEKeHYezZR8diHWG9CsbNBpkDj5HM+m8LZkGLLLp7p8RPPPxxfjug+FbRfUhwa8nc9T8aeo3nh+0xiziOO03scH+K9uTHfK6rhE+fE51E+b7cS9/MaCBeD90F8WSf+HTHldNfLJTwwzSGX5zm1D7fj5zs8kDOJmRJ+nE1mX/drs+vq2zCvBuYFaw54Xownked4ZlLi8gbs1tBcC/4fMSwYj+MnuErjjFwntk+27ch1JqoWjIk+R/B5asE8xHwNuiK8e/U8l2x3LvbzXDKZS/Y8RrOdi8tzwbYyl2I750bxXPiT5oLttnNp1Iu56FxQX8aUu3wknzAm5oBgbxm/mOo9b55lgeX6U7sHu3P4yWL+fdfh/3EPf1P3gG32n1OK6+Gy2h/1Ew8QPumg+tJ1I4YLWgzz7eeBkddybcxgiC/xiq6W+d4cXMWxr4rTSTiAiJPUHiGQAnVmWLEl5pFM94iu5ZZsetlF4ImAzfYSzG8/bxSYYbW8C8htJPCd4eAmpws0bFTSzfF0ojDFqFPPDDu02MTxvxG4pJDmj99z3Q4j7Yb3LOdUBV/7yfm6GpotjKKxX1gjXcmgtIyYPk7zsRntE9SQ0zB8BYCvC8i/fo7QdIyKDT6zoRvQbZFX6DLV1sxzO3LX9PmpzaJrf7ZUyDtghv+Yxb+LWeSoGfpZTigDX2CqxZfMfWaIuZO3JWCiIdpm9RVXQGxVBIqrExdKssaCxM8aUmu8Kem9oK92+uc3D9ABejoJ0Zwt0awkgijHA/hSMUI6ExR/v8YbOHh7QHmM4sc3EXDloKzkRorDt9vxZoS+IZY1cnui1Td8A1ir3LDgm2cLXI+8SaDVN3zzVmeTA0K783gxI/hduWXUKC+gNzwoumlFt3nMgN+U4Sp5m0bQRrIGujXBGfFW+mR0O0a0rZjDim7vU9ZaSQUg1/04UvVy5Y0WbhBPFWf1fake4RsbKrqhxFnzbBOO1wtJ53X829n66vJi+Wmyxo5GAX0aU/mOXyaBbhZ3DzfvwGC8Nn3vAHm+Rg3t/bGYN1vxCjd/aBx2joy/aIvwxeQvNunQ2QP62IfF/jDMxzteU/432yTX/XSb9A6U9N9skw5/4Cbh70asEZz2jKQErs7VeoYA1f7/Aw== ================================================ FILE: auditlogs/trails-function-detector/main.tf ================================================ data "yandex_iam_service_account" "sa" { service_account_id = var.service_account_id } //выдача прав на вызов функции resource "yandex_resourcemanager_folder_iam_binding" "invoker_bind" { folder_id = var.folder_id #role = "serverless.functions.admin" role = "serverless.functions.invoker" members = [ "serviceAccount:${data.yandex_iam_service_account.sa.id}", ] } //выдача прав , если var.del_rule_on=True resource "yandex_resourcemanager_folder_iam_binding" "remediation_bind_1" { count = var.del_rule_on != "True" ? 0 : 1 folder_id = var.folder_id #role = "serverless.functions.admin" role = "vpc.securityGroups.admin" members = [ "serviceAccount:${data.yandex_iam_service_account.sa.id}", ] } //выдача прав , если var.del_perm_secret_on=True resource "yandex_resourcemanager_folder_iam_binding" "remediation_bind_2" { count = var.del_perm_secret_on != "True" ? 0 : 1 folder_id = var.folder_id #role = "serverless.functions.admin" role = "lockbox.admin" members = [ "serviceAccount:${data.yandex_iam_service_account.sa.id}", ] } //-------- data "archive_file" "function" { type = "zip" source_dir = "${path.module}/function" output_path = "${path.module}/sync.zip" } resource "yandex_function" "function-for-trails" { folder_id = var.folder_id name = "function-for-trails" runtime = "python38" entrypoint = "main.handler" memory = "128" execution_timeout = "30" service_account_id = data.yandex_iam_service_account.sa.id environment = { BOT_TOKEN = var.bot_token CHAT_ID = var.chat_id_var EVENT_DICT = var.any_event_dict RULE_SG_ON = var.rule_sg_on RULE_BUCKET_ON = var.rule_bucket_on RULE_SECRET_ON = var.rule_secret_on DEL_RUL_ON = var.del_rule_on DEL_PERM_SECRET_ON = var.del_perm_secret_on } user_hash = data.archive_file.function.output_base64sha256 content { zip_filename = data.archive_file.function.output_path } } /*Доделать когда появится триггер для cloudlogging в terraform resource "yandex_function_trigger" "logs-trigger" { name = "trails-log-trigger" folder_id = var.folder_id function { id = yandex_function.function-for-trails.id service_account_id = data.yandex_iam_service_account.sa.id } log_group { log_group_ids = [ var.loggroup_id, ] batch_cutoff = 10 batch_size = 5 } } */ ================================================ FILE: auditlogs/trails-function-detector/variables.tf ================================================ variable "folder_id" { } variable "service_account_id" { } /* variable "loggroup_id" { } */ #Telegram---------------- variable "bot_token" { } variable "chat_id_var" { } #Events-list---------------- variable "any_event_dict" { } #Detection-rules---------------- variable "rule_sg_on" { } variable "rule_bucket_on" { } variable "rule_secret_on" { } #Remediations---------------- variable "del_rule_on" { } variable "del_perm_secret_on" { } ================================================ FILE: auditlogs/trails-function-detector/versions.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.5" } } } ================================================ FILE: auth_and_access/ad-sync/README.md ================================================ # Yandex Cloud синхронизация пользователей и групп. ## Synopsis Сценарий получает список пользователей в указанных группах LDAP-каталога, проверяет наличе группы. Если группа не существует - сценарий создаст ее. Далее проверяется наличе федеративных пользователей. Если пользователя не существует - сценарий его создаст, указав в качестве NameID либо UserPrincipalName, либо Mail (в зависимости от маппинга со стороны IdP). После чего, контроллируется члество в группе. Если пользователь был исключен из группы в LDAP-каталоге, сценарий исключит его из группы в облаке. Контроль членства идет по пользователям конкретной федерации. В случае исключения пользователя, аккаунты других федераций и аккаунты Yandex Passport затронуты не будут. # v.0.2 ## Общие органичения: * Запуск скрипта должен выполняться в контексте Domain User LDAP-каталога (пользователь должен быть членом домена) ## Ограничения режима Bootstrap: * Имена групп должны использовать символы латиницы и символ "-". Другие символы в т.ч. пробелы не допускаются * Создание групп только при наличии привелегии organization.Admin # Описание ключей - `Bootstrap` - режим провиженинга и синхронизации групп. Имена групп в LDAP-каталоге должны соответствовать правилам именования групп Yandex Cloud. Несовместим с ключами `Mapping` и `CSV` - `Mapping` - режим маппинга групп LDAP-каталога в произвольном именовании в соответствующие группы Yandex CLoud через CSV-файл. Несовместим с режимом `Bootstrap` и ключом `GroupNames` - `CSV` - путь к CSV-файлу с маппингом LDAP-групп в облачные. Формат файла: ``` "DomainGroup","CloudGroup" "Domain Group 1","cloud-group-1" "Domain Group 2","cloud-group-2" ``` Несовместим с режимом `Bootstrap` и ключом `GroupNames` - `GroupNames` - массив имен групп LDAP-каталога. Задается через @() или "" Несовместим с ключами `Mapping` и `CSV`. - `YCToken` - [уникальная последовательность символов, которая выдается пользователю после прохождения аутентификации. С помощью этого токена пользователь авторизуется в API Yandex Cloud и выполняет операции с ресурсами.](https://cloud.yandex.ru/docs/iam/concepts/authorization/iam-token) - `YCOrgID` - идентификатор организации Yandex Cloud. - `FederationName` - имя федерации в организации Yandex Cloud. - `LoginType` - атрибут учетной записи пользоваться, которая будет маппиться в NameID. Возможные значения: `UPN` и `Mail`. Значение по умолчанию: `UPN`. - `LogDirectory` - путь к каталогу для логов. По умолчанию используется текущий каталог, где расположен скрипт. <{ # Настройка окружения Предполагаем, что у вас уже есть доступ в Yandex Cloud, вы знаете идентификатор своей организации (`organization-id`) и имя федерации, где будут создаваться пользователи. ## Установка YC CLI Для развёртывания рабочего окружения установим инструмент `Yandex Cloud CLI (yc)` на свой компьютер (подробная [инструкция](https://cloud.yandex.ru/docs/cli/operations/install-cli#interactive)). ## Подключение к Web консоли облака * [Подключение к Web консоли облака с помощью Яндекс ID (Option A)](#yandex-id) * [Подключение к Web консоли облака с помощью Федерации удостоверений сервиса Организации (Option B)](#federation-id) ### Подключение к Web консоли облака с помощью Яндекс ID (Option A) * Откроем в новой вкладке браузера [консоль облака](https://console.cloud.yandex.ru/) и, слева внизу, выберем `Учетная запись` и выйдем из всех текущих аккаунтов облака. В результате на экране должна показаться страница с кнопкой `Войти в аккаунт на Яндексе`. Закроем эту страницу. * Откроем в новой вкладке [ссылку](https://passport.yandex.ru/auth?mode=add-user&retpath=https%3A%2F%2Fconsole.cloud.yandex.ru%2F) где будет предложено авторизоваться в Яндекс ID * Введём имя и пароль пользователя для учётной записи Яндекс ID, после чего произойдёт перенаправление в консоль Yandex Cloud * Перейдём по [ссылке](https://oauth.yandex.ru/authorize?response_type=token&client_id=1a6990aa636648e9b2ef855fa7bec2fb) для получения OAuth Token. Значение token будет выглядеть примерно так `AQAAAAAABQ0pAATrwPdubkJPerC4mJyaRELWbUY` * Сохраним полученное значение Token в переменной окружения (для Windows – PowerShell, MacOS и Linux – bash) #### Windows: ```PowerShell $env:$YCToken="<ваш OAuth Token>" ``` Создадим профиль в yc для работы с облаком #### Настройка профиля yc в Windows: ```PowerShell yc config profile create lockbox yc config set cloud-id yc config set folder-id yc config set token $env:$YCToken ``` где вместо `` нужно указать идентификатор своего облака, а вместо `` нужно указать идентификатор каталога в облаке. Идентификаторы можно получить из консоли облака через веб интерфейс. ### Подключение к Web консоли облака с помощью Федерации удостоверений сервиса Организации (Option B) * Создадим профиль в `yc` для работы с облаком ```bash yc config profile create lockbox yc config set cloud-id yc config set folder-id yc config set federation-id yc config set organization-id ``` где вместо \ нужно указать идентификатор своего облака, например, `b1g8d7gjpvedf23hg3sv`, вместо \ нужно указать идентификатор каталога в облаке, например, `b1guv7crr32qfgiimxwp`, а вместо \ нужно указать идентификатор федерации, например, `yc.your-org-name.federation`. Идентификаторы можно получить из консоли облака через веб интерфейс в разделе сервиса Organizations.}> # Запуск сценария Для начала зададим переменные окружения: #### Windows: * Запустите консоль PowerShell * Выполните: ```PowerShell yc config profile activate iam $env:$YCToken= $(yc iam create token) $env:YC_CLOUD_ID=$(yc config get cloud-id) $env:YC_FOLDER_ID=$(yc config get folder-id) $env:YC_ORG=$(yc config get organization-id) ``` ## Пример 1 ```PowerSHell > .\Sync-YCLDAPUsers.ps1 -Bootstrap -GroupNames @("group1","Group2") -YCToken $env:$YCToken -YCOrgID $env:YC_ORG FederationName = "dev-federation" -LoginType UPN ``` Команда создает и синхронизирует членов группы group1 and Group2 в указанной организации и федерации, используя в качестве NameID атрибут UserPrincipalName. ## Пример 2 ```PowerShell $Params = @{ Bootstrap = $true GroupNames = @("group1","Group2") YCToken = $env:$YCToken YCOrgID = $env:YC_ORG FederationName = "dev-federation" LoginType = "Mail" } .\Sync-YCLDAPUsers.ps1 @Params ``` Команда создает и синхронизирует членов группы group1 and Group2 в указанной организации и федерации, используя в качестве NameID атрибут Mail. ## Пример 3 ```PowerShell # Getting IAM token $env:YC_TOKEN = $(yc iam create-token) # Setting up organization ID $env:YCOrgID = "bpf..." # Synchronizing groups and users .\Sync-YCLDAPUsers.ps1 -Mapping -CSV "C:\work\mygroups.csv" -YCToken $env:YC_TOKEN -YCOrgID $env:YCOrgID FederationName = "dev-federation" -LoginType UPN This command will sync groups matched in CSV file. in specific organization and federation and using UPN as login. ``` Команда синхронизирует членов групп из файла `mygroups.csv` в указанной организации и федерации, используя в качестве NameID атрибут UPN. ================================================ FILE: auth_and_access/ad-sync/Sync-YCLDAPUsers-v2.ps1 ================================================ <# .NOTES Copyright (c) LLC Yandex Cloud. All rights reserved. THE SAMPLE SOURCE CODE IS PROVIDED "AS IS", WITH NO WARRANTIES. .SYNOPSIS Creates and synchronize LDAP Groups and its users with Yandex Cloud Groups and Federated users. LDAP administrator can control YC Group membeship through LDAP group. If user been excluded from LDAP group, his federated account in YC will be excluded from YC Group during next sync. To successfully run source code user have to be organization.admin in Yandex Cloud and have user priveleges in LDAP Domain. .DESCRIPTION 1. The sample script creates YC Group if its does not exist. 2. After that checks users and creates them if accounts don't exist in specified federation 3. After groups and users been created - validates group membership based on LDAP group membersip. 4. Excludes or includes users based on LDAP group membersip. .PARAMETER Bootstrap Mandatory Runs script in Bootstrap mode. Bootstrap mode creates groups if it doesn't exist in cloud. Requires strong cloud naming convention in parameter GroupNames. Incompatible with Mapping and CSV parameters. .PARAMETER GroupNames Mandatory. Running only in Bootstrap mode. Array @() of LDAP group names. Group name must contains only latin characters and special character "-". All other characters such as white space, dot, underscore, etc are unsupported by YC Naming Convertion. .PARAMETER Mapping Mandatory Runs script in Mapping mode. Parameter maps LDAP groups to cloud. Requires CSV parameter. Incompatible with Bootstrap and GroupNames parameters. .PARAMETER CSV Mandatory. Parameter running only in Mapping mode. Specifies path to CSV file with groups mapping. CSV has to be in UTF8 encoding and comma-separated. CSV header Format: "DomainGroup","CloudGroup" "Domain Group 1","cloud-group-1" "Domain Group 2","cloud-group-2" .PARAMETER YCToken Mandatory. An IAM token is a unique sequence of characters issued to a user after authentication. The user needs this token for authorization in the Yandex Cloud API and access to resources. for example using yc cli: yc iam create-token .PARAMETER YCOrgID Mandatory. Yandex Cloud Organization ID. .PARAMETER FederationName Mandatory. Specifies Yandex Cloud Federation's name. .PARAMETER LoginType Setting user's attribute as login in Yandex Cloud federation. Valid values: UPN or Mail. .PARAMETER LogDirectory Specifies the directory where the log file should be generated. The default value is the current directory ($pwd). .EXAMPLE # Getting IAM token $env:YC_TOKEN = $(yc iam create-token) # Setting up organization ID $env:YCOrgID = "bpf..." # Synchronizing groups and users .\Sync-YCLDAPUsers.ps1 -Bootstrap -GroupNames @("group1","Group2") -YCToken $env:YC_TOKEN -YCOrgID $env:YCOrgID FederationName = "dev-federation" -LoginType UPN This command will create and sync groups group1 and Group2 in specifien organization and federation and using UPN as login. .EXAMPLE $Params = @{ Bootstrap GroupNames = @("group-allow","group-deny") YCToken = $env:YC_TOKEN YCOrgID = $env:YCOrgID FederationName = "dev-federation" LoginType = "Mail" } .\Sync-YCLDAPUsers.ps1 @Params This command will create and sync groups group1 and Group2 in specific organization and federation and using UPN as login. .EXAMPLE # Getting IAM token $env:YC_TOKEN = $(yc iam create-token) # Setting up organization ID $env:YCOrgID = "bpf..." # Synchronizing groups and users .\Sync-YCLDAPUsers.ps1 -Mapping -CSV "C:\work\mygroups.csv" -YCToken $env:YC_TOKEN -YCOrgID $env:YCOrgID FederationName = "dev-federation" -LoginType UPN This command will sync groups matched in CSV file. in specific organization and federation and using UPN as login. .OUTPUTS System.IO.FileInfo #> param ( [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] $GroupNames = @(), [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string] $YCToken = $env:YC_TOKEN, [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string] $YCOrgID = "bpfncbpfnadtqjhoacqi", [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string] $FederationName, [Parameter(Mandatory=$true)] [string] [ValidateNotNullOrEmpty()] [ValidateSet("Mail", "UPN")] $LoginType = "UPN", $LogDirectory = "C:\work" ) #region helpers # API Endpoints $APIEndpoints =@{ IAMGroups = "https://organization-manager.api.cloud.yandex.net/organization-manager/v1/groups" IAMFederations = "https://organization-manager.api.cloud.yandex.net/organization-manager/v1/saml/federations" IAMOrganizations = "https://organization-manager.api.cloud.yandex.net/organization-manager/v1/organizations" } function WriteLog { param([string]$message, [string]$filename, [switch]$NoDate, [switch]$skipWriteToFile, [ValidateSet("Info","Warning","Error")] [string]$EventType ) if (!$NoDate) { $logString = "{0}: {1}: {2}" -f (Get-Date).ToString("dd.MM.yyyy hh:mm:ss"), $EventType.ToUpper(), $message } else { $logString = $message } switch ($EventType) { "Warning" { Write-Warning $logString } "Error" { Write-Host $logString -ForegroundColor Red } "Info" { Write-Host $logString } Default { Write-Host $logString } } if (!$skipWriteToFile) { $mtx = New-Object System.Threading.Mutex($false, "WriteLogMutex") [void]$mtx.WaitOne() $logString | Out-File -FilePath $("$($LogDirectory)\\{1}_{0}.log" -f (Get-Date).ToString("dd.MM.yyyy"), $filename) -Append [void]$mtx.ReleaseMutex() } } function Get-YCService { param ( $token, $service_uri, $id, $method, $body ) $Headers = @{ Authorization="Bearer $token" pageSize = "1" } if($body) { $Params = @{ Uri = $service_uri Method = $method Headers = $Headers Body = $body } } else { $Params = @{ Uri = $service_uri Method = $method Headers = $Headers } } $Result = Invoke-RestMethod @Params return $Result } #endregion function Get-LDAPUsersInGroup { [CmdletBinding()] param ( $GroupName ) $Filter = "(&(objectClass=group)(cn=$GroupName))" $Searcher = New-Object DirectoryServices.DirectorySearcher $Searcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$($rootDSE.defaultNamingContext)") $Searcher.Filter = $Filter $Searcher.SearchScope = "Subtree" # Either: "Base", "OneLevel" or "Subtree" $Group = $Searcher.FindAll() #$GroupDN = $Group.Properties.distinguishedname $Filter="(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=$($Group.Properties.distinguishedname)))" $Searcher = New-Object DirectoryServices.DirectorySearcher $Searcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$($rootDSE.defaultNamingContext)") $Searcher.Filter = $Filter $Searcher.SearchScope = "Subtree" # Either: "Base", "OneLevel" or "Subtree" $Searcher.PropertiesToLoad.Add("userPrincipalName") > $Null $Searcher.PropertiesToLoad.Add("sAMAccountName") > $Null $Searcher.PropertiesToLoad.Add("displayName") > $Null $Searcher.PropertiesToLoad.Add("sn") > $Null $Searcher.PropertiesToLoad.Add("givenName") > $Null $Searcher.PropertiesToLoad.Add("mail") > $Null $Searcher.PropertiesToLoad.Add("telephoneNumber") > $Null $Searcher.PropertiesToLoad.Add("thumbnailPhoto") > $Null $UserList = $Searcher.FindAll() return $UserList } #region Groups operations function Get-YCIAMGroup { [CmdletBinding()] param ( [ValidateNotNullOrEmpty()] $YCToken = $env:YC_TOKEN, [ValidateNotNullOrEmpty()] $YCOrgID = $env:YC_ORG, $Name, $Id ) $Result = (Get-YCService -token $YCToken -service_uri "$($APIEndpoints.IAMGroups)?organizationId=$YCOrgID" -method "GET").groups if($Name) { $Result = $Result | Where-Object {$_.name -eq $Name} } if($Id) { $Result = $Result | Where-Object {$_.id -eq $Id} } return $Result } function Create-YcIAMGroup { [CmdletBinding()] param ( [ValidateNotNullOrEmpty()] $YCToken = $env:YC_TOKEN, [ValidateNotNullOrEmpty()] $YCOrgID = $env:YC_ORG, $Name, $Description ) if($Description) { $Result = Get-YCService -token $YCToken -service_uri "$($APIEndpoints.IAMGroups)?organizationId=$YCOrgID&name=$Name&description=$Description" -method "POST" } else { $Result = Get-YCService -token $YCToken -service_uri "$($APIEndpoints.IAMGroups)?organizationId=$YCOrgID&name=$Name" -method "POST" } return $Result } function Delete-YcIAMGroup { [CmdletBinding()] param ( [ValidateNotNullOrEmpty()] $YCToken = $env:YC_TOKEN, [ValidateNotNullOrEmpty()] $YCOrgID = $env:YC_ORG, $Name, $Id ) if($Name -and !$Id) { $Id = (Get-YCIAMGroup -YCToken $YCToken -YCOrgID $YCOrgID -Name $Name).id } $Result = Get-YCService -token $YCToken -service_uri "$($APIEndpoints.IAMGroups)/$Id" -method "DELETE" return $Result } function Get-YcIAMGroupMember { [CmdletBinding()] param ( [ValidateNotNullOrEmpty()] $YCToken = $env:YC_TOKEN, [ValidateNotNullOrEmpty()] $YCOrgID = $env:YC_ORG, $GroupName, $GroupId, $FederationID, $FederationName, # GetYcIAMUser $UserName ) if($GroupName -and !$GroupId) { $GroupId = (Get-YCIAMGroup -YCToken $YCToken -YCOrgID $YCOrgID -Name $GroupName).id } $Ids = @() if($FederationName -and !$FederationID) { $Ids = (Get-YcOrgFederation -YCToken $YCToken -YCOrgID $YCOrgID -Name $FederationName).id } else { $Ids = $FederationID } $Result = Get-YCService -token $YCToken -service_uri "$($APIEndpoints.IAMGroups)/$GroupId`:listMembers" -method "GET" if($UserName) { $ID = (Get-YcOrgFederatedUser -YCToken $YCToken -YCOrgID $YCOrgID -FederationID $Ids -NameID $UserName).id if($Result.members -match $ID) { $Result = $Result.members -match $ID } else { $Result = $null } } if($Result) { return $Result } } #endregion #region Federations function Get-YcOrgFederation { [CmdletBinding()] param ( [ValidateNotNullOrEmpty()] $YCToken = $env:YC_TOKEN, [ValidateNotNullOrEmpty()] $YCOrgID = $env:YC_ORG, $Name, $Id ) $Result = (Get-YCService -token $YCToken -service_uri "$($APIEndpoints.IAMFederations)?organizationId=$YCOrgID" -method "GET").federations if($Name) { $Result = $Result | Where-Object {$_.name -eq $Name} } if($Id) { $Result = $Result | Where-Object {$_.id -eq $Id} } return $Result } function Get-YcOrgFederatedUser { [CmdletBinding()] param ( [ValidateNotNullOrEmpty()] $YCToken = $env:YC_TOKEN, [ValidateNotNullOrEmpty()] $YCOrgID = $env:YC_ORG, $FederationID, $FederationName, $NameID ) # organization-manager.api.cloud.yandex.net/organization-manager/v1/saml/federations/{federationId}:listUserAccounts $Ids = @() if($FederationName -and !$FederationID) { $Ids = (Get-YcOrgFederation -YCToken $YCToken -YCOrgID $YCOrgID -Name $FederationName).id } else { $Ids = $FederationID } if(!$FederationName -and !$FederationID) { $Ids = (Get-YcOrgFederation -YCToken $YCToken -YCOrgID $YCOrgID).id } $Result = @() foreach($ID in $Ids) { #$Result += $Result += Get-YCService -token $YCToken -service_uri "$($APIEndpoints.IAMFederations)/$ID`:listUserAccounts?pageSize=1000" -method "GET" if($Result.nextPageToken) { $Result += Get-YCService -token $YCToken -service_uri "$($APIEndpoints.IAMFederations)/$ID`:listUserAccounts?pageSize=1000?pageToken=$($Result.nextPageToken)" -method "GET" } $Result = $Result.userAccounts } if($NameID) { $tmp = @() foreach($UserId in $Result) { if($UserID.samlUserAccount -match $NameID) { $tmp += $UserID } } $Result = $tmp } return $Result } function Add-YcOrgFederatedUser { [CmdletBinding()] param ( [ValidateNotNullOrEmpty()] $YCToken = $env:YC_TOKEN, [ValidateNotNullOrEmpty()] $YCOrgID = $env:YC_ORG, $FederationID, $FederationName, $NameIDs ) # organization-manager.api.cloud.yandex.net/organization-manager/v1/saml/federations/{federationId}:listUserAccounts if($FederationName -and !$FederationID) { $FederationID = (Get-YcOrgFederation -YCToken $YCToken -YCOrgID $YCOrgID -Name $FederationName).id } if(!$FederationName -and !$FederationID) { throw "Federation Name or Federation ID must be specified." } $Result = Get-YCService -token $YCToken -service_uri "https://organization-manager.api.cloud.yandex.net/organization-manager/v1/saml/federations/$FederationID`:addUserAccounts?nameIds=$NameIDs" -method "POST" return $Result } function Delete-YcOrgFederatedUser { [CmdletBinding()] param ( [ValidateNotNullOrEmpty()] $YCToken = $env:YC_TOKEN, [ValidateNotNullOrEmpty()] $YCOrgID = $env:YC_ORG, $Id, $Name, $FederationID, $FederationName ) # organization-manager.api.cloud.yandex.net/organization-manager/v1/saml/federations/{federationId}:listUserAccounts if($FederationName -and !$FederationID) { $FederationID = (Get-YcOrgFederation -YCToken $YCToken -YCOrgID $YCOrgID -Name $FederationName).id } if(!$FederationName -and !$FederationID) { throw "Federation Name or Federation ID must be specified." } $OrgID = (Get-YcOrgFederation -Id $FederationID).organizationId if($Name -and !$Id){ $Id = (Get-YcOrgFederatedUser -Name $Name -FederationID $FederationID).id } $Result = Get-YCService -token $YCToken -service_uri "$($APIEndpoints.IAMOrganizations)/$OrgID/users/$Id" -method "DELETE" return $Result } function Add-YCOrgFederatedUsersToGroup { [CmdletBinding()] param ( [ValidateNotNullOrEmpty()] $YCToken = $env:YC_TOKEN, [ValidateNotNullOrEmpty()] $YCOrgID = $env:YC_ORG, [ValidateNotNullOrEmpty()] $GroupName, $GroupID, [Object[]]$FederatedUsers, [Object[]]$FederatedUserIDs, $FederationName ) if($GroupName -and !$GroupId) { $GroupId = (Get-YCIAMGroup -YCToken $YCToken -YCOrgID $YCOrgID -Name $GroupName).id } $UsersToAdd = @() if($FederatedUsers -and !$FederatedUserIDs){ foreach($FederatedUserName in $FederatedUsers) { $FederatedUserID = (Get-YcOrgFederatedUser -NameID $FederatedUserName -FederationName $FederationName).id $Object = "" | select @{n="action";e={"ADD"}},@{n="subjectId";e={"$FederatedUserID"}} $UsersToAdd += $Object } } else { foreach($FederatedUserID in $FederatedUserIDs) { $Object = "" | select @{n="action";e={"ADD"}},@{n="subjectId";e={"$FederatedUserID"}} $UsersToAdd += $Object } } $Deltas = [PSCustomObject]@{ memberDeltas = $UsersToAdd } | ConvertTo-Json $Result = Get-YCService -token $YCToken -service_uri "$($APIEndpoints.IAMGroups)/$GroupID`:updateMembers" -method "POST" -Body $Deltas $Result } function Remove-YCOrgFederatedUsersFromGroup { [CmdletBinding()] param ( [ValidateNotNullOrEmpty()] $YCToken = $env:YC_TOKEN, [ValidateNotNullOrEmpty()] $YCOrgID = $env:YC_ORG, [ValidateNotNullOrEmpty()] $GroupName, $GroupID, [Object[]]$FederatedUsers, [Object[]]$FederatedUserIDs, $FederationName ) if($GroupName -and !$GroupId) { $GroupId = (Get-YCIAMGroup -YCToken $YCToken -YCOrgID $YCOrgID -Name $GroupName).id } $UsersToRemove = @() if($FederatedUsers -and !$FederatedUserIDs){ foreach($FederatedUserName in $FederatedUsers) { $FederatedUserID = (Get-YcOrgFederatedUser -NameID $FederatedUserName -FederationName $FederationName).id $Object = "" | select @{n="action";e={"REMOVE"}},@{n="subjectId";e={"$FederatedUserID"}} $UsersToRemove += $Object } } else { foreach($FederatedUserID in $FederatedUserIDs) { $Object = "" | select @{n="action";e={"ADD"}},@{n="subjectId";e={"$FederatedUserID"}} $UsersToRemove += $Object } } $Deltas = [PSCustomObject]@{ memberDeltas = $UsersToRemove } | ConvertTo-Json $Result = Get-YCService -token $YCToken -service_uri "$($APIEndpoints.IAMGroups)/$GroupID`:updateMembers" -method "POST" -Body $Deltas $Result } #endregion #region Main $filename = (Get-Date -f MMddyyyy_hh_mm).Tostring()+"_YCGroupSyncLog.log" $errorlog = (Get-Date -f MMddyyyy_hh_mm).Tostring()+"_YCGroupSyncErrorLog.log" if(!$LogDirectory) { $LogDirectory = (Get-Location).Path } WriteLog -message "Getting RootDSE" -EventType Info -filename $filename try { $rootDSE = [adsi]"LDAP://rootDSE" } catch { { 1: throw "Could not find RootDSE or [adsi] does not exist." WriteLog -message "Could not find RootDSE or [adsi] does not exist." -EventType Error -filename $filename WriteLog -message "Could not find RootDSE or [adsi] does not exist." -EventType Error -filename $errorlog } } foreach ($GroupName in $GroupNames){ WriteLog -message "Processing group $GroupName" -EventType Info -filename $filename if($rootDSE) { WriteLog -message "Getting LDAP users in group $GroupName" -EventType Info -filename $filename $LDAPUsers = Get-LDAPUsersInGroup -GroupName $GroupName WriteLog -message "Getting YC Group $GroupName in Cloud Organization $YCOrgID" -EventType Info -filename $filename $YCGroup = Get-YCIAMGroup -YCToken $YCToken -YCOrgID $YCOrgID -Name $GroupName.ToLower() if(!$YCGroup) { WriteLog -message "YC Group $GroupName not found in Cloud Organization $YCOrgID" -EventType Info -filename $filename WriteLog -message "Creating YC Group $GroupName not found in Cloud Organization $YCOrgID" -EventType Info -filename $filename try { $outNull = Create-YcIAMGroup -YCToken $YCToken -YCOrgID $YCOrgID -Name $GroupName.ToLower() -ErrorAction stop $YCGroup = Get-YCIAMGroup -YCToken $YCToken -YCOrgID $YCOrgID -Name $GroupName.ToLower() } catch { WriteLog -message "Could not create group $GroupName in Cloud Organization $YCOrgID. Please check YC Groups naming convention and try again." -EventType Error -filename $filename WriteLog -message "Could not create group $GroupName in Cloud Organization $YCOrgID. Please check YC Groups naming convention and try again." -EventType Error -filename $errorlog throw "Could not create group $GroupName in Cloud Organization $YCOrgID. Please check YC Groups naming convention and try again." } } else { WriteLog -message "Found YC Group group $($GroupName.ToLower())" -EventType Info -filename $filename } $UsersToAdd = @() foreach($LDAPUser in $LDAPUsers) { WriteLog -message "Processing user $($LDAPUser.Properties.userprincipalname)" -EventType Info -filename $filename if($LDAPUser.Properties.userprincipalname -ne $null -or $LDAPUser.Properties.mail -ne $null) { if($LoginType -eq "Mail") { if($LDAPUser.Properties.mail) { $username = $LDAPUser.Properties.mail.ToLower() WriteLog -message "Mail as login is selected. Login is: $username" -EventType Info -filename $filename } else { $DomainName = $rootDSE.ldapServiceName.ToString() $username = "$($LDAPUser.Properties.samaccountname)@$($DomainName.Substring(0, $DomainName.IndexOf(':')))" WriteLog -message "Mail as login is selected, but attribute Mail is empty. Using UPN for user: $username" -EventType Info -filename $filename } } if($LoginType -eq "UPN") { if($LDAPUser.Properties.userprincipalname) { $username = $LDAPUser.Properties.userprincipalname.ToLower() WriteLog -message "UPN as login is selected. Login is: $username" -EventType Info -filename $filename } else { $DomainName = $rootDSE.ldapServiceName.ToString() $username = "$($LDAPUser.Properties.samaccountname)@$($DomainName.Substring(0, $DomainName.IndexOf(':')))" WriteLog -message "UPN as login is selected, but attribute UserPrincipalName is empty. Login is: $username" -EventType Info -filename $filename } } WriteLog -message "Searching $username in federation $FederationName" -EventType Info -filename $filename $FederatedUser = Get-YcOrgFederatedUser -YCToken $YCToken -YCOrgID $YCOrgID -FederationName $FederationName -NameID $username if(!$FederatedUser) { WriteLog -message "User $username not found in federation $FederationName. Creating..." -EventType Info -filename $filename $outNull = Add-YcOrgFederatedUser -YCToken $YCToken -YCOrgID $YCOrgID -FederationName $FederationName -NameIDs @("$username") } WriteLog -message "Checking $username for membership in group $GroupName" -EventType Info -filename $filename $YCGroupMembership = Get-YcIAMGroupMember -YCToken $YCToken -YCOrgID $YCOrgID -GroupName $GroupName.ToLower() -UserName $username -FederationName $FederationName if(!$YCGroupMembership) { WriteLog -message "User $username added for membership in group $GroupName" -EventType Info -filename $filename $UsersToAdd += $username } } } if($UsersToAdd) { $outNull = Add-YCOrgFederatedUsersToGroup -YCToken $YCToken -YCOrgID $YCOrgID -GroupID $YCGroup.id -FederatedUsers $UsersToAdd -FederationName $FederationName WriteLog -message "Users $UsersToAdd has been added to group $($GroupName.ToLower())" -EventType Info -filename $filename } WriteLog -message "Validating group membership in group $($GroupName.ToLower())" -EventType Info -filename $filename $YCGroupMembers = Get-YcIAMGroupMember -YCToken $YCToken -YCOrgID $YCOrgID -GroupName $GroupName.ToLower() foreach($YCGroupMember in $YCGroupMembers.members) { $NameID = (Get-YcOrgFederatedUser -YCToken $YCToken -YCOrgID $YCOrgID -FederationName $FederationName | where {$_.id -eq $YCGroupMember.subjectId}).samlUserAccount.nameId if($NameID -and (!($LDAPUsers.Properties.userprincipalname -match $NameID) -or !($LDAPUsers.Properties.mail -match $NameID))) { WriteLog -message "User $NameID been excluded from LDAP group $GroupName excluding from YC Group $($GroupName.ToLower())" -EventType Info -filename $filename $outNull = Remove-YCOrgFederatedUsersFromGroup -YCToken $YCToken -YCOrgID $YCOrgID -GroupName $GroupName.ToLower() -FederatedUsers @("$NameID") -FederationName $FederationName WriteLog -message "User $NameID has been removed from group $($GroupName.ToLower())" -EventType Info -filename $filename } } } } #endregion ================================================ FILE: auth_and_access/iam/.gitignore ================================================ .terraform terraform.tfstate *.tfstate* terraform.tfvars .terraform.lock.hcl ================================================ FILE: auth_and_access/iam/.pre-commit-config.yaml ================================================ repos: - repo: git://github.com/antonbabenko/pre-commit-terraform rev: v1.44.0 hooks: - id: terraform_fmt - id: terraform_validate - id: terraform_docs - id: terraform_tflint args: - "--args=--only=terraform_deprecated_interpolation" - "--args=--only=terraform_deprecated_index" - "--args=--only=terraform_unused_declarations" - "--args=--only=terraform_comment_syntax" - "--args=--only=terraform_documented_outputs" - "--args=--only=terraform_documented_variables" - "--args=--only=terraform_typed_variables" - "--args=--only=terraform_module_pinned_source" - "--args=--only=terraform_naming_convention" - "--args=--only=terraform_required_version" - "--args=--only=terraform_required_providers" - "--args=--only=terraform_standard_module_structure" - "--args=--only=terraform_workspace_remote" ================================================ FILE: auth_and_access/iam/README.md ================================================ # Identity and Access Management (IAM) Terraform module for Yandex.Cloud ## Full review of module usage on youtube: [![image](https://user-images.githubusercontent.com/85429798/128347194-3efd9267-6778-4f15-93b9-39813650fe10.png)](https://www.youtube.com/watch?v=7VwSfPZ6eRM&t=3s) ## Features * Create Service accounts and assign them roles in your folder. * Assign roles to IAM users in organization and/or cloud and/or folder. * You can control **authoritatively** all permissions for organization, cloud and folder in **one** terraform manifest if needed. See Authoritative flags. * Replaces IAM groups (aka JOB TITLE) while they are in development. Use `org_user_role_mapping` variable to add permissions to existing IAM users (Yandex.Passport and Federated users) for organization level. Use `cloud_user_role_mapping` variable to add permissions to existing IAM users (Yandex.Passport and Federated users) for cloud level. Use `folder_user_role_mapping` variable to add permissions to existing IAM users (Yandex.Passport and Federated users) for folder level. To use IAM usernames(YandexID accounts) and Federated accounts as input variables '**iam_users_names**' and '**fed_users_names**' put `usernames_to_ids = true`. You can also use '**users_with_ids**' with IDs and all of them together. See example in variables' descriptions Use `sa_role_mapping` variable to create service accounts with permissions for folder level. ## Configure Terraform for Yandex.Cloud - Install [YC cli](https://cloud.yandex.com/docs/cli/quickstart) - Add environment variables for terraform auth in Yandex.Cloud ``` export YC_TOKEN=$(yc iam create-token) export YC_CLOUD_ID=$(yc config get cloud-id) export YC_FOLDER_ID=$(yc config get folder-id) ``` ## Troubleshooting Remember that service accounts in cloud **must** have unique names You can use following `yc cli` commands for diagnostic: ``` yc resource-manager folder list-operations --id XXXXXXXXXXXXXX yc resource-manager folder list-access-bindings --id XXXXXXXXXXXXXX ``` To **import** existing service accounts use: ``` terraform import 'module..yandex_iam_service_account.sa[""]' or terraform import 'module.iam.yandex_iam_service_account.sa["sa-robot"]' aje0am0b06tj6v8mXXXX ``` Then add `SA-name` to your variables and try `terraform plan` Correct resource path can be found with `terraform state list` --- ## Requirements | Name | Version | | ------------------------------------------------------------------------- | ------- | | [terraform](#requirement\_terraform) | >= 1.0 | | [yandex](#requirement\_yandex) | ~> 0.68 | ## Providers | Name | Version | | ---------------------------------------------------------- | ------- | | [yandex](#provider\_yandex) | 0.68.0 | ## Modules No modules. ## Resources | Name | Type | | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | | [yandex_iam_service_account.sa](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/iam_service_account) | resource | | [yandex_organizationmanager_organization_iam_binding.org_binding](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/organizationmanager_organization_iam_binding) | resource | | [yandex_organizationmanager_organization_iam_member.org_member](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/organizationmanager_organization_iam_member) | resource | | [yandex_resourcemanager_cloud_iam_binding.cloud_binding](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_cloud_iam_binding) | resource | | [yandex_resourcemanager_cloud_iam_member.cloud_member](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_cloud_iam_member) | resource | | [yandex_resourcemanager_folder_iam_member.folder_sa_member](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_folder_iam_member) | resource | | [yandex_resourcemanager_folder_iam_member.folder_user_member](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_folder_iam_member) | resource | | [yandex_resourcemanager_folder_iam_policy.folder_bindings_policy](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_folder_iam_policy) | resource | | [yandex_client_config.client](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/data-sources/client_config) | data source | | [yandex_iam_policy.bindings](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/data-sources/iam_policy) | data source | | [yandex_iam_user.cloud_account](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/data-sources/iam_user) | data source | | [yandex_iam_user.folder_account](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/data-sources/iam_user) | data source | | [yandex_iam_user.org_account](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/data-sources/iam_user) | data source | | [yandex_organizationmanager_saml_federation_user_account.cloud_account](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/data-sources/organizationmanager_saml_federation_user_account) | data source | | [yandex_organizationmanager_saml_federation_user_account.folder_account](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/data-sources/organizationmanager_saml_federation_user_account) | data source | | [yandex_organizationmanager_saml_federation_user_account.org_account](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/data-sources/organizationmanager_saml_federation_user_account) | data source | ## Inputs | Name | Description | Type | Default | Required | | -------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | ------- | :------: | | [cloud\_binding\_authoritative](#input\_cloud\_binding\_authoritative) | "Authoritative. Sets the IAM policy for the CLOUD and replaces any **existing** policy already attached.
If Authoritative = true : take roles from all objects in variable "cloud\_user\_role\_mapping" and make **unique** role as a new key of map with members" | `bool` | `false` | no | | [cloud\_id](#input\_cloud\_id) | Cloud-ID where where need to add permissions. Mandatory variable for CLOUD, if omited default CLOUD\_ID will be used | `string` | `null` | no | | [cloud\_user\_role\_mapping](#input\_cloud\_user\_role\_mapping) | Group of IAM User-IDs and it's permissions in CLOUD, where name = JOB Tille(aka IAM Group). Use usernames or user-ids or both
### Example
#cloud\_user\_role\_mapping = [
{
job\_title\_name = "devops"
iam\_users\_names = ["name.surname", ]
fed\_users\_names = ["name.surname@yantoso.ru", ]
roles = ["editor", ]
},
{
job\_title\_name = "developers"
users\_with\_ids = ["userAccount:idxxxxxx1", "federatedUser:idxxxxxx2"]
iam\_users\_names = ["name.surname", ]
roles = ["viewer","k8s.editor",]
},
] | `any` | `[]` | no | | [federation\_id](#input\_federation\_id) | Federation ID, mandatory for 'fed\_users\_names' | `string` | `null` | no | | [folder\_binding\_authoritative](#input\_folder\_binding\_authoritative) | Authoritative. Sets the IAM policy for the FOLDER and replaces any **existing** policy already attached. | `bool` | `false` | no | | [folder\_id](#input\_folder\_id) | Folder-ID where need to add permissions. Mandatory variable for FOLDER, if omited default FOLDER\_ID will be used | `string` | `null` | no | | [folder\_user\_role\_mapping](#input\_folder\_user\_role\_mapping) | Group of IAM User-IDs and it's permissions in FOLDER, where name = JOB Tille(aka IAM Group). Use usernames or user-ids or both
### Example
#folder\_user\_role\_mapping = [
{
job\_title\_name = "devops"
iam\_users\_names = ["name.surname", ]
fed\_users\_names = ["name.surname@yantoso.ru", ]
roles = ["iam.serviceAccounts.user", "k8s.editor", "k8s.cluster-api.cluster-admin", "container-registry.admin"]
},
{
job\_title\_name = "developers"
users\_with\_ids = ["userAccount:idxxxxxx1", "federatedUser:idxxxxxx2"]
roles = ["k8s.viewer",]
},
] | `any` | `[]` | no | | [org\_binding\_authoritative](#input\_org\_binding\_authoritative) | "Authoritative. Sets the IAM policy for the ORGANIZATION and replaces any **existing** policy already attached.
If Authoritative = true : take roles from all objects in variable "org\_user\_role\_mapping" and make **unique** role as a new key of map with members" | `bool` | `false` | no | | [org\_id](#input\_org\_id) | ORGANIZATION-ID where where need to add permissions. Mandatory variable for ORGANIZATION, if omited default ORGANIZATION\_ID will be used | `string` | `null` | no | | [org\_user\_role\_mapping](#input\_org\_user\_role\_mapping) | Group of IAM User-IDs and it's permissions in ORGANIZATION, where name = JOB Tille(aka IAM Group). Use usernames or user-ids or both
### Example
#org\_user\_role\_mapping = [
{
job\_title\_name = "admins"
iam\_users\_names = ["name.surname", ]
fed\_users\_names = ["name.surname@yantoso.ru", ]
roles = ["admin",]
},
{
job\_title\_name = "network\_admins"
sers\_with\_ids = ["userAccount:idxxxxxx1", "federatedUser:idxxxxxx2"]
roles = ["vpc.admin",]
},
] | `any` | `[]` | no | | [sa\_role\_mapping](#input\_sa\_role\_mapping) | List of SA and it's permissions
### Example
sa\_role\_mapping = [
{
name = "sa-cluster"
roles = ["editor",]
},
{
name = "sa-nodes"
roles = ["container-registry.images.puller",]
},
] | `any` | `[]` | no | | [usernames\_to\_ids](#input\_usernames\_to\_ids) | If true Usernames from IAM and Federation will be used as input variables 'iam\_users\_names' and 'fed\_users\_names' | `bool` | `true` | no | ## Outputs | Name | Description | | ----------------------------------------------------------------- | ----------------------------------------------------------- | | [sa\_ids](#output\_sa\_ids) | List IDs of created service accounts | | [sa\_names](#output\_sa\_names) | List Names of created service accounts | | [sa\_object](#output\_sa\_object) | Map with service accounts info , key = service account name | ================================================ FILE: auth_and_access/iam/examples/custom roles/README.md ================================================ # Yandex.SCALE 2021 Assigning roles for to IAM users ## Configure Terraform for Yandex.Cloud - Install [YC cli](https://cloud.yandex.com/docs/cli/quickstart) - Add environment variables for terraform auth in Yandex.Cloud ``` export YC_TOKEN=$(yc iam create-token) ``` ## Quick Start Rename `terraform.tfvars.example` to `terraform.tfvars` and add your values To execute run: ``` terraform init terraform plan terraform apply ``` ================================================ FILE: auth_and_access/iam/examples/custom roles/cloud.tf ================================================ ### IAM module "iam_cloud" { source = "../.." org_id = var.org_id cloud_id = var.cloud_id cloud_user_role_mapping = [ { name = "cloud_admins" users = var.groups.cloud_admins roles = ["admin", ] }, { name = "cloud_members" ### Role Cloud.Member is needed for all users for UI enabling users = concat(var.groups.project_developers, var.groups.project_admins, var.groups.org_admins, var.groups.network_admins, var.groups.sec_ops, var.groups.cloud_admins) roles = ["resource-manager.clouds.member", ] }, ] } ================================================ FILE: auth_and_access/iam/examples/custom roles/organization.tf ================================================ ### IAM module "iam_org" { source = "../.." org_id = var.org_id org_user_role_mapping = [ { name = "organization_admins" users = var.groups.org_admins roles = ["admin", ] }, { name = "organization__network_admins" users = var.groups.network_admins roles = var.role_network_admin }, { name = "organization_sec_ops" users = var.groups.sec_ops roles = var.role_sec_ops }, ] } ================================================ FILE: auth_and_access/iam/examples/custom roles/projects.tf ================================================ ### IAM module "iam_dev_project" { source = "../.." cloud_id = var.cloud_id org_id = var.org_id folder_id = var.dev_folder_id folder_user_role_mapping = [ { name = "project_admins" users = var.groups.project_admins roles = ["admin", ] }, { name = "project_developers" users = var.groups.project_developers roles = var.role_dev_project_developer }, ] } module "iam_prod_project" { source = "../.." cloud_id = var.cloud_id org_id = var.org_id folder_id = var.prod_folder_id folder_user_role_mapping = [ { name = "project_admins" users = var.groups.project_admins roles = ["admin", ] }, { name = "project_developers" users = var.groups.project_developers roles = var.role_prod_project_developer }, ] } ================================================ FILE: auth_and_access/iam/examples/custom roles/terraform.tfvars.example ================================================ ###IDs org_id = "" cloud_id = "" prod_folder_id = "" dev_folder_id = "" ###Users groups = { network_admins = ["userAccount:idxxxxxx", ] org_admins = ["userAccount:idxxxxxx", ] sec_ops = ["userAccount:idxxxxxx", ] cloud_admins = ["userAccount:idxxxxxx", ] project_admins = ["userAccount:idxxxxxx", ] project_developers = ["userAccount:idxxxxxx", ] } ###Custom Roles role_network_admin = ["vpc.admin", "viewer", ] role_sec_ops = ["viewer", "kms.admin"] role_prod_project_developer = ["viewer", ] role_dev_project_developer = [ "k8s.admin", "k8s.cluster-api.cluster-admin", "compute.admin", "container-registry.admin", "load-balancer.privateAdmin", "storage.admin", "mdb.admin", "kms.admin", "iam.serviceAccounts.user", "vpc.user", "viewer" ] ================================================ FILE: auth_and_access/iam/examples/custom roles/variables.tf ================================================ variable "groups" { type = any description = "Map with key=group and value=list with iam users" } variable "role_network_admin" { type = list(any) description = "List of permissions/service roles for organization network admins" } variable "role_sec_ops" { type = list(any) description = "List of permissions/service roles for organization security officers" } variable "role_dev_project_developer" { type = list(any) description = "List of permissions/service roles for project_developers in DEV env" } variable "role_prod_project_developer" { type = list(any) description = "List of permissions/service roles for project_developers in PROD env" } variable "org_id" { type = string description = "ORGANIZATION-ID where where need to add permissions." } variable "dev_folder_id" { type = string description = "DEV Folder-ID where need to add permissions." } variable "prod_folder_id" { type = string description = "PROD Folder-ID where need to add permissions." } variable "cloud_id" { type = string description = "Cloud-ID where where need to add permissions. " } ================================================ FILE: auth_and_access/iam/examples/custom roles/versions.tf ================================================ terraform { required_version = ">= 1.0" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.62" } } } ================================================ FILE: auth_and_access/iam/examples/organization/README.md ================================================ # Assign roles for Organization and Cloud to IAM users Remember to change your **Organization-ID**, **CLOUD-ID**, **USER-ID** in `main.tf`. ## Configure Terraform for Yandex.Cloud - Install [YC cli](https://cloud.yandex.com/docs/cli/quickstart) - Add environment variables for terraform auth in Yandex.Cloud ``` export YC_TOKEN=$(yc iam create-token) ``` ## Quick Start To run this example you need to execute: ``` terraform init terraform plan terraform apply ``` ================================================ FILE: auth_and_access/iam/examples/organization/main.tf ================================================ ### IAM module "iam" { source = "../.." ## Edit with real ORG and CLOUD IDs org_id = "XXXXXXXXXXXXXXXXXXXX" cloud_id = "XXXXXXXXXXXXXXXXXXXX" ## Edit with real IAM users ID org_user_role_mapping = [ { name = "org_network_admins" users = ["userAccount:ajeu8bruia5h8sl53XXX", ] roles = ["vpc.admin", ] }, ] cloud_user_role_mapping = [ { name = "devops" users = ["userAccount:ajeu8bruia5h8sl53XXX", ] roles = ["editor", ] }, ] } ================================================ FILE: auth_and_access/iam/examples/organization/variables.tf ================================================ ================================================ FILE: auth_and_access/iam/examples/organization/versions.tf ================================================ terraform { required_version = ">= 1.0" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.62" } } } ================================================ FILE: auth_and_access/iam/examples/small/README.md ================================================ # Create service accounts and assign roles to IAM users Remember to change your **folder-ID** in variables. ## Configure Terraform for Yandex.Cloud - Install [YC cli](https://cloud.yandex.com/docs/cli/quickstart) - Add environment variables for terraform auth in Yandex.Cloud ``` export YC_TOKEN=$(yc iam create-token) export YC_CLOUD_ID=$(yc config get cloud-id) export YC_FOLDER_ID=$(yc config get folder-id) ``` ## Quick Start To run this example you need to execute: ``` terraform init terraform plan terraform apply ``` ================================================ FILE: auth_and_access/iam/examples/small/main.tf ================================================ ### IAM module "iam" { source = "../.." folder_id = "XXXXXXXXXXXXXXXXXXX" folder_binding_authoritative = false sa_role_mapping = [ { name = "sa-cluster" roles = ["editor"] }, { name = "sa-noroles" roles = [] }, { name = "sa-nodes" roles = ["container-registry.images.puller"] }, ] ## Edit with real IAM users ID folder_user_role_mapping = [ { name = "devops" users = ["serviceAccount:aje0k467i3bs3tst9d97", ] roles = ["iam.serviceAccounts.user", "k8s.admin", "k8s.cluster-api.cluster-admin", "container-registry.admin"] }, { name = "secops" users = ["serviceAccount:ajeg2qiqkhnkq3vms1eg", ] roles = [] }, { name = "developers" users = ["serviceAccount:ajevak8egbjo8v9ddl85", ] roles = ["k8s.viewer", "k8s.cluster-api.editor"] }, ] } ================================================ FILE: auth_and_access/iam/examples/small/outputs.tf ================================================ output "sa_map" { value = module.iam.sa description = "SA Map" } output "sa_names" { value = module.iam.names description = "List of SA names" } ================================================ FILE: auth_and_access/iam/examples/small/variables.tf ================================================ ================================================ FILE: auth_and_access/iam/examples/small/versions.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.5" } } } ================================================ FILE: auth_and_access/iam/examples/use usernames/README.md ================================================ # Using IAM users (Yandex ID accounts) and Federated User instead user IDs Remember to change your in variables: * **folder-id** * **cloud-id** * **Users** * **federation_id** if exist ## Configure Terraform for Yandex.Cloud - Install [YC cli](https://cloud.yandex.com/docs/cli/quickstart) - Add environment variables for terraform auth in Yandex.Cloud ``` export YC_TOKEN=$(yc iam create-token) export YC_CLOUD_ID=$(yc config get cloud-id) export YC_FOLDER_ID=$(yc config get folder-id) ``` ## Quick Start To run this example you need to execute: ``` terraform init terraform plan terraform apply ``` ================================================ FILE: auth_and_access/iam/examples/use usernames/main.tf ================================================ ### IAM module "iam" { # !!! Using names instead ids federation_id = "XXXXXXXXXXXXXXXXX" usernames_to_ids = true cloud_id = "XXXXXXXXXXXXXXXX" cloud_user_role_mapping = [ { job_title_name = "admins" iam_users_names = ["name.surname", ] fed_users_names = ["name.surname@yantoso.ru", ] roles = ["admin",] }, { job_title_name = "network_admins" users_with_ids = ["userAccount:idxxxxxx1", "federatedUser:idxxxxxx2"] roles = ["vpc.admin",] }, ] folder_id = "XXXXXXXXXXXXXXXX" folder_user_role_mapping = [ { job_title_name = "devops" iam_users_names = ["name.surname", ] fed_users_names = ["name.surname@yantoso.ru", "name2.surname@yantoso.ru"] users_with_ids = [] roles = ["viewer", ] }, { job_title_name = "developer" iam_users_names = [] fed_users_names = ["name.surname@yantoso.ru"] users_with_ids = ["federatedUser:idxxxxxx2", "userAccount:idxxxxxx1", ] roles = ["k8s.admin", ] }, ] } ================================================ FILE: auth_and_access/iam/examples/use usernames/variables.tf ================================================ ================================================ FILE: auth_and_access/iam/examples/use usernames/versions.tf ================================================ terraform { required_version = ">= 1.0" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.68" } } } ================================================ FILE: auth_and_access/iam/examples/webinar_example/README.md ================================================ # Multi-environment infrastructure with centralized RBAC management Use `iam_mgmt` folder to set roles. Use `data.data.terraform_remote_state` to use newly created service accounts in dev/prod folders. Remember to change your **folder-IDs** in all environment folders. ## Configure Terraform for Yandex.Cloud - Install [YC cli](https://cloud.yandex.com/docs/cli/quickstart) - Add environment variables for terraform auth in Yandex.Cloud ``` export YC_TOKEN=$(yc iam create-token) export YC_CLOUD_ID=$(yc config get cloud-id) export YC_FOLDER_ID=$(yc config get folder-id) ``` ## Quick Start To run this example you need to execute from **all** folders: ``` terraform init terraform plan terraform apply ``` ================================================ FILE: auth_and_access/iam/examples/webinar_example/dev/main.tf ================================================ ### Datasource data "terraform_remote_state" "sa" { backend = "local" config = { path = "../iam_mgmt/terraform.tfstate" } } ### Networking module "vpc" { source = "../modules/networking" labels = var.labels network_description = var.network_description network_name = "${var.env}-${var.network_name}" folder_id = var.folder_id subnets = var.subnets } ### Container Registry resource "yandex_container_registry" "registry" { folder_id = var.folder_id name = "${var.env}-registry" } ### Kubernetes cluster resource "yandex_kubernetes_cluster" "regional_cluster" { folder_id = var.folder_id name = "${var.env}-demo" network_id = module.vpc.id master { regional { region = "ru-central1" dynamic "location" { for_each = module.vpc.subnets content { zone = location.value.zone subnet_id = location.value.id } } } version = var.k8s_version public_ip = true maintenance_policy { auto_upgrade = true } } service_ipv4_range = var.k8s_service_ipv4_range cluster_ipv4_range = var.k8s_pod_ipv4_range release_channel = var.release_channel network_policy_provider = "CALICO" service_account_id = data.terraform_remote_state.sa.outputs.dev_sa["av-dev-sa-cluster"].id node_service_account_id = data.terraform_remote_state.sa.outputs.dev_sa["av-dev-sa-nodes"].id labels = var.labels depends_on = [module.vpc, ] } # ### K8s Node Groups # resource "yandex_kubernetes_node_group" "nodes" { # cluster_id = yandex_kubernetes_cluster.regional_cluster.id # name = "ng-${var.env}" # version = var.k8s_version # instance_template { # platform_id = "standard-v2" # nat = true # resources { # memory = 4 # cores = 2 # } # boot_disk { # type = "network-ssd" # size = 64 # } # scheduling_policy { # preemptible = false # } # } # scale_policy { # fixed_scale { # size = 3 # } # } # allocation_policy { # dynamic "location" { # for_each = module.vpc.subnets # content { # zone = location.value.zone # subnet_id = location.value.id # } # } # } # maintenance_policy { # auto_upgrade = true # auto_repair = true # } # } ================================================ FILE: auth_and_access/iam/examples/webinar_example/dev/variables.tf ================================================ variable "network_name" { description = "Name to be used on all the resources as identifier" type = string } variable "network_description" { description = "An optional description of this resource. Provide this property when you create the resource." type = string default = "terraform-created" } variable "env" { default = "demo" description = "Prefix of different environments where the resources will be created" } variable "folder_id" { type = string description = "Folder-ID where the resources will be created" } variable "subnets" { description = "An optional description of this resource. Provide this property when you create the resource." type = list(object({ zone = string v4_cidr_blocks = string })) default = [ { zone = "ru-central1-a" v4_cidr_blocks = "10.110.0.0/16" }, { zone = "ru-central1-b" v4_cidr_blocks = "10.120.0.0/16" }, { zone = "ru-central1-c" v4_cidr_blocks = "10.130.0.0/16" } ] } variable "labels" { description = "A set of key/value label pairs to assign." type = map(string) default = null } variable "k8s_version" { type = string default = "1.17" description = "Version for Kubernetes Cluster" } variable "release_channel" { type = string default = "REGULAR" description = "Release channel for Kubernetes Cluster" } variable "k8s_service_ipv4_range" { type = string default = "10.150.0.0/16" description = "CIDR for k8s services" } variable "k8s_pod_ipv4_range" { type = string default = "10.140.0.0/16" description = "CIDR for pods in k8s cluster" } ================================================ FILE: auth_and_access/iam/examples/webinar_example/dev/versions.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.5" } } } ================================================ FILE: auth_and_access/iam/examples/webinar_example/iam_mgmt/main.tf ================================================ ### IAM dev folder - change folder_id for your own module "iam_dev_folder" { source = "../modules/iam" folder_binding_authoritative = true##!!! folder_id = "XXXXXXXXXXXXXXXXXXXX" folder_user_role_mapping = [ { name = "network-admin-infra" users = ["serviceAccount:ajek2i5oh2u0goj7siad", ] ## Pre-created SA network-admin used as IAM USER roles = ["viewer", "vpc.admin"] }, { name = "developer" users = ["serviceAccount:aje01koskf49t6qkdvm4", ] ## Pre-created SA av-developer-iam-prod used as IAM USER from other folder roles = ["compute.admin", "iam.serviceAccounts.user", "mdb.admin", "k8s.admin", "container-registry.admin", "kms.admin", "vpc.user", "viewer"] }, ] sa_role_mapping = [ { name = "av-dev-sa-cluster" roles = ["editor"] }, { name = "av-dev-sa-nodes" roles = ["container-registry.images.puller"] }, { name = "av-dev-sa-storage" roles = ["storage.editor", "kms.keys.encrypterDecrypter"] }, ] } ### IAM Prod folder - change folder_id for your own module "iam_prod_folder" { source = "../modules/iam" folder_binding_authoritative = true folder_id = "XXXXXXXXXXXXXXXXXXXX" folder_user_role_mapping = [ { name = "network-admin-infra" users = ["serviceAccount:ajek2i5oh2u0goj7siad", ] ## Pre-created SA network-admin used as IAM USER roles = ["viewer", "vpc.admin"] }, { name = "developer" users = ["serviceAccount:ajebr23qsqedf8rpgjk5", ] ## Pre-created SA av-developer-iam used as IAM USER from other folder roles = ["compute.admin", "iam.serviceAccounts.user", "mdb.admin", "k8s.admin", "container-registry.admin", "kms.admin", "vpc.user", "viewer"] }, ] sa_role_mapping = [ { name = "av-prod-sa-cluster" roles = ["editor"] }, { name = "av-prod-sa-nodes" roles = ["container-registry.images.puller"] }, { name = "av-prod-sa-storage" roles = ["storage.editor", "kms.keys.encrypterDecrypter"] }, ] } ### IAM infra folder - change folder_id for your own module "iam_infra_folder" { source = "../modules/iam" folder_binding_authoritative = true folder_id = "XXXXXXXXXXXXXXXXXXXX" folder_user_role_mapping = [ { name = "network-admin-infra" users = ["serviceAccount:ajek2i5oh2u0goj7siad", ] ## Pre-created SA network-admin used as IAM USER roles = ["viewer", "vpc.admin", "compute.admin", "load-balancer.admin",] }, ] sa_role_mapping = [ { name = "infra-sa-cluster" roles = ["editor"] }, { name = "infra-sa-nodes" roles = ["container-registry.images.puller"] }, { name = "infra-sa-noroles" roles = [] }, ] } ================================================ FILE: auth_and_access/iam/examples/webinar_example/iam_mgmt/outputs.tf ================================================ output "dev_sa" { value = module.iam_dev_folder.sa } output "prod_sa" { value = module.iam_prod_folder.sa } ================================================ FILE: auth_and_access/iam/examples/webinar_example/iam_mgmt/variables.tf ================================================ ================================================ FILE: auth_and_access/iam/examples/webinar_example/iam_mgmt/versions.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.5" } } } ================================================ FILE: auth_and_access/iam/examples/webinar_example/modules/iam/.gitignore ================================================ .terraform terraform.tfstate *.tfstate* terraform.tfvars .terraform.lock.hcl ================================================ FILE: auth_and_access/iam/examples/webinar_example/modules/iam/.pre-commit-config.yaml ================================================ repos: - repo: git://github.com/antonbabenko/pre-commit-terraform rev: v1.44.0 hooks: - id: terraform_fmt - id: terraform_validate - id: terraform_docs - id: terraform_tflint args: - "--args=--only=terraform_deprecated_interpolation" - "--args=--only=terraform_deprecated_index" - "--args=--only=terraform_unused_declarations" - "--args=--only=terraform_comment_syntax" - "--args=--only=terraform_documented_outputs" - "--args=--only=terraform_documented_variables" - "--args=--only=terraform_typed_variables" - "--args=--only=terraform_module_pinned_source" - "--args=--only=terraform_naming_convention" - "--args=--only=terraform_required_version" - "--args=--only=terraform_required_providers" - "--args=--only=terraform_standard_module_structure" - "--args=--only=terraform_workspace_remote" ================================================ FILE: auth_and_access/iam/examples/webinar_example/modules/iam/README.md ================================================ # Identity and Access Management (IAM) Terraform module for Yandex.Cloud ## Features * Create Service accounts and assign them roles in your folder. * Assign roles to IAM users in cloud and/or folder. * You can control **authoritatively** all permissions for cloud and/or folder in **one** terraform manifest if needed. See Authoritative flags. * Replaces IAM groups (aka JOB TITLE) while they are in development. ## Troubleshooting Remember that service accounts in cloud **must** have unique names You can use following `yc cli` commands for diagnostic: ``` yc resource-manager folder list-operations --id XXXXXXXXXXXXXX yc resource-manager folder list-access-bindings --id XXXXXXXXXXXXXX ``` ## Requirements | Name | Version | |------|---------| | terraform | >= 0.14 | | yandex | ~> 0.5 | ## Providers | Name | Version | |------|---------| | yandex | ~> 0.5 | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | cloud\_binding\_authoritative | "Authoritative. Sets the IAM policy for the CLOUD and replaces any **existing** policy already attached.
If Authoritative = true : take roles from all objects in variable "cloud\_user\_role\_mapping" and make **unique** role as a new key of map with members" | `bool` | `false` | no | | cloud\_id | Cloud-ID where where need to add permissions. Mandatory variable for CLOUD, if omited default CLOUD\_ID will be used | `string` | `null` | no | | cloud\_user\_role\_mapping | Group of IAM User-IDs and it's permissions in CLOUD, where name = JOB Tille
### Example
#cloud\_user\_role\_mapping = [
{
name = "devops"
users = ["userAccount:idxxxxxx1", "federatedUser:idxxxxxx2"]
roles = ["editor", ]
},
{
name = "developers"
users = ["userAccount:idxxxxxx3"]
roles = ["viewer","k8s.editor",]
},
] | `any` | `[]` | no | | folder\_binding\_authoritative | Authoritative. Sets the IAM policy for the FOLDER and replaces any **existing** policy already attached. | `bool` | `false` | no | | folder\_id | Folder-ID where need to add permissions. Mandatory variable for FOLDER, if omited default FOLDER\_ID will be used | `string` | `null` | no | | folder\_user\_role\_mapping | Group of IAM User-IDs and it's permissions in FOLDER, where name = JOB Tille
### Example
#folder\_user\_role\_mapping = [
{
name = "devops"
users = ["userAccount:idxxxxxx1", "federatedUser:idxxxxxx2"]
roles = ["iam.serviceAccounts.user", "k8s.editor", "k8s.cluster-api.cluster-admin", "container-registry.admin"]
},
{
name = "developers"
users = ["userAccount:idxxxxxx3"]
roles = ["k8s.viewer",]
},
] | `any` | `[]` | no | | sa\_role\_mapping | List of SA and it's permissions
### Example
sa\_role\_mapping = [
{
name = "sa-cluster"
roles = ["editor",]
},
{
name = "sa-nodes"
roles = ["container-registry.images.puller",]
},
] | `any` | `[]` | no | ## Outputs | Name | Description | |------|-------------| | ids | List IDs of created service accounts | | names | List Names of created service accounts | | sa | Map with service accounts info , key = service account name | ================================================ FILE: auth_and_access/iam/examples/webinar_example/modules/iam/examples/dev_folder/main.tf ================================================ ### IAM module "iam" { source = "../.." folder_id = "b1g5egku47oq4l7trmmf" folder_binding_authoritative = true sa_role_mapping = [ { name = "sa-cluster" roles = ["editor"] }, { name = "sa-noroles" roles = [] }, { name = "sa-nodes" roles = ["container-registry.images.puller"] }, ] ### Edit with real IAM users ID # folder_user_role_mapping = [ # { # name = "devops" # users = ["serviceAccount:aje0k467i3bs3tst9d97", ] # roles = ["iam.serviceAccounts.user", "k8s.admin", "k8s.cluster-api.cluster-admin", "container-registry.admin"] # }, # { # name = "secops" # users = ["serviceAccount:ajeg2qiqkhnkq3vms1eg", ] # roles = [] # }, # { # name = "developers" # users = ["serviceAccount:ajevak8egbjo8v9ddl85", ] # roles = ["k8s.viewer", "k8s.cluster-api.editor"] # }, # ] } ================================================ FILE: auth_and_access/iam/examples/webinar_example/modules/iam/examples/dev_folder/outputs.tf ================================================ output "sa_map" { value = module.iam.sa description = "SA Map" } output "sa_names" { value = module.iam.names description = "List of SA names" } ================================================ FILE: auth_and_access/iam/examples/webinar_example/modules/iam/examples/dev_folder/variables.tf ================================================ ================================================ FILE: auth_and_access/iam/examples/webinar_example/modules/iam/examples/dev_folder/versions.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.5" } } } ================================================ FILE: auth_and_access/iam/examples/webinar_example/modules/iam/main.tf ================================================ ### IAM ### Datasource data "yandex_client_config" "client" {} locals { folder_id = var.folder_user_role_mapping == [] && var.sa_role_mapping == [] ? data.yandex_client_config.client.folder_id : var.folder_id cloud_id = var.cloud_id == null ? data.yandex_client_config.client.cloud_id : var.cloud_id } ### SA resource "yandex_iam_service_account" "sa" { for_each = { for v in var.sa_role_mapping : v.name => v } name = each.key folder_id = local.folder_id } locals { folder_user_mappings = chunklist(flatten([for v in var.folder_user_role_mapping : setproduct(v.users, v.roles)]), 2) sa_role_mapping = { for v in var.sa_role_mapping : v.name => v } sa_mappings = chunklist(flatten([for k, v in yandex_iam_service_account.sa : setproduct([v.id], local.sa_role_mapping[v.name].roles)]), 2) } ###Folder Permissions #### Authoritative data "yandex_iam_policy" "bindings" { dynamic "binding" { for_each = [for v in local.folder_user_mappings : { member = v[0], role = v[1] }] content { role = binding.value.role members = [binding.value.member, ] } } dynamic "binding" { for_each = [for v in local.sa_mappings : { member = v[0], role = v[1] }] content { role = binding.value.role members = ["serviceAccount:${binding.value.member}", ] } } } resource "yandex_resourcemanager_folder_iam_policy" "folder_bindings_policy" { count = var.folder_binding_authoritative == false ? 0 : 1 folder_id = local.folder_id policy_data = data.yandex_iam_policy.bindings.policy_data } ####Permissions NON-Authoritative resource "yandex_resourcemanager_folder_iam_member" "folder_sa_member" { count = var.folder_binding_authoritative == false ? length(local.sa_mappings) : 0 folder_id = local.folder_id member = "serviceAccount:${element(local.sa_mappings, count.index)[0]}" role = element(local.sa_mappings, count.index)[1] } resource "yandex_resourcemanager_folder_iam_member" "folder_user_member" { count = var.folder_binding_authoritative == false ? length(local.folder_user_mappings) : 0 folder_id = local.folder_id member = element(local.folder_user_mappings, count.index)[0] role = element(local.folder_user_mappings, count.index)[1] } ### Cloud Permissions locals { cloud_user_mappings = chunklist(flatten([for v in var.cloud_user_role_mapping : setproduct(v.users, v.roles)]), 2) } #### Authoritative resource "yandex_resourcemanager_cloud_iam_binding" "cloud_binding" { for_each = { for v in local.cloud_user_mappings : v[1] => v[0]... if var.cloud_binding_authoritative == true } cloud_id = local.cloud_id members = each.value role = each.key } #### NON-Authoritative resource "yandex_resourcemanager_cloud_iam_member" "cloud_member" { count = var.cloud_binding_authoritative == false ? length(local.cloud_user_mappings) : 0 cloud_id = local.cloud_id member = element(local.cloud_user_mappings, count.index)[0] role = element(local.cloud_user_mappings, count.index)[1] } ================================================ FILE: auth_and_access/iam/examples/webinar_example/modules/iam/outputs.tf ================================================ output "ids" { description = "List IDs of created service accounts" value = [for v in yandex_iam_service_account.sa : v.id] } output "names" { description = "List Names of created service accounts" value = [for v in yandex_iam_service_account.sa : v.name] } output "sa" { description = "Map with service accounts info , key = service account name" value = { for v in yandex_iam_service_account.sa : v.name => v } } ================================================ FILE: auth_and_access/iam/examples/webinar_example/modules/iam/variables.tf ================================================ variable "folder_id" { default = null type = string description = "Folder-ID where need to add permissions. Mandatory variable for FOLDER, if omited default FOLDER_ID will be used" } variable "folder_binding_authoritative" { type = bool default = false description = "Authoritative. Sets the IAM policy for the FOLDER and replaces any **existing** policy already attached." } variable "folder_user_role_mapping" { default = [] type = any description = < ## Requirements | Name | Version | |------|---------| | terraform | >= 0.14 | | yandex | ~> 0.5 | ## Providers | Name | Version | |------|---------| | yandex | ~> 0.5 | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | folder\_id | Folder-ID where the resources will be created | `string` | `null` | no | | labels | A set of key/value label pairs to assign. | `map(string)` | `null` | no | | network\_description | An optional description of this resource. Provide this property when you create the resource. | `string` | `"terraform-created"` | no | | network\_name | Name to be used on all the resources as identifier | `string` | n/a | yes | | subnets | Describe your subnets preferences | 
list(object({
    zone           = string
    v4_cidr_blocks = string
  }))
| 
[
  {
    "v4_cidr_blocks": "10.110.0.0/16",
    "zone": "ru-central1-a"
  },
  {
    "v4_cidr_blocks": "10.120.0.0/16",
    "zone": "ru-central1-b"
  },
  {
    "v4_cidr_blocks": "10.130.0.0/16",
    "zone": "ru-central1-c"
  }
]
| no | ## Outputs | Name | Description | |------|-------------| | id | ID of created network for internal communications | | subnets | List of maps of subnets used in vpc network: key = v4\_cidr\_block | | v4\_cidr\_blocks | List of v4\_cidr\_blocks used in vpc network | | zones | List of zones used in vpc network | ================================================ FILE: auth_and_access/iam/examples/webinar_example/modules/networking/main.tf ================================================ ### Datasource data "yandex_client_config" "client" {} ### Locals locals { folder_id = var.folder_id == null ? data.yandex_client_config.client.folder_id : var.folder_id } resource "yandex_vpc_network" "this" { description = var.network_description name = var.network_name labels = var.labels folder_id = local.folder_id } resource "yandex_vpc_subnet" "this" { for_each = { for v in var.subnets : v.v4_cidr_blocks => v } name = "${var.network_name}-${each.value.zone}:${each.value.v4_cidr_blocks}" description = "${var.network_name} subnet for zone ${each.value.zone}" v4_cidr_blocks = [each.value.v4_cidr_blocks] zone = each.value.zone network_id = yandex_vpc_network.this.id folder_id = local.folder_id labels = var.labels } ================================================ FILE: auth_and_access/iam/examples/webinar_example/modules/networking/outputs.tf ================================================ output "id" { description = "ID of created network for internal communications" value = yandex_vpc_network.this.id } output "zones" { description = "List of zones used in vpc network" value = distinct([for subnet in yandex_vpc_subnet.this : subnet.zone]) } output "v4_cidr_blocks" { description = "List of v4_cidr_blocks used in vpc network" value = flatten([for subnet in yandex_vpc_subnet.this : subnet.v4_cidr_blocks]) } output "subnets" { description = "List of maps of subnets used in vpc network: key = v4_cidr_block" value = { for v in yandex_vpc_subnet.this : v.v4_cidr_blocks[0] => map( "id", v.id, "name", v.name, "zone", v.zone ) } } ================================================ FILE: auth_and_access/iam/examples/webinar_example/modules/networking/variables.tf ================================================ variable "network_name" { description = "Name to be used on all the resources as identifier" type = string } variable "network_description" { description = "An optional description of this resource. Provide this property when you create the resource." type = string default = "terraform-created" } variable "folder_id" { type = string default = null description = "Folder-ID where the resources will be created" } variable "subnets" { description = "Describe your subnets preferences" type = list(object({ zone = string v4_cidr_blocks = string })) default = [ { zone = "ru-central1-a" v4_cidr_blocks = "10.110.0.0/16" }, { zone = "ru-central1-b" v4_cidr_blocks = "10.120.0.0/16" }, { zone = "ru-central1-c" v4_cidr_blocks = "10.130.0.0/16" } ] } variable "labels" { description = "A set of key/value label pairs to assign." type = map(string) default = null } ================================================ FILE: auth_and_access/iam/examples/webinar_example/modules/networking/versions.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.5" } } } ================================================ FILE: auth_and_access/iam/examples/webinar_example/prod/main.tf ================================================ ### Datasource data "terraform_remote_state" "sa" { backend = "local" config = { path = "../iam_mgmt/terraform.tfstate" } } ### Networking module "vpc" { source = "../modules/networking" labels = var.labels network_description = var.network_description network_name = "${var.env}-${var.network_name}" folder_id = var.folder_id subnets = var.subnets } ### Container Registry resource "yandex_container_registry" "registry" { folder_id = var.folder_id name = "${var.env}-registry" } ### Kubernetes cluster resource "yandex_kubernetes_cluster" "regional_cluster" { folder_id = var.folder_id name = "${var.env}-demo" network_id = module.vpc.id master { regional { region = "ru-central1" dynamic "location" { for_each = module.vpc.subnets content { zone = location.value.zone subnet_id = location.value.id } } } version = var.k8s_version public_ip = true maintenance_policy { auto_upgrade = true } } service_ipv4_range = var.k8s_service_ipv4_range cluster_ipv4_range = var.k8s_pod_ipv4_range release_channel = var.release_channel network_policy_provider = "CALICO" service_account_id = data.terraform_remote_state.sa.outputs.prod_sa["av-prod-sa-cluster"].id node_service_account_id = data.terraform_remote_state.sa.outputs.prod_sa["av-prod-sa-nodes"].id labels = var.labels depends_on = [module.vpc, ] } # ### K8s Node Groups # resource "yandex_kubernetes_node_group" "nodes" { # cluster_id = yandex_kubernetes_cluster.regional_cluster.id # name = "ng-${var.env}" # version = var.k8s_version # instance_template { # platform_id = "standard-v2" # nat = true # resources { # memory = 4 # cores = 2 # } # boot_disk { # type = "network-ssd" # size = 64 # } # scheduling_policy { # preemptible = false # } # } # scale_policy { # fixed_scale { # size = 3 # } # } # allocation_policy { # dynamic "location" { # for_each = module.vpc.subnets # content { # zone = location.value.zone # subnet_id = location.value.id # } # } # } # maintenance_policy { # auto_upgrade = true # auto_repair = true # } # } ================================================ FILE: auth_and_access/iam/examples/webinar_example/prod/variables.tf ================================================ variable "network_name" { description = "Name to be used on all the resources as identifier" type = string } variable "network_description" { description = "An optional description of this resource. Provide this property when you create the resource." type = string default = "terraform-created" } variable "env" { default = "demo" description = "Prefix of different environments where the resources will be created" } variable "folder_id" { type = string description = "Folder-ID where the resources will be created" } variable "subnets" { description = "An optional description of this resource. Provide this property when you create the resource." type = list(object({ zone = string v4_cidr_blocks = string })) default = [ { zone = "ru-central1-a" v4_cidr_blocks = "10.110.0.0/16" }, { zone = "ru-central1-b" v4_cidr_blocks = "10.120.0.0/16" }, { zone = "ru-central1-c" v4_cidr_blocks = "10.130.0.0/16" } ] } variable "labels" { description = "A set of key/value label pairs to assign." type = map(string) default = null } variable "k8s_version" { type = string default = "1.17" description = "Version for Kubernetes Cluster" } variable "release_channel" { type = string default = "REGULAR" description = "Release channel for Kubernetes Cluster" } variable "k8s_service_ipv4_range" { type = string default = "10.150.0.0/16" description = "CIDR for k8s services" } variable "k8s_pod_ipv4_range" { type = string default = "10.140.0.0/16" description = "CIDR for pods in k8s cluster" } ================================================ FILE: auth_and_access/iam/examples/webinar_example/prod/versions.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.5" } } } ================================================ FILE: auth_and_access/iam/main.tf ================================================ ### Datasource data "yandex_client_config" "client" {} locals { folder_id = var.folder_id == null ? data.yandex_client_config.client.folder_id : var.folder_id cloud_id = var.cloud_id == null ? data.yandex_client_config.client.cloud_id : var.cloud_id #org_id = var.org_id == null ? data.yandex_client_config.client.organization_id : var.org_id org_id = var.org_id } ### SA resource "yandex_iam_service_account" "sa" { for_each = { for v in var.sa_role_mapping : v.name => v } name = each.key folder_id = local.folder_id } ###Folder Permissions data "yandex_organizationmanager_saml_federation_user_account" "folder_account" { for_each = toset(flatten([for v in var.folder_user_role_mapping : v.fed_users_names if var.federation_id != null && var.usernames_to_ids == true])) federation_id = var.federation_id name_id = each.key } data "yandex_iam_user" "folder_account" { for_each = toset(flatten([for v in var.folder_user_role_mapping : v.iam_users_names if var.usernames_to_ids == true])) login = each.key } locals { sa_role_mapping = { for v in var.sa_role_mapping : v.name => v } sa_mappings = chunklist(flatten([for k, v in yandex_iam_service_account.sa : setproduct([v.id], local.sa_role_mapping[v.name].roles)]), 2) folder_fed_users_names = { for b in var.folder_user_role_mapping : b.job_title_name => flatten([for key, value in data.yandex_organizationmanager_saml_federation_user_account.folder_account : "federatedUser:${value.id}" if contains(b.fed_users_names, value.name_id)]) } folder_iam_users_names = { for b in var.folder_user_role_mapping : b.job_title_name => flatten([for key, value in data.yandex_iam_user.folder_account : "userAccount:${value.id}" if contains(b.iam_users_names, value.login)]) } folder_users_with_ids = { for b in var.folder_user_role_mapping : b.job_title_name => b.users_with_ids } folder_fed_user_mappings = flatten([for v in var.folder_user_role_mapping : setproduct(local.folder_fed_users_names[v.job_title_name], v.roles)]) folder_iam_user_mappings = flatten([for v in var.folder_user_role_mapping : setproduct(local.folder_iam_users_names[v.job_title_name], v.roles)]) folder_id_user_mappings = flatten([for v in var.folder_user_role_mapping : setproduct(local.folder_users_with_ids[v.job_title_name], v.roles)]) folder_user_mappings = distinct(chunklist(concat(local.folder_fed_user_mappings, local.folder_iam_user_mappings, local.folder_id_user_mappings), 2)) } #### Authoritative data "yandex_iam_policy" "bindings" { count = var.folder_binding_authoritative == false ? 0 : 1 dynamic "binding" { for_each = [for v in local.folder_user_mappings : { member = v[0], role = v[1] }] content { role = binding.value.role members = [binding.value.member, ] } } dynamic "binding" { for_each = [for v in local.sa_mappings : { member = v[0], role = v[1] }] content { role = binding.value.role members = ["serviceAccount:${binding.value.member}", ] } } } resource "yandex_resourcemanager_folder_iam_policy" "folder_bindings_policy" { count = var.folder_binding_authoritative == false ? 0 : 1 folder_id = local.folder_id policy_data = data.yandex_iam_policy.bindings[0].policy_data } #### NON-Authoritative resource "yandex_resourcemanager_folder_iam_member" "folder_sa_member" { count = var.folder_binding_authoritative == false ? length(local.sa_mappings) : 0 folder_id = local.folder_id member = "serviceAccount:${element(local.sa_mappings, count.index)[0]}" role = element(local.sa_mappings, count.index)[1] } resource "yandex_resourcemanager_folder_iam_member" "folder_user_member" { count = var.folder_binding_authoritative == false ? length(local.folder_user_mappings) : 0 folder_id = local.folder_id member = element(local.folder_user_mappings, count.index)[0] role = element(local.folder_user_mappings, count.index)[1] } ### Cloud Permissions data "yandex_organizationmanager_saml_federation_user_account" "cloud_account" { for_each = toset(flatten([for v in var.cloud_user_role_mapping : v.fed_users_names if var.federation_id != null && var.usernames_to_ids == true])) federation_id = var.federation_id name_id = each.key } data "yandex_iam_user" "cloud_account" { for_each = toset(flatten([for v in var.cloud_user_role_mapping : v.iam_users_names if var.usernames_to_ids == true])) login = each.key } locals { cloud_fed_users_names = { for b in var.cloud_user_role_mapping : b.job_title_name => flatten([for key, value in data.yandex_organizationmanager_saml_federation_user_account.cloud_account : "federatedUser:${value.id}" if contains(b.fed_users_names, value.name_id)]) } cloud_iam_users_names = { for b in var.cloud_user_role_mapping : b.job_title_name => flatten([for key, value in data.yandex_iam_user.cloud_account : "userAccount:${value.id}" if contains(b.iam_users_names, value.login)]) } cloud_users_with_ids = { for b in var.cloud_user_role_mapping : b.job_title_name => b.users_with_ids } cloud_fed_user_mappings = flatten([for v in var.cloud_user_role_mapping : setproduct(local.cloud_fed_users_names[v.job_title_name], v.roles)]) cloud_iam_user_mappings = flatten([for v in var.cloud_user_role_mapping : setproduct(local.cloud_iam_users_names[v.job_title_name], v.roles)]) cloud_id_user_mappings = flatten([for v in var.cloud_user_role_mapping : setproduct(local.cloud_users_with_ids[v.job_title_name], v.roles)]) cloud_user_mappings = distinct(chunklist(concat(local.cloud_fed_user_mappings, local.cloud_iam_user_mappings, local.cloud_id_user_mappings), 2)) } #### Authoritative resource "yandex_resourcemanager_cloud_iam_binding" "cloud_binding" { for_each = { for v in local.cloud_user_mappings : v[1] => v[0]... if var.cloud_binding_authoritative == true } cloud_id = local.cloud_id members = each.value role = each.key } #### NON-Authoritative resource "yandex_resourcemanager_cloud_iam_member" "cloud_member" { count = var.cloud_binding_authoritative == false ? length(local.cloud_user_mappings) : 0 cloud_id = local.cloud_id member = element(local.cloud_user_mappings, count.index)[0] role = element(local.cloud_user_mappings, count.index)[1] } ### Organization Permissions data "yandex_organizationmanager_saml_federation_user_account" "org_account" { for_each = toset(flatten([for v in var.org_user_role_mapping : v.fed_users_names if var.federation_id != null && var.usernames_to_ids == true])) federation_id = var.federation_id name_id = each.key } data "yandex_iam_user" "org_account" { for_each = toset(flatten([for v in var.org_user_role_mapping : v.iam_users_names if var.usernames_to_ids == true])) login = each.key } locals { ##### {job=[ids]} org_fed_users_names = { for b in var.org_user_role_mapping : b.job_title_name => flatten([for key, value in data.yandex_organizationmanager_saml_federation_user_account.org_account : "federatedUser:${value.id}" if contains(b.fed_users_names, value.name_id)]) } org_iam_users_names = { for b in var.org_user_role_mapping : b.job_title_name => flatten([for key, value in data.yandex_iam_user.org_account : "userAccount:${value.id}" if contains(b.iam_users_names, value.login)]) } org_users_with_ids = { for b in var.org_user_role_mapping : b.job_title_name => b.users_with_ids } #####[id-role pairs] per type org_fed_user_mappings = flatten([for v in var.org_user_role_mapping : setproduct(local.org_fed_users_names[v.job_title_name], v.roles)]) org_iam_user_mappings = flatten([for v in var.org_user_role_mapping : setproduct(local.org_iam_users_names[v.job_title_name], v.roles)]) org_id_user_mappings = flatten([for v in var.org_user_role_mapping : setproduct(local.org_users_with_ids[v.job_title_name], v.roles)]) #####list[pairs] org_user_mappings = distinct(chunklist(concat(local.org_fed_user_mappings, local.org_iam_user_mappings, local.org_id_user_mappings), 2)) } #### Authoritative resource "yandex_organizationmanager_organization_iam_binding" "org_binding" { for_each = { for v in local.org_user_mappings : v[1] => v[0]... if var.org_binding_authoritative == true } organization_id = local.org_id members = each.value role = each.key } #### NON-Authoritative resource "yandex_organizationmanager_organization_iam_member" "org_member" { count = var.org_binding_authoritative == false ? length(local.org_user_mappings) : 0 organization_id = local.org_id member = element(local.org_user_mappings, count.index)[0] role = element(local.org_user_mappings, count.index)[1] } ================================================ FILE: auth_and_access/iam/outputs.tf ================================================ output "sa_ids" { description = "List IDs of created service accounts" value = [for v in yandex_iam_service_account.sa : v.id] } output "sa_names" { description = "List Names of created service accounts" value = [for v in yandex_iam_service_account.sa : v.name] } output "sa_object" { description = "Map with service accounts info , key = service account name" value = { for v in yandex_iam_service_account.sa : v.name => v } } ================================================ FILE: auth_and_access/iam/variables.tf ================================================ ### Name convertion variable "usernames_to_ids" { description = "If true Usernames from IAM and Federation will be used as input variables 'iam_users_names' and 'fed_users_names'" type = bool default = true } variable "federation_id" { description = "Federation ID, mandatory for 'fed_users_names'" type = string default = null } ###Folder variable "folder_id" { default = null type = string description = "Folder-ID where need to add permissions. Mandatory variable for FOLDER, if omited default FOLDER_ID will be used" } variable "folder_binding_authoritative" { type = bool default = false description = "Authoritative. Sets the IAM policy for the FOLDER and replaces any **existing** policy already attached." } variable "folder_user_role_mapping" { default = [] type = any description = < Solution Architecture

В данном решение `IdP` развёртывается в виде виртуальной машины с [Keycloak](https://keycloak.org). Данное решение реализовано в виде двух Terraform модулей: * [keycloak-deploy](#kc-deploy) * [keycloak-config](#kc-config) Разбиение решения на два модуля вызвано тем, что [Keycloak Terraform провайдер](https://registry.tfpla.net/providers/mrparkers/keycloak/latest/docs) требует уже работающего (alive) Keycloak. ### Модуль keycloak-deploy Модуль `keycloak-deploy` создаёт следующие объекты в Yandex Cloud: * кластер [Managed Service for PostgreSQL](https://cloud.yandex.ru/docs/managed-postgresql/) - для хранения конфигурации Keycloak * сертификат [Let's Encrypt](https://letsencrypt.org/) для веб-сервера Keycloak * статический [публичный IP-адрес](https://cloud.yandex.ru/docs/vpc/concepts/address#public-addresses) для ВМ Keycloak * [группу безопасности](https://cloud.yandex.ru/docs/vpc/concepts/security-groups) для ВМ Keycloak * ВМ с решением Keycloak С полным списком входных параметров модуля можно ознакомиться [по ссылке](./keycloak-deploy/variables.tf). После завершения своей работы модуль возвращает значение `FQDN` для ВМ с развёрнутым решением Keycloak, например, `kc1.mydom.net` ### Модуль keycloak-config Модуль `keycloak-config` выполняет следующие действия: * создаёт [федерацию удостоверений](https://cloud.yandex.ru/docs/organization/add-federation) в Yandex Cloud * создаёт Realm и сопутствующие объекты в конфигурации Keycloak * обеспечивает обмен сертификатами между федерацией Yandex Cloud и Keycloak Realm * создаёт учётную запись для тестового пользователя в Keycloak * импортирует учётную запись тестового пользователя из Keycloak в организацию Yandex Cloud С полным списком входных параметров модуля можно ознакомиться [по ссылке](./keycloak-config/variables.tf). После завершения своей работы модуль возвращает значение `URL` федерации удостоверений, например, `https://console.yandex.ru/federations/bpf3375ucdgp5dxq823tt` ### Синхронизация данных между TF модулями Модуль `keycloak-config` использует часть входных и выходных данных модуля `keycloak-deploy`. Развёртывание решения требует последовательного запуска сначала модуля `keycloak-deploy`, а затем модуля `keycloak-config`. Для исключения ошибок при ручном переносе данных из одного модуля в другой рекомендуется использовать скрипт [sync.sh](./examples/keycloak-config/sync.sh), который синхронизирует нужные данные из модуля `keycloak-deploy` в модуль `keycloak-config`. ## Внешние зависимости Решение должно развёртываться в уже подготовленной инфраструктуре Yandex Cloud. Значения параметров инфраструктуры должны передаваться в `TF модули` решения в виде входных переменных. Перед развёртывание решения в Yandex Cloud уже должны существовать следующие объекты: * каталог облачных ресурсов (folder) в котором будут развёртываться компоненты решения (`kc_folder_name`) * [публичная зона](https://cloud.yandex.ru/docs/dns/concepts/dns-zone#public-zones) в сервисе [Cloud DNS](https://cloud.yandex.ru/docs/dns/). Домен, который будет создаваться в сервисе Cloud DNS должен быть предварительно `делегирован` со стороны регистратора домена (`dns_zone_name`) * сеть (network) в которой будут развёртываться компоненты решения (`kc_network_name`) * подсеть (subnet) в которой будут развёртываться компоненты решения (`kc_subnet_name`) В списке выше в круглых скобках указаны имена входных переменных для развёртывания из [keycloak-deploy](./examples/keycloak-deploy/main.tf). ## Порядок развёртывания решения Развёртывание решения предполагается под управлением ОС `Linux` или `MacOS`. Развёртывание решения под управлением ОС `Windows` не тестировалось. 1. Загрузить решение из репозитория на [github.com](https://github.com/yandex-cloud/yc-solution-library-for-security): ```bash curl -s https://raw.githubusercontent.com/yandex-cloud/yc-solution-library-for-security/master/auth_and_access/keycloak/examples/install.sh | bash ``` 2. Перейти в папку с примером развёртывания модуля [keycloak-deploy](./examples/keycloak-deploy/): ```bash cd keycloak/keycloak-deploy pwd ``` 3. `Важно!` Убедиться что все [внешние зависимости](#ext-dep) созданы. 4. Проверить значения переменных в файле [main.tf](./examples/keycloak-deploy/main.tf) и скорректировать их при необходимости. 5. Выполнить инициализацию Terraform: ```bash source ../env-yc.sh terraform init ``` 6. Выполнить развёртывание `keycloak-deploy`: ```bash terraform apply ``` Обработка запроса на выдачу сертификата в сервисе [Let's Encrypt](https://letsencrypt.org/) может выполняться `до 30 минут`! 7. Опционально. Проверить состояние выданного сертификата Let's Encrypt: ```bash yc cm certificate list ``` 8. Перейти в папку с примером развёртывания модуля [keycloak-config](./examples/keycloak-config/): ```bash cd ../keycloak-config pwd ``` 9. Выполнить синхронизацию параметров между TF модулями: ```bash bash sync.sh ``` 10. Проверить значения переменных в файле [main.tf](./examples/keycloak-config/main.tf) и скорректировать их при необходимости. 11. Выполнить инициализацию Terraform: ```bash terraform init ``` 12. Выполнить развёртывание `keycloak-config`: ```bash terraform apply ``` 13. Опционально. Проверить наличие тестовой учётной записи Keycloak в организации Yandex Cloud с помощью `yc CLI`: ```bash ORG_ID=$(cat terraform.tfstate | jq -r '.resources[] | select(.type == ('\"yandex_organizationmanager_saml_federation\"')) | .instances[0].attributes.organization_id') yc organization-manager user list --organization-id=$ORG_ID ``` ## Результаты развёртывания В результате развёртывания решения в Yandex Cloud будут созданы следующие объекты: * [федерация удостоверений]((https://cloud.yandex.ru/docs/organization/add-federation)) в указанной [организации](https://cloud.yandex.ru/docs/organization/add-federation) * `сертификат` [Let's Encrypt](https://letsencrypt.org/) для ВМ с Keycloak в сервисе [Certificate Manager](https://cloud.yandex.ru/docs/certificate-manager/) * `виртуальная машина` с IdP Keycloak интегрированная с федерацией на стороне Yandex Cloud * `запись в Yandex Cloud DNS` с публичным IP-адресом ВМ Keycloak * `учётная запись` пользователя в IdP Keycloak и её синхронизация в организации Yandex Cloud После развёртывания решения останется выдать необходимые [роли](https://cloud.yandex.ru/docs/iam/concepts/access-control/roles) на нужные облачные ресурсы для созданной в организации учётной записи пользователя. ================================================ FILE: auth_and_access/keycloak/examples/README.md ================================================ # Пример развёртывания Keycloak с помощью Terraform модулей * [keycloak-deploy](../keycloak-deploy/) * [keycloak-config](../keycloak-config/) ================================================ FILE: auth_and_access/keycloak/examples/env-yc.sh ================================================ #!/bin/bash export YC_TOKEN=$(yc iam create-token) export TF_VAR_YC_CLOUD_ID=$(yc config get cloud-id) ================================================ FILE: auth_and_access/keycloak/examples/install.sh ================================================ #!/bin/bash REPO="https://raw.githubusercontent.com/yandex-cloud/yc-solution-library-for-security/master/auth_and_access/keycloak" mkdir -p keycloak/keycloak-deploy mkdir -p keycloak/keycloak-config FILES="examples/env-yc.sh keycloak/env-yc.sh examples/keycloak-deploy/main.tf keycloak/keycloak-deploy/main.tf examples/keycloak-deploy/variables.tf keycloak/keycloak-deploy/variables.tf examples/keycloak-config/main.tf keycloak/keycloak-config/main.tf examples/keycloak-config/sync.sh keycloak/keycloak-config/sync.sh" echo "$FILES" | while read URL FILE; do curl -sl "$REPO/$URL" -o "$FILE" done ================================================ FILE: auth_and_access/keycloak/examples/keycloak-config/main.tf ================================================ # ================================== # Terraform & Provider Configuration # ================================== terraform { required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.84.0" } null = { source = "hashicorp/null" version = "~> 3.2.1" } # https://registry.tfpla.net/providers/mrparkers/keycloak/latest/docs keycloak = { source = "mrparkers/keycloak" version = "~> 4.1.0" } } } # =========================== # Call keycloak-config module # =========================== module "keycloak-config" { source = "git::https://github.com/yandex-cloud/yc-solution-library-for-security.git//auth_and_access/keycloak/keycloak-config" labels = { tag = "keycloak-config" } # ===================== # Org/Federation values # ===================== org_id = "bpfqdgu3d2815fyixlks" fed_name = "kc-fed" kc_user = { name = "user1" pass = "Gu95-paSw38" domain = "mydom.net" } # ================== # Keycloak VM values # ================== kc_realm_name = "kc1" kc_realm_descr = "My Keycloak Realm" kc_fqdn = "kc1.mydom.net" kc_port = "8443" kc_adm_user = "admin" kc_adm_pass = "Fr#dR3n48Ga-Mov" } ================================================ FILE: auth_and_access/keycloak/examples/keycloak-config/sync.sh ================================================ #!/bin/bash # Sync required input and output values # from keycloak-deploy to keycloak-config SRC_PATH="../keycloak-deploy" SRC_FN=main.tf DST_FN=main.tf KC_FQDN=$(terraform -chdir=$SRC_PATH output -raw kc_fqdn) KC_PORT=$(grep kc_port $SRC_PATH/$SRC_FN | awk -F "\"" '{print $2}') KC_ADM_USER=$(grep kc_adm_user $SRC_PATH/$SRC_FN | awk -F "\"" '{print $2}') KC_ADM_PASS=$(grep kc_adm_pass $SRC_PATH/$SRC_FN | awk -F "\"" '{print $2}') if [[ "$OSTYPE" == "linux-gnu"* ]]; then sed -i "s/kc_fqdn.*/kc_fqdn = \"$KC_FQDN\"/" $DST_FN sed -i "s/kc_port.*/kc_port = \"$KC_PORT\"/" $DST_FN sed -i "s/kc_adm_user.*/kc_adm_user = \"$KC_ADM_USER\"/" $DST_FN sed -i "s/kc_adm_pass.*/kc_adm_pass = \"$KC_ADM_PASS\"/" $DST_FN elif [[ "$OSTYPE" == "darwin"* ]]; then sed -i '' "s/kc_fqdn.*/kc_fqdn = \"$KC_FQDN\"/" $DST_FN sed -i '' "s/kc_port.*/kc_port = \"$KC_PORT\"/" $DST_FN sed -i '' "s/kc_adm_user.*/kc_adm_user = \"$KC_ADM_USER\"/" $DST_FN sed -i '' "s/kc_adm_pass.*/kc_adm_pass = \"$KC_ADM_PASS\"/" $DST_FN fi ================================================ FILE: auth_and_access/keycloak/examples/keycloak-deploy/main.tf ================================================ # ================================== # Terraform & Provider Configuration # ================================== terraform { required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.84.0" } } } # =========================== # Call keycloak-deploy module # =========================== module "keycloak-deploy" { source = "git::https://github.com/yandex-cloud/yc-solution-library-for-security.git//auth_and_access/keycloak/keycloak-deploy" cloud_id = var.YC_CLOUD_ID labels = { tag = "keycloak-deploy" } # ================== # Keycloak VM values # ================== kc_image_folder_id = "standard-images" kc_image_name = "ubuntu-22-04-lts-v20221226" kc_folder_name = "infra" kc_zone_id = "ru-central1-b" kc_network_name = "infra-net" kc_subnet_name = "infra-subnet-b" kc_hostname = "kc1" kc_vm_sg_name = "kc-sg" kc_vm_username = "admin" kc_vm_ssh_key_file = "~/.ssh/id_rsa.pub" # KC FQDN --> kc1.mydom.net dns_zone_name = "mydom-net" kc_ver = "20.0.2" kc_port = "8443" kc_adm_user = "admin" kc_adm_pass = "Fr#dR3n48Ga-Mov" # ================= # PostgreSQL values # ================= pg_db_ver = "15" pg_db_name = "kc1-db" pg_db_user = "dbadmin" pg_db_pass = "My82Sup@paS98" # =================== # Certificates values # =================== kc_cert_path = "/usr/local/etc/certs" le_cert_name = "kc1" le_cert_descr = "LE Certificate for Keycloak VM" le_cert_pub_chain = "cert-pub-chain.pem" le_cert_priv_key = "cert-priv-key.pem" } output "kc_fqdn" { value = "${module.keycloak-deploy.kc_fqdn}" } ================================================ FILE: auth_and_access/keycloak/examples/keycloak-deploy/variables.tf ================================================ variable "YC_CLOUD_ID" { description = "Cloud ID" } ================================================ FILE: auth_and_access/keycloak/keycloak-config/README.md ================================================ # Keycloak-config Terraform module ================================================ FILE: auth_and_access/keycloak/keycloak-config/federation.tf ================================================ # ======================================================== # YC Federation resource # Import Keycloak resources into Federation & Organization # ======================================================== # Create YC Federation resource "yandex_organizationmanager_saml_federation" kc_fed { name = var.fed_name organization_id = var.org_id issuer = "https://${var.kc_fqdn}:${var.kc_port}/realms/${var.kc_realm_name}" sso_url = "https://${var.kc_fqdn}:${var.kc_port}/realms/${var.kc_realm_name}/protocol/saml" sso_binding = "POST" auto_create_account_on_login = true security_settings { encrypted_assertions = true } } # Add Keycloak certificate to the YC Federation resource "null_resource" "federation_cert" { provisioner "local-exec" { command = <<-CMD echo -----BEGIN CERTIFICATE-----\\n $(curl -s https://${var.kc_fqdn}:${var.kc_port}/realms/${var.kc_realm_name}/protocol/saml/descriptor | awk '{split($0,lst,"X509Certificate>"); print substr(lst[2],1,length(lst[2])-5)}')\\n-----END CERTIFICATE----- | tee ${abspath(path.cwd)}/${var.kc_realm_name}-cert.pem yc organization-manager federation saml certificate create \ --name=${var.fed_name} \ --federation-id=${yandex_organizationmanager_saml_federation.kc_fed.id} \ --certificate-file=${abspath(path.cwd)}/${var.kc_realm_name}-cert.pem CMD } depends_on = [ keycloak_realm.realm ] } # Import Test user account to YC Organization from Keycloak data "yandex_organizationmanager_saml_federation_user_account" kc_test_user { federation_id = "${yandex_organizationmanager_saml_federation.kc_fed.id}" name_id = var.kc_user.name depends_on = [ null_resource.federation_cert ] } output "federation_url" { value = "https://console.cloud.yandex.ru/federations/${yandex_organizationmanager_saml_federation.kc_fed.id}" } ================================================ FILE: auth_and_access/keycloak/keycloak-config/keycloak-config.tf ================================================ # ================================ # Keycloak configuration resources # ================================ # https://registry.tfpla.net/providers/mrparkers/keycloak/latest/docs provider "keycloak" { client_id = "admin-cli" username = var.kc_adm_user password = var.kc_adm_pass url = "https://${var.kc_fqdn}:${var.kc_port}" } resource "keycloak_realm" "realm" { realm = var.kc_realm_name enabled = true display_name = var.kc_realm_descr display_name_html = "${var.kc_realm_descr}" ssl_required = "external" registration_allowed = false registration_email_as_username = false remember_me = false verify_email = false reset_password_allowed = false login_with_email_allowed = false internationalization { supported_locales = [ "en" ] default_locale = "en" } security_defenses { headers { x_frame_options = "DENY" content_security_policy = "frame-src 'self'; frame-ancestors 'self'; object-src 'none';" content_security_policy_report_only = "" x_content_type_options = "nosniff" x_robots_tag = "none" x_xss_protection = "1; mode=block" strict_transport_security = "max-age=31536000; includeSubDomains" } brute_force_detection { permanent_lockout = false max_login_failures = 10 wait_increment_seconds = 60 quick_login_check_milli_seconds = 1000 minimum_quick_login_wait_seconds = 60 max_failure_wait_seconds = 900 failure_reset_time_seconds = 43200 } } } resource "keycloak_saml_client" "client" { realm_id = keycloak_realm.realm.id name = "${var.fed_name}-federation" enabled = true client_id = "https://console.cloud.yandex.ru/federations/${yandex_organizationmanager_saml_federation.kc_fed.id}" base_url = "https://console.cloud.yandex.ru/federations/${yandex_organizationmanager_saml_federation.kc_fed.id}" valid_redirect_uris = [ "https://console.cloud.yandex.ru/federations/${yandex_organizationmanager_saml_federation.kc_fed.id}" ] idp_initiated_sso_relay_state = "https://console.cloud.yandex.ru/federations/${yandex_organizationmanager_saml_federation.kc_fed.id}" assertion_consumer_redirect_url = "https://console.cloud.yandex.ru" sign_documents = true sign_assertions = true include_authn_statement = true name_id_format = "username" force_name_id_format = false signature_algorithm = "RSA_SHA256" signature_key_name = "CERT_SUBJECT" full_scope_allowed = true client_signature_required = true force_post_binding = true encrypt_assertions = true signing_certificate = file("${abspath(path.module)}/${var.yc_cert}") encryption_certificate = file("${abspath(path.module)}/${var.yc_cert}") } resource "keycloak_generic_protocol_mapper" "role_list_mapper" { realm_id = keycloak_realm.realm.id client_id = keycloak_saml_client.client.id name = "role list" protocol = "saml" protocol_mapper = "saml-role-list-mapper" config = { "attribute.name" = "Role" "attribute.nameformat" = "Basic" "single" = "true" } } resource "keycloak_saml_user_property_protocol_mapper" "property_email" { realm_id = keycloak_realm.realm.id client_id = keycloak_saml_client.client.id name = "X500 email" user_property = "email" friendly_name = "email" saml_attribute_name = "urn:oid:1.2.840.113549.1.9.1" saml_attribute_name_format = "URI Reference" } resource "keycloak_saml_user_property_protocol_mapper" "property_givenname" { realm_id = keycloak_realm.realm.id client_id = keycloak_saml_client.client.id name = "X500 givenName" user_property = "firstName" friendly_name = "givenName" saml_attribute_name = "urn:oid:2.5.4.42" saml_attribute_name_format = "URI Reference" } resource "keycloak_saml_user_property_protocol_mapper" "property_surname" { realm_id = keycloak_realm.realm.id client_id = keycloak_saml_client.client.id name = "X500 surname" user_property = "lastName" friendly_name = "surname" saml_attribute_name = "urn:oid:2.5.4.4" saml_attribute_name_format = "URI Reference" } # Keycloak test user account resource "keycloak_user" "test_user" { realm_id = keycloak_realm.realm.id username = var.kc_user.name enabled = true first_name = var.kc_user.name last_name = var.kc_user.name email = "${var.kc_user.name}@${var.kc_user.domain}" attributes = {} initial_password { value = var.kc_user.pass temporary = false } } ================================================ FILE: auth_and_access/keycloak/keycloak-config/providers.tf ================================================ # ================================== # Terraform & Provider Configuration # ================================== terraform { required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.84.0" } null = { source = "hashicorp/null" version = "~> 3.2.1" } # https://registry.tfpla.net/providers/mrparkers/keycloak/latest/docs keycloak = { source = "mrparkers/keycloak" version = "~> 4.1.0" } } } ================================================ FILE: auth_and_access/keycloak/keycloak-config/variables.tf ================================================ # ======================================= # Keycloak-config module. Input variables # ======================================= variable "labels" { description = "A set of key/value label pairs to assign." type = map(string) default = null } # ======================== # Org/Federation variables # ======================== variable "org_id" { description = "YC Organization ID" type = string default = null } variable "fed_name" { description = "YC Federation name" type = string default = null } variable "yc_cert" { description = "Yandex Cloud SSL certificate" type = string default = "yc-root.crt" } variable "kc_user" { description = "Keycloak test user account" type = map(string) # name & password default = {} } # ===================== # Keycloak VM variables # ===================== variable "kc_fqdn" { description = "Keycloak public DNS FQDN" type = string default = null } variable "kc_port" { description = "Keycloak HTTPS port listener" type = string default = null } variable "kc_adm_user" { description = "Keycloak admin user name" type = string default = null } variable "kc_adm_pass" { description = "Keycloak admin user password" type = string default = null } variable "kc_realm_name" { description = "Keycloak Realm name" type = string default = null } variable "kc_realm_descr" { description = "Keycloak Realm description" type = string default = null } ================================================ FILE: auth_and_access/keycloak/keycloak-config/yc-root.crt ================================================ -----BEGIN CERTIFICATE----- MIIDjzCCAnegAwIBAgIUF3bSIPKEcz0+93czW8h814WWGl8wDQYJKoZIhvcNAQEL BQAwVzELMAkGA1UEBhMCUlUxDzANBgNVBAgMBk1vc2NvdzEPMA0GA1UECgwGWWFu ZGV4MRUwEwYDVQQLDAxZYW5kZXguQ2xvdWQxDzANBgNVBAMMBllhbmRleDAeFw0y MDAyMTIwODI2NTVaFw0yNTAyMTIwODI2NTVaMFcxCzAJBgNVBAYTAlJVMQ8wDQYD VQQIDAZNb3Njb3cxDzANBgNVBAoMBllhbmRleDEVMBMGA1UECwwMWWFuZGV4LkNs b3VkMQ8wDQYDVQQDDAZZYW5kZXgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQDYVcxqC0Ienc85C2oD93GvYB172VSPYuy7umjHa/8Xy8KUGmAjO1pJA2Qv grs0AmymueM6d6Uw0C7MsDY/Z3eOid9ZRnbmJtfx2MzmyA91Y0ZvcIxYXWa4kloE iLUMGs94ixgBat+erKN836NVF4mFOtLUsueMOkQkdFw6RPlw9NccEmWxb/XfzA2f ceCjWFeJt1RQSAMPxmsd+s9NmsaZ7dFsn1Vx/ACLdlzxhyCjf7A5FIRZUxEHQF5U OP7z2bKkErDivFj19XhZ2whHmHNKy2pvrzZ0ufoy2+isW5HzEn1+DO3hwX8pKOOv jtKi5vqtsdjteGDmF2+lm+RxrkL/AgMBAAGjUzBRMB0GA1UdDgQWBBRVWZqkoCfZ HnN6vDN6d5l2tQGp7jAfBgNVHSMEGDAWgBRVWZqkoCfZHnN6vDN6d5l2tQGp7jAP BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQA4/gJ1/dawiBYa4hYp CFsnWIgoJ9iLgG6mOZ6q0xT8X/zAPkA9EeB75OdFPFruAydRlihdiVfrjbdOYoEg rTbF1jtWAAK+YQpLohrLp070h5PzXMMvso8Tkg4phxLEGhtsHg+SMFipvg0uTG1C WttgnHy8tWfrjbrF2MPA846ibHu7nPjhwoQxdd5kILPYLTANc3YzwaiN96f6flZg edkVDUHMT2AVMpFvbYb1jNqULQ9Xyl5ebdTqLVzJ1WWDN7rUGdv2qDrHOlHeBMU3 2S6djwOizttFSwkj2q0FXAH8UFBTDS63gjSwJVzoSHaeFXo+6iT1b1eKj8sdxcbE 3rA+ -----END CERTIFICATE----- ================================================ FILE: auth_and_access/keycloak/keycloak-deploy/README.md ================================================ # Keycloak-deploy Terraform module ================================================ FILE: auth_and_access/keycloak/keycloak-deploy/dns-cm.tf ================================================ # =================================== # DNS & Certificate Manager resources # =================================== data "yandex_dns_zone" "kc_dns_zone" { folder_id = "${data.yandex_resourcemanager_folder.kc_folder.id}" name = var.dns_zone_name } locals { kc_fqdn = "${var.kc_hostname}.${trimsuffix(data.yandex_dns_zone.kc_dns_zone.zone,".")}" } # Create DNS record for Keycloak VM with created public ip address resource "yandex_dns_recordset" "kc_dns_rec" { zone_id = data.yandex_dns_zone.kc_dns_zone.id name = var.kc_hostname type = "A" ttl = 300 data = ["${yandex_vpc_address.kc_pub_ip.external_ipv4_address[0].address}"] } # Create request to the Let's Encrypt service for Keycloak's VM certificate resource "yandex_cm_certificate" "kc_le_cert" { folder_id = "${data.yandex_resourcemanager_folder.kc_folder.id}" name = var.le_cert_name domains = [ "${local.kc_fqdn}" ] managed { challenge_type = "DNS_CNAME" } } # Create domain validation DNS record for Let's Encrypt service resource "yandex_dns_recordset" "validation_dns_rec" { zone_id = data.yandex_dns_zone.kc_dns_zone.id name = yandex_cm_certificate.kc_le_cert.challenges[0].dns_name type = yandex_cm_certificate.kc_le_cert.challenges[0].dns_type data = [yandex_cm_certificate.kc_le_cert.challenges[0].dns_value] ttl = 60 } output "kc_fqdn" { value = local.kc_fqdn } ================================================ FILE: auth_and_access/keycloak/keycloak-deploy/kc-setup.sh ================================================ # =============================== # Keycloak VM provisioning script # =============================== # Get Keycloak input data source kc-data.sh # Change Timezone timedatectl set-timezone Europe/Moscow # Install Packages apt-get update > /dev/null apt-get install -y unzip openjdk-18-jre jq > /dev/null # Install Yandex Cloud CLI (yc CLI) YC_PATH="/opt/yc" mkdir -p ${YC_PATH} curl -s -O https://storage.yandexcloud.net/yandexcloud-yc/install.sh chmod u+x install.sh ./install.sh -a -i ${YC_PATH}/ 2>/dev/null ln -s ${YC_PATH}/bin/yc /usr/bin/yc rm -f install.sh sed -i "\$ a source ${YC_PATH}/completion.bash.inc" /etc/profile # Configuring yc CLI VM_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id) FOLDER_ID=$(yc compute instance get $VM_ID --format=json | jq -r .folder_id ) CLOUD_ID=$(yc resource folder get $FOLDER_ID --format=json | jq -r .cloud_id) yc config profile create default yc config set cloud-id $CLOUD_ID yc config set folder-id $FOLDER_ID unset CLOUD_ID FOLDER_ID VM_ID # Get Keycloak distro and put files to the right place curl -sLO https://github.com/keycloak/keycloak/releases/download/$KC_VER/keycloak-$KC_VER.zip unzip -q keycloak-$KC_VER.zip rm -f keycloak-$KC_VER/bin/*.bat mkdir -p /opt/keycloak cp -R keycloak-$KC_VER/* /opt/keycloak rm -rf keycloak-$KC_VER/ keycloak-$KC_VER.zip export PATH=$PATH:/opt/keycloak/bin kc.sh build # Get Let's Encrypt certificate from the YC Certificate Manager # Let's Encrypt should validate certificate request within 30 minutes mkdir -p $KC_CERT_PATH status=None while [ $status != 'ISSUED' ] do status=$(yc cm certificate get --full --name=$KC_CERT_NAME --format=json | jq -r .status) echo $(date +'%H:%M:%S') $status sleep 60 done yc cm certificate download --name=$KC_CERT_NAME --chain=$KC_CERT_PATH/$KC_CERT_PUB --key=$KC_CERT_PATH/$KC_CERT_PRIV > /dev/null # Prepare systemd things groupadd keycloak useradd -r -g keycloak -d /opt/keycloak -s /sbin/nologin keycloak chown -R keycloak:keycloak /opt/keycloak chmod o+x /opt/keycloak/bin/ cat < /lib/systemd/system/keycloak.service [Unit] Description=Keycloak Service After=network.target [Service] User=keycloak Group=keycloak PIDFile=/var/run/keycloak/keycloak.pid WorkingDirectory=/opt/keycloak Environment="KEYCLOAK_ADMIN=$KC_ADM_USER" Environment="KEYCLOAK_ADMIN_PASSWORD=$KC_ADM_PASS" ExecStart=/opt/keycloak/bin/kc.sh start \\ --db-url-database=$PG_DB_NAME \\ --db-url-host=$PG_DB_HOST \\ --db-username=$PG_DB_USER \\ --db-password=$PG_DB_PASS \\ --hostname=$KC_FQDN \\ --hostname-strict=true \\ --http-enabled=false \\ --https-protocols=TLSv1.3,TLSv1.2 \\ --https-port=$KC_PORT \\ --https-certificate-file=$KC_CERT_PATH/$KC_CERT_PUB \\ --https-certificate-key-file=$KC_CERT_PATH/$KC_CERT_PRIV \\ --log-level=INFO [Install] WantedBy=multi-user.target EOF # Start Keycloak via systemd systemctl daemon-reload sleep 3 systemctl start keycloak systemctl enable keycloak # Remove KC admin credentials from the systemd unit after the first start sed -i '/KEYCLOAK_ADMIN/d' /lib/systemd/system/keycloak.service systemctl daemon-reload ================================================ FILE: auth_and_access/keycloak/keycloak-deploy/kc-vm-init.tpl ================================================ #cloud-config #ssh_pwauth: no users: - name: ${username} sudo: ALL=(ALL) NOPASSWD:ALL groups: sudo shell: /bin/bash ssh_authorized_keys: - "${ssh_key}" ================================================ FILE: auth_and_access/keycloak/keycloak-deploy/keycloak-vm.tf ================================================ # ===================== # Keycloak VM resources # ===================== data "yandex_resourcemanager_folder" "kc_folder" { cloud_id = var.cloud_id name = var.kc_folder_name } # Define a Keycloak image-id data "yandex_compute_image" "kc_image" { name = var.kc_image_name folder_id = var.kc_image_folder_id } # Create Service Account (SA) for Keycloak VM resource "yandex_iam_service_account" "kc_sa" { name = "${var.kc_hostname}-sa" folder_id = "${data.yandex_resourcemanager_folder.kc_folder.id}" description = "for using on Keycloak's VM" } # Grant SA access to download certificates from Certificate Manager (CM) resource "yandex_resourcemanager_folder_iam_member" "cm_cert_download" { folder_id = "${data.yandex_resourcemanager_folder.kc_folder.id}" role = "certificate-manager.certificates.downloader" member = "serviceAccount:${yandex_iam_service_account.kc_sa.id}" } # Grant SA access to Keycloak's VM metadata resource "yandex_resourcemanager_folder_iam_member" "rm_viewer" { folder_id = "${data.yandex_resourcemanager_folder.kc_folder.id}" role = "resource-manager.viewer" member = "serviceAccount:${yandex_iam_service_account.kc_sa.id}" } # Grant SA access to Keycloak's VM metadata resource "yandex_resourcemanager_folder_iam_member" "compute_viewer" { folder_id = "${data.yandex_resourcemanager_folder.kc_folder.id}" role = "compute.viewer" member = "serviceAccount:${yandex_iam_service_account.kc_sa.id}" } # Create Keycloak VM resource "yandex_compute_instance" "kc_vm" { folder_id = "${data.yandex_resourcemanager_folder.kc_folder.id}" name = var.kc_hostname hostname = var.kc_hostname platform_id = "standard-v3" zone = var.kc_zone_id service_account_id = "${yandex_iam_service_account.kc_sa.id}" resources { cores = 2 memory = 8 } boot_disk { initialize_params { image_id = data.yandex_compute_image.kc_image.id type = "network-ssd" size = 80 } } network_interface { subnet_id = "${data.yandex_vpc_subnet.kc_subnet.id}" nat = true nat_ip_address = "${yandex_vpc_address.kc_pub_ip.external_ipv4_address[0].address}" security_group_ids = [ yandex_vpc_security_group.kc_sg.id ] } metadata = { user-data = templatefile("${abspath(path.module)}/kc-vm-init.tpl", { username = "${chomp(var.kc_vm_username)}", ssh_key = "${chomp(var.kc_vm_ssh_key_file)}" }) } # Prepare input data for Keycloak VM provisioning script provisioner "file" { destination = "kc-data.sh" content = < # Инстуркция: **Пререквизиты**: - Платежный аккаунт yandex cloud - Созданная организация - Если выбрана установка keycloaс то необходимо иметь публичную зону dns [делегированнную в yandex cloud](https://cloud.yandex.ru/docs/dns/operations/zone-create-public) **Уровень организации** 0) Скачайте репозиторий и перейдите в папку ```Python git clone https://github.com/yandex-cloud/yc-solution-library-for-security.git cd yc-solution-library-for-security/auth_and_access/org_iac_iam ``` 1) Настроить [yc cli](https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwi49oiWr4L7AhXLl4sKHSOnCxQQFnoECBkQAQ&url=https%3A%2F%2Fcloud.yandex.ru%2Fdocs%2Fcli%2Fquickstart&usg=AOvVaw3sNw2joYtjNX6fJJHB-EP8) 2) Создать руками первое облако cloud-org-admin 3) Укажите в yc cli ваше первое облако ```Python yc config set cloud-id ``` 4) Создать в нем каталог org-admin (без default сети) ```Python yc resource-manager folder create --name org-admin ``` 5) Создать руками sa sa-org-admin для управления tf в этом каталоге ```Python yc iam service-account create --name sa-org-admin --folder-name org-admin ``` 6) Убедиться, что в сервисе Cloud DNS папки org-admin уже [создана публичная DNS-зона](https://cloud.yandex.ru/docs/dns/operations/zone-create-public) с которой будем работать дальше. Имя этой зоны далее указывается в переменной DNS_ZONE_NAME 7) Перейдите в папку ./module_keycloak . Запускаем kc-users-gen.sh - получаем файл со списком учетных записей пользователей федерации с автогенерированными паролями. Имя файла в переменной kc_user_file. 8) Укажите переменные dns_zone_name, folder_id и kc_fqdn согласно вашим значениям в файле module_keycloak/variables.tf . Это необходимо для генерации сертификата. 9) Запускаем kc-le-cert.sh - получаем Let's Encrypt сертификаты для нужного домена в виде пары .pem файлов. Имена файлов в переменных le_cert_pub_key и le_cert_priv_key соответственно из папки module_keycloak/variables.tf 10) Вернитесь в исходную общую папку. Заполните файл terraform.tfvars !не забудьте поменять имя файла на terrafrom.tfvars 11) Выдать права sa на оргу через cli (пока не поддержана возможность выдачи через UI) ```Python yc organization-manager organization add-access-binding \ --role organization-manager.admin \ --id bpf4c0lctf2t734l95ui \ --service-account-name sa-org-admin yc organization-manager organization add-access-binding \ --role resource-manager.admin \ --id bpf4c0lctf2t734l95ui \ --service-account-name sa-org-admin yc organization-manager organization add-access-binding \ --role viewer \ --id bpf4c0lctf2t734l95ui \ --service-account-name sa-org-admin ``` 12) Создать ключ для sa-org-admin ```Python yc iam key create --service-account-name sa-org-admin --output sa-key.json ``` 13) Заполните terraform.tfvars своими значениями 14) Запустить terrafrom init, terrafrom plan, terraform apply 15) Ссылка в консоль UI в созданную федерацию и на idp keycloak будет в output 15) Зайдите в облако security в каталог cloud_admin и создайте Audit Trails согласно [инструкции](https://cloud.yandex.ru/docs/audit-trails/quickstart) с записью в S3 бакет используя сервисный аккаунт предсозданный . Используйте это [решение для создания безопасного s3 бакета](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/configuration/hardening_bucket) 16) Не забудьте подключить s3 remote storage для terraform по [инструкции](https://github.com/yandex-cloud/yc-solution-library-for-security/tree/master/terraform-sec/remote-backend). Также информация есть в [вебинаре](https://www.youtube.com/watch?v=XJDLcx8UWUU) 17) Также строго рекомендуется поместить tf конфиг в защищенный git репозиторий и управлять выкаткой изменений в state с помощью PR и согласования 18) Передайте ответственному администратору за облако "web-app-project" его логин/пароль и ссылку на вход в федерацию из output вида "https://console.cloud.yandex.ru/federations/bpf3pc05joidt9it7l0m" . Ответственный администратор назначается в группе "web-admin-group-members" в файле org_level_groups_and_users.tf **Уровень облаков** 1) Войдите в UI консоль под ответственным администратором за облако "web-app-project" с помощью ссылки в output, например https://console.cloud.yandex.ru/federations/bpf3pc05joidt9it7l0m 2) Настройте yc cli под федеративным пользователем, которого вам выдали согласно [инстуркции](https://cloud.yandex.ru/docs/cli/operations/authentication/federated-user) 3) Создайте новый каталог "network-folder" (уберите галочку создать сеть по умолчанию) ```Python yc resource-manager folder create --name network-folder ``` 4) Создайте в нем сервисный аккаунт "sa-web-app-tf" ```Python yc iam service-account create --name sa-web-app-tf --folder-name network-folder ``` 5) Выдайте ему права "resource-manager.admin" и "viewer" **именно на облако web-app-project**, а не на каталог ```Python yc resource-manager cloud add-access-binding \ --role resource-manager.admin \ --id <ваш cloud id> \ --service-account-name sa-web-app-tf yc resource-manager cloud add-access-binding \ --role viewer \ --id <ваш cloud id> \ --service-account-name sa-web-app-tf ``` 6) В основном каталоге данного решения и раскомментируйте строки в файле org_level_grant_viewer.tf (начиная со строки номер 3). Затем запустите еще раз terrafrom plan, terraform apply. Этим вы предоставите сервисной учетной записи sa-web-app-tf роль organization-manager.viewer (необходимо для доступа к данным по группам). 7) Скачайте репозиторий по аналогии с п. 0 организационного уровня выше. Перейдите в папку "/cloud-level-state" 8) Создайте авторизованный ключ ```Python yc iam key create --service-account-name sa-web-app-tf --output sa-key.json ``` 9) Вернитесь в каталог /cloud-level-state. Заполните файл terraform.tfvars своими значениями 10) Запустите terraform init, terraform plan, terrafrom apply 11) Установите managed gitlab в каталоге network-folder и поместите туда terrafrom config и credentials от sa sa-web-app-tf ================================================ FILE: auth_and_access/org_iac_iam/cloud-level-state/README.md ================================================ ## Requirements | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 0.13 | ## Providers | Name | Version | |------|---------| | [yandex](#provider\_yandex) | 0.81.0 | ## Modules No modules. ## Resources | Name | Type | |------|------| | [yandex_iam_service_account.sa-app-non-prod](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/iam_service_account) | resource | | [yandex_iam_service_account.sa-app-prod](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/iam_service_account) | resource | | [yandex_resourcemanager_cloud_iam_member.compute-admin](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_cloud_iam_member) | resource | | [yandex_resourcemanager_cloud_iam_member.dns-admin](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_cloud_iam_member) | resource | | [yandex_resourcemanager_cloud_iam_member.mdb-admin](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_cloud_iam_member) | resource | | [yandex_resourcemanager_cloud_iam_member.serviceAccounts-admin](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_cloud_iam_member) | resource | | [yandex_resourcemanager_cloud_iam_member.storageadmin](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_cloud_iam_member) | resource | | [yandex_resourcemanager_cloud_iam_member.viewer](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_cloud_iam_member) | resource | | [yandex_resourcemanager_cloud_iam_member.vpc-admin](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_cloud_iam_member) | resource | | [yandex_resourcemanager_folder_iam_member.sa-app-non-prod-bind1](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_folder_iam_member) | resource | | [yandex_resourcemanager_folder_iam_member.sa-app-non-prod-bind2](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_folder_iam_member) | resource | | [yandex_resourcemanager_folder_iam_member.sa-app-prod-bind1](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_folder_iam_member) | resource | | [yandex_resourcemanager_folder_iam_member.sa-app-prod-bind2](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_folder_iam_member) | resource | | [yandex_vpc_network.vpc-web-app](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/vpc_network) | resource | | [yandex_vpc_subnet.non-prod-subnet](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/vpc_subnet) | resource | | [yandex_vpc_subnet.prod-subnet](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/vpc_subnet) | resource | | [yandex_iam_service_account.sa-web-app-tf](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/data-sources/iam_service_account) | data source | | [yandex_resourcemanager_cloud.web-app](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/data-sources/resourcemanager_cloud) | data source | | [yandex_resourcemanager_folder.nonprod-folder](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/data-sources/resourcemanager_folder) | data source | | [yandex_resourcemanager_folder.prod-folder](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/data-sources/resourcemanager_folder) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [CLOUD\_ID](#input\_CLOUD\_ID) | cloud\_id of your cloud | `string` | `""` | no | | [FOLDER\_ID](#input\_FOLDER\_ID) | folder id of first folder | `string` | `""` | no | | [app\_cidrs](#input\_app\_cidrs) | n/a | `list(string)` | 
[
  "192.168.1.0/24",
  "192.168.50.0/24",
  "192.168.70.0/24"
]
| no | | [app\_cidrs2](#input\_app\_cidrs2) | n/a | `list(string)` | 
[
  "172.16.1.0/24",
  "172.16.2.0/24",
  "172.16.3.0/24"
]
| no | | [app\_cidrs3](#input\_app\_cidrs3) | n/a | `list(string)` | 
[
  "10.10.1.0/24",
  "10.10.2.0/24",
  "10.10.3.0/24"
]
| no | | [network\_names](#input\_network\_names) | Yandex Cloud default Zone for provisoned resources | `list(string)` | 
[
  "a",
  "b",
  "c"
]
| no | | [org\_id](#input\_org\_id) | organization\_id | `string` | `""` | no | | [zones](#input\_zones) | Yandex.Cloud default Zone for provisoned resources | `list(string)` | 
[
  "ru-central1-a",
  "ru-central1-b",
  "ru-central1-c"
]
| no | ## Outputs No outputs. ================================================ FILE: auth_and_access/org_iac_iam/cloud-level-state/folders_and_bindings.tf ================================================ #Give sa-web-app-tf permission on cloud data "yandex_resourcemanager_cloud" "web-app" { cloud_id = var.CLOUD_ID } data "yandex_iam_service_account" "sa-web-app-tf" { name = "sa-web-app-tf" folder_id = var.FOLDER_ID } resource "yandex_resourcemanager_cloud_iam_member" "compute-admin" { cloud_id = "${data.yandex_resourcemanager_cloud.web-app.id}" role = "compute.admin" member = "serviceAccount:${data.yandex_iam_service_account.sa-web-app-tf.id}" } resource "yandex_resourcemanager_cloud_iam_member" "vpc-admin" { cloud_id = "${data.yandex_resourcemanager_cloud.web-app.id}" role = "vpc.admin" member = "serviceAccount:${data.yandex_iam_service_account.sa-web-app-tf.id}" } resource "yandex_resourcemanager_cloud_iam_member" "dns-admin" { cloud_id = "${data.yandex_resourcemanager_cloud.web-app.id}" role = "dns.admin" member = "serviceAccount:${data.yandex_iam_service_account.sa-web-app-tf.id}" } resource "yandex_resourcemanager_cloud_iam_member" "mdb-admin" { cloud_id = "${data.yandex_resourcemanager_cloud.web-app.id}" role = "mdb.admin" member = "serviceAccount:${data.yandex_iam_service_account.sa-web-app-tf.id}" } resource "yandex_resourcemanager_cloud_iam_member" "storageadmin" { cloud_id = "${data.yandex_resourcemanager_cloud.web-app.id}" role = "storage.admin" member = "serviceAccount:${data.yandex_iam_service_account.sa-web-app-tf.id}" } resource "yandex_resourcemanager_cloud_iam_member" "viewer" { cloud_id = "${data.yandex_resourcemanager_cloud.web-app.id}" role = "viewer" member = "serviceAccount:${data.yandex_iam_service_account.sa-web-app-tf.id}" } resource "yandex_resourcemanager_cloud_iam_member" "serviceAccounts-admin" { cloud_id = "${data.yandex_resourcemanager_cloud.web-app.id}" role = "editor" # soon will be alter on "iam.editor" member = "serviceAccount:${data.yandex_iam_service_account.sa-web-app-tf.id}" } #create sa-app and it binding (prod and non-prod) #prod data "yandex_resourcemanager_folder" "prod-folder" { name = "prod" } data "yandex_resourcemanager_folder" "nonprod-folder" { name = "nonprod" } resource "yandex_iam_service_account" "sa-app-prod" { name = "sa-app-prod" folder_id = data.yandex_resourcemanager_folder.prod-folder.id } resource "yandex_resourcemanager_folder_iam_member" "sa-app-prod-bind1" { folder_id = data.yandex_resourcemanager_folder.prod-folder.id role = "lockbox.payloadViewer" member = "serviceAccount:${yandex_iam_service_account.sa-app-prod.id}" } resource "yandex_resourcemanager_folder_iam_member" "sa-app-prod-bind2" { folder_id = data.yandex_resourcemanager_folder.prod-folder.id role = "storage.uploader" member = "serviceAccount:${yandex_iam_service_account.sa-app-prod.id}" } #non-prod resource "yandex_iam_service_account" "sa-app-non-prod" { name = "sa-app-non-prod" folder_id = data.yandex_resourcemanager_folder.prod-folder.id } resource "yandex_resourcemanager_folder_iam_member" "sa-app-non-prod-bind1" { folder_id = data.yandex_resourcemanager_folder.nonprod-folder.id role = "lockbox.payloadViewer" member = "serviceAccount:${yandex_iam_service_account.sa-app-non-prod.id}" } resource "yandex_resourcemanager_folder_iam_member" "sa-app-non-prod-bind2" { folder_id = data.yandex_resourcemanager_folder.nonprod-folder.id role = "storage.uploader" member = "serviceAccount:${yandex_iam_service_account.sa-app-non-prod.id}" } ================================================ FILE: auth_and_access/org_iac_iam/cloud-level-state/provider.tf ================================================ # ================================== # Terraform & Provider Configuration # ================================== terraform { required_providers { yandex = { source = "yandex-cloud/yandex" } } required_version = ">= 0.13" } provider "yandex" { service_account_key_file = "./sa-key.json" #token = "" cloud_id = var.CLOUD_ID #folder_id = "" } ================================================ FILE: auth_and_access/org_iac_iam/cloud-level-state/terraform_tfvars ================================================ CLOUD_ID = "b1g960ai8eokqvrtinsc" FOLDER_ID = "b1g1m61ve5t5c7gib04l" ================================================ FILE: auth_and_access/org_iac_iam/cloud-level-state/variables.tf ================================================ variable "CLOUD_ID" { description = "cloud_id of your cloud" type = string default = "" } variable "FOLDER_ID" { description = "folder id of first folder" type = string default = "" } variable "zones" { description = "Yandex.Cloud default Zone for provisoned resources" type = list(string) default = ["ru-central1-a", "ru-central1-b", "ru-central1-c"] } variable "network_names" { description = "Yandex Cloud default Zone for provisoned resources" type = list(string) default = ["a", "b", "c"] } variable "app_cidrs" { type = list(string) default = ["192.168.1.0/24", "192.168.50.0/24", "192.168.70.0/24"] } variable "app_cidrs2" { type = list(string) default = ["172.16.1.0/24", "172.16.2.0/24", "172.16.3.0/24"] } variable "app_cidrs3" { type = list(string) default = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"] } variable "org_id" { description = "organization_id" type = string default = "" } ================================================ FILE: auth_and_access/org_iac_iam/cloud-level-state/vpc.tf ================================================ # Создание VPC сети resource "yandex_vpc_network" "vpc-web-app" { name = "vpc-web-app" folder_id = var.FOLDER_ID } # Создание подсетей в prod folder resource "yandex_vpc_subnet" "prod-subnet" { folder_id = data.yandex_resourcemanager_folder.prod-folder.id count = 3 name = "prod-${element(var.network_names, count.index)}" zone = element(var.zones, count.index) network_id = yandex_vpc_network.vpc-web-app.id v4_cidr_blocks = [element(var.app_cidrs3, count.index)] } # Создание подсетей в non-prod folder resource "yandex_vpc_subnet" "non-prod-subnet" { folder_id = data.yandex_resourcemanager_folder.nonprod-folder.id count = 3 name = "non-prod-${element(var.network_names, count.index)}" zone = element(var.zones, count.index) network_id = yandex_vpc_network.vpc-web-app.id v4_cidr_blocks = [element(var.app_cidrs2, count.index)] } ================================================ FILE: auth_and_access/org_iac_iam/images/iam_iac.drawio ================================================ 7L3XlqNI1jZ8NbXW9x90L6yAw8CDMEKAJHSGF0JCCA9X/0dImWWzZ3pmqnrMq+rOTAjC7tjm2REE+xMpXCelCeuTeUvSyycCS6ZPpPiJIHCSxuEflDK/pXAr7JmSN0XylvYlwS2W9C3xPVtfJGn7Tcbudrt0Rf1tYnyrqjTuvkkLm+Y2fpstu12+bbUO8/SHBDcOLz+m7oukOz1TWRr7kq6mRX56bxnH3p5cw/fMbwntKUxu41dJpPSJFJrbrXteXSchvSDqvdPlWU7+g6efO9akVfdnCri4od/Ujj1kR41iL6bqMvNvzLOWIbz0bwN+62w3v1OgufVVkqJKsE8kP56KLnXrMEZPRzjpMO3UXS/wDoeXWXG5CLfLrYH31a2Cmfi2a25l+p74iSAjlqZoVNdb22nTpdMfDgr/TCrIZOntmnbNDLO8FViRb9R94y8aexvA+GWyCJx+pp2+miiWe+ORN/7IP1f9hYTw4o2KH1O0OPKVbXme18637Ya1Tr9x7j9GUfyfouhPoBvHfUs3nPuAbu/Vfk03giH/dcJ9yIr4fzkrchj9LSvi+F/HiiWu2jQYjLu3U283N73YwfY34q9ixR+I9AEp/5Bu9Lec+Bv5rvq/ohuOv2vRrwmHYyz2i0hHsz+Zdp+1P+K2/BK27dt1W6ZdfHq7yW5V92YD8RW8D5v4/RY9DqP2dum7FHxJ/pOMTkJTTLLwSRK2p899fmZ7t2vEz5nP1Xfz+cF0kuQHs0kyv2oyV/+QanlN5h9PJoV9IJsY99FsEr9qNnHyv0KtrQjuOzmgmN+pD0zCR1YWx77k/fkEXP1XEBAy27cEJLgfmY9iPjCo+K/jPe6/gnTMj6Sjf1TC2EcmFf9lpPsAGEM1ybGfICFYHF3z8uO39PjNP9KFxzXzuCYf1/TjmngvBX/LsNb3xA+Lg7d0lA1eUF9lkN8T5a8qf6Z8XZv4+P1shXm//q4V8av83HuXsPeefy74Y7bv6se/GiD2TeYvY2F/4DrIGd23rBVeiryC1zHkoxTyF4/4p4CeLXh7cC2SBBXnm7QtljB6VIUsU30rqu4x/zT/iRZRXX13a78YqW8t0hvf/hpWJr9D1R9qAXL1ASv/OiXw63XAj7b8BxAgyxz893OIzH5n5Vc/kvizNv6GxNSvovGPNt5u8t/c063+P8P5+PeOEcH8qMSZv5Lx6f8IxueJ1UqWfxJII//jOP9HcCZcbn3yiVhdEJtHDbzK0ZWbxn1TdPP/GYFY0fR3k/WjPHxkCMhfNVV/wVLfn5AHDGPknyUP5A8k/rfLw48LMW/ygP0oEtdbVFzS38K6/q1ubme0H/B/RTjI7z115gNPHf8rpeO9sW/E4zljbR1W30zL6t6jbRA+ftIFwIdNHv0/+gGQCdg+xq0+X+IE+/+hG0Q3DC2y/JaF1+IyP8vBysJr/XhIkhT8O7cw9THt3z/5XOMPT07pZUgRE8CHVQq7/+eLhk0RXv65pv6oTBtW7W9t2hTZt8N+choaNE7W0+dnURiX+UPx/PYtPcP/h2PMFzKSxJdrmvx8jf2OE//flyl5l61bk4cVZP+uuFW/XcMqzNPm968T299vY5U273MMeeY5zc/iP08zQvIkYcpm8UfKcBWzaZT9pAWIHwAY/YE2XH2wAPHrXI+PfI8nvRFHfEL7oO+0+DKBJBmtHkvlX5Kw7EnqL2lfiYnwGM73EoBS35j7uwzf8+j3rPN3xf5Dbv5TDBgm16L6Q5b7nPwkzn8tJ66o1e/fucE4+eFqIs58zvmXMCSJ/0DONMlT9+321nSnW36rwov0JZX/luBf8hg36N49E89p181vy+LIqH47CX9I0vbWN298/QdbYm+YrQubPO3+Vsa3lT40mr85RU16gSw5pN/04yM6vxXdINDw6avdr9W3E8txv3Nf/WOYb2t8jvCtku8m73Ov/gW0Rf475jOdiu6AQBXk3edd8NUTcXrDW4+b+f2mgiN9FiLo9/vg64dfyj3u3gt+vS1Dvt1/s64iyxj2kUSzGPrvQ1D+FzAkRf0ShgRNE85fZXjDtH/Ir6v3Fyzmb+Cj/EfZv3vP4B/Njv/t/Bz9r+V/92++SNGTHn/QO4L6ffXdrg4H4RL5RVzZv1hcqX8KD7xx8o+GGgoI+NtL1vQnAvtqxV56X5//vK7+9YI2+1WRv7vGTn67Sv9MxN+X2T/XDN6u/6RxR+JihFF6+XVO359VKD8qib+pgj94GeXtJbe33nz6+j2yj2DDb1Cfstz325DP23/RbLHfwhH8fX/pvYZblrXpL2F5/J9j+f8JCBxB8FlU+e9hHEOT2/09j+t/Bf7SxJ9wxPC/dg/oo7Xw1+LGL1zc+Luy8Lddwf86pmfo7zc+6R+Xu/GPXqT6dUz/0UtxL6b/dzL9UKTj/9KaG4f9oOr/3Vz/XvF3L678WZxMvkPfz6D3a+jLv0PiP8LM+FeJ/Fe/2a+KkF+1K/ww6f+rOx4s/j2rsB+wykfvJv46VvlgeRa94/SnJvG3r5iDepvLrzN9P6/tKazRZXF9HGH5PIkPb2cDJwUtlMLn0a3rbtcPZrlDqzP8ozho6+fhmceLqe83WTEhZcG/tSAmYRdC7fS8hapmyD8R/HRFaHijWsRx5qloP/XxghWhusVi8TYYZEImM02aMz3E13gwz2A0BW5JrnGhqUl9VLe3jastVqHlobKrj8QJe79PrpdLgulDKmKFKYBRE03i8VPw13A/tRtX7yOCvmhn6qqRp5O9TGNw2N405VhHytjF1a49elhxPBwv0ZUrj4KWB8RUxwI+J/vpAstfkusO1rEtYZ0lvLdML89NyZytmaLNxc9hu7AvgDLOgLCe15MtmejvW54gN89xb3sm/uyfRKG/zpL3phi8pYH3PM9r7yTCet/rfP510fhQWT78Mj7tbHkaZZZHRSug7eX1wqICr2VjRcZC4ZnLOOh4pPicdt0Rxz09HBWn0BSrDQ/gQwocITU9T5qMs4/bXgl75jx65iwoTSNs8S1NlGBPJTiKcrRdOFqBImzPeUvTprc0zBRl0fQAquORZs4oX/7M5wHiLW2ylmd9lufTj7SCokxRh2VNWJ+0PNJcirLEGOZDfXrL58I2Fg2m+ShtfqQJFAlnYbIKarbFnNZEbYTjGdHsoDRr0d7SYL3CW5qI0iTaOOek7T/Lmt57WgBn85FvtJbgLc1EfZ8s1KfP+eBMobIuNcKxoDQ0e7SJ2hU+t0HA+vBHfV/SFuMcL5DGGKQxZp4hjT2tN5e3sYoOhdqCY50hbR9jtZZ8fqQJFG6dE0inoLdE5z1tMj1UNoZ1mCgN9q2kLfgD2yLRNZpb26Xg34BG47Xh/FlnNLYS0rEkHnPvlWg+8G/qPIPePEvEN22f0Vz64zd9hGnW4j/zFdQCx4vmirS84KvxapCnYlgHagv2/+yTz3kpKWtBaUhKyvltrrBnvvIhOZBWaEyz+Z62BNRzDmLqPZ911si3NPw9zRZj+lk2nh9paDye+V52MsVnmgV589kuwN7zWcvpOVbR/Ir3TPhMgzTL8W94FMqI9Z7vnZcfclPOX3ge0clH4yG+kY2HzMXkNzL0SAPkN7KG2ljMd/mjIM990y5MgxroKD76J5rPsi6cs0ef4biX8imnkK/hmB78Aued/pIGa0K8dn5r93M+KJNeMH1T31ey+9buV5pKJ0Plgh1dbdgUwTlVJGbz1PJQa/2FCID8EQEQqw8AwOpXAQDiXwYA8rcv/n5eaRW+Snl/OfgFCV6Q4AUJXpDgBQlekOAFCT7a4P0PgAQfHVd8LZr+t74G2aTPLf0/+Qbaf90C7Or9PZMvx7c/ftGM/StfMyM+2PRFuPrrRdSvV87obxdXIVhevS+oSl/h6x9fdnoh6BeCfiHoF4J+IegXgv6/iaAp9nsE/W7V/20I+sdzdm34263Jf3vDXv+qDb+gB/xnuPhO0yTNwv4B6z428h+b9G+s/h8Y+bqCRl4odry9HbG1kt8A/Ge5/knyc3iFfoAGBBDAvyKWWt4KpfCqJbg7RxNArmXgVBYoEVxGV74s8MKeUO7W4S9uaysjKnDBtrsT5hPcNVGTU3z1AQQOpHG99CEJ1daBvxhXbj7SQ7/hYR8EAFx/y+/UImYSnB54bpdBrC1POIYLUn0EUruGrGdMmjTeteIkEblmG+H6dtpvI69YcNLvT9uujXZh4zQuMYTVXuvz3VaZqJvRWooRyJipIXyjE7kDTrxhoPorudehFNEWtRzhw8hMWKaBF4ezqWKNvWxaJqGjTWSnQJeu7s/42ek6zhdHnU8bQ/V51/ADoR8NBgis0J36oMsjBdj9wNmwHxl/CgA3bkhRmkmAx6I1WoaClZ17XCuRl+VbG8wBzzgVUYQ8Pq5Mm0uucGC3qSy2dSy2/GFUe63D9AwjvSoWDsIh3uvSxXWwQIjGoAfHaEtqUBRkel8eY14eLVEo8AvbujuD3554u2tSh1k5MAchOoatH51KKtxa2qZbr9vAZKHbWKM9NEqZuLruQ0vLm+wJPgjQr54DgyCPqasr1+BcbDoklJPlYayn5p1W3p2TAtLYzSgvXTe1zopUraB01776yy0XMtL1BjwRh1OJ7fSycV1UtajOKqTQ3Fy7FahOctv4F3enqQO/C9zNykss0gOllvG1Vsope4MFaI+loc5rNT5gSzferTRin8C65LgFN1pvN1S5PWiYI1wzhxKXPNrdD2a4jLIvYuMirFV2A1RTr6ZcOAOf0AaHZgVDyEXOy4+xGHJpEG3l0RaFbrrutLJz7vaoL3c7u6cFPSp3lRwNaWfeKP6cw0HwojftfC5ScxtrjrpT3vdJ64gk7BPfUgKZ262Pba5JwJPiPJ6TdHU8GdRGl6p7t2GvcNYxozUWTgjSVYAFeytKigMcj8hNjWaUF9e6sifSvyzaAbjU7shhbGAb6rA1N+s+9O4rbMfmkCHFruCxU725JwNs2T/29oDVK0lyeA/Wtg7oEx9vdb+6X6Ca57d0uaXlhk9H7nI4TtNoIZeBJ0Y2XApa9++YDfTjFpZ0tvS6l+jMGjCwg1lQtp6L+NPix+pRL6+3SWqK7arI1IFoV6nmbXxYDCcPZcwU06SXt+iirO+ZbMBkN7VrSsc3HMesajZxXV04+Dw3ge64OcGO8kV3OA9Mrto3ru6HyJtxXSp11b/iEnwqtau+CmqCOd8tusaE9pHBL4xKIlnhIInUsqYPjL/Hs1yH+cnDVEIpuxOTHrjDqLMb29IxZmBZRBT4f3EIDApA9s04MZOqgRt0jLWy8Np620IwDw6S3/C8muF87XZqqWTlrAzqjoaaTFabYB8qg66V26RHVNU3qXfwGhtVvB3XpNRQXKdgbCuHvAG9stoL7+yYUZZz46hDJEFC8epd5u7cWvZdtzYaTiTlQ4+xTlV35HJowME29nPMznBOyjA5rwq0SIAzS3tkz9EFMvtQVPdam+HU3hVCQxqA5ibp8bSL3eECLfGj7O4MG8ubwiNVC4OOixzBn/gKJWE7yI3ekkczb5LjbQB+U09ZlFo07vCqtwO9eJ+NI1ODsZgdHdxbiyhTonfpe1GFKzMyEg47ua4BhFJptwRi3oGphSoMd8eyZwm3rvkSuOJOMwLQC0mNimnMOglGXSt28JF96aSu6mHBu1MT/XU7q+G0wj1XE0ZQb7bKlgmj67KV7QXbEy5NVP4tPIE9uFh0CPuSekfYl+1Rhbr3aGl+KYxCzTdQxCaDmFb7LbNfG+vyKq5tBWjLrnP3LhP7F6+z7FWZ4gUzTZpyc+Rc91KJVju3yIF1O7Uc4bmyrrVg7YSTvmrd4exH4aAllf1lVJtj2R02rmxDU7mys2QUyunRb68/X6eDkytjSrgMofr3cAs7LeurDg6DWBAlotBmjASqPc81NFDCTuxHaIWRdo3YBs+jlL+Ue6wDa09CFOaUo9SdWkvV89k1B1YJJa1QZW8uBOgqHy5OCJBiPd84hwuvmZ5SiacxW/wEJdVgCwPOv7cB6ama8SveUUJV4O31qGT6ukrjM1iXKTYbUeP0rL7fO5cqj9gjhqr0jhcJWr5V48itNlNrjmLynWptV4wlKGAfp12x3u+wUtjqq1qsJx29ZcffFFh00QWIGthzdiYlsrxudeEanScLPqHqzrIWSlfBECODMK2QRIjnAiq0+zVfAkGddIaDT8IzPccDhxjc5jKgLHGmbPXy3jDRQ/By0OvMch3EHS0oZkByQ5phD+k33KvUQOUg0jdK0M9h2kdnMpfvDcfVMVld7m6tuf3NuuusnUF/4OhNU8tXko2T5ERTK6iC/aY11/dE3PR8tOxTu6PqHbSZPHda3HRfr0vlMpnc0SoMZkQyLezvsJ8ssygl28GhWFxxxMLLBqc3ZzSWNDvnvAqsFZJJ+D8dgHQJ48NxXe4HrMFRHc7MsbpicSPX+UeenoxrxxFxuznq/vVOeud8063jtRJ7w1nUGPcAotBjvB0WCwijyDQiL5/zazQLRo6Al1OzGeic68NaevVKOcuhexm3a6SvHH1dngZsCf1VOK8yqIEzZwG8oFHyOT+0aHKoYLCOfAJteosXOkvTzMxbtw0J9uyFrPvbijUGNBqqC6L4wikd5rAXd9v4cityNYTW/JHLNxugxEKz2oVmBOxY2I72WSDr+0JK7dEsLXccuhGae6MThnF/lcWzWQdgN8oH6cLs+xGncpUXMiLKhxXSYqaCyRHiz9YbTm285XJPI49VDmxNdY4GxEh+Fsj0ZbPBD/uoJmJdJzlok2rc3ABEG2Ss1p5PboCWVntVcfXNfjUEqjofuLmpulVeRdhh5iHZh9ZJcxPaFTnR+ztTq1eBPCqdAc2HTWwFqtyM1YrzPAgjFDhAD9qMxBwbSukvK9EcacM9YLvurIBgLN39HcE1vzos5Mpe7Zm8tLfNFnIAuI9GBW6tPrA6ND3QRQe+UyZCCeFa3lZgnyLt0IfQPp6EwO/MVSm49R6kyFrPD4SnbvNzxEX+VSd4d8GrgYmBE51Y37trrjXzNIDIiViADi2fL9ijS+wozBAgEIkAMUwIDRaSNxkpqbJ+yp+Z1TFdU6LJ3LNMGnJzxDcExwzQJcqlDPhQWgVgAMh3wtXhNUjz3B0h1i7vJVR38K/c5gJksAuQc6il+ANUdLDLEGAA6a8pm0WleLdTC1woZeCXQElynQBBwK9GFdq+4dp5C414c2MDIhY7aLshUBfwUddZLPEaAwA/gChJ3oArtRaQDZ6Jep/ZIIzF4yixEMXKTYwd+QAotxWXa6wYjd5+Pk4yNtgpH1M8hJf9rE+yf8ta5MmO4R5EmL2UdHc4hvwwu6x0svcFOQDlhOu5VgE0o4IMNceh0zYZapXiN3xAF9N97bRATIMbJfeSVvJuRN/EQc/GVOJXIESWtDO0aVxXACEdsUTga78SnXIQ1JXRKhxynXgnAWv8pg3ACFCG2HGdS7JUY9qLOimpvgg9l/2VWigxA0xzFd11Yxk20ChNjZ2jm8HhAqvYxWo6OzZVlAT0UVQgstohdujUZ4B8z1gNmiESNlaLYgt9COMcj8n2AGs+bjs+leRbw028Lu7uwsCLGxD70d7rgdncdVtMet/S5quuBrw6EjDfRcsGoHuNHIvyHmzX+q4VVEmneKyQWwfcsOmU81e1HC7OHiY3h3K5FciyEGOfKMJk9s7cWIoChGCHBFlYctPWZ4xEJi4D/aT3fJvfUxOBZOaOnE3IECorHYq7e/UAQOq9m9R+ICmTQsMC5eUYSbfADpc72KNysaCNfVdRZR6a2tZb1llUHSnBut6w4b6vUEubvTi5U46vQtHF75d1LHQ7qLH5YeC2WCxV1tXJWS+CuUSXJZGbgS+OJxTktON6gu7h/FUHX8AdytlBFraOdIhdhBZgc0WcGWR446PnEo2UxE6m2JSon/1sn2hjBDQWuqvFATdUBtpFSKU6VsSldHeyzW+D7bDA0pumomfduHNSVYjjOZuP/MFvlkGKHgZLzuZJPJQlbt+Qvs9ZqQjs1kzdg0xQjSPsMnNTcf2pmd3wrK2vUhaPqYjRvbV2e96khojuk5PcW87RnhAMRxZIzJ/PwUgNGaN6m/Kyc0V8siAj5m4zuuXhvF/Hop+1T6uJypVWasXzdDNbB7na5w0dOAMQPLwqDoCBSIapx7mwGghbgXnFXOJKl9gpdK/kdjkulcQLV8D7WhSQQ3fVMewE54fcNlGkKb7WHU3Z4StlGx0Z+1quXZ+IFK7subo4qVftUU47tIdnudLQuN5yj7XQeM49oQTBc3U2aKApTLl26MA59E6wi3TCLtpeYoOu57dUZx8vbkiMygEolEMmhMJhV/puN1fohyuNgj20/fk+1fu8ZiuSb3eaxfKW0B4CuYFWOkfoaO/ytsRyYgSTFXKRr+sgV51qowKDkro4T7c1H4VgyOXspjoK6AFdQa0vHklButzbPYGcRN63fedm5EpoQmiysymn5ALxnBtMrPl1DhLBjDJJlrEyLFpyiq4lAjNgHpVITlj3bokBzIP8ebWIhRV4eljw/42kq2uHFZNpk4VBvZrJE3SW9e2mZqqUrWNBHJWNZARqzazLkgLX0SBpwGyTbQCWA+CsVbyBMHgUVABYfo0gZW9cNEiuMmSlLN/EzuZkuhHRiFwO1dM6EPrJso3SnPwN4IIt37oU37SH7uaWqckhPPXQh1zfc6M58lmuxCJaWMuQ7yyOVqzSdzJtTwO8NDLTOkAdwJ0U5PpePG63um2R4O98TMUbaa75sQV2s+WZWYm13Z5j7lSk8MehXvxD25MnrK8zsg/4Zl5dj9yucKDnopeyo95USWEOFoPbzWkKuq65ANPI6r7qKGjshxGtZx3mEQH/RYA6Tj+tV+IOV8hqh8QUmjna228xY0csV/xE+IIieMj/wk/5HvB3vxqV+2Ua+UXYYgrdMLthZKAZ4sfFqNZW2eQ7iI2b3bI6DZoJBXOjmvswPrEY9EnUHAlZqSCNF60Ecjt6UL9QElqYkiGIJSLo3u5tUFFSr663GXRWF0rNdJqIkNeMQBkf89nYsdeESdUrJWc1tLHQDzir+V12B0KKBWxrtgiAkQYdHXLJ1Bq2IwvVrDG7kQ+bNfR7tp0ZEeyGDM1Y3vUj5EfTNQ5cSG90DsoBsC6HDdbWClhYhKhmMr0d8kpLhxspSatI9EaTrM/pku+7McUhfgLE9VZSmaquSFNVguiATCRfqju0ZHPwTISVRYVj0yqJ72wVmSZSTyG+b3Pe2ZOYZws1WYDTwEuMroZr0csPSGeqqSZIMVJLtMacDOcu5/z9hsyqwLBtcrtpG+mwEjG0eiuz0IJqbkOBjZCSggJ1HQR+Cknc+O7grZMCZqgZsIorsZNABwtIjC91FGOtu7iaLWZRcVEcHiRORmXJRcrZgjLm7XHtuci0z/jlLKDYAPwBgklvYVr/NlZNrIwWS1MQtUexsEwWwQdX6cx0pEZiBGsGYxNyIgNubDRf1tC8h7W1ke4M5VfXgFWr9NEixp/ZbTPu2Woj6rgsmVnmAetYChm/UO7doC9pOLjeMC5wkg+Ft9GDpe0I18mWdG+ujVIZTwNLoLrCzQWaoVA15jSsVk4aiCwImUA2BXam2cYjA0dM2GlHyg1gA6cZp+2RPpmrwlKhLStZl0au1rglAUFdGYq/WIR+dM+eRp+J8PlGBY+teRb2uWOjDHq+h6p1PGrdK3fWWYqo8Xu+pM4QVlHXAxjvVy2hDHNH40qxjHKzoxfV70EmHJJiQKyaI9gwNy1VjIaPXb0UkXiFrBh/XW2FFCQ5FwWSXG6vB5GCKnm+n66zCjBuvxihk2jszm3AjoqhVTliSIFup9BhooNozozbBLKlxodRbIFSw0FZjqKuorBAQGMj3UKkpXwitAVu1DK+Gm3Y07MSstCjPvWBuLO7Pcy5U3PNFlxLlVModWAMnEKzgmC8p4V/CfbAhG73WorI3Xkj7Zj9tZauS1En3nSimaZcs0ueTuMtKDoZeaIE0kJqL9uYOWLx7ljzFSS8NMvpdlYJypzbkXeiMgZXfIvYnWDyudwed32s3Kud0i6SrXqjfxptb90ga1YNAnnvht0oxfcOoR7Tl7drYpeDtYH2N6AlITIKZLVzm3lo8Y94csuwuVBlkqDzusuwPDBWoIZZMT9ghWR/2ePZvR0FR6xwabe6F4PUUgmEnBURsrKeneXYzRpr3wQIQyNUp1e5z5aLqPvVDNE4BNXwyYHahPlZGMHFsiBPdEfbsShNUfa36IaQj0SXBEsAec5M7LxnpENTFKQU3lK7qltMGU7DMblYeU1tj7WiTEDmESjB9sRqzrAOklE2urnHSK87Fv1KP3gZNxpoTVUUdXMXh31hYWpt3lqgb71ITIdhTHpveymvCoQ1+ay1u2yt8cSyJVwmHAtk+tPdLCygaa/kurmtLkEkAV9aMVsjZDTlurb1ROmqboudvESqWmYAZDSy7BkJHxFbmo+JUMrn4kokzGKUq1AzF2Imd0fdJz3jUqvdFTp8iYQXm4UwkTLD3eMWlaiIJwaDvxlULsa6sp9rTq22CQMRRjfvLCnNIO+H9fZ0908tBufnahXERB44zY/To9RdWhIign7vpjOJbKpb386Lq6DVMhy8zagsmuw6QOtDPKmvTAg28JPR9sWEbW7l7bCElRTV9oSQKO9foW2Nb7dkX+0gKttOUxlCFtjo9zte4Bg2QA/8oO7ooLgG/E1frtsmhL7hVq4stBazqjn7etejIM8O12OObY9LgIxKFau1a/EBPxcNYQ3XwZVVuUBLQBlUvahlQt0vWQJHFYV6tEl8SG/XlCFHr7NjmeKER9+KpW0LgiMis/TUSaE2UXqyIsR3WjKkV1GQrNOIet9wlcARYK34wS0jotisQgLbEcxwzv2LN4kl23Z44u4sbSQAHAUauspd+g0hLhdJUcLDJr+ZBdRVgggHTfK0TTo0aRURK0oG2hneHYFQVCHEx2dHTMvF0MwNtjPF9Rxtu1Wz75v145mXXjz4TCWQRUezTzcldtzyN1sYxUsibKbDuI6BNm2uUEjwHG0tK92FEHuJDLldr28YGUM7dk5EdlREeBESWmDnsCUkHQWlGFrX2UCiTVTDJudaxaoI88of28JLWmoez1fdBAPVH47OCbljxlRR21QQJv0q+aGct4DeBkxxasBEobmS0X7V2bFFUU4aeKnLe0c894zTtRssHY08a3lmhZa8hvZOGPjuCkIxXnL1uo2CRDhOujmzUpSrbLk5VcPB5mNuI6/COZMyLggFXCiTg89BIMHGGaIL0luiaQDbJyoS5OfIx6lddN9eq6KxtJISl+I0I8LEynpGGBLgKUXfE+xGgAMtDqHZ112eZuWWXajElaBnHN5s754EFdoQYUANzXqYrtkRMICOBV8YrADqfs47jkUlzXgy769gwxqR3paLM3TbzSm8xQ2BPSBYWYS2bLKCo2AjWnc4yRM0ge5QtKx9vscZc1tiHh9td43W08qaPZLxxc73490+rYvAG4qa2iOzQ6HNVocYW0TliWoWe5vCabnFbkTmjmTsNhz0Uu7GpZr2iKt1p8KWw/Gc8UoiLfYljI27GsrdeRhXULLkBwyycnIjm+sVWmCUkJXjD9PBi0VGkinotRXztA7VeChWZhHvtozR7E8Q+RkRZnRnmiyhM4NNCJKe7FtVJl5zXvXjiVpjZmRUQRyD5TSp7DlW3MLYcAjZKVhY1dCgYy3W4LG4m5AUdz2XhxtM9oRtK06x193is3T1aTF8Kjh8u56iZWskWW6yYuMOps+BoYCYsqypYDuLGdBuvp3WMVBGNZTQ7pB7KCtEhhTk1DqTWDRCnTyZ8Xid98EOCe3pLrbuXvICiI4VphDjcHcSVta2QkZclEep15Avj08mYIWMtqjqomHCKODzboPcq9lkkXDhho2s6HbUKdHH7T1I2RKRxFJPqcKfZ5uNke2Zo353c1qVxG7ectBRkbGJOtbg7uKW5e8KjtY2DmOXULk0lCfWoJIVmR/AhbRV1xaakxpvayscgQyiyj8N1bI8ukHBcrCMbQfVKF1WQ5+fqQi6j1gLLZm1VVwKkOCcleLJOCmtvqxWezonPU3qeWvceLHjGvFWzT1yYZDv4t32QLk3aeAcuiuzVvdOcDyJqW2kavfYQuQTGuzNlAvy46iIDLmDthWsz2jFOwex0xT3qOnqUejBBBE+dAFUIR2ojrmKoinh41oFN3jtaja00GK0OJJdd9h5lREaqxPUjmygfN7HBklfbLMnBDA1d1xiRq8kKzScFvqUeiUciTkDenAVK6OAMqvOPGY1Th7TobuBUwC9ypzZNUMxnqOVqEjR7ni3HmVrRPkCTD6lNiYR8z1oAmRJiw30WNYc2gcDw22LoFC1ZqqG73YnMnCvdxNaoNXikGCmlE1pJ/RzIQS2Rqncao0dsKa5c5TjIToOWswOnJmK4kkhZjHY15YCjaNdy+544RiF26yEFVFs007N0d6qm+Zo90V07+IubTo94MnZYCOPlqHzhkU31u0aLMmR910c6cdeHcQBq+thyQUW7Cd7RUaE3wnZtQ4cO7Ro2zYurIiWH6eQsegTz5BdYaIFssrkQ7TubkLtHhFiqxPceGjXXcV5ogou4GAAz1b0nNBhF7LpNAJDlE07wzUVEnzrUux4QW5uf+uWUc1UOic0csRj+wwsa4G+syocqfggMc2cuafEE8pBGHl88W0pCPYHcSZYaS+jZaQQ03YE2UjlkdtjdyqtO6NXdizBitAztehdiExrnpiqfgNWHpcixoaS5KqqFKzkeLwMDMtCyY1NJAMTWkS0by1qi9zb0pq86eOtF9A2Q2VFtz2EU6OKdlrApQToLQsNtMA9ausjkHJ3t+YNAErXvTsQkpWus5+fK/RoMVsr5fixmP0LyzbO3UJ7L8xRTfLDVQeMa8assBsh7nKYwnJ20KN1lTwG5Min13OnTThmVEBkjSp27klyBIYX6bZ44zeb47qVWMs4nfOURQvSaHXpJhzAMRamcZPN9HyZmaBYIrnybzrtimTnrJF94lexz1NCb498sN0gQ73bV552Ra6Plk2cW8WIoBm3NxObT8LRHI4A7VrvMmAPaFveCoQlvyRjUV9wON6NTEwEcontFLMY/cacLLdBSyrpZriKhUjMEw5WF38P5DUrHky1RA7B0Y2kFqy3VExqqoT2HS8wL77Oe3AsFkP1BfyqU0y+GaNE99QFHAMgeuKa3fXX/BKXSyeNIaUce9++7W4spBYQ3BFc0ZsKqtdL60YWYrEgBWnd6cXIdD4XUzITU/Etd3bAnAJ+w2KJ0+wDcRgh5WVrX04BjUM9etfDSiOZcqmve1ZPcmvkIoBXbZGB27FdHyS0HjHg1aFetQre7JW6S6C/NBqRTBpXKKKxMAO6Q76HLOxP/YnwLKq+x2A/Qt8fqv0BMwJl2m8tfIKACcTaajhfFrnbVVoqBSlygXtN1pP6tFYsE09Ch7uw+QrgVreiHQaI9hTcSTUF+3Mqx0KKdG4AvfcpahiIMFYtP+nKrbkk+HLvlFNub+PHiyVCBWW8W1qNgXOhBz0LKt0/N3pzgUx42fPGcTl3kn9Fe5pkkJzPU3XXoBY6HvIrxMQrhInDrlmVKXnVfeK0azSwljbt0kw0ekfheooYBnnxcS1Uvnt6lCzaDuufJe+Gxg2yet74zjyCueLVo9GK5T108DWCegF6U0rrmrQSBa2uOAJtBi40eR4nWt8dSL83EIbhsJmWD+IA3ffTGdpwfGBUF1ocBar7eRMZjtF7/EXyL6uDBMEWyzvjprRSN5MIoFMlAsnIHjSbKzW3EgPsPaUbRsKfz+292zabcsdSB7pGe/7suQcP1uaXUWKsE3f0b55+AtB3GBLyaR/cg30PNr02UDmr4bZ2P+Hq8ZzbvUYiyDfoEAfo6sHcTKjVwM7RbtapzRTs0uFOGjvRjnvskio+1t0niG8a9B6UgMREDKbWbooSuv56piX3Z8+DItChGMDcXudD3MDkB4UXMFa6NIkuUXrik6vn2jAqUOVl3eDBFdS4w+65kVetekqwvOfk+mRxGU4LqXpx/DJJpmYnTmcDeRE2AHRvGdNh0GyexXoS9ZqT20y60hHIWa+BsGZhn5iXcc5qbpq6u+9NDU0ajoysQp0YyBBrkXHX9DpLaa+x7Zqjh9gJfHc6eX6PZv2+MoMt2rZRfXvJMJvatPhyYbujIzvd2daZmYt9ZLUZKRP3pKD4p3EHiDiAsFpjaIcq7geFBGorshCP+FuaWF3WRBoLTY6sYykW69oPIGCgKNTKSj9CD6mn9L3kZywcNMtS8gEw0VVcCyxU1aoJZFpVRNr3q5hzvDN9oFmm2BiL6ghdyGdCx+4iOqeKdXRVBbQcKCuw9J0nWLACu8VZXwFyjaAW27p+Z2pIEUw028WZHRbGbgiwIJqBiRYz+VRPNGjlDegQCRANmstxko10wx/CYZFK7XBDwHaj+p7bWhjIgECZ0Bp0R3sDDGeFT5seVKOTivwilxfoaKHluk2rdRn2xNaPdS5x6wcUTz7WdMD5ZpdWc0MAlW9OUrIqFmgkAJRIWTHvN2c4WeM6OrZUcUmnE8VPQsfRh2O8KtSryd/WNfQ3KZkrFFNnKK9Vmf1W1siNT1Azei/Uig2Ez08b8XI+eTIoeVwR2fHsWMqRXbljs98yu9Xekva0e0FIqhhzNC9NFexXsYsWJfD7iFYWa5LZTfc+W5VKlvv/ARb8vawfXrwelJebSoAqkI65FgGhFajFUsI6P7BUclMFxLEExNobm+9j4I06WhPmF9s36ypiYrDz9GPLn5DudmIerfaI6W6no/VOSqFzpQJ6zKujax2loo/025C2AjPqNg9nEimBswsrUg5gioXjKPaKnR/uEu+Lw57nKKRIoUXqcc7d3z0bQgrYLTglujNDm91Z3I1C3hrUauLZvKbbWtzRypAXMbiPtmrumyCQHaNNxM2oturmquoadjBMLZmJinZWxW7bH22K34fudpQGIRul8NhCE3DWCEBRAp77rW5Mwn0bjSImUhHYxx7Z3w+1sKJksQhZfQX2rSbcZIIAMaXqfWxr5VUnnVsMkvlgU7kgUCJB6NXopdi+D9B7Z1iqbbZJfBl6zdBAqLVdbrFbJuc1v445YM+bZFzP7WQjf0wIAOJ/UT/g2rHL0fIXHyybQIgIEwAgLJy+lWRfDbcYxF0056gZf4h01XehIXGiGETpKWbWkEJoL+h8HrFkPOnCVZwDdwB3xoYl/d3jpWBo1GPHPtfGan8ZwSIoTLyRNs31UMOpPK5X0TydGF3pBCFrSB8VwaLcIYCVCZctUgI30RB4/FzrxR7CPfVcrE3F5fX7HkfWR0fvEh5MbdK5w7RaadeMcn2C63QEsc1WWyaVYFS0jKxr627ajIDVprW5nxiBtKY6mxUAVUbmJ0foDshFXjeYjepdIUywMdodiV08kNBr7khepNPo7mWN8cBj6RT+NGrnxaQKRZEYdj6BXR42L6e3tBFChDmGq1tCrOhuYxz8m0jU3W3Dns/CfClcfPEacNk5zFTiNXpe6rZOLuoVyC2p4lf3dJ0MSlSLM2llobeacW28G2zPWj6019t7nzxsZmX0yNZGJ6QL3cAb8A1rIYseNFvovvMPDWkv9C0yi5rMNS3272on0zbqqrxppKG5VPnUulVhW8i3GmdbmiixyW/b+8GAeGY/6StVxaaFYalBP43Ihukpevv7AEiDcdDGjMOfR50N4UOypsozXflybB3GwyrqWjJ3qPzAV0EiOWY3ihX0hMaL5doUBsQc4XPXPYc4s80248CeziCdA0/aZzdtoogg4Ji6iCyN2OEWaa4ctn9YYHatZwrU6hWTy63BCBp11qKDKJgayYmQjsifzLStY+/ng8mlB82Q4+siCPh4WYrkFtzP42qvjDv2fBGnaaLyXb3qAXQdSgl3B+HiM3hXTvsyZUXV5cya3Cuuok9muyfQbnMVSUfoEOO7mKsjQB9V48DZcDgFQmpnWo89CBy0YzYxDGcT4rkYqn3DiCy73R+M6KAkrdfxgNtDYe5r+1qlGOmhLTXpDMKyzmKIRwwuIzGcyiNhfYtmo13X9ZVqjMuuPqPdQp3IT21jqGZFWapGx0ezxiNtfb2g9yLy88B6Ln5Y2DUjgxNDLRqd3M43sT6vK4kZM0+jfQy9nJKT8bqzKuRkWGulrjfINKIFoszNTldeP6e9M9dY0HvEHb29B0cuuKvNXg4yKhuiOn8sLgXb4QwBe324QfN7VuN+iQbqbKobNKbyyMYWHBrURWumJsF9Mbt08sbM1yunNlzFwdkrOScdg+1tsfHai+8JFN8rTsaiVd3AJEYzm/WJX9X3TRk9ELhs6psgvWvQMvf9joM6lnYmIfUpBiIL416oKiiiiwj0dsuchWe+qymxazXWnKMJulVqU54vxbEz3C9DDjXDYElINxYKQ0EKrrjxtKt4H/ba3TIjk1BgN4BTBqfZ3EIUce4SPxLZ7KEtqEsGnQz3jtZ/KT1opiJYCHMXY+WFmMSgg1k0Fqq1HtHZi+1tSZV9ovLUNPFrpXKkiwhrrXIrkY27nbFWlevFYDUUN8oZZ54y5HZkJ8hYGVHj0/oJYFlMJptine4pu5K509Cax8bMNkAeYA/FBGIrh0HLeeb82DpHqmA1YshPzUR6smxNxLYszXTsiShvRoAWm7jLaUOuKvnAdlSsodXau9oz2+bozXgOEtPeP16ehbKrOn18yo3HTr16rgZirUt+w8tHo19yvzuwHHsAaNV8U22S1bSJzTsfTsAuFOGodkwRs/alQBiUusYZPqQH/bjCg3DLBOG84IxecQytrJpgLJ0OvVEiRjJad6FYm01YThURLOpcI3KdukBSV5wYa+BGwd6yFMcZ63zfOuLt1Fy3TBQcqYZDfOPseDfGA8m69OtNR6gMP9Gb6cBxJ2cTQ4vLt+mZGMkiVLhoO0SIYrlYpljJ+5zSVYMobRg0/puHVsj2hnSo3NvWRTwo6xQUo+7CVVywQasx4DD27Ykmp+HoXfTHe9j4hNbgOfSWowlZPdMeiwm6LRtg8CnE83tQx2pyIVS0dSEDsW+phk286ZwYXGQKV+wy+sSWgbrxMK7ZYmG55coaB3Tm8riQC6QsLhoQZ+YJNlYJiGPqavDPdTAqz8Qr66ogOR1mQ4nwapb1fYPQkB5NIz5l2+RE5j0LnSK/B/SYc2BLr7ttgtX47rae9lVxpADSBbcVU7dXqH0Xl1qlXlbhaXw4r01mE0iEgkYF+sJeUzxagmgpo6cBliexH/VA6CmBQQfFk7G4BI7qGEir2OpeBBorbGIqdexeN4mzfcO7ZOZxsIJTkLAFGbJpxEF80W+L3c6aWEo/xNrYqLJNtgniEMPpgUdktslvqG0fmH6XxqI1b+0YipO0P5pzfoK4qUdrqxW4mKZLQU/epQufKI2cDLacocUZpdjc0khgpaMlzvEmFdPY8+pss2chr4e456XFbDkyyvPpul+TO0GiWb7pJ3lUie1MEUdiEEy/aPiBE+OswoZW3cuNSil327isAchFcJofG47zabGTokq9eh1hUsIoDYmA8XDrdtwEVioE1OsLtEo5n6PNcECW8dN1cdpYnoWzvlYY8ixsLmd1GLAmkNbC+VGGsWErArTAan64bu1dgB8cr70KRVaLBSNFzeg1u2yZpXiNGwkWmcDfyLM8iobnIOgLzqN3DdMME8jajz3cc6l68BihtDBSarhsgx0oXOUL6jrugVCn+/EO6DgQp9GozGYbFaKpj2M0+LiZuvuLyUe0nqpIcLxswCVq+zgAkqKdqULl7wwAoSirYF48n0IvxEwxC7a5EUlUAJWja4IkUNQcck9KlYmNNfeM6KnNZRN7sXgox+CxTcqityr5zFzEBJouv0eOJV0oN0MYQacfxro0+oPpX+qNN45uOJQ13v9b3gj+U2V9aLwKYK2AafM7Ch3vaysvtS/WdkHekkHJBvJNAPTFutg2ctEGGVo/3DeEmYI1JZ8Ex+Uv1GwCOgqiWNgjjSXv7XvM70ZhReerUwslax06y2iivb6Cd8c5EOhReLwl27uPdxGg+cOXEw3mqzOzazLWLnGL9tI5+xCDtYdewd9BzCLEde/YmnK4bu58awDBdyd23FSxto5MC9bnPOqTrQzZ02NPiXMb/CmvMh+VGq2YOGLDwmouta6SPM+cRDeWc3Dnk+Qi9qDjH+eP8M2G3Sr/Ee99v8r+cVlsfYYu5BZB/3HDQRuBeQhG9BK5h96aPbPO6h+qG9MmunegF4wMy/G6vK13n6Vor2vMSfDwXNhLwep4P0I7cTYq6OVDf3VdqgftSHrb7gQSITYeOwWaVHKUBi0WvS2gGw/4qFT3qHfB9dxrOvTTdpTqxbf4dnJ2oJ2pktvgHLBorgy9yyXnMyCuDjZ20qEUhMl0Ga27BP1ZPpDH5FJe3PTx3hwyknwy2XZBayXk+5/zE1acOrvpKQwlFT9Tj2PW0kX2Srd3roLwk4JasPh3H9ohfvzKDkX8eM7+Pe3nn7P/8fP+LjCNx2cpwdff1aG++q7O50+aP76x8/ZNS3gtf/6OUxW19dtnnN5C138dDUh6/1IPLCN8FUxI+uoj6dj7Ry+/+7IP+1O/r5TR6L9PP8Tvef778LtLj38/iR3eI4q8scMHsY3xjwLv4tiv+ubSezyVf1coOOKfigX3D4WC+zaQ278YWfAtztLfDeRGv7Htzwvk9q9N839jxD+a+Hqaf8N+x3DiH57rx/NN2hSQkCgMgvhxkK6fzgAr/GczwD8VyY9YMd8aoL8Tm4/6PgrTP5gff9Nwf5yf+pfyE38n9t+KYP5W/k/fxP779JOila2of690Mf+MeH2jQr+KrvmfpEWJn65F/ykhor7/3ihN/m2m/S4/9xfw4DtNv/kC6X/+N5NOXVe3j492olXalvwtrH+D/NOd0rDtfiN+D6/hAqVibH+Pb+hjOzGEbZDffqubW/IbTXA0tSJYmuUotEuKIWUkPw6Jdtnv6PtLPydE+Pc6Eac+/Fom98HHMjnqd/ZXQfn3j97+rSn/p7Hyz/vWGEF+6wN9EMDnPXzl15SjfxXkJVcfkO31rd7/1m/1/o99mpeg2O+iwHM/yssK/0vjv7/run8TvvkK3HzxJD6GN997+2ycxh9OWcTSyEr/3DDfJPNL4MoP+AL/gwDXn6t4AqsfAlL/o7jnu8Ur/O9g7++yU9Tfzv7DKKi/ACaRP35mMr7c+uS3MY0g9qifX5tsf0N6qv656oNO2YT6iBdZIiJ/1goTjn07Ce+R8f5eYEXql+mOjwMrcn8jBN6fDA3+r4Lb10e9Xx/1fn3U+/VR79dHvV8f9f6f+Kg3x36Lp/7NX/R+jzHyH7488X0w6s9g+mu6fbQp9wsx048LOwICqe9ebtR8cXCfKUkxfLhu8Ycu9/97hNx+86y/u/5HFjGuaYXeov3TqwpX6ALG/0iBGDpdBQp+jlXp+MflYL239sE5732/FFX62/t8PdYi2I+CrT/R/1ffmf+8kPCg6R+sI/zPhttmvxeGD3aoib/Uf/hxte4VF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+AVF+DfbsFfcQFecQFecQFecQFecQFecQFecQFecQFecQFecQFecQFecQFecQFecQFecQFeZV9xAf5X4gJw333WmH4/U//vCgtA/fhdtDZ8fBSty15n7F9n7F9n7F9n7F9n7D+9zti/zti/zti/zti/zti/zti/zti/zti/zti/zti/zti/zti/zti/zti/zti/zti/zti/zth/ep2x//Q6Y/86Y/86Y/86Y/86Y/86Y//pdcb+dcb+dcb+dcb+dcb+dcb+dcb+dcb+dcb+dcb+dcb+dcb+dcb+dcb+dcb+dcb+dcb+dcb+dcb+dcb+dcb+dcb+0+uM/afXGfvXGfvXGfvXGfvXGfvXGfv/jFn+P1r2dcb+v/mMPc7gv9PfnLJfYdS/+ZQ9+8MpexdiMGgroR9I4uhA+ycR+8RTj9/wGv/EQgSNbdPrrUsfh/DDx19P/tcP5X985v7HI/Yfn8L/8cx9OyC2ntApWWGjWsRx5qloP/XxghWhusVi8TYYZEImM02aMz3E13gwz2A0BW5JrnGhqUl9VLe3jastVqHlobKrj8QJe79PrpdLgulDKmKFKYBRE03i8VPw13A/oZd2+oigL9qZumrk6WQv0xgctjdNOdaRMnZxtWuPHlYcD8dLdOXKo6DlATHVsYDPyX66wPKX5LqDdWxLWGcJ7y3Ty3NTMmdrpmhz8XPYLuwLoIwzIKzn9WRLJvr7lifIzXPc256JP/snUeivs+S9KQZvaeA9z/PaO4mw3vc6n39dND5Ulg+/jE87W55GmeVR0QoW+daFRQVey8aKjIXCM5dx0PFI8TntuiOOe3o4Kk6hKVYbHsCHFDhCanqeNhrnkrZdOAqXwm1xtzfPWm+JEu4sX56ZBTXZYgx7L/WQMrD32mygGUTPXAozPSdH5UwRTK6oTY9yu2A2BYqwzhasE/TW2SG993KQaugZbGP63IZA4db52YbtlTRsA7bvL5AyqA0apuWPenzzm3vTQ/179tHyYHmv7C3Yd2t+pGHmki+QorRxdhbb24qP8S0S/ZhBF5WBM302UT3QSUFpsNxMYY/6vYuGnj3anCnK9mIK1QX7hhlnjbTRuGF7JsSFzzSfMMW3PogmbSEOEijKErVv+mU9xzuZkB6wHP4c6w72zX+O0TOxL+k+8SgjoDEHz+el+Xb/RpMzrP+97Nn5qs6AMPEA0WE0RRmOxYd154juuHHOpwdtH88kWDZ4zN9zbiXq0ebnZ0+e2J1ROZ9C9Hg+AyRqC7ZDW08eoi0voJ9pOXyO+MLvIe/QaI7gc8pa8vmt/fHJN/C55+NvPEg8x+g/eOBJK8SXKO2oId6A/cCefGOOqP/WkxdQP2CaRD/zfqkT8soE6UK99Ym0RV188LHoLOazTQqOA3vSC/KiZz7KW+cS/5z2RT5Cz5MWSIMJST7kCcg/kEc8yCOeRHkiegaot/mdzTNsCz0752/1xw/NAecOM8/PuYM8BduRYN8A9laOthbIC17cm0tJvPWBhM8Qv84WmmfEc88xwWfObAuwzgKVS8Qn/8RwHiUC9R3y75MvFgl/tP3IFy/Psjn+4BsvQFppMRGfI74SS+xZPqfg9Zvcw/LPdiiYH3vSW4NjdB7lEW+b2EM2F/NBO1Q+mB+8/5w3HNIblcehRnybL4eE8vkoby4x/lYeNxftrX0Ne5N/qBs06pkmjQ/tjOr0guVJuxKH2vgtHxyv5yPavfUR5p8fNIda2nmXL8ijEpTXckEyaqLtn/NjHp5pYvCmW0rqQdvHnOTTk2YAs0X/2YYYjBZmonmBuiGfn32RoM4x3+Q9Hm005se8IVlHeiiAPOg8ylsi1PjlozzkLZ9+lodeqSc9y3vmZD7Lk0+ao/L+9JgTD8lVTkJZfJSHfXmjD3jKy7M8+cYbM6IBzAf1U/lGb6QHJOrRHtJ7kCef5RAvSNOzrSffwfZHS3zyHeJXWA7putl+8iSkDXpmwv4A4m2MaCxQFkwK8YyNyp+thyyYoo/mDLYbTFC+oc5FOgHRI0e2BT2D+ieeHv2e0bh3pulpDz3/rNMfbThmpLesBx2R7i6nZzkwPvW2BvsS0Ih2aGwwL26Jxz1Kt8QSjRvVhXhjeptfAtIytx+6JEZ2DaWj8cOxgelN36C6Pqchff9ex1M/P9qBdiN5tuM55O6M+uRjDx6bUd3SW9/Kh82BOmp6junNXj1sTJ4/9Qmgob1Ez55oQ4D61ts97ReSu/mZBmk+v9lj/EmPHMnSu20moNwRT3rnsy2enroPypL9nBeYFhNPOYF2WXzyLaTF/NSdT7sM9T56Ttj+iO4pC8n8UyfMT5wQjPZTTqE+eNelJhyL/yb74EGjh05cEJ+j+oLFRHoOyRls72HDkX2AfPUmZ7A/2hNXQD5Gac9xOpMFsQWcM2h/kX6FunB56MD5/2fvy7pURbKFf02vde/DqcUo8MikgAIioOLLtxARAUdAGX79FzvAHE5mVU+n+vbt66nKTA1i3LHnHezoadxsB/yizV4uglzrcRXqINwBOYP5TtbjLeL1g/xWGaiH9gHRYDDoBQhv8F+fXeVE+y4zx71e42H8eK4Z4ZE57C3ibcOaLSxDgT4GfQbJfkuJoB3a34js4SRi2jB7uYLmp3+Ag4/bI9xlBxkBspfs25tIx0qG9mJt9foLgvNTfonAT4e1OKSV/jw+eg56E7RHsO1h/KaTIb4INPmpjOzXbpiY9w96H8AGwYW2lCQZ6IxG/QMtE4BrGBd7eFCYJrH+AroS1Ac5CPWB/5nAx7DcxfwBrQVpv6gOwiPQD4HeMY4AbTks8N/3OugZWlPPR3E/He6n3/ump8Ee57DOBDzLw3B6n2cL8svsdZ7OYd7GIS/pYFEI+nl3CdeL42dtfEYj26djwCqjpX16PD7TnZ0v5/gXmbYE8XP+OPqLZQuxxZ8t22fZr7dshS+WrXjfpRXYqkWYHst/nb36LzBPzZ/MU/N787TFP3/VPHUEPSfA3EMCSUwsUCYzExQeGjEixAAcojcTg94URYwXmZm96YgI+kN9YBoNUiQw83ivBwwtQQQc4Pq4n85QfmpXf6oHwvD4AdFTEymISbvIg3TW/Trz2sKEmNeD4UaAYfapDJgFYmo2GJCgWPZl2BjplR3xQ9lYAQaC1si8CTIXM5zBeAHGgZWj5s1oHcYEpjIYPcBIW9xOBgYADNUZnoEi9RRGfRmY9YgZtR/LdCXCRktfhhnRT2WYKRKIUTa9ARu9lSHG1wwM723tmIlmoMh/WNPTMM3UYR6giIGb4h0+5lPo9msemJsDxmgzCAe0PqjnwBzpfv9/7v+5TmB+SJC6GK+G/rGBTn+C2U/rgTVaX9dIfl1j8GWN1tc1Ml/XmH9cI/txjfanNSZf1mh9XSP1dY3+lzX+vJ5B4LW2Nxg4nQgGIDsY7KCcIUVxoQyKONkrJTlh9Yo4iYU6mp/tgRGNHRTMoKgx/Zod6s1x8DRiQNApzrtigIUYnis26Ib9YnplCZT1pMc9bEzCOB/LQPiBEQBleYOVFFC0u36OWFAjmPbCOKF6Zwes0wfDmwWBiYwCoh8TGSLYPRY0CEZtb0g52FDDdK1EvZGKYWgOZT4Lxg/6jJR2cKBEeD4YntgYiGBPUJ86i3B1MEiQwo6UXBsrocj46g3W2vLAUAani1MPSgaD5k71c9cpbJABPnU6a/XKCIKjyfSKPeJ9GB46KMaE2TuOoE9iMGJarNRgx1TyNCaRAe8M7RHP8vp9QEoIMSjCiG+KbG+Q+UxvsIqgWMM6aNhrrzfsmQEnSSuvAW9p7EDCyhjQDOBfwmLjC5QW1H6gYeCVzJtTYXBiAa8Zxu/54ucyZIQGA6979glGtI4dKe9j97jcj+1jeOO1K3ln9/VQP06nPx19vULMDopUXwYGD1IGTaxAfapH9EYihjvbK+EA97zty5DBPL5a/VphT7ECx4DDywQD1QOZiA1E9glTRK/YmdcbO9HgkIuwswPjAeINAw/pQAZig9WLiIGewLHZ9riDYJupH+gJyiJkxGwU4JVWl4NTDNOpiR10MLeA7GkhJxHMyH5uSW0/lVoFu4kxf0SGDdnLoIDAshZoSclrqzdQkTGDDTVwijyNEEQjG6Wvl/S8SwZHgdm39XonAKzV7nkwmhc2SknAiV4ugnJuYnoGJwDay8HANimrd8bQ4EQYYMr0PADxCnBi+L1ijdoPOBt0PQ8wAT9a7ExqsTNpoHedNJ+GfCbSsG6si2B+hflZ188dO2ewM8kGp2/vrCJ7Z1XPEy3Pp2F8cBbZPR5gR4XVDfNDdGj37Z8OXhqvGXScD+Oj52jNGCY0dmZ0PW8BZ47d0x3VO4qAt+hP+dACv0E4A46MtqdhhAcDbiFe1fOAN3gCDarI2Ix6HtCZ9eBI67Bh975Hg/HkDM4nxBd6XkVgp+fAj1dIp9ycjuUW6ZM76nDdTfwPulf9iOjNeZ5gK+PPMzRG7OcIGkuyX+2MbyJo9J8VQWOJL3bGF8sC55iGSJVCIijUh7SK3WsYwdO6CMFoOFTIDOgf/zlwo1juE9xIXvgCN0H4Crfn8n493Mhv4DbCubfLa3j+BMDR7X6BB1EPFhE9LJLtf7ECjlSi8Qlh9PaRpPj/hi8ANmJ/OVc/9uEpPbZ9O9RZeLrihzSNTGKpRYYggYBYfXny1uOXJ4f4+IjB9EMPzzGa/t/eNCzS8PiPDfV7bcrwXP4o4yLdf152mXZxv2iSvjZvz7ZvWc9/fIZn+F8kwb2DESjm+Zml3z4Tv5HUf79vCfqUwN9wd0rPzw3E71nAHvbPfh09oLXvwpjfR4AlVXHJ4w9PRhEfb/e/iFw45qdQPSl8JZjRWzz/I8lQfxrJsF8gGe+S2B2+XorqcEku5/CovpdKn2H9Xmd2AW8FLsziqmpdjC1KeK8un+EfN2m1HjwZ8DmAz2jd/Tel+fBIaYcvf/+e9U9WA2ypP9rF8nIvoviP4DRwYADOH252ER/DKn3En7r/btuGpvNLeq7ekYShPqMIM/pp56uwSOJqaPW++WJRhO2HaleoUP7+OJgsP4xDkczH7v5qfYYm/rD+l3X8vfVHn+rD+Vu8wndMf4P5P4H81Bd5ER0v992P02WbHuMf4fUKIAU2VP4A/nb9tWyHjfkd8x0K89SWHo1+kRuV+klKC1/PB5HD7nw+IPSn8Rz6q5hGJC4QH44Fyfg3j38rICjgg4p/k89zQ+h3Xy4On1+nhV6nhX7ZaSEwTn3y6TyDmfWOS53qI5qobHAQmsiwtXuH2pvjCBnizVBGPJ22qI+nw47qjWaIKorUUNb0Bh8Yu/7zJBIyKI0hkqx2wwkPpjf8YU5DPTiV1D2dY347GF+9UYoNt+R5wqgeTkW0yDgcytTuGTW3FCgDQzCh7d4gRcbhsyxoB8O6trpgKDOpIeLPWG/10E71UccarYXtjVmRNfuTIM8xKOxMaD+VQXSw6528en9iBDvohrUqg6MAoq7K4IDqcOS26U9T7RTsYEUG+FDW4EgfdgaaUNZHszM4bYUNZHyiqI+CByysFzvgcTQfOwmpProODk2f/NQndlip1KexcYTYrz/NETuX/L5eynSDU5fuTw0914sdQaiPfHAQ+/RwCoaxurw38JV8cIKqRF8vx5TTG+15az7Lut5BjJ0bQ5mV6YPD9TlGjk8o9W2j1sqeJ8vMZ9sGn5roo73U8xTIs57VDVF1xfyAe30EEeE0+QlHEY1Yz3pPXMZ0k7fvOP+MWgfUJ9rANBfRn2gIl4n0J1qDMTrzSX8MPk3yYdw+Sr7BJwlsxaSfp5usrj8pZHZ5T6c4ym1ifMFOxLcyOMkBJ6SGcd/qQYQ5aD7194F2h3E/cCqDDidHYuPqj3kaZPFE5eY9l4dUCX9aDPWnK7hI5qvwp74JoVJ/VgiVHX2R/a7444Ms/4fEP0V81NheF3m9LvJ6XeT1usjrdZHX6yKv10Ver4u8Xhd5vS7yel3k9brI63WR1+sir9dFXq+LvF4Xeb0u8npd5PW6yOt1kdfrIq/XRV6vi7z+8rrI63WR1+sir9dFXq+LvF4Xef3ldZHX6yKv10Ver4u8Xhd5vS7yel3k9brI63WR1+sir9dFXq+LvF4Xeb0u8npd5PW6yOt1kdfrIq/XRV6vi7xeF3m9LvL6y+sir7+8LvJ6XeT1usjrdZHX6yKv10Ve/x67/H+07esir//NF3kx7OjLRV7cl3f1/6UXebFf053jPD00vrKLwL9p/Ab++PkblUjP1/V59MHFh4bfX9t/vtH//qb/xxL62e6nN/hxKr1PmZTC4c37CAE8Lr55Jf+UIhaGc5XFZdqFW9wVvII/JMZC/bLSX1hIKgnpyfq8drjrz8mYhlQM32RngHx4zzRp5K9I1cB83W6S/SYv05+WC270NR0W3u+/N+3S/4ntYnnyc8IykviyfaN/6e6x3+6eSH+gTeLD7lEf9pP9QIT8UEL1BE5+qKx+qCD/bUm51Gflf/+kHIequpY4cyW4AUr6R3j9UV7u1SEOy+oH9Vt4CrvLOazL36ILZHOIEEYh/PlxLS67HywlsMyI4lke0quNKQL2eYzfQqr2v0GCj18iJb6kkGSFr7lqOfor2nHUb/yfldNlxL0w7z8e8+gnM3vTTr7yu3854n29abQMf1T4KpYfQ/bYf//dfyUDeiUDeiUDeiUDeiUDeiUDeiUDeiUDeiUDeiUDeiUDeiUDeiUDeiUDeiUDeiUDeiUDeiUDeiUDeiUDeiUDeiUDeiUDeiUDeiUDeiUDeiUDeiUDeiUD+ssrGdArGdArGdArGdArGdArGdArGdArGdArGdArGdBfXsmAXsmA/vJKBvRKBvRKBvRKBvRKBvRKBvRKBvRKBvRKBvRKBvRKBvRKBvRKBvRKBvRKBvRKBvRKBvRKBvSf3PaVDOh/czIgjv0pywPxNcvDvzQV0Oj7VECvFA//SSkeRs9EHv9GKR444ivi/bzdeM8A/jghUH1Iq9i9hhE8rYvw+jkV0TepgX4B6CiB+ykxCyXQX4AnCF+B98zw9OshR34DuRHG5vIanj+BcHS7X+BB1AMGYSlRJNv/ggRgaHpAjcLo7SNJ8f8NXwBwBKRV+rEPT+mx7duhzsLTFT+kaQb9bUtUilNC/fzkrccvTw7x8REDwaGH5xhN/29vGhZpePzHhvq9NmV4Ln+UcZHuPy+7z0IFiybpa/P2bPvGR358hmf4XySkdHuCkabeP7P022fiN5L67/ctQZ8S+DukM+k3EIcnYA/7Z7+OItDad2HM76MvmbXQk1GE7MP9L0onQ34mF5r4Si4j8klT/5IEWhz7BY7xLomfScMuRXW4JIhHH9X3UukzpN/rzC4gIXBhFldV6/YZyyB52Wfox01arQdhAZ8D+IzW3X9Tmg+PlPb55YzWu36vCF+Dj8/em+Fvz3b9jq4GCFNf9z4md2zMfbf3woijw9Ef7T2SZkUU/xF8B85dhUUSV39QcdgHAP4folIRH8MqfcSfpvEdWuCmYlGE7YcKQ2a5957nUPBNPr4nhpL8RxT7q/WfCeF+rz735Pzf1wffFJ7xO0K/Lf2fwPGvKf6i4+W+Q+wtuhdp1fZpk8ofwMCuv5avsDG/Y77DLZ7a0qM/xK2/I4vi6Ksg5r9wFpL+JjMf86cxFvpb5VkgPqTBlD8lw/ybtN+viRf/br33e7X2qxb7vaL7NXdV+QDzsIFsM/Jcs6hNKzHbVXOPOiINtQURKZfHjN7Ru5alzZZ9RKfoYWZibcpCtztFqa7trhttcZm7emelehJOltcNdSCe33en43FHGI9YIVJTFmtdMSn8k0qncNXA4ff7lmKPesacdPpwsLumDtaLiz7ZXLeTuorOy3LjEelmvTluT0K+kfUkoJprJJPtbtUcUfvj7rREfSxy1GeOvlumlySmarZWy7Bm5ydoXDQXkZllImX1nxtbNeHvUCdIzCy6255J9vNTGfjrdMndVIKhTHzW6T97BwX1++yz/+vC+qCtFL6vT88sT2fMfDPRUx5iVKnFBF7JR5MxEcp9rdnaILcTX9BPS2qzYh+biZPqE6sM1+K3ENggaHqe2swyn7S9HM3MwTNzOijTKVsZyhQVzVRFq8hr20WrlRnK9pyhTG+GMsJUxorpidAHLjNbqJf09TyRGsoaq+v7szyfxWUpw5iKgdqaqD+1w2Uuw1hKhOrBnIZ6Lhqj01GZD2UtLpMZGu1CY6VMaysJqyt6jdZTw+5AmdXpQxnqVx7KFChT2VmW0LbftzW9Z1mAdhPXq60uGMpMmHtjwZze6qGdgrYuU6O1QBnsHmvCuPLbGBTqj8T9vZd1syzqEIwJBGPCzBCMPf1udsNaFYeBsdBaWwRbvFarS1pcJjOkle0QnIK7pTjPssb0oG2E+jChDM0tZy30g8ai4TPsre0y6G/AwnpttH9WBmvLERxzCu+9l8N+kJ/6zMS7manUp7Ez2Eu//jRHVGZ1fl8vZTq0Xtgr2vKCD+vVEU5FqA8YC80/8+l+X3LG6qAMqCRvh70i+no5phwEK1hTaz7LuoDp9yBinvWsTKeHMvJZZisR27eNWlwG6/HMZ9vGVPoyC+FmP65IPOtZ3aFfq2J+wD0TPdMRzBLyE44iGrGe9Z64jOkmb99xHuDkw3qoT7SBaS6iP9EQLhPpT7QGY3Tmk/4YhHOfxkVliANtFDw/xezbumjP8JzRuru8p1OE12hNGF/QvrPvZagnwLVsGPetHqJJL2g+9feBdodxP3Aqgw4nR2Lj6o95GmTxROXmPZeHQ4R/lh1Ojn5OkEoxX8U/NfrGrPjTPBijv+7BiM87pOxd6ndYfNCjvmrtn9Ww7y2IEU3/sQ2BvsyRTYsWCRmZP9sV5G8EQX+yLFB//F+xLvC3n7v8ouzJ6B9B/FOGxIj8Gw2JZ8W/akl8wI3vMm4/y/4+g+OLxs/SP2n83E8aZ7/yodUfmA4s/1NHP9vEPWS+dPSrrAj+qxXx97qWiHd/x/unb9weWFGWPmjD4gc9WMJOZPnpX8bJ55/+ZW/81KI/+or7Wh8zz7/lnP/bPCuASlid/vMSnONM5UOCc3r4/oGAxujf7xDQH/Ofn5koRUSX8xnp9cNs/jK4Vn6Xuf4gEFt40tQ/SgvPKpf9voz/FOzkvqajdnv3GoIETRIDVg2GV49DgCyL+HSpYrzdIf4LKPSysF4W1q+ysLCWyz41KFtZrkBLsxQVabbvz5Dm2NhYmwQNOwGNtJ3BDj61T6wFIktBERtXAW0atVsGYAEhbd5aYa01c2jv2S7F1hHVa97DGFiL78cA7W+wljoEGRiD7a1A1I9vfvqOrLcW94fmaGFrA2ncaO5Y009BM066Xqt2OttbYC0UWXks3kEX2oCmC5okWAji0zokesvjqMMzPGbLMEgbxho6mhtYSHRvaeZgdTB9mU+ZyjAHpP1agEEyaOL6p3lZ/XqRlq+DVUH2a12iufmD1m8S7+U+hdvI2Erqn+fm8H2ASYY1+OGz86HPgDLJAOCANOaxDlo+Wi/AnUQWZoNhi5+Bxh7g/ev3VmXwmG/PepxYZtDOZwAe/TMRLCVUFrBWj0Nsb1nh/tFzB1sWYO3AHmErFVmMw/h1jzfYYiYHHKT6NfoYB3pYAV5C2UbH1pyiEj3emDXM3+pxAeaBylS2r/veJ8KVBsGFGeZE29gCAuvJ6cx+TGQVicRg8aG+TNweWVvkW9k7fYSeB1aj3wDlY+sJcARZIpanMh62KEVm2F9kFfaeAytLhv4jzDmwNTVYcwin0DgqiS28vh1rdQgXsNWcD9ZfTqNngK/IWvR7nOvXhJ4ha7v3HqB2YAUD/kRNb+HnLMLfwWpUycHzgOpFXd82ITHeIKsXrbszAc8Br5Sc6NsnTO9pAbpH7ftxkIUXED28dbRGp7eaEW6bBKbNzsSwwx6G1npa4WiNpovbk4gjDvvl0Ig+cXuzi8ihPWl2+jC+Tgz0j3iDzvRlao25M/TpBV0Pu5xE3HioZ2LPBILdMEdUv/dyIC7tPOkLrH9Er3kHNGrCiyoZ3oe+TAkG3pIzGLZ4T5LmaYnbit+PoQS1RYBHCXhD0vZzUXtrHNN7VA/eGbRvQOvYi4Nw0Om9Jwri+Dluj3DLZ/v2PoktaOz1MBuzb0/3MIf2foP3BDxNSkKDpwfao7kM8BF7eunb00/PEsAA1aOwZwHDG/gAeIbQeMD3EE727QAX1KYfq8c78CRZSo93gK+9hwh7uaBPBBsfW+O2At4KvMbBu2IygDM2tM+swYvmd71HKmjA+wReCQv2BbwsHubVLXhA8LxbWPfSxF4oxOf7Pv0aPEXAtywMR+DdedO3E+ueb4OnIWBNt+fpqC5pKZsVlFtKDuuGvgA3mmF/KQTLwRMVgVyD8t5b1YnNwG+gr7cy4PfPPnr+jMdBcmPXj+M59DKDOfkExrEW+laHueVY5iAe1fRrGuQVljFJ0vMTkUXyEp712oYM3rxlL7+A7tq+DMG8HeQx2cMjAVp6ymYK0R3VwztpbWXwHCFasvt9QWUR1dOJOHhVwDuV9N6hQS4jvg/PKduv4TtjAc33PKHt9YSgtns6RfzgyUtNtBZ/oH0RwwjzxA7wHPoLOhP4HNAZGg/LcJAPCK8GOqt7Dx7svYk9cv06ncZCuoUF3lUP+Ct43TAPHDw+ZjvgF21mT8+W2OMq1Ok9oxTmO1mPt4jXD/Jb7T2cLaInLIcAtxDe4L8+u8qJ9l1mjleDhw7w47lmhEfmsLeItw1rtrAMBfoY9Bkk+y0lgnbggSR7OImYNsxerqD56R/g4OP2CHfZQUaA7CX79ibSsZKhvVhbvf6C4PyUXyKJPdN4DQ5ppT+Pj56/eVSdQf6/6WSILwJNfioj+7UbJub9g94HsEFwoS0lSQY6o1H/QMsE4BrGxR4eFKZJrL+ArgT1QQ5CfeB/2AuK5S7mD2gtSPvtPXugHwK9YxwB2nJY4L/vddAztKaej+J+OtxPv/dNT4M9zmGdCXiWh+H0Ps8W5FfvTUV8iXkbh7ykg0Uh6OfdJVwvjp+18RmNbJ+OAavsz/IlchzzycsyIunfmK+nFOhvnIn0n+ZM/Hrjzcu2fdm2L9v2Zdu+bNuXbfuybV+27cu2fdm2L9v2Zdu+bNuXbfv7t1cTo59s26+v+vxrDduvL5i9DNuXYfsybF+G7cuwfRm2L8P2Zdi+DNuXYfsybF+G7cuwfRm2v5+Igfv5/c//cdP2eVj/f/kLIBz39q75n/wCyL/L6xqfX7L4QTLcbwxJvP/j/7G3N0hyRP9Gs8LbP+6ncVj6N4r6MA79r32545u8IfASBv3hNeSPLyb/8asYwt/1Ksa/wdsWf+NbFW9E/UveqiBJ6t/orQpGFtTbOLvO2fBiSVZaLrr2x3ev/Pw+E9seL1H+R1wMb2MRDZDvXy3bjdPjW1qM8254RuO2YVF9+v4TU6FJmsUvqL1zRuKnzR199yoNxYzYjxz0LfFG8IG3/tokHL/L9v7qe2/fs8fP78F9u3f0/ygbJT/z0ZHwj7719lNHAv2nvfX2+1D8RAFKkeJmu0t9frI46i+fkjcwH5Kfqc9HPbvj/vI3pXlQP3f7Mdea+iG/mojLqWdmCOLDuP3Xt3RrH7OyMc+a0nNifbW3rtgfb3mRhhfi/ujbL0wXsmfhv6802//7jgeM8L9fo0YyP71hyQlflUiS+YZoSIL4fQL5W9XIpSWkwm6ZdPRtP5acm8Cmpx/fiOW/9s7lT1mqaAKyVH33hiXk8fsJq6jPufuwcH/H17fK9Ad8VT4h91COao4+lP/NL1rijGGfEORnWQ65lMqBuf9dSsE3SsBXW+Qzeg2FvytdKOorpvbK27PesDLiFyAny3y2cH4w3yTqo6lvsPNnjvmPIKdLzoyLVvHr/UZn+KOpudx32sH+ctyhbaCIS5H8GJKX/dUt/pWK3U/o8e1+/q4N+o1a92XLfnd/hBH128/5O79hH8Q3G/Qrkpt9u0Ffzw2/bVCfAOr/1hZxlPDTFjEC+XWLyH/lFn2NgMuwM6hIsdwvO/OrcpyCqMX/fjfu/XdkOf0T497mT3Fv8/u4d4t//mrc2xH0nIA4MuV0YmJBlCozIZJCzzKVMjuH6OPPQR/jhkQrXdDHpDv9Y/0OJ/rJTeyVfK8HntKks7Ig6RMVwV9D+ald/akeeNmPHzxoqUmaWdIu8iCddd/On3nzfh6DxvQTnLAHvLcQ0esjDn2CJUgi03vidRwJw8l5lCGBS5ZAtAK8e0wfDQDPJ0740nvi+7bd4Cmk7XEA0RLChtg8jlaANxsSDCXkEElgTOxpTO59FA17B9v36NxCwdEKxRkiQP4QJcCRnMFzq2KPZ+89xV7bxlPePLjtKieawUuM6hor0xvrprcxISJoZZA8CObjsxbZw2WItPcRXm9n9tEvdfCGmuwyG+Do1x/7Dfvov0MOcyfMwTOK2g+RKrH3dss40tD1kVURJ9WxPJFYZmqPT3mCPf+2cljhZ4re9hETHcMc4QWDIxMQMeiwV5aBdkMEkLSH/q0h+mfBWQqAr4cjbjih0lCH6uegD5Fq7OVnIBoO+2oq0TOyxPYebR0SOz3LKHuIZJudSD37Q/WY3kvtIJg8xw1oqz9RQFhdMiS9clgz68e2PHPoE7Xx8diUhXExgfEGD3pUDxEsto/MgzcZIrZ474ihHW1ib3kEHu3hVEXQDe3qPvkR9qR3QzS2j7ACfmMcDNBccOQbIvb1EJ3trG6Ijvbeawonmuph25gQKcDJtpwhsoxg1eIIH+pziBQrDj1EQik8HqK7Pqrm3PvTEoCnz2gpjq5inHpGAQE+fVRIxNFDgE9/euQZYcCROnJo955sKTOHaFJeY88/RJMwDHAECdP4EOnq+x1gaGVqzwsgwoHwaYjKsUOEnuzXDNHihBkiLjgiAKdIhjpsH8WGvcUnOTqciKuPBCG8X5h9REcf+IRPW8CTWuCHcCoBInImieihf5YPOKEMNOipRD9vnEwK4EHbmN5hPHGIMPis1e8t0UdEYN9xhL+FJHV9HYh0DNEnDGvAZXVIOpaj/XOGMgSfPhoH/HqAt9n2Y2K8oIfIK8IVf6DVgLQHnojot7H66CFEpZtnBMQcTgIM+N++rRV4R9ZHNqG/nmZNaojeIDz2B9oP6CEqTA3tumdEx8LRGswPsMwB2OIEen2Uf8A18dmO6ufq3HuaVJ97g+o41HAaaIgIORA1ansaT9ghGl/3ycaAP/pD1N5/Rs6oXq7ACZJnhC2hh5MLHeYRbyceMO0N8sFk+igg8AWdxPDH+GFivmAP+AnRwp63IjnZnypqcPQOy4pkwO+AGqKzwwkffYi85+zAV+n+pNKHE0CdP0Tek3rg8YTl+cNJJJUEmQL0P8yPHeRo++S1pgJ4r/b71vNsqk/Mh/dtOM2RtwPesxacpHp/1s16ud/3ifcUZKs+0GLPbzEf8DZ98kQleuIVZfXRQNIcIof9nsB637+7CiS/MylEY8DLCVvF+kBtZX1/lhfRA5/vo3gQCc7MgZ/3/KWP6iM5BRFdzKtzcoX0rM3pWG6RjrWjDtfdxP+gj9SPiN6c5wkokn8c1fun1HWS+CkYw1JfL0SgqW8MXupPUtbJr+6YadwiUyrM/3lV/XX+9J88f+p+d/7U/3vOn5Jfzp+6/0NpWRHndN7O5plE3eDzX9lTU8ubIU1rZ/XnUIfzZr1ksPFM1UFLdBgLtHfgJD136rn/G2fDZyP6s3dPzoY4dy81EPdSa+B6ZM/ND722reTPs4yMBelX8blQfLYSlz1TTFpKQj3PEiKO2vV9fFjXMRieWXB+EM5cDeciE7LXog9mnw4TJMBzPs8znvg8C5Sx7+lr+zMNFubyAdOf98RnshoEAyyRkdYynCd9wgmssYgazsW2veQE+CRPWLce5qBYgvfzzmvgmG/rtZZX65lSc5AIneXjPaPMN+3PQdbMc/1wjkPtz9y0oKn1Z6yQJlY/uTG0+6ms33+wkBCsPTxvk7L6sxnksE89LPpzi/8mXJwkPr9Rz5LfcPE/6WhGq6q3a3i+KOfTNTdmrNfd/t8f+NS3T8f0vYwL8oPTevt3eKz/M3xlX1OqfnVmfhc//BWOsm937btQ9De7Rv2f3rWfAlgk+z+8ad/kwP9u0+j/05tGkl9ojWX+ZfuWbqSzbXmeV7aXxZy3Dj8E9x8JO75uEfquzb/FLULR5XS9V/Fv/363Cf2T9uHzMN6TbJ4pij9Gc/g/6Tahb+nm94XUi27+99HN4xr9B9KM8IlmaIL/jfkmCPovJZvfVxNeZPO/j2x25/I/n2z+x2mGfdHMfxDNnHbb/zya+fm2R+5/mma+XspShj9+/6jav+GNwj/5+OEWYEpOl5K9qInpJLnAxdSW6x9UP0Gf4EfURVkM0F+FiC1vBCWSZsnu0tFlMdH34iFP8X3Wx9odHzv0wW6gdulIR7e0JzU0OBKL5YHwKeG003aH6OSLO3pHz07He0hbWbCWjrOT0G7Yx30uoTnIouj6C2mppRG3I9mHJCz3iLrGDcIJWb1uRLWc/oWSZo2u1jc9PahUotuzcHo5rBZbL+1I2r8fFlW5XYaFU7jUIzyv9HuyXEwa5jIrrcksGBMmXPXdGFTiiAdpNoP+z+O7YXoRazHdBj3cmjueK9CHdWZqRGF385Lbsdv51o5FQz25v+JnaRiklG4MKS5mmi+5Mz+Q7/WME2Verg73oEq2E9G+PwQbzWMvHQJRqOe0ora0SEaKVVuzCZFX7mY62Xr7ZGGLbSBxzplKQ4msR6Yt7OBi6EuTp4trpJTSutbuekUYe4L2zpG8ltfRylCPrkME8rYO7uJmu6B1RAljdpVvImlcW4qckke+dJczaXGQ7KqIHW7kwJXSijOzjY1zVlP3qi7ihVfNUbFcza3afhSTfOcahp+ZlGTyB/QggF93QXzI4zp2jckpyNJ5BTTZWB7Be1pS6fnNOUzEOHL3jBdPi6vBK8x1AuWuffK7SyLvadd7kDvlcciJpZEXrgtdK1qrIQi1xakaiefDuCz8o7vUtYe0DNz5yNtZtCfm+l666vk45i+oAevxrOX5pS4FfO5Gy5FOrXaor3FUihfWKOdMvljrhCOf9g6jdMl2eVubYVePfYWoO3mq8XNRM41zk8iZ6FP6w2F5eSYniuAlm0gJhTjYLsa1rchVc1rqeeXc7Nrobvb+FqdsPblpdD1Tl+aFkbIELUJSvGbpC1stsYliYzj5bbUrHYVGc5JKRqYTu/SJ+WkXSLTS1tkuHm0OM2ZuqOdbNedPaNeJWTnrBDmIRwERrKztLl2j9ShCU+iz/OhaJ/5A+8dOX4sus9wIBB/YM+2xMOfTe+jdRsSSTxBCKlUqEYfr/LZ7oJH9zd1+ENeRqjqSh3qbBuxBihaGf74dEZuXFmy+YMeFFNfCcb1pmtqCiKFE1XzYpazh3whbNDYL1NJZsNO7yu6tByEuURWodhe20qHzI21j5KdLoxbpYpTutQdVjmLdm/uoGUmv84hLm8bIL9vjZHrbj2eo2I3tK2OQc0HgRld+57qGvPYloRGrzfyAJiql1Tp7cIlmX4Tr/bH1WtJQc0PzT6SKnqrl6H4OrhSX3Sz2SsglruCns7NK8/JaVZhuyq45f0XuEwPVp9dNjqjsRjVG4D5qg5/blkFwD573+tvZ03UwY0SEvntB2avnh/AwCN5Cuk/pLVLZXDtAv2E2atF+LZdaPtnn7eShLVnEycZaEazCycPQ88XuDlA15rG39gobOl7UU1otGKGaEHw5DqWZ1JyuXnjj6z1jOReBWW9VBChJu42FmzAd+657nRWCQo/Xd4J3zteK7taFuLZnqzbiW7QnebjLRinoCCTXlRs+2x4Rsj/S8+2qt2hrbxNKBw7ACo2Kn1aR+zgiQYzbLjM0WFKkHq1Z4EEBl+s4OiFKWDzGhVHSGzMpdpvLQ/SLa7PfxhZLOpLmLcW7cmtnG+4q1mnrGOKttKg8pu4ue0vP4cjcznYCcXDdmSjnk3JBAfI+uKt8DsPlJr/zlHu9SrnoKkt9Foh3eXeFZjo33QW1oadL9Mg+Vmp1vqOGN+dK3U+LVgubEem5ulyL1/lisuDC7albjO2OWFEuS539S3gQV+LRYkM0l9jboLksNhrivRtL93O5lq9SgUismVHNaLXgVtPZND8pU3si6t2yclcuF/lHr7LsUR6TKdc0+uTijBPDi1VWq9w0Ea3LoRQozx0beilOnbAxRqX7yPxt+NB3Z/t9VfNNXq3n7thGonJk73e1nDd43t49OzVrJ5nUMeVylObfwgWa9NgYVWgZVAeQ2IY2N9shtue5M13M0SRWNZLCwF23fEEm21g65iuiEqeeChAWJhu1OpSWZiStaz74SajqqTb22lR2DWt9dEIRGGt2ERwhPO2NmNl5OrcgD4hSZ3w6Q/vvzcX4cG7JE1kx8jkly9Nmsjem5zjKxGkeE+1sWzh33litnOM52fIbArr0NkcVSb5R4YxLvWWmAsMlS81ajDhLnoirCOnb09WSyOWFMboq18aAFxCkywQ17QwZaQ18ts9olc5PC0M+bbPGQk+Ya2VZHWNo4iMCgdCMgCKULEUM7XZKukDWGgPyhY3DjG2jhwAIbgt7cdJF+8nCyG8Ft8WEl4h3g+tOD2XJyhMzoIVHvCcw9c/ck1og5qCwF0Y2sjC+bzM6Gd8KQbhG9Pl4c6+6e79YN4O392JrbrymKaWzapM03bDMCLFgvyjN6W2nzO/StlvFdsVcl0hmSsKhc+PVdZpPjo0pbKx0xtVA0/LqhubJc90k5yu0FEtIN0R4nJPsPIO1xPsskTTRGgFNov/ZQIy7MFpvpvnqQRQk9OG0Am9MLKEWKn8jsc3sVAlUVM43hn+60V6WzKtpNJ1E3iNTdM5di9vQ47wlEcmgo4xZAK+USFPYhVkCipdz5fdi5ZywtPSuo0k2Dt1jvZgCv3KMaX54EF3oj8J2tEcceO90oiTrzDhL1iVsDhM8rI20QzK9JFODZ1mulazLnBZX/JG+3i8jfvaA1TBVsI2OwqQiHP7oLgp/XCrCFanW0kZI5nNxEsnFaBmaW9GO5EVtZzJ9vXW0Wm7M3HLrR1UjcT+r5Ee9Oo2VzLwG4rIer9Ujt7rXJJNokryntsljBFzMnBDjLeBn6T0OZbQQEk+nN+dEtHXN2cyQjuTvgzF7nM/J9Wp7pSLDoAUkk66kORcBNiCspp5Pz0U9Pq+0iWvMV6NHoGntWmiLczVKzlti3UoI7I/SiRMTyZXxzrjfuKt2kunNpJoh8WFTC5nJ5/V5JHgeUiMmaIEekhk7sy6Yyf04UsyanblrYlllEzGoc3d1A3XNP687emSPVlyS24tigTBAvNWzs3gpjQdvINHjIe3Od/KdnCN1LSnP4ioG7nAPkXw8yIFfmaNcdq8rMQZp3WINT1sk2VbY+ieDktyOPD+4SHS2B973brprtRIrIs2J6kQDST5ftmuXWjLETEaKyFakHg1og6nqNbOY1ng/ljJutImnjGJyt/1efSRmTc4pgXsgkyhR96KPqFUWZyLCO/nkSDqCeeLWSNfObzlid+jvuExkhGBHcZwgLiWtEaNDU0YKhqj+a9rut7lys2NLPDKTh9QFk11iUGIQSKNaQ7Lvcaq8jgXcnNsiFSkVkt1IUZfJ2jB4YucVM1H0A6QljefiiZnKIINb6rra22IYKZta5ZEWOy4iYiMF4uQyEhKdV7a1t2o3zZh42LEUMRJSL++t0Yz9y74EQ7YOV+KWsLucrdabUHq0Lq8e7FVKP8TJgTQS/SzCjspjxDnWlT7fw6iMNJcCNm1uU6cUlTi4MOO7queSu2UvysPY17EqjcQQJGk105t6ehZB01FyUL5WI8XJH7I2mpUTAUwnydmJU/KiP8RZABUix3WOu+5cx3fFoFXNV5DlsjoxHaPsRa44Ke60sGa2qDO6Fjkbd4+WK1rpMtLi1rGZNKeQjaKJCq+vI4eNfU4c3/a8jsQQjQa7KkqJbAg4Db5brFHPm0Ulxer4UgiNZCjLm/yQlLkY+duVdxfN4mbYyu7uW3p7MrRA0moK1Tvq+4doeMU4UsYrcTE1lqWsqQYjEem4dMQL0RwS6aTlj6OzQsXFOu8uKUgWqr7vJnJj3p22sCYTUQ6WQMhyl5i20ULihbG3F++NcZfK5BaboCRzNzA2EUJovLpOb+7JE0Vg71Wj3R80Y8IVEZKYHzdb9RLYYXcTV9AukvX6Xp2ZPAlNfeF10/32vGFk63QhHrfVGUaar5TGbRJyFCoueTtOI7laIo4tPR7CgojUs3VyEt7bolqKy9NgZpCd48kp3SyFO8Xe0f6d175MOoyzRChsbdiQOMqlSLRnKuNA8EYbz6UKdRc5+4nNKEbm71c7vd6KOo/M1XRNzjQOyUUEpWs0UbrcXY5taREsHh1qPS/ObGvMboJ6TpU627cbae0X3UPdYoE13reNss5z0r4Av094NQ3s0ozd9ZhiCkde7s35WbgfitYNM316UvdRHSsEe7em7l0ymceWve8O47vlbOwG1HCQQErSPxdr5rHnNG+eH5euQjYWQsTELWo3X2eraaT4+7KXmtAut2IrapuLWTpgamdzNnAeouyR53QtckiT4a51m1oFUltF80S41InNiUPonuhFt+nOqiSfRMnXtwH9qE4GQRzQ/tCLYrvVJ75ebcyxI50ni+2Gs0/51PWp7UTI78I1PWgnHbfT1+W6b5fPdOFuuZurXHjObcfIsucafFAgURgL5aMSs9A7oCmyO77TVyofVHdpwVT25uiGVD1ZixPGoXfURCBO7M0uTsgOnxQTAnP77NZcV8mVP9NSudQtXrLkch2MCySlE9COVq5kq7ygbFHxhO7Gp2mQaM55rokzRq2iJF5cpW0oPpLx/qI5E/EusmfE9ZUNLavHW7miwEiUfNt3LrNkEppINVnajJMLgZIlMy7S/Wsi7mRzu1fHYyIP05JutqcclBmxrSfb8Y53b5YSoDpgz2tpJI/E3sJC/89VQ5s6vLJr5vswuI5a+oCMZWMxv3LnmL9GslJP5uos0K7cNM8Z8VTPaFbkFrtFIHZrUbBG0RypwbWsiSIvTUGlvM+OOgJXHvLqPplHzvxguluqUIQEsadpIN8by57lZuPPRSFYSKXLSEW5ri5uHpsC6FOYHwr3u1CbtbRPJpECjrU92M5KbUUae6Pj8vBAH2d701ojHiAcJmD6Hj1hObosgPCXPqGRhdpepboU7WIhce0k0pcrgbsx24m0eVw7f13e6QNxv+7peyAV7ei0EZapgywXIx872kVTJ9za4ki7ODRBVRVH0Zztr/dzxSBh/6jBn7Vua1D8OxnxOOMwHSlLckKfl0CmSMyx3mpBzJZUdyIPlC9PZA/sL/KQrETp5p/rye3Y1FInL4gJW3DLR80hMSTV3ew8tfIiWSLduFh2o8NDNxFhzjVzFUYHnkA2iZYAkeUT4HjbkUwvag/xF0YFx9QYKbHUFpm3K1s8M+pdmy72yFjtGG1vsNQWrGZQyqRI2tcVf9pxsXZixvsrkrHIDsi05DZ2H5QaycTCLEEBo2fsdp2opl7wFZ1q5pWwi/F6PkV2z6IytxQ/p0MzGi/vNcJH052thZCdGwKiA9E6rudEeZ2IHQ8aVUvHl3Vy1uPHhVbV0VbxapO+ZnGXrKo6JpH+JFKnS87sNW1Em9ok2K5BREq5tgSXzdozQVdWJgIfn3fRjT9vTRPYU0iuykRyVjTh2fKVTsXDQ1I5QwunipesgWdqsS6rEbAlVucOM+c2TqTbBcSqzPHl7nLR5+p6pBDgvR3zSILqbsGIczmm5QnidUjxm9DURarW3nSXogpXThxFZ6VSxQo1UDlfrRjOmlbRubW4TiMV5YFBvKsnXaIwzkLMI8mup54Lor0lj5nMC7AkpEx6HVf6l/pcRJPa4lkGae3bSO4ai5KCk5pxFa3TBMWbQV2EgsKJF37bHqdIvIdXa67eOMY/nwJeO8d4RELK+EVRr/jzXDHIsWru955obXJ5L3WMe5uxxzh8uN6j7tAmr1NvbgRdWVGus+/ilTmd5ZP68IBjG1IUzo9IDIXarI3D88iJA4UXQy4YmzLfsnzh0YGj7PhmSY8LkQ+com4WG/ZgjlJLQ7Is510WTK16QYsUc+IY6WhRxsbNPJ3NqLAPqEjEVOLRnCt+u0eW7/pcOh4zvU9uvNOl28K/SzmTIbWKOa3F+nbSd8zMXLLkJO3qcbFkO82/i3t5vUsfgKoJqA1tUTJpPfOJkxcDiEcgxaTTaCHH4i4RtoE6zhentcIgltzeDqdWEwlh1c1CZ6fzS7cQl0yEpMqGAAa6aEKH264Vs+XcIhhbWrSulVKcXNGiLGeijbZhCorGXL2EwKV8KrRlodb30rm20UyzScgji/pwD5SlXa1QzaWW6LbsWto4RlQn1oGT6lYQ1Lc49Y/BSjSR2T1Vt/Qym6tLbnW6qqcuve685sByRT7luyRu6kuQVmOwRCngQtp9bBNmTUTLzVU6I8Cr7ThetBrFmG1ZS842j8QTuQB0p7ikzReb5T2a3M7LSdmptubV/qG2vWkB0uz8kOlb9VjWanSrQOsx/fFiSi0TcTqD+AaSJNSeEfdX59JKSOJvyN1lT7SpNqYpNrlWeyIJZiPxiqoSfsDLu9VxRe5vZS07yplUl6Nb+lBLZodUzjMV8mNjn40jd19YqyIAHRq0OuOc+HzeKYZ/bpE2jpRq9GTNzMMkk2vxaFkIJ6qN7ViMPpmsLtsLaD4qm1M8JY7bvUlkK05dF2lKq+Elts/Xkpg8Do/N7mglV2axuU4mjTiWQCkhVtSo3RMVAuN4VrV3gvaqTXofGWtvL9Qz8KkqimEuo/CeWoR2NS+laCy8rRI/HvXu7i2O+WmC1Jqk1cvlfqpLVLegXC6sUxD98bKVO7EoT/S0uIyOwVYVfXXELWYhp09OU9vYTapztSAO3k49l9xDpLc1z2dAfFRk6T6hICpv0xO147pZPgp1s6NaerkxfNqbHa9adUIG304l03lHmcDMSHezgBZnqtfB0G8O2kVEld/bq6CdFzsOaRhVu7TUeI9wP7wuDjf/UBJof05WSjX0WtD9KN6o1bGkkUZwX7lxS4NMda+XrHMn4C0jxWFHx4rJTwPwD0m0MTKRskEeZuU9bYj5Jb+su/Csbq92A5qo5J+QbI0ul93qvERa2aJp8hChwNy43ciUJIgHssDX2pIN0lMgXYzutChCZBsuxmcLfDGjq2CfbsY2SPbr0yYhFpsuAKFyjrSra0mB1KYFZT1OD3esjVNwAe0R64WRKW3V7XdoVdvQ2M53PoK3a44RRk/3mzwmKY+9pF1ZppRAbc3c05oJM9/GB2sLeKfvHvFJkVXrUMPsC+EsC5Q4nfjBZU9tI/McUsSS4h5Z4h+9Rsn5siJ37tLSa0pEq4Cla8LxPqeU7qhOJuF6nlzMFPEqWUGLpiXWph2WttItr6gzeEVnuRHl9Bwi/ThzlDjvZro5J5amMm23i2pUrO7FFD/z4qOHnmkUSHTYfbbIic1CuthyrRx38rxZ19NI1Jv5CREJmUSo2qQ6UspdpUNheTfm3JiAiJ2zpStmS3lbIFrRTtBIQB0pM5npVWWLKmtCD/NEKCfWmTJP0qZMvV3JtHV2MkzxwdzXG+cA5tisOTOLWJYb46T64TgpRXYRcOmhEBsG9moM8arMsRVlvCvQR2O8cpTszjlVOSfiepbsS4kbgcvrUd6oGbk8iaESdYl2WmyDnbxpDLPl1W2i8fn8cH6sbSkS5uNR2O7VvRCEMinnu7UvIEWCj/YAF+BbijkTbZ8602KSbX2SWW5vi9M5LSw9Z5QuPbQAmGgybUGHFMmYYW874kKJa1Z5hOb9WiXxPl/wHbNzVWQZhxfbu+2CMwREOPGKxHoYT/la5EQ2kn35YQWI9wvepk7Pakvu2tVJnPOzrVHmnfOoFvNDeIkKisAqWJ6G9tjkZWdC1OB3OIwbJALdR1rydnaL9tyliySytt0p+NPyK7+ho6OdrOqbfZimgfdIr8wKxA4DwVaHqkuAcsMUnb2I0bZcIndLJ446W84FZKXcZsdzswKsNpwz0a032V6a7NTOPobR7KaF4yp71CNEWWOsBlkJPR+b0xE4GFWQctK6WXuRwqljBlltadtMQy16pCMzjZYLblasDkjzm22JWZWxdI6MGaIBlfRgX875ziuy0b0+MFPC3M7OQRSJ3aHR+CyauOlsLoBmNyHC8xUJdKIkCjJSlg1QcXUXknBOjD15USpN5FWXKFNPPquEPYMjF9Nm2y1mu31i8krhPkxfEB8p0inzKxMsWmUv6hffjq+ROKm1UIXokLvOzwCGWEyY6V7lYYUGfTCj+tSugiUQ7eGmlO5K9QKkHU+4VInC5UEeWYszCHFlXKt3HWx5sjFFXt6zFnM+6oRcy2S7nIN51Zo8EBc5s0GKLmqDUXzSXokxnwNILO0QT6SstfkIZE+7vS8vTqnRxMXr1gY0qYttxc+Em7LgpduEBN/Guq52TKI+8gM/Y3YjOlmLR9rWXFsuDlq0uFphLY7F7dk/PM5dh6fBoHaojW0H51o9jh73JGO2yHwkSiTJrMXEZURazPa5cpgdJqXRjUYrNqE9Xb1LVj33IsedRQst8eiOA9vFu6zEya2IA2ddnbiptnKCzUGJ7VmsVTiEKO1YcWXGQpBs6onC0UskW8VpBh7vRIycIr1ti+pay3exQRo+MgE0OX4wFXdSFFMl66kmXtBnV7eRhFa2naPa14rIRntK5w2KWdIFos9bXQD1RTZ/AAVTd+su4oyzaoUzp0Q2pXGWN1S7F43gpJxnKaJZrZUIq3CSiA3dOdoCZFUm3LJ4pHW2HSkTdbvc3Czc9gqQT8XGZ7TCpCLpLhYBSNJ0jiyWqQBxMPFxWYAqdJ5y50Kqlgc6cE83E0mgUefQYstM5rm9Y3tHCBqN0YTRlFgTRXETGMcDOD70iH8IZqwohwnVKsHqak2QcLSvY7c+CtxEmI/kEZUu4kpLILbqxglEXxT3pizjojICiW5n/NZjx8h4I7YX3q0KYpeA9Z1uWByrQ3rA6LTuEpkXV409oreUX8n70zVw7NBibXt25BVwPzYhZ7EHiaOr1AQH2dmUQvC7m4i7bymlNCihXpfT6ix4iiYexfVM9OyJkVAGmsK+OdTiTBmb9p7UNQTwhcvw9RHM3Pul6mptr7EJpdM1GdmZaFkdsp01ecNEa5Ur2r172Hly/pBriex8Ww2C1VppKV5djcGNFBL6kqILNd8IK+LGxNdqdp8seYpXkGVqscsQRGuyMzXjIlpJlCsEH6qqq2lqMBpH9fHB8Tyi3MgEGmjAiWhfShiLXtnqlL4Y9eUuQ5jhbG0vK6RO1RpEWsRjLsIpC10sRXejTzeimrjLqTQTxdx1bw5SyXLXWbW9hx6c2Xo+jrAz+09sWzg3C2Iv3EbbJeuTIXKuGfHyskZ6l8OllrNEFq07SSKRrqX4lFV6QxKzs6jws3Pk3Ha7jTjztoatXKT5fDMtVd6aHbIk5sEhDd6li7wWN5Hc1PN9y7bHlgvSbjs++xeDdRW6cqYgn6RR5EuMfLdrKVjMQVAvV2dPP4Hpo+8bwT1HANC9sDJ3trQLa/OxESFqvdyL9gPC8lYgd8lxV6fXI4nWOx9TDQUmsR0TFmdcuIPlFuBSieePk5IqVNuQ4ujor8TxlFfWppaDQbBxt2opThdMROuaCnHHI6pLTpO7uEm7mebL5MlguGReb3eGp3XiJhAVT5nyy/spOUZ5V6l1yEw2d9++LC88gpYou7V4gpMKmndXp8VYjpSUltVpZaQ1V/lCxIy5iIkuibMUzSaQ5jyxc4pVoDxqBPmxtcqbgCURH70Z4Vmnuby7nla8sUusWtiK5LlM9+JlU07XKvgjHuR5fR2VE7JYTa7VDtlL9Ww7pmcnRKKR3IpsBbbHWF4d7gfKs5jrLRJXNbL9Edt/ELNg0qwWFtkghUmM9NEjO3bjannWYzWIwQS+62Njdz1MJ5ZJ7kJHOPLJSCStasQ6nKjYTXCjtVhcZfE4kmPguQGy3pttwSENY1RKjTG5FMcd2d2qySGxFxE+WCKfEY1XXalzaC+M4M6LZ8PPCqM4IiQ8rqTZpssq1T9BTJMOdlnWnG864kKbdXJCOvEIdOKwKkZ5TJ8MnzosC12cqvOyKxoWziicDluOAys+uspn3z3glmlZEfe+5W2mC4+xls19p63F9ixpm1mp5LfQIaeg6gVwUkqvivisyPr1LFAQDOxYOqsb1liuaf8+Ax1GIFp2vFYeyHw/ZEiGkw9Oc5HEmSB23863M2d296Sj6h9HaxUpW7zk1PPcit29SokGk4OSDPKgmJ+YtlQ50V4xxmy2k7KsvFWLYp4veWbNXiHmz2d3EaO21NUqZx2EjX/xjIOIbIfHju7lg7u2b8H8rj+YhNdJW78dSG2TJfZdp0HlexhIDzC0tTlvYNTATiCadSj3E+JYkU4cOdulgKOkE5+obg3Sbwo4ByUDmShBU9pFmiPT39jru1s/8yANDEQGqLZX+Uhv4JL1RJIJXj0WO0NljJ0P7/mCbxganJP8WpDBSbySDr8Sakmzrs2OSO7C+HqwhD3JyrF2dPx8t2uKpdJkM7AibFFk79asWT90W+KJOw2zFsblXj2xWzHhvQKpNR3f67yck2mJaRru6m7qsGkkCNkJc+AQQkwVzp2y033MeoVtXwX2ETmB7zYHz7/Drt9GZrCAsI3m292esJl5SXZHvto4Y6fKbINrhcgHqc2pe2VFyxP/UC9FKgqQWq1zrMOkt/WEFrVS4ZE+4i9YanScUnEkFwlIx1xJp1c/QAoDw8AoI2ODLKQ7Y6xUf8+jRfM8M16L3PakTGUesWrNFMesNlFY3z9HguNl7JrluXQ+6zRHrkJpL1f8cssmTDrdnjQZ3IHjCWp9kyheHInLzpmeRDCNEBdbuH5l6sAIGpavor0dprPlIyCCbSua4MyUYmOnIyk/QwaRjLRBs9s041k8l9bho1NzfX0BxXau+Z5bWoS4F2XGRNKg2thzceaMyGZ+F8+1EytSN86PyNACd9281Ks90evW2M+lLPyAkWjs0xGzi51bxQUUVKk4qLtR2iEhISKKHE/M28V5HKx6ut2UTHqMmwMjNXIlsOtNNEq1kyldpldkbzJjIZ2YBsd4pcatFmOdnvsU08K5UCuagX5+mCvH7OCNxVwiJwpfZ4412fAjty5WC245WlnqinWPoEmldQL7UpyD1ShywSlB3mrwLF5pbtnc7vtRPtkn/r+BBH+29cOjdxfz40WjxHOgbhJ9K8olpBWbhNdkzTO7iyYDxlJI157b0j0SvdoAn7DU2b55PW+5SFx6xqaUDsC7nQiyEktKvFwa4O9kJmwyOYtGJGm1a23U9L41Lo+4lLnasCW0k8AEMhd1NFmLTSRvauU+sZP1TZV85bGSBAYYKZJId1JwVzfPRioFmhbaEsNpkcyuLOHCgLWGuJqSmad4cVWW7OSRpJF4q23NXBVBMHZm5U6Z11qpzU+aoRPrmanvWurMOqN0ubhvbEZahe6iVh/yvlbDTYlEQKZTIsPIZOKXxqyRb4ttrRAKsxVXkUffb+urPGLGShryxkhclbp8GVOUGDGacY9sPT8ZtHOJxF27tplElhmFooxz7cXE6h7AuTMi1ueLXXR83PWZLoZ6WSUWv+ASSfevkSDa7XxXT9uyscEekwMR8F8x1qS+qRJwf0lBNw/kLWWKoih3grFQx74WLgikd7GCo+2l9dbQfBcJEmcbidv4EHFTBCGIBWVZTezqgyGflDZwH+KNs1FLf4kPBSOhHjl2dp2NVsda7OQJF83VeXFaX9FWbqajbdscOGNSyfK+oH1oQmwThxKtvXxcABO4KDNZIrOrka6Quqdl6dScuJJxW5EgfQw4S7g29cYQ1s1opJ/2jOtTQmWAim2WetdoFKeBG9nQp1Uzr0Veb6bmquFk2mqu+3YiIpax93cbZA6M0+RaEDb0OwKdYD4rlzRx9MQdOxU29FE91O5qrHOeiF2n6KfQKi+iNUSK1GPpU8QRy7yEXbCzEGmYdTi67KgRW81na/+iUNfqMuezTG6PqUt2XiEelw7X5OQVnueGbdCddhLHJa2RJ/dwamaMoqUZbe1Db9SSen2b8Xfe8pG8XtzuOywzz7M7yNrtAXihG3gPcs5bINGDYoHMdwlzSLtjL1szvdKJrkf+TavGrA1THc8L9VEcz0lTuufUtsC2qltbbRilSC6L23qG9JlVY4w0jWg6jmcexqEGGWbEcPp7LdIzzoHAjCNltcGH6CF9ZfKMPfvjyFrX69G2KunEYZK1dA52qmNWtXJGllB9tFybIUQlAf3cdbOQ5Bb7ef3gD5kYt4GnrvYXvWGoIBC4a7q1dGpJWrQ5cvg7lsD81NhPEFc/c8m4nHGyzmT6dq3Ipk4LCoIj2JN7feHYq3ZtCvFan42jUyfLZH3s0t0luGX1aDWpl3x2VJqmYZLldXQXkemQq6T7kI8+R1Z5s8pjXtFcwbzSq4k7MRqzXFEQbT5v1Q0yiMllJFy3IrvRZmvBRstJQVPLWCPykOKgb/YNxwk2pWTp47wqOIXnF6v1bLue7EqvkkRhhYj5frVP55igPQipqZkY5td9hPSRmbCnCZJJtvL0sm1n5fR6PTHF7Li8ZhAtNKjkUBYzzTwzlqaz0ca8klt9ejrCuYgke/CeS647fsqNxQPHdDq7u2QX5ZpNzypX7z2d9Qk4nJLQ0bSyzmBkWNPJ9ToH0QgOor27P5wkI4vvTnslgrtH3eD0Hlq57I7mq3GwZ/aP7TXBzqVg8ciQwn5dX5D4zbTo3m0fTGZqc1hTvuEjCy0N8aIpd6XFW2dWcePVe984O9eZO3FI/kS3u4ojVrZSeOXR92RGuk+cPQ9e3cCkanPfGo00ut7m+RZr4GPTmAfxTUeS+X5fCojHsk4jxz7DIc1idks1TUy3x//f3rk+q4ksAfwvSgpkUPjIS0UdEAQVv2wpKCK+Doo8/vo7PTOek5xzbtVuVbK7NzepSqWCzKunp7ungfmZ2ujm9w4Gu++ELWU8jG1vhbV7d+uiILTi2Hu8HB8psQwPxwLbmA16iEiwq1b7+VkPSa9nfq/qJUibP7T9jkwz9kkUcbgn4cZUdtRaoOOObDJmL5D/RaOoqLOo7eB5LOTHTm1Gd3KLrRCzVoKcg9j1c5SXyVBHda2PB2fPOpqk1nPqJP3Ji7tTnHM6yh5OgdSqv1Pxfgfbjt2eKNaucxXrMQtgFaEvFdl4u0Duua/uHze8KvBuqvUfpIdmQmIrrwfpPNzQR+dgCrqVAPvUnSnXjmubgq/Ivbuy7+SXSQTJJvW4n0rdc3+p3FFsQ7b2ZVj2/GIVNGKqJdhd0JdnydodemW8Tyf0Sf3wcH50xiMrLPT+alK2aXhfKqqy1CBrPj1Pk249jfGLvq41NxsYq+G9l8WKe8wgBkWneCc+tsvRqitGa78XrZtW7I3Oak8edIuoyr07vFFibvqQd0GKqySKOjQhLLrPJpuZd81g1WX7nvNQK8P1FaSqk3G6uHnmZV+c/N4mWqFCBb3x5vosFiPLOZbj6b0z7Om1PK2Xqrr3pjHxuPpte+hUUrYeqBv/sQGJpWa+FXI9VAf388O0pj0Y/yWADNliYi3Ps4s/Ax3sjxBZRvejelajKWRjtGVV3vayVD9WwXFE38MWa8jBq/CWIyaqvrNpMmHk9ifaI0Sg8wvtGg+TY2cIjy76mlneUKEkQX1IJuoGGyfhWIUdv0ds47IaK1mrqO1JmSzhUL9VK7VEsqI5IXFmmgjVOdHiGJ0mOsuDoXRnnpTZUEv2y2Yy2Ijnpj9aFBANjTZ1JdY7P9lLaamQTVFYanKVqpovj+9+IlzF+WVcL87ZCmlgCy7d3vV2Ita3naHuNtidxW28PIxxbxpZnQGMSiszd4x0SEHc0KSUNSFN4nBTakaJjB6cE5dU2THyht4ErIo7XJiarRjTGG09txzhzsG9iPek0UWtS6YgUTJprWw3KokvSj+bz51aQaNlbFfFsO9KtwQ0ZOKVWtDZuVifIr+McHjfxqbT+G5MlpO1WOEm3ZO4qYTc6lk7YjxDZCc/k7Owk09SKfLViR3v0MBV28LSuiNIcVYXK6urUh82rnIw0usjLnWrxTdV2qRpfVqMpblhyYpelHW/Gnb8BnVWnYeBw6zQH6oZ787C4zZc9IshGry4k+NY01JT2zf0gWOzb90kO2+D63gjWElvUEgQGD8u97laa90hCajHR+KVUj2Fh+GalMds6+Ld4n5jHEbjQU86GNPjYfh4CEVkjY0DLdNzSSsG8cDDdHny3XkkLr3gdjKy3dXMetamqIJivmsbKx6Lk0TYYC2c9pt+ZU4CD0Jf7VAFp/V2JxjSNYwDMZih6yPoGbkjSFah7qbCEolDPUOnaqEZ1+2ietHkODLranLGhb/JTDyqqs0jFPF2tjhifSOPtkNYOMHuIVrIpx+AbOHJVDbUX3qatjb7Q61pgxDBCzF1rGh+OtlYKCLGcYa1JBoMU6I9W5QnrlC87Dolmh6ncRCby7yK6GNSBd6q1He4NRPiusISNpZyNrhMjEq7j5bVNZ+USxwer9OgqmbrR34Vy3/kjeA/VTYkzivTnK6GXX2O4PO+2znYukfHb2G3NEH9CexNNLIXu8fuJDVdbQf5w0XRwVttjPp7w5vpR9RgTd5Em9hYgMXqL9yXWJ9XRldOu/sbWVnjtddWGJ71ZfqsaiJDrgz6lmw5o+8iEPcntntZa05eo4yl2D7GN3iWrrrLWBsH8Ar+nMQsRnwtPdceLE/TF/020YxwVivV9Bzb4w12SH0era/v7MCfrkpkNrfoT+0q02pwhYyJZxYKqeZ4HQ0lXe/tzVncT7UXPUmOZqnddfr9kTidKv7gX/He9++y/72sMD6QLaQPoX81VYmPEAIII0pLWpDdmtsoXvcv1S3YtVx6ZBcMjmV1anm++2BtFiO7tzcCMTUWVtRdvayInzhMzmSXT/ar43y4tFdS4N/3WmLEE/qkwLZyFdnEY8l+Rrbxmr7JhwvoXXQ6lPaI7NPmaBjEl/iy9+barUG5OhVVzZHVfB0cj6m+08zu0hX2I7IK1kl9rJwXi+xn9ahfJcf8ONvS9+bASepJ7bqZbOdE73/M3/VZHTaz7X69tobiAdHPrK1jP8hnpXcyjB/znb2qvjsFSfh4viL65JTc57Uf/pX9R+rI75Mp/ndPprjdL8U6/QUPD3t3OgUSPp659/eeTvERBeMWKcxrdiZhafpByL/qeYhdtfvuPMQvcuerrH6Ynudpl3/PkYjCh+l5knr+3yZIFN6xyEQFfVW//dP7MFfqT5qrOpllqegvij/+KLq3ZSS05+r38ZW/lAd6ZNsKmGW/ruuRPkZsP831+OtrcpudLH8jFgY+5+c/dttPFszTtr2e11s8JV5tN1/W1+uXa3E5wAFF/y9WT303ab1PDhv9jO73I/CLjhUFy3rubAenyRfllt9OS/+Tw0ZnH2HavzEUfzeGwvgMQxH9FQxF5wOGwvhnMBQUOgVwIMA0iK45XzDwliVyIBX9DSBjDGRllUQyHNilVZjBkgRMoUIMTjajSApSjsHZOs7BWVBQz8GTgme5jIJ6OhzgxNoAINYh5lAjip8g7YctBzq9AX9C/N3/cQD9Y310AH5GgUJ2xXEPAm7TlgGCvNYFPAYFklFIFoCEagb2AlgV5PThGgUYCQyzcLQpvIgBi5AbxIB2kBlSwpYoTIm0hxk8CzAUHWzyPphY5igL5Jj2d/1y2HhrTOTBEBYw1jnHVgDUBwtv10OKrmBIjIj9nj8RGVwmAEp6lj1439QZdbAYMXAWQPIOIcDAQO6AtWBQvIyD+Q4Rh8tRqBqibb7+xnRifoByIQJ5sN8ATgbXIsBygA7JThA90SEVhQFS3EcsU5AiRYGkDW+/YnoDwKlQ5DrYYWMMGeqjeeolXAPgGADRLIHpDabAJ4fpgsRQKJbM7n2rk8HftFckiWuOTKrHptc+0SUMdsj1ncLgQgAOiq/X3tYHYExaihthADWiP0RHKP7DQgEFQmmIz2+DDyOTQb5SXn9MLQdFsRzY3BGdEhmISxN4OdlpiS4AHK/NOawul95AiwxuxccEIEMKfyTzQcolJtMfCpkCTAmDQVFQliXStul9AAyEsqlI9YbhRFoKlgO9MnOBg/eQy+FnOLBEDtpD5H6Bydtu3qBgNoP0zVCLqeygfNRQ3WfzJnKYmEgsIp8vT8IA7SPlcRuLvLyIGVCMlLcFvv6JbbCfUL+KWmcGSGuZ7HKRWGN+H04ZCDLnfaSgPpA5sdLec33JHPTXwhrFBgWyia/XGPCRjDlHVLZ0TiikDOB+gmuGrA0zqhwBw7wQ25ByoJolMPgZrPe44uA1Mm82h0tGRAc9BiM0KdgNygNwTuZANpEhfHLoZ41ZeYnJHMqHNZ2TgGJ0JEDMQHnSFy4fja0XVl7iutGADFzA1Zg5lzfYAYq9oYBP1wB0TsR1weKwNqZ3AI5zzJDD2GIAi4Kta1ymk/ITgOiS8fAxyhyOhhwGdKuIH+Bg0fAJpqw5jI/YBI/B2IKUA/bimsMgybjnmMLQiJ3nEMLKBYhbBn3yOGgwf8IVK2a3bdKXSGbgU9qG6JgAP6NQSRh3w2GJNZ/fDkACGVgu5jgeDcZPxqbV3N5AXa/XOACP1sHsM22H+I2EtRN40vxAYYEUaYQpusfifctTBlakkEEyJu6vqI9JOU5IkwMKZLRZtAHwUgoqBeiizeaTXCMyb7g/Fpk8UlhLT98MMMYOk3cKoFJm+8ha4qA9ci3mQFLil02mt0QWDbOdzC8Tu89gdmEF/0fOwXvaBA6ujAD6SWGoZN1wW4fJWMInxJLKCDPskczai1rccvAqaY/6cPAPDMPEwK3UdsDcY7AXFRunVzsktiBzRvwv2FdiC1tqAxu2xik2CvRLwswvUrisy+aUIZkotillPpPa55z7bwu5DH4pUrgvjQuI3tB/Q3mRC82bz+yzuCag+vEcM9EjzOeW2DY+ZgrEhGsmj2cA6GvGNYdyikxOGl0bOOMwxtb+Rg4hgyiaFH/FQbZPSCPuUJAig+g+YY5Ezk//pYkUVkzH4IlO9r598nvwLaQUZPwakxG7CGvyu2siG/sIM5Avi/tANhRKaj4hnrnE4JMxAxOCLjJ5dDADH8JaSxn0E/wg3A/2D3N8FvX/MBccaAmgVAbNxFRHGJwT7O/bPQC2tLlPoPW0tB429zVbg0znaMwENiugcnrrZwP+C3NwrYde2xG/gTifk8t66R+/j8YnEtn7tAh2ZX9f4lQWPm5SfxZra2UvRWUw92bS9CEOZMu5aeWnmbgflbD5gQnND7QrWf6YklHVj4KTf8Dm/lPBfdzc/05h/tQU5vus46VI1+esXUN+5MtpfV6n2+LrL5eKfBJznmrf/SQTKSo/JxP5qd5/hgL59xkMJPa+dt5ZjK7wz1oM9Nti/LYYP91iIAl97b3T/N5Hzf9RRgM+trqAlF9/GxA57PEl2cId/wE=7H1Xd+JI1+6vmbXOdzGzFJF0WQoooICQBIibdykjBAKU0a8/VcJ2t216pmemuyfZ3TZQqrhrh2fvCvxECqdBroLL3jjHyfEnAouHn0jxJ4LAKZqGLyjldk/hiNk9Iavy+CnTpwQnH5OnROwptc3jpH6VsTmfj01+eZ0YncsyiZpXaUFVnfvX2dLz8XWrlyBL3iU4UXB8n7rJ42Z/T2Vp7FO6kuTZ/rllHHt6cgqeMz8l1PsgPvefJZHST6RQnc/N/d1pEJIjIt4zXe7l5l94+tKxKimbBwXO4QHRg8COQQjnZMrwEzE7wrx8ei7Rk7q5PQ1zdm3Pzw9+rqdJADADrH749BC+y55ep1rC6m0KbPxe9XPy1MNjECV7SPekej0XzyPheAtvVbG/GRnzv6OdLcb/DT/jLxR6Gfmn7hLVuS3jBJXHYTv9Pm8S5wKbgQk95EOYtm9Ox6fHEwH4ICqyqZhwPp4r+Kg8lzA/XzfVuXiZW+KJCM+ZfiJIbPqB6Zekyk9Jk1SoqbzM4GOUnObH45s6g2OelfDjMUkRHbqkanLIUuApuTmjHtb3WvQpj0hhL3151Pb7yX4iIqo7GT5LeqKZnJxhX6sbzPL89IkPnwSRwLj75/4TW+Mz6inT/nOeJl8E6mkCs5fKP/EbfPM0U88fnzjwV7jxq9jD8CUyCbttWBSu5pNlelayn+l/Mns85oc3TPM17DGfE9SM/kbsgZOvGWRGku8YhMYe8AeNM38hezzUHsQHezy1PZ9/G/Zg3zAH9Z45qBnxnjnYvx9zkB/M8Y2Zg3yjOogZ9t62vOiXz9mDxGZ/N/agPtgDts1i6N+3YQ/q2ZI8swf3QHlgzAPkMfsrgcdD7vgAHnfgwX4zXEqz+G+bFpZ7YFqw72RaPneSXjs4kDblQ8cpfJnGn6M7mZD/VGXh/yOQBww1n4D8qdfv/+/LvtWThxa9kPxTRjjxswmbvS1bt2GZND9fqiTNh3sHcOwX9P8X2CaEiu8dt3Hii6mr7c8RnMMqOOI/B1/0537F8buT5s/4g/f+/+9Z/BIuLPYhwzVJljZpSjXpNf0KAWX/OgH9CkGE05emKRFFD6TxlMfx8YH7+Fog6UfyGM/CGT37lNdFgj316SmBPzfN+fTUoW9h8THitdByD7xJjnovtBT3Z2X2XSTkIRs8NdMFxzZ5LddflOHXghv8vydBffPyfxMBsSlSkgan/Hi7Fzmdy3N9Z6WX558iKSiQMqVD+jY/P00wmLoRVE8i804V0G/jajQkAEqdgkYvn54JQk8kgSkieo/0DI1GTUOy/lZe/CXvM1v8oWqIT9XcCf/yBP1B5IcJTxNAP0/Bc577+FGGT7SDn8CUlZwiUZ9nmj5l9/dm0vTnqphy6ucgnt5AMQrKKKmmD//P1Pn/+2V661ZBmubR9H5+RAHCz/o2jfO5g8/VfxrV6x4TaDKnHJPSQMn49LFKYO+D8CkrNqUFbXN+HtNTtjsboM9I9U49fasV0MMnvYAeXs552dTPHaBRz2jxTrMXJYMeTipqovVnmuLVg2dF+KmDiOrOcwen8X4OOZ7H/Aw7Xkq8UOQTozzrka9hr5dHL5z1SdnQSN285KRY5lM1t0/pJPcp+a59Xh7NMPLTsyct9Km+z8oF9af07LP23/L99PGF+T9PfC2ST/neye4XrCXx2khNbPXKEn1iqLsGf2Gm++Nng/HERr9iWp4YCDYDmQeyzkOY+Nq8PCV+spzYT58xy8QqX8amn1hkYpA/bXeYGfXK7pCPzM4DN/P3W50/4DiUdzX0CcGUlyy/7on9IY7b8EDFV7b8CgSD/6Nj33/Ax8AfYhqOI8lvFaCgZq89UJKg3/ENieMPPFCM/P4+xmOYj8afpp8nPcAsDz2I4IRIXoY1euku0f+eYDW05agsBvlyj//yyy8ogf6E6p9rQE4E/pmuenmAFMab2n/MWtCvh3P/sLr8wvLM91SWOPleyPjp35eFNU7SoD0230gS3gRySfxBqO45PvO5JBB/Grj/UUFAKugbCEI6sd3nchDiGfarYoC0+c/3cn8refj1CPaHPPwuyzB7JQ8E9d4yQHPxd5MHhMB/i+Gj47mN3/D7E7u/5XU4oX0S/hxcLneefs/q7/n8Id9/Sy7/9UD8B5f/nsVd6jX+wR+Gax6szzxvXvne4ZrnVcIH8Zqv3ayCk08xlt+SCzivT6FSiPi+rMIfsvI/z0t7heanwPEzy50rKJBvyv8IZiQx9hUzzljqHTM+5MXfr3G/kvnYLzLfF4OFv4P53qjar9DwT4tvv8nJ66Xw1dz7UKf/m8IRfz9Gp2avGZ1g2HeMTn8bqP3tsPUXdeZyZYnvuPkJHf/N/EXuAzl8Kx4m6Dersw92heHEd0EO//rFWYb4BZ/9t1ZniX9VbPNPrNi+mKgftWI7o147un+7Fdvn8PoPdgGIDxfgxyOjGU38tgvwIBz/jZHRV24FQDsBPu0C+C0T8ZbRfkMLh9+2A6Zl/oyQ2jMwI376FeT/Hcb/q8L0aPx/EJ1+fxRJfERZv528P8d3fg1F0n8RivwKuzL7gl3xA0jwAeYQUKwVvoIsKePgh/An9Y/ex/4Hjkjhv35E6hWQQglxUO9fCPANmBgn31gt6r3RIgj2PRPjBPVjINRzhx6yASLJuWr25+xcBkf9PNEJkeaQNM3tSVMgnfWaNT7f6fEQUDyTH21kA+jE5eeMA9PmORrT1DyUjTc5YMpnz98zGnJ6btunrkwffJT3F/r5ozi81I0+3V7V9LtO0iXxq5Og79mgSo5Bk3fJq1KPpvSp6BIp8s9j8PhrV5qlf8E++8Hf1Fif2ypKnir5xCfv6yWfwdPX1QvnJEuad/VO/Pcy2j8eTH1eP/vgwXc8iH5+fUfLD+dBHPtWXPeupu/NZ7MPPvsCn/32zqkfz2fkG6X0rbju1+v93jzIfPDgF+3tU6Dhb8SDz/Dtz3Pd25q+N5+xH3z2RV2Hfv5efIYzv3Cf/bDct2K736j4e3Phl8/UfLUjTXzBkX7yn79z2PWvCL38mrv8RZ79PTt78NeLzMz7/ZwPAyu//+zk13HJc2Nf5pKHoT7085ubPL+Wm+Zvt2x+sNMfZSeWec9Oj7YsfDd2wv8QO33V5vmvZadpmw32csjsg6v+NFe97Bj4rfWe78ZWv7nY+JWr+3+arZxpHfKDq74FV5Hv91ex9I/kKvIPKqsJw35LrtKnxY4PpvoGTIW9j/Izsx/JVPQDpnozg/U+uKC3+Wm6zvBlRiY2WMKpa/IzmpnwaVPJF9ZbpuKgvtwvUpwm/vlDmg9oOvinFsQ4aALIifePxLzusp8IfkCnoIWlYhK7G0+Fm6GNRiwPlBUWiedOJ2MyvtGkcaO76BR1xgH0hsCN8SnKVSW+7JTVeemoo5GrWSCvLztijz1/jk/HY4xpXSJiuSGAXhWN2/Sb86dgM9RLR2tDgj6qB+qkkvu9NQ69v12dVdnm1AKD+SXCHkFm3qjBPBiYKQBSP0iEMdqYKoLMcP3MmPu9PaqYfshG8wA/CwC2/Xk+1KZErA+oLvT+s7wHu7VEgzDzqcwwvR790SiMN+XB53n75/o2cIy707EO4fjU0btZoiavcrVb5v4hkSVmqfD7WM6yHXzuuiqsSxpQX1WxaC0H3Aw4Lvge1q1mlmfcDIGi759BZjnovdo/lZle9UOEnrWQDoORU7AeFZaXbvoh3hjuWjVc9Kq2JmYMkGbE/ZkB6ZTBX6k1b2CwUFnPQK+0foBtuVFrOIBGY1LFo2i4Nuob+vzcz8F8KjO9OhSJnukHO5vagmmmM/WHhDTBHdhP+Ir6JE5t5tOzEfXlZQyuCn/nInq9jxOlSxlqC84fbY/ZUx+yp+fZlN96aT/7jAbFvR+4P5ieMY3jXtdUL+orohEJ+3WD/YJjNu/9guWt+1gGROc7nSRIX9Qv9KoiuqD20Dyg/o/o1R7R2NFzlN97yWei+UQ0Qq/CNF6YD/KYW0w0eGpvhH1AfaE+9SX6vC/kp75ET32JPrVxe+kLfe8LyvvUl8NLn2/GvS/316kvKN9LX2Da531REX/dpnqmtlDb/r0eyC/m2p/mFuYZ73VMc377xAt3vv5cFmJif4llL9fHZ7nuu4jclUu0tPysDP/k/UPc61Vdkn5/AuyRy0P//pPBX6nw369soBjW8zH6T7E+6VMq/3q5/w/EA5Mhb7ZPWh+9/yweBz99CsehD8/RuN/YYvJyh9j7+N+rqOIZmrafXkcV8UexvpeY8mfxxqeyn+KNLwHFaTC/MC8RRf+nzwOKj8OLX2Sne8zuK6z0PQb3Kxmf0MX3jkrSz8HB570Kf3TJhSLebN3h2NcVfeeoI/1rayx/ktfxfwOv/6Zq+DtLw48K0jPcNxIHFsPeiAPzjcThX3/cYbqLjvidpx3Cf8hph5ZylEGPUiufS/KgWqefzfjfdQ3xP+mww9vr6ZjneN/3P+zwrxfj+6ml/5Qc/6N32v6T5Xj2vJvwx8vxO3S6ssK+2mdL2qqPHrsz0/Ml/vnR6tSvotXfYI8H8/cNyIi/3O3wfBKZfU9H4tHd/uyvIK2vdXIfEu7L6y9x3v0e1UWGszdn5bE0iF6r0lv90/3mzbue3CfHLkEy8RO6sw1dU4lSgyoPju8yoI91UNY/11DgfuUoyu+6KOBdLd0l+qXLk/7VovVXab+X5Fdk+1YsiK6WDRI2jR5pg1nEJmH6zTj0NUAnuPcLzzjD/fJoOef3nxH5Oh59v5ozXanz89NVOT8jFX75+fmeqOf5+5a0pxM2ph7RniVCcjb7NrTn3l4Jhj1QDvi3OZzzjvAPv93lH6JVyTeEY+n3p5peiPQ54ZjvRbgPrfpWqwbxKS//q0qV5JhfXgModvbg4N33U6sPmfTr1GqcdC+qFd3o/I9TqzjOvFEPzAP18EP1KvVF9fC1J4Fp7sXb5GYvb3GC/b+fCOxJT7y9Gf2n5wPBSK9QrxXHmycvNb578l67fHXRJxX0R5r6UpnPddfnw/4tjXQ6l3lzrqCn9BuK6Z+oa95omgdf8oI/3I3z+7n9vxFjYf+1V8M8VE6zz/jrI8jyA4Ms0Pd6E2V5sOXpR0VZHrLGX3M55MfNMH/BzTA48bwy93I1zPt7ij6uhvkjHRAhon66FYb8rOXw9xmxH3Mjy0M18Otf7fSP2sX6V1/IguNv7r2ePdg7jT+KCH/c6/e16O3fukT2OGT3cbHfXwffXh8TZegHofO/Er7hj8KSbwDTxw72jx3sHzvYP3awf+xg/yNnlp6X83/FZ/pGW9h/yNeiPbYi/7WvXv7+X4uGU8TrJYoZ837p92UZ44d8L9of9w7xf1UA8W/xxe3vlrBmD5YPKfIRf/z5b25/hy0p8ZzOxaFsyq4xV0KPL2j7wVaBU1BCRBfDxCxv4ET+OKj5b0aWkgGtHEUZo09MaaP6ef47YiwM9PpZvs/Q5aje6xk18U25/lU+hKCO51yVd5dQ7jk1N3DjkN1Whf+ZBX3Vf4gyKNpywWR9XYiGjDEaYN8nNGe5BQnRJKUf1MF0I2Sd4dgy0oBIyRKowYBIZkIkECHCvCithzhkeErDDdGm7BHVk2EW6j9CiKPUQ2QD6yko0/Wf6pR64/Bc3hsmhJJTtCEeDcOFKPWgYhDFoX5QlujjEDkhFIKZCNUJ1A3mIRAihQiFsMSCQKgOok9IJ0Q3WB4iakgrWB7QEJVg9/LZYIrRc5/7CXlC2luudC8vojmUpvKWG/WwflQe0R6iHIQyARzT1H4P52Z8QniDcfCfykMfQfQmtAxRM/2mfVhexY17edgP2FY+lb9BOuFTeUgTc0K4EqIZAef7ZfzuhCAlDKI/2r0jsqf6VfJeP0qD8zilSTQcH3FHbhGO6pzm7uCNT6iOgmhuvPc5IgwR5oaegSVmCNmjPt9gGexevsCtiWYIGcJxjxGlinuYH41RItAcIU8CtQmf3Wlz8Enznv8G5/tNO9PYqPvcSvC5MdzLG5D2/tRPy7XHCWlClAm9pifaRDdjXBlwrHBuPHxClzmau4i6e3Dw80R7yG9igfgRyRWcJ5u+85sKeX5Cu6g8Yd4RMZxP43ZHpxltiROKhbwH+T2fPCwStk8+yQCkQzGVhzxGPSNqS/QIODc4pBPkXYSAV8FneoQM5CO2cz7z6u46Cuq3b2BuZvTro/fUjPmFnb1Hsg/sDcX+bnPz7b6X9Vt+8Srx06PI/Pf/Ih0yyAq3sDYBacea56V5nZc//3pM7yPg/vvulXjjo80effHqj/kKvr5dVA4RrJpGCjYbRTUPO+bRpktIRdgj+Jenpr/C9Jed/orP7/GfWHz6S0x/7/mx5xT4XnpKJ7DnzDCR/izD+9sN/1XRQPMNZjMfYzZi+v1NzDbhoiYq1/XOxfLddncMT1yxE9TMJ4ZLJOC3eDMcYfljfFrDOlYFrLOAn80p8oVwHNTzxuhN0UHzbtORbZ5wkCUZk62650FRQYR9kM1C/ZMo9IoiUoboP6WB5zz39y60pcJLnfdXZ4oSwrL8Z7ZEPZgutDvFTlZzyAC8lpuU79ZsJM+xQLjn0rcaHsoep57WxG5DdzvZhsjQrIMteEiBe2wRIRMPR2huilO6qMcTWiHuFg/FLqU7KhGLHsUeTYS6XPspTR2e0jBDRDEnhJ6M4SlGSVhP8UOE2J7jluZ4r890PXpKg5bcEDVY1kAobJzSHIpCaG2KKT7nc2AbEzL2UNrNuqMZEs4CQgM3iGDoO2rx+gmRwjRzVJ/SYL3CU5qI0lAMLUNod0oz3Oc0/2be0UVvjv5TmkFMsUzUp5d8cKammB1CGSimJt3R3hSve2mDgPXhU32f0iDaiJ5igSpmHO4xSISeprFCBG3dkeUN0nYaqzlmt3t8k4JoDsVG/dYU7ee0YYq9TUjbQGkoNkub8PeOXAp6QuoT6vdpa4rfUgT0HugpRusWE5Kf4nsQWb2qE6JCiNiIV21PyM/rX/URpkHEfc+XUyMcL5orEqK/z8aLUB5Co8UUIzQP3lO8EnoFI0pDUlLcnuYKu+crJsmBtEJjuhnPaaNP3ecgop7zQVRGPqXhz2kQudL3stFtSkPjcY3nsoNxj5fDcYMntAyw53zm+IRyReMz3jOmOCnkafwVj0IZMZ/zPfPyJDfF7RPPIzp5aDzEK9mYZC4iX8nQlAbIV7KG2hiNZ/mj7nHmT+3CNKiBduLUP4hapzQHztnUZzjusbjLKeRrOKZnb4/+lIbiyZDXDk/tvuSDMun6w6v6PpPdp3a/FvV+t8MFGPN6gZ4k3sd0iUf3UM1+N1z4OnzwFYt4f4dDGW+PulHYg13XjzY2PN9Z8M0J98cuhftXnMC4R+D+2CGMb8Vbf90Ztper5H7MYYuHzPd+y/+jwxb3efr5aZ6+JeX/khNsFPEDT1o8JPuDO/u+tTP1o6PbH67Th+v04Tp9uE4frtOH6/TPcp0o+n2o9Ye6TrP/rgfw1Sce/zVeAHQufyFeH6giyUfban6sI/DoDNXfz30nOO7tiXX8/XWsD/13AvteDjz73xXfgq3/4MU0/zjBJTH2LeuRD5bofrDYvv/OpUf++6U6x+jGhPOl/ge67+w7mScfyPwP9d+fG/uM7l8g74e//eFvf/jbH/72h7/94W//R/1tln53y9R7f+eHOtz4g81M/xXIHsFMQV4m1c9VkuUQuN3+OwieQzfcv+bE90jyR0N4/J/herMU9laMsQdbDh673r9/++1X0u4/7nsnMYqe/esll6XeuYDEgzuIfrTgfp3zDUXwH+6Az/B3ov9ot9Gjg17fjfjEhwf+4YF/eOAfHviHB/7hgX944L9qvxli9tZ+0+/Pzf3Y3cIfHvjnHvh/BcfT2DsPnH6PJH80kH92uP/mHjhOsq9pxz2g3UMHHH8OeH170v2Hd68jB/w/smmFfHOHHMf89e438XV719EXBfxjPW8cf6MuOeaByP/QpW/i/d71D8f7w/H+cLw/HO8Px/vD8f5wvF9t9mVe31aPY9hf7Xj/hzebP3C8/zP4nX676Ryy4g/1vHXwM+PM7ehyMp3IIHGadfcPv8nvP8KMwTH872y8eLt1mnv+Fo+/kPceBX3+Q7z3Hw45cj903/5D5vsPh80Q8/1nzO7bL9jEMeqHMh/one5MqobIl4KqV5FZad0Dq1sHL1GzJv3zgZzfvDHvC9cZP4zrfM0dupcyg+ybr3lr1WMLOTsD+GM63l7yMvgO/QIVCMCHryKWmO4MpfCKKThrWxVApqZgX+QoERx7Z34c4RtrQLlrmz86tSX3qMARW633mEdwp1iJ99HJAzEZk/rp2AYk9F23/FE/cbcd3bVLHvZBAMDxVvxaySMmxumO59boasj5gGO4IF12QKoX0P/QB1Xqr2q+l4hMtfRgcd5vVqGbjzjptftVU4froLIhlu+CcqO22XolD9RZr01Z9+eYoaIgl0ZkNtjzuo7qL+etBl0p2qTGHXwYGjHLQFXPbw+GglXWuKyZmA6XoZUATTo53+J3rWk4n+80Pql0xeMd3fOFttcZILBCs2/9JgtlYLUdZ8F+pPzeB1y/JEXpRgI8Es3e1GWsaJzdQg7dNFtZ4ObzjF0SecDj/cywuPiEri0cinx1icSa3/ZKqzaYlmKkW0bCVthGG006OjbmC2Hvt2AXrkgVisKc3hS7iJ/3pijk+JGtnbXOr/a81VSJzcxs9B08oq1b2s4updy5SKtk5TZLmCw0S7O3ukouYkfTvINB8Aa7hw989KflQCfM+8TR5JN/yJcNEsrBdDHWVbJGLa72XgZJ5KSUmyyqi8aK1EVG6Y518sZzJqSk43Z4LHb7AltrReU4qGpRuSmQQrfq1MxAuZ/XlXd01qrS8WvfWc7c2CRdUKgpf1GLecKeYQHaZWno+NYq77OFE61nKrGJYV3zqAZnWquXVLHaqpgtnFKbEscsXF+3RjD2c0/E+lFYKOwSKIZWDplwAB6hdjbNCrqQiZyb7SIx4BI/XM17SxSa4bRWi8a+Wr02Xq30muR0L18VsteltXGm+EMGB8GL7rD2uFDJLKzaaXZx3cS1LZKwT3xNCWRm1R62PMU+T4q3/hAns91ep5aaVF6bJXuCs47ptT5ygp/MfMzfmGGcb+F4RG6oVL04OuaJ3ZPecVS3wKHWOw5jfUtXupWxXLSBe51hazaDDCk2OY/tL8tr3MGWvV1rddhlJkk278LaFj6956OV5pXXI1T2/IouVvS84pOeO253w9CbKG7MEz0bjDmteVfMAtpuBUvaK3rRSnRqdhhYwywoW8uF/H70ImWnFafzIFX5apanSkfUs0R1lx4shpPbImLyYdCKc3iUF9d0rsNkJ7EulIYvOY6ZXdjYcTRh6/HcAJrdcg87yufN9tAxmWKduUvbhe4N16RCU7wTLsGnUj1rS/9CMIerSV8woZ4yeLleSiQrbCWRGhf0lvE2eJppMD+5HQooZVdi0Hyn6zV2aZkaxnQsi4gC/+dbX6cAZN+UE1Op7LhOw1gzDU61u8oFY2sj+Q0Osxucr/VaKeS0uMmdsqahJpsrlb8J5E5Ti1XcIqpqy8TdupWFKl71C1KqKK6RMbaeB7zOD6eLG1zZPqVM+8xR21CChOKV65y7cou55zgXveJEcr5tMdYuLw05biuwtfTNLWJvcE6KID7McoQUcGasd+whPEJm7/LyelFvcGqvMqEiDUBzgzQ9bSKnO0JjPJVdH2BjWZW7pGKiHcroQt15dIKSsOrmlVaTOyOr4t25A151GdIwMWnc5hV3DVrxetN3zAX0+c3WwLU2iSIhWoe+5mUwM0I95rC94+hAKOR6RSDm7ZiLUAbBele0LOFcLnwBHHGt6j5ohfiCiqnMIvZ7Tc3X8JF1bKSmbGHBq30h2tPqpgTDDHcdVejBZbmSV0wQnsbV3BqxDeHQROmdgz3YgKNJB7AvibuDfVntFKh7d6bqFUIvXPgKitigE8Nss2I2C31RnMSFJQN1XDfOxmEi7+g2pjUrEjxnhkGVz/Y809xEopXGyTNgnvc1R7jOXFNrsLCDQZvVTnfwwqBT49L6NKrlrmi2S2duQVM5s9K4F4ph6rfbHk7D1s7kPiEchlC8a7CCnZ5rswYOgxgRJcLAYvQYqj3X0VVQwE5semiFkXYN2QrPwoQ/FhusAQtXQhTm5J3U7GtT0bKbY3SsHEhqrszdWy44mrk92gFAivVw5mwuOKVaQsWuyqzwPZRUnc11OP/uEiT78oaf8IYSyhyvTzs51RZlEh3Aokiwmx5Wdstqm419LLOQ3WGoSnd3lKDlm1X2vFZv1IKjmGytmKsZYwoy2EQQVS82a6wQVtrsIl4GDW2Q5c8yLDpqAkQN7CE9kBJZnFaacAoPgwmfUJfGNEdKU0AXIYMwzJBEiIccKrTrKRt9QRk0tAg4Dw70Leo4xOAWlwJ5jFJ5pRXXigknwctAqzHjqRPXtCAbPsl1SYpN0q87J6mCykGkz5SgHYKkDQ9kNr9WHHeJyPJ4dS6q057Nq8ZaKbgZO3cYar6ULJwkB5qaQRXsVbWxuMbisuXDcZNYDXVZQ5vJc/vRSTaXRSEfB4PbmbnO9Eimhc0V9pNlRrlgGzgUk8t3WHBc4vTygMaSpIeMV4A5O0x3hfO0D5IxiLa7RbHpsApHddg3jtVkk+u5xtvx9KCfGo6I6uVO805X0j1ky2YRLeTI7Q6iyjhbEAYu466xSEAYZU4j8vIZv0CzoGcIeNkXNgWNfZqspXuZyYd54Bz71QLpK1tbFPsOGwNvFtxmKdTAqT0CXlCp+SHb1mhyKL8zd3wMbXqN5xpL08yNN89LEmzYI3lpzzNW79BoqMYPoyMnN5jNHp1V5c1rkbtAaM3vuGy5BHIkVLN1YITAioRVbx0E8nIdSaneGYXp9F3TQ3OvN0LXb05z8WBcfLDu51vpyGzaHqcyhRdSIsy6GdJihozNQ8Sftdvt62jFZa5K7soMWKpi73SIkbzUn9PH5RLfbsILEWkayUGbdMGNJUC0QcZq4XrkEqhJuVFkR1tuZp2vKLctd6vKZpaVIba98ZDsXW0nmQHtyjzW2itzUU4CuZMbHZoPi1gJVLHsyxnnuhBGyHCALrQZsdFXlNweZ6LR07qzxdbNQQZ+XzibK4JrXrkdyZk12zBZYa2qFeQAcO31EpxrrWM1aHpciO48u4iFAsK1rC7BJkHaoQ2gfdwLvtcYs0JwLhuQIGt9mxCessoOIRd6J43gnREvOyYCdrhnPfeqOuaNpwFETsQINGj5PMHqHWJNYboAgUgIiG5AaDCX3EFPSIX1Ev7AzHbJghIN5pqmUpcZPb4kOKaDLlEmpcCD0ioAHUC+E042r0KaZ04PsXZxLaC6g6/zOhMggx3BPINait9CRQe7DAEGkH5M2TQsxKuVmOBIyR0/+nKcaQTwfX7WK9D2dafGHWnEm0sLEJHYQNsNgbqA95rGYrFb6QB4PkRJ8yU4UQsB2eAbcdmkFggicddLLESx8yrCdrwP5POMy1RWDHt3c9sNc6yzEj6ieAgv25s2zL1zWiNPtg82IMSssaCb7S7gu5vDSntrk5MdkPe4lqklQDMqzKHm2DbqMkWtUvyS9+l8uC7sGoiJf6bmraQWvBPSZ7HT0j6R+BkIkCVtdHXoFyVASEcsEPjazES76ARlptcyh1wn3o7BAj+rHdB9lCGyHfsYj2WftKJGSoonQs9lc6JGSkwBU51EZ1GZugVUSlUie+ekcLjAzNeRktxsi8oLAvooChBZdRvZdOIxYH5NWRWaIRI2dhHFGvoQ+iHq49UW1rxbNXwizc8VN/CauL4KHS8uQeSFG7cFRnXVLDFuPVO9nTTF55WegPmOatoBza3mkTjfgNVCW9eCImkUj+Xz2gZnbNhn/EkpuqO9gcnVthjPObIsRN/GsjAYrX2rTFkGgr9GgiyMmWFpN3Qv6txNQTtoLV9n18RAIJm5ImcTMoTCStv86pxcAJB6bwal7UjKoNCwQHHchdLZt4LxCjaoXCSofduUVJEFhrpyx0UaljtKME9nrLtuStTSciMOzpDhs0B08OtxEQnNGmpsvuu4FRZJpXmyM9YNYS7RYUnkZuCj7Qo5Oay5lqBbOH/l1hNwm7LXkIXNHR1gR6EG2K0kDgwyvNHOdYhKiiM7lS1K1A5euonVPgQqC93VfIvrCgPtIqTSJZLFsXDWc4tf+atuhKWXVUnfNP3KSWUu9of0tuO3XjV2UjgZrHl6G8RtUeDWGen7jJVy36qNxNnOCaqyhXVqLEuu3Vc3Jzioi5OURn0iYnRrLpyWN6gupNt4P29Ne2cNCIYjCyRm9+egp7qUUdxlcVw7Ij6YkBEzp+qdYnvYLCLRS+u71UTlCjMxo9twNmobudqHJe3bHRBcvMy3gIFIhrn0t9ysIGwFxglziBNdYPvAOZGrcTeWEi+cAO+poU92zUnDsD2cH3JVhaEqe2qzM+Y2X8qrcMdYp2LheEQoc0XLXfK9clKncuq23t7LFbrKtaazuwiVa19jShBcR2P9CprChKu7BhwCdw+7SMfsqG4k1m9afkU11u7oBEQvb4FM2WRMyBx2oq9WdYJ+uFzJ2KTtD9fhsskubEny9Vo1Wd4U6q0/r6CVzhA62ji8JbGcGMJkmRznp4WfKXa5VIBOSU2UJasLHwagy+bpWbFl0AK6hFpf3JGCdLzWGwI5ibxnefZZz+TAgNBkbVF2wfniIdOZSPUuGYgFI0yl+Rwrgrwmh/BUIDADbr0czmPWuZqiD/Mgf17JI2EG7h4W/L+UNGVhs2I8LNPAv8xu5B46y9pqeWHKhL1EgtjLS0n3lQuzKAoKnHqdpAGzilc+GLeAM2fREsLgXlAAYPkFgpStflQhuYqAldJsGdnLveGERCVyGVRPC19oB9PSC2PwloDzV3ztUHxVb5uzUyQGh/DUpA+5tuV6o+fTTI5EFFhLke8s9mak0FcyqfcdfKunhrmFOoDby8j1PbrcenZeIcFfe5iCV9Ltwvc1sKoVz9zkSF1vOOZKhTK/6y6jt61bco+1l5Rsfb66zU47bp3b0HPRirmtnBVJZrYmg1vVfvCbpjoCQ08vbdlQ0Nh3PYpnbW89Av6jAHWctl/MxDUuk+UaiSk0c7S7WWH6mhhP+J7wBFlwkf+F77MN4K9e2cvX49Dzo7DCZLpi1l3PQDPE96NeLsyiytYQG1frcbbvVAMK5lIxNkG0ZzHokygZErJCRhovnAnkqnehfqEkFJiaQxBLhNC93VigpKRWWaxS6KyOlJJqNBEirxmBMj7i075hTzGTKCdqnl6gjYV+wEHJrnOnI6RIwFZGjQAYqdPhNpMMtWIbMleMC2ZV8+1yAf2eVWOEBLskAyOar9se8qPh6FsuoJcaB+UAmMftEqsvMhhZhKhuZHLeZqWadGdSkmah6PYGeTkkY7Zp+gSH+AkQp3NBpYoyIw1F9sMtMpF8oaxRyGbrGggrizLHJmUcXdkyNAykngJ8U2e8vSEx1xIuZA72HS8xmhIsRDfbIp2pJKogRUgt0Sqz1+3rPOOvZ2RWBYat4/NZXUrbmYih6O2chRZUdSoKLIWEFGSo6yDwk0nizDdbdxHnMMOFAbOoFBsJNLCAxHhSQzHmoonKm8mMCi6K3UTiuJfHTKTsFSgi3uoXroNM+w0/HgT01Zf8FoJJd2Rq79yXVST3JktTELWHkTAOJsH7J+nANKRKYgRr+H0VcCIDzmx4Oy6geQ8u5lK6MpRXnnxWKZOpRYw/sKuq37DlUtTwuWSkqQvMXSGk/Eg5V50+JkHnuF0/wkne5u5S88e6IRw7HZONsdALud936Gs6+ShYHqEZChT9lgTlzE58kQUB488Ngb3RbOWSvi3G7LAm5xVgfbvqh9WO3huz3FSgLStYh0auVr8iAUGdGIo/moS2cw6uSh+I4L7awmMLnoV9btgwhZ7vtqxtl1q08pW1xzysvJYvqAOEVdRpC/rrSY0p3VjTuJyP/bxa06PitSAVtnHeIVbNEGy4VTWV97qHndwEkXiGrBh/mq2EBMQZF/rSvFidtiIFVfLtuj/dFIBxm1EP7Fhl104F1lQErcoOfSc6WA2BzYRb0bgxTuXPTSXa9mIN5AsclGnLyiwMcgQ0ltI5QFrKIwJL4Ho15cvegj09yAELPep964trq9nAnGslUy3BMZV5AqUO9L6dq6bv99ck947+BhjQ7V5IIbk+LKU1szldpNOYX2J32NNMVSzYMUuG/uznzRx5ogTSQko7tzCjx6L17sKXkPDSbZ6sbgpBGbe65+2wiMAJXyF2J5jsVqx26zaSr+VarkfJUtze2/eWu6iQNSs7gbw23bqXomuDUI/hzVcLYp2BhY7WN6AlIVIKpBf7fOOhxd/h8TnFbrkyJwk6uzQplvn6DFxgVszzWSHeHDd4eq17wRZLXFrPrnkn1VQMIWdJBOxcSw/zyEkrc1P5CEMjVKeVmccWo6h55Q2icQiq4ZMttQyyg9CDo2lCnmh2lm1SqixvzuEZIR+JLgiWAPNbamCHDSNtqzwnpeCcWOWlxuRu3+3io5ldqNXuIssDmPMIlGAbYnZLsQaSca43txYj3WaXtzNt66Zcr6OYqihqxjoK2tzElItxroG2ckMx6bo+bt3VsTjJENZkN7VepwuVJ8YV4TBBnyPTn6xvwgiq+kQuqvPs6IcS8KQZs9IDRpVPC0uL5aZsVtjejaWyZjpAhj3LHpDwEZGpepgIpfyWn4iYGfViFqjGSNzI9U7zSFc/XpTmBB2+WMLz5UgYSJnhzm6FSpTEHYPBvwwqF2FN0d4unFKuYgYijOa2NqUkhbwfXFb7q7evMTg/JzMnBnLLqV6U7KTmWJMQEbQbJ7mRyKY6l/NhdGQULcPB04zORYNd+Cg+xJPazIBgA9/rdZsP2PJcnLdjUErhxRoQEuW9E7St0fkcb8o1RGWrYSgCyAJL7XrFcxzDOuiBb5U17ecnnz9r42lVBdA3XM1LE8ViZhfOOl210M/S7WmXYavd6COjUkbKxTF5n7/lFWF2p86ZK/MchYBSqHpRy4SyGdMYjioMtHAZe5DejjGHHL1Id0WCEy59zse6zgmOCI3CVQaZWobJ3gwR36lxl5xEQTL3Pep9xZUCR4CF7PnnlAgjowwIbE0w3SHzju4gFmzd4LGzNtWeAHAUaOgKd2yXhDgeJVkOtsvsbORQVwkiHDTJ0xZp06SZh6wo6Wh74HoHhLwMID4+2GJSjLpqLLG1IS5u4aqZVZu2WkzP3OTowmcKgSw6mn26KrDdij9bQi8eY2E5bPtFBNRheYJCgmdof6HcHAmxlciAW7fakpljaMXODsmGCgk3REILrAy2hKQjp2RdbRoLSLSBalhmXC2bJWGc+F2du3FN3frDSTNAR7Xbnb1H7pg+lNQqEYRBO0leMM9qQK98Jt9XYKDQXM3RetXBtkRxHlfwrTbf2OKhZeymXmJJr2dpzaM7ced2V18JHV+fQCBGY6acVqEfC7tBM26sFGYKWyz3Zbe1+IhbzmfBLZVSzg8EXCjircdBIMFGKaIL0luioQPLI0oSZIfQw6l1eF2dyrwy1YISx3x/Q4SJ5MUNYUiAJxR9jbEzAba02AVGe2myJC1W7EjFjgQ94+BsudfYL9GCCAMu0KwHyYLtAQPoSPCEzvSh7ufcXZ+X0g2Pb5sTWLJ6qNXFaHfNarkPzlFFYBMEK/LAmhusYMtYj+IO+/kATaDT5TVrHa5RypzHiMd7y1mgeFpxYXdkdLSyTX+19ovcd7v8Qm2Q2aHQYqtN9DWi8kBVo7VK4LScIyckM1vS10sOeilX/VgOG8TVml1i43Z3SHk5lkbrGET6VQnmzaHrZ1Cy5hMMMjNyOTcWMxRglJCV47fD1o1ERppT0GvLb8MiUKIunxl5tF4xerXZQ+Snh5jeHGiygM4MNiBIurfOZRG71WHW9ntqgRmhXvpRBMb9oLCHSHZyfckhZCdjQXmBBh2rsQqPxPWApLhpuSxYYnNXWNXiELnNOTpIJ48Wg7uCw1eLIRxXepxmBitWTmd4HOhyiCmLC+WvbmIK1LNnJZcIyL0SSGh1yNkWJSJDAjJqkUosGqFG7o2oP902/hoJ7f4q1s5Gcn2IjmUmF6NgvRdm5qpERlyc91KrIl8eHwzACiltUuVRxYRewG/rJXKvbgaLhAvXLWRFV71GiR5ubUDCFogkprJPZP5ws9gI2Z5b2K7Pdq2Q2Nkdtxoq0ldhw+rcVVyx/FXGUWxj2zcxlUldsWd1Kp6R2RYcSUtxLKHaK9HqYgY9mIOw9PZdOY5TNyhYDpaxLL/speOsa7MDFUL3EauhJTNXskMBEhzSQtzre7nWxtlsQ2ekq0otb/ZLN7IdPVopmUuODPJd3PMGyNcq8e1tc2IWysb2d3sxsfREaaYlRD6mwcZIOD/b9bLIkGtoW8HigCLeGYjsKr+GVXPphRYMEOFDF0ARko5qmJMoGhLeLxRwhu8d1YIWWgxHW7IuDXaYpYTKagS1Jison9e+QtIXWeweAUzV6ceI0UrJDHS7hj6lVgo74pYCzT+JpZ5DmVVuPGZWdhbRgbOEUwC9yoxZV13eH8KZKEvhenc1p7IXRPkcDB6lVAYR8S2ofGRJ8yX0WBYcWgcD3XmFoFC5YMqKb9Z70ndOVwNaoNlok+BGycvCiul7IAS2RincbIFtsaq6cpTtIjp2asR2nJGI4l4mbqK/uZgyNI7WZe70R46RueVMmBH5KmmUDK2tOkmGVl9E5yquk6rRfJ686Wzo0nPovGHhmXWaCosz5H3nO3paq4M4YHbajpnAgs1gzciQ8BohPV182wpM2rL0Iyui8OMQMCa95xmyyQ0UICsNPkBxdwNq95AQa43g+m29aErOFRVwBFsduJasZYQGu5AO+x7o4tywUlxVIMFXDsX2R+Tmtudm7JVUoTNCJXs8sg7ANEfoOyvCjoq2ElPdUmcfu0LRCT2Pj54l+f5mK94IVtrMURgpwNQ1QVZSseM22JVKLo3eymuWYEXomZr0OkCmNYsNRTsDM4sKEWMDSXIURfJn86g/dgzLQsmNDCQDAwoiWucatUVuLGlBnrX+3ApomaE0w/MGwqleQSst4FgAtMtCBTVwdupiB6TMWS94HYDCca42hGSFY29u9wg9CmarxTyagtnfsWxlX0209sLslDjbnjTAOEbECuse4i6byU17DT1aR84iQPZ8cjo06oBjeglEVi8j+xrHO6C7oWaJZ3653C1qiTX1/SFLWBSQRtGls7AFu0gY+mV6o2/HG+PnYzgvvbNGOyLZ2Atkn/hZ5PGU0Fo976+WyFCvN6WrnpDro6YD55QRImjKbYzY4uOgN7odQKvW6xRYHVqWN31hzI5xn1+OOBzvck4MBHKJrQQzGe3M7E2nQiGVZNmdxFwkbgMOZkdvA+YLVtwaSoEcgp0TSjVYrKiIVBUJrTseYV58kbVgl4+64gn4SaOYbNmHseYqI9j5QHTFBbtuT9kxKsZG6gNK3rWedV6fWUgtIDg9OKGdCorbSotqLkRiTgrSotHynmk8LqLmTERF58xeA2Pw+SWLxXa18cWuh5Sfm5ti8Gkc6tGrFpQqyRTj5bRhtTgzey4EeFnnKTjv6sVWQvGIDi+3l1kt49VGvjQx9Jd6PZyT+gmKaCTcAN0g32MubPbtnnBN6nKNwKaHvj9U+x2m+/KwWZn4AAETiNRZdziO82ZdqonkJ8gFbtW5Fl/2C9k08DiwuSObzQBuNjPaZoBoDf6VVBKwOSTzSEiQzvWh9z6EFQMRxqzmB00+V8cYH6+NvM+sVTRtLBFKKOPNWKsMnAvNb1lQat6h0qojZMLjhtd346GRvBNa0yT9+HAYyqsKtdBum50gJp4hTBw01axIyJPmEft1pYKFtKzHaqDRHoXTPmQY5MVHF6H0nP1UMq8brL2XvOoq182Vw9Kzbz24lbyy02uxuAY2vkBQz0c7pdSmSkpRUC8lR6DFwJEmD/1Aa+st6bU6wjAcdqPnW7GD7vv+AG043jGKAy2ODNX9bRnqtt66/FHyjrOtBMEWy9v9sjATJ5UIoFEFAsnIHlTLE3WrJQZYG0rT9Zg/HOprs6qWxZqltvQFrfmzhxZMrM2PvcSYe27nnV1tD6Dv0MXk3T44W+vqL1u1ozJWxS31useV3SGzWpVEkK/TIA7QlK2xHFCrvpWh1ax9ncrYscHtJLLDNTetksoe1lwHiG8qtA9KQGIi+kNtVXkBXX8tVePrved+7mtQDGBut/EgbmCyrcwLGCsdq1iTKC32yNk9NowKlFlxqXD/BC64zW64nlfMyxBjWcvNL3uTS3FaSJSj7RVxPFRrcTjoyIuwAKBbUx+2nWrxLNaSqNfcvE6lEx2CjHUrCGtG9o55GfugZIahOZvWUNGk4cjIytSegQyxEBlnQS/ShHYry7pwdBfZvucMe9dr0axfZ4a/Qss2imeNKWZRyxofj2yzs+d2c7A05sZFHrLajJSKG1KQvX2/BkTkQ1itMrRN5detTAKlFlmIR7wVTcyOCyKJhCpD1rEQ88XF8yFgoCjUykzbQQ+ppbSN5KUsHDTLUvMtYMKTuBBYqKoVA8xpRRZpzysjznYP9JZmmXypj4otNAGfCg27DumMyhfhSRFQOHAuw9JXnmDBDKxHe3ECyDWCWmzleI2hIkUw0GwTpVaQ6+vOx/zwBgwUzOQTLVahldehQyRANGiMu2GuJ0t+G3SjVKjbMwK2S8VzndrEQAoEyoDWoNlZS6DbM3xYtqDs7UTkx3lxhI4WCtcta7VJsTu2nuJc4srzKZ6cYjrgcLYKszojgMpXeyme5SM0EgBK5Fw2rme725v9ItzVVH5Mhj3FD0LD0dtdNMuVk8GfFxfob1JzLpcNjaHcWmE2q7lKLj2CuqF9oWakI3y+X4rHw96dg4LHZZHtD7Yp79iZ01ebFbOebUxpQztHhKTyPkPzUpX+ZhY5KCiBX3sUWbyQzHq4tumskNPM+xtY8OeyXnB0W1AczwoBSl/aZWoIhFqgRlMOLtmWpeKzIiCOJSDWXlp8GwG311BMmB8tz7iUIROBtavtan6PdLcd8SjaIybrtYbinZRMZ3IJtIhXesfcSXkbaucuqQWm1yweziRSAgcHViRvwRAJu15sZSvbXiXeE7sNz1FIkUKL1OKcs7m6FoQUsFtwSjT7Bm12Y3JnCnlrUKuJB+OUrC7impa7LI/AtbcUY1P5/tzW61hc9kqtLE+KpmJb3VDjG1HS9ixfr9qdRfGbwFn1UiekvRTsamgCDioBKErAM6/W9EG4rsJexEQqBJvIJdvr9iLMqLmYB6w2A5taFc5zggARpWhtZKnFSSPtcwTi29aiMkGgRILQyt5NsE3ro31nWKIuV3F07FpVV0Gg1k1msism41XvEnHAui3jfnGrBwv5Y4IPEP+L2hZXd02Gwl+8Py59ISQMAIAwctpKmntKsMIg7qI5W0n5bagpngMNiR1GIEz2EbOAFEJrQYdDj8X9XhNO4s13OnBlLFjSW0+bgqFRj2zrcNFnm2MPRkFmoqW0rE7bC5zK3WIW3oY9o8mNIKQV6aEiWJjZBDBT4bhCSuAs6gKPHy5avoFwTznkC0N2eO26wZH10dBewq2hDhq3HWYz9ZRSjkdwjYYgtlGr46AQjILCyJq6aIZlD1h1WBibgRFIc7ikNxlAlZF68Q66A/M8u1SYheqdIUyw1Os1iR1dENMLbkcepX3vbOYq44IpdAp/K6VxI1KBokh0a4/AjpPNy+gVrQcQYfbB7BwTM7pZ6lvvLBKX5rxkDwfhdswdfHQrcFzbzFDgF/S80CyNHJUTmNekgp+c/WnQKVHJD6SZBu7shqv9VWdb1vSgvV5d23iymaXeIlsb7pEudHy3w5esiSy6X62g+85PGtIa6XNo5BcyU9XIuyrNnLZQV+fLSuqqY5kNtVPmlol8q/5mSQMlVtl5dd3qEM9sBm2mKNgwMizVafse2TAtQbu/t4DUGRstzNj8odfYAD4kL1RxoEtvHpnbfjsLm5rMbCrb8qUfS7bR9GIJPaH+aDoWhQExQ/jccQ4BzqzSZd+x+wNIbr4rbdKzOlCE73PMJQ9NlVjjJmnMbLadLDC70FIZavWSyea1zggqdVDDrSgYKsmJkI7In0zVlW1tbluDS7aqPo9OoyDg/XHM47N/PfSzjdyv2cNRHIaBytaXWQug61BIuNMJR4/Bm2LYFAkrKg5nXMiN7MjaYNQbAq02l6G0gw4xvo64SwjonaJvOQsOJ0dI7UBrkQuBg7pLB4bhLEI85F25qRiRZVebrR5u5bh2Gx5wGyjM7cU6lQlGumhJTTqAoLikEcQjOpeSGE5lobA4hze9XlwuJ6rSj+vLAa0WakS2rytdMUrKVFQ62hkXPFQXpyPaF5EdOtZ18O3ILpg52DPUqNLx+XAWL4dFKTF96qq0h6HNKRkZLRqzRE6GuZAvlyUyjShAlDrp/sRrh6S1bxfMb13iinbvwZELzmy5mfsplXbhJZuCS/6qO0DAftmeofk9KFE7hh11MJQlGlOxYyMTDg3qogVzIcF1NJpkcPvU00r7ojuyjbMn8hY3DLaxxMqtj54rUHwr2ymLorq+QfRGetMGfna5LotwQuBzQ1v6yVWFlrlt1xzUsbQ9CIlHMRBZ6NdcUUAeHkWg1SvmINzznQyJXSiRau8M0MwSi3I9KYrs7nrsMqgZOlNCujGXGQpScMb1+3XJe7DXzorpmZgC6w7sUzjNxgqiiEMTe6HIppO2oI4pdDKcK4r/UppfDbk/EsY6woojMYh+A7OoLFRrLaKzG1mrgiraWOGpYeAXcmlLRxHWWmZmPNevVsqaZablnVlRXD9POWOfIrcj3UPGSokLPizuAJbF5mSVL5INZZVzbt/Vxq4y0iWYd7CHYgyxlc2gcJ5xm5bOkSqY9RjyU1ORHkxLFbEVSzMNuyeKs+6jYBN33C/JWTnfsg0VqShae1VaZlXt3BuegdiwNtPmWSi7it1G+0yfVuqVQ9kRC03yKn6+09sx85oty7FbgKLmy3IZz4ZlZFz5YABWLgs7pWHyiLWOOcKg1ClK8S7ZarsZ7gcrxg9uI85oJcfQ8qzy+8Ju0I4SMZyjuAvFWmzMcoqIYFHj6KFjX3IkdfmeMTuuF6wVS3Gcvsg2tS2e99VpxYT+jqo4xDf2mnci3JfMY7tYNoTC8AO9HLYct7eXEbS4fJ0ciJ7MA5kLV12IKJaJRYIVvMfJTdmJ0pJB4z+7KEK20aVt6ZxXDuLBuUZBMWqOXMn5SxSNAdu+rfc0OXQ796hN+7DxAcXgObTL0YCsnqpTMEGz5jroPArx/AZcIiU+EgpaupgDsa2pio3d4RDrXGgIJ+zYe8SKgbpx2y/YfGS58cTqW3Txxm4kR0hZXNQhzsxirC9jEEXUSefvcTAqS8UT6ygg3m9vuhzi5W2ubSqEhrRw6PEhXcV7MmtZ6BR5LaD7jAMretGsYuyCr8+LYVPmOwogXXCeMZf6BLXv6FCzxE1LPIm2h4XBLH2JkNGoQJtbC4pHIYia0lsaYFkceWELhJYSGHRbUNznR99WbB1pFUvZiEBlhWVEJbbVagZxsM54E994HMzgFMRsTgZsEnIQX7SrfL02B5bStpHaV8rcIusYcYhut8AlUsvgl9Sq9Q2vSSLRvK2sCIqTtNkZt2wPcVOLYqslOBqGQ0FP3qFzjyj0jPRXnK5GKSVb3FhJYKahEGd/lvKhb3nlZrEHIbt0UctLo1FzZJhlw2mzINeCRLN81Q7zXiFWN4rYEZ1geHnFd5wYpSXW1cpmXimUfLX04wKATAT727TgeNuPVpyXiXtZhJgUM3JFImDcnZs1N4CZAgH14gitUsZnaDEckEV0d13sOprfhIO2kBnyICyPB6XrsMqXFsJhKsNYsBUBWmAl255W1trHt7Zbn4Q8vYg5I4VV71brdLxJ0QLXYyw0gLec3+a9qLs2gr7g0LunIEkxgbx4kYu7DnXpXEYoTIyUKi5dYlsKV/icOvUbIFySTX8FdOSLQ6+XRrUKc9HQ+j7sPNxInM3R4ENaSxQkOG7a4RK1mg6AJGhlKlf4KwNAIM4VcBtdj0IbYoaIBatMDyXKh8rRMUDsy0oGuSehitjCqmtKtNTyuIzcSNwWvT8tk7JoVyWfGqMYQ9PltcixpHP5rAs9aLRtfyn0dmt4x8vS7Xsn6IoL3v4lO4K/qqwHjVcOzBkwLH5NoeN9dekm1tFcjchb0qm5jnwTAH2xJrL0TLRAiuKHm4owErCg5nvBdvgjdTMAHfphJGyQxppvrGvEr3thRmezfQ0laxHYY2+gtb6cd/qbL9C9MO2SbZ1pLwI0f/i4p8HtZN/YBRmpx6hGa+mctY3AwkVb8NcQswjRpbUtVd6elle+1oHgOQPbL8tIXYSGCeuzp/rmZors6a6lxFvtf5VXmfXyBUVMbLFiYTXHi6aQPM/sRSeaZ+DKx/FRbEHDT+eP8OWSXcl/i33fH2W/XBZbHKALuULQv19y0EZgLoIRrURuoLdm3Vh79rvqxtSBbm3oBSPDsjuNT/HugxRuNJXZCy6eCRvJn+2uO2gnDnoJvXzory4KZavuSHfV7EEsRPq0UqBKBUep0GLRqxy68YAPC2WDeuefDq2qQT9tTSludI7Oe3sN6htVcEucAybNFYF7PGZ8CsTZ1sL2GpSCIB6OvXmVoD/L+/M+PhZHJ5n2zSEjyceDZeW0WkC+/za/QckpNyfZB4Gk4AdqOmYtHedu4bT2SRBeTtu/O1r/4AD+l28ZeT5Z//ytqg++o4Ai3h+zf077M8fspZDlkta0Ez8VoLvAgcX/iEeX24jYT4BEf/n5TyL+E4tN7+9//397X9bsqJFt/Ws6or8HOxgFPCYziHmQhF46mIWQEGIWv/7L1HG5XXWOr31v2+UulyLqyLJQIsjcw9p7J3s9j/L885V+vorPV/anTwjsOQT/xZelX3xBeH7h5w/xX5zt7XPwi6PCt/CM/2kY2v7ZSQJFFT35Q9z+0N/G4ZTH/fAD8WN8jddbE8/9j+kNPRyO2jtBWXkj26AJjqY2BEuzqHWpTGCom4L8fKhhKH5E/QL+EKGjP7UK/plLmn0ndAz5XugY4kf2D2jx1RpXGhj/Cv7F+/ezueEEcQu+56ZKqCVvehn7Ie+gtFTfUIOl/8z0vW+w9HUppWvK24Q24Z145Wr96/E4HKPHB9y0f9zUftaj7z+aO5xhPncb2PvWxj+f9rN54/4ABf5w4j5gl/1N9fhJp5FqdGXyT9QZHHvTOnSZP73FCfb/of95026kUEV8rS6Pt3HwZPG1/ckaUJ+r+xdHfj7juyPvbcLvHvqT4fi//NSvjfmlxfnlbX9pR346lvzszn74fD7jf+IY8+9pRMr16T1N/vwe+xEn/t9HbQev7Tjkv9H06JszOjj3BYs9915xcPZrGpz/gdbxpTffnt5Mbfr305nN53CRwH6kPmiF+HXV5tc7Ib7U5ttTm6z5LVqKb19taPKv1plfb+D40plvT2eu2W/1pPzmdIbAvshMsH+5zrwnbHnpzLerM/1w6+LybxfWfKk3NP6+Y/9X1pv3jDsCIjpCK1s1WYWenv9imp/S/dlcxj9lYVM4DXn3j/fp2WuVZWg43+VQjOLkeSokQO2taobnPdH8P2gRnWscbm+i9jz158vxU2bmz0nWEOTni0NwzLvF+dTd+eusza/TKbxs2rdn034jX/ztGzPqvb78acbs9nCEZLiT4uacXnaYxetu8StFMe6tREX9VJz6d1Xr5xLYW+ULvhKfF87ePnkrbD0//6xMRv/iC+y79XsRlL0Iyl4EZS+CshdB2Yug7JslKPvPEmvE5nOAwH4AqP8sfrIP8cGv56K/u80L3w5Dz38kgyzFfbl5Af8Apf55mxc+lMPvmKDnSzn8Zsh6/jNTSMGg8EuyHuarkvWMG43kf1BJaZyaPpD1x+kQfM+7uVABeOy/g/1bH5jAjwL1ryx537Er/m4k74Odg58Q4V8oed+x8/1uJA/6W/pLf4tjX9XfnufuX/t49fTrpFv7xHUfO/9jcjxEjIe2lf/nKcQXNd6LGu9FjfeixntR472o8V7UeC9qvBc13osa70WN96LGe1Hj/de0DHhR472o8V7UeC9qvBc13osa70WN96LGe1HjvajxXtR4L2q8FzXeixrvRY33osZ7UeO9qPFe1HgvarwXNd6LGu9FjfeixvvHixrvRY33osZ7UeO9qPFe1HgvarwXNd6LGu9FjfeixntR472o8V7UeC9qvBc13osa70WN96LGe1HjvajxXtR43+jYFzXet0yNh1Pk5w/ak+T7ZuB/Fjfeh0/Zf9Rb5I9qYfAHtkf7RGnz87wR7xsUEJ+aFvxy4lj8T5q477g1xuWW1slt+bGNH5dbnH0n3G7Euw4tH2rv126T8eu9/P/2cvip8f3YIjH8HkTwE0PQzwK4+YCz6CsL4Pum+Clqiv/DnCfPdi2ov8pb05Yf+i7/Y2edztmM+mjWWSIhN5s/qCnYlz3BcIx+z2hL4B94nz9t0t93u//VSc+S+Buc9C8dPs7+1VPO/q4ph5jnW5b1Df6+9+IHHE9fd+bf85f+jzP/bQr8Bv+c/hQnPujB9afNe3o6XyZe0dWBuNiCEEqFOX/PfQcRoPghiS9xk+bdd8NejBM/El80IeS+KsL9UAzfR1of2dYXh8SLQ+LFIfHikHhxSLw4JL5TDgmGfIfdP4qa/iQWiQ9990fZqf++9DKJfRFtYuQH8/ZRehkn/yzU8z6t8t2A7/R2bcch/35g97vEMkYTfznsfhEq/p0IFVFAO+T9UDXlb+nVt6dAn7zKv93eV21f/qH6MC/1+Rupz6dSU3priqrc/d0UCGc/VyAce49/vrYCvc+3fzcAKL4k3xH4+UL0PoDeX1v03hccvomo5cMa2YebYv6siftUnvgelfaafU9K+2XE8jPB9V+otvivU7S9MNe3h7kev61Q357mfBmqEJ8SSH+h3hDvrfZHNfRXhe1VYXtV2F4VtleF7VVh+04rbCz+DvcS73HvV62wEb8Oev/2Idfnu7S+D3pslsZ+ZL7YpMV8VY7ij8WQeCeGr11aLwz5wpAvDPnCkC8M+cKQn/w38ylH/nOxmtn8xQjyo0dZ//vKHSz1/tEU4oOp+7rbtIjv+PnLT/u0bm3excPt71/3YOkvBfC/oFhJ/PpOwVfV49urevxyo1aeVf+TWn2D+vN+p+PmvyB2fW11/Dtp0Ke9Wn8/7aHeaQ/3HgB9de359Z2Of3sEhDZq/YaY/X2wzzvpwz+A319d+j7aJvhfGLyQ2JeP1uI493t7GP1pk/fRRrfvRHXRdq3vpGJAUV9WDHAC+y94rvvXNwu+YNe3B7vQdq2/HeSi2HdmmyC/as+lj1Xng2pb/OyF8qkLyrvJ/l9X3i7oAP+zqHya4Swv4vG5vB+X5j4uxH1Wq/uV0lyLKJaFasfb3oxtlfKGWjBafniSwhK+Q39AAwKI4H9FLLeCDfqEVy3B37maAEqtAKe6enZuvMy+fFnhG3tB3+5d/uL3tjKjARfM252wkOCumZqd0msIMjIjjetljEnrHB34i3HlHkd6Gh0eXoMAgB96/E6tUibD6YnndgXiZllwDBek9gikHjX+NRZNmu9adZKIUrONeHs77b0kqFacDMeTN/TJLu7cziemuNlrY7nzlIW6Gb2lGJGMmaip5aITpQtOvGGg8zfyqJtBSlvUijgYEjNjGaha/OFsqlhnr07PZHTiJHYOdOnq/xF/O13H+eqo83lnqCHvG2EkjDPqoMsKw2mMhjJRgD1OHCLILfhTBLjZIUXpQQI8Fa3ZMhSsHvzjVkmCovRs8Ih4xm2IKubxeWPaXHZFHcCXuvLaVOz5w6yO2oDpBUYGTSochEO616WL72KIIiEawTHxSO3JhbGvjykvz5YoVPiF7f2dwXsn3h663GU2iJ6YEF3D1o9uI1V+K3m5FwwO/FgYHGu2p06pM9Qq92wSvMmiXvMRehk5MAnynPu6co3OlTMgvVysAGMDtRy0+u6eFJCnfkEF+bZrdVakWgV97tvXcL2VQkH6wYRn4nSqsZ1ed/6zpb+oPlQ4Q4/uOmxAc5L7Lrz4O02d+F3kO5sgs8gA1FrBt1ot5+wNDqADlraCsNf4iK39dLfRiH2G2g6nPbjReu9QtXfQMFe4Fi4lrmWyux/MeJ3lUMTmVdiqrANUU2+WUjiDkNAml2YFQyhFLiiPqRhzeZR48myLwrBcd1o9uHd71te7XdzzikbEUORsSDvzRvHnEpH2isGyC7lELW2sO+pufd9nvSuS8Jr4nhLI0u5DzLlmEU+Kj/mc5ZvjyaAcXWrug8Ne4apjRm+snBDlmwiL9laSVagJvcgtnWbUF9+6sicyvKzaAfjU7shhbGQb6uSZznaMg/sG27ElFEhxqHjs1Dr3DPEhhMfRnrB2I0nuszX7NqJPfOrpYXO/8IhMk649Wu74fOYuh+OyzBYq9PPEzMZrRevhHbOBfvRQT2SP3o4SXVgTBnY/MZKMXMKf1jBVj3p9vS1SV3mbqlAnot/kWuAg7kOcPNQpUy2LXt+Si7K9FzJqlu3ndkvpuMNxzKZlM9/XhUPIcwsYjs4JteWuhsN5YkrVvnHtOCXBA9elWlfDK45IHKV+MzZRSzDnu0W3mNA/vxBWBqKdEw6SSK1b+sCEe7wodfh98rDUUMvuxKJH/jTrrGNbOsZMLIsmBf6rDpFBASi+BScWUjNxk46xFkRBfeBVgnlA/FhFfN484HrtdmqtFPVDmdQdjegR1C7ax8qka7WXjWhWdScPDkFnoxN785aUOoobFIzt5Zg3+OXaBvGdnQvKcm8cdUgk1HFdvcvcndvKoe+3RseJpHwYMdZt2oFcDx042Mb+kbIPuCZ1nJ03FQILOLP2R/acXKCwT1Vzb7UHXNq7QjwbVNPcIj2PDqk/XaA/fo7dIQLosqsCUrUwxIuWoP7oV6gJ3iR3ek8ezbLLjjdENdguRZJbNO7yarADo3h/GEemBXP1cHVw7y2izonRp+9VE2/MxMg4RD6HKAeV3iOQ8E5MKzRxvDvWI0v4bcvXwBd3mhGBUchaNExjtlk061q1g4fsyyANDepLf3dbYrx6DzVeNnjga8IMWsdTPCZOrqsn2yu2J3yaaMJbfAJ7cLHoGF5LHhzhtXhHFdreIyIqEmah5TuoYotBLJu9x+y3xra+iltbAdq6G/y9z6ThJRgse1PneMUsi6bcXLnUg1yi1cGvSmDdTj1HBL6saz3YuvGib3p/OodJPGlZY//7rpxjPRwcX7ahq9zYRTYL9fK87mA8X5eDWypPYgZCDe+xBy9a1jcDvA1iRTORxDZjZNDsBb6hgRpexH6GXhhZ14Tt8DLJ+Uu9xwawDSQ0w5xylIZTb6l6+fDNiVViSatUOUBkebp1uLgxoqyNzjfO5eJroedUFmiMh5+gphpsZcD1DxyQn5oHfsUHSmgqvL8elULfNnl6Bts6xx5G0rkjq+/37qUpE/aIiJbl4HiRoOfbdK7caw9qy1FMuVMtb8NYggL2KUTe2/0OqwVP37Riu+goauFviE911QWIGthzcSYlsr56unBNzk+OD6odLGuldBVMiABdXhCljiqeK2jQ7tdyjQR10RnEzhef6Uc6cUjAba4AypoWiqfX945JnopXglFn1usk7mhBMSOSm/ICe2q/4V+lDhoHkb5Rgn6O8zE5k6V87ziuTcnmcvdbzR9v1l1n7QI8zGOwLD3fSDZOkgtNbaAJDrve3N4z0Rn5ZN3n9kC1OwexbJxWP9+321q5LCZ3tCqDmZFOC3vEc8Iyq1KzA7wVi6uOWHxxcNo5o3vJi3PJq8DanN8YDOkI5GucHo7bej9hHY7O4T44VlcsbuaG8MjTi3EdOCLtnaMeXu9kcC6dYZtulTSYzqLG+AeQxAET7LBUQBhFptH08iW/RatglAh4uS1bgMG9Pr1l0G6Usxz7l9nbInuF2uSfJmyNw0382BTQAhfuCnhBo+RzeejR4lDRZB35DPr0Hq90lqaZB2/dUHd+9kK2423DGhO6G2qIkvTCKQPmshff60K5F7lWRG3TudJxgJIK3WYXmwmwU8Gb7bNAtveVlPqjWVv+PA2IpNUYhGneX2XxbLYR2M3yQbow+3HGqVLlhYJIymmDrJipYHKC5LMPplOfelwZaOSxKYGtqe7RgBgpLCKZvjgOftgnLZHqOslBn9TipgPQ3CBntQ1C0gFa3uxVxded/WaKVPVx4B5dM2zKJsEODx5O+9S7eWkiaqpMH+9Mq14F8qgMBnQfNuEJVO3MzYYLAggjFHiDAfQZmTl3lDJeNqI504Z/wHbDWQHRXPv7O4JrYXNYyY292TNlbXudByUA3GejAbden1gdup4AorvQrTOhhnCt7Buwz5F1GGPoH09CFA7mBnWs34MceevHE+GpXnlOuCS86gTvr3gzMSlwkxMbBnfNtx48DSByItY3Aj7Bnn1iR2GGAIFIAogJUccIlRQsRk6qbJjzZ2ZzzLeUaDL3opCm0pxxh+CYCYZEpVSA8L+v+f+XY4ukFu92boELpUz8GilZqRMgivjNrELfN12HYKWRbDo2IFJxgL4bAnUBn3WdxbKgMwAII4iSZAdcqa2AfPCDaPeFDeJUPM4Si8g5uxQ78hFQbhuu1FgxmYP947jI2GTnfErxEF6OD32Rw1vRo2B2jvcgwey1pofDMeanh89KJ3tfkRNQTrheag1AKyrI0HIcBs0p0K9SvMNHdLXct24PxDy6UfIoaTXvJ/RNnPRiziV+g/iI5ftgaMu8bQBCOmKNwNd+I7r1JKgbo1c4FDrxbga2+E2bgBGhL6Su716ytZnzUdRJSQ1FGLnsr9RKiQVguqvobzvLsIFGaWrqHv0C3i6wql2q5g/XpqqagDGKCkRWO6QunYcMkO8Fq0E3hOjjWlHsYQxhPKk/Doic1hv4XJJvHbfwuri7CxMvOiANk30wArO767aYjaGlPa66GvHqTMDvXbRiAnrQyako74G31Xe9oEo6xWOV3Lvghi2nkr+q9XRx9/Dj7lCvN8RBthDzmCnCYo7uo7MUBQiIykXOhLU0bf2BsnxyUIBx0Ue+L+854vH2GETfukCBUFnpUN39awAQExeMDNRxIikTkRTwoL4cE+kW2fF6B3s0LhW0eRwaqi5jU/OCdVskzZESrOsNm+57RCoVOHtx8ZcS38Sij98v21QYdogQdJo4D0ulxrq6JRsk8Fuiz5IozMBXNxAqctlxI0GPcP2aQyjgLuXuoAhbRzrGLkIPsEdDnBnkeNNj4BOdlKVuodiUqJ/DYp9pcwI0Foar1QE3VAb6RThLbaqIa+3vZJv3Im9CbItO19AP3bhzUlOJ87l4HPlD2K2TlLwR4BaPRTzUNW4jIjiqZKUqsnsz9w8yQXWusCtMp+HGU/fw47O2vUpFOuciRo/W1h95k5oSesxO8mi5R3tBMBx5ILF8Ow5maioYNXDqy84X8cWCglj63ezXh/N+m4ph0b95TTSutnIrfSw3s3dRqH126MidgBDgTXUADEQyTDs/KquDsBWYV8wnrnSNnWL/SnrrcW0kXrgCPtSSiJyGq45hJ7g+pNcliaaE2nA0ZZdvFC85Mva13vohkShcPXJtdVKv2nOcdugPb+NqQ+NGyz+2Qhe494wShMDX2aiDrjDn+mkA5zg4wUukM3bV9hIbDSPvUYN9vPgxMSsHoFAumREKh13pu91dYRyudAr2tPbn+9Luy5ZtSL7faRbLW0J/iOQOeukSoaO9z9sSy4kJ/FghV/m6RWRVjaMCg5KGtMy9lk9iMJVycVNdBYyAbqDVF4+kIF3u/Z5AQSKiMHdvRqnEJoQmO5tyay4Sz6XBpFrYliATzKSQZBmr46onl+RaIzADHrOSyBnrI8pC+B0Uz6tVKmzAW4QF/zmSrm5dVswWp4ijdvMgTzBY1j2nZZqcbVNBnBVHMiK1ZbZ1TYHrbJA0YLzMi8B6AJy1SR0Ig2dBBYDltwhSjsZFg9NVx6xUlE7qOifTT4hO5EponraRMC6WbdTmEjqAizy+9ym+6w/Dza9zk0N46mkPuXHkZnPmi1JJRZRYK1DsLM5WqtJ3Mu9PE3xrFKZ1gDaAOyFitfEScLvNzUOKvwsxFe+kR8vPPbA7j2ceSqrt9hxzpxKFP07tGh76kTxhY1uQY8R3j831yO0qF0Yuei276k2VFOZgMbjdnZZoGLoLMI2iHZuBgs5+mlE+6/CYEfBfBWjj9NN2I+5whWx2SE2hm6ODvYcZO2K94iciFBQhQPEXfir3gL+HzazcL8vMr4KHKXTH7KaZgW6In1ej2Vp1V+4gNu526+Y0aSZUTEc193F6YjEYk6hP2r1aQRYv2QikNwfQvjxZ/m4yBLFEAsPbvQ0aShrVrVfAYHWl1EKniQRFzQiU8SlfzAN7zZhcvVJy0UIfC+OAs1reZX8ipFTAPBPxlW9Jg04OpWRqHTuQlWq2mN3JB2cL4x5vMBOCdcjYTOXdOEN5NH3jwMW0o3NQD4B1OThY3ypgZRGiepD57VA2Wj7dSEnaJGIwm2R7ztdyP8w5DvETIK63mipUdUOaqhIlB+Qi+VrdoZTNITARVhYVjs2bLL2zTWKayDzF+L4veXdPYoEttGQFThMvMboab8WgRIT0jpprgoQ4pWVaY06Ge5dL/n5DblVg2D673TRHOmxEDGVvZRZ6UM3vKOAIOSko0NZB4KeQxI0fDsE2q+AXWgZs0kYcJDDAARITSgPFWNshbR4Ws6q4KE7PKc5mZS1FyvVAnfL2vA0QIzb/wC9nAfW54A8QTAYr04e3uelSZbZYmnIQGbKwLhbiHJLOzEBqJEawZjR3MScy4MYmj8sWuve4tRzpzlBhc41Ytcmfv4jxZ9br5j3bOKKOy5JZFAGwjrVQ8Cvl3w36kseTH0zzChf5UAWOHq39QPhuseZ7c2vUynyaWAKdK3Yu0A3FqvHI42bj5pHIgpiJZFNgHzTbBWTkihm77Ei5A2zkdvPiHemTuaksFfqymvVpFGrNHgkI6spQ/MUi9KN/DjT6TMRvlRUe2/IsvOaBTQoY+R6a3g2o7ajcWXetki4c+Zo6Q1hFXQ9gvl+1jDLMHY0r1TrL3Y5e1XAEhXDIqgmJaolgw6PrqWo2Quwa5GiKN8iL8deNJ+QgK7kkkuTaux5ECprkx/10fagA4/arEbuZxu78DuyoFHqVI4YMqLfELpMcRPPB+F0kW2p6mMUePInDLVdRN0lcIaDhSLcYWamQiG2Bm7WCb2YbXulZiVkYUZ/GSNzZAyLj3KmlZgu+pco51DowR26lWVE03/MqvER7YMKweysl5O7sSDtmf22l61q1WbCcaKart+xa5st8i6pBRpEogayQOso2Zs5Yuju2fAMnXnrIufdQCcp89DPvJnUKrriHxJ1gykftHXdjqtybndKvkq0Gc3ia7WDbIW/WTAJ5H6bdLKX3AaEeM5S9LbErwdZA9Q3oSYiCAkXr3h489PhHPLsV2KNSZZKgy3YosDIyNk8ydSyMWCHbX/Z4cUfM5WKDS7vNvZqknsog5GyImJX14iynftFZ+w7R+FEI1elNGbL1Kuph8xAQ8xaiJT5QTlyehScpHZSJ4Wi7FqUpyv6W3BDykeiaYAkgPwoTO+8Z6dBVFSnFt9xu2h5TptN0zC5W2VLesVWUBcg8AiXYntg8CmxAxK/G8BgxMhiO1bjRD0HBzU+WZ1HUzV0aj5WFqa1564HuBYmYT9OcjYF3qa8KhDXlQ+t3xVbjidUjfCaeK+T6891DWEHXX8ltd9tcokQCobRhPCNmNOW6tfVMGZrBw05BJjU9MwEymVn2jJSPSC0txESo5Y/qSmTMatSbWDNX4kHujnpIBsalVYcrDPgyCa+clTCRMcP9o4dGNMQbBoOvDBqXYkM9PlpObbyMgQhjeOwsKS+g7Metd7qHpx5DpH5WRSzkgdPCND9Kw6UnISIY937+IJFP9dvbefUVlC3DwU8rKosmu41Qfogn9Y0JwQZ+MvqxWjDnVt8Oa9xISWsjPmGKD6/Qt6a3W7ZvdhCVectSx1AEHP1+xyscwyYYgR/UHR1V14i/6evV62IYG3pyY6FczKbl7OtdT6KyOFyPJeYd1wg5lSZVW9/iI/5RdYQ1XSdfVuUKpYAKaHrRLxPqfi0yeFdJrCdOFsL59k0ZSvS2ONY5TgT0rVr7viI4IjHrQF0Uyknyk5UgudOyKb+KgmSdZnT1HdcIHAG2ShjdCiJJzSYmsB3BTOcyvASLWLP9gGf+ztJmAsC7QLeucpfRIcT1IilKfHDKm1lBWyWI8KZJnrZJlyatKmFFyUDPc+yOQKiaGOLjsyvm9WpopoPtTHH7SLxh0+3Hbvs8FuSXAB5TCeTR0erTXY0dPf5mC7N4yQRnOczbFGiLc4VKgpfogRBluBDiKJExtxt1h5ERyyy0D+RAJUSQIKUFdgl/CWlHRSmGNgw2kGgTncEpuV6xGsK88se+CrKeesznq26CiRoPRxdR/S7G0lBeLgiLfpXCWC57QHsRU506sFBorWRUrzq7tijKWQff6vLeFc8j4w69g+WzURY9j54kkd2pvxMGvruCWEzXUr16SZQJx0U3H6yUlCpbO6dmOth8yjnyJn4UUsFFsYALdXYIOQgk2LRA84LslmgawA6JhgTlOQlxapfcvWtTdZZWU+JanRANqZIq2wfCkADPKfqeYTcCHGhxis2xHcq8qD12pTJfgpFxfLODexY1qCDCgBa69TjfsjNgAJ0KoTBZEbT9XHCcq0Z64NljfwUOayR6X6/uNHjOKb6lHYE9IVhdxbZssoKrYDPKO5xkRLnsT1XP2ud7WjC3NeXx2fa3KJ9Wt+yRTC92uZ/v9mlbRcFUtdQeuR0KFVtdYu7RLC9Ut9peDpfllvoJWbqSsXM4GKXcjUuz7JFU626DrYfjueCVTFrtS5wadzWWh/M0b6BmyU8YZJWkI5vbDUowSsjL8YflEKQiI8kUjNqqx7KN1XSqNmaV7jzG6PYniPyMBDOGM03WMJjBFgRJT/atqbOgO2/G+URtMTMxmihNwXpaVPacKn5lOBxCdgoWNy106FiPdXgq7hakxcPIlbGDyYHg9eKSBsMtPUvXkBbjNwOHe9slWT0jK0qTFTt/MkMOTBXElHVLRd5DLIB2C+28TYEyq7GEqkP+oW7QNOSgpLaF9OQw18mTmc7Xxz7aIaU93cXe30tBBNGxwlRiGu9OwsbyGuTERXmWRg3F8vhiAlYoaItqLhomzAL+2DkovHqYLFIu3LCRF/VmnRJD3N6DnK3RlFjqKVf488NmU+R7Hsm4u7m9SmK3YD3oaMjcJQNrcHfRY/m7gqPcxmEeMqqUpvrEGlS2IcsDuJC26ttCd1JTr7XiGcggacLT1Kzr8zIoOA6Ose2omaXLZhrLM5XA8BHroSezPMWnAAnORS2ejJPS6+tms6dLMtCkkbdmJ0hd30g9tQzIlUGxS3DbA+Xe5ZF7GK7MVt270fEk5raRq8OzhMhnNNibOReVx1kRGXIHfSvYnlHGuwSp21X3pBvaWRjBAhE+DAFUIZ+ogbmKoinh81YFN/je12zoocVkdSW7HbDzpiA0VieoHdlB/bzPHdK+1GZPCGBq/rymjN5IVmy4PYwp9UY4Eo8C6NFVbIwK6qz64DGrc8uUjn0HLgGMKktm103VfE42oiIlu+Pdeo5t0cxXYAkptTOJlB9BFyFPWjkwYtlyqA4GppuHoFCzZZqOH3YnMvKvdxN6oM3qkuBBKU5tZ/RbIgT+GqVymy12wLruzlFugOZx0lJ24sxcFE8K8RCjfWsp0DnarezPF45ROGcjbIjKywe1RLVVPy9R9UX07+Iu7wY94smHwSYBLcPgDUturD90WFai6Ls60s9aHcQBm+thLQUW7Bd7QyZEOAjFtY1cO7Zo2zYurPhGDM5Y9IlnyKEyUYKsMfkY5d1NaN0TQux1gpsP/XZouEBUwQUcDBDYil4SOryEYjnNwBBl0y5wTYUT7vkUO19QmDvehnVWC5UuCY2c8dQ+A8taYeysCkcqPUhM9yj8UxYI9STMPL6GthRF+4P4IFhpL6M0UoxpO4LspPrI7bE7lbeDMSo7lmBFGJla9A7Rx6plZqr6DVhlWosYG0uSr6pStJHT+TIxLAs1NzWRDiwoiWjfevRb5N6WtuRNn2+jgMoMjZXc9hBOzervISSGkKz23f3jLUOPktlaLafl7yIz/r+P7dy7hWovzFHNysNVB4xvpqywmyHucpnKcncwovWVMgXkzOfX86AtOGY0QGSNJnXvWXYERpDotnjjHee47SXWMk7nMmdRQhpll27CARxTYZmd4kE/Lg8mqtZEbsKbTvsiObhb5J/4TRrylDDaMx95DnLUu30TaFcU+mjFwvlNiia04PZmZvNZPJvTEaCq9a4A9oTK8lYkrOUlm6v2gsP7dWRiIVBIbOeYxeg35mT5HUqp5M50FSuReCw42FzCPZC3rIgIrlFAcPQTqQdbj0pJTZVQ3fECv4tvyxEcq9VQQwG/6hRTOnOS6YG6gmMExEDcsrvxWl7Seh2kOaYUxE5/291YOFtvhMFop4IajNK2k4VUrEhB2g56NTNDyKWUzKRUeivdHTCXiHdYLHO7fSROM5x52drXS0Tj0I7e9bjRSKZe2+ue1bPSmrkE4E1fFeB27LcHCeUjJrw5tJtewbu90g4ZjJdmI5FJ4wpVNBUegB5Q7CEL+9N4IgKLau8p2M8w9odmf8KMSFn2noUvEDCBVNtM58sqD7tGy6UoRyHwqMl61p62imXiWexyF7bcANwaNrTLANFeojup5mB/zuVUyJHNjWD0viQdAxHGpucXXbl1lwxf74NyKm0vfW4sERqo48PaawxcCz0aWdDo4bnTuwsUwsueN47reZDCK6ppklF2Pi/NXYNW6HgorxATbxAmjoduU+fkVQ+J067TwFZy+rVbaLRH4XpKGAZF8WkrNKF/eo6s+gEb30beDY2bZPXshO5jBo+GV49GL9b32MW3COpFaKeUNnR5Iwpa23AEKgauNHmeF1rfHchwNBCG4bAHLR/ECYbvpzP04fjEqD70OAo09w8nMVxjDPiLFF42BwmCLZZ3Z6e2cr+QCKBTNQLJyB90zpV69BID7D2lG0bGn8/9ffA6p96x1IFuUc2fPY/gKdr8OkuMdeKO4S3QTwDGDlNGvvkH/2DfI2fUJqpkNdzW7idcPZ5Le9RIBPkmHeIAXT2YzoJ+NbJLVM069YWCXQbczVM32XHPKqkSYsN9gfimQ/ugBKQmYrT0dlfVMPTXCy27v115VEU6VAP47WAIIW5gyoPCCxgrXbpMlyg9C8nNW24YDWjKuu3w6Apa3GX33MyrVrtkWDlycnuyuAKnhVy9uGGdZUu3E5ezgaIIGwB6tIzlMGk2z2Ijia6ak/tCutIJKNmgg7BmZd8wL+Oe1dI0dX8/mhpaNET3DhTqxECB2IqMv6W3RU4HnW23HD2lbhT6yykIR7Tq940Zeahso4b2WmA25fT4emGHoyu7w9nWmQeXhshrM1Ih7klBCU/zDhBpBGG1xtAuVd0PCgnUXmQhHgk9mthctkSeCl2JvGMtVts2jCBgoCj0Kxv9CCOkkdL3Uliw8KZZlpIPgEmu4lZgoalWTSDTqiLSYdiknBuc6QPNMpVjrKorDDFfCAO7S+iSqrbJVRVQOlBW4Og7T7BgA3aru70CFBpBK+b54WBqyBAsNDukhR1Xxm6KsCh5ABMlM/lczzTo5Q0YEAkQDZrrcZGN3OEP8bRKtXa4IWDrqGHg9xYGCiBQJvQGw9F2gOFu8MUZQTO7ucivcn2BgRZK1zm9NhTYG7Z+5rlEL4wonnzmdMD5ZtdWd0MAle9OUrapVugkANRIWTHvN3c6WfM2OfZUdcmXE8UvwsDRh2O6qdSryd+2LYw3KZmrFFNnqKBXmb0na6QTEtQD7Qu1UgPh85MjXs6nQAY1jysiO59dSzmyG3/u9h6z2+wtaU/7F4SkqrlE69I10X6T+igpgd9nlFlsSWa33MdiUytFGf4XePBPY8P4EoygvtxUAjSRdCy1BAi9QK2WErflgaWymyogiSUg1nZsfkxBMOsoJ8yvdmi2TcKkYBfox54/IdvtpjzK9oj5bqejfCel0KXSAD3l1dm3jlI1JvptynuBmXWbhyuJjMDZhydSDmBJheMsjopdHu4SH4rTnucoZEihRxpxzt/fAxtCCnhZcEl09wF99mBxNwpFa9CqiWfzmnutuKOVqaxScJ9t1dx3USS7Rp+Jzqz2qnNVdQ07GKaWPYiGdjfVzhuPNsXvY9+bpUkoZik+9tAFnDUCUJSAl2GvG4tw95JZxEQqAfs0IMf7oRU2lCxWMatvwL7XhJtMECClVH1Mba2+6qR7S0H2ONhUKQiUSBB6Mwc5th8jtO8MyzXHy9LLNGqGBmKtH0qL9ZiS18I25YD9cLJ5++gXG8VjQgSQ/Iv6AdeOQ4nSX3y0OpGQECYAQFg53ZPkUI09DOIumnPVgj8kuhr60JG4SQqS/JQyWzhDqBZ0Ps9YNp904So+In8Cd8aGI8Pdc1MwdOqpa59bY7O/zGAVFCZ1JKe7Hlq4lMftJnksJ0ZXBkEoOjJEQ7CkdAlgFcLFQ0bgJhoCj59bvdpDuKeeq62p+Lx+3+PI++hoL+HB1BadOyybjXYtKD8kuEFHENvstXVRCUZFaWRd2w6LMwNWW7bmfmEE0lra4qEAaDKKMDvCcECuyrbDbHTeDcIEjtHvSOwSgIzeckfyIp1mfy9rTACeqVP416lDkJIqVEVi2oUEdnn6vJL2aCOGCHOON7eM2NCDYxzCm0i0w81hz2fhcal8fA06cNm5zFLjLTpe67ZOruoVyD2p4lf/dF0MSlSrM2kVcbB54Np8N9iRtULor737mD19ZmOMyNcmJ2QL/SiYcIe1kEePOg+G7/zTQtorfUvMqiVLTUvDuzrItI0uVXY6aeouTbn0flPZFoqt5octLZTYlTfvfjAgntkv+kZVsWVlWGrSTzPyYXqOdn8fAGkwLirMuPx51tkYHiRbqj7TTSin1mE+bJKhJ0uXKg98E2WSaw6z2MBIaL5Yvk1hQCwRPvf9c4wzXuHME3s6g/wRBdK+uGkLRUQRx7RVYmnEDrdIc+Oy49MDs1u9UKBVb5hS7g1G0KizlhxEwdRIToTziOLJQvNce/84mFx+0Aw5va6CgM+Xtcpu0f08b/bKvGPPF3FZFqrctZsRwNChlnB/Ei4hgw/1sq9zVlR9zmzJveIr+mL2ewJVm5tEOsKAGN+lXJsA+qgaB86Gt1MhpHam9TSAwEE7FgvDcDYhnqup2XeMyLLe/mAkByXrg4EH3B4q89ja1ybHyACV1KQziOu2SCEeMbiCxHCqTITtLXkY/bZtr1RnXHbtGVULdaI89Z2hmg1lqRqdHs0WT7Tt9YL2RZTniQ18/LCyW0YGJ4ZaNTq7nW9ie942EjMXgUaHGNqcUpLpdrAaFGRYW6VtHeQaUYKo8IvTldfP+eg+WiwaA+KOdu/BOxf8jbOXo4IqpqQtn8mlyJvOELC3hxt0v2c1Hddkos6m6qB7qo9sasFbg7Zoy7QkuK/mkC/BXIR647aGr7g4eyUf2cBge1vsgv4SBgLFj4pbsCirG5nEbBYPfeE37d2pkycCl03difK7Bj3zOO44aGNpdxHykGIgsjDulaqCKrmIQO895iy8fe9qSuxWTTX3aIJhk9tUEEpp6k73y1RCyzBZErKNlcJQcAY33HzaNXwIr9r3mJnJKLCbwKmAy2x6EEWchyxMRLZ4WgvqUsAgw7+j/C+lR91SRSth7lKsvhCLGA3wKxoLzdqI5jlIba+m6jFTeWpZ+K3SuNJFhGdtSiuTjbtdsFZT6tVkdRQ3ywVnngoUdhQnKFgF0eLL9g3AsphMdtU231N2I3OnqTePnVk4QJ7gFYoZxFYug9J55uNZOkemYDNjKE4tRHqxbE3EPJZmBvZE1DcjQskm7nJyyE0jH9iBSjWUrb2rI+N1x+CBlyAz7f1z8yzUXdUd01NpPCv16rmZiK0uhR0vH41xLcPhwHLsAaCsudM42WZxUvPOxwuwK0U4qgNTpax9qRAGpa5pgU/5QT9u8Cj2mCh+rDijNxxDK5summt3QDtKxERGeReKtdmM5VQRwaLBNxLfbSukddWJsSZuFmyPpTjO2Jb73hVvp+7qMUl0pDoOyY274/0UjyTrMm6dgVAZfqGd5cBxJ9dJocfl+/xMzGQVK1ziTQmasVKsc6zmQ04ZmkmUHAbd/y1AGbK9IR0a/+b5SAZlnYJqNFy4hosclI0Bh3nsTzS5TMfgoj/3YeMLysFzaJejCUW90J7JBN2WDTCFFJL5PWhTNbsQKipdyEAce6pjs2A5ZwaXmMIVu8wh4THQNh7mLVutLLdeWeOAOqUdV3KFM4uLBsSZZYbNTQbSlLoa/FsejCoL8cr6KshOh4ehJHjzkPV9h9CQniwzvhRediLLkYVBUTgCei454NHbwcuwFt/dtsu+qY4UQLbgtmHa/gqt7+pTmzwoGjxPD+etyTiRRCjorsBY2VuKRymInjJGGmBllobJCISREhjU3jGbq0vkqq6BrIqt7kWgsYKTUrlrj7pJnO0bPmQPHgcbuAQZW5ExmyccxBejV+121sJS+iHV5k6VbbLPkIQY7ggCorBN3qG8MTLDIU9F6+HZKVQnaX80H+UJ4qYR5VYbcDFNn4KRvE9XIVEbJRl5nKGlBaXY3NpJYKOjFOd8k6plHnn1YbNnoWyndOSl1ew5MinL5brfkjtBolm+Gxd5VgnvQRFHYhLMsOr4iRPTosGmXt3LnUopd9u4bAEoRXB6PAuOj9NqZ1WTB+02waSMUToSAePpNuy4BWxUCKi3F+iVSr5ExXBA1ulb6OL2qfwQzvpWYciz4FzO6jRhXSRthfNzDGPDXxGgB1bLw9WzdxF+cIP+KlRFK1aMlHRz0O2K9SGlW9zIsMQEoSM/5Fk0AhdBX3Ceg2ucF5hAtmEa4IFPtVPACLWFkVLHFQ52oHCVr6jrvAdCm+/nO6DTSFxmozE7L6lEU5/nZApxM/f3F5NPaD1XkeIExYRLlPd8ACRHlalK5e8MALEoq+CxBiGFNsQsKQu80kgkKoLG0TdBFilqCaUnp+rMxrp7QYyUc3HSIBUP9Rw9y6Qs2lXJF+YqZtB1hSMKLOlKuRnCDAb9MLe1MR7M8NI6wTz78VS3+PiX7Aj+XWND6LwqYG2AafM7Cj3e1zdBbl8sb0XRkkHJBopNAIzFhtQ2StEGBcof7jvCzMGWkk+C6/MX6mECOomSVNgjiyXv7XvK72ZhQ5ebUw81axu762yiWl/F+/MjEuhZeO6SHf3nXgTo/vD1RIPH1X2wWzLVLmmPaumcfUjBNkBb8HcQswhpO7q2phyuzp3vDSCE/sLOTpNq28S04Pnc5/lkq0D+9DhS4qOPfldUWc5KizImrtix8DSXVldJnmdOop/KJbjzWXYRRzDwz+ePcMdhPeW/Yt/3a+yvj8W2ZxhCegj6zw4HfQQWIBgxSuQeRmv2g3U3/6tzY9pCjy6MgpFjOV7Xn/LdZynZ6xpzEgK8FPZStDnej9BPnI0GRvkwXt3W6kE7koE3nEAmpMazUqBJNUdp0GPRXgXDeMAntbpHVxddz6OmwzhtR6lBektvJ3cH+gdVcw7OAYvm6ji4XEq+AOLmYGMnHWpBnC2X2bpLMJ7lI3nOLvXFz5/75pCT5LPFtitaq6Hc/zF/ccOpDz8/xbGk4mfq+Zi1dJGD2h/dqyD8MQ/cM9i7LjPkB8xCFPH+YftPn/3xD9t/G/0xmU9tYn5uVMD9Xjow/M+aue+4OeblltbJbfmxjR+opd93wgzGcO/1F3+vv1+9X8Z3zKb9qR3e2CI5/C5k8AtKSZL66zm2yPc9Jl8cWy9+hH+8+BFe/AgvfoQXP8KLH+FnfgTiPccW+z6Q+ZoMCeR31CfzT+0R+Kk/IPbPf0B8CONOiE148HyVnp9gP70n3t4wz9e398LzlX6+is9X9jmE+HQq+Cp/Gij+NBAubHz9qS3h//vbI1+c+jwFQLPvgS9BsX8O7LVGF+y19pQ417YySEMrjfaH/5iROf4n9m+h+ujdj8yr1+f/TY9/a2Jx+gMN7vL+NnZp/sM1bmDE8Fuse9+eCnHMZyq0wT9olMv+SZHj7liXB2UvkuBf90j9161m/zX/5yr08UL/b7TmfxbLj2SQxH4hg2/H3q4SHWxu3RWpxS8Pzz9NJTpOvV3n8+AlH4a8+wHealo15YfjkTr/EL/Fv+hwCpcapTl+ebiCYtf8dPpfXtrz4NBBnSrgST+dHj0P/tMX5luXff7r2O/Rrn8+zexPc01Q/25TTNC/mPms6ttL/NOsV82l+sUPF5dbPPzygt65d+jhAPmZ10SvxOduEh4VPjnFty+8OV3+F54VfHKWv0+Jn+bzN7X3D9DFDUN+posfeDPyUxPpzyoB/3tVRPtgb2h6fz6mwDs6mbcsR9/4/w== ================================================ FILE: auth_and_access/org_iac_iam/module_keycloak/federation.tf ================================================ # ======================= # YC Federation Resources # ======================= resource "yandex_organizationmanager_saml_federation" federation { name = "keycloak" description = "Keycloak Federation" organization_id = var.org_id issuer = "https://${var.kc_fqdn}:${var.kc_port}/realms/${var.kc_realm}" sso_url = "https://${var.kc_fqdn}:${var.kc_port}/realms/${var.kc_realm}/protocol/saml" sso_binding = "POST" auto_create_account_on_login = true security_settings { encrypted_assertions = true } } resource "null_resource" "federation_cert" { provisioner "local-exec" { command = <<-CMD echo -----BEGIN CERTIFICATE-----\\n$(curl -s https://${var.kc_fqdn}:${var.kc_port}/realms/${var.kc_realm}/protocol/saml/descriptor | awk '{split($0,lst,"X509Certificate>"); print substr(lst[2],1,length(lst[2])-5)}')\\n-----END CERTIFICATE----- | tee kc-cert.pem yc organization-manager federation saml certificate create \ --name=kc-cert \ --federation-id=${yandex_organizationmanager_saml_federation.federation.id} \ --certificate-file=kc-cert.pem rm -f kc-cert.pem CMD } depends_on = [ yandex_compute_instance.vm_instance ] } output "federation_link" { value = "https://console.cloud.yandex.ru/federations/${yandex_organizationmanager_saml_federation.federation.id}" } output "keycloak_links" { value = "https://${var.kc_fqdn}:8443" } output "federation_id" { value = yandex_organizationmanager_saml_federation.federation.id } ================================================ FILE: auth_and_access/org_iac_iam/module_keycloak/kc-le-cert.sh ================================================ #!/bin/bash # Local constants DNS_CH_TYPE="CNAME" # Getting input data from variables.tf DNS_FOLDER_ID=$(grep -A3 folder_id variables.tf | grep default | awk -F "\"" '{print $2}') KC_FQDN=$(grep -A3 kc_fqdn variables.tf | grep default | awk -F "\"" '{print $2}') KC_HOST=$(echo $KC_FQDN | awk -F "." '{print $1}') DNS_ZONE_NAME=$(grep -A3 dns_zone_name variables.tf | grep default | awk -F "\"" '{print $2}') LE_CERT_NAME=$(grep -A3 le_cert_name variables.tf | grep default | awk -F "\"" '{print $2}') LE_CERT_DESCR=$(grep -A3 le_cert_descr variables.tf | grep default | awk -F "\"" '{print $2}') LE_CERT_PUB_KEY_FN=$(grep -A3 le_cert_pub_key variables.tf | grep default | awk -F "\"" '{print $2}') LE_CERT_PRIV_KEY_FN=$(grep -A3 le_cert_priv_key variables.tf | grep default | awk -F "\"" '{print $2}') # Ensure certificate name is not already exists at Certificate Manager yc cm certificate get --name=$LE_CERT_NAME > /dev/null 2>&1 if [ $? == 0 ] then echo -e "$LE_CERT_NAME name is already exists at Certificate Manager!\n"; exit 1; fi echo -e " Request Let's Encrypt certificate for domain: $KC_FQDN\n" yc cm certificate request --name=$LE_CERT_NAME --description="$LE_CERT_DESCR" --domains=$KC_FQDN --challenge=dns if [ $? != 0 ] then exit 1; fi sleep 10 # Taking an DNS Challenge from certificate for domain ownership validation. # DNS Challenge validation can be TXT or CNAME type. DNS_CHALLENGE=$(yc cm certificate get --full --name=$LE_CERT_NAME --format=json | jq -r '.challenges[].dns_challenge | select(.type | contains('\"$DNS_CH_TYPE\"')).value') echo "Create DNS Challenge record at Cloud DNS" yc dns zone add-records --folder-id=$DNS_FOLDER_ID --name=$DNS_ZONE_NAME --record="_acme-challenge.$KC_HOST 200 $DNS_CH_TYPE $DNS_CHALLENGE" # Waiting for DNS Challenge validation process completed successfully status=None while [ $status != 'ISSUED' ] do status=$(yc cm certificate get --full --name=$LE_CERT_NAME --format=json | jq -r .status) echo $(date +'%H:%M:%S') $status sleep 60 done echo "Remove DNS Challenge record from Cloud DNS" yc dns zone delete-records --folder-id=$DNS_FOLDER_ID --name=$DNS_ZONE_NAME --record="_acme-challenge.$KC_HOST 200 $DNS_CH_TYPE $DNS_CHALLENGE" echo "Download Let's encrypt certificates from Certificate Manager" yc cm certificate content --name=$LE_CERT_NAME --chain=$LE_CERT_PUB_KEY_FN --key=$LE_CERT_PRIV_KEY_FN > /dev/null ================================================ FILE: auth_and_access/org_iac_iam/module_keycloak/kc-setup.sh ================================================ # Get KC data source kc-data.sh # Change Timezone timedatectl set-timezone Europe/Moscow # timedatectl | tee kctest.txt # Install Packages apt-get update && apt-get install -y unzip openjdk-17-jre apt-get update && apt-get install -y unzip openjdk-17-jre # Map KC_FQDN to the localhost for the simplify KC provisioning echo "127.0.0.1 $KC_FQDN" >> /etc/hosts # Move LE certificates onto the place mkdir -p $KC_CERT_PATH mv *.pem $KC_CERT_PATH # Get Keycloak distro and put files to the right place curl -sLO https://github.com/keycloak/keycloak/releases/download/$KC_VER/keycloak-$KC_VER.zip unzip -q keycloak-$KC_VER.zip rm -f keycloak-$KC_VER/bin/*.bat mkdir -p /opt/keycloak cp -R keycloak-$KC_VER/* /opt/keycloak rm -rf keycloak-$KC_VER/ keycloak-$KC_VER.zip # Import configuration from realm config file export PATH=$PATH:/opt/keycloak/bin kc.sh build kc.sh import --file=realm.json # Prepare systemd things groupadd keycloak useradd -r -g keycloak -d /opt/keycloak -s /sbin/nologin keycloak chown -R keycloak:keycloak /opt/keycloak chmod o+x /opt/keycloak/bin/ cat < /lib/systemd/system/keycloak.service [Unit] Description=Keycloak Service After=network.target [Service] User=keycloak Group=keycloak PIDFile=/var/run/keycloak/keycloak.pid WorkingDirectory=/opt/keycloak Environment="KEYCLOAK_ADMIN=$KC_ADM_USER" Environment="KEYCLOAK_ADMIN_PASSWORD=$KC_ADM_PASS" ExecStart=/opt/keycloak/bin/kc.sh start \\ --db-url-database=$PG_DB_NAME \\ --db-url-host=$PG_DB_HOST \\ --db-username=$PG_DB_USER \\ --db-password=$PG_DB_PASS \\ --hostname=$KC_FQDN \\ --hostname-strict=true \\ --http-enabled=false \\ --https-protocols=TLSv1.3,TLSv1.2 \\ --https-port=$KC_PORT \\ --https-certificate-file=$KC_CERT_PATH/$KC_CERT_PUB \\ --https-certificate-key-file=$KC_CERT_PATH/$KC_CERT_PRIV \\ --log-level=INFO [Install] WantedBy=multi-user.target EOF # Start Keycloak via systemd systemctl daemon-reload sleep 3 systemctl start keycloak systemctl enable keycloak # Remove KC admin credentials from the systemd unit after the first start sed -i '/KEYCLOAK_ADMIN/d' /lib/systemd/system/keycloak.service systemctl daemon-reload sleep 3 # Waiting until KC has been started while :; do curl -sf "https://$KC_FQDN:$KC_PORT" -o /dev/null && break sleep 10 done # Create KC Users kcadm.sh config credentials --server https://$KC_FQDN:$KC_PORT --realm master --user $KC_ADM_USER --password $KC_ADM_PASS while read line; do user=$(echo $line | cut -f1 -d:) pass=$(echo $line | cut -f2 -d:) kcadm.sh create users -r $KC_REALM -s username="$user" -s enabled=true kcadm.sh set-password -r $KC_REALM --username "$user" -p "$pass" #sleep 2 done < $KC_USERS_FN ================================================ FILE: auth_and_access/org_iac_iam/module_keycloak/kc-users-gen.sh ================================================ #!/bin/bash # Generate list of KC users with passwords # one line per user account: # user001:pass1 # user002:pass2 # ... # Getting input data from variables.tf KC_USER_CNT=$(grep -A3 kc_user_count variables.tf | grep default | awk -F "\"" '{print $2}') KC_USER_PFX=$(grep -A3 kc_user_prefix variables.tf | grep default | awk -F "\"" '{print $2}') KC_USER_FN=$(grep -A3 kc_user_file variables.tf | grep default | awk -F "\"" '{print $2}') rm -f $KC_USER_FN for cnt in $(seq -w 001 $KC_USER_CNT) do echo $KC_USER_PFX$cnt:$(openssl rand -base64 12 | awk '{print substr($0,0,12)}') >> $KC_USER_FN done ================================================ FILE: auth_and_access/org_iac_iam/module_keycloak/keycloak.tf ================================================ # ===================== # Keycloak VM Resources # ===================== resource "time_sleep" "wait_60_seconds" { create_duration = "60s" } resource "yandex_vpc_network" "default" { name = "default-vpc" folder_id = var.folder_id depends_on = [time_sleep.wait_60_seconds] } resource "yandex_vpc_subnet" "vm_subnet" { v4_cidr_blocks = ["10.2.0.0/16"] zone = "ru-central1-a" network_id = "${yandex_vpc_network.default.id}" folder_id = var.folder_id } resource "yandex_vpc_address" "kc_addr" { name = var.vm_pub_ip_name folder_id = var.folder_id external_ipv4_address { zone_id = yandex_vpc_subnet.vm_subnet.zone } } resource "yandex_dns_recordset" "kc_dns_rec" { zone_id = data.yandex_dns_zone.dns_zone.id name = split(".",var.kc_fqdn).0 type = "A" ttl = 300 data = ["${yandex_vpc_address.kc_addr.external_ipv4_address[0].address}"] depends_on = [ yandex_vpc_address.kc_addr ] } resource "yandex_vpc_security_group" "keycloak_sg" { name = "keycloak-sg" network_id = yandex_vpc_network.default.id folder_id = var.folder_id egress { description = "Permit ALL" protocol = "ANY" v4_cidr_blocks = ["0.0.0.0/0"] } ingress { description = "icmp" protocol = "ICMP" v4_cidr_blocks = ["0.0.0.0/0"] } ingress { description = "ssh" protocol = "TCP" port = 22 v4_cidr_blocks = ["0.0.0.0/0"] } ingress { description = "https" protocol = "TCP" port = var.kc_port v4_cidr_blocks = ["0.0.0.0/0"] } } resource "yandex_compute_instance" "vm_instance" { name = var.vm_name hostname = var.vm_name zone = yandex_vpc_subnet.vm_subnet.zone folder_id = var.folder_id resources { cores = 2 memory = 4 } boot_disk { initialize_params { image_id = data.yandex_compute_image.vm_image.id } } network_interface { subnet_id = yandex_vpc_subnet.vm_subnet.id nat = true nat_ip_address = yandex_vpc_address.kc_addr.external_ipv4_address[0].address security_group_ids = [ yandex_vpc_security_group.keycloak_sg.id ] } metadata = { #ssh-keys = "ubuntu:${file("~/.ssh/id_rsa.pub")}" ssh-keys = "ubuntu:${chomp(tls_private_key.ssh.public_key_openssh)}" } # KC provisioning data provisioner "file" { destination="kc-data.sh" content = <7RzZdtpI9mt8zsyD+2jF+FEg4siTEiEIO/AyRxayEAjEsFjL189dSuzuuNtLujt0GiNd1a2quy8SutCb0/xm4c9HIh2GyYWmDPML3b7QtGujBn8RUDCgpl8xIFrEQwapW0A3LkMJVCR0HQ/D5d7AVZomq3i+DwzS2SwMVnswf7FIs/1hj2myv+rcj8IjQDfwk2PofTxcjSRUrV1vL3wO42gkl65rkr6pXw2WlCxH/jDNdkB660JvLtJ0xUfTvBkmyLuKL4z36Zmrm40twtnqJQhFZGv/sbvZqDcaLLTPl7duP7tU5TRPfrKWFMvdroqKBYt0PRuGOIt6oTeyUbwKu3M/wKsZyBxgo9U0kZc3VCpwEiX+cimPl5NwFYzkyWM6W0lZqzU49xdBdYqX/YdlmqxXobUF4wyrRToJm2mSLmhjel170GuI/hgnSQWfpbNwM7gSGTC7IQkNF6swf5aF6kYwoNBhOg1XiwKGSASzJmUplVnXTT7PdlSjkvdoRyuuDKmRUhujzdRbgcGBlNkfkJ9mHIkrHIICy9N0sRqlUTrzk9YW2tgKFJm9HfMlTeeS1+NwtSok7/31Kt0XMrBrUXyX+HTSx5PfNLM6t/Pdq3ZxQu46XR1aaKRbuQHkU4w8YKU5kuKuqEEFhmZYHxq/qxzMIOTK70sdHIu/iEIJSu6DuWKvkvvhfzvfRXJdOo27S/XqtHoswsRfxU/7C5yStUT9msaw9EatDPN6T63Abe5PsUzXiyCUWAcas9nGi5ToNFm/mhM4Ifsjv/CsE9Cu9p2AapxwAtcnnIBaV17vBU4KsP73kd+zUtoRqQlR9PHxveRnGgfyM5Uj+en6KfkZ7yW/F9gfiGSOh/GUEpYG0htDmvLFfwiTr+kyXsXpDK4/pKtVOt0ZYCVxhBdW6NsbhG4t55wqkZiqk8c4R/1oyBXsob/yL3SLT7VPy6foQmvkoCNa8+tnVxsUDePhPl8HpRL7n78pgZ0+fdGH+rAwdVGYT8E0eBJjKxPN63I4DWLn83A++Pwt/dp1Sjd2Iv/mbj7QRkp1PpwmyVC5fQptJRZNK3NsodEnbkz9+3z5tXu7ftDMxBkbU0cfjdplnvW/f0udm8H84SZbBbO75cBT4sH3QfIwvZ4Mmk7U1/J50FSL4X2eAH4ynN7BHN8mMOcEzl3hRZFoicItDFOUvQjWhb1Yxpexpbl8nLdbAr/lmH4kxsG67QmV99cy8LtTRmth9yXMqsbwsTeyYd5qTv7uIn2I2/C39Dlj13MMMRncODFYdOM2do2+t6wHN58Uv8mjvny/VR9uetfO9E4b3JtPg5tO7Ny4S/+7dZIDA+Cm57XKL+NejlSIwsjdSZbDt0rUj8VaeD3Ds3GMZcDOCtE0CjG+tYUn1u44Uhzbyb6MA+KG2zQUMZ4AngUUBkBxSwU8ReKZbnkHeMFalBON8SY6XMvbXaNwx8Bhb7IGXIOvdYp2E+aMEW9o45yuF+QwpwZ4JuyN1nHLlkpr07igZNxIFTRfHzldip6g9dv2RGH8yIBjwG8BfYDP6xgwHunJv4wdoLFD+G7pZEIB/K5RAm0q4/cL13YI3wUaRZfwVZCyzvgdXZQR4YsyUCW+KkpHru8osCbB3LFjMKyVMc9hTq9fMu8mKmiYHAf0ej3kndwjjC+I56B5HeaFJ0zAUwCvdFtEc+mOSQ4Ms/s0DvhsEG9JJlHOPLOUtt3jNex+5ioC5WK0vajgvbQU4CTJCPictZFmkpuD103gid62O4Tv2qDFE8JXYU6T8XugUy3G90QuGF9nniN+LyeZAH7bjnS3x/iwF8kfC+bqV/i61I0CeQDjNEG4yO8ILK5l0HpooaCTjIe60Mp5LdY7WD9zbdY71FfAAz71ijbrJPAGrwnYj6VJGpEWsAVhoM60EX/ski0Iu4cyg3X7uQt7EqBPLsrFA+v3IrxWgJ3ktO8C6b4TwnPgmlXwnL2sDTQDHuypQ+vCvnLGs7K2h/Q5sJe+ibxD2mCs6tqDe4S79gTpxrlQN3IpXw14GSEtQF+GeABH+oE2K++UqEe45hYGuqBUcwAdBdIJ6yhtb8jreB39box76imkYwXO3ZJ7m5DPaHu9nGlyMpwDxqAeEU2uZ5me7QB+xxCVz/ESR4yRhqiEPcE1tO0O0s/6Sp4VZYH2gT4EdAxkAHtVeZ2+CXTBXo0cZcf+qy/918D3PJwzUNpbWmxar+wYTCvZbYZ2DecZ8aIgXuXkN3A82R7SgL5tokv6SMfAPjWSeQH24DmRlIcO8tiOKdB/VDbMvIB5VPb0OA7WZD+lyfGwLtC83SfqHep7ATTowKvNOvcQIQfTZPkA/nyojebDm178pawiYfYU6IPZ1whTBZk+vDJHutb2KxL16jhHqh2nSBXszTMk7ZwhnTOk98yQcowm5IHBK+HOwLIxS9DY4wHMRg8I2YQ9wchYkOf1OhLm5BKmCPuTzR5EEAysXGPPiJmIpUlYDlkNwVyvZxIMsxP7VkaaVkkwiM6uHcA43JMc14U1SoejqEeRDD2KDlKgaAnRwGRP18tk1lRAhiNhMK+MqpDdmBzxIh2jEkVar4JB9lPQuMwt+xImNJkRGO5mHEgKcSFKAi0mR0fLFJwpVmtgNqW6xR6sxIySo7HDGSVGylLSancM8vKQfQibaYUshqI20AqZEnpryNzsTgXLIeuMOPMUCONoBx9YS8djlC1HSYgkmHmA/FyK9pgZTDSOvph5gB7szonRadzS9tamrLKX7e0Rs7qyx+NiyMoKkpUOmd4OvRiNA5iDMxnIiGVUmkAmMeFMwp4UUlYKj5uQ5QCvkKZCVLCSsiaABUY1DjI1XcLUCta2A5Nxg8KVmTvoWIWbU1ZFmaWlVVliNc4tR0yrLXZ0T1DEAp1W93QUbMStxlW6THYzKbY6j3yi7FPbsw2yuUDfsyGCWfqereEapajsz6Bsc2ddzpQHFPnbtmBczKxLIbOMCdsp6DXQRPoCcje3MFdmHnLdzTjMMvr53nw7tivX3fFUt7p/kyiDrvP0Ne6Pw5vW1Vf28uC13qIHVb/a72HU9Z8bn41fLD6Lg/gsTsfngj4/jM+da2eiYLyDqGNFLlrKWGD9CJ6rpUHtp3CchNj6qZ+BFwGvGUHd16d4DN52Zxyu2dIgf4e58HhnLFmj0CAqlOSh8Tvpl2IiDvCt3bFZNd9uDuqUEHns25tv8Y6Gf26MhjcRjzmdU4wfbpLsdIQmHoDnsAysDxw7WMv6GbwSepdW5CpRLrB+Ag9BMI94hbUM7HEEtUsDaozb+/anuct5OHogaalN8kqYj2D9QzVUF/A65WRN9Q9EDK4TOhF58ARqvFZUCLUPx3OXIl8PzhWqh6jvIesoFXG4lwB12pi8Huf0XPugVy2rT9dO7DbtH8+jahzWOQXLLOJoR3kQ1dq0H/cOaCIPCDRivgSRgnsuVi5rWdwTRWX09hyJuTalHK0pP60I6BJYeyhVXbIdi7xKbP6eEB6Pc1AH6PuD65Ar/bBXaxz7Oe2En9Peyc/Vzn7u7Ode7+eq7DlDf0H22zRK2IeC2SjZOWQmkBFi3xIzb86osfcAGTP6LMhic+7VBZj1ZdSbwL4C96h07I9uKpbxRKHsG+ozyFgUrmxaGfsE7O9ZBvtF7m1RT0L28YQNPmZCvbyCMmKb+paAH5nk37qUIensRzC7BZqwl+thb8dStrCAfBlnn5ZGfU32W4DvFLAnldcXBvp6xAdaNUkL7JFhUDcWDOtAtfbN5moh4szf6+g8L2SQXl/2dluqhBncT+ljzwn7tVjdlKALuqxQqkrF5IoLK4kW9xTtoKQeZJP2CnFD0uS59zSfDdcgNritTPbKIn0jX+yHU78MMnzuY6pYYaD/x/5a25OZKfK5kB9eB2IF9bF1qK5lteOYQlYVwAede76RBsfcB7Mtqu54HpILxFLsdQWm7MMRzKn64qADqF87uuh7soeHNLkKVQmMX2IcgirTczg+xpbJvS9eX1aGWMmVjOPo3BvtbfgnKJtuaV2uMiT/LF4LY62SYYyu+FfSGIy3e7Ce6nKFobo2raXwXBRLWUdsGedQ5ijhkmJ0QbymStLRZf/NkBWTzrLC6w7LHngJa5uSd2g7yDuO2djfgyoXaDY2+/SGwDuMkZtzW8juAFRAuoylYD9VxwDGxLLHSzZgFSwrsqsNjHMbaW/YW/GsXfnkgnvAMG9PyorxXbZLxJe9faRPdhfILisY8SyS9qpyT5n2irL66L7jlXnwgI1x/ZtS+7kh//oo5LcfxhiINaW7ShcUcw9SAKB2tX9H3ZexPQDehIsTQX8aD4f8cE64jEv/gabCqD/Hpz6IJrNxYdo413oFWcQzT0TIe+pvIIuaepB71Y7vk6vKifvk2rvdJleORNFYB5Nw9c8UgFk395vwNfVIAOaH8l//xbLfcxf+3IU/d+HPXfhzF/7chX9BF37z3O7P6sKrv1ob/hygzwH6HKDPAfocoM8B+iUB+ur4pxofG6DNXyxAn+8f/c79Iw6p+BxzRGGJ7uFG8j6shfd3c8HPnKJbk71uh82sy892s8uUz2RPMryPnN9BqOjardyjkCLvAU8E9rDlPZ4Jm3R177jJ947Z7dKz0tHm2fiufD6Y9kD3uzMag26c+9+8f7rnjrz/RvemKQTKe85Crou9aHxuWz5/G1XjRJPvYwt+Dj7nnrdTbMYRzegmN7RX4zb3pv9Qn/pHvyt8uxaeoR48p2Met/A+tJmtnriBDc7hWr+w1Yu6Qn91hDQ+VX8BAqxQHEv8M9usumYeyOg4SNQ/tM169WybW/maJnFQHAnir/jrvud/nfuGLXJl/x6Fph4/H3JKdrU3kN3p39OfiO+1BI1kGD/tyaz2vzX+8r+BNnQpzcaCEdJyNtfhKJLfNM9y7s8OYSgrQH1kiW9xR2HyFKL5HU9nDafxrMIHUnmK/WkxFzixGoCJmAp62in8QAmfkfQf+TW+rh0+BHncfjn1O1z9vYR/6kcKf0nhfwv94WU6S4p/lgJswubPUoBT98f+kgpwvwDZ/BM1oH6cX32oBtSPePERr+PI4xW9jeM3U5715WR4vH0VB55Ub+L40Zs3/vh7Np77sf5L3rzBL7j4Hb7WTqvBK1+8cVWr7avP9cF7WviNIG/x4o3nqfp7vLfh579850rZF5aum6eeDfrY9+8cp+r7nvqEyw+YV+jtF9HDv2C38D+sruwc/RsPkWsKCuvy0Z/G4KoJBybyp3O6qOvGgZvfv7I/CZdSOIWqzfODa7xLvDhLF1M/2b+cSVbidYP3SRcTcEvh4hJIDeJZdBL/uQC3ezkGDZ/J6ZWdrdHF1cKfLR9h0mp60LBqQJYuhvur76I/+MEkIvu5POC5ZtQ3vNaM6+2xucP5YbycJ77kejxL4p2FH5PUX+1u6Cheg6VZdSqh61RCG1WBDZAW/aXCu8EQuxoJf6H6VP4jus9G4J8Va6+q1wRV9lfXT9qf+pHxtlrsHHDfOOCqzyjDKyNuTTso2D844qrvX6P9iXScWnCNHd+g73iOF/qMH6Xxf4l83awfPN9rXv18H3Ii6/pAH6LuepCNPzntQ17/+ry39BCyTbr71rzT/FVO68SLXcnrIsTxLTdwtaF6CYq8jNPZJRmZul4QBz44/dZfmn4fRIdQDx923pB2srH6KkOtmYeN1eMXgJzMtN/PSvWzlf4ZK6291EpfG/BfZ6XHpfC+leJ7e/8mxvlYD8Ig+EjjPHFX8YON8/iXGXoNCxnKToydfMWkv9d/G1ma+E9OtgPn/95Rxld17YcOuHZKxPp7ifj41ha9OfMs4jcTsfFuIobT7YvGuZbavq1db/0f ================================================ FILE: configuration/hardening_bucket/main.tf ================================================ // Генерация random-string для имени bucket--------------------------------------------------------- resource "random_string" "random" { length = 8 special = false upper = false } // --------------------------------------------------------------------------------------------- // Создание sa storage admin для создания bucket resource "yandex_iam_service_account" "sa-creator" { name = "sa-creator-${random_string.random.result}" description = "service account to create bucket for audit-logs" folder_id = var.folder_id } // Создание стат ключа resource "yandex_iam_service_account_static_access_key" "tr-sa-static-key" { service_account_id = yandex_iam_service_account.sa-creator.id description = "static access key for object storage" } // Назначение прав resource "yandex_resourcemanager_folder_iam_binding" "storage_admin" { folder_id = var.folder_id role = "storage.admin" members = [ "serviceAccount:${yandex_iam_service_account.sa-creator.id}", ] } // Назначение прав на KMS ключи для работы с шифрованным бакетом для sa-creator resource "yandex_resourcemanager_folder_iam_binding" "binding-for-sa-creator" { folder_id = var.folder_id role = "kms.keys.encrypterDecrypter" members = ["serviceAccount:${yandex_iam_service_account.sa-creator.id}"] } /* // Назначение прав на KMS ключи для работы с шифрованным бакетом для группы all-access resource "yandex_resourcemanager_folder_iam_binding" "binding-for-all-access" { count = length(var.all-access-users) folder_id = var.folder_id role = "kms.keys.encrypterDecrypter" members = [element(var.all-access-users, count.index)] } */ // Назначение прав на KMS ключи для работы с шифрованным бакетом для группы read-only-sa resource "yandex_resourcemanager_folder_iam_binding" "binding-for-read-only-sa" { count = length(var.read-only-sa) folder_id = var.folder_id role = "kms.keys.encrypterDecrypter" members = [element(var.read-only-sa, count.index)] } // Назначение прав на KMS ключи для работы с шифрованным бакетом для группы write-only-sa resource "yandex_resourcemanager_folder_iam_binding" "binding-for-write-only-sa" { count = length(var.write-only-sa) folder_id = var.folder_id role = "kms.keys.encrypterDecrypter" members = [element(var.write-only-sa, count.index)] } // ------------------------------------------------------------------------------------------------- // Назначение прав группам УЗ resource "yandex_resourcemanager_folder_iam_binding" "binding-for-all-access2" { count = length(var.all-access-users) folder_id = var.folder_id role = "storage.admin" members = [element(var.all-access-users, count.index)] } resource "yandex_resourcemanager_folder_iam_binding" "binding-for-read-only-sa2" { count = length(var.read-only-sa) folder_id = var.folder_id role = "storage.viewer" members = [element(var.read-only-sa, count.index)] } resource "yandex_resourcemanager_folder_iam_binding" "binding-for-write-only-sa2" { count = length(var.write-only-sa) folder_id = var.folder_id role = "storage.uploader" members = [element(var.write-only-sa, count.index)] } // ------------------------------------------------------------------------------------------------- // Операции с S3: // Создание KMS ключа для server-side encryption resource "yandex_kms_symmetric_key" "key-a" { name = "key-for-bucket-k8s-logs" description = "description for key" default_algorithm = "AES_128" rotation_period = "8760h" // equal to 1 year } // Cоздание отдельного S3 bucket для логирования действий resource "yandex_storage_bucket" "log_bucket" { bucket = "action-log-${random_string.random.result}" access_key = yandex_iam_service_account_static_access_key.tr-sa-static-key.access_key secret_key = yandex_iam_service_account_static_access_key.tr-sa-static-key.secret_key } // ------------------------------------------------- // Создание основного S3 bucket resource "yandex_storage_bucket" "bucket-main" { bucket = "bucket-main-${random_string.random.result}" access_key = yandex_iam_service_account_static_access_key.tr-sa-static-key.access_key secret_key = yandex_iam_service_account_static_access_key.tr-sa-static-key.secret_key // Создание BucketPolicy: policy = < All operations with KMS and Object Storage are performed using a service account token linked to the VM at its creation. Description of script arguments: - create: Creating a high entropy key using the KMS [generateDataKey] (https://cloud.yandex.ru/docs/kms/api-ref/SymmetricCrypto/generateDataKey) method. - open: Mounting an encrypted disk to a decrypted object. - close: Unmounting an encrypted device. - erase: Deleting the source device. ## Prerequisites (configured using the Terraform script example): - Install and configure [YC CLI](https://cloud.yandex.ru/docs/cli/quickstart). - Create a service account. - Create a KMS key. - Assign rights for the KMS key to the created service account (kms.keys.encrypterDecrypter). - Create an Object Storage Bucket. - Assign rights to the Object Storage Bucket to the created service account (storage.uploader, storage.viewer + BucketPolicy). - Assign a service account to the VM. - Install AWS CLI: `apt install awscli` - Install cryptsetup: `apt install cryptsetup-bin` ## Launching the solution - Download the files. - Fill out the variables.tf file. - Execute Terraform commands: ``` terraform init terraform apply ``` ## Deployment results - Check the status of mounted objects: ``` lsblk ``` ![Status](https://user-images.githubusercontent.com/85429798/131117114-d15f733e-8db8-4bdc-a3bf-082554a4e7cc.jpg) - Check the disk encryption status: ``` cryptsetup status encrypted1 ``` ![Status](https://user-images.githubusercontent.com/85429798/131117237-bb081d75-3876-4970-9a2c-b52ae4161c55.jpg) - Check the disk on another VM. To do this, create a snapshot of the disk: ![Snapshot](https://user-images.githubusercontent.com/85429798/131117342-0ef73d39-890b-49c4-888c-7ca43789356f.jpg) - Create a VM with a disk based on a snapshot: ![Creating a VM](https://user-images.githubusercontent.com/85429798/131117386-e1e9e805-2412-48bd-be9e-41e4ee83eed9.png) - Try mounting a disk: ``` sudo mount /dev/vdb /mnt ``` ![Test result](https://user-images.githubusercontent.com/85429798/131117495-c2cc85d4-21c9-4578-9027-907bf6c9d0c2.jpg) ================================================ FILE: encrypt_and_keys/encrypt_disk_VM/README_RU.md ================================================ # Шифрование диска ВМ в Облаке с помощью YC KMS ## Описание - Решение позволяет выполнять шифрование диска (кроме загрузочного) [Yandex Compute Cloud ВМ](https://cloud.yandex.ru/services/compute) с помощью [Yandex Key Management Service](https://cloud.yandex.ru/services/kms) и [dm-crypt](https://en.wikipedia.org/wiki/Dm-crypt)+[LUKS](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup) - Развертывание решения и пререквизитов выполняется с помощью примера terraform скрипта ## Схема работы ![Схема](https://user-images.githubusercontent.com/85429798/131116794-8dd100e3-c024-4297-a39d-8d1482fc8ead.png) ## Описание работы решения - В [cloud-init](https://cloud.yandex.ru/docs/compute/concepts/vm-metadata#keys-processed-in-public-images) скрипт при развертывания ВМ передатися необходимые данные - Устанавливается ПО: awscli, cryptsetup-bin, curl - Передается созданный terraform ssh ключ - На ВМ выполняется bash скрипт с аргументом create: создается ключ шифрования с высокой энтропией методом KMS [generateDataKey](https://cloud.yandex.ru/docs/kms/api-ref/SymmetricCrypto/generateDataKey) и записывается на диск в открытом и зашифрованном виде - Шифруется и монтируется второй диск ВМ на основе ключа шифрования - Ключ в зашифрованном виде копируется в [Yandex Object Storage](https://cloud.yandex.ru/services/storage) и удаляется из файловой системы - Скрипт с аргументом open добавляется в автозагрузку ОС (чтобы при перезагрузке автоматически примонтировать шифрованный диск) - В момент монтирования ключ шифрования скачивается из S3, расшифровывается и по окончанию мониторования удаляется из файловой системы > Все операции с KMS и Object Storage выполняются с помощью токена сервисного аккаунта, привязанного к ВМ при ее создании Описание аргументов скрипта: - create: Скрипт выполняет создание ключа с высокой энтропией методом KMS [generateDataKey](https://cloud.yandex.ru/docs/kms/api-ref/SymmetricCrypto/generateDataKey) - open: Монтирование зашифрованного диска в расшифрованный объект - close: Размонтирование зашифрованного устройства - erase: Удаление исходного устройства ## Пререквизиты (настраиваются с помощью примера Terraform скрипта): - установить на ВМ [yc client](https://cloud.yandex.ru/docs/cli/quickstart) - создать сервисную УЗ - создать ключ KMS - назначить права на ключ KMS созданному сервисному аккаунту (kms.keys.encrypterDecrypter) - создать Object Storage Bucket - назначить права на Object Storage bucket созданному сервисному аккаунту (storage.uploader, storage.viewer + BucketPolicy) - назначить на ВМ сервисную УЗ - установить aws cli (`apt install awscli`) - установить cryptsetup (`apt install cryptsetup-bin`) ## Запуск решения - Скачайте файлы - Заполните файл variables.tf - Выполните команды terraform: ``` terraform init terraform apply ``` ## Итоги развертывания - Проверить статус примонтированных объектов: ``` lsblk ``` ![Статус](https://user-images.githubusercontent.com/85429798/131117114-d15f733e-8db8-4bdc-a3bf-082554a4e7cc.jpg) - Проверить статус шифрования диска: ``` cryptsetup status encrypted1 ``` ![Статус](https://user-images.githubusercontent.com/85429798/131117237-bb081d75-3876-4970-9a2c-b52ae4161c55.jpg) - Проверить диск на другой ВМ: Создать snapshot диска: ![Снапшот](https://user-images.githubusercontent.com/85429798/131117342-0ef73d39-890b-49c4-888c-7ca43789356f.jpg) - Создать ВМ с диском из snapshot: ![Создание ВМ](https://user-images.githubusercontent.com/85429798/131117386-e1e9e805-2412-48bd-be9e-41e4ee83eed9.png) - Попробовать примонтировать диск: ``` sudo mount /dev/vdb /mnt ``` ![Результат теста](https://user-images.githubusercontent.com/85429798/131117495-c2cc85d4-21c9-4578-9027-907bf6c9d0c2.jpg) ================================================ FILE: encrypt_and_keys/encrypt_disk_VM/cloud-init_lin.tpl.yaml ================================================ #cloud-config #ssh_pwauth: no users: - name: yc-user sudo: ALL=(ALL) NOPASSWD:ALL groups: sudo shell: /bin/bash ssh_authorized_keys: - "${ssh_key}" packages: - awscli - cryptsetup-bin - curl package_update: true write_files: - content: | #!/usr/bin/env bash # # Клиентское шифрование диска на ключе из YC KMS # set -e -x YC=~/yandex-cloud/bin/yc CMD="$1" case "$CMD" in create) #Создание ключа с высокой энтропией метод generateDataKey (https://cloud.yandex.ru/docs/kms/api-ref/SymmetricCrypto/generateDataKey) #Необходимо выполнить 1 раз и хранить ENCRYPTED_DEK_FILE в защищенном удаленном месте mkdir ${MOUNT} $YC kms symmetric-crypto generate-data-key --id ${KMS_KEY_ID} --data-key-spec=aes-256 --data-key-ciphertext-file=${ENCRYPTED_DEK_FILE} --data-key-plaintext-file=${PLAINTEXT_DEK_FILE} cryptsetup -v --type luks --cipher aes-xts-plain64 --key-size 512 --hash sha256 --iter-time 2000 --use-urandom -q luksFormat "${DEVICE}" "${PLAINTEXT_DEK_FILE}" cat "${PLAINTEXT_DEK_FILE}" | cryptsetup open "${DEVICE}" "${MAPPED_DEVICE}" -d - mkfs -t ext4 "/dev/mapper/${MAPPED_DEVICE}" aws --endpoint-url=https://storage.yandexcloud.net s3 cp ${ENCRYPTED_DEK_FILE} s3://${BUCKET_NAME}/encrypted1_dek.enc #копируем ключ в S3 rm ${PLAINTEXT_DEK_FILE} # удаляем расшифрованный ключ rm ${ENCRYPTED_DEK_FILE} # удаляем зашифрованный ключ ;; #Монтирование зашифрованного диска в расшифрованный объект #Можно выполнять, например при старте ОС open) aws --endpoint-url=https://storage.yandexcloud.net s3 cp s3://${BUCKET_NAME}/encrypted1_dek.enc ${ENCRYPTED_DEK_FILE} #Вывод plaintext-file для расшифровки $YC kms symmetric-crypto decrypt --id ${KMS_KEY_ID} --ciphertext-file=${ENCRYPTED_DEK_FILE} --plaintext-file=${PLAINTEXT_DEK_FILE} cat "${PLAINTEXT_DEK_FILE}" | cryptsetup open "${DEVICE}" "${MAPPED_DEVICE}" -d - rm ${PLAINTEXT_DEK_FILE} # удаляем расшифрованный ключ rm ${ENCRYPTED_DEK_FILE} # удаляем зашифрованный ключ mount -t ext4 "/dev/mapper/${MAPPED_DEVICE}" ${MOUNT} ;; #Размонтирование зашифрованного устройства close) umount ${MOUNT} cryptsetup close ${MAPPED_DEVICE} ;; #Удаление исходного устройства erase) cryptsetup luksErase ${DEVICE} ;; *) exit 3 ;; esac path: /home/yandex-cloud/script-enc.sh permissions: '0777' - content: | [Unit] Description=Template Settings Service After=network.target [Service] Type=oneshot User=root ExecStart=/home/yandex-cloud/script-enc.sh open [Install] WantedBy=multi-user.target path: /etc/systemd/system/test-script.service permissions: '664' runcmd: - export HOME=/root - cd /home/yandex-cloud - curl https://storage.yandexcloud.net/yandexcloud-yc/install.sh | bash > /home/yandex-cloud/log.log - sleep 10 - source "/root/.bashrc" - aws configure set aws_access_key_id "${aws_key}" - aws configure set aws_secret_access_key "${aws_sec}" - aws configure set default.region ru-central1 - /home/yandex-cloud/script-enc.sh create - sleep 20 - systemctl daemon-reload - systemctl start test-script.service - systemctl enable test-script.service - reboot ================================================ FILE: encrypt_and_keys/encrypt_disk_VM/images/Схема.drawio ================================================ 7LxXt6vKlib4a+5j98CbR7wR3kigN7wQCCQ8/PqOQGsfc8/JrK6uvJU9snKPrSUIwk7zzW9GsNY/cOG1KUPyfph9XrT/wJB8+wcu/gPDUBzBwBcs2X9KUAb5llRDnf+U/V7g10fxU/ir2lznxfinilPft1P9/nNh1nddkU1/KkuGoV//XK3s2z+P+k6q4i8Ffpa0fy291fn0+LUMiv39gVrU1eNnaAajvw9eya/KPysZH0ner38owqV/4MLQ99P36rUJRQul90su33byv/H0t4kNRTf9v2mwNirDCHT6lLZHvcUuSufd/4WS326WpJ1/Vvwz22n/JYKhn7u8gL2g/8D59VFPhf9OMvh0BVoHZY/p1f48/m2VCLip2mQcf67Hppiyx89N2XfTj65RCtwnQ/brFj5O0rFv56ngfi+Gjeq2Ffq2H8B913cF7HQa+qb4VfgPDC/LPCXy3578UhkOSn4WWgxTsf2bIkR/Uwww6aJ/FdOwgyo/DahfuvyxZhynvvfrH0yD+RHp4w9WgeI/5pL8mGP1W9+/awxc/Cjtf0KB7H8t/ZHAgcryP0ZbKPVP2kLRv2gL/4Uzf9QWjv2rtIX+j7UFFPCGl/XrRCYeiqAGeGQkadE6/VhPdd+B52k/Tf3rDxW4tq7gg6mHKj2bc+P7i4mnUn7dlPUGrYH/GUHMkyn5B859bzF5XKp/YPwGLAITHNXC7jtPpLdtzg6kTlQPycR+MfAcz3cSN3dyyV7ZYj651RTYI39ltabm77vq9Y6vHWatVYlyfd+xB/LrPn+1bY7oSyEitSlwqyaa+/mp+Vdy20bH1+cUI1vtSbw0/PGwj22NI6/XFJfVGgTUlzD34CprJzbraSKWwOHGU8LMw0U0kavMIK5MOV7dQ0OMZ3VYT3AvcGDsP9aDY0rY9Qn7gtd/qPt0Z1s0Mas+22zndxsfZmP+U3vuj3XXX/3dwBrvr3ZMwfq0I9xtUVe8WlucOn4WikQ7Kv/Ilaq6g+dBoIG+JBS0O3xR28H3BuYN57YaTxf0L82g7w3Mfzd98C1Vm32NCV+UcFB39c+2D80MrJsZ8OBbFs2Am4FMYJufDwHHgPPbvuM8QN0rqMuD71yz5Xizw2oDMtvN0PwZi8B+n4MGZCqBb/07ztMD39fb9z7/uW+/908w/nfOu/nrc/YF16TB8UmwTgR84z/rReH9rUE2G6zvnAcabyZyrhN8+lpT7u9UWVmty/sk8lqtZoB96rVFxMHIGDiw0IP45Uz/i4jB/DO+I39FDOzvAONfhBcY8Rd8KHLAT35u+2F69FXfJa30eyn/O95Dt/+9jtFDZDih+FlM0/4Dzck89X+OAcVWT9EfrmPY1f9N/tyJ20/P583+66YD643+ePOHVvD292bn3a92f4wk5G+4Dxf57+sQyKSfh6z4d4SH/9DFZKiK6d8DZfrvjWIo2mSqlz9P5O9UfDblhiHZ/1Dh3dfdNP6hZwcW/G5rBPJnWyNp8s/07X+uPrj4zuB3Y/ttKf/f7Q//S7zSOBMU+Nx/x63/s+OWRBjPsLIlc7N8AtXECszfrM7YA+PUDj8E6h7SAfoHc4QxxJxhDLMEggRlxxlbgnC2mpX4xgYNAfFsC8B8vs8q8Az0D+QF6oPxGlCWzTaIaWesEOC4EgnktcG5mEED1wXlCOewnzHwnMMZY9ezDoxNPkd8+wPzl98WsAHQxhPhePY5P9j32fYcF3x2sA7i20dT/ap3xklYTzJhjNu+MfZX7G5+4qYumr+v/Vc9MB8Nyh35o8xz7PHOlbA2jl/2sy4Zfu+cCjrYf0h8wxjmzxhCsv+58Y34bz7837jyC1dgHQHd89vWgjW3+esK1u01QA7PVGlXI9LRVAlZ7XXF7jdyuStu/SMDiCekAWX+1MUfbDjAPMC8mtkM3BM3rKNBgWxAPZM817ETu3VIiHs0sx0AznmY33pPbbX2kzdjphhC/ALrrFBblCAPns1ng8DnoD1pBSFoLwH8kdYTlwTQ5/PElx/MAhw2CL/8OQBzEQEGAEw7sUAgNlOMYf+gfUVaX668mqKJQ3yEmHiu6cgBNrlgHRzye1kGsRPIm4PlGMRbiLv22V6DeIV+xzcJgHkVbA/Wiv2sBczxW2Y+s/1b5qL2iYFQf9UpB3CNf/slkNOGIK6Cfn/KCOusF4N6DWoiAKdr4gC2AOcO8Dsmf31bYvbt75DO+raYHbAPICs4183/taYzh4mhjGAesFvSugMMJu2gwn/T73EFeGoCfTUE1AFYLwp0ANaqgXgSIjaMQVAmUM77z+c7Dsh74Hwq3Dws8VyLqJHnc5/AgRzwb5yqMHBdwTFAH8c3DsB+Tr0QQK4A2zPyzGt+yoCNnXEFfFZoX3+wxSQIqi/2gzVZiPkTQ0D7A8QeMK4daNUZS2qOhLHy1/hnHIJyfzbHt42GW8c3Xv6Sn1nD8SUMyG/9XX7cdyyp2k0EyK/+TX7HWQcx/6ksRGGsBGWoJTY/sRr2Vf3EL/erD5B3njqHGgY2AOxlP2UN4/eh4dCfgDwI4Dv4156gruBz7at7IEswNvkjO+g7UHbHlzeEQHYcaX/j8neeQQ5kB+Pkb/fi148lsP4Gt77jAf/5loH+13MO8HP6ALd/dXX61W9lv/Lgs/yANs39UT9nvmydfhn+6Orb3vr6JWwPP+h3fSC2w7anX/4qO2VW/fgragtfPvG1FQn/3xzvKQL9p3j/n5zP0v+HxXvrn+K99ffxHjs//8N4f+6DTFl3He8BUt+je5u+2OYuaFWMbe/s72NnA+6t058BT4UxC2IPjP/ArkF84DDrew183ITfP3Vg3AdcOzDR7/wg/zUBN6iAr8Q/ZdyvOt/r4CGCfn/1+f32Tx4A2vLJ7+vTnlagEWZzV/68l5MpMpII31p/H+2tMYm4v5XAT1YCEW2zvui8gczizAC+aAY9NSSCL6IQ1jcC75AxQC+2ntXJygFCndIAKADR94wmdpChPx6O/LQD6AEi0RnVGuzbDqDSNwKD6Bp+o/3JBOAzgJYQCWrYDiAZ6NMKsu0bIRsSzO0cB0bXc+yzXnZ821aoefYXQ0kfZmie4wMURL7tK8L+FYECCTIc2J4A9X/Ygrb/lhUd2jcC+CBSPxv0J0LvIBJ+MyOwxjNDA9EAaBn/tgcs4PiJ9EeG/rRHzW9WBdprkHGeZQD9iW+Z9BNBQJ/ByXCA7BrU/mZKoN43cgDZ/cwR1N+/maEJo9wpH5P8RqPmsKRzzYCNnnr4lonxD/tpiC/KQplV21dmHGKL4XcMMV4hsgO9ECDq/aC3hHyjUwNkkq0/0Rbo7czeQJSKcVv8yU5FYMXN2R4wwJD8tg/RX4wOzHMzv+3xr8xh+3A7dXJG6wq3wm97MJcf+YDIAOf/bY//2MZufhkNYJ3Nj7wrDGae53j1yZiQbztoCyfDJH/ZHYxQlvi1O2ivoB2QE2DbX5sEsgnPSGeD9fys8ScLN4kz44Xtn9Y3on1Z78lerS/TIL7sA3h/UMFnO/CTM0sGaAHWfTVBpIcRb/9hFasNd5JrOCf3G2GDZvu241YbZuqgPlgLafo/UftkIPcbLAdMBK57/0ZqafvRLwaZKVwLWN9qniwfsvkGrI3bvrsA5smkfpXBLOZXH2Ad3x2BGsgQ7lrDcQDDBRnKDpnjaWMn25R+5tZUX6YZbt81nVkBrAPt6FyTFXBkANg28BHC/IU5QasB5gTWUB1wJ984fRuygS+WfJEV6gL6B8QQYGNPyAw19DtOTIJ17ZCFnMzwxK/4B7/ugBXBPjPE/n0t4jne4RLftZ5+u0K//tmJIE+m/D0JIM/6p+9V524N0MUPE9TQH/aEWd/dm9062dupD/zLTn/q7BA/fvnwVxagH/Rnt+Q4x/ziFPZTnzyzoN/nCe3uy85rAv9mEt9x/pMZEk7+zRkh9TcMifpXnRAif6VIgL6w50+e+YeI/oNBzp/Y+RM/y5HzJ3+WCOe1+KsclMigv/NW+EMh86vDP1T+Zy4G5Dr90/Hwnw5sf05x/+ZgN/khYxnQQzH8DUt71Xl+nlb83Xn0n08w/v6I4H9tIwzF/umg5+8O8om/6v3XCwD/8XrH/l7v9B/0i/9B+1+9f59KZwn9S5Xgmj+v2V96J/5gPOh5/df9+/8/viXwDwwv8CI9Xwj4W8v7jzjzo//pzI/9a46EYn/zlgD1LzOFv566/NkU/ui94Jr4ZRZfUwA/sT8Yjfhf0ixysmBy4l9oFvg/v+rDYn81C+J/q1n8KzbLW/iAT7KmOhX9pzep4L9/M7/++2z6Twn3v5FfvzuQXwv1lbe9FbkoVc+Bf5YfPqSwAlfww2mcwMXgW0QKK6BgCa9agn91NYGrtJJ7NDUs5NrVl9sDXNgbrD26fOuPtrLCBi3iXR9IiLGvXM0f2SvkQM6OG692TnDrGUd8a7zY/U4us8ODOQgc54cef1XrjM5RchLu1yJ5bm9ymsmucflE4ptQffme64Yqd2leXK03pGRS3Mv0ajW+6JGWl1klSp+kSsztWcv7RXz1z7qSPN67y5fwAxLwQzSRI+cRlgYKl2mHmh+MeV9mkAZn2BLNnwVn0G6IsuHFfQbUuRY43I2Roxte8yiyGxX3Ek2TA/zuxdO69Jps/kPAvmp1wRSTcxlu23V9f91ZwnAkBx4MWzGtEWpeaf718mSrYtZL4pFuz2C7GVV8ce2bgFP8xb0bnFgI0WpjYkBEF/+eclzGUavVAWDgx6eI5H7xeXnXZ3/HXdzg+RC5r3x4edn8QFxo/sFqkzam7ovpWn8t2m78hA8ftPUPxAQz6WO5elyQpzuyokOpfKx96ho85lpONxwvEP3Vvcrqy7vDws9QaJYDhpYNaDfSm09ZQa2sJLsbwiyZlaDfqUue3Hyu/4T9DbR5dMrAmIIbR6sci8n0BA1XvuDuiJ/VcuG+CPXW5HBGzXWpLq6CbYgE7pJXdROSN3JwyiBq9YE0xL2tEj4h3J3LBscNto/FxxffHlHBYey4QKvqo2wMn3CZ4fjBC4igNwwwqpDcL0qJiqvB6zfZXPnPXmsjq1v7iPDuM5IUV8JWRGI/G5lyCsHTo8S7GZiEa1b2vS4L8fl2iqCZ3ii/8Aph0L2ESvjL5fsJzgzumNy1y+PObDfOe90eHerawuqiCUNwCe9COTRdOza8q+FgNNPeEYn5vNaboPTNwekf/RGRPgtXwL/unFJR8vLW8duN7y9pe1l5a2s0ILhPOY6S5SMdp7qeNQrdmtm1SHmPdgUTexGXUyuo8Eq5kjFp/spqFUYCDU2Z5CB1WH0QVmmMsH7mCD9obSy8V36wrLf4GVuB4LyKL9Uo25xNU0GI2JDmUy7U1EULnfGGApaBPNBilVcTlyI2tx7X0fRX3e9z8AjdAErx4avvl5jFhNeQPRgdTAjUZC1o14R0p31Z7wxOsHky9sCzg/9oD0J5jjYlz1dUdIC35Dkt0VJmax3yaSxf9xLPqbBLWXGoHDBy/pqRB+W/6dBLEqGk5hfzMaoES2lf1flId5/sm65Xt7XcO5TikVpcKBsetAlmkMG1vsFrDNrHxa0NUxccqp2gHwhQd1ugco2sDymwsf2jQhu7vRSo0wLotL3fbHgNlgrvrFvvwVGimwJ685SbXXV5zMjVW38d4W86011Eqhb27VCrK4v+UzitRh4MOFKDfiSofxxtqovd6HB21Av0J7jQzRL/Av3pmr0FB2lugtRfx5wHly68Zqe1grV8zzoqnf8kGbBsE5HWUXp71OlLsv+BUxUHG8hGHzFgVZbHw1knfQ9m2gcqe0yYlxKOynPn8R03VGjGLT007UaLMz4lVrjiNKolRsB7EFL5WgtGHnqzOsoRUotpoxUCurpwQN2XgB9f2EyAEBBl96uHH9cR+G+ocQu7DzHEgfLD7I9qAlWWhPwAfw9raWSFJTUzzieW5VprGDSsVI41oZLHCTziR+G9qeWA3O9IlknoCtYc3oxMAk4mN8t1qievt5YBq8fxyl9uN6CuyACyfyrKM2VBvOP5WPe9R0q1CbosxMXMR+M+0IbINYp8Dq+ilIh9EBXHxpIGFqP3T8gQ8Mv9o5TIzY8VPUvlqv5c4xlETLYp78vHMnstIrCr6sXa5TlCnWTvtoe46dnQL7ED+PeFw3l3AGU7W+DRU5YxW5lueQs837zHlFxgzoA7ltEHZbKnYwjAY7wKCw1wVSlCSUhDMgaQ/f5cIeZfaeDxfHBtEtwly889zIEVfxIerC2bgFU7IWXN7L1Xqs/r8ojYjmI/i0QpGYGhd+wmCL1Oq+6AbWxRs28W+K9M3RT2CfQETAeiydh2MLKQgRkYojtKFzrToCzQCzoUwMAcm5GvGQasP9ZCILw5Apas4JS+sFQlV/NnPDYZGkkQXqdVUC12ZPtywChGW7cxb9/KzBgr0TmxDcMOfXuDn/J+4InpO+HAPPI7jAYq7ZlGH5XJEVDhzAOlWSyBXFAnlHqNcSRgU09rEHiDYkxO6V09CzhQJl5gjIMCu90kIdSkWa949rJfdsRk1nAJJnwm9yrhdJe7UW0lEhdGgob+AM1seryquQsjrWxXAaKdHqCvaelpln2PoQ/YTF4CY4+jWC4b2MhpCppzHhortZqEXyf+xZmzTiNgCpOLQwBdT1RYN3imMbdrZeuw9Bj7pYZmooaJTSkx9JurfnGIVqGgXOjpzvB0lcCgZEzVbHMHIRp8e3qrdFTIXAfIJQCNCA/Ob/YiAsStFETZ/a12XJiJZaPExzxXW2zifYPyRQSYwgt4ZzMYY/OwCeORiYGXzPIUW8Ni3JfR5n3iuQx0q+SByVnFW+SegqaugPtNI/ssHim0b3l4RKWhzTy9yQwehLc3MAaVKzLg86z1cFuOLz8hxx21O4tkEKW+6ngP987zs2LFOd0F94N29BRLapsK3qMp9ZzOAgUqmU+tEW7l1h3aOcAL8o5XkKVxbObD8IGisifJ1XMW31A7m9hiVrhyl0nseIVzSdaY3/g9hxq84/OzErHL01PbS8MWXaS/+GlYsV3Auipi29VGekMiuAuqc9xTl2d0sPRbNM7y8nn7++qqJmqvSq4PzKXG2El5cXzY67EU89zgWx1tkku/qADBZDMygJus92bkGkJWoWVX5Q1ThJCTE1DID4rZmuhiQZCYJ4t3ulvCE7aPaSPyQZ2PaUErviARu3OFhkX4jdlrGkYThIVtYnkZrkdl8HfR8qVl07gbpom8zQmTX3AayG1kTGLk7vluFrTr3wf1mUN+lViDW2ifY3biAeT7iTlj3dRaY3khTp4CAlgJ+rm0XCbi/oUUaeF4Rs2oAX1oL0531IrypFiztvIG4iQGaJRKRAKoqCxPupkrRPVjTg44/iXSM28R/KJ1EJ84ZOYRopEjVkfQlpvblGLmLg1n0XqrCwXWYUO393ujkvr42ulTdyUtRLDoOq3yJGD35PqgXZbhoofCaq/eyqOJf0JLgJL1m6dJSOwY8BFl0y/DT8i5eAZIcNlcjytTVyoE+z3akNITquXlB6q9niilX0mVquWSSx5LWfnMY/HYiQU5RxLcK80GDhWcrPfNUZ/qupqvhqd9cSE/2MsIWnaYNEhbvUtXZGblDJz7hMFqdw2+7DTFtfv4jBqhVY0S6o4vzu4/sAQJd1fn8zu1cJYnQ+vSgcOwvb1wF1+4FXUntU31kcidb/g8TpRyHjlhLeC9CP0NdlJ9gMdTl2dQWejGyCVpVCmmXbFDmdDrqkI4MFg5De+ITQHnnnpCz3mSFdDMnor8+iqnx9NWg8Kll+jqi2PsvTcxv4886lc7IIKxzhkRr6OGzFymgg1PI35G8mhZG2b4qwjskH8jRMAp18CttHXUeYTJmSyXiHbrjOotA/YJ8ySeA4Ad893Gotk7y4qP8+7GLh31ytDeF1eKbzoWCtaa5ArVbgrgiUpHgawGGnHYgkgflHdS3mTopdiclE+ND8W41StOpFZRbVLjSfEzSgfAu5Vac94XKlXxKmOCMsVw1ckAv2Z7SEQ3k7tfrR1g2GrUrbHUMAGKrNE8I1rYo/2F1ws3mtvJlozyxXH9aycajjPThjZePGHYdpTH1KVIjARGR6A2h0syLiBbeSEr7qKPMwgl4ou87JRWiMeAv0fg3f7yvmlOFWfCsAJoQmr3xY1zW3NPcZUtA+Zy4cNVyP6MrVgDQ8JEgex9R0ZYcnctNnYvVWp8Mo7bxiAd7mrFfnbsECHfTVpklEBa1UnUAciFrJuc7lnqduGqG6rVmbj3YmwpW0r5mTO4vVrFtlhqoUMHrhAGd8avNCWvYMrjp+PQ8yCkwnkrE1LvgEtH3CsTi/0OiQvIs81P91w7br1QzaBureuMr0d/hWFs2sNrDeQ08Av6iDu9Ei/vkdFXkz/8IB9I04Eyz9v0kkcwXGYuTIdhkLbw8V2aq9zX+cizrOlUfCY8VmCDJC6uiKq2Zf+iWorqFtcsfPX9Si6F6ar9BMGd3ynLcVuti0KSenzqDqBb4ycfV4jBtxfu3J1rPiFEMa25ZpXk6pdGeDecr+uh5pmcf9c+d06rQD4u/3fb/wJt5YvOVsAwvLvUEc/wypJZ03wOyEV5K+atKoaZwHV1DNckdQpAK+f70V046shyKnHhNEKM4B6LryEHd+fDun9BfkzweqX7IF4KjdSsKIwP4BPzUmWZq+LKCvZaI7jFo0v8p+Fe3Ft6iuJCiHol+y6ygvLwnpdcaXIvF1AIQRM6AaTrsMnd5JKYNDnBR9OE+jWa6Kp6JfjYFISEyFZSLVpNBfo1YsQpK+fFedqIgX4ujTW76a9+QgAxur4DJk2IZCX5grlydyEM0fn3fhtp5fU5ddnfV/EQAX92W8n5bayV87hwsmuY6jF8s/JvpQZCf7/DfYbUOOa1KsgkIHE98B8LAxiu8JZeMSc9Pu7nN5mJX5nNea/C0egWymRY+ULtED+sWxPEPpA2ax03T0qHVC9QiwRjwv83JgQsW7R5iYARpW/e8gX0/yQNDkZgwYAS54VkjebjbSnEEg4zBaCmFPXVLT3d9wEnfIurAhkDW+1LwwFuguhrA8PCHdByuRAykSb6s5sGAVmCz+wx5OOVxfquBpBRvoQFlM3rGV0JuCqX9QNuvUJSJgDr/ATNIZbAaEJEUJ29VZ8S3+j9RttQSogRNqspl9SjARGzm70HDvj8x+fFJ+EfaMMBSR+3VYXSUv1m5dSSegEUExrsvgxAF27yAJHxDFQvYFWWOFlwtLcf8oCS+AcJ7PdipYK+2fANnuXSkppkOw8D8rFGig/F2Z19CconQpzz898V55uOAW3IE769eFBOtoJYoGzSkbN9G4B1KOmNPbWNyLFP2Nzy9c93gZ6ra8RRzxwhurxCQZOQqVi4ctfDn/FNvhHu0ddaENX9aU9IrvrZkQpabJUkPsdBmu4DBolU/mkdGQIlubYcLGuC5Z0ffAmNB2hvq3APCmuJMI5mAXsoWQmuapDACoSMEoIfdlj7SsaLaxAnpZA/BjQ4TUoO0/hIRlpfuc7TdxXtgLuwkmdUvtN7D22l7ZF7w/m2TtzoQEJNGfbnbIKshyvPVFLjeJzVw0Pjm0t6I39Zgz/BOdjNxMeEZPTQphpfMpeKIPjLwuoZzvGSkGBgMC/ynvrMVYS4j+w7QzjAUJLgkRcP3OVDmgYeAfwieLxcgByA5F1AYgT8NmkIgcxKIRJekqBpuK0rPAZXX0GdGtZTenIJD7PNtwkAEpn3O88d6nplTkSyxOzF5dbB6Nnl7mrVcUf11XZPG78JL5fXjoDTC5DolVS7Ql/IgE9LFdTPx7XAjLwXeidO7aogr9bE24LWv3xB4kGFGO5bNRW04vYJrbhU3jr3OJi3S31MV46lKMjQ+GLf0In2WQfXTZF3aEZ2szxXuyDDpj59j7FEOEpF7IRpv8iwoKyZeBio5bYro7BqCvmK/XHiWTje84vvg+oCtZ5Nnqzeo6s33PCrihpwXAy1Um7gKURVnthjfm2VX02AP01LchsEVq80mIvN+IZNpnmvQGqEpqnIK/wehQzQ+5FegQPcrPkwm90C7gIyR7BQcwhQqPeAVVLXqlO3dRSQhbGTh4UJc82tfabkHlp8eWewimDvN+fcV3a566dYQ7d1hVHFg8yY24s0i5W6L5+o60fKABAvIBt3eziokm/iGuc5YVcEfreo8MVVULuMGNs2pF2im90WevT877rqbvvoSwxmT7z9GHp2W+s9XzvDJjnRZd1A1w1Iy41ry6SEoEgoqCaI5fGq6c+tvyNlOB7Gpw2LWHnYnB6q6rN8g6x743LSPzGr3a8f11jhhpHx8OgYSxj3EcSr5uZXeZFVoMHBIIZ+sqH09+PizIpLJY0wpmmMBBoAXxXlNwKj6sT0u2e4Cfd6+ghAlinDKJsVyXyJDtpGpdOa5ta6WgAFphAdvFuCBitINaYCeK1LwM338p3Eqjq8cMxU3qOgmAKiU/11FbzbDW9WanSwBnrvYcj3q/RE1VLUhIUT3i62HpzG+CjmehXdgejjgiybv8cz9YDZ4mOoof9SY+5fTS2AFtkbySjP4q237YQD7Pu6AVyWv4Hqoy799BGf7rQfAMUqbogsThIzgOxgRvsL4jok+FRvukpP353TP+lrE90gsvcgR8EZ6lIRMCxdQwTqmcVT3kLwy+MOpX0DCeHFpt2N431tcNJMs190eJS72dsOhl13QIwgl0gBWX6AREW5jorqlYzw4S7NNdpCL8dRbueEkCvGE193+s7OwDKJAlhrryJdJUrctX0IuKryIffgyC7N74ih0unkghimwGh5xN0SfMwQ5E4rZzcF1X+gfjgjk4DqPzOKZLm8c7R7cfAIhOFKgrF0QkI7trCY5bduIxFcn8XnY7nwFz4P826ygJ3xV0YkxXsAfQFHMW8vLdTNCgtimRRafiKZldxfUVfIBHaj6RwTxfccJPcLtLMZwzsghyK4bnwHmIwRaHwi583jNoXewKaIKg/mIYFYJS7L50HDPOt95zKCm8xe6mXMkxM64h94xF841iekZxXAfBvYpJNXCJX2iO7KgRfvVVCp94lLVi+3955XOJp4pNjHknxCdjydksgbtEzCi4W6e1wHkE6STcJwl8flyl02JVJk5ypDmOzoB/666hHtDibAMQw1rLpgtcPsL8BCe0hwMni8cp/4rdxaJHI4FLCpz64uLwrYmvdE0vWacde0EW88idA8Jjy78ZrAzhdBBfq/lp8PWO29P5BBq1z2tmX8tF5ze3MnoLUL8aDJzUKbgAWxRINb5GuWw3wONAOjFLN+83ss4dJKv/EtQssCCrJvdzqeNtsAnaXVDlCAltqSuaiRdRt9llseOqJKD3rMPVSYnUwMO06G7Ju91IZqa34l3jgH2LIRAcI9ikKvwFTQsmsCOIwYc7rbJz8x/JFKacl5ReTQSgMC5Oyz0hI+4yteO5ViRkLPtlzLfX0w9titr6g5VgC7fd9MxnbUNDQxTSWeJJ1zSeW+lXILkIEynhHXM5JaLlxvWxcwEQ7Eh6jpe05D/Fm+aUJ4UeX1YgGkoqlNyeRM7twxzR7pKzw+/lz4+a7YeuZeV3gmfAWWrVKqf3WFB115lR6p93T2cCZgTMdJD45gpjxUG8czyFR7XLgL9UAahusLQuLsy6tcAKDXFOC2Vfs5Qh4T8X62rtB3CBNYnpuvQioFpcNqQE6clslqO37w4KgQU3xG2wZwAuMD0Enq6u6YQfmVkzdU8sxHa5gX61SjMM7d/CE+snMvCXefGYi44y4XNRoRggBTKvhE9q400qTAi9aVmVp/39X5uS0QXSRxVB6XkeXK6s2oT3e8jRMgWTVjPfz9StwK+9AA3fCEjNsJJec3NH6UjZFwyTLV1vtQMAh3SUYM+bGagw5lV18v3SAtlCF2n2Vau3Kzu9w2Q5J06eFVP9LwNpRuzBE1JaSxYlUEydoRf3JrNVpfOpckhljn40qhdA1gIG1ioEey4jyd5bhEm6uuk4ayRrlz55CynlUCLKQfn++vmTE+u+NMlbkTFwF4UhUjdjX3tV4VA+YJdJfxT4CPWQB98np/0GszivAcCy+r0bfLKgc2rmmWb7XLJs49TUfu8mmYhByOpHawnWWlj+dg8FD0XuAi9AaJyhEkCLo2sG6cDXBTJNHViKRI8x3uNWOIQb1x0ZCLNPRUrH6UVy0qtZr4sljhJk893qY3bqNiYmCPrd7S5HpsJed73rCqN81IKXY4OAgGTLFUiUtWEMEl/MmkawZ9ne04CnjxMBCcBJgr//pMkKk/boSh4FqXlhnVSPzGRzw89NwA9wmlIOCeq+1E7hpUtu+vigVyVLFrLEr2orYFLVupCQpun7SD4Pom+/rmrsABhcEskjDiajX38s2k5Yh+yHZ59epDQVfhg+JbTeHcvENKJl0ypBsCxkUKsp356k5wB7fyhl/3nGdVMiYGPbZaL35jicQWAngMIF+aFSQWd+mmL06O8weAmSVt3/xV/2CZwCgjwHia9gBneHarxkEeA6fnPEDiASLYaQ7nTgGotcFay8Hc+ivFR3KQ5ezYR3gw3z8EfJuBl/AvDX2MnE+8aJq64GuJ2NkNgXS4j7A81g7OYG4vLywCe6U/2eNeqbdVkUW08G4b3NHfABJBXYidJFeK3Wxx0ehEx+jeTsp29UDILVI2lYTJxO3CSFZN0y+ROfLNb3IzQykSmkQ2TRfmAEBL9O0wcAah4vwbkgnO1qKYDJPJnN82pOk9uwlLxlAltpvxaqyexTiOem/CbLsQGgQqRsQfG1FeWqvcdAYaG+PDvbax3EwSe1V87z+B1e8Yfi2JVzA35DlHqLJqVGns2nw2tDILzbkX2JHTF6rAEh16gg08AVajO04htNfMvwjDUekGtZ7yygETQxmnUKOKSUJs0enYczKKsAyOQEo7twgh4lm4JvsSc+LhKSo/E45cyt1zNHMjjC8+Tpgfjvqw5CZ99dht93MFACQ3nJ3TEPQXSUHIsIHzlvSxL0Iw9xc8fmPoCxbG8I9lAHuYhhZa7dRZH2oVrKCTs5QoSuU1Ka+3hOx9TfswTnoLMfiz9qGnmPHAfbcfLStea5rCejIj1KhpM4zMRPgGRb70y1B5jJd/YMDz3GV+MStdY09S+TQUxHo9rMmUS6n8Yy9GYe8sEF6EebNxV8tZaZ9LkxI1HfKEhJ4WACjvEyH36IUrb9rGw9cQkcSLfW+EaI1LsX9ekxt9MC+FG1NL+Uo/BkE0IF1h4ycT3I/bK/MxwC3eb0R4i3RcR7ntsagHSDa7SNMCZaDdIlRUBq7M3JyGaHnpmAAC59UnJmi6Nce2KRWFz57xyoPJuwG7Qg8YkewG8R1u93pmS9yBeKSIlnGuWjars/TPKmFAskU6ukGsq7n4zlZMw9NoOVRocdAzvQ5fF86mCtIABjQ/70/sQoqjGC4PmaAlTMeT7cmX6kLkWSv73iUq73bclWyFu4u302yx19seHc2IrjkbefUHT57Rao5ah1DQSDqD9NXqkjbp5RXtFjyUhYYTsHbxvsPlPssag9vfAqsWrtfFW+aVM8dAepgtlT9CbFzMgivHIff32X5uFjQ5JJnooUFHNgXP4VYH9oQvKryNGFrbSbLuIzGEtpaWTJwUt5WSmRX51Ji+kAf2BFximr2ogX+45NyBq8vNuV7Z0Ydv7ilFA9MV3aQ/8JRcK+Ptq/+bTsCN9nTX4OaW1xH6ILOjApFK/wyOUZcz0WEQlZ08Gna4q+KWccwA2knf/WSsnQ02xJwmIlmP/QiY+KnhiauGj/nCCC/+Fa09w1ZGHa02ZJNeyVEDtwMqQZjIYDCqXCXliuEcBYoY+V0vNPOz1S/GVN/ktYnXA/MsN76VjR5hnDcVzYA7qTwKj1ZUZOeHtcuOWc3821amPIy0dfLhJ4kmbaxYiC4o6s+G4ZVNNEXj5LdWGpGOfUcPTY/987QPNFktWgJLPyW9xOWZ79LI1dLSqocwBB1OMrhVHXl6fZ07Rs3FW0X49pQ0cp2fzLrXw/PJ+xu5luqB7jYt3QcHlwbmtYpJGOYPRKJ5G//cLxo6RrPefeMzb27IfBebPJbpusBUPLXw5n0l76UUTVCbL+PUHsRjhIEWRJiF0OAcdvUWjyfgEgyz4MvsyBFBYZqpglu13XCqcQQ0x8B6f68UXKcJEsQpX2dVb8pln7PpcExHTDWq171L7f7o7R5axD6xEnqLveSKv3duph8iNi3Ik6kwwpxB/sY9rovacQVTlqLiCPIiIfneqECC0gW+1Mjznwu0lhdbw7nD6RwTzr+KTaD93CBsAcAJdTuZpbqxjBRTdzozIiuF/i/J8bI8oAMADJIH1hmkiN0dKf2MZManm0ivG1LpsoLl8+fwr0Hc5SROMh6kixSHdd0xP1mR0iMH9Z3BBf5bxkKJldh1JEeP1aE32LWKP54rlm1Tm9x3ZVEh7G3PNw6pq/3KR+ppMK/pwV4wSb46ZXaPT9EkRJtHnVllkO0tdSQ35HC/SBsKkUANoflJbJPO43qtrFk34tJ53+gm1wwoC/lR7iDKYflt75IuZgQIXcKbo/OXNFnwIJk9+/C6frpJhgffbGI8fMtmkHOOZKVGEj5DIe0P+kKUh1ToEHgbmdE7K33HqnMSDfiSDq+JcBWDOWt0nKXMZaymwjtZHfjxVMkP3YQgUC5cxUTIVutlmya01ADIIgmb6I7LpaqY7jz/LFoQqpF6SCUaWnN3vx2vTDrRA4JCvtk0T6JT8rmDNHt57voyEipTUMzh4clEPCe4T3Jr3tmnRd/wDUCZs6rjJ2q2yQZ3bOWnxi6E7FevZ+acBHCDWUhWpZ+LWS+Zj1YReb4UNbVCTFRLrbrCq1wNDL7vYhCxysAVEB9WTGtYb9myKCjIipoeEnO+OtnmmsQQwlCn+NqSyu2iEdiTdhEIub4Y84ID/aF23g8LvaBl6aFOXBmXm31L0KVGV5vkhwK9kjwuOQykg9ITu1ZkBw8WjEEbU/V6dzcvec83okBm9EDYYNfIux/gKmVCHCWJBPL6m986sSA/LjSHr6bBt3Qf29TVkZxNVLz1lfbUM+0fpw89IKQ1Q0G6+JhQeRNgXm74GVtdwlWvWOINzbq7FK7TYBcaWuXG+Pn9RsEJ2gRNUHgOX34iI7pjYBRT2TDs97c2TH65W4zwaAcuVsgAQdpVUu8vbAMN54pcFQeEYKiYnvSa6e1dXbV08Cv/VnhgJIfDZOdaxBcMEfcygGc2TnUd5c72PlNkVfmMfq67w3Gc/HnoniSH+kJRqsdEIUJt2F4ARAJdHCOd+8qkD7XBPNq38smaeYXIp15Xz3najCB0Gnoz9lU6amgaxRsl0i94JmOGPQsufZcXgybV/LBQN0EboDTu6PDjgmeb20ksU8LQZwe36zw6y6MjPjBu1yWc8iAgxXH7zoVPfZPNPt5j0UtauXH0+DLmh4t+jEm9brnOmk9ovQZ2e6BYy7gljtpPZdJYVNPzj2C+AnyJvWunFoBvwjhhN0+SLTZ1g+NJm1rlRWc4HvVxnz7XIqwTkk4bC9A/riOrwVQBvvN5vvflOhGLCo+ght7Mtw1P6xjZJQ4Bd3oM+q4YGXyyZ2OGf9oJ6RO0NNx7gOwvaAbEVDLq6oDoPz+Q1zZxz5PpSugezXfs+dLEWFS3MtC2obKL16DmVB9PlwvcRrtjRsZd9nJgm+fLzZnnz5wKj4M42aoPpzmYZ6Api7jhLlKu3DgQbMCBvlzssB5ze0NZghtA9Lb10dUICyLFAfHnfiGWqRGdB0f39wu0oSuytw+OFN/VE+CxmoXvzSn1uyPn+9x3081CCWuRIohswRZnADSm8EOaFylxaFJW/VRDw0VigpKxzSYFmUp2S1bobxpNOjoxLlyyvJJhNEyeIWBaP3xSQyVt+3oewppZgO/5cxXy3UK9zz5S4Rg4xZL41EPWmNehwa7IfnTeyYb7g+qYA4PCl5bMHKYyY0tBtqYBYEqhPbdviXHfGXHiY5W+GZ+nIxwYYRtmV0PJPyMM5ojI5MH9uoj5c8aKZysFbwc38asyJMbbBZFSMMcnSd4IHMGfGBVRyWVhuijnItoB5DlCQTqDOreEeuSXm5U/7IgL3h1kplsBokIvqv6dUIGS7qiuj+K0qaWB2jK+DfixAnKN5sHmYeG14EBS4bueUxqKEk7pTll3eYGv0gkgW1cfOTkkNlXfQvg77Nd0HSLWuY5DFpQHasn+pF2w5EZyX2lngMscbX7O44peFglHHs/3lUkVGIs+gMotkB+8ztfUTBT3UVLEpQgpAy9sIAy7/Og/WuPVMxAAyJocrjp2WzkQ15jjeVf85q6NnEA0336EdRQhAZok6NF8SRWasE8zfA1p+jUjglf9V/32gSx3e+YuhCmaqYdfr5/gXhew6suHru/JDSrrQ+FYRmSwanRE3qbQfDtUVPyOzfediewF0tPs+mnQF2rY9xoq8p3uLNwM4ZtO/uifQgve3LW5Gum1koCiaNSUmUmrMFS/VsWsDeSy9Vz7FkPtbdEEfO1fXwZJAWGfV2g6ILqlJbvakldsVrwhnImTSznPIG2omIPkpV4gXiiZrwOpfqYb8SR4uk4pYkN6StavadQutJHGO/LopVTQr13MaiC9eQ4xFfdZ2KV0rLTAxyxF5aLEzb1PBMfonCpNeS4CViBoJF8Ed3+li4eZebc1h1vFPGLXGFdSEDbtqX4PNXAPuFvkQIzFK/xx4DPwaS8BwUpWccwXC2UpyJG+hISS1nBjJ30V+i2+sGaZiA/aTZl6AfNK4n4sKofgoZ8g1fC5MMN+abwBg8DNT5PEMaJ97nDTn5V54ZeXfikMHiT697kXj2JrW9nKbBRheHtPP/AF81f8Kn0STyHoBLYmn62H1ley0zMxN9045k3LrvgmrrRwm91jCwffHKwPiivhcjcaTY45D4s+Fd3GnLyZpcOYBHx5arfa7LMhVBMQSp3Sb16FxwT4nDrYdQbYPFWEeK3o4Mj7Trzxx0l62I3A8PelU87A9eZDX2WcqWxv9+cGzZ1Y8TrMLzTKX3K3O2AWxM9RjMtV0E4gCIGC26u4iEX6fhxLUg1qiEeOp6L5S8umNFMrc36nq1zVAtst1YUpkSO1tksRzwxrKsCvMJE0XaI5tOjZ9vmsGRCvHp3Ulc97t7+v2Kzh74SklyOF7+jDKMM+iM7w13oc1YNFGcJCkX4jG8liVHQcPMXFCc1RWfOgi5dRkOHQQuzYt5UvxXoQQA4WIv0Hvp+s1JCpTTZMaq3jk3Io0UGyTRC+s6cW/Y56a390Q8lsSLNJtRtp4Wu0+8v2IZ8TTFL5S0QpHTcBwEb8elPUh/0c6R5Eyve2lHDDh7c+sWNmXa5wRvgM6FxmLe3Zvk2WfRcDK5z8l3SehDFfX2Q7e/wU9c6jb9W6YKP6tW0fDRGQR/kGcbTN1pXxF7/u3fZVsczrJwoqD6Y88nf9CZ3bmz6uNEvlU3Y9xtVaYaYIxlTemSiuB3ybW0a29I7Ee9fXkdQlVyUPBwxSRpFIVDqvCZgHIfyFgYF/jDOVYEQeu05MfoxcvhklDPIWfC2FD+RB9UCuIWJVDFODmTmS58rRuv1wyGF3rAurWqgD5eC0t+s45nkQAVZFbkxuvWX85nchR7lShkO0OeqSqdEgCNNmqT7nLoVziwN2dWgLBKsnyElyjlVZ9uxQGm5yM+ZTXyNp90SCAO7nLE1yxw/TAdkzJUkljmCAoc2C83GsY41eTcAIUPNDQctsvTBX8n2AxOLW6czT8JYVjUllR9EofNEZsH1IBdrUUXM6ZJPa/zgKf/fJy9WcD0pg+sHziCd9UZeTHPY0Ub77uCQpdLtqjiFw08Wb2JGgnDbjFxLbkO+bR3QN/W3A4lRc4WaxD6kj7qKItmjznn+41CoIgX3tVLwNmDAOFN4xIGvy9mXf/XrQHDJClAnuO92Kp0JzEX4ndIWDPIl/whdQqZh4r4oC9ZdTkMLh2Zz5xVqwZo7QfH6Bdh8zT/USkJ+mfwcYlRFxkiiBGJnYXCk0gJGjnqlhzuKIykoa+QByQTyXg+6U4+6XnMJKL3eCvzAYRTZg4+ykcTv8E7gw7ZTnq0PeEAgxukEs7/dgcFdbUzAeO0LDvzN0u9yHXLxvRtLO/c1t5QWzOC+HyLhYwmXS7bdaikhQbpvzTAHbnnch5UQwg8+e1vrMx/MiVZ2bZcEdeoGnZEG7CqmVv8XiDnARmPzzcmu8dGyOXN82KGhNwsyWsT/Z80ZDCjXyOPztBX55z/pOSDeLbYUjaoxEFAqqIz+XjJBRqCvs4cikWoRwDxrkyCUwEgSomGzFl+aEPc4OaFnhFFORBGHaeH4XSgtJqbCIcVtPCW2wyEbHrvvl0mnGAGFTH2P8E1msQLXbDXVeVd3hjUwGrUKgBB9AEkAt+o1rmVf+kGIoVOD1MZT38sl8fI/Hx7mXNtV3812KyyMnivGO+eyVdEoJZ1/e5hTXuQoGAMdOQZJXazNeyLwHUzeKbxbyxKrcDmJcU/qSlFalgLycdvS+mheeiqBcAuMUW94woVXR8TGl08W4AAt5xw0BvHWdE5JqeptLt8A9Htum4jyRodgVzQfuCXQ1Ml3NasfUfj6YFHEiYMTkXZUwPHn4INS26Qbf+pLI9WPUzjRMpfTpjaPybZ7eSndoQY+360IeS1HavAH4wf1uKPEI8vHmGBbO/OTbQq5bF+Np4FBOUltckAnpnrNioHzEa8rOxGgkUglolhjnfMrC4H17nj05UszYu0nfE2R/zue2hdLVXd6mahmgFQ80RzsglRFXM9d2JrDvBtz5hFF7F/n7htPLQ51b9Q03xEF2tUzjZ6mNp43dLJNgkIFOkCBno41Qhj2cbg8jTzFceiee/MjjO9xLIFBfW/BOXiBbS0PveQKJb5TMpVRZq70yMgRBskE/qHB7ybNdpyWtx673DmfMW/YPtuy8ijdJEjj08CmRAkwdMOscT192il/Kwqi3ZVtSJoxhaLsMbh4HC4irfgjCHdOdvzFsOqpk4948Pmud7R7PPCcdGUJswAI+4YvaGRYbab0G2yU/qEl5Q4L1uMQgxz2w6tVWztJvM9xbIw48Ht8ZeWNcmnlGudSJALWTp49TccBfDe5WtBQO30AN9mgyH17uMPeMmNNKcvpuzgQR5AUgj5ChfAR2QX0pCJ+L9TFLoQUZxt1H8wVbrSq1teHcDLA6WUl81KSHF3b32Zt1Q3ObvdaTN9gkTLpYAu6D2mD6IJI4e55Si0Y9QAB4bg/nGefa/GoxBKTQMw23gDTdPXA7eTXtgtw+rvZVeS1t13xzXtMw9m8U/oafLCsgxmxluYd0Rbo8qmPSwPiFdMPQZk7GzdZKlDflleEPyNLhXq653pq+n/2dNj/PsOARoh5unevBDQuY0pq3CH/bE3vXEvOkty3eISt2oW5cn7WfUbwNHJ2kOEupBBK2q06LzhRR28iT9gv9OHSW9oRAQFt+S+QJF577VMk+4HOj8soX1XM3mx9dlbDgFtcVTY6uqGVS/sgfg86GgTBDNrOvuk+ksQg4PFRpIOcOtzO6nKmT4jlIZe5zzQ41M/NODDNMngxGwbrsmyWz9hXP+NsefErMN58fM2szT2GAaV+mIw95A+SlmJu8W4dQtQKgxI5eWfx1W3p2uzpcsT0Vau59/t0G5y9L7cL9ck39xcUkfbC18Zm/qe4DRlhR9jzhOJGqwo2I3ZAysprdt7QOhxsLzKr4d7uPFmMK6dc9rS+xbgHr4lKoU0Ten65jn7ve8mN9BeMz4O9GYsF8nLAcCRAWtc5wGJKKR14ZuS5OjocvQqSa7cXDyc8zjzDvCv8aAe+qeyl2o3NbpIXNHgIhL5KD7kodOX0AMIAdhfvm5O8W09pM/LwbI3TQj0mzLB1RYSYYr5fAxtJQw2NcTeTNiCOXlopjl1+1M4yS5ZkUGpQNQvbduatGDTmTSuR6TTzLUBs/SVHw0warm9brZVQ2JlwNg3HJZvDvfheU7SMx/GicWaX7FEFZ8SAzALSRULvHp3tR7lXXu7BMFO3M77jcwJEO2/lPAzUBeAvkaBlFV2oRdEXE6PglRaHTUx0lzvqMoMSt8R+bma9DCCguSEQA3OPVkqRLQ4nkDFVFtIOPfWnCe6PH4Dj3l5NXZENfNIZL+LoWgbpegAb6m3r+Dqv/1Lq9ZsNa9CpMXzW72RfCgpH5RY6fjc9pClN8c1qX226IyOPjQS4EeYEeCdta4nt2vS5Xr9tsXk98kJY7SvEZx9dqdBJ8QdRZmftO6CFpN7o/bZuYU/G4IZXs01NHxc2ecgcDV8rZAOepoZNoRqHPY08ecF+4ye4BWRbTA6BrEeFkGvaQJVcKMwcioG7wFXD+YCWXRGuuhQSbFc/NPkeZMmEjpZtnfw7o8s+b+uCG6mYfrOY3wTIdxIN1e+beVen1yKU7T74hqqn0DhMihyouPtGK8We4Fy89+6x6+ZNFwb9JxbcP80I1D3qHnqwF10/ESYyG5J1sPzhC9HzumiMLfEmvNgvITyvO3AHINccKz4TdDvLJ5zYshyXdm2Vo0/OvRNw0JBFX/jzar033CaBE5OK56NwjCVjxTfkT1UL/9DHqlgTk8thzLXmVTiMyLraEkNlIcu0C57icxwxIaOlRkhRudrSr9Wrx5UmPuFiPj0xQqWuSH4JYdOepp+5EWZ3BhHpR4kBGVedCqJv8lm7y8FHIZUGS6RIJ1xlH3+89lVicxWUiP3doG9nXQQoDsy59sgzh/2HvvZadR5I0wTdagxaXkARAEJpQd9CE1oJ4+kXgnMzJqurdHtuZrjbbyYu0kz9JAIEIF597ePjnun2ajndx/xsT8BbFcrS+Qn+eSHOQGbcN7FMSM+EAkyoWysbBfA6V4yluPb443UNivCh8eN4I6Rt7YsKs3yfDq34EPhMZRZDRi0cIYUjgjETjMkUXuNieHa4O4nukc3uy3vxB5Qv9oPk+7YLasFW6PYoHyD+tIK3n1c7+NXqYjl/gHt5lXuJSpdfLpKiFk0Do17OjLYnWYRYmztLKPKWDcPjE74lo8qIlBuzz8KgFe2hQSobTI+fIKs+eyhP9IrhzvdLYg5wKyLnodD/iJL/ASeILZoUDwX2Hdj2J2KWSzrV6ABDP4QnZaUI4fvbS2zSF5sMEchFzLftRCzaBUedhX0tK20BJvB7Ui7AJVse2OJcjhG29u4IFEXZvwR8/uXOFq90WAotzSTDIKF0XoBbFw4RTBRcovucD/0x+PQRNM5rmYzdyYO7wj36FTAVsfiYUI9upXSqXBfuxzH0yTWHfheqx053zeD/2cqsHEAG9UXoujD3Nntt0RRWq8Y0sV2HdAuiXs538HDSBVfYvD+RTwQlcIX0XsVggJyfKPjYa78XM+IHB8KrFffc2mx5Ubqw3pOyUq/jwADn3I7niGAgW7EUpg70WM9jdX5d5O+24LFbGsLZFzjxIQ5oG7JFU0zA2gd3Asf/exlVCWP8AboF67OOFtIDNeZx2yGXDO1ztcdvIV/GCrWFikeemOMOz1tr92Qn5BcGcK4Z4Jh/jzSpuHesKAWWIBNGpWPvMZ0ZboPG2+5zcAqx9k5dSlGqHgnSmF+n4tDxlsVAl0EMpPyHo+tKmEeJVd1PtKQTGwHCOzaEbxxciOBGemS5UAAZIagdi1Iei2tno4pd1Q+W7JkWP5A55ftzPrLNfDCAegD9TMHHYw1/YxIUa24sDcSrBkYcgnKezeOkRMZ402Giha8OErc3JNThNGO903EeqvMfOUzjkbhqBmqfV+jUSCL6gFfQasBb+9LYA5GqAn45eAOKpeqPII3UOtuujEHN+Ol9oIudRwp9tnNlNU5gf1Ncc4G3oZA5sjH9rdFjXl9Dr+0/dwlF11brIRyCrYJlbxG8G2R7CH+nJn2iasNlpOxd0eHfZwvpfUIMnp98HKvAUHxYFFBLTh0JYDQeucZSBh11BdtAavk/gvxoZ+hgUfx/nB3vtYq9d3gSatty3rrDVwwllrL3hjmILMz5kgx+tbtDrbuiBSvHS3d9kRrBdtU2P11JTObmU/nYJEgV6TKj49sTPb0NcusO41EftHyUvFdHKLLsxnCSllrHAR8/4+XMI8iV+Vyb/3nvotqI8licLKv8MyomrOmMg6B61ekdTGZimK47Plvd5VhgVF1lurOYFZF11qvfIJOQUd7m9jR0Cip5YikTyYr+2EN7CCThtvt0vTEG8lZeoFu4q5yQrHeZU+JrSJaXr1U8avHkHDEOqKQS9SLRouSgj5NpsU41taTPbfZV71qlUu3wju2Mf7aOVerTpoAGMyOpYeefuSww6bXEp7UH46lc8B3a1ezE3F9AKgh3O3dYmvAQawyYsP1AkEoWI8wAbaUhthVht22ggtAmvzLE2PKmOH/kQmyV8kJXXXfHZHXhbt8UlDTNwEgJZ3iN7FItaKho4uCc+qO8atuyCMVXRYWwuplwGtfIRpaFYf6w+dp9N/kLFkDZEmTC5fdXZLoqHA4HlN912ABKmXUYZAkbYYW14LfHOBoEE+89VLEDoQjIKVOVdu4A0xK4n87cvTktOmGxP0jq+1KrbrZV7EqxuKTwa5tpzQ5gMmFnS7WnulckzksEq+56/Fow2MeMlpiHVEYrth71HdT16L115o6FVULU15WWyyBGLP2t+WAyvlrZLgiVxNOZVXqEolECEG6rvOyHDKDg3YuNLeoz6nMnHGwVLJHVW0djRMlvXACYyXj49qmDIUehfS4GdQlhBvWZSyuV7kb/HoNZlD1WkXSL3OQsJ517pKo9Qh9lT/yptDzwrcjms3Qr2OxeOhvNeqfKMg6uQwiyKvx8JwP1fJnTM61vhzpa4cl3ZPPxu+c+lf6mTr/ITLZZvZCsy3McZl+76pdhI9UgkIb70u132tVSExpiZeACdae7jiEX16ip9kUujIKl6dC5bntJazvJYkVAy9XYH3XmB1/7agxgk1gVsjsITg1Xh3pXa4uj1OcuStRh4uXJiZixtc/B8pzxMjgCivhShXi64gTESg1Km1tx56tX1EZJMwQD4d2t7U/CI3Mfn8si5rs5Zc/v5Az7I4Ya5itCxdBHqrIWVecUvdrVzHYMlLxlodnMpyZNdzXwG6KQyCnZZbKydrP38Rif50JQryoX5s0xc3uknhpkZB+M3hgNiaLtK45aqyy271rm0GXMczXT5nHAECINx0Q5lImY2+9lFvnDSDI6NU8HqTGxNw+sae9aGG/YyoODHRrMIxhiMPyNIrdsXNgxyTRmLb2Zxq31PuPYJTmn4YkmV+E1mh2obs7ktGmNzALP6BVbqRWCsZe+XpnWXTLXeIY2fFqvVkuaYeKOBnroL0drKo/56uDASM8WQpZ8X93G+sTWoV85DbtO3T2vtiBFgZy+A34mUY2NVBJ6EgAIiAnJBOMeyMchCPymozZ/QaA+v52JCveC0TwzppekC5ZS1v2J2+G6DEmDMl3dDS7xiIpbCLoACfBKAPbuUsRRUgH8Df2ZQTJY6Qb/xND0nd2c7++3q1hPnAlm+m93+7+hpiMH/2NMQQ/611eW/lQ4AJv6lpaEeV6CDIALZSz/dDQP/T+lJS5DkP7Uixv/nGpH+l/WkRcl/mf1/I/vgHxSDPzyCyP8k/SD8j/SD5H8j/yD8O33/KQHhT/PhfzcBIf7PhII49VeJ+c9//9uQ9L+UgPCPOfz/C78xBNE0BP0LPzXyX8NPjWP/auD/Q35q8r/KhMDUv6zf82X/H2TUceT/wv9Jzf6DVuP/VrP+r073f72P8N8kPH+T8PxJwrP/0LGZmOYGN7XYywFEF8wPIUyV4D/EFMH5B5nODyHITUDzS8JT4zcFHAdIV0L+VQGiiQD58ztA7/lDf/aXe8rITcH1S2f2Q1H9AkQcgAIU+aE0vKkN4esvcs/yTROK/ZCxVIAS+2cMP9RhP+O76Uy5P55lrj8UXz80a3++502fDahEAckFoMiWb4q6H8rFGrvJaH7IL/Zfcg9MOwEZzU0egmvnTV16vUf9/R3/+XJq/Of6937T9VWAYMX8pWaU4T/u+eLN7w+5yR9j/P0MuglNUI0H0gOew0B/UNsBgpWfzwTol7jkfPE1/vPZ69Cdhv8hHJEBBd73h2jknmNAnnTc0vuX9/mhN5OLP97brWRAfvKX3173qt7oHyQprx/Ck5so5mfM1/fnTQEHvke088P/ZZyAFg/WnB9CluuZP3LzQ794/szH77r/fvYzb3/M0U3iAmgL77W+NOf4x3v+Zd7/fDagQUz+IHWBf9f6L2v5P97nHgt8rf0t38yqvXdAooJpf9DhngmgDQRz/UOLywHylF/CE8f8pVln/iBW+QLKSkCmojvpTSSj/xDTQNpNKwfk7v39HT+m/Xm/+pdk5qZfBCRWqC7sf9ERBswlkCf4/o77pZ+8ad0B/d4fxEG3DECAPOaHZhfoZnPrxetMfin1bhIm/FcPjx8SLfmXjAmQEv3c50cefp7r/FDjXte6gMDml2YwQH9k9JdgiH//kmAFP5R+503B90tq84J/qYZ/SHxs7NScPyiHAVmPCf9QZv7cF/z2JpS67YDwSzH4QwMK5PP3vuj9Dj/kUjeloPZDN1n8kNsE1/oIt6z8eV8xuImItPOmJ/yljJQhQDD1S5qD3WRSYL34P0iC/nwekHfwvJu6+Idc58/vf8mYCvz3/+/73r/9oUwGVKQ/lMgOWP+bqhLXf6mKgT3RgeUH9KX8TbDz5/fa96/XJ7+0n+alo79jh/vy16vRcpf2kW81/+gRVPTyvyf2B1T430u38R/mIP6thDv033Dobzj0Nxz6Gw79DYf+hkN/w6G/4dC/Ew79M83UfzscQv+VBfC/Lef//y3l/9+Y8f8DOv6nGf8firf/hYz//9Ia/zHMfyaYY/7CIvkHp+DfDGP/VQxjK+eKec4fJA5/2CIIHlJYf77c9H0MmZceKCt3ZPNhnMYqNa5UyooJy+rJlfZTUTL95VQxfjDv97u2ikstnwEoUzc4elK375cp+AuYaZ0BahkjQ6+TrVHXPIFosJlNjuSGo6B05vwynA+KcMZx7Qk09V1ZaG3lv+W/zoZeAajX0POW2UE3dkG6JpwBH4Gasg1dWQIT1MKjWHF/TGMJt8MXYtJCBJVEoComrquZ/QQf2DGI36sQywOsQg2ZlcjKjuhwaD7TUI9SC8GB2RNaBijKO+/IsbinHMSXNr3EeJQhqYdbUEG6qxu4F0Jmo4rvOskICTvsEvTyp+wENU3XXSju2IVHvb9bw4XHWC3RHNVB/e38HubzK+DbHmFpUPBOT8SFm2t0xqQLv+zyxL2JInohmZxhomMHT/WLdBY49pCF9X3QxA+6dTWy5MCkT5HLNk+3egI/upYPYUT77g+00BKrQ/ijs46nz7znB+lVyjosfJh6E4EjoEg27hMHkRT1NHR2Eq1jT7oDrmUN/UpjjaAVKvD07sh4M7yiPYjjuSU8SGvgaKu6IMfX6jCCpNleysMkowpUKb82B48CBLa7LXEMmHm9BpZaxbxVy3VxwsyLcX/eKNgJuln/5jX8AFXPRNuZMTZ4FSxMvGROiWmczOtxXsv9zXqHiHrVRHwXHMF2Y1BQqt10Z6RT1zjk1YepwJoWradbouyMlXnJBFpMpl/iPdnt5gyZG4v5sr3wa9pm7V6COeKX0aAxOHMw+OBAbU0IDOg4FXH2aBvNsrufucLd2aAQF+sW3XZAgYx5ovn66OfYQk8+jAvS4pLDP7qYHB9MqjNW6Lluzf48+U0+t2Wbf5+cN5EG6vhgqaXpCbU4rDBKvatA/djx0ElHdbXIQ4hFOqQgp5fto8YJVOkUVMXcEizY8HEzVt0ZWkEqEUV5TWGQJO7K0YOJVP129kbG5/pGFJJPNkyhE4pSx/2zRtPCLHd/htf1+iw5FRry1AHBz7g4P088u/26WCo9BCe5hEDPFQK1LQ2cWmHsg+5B4ODtC8pFPzLZhYOfEa03uDODrlBAGWjwFmCWzu6zv+6DqgycupGqBsJ9NlsUIF9Q5xfcu24b/+hYrYNiddB4RURgPttJJYtOVDzuGi3LOgbOZ3js0VmfrJaja7rcjXJ8iw0bMWq/2IJCUpiDoj1Q2Vmt5/eSyLrTHBpS1qLwL9vL7+2jQDHhpJxnG4FTzyRpGWFuBJhT6G1qsu30CXKYV0byQ8bv8KcOKW032L8EHHaek8KPUXSeLKIlkZIjcKv8Md8BSoNuGRF4iTPajCCvSXZkFLoHFcmMt7+vsT5WfL1tmL0tivb+tQVtCkoSWQQMPLdVn5ErA1uZo5SBATJ9c5jAelVz8DO/LPMCZamooydGqVI0TAZYKmBw56ZDHI9Q/kxBBe4BKKHIW0miF/XR81nGeHFi8IRFoMQfHu6qjNDqf8S0Zpo/1tD9Kdm+rkoQicqxr84UHcSw92kgRI7bXMAd/Na9s0fpBeEz5l0gig55S1Vi0gOGDZJJkwe96/nwe9cVTKV/uRfQsk/Qd07MPokujVoAKrdLlRCevWfEOXTPBBDGd8qIpUTrywc8mP0uGrzZKlVKRbGyuOMP9aamX/WS8cuK0Bj71J45lrHWx0TYBczZ7AFZgGPwgGYuyJ1nlNjZMrrRUqfbG/3DvUXinv8y+94/BSVfxybopszSSc710Eoy/vIQ37x0PcMDPzqilmY6RoLefsCA6jWKJ3f/WqaAF7ewnGky1y9b3hu5oc3oBzJd8/V7d7C64hgLfpgweKGhwgAOauFGsVC8WEBf8YuwDqYbbMFQU16dq9zBpQePofo98nkD7iuPJ7+blUOdHt/7yHG1xQaEdblp1WQXsdUFAvwO1M+xlJWMDferz3dzr+0u9AxJfq7xbAx8wu8s1ubSj0qxfmEkrxl0mcORuGgSnrTBihGVEScE8+xBfPP91YZ7hWC1jJmtkB5Kh0QrAyO+TOyokO8bTTIHzkf6j3e4CReWnEbGE5Fw9yhDm2Kajw5OpSOTja4ennMFBsRiUVLr2/xYWhIcWxeXraH7843bzTJc76zvdPlaSC1rwyDBUWfO5JyIsIyKqbDRbhsArlrvqUpVMqyHb6OoV5TxCPScCU5K2OSM4j0MpgTSJla51/d35tEwKG2mUOOWFEbZeVjHfEssdo2o4mI+30l4jlYaHet8z4HYgsmhFvNZO8WzCkl7Kt7nOyO/Tul+3mTBFff7gVJqeqG4hu9ZhJP6lU3YjSCPTEo4kU6xTW5LoqnSHzsjasAi4XEhyh0jrFzVLe0OejSKos++CsPjq3H7j0bwctmDRPr68eImNoV8yQOC5SQ/64VQrD1AzHRpBarP112bZeeFTzywHk2Dkx0U+SOZ/Bv0UsVgzEteJ8n0mMKX/BMoERHfR15Q5mEIccCZyVe/QlzbA2PpvB09pyAm4Rc4Ukx8dCshPhBjh88nXlhMPZqcbj5M5dkwTsHUtj2agOfjgvs1K3D2wMj4D1sKoAuzlOfAOMyF97jVvBlXmKpm6+tnpoAxilCPNXszrzxx5u97/5fe++nql9FX9JXkioe+PoAMytn/kwwyGVdNa10/NM5n786Uf7EYzW0x+JF9sDgkiSjHV21VSBLLJCYOGAjE81dYPYy1lZ21qnwtzEsCE2CSzSR16dtzUKRKiU/pzSXi/blJqboeq0BWZ+7sV73/efA/aN7Kk/1qzHxLh9j2Qtjh/13zxESSfFCvTGlYVKHJK8lybBzBi2+3Fe7CfF9MojCLubv7y9Jl+1m1mSW/1fX3deyisN5W8i+alXBukaTZTZUGvZT4eDx0OoBs2tx3XX5N4D2H9W6Vn5gj9iqhQrXt9dmjYsJL1BigqMSuKWyM66sfYn+Atic4SE2DnqcrbWdtJM9L5iZB++Y7QbucxCz5A/WZzhyA2WW11hBJ5Yj+AFNpU7N/IwMERQgYx7nERiGBMTge03WDySm9Ewq4QtTHtfasiqsovZrFWQCAt02TcY/WuEdbKAmBMEbQpENAvxK8WGRXRHal00rOyNedNkvcfT5hrcGDDZHo87NdoX0r4A1chbVIDt57oMDJmk0qKKYrXsjj+xBPjHOK3ozeG+gRhwqgGRG2/In9A3BmCLw/Gk0X0mr8h9LQOPzK5SyWnivDQdXGsDTzaBivbi7QuQcJp+7GqvLoCUV+iipUMhZnLfwiJmMDHh6sgpM+7BdeHdwb4NRwV4O7tj8nZBVyRJKJqadaa3+9CggPFcjfuIM480IZCZNBgd+Xr5UdLiRSbGqUPjrcacGBiCkgaQ3C5XORjGyYCooWRELhDctKmeNGIO4MTmx5x/UGL4bYZZS5lrKJ1IUsdHg4ulywkZ94os4R9LGFObkz78j09zb7cOmL66IkLvpYDXJiuTs4IqBRu00Hjzjr6DEzMgdtPXC+pibJ8PmLXxNwfko/JvI+T5oWgnz33Qboa/0wyyXk0Qste+OfUFrxSmZ5RDjUIQiZg08BzJC29cUVi3nDvKoAFA8gxhS7YyPJh04xon6w2LPqzckxfZqb97fW3KqlV9cbJZy/rpXtxFckriCIGlPEUXWvaXojfrPSLyC3LP+5hVfPIFx5JDnjnBY8X4BERkqOVvb07g/w6JQpFR7tW/yPcLZ8QYJPXLx0pTsEBPGm4nSskxL58H7C+WvlxhQaKdR5ytU1Hg1CDAGKevgc3zcyQxPztkyA71Mk4w3EHNOlQc8IZfjCz4QQMq2p/VD8WYR3sML+YLL9iup+Yws0m98AVHIv1YBtC27BSpSc9nKanddZ9JKhkI2aJets6oOAQ9V5flyW8HwiGPdi6MtIcxi/J0nyJTzGzBz6029ohNRrWxEYI/3DlclxB2ehFeddrZxd7QwKmo4QQTvLLizXUoZq6uQ7s/ItIcuv8U+d20mA5ZCOkoQUyUz0mbHw7ic6OzEYhpflopyHGkP9Y0z5bfdFOV0E90dP5NsFkACdnWVEgNgI0Laz2EvnGeEaOBz6DISJal8sdv9dZN2lIj9kPk0KbNWCquv3Rq9iecWFYHUscCAKLM/EMs67bqj1cZ+/kDPYa6aqyJEnFz3HJf2XGBq+YmhMIK8grn/fR6WYVIh2Q2Keq0xmy/vgh4PLemSc3sMEEX6jfy+dIHUXUXA+QfG8urnY136Kor7q6m//XRfNF/3McosBNb1mWSeLGhEwW3GE2QiqBWe7WkYBoiCW4NCaJ2PEdmMmpcpt041HmyPJ2j5/4uDGO3Iydrgr+qa5xIc8Ig+dqb+E6gtlS28GJKve/c1ksUDUQs8e7X1gvuT+uP57XW/8Xg/0n6wKh6LsEYEOTrVnym0Ohnpdf+ldEiDgA6PYRv4YN7BScfg77k1nJiTACDGTfcSyBspn1mv2SpbqlTlPB+GxTvYqfGD3JwY/TpDTsUBO5/TbF/zixpWBrjndsa9wzXqDFlekRh60wB9fn6lj6NtE0U+sMN2ZpA/IJHXba7KdpTtzr9DoB4V/Vysts/TD3z2+013rmD5xBdANIHbZn2fj521ExGcMlP+jR5QovbR9ovqZTW+zhibwYiGAS88ppHWIZzbguz3X2Rh01GBjIyn1H70mE/3CD5gSx13M18DbbB2fRVZa7ODInZg3pGEEL6IhbXsxVRscKXd84UvgEX8phDSj8ppmHYibWt+e4vOxf14pOBP7hTo1x/GezX1GzFFsHDLNqEkUgu0/7SVx+cmq0crMpo6wLi3l3/7fYmHB5ZneYljtis6QgbBctpWt7PA+jEttTBqD1p+5pmZg0lez5dI7ZbyxLBFQGp3yy26oymzSu4IyXfoqtcsfJixWrWZt+0bHPpl4uRSVkeJ7Rl1kSwvP4/XZfXX8zqDMYhnl5cxtTMtYPHzW/YVNIyWBC/8CHP56WMAoeOX3fHM6VjumuTI+BoJYPt0dr1QuOGs6BRfFrnafgmYZjGHBOWsW/AjKUnDAs6RYo9gXIucxz7MVmfgyDTN/90dXZNRDKvRZ1ObEmj5mqgiYdgBUwB6B6PYlYICcGWOPL4g5APhKjBgUYgdZaDq7BwaEw2pyIXDpUTyTS9CUVdkIDllD7GFcN9ez+vhej+R9nZz5YxDcFbLAob1gxBjVRkNLY6u5qUunmR1/hykePkSqsLFRKh4Uo+5Se6KjpwjtuEsnyDNHTgfLlJ2fwmx4l5CX9rIArO+rMcNlZjpz6rYWoYMd7i5lDBgyH6v4s+bWXctZEfsYpdrxYuALcPSk+ZwABwJl6cXsGJ/XFXUk3yCjD80b9YMJ5fr0GA0TkNrHeUsE6cRqbT6PrDurEbPt4ZWFwAruH38rSalc7l4ZBvYYhVr0sCzhqsE8r0j7m1Vb89GzzmA6M2jGN7Mx5d2OolXq43Xpuygx5iWXXZw4hAXOPRLyakDhF2O7Aq5HS0d6FgJAN/1gJYVZlVH5D8a45iYFHhKAndad9UKtNInKFBt6S+y1nu1Ce07BUlbuyidyeCjzxIV6SXoOEyvbQvRS/VqPu5XSDNVZfkVbWvpldz0XfH58kYlFX7HVs7aaXtXZOgByRXCBb55bT8Sc0NggItlZX1ApNlH7vNxFvw/qZ2oGRBrP3CpvvBCG1NstYttSlhQQ7LI8eYj7s0KNQoy812C7itbVCCFaC804HLBumIDKdfcki6oQMlnKZz14PPNS29/1M1jgBJBoij19GfqYwevFZIA2j69i3dmOmRZBjKLS3Z8oU8UIJsafrmwKRdU3WgeAzxRr0MCQXT3CAS+/wbvt0Y8nj4Kdh5hxZ9b5Kks5vS7QBQ8t8qbR8Zo7jMutTyq8l5Z4MSJmrB0dgVZOaVfhdcp3w+ty63WD05scQpDbhAnceXKJMASVZjtPMnxnV2iAlnLGaruWcd+vqEy52347MssPf2czbtlFndHe0Xj648yfX3Vh/dNL2K28+/SXbLXBgVBH5qfamU4Ah+QV+MDQS09fG3sG6WLJcfDBB2pTVkxd3wuS82NsVVgZKpgVWfEAP3j6gI/nFQjtilSnAd48mAWTfQbFX5n/tvPinEqJxePgGl87K8QP9pBIflp1cJpeTMu+bYdpcsTb8nDO/kKFDl8TcOz3Hb3rKHxqV9Dd9Xs++oZwYmBV2Spax1kmQvb8GsvLX5NVNVyMvFYIa59Ca1Bfxx63uGfiaVzZHFNVFk1d1/1IrsJBIFBxth2f+MvpxtE0PYN6TDxEMZEnZGpn4wsDYT6R8aUQz+XN7kqqTNAFk+lsxMrYJvCn7T73lEiI84o3LxPFqRSPYpIalJPlYoXxOf30XQfG8oyg0vZaJYZKJjAsznhcj5x29oJoM93O0YXGsgspgC0qmjAeVV5gpqh8loJbFf/CpKX/KFJNIclyyteZPXAd0Xp85QhD4CNraS5fSJ2gWwQI5zEWarYCnT3fFyMBu6wMxhrChwItQ4C1p4ua6CdreEYh0+0GZRqrpGuXNPquiE3jrHqDmMgH1mwKeqH9/ak+Ccq1vZFZAhCYKB1RdO95Vrwr3Afy+vUaye3qhvRB+otSadV/cN7dnSfg0bvtQHGZG/c+JGxKUzYZUeDQQ7YG8MZLu2aQr3l8a7rs44XkBKviwc69ARkVmzkQWYloj4PShLSxRTWtSgAMTRZqpdKmwynYLeTdH+zSo0gGTMrXUp33x3ZcXFx7KDPCQn9crjRDvIF7+3FnOIjVmfHjNC+YBsVmqEQhiEojCpm8y4PWvsy7qafX/PmEBxe9+wEdWTOM5iDsSO8g4K01iDP41NCi8kMX9qqo5MJbQKnkCWZlqNU00BQIUlAS2vkG9A1g+EAVKHjUJe8SRoPy4L02Pt+hAvcd6Hor2IQMAhYihdseiRbOZQuUod+0K7/i7spC42YcqqFYtxgr26z2wEy5NWMcWYJ2NOGLMj978IwpxavrdefV0qL6EJumbPXeyrLqtLrTa4/qIp9wAAZbio+rbVhIe47VufzIniV0/R2e7fwldz9TY6I+jytoD21aTjrBoXb+43QMNn+HiF5bU8MkykGRsCtL/Xv9SDHRgj1Tcsa/N9MWeBG7f4W/neIWGh2CwtsjMr7kp2YeoFXASRXOJ+kuw5uyTgn2kfmA8vPdINJHrMjvWy9KNnn2wUFnrSvDKLTsKNh7x74BTdjaE/WvuzDO5wpL+bQ7xa3J7O1CvSbF8nsDfkMzZsyQVJsXXCJd0YF3qu3kP+kCCXWmwx/Xlb0d+3cPd1naxq4klEMZ0Y8kgIj1EeeZvX8O0HdIZlA33tGQVuwTvt6eDrpjNxi4ap1mdERgu3i0dDCE/iolrN39Y++bdAqVIPPjPY/+B9yINnTQRkABm4BE5eXhhLEJUukD57kRkkU0fdNQURbaW24l+IxF+XARNLsxKe8zejdNtPQZESasTSqtermXFz6htn5eblr3XOXbqvkRl/2awcxJ1mrcVhkGAhb382iHjwzNhcc0iWWQPIwdUtG69dn08ekNI2xR3JCluuvKE3q7hcIJDhR/w347aIaQUgBWTIKNcNq2Dk8ibpBoyQyQk6PaeKqsjrtgWanfLeqd4ozJ0V5XDMOK7Js3x8Pr6kVLPWTnUYHGfXcQEnvDKdR/N+liizeZssCDPIMZf5vRD7ALpACFuvk9wgR333WW2sbOwADLAbdBLFdokFJgq7mT5lPtnmNTaYXuCSeNTWasHwMYNMwRKmj4TZ7rVOSvL/4dhwDC2nxlIz79iuRpT52JlVMSGWStT0V0SVTjXvgG9ElgpyGgnxz86D4V3nybTsA+dzn5chSUaFuT6d/bxcETamMHmpe0Ji50LtCEewRG/lrfw7g6Hotc+jYr8ccFNnn8jOEMXgzZVkt34Qe+ASvrFQglo1n57oF2O903zz5VYEhZWS/DcGl3cgvr+Go57VSbZ5qOUdjtO/GkT+V6qy4cvsCOqmGb62952xfKRyd3eXpHqEK6dmlDzxPeFsyDVaqFcs0Jom/ngPSDFIdCV74RWRqWS3ngpweQTWuUys53OITb72m+e4OcTPpQEfXpBhTSPfRhSZMyGUcLbRknsfUvQzOPr62DhiwD5+LAPjNO8dGP0G5Hsbnb9MkskutQO8hJxHQHH6MIduEaxHTVzyZUc4CayNydsDo69eUjSNCFL1Nn75rJhfMvHTd1QCfNhsZ7HbzrHv4hxSRJRMZ7UXovJiudyAV1EQnGYLSZpQvPl2NTHKDU13eBoA00qXNHQaRUlRo6BkFz/JoKaVE6RMn4Zld9zVNHTJguXDeNBpzx6H7F3qz9JfbCSJTI7sY3/UELuWXd8ClFd7dh8GqW//3m+wC3ACgSyWuydq6r7QB1U9/nrkhoVx/1SSHE+F4uwUu1C0SQ3RVuyRkmVGW8LJHAxu9zXn9S/kYtkXRK+evlo8MGVnIpxfhOGCP++aHRuqOwRx34QRMXYlYU8VdDFAMerhGEUxLcjgxg0t23qpy2Me5ToNEejtCo2r872dUDIz/Lw31wOS0oqxR2Zjbb+RjljXM+AhpqUSy7RJ5StOoR1XysFEsG+xdWtdFHYvTesLOqYDlIzwc//Q0BzjoVuhTb+XL20qqQBHsesVqA0aDf8WyRwYfGr0ds1ucBmvXJScChoPN2Q88O5eXY+4kmfcIYR+VPwcq+MUPQ6JGfOoGmdf6pq5htFVxDFWR/SYM6iugnjBkksVCclW7OLjRpJODjue4gk9e+fqYOo8cexRtpszdXoYDhOge6DE3sQ7pmgAbcVE6LAvLV7ORZkUN3iBzfDf6h9I01VI4AsqB8trOSMc7hLL/au8oV+CPmL33R54h9oxzraJcDyEskuKB+Ba52lGUBs3KwB0BGbNtuNHH0McMmJgov5yHTSvnmfZ67ZlnAYou2P6NQ8e6RR+IS5uUrypy8FxD4clwSzenrYVdZEQ79qhPFI7ib1FrRGFkUX4DKE+sr5L0yU4xbOjRTFDZAZqKpymp0s5kNUOAPQkTWvprJZF9gjVRc4YtYM+NuIHXevcitcRScAfxxEX25oRvl6VVwYVc3fay9Dc8Oj/Tqu80DJb7u8NksNmSegFdN3DvUooSKxZkPi0ckSH88G9SJhYZwUaciZFlAhgqqI8FWIFajQFakdqKgxuNkGxN6EUXE9LnQYDigUI/NSPeHZoR7O/ja8hAJk11KRfvwPS0jBGZBHzT4Ou4tfPbdN0nr99XeKVPZ2WpA3plwQUcX5UzVBgkxW13vrTnkQBiKFM4dNJljgTHumboUkRD4YNZYFMj0BmS+7sKRApqBqoHmNJVIkZ3nQwe7KySXmfmUFd4zEWCIGd8cWT9xpwt7wVF2hmQ1r1xjeqzagGab3MmgAFP53vw4Ywg6TQmKzGZTzqVFuZas216hNsLr8zVddotcoceITyAujWLmwCS9Ts3HCPxZd8/14mi7HLNpwtfjyxc4wQAbzixMFt+RrUDtnnemUuWG2Bu5zNrkb5ch7Ux2kJXFoscApOS2IOiPFSvMIpp0n0M6newAgDONcZ728Hxoof95LvKEuM9yEhYiQC7AqqqvECSZ2ccVaQz45LMshL467/qX619gD2AHsC1l2Rv3cqwOK79uxG+2BmsIz5FSZ7w7RnlsawMFmf5VjJqR4rUWECbEfNT8cJs5QetrtP0HoozwJ0OvpciicqP5xY8sY9fCRRILw2PFnZTrSz+Jun/SjJuBp0LtiaEr+20ewYdwonoilufsYdIFPwhDS+5M5Mzouwkk5YpTwTYfYSo1aJMn6ulqZMzWF4vVCxnj4urK1uVz3t0hyNh1z96B3VGcIPlgDxd/FhhEQPzG6ddaQrsiYGUw7MDlsTMm5ywess/l7IYkYZ2+mL+jXigmC4RwzfcwBAn/fvhepgDUKylqbX/IQs8cfBS07KG3jT0671plbvenzkVx520ZMnjqKGaSoLSTfao1J218SzCMG9vuJFGwY2Mz38yJZ5XTm438PN6il/oa5gMC4CBfsae+7etRfmOE9TEvM/YV+WxY6Jufg1ULK2FPW6UfWpEgsg0ljeLkW8KoUV7AeNsxRM8ELB2NMsgZh7kyBugVRzSRFdtCwjvfPH03k1lCMJn/uBgadIWb2oPJ7EzKvo38beuMAqGTUKEef0hI/YrXw6/x15EenoXKZyvQkcn6qWlMh3eH/oO8UZeLEY2aJOpWATqaL8dNGpgH7tMeq3vXk83Lg1zY4NPuOY6PDw2yDtG6pIMAWO54ODRsHdfU8mX8PyqCgPJLxlbaMOCi4ynbSC+Pkyxqtb5inOEFlxrfRD1s7Jw4teFIjyLTB3xe+YBEErd6FxPxmr5CZoeV9vC2PTKyQBPKRW73N/ytO8F9hRIBfVZ2TcwavbmWisf2xXn/ARVOSVXJORNm87W0MDjaac2i5xA7s9Ax2yE6AtjPGGSyGVSOS8tX+aDkBwi3fajX1Zy0/fds+z7OGQKorBGkcqEY9bX4LKTivMO9E79OvxD9qT6d6gpR6pweIMQgrlB6+4YFjZ24nSpvwCXF+oSZMR/MiwLi8RqM8tkyN9y9fOG4XRAuWTONtZpt14hisR1DG/kj7ypatP2RwwDZlrgzlM3vuoRHLbcnexUDJ4Bkl9xxJHtiqniFY8SAOSUq5CuOvAqiaezVod65bjKM2Lo3RxmGblbKrCy0lxkrHvyp7x21bco7mzO3UgEd8hVFIf0XW+4Ekw8BzaorO92+wD6B9mBYQZnVXtYH/HouMVt+imopx2q1Wyp7hd/hfeaNJSWDlrwEBbcApaTolMmAdKuyUYwhlCtrUMebpfXIos8MYyhJsnLbWGvrLHYMnxKuKi5ZWy7vHnWboo2HSjUUxmyXr3ZpzFjlNhcFv2TX7hm+Vlu7O3wWvPWttqck0tKlX1DBZ9YGgMdTNjIurypHeu9DVLpYv432A4tSijan4XvYFqo4sRpy+jtVorvOlGuu2LDlwvX71pt1Zjasfh8QZaamj2fxtfA7JA3Ex+frCusktS2vS3ELG2WyVh61HBNCWmPsgelISKzs0TEMxviX733W7xwaSKUA+4h1VOv5nEqM4YpdRDH0VsumImcgMQJo2a0cZ7KQVffpevYOQkBTD3q7X3aqyM2k2IvrEfR+YErB8JftvQKDljp8O0KTqd/nL8gKElLVk6+bkje/5nrKFMEpnqUKQQ9RYg2bxYR6jICpZKevldY755ThEov28OVnJtqDVKSfU3Vcetd9gXasvDCPfGUvz8JZ9ePYRY0+JLuBsQl3Y4Z++6m3i1vVzKxNK7NfSwm2sR8M0y4BhHEW4apef3E+C0Oo0daT3U1JcQ6ScEnyWmKXpM0vjPUFNKGlV5y/V0mqSqwNP/EJjb3dykZ/XvevT1pcSp0uP5k74BTfLCaifiMNuknLqCJTKtizKLFhPzf94rMA9sgCFi7s3QM+2Lb+WAheKY+7BoELMQQLKVyvfREXUH07dirorBpFOEgQ79JWZt9Vu905SyHI72HtjsRmCQBISK0PUa11vUelmWxmutN/LeLdcB/nKBvoQtof/D6udYq618HR8tONnn6o82nUyruBsxIfTrzqQa3OXlBe1yZiiksdb8wGbVtxoOstmfPY0zD2mNJRpoTt8/3YdZ2NcRmdE7U4C5AFMUpbe06n/Zg5ZOIGJF7ZHAl0GH+iQqVVq8esnhv2/jVXXTnpgWqLRTqD0VAg7RjctTOEDXOmVG8BXFq4z96bIkHyUfbXynPdFL9k/xXwxN4YhQP3lGSbM6F95vJDwUp1jQ3YiMWollUB1sQ1604NOtJmfcPB9PpDVaX0wJ6JKPpy4j0202zD72sTugh9zvICpboZYAVvfjyhinRfOC/0AeUJJ2qGrrrlawGNEz/LKNGvgsr6PVVU7DXxovz+zJLYPX3THAPIIQU8JV1E0vvXl1XIWNjIsBZyuYEGdPHoPXEphno83aNtbn6qfurtZodDGlffWrdaRpdkl8vShYauPtUMfpIlgkYRtFrHX/jJV87m4ASjQF89K7nrGW0O2RkXDrzbOVsQQ8RlDWnEx8XqcdYE7TfZW4ZHgZ7Juj1olMFKafIHNYo+ud2veT/7manL87DNfHx5gt3cPfdlpVomEhSzfV4pJxCYpkMYCod2NHFNwp8Fv5bc+WTMC7EzY5iArAmzBm3QjBgLPyEcUpeoMyIa0/iHx7zXx9S5SgSQVgp2kFnYAt6eLyirU46IyvekiDbJM5TxiJL9e29jVRwtlt1X0XrOHjTxgjJ7uPI2Kck/vYbX88CQQ7ggRq2iWq2bmVroq9IRD1j1MAH+gALytfSGNxk1UpqZHtT5K5Upa+8fnS2Ml7/lS57C42Dh8cZx6sWkkZ33hYq67h1vnXvuI8A2FfrWz6Unae2Sl+GLHqfTebNtwa41t9fbhQvH78eL54yHL3MzPkS0PMWp0I16c4gk70r6EtTTMIOkD/vF5nxoM5W5qSkolWgJto938nVhfTRQE74cisqG4YSLoyQrRagdEVgt2MgUixqF5x5EicGRl2GpdCG0HGQF5kNkvsvoSxxnvEc78gNJLe8dNpEcp88e1JJUarMV764zCf1rKXhMyK8Res1hFDc/5XXZ8YiZIbENNDQqzp1DC4GUjR0wKuRcr89hOweBiQWy4/0wW80uBxUcFXXjJZeZyAWQOhEcjJAUUEdDbcoLVy+XQneez+yJRavPRolL372B4CW9iqLGr8fMc4SgvvBCrcKv4dXHwWoLszT5yfdTg6W28nxA+CAxl33h98AjJEpzweLCSOGBoy+O2+UJux6WmcPKu22jjan2Ym4NhsVaI8pkapmYADCYtPbKD4eKrV6cTDbf5I8GMm1vDNV3qQ5doqlzCqlDNcYoIa9sp5CONbkUN8RCEcZ7ljjwiMl1HZ1NzMDXTGGnAZxq83JzUBVcmBV87syoL0y4G3pzHovQzVkfsNAVWZvBYFuD/iADbuu1IW+/Bp2TxigrdDwxRNw7XX2EtgXCjtcImgvXIKFlp+q+FKDnMDZ3X0TvylZRd9OL+XZH668Y4eVSaiDd3Ec9BnQxRxrCxpEhRHKGxKzleTeRb2llKpkYX4eEgWHuUuk781bpK9c8soGv6+kINQUNn6pE0U15+UA8fjXz5eYj7/XJwTt/mkHwPuteXVbYcLeEPQ6JIsOiGU0ECVro7U5Qy+M3gwdS2CEU+xrX8e5ksk3/2pQtWCzHOVKktoMe5E85d9DU1UYbQpWWRCoj6jgeIWntpk8vlKR6JT+Zc2KlPSkbU+3vcoJcAPMyxtBKc4BrUqTD01CTnJQ1m515y/Kxd/osy5EMJKe0spV6ogyScJ/jbaKE7cpTGulBio5dqekx5m0JvpugyCqzCTHuhdSW0sApjHWIJ8IrcEo6S29RaB46U7ce7es9NyRntzaiTtDsPo9DUEFxYT1q0jzr3CfbD1iSmVcTOSbmnNBgzPOuhlqU+CS8jVbzssFfaH3SLDocvNeiYwRO5I3HPEdfG1YUuozpr9b3a8mA/D037RZ17E74WZjp7t7NpbxRrT3CZOy2z9S2mMKKaxmIBDoabejNUTfki39m1usaWkEZB6qMJ0e1ZESGYTszLK5kU4rkNOdhKgiBRZCPQOoqea1XxPtQRxUwTYmRTW0wjUlrLSGuRqNdoUYOiHYvb8R713Lm30fa2JirXmixBl+ElJPb416RhZNxxOFame/GV3zPv4z0sWFw9M4QbSKeK/aBpg7XHnm3OuREPhZYYnvg9ftElbYvPZiCnE9lH453ghOgIYsdbiJS8TL7DEElqxlP1Dk8MlCUSImL2kYIbHkTJjE5YKClHqVPl6WY02z1MBbJLUJRRWsEx+3yjbWq85DRfi+D48Ae9EDXKrBLCYjS3zAKbCpdkfEZulFec4a8IfQLoIxef6o5yBrVCqaSVFAn5bvWKHQowQ6UOHvDrqvsd7A2LeCUg6XzNivyGjl8Tbm5+4CZpJgicZ6humGMd2fSnzwkxwo1mVHNdrUxo59FqxxtgGu3lKPmhS+bljNiZopj/1hQQEMT5Z8dxYIFRakyGyyr4jIUa4XPuxPQGYE+NIexWzDh6WnlIBewgR068SwoR3rRPiuc1ueVsSPUQuF4bxLY0plH3QAWHlZBqvF9LbBubFc08M7kCltuMg3xgbT6UNkPiQ0/pf2okjUMvKQaAy9zLv0XFwRFPqy1HQ7w+KU7b52IMsVli71Rj1edP+Q2JFr2kZ+TtDdBSlJjOoq2Y0VmKkUG6SprSYJs4jPNKVsDG3AEudsU05V1Man+HRu7o4m3ix3uyM6IJ4uqdr4NNoKiKeWgwxk+/Jh69yimtAhNp7uSWf6digelsS+XSfgMZJWPy6hFupK9phOWtbS4CdIQQ5jqTbgE5aEMmzFS4JoCQc3sxbfZUDz1+XLj5VZpPiMhue4mQyN1DEv5SE+G0iQvD6gkJNxdaXjRjdLYCUqHX+n5qrubsfMNR84GtkHZDFz8IS9pvYt9hAZYoheG3/llICxZrl/BkB83JirHcRCwNG4lGVZdUURLyihl+Pu7l+KwycP5tTyvGR59rL75EcHqPVcSLCfbQk3S9ageqdYVuQCITD4NwYVBuF291mR0PVfD2Fyg8Xo9uiQkbdVq+uUz5o33MhsMRKgIGJZK04f4Pb1aJdwHDVkR1Mbpd3dpHBreY+LcxNyEr77oSA2W+w6t/io67EUPB+XSSlY7ViagmC0CTZsK3juHddUU2ccw0BE9Tez9xADdj1icSS7kqkjL5VrF0BZe870ToYd/4CsQVCbyDjH5ZluXZxKbauJ0e/603yAc8/wEvg9kDFlCngrC0KddbLImjF9QZJ+/E9tHBQeYjjcTDT1cGFS5gaD0LU4G/W5PUkWks8thfVcF7akndwaCaJpvFJlw9ApQZhsPoft84P7bYPlOUzlSXtHI2qCinxet3630K93VKL1BwuGY+PJ6qkACRAEwl84C6lVPn92uVwcogiUcg2gQ1c33NSYPfmaP0yt82RB2ilcJmTvv2p/XdS1OvCHxmfTsoudO39yl3sAZVtOG2WqF5qWfAK8/Bixu1fVe/mzouB5RzIe2P3MpT3Cy9zW5kz53zrIH2VF0fyO8Q8hqn5Lkz76SqO+QqL4HyqKmXc1EGDEZZxcAV1B1wzhX7yqwu86OygwEC3sT7LikxKq1RmBd4eh+nw13HLDcMvA12ZHwMWGFC02iCge/DYBUr9ebOG9m0eKZSiJk2RixM/z4/sCEPio7Z4ADBx9an30aNRTFX4orCBk1o2Vg6mP4kT3IjVcr5CWj4pcjZAl2nZ1h4oL99R6OukJtZp09K0Jv31IgiO12PRO0CwKa8FlMhcAOEJXQg4www/U3UuYEo9TolUVL0n2fdzpjfUDxF+PpMmfn4WB3vjAzxsNED+xEbMupvSPC8GeJMoxiHgvSKHqwpyDbAXyCnXGmxNQ7ujnUD68rHWAd1x9AUKNH/Q4orruttAGR/gE2YfTGGLg1hi4PxhuiARaVFR87D8ifHcqCEg+MC9bcg4I6IAVPI6Yk50D878Ajbzb0DiE4Cgc7cybvqw7Kju2lUK/ztXpbPPROxk+HmqdEpnyDy7STct51JlcNRgFTogPpEJrIj0+ZM9oV0m8IMTzhwtflmDSc420w/tJ+u3PbWLZojgtpSOvnEIt7bxgYmfpkwVswTqy6pjR+XrDSwrC40F7Yz83kkbsTSCYeFyliuUbE+SUAOMoLesO7QV4xI7NYIJjA+SyWm7W/8DaNVB7bHE5iKUXKiyvrh48X2ruR737pVxs9w8gyFrmgYyRaFFFKtTV5eliFRmJf0HLLeFkUE3kVtqx0eeQ70ypyYb8cGOvYCbS60b5jTRtsQQNryBoTvXDAtTAP0a4SHVHDKEI+nMhO40s7AWIANSP0cUWzwD7ynf8eYcP77BFqBlIZp+3YG8n/3d6ZdLmJJAH41/gwh3mPfTmyI4QkBEgCbuxCSIgdSb9+MqnSuOyy2+5+dtuvOw9FUZBEQUQSGeTyxVBRFaVM8AUhzxjsmMHBVxHfHamQUNJLJIDvxdiQKNk7itWl3m5vuJDybWURKahFNcY7CzgocjCuY08sQ0rt6+4IBFzhmJdEAtUvt5qU9SorHs51vd1xk27lW86p7pF23w7BphZ7gmCSWvPZyyxl0VBaH0Apj+vuoFScZGOY2aQBix/bRO1ka073c9piYTKJUdBcDE3F6aC/zS0KbJ3I+EE6bbtnuUXiZDdDd/xUuDInDbpY7mzebRB1Vcm6C9eGL7tc7yisDv1f2d/m3LsSiGuGDFbqyoL1PuyVGjjB/A7sv7akRA/CnNhMcHbt1rtFWhEchGt2bhZ3Ldx0422nzsbrRxiubXihOjm6Ze6FTWSTEgjdj06b65xyPtuZEddXIZuXzbUrrYZTIE6TwZcNbAMvYQKkHZ7SYKBg8kYkg/pxbgRthHNvNPxQUwOby5yONwW3PzswCvRVs9C4R0yVVtAUVn1pTfsAvidB+7+eKQduVbeu6/mClauckwCbKgG3Mpchtt/DLCdKR2a4ls75NLJlyLj0pWLsZlMXocmuT3Co2WnLS4M5YXmzI9uAkcJuA0I7KL1ZYsGt257rE3eSb+xhOXA70llS13M41Op1aMwriD2XJCOdyEiOlIABZxnFB7WTS42tYePOeqTIMuE2t/z86HTeoBsi1u7D3H2w6m8k7eVFd36omXwQI+zEmpiPH3Ex190u4+Hr2tyPunv0sJYbbA4fSyvNo2R9GQ1zlcQjFVer9R3O/JOlx6ZadlovWbWDjfYpXMJ3e14s6BtzEvjEJ4hjSxn6PFSdpnTRnfgGtCXXAuhuj8F2hruT5CnPDnJClsd20zc2yTYrnZbaU9wvdG8d1p1BL3snqeOEO8HBetVrhiWbWlrm9jbQCmP60F/T+NGqyp5WdtO6l8+3uXUV48SZTm3Kpi3bNMvOKKgVKYixk01MK8/LxR9w+K0rFG93Y2UrG4HcaWmEq34DopATB8PThc6ojxvUoZQMa69MVqEQzHOj7P66hJ0FNUf7xUi9LB5Vt8keL334daNZYRDRLGWWDHUgVjxWbUJmoTABMymPYt2bIIQzIu/gXTZlf8/nTp45vZpZGVrAHVm/qKcUBpeO7J79/liNvacd3NMxqgk8X3Jbi5A9JSONSdYF/bzfefnQSdF90a+8uwmeM+enm1zd87K+tsAj3CMJDsjJQY2v0ulBEm1xeWwf3oTnspUvOH9NknDit1zluAcisJv7yJexxN4l3uwv+312l+Ec4wsWDtsYq1y7aOHkYTG7JmVk0tUYWoq1lvtMTo/rXh908CkIeyVMYJSFyivqgt9frMS/WDEcflpsKvrAdyRTn1tTSnmlaZvRiGwWOC3XqOOe8mj5mJICbBibMXGXTHvBGHwcNun6iF1MIFgfBZxeESVwv2egyk5OJ3EQTrQxDHtcTpvJ9mAgbseuNShGZYIS9mRgq+zEDuKCKSp/FJ2uJ5XYqobbliqr6HLB9966cYNLtl1BF5dd85O72+hCFEtruMyjjeVkejC2b3tXPA5uWErWNAuH6TN/tcx8xk34LlgUty0psDPHJ9sfRjj0ygfQEXOPLFCsu8kzY40nisJEJ3oSdGEB2nuHeOwj/oXQg+Xe0e+N4Y6nrtay0T5oRhj/nTvvTi6ueNLT1n30j9iZVWAscrgeCkq2lJeK2D5O0qXA1/WNWIXOoTkv7kfW82V71ItFr2u2IV0eAQ3Uhe1gvLEI5tcGvsSl5O6DynJgZgX1Cr4+7aiejGgxlY0XnGollpYUvBFNPJ1vcAhETPhNYkehg6sNK5zgBEC1g606N9TBLdHuh1pNfMUqVUZ3QFh6UTGTC0U47mamVG3uDkIsnGF6M3VyJUbhY+mBbRxcz81cWxstkaje477iu3DO/jSUcC73XqfUx7ze4WVQe+FNOr0oz3Ur63kbHsYDsxiWWHajctMZh3UXO7ihv3S8HM1uofWWHsYSAdfQhLvM2Yo837laOGfslS1xbeyOWuqS7UYjydsqNYtgENeTPJXObhcIE6u6vr0s2N6IqLLb1sauBx+PDAXbuHlennqPc4+fTF3wB9vQLtLcK5FROycPScXjBDW3HNu4dApHiXJubRaj10UxRUR5qAmJoZQhMK2gUqoOJ0WIueZb6oPSZcftJRAmY2UDWvVpSSqwJRFXNOXL0zq7JRltKJfgIW34bQX+1XF/3faTpIMoZdOt6PLu1LtzJ+mTMywyWjqoJoh8pjQVYNM13XlDav2RA0oUh8VYqsRKpLRHLsdSOPGUW9hG02E+Zw0lO7Gxbd3VjsNvMlGKdNHfjIgrm8MeLlqD2Wi9mi+swgx762QM4g7LmTVUQ7IlgamwhrfXcczUm+xgTiFcbS7eJRh8nbxJ8IQTpT9gTilRO5ehs2lMrMBGt90ljKcL21gTxqGlXmq7TZSw5jLq3MKzJKFtDdVbSDuJNQWXEDJfqfIrV8MevO4onVKBoNQULrsX9tO8cnp0gsU9nsytvIduRGIFvl8XG8IYifVkEudHvRnEhpLalOThLKOmKrY1zAbG9kO8Fitf6HMF3LkfqouObjVjGpsS9iTFnrAZ5zXtdEOZtAGHFDGhEwwfRBSbkXax+W3fSDB+Td3qyrtAN+Bufs3P3pyHkOHwPVxRvB4mnHYeMztONOwdrbSlkec5RN79qDxeDMd8llSE5N/niqK/kMnreezHIwXf53l5hw6EAMD6q48fX6sqjfswehbH/qxa6O/IfkN/IdHK89iPV8p3ZFoBYoq6+1p+mjeIzHc4xO8AK36exuibSXXAxSmZRh8vfr1R/Ltq7R/UjPdG+2VGeZ9RCn9nlff5iL4/z1CbdsXjtRpDSOVrHi4glxY/0NAFQP5p9zFv1Jet8hml9Cdb4ynmU7eCv/cqf2umIuJLbH7mDE2TFOMnJmOa4QqPQ8v999VYIHTBzmnWfzwL9vLX37OUrg6r5zH8P6A4JKAK+MxBVeYtO2+peTufFeV5y81b+vUS8CfcwT9w3PMs2KfmLfZGGvEtOV9CsL5c8ioff5ZU34iVnvugAD9vpVcJBDan23p5WhhlvnngN4dnbX569McrmHgqmFdfH/qjeug3KlE+fdA/VsmsVAJ7nzbyb39k8v/15y/XAfX5SNKb8vIsgXgj80/VKOrNhfgbhWJf08Vv7wp/QASFM5+GCsSXsNvcF1wd87NcHcn9Su72c/+7cm3+RID2j8mE+S51JYsTn5ib+jzf4Quw+/Wqj5b80yk1n7f2/D/cN1Jqfl6ex/6w/Lvn+LT8h5+SgpP8QhSLaOGIFo5o4YgWjmjhiBaOaOGIFo5o4YgWjmjhiBaOaOH/UNmIFo5o4YgWjmjhHxAtHNHCES0c0cIRLRzRwhEtHNHCES0c0cIRLRzRwhEtHNHCES0c0cIRLRzRwhEtHNHCES0c0cIRLRzRwhEtHNHCES0c0cIRLRzRwhEtHNHCES0c0cIRLRzRwhEtHNHCES0c0cIRLRzRwhEtHNHCES0c0cIRLRzRwhEtHNHCES0c0cIRLRzRwhEt/AOihSNaOKKFI1o4ooUjWvhfZF0SLPcZ/PAXs8JJ4ttY7L+bFU49wZ6/CksNe7b+9azwl5rx+7DCSeqdUd5b5fcD5P5ka/yerPAn7P+38irYL/YqFP5tpfzjvcpLzfh9vAr1vv0j/z1e5WvW+Lu9CvyIu0KA+0dWMqjxx9U1SWGJ/wE= ================================================ FILE: encrypt_and_keys/encrypt_disk_VM/main.tf ================================================ //----------------------Подготовка тестовой инфраструктуры----------------------------------- //Генерация random-string для имени bucket--------------------------------------------------------- resource "random_string" "random" { length = 8 special = false upper = false } //Создание сети resource "yandex_vpc_network" "vpc-enc" { name = "vpc-enc" } //Создание подсетей resource "yandex_vpc_subnet" "enc-subnet" { name = "enc-subnet" zone = "ru-central1-a" network_id = yandex_vpc_network.vpc-enc.id v4_cidr_blocks = ["192.168.20.0/24"] } //Создание sa storage admin resource "yandex_iam_service_account" "sa-bucket-creator" { name = "sa-bucket-creator-${random_string.random.result}" folder_id = var.folder_id } //Создание стат ключа resource "yandex_iam_service_account_static_access_key" "sa-bucket-creator-sk" { service_account_id = yandex_iam_service_account.sa-bucket-creator.id } //Назначение прав для создания бакета resource "yandex_resourcemanager_folder_iam_binding" "storage_admin" { folder_id = var.folder_id role = "storage.admin" members = [ "serviceAccount:${yandex_iam_service_account.sa-bucket-creator.id}", ] } //Создание S3 bucket для resource "yandex_storage_bucket" "enc-bucket" { bucket = "bucket-for-encryption-${random_string.random.result}" access_key = yandex_iam_service_account_static_access_key.sa-bucket-creator-sk.access_key secret_key = yandex_iam_service_account_static_access_key.sa-bucket-creator-sk.secret_key } //Создание sa storage editor для работы от VM с Bucket resource "yandex_iam_service_account" "sa-bucket-editor" { name = "sa-bucket-editor-${random_string.random.result}" folder_id = var.folder_id } //Назначение прав для изменения бакета resource "yandex_resourcemanager_folder_iam_binding" "storage_editor" { folder_id = var.folder_id role = "storage.editor" members = [ "serviceAccount:${yandex_iam_service_account.sa-bucket-editor.id}", ] } //Создание стат ключа editor resource "yandex_iam_service_account_static_access_key" "sa-bucket-editor_stat" { service_account_id = yandex_iam_service_account.sa-bucket-editor.id } //Работа с ssh ключем resource "tls_private_key" "ssh" { algorithm = "RSA" rsa_bits = "4096" } resource "local_file" "private_key" { content = tls_private_key.ssh.private_key_pem filename = "pt_key.pem" file_permission = "0600" } data "template_file" "cloud_init_lin" { template = file("./cloud-init_lin.tpl.yaml") vars = { ssh_key = "${chomp(tls_private_key.ssh.public_key_openssh)}" aws_key = "${yandex_iam_service_account_static_access_key.sa-bucket-editor_stat.access_key}" aws_sec = "${yandex_iam_service_account_static_access_key.sa-bucket-editor_stat.secret_key}" DEVICE = "${var.device}" MAPPED_DEVICE = "${var.mapped_device}" KMS_KEY_ID = "${yandex_kms_symmetric_key.key-enc.id}" ENCRYPTED_DEK_FILE= "${var.encrypted_dek_file}" PLAINTEXT_DEK_FILE="${var.plaintext_dek_file}" MOUNT="${var.mount}" BUCKET_NAME="${yandex_storage_bucket.enc-bucket.bucket}" } } //Создание диска resource "yandex_compute_disk" "disk" { name = "disk-for-enc" type = "network-ssd" zone = "ru-central1-a" size = 20 } //Развертывание ВМ data "yandex_compute_image" "vm-image" { family = "ubuntu-1804-lts" } resource "yandex_compute_instance" "vm" { name = "vm-for-enc" hostname = "vm-for-enc" zone = "ru-central1-a" service_account_id = yandex_iam_service_account.sa-bucket-editor.id boot_disk { initialize_params { image_id = data.yandex_compute_image.vm-image.id type = "network-ssd" size = 100 } } secondary_disk { disk_id = yandex_compute_disk.disk.id } network_interface { subnet_id = yandex_vpc_subnet.enc-subnet.id nat = true } resources { cores = 4 memory = 4 } metadata = { user-data = "${data.template_file.cloud_init_lin.rendered}" } } //Создание KMS ключа resource "yandex_kms_symmetric_key" "key-enc" { name = "key-enc" description = "description for key" default_algorithm = "AES_128" } //Назначение роли на sa на расшифровку ключа resource "yandex_resourcemanager_folder_iam_binding" "binding" { folder_id = var.folder_id role = "kms.keys.encrypterDecrypter" members = [ "serviceAccount:${yandex_iam_service_account.sa-bucket-editor.id}", ] } ================================================ FILE: encrypt_and_keys/encrypt_disk_VM/provider.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.60" } } } provider "yandex" { service_account_key_file = var.token #token = var.token cloud_id = var.cloud_id folder_id = var.folder_id } ================================================ FILE: encrypt_and_keys/encrypt_disk_VM/script.sh ================================================ #!/usr/bin/env bash # # Клиентское шифрование диска на ключе из YC KMS # set -e -x DEVICE="/dev/vdb" #заменить имя диска на свое (по умолчанию 2-й диск vdb) MAPPED_DEVICE="encrypted1" KMS_KEY_ID="abjhdahmqnxxxxxxxxxx" #заменить на свой KMS key id ENCRYPTED_DEK_FILE="./encrypted1_dek.enc" # persistent FS PLAINTEXT_DEK_FILE="/tmp/encrypted1.dek" # in-memory FS MOUNT="/mnt/${MAPPED_DEVICE}" BUCKET_NAME="bucket-enc" #заменить на свой YC=~/yandex-cloud/bin/yc CMD="$1" case "$CMD" in create) #Создание ключа с высокой энтропией метод generateDataKey (https://cloud.yandex.ru/docs/kms/api-ref/SymmetricCrypto/generateDataKey) #Необходимо выполнить 1 раз и хранить ENCRYPTED_DEK_FILE в защищенном удаленном месте mkdir $MOUNT $YC kms symmetric-crypto generate-data-key --id ${KMS_KEY_ID} --data-key-spec=aes-256 --data-key-ciphertext-file=${ENCRYPTED_DEK_FILE} --data-key-plaintext-file=${PLAINTEXT_DEK_FILE} cryptsetup -v --type luks --cipher aes-xts-plain64 --key-size 512 --hash sha256 --iter-time 2000 --use-urandom -q luksFormat "${DEVICE}" "${PLAINTEXT_DEK_FILE}" cat "${PLAINTEXT_DEK_FILE}" | cryptsetup open "${DEVICE}" "${MAPPED_DEVICE}" -d - mkfs -t ext4 "/dev/mapper/${MAPPED_DEVICE}" aws --endpoint-url=https://storage.yandexcloud.net s3 cp ${ENCRYPTED_DEK_FILE} s3://${BUCKET_NAME}/encrypted1_dek.enc #копируем ключ в S3 rm ${PLAINTEXT_DEK_FILE} # удаляем расшифрованный ключ rm ${ENCRYPTED_DEK_FILE} # удаляем зашифрованный ключ ;; #Монтирование зашифрованного диска в расшифрованный объект #Можно выполнять, например при старте ОС open) aws --endpoint-url=https://storage.yandexcloud.net s3 cp s3://${BUCKET_NAME}/encrypted1_dek.enc ${ENCRYPTED_DEK_FILE} #Вывод plaintext-file для расшифровки $YC kms symmetric-crypto decrypt --id ${KMS_KEY_ID} --ciphertext-file=${ENCRYPTED_DEK_FILE} --plaintext-file=${PLAINTEXT_DEK_FILE} cat "${PLAINTEXT_DEK_FILE}" | cryptsetup open "${DEVICE}" "${MAPPED_DEVICE}" -d - rm ${PLAINTEXT_DEK_FILE} # удаляем расшифрованный ключ rm ${ENCRYPTED_DEK_FILE} # удаляем зашифрованный ключ mount -t ext4 "/dev/mapper/${MAPPED_DEVICE}" $MOUNT mount /dev/mapper/$MAPPED_DEVICE $MOUNT ;; #Размонтирование зашифрованного устройства close) umount ${MOUNT} cryptsetup close ${MAPPED_DEVICE} rm "${PLAINTEXT_DEK_FILE}" ;; #Удаление исходного устройства erase) cryptsetup luksErase ${DEVICE} ;; *) echo "Usage: ${NAME} {create|open|close|erase}" >&2 exit 3 ;; esac ================================================ FILE: encrypt_and_keys/encrypt_disk_VM/variables.tf ================================================ variable "folder_id" { default = "xxxxxx" //# Указать ID своей папки } variable "cloud_id" { default = "xxxxxx" //# Указать ID своего облака } variable "token" { default = "key.json" //# Указать свой JSON для сервисной учетной записи. https://cloud.yandex.ru/docs/cli/quickstart#initialize } variable "device" { default = "/dev/vdb" //#заменить имя диска на свое (по умолчанию 2-й диск vdb) } variable "mapped_device" { default = "encrypted1" //заменить имя на желаемое } variable "encrypted_dek_file" { default = "./encrypted1_dek.enc" //заменить имя на желаемое } variable "plaintext_dek_file" { default = "/tmp/encrypted1.dek" //заменить имя на желаемое } variable "mount" { default = "/mnt/encrypted1" //заменить имя на желаемое } ================================================ FILE: encrypt_and_keys/manage_secrets/terraform+KMS+COI/README.md ================================================ # Encrypting secrets with KMS when transferring the keys to the COI VM container Yandex.Cloud: Terraform ## Problems After deploying containers using [Container Optimized Image (COI)](https://cloud.yandex.ru/docs/cos/concepts/), sometimes you might need to transfer private information inside the container using ENV. In the UI console, in this case, in the VM properties, the transmitted ENV will be visible as plain text. There is a risk of compromising private information. Example of an unsafe configuration: ![Unsafe configuration](https://user-images.githubusercontent.com/85429798/129485848-09fb4847-7ff6-46cd-be4a-990de7e41781.png) ## Example of secure transfer of private information to a COI container: Yandex Cloud KMS supports the option to [encrypt secrets in Terraform](https://cloud.yandex.ru/docs/kms/solutions/terraform-secret). We suggest using this function to transfer encrypted secrets to a container in the ENV format before they are decrypted inside a Python application. Decryption of secrets from the Python code will be performed using a service account linked to the COI VM with the KMS Decrypter role. The token of the service account will be obtained using the [meta-date service](https://cloud.yandex.ru/docs/compute/operations/vm-info/get-info#inside-instance). The Terraform example performs: - Testing of infrastructure deployment: networks, subnets. - Creation of a test service account and its static keys. - Deploying a COI with a container based on a simple Python application. - Creating a KMS key and encrypting private data: in this case, encryption of static keys of the service account. Private data is transmitted to the container in an encrypted form. A simple Python application inside the code decrypts private data and prints data to the log. **Important:** > This solution does not eliminate the need to apply the best practices of protecting the Terraform configuration. > Yandex Cloud Object Storage can act as a Terraform Remote State and perform blocking functions using Yandex Database: https://github.com/yandex-cloud/examples/tree/master/terraform-ydb-state ## Preparation and prerequisites - Install and configure [YC CLI](https://cloud.yandex.ru/docs/cli/quickstart). - Install [Terraform](https://www.terraform.io/downloads.html ). - Fill out the variables.tf file with your own data. - Launch Terraform. ## Deployment results In the UI console, we see secrets only in an encrypted form: ![Safe configuration](https://user-images.githubusercontent.com/85429798/129485922-ceff4208-c562-4021-8cc3-ddf0f0d927ec.png) In the container logs, we see decrypted secrets: ![Safe configuration](https://user-images.githubusercontent.com/85429798/129485886-ca56bc93-4f86-45b1-ad99-c48de55bde6d.png) ================================================ FILE: encrypt_and_keys/manage_secrets/terraform+KMS+COI/README_RU.md ================================================ # Шифрование секретов средствами KMS при передачи их в контейнер ВМ COI Yandex.Cloud: Terraform ## Проблематика После развертывания контейнеров с помощью [Container Optimized Image (COI)](https://cloud.yandex.ru/docs/cos/concepts/) может возникнуть необходимость передать приватную информацию внутрь контейнера с помощью ENV. Из UI консоли в данном случае, в свойствах ВМ будут видны передарнные ENV в открытом виде. Возникает риск компрометации приватной информации. Пример небезопасной конфигурации: ![Небезопасная конфигурация](https://user-images.githubusercontent.com/85429798/129485848-09fb4847-7ff6-46cd-be4a-990de7e41781.png) ## Пример безопасной передачи приватной информации в контейнер COI Yandex Cloud KMS имеет возможность [шифрования секретов в Terraform](https://cloud.yandex.ru/docs/kms/solutions/terraform-secret) Предлагается использовать данную функцию для передачи зашифрованных секретов в контейнер в виде ENV, с последующей расшифровкой изнутри python приложения. Расшифровка секретов из python кода будет выполнена с помощью привязанного к ВМ COI сервисного аккаунта (с ролью KMS decrypter). Token сервисного аккаунта будет получен с помощью [сервиса мета-даты](https://cloud.yandex.ru/docs/compute/operations/vm-info/get-info#inside-instance). Terraform пример выполняет: - развертывание тестовой инфраструктуры (сети, подсети) - создание тестового service account и его статических ключей - развертывание COI с контейнером на базе простого python приложения - создание KMS ключа и шифрование приватных данных (в данном случае статических ключей сервисного аккаунта) - приватные данные передаются в зашифрованном виде внутрь контейнера - простое python приложение внутри кода расшифровывет приватные данные и делает print в лог **Важно:** > Данное решение не отменяет необходимости применения лучших практик защиты terraform конфигурации. > Yandex Cloud Object Storage может выступать в роли terraform remote state и выполнять функции блокировки с помощью Yandex Database - https://github.com/yandex-cloud/examples/tree/master/terraform-ydb-state ## Подготовка/Пререквизиты: - установить и настроить [yc client](https://cloud.yandex.ru/docs/cli/quickstart) - установить [terraform](https://www.terraform.io/downloads.html) - заполнить файл variables.tf своими данными - запустить terraform ## Итоги развертывания В UI консоли мы видим секреты только в зашифрованном виде: ![Безопасная конфигурация](https://user-images.githubusercontent.com/85429798/129485922-ceff4208-c562-4021-8cc3-ddf0f0d927ec.png) В логах контейнера мы видим секреты в расшифрованном виде: ![Безопасная конфигурация](https://user-images.githubusercontent.com/85429798/129485886-ca56bc93-4f86-45b1-ad99-c48de55bde6d.png) ================================================ FILE: encrypt_and_keys/manage_secrets/terraform+KMS+COI/cloud-init_lin.tpl.yaml ================================================ #cloud-config #ssh_pwauth: no users: - name: yc-user sudo: ALL=(ALL) NOPASSWD:ALL groups: sudo shell: /bin/bash ssh_authorized_keys: - "${ssh_key}" ================================================ FILE: encrypt_and_keys/manage_secrets/terraform+KMS+COI/docker/Dockerfile ================================================ FROM python:3.9.1-slim RUN apt-get update ADD /functions /functions WORKDIR / RUN mkdir /temp RUN pip install --upgrade pip RUN pip install -r /functions/requirements.txt CMD ["python3", "functions/main.py"] ================================================ FILE: encrypt_and_keys/manage_secrets/terraform+KMS+COI/docker/functions/main.py ================================================ import requests import json import os import boto3 import time import base64 # Function - Get token def get_token(): response = requests.get('http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token', headers={"Metadata-Flavor":"Google"}) return response.json().get('access_token') # Function - Decrypt data with KMS key def decrypt_secret_kms(secret): token = get_token() request_suffix = kms_key_id+':decrypt' request_json_data = {'ciphertext': secret} response = requests.post('https://kms.yandex/kms/v1/keys/'+request_suffix, data=json.dumps(request_json_data), headers={"Accept":"application/json", "Authorization": "Bearer "+token}) b64_data = response.json().get('plaintext') return base64.b64decode(b64_data).decode() # Configuration - Keys kms_key_id = os.environ['KMS_KEY_ID'] s3_key_encr = os.environ['S3_KEY_ENCR'] s3_secret_encr = os.environ['S3_SECRET_ENCR'] # Configuration - Setting up variables for S3 s3_key = decrypt_secret_kms(s3_key_encr) s3_secret = decrypt_secret_kms(s3_secret_encr) # Configuration - Sleep time if(os.getenv('SLEEP_TIME') is not None): sleep_time = int(os.environ['SLEEP_TIME']) else: sleep_time = 240 print('s3-key' + ' ' + s3_key) print('s3-secret' + ' ' + s3_secret) print("Sleep -- STARTED") time.sleep(sleep_time) ================================================ FILE: encrypt_and_keys/manage_secrets/terraform+KMS+COI/docker/functions/requirements.txt ================================================ requests boto3 ================================================ FILE: encrypt_and_keys/manage_secrets/terraform+KMS+COI/docker-declaration.yaml ================================================ spec: containers: - env: - name: PYTHONUNBUFFERED value: 1 - name: SLEEP_TIME value: ${SLEEP_TIME} - name: S3_KEY_ENCR value: ${S3_KEY_ENCR} - name: S3_SECRET_ENCR value: ${S3_SECRET_ENCR} - name: KMS_KEY_ID value: ${KMS_KEY_ID} image: alexweee/kms-secret-py name: my-container securityContext: privileged: false stdin: false tty: false restartPolicy: Always ================================================ FILE: encrypt_and_keys/manage_secrets/terraform+KMS+COI/main.tf ================================================ //----------------------Подготовка тестовой инфраструктуры----------------------------------- //Создание сети resource "yandex_vpc_network" "vpc-test" { name = "vpc-test" } //Создание подсетей resource "yandex_vpc_subnet" "test-subnet" { folder_id = var.folder_id name = "app-secret-a" zone = "ru-central1-a" network_id = yandex_vpc_network.vpc-test.id v4_cidr_blocks = ["192.168.97.0/24"] } //Создание sa resource "yandex_iam_service_account" "sa-test-secret" { name = "sa-test-secret" folder_id = var.folder_id } //Создание стат ключа resource "yandex_iam_service_account_static_access_key" "sa-sk" { service_account_id = yandex_iam_service_account.sa-test-secret.id } //Создаем docker-declaration data "template_file" "docker-declaration" { template = file("./docker-declaration.yaml") vars = { S3_KEY_ENCR = "${yandex_kms_secret_ciphertext.encrypted_s3_key.ciphertext}" S3_SECRET_ENCR = "${yandex_kms_secret_ciphertext.encrypted_s3_secret.ciphertext}" KMS_KEY_ID = "${yandex_kms_symmetric_key.key-elk.id}" SLEEP_TIME = "300" } } //Развертывание Container-optimised image data "yandex_compute_image" "container-optimized-image" { family = "container-optimized-image" } resource "yandex_compute_instance" "instance-based-on-coi" { name = "kms-test" hostname = "kms-test" zone = "ru-central1-a" service_account_id = yandex_iam_service_account.sa-test-secret.id boot_disk { initialize_params { image_id = data.yandex_compute_image.container-optimized-image.id type = "network-ssd" size = 100 } } network_interface { subnet_id = yandex_vpc_subnet.test-subnet.id #не забыть включить NAT для subnet, где COI nat = true } resources { cores = 4 memory = 4 } metadata = { user-data = "${data.template_file.cloud_init_lin.rendered}" docker-container-declaration = "${data.template_file.docker-declaration.rendered}" } } //Работаем с ssh ключем resource "tls_private_key" "ssh" { algorithm = "RSA" rsa_bits = "4096" } resource "local_file" "private_key" { content = tls_private_key.ssh.private_key_pem filename = "pt_key.pem" file_permission = "0600" } data "template_file" "cloud_init_lin" { template = file("./cloud-init_lin.tpl.yaml") vars = { ssh_key = "${chomp(tls_private_key.ssh.public_key_openssh)}" } } //Создание KMS ключа resource "yandex_kms_symmetric_key" "key-elk" { name = "key-elk" description = "description for key" default_algorithm = "AES_128" } //Назначение роли на sa на расшифровку ключа resource "yandex_resourcemanager_folder_iam_binding" "binding" { folder_id = var.folder_id role = "kms.keys.encrypterDecrypter" members = [ "serviceAccount:${yandex_iam_service_account.sa-test-secret.id}", ] } resource "yandex_kms_secret_ciphertext" "encrypted_s3_key" { key_id = yandex_kms_symmetric_key.key-elk.id plaintext = yandex_iam_service_account_static_access_key.sa-sk.access_key } resource "yandex_kms_secret_ciphertext" "encrypted_s3_secret" { key_id = yandex_kms_symmetric_key.key-elk.id plaintext = yandex_iam_service_account_static_access_key.sa-sk.secret_key } ================================================ FILE: encrypt_and_keys/manage_secrets/terraform+KMS+COI/variables.tf ================================================ //------------Служебные параметры terrafromf variable "token" { description = "Yandex Cloud security OAuth token" default = "key.json" #generate yours by this https://cloud.yandex.ru/docs/iam/concepts/authorization/oauth-token } variable "folder_id" { description = "Yandex Cloud Folder ID where resources will be created" default = "xxxxxx" #yc config get folder-id } variable "cloud_id" { description = "Yandex Cloud ID where resources will be created" default = "xxxxxx" #yc config get cloud-id } ================================================ FILE: encrypt_and_keys/manage_secrets/terraform+KMS+COI/versions.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.60" } } } provider "yandex" { service_account_key_file = var.token #token = var.token cloud_id = var.cloud_id folder_id = var.folder_id } ================================================ FILE: encrypt_and_keys/manage_secrets/terraform-lockbox-vm-credentials/00-provider.tf ================================================ # ================================== # Terraform & Provider Configuration # ================================== terraform { required_providers { yandex = { source = "yandex-cloud/yandex" } } required_version = ">= 0.13" } provider "yandex" { #service_account_key_file = "" #token = "" #cloud_id = "" #folder_id = "" zone = "ru-central1-a" } ================================================ FILE: encrypt_and_keys/manage_secrets/terraform-lockbox-vm-credentials/01-vpc.tf ================================================ # =============== # VPC Resources # =============== resource "yandex_vpc_network" "network-keycloak" { name = var.vpc_name } resource "yandex_vpc_subnet" "keycloaksubnet" { count = length(var.net_cidr) name = var.net_cidr[count.index].name zone = var.net_cidr[count.index].zone v4_cidr_blocks = [var.net_cidr[count.index].prefix] network_id = "${yandex_vpc_network.network-keycloak.id}" } ================================================ FILE: encrypt_and_keys/manage_secrets/terraform-lockbox-vm-credentials/02-service-account.tf ================================================ # Creating Service Account resource "yandex_iam_service_account" "kc-sa" { name = "${var.sa_name}" } # Creating self admin binding for future self deletion resource "yandex_iam_service_account_iam_binding" "sa-self-binding" { service_account_id = "${yandex_iam_service_account.kc-sa.id}" role = "admin" members = [ "serviceAccount:${yandex_iam_service_account.kc-sa.id}", ] } ================================================ FILE: encrypt_and_keys/manage_secrets/terraform-lockbox-vm-credentials/03-kms-and-ssh-keys.tf ================================================ # Creating symmetric KMS Key resource "yandex_kms_symmetric_key" "kc-key" { name = "${var.kms_key_name}" description = "description for key" default_algorithm = "AES_256" } # SA role binding for KMS Key described in service-account.tf resource "yandex_kms_symmetric_key_iam_binding" "encrypterDecrypter" { symmetric_key_id = yandex_kms_symmetric_key.kc-key.id role = "kms.keys.encrypterDecrypter" members = [ "serviceAccount:${yandex_iam_service_account.kc-sa.id}", ] } #Create ssh key for guest OS resource "tls_private_key" "ssh" { algorithm = "RSA" rsa_bits = "2048" } resource "local_file" "private_key" { content = tls_private_key.ssh.private_key_pem filename = "pt_key.pem" file_permission = "0600" } ================================================ FILE: encrypt_and_keys/manage_secrets/terraform-lockbox-vm-credentials/04-lockbox-secret.tf ================================================ # Creating Lockbox secret resource "yandex_lockbox_secret" "password_secret" { name = var.secret_name kms_key_id = yandex_kms_symmetric_key.kc-key.id labels = { "key_id" = "${yandex_kms_symmetric_key.kc-key.id}" "service_account_id" = "${yandex_iam_service_account.kc-sa.id}" } } # Creating Lockbox secret version resource "yandex_lockbox_secret_version" "secret_version" { secret_id = yandex_lockbox_secret.password_secret.id entries { key = "${var.kc_adm_user}" text_value = "${var.kc_adm_pass}" } entries { key = "${var.pg_db_user}" text_value = "${var.pg_db_pass}" } } # Creating Lockbox secret access binding via local exec because there are no terraform resources for secret access binding # yc cli is required! resource "null_resource" "lockbox_secrets_access_binding" { provisioner "local-exec" { command = <<-CMD yc lockbox secret add-access-binding --id ${yandex_lockbox_secret.password_secret.id} --role lockbox.payloadViewer --service-account-id ${yandex_iam_service_account.kc-sa.id} CMD } provisioner "local-exec" { when = destroy command = <<-CMD yc lockbox secret delete kc-secrets CMD } depends_on = [ yandex_kms_symmetric_key.kc-key, yandex_iam_service_account.kc-sa ] } ================================================ FILE: encrypt_and_keys/manage_secrets/terraform-lockbox-vm-credentials/05-postgres.tf ================================================ # ========================== # YC MDB Postgress Resources # ========================== resource "yandex_mdb_postgresql_cluster" "pg_cluster" { name = var.pg_db_name environment = "PRODUCTION" network_id = yandex_vpc_network.network-keycloak.id config { version = 14 resources { resource_preset_id = "s2.micro" disk_type_id = "network-ssd" disk_size = 10 } } host { zone = var.zone subnet_id = yandex_vpc_subnet.keycloaksubnet[0].id } } resource "yandex_mdb_postgresql_user" "pg_user" { cluster_id = yandex_mdb_postgresql_cluster.pg_cluster.id name = var.pg_db_user password = var.pg_db_pass } resource "yandex_mdb_postgresql_database" "pg_db" { cluster_id = yandex_mdb_postgresql_cluster.pg_cluster.id name = var.pg_db_name owner = yandex_mdb_postgresql_user.pg_user.name lc_collate = "en_US.UTF-8" lc_type = "en_US.UTF-8" } ================================================ FILE: encrypt_and_keys/manage_secrets/terraform-lockbox-vm-credentials/06-kc-vm.tf ================================================ data "yandex_compute_image" "vm_image" { family = var.image_family } #Create KeyCloak VM resource "yandex_compute_instance" "keycloak" { name = var.keycloak_name hostname = var.keycloak_name zone = var.zone platform_id = var.platform_id service_account_id = yandex_iam_service_account.kc-sa.id resources { cores = var.cores memory = var.memory } boot_disk { initialize_params { image_id = data.yandex_compute_image.vm_image.id size = 30 } } network_interface { subnet_id = yandex_vpc_subnet.keycloaksubnet[0].id nat = var.nat } metadata = { user-data = templatefile("${path.module}/kc-install.yml", { ssh_key = "${chomp(tls_private_key.ssh.public_key_openssh)}" DomainFQDN = var.domain_fqdn KC_VER = var.kc_ver KC_PORT = var.kc_port PG_DB_HOST = yandex_mdb_postgresql_cluster.pg_cluster.host.0.fqdn PG_DB_NAME = var.pg_db_name SA_NAME = yandex_iam_service_account.kc-sa.name SECRET_ID = yandex_lockbox_secret.password_secret.id } ) } depends_on = [ local_file.private_key, yandex_mdb_postgresql_cluster.pg_cluster, yandex_mdb_postgresql_database.pg_db, yandex_kms_symmetric_key.kc-key, yandex_iam_service_account.kc-sa, yandex_lockbox_secret.password_secret, null_resource.lockbox_secrets_access_binding ] } output "keycloak_name" { value = yandex_compute_instance.keycloak.name } output "keycloak_address" { value = yandex_compute_instance.keycloak.network_interface.0.nat_ip_address } output "public_key" { value = chomp(tls_private_key.ssh.public_key_openssh) } ================================================ FILE: encrypt_and_keys/manage_secrets/terraform-lockbox-vm-credentials/README.md ================================================ # Yandex Cloud Lockbox password solution. Сценарий для развертывания IdP KeyCloak с хранением и получением пар логин/пароль в Yandex Cloud Lockbox. # Проблематика При запуске KeyCloak на ВМ как сервис, в конфигурацию /lib/systemd/system/keycloak.service необходимо прописывать логин и пароль в базе данных и логин с паролем администратора в явном виде. При обычном развертывании таких сценариев, приходится передавать секреты в user-data так же в явном виде. # Решение Назначенный на виртуальную машину сервисный аккаунт может аутентифицироваться и авторизоваться в IAM изнутри гостевой ОС по упрощенной схеме. Т.е. достаточно просто получить IAM-токен через yc cli или REST API, не передавая никакой информации о субъекте. Это дает возможность при минимально необходимых правах безопасно передать в гостевую ОС пару ключ/значение (секретная часть) из Lockbox с помощью сервисного аккаунта. # Безопасная конфигурация solution_schema 1. Сервисный аккаунт обращается к секрету Lockbox через REST 2. Lockbox проверяет права на секрет и на ключ, расшифровывает секрет 3. В гостевую ОС возвращается JSON с секретом После применения сценария развертывания скрипт удаляет все промежуточные файлы с секретами и удаляет сервисный аккаунт. # Настройка окружения Предполагаем, что у вас уже есть доступ в Yandex Cloud, вы знаете идентификатор своего облака (`cloud-id`) и [идентификатор каталога](https://cloud.yandex.ru/docs/resource-manager/operations/folder/get-id) (`folder-id`) в вашем облаке где будут создаваться облачные ресурсы. ## Установка YC CLI Для развёртывания рабочего окружения установим инструмент `Yandex Cloud CLI (yc)` на свой компьютер (подробная [инструкция](https://cloud.yandex.ru/docs/cli/operations/install-cli#interactive)). ## Установка git Для загрузки рецепта Terraform установите git [по инструкции](https://git-scm.com/book/ru/v2/Введение-Установка-Git). ## Установка Terraform Установите инструмент `Terraform` на свой компьютер (если он уже не установлен) по [(инструкции)](https://cloud.yandex.ru/docs/tutorials/infrastructure-management/terraform-quickstart#install-terraform). ### Установка Terraform для Windows: Распакуйте архив и скопируйте файл terraform.exe в каталог `C:\Windows\System32` Для корректной установки всех необходимых ресурсов Terraform создайте в домашнем каталоге (`/home/` - для MacOS и Linux, `C:\Users\Administrator\AppData\Roaming`- для Windows) файл `.terraformrc` (для Windows `terraform.rc`) с содержимым: ```bash provider_installation { network_mirror { url = "https://terraform-mirror.yandexcloud.net/" include = ["registry.terraform.io/*/*"] } direct { exclude = ["registry.terraform.io/*/*"] } } ``` ## Подключение к Web консоли облака * [Подключение к Web консоли облака с помощью Яндекс ID (Option A)](#yandex-id) * [Подключение к Web консоли облака с помощью Федерации удостоверений сервиса Организации (Option B)](#federation-id) ### Подключение к Web консоли облака с помощью Яндекс ID (Option A) * Откроем в новой вкладке браузера [консоль облака](https://console.cloud.yandex.ru/) и, слева внизу, выберем `Учетная запись` и выйдем из всех текущих аккаунтов облака. В результате на экране должна показаться страница с кнопкой `Войти в аккаунт на Яндексе`. Закроем эту страницу. * Откроем в новой вкладке [ссылку](https://passport.yandex.ru/auth?mode=add-user&retpath=https%3A%2F%2Fconsole.cloud.yandex.ru%2F) где будет предложено авторизоваться в Яндекс ID * Введём имя и пароль пользователя для учётной записи Яндекс ID, после чего произойдёт перенаправление в консоль Yandex Cloud * Перейдём по [ссылке](https://oauth.yandex.ru/authorize?response_type=token&client_id=1a6990aa636648e9b2ef855fa7bec2fb) для получения OAuth Token. Значение token будет выглядеть примерно так `AQAAAAAABQ0pAATrwPdubkJPerC4mJyaRELWbUY` * Сохраним полученное значение Token в переменной окружения (для Windows – PowerShell, MacOS и Linux – bash) #### Windows: ```PowerShell $env:YC_TOKEN="<ваш OAuth Token>" ``` #### MacOS и Linux: ```bash export YC_TOKEN=<ваш OAuth Token> ``` Создадим профиль в yc для работы с облаком #### Настройка профиля yc в MacOS и Linux: ```bash yc config profile create lockbox yc config set cloud-id yc config set folder-id yc config set token $YC_TOKEN ``` #### Настройка профиля yc в Windows: ```PowerShell yc config profile create lockbox yc config set cloud-id yc config set folder-id yc config set token $env:YC_TOKEN ``` где вместо `` нужно указать идентификатор своего облака, а вместо `` нужно указать идентификатор каталога в облаке. Идентификаторы можно получить из консоли облака через веб интерфейс. ### Подключение к Web консоли облака с помощью Федерации удостоверений сервиса Организации (Option B) * Создадим профиль в `yc` для работы с облаком ```bash yc config profile create lockbox yc config set cloud-id yc config set folder-id yc config set federation-id ``` где вместо \ нужно указать идентификатор своего облака, например, `b1g8d7gjpvedf23hg3sv`, вместо \ нужно указать идентификатор каталога в облаке, например, `b1guv7crr32qfgiimxwp`, а вместо \ нужно указать идентификатор федерации, например, `yc.your-org-name.federation`. Идентификаторы можно получить из консоли облака через веб интерфейс в разделе сервиса Organizations. ### Загрузка сценария Terraform ```bash git clone https://github.com/Sayanaro/YandexCloud-Security-Course-KeyCloackVersion.git cd YandexCloud-Security-Course-KeyCloackVersion ``` ## Развёртывание рабочей среды с помощью Terraform Имена виртуальных машин, домена, и пользователей задаются переменными в файле `terraform.tfvars`. Остальные переменные заданы в файле `variables.tf` в параметрах по умолчанию. Для начала зададим переменные окружения: ### Еслим вы используете учетную запись Яндекс ID: #### Windows: * Запустите консоль PowerShell * Выполните: ```PowerShell yc config profile activate security $env:YC_TOKEN = "ваш OAuth токен" $env:YC_CLOUD_ID=$(yc config get cloud-id) $env:YC_FOLDER_ID=$(yc config get folder-id) ``` #### MacOS/Linux: * Запустите консоль bash * Выполните: ```bash yc config profile activate security export YC_TOKEN="ваш OAuth токен" export YC_CLOUD_ID=$(yc config get cloud-id) export YC_FOLDER_ID=$(yc config get folder-id) ``` ### Еслим вы используете федеративную учетную запись: #### Windows: * Запустите консоль PowerShell * Выполните: ```PowerShell yc config profile activate security $env:YC_TOKEN = $(yc iam create token) $env:YC_CLOUD_ID=$(yc config get cloud-id) $env:YC_FOLDER_ID=$(yc config get folder-id) ``` #### MacOS/Linux: * Запустите консоль bash * Выполните: ```bash yc config profile activate security export YC_TOKEN=$(yc iam create token) export YC_CLOUD_ID=$(yc config get cloud-id) export YC_FOLDER_ID=$(yc config get folder-id) ``` ### Инициализация и старт сценария Инициализируйте Terraform: ```bash terraform init terraform apply ``` Сценарий попросит ввести 2 пароля: администратора и администратора базы данных PostgreSQL. Паролb должны быть не менее 8 символов, содержать строчные и заглавные буквы, минимум одну цифру 0-9 и минимум один спецсимвол (@#$%&*/:;"'\,.?+=-_). Спустя 4 минуты после завершения сценария сервер будет настроен и готов к работе. ## Подключение к ВМ ```bash # keycloak: ssh ubuntu@ -i pt_key.pem ================================================ FILE: encrypt_and_keys/manage_secrets/terraform-lockbox-vm-credentials/kc-install.yml ================================================ #cloud-config datasource: Ec2: strict_id: false my-data: DomainFQDN: ${DomainFQDN} KC_VER: ${KC_VER} KC_PORT: ${KC_PORT} PG_DB_HOST: ${PG_DB_HOST} PG_DB_NAME: ${PG_DB_NAME} SA_NAME: ${SA_NAME} SECRET_ID: ${SECRET_ID} ssh_pwauth: yes users: - name: ubuntu sudo: ALL=(ALL) NOPASSWD:ALL shell: /bin/bash ssh-authorized-keys: - "${ssh_key}" packages: - unzip write_files: - content: | #!/bin/bash apt-get update apt-get install -y bind9 apt-get install -y dnsutils apt-get install -y unzip # Installing jq sudo apt-get -y install jq ls path: "/root/get_tools.sh" permissions: "0740" - content: | #!/bin/bash sleep 30 hname=$(hostname) hostnamectl set-hostname $(hostname).${DomainFQDN} source /root/.bashrc # Getting IAM-token export IAM_TOKEN=$(curl -H Metadata-Flavor:Google http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token | jq '.access_token' | sed 's/"//g') # Getting secrets from Lockbox sudo curl -X GET -H "Authorization: Bearer $IAM_TOKEN" \ https://payload.lockbox.api.cloud.yandex.net/lockbox/v1/secrets/${SECRET_ID}/payload > /root/secrets.json # Getting secrets from json sudo echo "export KC_ADM_USER=$(cat /root/secrets.json | jq '.entries[0].key')" > /root/secrets.sh sudo echo "export KC_ADM_PASS=$(cat /root/secrets.json | jq '.entries[0].textValue')" >> /root/secrets.sh sudo echo "export PG_DB_USER=$(cat /root/secrets.json | jq '.entries[1].key')" >> /root/secrets.sh sudo echo "export PG_DB_PASS=$(cat /root/secrets.json | jq '.entries[1].textValue')" >> /root/secrets.sh chmod 755 /root/secrets.sh source /root/secrets.sh # Getting IP Address ip4=$(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1) fwd=$(echo $ip4 | awk '{split($1,p,"."); $1=p[1]"."p[2]"."p[3]"."} 1')"2" DomainName=$(echo ${DomainFQDN} | cut -f1 -d".") # Adding x.x.x.2 forwarder sudo chmod 777 /etc/bind/named.conf.options sudo cat < /etc/bind/named.conf.options options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forwarders { $fwd; }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; listen-on-v6 { any; }; }; EOF sudo chmod 644 /etc/bind/named.conf.options # Adding DNS Zones chmod 777 /etc/bind/named.conf.local cat <> /etc/bind/named.conf.local zone "${DomainFQDN}" { type master; file "/etc/bind/db.${DomainFQDN}"; }; zone "10.in-addr.arpa" { type master; file "/etc/bind/db.10"; }; zone "192.in-addr.arpa" { type master; file "/etc/bind/db.192"; }; zone "172.in-addr.arpa" { type master; file "/etc/bind/db.172"; }; EOF chmod 644 /etc/bind/named.conf.local # Configuring DNS Primary zone cp /etc/bind/db.local /etc/bind/db.${DomainFQDN} chmod 777 /etc/bind/db.${DomainFQDN} cat < /etc/bind/db.${DomainFQDN} ; ; BIND data file for ${DomainFQDN} ; \$TTL 604800 @ IN SOA $DomainName. root.${DomainFQDN}. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns.${DomainFQDN}. @ IN A $ip4 @ IN AAAA ::1 ns IN A $ip4 $hname IN A $ip4 keycloak IN A $ip4 crl IN A $ip4 EOF chmod 644 /etc/bind/db.${DomainFQDN} # Configuring DNS Reverse Zones cp /etc/bind/db.127 /etc/bind/db.10 chmod 777 /etc/bind/db.10 cat < /etc/bind/db.10 ; ; BIND reverse data file for 10.x.x.x net ; \$TTL 604800 @ IN SOA $DomainName. root.${DomainFQDN}. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns. 10 IN PTR ns.${DomainFQDN}. EOF chmod 644 /etc/bind/db.10 cp /etc/bind/db.127 /etc/bind/db.192 chmod 777 /etc/bind/db.192 cat < /etc/bind/db.192 ; ; BIND reverse data file for 192.x.x.x net ; \$TTL 604800 @ IN SOA $DomainName. root.${DomainFQDN}. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns. 192 IN PTR ns.${DomainFQDN}. EOF chmod 644 /etc/bind/db.192 cp /etc/bind/db.127 /etc/bind/db.172 chmod 777 /etc/bind/db.172 cat < /etc/bind/db.172 ; ; BIND reverse data file for 172.x.x.x net ; \$TTL 604800 @ IN SOA $DomainName. root.${DomainFQDN}. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns. 172 IN PTR ns.${DomainFQDN}. EOF chmod 644 /etc/bind/db.172 # Restarting bind systemctl restart bind9 chmod 777 /etc/netplan/01-netcfg.yaml sudo cat <> /etc/netplan/01-netcfg.yaml nameservers: addresses: [$ip4] EOF chmod 644 /etc/netplan/01-netcfg.yaml netplan apply # Installing pre-requisites apt-get install -y wget apt-get install -y ca-certificates apt-get install -y apache2 # Creating catalogs mkdir /opt/ca cd /opt/ca chmod 777 /opt/ca mkdir certs crl newcerts private touch index.txt echo 1000 > serial echo 20 > /opt/ca/crlnumber chmod 755 /opt/ca chmod 700 private # Downloading OpenSSL config fo root ca wget https://raw.githubusercontent.com/Sayanaro/YandexCloud-Security-Course-KeyCloackVersion/master/init/openssl.cnf # Creating self-signed Root CA certificate with 10 years lifetime openssl req -new -x509 -newkey rsa:4096 -days 3650 -config openssl.cnf -sha256 -extensions v3_ca -nodes -x509 \ -subj "/C=RU/ST=Moscow/L=Moscow/O=Yandex Pacticum/OU=Lab/CN=LAB CLASS1 Root CA" \ -keyout /opt/ca/private/ca.key.pem -out /opt/ca/certs/ca.cert.pem echo "crlDistributionPoints = URI:http://crl.${DomainFQDN}/rootca.crl" >> /opt/ca/openssl.cnf echo "authorityInfoAccess = caIssuers;URI:http://crl.${DomainFQDN}/ca.crt" >> /opt/ca/openssl.cnf openssl ca -config /opt/ca/openssl.cnf \ -gencrl -out /opt/ca/crl/rootca.crl.pem # Making ca cert trustable cp /opt/ca/certs/ca.cert.pem /usr/local/share/ca-certificates/ca.cert.crt update-ca-certificates # Creating Intermediate Issuing CA mkdir /opt/ca/intermediate cd /opt/ca/intermediate mkdir certs crl csr newcerts private chmod 777 /opt/ca/intermediate touch index.txt echo 1000 > serial echo 1000 > /opt/ca/intermediate/crlnumber wget https://raw.githubusercontent.com/Sayanaro/YandexCloud-Security-Course-KeyCloackVersion/master/init/intermediate/openssl.cnf chmod 755 /opt/ca/intermediate chmod 700 private cd /opt/ca # Creating Intermediate CA PKCS#10 request openssl req -new -newkey rsa:4096 -config /opt/ca/intermediate/openssl.cnf -sha256 -nodes \ -subj "/C=RU/ST=Moscow/L=Moscow/O=Yandex Pacticum/OU=Lab/CN=LAB Issuing CA" \ -keyout /opt/ca/intermediate/private/intermediate.key.pem -out /opt/ca/intermediate/csr/intermediate.csr.pem chmod 400 /opt/ca/intermediate/private/intermediate.key.pem # Signing Intermediate CA Request openssl ca -batch -config openssl.cnf -extensions v3_intermediate_ca \ -days 1825 -notext -md sha256 \ -in /opt/ca/intermediate/csr/intermediate.csr.pem \ -out /opt/ca/intermediate/certs/intermediate.cert.pem chmod 444 intermediate/certs/intermediate.cert.pem # Creating chain cat /opt/ca/intermediate/certs/intermediate.cert.pem \ /opt/ca/certs/ca.cert.pem > /opt/ca/intermediate/certs/ca-chain.cert.pem # Adding CDP and AIA extensions echo "crlDistributionPoints = URI:http://crl.${DomainFQDN}/intermediate.crl" >> /opt/ca/intermediate/openssl.cnf echo "authorityInfoAccess = caIssuers;URI:http://crl.${DomainFQDN}/intermediate.crt" >> /opt/ca/intermediate/openssl.cnf # Creating Intermediate CA CRL openssl ca -config /opt/ca/intermediate/openssl.cnf \ -gencrl -out /opt/ca/intermediate/crl/intermediate.crl.pem cp /opt/ca/intermediate/certs/intermediate.cert.pem /usr/local/share/ca-certificates/intermediate.cert.crt update-ca-certificates # Configuring Apache2 sudo chmod 777 /etc/apache2/sites-available/000-default.conf cat < /etc/apache2/sites-available/000-default.conf # Basic server information ServerAdmin user@yantoso.com ServerName crl.${DomainFQDN} # Set-up serving directory DocumentRoot /var/www/crl.${DomainFQDN} Options Indexes AllowOverride None # Setup logs LogLevel warn ErrorLog /var/log/apache2/crl.${DomainFQDN}/error.log CustomLog /var/log/apache2/crl.${DomainFQDN}/access.log combined EOF sudo chmod 644 /etc/apache2/sites-available/000-default.conf mkdir /var/www/crl.${DomainFQDN}/ mkdir /var/log/apache2/crl.${DomainFQDN}/ chown root.adm /var/log/apache2/crl.${DomainFQDN}/ chmod 750 /var/log/apache2/crl.${DomainFQDN}/ # Copying CRL and certificates to Apache folder cp /opt/ca/intermediate/crl/intermediate.crl.pem /var/www/crl.${DomainFQDN}/intermediate.crl cp /opt/ca/intermediate/certs/intermediate.cert.pem /var/www/crl.${DomainFQDN}/intermediate.crt cp /opt/ca/crl/rootca.crl.pem /var/www/crl.${DomainFQDN}/rootca.crl cp /opt/ca/certs/ca.cert.pem /var/www/crl.${DomainFQDN}/ca.crt cp /opt/ca/intermediate/certs/ca-chain.cert.pem /var/www/crl.${DomainFQDN}/ systemctl restart apache2 cd /opt/ca # Creating certificate for KeyCloak echo "subjectAltName = DNS:$(hostname)" >> /opt/ca/intermediate/openssl.cnf openssl req -new -sha256 -newkey rsa:2048 -config /opt/ca/intermediate/openssl.cnf -nodes \ -subj "/C=RU/ST=Moscow/L=Moscow/O=Yandex Pacticum/OU=Lab/CN=$(hostname)" \ -addext "subjectAltName = DNS:$(hostname)" \ -keyout /opt/ca/intermediate/private/$(hostname).key.pem -out /opt/ca/intermediate/csr/$(hostname).csr.pem openssl ca -batch -config /opt/ca/intermediate/openssl.cnf \ -extensions server_cert -days 365 -notext -md sha256 \ -in /opt/ca/intermediate/csr/$(hostname).csr.pem \ -out /opt/ca/intermediate/certs/$(hostname).cert.pem chmod 777 /opt/ca/intermediate/certs/$(hostname).cert.pem sed -i '$ d' /opt/ca/intermediate/openssl.cnf # Adding chan to cert cat /opt/ca/intermediate/certs/$(hostname).cert.pem \ /opt/ca/intermediate/certs/intermediate.cert.pem \ /opt/ca/certs/ca.cert.pem > /opt/ca/intermediate/certs/ca-chain-cert.pem cp /opt/ca/intermediate/certs/ca-chain-cert.pem /var/www/crl.${DomainFQDN}/ systemctl restart apache2 # KeyCloak installation script by Alex Kitaev # Include variables source kc-data.sh while [ ! -f /opt/ca/intermediate/certs/$(hostname).cert.pem ] do sleep 2 # or less like 0.2 done # Change Timezone timedatectl set-timezone Europe/Moscow # Install Packages apt-get install -y unzip openjdk-17-jre # This lab emulates secured enterprise environment. # So we use local 2-tier PKI. # All paths are hardcoded. # ATEENTION! # NEVER DEPLOY CAs AND IDP IN ONE SERVER!!! # Get Keycloak distro and put files to the right place curl -sLO https://github.com/keycloak/keycloak/releases/download/${KC_VER}/keycloak-${KC_VER}.zip unzip -q keycloak-${KC_VER}.zip rm -f keycloak-${KC_VER}/bin/*.bat mkdir -p /opt/keycloak cp -R keycloak-${KC_VER}/* /opt/keycloak rm -rf keycloak-${KC_VER}/ keycloak-${KC_VER}.zip # Import configuration from realm config file export PATH=$PATH:/opt/keycloak/bin kc.sh build cp /opt/ca/intermediate/certs/$(hostname).cert.pem /opt/keycloak cp /opt/ca/intermediate/private/$(hostname).key.pem /opt/keycloak # Prepare systemd things groupadd keycloak useradd -r -g keycloak -d /opt/keycloak -s /sbin/nologin keycloak chown -R keycloak:keycloak /opt/keycloak chmod o+x /opt/keycloak/bin/ cat < /lib/systemd/system/keycloak.service [Unit] Description=Keycloak Service After=network.target [Service] User=keycloak Group=keycloak PIDFile=/var/run/keycloak/keycloak.pid WorkingDirectory=/opt/keycloak Environment="KEYCLOAK_ADMIN=$KC_ADM_USER" Environment="KEYCLOAK_ADMIN_PASSWORD=$KC_ADM_PASS" ExecStart=/opt/keycloak/bin/kc.sh start \\ --hostname=$(hostname) \\ --https-certificate-file=/opt/keycloak/$(hostname).cert.pem \\ --https-certificate-key-file=/opt/keycloak/$(hostname).key.pem \\ --db-url-database=${PG_DB_NAME} \\ --db-url-host=${PG_DB_HOST} \\ --db-username=$PG_DB_USER \\ --db-password=$PG_DB_PASS \\ --hostname-strict=true \\ --http-enabled=false \\ --https-protocols=TLSv1.3,TLSv1.2 \\ --https-port=${KC_PORT} \\ --log-level=INFO [Install] WantedBy=multi-user.target EOF # Start Keycloak via systemd systemctl daemon-reload sleep 3 systemctl start keycloak systemctl enable keycloak # Waiting until KC has been started while :; do curl -sf "https://$(hostname):${KC_PORT}" -o /dev/null && break sleep 10 done # sudo rm -rf /root/* ls path: "/root/guest_prep.sh" permissions: "0740" runcmd: - sleep 30 - sudo -i - /root/get_tools.sh - sudo -i - source "/root/.bashrc" - sudo -i - /root/guest_prep.sh ================================================ FILE: encrypt_and_keys/manage_secrets/terraform-lockbox-vm-credentials/openssl.cnf ================================================ [ ca ] # `man ca` default_ca = CA_default [ CA_default ] # Directory and file locations. dir = /opt/ca/intermediate certs = $dir/certs crl_dir = $dir/crl new_certs_dir = $dir/newcerts database = $dir/index.txt serial = $dir/serial RANDFILE = $dir/private/.rand # The root key and root certificate. private_key = $dir/private/intermediate.key.pem certificate = $dir/certs/intermediate.cert.pem # For certificate revocation lists. crlnumber = $dir/crlnumber crl = $dir/crl/intermediate.crl.pem crl_extensions = crl_ext default_crl_days = 30 # SHA-1 is deprecated, so use SHA-2 instead. default_md = sha256 name_opt = ca_default cert_opt = ca_default default_days = 375 preserve = no policy = policy_loose [ policy_strict ] # The root CA should only sign intermediate certificates that match. # See the POLICY FORMAT section of `man ca`. countryName = optional stateOrProvinceName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ policy_loose ] # Allow the intermediate CA to sign a more diverse range of certificates. # See the POLICY FORMAT section of the `ca` man page. countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ req ] # Options for the `req` tool (`man req`). default_bits = 2048 distinguished_name = req_distinguished_name string_mask = utf8only # SHA-1 is deprecated, so use SHA-2 instead. default_md = sha256 # Extension to add when the -x509 option is used. x509_extensions = v3_ca [ req_distinguished_name ] # See . countryName = RU stateOrProvinceName = Moscow localityName = Moscow 0.organizationName = Yandex Practicum organizationalUnitName = Lab commonName = Lab Issuing CA emailAddress = user@yantoso.com # Optionally, specify some defaults. countryName_default = RU stateOrProvinceName_default = Moscow localityName_default = Moscow 0.organizationName_default = Yandex Practicum organizationalUnitName_default = Lab emailAddress_default = [ v3_ca ] # Extensions for a typical CA (`man x509v3_config`). subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer basicConstraints = critical, CA:true keyUsage = critical, digitalSignature, cRLSign, keyCertSign [ v3_intermediate_ca ] # Extensions for a typical intermediate CA (`man x509v3_config`). subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer basicConstraints = CA:true keyUsage = digitalSignature, cRLSign, keyCertSign [ crl_ext ] # Extension for CRLs (`man x509v3_config`). authorityKeyIdentifier=keyid:always [ server_cert ] # Extensions for server certificates (`man x509v3_config`). basicConstraints = CA:FALSE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer:always keyUsage = digitalSignature, keyEncipherment extendedKeyUsage = serverAuth ================================================ FILE: encrypt_and_keys/manage_secrets/terraform-lockbox-vm-credentials/terraform.tfvars.example ================================================ #===== KeyCloak Servise variables ===== keycloak_name = "kc-01" domain_fqdn = "yp-lab.edu" pg_db_name = "kc-sql" kc_ver = "18.0.0" kc_port = "8443" kc_adm_user = "admin" pg_db_user = "dbuser" # ===== Access zone parameter ===== zone = "ru-central1-a" # ===== Service account ====== sa_name = "kc-sa" # ===== Network variables ===== vpc_name = "kc-network" net_cidr = [ { name = "kc-subnet-a", zone = "ru-central1-a", prefix = "10.130.1.0/24" }, { name = "kc-subnet-b", zone = "ru-central1-b", prefix = "10.131.1.0/24" }, { name = "kc-subnet-c", zone = "ru-central1-c", prefix = "10.132.1.0/24" }, ] # ===== KeyCloak VM parameters ===== image_family = "ubuntu-2004-lts" platform_id = "standard-v3" cores = 2 memory = 4 disk_size = 50 disk_type = "network-nvme" # ===== Secret and keys parameters ===== secret_name = "kc-secrets" kms_key_name = "kc-key" ================================================ FILE: encrypt_and_keys/manage_secrets/terraform-lockbox-vm-credentials/variables.tf ================================================ variable "vpc_name" { description = "VPC Name" type = string } variable "net_cidr" { description = "Subnet structure primitive" type = list(object({ name = string, zone = string, prefix = string })) validation { condition = length(var.net_cidr) >= 1 error_message = "At least one Subnet/Zone should be used." } } variable "zone" { type = string } variable "nat" { type = bool default = true } variable "image_family" { type = string } variable "platform_id" { type = string } variable "keycloak_name" { type = string } variable "cores" { type = number } variable "memory" { type = number } variable "disk_size" { type = number } variable "disk_type" { type = string } variable "timeout_create" { default = "10m" } variable "timeout_delete" { default = "10m" } #----------------------------------------- variable "domain_fqdn" { type = string } variable "kc_ver" { description = "Keycloak version" type = string } variable "kc_port" { description = "Keycloak HTTPS port listener" type = string } variable "kc_adm_user" { description = "Keycloak admin user name" type = string } variable "kc_adm_pass" { description = "Keycloak admin user password" type = string } variable "pg_db_name" { description = "PostgeSQL cluster and database name" type = string } variable "pg_db_user" { description = "PostgeSQL database user name" type = string } variable "pg_db_pass" { description = "PostgeSQL database user's password" type = string } variable "secret_name" { type = string } variable "kms_key_name" { type = string } variable "sa_name" { type = string } ================================================ FILE: encrypt_and_keys/manage_secrets/windows-vm-secure-passwords/README.md ================================================ # YC Windows VM Безопасная передача паролей в скрипт инициализации ## Проблема По умолчанию все передаваемые в vm метаданные доступны для чтения, адмнистраторам. При этом, администраторы облачных контейнеров не обязательно должны иметь доступ к гостевой ОС. Пример: ![Plain text example](.img/1-plaintext.png) для безопасной передачи и хранения секретов (паролей, приватных ключей) в гостевую ОС через сервис метаданных предлагается использовать скрипт инициализации с использованием сервиса Lockbox. ## Решение Назначенный на виртуальную машину сервисный аккаунт может аутентифицироваться и авторизоваться в IAM изнутри гостевой ОС по упрощенной схеме. Т.е. достаточно просто получить IAM-токен через yc cli или REST API, не передавая никакой информации о субъекте. Это дает возможность при минимально необходимых правах безопасно передать в гостевую ОС пару ключ/значение (секретная часть) из Lockbox с помощью сервисного аккаунта. ![Secured solution](.img/solution.png) ### 1. Создать сервисный аккаунт На уровне каталога на вкладке `Service Accounts` создадим сервисный аккаунт в контексте которого скрипт будет обращаться к сервисам KMS и Lockbox. ![Service Account](.img/2-sa.png) Обратите внимание, что на данном этапе роли не назначаются, тк роли уровня каталога дадут сервисному аккаунту доступ ко всем ключам и секретам каталога. ### 2. Создать ключ KMS Создадим ключ KMS и на вкладке **Access Bindings** ключа назначим сервисному аккаунту роль `kms.keys.encrypterDercrypter`. ![Creating KMS Key](.img/3-kms.png) Роль на уровне ключа гарантирует гранулярный доступ к операциям на конкретном ключе для сервисного аккаунта. ### 3. Создать секрет в Lockbox Создадим секрет с указанием ключа шифрования. ![Creating Lockbox Secret](.img/4-lockbox.png) В одном секрете может быть несколько пар ключ-значение. Каждая пара ключ-значение представляет из себя логин и пароль пользователя. Первым всегда должен стоять локальный администратор по умолчанию. Остальные пользователи будут циклично созданы с минимальными правами в ОС. На вкладке **Access Bindings** выдадим сервисному аккаунту роль `lockbox.payloadViewer` ![Lockbox Secret Access Binding](.img/5-lockbox-sa-binding.png) ### 4. Создать Виртуальную машину Создадим файл `init.ps1` с содержимым: ```PowerShell #ps1 # ^^^ 'ps1' is only for cloudbase-init, some sort of sha-bang in linux # logging Start-Transcript -Path "$ENV:SystemDrive\provision2.txt" -IncludeInvocationHeader -Force "Bootstrap script started" | Write-Host # You have to create Lockbox secret # and assign service account with roles lockbox.payloadViewer and kms.key.encryptorDecryptor to VM # HERE'S ENTER YOUR SECRET'S ID OF IMPORT FROM TERRAFORM VARIABLE: $SecretID = "" [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $SecretURL = "https://payload.lockbox.api.cloud.yandex.net/lockbox/v1/secrets/$SecretID/payload" "Secret ID is $SecretID" "Payload URL is $SecretURL" $YCToken = (Invoke-RestMethod -Headers @{'Metadata-Flavor'='Google'} -Uri "http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token").access_token if (!$YCToken) { throw "Service Account doesn't connected to VM. Please, add Service account with roles lockbox.payloadViewer and kms.key.encryptorDecryptor to VM and try again." } # Creating parameters for REST-invokations $Headers = @{ Authorization="Bearer $YCToken" } $Params = @{ Uri = $SecretURL Method = "GET" Headers = $Headers } # Getting secret via REST invoke $Secret = Invoke-RestMethod @Params $SecretAdministratorPlainTextPassword = $Secret.entries[0].textValue # inserting value's from terraform if (-not [string]::IsNullOrEmpty($SecretAdministratorPlainTextPassword)) { "Set local administrator password" | Write-Host $SecretAdministratorPassword = $SecretAdministratorPlainTextPassword | ConvertTo-SecureString -AsPlainText -Force # S-1-5-21domain-500 is a well-known SID for Administrator # https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/security-identifiers-in-windows $Administrator = Get-LocalUser | Where-Object -Property "SID" -like "S-1-5-21-*-500" $Administrator | Set-LocalUser -Password $SecretAdministratorPassword } # Creating new users if any if($Secret.entries.count -gt 1) { foreach($User in $Secret.entries[1..($Secret.entries.count-1)]){ $SecretUserPassword = $User.textValue | ConvertTo-SecureString -AsPlainText -Force New-LocalUser -Name $User.key -Password $SecretUserPassword -FullName $User.key Add-LocalGroupMember -Group Users -Member $User.key Add-LocalGroupMember -Group "Remote Desktop Users" -Member $User.key } } "Bootstrap script ended" | Write-Host ``` Здесь в переменную `$SecretID` необходимо указать id секрета Lockbox. Тк id секрета - не сам секрет, то это не является чувствительной информацией. **Создание ВМ (yc cli):** ```Bash yc compute instance create --name --hostname --zone ru-central1-a --create-boot-disk image-id= --cores 2 --core-fraction 100 --memory 4 --metadata-from-file user-data=init.ps1 --network-interface subnet-name=,nat-ip-version=ipv4 --service-account-name --platform standard-v3 ``` **Создание ВМ (UI):** В UI можно передать в user-data скрипт инициализации. Для этого в поле `key` нужно написать `user-data`, а в поле `Value` вставить скрипт инициализации ![Creating Windows VM via UI](.img/6-UI.png) ### 5. Проверка Теперь в метаданных ВМ чувствительные данные отсутствуют: ![Secured Metadata](.img/7-secured-metadata.png) ================================================ FILE: encrypt_and_keys/manage_secrets/windows-vm-secure-passwords/init-example.ps1 ================================================ #ps1 # ^^^ 'ps1' is only for cloudbase-init, some sort of sha-bang in linux # logging Start-Transcript -Path "$ENV:SystemDrive\provision2.txt" -IncludeInvocationHeader -Force "Bootstrap script started" | Write-Host # You have to create Lockbox secret # and assign service account with roles lockbox.payloadViewer and kms.key.encryptorDecryptor to VM # HERE'S ENTER YOUR SECRET'S ID OF IMPORT FROM TERRAFORM VARIABLE: $SecretID = "" [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $SecretURL = "https://payload.lockbox.api.cloud.yandex.net/lockbox/v1/secrets/$SecretID/payload" "Secret ID is $SecretID" "Payload URL is $SecretURL" $YCToken = (Invoke-RestMethod -Headers @{'Metadata-Flavor'='Google'} -Uri "http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token").access_token if (!$YCToken) { throw "Service Account doesn't connected to VM. Please, add Service account with roles lockbox.payloadViewer and kms.key.encryptorDecryptor to VM and try again." } # Creating parameters for REST-invokations $Headers = @{ Authorization="Bearer $YCToken" } $Params = @{ Uri = $SecretURL Method = "GET" Headers = $Headers } # Getting secret via REST invoke $Secret = Invoke-RestMethod @Params $SecretAdministratorPlainTextPassword = $Secret.entries[0].textValue # inserting value's from terraform if (-not [string]::IsNullOrEmpty($SecretAdministratorPlainTextPassword)) { "Set local administrator password" | Write-Host $SecretAdministratorPassword = $SecretAdministratorPlainTextPassword | ConvertTo-SecureString -AsPlainText -Force # S-1-5-21domain-500 is a well-known SID for Administrator # https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/security-identifiers-in-windows $Administrator = Get-LocalUser | Where-Object -Property "SID" -like "S-1-5-21-*-500" $Administrator | Set-LocalUser -Password $SecretAdministratorPassword } # Creating new users if any if($Secret.entries.count -gt 1) { foreach($User in $Secret.entries[1..($Secret.entries.count-1)]){ $SecretUserPassword = $User.textValue | ConvertTo-SecureString -AsPlainText -Force New-LocalUser -Name $User.key -Password $SecretUserPassword -FullName $User.key Add-LocalGroupMember -Group Users -Member $User.key Add-LocalGroupMember -Group "Remote Desktop Users" -Member $User.key } } "Bootstrap script ended" | Write-Host ================================================ FILE: encrypt_and_keys/manage_secrets/windows-vm-secure-passwords/terraform-example/00-provider.tf ================================================ # ================================== # Terraform & Provider Configuration # ================================== terraform { required_providers { yandex = { source = "yandex-cloud/yandex" } } required_version = ">= 0.13" } provider "yandex" { #service_account_key_file = "" #token = "" #cloud_id = "" #folder_id = "" zone = "ru-central1-a" } ================================================ FILE: encrypt_and_keys/manage_secrets/windows-vm-secure-passwords/terraform-example/01-vpc.tf ================================================ # =============== # VPC Resources # =============== resource "yandex_vpc_network" "win-network" { name = var.vpc_name } resource "yandex_vpc_subnet" "win-subnet" { count = length(var.net_cidr) name = var.net_cidr[count.index].name zone = var.net_cidr[count.index].zone v4_cidr_blocks = [var.net_cidr[count.index].prefix] network_id = "${yandex_vpc_network.win-network.id}" } ================================================ FILE: encrypt_and_keys/manage_secrets/windows-vm-secure-passwords/terraform-example/02-kms-and-ssh-keys.tf ================================================ # Creating symmetric KMS Key resource "yandex_kms_symmetric_key" "win-key" { name = "${var.kms_key_name}" description = "description for key" default_algorithm = "AES_256" } # SA role binding for KMS Key described in service-account.tf resource "yandex_kms_symmetric_key_iam_binding" "encrypterDecrypter" { symmetric_key_id = yandex_kms_symmetric_key.win-key.id role = "kms.keys.encrypterDecrypter" members = [ "serviceAccount:${yandex_iam_service_account.win-sa.id}", ] } ================================================ FILE: encrypt_and_keys/manage_secrets/windows-vm-secure-passwords/terraform-example/03-service-account.tf ================================================ # Creating Service Account resource "yandex_iam_service_account" "win-sa" { name = "${var.sa_name}" } # Creating self admin binding for future self deletion resource "yandex_iam_service_account_iam_binding" "sa-self-binding" { service_account_id = "${yandex_iam_service_account.win-sa.id}" role = "admin" members = [ "serviceAccount:${yandex_iam_service_account.win-sa.id}", ] } ================================================ FILE: encrypt_and_keys/manage_secrets/windows-vm-secure-passwords/terraform-example/04-lockbox-secret.tf ================================================ # Creating Lockbox secret resource "yandex_lockbox_secret" "password_secret" { name = var.secret_name kms_key_id = yandex_kms_symmetric_key.win-key.id labels = { "key_id" = "${yandex_kms_symmetric_key.win-key.id}" "service_account_id" = "${yandex_iam_service_account.win-sa.id}" } } # Creating Lockbox secret version resource "yandex_lockbox_secret_version" "secret_version" { secret_id = yandex_lockbox_secret.password_secret.id entries { key = "${var.windows_admin}" text_value = "${var.win_adm_pass}" } } # Creating Lockbox secret access binding via local exec because there are no terraform resources for secret access binding # yc cli is required! resource "null_resource" "lockbox_secrets_access_binding" { provisioner "local-exec" { command = <<-CMD yc lockbox secret add-access-binding --id ${yandex_lockbox_secret.password_secret.id} --role lockbox.payloadViewer --service-account-id ${yandex_iam_service_account.win-sa.id} CMD } provisioner "local-exec" { when = destroy command = <<-CMD yc lockbox secret delete --id ${yandex_lockbox_secret.password_secret.id} CMD } depends_on = [ yandex_kms_symmetric_key.win-key, yandex_iam_service_account.win-sa ] } ================================================ FILE: encrypt_and_keys/manage_secrets/windows-vm-secure-passwords/terraform-example/05-windows-vm.tf ================================================ data "yandex_compute_image" "vm_image" { image_id = var.image_id } data "template_file" "default" { template = file("init.ps1") vars = { secret_id = yandex_lockbox_secret.password_secret.id } } #Create VM resource "yandex_compute_instance" "windows" { name = var.vm_name hostname = var.host_name zone = var.zone platform_id = var.platform_id service_account_id = yandex_iam_service_account.win-sa.id resources { cores = var.cores memory = var.memory } boot_disk { initialize_params { image_id = data.yandex_compute_image.vm_image.id size = var.disk_size type = var.disk_type } } network_interface { subnet_id = yandex_vpc_subnet.win-subnet[0].id nat = var.nat } metadata = { user-data = data.template_file.default.rendered } depends_on = [ yandex_kms_symmetric_key.win-key, yandex_iam_service_account.win-sa, yandex_lockbox_secret.password_secret, null_resource.lockbox_secrets_access_binding ] } ================================================ FILE: encrypt_and_keys/manage_secrets/windows-vm-secure-passwords/terraform-example/init.ps1 ================================================ #ps1 # ^^^ 'ps1' is only for cloudbase-init, some sort of sha-bang in linux # logging Start-Transcript -Path "$ENV:SystemDrive\provision2.txt" -IncludeInvocationHeader -Force "Bootstrap script started" | Write-Host # You have to create Lockbox secret # and assign service account with roles lockbox.payloadViewer and kms.key.encryptorDecryptor to VM # HERE'S ENTER YOUR SECRET'S ID OF IMPORT FROM TERRAFORM VARIABLE: $SecretID = "${ secret_id }" [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $SecretURL = "https://payload.lockbox.api.cloud.yandex.net/lockbox/v1/secrets/$SecretID/payload" "Secret ID is $SecretID" "Payload URL is $SecretURL" $YCToken = (Invoke-RestMethod -Headers @{'Metadata-Flavor'='Google'} -Uri "http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token").access_token if (!$YCToken) { throw "Service Account doesn't connected to VM. Please, add Service account with roles lockbox.payloadViewer and kms.key.encryptorDecryptor to VM and try again." } # Creating parameters for REST-invokations $Headers = @{ Authorization="Bearer $YCToken" } $Params = @{ Uri = $SecretURL Method = "GET" Headers = $Headers } # Getting secret via REST invoke $Secret = Invoke-RestMethod @Params $SecretAdministratorPlainTextPassword = $Secret.entries[0].textValue # inserting value's from terraform if (-not [string]::IsNullOrEmpty($SecretAdministratorPlainTextPassword)) { "Set local administrator password" | Write-Host $SecretAdministratorPassword = $SecretAdministratorPlainTextPassword | ConvertTo-SecureString -AsPlainText -Force # S-1-5-21domain-500 is a well-known SID for Administrator # https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/security-identifiers-in-windows $Administrator = Get-LocalUser | Where-Object -Property "SID" -like "S-1-5-21-*-500" $Administrator | Set-LocalUser -Password $SecretAdministratorPassword } # Creating new users if any if($Secret.entries.count -gt 1) { foreach($User in $Secret.entries[1..($Secret.entries.count-1)]){ $SecretUserPassword = $User.textValue | ConvertTo-SecureString -AsPlainText -Force New-LocalUser -Name $User.key -Password $SecretUserPassword -FullName $User.key Add-LocalGroupMember -Group Users -Member $User.key Add-LocalGroupMember -Group "Remote Desktop Users" -Member $User.key } } "Bootstrap script ended" | Write-Host ================================================ FILE: encrypt_and_keys/manage_secrets/windows-vm-secure-passwords/terraform-example/terraform.tfvars.example ================================================ #===== VM variables ===== vm_name = "" host_name = ">" image_id = "" windows_admin = "Administrator" platform_id = "standard-v3" cores = 2 memory = 4 disk_size = 50 disk_type = "network-nvme" # ===== Access zone parameter ===== zone = "ru-central1-a" # ===== Service account ====== sa_name = "win-sa" # ===== Network variables ===== vpc_name = "network" net_cidr = [ { name = "subnet-a", zone = "ru-central1-a", prefix = "10.130.1.0/24" }, { name = "subnet-b", zone = "ru-central1-b", prefix = "10.131.1.0/24" }, { name = "subnet-c", zone = "ru-central1-c", prefix = "10.132.1.0/24" }, ] # ===== Secret and keys parameters ===== secret_name = "win-secrets" kms_key_name = "win-key" ================================================ FILE: encrypt_and_keys/manage_secrets/windows-vm-secure-passwords/terraform-example/variables.tf ================================================ variable "vpc_name" { description = "VPC Name" type = string } variable "net_cidr" { description = "Subnet structure primitive" type = list(object({ name = string, zone = string, prefix = string })) validation { condition = length(var.net_cidr) >= 1 error_message = "At least one Subnet/Zone should be used." } } variable "zone" { type = string } variable "nat" { type = bool default = true } variable "image_id" { type = string } variable "platform_id" { type = string } variable "vm_name" { type = string } variable "host_name" { type = string } variable "cores" { type = number } variable "memory" { type = number } variable "disk_size" { type = number } variable "disk_type" { type = string } #----------------------------------------- variable "secret_name" { type = string } variable "kms_key_name" { type = string } variable "sa_name" { type = string } variable "windows_admin" { type = string } variable "win_adm_pass" { type = string } ================================================ FILE: encrypt_and_keys/vault2lockbox/readme.md ================================================ # Vault-to-Lockbox Migrator Скрипт предназначен для миграции секретов из [HashiCorp Vault](https://www.hashicorp.com/products/vault) в сервис [Yandex Cloud Lockbox](https://cloud.yandex.ru/services/lockbox). Подробнее о сервисе Lockbox можно узнать в [статье](https://cloud.yandex.ru/blog/posts/2023/04/lockbox-ga). ### Что можно сделать с помощью скрипта - Проверить успешность подключения к Vault, выведя список хранящихся там секретов в консоль. - Выгрузить секреты из Vault в JSON файл. Файл можно отредактировать в любом редакторе, например если вы не хотите импортировать всё что было в Vault. - Загрузить секреты из JSON файла в Lockbox. - Удалить все секреты из Lockbox с помощью консольной команды. ### Начало работы 1. Установите Python версии 3.8 или выше. 2. Для работы скрипта в одной папке должны находиться файлы: - `vault_to_lockbox_migrator.py` — сам скрипт миграции - `requirements.txt` — список модулей, необходимых для корректной работы скрипта - `.env` — параметры конфигурации скрипта 4. Установите модули, выполнив в консоли команду: `pip install -r requirements.txt` 4. Заполните файл `.env` на основе таблицы с параметрами, приведенной ниже. 5. Запустите скрипт в консоли с помощью команды: `python vault_to_lockbox_migrator.py` 6. Для импорта секретов из Vault и переноса их в Lockbox, используйте параметры из таблицы приведенной ниже. ### Ограничения Секреты должны находиться в KV Version 2 Secrets Engine. ### Параметры для конфигурации скрипта _Вместо использования файла .env, можно передать в скрипт эти параметры через переменные среды._ | Параметр | Значение по умолчанию | Описание | Пример значения | |------------------|:----------------------|:-----------------------------------------------------------------|----------------------------------------| | VAULT_TOKEN | | Токен с правами доступа к значением секретов в Vault | "00000000-0000-0000-0000-000000000000" | | VAULT_URL | | Адрес сервера Vault | "https://localhost:8201" | | VAULT_ROOT_PATH | | Корневой путь в хранилище секретов Vault | "secret" | | VAULT_KV_VERSION | 2 | Версия KV хранилища | 2 | | VAULT_VERIFY_SSL | False | Отключить проверку сертификата при запросе API Vault | False | | YC_TOKEN | | Токен Yandex Cloud с правами создания секретов в сервисе Lockbox | "t1.9euxxx" | | YANDEX_FOLDER_ID | | Имя папки в Yandex Cloud, где будут создаваться секреты | "f9sdf9e" | | OUT_FILE | "secrets.json" | Имя файла для выгрузки секретов из Vault | "secrets.json" | | INPUT_FILE | "secrets.json" | Имя файла для загрузки секретов в Lockbox | "secrets.json" | ### Доступные параметры командной строки | Параметр | Описание | |--------------------------------|-------------------------------------------------------------------------------------------------------------------------------| | -h или --help | Вызов справки | | -l или --list | Вывод секретов Vault на экран | | -o или --outFile [filename] | Вывод секретов Vault в файл (если не указывать имя файла, то его имя будет загружено из переменной среды OUT_FILE) | | -m или --migrate | Перенос всех секретов из Vault в Lockbox | | -c или --createFrom [filename] | Создание секретов в Lockbox из файла (если не указывать имя файла, то его имя будет загружено из переменной среды INPUT_FILE) | | -d или --deleteAll | Удаление всех секретов в Lockbox | ================================================ FILE: encrypt_and_keys/vault2lockbox/requirements.txt ================================================ requests~=2.30.0 urllib3~=2.0.2 python-dotenv~=1.0.0 ================================================ FILE: encrypt_and_keys/vault2lockbox/vault_to_lockbox_migrator.py ================================================ """ Script to migrate secrets from Hashicorp Vault to Yandex Cloud Lockbox service command line options -l --list : dump Vault secrets to screen -o --outFile [FILENAME] : save Vault secrets to file [file name by default - secrets.json] -m --migrate : migrate all secrets from Vault to Lockbox -c --createFrom [FILENAME] : create secrets in Lockbox from file [file name by default - secrets.json] -d --deleteAll : delete all secrets in Lockbox To work properly, script need read config values. It's recommended to create .env file in the same directory as the script with the following content: VAULT_TOKEN = "00000000-0000-0000-0000-000000000000" VAULT_URL = "https://localhost:8201" VAULT_ROOT_PATH = "" VAULT_KV_VERSION = 2 VAULT_VERIFY_SSL = False YC_TOKEN = "" YANDEX_FOLDER_ID = "" OUT_FILE = "secrets.json" INPUT_FILE = "secrets.json" """ import requests import json import os from dotenv import load_dotenv import urllib.request, ssl, urllib.error import urllib3 import sys import getopt urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) g_vault_token = "" g_vault_url = "" g_vault_root_path = "" g_vault_kv_version = 2 g_vault_verify_ssl = False g_yandex_token = "" g_yandex_folder_id = "" g_yandex_url = "https://lockbox.api.cloud.yandex.net/lockbox/v1/secrets" g_out_file = "secrets.json" g_input_file = "secrets.json" g_secrets = {} # List Vault keys def vault_list_keys(root): url = f'{g_vault_url}/v1/{g_vault_root_path}/metadata/{root}' # print(f"Vault URL={url}") if g_vault_verify_ssl: opener = urllib.request.build_opener(urllib.request.HTTPHandler) else: ctx = ssl.create_default_context() ctx.check_hostname = False ctx.verify_mode = ssl.CERT_NONE opener = urllib.request.build_opener(urllib.request.HTTPSHandler(context=ctx), urllib.request.HTTPHandler) request = urllib.request.Request(url) request.add_header("X-Vault-Token", g_vault_token) request.get_method = lambda: 'LIST' try: response = opener.open(request) data = response.read() data_json = json.loads(data) # print(data_json["data"]["keys"]) for key in data_json["data"]["keys"]: if key[-1] == '/': vault_list_keys(root + key) else: vault_get_metadata(root + key) except urllib.error.HTTPError as err: print(f'A HTTPError was thrown: {err.code} {err.reason}') except urllib.error.URLError as err: print(f'A URLError was thrown: {err=}') except Exception as err: print(f"Unexpected {err=}, {type(err)=}") def vault_get_secrets(path, version, current_version, custom_metadata): url = f'{g_vault_url}/v1/{g_vault_root_path}/data/{path}?version={version}' headers = {'X-Vault-Token': g_vault_token} try: request = requests.get(url, headers=headers, verify=g_vault_verify_ssl) key_data = json.loads(request.text) if path not in g_secrets: g_secrets[path] = [] key_data['data']['metadata']['current_version'] = current_version g_secrets[path].append(key_data) except requests.HTTPError as err: print(f'A HTTPError was thrown: {err=}') except Exception as err: print(f"Unexpected {err=}, {type(err)=}") def vault_get_metadata(path): url = f'{g_vault_url}/v1/{g_vault_root_path}/metadata/{path}' headers = {'X-Vault-Token': g_vault_token} try: request = requests.get(url, headers=headers, verify=g_vault_verify_ssl) for item in request.json()['data']['versions']: if not request.json()['data']['versions'][item]['destroyed']: vault_get_secrets(path, item, request.json()['data']['current_version'], request.json()['data']['custom_metadata']) except requests.HTTPError as err: print(f'A HTTPError was thrown: {err=}') except Exception as err: print(f"Unexpected {err=}, {type(err)=}") def yandex_prepare_secrets_from_file(): try: with open(g_input_file) as f: t_dict = json.load(f) if t_dict: for key in t_dict: for secret in t_dict[key]: if secret["data"]["metadata"]["version"] == secret["data"]["metadata"]["current_version"]: yandex_create_secrets(key, secret) except FileNotFoundError as err: print(f'Input file "{g_input_file}" is not found.') except json.JSONDecodeError as err: print(f'Can not parse input file "{g_input_file}". Check JSON syntax.') except Exception as err: print(f"Unexpected {err=}, {type(err)=}") def yandex_prepare_secrets_from_var(): try: if g_secrets: for key in g_secrets: for secret in g_secrets[key]: if secret["data"]["metadata"]["version"] == secret["data"]["metadata"]["current_version"]: yandex_create_secrets(key, secret) except Exception as err: print(f"Unexpected {err=}, {type(err)=}") def yandex_create_secrets(path, secret_json): url = g_yandex_url headers = {"Authorization": f"Bearer {g_yandex_token}"} payload_dict = {} empty_dict = {} try: payload_dict["folderId"] = g_yandex_folder_id payload_dict["name"] = path payload_dict["versionDescription"] = "" payload_dict["description"] = "" payload_dict["labels"] = empty_dict payload_dict["kmsKeyId"] = "" payload_dict["deletionProtection"] = False payload_dict["versionPayloadEntries"] = yandex_create_secret_payloads(secret_json) request = requests.post(url, headers=headers, data=json.dumps(payload_dict)) if request.status_code == 200: print_data = json.loads(request.text) print(f'Secret {print_data["response"]["name"]} has created with id={print_data["metadata"]["secretId"]}') else: print(f'Error. {json.loads(request.text)["message"]}') except requests.HTTPError as err: print(f'A HTTPError was thrown: {err}') except Exception as err: print(f"Unexpected {err=}, {type(err)=}") def yandex_create_secret_payloads(secret_dict): t_arr = [] if len(secret_dict) == 0: return t_arr for key in secret_dict["data"]["data"]: if isinstance(secret_dict["data"]["data"][key], dict): t_arr.append({"key": "data", "textValue": f'{secret_dict["data"]["data"]}'}) return t_arr for key in secret_dict["data"]["data"]: t_arr.append({"key": key, "textValue": secret_dict["data"]["data"][key]}) return t_arr def yandex_get_secrets(): secret_id = "XXXXX" url = f"https://lockbox.api.cloud.yandex.net/lockbox/v1/secrets/{secret_id}" headers = {"Authorization": f"Bearer {g_yandex_token}"} print(headers) try: request = requests.get(url, headers=headers) print(request.json()) except requests.HTTPError as err: print(f'A HTTPError was thrown: {err=}') except Exception as err: print(f"Unexpected {err=}, {type(err)=}") def yandex_create_simple_secrets(): # Функция для создания одного секрета с заданными параметрами headers = {"Authorization": f"Bearer {g_yandex_token}"} payload_dict = {} # Если метки не нужны, оставьте этот словарь пустым, это необходимо для правильной работы запроса # !!! весь текст внутри labels_dict должен быть маленькими буквами и без пробелов labels_dict = {"label1": "label1_data", "label2": "label2_data"} t_arr = [] try: payload_dict["folderId"] = g_yandex_folder_id payload_dict["name"] = "test" payload_dict["description"] = "" payload_dict["labels"] = labels_dict payload_dict["kmsKeyId"] = "" payload_dict["versionDescription"] = "" payload_dict["deletionProtection"] = False t_arr.append({"key": "FirstKey", "textValue": "password1"}) t_arr.append({"key": "SecondKey", "textValue": "password2"}) payload_dict["versionPayloadEntries"] = t_arr # можно сохранить в файл для дальнейших тестов с curl # curl -X POST -d @./lockbox_simple_secret.json -H "Authorization: Bearer " https://lockbox.api.cloud.yandex.net/lockbox/v1/secrets # with open("lockbox_simple_secret.json", 'w') as f: # json.dump(payload_dict, f, indent=4) print(payload_dict) request = requests.post(g_yandex_url, headers=headers, data=json.dumps(payload_dict)) request.raise_for_status() print(request.text) except requests.HTTPError as err: print(f'A HTTPError was thrown: {err}') except Exception as err: print(f"Unexpected {err=}, {type(err)=}") def yandex_delete_all_secrets(): # Функция для удаления всех секретов в Lockbox Есть ограничения - по умолчанию происходит запрос 100 секретов за # один раз, если нужно больше, нужно менять параметры листинга секретов get_confirmation("This action will delete ALL secrets from Lockbox. Continue?") headers = {"Authorization": f"Bearer {g_yandex_token}"} params = {"folderId": g_yandex_folder_id} update_string = '{"updateMask": "deletionProtection","deletionProtection": false}' try: request = requests.get(g_yandex_url, headers=headers, params=params) if request.status_code == 200: if len(json.loads(request.text)) > 0: for item in request.json()["secrets"]: # Сначала, если есть, убираем запрет на удаление if item["deletionProtection"]: print(f'Update delete protection for secretId {item["id"]}') u_request = requests.patch(f'{g_yandex_url}/{item["id"]}', headers=headers, data=update_string) u_request.raise_for_status() print(f'Delete secret with secretId {item["id"]}') d_request = requests.delete(f'{g_yandex_url}/{item["id"]}', headers=headers) d_request.raise_for_status() else: print(f'There are no secrets in Lockbox service.') else: print(f'Error. {json.loads(request.text)["message"]}') except requests.HTTPError as err: print(f'A HTTPError was thrown: {err=}') except Exception as err: print(f"Unexpected {err=}, {type(err)=}") def get_confirmation(prompt): answer = "" while answer not in ["y", "n"]: answer = input(f"{prompt} [Y/N]? ").lower() if answer == "n": sys.exit(0) def dump_to_screen(): # List all secrets to screen vault_list_keys('') print(json.dumps({**{}, **g_secrets}, indent=2)) def save_to_file(): if os.path.isfile(g_out_file): get_confirmation(f"File {g_out_file} exist. Overwrite it?") vault_list_keys('') t_str = json.dumps(g_secrets, indent=4) with open(g_out_file, 'w') as f: print(t_str, file=f) print(f"File {g_out_file} has created.") def migrate(): vault_list_keys('') print(json.dumps({**{}, **g_secrets}, indent=2)) get_confirmation("Need your confirmation to create this secrets in Lockbox service. Continue?") yandex_prepare_secrets_from_var() def create_secrets(): if os.path.isfile(g_input_file): get_confirmation( f"Need your confirmation to create secrets from file {g_input_file} in Lockbox service. Continue?") yandex_prepare_secrets_from_file() else: print(f"File {g_input_file} is not exist.") def print_help(): print("Script to migrate secrets from Hashicorp Vault to Yandex Cloud Lockbox service") print("Command line arguments:") print("-h : this help") print("-l or --list : dump Vault secrets to screen") print("-o or --outFile [FILENAME] : save Vault secrets to file [file name by default - secrets.json]") print("-m or --migrate : migrate all secrets from Vault to Lockbox") print("-c or --createFrom [FILENAME] : create secrets in Lockbox from file [file name by default - secrets.json]") print("-d or --deleteAll : delete all secrets in Lockbox") def load_config(): global g_vault_token global g_vault_url global g_vault_root_path global g_vault_kv_version global g_vault_verify_ssl global g_yandex_token global g_yandex_folder_id global g_yandex_url global g_out_file global g_input_file load_dotenv() exit_flag = False # print(json.dumps({**{}, **os.environ}, indent=2)) g_vault_token = os.environ.get("VAULT_TOKEN", "") if len(g_vault_token) == 0: print("Error. Set VAULT_TOKEN environment variable. For example, export VAULT_TOKEN=$(vault token create).") exit_flag = True g_vault_url = os.environ.get("VAULT_URL", "") if len(g_vault_url) == 0: print("Error. Set VAULT_URL environment variable. For example, export VAULT_URL=https://localhost:8201") exit_flag = True g_vault_root_path = os.environ.get("VAULT_ROOT_PATH", "") if len(g_vault_root_path) == 0: print("Error. Set VAULT_ROOT_PATH environment variable. For example, export VAULT_ROOT_PATH=secret") exit_flag = True g_yandex_token = os.environ.get("YC_TOKEN", "") if len(g_yandex_token) == 0: print("Error. Set YC_TOKEN environment variable. For example, export YC_TOKEN=$(yc iam create-token).") exit_flag = True g_yandex_folder_id = os.environ.get("YANDEX_FOLDER_ID", "") if len(g_yandex_folder_id) == 0: print("Error. Set YANDEX_FOLDER_ID environment variable. For example, export YANDEX_FOLDER_ID=123456789") exit_flag = True g_yandex_url = os.environ.get("YANDEX_URL", "https://lockbox.api.cloud.yandex.net/lockbox/v1/secrets") g_out_file = os.environ.get("OUT_FILE", "secrets.json") g_input_file = os.environ.get("INPUT_FILE", "secrets.json") try: g_vault_kv_version = int(os.environ.get("VAULT_KV_VERSION", "2")) if not (g_vault_kv_version == 1 or g_vault_kv_version == 2): print(f"Possible values of VAULT_KV_VERSION must be 1 or 2") exit_flag = True except Exception as err: print(f"Possible values of VAULT_KV_VERSION must be 1 or 2") exit_flag = True test_string = os.environ.get("VAULT_VERIFY_SSL", False) if test_string == "False": g_vault_verify_ssl = False elif test_string == "True": g_vault_verify_ssl = True else: print(f"Possible values of VAULT_VERIFY_SSL must be True or False") exit_flag = True if exit_flag: sys.exit(1) if __name__ == '__main__': if len(sys.argv) == 1: print_help() sys.exit(1) try: opts, args = getopt.getopt(sys.argv[1:], "hlomcd", ["help", "list", "outFile", "migrate", "createFrom", "deleteAll"]) except getopt.GetoptError: print_help() sys.exit(2) if len(opts) > 1: print("Specify only one command line argument.") sys.exit(0) for opt, arg in opts: if opt in ("-h", "--help"): print_help() sys.exit() elif opt in ("-l", "--list"): load_config() dump_to_screen() elif opt in ("-o", "--outFile"): load_config() if len(sys.argv) > 2: g_out_file = sys.argv[2] save_to_file() elif opt in ("-m", "--migrate"): load_config() migrate() elif opt in ("-c", "--createFrom"): load_config() if len(sys.argv) > 2: g_input_file = sys.argv[2] create_secrets() elif opt in ("-d", "--deleteAll"): load_config() yandex_delete_all_secrets() else: print_help() sys.exit() ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/README.md ================================================ # Example of setting up role-based models and policies in Yandex Managed Service for Kubernetes® # A detailed analysis in the video [![image](https://user-images.githubusercontent.com/85429798/130356018-0840545a-da13-4faa-b15d-2858e3a9e369.png)](https://www.youtube.com/watch?v=ot6I_wmkLr4&t=1597s) # A stand for a practice webinar on Kubernetes The video from the stand will be available when published on YouTube. The stand lets you to independently set up everything that was demonstrated at the webinar, for example: - A role-based management model for different container environments. - Pod launch policies in the created cluster. ## Prerequisites: - Bash. - Terraform. - jq. - [YC CLI](https://cloud.yandex.ru/docs/cli/operations/install-cli) initiated in the default profile for your user (they must be an admin or editor at the cloud level). - Two test folders, you'll need their IDs below. - Helm v3. ## Preparing the environment The stand will include two folders and two users: devops and developer. Write down IDs of the folders for our task: ``` export STAGING_FOLDER_ID= export PROD_FOLDER_ID= ``` Create service accounts that will emulate users: ``` $ yc iam service-account create --name devops-user1 --folder-id=$STAGING_FOLDER_ID $ yc iam service-account create --name developer-user1 --folder-id=$STAGING_FOLDER_ID ``` Create two profiles for the CLI, one profile will emulate a devops user, the other one, a developer: ``` $ yc iam key create --service-account-name devops-user1 --folder-id=$STAGING_FOLDER_ID --output devops.json $ yc iam key create --service-account-name developer-user1 --folder-id=$STAGING_FOLDER_ID --output developer.json $ yc config profile create demo-devops-user1 $ yc config set service-account-key devops.json $ yc config profile create demo-developer-user1 $ yc config set service-account-key developer.json ``` Check that no one has any roles in the folders for the task: ``` $ yc resource-manager folder list-access-bindings --id=$STAGING_FOLDER_ID --profile=default +---------+--------------+------------+ | ROLE ID | SUBJECT TYPE | SUBJECT ID | +---------+--------------+------------+ +---------+--------------+------------+ $ yc resource-manager folder list-access-bindings --id=$PROD_FOLDER_ID --profile=default +---------+--------------+------------+ | ROLE ID | SUBJECT TYPE | SUBJECT ID | +---------+--------------+------------+ +---------+--------------+------------+ ``` Move on to the lab task. #### Part one: Setting up role-based access ``` $ cd ./terraform/iam ``` Look at the readme file [for this section](./terraform/iam/). #### Part two: Setting up policies (Part 1 is a prerequisite) ``` $ cd ./kubernetes/ ``` Look at the readme [for this section](./kubernetes/). #### Part three: delete the stand ``` $ cd ./end ``` Look at the readme [for this section](./end/). ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/README_RU.md ================================================ # Пример настройки ролевых моделей и политик в Managed Service for Kubernetes® # Подробный разбор на видео [![image](https://user-images.githubusercontent.com/85429798/130356018-0840545a-da13-4faa-b15d-2858e3a9e369.png)](https://www.youtube.com/watch?v=ot6I_wmkLr4&t=1597s) # Стенд для для практического вебинара по Kubernetes Видео стенда будет доступно после публикации на Youtube Стенд позволяет самостоятельно настроить все, что было показано в вебинаре. В частности 1) Ролевую модель управления к разным контейнерным средам 2) Политики запуска подов в созданном кластере ## Пререквизиты - bash - terraform - jq - [cli](https://cloud.yandex.ru/docs/cli/operations/install-cli), инициированный в профиле default а вашего пользователя( он должен быть admin или editor на уровне облака) - Два тестовых фолдера. Их ID понадобятся ниже - helm v3 ## Подготовка окружения Стенд будет состоять из двух фолдеров и двух пользователей devops и developer. Запишем ID фолдеров для нашей задач ``` export STAGING_FOLDER_ID= export PROD_FOLDER_ID= ``` Создадим сервисные аккаунты, которые будут эмулировать пользователей ``` $ yc iam service-account create --name devops-user1 --folder-id=$STAGING_FOLDER_ID $ yc iam service-account create --name developer-user1 --folder-id=$STAGING_FOLDER_ID ``` Создадим два профиля для cli, один профиль будет эмулировать пользователя devops, второй developer ``` $ yc iam key create --service-account-name devops-user1 --folder-id=$STAGING_FOLDER_ID --output devops.json $ yc iam key create --service-account-name developer-user1 --folder-id=$STAGING_FOLDER_ID --output developer.json $ yc config profile create demo-devops-user1 $ yc config set service-account-key devops.json $ yc config profile create demo-developer-user1 $ yc config set service-account-key developer.json ``` Проверим что в фолдерах для задания ни у кого пока нет никаких ролей ``` $ yc resource-manager folder list-access-bindings --id=$STAGING_FOLDER_ID --profile=default +---------+--------------+------------+ | ROLE ID | SUBJECT TYPE | SUBJECT ID | +---------+--------------+------------+ +---------+--------------+------------+ $ yc resource-manager folder list-access-bindings --id=$PROD_FOLDER_ID --profile=default +---------+--------------+------------+ | ROLE ID | SUBJECT TYPE | SUBJECT ID | +---------+--------------+------------+ +---------+--------------+------------+ ``` Переходим к лабе #### Часть первая - настройка ролевого доступа ``` $ cd ./terraform/iam ``` И изучаем readme [данного раздела](./terraform/iam/) #### Часть вторая - настройка политик ( Требует чтобы вы прошли часть 1 , или ранее созданного кластера kubernetes ) ``` $ cd ./kubernetes/ ``` И изучаем readme [данного раздела](./kubernetes/) #### Часть третья удаляем стенд ``` $ cd ./end ``` И изучаем readme [данного раздела](./end/) ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/end/README.md ================================================ # Удаление стенда Аутентифицируемся от имени профиля default в terraform и yc: ``` export YC_TOKEN=$(yc iam create-token --profile default) ``` Удалим кластер Kubernetes: ``` $ cd ../terraform/staging/ $ terraform destroy ``` Удалим роли: ``` $ cd ../iam terraform destroy ``` Удалим сервисные аккаунты: ``` $ yc iam service-account delete --name devops-user1 --folder-id=$STAGING_FOLDER_ID --profile default $ yc iam service-account delete --name developer-user1 --folder-id=$STAGING_FOLDER_ID --profile default ``` ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/README.md ================================================ # Управление политиками ## Подготовим окружение Для начала рекомендуется изучить [статью](https://labs.bishopfox.com/tech-blog/bad-pods-kubernetes-pod-privilege-escalation) в которой описаны возможные способы экплуатировать кластер с подами, в которых повышены привилегии. От таких подов мы и будем защищатся. Сначала попробуем создать такие поды в дефолтном кластере. В директории ./bad-pods есть поды и деплойменты с привилегиями из статьи ``` $ yc managed-kubernetes cluster get-credentials --id $(terraform output -json | jq -r .cluster_id.value) --context-name devops --external --profile=demo-devops-user1 --force $ kubectl apply -f ./bad-pods/pods ``` И убедимся что все успешно создалось. ``` nrkk-osx:staging nrkk$ kubectl get po NAME READY STATUS RESTARTS AGE everything-allowed-exec-pod 1/1 Running 0 8s hostipc-exec-pod 1/1 Running 0 8s hostnetwork-exec-pod 1/1 Running 0 8s hostpath-exec-pod 1/1 Running 0 8s hostpid-exec-pod 1/1 Running 0 8s nothing-allowed-exec-pod 1/1 Running 0 8s priv-and-hostpid-exec-pod 1/1 Running 0 8s priv-exec-pod 1/1 Running 0 8s ``` Удалим поды: ``` $ kubectl delete -f ./bad-pods/pods ``` # Установим pod security policies от kyverno Установим kyverno с набором политик default , который будет блокировать нам плохие поды. ``` helm repo add kyverno https://kyverno.github.io/kyverno/ helm repo update helm install kyverno kyverno/kyverno --namespace kyverno --create-namespace --set validationFailureAction=enforce kubectl apply -f ./bad-pods/pods ``` Посмотрим на созданные политики. Политики из профиля default доступны [в директории kyverno-policies](./kyverno-policies/) ``` $ kubectl get clusterpolicies.kyverno.io NAME BACKGROUND ACTION disallow-add-capabilities true enforce disallow-host-namespaces true enforce disallow-host-path true enforce disallow-host-ports true enforce disallow-privileged-containers true enforce disallow-selinux true enforce require-default-proc-mount true enforce restrict-apparmor-profiles true enforce restrict-sysctls true enforce ``` Увидим что создался только *nothing-allowed-exec-pod*, а остальное поличло ошибки ``` $ kubectl apply -f ./bad-pods/pods ``` ``` Error from server: error when creating "../../kubernetes/bad-pods/pods everything-allowed-exec-pod.yaml": admission webhook "validate.kyverno.svc" denied the request: resource Pod/default/everything-allowed-exec-pod was blocked due to the following policies disallow-host-namespaces: host-namespaces: 'validation error: Sharing the host namespaces is disallowed. The fields spec.hostNetwork, spec.hostIPC, and spec.hostPID must not be set to true. Rule host-namespaces failed at path /spec/hostIPC/' disallow-host-path: host-path: 'validation error: HostPath volumes are forbidden. The fields spec.volumes[*].hostPath must not be set. Rule host-path failed at path /spec/volumes/0/hostPath/' disallow-privileged-containers: priviledged-containers: 'validation error: Privileged mode is disallowed. The fields spec.containers[*].securityContext.privileged and spec.initContainers[*].securityContext.privileged must not be set to true. Rule priviledged-containers failed at path /spec/containers/0/securityContext/privileged/' Error from server: error when creating "../../kubernetes/bad-pods/hostipc-exec-pod.yaml": admission webhook "validate.kyverno.svc" denied the request: resource Pod/default/hostipc-exec-pod was blocked due to the following policies disallow-host-namespaces: host-namespaces: 'validation error: Sharing the host namespaces is disallowed. The fields spec.hostNetwork, spec.hostIPC, and spec.hostPID must not be set to true. Rule host-namespaces failed at path /spec/hostIPC/' Error from server: error when creating "../../kubernetes/bad-pods/hostnetwork-exec-pod.yaml": admission webhook "validate.kyverno.svc" denied the request: resource Pod/default/hostnetwork-exec-pod was blocked due to the following policies disallow-host-namespaces: host-namespaces: 'validation error: Sharing the host namespaces is disallowed. The fields spec.hostNetwork, spec.hostIPC, and spec.hostPID must not be set to true. Rule host-namespaces failed at path /spec/hostNetwork/' Error from server: error when creating "../../kubernetes/bad-pods/hostpath-exec-pod.yaml": admission webhook "validate.kyverno.svc" denied the request: resource Pod/default/hostpath-exec-pod was blocked due to the following policies disallow-host-path: host-path: 'validation error: HostPath volumes are forbidden. The fields spec.volumes[*].hostPath must not be set. Rule host-path failed at path /spec/volumes/0/hostPath/' Error from server: error when creating "../../kubernetes/bad-pods/hostpid-exec-pod.yaml": admission webhook "validate.kyverno.svc" denied the request: resource Pod/default/hostpid-exec-pod was blocked due to the following policies disallow-host-namespaces: host-namespaces: 'validation error: Sharing the host namespaces is disallowed. The fields spec.hostNetwork, spec.hostIPC, and spec.hostPID must not be set to true. Rule host-namespaces failed at path /spec/hostPID/' Error from server: error when creating "../../kubernetes/bad-pods/priv-and-hostpid-exec-pod.yaml": admission webhook "validate.kyverno.svc" denied the request: resource Pod/default/priv-and-hostpid-exec-pod was blocked due to the following policies disallow-host-namespaces: host-namespaces: 'validation error: Sharing the host namespaces is disallowed. The fields spec.hostNetwork, spec.hostIPC, and spec.hostPID must not be set to true. Rule host-namespaces failed at path /spec/hostPID/' disallow-privileged-containers: priviledged-containers: 'validation error: Privileged mode is disallowed. The fields spec.containers[*].securityContext.privileged and spec.initContainers[*].securityContext.privileged must not be set to true. Rule priviledged-containers failed at path /spec/containers/0/securityContext/privileged/' Error from server: error when creating "../../kubernetes/bad-pods/priv-exec-pod.yaml": admission webhook "validate.kyverno.svc" denied the request: resource Pod/default/priv-exec-pod was blocked due to the following policies disallow-privileged-containers: priviledged-containers: 'validation error: Privileged mode is disallowed. The fields spec.containers[*].securityContext.privileged and spec.initContainers[*].securityContext.privileged must not be set to true. Rule priviledged-containers failed at path /spec/containers/0/securityContext/privileged/' ``` Создадим еще деплойменты , чтобы увидеть как тут работают политики. ``` $ kubectl apply -f ./bad-pods/deployments/ ``` Деплойменты создались, а вот поды в них не создались. Потому что при попытке создать под, деплоймент получает такую же ошибку, какую получили бы мы создав под напрямую. Детально ошибку можно увидеть сделать kubectl describe ``` nrkk-osx:staging nrkk$ kubectl get deploy NAME READY UP-TO-DATE AVAILABLE AGE everything-allowed-exec-deployment 0/2 0 0 29s hostipc-exec-deployment 0/2 0 0 29s hostnetwork-exec-deployment 0/2 0 0 29s hostpath-exec-deployment 0/2 0 0 28s hostpid-exec-deployment 0/2 0 0 28s nothing-allowed-exec-deployment 2/2 2 2 28s priv-and-hostpid-exec-deployment 0/2 0 0 28s priv-exec-deployment 0/2 0 0 27s ``` Удалим kyverno: ``` $ kubectl delete -f ./bad-pods/deployments/ $ kubectl delete -f ./bad-pods/pods/ $ helm delete kyverno --namespace kyverno ``` ## Open Policy Agent Gatekeeper Установим OPA Gatekeeper: ``` $ helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts $ helm repo update $ helm install gatekeeper gatekeeper/gatekeeper --namespace gatekeeper --create-namespace ``` Так библиотеку шаблонов политик, доступных в gatekeper. При помощи kustomize установим все шаблоны в кластер: ``` $ curl -s "https://raw.githubusercontent.com/\ kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash # проверьте тут что kustomize просто положит бинарный файл в текущую директорию $ ./kustomize build https://github.com/open-policy-agent/gatekeeper-library/library | kubectl apply -f - ``` Применим политики gatekeeper для защиты от bad pods. ``` $ kubectl apply -f ./gatekeeper-policies/ ``` Проверим что у кластере есть 1) Шаблоны политик ``` $ kubectl get constrainttemplates NAME AGE k8sallowedrepos 20h k8sblocknodeport 20h k8scontainerlimits 20h k8shttpsonly 20h k8simagedigests 20h k8spspallowedusers 20h k8spspallowprivilegeescalationcontainer 20h k8spspapparmor 20h k8spspcapabilities 20h k8spspflexvolumes 20h k8spspforbiddensysctls 20h k8spspfsgroup 20h k8spsphostfilesystem 20h k8spsphostnamespace 20h k8spsphostnetworkingports 20h k8spspprivilegedcontainer 20h k8spspprocmount 20h k8spspreadonlyrootfilesystem 20h k8spspseccomp 20h k8spspselinuxv2 20h k8spspvolumetypes 20h k8srequiredlabels 20h k8srequiredprobes 20h k8suniqueingresshost 20h k8suniqueserviceselector 20h ``` 2) Сами политки ``` $ kubectl get constraints NAME AGE k8spsphostfilesystem.constraints.gatekeeper.sh/psp-host-filesystem 20h NAME AGE k8spspprivilegedcontainer.constraints.gatekeeper.sh/psp-privileged-container 20h NAME AGE k8spspforbiddensysctls.constraints.gatekeeper.sh/psp-forbidden-sysctls 20h NAME AGE k8spsphostnetworkingports.constraints.gatekeeper.sh/psp-host-network-ports 20h NAME AGE k8spsphostnamespace.constraints.gatekeeper.sh/psp-host-namespace 20h NAME AGE k8spspprocmount.constraints.gatekeeper.sh/psp-proc-mount 20h ``` Создадим плохие поды ``` $ kubectl apply -f ./bad-pods/pods ``` ``` pod/nothing-allowed-exec-pod unchanged Error from server ([denied by psp-host-namespace] Sharing the host namespace is not allowed: everything-allowed-exec-pod [denied by psp-host-network-ports] The specified hostNetwork and hostPort are not allowed, pod: everything-allowed-exec-pod. Allowed values: {"hostNetwork": false} [denied by psp-privileged-container] Privileged container is not allowed: everything-allowed-pod, securityContext: {"privileged": true} [denied by psp-host-filesystem] HostPath volume {"hostPath": {"path": "/", "type": ""}, "name": "noderoot"} is not allowed, pod: everything-allowed-exec-pod. Allowed path: [{"pathPrefix": "/foo", "readOnly": true}]): error when creating "../../kubernetes/bad-pods/everything-allowed-exec-pod.yaml": admission webhook "validation.gatekeeper.sh" denied the request: [denied by psp-host-namespace] Sharing the host namespace is not allowed: everything-allowed-exec-pod [denied by psp-host-network-ports] The specified hostNetwork and hostPort are not allowed, pod: everything-allowed-exec-pod. Allowed values: {"hostNetwork": false} [denied by psp-privileged-container] Privileged container is not allowed: everything-allowed-pod, securityContext: {"privileged": true} [denied by psp-host-filesystem] HostPath volume {"hostPath": {"path": "/", "type": ""}, "name": "noderoot"} is not allowed, pod: everything-allowed-exec-pod. Allowed path: [{"pathPrefix": "/foo", "readOnly": true}] Error from server ([denied by psp-host-namespace] Sharing the host namespace is not allowed: hostipc-exec-pod): error when creating "../../kubernetes/bad-pods/hostipc-exec-pod.yaml": admission webhook "validation.gatekeeper.sh" denied the request: [denied by psp-host-namespace] Sharing the host namespace is not allowed: hostipc-exec-pod Error from server ([denied by psp-host-network-ports] The specified hostNetwork and hostPort are not allowed, pod: hostnetwork-exec-pod. Allowed values: {"hostNetwork": false}): error when creating "../../kubernetes/bad-pods/hostnetwork-exec-pod.yaml": admission webhook "validation.gatekeeper.sh" denied the request: [denied by psp-host-network-ports] The specified hostNetwork and hostPort are not allowed, pod: hostnetwork-exec-pod. Allowed values: {"hostNetwork": false} Error from server ([denied by psp-host-filesystem] HostPath volume {"hostPath": {"path": "/", "type": ""}, "name": "noderoot"} is not allowed, pod: hostpath-exec-pod. Allowed path: [{"pathPrefix": "/foo", "readOnly": true}]): error when creating "../../kubernetes/bad-pods/hostpath-exec-pod.yaml": admission webhook "validation.gatekeeper.sh" denied the request: [denied by psp-host-filesystem] HostPath volume {"hostPath": {"path": "/", "type": ""}, "name": "noderoot"} is not allowed, pod: hostpath-exec-pod. Allowed path: [{"pathPrefix": "/foo", "readOnly": true}] Error from server ([denied by psp-host-namespace] Sharing the host namespace is not allowed: hostpid-exec-pod): error when creating "../../kubernetes/bad-pods/hostpid-exec-pod.yaml": admission webhook "validation.gatekeeper.sh" denied the request: [denied by psp-host-namespace] Sharing the host namespace is not allowed: hostpid-exec-pod Error from server ([denied by psp-host-namespace] Sharing the host namespace is not allowed: priv-and-hostpid-exec-pod [denied by psp-privileged-container] Privileged container is not allowed: priv-and-hostpid-pod, securityContext: {"privileged": true}): error when creating "../../kubernetes/bad-pods/priv-and-hostpid-exec-pod.yaml": admission webhook "validation.gatekeeper.sh" denied the request: [denied by psp-host-namespace] Sharing the host namespace is not allowed: priv-and-hostpid-exec-pod [denied by psp-privileged-container] Privileged container is not allowed: priv-and-hostpid-pod, securityContext: {"privileged": true} Error from server ([denied by psp-privileged-container] Privileged container is not allowed: priv-pod, securityContext: {"privileged": true}): error when creating "../../kubernetes/bad-pods/priv-exec-pod.yaml": admission webhook "validation.gatekeeper.sh" denied the request: [denied by psp-privileged-container] Privileged container is not allowed: priv-pod, securityContext: {"privileged": true} ``` Попробуем создать еще деплойменты чтобы убедится что все работает идентично ``` kubectl apply -f ./bad-pods/deployments/ nrkk-osx:staging nrkk$ kubectl get deploy NAME READY UP-TO-DATE AVAILABLE AGE everything-allowed-exec-deployment 0/2 0 0 21s hostipc-exec-deployment 0/2 0 0 20s hostnetwork-exec-deployment 0/2 0 0 20s hostpath-exec-deployment 0/2 0 0 20s hostpid-exec-deployment 0/2 0 0 20s nothing-allowed-exec-deployment 2/2 2 2 20s priv-and-hostpid-exec-deployment 0/2 0 0 20s priv-exec-deployment 0/2 0 0 20s ``` Удалим Gatekeeper ``` helm delete gatekeeper --namespace gatekeeper ``` ## Завершение Нам очень интересно ваше мнение про политики в k8s! [Ответьте, пожалуйста, на 3 вопроса тут](https://forms.yandex.ru/surveys/10027668.e6a191377042f39a03227983e4b6a247b0df8421/) Для завершение стенда перейдите в раздел ../end ``` cd ../end ``` И далее в раздел [Удаление стенда](../end) ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/bad-pods/deployments/everything-allowed-exec-deployment.yaml ================================================ apiVersion: apps/v1 kind: Deployment metadata: name: everything-allowed-exec-deployment labels: app: pentest type: deployment spec: replicas: 2 selector: matchLabels: app: pentest type: deployment template: metadata: labels: app: pentest type: deployment spec: hostNetwork: true hostPID: true hostIPC: true containers: - name: everything-allowed-exec-deployment image: ubuntu securityContext: privileged: true volumeMounts: - mountPath: /host name: noderoot command: [ "/bin/sh", "-c", "--" ] args: [ "while true; do sleep 30; done;" ] #nodeName: k8s-control-plane-node # Force your pod to run on the control-plane node by uncommenting this line and changing to a control-plane node name volumes: - name: noderoot hostPath: path: / ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/bad-pods/deployments/hostipc-exec-deployment.yaml ================================================ apiVersion: apps/v1 kind: Deployment metadata: name: hostipc-exec-deployment labels: app: pentest type: deployment spec: replicas: 2 selector: matchLabels: app: pentest type: deployment template: metadata: labels: app: pentest type: deployment spec: hostIPC: true containers: - name: hostipc-exec-deployment image: ubuntu command: [ "/bin/sh", "-c", "--" ] args: [ "while true; do sleep 30; done;" ] #nodeName: k8s-control-plane-node # Force your pod to run on the control-plane node by uncommenting this line and changing to a control-plane node name ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/bad-pods/deployments/hostnetwork-exec-deployment.yaml ================================================ apiVersion: apps/v1 kind: Deployment metadata: name: hostnetwork-exec-deployment labels: app: pentest type: deployment spec: replicas: 2 selector: matchLabels: app: pentest type: deployment template: metadata: labels: app: pentest type: deployment spec: hostNetwork: true containers: - name: hostnetwork-exec-deployment image: ubuntu command: [ "/bin/sh", "-c", "--" ] args: [ "while true; do sleep 30; done;" ] #nodeName: k8s-control-plane-node # Force your pod to run on the control-plane node by uncommenting this line and changing to a control-plane node name ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/bad-pods/deployments/hostpath-exec-deployment.yaml ================================================ apiVersion: apps/v1 kind: Deployment metadata: name: hostpath-exec-deployment labels: app: pentest type: deployment spec: replicas: 2 selector: matchLabels: app: pentest type: deployment template: metadata: labels: app: pentest type: deployment spec: containers: - name: hostpath-exec-deployment image: ubuntu volumeMounts: - mountPath: /host name: noderoot command: [ "/bin/sh", "-c", "--" ] args: [ "while true; do sleep 30; done;" ] #nodeName: k8s-control-plane-node # Force your pod to run on the control-plane node by uncommenting this line and changing to a control-plane node name volumes: - name: noderoot hostPath: path: / ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/bad-pods/deployments/hostpid-exec-deployment.yaml ================================================ apiVersion: apps/v1 kind: Deployment metadata: name: hostpid-exec-deployment labels: app: pentest type: deployment spec: replicas: 2 selector: matchLabels: app: pentest type: deployment template: metadata: labels: app: pentest type: deployment spec: hostPID: true containers: - name: hostpid-exec-deployment image: ubuntu command: [ "/bin/sh", "-c", "--" ] args: [ "while true; do sleep 30; done;" ] #nodeName: k8s-control-plane-node # Force your pod to run on the control-plane node by uncommenting this line and changing to a control-plane node name ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/bad-pods/deployments/nothing-allowed-exec-deployment.yaml ================================================ apiVersion: apps/v1 kind: Deployment metadata: name: nothing-allowed-exec-deployment labels: app: pentest type: deployment spec: replicas: 2 selector: matchLabels: app: pentest type: deployment template: metadata: labels: app: pentest type: deployment spec: containers: - name: nothing-allowed-exec-deployment image: ubuntu command: [ "/bin/sh", "-c", "--" ] args: [ "while true; do sleep 30; done;" ] #nodeName: k8s-control-plane-node # Force your pod to run on the control-plane node by uncommenting this line and changing to a control-plane node name ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/bad-pods/deployments/priv-and-hostpid-exec-deployment.yaml ================================================ apiVersion: apps/v1 kind: Deployment metadata: name: priv-and-hostpid-exec-deployment labels: app: pentest type: deployment spec: replicas: 2 selector: matchLabels: app: pentest type: deployment template: metadata: labels: app: pentest type: deployment spec: hostPID: true containers: - name: priv-and-hostpid-exec-deployment image: ubuntu tty: true securityContext: privileged: true command: [ "nsenter", "--target", "1", "--mount", "--uts", "--ipc", "--net", "--pid", "--", "bash" ] #nodeName: k8s-control-plane-node # Force your pod to run on the control-plane node by uncommenting this line and changing to a control-plane node name ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/bad-pods/deployments/priv-exec-deployment.yaml ================================================ apiVersion: apps/v1 kind: Deployment metadata: name: priv-exec-deployment labels: app: pentest type: deployment spec: replicas: 2 selector: matchLabels: app: pentest type: deployment template: metadata: labels: app: pentest type: deployment spec: containers: - name: priv-exec-deployment image: ubuntu securityContext: privileged: true command: [ "/bin/sh", "-c", "--" ] args: [ "while true; do sleep 30; done;" ] #nodeName: k8s-control-plane-node # Force your pod to run on the control-plane node by uncommenting this line and changing to a control-plane node name ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/bad-pods/pods/everything-allowed-exec-pod.yaml ================================================ apiVersion: v1 kind: Pod metadata: name: everything-allowed-exec-pod labels: app: pentest spec: hostNetwork: true hostPID: true hostIPC: true containers: - name: everything-allowed-pod image: ubuntu securityContext: privileged: true volumeMounts: - mountPath: /host name: noderoot command: [ "/bin/sh", "-c", "--" ] args: [ "while true; do sleep 30; done;" ] #nodeName: k8s-control-plane-node # Force your pod to run on the control-plane node by uncommenting this line and changing to a control-plane node name volumes: - name: noderoot hostPath: path: / ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/bad-pods/pods/hostipc-exec-pod.yaml ================================================ apiVersion: v1 kind: Pod metadata: name: hostipc-exec-pod labels: app: pentest spec: hostIPC: true containers: - name: hostipc-pod image: ubuntu command: [ "/bin/sh", "-c", "--" ] args: [ "while true; do sleep 30; done;" ] #nodeName: k8s-control-plane-node # Force your pod to run on the control-plane node by uncommenting this line and changing to a control-plane node name ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/bad-pods/pods/hostnetwork-exec-pod.yaml ================================================ apiVersion: v1 kind: Pod metadata: name: hostnetwork-exec-pod labels: app: pentest spec: hostNetwork: true containers: - name: hostnetwork-pod image: ubuntu command: [ "/bin/sh", "-c", "--" ] args: [ "while true; do sleep 30; done;" ] #nodeName: k8s-control-plane-node # Force your pod to run on the control-plane node by uncommenting this line and changing to a control-plane node name ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/bad-pods/pods/hostpath-exec-pod.yaml ================================================ apiVersion: v1 kind: Pod metadata: name: hostpath-exec-pod labels: app: pentest spec: containers: - name: hostpath-exec-pod image: ubuntu volumeMounts: - mountPath: /host name: noderoot command: [ "/bin/sh", "-c", "--" ] args: [ "while true; do sleep 30; done;" ] #nodeName: k8s-control-plane-node # Force your pod to run on a control-plane node by uncommenting this line and changing to a control-plane node name volumes: - name: noderoot hostPath: path: / ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/bad-pods/pods/hostpid-exec-pod.yaml ================================================ apiVersion: v1 kind: Pod metadata: name: hostpid-exec-pod labels: app: pentest spec: hostPID: true containers: - name: hostpid-pod image: ubuntu command: [ "/bin/sh", "-c", "--" ] args: [ "while true; do sleep 30; done;" ] #nodeName: k8s-control-plane-node # Force your pod to run on the control-plane node by uncommenting this line and changing to a control-plane node name ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/bad-pods/pods/nothing-allowed-exec-pod.yaml ================================================ apiVersion: v1 kind: Pod metadata: name: nothing-allowed-exec-pod labels: app: pentest spec: containers: - name: nothing-allowed-pod image: ubuntu command: [ "/bin/sh", "-c", "--" ] args: [ "while true; do sleep 30; done;" ] #nodeName: k8s-control-plane-node # Force your pod to run on the control-plane node by uncommenting this line and changing to a control-plane node name ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/bad-pods/pods/priv-and-hostpid-exec-pod.yaml ================================================ apiVersion: v1 kind: Pod metadata: name: priv-and-hostpid-exec-pod labels: app: pentest spec: hostPID: true containers: - name: priv-and-hostpid-pod image: ubuntu tty: true securityContext: privileged: true command: [ "nsenter", "--target", "1", "--mount", "--uts", "--ipc", "--net", "--pid", "--", "bash" ] #nodeName: k8s-control-plane-node # Force your pod to run on the control-plane node by uncommenting this line and changing to a control-plane node name ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/bad-pods/pods/priv-exec-pod.yaml ================================================ apiVersion: v1 kind: Pod metadata: name: priv-exec-pod labels: app: pentest spec: containers: - name: priv-pod image: ubuntu securityContext: privileged: true command: [ "/bin/sh", "-c", "--" ] args: [ "while true; do sleep 30; done;" ] #nodeName: k8s-control-plane-node # Force your pod to run on the control-plane node by uncommenting this line and changing to a control-plane node name ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/gatekeeper-policies/disallow-host-namespaces.yaml ================================================ apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sPSPHostNamespace metadata: name: psp-host-namespace spec: match: kinds: - apiGroups: [""] kinds: ["Pod"] ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/gatekeeper-policies/disallow-host-network.yaml ================================================ apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sPSPHostNetworkingPorts metadata: name: psp-host-network-ports spec: match: kinds: - apiGroups: [""] kinds: ["Pod"] parameters: hostNetwork: false ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/gatekeeper-policies/disallow-privileged-containers.yaml ================================================ apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sPSPPrivilegedContainer metadata: name: psp-privileged-container spec: match: kinds: - apiGroups: [""] kinds: ["Pod"] excludedNamespaces: ["kube-system"] ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/gatekeeper-policies/disallow-proc-mount.yaml ================================================ apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sPSPProcMount metadata: name: psp-proc-mount spec: match: kinds: - apiGroups: [""] kinds: ["Pod"] parameters: procMount: Default ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/gatekeeper-policies/restrics-host-path.yaml ================================================ apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sPSPHostFilesystem metadata: name: psp-host-filesystem spec: match: kinds: - apiGroups: [""] kinds: ["Pod"] parameters: allowedHostPaths: - readOnly: true pathPrefix: "/foo" ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/gatekeeper-policies/restrict-sysctls.yaml ================================================ apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sPSPForbiddenSysctls metadata: name: psp-forbidden-sysctls spec: match: kinds: - apiGroups: [""] kinds: ["Pod"] parameters: forbiddenSysctls: # - "*" # * may be used to forbid all sysctls - kernel.* ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/kyverno-policies/disallow-adding-capabilities.yaml ================================================ apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: disallow-add-capabilities annotations: policies.kyverno.io/category: Pod Security Standards (Default) policies.kyverno.io/description: >- Capabilities permit privileged actions without giving full root access. Adding capabilities beyond the default set must not be allowed. spec: validationFailureAction: enforce background: true rules: - name: capabilities match: resources: kinds: - Pod validate: message: >- Adding of additional capabilities beyond the default set is not allowed. The fields spec.containers[*].securityContext.capabilities.add and spec.initContainers[*].securityContext.capabilities.add must be empty. pattern: spec: containers: - =(securityContext): =(capabilities): X(add): null =(initContainers): - =(securityContext): =(capabilities): X(add): null ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/kyverno-policies/disallow-host-namespaces.yaml ================================================ apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: disallow-host-namespaces annotations: policies.kyverno.io/category: Pod Security Standards (Default) policies.kyverno.io/description: >- Host namespaces (Process ID namespace, Inter-Process Communication namespace, and network namespace) allow access to shared information and can be used to elevate privileges. Pods should not be allowed access to host namespaces. spec: validationFailureAction: enforce background: true rules: - name: host-namespaces match: resources: kinds: - Pod validate: message: >- Sharing the host namespaces is disallowed. The fields spec.hostNetwork, spec.hostIPC, and spec.hostPID must not be set to true. pattern: spec: =(hostPID): "false" =(hostIPC): "false" =(hostNetwork): "false" ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/kyverno-policies/disallow-host-path.yaml ================================================ apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: disallow-host-path annotations: policies.kyverno.io/category: Pod Security Standards (Default) policies.kyverno.io/description: >- HostPath volumes let pods use host directories and volumes in containers. Using host resources can be used to access shared data or escalate privileges and should not be allowed. spec: validationFailureAction: enforce background: true rules: - name: host-path match: resources: kinds: - Pod validate: message: >- HostPath volumes are forbidden. The fields spec.volumes[*].hostPath must not be set. pattern: spec: =(volumes): - X(hostPath): "null" ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/kyverno-policies/disallow-host-ports.yaml ================================================ apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: disallow-host-ports annotations: policies.kyverno.io/category: Pod Security Standards (Default) policies.kyverno.io/description: >- Access to host ports allows potential snooping of network traffic and should not be allowed, or at minimum restricted to a known list. spec: validationFailureAction: enforce background: true rules: - name: host-ports match: resources: kinds: - Pod validate: message: >- Use of host ports is disallowed. The fields spec.containers[*].ports[*].hostPort and spec.initContainers[*].ports[*].hostPort must be empty. pattern: spec: =(initContainers): - =(ports): - X(hostPort): 0 containers: - =(ports): - X(hostPort): 0 ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/kyverno-policies/disallow-privileged-containers.yaml ================================================ apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: disallow-privileged-containers annotations: policies.kyverno.io/category: Pod Security Standards (Default) policies.kyverno.io/description: >- Privileged mode disables most security mechanisms and must not be allowed. spec: validationFailureAction: enforce background: true rules: - name: priviledged-containers match: resources: kinds: - Pod validate: message: >- Privileged mode is disallowed. The fields spec.containers[*].securityContext.privileged and spec.initContainers[*].securityContext.privileged must not be set to true. pattern: spec: =(initContainers): - =(securityContext): =(privileged): "false" containers: - =(securityContext): =(privileged): "false" ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/kyverno-policies/disallow-proc-mount.yaml ================================================ apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: require-default-proc-mount annotations: policies.kyverno.io/category: Pod Security Standards (Default) policies.kyverno.io/description: >- The default /proc masks are set up to reduce attack surface and should be required. spec: validationFailureAction: enforce background: true rules: - name: check-proc-mount match: resources: kinds: - Pod validate: message: >- Changing the proc mount from the default is not allowed. The fields spec.containers[*].securityContext.procMount and spec.initContainers[*].securityContext.procMount must not be changed from `Default`. pattern: spec: =(initContainers): - =(securityContext): =(procMount): "Default" containers: - =(securityContext): =(procMount): "Default" ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/kyverno-policies/disallow-selinux.yaml ================================================ apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: disallow-selinux annotations: policies.kyverno.io/title: Disallow SELinux policies.kyverno.io/category: Pod Security Standards (Default) policies.kyverno.io/description: >- SELinux options can be used to escalate privileges and should not be allowed. spec: validationFailureAction: enforce background: true rules: - name: seLinux match: resources: kinds: - Pod validate: message: >- Setting custom SELinux options is disallowed. The fields spec.securityContext.seLinuxOptions, spec.containers[*].securityContext.seLinuxOptions, and spec.initContainers[*].securityContext.seLinuxOptions must be empty. pattern: spec: =(securityContext): X(seLinuxOptions): "null" =(initContainers): - =(securityContext): X(seLinuxOptions): "null" containers: - =(securityContext): X(seLinuxOptions): "null" ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/kyverno-policies/restrict-apparmor-profiles.yaml ================================================ apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: restrict-apparmor-profiles annotations: policies.kyverno.io/title: Restrict AppArmor policies.kyverno.io/category: Pod Security Standards (Default) policies.kyverno.io/description: >- On supported hosts, the 'runtime/default' AppArmor profile is applied by default. The default policy should prevent overriding or disabling the policy, or restrict overrides to an allowed set of profiles. spec: validationFailureAction: enforce background: true rules: - name: app-armor match: resources: kinds: - Pod validate: message: >- Specifying other AppArmor profiles is disallowed. The annotation container.apparmor.security.beta.kubernetes.io must not be defined, or must not be set to anything other than `runtime/default`. pattern: metadata: =(annotations): =(container.apparmor.security.beta.kubernetes.io/*): "runtime/default" ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/kubernetes/kyverno-policies/restrict-sysctls.yaml ================================================ apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: restrict-sysctls annotations: policies.kyverno.io/category: Pod Security Standards (Default) policies.kyverno.io/description: >- Sysctls can disable security mechanisms or affect all containers on a host, and should be disallowed except for an allowed "safe" subset. A sysctl is considered safe if it is namespaced in the container or the Pod, and it is isolated from other Pods or processes on the same Node. spec: validationFailureAction: enforce background: true rules: - name: sysctls match: resources: kinds: - Pod validate: message: >- Setting additional sysctls above the allowed type is disallowed. The field spec.securityContext.sysctls must not use any other names than 'kernel.shm_rmid_forced', 'net.ipv4.ip_local_port_range', 'net.ipv4.tcp_syncookies' and 'net.ipv4.ping_group_range'. pattern: spec: =(securityContext): =(sysctls): - name: "kernel.shm_rmid_forced | net.ipv4.ip_local_port_range | net.ipv4.tcp_syncookies | net.ipv4.ping_group_range" value: "?*" ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/terraform/iam/.gitignore ================================================ devops.json developer.json ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/terraform/iam/README.md ================================================ # Настройка ролевого доступа - часть первая , настройка IAM Изучим main.tf файл текущего терраформ. В нем в разных модулях настраиваются роли для разных групп пользователей. Так как в API yandex.cloud групп пока нет, то сделаем группы самостоятельно с помощью terraform - запишем это в переменную user_group_mapping. Чтобы это сделать запустим команды ниже. ``` DEVOPS_USER_ID=$(yc iam service-account get --name=devops-user1 --folder-id=$STAGING_FOLDER_ID --profile=prod --format=json | jq -r .id | (echo -n serviceAccount: && cat)) DEVELOPER_USER_ID=$(yc iam service-account get --name=developer-user1 --folder-id=$STAGING_FOLDER_ID --profile=prod --format=json | jq -r .id | (echo -n serviceAccount: && cat)) cat > terraform.tfvars < ../staging/terraform.tfvars < ## Requirements | Name | Version | |------|---------| | terraform | >= 0.14 | | yandex | ~> 0.5 | ## Providers | Name | Version | |------|---------| | yandex | ~> 0.5 | ## Modules No Modules. ## Resources | Name | |------| | [yandex_client_config](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/data-sources/client_config) | | [yandex_iam_policy](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/data-sources/iam_policy) | | [yandex_iam_service_account](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/iam_service_account) | | [yandex_resourcemanager_cloud_iam_binding](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_cloud_iam_binding) | | [yandex_resourcemanager_cloud_iam_member](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_cloud_iam_member) | | [yandex_resourcemanager_folder_iam_member](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_folder_iam_member) | | [yandex_resourcemanager_folder_iam_policy](https://registry.terraform.io/providers/yandex-cloud/yandex/latest/docs/resources/resourcemanager_folder_iam_policy) | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | cloud\_binding\_authoritative | "Authoritative. Sets the IAM policy for the CLOUD and replaces any **existing** policy already attached.
If Authoritative = true : take roles from all objects in variable "cloud\_user\_role\_mapping" and make **unique** role as a new key of map with members" | `bool` | `false` | no | | cloud\_id | Cloud-ID where where need to add permissions. Mandatory variable for CLOUD, if omited default CLOUD\_ID will be used | `string` | `null` | no | | cloud\_user\_role\_mapping | Group of IAM User-IDs and it's permissions in CLOUD, where name = JOB Tille
### Example
#cloud\_user\_role\_mapping = [
{
name = "devops"
users = ["userAccount:idxxxxxx1", "federatedUser:idxxxxxx2"]
roles = ["editor", ]
},
{
name = "developers"
users = ["userAccount:idxxxxxx3"]
roles = ["viewer","k8s.editor",]
},
] | `any` | `[]` | no | | folder\_binding\_authoritative | Authoritative. Sets the IAM policy for the FOLDER and replaces any **existing** policy already attached. | `bool` | `false` | no | | folder\_id | Folder-ID where need to add permissions. Mandatory variable for FOLDER, if omited default FOLDER\_ID will be used | `string` | `null` | no | | folder\_user\_role\_mapping | Group of IAM User-IDs and it's permissions in FOLDER, where name = JOB Tille
### Example
#folder\_user\_role\_mapping = [
{
name = "devops"
users = ["userAccount:idxxxxxx1", "federatedUser:idxxxxxx2"]
roles = ["iam.serviceAccounts.user", "k8s.editor", "k8s.cluster-api.cluster-admin", "container-registry.admin"]
},
{
name = "developers"
users = ["userAccount:idxxxxxx3"]
roles = ["k8s.viewer",]
},
] | `any` | `[]` | no | | sa\_role\_mapping | List of SA and it's permissions
### Example
sa\_role\_mapping = [
{
name = "sa-cluster"
roles = ["editor",]
},
{
name = "sa-nodes"
roles = ["container-registry.images.puller",]
},
] | `any` | `[]` | no | ## Outputs | Name | Description | |------|-------------| | ids | List IDs of created service accounts | | names | List Names of created service accounts | | sa | Map with service accounts info , key = service account name | ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/terraform/modules/iam/main.tf ================================================ ### IAM ### Datasource data "yandex_client_config" "client" {} locals { folder_id = var.folder_user_role_mapping == [] && var.sa_role_mapping == [] ? data.yandex_client_config.client.folder_id : var.folder_id cloud_id = var.cloud_id == null ? data.yandex_client_config.client.cloud_id : var.cloud_id } ### SA resource "yandex_iam_service_account" "sa" { for_each = { for v in var.sa_role_mapping : v.name => v } name = each.key folder_id = local.folder_id } locals { folder_user_mappings = chunklist(flatten([for v in var.folder_user_role_mapping : setproduct(v.users, v.roles)]), 2) sa_role_mapping = { for v in var.sa_role_mapping : v.name => v } sa_mappings = chunklist(flatten([for k, v in yandex_iam_service_account.sa : setproduct([v.id], local.sa_role_mapping[v.name].roles)]), 2) } ###Folder Permissions #### Authoritative data "yandex_iam_policy" "bindings" { count = var.folder_binding_authoritative == false ? 0 : 1 dynamic "binding" { for_each = [for v in local.folder_user_mappings : { member = v[0], role = v[1] }] content { role = binding.value.role members = [binding.value.member, ] } } dynamic "binding" { for_each = [for v in local.sa_mappings : { member = v[0], role = v[1] }] content { role = binding.value.role members = ["serviceAccount:${binding.value.member}", ] } } } resource "yandex_resourcemanager_folder_iam_policy" "folder_bindings_policy" { count = var.folder_binding_authoritative == false ? 0 : 1 folder_id = local.folder_id policy_data = data.yandex_iam_policy.bindings[0].policy_data } ####Permissions NON-Authoritative resource "yandex_resourcemanager_folder_iam_member" "folder_sa_member" { count = var.folder_binding_authoritative == false ? length(local.sa_mappings) : 0 folder_id = local.folder_id member = "serviceAccount:${element(local.sa_mappings, count.index)[0]}" role = element(local.sa_mappings, count.index)[1] } resource "yandex_resourcemanager_folder_iam_member" "folder_user_member" { count = var.folder_binding_authoritative == false ? length(local.folder_user_mappings) : 0 folder_id = local.folder_id member = element(local.folder_user_mappings, count.index)[0] role = element(local.folder_user_mappings, count.index)[1] } ### Cloud Permissions locals { cloud_user_mappings = chunklist(flatten([for v in var.cloud_user_role_mapping : setproduct(v.users, v.roles)]), 2) } #### Authoritative resource "yandex_resourcemanager_cloud_iam_binding" "cloud_binding" { for_each = { for v in local.cloud_user_mappings : v[1] => v[0]... if var.cloud_binding_authoritative == true } cloud_id = local.cloud_id members = each.value role = each.key } #### NON-Authoritative resource "yandex_resourcemanager_cloud_iam_member" "cloud_member" { count = var.cloud_binding_authoritative == false ? length(local.cloud_user_mappings) : 0 cloud_id = local.cloud_id member = element(local.cloud_user_mappings, count.index)[0] role = element(local.cloud_user_mappings, count.index)[1] } ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/terraform/modules/iam/outputs.tf ================================================ output "ids" { description = "List IDs of created service accounts" value = [for v in yandex_iam_service_account.sa : v.id] } output "names" { description = "List Names of created service accounts" value = [for v in yandex_iam_service_account.sa : v.name] } output "sa" { description = "Map with service accounts info , key = service account name" value = { for v in yandex_iam_service_account.sa : v.name => v } } ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/terraform/modules/iam/variables.tf ================================================ variable "folder_id" { default = null type = string description = "Folder-ID where need to add permissions. Mandatory variable for FOLDER, if omited default FOLDER_ID will be used" } variable "folder_binding_authoritative" { type = bool default = false description = "Authoritative. Sets the IAM policy for the FOLDER and replaces any **existing** policy already attached." } variable "folder_user_role_mapping" { default = [] type = any description = <Внимание! если вы используете security группы, то в целях демо разрешите в default sg доступ на 443 порт. Это можно сделать таким способом. Если у нас в облаке нет security групп, то ничего делать не нужно. ``` yc vpc security-group update-rules --id $(terraform output -json | jq -r .default_sg_id.value) --add-rule "direction=ingress,port=443,protocol=tcp,v4-cidrs=[0.0.0.0/0]" --profile=default ``` Попробуем зайти в кластер от имени develoer ``` yc managed-kubernetes cluster get-credentials --id $(terraform output -json | jq -r .cluster_id.value) --context-name developer --external --profile=demo-developer-user1 --force ``` И повыполняем разные команды ``` nrkk-osx:staging nrkk$ kubectl get nodes # не можем листить ноды Error from server (Forbidden): nodes is forbidden: User "ajelrgfrac12re9quhkg" cannot list resource "nodes" in API group "" at the cluster scope nrkk-osx:staging nrkk$ kubectl get clusterrolebindings #не можем листить clusterrolebinding Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "ajelrgfrac12re9quhkg" cannot list resource "clusterrolebindings" in API group "rbac.authorization.k8s.io" at the cluster scope nrkk-osx:staging nrkk$ kubectl get ns # можем листить ns NAME STATUS AGE default Active 33m kube-node-lease Active 33m kube-public Active 33m kube-system Active 33m test Active 82s nrkk-osx:staging nrkk$ kubectl create ns developer-1 # но не можем создавать Error from server (Forbidden): namespaces is forbidden: User "ajelrgfrac12re9quhkg" cannot create resource "namespaces" in API group "" at the cluster scope ``` Переключимся на devops ``` yc managed-kubernetes cluster get-credentials --id $(terraform output -json | jq -r .cluster_id.value) --context-name devops --external --profile=demo-devops-user1 --force ``` Проверим доступы ``` $ kubectl get nodes # можем листить ноды NAME STATUS ROLES AGE VERSION cl1eehipr45b2siq89pc-imyq Ready 25m v1.18.9 cl1eehipr45b2siq89pc-ubor Ready 25m v1.18.9 cl1eehipr45b2siq89pc-upox Ready 25m v1.18.9 nrkk-osx:staging nrkk$ kubectl create ns developer-1 #можем создавать ns namespace/developer-1 created ``` Все получилось! Переходим к следующему этапу - [настройка политик](../../kubernetes/) ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/terraform/staging/outputs.tf ================================================ output "cluster_id" { value = yandex_kubernetes_cluster.staging_cluster.id } output "default_sg_id" { value = yandex_vpc_network.k8s_vpc.default_security_group_id } ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/terraform/staging/variables.tf ================================================ variable "public_key_path" { description = "Path to public key file" default = "~/.ssh/id_rsa.pub" } variable "zone" { description = "Yandex Cloud default Zone for provisoned resources" default = "ru-central1-a" } variable "folder_id" { } variable "yandex_subnet_range" { default = "10.10.0.0/24" } variable "k8s_version" { description = " Mk8s kubernetes version" default = "1.18" } variable "cluster_sa_id" { description = "id of cluster_sa" default = "" } variable "nodes_sa_id" { description = "id of nodes_sa" default = "" } ================================================ FILE: kubernetes-security/auth_and_access/role-model-example/terraform/staging/versions.tf ================================================ terraform { required_version = ">= 0.14" required_providers { yandex = { source = "yandex-cloud/yandex" version = "~> 0.5" } } } provider "yandex" { folder_id = var.folder_id } ================================================ FILE: kubernetes-security/cve-quickfix/CVE-2021-4034/CVE-2021-4034-fix-ds.yaml ================================================ --- apiVersion: v1 kind: Namespace metadata: name: cve-2021-4034-fix --- kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: deny-all namespace: cve-2021-4034-fix spec: podSelector: matchLabels: k8s-app: cve-2021-4034-fix policyTypes: - Ingress - Egress ingress: [] egress: [] --- apiVersion: "apps/v1" kind: DaemonSet metadata: name: cve-2021-4034-fix namespace: cve-2021-4034-fix labels: k8s-app: cve-2021-4034-fix version: 1v spec: selector: matchLabels: k8s-app: cve-2021-4034-fix template: metadata: labels: k8s-app: cve-2021-4034-fix spec: hostPID: true containers: - name: cve-2021-4034-fix image: cr.yandex/crpjfmfou6gflobbfvfv/ubuntu-openssl:stable command: - sh - -c - | while true; do kernel_value=$(stat -c %a /usr/bin/pkexec) if [ $kernel_value -ne 0755 ]; then echo "Fixing the permissions to /usr/bin/pkexec" chmod 0755 /usr/bin/pkexec else echo "Doing Nothing as perm to /usr/bin/pkexec is 0755" fi sleep 30 done imagePullPolicy: Always securityContext: privileged: true resources: limits: memory: 200Mi requests: cpu: 100m memory: 200Mi volumeMounts: - mountPath: /proc/ name: proc - name: sbin mountPath: /usr/sbin - name: bin mountPath: /usr/bin volumes: - name: proc hostPath: path: /proc/ type: Directory - name: sbin hostPath: path: /usr/sbin/ type: Directory - name: bin hostPath: path: /usr/bin/ type: Directory ================================================ FILE: kubernetes-security/cve-quickfix/CVE-2021-4034/Readme.md ================================================ # Демонсет для фикса уязвимости CVE-2021-4034 Про уязвимость можно почитать тут https://ubuntu.com/security/notices/USN-5252-1 ## Описание Демонсет будет выполнять следующее: 1. При помощи bash скрипта постояннo проверять права доступа к файлу /usr/bin/pkexec (наличие suid бита) 2. В случае, если права доступа отличаются от 0755 ( уязвимость вероятно есть ) то выставлять значение в 0755 ## Как запустить в общем случае Создаем демонсет (включает ns и network policy) ``` kubectl apply -f CVE-2021-4034-fix-ds.yaml ``` Далее можно мониторить состояние демонсета ( смотря логи) ``` kubectl logs cve-2021-4034-fix-445gz -n cve-2021-4034-fix (имена будут отличаться от примера) Fixing the permissions to /usr/bin/pkexec ``` # Что дальше Обновляйте группы узлов постоянно [согласно документации](https://cloud.yandex.ru/docs/managed-kubernetes/concepts/release-channels-and-updates)- следите за деталями появится на странице https://cloud.yandex.ru/docs/overview/security-bulletins/ ================================================ FILE: kubernetes-security/cve-quickfix/CVE-2022-0185/CVE-2022-0185-fix-ds.yaml ================================================ --- apiVersion: v1 kind: Namespace metadata: name: cve-2022-0185-fix --- kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: deny-all namespace: cve-2022-0185-fix spec: podSelector: matchLabels: k8s-app: cve-2022-0185-fix policyTypes: - Ingress - Egress ingress: [] egress: [] --- apiVersion: "apps/v1" kind: DaemonSet metadata: name: cve-2022-0185-fix namespace: cve-2022-0185-fix labels: k8s-app: cve-2022-0185-fix version: 1v spec: selector: matchLabels: k8s-app: cve-2022-0185-fix template: metadata: labels: k8s-app: cve-2022-0185-fix spec: hostPID: true containers: - name: cve-2022-0185-fix image: cr.yandex/crpjfmfou6gflobbfvfv/ubuntu-openssl:stable command: - sh - -c - | while true; do kernel_value=$(sysctl kernel.unprivileged_userns_clone | cut -f 3 -d ' ') if [ $kernel_value -ne 0 ]; then echo "Fixing the kernel" sysctl -w kernel.unprivileged_userns_clone=0 else echo "Doing Nothing as kernel is updated" fi sleep 30 done imagePullPolicy: Always securityContext: privileged: true resources: limits: memory: 200Mi requests: cpu: 100m memory: 200Mi volumeMounts: - mountPath: /proc/ name: proc - name: sbin mountPath: /usr/sbin volumes: - name: proc hostPath: path: /proc/ type: Directory - name: sbin hostPath: path: /usr/sbin/ type: Directory ================================================ FILE: kubernetes-security/cve-quickfix/CVE-2022-0185/Readme.md ================================================ # Демонсет для фикса уязвимости CVE-2022-0185 Про уязвимость можно почитать тут https://ubuntu.com/security/CVE-2022-0185 ## Описание Демонсет будет выполнять следующее: 1. При помощи bash скрипта постояннo проверять значение переменной ядра sysctl -w kernel.unprivileged_userns_clone 2. В случае, если значение переменной = 1 ( уязвимость есть ) то выставлять значение в 0 ## Как запустить в общем случае Создаем демонсет (включает ns и network policy) ``` kubectl apply -f CVE-2022-0185-fix-ds.yaml ``` Далее можно мониторить состояние демонсета ( смотря логи) ``` kubectl logs cve-2022-0185-fix-445gz -n cve-2022-0185-fix (имена будут отличаться от примера) Fixing the kernel kernel.unprivileged_userns_clone = 0 Doing Nothing as kernel is updated ``` # Что дальше Обновляйте группы узлов постоянно [согласно документации](https://cloud.yandex.ru/docs/managed-kubernetes/concepts/release-channels-and-updates)- следите за деталями появится на странице https://cloud.yandex.ru/docs/overview/security-bulletins/ ================================================ FILE: kubernetes-security/encrypt_and_keys/secret-management/README.md ================================================ # Secret Management with Secret Manager (Lockbox) ## Need in Secret Manager solutions ![image](https://user-images.githubusercontent.com/85429798/132330379-77969063-fa22-4cc7-ae94-917efb3c9a53.png) ## Secret Manager in Yandex.Cloud Yandex.Cloud supports two Secret Managers out-of-the-box: - [Yandex Lockbox](https://cloud.yandex.ru/docs/lockbox/) (embedded product). - [HashiCorp Vault with KMS support](https://cloud.yandex.ru/marketplace/products/f2eokige6vtlf94uvgs2) (from the marketplace). ## Description of Lockbox-to-K8s integration The official integration is carried out using the open-source External Secrets solution (https://github.com/external-secrets). ![image](https://user-images.githubusercontent.com/85429798/132330677-b33d54ba-8d6a-4897-b419-e46d2111c9ef.png) ![image](https://user-images.githubusercontent.com/85429798/132330706-933ff062-ce71-4263-b5f0-d6f08526ddd7.png) #### Setup instructions [Link to the official documentation](https://cloud.yandex.ru/docs/managed-kubernetes/solutions/kubernetes-lockbox-secrets) #### Use cases for access and object differentiation https://external-secrets.io/guides-multi-tenancy/ ## Instructions for integrating HashiCorp Vault with K8s https://learn.hashicorp.com/tutorials/vault/kubernetes-minikube?in=vault/kubernetes ================================================ FILE: kubernetes-security/encrypt_and_keys/secret-management/README_RU.md ================================================ # Управление секретами c SecretManager(Lockbox) ## Необходимость класса решения Secret Manager ![image](https://user-images.githubusercontent.com/85429798/132330379-77969063-fa22-4cc7-ae94-917efb3c9a53.png) ## Secret Manager в Yandex Cloud В облаке "из коробки"" возможно использовании 2-х вариантов Secret Manager: - [Yandex Lockbox](https://cloud.yandex.ru/docs/lockbox/)(встроенный продукт) - [HashiCorp Vault c поддержкой KMS](https://cloud.yandex.ru/marketplace/products/f2eokige6vtlf94uvgs2)(из marketplace) ## Описание интеграции Lockbox и k8s Оффициальная нтеграция выполнена с помощью открытого решения External Secrets (https://github.com/external-secrets) ![image](https://user-images.githubusercontent.com/85429798/132330677-b33d54ba-8d6a-4897-b419-e46d2111c9ef.png) ![image](https://user-images.githubusercontent.com/85429798/132330706-933ff062-ce71-4263-b5f0-d6f08526ddd7.png) #### Инструкция по настройке [Ссылка на официальную документацию](https://cloud.yandex.ru/docs/managed-kubernetes/solutions/kubernetes-lockbox-secrets) #### Сценарии разграничения доступов и объектов https://external-secrets.io/guides-multi-tenancy/ ## Инструкция по интеграции HashiCorp Vault с k8s https://learn.hashicorp.com/tutorials/vault/kubernetes-minikube?in=vault/kubernetes ================================================ FILE: kubernetes-security/kyverno-custom-policies/README.md ================================================ # Custom policy for Kyverno Набор Custom Policy - allow-actions-with-policys-only-silo-sa Разрешает работу с ClusterPolicy только сервисному аккаунту управления ИБ - deny-attach-by-pod-and-container Блокирует attach к контейнеру (позволяет выполнять команды) - mutate-securitycontext-seccomp Принудительно добавляет в каждый deployment/pod RuntimeDefault профиль seccomp (защищает от множества уязв) - restrict-image-registries Разрешает загрузку образов только из "cr.yandex/*" Будет пополняться ================================================ FILE: kubernetes-security/kyverno-custom-policies/allow-actions-with-policys-only-silo-sa.yaml ================================================ apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: allow-actions-with-policys-only-silo-sa annotations: policies.kyverno.io/title: allow-actions-with-policys-only-silo-sa policies.kyverno.io/severity: medium policies.kyverno.io/minversion: 1.3.0 policies.kyverno.io/description: >- Allow actions with clusterpolicy only for silo-sa spec: validationFailureAction: enforce background: false rules: - name: allow-actions-with-policys-only-silo-sa match: resources: kinds: - ClusterPolicy preconditions: any: - key: "{{serviceAccountName}}" operator: NotEquals value: "" validate: message: "Only silo-sa can delete/update clusterpolicys" deny: conditions: any: - key: "{{request.operation}}" operator: AnyIn value: - DELETE - UPDATE - PATCH - CREATE ================================================ FILE: kubernetes-security/kyverno-custom-policies/deny-attach-by-pod-and-container.yaml ================================================ apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: deny-attach-by-pod-and-container annotations: policies.kyverno.io/title: Block Pod Attach by Pod and Container policies.kyverno.io/category: Sample policies.kyverno.io/minversion: 1.4.2 policies.kyverno.io/subject: Pod policies.kyverno.io/description: >- Block attach spec: validationFailureAction: enforce background: false rules: - name: deny-exec match: resources: kinds: - PodAttachOptions preconditions: all: - key: {{ printf "{{ request.operation || 'BACKGROUND' }}" | quote }} operator: Equals value: CONNECT validate: message: deny-attach-by-pod-and-container deny: conditions: all: - key: {{ printf "{{ request.object.container }}" | quote }} operator: Equals value: "?*" ================================================ FILE: kubernetes-security/kyverno-custom-policies/mutate-securitycontext-seccomp-deployment.yaml ================================================ apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: mutate-securitycontext-seccomp-deployment annotations: policies.kyverno.io/title: mutate-securitycontext-seccomp-deployment policies.kyverno.io/category: Sample policies.kyverno.io/subject: Deployment policies.kyverno.io/description: >- mutate-securitycontext-seccomp-deployment spec: rules: - name: add-default-securitycontext match: resources: kinds: - Deployment mutate: patchStrategicMerge: spec: template: spec: securityContext: # +(runAsNonRoot): true # +(runAsUser): 1000 # +(runAsGroup): 3000 # +(fsGroup): 2000 +(seccompProfile): type: RuntimeDefault ================================================ FILE: kubernetes-security/kyverno-custom-policies/mutate-securitycontext-seccomp-pod.yaml ================================================ apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: mutate-securitycontext-seccomp-pod annotations: policies.kyverno.io/title: mutate-securitycontext-seccomp-pod policies.kyverno.io/category: Sample policies.kyverno.io/subject: Pod policies.kyverno.io/description: >- mutate-securitycontext-seccomp-pod spec: rules: - name: add-default-securitycontext match: resources: kinds: - Pod mutate: patchStrategicMerge: spec: securityContext: # +(runAsNonRoot): true # +(runAsUser): 1000 # +(runAsGroup): 3000 # +(fsGroup): 2000 +(seccompProfile): type: RuntimeDefault ================================================ FILE: kubernetes-security/kyverno-custom-policies/restrict-image-registries.yaml ================================================ apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: restrict-image-registries annotations: policies.kyverno.io/title: restrict-image-registries policies.kyverno.io/category: Best Practices policies.kyverno.io/severity: medium policies.kyverno.io/minversion: 1.3.0 policies.kyverno.io/subject: Pod policies.kyverno.io/description: >- restrict-image-registries spec: validationFailureAction: enforce background: false rules: - name: validate-registries match: resources: kinds: - Pod validate: message: "Unknown image registry." pattern: spec: containers: # - image: "eu.foo.io/* | bar.io/*" - image: "cr.yandex/*" ================================================ FILE: kubernetes-security/osquery-kubequery/Docker/Dockerfile ================================================ FROM ubuntu:20.04 WORKDIR /osquery RUN apt-get update \ && apt-get install -y software-properties-common \ && apt-get install apt-transport-https RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 1484120AC4E9F8A1A577AEEE97A80C63C9D8B80B \ && add-apt-repository 'deb [arch=amd64] https://pkg.osquery.io/deb deb main' \ && apt-get update \ && apt-get install osquery ================================================ FILE: kubernetes-security/osquery-kubequery/README.md ================================================ # Osquery and kubequery in K8s **MVP** # Version-1.0 **Version-1.0** - Changelog: - First version - Docker images: - `cr.yandex/sol/osquery-ds:mvp` - Helm chart: - `cr.yandex/sol/osquery-ds-yc:0.1.0` ## Task Use **Osquery** and **kubequery** in a K8s cluster and send results to SIEM (ELK, Splunk). ## Introduction: Kubernetes logo
[Osquery](https://github.com/osquery/osquery) is a tool that allows you to get information about the OS in the format of [SQL queries](https://osquery.io/schema/current/#file_events). Tasks solved: - [Query configs, OS/device settings, proccess, open ports, packets](https://github.com/osquery/osquery#what-is-osquery) - [File Integrity Monitoring with osquery](https://osquery.readthedocs.io/en/stable/deployment/file-integrity-monitoring/) - [Reading syslog with osquery](https://osquery.readthedocs.io/en/stable/deployment/syslog/) - [Anomaly detection with osquery](https://osquery.readthedocs.io/en/stable/deployment/anomaly-detection/) - [Process and socket auditing with osquery ((including eBPF)](https://osquery.readthedocs.io/en/stable/deployment/process-auditing/) - [Collecting information about containers on the host](https://www.uptycs.com/blog/get-started-using-osquery-for-container-security) ## Kubernetes logo
[Kubequery](https://github.com/Uptycs/kubequery) is a tool from the creators of Osquery that lets you get information from the K8s cluster about it's current configuration: - API resources. - RBAC roles assigned. - Data about policies. - Data about secrets. For more information about default SQL queries, see the [link](https://github.com/Uptycs/kubequery/blob/master/charts/kubequery/values.yaml#L41). ## Issues - **Osquery has no publicly available examples of installation in K8s in the daemonset format.** - **The tools don't have a built-in capacity to send results to SIEM (ELK, Splunk).** ## Solution diagram ![image](https://user-images.githubusercontent.com/85429798/143606481-7ccef674-61de-4097-8042-c7f9e9a66b5f.png) source of image - https://github.com/Uptycs/kubequery ## Deployment ### Osquery Kubernetes logo
#### Installing Osquery in K8s **Specifics of K8s installation** - It makes sense to install Osquery on K8s nodes in the [daemonset](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) format. - For Osquery to run correctly, you must have access to the K8s node /proc directory and have the flag [hostPID=true](https://github.com/BishopFox/badPods/tree/main/manifests/hostpid), but as the test has shown, that's not enough, and when accessing the /proc host directory from inside the container, the container still has access only to its processes. This is because of the [/proc directory specifics](https://stackoverflow.com/questions/47072586/docker-access-host-proc). - For this reason (and also based on the test results), we decided to: set for the container the following parameters: `hostNetwork`: *true*, `hostPID`: *true*, `hostIPC`: *true*, `hostPath`: *path: /*, and execute 'chroot' from the container to the host namespace. This entails risks associated with a privileged pod and going beyond the container. These risks can be minimized by a separate namespace with this container and a correct RBAC + Policy Engine, Network Policy, and others. There are two ways to downgrade container privileges: - Install the Osquery agent not via K8s, but directly on the nodes (difficulties in administration). - One team mentions in their [article](https://developer.ibm.com/articles/monitoring-containers-osquery/) that they solved this task by developing a custom extension in [osquery-go](https://github.com/kolide/osquery-go/blob/master/README.md), changing its default folder from /proc to /host/proc, so you just need to mount this folder without any priviledges. **Research is needed**. **Installing Osquery components in K8s**
Expand for viewing..........⬇️ **The prepared configuration includes:** - Basic Osquery config with the following options enabled: - Integrity control of critical K8s nodes files (according to CIS Benchmark). - [Osquery packs](https://github.com/osquery/osquery/tree/master/packs) included: incident response, vuln-management; - Proccess events enable. - A configuration file with a script that checks for an Osquery binary on the K8s node and, if necessary, copies it and runs - Network Policies that, by default, prohibit all incoming and outgoing traffic for the Osquery namespace. **Prerequisites:** - A deployed cluster of [Managed Service for Kubernetes](https://cloud.yandex.ru/docs/managed-kubernetes/quickstart). **Installation using Helm:** - Download values.yaml: ``` helm inspect values oci://cr.yandex/sol/osquery-ds-yc --version 0.1.0 > values.yaml ``` - If necessary, customize the configuration in the file or set parameters during installation. - Run installation with the parameters: ``` helm install osquery-ds-yc \ oci://cr.yandex/sol/osquery-ds-yc --version 0.1.0 \ --namespace osquery \ --create-namespace \ -f values.yaml \ --set osqueryArgs="--verbose --disable_events=false --enable_file_events=true --disable_audit=false --audit_allow_config=true --audit_persist=true --audit_allow_process_events=true" ``` - * To enable eBPF proccess events, add the flag `--enable_bpf_events=true` and access the `bpf_process_events` table. Read more in the [docs](https://osquery.readthedocs.io/en/stable/deployment/process-auditing/) **Installation with kubectl apply:** - Download the repository files: ``` git clone https://github.com/yandex-cloud/yc-solution-library-for-security.git ``` - Go to the folder: ``` cd /yc-solution-library-for-security/kubernetes-security/osquery-kubequery/osquery-install-daemonset/ ``` - If necessary, customize the files configmap-config.yaml and configmap-pack_conf.yaml. - Run the following commands: ``` kubectl apply -f ./ns.yaml kubectl apply -f ./ ``` **TBD: Creating a Helm chart**
## #### Sending results to SIEM Sending results to SIEM is performed according to the scheme [Using a node logging agent](https://kubernetes.io/docs/concepts/cluster-administration/logging/#using-a-node-logging-agent) #### Sending results to ELK Kubernetes logo
Expand for viewing..........⬇️ ![image](https://user-images.githubusercontent.com/85429798/143606732-547cd5c6-35ed-4296-b0ca-fbb0e017da5c.png) [Filebeat](https://www.elastic.co/beats/filebeat) is used to send data to ELK. Filebeat has a built-in [Osquery module](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-osquery.html). It's installed using [Helm chart](https://github.com/elastic/helm-charts/tree/main/filebeat). **Prerequisites:** - A deployed cluster of [Managed Service for ElasticSearch](https://cloud.yandex.ru/docs/managed-elasticsearch/operations/cluster-create). - Credentials for the cluster. **Installing components in K8s:** - Go to the folder: ``` cd /yc-solution-library-for-security/kubernetes-security/osquery-kubequery/filebeat-helm/ ``` - Download a certificate for Managed Elastic service (shared by all): ``` mkdir ~/.elasticsearch && \ wget "https://storage.yandexcloud.net/cloud-certs/CA.pem" -O ~/.elasticsearch/root.crt && \ chmod 0600 ~/.elasticsearch/root.crt cp ~/.elasticsearch/root.crt ./elastic-certificate.pem ``` - Create a secret with an ELK certificate in a K8s cluster: ``` kubectl create secret generic elastic-certificate-pem --from-file=./elastic-certificate.pem ``` - Create a secret with ELK credentials in a K8s cluster (replace with your values): ``` kubectl create secret generic security-master-credentials --from-literal=username=admin --from-literal=password=P@ssword ``` - Prepare an existing ./values.yaml file in the folder (edit). ``` Set the ELK name for the extraEnvs host: extraEnvs: - name: "ELASTICSEARCH_HOSTS" value: "c-c9qfrs7u8i6g59dkb0vj.rw.mdb.yandexcloud.net:9200" Edit the configuration file if needed. ``` - Install the Helm chart with the modified Helm file named "values" ``` helm repo add elastic https://helm.elastic.co helm install filebeat elastic/filebeat -f values.yaml ``` - Check for entries in the ELK database in the Filebeat-osquery index (create an index pattern). - A Filebeat-osquery index will appear in Elastic. - **TBD: Creating a separate dashboard in ELK for Osquery (installed packages, shell commands, open ports, OS versions, node versions, etc.).**
#### Sending results to Splunk Kubernetes logo
Expand for viewing..........⬇️ ![image](https://user-images.githubusercontent.com/85429798/143606623-1d3630aa-53e8-44dd-a619-a7b19d9dc925.png) To send results to Splunk, use [fluentd splunk hec plugin](https://github.com/splunk/fluent-plugin-splunk-hec). It's installed using [helm-chart](https://github.com/splunk/splunk-connect-for-kubernetes/tree/develop/helm-chart/splunk-connect-for-kubernetes/charts/splunk-kubernetes-logging). **Prerequisites:** - Splunk has been deployed. - [HTTP Event Collector](https://docs.splunk.com/Documentation/SplunkCloud/8.2.2105/Data/UsetheHTTPEventCollector#Configure_HTTP_Event_Collector_on_Splunk_Enterprise) has been configured. - You have a HEC token for sending events. **Installing components in K8s** - Go to the folder: ``` cd /yc-solution-library-for-security/kubernetes-security/osquery-kubequery/fluentsplunk-helm/ ``` - Prepare an existing ./values.yaml file in the folder (edit) or download the [original one](https://github.com/splunk/splunk-connect-for-kubernetes/blob/develop/helm-chart/splunk-connect-for-kubernetes/charts/splunk-kubernetes-logging/values.yaml). - Set the Splunk host name: ``` splunk: hec: host: 51.250.7.127 (specify your value) ``` - Install a Helm chart specifying the ./values.yaml file, your HEC Token, and SSL settings: ``` helm install my-splunk-logging -f values.yaml --set splunk.hec.insecureSSL=true --set splunk.hec.token= --set splunk-kubernetes-logging.fullnameOverride=splunk-logging https://github.com/splunk/splunk-connect-for-kubernetes/releases/download/1.4.5/splunk-kubernetes-logging-1.4.5.tgz ```
## ### Kubequery Kubernetes logo
#### Installing kubequery in K8s **Specifics of installation in K8s:** kubequery is installed in K8s as a [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/) using a [Helm chart](https://github.com/Uptycs/kubequery#helm). Kubequery results are written to the pod folder: /opt/uptycs/logs/osqueryd.results.log* To send kubequery results to SIEM, edit the configuration of Helm chart by adding an additional sidecar container with the SIEM agent. [Diagram of a sidecar container with a logging agent.](https://kubernetes.io/docs/concepts/cluster-administration/logging/#sidecar-container-with-a-logging-agent) #### Installing kubequery with Filebeat sidecar to send data to ELK
Expand for viewing..........⬇️ ![image](https://user-images.githubusercontent.com/85429798/143607391-b0c5c2ee-4556-429b-a3e4-bb17e2dcdda5.png) - Go to the folder: ``` cd /yc-solution-library-for-security/kubernetes-security/osquery-kubequery/kubequery/kubequery-with-elastic-filebeat/ ``` - Create a namespace: ``` kubectl create ns kubequery ``` - Download a certificate for Managed Elastic service (shared by all): ``` mkdir ~/.elasticsearch && \ wget "https://storage.yandexcloud.net/cloud-certs/CA.pem" -O ~/.elasticsearch/root.crt && \ chmod 0600 ~/.elasticsearch/root.crt cp ~/.elasticsearch/root.crt ./elastic-certificate.pem ``` - Create a secret with an ELK certificate in the K8s cluster: ``` kubectl create secret generic elastic-certificate-pem --from-file=./elastic-certificate.pem -n kubequery ``` - Create a secret with ELK credentials in the K8s cluster (replace with your values): ``` kubectl create secret generic security-master-credentials --from-literal=username=admin --from-literal=password=P@ssword -n kubequery ``` - In the ./configmap-filebeat.yaml file, specify the value of `output.elasticsearch`: *hosts: "c-c9qfrs7u8i6g59dkb0vj.rw.mdb.yandexcloud.net:9200"* (your value). - Download Helm chart files using the command: ``` git clone https://github.com/Uptycs/kubequery.git ``` - Copy the prepared files to the chart folder: ``` cp ./*.yaml ./kubequery/charts/kubequery/templates/ ``` - Delete the ns creation file from the chart folder: ``` rm ./kubequery/charts/kubequery/templates/namespace.yaml ``` - In the ./kubequery/charts/kubequery/values.yaml file, specify the value of the cluster name `cluster`: *mycluster*. - Install Helm chart from a local working folder: ``` helm install my-kubequery ./kubequery/charts/kubequery/ ``` A filebeat-kubequery index will appear in Elastic. **TBD: Creating a Helm chart for convenience and contributing it to kubequery**
#### Installing kubequery with fluentd sidecar to send data to Splunk
Expand for viewing..........⬇️ ![image](https://user-images.githubusercontent.com/85429798/143606787-4ef0c6e9-7595-4293-958d-7e06d10abbe5.png) - Go to the folder: ``` cd /yc-solution-library-for-security/kubernetes-security/osquery-kubequery/kubequery/kubequery-with-splunk/ ``` - Create a namespace: ``` kubectl create ns kubequery ``` - Create a secret to store an HEC token: ``` kubectl create secret generic splunk-hec-secret --from-literal=splunk_hec_token= -n kubequery ``` - In the ./configmap-fluentd.yaml file, specify value for `hec_host` -- *51.250.7.127* (your address) and for `host` — *my-cluster* (cluster name). - Download Helm chart using the command: ``` git clone https://github.com/Uptycs/kubequery.git ``` - Copy the prepared files to the chart folder: ``` cp ./*.yaml ./kubequery/charts/kubequery/templates/ ``` - Delete the ns creation file from the chart folder: ``` rm ./kubequery/charts/kubequery/templates/namespace.yaml ``` - Install Helm chart from a local working folder: ``` helm install my-kubequery ./kubequery/charts/kubequery/ ``` ** TBD: Creating a Helm chart for convenience and contributing it to kubequery **
================================================ FILE: kubernetes-security/osquery-kubequery/README_RU.md ================================================ # osquery и kubequery в k8s **MVP** # Version **Version-1.0** - Changelog: - First version - Docker images: - `cr.yandex/sol/osquery-ds:mvp` - Helm chart: - `cr.yandex/sol/osquery-ds-yc:0.1.0` ## Задача Использовать **osquery** и **kubequery** в k8s кластере и отправлять результаты в SIEM (ELK, Splunk) ## Вводная Kubernetes logo
[Osquery](https://github.com/osquery/osquery) - инструмент, который позволяет получать информацию об ОС в формате [SQL запросов](https://osquery.io/schema/current/#file_events). Решаемые задачи: - [Query configs, OS/device settings, proccess, open ports, packets](https://github.com/osquery/osquery#what-is-osquery) - [File Integrity Monitoring with osquery](https://osquery.readthedocs.io/en/stable/deployment/file-integrity-monitoring/) - [Reading syslog with osquery](https://osquery.readthedocs.io/en/stable/deployment/syslog/) - [Anomaly detection with osquery](https://osquery.readthedocs.io/en/stable/deployment/anomaly-detection/) - [Process and socket auditing with osquery (включая eBPF)](https://osquery.readthedocs.io/en/stable/deployment/process-auditing/) - [Сбор Информации о containers на хосте)](https://www.uptycs.com/blog/get-started-using-osquery-for-container-security) - др. ## Kubernetes logo
[Kubequery](https://github.com/Uptycs/kubequery) - инструмент от создателей osquery, который позволяет получать информацию из кластера k8s о действующей конфигурации: - api ресурсы - назначенные роли RBAC - инфо о политиках - инфо о секретах - др. Подробнее с default sql запросами можно ознакомиться [по ссылке](https://github.com/Uptycs/kubequery/blob/master/charts/kubequery/values.yaml#L41) ## Проблемы - **osquery не имеет примеров установки в k8s в виде daemonset в публичном доступе** - **инструменты не имеют встроенной возможности отправки результатов в SIEM (ELK, Splunk)** ## Схема решения ![image](https://user-images.githubusercontent.com/85429798/143606481-7ccef674-61de-4097-8042-c7f9e9a66b5f.png) source of image - https://github.com/Uptycs/kubequery ## Развертывание ### Osquery Kubernetes logo
#### Установка osquery в k8s **Особенности установки в k8s**: - Устанавливать osquery на k8s ноды логично в виде [daemonset](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) - osquery для корректной работы необходимо иметь доступ к директории k8s ноды "/proc" и иметь установленный флаг [hostPID=true] (https://github.com/BishopFox/badPods/tree/main/manifests/hostpid), но как выяснилось в результате теста этого недостаточно и при обращении изнутри контейнера к хостовой директории /proc контейнер все равно имеет доступ только к своим процессам. Это связано с [особенностями /proc директории](https://stackoverflow.com/questions/47072586/docker-access-host-proc) - По причине выше и результатам тестов было найдено решение: устанавливать контейнеру параметры: hostNetwork: true, hostPID: true, hostIPC: true, "hostPath:path: /" и выполнять из него chroot в хостовый namespace. Это влечет за собой риски связанные с привелигированным подом и выходом за пределы контейнера, которые могут быть минимизированы отдельным namespace с данным контейнером и правильным RBAC + policy engine, network policy, и др. Существуют 2 способа понизить привилегии контейнера: - устанавливать агент osquery не через k8s, а напрямую на ноды (трудности в администрировании) - одна команда [в статье](https://developer.ibm.com/articles/monitoring-containers-osquery/) упоминает, что справилась с этой задачей разработав свой кастомный extension используя [osquery-go](https://github.com/kolide/osquery-go/blob/master/README.md) и в нем изменили default folder с /proc на /host/proc тем самым требуется лишь монтирование данного фолдера без привелегий **Необходим research** **Установка компонентов osquery в k8s**
Развернуть для просмотра..........⬇️ **Подготовленная конфигурация включает**: - основной конфиг osquery с включенным: - контролем целостности критичных k8s nodes файлов (согласно CIS Benchmark) - включенными [osquery packs](https://github.com/osquery/osquery/tree/master/packs): "incident response", "vuln-management" - включенным proccess events - конфиг со скриптом, который проверяет наличие osquery бинарника на k8s ноде и при необходимости копирует его и запускает - network policy, которые по умолчанию запрещают весь входящий и исходящший траффик namespace "osquery" **Прериквизиты**: - развернутый кластер [Managed Service for Kubernetes](https://cloud.yandex.ru/docs/managed-kubernetes/quickstart) **Установка с помощью helm**: - скачайте values.yaml: ``` helm inspect values oci://cr.yandex/sol/osquery-ds-yc --version 0.1.0 > values.yaml ``` - при необходимости кастомизируйте конфигурацию в файле либо задайте параметры при установке - выполгните установку с параметрами: ``` helm install osquery-ds-yc \ oci://cr.yandex/sol/osquery-ds-yc --version 0.1.0 \ --namespace osquery \ --create-namespace \ -f values.yaml \ --set osqueryArgs="--verbose --disable_events=false --enable_file_events=true --disable_audit=false --audit_allow_config=true --audit_persist=true --audit_allow_process_events=true" ``` - * для включения eBPF proccess events добавьте флаг "--enable_bpf_events=true" и обращайтесь к таблице "bpf_process_events". Подробнее в [док](https://osquery.readthedocs.io/en/stable/deployment/process-auditing/) **Установка с помощью kubectl apply**: - скачайте файлы репозитория ``` git clone https://github.com/yandex-cloud/yc-solution-library-for-security.git ``` - перейдите в папку ``` cd /yc-solution-library-for-security/kubernetes-security/osquery-kubequery/osquery-install-daemonset/ ``` - при необходимости кастомизируйте файлы: configmap-config.yaml, configmap-pack_conf.yaml - выполните команду ``` kubectl apply -f ./ns.yaml kubectl apply -f ./ ``` - **TBD: создание helm chart**
## #### Отправка результатов в SIEM Отправка результатов в SIEM выполняется по схеме [Using a node logging agent](https://kubernetes.io/docs/concepts/cluster-administration/logging/#using-a-node-logging-agent) ##### Отправка результатов в ELK Kubernetes logo
Развернуть для просмотра..........⬇️ ![image](https://user-images.githubusercontent.com/85429798/143606732-547cd5c6-35ed-4296-b0ca-fbb0e017da5c.png) Для отправки в ELK используется [filebeat](https://www.elastic.co/beats/filebeat). Filebeat имеет встроенный [модуль osquery](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-osquery.html). Устанавливается с помощью [helm-chart](https://github.com/elastic/helm-charts/tree/main/filebeat). **Прериквизиты**: - развернутый кластер [Managed Service for Elasticsearch](https://cloud.yandex.ru/docs/managed-elasticsearch/operations/cluster-create) - credentials от кластера **Установка компонентов в k8s** - перейдите в папку ``` cd /yc-solution-library-for-security/kubernetes-security/osquery-kubequery/filebeat-helm/ ``` - скачайте сертификат Managed Elastic сервиса (общий для всех) ``` mkdir ~/.elasticsearch && \ wget "https://storage.yandexcloud.net/cloud-certs/CA.pem" -O ~/.elasticsearch/root.crt && \ chmod 0600 ~/.elasticsearch/root.crt cp ~/.elasticsearch/root.crt ./elastic-certificate.pem ``` - создать секрет с сертификатом ELK в кластере k8s ``` kubectl create secret generic elastic-certificate-pem --from-file=./elastic-certificate.pem ``` - создать секрет с credentials ELK в кластере k8s (заменить на свои) ``` kubectl create secret generic security-master-credentials --from-literal=username=admin --from-literal=password=P@ssword ``` - подготовить существующий в папке файл ./values.yaml (отредактикровать) ``` задать имя elk хоста extraEnvs: - name: "ELASTICSEARCH_HOSTS" value: "c-c9qfrs7u8i6g59dkb0vj.rw.mdb.yandexcloud.net:9200" при необходимости поменять конфигурационный файл ``` - установить helm chart с указанием модифицированного helm файла values ``` helm repo add elastic https://helm.elastic.co helm install filebeat elastic/filebeat -f values.yaml ``` - проверить наличие записей в базе ELK в индексе filebeat-osquery (создать index pattern) - в elastic появится index "filebeat-osquery" - **TBD: создание отделього dashboard в ELK для osquery (установленные пакеты, шел команды, открытые порты, версии ос и нод и т.д.)**
##### Отправка результатов в Splunk Kubernetes logo
Развернуть для просмотра..........⬇️ ![image](https://user-images.githubusercontent.com/85429798/143606623-1d3630aa-53e8-44dd-a619-a7b19d9dc925.png) Для отправки в Splunk используется [fluentd splunk hec plugin](https://github.com/splunk/fluent-plugin-splunk-hec). Устанавливается с помощью [helm-chart](https://github.com/splunk/splunk-connect-for-kubernetes/tree/develop/helm-chart/splunk-connect-for-kubernetes/charts/splunk-kubernetes-logging ). **Прериквизиты**: - развернутый Splunk - настроенный [HTTP Event Collector](https://docs.splunk.com/Documentation/SplunkCloud/8.2.2105/Data/UsetheHTTPEventCollector#Configure_HTTP_Event_Collector_on_Splunk_Enterprise) - HEC Токен для отправки событий **Установка компонентов в k8s** - перейдите в папку ``` cd /yc-solution-library-for-security/kubernetes-security/osquery-kubequery/fluentsplunk-helm/ ``` - подготовить существующий в папке файл ./values.yaml (отредактикровать) либо [скачать исходный](https://github.com/splunk/splunk-connect-for-kubernetes/blob/develop/helm-chart/splunk-connect-for-kubernetes/charts/splunk-kubernetes-logging/values.yaml) ``` задать имя splunk хоста splunk: hec: host: 51.250.7.127 (укажите ваше значение) ``` - установить helm chart с указанием файла ./values.yaml , вашего HEC Token и настройками SSL ``` helm install my-splunk-logging -f values.yaml --set splunk.hec.insecureSSL=true --set splunk.hec.token= --set splunk-kubernetes-logging.fullnameOverride=splunk-logging https://github.com/splunk/splunk-connect-for-kubernetes/releases/download/1.4.5/splunk-kubernetes-logging-1.4.5.tgz ```
## ### Kubequery Kubernetes logo
#### Установка kubequery в k8s **Особенности установки в k8s**: Kubequery устанавливается в k8s в виде [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/) с помощью [helm chart](https://github.com/Uptycs/kubequery#helm). Результаты kubequery записываются в папку пода: "/opt/uptycs/logs/osqueryd.results.log*". Для отправки результатов работы kubequery в SIEM необходимо изменить конфигурацию helm chart путем добавления дополнительного sidecar container с агентом SIEM. Схема [Sidecar container with a logging agent](https://kubernetes.io/docs/concepts/cluster-administration/logging/#sidecar-container-with-a-logging-agent) ##### Установка kubequery с filebeat sidecar для отправки в ELK
Развернуть для просмотра..........⬇️ ![image](https://user-images.githubusercontent.com/85429798/143607391-b0c5c2ee-4556-429b-a3e4-bb17e2dcdda5.png) - перейдите в папку ``` cd /yc-solution-library-for-security/kubernetes-security/osquery-kubequery/kubequery/kubequery-with-elastic-filebeat/ ``` - создайте namespace ``` kubectl create ns kubequery ``` - скачайте сертификат Managed Elastic сервиса (общий для всех) ``` mkdir ~/.elasticsearch && \ wget "https://storage.yandexcloud.net/cloud-certs/CA.pem" -O ~/.elasticsearch/root.crt && \ chmod 0600 ~/.elasticsearch/root.crt cp ~/.elasticsearch/root.crt ./elastic-certificate.pem ``` - создать секрет с сертификатом ELK в кластере k8s ``` kubectl create secret generic elastic-certificate-pem --from-file=./elastic-certificate.pem -n kubequery ``` - создать секрет с credentials ELK в кластере k8s (заменить на свои) ``` kubectl create secret generic security-master-credentials --from-literal=username=admin --from-literal=password=P@ssword -n kubequery ``` - указать в файле ./configmap-filebeat.yaml значение output.elasticsearch: hosts: "c-c9qfrs7u8i6g59dkb0vj.rw.mdb.yandexcloud.net:9200" (ваше значение) - скачать файлы helm-chart командой ``` git clone https://github.com/Uptycs/kubequery.git ``` - копируем заготовленные файлы в папку чарта ``` cp ./*.yaml ./kubequery/charts/kubequery/templates/ ``` - удаляем файл создания ns из папки чарта ``` rm ./kubequery/charts/kubequery/templates/namespace.yaml ``` - в файле ./kubequery/charts/kubequery/values.yaml указать значение имени кластера cluster: mycluster - установить helm chart из локальной рабочей папки ``` helm install my-kubequery ./kubequery/charts/kubequery/ ``` - в elastic появится index "filebeat-kubequery" - ** TBD: создание helm chart для удобства и contribute его в kubequery **
##### Установка kubequery с fluentd sidecar для отправки в Splunk
Развернуть для просмотра..........⬇️ ![image](https://user-images.githubusercontent.com/85429798/143606787-4ef0c6e9-7595-4293-958d-7e06d10abbe5.png) - перейдите в папку ``` cd /yc-solution-library-for-security/kubernetes-security/osquery-kubequery/kubequery/kubequery-with-splunk/ ``` - создайте namespace ``` kubectl create ns kubequery ``` - создаем секрет для хранения HEC токена ``` kubectl create secret generic splunk-hec-secret --from-literal=splunk_hec_token= -n kubequery ``` - указать в файле ./configmap-fluentd.yaml значение hec_host "51.250.7.127" (ваш адрес) и host "my-cluster" (имя кластера) - скачать helm-chart командой ``` git clone https://github.com/Uptycs/kubequery.git ``` - копируем заготовленные файлы в папку чарта ``` cp ./*.yaml ./kubequery/charts/kubequery/templates/ ``` - удаляем файл создания ns из папки чарта ``` rm ./kubequery/charts/kubequery/templates/namespace.yaml ``` - установить helm chart из локальной рабочей папки ``` helm install my-kubequery ./kubequery/charts/kubequery/ ``` - ** TBD: создание helm chart для удобства и contribute его в kubequery **
================================================ FILE: kubernetes-security/osquery-kubequery/filebeat-helm/values.yaml ================================================ daemonset: extraEnvs: - name: "ELASTICSEARCH_HOSTS" value: "c-c9qfrs7u8i6g59dkb0vj.rw.mdb.yandexcloud.net:9200" - name: "ELASTICSEARCH_USERNAME" valueFrom: secretKeyRef: name: security-master-credentials key: username - name: "ELASTICSEARCH_PASSWORD" valueFrom: secretKeyRef: name: security-master-credentials key: password filebeatConfig: filebeat.yml: | setup.ilm.enabled: auto setup.ilm.rollover_alias: "filebeat-osquery" setup.ilm.pattern: "{now/d}-000001" filebeat.inputs: filebeat.modules: - module: osquery output.elasticsearch: hosts: '${ELASTICSEARCH_HOSTS:elasticsearch-master:9200}' username: '${ELASTICSEARCH_USERNAME}' password: '${ELASTICSEARCH_PASSWORD}' protocol: https ssl.certificate_authorities: - /usr/share/filebeat/config/certs/elastic-certificate.pem secretMounts: - name: elastic-certificate-pem secretName: elastic-certificate-pem path: /usr/share/filebeat/config/certs ================================================ FILE: kubernetes-security/osquery-kubequery/fluentsplunk-helm/values.yaml ================================================ fluentd: # path of logfiles, default /var/log/containers/*.log path: /var/log/containers/*.log # paths of logfiles to exclude. object type is array as per fluentd specification: # https://docs.fluentd.org/input/tail#exclude_path exclude_path: - /var/log/containers/*.log # - /var/log/containers/tiller*.log # - /var/log/containers/*_kube-system_*.log (to exclude `kube-system` namespace) splunk: hec: host: 51.250.7.127 indexName: test-osquery insecureSSL: true logs: # we want to read logs for `kube-apiserver` from a log file other then from the container logs kube-apiserver: from: file: path: /var/log/kube-apiserver.log # read log files other then the default ones my-log-file: from: file: path: /var/log/osquery/*.log #timestampExtraction: # regexp: (?