<# MIT License Copyright (c) Microsoft Corporation. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE #> # Version 23.03.01.1617 <# .NOTES Name: Test-ExchAVExclusions.ps1 Requires: Administrator rights Major Release History: 06/16/2021 - Initial Release .SYNOPSIS Uses EICAR files to verify that all Exchange paths that should be excluded from AV scanning are excluded. .DESCRIPTION Writes an EICAR test file https://en.wikipedia.org/wiki/EICAR_test_file to all paths specified by https://docs.microsoft.com/en-us/Exchange/antispam-and-antimalware/windows-antivirus-software?view=exchserver-2019 and https://docs.microsoft.com/en-us/exchange/anti-virus-software-in-the-operating-system-on-exchange-servers-exchange-2013-help If the file is removed then the path is not properly excluded from AV Scanning. IF the file is not removed then it should be properly excluded. Once the files are created it will wait 60 seconds for AV to "see" and remove the file. .PARAMETER Recurse Will test not just the root folders but all SubFolders. Generally should not be needed unless all folders pass without -Recuse but AV is still suspected. .OUTPUTS Log file: $env:LOCALAPPDATA\ExchAvExclusions.log List of Scanned Folders: $env:LOCALAPPDATA\BadExclusions.txt .EXAMPLE .\Test-ExchAVExclusions.ps1 Puts and removes an EICAR file in all test paths. .EXAMPLE .\Test-ExchAVExclusions.ps1 -Recurse Puts and Remove an EICAR file in all test paths + all SubFolders. #> [CmdletBinding()] param ( [Parameter()] [switch] $Recurse, [Parameter()] [switch] $OpenLog ) function Confirm-Administrator { $currentPrincipal = New-Object Security.Principal.WindowsPrincipal( [Security.Principal.WindowsIdentity]::GetCurrent() ) return $currentPrincipal.IsInRole( [Security.Principal.WindowsBuiltInRole]::Administrator ) } function Invoke-CatchActionError { [CmdletBinding()] param( [ScriptBlock]$CatchActionFunction ) if ($null -ne $CatchActionFunction) { & $CatchActionFunction } } function Invoke-CatchActionErrorLoop { [CmdletBinding()] param( [Parameter(Mandatory = $true, Position = 0)] [int]$CurrentErrors, [Parameter(Mandatory = $false, Position = 1)] [ScriptBlock]$CatchActionFunction ) process { if ($null -ne $CatchActionFunction -and $Error.Count -ne $CurrentErrors) { $i = 0 while ($i -lt ($Error.Count - $currentErrors)) { & $CatchActionFunction $Error[$i] $i++ } } } } # Confirm that either Remote Shell or EMS is loaded from an Edge Server, Exchange Server, or a Tools box. # It does this by also initializing the session and running Get-EventLogLevel. (Server Management RBAC right) # All script that require Confirm-ExchangeShell should be at least using Server Management RBAC right for the user running the script. function Confirm-ExchangeShell { [CmdletBinding()] param( [Parameter(Mandatory = $false)] [bool]$LoadExchangeShell = $true, [Parameter(Mandatory = $false)] [ScriptBlock]$CatchActionFunction ) begin { Write-Verbose "Calling: $($MyInvocation.MyCommand)" Write-Verbose "Passed: LoadExchangeShell: $LoadExchangeShell" $currentErrors = $Error.Count $edgeTransportKey = 'HKLM:\SOFTWARE\Microsoft\ExchangeServer\v15\EdgeTransportRole' $setupKey = 'HKLM:\SOFTWARE\Microsoft\ExchangeServer\v15\Setup' $remoteShell = (-not(Test-Path $setupKey)) $toolsServer = (Test-Path $setupKey) -and (-not(Test-Path $edgeTransportKey)) -and ($null -eq (Get-ItemProperty -Path $setupKey -Name "Services" -ErrorAction SilentlyContinue)) Invoke-CatchActionErrorLoop $currentErrors $CatchActionFunction function IsExchangeManagementSession { [OutputType("System.Boolean")] param( [ScriptBlock]$CatchActionFunction ) $getEventLogLevelCallSuccessful = $false $isExchangeManagementShell = $false try { $eventLogLevel = Get-EventLogLevel -ErrorAction Stop | Select-Object -First 1 $getEventLogLevelCallSuccessful = $true foreach ($e in $eventLogLevel) { if (($e.GetType().Name -eq "EventCategoryObject") -or (($e.GetType().Name -eq "PSObject") -and ($null -ne $e.SerializationData))) { $isExchangeManagementShell = $true } } } catch { Write-Verbose "Failed to run Get-EventLogLevel" Invoke-CatchActionError $CatchActionFunction } return [PSCustomObject]@{ CallWasSuccessful = $getEventLogLevelCallSuccessful IsManagementShell = $isExchangeManagementShell } } } process { $isEMS = IsExchangeManagementSession $CatchActionFunction if ($isEMS.CallWasSuccessful) { Write-Verbose "Exchange PowerShell Module already loaded." } else { if (-not ($LoadExchangeShell)) { return } #Test 32 bit process, as we can't see the registry if that is the case. if (-not ([System.Environment]::Is64BitProcess)) { Write-Warning "Open a 64 bit PowerShell process to continue" return } if (Test-Path "$setupKey") { Write-Verbose "We are on Exchange 2013 or newer" try { $currentErrors = $Error.Count if (Test-Path $edgeTransportKey) { Write-Verbose "We are on Exchange Edge Transport Server" [xml]$PSSnapIns = Get-Content -Path "$env:ExchangeInstallPath\Bin\exShell.psc1" -ErrorAction Stop foreach ($PSSnapIn in $PSSnapIns.PSConsoleFile.PSSnapIns.PSSnapIn) { Write-Verbose ("Trying to add PSSnapIn: {0}" -f $PSSnapIn.Name) Add-PSSnapin -Name $PSSnapIn.Name -ErrorAction Stop } Import-Module $env:ExchangeInstallPath\bin\Exchange.ps1 -ErrorAction Stop } else { Import-Module $env:ExchangeInstallPath\bin\RemoteExchange.ps1 -ErrorAction Stop Connect-ExchangeServer -Auto -ClientApplication:ManagementShell } Invoke-CatchActionErrorLoop $currentErrors $CatchActionFunction Write-Verbose "Imported Module. Trying Get-EventLogLevel Again" $isEMS = IsExchangeManagementSession $CatchActionFunction if (($isEMS.CallWasSuccessful) -and ($isEMS.IsManagementShell)) { Write-Verbose "Successfully loaded Exchange Management Shell" } else { Write-Warning "Something went wrong while loading the Exchange Management Shell" } } catch { Write-Warning "Failed to Load Exchange PowerShell Module..." Invoke-CatchActionError $CatchActionFunction } } else { Write-Verbose "Not on an Exchange or Tools server" } } } end { $returnObject = [PSCustomObject]@{ ShellLoaded = $isEMS.CallWasSuccessful Major = ((Get-ItemProperty -Path $setupKey -Name "MsiProductMajor" -ErrorAction SilentlyContinue).MsiProductMajor) Minor = ((Get-ItemProperty -Path $setupKey -Name "MsiProductMinor" -ErrorAction SilentlyContinue).MsiProductMinor) Build = ((Get-ItemProperty -Path $setupKey -Name "MsiBuildMajor" -ErrorAction SilentlyContinue).MsiBuildMajor) Revision = ((Get-ItemProperty -Path $setupKey -Name "MsiBuildMinor" -ErrorAction SilentlyContinue).MsiBuildMinor) EdgeServer = $isEMS.CallWasSuccessful -and (Test-Path $setupKey) -and (Test-Path $edgeTransportKey) ToolsOnly = $isEMS.CallWasSuccessful -and $toolsServer RemoteShell = $isEMS.CallWasSuccessful -and $remoteShell EMS = $isEMS.IsManagementShell } return $returnObject } } function Get-ExchAVExclusionsPaths { [CmdletBinding()] [OutputType([Collections.Generic.List[string]])] param ( [Parameter(Mandatory = $true)] [ValidateScript({ if (Test-Path $_ -PathType Container ) { $true } else { throw "Path $_ is not valid" } })] [string] $ExchangePath, [Parameter(Mandatory = $true)] [ValidateSet(0, 1, 2)] [byte] $MsiProductMinor ) # Create the Array List $BaseFolders = New-Object Collections.Generic.List[string] # List of base Folders if ((Get-ExchangeServer $env:COMPUTERNAME).IsMailboxServer) { if (Get-DatabaseAvailabilityGroup ) { if (Get-DatabaseAvailabilityGroup | Where-Object { $_.Servers.Name -contains ($env:COMPUTERNAME) } ) { $BaseFolders.Add((Join-Path $($env:SystemRoot) '\Cluster').ToLower()) $dag = $null $dag = Get-DatabaseAvailabilityGroup | Where-Object { $_.Servers.Name -contains ($env:COMPUTERNAME) } if ( $null -ne $dag ) { Write-Warning "Remember to add the witness directory $($dag.WitnessDirectory.PathName) on the server $($dag.WitnessServer.Fqdn)" } } } $BaseFolders.Add((Join-Path $ExchangePath '\ClientAccess\OAB').ToLower()) $BaseFolders.Add((Join-Path $ExchangePath '\FIP-FS').ToLower()) $BaseFolders.Add((Join-Path $ExchangePath '\GroupMetrics').ToLower()) $BaseFolders.Add((Join-Path $ExchangePath '\Logging').ToLower()) if ($MsiProductMinor -eq 0 ) { $BaseFolders.Add((Join-Path $ExchangePath '\Mailbox\MdbTemp').ToLower()) } $mbxS = Get-MailboxServer -Identity $($env:COMPUTERNAME) | Select-Object CalendarRepairLogPath, LogPathForManagedFolders, ` DataPath, MigrationLogFilePath, TransportSyncLogFilePath, TransportSyncMailboxHealthLogFilePath $mbxS.PSObject.Properties.Value.PathName | ForEach-Object { if ( $_ ) { if ( Test-Path $_ -PathType Container ) { $BaseFolders.Add($_.ToLower()) } } } # Add all database folder paths foreach ($Entry in (Get-MailboxDatabase -Server $Env:COMPUTERNAME)) { $BaseFolders.Add((Split-Path $Entry.EdbFilePath -Parent).ToLower()) $mbDbLogs = $Entry | Select-Object TemporaryDataFolderPath, LogFolderPath $mbDbLogs.PSObject.Properties.Value.PathName | ForEach-Object { if ( $_ ) { if ( Test-Path $_ -PathType Container ) { $BaseFolders.Add($_.ToLower()) } } } } $mtsLogs = Get-MailboxTransportService $($env:COMPUTERNAME) | Select-Object ConnectivityLogPath, ` ReceiveProtocolLogPath, SendProtocolLogPath, MailboxSubmissionAgentLogPath, MailboxDeliveryAgentLogPath, ` DnsLogPath, RoutingTableLogPath, SyncDeliveryLogPath, MailboxDeliveryHttpDeliveryLogPath, ` MailboxDeliveryThrottlingLogPath, AgentGrayExceptionLogPath, PipelineTracingPath $mtsLogs.PSObject.Properties.Value.PathName | ForEach-Object { if ( $_ ) { if ( Test-Path $_ -PathType Container ) { $BaseFolders.Add($_.ToLower()) } } } #'$env:SystemRoot\Temp\OICE_' $possibleOICEFolders = Get-ChildItem $env:SystemRoot\temp -Directory -Filter OICE_*.0 $possibleOICEFolders | ForEach-Object { if ( $_.Name.Length -gt 41) { $possibleGUID = $_.Name.Substring(5, 36) $result = [System.Guid]::Empty if ( [System.Guid]::TryParse($possibleGUID, [System.Management.Automation.PSReference]$result) ) { $BaseFolders.Add($_.FullName.ToLower()) } } } } if ((Get-ExchangeServer $env:COMPUTERNAME).IsUnifiedMessagingServer) { $BaseFolders.Add((Join-Path $ExchangePath '\UnifiedMessaging\Grammars')) $BaseFolders.Add((Join-Path $ExchangePath '\UnifiedMessaging\Prompts')) $BaseFolders.Add((Join-Path $ExchangePath '\UnifiedMessaging\Temp')) $BaseFolders.Add((Join-Path $ExchangePath '\UnifiedMessaging\Voicemail')) } if ((Get-ExchangeServer $env:COMPUTERNAME).IsClientAccessServer) { $feTsLogs = Get-FrontEndTransportService $($env:COMPUTERNAME) | Select-Object ConnectivityLogPath, ` ReceiveProtocolLogPath, SendProtocolLogPath, AgentLogPath, DnsLogPath, ResourceLogPath, ` AttributionLogPath, ` RoutingTableLogPath, ProxyDestinationsLogPath, TopInboundIpSourcesLogPath $feTsLogs.PSObject.Properties.Value.PathName | ForEach-Object { if ( $_) { if ( Test-Path $_ -PathType Container ) { $BaseFolders.Add($_.ToLower()) } } } $BaseFolders.Add((Join-Path $env:SystemDrive '\inetPub\temp\IIS Temporary Compressed Files').ToLower()) $BaseFolders.Add(($((Get-PopSettings).LogFileLocation)).ToLower()) $BaseFolders.Add(($((Get-ImapSettings).LogFileLocation)).ToLower()) } if ((Get-ExchangeServer $env:COMPUTERNAME).IsEdgeServer) { $BaseFolders.Add((Join-Path $ExchangePath '\TransportRoles\Data\Adam').ToLower()) $BaseFolders.Add((Join-Path $ExchangePath '\TransportRoles\Data\IpFilter').ToLower()) } if ((Get-ExchangeServer $env:COMPUTERNAME).IsEdgeServer -or (Get-ExchangeServer $env:COMPUTERNAME).IsHubTransportServer) { $BaseFolders.Add((Join-Path $ExchangePath '\TransportRoles\Data\Queue').ToLower()) $BaseFolders.Add((Join-Path $ExchangePath '\TransportRoles\Data\SenderReputation').ToLower()) $BaseFolders.Add((Join-Path $ExchangePath '\TransportRoles\Data\Temp').ToLower()) $BaseFolders.Add((Join-Path $ExchangePath '\TransportRoles\Logs').ToLower()) $tsLogs = Get-TransportService $($env:COMPUTERNAME) | Select-Object ConnectivityLogPath, MessageTrackingLogPath, ` IrmLogPath, ActiveUserStatisticsLogPath, ServerStatisticsLogPath, ReceiveProtocolLogPath, RoutingTableLogPath, ` SendProtocolLogPath, QueueLogPath, LatencyLogPath, GeneralLogPath, WlmLogPath, AgentLogPath, FlowControlLogPath, ` ProcessingSchedulerLogPath, ResourceLogPath, DnsLogPath, JournalLogPath, TransportMaintenanceLogPath, ` RequestBrokerLogPath, StorageRESTLogPath, AgentGrayExceptionLogPath, TransportHttpLogPath, PipelineTracingPath, ` PickupDirectoryPath, ReplayDirectoryPath, ` RootDropDirectoryPath $tsLogs.PSObject.Properties.Value.PathName | ForEach-Object { if ( $_ ) { if ( Test-Path $_ -PathType Container ) { $BaseFolders.Add($_.ToLower()) } } } $BaseFolders.Add((Join-Path $ExchangePath '\Working\OleConverter').ToLower()) # Get transport database path [xml]$TransportConfig = Get-Content (Join-Path $ExchangePath "Bin\EdgeTransport.exe.config") $BaseFolders.Add(($TransportConfig.configuration.AppSettings.Add | Where-Object { $_.key -eq "QueueDatabasePath" }).value.ToLower()) $BaseFolders.Add(($TransportConfig.configuration.AppSettings.Add | Where-Object { $_.key -eq "QueueDatabaseLoggingPath" }).value.ToLower()) if ($MsiProductMinor -eq 0 ) { #E13MBX By default, content conversions are performed in the Exchange server's %TMP% folder. $BaseFolders.Add((Join-Path $env:SystemRoot '\Temp').ToLower()) } } if ($MsiProductMinor -eq 0 ) { #E13 Exchange Server setup temporary files. $BaseFolders.Add((Join-Path $env:SystemRoot '\Temp\ExchangeSetup').ToLower()) # it is only in client Access E13 doc--- inetPub\logs\LogFiles\w3svc Get-Website | Where-Object { $_.name -eq 'Default Web Site' -or $_.name -eq 'Exchange Back End' } | ForEach-Object { if ($_.LogFile.directory.StartsWith('%')) { $BaseFolders.Add(("$(Get-Content -Path Env:"$($_.logFile.directory.Split('%')[1])")$($_.logFile.directory.Split('%')[2])\W3SVC$($_.id)").ToLower()) } else { $BaseFolders.Add(("$($_.LogFile.directory)\W3SVC$($_.id)").ToLower()) } } } # Remove any Duplicates $BaseFolders = $BaseFolders | Select-Object -Unique $BaseFolders } function Get-ExchAVExclusionsExtensions { [CmdletBinding()] [OutputType([Collections.Generic.List[string]])] param ( [ValidateScript({ if (Test-Path $_ -PathType Container ) { $true } else { throw "Path $_ is not valid" } })] [string] $ExchangePath, [Parameter(Mandatory = $true)] [ValidateSet(0, 1, 2)] [byte] $MsiProductMinor ) # Create the Array List $ExtensionsList = New-Object Collections.Generic.List[string] if ($MsiProductMinor -eq 0 ) { #Application-related extensions: $ExtensionsList.Add("config") $ExtensionsList.Add("dia") $ExtensionsList.Add("wsb") #Database-related extensions: $ExtensionsList.Add("chk") $ExtensionsList.Add("edb") $ExtensionsList.Add("jrs") $ExtensionsList.Add("jsl") $ExtensionsList.Add("log") $ExtensionsList.Add("que") #Offline address book-related extensions: $ExtensionsList.Add("lzx") #Content Index-related extensions: $ExtensionsList.Add("ci") $ExtensionsList.Add("dir") $ExtensionsList.Add("wid") $ExtensionsList.Add("000") $ExtensionsList.Add("001") $ExtensionsList.Add("002") #Unified Messaging-related extensions: $ExtensionsList.Add("cfg") $ExtensionsList.Add("grXml") #Group Metrics-related extensions: $ExtensionsList.Add("dsc") $ExtensionsList.Add("txt") } if ($MsiProductMinor -eq 1 -or $MsiProductMinor -eq 2 ) { if ((Get-ExchangeServer $env:COMPUTERNAME).IsMailboxServer -or (Get-ExchangeServer $env:COMPUTERNAME).IsEdgeServer) { #Application-related extensions $ExtensionsList.Add("config") #Database-related extensions $ExtensionsList.Add("chk") $ExtensionsList.Add("edb") $ExtensionsList.Add("jfm") $ExtensionsList.Add("jrs") $ExtensionsList.Add("log") $ExtensionsList.Add("que") } if ((Get-ExchangeServer $env:COMPUTERNAME).IsMailboxServer) { #Group Metrics-related extensions $ExtensionsList.Add("dsc") $ExtensionsList.Add("txt") #Offline address book-related extensions $ExtensionsList.Add("lzx") } if ((Get-ExchangeServer $env:COMPUTERNAME).IsUnifiedMessagingServer) { #Unified Messaging-related extensions $ExtensionsList.Add("cfg") $ExtensionsList.Add("grXml") } } $ExtensionsList.ToLower() } function Get-ExchAVExclusionsProcess { [CmdletBinding()] [OutputType([Collections.Generic.List[string]])] param ( [ValidateScript({ if (Test-Path $_ -PathType Container ) { $true } else { throw "Path $_ is not valid" } })] [string] $ExchangePath, [Parameter(Mandatory = $true)] [ValidateSet(0, 1, 2)] [byte] $MsiProductMinor ) # Create the Array List $ProcessList = New-Object Collections.Generic.List[string] if ( $MsiProductMinor -eq 0) { if ((Get-ExchangeServer $env:COMPUTERNAME).IsMailboxServer) { $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'FIP-FS\Bin\fms.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Microsoft.Exchange.EdgeSyncSvc.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'ClientAccess\PopImap\Microsoft.Exchange.Imap4service.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'ClientAccess\PopImap\Microsoft.Exchange.Pop3service.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Microsoft.Exchange.RPCClientAccess.Service.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Microsoft.Exchange.Search.Service.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Microsoft.Exchange.Store.Service.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Microsoft.Exchange.Store.Worker.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeDagMgmt.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeDelivery.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeMailboxAssistants.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeMailboxReplication.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeMigrationWorkflow.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeRepl.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeSubmission.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeThrottling.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Search\Ceres\Runtime\1.0\Noderunner.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\OleConverter.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Search\Ceres\ParserServer\ParserServer.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'FIP-FS\Bin\ScanEngineTest.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'FIP-FS\Bin\ScanningProcess.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'ClientAccess\Owa\Bin\DocumentViewing\TranscodingService.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\UmService.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\UmWorkerProcess.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'FIP-FS\Bin\UpdateService.exe')) } if ((Get-ExchangeServer $env:COMPUTERNAME).IsEdgeServer) { $ProcessList.Add((Join-Path $env:SystemRoot '\System32\Dsamain.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Microsoft.Exchange.EdgeCredentialSvc.exe')) } if ((Get-ExchangeServer $env:COMPUTERNAME).IsClientAccessServer) { $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'FrontEnd\PopImap\Microsoft.Exchange.Imap4.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'FrontEnd\PopImap\Microsoft.Exchange.Pop3.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'FrontEnd\CallRouter\Microsoft.Exchange.UM.CallRouter.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeFrontendTransport.exe')) } if ((Get-ExchangeServer $env:COMPUTERNAME).IsClientAccessServer -or (Get-ExchangeServer $env:COMPUTERNAME).IsMailboxServer) { $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Search\Ceres\HostController\hostcontrollerservice.exe')) $ProcessList.Add((Join-Path $env:SystemRoot '\System32\inetSrv\inetInfo.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Microsoft.Exchange.Directory.TopologyService.exe')) } if ((Get-ExchangeServer $env:COMPUTERNAME).IsClientAccessServer -or (Get-ExchangeServer $env:COMPUTERNAME).IsMailboxServer -or (Get-ExchangeServer $env:COMPUTERNAME).IsEdgeServer) { $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Microsoft.Exchange.Diagnostics.Service.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Microsoft.Exchange.ProtectedServiceHost.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Microsoft.Exchange.Servicehost.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeHMHost.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeHMWorker.exe')) } if ((Get-ExchangeServer $env:COMPUTERNAME).IsEdgeServer -or (Get-ExchangeServer $env:COMPUTERNAME).IsMailboxServer) { $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\EdgeTransport.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Microsoft.Exchange.AntispamUpdateSvc.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'TransportRoles\agents\Hygiene\Microsoft.Exchange.ContentFilter.Wrapper.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeTransport.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeTransportLogSearch.exe')) } } else { if ((Get-ExchangeServer $env:COMPUTERNAME).IsMailboxServer) { $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\ComplianceAuditService.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'FIP-FS\Bin\fms.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Search\Ceres\HostController\hostcontrollerservice.exe')) $ProcessList.Add((Join-Path $env:SystemRoot '\System32\inetSrv\inetInfo.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Microsoft.Exchange.Directory.TopologyService.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Microsoft.Exchange.EdgeSyncSvc.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'FrontEnd\PopImap\Microsoft.Exchange.Imap4.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'ClientAccess\PopImap\Microsoft.Exchange.Imap4service.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Microsoft.Exchange.Notifications.Broker.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'FrontEnd\PopImap\Microsoft.Exchange.Pop3.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'ClientAccess\PopImap\Microsoft.Exchange.Pop3service.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Microsoft.Exchange.RPCClientAccess.Service.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Microsoft.Exchange.Search.Service.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Microsoft.Exchange.Store.Service.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Microsoft.Exchange.Store.Worker.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeCompliance.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeDagMgmt.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeDelivery.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeFrontendTransport.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeMailboxAssistants.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeMailboxReplication.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeRepl.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeSubmission.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeThrottling.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Search\Ceres\Runtime\1.0\Noderunner.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\OleConverter.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Search\Ceres\ParserServer\ParserServer.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'FIP-FS\Bin\ScanEngineTest.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'FIP-FS\Bin\ScanningProcess.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'FIP-FS\Bin\UpdateService.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\wsbExchange.exe')) } if ((Get-ExchangeServer $env:COMPUTERNAME).IsEdgeServer) { $ProcessList.Add((Join-Path $env:SystemRoot '\System32\Dsamain.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Microsoft.Exchange.EdgeCredentialSvc.exe')) } if ((Get-ExchangeServer $env:COMPUTERNAME).IsEdgeServer -or (Get-ExchangeServer $env:COMPUTERNAME).IsMailboxServer) { $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\EdgeTransport.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Microsoft.Exchange.AntispamUpdateSvc.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'TransportRoles\agents\Hygiene\Microsoft.Exchange.ContentFilter.Wrapper.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Microsoft.Exchange.Diagnostics.Service.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Microsoft.Exchange.ProtectedServiceHost.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\Microsoft.Exchange.Servicehost.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeHMHost.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeHMWorker.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeTransport.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\MSExchangeTransportLogSearch.exe')) } if ((Get-ExchangeServer $env:COMPUTERNAME).IsUnifiedMessagingServer) { $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'FrontEnd\CallRouter\Microsoft.Exchange.UM.CallRouter.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\UmService.exe')) $ProcessList.Add((Join-Path $env:ExchangeInstallPath 'Bin\UmWorkerProcess.exe')) } } $ProcessList } <# .NOTES Name: Write-SimpleLogFile.ps1 Requires: NA Major Release History: 06/22/2021 - Initial Release .SYNOPSIS Supports writing a basic log file to LocalAppData .DESCRIPTION Supports basic log file generation for other scripts. Places the log file into the $env:LocalAppData Folder. Supports out putting to the host as well as the log files. .PARAMETER String String to be written into the log file. .PARAMETER Name Name of the log file. .PARAMETER OutHost Switch that will write the output to the host as well as the log file. .PARAMETER OpenLog Opens the log file in notepad. .OUTPUTS Log file specified in the -Name parameter. Writes the file in to the $Env:LocalAppData .EXAMPLE Write-SimpleLogFile -String "Start ProcessA" -Name MyLogFile.log Writes "[Date] - Start ProcessA" to $env:LocalAppData\MyLogFile.log .EXAMPLE Write-SimpleLogFile -String "Start ProcessB" -Name MyLogFile.log -OutHost Writes "[Date] - Start ProcessB" to $env:LocalAppData\MyLogFile and to the Host #> function Write-SimpleLogFile { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$String, [Parameter(Mandatory = $true)] [string]$Name, [switch]$OutHost, [switch]$OpenLog ) begin { # Get our log file path $LogFile = Join-Path $env:LOCALAPPDATA $Name if ($OpenLog) { Notepad.exe $LogFile exit } } process { # Get the current date [string]$date = Get-Date -Format G # Build output string [string]$logString = ( "[" + $date + "] - " + $string) # Write everything to our log file and the screen $logString | Out-File -FilePath $LogFile -Append -Confirm:$false if ($OutHost) { Write-Host $logString } else { Write-Verbose $logString } } } <# .NOTES Name: Start-SleepWithProgress.ps1 Requires: NA Major Release History: 06/22/2021 - Initial Release .SYNOPSIS Sleep with a progress bar managing the bar and the countdown. .DESCRIPTION Sleeps X amount of time showing a progress bar. .PARAMETER SleepTime Amount of time to sleep. .PARAMETER Message Message to display on the progress bar. .OUTPUTS Progress bar to screen .EXAMPLE Start-SleepWithProgress -SleepTime 60 -Message "Waiting on Process to complete" Creates a Progress bar with the message "Waiting on Process to complete" Counts down 60 seconds and updates the Progress bar during the process. #> function Start-SleepWithProgress { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseShouldProcessForStateChangingFunctions', '', Justification = 'Start-Sleep does not use -WhatIf')] param( [Parameter(Mandatory = $true)] [int]$SleepTime, [string]$Message = "Sleeping" ) # Loop Number of seconds you want to sleep for ($i = 0; $i -le $SleepTime; $i++) { $timeLeft = ($SleepTime - $i); # Progress bar showing progress of the sleep Write-Progress -Activity $Message -CurrentOperation "$timeLeft More Seconds" -PercentComplete (($i / $SleepTime) * 100) -Status " " # Sleep 1 second Start-Sleep 1 } Write-Progress -Completed -Activity $Message -Status " " } # Log file name $LogFile = "ExchAvExclusions.log" # Open log file if switched if ($OpenLog) { Write-SimpleLogFile -OpenLog -String " " -Name $LogFile } # Confirm that we are an administrator if (-not (Confirm-Administrator)) { Write-Error "Please run as Administrator" exit } $serverExchangeInstallDirectory = Get-ItemProperty HKLM:\SOFTWARE\Microsoft\ExchangeServer\v15\Setup -ErrorAction SilentlyContinue # Check Exchange registry key if (-not $serverExchangeInstallDirectory ) { Write-Warning "Failed to find the Exchange installation Path registry key" exit } # Check the installation path if (-not ( Test-Path $($serverExchangeInstallDirectory.MsiInstallPath) -PathType Container) ) { Write-Warning "Failed to find the Exchange installation Path" exit } # Check Exchange is 2013, 2016 or 2019 if ( -not ( $($serverExchangeInstallDirectory.MsiProductMajor) -eq 15 -and ` ($($serverExchangeInstallDirectory.MsiProductMinor) -eq 0 -or $($serverExchangeInstallDirectory.MsiProductMinor) -eq 1 -or $($serverExchangeInstallDirectory.MsiProductMinor) -eq 2 ) ) ) { Write-Warning "This script is designed for Exchange 2013, 2016 or 2019" exit } $ExchangePath = $serverExchangeInstallDirectory.MsiInstallPath # Check Exchange Shell and Exchange installation $exchangeShell = Confirm-ExchangeShell if (-not($exchangeShell.ShellLoaded)) { Write-Warning "Failed to load Exchange Shell Module..." exit } # Create the Array List $BaseFolders = Get-ExchAVExclusionsPaths -ExchangePath $ExchangePath -MsiProductMinor ([byte]$serverExchangeInstallDirectory.MsiProductMinor) if ( $BaseFolders.count -eq 0 ) { Write-Warning "We do not detect folders to analyze" exit } # Create list object to hold all Folders we are going to test $FolderList = New-Object Collections.Generic.List[string] # Make sure each folders in our list resolve foreach ($path in $BaseFolders) { try { # Resolve path only returns a bool so we have to manually throw to catch if (!(Resolve-Path -Path $path -ErrorAction SilentlyContinue)) { throw "Failed to resolve" } # If -recurse then we need to find all SubFolders and Add them to the list to be tested if ($Recurse) { # Add the root folder $FolderList.Add($path.ToLower()) # Get the Folder and all subFolders and just return the fullName value as a string Get-ChildItem $path -Recurse -Directory -ErrorAction SilentlyContinue | Select-Object -ExpandProperty FullName | ForEach-Object { $FolderList.Add($_.ToLower()) } } # Just Add the root folder else { $FolderList.Add($path.ToLower()) } } catch { Write-SimpleLogFile -string ("[ERROR] - Failed to resolve folder " + $path) -Name $LogFile } } # Remove any Duplicates $FolderList = $FolderList | Select-Object -Unique Write-SimpleLogFile -String "Creating EICAR Files" -name $LogFile -OutHost # Create the EICAR file in each path $eicarFileName = "eicar" $eicarFileExt = "com" $eicarFullFileName = "$eicarFileName.$eicarFileExt" #Base64 of eicar string [string] $EncodedEicar = 'WDVPIVAlQEFQWzRcUFpYNTQoUF4pN0NDKTd9JEVJQ0FSLVNUQU5EQVJELUFOVElWSVJVUy1URVNULUZJTEUhJEgrSCo=' foreach ($Folder in $FolderList) { [string] $FilePath = (Join-Path $Folder $eicarFullFileName) Write-SimpleLogFile -String ("Creating $eicarFullFileName file " + $FilePath) -name $LogFile if (!(Test-Path -Path $FilePath)) { # Try writing the encoded string to a the file try { [byte[]] $eicarBytes = [System.Convert]::FromBase64String($EncodedEicar) [string] $eicar = [System.Text.Encoding]::UTF8.GetString($eicarBytes) [IO.File]::WriteAllText($FilePath, $eicar) } catch { Write-Warning "$Folder $eicarFullFileName file couldn't be created. Either permissions or AV prevented file creation." } } else { Write-SimpleLogFile -string ("[WARNING] - $eicarFullFileName already exists!: " + $FilePath) -name $LogFile -OutHost } } # Create a random folder in root path $randomString = -join ((65..90) + (97..122) | Get-Random -Count 10 | ForEach-Object { [char]$_ }) $randomFolder = New-Item -Path (Join-Path (Join-Path $env:SystemDrive '\') "TestExchAVExclusions-$randomString") -ItemType Directory $extensionsList = New-Object Collections.Generic.List[string] $extensionsList = Get-ExchAVExclusionsExtensions -ExchangePath $ExchangePath -MsiProductMinor ([byte]$serverExchangeInstallDirectory.MsiProductMinor) if ($randomFolder) { foreach ($extension in $extensionsList) { $filepath = Join-Path $randomFolder "$eicarFileName.$extension" Write-SimpleLogFile -String ("Creating $eicarFileName.$extension file " + $FilePath) -name $LogFile if (!(Test-Path -Path $FilePath)) { # Try writing the encoded string to a the file try { [byte[]] $eicarBytes = [System.Convert]::FromBase64String($EncodedEicar) [string] $eicar = [System.Text.Encoding]::UTF8.GetString($eicarBytes) [IO.File]::WriteAllText($FilePath, $eicar) } catch { Write-Warning "$randomFolder $eicarFileName.$extension file couldn't be created. Either permissions or AV prevented file creation." } } else { Write-SimpleLogFile -string ("[WARNING] - $randomFolder $eicarFileName.$extension already exists!: ") -name $LogFile -OutHost } } } else { Write-Warning "We cannot create a folder in root path to test extension exclusions." } Write-SimpleLogFile -String "EICAR Files Created" -name $LogFile -OutHost Write-SimpleLogFile -String "Accessing EICAR Files" -name $LogFile -OutHost # Try to open each EICAR file to force detection in paths $i = 0 foreach ($Folder in $FolderList) { $FilePath = (Join-Path $Folder $eicarFullFileName) if (Test-Path $FilePath -PathType Leaf) { Write-SimpleLogFile -String ("Opening $eicarFullFileName file " + $FilePath) -name $LogFile Start-Process -FilePath more -ArgumentList """$FilePath""" -ErrorAction SilentlyContinue -WindowStyle Hidden | Out-Null } $i++ } # Try to open extensions: $i = 0 foreach ($extension in $extensionsList) { $FilePath = Join-Path $randomFolder "$eicarFileName.$extension" if (Test-Path $FilePath -PathType Leaf) { Write-SimpleLogFile -String ("Opening $eicarFileName.$extension file " + $FilePath) -name $LogFile Start-Process -FilePath more -ArgumentList """$FilePath""" -ErrorAction SilentlyContinue -WindowStyle Hidden | Out-Null } $i++ } Write-SimpleLogFile -String "Access EICAR Files Finished" -name $LogFile -OutHost # Sleeping 5 minutes for AV to "find" the files Start-SleepWithProgress -SleepTime 300 -message "Allowing time for AV to Scan" # Create a list of folders that are probably being scanned by AV $BadFolderList = New-Object Collections.Generic.List[string] Write-SimpleLogFile -string "Testing for EICAR files" -name $LogFile -OutHost # Test each location for the EICAR file foreach ($Folder in $FolderList) { $FilePath = (Join-Path $Folder $eicarFullFileName) # If the file exists delete it -- this means the folder is not being scanned if (Test-Path $FilePath ) { #Get content to confirm that the file is not blocked by AV $output = Get-Content $FilePath -ErrorAction SilentlyContinue if ($output -eq $eicar) { Write-SimpleLogFile -String ("Removing " + $FilePath) -name $LogFile Remove-Item $FilePath -Confirm:$false -Force } else { Write-SimpleLogFile -String ("[FAIL] - Possible AV Scanning on Path: " + $Folder) -name $LogFile -OutHost $BadFolderList.Add($Folder) } } # If the file doesn't exist Add that to the bad folder list -- means the folder is being scanned else { Write-SimpleLogFile -String ("[FAIL] - Possible AV Scanning on Path: " + $Folder) -name $LogFile -OutHost $BadFolderList.Add($Folder) } } $BadExtensionList = New-Object Collections.Generic.List[string] # Test each extension for the EICAR file foreach ($extension in $extensionsList) { $filepath = Join-Path $randomFolder "$eicarFileName.$extension" # If the file exists delete it -- this means the extension is not being scanned if (Test-Path $filepath ) { #Get content to confirm that the file is not blocked by AV $output = Get-Content $FilePath -ErrorAction SilentlyContinue if ($output -eq $eicar) { Write-SimpleLogFile -String ("Removing " + $FilePath) -name $LogFile Remove-Item $FilePath -Confirm:$false -Force } else { Write-SimpleLogFile -String ("[FAIL] - Possible AV Scanning on Extension: " + $extension) -name $LogFile -OutHost $BadExtensionList.Add($extension) } } # If the file doesn't exist Add that to the bad extension list -- means the extension is being scanned else { Write-SimpleLogFile -String ("[FAIL] - Possible AV Scanning on Extension: " + $extension) -name $LogFile -OutHost $BadExtensionList.Add($extension) } } #Delete Random Folder Remove-Item $randomFolder # Report what we found if ($BadFolderList.count -gt 0 -or $BadExtensionList.Count -gt 0 ) { $OutputPath = Join-Path $env:LOCALAPPDATA BadExclusions.txt $BadFolderList | Out-File $OutputPath $BadExtensionList | Out-File $OutputPath -Append Write-SimpleLogFile -String "Possible AV Scanning found" -name $LogFile if ($BadFolderList.count -gt 0 ) { Write-Warning ("Found $($BadFolderList.count) of $($FolderList.Count) folders that are possibly being scanned! ") } if ($BadExtensionList.count -gt 0 ) { Write-Warning ("Found $($BadExtensionList.count) of $($extensionsList.Count) extensions that are possibly being scanned! ") } Write-Warning ("Review " + $OutputPath + " For the full list.") } else { Write-SimpleLogFile -String "All EICAR files found; Exclusions appear to be set properly" -Name $LogFile -OutHost } # SIG # Begin signature block # MIInvQYJKoZIhvcNAQcCoIInrjCCJ6oCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDiU9bQfmNkytsu # sKAUQ/AD8g57IAy6boKIPzTFdqWTrKCCDYUwggYDMIID66ADAgECAhMzAAACzfNk # v/jUTF1RAAAAAALNMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjIwNTEyMjA0NjAyWhcNMjMwNTExMjA0NjAyWjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDrIzsY62MmKrzergm7Ucnu+DuSHdgzRZVCIGi9CalFrhwtiK+3FIDzlOYbs/zz # HwuLC3hir55wVgHoaC4liQwQ60wVyR17EZPa4BQ28C5ARlxqftdp3H8RrXWbVyvQ # aUnBQVZM73XDyGV1oUPZGHGWtgdqtBUd60VjnFPICSf8pnFiit6hvSxH5IVWI0iO # nfqdXYoPWUtVUMmVqW1yBX0NtbQlSHIU6hlPvo9/uqKvkjFUFA2LbC9AWQbJmH+1 # uM0l4nDSKfCqccvdI5l3zjEk9yUSUmh1IQhDFn+5SL2JmnCF0jZEZ4f5HE7ykDP+ # oiA3Q+fhKCseg+0aEHi+DRPZAgMBAAGjggGCMIIBfjAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQU0WymH4CP7s1+yQktEwbcLQuR9Zww # VAYDVR0RBE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJh # dGlvbnMgTGltaXRlZDEWMBQGA1UEBRMNMjMwMDEyKzQ3MDUzMDAfBgNVHSMEGDAW # gBRIbmTlUAXTgqoXNzcitW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8v # d3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIw # MTEtMDctMDguY3JsMGEGCCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDEx # XzIwMTEtMDctMDguY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB # AE7LSuuNObCBWYuttxJAgilXJ92GpyV/fTiyXHZ/9LbzXs/MfKnPwRydlmA2ak0r # GWLDFh89zAWHFI8t9JLwpd/VRoVE3+WyzTIskdbBnHbf1yjo/+0tpHlnroFJdcDS # MIsH+T7z3ClY+6WnjSTetpg1Y/pLOLXZpZjYeXQiFwo9G5lzUcSd8YVQNPQAGICl # 2JRSaCNlzAdIFCF5PNKoXbJtEqDcPZ8oDrM9KdO7TqUE5VqeBe6DggY1sZYnQD+/ # LWlz5D0wCriNgGQ/TWWexMwwnEqlIwfkIcNFxo0QND/6Ya9DTAUykk2SKGSPt0kL # tHxNEn2GJvcNtfohVY/b0tuyF05eXE3cdtYZbeGoU1xQixPZAlTdtLmeFNly82uB # VbybAZ4Ut18F//UrugVQ9UUdK1uYmc+2SdRQQCccKwXGOuYgZ1ULW2u5PyfWxzo4 # BR++53OB/tZXQpz4OkgBZeqs9YaYLFfKRlQHVtmQghFHzB5v/WFonxDVlvPxy2go # a0u9Z+ZlIpvooZRvm6OtXxdAjMBcWBAsnBRr/Oj5s356EDdf2l/sLwLFYE61t+ME # iNYdy0pXL6gN3DxTVf2qjJxXFkFfjjTisndudHsguEMk8mEtnvwo9fOSKT6oRHhM # 9sZ4HTg/TTMjUljmN3mBYWAWI5ExdC1inuog0xrKmOWVMIIHejCCBWKgAwIBAgIK # YQ6Q0gAAAAAAAzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm # aWNhdGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEw # OTA5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYD # VQQDEx9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG # 9w0BAQEFAAOCAg8AMIICCgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+la # UKq4BjgaBEm6f8MMHt03a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc # 6Whe0t+bU7IKLMOv2akrrnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4D # dato88tt8zpcoRb0RrrgOGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+ # lD3v++MrWhAfTVYoonpy4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nk # kDstrjNYxbc+/jLTswM9sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6 # A4aN91/w0FK/jJSHvMAhdCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmd # X4jiJV3TIUs+UsS1Vz8kA/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL # 5zmhD+kjSbwYuER8ReTBw3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zd # sGbiwZeBe+3W7UvnSSmnEyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3 # T8HhhUSJxAlMxdSlQy90lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS # 4NaIjAsCAwEAAaOCAe0wggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRI # bmTlUAXTgqoXNzcitW2oynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL # BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBD # uRQFTuHqp8cx0SOJNDBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jv # c29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3JsMF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3J0MIGfBgNVHSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEF # BQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1h # cnljcHMuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkA # YwB5AF8AcwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn # 8oalmOBUeRou09h0ZyKbC5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7 # v0epo/Np22O/IjWll11lhJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0b # pdS1HXeUOeLpZMlEPXh6I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/ # KmtYSWMfCWluWpiW5IP0wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvy # CInWH8MyGOLwxS3OW560STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBp # mLJZiWhub6e3dMNABQamASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJi # hsMdYzaXht/a8/jyFqGaJ+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYb # BL7fQccOKO7eZS/sl/ahXJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbS # oqKfenoi+kiVH6v7RyOA9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sL # gOppO6/8MO0ETI7f33VtY5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtX # cVZOSEXAQsmbdlsKgEhr/Xmfwb1tbWrJUnMTDXpQzTGCGY4wghmKAgEBMIGVMH4x # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01p # Y3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTECEzMAAALN82S/+NRMXVEAAAAA # As0wDQYJYIZIAWUDBAIBBQCggcYwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQw # HAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEILbv # N6Dm7tAn8IPTATmG7PkfY9P/44x11LISnIt/jcBnMFoGCisGAQQBgjcCAQwxTDBK # oBqAGABDAFMAUwAgAEUAeABjAGgAYQBuAGcAZaEsgCpodHRwczovL2dpdGh1Yi5j # b20vbWljcm9zb2Z0L0NTUy1FeGNoYW5nZSAwDQYJKoZIhvcNAQEBBQAEggEAYmFW # 01kgXjt07lQxXDVx8SJp/v3NNYa38hVa1JcWC+MO6XjaLkJJIbFNEIzF+cOMSRM3 # eH6YpfvAqFc89pWUObhmN1u3ekiN1A4zBUVKLok3yg3DVHLBBL1XlV8NDSCwgksW # Qekv/jy8klKYKpHUHviu3Q91d+jc+I42d8aXmNwnRZ2W6AH0kF3RAEgy+RjsWksL # 3f+wMlGG6OeanMQaZLK563+ynJ34oPY7BNuk6PFbBTcq8gcZwevndi4uOwHXO+Ur # Sch0S6tkNlUFbn6AsFlAtxMr1Q5CodV0CuyccgdOirozAnHm7sro0C602A9uyx9v # jWV4xtKCaeNwtWEPxqGCFwAwghb8BgorBgEEAYI3AwMBMYIW7DCCFugGCSqGSIb3 # DQEHAqCCFtkwghbVAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFRBgsqhkiG9w0BCRAB # BKCCAUAEggE8MIIBOAIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFlAwQCAQUABCDq # Qfh7ETUVBTS8AXH5UX7lMuG/5r3krciIJlj5AWUirwIGY+54GgjwGBMyMDIzMDMw # MTE3MDg0Ni4xMDJaMASAAgH0oIHQpIHNMIHKMQswCQYDVQQGEwJVUzETMBEGA1UE # CBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9z # b2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1lcmljYSBPcGVy # YXRpb25zMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjo0OUJDLUUzN0EtMjMzQzEl # MCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZaCCEVcwggcMMIIE # 9KADAgECAhMzAAABwFWkjcNkFcVLAAEAAAHAMA0GCSqGSIb3DQEBCwUAMHwxCzAJ # BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25k # MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jv # c29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMB4XDTIyMTEwNDE5MDEyNVoXDTI0MDIw # MjE5MDEyNVowgcoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAw # DgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24x # JTAjBgNVBAsTHE1pY3Jvc29mdCBBbWVyaWNhIE9wZXJhdGlvbnMxJjAkBgNVBAsT # HVRoYWxlcyBUU1MgRVNOOjQ5QkMtRTM3QS0yMzNDMSUwIwYDVQQDExxNaWNyb3Nv # ZnQgVGltZS1TdGFtcCBTZXJ2aWNlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAvO1g+2NhhmBQvlGlCTOMaFw3jbIhUdDTqkaQhRpdHVb+huU/0HNhLmoR # Yvrp7z5vIoL1MPAkVBFWJIkrcG7sSrednyZwreY207C9n8XivL9ZBOQeiUeL/TMl # J6VinrcafbhdnkNO5JDlPozC9dGySiubryds5GKtu69D1wNat9DIQl6alFO6pncZ # K4RIzfv+KzkM7RkY3vHphV0C8EFUpF+lysaGJXFf9QsUUHwj9XKWHfc9BfhLoCRe # XUzvgrspdFmVnA9ATYXmidSjrshf8A+E0/FpTdhXPI9XXqsZDHBqr7DlYoSCU3lv # rVDRu1p5pHHf7s3kM16HpK6arDtY3ai1soASmEpv3C2N/y5MDBApDd4SpSkLMa7+ # 6es/daeS7zdH1qdCa2RoJPM6Eh/6YmBfofhfLQofKPJl34ALlZWK5AzVtFRNOXac # oj6MAG2dT8Rc5fpKCH1E3n7Zje0dK24QVfSv/YOxw52ECaMLlW5PhHT3ZINNaCmR # gcHCTClOKzC2FOr03YBc2zPOW6bIVdXloPmBMVaE+thXqPmANBw0YsncaOkVggjD # b5O5VqOp98MklHpJoJI6pk5zAlx8/OtC7FutrdtYNUC6ykXzMAPFuYkWGgx/W7A0 # itKW8WzYzwO3bAhprwznouGZmRiw2k8pen80BzqzdyPvbzTxQsMCAwEAAaOCATYw # ggEyMB0GA1UdDgQWBBQARMZ480jwpK3P6quVWUEJ0c30hTAfBgNVHSMEGDAWgBSf # pxVdAF5iXYP05dJlpxtTNRnpcjBfBgNVHR8EWDBWMFSgUqBQhk5odHRwOi8vd3d3 # Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBUaW1lLVN0YW1w # JTIwUENBJTIwMjAxMCgxKS5jcmwwbAYIKwYBBQUHAQEEYDBeMFwGCCsGAQUFBzAC # hlBodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY3Jvc29m # dCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNydDAMBgNVHRMBAf8EAjAA # MBMGA1UdJQQMMAoGCCsGAQUFBwMIMA0GCSqGSIb3DQEBCwUAA4ICAQCtTh0EQn16 # kKQyCeVk9Vc10m6L0EwLRo3ATRouP7Yd2hWeEB2Y4ZF4CJKe9qfXWGJKzV7tMUm6 # DAsBKYH/nT+8ybI8uJiHGnfnVi6Sh7gFjnTpfh1j1T90H/uLeoFjpOn/+eoCoJmo # rW5Gb2ezlTlo5I0kNAubxtCxqbLizuPNPob8kRAKQgv+4/CC1JmiUFG0uKINlKj9 # SsHcrWeBBQHX62nNgziIwT44JqHrA02I6cmQAi9BZcsf57OOLpRYlzoPH3x/+ldS # ySXAmyLq2uSbWtQuD84I/0ZgS/B5L3ewqTdiE1KbKX89MW5JqCK/yI/mAIQammAl # HPqU9eZZTMPOHQs0XrpCijlk+qyo2JaHiySww6nuPqXzU3sEj3VW00YiVSayKEu1 # IrRzzX3La8qe6OqLTvK/6gu5XdKq7TT852nB6IP0QM+Budtr4Fbx4/svpKHGpK9/ # zBuaHHDXX5AoSksh/kSDYKfefQIhIfQJJzoE3X+MimMJrgrwZXltb6j1IL0HY3qC # pa03Ghgi0ITzqfkw3Man3G8kB1Ql+SeNciPUj73Kn2veJenGLtT8JkUM9RUi0woO # 0iuY4tJnYuS+SeqavXUOWqUYVY19FIr1PLqpmWkbrO5xKjkyOHoAmLxjNbKjOnkA # wft+1G00kulKqzqPbm+Sn+47JsGQFhNGbTCCB3EwggVZoAMCAQICEzMAAAAVxedr # ngKbSZkAAAAAABUwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRp # ZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4 # MzIyNVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV # BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQG # A1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3 # DQEBAQUAA4ICDwAwggIKAoICAQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qls # TnXIyjVX9gF/bErg4r25PhdgM/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLA # EBjoYH1qUoNEt6aORmsHFPPFdvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrE # qv1yaa8dq6z2Nr41JmTamDu6GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyF # Vk3v3byNpOORj7I5LFGc6XBpDco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1o # O5pGve2krnopN6zL64NF50ZuyjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg # 3viSkR4dPf0gz3N9QZpGdc3EXzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2 # TPYrbqgSUei/BQOj0XOmTTd0lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07B # MzlMjgK8QmguEOqEUUbi0b1qGFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJ # NmSLW6CmgyFdXzB0kZSU2LlQ+QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6 # r1AFemzFER1y7435UsSFF5PAPBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+ # auIurQIDAQABo4IB3TCCAdkwEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3 # FQIEFgQUKqdS/mTEmr6CkTxGNSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl # 0mWnG1M1GelyMFwGA1UdIARVMFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUH # AgEWM2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0 # b3J5Lmh0bTATBgNVHSUEDDAKBggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMA # dQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAW # gBTV9lbLj+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8v # Y3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRf # MjAxMC0wNi0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRw # Oi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEw # LTA2LTIzLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL # /Klv6lwUtj5OR2R4sQaTlz0xM7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu # 6WZnOlNN3Zi6th542DYunKmCVgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5t # ggz1bSNU5HhTdSRXud2f8449xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfg # QJY4rPf5KYnDvBewVIVCs/wMnosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8s # CXgU6ZGyqVvfSaN0DLzskYDSPeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCr # dTDFNLB62FD+CljdQDzHVG2dY3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZ # c9d/HltEAY5aGZFrDZ+kKNxnGSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2 # tVdUCbFpAUR+fKFhbHP+CrvsQWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8C # wYKiexcdFYmNcP7ntdAoGokLjzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9 # JZTmdHRbatGePu1+oDEzfbzL6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDB # cQZqELQdVTNYs6FwZvKhggLOMIICNwIBATCB+KGB0KSBzTCByjELMAkGA1UEBhMC # VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFt # ZXJpY2EgT3BlcmF0aW9uczEmMCQGA1UECxMdVGhhbGVzIFRTUyBFU046NDlCQy1F # MzdBLTIzM0MxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2Wi # IwoBATAHBgUrDgMCGgMVABAQ7ExF19KkwVL1E3Ad8k0Peb6doIGDMIGApH4wfDEL # MAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1v # bmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWlj # cm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwDQYJKoZIhvcNAQEFBQACBQDnqXBf # MCIYDzIwMjMwMzAxMTQzNDA3WhgPMjAyMzAzMDIxNDM0MDdaMHcwPQYKKwYBBAGE # WQoEATEvMC0wCgIFAOepcF8CAQAwCgIBAAICFH0CAf8wBwIBAAICEfswCgIFAOeq # wd8CAQAwNgYKKwYBBAGEWQoEAjEoMCYwDAYKKwYBBAGEWQoDAqAKMAgCAQACAweh # IKEKMAgCAQACAwGGoDANBgkqhkiG9w0BAQUFAAOBgQA3HCqIopoNorZyx/1QMJVL # ulYrzetqDROm3cWnq3+69ygR1a1b/8xzCUNeqO2qqFAjKBNFzyxqAcER0B6BVQq+ # exuhGCIeZiv3nVdKSD4OI3HxiQzBaGk5/PKcRQZRP00GcwLBTvuKbdgKAdrTE+vo # frLBLVpjKVWaWWaBRW85bDGCBA0wggQJAgEBMIGTMHwxCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0 # YW1wIFBDQSAyMDEwAhMzAAABwFWkjcNkFcVLAAEAAAHAMA0GCWCGSAFlAwQCAQUA # oIIBSjAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcNAQkEMSIE # IMowy9OuoIzZKq5qPrxUYHg9K1S6qRQaFAJ/XkDodLnUMIH6BgsqhkiG9w0BCRAC # LzGB6jCB5zCB5DCBvQQgWvFYolIIXME0zK/W6XsCkkYX7lYNb9yA8JxwY04Pk08w # gZgwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4G # A1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYw # JAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAcBVpI3D # ZBXFSwABAAABwDAiBCAPyQjLnSv5QZ50Tg0XPeyjQGhu7kvDhVTfGAbZEapSVTAN # BgkqhkiG9w0BAQsFAASCAgCXE/aQe2qED48fOcJFcrna1tUL3GAwmyNSq7aVVa4r # Ttu2FVXLYqjXNPZ9uP57iwR9bvFbxkOJ3AYdFjFT9flr9Oe6/JiSu0pTkta5AjWR # y0Uv4jBOwEGDq7HjgPK8sZ+aBPXsZ1cezrSjl5DV17MCEIx8VwEa3sSC+/qxLr3w # XVGU+g2pAbFvjuQqpEyFq4Z8idkBLWwdMp46w5/8xiMKGeb5plXAs59JHUiGfnIp # kCuHwZKwFBSj1xSLwpEdcuq/+Tmvn82tuCKZm9nimBU7O74U8UKIKjiSmOmUogqC # PzUu+b8qOj38vodvgyBJWgqW1BV1uA7jEBb4PVtzzht8XCOnMiw51yJVC4+q1nt7 # nE+0GTanVGsI1B+jdUk43l76o2Yas79BhrG+ilTT8mTUAMJeh1XVRoSWQzT4Lqwe # ym87jeJC31BGG0p9RoCq7xium3thzNsA6a04CWBBbKvIYdD32O2kx4+i2cWu/W3S # /HNQo1V7usqC8/oyIkv5YapUCqOaqL/nLpH3pxbAX9pzklQnFKRzAHO/doNAdF+7 # TI+FEj1Cg7dyK332xZ7BjT6J911ve77cNIpVBs6RtWPw1isyhn49zrZT3Z0+tQJd # m4hh+rXcYl1A+wRWoNQYluXU7scH1wVk5u7bO2WczoKghltFeBmrEog5pQ9m4kPr # 3Q== # SIG # End signature block