Public/extended/Test-NsAdminPhishResistance.ps1
|
function Test-NsAdminPhishResistance { <# .SYNOPSIS Tests whether admins across all lifecycle states are covered by phishing-resistant MFA. .DESCRIPTION Evaluates each admin user (permanent, PIM-eligible, PIM-active) against enforced CA policies to determine if they are protected by a phishing-resistant authentication strength rather than standard MFA (which accepts SMS, voice, and software OTP). Segments findings by admin state so remediation can be prioritised. .EXAMPLE $results = Test-NsAdminPhishResistance -Context $ctx #> [CmdletBinding()] param([Parameter(Mandatory)] [object]$Context) $findings = [System.Collections.ArrayList]::new() $snap = $Context.Snapshot $userMap = $snap.UserContextMap if (-not $userMap -or $userMap.Count -eq 0) { return $findings } # Build set of phishing-resistant auth strength IDs $phishResistantBuiltIn = '00000000-0000-0000-0000-000000000004' $weakMethods = $Context.Config['weakMfaMethods'] ?? @('sms','voice','mobilePhone','email','softwareOneTimePasscode') $phishResistantIds = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::OrdinalIgnoreCase) [void]$phishResistantIds.Add($phishResistantBuiltIn) # Custom auth strengths that contain ONLY strong methods are also phishing-resistant if ($snap.AuthStrengths) { foreach ($str in $snap.AuthStrengths) { if ($str.id -eq $phishResistantBuiltIn) { continue } if (-not $str.allowedCombinations) { continue } $hasWeak = $false foreach ($combo in $str.allowedCombinations) { foreach ($wm in $weakMethods) { if ($combo -match $wm) { $hasWeak = $true; break } } if ($hasWeak) { break } } if (-not $hasWeak) { [void]$phishResistantIds.Add($str.id) } } } # Identify policies that require phishing-resistant auth $phishResistantPolicies = @($Context.Enforced | Where-Object { $_.AuthStrengthId -and $phishResistantIds.Contains($_.AuthStrengthId) }) # Helper: check if a user is covered by a phishing-resistant policy $testPhishCoverage = { param([object]$ctx) foreach ($pol in $phishResistantPolicies) { if ($pol.MatchesUser($ctx)) { return $true } } return $false } # Build PIM-active set from schedules (users currently activated via PIM) $pimActiveUserIds = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::OrdinalIgnoreCase) if ($snap.PimActiveSchedules.Count -gt 0) { foreach ($sched in $snap.PimActiveSchedules) { if ($sched.assignmentType -eq 'Activated') { [void]$pimActiveUserIds.Add($sched.principalId) } } } # Classify admins and check coverage # Only flag users who HAVE standard MFA but lack phishing-resistant : # users with no MFA at all are surfaced by Test-NsAdminMfaCoverage / Test-NsPimRoleEligibility $permanentNoPhish = [System.Collections.ArrayList]::new() $eligibleNoPhish = [System.Collections.ArrayList]::new() $pimActiveNoPhish = [System.Collections.ArrayList]::new() foreach ($entry in $userMap.GetEnumerator()) { $ctx = $entry.Value $label = $ctx.Label() $isCovered = & $testPhishCoverage $ctx if ($isCovered) { continue } # Check if covered by any standard MFA policy: if not, skip (different finding) $hasAnyMfa = $false foreach ($pol in $Context.Enforced) { if ($pol.MatchesUser($ctx) -and $pol.RequiresMfa()) { $hasAnyMfa = $true; break } } if (-not $hasAnyMfa) { continue } # Permanent/static admin (standing role, not PIM-eligible for those roles) if ($ctx.RoleIds.Count -gt 0 -and $ctx.RoleIds.Overlaps($Context.AdminRoleSet)) { $roles = ($ctx.RoleIds | Where-Object { $Context.AdminRoleSet.Contains($_) } | ForEach-Object { $Context.Resolve($_) }) -join ', ' [void]$permanentNoPhish.Add("$label ($roles)") } # PIM-eligible if ($ctx.IsPimEligible -and $ctx.EligibleRoleIds.Count -gt 0) { $roles = ($ctx.EligibleRoleIds | ForEach-Object { $Context.Resolve($_) }) -join ', ' [void]$eligibleNoPhish.Add("$label (eligible: $roles)") } # PIM-active (currently activated) if ($pimActiveUserIds.Contains($ctx.Id)) { [void]$pimActiveNoPhish.Add($label) } } # Permanent admins without phishing-resistant MFA if ($permanentNoPhish.Count -gt 0) { $sample = ($permanentNoPhish | Select-Object -First 10) -join '; ' $f = [AuditFinding]::new([Severity]::Critical, [FindingCategory]::Gap, "$($permanentNoPhish.Count) permanent admins not covered by phishing-resistant MFA", "Standing admin accounts are the highest-value targets. Without phishing-resistant authentication, credentials can be intercepted via adversary-in-the-middle proxies. Affected: $sample", $null, 'Apply a CA policy with phishing-resistant authentication strength (FIDO2, WHfB, or CBA) to all admin roles.', @("Permanent admins without phish-resistant: $($permanentNoPhish.Count)")) $f.TestName = 'Test-NsAdminPhishResistance' [void]$findings.Add($f) } # PIM-eligible without phishing-resistant MFA if ($eligibleNoPhish.Count -gt 0) { $sample = ($eligibleNoPhish | Select-Object -First 10) -join '; ' $f = [AuditFinding]::new([Severity]::High, [FindingCategory]::Gap, "$($eligibleNoPhish.Count) PIM-eligible admins not covered by phishing-resistant MFA", "These users can activate privileged roles on demand. A phished credential followed by PIM activation gives an attacker full admin access. Affected: $sample", $null, 'Ensure PIM-eligible users are covered by a phishing-resistant auth strength policy in their base (non-elevated) state.', @("PIM-eligible without phish-resistant: $($eligibleNoPhish.Count)")) $f.TestName = 'Test-NsAdminPhishResistance' [void]$findings.Add($f) } # PIM-active without phishing-resistant MFA if ($pimActiveNoPhish.Count -gt 0) { $sample = ($pimActiveNoPhish | Select-Object -First 10) -join '; ' $f = [AuditFinding]::new([Severity]::High, [FindingCategory]::Gap, "$($pimActiveNoPhish.Count) PIM-activated admins not covered by phishing-resistant MFA", "Currently elevated via PIM but operating under standard MFA or no auth strength. Session hijacking or token theft during activation is not mitigated. Affected: $sample", $null, 'Apply phishing-resistant auth strength to role-scoped CA policies so activated sessions are protected.', @("PIM-active without phish-resistant: $($pimActiveNoPhish.Count)")) $f.TestName = 'Test-NsAdminPhishResistance' [void]$findings.Add($f) } # Summary: no phishing-resistant policies exist at all if ($phishResistantPolicies.Count -eq 0) { $totalAdmins = @($userMap.Values | Where-Object { $_.IsAdmin -or $_.IsPimEligible }).Count if ($totalAdmins -gt 0) { $f = [AuditFinding]::new([Severity]::Critical, [FindingCategory]::Gap, "No enforced CA policies use phishing-resistant authentication strength", "All $totalAdmins admin and PIM-eligible users authenticate with standard MFA at best. SMS, voice, and software OTP are defeated by adversary-in-the-middle phishing frameworks (Evilginx, Modlishka).", $null, 'Create a CA policy targeting admin roles with the built-in Phishing-resistant MFA authentication strength.', @("Admins exposed: $totalAdmins")) $f.TestName = 'Test-NsAdminPhishResistance' [void]$findings.Add($f) } } return $findings } # SIG # Begin signature block # MII9FwYJKoZIhvcNAQcCoII9CDCCPQQCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCIExYMXlCU5nNl # hYbdmn6PxWKvWk8AseCA8P2h62JOWqCCIdwwggXMMIIDtKADAgECAhBUmNLR1FsZ # lUgTecgRwIeZMA0GCSqGSIb3DQEBDAUAMHcxCzAJBgNVBAYTAlVTMR4wHAYDVQQK # ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xSDBGBgNVBAMTP01pY3Jvc29mdCBJZGVu # dGl0eSBWZXJpZmljYXRpb24gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAy # MDAeFw0yMDA0MTYxODM2MTZaFw00NTA0MTYxODQ0NDBaMHcxCzAJBgNVBAYTAlVT # MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xSDBGBgNVBAMTP01pY3Jv # c29mdCBJZGVudGl0eSBWZXJpZmljYXRpb24gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRo # b3JpdHkgMjAyMDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALORKgeD # Bmf9np3gx8C3pOZCBH8Ppttf+9Va10Wg+3cL8IDzpm1aTXlT2KCGhFdFIMeiVPvH # or+Kx24186IVxC9O40qFlkkN/76Z2BT2vCcH7kKbK/ULkgbk/WkTZaiRcvKYhOuD # PQ7k13ESSCHLDe32R0m3m/nJxxe2hE//uKya13NnSYXjhr03QNAlhtTetcJtYmrV # qXi8LW9J+eVsFBT9FMfTZRY33stuvF4pjf1imxUs1gXmuYkyM6Nix9fWUmcIxC70 # ViueC4fM7Ke0pqrrBc0ZV6U6CwQnHJFnni1iLS8evtrAIMsEGcoz+4m+mOJyoHI1 # vnnhnINv5G0Xb5DzPQCGdTiO0OBJmrvb0/gwytVXiGhNctO/bX9x2P29Da6SZEi3 # W295JrXNm5UhhNHvDzI9e1eM80UHTHzgXhgONXaLbZ7LNnSrBfjgc10yVpRnlyUK # xjU9lJfnwUSLgP3B+PR0GeUw9gb7IVc+BhyLaxWGJ0l7gpPKWeh1R+g/OPTHU3mg # trTiXFHvvV84wRPmeAyVWi7FQFkozA8kwOy6CXcjmTimthzax7ogttc32H83rwjj # O3HbbnMbfZlysOSGM1l0tRYAe1BtxoYT2v3EOYI9JACaYNq6lMAFUSw0rFCZE4e7 # swWAsk0wAly4JoNdtGNz764jlU9gKL431VulAgMBAAGjVDBSMA4GA1UdDwEB/wQE # AwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTIftJqhSobyhmYBAcnz1AQ # T2ioojAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQwFAAOCAgEAr2rd5hnn # LZRDGU7L6VCVZKUDkQKL4jaAOxWiUsIWGbZqWl10QzD0m/9gdAmxIR6QFm3FJI9c # Zohj9E/MffISTEAQiwGf2qnIrvKVG8+dBetJPnSgaFvlVixlHIJ+U9pW2UYXeZJF # xBA2CFIpF8svpvJ+1Gkkih6PsHMNzBxKq7Kq7aeRYwFkIqgyuH4yKLNncy2RtNwx # AQv3Rwqm8ddK7VZgxCwIo3tAsLx0J1KH1r6I3TeKiW5niB31yV2g/rarOoDXGpc8 # FzYiQR6sTdWD5jw4vU8w6VSp07YEwzJ2YbuwGMUrGLPAgNW3lbBeUU0i/OxYqujY # lLSlLu2S3ucYfCFX3VVj979tzR/SpncocMfiWzpbCNJbTsgAlrPhgzavhgplXHT2 # 6ux6anSg8Evu75SjrFDyh+3XOjCDyft9V77l4/hByuVkrrOj7FjshZrM77nq81YY # uVxzmq/FdxeDWds3GhhyVKVB0rYjdaNDmuV3fJZ5t0GNv+zcgKCf0Xd1WF81E+Al # GmcLfc4l+gcK5GEh2NQc5QfGNpn0ltDGFf5Ozdeui53bFv0ExpK91IjmqaOqu/dk # ODtfzAzQNb50GQOmxapMomE2gj4d8yu8l13bS3g7LfU772Aj6PXsCyM2la+YZr9T # 03u4aUoqlmZpxJTG9F9urJh4iIAGXKKy7aIwggabMIIEg6ADAgECAhMzAAE6T9lx # 3eo/npL1AAAAATpPMA0GCSqGSIb3DQEBDAUAMFoxCzAJBgNVBAYTAlVTMR4wHAYD # VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKzApBgNVBAMTIk1pY3Jvc29mdCBJ # RCBWZXJpZmllZCBDUyBBT0MgQ0EgMDMwHhcNMjYwNTIxMTg1MTE4WhcNMjYwNTI0 # MTg1MTE4WjBfMQswCQYDVQQGEwJDQTEQMA4GA1UECBMHQWxiZXJ0YTEQMA4GA1UE # BxMHQ2FsZ2FyeTEVMBMGA1UEChMMRGFycmVuIE1heWVzMRUwEwYDVQQDEwxEYXJy # ZW4gTWF5ZXMwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCnVDNpGjHl # JgszvxN+dtZEikDyGdiuoXOP/NV/PcHCsQXESnF1SUa2vXjiRr5ppchGTCTN45RW # f9i5GgeG4zgIBsvI3OrAx8atJe4wsezXSVTrJsyrLM6yy9xkTXcGMJxx6g5VoNm8 # /Lg9Zhp2ST9MNkWP1X3bdEc5O2OkIs8pKldqL0SAZ7Aw6HshFPXMfi0QA8pshH1m # ZmdQIlyQh/m7WRYsnVq2N/XZ80lDtxHnsbBLUinh5KfZmoC3MmdQuxmAvDMXO5wx # gvwa7g+66/vFp111lfS9eOFwxjUXpICnDaNV01PExdHk1Fm2wP7gGmxviCjA4UV5 # EFpoTXqvpGYVw4BvnCZ/szsu/Slr1rDpxdBc15SJ3gkw9QS90rV8YIqDO8iyS/C/ # pFaa5YklAH93Y8paacWVzg4SvWzAXmhP71PHnoStYyTIOELRz3DYNQUv3xvFsKoi # sclutKjKuTiXYojwpfzkOXLs0Kl0MCdaselLfwpZILLWyIdeBwzo7g0CAwEAAaOC # AdMwggHPMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMDoGA1UdJQQzMDEG # CisGAQQBgjdhAQAGCCsGAQUFBwMDBhkrBgEEAYI3YYuPpXGB3qaBQNv/tAST5rkV # MB0GA1UdDgQWBBR+UjK+gq4lWZR8FjbnMSfjErFoFDAfBgNVHSMEGDAWgBSkQwx/ # dlqlhec+jSgPDBeiRWlwxjBnBgNVHR8EYDBeMFygWqBYhlZodHRwOi8vd3d3Lm1p # Y3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBJRCUyMFZlcmlmaWVk # JTIwQ1MlMjBBT0MlMjBDQSUyMDAzLmNybDB0BggrBgEFBQcBAQRoMGYwZAYIKwYB # BQUHMAKGWGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWlj # cm9zb2Z0JTIwSUQlMjBWZXJpZmllZCUyMENTJTIwQU9DJTIwQ0ElMjAwMy5jcnQw # VAYDVR0gBE0wSzBJBgRVHSAAMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cubWlj # cm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0bTANBgkqhkiG9w0B # AQwFAAOCAgEAtaw54Hz+2BUfCYDiR4REkDLEqQQGSNm393kUM090/K+HI4zxgos6 # dpLBpdinakSSmTM0XpHEE54+yfjB0X8yjkZhr6QXQWVVTzP8bx/kQWYVMwu/v66f # VlrMO58rUI2hMFKGwwsK/R6cdMP3amiOYrRhnEOSh98q+ie+GOq35uKeaPoYev67 # 1abV8hBv5l06LyelJWvNVJvKT53ehTjRuf9jFfe9sWwlddH3pNLRfnJhTeUCEHBl # HqQwxwQVju7Z45yN6FihPkkq1DxzBkEmH/5HOMovjGDNDulG7F8k2rkYBL877oUc # Ug11e/vig1ud5yJqGnod+Y3O9ZbdTEwWM1mllTWdVVq2BPLuMaSimJuUX2Ss+Ilz # R1HBgofgWgsBHPtbqgW3LvG5OTwg4n2qu/c3GUG6ryqvHVRBuenMp9C+46lJU3w4 # wBD39RfUABk9jcO4G0WPoWJRMie9LcLIhK0pAezlfxlWnwNewE2N/1QnAvKC17h2 # OmcpsE9uRcqcft4asKk1FraXvs0iNAxctjOTdYnAUg3u4K4Hjau2jJpA3rfjQJHC # N8SICi4KCGZtHXXltRcJ4x3qYzt2OttJRnY5aj5PKTMcPeHkXrgfngBWAwLphU83 # riIUV3Ew/C7ZKwtWf1huH6eZjjtKMQ5kE9QFBYxkrSgBWzw4wpq0UjMwggabMIIE # g6ADAgECAhMzAAE6T9lx3eo/npL1AAAAATpPMA0GCSqGSIb3DQEBDAUAMFoxCzAJ # BgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKzApBgNV # BAMTIk1pY3Jvc29mdCBJRCBWZXJpZmllZCBDUyBBT0MgQ0EgMDMwHhcNMjYwNTIx # MTg1MTE4WhcNMjYwNTI0MTg1MTE4WjBfMQswCQYDVQQGEwJDQTEQMA4GA1UECBMH # QWxiZXJ0YTEQMA4GA1UEBxMHQ2FsZ2FyeTEVMBMGA1UEChMMRGFycmVuIE1heWVz # MRUwEwYDVQQDEwxEYXJyZW4gTWF5ZXMwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAw # ggGKAoIBgQCnVDNpGjHlJgszvxN+dtZEikDyGdiuoXOP/NV/PcHCsQXESnF1SUa2 # vXjiRr5ppchGTCTN45RWf9i5GgeG4zgIBsvI3OrAx8atJe4wsezXSVTrJsyrLM6y # y9xkTXcGMJxx6g5VoNm8/Lg9Zhp2ST9MNkWP1X3bdEc5O2OkIs8pKldqL0SAZ7Aw # 6HshFPXMfi0QA8pshH1mZmdQIlyQh/m7WRYsnVq2N/XZ80lDtxHnsbBLUinh5KfZ # moC3MmdQuxmAvDMXO5wxgvwa7g+66/vFp111lfS9eOFwxjUXpICnDaNV01PExdHk # 1Fm2wP7gGmxviCjA4UV5EFpoTXqvpGYVw4BvnCZ/szsu/Slr1rDpxdBc15SJ3gkw # 9QS90rV8YIqDO8iyS/C/pFaa5YklAH93Y8paacWVzg4SvWzAXmhP71PHnoStYyTI # OELRz3DYNQUv3xvFsKoisclutKjKuTiXYojwpfzkOXLs0Kl0MCdaselLfwpZILLW # yIdeBwzo7g0CAwEAAaOCAdMwggHPMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQD # AgeAMDoGA1UdJQQzMDEGCisGAQQBgjdhAQAGCCsGAQUFBwMDBhkrBgEEAYI3YYuP # pXGB3qaBQNv/tAST5rkVMB0GA1UdDgQWBBR+UjK+gq4lWZR8FjbnMSfjErFoFDAf # BgNVHSMEGDAWgBSkQwx/dlqlhec+jSgPDBeiRWlwxjBnBgNVHR8EYDBeMFygWqBY # hlZodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQl # MjBJRCUyMFZlcmlmaWVkJTIwQ1MlMjBBT0MlMjBDQSUyMDAzLmNybDB0BggrBgEF # BQcBAQRoMGYwZAYIKwYBBQUHMAKGWGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9w # a2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwSUQlMjBWZXJpZmllZCUyMENTJTIwQU9D # JTIwQ0ElMjAwMy5jcnQwVAYDVR0gBE0wSzBJBgRVHSAAMEEwPwYIKwYBBQUHAgEW # M2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5 # Lmh0bTANBgkqhkiG9w0BAQwFAAOCAgEAtaw54Hz+2BUfCYDiR4REkDLEqQQGSNm3 # 93kUM090/K+HI4zxgos6dpLBpdinakSSmTM0XpHEE54+yfjB0X8yjkZhr6QXQWVV # TzP8bx/kQWYVMwu/v66fVlrMO58rUI2hMFKGwwsK/R6cdMP3amiOYrRhnEOSh98q # +ie+GOq35uKeaPoYev671abV8hBv5l06LyelJWvNVJvKT53ehTjRuf9jFfe9sWwl # ddH3pNLRfnJhTeUCEHBlHqQwxwQVju7Z45yN6FihPkkq1DxzBkEmH/5HOMovjGDN # DulG7F8k2rkYBL877oUcUg11e/vig1ud5yJqGnod+Y3O9ZbdTEwWM1mllTWdVVq2 # BPLuMaSimJuUX2Ss+IlzR1HBgofgWgsBHPtbqgW3LvG5OTwg4n2qu/c3GUG6ryqv # HVRBuenMp9C+46lJU3w4wBD39RfUABk9jcO4G0WPoWJRMie9LcLIhK0pAezlfxlW # nwNewE2N/1QnAvKC17h2OmcpsE9uRcqcft4asKk1FraXvs0iNAxctjOTdYnAUg3u # 4K4Hjau2jJpA3rfjQJHCN8SICi4KCGZtHXXltRcJ4x3qYzt2OttJRnY5aj5PKTMc # PeHkXrgfngBWAwLphU83riIUV3Ew/C7ZKwtWf1huH6eZjjtKMQ5kE9QFBYxkrSgB # Wzw4wpq0UjMwggcoMIIFEKADAgECAhMzAAAAGA3rkVWpigCYAAAAAAAYMA0GCSqG # SIb3DQEBDAUAMGMxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29y # cG9yYXRpb24xNDAyBgNVBAMTK01pY3Jvc29mdCBJRCBWZXJpZmllZCBDb2RlIFNp # Z25pbmcgUENBIDIwMjEwHhcNMjYwMzI2MTgxMTMyWhcNMzEwMzI2MTgxMTMyWjBa # MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSsw # KQYDVQQDEyJNaWNyb3NvZnQgSUQgVmVyaWZpZWQgQ1MgQU9DIENBIDAzMIICIjAN # BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyIDaYDRWoon9lVnlj+SOj5xV8Sf5 # Qd+3yUeeRgr0exi2QTJAYo24ilcIKQSN8TOZ3+POM5x/6p3Cfjgqust44J0FvkfG # Xe1Puy45a5nLJGpc0kNIITMRKZwVvPxx7NlfGSc0JOhz/kg7G77C+y3ZR/3jtpeJ # pJ4QwcK9Gf0Peuk7xLYeW/JAsY9b6oleGDbYSxkamUfbtnyv8gTFrvN6ejuLqNhH # YPvoBHsOSC+7555yhapkof0fbzyct1hdWHGXsAFMfLF2TVJ8d2YVYOfZdi6YrT4s # MxOhTKiLKmhL1XtzM7hXdmv7lg2R+lWw8lIkSu/JiINQ0GAPcwxMsgRXDSPp8VUs # 4Jby+ruz0bjaoHFd7H+hC8cPPcrEDP2eEdYURVl0acjliigCrXwR05NFJzYj3MZi # zDGLPI3lIzonX1T40yK8v1FcJ8MXZZCvOXGXwRDGGfwwTTsHaJj+OfWNZ/IsypG4 # bGvqeJcPnEFcQEwRcfYIEe/R4a8k+xw5qTy75CbwWeMFuAlt9lE9kjMg3tvJyDlN # 5voXx5VXinCwUHMpuVaEQ4yHAlSO7qoBltjzTBNHH3ovMwsAsuhwrLLCVhUu3oP2 # GxYZwEyXMlnzK5DbgGzHzDfDaYPHK0uo1VaMMg9Bhuc3YIvrkFXEiv+t/JgNcRGC # t6ZyKEIDtPbrgwcCAwEAAaOCAdwwggHYMA4GA1UdDwEB/wQEAwIBhjAQBgkrBgEE # AYI3FQEEAwIBADAdBgNVHQ4EFgQUpEMMf3ZapYXnPo0oDwwXokVpcMYwVAYDVR0g # BE0wSzBJBgRVHSAAMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cubWljcm9zb2Z0 # LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0bTAZBgkrBgEEAYI3FAIEDB4K # AFMAdQBiAEMAQTASBgNVHRMBAf8ECDAGAQH/AgEAMB8GA1UdIwQYMBaAFNlBKbAP # D2Ns72nX9c0pnqRIajDmMHAGA1UdHwRpMGcwZaBjoGGGX2h0dHA6Ly93d3cubWlj # cm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUyMElEJTIwVmVyaWZpZWQl # MjBDb2RlJTIwU2lnbmluZyUyMFBDQSUyMDIwMjEuY3JsMH0GCCsGAQUFBwEBBHEw # bzBtBggrBgEFBQcwAoZhaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9j # ZXJ0cy9NaWNyb3NvZnQlMjBJRCUyMFZlcmlmaWVkJTIwQ29kZSUyMFNpZ25pbmcl # MjBQQ0ElMjAyMDIxLmNydDANBgkqhkiG9w0BAQwFAAOCAgEAcccgVvl+poXUYksA # /TzDFnBlAJ8ef0FMJzb2XRRhF/uA0QyK/VgoeAvO8B7cPpYNQ97sytdA7LT19CxS # wRQAt71jGF+CJl8KC4aEdMZTfJlHaKyd24J6QiVriNed9WdawsD7lK0pAcXziBg5 # N6dhAm9x6P8R4uT0UkfzlK1rkB8F4mlzE7l7tyES3s8FZGaRZjcGEQ+e0fTcdhf8 # jO7czmNB4dIRgmmBCt/P+ha0tEl2nV1sg1An5+VzhgAkY1Apx8fiUFBtH+Ehw/om # 5aQCNIJfmR51ZnV18R02Xk2tAmAiIRcSj9vdtrNIOsy5nolddy1lJrbf1Be061l6 # TItv9FDZ4mg6B+65zxkVecVV/Ll8uLGYouGrMM6jzO2O/ps3K2p6mfBI2ZOYIy4U # NwNrGWqa5TrvAmkZsn3CIlR+81X4AL5vNTFlxc4gH+5su0Dr58hBTxnXavDEnz7X # 0csP1Kt7h+iqaGiTSHz2B+n3HmUoud0WrdQPYKxMat0To4YUqU3HIbgSLQDDVT8a # CjW1Jvokf1915C/vVkIIp48h3voVy3JWPLwBlxQ9aeND6jCKQGLJhCQRSlvXX+P/ # 9TeaEA6/xWPSASZf6Ekve/Yua7U+zWc/Sr2K2gj0QRrNEAsvrFr4EGtHKDO9ECVS # 3lcJksVDv9KHdMPUK8u20i68RqAwggeeMIIFhqADAgECAhMzAAAAB4ejNKN7pY4c # AAAAAAAHMA0GCSqGSIb3DQEBDAUAMHcxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xSDBGBgNVBAMTP01pY3Jvc29mdCBJZGVudGl0 # eSBWZXJpZmljYXRpb24gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAyMDAe # Fw0yMTA0MDEyMDA1MjBaFw0zNjA0MDEyMDE1MjBaMGMxCzAJBgNVBAYTAlVTMR4w # HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xNDAyBgNVBAMTK01pY3Jvc29m # dCBJRCBWZXJpZmllZCBDb2RlIFNpZ25pbmcgUENBIDIwMjEwggIiMA0GCSqGSIb3 # DQEBAQUAA4ICDwAwggIKAoICAQCy8MCvGYgo4t1UekxJbGkIVQm0Uv96SvjB6yUo # 92cXdylN65Xy96q2YpWCiTas7QPTkGnK9QMKDXB2ygS27EAIQZyAd+M8X+dmw6SD # tzSZXyGkxP8a8Hi6EO9Zcwh5A+wOALNQbNO+iLvpgOnEM7GGB/wm5dYnMEOguua1 # OFfTUITVMIK8faxkP/4fPdEPCXYyy8NJ1fmskNhW5HduNqPZB/NkWbB9xxMqowAe # WvPgHtpzyD3PLGVOmRO4ka0WcsEZqyg6efk3JiV/TEX39uNVGjgbODZhzspHvKFN # U2K5MYfmHh4H1qObU4JKEjKGsqqA6RziybPqhvE74fEp4n1tiY9/ootdU0vPxRp4 # BGjQFq28nzawuvaCqUUF2PWxh+o5/TRCb/cHhcYU8Mr8fTiS15kRmwFFzdVPZ3+J # V3s5MulIf3II5FXeghlAH9CvicPhhP+VaSFW3Da/azROdEm5sv+EUwhBrzqtxoYy # E2wmuHKws00x4GGIx7NTWznOm6x/niqVi7a/mxnnMvQq8EMse0vwX2CfqM7Le/sm # bRtsEeOtbnJBbtLfoAsC3TdAOnBbUkbUfG78VRclsE7YDDBUbgWt75lDk53yi7C3 # n0WkHFU4EZ83i83abd9nHWCqfnYa9qIHPqjOiuAgSOf4+FRcguEBXlD9mAInS7b6 # V0UaNwIDAQABo4ICNTCCAjEwDgYDVR0PAQH/BAQDAgGGMBAGCSsGAQQBgjcVAQQD # AgEAMB0GA1UdDgQWBBTZQSmwDw9jbO9p1/XNKZ6kSGow5jBUBgNVHSAETTBLMEkG # BFUdIAAwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3Br # aW9wcy9Eb2NzL1JlcG9zaXRvcnkuaHRtMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIA # QwBBMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUyH7SaoUqG8oZmAQHJ89Q # EE9oqKIwgYQGA1UdHwR9MHsweaB3oHWGc2h0dHA6Ly93d3cubWljcm9zb2Z0LmNv # bS9wa2lvcHMvY3JsL01pY3Jvc29mdCUyMElkZW50aXR5JTIwVmVyaWZpY2F0aW9u # JTIwUm9vdCUyMENlcnRpZmljYXRlJTIwQXV0aG9yaXR5JTIwMjAyMC5jcmwwgcMG # CCsGAQUFBwEBBIG2MIGzMIGBBggrBgEFBQcwAoZ1aHR0cDovL3d3dy5taWNyb3Nv # ZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBJZGVudGl0eSUyMFZlcmlm # aWNhdGlvbiUyMFJvb3QlMjBDZXJ0aWZpY2F0ZSUyMEF1dGhvcml0eSUyMDIwMjAu # Y3J0MC0GCCsGAQUFBzABhiFodHRwOi8vb25lb2NzcC5taWNyb3NvZnQuY29tL29j # c3AwDQYJKoZIhvcNAQEMBQADggIBAH8lKp7+1Kvq3WYK21cjTLpebJDjW4ZbOX3H # D5ZiG84vjsFXT0OB+eb+1TiJ55ns0BHluC6itMI2vnwc5wDW1ywdCq3TAmx0KWy7 # xulAP179qX6VSBNQkRXzReFyjvF2BGt6FvKFR/imR4CEESMAG8hSkPYso+GjlngM # 8JPn/ROUrTaeU/BRu/1RFESFVgK2wMz7fU4VTd8NXwGZBe/mFPZG6tWwkdmA/jLb # p0kNUX7elxu2+HtHo0QO5gdiKF+YTYd1BGrmNG8sTURvn09jAhIUJfYNotn7OlTh # tfQjXqe0qrimgY4Vpoq2MgDW9ESUi1o4pzC1zTgIGtdJ/IvY6nqa80jFOTg5qzAi # RNdsUvzVkoYP7bi4wLCj+ks2GftUct+fGUxXMdBUv5sdr0qFPLPB0b8vq516slCf # RwaktAxK1S40MCvFbbAXXpAZnU20FaAoDwqq/jwzwd8Wo2J83r7O3onQbDO9TyDS # tgaBNlHzMMQgl95nHBYMelLEHkUnVVVTUsgC0Huj09duNfMaJ9ogxhPNThgq3i8w # 3DAGZ61AMeF0C1M+mU5eucj1Ijod5O2MMPeJQ3/vKBtqGZg4eTtUHt/BPjN74SsJ # syHqAdXVS5c+ItyKWg3Eforhox9k3WgtWTpgV4gkSiS4+A09roSdOI4vrRw+p+fL # 4WrxSK5nMYIakTCCGo0CAQEwcTBaMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWlj # cm9zb2Z0IENvcnBvcmF0aW9uMSswKQYDVQQDEyJNaWNyb3NvZnQgSUQgVmVyaWZp # ZWQgQ1MgQU9DIENBIDAzAhMzAAE6T9lx3eo/npL1AAAAATpPMA0GCWCGSAFlAwQC # AQUAoF4wEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcC # AQQwLwYJKoZIhvcNAQkEMSIEIDAc6mlv/dbeb+LVHNJfp4Y0KLA558S8/564rRZt # tF/TMA0GCSqGSIb3DQEBAQUABIIBgHpFUpLQn8V/TT7nOxWObohLHfjFrhWvMjVM # h3O+6m1bP9QFlXXkstrSUTWYb6tZaUp1efJIx8W1aH8Y2TOmIxZBfxEnGXbiZAef # EDpaKJw8J8cvi4J2BwLMpq4vTNRCbwSQwpZPh5wXvSSh05+WiSebI4e9AeMHDhEb # 6GK8A2qid9rXqCOezwCuDYt5k4ayPb//TIB9goAI1KdvNr8LB/WdQKXcAaIAzn+w # ihFFg2E/R9IwIpXF0Bn3klL/j2GMF6zINQHOQvkfac2KtJKtH/FfJxJbiz44Hjtb # K3y05w62P/CGK9Q8TZIdl0grH+ZwSoDKyWh2bb3nJV3g4H3w/EN0s0LVVH9bPHhZ # 7l4f+bNEdv2dTOctW2nioSmrWiB90X0k0qUUvx2hP7QpwkllsW4QY6bd60JgfyJr # nelnTyTPYL0S2rzOQeclsquT0aI/LXmGs8X9jgwfiywaOXjsJRonwWg3MgD0qHev # 2a7AJ9YmaOYv0jdRRkVX51A9yO0PrKGCGBEwghgNBgorBgEEAYI3AwMBMYIX/TCC # F/kGCSqGSIb3DQEHAqCCF+owghfmAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFiBgsq # hkiG9w0BCRABBKCCAVEEggFNMIIBSQIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCA0XDZSPhYL09dZjr6UKXbilxRmVAtAaQEPQPzTbGxZ2wIGaeiBOpLY # GBMyMDI2MDUyMjAxMDgxOC42NzJaMASAAgH0oIHhpIHeMIHbMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1l # cmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046N0QwMC0w # NUUwLUQ5NDcxNTAzBgNVBAMTLE1pY3Jvc29mdCBQdWJsaWMgUlNBIFRpbWUgU3Rh # bXBpbmcgQXV0aG9yaXR5oIIPITCCB4IwggVqoAMCAQICEzMAAAAF5c8P/2YuyYcA # AAAAAAUwDQYJKoZIhvcNAQEMBQAwdzELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1p # Y3Jvc29mdCBDb3Jwb3JhdGlvbjFIMEYGA1UEAxM/TWljcm9zb2Z0IElkZW50aXR5 # IFZlcmlmaWNhdGlvbiBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDIwMB4X # DTIwMTExOTIwMzIzMVoXDTM1MTExOTIwNDIzMVowYTELMAkGA1UEBhMCVVMxHjAc # BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0 # IFB1YmxpYyBSU0EgVGltZXN0YW1waW5nIENBIDIwMjAwggIiMA0GCSqGSIb3DQEB # AQUAA4ICDwAwggIKAoICAQCefOdSY/3gxZ8FfWO1BiKjHB7X55cz0RMFvWVGR3eR # wV1wb3+yq0OXDEqhUhxqoNv6iYWKjkMcLhEFxvJAeNcLAyT+XdM5i2CgGPGcb95W # JLiw7HzLiBKrxmDj1EQB/mG5eEiRBEp7dDGzxKCnTYocDOcRr9KxqHydajmEkzXH # OeRGwU+7qt8Md5l4bVZrXAhK+WSk5CihNQsWbzT1nRliVDwunuLkX1hyIWXIArCf # rKM3+RHh+Sq5RZ8aYyik2r8HxT+l2hmRllBvE2Wok6IEaAJanHr24qoqFM9WLeBU # Sudz+qL51HwDYyIDPSQ3SeHtKog0ZubDk4hELQSxnfVYXdTGncaBnB60QrEuazvc # ob9n4yR65pUNBCF5qeA4QwYnilBkfnmeAjRN3LVuLr0g0FXkqfYdUmj1fFFhH8k8 # YBozrEaXnsSL3kdTD01X+4LfIWOuFzTzuoslBrBILfHNj8RfOxPgjuwNvE6YzauX # i4orp4Sm6tF245DaFOSYbWFK5ZgG6cUY2/bUq3g3bQAqZt65KcaewEJ3ZyNEobv3 # 5Nf6xN6FrA6jF9447+NHvCjeWLCQZ3M8lgeCcnnhTFtyQX3XgCoc6IRXvFOcPVrr # 3D9RPHCMS6Ckg8wggTrtIVnY8yjbvGOUsAdZbeXUIQAWMs0d3cRDv09SvwVRd61e # vQIDAQABo4ICGzCCAhcwDgYDVR0PAQH/BAQDAgGGMBAGCSsGAQQBgjcVAQQDAgEA # MB0GA1UdDgQWBBRraSg6NS9IY0DPe9ivSek+2T3bITBUBgNVHSAETTBLMEkGBFUd # IAAwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9w # cy9Eb2NzL1JlcG9zaXRvcnkuaHRtMBMGA1UdJQQMMAoGCCsGAQUFBwMIMBkGCSsG # AQQBgjcUAgQMHgoAUwB1AGIAQwBBMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgw # FoAUyH7SaoUqG8oZmAQHJ89QEE9oqKIwgYQGA1UdHwR9MHsweaB3oHWGc2h0dHA6 # Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUyMElkZW50 # aXR5JTIwVmVyaWZpY2F0aW9uJTIwUm9vdCUyMENlcnRpZmljYXRlJTIwQXV0aG9y # aXR5JTIwMjAyMC5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMIGBBggrBgEFBQcwAoZ1 # aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQl # MjBJZGVudGl0eSUyMFZlcmlmaWNhdGlvbiUyMFJvb3QlMjBDZXJ0aWZpY2F0ZSUy # MEF1dGhvcml0eSUyMDIwMjAuY3J0MA0GCSqGSIb3DQEBDAUAA4ICAQBfiHbHfm21 # WhV150x4aPpO4dhEmSUVpbixNDmv6TvuIHv1xIs174bNGO/ilWMm+Jx5boAXrJxa # gRhHQtiFprSjMktTliL4sKZyt2i+SXncM23gRezzsoOiBhv14YSd1Klnlkzvgs29 # XNjT+c8hIfPRe9rvVCMPiH7zPZcw5nNjthDQ+zD563I1nUJ6y59TbXWsuyUsqw7w # XZoGzZwijWT5oc6GvD3HDokJY401uhnj3ubBhbkR83RbfMvmzdp3he2bvIUztSOu # FzRqrLfEvsPkVHYnvH1wtYyrt5vShiKheGpXa2AWpsod4OJyT4/y0dggWi8g/tgb # hmQlZqDUf3UqUQsZaLdIu/XSjgoZqDjamzCPJtOLi2hBwL+KsCh0Nbwc21f5xvPS # wym0Ukr4o5sCcMUcSy6TEP7uMV8RX0eH/4JLEpGyae6Ki8JYg5v4fsNGif1OXHJ2 # IWG+7zyjTDfkmQ1snFOTgyEX8qBpefQbF0fx6URrYiarjmBprwP6ZObwtZXJ23jK # 3Fg/9uqM3j0P01nzVygTppBabzxPAh/hHhhls6kwo3QLJ6No803jUsZcd4JQxiYH # Hc+Q/wAMcPUnYKv/q2O444LO1+n6j01z5mggCSlRwD9faBIySAcA9S8h22hIAcRQ # qIGEjolCK9F6nK9ZyX4lhthsGHumaABdWzCCB5cwggV/oAMCAQICEzMAAABV2d1p # Jij5+OIAAAAAAFUwDQYJKoZIhvcNAQEMBQAwYTELMAkGA1UEBhMCVVMxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFB1 # YmxpYyBSU0EgVGltZXN0YW1waW5nIENBIDIwMjAwHhcNMjUxMDIzMjA0NjQ5WhcN # MjYxMDIyMjA0NjQ5WjCB2zELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0 # b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3Jh # dGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJpY2EgT3BlcmF0aW9uczEnMCUG # A1UECxMeblNoaWVsZCBUU1MgRVNOOjdEMDAtMDVFMC1EOTQ3MTUwMwYDVQQDEyxN # aWNyb3NvZnQgUHVibGljIFJTQSBUaW1lIFN0YW1waW5nIEF1dGhvcml0eTCCAiIw # DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL25H5IeWUiz9DAlFmn2sPymaFWb # vYkMfK+ScIWb3a1IvOlIwghUDjY0Gp6yMRhfYURiGS0GedIB6ywvuH6VBCX3+bdO # FcAclgtv21jrpOjZmk4fSaT2Q3BszUfeUJa8o3xI7ZfoMY9dszTxHQAz6ZVX87fH # GEVhQcfxW33IdPJOj/ae419qtYxT21MVmCfsTshgtWioQxmOW/vMC9/b+qgtBxSM # f798vm3qfmhF6KCvFaHlivrM32hY16PGE3L0PFC+LM7vRxU7mTb+r76CeybvqOWk # 4+dbKYftPhV1t/E5S/6wwXeYmu/Y7JC7Tnh2w45G5Y4pcM3oHMb/YuPRdOWa0v+R # C2QgmNVWqjuxDiylWscXQDuaMtb29AcdGUVV9ZsRY2M2sthAtOdZOshiR5ufMtaH # tiCkWv0jNfgUxrHurxzYuUNneWZ6EfQDgFAw8CSCKkSOK2c9jEop4ddVq10xvbqx # drqMneVXvvIcXrPQAXj9j2ECpV2EwMb3Wnmpw00P78JpzPsk3Fs61ZvOGd/F1RcO # Bu6f2TWdp7HL7+rq7tgHr13MldbfIWu4lpoYYE1gTQa1Yrg5XN4j7zs9klT2z3qo # cmPzV8DWQgIHNh+aTs7bujMEMQyI7Xt1zPxZCgcR6H0tmmzU/9BxvsWbRalCQ2sY # GyWupTdc4e7KY7kPAgMBAAGjggHLMIIBxzAdBgNVHQ4EFgQUVgRfEG3cCAPwyL+p # yRbKwdesZbYwHwYDVR0jBBgwFoAUa2koOjUvSGNAz3vYr0npPtk92yEwbAYDVR0f # BGUwYzBhoF+gXYZbaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwv # TWljcm9zb2Z0JTIwUHVibGljJTIwUlNBJTIwVGltZXN0YW1waW5nJTIwQ0ElMjAy # MDIwLmNybDB5BggrBgEFBQcBAQRtMGswaQYIKwYBBQUHMAKGXWh0dHA6Ly93d3cu # bWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwUHVibGljJTIw # UlNBJTIwVGltZXN0YW1waW5nJTIwQ0ElMjAyMDIwLmNydDAMBgNVHRMBAf8EAjAA # MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMA4GA1UdDwEB/wQEAwIHgDBmBgNVHSAE # XzBdMFEGDCsGAQQBgjdMg30BATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1p # Y3Jvc29mdC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9yeS5odG0wCAYGZ4EMAQQC # MA0GCSqGSIb3DQEBDAUAA4ICAQBSHuGSVHvalCnFnlsqXIQefH1xP2SFr9g+Vz+f # 5P7QeywjfQb5jUlSmd1XnJUDPe/MHxL7r3TEElL+mNtG6CDPAytStSFPXD9tTBtB # MYh8Wqo64pH9qm361yIqeBH979mzWCkMQsTd0nM6dUl9B+7qiti+ToXwxIl39eYq # LuYYfhD2mqqePXMzUKSQzkf73yYIVHP6nLJQz4aAmaWcfG9jg78sBkDV8KpW7Jgk # tuLhphJEN1B+SVHjenPdcmrFXIUu/K4jK5ukfWaQIjuaXzSjBlNjC5tQN6adPfA3 # GxUwHPeR4ekL5If/9vBf13tmzBW+gy+0sNGTveb9IL9GU8iX8UvywsX62nhCCPRU # hTigDBKdczRUrNrntBhowbfchBDFML8avRMRc9Gmc2JvIryX336SFQ51//q1UU2H # MSJEMhWLJSIWJVhfUowsOa+PampIzETYfFvTu2mqKJUlWZXkGYxrdCvCczJcqeoa # dpW1ul6kcdnDh228SQ8ZhDc6IRlM4iNd5SNoNgX+aom3wuGyjUaSaPZWxPB1G2NK # iYhPLt0lPHg0Gskj1zhISY8UQkMMDr3o2JgRuT+wnJEDQUp55ddvhSkSoD6I9DL/ # s+TjIY/c9jLaW5xywJHqdKHUApRMsghv7kebSua1upmR+TquelFktDSOjVdSRkuy # a4uoxTGCB0Mwggc/AgEBMHgwYTELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFB1YmxpYyBSU0Eg # VGltZXN0YW1waW5nIENBIDIwMjACEzMAAABV2d1pJij5+OIAAAAAAFUwDQYJYIZI # AWUDBAIBBQCgggScMBEGCyqGSIb3DQEJEAIPMQIFADAaBgkqhkiG9w0BCQMxDQYL # KoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI2MDUyMjAxMDgxOFowLwYJKoZI # hvcNAQkEMSIEIGnxGl+uS1TH9A+TlRfpvpJzD8JqlmoNAZD3C2sCNoY+MIG5Bgsq # hkiG9w0BCRACLzGBqTCBpjCBozCBoAQg2Lk8l2SGYru/ff7+D2qrJnkswcYdK6pG # Ku7GGGr4/s0wfDBlpGMwYTELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jvc29m # dCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFB1YmxpYyBSU0EgVGlt # ZXN0YW1waW5nIENBIDIwMjACEzMAAABV2d1pJij5+OIAAAAAAFUwggNeBgsqhkiG # 9w0BCRACEjGCA00wggNJoYIDRTCCA0EwggIpAgEBMIIBCaGB4aSB3jCB2zELMAkG # A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx # HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMGA1UECxMcTWljcm9z # b2Z0IEFtZXJpY2EgT3BlcmF0aW9uczEnMCUGA1UECxMeblNoaWVsZCBUU1MgRVNO # OjdEMDAtMDVFMC1EOTQ3MTUwMwYDVQQDEyxNaWNyb3NvZnQgUHVibGljIFJTQSBU # aW1lIFN0YW1waW5nIEF1dGhvcml0eaIjCgEBMAcGBSsOAwIaAxUAHTtUAYJlv7bg # WVeRBo4X7FeHDeqgZzBlpGMwYTELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFB1YmxpYyBSU0Eg # VGltZXN0YW1waW5nIENBIDIwMjAwDQYJKoZIhvcNAQELBQACBQDtueOwMCIYDzIw # MjYwNTIxMjAwNDAwWhgPMjAyNjA1MjIyMDA0MDBaMHQwOgYKKwYBBAGEWQoEATEs # MCowCgIFAO2547ACAQAwBwIBAAICA4QwBwIBAAICEl0wCgIFAO27NTACAQAwNgYK # KwYBBAGEWQoEAjEoMCYwDAYKKwYBBAGEWQoDAqAKMAgCAQACAwehIKEKMAgCAQAC # AwGGoDANBgkqhkiG9w0BAQsFAAOCAQEAQYjpk0zBAxZzCTGGVKY4nf+LxygifeZa # 7vk0JWXmUL4htxWHQSxX/yg9GeSBpjt+F54NJ9ntOg8VS2Lsoi1kYvZ3UrbUPCdK # mh9S4RJrQPzA1am8NUu+mOkGzi4zisxIziIdoCAngJbIeg9pI4v1b/2PMO0aKPIb # vr8qyiI5LiCKBtiRWQnyQ+GH033HC3ynwoeLPoQKPZiH7cIUxDgP5RYlRt5RorVb # WX5F/bYyPgguxfswPCFJMJwz1Kio3apcOo73dgXT0WgLDM53qQv5kHTg7GZ/bbyd # Qqr7ACxRKdQH2cmJgUbpo8uDwDEJSJwa0j7zBFONG49JLcG+kFlIdDANBgkqhkiG # 9w0BAQEFAASCAgBcxuwYy9xVXuQFScZkGdKFru12EWZPooTR1NIkEPp1Qdl6tKtd # Hfks4QGn1Ahk1kDCShMgd+7FUL59Vo6ZeMJnvK5ykoZMNEFGRMbd+TO5Rrr3gE6O # raOqZQ83krAEFEdj3wwK4xdPTSWeO4rgOVvCmU533cW3eMKvv0b5enh793sTcJua # cVsJOE7Xjn5f6pbZEFwJ7s35DOYWcN1C7WsJPJf/cYxqs22S/k2/mEbY/z7aNfYe # NsJ/aTjqJ5a/BDH69ypvDOHhNNtCymYOEnlwFOiJkQhOR+0XT99lMZ6bAY/4nEPm # kzsH0vPrERYdQEqqCVaJ/gnlBUbbwde/9VNNoAJCmjypYQWqHJp0Dv51kBvQRmJp # dNuq4LNSxPPB8GvUAMY7IhqeP8uGdbLSsjD8/tHDBEaOd3CnQIGnaciK+UJ52V5N # AkiSbo9D2ffUIBvRmc+VBSKEoGSJdDHDbTQI6lqmGOv9c2KduYnNWLAZr84tTj8f # 0TKKMmLCVp4Vmr+PKmOKKFZP7Qf/LMRvkO7DvK/MR6JDFyHubNqyRavlXSDDst0V # kbgJgT8Etszlm1cMIm2+bLMC9VfGrr1r6tlUh1dpTX4FGJzJDC5usFJODkZ4jRvn # ZZu9CfGaF1FNjMmc7uEN5P/+UTY/FRcfukrEUMQlAvui3KVukHurUGH3Jg== # SIG # End signature block |