OpenSSHUtils.psm1
|
Set-StrictMode -Version 2.0 <# .Synopsis Get-UserSID #> function Get-UserSID { [CmdletBinding(DefaultParameterSetName='User')] param ( [parameter(Mandatory=$true, ParameterSetName="User")] [ValidateNotNull()] [System.Security.Principal.NTAccount]$User, [parameter(Mandatory=$true, ParameterSetName="WellKnownSidType")] [ValidateNotNull()] [System.Security.Principal.WellKnownSidType]$WellKnownSidType ) try { if($PSBoundParameters.ContainsKey("User")) { $sid = $User.Translate([System.Security.Principal.SecurityIdentifier]) } elseif($PSBoundParameters.ContainsKey("WellKnownSidType")) { $sid = New-Object System.Security.Principal.SecurityIdentifier($WellKnownSidType, $null) } $sid } catch { return $null } } # get the local System user $systemSid = Get-UserSID -WellKnownSidType ([System.Security.Principal.WellKnownSidType]::LocalSystemSid) # get the Administrators group $adminsSid = Get-UserSID -WellKnownSidType ([System.Security.Principal.WellKnownSidType]::BuiltinAdministratorsSid) # get the everyone $everyoneSid = Get-UserSID -WellKnownSidType ([System.Security.Principal.WellKnownSidType]::WorldSid) $currentUserSid = Get-UserSID -User "$($env:USERDOMAIN)\$($env:USERNAME)" #Taken from P/Invoke.NET with minor adjustments. $definition = @' using System; using System.Runtime.InteropServices; public class AdjPriv { [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen); [DllImport("kernel32.dll", ExactSpelling = true, SetLastError = true)] internal static extern IntPtr GetCurrentProcess(); [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)] internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid); [StructLayout(LayoutKind.Sequential, Pack = 1)] internal struct TokPriv1Luid { public int Count; public long Luid; public int Attr; } internal const int SE_PRIVILEGE_ENABLED = 0x00000002; internal const int SE_PRIVILEGE_DISABLED = 0x00000000; internal const int TOKEN_QUERY = 0x00000008; internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020; public static bool EnablePrivilege(string privilege, bool disable) { bool retVal; TokPriv1Luid tp; IntPtr hproc = GetCurrentProcess(); IntPtr htok = IntPtr.Zero; retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok); tp.Count = 1; tp.Luid = 0; if(disable) { tp.Attr = SE_PRIVILEGE_DISABLED; } else { tp.Attr = SE_PRIVILEGE_ENABLED; } retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid); retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero); return retVal; } } '@ $type = Add-Type $definition -PassThru -ErrorAction SilentlyContinue <# .Synopsis Repair-SshdConfigPermission Repair the file owner and Permission of sshd_config #> function Repair-SshdConfigPermission { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] param ( [parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string]$FilePath) Repair-FilePermission -Owners $systemSid,$adminsSid -FullAccessNeeded $systemSid @psBoundParameters } <# .Synopsis Repair-SshdHostKeyPermission Repair the file owner and Permission of host private and public key -FilePath: The path of the private host key #> function Repair-SshdHostKeyPermission { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] param ( [parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string]$FilePath) if($PSBoundParameters["FilePath"].EndsWith(".pub")) { $PSBoundParameters["FilePath"] = $PSBoundParameters["FilePath"].Replace(".pub", "") } Repair-FilePermission -Owners $systemSid,$adminsSid @psBoundParameters $PSBoundParameters["FilePath"] += ".pub" Repair-FilePermission -Owners $systemSid,$adminsSid -ReadAccessOK $everyoneSid @psBoundParameters } <# .Synopsis Repair-AuthorizedKeyPermission Repair the file owner and Permission of authorized_keys #> function Repair-AuthorizedKeyPermission { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] param ( [parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string]$FilePath) if(-not (Test-Path $FilePath -PathType Leaf)) { Write-host "$FilePath not found" -ForegroundColor Yellow return } $fullPath = (Resolve-Path $FilePath).Path $profileListPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" $profileItem = Get-ChildItem $profileListPath -ErrorAction SilentlyContinue | ? { $properties = Get-ItemProperty $_.pspath -ErrorAction SilentlyContinue $userProfilePath = $null if($properties) { $userProfilePath = $properties.ProfileImagePath } $userProfilePath = $userProfilePath.Replace("\", "\\") if ( $properties.PSChildName -notmatch '\.bak$') { $fullPath -match "^$userProfilePath\\[\\|\W|\w]+authorized_keys$" } } if($profileItem) { $userSid = $profileItem.PSChildName Repair-FilePermission -Owners $userSid,$adminsSid,$systemSid -AnyAccessOK $userSid -FullAccessNeeded $systemSid @psBoundParameters } else { Write-host "$fullPath is not in the profile folder of any user. Skip checking..." -ForegroundColor Yellow } } <# .Synopsis Repair-UserKeyPermission Repair the file owner and Permission of user config -FilePath: The path of the private user key -User: The user associated with this ssh config #> function Repair-UserKeyPermission { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] param ( [parameter(Mandatory=$true, Position = 0)] [ValidateNotNullOrEmpty()] [string]$FilePath, [System.Security.Principal.SecurityIdentifier] $UserSid = $currentUserSid) if($PSBoundParameters["FilePath"].EndsWith(".pub")) { $PSBoundParameters["FilePath"] = $PSBoundParameters["FilePath"].Replace(".pub", "") } Repair-FilePermission -Owners $UserSid, $adminsSid,$systemSid -AnyAccessOK $UserSid @psBoundParameters $PSBoundParameters["FilePath"] += ".pub" Repair-FilePermission -Owners $UserSid, $adminsSid,$systemSid -AnyAccessOK $UserSid -ReadAccessOK $everyoneSid @psBoundParameters } <# .Synopsis Repair-UserSSHConfigPermission Repair the file owner and Permission of user config #> function Repair-UserSshConfigPermission { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] param ( [parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string]$FilePath, [System.Security.Principal.SecurityIdentifier] $UserSid = $currentUserSid) Repair-FilePermission -Owners $UserSid,$adminsSid,$systemSid -AnyAccessOK $UserSid @psBoundParameters } <# .Synopsis Repair-FilePermission Only validate owner and ACEs of the file #> function Repair-FilePermission { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] param ( [parameter(Mandatory=$true, Position = 0)] [ValidateNotNullOrEmpty()] [string]$FilePath, [ValidateNotNull()] [System.Security.Principal.SecurityIdentifier[]] $Owners = $currentUserSid, [System.Security.Principal.SecurityIdentifier[]] $AnyAccessOK = $null, [System.Security.Principal.SecurityIdentifier[]] $FullAccessNeeded = $null, [System.Security.Principal.SecurityIdentifier[]] $ReadAccessOK = $null, [System.Security.Principal.SecurityIdentifier[]] $ReadAccessNeeded = $null ) if(-not (Test-Path $FilePath -PathType Leaf)) { Write-host "$FilePath not found" -ForegroundColor Yellow return } Write-host " [*] $FilePath" $return = Repair-FilePermissionInternal @PSBoundParameters if($return -contains $true) { #Write-host "Re-check the health of file $FilePath" Repair-FilePermissionInternal @PSBoundParameters } } <# .Synopsis Repair-FilePermissionInternal #> function Repair-FilePermissionInternal { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] param ( [parameter(Mandatory=$true, Position = 0)] [ValidateNotNullOrEmpty()] [string]$FilePath, [ValidateNotNull()] [System.Security.Principal.SecurityIdentifier[]] $Owners = $currentUserSid, [System.Security.Principal.SecurityIdentifier[]] $AnyAccessOK = $null, [System.Security.Principal.SecurityIdentifier[]] $FullAccessNeeded = $null, [System.Security.Principal.SecurityIdentifier[]] $ReadAccessOK = $null, [System.Security.Principal.SecurityIdentifier[]] $ReadAccessNeeded = $null ) $acl = Get-Acl $FilePath $needChange = $false $health = $true $paras = @{} $PSBoundParameters.GetEnumerator() | % { if((-not $_.key.Contains("Owners")) -and (-not $_.key.Contains("Access"))) { $paras.Add($_.key,$_.Value) } } $currentOwnerSid = Get-UserSid -User $acl.owner if($owners -notcontains $currentOwnerSid) { $newOwner = Get-UserAccount -User $Owners[0] $caption = "Current owner: '$($acl.Owner)'. '$newOwner' should own '$FilePath'." $prompt = "Shall I set the file owner?" $description = "Set '$newOwner' as owner of '$FilePath'." if($pscmdlet.ShouldProcess($description, $prompt, $caption)) { Enable-Privilege SeRestorePrivilege | out-null $acl.SetOwner($newOwner) Set-Acl -Path $FilePath -AclObject $acl -Confirm:$false } else { $health = $false if(-not $PSBoundParameters.ContainsKey("WhatIf")) { Write-Host "The owner is still set to '$($acl.Owner)'." -ForegroundColor Yellow } } } $ReadAccessPerm = ([System.UInt32] [System.Security.AccessControl.FileSystemRights]::Read.value__) -bor ` ([System.UInt32] [System.Security.AccessControl.FileSystemRights]::Synchronize.value__) $FullControlPerm = [System.UInt32] [System.Security.AccessControl.FileSystemRights]::FullControl.value__ #system and admin groups can have any access to the file; plus the account in the AnyAccessOK list $realAnyAccessOKList = @($systemSid, $adminsSid) if($AnyAccessOK) { $realAnyAccessOKList += $AnyAccessOK } $realFullAccessNeeded = $FullAccessNeeded $realReadAccessNeeded = $ReadAccessNeeded if($realFullAccessNeeded -contains $everyoneSid) { $realFullAccessNeeded = @($everyoneSid) $realReadAccessNeeded = $null } if($realReadAccessNeeded -contains $everyoneSid) { $realReadAccessNeeded = @($everyoneSid) } #this is original list requested by the user, the account will be removed from the list if they already part of the dacl if($realReadAccessNeeded) { $realReadAccessNeeded = $realReadAccessNeeded | ? { ($_ -ne $null) -and ($realFullAccessNeeded -notcontains $_) } } #if accounts in the ReadAccessNeeded or $realFullAccessNeeded already part of dacl, they are okay; #need to make sure they have read access only $realReadAcessOKList = $ReadAccessOK + $realReadAccessNeeded foreach($a in $acl.Access) { if ($a.IdentityReference -is [System.Security.Principal.SecurityIdentifier]) { $IdentityReferenceSid = $a.IdentityReference } Else { $IdentityReferenceSid = Get-UserSid -User $a.IdentityReference } if($IdentityReferenceSid -eq $null) { $idRefShortValue = ($a.IdentityReference.Value).split('\')[-1] $IdentityReferenceSid = Get-UserSID -User $idRefShortValue if($IdentityReferenceSid -eq $null) { Write-Warning "Can't translate '$idRefShortValue'. " continue } } if($realFullAccessNeeded -contains ($IdentityReferenceSid)) { $realFullAccessNeeded = $realFullAccessNeeded | ? { ($_ -ne $null) -and (-not $_.Equals($IdentityReferenceSid)) } if($realReadAccessNeeded) { $realReadAccessNeeded = $realReadAccessNeeded | ? { ($_ -ne $null) -and (-not $_.Equals($IdentityReferenceSid)) } } if (($a.AccessControlType.Equals([System.Security.AccessControl.AccessControlType]::Allow)) -and ` ((([System.UInt32]$a.FileSystemRights.value__) -band $FullControlPerm) -eq $FullControlPerm)) { continue; } #update the account to full control if($a.IsInherited) { if($needChange) { Enable-Privilege SeRestorePrivilege | out-null Set-Acl -Path $FilePath -AclObject $acl -Confirm:$false } return Remove-RuleProtection @paras } $caption = "'$($a.IdentityReference)' has the following access to '$FilePath': '$($a.AccessControlType)'-'$($a.FileSystemRights)'." $prompt = "Shall I make it Allow FullControl?" $description = "Grant '$($a.IdentityReference)' FullControl access to '$FilePath'. " if($pscmdlet.ShouldProcess($description, $prompt, $caption)) { $needChange = $true $ace = New-Object System.Security.AccessControl.FileSystemAccessRule ` ($IdentityReferenceSid, "FullControl", "None", "None", "Allow") $acl.SetAccessRule($ace) Write-Host "'$($a.IdentityReference)' now has FullControl access to '$FilePath'. " -ForegroundColor Green } else { $health = $false if(-not $PSBoundParameters.ContainsKey("WhatIf")) { Write-Host "'$($a.IdentityReference)' still has these access to '$FilePath': '$($a.AccessControlType)'-'$($a.FileSystemRights)'." -ForegroundColor Yellow } } } elseif(($realAnyAccessOKList -contains $everyoneSid) -or ($realAnyAccessOKList -contains $IdentityReferenceSid)) { #ignore those accounts listed in the AnyAccessOK list. continue; } #If everyone is in the ReadAccessOK list, any user can have read access; # below block make sure they are granted Read access only elseif(($realReadAcessOKList -contains $everyoneSid) -or ($realReadAcessOKList -contains $IdentityReferenceSid)) { if($realReadAccessNeeded -and ($IdentityReferenceSid.Equals($everyoneSid))) { $realReadAccessNeeded= $null } elseif($realReadAccessNeeded) { $realReadAccessNeeded = $realReadAccessNeeded | ? { ($_ -ne $null ) -and (-not $_.Equals($IdentityReferenceSid)) } } if (-not ($a.AccessControlType.Equals([System.Security.AccessControl.AccessControlType]::Allow)) -or ` (-not (([System.UInt32]$a.FileSystemRights.value__) -band (-bnot $ReadAccessPerm)))) { continue; } if($a.IsInherited) { if($needChange) { Enable-Privilege SeRestorePrivilege | out-null Set-Acl -Path $FilePath -AclObject $acl -Confirm:$false } return Remove-RuleProtection @paras } $caption = "'$($a.IdentityReference)' has the following access to '$FilePath': '$($a.FileSystemRights)'." $prompt = "Shall I make it Read only?" $description = "Set'$($a.IdentityReference)' Read access only to '$FilePath'. " if($pscmdlet.ShouldProcess($description, $prompt, $caption)) { $needChange = $true $ace = New-Object System.Security.AccessControl.FileSystemAccessRule ` ($IdentityReferenceSid, "Read", "None", "None", "Allow") $acl.SetAccessRule($ace) Write-Host "'$($a.IdentityReference)' now has Read access to '$FilePath'. " -ForegroundColor Green } else { $health = $false if(-not $PSBoundParameters.ContainsKey("WhatIf")) { Write-Host "'$($a.IdentityReference)' still has these access to '$FilePath': '$($a.FileSystemRights)'." -ForegroundColor Yellow } } } #other than AnyAccessOK and ReadAccessOK list, if any other account is allowed, they should be removed from the dacl elseif($a.AccessControlType.Equals([System.Security.AccessControl.AccessControlType]::Allow)) { $caption = "'$($a.IdentityReference)' should not have access to '$FilePath'." if($a.IsInherited) { if($needChange) { Enable-Privilege SeRestorePrivilege | out-null Set-Acl -Path $FilePath -AclObject $acl -Confirm:$false } return Remove-RuleProtection @paras } $prompt = "Shall I remove this access?" $description = "Remove access rule of '$($a.IdentityReference)' from '$FilePath'." if($pscmdlet.ShouldProcess($description, $prompt, "$caption.")) { $needChange = $true $ace = New-Object System.Security.AccessControl.FileSystemAccessRule ` ($IdentityReferenceSid, $a.FileSystemRights, $a.InheritanceFlags, $a.PropagationFlags, $a.AccessControlType) if(-not ($acl.RemoveAccessRule($ace))) { Write-Warning "Failed to remove access of '$($a.IdentityReference)' from '$FilePath'." } else { Write-Host "'$($a.IdentityReference)' has no more access to '$FilePath'." -ForegroundColor Green } } else { $health = $false if(-not $PSBoundParameters.ContainsKey("WhatIf")) { Write-Host "'$($a.IdentityReference)' still has access to '$FilePath'." -ForegroundColor Yellow } } } } if($realFullAccessNeeded) { $realFullAccessNeeded | % { $account = Get-UserAccount -UserSid $_ if($account -eq $null) { Write-Warning "'$_' needs FullControl access to '$FilePath', but it can't be translated on the machine." } else { $caption = "'$account' needs FullControl access to '$FilePath'." $prompt = "Shall I make the above change?" $description = "Set '$account' FullControl access to '$FilePath'. " if($pscmdlet.ShouldProcess($description, $prompt, $caption)) { $needChange = $true $ace = New-Object System.Security.AccessControl.FileSystemAccessRule ` ($_, "FullControl", "None", "None", "Allow") $acl.AddAccessRule($ace) Write-Host "'$account' now has FullControl to '$FilePath'." -ForegroundColor Green } else { $health = $false if(-not $PSBoundParameters.ContainsKey("WhatIf")) { Write-Host "'$account' does not have FullControl to '$FilePath'." -ForegroundColor Yellow } } } } } #This is the real account list we need to add read access to the file if($realReadAccessNeeded) { $realReadAccessNeeded | % { $account = Get-UserAccount -UserSid $_ if($account -eq $null) { Write-Warning "'$_' needs Read access to '$FilePath', but it can't be translated on the machine." } else { $caption = "'$account' needs Read access to '$FilePath'." $prompt = "Shall I make the above change?" $description = "Set '$account' Read only access to '$FilePath'. " if($pscmdlet.ShouldProcess($description, $prompt, $caption)) { $needChange = $true $ace = New-Object System.Security.AccessControl.FileSystemAccessRule ` ($_, "Read", "None", "None", "Allow") $acl.AddAccessRule($ace) Write-Host "'$account' now has Read access to '$FilePath'." -ForegroundColor Green } else { $health = $false if(-not $PSBoundParameters.ContainsKey("WhatIf")) { Write-Host "'$account' does not have Read access to '$FilePath'." -ForegroundColor Yellow } } } } } if($needChange) { Enable-Privilege SeRestorePrivilege | out-null Set-Acl -Path $FilePath -AclObject $acl -Confirm:$false } if($health) { if ($needChange) { Write-Host " Repaired permissions" -ForegroundColor Yellow } else { Write-Host " looks good" -ForegroundColor Green } } Write-host " " } <# .Synopsis Remove-RuleProtection #> function Remove-RuleProtection { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="High")] param ( [parameter(Mandatory=$true)] [string]$FilePath ) $message = "Need to remove the inheritance before repair the rules." $prompt = "Shall I remove the inheritace?" $description = "Remove inheritance of '$FilePath'." if($pscmdlet.ShouldProcess($description, $prompt, $message)) { $acl = Get-acl -Path $FilePath $acl.SetAccessRuleProtection($True, $True) Enable-Privilege SeRestorePrivilege | out-null Set-Acl -Path $FilePath -AclObject $acl -ErrorVariable e -Confirm:$false if($e) { Write-Warning "Remove-RuleProtection failed with error: $($e[0].ToString())." } Write-Host "Inheritance is removed from '$FilePath'." -ForegroundColor Green return $true } elseif(-not $PSBoundParameters.ContainsKey("WhatIf")) { Write-Host "inheritance is not removed from '$FilePath'. Skip Checking FilePath." -ForegroundColor Yellow return $false } } <# .Synopsis Get-UserAccount #> function Get-UserAccount { [CmdletBinding(DefaultParameterSetName='Sid')] param ( [parameter(Mandatory=$true, ParameterSetName="Sid")] [ValidateNotNull()] [System.Security.Principal.SecurityIdentifier]$UserSid, [parameter(Mandatory=$true, ParameterSetName="WellKnownSidType")] [ValidateNotNull()] [System.Security.Principal.WellKnownSidType]$WellKnownSidType ) try { if($PSBoundParameters.ContainsKey("UserSid")) { $objUser = $UserSid.Translate([System.Security.Principal.NTAccount]) } elseif($PSBoundParameters.ContainsKey("WellKnownSidType")) { $objSID = New-Object System.Security.Principal.SecurityIdentifier($WellKnownSidType, $null) $objUser = $objSID.Translate( [System.Security.Principal.NTAccount]) } $objUser } catch { return $null } } <# .Synopsis Enable-Privilege #> function Enable-Privilege { param( #The privilege to adjust. This set is taken from #http://msdn.microsoft.com/en-us/library/bb530716(VS.85).aspx [ValidateSet( "SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege", "SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege", "SeCreatePagefilePrivilege", "SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege", "SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege", "SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege", "SeLockMemoryPrivilege", "SeMachineAccountPrivilege", "SeManageVolumePrivilege", "SeProfileSingleProcessPrivilege", "SeRelabelPrivilege", "SeRemoteShutdownPrivilege", "SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege", "SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege", "SeTakeOwnershipPrivilege", "SeTcbPrivilege", "SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege", "SeUndockPrivilege", "SeUnsolicitedInputPrivilege")] $Privilege, # Switch to disable the privilege, rather than enable it. [Switch] $Disable ) $type[0]::EnablePrivilege($Privilege, $Disable) } Export-ModuleMember -Function Repair-FilePermission, Repair-SshdConfigPermission, Repair-SshdHostKeyPermission, Repair-AuthorizedKeyPermission, Repair-UserKeyPermission, Repair-UserSshConfigPermission, Enable-Privilege, Get-UserAccount, Get-UserSID # SIG # Begin signature block # MIIkXAYJKoZIhvcNAQcCoIIkTTCCJEkCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBSg3sZNxEWbpQ5 # snmq1XCxqU++2F2G74A02OvDRP1ZuaCCDYUwggYDMIID66ADAgECAhMzAAABUptA # n1BWmXWIAAAAAAFSMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMTkwNTAyMjEzNzQ2WhcNMjAwNTAyMjEzNzQ2WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQCxp4nT9qfu9O10iJyewYXHlN+WEh79Noor9nhM6enUNbCbhX9vS+8c/3eIVazS # YnVBTqLzW7xWN1bCcItDbsEzKEE2BswSun7J9xCaLwcGHKFr+qWUlz7hh9RcmjYS # kOGNybOfrgj3sm0DStoK8ljwEyUVeRfMHx9E/7Ca/OEq2cXBT3L0fVnlEkfal310 # EFCLDo2BrE35NGRjG+/nnZiqKqEh5lWNk33JV8/I0fIcUKrLEmUGrv0CgC7w2cjm # bBhBIJ+0KzSnSWingXol/3iUdBBy4QQNH767kYGunJeY08RjHMIgjJCdAoEM+2mX # v1phaV7j+M3dNzZ/cdsz3oDfAgMBAAGjggGCMIIBfjAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQU3f8Aw1sW72WcJ2bo/QSYGzVrRYcw # VAYDVR0RBE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJh # dGlvbnMgTGltaXRlZDEWMBQGA1UEBRMNMjMwMDEyKzQ1NDEzNjAfBgNVHSMEGDAW # gBRIbmTlUAXTgqoXNzcitW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8v # d3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIw # MTEtMDctMDguY3JsMGEGCCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDEx # XzIwMTEtMDctMDguY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB # AJTwROaHvogXgixWjyjvLfiRgqI2QK8GoG23eqAgNjX7V/WdUWBbs0aIC3k49cd0 # zdq+JJImixcX6UOTpz2LZPFSh23l0/Mo35wG7JXUxgO0U+5drbQht5xoMl1n7/TQ # 4iKcmAYSAPxTq5lFnoV2+fAeljVA7O43szjs7LR09D0wFHwzZco/iE8Hlakl23ZT # 7FnB5AfU2hwfv87y3q3a5qFiugSykILpK0/vqnlEVB0KAdQVzYULQ/U4eFEjnis3 # Js9UrAvtIhIs26445Rj3UP6U4GgOjgQonlRA+mDlsh78wFSGbASIvK+fkONUhvj8 # B8ZHNn4TFfnct+a0ZueY4f6aRPxr8beNSUKn7QW/FQmn422bE7KfnqWncsH7vbNh # G929prVHPsaa7J22i9wyHj7m0oATXJ+YjfyoEAtd5/NyIYaE4Uu0j1EhuYUo5VaJ # JnMaTER0qX8+/YZRWrFN/heps41XNVjiAawpbAa0fUa3R9RNBjPiBnM0gvNPorM4 # dsV2VJ8GluIQOrJlOvuCrOYDGirGnadOmQ21wPBoGFCWpK56PxzliKsy5NNmAXcE # x7Qb9vUjY1WlYtrdwOXTpxN4slzIht69BaZlLIjLVWwqIfuNrhHKNDM9K+v7vgrI # bf7l5/665g0gjQCDCN6Q5sxuttTAEKtJeS/pkpI+DbZ/MIIHejCCBWKgAwIBAgIK # YQ6Q0gAAAAAAAzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm # aWNhdGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEw # OTA5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYD # VQQDEx9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG # 9w0BAQEFAAOCAg8AMIICCgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+la # UKq4BjgaBEm6f8MMHt03a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc # 6Whe0t+bU7IKLMOv2akrrnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4D # dato88tt8zpcoRb0RrrgOGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+ # lD3v++MrWhAfTVYoonpy4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nk # kDstrjNYxbc+/jLTswM9sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6 # A4aN91/w0FK/jJSHvMAhdCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmd # X4jiJV3TIUs+UsS1Vz8kA/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL # 5zmhD+kjSbwYuER8ReTBw3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zd # sGbiwZeBe+3W7UvnSSmnEyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3 # T8HhhUSJxAlMxdSlQy90lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS # 4NaIjAsCAwEAAaOCAe0wggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRI # bmTlUAXTgqoXNzcitW2oynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL # BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBD # uRQFTuHqp8cx0SOJNDBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jv # c29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3JsMF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3J0MIGfBgNVHSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEF # BQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1h # cnljcHMuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkA # YwB5AF8AcwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn # 8oalmOBUeRou09h0ZyKbC5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7 # v0epo/Np22O/IjWll11lhJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0b # pdS1HXeUOeLpZMlEPXh6I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/ # KmtYSWMfCWluWpiW5IP0wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvy # CInWH8MyGOLwxS3OW560STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBp # mLJZiWhub6e3dMNABQamASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJi # hsMdYzaXht/a8/jyFqGaJ+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYb # BL7fQccOKO7eZS/sl/ahXJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbS # oqKfenoi+kiVH6v7RyOA9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sL # gOppO6/8MO0ETI7f33VtY5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtX # cVZOSEXAQsmbdlsKgEhr/Xmfwb1tbWrJUnMTDXpQzTGCFi0wghYpAgEBMIGVMH4x # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01p # Y3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTECEzMAAAFSm0CfUFaZdYgAAAAA # AVIwDQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQw # HAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEINLN # eXGqPvvOTFCLzG1NT9+AH/qeAcW4FOMhPCG/uPF6MEIGCisGAQQBgjcCAQwxNDAy # oBSAEgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20wDQYJKoZIhvcNAQEBBQAEggEAoecd8+ETID/yr9SFy5L4/NSIp8TL69oqrX6S # bpR/uHhcDTr+PiW7gZIWCmp84R/P0tlhDv1id527iEpcuXwc0dBHehXVcAQydRUi # 47Hi3rMPH+0m2uUFIDHgdpehHxAVdlbhECf4fqPWbSWNae9Y46FZZCO3A3riqcCg # wS2gV/jDK6M7zUDnBqr23DtXjtLar8QaRhHdGE39WImVh1Zw8eLfNW3BC5i/zmTt # iry7syPe0LGMjOBxufVtR6Hm3pLzluj15RarWJyTGC7qisM49ZAkjny/OFtRNyAx # iKkkaBdbTMEn7M3VEgnQ8TRRQrz4s11XW8MLQYV7J7Of9fTXS6GCE7cwghOzBgor # BgEEAYI3AwMBMYITozCCE58GCSqGSIb3DQEHAqCCE5AwghOMAgEDMQ8wDQYJYIZI # AWUDBAIBBQAwggFYBgsqhkiG9w0BCRABBKCCAUcEggFDMIIBPwIBAQYKKwYBBAGE # WQoDATAxMA0GCWCGSAFlAwQCAQUABCBUffipc+wiqf4xMtzWpN+OkNm/oIhTc6yP # MLGHRGE7yAIGXeZ1aeyNGBMyMDE5MTIxODA3NDY0Ni41MzlaMAcCAQGAAgH0oIHU # pIHRMIHOMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYD # VQQLEyBNaWNyb3NvZnQgT3BlcmF0aW9ucyBQdWVydG8gUmljbzEmMCQGA1UECxMd # VGhhbGVzIFRTUyBFU046NTg0Ny1GNzYxLTRGNzAxJTAjBgNVBAMTHE1pY3Jvc29m # dCBUaW1lLVN0YW1wIFNlcnZpY2Wggg8fMIIE9TCCA92gAwIBAgITMwAAAQUHOepZ # 81W/KgAAAAABBTANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UE # CBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9z # b2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQ # Q0EgMjAxMDAeFw0xOTA5MDYyMDQxMThaFw0yMDEyMDQyMDQxMThaMIHOMQswCQYD # VQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEe # MBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQLEyBNaWNyb3Nv # ZnQgT3BlcmF0aW9ucyBQdWVydG8gUmljbzEmMCQGA1UECxMdVGhhbGVzIFRTUyBF # U046NTg0Ny1GNzYxLTRGNzAxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1w # IFNlcnZpY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMIpZjVUiL # WQGqDFLLaeGfhc9bxCwi8HQx+gcaF5Zz2GodhM71oyjal6uqnRM8QHxj49uKFmY/ # SWEhlV+so3IrmEHVLmskeEQaio5PxVgUWRm+sBIJpS9GjwKrGPZ2ub4ST2J9fu5F # xbfTmJyB2AL6W7WcSUON8tyuz2/NRAII6YuojdMa6mjVXamL2AS7PBo1GW4Pa4Xb # NhEQoA4/siS4JGbcfAwVMGv87bhKapDqpXLbDq6LbFdLAv7Q7eUHiHS4eccXRNGA # npkdhHOK7s1O9FqpRZYsbx/UpkaoyqiQe/JFTA+1keYZsZgaQqgPNpGYD50SDDyQ # Z2vtNx7KVgXtAgMBAAGjggEbMIIBFzAdBgNVHQ4EFgQUPXQb/rp3KEzK6DYOy3Fn # /QIzNyIwHwYDVR0jBBgwFoAU1WM6XIoxkPNDe3xGG8UzaFqFbVUwVgYDVR0fBE8w # TTBLoEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVj # dHMvTWljVGltU3RhUENBXzIwMTAtMDctMDEuY3JsMFoGCCsGAQUFBwEBBE4wTDBK # BggrBgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9N # aWNUaW1TdGFQQ0FfMjAxMC0wNy0wMS5jcnQwDAYDVR0TAQH/BAIwADATBgNVHSUE # DDAKBggrBgEFBQcDCDANBgkqhkiG9w0BAQsFAAOCAQEAp85hd3trAVfmVAPmcOAq # nM47TbWB9S0ySGG/eNvIfhgYC0YjCLEZhiiQyOeRTws0lIOWGv7tM5tr70RGzNo1 # /C7SQadqQ2dT5sUj7Ga6LHO2excdzRvUIwdeOaVuaj4VpiXnhjPBRu2CVNGXPe1d # 7Zzw7di8xh2D6ooZBjhHLh7yGf2ZFjBjLcDVjrfaLwd4YqefJgg42s8EMUoXzsTp # PlS0IBKWeX+RbBycOUhXpK9qlvFbBQGp4N+uLEV6haG33oVOtWwrbhu5F0E4UDzs # FUaZ8OALyKraR1dIo+ZU+zjpn3Na7KUkrT/1UFYdnWYwoUDm9e+DmBhqdhUlxIhR # nzCCBnEwggRZoAMCAQICCmEJgSoAAAAAAAIwDQYJKoZIhvcNAQELBQAwgYgxCzAJ # BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25k # MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jv # c29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTEwMDcwMTIx # MzY1NVoXDTI1MDcwMTIxNDY1NVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldh # c2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBD # b3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIw # MTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpHQ28dxGKOiDs/BOX # 9fp/aZRrdFQQ1aUKAIKF++18aEssX8XD5WHCdrc+Zitb8BVTJwQxH0EbGpUdzgkT # jnxhMFmxMEQP8WCIhFRDDNdNuDgIs0Ldk6zWczBXJoKjRQ3Q6vVHgc2/JGAyWGBG # 8lhHhjKEHnRhZ5FfgVSxz5NMksHEpl3RYRNuKMYa+YaAu99h/EbBJx0kZxJyGiGK # r0tkiVBisV39dx898Fd1rL2KQk1AUdEPnAY+Z3/1ZsADlkR+79BL/W7lmsqxqPJ6 # Kgox8NpOBpG2iAg16HgcsOmZzTznL0S6p/TcZL2kAcEgCZN4zfy8wMlEXV4WnAEF # TyJNAgMBAAGjggHmMIIB4jAQBgkrBgEEAYI3FQEEAwIBADAdBgNVHQ4EFgQU1WM6 # XIoxkPNDe3xGG8UzaFqFbVUwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYD # VR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU1fZWy4/oolxi # aNE9lJBb186aGMQwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5taWNyb3Nv # ZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMu # Y3JsMFoGCCsGAQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5taWNy # b3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcnQw # gaAGA1UdIAEB/wSBlTCBkjCBjwYJKwYBBAGCNy4DMIGBMD0GCCsGAQUFBwIBFjFo # dHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vUEtJL2RvY3MvQ1BTL2RlZmF1bHQuaHRt # MEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAFAAbwBsAGkAYwB5AF8AUwB0 # AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQAH5ohRDeLG4Jg/ # gXEDPZ2joSFvs+umzPUxvs8F4qn++ldtGTCzwsVmyWrf9efweL3HqJ4l4/m87WtU # VwgrUYJEEvu5U4zM9GASinbMQEBBm9xcF/9c+V4XNZgkVkt070IQyK+/f8Z/8jd9 # Wj8c8pl5SpFSAK84Dxf1L3mBZdmptWvkx872ynoAb0swRCQiPM/tA6WWj1kpvLb9 # BOFwnzJKJ/1Vry/+tuWOM7tiX5rbV0Dp8c6ZZpCM/2pif93FSguRJuI57BlKcWOd # eyFtw5yjojz6f32WapB4pm3S4Zz5Hfw42JT0xqUKloakvZ4argRCg7i1gJsiOCC1 # JeVk7Pf0v35jWSUPei45V3aicaoGig+JFrphpxHLmtgOR5qAxdDNp9DvfYPw4Ttx # Cd9ddJgiCGHasFAeb73x4QDf5zEHpJM692VHeOj4qEir995yfmFrb3epgcunCaw5 # u+zGy9iCtHLNHfS4hQEegPsbiSpUObJb2sgNVZl6h3M7COaYLeqN4DMuEin1wC9U # JyH3yKxO2ii4sanblrKnQqLJzxlBTeCG+SqaoxFmMNO7dDJL32N79ZmKLxvHIa9Z # ta7cRDyXUHHXodLFVeNp3lfB0d4wwP3M5k37Db9dT+mdHhk4L7zPWAUu7w2gUDXa # 7wknHNWzfjUeCLraNtvTX4/edIhJEqGCA60wggKVAgEBMIH+oYHUpIHRMIHOMQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQLEyBNaWNy # b3NvZnQgT3BlcmF0aW9ucyBQdWVydG8gUmljbzEmMCQGA1UECxMdVGhhbGVzIFRT # UyBFU046NTg0Ny1GNzYxLTRGNzAxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0 # YW1wIFNlcnZpY2WiJQoBATAJBgUrDgMCGgUAAxUA0nmc7MiH2Pr0x33n13Zg4RlV # 9qqggd4wgdukgdgwgdUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u # MRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRp # b24xKTAnBgNVBAsTIE1pY3Jvc29mdCBPcGVyYXRpb25zIFB1ZXJ0byBSaWNvMScw # JQYDVQQLEx5uQ2lwaGVyIE5UUyBFU046NERFOS0wQzVFLTNFMDkxKzApBgNVBAMT # Ik1pY3Jvc29mdCBUaW1lIFNvdXJjZSBNYXN0ZXIgQ2xvY2swDQYJKoZIhvcNAQEF # BQACBQDho4dWMCIYDzIwMTkxMjE4MDA1NjU0WhgPMjAxOTEyMTkwMDU2NTRaMHQw # OgYKKwYBBAGEWQoEATEsMCowCgIFAOGjh1YCAQAwBwIBAAICAvYwBwIBAAICF0ww # CgIFAOGk2NYCAQAwNgYKKwYBBAGEWQoEAjEoMCYwDAYKKwYBBAGEWQoDAaAKMAgC # AQACAxbjYKEKMAgCAQACAwehIDANBgkqhkiG9w0BAQUFAAOCAQEAds94hJTJtBuG # eNKRr/RTqTDIVJfzMA9UNzL97U7ZbrGjJczmTtG4EN/OLT+Ap0CZnx8dQxRsZ0x7 # JQ7jr5Lr2oxbA0lg1LYJGPYZFn+85jQGau8OqKXXabKxO/WuW5yb7jJdxaY+kEU1 # +0/w85WKTKJLJtvWdZ4QfdIud/XwlOyLJK9i/p59cC+vbEP2uwo/GD2SQyl6dWH6 # 6MKE9FHHhA+booqPN1Dmg7lz7fN+TXa/jPmdaE9oUU0zvmZT2oiROqVFor1KbfkS # j45s0NevdGd1+LFI2dcPZ1hC3E5jmwFuE8Osp6Mni/vsRQTZdZ8jUDI1S1JA9n+3 # 1KEx8ajE2zGCAvUwggLxAgEBMIGTMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpX # YXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQg # Q29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAy # MDEwAhMzAAABBQc56lnzVb8qAAAAAAEFMA0GCWCGSAFlAwQCAQUAoIIBMjAaBgkq # hkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcNAQkEMSIEILRS1+pmVH4D # D+lvzJWWWO3VLHU7TTEEa+DlwTfXS5u7MIHiBgsqhkiG9w0BCRACDDGB0jCBzzCB # zDCBsQQU0nmc7MiH2Pr0x33n13Zg4RlV9qowgZgwgYCkfjB8MQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGlt # ZS1TdGFtcCBQQ0EgMjAxMAITMwAAAQUHOepZ81W/KgAAAAABBTAWBBQkF98pAXR+ # g27853FEqCzbx/8fDzANBgkqhkiG9w0BAQsFAASCAQAl2MiZJ2aEdyA+rOqgJjaX # VKx3MgQ1RLR6iP2uBg3IiZoe0RJB9QGq9iDYtHhbrfRqXEw0yaOzqcBq/z7Gp6dg # LLfdKESXQreaZSWFjGRlPYn7Ap7tWYhCu0lqHsIvjv1kYnLYcgOtQzM6xsz8K2TS # HbIADz0nliV4H86fb7bYMTmviEGJLg5IGzenrrqbu5G+5U8RxRSyAiighztZzF+H # sjbxdFSpTEa0ruxL4baICSpT+ZGD9bjgp5fXZJAkC6SEEYo6WS4UM0kgQ18D/h7V # i7NVX3YOLNn81JMcM8BlhXcnTbtJSvKHOwVz1AfrxOHpS1iRYfCWU5VrI4cLsb2M # SIG # End signature block |