ReportCommands/ComplianceDetailReports.ps1
|
#requires -Version 5.1 function Get-KeeperComplianceManagedUserEmailSet { $enterprise = getEnterprise $set = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::OrdinalIgnoreCase) foreach ($eu in $enterprise.enterpriseData.Users) { if ($eu.UserStatus -eq [KeeperSecurity.Enterprise.UserStatus]::Inactive) { continue } if ($eu.Email) { $set.Add([string]$eu.Email) | Out-Null } } return $set } function Get-KeeperComplianceVaultRecordUidsForUser { param( [Parameter(Mandatory = $true)]$Snapshot, [Parameter(Mandatory = $true)][long]$UserUid ) $set = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::Ordinal) if ($Snapshot.OwnedRecordsByUser.ContainsKey($UserUid)) { foreach ($r in $Snapshot.OwnedRecordsByUser[$UserUid]) { if ($r) { $set.Add([string]$r) | Out-Null } } } foreach ($recordUid in $Snapshot.Records.Keys) { $rec = $Snapshot.Records[$recordUid] if ($rec.UserPermissions.ContainsKey($UserUid)) { $set.Add([string]$recordUid) | Out-Null continue } foreach ($sfUid in $rec.SharedFolderUids) { $sfKey = [string]$sfUid if (-not $Snapshot.SharedFolders.ContainsKey($sfKey)) { continue } $sf = $Snapshot.SharedFolders[$sfKey] $allFolderUids = Get-KeeperComplianceSharedFolderAllUserUids -Snapshot $Snapshot -SharedFolder $sf if ($allFolderUids -contains $UserUid) { $set.Add([string]$recordUid) | Out-Null break } } } return $set } function Get-KeeperComplianceRecordOwnerEmailFromSnapshot { param( [Parameter(Mandatory = $true)]$Snapshot, [Parameter(Mandatory = $true)][string]$RecordUid ) foreach ($ownerUid in $Snapshot.OwnedRecordsByUser.Keys) { $owned = $Snapshot.OwnedRecordsByUser[$ownerUid] if ($owned -and $owned.Contains($RecordUid) -and $Snapshot.Users.ContainsKey([long]$ownerUid)) { return [string]$Snapshot.Users[[long]$ownerUid].Email } } return '' } function Get-KeeperVaultRecordMetadataFallback { <# When compliance/SOX snapshot has no decrypted title, type, or URL for a record UID, try the current session vault (admin's vault). Fills gaps when the same record exists there. #> param( [Parameter(Mandatory = $true)][string]$RecordUid ) try { $vault = getVault $rec = $null if (-not $vault.TryGetKeeperRecord($RecordUid, [ref]$rec)) { return $null } $title = [string]$rec.Title $url = '' $rtype = '' if ($rec -is [KeeperSecurity.Vault.PasswordRecord]) { $pr = [KeeperSecurity.Vault.PasswordRecord]$rec $rtype = 'login' if ($pr.Link) { $url = ([string]$pr.Link).TrimEnd('/') } } elseif ($rec -is [KeeperSecurity.Vault.TypedRecord]) { $tr = [KeeperSecurity.Vault.TypedRecord]$rec if ($tr.TypeName) { $rtype = $tr.TypeName } $urlField = $null if ([KeeperSecurity.Vault.VaultDataExtensions]::FindTypedField($tr, 'url', $null, [ref]$urlField)) { $urlVal = [KeeperSecurity.Vault.VaultDataExtensions]::GetExternalValue($urlField) if ($urlVal) { $url = ([string]$urlVal).TrimEnd('/') } } } else { $tn = $rec.GetType().Name if ($tn -and $tn -ne 'KeeperRecord') { $rtype = $tn -replace 'Record$', '' } } return [PSCustomObject]@{ Title = $title RecordType = $rtype Url = $url } } catch { return $null } } function Get-KeeperRecordAccessAuditEventsForUser { param( [Parameter(Mandatory = $true)]$Auth, [Parameter(Mandatory = $true)][string]$UserEmail, [Parameter()][string[]]$VaultRecordUids, [Parameter()][switch]$VaultMode, [Parameter(Mandatory = $true)][int]$Limit ) $result = @{} if ($VaultMode -and (-not $VaultRecordUids -or $VaultRecordUids.Count -eq 0)) { return $result } $createdMax = $null $remaining = $null if ($VaultMode) { $remaining = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::Ordinal) foreach ($r in $VaultRecordUids) { if ($r) { $remaining.Add([string]$r) | Out-Null } } } while ($true) { $filter = New-Object KeeperSecurity.Enterprise.AuditLogCommands.ReportFilter $filter.Username = @($UserEmail) if ($VaultMode) { if ($remaining.Count -eq 0) { break } $filter.RecordUid = @($remaining | Sort-Object) } if ($null -ne $createdMax) { $cf = New-Object KeeperSecurity.Enterprise.AuditLogCommands.CreatedFilter $cf.Max = $createdMax $cf.ExcludeMax = $true $filter.Created = $cf } $rq = New-Object KeeperSecurity.Enterprise.AuditLogCommands.GetAuditEventReportsCommand $rq.Filter = $filter $rq.ReportType = 'span' $rq.Aggregate = @('last_created') $rq.Columns = @('record_uid', 'ip_address', 'keeper_version') $rq.Order = 'descending' $rq.Limit = $Limit try { $rs = $Auth.ExecuteAuthCommand( $rq, [KeeperSecurity.Enterprise.AuditLogCommands.GetAuditEventReportsResponse], $true ).GetAwaiter().GetResult() } catch { Write-Warning "Record-access audit request failed for ${UserEmail}: $($_.Exception.Message)" break } $events = if ($rs -and $rs.Events) { @($rs.Events | Where-Object { $null -ne $_ }) } else { @() } if ($events.Count -eq 0) { break } foreach ($evt in $events) { $rUid = Get-KeeperComplianceAuditEventValue -Event $evt -Key 'record_uid' if (-not $rUid) { continue } $rUidStr = [string]$rUid if (-not $result.ContainsKey($rUidStr)) { $result[$rUidStr] = $evt } if ($null -ne $remaining) { $remaining.Remove($rUidStr) | Out-Null } } $lastEvt = $events[$events.Count - 1] if ($null -eq $lastEvt) { break } $lc = Get-KeeperComplianceAuditEventValue -Event $lastEvt -Key 'last_created' $lastCreatedEpoch = 0L if ($null -ne $lc) { [void][long]::TryParse($lc.ToString(), [ref]$lastCreatedEpoch) } if (($events.Count -lt $Limit) -or ($VaultMode -and $remaining.Count -eq 0) -or ($lastCreatedEpoch -le 0)) { break } $createdMax = $lastCreatedEpoch } return $result } function Test-KeeperRecordAccessRowPattern { param( [Parameter(Mandatory = $true)]$Row, [Parameter(Mandatory = $true)][string[]]$Patterns, [Parameter()][switch]$UseRegex ) $text = ($Row.PSObject.Properties | ForEach-Object { "$($_.Value)" }) -join "`t" foreach ($p in $Patterns) { if ([string]::IsNullOrWhiteSpace($p)) { continue } if ($UseRegex) { try { if ($text -match $p) { return $true } } catch { } } else { foreach ($prop in $Row.PSObject.Properties) { $v = $prop.Value if ($null -eq $v) { continue } $s = [string]$v if ($s -like $p) { return $true } } } } return $false } function ConvertTo-KeeperRecordAccessDisplayRows { param( [Parameter(Mandatory = $true)]$Rows, [Parameter()][ValidateSet('table', 'json', 'csv')][string]$Format = 'table' ) if ($Format -ne 'table' -or $Rows.Count -eq 0) { return $Rows } $lastOwner = [string]::Empty $out = [System.Collections.Generic.List[object]]::new() foreach ($r in $Rows) { $vo = [string]$r.vault_owner $showVo = $vo if ($vo -eq $lastOwner) { $showVo = '' } else { $lastOwner = $vo } $copy = [ordered]@{} foreach ($prop in $r.PSObject.Properties) { if ($prop.Name -eq 'vault_owner') { $copy[$prop.Name] = $showVo } else { $copy[$prop.Name] = $prop.Value } } $out.Add([PSCustomObject]$copy) | Out-Null } return @($out) } function Get-KeeperComplianceRecordAccessReport { <# .Synopsis Run record-access report .Parameter Email User email(s), enterprise user ID, or '@all' .Parameter ReportType 'history' (default) or 'vault' .Parameter Format table (default), json, or csv .Parameter Output File path for json/csv output .Parameter Node Filter by node .Parameter Username Filter by username .Parameter Team Filter by team .Parameter Pattern Wildcard filter strings .Parameter PatternRegex Regex filter (mutually exclusive with -Pattern) #> [CmdletBinding(DefaultParameterSetName = 'Default')] param( [Parameter(ParameterSetName = 'Default')] [Parameter(ParameterSetName = 'RegexPatterns')] [string[]]$Email, [Parameter(ParameterSetName = 'Default')] [Parameter(ParameterSetName = 'RegexPatterns')] [ValidateSet('history', 'vault')][string]$ReportType = 'history', [Parameter(ParameterSetName = 'Default')] [Parameter(ParameterSetName = 'RegexPatterns')] [ValidateSet('table', 'json', 'csv')][string]$Format = 'table', [Parameter(ParameterSetName = 'Default')] [Parameter(ParameterSetName = 'RegexPatterns')] [string]$Output, [Parameter(ParameterSetName = 'Default')] [Parameter(ParameterSetName = 'RegexPatterns')] [string]$Node, [Parameter(ParameterSetName = 'Default')] [Parameter(ParameterSetName = 'RegexPatterns')] [string[]]$Username, [Parameter(ParameterSetName = 'Default')] [Parameter(ParameterSetName = 'RegexPatterns')] [string[]]$Team, [Parameter(ParameterSetName = 'Default')][string[]]$Pattern, [Parameter(ParameterSetName = 'RegexPatterns')][string[]]$PatternRegex, [Parameter(ParameterSetName = 'Default')] [Parameter(ParameterSetName = 'RegexPatterns')] [switch]$Rebuild, [Parameter(ParameterSetName = 'Default')] [Parameter(ParameterSetName = 'RegexPatterns')] [switch]$NoRebuild, [Parameter(ParameterSetName = 'Default')] [Parameter(ParameterSetName = 'RegexPatterns')] [switch]$NoCache, [Parameter(ParameterSetName = 'Default')] [Parameter(ParameterSetName = 'RegexPatterns')] [switch]$Aging ) $apiRowLimit = 2000 Invoke-KeeperComplianceReportSession -NoCache:$NoCache -ScriptBlock { Write-KeeperComplianceStatus "Starting compliance record-access-report. ReportType=$ReportType Format=$Format Rebuild=$Rebuild NoRebuild=$NoRebuild NoCache=$NoCache Aging=$Aging." $enterprise = getEnterprise $auth = $enterprise.loader.Auth $managedSet = Get-KeeperComplianceManagedUserEmailSet $allowedUserIds = $null $fetchIds = Resolve-KeeperComplianceFetchOwnerIds -Username $Username -Team $Team -Node $Node if ($null -ne $fetchIds) { $allowedUserIds = [System.Collections.Generic.HashSet[long]]::new() foreach ($id in $fetchIds) { $allowedUserIds.Add([long]$id) | Out-Null } } if ($null -eq $fetchIds) { Write-KeeperComplianceStatus "Record-access owner pre-filter: all enterprise users (no Node/Username/Team filter)." } elseif ($fetchIds.Count -eq 0) { Write-KeeperComplianceStatus "Record-access owner pre-filter: 0 user(s) matched (Node/Username/Team exclude everyone)." } else { Write-KeeperComplianceStatus "Record-access owner pre-filter matched $($fetchIds.Count) user(s)." } $emailArgs = $Email if (-not $emailArgs -or $emailArgs.Count -eq 0) { $emailArgs = @('@all') } $resolvedEmails = [System.Collections.Generic.List[string]]::new() foreach ($ref in $emailArgs) { if ($ref -ieq '@all') { $sortedUsers = @($enterprise.enterpriseData.Users | Sort-Object Email) foreach ($eu in $sortedUsers) { if ($eu.UserStatus -eq [KeeperSecurity.Enterprise.UserStatus]::Inactive) { continue } if (-not $eu.Email) { continue } if ($null -ne $allowedUserIds -and -not $allowedUserIds.Contains([long]$eu.Id)) { continue } $resolvedEmails.Add([string]$eu.Email) | Out-Null } continue } $trim = $ref.Trim() if ($trim -match '^\d+$') { $eu = $null if ($enterprise.enterpriseData.TryGetUserById([long]$trim, [ref]$eu) -and $eu -and $eu.Email) { if ($null -ne $allowedUserIds -and -not $allowedUserIds.Contains([long]$eu.Id)) { continue } $resolvedEmails.Add([string]$eu.Email) | Out-Null } continue } if (-not $managedSet.Contains($trim)) { continue } $eu = $null if (-not $enterprise.enterpriseData.TryGetUserByEmail($trim, [ref]$eu) -or -not $eu) { continue } if ($null -ne $allowedUserIds -and -not $allowedUserIds.Contains([long]$eu.Id)) { continue } $resolvedEmails.Add($trim) | Out-Null } $seen = @{} $targetEmails = [System.Collections.Generic.List[string]]::new() foreach ($e in $resolvedEmails) { $k = $e.ToLowerInvariant() if ($seen[$k]) { continue } $seen[$k] = $true $targetEmails.Add($e) | Out-Null } if ($targetEmails.Count -eq 0) { Write-Host "No users selected for record-access report." return } $snapshot = Get-KeeperComplianceSnapshot -Rebuild:$Rebuild -NoRebuild:$NoRebuild -OwnerUserIds $null $rows = [System.Collections.Generic.List[object]]::new() $vaultMode = ($ReportType -eq 'vault') foreach ($userEmail in $targetEmails) { $eu = $null if (-not $enterprise.enterpriseData.TryGetUserByEmail($userEmail, [ref]$eu) -or -not $eu) { continue } $userUid = [long]$eu.Id $vaultUids = $null if ($vaultMode) { $vaultSet = Get-KeeperComplianceVaultRecordUidsForUser -Snapshot $snapshot -UserUid $userUid $vaultUids = @($vaultSet) } $auditMap = Get-KeeperRecordAccessAuditEventsForUser -Auth $auth -UserEmail $userEmail -VaultRecordUids $vaultUids ` -VaultMode:$vaultMode -Limit $apiRowLimit $recordUids = [System.Collections.Generic.List[string]]::new() if ($vaultMode) { foreach ($u in $vaultUids) { $recordUids.Add([string]$u) | Out-Null } } else { foreach ($k in $auditMap.Keys) { $recordUids.Add([string]$k) | Out-Null } } foreach ($recUid in $recordUids) { $evt = $null if ($auditMap.ContainsKey([string]$recUid)) { $evt = $auditMap[[string]$recUid] } $rec = $null if ($snapshot.Records.ContainsKey([string]$recUid)) { $rec = $snapshot.Records[[string]$recUid] } $title = if ($rec) { [string]$rec.Title } else { '' } $rtype = if ($rec) { [string]$rec.RecordType } else { '' } $url = if ($rec -and $rec.Url) { ([string]$rec.Url).TrimEnd('/') } else { '' } if ([string]::IsNullOrWhiteSpace($title) -or [string]::IsNullOrWhiteSpace($rtype) -or [string]::IsNullOrWhiteSpace($url)) { $vaultMeta = Get-KeeperVaultRecordMetadataFallback -RecordUid $recUid if ($vaultMeta) { if ([string]::IsNullOrWhiteSpace($title) -and $vaultMeta.Title) { $title = [string]$vaultMeta.Title } if ([string]::IsNullOrWhiteSpace($rtype) -and $vaultMeta.RecordType) { $rtype = [string]$vaultMeta.RecordType } if ([string]::IsNullOrWhiteSpace($url) -and $vaultMeta.Url) { $url = [string]$vaultMeta.Url } } } $inTrash = if ($rec) { [bool]$rec.InTrash } else { $false } $ip = '' $device = '' $lastAccess = $null if ($evt) { $ip = [string](Get-KeeperComplianceAuditEventValue -Event $evt -Key 'ip_address') $device = [string](Get-KeeperComplianceAuditEventValue -Event $evt -Key 'keeper_version') $lc = Get-KeeperComplianceAuditEventValue -Event $evt -Key 'last_created' $lastAccess = ConvertTo-KeeperComplianceDateTime -EpochValue $lc } $ownerEmail = Get-KeeperComplianceRecordOwnerEmailFromSnapshot -Snapshot $snapshot -RecordUid $recUid $row = [ordered]@{ vault_owner = $userEmail record_uid = $recUid record_title = $title record_type = $rtype record_url = $url has_attachments = $false in_trash = $inTrash record_owner = $ownerEmail ip_address = $ip device = $device last_access = $lastAccess } $rows.Add([PSCustomObject]$row) | Out-Null } } $reportRows = @($rows) if ($Pattern -and $Pattern.Count -gt 0) { $reportRows = @( $reportRows | Where-Object { Test-KeeperRecordAccessRowPattern -Row $_ -Patterns $Pattern -UseRegex:$false } ) } elseif ($PatternRegex -and $PatternRegex.Count -gt 0) { $reportRows = @( $reportRows | Where-Object { Test-KeeperRecordAccessRowPattern -Row $_ -Patterns $PatternRegex -UseRegex:$true } ) } if ($Aging -and $reportRows.Count -gt 0) { $agingUids = @($reportRows | ForEach-Object { [string]$_.record_uid } | Where-Object { $_ } | Sort-Object -Unique) Write-KeeperComplianceStatus "Applying aging to $($agingUids.Count) unique record(s)." $agingData = Get-KeeperComplianceAgingData -RecordUids $agingUids $newRows = [System.Collections.Generic.List[object]]::new() foreach ($r in $reportRows) { $uidKey = [string]$r.record_uid $ag = $null if ($agingData -and $agingData.ContainsKey($uidKey)) { $ag = $agingData[$uidKey] } $nr = [ordered]@{} foreach ($p in $r.PSObject.Properties) { $nr[$p.Name] = $p.Value } if ($ag) { $nr['created'] = $ag['created'] $nr['last_pw_change'] = $ag['last_pw_change'] $nr['last_modified'] = $ag['last_modified'] $nr['last_rotation'] = $ag['last_rotation'] } else { $nr['created'] = $null $nr['last_pw_change'] = $null $nr['last_modified'] = $null $nr['last_rotation'] = $null } $newRows.Add([PSCustomObject]$nr) | Out-Null } $reportRows = @($newRows) } if ($reportRows.Count -eq 0) { Write-KeeperComplianceStatus "No record-access rows matched." Write-Host "No compliance record-access report rows found." return } $displayRows = ConvertTo-KeeperRecordAccessDisplayRows -Rows $reportRows -Format $Format Write-KeeperComplianceStatus "Rendering $($reportRows.Count) row(s) as $Format." $tableCols = [System.Collections.Generic.List[string]]::new() foreach ($c in @( 'vault_owner', 'record_uid', 'record_title', 'record_type', 'record_url', 'has_attachments', 'in_trash', 'record_owner', 'ip_address', 'device', 'last_access' )) { $tableCols.Add($c) | Out-Null } if ($Aging) { foreach ($c in @('created', 'last_pw_change', 'last_modified', 'last_rotation')) { $tableCols.Add($c) | Out-Null } } Write-KeeperReportOutput -Rows $reportRows -DisplayRows $displayRows -Format $Format -Output $Output -JsonDepth 8 ` -TableColumns @($tableCols) } } New-Alias -Name record-access-report -Value Get-KeeperComplianceRecordAccessReport function Get-KeeperComplianceTeamReportFilters { param( [Parameter()][string[]]$Team ) $enterprise = getEnterprise $enterpriseData = $enterprise.enterpriseData $teamUids = [System.Collections.Generic.HashSet[string]]::new() if (Test-KeeperComplianceHasNonEmptyStringList -Strings $Team) { foreach ($teamRef in $Team) { if ([string]::IsNullOrWhiteSpace([string]$teamRef)) { continue } $resolvedTeam = Get-KeeperTeamByNameOrUid -EnterpriseData $enterpriseData -TeamInput $teamRef if (-not $resolvedTeam) { Write-Warning "No enterprise team matched '$teamRef' for compliance team filter." continue } $teamUids.Add([string]$resolvedTeam.Uid) | Out-Null } } return [PSCustomObject]@{ TeamUids = if ($teamUids.Count -gt 0) { @($teamUids | Sort-Object) } else { $null } } } function Get-KeeperComplianceSharedFolderAllUserUids { param( [Parameter(Mandatory = $true)]$Snapshot, [Parameter(Mandatory = $true)]$SharedFolder ) $allUserUids = [System.Collections.Generic.HashSet[long]]::new() foreach ($userUid in $SharedFolder.Users) { $allUserUids.Add([long]$userUid) | Out-Null } $enterprise = getEnterprise $enterpriseData = $enterprise.enterpriseData foreach ($teamUid in $SharedFolder.Teams) { if ($Snapshot.Teams.ContainsKey([string]$teamUid)) { foreach ($teamUserUid in $Snapshot.Teams[[string]$teamUid].Users) { $allUserUids.Add([long]$teamUserUid) | Out-Null } } else { foreach ($teamUserUid in $enterpriseData.GetUsersForTeam([string]$teamUid)) { $allUserUids.Add([long]$teamUserUid) | Out-Null } } } return @($allUserUids | Sort-Object) } function Get-KeeperComplianceSharedFolderUserEmails { param( [Parameter(Mandatory = $true)]$Snapshot, [Parameter(Mandatory = $true)][string]$TeamUid ) $enterprise = getEnterprise $enterpriseData = $enterprise.enterpriseData $emails = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::OrdinalIgnoreCase) $teamUserIds = @() if ($Snapshot.Teams.ContainsKey([string]$TeamUid)) { $teamUserIds = @($Snapshot.Teams[[string]$TeamUid].Users) } else { $teamUserIds = @($enterpriseData.GetUsersForTeam([string]$TeamUid)) } foreach ($userUid in $teamUserIds) { $email = $null if ($Snapshot.Users.ContainsKey([long]$userUid)) { $email = [string]$Snapshot.Users[[long]$userUid].Email } else { $enterpriseUser = $null if ($enterpriseData.TryGetUserById([long]$userUid, [ref]$enterpriseUser) -and $enterpriseUser) { $email = [string]$enterpriseUser.Email } } if ($email) { $emails.Add($email) | Out-Null } } return @($emails | Sort-Object) } function Get-KeeperComplianceSharedFolderNameLookup { $lookup = @{} try { [KeeperSecurity.Vault.VaultOnline]$vault = getVault foreach ($sharedFolder in $vault.SharedFolders) { if ($sharedFolder.Uid) { $lookup[[string]$sharedFolder.Uid] = [string]$sharedFolder.Name } } } catch { } return $lookup } function Get-KeeperComplianceTeamPermissionText { param( [Parameter(Mandatory = $true)]$Team ) $permissions = @() if (-not $Team.RestrictShare) { $permissions += 'Can Share' } if (-not $Team.RestrictEdit) { $permissions += 'Can Edit' } if ($permissions.Count -eq 0) { return 'Read Only' } return ($permissions -join '; ') } function Get-KeeperComplianceTeamReportRows { param( [Parameter(Mandatory = $true)]$Snapshot, [Parameter()][string[]]$Team, [Parameter()]$Node, [Parameter()][switch]$ShowTeamUsers ) $enterprise = getEnterprise $enterpriseData = $enterprise.enterpriseData $filterInfo = Get-KeeperComplianceTeamReportFilters -Team $Team $teamLookup = $null if ($null -ne $filterInfo.TeamUids) { $teamLookup = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::OrdinalIgnoreCase) foreach ($teamUid in $filterInfo.TeamUids) { $teamLookup.Add([string]$teamUid) | Out-Null } } $filterTeamNodeSubtreeIds = $null $filterTeamNodeSkip = $false if (Test-KeeperComplianceHasNodeFilter -Node $Node) { $resolvedFilterNode = Resolve-KeeperComplianceNode -Node $Node.Trim() -Context 'compliance team report node filter' $filterTargetNodeId = [long]$resolvedFilterNode.Id $rootNodeId = [long]$enterpriseData.RootNode.Id if ($filterTargetNodeId -eq $rootNodeId) { $filterTeamNodeSkip = $true } else { $filterTeamNodeSubtreeIds = Get-KeeperComplianceEnterpriseNodeSubtreeIds -EnterpriseData $enterpriseData -RootNodeId $filterTargetNodeId } } $sharedFolderNames = Get-KeeperComplianceSharedFolderNameLookup $rows = [System.Collections.Generic.List[PSCustomObject]]::new() foreach ($folderEntry in ($Snapshot.SharedFolders.Values | Sort-Object Uid)) { $folderRecordUids = @($folderEntry.RecordPermissions.Keys) if ($folderRecordUids.Count -le 0) { continue } $recordCount = @($folderRecordUids).Count if ($teamLookup) { $matchesTeam = $false foreach ($tUid in $folderEntry.Teams) { if ($teamLookup.Contains([string]$tUid)) { $matchesTeam = $true break } } if (-not $matchesTeam) { continue } } foreach ($teamUid in (@($folderEntry.Teams) | Sort-Object)) { if ($teamLookup -and -not $teamLookup.Contains([string]$teamUid)) { continue } $teamObject = $null if (-not $enterpriseData.TryGetTeam([string]$teamUid, [ref]$teamObject) -or -not $teamObject) { continue } $teamNodeId = [long]$teamObject.ParentNodeId if ($teamNodeId -le 0) { $teamNodeId = [long]$enterpriseData.RootNode.Id } if ($Node -and -not $filterTeamNodeSkip) { if ($null -eq $filterTeamNodeSubtreeIds -or $filterTeamNodeSubtreeIds.Count -eq 0 -or -not $filterTeamNodeSubtreeIds.ContainsKey("$([long]$teamNodeId)")) { continue } } $teamNodePath = Get-KeeperNodePath -NodeId $teamNodeId -OmitRoot $row = [ordered]@{ team_name = [string]$teamObject.Name team_uid = [string]$teamUid node = [string]$teamNodePath shared_folder_name = if ($sharedFolderNames.ContainsKey([string]$folderEntry.Uid)) { [string]$sharedFolderNames[[string]$folderEntry.Uid] } else { '' } shared_folder_uid = [string]$folderEntry.Uid permissions = Get-KeeperComplianceTeamPermissionText -Team $teamObject records = [int]$recordCount } if ($ShowTeamUsers) { $row['team_users'] = Get-KeeperComplianceSharedFolderUserEmails -Snapshot $Snapshot -TeamUid ([string]$teamUid) } $rows.Add([PSCustomObject]$row) | Out-Null } } return @($rows | Sort-Object shared_folder_uid, team_name) } function Get-KeeperComplianceTeamReport { <# .Synopsis Run compliance team report #> [CmdletBinding()] param( [Parameter()][ValidateSet('table', 'json', 'csv')][string]$Format = 'table', [Parameter()][string]$Output, [Parameter()][string]$Node, [Parameter()][string[]]$Team, [Parameter()][switch]$ShowTeamUsers, [Parameter()][switch]$Rebuild, [Parameter()][switch]$NoRebuild, [Parameter()][switch]$NoCache ) $reportRows = Invoke-KeeperComplianceReportSession -NoCache:$NoCache -ScriptBlock { Write-KeeperComplianceStatus "Starting compliance-team-report. Format=$Format Rebuild=$Rebuild NoRebuild=$NoRebuild NoCache=$NoCache ShowTeamUsers=$ShowTeamUsers." $fetchOwnerIds = Resolve-KeeperComplianceFetchOwnerIds -Node $Node if ((Test-KeeperComplianceHasNodeFilter -Node $Node) -and $null -ne $fetchOwnerIds -and $fetchOwnerIds.Count -eq 0) { Write-Warning "No enterprise users matched the provided node filter." } $ownerIdsForSnapshot = if (Test-KeeperComplianceHasNodeFilter -Node $Node) { $null } else { $fetchOwnerIds } $snapshot = Get-KeeperComplianceSnapshot -Rebuild:$Rebuild -NoRebuild:$NoRebuild -OwnerUserIds $ownerIdsForSnapshot -SharedOnly $reportRows = Get-KeeperComplianceTeamReportRows -Snapshot $snapshot -Team $Team ` -Node $Node -ShowTeamUsers:$ShowTeamUsers return ,@($reportRows) } if ($reportRows.Count -eq 0) { Write-Host "No compliance team report rows found." return } $displayRows = @( $reportRows | ForEach-Object { $row = [ordered]@{} foreach ($property in $_.PSObject.Properties) { if ($property.Name -eq 'team_users') { $row[$property.Name] = @($property.Value) -join ', ' } else { $row[$property.Name] = $property.Value } } [PSCustomObject]$row } ) Write-KeeperReportOutput -Rows $reportRows -DisplayRows $displayRows -Format $Format -Output $Output -JsonDepth 5 } New-Alias -Name compliance-team-report -Value Get-KeeperComplianceTeamReport function Get-KeeperComplianceSummaryStatsForUser { param( [Parameter(Mandatory = $true)]$Snapshot, [Parameter(Mandatory = $true)][long]$UserUid, [Parameter(Mandatory = $true)][string]$Email ) $vaultSet = Get-KeeperComplianceVaultRecordUidsForUser -Snapshot $Snapshot -UserUid $UserUid $totalItems = $vaultSet.Count $numOwned = 0 $activeOwned = 0 $deletedOwned = 0 if ($Snapshot.OwnedRecordsByUser.ContainsKey($UserUid)) { $ownedSet = $Snapshot.OwnedRecordsByUser[$UserUid] $numOwned = $ownedSet.Count foreach ($r in $ownedSet) { $rk = [string]$r $inTrash = $false if ($Snapshot.Records.ContainsKey($rk)) { $inTrash = [bool]$Snapshot.Records[$rk].InTrash } if ($inTrash) { $deletedOwned++ } else { $activeOwned++ } } } return [PSCustomObject]@{ email = $Email total_items = [int]$totalItems total_owned = [int]$numOwned active_owned = [int]$activeOwned deleted_owned = [int]$deletedOwned } } function Get-KeeperComplianceSummaryReportRows { param( [Parameter(Mandatory = $true)]$Snapshot, [Parameter()][string[]]$Team, [Parameter()]$Node ) $enterprise = getEnterprise $enterpriseData = $enterprise.enterpriseData $fetchIds = Resolve-KeeperComplianceFetchOwnerIds -Team $Team -Node $Node if ((Test-KeeperComplianceHasNodeFilter -Node $Node) -and $null -ne $fetchIds -and @($fetchIds).Count -eq 0) { Write-Warning "No enterprise users matched the provided node (and team) filter." } $fetchIdSet = $null if ($null -ne $fetchIds) { $fetchIdSet = [System.Collections.Generic.HashSet[long]]::new() foreach ($id in @($fetchIds)) { $fetchIdSet.Add([long]$id) | Out-Null } } $rows = [System.Collections.Generic.List[object]]::new() $soxUserIds = [System.Collections.Generic.HashSet[long]]::new() foreach ($k in $Snapshot.Users.Keys) { $soxUserIds.Add([long]$k) | Out-Null } foreach ($eu in $enterpriseData.Users) { if ($eu.UserStatus -eq [KeeperSecurity.Enterprise.UserStatus]::Inactive) { continue } if (-not $eu.Email) { continue } if ($null -ne $fetchIdSet -and -not $fetchIdSet.Contains([long]$eu.Id)) { continue } $uid = [long]$eu.Id $email = [string]$eu.Email if ($soxUserIds.Contains($uid)) { $rows.Add((Get-KeeperComplianceSummaryStatsForUser -Snapshot $Snapshot -UserUid $uid -Email $email)) | Out-Null } else { $rows.Add([PSCustomObject]@{ email = $email total_items = 0 total_owned = 0 active_owned = 0 deleted_owned = 0 }) | Out-Null } } $sortedRows = [System.Collections.Generic.List[object]]::new() foreach ($r in (@($rows) | Sort-Object email)) { $sortedRows.Add($r) | Out-Null } $sumOwned = 0L $sumActive = 0L $sumDeleted = 0L foreach ($dr in $sortedRows) { $sumOwned += [long]$dr.total_owned $sumActive += [long]$dr.active_owned $sumDeleted += [long]$dr.deleted_owned } $sortedRows.Add([PSCustomObject]@{ email = 'TOTAL' total_items = $null total_owned = [long]$sumOwned active_owned = [long]$sumActive deleted_owned = [long]$sumDeleted }) | Out-Null return @($sortedRows) } function Get-KeeperComplianceSummaryReport { <# .Synopsis Run compliance summary report #> [CmdletBinding()] param( [Parameter()][ValidateSet('table', 'json', 'csv')][string]$Format = 'table', [Parameter()][string]$Output, [Parameter()][string]$Node, [Parameter()][string[]]$Team, [Parameter()][switch]$Rebuild, [Parameter()][switch]$NoRebuild, [Parameter()][switch]$NoCache ) $reportRows = Invoke-KeeperComplianceReportSession -NoCache:$NoCache -ScriptBlock { Write-KeeperComplianceStatus "Starting compliance summary-report. Format=$Format Rebuild=$Rebuild NoRebuild=$NoRebuild NoCache=$NoCache." $snapshot = Get-KeeperComplianceSnapshot -Rebuild:$Rebuild -NoRebuild:$NoRebuild -OwnerUserIds $null $reportRows = Get-KeeperComplianceSummaryReportRows -Snapshot $snapshot -Team $Team -Node $Node return ,@($reportRows) } if ($reportRows.Count -eq 0) { Write-Host "No compliance summary report rows found." return } $displayRows = @( $reportRows | ForEach-Object { $row = [ordered]@{} foreach ($property in $_.PSObject.Properties) { $row[$property.Name] = $property.Value } [PSCustomObject]$row } ) Write-KeeperReportOutput -Rows $reportRows -DisplayRows $displayRows -Format $Format -Output $Output -JsonDepth 5 ` -TableColumns @('email', 'total_items', 'total_owned', 'active_owned', 'deleted_owned') } New-Alias -Name compliance-summary-report -Value Get-KeeperComplianceSummaryReport function Get-KeeperComplianceSharedFolderReportRows { param( [Parameter(Mandatory = $true)]$Snapshot, [Parameter()][string[]]$Team, [Parameter()][switch]$ShowTeamUsers, [Parameter()]$Node, [Parameter()][long[]]$NodeScopeUserIds ) $enterprise = getEnterprise $enterpriseData = $enterprise.enterpriseData $filterInfo = Get-KeeperComplianceTeamReportFilters -Team $Team $teamLookup = $null if ($null -ne $filterInfo.TeamUids) { $teamLookup = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::OrdinalIgnoreCase) foreach ($teamUid in $filterInfo.TeamUids) { $teamLookup.Add([string]$teamUid) | Out-Null } } $nodeUserIdSet = $null $recordsOwnedByNodeUsers = $null $filterTeamNodeSubtreeIds = $null $rootNodeIdSf = [long]$enterpriseData.RootNode.Id if (Test-KeeperComplianceHasNodeFilter -Node $Node) { if ($null -ne $NodeScopeUserIds -and @($NodeScopeUserIds).Count -gt 0) { $nodeUserIdSet = [System.Collections.Generic.HashSet[long]]::new() foreach ($id in @($NodeScopeUserIds)) { $nodeUserIdSet.Add([long]$id) | Out-Null } $recordsOwnedByNodeUsers = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::OrdinalIgnoreCase) foreach ($uid in $nodeUserIdSet) { if (-not $Snapshot.OwnedRecordsByUser.ContainsKey([long]$uid)) { continue } foreach ($r in $Snapshot.OwnedRecordsByUser[[long]$uid]) { $recordsOwnedByNodeUsers.Add([string]$r) | Out-Null } } } $resolvedFilterNode = Resolve-KeeperComplianceNode -Node $Node.Trim() -Context 'compliance shared-folder report node filter' $filterTargetNodeId = [long]$resolvedFilterNode.Id $subtreeRootId = if ($filterTargetNodeId -eq $rootNodeIdSf) { $rootNodeIdSf } else { $filterTargetNodeId } $filterTeamNodeSubtreeIds = Get-KeeperComplianceEnterpriseNodeSubtreeIds -EnterpriseData $enterpriseData -RootNodeId $subtreeRootId } $rows = [System.Collections.Generic.List[object]]::new() foreach ($folderEntry in ($Snapshot.SharedFolders.Values | Sort-Object { $_.Uid })) { $recordUids = @($folderEntry.RecordPermissions.Keys | Sort-Object) if ($recordUids.Count -eq 0) { continue } if (Test-KeeperComplianceHasNodeFilter -Node $Node) { $folderRelevantToNode = $false if ($null -ne $recordsOwnedByNodeUsers -and $recordsOwnedByNodeUsers.Count -gt 0) { foreach ($ru in $recordUids) { if ($recordsOwnedByNodeUsers.Contains([string]$ru)) { $folderRelevantToNode = $true break } } } if (-not $folderRelevantToNode -and $null -ne $nodeUserIdSet) { foreach ($userUid in $folderEntry.Users) { if ($nodeUserIdSet.Contains([long]$userUid)) { $folderRelevantToNode = $true break } } } if (-not $folderRelevantToNode) { foreach ($tuid in $folderEntry.Teams) { $teamObj = $null if ($enterpriseData.TryGetTeam([string]$tuid, [ref]$teamObj) -and $teamObj) { $teamHomeId = [long]$teamObj.ParentNodeId if ($teamHomeId -le 0) { $teamHomeId = $rootNodeIdSf } if ($null -ne $filterTeamNodeSubtreeIds -and $filterTeamNodeSubtreeIds.Count -gt 0 -and $filterTeamNodeSubtreeIds.ContainsKey("$([long]$teamHomeId)")) { $folderRelevantToNode = $true break } } if (-not $folderRelevantToNode -and $null -ne $nodeUserIdSet) { $teamUserIds = @() if ($Snapshot.Teams.ContainsKey([string]$tuid)) { $teamUserIds = @($Snapshot.Teams[[string]$tuid].Users) } else { $teamUserIds = @($enterpriseData.GetUsersForTeam([string]$tuid)) } foreach ($tu in $teamUserIds) { if ($nodeUserIdSet.Contains([long]$tu)) { $folderRelevantToNode = $true break } } } if ($folderRelevantToNode) { break } } } if (-not $folderRelevantToNode) { continue } } if ($teamLookup) { $matchesTeam = $false foreach ($t in $folderEntry.Teams) { if ($teamLookup.Contains([string]$t)) { $matchesTeam = $true break } } if (-not $matchesTeam) { continue } } $teamUids = @($folderEntry.Teams | Sort-Object) $teamNames = [System.Collections.Generic.List[string]]::new() $teamNodePaths = [System.Collections.Generic.List[string]]::new() $rootNodeIdForTeams = [long]$enterpriseData.RootNode.Id foreach ($tid in $teamUids) { $teamObj = $null if ($enterpriseData.TryGetTeam([string]$tid, [ref]$teamObj) -and $teamObj) { $teamNames.Add([string]$teamObj.Name) | Out-Null $teamNodeId = [long]$teamObj.ParentNodeId if ($teamNodeId -le 0) { $teamNodeId = $rootNodeIdForTeams } $teamNodePaths.Add([string](Get-KeeperNodePath -NodeId $teamNodeId -OmitRoot)) | Out-Null } else { $teamNames.Add('') | Out-Null $teamNodePaths.Add('') | Out-Null } } $emailParts = [System.Collections.Generic.List[string]]::new() if ($ShowTeamUsers) { foreach ($tid in $teamUids) { foreach ($em in Get-KeeperComplianceSharedFolderUserEmails -Snapshot $Snapshot -TeamUid ([string]$tid)) { $emailParts.Add("(TU)$em") | Out-Null } } } foreach ($userUid in ($folderEntry.Users | Sort-Object)) { if ($Snapshot.Users.ContainsKey([long]$userUid)) { $emailParts.Add([string]$Snapshot.Users[[long]$userUid].Email) | Out-Null } } $recordTitles = [System.Collections.Generic.List[string]]::new() foreach ($ru in $recordUids) { $rt = '' if ($Snapshot.Records.ContainsKey([string]$ru)) { $rt = [string]$Snapshot.Records[[string]$ru].Title } $recordTitles.Add($rt) | Out-Null } $rows.Add([PSCustomObject][ordered]@{ shared_folder_uid = [string]$folderEntry.Uid team_uid = @($teamUids) -join ', ' team_name = @($teamNames) -join ', ' node = @($teamNodePaths) -join ', ' record_uid = @($recordUids) -join ', ' record_title = @($recordTitles) -join ', ' email = @($emailParts) -join ', ' }) | Out-Null } return @($rows | Sort-Object shared_folder_uid) } function Get-KeeperComplianceSharedFolderReport { <# .Synopsis Run compliance shared-folder report .Parameter ShowTeamUsers Include team members in the email column #> [CmdletBinding()] param( [Parameter()][ValidateSet('table', 'json', 'csv')][string]$Format = 'table', [Parameter()][string]$Output, [Parameter()][string]$Node, [Parameter()][string[]]$Team, [Parameter()][switch]$ShowTeamUsers, [Parameter()][switch]$Rebuild, [Parameter()][switch]$NoRebuild, [Parameter()][switch]$NoCache ) $reportRows = Invoke-KeeperComplianceReportSession -NoCache:$NoCache -ScriptBlock { Write-KeeperComplianceStatus "Starting compliance shared-folder-report. Format=$Format Rebuild=$Rebuild NoRebuild=$NoRebuild NoCache=$NoCache ShowTeamUsers=$ShowTeamUsers." $fetchOwnerIds = Resolve-KeeperComplianceFetchOwnerIds -Node $Node if ((Test-KeeperComplianceHasNodeFilter -Node $Node) -and $null -ne $fetchOwnerIds -and @($fetchOwnerIds).Count -eq 0) { Write-Warning "No enterprise users in the node subtree for user/record checks; folders may still match via team home node." } $ownerIdsForSnapshot = if (Test-KeeperComplianceHasNodeFilter -Node $Node) { $null } else { $fetchOwnerIds } $snapshot = Get-KeeperComplianceSnapshot -Rebuild:$Rebuild -NoRebuild:$NoRebuild -OwnerUserIds $ownerIdsForSnapshot -SharedOnly $reportRows = Get-KeeperComplianceSharedFolderReportRows -Snapshot $snapshot -Team $Team ` -ShowTeamUsers:$ShowTeamUsers -Node $Node -NodeScopeUserIds $fetchOwnerIds return ,@($reportRows) } if ($ShowTeamUsers) { Write-Host "(TU) denotes a user whose membership in a team grants them access to the shared folder." -ForegroundColor DarkGray } if ($reportRows.Count -eq 0) { Write-Host "No compliance shared-folder report rows found." return } Write-KeeperReportOutput -Rows $reportRows -DisplayRows $reportRows -Format $Format -Output $Output -JsonDepth 6 ` -TableColumns @('shared_folder_uid', 'team_uid', 'team_name', 'node', 'record_uid', 'record_title', 'email') } New-Alias -Name compliance-shared-folder-report -Value Get-KeeperComplianceSharedFolderReport # SIG # Begin signature block # MIInvgYJKoZIhvcNAQcCoIInrzCCJ6sCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCC0aK7Ls4bxpIbQ # f9MUw29dCW5usLir+ibMCfvEibA1R6CCITswggWNMIIEdaADAgECAhAOmxiO+dAt # 5+/bUOIIQBhaMA0GCSqGSIb3DQEBDAUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQK # EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNV # BAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0yMjA4MDEwMDAwMDBa # Fw0zMTExMDkyMzU5NTlaMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2Vy # dCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lD # ZXJ0IFRydXN0ZWQgUm9vdCBHNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC # ggIBAL/mkHNo3rvkXUo8MCIwaTPswqclLskhPfKK2FnC4SmnPVirdprNrnsbhA3E # MB/zG6Q4FutWxpdtHauyefLKEdLkX9YFPFIPUh/GnhWlfr6fqVcWWVVyr2iTcMKy # unWZanMylNEQRBAu34LzB4TmdDttceItDBvuINXJIB1jKS3O7F5OyJP4IWGbNOsF # xl7sWxq868nPzaw0QF+xembud8hIqGZXV59UWI4MK7dPpzDZVu7Ke13jrclPXuU1 # 5zHL2pNe3I6PgNq2kZhAkHnDeMe2scS1ahg4AxCN2NQ3pC4FfYj1gj4QkXCrVYJB # MtfbBHMqbpEBfCFM1LyuGwN1XXhm2ToxRJozQL8I11pJpMLmqaBn3aQnvKFPObUR # WBf3JFxGj2T3wWmIdph2PVldQnaHiZdpekjw4KISG2aadMreSx7nDmOu5tTvkpI6 # nj3cAORFJYm2mkQZK37AlLTSYW3rM9nF30sEAMx9HJXDj/chsrIRt7t/8tWMcCxB # YKqxYxhElRp2Yn72gLD76GSmM9GJB+G9t+ZDpBi4pncB4Q+UDCEdslQpJYls5Q5S # UUd0viastkF13nqsX40/ybzTQRESW+UQUOsxxcpyFiIJ33xMdT9j7CFfxCBRa2+x # q4aLT8LWRV+dIPyhHsXAj6KxfgommfXkaS+YHS312amyHeUbAgMBAAGjggE6MIIB # NjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTs1+OC0nFdZEzfLmc/57qYrhwP # TzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzAOBgNVHQ8BAf8EBAMC # AYYweQYIKwYBBQUHAQEEbTBrMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp # Y2VydC5jb20wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNv # bS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcnQwRQYDVR0fBD4wPDA6oDigNoY0 # aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENB # LmNybDARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQEMBQADggEBAHCgv0Nc # Vec4X6CjdBs9thbX979XB72arKGHLOyFXqkauyL4hxppVCLtpIh3bb0aFPQTSnov # Lbc47/T/gLn4offyct4kvFIDyE7QKt76LVbP+fT3rDB6mouyXtTP0UNEm0Mh65Zy # oUi0mcudT6cGAxN3J0TU53/oWajwvy8LpunyNDzs9wPHh6jSTEAZNUZqaVSwuKFW # juyk1T3osdz9HNj0d1pcVIxv76FQPfx2CWiEn2/K2yCNNWAcAgPLILCsWKAOQGPF # mCLBsln1VWvPJ6tsds5vIy30fnFqI2si/xK4VC0nftg62fC2h5b9W9FcrBjDTZ9z # twGpn1eqXijiuZQwggawMIIEmKADAgECAhAIrUCyYNKcTJ9ezam9k67ZMA0GCSqG # SIb3DQEBDAUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMx # GTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0IFRy # dXN0ZWQgUm9vdCBHNDAeFw0yMTA0MjkwMDAwMDBaFw0zNjA0MjgyMzU5NTlaMGkx # CzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UEAxM4 # RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEzODQg # MjAyMSBDQTEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDVtC9C0Cit # eLdd1TlZG7GIQvUzjOs9gZdwxbvEhSYwn6SOaNhc9es0JAfhS0/TeEP0F9ce2vnS # 1WcaUk8OoVf8iJnBkcyBAz5NcCRks43iCH00fUyAVxJrQ5qZ8sU7H/Lvy0daE6ZM # swEgJfMQ04uy+wjwiuCdCcBlp/qYgEk1hz1RGeiQIXhFLqGfLOEYwhrMxe6TSXBC # Mo/7xuoc82VokaJNTIIRSFJo3hC9FFdd6BgTZcV/sk+FLEikVoQ11vkunKoAFdE3 # /hoGlMJ8yOobMubKwvSnowMOdKWvObarYBLj6Na59zHh3K3kGKDYwSNHR7OhD26j # q22YBoMbt2pnLdK9RBqSEIGPsDsJ18ebMlrC/2pgVItJwZPt4bRc4G/rJvmM1bL5 # OBDm6s6R9b7T+2+TYTRcvJNFKIM2KmYoX7BzzosmJQayg9Rc9hUZTO1i4F4z8ujo # 7AqnsAMrkbI2eb73rQgedaZlzLvjSFDzd5Ea/ttQokbIYViY9XwCFjyDKK05huzU # tw1T0PhH5nUwjewwk3YUpltLXXRhTT8SkXbev1jLchApQfDVxW0mdmgRQRNYmtwm # KwH0iU1Z23jPgUo+QEdfyYFQc4UQIyFZYIpkVMHMIRroOBl8ZhzNeDhFMJlP/2NP # TLuqDQhTQXxYPUez+rbsjDIJAsxsPAxWEQIDAQABo4IBWTCCAVUwEgYDVR0TAQH/ # BAgwBgEB/wIBADAdBgNVHQ4EFgQUaDfg67Y7+F8Rhvv+YXsIiGX0TkIwHwYDVR0j # BBgwFoAU7NfjgtJxXWRM3y5nP+e6mK4cD08wDgYDVR0PAQH/BAQDAgGGMBMGA1Ud # JQQMMAoGCCsGAQUFBwMDMHcGCCsGAQUFBwEBBGswaTAkBggrBgEFBQcwAYYYaHR0 # cDovL29jc3AuZGlnaWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRwOi8vY2FjZXJ0 # cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNydDBDBgNVHR8E # PDA6MDigNqA0hjJodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVz # dGVkUm9vdEc0LmNybDAcBgNVHSAEFTATMAcGBWeBDAEDMAgGBmeBDAEEATANBgkq # hkiG9w0BAQwFAAOCAgEAOiNEPY0Idu6PvDqZ01bgAhql+Eg08yy25nRm95RysQDK # r2wwJxMSnpBEn0v9nqN8JtU3vDpdSG2V1T9J9Ce7FoFFUP2cvbaF4HZ+N3HLIvda # qpDP9ZNq4+sg0dVQeYiaiorBtr2hSBh+3NiAGhEZGM1hmYFW9snjdufE5BtfQ/g+ # lP92OT2e1JnPSt0o618moZVYSNUa/tcnP/2Q0XaG3RywYFzzDaju4ImhvTnhOE7a # brs2nfvlIVNaw8rpavGiPttDuDPITzgUkpn13c5UbdldAhQfQDN8A+KVssIhdXNS # y0bYxDQcoqVLjc1vdjcshT8azibpGL6QB7BDf5WIIIJw8MzK7/0pNVwfiThV9zeK # iwmhywvpMRr/LhlcOXHhvpynCgbWJme3kuZOX956rEnPLqR0kq3bPKSchh/jwVYb # KyP/j7XqiHtwa+aguv06P0WmxOgWkVKLQcBIhEuWTatEQOON8BUozu3xGFYHKi8Q # xAwIZDwzj64ojDzLj4gLDb879M4ee47vtevLt/B3E+bnKD+sEq6lLyJsQfmCXBVm # zGwOysWGw/YmMwwHS6DTBwJqakAwSEs0qFEgu60bhQjiWQ1tygVQK+pKHJ6l/aCn # HwZ05/LWUpD9r4VIIflXO7ScA+2GRfS0YW6/aOImYIbqyK+p/pQd52MbOoZWeE4w # gga0MIIEnKADAgECAhANx6xXBf8hmS5AQyIMOkmGMA0GCSqGSIb3DQEBCwUAMGIx # CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3 # dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0IFRydXN0ZWQgUm9vdCBH # NDAeFw0yNTA1MDcwMDAwMDBaFw0zODAxMTQyMzU5NTlaMGkxCzAJBgNVBAYTAlVT # MRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UEAxM4RGlnaUNlcnQgVHJ1 # c3RlZCBHNCBUaW1lU3RhbXBpbmcgUlNBNDA5NiBTSEEyNTYgMjAyNSBDQTEwggIi # MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC0eDHTCphBcr48RsAcrHXbo0Zo # dLRRF51NrY0NlLWZloMsVO1DahGPNRcybEKq+RuwOnPhof6pvF4uGjwjqNjfEvUi # 6wuim5bap+0lgloM2zX4kftn5B1IpYzTqpyFQ/4Bt0mAxAHeHYNnQxqXmRinvuNg # xVBdJkf77S2uPoCj7GH8BLuxBG5AvftBdsOECS1UkxBvMgEdgkFiDNYiOTx4OtiF # cMSkqTtF2hfQz3zQSku2Ws3IfDReb6e3mmdglTcaarps0wjUjsZvkgFkriK9tUKJ # m/s80FiocSk1VYLZlDwFt+cVFBURJg6zMUjZa/zbCclF83bRVFLeGkuAhHiGPMvS # GmhgaTzVyhYn4p0+8y9oHRaQT/aofEnS5xLrfxnGpTXiUOeSLsJygoLPp66bkDX1 # ZlAeSpQl92QOMeRxykvq6gbylsXQskBBBnGy3tW/AMOMCZIVNSaz7BX8VtYGqLt9 # MmeOreGPRdtBx3yGOP+rx3rKWDEJlIqLXvJWnY0v5ydPpOjL6s36czwzsucuoKs7 # Yk/ehb//Wx+5kMqIMRvUBDx6z1ev+7psNOdgJMoiwOrUG2ZdSoQbU2rMkpLiQ6bG # RinZbI4OLu9BMIFm1UUl9VnePs6BaaeEWvjJSjNm2qA+sdFUeEY0qVjPKOWug/G6 # X5uAiynM7Bu2ayBjUwIDAQABo4IBXTCCAVkwEgYDVR0TAQH/BAgwBgEB/wIBADAd # BgNVHQ4EFgQU729TSunkBnx6yuKQVvYv1Ensy04wHwYDVR0jBBgwFoAU7NfjgtJx # XWRM3y5nP+e6mK4cD08wDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoGCCsGAQUF # BwMIMHcGCCsGAQUFBwEBBGswaTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGln # aWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5j # b20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNydDBDBgNVHR8EPDA6MDigNqA0hjJo # dHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNy # bDAgBgNVHSAEGTAXMAgGBmeBDAEEAjALBglghkgBhv1sBwEwDQYJKoZIhvcNAQEL # BQADggIBABfO+xaAHP4HPRF2cTC9vgvItTSmf83Qh8WIGjB/T8ObXAZz8OjuhUxj # aaFdleMM0lBryPTQM2qEJPe36zwbSI/mS83afsl3YTj+IQhQE7jU/kXjjytJgnn0 # hvrV6hqWGd3rLAUt6vJy9lMDPjTLxLgXf9r5nWMQwr8Myb9rEVKChHyfpzee5kH0 # F8HABBgr0UdqirZ7bowe9Vj2AIMD8liyrukZ2iA/wdG2th9y1IsA0QF8dTXqvcnT # mpfeQh35k5zOCPmSNq1UH410ANVko43+Cdmu4y81hjajV/gxdEkMx1NKU4uHQcKf # ZxAvBAKqMVuqte69M9J6A47OvgRaPs+2ykgcGV00TYr2Lr3ty9qIijanrUR3anzE # wlvzZiiyfTPjLbnFRsjsYg39OlV8cipDoq7+qNNjqFzeGxcytL5TTLL4ZaoBdqbh # OhZ3ZRDUphPvSRmMThi0vw9vODRzW6AxnJll38F0cuJG7uEBYTptMSbhdhGQDpOX # gpIUsWTjd6xpR6oaQf/DJbg3s6KCLPAlZ66RzIg9sC+NJpud/v4+7RWsWCiKi9EO # LLHfMR2ZyJ/+xhCx9yHbxtl5TPau1j/1MIDpMPx0LckTetiSuEtQvLsNz3Qbp7wG # WqbIiOWCnb5WqxL3/BAPvIXKUjPSxyZsq8WhbaM2tszWkPZPubdcMIIG7TCCBNWg # AwIBAgIQCoDvGEuN8QWC0cR2p5V0aDANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQG # EwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0 # IFRydXN0ZWQgRzQgVGltZVN0YW1waW5nIFJTQTQwOTYgU0hBMjU2IDIwMjUgQ0Ex # MB4XDTI1MDYwNDAwMDAwMFoXDTM2MDkwMzIzNTk1OVowYzELMAkGA1UEBhMCVVMx # FzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2VydCBTSEEy # NTYgUlNBNDA5NiBUaW1lc3RhbXAgUmVzcG9uZGVyIDIwMjUgMTCCAiIwDQYJKoZI # hvcNAQEBBQADggIPADCCAgoCggIBANBGrC0Sxp7Q6q5gVrMrV7pvUf+GcAoB38o3 # zBlCMGMyqJnfFNZx+wvA69HFTBdwbHwBSOeLpvPnZ8ZN+vo8dE2/pPvOx/Vj8Tch # TySA2R4QKpVD7dvNZh6wW2R6kSu9RJt/4QhguSssp3qome7MrxVyfQO9sMx6ZAWj # FDYOzDi8SOhPUWlLnh00Cll8pjrUcCV3K3E0zz09ldQ//nBZZREr4h/GI6Dxb2Uo # yrN0ijtUDVHRXdmncOOMA3CoB/iUSROUINDT98oksouTMYFOnHoRh6+86Ltc5zjP # KHW5KqCvpSduSwhwUmotuQhcg9tw2YD3w6ySSSu+3qU8DD+nigNJFmt6LAHvH3KS # uNLoZLc1Hf2JNMVL4Q1OpbybpMe46YceNA0LfNsnqcnpJeItK/DhKbPxTTuGoX7w # JNdoRORVbPR1VVnDuSeHVZlc4seAO+6d2sC26/PQPdP51ho1zBp+xUIZkpSFA8vW # doUoHLWnqWU3dCCyFG1roSrgHjSHlq8xymLnjCbSLZ49kPmk8iyyizNDIXj//cOg # rY7rlRyTlaCCfw7aSUROwnu7zER6EaJ+AliL7ojTdS5PWPsWeupWs7NpChUk555K # 096V1hE0yZIXe+giAwW00aHzrDchIc2bQhpp0IoKRR7YufAkprxMiXAJQ1XCmnCf # gPf8+3mnAgMBAAGjggGVMIIBkTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTkO/zy # Me39/dfzkXFjGVBDz2GM6DAfBgNVHSMEGDAWgBTvb1NK6eQGfHrK4pBW9i/USezL # TjAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwgZUGCCsG # AQUFBwEBBIGIMIGFMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j # b20wXQYIKwYBBQUHMAKGUWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdp # Q2VydFRydXN0ZWRHNFRpbWVTdGFtcGluZ1JTQTQwOTZTSEEyNTYyMDI1Q0ExLmNy # dDBfBgNVHR8EWDBWMFSgUqBQhk5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln # aUNlcnRUcnVzdGVkRzRUaW1lU3RhbXBpbmdSU0E0MDk2U0hBMjU2MjAyNUNBMS5j # cmwwIAYDVR0gBBkwFzAIBgZngQwBBAIwCwYJYIZIAYb9bAcBMA0GCSqGSIb3DQEB # CwUAA4ICAQBlKq3xHCcEua5gQezRCESeY0ByIfjk9iJP2zWLpQq1b4URGnwWBdEZ # D9gBq9fNaNmFj6Eh8/YmRDfxT7C0k8FUFqNh+tshgb4O6Lgjg8K8elC4+oWCqnU/ # ML9lFfim8/9yJmZSe2F8AQ/UdKFOtj7YMTmqPO9mzskgiC3QYIUP2S3HQvHG1FDu # +WUqW4daIqToXFE/JQ/EABgfZXLWU0ziTN6R3ygQBHMUBaB5bdrPbF6MRYs03h4o # bEMnxYOX8VBRKe1uNnzQVTeLni2nHkX/QqvXnNb+YkDFkxUGtMTaiLR9wjxUxu2h # ECZpqyU1d0IbX6Wq8/gVutDojBIFeRlqAcuEVT0cKsb+zJNEsuEB7O7/cuvTQasn # M9AWcIQfVjnzrvwiCZ85EE8LUkqRhoS3Y50OHgaY7T/lwd6UArb+BOVAkg2oOvol # /DJgddJ35XTxfUlQ+8Hggt8l2Yv7roancJIFcbojBcxlRcGG0LIhp6GvReQGgMgY # xQbV1S3CrWqZzBt1R9xJgKf47CdxVRd/ndUlQ05oxYy2zRWVFjF7mcr4C34Mj3oc # CVccAvlKV9jEnstrniLvUxxVZE/rptb7IRE2lskKPIJgbaP5t2nGj/ULLi49xTcB # ZU8atufk+EMF/cWuiC7POGT75qaL6vdCvHlshtjdNXOCIUjsarfNZzCCB0kwggUx # oAMCAQICEAHdzU+FVN9jCMv0HhHagNUwDQYJKoZIhvcNAQELBQAwaTELMAkGA1UE # BhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMUEwPwYDVQQDEzhEaWdpQ2Vy # dCBUcnVzdGVkIEc0IENvZGUgU2lnbmluZyBSU0E0MDk2IFNIQTM4NCAyMDIxIENB # MTAeFw0yNjA2MDUwMDAwMDBaFw0yNzA2MDQyMzU5NTlaMIHRMRMwEQYLKwYBBAGC # NzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMR0wGwYDVQQPDBRQ # cml2YXRlIE9yZ2FuaXphdGlvbjEQMA4GA1UEBRMHMzQwNzk4NTELMAkGA1UEBhMC # VVMxETAPBgNVBAgTCElsbGlub2lzMRAwDgYDVQQHEwdDaGljYWdvMR0wGwYDVQQK # ExRLZWVwZXIgU2VjdXJpdHkgSW5jLjEdMBsGA1UEAxMUS2VlcGVyIFNlY3VyaXR5 # IEluYy4wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCb4DRTV0sNQsa1 # 0YRh+bliabmLOVYr6S0+BSVvRJAN3SHP6x52i1Dkpki5xVDIH06ZnnsToVrgvTv+ # QxGwsn9SAPHEZ/PIJRFxbMR4ShDaptYyL4f0u4k/3HwRzIleWE4mTUonYH8BdgLw # /F53B7wa7VTDHtxXltYTibEOwJxYCOi4Zr2FYQhjw14/CHcqS3FSMs6YYU2T56+g # w819hQM3K0YlwTNOFoIm1v7/ZZZiJGH8uGDsvy1makh1Xyyo/wN8EbQ1nbslmePT # roPm9w7WqiP/yiq+CZHiuTk9JK5bEgkWG3ns+v25cI251WidJx3SU7IZnX0OTd6/ # ZdKhprD5Gcfy5GBbJdcYw2WycQRW0PT5BEt55xRE0heufkpDaTUN6RdOuJdXbkl0 # hV91IZIuhueEMCk3h5mDTlU5gImxqj0R/TbAxjSSGTKCeuYFkQIRqytSabdrZZ48 # kW5hOIZMVDY1f4kpPJa8UeEvDZXT3vrtj36aSJrwez2uh4FMNlkCAwEAAaOCAgIw # ggH+MB8GA1UdIwQYMBaAFGg34Ou2O/hfEYb7/mF7CIhl9E5CMB0GA1UdDgQWBBT1 # SmCYU/7Yrz1fX66Ur5nSzlSYOzA9BgNVHSAENjA0MDIGBWeBDAEDMCkwJwYIKwYB # BQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNVHQ8BAf8EBAMC # B4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwgbUGA1UdHwSBrTCBqjBToFGgT4ZNaHR0 # cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0Q29kZVNpZ25p # bmdSU0E0MDk2U0hBMzg0MjAyMUNBMS5jcmwwU6BRoE+GTWh0dHA6Ly9jcmw0LmRp # Z2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNENvZGVTaWduaW5nUlNBNDA5NlNI # QTM4NDIwMjFDQTEuY3JsMIGUBggrBgEFBQcBAQSBhzCBhDAkBggrBgEFBQcwAYYY # aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFwGCCsGAQUFBzAChlBodHRwOi8vY2Fj # ZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkRzRDb2RlU2lnbmluZ1JT # QTQwOTZTSEEzODQyMDIxQ0ExLmNydDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUA # A4ICAQBcavcUHNFEg872HDRq2+hRlnvaghCXv7X/6h9HSzjAQP3rt95BZty3ASqi # 2MYyGQLGdDl4DToe/WhajtEOBOYa83agW6tBvrfcKRrDrwJOMPTbwNYvn+GuiL4T # CKzXaytWiJJbrc5odc7Ecat2ZvJylpPmNainr4Q0LzzH23Gea/Mm/hIJTN4IGgrH # hrXiTIIW/ZUzrY6g8b3RZB4BA497n43wNdSqP+C3ntFw6NiGB4Z25SW4YntIxYPv # Kf37OVhF0xqxLC1sK/XxgK0EGQ6iaj8Ncpr2C5vSNZqfW2MndxOA1W67pgDpg83k # UWG+/YJeGhqOTF82/0kIzQXeI/lIqbnL/IJAJqSm/ROSpsGUKVbzk03cpTD55ZQX # WjM0fLirypBqY05T8gnh1L0fSwxr/SwJZ8OddivgyK1YOMn02nnsEG5kxBt9cMX4 # JCYABhypmAVDRvyYifEVdoFWv2gAXXW+PPRvlNa6E4aMCZrVcoKHiyeMAXOi1IC9 # mHvC2+foTSMFueq3AdnYfeKnZnAiKXKRhXcdHbQYcR2A7AIzIcqahPYr4FNEgb/E # /y/kypAkf0rMHlYl1kNqLs2Nv1UnMEHYT5YmDVLO63+1Trcw4zTZ70zuqIqeID/d # nbOlgtyG6DSRCL7f0E7kP18f4RoX5i1PkfeO4VJHsAuCeNG1qjGCBdkwggXVAgEB # MH0waTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMUEwPwYD # VQQDEzhEaWdpQ2VydCBUcnVzdGVkIEc0IENvZGUgU2lnbmluZyBSU0E0MDk2IFNI # QTM4NCAyMDIxIENBMQIQAd3NT4VU32MIy/QeEdqA1TANBglghkgBZQMEAgEFAKCB # hDAYBgorBgEEAYI3AgEMMQowCKACgAChAoAAMBkGCSqGSIb3DQEJAzEMBgorBgEE # AYI3AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEVMC8GCSqGSIb3DQEJ # BDEiBCB4rfjN+GHHqRbTHn8SAqVHaCB4AlMhPgu/7x7KkDugCDANBgkqhkiG9w0B # AQEFAASCAYBtsuNnDb0vK7XpOD+oPGnbtvaxWCxA87/ZqFbjDj4DQUfaa7KVD86H # 9ohD+KUhl7xn6DnJHT9uv8o0GaC8y9zBO+/a0CdMpFsKMDlCrD3WK5LnJdGPtSmK # FkflQFLGRnCQi5vSFFBGzqyoraTAV8d4zIUuXxTIBOCXtYe6FsOsjTaLfMnK1Lv0 # 7P6BB7CC8LzTVENVdgRQOa07KXOcDwB/SY9Bm0T6uboFSDnSLmyE9FtEP+Ncl5Xf # PU2552mxcm/UnlioGgkY1b9e/WBUrRirjz2HkgzBeyee/WyhNjSO8lGekxaf67Ag # Tn/W/DFxsPJ2ICITGhyERZ0UGGb64BQSWGUelaMdsZUfHvDDHcCvE5qJK/wSgPOL # 9ouGvXqGoLksBd+0VU+BB+XJlPv29ugihoLdsWOledyLf8ZtjAyFEzENVUZzrrGI # KUuRyW+Vqsq6kPsOqOxpvHdjBuJ9vojm4TrJzqlogNAqdIwECpdspSO5UisqbgjU # cE5ZOq55o/qhggMmMIIDIgYJKoZIhvcNAQkGMYIDEzCCAw8CAQEwfTBpMQswCQYD # VQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lD # ZXJ0IFRydXN0ZWQgRzQgVGltZVN0YW1waW5nIFJTQTQwOTYgU0hBMjU2IDIwMjUg # Q0ExAhAKgO8YS43xBYLRxHanlXRoMA0GCWCGSAFlAwQCAQUAoGkwGAYJKoZIhvcN # AQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjYwNjEzMDA1NjM2WjAv # BgkqhkiG9w0BCQQxIgQgOxlUdcbsVV4ZXA8aKxTESCePjQ6ZqNK0sFfkVi1Fbscw # DQYJKoZIhvcNAQEBBQAEggIAhSLDxhfho91YDLLrzKTUkU0SoSG5ujz8yv59TpEC # wvMS+RpMP3Zdnb9QOBj060Geb9zkG8iN52F7AfVVdOTqAbY0xzJUcHWUF3sIamvr # 3lmiUGgL1vBellzGTe5k3ePn4Y2wR+J0QTdjbYQ5ykH9AOX/nqCans0eogAm3FU3 # TsdlZG5SZJ06DenjbuVFJPmZFMebqi25bTiDX0shjrQpZXY+nwLZxguz5Oa8iCe5 # SfqKwbTi1q+0tTH8IZ9JynVq8aBGeMuaMPEmptjHK3PbCtCCQQOuMausj/Rv62ga # vYil4PTuE0rnKnP7Hrijeoq1zxW/flDhCMDNXNuR6TWJ/SfQ5kZaaIkGh7mDVUEr # coDNmKZOdmiJ1K6IdF7AAz6ClYlikcuxlIecojv3zXXwg6tYCwTBA/Z7vQSglHgJ # /TmMyaj7xDwdMSUlqXs5HA17P40j9TdJ2z5c2B9On6BLm9jXxkfAk2WrkNhqwUQp # ron4FYvBTVaJTbegw03WwSyG+h7nSXAYqMml5w4Vg9ln01q/wIQP8y2J3pNLou+w # 6wYfRGApT7yj4+OmyBp3GsxtSCmQqh0qEwvIvA9TWAYHzzC5r0u2virWpc6VjBsc # +MXSoSkEi6Bi1cjNQo+GUqhZ5bH0uoPfQ80pQGAkTMluIvvZJxOYFqAjTYIf673J # G6o= # SIG # End signature block |