AttestationReport/AttestationReport.psm1
|
# Copyright (c) Microsoft Corporation. All rights reserved. # Licensed under the MIT License. # Creation of an attestation report class to have meaningful data and formatting class AttestationReport { [DateTime] $Time [string] $HostName [string] $AttestationOperationMode [string] $AttestationStatus [string] $AttestationSubStatus [string] $AuthorizedHostGroup [string] $EndorsementKeyHash } #region Constants $script:AttestationEventProviderName = "Microsoft-Windows-HostGuardianService-Attestation" # The telling event that an attestation request passed. $script:TcgLogValidationEventId = 1203 # AD based attestation status events $script:AttestationAdStatusEvents = @{ 1519 = "Passed"; 1524 = "UnauthorizedHost" } $script:AttestationTpmSubStatusEvents = @{ 1500 = "NoInformation"; 1508 = "SecureBoot"; 1510 = "DebugMode"; 1513 = "CodeIntegrityPolicy"; 1523 = "NoInformation"; 1533 = "Iommu"; 1534 = "VirtualSecureMode"; 1535 = "PagefileEncryption"; 1536 = "BitLocker"; 1537 = "HypervisorEnforcedCodeIntegrityPolicy"; 1538 = "CodeIntegrityPolicy"; 1539 = "HibernationEnabled"; 1540 = "DumpsEnabled"; 1541 = "DumpEncryption"; 1542 = "DumpEncryptionKey" } $script:AttestationTpmStatusEvents = @{ 1500 = "UnauthorizedHost"; 1508 = "InsecureHostConfiguration"; 1510 = "InsecureHostConfiguration"; 1513 = "InsecureHostConfiguration"; 1523 = "Passed"; 1533 = "InsecureHostConfiguration"; 1534 = "InsecureHostConfiguration"; 1535 = "InsecureHostConfiguration"; 1536 = "InsecureHostConfiguration"; 1537 = "InsecureHostConfiguration"; 1538 = "InsecureHostConfiguration"; 1539 = "InsecureHostConfiguration"; 1540 = "InsecureHostConfiguration"; 1541 = "InsecureHostConfiguration"; 1542 = "InsecureHostConfiguration"; } #endregion <# .Synopsis Generates a report of attestation requests done by an HGS server .DESCRIPTION The Get-HgsAttestationReport cmdlet obtains events from the HostGuardianService-Attestation event provider, and parses them to find the past attestation requests handled by this HGS Server. When running this cmdlet on or target in an HGS server that is a member of a cluster, it will attempt to find relevant events from all nodes. If -AD or -TPM is not passed through, it will report attestation requests of the current operation mode. .EXAMPLE Get-HgsAttestationReport -AD -Tpm -StartTime (Get-Date).AddDays(-7) Generates a report of all AD and TPM based attestation requests handled by the targeted HGS server for the past seven days. .EXAMPLE $cred = Get-Credential Get-HgsAttestationReport -ComputerName HgsServer.Contoso.Com -Credential $cred Generates a report of all attestation requests of the current operation mode handled by the targeted HGS server as far back as the event logs go. #> function Get-HgsAttestationReport { [CmdletBinding(DefaultParameterSetName = 'LocalComputer')] param ( # Specifies the earliest date to look for events [Parameter(Mandatory = $false)] [Alias("NotBefore")] [DateTime] $StartTime = [System.DateTime]::MinValue, # Specifies the latest date to look for events [Parameter(Mandatory = $false)] [Alias("NotAfter")] [DateTime] $EndTime = [System.DateTime]::MaxValue, # Specifies if the parser should look for AD based attestation requests. If both -AD and -Tpm are not present, the search defaults to the target's current Attestation Operation Mode. [Alias("ParseADRequests")] [Parameter(Mandatory = $false)] [Switch] $AD, # Specifies if the parser should look for Tpm based attestation requests. If both -AD and -Tpm are not present, the search defaults to the target's current Attestation Operation Mode. [Parameter(Mandatory = $false)] [Alias("ParseTpmRequests")] [switch] $Tpm, # The name of the target computer. [Parameter(Mandatory = $true, ParameterSetName = "RemoteComputer")] [String] $ComputerName, # Credentials for invoking commands on the target computer [Parameter(Mandatory = $true, ParameterSetName = "RemoteComputer")] [PSCredential] $Credential, # PSSession Configuration Name for invoking commands [Parameter(Mandatory = $false)] [Alias("ConfigurationName")] [String] $EndpointName = "Microsoft.PowerShell" ) if ($PSCmdlet.ParameterSetName -eq "LocalComputer") { try { $HgsServerInfo = Get-HgsServer -ErrorAction Stop } catch [Exception] { Write-Error $_ break } } else { try { $HgsServerInfo = Invoke-Command -ComputerName $ComputerName -Credential $Credential -ConfigurationName $EndpointName -ScriptBlock {Get-HgsServer} -ErrorAction Stop } catch [Exception] { Write-Error $_ break } } # In the case of multiple nodes $HgsServerNodeNames = @() switch ($PSCmdlet.ParameterSetName) { "LocalComputer" { $HgsServerNodeNames += (Get-ClusterNode | Where-Object {$_.State -eq "Up"}).Name } "RemoteComputer" {$HgsServerNodeNames += (Invoke-Command -ComputerName $ComputerName -Credential $Credential -ConfigurationName $EndpointName -ScriptBlock {Get-ClusterNode}).Name} } if ($HgsServerNodeNames.Count -gt 1) { switch ($PSCmdlet.ParameterSetName) { "LocalComputer" { Write-Warning ("This host is not the only member of the Host Guardian Service instance '{0}'. To collect all attestation requests handled by this instance, run this script targeting all of the machines of this instance: {1}" -f $HgsServerInfo.AttestationUrl[0].Host, ($HgsServerNodeNames -join "; ")) } "RemoteComputer" { # This will still give the netBIOS name even if the input computername is the netBIOS Write-Warning ("The host '{0}' is not the only member of the Host Guardian Service instance '{1}'. To collect all attestation requests handled by this instance, run this script targeting all of the machines of this instance: {2}" -f $ComputerName,$HgsServerInfo.AttestationUrl[0].Host, ($HgsServerNodeNames -join "; ")) } } } if (!$Tpm -and !$AD) { # If we can get the current attestation operation mode, use that. if ($HgsServerInfo.AttestationOperationMode.Value -eq "Tpm" -or $HgsServerInfo.AttestationOperationMode -eq "Tpm") { $Tpm = $true } else { $AD = $true } } $EventIds = @() if ($AD) { $EventIds += $script:AttestationAdStatusEvents.Keys } if ($Tpm) { $TpmEventIDs = $script:AttestationTpmStatusEvents.Keys + $script:TcgLogValidationEventId $EventIds += $TpmEventIds } $AttestationEvents = @() switch ($PSCmdlet.ParameterSetName) { "LocalComputer" { $AttestationEvents += Get-WinEvent -ProviderName $script:AttestationEventProviderName -ErrorAction Stop| Where-Object {($EventIds -contains $_.Id) -and ($_.TimeCreated -gt $StartTime) -and ($_.TimeCreated -le $EndTime)} } "RemoteComputer" { $AttestationEvents += Get-WinEvent -ProviderName $script:AttestationEventProviderName -ComputerName $ComputerName -Credential $Credential -ErrorAction Stop| Where-Object {($EventIds -contains $_.Id) -and ($_.TimeCreated -gt $StartTime) -and ($_.TimeCreated -le $EndTime)} } } $AttestationRequests = @() if ($Tpm) { $TpmEvents = $AttestationEvents | Where-Object {$TpmEventIds -contains $_.Id} if ($PSCmdlet.ParameterSetName -eq "RemoteComputer") { $TpmBasedAttestationRequests = FindTpmRequests -Events $TpmEvents -ComputerName $ComputerName -Credential $Credential -ConfigurationName $EndpointName -UseRemote } else { $TpmBasedAttestationRequests = FindTpmRequests -Events $TpmEvents } $AttestationRequests += $TpmBasedAttestationRequests } if ($AD) { $AdEvents = $AttestationEvents | Where-Object {$script:AttestationAdStatusEvents.Keys -contains $_.Id} if ($PSCmdlet.ParameterSetName -eq "RemoteComputer") { $AdBasedAttestationRequests = FindADRequests -Events $AdEvents -ComputerName $ComputerName -Credential $Credential -ConfigurationName $EndpointName -UseRemote } else { $AdBasedAttestationRequests = FindADRequests -Events $AdEvents } $AttestationRequests += $AdBasedAttestationRequests } # Re-sort by time $AttestationRequests = $AttestationRequests | Sort-Object -Property Time -Descending Write-Output $AttestationRequests } <# Parse events into AD based attestation requests #> function FindADRequests { param( [System.Array] $Events, [switch] $UseRemote, [string] $ComputerName, [PSCredential] $Credential, [String] $ConfigurationName ) if ($UseRemote) { $AuthorizedADHostGroups = Invoke-Command -ComputerName $ComputerName -Credential $Credential -ConfigurationName $ConfigurationName -ScriptBlock {Get-HgsAttestationHostGroup -WarningAction Ignore -ErrorAction Stop} -ErrorAction Stop } else { $AuthorizedADHostGroups = Get-HgsAttestationHostGroup -WarningAction Ignore } $ADAttestationEventGroups = GroupEvents $Events $AdBasedAttestationRequests = @() foreach ($ActivityId in $ADAttestationEventGroups.Keys) { $AttestationRequest = [AttestationReport]::new() $AttestationRequest.AttestationOperationMode = "AD" $AttestationRequest.EndorsementKeyHash = "NotApplicable" $EventList = $ADAttestationEventGroups[$ActivityId] | Sort-Object TimeCreated # Use time of earliest event $AttestationRequest.Time = ($EventList)[0].TimeCreated foreach ($event in $EventList) { if ($AttestationAdStatusEvents.ContainsKey($event.Id)) { $AttestationRequest.AttestationStatus = $script:AttestationAdStatusEvents[$event.Id] if ($AttestationRequest.AttestationStatus -eq "Passed") { $AttestationRequest.AttestationSubStatus = "NoInformation" $AttestationRequest.HostName = $event.Properties.Value # Check if it can't be cast into a SID. If it can, then its the HostGroup Identifier. Otherwise, it should be used as the Host Name # Known issue with this approach: if the SAM account name is somehow in the form of a SID, but this should not be possible. foreach ($prop in $Event.Properties) { try { $sid = New-Object System.Security.Principal.SecurityIdentifier -ArgumentList $prop.Value $hostGroup = $AuthorizedADHostGroups | Where-Object {$_.Identifier -eq $sid.Value} if ($hostGroup -ne $null) { $AttestationRequest.AuthorizedHostGroup = $hostGroup.Name } else { $AttestationRequest.AuthorizedHostGroup = $sid.Value } } catch { $AttestationRequest.HostName = $prop.Value } } } else { # Otherwise, the only property associated with this event is the machine SID of the attesting client $AttestationRequest.HostName = $event.Properties.Value $AttestationRequest.AuthorizedHostGroup = "NotApplicable" } $AdBasedAttestationRequests += ,$AttestationRequest } } } return $AdBasedAttestationRequests } <# Parse events into TPM requests #> function FindTpmRequests { param( [System.Array] $Events, [switch] $UseRemote, [string] $ComputerName, [PSCredential] $Credential, [string] $ConfigurationName ) if ($UseRemote) { # Only need to get settings from one node $AuthorizedTpmHosts = Invoke-Command -ComputerName $ComputerName -Credential $Credential -ConfigurationName $ConfigurationName -ScriptBlock {Get-HgsAttestationTpmHost -WarningAction Ignore -ErrorAction Stop} -ErrorAction Stop } else { $AuthorizedTpmHosts = Get-HgsAttestationTpmHost -WarningAction Ignore -ErrorAction Stop } $TpmAttestationEventGroups = GroupEvents $Events $TpmBasedAttestationRequests = @() # Iterate through attestation groups, generating an AttestationReport object foreach ($ActivityId in $TpmAttestationEventGroups.Keys) { $AttestationRequest = [AttestationReport]::new() $AttestationRequest.AttestationOperationMode = "Tpm" $AttestationRequest.AuthorizedHostGroup = "NotApplicable" $tpmEventList = $TpmAttestationEventGroups[$ActivityId] | Sort-Object TimeCreated # Get earliest event $AttestationRequest.Time = ($tpmEventList)[0].TimeCreated $HostNameFound = $false foreach ($event in $tpmEventList) { # Not all attestation failure events have the host EK attached to it. Instead, use the ID from the event corresponding to starting the TCG log verification if ($event.Id -eq $script:TcgLogValidationEventId -and -not $HostNameFound) { $AttestationRequest.EndorsementKeyHash = $Event.Properties.Value $Hostname = ($AuthorizedTpmHosts | Where-Object {$_.Identifier -eq $event.Properties.value}).Name if ($Hostname) { $AttestationRequest.HostName = $HostName } $HostNameFound = $true } if($AttestationTpmStatusEvents.ContainsKey($Event.Id)) { $AttestationRequest.AttestationStatus = $AttestationTpmStatusEvents[$event.Id] # Account for multiple substatus reasons if ($AttestationRequest.AttestationSubStatus -ne $AttestationTpmSubStatusEvents[$event.Id]) { $AttestationRequest.AttestationSubStatus += $AttestationTpmSubStatusEvents[$event.Id] } if (-not $HostNameFound -and $AttestationRequest.AttestationStatus -eq "UnauthorizedHost") { $AttestationRequest.HostName = 'UnauthorizedHost' $AttestationRequest.EndorsementKeyHash = $Event.Properties.Value $HostNameFound = $true } } } $TpmBasedAttestationRequests += ,$AttestationRequest } return $TpmBasedAttestationRequests } # Group an array of events into a dictionary based on their Activity ID's. function GroupEvents([System.Array] $Events) { $EventGroups = [ordered] @{} # Form groups based on the correlation Activity ID (on the HGS server, these all properly map to identical attestation requests) foreach ($event in $Events) { if ($EventGroups.Contains($event.ActivityId)) { $EventGroups[$event.ActivityId] += ($event) } else { $EventGroups.Add($event.ActivityId, @($event)) } } return $EventGroups } # SIG # Begin signature block # MIIjtgYJKoZIhvcNAQcCoIIjpzCCI6MCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCn1XrRfqS8kb1V # yw/L7Vj0Y0m7xigSh+9DCeqkFl1YQKCCDYEwggX/MIID56ADAgECAhMzAAABUZ6N # j0Bxow5BAAAAAAFRMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMTkwNTAyMjEzNzQ2WhcNMjAwNTAyMjEzNzQ2WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQCVWsaGaUcdNB7xVcNmdfZiVBhYFGcn8KMqxgNIvOZWNH9JYQLuhHhmJ5RWISy1 # oey3zTuxqLbkHAdmbeU8NFMo49Pv71MgIS9IG/EtqwOH7upan+lIq6NOcw5fO6Os # +12R0Q28MzGn+3y7F2mKDnopVu0sEufy453gxz16M8bAw4+QXuv7+fR9WzRJ2CpU # 62wQKYiFQMfew6Vh5fuPoXloN3k6+Qlz7zgcT4YRmxzx7jMVpP/uvK6sZcBxQ3Wg # B/WkyXHgxaY19IAzLq2QiPiX2YryiR5EsYBq35BP7U15DlZtpSs2wIYTkkDBxhPJ # IDJgowZu5GyhHdqrst3OjkSRAgMBAAGjggF+MIIBejAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUV4Iarkq57esagu6FUBb270Zijc8w # UAYDVR0RBEkwR6RFMEMxKTAnBgNVBAsTIE1pY3Jvc29mdCBPcGVyYXRpb25zIFB1 # ZXJ0byBSaWNvMRYwFAYDVQQFEw0yMzAwMTIrNDU0MTM1MB8GA1UdIwQYMBaAFEhu # ZOVQBdOCqhc3NyK1bajKdQKVMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly93d3cu # bWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY0NvZFNpZ1BDQTIwMTFfMjAxMS0w # Ny0wOC5jcmwwYQYIKwYBBQUHAQEEVTBTMFEGCCsGAQUFBzAChkVodHRwOi8vd3d3 # Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY0NvZFNpZ1BDQTIwMTFfMjAx # MS0wNy0wOC5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAWg+A # rS4Anq7KrogslIQnoMHSXUPr/RqOIhJX+32ObuY3MFvdlRElbSsSJxrRy/OCCZdS # se+f2AqQ+F/2aYwBDmUQbeMB8n0pYLZnOPifqe78RBH2fVZsvXxyfizbHubWWoUf # NW/FJlZlLXwJmF3BoL8E2p09K3hagwz/otcKtQ1+Q4+DaOYXWleqJrJUsnHs9UiL # crVF0leL/Q1V5bshob2OTlZq0qzSdrMDLWdhyrUOxnZ+ojZ7UdTY4VnCuogbZ9Zs # 9syJbg7ZUS9SVgYkowRsWv5jV4lbqTD+tG4FzhOwcRQwdb6A8zp2Nnd+s7VdCuYF # sGgI41ucD8oxVfcAMjF9YX5N2s4mltkqnUe3/htVrnxKKDAwSYliaux2L7gKw+bD # 1kEZ/5ozLRnJ3jjDkomTrPctokY/KaZ1qub0NUnmOKH+3xUK/plWJK8BOQYuU7gK # YH7Yy9WSKNlP7pKj6i417+3Na/frInjnBkKRCJ/eYTvBH+s5guezpfQWtU4bNo/j # 8Qw2vpTQ9w7flhH78Rmwd319+YTmhv7TcxDbWlyteaj4RK2wk3pY1oSz2JPE5PNu # Nmd9Gmf6oePZgy7Ii9JLLq8SnULV7b+IP0UXRY9q+GdRjM2AEX6msZvvPCIoG0aY # HQu9wZsKEK2jqvWi8/xdeeeSI9FN6K1w4oVQM4Mwggd6MIIFYqADAgECAgphDpDS # AAAAAAADMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMK # V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0 # IENvcnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0 # ZSBBdXRob3JpdHkgMjAxMTAeFw0xMTA3MDgyMDU5MDlaFw0yNjA3MDgyMTA5MDla # MH4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS # ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMT # H01pY3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTEwggIiMA0GCSqGSIb3DQEB # AQUAA4ICDwAwggIKAoICAQCr8PpyEBwurdhuqoIQTTS68rZYIZ9CGypr6VpQqrgG # OBoESbp/wwwe3TdrxhLYC/A4wpkGsMg51QEUMULTiQ15ZId+lGAkbK+eSZzpaF7S # 35tTsgosw6/ZqSuuegmv15ZZymAaBelmdugyUiYSL+erCFDPs0S3XdjELgN1q2jz # y23zOlyhFvRGuuA4ZKxuZDV4pqBjDy3TQJP4494HDdVceaVJKecNvqATd76UPe/7 # 4ytaEB9NViiienLgEjq3SV7Y7e1DkYPZe7J7hhvZPrGMXeiJT4Qa8qEvWeSQOy2u # M1jFtz7+MtOzAz2xsq+SOH7SnYAs9U5WkSE1JcM5bmR/U7qcD60ZI4TL9LoDho33 # X/DQUr+MlIe8wCF0JV8YKLbMJyg4JZg5SjbPfLGSrhwjp6lm7GEfauEoSZ1fiOIl # XdMhSz5SxLVXPyQD8NF6Wy/VI+NwXQ9RRnez+ADhvKwCgl/bwBWzvRvUVUvnOaEP # 6SNJvBi4RHxF5MHDcnrgcuck379GmcXvwhxX24ON7E1JMKerjt/sW5+v/N2wZuLB # l4F77dbtS+dJKacTKKanfWeA5opieF+yL4TXV5xcv3coKPHtbcMojyyPQDdPweGF # RInECUzF1KVDL3SV9274eCBYLBNdYJWaPk8zhNqwiBfenk70lrC8RqBsmNLg1oiM # CwIDAQABo4IB7TCCAekwEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFEhuZOVQ # BdOCqhc3NyK1bajKdQKVMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1Ud # DwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFHItOgIxkEO5FAVO # 4eqnxzHRI4k0MFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwubWljcm9zb2Z0 # LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY1Jvb0NlckF1dDIwMTFfMjAxMV8wM18y # Mi5jcmwwXgYIKwYBBQUHAQEEUjBQME4GCCsGAQUFBzAChkJodHRwOi8vd3d3Lm1p # Y3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dDIwMTFfMjAxMV8wM18y # Mi5jcnQwgZ8GA1UdIASBlzCBlDCBkQYJKwYBBAGCNy4DMIGDMD8GCCsGAQUFBwIB # FjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2RvY3MvcHJpbWFyeWNw # cy5odG0wQAYIKwYBBQUHAgIwNB4yIB0ATABlAGcAYQBsAF8AcABvAGwAaQBjAHkA # XwBzAHQAYQB0AGUAbQBlAG4AdAAuIB0wDQYJKoZIhvcNAQELBQADggIBAGfyhqWY # 4FR5Gi7T2HRnIpsLlhHhY5KZQpZ90nkMkMFlXy4sPvjDctFtg/6+P+gKyju/R6mj # 82nbY78iNaWXXWWEkH2LRlBV2AySfNIaSxzzPEKLUtCw/WvjPgcuKZvmPRul1LUd # d5Q54ulkyUQ9eHoj8xN9ppB0g430yyYCRirCihC7pKkFDJvtaPpoLpWgKj8qa1hJ # Yx8JaW5amJbkg/TAj/NGK978O9C9Ne9uJa7lryft0N3zDq+ZKJeYTQ49C/IIidYf # wzIY4vDFLc5bnrRJOQrGCsLGra7lstnbFYhRRVg4MnEnGn+x9Cf43iw6IGmYslmJ # aG5vp7d0w0AFBqYBKig+gj8TTWYLwLNN9eGPfxxvFX1Fp3blQCplo8NdUmKGwx1j # NpeG39rz+PIWoZon4c2ll9DuXWNB41sHnIc+BncG0QaxdR8UvmFhtfDcxhsEvt9B # xw4o7t5lL+yX9qFcltgA1qFGvVnzl6UJS0gQmYAf0AApxbGbpT9Fdx41xtKiop96 # eiL6SJUfq/tHI4D1nvi/a7dLl+LrdXga7Oo3mXkYS//WsyNodeav+vyL6wuA6mk7 # r/ww7QRMjt/fdW1jkT3RnVZOT7+AVyKheBEyIXrvQQqxP/uozKRdwaGIm1dxVk5I # RcBCyZt2WwqASGv9eZ/BvW1taslScxMNelDNMYIVizCCFYcCAQEwgZUwfjELMAkG # A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx # HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9z # b2Z0IENvZGUgU2lnbmluZyBQQ0EgMjAxMQITMwAAAVGejY9AcaMOQQAAAAABUTAN # BglghkgBZQMEAgEFAKCB3jAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgor # BgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQxIgQgYseyI1yj # BerDQ8JSzbivcCwU/cRSV1/8dmfUKrexDMswcgYKKwYBBAGCNwIBDDFkMGKgQoBA # AEcAdQBhAHIAZABlAGQAIABGAGEAYgByAGkAYwAgAFQAbwBvAGwAcwAgAHYAZQBy # AHMAaQBvAG4AIAAxADEAMaEcgBpodHRwczovL3d3dy5taWNyb3NvZnQuY29tLzAN # BgkqhkiG9w0BAQEFAASCAQAbHOFTaAUwZm5GsgLaTmzSA/AaG1p3ZXuMJUBX5zoj # XxOBtzNoQIsBLW8hyq258awiF/hnGtHGh8cCrNK/HJFo7xN7xXazvisuoqgrZOnc # YGcT1qW5vqsQmxI8xzLl/hzk0IdDmK22xzvhmJJB0yNyG7RhKJqsVCgk6uU8IFMy # klHFV5vGQDbp2lEsUOTrHMxwyoz/Hc+KuhkbA6/iH/ijE88McW+Hc59st9nVg9b2 # 7xoPRmnuLuSckOd6Sp8PY0E1YdZTbWkWPggJKRecmpQO1pT8o7PU83IbkDVK41uK # Xuu7t5AVSvgK+Hc7Pn00C5ueM+Hw4gSkbV1wXYW0Qi8VoYIS5TCCEuEGCisGAQQB # gjcDAwExghLRMIISzQYJKoZIhvcNAQcCoIISvjCCEroCAQMxDzANBglghkgBZQME # AgEFADCCAVEGCyqGSIb3DQEJEAEEoIIBQASCATwwggE4AgEBBgorBgEEAYRZCgMB # MDEwDQYJYIZIAWUDBAIBBQAEIFoM5jFkNJ8c/bxNhvOnpYssIK73uLlT9ih8+ruQ # rhRfAgZdb8hBMtcYEzIwMTkwOTIwMjMyODQ1LjQ4N1owBIACAfSggdCkgc0wgcox # CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJXQTEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQg # SXJlbGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJjAkBgNVBAsTHVRoYWxlcyBUU1Mg # RVNOOkUwNDEtNEJFRS1GQTdFMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFt # cCBzZXJ2aWNloIIOPDCCBPEwggPZoAMCAQICEzMAAADWnmWBjg0YozsAAAAAANYw # DQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0 # b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3Jh # dGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwHhcN # MTgwODIzMjAyNjQ5WhcNMTkxMTIzMjAyNjQ5WjCByjELMAkGA1UEBhMCVVMxCzAJ # BgNVBAgTAldBMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQg # Q29ycG9yYXRpb24xLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJhdGlv # bnMgTGltaXRlZDEmMCQGA1UECxMdVGhhbGVzIFRTUyBFU046RTA0MS00QkVFLUZB # N0UxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIHNlcnZpY2UwggEiMA0G # CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVz8BehZsCB+9oaa8v+wngEIhQqe02 # mIA57mmFSeE0+4I8xANhOj4MBzV9y0lpOp2zgQEeeIFP3lGbp9rV6OzcCw+TvFRs # GSPGYLU8AzuDdQRo8sNbwJl+a/HwDRS+Q5QG5aSq+qMWtVrBRf+EZuYlILaWOOym # uLMmaBJ+NadMeR0CP7KGJV5hwB6E04yynVHpy2mFEPAT4p+P2wBqsDePEdU6Mbtb # FC8gFcOBhJ7NBQS1fzRT8ecxMuL60PdbQIC99fvaM5+lCn19SDwmHxaIbOWXTaw2 # GJyYzeBXgriQ8JpM1WNnKHyRzKLvrk593cgklSDc0PGg8gYAONY6NNuJAgMBAAGj # ggEbMIIBFzAdBgNVHQ4EFgQUZ1Qwk+BJMRp+9k4XHKcRODePiPgwHwYDVR0jBBgw # FoAU1WM6XIoxkPNDe3xGG8UzaFqFbVUwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDov # L2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljVGltU3RhUENB # XzIwMTAtMDctMDEuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0 # cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNUaW1TdGFQQ0FfMjAx # MC0wNy0wMS5jcnQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDCDAN # BgkqhkiG9w0BAQsFAAOCAQEAT9KFgImb5aXD4JG1xS3+Zrf6ufSuWIQ9cbZwHDd9 # oxmNolN+zdL1Y/DyNWxiCBUG717EYmKBaKZbFj/0NH6nbW0H5fAbyJNB+LAAJYqI # saMO7gN/CFfni//IIBVOwCL5vEWiVuK9HTrt/PQ0fC5kC5up23hrcrb4CGfxywAm # YXOQX5zy0tOAoW6K3TOmcEghlzn3U06grq9hKf4F7Su2AmGN4V6JkHaGkegK8O3r # Z7JcsmzokiV4o1cRwaE2OkyVPpsbn6vZVe/HQSxxNNoBVjCgTovzdUCA0BoSH+T7 # XO6bwhtU3J6zkjf+3hY9RYXHxHoyN+L7a5Yp0IZAj7wmvzCCBnEwggRZoAMCAQIC # CmEJgSoAAAAAAAIwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRp # ZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTEwMDcwMTIxMzY1NVoXDTI1MDcwMTIx # NDY1NVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV # BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQG # A1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwggEiMA0GCSqGSIb3 # DQEBAQUAA4IBDwAwggEKAoIBAQCpHQ28dxGKOiDs/BOX9fp/aZRrdFQQ1aUKAIKF # ++18aEssX8XD5WHCdrc+Zitb8BVTJwQxH0EbGpUdzgkTjnxhMFmxMEQP8WCIhFRD # DNdNuDgIs0Ldk6zWczBXJoKjRQ3Q6vVHgc2/JGAyWGBG8lhHhjKEHnRhZ5FfgVSx # z5NMksHEpl3RYRNuKMYa+YaAu99h/EbBJx0kZxJyGiGKr0tkiVBisV39dx898Fd1 # rL2KQk1AUdEPnAY+Z3/1ZsADlkR+79BL/W7lmsqxqPJ6Kgox8NpOBpG2iAg16Hgc # sOmZzTznL0S6p/TcZL2kAcEgCZN4zfy8wMlEXV4WnAEFTyJNAgMBAAGjggHmMIIB # 4jAQBgkrBgEEAYI3FQEEAwIBADAdBgNVHQ4EFgQU1WM6XIoxkPNDe3xGG8UzaFqF # bVUwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud # EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU1fZWy4/oolxiaNE9lJBb186aGMQwVgYD # VR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwv # cHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3JsMFoGCCsGAQUFBwEB # BE4wTDBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9j # ZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcnQwgaAGA1UdIAEB/wSBlTCB # kjCBjwYJKwYBBAGCNy4DMIGBMD0GCCsGAQUFBwIBFjFodHRwOi8vd3d3Lm1pY3Jv # c29mdC5jb20vUEtJL2RvY3MvQ1BTL2RlZmF1bHQuaHRtMEAGCCsGAQUFBwICMDQe # MiAdAEwAZQBnAGEAbABfAFAAbwBsAGkAYwB5AF8AUwB0AGEAdABlAG0AZQBuAHQA # LiAdMA0GCSqGSIb3DQEBCwUAA4ICAQAH5ohRDeLG4Jg/gXEDPZ2joSFvs+umzPUx # vs8F4qn++ldtGTCzwsVmyWrf9efweL3HqJ4l4/m87WtUVwgrUYJEEvu5U4zM9GAS # inbMQEBBm9xcF/9c+V4XNZgkVkt070IQyK+/f8Z/8jd9Wj8c8pl5SpFSAK84Dxf1 # L3mBZdmptWvkx872ynoAb0swRCQiPM/tA6WWj1kpvLb9BOFwnzJKJ/1Vry/+tuWO # M7tiX5rbV0Dp8c6ZZpCM/2pif93FSguRJuI57BlKcWOdeyFtw5yjojz6f32WapB4 # pm3S4Zz5Hfw42JT0xqUKloakvZ4argRCg7i1gJsiOCC1JeVk7Pf0v35jWSUPei45 # V3aicaoGig+JFrphpxHLmtgOR5qAxdDNp9DvfYPw4TtxCd9ddJgiCGHasFAeb73x # 4QDf5zEHpJM692VHeOj4qEir995yfmFrb3epgcunCaw5u+zGy9iCtHLNHfS4hQEe # gPsbiSpUObJb2sgNVZl6h3M7COaYLeqN4DMuEin1wC9UJyH3yKxO2ii4sanblrKn # QqLJzxlBTeCG+SqaoxFmMNO7dDJL32N79ZmKLxvHIa9Zta7cRDyXUHHXodLFVeNp # 3lfB0d4wwP3M5k37Db9dT+mdHhk4L7zPWAUu7w2gUDXa7wknHNWzfjUeCLraNtvT # X4/edIhJEqGCAs4wggI3AgEBMIH4oYHQpIHNMIHKMQswCQYDVQQGEwJVUzELMAkG # A1UECBMCV0ExEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBD # b3Jwb3JhdGlvbjEtMCsGA1UECxMkTWljcm9zb2Z0IElyZWxhbmQgT3BlcmF0aW9u # cyBMaW1pdGVkMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjpFMDQxLTRCRUUtRkE3 # RTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgc2VydmljZaIjCgEBMAcG # BSsOAwIaAxUAD1RfSr8v62EwlfSujM+3vZAgFdGggYMwgYCkfjB8MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQg # VGltZS1TdGFtcCBQQ0EgMjAxMDANBgkqhkiG9w0BAQUFAAIFAOEvXnEwIhgPMjAx # OTA5MjAyMjE5MjlaGA8yMDE5MDkyMTIyMTkyOVowdzA9BgorBgEEAYRZCgQBMS8w # LTAKAgUA4S9ecQIBADAKAgEAAgIOOQIB/zAHAgEAAgIRkTAKAgUA4TCv8QIBADA2 # BgorBgEEAYRZCgQCMSgwJjAMBgorBgEEAYRZCgMCoAowCAIBAAIDB6EgoQowCAIB # AAIDAYagMA0GCSqGSIb3DQEBBQUAA4GBAB0zJBZ9xECOEjFPFPy52omKzZPUZp0V # EgDOBqC+5QW5BsdCJN4aT3jjkwqFTCNwaRzgiOxETBPQti6hQnyieCeINPawoXgA # JXt7ljgP6iAx3hHLWKGlv/25/Hrv/mUs9msmMpw9TPcWJGSSjfoactMrCqwxUNjY # OsoheAuV6CghMYIDDTCCAwkCAQEwgZMwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgT # Cldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29m # dCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENB # IDIwMTACEzMAAADWnmWBjg0YozsAAAAAANYwDQYJYIZIAWUDBAIBBQCgggFKMBoG # CSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0BCQQxIgQgCrHccAGv # /yQcGrDKmV4q09Y35Xa4GRUNeFkSjUIe/1gwgfoGCyqGSIb3DQEJEAIvMYHqMIHn # MIHkMIG9BCAMpxcbLzk+qbGa3mRFNyw6oaNx47F25Vv+0ZgnLpRIzjCBmDCBgKR+ # MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS # ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMT # HU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAA1p5lgY4NGKM7AAAA # AADWMCIEIGVSBCZLkdpRzaB+pbu29xpqOSFu0n94CBvhi2r8qXqhMA0GCSqGSIb3 # DQEBCwUABIIBAL+NRFd8TBanH+aFJE7IYaYoeSX6yyB2j/XbnrwT1l/sVq83Mlzb # ksV+uysfcrZJz1Lo9hU+sZPydNmzuBRGzhHJEcNyxnF5UsapHQbqGuqAOqd0L0dv # RVNHeJVI6wcikRXBj9am2OPxf0RPlWjFNZSk4vhnq6fep0yYdsE/ts3FU799mwUn # bdc7p4sYM78qIDD9eRpqw9qkuf8DomWKfedbSGw9BPLVEPzFd8YM+dgbj90cq5DX # ypOkYp+BaAQayhV21JjCK8c0DIRnwO+5k8Ow1aZWTq7rr39h60aSeLKHGwbiR0Pe # LRPcSZgJcA7GqmXMwsCmH4nOpj67k1ZTRdM= # SIG # End signature block |