OpenSSHUtils.psm1
|
Set-StrictMode -Version 2.0 <# .Synopsis Get-UserSID #> function Get-UserSID { [CmdletBinding(DefaultParameterSetName='User')] param ( [parameter(Mandatory=$true, ParameterSetName="User")] [ValidateNotNull()] [System.Security.Principal.NTAccount]$User, [parameter(Mandatory=$true, ParameterSetName="WellKnownSidType")] [ValidateNotNull()] [System.Security.Principal.WellKnownSidType]$WellKnownSidType ) try { if($PSBoundParameters.ContainsKey("User")) { $sid = $User.Translate([System.Security.Principal.SecurityIdentifier]) } elseif($PSBoundParameters.ContainsKey("WellKnownSidType")) { $sid = New-Object System.Security.Principal.SecurityIdentifier($WellKnownSidType, $null) } $sid } catch { return $null } } # get the local System user $systemSid = Get-UserSID -WellKnownSidType ([System.Security.Principal.WellKnownSidType]::LocalSystemSid) # get the Administrators group $adminsSid = Get-UserSID -WellKnownSidType ([System.Security.Principal.WellKnownSidType]::BuiltinAdministratorsSid) # get the everyone $everyoneSid = Get-UserSID -WellKnownSidType ([System.Security.Principal.WellKnownSidType]::WorldSid) $sshdSid = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-80-3847866527-469524349-687026318-516638107-1125189541") $currentUserSid = Get-UserSID -User "$($env:USERDOMAIN)\$($env:USERNAME)" #Taken from P/Invoke.NET with minor adjustments. $definition = @' using System; using System.Runtime.InteropServices; public class AdjPriv { [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen); [DllImport("kernel32.dll", ExactSpelling = true, SetLastError = true)] internal static extern IntPtr GetCurrentProcess(); [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid); [StructLayout(LayoutKind.Sequential, Pack = 1)] internal struct TokPriv1Luid { public int Count; public long Luid; public int Attr; } internal const int SE_PRIVILEGE_ENABLED = 0x00000002; internal const int SE_PRIVILEGE_DISABLED = 0x00000000; internal const int TOKEN_QUERY = 0x00000008; internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020; public static bool EnablePrivilege(string privilege, bool disable) { bool retVal; TokPriv1Luid tp; IntPtr hproc = GetCurrentProcess(); IntPtr htok = IntPtr.Zero; retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok); tp.Count = 1; tp.Luid = 0; if(disable) { tp.Attr = SE_PRIVILEGE_DISABLED; } else { tp.Attr = SE_PRIVILEGE_ENABLED; } retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid); retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero); return retVal; } } '@ $type = Add-Type $definition -PassThru -ErrorAction SilentlyContinue <# .Synopsis Repair-SshdConfigPermission Repair the file owner and Permission of sshd_config #> function Repair-SshdConfigPermission { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] param ( [parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string]$FilePath) Repair-FilePermission -Owners $systemSid,$adminsSid -FullAccessNeeded $systemSid -ReadAccessNeeded $sshdSid @psBoundParameters } <# .Synopsis Repair-SshdHostKeyPermission Repair the file owner and Permission of host private and public key -FilePath: The path of the private host key #> function Repair-SshdHostKeyPermission { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] param ( [parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string]$FilePath) if($PSBoundParameters["FilePath"].EndsWith(".pub")) { $PSBoundParameters["FilePath"] = $PSBoundParameters["FilePath"].Replace(".pub", "") } Repair-FilePermission -Owners $systemSid,$adminsSid -ReadAccessNeeded $sshdSid @psBoundParameters $PSBoundParameters["FilePath"] += ".pub" Repair-FilePermission -Owners $systemSid,$adminsSid -ReadAccessOK $everyoneSid -ReadAccessNeeded $sshdSid @psBoundParameters } <# .Synopsis Repair-AuthorizedKeyPermission Repair the file owner and Permission of authorized_keys #> function Repair-AuthorizedKeyPermission { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] param ( [parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string]$FilePath) if(-not (Test-Path $FilePath -PathType Leaf)) { Write-host "$FilePath not found" -ForegroundColor Yellow return } $fullPath = (Resolve-Path $FilePath).Path $profileListPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" $profileItem = Get-ChildItem $profileListPath -ErrorAction SilentlyContinue | ? { $properties = Get-ItemProperty $_.pspath -ErrorAction SilentlyContinue $userProfilePath = $null if($properties) { $userProfilePath = $properties.ProfileImagePath } $userProfilePath = $userProfilePath.Replace("\", "\\") if ( $properties.PSChildName -notmatch '\.bak$') { $fullPath -match "^$userProfilePath\\[\\|\W|\w]+authorized_keys$" } } if($profileItem) { $userSid = $profileItem.PSChildName Repair-FilePermission -Owners $userSid,$adminsSid,$systemSid -AnyAccessOK $userSid -FullAccessNeeded $systemSid -ReadAccessNeeded $sshdSid @psBoundParameters } else { Write-host "$fullPath is not in the profile folder of any user. Skip checking..." -ForegroundColor Yellow } } <# .Synopsis Repair-UserKeyPermission Repair the file owner and Permission of user config -FilePath: The path of the private user key -User: The user associated with this ssh config #> function Repair-UserKeyPermission { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] param ( [parameter(Mandatory=$true, Position = 0)] [ValidateNotNullOrEmpty()] [string]$FilePath, [System.Security.Principal.SecurityIdentifier] $UserSid = $currentUserSid) if($PSBoundParameters["FilePath"].EndsWith(".pub")) { $PSBoundParameters["FilePath"] = $PSBoundParameters["FilePath"].Replace(".pub", "") } Repair-FilePermission -Owners $UserSid, $adminsSid,$systemSid -AnyAccessOK $UserSid @psBoundParameters $PSBoundParameters["FilePath"] += ".pub" Repair-FilePermission -Owners $UserSid, $adminsSid,$systemSid -AnyAccessOK $UserSid -ReadAccessOK $everyoneSid @psBoundParameters } <# .Synopsis Repair-UserSSHConfigPermission Repair the file owner and Permission of user config #> function Repair-UserSshConfigPermission { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] param ( [parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string]$FilePath, [System.Security.Principal.SecurityIdentifier] $UserSid = $currentUserSid) Repair-FilePermission -Owners $UserSid,$adminsSid,$systemSid -AnyAccessOK $UserSid @psBoundParameters } <# .Synopsis Repair-FilePermission Only validate owner and ACEs of the file #> function Repair-FilePermission { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] param ( [parameter(Mandatory=$true, Position = 0)] [ValidateNotNullOrEmpty()] [string]$FilePath, [ValidateNotNull()] [System.Security.Principal.SecurityIdentifier[]] $Owners = $currentUserSid, [System.Security.Principal.SecurityIdentifier[]] $AnyAccessOK = $null, [System.Security.Principal.SecurityIdentifier[]] $FullAccessNeeded = $null, [System.Security.Principal.SecurityIdentifier[]] $ReadAccessOK = $null, [System.Security.Principal.SecurityIdentifier[]] $ReadAccessNeeded = $null ) if(-not (Test-Path $FilePath -PathType Leaf)) { Write-host "$FilePath not found" -ForegroundColor Yellow return } Write-host " [*] $FilePath" $return = Repair-FilePermissionInternal @PSBoundParameters if($return -contains $true) { #Write-host "Re-check the health of file $FilePath" Repair-FilePermissionInternal @PSBoundParameters } } <# .Synopsis Repair-FilePermissionInternal #> function Repair-FilePermissionInternal { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] param ( [parameter(Mandatory=$true, Position = 0)] [ValidateNotNullOrEmpty()] [string]$FilePath, [ValidateNotNull()] [System.Security.Principal.SecurityIdentifier[]] $Owners = $currentUserSid, [System.Security.Principal.SecurityIdentifier[]] $AnyAccessOK = $null, [System.Security.Principal.SecurityIdentifier[]] $FullAccessNeeded = $null, [System.Security.Principal.SecurityIdentifier[]] $ReadAccessOK = $null, [System.Security.Principal.SecurityIdentifier[]] $ReadAccessNeeded = $null ) $acl = Get-Acl $FilePath $needChange = $false $health = $true $paras = @{} $PSBoundParameters.GetEnumerator() | % { if((-not $_.key.Contains("Owners")) -and (-not $_.key.Contains("Access"))) { $paras.Add($_.key,$_.Value) } } $currentOwnerSid = Get-UserSid -User $acl.owner if($owners -notcontains $currentOwnerSid) { $newOwner = Get-UserAccount -User $Owners[0] $caption = "Current owner: '$($acl.Owner)'. '$newOwner' should own '$FilePath'." $prompt = "Shall I set the file owner?" $description = "Set '$newOwner' as owner of '$FilePath'." if($pscmdlet.ShouldProcess($description, $prompt, $caption)) { Enable-Privilege SeRestorePrivilege | out-null $acl.SetOwner($newOwner) Set-Acl -Path $FilePath -AclObject $acl -Confirm:$false } else { $health = $false if(-not $PSBoundParameters.ContainsKey("WhatIf")) { Write-Host "The owner is still set to '$($acl.Owner)'." -ForegroundColor Yellow } } } $ReadAccessPerm = ([System.UInt32] [System.Security.AccessControl.FileSystemRights]::Read.value__) -bor ` ([System.UInt32] [System.Security.AccessControl.FileSystemRights]::Synchronize.value__) $FullControlPerm = [System.UInt32] [System.Security.AccessControl.FileSystemRights]::FullControl.value__ #system and admin groups can have any access to the file; plus the account in the AnyAccessOK list $realAnyAccessOKList = @($systemSid, $adminsSid) if($AnyAccessOK) { $realAnyAccessOKList += $AnyAccessOK } $realFullAccessNeeded = $FullAccessNeeded $realReadAccessNeeded = $ReadAccessNeeded if($realFullAccessNeeded -contains $everyoneSid) { $realFullAccessNeeded = @($everyoneSid) $realReadAccessNeeded = $null } if($realReadAccessNeeded -contains $everyoneSid) { $realReadAccessNeeded = @($everyoneSid) } #this is original list requested by the user, the account will be removed from the list if they already part of the dacl if($realReadAccessNeeded) { $realReadAccessNeeded = $realReadAccessNeeded | ? { ($_ -ne $null) -and ($realFullAccessNeeded -notcontains $_) } } #if accounts in the ReadAccessNeeded or $realFullAccessNeeded already part of dacl, they are okay; #need to make sure they have read access only $realReadAcessOKList = $ReadAccessOK + $realReadAccessNeeded foreach($a in $acl.Access) { if ($a.IdentityReference -is [System.Security.Principal.SecurityIdentifier]) { $IdentityReferenceSid = $a.IdentityReference } Else { $IdentityReferenceSid = Get-UserSid -User $a.IdentityReference } if($IdentityReferenceSid -eq $null) { $idRefShortValue = ($a.IdentityReference.Value).split('\')[-1] $IdentityReferenceSid = Get-UserSID -User $idRefShortValue if($IdentityReferenceSid -eq $null) { Write-Warning "Can't translate '$idRefShortValue'. " continue } } if($realFullAccessNeeded -contains ($IdentityReferenceSid)) { $realFullAccessNeeded = $realFullAccessNeeded | ? { ($_ -ne $null) -and (-not $_.Equals($IdentityReferenceSid)) } if($realReadAccessNeeded) { $realReadAccessNeeded = $realReadAccessNeeded | ? { ($_ -ne $null) -and (-not $_.Equals($IdentityReferenceSid)) } } if (($a.AccessControlType.Equals([System.Security.AccessControl.AccessControlType]::Allow)) -and ` ((([System.UInt32]$a.FileSystemRights.value__) -band $FullControlPerm) -eq $FullControlPerm)) { continue; } #update the account to full control if($a.IsInherited) { if($needChange) { Enable-Privilege SeRestorePrivilege | out-null Set-Acl -Path $FilePath -AclObject $acl -Confirm:$false } return Remove-RuleProtection @paras } $caption = "'$($a.IdentityReference)' has the following access to '$FilePath': '$($a.AccessControlType)'-'$($a.FileSystemRights)'." $prompt = "Shall I make it Allow FullControl?" $description = "Grant '$($a.IdentityReference)' FullControl access to '$FilePath'. " if($pscmdlet.ShouldProcess($description, $prompt, $caption)) { $needChange = $true $ace = New-Object System.Security.AccessControl.FileSystemAccessRule ` ($IdentityReferenceSid, "FullControl", "None", "None", "Allow") $acl.SetAccessRule($ace) Write-Host "'$($a.IdentityReference)' now has FullControl access to '$FilePath'. " -ForegroundColor Green } else { $health = $false if(-not $PSBoundParameters.ContainsKey("WhatIf")) { Write-Host "'$($a.IdentityReference)' still has these access to '$FilePath': '$($a.AccessControlType)'-'$($a.FileSystemRights)'." -ForegroundColor Yellow } } } elseif(($realAnyAccessOKList -contains $everyoneSid) -or ($realAnyAccessOKList -contains $IdentityReferenceSid)) { #ignore those accounts listed in the AnyAccessOK list. continue; } #If everyone is in the ReadAccessOK list, any user can have read access; # below block make sure they are granted Read access only elseif(($realReadAcessOKList -contains $everyoneSid) -or ($realReadAcessOKList -contains $IdentityReferenceSid)) { if($realReadAccessNeeded -and ($IdentityReferenceSid.Equals($everyoneSid))) { $realReadAccessNeeded= $null } elseif($realReadAccessNeeded) { $realReadAccessNeeded = $realReadAccessNeeded | ? { ($_ -ne $null ) -and (-not $_.Equals($IdentityReferenceSid)) } } if (-not ($a.AccessControlType.Equals([System.Security.AccessControl.AccessControlType]::Allow)) -or ` (-not (([System.UInt32]$a.FileSystemRights.value__) -band (-bnot $ReadAccessPerm)))) { continue; } if($a.IsInherited) { if($needChange) { Enable-Privilege SeRestorePrivilege | out-null Set-Acl -Path $FilePath -AclObject $acl -Confirm:$false } return Remove-RuleProtection @paras } $caption = "'$($a.IdentityReference)' has the following access to '$FilePath': '$($a.FileSystemRights)'." $prompt = "Shall I make it Read only?" $description = "Set'$($a.IdentityReference)' Read access only to '$FilePath'. " if($pscmdlet.ShouldProcess($description, $prompt, $caption)) { $needChange = $true $ace = New-Object System.Security.AccessControl.FileSystemAccessRule ` ($IdentityReferenceSid, "Read", "None", "None", "Allow") $acl.SetAccessRule($ace) Write-Host "'$($a.IdentityReference)' now has Read access to '$FilePath'. " -ForegroundColor Green } else { $health = $false if(-not $PSBoundParameters.ContainsKey("WhatIf")) { Write-Host "'$($a.IdentityReference)' still has these access to '$FilePath': '$($a.FileSystemRights)'." -ForegroundColor Yellow } } } #other than AnyAccessOK and ReadAccessOK list, if any other account is allowed, they should be removed from the dacl elseif($a.AccessControlType.Equals([System.Security.AccessControl.AccessControlType]::Allow)) { $caption = "'$($a.IdentityReference)' should not have access to '$FilePath'." if($a.IsInherited) { if($needChange) { Enable-Privilege SeRestorePrivilege | out-null Set-Acl -Path $FilePath -AclObject $acl -Confirm:$false } return Remove-RuleProtection @paras } $prompt = "Shall I remove this access?" $description = "Remove access rule of '$($a.IdentityReference)' from '$FilePath'." if($pscmdlet.ShouldProcess($description, $prompt, "$caption.")) { $needChange = $true $ace = New-Object System.Security.AccessControl.FileSystemAccessRule ` ($IdentityReferenceSid, $a.FileSystemRights, $a.InheritanceFlags, $a.PropagationFlags, $a.AccessControlType) if(-not ($acl.RemoveAccessRule($ace))) { Write-Warning "Failed to remove access of '$($a.IdentityReference)' from '$FilePath'." } else { Write-Host "'$($a.IdentityReference)' has no more access to '$FilePath'." -ForegroundColor Green } } else { $health = $false if(-not $PSBoundParameters.ContainsKey("WhatIf")) { Write-Host "'$($a.IdentityReference)' still has access to '$FilePath'." -ForegroundColor Yellow } } } } if($realFullAccessNeeded) { $realFullAccessNeeded | % { $account = Get-UserAccount -UserSid $_ if($account -eq $null) { Write-Warning "'$_' needs FullControl access to '$FilePath', but it can't be translated on the machine." } else { $caption = "'$account' needs FullControl access to '$FilePath'." $prompt = "Shall I make the above change?" $description = "Set '$account' FullControl access to '$FilePath'. " if($pscmdlet.ShouldProcess($description, $prompt, $caption)) { $needChange = $true $ace = New-Object System.Security.AccessControl.FileSystemAccessRule ` ($_, "FullControl", "None", "None", "Allow") $acl.AddAccessRule($ace) Write-Host "'$account' now has FullControl to '$FilePath'." -ForegroundColor Green } else { $health = $false if(-not $PSBoundParameters.ContainsKey("WhatIf")) { Write-Host "'$account' does not have FullControl to '$FilePath'." -ForegroundColor Yellow } } } } } #This is the real account list we need to add read access to the file if($realReadAccessNeeded) { $realReadAccessNeeded | % { $account = Get-UserAccount -UserSid $_ if($account -eq $null) { Write-Warning "'$_' needs Read access to '$FilePath', but it can't be translated on the machine." } else { $caption = "'$account' needs Read access to '$FilePath'." $prompt = "Shall I make the above change?" $description = "Set '$account' Read only access to '$FilePath'. " if($pscmdlet.ShouldProcess($description, $prompt, $caption)) { $needChange = $true $ace = New-Object System.Security.AccessControl.FileSystemAccessRule ` ($_, "Read", "None", "None", "Allow") $acl.AddAccessRule($ace) Write-Host "'$account' now has Read access to '$FilePath'." -ForegroundColor Green } else { $health = $false if(-not $PSBoundParameters.ContainsKey("WhatIf")) { Write-Host "'$account' does not have Read access to '$FilePath'." -ForegroundColor Yellow } } } } } if($needChange) { Enable-Privilege SeRestorePrivilege | out-null Set-Acl -Path $FilePath -AclObject $acl -Confirm:$false } if($health) { if ($needChange) { Write-Host " Repaired permissions" -ForegroundColor Yellow } else { Write-Host " looks good" -ForegroundColor Green } } Write-host " " } <# .Synopsis Remove-RuleProtection #> function Remove-RuleProtection { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] param ( [parameter(Mandatory=$true)] [string]$FilePath ) $message = "Need to remove the inheritance before repair the rules." $prompt = "Shall I remove the inheritace?" $description = "Remove inheritance of '$FilePath'." if($pscmdlet.ShouldProcess($description, $prompt, $message)) { $acl = Get-acl -Path $FilePath $acl.SetAccessRuleProtection($True, $True) Enable-Privilege SeRestorePrivilege | out-null Set-Acl -Path $FilePath -AclObject $acl -ErrorVariable e -Confirm:$false if($e) { Write-Warning "Remove-RuleProtection failed with error: $($e[0].ToString())." } Write-Host "Inheritance is removed from '$FilePath'." -ForegroundColor Green return $true } elseif(-not $PSBoundParameters.ContainsKey("WhatIf")) { Write-Host "inheritance is not removed from '$FilePath'. Skip Checking FilePath." -ForegroundColor Yellow return $false } } <# .Synopsis Get-UserAccount #> function Get-UserAccount { [CmdletBinding(DefaultParameterSetName='Sid')] param ( [parameter(Mandatory=$true, ParameterSetName="Sid")] [ValidateNotNull()] [System.Security.Principal.SecurityIdentifier]$UserSid, [parameter(Mandatory=$true, ParameterSetName="WellKnownSidType")] [ValidateNotNull()] [System.Security.Principal.WellKnownSidType]$WellKnownSidType ) try { if($PSBoundParameters.ContainsKey("UserSid")) { $objUser = $UserSid.Translate([System.Security.Principal.NTAccount]) } elseif($PSBoundParameters.ContainsKey("WellKnownSidType")) { $objSID = New-Object System.Security.Principal.SecurityIdentifier($WellKnownSidType, $null) $objUser = $objSID.Translate( [System.Security.Principal.NTAccount]) } $objUser } catch { return $null } } <# .Synopsis Enable-Privilege #> function Enable-Privilege { param( #The privilege to adjust. This set is taken from #http://msdn.microsoft.com/en-us/library/bb530716(VS.85).aspx [ValidateSet( "SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege", "SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege", "SeCreatePagefilePrivilege", "SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege", "SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege", "SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege", "SeLockMemoryPrivilege", "SeMachineAccountPrivilege", "SeManageVolumePrivilege", "SeProfileSingleProcessPrivilege", "SeRelabelPrivilege", "SeRemoteShutdownPrivilege", "SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege", "SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege", "SeTakeOwnershipPrivilege", "SeTcbPrivilege", "SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege", "SeUndockPrivilege", "SeUnsolicitedInputPrivilege")] $Privilege, # Switch to disable the privilege, rather than enable it. [Switch] $Disable ) $type[0]::EnablePrivilege($Privilege, $Disable) } Export-ModuleMember -Function Repair-SshdConfigPermission, Repair-SshdHostKeyPermission, Repair-AuthorizedKeyPermission, Repair-UserKeyPermission, Repair-UserSshConfigPermission # SIG # Begin signature block # MIIj9gYJKoZIhvcNAQcCoIIj5zCCI+MCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBwwnx0sGoGuzXc # xbUXszRyPEh7xYBUbo+9g4efuSnPaaCCDYIwggYAMIID6KADAgECAhMzAAAAww6b # p9iy3PcsAAAAAADDMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMTcwODExMjAyMDI0WhcNMTgwODExMjAyMDI0WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQC7V9c40bEGf0ktqW2zY596urY6IVu0mK6N1KSBoMV1xSzvgkAqt4FTd/NjAQq8 # zjeEA0BDV4JLzu0ftv2AbcnCkV0Fx9xWWQDhDOtX3v3xuJAnv3VK/HWycli2xUib # M2IF0ZWUpb85Iq2NEk1GYtoyGc6qIlxWSLFvRclndmJdMIijLyjFH1Aq2YbbGhEl # gcL09Wcu53kd9eIcdfROzMf8578LgEcp/8/NabEMC2DrZ+aEG5tN/W1HOsfZwWFh # 8pUSoQ0HrmMh2PSZHP94VYHupXnoIIJfCtq1UxlUAVcNh5GNwnzxVIaA4WLbgnM+ # Jl7wQBLSOdUmAw2FiDFfCguLAgMBAAGjggF/MIIBezAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUpxNdHyGJVegD7p4XNuryVIg1Ga8w # UQYDVR0RBEowSKRGMEQxDDAKBgNVBAsTA0FPQzE0MDIGA1UEBRMrMjMwMDEyK2M4 # MDRiNWVhLTQ5YjQtNDIzOC04MzYyLWQ4NTFmYTIyNTRmYzAfBgNVHSMEGDAWgBRI # bmTlUAXTgqoXNzcitW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3 # Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEt # MDctMDguY3JsMGEGCCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIw # MTEtMDctMDguY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAE2X # TzR+8XCTnOPVGkucEX5rJsSlJPTfRNQkurNqCImZmssx53Cb/xQdsAc5f+QwOxMi # 3g7IlWe7bn74fJWkkII3k6aD00kCwaytWe+Rt6dmAA6iTCXU3OddBwLKKDRlOzmD # rZUqjsqg6Ag6HP4+e0BJlE2OVCUK5bHHCu5xN8abXjb1p0JE+7yHsA3ANdkmh1// # Z+8odPeKMAQRimfMSzVgaiHnw40Hg16bq51xHykmCRHU9YLT0jYHKa7okm2QfwDJ # qFvu0ARl+6EOV1PM8piJ858Vk8gGxGNSYQJPV0gc9ft1Esq1+fTCaV+7oZ0NaYMn # 64M+HWsxw+4O8cSEQ4fuMZwGADJ8tyCKuQgj6lawGNSyvRXsN+1k02sVAiPGijOH # OtGbtsCWWSygAVOEAV/ye8F6sOzU2FL2X3WBRFkWOCdTu1DzXnHf99dR3DHVGmM1 # Kpd+n2Y3X89VM++yyrwsI6pEHu77Z0i06ELDD4pRWKJGAmEmWhm/XJTpqEBw51sw # THyA1FBnoqXuDus9tfHleR7h9VgZb7uJbXjiIFgl/+RIs+av8bJABBdGUNQMbJEU # fe7K4vYm3hs7BGdRLg+kF/dC/z+RiTH4p7yz5TpS3Cozf0pkkWXYZRG222q3tGxS # /L+LcRbELM5zmqDpXQjBRUWlKYbsATFtXnTGVjELMIIHejCCBWKgAwIBAgIKYQ6Q # 0gAAAAAAAzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT # Cldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29m # dCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNh # dGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5 # WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQD # Ex9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0B # AQEFAAOCAg8AMIICCgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4 # BjgaBEm6f8MMHt03a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe # 0t+bU7IKLMOv2akrrnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato # 88tt8zpcoRb0RrrgOGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v # ++MrWhAfTVYoonpy4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDst # rjNYxbc+/jLTswM9sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN # 91/w0FK/jJSHvMAhdCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4ji # JV3TIUs+UsS1Vz8kA/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmh # D+kjSbwYuER8ReTBw3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbi # wZeBe+3W7UvnSSmnEyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8Hh # hUSJxAlMxdSlQy90lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaI # jAsCAwEAAaOCAe0wggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTl # UAXTgqoXNzcitW2oynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNV # HQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQF # TuHqp8cx0SOJNDBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29m # dC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNf # MjIuY3JsMF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5t # aWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNf # MjIuY3J0MIGfBgNVHSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcC # ARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnlj # cHMuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5 # AF8AcwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oal # mOBUeRou09h0ZyKbC5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0ep # o/Np22O/IjWll11lhJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1 # HXeUOeLpZMlEPXh6I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtY # SWMfCWluWpiW5IP0wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInW # H8MyGOLwxS3OW560STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZ # iWhub6e3dMNABQamASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMd # YzaXht/a8/jyFqGaJ+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7f # QccOKO7eZS/sl/ahXJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKf # enoi+kiVH6v7RyOA9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOpp # O6/8MO0ETI7f33VtY5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZO # SEXAQsmbdlsKgEhr/Xmfwb1tbWrJUnMTDXpQzTGCFcowghXGAgEBMIGVMH4xCzAJ # BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25k # MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jv # c29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTECEzMAAADDDpun2LLc9ywAAAAAAMMw # DQYJYIZIAWUDBAIBBQCggbwwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYK # KwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIEoKpnJS # 3weuOCWgRYjEdgD/c2KI6f2qtZbX9QH5+kIaMFAGCisGAQQBgjcCAQwxQjBAoBaA # FABQAG8AdwBlAHIAUwBoAGUAbABsoSaAJGh0dHA6Ly93d3cubWljcm9zb2Z0LmNv # bS9Qb3dlclNoZWxsIDANBgkqhkiG9w0BAQEFAASCAQAlqJhEq10j5qTsdD06p2zR # 50bY/+9Qk1/+Cf1aTfp+cGweJl4MTd+W1h0vsxNf1SMGEmRhgRfle0kAPHeSS2IS # 4TLEf45CGRGp06eWEWge9dfTEhBaA4d77FC6UQ7h+y31YvFS0arZoisZsXvmo4OQ # 91n9xCNeAGazUWxF4+x0W6BFMYbgpYClCjQ1Zfs+O5ofm6aTuXkjoaFVCXL7Wv/7 # GLeCLmlNnAv2mZzjHCuEsbbUSol0unvrpPHE3+2LYPIBPCWmerENfCXNkmJ1Dc8h # 0tcBgEnZxdIdPmWfHgQow00/izqNAhds8SS0JqHdkLOWQdetDxZWSrFPUsLfnfFR # oYITRjCCE0IGCisGAQQBgjcDAwExghMyMIITLgYJKoZIhvcNAQcCoIITHzCCExsC # AQMxDzANBglghkgBZQMEAgEFADCCATwGCyqGSIb3DQEJEAEEoIIBKwSCAScwggEj # AgEBBgorBgEEAYRZCgMBMDEwDQYJYIZIAWUDBAIBBQAEIBS913wMgDgVV1nPKlOA # p4iNXTDGLhJKNw2wGITGdNDWAgZaKHe7ZwsYEzIwMTcxMjEyMDExMzUyLjQyMlow # BwIBAYACAfSggbikgbUwgbIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5n # dG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9y # YXRpb24xDDAKBgNVBAsTA0FPQzEnMCUGA1UECxMebkNpcGhlciBEU0UgRVNOOkQy # MzYtMzdEQS05NzYxMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2 # aWNloIIOyjCCBnEwggRZoAMCAQICCmEJgSoAAAAAAAIwDQYJKoZIhvcNAQELBQAw # gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS # ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMT # KU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTEw # MDcwMTIxMzY1NVoXDTI1MDcwMTIxNDY1NVowfDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAg # UENBIDIwMTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpHQ28dxGK # OiDs/BOX9fp/aZRrdFQQ1aUKAIKF++18aEssX8XD5WHCdrc+Zitb8BVTJwQxH0Eb # GpUdzgkTjnxhMFmxMEQP8WCIhFRDDNdNuDgIs0Ldk6zWczBXJoKjRQ3Q6vVHgc2/ # JGAyWGBG8lhHhjKEHnRhZ5FfgVSxz5NMksHEpl3RYRNuKMYa+YaAu99h/EbBJx0k # ZxJyGiGKr0tkiVBisV39dx898Fd1rL2KQk1AUdEPnAY+Z3/1ZsADlkR+79BL/W7l # msqxqPJ6Kgox8NpOBpG2iAg16HgcsOmZzTznL0S6p/TcZL2kAcEgCZN4zfy8wMlE # XV4WnAEFTyJNAgMBAAGjggHmMIIB4jAQBgkrBgEEAYI3FQEEAwIBADAdBgNVHQ4E # FgQU1WM6XIoxkPNDe3xGG8UzaFqFbVUwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBD # AEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU1fZW # y4/oolxiaNE9lJBb186aGMQwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5t # aWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIwMTAt # MDYtMjMuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0y # My5jcnQwgaAGA1UdIAEB/wSBlTCBkjCBjwYJKwYBBAGCNy4DMIGBMD0GCCsGAQUF # BwIBFjFodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vUEtJL2RvY3MvQ1BTL2RlZmF1 # bHQuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAFAAbwBsAGkAYwB5 # AF8AUwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQAH5ohR # DeLG4Jg/gXEDPZ2joSFvs+umzPUxvs8F4qn++ldtGTCzwsVmyWrf9efweL3HqJ4l # 4/m87WtUVwgrUYJEEvu5U4zM9GASinbMQEBBm9xcF/9c+V4XNZgkVkt070IQyK+/ # f8Z/8jd9Wj8c8pl5SpFSAK84Dxf1L3mBZdmptWvkx872ynoAb0swRCQiPM/tA6WW # j1kpvLb9BOFwnzJKJ/1Vry/+tuWOM7tiX5rbV0Dp8c6ZZpCM/2pif93FSguRJuI5 # 7BlKcWOdeyFtw5yjojz6f32WapB4pm3S4Zz5Hfw42JT0xqUKloakvZ4argRCg7i1 # gJsiOCC1JeVk7Pf0v35jWSUPei45V3aicaoGig+JFrphpxHLmtgOR5qAxdDNp9Dv # fYPw4TtxCd9ddJgiCGHasFAeb73x4QDf5zEHpJM692VHeOj4qEir995yfmFrb3ep # gcunCaw5u+zGy9iCtHLNHfS4hQEegPsbiSpUObJb2sgNVZl6h3M7COaYLeqN4DMu # Ein1wC9UJyH3yKxO2ii4sanblrKnQqLJzxlBTeCG+SqaoxFmMNO7dDJL32N79ZmK # LxvHIa9Zta7cRDyXUHHXodLFVeNp3lfB0d4wwP3M5k37Db9dT+mdHhk4L7zPWAUu # 7w2gUDXa7wknHNWzfjUeCLraNtvTX4/edIhJEjCCBNkwggPBoAMCAQICEzMAAACu # DtZOlonbAPUAAAAAAK4wDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzAR # BgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1p # Y3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3Rh # bXAgUENBIDIwMTAwHhcNMTYwOTA3MTc1NjU1WhcNMTgwOTA3MTc1NjU1WjCBsjEL # MAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1v # bmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEMMAoGA1UECxMDQU9D # MScwJQYDVQQLEx5uQ2lwaGVyIERTRSBFU046RDIzNi0zN0RBLTk3NjExJTAjBgNV # BAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2UwggEiMA0GCSqGSIb3DQEB # AQUAA4IBDwAwggEKAoIBAQDeki/DpJVy9T4NZmTD+uboIg90jE3Bnse2VLjxj059 # H/tGML58y3ue28RnWJIv+lSABp+jPp8XIf2p//DKYb0o/QSOJ8kGUoFYesNTPtqy # f/qohLW1rcLijiFoMLABH/GDnDbgRZHxVFxHUG+KNwffdC0BYC3Vfq3+2uOO8czR # lj10gRHU2BK8moSz53Vo2ZwF3TMZyVgvAvlg5sarNgRwAYwbwWW5wEqpeODFX1VA # /nAeLkjirCmg875M1XiEyPtrXDAFLng5/y5MlAcUMYJ6dHuSBDqLLXipjjYakQop # B3H1+9s8iyDoBM07JqP9u55VP5a2n/IZFNNwJHeCTSvLAgMBAAGjggEbMIIBFzAd # BgNVHQ4EFgQUfo/lNDREi/J5QLjGoNGcQx4hJbEwHwYDVR0jBBgwFoAU1WM6XIox # kPNDe3xGG8UzaFqFbVUwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5taWNy # b3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljVGltU3RhUENBXzIwMTAtMDct # MDEuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5t # aWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNUaW1TdGFQQ0FfMjAxMC0wNy0wMS5j # cnQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDCDANBgkqhkiG9w0B # AQsFAAOCAQEAPVlNePD0XDQI0bVBYANTDPmMpk3lIh6gPIilg0hKQpZNMADLbmj+ # kav0GZcxtWnwrBoR+fpBsuaowWgwxExCHBo6mix7RLeJvNyNYlCk2JQT/Ga80SRV # zOAL5Nxls1PqvDbgFghDcRTmpZMvADfqwdu5R6FNyIgecYNoyb7A4AqCLfV1Wx3P # rPyaXbatskk5mT8NqWLYLshBzt2Ca0bhJJZf6qQwg6r2gz1pG15ue6nDq/mjYpTm # CDhYz46b8rxrIn0sQxnFTmtntvz2Z1jCGs99n1rr2ZFrGXOJS4Bhn1tyKEFwGJjr # fQ4Gb2pyA9aKRwUyK9BHLKWC5ZLD0hAaIKGCA3QwggJcAgEBMIHioYG4pIG1MIGy # MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVk # bW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMQwwCgYDVQQLEwNB # T0MxJzAlBgNVBAsTHm5DaXBoZXIgRFNFIEVTTjpEMjM2LTM3REEtOTc2MTElMCMG # A1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZaIlCgEBMAkGBSsOAwIa # BQADFQDHwb0we6UYnmReZ3Q2+rvjmbxo+6CBwTCBvqSBuzCBuDELMAkGA1UEBhMC # VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEMMAoGA1UECxMDQU9DMScwJQYDVQQL # Ex5uQ2lwaGVyIE5UUyBFU046MjY2NS00QzNGLUM1REUxKzApBgNVBAMTIk1pY3Jv # c29mdCBUaW1lIFNvdXJjZSBNYXN0ZXIgQ2xvY2swDQYJKoZIhvcNAQEFBQACBQDd # 2XldMCIYDzIwMTcxMjExMjEzODM3WhgPMjAxNzEyMTIyMTM4MzdaMHQwOgYKKwYB # BAGEWQoEATEsMCowCgIFAN3ZeV0CAQAwBwIBAAICI+0wBwIBAAICGKowCgIFAN3a # yt0CAQAwNgYKKwYBBAGEWQoEAjEoMCYwDAYKKwYBBAGEWQoDAaAKMAgCAQACAxbj # YKEKMAgCAQACAx6EgDANBgkqhkiG9w0BAQUFAAOCAQEAi838/tAJRVQoRHuIev9I # w/qHrMFxF8uxPCyrUMnln+kAArXuwUFX+yBjIw9rQvnW9qWdh9dvlbkbsVbl7z11 # aV8NzUNewt5iNNYC10CP8xCtMYeXXpeOoBfBydcSo1TOzHNmKW6h/ywpLSm25qZ8 # AWWQCSipmd4TSmPagS2YUemQc6Rt+cBxzZsMpwVh95/jRlcXxX2IyLYcQyw4IVio # pPRkGclR/fSkPlcXLljuFOWz7FZLlfoC1SbvsFZcdkFt3n9tPpmEJkLHxF6/cJGB # qJJoN+YkVGFzZp8RHrAuiS6/hqMtHRWiGgTXshPIiCv5zTjBzUuqQXu3VGpajwOj # iTGCAvUwggLxAgEBMIGTMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5n # dG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9y # YXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMz # AAAArg7WTpaJ2wD1AAAAAACuMA0GCWCGSAFlAwQCAQUAoIIBMjAaBgkqhkiG9w0B # CQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcNAQkEMSIEICDCePW+IRAzSqyLBww7 # 0HOzl5fyWgcORI9h9v8hQ/hNMIHiBgsqhkiG9w0BCRACDDGB0jCBzzCBzDCBsQQU # x8G9MHulGJ5kXmd0Nvq745m8aPswgZgwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEG # A1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWlj # cm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFt # cCBQQ0EgMjAxMAITMwAAAK4O1k6WidsA9QAAAAAArjAWBBQ+RZGz3jiL5aaJ9ag4 # qo4OzJmWjjANBgkqhkiG9w0BAQsFAASCAQBnmyVVwTgogPizpWCZbM26gyvvmp4w # EN716Cig6RXQUfzb3eSyE+Tx0IxAGqdrL8aBYmDtqsJcA6X2GmTIwEdoLezCbTNQ # mTxXsGZbjzKmANvqI80Wl76PxnQTJM++3JIQkSw7y+IT8rEzJU8I6rBgOM3cvEPB # 08MubZn/31WxJ1NCLYCYlptfWZQ9IySGuqY8kSt3vZEFAyIl5HN+jYYfNHMg4m+J # 41020HFCx/qzrDXu80B7qpHStd/HHshWw4k+nb4wA0mE1ySQdlwf26JVZi0JN7J/ # I59Jqgan0vQdGJhZbs6lAJXuWE1IHcoAllBY4VZ+Z+KG11gGduCLfsds # SIG # End signature block |