Public/Invoke-NsAudit.ps1
|
function Invoke-NsAudit { <# .SYNOPSIS Executes a conditional access posture assessment. .DESCRIPTION Collects tenant data from Microsoft Graph, resolves directory membership, discovers all Test-Ns* functions in the module, runs each independently, and produces an executive HTML report with CSV/JSON exports. Requires an active session: run Connect-NsSession first. .PARAMETER OutputDirectory Output directory. Defaults to NCS in user temp directory. Purged on each run. .PARAMETER ConfigPath Path to custom ns-config.json for threshold overrides. .PARAMETER SkipUserCollection Skip user sign-in activity, risky users, and sign-in bypass collection. .EXAMPLE Connect-NsSession -TenantId 'contoso.onmicrosoft.com' Invoke-NsAudit .EXAMPLE Invoke-NsAudit -ConfigPath './my-config.json' #> [CmdletBinding()] param( [ValidateScript({ $r = $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath($_) if ($r -match '\.\.[/\\]') { throw 'Path traversal not allowed.' }; $true })] [string]$OutputDirectory, [string]$ConfigPath, [switch]$SkipUserCollection ) $passVerbose = ($VerbosePreference -eq 'Continue') # Session check: must authenticate before running if (-not $script:_NsSession -or -not $script:_NsTenantId) { Write-Warning "No active session. Run Connect-NsSession first to authenticate.`n`n Example:`n Connect-NsSession -TenantId 'contoso.onmicrosoft.com'`n Invoke-NsAudit`n" return } $TenantId = $script:_NsTenantId $session = $script:_NsSession $config = Get-NsConfig -Path $ConfigPath # Pre-flight: verify the signed-in user has sufficient directory roles Write-Information "`n NavySeal Posture Assessment" -InformationAction Continue Write-Information " Tenant: $TenantId" -InformationAction Continue Write-Information ' Checking permissions...' -InformationAction Continue $allowedRoleTemplates = $config['auditRoleTemplates'] ?? @{ '62e90394-69f5-4237-9190-012177145e10' = 'Global Administrator' 'f2ef992c-3afb-46b9-b7cf-a126ee74c451' = 'Global Reader' '194ae4cb-b126-40b2-bd5b-6091b380977d' = 'Security Administrator' '5d6b6bb7-de71-4623-b4af-96380a352509' = 'Security Reader' 'b1be1c3e-b65d-4f19-8427-f6fa0d97feb9' = 'Conditional Access Administrator' } try { $myRoles = $session.GetAll("/me/transitiveMemberOf/microsoft.graph.directoryRole?`$select=displayName,roleTemplateId") $roleNames = @($myRoles | ForEach-Object { $_.displayName } | Where-Object { $_ } | Sort-Object -Unique) $hasRequired = $myRoles | Where-Object { $_.roleTemplateId -in $allowedRoleTemplates.Keys } if (-not $hasRequired) { $yourRoles = if ($roleNames.Count -gt 0) { $roleNames -join ', ' } else { '(none)' } $needed = ($allowedRoleTemplates.Values | Sort-Object) -join "`n " Write-Warning "Insufficient privileges to run the assessment.`n`n Your current roles:`n $yourRoles`n`n At least one of the following is required:`n $needed`n`n Ask a Global Administrator to assign the Security Reader role for read-only access.`n" return } } catch { $msg = $_.Exception.Message if ($msg -match '401|Unauthorized') { Write-Warning "Session has expired. Run Connect-NsSession to re-authenticate." return } Write-Verbose "Role check: $msg (continuing with licence check)" } # Pre-flight: verify delegated Graph scopes were consented Write-Information ' Checking Graph scopes...' -InformationAction Continue try { $granted = $session.GetGrantedScopes() $required = [GraphSession]::RequiredScopes $missing = @($required | Where-Object { $_ -notin $granted }) if ($missing.Count -gt 0) { $grantedList = if ($granted.Count -gt 0) { $granted -join ', ' } else { '(none)' } $missingList = $missing -join "`n " Write-Warning "The following Graph scopes were not consented:`n`n $missingList`n`n Granted scopes:`n $grantedList`n`n An administrator may need to grant consent for the NavySeal application.`n Run Connect-NsSession again after consent has been granted.`n" return } } catch { Write-Verbose "Scope check: $($_.Exception.Message) (continuing)" } # NCS working directory $ncsRoot = Join-Path ([System.IO.Path]::GetTempPath()) 'NCS' $usingDefaultPath = -not $OutputDirectory if ($usingDefaultPath) { $OutputDirectory = $ncsRoot } if ($usingDefaultPath -and (Test-Path $OutputDirectory)) { Remove-Item -Path $OutputDirectory -Recurse -Force -ErrorAction SilentlyContinue } $null = New-Item -ItemType Directory -Path $OutputDirectory -Force -ErrorAction Stop $OutputDirectory = (Resolve-Path $OutputDirectory).Path # Licence check Write-Information ' Validating licence...' -InformationAction Continue try { $null = $session.Get('/identity/conditionalAccess/policies?$top=1') } catch { $msg = $_.Exception.Message if ($msg -match 'Forbidden|403|license|subscription|SKU|Premium') { throw "Entra ID P1 or higher is required. Conditional Access policies are not accessible in this tenant. Verify the tenant has an active Entra ID P1, P2, EMS E3/E5, or Microsoft 365 E3/E5 subscription." } if ($msg -match 'Unauthorized|401') { Write-Warning "Session has expired. Run Connect-NsSession to re-authenticate." return } throw "Pre-flight check failed: $msg" } $p2Available = $true try { $null = $session.Get('/identityProtection/riskyUsers?$top=1') } catch { $p2Available = $false Write-Warning "Entra ID P2 not detected. Identity Protection and PIM data will be unavailable." } Write-Information " Licence: $(if ($p2Available) { 'P2 (full coverage)' } else { 'P1 (Identity Protection unavailable)' })`n" -InformationAction Continue $snap = [TenantSnapshot]::new() $snap.TenantId = $TenantId $snap.CollectedAtUtc = [datetime]::UtcNow $totalSteps = if ($SkipUserCollection) { 12 } else { 17 } $step = 0 $step++; Write-Information " [$step/$totalSteps] Security defaults" -InformationAction Continue try { $snap.SecurityDefaults = $session.Get('/policies/identitySecurityDefaultsEnforcementPolicy') } catch { Write-Warning "Security defaults: $($_.Exception.Message)"; $snap.SecurityDefaults = [PSCustomObject]@{ isEnabled = $false } } $step++; Write-Information " [$step/$totalSteps] Conditional Access policies" -InformationAction Continue $snap.Policies = $session.GetAll('/identity/conditionalAccess/policies') $step++; Write-Information " [$step/$totalSteps] Named locations" -InformationAction Continue try { $snap.NamedLocations = $session.GetAll('/identity/conditionalAccess/namedLocations') } catch { Write-Warning "Named locations: $($_.Exception.Message)" } $step++; Write-Information " [$step/$totalSteps] Authentication strength policies" -InformationAction Continue try { $snap.AuthStrengths = $session.GetAll('/policies/authenticationStrengthPolicies') } catch { Write-Warning "Auth strengths: $($_.Exception.Message)" } $step++; Write-Information " [$step/$totalSteps] Authentication methods policy" -InformationAction Continue try { $snap.AuthMethodsPolicy = $session.Get('/policies/authenticationMethodsPolicy') } catch { Write-Warning "Auth methods: $($_.Exception.Message)"; $snap.AuthMethodsPolicy = [PSCustomObject]@{} } $step++; Write-Information " [$step/$totalSteps] Auth context class references" -InformationAction Continue try { $snap.AuthContexts = $session.GetAll('/identity/conditionalAccess/authenticationContextClassReferences') } catch { Write-Verbose "Auth contexts: $($_.Exception.Message)" } $step++; Write-Information " [$step/$totalSteps] Directory roles" -InformationAction Continue try { $snap.DirectoryRoles = $session.GetAll('/directoryRoles') } catch { Write-Warning "Directory roles: $($_.Exception.Message)" } $step++; Write-Information " [$step/$totalSteps] Role templates" -InformationAction Continue try { $snap.RoleTemplates = $session.GetAll('/directoryRoleTemplates?$select=id,displayName,description') } catch { Write-Warning "Role templates: $($_.Exception.Message)" } $step++; Write-Information " [$step/$totalSteps] Service principals" -InformationAction Continue try { $snap.ServicePrincipals = $session.GetAll('/servicePrincipals?$select=id,appId,displayName,appRoleAssignmentRequired,servicePrincipalType,preferredSingleSignOnMode,accountEnabled&$top=999') } catch { Write-Warning "Service principals: $($_.Exception.Message)" } $step++; Write-Information " [$step/$totalSteps] Groups" -InformationAction Continue try { $snap.Groups = $session.GetAll('/groups?$select=id,displayName&$top=999') } catch { Write-Warning "Groups: $($_.Exception.Message)" } $step++; Write-Information " [$step/$totalSteps] User registration details" -InformationAction Continue try { $snap.UserRegistration = $session.GetAll('/reports/authenticationMethods/userRegistrationDetails') } catch { Write-Warning "User registration: $($_.Exception.Message)" } if (-not $SkipUserCollection) { $step++; Write-Information " [$step/$totalSteps] Users with sign-in activity (streaming)" -InformationAction Continue $summary = [UserActivitySummary]::new() try { $session.GetAllPaged('/users?$select=id,displayName,userPrincipalName,accountEnabled,userType,signInActivity&$top=500', { param($page) $summary.ProcessPage($page) }) } catch { Write-Warning "Users: $($_.Exception.Message)" } $snap.UserSummary = $summary $step++; Write-Information " [$step/$totalSteps] Risky users" -InformationAction Continue try { $snap.RiskyUsers = $session.GetAll("/identityProtection/riskyUsers?`$filter=riskLevel ne 'none'&`$select=id,userPrincipalName,userDisplayName,riskLevel,riskState,riskLastUpdatedDateTime&`$top=500") } catch { Write-Verbose "Risky users: $($_.Exception.Message)" } $step++; Write-Information " [$step/$totalSteps] Sign-in logs (7-day CA bypass)" -InformationAction Continue try { $since = [datetime]::UtcNow.AddDays(-($config['signInBypassDays'] ?? 7)).ToString('yyyy-MM-ddTHH:mm:ssZ') $snap.SignInsBypassed = $session.GetAll("/auditLogs/signIns?`$filter=conditionalAccessStatus eq 'notApplied' and createdDateTime ge $since&`$select=userPrincipalName,userType,appDisplayName,resourceDisplayName,clientAppUsed,deviceDetail,conditionalAccessStatus,createdDateTime&`$top=500") } catch { Write-Verbose "Sign-in logs: $($_.Exception.Message)" } $step++; Write-Information " [$step/$totalSteps] PIM eligible role assignments" -InformationAction Continue try { $snap.PimEligibleAssignments = $session.GetAll('/roleManagement/directory/roleEligibilityScheduleInstances?$select=principalId,roleDefinitionId,directoryScopeId,startDateTime,endDateTime&$top=999') } catch { Write-Verbose "PIM eligibility: $($_.Exception.Message) (requires P2 licence)" } $step++; Write-Information " [$step/$totalSteps] PIM active role schedules" -InformationAction Continue try { $snap.PimActiveSchedules = $session.GetAll('/roleManagement/directory/roleAssignmentScheduleInstances?$select=principalId,roleDefinitionId,assignmentType,startDateTime,endDateTime&$top=999') } catch { Write-Verbose "PIM active schedules: $($_.Exception.Message) (requires P2 licence)" } } Write-Information ' Resolving GUIDs...' -InformationAction Continue Build-NsObjectCache -Snapshot $snap -Session $session -Verbose:$passVerbose $step++; Write-Information " [$step/$totalSteps] Resolving group and role membership" -InformationAction Continue try { Build-NsPolicyMembershipMap -Snapshot $snap -Session $session -Verbose:$passVerbose } catch { Write-Warning "Membership resolution: $($_.Exception.Message)" } # Analysis context $ctx = [NsContext]::Build($snap, $config) # Test discovery Write-Information ' Running analysis engine...' -InformationAction Continue $allFindings = [System.Collections.ArrayList]::new() $disabledTests = $config['disabledTests'] ?? @() $testFunctions = Get-Command -Module NavySeal -Name 'Test-Ns*' -ErrorAction SilentlyContinue if ($testFunctions) { foreach ($testFn in $testFunctions) { if ($testFn.Name -in $disabledTests) { Write-Verbose "Skipping disabled test: $($testFn.Name)"; continue } Write-Verbose "Running $($testFn.Name)" try { $results = & $testFn.Name -Context $ctx -Verbose:$passVerbose if ($results) { $allFindings.AddRange(@($results)) } } catch { Write-Warning "$($testFn.Name) failed: $($_.Exception.Message)" } } } $findings = @($allFindings | Sort-Object { switch ($_.Severity) { 'Critical'{0} 'High'{1} 'Medium'{2} 'Low'{3} 'Info'{4} } }) Write-Information ' Generating report...' -InformationAction Continue $htmlContent = New-NsHtmlReport -Snapshot $snap -Findings $findings -Config $config $reportPath = Join-Path $OutputDirectory 'report.html' $jsonPath = Join-Path $OutputDirectory 'snapshot.json' $findingsPath = Join-Path $OutputDirectory 'findings.json' $csvPath = Join-Path $OutputDirectory 'findings.csv' $htmlContent | Set-Content -Path $reportPath -Encoding utf8 -ErrorAction Stop $jsonSnap = [ordered]@{ TenantId = $snap.TenantId; CollectedAtUtc = $snap.CollectedAtUtc Policies = $snap.Policies; NamedLocations = $snap.NamedLocations; AuthStrengths = $snap.AuthStrengths UserRegistration = $snap.UserRegistration; RiskyUsers = $snap.RiskyUsers; UserSummary = $snap.UserSummary ObjectCache = $snap.ObjectCache PimEligibleAssignments = $snap.PimEligibleAssignments UserContextStats = [ordered]@{ TotalUsersEvaluated = $snap.UserContextMap.Count AdminCount = @($snap.UserContextMap.Values | Where-Object IsAdmin).Count GuestCount = @($snap.UserContextMap.Values | Where-Object IsGuest).Count PimEligibleCount = @($snap.UserContextMap.Values | Where-Object IsPimEligible).Count } SignInBypassCount = if ($snap.SignInsBypassed) { $snap.SignInsBypassed.Count } else { 0 } } $jsonSnap | ConvertTo-Json -Depth 15 | Set-Content -Path $jsonPath -Encoding utf8 -ErrorAction Stop $findings | ConvertTo-Json -Depth 10 | Set-Content -Path $findingsPath -Encoding utf8 -ErrorAction Stop $findings | Select-Object Severity, Category, Title, Description, PolicyReference, Recommendation, TestName, @{N='Dimensions';E={ $_.Dimensions -join ' | ' }} | Export-Csv -Path $csvPath -NoTypeInformation -Encoding utf8 # Modeller $modellerContent = New-NsModellerHtml -Snapshot $snap -Config $config $modellerPath = Join-Path $OutputDirectory 'modeller.html' $modellerContent | Set-Content -Path $modellerPath -Encoding utf8 -ErrorAction Stop # Score $actionable = @($findings | Where-Object { $_.Severity -ne 'Info' }) $w = $config['scoringWeights'] ?? @{ criticalPerFinding=10; criticalCap=30; highPerFinding=5; highCap=25; mediumPerFinding=2; mediumCap=15; lowPerFinding=1; lowCap=5 } $fc = @($actionable | Where-Object Severity -eq 'Critical').Count $fh = @($actionable | Where-Object Severity -eq 'High').Count $fm = @($actionable | Where-Object Severity -eq 'Medium').Count $fl = @($actionable | Where-Object Severity -eq 'Low').Count $fi = @($findings | Where-Object Severity -eq 'Info').Count $finalScore = 100 - [math]::Min($w.criticalCap, $fc * $w.criticalPerFinding) - [math]::Min($w.highCap, $fh * $w.highPerFinding) - [math]::Min($w.mediumCap, $fm * $w.mediumPerFinding) - [math]::Min($w.lowCap, $fl * $w.lowPerFinding) $finalScore = [math]::Max(0, $finalScore) Write-Information '' -InformationAction Continue Write-Information " Score: $finalScore / 100" -InformationAction Continue Write-Information " Findings: $($actionable.Count) actionable, $fi informational" -InformationAction Continue Write-Information " Tests: $($testFunctions.Count) executed" -InformationAction Continue Write-Information " Report: $reportPath" -InformationAction Continue Write-Information " Modeller: $(Join-Path $OutputDirectory 'modeller.html')" -InformationAction Continue Write-Information '' -InformationAction Continue Write-Warning "Output files contain sensitive tenant data. Treat $OutputDirectory as confidential." Start-Process -FilePath $reportPath [PSCustomObject]@{ TenantId = $TenantId; Score = $finalScore; Findings = $findings; Snapshot = $snap ReportPath = $reportPath; JsonPath = $jsonPath; FindingsPath = $findingsPath; CsvPath = $csvPath ModellerPath = (Join-Path $OutputDirectory 'modeller.html') } } # SIG # Begin signature block # MII9GgYJKoZIhvcNAQcCoII9CzCCPQcCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAbfGmSQu4RqOcP # 83mD8/hccwmWnVi99BJK39LcUbBDnqCCIdwwggXMMIIDtKADAgECAhBUmNLR1FsZ # lUgTecgRwIeZMA0GCSqGSIb3DQEBDAUAMHcxCzAJBgNVBAYTAlVTMR4wHAYDVQQK # ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xSDBGBgNVBAMTP01pY3Jvc29mdCBJZGVu # dGl0eSBWZXJpZmljYXRpb24gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAy # MDAeFw0yMDA0MTYxODM2MTZaFw00NTA0MTYxODQ0NDBaMHcxCzAJBgNVBAYTAlVT # MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xSDBGBgNVBAMTP01pY3Jv # c29mdCBJZGVudGl0eSBWZXJpZmljYXRpb24gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRo # b3JpdHkgMjAyMDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALORKgeD # Bmf9np3gx8C3pOZCBH8Ppttf+9Va10Wg+3cL8IDzpm1aTXlT2KCGhFdFIMeiVPvH # or+Kx24186IVxC9O40qFlkkN/76Z2BT2vCcH7kKbK/ULkgbk/WkTZaiRcvKYhOuD # PQ7k13ESSCHLDe32R0m3m/nJxxe2hE//uKya13NnSYXjhr03QNAlhtTetcJtYmrV # qXi8LW9J+eVsFBT9FMfTZRY33stuvF4pjf1imxUs1gXmuYkyM6Nix9fWUmcIxC70 # ViueC4fM7Ke0pqrrBc0ZV6U6CwQnHJFnni1iLS8evtrAIMsEGcoz+4m+mOJyoHI1 # vnnhnINv5G0Xb5DzPQCGdTiO0OBJmrvb0/gwytVXiGhNctO/bX9x2P29Da6SZEi3 # W295JrXNm5UhhNHvDzI9e1eM80UHTHzgXhgONXaLbZ7LNnSrBfjgc10yVpRnlyUK # xjU9lJfnwUSLgP3B+PR0GeUw9gb7IVc+BhyLaxWGJ0l7gpPKWeh1R+g/OPTHU3mg # trTiXFHvvV84wRPmeAyVWi7FQFkozA8kwOy6CXcjmTimthzax7ogttc32H83rwjj # O3HbbnMbfZlysOSGM1l0tRYAe1BtxoYT2v3EOYI9JACaYNq6lMAFUSw0rFCZE4e7 # swWAsk0wAly4JoNdtGNz764jlU9gKL431VulAgMBAAGjVDBSMA4GA1UdDwEB/wQE # AwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTIftJqhSobyhmYBAcnz1AQ # T2ioojAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQwFAAOCAgEAr2rd5hnn # LZRDGU7L6VCVZKUDkQKL4jaAOxWiUsIWGbZqWl10QzD0m/9gdAmxIR6QFm3FJI9c # Zohj9E/MffISTEAQiwGf2qnIrvKVG8+dBetJPnSgaFvlVixlHIJ+U9pW2UYXeZJF # xBA2CFIpF8svpvJ+1Gkkih6PsHMNzBxKq7Kq7aeRYwFkIqgyuH4yKLNncy2RtNwx # AQv3Rwqm8ddK7VZgxCwIo3tAsLx0J1KH1r6I3TeKiW5niB31yV2g/rarOoDXGpc8 # FzYiQR6sTdWD5jw4vU8w6VSp07YEwzJ2YbuwGMUrGLPAgNW3lbBeUU0i/OxYqujY # lLSlLu2S3ucYfCFX3VVj979tzR/SpncocMfiWzpbCNJbTsgAlrPhgzavhgplXHT2 # 6ux6anSg8Evu75SjrFDyh+3XOjCDyft9V77l4/hByuVkrrOj7FjshZrM77nq81YY # uVxzmq/FdxeDWds3GhhyVKVB0rYjdaNDmuV3fJZ5t0GNv+zcgKCf0Xd1WF81E+Al # GmcLfc4l+gcK5GEh2NQc5QfGNpn0ltDGFf5Ozdeui53bFv0ExpK91IjmqaOqu/dk # ODtfzAzQNb50GQOmxapMomE2gj4d8yu8l13bS3g7LfU772Aj6PXsCyM2la+YZr9T # 03u4aUoqlmZpxJTG9F9urJh4iIAGXKKy7aIwggabMIIEg6ADAgECAhMzAAE6T9lx # 3eo/npL1AAAAATpPMA0GCSqGSIb3DQEBDAUAMFoxCzAJBgNVBAYTAlVTMR4wHAYD # VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKzApBgNVBAMTIk1pY3Jvc29mdCBJ # RCBWZXJpZmllZCBDUyBBT0MgQ0EgMDMwHhcNMjYwNTIxMTg1MTE4WhcNMjYwNTI0 # MTg1MTE4WjBfMQswCQYDVQQGEwJDQTEQMA4GA1UECBMHQWxiZXJ0YTEQMA4GA1UE # BxMHQ2FsZ2FyeTEVMBMGA1UEChMMRGFycmVuIE1heWVzMRUwEwYDVQQDEwxEYXJy # ZW4gTWF5ZXMwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCnVDNpGjHl # JgszvxN+dtZEikDyGdiuoXOP/NV/PcHCsQXESnF1SUa2vXjiRr5ppchGTCTN45RW # f9i5GgeG4zgIBsvI3OrAx8atJe4wsezXSVTrJsyrLM6yy9xkTXcGMJxx6g5VoNm8 # /Lg9Zhp2ST9MNkWP1X3bdEc5O2OkIs8pKldqL0SAZ7Aw6HshFPXMfi0QA8pshH1m # ZmdQIlyQh/m7WRYsnVq2N/XZ80lDtxHnsbBLUinh5KfZmoC3MmdQuxmAvDMXO5wx # gvwa7g+66/vFp111lfS9eOFwxjUXpICnDaNV01PExdHk1Fm2wP7gGmxviCjA4UV5 # EFpoTXqvpGYVw4BvnCZ/szsu/Slr1rDpxdBc15SJ3gkw9QS90rV8YIqDO8iyS/C/ # pFaa5YklAH93Y8paacWVzg4SvWzAXmhP71PHnoStYyTIOELRz3DYNQUv3xvFsKoi # sclutKjKuTiXYojwpfzkOXLs0Kl0MCdaselLfwpZILLWyIdeBwzo7g0CAwEAAaOC # AdMwggHPMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMDoGA1UdJQQzMDEG # CisGAQQBgjdhAQAGCCsGAQUFBwMDBhkrBgEEAYI3YYuPpXGB3qaBQNv/tAST5rkV # MB0GA1UdDgQWBBR+UjK+gq4lWZR8FjbnMSfjErFoFDAfBgNVHSMEGDAWgBSkQwx/ # dlqlhec+jSgPDBeiRWlwxjBnBgNVHR8EYDBeMFygWqBYhlZodHRwOi8vd3d3Lm1p # Y3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBJRCUyMFZlcmlmaWVk # JTIwQ1MlMjBBT0MlMjBDQSUyMDAzLmNybDB0BggrBgEFBQcBAQRoMGYwZAYIKwYB # BQUHMAKGWGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWlj # cm9zb2Z0JTIwSUQlMjBWZXJpZmllZCUyMENTJTIwQU9DJTIwQ0ElMjAwMy5jcnQw # VAYDVR0gBE0wSzBJBgRVHSAAMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cubWlj # cm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0bTANBgkqhkiG9w0B # AQwFAAOCAgEAtaw54Hz+2BUfCYDiR4REkDLEqQQGSNm393kUM090/K+HI4zxgos6 # dpLBpdinakSSmTM0XpHEE54+yfjB0X8yjkZhr6QXQWVVTzP8bx/kQWYVMwu/v66f # VlrMO58rUI2hMFKGwwsK/R6cdMP3amiOYrRhnEOSh98q+ie+GOq35uKeaPoYev67 # 1abV8hBv5l06LyelJWvNVJvKT53ehTjRuf9jFfe9sWwlddH3pNLRfnJhTeUCEHBl # HqQwxwQVju7Z45yN6FihPkkq1DxzBkEmH/5HOMovjGDNDulG7F8k2rkYBL877oUc # Ug11e/vig1ud5yJqGnod+Y3O9ZbdTEwWM1mllTWdVVq2BPLuMaSimJuUX2Ss+Ilz # R1HBgofgWgsBHPtbqgW3LvG5OTwg4n2qu/c3GUG6ryqvHVRBuenMp9C+46lJU3w4 # wBD39RfUABk9jcO4G0WPoWJRMie9LcLIhK0pAezlfxlWnwNewE2N/1QnAvKC17h2 # OmcpsE9uRcqcft4asKk1FraXvs0iNAxctjOTdYnAUg3u4K4Hjau2jJpA3rfjQJHC # N8SICi4KCGZtHXXltRcJ4x3qYzt2OttJRnY5aj5PKTMcPeHkXrgfngBWAwLphU83 # riIUV3Ew/C7ZKwtWf1huH6eZjjtKMQ5kE9QFBYxkrSgBWzw4wpq0UjMwggabMIIE # g6ADAgECAhMzAAE6T9lx3eo/npL1AAAAATpPMA0GCSqGSIb3DQEBDAUAMFoxCzAJ # BgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKzApBgNV # BAMTIk1pY3Jvc29mdCBJRCBWZXJpZmllZCBDUyBBT0MgQ0EgMDMwHhcNMjYwNTIx # MTg1MTE4WhcNMjYwNTI0MTg1MTE4WjBfMQswCQYDVQQGEwJDQTEQMA4GA1UECBMH # QWxiZXJ0YTEQMA4GA1UEBxMHQ2FsZ2FyeTEVMBMGA1UEChMMRGFycmVuIE1heWVz # MRUwEwYDVQQDEwxEYXJyZW4gTWF5ZXMwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAw # ggGKAoIBgQCnVDNpGjHlJgszvxN+dtZEikDyGdiuoXOP/NV/PcHCsQXESnF1SUa2 # vXjiRr5ppchGTCTN45RWf9i5GgeG4zgIBsvI3OrAx8atJe4wsezXSVTrJsyrLM6y # y9xkTXcGMJxx6g5VoNm8/Lg9Zhp2ST9MNkWP1X3bdEc5O2OkIs8pKldqL0SAZ7Aw # 6HshFPXMfi0QA8pshH1mZmdQIlyQh/m7WRYsnVq2N/XZ80lDtxHnsbBLUinh5KfZ # moC3MmdQuxmAvDMXO5wxgvwa7g+66/vFp111lfS9eOFwxjUXpICnDaNV01PExdHk # 1Fm2wP7gGmxviCjA4UV5EFpoTXqvpGYVw4BvnCZ/szsu/Slr1rDpxdBc15SJ3gkw # 9QS90rV8YIqDO8iyS/C/pFaa5YklAH93Y8paacWVzg4SvWzAXmhP71PHnoStYyTI # OELRz3DYNQUv3xvFsKoisclutKjKuTiXYojwpfzkOXLs0Kl0MCdaselLfwpZILLW # yIdeBwzo7g0CAwEAAaOCAdMwggHPMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQD # AgeAMDoGA1UdJQQzMDEGCisGAQQBgjdhAQAGCCsGAQUFBwMDBhkrBgEEAYI3YYuP # pXGB3qaBQNv/tAST5rkVMB0GA1UdDgQWBBR+UjK+gq4lWZR8FjbnMSfjErFoFDAf # BgNVHSMEGDAWgBSkQwx/dlqlhec+jSgPDBeiRWlwxjBnBgNVHR8EYDBeMFygWqBY # hlZodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQl # MjBJRCUyMFZlcmlmaWVkJTIwQ1MlMjBBT0MlMjBDQSUyMDAzLmNybDB0BggrBgEF # BQcBAQRoMGYwZAYIKwYBBQUHMAKGWGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9w # a2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwSUQlMjBWZXJpZmllZCUyMENTJTIwQU9D # JTIwQ0ElMjAwMy5jcnQwVAYDVR0gBE0wSzBJBgRVHSAAMEEwPwYIKwYBBQUHAgEW # M2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5 # Lmh0bTANBgkqhkiG9w0BAQwFAAOCAgEAtaw54Hz+2BUfCYDiR4REkDLEqQQGSNm3 # 93kUM090/K+HI4zxgos6dpLBpdinakSSmTM0XpHEE54+yfjB0X8yjkZhr6QXQWVV # TzP8bx/kQWYVMwu/v66fVlrMO58rUI2hMFKGwwsK/R6cdMP3amiOYrRhnEOSh98q # +ie+GOq35uKeaPoYev671abV8hBv5l06LyelJWvNVJvKT53ehTjRuf9jFfe9sWwl # ddH3pNLRfnJhTeUCEHBlHqQwxwQVju7Z45yN6FihPkkq1DxzBkEmH/5HOMovjGDN # DulG7F8k2rkYBL877oUcUg11e/vig1ud5yJqGnod+Y3O9ZbdTEwWM1mllTWdVVq2 # BPLuMaSimJuUX2Ss+IlzR1HBgofgWgsBHPtbqgW3LvG5OTwg4n2qu/c3GUG6ryqv # HVRBuenMp9C+46lJU3w4wBD39RfUABk9jcO4G0WPoWJRMie9LcLIhK0pAezlfxlW # nwNewE2N/1QnAvKC17h2OmcpsE9uRcqcft4asKk1FraXvs0iNAxctjOTdYnAUg3u # 4K4Hjau2jJpA3rfjQJHCN8SICi4KCGZtHXXltRcJ4x3qYzt2OttJRnY5aj5PKTMc # PeHkXrgfngBWAwLphU83riIUV3Ew/C7ZKwtWf1huH6eZjjtKMQ5kE9QFBYxkrSgB # Wzw4wpq0UjMwggcoMIIFEKADAgECAhMzAAAAGA3rkVWpigCYAAAAAAAYMA0GCSqG # SIb3DQEBDAUAMGMxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29y # cG9yYXRpb24xNDAyBgNVBAMTK01pY3Jvc29mdCBJRCBWZXJpZmllZCBDb2RlIFNp # Z25pbmcgUENBIDIwMjEwHhcNMjYwMzI2MTgxMTMyWhcNMzEwMzI2MTgxMTMyWjBa # MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSsw # KQYDVQQDEyJNaWNyb3NvZnQgSUQgVmVyaWZpZWQgQ1MgQU9DIENBIDAzMIICIjAN # BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyIDaYDRWoon9lVnlj+SOj5xV8Sf5 # Qd+3yUeeRgr0exi2QTJAYo24ilcIKQSN8TOZ3+POM5x/6p3Cfjgqust44J0FvkfG # Xe1Puy45a5nLJGpc0kNIITMRKZwVvPxx7NlfGSc0JOhz/kg7G77C+y3ZR/3jtpeJ # pJ4QwcK9Gf0Peuk7xLYeW/JAsY9b6oleGDbYSxkamUfbtnyv8gTFrvN6ejuLqNhH # YPvoBHsOSC+7555yhapkof0fbzyct1hdWHGXsAFMfLF2TVJ8d2YVYOfZdi6YrT4s # MxOhTKiLKmhL1XtzM7hXdmv7lg2R+lWw8lIkSu/JiINQ0GAPcwxMsgRXDSPp8VUs # 4Jby+ruz0bjaoHFd7H+hC8cPPcrEDP2eEdYURVl0acjliigCrXwR05NFJzYj3MZi # zDGLPI3lIzonX1T40yK8v1FcJ8MXZZCvOXGXwRDGGfwwTTsHaJj+OfWNZ/IsypG4 # bGvqeJcPnEFcQEwRcfYIEe/R4a8k+xw5qTy75CbwWeMFuAlt9lE9kjMg3tvJyDlN # 5voXx5VXinCwUHMpuVaEQ4yHAlSO7qoBltjzTBNHH3ovMwsAsuhwrLLCVhUu3oP2 # GxYZwEyXMlnzK5DbgGzHzDfDaYPHK0uo1VaMMg9Bhuc3YIvrkFXEiv+t/JgNcRGC # t6ZyKEIDtPbrgwcCAwEAAaOCAdwwggHYMA4GA1UdDwEB/wQEAwIBhjAQBgkrBgEE # AYI3FQEEAwIBADAdBgNVHQ4EFgQUpEMMf3ZapYXnPo0oDwwXokVpcMYwVAYDVR0g # BE0wSzBJBgRVHSAAMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cubWljcm9zb2Z0 # LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0bTAZBgkrBgEEAYI3FAIEDB4K # AFMAdQBiAEMAQTASBgNVHRMBAf8ECDAGAQH/AgEAMB8GA1UdIwQYMBaAFNlBKbAP # D2Ns72nX9c0pnqRIajDmMHAGA1UdHwRpMGcwZaBjoGGGX2h0dHA6Ly93d3cubWlj # cm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUyMElEJTIwVmVyaWZpZWQl # MjBDb2RlJTIwU2lnbmluZyUyMFBDQSUyMDIwMjEuY3JsMH0GCCsGAQUFBwEBBHEw # bzBtBggrBgEFBQcwAoZhaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9j # ZXJ0cy9NaWNyb3NvZnQlMjBJRCUyMFZlcmlmaWVkJTIwQ29kZSUyMFNpZ25pbmcl # MjBQQ0ElMjAyMDIxLmNydDANBgkqhkiG9w0BAQwFAAOCAgEAcccgVvl+poXUYksA # /TzDFnBlAJ8ef0FMJzb2XRRhF/uA0QyK/VgoeAvO8B7cPpYNQ97sytdA7LT19CxS # wRQAt71jGF+CJl8KC4aEdMZTfJlHaKyd24J6QiVriNed9WdawsD7lK0pAcXziBg5 # N6dhAm9x6P8R4uT0UkfzlK1rkB8F4mlzE7l7tyES3s8FZGaRZjcGEQ+e0fTcdhf8 # jO7czmNB4dIRgmmBCt/P+ha0tEl2nV1sg1An5+VzhgAkY1Apx8fiUFBtH+Ehw/om # 5aQCNIJfmR51ZnV18R02Xk2tAmAiIRcSj9vdtrNIOsy5nolddy1lJrbf1Be061l6 # TItv9FDZ4mg6B+65zxkVecVV/Ll8uLGYouGrMM6jzO2O/ps3K2p6mfBI2ZOYIy4U # NwNrGWqa5TrvAmkZsn3CIlR+81X4AL5vNTFlxc4gH+5su0Dr58hBTxnXavDEnz7X # 0csP1Kt7h+iqaGiTSHz2B+n3HmUoud0WrdQPYKxMat0To4YUqU3HIbgSLQDDVT8a # CjW1Jvokf1915C/vVkIIp48h3voVy3JWPLwBlxQ9aeND6jCKQGLJhCQRSlvXX+P/ # 9TeaEA6/xWPSASZf6Ekve/Yua7U+zWc/Sr2K2gj0QRrNEAsvrFr4EGtHKDO9ECVS # 3lcJksVDv9KHdMPUK8u20i68RqAwggeeMIIFhqADAgECAhMzAAAAB4ejNKN7pY4c # AAAAAAAHMA0GCSqGSIb3DQEBDAUAMHcxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xSDBGBgNVBAMTP01pY3Jvc29mdCBJZGVudGl0 # eSBWZXJpZmljYXRpb24gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAyMDAe # Fw0yMTA0MDEyMDA1MjBaFw0zNjA0MDEyMDE1MjBaMGMxCzAJBgNVBAYTAlVTMR4w # HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xNDAyBgNVBAMTK01pY3Jvc29m # dCBJRCBWZXJpZmllZCBDb2RlIFNpZ25pbmcgUENBIDIwMjEwggIiMA0GCSqGSIb3 # DQEBAQUAA4ICDwAwggIKAoICAQCy8MCvGYgo4t1UekxJbGkIVQm0Uv96SvjB6yUo # 92cXdylN65Xy96q2YpWCiTas7QPTkGnK9QMKDXB2ygS27EAIQZyAd+M8X+dmw6SD # tzSZXyGkxP8a8Hi6EO9Zcwh5A+wOALNQbNO+iLvpgOnEM7GGB/wm5dYnMEOguua1 # OFfTUITVMIK8faxkP/4fPdEPCXYyy8NJ1fmskNhW5HduNqPZB/NkWbB9xxMqowAe # WvPgHtpzyD3PLGVOmRO4ka0WcsEZqyg6efk3JiV/TEX39uNVGjgbODZhzspHvKFN # U2K5MYfmHh4H1qObU4JKEjKGsqqA6RziybPqhvE74fEp4n1tiY9/ootdU0vPxRp4 # BGjQFq28nzawuvaCqUUF2PWxh+o5/TRCb/cHhcYU8Mr8fTiS15kRmwFFzdVPZ3+J # V3s5MulIf3II5FXeghlAH9CvicPhhP+VaSFW3Da/azROdEm5sv+EUwhBrzqtxoYy # E2wmuHKws00x4GGIx7NTWznOm6x/niqVi7a/mxnnMvQq8EMse0vwX2CfqM7Le/sm # bRtsEeOtbnJBbtLfoAsC3TdAOnBbUkbUfG78VRclsE7YDDBUbgWt75lDk53yi7C3 # n0WkHFU4EZ83i83abd9nHWCqfnYa9qIHPqjOiuAgSOf4+FRcguEBXlD9mAInS7b6 # V0UaNwIDAQABo4ICNTCCAjEwDgYDVR0PAQH/BAQDAgGGMBAGCSsGAQQBgjcVAQQD # AgEAMB0GA1UdDgQWBBTZQSmwDw9jbO9p1/XNKZ6kSGow5jBUBgNVHSAETTBLMEkG # BFUdIAAwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3Br # aW9wcy9Eb2NzL1JlcG9zaXRvcnkuaHRtMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIA # QwBBMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUyH7SaoUqG8oZmAQHJ89Q # EE9oqKIwgYQGA1UdHwR9MHsweaB3oHWGc2h0dHA6Ly93d3cubWljcm9zb2Z0LmNv # bS9wa2lvcHMvY3JsL01pY3Jvc29mdCUyMElkZW50aXR5JTIwVmVyaWZpY2F0aW9u # JTIwUm9vdCUyMENlcnRpZmljYXRlJTIwQXV0aG9yaXR5JTIwMjAyMC5jcmwwgcMG # CCsGAQUFBwEBBIG2MIGzMIGBBggrBgEFBQcwAoZ1aHR0cDovL3d3dy5taWNyb3Nv # ZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBJZGVudGl0eSUyMFZlcmlm # aWNhdGlvbiUyMFJvb3QlMjBDZXJ0aWZpY2F0ZSUyMEF1dGhvcml0eSUyMDIwMjAu # Y3J0MC0GCCsGAQUFBzABhiFodHRwOi8vb25lb2NzcC5taWNyb3NvZnQuY29tL29j # c3AwDQYJKoZIhvcNAQEMBQADggIBAH8lKp7+1Kvq3WYK21cjTLpebJDjW4ZbOX3H # D5ZiG84vjsFXT0OB+eb+1TiJ55ns0BHluC6itMI2vnwc5wDW1ywdCq3TAmx0KWy7 # xulAP179qX6VSBNQkRXzReFyjvF2BGt6FvKFR/imR4CEESMAG8hSkPYso+GjlngM # 8JPn/ROUrTaeU/BRu/1RFESFVgK2wMz7fU4VTd8NXwGZBe/mFPZG6tWwkdmA/jLb # p0kNUX7elxu2+HtHo0QO5gdiKF+YTYd1BGrmNG8sTURvn09jAhIUJfYNotn7OlTh # tfQjXqe0qrimgY4Vpoq2MgDW9ESUi1o4pzC1zTgIGtdJ/IvY6nqa80jFOTg5qzAi # RNdsUvzVkoYP7bi4wLCj+ks2GftUct+fGUxXMdBUv5sdr0qFPLPB0b8vq516slCf # RwaktAxK1S40MCvFbbAXXpAZnU20FaAoDwqq/jwzwd8Wo2J83r7O3onQbDO9TyDS # tgaBNlHzMMQgl95nHBYMelLEHkUnVVVTUsgC0Huj09duNfMaJ9ogxhPNThgq3i8w # 3DAGZ61AMeF0C1M+mU5eucj1Ijod5O2MMPeJQ3/vKBtqGZg4eTtUHt/BPjN74SsJ # syHqAdXVS5c+ItyKWg3Eforhox9k3WgtWTpgV4gkSiS4+A09roSdOI4vrRw+p+fL # 4WrxSK5nMYIalDCCGpACAQEwcTBaMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWlj # cm9zb2Z0IENvcnBvcmF0aW9uMSswKQYDVQQDEyJNaWNyb3NvZnQgSUQgVmVyaWZp # ZWQgQ1MgQU9DIENBIDAzAhMzAAE6T9lx3eo/npL1AAAAATpPMA0GCWCGSAFlAwQC # AQUAoF4wEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcC # AQQwLwYJKoZIhvcNAQkEMSIEILT8IwXJSTaLRHDLUgREvdSfb3c71hWs2LZ4LQ1s # cNh7MA0GCSqGSIb3DQEBAQUABIIBgA7ZRtfES1Cj0Fn6CuZ+ihzBFc0GsptMSwq5 # LHZqtxuLLpnC6v2zvVrvUGhr5feAQkdPqxS6AMICivX1qEh+TLcEGkLfod94dKOc # z8+EAoIQ25lFWPdpUuOT2p4w9gPZsqp1KRVdajg8TZk1TRVm38dHDBrcG831x5EB # I0w4On/UZM12CPn90uyaLmjCTAJRZUMrIC+x3ZNE3Zl4VJyr0oS0AUQk45NMIhTY # LofFIizgnBB782mARfqoA6mVRqPMx7LUKskBUnKVxhIRDST72uAWFfdar5HsABeJ # YHAYne3aMSoip0lxruFwPPtvfER2wE2iEOOMte5v5ajOYDGTDfTvW87A2lk8tnHx # zynUnMrAs7HKyFqonyT1GiVAiY6e4otySKyQDXUW7GcTaOafjmIwyNCXCVsNEUev # IaPtwTFqEOpzUowiZvEv9goHxLJlLS4LABqpRI0kOdxhGSaUU6aa9+o3Baxj0Tzo # 6dLW0Ph2pA2HuCnruGGGSaVYK1Y3WqGCGBQwghgQBgorBgEEAYI3AwMBMYIYADCC # F/wGCSqGSIb3DQEHAqCCF+0wghfpAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFiBgsq # hkiG9w0BCRABBKCCAVEEggFNMIIBSQIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCDuY4p46brloQ5sZTMOKSk9AJbp/86cUEJRtAkZAIDvrgIGagxE1T5Z # GBMyMDI2MDUyMjAxMTEyMC4zMjhaMASAAgH0oIHhpIHeMIHbMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1l # cmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046NzgwMC0w # NUUwLUQ5NDcxNTAzBgNVBAMTLE1pY3Jvc29mdCBQdWJsaWMgUlNBIFRpbWUgU3Rh # bXBpbmcgQXV0aG9yaXR5oIIPITCCB4IwggVqoAMCAQICEzMAAAAF5c8P/2YuyYcA # AAAAAAUwDQYJKoZIhvcNAQEMBQAwdzELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1p # Y3Jvc29mdCBDb3Jwb3JhdGlvbjFIMEYGA1UEAxM/TWljcm9zb2Z0IElkZW50aXR5 # IFZlcmlmaWNhdGlvbiBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDIwMB4X # DTIwMTExOTIwMzIzMVoXDTM1MTExOTIwNDIzMVowYTELMAkGA1UEBhMCVVMxHjAc # BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0 # IFB1YmxpYyBSU0EgVGltZXN0YW1waW5nIENBIDIwMjAwggIiMA0GCSqGSIb3DQEB # AQUAA4ICDwAwggIKAoICAQCefOdSY/3gxZ8FfWO1BiKjHB7X55cz0RMFvWVGR3eR # wV1wb3+yq0OXDEqhUhxqoNv6iYWKjkMcLhEFxvJAeNcLAyT+XdM5i2CgGPGcb95W # JLiw7HzLiBKrxmDj1EQB/mG5eEiRBEp7dDGzxKCnTYocDOcRr9KxqHydajmEkzXH # OeRGwU+7qt8Md5l4bVZrXAhK+WSk5CihNQsWbzT1nRliVDwunuLkX1hyIWXIArCf # rKM3+RHh+Sq5RZ8aYyik2r8HxT+l2hmRllBvE2Wok6IEaAJanHr24qoqFM9WLeBU # Sudz+qL51HwDYyIDPSQ3SeHtKog0ZubDk4hELQSxnfVYXdTGncaBnB60QrEuazvc # ob9n4yR65pUNBCF5qeA4QwYnilBkfnmeAjRN3LVuLr0g0FXkqfYdUmj1fFFhH8k8 # YBozrEaXnsSL3kdTD01X+4LfIWOuFzTzuoslBrBILfHNj8RfOxPgjuwNvE6YzauX # i4orp4Sm6tF245DaFOSYbWFK5ZgG6cUY2/bUq3g3bQAqZt65KcaewEJ3ZyNEobv3 # 5Nf6xN6FrA6jF9447+NHvCjeWLCQZ3M8lgeCcnnhTFtyQX3XgCoc6IRXvFOcPVrr # 3D9RPHCMS6Ckg8wggTrtIVnY8yjbvGOUsAdZbeXUIQAWMs0d3cRDv09SvwVRd61e # vQIDAQABo4ICGzCCAhcwDgYDVR0PAQH/BAQDAgGGMBAGCSsGAQQBgjcVAQQDAgEA # MB0GA1UdDgQWBBRraSg6NS9IY0DPe9ivSek+2T3bITBUBgNVHSAETTBLMEkGBFUd # IAAwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9w # cy9Eb2NzL1JlcG9zaXRvcnkuaHRtMBMGA1UdJQQMMAoGCCsGAQUFBwMIMBkGCSsG # AQQBgjcUAgQMHgoAUwB1AGIAQwBBMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgw # FoAUyH7SaoUqG8oZmAQHJ89QEE9oqKIwgYQGA1UdHwR9MHsweaB3oHWGc2h0dHA6 # Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUyMElkZW50 # aXR5JTIwVmVyaWZpY2F0aW9uJTIwUm9vdCUyMENlcnRpZmljYXRlJTIwQXV0aG9y # aXR5JTIwMjAyMC5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMIGBBggrBgEFBQcwAoZ1 # aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQl # MjBJZGVudGl0eSUyMFZlcmlmaWNhdGlvbiUyMFJvb3QlMjBDZXJ0aWZpY2F0ZSUy # MEF1dGhvcml0eSUyMDIwMjAuY3J0MA0GCSqGSIb3DQEBDAUAA4ICAQBfiHbHfm21 # WhV150x4aPpO4dhEmSUVpbixNDmv6TvuIHv1xIs174bNGO/ilWMm+Jx5boAXrJxa # gRhHQtiFprSjMktTliL4sKZyt2i+SXncM23gRezzsoOiBhv14YSd1Klnlkzvgs29 # XNjT+c8hIfPRe9rvVCMPiH7zPZcw5nNjthDQ+zD563I1nUJ6y59TbXWsuyUsqw7w # XZoGzZwijWT5oc6GvD3HDokJY401uhnj3ubBhbkR83RbfMvmzdp3he2bvIUztSOu # FzRqrLfEvsPkVHYnvH1wtYyrt5vShiKheGpXa2AWpsod4OJyT4/y0dggWi8g/tgb # hmQlZqDUf3UqUQsZaLdIu/XSjgoZqDjamzCPJtOLi2hBwL+KsCh0Nbwc21f5xvPS # wym0Ukr4o5sCcMUcSy6TEP7uMV8RX0eH/4JLEpGyae6Ki8JYg5v4fsNGif1OXHJ2 # IWG+7zyjTDfkmQ1snFOTgyEX8qBpefQbF0fx6URrYiarjmBprwP6ZObwtZXJ23jK # 3Fg/9uqM3j0P01nzVygTppBabzxPAh/hHhhls6kwo3QLJ6No803jUsZcd4JQxiYH # Hc+Q/wAMcPUnYKv/q2O444LO1+n6j01z5mggCSlRwD9faBIySAcA9S8h22hIAcRQ # qIGEjolCK9F6nK9ZyX4lhthsGHumaABdWzCCB5cwggV/oAMCAQICEzMAAABXJNOV # 4KLpyTEAAAAAAFcwDQYJKoZIhvcNAQEMBQAwYTELMAkGA1UEBhMCVVMxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFB1 # YmxpYyBSU0EgVGltZXN0YW1waW5nIENBIDIwMjAwHhcNMjUxMDIzMjA0NjUzWhcN # MjYxMDIyMjA0NjUzWjCB2zELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0 # b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3Jh # dGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJpY2EgT3BlcmF0aW9uczEnMCUG # A1UECxMeblNoaWVsZCBUU1MgRVNOOjc4MDAtMDVFMC1EOTQ3MTUwMwYDVQQDEyxN # aWNyb3NvZnQgUHVibGljIFJTQSBUaW1lIFN0YW1waW5nIEF1dGhvcml0eTCCAiIw # DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALFspQqTCH24syS2NZD1ztnJl9h0 # Vr0WwJnikmeXse/4wspnVexGqfiHNoqkbVg5CinuYC+iVfNMLZ+QtqhySz8VGBSj # Rt1JB5ACNtTKAjfmFp4U/Cv2Lj4m+vuve9I3W3hSiImTFsHeYZ6V/Sd43rXrhHV2 # 6fw3xQSteSbg9yTs1rhdrLkAj4KmI0D5P4KavtygirVyUW10gkifWLSE1NiB8Jn3 # RO5dj32deeMNONaaPnw3k49ICTs3Ffyb+ekNDPsNfYwCqPyOTxM6y1dSD0J5j+KK # 9V+EWyV5PDjV8jjn1zsStlS6TcYJJStcgHs2xT9rs6ooWl5FtYfRkCxhDShEp3s8 # IHUWizTWmLZvAE/6WR2Cd+ZmVapGXTCHJKUByZPxdX0i8gynirR+EwuHHNxEilDI # CLatO2WZu+CQrH4Zq0NYo1TQ4tUpZ/kAWpoAu1r4mW5EJ3HkEavQ2PuoQDcDq2rA # GVIla9pD7o9Yxwzl81BuDvUEyu9D/6F0qmQDdaE791HxfCUxpgMYPpdWTzs+dDGP # ehwQ8P92yP8ARjby5Ony1Z68RjeQebpxf5WL441myFHcgT1UJzzil7tPEkR22NfT # NR6Fl+jzWb/r80nqlXllhynSowtxo1Y22xqYviS24smikUsBKqOPbSS77uvXEO3V # rG5LGouE1EZ1Y9pjAgMBAAGjggHLMIIBxzAdBgNVHQ4EFgQUjoPJXi01DgIJSGfm # 416Yg+0SkqcwHwYDVR0jBBgwFoAUa2koOjUvSGNAz3vYr0npPtk92yEwbAYDVR0f # BGUwYzBhoF+gXYZbaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwv # TWljcm9zb2Z0JTIwUHVibGljJTIwUlNBJTIwVGltZXN0YW1waW5nJTIwQ0ElMjAy # MDIwLmNybDB5BggrBgEFBQcBAQRtMGswaQYIKwYBBQUHMAKGXWh0dHA6Ly93d3cu # bWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwUHVibGljJTIw # UlNBJTIwVGltZXN0YW1waW5nJTIwQ0ElMjAyMDIwLmNydDAMBgNVHRMBAf8EAjAA # MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMA4GA1UdDwEB/wQEAwIHgDBmBgNVHSAE # XzBdMFEGDCsGAQQBgjdMg30BATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1p # Y3Jvc29mdC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9yeS5odG0wCAYGZ4EMAQQC # MA0GCSqGSIb3DQEBDAUAA4ICAQBydcB2POmZOUlAQz2NuXf7vWCVWmjWu9bsY1+H # Mjv1yeLjxDQkjsJEU5zaIDy8Uw9BYN8+ExX/9k/9CBUsXbVlbU44c65/liyJ83kW # sFIUwhVazwSShFlbIZviIO/5weyWyTfPPpbSJgWy+ZE9UrQS3xulJLAHA2zUkMMP # dAlF4RrngcZZ0r45AF9aIYjdestWwdrNK70MfArHqZdgrgXn03w6zBs1v7czceWG # itg/DlsHqk1mXBpSTuGI2TSPN3E60IIXx5f/AFzh4/HFi98BBZbUELNsXkWAG9yn # Z5e6CFiil1mgWCWOT90D7Igvg0zKe3o3WCk629/en94K/sC/zLOf2d7yFmTySb9f # KjcONH1Db3kZ8MzEJ8fHTNmxrl10Gecuz/Gl0+ByTKN+PambZ+F0MIlBPww6fvjF # C9JII73fw3qO169+9TxTz2G+E26GYY1dcffsAhw6DqTQgbflbl1O/MrSXSs0NSb9 # nBD9RfR/f8Ei7DA1L1jBO7vZhhJTjw2TzFa/ALgRLi3W00hHWi8LGQaZc8SwXIMY # WfwrN9MgYbhN0Iak9WA2dqWuekXsTwNkmrD3E6E+oCYCehNOgZmds0Ezb1jo7OV0 # Kh22Ll3KHg3MHtlGguxAzhg/BpixPS4qrULLkAjO7+yNsUfrD2U9gMf/OR4yJDPt # zM0ytTGCB0YwggdCAgEBMHgwYTELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFB1YmxpYyBSU0Eg # VGltZXN0YW1waW5nIENBIDIwMjACEzMAAABXJNOV4KLpyTEAAAAAAFcwDQYJYIZI # AWUDBAIBBQCgggSfMBEGCyqGSIb3DQEJEAIPMQIFADAaBgkqhkiG9w0BCQMxDQYL # KoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI2MDUyMjAxMTEyMFowLwYJKoZI # hvcNAQkEMSIEIOclxt8Phy5aOlq4OiOuwFcZILdZbbIsEHAH1Pz9G9L0MIG5Bgsq # hkiG9w0BCRACLzGBqTCBpjCBozCBoAQg9TyfZLUFbkxliGyizuH9VVDpVFNvQEQh # KQ2ZhUx421IwfDBlpGMwYTELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jvc29m # dCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFB1YmxpYyBSU0EgVGlt # ZXN0YW1waW5nIENBIDIwMjACEzMAAABXJNOV4KLpyTEAAAAAAFcwggNhBgsqhkiG # 9w0BCRACEjGCA1AwggNMoYIDSDCCA0QwggIsAgEBMIIBCaGB4aSB3jCB2zELMAkG # A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx # HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMGA1UECxMcTWljcm9z # b2Z0IEFtZXJpY2EgT3BlcmF0aW9uczEnMCUGA1UECxMeblNoaWVsZCBUU1MgRVNO # Ojc4MDAtMDVFMC1EOTQ3MTUwMwYDVQQDEyxNaWNyb3NvZnQgUHVibGljIFJTQSBU # aW1lIFN0YW1waW5nIEF1dGhvcml0eaIjCgEBMAcGBSsOAwIaAxUA/S8xOZxCUQFB # NkrN8Wiij1x5y8OgZzBlpGMwYTELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFB1YmxpYyBSU0Eg # VGltZXN0YW1waW5nIENBIDIwMjAwDQYJKoZIhvcNAQELBQACBQDtug8PMCIYDzIw # MjYwNTIxMjMwOTAzWhgPMjAyNjA1MjIyMzA5MDNaMHcwPQYKKwYBBAGEWQoEATEv # MC0wCgIFAO26Dw8CAQAwCgIBAAICAY4CAf8wBwIBAAICEbwwCgIFAO27YI8CAQAw # NgYKKwYBBAGEWQoEAjEoMCYwDAYKKwYBBAGEWQoDAqAKMAgCAQACAwehIKEKMAgC # AQACAwGGoDANBgkqhkiG9w0BAQsFAAOCAQEAvY09NtEHVT3GRhhd/CNNEdoP7zSv # jb53exTRkIB52o2Uraojtn5lkzhBo44GbFp+vBdOmU7QlnYeF2u/pwClHUCO6XeA # JsADyarTv6qHKjv56GwviixEbq4L4ZwfjqY5NLDmkx8VkzS2uzp1dWYgJL/aOWIN # jH4DqxokfC4JKsyxYzoazhdnb/Xi5i8EA26L014F7ND3aeTlkSr6uFKf4nHzVYYk # BPPrqHMvX1WEqZ3BgQ9LoYI6wwPHj/LmyNcCRD0H3pxnBnSEStsy3YxTYG9r2AUT # Ztz+EbRAjXMAaDnvHjmtv9ipFzs0TK1zo/CM1fqntD4nGCITQ3MPq3ghszANBgkq # hkiG9w0BAQEFAASCAgA0TMSlqrEdloavL6af4G0aNH2MTOaaNjDG3InZFIEkbdRb # ASOWTckdnu3RZohM0+F0NuOsP7HnomYJwj9TSjvwoNQYlbeRmMQJOQTj2EMHE5mo # 3xSKj0EhEGuSaHroTEuW2MVwBmsR2nKvpuzTZYkVV+TPrghubwAgu/7Szsk1zuGH # 0bo0XDbVZknZHtXHdgxvV6nfd4u8uVKWoEPCqjDwo7kEGPH4Ok9ZPG5UlPThimwu # BJ1hm0YuBJYYTArSdR/ZVIXDqZoBLqJpQFFj/kWyDJcHBgBphgFJkjozanGkZu6W # gnJpIzjwpcXzJTUeG38R0xAvWKJZAwJNLOBibnppWAbgLr4peBpDCM1HK39qqV+d # egE4Tv0rHFA/jTz6pRcdQ1Yrq0fuSLRvElcvqGdjV+g8pbyN6h/wu58Ms3aUeX+2 # 4QC9mhtFIiTV4VhQbHoYIo2eClxfV8Cgrp4qyFtz94PS5AcELqUu6F42NmNkIDHf # mUPUDHksOw9FAGxLNiaBH/w8mnq0wroY7RRYfRSNPzcWc9JAiExfC//EA694PcIY # GEmdeNxh6ueo68mcFWmp7RfnpiJlWqWlmG0D5F7XOLnuw4qPLpUwUuKWI1lScRDS # DTDL43T/p+VfB0aSi+HTQkTErK0zMBl532cx5DBbX/Lhwt9DMRJhvDUoEyBjcw== # SIG # End signature block |