Function.psm1
|
function Get-RootOrganizationalUnits { param ( [Parameter(Mandatory)] [string]$DomainDN ) $searcher = New-Object DirectoryServices.DirectorySearcher $searcher.Filter = "(objectClass=organizationalUnit)" $searcher.SearchScope = "OneLevel" $searcher.SearchRoot = "LDAP://$DomainDN" try { return $searcher.FindAll() } catch { throw "Error searching for root OUs for '$DomainDN' : $($_.Exception.Message)" return @() } } function Get-LapsGuids { $rootDSE = [ADSI]"LDAP://RootDSE" $schemaNC = $rootDSE.schemaNamingContext $attributes = @('ms-Mcs-AdmPwd') #, 'ms-Mcs-AdmPwdExpirationTime') $lapsGuids = @{} foreach ($attr in $attributes) { $searcher = New-Object DirectoryServices.DirectorySearcher $searcher.SearchRoot = "LDAP://$schemaNC" $searcher.Filter = "(lDAPDisplayName=$attr)" $searcher.PropertiesToLoad.Add("schemaIDGUID") | Out-Null $result = $searcher.FindOne() if ($result -and $result.Properties["schemaIDGUID"]) { $guid = New-Object Guid (,$result.Properties["schemaIDGUID"][0]) $lapsGuids[$guid.Guid] = $attr } else { throw "schemaIDGUID not found for $attr" } } return [hashtable]$lapsGuids } function Get-LAPSDelegations { param( [Parameter(Mandatory)] [array]$RootOUs, [Parameter(Mandatory)] [hashtable]$LapsGuids ) $OUDelegationsMap = @{} $OUDelegationsReport = @() $IgnoredSIDs = @( 'S-1-5-18', # Local System 'S-1-5-11', # Authenticated Users 'S-1-5-32-544',# Administrators (builtin) 'S-1-5-32-545',# Users (builtin) 'S-1-5-32-554',# Pre-Windows 2000 Compatible Access 'S-1-5-32-548',# Account Operators 'S-1-5-32-560',# Windows Authorization Access Group 'S-1-5-32-551',# Backup Operators 'S-1-5-32-552',# Replicators 'S-1-5-32-549',# Server Operators 'S-1-5-32-550',# Print Operators 'S-1-5-32-559',# Performance Log Users 'S-1-5-32-561',# Terminal Server License Servers 'S-1-1-0', # Everyone 'S-1-5-9', # Enterprise Domain Controllers 'S-1-5-10', # Principal Self 'S-1-5-6' # Service ) $domainSID = ([System.Security.Principal.WindowsIdentity]::GetCurrent()).User.AccountDomainSid.Value $DomainAdminsSID = "$domainSID-512" $EnterpriseAdminsSID = "$domainSID-519" $SchemaAdminsSID = "$domainSID-518" $IgnoredSIDs += @($DomainAdminsSID, $EnterpriseAdminsSID, $SchemaAdminsSID) foreach ($ou in $RootOUs) { $ouDN = [string]$ou.Properties.distinguishedname[0] $lapsReaders = @() try { $entry = [ADSI]"LDAP://$ouDN" $acl = $entry.psbase.ObjectSecurity } catch { Write-Warning "canot read ACL on OU : $ouDN" $OUDelegationsMap[$ouDN] = @() $OUDelegationsReport += [PSCustomObject]@{ OU = $ouDN Account = '[NA]' Attribut = '' Permission = '' } continue } foreach ($guid in $LapsGuids.Keys) { $ace = $acl.Access | Where-Object { $_.AccessControlType -eq 'Allow' -and $_.IsInherited -eq $false -and ( # Case 1: ACE explicitly targeting the LAPS attribute ($_.ObjectType.Guid -eq $guid -and $_.ActiveDirectoryRights -match 'ReadProperty|ExtendedRight|ControlAccess|WriteProperty') -or # Case 2: Global ACE (no ObjectType specified) ($_.ObjectType.Guid -eq [guid]::Empty -and $_.ActiveDirectoryRights -match 'GenericAll|ExtendedRight') ) } foreach ($entry in $ace) { try { $sid = $entry.IdentityReference.Translate([System.Security.Principal.SecurityIdentifier]) } catch { $sid = $entry.IdentityReference.Value } if ($IgnoredSIDs -contains $sid.Value) { continue } # if not find, try to convert sid to samaccountname try { $account = $sid.Translate([System.Security.Principal.NTAccount]).Value } catch { $account = $sid.Value } $lapsReaders += [PSCustomObject]@{ Account = $entry.IdentityReference.Value Attribut = $LapsGuids[$guid] Permission = ($entry.ActiveDirectoryRights -join ', ') } } } if ($lapsReaders.Count -gt 0) { $OUDelegationsMap[$ouDN] = $lapsReaders.Account foreach ($entry in $lapsReaders) { $OUDelegationsReport += [PSCustomObject]@{ OU = $ouDN Account = $entry.Account Attribut = $entry.Attribut Permission = $entry.Permission } } } else { $OUDelegationsMap[$ouDN] = @() $OUDelegationsReport += [PSCustomObject]@{ OU = $ouDN Account = '[NA]' Attribut = '' Permission = '' } } } return [PSCustomObject]@{ DelegationsMap = $OUDelegationsMap DelegationsReport = $OUDelegationsReport } } function Get-AccountDelegatedInParentOU { param ( [string]$startingOU, [string]$accountToCheck, [hashtable]$delegationMap, [hashtable]$aclCache ) #$startingOU = "OU=server,OU=T0,DC=info,DC=lab" #$accountToCheck = "info\GG_RH" #$delegationMap = $OUDelegationsMap #$aclCache = $OUACLCache $currentOU = $startingOU while ($currentOU -ne $null) { # If delegation for this OU is not yet known if (-not $delegationMap.ContainsKey($currentOU)) { # Check if ACL is already cached if (-not $aclCache.ContainsKey($currentOU)) { try { #$ouAcl = Get-Acl -Path "AD:$currentOU" $entry = [ADSI]"LDAP://$currentOU" $ouAcl = $entry.psbase.ObjectSecurity $aclCache[$currentOU] = $ouAcl } catch { Write-Warning "Unable to read ACL for OU $currentOU" $delegationMap[$currentOU] = @() break } } $ouAcl = $aclCache[$currentOU] # Extract accounts with access to ms-Mcs-AdmPwd $delegated = $ouAcl.Access | Where-Object { $_.AccessControlType -eq 'Allow' -and ( # Case 1: ACE explicitly targeting a LAPS attribute ($_.ObjectType.Guid -in $lapsGuids.Keys -and $_.ActiveDirectoryRights -match 'ReadProperty|ExtendedRight|ControlAccess|WriteProperty') -or # Case 2: Generic ACE without attribute targeting ($_.ObjectType.Guid -eq [Guid]::Empty -and $_.ActiveDirectoryRights -match 'GenericAll|GenericWrite|GenericRead|ReadProperty') ) } | ForEach-Object { try { ($_.IdentityReference.Translate([System.Security.Principal.NTAccount])).Value } catch { $_.IdentityReference.Value } } | Select-Object -Unique $delegationMap[$currentOU] = $delegated | Select-Object -Unique } # Direct comparison if ($delegationMap[$currentOU] -contains $accountToCheck) { return $true } # Move up one level in the OU hierarchy if ($currentOU -match '^OU=[^,]+,(.+)$') { $currentOU = $Matches[1] } else { break } } return $false } function Get-ADSIComputers { param( [Parameter(Mandatory)] [string]$SearchBaseDN ) # Prepare the ADSI search $searcher = New-Object System.DirectoryServices.DirectorySearcher $searcher.SearchRoot = "LDAP://$SearchBaseDN" $searcher.Filter = "(objectClass=computer)" $searcher.PageSize = 2000 $searcher.SearchScope = "Subtree" # Filter: computers enabled + LAPS present $searcher.Filter = "(&(objectClass=computer)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(ms-Mcs-AdmPwd=*))" # Load only necessary properties $searcher.PropertiesToLoad.Add("distinguishedname") | Out-Null $searcher.PropertiesToLoad.Add("name") | Out-Null $searcher.PropertiesToLoad.Add("objectsid") | Out-Null # Search $results = $searcher.FindAll() # Convert to PScustom foreach ($entry in $results) { [PSCustomObject]@{ DistinguishedName = $entry.Properties['distinguishedname'][0] Name = $entry.Properties['name'][0] ObjectSID = $entry.Properties['objectsid'][0] } } } function Get-ADSIComputerCount { param ( [Parameter(Mandatory)] [string]$SearchBaseDN ) # Filtre : all enabled machines $LdapFilter = "(&(objectClass=computer)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))" try { $searcher = New-Object System.DirectoryServices.DirectorySearcher $searcher.SearchRoot = "LDAP://$SearchBaseDN" $searcher.Filter = $LdapFilter $searcher.SearchScope = "Subtree" $searcher.PageSize = 2000 $searcher.PropertiesToLoad.Clear() return $searcher.FindAll().Count } catch { Write-Warning "Error Ldap on '$SearchBaseDN' : $_" return 0 } } function Get-ADSIObjectInfo { param ( [string]$SamAccountName ) if ($SamAccountName -match '\\') { $Sam = $SamAccountName.Split('\')[1] } else { $Sam = $SamAccountName } $searcher = New-Object DirectoryServices.DirectorySearcher $searcher.Filter = "(samAccountName=$Sam)" $result = $searcher.FindOne() if (-not $result) { return [PSCustomObject]@{ SamAccountName = $Sam Type = 'Unknown' Enabled = $null Created = $null AdminCount = $null } } $entry = $result.GetDirectoryEntry() $props = $entry.Properties $class = $props["objectClass"] | Select-Object -Last 1 $category = $props["objectCategory"][0] # Déterminer le type if ($category -like "CN=Computer*") { $type = "Computer" } elseif ($category -like "CN=Person*" -or $class -eq "user") { $type = "User" } elseif ($category -like "CN=Group*") { $type = "Group" } elseif ($class -eq "msDS-GroupManagedServiceAccount") { $type = "gMSA" } else { $type = $class } # Récupération des infos utiles $enabled = $null $created = $null $adminCount = $null try { if ($props["userAccountControl"]) { $uac = $props["userAccountControl"][0] $enabled = -not ($uac -band 2) # 2 = ACCOUNTDISABLE } if ($props["whenCreated"]) { $created = [datetime]$props["whenCreated"][0] } if ($type -eq "User" -or $type -eq "Group" -and $props["adminCount"]) { $adminCount = $props["adminCount"][0] } } catch { # silently fail } return [PSCustomObject]@{ SamAccountName = $Sam Type = $type Enabled = $enabled Created = $created AdminCount = if ($adminCount) { "True" } else { } } } function Export-LapsHtmlReport { param ( [Parameter(Mandatory)] [int]$TotalScanned, [int]$EmptyPasswords, [int]$SuspiciousDelegations, [int]$Haspassword, $Date, [String]$Scope, [String]$Domain, [array]$EmptyComputersTable, [array]$DelegationsTable, [array]$AllDelegatedAccounts, [array]$AlldelegationOU, $ElapsedTime, [string]$OutputPath = "LAPS-Audit-Report.html" ) $html = @" <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>LAPS Audit Report</title> <style> body { font-family: sans-serif; margin: 20px; background: #f9f9f9; } h1 { margin-bottom: 30px; } .banner-container { display: flex; gap: 15px; flex-wrap: wrap; margin-bottom: 30px; } .banner { background-color: #4CAF50; color: white; padding: 20px; flex: 1; min-width: 150px; border-radius: 10px; text-align: center; box-shadow: 0 2px 5px rgba(0,0,0,0.2); } .banner.red { background-color: #f44336; } .banner.orange { background-color: #ff9800; } .banner.blue { background-color: #2196f3; } a.viewlink { display: inline-block; margin: 10px 0 10px 0; color: #007bff; text-decoration: underline; cursor: pointer; } table { width: 100%; border-collapse: collapse; margin-top: 10px; } th, td { padding: 8px 12px; border: 1px solid #ccc; } th { background: #333; color: white; } </style> <script> function toggleVisibility(id) { var section = document.getElementById(id); section.style.display = (section.style.display === "none") ? "block" : "none"; } </script> <script> function filterTable(inputId, tableId) { var input = document.getElementById(inputId); var filter = input.value.toUpperCase(); var table = document.getElementById(tableId); var tr = table.getElementsByTagName("tr"); for (var i = 1; i < tr.length; i++) { var row = tr[i]; var text = row.textContent || row.innerText; row.style.display = text.toUpperCase().indexOf(filter) > -1 ? "" : "none"; } } </script> </head> <body> <div style="display: flex; justify-content: space-between; align-items: flex-end; border-bottom: 1px solid #ccc; padding-bottom: 8px; margin-bottom: 16px;"> <div> <h1 style="margin: 0;">Legacy LAPS Delegation Audit</h1> <p style="margin: 0; font-size: 14px; color: #666;">Domain: <strong>$Domain</strong></p> <p style="margin: 0; font-size: 14px; color: #666;">Scope: <strong>$Scope</strong></p> </div> <div style="text-align: right; font-size: 13px; color: #666;"> <div> <p style="margin: 0; font-size: 14px; color: #666;">Report date : <strong>$date</strong></p> <p style="margin: 0; font-size: 14px; color: #666;">Elapsed Time : <strong>$ElapsedTime</strong></p> </div> </div> </div> <div class="banner-container"> <div class="banner blue"> <div style="font-size: 24px;">$TotalScanned</div> <div>Total machines scanned</div> </div> <div class="banner orange"> <div style="font-size: 24px;">$EmptyPasswords</div> <div>No LAPS password found</div> </div> <div class="banner red"> <div style="font-size: 24px;">$SuspiciousDelegations</div> <div>Suspicious delegations</div> </div> <div class="banner"> <div style="font-size: 24px;">$Haspassword</div> <div>LAPS password found</div> </div> </div> "@ # SECTION 1 – Root deleguation $html += @" <a class="viewlink" onclick="toggleVisibility('oudeleg')">⬇ View Root Delegations</a> <div id="oudeleg" style="display: block;"> <table> <tr><th>OU</th><th>Account</th><th>Attribute</th><th>Permission</th></tr> "@ foreach ($row in $EmptyComputersTable) { $html += " <tr><td>$($row.OU)</td><td>$($row.Account)</td><td>$($row.Attribut)</td><td>$($row.Permission)</td></tr>`n" } $html += "</table></div>" # SECTION 2 – Suspicious ACL $html += @" <a class="viewlink" onclick="toggleVisibility('suspect')">⬇ View Suspicious ACL</a> <div id="suspect" style="display: block;"> <div style="display: flex; justify-content: space-between; align-items: center;"> <h2 style="margin: 0;">Suspicious ACL</h2> <input type="text" id="searchSuspect" onkeyup="filterTable('searchSuspect', 'tableSuspect')" placeholder="Search... 🔍" style="padding: 6px 10px; border: 1px solid #ccc; border-radius: 6px; font-size: 14px; width: 240px;"> </div> <table id="tableSuspect"> <tr><th>Computer</th><th>Account</th><th>Attribute</th><th>Permission</th><th>OU</th><th>Severity</th></tr> "@ foreach ($row in $DelegationsTable) { $html += " <tr><td>$($row.Computer)</td><td>$($row.UnexpectedAccount)</td><td>$($row.Attribut)</td><td>$($row.Permission)</td><td>$($row.OU)</td><td>$($row.Risk)</td></tr>`n" } $html += "</table></div>" # SECTION 3 – All delegated accounts $html += @" <a class="viewlink" onclick="toggleVisibility('allaccounts')">⬇ View All Delegated Accounts</a> <div id="allaccounts" style="display: block;"> <h2>All LAPS Delegated Accounts</h2> <table> <tr><th>Account</th><th>Type</th><th>Enabled</th><th>Created</th><th>Is admin</th></tr> "@ foreach ($row in $AllDelegatedAccounts) { $html += " <tr><td>$($row.SamAccountName)</td><td>$($row.Type)</td><td>$($row.Enabled)</td><td>$($row.Created)</td><td>$($row.AdminCount)</td></tr>`n" } $html += "</table></div>" # SECTION 4 – ALL deleguations by OU $html += @" <a class="viewlink" onclick="toggleVisibility('delegOU')">⬇ View OU Delegations</a> <div id="delegOU" style="display: block;"> <div style="display: flex; justify-content: space-between; align-items: center;"> <h2 style="margin: 0;">All delegations by OU</h2> <input type="text" id="searchDelegOU" onkeyup="filterTable('searchDelegOU', 'tableDelegOU')" placeholder="Search... 🔍" style="padding: 6px 10px; border: 1px solid #ccc; border-radius: 6px; font-size: 14px; width: 240px;"> </div> <table id="tableDelegOU"> <tr><th>OU</th><th>Account</th><th>Rights</th><th>Attribute</th><th>Inherited</th></tr> "@ foreach ($row in $AlldelegationOU) { $html += " <tr><td>$($row.OU)</td><td>$($row.Account)</td><td>$($row.Rights)</td><td>$($row.Attribute)</td><td>$($row.inherited)</td></tr>`n" } $html += @" </table> </div> <hr style="margin-top: 40px; border-top: 1px solid #ccc;" /> <div style="font-size: 12px; color: #888; text-align: center; padding-top: 10px; padding-bottom: 30px;"> Developed by <strong>Dakhama Mehdi</strong> & <strong>Alain Cuisenier</strong> – <a href="https://github.com/dakhama-mehdi/LAPS-Delegation-Audit" target="_blank">GitHub</a><br /> Credit <a href="https://www.doctorkloud.fr/" target="_blank">Doctor Kloud</a> Community for their support.<br /> Special thanks to <a href="https://www.it-connect.fr/" target="_blank">IT-Connect</a> for their valuable resources.<br /> @Copyright 2026 - Version 1.2 </div> </body> </html> "@ $html += "</table></div></body></html>" # Export to file $html | Set-Content -Encoding UTF8 -Path $OutputPath Write-Host "Report generated at: $OutputPath" -ForegroundColor Green start $OutputPath } # SIG # Begin signature block # MIItjQYJKoZIhvcNAQcCoIItfjCCLXoCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDWt2THR1azaYDU # 3v8osTIunyfVssJER3FxRnGFAm/OJaCCEtUwggXJMIIEsaADAgECAhAbtY8lKt8j # AEkoya49fu0nMA0GCSqGSIb3DQEBDAUAMH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQK # ExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2Vy # dGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBUcnVzdGVkIE5l # dHdvcmsgQ0EwHhcNMjEwNTMxMDY0MzA2WhcNMjkwOTE3MDY0MzA2WjCBgDELMAkG # A1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xJzAl # BgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIGA1UEAxMb # Q2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMIICIjANBgkqhkiG9w0BAQEFAAOC # Ag8AMIICCgKCAgEAvfl4+ObVgAxknYYblmRnPyI6HnUBfe/7XGeMycxca6mR5rlC # 5SBLm9qbe7mZXdmbgEvXhEArJ9PoujC7Pgkap0mV7ytAJMKXx6fumyXvqAoAl4Va # qp3cKcniNQfrcE1K1sGzVrihQTib0fsxf4/gX+GxPw+OFklg1waNGPmqJhCrKtPQ # 0WeNG0a+RzDVLnLRxWPa52N5RH5LYySJhi40PylMUosqp8DikSiJucBb+R3Z5yet # /5oCl8HGUJKbAiy9qbk0WQq/hEr/3/6zn+vZnuCYI+yma3cWKtvMrTscpIfcRnNe # GWJoRVfkkIJCu0LW8GHgwaM9ZqNd9BjuiMmNF0UpmTJ1AjHuKSbIawLmtWJFfzcV # WiNoidQ+3k4nsPBADLxNF8tNorMe0AZa3faTz1d1mfX6hhpneLO/lv403L3nUlbl # s+V1e9dBkQXcXWnjlQ1DufyDljmVe2yAWk8TcsbXfSl6RLpSpCrVQUYJIP4ioLZb # MI28iQzV13D4h1L92u+sUS4Hs07+0AnacO+Y+lbmbdu1V0vc5SwlFcieLnhO+Nqc # noYsylfzGuXIkosagpZ6w7xQEmnYDlpGizrrJvojybawgb5CAKT41v4wLsfSRvbl # jnX98sy50IdbzAYQYLuDNbdeZ95H7JlI8aShFf6tjGKOOVVPORa5sWOd/7cCAwEA # AaOCAT4wggE6MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLahVDkCw6A/joq8 # +tT4HKbROg79MB8GA1UdIwQYMBaAFAh2zcsH/yT2xc3tu5C84oQ3RnX3MA4GA1Ud # DwEB/wQEAwIBBjAvBgNVHR8EKDAmMCSgIqAghh5odHRwOi8vY3JsLmNlcnR1bS5w # bC9jdG5jYS5jcmwwawYIKwYBBQUHAQEEXzBdMCgGCCsGAQUFBzABhhxodHRwOi8v # c3ViY2Eub2NzcC1jZXJ0dW0uY29tMDEGCCsGAQUFBzAChiVodHRwOi8vcmVwb3Np # dG9yeS5jZXJ0dW0ucGwvY3RuY2EuY2VyMDkGA1UdIAQyMDAwLgYEVR0gADAmMCQG # CCsGAQUFBwIBFhhodHRwOi8vd3d3LmNlcnR1bS5wbC9DUFMwDQYJKoZIhvcNAQEM # BQADggEBAFHCoVgWIhCL/IYx1MIy01z4S6Ivaj5N+KsIHu3V6PrnCA3st8YeDrJ1 # BXqxC/rXdGoABh+kzqrya33YEcARCNQOTWHFOqj6seHjmOriY/1B9ZN9DbxdkjuR # mmW60F9MvkyNaAMQFtXx0ASKhTP5N+dbLiZpQjy6zbzUeulNndrnQ/tjUoCFBMQl # lVXwfqefAcVbKPjgzoZwpic7Ofs4LphTZSJ1Ldf23SIikZbr3WjtP6MZl9M7JYjs # NhI9qX7OAo0FmpKnJ25FspxihjcNpDOO16hO0EoXQ0zF8ads0h5YbBRRfopUofbv # n3l6XYGaFpAP4bvxSgD5+d2+7arszgowggZHMIIEL6ADAgECAhA12OBytW+cTayv # VHUpRhwLMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNVBAYTAlBMMSEwHwYDVQQKExhB # c3NlY28gRGF0YSBTeXN0ZW1zIFMuQS4xJDAiBgNVBAMTG0NlcnR1bSBDb2RlIFNp # Z25pbmcgMjAyMSBDQTAeFw0yNTExMTYxMTAwMTlaFw0yNjExMTYxMTAwMThaMG0x # CzAJBgNVBAYTAkZSMQ8wDQYDVQQHDAZUb3Vsb24xHjAcBgNVBAoMFU9wZW4gU291 # cmNlIERldmVsb3BlcjEtMCsGA1UEAwwkT3BlbiBTb3VyY2UgRGV2ZWxvcGVyLCBE # QUtIQU1BIE1FSERJMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAp6Ku # m/VmkWCqAaF/3zHh9f1FuJYY2ozbXOu7mo1/Q8i1c0fE0TXpkZXLY2GZbfpj9BmH # AAFM0IhOsPR2vdxq3jOUJUb9TICneFor6YaPpySsXR3WSE7X42kgpkkmPELovm1Y # hwSzhJ4a+E+NWL/MU8h5JpmGVlqPJ02/ZTlMj5kcpIQtq8hoQMcUEDkGFt9IcamE # 1yN4IHkBA5nm4jJPaos0IuS77t805992JSGWhxBxWARH+2vyltv8Rmq1pZV1lE6n # JgrWT7Ichjw2X/A+OP68ooTzQwCIpzXb4UuUcwHEfrmP3HGMQJoj//SNC4QPMao+ # 3Z8zbevl73E3d6Kfvra1S+pWM2Ze5YCsIqAd98GUHgi5E6GiG8FQq/+d6msL7l8B # UASCqXlcAKIjRNMHp8BrUaaW6HS9Kpc+3O3t/LUmK6X3FFiW8QsWoh4K+7YSpopa # CQbNXmEI4xftctwBOJrEU2oqRnYiwchfjqBNlrGwVGPK1rmM0iTt5KiLTus7AgMB # AAGjggF4MIIBdDAMBgNVHRMBAf8EAjAAMD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6 # Ly9jY3NjYTIwMjEuY3JsLmNlcnR1bS5wbC9jY3NjYTIwMjEuY3JsMHMGCCsGAQUF # BwEBBGcwZTAsBggrBgEFBQcwAYYgaHR0cDovL2Njc2NhMjAyMS5vY3NwLWNlcnR1 # bS5jb20wNQYIKwYBBQUHMAKGKWh0dHA6Ly9yZXBvc2l0b3J5LmNlcnR1bS5wbC9j # Y3NjYTIwMjEuY2VyMB8GA1UdIwQYMBaAFN10XUwA23ufoHTKsW73PMAywHDNMB0G # A1UdDgQWBBSXTmfHi9BD9GDRwk5/doNtKHBXYzBLBgNVHSAERDBCMAgGBmeBDAEE # ATA2BgsqhGgBhvZ3AgUBBDAnMCUGCCsGAQUFBwIBFhlodHRwczovL3d3dy5jZXJ0 # dW0ucGwvQ1BTMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA4GA1UdDwEB/wQEAwIHgDAN # BgkqhkiG9w0BAQsFAAOCAgEAe+khGqwUUkFYuFRsrvenX2/a+PIt2Tu9d3VoW6Or # MX3YLpe7S2CgFkXwEi2Siq5KiD1labP9jsh/3G1ZQwwlnPv8dB7ocl/nOrQ9OZex # GVE1r7IO6VYVa5F7XuJ/KadKLEbQSs1BpBVhESo1ZYr6w9NCLuO9q2Sh3H5MktET # D6sB+g1TFOYMdwYl8eAawgI2kGPe3dRQSoumP0mHkm3x5SIwRCW+08md5uyzCIui # 85WmcNPtM1QCqjkSpfdFGYPsnf/BO9NATpZkqFxhXwa9+PqseX+mofCIL49guCXG # kU4RpeRHcUie14oYkxvBw7VUO4MT6wYbS2C3j2nyoAV4XqqNMfrhZIBJG5haj2RB # V46bMJ+DsW6hxlm3lIlCaJT2pLbbk79OP+Bk0HIdC9mAbKzcqaZpBpn4+ljrcx7/ # X7OHv4XTCCDWwlZbaogy4Wci6TiSjjfpfXK5N/eJTEEh2w4qoYTTrR61ptkVnTUT # vGRfPnVtS/3aOm2v4UahtOc/ygcL0A/J85r1e6CEeOaTm9eJbHoNdwNIYaZ81VlX # /V/MoJgFCtioYOKiTf2Rdq7XrEEHLU2YGwCqJyKYz9tz10yXBcMW6/+gX+PGqAYz # eKg5jbKLdi9lVrKspQUXAPHdcl6VJMXy799J0lbsQeJNgBVy6HWxOWvdLBGX3hPE # 3aYwgga5MIIEoaADAgECAhEAmaOACiZVO2Wr3G6EprPqOTANBgkqhkiG9w0BAQwF # ADCBgDELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVz # IFMuQS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEk # MCIGA1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMB4XDTIxMDUxOTA1 # MzIxOFoXDTM2MDUxODA1MzIxOFowVjELMAkGA1UEBhMCUEwxITAfBgNVBAoTGEFz # c2VjbyBEYXRhIFN5c3RlbXMgUy5BLjEkMCIGA1UEAxMbQ2VydHVtIENvZGUgU2ln # bmluZyAyMDIxIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnSPP # BDAjO8FGLOczcz5jXXp1ur5cTbq96y34vuTmflN4mSAfgLKTvggv24/rWiVGzGxT # 9YEASVMw1Aj8ewTS4IndU8s7VS5+djSoMcbvIKck6+hI1shsylP4JyLvmxwLHtSw # orV9wmjhNd627h27a8RdrT1PH9ud0IF+njvMk2xqbNTIPsnWtw3E7DmDoUmDQiYi # /ucJ42fcHqBkbbxYDB7SYOouu9Tj1yHIohzuC8KNqfcYf7Z4/iZgkBJ+UFNDcc6z # okZ2uJIxWgPWXMEmhu1gMXgv8aGUsRdaCtVD2bSlbfsq7BiqljjaCun+RJgTgFRC # tsuAEw0pG9+FA+yQN9n/kZtMLK+Wo837Q4QOZgYqVWQ4x6cM7/G0yswg1ElLlJj6 # NYKLw9EcBXE7TF3HybZtYvj9lDV2nT8mFSkcSkAExzd4prHwYjUXTeZIlVXqj+ea # YqoMTpMrfh5MCAOIG5knN4Q/JHuurfTI5XDYO962WZayx7ACFf5ydJpoEowSP07Y # aBiQ8nXpDkNrUA9g7qf/rCkKbWpQ5boufUnq1UiYPIAHlezf4muJqxqIns/kqld6 # JVX8cixbd6PzkDpwZo4SlADaCi2JSplKShBSND36E/ENVv8urPS0yOnpG4tIoBGx # VCARPCg1BnyMJ4rBJAcOSnAWd18Jx5n858JSqPECAwEAAaOCAVUwggFRMA8GA1Ud # EwEB/wQFMAMBAf8wHQYDVR0OBBYEFN10XUwA23ufoHTKsW73PMAywHDNMB8GA1Ud # IwQYMBaAFLahVDkCw6A/joq8+tT4HKbROg79MA4GA1UdDwEB/wQEAwIBBjATBgNV # HSUEDDAKBggrBgEFBQcDAzAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vY3JsLmNl # cnR1bS5wbC9jdG5jYTIuY3JsMGwGCCsGAQUFBwEBBGAwXjAoBggrBgEFBQcwAYYc # aHR0cDovL3N1YmNhLm9jc3AtY2VydHVtLmNvbTAyBggrBgEFBQcwAoYmaHR0cDov # L3JlcG9zaXRvcnkuY2VydHVtLnBsL2N0bmNhMi5jZXIwOQYDVR0gBDIwMDAuBgRV # HSAAMCYwJAYIKwYBBQUHAgEWGGh0dHA6Ly93d3cuY2VydHVtLnBsL0NQUzANBgkq # hkiG9w0BAQwFAAOCAgEAdYhYD+WPUCiaU58Q7EP89DttyZqGYn2XRDhJkL6P+/T0 # IPZyxfxiXumYlARMgwRzLRUStJl490L94C9LGF3vjzzH8Jq3iR74BRlkO18J3zId # mCKQa5LyZ48IfICJTZVJeChDUyuQy6rGDxLUUAsO0eqeLNhLVsgw6/zOfImNlARK # n1FP7o0fTbj8ipNGxHBIutiRsWrhWM2f8pXdd3x2mbJCKKtl2s42g9KUJHEIiLni # 9ByoqIUul4GblLQigO0ugh7bWRLDm0CdY9rNLqyA3ahe8WlxVWkxyrQLjH8ItI17 # RdySaYayX3PhRSC4Am1/7mATwZWwSD+B7eMcZNhpn8zJ+6MTyE6YoEBSRVrs0zFF # IHUR08Wk0ikSf+lIe5Iv6RY3/bFAEloMU+vUBfSouCReZwSLo8WdrDlPXtR0gicD # nytO7eZ5827NS2x7gCBibESYkOh1/w1tVxTpV2Na3PR7nxYVlPu1JPoRZCbH86gc # 96UTvuWiOruWmyOEMLOGGniR+x+zPF/2DaGgK2W1eEJfo2qyrBNPvF7wuAyQfiFX # LwvWHamoYtPZo0LHuH8X3n9C+xN4YaNjt2ywzOr+tKyEVAotnyU9vyEVOaIYMk3I # eBrmFnn0gbKeTTyYeEEUz/Qwt4HOUBCrW602NCmvO1nm+/80nLy5r0AZvCQxaQ4x # ghoOMIIaCgIBATBqMFYxCzAJBgNVBAYTAlBMMSEwHwYDVQQKExhBc3NlY28gRGF0 # YSBTeXN0ZW1zIFMuQS4xJDAiBgNVBAMTG0NlcnR1bSBDb2RlIFNpZ25pbmcgMjAy # MSBDQQIQNdjgcrVvnE2sr1R1KUYcCzANBglghkgBZQMEAgEFAKB8MBAGCisGAQQB # gjcCAQwxAjAAMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcC # AQsxDjAMBgorBgEEAYI3AgEVMC8GCSqGSIb3DQEJBDEiBCBRELMlBKTsfTT96CvF # sdw7c0m7/0yJBZpW0+FQiqfSSzANBgkqhkiG9w0BAQEFAASCAYA16JmOj34YQk7i # FPEUFjKH5i6GvkBPieAFMmra2ikOmg0K43/gvqVM7tzmgkRB9I5y4xX/OcxLEWV/ # IsXBwpAqSwUJKoLjvS3FhpzN1qQsi4VsmFUCqL2w6Ot2ho6P7kPJKKF51W3VtEsO # WJyVvaY7SlbXPMjC/9t5YWhP2J+afg/Bki1scoEFmI8GX2AUjJE0gtvxfQ/z1ohN # 8/5MOfbu2Jamkpa43lAuXtkh5T1ko3TAWDc5FXbLrrFTgN14n80wzqKhD/9B0SUo # 6XJLfPlB0bejdbXPB4SFiSjv2LGq3WNGzf1JShwMXz9xmqdFiM76CzpkEQ48msPg # TJ6dhd2Bf+LS6OWFOsfTLxYj/CzxsBFuFgUkjuv7chg3FtkC3q/dl9tG2mhzNB7v # 2mZVIFgsj+66CLeyHaGdY01mVljZTDFM1HhQ+g5TjI7xC8+Cgtp/AGex3zMb9rMD # XRPXiLPMGE42L3CR20w1+36yvT1qBgZ5hzrbafkhR8rmMeMIDsChghd3MIIXcwYK # KwYBBAGCNwMDATGCF2MwghdfBgkqhkiG9w0BBwKgghdQMIIXTAIBAzEPMA0GCWCG # SAFlAwQCAQUAMHgGCyqGSIb3DQEJEAEEoGkEZzBlAgEBBglghkgBhv1sBwEwMTAN # BglghkgBZQMEAgEFAAQghddD1oYS4fnyczqbadRM10Ua2qYkVpjhicGouH0LQgEC # EQDcz6kAsKHfILIpAZGN7YRfGA8yMDI2MDMwNDEzMzYyM1qgghM6MIIG7TCCBNWg # AwIBAgIQCoDvGEuN8QWC0cR2p5V0aDANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQG # EwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0 # IFRydXN0ZWQgRzQgVGltZVN0YW1waW5nIFJTQTQwOTYgU0hBMjU2IDIwMjUgQ0Ex # MB4XDTI1MDYwNDAwMDAwMFoXDTM2MDkwMzIzNTk1OVowYzELMAkGA1UEBhMCVVMx # FzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2VydCBTSEEy # NTYgUlNBNDA5NiBUaW1lc3RhbXAgUmVzcG9uZGVyIDIwMjUgMTCCAiIwDQYJKoZI # hvcNAQEBBQADggIPADCCAgoCggIBANBGrC0Sxp7Q6q5gVrMrV7pvUf+GcAoB38o3 # zBlCMGMyqJnfFNZx+wvA69HFTBdwbHwBSOeLpvPnZ8ZN+vo8dE2/pPvOx/Vj8Tch # TySA2R4QKpVD7dvNZh6wW2R6kSu9RJt/4QhguSssp3qome7MrxVyfQO9sMx6ZAWj # FDYOzDi8SOhPUWlLnh00Cll8pjrUcCV3K3E0zz09ldQ//nBZZREr4h/GI6Dxb2Uo # yrN0ijtUDVHRXdmncOOMA3CoB/iUSROUINDT98oksouTMYFOnHoRh6+86Ltc5zjP # KHW5KqCvpSduSwhwUmotuQhcg9tw2YD3w6ySSSu+3qU8DD+nigNJFmt6LAHvH3KS # uNLoZLc1Hf2JNMVL4Q1OpbybpMe46YceNA0LfNsnqcnpJeItK/DhKbPxTTuGoX7w # JNdoRORVbPR1VVnDuSeHVZlc4seAO+6d2sC26/PQPdP51ho1zBp+xUIZkpSFA8vW # doUoHLWnqWU3dCCyFG1roSrgHjSHlq8xymLnjCbSLZ49kPmk8iyyizNDIXj//cOg # rY7rlRyTlaCCfw7aSUROwnu7zER6EaJ+AliL7ojTdS5PWPsWeupWs7NpChUk555K # 096V1hE0yZIXe+giAwW00aHzrDchIc2bQhpp0IoKRR7YufAkprxMiXAJQ1XCmnCf # gPf8+3mnAgMBAAGjggGVMIIBkTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTkO/zy # Me39/dfzkXFjGVBDz2GM6DAfBgNVHSMEGDAWgBTvb1NK6eQGfHrK4pBW9i/USezL # TjAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwgZUGCCsG # AQUFBwEBBIGIMIGFMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j # b20wXQYIKwYBBQUHMAKGUWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdp # Q2VydFRydXN0ZWRHNFRpbWVTdGFtcGluZ1JTQTQwOTZTSEEyNTYyMDI1Q0ExLmNy # dDBfBgNVHR8EWDBWMFSgUqBQhk5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln # aUNlcnRUcnVzdGVkRzRUaW1lU3RhbXBpbmdSU0E0MDk2U0hBMjU2MjAyNUNBMS5j # cmwwIAYDVR0gBBkwFzAIBgZngQwBBAIwCwYJYIZIAYb9bAcBMA0GCSqGSIb3DQEB # CwUAA4ICAQBlKq3xHCcEua5gQezRCESeY0ByIfjk9iJP2zWLpQq1b4URGnwWBdEZ # D9gBq9fNaNmFj6Eh8/YmRDfxT7C0k8FUFqNh+tshgb4O6Lgjg8K8elC4+oWCqnU/ # ML9lFfim8/9yJmZSe2F8AQ/UdKFOtj7YMTmqPO9mzskgiC3QYIUP2S3HQvHG1FDu # +WUqW4daIqToXFE/JQ/EABgfZXLWU0ziTN6R3ygQBHMUBaB5bdrPbF6MRYs03h4o # bEMnxYOX8VBRKe1uNnzQVTeLni2nHkX/QqvXnNb+YkDFkxUGtMTaiLR9wjxUxu2h # ECZpqyU1d0IbX6Wq8/gVutDojBIFeRlqAcuEVT0cKsb+zJNEsuEB7O7/cuvTQasn # M9AWcIQfVjnzrvwiCZ85EE8LUkqRhoS3Y50OHgaY7T/lwd6UArb+BOVAkg2oOvol # /DJgddJ35XTxfUlQ+8Hggt8l2Yv7roancJIFcbojBcxlRcGG0LIhp6GvReQGgMgY # xQbV1S3CrWqZzBt1R9xJgKf47CdxVRd/ndUlQ05oxYy2zRWVFjF7mcr4C34Mj3oc # CVccAvlKV9jEnstrniLvUxxVZE/rptb7IRE2lskKPIJgbaP5t2nGj/ULLi49xTcB # ZU8atufk+EMF/cWuiC7POGT75qaL6vdCvHlshtjdNXOCIUjsarfNZzCCBrQwggSc # oAMCAQICEA3HrFcF/yGZLkBDIgw6SYYwDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE # BhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2lj # ZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNlcnQgVHJ1c3RlZCBSb290IEc0MB4XDTI1 # MDUwNzAwMDAwMFoXDTM4MDExNDIzNTk1OVowaTELMAkGA1UEBhMCVVMxFzAVBgNV # BAoTDkRpZ2lDZXJ0LCBJbmMuMUEwPwYDVQQDEzhEaWdpQ2VydCBUcnVzdGVkIEc0 # IFRpbWVTdGFtcGluZyBSU0E0MDk2IFNIQTI1NiAyMDI1IENBMTCCAiIwDQYJKoZI # hvcNAQEBBQADggIPADCCAgoCggIBALR4MdMKmEFyvjxGwBysddujRmh0tFEXnU2t # jQ2UtZmWgyxU7UNqEY81FzJsQqr5G7A6c+Gh/qm8Xi4aPCOo2N8S9SLrC6Kbltqn # 7SWCWgzbNfiR+2fkHUiljNOqnIVD/gG3SYDEAd4dg2dDGpeZGKe+42DFUF0mR/vt # La4+gKPsYfwEu7EEbkC9+0F2w4QJLVSTEG8yAR2CQWIM1iI5PHg62IVwxKSpO0Xa # F9DPfNBKS7Zazch8NF5vp7eaZ2CVNxpqumzTCNSOxm+SAWSuIr21Qomb+zzQWKhx # KTVVgtmUPAW35xUUFREmDrMxSNlr/NsJyUXzdtFUUt4aS4CEeIY8y9IaaGBpPNXK # FifinT7zL2gdFpBP9qh8SdLnEut/GcalNeJQ55IuwnKCgs+nrpuQNfVmUB5KlCX3 # ZA4x5HHKS+rqBvKWxdCyQEEGcbLe1b8Aw4wJkhU1JrPsFfxW1gaou30yZ46t4Y9F # 20HHfIY4/6vHespYMQmUiote8ladjS/nJ0+k6MvqzfpzPDOy5y6gqztiT96Fv/9b # H7mQyogxG9QEPHrPV6/7umw052AkyiLA6tQbZl1KhBtTasySkuJDpsZGKdlsjg4u # 70EwgWbVRSX1Wd4+zoFpp4Ra+MlKM2baoD6x0VR4RjSpWM8o5a6D8bpfm4CLKczs # G7ZrIGNTAgMBAAGjggFdMIIBWTASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQW # BBTvb1NK6eQGfHrK4pBW9i/USezLTjAfBgNVHSMEGDAWgBTs1+OC0nFdZEzfLmc/ # 57qYrhwPTzAOBgNVHQ8BAf8EBAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwgwdwYI # KwYBBQUHAQEEazBpMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j # b20wQQYIKwYBBQUHMAKGNWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdp # Q2VydFRydXN0ZWRSb290RzQuY3J0MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9j # cmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRSb290RzQuY3JsMCAGA1Ud # IAQZMBcwCAYGZ4EMAQQCMAsGCWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAgEA # F877FoAc/gc9EXZxML2+C8i1NKZ/zdCHxYgaMH9Pw5tcBnPw6O6FTGNpoV2V4wzS # UGvI9NAzaoQk97frPBtIj+ZLzdp+yXdhOP4hCFATuNT+ReOPK0mCefSG+tXqGpYZ # 3essBS3q8nL2UwM+NMvEuBd/2vmdYxDCvwzJv2sRUoKEfJ+nN57mQfQXwcAEGCvR # R2qKtntujB71WPYAgwPyWLKu6RnaID/B0ba2H3LUiwDRAXx1Neq9ydOal95CHfmT # nM4I+ZI2rVQfjXQA1WSjjf4J2a7jLzWGNqNX+DF0SQzHU0pTi4dBwp9nEC8EAqox # W6q17r0z0noDjs6+BFo+z7bKSBwZXTRNivYuve3L2oiKNqetRHdqfMTCW/NmKLJ9 # M+MtucVGyOxiDf06VXxyKkOirv6o02OoXN4bFzK0vlNMsvhlqgF2puE6FndlENSm # E+9JGYxOGLS/D284NHNboDGcmWXfwXRy4kbu4QFhOm0xJuF2EZAOk5eCkhSxZON3 # rGlHqhpB/8MluDezooIs8CVnrpHMiD2wL40mm53+/j7tFaxYKIqL0Q4ssd8xHZnI # n/7GELH3IdvG2XlM9q7WP/UwgOkw/HQtyRN62JK4S1C8uw3PdBunvAZapsiI5YKd # vlarEvf8EA+8hcpSM9LHJmyrxaFtoza2zNaQ9k+5t1wwggWNMIIEdaADAgECAhAO # mxiO+dAt5+/bUOIIQBhaMA0GCSqGSIb3DQEBDAUAMGUxCzAJBgNVBAYTAlVTMRUw # EwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x # JDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0yMjA4MDEw # MDAwMDBaFw0zMTExMDkyMzU5NTlaMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxE # aWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMT # GERpZ2lDZXJ0IFRydXN0ZWQgUm9vdCBHNDCCAiIwDQYJKoZIhvcNAQEBBQADggIP # ADCCAgoCggIBAL/mkHNo3rvkXUo8MCIwaTPswqclLskhPfKK2FnC4SmnPVirdprN # rnsbhA3EMB/zG6Q4FutWxpdtHauyefLKEdLkX9YFPFIPUh/GnhWlfr6fqVcWWVVy # r2iTcMKyunWZanMylNEQRBAu34LzB4TmdDttceItDBvuINXJIB1jKS3O7F5OyJP4 # IWGbNOsFxl7sWxq868nPzaw0QF+xembud8hIqGZXV59UWI4MK7dPpzDZVu7Ke13j # rclPXuU15zHL2pNe3I6PgNq2kZhAkHnDeMe2scS1ahg4AxCN2NQ3pC4FfYj1gj4Q # kXCrVYJBMtfbBHMqbpEBfCFM1LyuGwN1XXhm2ToxRJozQL8I11pJpMLmqaBn3aQn # vKFPObURWBf3JFxGj2T3wWmIdph2PVldQnaHiZdpekjw4KISG2aadMreSx7nDmOu # 5tTvkpI6nj3cAORFJYm2mkQZK37AlLTSYW3rM9nF30sEAMx9HJXDj/chsrIRt7t/ # 8tWMcCxBYKqxYxhElRp2Yn72gLD76GSmM9GJB+G9t+ZDpBi4pncB4Q+UDCEdslQp # JYls5Q5SUUd0viastkF13nqsX40/ybzTQRESW+UQUOsxxcpyFiIJ33xMdT9j7CFf # xCBRa2+xq4aLT8LWRV+dIPyhHsXAj6KxfgommfXkaS+YHS312amyHeUbAgMBAAGj # ggE6MIIBNjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTs1+OC0nFdZEzfLmc/ # 57qYrhwPTzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzAOBgNVHQ8B # Af8EBAMCAYYweQYIKwYBBQUHAQEEbTBrMCQGCCsGAQUFBzABhhhodHRwOi8vb2Nz # cC5kaWdpY2VydC5jb20wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2lj # ZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcnQwRQYDVR0fBD4wPDA6 # oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElE # Um9vdENBLmNybDARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQEMBQADggEB # AHCgv0NcVec4X6CjdBs9thbX979XB72arKGHLOyFXqkauyL4hxppVCLtpIh3bb0a # FPQTSnovLbc47/T/gLn4offyct4kvFIDyE7QKt76LVbP+fT3rDB6mouyXtTP0UNE # m0Mh65ZyoUi0mcudT6cGAxN3J0TU53/oWajwvy8LpunyNDzs9wPHh6jSTEAZNUZq # aVSwuKFWjuyk1T3osdz9HNj0d1pcVIxv76FQPfx2CWiEn2/K2yCNNWAcAgPLILCs # WKAOQGPFmCLBsln1VWvPJ6tsds5vIy30fnFqI2si/xK4VC0nftg62fC2h5b9W9Fc # rBjDTZ9ztwGpn1eqXijiuZQxggN8MIIDeAIBATB9MGkxCzAJBgNVBAYTAlVTMRcw # FQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UEAxM4RGlnaUNlcnQgVHJ1c3Rl # ZCBHNCBUaW1lU3RhbXBpbmcgUlNBNDA5NiBTSEEyNTYgMjAyNSBDQTECEAqA7xhL # jfEFgtHEdqeVdGgwDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZIhvcNAQkDMQ0GCyqG # SIb3DQEJEAEEMBwGCSqGSIb3DQEJBTEPFw0yNjAzMDQxMzM2MjNaMCsGCyqGSIb3 # DQEJEAIMMRwwGjAYMBYEFN1iMKyGCi0wa9o4sWh5UjAH+0F+MC8GCSqGSIb3DQEJ # BDEiBCDku4k/8gN/kO/XxdetFHdlU84u9FDQtpRKJ0klohG/GDA3BgsqhkiG9w0B # CRACLzEoMCYwJDAiBCBKoD+iLNdchMVck4+CjmdrnK7Ksz/jbSaaozTxRhEKMzAN # BgkqhkiG9w0BAQEFAASCAgC85cvh1dn3hGvF1SY2SjJQU5HMDWDfoF3Z+5Z7vXBH # 0F9VAGjjqSqMm42wk+nHv4jZicF9+8s+VmNcudXgowVj5Wh1NAJVmwNZ++5Kobxl # jtDWZRIK+1ykGU0Y028hz5JMXG4uoDo80oP2KAtIoZEzVYGYmN/PRanvj/pKGbeB # YPiZo19wPX8lFk/C44OodyqP+XA82Lc2+YyKHfBC2uLnYFwVjNru4B94clbj0lWg # xfZ2PgOjv0X4V40HQxCsp8jdYjT4i3ePkwHoZ0sea/gBXEHalPXm8cIeed1/qSk8 # 3EXDPYjA31ElgTRDMz5uiUezdAzMyeBezUjnv80xCtPfzIia/nk++eyCsvRjxvnC # 5UMPUgrfU9dyxr77P5gcfpUOpFAa/uKyV4q9aj6n3mp2Z+bd9BzmAjHTDh4RVLjj # hFzwEoyiaNwrEJzmg6ycTfMEz81Ufii7ePaTImWGcusfokeaVNOAlauifYtBsy33 # 1/Kc3v+fnSbOMZc9WHI2alQnAfXxMKQc02Ym4DB5FufWsAFG+hmw8WGpwIYp6zdN # BlWVdGGE5abkgv1lstPyKI8eaeJcKt4IzlkQi6JPiRXwzGnYsxRgj1HJtnR7U8d5 # PEOZXCUCWU47sMpfi4B/mPzNY/CybYud5XQOF/KdPJMuHDAVLLOKDGMih+SNxToA # AQ== # SIG # End signature block |