Checks/check-ORCA118_4.ps1

using module "..\ORCA.psm1"

class ORCA118_4 : ORCACheck
{
    <#
     
        CONSTRUCTOR with Check Header Data
     
    #>


    ORCA118_4()
    {
        $this.Control="118-4"
        $this.Area="Transport Rules"
        $this.Name="Domain Whitelisting"
        $this.PassText="Your own domains are not being allow listed in an unsafe manner"
        $this.FailRecommendation="Remove allow listing on domains belonging to your organisation"
        $this.Importance="Emails coming from whitelisted domains bypass several layers of protection within Exchange Online Protection. When allow listing your own domains, an attacker can spoof any account in your organisation that has this domain. This is a significant phishing attack vector."
        $this.ExpandResults=$True
        $this.CheckType=[CheckType]::ObjectPropertyValue
        $this.ObjectType="Transport Rule"
        $this.ItemName="Condition"
        $this.DataType="Whitelisted Address"
        $this.ChiValue=[ORCACHI]::Critical
        $this.Links= @{
            "Exchange admin center in Exchange Online"="https://outlook.office365.com/ecp/"
            "Using Exchange Transport Rules (ETRs) to allow specific senders"="https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/create-safe-sender-lists-in-office-365#using-exchange-transport-rules-etrs-to-allow-specific-senders-recommended"
        }
    }

    <#
     
        RESULTS
     
    #>


    GetResults($Config)
    {
        $Check = "Transport Rule SCL"
    
        # Look through Transport Rule for an action SetSCL -1
    
        ForEach($TransportRule in $Config["TransportRules"]) 
        {
            If($TransportRule.SetSCL -eq "-1") 
            {
                #Rules that apply to the sender domain
                #From Address notmatch is to include if just domain name is value
                If($TransportRule.SenderDomainIs -ne $null -or ($TransportRule.FromAddressContainsWords -ne $null -and $TransportRule.FromAddressContainsWords -notmatch ".+@") -or ($TransportRule.FromAddressMatchesPatterns -ne $null -and $TransportRule.FromAddressMatchesPatterns -notmatch ".+@"))
                {
                    #Look for condition that checks auth results header and its value
                    If(($TransportRule.HeaderContainsMessageHeader -eq 'Authentication-Results' -and $TransportRule.HeaderContainsWords -ne $null) -or ($TransportRule.HeaderMatchesMessageHeader -like '*Authentication-Results*' -and $TransportRule.HeaderMatchesPatterns -ne $null)) 
                    {
                        # OK
                    }
                    #Look for exception that checks auth results header and its value
                    elseif(($TransportRule.ExceptIfHeaderContainsMessageHeader -eq 'Authentication-Results' -and $TransportRule.ExceptIfHeaderContainsWords -ne $null) -or ($TransportRule.ExceptIfHeaderMatchesMessageHeader -like '*Authentication-Results*' -and $TransportRule.ExceptIfHeaderMatchesPatterns -ne $null)) 
                    {
                        # OK
                    }
                    elseif($TransportRule.SenderIpRanges -ne $null) 
                    {
                        # OK
                    }
                    #Look for condition that checks for any other header and its value
                    else 
                    {

                        ForEach($RuleDomain in $($TransportRule.SenderDomainIs)) 
                        {

                            # Is this domain an organisation domain?
                            If(@($Config["AcceptedDomains"] | Where-Object {$_.Name -eq $RuleDomain}).Count -gt 0)
                            {

                                # Check objects
                                $ConfigObject = [ORCACheckConfig]::new()
                                $ConfigObject.Object=$($TransportRule.Name)
                                $ConfigObject.ConfigItem="From Domain"
                                $ConfigObject.ConfigData=$($RuleDomain)

                                if($TransportRule.State -eq "Disabled")
                                {
                                    $ConfigObject.InfoText = "This rule is marked as disabled, while this rule will not apply, it is being flagged incase of accidental enablement."
                                    $ConfigObject.SetResult([ORCAConfigLevel]::Informational,"Fail")
                                }
                                else 
                                {
                                    $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")
                                }

                                $this.AddConfig($ConfigObject)
                            }

                        }
                        ForEach($FromAddressContains in $($TransportRule.FromAddressContainsWords)) 
                        {

                            # Is this domain an organisation domain?
                            If(@($Config["AcceptedDomains"] | Where-Object {$_.Name -eq $FromAddressContains}).Count -gt 0)
                            {
                                # Check objects
                                $ConfigObject = [ORCACheckConfig]::new()
                                $ConfigObject.Object=$($TransportRule.Name)
                                $ConfigObject.ConfigItem="From Contains"
                                $ConfigObject."$($FromAddressContains)"

                                if($TransportRule.State -eq "Disabled")
                                {
                                    $ConfigObject.InfoText = "This rule is marked as disabled, while this rule will not apply, it is being flagged incase of accidental enablement."
                                    $ConfigObject.SetResult([ORCAConfigLevel]::Informational,"Fail")
                                }
                                else 
                                {
                                    $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail")
                                }

                                $this.AddConfig($ConfigObject)  

                            }

                        }
    
                    }
                }
            }
        }    

    }

}
# SIG # Begin signature block
# MIIl1wYJKoZIhvcNAQcCoIIlyDCCJcQCAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAwvSDi+oZZcLkZ
# 7r4mlBK5F6NyOFwi650aaq4mD3hCpaCCC6EwggUGMIID7qADAgECAhMzAAAE4xrK
# 0/aegtm7AAEAAATjMA0GCSqGSIb3DQEBCwUAMHkxCzAJBgNVBAYTAlVTMRMwEQYD
# VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy
# b3NvZnQgQ29ycG9yYXRpb24xIzAhBgNVBAMTGk1pY3Jvc29mdCBUZXN0aW5nIFBD
# QSAyMDEwMB4XDTIxMDkwMjE5MjYyOFoXDTIyMDkwMTE5MjYyOFowfDELMAkGA1UE
# BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc
# BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdQ29kZSBTaWdu
# IFRlc3QgKERPIE5PVCBUUlVTVCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
# AoIBAQDokaNBqvPFgH8yAnEicnWyLoQ58nf7j+B20b5uqsDq9EXWyt87+Wc9CCFh
# +9gxWx6wx+iRsO/yT8SZhxi/w00uxM5jDWnbAbSIMB2VrNnLGNOxAQj674zPskBs
# ecseXAMHA/+o5ujZOse4EorLmTfJ5f/Zzun8KVVwlSd1CVlj0hgk28xmTdLV7ZWw
# 0wV9e/0p/XOHSRUNWw8gFfIfzli3oVV4H/DzT2o1jD4HIt3QIX1kRRXVqleASUgD
# Z6/6JthrKti4xfyMdSUGyXuxEoe6zZ4EOXltaHw7hqZzH2Ufl3UxB6HmdxvG9BI4
# 3LVKq3pFO+Nj3NdMVkyptnjDJnGpAgMBAAGjggGCMIIBfjATBgNVHSUEDDAKBggr
# BgEFBQcDAzAdBgNVHQ4EFgQUPMsdBtvwLsgDf0B50WrJSL+NYrEwUAYDVR0RBEkw
# R6RFMEMxKTAnBgNVBAsTIE1pY3Jvc29mdCBPcGVyYXRpb25zIFB1ZXJ0byBSaWNv
# MRYwFAYDVQQFEw0yMzAwNzIrNDY3NjA2MB8GA1UdIwQYMBaAFL9loqtvdaNORZZX
# Bc85h/TAFRwcMFwGA1UdHwRVMFMwUaBPoE2GS2h0dHA6Ly93d3cubWljcm9zb2Z0
# LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUyMFRlc3RpbmclMjBQQ0ElMjAyMDEw
# KDEpLmNybDBpBggrBgEFBQcBAQRdMFswWQYIKwYBBQUHMAKGTWh0dHA6Ly93d3cu
# bWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwVGVzdGluZyUy
# MFBDQSUyMDIwMTAoMSkuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQAD
# ggEBAAylFduuUCCNS+ejRtNeqm7geSoNzl+E0wbGZi4W9+rqo972KaS338FB5Y5G
# 8PNqaN3RNqNaHra/zI97JaLYjrZ+iCmKMzROdVS5cR/WpAla36J/tpuVSvNwwvW1
# 5KHRv6PEzGQ7BQYU55cMTkUwNtRVbARMdjcFa3pbuIkioVsoFNVOZ4e8aOSPV+Vz
# PVmOU2xltmM/8IOgTSfFTCJhqY7d/vjqajXAXg2olbbJ2vX051uUuFfIyfo/5xJS
# uyWOUCZ1opzXHy5EwrkmdZs6orQtMy1akT6UYjl4x5VZsqiszDshDNjVgRUdR97M
# d7NxQZEScdZfoTf0byI8Cwtp8JIwggaTMIIEe6ADAgECAhMzAAAALTV6RojJB3HY
# AAAAAAAtMA0GCSqGSIb3DQEBCwUAMIGQMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
# V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0
# IENvcnBvcmF0aW9uMTowOAYDVQQDEzFNaWNyb3NvZnQgVGVzdGluZyBSb290IENl
# cnRpZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTIwMTIxMDIwNDMyMFoXDTM1MDYx
# NzIxMDQxMVoweTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAO
# BgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEj
# MCEGA1UEAxMaTWljcm9zb2Z0IFRlc3RpbmcgUENBIDIwMTAwggEiMA0GCSqGSIb3
# DQEBAQUAA4IBDwAwggEKAoIBAQC/PGCBq77s/9cXY/KmQtETYpywF866Rhp7Ii5V
# c5pUucbU0cqY/ndHDY6d8F7M+FTv8s8q1GLxqTQKBNfFBYbyEPVN05YIZoXbAn0Y
# 3OJ6I6eaKV2ueRjPDGPwGv+BqalDP6kLuVHxs0g6/EQuXxHFVjr/yg7NiAjB/cfV
# 9T7v6k4bcosjvUU3nh9wwafJuCBz7fNsPYshBc93Ev6h3AfpDVt4CWwyVRBH0DfI
# x/f6c/5GNORWFqg3ZFPWNfvDgLaOtoaRoRDWwUr243rUEQqy3i6eEJfgga4SXYgB
# XcykxChSnGDwCuaIr0vpV4rsow83Hin2XSHT19pdDslO241tAgMBAAGjggH6MIIB
# 9jAOBgNVHQ8BAf8EBAMCAYYwEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3
# FQIEFgQU6p9fM7bQX56t6y2mwQK7QDjL57UwHQYDVR0OBBYEFL9loqtvdaNORZZX
# Bc85h/TAFRwcMFQGA1UdIARNMEswSQYEVR0gADBBMD8GCCsGAQUFBwIBFjNodHRw
# Oi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9yeS5odG0w
# GQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV
# HSMEGDAWgBSjAQR+MIgz67kxnMrrhXZn/GW00TBZBgNVHR8EUjBQME6gTKBKhkho
# dHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNUZXNS
# b29DZXJBdXRfMjAxMC0wNi0xNy5jcmwwgY0GCCsGAQUFBwEBBIGAMH4wTQYIKwYB
# BQUHMAKGQWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljVGVz
# Um9vQ2VyQXV0XzIwMTAtMDYtMTcuY3J0MC0GCCsGAQUFBzABhiFodHRwOi8vb25l
# b2NzcC5taWNyb3NvZnQuY29tL29jc3AwDQYJKoZIhvcNAQELBQADggIBACe00IWy
# nswPpCpTc9Vt2tcxAMj2/2PI9gERtRiS2ty0+a8m6PxKeb3BZ7CIA3llzzU1BViO
# 4oMGlvW6fhJZUJvg8NU9nQnzu0bNh7104nfQRgZ6IhppK2QsuYs5gAzqgiciojBX
# IiTZIT+raUa3w6/Bxl682Y+RViOTqfImLkR29LpyI9GZb1tFZFPilZTxtkhAv3fw
# sTiUc5ACLGsBCJZ6zlLOnZTzkTSct1oOvnD8jbwn9nX7jNbU1qjWmtUI6quiyeg1
# R9V/WS+zB9bcVjaXU+IBinywbI7nsZrO1d0GgQ4FwMt519w+tr340t0QXfo2QTSD
# 711uiQVjsrGFQnxakyIKY3jKP0soUu9Bty0Ywklj0TAcWJ+bamBqJpp8oXUbLP42
# u4nMQSCnKwyj9/0BUFD+oJ09BAYRandAMhp5/i2z1BPH5GYMoIEMxMUuAWaaFu1R
# jQlaMuQqfuyjP8shwNSV7+nlOIUPhWF9mcBy9hAdd+6yWfKn7K6FbMBKcBA2c4g7
# p9zUkUjCQORwz6T9Oyl8BqPMeihIDBeSs5auNENXrAjRjMxUesTJDSFnk2chdsve
# WtOQ4+N/c0G7WdpI0RrJJ25K0NsVWNXdNegQ0SdmK6AkphLCaHOhgczWeCKk3ms1
# 2omIrm6SnoTwsPOLeXn/tdy0lBjf5mAcMmiyMYIZjDCCGYgCAQEwgZAweTELMAkG
# A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx
# HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEjMCEGA1UEAxMaTWljcm9z
# b2Z0IFRlc3RpbmcgUENBIDIwMTACEzMAAATjGsrT9p6C2bsAAQAABOMwDQYJYIZI
# AWUDBAIBBQCggbAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGC
# NwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIHMfEitq70+HhooD
# d61+PAh4Xi9YA514DZ4vnZYmlifDMEQGCisGAQQBgjcCAQwxNjA0oBSAEgBNAGkA
# YwByAG8AcwBvAGYAdKEcgBpodHRwczovL3d3dy5taWNyb3NvZnQuY29tIDANBgkq
# hkiG9w0BAQEFAASCAQBDcOsfsH0H17bmmrn36M2fSff25r2AoWSjgGoxYwH+2bg8
# dVy41veTvFeIqvULligB9ZmxLk1CkDs7veQ+RGPdQNZDN5ozBmx5rA79nkYhbMJ6
# 8sNqOUXaXCwSYeFgGZFHtEOuBd+cT0pIVsgcb4Bat+EDaB1T6AW/1KGPfmxtsPI9
# hyvrEYYGr1Zjla32C19XrHZTjDTsXu26G5TB/hmRqEyRsS29B9ZdKb20bKvKkUKx
# iAF4Z6w15tFt6sN9kCH/o+SqwYbfYtaKuhnt0kl9UstoMvpGdnMbE5xRXWFrTUn6
# E7HGBQWrwh1Jb26T7jhUIVLs4poYjjeUZ67ZsgTxoYIXGTCCFxUGCisGAQQBgjcD
# AwExghcFMIIXAQYJKoZIhvcNAQcCoIIW8jCCFu4CAQMxDzANBglghkgBZQMEAgEF
# ADCCAVkGCyqGSIb3DQEJEAEEoIIBSASCAUQwggFAAgEBBgorBgEEAYRZCgMBMDEw
# DQYJYIZIAWUDBAIBBQAEIDhiGXSa5M2inXTH5hEuVoDWjIjq+wwcunhq7Kt0Ex34
# AgZiu0Ze2hAYEzIwMjIwNzE0MDkyNjEwLjg5OVowBIACAfSggdikgdUwgdIxCzAJ
# BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25k
# MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xLTArBgNVBAsTJE1pY3Jv
# c29mdCBJcmVsYW5kIE9wZXJhdGlvbnMgTGltaXRlZDEmMCQGA1UECxMdVGhhbGVz
# IFRTUyBFU046QTI0MC00QjgyLTEzMEUxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1l
# LVN0YW1wIFNlcnZpY2WgghFoMIIHFDCCBPygAwIBAgITMwAAAY16VS54dJkqtwAB
# AAABjTANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz
# aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv
# cnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAx
# MDAeFw0yMTEwMjgxOTI3NDVaFw0yMzAxMjYxOTI3NDVaMIHSMQswCQYDVQQGEwJV
# UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE
# ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJl
# bGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJjAkBgNVBAsTHVRoYWxlcyBUU1MgRVNO
# OkEyNDAtNEI4Mi0xMzBFMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBT
# ZXJ2aWNlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2jRILZg+O6U7
# dLcuwBPMB+0tJUz0wHLqJ5f7KJXQsTzWToADUMYV4xVZnp9mPTWojUJ/l3O4Xqeg
# LDNduFAObcitrLyY5HDsxAfUG1/2YilcSkSP6CcMqWfsSwULGX5zlsVKHJ7tvwg2
# 6y6eLklUdFMpiq294T4uJQdXd5O7mFy0vVkaGPGxNWLbZxKNzqKtFnWQ7jMtZ05X
# vafkIWZrNTFv8GGpAlHtRsZ1A8KDo6IDSGVNZZXbQs+fOwMOGp/Bzod8f1YI8Gb2
# oN/mx2ccvdGr9la55QZeVsM7LfTaEPQxbgAcLgWDlIPcmTzcBksEzLOQsSpBzsqP
# aWI9ykVw5ofmrkFKMbpQT5EMki2suJoVM5xGgdZWnt/tz00xubPSKFi4B4IMFUB9
# mcANUq9cHaLsHbDJ+AUsVO0qnVjwzXPYJeR7C/B8X0Ul6UkIdplZmncQZSBK3yZQ
# y+oGsuJKXFAq3BlxT6kDuhYYvO7itLrPeY0knut1rKkxom+ui6vCdthCfnAiykny
# RC2lknqzz8x1mDkQ5Q6Ox9p6/lduFupSJMtgsCPN9fIvrfppMDFIvRoULsHOdLJj
# rRli8co5M+vZmf20oTxYuXzM0tbRurEJycB5ZMbwznsFHymOkgyx8OeFnXV3car4
# 5uejI1B1iqUDbeSNxnvczuOhcpzwackCAwEAAaOCATYwggEyMB0GA1UdDgQWBBR4
# zJFuh59GwpTuSju4STcflihmkzAfBgNVHSMEGDAWgBSfpxVdAF5iXYP05dJlpxtT
# NRnpcjBfBgNVHR8EWDBWMFSgUqBQhk5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20v
# cGtpb3BzL2NybC9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENBJTIwMjAxMCgx
# KS5jcmwwbAYIKwYBBQUHAQEEYDBeMFwGCCsGAQUFBzAChlBodHRwOi8vd3d3Lm1p
# Y3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAl
# MjBQQ0ElMjAyMDEwKDEpLmNydDAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsG
# AQUFBwMIMA0GCSqGSIb3DQEBCwUAA4ICAQA1r3Oz0lEq3VvpdFlh3YBxc4hnYkAL
# yYPDa9FO4XgqwkBm8Lsb+lK3tbGGgpi6QJbK3iM3BK0ObBcwRaJVCxGLGtr6Jz9h
# RumRyF8o4n2y3YiKv4olBxNjFShSGc9E29JmVjBmLgmfjRqPc/2rD25q4ow4uA3r
# c9ekiaufgGhcSAdek/l+kASbzohOt/5z2+IlgT4e3auSUzt2GAKfKZB02ZDGWKKe
# CY3pELj1tuh6yfrOJPPInO4ZZLW3vgKavtL8e6FJZyJoDFMewJ59oEL+AK3e2M2I
# 4IFE9n6LVS8bS9UbMUMvrAlXN5ZM2I8GdHB9TbfI17Wm/9Uf4qu588PJN7vCJj9s
# +KxZqXc5sGScLgqiPqIbbNTE+/AEZ/eTixc9YLgTyMqakZI59wGqjrONQSY7u0VE
# DkEE6ikz+FSFRKKzpySb0WTgMvWxsLvbnN8ACmISPnBHYZoGssPAL7foGGKFLdAB
# TQC2PX19WjrfyrshHdiqSlCspqIGBTxRaHtyPMro3B/26gPfCl3MC3rC3NGq4xGn
# IHDZGSizUmGg8TkQAloVdU5dJ1v910gjxaxaUraGhP8IttE0RWnU5XRp/sGaNmDc
# MwbyHuSpaFsn3Q21OzitP4BnN5tprHangAC7joe4zmLnmRnAiUc9sRqQ2bmsMAvU
# psO8nlOFmiM1LzCCB3EwggVZoAMCAQICEzMAAAAVxedrngKbSZkAAAAAABUwDQYJ
# KoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u
# MRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRp
# b24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0
# eSAyMDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4MzIyNVowfDELMAkGA1UE
# BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc
# BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0
# IFRpbWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
# AoICAQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qlsTnXIyjVX9gF/bErg4r25
# PhdgM/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLAEBjoYH1qUoNEt6aORmsH
# FPPFdvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrEqv1yaa8dq6z2Nr41JmTa
# mDu6GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyFVk3v3byNpOORj7I5LFGc
# 6XBpDco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1oO5pGve2krnopN6zL64NF
# 50ZuyjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg3viSkR4dPf0gz3N9QZpG
# dc3EXzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2TPYrbqgSUei/BQOj0XOm
# TTd0lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07BMzlMjgK8QmguEOqEUUbi
# 0b1qGFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJNmSLW6CmgyFdXzB0kZSU
# 2LlQ+QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6r1AFemzFER1y7435UsSF
# F5PAPBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+auIurQIDAQABo4IB3TCC
# AdkwEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIEFgQUKqdS/mTEmr6C
# kTxGNSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMFwGA1Ud
# IARVMFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cu
# bWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0bTATBgNVHSUE
# DDAKBggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8E
# BAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV9lbLj+iiXGJo0T2U
# kFvXzpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLm1pY3Jvc29mdC5j
# b20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcmww
# WgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8vd3d3Lm1pY3Jvc29m
# dC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNydDANBgkq
# hkiG9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL/Klv6lwUtj5OR2R4sQaT
# lz0xM7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu6WZnOlNN3Zi6th542DYu
# nKmCVgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5tggz1bSNU5HhTdSRXud2f
# 8449xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfgQJY4rPf5KYnDvBewVIVC
# s/wMnosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8sCXgU6ZGyqVvfSaN0DLzs
# kYDSPeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCrdTDFNLB62FD+CljdQDzH
# VG2dY3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZc9d/HltEAY5aGZFrDZ+k
# KNxnGSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2tVdUCbFpAUR+fKFhbHP+
# CrvsQWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8CwYKiexcdFYmNcP7ntdAo
# GokLjzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9JZTmdHRbatGePu1+oDEz
# fbzL6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDBcQZqELQdVTNYs6FwZvKh
# ggLXMIICQAIBATCCAQChgdikgdUwgdIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpX
# YXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQg
# Q29ycG9yYXRpb24xLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJhdGlv
# bnMgTGltaXRlZDEmMCQGA1UECxMdVGhhbGVzIFRTUyBFU046QTI0MC00QjgyLTEz
# MEUxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2WiIwoBATAH
# BgUrDgMCGgMVAIBzlZM9TRND4PgtpLWQZkSPYVcJoIGDMIGApH4wfDELMAkGA1UE
# BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc
# BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0
# IFRpbWUtU3RhbXAgUENBIDIwMTAwDQYJKoZIhvcNAQEFBQACBQDmejOXMCIYDzIw
# MjIwNzE0MTQxNzU5WhgPMjAyMjA3MTUxNDE3NTlaMHcwPQYKKwYBBAGEWQoEATEv
# MC0wCgIFAOZ6M5cCAQAwCgIBAAICHcECAf8wBwIBAAICEUAwCgIFAOZ7hRcCAQAw
# NgYKKwYBBAGEWQoEAjEoMCYwDAYKKwYBBAGEWQoDAqAKMAgCAQACAwehIKEKMAgC
# AQACAwGGoDANBgkqhkiG9w0BAQUFAAOBgQCSjxiVUNk6wda68cCKMf4caLm9tiai
# v744jgRGJ/lfcMCPj266H88rN2z1siPYy5DU11/Qs8MQHYRcQh76ObzAcBF3ai8F
# zCZTTMIg28hhnb5lZtZ42Va38D/yNziJ32MkZnZPTmBoMtFr6wuP9Cnejxf88ZCr
# 2uckReDbSjGNlTGCBA0wggQJAgEBMIGTMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv
# ZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBD
# QSAyMDEwAhMzAAABjXpVLnh0mSq3AAEAAAGNMA0GCWCGSAFlAwQCAQUAoIIBSjAa
# BgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcNAQkEMSIEIEoR40W0
# zDq2eOg4YrAnImHjJjAZkcvEQz0Si00qrzQgMIH6BgsqhkiG9w0BCRACLzGB6jCB
# 5zCB5DCBvQQgnpYRM/odXkDAnzf2udL569W8cfGTgwVuenQ8ttIYzX8wgZgwgYCk
# fjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH
# UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQD
# Ex1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAY16VS54dJkqtwAB
# AAABjTAiBCACaxewZ9XEACpH+KKP4D/vBHTZuRtHyHIIHsxY0VkJgjANBgkqhkiG
# 9w0BAQsFAASCAgBt0W6ejNZPqARY+jUWnfkfM32/StcDzWO0U3tpJ/mAM+mYyGil
# Up/8ATyQ7PPw/V0md8Sh9Kkt+wDr7GuWez2tCAFlx8rxQiiqKrk4ViM4628GGJEE
# Sc01p2/yUssrEPOaU7J4uatTsu7OXrKwSWtrSrGOtjyWdj6FVM4TW4bcsNbLLPqL
# BtjMsh8W5oK4MzZTSi7C6nLgn8WdcBTOy3QwvwQuTBCwRljdrFk3QgwtngwwUC+O
# dFkyLELTFAjqfPfywbzodGeDW87LCJNF3GcQYAUKkFFuSMcs/SopphwwasFSsSQK
# GbYe8+DRQtMSqYh5nhxwMZ7HhGlMU5pxkCeUpZdXolxr7cjDcFMyDBn5M0UR9Flv
# BDgkhMHHM5itl2cgG2PpLrKV1NQF4fHjq5qY6X3bdL3+f+DchGtq7NPhD7r47qem
# m41Arwyc4HoNbwxdtiCEJ+C4jR9/HVFqTwzZA2kWYZUrenjEOct3YoxIXZHi9eCm
# J4IwiCy8NoLpMrq55Z2zxcAvsaS7CnXXxdatO2vdfotZK9yEKrCSYibFsiCagYzc
# 8ZbiH0zR5S/BO4ELjaLTuAQRj1XDJZ7++1TeEugriRFh5PHr5nXSP50yERnxq1kN
# 4PCDGIQuHT2FN/RiLaOELTMJ2i1MraAIi4IwF88ifVgwTyKbCvaxwMXKtg==
# SIG # End signature block