Framework/Abstracts/SVTBase.ps1
|
Set-StrictMode -Version Latest class SVTBase: AzSdkRoot { hidden [string] $ResourceId = "" [ResourceContext] $ResourceContext = $null; hidden [SVTConfig] $SVTConfig hidden [PSObject] $ControlSettings hidden [ControlStateExtension] $ControlStateExt; hidden [ControlState[]] $ResourceState; hidden [ControlItem[]] $ApplicableControls = $null; [string[]] $FilterTags = @(); [string[]] $ExcludeTags = @(); [string[]] $ControlIds = @(); [bool] $GenerateFixScript = $false; SVTBase([string] $subscriptionId, [SVTResource] $svtResource): Base($subscriptionId) { $this.CreateInstance($svtResource); } SVTBase([string] $subscriptionId): Base($subscriptionId) { $this.CreateInstance(); } SVTBase([string] $subscriptionId, [string] $resourceGroupName, [string] $resourceName): Base($subscriptionId) { $this.CreateInstance([SVTResource]@{ ResourceGroupName = $resourceGroupName; ResourceName = $resourceName; }); } hidden [void] CreateInstance() { [Helpers]::AbstractClass($this, [SVTBase]); $this.LoadSvtConfig([SVTMapping]::SubscriptionMapping.JsonFileName); #$this.ControlStateIndexer = [ControlStateManager]::ComputeControlStateIndexer(); #$this.ControlStates = $this.GetControlStates(); } hidden [void] CreateInstance([SVTResource] $svtResource) { [Helpers]::AbstractClass($this, [SVTBase]); if(-not $svtResource) { throw [System.ArgumentException] ("The argument 'svtResource' is null"); } if([string]::IsNullOrEmpty($svtResource.ResourceGroupName)) { throw [System.ArgumentException] ("The argument 'ResourceGroupName' is null or empty"); } if([string]::IsNullOrEmpty($svtResource.ResourceName)) { throw [System.ArgumentException] ("The argument 'ResourceName' is null or empty"); } if(-not $svtResource.ResourceTypeMapping) { $svtResource.ResourceTypeMapping = [SVTMapping]::Mapping | Where-Object { $_.ClassName -eq $this.GetType().Name } | Select-Object -First 1 } if (-not $svtResource.ResourceTypeMapping) { throw [System.ArgumentException] ("No ResourceTypeMapping found"); } if ([string]::IsNullOrEmpty($svtResource.ResourceTypeMapping.JsonFileName)) { throw [System.ArgumentException] ("Json file name is null or empty"); } $this.ResourceId = $svtResource.ResourceId; $this.LoadSvtConfig($svtResource.ResourceTypeMapping.JsonFileName); $this.ResourceContext = [ResourceContext]@{ ResourceGroupName = $svtResource.ResourceGroupName; ResourceName = $svtResource.ResourceName; ResourceType = $svtResource.ResourceTypeMapping.ResourceType; ResourceTypeName = $svtResource.ResourceTypeMapping.ResourceTypeName; }; $this.ResourceContext.ResourceId = $this.GetResourceId(); } hidden [void] LoadSvtConfig([string] $controlsJsonFileName) { $this.ControlSettings = $this.LoadServerConfigFile("ControlSettings.json"); if (-not $this.SVTConfig) { $this.SVTConfig = [ConfigurationManager]::GetSVTConfig($controlsJsonFileName); #Evaluate all code block in Description and Recommendation texts. #Can use '$this.ControlSettings.xyz' in text to fill dynamic settings. $this.SVTConfig.Controls | Foreach-Object { $_.Description = $global:ExecutionContext.InvokeCommand.ExpandString($_.Description) $_.Recommendation = $global:ExecutionContext.InvokeCommand.ExpandString($_.Recommendation) if(-not [string]::IsNullOrEmpty($_.MethodName)) { $_.MethodName = $_.MethodName.Trim(); } } } } hidden [string] GetResourceId() { if ([string]::IsNullOrEmpty($this.ResourceId)) { if($this.ResourceContext) { $resource = Get-AzureRmResource -ResourceName $this.ResourceContext.ResourceName -ResourceGroupName $this.ResourceContext.ResourceGroupName if($resource) { $this.ResourceId = $resource.ResourceId; } else { throw "Unable to find the Azure resource - [ResourceType: $($this.ResourceContext.ResourceType)] [ResourceGroupName: $($this.ResourceContext.ResourceGroupName)] [ResourceName: $($this.ResourceContext.ResourceName)]" } } else { $this.ResourceId = $this.SubscriptionContext.Scope; } } return $this.ResourceId; } [bool] ValidateMaintenanceState() { if ($this.SVTConfig.IsManintenanceMode) { $this.PublishCustomMessage(([ConfigurationManager]::GetAzSdkConfigData().MaintenanceMessage -f $this.SVTConfig.FeatureName), [MessageType]::Warning); } return $this.SVTConfig.IsManintenanceMode; } hidden [ControlResult] CreateControlResult([string] $childResourceName, [VerificationResult] $verificationResult) { [ControlResult] $control = [ControlResult]@{ VerificationResult = $verificationResult; }; if(-not [string]::IsNullOrEmpty($childResourceName)) { $control.ChildResourceName = $childResourceName; } return $control; } [ControlResult] CreateControlResult() { return $this.CreateControlResult("", [VerificationResult]::Manual); } hidden [ControlResult] CreateControlResult([FixControl] $fixControl) { $control = $this.CreateControlResult(); if($this.GenerateFixScript -and $fixControl -and $fixControl.Parameters -and ($fixControl.Parameters | Get-Member -MemberType Properties | Measure-Object).Count -ne 0) { $control.FixControlParameters = $fixControl.Parameters | Select-Object -Property *; } return $control; } [ControlResult] CreateControlResult([string] $childResourceName) { return $this.CreateControlResult($childResourceName, [VerificationResult]::Manual); } [ControlResult] CreateChildControlResult([string] $childResourceName, [ControlResult] $controlResult) { $control = $this.CreateControlResult($childResourceName, [VerificationResult]::Manual); if($controlResult.FixControlParameters -and ($controlResult.FixControlParameters | Get-Member -MemberType Properties | Measure-Object).Count -ne 0) { $control.FixControlParameters = $controlResult.FixControlParameters | Select-Object -Property *; } return $control; } hidden [SVTEventContext] CreateSVTEventContextObject() { return [SVTEventContext]@{ FeatureName = $this.SVTConfig.FeatureName; Metadata = [Metadata]@{ Reference = $this.SVTConfig.Reference; }; SubscriptionContext = $this.SubscriptionContext; ResourceContext = $this.ResourceContext; }; } hidden [SVTEventContext] CreateErrorEventContext([System.Management.Automation.ErrorRecord] $exception) { [SVTEventContext] $arg = $this.CreateSVTEventContextObject(); $arg.ExceptionMessage = $exception; return $arg; } hidden [void] ControlStarted([SVTEventContext] $arg) { $this.PublishEvent([SVTEvent]::ControlStarted, $arg); } hidden [void] ControlDisabled([SVTEventContext] $arg) { $this.PublishEvent([SVTEvent]::ControlDisabled, $arg); } hidden [void] ControlCompleted([SVTEventContext] $arg) { $this.PublishEvent([SVTEvent]::ControlCompleted, $arg); } hidden [void] ControlError([ControlItem] $controlItem, [System.Management.Automation.ErrorRecord] $exception) { $arg = $this.CreateErrorEventContext($exception); $arg.ControlItem = $controlItem; $this.PublishEvent([SVTEvent]::ControlError, $arg); } hidden [void] EvaluationCompleted([SVTEventContext[]] $arguments) { $this.PublishEvent([SVTEvent]::EvaluationCompleted, $arguments); } hidden [void] EvaluationStarted() { $this.PublishEvent([SVTEvent]::EvaluationStarted, $this.CreateSVTEventContextObject()); } hidden [void] EvaluationError([System.Management.Automation.ErrorRecord] $exception) { $this.PublishEvent([SVTEvent]::EvaluationError, $this.CreateErrorEventContext($exception)); } [SVTEventContext[]] EvaluateAllControls() { [SVTEventContext[]] $resourceSecurityResult = @(); if (-not $this.ValidateMaintenanceState()) { if($this.GetApplicableControls().Count -eq 0) { if($this.ResourceContext) { $this.PublishCustomMessage("No controls have been found to evaluate for Resource [$($this.ResourceContext.ResourceName)]", [MessageType]::Warning); } else { $this.PublishCustomMessage("No controls have been found to evaluate for Subscription", [MessageType]::Warning); } } else { $this.EvaluationStarted(); $resourceSecurityResult += $this.GetAutomatedSecurityStatus(); $resourceSecurityResult += $this.GetManualSecurityStatus(); $this.EvaluationCompleted($resourceSecurityResult); } } return $resourceSecurityResult; } [ControlItem[]] ApplyServiceFilters([ControlItem[]] $controls) { return $controls; } hidden [ControlItem[]] GetApplicableControls() { #Lazy load the list of the applicable controls if($null -eq $this.ApplicableControls) { $this.ApplicableControls = @(); $filterControlsById = @(); $filteredControls = @(); if($this.ControlIds.Count -ne 0) { $filterControlsById += $this.SVTConfig.Controls | Where-Object { $this.ControlIds -Contains $_.ControlId }; } else { $filterControlsById += $this.SVTConfig.Controls } if(($this.FilterTags | Measure-Object).Count -ne 0 -or ($this.ExcludeTags | Measure-Object).Count -ne 0) { $filterControlsById | ForEach-Object { Set-Variable -Name control -Value $_ -Scope Local Set-Variable -Name filterMatch -Value $false -Scope Local Set-Variable -Name excludeMatch -Value $false -Scope Local $control.Tags | ForEach-Object { Set-Variable -Name cTag -Value $_ -Scope Local if(($this.FilterTags | Measure-Object).Count -ne 0 ` -and ($this.FilterTags | Where-Object { $_ -like $cTag} | Measure-Object).Count -ne 0) { $filterMatch = $true } elseif(($this.FilterTags | Measure-Object).Count -eq 0) { $filterMatch = $true } if(($this.ExcludeTags | Measure-Object).Count -ne 0 ` -and ($this.ExcludeTags | Where-Object { $_ -like $cTag} | Measure-Object).Count -ne 0) { $excludeMatch = $true } } if(($filterMatch -and $excludeMatch -le 0) ` -or ($filterMatch -lt 0 -and $excludeMatch -le 0)) { $filteredControls += $control } } } else { $filteredControls += $filterControlsById; } $this.ApplicableControls += $this.ApplyServiceFilters($filteredControls); } return $this.ApplicableControls; } hidden [SVTEventContext[]] GetManualSecurityStatus() { [SVTEventContext[]] $manualControlsResult = @(); try { $this.GetApplicableControls() | Where-Object { $_.Automated -eq "No" } | ForEach-Object { $controlItem = $_; [SVTEventContext] $arg = $this.CreateSVTEventContextObject(); $arg.ControlItem = $controlItem; $arg.ControlResults += [ControlResult]@{ VerificationResult = [VerificationResult]::Manual; }; $this.ProcessStateData($arg); $manualControlsResult += $arg; } } catch { $this.EvaluationError($_); } return $manualControlsResult; } hidden [SVTEventContext[]] GetAutomatedSecurityStatus() { [SVTEventContext[]] $automatedControlsResult = @(); try { $this.GetApplicableControls() | Where-Object { $_.Automated -ne "No" -and (-not [string]::IsNullOrEmpty($_.MethodName)) } | ForEach-Object { $eventContext = $this.RunControl($_); if($eventContext) { $automatedControlsResult += $eventContext; } }; } catch { $this.EvaluationError($_); } return $automatedControlsResult; } hidden [SVTEventContext] RunControl([ControlItem] $controlItem) { [SVTEventContext] $singleControlResult = $this.CreateSVTEventContextObject(); $singleControlResult.ControlItem = $controlItem; $this.ControlStarted($singleControlResult); if($controlItem.Enabled -eq $false) { $this.ControlDisabled($singleControlResult); } else { $controlResult = $this.CreateControlResult($controlItem.FixControl); try { $methodName = $controlItem.MethodName; #$this.CurrentControlItem = $controlItem; $singleControlResult.ControlResults += $this.$methodName($controlResult); } catch { $controlResult.VerificationResult = [VerificationResult]::Error $controlResult.AddError($_); $singleControlResult.ControlResults += $controlResult; $this.ControlError($controlItem, $_); } $this.ProcessStateData($singleControlResult); } $this.ControlCompleted($singleControlResult); return $singleControlResult; } hidden [void] ProcessStateData([SVTEventContext] $eventContext) { $controlState = @(); if($this.GetResourceState().Count -ne 0) { $controlStateValue = $this.GetResourceState() | Where { $_.InternalId -eq $eventContext.ControlItem.Id }; if($null -ne $controlStateValue -and $this.IsStateActive($eventContext.ControlItem,$controlStateValue)) { $controlState += $controlStateValue ; } } $eventContext.ControlResults | ForEach-Object { try { $currentItem = $_; # Copy the current result to Actual Result field $currentItem.ActualVerificationResult = $currentItem.VerificationResult; # Disable the fix control feature if(-not $this.GenerateFixScript) { $currentItem.EnableFixControl = $false; } if($currentItem.StateManagement.CurrentStateData -and $currentItem.StateManagement.CurrentStateData.DataObject -and $eventContext.ControlItem.DataObjectProperties) { $currentItem.StateManagement.CurrentStateData.DataObject = [Helpers]::SelectMembers($currentItem.StateManagement.CurrentStateData.DataObject, $eventContext.ControlItem.DataObjectProperties); } if($controlState.Count -ne 0) { # Skip passed ones from State Management if($currentItem.VerificationResult -ne [VerificationResult]::Passed) { # Process the state if its available $childResourceState = $controlState | Where-Object { $_.ChildResourceName -eq $currentItem.ChildResourceName } | Select-Object -First 1; if($childResourceState -and ($childResourceState.ActualVerificationResult -eq $currentItem.ActualVerificationResult) -and $childResourceState.State) { $currentItem.StateManagement.AttestedStateData = $childResourceState.State; # Compare dataobject property of State if($null -ne $childResourceState.State.DataObject) { if($currentItem.StateManagement.CurrentStateData -and $null -ne $currentItem.StateManagement.CurrentStateData.DataObject) { $currentStateDataObject = [Helpers]::ConvertToJsonCustom($currentItem.StateManagement.CurrentStateData.DataObject) | ConvertFrom-Json if([Helpers]::CompareObject($childResourceState.State.DataObject, $currentStateDataObject, $true)) { # Objects match, change result based on attestation status $this.ModifyControlResult($currentItem, $childResourceState); } #else #{ # Drift in security state. Objects are not matching. No modification of result required #} } #else #{ # Drift in security state. Control State found but no dataobject is passed in current execution #} } else { if($currentItem.StateManagement.CurrentStateData) { if($null -eq $currentItem.StateManagement.CurrentStateData.DataObject) { # No object is persisted, change result based on attestation status $this.ModifyControlResult($currentItem, $childResourceState); } } else { # No object is persisted, change result based on attestation status $this.ModifyControlResult($currentItem, $childResourceState); } } } #else #{ # No state object found which matches the verification result. Ignore the state. No modification of result required #} } #else #{ # Ignore State for passed ones. No modification of result required #} } } catch { $this.EvaluationError($_); } }; } # State Machine implementation of modifying verification result hidden [void] ModifyControlResult([ControlResult] $controlResult, [ControlState] $controlState) { # No action required if Attestation status is None OR verification result is Passed if($controlState.AttestationStatus -ne [AttestationStatus]::None -or $controlResult.VerificationResult -ne [VerificationResult]::Passed) { $controlResult.AttestationStatus = $controlState.AttestationStatus; $controlResult.VerificationResult = [Helpers]::EvaluateVerificationResult($controlResult.VerificationResult, $controlState.AttestationStatus); } } hidden [ControlState[]] GetResourceState() { if($null -eq $this.ResourceState) { $this.ResourceState = @(); if($this.ControlStateExt) { $this.ResourceState += $this.ControlStateExt.GetControlState($this.GetResourceId()); } } return $this.ResourceState; } #Function to validate attestation data expiry validation hidden [bool] IsStateActive([ControlItem] $controlItem,[ControlState] $controlState) { try { #Get controls expiry period. Default value is zero $controlAttestationExpiry = $controlItem.AttestationExpiryPeriodInDays $controlSeverity = $controlItem.ControlSeverity $controlSeverityExpiryPeriod = 0 $numberOfDayToAdd =0; #Check if control severity expiry is not default value zero if($controlAttestationExpiry -ne 0) { $numberOfDayToAdd = $controlAttestationExpiry } elseif([Helpers]::CheckMember($this.ControlSettings,"AttestationExpiryPeriodInDays")) { #Check if control severity has expiry period if([Helpers]::CheckMember($this.ControlSettings.AttestationExpiryPeriodInDays.ControlSeverity,$controlSeverity) ) { $numberOfDayToAdd = $this.ControlSettings.AttestationExpiryPeriodInDays.ControlSeverity.$controlSeverity } #If control item and severity does not contain expiry period, assign default value else { $numberOfDayToAdd = $this.ControlSettings.AttestationExpiryPeriodInDays.Default } } #Return true when expiry period is not defined else{ return $true } #Validate if expiry period is passed if($numberOfDayToAdd -ne 0 -and $controlState.State.AttestedDate.AddDays($numberOfDayToAdd) -lt [DateTime]::UtcNow) { return $false } else { return $true } } catch{ #if any exception occurs while getting/validating expiry period, return true. $this.PublishCustomMessage("Not able to fetch control state expiry",$_); return $true } } hidden [ControlResult] CheckDiagnosticsSettings([ControlResult] $controlResult) { $diagnostics = Get-AzureRmDiagnosticSetting -ResourceId $this.GetResourceId() if($diagnostics -and ($diagnostics.Logs | Measure-Object).Count -ne 0) { $nonCompliantLogs = $diagnostics.Logs | Where-Object { -not ($_.Enabled -and ($_.RetentionPolicy.Days -eq $this.ControlSettings.Diagnostics_RetentionPeriod_Forever -or $_.RetentionPolicy.Days -eq $this.ControlSettings.Diagnostics_RetentionPeriod_Min))}; $selectedDiagnosticsProps = $diagnostics | Select-Object -Property Logs, Metrics, StorageAccountId, ServiceBusRuleId, Name; if(($nonCompliantLogs | Measure-Object).Count -eq 0) { $controlResult.AddMessage([VerificationResult]::Passed, "Diagnostics settings are correctly configured for resource - [$($this.ResourceContext.ResourceName)]", $selectedDiagnosticsProps); } else { $controlResult.AddMessage([VerificationResult]::Failed, "Diagnostics settings are either disabled OR not retaining logs for at least $($this.ControlSettings.Diagnostics_RetentionPeriod_Min) days for resource - [$($this.ResourceContext.ResourceName)]", $selectedDiagnosticsProps); } } else { $controlResult.AddMessage("Not able to fetch diagnostics settings. Please validate diagnostics settings manually for resource - [$($this.ResourceContext.ResourceName)]."); } return $controlResult; } hidden [ControlResult] CheckRBACAccess([ControlResult] $controlResult) { $accessList = [RoleAssignmentHelper]::GetAzSDKRoleAssignmentByScope($this.GetResourceId(), $false, $true); $resourceAccessList = $accessList | Where-Object { $_.Scope -eq $this.GetResourceId() }; $controlResult.VerificationResult = [VerificationResult]::Verify; if(($resourceAccessList | Measure-Object).Count -ne 0) { $controlResult.SetStateData("Identities having RBAC access at resource level", ($resourceAccessList | Select-Object -Property ObjectId,RoleDefinitionId,RoleDefinitionName,Scope)); $controlResult.AddMessage("Validate that the following identities have explicitly provided with RBAC access to resource - [$($this.ResourceContext.ResourceName)]"); $controlResult.AddMessage([MessageData]::new($this.CreateRBACCountMessage($resourceAccessList), $resourceAccessList)); } else { $controlResult.AddMessage("No identities have been explicitly provided with RBAC access to resource - [$($this.ResourceContext.ResourceName)]"); } $inheritedAccessList = $accessList | Where-Object { $_.Scope -ne $this.GetResourceId() }; if(($inheritedAccessList | Measure-Object).Count -ne 0) { $controlResult.AddMessage("Note: " + $this.CreateRBACCountMessage($inheritedAccessList) + " have inherited RBAC access to resource. It's good practice to keep the RBAC access to minimum."); } else { $controlResult.AddMessage("No identities have inherited RBAC access to resource"); } return $controlResult; } hidden [string] CreateRBACCountMessage([array] $resourceAccessList) { $nonNullObjectTypes = $resourceAccessList | Where-Object { -not [string]::IsNullOrEmpty($_.ObjectType) }; if(($nonNullObjectTypes | Measure-Object).Count -eq 0) { return "$($resourceAccessList.Count) identities"; } else { $countBreakupString = [string]::Join(", ", ($nonNullObjectTypes | Group-Object -Property ObjectType -NoElement | ForEach-Object { "$($_.Name): $($_.Count)" } )); return "$($resourceAccessList.Count) identities ($countBreakupString)"; } } hidden [bool] CheckMetricAlertConfiguration([PSObject[]] $metricSettings, [ControlResult] $controlResult, [string] $extendedResourceName) { $result = $false; if($metricSettings -and $metricSettings.Count -ne 0) { $resId = $this.GetResourceId() + $extendedResourceName; $resIdMessageString = ""; if(-not [string]::IsNullOrWhiteSpace($extendedResourceName)) { $resIdMessageString = "for nested resource [$extendedResourceName]"; } $resourceAlerts = (Get-AzureRmAlertRule -ResourceGroup $this.ResourceContext.ResourceGroupName -DetailedOutput -WarningAction SilentlyContinue) | Where-Object { $_.Properties -and $_.Properties.Condition -and $_.Properties.Condition.DataSource } | Where-Object { $_.Properties.Condition.DataSource.ResourceUri -eq $resId }; $nonConfiguredMetrices = @(); $misConfiguredMetrices = @(); $metricSettings | ForEach-Object { $currentMetric = $_; $matchedMetrices = @(); $matchedMetrices += $resourceAlerts | Where-Object { $_.Properties.Condition.DataSource.MetricName -eq $currentMetric.Condition.DataSource.MetricName } if($matchedMetrices.Count -eq 0) { $nonConfiguredMetrices += $currentMetric; } else { $misConfigured = @(); $misConfigured += $matchedMetrices | Where-Object { -not [Helpers]::CompareObject($currentMetric, $_.Properties) }; if($misConfigured.Count -eq $matchedMetrices.Count) { $misConfiguredMetrices += $misConfigured; } } } $controlResult.AddMessage("Following metric alerts must be configured $resIdMessageString with settings mentioned below:", $metricSettings); $controlResult.VerificationResult = [VerificationResult]::Failed; if($nonConfiguredMetrices.Count -ne 0) { $controlResult.AddMessage("Following metric alerts are not configured $($resIdMessageString):", $nonConfiguredMetrices); } if($misConfiguredMetrices.Count -ne 0) { $controlResult.AddMessage("Following metric alerts are not correctly configured $resIdMessageString. Please update the metric settings in order to comply.", $misConfiguredMetrices); } if($nonConfiguredMetrices.Count -eq 0 -and $misConfiguredMetrices.Count -eq 0) { $result = $true; $controlResult.AddMessage([VerificationResult]::Passed , "All mandatory metric alerts are correctly configured $resIdMessageString."); } } else { throw [System.ArgumentException] ("The argument 'metricSettings' is null or empty"); } return $result; } hidden AddResourceMetadata([PSObject] $metadataObj) { [hashtable] $resourceMetadata = New-Object -TypeName Hashtable; $metadataObj.psobject.properties | foreach { $resourceMetadata.Add($_.name, $_.value) } $this.ResourceContext.ResourceMetadata = $resourceMetadata } } # SIG # Begin signature block # MIIj/wYJKoZIhvcNAQcCoIIj8DCCI+wCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAkQ7iPsGMfeCwp # V+mxqHEvhb0GjcSlRRA7h/g7V0HPJ6CCDZMwggYRMIID+aADAgECAhMzAAAAjoeR # pFcaX8o+AAAAAACOMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMTYxMTE3MjIwOTIxWhcNMTgwMjE3MjIwOTIxWjCBgzEL # MAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1v # bmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjENMAsGA1UECxMETU9Q # UjEeMBwGA1UEAxMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMIIBIjANBgkqhkiG9w0B # AQEFAAOCAQ8AMIIBCgKCAQEA0IfUQit+ndnGetSiw+MVktJTnZUXyVI2+lS/qxCv # 6cnnzCZTw8Jzv23WAOUA3OlqZzQw9hYXtAGllXyLuaQs5os7efYjDHmP81LfQAEc # wsYDnetZz3Pp2HE5m/DOJVkt0slbCu9+1jIOXXQSBOyeBFOmawJn+E1Zi3fgKyHg # 78CkRRLPA3sDxjnD1CLcVVx3Qv+csuVVZ2i6LXZqf2ZTR9VHCsw43o17lxl9gtAm # +KWO5aHwXmQQ5PnrJ8by4AjQDfJnwNjyL/uJ2hX5rg8+AJcH0Qs+cNR3q3J4QZgH # uBfMorFf7L3zUGej15Tw0otVj1OmlZPmsmbPyTdo5GPHzwIDAQABo4IBgDCCAXww # HwYDVR0lBBgwFgYKKwYBBAGCN0wIAQYIKwYBBQUHAwMwHQYDVR0OBBYEFKvI1u2y # FdKqjvHM7Ww490VK0Iq7MFIGA1UdEQRLMEmkRzBFMQ0wCwYDVQQLEwRNT1BSMTQw # MgYDVQQFEysyMzAwMTIrYjA1MGM2ZTctNzY0MS00NDFmLWJjNGEtNDM0ODFlNDE1 # ZDA4MB8GA1UdIwQYMBaAFEhuZOVQBdOCqhc3NyK1bajKdQKVMFQGA1UdHwRNMEsw # SaBHoEWGQ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY0Nv # ZFNpZ1BDQTIwMTFfMjAxMS0wNy0wOC5jcmwwYQYIKwYBBQUHAQEEVTBTMFEGCCsG # AQUFBzAChkVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01p # Y0NvZFNpZ1BDQTIwMTFfMjAxMS0wNy0wOC5jcnQwDAYDVR0TAQH/BAIwADANBgkq # hkiG9w0BAQsFAAOCAgEARIkCrGlT88S2u9SMYFPnymyoSWlmvqWaQZk62J3SVwJR # avq/m5bbpiZ9CVbo3O0ldXqlR1KoHksWU/PuD5rDBJUpwYKEpFYx/KCKkZW1v1rO # qQEfZEah5srx13R7v5IIUV58MwJeUTub5dguXwJMCZwaQ9px7eTZ56LadCwXreUM # tRj1VAnUvhxzzSB7pPrI29jbOq76kMWjvZVlrkYtVylY1pLwbNpj8Y8zon44dl7d # 8zXtrJo7YoHQThl8SHywC484zC281TllqZXBA+KSybmr0lcKqtxSCy5WJ6PimJdX # jrypWW4kko6C4glzgtk1g8yff9EEjoi44pqDWLDUmuYx+pRHjn2m4k5589jTajMW # UHDxQruYCen/zJVVWwi/klKoCMTx6PH/QNf5mjad/bqQhdJVPlCtRh/vJQy4njpI # BGPveJiiXQMNAtjcIKvmVrXe7xZmw9dVgh5PgnjJnlQaEGC3F6tAE5GusBnBmjOd # 7jJyzWXMT0aYLQ9RYB58+/7b6Ad5B/ehMzj+CZrbj3u2Or2FhrjMvH0BMLd7Hald # G73MTRf3bkcz1UDfasouUbi1uc/DBNM75ePpEIzrp7repC4zaikvFErqHsEiODUF # he/CBAANa8HYlhRIFa9+UrC4YMRStUqCt4UqAEkqJoMnWkHevdVmSbwLnHhwCbww # ggd6MIIFYqADAgECAgphDpDSAAAAAAADMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYD # VQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEe # MBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3Nv # ZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxMTAeFw0xMTA3MDgyMDU5 # MDlaFw0yNjA3MDgyMTA5MDlaMH4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNo # aW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29y # cG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIw # MTEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCr8PpyEBwurdhuqoIQ # TTS68rZYIZ9CGypr6VpQqrgGOBoESbp/wwwe3TdrxhLYC/A4wpkGsMg51QEUMULT # iQ15ZId+lGAkbK+eSZzpaF7S35tTsgosw6/ZqSuuegmv15ZZymAaBelmdugyUiYS # L+erCFDPs0S3XdjELgN1q2jzy23zOlyhFvRGuuA4ZKxuZDV4pqBjDy3TQJP4494H # DdVceaVJKecNvqATd76UPe/74ytaEB9NViiienLgEjq3SV7Y7e1DkYPZe7J7hhvZ # PrGMXeiJT4Qa8qEvWeSQOy2uM1jFtz7+MtOzAz2xsq+SOH7SnYAs9U5WkSE1JcM5 # bmR/U7qcD60ZI4TL9LoDho33X/DQUr+MlIe8wCF0JV8YKLbMJyg4JZg5SjbPfLGS # rhwjp6lm7GEfauEoSZ1fiOIlXdMhSz5SxLVXPyQD8NF6Wy/VI+NwXQ9RRnez+ADh # vKwCgl/bwBWzvRvUVUvnOaEP6SNJvBi4RHxF5MHDcnrgcuck379GmcXvwhxX24ON # 7E1JMKerjt/sW5+v/N2wZuLBl4F77dbtS+dJKacTKKanfWeA5opieF+yL4TXV5xc # v3coKPHtbcMojyyPQDdPweGFRInECUzF1KVDL3SV9274eCBYLBNdYJWaPk8zhNqw # iBfenk70lrC8RqBsmNLg1oiMCwIDAQABo4IB7TCCAekwEAYJKwYBBAGCNxUBBAMC # AQAwHQYDVR0OBBYEFEhuZOVQBdOCqhc3NyK1bajKdQKVMBkGCSsGAQQBgjcUAgQM # HgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1Ud # IwQYMBaAFHItOgIxkEO5FAVO4eqnxzHRI4k0MFoGA1UdHwRTMFEwT6BNoEuGSWh0 # dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY1Jvb0Nl # ckF1dDIwMTFfMjAxMV8wM18yMi5jcmwwXgYIKwYBBQUHAQEEUjBQME4GCCsGAQUF # BzAChkJodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0Nl # ckF1dDIwMTFfMjAxMV8wM18yMi5jcnQwgZ8GA1UdIASBlzCBlDCBkQYJKwYBBAGC # Ny4DMIGDMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtp # b3BzL2RvY3MvcHJpbWFyeWNwcy5odG0wQAYIKwYBBQUHAgIwNB4yIB0ATABlAGcA # YQBsAF8AcABvAGwAaQBjAHkAXwBzAHQAYQB0AGUAbQBlAG4AdAAuIB0wDQYJKoZI # hvcNAQELBQADggIBAGfyhqWY4FR5Gi7T2HRnIpsLlhHhY5KZQpZ90nkMkMFlXy4s # PvjDctFtg/6+P+gKyju/R6mj82nbY78iNaWXXWWEkH2LRlBV2AySfNIaSxzzPEKL # UtCw/WvjPgcuKZvmPRul1LUdd5Q54ulkyUQ9eHoj8xN9ppB0g430yyYCRirCihC7 # pKkFDJvtaPpoLpWgKj8qa1hJYx8JaW5amJbkg/TAj/NGK978O9C9Ne9uJa7lryft # 0N3zDq+ZKJeYTQ49C/IIidYfwzIY4vDFLc5bnrRJOQrGCsLGra7lstnbFYhRRVg4 # MnEnGn+x9Cf43iw6IGmYslmJaG5vp7d0w0AFBqYBKig+gj8TTWYLwLNN9eGPfxxv # FX1Fp3blQCplo8NdUmKGwx1jNpeG39rz+PIWoZon4c2ll9DuXWNB41sHnIc+BncG # 0QaxdR8UvmFhtfDcxhsEvt9Bxw4o7t5lL+yX9qFcltgA1qFGvVnzl6UJS0gQmYAf # 0AApxbGbpT9Fdx41xtKiop96eiL6SJUfq/tHI4D1nvi/a7dLl+LrdXga7Oo3mXkY # S//WsyNodeav+vyL6wuA6mk7r/ww7QRMjt/fdW1jkT3RnVZOT7+AVyKheBEyIXrv # QQqxP/uozKRdwaGIm1dxVk5IRcBCyZt2WwqASGv9eZ/BvW1taslScxMNelDNMYIV # wjCCFb4CAQEwgZUwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEoMCYGA1UEAxMfTWljcm9zb2Z0IENvZGUgU2lnbmluZyBQQ0EgMjAxMQITMwAA # AI6HkaRXGl/KPgAAAAAAjjANBglghkgBZQMEAgEFAKCBsDAZBgkqhkiG9w0BCQMx # DAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkq # hkiG9w0BCQQxIgQgtgAgJi/HyO+3KdwH2XnkU+XzDCilOSpqX2UI6pETYUYwRAYK # KwYBBAGCNwIBDDE2MDSgEoAQAEEAegBTAEQASwAyADUAMqEegBxodHRwczovL2Fr # YS5tcy9henNka29zc2RvY3MgMA0GCSqGSIb3DQEBAQUABIIBABB7ZR+m65PR6tCN # 3Y96G1ByiprRRaq9mjoVbMsnL1UuPYdOUqk6wWMioV3XqprXwPtgbDiidMjAyVRD # UVGKWdczwKg77dHkFEXq0UXpUqR64qqBy7DwZ7XsrneG1XOVzfux+6nGWBZDkZVM # wsXN87mEi4qyHFjt6LGUeUxNUfji/DtvuafgqdIWnsyog7NQVfx8S4A3x0QkvPpU # 0KiR7aZXjW0dWxye7+ow6sxcEgri6j0RDDtizdM02Bd+1XdE4DKvGuKT5InCRUs0 # pKL2PIOQoTsJdWTUak3N+Syff8Gd9niZu4TQl3jJD06w5CkEVd8X/SQZG5TZprlt # ZhnU0nuhghNKMIITRgYKKwYBBAGCNwMDATGCEzYwghMyBgkqhkiG9w0BBwKgghMj # MIITHwIBAzEPMA0GCWCGSAFlAwQCAQUAMIIBOgYLKoZIhvcNAQkQAQSgggEpBIIB # JTCCASECAQEGCisGAQQBhFkKAwEwMTANBglghkgBZQMEAgEFAAQgcl4Wa0Qbs43v # BQM1FyFSpZuowpNbNgIk8RNq/9iUfvkCBlmSITMWLRgTMjAxNzA5MDUwOTM2MzUu # ODYzWjAEgAIB9KCBuaSBtjCBszELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp # bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw # b3JhdGlvbjENMAsGA1UECxMETU9QUjEnMCUGA1UECxMebkNpcGhlciBEU0UgRVNO # OjE0OEMtQzRCOS0yMDY2MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBT # ZXJ2aWNloIIO0DCCBnEwggRZoAMCAQICCmEJgSoAAAAAAAIwDQYJKoZIhvcNAQEL # BQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH # EwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xMjAwBgNV # BAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDEwMB4X # DTEwMDcwMTIxMzY1NVoXDTI1MDcwMTIxNDY1NVowfDELMAkGA1UEBhMCVVMxEzAR # BgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1p # Y3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3Rh # bXAgUENBIDIwMTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpHQ28 # dxGKOiDs/BOX9fp/aZRrdFQQ1aUKAIKF++18aEssX8XD5WHCdrc+Zitb8BVTJwQx # H0EbGpUdzgkTjnxhMFmxMEQP8WCIhFRDDNdNuDgIs0Ldk6zWczBXJoKjRQ3Q6vVH # gc2/JGAyWGBG8lhHhjKEHnRhZ5FfgVSxz5NMksHEpl3RYRNuKMYa+YaAu99h/EbB # Jx0kZxJyGiGKr0tkiVBisV39dx898Fd1rL2KQk1AUdEPnAY+Z3/1ZsADlkR+79BL # /W7lmsqxqPJ6Kgox8NpOBpG2iAg16HgcsOmZzTznL0S6p/TcZL2kAcEgCZN4zfy8 # wMlEXV4WnAEFTyJNAgMBAAGjggHmMIIB4jAQBgkrBgEEAYI3FQEEAwIBADAdBgNV # HQ4EFgQU1WM6XIoxkPNDe3xGG8UzaFqFbVUwGQYJKwYBBAGCNxQCBAweCgBTAHUA # YgBDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU # 1fZWy4/oolxiaNE9lJBb186aGMQwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2Ny # bC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIw # MTAtMDYtMjMuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0w # Ni0yMy5jcnQwgaAGA1UdIAEB/wSBlTCBkjCBjwYJKwYBBAGCNy4DMIGBMD0GCCsG # AQUFBwIBFjFodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vUEtJL2RvY3MvQ1BTL2Rl # ZmF1bHQuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAFAAbwBsAGkA # YwB5AF8AUwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQAH # 5ohRDeLG4Jg/gXEDPZ2joSFvs+umzPUxvs8F4qn++ldtGTCzwsVmyWrf9efweL3H # qJ4l4/m87WtUVwgrUYJEEvu5U4zM9GASinbMQEBBm9xcF/9c+V4XNZgkVkt070IQ # yK+/f8Z/8jd9Wj8c8pl5SpFSAK84Dxf1L3mBZdmptWvkx872ynoAb0swRCQiPM/t # A6WWj1kpvLb9BOFwnzJKJ/1Vry/+tuWOM7tiX5rbV0Dp8c6ZZpCM/2pif93FSguR # JuI57BlKcWOdeyFtw5yjojz6f32WapB4pm3S4Zz5Hfw42JT0xqUKloakvZ4argRC # g7i1gJsiOCC1JeVk7Pf0v35jWSUPei45V3aicaoGig+JFrphpxHLmtgOR5qAxdDN # p9DvfYPw4TtxCd9ddJgiCGHasFAeb73x4QDf5zEHpJM692VHeOj4qEir995yfmFr # b3epgcunCaw5u+zGy9iCtHLNHfS4hQEegPsbiSpUObJb2sgNVZl6h3M7COaYLeqN # 4DMuEin1wC9UJyH3yKxO2ii4sanblrKnQqLJzxlBTeCG+SqaoxFmMNO7dDJL32N7 # 9ZmKLxvHIa9Zta7cRDyXUHHXodLFVeNp3lfB0d4wwP3M5k37Db9dT+mdHhk4L7zP # WAUu7w2gUDXa7wknHNWzfjUeCLraNtvTX4/edIhJEjCCBNowggPCoAMCAQICEzMA # AAC0Qzoc/ra6UokAAAAAALQwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMx # EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoT # FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUt # U3RhbXAgUENBIDIwMTAwHhcNMTYwOTA3MTc1NjU4WhcNMTgwOTA3MTc1NjU4WjCB # szELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl # ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjENMAsGA1UECxME # TU9QUjEnMCUGA1UECxMebkNpcGhlciBEU0UgRVNOOjE0OEMtQzRCOS0yMDY2MSUw # IwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNlMIIBIjANBgkqhkiG # 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4IFPu7XRMDo/gwC3zFaf95usurNdZBEegtZ6 # 1+4g+7PRCAFjl1enwuJMVqi1V9ugxt+z0RixHn6RrBkZUW1z/p4tbSRCIMTI70Zp # 0G8cTGFqlDMPlD7bom8lKr8Z0s4DOlIVgEVlG/3Ptf83smhmmWWt7v++gU1Dngt4 # CdYqjz2KtAcz2bBQJFHvf/Uk1BUMj3YY2Fa8tW2jKXTYdQdIQBmOZhiRAgJwG0Hb # +SehGXXGlqj6QS+7esU0pjCgl5PHGmwAWoK2jABnksvMTdJsqePEXnkLAZWuqKS5 # Iv75RV4/fRkbYZw3dNmjUcXuSNlUMxSDX7LnD3uwH8mXvpmFcQIDAQABo4IBGzCC # ARcwHQYDVR0OBBYEFAyTq0XUbAt3L/MrV/PpJMSHB/RfMB8GA1UdIwQYMBaAFNVj # OlyKMZDzQ3t8RhvFM2hahW1VMFYGA1UdHwRPME0wS6BJoEeGRWh0dHA6Ly9jcmwu # bWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY1RpbVN0YVBDQV8yMDEw # LTA3LTAxLmNybDBaBggrBgEFBQcBAQROMEwwSgYIKwYBBQUHMAKGPmh0dHA6Ly93 # d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljVGltU3RhUENBXzIwMTAtMDct # MDEuY3J0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwgwDQYJKoZI # hvcNAQELBQADggEBAAK1YVugp9JqrCYvtsI0o3T7qHuQsYItqIkSXaT2ggtZPSfn # eh15LPjLcs9Ha+9v3uuSbe6v+16hkYR4419Re8SXMeBQje26mfeIKr9RauIj5DdH # 3WbixYUI7P51cet6bUmJJSEdnY4W5Fik5qiVtZu0k6GKLLicITq8AVEfmOCf8+3q # UMy7N4QpavAibKVPrhMReWZkcCejDPq03ky7UH7En3/pgVEE3q4UX+YODBCBukas # O2IS57XRCjDw0yns+tNwMW4KeiRRwiLmDiK3Q1GqU1Ui9SS159N1eCmhOltpCuCt # fJnPn7SSKAd+qnDEMoZbSg7YRLb1PmcfecPyK1OhggN5MIICYQIBATCB46GBuaSB # tjCBszELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT # B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjENMAsGA1UE # CxMETU9QUjEnMCUGA1UECxMebkNpcGhlciBEU0UgRVNOOjE0OEMtQzRCOS0yMDY2 # MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiUKAQEwCQYF # Kw4DAhoFAAMVAAfAlZeuLk5uydN19tmJUZiLIG06oIHCMIG/pIG8MIG5MQswCQYD # VQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEe # MBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMQ0wCwYDVQQLEwRNT1BSMScw # JQYDVQQLEx5uQ2lwaGVyIE5UUyBFU046NERFOS0wQzVFLTNFMDkxKzApBgNVBAMT # Ik1pY3Jvc29mdCBUaW1lIFNvdXJjZSBNYXN0ZXIgQ2xvY2swDQYJKoZIhvcNAQEF # BQACBQDdWK0EMCIYDzIwMTcwOTA1MDQ1NjM2WhgPMjAxNzA5MDYwNDU2MzZaMHcw # PQYKKwYBBAGEWQoEATEvMC0wCgIFAN1YrQQCAQAwCgIBAAICBzoCAf8wBwIBAAIC # HBgwCgIFAN1Z/oQCAQAwNgYKKwYBBAGEWQoEAjEoMCYwDAYKKwYBBAGEWQoDAaAK # MAgCAQACAwehIKEKMAgCAQACAwehIDANBgkqhkiG9w0BAQUFAAOCAQEALwY679N2 # 1lyYyv02M9hqGtWKqwzo5L9jFJwzVISPiB11A44qmS2N0VG0NjLrpoSYeVBQcopx # 8q6MpEScwoBLY9jn5KBEjTfWxOyMEXoVPP01zMJ1PqXqVDNQeeHrwtBi5ewEB+sH # vFeniiQLLavuRZOLLi+MJ7SI2aIifcxk2gzSyzj0NwWpFUZH8uKBhWN9qXM0IJoj # PSw8YeJqcjaHA8M2lWiDzoLFuhvoppkXU5jQA+i7PpjSU7GR9c125iaw9G+yScBB # /WVbMAbhm29cYwNG4AJ0cWhJP9T+cdJdFqav9Of91V7wy2ExAM5+hTyO9oB+8rjk # pi8eGCYOTwO5wjGCAvUwggLxAgEBMIGTMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQI # EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv # ZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBD # QSAyMDEwAhMzAAAAtEM6HP62ulKJAAAAAAC0MA0GCWCGSAFlAwQCAQUAoIIBMjAa # BgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcNAQkEMSIEIJ8ONxLW # G/7SBkkadNAYZFzR/oud2BPe/dF2gNAwx9ESMIHiBgsqhkiG9w0BCRACDDGB0jCB # zzCBzDCBsQQUB8CVl64uTm7J03X22YlRmIsgbTowgZgwgYCkfjB8MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQg # VGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAALRDOhz+trpSiQAAAAAAtDAWBBRvckTu # xLqEMp+p73tMOlL/8PMB4DANBgkqhkiG9w0BAQsFAASCAQDMVmVFkafogH9Idqjf # mFV8cRCbfLm4/+/sg8rfl5gKVg0IsTPHQNGrEIJKUhQBfE0utA9yGDy24//ei7Ox # 1s9elTpRLy/WnqawI1s71/XPJ2aM2wRwlj26UsQd1pWjBvyUdYyaWeV1L+VHUmHX # e4AYlKfRH/ZN4W5azeOkEhobdqvrqEM7R7maXQ6J1DFWmYV8+N4lsAksrjauTAnZ # XYPOt7PM4HZ0Ja6ePWC8k/gZmwzRMlvzUGhb4pWkuYc5gjhDsFBjcFmCFO8+I2Cf # 4xenysW5spvfZx37BUE1252+SrhH4oE5DIZ4tX8fAK9WqsvqA3BHwtOROoJF3g0o # PTc+ # SIG # End signature block |