Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rhBdV-00A5Yc-Ul for pgsql-odbc@arkaria.postgresql.org; Mon, 04 Mar 2024 16:57:58 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1rhBdT-009VXk-Rr for pgsql-odbc@arkaria.postgresql.org; Mon, 04 Mar 2024 16:57:56 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rhBdT-009VXc-2S for pgsql-odbc@lists.postgresql.org; Mon, 04 Mar 2024 16:57:55 +0000 Received: from mail-wm1-x32b.google.com ([2a00:1450:4864:20::32b]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1rhBdO-002pTP-7K for pgsql-odbc@lists.postgresql.org; Mon, 04 Mar 2024 16:57:53 +0000 Received: by mail-wm1-x32b.google.com with SMTP id 5b1f17b1804b1-412e80e13abso5198755e9.3 for ; Mon, 04 Mar 2024 08:57:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=denodo.com; s=google; t=1709571469; x=1710176269; darn=lists.postgresql.org; h=in-reply-to:from:references:to:content-language:subject:user-agent :mime-version:date:message-id:from:to:cc:subject:date:message-id :reply-to; bh=ftHZoJbZanyUg98uPnfbFrQOxfd9Fq+yJPmEi11WzLI=; b=jIBKpCUywhh+tAQed19iNHH5ty2d7LFldaFdTZB5ITfhXHbYV1YKi8KefjEnFwG9X6 OmP2+QRisjBa9SOwmWu4F3T3vQDU7Rk82i6Uj7yU08h67CWRxYqYOdCWS8JP8pAQEt8y hE7oFH8qEj5cUngEmyh24L8GknTDe5tY9Nqes= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709571469; x=1710176269; h=in-reply-to:from:references:to:content-language:subject:user-agent :mime-version:date:message-id:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=ftHZoJbZanyUg98uPnfbFrQOxfd9Fq+yJPmEi11WzLI=; b=cQKCbKwRKkjo8mAcgVQTb3d9vhHm3M81GCwqHnZdIJkIgxeuIWWObKSJfyMek8U/fF 0GKaIaxR+XLdqu2Jz4IVEFkJJvWRxGFxQiLRcL0WUWXO4JlajGo4Pr0saWKRn2OFfI1k MWpGhu6Mp68/REu9vgAUSoBYOP9IyCsEXl/BipemYxECEtGKmSjtXM5IH9MfNfLbXI1z RNQBnEDEZIUNRfie7lClFPV8c5wjPJSfe+jmjy6RQ/IH+B5YE0Rum2s1sZTViQsddeMv i+tfoaeuAqOR3aZv6BvyTjoQnBb3wNFvxZyftb2eOTpox8yKVI12+Mq76nw+zW65jbfZ qjoA== X-Gm-Message-State: AOJu0YyAtf2i7GKvc8QlH4i5IJhKlGcuMx2rrhZlm7o+hYsiGAp5WnXt KJqsiaGrI5E+KoCpvwTfRslYUSMS1P37cwQUlh6uozw7u4FyN7iewTcqlYhI8g1ZwdNyVuutQLs /AtWDRaeQW1SidSwSH/n3erPwwyYWsqf39EljU99zm3YRkIh2NqRN9qGwxDvNUacQdso8ERAuNC iVsEu4Hf0j5gYflBgkzuq+l1khBD0uu1+hm0XmqMeZtNon X-Google-Smtp-Source: AGHT+IGRq3kwoLw6JtlNio+TEGcBcYANc6d10rFu3Gs8pL4l9twpSQ2iA/4rcskMyNKlFFyvJ+1Gbg== X-Received: by 2002:a05:600c:4508:b0:412:c288:d22b with SMTP id t8-20020a05600c450800b00412c288d22bmr8091736wmo.14.1709571468499; Mon, 04 Mar 2024 08:57:48 -0800 (PST) Received: from [192.168.6.75] (29.236.117.91.dynamic.reverse-mundo-r.com. [91.117.236.29]) by smtp.gmail.com with ESMTPSA id j42-20020a05600c1c2a00b00412db03f182sm7315398wms.11.2024.03.04.08.57.47 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 04 Mar 2024 08:57:47 -0800 (PST) Content-Type: multipart/alternative; boundary="------------51XL3kl4FMWhXbXakW8aClwL" Message-ID: Date: Mon, 4 Mar 2024 17:57:46 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: ODBC MSI flagged as 'suspicious' Content-Language: en-US To: pgsql-odbc@lists.postgresql.org References: From: =?UTF-8?Q?Jacobo_S=C3=A1nchez_L=C3=B3pez?= In-Reply-To: List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk This is a multi-part message in MIME format. --------------51XL3kl4FMWhXbXakW8aClwL Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit A checksum on downloadable files from a https page on a postgresql certificate would probably be enough security but I can not find them. Maybe arguing that the installer has been downloaded from a https site with a postgresql certificate may work for you... but checksums would be better IMO El 04/03/2024 a las 17:25, Dave Cramer escribió: > Hi Daniel, > > The files are currently not signed. I can tell you that others use > these files. However it is up to you to determine if they are safe for > you to use. > > Dave Cramer > www.postgres.rocks > > > On Mon, 4 Mar 2024 at 10:56, Rice, Daniel > wrote: > > Hi again, > > I’m told I have until Thurs to obtain a confirmation from > PostgreSQL that the detections in the attached and following > reports can be safely ignored. > > Otherwise my company closes my ticket and I will not be allowed to > use the PostgreSQL ODBC driver ☹. > > Attached the analysis from CrowdStrike. > > Link to Hybrid analysis: Free Automated Malware Analysis Service - > powered by Falcon Sandbox - Viewing online file analysis results > for 'psqlodbc_x64.msi' (hybrid-analysis.com) > > > Any help very much appreciated, thx. > > Dan. > > FIS Global. > > *From:*Rice, Daniel > *Sent:* Thursday, February 29, 2024 2:27 PM > *To:* pgsql-odbc@postgresql.org > *Subject:* RE: ODBC MSI flagged as 'suspicious' > > Hi all, > > Is it possible to confirm detections in those reports can be > safely ignored? > > pgsql-security explained this is more of a packaging matter – > please let me know if I should address to a different group. > > Many thanks in advance, > > Dan. > > *From:*Rice, Daniel > *Sent:* Tuesday, February 27, 2024 9:57 AM > *To:* pgsql-odbc@postgresql.org > *Subject:* FW: ODBC MSI flagged as 'suspicious' > > Hi all, > > I want to use the PostgeSQL ODBC driver from psqlodbc - PostgreSQL > ODBC driver , but my organisations > security team explain to me the msi package (specifically > *psqlodbc_16_00_0000-x64.zip* > ) > is problematic for them as its not signed by Trusted CA and its > flagged as Suspicious during sandbox analysis by Falcon & Hybrid > Analysis. > > They ask if the detections in those reports be safely ignored? > > Attached the analysis from CrowdStrike. > > Link to Hybrid analysis: Free Automated Malware Analysis Service - > powered by Falcon Sandbox - Viewing online file analysis results > for 'psqlodbc_x64.msi' (hybrid-analysis.com) > > > Many thanks in advance, > > *Daniel Rice* > > Exchange Project Management Lead - London, Americas > > Documentation Product Owner > > Valdi Global Markets > > *T: *+44 20 *8081 3670* > > *M:*+44 7802 490 388 > > *E: *daniel.rice@fisglobal.com > > *FIS | Empowering the Financial > World*** > > CONFIDENTIALITY: This e-mail (including any attachments) may > contain confidential, proprietary and privileged information, and > unauthorized disclosure or use is prohibited.  If you receive this > e-mail in error, please notify the sender and delete this e-mail > from your system. > > P***Think before you print* > > The information contained in this message is proprietary and/or > confidential. If you are not the intended recipient, please: (i) > delete the message and all copies; (ii) do not disclose, > distribute, or use the message in any manner; and (iii) notify the > sender immediately. In addition, please be aware that any message > addressed to our domain is subject to archiving and review by > persons other than the intended recipient. Fidelity National > Information Services, Inc., an NYSE listed trading Company with > the ticker symbol FIS. FIS is a trading name of the following > companies: Alphakinetic Limited (No: 06897969) | FIS Derivatives > Utility Services (UK) Limited (No: 9398140) | FIS Energy Solutions > Limited (No: 1889028) | FIS Global Execution Services Limited (No. > 3127109) | FIS Capital Markets UK Limited (No: 982833) | Metavante > Technologies Limited (No: 2659326) | Virtus Partners Limited (No: > 06602363) | all registered in England & Wales with their > registered office: C/O F I S Corporate Governance, The Walbrook > Building, 25 Walbrook, London, EC4N 8AF | FIS Global Execution > Services Limited is authorised and regulated by the Financial > Conduct Authority | FIS Banking Solutions UK Limited (No: 3517639) > and FIS Payments (UK) Limited (No: 4215488) are registered in > England & Wales with their registered office at 1st Floor Tricorn > House, 51-53 Hagley Road, Edgbaston, Birmingham, West Midlands, > B16 8TU, United Kingdom | FIS Payments (UK) Limited is authorised > and regulated by the Financial Conduct Authority; some services > are covered by the Financial Ombudsman Service (in the UK). > Torstone Technology Limited (No: 07490275) and Percentile Limited > (No: 08867031) are registered in England & Wales with their > registered office at 8 Lloyd's Avenue, London, England, EC3N 3EL | > Calls to and from the companies may be recorded for quality > purposes. | All of the above-named companies are ultimately owned > by FIS. All of the below-named companies are indirectly minority > owned by FIS. Worldpay (UK) Limited (No: 07316500 / FCA No: 530923 > and 712965) | Worldpay Limited (No: 03424752 / FCA No: 504504) | > Worldpay AP Limited (No: 05593466 / FCA No: 502597) all registered > in England & Wales with their registered office: The Walbrook > Building, 25 Walbrook, London, EC4N 8AF. The WorldPay entities are > authorised by the Financial Conduct Authority under the Payment > Service Regulations 2017 for the provision of payment services. | > Worldpay (UK) Limited is authorised and regulated by the Financial > Conduct Authority for consumer credit activities | Worldpay B.V. > has its registered office in Amsterdam, the Netherlands > (Handelsregister KvK No: 60494344). WPBV holds a licence from and > is included in the register kept by De Nederlandsche Bank, which > registration can be consulted through www.dnb.nl > . Message Encrypted via TLS connection > --------------51XL3kl4FMWhXbXakW8aClwL Content-Type: multipart/related; boundary="------------0fHhhihLC5XEoD9DMS4fQBTH" --------------0fHhhihLC5XEoD9DMS4fQBTH Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit

A checksum on downloadable files from a https page on a postgresql certificate would probably be enough security but I can not find them. 

Maybe arguing that the installer has been downloaded from a https site with a postgresql certificate may work for you... but checksums would be better IMO

El 04/03/2024 a las 17:25, Dave Cramer escribió:
Hi Daniel,

The files are currently not signed. I can tell you that others use these files. However it is up to you to determine if they are safe for you to use.

Dave Cramer


On Mon, 4 Mar 2024 at 10:56, Rice, Daniel <Daniel.Rice@fisglobal.com> wrote:

Hi again,

 

I’m told I have until Thurs to obtain a confirmation from PostgreSQL that the detections in the attached and following reports can be safely ignored.

Otherwise my company closes my ticket and I will not be allowed to use the PostgreSQL ODBC driver .

 

Attached the analysis from CrowdStrike.

Link to Hybrid analysis: Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'psqlodbc_x64.msi' (hybrid-analysis.com)

 

Any help very much appreciated, thx.

 

Dan.

FIS Global.

 

From: Rice, Daniel
Sent: Thursday, February 29, 2024 2:27 PM
To: pgsql-odbc@postgresql.org
Subject: RE: ODBC MSI flagged as 'suspicious'

 

Hi all,

 

Is it possible to confirm detections in those reports can be safely ignored?

pgsql-security explained this is more of a packaging matter – please let me know if I should address to a different group.

 

Many thanks in advance,

Dan.

 

From: Rice, Daniel
Sent: Tuesday, February 27, 2024 9:57 AM
To: pgsql-odbc@postgresql.org
Subject: FW: ODBC MSI flagged as 'suspicious'

 

Hi all,

 

I want to use the PostgeSQL ODBC driver from psqlodbc - PostgreSQL ODBC driver, but my organisations security team explain to me the msi package (specifically psqlodbc_16_00_0000-x64.zip) is problematic for them as its not signed by Trusted CA and its flagged as Suspicious during sandbox analysis by Falcon & Hybrid Analysis.

 

They ask if the detections in those reports be safely ignored?

 

Attached the analysis from CrowdStrike.

Link to Hybrid analysis: Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'psqlodbc_x64.msi' (hybrid-analysis.com)

 

Many thanks in advance,

Daniel Rice

Exchange Project Management Lead - London, Americas

Documentation Product Owner

Valdi Global Markets

T: +44 20 8081 3670

M: +44 7802 490 388

E: daniel.rice@fisglobal.com

FIS | Empowering the Financial World 

 

CONFIDENTIALITY: This e-mail (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited.  If you receive this e-mail in error, please notify the sender and delete this e-mail from your system.

 

P Think before you print

 

 

The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute, or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Fidelity National Information Services, Inc., an NYSE listed trading Company with the ticker symbol FIS. FIS is a trading name of the following companies: Alphakinetic Limited (No: 06897969) | FIS Derivatives Utility Services (UK) Limited (No: 9398140) | FIS Energy Solutions Limited (No: 1889028) | FIS Global Execution Services Limited (No. 3127109) | FIS Capital Markets UK Limited (No: 982833) | Metavante Technologies Limited (No: 2659326) | Virtus Partners Limited (No: 06602363) | all registered in England & Wales with their registered office: C/O F I S Corporate Governance, The Walbrook Building, 25 Walbrook, London, EC4N 8AF | FIS Global Execution Services Limited is authorised and regulated by the Financial Conduct Authority | FIS Banking Solutions UK Limited (No: 3517639) and FIS Payments (UK) Limited (No: 4215488) are registered in England & Wales with their registered office at 1st Floor Tricorn House, 51-53 Hagley Road, Edgbaston, Birmingham, West Midlands, B16 8TU, United Kingdom | FIS Payments (UK) Limited is authorised and regulated by the Financial Conduct Authority; some services are covered by the Financial Ombudsman Service (in the UK). Torstone Technology Limited (No: 07490275) and Percentile Limited (No: 08867031) are registered in England & Wales with their registered office at 8 Lloyd's Avenue, London, England, EC3N 3EL | Calls to and from the companies may be recorded for quality purposes. | All of the above-named companies are ultimately owned by FIS. All of the below-named companies are indirectly minority owned by FIS. Worldpay (UK) Limited (No: 07316500 / FCA No: 530923 and 712965) | Worldpay Limited (No: 03424752 / FCA No: 504504) | Worldpay AP Limited (No: 05593466 / FCA No: 502597) all registered in England & Wales with their registered office: The Walbrook Building, 25 Walbrook, London, EC4N 8AF. The WorldPay entities are authorised by the Financial Conduct Authority under the Payment Service Regulations 2017 for the provision of payment services. | Worldpay (UK) Limited is authorised and regulated by the Financial Conduct Authority for consumer credit activities | Worldpay B.V. has its registered office in Amsterdam, the Netherlands (Handelsregister KvK No: 60494344). WPBV holds a licence from and is included in the register kept by De Nederlandsche Bank, which registration can be consulted through www.dnb.nl. Message Encrypted via TLS connection
--------------0fHhhihLC5XEoD9DMS4fQBTH Content-Type: image/png; name="image001.png" Content-Disposition: inline; filename="image001.png" Content-Id: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAABGdBTUEAA1teXP8meAAAAfNJ REFUOBGdVUsrRGEYft1mDjKiJJesLJSVsBD5ATYolywVZcGW7KwUFqixY2MnuZewUoiFW5Pb YlDMUEMR5TKuz3PMmc7MnHMYz/T0fd/7Pu8z33nnO9/EZDm7xAA2xGoCLMOYDfpBD7gHzoBz IGMhiA9Z/SxqMfSD+WE5fklBgE0Y3SB3Mw0GERucicRh3gdSEG6mkwWn1EyBrGGtCv0OexHp DMSjGbQatXfaDuv+aaZ9MU3pIdwhezPIhRmKM/OkrahSUu2KLJ8fy5hrw0g6hOA8DevBXCMF Y+lKskxUt0hSgk2e39/k4PbaTJqDRAMNeTxMUZiRpZqte06lcW5UvvCxQA17WGomcNgTJU1J UtP3r0/iwCMr8QlmcsZLYnCwXzCxG6lOWnvEYVNCUr2bS+LcXQ2J6RZ+7jDitGuCTe+ZHN5e qUvf06OsXbpl33eppQ1HGpp2uXlxXPq2VtTCDfZwflTYSwtc09BlIYg2tU3D2WirLPSzNJwE PRaiv6a89IpLqar4CBjygEfg9fNd3Hc+9M4tFw93EXldoAVzFw0ZOwKTwXIu9Hj0v4jrxvub 2QBqhlnHR9bQjYlTW0QxjkDLWhV6Qz56B8hbg5fnb6CGbWoHWauC73I4eGkugBTz9i4G+eIT bPwOyL8A/pgRL8U3jYF9VfPt59AAAAAASUVORK5CYII= --------------0fHhhihLC5XEoD9DMS4fQBTH Content-Type: image/png; name="image002.png" Content-Disposition: inline; filename="image002.png" Content-Id: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAABGdBTUEAA1teXP8meAAAAkdJ REFUOBGlVU1IVFEYPW/ejFpDoUaZjbRpxBZFZEU/lFCLiIgwmILaRCAtpBa2yITWRQXZwrYt giKMaiIIWgS1SaiJ0EVCk23UAklGmKxUxumc27zbvDcPSvuG8+73nft959173713nMa+boRY Fbn2EnayXUPMEmPEO+IR8ZgQ57OoL/odHGFzlUgG+vSS9SUcZ/uR0GgeEtYi1gNc+lcIJQTF ytKsq5wHhGpUa6x8hJfInC/xC2m8GrN23ghTixTzXixRaUCCWpteBf9pN1hfpSkfJZqCYjHX xVyhYOloJIJUSysa4stx9/1rVLsxjOVztp9OgjimEWp7+KzajaL/cAfqa+KWv7DjAK7vS6F7 +35kTvags7UNDn8Ba5fgtgCJQnEeLfUNeHGiC52b29Bctwp71zbbtFjERfrDIIr8BWyrprw6 QMJxHIxyOhtXJnBx10GDYM7w5JcgpbhRI6zY7Vq7kamvYQWGk1h+dia0X4Khr+p98xzf5sKL bg0NhIpJS4JDYb3Z3AQuDzxD7ud3X/fL0SzuDWd8XFmQkWC6jDBubc1SnN60G4eSG1BHXzZf LOIOt8upp7fNRzNk5SPt8LbRxh4hfHtxxZI49jQlkVhWi4npPF59/oTx/FSlxB9mnO46fWV9 lHNEP2Ft8sc00tlBG/+D08WcGU1Zdp+4ZrzFPVQrDXOWPYkeOn1esID2JnNVa8wboQId3LOE bg1dnn8z5egeOEPYQ19+H3oCujSfEErW7b2F0MGXaeHfEvoL0BQrDsUvTR2MjQn98IQAAAAA SUVORK5CYII= --------------0fHhhihLC5XEoD9DMS4fQBTH Content-Type: image/png; name="image003.png" Content-Disposition: inline; filename="image003.png" Content-Id: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAABQAAAAUCAYAAACNiR0NAAAABGdBTUEAA1teXP8meAAAAfdJ REFUOBGdVU0rRGEUPgzD+NyYMoMSsyBjxSwUJUlRikJJ/gELEtlYWCgUFmxYWFrIV/gBYodE SvkqReOjyCBGvp7nmnvdO65mzFPPvOec95znvvd933smyjHeIyawIlYXYAlGJ/gKnoM74AK4 BDJmQIzB+3bqMQyBrqA5PiQvwGaMxyBXMw9qiNYsEQvsQZAJwWK6NM1kzhzIGtYq0K9wAJHu QPw/g1qj7J26woYIxdQHU5QaQkHuzSgdPWpy3FJoz9CHQtljSLBSsBHM1Gc7klJlqrpFhsp5 PmGDT2/iHvJ6GHD56JO+9RU5vLsyxMNw6ijoCU78lE+pys6XNFuiXD89SH9praydH0lZpktS rPEyubshS0e7wWX0i/nK6WYzZVkuKbA7JTXOJrS7PJXy9vEh7jSnjFQ0SJxFf0E0BQcFf912 bVpnzBxsSuvKtKye7ostJlbsCcm62R+Tgt4f92/Li30l7v3PyshtMYGXgnsmE5GGtii4aFZ9 5ruVGxyI//1NaPtev1d2+/Kk+NxPEyxGodvwYp+AhrtokhwqdIGEXPVQOkNlhzHfgRw/BYlZ cFixIvthLTWUb1mV6IUxrjr/GCeQy1oF6grpvIPtILsGm2coMId9oA1krQKz686muQwymd2h CFTbDjd+G+RfAF/x10fxBUHfdXwSyJc0AAAAAElFTkSuQmCC --------------0fHhhihLC5XEoD9DMS4fQBTH Content-Type: image/jpeg; name="image004.jpg" Content-Disposition: inline; filename="image004.jpg" Content-Id: Content-Transfer-Encoding: base64 /9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAoHBwkHBgoJCAkLCwoMDxkQDw4ODx4WFxIZJCAm JSMgIyIoLTkwKCo2KyIjMkQyNjs9QEBAJjBGS0U+Sjk/QD3/2wBDAQsLCw8NDx0QEB09KSMp PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT3/wAAR CABCAEwDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAA AgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkK FhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWG h4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl 5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREA AgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYk NOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOE hYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk 5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwDuVEEHijVg1tHIm2BVQplRu4J9utSafb7f EKaXMwkt7C1DIh+6WLcMR3IHFN069tJ/ED3fn20kGrAJaqJMlzFnfgY7YqK78R6HZ63a6rHq 1ntvIDHsd8b1DYDA44wQRzge9c6g9/P9TijTe9ur+67/AOAPvttvqWr2KKPsz2JuFjI+VHGQ So7Z/nUVmqPB4dWzAjuxteR8bN0YX5gT/Fnjjn1pl3qmmnW9RguNQtE1W6iW0itTJ9wEZGWx jJJBx/OnySQxeH9PujdWqpotwEuZDJ8qlRtcZx1ycVLi77f1cl05czdv6uTXWmRWGoeH7coj EyyeYdv3yQTz68mkvNNistb0W32IyNcTtjb/AAkZAP0zTbnXdP1i/wBLvbG+tJILad1J83BZ thJXpwQATzjgVN/aVj4ovLS80C+tbyXTpC0kIcjKsMdcfkelU4b2Xb9CnS+Ky6r7tP8AI1Jr eFtbkLQxsfsndAf4sfyrBsz/AGV5umXID2d7AZ7UuMhX25ZP6ir669ZSWl5rcl1apaQIbdmE uQrBudxxxyQMVS1TUtHvbO30S61C2t9U2obdDJkh8fLyOm706805Rb1W5U4N+9Fa6/8ADFrV YII9R0DECbWdgyqg+YbOmO9Mm0CTUyt5aPFbJMoZowpGD07ewFV9T8QaZLrtpFHqFn52ll5L iMy/MAFwwHHJHcViat4k03UbwSWfiCytoFUIkaSv9TnC46k1M476XInDWXut6/ojHnlGm6yX BIXQru5IA/hE0px+hp5tPsWh6tbso3L4Wtt3H8RLk/qTV74hSaNoWry2VxZzz/8ACTNEbx1m 2eSsbKqsvB7nnPpVr4nW1ppX2K5jgvZpdR2aa9vb3QiWZBkqrZU9yRxjrXSdxm3LXE3iO708 RRLaXeqaerXLvzG6wo4XbjndtwDnqau6gc/DTxaf+orP/wCj1qLTrpNQ8TS6Jr+hXmj3eqPF eQSLcrIA8AG3bgccJ7/rUHg+bT/G994j0qRtRtIpHeWSAXStGzNJlnUbMqQVHc9aAOhXSbXV /EPi+G7YRqFh2yk4EZa3KlvTgE9an8H4h1mWx1C0jTVrSwhiF1A5aK5tgSEYDscg5H9KwLbW LCz8fX3g4w3OoHUx5d5fXNxlz+6PygBQAAOPxqpo/iW28OaDrevQ2t3dT6fcJpai6ug2YlbC gEKMDn0NAGJIp/4Ru/0sn91fPJqBUekXmh//AB5I63p/+PbXTgE/2ppn/oEVMtNUW1Wx0bX/ AAtcada6ostpBe/aFlkXzm3MMgcAlh/9eoL+We58Z6rZaRoN/frYzQNcxR36xxSsijy2ZSuc /KOh7UAdLYWsWj+J7SyvYYru1n1C4uNOvIZOYpmDF45F9cFgD+YFa/w+APh6fgf8f91/6Nau HlurnSvGdpbafoN9eX/lHU/sLX6iK3llyJMDbzgk9+9WtC+KOi+G7a403VLC/sLyO6laWAkT YZm3H5hjjJPFAGf8RI21jxR4k2HI0vRkxjsxkVz+n8q0/Hl8NS0LwPeKcie/t5M+5UE1j2X9 vavrHjW60XTbO8tb2Z7SWSeXaVVQRhR34IP5VSfUVufh14IaZwv2TV1hdmOAoVj1P0xQB2/i T/ks/hX/AK9pv5NXIeAp/wCzPFGlXmNsN5c3tjK3qQQ65/E102ralZ6n8ZfDJ0+6huhHbzbz C4cL8rdSK5rTtK1DUPhtcXGjQvNqNjrkk8KoMk9FPH0OfwoAZ4bka9+IGg6s+M6nf304OOSg G1f5GqV1/wAk08Yf9hz/ANnFdNFpTaH4x+Hmnuu2SCzlDj0YqS36k1zN1/yTPxh/2HP/AGcU Ab+oeIIPHGt+FdN0W2vGn0+4S4uTNFsCIoXJ5p2m+KbTwx8TPFz3ltezieWMKLWAyYwD19Ot aGun/hH/AB94S1wYWC9gFhcN2OQNufzH/fNL4X1Oy0z4n+M2v7y3tleSLb50gTdgHpmgCwji T49K4BAbR8gHr96vH/iH/wAlA1v/AK+m/pXrE2p2Vv8AHFLua8t47Z9HBSZ5AEbLcYPSvJfH MqX3jjWbizYTwvcsVki+ZT06EUAer+F9c1LT9OsNQtdG06LRtUkmkaG0STzItqsQzscg52YP A61lxzAaNpw1LQtDfTtSt7nULaCJJB5MqRb8tk85AAOMVu+FdWtdP+E2k2tw5WW/t54YAFJB bDnBPbgVh3f/ACK/g3/sD3v/AKTGgCzpmtWWg/DtvEelaDp9rrby/ZWjjQ7d2cnvnG0Zxmpb XxHqmk2usPoNjo9tY6dbw308TJJulaWMO2CDx3H5ViPbzfZ5LPY4txpX9shsfLu+yCLH13ZN a3h/w4PEur6zay6je2tsbKwWaK3KgTKYBkMSCfyx1oA27LX4Nc+JEUFzp1tm2sxJa3BBMkch RHdc5xjbIO1YOm61Yah4JZpNE09ZLvWYoby32NscOwxJjOc49+oqnomr2y+KNOuIo50L63cQ hzC3l+S0flIBIeCfkHGapWq/ZNE8OyNxFqUsMf8A21gujj80Y/lQB0uo63c6/bWWnNp2lSsd ansYRcxuUjEQO1uDnOKqazps95rWrK2gaBeahp9ql1eyPFKxuXYEhYwDkcLjnvVWG1e9u7C3 juZrVpPFF8BNAQHT5TyMgj9K6LxFa29vLf3ekapdw+ItCsUknncZFzHtLBZRjDZweR0oAW88 PWE2m2F5faHp8rSQhYopECtDHszHGcsOhOCetT6Ssml2ht9N0/So4N27awjjO4gZ4DHP1zV/ VL/7Zo2jajMIYzPEJWB2kjcgJ27gRj1qk9zPauUabTYgwDKtwiMxBA5yi4wa5akmpPU4K02p vVnA+CIY2+M97aNGhtoHufKhKjZH1Hyr0HB7VneCVEms+KEcBkttNvBAp5EQ5Hy/3eOOKKK6 jvPV5QP+FNscc/2L/wC0qz/AXGt68R1+w2H/AKT0UUAYsAx8IPDbDhhqkLZ7589uajdFPw28 KEqMrrkeDjp++eiigDm/GcjxeFZHjZkdfEl7hlOCKyfEEjnT/Cb7m3XNntnbPMoEzABv73Hr RRQB7rrgEE/h5IQI0FysYVOBt242/T2rkQAbm6XHyxzuiDsqg8Aegoorhr/F/XkeTjPjf9dE f//Z --------------0fHhhihLC5XEoD9DMS4fQBTH-- --------------51XL3kl4FMWhXbXakW8aClwL--