Checks/check-ORCA118_4.ps1
|
using module "..\ORCA.psm1" class ORCA118_4 : ORCACheck { <# CONSTRUCTOR with Check Header Data #> ORCA118_4() { $this.Control="118-4" $this.Area="Transport Rules" $this.Name="Domain Whitelisting" $this.PassText="Your own domains are not being allow listed in an unsafe manner" $this.FailRecommendation="Remove allow listing on domains belonging to your organisation" $this.Importance="Emails coming from whitelisted domains bypass several layers of protection within Exchange Online Protection. When allow listing your own domains, an attacker can spoof any account in your organisation that has this domain. This is a significant phishing attack vector." $this.ExpandResults=$True $this.CheckType=[CheckType]::ObjectPropertyValue $this.ObjectType="Transport Rule" $this.ItemName="Condition" $this.DataType="Whitelisted Address" $this.ChiValue=[ORCACHI]::Critical $this.Links= @{ "Exchange admin center in Exchange Online"="https://outlook.office365.com/ecp/" "Using Exchange Transport Rules (ETRs) to allow specific senders"="https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/create-safe-sender-lists-in-office-365#using-exchange-transport-rules-etrs-to-allow-specific-senders-recommended" } } <# RESULTS #> GetResults($Config) { $Check = "Transport Rule SCL" # Look through Transport Rule for an action SetSCL -1 ForEach($TransportRule in $Config["TransportRules"]) { If($TransportRule.SetSCL -eq "-1") { #Rules that apply to the sender domain #From Address notmatch is to include if just domain name is value If($TransportRule.SenderDomainIs -ne $null -or ($TransportRule.FromAddressContainsWords -ne $null -and $TransportRule.FromAddressContainsWords -notmatch ".+@") -or ($TransportRule.FromAddressMatchesPatterns -ne $null -and $TransportRule.FromAddressMatchesPatterns -notmatch ".+@")) { #Look for condition that checks auth results header and its value If(($TransportRule.HeaderContainsMessageHeader -eq 'Authentication-Results' -and $TransportRule.HeaderContainsWords -ne $null) -or ($TransportRule.HeaderMatchesMessageHeader -like '*Authentication-Results*' -and $TransportRule.HeaderMatchesPatterns -ne $null)) { # OK } #Look for exception that checks auth results header and its value elseif(($TransportRule.ExceptIfHeaderContainsMessageHeader -eq 'Authentication-Results' -and $TransportRule.ExceptIfHeaderContainsWords -ne $null) -or ($TransportRule.ExceptIfHeaderMatchesMessageHeader -like '*Authentication-Results*' -and $TransportRule.ExceptIfHeaderMatchesPatterns -ne $null)) { # OK } elseif($TransportRule.SenderIpRanges -ne $null) { # OK } #Look for condition that checks for any other header and its value else { ForEach($RuleDomain in $($TransportRule.SenderDomainIs)) { # Is this domain an organisation domain? If(@($Config["AcceptedDomains"] | Where-Object {$_.Name -eq $RuleDomain}).Count -gt 0) { # Check objects $ConfigObject = [ORCACheckConfig]::new() $ConfigObject.Object=$($TransportRule.Name) $ConfigObject.ConfigItem="From Domain" $ConfigObject.ConfigData=$($RuleDomain) $ConfigObject.ConfigDisabled=$($TransportRule.State -eq "Disabled") $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail") $this.AddConfig($ConfigObject) } } ForEach($FromAddressContains in $($TransportRule.FromAddressContainsWords)) { # Is this domain an organisation domain? If(@($Config["AcceptedDomains"] | Where-Object {$_.Name -eq $FromAddressContains}).Count -gt 0) { # Check objects $ConfigObject = [ORCACheckConfig]::new() $ConfigObject.Object=$($TransportRule.Name) $ConfigObject.ConfigItem="From Contains" $ConfigObject.ConfigDisabled=$($TransportRule.State -eq "Disabled") $ConfigObject."$($FromAddressContains)" $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail") $this.AddConfig($ConfigObject) } } } } } } } } # SIG # Begin signature block # MIIlsAYJKoZIhvcNAQcCoIIloTCCJZ0CAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCuA5uzIbvQRcYO # pdn4onqXZTpuePsYhX7u2JZCKbyeh6CCC5YwggT7MIID46ADAgECAhMzAAAFqa00 # npLOQgZDAAEAAAWpMA0GCSqGSIb3DQEBCwUAMHkxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xIzAhBgNVBAMTGk1pY3Jvc29mdCBUZXN0aW5nIFBD # QSAyMDEwMB4XDTIzMDMxNjE4NTkyN1oXDTI0MDMxNDE4NTkyN1owfDELMAkGA1UE # BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc # BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdQ29kZSBTaWdu # IFRlc3QgKERPIE5PVCBUUlVTVCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK # AoIBAQCbPZMZ96mQ6KefXZagBUXbFuKwTQWwCFtvZDWAC2UeQ4xDP5m1exO2kbDh # zldjWMn4HO+r4TRYs5pGB4i4JM1BWQb3LWPKaEXOtN84b8fTtD9Utf/msNh0IDbX # CPMb8wVv2Vb3FuEdpXBC7UztdptBhoBVnKzIKooNM4mcaf9qQYdz+GdIhTwzKP7j # 68WxdNKDXPsvM8zbO6kKtLxLd3e+HrOn6Vs634SYjba8xCaQyWA+whs9R6M92dU2 # HLhMxz2Sd7KPIz6RasjVqzX7oyL/ogYIvlZOnZA/yZ+P8HeNAHlUGjeoIh7QVVIu # Q9Y3BNXx2OFxKwX3RYnsn5r6+usTAgMBAAGjggF3MIIBczATBgNVHSUEDDAKBggr # BgEFBQcDAzAdBgNVHQ4EFgQUFfx0k/csoohO22mMZZXD+qHMO7gwRQYDVR0RBD4w # PKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEWMBQGA1UEBRMN # MjMwMDcyKzUwMDUwNDAfBgNVHSMEGDAWgBS/ZaKrb3WjTkWWVwXPOYf0wBUcHDBc # BgNVHR8EVTBTMFGgT6BNhktodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3Bz # L2NybC9NaWNyb3NvZnQlMjBUZXN0aW5nJTIwUENBJTIwMjAxMCgxKS5jcmwwaQYI # KwYBBQUHAQEEXTBbMFkGCCsGAQUFBzAChk1odHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NlcnRzL01pY3Jvc29mdCUyMFRlc3RpbmclMjBQQ0ElMjAyMDEw # KDEpLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAxZjLCOUiW # BLK3zCqmJhsLMiFt3vignHOD909KV6a8D2aKWsbk45IC2djh8dfJG5sQzsZ6PMNu # 0zQtRw8Wef2Ii0k+3vAf1VOwkkw369d54MuFs7+E2c+8puQYXGF4Hug/98j5UhX5 # QRBwmYONzurrF8pCoxt2dKW/Hx9VdXXa3Gqvk8XsQjpXkpqCYh/GH8eTHGtul3dt # PIUgEzvL1t4FXwo2yv2hzCw4wEgiII4yYT59WekAnohy7bvA+J6a8csw9KGvf2/z # 5AhNLxVJ07Ga6OJkMDsWZWq2wNlHXiSR8QC2x2aczoFpGRzgBJTkuBYR5rS/hJjp # Q/4wZN/cj8e4MIIGkzCCBHugAwIBAgITMwAAAC01ekaIyQdx2AAAAAAALTANBgkq # hkiG9w0BAQsFADCBkDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjE6MDgGA1UEAxMxTWljcm9zb2Z0IFRlc3RpbmcgUm9vdCBDZXJ0aWZpY2F0ZSBB # dXRob3JpdHkgMjAxMDAeFw0yMDEyMTAyMDQzMjBaFw0zNTA2MTcyMTA0MTFaMHkx # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xIzAhBgNVBAMTGk1p # Y3Jvc29mdCBUZXN0aW5nIFBDQSAyMDEwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A # MIIBCgKCAQEAvzxggau+7P/XF2PypkLRE2KcsBfOukYaeyIuVXOaVLnG1NHKmP53 # Rw2OnfBezPhU7/LPKtRi8ak0CgTXxQWG8hD1TdOWCGaF2wJ9GNzieiOnmildrnkY # zwxj8Br/gampQz+pC7lR8bNIOvxELl8RxVY6/8oOzYgIwf3H1fU+7+pOG3KLI71F # N54fcMGnybggc+3zbD2LIQXPdxL+odwH6Q1beAlsMlUQR9A3yMf3+nP+RjTkVhao # N2RT1jX7w4C2jraGkaEQ1sFK9uN61BEKst4unhCX4IGuEl2IAV3MpMQoUpxg8Arm # iK9L6VeK7KMPNx4p9l0h09faXQ7JTtuNbQIDAQABo4IB+jCCAfYwDgYDVR0PAQH/ # BAQDAgGGMBIGCSsGAQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUCBBYEFOqfXzO2 # 0F+erestpsECu0A4y+e1MB0GA1UdDgQWBBS/ZaKrb3WjTkWWVwXPOYf0wBUcHDBU # BgNVHSAETTBLMEkGBFUdIAAwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNy # b3NvZnQuY29tL3BraW9wcy9Eb2NzL1JlcG9zaXRvcnkuaHRtMBkGCSsGAQQBgjcU # AgQMHgoAUwB1AGIAQwBBMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUowEE # fjCIM+u5MZzK64V2Z/xltNEwWQYDVR0fBFIwUDBOoEygSoZIaHR0cDovL2NybC5t # aWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljVGVzUm9vQ2VyQXV0XzIw # MTAtMDYtMTcuY3JsMIGNBggrBgEFBQcBAQSBgDB+ME0GCCsGAQUFBzAChkFodHRw # Oi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Rlc1Jvb0NlckF1dF8y # MDEwLTA2LTE3LmNydDAtBggrBgEFBQcwAYYhaHR0cDovL29uZW9jc3AubWljcm9z # b2Z0LmNvbS9vY3NwMA0GCSqGSIb3DQEBCwUAA4ICAQAntNCFsp7MD6QqU3PVbdrX # MQDI9v9jyPYBEbUYktrctPmvJuj8Snm9wWewiAN5Zc81NQVYjuKDBpb1un4SWVCb # 4PDVPZ0J87tGzYe9dOJ30EYGeiIaaStkLLmLOYAM6oInIqIwVyIk2SE/q2lGt8Ov # wcZevNmPkVYjk6nyJi5EdvS6ciPRmW9bRWRT4pWU8bZIQL938LE4lHOQAixrAQiW # es5Szp2U85E0nLdaDr5w/I28J/Z1+4zW1Nao1prVCOqrosnoNUfVf1kvswfW3FY2 # l1PiAYp8sGyO57GaztXdBoEOBcDLedfcPra9+NLdEF36NkE0g+9dbokFY7KxhUJ8 # WpMiCmN4yj9LKFLvQbctGMJJY9EwHFifm2pgaiaafKF1Gyz+NruJzEEgpysMo/f9 # AVBQ/qCdPQQGEWp3QDIaef4ts9QTx+RmDKCBDMTFLgFmmhbtUY0JWjLkKn7soz/L # IcDUle/p5TiFD4VhfZnAcvYQHXfuslnyp+yuhWzASnAQNnOIO6fc1JFIwkDkcM+k # /TspfAajzHooSAwXkrOWrjRDV6wI0YzMVHrEyQ0hZ5NnIXbL3lrTkOPjf3NBu1na # SNEaySduStDbFVjV3TXoENEnZiugJKYSwmhzoYHM1ngipN5rNdqJiK5ukp6E8LDz # i3l5/7XctJQY3+ZgHDJosjGCGXAwghlsAgEBMIGQMHkxCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xIzAhBgNVBAMTGk1pY3Jvc29mdCBUZXN0aW5n # IFBDQSAyMDEwAhMzAAAFqa00npLOQgZDAAEAAAWpMA0GCWCGSAFlAwQCAQUAoIGw # MBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsxDjAMBgor # BgEEAYI3AgEVMC8GCSqGSIb3DQEJBDEiBCAcR+ED2eDdJKLW+hw1cdIaAkeSSftL # XNnQ6bErPzxyojBEBgorBgEEAYI3AgEMMTYwNKAUgBIATQBpAGMAcgBvAHMAbwBm # AHShHIAaaHR0cHM6Ly93d3cubWljcm9zb2Z0LmNvbSAwDQYJKoZIhvcNAQEBBQAE # ggEAX8KomwRkLT12bRfrLzU7Dv+wGhiojuiEG7u1rGeqk/IbWUlrZ4ywT3YevCit # jCyFuTwsB63641v2gv6Mc3K/pKuBk6xsaaIMAazTOrEMzk8gZL46KsUfC6UgH8fT # H/jn9ME5irnVPt6wk4zp8majs2eC7OFGNlJjb6qtTk1AXEqLx4zlSi+gn31AgwXq # eYb2OU6UcrOaznqlhg29W+OzbL8Dv4qpblPu8q4uV+IKlANhHcf/CmzfzVdemDK9 # HtlyQcovyjO1F2ugcJ45StAxRMWUeN5CEWBmfH/Xb+UCgfICfjb0Af0WT7sbOD37 # mXJx98mmpGXz9T8Ike1RjECzfKGCFv0wghb5BgorBgEEAYI3AwMBMYIW6TCCFuUG # CSqGSIb3DQEHAqCCFtYwghbSAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFRBgsqhkiG # 9w0BCRABBKCCAUAEggE8MIIBOAIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFlAwQC # AQUABCDQD4Rnul15miCXlbwHnk8Zd5KDB564Stv+ItFyUHTOGgIGZGzYguBjGBMy # MDIzMDYwNTA4MDU0OC4xMDlaMASAAgH0oIHQpIHNMIHKMQswCQYDVQQGEwJVUzET # MBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMV # TWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1lcmlj # YSBPcGVyYXRpb25zMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjpBRTJDLUUzMkIt # MUFGQzElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZaCCEVQw # ggcMMIIE9KADAgECAhMzAAABv99uuQQVUihYAAEAAAG/MA0GCSqGSIb3DQEBCwUA # MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS # ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMT # HU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMB4XDTIyMTEwNDE5MDEyNFoX # DTI0MDIwMjE5MDEyNFowgcoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5n # dG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9y # YXRpb24xJTAjBgNVBAsTHE1pY3Jvc29mdCBBbWVyaWNhIE9wZXJhdGlvbnMxJjAk # BgNVBAsTHVRoYWxlcyBUU1MgRVNOOkFFMkMtRTMyQi0xQUZDMSUwIwYDVQQDExxN # aWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNlMIICIjANBgkqhkiG9w0BAQEFAAOC # Ag8AMIICCgKCAgEAuExh0n1UxKMzBvkPHer47nryD4UK2GVy1X6bOVC+hLVhDlsI # WQ1uX/9a8IRI3zXo/y1oTDuj+rJHyX4OZQn42E0iu7x6swPvM34zIOSPn8lgnWzG # EAsRtz9zBrLW9+4w/YhWlXI8hvc7ovqupuL3TXte8BbmNOUDSL+Ou2bBfObGzsH3 # yY/BELvqwO13KZ9Z1OxKacnqq1u9E9Rhai90STog22lR2MVRSx55FHi/emnZA/IK # vsAtEH2K6JmgOyQ7/mDQrWNEA5roUjhQqLQw1/3wz/CIvc9+FPxX2dxR0nvvYe5V # Lqv8Q99cOkO6z6V4stGDyFDuO8CwtiSvCC3QrOOugAl33aPD9YZswywWRk+YGyLI # +Fw+kCCUY6h1qOjTj5glz0esmds3ue45WaI2hI9usForM8gy//5tDZXj0KKU1BxA # 04xpfEy91RZUbc6pdAvEkpYrN2jlpXhMvTD7pgdYyxkVSaWZv7kWp5y9NjWP/CTD # GXTC6DWiGcXwPQO66QdVNWxuiGdpfPaEUnWXcKnDVua1khBAxO4m9wg/1qM6f7Hw # Xf/pHifMej+qB7SUZOiJScX+1HmffmZRAFiJXS0qUDk0ZAZW3oX2xLyl0044eHI7 # Y95GPaw8OlSTeNiNAKl+MyH5OaifsUuyVHOf4rsrE+ZyAuS9e9ERqu5H/10CAwEA # AaOCATYwggEyMB0GA1UdDgQWBBRVAolUT3eV3wK/+Luf/wawCPMYpzAfBgNVHSME # GDAWgBSfpxVdAF5iXYP05dJlpxtTNRnpcjBfBgNVHR8EWDBWMFSgUqBQhk5odHRw # Oi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBUaW1l # LVN0YW1wJTIwUENBJTIwMjAxMCgxKS5jcmwwbAYIKwYBBQUHAQEEYDBeMFwGCCsG # AQUFBzAChlBodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01p # Y3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNydDAMBgNVHRMB # Af8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMIMA0GCSqGSIb3DQEBCwUAA4ICAQAj # CREvjT6yXwJYdvkFUqTGGh6RizAY+ciuB6UOBUm0yqq5QC+5pCEa9WSMvbUGzxDC # EFBgD93gWGnkiyYcHCazlgZK+E7WxtI3bP++Fb4RJZiWLo/IC9hX12hCZZwYXIGV # zC9BVAcNx/zsFqI/9u8u/bhGjDHPad47C4OQNCHrkNqzGYxb4GQq6Psw6o7cEty3 # MU3Jd4uzBazaFhPRvmBfSn+Ufd6pTNZLgIX9BjrLmZblc/d2LIAurEr5W29WfW5R # MRIEZzO9TaMr/zzdmW/cV6VdaDTygy5g4O3UXadt1DraUpn5jcD10TVWNnyz/pae # leHojrGCCksqexpelMkUsiYP0HX9pFUgNglWU10r1wEzFwZM9aX2Rqq3fFRrN3gu # 8tCX+H1nKK2AobW1vmsKLTH6PyX1LkyvRwTj45a1paeHIR8TGzm3+iY7wpC1MHuz # qAqAdDeaIVdVlch807VJJ4hDive6AiOQCV9MwiUyhf5v4P8jTGof8CqjDb3PnLlN # SnFm2BFhMZ35oNTEosc37GZHScM83hTN1E481sLYJrrhhcdtcyNB60juMjqGUD6u # Q/7DbMvtv93tFj5WjxVhMCkkY66EEYgpfFLOCb2ngJJWFuJCIGsCiDfDxGwE4RVY # AnoFzoa2OfSqijYg2drdZfpptRRvKxMsAzu3oxkS/TCCB3EwggVZoAMCAQICEzMA # AAAVxedrngKbSZkAAAAAABUwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVT # MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQK # ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290 # IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMw # MDkzMDE4MzIyNVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwggIiMA0G # CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDk4aZM57RyIQt5osvXJHm9DtWC0/3u # nAcH0qlsTnXIyjVX9gF/bErg4r25PhdgM/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1 # jRPPdzLAEBjoYH1qUoNEt6aORmsHFPPFdvWGUNzBRMhxXFExN6AKOG6N7dcP2CZT # fDlhAnrEqv1yaa8dq6z2Nr41JmTamDu6GnszrYBbfowQHJ1S/rboYiXcag/PXfT+ # jlPP1uyFVk3v3byNpOORj7I5LFGc6XBpDco2LXCOMcg1KL3jtIckw+DJj361VI/c # +gVVmG1oO5pGve2krnopN6zL64NF50ZuyjLVwIYwXE8s4mKyzbnijYjklqwBSru+ # cakXW2dg3viSkR4dPf0gz3N9QZpGdc3EXzTdEonW/aUgfX782Z5F37ZyL9t9X4C6 # 26p+Nuw2TPYrbqgSUei/BQOj0XOmTTd0lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV # 2HM9Q07BMzlMjgK8QmguEOqEUUbi0b1qGFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoS # CtdjbwzJNmSLW6CmgyFdXzB0kZSU2LlQ+QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxS # UV0S2yW6r1AFemzFER1y7435UsSFF5PAPBXbGjfHCBUYP3irRbb1Hode2o+eFnJp # xq57t7c+auIurQIDAQABo4IB3TCCAdkwEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkr # BgEEAYI3FQIEFgQUKqdS/mTEmr6CkTxGNSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0A # XmJdg/Tl0mWnG1M1GelyMFwGA1UdIARVMFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYI # KwYBBQUHAgEWM2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9S # ZXBvc2l0b3J5Lmh0bTATBgNVHSUEDDAKBggrBgEFBQcDCDAZBgkrBgEEAYI3FAIE # DB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNV # HSMEGDAWgBTV9lbLj+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBNMEugSaBHhkVo # dHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29D # ZXJBdXRfMjAxMC0wNi0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAC # hj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1 # dF8yMDEwLTA2LTIzLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwEx # JFvhnnJL/Klv6lwUtj5OR2R4sQaTlz0xM7U518JxNj/aZGx80HU5bbsPMeTCj/ts # 0aGUGCLu6WZnOlNN3Zi6th542DYunKmCVgADsAW+iehp4LoJ7nvfam++Kctu2D9I # dQHZGN5tggz1bSNU5HhTdSRXud2f8449xvNo32X2pFaq95W2KFUn0CS9QKC/GbYS # EhFdPSfgQJY4rPf5KYnDvBewVIVCs/wMnosZiefwC2qBwoEZQhlSdYo2wh3DYXMu # LGt7bj8sCXgU6ZGyqVvfSaN0DLzskYDSPeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT9 # 9kxybxCrdTDFNLB62FD+CljdQDzHVG2dY3RILLFORy3BFARxv2T5JL5zbcqOCb2z # AVdJVGTZc9d/HltEAY5aGZFrDZ+kKNxnGSgkujhLmm77IVRrakURR6nxt67I6Ile # T53S0Ex2tVdUCbFpAUR+fKFhbHP+CrvsQWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6l # MVGEvL8CwYKiexcdFYmNcP7ntdAoGokLjzbaukz5m/8K6TT4JDVnK+ANuOaMmdbh # IurwJ0I9JZTmdHRbatGePu1+oDEzfbzL6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3u # gm2lBRDBcQZqELQdVTNYs6FwZvKhggLLMIICNAIBATCB+KGB0KSBzTCByjELMAkG # A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx # HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMGA1UECxMcTWljcm9z # b2Z0IEFtZXJpY2EgT3BlcmF0aW9uczEmMCQGA1UECxMdVGhhbGVzIFRTUyBFU046 # QUUyQy1FMzJCLTFBRkMxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNl # cnZpY2WiIwoBATAHBgUrDgMCGgMVADgEd+JNrp4dpvFKMZi91txbfic3oIGDMIGA # pH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT # B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UE # AxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwDQYJKoZIhvcNAQEFBQAC # BQDoJ9FZMCIYDzIwMjMwNjA1MTExMzI5WhgPMjAyMzA2MDYxMTEzMjlaMHQwOgYK # KwYBBAGEWQoEATEsMCowCgIFAOgn0VkCAQAwBwIBAAICE1UwBwIBAAICEfwwCgIF # AOgpItkCAQAwNgYKKwYBBAGEWQoEAjEoMCYwDAYKKwYBBAGEWQoDAqAKMAgCAQAC # AwehIKEKMAgCAQACAwGGoDANBgkqhkiG9w0BAQUFAAOBgQABRQhmKn3qwh4CKtMo # nVHmcoEh9kqsXglfhFbK4ZKCJdTpLvpGlhOjeC08a6wXPUqGRxENM/HgIeKiXqsX # howQtBg1yEA5NzyeQezSJtobXnb19aAwc7p3SxdDc4NxaM2RVftRe2xMzrL2rCS+ # EQCjIgYqWW890ffl+8h0UJWs4zGCBA0wggQJAgEBMIGTMHwxCzAJBgNVBAYTAlVT # MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQK # ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1l # LVN0YW1wIFBDQSAyMDEwAhMzAAABv99uuQQVUihYAAEAAAG/MA0GCWCGSAFlAwQC # AQUAoIIBSjAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcNAQkE # MSIEIOboW3Hn7+buz4ZF4tqAVffATuQFjUr5b21FfqG2P2reMIH6BgsqhkiG9w0B # CRACLzGB6jCB5zCB5DCBvQQg/Q4tRz63EiRj4K+19yNUwogBIOsp44CIuBfnZHCv # Ba4wgZgwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQ # MA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u # MSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAb/f # brkEFVIoWAABAAABvzAiBCC6TeDHU9lvF3onY3GXcOJZDZ+SMIC7V7VJ+o7USNMZ # NzANBgkqhkiG9w0BAQsFAASCAgBYtH8pzyZHebGmmQ+O3eXJfB4Bc1+WsK/odt+i # 2gGO0ELeFkdkHc3Oo0Y5A022l63APXkwPotmLMTO43HDFgkQMXyodOMtyzedUCED # Bp/29TP9DncLjcKXUKRzJeiaNZrFFrQqegJHLz5/L+ualuUcLVLAdxRZS2lWH7RP # w73pnZv29qImkKR9xhgmWuRRJx7KwfgqNGEWWms8yMF41WOtJqN7EvL4A45mNAG5 # uAAWwDphXcMfQ8WB1hUeF9uydh//EhOkXjAoqw6bqUvBkFt9REnzDv5lz1LNM8gK # 8hG5gFgWjiLnMRbuYZ9bSZpgSC6Hqrrr8VGPhC6ROPYZXqvDCsVCEjfjN5pu5990 # g227ahRgnEQvFeXy4D3QHA6WURJqJNAAMOUBVntCnr1dLhFWzueKVbUdwTbORGX6 # GuMfklNfAeEmykdq18C0WkzZolAi7RO3+eQFPGi5Kwmp1OZzzT9bzf6EnbzDyrfG # mmev1KP0qTmgKiwEsRqrS89RB0FEyMo8dP8en775V4uI3XgGok2BQ7AzCED5bYOe # YCWtxHA6DGWIXNNc4EIjvRMDuzuxbx2+yFGQu81Fj7dbQWXOHSlYLpEOxb3hdSMx # kNy5OlALRdvou3XG+rche9y+VqY82/qC+aqmuoMrFv+sx3AjpYCPl01rNU6mS9hP # YUdFtg== # SIG # End signature block |