Checks/check-ORCA118_4.ps1
using module "..\ORCA.psm1" class ORCA118_4 : ORCACheck { <# CONSTRUCTOR with Check Header Data #> ORCA118_4() { $this.Control="118-4" $this.Area="Transport Rules" $this.Name="Domain Whitelisting" $this.PassText="Your own domains are not being allow listed in an unsafe manner" $this.FailRecommendation="Remove allow listing on domains belonging to your organisation" $this.Importance="Emails coming from whitelisted domains bypass several layers of protection within Exchange Online Protection. When allow listing your own domains, an attacker can spoof any account in your organisation that has this domain. This is a significant phishing attack vector." $this.ExpandResults=$True $this.CheckType=[CheckType]::ObjectPropertyValue $this.ObjectType="Transport Rule" $this.ItemName="Condition" $this.DataType="Whitelisted Address" $this.ChiValue=[ORCACHI]::Critical $this.Links= @{ "Exchange admin center in Exchange Online"="https://outlook.office365.com/ecp/" "Using Exchange Transport Rules (ETRs) to allow specific senders"="https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/create-safe-sender-lists-in-office-365#using-exchange-transport-rules-etrs-to-allow-specific-senders-recommended" } } <# RESULTS #> GetResults($Config) { $Check = "Transport Rule SCL" # Look through Transport Rule for an action SetSCL -1 ForEach($TransportRule in $Config["TransportRules"]) { If($TransportRule.SetSCL -eq "-1") { #Rules that apply to the sender domain #From Address notmatch is to include if just domain name is value If($TransportRule.SenderDomainIs -ne $null -or ($TransportRule.FromAddressContainsWords -ne $null -and $TransportRule.FromAddressContainsWords -notmatch ".+@") -or ($TransportRule.FromAddressMatchesPatterns -ne $null -and $TransportRule.FromAddressMatchesPatterns -notmatch ".+@")) { #Look for condition that checks auth results header and its value If(($TransportRule.HeaderContainsMessageHeader -eq 'Authentication-Results' -and $TransportRule.HeaderContainsWords -ne $null) -or ($TransportRule.HeaderMatchesMessageHeader -like '*Authentication-Results*' -and $TransportRule.HeaderMatchesPatterns -ne $null)) { # OK } #Look for exception that checks auth results header and its value elseif(($TransportRule.ExceptIfHeaderContainsMessageHeader -eq 'Authentication-Results' -and $TransportRule.ExceptIfHeaderContainsWords -ne $null) -or ($TransportRule.ExceptIfHeaderMatchesMessageHeader -like '*Authentication-Results*' -and $TransportRule.ExceptIfHeaderMatchesPatterns -ne $null)) { # OK } elseif($TransportRule.SenderIpRanges -ne $null) { # OK } #Look for condition that checks for any other header and its value else { ForEach($RuleDomain in $($TransportRule.SenderDomainIs)) { # Is this domain an organisation domain? If(@($Config["AcceptedDomains"] | Where-Object {$_.Name -eq $RuleDomain}).Count -gt 0) { # Check objects $ConfigObject = [ORCACheckConfig]::new() $ConfigObject.Object=$($TransportRule.Name) $ConfigObject.ConfigItem="From Domain" $ConfigObject.ConfigData=$($RuleDomain) if($TransportRule.State -eq "Disabled") { $ConfigObject.InfoText = "This rule is marked as disabled, while this rule will not apply, it is being flagged incase of accidental enablement." $ConfigObject.SetResult([ORCAConfigLevel]::Informational,"Fail") } else { $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail") } $this.AddConfig($ConfigObject) } } ForEach($FromAddressContains in $($TransportRule.FromAddressContainsWords)) { # Is this domain an organisation domain? If(@($Config["AcceptedDomains"] | Where-Object {$_.Name -eq $FromAddressContains}).Count -gt 0) { # Check objects $ConfigObject = [ORCACheckConfig]::new() $ConfigObject.Object=$($TransportRule.Name) $ConfigObject.ConfigItem="From Contains" $ConfigObject."$($FromAddressContains)" if($TransportRule.State -eq "Disabled") { $ConfigObject.InfoText = "This rule is marked as disabled, while this rule will not apply, it is being flagged incase of accidental enablement." $ConfigObject.SetResult([ORCAConfigLevel]::Informational,"Fail") } else { $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail") } $this.AddConfig($ConfigObject) } } } } } } } } # SIG # Begin signature block # MIIl1wYJKoZIhvcNAQcCoIIlyDCCJcQCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAwvSDi+oZZcLkZ # 7r4mlBK5F6NyOFwi650aaq4mD3hCpaCCC6EwggUGMIID7qADAgECAhMzAAAE4xrK # 0/aegtm7AAEAAATjMA0GCSqGSIb3DQEBCwUAMHkxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xIzAhBgNVBAMTGk1pY3Jvc29mdCBUZXN0aW5nIFBD # QSAyMDEwMB4XDTIxMDkwMjE5MjYyOFoXDTIyMDkwMTE5MjYyOFowfDELMAkGA1UE # BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc # BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdQ29kZSBTaWdu # IFRlc3QgKERPIE5PVCBUUlVTVCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK # AoIBAQDokaNBqvPFgH8yAnEicnWyLoQ58nf7j+B20b5uqsDq9EXWyt87+Wc9CCFh # +9gxWx6wx+iRsO/yT8SZhxi/w00uxM5jDWnbAbSIMB2VrNnLGNOxAQj674zPskBs # ecseXAMHA/+o5ujZOse4EorLmTfJ5f/Zzun8KVVwlSd1CVlj0hgk28xmTdLV7ZWw # 0wV9e/0p/XOHSRUNWw8gFfIfzli3oVV4H/DzT2o1jD4HIt3QIX1kRRXVqleASUgD # Z6/6JthrKti4xfyMdSUGyXuxEoe6zZ4EOXltaHw7hqZzH2Ufl3UxB6HmdxvG9BI4 # 3LVKq3pFO+Nj3NdMVkyptnjDJnGpAgMBAAGjggGCMIIBfjATBgNVHSUEDDAKBggr # BgEFBQcDAzAdBgNVHQ4EFgQUPMsdBtvwLsgDf0B50WrJSL+NYrEwUAYDVR0RBEkw # R6RFMEMxKTAnBgNVBAsTIE1pY3Jvc29mdCBPcGVyYXRpb25zIFB1ZXJ0byBSaWNv # MRYwFAYDVQQFEw0yMzAwNzIrNDY3NjA2MB8GA1UdIwQYMBaAFL9loqtvdaNORZZX # Bc85h/TAFRwcMFwGA1UdHwRVMFMwUaBPoE2GS2h0dHA6Ly93d3cubWljcm9zb2Z0 # LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUyMFRlc3RpbmclMjBQQ0ElMjAyMDEw # KDEpLmNybDBpBggrBgEFBQcBAQRdMFswWQYIKwYBBQUHMAKGTWh0dHA6Ly93d3cu # bWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwVGVzdGluZyUy # MFBDQSUyMDIwMTAoMSkuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQAD # ggEBAAylFduuUCCNS+ejRtNeqm7geSoNzl+E0wbGZi4W9+rqo972KaS338FB5Y5G # 8PNqaN3RNqNaHra/zI97JaLYjrZ+iCmKMzROdVS5cR/WpAla36J/tpuVSvNwwvW1 # 5KHRv6PEzGQ7BQYU55cMTkUwNtRVbARMdjcFa3pbuIkioVsoFNVOZ4e8aOSPV+Vz # PVmOU2xltmM/8IOgTSfFTCJhqY7d/vjqajXAXg2olbbJ2vX051uUuFfIyfo/5xJS # uyWOUCZ1opzXHy5EwrkmdZs6orQtMy1akT6UYjl4x5VZsqiszDshDNjVgRUdR97M # d7NxQZEScdZfoTf0byI8Cwtp8JIwggaTMIIEe6ADAgECAhMzAAAALTV6RojJB3HY # AAAAAAAtMA0GCSqGSIb3DQEBCwUAMIGQMQswCQYDVQQGEwJVUzETMBEGA1UECBMK # V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0 # IENvcnBvcmF0aW9uMTowOAYDVQQDEzFNaWNyb3NvZnQgVGVzdGluZyBSb290IENl # cnRpZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTIwMTIxMDIwNDMyMFoXDTM1MDYx # NzIxMDQxMVoweTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAO # BgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEj # MCEGA1UEAxMaTWljcm9zb2Z0IFRlc3RpbmcgUENBIDIwMTAwggEiMA0GCSqGSIb3 # DQEBAQUAA4IBDwAwggEKAoIBAQC/PGCBq77s/9cXY/KmQtETYpywF866Rhp7Ii5V # c5pUucbU0cqY/ndHDY6d8F7M+FTv8s8q1GLxqTQKBNfFBYbyEPVN05YIZoXbAn0Y # 3OJ6I6eaKV2ueRjPDGPwGv+BqalDP6kLuVHxs0g6/EQuXxHFVjr/yg7NiAjB/cfV # 9T7v6k4bcosjvUU3nh9wwafJuCBz7fNsPYshBc93Ev6h3AfpDVt4CWwyVRBH0DfI # x/f6c/5GNORWFqg3ZFPWNfvDgLaOtoaRoRDWwUr243rUEQqy3i6eEJfgga4SXYgB # XcykxChSnGDwCuaIr0vpV4rsow83Hin2XSHT19pdDslO241tAgMBAAGjggH6MIIB # 9jAOBgNVHQ8BAf8EBAMCAYYwEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3 # FQIEFgQU6p9fM7bQX56t6y2mwQK7QDjL57UwHQYDVR0OBBYEFL9loqtvdaNORZZX # Bc85h/TAFRwcMFQGA1UdIARNMEswSQYEVR0gADBBMD8GCCsGAQUFBwIBFjNodHRw # Oi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9yeS5odG0w # GQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV # HSMEGDAWgBSjAQR+MIgz67kxnMrrhXZn/GW00TBZBgNVHR8EUjBQME6gTKBKhkho # dHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNUZXNS # b29DZXJBdXRfMjAxMC0wNi0xNy5jcmwwgY0GCCsGAQUFBwEBBIGAMH4wTQYIKwYB # BQUHMAKGQWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljVGVz # Um9vQ2VyQXV0XzIwMTAtMDYtMTcuY3J0MC0GCCsGAQUFBzABhiFodHRwOi8vb25l # b2NzcC5taWNyb3NvZnQuY29tL29jc3AwDQYJKoZIhvcNAQELBQADggIBACe00IWy # nswPpCpTc9Vt2tcxAMj2/2PI9gERtRiS2ty0+a8m6PxKeb3BZ7CIA3llzzU1BViO # 4oMGlvW6fhJZUJvg8NU9nQnzu0bNh7104nfQRgZ6IhppK2QsuYs5gAzqgiciojBX # IiTZIT+raUa3w6/Bxl682Y+RViOTqfImLkR29LpyI9GZb1tFZFPilZTxtkhAv3fw # sTiUc5ACLGsBCJZ6zlLOnZTzkTSct1oOvnD8jbwn9nX7jNbU1qjWmtUI6quiyeg1 # R9V/WS+zB9bcVjaXU+IBinywbI7nsZrO1d0GgQ4FwMt519w+tr340t0QXfo2QTSD # 711uiQVjsrGFQnxakyIKY3jKP0soUu9Bty0Ywklj0TAcWJ+bamBqJpp8oXUbLP42 # u4nMQSCnKwyj9/0BUFD+oJ09BAYRandAMhp5/i2z1BPH5GYMoIEMxMUuAWaaFu1R # jQlaMuQqfuyjP8shwNSV7+nlOIUPhWF9mcBy9hAdd+6yWfKn7K6FbMBKcBA2c4g7 # p9zUkUjCQORwz6T9Oyl8BqPMeihIDBeSs5auNENXrAjRjMxUesTJDSFnk2chdsve # WtOQ4+N/c0G7WdpI0RrJJ25K0NsVWNXdNegQ0SdmK6AkphLCaHOhgczWeCKk3ms1 # 2omIrm6SnoTwsPOLeXn/tdy0lBjf5mAcMmiyMYIZjDCCGYgCAQEwgZAweTELMAkG # A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx # HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEjMCEGA1UEAxMaTWljcm9z # b2Z0IFRlc3RpbmcgUENBIDIwMTACEzMAAATjGsrT9p6C2bsAAQAABOMwDQYJYIZI # AWUDBAIBBQCggbAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGC # NwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIHMfEitq70+HhooD # d61+PAh4Xi9YA514DZ4vnZYmlifDMEQGCisGAQQBgjcCAQwxNjA0oBSAEgBNAGkA # YwByAG8AcwBvAGYAdKEcgBpodHRwczovL3d3dy5taWNyb3NvZnQuY29tIDANBgkq # hkiG9w0BAQEFAASCAQBDcOsfsH0H17bmmrn36M2fSff25r2AoWSjgGoxYwH+2bg8 # dVy41veTvFeIqvULligB9ZmxLk1CkDs7veQ+RGPdQNZDN5ozBmx5rA79nkYhbMJ6 # 8sNqOUXaXCwSYeFgGZFHtEOuBd+cT0pIVsgcb4Bat+EDaB1T6AW/1KGPfmxtsPI9 # hyvrEYYGr1Zjla32C19XrHZTjDTsXu26G5TB/hmRqEyRsS29B9ZdKb20bKvKkUKx # iAF4Z6w15tFt6sN9kCH/o+SqwYbfYtaKuhnt0kl9UstoMvpGdnMbE5xRXWFrTUn6 # E7HGBQWrwh1Jb26T7jhUIVLs4poYjjeUZ67ZsgTxoYIXGTCCFxUGCisGAQQBgjcD # AwExghcFMIIXAQYJKoZIhvcNAQcCoIIW8jCCFu4CAQMxDzANBglghkgBZQMEAgEF # ADCCAVkGCyqGSIb3DQEJEAEEoIIBSASCAUQwggFAAgEBBgorBgEEAYRZCgMBMDEw # DQYJYIZIAWUDBAIBBQAEIDhiGXSa5M2inXTH5hEuVoDWjIjq+wwcunhq7Kt0Ex34 # AgZiu0Ze2hAYEzIwMjIwNzE0MDkyNjEwLjg5OVowBIACAfSggdikgdUwgdIxCzAJ # BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25k # MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xLTArBgNVBAsTJE1pY3Jv # c29mdCBJcmVsYW5kIE9wZXJhdGlvbnMgTGltaXRlZDEmMCQGA1UECxMdVGhhbGVz # IFRTUyBFU046QTI0MC00QjgyLTEzMEUxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1l # LVN0YW1wIFNlcnZpY2WgghFoMIIHFDCCBPygAwIBAgITMwAAAY16VS54dJkqtwAB # AAABjTANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz # aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv # cnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAx # MDAeFw0yMTEwMjgxOTI3NDVaFw0yMzAxMjYxOTI3NDVaMIHSMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJl # bGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJjAkBgNVBAsTHVRoYWxlcyBUU1MgRVNO # OkEyNDAtNEI4Mi0xMzBFMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBT # ZXJ2aWNlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2jRILZg+O6U7 # dLcuwBPMB+0tJUz0wHLqJ5f7KJXQsTzWToADUMYV4xVZnp9mPTWojUJ/l3O4Xqeg # LDNduFAObcitrLyY5HDsxAfUG1/2YilcSkSP6CcMqWfsSwULGX5zlsVKHJ7tvwg2 # 6y6eLklUdFMpiq294T4uJQdXd5O7mFy0vVkaGPGxNWLbZxKNzqKtFnWQ7jMtZ05X # vafkIWZrNTFv8GGpAlHtRsZ1A8KDo6IDSGVNZZXbQs+fOwMOGp/Bzod8f1YI8Gb2 # oN/mx2ccvdGr9la55QZeVsM7LfTaEPQxbgAcLgWDlIPcmTzcBksEzLOQsSpBzsqP # aWI9ykVw5ofmrkFKMbpQT5EMki2suJoVM5xGgdZWnt/tz00xubPSKFi4B4IMFUB9 # mcANUq9cHaLsHbDJ+AUsVO0qnVjwzXPYJeR7C/B8X0Ul6UkIdplZmncQZSBK3yZQ # y+oGsuJKXFAq3BlxT6kDuhYYvO7itLrPeY0knut1rKkxom+ui6vCdthCfnAiykny # RC2lknqzz8x1mDkQ5Q6Ox9p6/lduFupSJMtgsCPN9fIvrfppMDFIvRoULsHOdLJj # rRli8co5M+vZmf20oTxYuXzM0tbRurEJycB5ZMbwznsFHymOkgyx8OeFnXV3car4 # 5uejI1B1iqUDbeSNxnvczuOhcpzwackCAwEAAaOCATYwggEyMB0GA1UdDgQWBBR4 # zJFuh59GwpTuSju4STcflihmkzAfBgNVHSMEGDAWgBSfpxVdAF5iXYP05dJlpxtT # NRnpcjBfBgNVHR8EWDBWMFSgUqBQhk5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20v # cGtpb3BzL2NybC9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENBJTIwMjAxMCgx # KS5jcmwwbAYIKwYBBQUHAQEEYDBeMFwGCCsGAQUFBzAChlBodHRwOi8vd3d3Lm1p # Y3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAl # MjBQQ0ElMjAyMDEwKDEpLmNydDAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsG # AQUFBwMIMA0GCSqGSIb3DQEBCwUAA4ICAQA1r3Oz0lEq3VvpdFlh3YBxc4hnYkAL # yYPDa9FO4XgqwkBm8Lsb+lK3tbGGgpi6QJbK3iM3BK0ObBcwRaJVCxGLGtr6Jz9h # RumRyF8o4n2y3YiKv4olBxNjFShSGc9E29JmVjBmLgmfjRqPc/2rD25q4ow4uA3r # c9ekiaufgGhcSAdek/l+kASbzohOt/5z2+IlgT4e3auSUzt2GAKfKZB02ZDGWKKe # CY3pELj1tuh6yfrOJPPInO4ZZLW3vgKavtL8e6FJZyJoDFMewJ59oEL+AK3e2M2I # 4IFE9n6LVS8bS9UbMUMvrAlXN5ZM2I8GdHB9TbfI17Wm/9Uf4qu588PJN7vCJj9s # +KxZqXc5sGScLgqiPqIbbNTE+/AEZ/eTixc9YLgTyMqakZI59wGqjrONQSY7u0VE # DkEE6ikz+FSFRKKzpySb0WTgMvWxsLvbnN8ACmISPnBHYZoGssPAL7foGGKFLdAB # TQC2PX19WjrfyrshHdiqSlCspqIGBTxRaHtyPMro3B/26gPfCl3MC3rC3NGq4xGn # IHDZGSizUmGg8TkQAloVdU5dJ1v910gjxaxaUraGhP8IttE0RWnU5XRp/sGaNmDc # MwbyHuSpaFsn3Q21OzitP4BnN5tprHangAC7joe4zmLnmRnAiUc9sRqQ2bmsMAvU # psO8nlOFmiM1LzCCB3EwggVZoAMCAQICEzMAAAAVxedrngKbSZkAAAAAABUwDQYJ # KoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u # MRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRp # b24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0 # eSAyMDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4MzIyNVowfDELMAkGA1UE # BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc # BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0 # IFRpbWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK # AoICAQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qlsTnXIyjVX9gF/bErg4r25 # PhdgM/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLAEBjoYH1qUoNEt6aORmsH # FPPFdvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrEqv1yaa8dq6z2Nr41JmTa # mDu6GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyFVk3v3byNpOORj7I5LFGc # 6XBpDco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1oO5pGve2krnopN6zL64NF # 50ZuyjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg3viSkR4dPf0gz3N9QZpG # dc3EXzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2TPYrbqgSUei/BQOj0XOm # TTd0lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07BMzlMjgK8QmguEOqEUUbi # 0b1qGFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJNmSLW6CmgyFdXzB0kZSU # 2LlQ+QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6r1AFemzFER1y7435UsSF # F5PAPBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+auIurQIDAQABo4IB3TCC # AdkwEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIEFgQUKqdS/mTEmr6C # kTxGNSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMFwGA1Ud # IARVMFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cu # bWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0bTATBgNVHSUE # DDAKBggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8E # BAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV9lbLj+iiXGJo0T2U # kFvXzpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLm1pY3Jvc29mdC5j # b20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcmww # WgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8vd3d3Lm1pY3Jvc29m # dC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNydDANBgkq # hkiG9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL/Klv6lwUtj5OR2R4sQaT # lz0xM7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu6WZnOlNN3Zi6th542DYu # nKmCVgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5tggz1bSNU5HhTdSRXud2f # 8449xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfgQJY4rPf5KYnDvBewVIVC # s/wMnosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8sCXgU6ZGyqVvfSaN0DLzs # kYDSPeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCrdTDFNLB62FD+CljdQDzH # VG2dY3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZc9d/HltEAY5aGZFrDZ+k # KNxnGSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2tVdUCbFpAUR+fKFhbHP+ # CrvsQWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8CwYKiexcdFYmNcP7ntdAo # GokLjzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9JZTmdHRbatGePu1+oDEz # fbzL6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDBcQZqELQdVTNYs6FwZvKh # ggLXMIICQAIBATCCAQChgdikgdUwgdIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpX # YXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQg # Q29ycG9yYXRpb24xLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJhdGlv # bnMgTGltaXRlZDEmMCQGA1UECxMdVGhhbGVzIFRTUyBFU046QTI0MC00QjgyLTEz # MEUxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2WiIwoBATAH # BgUrDgMCGgMVAIBzlZM9TRND4PgtpLWQZkSPYVcJoIGDMIGApH4wfDELMAkGA1UE # BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc # BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0 # IFRpbWUtU3RhbXAgUENBIDIwMTAwDQYJKoZIhvcNAQEFBQACBQDmejOXMCIYDzIw # MjIwNzE0MTQxNzU5WhgPMjAyMjA3MTUxNDE3NTlaMHcwPQYKKwYBBAGEWQoEATEv # MC0wCgIFAOZ6M5cCAQAwCgIBAAICHcECAf8wBwIBAAICEUAwCgIFAOZ7hRcCAQAw # NgYKKwYBBAGEWQoEAjEoMCYwDAYKKwYBBAGEWQoDAqAKMAgCAQACAwehIKEKMAgC # AQACAwGGoDANBgkqhkiG9w0BAQUFAAOBgQCSjxiVUNk6wda68cCKMf4caLm9tiai # v744jgRGJ/lfcMCPj266H88rN2z1siPYy5DU11/Qs8MQHYRcQh76ObzAcBF3ai8F # zCZTTMIg28hhnb5lZtZ42Va38D/yNziJ32MkZnZPTmBoMtFr6wuP9Cnejxf88ZCr # 2uckReDbSjGNlTGCBA0wggQJAgEBMIGTMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQI # EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv # ZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBD # QSAyMDEwAhMzAAABjXpVLnh0mSq3AAEAAAGNMA0GCWCGSAFlAwQCAQUAoIIBSjAa # BgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcNAQkEMSIEIEoR40W0 # zDq2eOg4YrAnImHjJjAZkcvEQz0Si00qrzQgMIH6BgsqhkiG9w0BCRACLzGB6jCB # 5zCB5DCBvQQgnpYRM/odXkDAnzf2udL569W8cfGTgwVuenQ8ttIYzX8wgZgwgYCk # fjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQD # Ex1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAY16VS54dJkqtwAB # AAABjTAiBCACaxewZ9XEACpH+KKP4D/vBHTZuRtHyHIIHsxY0VkJgjANBgkqhkiG # 9w0BAQsFAASCAgBt0W6ejNZPqARY+jUWnfkfM32/StcDzWO0U3tpJ/mAM+mYyGil # Up/8ATyQ7PPw/V0md8Sh9Kkt+wDr7GuWez2tCAFlx8rxQiiqKrk4ViM4628GGJEE # Sc01p2/yUssrEPOaU7J4uatTsu7OXrKwSWtrSrGOtjyWdj6FVM4TW4bcsNbLLPqL # BtjMsh8W5oK4MzZTSi7C6nLgn8WdcBTOy3QwvwQuTBCwRljdrFk3QgwtngwwUC+O # dFkyLELTFAjqfPfywbzodGeDW87LCJNF3GcQYAUKkFFuSMcs/SopphwwasFSsSQK # GbYe8+DRQtMSqYh5nhxwMZ7HhGlMU5pxkCeUpZdXolxr7cjDcFMyDBn5M0UR9Flv # BDgkhMHHM5itl2cgG2PpLrKV1NQF4fHjq5qY6X3bdL3+f+DchGtq7NPhD7r47qem # m41Arwyc4HoNbwxdtiCEJ+C4jR9/HVFqTwzZA2kWYZUrenjEOct3YoxIXZHi9eCm # J4IwiCy8NoLpMrq55Z2zxcAvsaS7CnXXxdatO2vdfotZK9yEKrCSYibFsiCagYzc # 8ZbiH0zR5S/BO4ELjaLTuAQRj1XDJZ7++1TeEugriRFh5PHr5nXSP50yERnxq1kN # 4PCDGIQuHT2FN/RiLaOELTMJ2i1MraAIi4IwF88ifVgwTyKbCvaxwMXKtg== # SIG # End signature block |