Classes/Models.ps1
|
enum Severity { Critical; High; Medium; Low; Info } enum FindingCategory { Gap; Conflict; Redundancy; Misconfiguration; Hygiene } class AuditFinding { [Severity] $Severity [FindingCategory] $Category [string] $Title [string] $Description [string] $PolicyReference [string] $Recommendation [string[]] $Dimensions [string] $TestName AuditFinding([Severity]$s, [FindingCategory]$c, [string]$t, [string]$d, [string]$p, [string]$r, [string[]]$dims) { $this.Severity = $s $this.Category = $c $this.Title = $t $this.Description = $d $this.PolicyReference = $p $this.Recommendation = $r $this.Dimensions = $dims } } class NormalizedScope { [string] $Name [string] $State [System.Collections.Generic.HashSet[string]] $IncludeUsers [System.Collections.Generic.HashSet[string]] $ExcludeUsers [System.Collections.Generic.HashSet[string]] $IncludeGroups [System.Collections.Generic.HashSet[string]] $ExcludeGroups [System.Collections.Generic.HashSet[string]] $IncludeRoles [System.Collections.Generic.HashSet[string]] $ExcludeRoles [object] $IncludeGuestsOrExternalUsers [System.Collections.Generic.HashSet[string]] $IncludeApps [System.Collections.Generic.HashSet[string]] $ExcludeApps [System.Collections.Generic.HashSet[string]] $IncludeUserActions [System.Collections.Generic.HashSet[string]] $IncludeAuthContexts [System.Collections.Generic.HashSet[string]] $Platforms [System.Collections.Generic.HashSet[string]] $ExcludePlatforms [System.Collections.Generic.HashSet[string]] $ClientAppTypes [System.Collections.Generic.HashSet[string]] $Locations [System.Collections.Generic.HashSet[string]] $ExcludeLocations [System.Collections.Generic.HashSet[string]] $UserRiskLevels [System.Collections.Generic.HashSet[string]] $SignInRiskLevels [System.Collections.Generic.HashSet[string]] $InsiderRiskLevels [System.Collections.Generic.HashSet[string]] $ServicePrincipalRiskLevels [string] $GrantOperator [System.Collections.Generic.HashSet[string]] $BuiltInControls [string] $AuthStrengthId [System.Collections.Generic.HashSet[string]] $TermsOfUse [object] $SignInFrequency [object] $PersistentBrowser [object] $CloudAppSecurity [bool] $AppEnforcedRestrictions [object] $ContinuousAccessEvaluation [object] $TokenProtection [object] $Raw static [NormalizedScope] FromPolicy([object]$p) { $s = [NormalizedScope]::new() $c = $p.conditions; $u = $c.users; $apps = $c.applications $s.Name = $p.displayName; $s.State = $p.state; $s.Raw = $p $s.IncludeUsers = [NormalizedScope]::ToSet($u.includeUsers) $s.ExcludeUsers = [NormalizedScope]::ToSet($u.excludeUsers) $s.IncludeGroups = [NormalizedScope]::ToSet($u.includeGroups) $s.ExcludeGroups = [NormalizedScope]::ToSet($u.excludeGroups) $s.IncludeRoles = [NormalizedScope]::ToSet($u.includeRoles) $s.ExcludeRoles = [NormalizedScope]::ToSet($u.excludeRoles) $s.IncludeGuestsOrExternalUsers = $u.includeGuestsOrExternalUsers $s.IncludeApps = [NormalizedScope]::ToSet($apps.includeApplications) $s.ExcludeApps = [NormalizedScope]::ToSet($apps.excludeApplications) $s.IncludeUserActions = [NormalizedScope]::ToSet($apps.includeUserActions) $s.IncludeAuthContexts = [NormalizedScope]::ToSet($apps.includeAuthenticationContextClassReferences) $s.Platforms = [NormalizedScope]::ToSet($c.platforms.includePlatforms) $s.ExcludePlatforms = [NormalizedScope]::ToSet($c.platforms.excludePlatforms) $s.ClientAppTypes = [NormalizedScope]::ToSet($c.clientAppTypes) $s.Locations = [NormalizedScope]::ToSet($c.locations.includeLocations) $s.ExcludeLocations = [NormalizedScope]::ToSet($c.locations.excludeLocations) $s.UserRiskLevels = [NormalizedScope]::ToSet($c.userRiskLevels) $s.SignInRiskLevels = [NormalizedScope]::ToSet($c.signInRiskLevels) $s.InsiderRiskLevels = [NormalizedScope]::ToSet($c.insiderRiskLevels) $s.ServicePrincipalRiskLevels = [NormalizedScope]::ToSet($c.servicePrincipalRiskLevels) $gc = $p.grantControls $s.GrantOperator = if ($gc.operator) { $gc.operator } else { 'OR' } $s.BuiltInControls = [NormalizedScope]::ToSet($gc.builtInControls) $s.AuthStrengthId = $gc.authenticationStrength.id $s.TermsOfUse = [NormalizedScope]::ToSet($gc.termsOfUse) $sc = $p.sessionControls $s.SignInFrequency = $sc.signInFrequency $s.PersistentBrowser = $sc.persistentBrowser $s.CloudAppSecurity = $sc.cloudAppSecurity $s.AppEnforcedRestrictions = [bool]$sc.applicationEnforcedRestrictions.isEnabled $s.ContinuousAccessEvaluation = $sc.continuousAccessEvaluation $s.TokenProtection = $sc.secureSignInSession return $s } hidden static [System.Collections.Generic.HashSet[string]] ToSet([object]$arr) { $hs = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::OrdinalIgnoreCase) if ($null -ne $arr -and $arr -is [System.Collections.IEnumerable] -and $arr -isnot [string]) { foreach ($item in $arr) { if ($item) { [void]$hs.Add([string]$item) } } } return $hs } [bool] TargetsAllUsers() { return $this.IncludeUsers.Contains('All') } [bool] TargetsAllApps() { return $this.IncludeApps.Contains('All') } [bool] Blocks() { return $this.BuiltInControls.Contains('block') } [bool] RequiresMfa() { return $this.BuiltInControls.Contains('mfa') -or $null -ne $this.AuthStrengthId } [bool] RequiresCompliance() { return $this.BuiltInControls.Contains('compliantDevice') -or $this.BuiltInControls.Contains('domainJoinedDevice') } [bool] HasSessionControls() { return $null -ne $this.SignInFrequency -or $null -ne $this.PersistentBrowser -or $null -ne $this.CloudAppSecurity -or $this.AppEnforcedRestrictions } [bool] HasAnyControls() { return $this.BuiltInControls.Count -gt 0 -or $null -ne $this.AuthStrengthId -or $this.TermsOfUse.Count -gt 0 -or $this.HasSessionControls() } [bool] HasEmptyUserScope() { return $this.IncludeUsers.Count -eq 0 -and $this.IncludeGroups.Count -eq 0 -and $this.IncludeRoles.Count -eq 0 -and $null -eq $this.IncludeGuestsOrExternalUsers } [bool] HasEmptyAppScope() { return $this.IncludeApps.Count -eq 0 -and $this.IncludeUserActions.Count -eq 0 -and $this.IncludeAuthContexts.Count -eq 0 } [bool] MatchesUser([UserPolicyContext]$ctx) { $included = $false if ($this.IncludeUsers.Contains('All')) { $included = $true } elseif ($this.IncludeUsers.Contains($ctx.Id)) { $included = $true } elseif ($this.IncludeGroups.Overlaps($ctx.GroupIds)) { $included = $true } elseif ($this.IncludeRoles.Overlaps($ctx.RoleIds)) { $included = $true } elseif ($null -ne $this.IncludeGuestsOrExternalUsers -and $ctx.IsGuest) { $included = $true } if (-not $included) { return $false } if ($this.ExcludeUsers.Contains($ctx.Id)) { return $false } if ($this.ExcludeGroups.Overlaps($ctx.GroupIds)) { return $false } if ($this.ExcludeRoles.Overlaps($ctx.RoleIds)) { return $false } return $true } } class ScopeOverlap { [string] $Users = 'none' [string] $Apps = 'none' [string] $Platforms = 'none' [string] $ClientApps = 'none' [string] $Locations = 'none' [System.Collections.Generic.List[string]] $Details = [System.Collections.ArrayList]::new() [bool] HasOverlap() { return $this.Users -ne 'none' -and $this.Apps -ne 'none' } [bool] IsFullScope() { return ($this.Users -in 'full','superset') -and ($this.Apps -in 'full','superset') -and ($this.Platforms -in 'full','superset') -and ($this.ClientApps -in 'full','superset') } [string[]] ToDimensions() { $d = [System.Collections.ArrayList]::new() if ($this.Users -ne 'none') { [void]$d.Add("Users: $($this.Users)") } if ($this.Apps -ne 'none') { [void]$d.Add("Apps: $($this.Apps)") } if ($this.Platforms -ne 'none') { [void]$d.Add("Platforms: $($this.Platforms)") } if ($this.ClientApps -ne 'none') { [void]$d.Add("ClientApps: $($this.ClientApps)") } if ($this.Locations -ne 'none') { [void]$d.Add("Locations: $($this.Locations)") } foreach ($detail in $this.Details) { [void]$d.Add($detail) } return $d.ToArray() } static [ScopeOverlap] Compare([NormalizedScope]$a, [NormalizedScope]$b) { $ol = [ScopeOverlap]::new() $aAllU = $a.IncludeUsers.Contains('All'); $bAllU = $b.IncludeUsers.Contains('All') if ($aAllU -and $bAllU) { $ol.Users = 'full' } elseif ($aAllU -or $bAllU) { $ol.Users = 'superset' } elseif ($a.IncludeUsers.Overlaps($b.IncludeUsers) -or $a.IncludeGroups.Overlaps($b.IncludeGroups) -or $a.IncludeRoles.Overlaps($b.IncludeRoles)) { $ol.Users = 'partial' } $aAllA = $a.IncludeApps.Contains('All'); $bAllA = $b.IncludeApps.Contains('All') if ($aAllA -and $bAllA) { $ol.Apps = 'full' } elseif ($aAllA -or $bAllA) { $specific = if ($aAllA) { $b } else { $a }; $broad = if ($aAllA) { $a } else { $b } $ol.Apps = if ($specific.IncludeApps.IsSubsetOf($broad.ExcludeApps)) { 'none' } else { 'superset' } } elseif ($a.IncludeApps.Overlaps($b.IncludeApps)) { $ol.Apps = 'partial' } if ($a.Platforms.Count -eq 0 -and $b.Platforms.Count -eq 0) { $ol.Platforms = 'full' } elseif ($a.Platforms.Count -eq 0 -or $b.Platforms.Count -eq 0 -or $a.Platforms.Contains('all') -or $b.Platforms.Contains('all')) { $ol.Platforms = 'superset' } elseif ($a.Platforms.Overlaps($b.Platforms)) { $ol.Platforms = 'partial' } if ($a.ClientAppTypes.Count -eq 0 -and $b.ClientAppTypes.Count -eq 0) { $ol.ClientApps = 'full' } elseif ($a.ClientAppTypes.Count -eq 0 -or $b.ClientAppTypes.Count -eq 0) { $ol.ClientApps = 'superset' } elseif ($a.ClientAppTypes.Overlaps($b.ClientAppTypes)) { $ol.ClientApps = 'partial' } if ($a.Locations.Count -eq 0 -and $b.Locations.Count -eq 0) { $ol.Locations = 'full' } elseif ($a.Locations.Contains('All') -and $b.Locations.Contains('All')) { $ol.Locations = 'full' } elseif ($a.Locations.Contains('All') -or $b.Locations.Contains('All') -or $a.Locations.Count -eq 0 -or $b.Locations.Count -eq 0) { $ol.Locations = 'superset' } elseif ($a.Locations.Overlaps($b.Locations)) { $ol.Locations = 'partial' } return $ol } } class UserPolicyContext { [string] $Id [string] $Upn [string] $DisplayName [bool] $IsGuest [bool] $IsAdmin [bool] $IsPimEligible [System.Collections.Generic.HashSet[string]] $GroupIds = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::OrdinalIgnoreCase) [System.Collections.Generic.HashSet[string]] $RoleIds = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::OrdinalIgnoreCase) [System.Collections.Generic.HashSet[string]] $EligibleRoleIds = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::OrdinalIgnoreCase) UserPolicyContext([string]$id, [string]$upn, [string]$displayName) { $this.Id = $id; $this.Upn = $upn; $this.DisplayName = $displayName } [string] Label() { return $this.Upn ?? $this.DisplayName ?? $this.Id } } class UserActivitySummary { [int] $TotalEnabledUsers = 0 [int] $Inactive90Days = 0 [int] $NeverSignedIn = 0 [System.Collections.Generic.List[string]] $InactiveSample = [System.Collections.Generic.List[string]]::new(10) [System.Collections.Generic.List[string]] $NeverSignedInSample = [System.Collections.Generic.List[string]]::new(10) [void] ProcessPage([object[]]$users) { $cutoff = [datetime]::UtcNow.AddDays(-90) foreach ($u in $users) { if (-not $u.accountEnabled) { continue } $this.TotalEnabledUsers++ $lastSign = $u.signInActivity.lastSignInDateTime if (-not $lastSign) { $this.NeverSignedIn++ if ($this.NeverSignedInSample.Count -lt 10) { $this.NeverSignedInSample.Add(($u.userPrincipalName ?? $u.id)) } } elseif (([datetime]$lastSign) -lt $cutoff) { $this.Inactive90Days++ if ($this.InactiveSample.Count -lt 10) { $this.InactiveSample.Add(($u.userPrincipalName ?? $u.id)) } } } } } class TenantSnapshot { [object] $SecurityDefaults [object] $AuthMethodsPolicy [object[]] $AuthStrengths = @() [object[]] $NamedLocations = @() [object[]] $AuthContexts = @() [object[]] $Policies = @() [object[]] $UserRegistration = @() [object[]] $RiskyUsers = @() [UserActivitySummary] $UserSummary [object[]] $Groups = @() [object[]] $DirectoryRoles = @() [object[]] $RoleTemplates = @() [object[]] $ServicePrincipals = @() [object[]] $SignInsBypassed = @() [object[]] $PimEligibleAssignments = @() [object[]] $PimActiveSchedules = @() [hashtable] $UserContextMap = @{} [string] $TenantId [datetime] $CollectedAtUtc [hashtable] $ObjectCache = @{} } # Analysis context class NsContext { [TenantSnapshot] $Snapshot [NormalizedScope[]] $Enforced = @() [NormalizedScope[]] $ReportOnly = @() [NormalizedScope[]] $Disabled = @() [hashtable] $Config = @{} [System.Collections.Generic.HashSet[string]] $AdminRoleSet static [NsContext] Build([TenantSnapshot]$snap, [hashtable]$config) { $ctx = [NsContext]::new() $ctx.Snapshot = $snap $ctx.Config = $config $scopes = foreach ($p in $snap.Policies) { [NormalizedScope]::FromPolicy($p) } $ctx.Enforced = @($scopes | Where-Object { $_.State -eq 'enabled' }) $ctx.ReportOnly = @($scopes | Where-Object { $_.State -eq 'enabledForReportingButNotEnforced' }) $ctx.Disabled = @($scopes | Where-Object { $_.State -eq 'disabled' }) # Admin role set: prefer live directory roles, fall back to config $adminSet = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::OrdinalIgnoreCase) if ($snap.PSObject.Properties['AdminRoleTemplateIds'] -and $snap.AdminRoleTemplateIds.Count -gt 0) { $adminSet = $snap.AdminRoleTemplateIds } else { foreach ($dr in $snap.DirectoryRoles) { if ($dr.roleTemplateId) { [void]$adminSet.Add($dr.roleTemplateId) } } if ($adminSet.Count -eq 0) { $fallback = $config['privilegedRoleIds'] if ($fallback) { foreach ($id in $fallback) { [void]$adminSet.Add($id) } } } } $ctx.AdminRoleSet = $adminSet return $ctx } [string] Resolve([string]$id) { if (-not $id) { return 'N/A' } if ($this.Snapshot.ObjectCache.ContainsKey($id)) { return $this.Snapshot.ObjectCache[$id] } return $id } [string[]] ResolveList([System.Collections.Generic.HashSet[string]]$ids) { if ($ids.Count -eq 0) { return @() } return @($ids | ForEach-Object { $this.Resolve($_) }) } [int] ConfigValue([string]$key, [int]$default) { if ($this.Config.ContainsKey($key)) { return [int]$this.Config[$key] } return $default } } # SIG # Begin signature block # MII9GgYJKoZIhvcNAQcCoII9CzCCPQcCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCC+FKLop1m9v9Gv # 0YupI2IOb/o9mNPKvFv6weWeyzPQ4aCCIdwwggXMMIIDtKADAgECAhBUmNLR1FsZ # lUgTecgRwIeZMA0GCSqGSIb3DQEBDAUAMHcxCzAJBgNVBAYTAlVTMR4wHAYDVQQK # ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xSDBGBgNVBAMTP01pY3Jvc29mdCBJZGVu # dGl0eSBWZXJpZmljYXRpb24gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAy # MDAeFw0yMDA0MTYxODM2MTZaFw00NTA0MTYxODQ0NDBaMHcxCzAJBgNVBAYTAlVT # MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xSDBGBgNVBAMTP01pY3Jv # c29mdCBJZGVudGl0eSBWZXJpZmljYXRpb24gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRo # b3JpdHkgMjAyMDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALORKgeD # Bmf9np3gx8C3pOZCBH8Ppttf+9Va10Wg+3cL8IDzpm1aTXlT2KCGhFdFIMeiVPvH # or+Kx24186IVxC9O40qFlkkN/76Z2BT2vCcH7kKbK/ULkgbk/WkTZaiRcvKYhOuD # PQ7k13ESSCHLDe32R0m3m/nJxxe2hE//uKya13NnSYXjhr03QNAlhtTetcJtYmrV # qXi8LW9J+eVsFBT9FMfTZRY33stuvF4pjf1imxUs1gXmuYkyM6Nix9fWUmcIxC70 # ViueC4fM7Ke0pqrrBc0ZV6U6CwQnHJFnni1iLS8evtrAIMsEGcoz+4m+mOJyoHI1 # vnnhnINv5G0Xb5DzPQCGdTiO0OBJmrvb0/gwytVXiGhNctO/bX9x2P29Da6SZEi3 # W295JrXNm5UhhNHvDzI9e1eM80UHTHzgXhgONXaLbZ7LNnSrBfjgc10yVpRnlyUK # xjU9lJfnwUSLgP3B+PR0GeUw9gb7IVc+BhyLaxWGJ0l7gpPKWeh1R+g/OPTHU3mg # trTiXFHvvV84wRPmeAyVWi7FQFkozA8kwOy6CXcjmTimthzax7ogttc32H83rwjj # O3HbbnMbfZlysOSGM1l0tRYAe1BtxoYT2v3EOYI9JACaYNq6lMAFUSw0rFCZE4e7 # swWAsk0wAly4JoNdtGNz764jlU9gKL431VulAgMBAAGjVDBSMA4GA1UdDwEB/wQE # AwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTIftJqhSobyhmYBAcnz1AQ # T2ioojAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQwFAAOCAgEAr2rd5hnn # LZRDGU7L6VCVZKUDkQKL4jaAOxWiUsIWGbZqWl10QzD0m/9gdAmxIR6QFm3FJI9c # Zohj9E/MffISTEAQiwGf2qnIrvKVG8+dBetJPnSgaFvlVixlHIJ+U9pW2UYXeZJF # xBA2CFIpF8svpvJ+1Gkkih6PsHMNzBxKq7Kq7aeRYwFkIqgyuH4yKLNncy2RtNwx # AQv3Rwqm8ddK7VZgxCwIo3tAsLx0J1KH1r6I3TeKiW5niB31yV2g/rarOoDXGpc8 # FzYiQR6sTdWD5jw4vU8w6VSp07YEwzJ2YbuwGMUrGLPAgNW3lbBeUU0i/OxYqujY # lLSlLu2S3ucYfCFX3VVj979tzR/SpncocMfiWzpbCNJbTsgAlrPhgzavhgplXHT2 # 6ux6anSg8Evu75SjrFDyh+3XOjCDyft9V77l4/hByuVkrrOj7FjshZrM77nq81YY # uVxzmq/FdxeDWds3GhhyVKVB0rYjdaNDmuV3fJZ5t0GNv+zcgKCf0Xd1WF81E+Al # GmcLfc4l+gcK5GEh2NQc5QfGNpn0ltDGFf5Ozdeui53bFv0ExpK91IjmqaOqu/dk # ODtfzAzQNb50GQOmxapMomE2gj4d8yu8l13bS3g7LfU772Aj6PXsCyM2la+YZr9T # 03u4aUoqlmZpxJTG9F9urJh4iIAGXKKy7aIwggabMIIEg6ADAgECAhMzAAE6T9lx # 3eo/npL1AAAAATpPMA0GCSqGSIb3DQEBDAUAMFoxCzAJBgNVBAYTAlVTMR4wHAYD # VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKzApBgNVBAMTIk1pY3Jvc29mdCBJ # RCBWZXJpZmllZCBDUyBBT0MgQ0EgMDMwHhcNMjYwNTIxMTg1MTE4WhcNMjYwNTI0 # MTg1MTE4WjBfMQswCQYDVQQGEwJDQTEQMA4GA1UECBMHQWxiZXJ0YTEQMA4GA1UE # BxMHQ2FsZ2FyeTEVMBMGA1UEChMMRGFycmVuIE1heWVzMRUwEwYDVQQDEwxEYXJy # ZW4gTWF5ZXMwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCnVDNpGjHl # JgszvxN+dtZEikDyGdiuoXOP/NV/PcHCsQXESnF1SUa2vXjiRr5ppchGTCTN45RW # f9i5GgeG4zgIBsvI3OrAx8atJe4wsezXSVTrJsyrLM6yy9xkTXcGMJxx6g5VoNm8 # /Lg9Zhp2ST9MNkWP1X3bdEc5O2OkIs8pKldqL0SAZ7Aw6HshFPXMfi0QA8pshH1m # ZmdQIlyQh/m7WRYsnVq2N/XZ80lDtxHnsbBLUinh5KfZmoC3MmdQuxmAvDMXO5wx # gvwa7g+66/vFp111lfS9eOFwxjUXpICnDaNV01PExdHk1Fm2wP7gGmxviCjA4UV5 # EFpoTXqvpGYVw4BvnCZ/szsu/Slr1rDpxdBc15SJ3gkw9QS90rV8YIqDO8iyS/C/ # pFaa5YklAH93Y8paacWVzg4SvWzAXmhP71PHnoStYyTIOELRz3DYNQUv3xvFsKoi # sclutKjKuTiXYojwpfzkOXLs0Kl0MCdaselLfwpZILLWyIdeBwzo7g0CAwEAAaOC # AdMwggHPMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMDoGA1UdJQQzMDEG # CisGAQQBgjdhAQAGCCsGAQUFBwMDBhkrBgEEAYI3YYuPpXGB3qaBQNv/tAST5rkV # MB0GA1UdDgQWBBR+UjK+gq4lWZR8FjbnMSfjErFoFDAfBgNVHSMEGDAWgBSkQwx/ # dlqlhec+jSgPDBeiRWlwxjBnBgNVHR8EYDBeMFygWqBYhlZodHRwOi8vd3d3Lm1p # Y3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBJRCUyMFZlcmlmaWVk # JTIwQ1MlMjBBT0MlMjBDQSUyMDAzLmNybDB0BggrBgEFBQcBAQRoMGYwZAYIKwYB # BQUHMAKGWGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWlj # cm9zb2Z0JTIwSUQlMjBWZXJpZmllZCUyMENTJTIwQU9DJTIwQ0ElMjAwMy5jcnQw # VAYDVR0gBE0wSzBJBgRVHSAAMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cubWlj # cm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0bTANBgkqhkiG9w0B # AQwFAAOCAgEAtaw54Hz+2BUfCYDiR4REkDLEqQQGSNm393kUM090/K+HI4zxgos6 # dpLBpdinakSSmTM0XpHEE54+yfjB0X8yjkZhr6QXQWVVTzP8bx/kQWYVMwu/v66f # VlrMO58rUI2hMFKGwwsK/R6cdMP3amiOYrRhnEOSh98q+ie+GOq35uKeaPoYev67 # 1abV8hBv5l06LyelJWvNVJvKT53ehTjRuf9jFfe9sWwlddH3pNLRfnJhTeUCEHBl # HqQwxwQVju7Z45yN6FihPkkq1DxzBkEmH/5HOMovjGDNDulG7F8k2rkYBL877oUc # Ug11e/vig1ud5yJqGnod+Y3O9ZbdTEwWM1mllTWdVVq2BPLuMaSimJuUX2Ss+Ilz # R1HBgofgWgsBHPtbqgW3LvG5OTwg4n2qu/c3GUG6ryqvHVRBuenMp9C+46lJU3w4 # wBD39RfUABk9jcO4G0WPoWJRMie9LcLIhK0pAezlfxlWnwNewE2N/1QnAvKC17h2 # OmcpsE9uRcqcft4asKk1FraXvs0iNAxctjOTdYnAUg3u4K4Hjau2jJpA3rfjQJHC # N8SICi4KCGZtHXXltRcJ4x3qYzt2OttJRnY5aj5PKTMcPeHkXrgfngBWAwLphU83 # riIUV3Ew/C7ZKwtWf1huH6eZjjtKMQ5kE9QFBYxkrSgBWzw4wpq0UjMwggabMIIE # g6ADAgECAhMzAAE6T9lx3eo/npL1AAAAATpPMA0GCSqGSIb3DQEBDAUAMFoxCzAJ # BgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKzApBgNV # BAMTIk1pY3Jvc29mdCBJRCBWZXJpZmllZCBDUyBBT0MgQ0EgMDMwHhcNMjYwNTIx # MTg1MTE4WhcNMjYwNTI0MTg1MTE4WjBfMQswCQYDVQQGEwJDQTEQMA4GA1UECBMH # QWxiZXJ0YTEQMA4GA1UEBxMHQ2FsZ2FyeTEVMBMGA1UEChMMRGFycmVuIE1heWVz # MRUwEwYDVQQDEwxEYXJyZW4gTWF5ZXMwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAw # ggGKAoIBgQCnVDNpGjHlJgszvxN+dtZEikDyGdiuoXOP/NV/PcHCsQXESnF1SUa2 # vXjiRr5ppchGTCTN45RWf9i5GgeG4zgIBsvI3OrAx8atJe4wsezXSVTrJsyrLM6y # y9xkTXcGMJxx6g5VoNm8/Lg9Zhp2ST9MNkWP1X3bdEc5O2OkIs8pKldqL0SAZ7Aw # 6HshFPXMfi0QA8pshH1mZmdQIlyQh/m7WRYsnVq2N/XZ80lDtxHnsbBLUinh5KfZ # moC3MmdQuxmAvDMXO5wxgvwa7g+66/vFp111lfS9eOFwxjUXpICnDaNV01PExdHk # 1Fm2wP7gGmxviCjA4UV5EFpoTXqvpGYVw4BvnCZ/szsu/Slr1rDpxdBc15SJ3gkw # 9QS90rV8YIqDO8iyS/C/pFaa5YklAH93Y8paacWVzg4SvWzAXmhP71PHnoStYyTI # OELRz3DYNQUv3xvFsKoisclutKjKuTiXYojwpfzkOXLs0Kl0MCdaselLfwpZILLW # yIdeBwzo7g0CAwEAAaOCAdMwggHPMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQD # AgeAMDoGA1UdJQQzMDEGCisGAQQBgjdhAQAGCCsGAQUFBwMDBhkrBgEEAYI3YYuP # pXGB3qaBQNv/tAST5rkVMB0GA1UdDgQWBBR+UjK+gq4lWZR8FjbnMSfjErFoFDAf # BgNVHSMEGDAWgBSkQwx/dlqlhec+jSgPDBeiRWlwxjBnBgNVHR8EYDBeMFygWqBY # hlZodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQl # MjBJRCUyMFZlcmlmaWVkJTIwQ1MlMjBBT0MlMjBDQSUyMDAzLmNybDB0BggrBgEF # BQcBAQRoMGYwZAYIKwYBBQUHMAKGWGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9w # a2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwSUQlMjBWZXJpZmllZCUyMENTJTIwQU9D # JTIwQ0ElMjAwMy5jcnQwVAYDVR0gBE0wSzBJBgRVHSAAMEEwPwYIKwYBBQUHAgEW # M2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5 # Lmh0bTANBgkqhkiG9w0BAQwFAAOCAgEAtaw54Hz+2BUfCYDiR4REkDLEqQQGSNm3 # 93kUM090/K+HI4zxgos6dpLBpdinakSSmTM0XpHEE54+yfjB0X8yjkZhr6QXQWVV # TzP8bx/kQWYVMwu/v66fVlrMO58rUI2hMFKGwwsK/R6cdMP3amiOYrRhnEOSh98q # +ie+GOq35uKeaPoYev671abV8hBv5l06LyelJWvNVJvKT53ehTjRuf9jFfe9sWwl # ddH3pNLRfnJhTeUCEHBlHqQwxwQVju7Z45yN6FihPkkq1DxzBkEmH/5HOMovjGDN # DulG7F8k2rkYBL877oUcUg11e/vig1ud5yJqGnod+Y3O9ZbdTEwWM1mllTWdVVq2 # BPLuMaSimJuUX2Ss+IlzR1HBgofgWgsBHPtbqgW3LvG5OTwg4n2qu/c3GUG6ryqv # HVRBuenMp9C+46lJU3w4wBD39RfUABk9jcO4G0WPoWJRMie9LcLIhK0pAezlfxlW # nwNewE2N/1QnAvKC17h2OmcpsE9uRcqcft4asKk1FraXvs0iNAxctjOTdYnAUg3u # 4K4Hjau2jJpA3rfjQJHCN8SICi4KCGZtHXXltRcJ4x3qYzt2OttJRnY5aj5PKTMc # PeHkXrgfngBWAwLphU83riIUV3Ew/C7ZKwtWf1huH6eZjjtKMQ5kE9QFBYxkrSgB # Wzw4wpq0UjMwggcoMIIFEKADAgECAhMzAAAAGA3rkVWpigCYAAAAAAAYMA0GCSqG # SIb3DQEBDAUAMGMxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29y # cG9yYXRpb24xNDAyBgNVBAMTK01pY3Jvc29mdCBJRCBWZXJpZmllZCBDb2RlIFNp # Z25pbmcgUENBIDIwMjEwHhcNMjYwMzI2MTgxMTMyWhcNMzEwMzI2MTgxMTMyWjBa # MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSsw # KQYDVQQDEyJNaWNyb3NvZnQgSUQgVmVyaWZpZWQgQ1MgQU9DIENBIDAzMIICIjAN # BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyIDaYDRWoon9lVnlj+SOj5xV8Sf5 # Qd+3yUeeRgr0exi2QTJAYo24ilcIKQSN8TOZ3+POM5x/6p3Cfjgqust44J0FvkfG # Xe1Puy45a5nLJGpc0kNIITMRKZwVvPxx7NlfGSc0JOhz/kg7G77C+y3ZR/3jtpeJ # pJ4QwcK9Gf0Peuk7xLYeW/JAsY9b6oleGDbYSxkamUfbtnyv8gTFrvN6ejuLqNhH # YPvoBHsOSC+7555yhapkof0fbzyct1hdWHGXsAFMfLF2TVJ8d2YVYOfZdi6YrT4s # MxOhTKiLKmhL1XtzM7hXdmv7lg2R+lWw8lIkSu/JiINQ0GAPcwxMsgRXDSPp8VUs # 4Jby+ruz0bjaoHFd7H+hC8cPPcrEDP2eEdYURVl0acjliigCrXwR05NFJzYj3MZi # zDGLPI3lIzonX1T40yK8v1FcJ8MXZZCvOXGXwRDGGfwwTTsHaJj+OfWNZ/IsypG4 # bGvqeJcPnEFcQEwRcfYIEe/R4a8k+xw5qTy75CbwWeMFuAlt9lE9kjMg3tvJyDlN # 5voXx5VXinCwUHMpuVaEQ4yHAlSO7qoBltjzTBNHH3ovMwsAsuhwrLLCVhUu3oP2 # GxYZwEyXMlnzK5DbgGzHzDfDaYPHK0uo1VaMMg9Bhuc3YIvrkFXEiv+t/JgNcRGC # t6ZyKEIDtPbrgwcCAwEAAaOCAdwwggHYMA4GA1UdDwEB/wQEAwIBhjAQBgkrBgEE # AYI3FQEEAwIBADAdBgNVHQ4EFgQUpEMMf3ZapYXnPo0oDwwXokVpcMYwVAYDVR0g # BE0wSzBJBgRVHSAAMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cubWljcm9zb2Z0 # LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0bTAZBgkrBgEEAYI3FAIEDB4K # AFMAdQBiAEMAQTASBgNVHRMBAf8ECDAGAQH/AgEAMB8GA1UdIwQYMBaAFNlBKbAP # D2Ns72nX9c0pnqRIajDmMHAGA1UdHwRpMGcwZaBjoGGGX2h0dHA6Ly93d3cubWlj # cm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUyMElEJTIwVmVyaWZpZWQl # MjBDb2RlJTIwU2lnbmluZyUyMFBDQSUyMDIwMjEuY3JsMH0GCCsGAQUFBwEBBHEw # bzBtBggrBgEFBQcwAoZhaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9j # ZXJ0cy9NaWNyb3NvZnQlMjBJRCUyMFZlcmlmaWVkJTIwQ29kZSUyMFNpZ25pbmcl # MjBQQ0ElMjAyMDIxLmNydDANBgkqhkiG9w0BAQwFAAOCAgEAcccgVvl+poXUYksA # /TzDFnBlAJ8ef0FMJzb2XRRhF/uA0QyK/VgoeAvO8B7cPpYNQ97sytdA7LT19CxS # wRQAt71jGF+CJl8KC4aEdMZTfJlHaKyd24J6QiVriNed9WdawsD7lK0pAcXziBg5 # N6dhAm9x6P8R4uT0UkfzlK1rkB8F4mlzE7l7tyES3s8FZGaRZjcGEQ+e0fTcdhf8 # jO7czmNB4dIRgmmBCt/P+ha0tEl2nV1sg1An5+VzhgAkY1Apx8fiUFBtH+Ehw/om # 5aQCNIJfmR51ZnV18R02Xk2tAmAiIRcSj9vdtrNIOsy5nolddy1lJrbf1Be061l6 # TItv9FDZ4mg6B+65zxkVecVV/Ll8uLGYouGrMM6jzO2O/ps3K2p6mfBI2ZOYIy4U # NwNrGWqa5TrvAmkZsn3CIlR+81X4AL5vNTFlxc4gH+5su0Dr58hBTxnXavDEnz7X # 0csP1Kt7h+iqaGiTSHz2B+n3HmUoud0WrdQPYKxMat0To4YUqU3HIbgSLQDDVT8a # CjW1Jvokf1915C/vVkIIp48h3voVy3JWPLwBlxQ9aeND6jCKQGLJhCQRSlvXX+P/ # 9TeaEA6/xWPSASZf6Ekve/Yua7U+zWc/Sr2K2gj0QRrNEAsvrFr4EGtHKDO9ECVS # 3lcJksVDv9KHdMPUK8u20i68RqAwggeeMIIFhqADAgECAhMzAAAAB4ejNKN7pY4c # AAAAAAAHMA0GCSqGSIb3DQEBDAUAMHcxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xSDBGBgNVBAMTP01pY3Jvc29mdCBJZGVudGl0 # eSBWZXJpZmljYXRpb24gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAyMDAe # Fw0yMTA0MDEyMDA1MjBaFw0zNjA0MDEyMDE1MjBaMGMxCzAJBgNVBAYTAlVTMR4w # HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xNDAyBgNVBAMTK01pY3Jvc29m # dCBJRCBWZXJpZmllZCBDb2RlIFNpZ25pbmcgUENBIDIwMjEwggIiMA0GCSqGSIb3 # DQEBAQUAA4ICDwAwggIKAoICAQCy8MCvGYgo4t1UekxJbGkIVQm0Uv96SvjB6yUo # 92cXdylN65Xy96q2YpWCiTas7QPTkGnK9QMKDXB2ygS27EAIQZyAd+M8X+dmw6SD # tzSZXyGkxP8a8Hi6EO9Zcwh5A+wOALNQbNO+iLvpgOnEM7GGB/wm5dYnMEOguua1 # OFfTUITVMIK8faxkP/4fPdEPCXYyy8NJ1fmskNhW5HduNqPZB/NkWbB9xxMqowAe # WvPgHtpzyD3PLGVOmRO4ka0WcsEZqyg6efk3JiV/TEX39uNVGjgbODZhzspHvKFN # U2K5MYfmHh4H1qObU4JKEjKGsqqA6RziybPqhvE74fEp4n1tiY9/ootdU0vPxRp4 # BGjQFq28nzawuvaCqUUF2PWxh+o5/TRCb/cHhcYU8Mr8fTiS15kRmwFFzdVPZ3+J # V3s5MulIf3II5FXeghlAH9CvicPhhP+VaSFW3Da/azROdEm5sv+EUwhBrzqtxoYy # E2wmuHKws00x4GGIx7NTWznOm6x/niqVi7a/mxnnMvQq8EMse0vwX2CfqM7Le/sm # bRtsEeOtbnJBbtLfoAsC3TdAOnBbUkbUfG78VRclsE7YDDBUbgWt75lDk53yi7C3 # n0WkHFU4EZ83i83abd9nHWCqfnYa9qIHPqjOiuAgSOf4+FRcguEBXlD9mAInS7b6 # V0UaNwIDAQABo4ICNTCCAjEwDgYDVR0PAQH/BAQDAgGGMBAGCSsGAQQBgjcVAQQD # AgEAMB0GA1UdDgQWBBTZQSmwDw9jbO9p1/XNKZ6kSGow5jBUBgNVHSAETTBLMEkG # BFUdIAAwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3Br # aW9wcy9Eb2NzL1JlcG9zaXRvcnkuaHRtMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIA # QwBBMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUyH7SaoUqG8oZmAQHJ89Q # EE9oqKIwgYQGA1UdHwR9MHsweaB3oHWGc2h0dHA6Ly93d3cubWljcm9zb2Z0LmNv # bS9wa2lvcHMvY3JsL01pY3Jvc29mdCUyMElkZW50aXR5JTIwVmVyaWZpY2F0aW9u # JTIwUm9vdCUyMENlcnRpZmljYXRlJTIwQXV0aG9yaXR5JTIwMjAyMC5jcmwwgcMG # CCsGAQUFBwEBBIG2MIGzMIGBBggrBgEFBQcwAoZ1aHR0cDovL3d3dy5taWNyb3Nv # ZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBJZGVudGl0eSUyMFZlcmlm # aWNhdGlvbiUyMFJvb3QlMjBDZXJ0aWZpY2F0ZSUyMEF1dGhvcml0eSUyMDIwMjAu # Y3J0MC0GCCsGAQUFBzABhiFodHRwOi8vb25lb2NzcC5taWNyb3NvZnQuY29tL29j # c3AwDQYJKoZIhvcNAQEMBQADggIBAH8lKp7+1Kvq3WYK21cjTLpebJDjW4ZbOX3H # D5ZiG84vjsFXT0OB+eb+1TiJ55ns0BHluC6itMI2vnwc5wDW1ywdCq3TAmx0KWy7 # xulAP179qX6VSBNQkRXzReFyjvF2BGt6FvKFR/imR4CEESMAG8hSkPYso+GjlngM # 8JPn/ROUrTaeU/BRu/1RFESFVgK2wMz7fU4VTd8NXwGZBe/mFPZG6tWwkdmA/jLb # p0kNUX7elxu2+HtHo0QO5gdiKF+YTYd1BGrmNG8sTURvn09jAhIUJfYNotn7OlTh # tfQjXqe0qrimgY4Vpoq2MgDW9ESUi1o4pzC1zTgIGtdJ/IvY6nqa80jFOTg5qzAi # RNdsUvzVkoYP7bi4wLCj+ks2GftUct+fGUxXMdBUv5sdr0qFPLPB0b8vq516slCf # RwaktAxK1S40MCvFbbAXXpAZnU20FaAoDwqq/jwzwd8Wo2J83r7O3onQbDO9TyDS # tgaBNlHzMMQgl95nHBYMelLEHkUnVVVTUsgC0Huj09duNfMaJ9ogxhPNThgq3i8w # 3DAGZ61AMeF0C1M+mU5eucj1Ijod5O2MMPeJQ3/vKBtqGZg4eTtUHt/BPjN74SsJ # syHqAdXVS5c+ItyKWg3Eforhox9k3WgtWTpgV4gkSiS4+A09roSdOI4vrRw+p+fL # 4WrxSK5nMYIalDCCGpACAQEwcTBaMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWlj # cm9zb2Z0IENvcnBvcmF0aW9uMSswKQYDVQQDEyJNaWNyb3NvZnQgSUQgVmVyaWZp # ZWQgQ1MgQU9DIENBIDAzAhMzAAE6T9lx3eo/npL1AAAAATpPMA0GCWCGSAFlAwQC # AQUAoF4wEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcC # AQQwLwYJKoZIhvcNAQkEMSIEIEUWGzUpKAOdR5nOT+HlZQBDUjWOyjOfT+Nn8abc # 3sgvMA0GCSqGSIb3DQEBAQUABIIBgHS2XUFcjot+yb/qH2HETVQxrw+435odE6my # OmnIyWj6OPkSM9vqp1H1M0LS7UjhNnVN3qHDglyq+zBu+CyK4PUS3bY+xR14IvV0 # sJl8pxz7Ugm0jsuBWpMU8o8iiRTO/cSyXbXf9Q/zZDTEhQTimQnLoed6iI0oahSp # eEg9ZiueRQXjK05oVR8noPpz4Spw4kOYGYLcX10Xibgn+AsGy5qzwSL09Lx2XVeS # 72xvePwLPu41rRq8Drthmx4Wfx4tBoo8NKn9amg9TA0aUPriLMXR0742HdSq97i6 # vycCqAN40AlYK2FlL/2oWCx+0fLiIQrGmAKn6m6OPgEgzsJSHE19lgjF9zjFBVQM # 5EZh45ndyVdJlEHPoSdZG4F2o6KOVtpMUDq7C0bs1/qgzSJZq3Q8xJMM9X8pR3VS # MlnNna3usS7YZgsH7lXDIL58/FyOXSBkXH3BnodFK26CQ4SfqLOZL73KwvacL/em # 4jIj7UIXMxk/9XgTjA8HQfsLEbMYE6GCGBQwghgQBgorBgEEAYI3AwMBMYIYADCC # F/wGCSqGSIb3DQEHAqCCF+0wghfpAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFiBgsq # hkiG9w0BCRABBKCCAVEEggFNMIIBSQIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCCiL7cvjiRFbIe8kUav9mBIdFNFD5gaWBf718UVYs1hwQIGagxE1TwF # GBMyMDI2MDUyMjAxMDUyNi44NzhaMASAAgH0oIHhpIHeMIHbMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1l # cmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046NzgwMC0w # NUUwLUQ5NDcxNTAzBgNVBAMTLE1pY3Jvc29mdCBQdWJsaWMgUlNBIFRpbWUgU3Rh # bXBpbmcgQXV0aG9yaXR5oIIPITCCB4IwggVqoAMCAQICEzMAAAAF5c8P/2YuyYcA # AAAAAAUwDQYJKoZIhvcNAQEMBQAwdzELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1p # Y3Jvc29mdCBDb3Jwb3JhdGlvbjFIMEYGA1UEAxM/TWljcm9zb2Z0IElkZW50aXR5 # IFZlcmlmaWNhdGlvbiBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDIwMB4X # DTIwMTExOTIwMzIzMVoXDTM1MTExOTIwNDIzMVowYTELMAkGA1UEBhMCVVMxHjAc # BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0 # IFB1YmxpYyBSU0EgVGltZXN0YW1waW5nIENBIDIwMjAwggIiMA0GCSqGSIb3DQEB # AQUAA4ICDwAwggIKAoICAQCefOdSY/3gxZ8FfWO1BiKjHB7X55cz0RMFvWVGR3eR # wV1wb3+yq0OXDEqhUhxqoNv6iYWKjkMcLhEFxvJAeNcLAyT+XdM5i2CgGPGcb95W # JLiw7HzLiBKrxmDj1EQB/mG5eEiRBEp7dDGzxKCnTYocDOcRr9KxqHydajmEkzXH # OeRGwU+7qt8Md5l4bVZrXAhK+WSk5CihNQsWbzT1nRliVDwunuLkX1hyIWXIArCf # rKM3+RHh+Sq5RZ8aYyik2r8HxT+l2hmRllBvE2Wok6IEaAJanHr24qoqFM9WLeBU # Sudz+qL51HwDYyIDPSQ3SeHtKog0ZubDk4hELQSxnfVYXdTGncaBnB60QrEuazvc # ob9n4yR65pUNBCF5qeA4QwYnilBkfnmeAjRN3LVuLr0g0FXkqfYdUmj1fFFhH8k8 # YBozrEaXnsSL3kdTD01X+4LfIWOuFzTzuoslBrBILfHNj8RfOxPgjuwNvE6YzauX # i4orp4Sm6tF245DaFOSYbWFK5ZgG6cUY2/bUq3g3bQAqZt65KcaewEJ3ZyNEobv3 # 5Nf6xN6FrA6jF9447+NHvCjeWLCQZ3M8lgeCcnnhTFtyQX3XgCoc6IRXvFOcPVrr # 3D9RPHCMS6Ckg8wggTrtIVnY8yjbvGOUsAdZbeXUIQAWMs0d3cRDv09SvwVRd61e # vQIDAQABo4ICGzCCAhcwDgYDVR0PAQH/BAQDAgGGMBAGCSsGAQQBgjcVAQQDAgEA # MB0GA1UdDgQWBBRraSg6NS9IY0DPe9ivSek+2T3bITBUBgNVHSAETTBLMEkGBFUd # IAAwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9w # cy9Eb2NzL1JlcG9zaXRvcnkuaHRtMBMGA1UdJQQMMAoGCCsGAQUFBwMIMBkGCSsG # AQQBgjcUAgQMHgoAUwB1AGIAQwBBMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgw # FoAUyH7SaoUqG8oZmAQHJ89QEE9oqKIwgYQGA1UdHwR9MHsweaB3oHWGc2h0dHA6 # Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUyMElkZW50 # aXR5JTIwVmVyaWZpY2F0aW9uJTIwUm9vdCUyMENlcnRpZmljYXRlJTIwQXV0aG9y # aXR5JTIwMjAyMC5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMIGBBggrBgEFBQcwAoZ1 # aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQl # MjBJZGVudGl0eSUyMFZlcmlmaWNhdGlvbiUyMFJvb3QlMjBDZXJ0aWZpY2F0ZSUy # MEF1dGhvcml0eSUyMDIwMjAuY3J0MA0GCSqGSIb3DQEBDAUAA4ICAQBfiHbHfm21 # WhV150x4aPpO4dhEmSUVpbixNDmv6TvuIHv1xIs174bNGO/ilWMm+Jx5boAXrJxa # gRhHQtiFprSjMktTliL4sKZyt2i+SXncM23gRezzsoOiBhv14YSd1Klnlkzvgs29 # XNjT+c8hIfPRe9rvVCMPiH7zPZcw5nNjthDQ+zD563I1nUJ6y59TbXWsuyUsqw7w # XZoGzZwijWT5oc6GvD3HDokJY401uhnj3ubBhbkR83RbfMvmzdp3he2bvIUztSOu # FzRqrLfEvsPkVHYnvH1wtYyrt5vShiKheGpXa2AWpsod4OJyT4/y0dggWi8g/tgb # hmQlZqDUf3UqUQsZaLdIu/XSjgoZqDjamzCPJtOLi2hBwL+KsCh0Nbwc21f5xvPS # wym0Ukr4o5sCcMUcSy6TEP7uMV8RX0eH/4JLEpGyae6Ki8JYg5v4fsNGif1OXHJ2 # IWG+7zyjTDfkmQ1snFOTgyEX8qBpefQbF0fx6URrYiarjmBprwP6ZObwtZXJ23jK # 3Fg/9uqM3j0P01nzVygTppBabzxPAh/hHhhls6kwo3QLJ6No803jUsZcd4JQxiYH # Hc+Q/wAMcPUnYKv/q2O444LO1+n6j01z5mggCSlRwD9faBIySAcA9S8h22hIAcRQ # qIGEjolCK9F6nK9ZyX4lhthsGHumaABdWzCCB5cwggV/oAMCAQICEzMAAABXJNOV # 4KLpyTEAAAAAAFcwDQYJKoZIhvcNAQEMBQAwYTELMAkGA1UEBhMCVVMxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFB1 # YmxpYyBSU0EgVGltZXN0YW1waW5nIENBIDIwMjAwHhcNMjUxMDIzMjA0NjUzWhcN # MjYxMDIyMjA0NjUzWjCB2zELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0 # b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3Jh # dGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJpY2EgT3BlcmF0aW9uczEnMCUG # A1UECxMeblNoaWVsZCBUU1MgRVNOOjc4MDAtMDVFMC1EOTQ3MTUwMwYDVQQDEyxN # aWNyb3NvZnQgUHVibGljIFJTQSBUaW1lIFN0YW1waW5nIEF1dGhvcml0eTCCAiIw # DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALFspQqTCH24syS2NZD1ztnJl9h0 # Vr0WwJnikmeXse/4wspnVexGqfiHNoqkbVg5CinuYC+iVfNMLZ+QtqhySz8VGBSj # Rt1JB5ACNtTKAjfmFp4U/Cv2Lj4m+vuve9I3W3hSiImTFsHeYZ6V/Sd43rXrhHV2 # 6fw3xQSteSbg9yTs1rhdrLkAj4KmI0D5P4KavtygirVyUW10gkifWLSE1NiB8Jn3 # RO5dj32deeMNONaaPnw3k49ICTs3Ffyb+ekNDPsNfYwCqPyOTxM6y1dSD0J5j+KK # 9V+EWyV5PDjV8jjn1zsStlS6TcYJJStcgHs2xT9rs6ooWl5FtYfRkCxhDShEp3s8 # IHUWizTWmLZvAE/6WR2Cd+ZmVapGXTCHJKUByZPxdX0i8gynirR+EwuHHNxEilDI # CLatO2WZu+CQrH4Zq0NYo1TQ4tUpZ/kAWpoAu1r4mW5EJ3HkEavQ2PuoQDcDq2rA # GVIla9pD7o9Yxwzl81BuDvUEyu9D/6F0qmQDdaE791HxfCUxpgMYPpdWTzs+dDGP # ehwQ8P92yP8ARjby5Ony1Z68RjeQebpxf5WL441myFHcgT1UJzzil7tPEkR22NfT # NR6Fl+jzWb/r80nqlXllhynSowtxo1Y22xqYviS24smikUsBKqOPbSS77uvXEO3V # rG5LGouE1EZ1Y9pjAgMBAAGjggHLMIIBxzAdBgNVHQ4EFgQUjoPJXi01DgIJSGfm # 416Yg+0SkqcwHwYDVR0jBBgwFoAUa2koOjUvSGNAz3vYr0npPtk92yEwbAYDVR0f # BGUwYzBhoF+gXYZbaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwv # TWljcm9zb2Z0JTIwUHVibGljJTIwUlNBJTIwVGltZXN0YW1waW5nJTIwQ0ElMjAy # MDIwLmNybDB5BggrBgEFBQcBAQRtMGswaQYIKwYBBQUHMAKGXWh0dHA6Ly93d3cu # bWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwUHVibGljJTIw # UlNBJTIwVGltZXN0YW1waW5nJTIwQ0ElMjAyMDIwLmNydDAMBgNVHRMBAf8EAjAA # MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMA4GA1UdDwEB/wQEAwIHgDBmBgNVHSAE # XzBdMFEGDCsGAQQBgjdMg30BATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1p # Y3Jvc29mdC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9yeS5odG0wCAYGZ4EMAQQC # MA0GCSqGSIb3DQEBDAUAA4ICAQBydcB2POmZOUlAQz2NuXf7vWCVWmjWu9bsY1+H # Mjv1yeLjxDQkjsJEU5zaIDy8Uw9BYN8+ExX/9k/9CBUsXbVlbU44c65/liyJ83kW # sFIUwhVazwSShFlbIZviIO/5weyWyTfPPpbSJgWy+ZE9UrQS3xulJLAHA2zUkMMP # dAlF4RrngcZZ0r45AF9aIYjdestWwdrNK70MfArHqZdgrgXn03w6zBs1v7czceWG # itg/DlsHqk1mXBpSTuGI2TSPN3E60IIXx5f/AFzh4/HFi98BBZbUELNsXkWAG9yn # Z5e6CFiil1mgWCWOT90D7Igvg0zKe3o3WCk629/en94K/sC/zLOf2d7yFmTySb9f # KjcONH1Db3kZ8MzEJ8fHTNmxrl10Gecuz/Gl0+ByTKN+PambZ+F0MIlBPww6fvjF # C9JII73fw3qO169+9TxTz2G+E26GYY1dcffsAhw6DqTQgbflbl1O/MrSXSs0NSb9 # nBD9RfR/f8Ei7DA1L1jBO7vZhhJTjw2TzFa/ALgRLi3W00hHWi8LGQaZc8SwXIMY # WfwrN9MgYbhN0Iak9WA2dqWuekXsTwNkmrD3E6E+oCYCehNOgZmds0Ezb1jo7OV0 # Kh22Ll3KHg3MHtlGguxAzhg/BpixPS4qrULLkAjO7+yNsUfrD2U9gMf/OR4yJDPt # zM0ytTGCB0YwggdCAgEBMHgwYTELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFB1YmxpYyBSU0Eg # VGltZXN0YW1waW5nIENBIDIwMjACEzMAAABXJNOV4KLpyTEAAAAAAFcwDQYJYIZI # AWUDBAIBBQCgggSfMBEGCyqGSIb3DQEJEAIPMQIFADAaBgkqhkiG9w0BCQMxDQYL # KoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI2MDUyMjAxMDUyNlowLwYJKoZI # hvcNAQkEMSIEII/k8Xl2oF/VXQBqYlj4dYUFG+2Wtb6XZmhB8uwmiasxMIG5Bgsq # hkiG9w0BCRACLzGBqTCBpjCBozCBoAQg9TyfZLUFbkxliGyizuH9VVDpVFNvQEQh # KQ2ZhUx421IwfDBlpGMwYTELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jvc29m # dCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFB1YmxpYyBSU0EgVGlt # ZXN0YW1waW5nIENBIDIwMjACEzMAAABXJNOV4KLpyTEAAAAAAFcwggNhBgsqhkiG # 9w0BCRACEjGCA1AwggNMoYIDSDCCA0QwggIsAgEBMIIBCaGB4aSB3jCB2zELMAkG # A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx # HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMGA1UECxMcTWljcm9z # b2Z0IEFtZXJpY2EgT3BlcmF0aW9uczEnMCUGA1UECxMeblNoaWVsZCBUU1MgRVNO # Ojc4MDAtMDVFMC1EOTQ3MTUwMwYDVQQDEyxNaWNyb3NvZnQgUHVibGljIFJTQSBU # aW1lIFN0YW1waW5nIEF1dGhvcml0eaIjCgEBMAcGBSsOAwIaAxUA/S8xOZxCUQFB # NkrN8Wiij1x5y8OgZzBlpGMwYTELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFB1YmxpYyBSU0Eg # VGltZXN0YW1waW5nIENBIDIwMjAwDQYJKoZIhvcNAQELBQACBQDtug8PMCIYDzIw # MjYwNTIxMjMwOTAzWhgPMjAyNjA1MjIyMzA5MDNaMHcwPQYKKwYBBAGEWQoEATEv # MC0wCgIFAO26Dw8CAQAwCgIBAAICAY4CAf8wBwIBAAICEbwwCgIFAO27YI8CAQAw # NgYKKwYBBAGEWQoEAjEoMCYwDAYKKwYBBAGEWQoDAqAKMAgCAQACAwehIKEKMAgC # AQACAwGGoDANBgkqhkiG9w0BAQsFAAOCAQEAvY09NtEHVT3GRhhd/CNNEdoP7zSv # jb53exTRkIB52o2Uraojtn5lkzhBo44GbFp+vBdOmU7QlnYeF2u/pwClHUCO6XeA # JsADyarTv6qHKjv56GwviixEbq4L4ZwfjqY5NLDmkx8VkzS2uzp1dWYgJL/aOWIN # jH4DqxokfC4JKsyxYzoazhdnb/Xi5i8EA26L014F7ND3aeTlkSr6uFKf4nHzVYYk # BPPrqHMvX1WEqZ3BgQ9LoYI6wwPHj/LmyNcCRD0H3pxnBnSEStsy3YxTYG9r2AUT # Ztz+EbRAjXMAaDnvHjmtv9ipFzs0TK1zo/CM1fqntD4nGCITQ3MPq3ghszANBgkq # hkiG9w0BAQEFAASCAgAI83xrLagloERd1vYYuOfbuCYBanvQjzO/8jPopXgUz2E6 # 1SLeBHmWwn9Z2UOiExwyPjHn51MhPJsUZv7b1HgupOTKu4aiPviQUMqRqFMiOXTR # 3TaHpWN+NUo9AHkl7Kzla1mb0qAndQ+5ggCVnKhbhB2U+/P8gEnsF7/ACiC5qumR # RYo6RjzvU2mO76lgKiu3CG5b0YxBYjVTgFvYhQrQOHZmMjO5nNI5xGWySjLvA4yJ # 6LjyZ4P4s+qCTIYcxFYmD+CdUR4wqwL6ZBU32SZmSBv1z3WXgHzHPwoi3gLuziXU # Apf9ZkTB1JwuF8syBLfVvwGD55crTEUxUgKA1JAqcwGoNb1v3snFo1+pDJn3WvLW # TsilFTTuWI+M5FgrdFeszuTb3Oytrbye3ZuPke9EUBJ3GYs7u/FZ3P25qZCO2hz1 # CgxBvvEG0/ylnVvSs+Q6vLX3iog3NIHc8t+sVY0PBqI/oEwlWWL8Ww75YjYFqaw/ # 0tM95qx4u+Gk9RxRS1E689qR5iUC7mHafzaSG0N4zrIL69dDHS9Ve0L+FZoSlSEU # 9C7rfUcBVGtaC1lZQV55NokhUKlxPuiTA9FCit7v728DkZeObWAnG/UzF3dPzLQl # E7e0CROeSniRh2PbV5B8xMK0dGL09xmgTW0bwqSCvcsk5im91JLJY9MDcEfj3w== # SIG # End signature block |