Modules/Providers/ProviderHelpers/AADConditionalAccessHelper.psm1
class CapHelper { <# .description Class for parsing conditional access policies (Caps) to generate a pre-processed version that can be used to generate the HTML table of the condiational access policies in the report. #> <# The following hashtables are used to map the codes used in the API output to human-friendly strings #> [System.Collections.Hashtable] $ExternalUserStrings = @{"b2bCollaborationGuest" = "B2B collaboration guest users"; "b2bCollaborationMember" = "B2B collaboration member users"; "b2bDirectConnectUser" = "B2B direct connect users"; "internalGuest" = "Local guest users"; "serviceProvider" = "Service provider users"; "otherExternalUser" = "Other external users"} [System.Collections.Hashtable] $StateStrings = @{"enabled" = "On"; "enabledForReportingButNotEnforced" = "Report-only"; "disabled" = "Off"} [System.Collections.Hashtable] $ActionStrings = @{"urn:user:registersecurityinfo" = "Register security info"; "urn:user:registerdevice" = "Register or join devices"} [System.Collections.Hashtable] $ClientAppStrings = @{"exchangeActiveSync" = "Exchange ActiveSync Clients"; "browser" = "Browser"; "mobileAppsAndDesktopClients" = "Mobile apps and desktop clients"; "other" = "Other clients"; "all" = "all"} [System.Collections.Hashtable] $GrantControlStrings = @{"mfa" = "multifactor authentication"; "compliantDevice" = "device to be marked compliant"; "domainJoinedDevice" = "Hybrid Azure AD joined device"; "approvedApplication" = "approved client app"; "compliantApplication" = "app protection policy"; "passwordChange" = "password change"} [System.Collections.Hashtable] $CondAccessAppControlStrings = @{"monitorOnly" = "Monitor only"; "blockDownloads" = "Block downloads"; "mcasConfigured" = "Use custom policy"} [string[]] GetMissingKeys([System.Object]$Obj, [string[]] $Keys) { <# .Description Returns a list of the keys in $Keys are not members of $Obj. Used to validate the structure of the conditonal access policies. .Functionality Internal #> $Missing = @() if ($null -eq $Obj) { # Note that $null needs to come first in the above check to keep the # linter happy. "$null should be on the left side of equality comparisons" return $Missing } foreach ($Key in $Keys) { $HasKey = [bool]($Obj.PSobject.Properties.name -match $Key) if (-not $HasKey) { $Missing += $Key } } return $Missing } [string[]] GetIncludedUsers([System.Object]$Cap) { <# .Description Parses a given conditional access policy (Cap) to generate the list of included users/roles used in the policy. .Functionality Internal #> # Perform some basic validation of the CAP. If some of these values # are missing it could indicate that the API has been restructured. $Missing = @() $Missing += $this.GetMissingKeys($Cap, @("Conditions")) $Missing += $this.GetMissingKeys($Cap.Conditions, @("Users")) $Missing += $this.GetMissingKeys($Cap.Conditions.Users, @("IncludeGroups", "IncludeGuestsOrExternalUsers", "IncludeRoles", "IncludeUsers")) if ($Missing.Length -gt 0) { Write-Warning "Conditional access policy structure not as expected. The following keys are missing: $($Missing -Join ', ')" return @() } # Begin processing the CAP $Output = @() $CapIncludedUsers = $Cap.Conditions.Users.IncludeUsers if ($CapIncludedUsers -Contains "All") { $Output += "All" } elseif ($CapIncludedUsers -Contains "None") { $Output += "None" } else { # Users if ($CapIncludedUsers.Length -eq 1) { $Output += "1 specific user" } elseif ($CapIncludedUsers.Length -gt 1) { $Output += "$($CapIncludedUsers.Length) specific users" } # Roles $CapIncludedRoles = $Cap.Conditions.Users.IncludeRoles if ($Cap.Conditions.Users.IncludeRoles.Length -eq 1) { $Output += "1 specific role" } elseif ($CapIncludedRoles.Length -gt 1) { $Output += "$($CapIncludedRoles.Length) specific roles" } # Groups $CapIncludedGroups = $Cap.Conditions.Users.IncludeGroups if ($CapIncludedGroups.Length -eq 1) { $Output += "1 specific group" } elseif ($CapIncludedGroups.Length -gt 1) { $Output += "$($CapIncludedGroups.Length) specific groups" } # External/guests if ($null -ne $Cap.Conditions.Users.IncludeGuestsOrExternalUsers.ExternalTenants.MembershipKind) { $GuestOrExternalUserTypes = $Cap.Conditions.Users.IncludeGuestsOrExternalUsers.GuestOrExternalUserTypes -Split "," $Output += @($GuestOrExternalUserTypes | ForEach-Object {$this.ExternalUserStrings[$_]}) } } return $Output } [string[]] GetExcludedUsers([System.Object]$Cap) { <# .Description Parses a given conditional access policy (Cap) to generate the list of excluded users/roles used in the policy. .Functionality Internal #> # Perform some basic validation of the CAP. If some of these values # are missing it could indicate that the API has been restructured. $Missing = @() $Missing += $this.GetMissingKeys($Cap, @("Conditions")) $Missing += $this.GetMissingKeys($Cap.Conditions, @("Users")) $Missing += $this.GetMissingKeys($Cap.Conditions.Users, @("ExcludeGroups", "ExcludeGuestsOrExternalUsers", "ExcludeRoles", "ExcludeUsers")) if ($Missing.Length -gt 0) { Write-Warning "Conditional access policy structure not as expected. The following keys are missing: $($Missing -Join ', ')" return @() } # Begin processing the CAP $Output = @() # Users $CapExcludedUsers = $Cap.Conditions.Users.ExcludeUsers if ($CapExcludedUsers.Length -eq 1) { $Output += "1 specific user" } elseif ($CapExcludedUsers.Length -gt 1) { $Output += "$($CapExcludedUsers.Length) specific users" } # Roles $CapExcludedRoles = $Cap.Conditions.Users.ExcludeRoles if ($CapExcludedRoles.Length -eq 1) { $Output += "1 specific role" } elseif ($CapExcludedRoles.Length -gt 1) { $Output += "$($CapExcludedRoles.Length) specific roles" } # Groups $CapExcludedGroups = $Cap.Conditions.Users.ExcludeGroups if ($CapExcludedGroups.Length -eq 1) { $Output += "1 specific group" } elseif ($CapExcludedGroups.Length -gt 1) { $Output += "$($CapExcludedGroups.Length) specific groups" } # External/guests if ($null -ne $Cap.Conditions.Users.ExcludeGuestsOrExternalUsers.ExternalTenants.MembershipKind) { $GuestOrExternalUserTypes = $Cap.Conditions.Users.ExcludeGuestsOrExternalUsers.GuestOrExternalUserTypes -Split "," $Output += @($GuestOrExternalUserTypes | ForEach-Object {$this.ExternalUserStrings[$_]}) } # If no users are excluded, rather than display an empty cell, display "None" if ($Output.Length -eq 0) { $Output += "None" } return $Output } [string[]] GetApplications([System.Object]$Cap) { <# .Description Parses a given conditional access policy (Cap) to generate the list of included/excluded applications/actions used in the policy. .Functionality Internal #> # Perform some basic validation of the CAP. If some of these values # are missing it could indicate that the API has been restructured. $Missing = @() $Missing += $this.GetMissingKeys($Cap, @("Conditions")) $Missing += $this.GetMissingKeys($Cap.Conditions, @("Applications")) $Missing += $this.GetMissingKeys($Cap.Conditions.Applications, @("ApplicationFilter", "ExcludeApplications", "IncludeApplications", "IncludeAuthenticationContextClassReferences", "IncludeUserActions")) if ($Missing.Length -gt 0) { Write-Warning "Conditional access policy structure not as expected. The following keys are missing: $($Missing -Join ', ')" return @() } # Begin processing the CAP $Output = @() $CapIncludedActions = $Cap.Conditions.Applications.IncludeUserActions $CapAppFilterMode = $Cap.Conditions.Applications.ApplicationFilter.Mode $CapIncludedApps = $Cap.Conditions.Applications.IncludeApplications if ($CapIncludedApps.Length -gt 0 -or $null -ne $CapAppFilterMode) { # For "Select what this policy applies to", "Cloud Apps" was selected $Output += "Policy applies to: apps" # Included apps: if ($CapIncludedApps -Contains "All") { $Output += "Apps included: All" } elseif ($CapIncludedApps -Contains "None") { $Output += "Apps included: None" } elseif ($CapIncludedApps.Length -eq 1) { $Output += "Apps included: 1 specific app" } elseif ($CapIncludedApps.Length -gt 1) { $Output += "Apps included: $($CapIncludedApps.Length) specific apps" } if ($CapAppFilterMode -eq "include") { $Output += "Apps included: custom application filter" } $CapExcludedApps = $Cap.Conditions.Applications.ExcludeApplications if ($CapExcludedApps.Length -eq 1) { $Output += "Apps excluded: 1 specific app" } elseif ($CapExcludedApps.Length -gt 1) { $Output += "Apps excluded: $($CapExcludedApps.Length) specific apps" } if ($CapAppFilterMode -eq "exclude") { $Output += "Apps excluded: custom application filter" } if ($CapAppFilterMode -ne "exclude" -and $CapExcludedApps.Length -eq 0) { $Output += "Apps excluded: None" } } elseif ($CapIncludedActions.Length -gt 0) { # For "Select what this policy applies to", "User actions" was selected $Output += "Policy applies to: actions" $Output += "User action: $($this.ActionStrings[$CapIncludedActions[0]])" # While "IncludeUserActions" is a list, the GUI doesn't actually let you select more than one # item at a time, hence "IncludeUserActions[0]" above } else { # For "Select what this policy applies to", "Authentication context" was selected $AuthContexts = $Cap.Conditions.Applications.IncludeAuthenticationContextClassReferences if ($AuthContexts.Length -eq 1) { $Output += "Policy applies to: 1 authentication context" } else { $Output += "Policy applies to: $($AuthContexts.Length) authentication contexts" } } return $Output } [string[]] GetConditions([System.Object]$Cap) { <# .Description Parses a given conditional access policy (Cap) to generate the list of conditions used in the policy. .Functionality Internal #> # Perform some basic validation of the CAP. If some of these values # are missing it could indicate that the API has been restructured. $Missing = @() $Missing += $this.GetMissingKeys($Cap, @("Conditions")) $Missing += $this.GetMissingKeys($Cap.Conditions, @("UserRiskLevels", "SignInRiskLevels", "Platforms", "Locations", "ClientAppTypes", "Devices")) $Missing += $this.GetMissingKeys($Cap.Conditions.Platforms, @("ExcludePlatforms", "IncludePlatforms")) $Missing += $this.GetMissingKeys($Cap.Conditions.Locations, @("ExcludeLocations", "IncludeLocations")) $Missing += $this.GetMissingKeys($Cap.Conditions.Devices, @("DeviceFilter")) if ($Missing.Length -gt 0) { Write-Warning "Conditional access policy structure not as expected. The following keys are missing: $($Missing -Join ', ')" return @() } # Begin processing the CAP $Output = @() # User risk $CapUserRiskLevels = $Cap.Conditions.UserRiskLevels if ($CapUserRiskLevels.Length -gt 0) { $Output += "User risk levels: $($CapUserRiskLevels -Join ', ')" } # Sign-in risk $CapSignInRiskLevels = $Cap.Conditions.SignInRiskLevels if ($CapSignInRiskLevels.Length -gt 0) { $Output += "Sign-in risk levels: $($CapSignInRiskLevels -Join ', ')" } # Device platforms $CapIncludedPlatforms = $Cap.Conditions.Platforms.IncludePlatforms if ($null -ne $CapIncludedPlatforms) { $Output += "Device platforms included: $($CapIncludedPlatforms -Join ', ')" $CapExcludedPlatforms = $Cap.Conditions.Platforms.ExcludePlatforms if ($CapExcludedPlatforms.Length -eq 0) { $Output += "Device platforms excluded: none" } else { $Output += "Device platforms excluded: $($CapExcludedPlatforms -Join ', ')" } } # Locations $CapIncludedLocations = $Cap.Conditions.Locations.IncludeLocations if ($null -ne $CapIncludedLocations) { if ($CapIncludedLocations -Contains "All") { $Output += "Locations included: all locations" } elseif ($CapIncludedLocations -Contains "AllTrusted") { $Output += "Locations included: all trusted locations" } elseif ($CapIncludedLocations.Length -eq 1) { $Output += "Locations included: 1 specific location" } else { $Output += "Locations included: $($CapIncludedLocations.Length) specific locations" } $CapExcludedLocations = $Cap.Conditions.Locations.ExcludeLocations if ($CapExcludedLocations -Contains "AllTrusted") { $Output += "Locations excluded: all trusted locations" } elseif ($CapExcludedLocations.Length -eq 0) { $Output += "Locations excluded: none" } elseif ($CapExcludedLocations.Length -eq 1) { $Output += "Locations excluded: 1 specific location" } else { $Output += "Locations excluded: $($CapExcludedLocations.Length) specific locations" } } # Client Apps $ClientApps += @($Cap.Conditions.ClientAppTypes | ForEach-Object {$this.ClientAppStrings[$_]}) $Output += "Client apps included: $($ClientApps -Join ', ')" # Filter for devices if ($null -ne $Cap.Conditions.Devices.DeviceFilter.Mode) { if ($Cap.Conditions.Devices.DeviceFilter.Mode -eq "include") { $Output += "Custom device filter in include mode active" } else { $Output += "Custom device filter in exclude mode active" } } return $Output } [string] GetAccessControls([System.Object]$Cap) { <# .Description Parses a given conditional access policy (Cap) to generate the list of access controls used in the policy. .Functionality Internal #> # Perform some basic validation of the CAP. If some of these values # are missing it could indicate that the API has been restructured. $Missing = @() $Missing += $this.GetMissingKeys($Cap, @("GrantControls")) $Missing += $this.GetMissingKeys($Cap.GrantControls, @("AuthenticationStrength", "BuiltInControls", "CustomAuthenticationFactors", "Operator", "TermsOfUse")) $Missing += $this.GetMissingKeys($Cap.GrantControls.AuthenticationStrength, @("DisplayName")) if ($Missing.Length -gt 0) { Write-Warning "Conditional access policy structure not as expected. The following keys are missing: $($Missing -Join ', ')" return @() } # Begin processing the CAP $Output = "" if ($null -ne $Cap.GrantControls.BuiltInControls) { if ($Cap.GrantControls.BuiltInControls -Contains "block") { $Output = "Block access" } else { $GrantControls = @($Cap.GrantControls.BuiltInControls | ForEach-Object {$this.GrantControlStrings[$_]}) if ($null -ne $Cap.GrantControls.AuthenticationStrength.DisplayName) { $GrantControls += "authentication strength ($($Cap.GrantControls.AuthenticationStrength.DisplayName))" } if ($Cap.GrantControls.TermsOfUse.Length -gt 0) { $GrantControls += "terms of use" } $Output = "Allow access but require $($GrantControls -Join ', ')" if ($GrantControls.Length -gt 1) { # If multiple access controls are in place, insert the AND or the OR # before the final access control $Output = $Output.Insert($Output.LastIndexOf(',')+1, " $($Cap.GrantControls.Operator)") } } } if ($Output -eq "") { $Output = "None" } return $Output } [string[]] GetSessionControls([System.Object]$Cap) { <# .Description Parses a given conditional access policy (Cap) to generate the list of session controls used in the policy. .Functionality Internal #> # Perform some basic validation of the CAP. If some of these values # are missing it could indicate that the API has been restructured. $Missing = @() $Missing += $this.GetMissingKeys($Cap, @("SessionControls")) $Missing += $this.GetMissingKeys($Cap.SessionControls, @("ApplicationEnforcedRestrictions", "CloudAppSecurity", "ContinuousAccessEvaluation", "DisableResilienceDefaults", "PersistentBrowser", "SignInFrequency")) $Missing += $this.GetMissingKeys($Cap.SessionControls.ApplicationEnforcedRestrictions, @("IsEnabled")) $Missing += $this.GetMissingKeys($Cap.SessionControls.CloudAppSecurity, @("CloudAppSecurityType", "IsEnabled")) $Missing += $this.GetMissingKeys($Cap.SessionControls.ContinuousAccessEvaluation, @("Mode")) $Missing += $this.GetMissingKeys($Cap.SessionControls.PersistentBrowser, @("IsEnabled", "Mode")) $Missing += $this.GetMissingKeys($Cap.SessionControls.SignInFrequency, @("IsEnabled", "FrequencyInterval", "Type", "Value")) if ($Missing.Length -gt 0) { Write-Warning "Conditional access policy structure not as expected. The following keys are missing: $($Missing -Join ', ')" return @() } # Begin processing the CAP $Output = @() if ($Cap.SessionControls.ApplicationEnforcedRestrictions.IsEnabled) { $Output += "Use app enforced restrictions" } if ($Cap.SessionControls.CloudAppSecurity.IsEnabled) { $Mode = $this.CondAccessAppControlStrings[$Cap.SessionControls.CloudAppSecurity.CloudAppSecurityType] $Output += "Use Conditional Access App Control ($($Mode))" } if ($Cap.SessionControls.SignInFrequency.IsEnabled) { if ($Cap.SessionControls.SignInFrequency.FrequencyInterval -eq "everyTime") { $Output += "Sign-in frequency (every time)" } else { $Value = $Cap.SessionControls.SignInFrequency.Value $Unit = $Cap.SessionControls.SignInFrequency.Type $Output += "Sign-in frequency (every $($Value) $($Unit))" } } if ($Cap.SessionControls.PersistentBrowser.IsEnabled) { $Mode = $Cap.SessionControls.PersistentBrowser.Mode $Output += "Persistent browser session ($($Mode) persistent)" } if ($Cap.SessionControls.ContinuousAccessEvaluation.Mode -eq "disabled") { $Output += "Customize continuous access evaluation" } if ($Cap.SessionControls.DisableResilienceDefaults) { $Output += "Disable resilience defaults" } if ($Output.Length -eq 0) { $Output += "None" } return $Output } [string] ExportCapPolicies([System.Object]$Caps) { <# .Description Parses the conditional access policies (Caps) to generate a pre-processed version that can be used to generate the HTML of the condiational access policies in the report. .Functionality Internal #> $Table = @() foreach ($Cap in $Caps) { $State = $this.StateStrings[$Cap.State] $UsersIncluded = $($this.GetIncludedUsers($Cap)) -Join ", " $UsersExcluded = $($this.GetExcludedUsers($Cap)) -Join ", " $Users = @("Users included: $($UsersIncluded)", "Users excluded: $($UsersExcluded)") $Apps = $this.GetApplications($Cap) $Conditions = $this.GetConditions($Cap) $AccessControls = $this.GetAccessControls($Cap) $SessionControls = $this.GetSessionControls($Cap) $CapDetails = [pscustomobject]@{ "Name" = $Cap.DisplayName; "State" = $State; "Users" = $Users "Apps/Actions" = $Apps; "Conditions" = $Conditions; "Block/Grant Access" = $AccessControls; "Session Controls" = $SessionControls; } $Table += $CapDetails } $CapTableJson = ConvertTo-Json $Table return $CapTableJson } } function Get-CapTracker { [CapHelper]::New() } # SIG # Begin signature block # MIIuuQYJKoZIhvcNAQcCoIIuqjCCLqYCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCxpri0kvAHU+vp # mZydMXROEijdGbuDwFxBVxXxPe2doaCCE6MwggWQMIIDeKADAgECAhAFmxtXno4h # MuI5B72nd3VcMA0GCSqGSIb3DQEBDAUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQK # EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNV # BAMTGERpZ2lDZXJ0IFRydXN0ZWQgUm9vdCBHNDAeFw0xMzA4MDExMjAwMDBaFw0z # ODAxMTUxMjAwMDBaMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ # bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0 # IFRydXN0ZWQgUm9vdCBHNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB # AL/mkHNo3rvkXUo8MCIwaTPswqclLskhPfKK2FnC4SmnPVirdprNrnsbhA3EMB/z # G6Q4FutWxpdtHauyefLKEdLkX9YFPFIPUh/GnhWlfr6fqVcWWVVyr2iTcMKyunWZ # anMylNEQRBAu34LzB4TmdDttceItDBvuINXJIB1jKS3O7F5OyJP4IWGbNOsFxl7s # Wxq868nPzaw0QF+xembud8hIqGZXV59UWI4MK7dPpzDZVu7Ke13jrclPXuU15zHL # 2pNe3I6PgNq2kZhAkHnDeMe2scS1ahg4AxCN2NQ3pC4FfYj1gj4QkXCrVYJBMtfb # BHMqbpEBfCFM1LyuGwN1XXhm2ToxRJozQL8I11pJpMLmqaBn3aQnvKFPObURWBf3 # JFxGj2T3wWmIdph2PVldQnaHiZdpekjw4KISG2aadMreSx7nDmOu5tTvkpI6nj3c # AORFJYm2mkQZK37AlLTSYW3rM9nF30sEAMx9HJXDj/chsrIRt7t/8tWMcCxBYKqx # YxhElRp2Yn72gLD76GSmM9GJB+G9t+ZDpBi4pncB4Q+UDCEdslQpJYls5Q5SUUd0 # viastkF13nqsX40/ybzTQRESW+UQUOsxxcpyFiIJ33xMdT9j7CFfxCBRa2+xq4aL # T8LWRV+dIPyhHsXAj6KxfgommfXkaS+YHS312amyHeUbAgMBAAGjQjBAMA8GA1Ud # EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTs1+OC0nFdZEzf # Lmc/57qYrhwPTzANBgkqhkiG9w0BAQwFAAOCAgEAu2HZfalsvhfEkRvDoaIAjeNk # aA9Wz3eucPn9mkqZucl4XAwMX+TmFClWCzZJXURj4K2clhhmGyMNPXnpbWvWVPjS # PMFDQK4dUPVS/JA7u5iZaWvHwaeoaKQn3J35J64whbn2Z006Po9ZOSJTROvIXQPK # 7VB6fWIhCoDIc2bRoAVgX+iltKevqPdtNZx8WorWojiZ83iL9E3SIAveBO6Mm0eB # cg3AFDLvMFkuruBx8lbkapdvklBtlo1oepqyNhR6BvIkuQkRUNcIsbiJeoQjYUIp # 5aPNoiBB19GcZNnqJqGLFNdMGbJQQXE9P01wI4YMStyB0swylIQNCAmXHE/A7msg # dDDS4Dk0EIUhFQEI6FUy3nFJ2SgXUE3mvk3RdazQyvtBuEOlqtPDBURPLDab4vri # RbgjU2wGb2dVf0a1TD9uKFp5JtKkqGKX0h7i7UqLvBv9R0oN32dmfrJbQdA75PQ7 # 9ARj6e/CVABRoIoqyc54zNXqhwQYs86vSYiv85KZtrPmYQ/ShQDnUBrkG5WdGaG5 # nLGbsQAe79APT0JsyQq87kP6OnGlyE0mpTX9iV28hWIdMtKgK1TtmlfB2/oQzxm3 # i0objwG2J5VT6LaJbVu8aNQj6ItRolb58KaAoNYes7wPD1N1KarqE3fk3oyBIa0H # EEcRrYc9B9F1vM/zZn4wggawMIIEmKADAgECAhAIrUCyYNKcTJ9ezam9k67ZMA0G # CSqGSIb3DQEBDAUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ # bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0 # IFRydXN0ZWQgUm9vdCBHNDAeFw0yMTA0MjkwMDAwMDBaFw0zNjA0MjgyMzU5NTla # MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UE # AxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEz # ODQgMjAyMSBDQTEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDVtC9C # 0CiteLdd1TlZG7GIQvUzjOs9gZdwxbvEhSYwn6SOaNhc9es0JAfhS0/TeEP0F9ce # 2vnS1WcaUk8OoVf8iJnBkcyBAz5NcCRks43iCH00fUyAVxJrQ5qZ8sU7H/Lvy0da # E6ZMswEgJfMQ04uy+wjwiuCdCcBlp/qYgEk1hz1RGeiQIXhFLqGfLOEYwhrMxe6T # SXBCMo/7xuoc82VokaJNTIIRSFJo3hC9FFdd6BgTZcV/sk+FLEikVoQ11vkunKoA # FdE3/hoGlMJ8yOobMubKwvSnowMOdKWvObarYBLj6Na59zHh3K3kGKDYwSNHR7Oh # D26jq22YBoMbt2pnLdK9RBqSEIGPsDsJ18ebMlrC/2pgVItJwZPt4bRc4G/rJvmM # 1bL5OBDm6s6R9b7T+2+TYTRcvJNFKIM2KmYoX7BzzosmJQayg9Rc9hUZTO1i4F4z # 8ujo7AqnsAMrkbI2eb73rQgedaZlzLvjSFDzd5Ea/ttQokbIYViY9XwCFjyDKK05 # huzUtw1T0PhH5nUwjewwk3YUpltLXXRhTT8SkXbev1jLchApQfDVxW0mdmgRQRNY # mtwmKwH0iU1Z23jPgUo+QEdfyYFQc4UQIyFZYIpkVMHMIRroOBl8ZhzNeDhFMJlP # /2NPTLuqDQhTQXxYPUez+rbsjDIJAsxsPAxWEQIDAQABo4IBWTCCAVUwEgYDVR0T # AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUaDfg67Y7+F8Rhvv+YXsIiGX0TkIwHwYD # VR0jBBgwFoAU7NfjgtJxXWRM3y5nP+e6mK4cD08wDgYDVR0PAQH/BAQDAgGGMBMG # A1UdJQQMMAoGCCsGAQUFBwMDMHcGCCsGAQUFBwEBBGswaTAkBggrBgEFBQcwAYYY # aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRwOi8vY2Fj # ZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNydDBDBgNV # HR8EPDA6MDigNqA0hjJodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRU # cnVzdGVkUm9vdEc0LmNybDAcBgNVHSAEFTATMAcGBWeBDAEDMAgGBmeBDAEEATAN # BgkqhkiG9w0BAQwFAAOCAgEAOiNEPY0Idu6PvDqZ01bgAhql+Eg08yy25nRm95Ry # sQDKr2wwJxMSnpBEn0v9nqN8JtU3vDpdSG2V1T9J9Ce7FoFFUP2cvbaF4HZ+N3HL # IvdaqpDP9ZNq4+sg0dVQeYiaiorBtr2hSBh+3NiAGhEZGM1hmYFW9snjdufE5Btf # Q/g+lP92OT2e1JnPSt0o618moZVYSNUa/tcnP/2Q0XaG3RywYFzzDaju4ImhvTnh # OE7abrs2nfvlIVNaw8rpavGiPttDuDPITzgUkpn13c5UbdldAhQfQDN8A+KVssIh # dXNSy0bYxDQcoqVLjc1vdjcshT8azibpGL6QB7BDf5WIIIJw8MzK7/0pNVwfiThV # 9zeKiwmhywvpMRr/LhlcOXHhvpynCgbWJme3kuZOX956rEnPLqR0kq3bPKSchh/j # wVYbKyP/j7XqiHtwa+aguv06P0WmxOgWkVKLQcBIhEuWTatEQOON8BUozu3xGFYH # Ki8QxAwIZDwzj64ojDzLj4gLDb879M4ee47vtevLt/B3E+bnKD+sEq6lLyJsQfmC # XBVmzGwOysWGw/YmMwwHS6DTBwJqakAwSEs0qFEgu60bhQjiWQ1tygVQK+pKHJ6l # /aCnHwZ05/LWUpD9r4VIIflXO7ScA+2GRfS0YW6/aOImYIbqyK+p/pQd52MbOoZW # eE4wggdXMIIFP6ADAgECAhANkQ8dPvvR0q3Ytt4H0T3aMA0GCSqGSIb3DQEBCwUA # MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UE # AxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEz # ODQgMjAyMSBDQTEwHhcNMjQwMTMwMDAwMDAwWhcNMjUwMTI5MjM1OTU5WjBfMQsw # CQYDVQQGEwJVUzEdMBsGA1UECBMURGlzdHJpY3Qgb2YgQ29sdW1iaWExEzARBgNV # BAcTCldhc2hpbmd0b24xDTALBgNVBAoTBENJU0ExDTALBgNVBAMTBENJU0EwggIi # MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCT1y7uJCQax8JfiDEYgpiU9URj # EXCTRqtZbDALM9rPUudiuM3mj6A1SUSAAWYv6DTsvGPvxyMI2Idg0mQunl4Ms9DJ # yVwe5k4+Anj/73Nx1AbOPYP8xRZcD10FkctKGhV0PzvrDcwU15hsQWtiepFgg+bX # fHkGMeu426oc69f43vKE43DiqKTf0/UBX/qgpj3JZvJ3zc1kilBOv4sBCksfCjbW # tLZD0tqAgBsNPo3Oy5mQG31E1eZdTNvrdTnEXacSwb3k615z7mHy7nqBUkOruZ9E # tnvC2qla+uL3ks91O/e/LnKzH9Lj1JmEBf6jwPN/MYR9Dymni4Mi3AQ8mpQMyFmi # XcSHymibSNbtTMavpdBWjFfrcvPETX7krROUOoLzMQmNgHArceSh55tgvDRdSU5c # WK3BTvK3l3mgCdgjre7XGYxV3W8apyxk5+RKfHdbv9cpRwpSuDnI8sHeqmB3fnfo # Cr1PPu4WhKegt20CobhDVybiBdhDVqUdR53ful4N/coQOEHDrIExB5nJf9Pvdrza # DyIGKAMIXD79ba5/rQEo+2cA66oJkPlvB5hEGI/jtDcYwDBgalbwB7Kc8zAAhl6+ # JvHfYpXOkppSfEQbaRXZI+LGXWQAFa5pJDfDEAyZSXprStgw594sWUOysp+UOxFe # kSA4mBr0o1jVpdaulwIDAQABo4ICAzCCAf8wHwYDVR0jBBgwFoAUaDfg67Y7+F8R # hvv+YXsIiGX0TkIwHQYDVR0OBBYEFAmyTB5bcWyA+8+rq540jPRLJ1nYMD4GA1Ud # IAQ3MDUwMwYGZ4EMAQQBMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNl # cnQuY29tL0NQUzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMw # gbUGA1UdHwSBrTCBqjBToFGgT4ZNaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp # Z2lDZXJ0VHJ1c3RlZEc0Q29kZVNpZ25pbmdSU0E0MDk2U0hBMzg0MjAyMUNBMS5j # cmwwU6BRoE+GTWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0 # ZWRHNENvZGVTaWduaW5nUlNBNDA5NlNIQTM4NDIwMjFDQTEuY3JsMIGUBggrBgEF # BQcBAQSBhzCBhDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29t # MFwGCCsGAQUFBzAChlBodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNl # cnRUcnVzdGVkRzRDb2RlU2lnbmluZ1JTQTQwOTZTSEEzODQyMDIxQ0ExLmNydDAJ # BgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4ICAQAh2Jnt9IPoBvOQlYQUlCP9iJ5y # XAvEWe1camOwedqMZsHEPpT2yd6+fMzPZmV3/bYJgaN2OrDS1snf62S7yc+AulVw # PAXSp1lSAiFEbZ6PFEdEBIag9B65Mp/cvRtJsIWQIc//jWqFMHpkU6r3MW9YARRu # vaIf5/0qlM4VEwn3lTf+jJdxhhyoOFTWWd3BrlMPcT06z6F6hFfyycQkZ3Y9wEJ3 # uOU9bCNLZL1HCjlKT+oI0WsgeRdbe2sYrnvv9NmDY9oEi8PEq+DGjiTgLbY5OcAX # uUogPPw6gbcuNn8Hq6FFKPIQxaksB8dF8Gw4m2lQoUWESPRF8Zaq9lmZN3+QzA79 # yskfJtAFqz3gUP5wJBdNfi/u1sGbLI0QnJQkIKfFuz7DfDPldw0gIl05BIYwZBmj # TpFRu1/+gIlP1Ul4L/wt9Lxk6pglObLsdxHP2UQrG30JaUN0gv3xZMBBByHGVVTe # cyU4qwJ0ulMdv/kjHwh+m58uOF8gHXLfyBmOjYpohN3+l0rS0qdArZMNSmLTA7N8 # n3V3AZLKB//1yhPt++gR4pCFdXmgwYDDLRxjlV0cMsG1UeSQUdI0aieh/grg5TQO # CergVXS5h3sz5U0ZQPWND41LJhA0gF2OGZNHdUc9+0dwTsfxAERrjaTdeZp0/rdZ # 9iGBoiRsS4U86S8xkDGCGmwwghpoAgEBMH0waTELMAkGA1UEBhMCVVMxFzAVBgNV # BAoTDkRpZ2lDZXJ0LCBJbmMuMUEwPwYDVQQDEzhEaWdpQ2VydCBUcnVzdGVkIEc0 # IENvZGUgU2lnbmluZyBSU0E0MDk2IFNIQTM4NCAyMDIxIENBMQIQDZEPHT770dKt # 2LbeB9E92jANBglghkgBZQMEAgEFAKCBhDAYBgorBgEEAYI3AgEMMQowCKACgACh # AoAAMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsxDjAM # BgorBgEEAYI3AgEVMC8GCSqGSIb3DQEJBDEiBCChypn83Rl9rEsRURMtReivWo0Z # VdDJtGZVAViiPH2CUTANBgkqhkiG9w0BAQEFAASCAgATEwgWsl0YxZiNo4S5m0c4 # FNj/DcII0r4RtDqUE54GsLDcGTTS0MXd3+1Hr9fz7Mr4ny58/vuDG5It83BTR6OS # Q3Xao0u4A7xZ3jXW4b8vGUpSZjyEkUcDzLAnxMmmxAjWlog0pz9VOHudOnbwQ4kd # GTJj037KrpsBLlMg7EqxEn9ASKlwqOabulMUE7KKO6/SZOFW823vKWoGMOiJpDHS # wUl6FV3yZn7IHiROx+V/WDm2to9uhMNIwPqMC4Y3QeqZI4xvMdFrQFtLI93jo/Lm # n9m5r2LGIqfeCkWtFOUem23FmNj+iWXW6Cw0AVLWO533HL89hKH7W+WJ/4ntkptz # yHzQ0jzN6YTZN0qVhgNCZucQdKhiBX/YlCgYYHi5nUa4xMlCuK1VWDF9Y8c+SDWi # vkkGAWelSzW/8Lr7TjbvJ2MYamBrN489/0kkErnAJViNZ8YO6Rz0VYmC6EHrQRkr # ifPU9lGZ7qDl7L6hu/wpzXX76cue/WG+UzTm7FFIbHXYfGzRpAF9g13gvNmTnHE/ # C0ljiXTyeYT42jaGffGTNQbxEL7rCB6Tuv3ze2f1MrsuMjEOftEzPINz+qmkM00+ # bwFENmr5PrVgHF+/RJQiuyvyfWKx9ZGfD5d6nlNYMAbHVqWmBRY4NPUkDWIBbOnc # /3DiUhjhi7N5Usr64tDEgaGCFzkwghc1BgorBgEEAYI3AwMBMYIXJTCCFyEGCSqG # SIb3DQEHAqCCFxIwghcOAgEDMQ8wDQYJYIZIAWUDBAIBBQAwdwYLKoZIhvcNAQkQ # AQSgaARmMGQCAQEGCWCGSAGG/WwHATAxMA0GCWCGSAFlAwQCAQUABCCbkGC4Z0N1 # gwMqOszh4W6vcdyfrs82OcpcIG8mpzHvlAIQTaSZTspIUUpKPsn+TjiClxgPMjAy # NDExMjYyMDU2NTJaoIITAzCCBrwwggSkoAMCAQICEAuuZrxaun+Vh8b56QTjMwQw # DQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0 # LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hB # MjU2IFRpbWVTdGFtcGluZyBDQTAeFw0yNDA5MjYwMDAwMDBaFw0zNTExMjUyMzU5 # NTlaMEIxCzAJBgNVBAYTAlVTMREwDwYDVQQKEwhEaWdpQ2VydDEgMB4GA1UEAxMX # RGlnaUNlcnQgVGltZXN0YW1wIDIwMjQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw # ggIKAoICAQC+anOf9pUhq5Ywultt5lmjtej9kR8YxIg7apnjpcH9CjAgQxK+CMR0 # Rne/i+utMeV5bUlYYSuuM4vQngvQepVHVzNLO9RDnEXvPghCaft0djvKKO+hDu6O # bS7rJcXa/UKvNminKQPTv/1+kBPgHGlP28mgmoCw/xi6FG9+Un1h4eN6zh926SxM # e6We2r1Z6VFZj75MU/HNmtsgtFjKfITLutLWUdAoWle+jYZ49+wxGE1/UXjWfISD # mHuI5e/6+NfQrxGFSKx+rDdNMsePW6FLrphfYtk/FLihp/feun0eV+pIF496OVh4 # R1TvjQYpAztJpVIfdNsEvxHofBf1BWkadc+Up0Th8EifkEEWdX4rA/FE1Q0rqViT # bLVZIqi6viEk3RIySho1XyHLIAOJfXG5PEppc3XYeBH7xa6VTZ3rOHNeiYnY+V4j # 1XbJ+Z9dI8ZhqcaDHOoj5KGg4YuiYx3eYm33aebsyF6eD9MF5IDbPgjvwmnAalNE # eJPvIeoGJXaeBQjIK13SlnzODdLtuThALhGtyconcVuPI8AaiCaiJnfdzUcb3dWn # qUnjXkRFwLtsVAxFvGqsxUA2Jq/WTjbnNjIUzIs3ITVC6VBKAOlb2u29Vwgfta8b # 2ypi6n2PzP0nVepsFk8nlcuWfyZLzBaZ0MucEdeBiXL+nUOGhCjl+QIDAQABo4IB # izCCAYcwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAww # CgYIKwYBBQUHAwgwIAYDVR0gBBkwFzAIBgZngQwBBAIwCwYJYIZIAYb9bAcBMB8G # A1UdIwQYMBaAFLoW2W1NhS9zKXaaL3WMaiCPnshvMB0GA1UdDgQWBBSfVywDdw4o # FZBmpWNe7k+SH3agWzBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsMy5kaWdp # Y2VydC5jb20vRGlnaUNlcnRUcnVzdGVkRzRSU0E0MDk2U0hBMjU2VGltZVN0YW1w # aW5nQ0EuY3JsMIGQBggrBgEFBQcBAQSBgzCBgDAkBggrBgEFBQcwAYYYaHR0cDov # L29jc3AuZGlnaWNlcnQuY29tMFgGCCsGAQUFBzAChkxodHRwOi8vY2FjZXJ0cy5k # aWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkRzRSU0E0MDk2U0hBMjU2VGltZVN0 # YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQA9rR4fdplb4ziEEkfZQ5H2 # EdubTggd0ShPz9Pce4FLJl6reNKLkZd5Y/vEIqFWKt4oKcKz7wZmXa5VgW9B76k9 # NJxUl4JlKwyjUkKhk3aYx7D8vi2mpU1tKlY71AYXB8wTLrQeh83pXnWwwsxc1Mt+ # FWqz57yFq6laICtKjPICYYf/qgxACHTvypGHrC8k1TqCeHk6u4I/VBQC9VK7iSpU # 5wlWjNlHlFFv/M93748YTeoXU/fFa9hWJQkuzG2+B7+bMDvmgF8VlJt1qQcl7YFU # MYgZU1WM6nyw23vT6QSgwX5Pq2m0xQ2V6FJHu8z4LXe/371k5QrN9FQBhLLISZi2 # yemW0P8ZZfx4zvSWzVXpAb9k4Hpvpi6bUe8iK6WonUSV6yPlMwerwJZP/Gtbu3CK # ldMnn+LmmRTkTXpFIEB06nXZrDwhCGED+8RsWQSIXZpuG4WLFQOhtloDRWGoCwwc # 6ZpPddOFkM2LlTbMcqFSzm4cd0boGhBq7vkqI1uHRz6Fq1IX7TaRQuR+0BGOzISk # cqwXu7nMpFu3mgrlgbAW+BzikRVQ3K2YHcGkiKjA4gi4OA/kz1YCsdhIBHXqBzR0 # /Zd2QwQ/l4Gxftt/8wY3grcc/nS//TVkej9nmUYu83BDtccHHXKibMs/yXHhDXNk # oPIdynhVAku7aRZOwqw6pDCCBq4wggSWoAMCAQICEAc2N7ckVHzYR6z9KGYqXlsw # DQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0 # IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNl # cnQgVHJ1c3RlZCBSb290IEc0MB4XDTIyMDMyMzAwMDAwMFoXDTM3MDMyMjIzNTk1 # OVowYzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYD # VQQDEzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hBMjU2IFRpbWVTdGFt # cGluZyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMaGNQZJs8E9 # cklRVcclA8TykTepl1Gh1tKD0Z5Mom2gsMyD+Vr2EaFEFUJfpIjzaPp985yJC3+d # H54PMx9QEwsmc5Zt+FeoAn39Q7SE2hHxc7Gz7iuAhIoiGN/r2j3EF3+rGSs+Qtxn # jupRPfDWVtTnKC3r07G1decfBmWNlCnT2exp39mQh0YAe9tEQYncfGpXevA3eZ9d # rMvohGS0UvJ2R/dhgxndX7RUCyFobjchu0CsX7LeSn3O9TkSZ+8OpWNs5KbFHc02 # DVzV5huowWR0QKfAcsW6Th+xtVhNef7Xj3OTrCw54qVI1vCwMROpVymWJy71h6aP # TnYVVSZwmCZ/oBpHIEPjQ2OAe3VuJyWQmDo4EbP29p7mO1vsgd4iFNmCKseSv6De # 4z6ic/rnH1pslPJSlRErWHRAKKtzQ87fSqEcazjFKfPKqpZzQmiftkaznTqj1QPg # v/CiPMpC3BhIfxQ0z9JMq++bPf4OuGQq+nUoJEHtQr8FnGZJUlD0UfM2SU2LINIs # VzV5K6jzRWC8I41Y99xh3pP+OcD5sjClTNfpmEpYPtMDiP6zj9NeS3YSUZPJjAw7 # W4oiqMEmCPkUEBIDfV8ju2TjY+Cm4T72wnSyPx4JduyrXUZ14mCjWAkBKAAOhFTu # zuldyF4wEr1GnrXTdrnSDmuZDNIztM2xAgMBAAGjggFdMIIBWTASBgNVHRMBAf8E # CDAGAQH/AgEAMB0GA1UdDgQWBBS6FtltTYUvcyl2mi91jGogj57IbzAfBgNVHSME # GDAWgBTs1+OC0nFdZEzfLmc/57qYrhwPTzAOBgNVHQ8BAf8EBAMCAYYwEwYDVR0l # BAwwCgYIKwYBBQUHAwgwdwYIKwYBBQUHAQEEazBpMCQGCCsGAQUFBzABhhhodHRw # Oi8vb2NzcC5kaWdpY2VydC5jb20wQQYIKwYBBQUHMAKGNWh0dHA6Ly9jYWNlcnRz # LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRSb290RzQuY3J0MEMGA1UdHwQ8 # MDowOKA2oDSGMmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0 # ZWRSb290RzQuY3JsMCAGA1UdIAQZMBcwCAYGZ4EMAQQCMAsGCWCGSAGG/WwHATAN # BgkqhkiG9w0BAQsFAAOCAgEAfVmOwJO2b5ipRCIBfmbW2CFC4bAYLhBNE88wU86/ # GPvHUF3iSyn7cIoNqilp/GnBzx0H6T5gyNgL5Vxb122H+oQgJTQxZ822EpZvxFBM # Yh0MCIKoFr2pVs8Vc40BIiXOlWk/R3f7cnQU1/+rT4osequFzUNf7WC2qk+RZp4s # nuCKrOX9jLxkJodskr2dfNBwCnzvqLx1T7pa96kQsl3p/yhUifDVinF2ZdrM8HKj # I/rAJ4JErpknG6skHibBt94q6/aesXmZgaNWhqsKRcnfxI2g55j7+6adcq/Ex8HB # anHZxhOACcS2n82HhyS7T6NJuXdmkfFynOlLAlKnN36TU6w7HQhJD5TNOXrd/yVj # mScsPT9rp/Fmw0HNT7ZAmyEhQNC3EyTN3B14OuSereU0cZLXJmvkOHOrpgFPvT87 # eK1MrfvElXvtCl8zOYdBeHo46Zzh3SP9HSjTx/no8Zhf+yvYfvJGnXUsHicsJttv # FXseGYs2uJPU5vIXmVnKcPA3v5gA3yAWTyf7YGcWoWa63VXAOimGsJigK+2VQbc6 # 1RWYMbRiCQ8KvYHZE/6/pNHzV9m8BPqC3jLfBInwAM1dwvnQI38AC+R2AibZ8GV2 # QqYphwlHK+Z/GqSFD/yYlvZVVCsfgPrA8g4r5db7qS9EFUrnEw4d2zc4GqEr9u3W # fPwwggWNMIIEdaADAgECAhAOmxiO+dAt5+/bUOIIQBhaMA0GCSqGSIb3DQEBDAUA # MGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsT # EHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQg # Um9vdCBDQTAeFw0yMjA4MDEwMDAwMDBaFw0zMTExMDkyMzU5NTlaMGIxCzAJBgNV # BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp # Y2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0IFRydXN0ZWQgUm9vdCBHNDCCAiIw # DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL/mkHNo3rvkXUo8MCIwaTPswqcl # LskhPfKK2FnC4SmnPVirdprNrnsbhA3EMB/zG6Q4FutWxpdtHauyefLKEdLkX9YF # PFIPUh/GnhWlfr6fqVcWWVVyr2iTcMKyunWZanMylNEQRBAu34LzB4TmdDttceIt # DBvuINXJIB1jKS3O7F5OyJP4IWGbNOsFxl7sWxq868nPzaw0QF+xembud8hIqGZX # V59UWI4MK7dPpzDZVu7Ke13jrclPXuU15zHL2pNe3I6PgNq2kZhAkHnDeMe2scS1 # ahg4AxCN2NQ3pC4FfYj1gj4QkXCrVYJBMtfbBHMqbpEBfCFM1LyuGwN1XXhm2Tox # RJozQL8I11pJpMLmqaBn3aQnvKFPObURWBf3JFxGj2T3wWmIdph2PVldQnaHiZdp # ekjw4KISG2aadMreSx7nDmOu5tTvkpI6nj3cAORFJYm2mkQZK37AlLTSYW3rM9nF # 30sEAMx9HJXDj/chsrIRt7t/8tWMcCxBYKqxYxhElRp2Yn72gLD76GSmM9GJB+G9 # t+ZDpBi4pncB4Q+UDCEdslQpJYls5Q5SUUd0viastkF13nqsX40/ybzTQRESW+UQ # UOsxxcpyFiIJ33xMdT9j7CFfxCBRa2+xq4aLT8LWRV+dIPyhHsXAj6KxfgommfXk # aS+YHS312amyHeUbAgMBAAGjggE6MIIBNjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud # DgQWBBTs1+OC0nFdZEzfLmc/57qYrhwPTzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEt # UYunpyGd823IDzAOBgNVHQ8BAf8EBAMCAYYweQYIKwYBBQUHAQEEbTBrMCQGCCsG # AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQwYIKwYBBQUHMAKGN2h0 # dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RD # QS5jcnQwRQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29t # L0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDARBgNVHSAECjAIMAYGBFUdIAAw # DQYJKoZIhvcNAQEMBQADggEBAHCgv0NcVec4X6CjdBs9thbX979XB72arKGHLOyF # XqkauyL4hxppVCLtpIh3bb0aFPQTSnovLbc47/T/gLn4offyct4kvFIDyE7QKt76 # LVbP+fT3rDB6mouyXtTP0UNEm0Mh65ZyoUi0mcudT6cGAxN3J0TU53/oWajwvy8L # punyNDzs9wPHh6jSTEAZNUZqaVSwuKFWjuyk1T3osdz9HNj0d1pcVIxv76FQPfx2 # CWiEn2/K2yCNNWAcAgPLILCsWKAOQGPFmCLBsln1VWvPJ6tsds5vIy30fnFqI2si # /xK4VC0nftg62fC2h5b9W9FcrBjDTZ9ztwGpn1eqXijiuZQxggN2MIIDcgIBATB3 # MGMxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE7MDkGA1UE # AxMyRGlnaUNlcnQgVHJ1c3RlZCBHNCBSU0E0MDk2IFNIQTI1NiBUaW1lU3RhbXBp # bmcgQ0ECEAuuZrxaun+Vh8b56QTjMwQwDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZI # hvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJBTEPFw0yNDExMjYyMDU2 # NTJaMCsGCyqGSIb3DQEJEAIMMRwwGjAYMBYEFNvThe5i29I+e+T2cUhQhyTVhltF # MC8GCSqGSIb3DQEJBDEiBCAHabA1Cj7g85Id1L/GHGXR8pxaeZcSwM9L30nmUo6/ # ajA3BgsqhkiG9w0BCRACLzEoMCYwJDAiBCB2dp+o8mMvH0MLOiMwrtZWdf7Xc9sF # 1mW5BZOYQ4+a2zANBgkqhkiG9w0BAQEFAASCAgBGCDge5kAa3MZVCgygyGSfORUW # C02XiU0vciLxnmbFVRZzAhwnOnhKmMRIq/xbM6U+myuQszIdf2Jp/9gxKauzeLzq # txUkBZz5WyBF2q/Y/1Na13A2INBMNtGwKssaSJ5+0XRNZOndCE+riOTE6poFpFON # nFZMX/M0l21aStIOk8Dq2RnncnA8oRSPeeAAGzs/mpz0rCJ4+ebwJWgLhHFJIJ66 # Lwvw3JEmkRc5T3ks1wXwbLCkSKvJ974v1iL2Yjm+P9GnuOB3yFEtlB8JlPTDbUJW # YWhCnE4YmHIHYYc/GvcXSeHCdY8iU5xp5UtS9/jlkjXBDPW2TLQ620R8Hvg6W2sy # e9BTR1dzOBehT43/fY9fNfdMonhgaCKb+ybEhMeWcMNPt1GSK2xLUEk+wJvTvn/d # 0LNo11thPv+3SN93HOXCibuG9T3I1n1CIjMByeBuc/X3l1+2VgM+FdV0FQMiOeR+ # UoqH1D8kW1QNIOBMMAWDfIZNpqWIITPNubbqtJdAXwAjsp+VyNvepAnZYIhMkfAl # vT4oOwDZyyFs3URbmA/4kqqvIG7mMhR7nFyayg2dH4pN1dnJro/mO5duirqchULS # H91KAgt+STUW8QjLnChCdu4fxPheBBlsGMBpZixdD59LeZ81pC63g87TnrSzAH8F # SVU4zCOyNHazV3DwxA== # SIG # End signature block |