<# .SYNOPSIS Name: Secure-WindowsServices.ps1 Description: The purpose of this script is to secure any Windows services with insecure permissions. .NOTES Author: Ben Hooper at Astrix Created: 2018/10/05 Tested on: Windows 7 Professional 64-bit, Windows 10 Pro 64-bit Updated: 2018/10/12 Version: 1.2 Changes in v1.2: Enhanced output by (1) changing output type from "check performed-action result" with just "action result" which makes it easier to read with less indentations, (2) adding tags ("[FAILED]", "[SUCCESS]", and "[NOTIFICATION]") for quick checking of results, and (3) tweaking logging behaviour. Changes in v1.1: Added handling of inherited permissions. .PARAMETER LogOutput Logs the output to the default file path "C:\_Secure-WindowsServices.txt". .PARAMETER LogFile When used in combination with -LogOutput, logs the output to the custom specified file path. .EXAMPLE Run with the default settings: Secure-WindowsServices .EXAMPLE Run with the default settings AND logging to the default path: Secure-WindowsServices -LogOutput .EXAMPLE Run with the default settings AND logging to a custom local path: Secure-WindowsServices -LogOutput -LogPath "C:\$env:computername_Secure-WindowsServices.txt" .EXAMPLE Run with the default settings AND logging to a custom network path: Secure-WindowsServices -LogOutput -LogPath "\\servername\filesharename\$env:computername_Secure-WindowsServices.txt" #> #---------------------------------------------------------[Initialisations]-------------------------------------------------------- Param( [switch]$LogOutput, [string]$LogPath ) #----------------------------------------------------------[Declarations]---------------------------------------------------------- $RunAsAdministrator = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator); $LogPath_Default = "C:\$env:computername`_Secure-WindowsServices.txt"; #-----------------------------------------------------------[Functions]------------------------------------------------------------ Function Secure-WindowsServices { Param() Begin { Write-Output "Securing all Windows services..."; } Process { Try { If ($AlreadyRun -Eq $Null){ $AlreadyRun = $False; } Else { $AlreadyRun = $True; } If ($AlreadyRun -Eq $False){ [System.Collections.ArrayList]$FilesChecked = @(); # This is critical to ensuring that the array isn't a fixed size so that items can be added; [System.Collections.ArrayList]$FoldersChecked = @(); # This is critical to ensuring that the array isn't a fixed size so that items can be added; } Write-Output ""; Write-Output "`t Searching for Windows services..."; $WindowsServices = Get-WmiObject Win32_Service | Select Name, DisplayName, PathName | Sort-Object DisplayName; $WindowsServices_Total = $WindowsServices.Length; Write-Output "`t`t $WindowsServices_Total Windows services found."; Write-Output ""; For ($i = 0; $i -LT $WindowsServices_Total; $i++) { $Count = $i + 1; $WindowsService_DisplayName = $WindowsServices[$i].DisplayName; $WindowsService_Path = $WindowsServices[$i].PathName; $WindowsService_File_Path = ($WindowsService_Path -Replace '(.+exe).*', '$1').Trim('"'); $WindowsService_Folder_Path = Split-Path -Parent $WindowsService_File_Path; Write-Output "`t Windows service ""$WindowsService_DisplayName"" ($Count of $WindowsServices_Total)..."; If ($FoldersChecked -Contains $WindowsService_Folder_Path){ Write-Output "`t`t Folder ""$WindowsService_Folder_Path"": Security has already been ensured."; Write-Output ""; } Else { $FoldersChecked += $WindowsService_Folder_Path; Write-Output "`t`t Folder ""$WindowsService_Folder_Path"": Security has not yet been ensured."; Correct-InsecurePermissions -Path $WindowsService_Folder_Path; } If ($FilesChecked -Contains $WindowsService_File_Path){ Write-Output "`t`t File ""$WindowsService_File_Path"": Security has already been ensured."; Write-Output ""; } Else { $FilesChecked += $WindowsService_File_Path; Write-Output "`t`t File ""$WindowsService_File_Path"": Security has not yet been ensured."; Correct-InsecurePermissions -Path $WindowsService_File_Path; } } } Catch { Write-Output "...FAILURE securing all Windows services."; $_.Exception.Message; $_.Exception.ItemName; Break; } } End { If($?){ Write-Output "...Success securing all Windows services."; } } } Function Correct-InsecurePermissions { Param( [Parameter(Mandatory=$true)][String]$Path ) Begin { } Process { Try { $ACL = Get-ACL $Path; $ACL_Access = $ACL | Select -Expand Access; $InsecurePermissionsFound = $False; ForEach ($ACE_Current in $ACL_Access) { $SecurityPrincipal = $ACE_Current.IdentityReference; $Permissions = $ACE_Current.FileSystemRights.ToString() -Split ", "; $Inheritance = $ACE_Current.IsInherited; ForEach ($Permission in $Permissions){ If ((($Permission -Eq "FullControl") -Or ($Permission -Eq "Modify") -Or ($Permission -Eq "Write")) -And (($SecurityPrincipal -Eq "Everyone") -Or ($SecurityPrincipal -Eq "NT AUTHORITY\Authenticated Users") -Or ($SecurityPrincipal -Eq "BUILTIN\Users") -Or ($SecurityPrincipal -Eq "$Env:USERDOMAIN\Domain Users"))) { $InsecurePermissionsFound = $True; Write-Output "`t`t`t [WARNING] Insecure permissions found: ""$Permission"" granted to ""$SecurityPrincipal""."; If ($Inheritance -Eq $True){ $Error.Clear(); Try { $ACL.SetAccessRuleProtection($True,$True); Set-Acl -Path $Path -AclObject $ACL; } Catch { Write-Output "`t`t`t`t [FAILURE] Could not convert permissions from inherited to explicit."; } If (!$error){ Write-Output "`t`t`t`t [SUCCESS] Converted permissions from inherited to explicit."; } # Once permission inheritance has been disabled, the permissions need to be re-acquired in order to remove ACEs $ACL = Get-ACL $Path; } Else { Write-Output "`t`t`t`t [NOTIFICATION] Permissions not inherited."; } Write-Output ""; $Error.Clear(); Try { $ACE_New = New-Object System.Security.AccessControl.FileSystemAccessRule($SecurityPrincipal, $Permission, , , "Allow"); $ACL.RemoveAccessRuleAll($ACE_New); Set-Acl -Path $Path -AclObject $ACL; } Catch { Write-Output "`t`t`t`t [FAILURE] Insecure permissions could not be removed."; } If (!$error){ Write-Output "`t`t`t`t [SUCCESS] Removed insecure permissions."; } Write-Output ""; } } } If ($InsecurePermissionsFound -Eq $False) { Write-Output "`t`t`t [NOTIFICATION] No insecure permissions found."; Write-Output ""; } } Catch { Write-Output "`t`t`t ...FAILURE."; $_.Exception.Message; $_.Exception.ItemName; Break; } } End { If($?){ } } } #-----------------------------------------------------------[Execution]------------------------------------------------------------ If ($LogOutput -Eq $True) { If (-Not $LogPath) { $LogPath = $LogPath_Default; } Start-Transcript -Path $LogPath -Append | Out-Null; Write-Output "Logging output to file ""$LogPath""..."; Write-Output ""; } Write-Output "Administrative permissions required. Checking..."; If ($RunAsAdministrator -Eq $False) { Write-Output "`t This script was not run as administrator. Exiting..."; Break; } ElseIf ($RunAsAdministrator -Eq $True) { Write-Output "`t This script was run as administrator. Proceeding..."; Write-Output ""; Write-Output "----------------------------------------------------------------"; Write-Output ""; Secure-WindowsServices; } Write-Output ""; Write-Output "----------------------------------------------------------------"; Write-Output ""; Write-Output "Script complete. Exiting..."; If ($LogOutput -Eq $True) { Stop-Transcript | Out-Null; } # SIG # Begin signature block # MIIVMAYJKoZIhvcNAQcCoIIVITCCFR0CAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR # AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQU1tl1cLIG54equwKlskV5mA7L # IeugghAfMIIEmTCCA4GgAwIBAgIPFojwOSVeY45pFDkH5jMLMA0GCSqGSIb3DQEB # BQUAMIGVMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQg # TGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNV # BAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTEdMBsGA1UEAxMUVVROLVVTRVJG # aXJzdC1PYmplY3QwHhcNMTUxMjMxMDAwMDAwWhcNMTkwNzA5MTg0MDM2WjCBhDEL # MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE # BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKjAoBgNVBAMT # IUNPTU9ETyBTSEEtMSBUaW1lIFN0YW1waW5nIFNpZ25lcjCCASIwDQYJKoZIhvcN # AQEBBQADggEPADCCAQoCggEBAOnpPd/XNwjJHjiyUlNCbSLxscQGBGue/YJ0UEN9 # xqC7H075AnEmse9D2IOMSPznD5d6muuc3qajDjscRBh1jnilF2n+SRik4rtcTv6O # KlR6UPDV9syR55l51955lNeWM/4Og74iv2MWLKPdKBuvPavql9LxvwQQ5z1IRf0f # aGXBf1mZacAiMQxibqdcZQEhsGPEIhgn7ub80gA9Ry6ouIZWXQTcExclbhzfRA8V # zbfbpVd2Qm8AaIKZ0uPB3vCLlFdM7AiQIiHOIiuYDELmQpOUmJPv/QbZP7xbm1Q8 # ILHuatZHesWrgOkwmt7xpD9VTQoJNIp1KdJprZcPUL/4ygkCAwEAAaOB9DCB8TAf # BgNVHSMEGDAWgBTa7WR0FJwUPKvdmam9WyhNizzJ2DAdBgNVHQ4EFgQUjmstM2v0 # M6eTsxOapeAK9xI1aogwDgYDVR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwFgYD # VR0lAQH/BAwwCgYIKwYBBQUHAwgwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2Ny # bC51c2VydHJ1c3QuY29tL1VUTi1VU0VSRmlyc3QtT2JqZWN0LmNybDA1BggrBgEF # BQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20w # DQYJKoZIhvcNAQEFBQADggEBALozJEBAjHzbWJ+zYJiy9cAx/usfblD2CuDk5oGt # Joei3/2z2vRz8wD7KRuJGxU+22tSkyvErDmB1zxnV5o5NuAoCJrjOU+biQl/e8Vh # f1mJMiUKaq4aPvCiJ6i2w7iH9xYESEE9XNjsn00gMQTZZaHtzWkHUxY93TYCCojr # QOUGMAu4Fkvc77xVCf/GPhIudrPczkLv+XZX4bcKBUCYWJpdcRaTcYxlgepv84n3 # +3OttOe/2Y5vqgtPJfO44dXddZhogfiqwNGAwsTEOYnB9smebNd0+dmX+E/CmgrN # Xo/4GengpZ/E8JIh5i15Jcki+cPwOoRXrToW9GOUEB1d0MYwggWaMIIEgqADAgEC # AhEA5+9O8chDX2TZpbrTK3TN+zANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJH # QjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3Jk # MRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDEjMCEGA1UEAxMaQ09NT0RPIFJT # QSBDb2RlIFNpZ25pbmcgQ0EwHhcNMTgwOTI1MDAwMDAwWhcNMTkwOTI1MjM1OTU5 # WjCB3jELMAkGA1UEBhMCR0IxETAPBgNVBBEMCENGNDUgNFNOMRowGAYDVQQIDBFS # aG9uZGRhIEN5bm9uIFRhZjESMBAGA1UEBwwJQWJlcmN5bm9uMScwJQYDVQQJDB5W # ZW50dXJlIEhvdXNlLCBOYXZpZ2F0aW9uIFBhcmsxKjAoBgNVBAoMIUFzdHJpeCBJ # bnRlZ3JhdGVkIFN5c3RlbXMgTGltaXRlZDELMAkGA1UECwwCSVQxKjAoBgNVBAMM # IUFzdHJpeCBJbnRlZ3JhdGVkIFN5c3RlbXMgTGltaXRlZDCCASIwDQYJKoZIhvcN # AQEBBQADggEPADCCAQoCggEBAO0miT1vPgd4HI8wZFQZeX/WkRhGW4tJbidMxVUr # dEzjohmiAT8U1igUhltAaypUd2em5OWs90lypNEV85Xg9dvfZA+Uz8Jg2YenyV6k # Yvfcz6ckzh2A3UudbYVoeLlhj5H5WvvPoiVB0a+pP5p/wEZ8diz125Dii7fpsQNX # niE1dIB+6BYCDkBs2NG+5riEyjK2bizO+VE3EBs0H4XAtoAOomFhhd4YuZCTZFvw # mGyCWqqYRHoEk9g4iJhpaiqaafjNbtudDUCxlwz+JUX23VMmlZHfM2McIidKGBF5 # eUzpnlXZBXb3Gw2TI5XXbqHIR6XbIHvo7PthqopmL1nmrSkCAwEAAaOCAbEwggGt # MB8GA1UdIwQYMBaAFCmRYP+KTfrr+aZquM/55ku9Sc4SMB0GA1UdDgQWBBQ/9Ss6 # 0a6UZaeK59pJH7hks1zNyzAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADAT # BgNVHSUEDDAKBggrBgEFBQcDAzARBglghkgBhvhCAQEEBAMCBBAwRgYDVR0gBD8w # PTA7BgwrBgEEAbIxAQIBAwIwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUu # Y29tb2RvLm5ldC9DUFMwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5jb21v # ZG9jYS5jb20vQ09NT0RPUlNBQ29kZVNpZ25pbmdDQS5jcmwwdAYIKwYBBQUHAQEE # aDBmMD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9S # U0FDb2RlU2lnbmluZ0NBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29t # b2RvY2EuY29tMCIGA1UdEQQbMBmBF2Jlbi5ob29wZXJAYXN0cml4LmNvLnVrMA0G # CSqGSIb3DQEBCwUAA4IBAQAo/i6qoDQOLeeuRT1jPRa4FxEgeVIwIxMEOGBhYYq4 # DGrgcIei1zWNy7/6gAhG07TLxeYUaykMC/iQmwzfXAyfFSyZm6OmHYKZvTiuPE80 # v+A9FZG17Q2QpAoYpCbnqlUWW/U7QMMIx5s9WXmqCXGzzNX5RgPZ4P5+EdyLytF2 # LcaOoMwm6IMbalBHZXCxocDmw0C0aU3CiaJp3ThnNwzkrrxB2+8Al+NgilVhN37s # DkkZ3UAYesFAmpzToPAxeTCooIRFqCVbKVGFJAowL+GKwUQIPE9St/+MnqcLEwmA # BFA//r3ppWICmA7MDk9jR9rz4mb/ErrvMCocccA7wCwsMIIF4DCCA8igAwIBAgIQ # LnyHzA6TSlL+lP0ct800rzANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UEBhMCR0Ix # GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEa # MBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0Eg # Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTMwNTA5MDAwMDAwWhcNMjgwNTA4 # MjM1OTU5WjB9MQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVz # dGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRl # ZDEjMCEGA1UEAxMaQ09NT0RPIFJTQSBDb2RlIFNpZ25pbmcgQ0EwggEiMA0GCSqG # SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmmJBjd5E0f4rR3elnMRHrzB79MR2zuWJX # P5O8W+OfHiQyESdrvFGRp8+eniWzX4GoGA8dHiAwDvthe4YJs+P9omidHCydv3Lj # 5HWg5TUjjsmK7hoMZMfYQqF7tVIDSzqwjiNLS2PgIpQ3e9V5kAoUGFEs5v7BEvAc # P2FhCoyi3PbDMKrNKBh1SMF5WgjNu4xVjPfUdpA6M0ZQc5hc9IVKaw+A3V7Wvf2p # L8Al9fl4141fEMJEVTyQPDFGy3CuB6kK46/BAW+QGiPiXzjbxghdR7ODQfAuADcU # uRKqeZJSzYcPe9hiKaR+ML0btYxytEjy4+gh+V5MYnmLAgaff9ULAgMBAAGjggFR # MIIBTTAfBgNVHSMEGDAWgBS7r34CPfqm8TyEjq3uOJjs2TIy1DAdBgNVHQ4EFgQU # KZFg/4pN+uv5pmq4z/nmS71JzhIwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQI # MAYBAf8CAQAwEwYDVR0lBAwwCgYIKwYBBQUHAwMwEQYDVR0gBAowCDAGBgRVHSAA # MEwGA1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9E # T1JTQUNlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHEGCCsGAQUFBwEBBGUwYzA7 # BggrBgEFBQcwAoYvaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQWRk # VHJ1c3RDQS5jcnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNv # bTANBgkqhkiG9w0BAQwFAAOCAgEAAj8COcPu+Mo7id4MbU2x8U6ST6/COCwEzMVj # EasJY6+rotcCP8xvGcM91hoIlP8l2KmIpysQGuCbsQciGlEcOtTh6Qm/5iR0rx57 # FjFuI+9UUS1SAuJ1CAVM8bdR4VEAxof2bO4QRHZXavHfWGshqknUfDdOvf+2dVRA # GDZXZxHNTwLk/vPa/HUX2+y392UJI0kfQ1eD6n4gd2HITfK7ZU2o94VFB696aSdl # kClAi997OlE5jKgfcHmtbUIgos8MbAOMTM1zB5TnWo46BLqioXwfy2M6FafUFRun # UkcyqfS/ZEfRqh9TTjIwc8Jvt3iCnVz/RrtrIh2IC/gbqjSm/Iz13X9ljIwxVzHQ # NuxHoc/Li6jvHBhYxQZ3ykubUa9MCEp6j+KjUuKOjswm5LLY5TjCqO3GgZw1a6lY # YUoKl7RLQrZVnb6Z53BtWfhtKgx/GWBfDJqIbDCsUgmQFhv/K53b0CDKieoofjKO # Gd97SDMe12X4rsn4gxSTdn1k0I7OvjV9/3IxTZ+evR5sL6iPDAZQ+4wns3bJ9ObX # wzTijIchhmH+v1V04SF3AwpobLvkyanmz1kl63zsRQ55ZmjoIs2475iFTZYRPAmK # 0H+8KCgT+2rKVI2SXM3CZZgGns5IW9S1N5NGQXwH3c/6Q++6Z2H/fUnguzB9XIDj # 5hY5S6cxggR7MIIEdwIBATCBkjB9MQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl # YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P # RE8gQ0EgTGltaXRlZDEjMCEGA1UEAxMaQ09NT0RPIFJTQSBDb2RlIFNpZ25pbmcg # Q0ECEQDn707xyENfZNmlutMrdM37MAkGBSsOAwIaBQCgeDAYBgorBgEEAYI3AgEM # MQowCKACgAChAoAAMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQB # gjcCAQsxDjAMBgorBgEEAYI3AgEVMCMGCSqGSIb3DQEJBDEWBBTDur+JSNOlg26p # I5GDZx2YTebugTANBgkqhkiG9w0BAQEFAASCAQBTfz/9MBy271ruvKTjr/nOEIVk # y/PBhEjyqeKcMxdArnO4W7s7+74cpvP/+1Nsi1n4I322dfNJ818T94OHrcZ8sRdD # fHhQBnEwSDybJiXJ1diUR+Zxig5fy7epU5VMZePCkzSIgwPNI9ogvppUU5ijh9t2 # 6vYjBDDxCQVHiMGc/1D8TI/FM9WVEY/XpdcOEt/eBQgBWG+juZO6d0Ht83D4PTnl # 3MUjb0u+MZtrDfpM29qdoW1ey1lUYlk4Dlw0ZECevAIT8WG7+cI2LdbCXo1N9MCj # KNOdshzpDEqLo6pO/aQ6g/KQufdgBDOV2DG1K3NCqxHPMbqS3QbAshr9B+dpoYIC # QzCCAj8GCSqGSIb3DQEJBjGCAjAwggIsAgEBMIGpMIGVMQswCQYDVQQGEwJVUzEL # MAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVU # aGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRy # dXN0LmNvbTEdMBsGA1UEAxMUVVROLVVTRVJGaXJzdC1PYmplY3QCDxaI8DklXmOO # aRQ5B+YzCzAJBgUrDgMCGgUAoF0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc # BgkqhkiG9w0BCQUxDxcNMTgxMDE1MDk0MzA2WjAjBgkqhkiG9w0BCQQxFgQUskO9 # kO5pePBioaNNvk0KMDndln4wDQYJKoZIhvcNAQEBBQAEggEAqOlw7VFZllDEFXPd # vgAP+XQ9xQ7GZTKMfSVz72e5iMOCFaXuchgUZiq3IhLZXxYfjZ7cgEfJ9qR322Vm # fqgUxtY9+rwDoUOs/OnnqZhI9SK34AaFh8Ndq5HJbT3sx39ho9W+ka6yjLH8JaZ1 # eeM2gJZQ9QCJhnB3kN4DTEvemtmadWkh/cf9PCb7me18u33Q6EXXMWp3sIGjCoAR # LpIgYwqJ+/+SKK3Q7rIvLXIA+3HX2b2bJqZ0T8AAs2U3r4Paaazo2FkicRHoUEHb # 1CvOqx2eoA3J/we7cs8NWrn9ogKxzC5lFZOTTP6zcDpD5njbompWwG6B/DciSfRI # mPj5HA== # SIG # End signature block