Modules/Providers/ProviderHelpers/AADRiskyPermissionsHelper.psm1
|
function Get-RiskyPermissionsJson { process { try { $PermissionsPath = Join-Path -Path ((Get-Item -Path $PSScriptRoot).Parent.Parent.FullName) -ChildPath "Permissions" $PermissionsJson = Get-Content -Path ( Join-Path -Path (Get-Item -Path $PermissionsPath) -ChildPath "RiskyPermissions.json" ) | ConvertFrom-Json } catch { Write-Warning "An error occurred in Get-RiskyPermissionsJson: $($_.Exception.Message)" Write-Warning "Stack trace: $($_.ScriptStackTrace)" throw $_ } return $PermissionsJson } } function Format-RiskyPermission { <# .Description Returns an API permission from either application/service principal which maps to the list of permissions declared in RiskyPermissions.json .Functionality #Internal ##> param ( [ValidateNotNullOrEmpty()] [PSCustomObject] $Json, [ValidateNotNullOrEmpty()] [string] $AppDisplayName, [ValidateNotNullOrEmpty()] [string] $Id, [ValidateNotNullOrEmpty()] [boolean] $IsAdminConsented ) $RiskyPermissions = $Json.permissions.$AppDisplayName.PSObject.Properties.Name $Map = @() if ($RiskyPermissions -contains $Id) { $Map += [PSCustomObject]@{ RoleId = $Id RoleDisplayName = $Json.permissions.$AppDisplayName.$Id ApplicationDisplayName = $AppDisplayName IsAdminConsented = $IsAdminConsented } } return $Map } function Format-Credentials { <# .Description Returns an array of valid/expired credentials .Functionality #Internal ##> [Diagnostics.CodeAnalysis.SuppressMessageAttribute( "PSReviewUnusedParameter", "IsFromApplication", Justification = "False positive due to variable scoping" )] param ( [Object[]] $AccessKeys, [ValidateNotNullOrEmpty()] [boolean] $IsFromApplication ) process { $ValidCredentials = @() $RequiredKeys = @("KeyId", "DisplayName", "StartDateTime", "EndDateTime") foreach ($Credential in $AccessKeys) { # Only format credentials with the correct keys $MissingKeys = $RequiredKeys | Where-Object { -not ($Credential.PSObject.Properties.Name -contains $_) } if ($MissingKeys.Count -eq 0) { # $Credential is of type PSCredential which is immutable, create a copy $CredentialCopy = $Credential | Select-Object -Property ` KeyId, DisplayName, StartDateTime, EndDateTime, ` @{ Name = "IsFromApplication"; Expression = { $IsFromApplication }} $ValidCredentials += $CredentialCopy } } if ($null -eq $AccessKeys -or $AccessKeys.Count -eq 0 -or $ValidCredentials.Count -eq 0) { return $null } return $ValidCredentials } } function Merge-Credentials { <# .Description Merge credentials from multiple resources into a single resource .Functionality #Internal ##> param ( [Object[]] $ApplicationAccessKeys, [Object[]] $ServicePrincipalAccessKeys ) # Both application/sp objects have key and federated credentials. # Conditionally merge the two together, select only application/service principal creds, or none. $MergedCredentials = @() if ($null -ne $ServicePrincipalAccessKeys -and $null -ne $ApplicationAccessKeys) { # Both objects valid $MergedCredentials = @($ServicePrincipalAccessKeys) + @($ApplicationAccessKeys) } elseif ($null -eq $ServicePrincipalAccessKeys -and $null -ne $ApplicationAccessKeys) { # Only application credentials valid $MergedCredentials = @($ApplicationAccessKeys) } elseif ($null -ne $ServicePrincipalAccessKeys -and $null -eq $ApplicationAccessKeys) { # Only service principal credentials valid $MergedCredentials = @($ServicePrincipalAccessKeys) } else { # Neither credentials are valid $MergedCredentials = $null } return $MergedCredentials } function Get-ApplicationsWithRiskyPermissions { <# .Description Returns an array of applications where each item contains its Object ID, App ID, Display Name, Key/Password/Federated Credentials, and risky API permissions. .Functionality #Internal ##> process { try { $RiskyPermissionsJson = Get-RiskyPermissionsJson $Applications = Get-MgBetaApplication -All $ApplicationResults = @() foreach ($App in $Applications) { # `AzureADMyOrg` = single tenant; `AzureADMultipleOrgs` = multi tenant $IsMultiTenantEnabled = $false if ($App.SignInAudience -eq "AzureADMultipleOrgs") { $IsMultiTenantEnabled = $true } # Map application permissions against RiskyPermissions.json $MappedPermissions = @() foreach ($Resource in $App.RequiredResourceAccess) { # Exclude delegated permissions with property Type="Scope" $Roles = $Resource.ResourceAccess | Where-Object { $_.Type -eq "Role" } $ResourceAppId = $Resource.ResourceAppId # Additional processing is required to determine if a permission is admin consented. # Initially assume admin consent is false since we reference the application's manifest, # then update the value later when its compared to service principal permissions. $IsAdminConsented = $false # Only map on resources stored in RiskyPermissions.json file if ($RiskyPermissionsJson.resources.PSObject.Properties.Name -contains $ResourceAppId) { foreach($Role in $Roles) { $ResourceDisplayName = $RiskyPermissionsJson.resources.$ResourceAppId $RoleId = $Role.Id $MappedPermissions += Format-RiskyPermission ` -Json $RiskyPermissionsJson ` -AppDisplayName $ResourceDisplayName ` -Id $RoleId ` -IsAdminConsented $IsAdminConsented } } } $FederatedCredentials = Get-MgBetaApplicationFederatedIdentityCredential -All -ApplicationId $App.Id $FederatedCredentialsResults = @() if ($null -ne $FederatedCredentials) { foreach ($FederatedCredential in $FederatedCredentials) { $FederatedCredentialsResults += [PSCustomObject]@{ Id = $FederatedCredential.Id Name = $FederatedCredential.Name Description = $FederatedCredential.Description Issuer = $FederatedCredential.Issuer Subject = $FederatedCredential.Subject Audiences = $FederatedCredential.Audiences | Out-String } } } else { $FederatedCredentialsResults = $null } # Exclude applications without risky permissions if ($MappedPermissions.Count -gt 0) { $ApplicationResults += [PSCustomObject]@{ ObjectId = $App.Id AppId = $App.AppId DisplayName = $App.DisplayName IsMultiTenantEnabled = $IsMultiTenantEnabled # Credentials from application and service principal objects may get merged in other cmdlets. # Differentiate between the two by setting IsFromApplication=$true KeyCredentials = Format-Credentials -AccessKeys $App.KeyCredentials -IsFromApplication $true PasswordCredentials = Format-Credentials -AccessKeys $App.PasswordCredentials -IsFromApplication $true FederatedCredentials = $FederatedCredentialsResults RiskyPermissions = $MappedPermissions } } } } catch { Write-Warning "An error occurred in Get-ApplicationsWithRiskyPermissions: $($_.Exception.Message)" Write-Warning "Stack trace: $($_.ScriptStackTrace)" throw $_ } return $ApplicationResults } } function Get-ServicePrincipalsWithRiskyPermissions { <# .Description Returns an array of service principals where each item contains its Object ID, App ID, Display Name, Key/Password Credentials, and risky API permissions. .Functionality #Internal ##> param ( [ValidateNotNullOrEmpty()] [string] $M365Environment ) process { try { $RiskyPermissionsJson = Get-RiskyPermissionsJson $ServicePrincipalResults = @() # Get all service principals including ones owned by Microsoft $ServicePrincipals = Get-MgBetaServicePrincipal -All # Prepare service principal IDs for batch processing $ServicePrincipalIds = $ServicePrincipals.Id # Split the service principal IDs into chunks of 20 $Chunks = [System.Collections.Generic.List[System.Object]]::new() $ChunkSize = 20 for ($i = 0; $i -lt $ServicePrincipalIds.Count; $i += $ChunkSize) { $Chunks.Add($ServicePrincipalIds[$i..([math]::Min($i + $ChunkSize - 1, $ServicePrincipalIds.Count - 1))]) } $endpoint = '/beta/$batch' if ($M365Environment -eq "gcchigh") { $endpoint = "https://graph.microsoft.us" + $endpoint } elseif ($M365Environment -eq "dod") { $endpoint = "https://dod-graph.microsoft.us" + $endpoint } else { $endpoint = "https://graph.microsoft.com" + $endpoint } # Process each chunk foreach ($Chunk in $Chunks) { $BatchBody = @{ Requests = @() } foreach ($ServicePrincipalId in $Chunk) { $BatchBody.Requests += @{ id = $ServicePrincipalId method = "GET" url = "/servicePrincipals/$ServicePrincipalId/appRoleAssignments" } } # Send the batch request $Response = Invoke-MgGraphRequest -Method POST -Uri $endpoint -Body ( $BatchBody | ConvertTo-Json -Depth 5 ) # Check the response if ($Response.responses) { foreach ($Result in $Response.responses) { $ServicePrincipalId = $Result.id $ServicePrincipal = $ServicePrincipals | Where-Object { $_.Id -eq $ServicePrincipalId } $MappedPermissions = @() if ($Result.status -eq 200) { $AppRoleAssignments = $Result.body.value if ($AppRoleAssignments.Count -gt 0) { foreach ($Role in $AppRoleAssignments) { $ResourceDisplayName = $Role.ResourceDisplayName $RoleId = $Role.AppRoleId # Default to true, # `Get-MgBetaServicePrincipalAppRoleAssignment` only returns admin consented permissions $IsAdminConsented = $true # Only map on resources stored in RiskyPermissions.json file if ($RiskyPermissionsJson.permissions.PSObject.Properties.Name -contains $ResourceDisplayName) { $MappedPermissions += Format-RiskyPermission ` -Json $RiskyPermissionsJson ` -AppDisplayName $ResourceDisplayName ` -Id $RoleId ` -IsAdminConsented $IsAdminConsented } } } } else { Write-Warning "Error for service principal $($Result.id): $($Result.status)" } # Exclude service principals without risky permissions if ($MappedPermissions.Count -gt 0) { $ServicePrincipalResults += [PSCustomObject]@{ ObjectId = $ServicePrincipal.Id AppId = $ServicePrincipal.AppId DisplayName = $ServicePrincipal.DisplayName # Credentials from application and service principal objects may get merged in other cmdlets. # Differentiate between the two by setting IsFromApplication=$false KeyCredentials = Format-Credentials -AccessKeys $ServicePrincipal.KeyCredentials -IsFromApplication $false PasswordCredentials = Format-Credentials -AccessKeys $ServicePrincipal.PasswordCredentials -IsFromApplication $false FederatedCredentials = $ServicePrincipal.FederatedIdentityCredentials RiskyPermissions = $MappedPermissions } } } } } } catch { Write-Warning "An error occurred in Get-ServicePrincipalsWithRiskyPermissions: $($_.Exception.Message)" Write-Warning "Stack trace: $($_.ScriptStackTrace)" throw $_ } return $ServicePrincipalResults } } function Format-RiskyApplications { <# .Description Returns an aggregated JSON dataset of application objects, combining data from both applications and service principal objects. Key/Password/Federated credentials are combined into a single array, and admin consent is reflected in each object's list of associated risky permissions. .Functionality #Internal ##> param ( [ValidateNotNullOrEmpty()] [Object[]] $RiskyApps, [ValidateNotNullOrEmpty()] [Object[]] $RiskySPs ) process { try { $Applications = @() foreach ($App in $RiskyApps) { $MatchedServicePrincipal = $RiskySPs | Where-Object { $_.AppId -eq $App.AppId } # Merge objects if an application and service principal exist with the same AppId $MergedObject = @{} if ($MatchedServicePrincipal) { # Determine if each risky permission was admin consented or not foreach ($Permission in $App.RiskyPermissions) { $ServicePrincipalRoleIds = $MatchedServicePrincipal.RiskyPermissions | Select-Object -ExpandProperty RoleId if ($ServicePrincipalRoleIds -contains $Permission.RoleId) { $Permission.IsAdminConsented = $true } } $ObjectIds = [PSCustomObject]@{ Application = $App.ObjectId ServicePrincipal = $MatchedServicePrincipal.ObjectId } $MergedKeyCredentials = Merge-Credentials ` -ApplicationAccessKeys $App.KeyCredentials ` -ServicePrincipalAccessKeys $MatchedServicePrincipal.KeyCredentials $MergedPasswordCredentials = Merge-Credentials ` -ApplicationAccessKeys $App.PasswordCredentials ` -ServicePrincipalAccessKeys $MatchedServicePrincipal.PasswordCredentials $MergedFederatedCredentials = Merge-Credentials ` -ApplicationAccessKeys $App.FederatedCredentials ` -ServicePrincipalAccessKeys $MatchedServicePrincipal.FederatedCredentials $MergedObject = [PSCustomObject]@{ ObjectId = $ObjectIds AppId = $App.AppId DisplayName = $App.DisplayName IsMultiTenantEnabled = $App.IsMultiTenantEnabled KeyCredentials = $MergedKeyCredentials PasswordCredentials = $MergedPasswordCredentials FederatedCredentials = $MergedFederatedCredentials RiskyPermissions = $App.RiskyPermissions } } else { $MergedObject = $App } $Applications += $MergedObject } } catch { Write-Warning "An error occurred in Format-RiskyApplications: $($_.Exception.Message)" Write-Warning "Stack trace: $($_.ScriptStackTrace)" throw $_ } return $Applications } } function Format-RiskyThirdPartyServicePrincipals { <# .Description Returns a JSON dataset of service principal objects owned by external organizations. .Functionality #Internal ##> param ( [ValidateNotNullOrEmpty()] [Object[]] $RiskyApps, [ValidateNotNullOrEmpty()] [Object[]] $RiskySPs ) process { try { $ServicePrincipals = @() foreach ($ServicePrincipal in $RiskySPs) { $MatchedApplication = $RiskyApps | Where-Object { $_.AppId -eq $ServicePrincipal.AppId } # If a service principal does not have an associated application registration, # then it is owned by an external organization. if ($null -eq $MatchedApplication) { $ServicePrincipals += $ServicePrincipal } } } catch { Write-Warning "An error occurred in Format-RiskyThirdPartyServicePrincipals: $($_.Exception.Message)" Write-Warning "Stack trace: $($_.ScriptStackTrace)" throw $_ } return $ServicePrincipals } } Export-ModuleMember -Function @( "Get-ApplicationsWithRiskyPermissions", "Get-ServicePrincipalsWithRiskyPermissions", "Format-RiskyApplications", "Format-RiskyThirdPartyServicePrincipals" ) # SIG # Begin signature block # MIIuugYJKoZIhvcNAQcCoIIuqzCCLqcCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDkBzaxDbwz1i83 # ac0zcBzDE2vd+UqrGKdh0V2VhGKAtaCCE6MwggWQMIIDeKADAgECAhAFmxtXno4h # MuI5B72nd3VcMA0GCSqGSIb3DQEBDAUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQK # EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNV # BAMTGERpZ2lDZXJ0IFRydXN0ZWQgUm9vdCBHNDAeFw0xMzA4MDExMjAwMDBaFw0z # ODAxMTUxMjAwMDBaMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ # bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0 # IFRydXN0ZWQgUm9vdCBHNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB # AL/mkHNo3rvkXUo8MCIwaTPswqclLskhPfKK2FnC4SmnPVirdprNrnsbhA3EMB/z # G6Q4FutWxpdtHauyefLKEdLkX9YFPFIPUh/GnhWlfr6fqVcWWVVyr2iTcMKyunWZ # anMylNEQRBAu34LzB4TmdDttceItDBvuINXJIB1jKS3O7F5OyJP4IWGbNOsFxl7s # Wxq868nPzaw0QF+xembud8hIqGZXV59UWI4MK7dPpzDZVu7Ke13jrclPXuU15zHL # 2pNe3I6PgNq2kZhAkHnDeMe2scS1ahg4AxCN2NQ3pC4FfYj1gj4QkXCrVYJBMtfb # BHMqbpEBfCFM1LyuGwN1XXhm2ToxRJozQL8I11pJpMLmqaBn3aQnvKFPObURWBf3 # JFxGj2T3wWmIdph2PVldQnaHiZdpekjw4KISG2aadMreSx7nDmOu5tTvkpI6nj3c # AORFJYm2mkQZK37AlLTSYW3rM9nF30sEAMx9HJXDj/chsrIRt7t/8tWMcCxBYKqx # YxhElRp2Yn72gLD76GSmM9GJB+G9t+ZDpBi4pncB4Q+UDCEdslQpJYls5Q5SUUd0 # viastkF13nqsX40/ybzTQRESW+UQUOsxxcpyFiIJ33xMdT9j7CFfxCBRa2+xq4aL # T8LWRV+dIPyhHsXAj6KxfgommfXkaS+YHS312amyHeUbAgMBAAGjQjBAMA8GA1Ud # EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTs1+OC0nFdZEzf # Lmc/57qYrhwPTzANBgkqhkiG9w0BAQwFAAOCAgEAu2HZfalsvhfEkRvDoaIAjeNk # aA9Wz3eucPn9mkqZucl4XAwMX+TmFClWCzZJXURj4K2clhhmGyMNPXnpbWvWVPjS # PMFDQK4dUPVS/JA7u5iZaWvHwaeoaKQn3J35J64whbn2Z006Po9ZOSJTROvIXQPK # 7VB6fWIhCoDIc2bRoAVgX+iltKevqPdtNZx8WorWojiZ83iL9E3SIAveBO6Mm0eB # cg3AFDLvMFkuruBx8lbkapdvklBtlo1oepqyNhR6BvIkuQkRUNcIsbiJeoQjYUIp # 5aPNoiBB19GcZNnqJqGLFNdMGbJQQXE9P01wI4YMStyB0swylIQNCAmXHE/A7msg # dDDS4Dk0EIUhFQEI6FUy3nFJ2SgXUE3mvk3RdazQyvtBuEOlqtPDBURPLDab4vri # RbgjU2wGb2dVf0a1TD9uKFp5JtKkqGKX0h7i7UqLvBv9R0oN32dmfrJbQdA75PQ7 # 9ARj6e/CVABRoIoqyc54zNXqhwQYs86vSYiv85KZtrPmYQ/ShQDnUBrkG5WdGaG5 # nLGbsQAe79APT0JsyQq87kP6OnGlyE0mpTX9iV28hWIdMtKgK1TtmlfB2/oQzxm3 # i0objwG2J5VT6LaJbVu8aNQj6ItRolb58KaAoNYes7wPD1N1KarqE3fk3oyBIa0H # EEcRrYc9B9F1vM/zZn4wggawMIIEmKADAgECAhAIrUCyYNKcTJ9ezam9k67ZMA0G # CSqGSIb3DQEBDAUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ # bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0 # IFRydXN0ZWQgUm9vdCBHNDAeFw0yMTA0MjkwMDAwMDBaFw0zNjA0MjgyMzU5NTla # MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UE # AxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEz # ODQgMjAyMSBDQTEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDVtC9C # 0CiteLdd1TlZG7GIQvUzjOs9gZdwxbvEhSYwn6SOaNhc9es0JAfhS0/TeEP0F9ce # 2vnS1WcaUk8OoVf8iJnBkcyBAz5NcCRks43iCH00fUyAVxJrQ5qZ8sU7H/Lvy0da # E6ZMswEgJfMQ04uy+wjwiuCdCcBlp/qYgEk1hz1RGeiQIXhFLqGfLOEYwhrMxe6T # SXBCMo/7xuoc82VokaJNTIIRSFJo3hC9FFdd6BgTZcV/sk+FLEikVoQ11vkunKoA # FdE3/hoGlMJ8yOobMubKwvSnowMOdKWvObarYBLj6Na59zHh3K3kGKDYwSNHR7Oh # D26jq22YBoMbt2pnLdK9RBqSEIGPsDsJ18ebMlrC/2pgVItJwZPt4bRc4G/rJvmM # 1bL5OBDm6s6R9b7T+2+TYTRcvJNFKIM2KmYoX7BzzosmJQayg9Rc9hUZTO1i4F4z # 8ujo7AqnsAMrkbI2eb73rQgedaZlzLvjSFDzd5Ea/ttQokbIYViY9XwCFjyDKK05 # huzUtw1T0PhH5nUwjewwk3YUpltLXXRhTT8SkXbev1jLchApQfDVxW0mdmgRQRNY # mtwmKwH0iU1Z23jPgUo+QEdfyYFQc4UQIyFZYIpkVMHMIRroOBl8ZhzNeDhFMJlP # /2NPTLuqDQhTQXxYPUez+rbsjDIJAsxsPAxWEQIDAQABo4IBWTCCAVUwEgYDVR0T # AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUaDfg67Y7+F8Rhvv+YXsIiGX0TkIwHwYD # VR0jBBgwFoAU7NfjgtJxXWRM3y5nP+e6mK4cD08wDgYDVR0PAQH/BAQDAgGGMBMG # A1UdJQQMMAoGCCsGAQUFBwMDMHcGCCsGAQUFBwEBBGswaTAkBggrBgEFBQcwAYYY # aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRwOi8vY2Fj # ZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNydDBDBgNV # HR8EPDA6MDigNqA0hjJodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRU # cnVzdGVkUm9vdEc0LmNybDAcBgNVHSAEFTATMAcGBWeBDAEDMAgGBmeBDAEEATAN # BgkqhkiG9w0BAQwFAAOCAgEAOiNEPY0Idu6PvDqZ01bgAhql+Eg08yy25nRm95Ry # sQDKr2wwJxMSnpBEn0v9nqN8JtU3vDpdSG2V1T9J9Ce7FoFFUP2cvbaF4HZ+N3HL # IvdaqpDP9ZNq4+sg0dVQeYiaiorBtr2hSBh+3NiAGhEZGM1hmYFW9snjdufE5Btf # Q/g+lP92OT2e1JnPSt0o618moZVYSNUa/tcnP/2Q0XaG3RywYFzzDaju4ImhvTnh # OE7abrs2nfvlIVNaw8rpavGiPttDuDPITzgUkpn13c5UbdldAhQfQDN8A+KVssIh # dXNSy0bYxDQcoqVLjc1vdjcshT8azibpGL6QB7BDf5WIIIJw8MzK7/0pNVwfiThV # 9zeKiwmhywvpMRr/LhlcOXHhvpynCgbWJme3kuZOX956rEnPLqR0kq3bPKSchh/j # wVYbKyP/j7XqiHtwa+aguv06P0WmxOgWkVKLQcBIhEuWTatEQOON8BUozu3xGFYH # Ki8QxAwIZDwzj64ojDzLj4gLDb879M4ee47vtevLt/B3E+bnKD+sEq6lLyJsQfmC # XBVmzGwOysWGw/YmMwwHS6DTBwJqakAwSEs0qFEgu60bhQjiWQ1tygVQK+pKHJ6l # /aCnHwZ05/LWUpD9r4VIIflXO7ScA+2GRfS0YW6/aOImYIbqyK+p/pQd52MbOoZW # eE4wggdXMIIFP6ADAgECAhAP1uYgxSr4joyBpB/eZOIuMA0GCSqGSIb3DQEBCwUA # MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UE # AxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEz # ODQgMjAyMSBDQTEwHhcNMjUwMjA4MDAwMDAwWhcNMjYwMTE1MjM1OTU5WjBfMQsw # CQYDVQQGEwJVUzEdMBsGA1UECBMURGlzdHJpY3Qgb2YgQ29sdW1iaWExEzARBgNV # BAcTCldhc2hpbmd0b24xDTALBgNVBAoTBENJU0ExDTALBgNVBAMTBENJU0EwggIi # MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCXm3O0IOQzt0tbPPKAv4IrrzOf # QjE4Mb9j1zLL1GehaE35ddnoitE7l8OmVEeTLwPH+UpI7DfynUCjLb8HGcsuHO0H # aUuVFR3FNyvGByYATUTA+bQ9UgcwCoPyL48cDmdqFzheQ/KsC+FhI4uEpYiB/6Jp # Q0UL0SUVfC8O8+1ioUXAwdMt3G8bT3x6WaEmAbGqM5yC5fd7rKZEmpLzpA6bP2Xc # QMwi6Jn1m4AvL/jJrXvPyVUK9UlbjobKjiVg6a/UBgFrq8cU7Q1w/e5ijy6XA+aC # Z7SICqimtCW4wbrvodZL0yFeZIxN9qJ24hvrVGf7P/ANTzkoGHuHLwpMIOjBrpA+ # ig3jBTjY1xE2DYgHWcKHsSHEbOxStk+qHsn2J5i9GK+nwS7GmMqIRaEwy+dbfh6l # Q2jI4PO6kPk0ePnB3jTD/bEkdbRXpuq3aUAMS4ZSESer+CnzeBLEXvHrVVs4yHrf # RPmLOX+T43FEf6iAY7Ta3ahn0icLtCtauJ9/jmMigM/l1IfaAF6E/SoCHc6G6S9F # 1ECU/nBkpThU5u2kufiGWBC8rV2V8D50QERbohnv3yWR5BTG8dX+NYjd7HdctRAj # 9al3sQ/tdyVgOHUp+9KseYJthuNnh8WCoDeho/GX65QJDSJwh5uDcvNUfpeebANU # U1GwatZ4l+EWfOc05QIDAQABo4ICAzCCAf8wHwYDVR0jBBgwFoAUaDfg67Y7+F8R # hvv+YXsIiGX0TkIwHQYDVR0OBBYEFJIsiVnihq62MAlpq96K9lNX9UCGMD4GA1Ud # IAQ3MDUwMwYGZ4EMAQQBMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNl # cnQuY29tL0NQUzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMw # gbUGA1UdHwSBrTCBqjBToFGgT4ZNaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp # Z2lDZXJ0VHJ1c3RlZEc0Q29kZVNpZ25pbmdSU0E0MDk2U0hBMzg0MjAyMUNBMS5j # cmwwU6BRoE+GTWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0 # ZWRHNENvZGVTaWduaW5nUlNBNDA5NlNIQTM4NDIwMjFDQTEuY3JsMIGUBggrBgEF # BQcBAQSBhzCBhDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29t # MFwGCCsGAQUFBzAChlBodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNl # cnRUcnVzdGVkRzRDb2RlU2lnbmluZ1JTQTQwOTZTSEEzODQyMDIxQ0ExLmNydDAJ # BgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4ICAQChGHY/dRc2BtvGT6mHR4bqoakC # N9hyjDA+bbxJE73T2HgI5wKVmhu2JmFZ/FHmoXE4ngnLnGS+zMEoeTEfzb/MmAxF # H+Ca/JGMDsbVf+rP+aVc1NkSpUd6u5rsR01Dimcs+pHGwpEUF1HCDFrFcl10Smcj # b8Z+tPbIETe3yvdRyoJL2Lm6k8wvC7xfgPoMzdbKWRzTCEnVQ+B53vHBSLT4D5wW # dq3yv6oj2fQ381wZQm16fLIedmiStUYfp0ZICqI3T6UiQ5w/DXYy05Z/1Njqu3PQ # l2Sy/JLDZc7hBu5YH5ia1G2IFC6S9gN34jm8qhkkoo8kihsxRBbBLiiNB0z/eH7y # jsNgyRR+Vje51Jcgte18zVQH6fRkl+HDp2nMgdgzShlKYXZzVFQvgmMu76x72P5f # bOgzmOxCZNZh0AQUo16DdbnGvloqHCbEND2JA/0QpeB0dlWKkWiotu/MaJE8/4uU # sxw5JSZPj8ya4WnrntJaY73TxXBHSd9CezT7lDShTgB1FkCSAov3aFwqyGH4hC+2 # MGp3Wzn03rkqVCzjmgNSIkCxQzJ+hEIvbk6GVK2yk+Q9eZQCkjRKY+EYwJNDsB9I # w75dWMsi2S9PFBEkKZYZFgxwVaBvnWgrfxlZMOooNADSdmq5fvTH/tjR3vIEd4QP # Dlzb9f7QLX+cvb0MjjGCGm0wghppAgEBMH0waTELMAkGA1UEBhMCVVMxFzAVBgNV # BAoTDkRpZ2lDZXJ0LCBJbmMuMUEwPwYDVQQDEzhEaWdpQ2VydCBUcnVzdGVkIEc0 # IENvZGUgU2lnbmluZyBSU0E0MDk2IFNIQTM4NCAyMDIxIENBMQIQD9bmIMUq+I6M # gaQf3mTiLjANBglghkgBZQMEAgEFAKCBhDAYBgorBgEEAYI3AgEMMQowCKACgACh # AoAAMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsxDjAM # BgorBgEEAYI3AgEVMC8GCSqGSIb3DQEJBDEiBCCZvJp1Af2K1jjAw1TpL3ZaQPjs # NVUtBbYr12L8MXRP4TANBgkqhkiG9w0BAQEFAASCAgBVP8XEVkOkhUtL2/qb7lx1 # P6q0EQQ/zXzTpwn9C/fXsbsLICsHNiny9BQj3WtWD8R0QJcBLPBaEzgZpZj3jZWm # +8Rg26t3FZm8rxsCnn7z3u5dZZ2L52zBBNalK0Tv5NQmeWK/WqoFSJqDUL/DeOyz # vLmQwo2j3Rnd+EUWNdUKEt9MAQHajHWmqvL4d9pMSlcrd0scqcJQkrrjv7nbUh56 # 9EzyviCqcL0E5ewwqVm/gqHbJ1ZCajW9obvP+eqFZmgKmJ5EJvRDOcJojInkJKxe # qVRyScOG1iluwI5f1Ub18H1CifjbhOhAn71cnhOvqGrmtl86Jwt4Qw5GQ6eZVTI6 # crJTcjiJ5htToa1nae56IhpuSwQYQk+q2mSaR4Lsj27Ped/VOJxAI0ypBSbniwlq # RP1IMOgiidGvXqe8A3TD7V4SK1PXrIX5Rt84Vop7x5rrGDTFMqYwH6NAM3LRM+cN # wJWhD1HNpEGQF0inl0bIY3uf1IsjtycX9lsOPVKvKufl+elyhpRhPBdkHXpU3BNI # F9AVlBX3GCKO86R5h05hF/0B9W/OODF8g7va6Ar5RHx7qgzTphS9E1RfI9WSaq66 # UU5YIdnKobvl8Q3suv7qrzHPsqAQI5eI13CNcbDoRiPbg91v3F4KFxsnwQ4NJGnV # Pl2TOyH4hTv2NbK+wYZ5hqGCFzowghc2BgorBgEEAYI3AwMBMYIXJjCCFyIGCSqG # SIb3DQEHAqCCFxMwghcPAgEDMQ8wDQYJYIZIAWUDBAIBBQAweAYLKoZIhvcNAQkQ # AQSgaQRnMGUCAQEGCWCGSAGG/WwHATAxMA0GCWCGSAFlAwQCAQUABCBLGQO+0Jsd # Cm6Mf5205VNGg82CHp6ygEA1vVQM/YxxwAIRAOPl4ml6nVjk5mKuFqu0RhQYDzIw # MjUwMjEwMjA1MTEwWqCCEwMwgga8MIIEpKADAgECAhALrma8Wrp/lYfG+ekE4zME # MA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2Vy # dCwgSW5jLjE7MDkGA1UEAxMyRGlnaUNlcnQgVHJ1c3RlZCBHNCBSU0E0MDk2IFNI # QTI1NiBUaW1lU3RhbXBpbmcgQ0EwHhcNMjQwOTI2MDAwMDAwWhcNMzUxMTI1MjM1 # OTU5WjBCMQswCQYDVQQGEwJVUzERMA8GA1UEChMIRGlnaUNlcnQxIDAeBgNVBAMT # F0RpZ2lDZXJ0IFRpbWVzdGFtcCAyMDI0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A # MIICCgKCAgEAvmpzn/aVIauWMLpbbeZZo7Xo/ZEfGMSIO2qZ46XB/QowIEMSvgjE # dEZ3v4vrrTHleW1JWGErrjOL0J4L0HqVR1czSzvUQ5xF7z4IQmn7dHY7yijvoQ7u # jm0u6yXF2v1CrzZopykD07/9fpAT4BxpT9vJoJqAsP8YuhRvflJ9YeHjes4fduks # THulntq9WelRWY++TFPxzZrbILRYynyEy7rS1lHQKFpXvo2GePfsMRhNf1F41nyE # g5h7iOXv+vjX0K8RhUisfqw3TTLHj1uhS66YX2LZPxS4oaf33rp9HlfqSBePejlY # eEdU740GKQM7SaVSH3TbBL8R6HwX9QVpGnXPlKdE4fBIn5BBFnV+KwPxRNUNK6lY # k2y1WSKour4hJN0SMkoaNV8hyyADiX1xuTxKaXN12HgR+8WulU2d6zhzXomJ2Ple # I9V2yfmfXSPGYanGgxzqI+ShoOGLomMd3mJt92nm7Mheng/TBeSA2z4I78JpwGpT # RHiT7yHqBiV2ngUIyCtd0pZ8zg3S7bk4QC4RrcnKJ3FbjyPAGogmoiZ33c1HG93V # p6lJ415ERcC7bFQMRbxqrMVANiav1k425zYyFMyLNyE1QulQSgDpW9rtvVcIH7Wv # G9sqYup9j8z9J1XqbBZPJ5XLln8mS8wWmdDLnBHXgYly/p1DhoQo5fkCAwEAAaOC # AYswggGHMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQM # MAoGCCsGAQUFBwMIMCAGA1UdIAQZMBcwCAYGZ4EMAQQCMAsGCWCGSAGG/WwHATAf # BgNVHSMEGDAWgBS6FtltTYUvcyl2mi91jGogj57IbzAdBgNVHQ4EFgQUn1csA3cO # KBWQZqVjXu5Pkh92oFswWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2NybDMuZGln # aWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0UlNBNDA5NlNIQTI1NlRpbWVTdGFt # cGluZ0NBLmNybDCBkAYIKwYBBQUHAQEEgYMwgYAwJAYIKwYBBQUHMAGGGGh0dHA6 # Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBYBggrBgEFBQcwAoZMaHR0cDovL2NhY2VydHMu # ZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0UlNBNDA5NlNIQTI1NlRpbWVT # dGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAPa0eH3aZW+M4hBJH2UOR # 9hHbm04IHdEoT8/T3HuBSyZeq3jSi5GXeWP7xCKhVireKCnCs+8GZl2uVYFvQe+p # PTScVJeCZSsMo1JCoZN2mMew/L4tpqVNbSpWO9QGFwfMEy60HofN6V51sMLMXNTL # fhVqs+e8haupWiArSozyAmGH/6oMQAh078qRh6wvJNU6gnh5OruCP1QUAvVSu4kq # VOcJVozZR5RRb/zPd++PGE3qF1P3xWvYViUJLsxtvge/mzA75oBfFZSbdakHJe2B # VDGIGVNVjOp8sNt70+kEoMF+T6tptMUNlehSR7vM+C13v9+9ZOUKzfRUAYSyyEmY # tsnpltD/GWX8eM70ls1V6QG/ZOB6b6Yum1HvIiulqJ1Elesj5TMHq8CWT/xrW7tw # ipXTJ5/i5pkU5E16RSBAdOp12aw8IQhhA/vEbFkEiF2abhuFixUDobZaA0VhqAsM # HOmaT3XThZDNi5U2zHKhUs5uHHdG6BoQau75KiNbh0c+hatSF+02kULkftARjsyE # pHKsF7u5zKRbt5oK5YGwFvgc4pEVUNytmB3BpIiowOIIuDgP5M9WArHYSAR16gc0 # dP2XdkMEP5eBsX7bf/MGN4K3HP50v/01ZHo/Z5lGLvNwQ7XHBx1yomzLP8lx4Q1z # ZKDyHcp4VQJLu2kWTsKsOqQwggauMIIElqADAgECAhAHNje3JFR82Ees/ShmKl5b # MA0GCSqGSIb3DQEBCwUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2Vy # dCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lD # ZXJ0IFRydXN0ZWQgUm9vdCBHNDAeFw0yMjAzMjMwMDAwMDBaFw0zNzAzMjIyMzU5 # NTlaMGMxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE7MDkG # A1UEAxMyRGlnaUNlcnQgVHJ1c3RlZCBHNCBSU0E0MDk2IFNIQTI1NiBUaW1lU3Rh # bXBpbmcgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDGhjUGSbPB # PXJJUVXHJQPE8pE3qZdRodbSg9GeTKJtoLDMg/la9hGhRBVCX6SI82j6ffOciQt/ # nR+eDzMfUBMLJnOWbfhXqAJ9/UO0hNoR8XOxs+4rgISKIhjf69o9xBd/qxkrPkLc # Z47qUT3w1lbU5ygt69OxtXXnHwZljZQp09nsad/ZkIdGAHvbREGJ3HxqV3rwN3mf # XazL6IRktFLydkf3YYMZ3V+0VAshaG43IbtArF+y3kp9zvU5EmfvDqVjbOSmxR3N # Ng1c1eYbqMFkdECnwHLFuk4fsbVYTXn+149zk6wsOeKlSNbwsDETqVcplicu9Yem # j052FVUmcJgmf6AaRyBD40NjgHt1biclkJg6OBGz9vae5jtb7IHeIhTZgirHkr+g # 3uM+onP65x9abJTyUpURK1h0QCirc0PO30qhHGs4xSnzyqqWc0Jon7ZGs506o9UD # 4L/wojzKQtwYSH8UNM/STKvvmz3+DrhkKvp1KCRB7UK/BZxmSVJQ9FHzNklNiyDS # LFc1eSuo80VgvCONWPfcYd6T/jnA+bIwpUzX6ZhKWD7TA4j+s4/TXkt2ElGTyYwM # O1uKIqjBJgj5FBASA31fI7tk42PgpuE+9sJ0sj8eCXbsq11GdeJgo1gJASgADoRU # 7s7pXcheMBK9Rp6103a50g5rmQzSM7TNsQIDAQABo4IBXTCCAVkwEgYDVR0TAQH/ # BAgwBgEB/wIBADAdBgNVHQ4EFgQUuhbZbU2FL3MpdpovdYxqII+eyG8wHwYDVR0j # BBgwFoAU7NfjgtJxXWRM3y5nP+e6mK4cD08wDgYDVR0PAQH/BAQDAgGGMBMGA1Ud # JQQMMAoGCCsGAQUFBwMIMHcGCCsGAQUFBwEBBGswaTAkBggrBgEFBQcwAYYYaHR0 # cDovL29jc3AuZGlnaWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRwOi8vY2FjZXJ0 # cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNydDBDBgNVHR8E # PDA6MDigNqA0hjJodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVz # dGVkUm9vdEc0LmNybDAgBgNVHSAEGTAXMAgGBmeBDAEEAjALBglghkgBhv1sBwEw # DQYJKoZIhvcNAQELBQADggIBAH1ZjsCTtm+YqUQiAX5m1tghQuGwGC4QTRPPMFPO # vxj7x1Bd4ksp+3CKDaopafxpwc8dB+k+YMjYC+VcW9dth/qEICU0MWfNthKWb8RQ # TGIdDAiCqBa9qVbPFXONASIlzpVpP0d3+3J0FNf/q0+KLHqrhc1DX+1gtqpPkWae # LJ7giqzl/Yy8ZCaHbJK9nXzQcAp876i8dU+6WvepELJd6f8oVInw1YpxdmXazPBy # oyP6wCeCRK6ZJxurJB4mwbfeKuv2nrF5mYGjVoarCkXJ38SNoOeY+/umnXKvxMfB # wWpx2cYTgAnEtp/Nh4cku0+jSbl3ZpHxcpzpSwJSpzd+k1OsOx0ISQ+UzTl63f8l # Y5knLD0/a6fxZsNBzU+2QJshIUDQtxMkzdwdeDrknq3lNHGS1yZr5Dhzq6YBT70/ # O3itTK37xJV77QpfMzmHQXh6OOmc4d0j/R0o08f56PGYX/sr2H7yRp11LB4nLCbb # bxV7HhmLNriT1ObyF5lZynDwN7+YAN8gFk8n+2BnFqFmut1VwDophrCYoCvtlUG3 # OtUVmDG0YgkPCr2B2RP+v6TR81fZvAT6gt4y3wSJ8ADNXcL50CN/AAvkdgIm2fBl # dkKmKYcJRyvmfxqkhQ/8mJb2VVQrH4D6wPIOK+XW+6kvRBVK5xMOHds3OBqhK/bt # 1nz8MIIFjTCCBHWgAwIBAgIQDpsYjvnQLefv21DiCEAYWjANBgkqhkiG9w0BAQwF # ADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL # ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElE # IFJvb3QgQ0EwHhcNMjIwODAxMDAwMDAwWhcNMzExMTA5MjM1OTU5WjBiMQswCQYD # VQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGln # aWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIi # MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKn # JS7JIT3yithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/W # BTxSD1Ifxp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHi # LQwb7iDVySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhm # V1efVFiODCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHE # tWoYOAMQjdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6 # MUSaM0C/CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mX # aXpI8OCiEhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZ # xd9LBADMfRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfh # vbfmQ6QYuKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvl # EFDrMcXKchYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn1 # 5GkvmB0t9dmpsh3lGwIDAQABo4IBOjCCATYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV # HQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wHwYDVR0jBBgwFoAUReuir/SSy4Ix # LVGLp6chnfNtyA8wDgYDVR0PAQH/BAQDAgGGMHkGCCsGAQUFBwEBBG0wazAkBggr # BgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEMGCCsGAQUFBzAChjdo # dHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290 # Q0EuY3J0MEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNv # bS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwEQYDVR0gBAowCDAGBgRVHSAA # MA0GCSqGSIb3DQEBDAUAA4IBAQBwoL9DXFXnOF+go3QbPbYW1/e/Vwe9mqyhhyzs # hV6pGrsi+IcaaVQi7aSId229GhT0E0p6Ly23OO/0/4C5+KH38nLeJLxSA8hO0Cre # +i1Wz/n096wwepqLsl7Uz9FDRJtDIeuWcqFItJnLnU+nBgMTdydE1Od/6Fmo8L8v # C6bp8jQ87PcDx4eo0kxAGTVGamlUsLihVo7spNU96LHc/RzY9HdaXFSMb++hUD38 # dglohJ9vytsgjTVgHAIDyyCwrFigDkBjxZgiwbJZ9VVrzyerbHbObyMt9H5xaiNr # Iv8SuFQtJ37YOtnwtoeW/VvRXKwYw02fc7cBqZ9Xql4o4rmUMYIDdjCCA3ICAQEw # dzBjMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xOzA5BgNV # BAMTMkRpZ2lDZXJ0IFRydXN0ZWQgRzQgUlNBNDA5NiBTSEEyNTYgVGltZVN0YW1w # aW5nIENBAhALrma8Wrp/lYfG+ekE4zMEMA0GCWCGSAFlAwQCAQUAoIHRMBoGCSqG # SIb3DQEJAzENBgsqhkiG9w0BCRABBDAcBgkqhkiG9w0BCQUxDxcNMjUwMjEwMjA1 # MTEwWjArBgsqhkiG9w0BCRACDDEcMBowGDAWBBTb04XuYtvSPnvk9nFIUIck1YZb # RTAvBgkqhkiG9w0BCQQxIgQg+onJdVdsimxFiLYxzK1T6NHZZutPihD8PEdrsXs3 # 6UEwNwYLKoZIhvcNAQkQAi8xKDAmMCQwIgQgdnafqPJjLx9DCzojMK7WVnX+13Pb # BdZluQWTmEOPmtswDQYJKoZIhvcNAQEBBQAEggIATiF5EtFePuGkyEmWQ3OW+9y7 # LYqmJJr5W+mK1fYptzGQLPwxUYI2qJ+pkT7+D/NmlbJnfZ0gtp57whI3QTPno5LL # 2G3wzgRBQZyTM/hgMyzCmwZHxPkGNxci3rrmcw7gLARlc+bxfTT7BH39jPgZjlio # lU1Y6Y8wlUFRVJWm/DkfFIFcX+2CGAXlM9BTbSCebnVzA9ybcah3W6Q3j+raUsad # Kl2+5hRFJNpEG4uaGeVYMctbIcBLQHU4rxYJar8ir/o8JCTQ8FIH5dWik5KF8j5E # 78zNiXIfxEW4wqC0cOlRA5zgMCv0fCadHDN5IACf8trHmUFaoIRNmLIPd8sZuXHi # y9gnXvqlPXSFM4a4igYW6dY/xfhaoxPR474gvXSRbBwQ0YRO0D9umJqdr2Ua3s1v # 0BOiRXqFX8lVwpg+7QofWtyPrct24uZXYNYK1X0DemQNXWyEWKfeXhW9FxrLFO6m # TO77RObloMMhJ5OhlaiLRc4SQEABP94ZU/ExYNAIg3UlIrYk/G7DGR4BiPP2nwtF # FgW5A7Is+IAVZqUIoShDqEWzOE6e4UmV2AqNZAxBIMBfp3Iz2TuAVChQK1051/mY # fWZsSUejQFc9Yahyt4BuwxHvJ7XMxuQDwEF4ELwA/p/7goj5maZcRs8eZ9e7reYy # LBzXhwn76AMG4ZoK8dA= # SIG # End signature block |