Checks/check-ORCA118_2.ps1
|
using module "..\ORCA.psm1" class ORCA118_2 : ORCACheck { <# CONSTRUCTOR with Check Header Data #> ORCA118_2() { $this.Control="118-2" $this.Area="Transport Rules" $this.Name="Domain Allow Listing" $this.PassText="Domains are not being allow listed in an unsafe manner" $this.FailRecommendation="Remove allow listed domains" $this.Importance="Emails coming from allow listed domains bypass several layers of protection within Exchange Online Protection. If domains are allow listed, they are open to being spoofed from malicious actors." $this.ExpandResults=$True $this.CheckType=[CheckType]::ObjectPropertyValue $this.ObjectType="Transport Rule" $this.ItemName="Condition" $this.DataType="Allow Listed Address" $this.ChiValue=[ORCACHI]::High $this.Links= @{ "Exchange admin center in Exchange Online"="https://outlook.office365.com/ecp/" "Using Exchange Transport Rules (ETRs) to allow specific senders"="https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/create-safe-sender-lists-in-office-365#using-exchange-transport-rules-etrs-to-allow-specific-senders-recommended" } } <# RESULTS #> GetResults($Config) { $Check = "Transport Rule SCL" # Look through Transport Rule for an action SetSCL -1 ForEach($TransportRule in $Config["TransportRules"]) { If($TransportRule.SetSCL -eq "-1") { #Rules that apply to the sender domain #From Address notmatch is to include if just domain name is value If($TransportRule.SenderDomainIs -ne $null -or ($TransportRule.FromAddressContainsWords -ne $null -and $TransportRule.FromAddressContainsWords -notmatch ".+@") -or ($TransportRule.FromAddressMatchesPatterns -ne $null -and $TransportRule.FromAddressMatchesPatterns -notmatch ".+@")) { #Look for condition that checks auth results header and its value If(($TransportRule.HeaderContainsMessageHeader -eq 'Authentication-Results' -and $TransportRule.HeaderContainsWords -ne $null) -or ($TransportRule.HeaderMatchesMessageHeader -like '*Authentication-Results*' -and $TransportRule.HeaderMatchesPatterns -ne $null)) { # OK } #Look for exception that checks auth results header and its value elseif(($TransportRule.ExceptIfHeaderContainsMessageHeader -eq 'Authentication-Results' -and $TransportRule.ExceptIfHeaderContainsWords -ne $null) -or ($TransportRule.ExceptIfHeaderMatchesMessageHeader -like '*Authentication-Results*' -and $TransportRule.ExceptIfHeaderMatchesPatterns -ne $null)) { # OK } elseif($TransportRule.SenderIpRanges -ne $null) { # OK } #Look for condition that checks for any other header and its value else { ForEach($RuleDomain in $($TransportRule.SenderDomainIs)) { # Check objects $ConfigObject = [ORCACheckConfig]::new() $ConfigObject.Object=$($TransportRule.Name) $ConfigObject.ConfigItem="From Domain" $ConfigObject.ConfigData=$($RuleDomain) $ConfigObject.ConfigDisabled=$($TransportRule.State -ne "Enabled") $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail") $this.AddConfig($ConfigObject) } ForEach($FromAddressContains in $($TransportRule.FromAddressContainsWords)) { # Check objects $ConfigObject = [ORCACheckConfig]::new() $ConfigObject.Object=$($TransportRule.Name) $ConfigObject.ConfigItem="From Contains" $ConfigObject."$($FromAddressContains)" $ConfigObject.ConfigDisabled=$($TransportRule.State -ne "Enabled") $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail") $this.AddConfig($ConfigObject) } ForEach($FromAddressMatch in $($TransportRule.FromAddressMatchesPatterns)) { # Check objects $ConfigObject = [ORCACheckConfig]::new() $ConfigObject.Object=$($TransportRule.Name) $ConfigObject.ConfigItem="From Matches" $ConfigObject."$($FromAddressMatch)" $ConfigObject.ConfigDisabled=$($TransportRule.State -ne "Enabled") $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail") $this.AddConfig($ConfigObject) } } } #No sender domain restriction, so check for IP restriction elseif($null -ne $TransportRule.SenderIpRanges) { ForEach($SenderIpRange in $TransportRule.SenderIpRanges) { # Check objects $ConfigObject = [ORCACheckConfig]::new() $ConfigObject.Object=$($TransportRule.Name) $ConfigObject.ConfigItem="IP Range" $ConfigObject.ConfigData=$SenderIpRange $ConfigObject.ConfigDisabled=$($TransportRule.State -ne "Enabled") $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail") $this.AddConfig($ConfigObject) } } #No sender restriction, so check for condition that checks auth results header and its value elseif(($TransportRule.HeaderContainsMessageHeader -eq 'Authentication-Results' -and $TransportRule.HeaderContainsWords -ne $null) -or ($TransportRule.HeaderMatchesMessageHeader -like '*Authentication-Results*' -and $TransportRule.HeaderMatchesPatterns -ne $null)) { # OK } #No sender restriction, so check for exception that checks auth results header and its value elseif(($TransportRule.ExceptIfHeaderContainsMessageHeader -eq 'Authentication-Results' -and $TransportRule.ExceptIfHeaderContainsWords -ne $null) -or ($TransportRule.ExceptIfHeaderMatchesMessageHeader -like '*Authentication-Results*' -and $TransportRule.ExceptIfHeaderMatchesPatterns -ne $null)) { # OK } } } } } # SIG # Begin signature block # MIIl7AYJKoZIhvcNAQcCoIIl3TCCJdkCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDfkVd0ciS1h0Px # fjV7u4SkPWquKb+Ihx9g7FaOVkuE1aCCC6YwggULMIID86ADAgECAhMzAAAFwlgA # 087+f22BAAEAAAXCMA0GCSqGSIb3DQEBCwUAMHkxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xIzAhBgNVBAMTGk1pY3Jvc29mdCBUZXN0aW5nIFBD # QSAyMDEwMB4XDTIzMDkyMTE4MTE0M1oXDTI0MDkxODE4MTE0M1owfDELMAkGA1UE # BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc # BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdQ29kZSBTaWdu # IFRlc3QgKERPIE5PVCBUUlVTVCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK # AoIBAQD5++3gGQURCZ5RFx3f6hxBcryv+l9JDcB/ue8Nf4lxtCZ3BYkCuFTxGzQs # lXh4SBgmfcoDr8X9mqmYlAhGlQn5WdhIlIjY7cyO+Jj9qH6ir7kKmqnxX5UMl2e8 # 1Xd78imtyJHeK3X/mReHaJItcbdObmRrJeq1cJm2qgiadjJK9aFPIGTd/2jgBIMc # G1LVd+lHU7fPU+wlvJshXoo7rj82PhSGoMqTN4s30oaUlIpKwhyn6eO7UIlD77Ez # NikN8J35LSlUGAWR7UW/qBrlVM9JURkIsAFfHUdZbsCu0wB3dHMBru+oDim+X/R9 # ko+B0F3Me40uod5i5D8m8HqIazstAgMBAAGjggGHMIIBgzAOBgNVHQ8BAf8EBAMC # B4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwHQYDVR0OBBYEFJfRokzB8QH6nZ8MnJQI # ahPRxmYhMEUGA1UdEQQ+MDykOjA4MR4wHAYDVQQLExVNaWNyb3NvZnQgQ29ycG9y # YXRpb24xFjAUBgNVBAUTDTIzMDA3Mis1MDE1NjYwHwYDVR0jBBgwFoAUv2Wiq291 # o05FllcFzzmH9MAVHBwwXAYDVR0fBFUwUzBRoE+gTYZLaHR0cDovL3d3dy5taWNy # b3NvZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0JTIwVGVzdGluZyUyMFBDQSUy # MDIwMTAoMSkuY3JsMGkGCCsGAQUFBwEBBF0wWzBZBggrBgEFBQcwAoZNaHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBUZXN0 # aW5nJTIwUENBJTIwMjAxMCgxKS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0B # AQsFAAOCAQEAMmCxC2x6fhzNJHnCk9zTlYQo0e/MzR5BHxJul6XfH7L2K+EOr+Wv # wiAvkkA47zgupON7XKs+NQFkTQAAw/tgzpZ95d2KyRUxbwfik44uLSqvgVNlSDSk # Ant8qiTj3+EhxYhcHQJwA4vz4Ow+rLIQOvPIHB0cOj1bJ/Z0olgCXfo/oORtXQe3 # 9M6dO7XvQ2i0SRvnfn95hodbpPWDmSvyHvZU5rHVLTBwyh9oTQ4v30P8eeAONxp6 # Sp6X7hLDy14Q0L4nfBeRFdf9M/DK6LjJ3bUWlYcqRpFwqMjAJQkW8RMtWuV8uSgD # PAR/tnqsaUFRAILpmfqPUwgXIVGT0/89iDCCBpMwggR7oAMCAQICEzMAAAAtNXpG # iMkHcdgAAAAAAC0wDQYJKoZIhvcNAQELBQAwgZAxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xOjA4BgNVBAMTMU1pY3Jvc29mdCBUZXN0aW5nIFJv # b3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwHhcNMjAxMjEwMjA0MzIwWhcN # MzUwNjE3MjEwNDExWjB5MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv # bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0 # aW9uMSMwIQYDVQQDExpNaWNyb3NvZnQgVGVzdGluZyBQQ0EgMjAxMDCCASIwDQYJ # KoZIhvcNAQEBBQADggEPADCCAQoCggEBAL88YIGrvuz/1xdj8qZC0RNinLAXzrpG # GnsiLlVzmlS5xtTRypj+d0cNjp3wXsz4VO/yzyrUYvGpNAoE18UFhvIQ9U3Tlghm # hdsCfRjc4nojp5opXa55GM8MY/Aa/4GpqUM/qQu5UfGzSDr8RC5fEcVWOv/KDs2I # CMH9x9X1Pu/qThtyiyO9RTeeH3DBp8m4IHPt82w9iyEFz3cS/qHcB+kNW3gJbDJV # EEfQN8jH9/pz/kY05FYWqDdkU9Y1+8OAto62hpGhENbBSvbjetQRCrLeLp4Ql+CB # rhJdiAFdzKTEKFKcYPAK5oivS+lXiuyjDzceKfZdIdPX2l0OyU7bjW0CAwEAAaOC # AfowggH2MA4GA1UdDwEB/wQEAwIBhjASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsG # AQQBgjcVAgQWBBTqn18zttBfnq3rLabBArtAOMvntTAdBgNVHQ4EFgQUv2Wiq291 # o05FllcFzzmH9MAVHBwwVAYDVR0gBE0wSzBJBgRVHSAAMEEwPwYIKwYBBQUHAgEW # M2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5 # Lmh0bTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAPBgNVHRMBAf8EBTADAQH/ # MB8GA1UdIwQYMBaAFKMBBH4wiDPruTGcyuuFdmf8ZbTRMFkGA1UdHwRSMFAwTqBM # oEqGSGh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01p # Y1Rlc1Jvb0NlckF1dF8yMDEwLTA2LTE3LmNybDCBjQYIKwYBBQUHAQEEgYAwfjBN # BggrBgEFBQcwAoZBaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9N # aWNUZXNSb29DZXJBdXRfMjAxMC0wNi0xNy5jcnQwLQYIKwYBBQUHMAGGIWh0dHA6 # Ly9vbmVvY3NwLm1pY3Jvc29mdC5jb20vb2NzcDANBgkqhkiG9w0BAQsFAAOCAgEA # J7TQhbKezA+kKlNz1W3a1zEAyPb/Y8j2ARG1GJLa3LT5rybo/Ep5vcFnsIgDeWXP # NTUFWI7igwaW9bp+EllQm+Dw1T2dCfO7Rs2HvXTid9BGBnoiGmkrZCy5izmADOqC # JyKiMFciJNkhP6tpRrfDr8HGXrzZj5FWI5Op8iYuRHb0unIj0ZlvW0VkU+KVlPG2 # SEC/d/CxOJRzkAIsawEIlnrOUs6dlPORNJy3Wg6+cPyNvCf2dfuM1tTWqNaa1Qjq # q6LJ6DVH1X9ZL7MH1txWNpdT4gGKfLBsjuexms7V3QaBDgXAy3nX3D62vfjS3RBd # +jZBNIPvXW6JBWOysYVCfFqTIgpjeMo/SyhS70G3LRjCSWPRMBxYn5tqYGommnyh # dRss/ja7icxBIKcrDKP3/QFQUP6gnT0EBhFqd0AyGnn+LbPUE8fkZgyggQzExS4B # ZpoW7VGNCVoy5Cp+7KM/yyHA1JXv6eU4hQ+FYX2ZwHL2EB137rJZ8qfsroVswEpw # EDZziDun3NSRSMJA5HDPpP07KXwGo8x6KEgMF5Kzlq40Q1esCNGMzFR6xMkNIWeT # ZyF2y95a05Dj439zQbtZ2kjRGsknbkrQ2xVY1d016BDRJ2YroCSmEsJoc6GBzNZ4 # IqTeazXaiYiubpKehPCw84t5ef+13LSUGN/mYBwyaLIxghmcMIIZmAIBATCBkDB5 # MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVk # bW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSMwIQYDVQQDExpN # aWNyb3NvZnQgVGVzdGluZyBQQ0EgMjAxMAITMwAABcJYANPO/n9tgQABAAAFwjAN # BglghkgBZQMEAgEFAKCBsDAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgor # BgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQxIgQg18own6dA # 7MXYT09eyHTt0sp8N2taD7V6BmcMXj3MUcwwRAYKKwYBBAGCNwIBDDE2MDSgFIAS # AE0AaQBjAHIAbwBzAG8AZgB0oRyAGmh0dHBzOi8vd3d3Lm1pY3Jvc29mdC5jb20g # MA0GCSqGSIb3DQEBAQUABIIBAOzQem95bK1LmUFUuMll1kCn5Fxht3dtOl7Vcj/7 # CvQoPiB5fw2FQ4gboPXX075tpGFky4Nyqo57qTz0r+pWSGIHNg7iB6qC5iMURfbK # Ew5F4hpNnwcNuLXqf0Iv2NknN6imP8dqKU5CEd6ETqsJ+rtO6s5xxXb4iJHhV56e # CIWztx26XshFVuq/9oU7qCE4WVby+WY17uVR8pTiYlNA+fxaS1LiUFTrwTmtLhbn # yKp8hUe/ftV1YXyOiJnjDZ1fCLYN/FyM2zQOCrNPBn7aDjKwyNy3hJa7ACXg6w68 # iEjKGMJIHeF5TxCS51Tdh3b7bVNrJ91A/b1nFwr2zKcCbfehghcpMIIXJQYKKwYB # BAGCNwMDATGCFxUwghcRBgkqhkiG9w0BBwKgghcCMIIW/gIBAzEPMA0GCWCGSAFl # AwQCAQUAMIIBWQYLKoZIhvcNAQkQAQSgggFIBIIBRDCCAUACAQEGCisGAQQBhFkK # AwEwMTANBglghkgBZQMEAgEFAAQgt1uiV/BhcCv7saHHPPFEouBj1a4+/rZP7ftF # AuoeursCBmVCrfIixBgTMjAyMzExMTYwMjExMjcuMDE1WjAEgAIB9KCB2KSB1TCB # 0jELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl # ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMk # TWljcm9zb2Z0IElyZWxhbmQgT3BlcmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1U # aGFsZXMgVFNTIEVTTjoyQUQ0LTRCOTItRkEwMTElMCMGA1UEAxMcTWljcm9zb2Z0 # IFRpbWUtU3RhbXAgU2VydmljZaCCEXgwggcnMIIFD6ADAgECAhMzAAAB3p5Inpaf # KEQ9AAEAAAHeMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQI # EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv # ZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBD # QSAyMDEwMB4XDTIzMTAxMjE5MDcxMloXDTI1MDExMDE5MDcxMlowgdIxCzAJBgNV # BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4w # HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xLTArBgNVBAsTJE1pY3Jvc29m # dCBJcmVsYW5kIE9wZXJhdGlvbnMgTGltaXRlZDEmMCQGA1UECxMdVGhhbGVzIFRT # UyBFU046MkFENC00QjkyLUZBMDExJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0 # YW1wIFNlcnZpY2UwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC0gfQc # hfVCA4QOsRazp4sP8bA5fLEovazgjl0kjuFTEI5zRgKOVR8dIoozBDB/S2NklCAZ # FUEtDJepEfk2oJFD22hKcI4UNZqa4UYCU/45Up4nONlQwKNHp+CSOsZ16AKFqCsk # mPP0TiCnaaYYCOziW+Fx5NT97F9qTWd9iw2NZLXIStf4Vsj5W5WlwB0btBN8p78K # 0vP23KKwDTug47srMkvc1Jq/sNx9wBL0oLNkXri49qZAXH1tVDwhbnS3eyD2dkQu # KHUHBD52Ndo8qWD50usmQLNKS6atCkRVMgdcesejlO97LnYhzjdephNJeiy0/Tph # qNEveAcYNzf92hOn1G51aHplXOxZBS7pvCpGXG0O3Dh0gFhicXQr6OTrVLUXUqn/ # ORZJQlyCJIOLJu5zPU5LVFXztJKepMe5srIA9EK8cev+aGqp8Dk1izcyvgQotRu5 # 1A9abXrl70KfHxNSqU45xv9TiXnocCjTT4xrffFdAZqIGU3t0sQZDnjkMiwPvuR8 # oPy+vKXvg62aGT1yWhlP4gYhZi/rpfzot3fN8ywB5R0Jh/1RjQX0cD/osb6ocpPx # Hm8Ll1SWPq08n20X7ofZ9AGjIYTccYOrRismUuBABIg8axfZgGRMvHvK3+nZSiF+ # Xd2kC6PXw3WtWUzsPlwHAL49vzdwy1RmZR5x5QIDAQABo4IBSTCCAUUwHQYDVR0O # BBYEFGswJm8bHmmqYHccyvDrPp2j0BLIMB8GA1UdIwQYMBaAFJ+nFV0AXmJdg/Tl # 0mWnG1M1GelyMF8GA1UdHwRYMFYwVKBSoFCGTmh0dHA6Ly93d3cubWljcm9zb2Z0 # LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAy # MDEwKDEpLmNybDBsBggrBgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKGUGh0dHA6Ly93 # d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwVGltZS1T # dGFtcCUyMFBDQSUyMDIwMTAoMSkuY3J0MAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/ # BAwwCgYIKwYBBQUHAwgwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IC # AQDilMB7Fw2nBjr1CILORw4D7NC2dash0ugusHypS2g9+rWX21rdcfhjIms0rsvh # rMYlR85ITFvhaivIK7i0Fjf7Dgl/nxlIE/S09tXESKXGY+P2RSL8LZAXLAs9VxFL # F2DkiVD4rWOxPG25XZpoWGdvafl0KSHLBv6vmI5KgVvZsNK7tTH8TE0LPTEw4g9v # IAFRqzwNzcpIkgob3aku1V/vy3BM/VG87aP8NvFgPBzgh6gU2w0R5oj+zCI/kkJi # PVSGsmLCBkY73pZjWtDr21PQiUs/zXzBIH9jRzGVGFvCqlhIyIz3xyCsVpTTGIbl # n1kUh2QisiADQNGiS+LKB0Lc82djJzX42GPOdcB2IxoMFI/4ZS0YEDuUt9Gce/Bq # gSn8paduWjlif6j4Qvg1zNoF2oyF25fo6RnFQDcLRRbowiUXWW3h9UfkONRY4AYO # JtzkxQxqLeQ0rlZEII5Lu6TlT7ZXROOkJQ4P9loT6U0MVx+uLD9Rn5AMFLbeq62T # PzwsERuoIq2Jp00Sy7InAYaGC4fhBBY1b4lwBk5OqZ7vI8f+Fj1rtI7M+8hc4PNv # xTKgpPcCty78iwMgxzfhcWxwMbYMGne6C0DzNFhhEXQdbpjwiImLEn/4+/RKh3aD # cEGETlZvmV9dEV95+m0ZgJ7JHjYYtMJ1WnlaICzHRg/p6jCCB3EwggVZoAMCAQIC # EzMAAAAVxedrngKbSZkAAAAAABUwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYT # AlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYD # VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBS # b290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTIxMDkzMDE4MjIyNVoX # DTMwMDkzMDE4MzIyNVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0 # b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3Jh # dGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwggIi # MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDk4aZM57RyIQt5osvXJHm9DtWC # 0/3unAcH0qlsTnXIyjVX9gF/bErg4r25PhdgM/9cT8dm95VTcVrifkpa/rg2Z4VG # Iwy1jRPPdzLAEBjoYH1qUoNEt6aORmsHFPPFdvWGUNzBRMhxXFExN6AKOG6N7dcP # 2CZTfDlhAnrEqv1yaa8dq6z2Nr41JmTamDu6GnszrYBbfowQHJ1S/rboYiXcag/P # XfT+jlPP1uyFVk3v3byNpOORj7I5LFGc6XBpDco2LXCOMcg1KL3jtIckw+DJj361 # VI/c+gVVmG1oO5pGve2krnopN6zL64NF50ZuyjLVwIYwXE8s4mKyzbnijYjklqwB # Sru+cakXW2dg3viSkR4dPf0gz3N9QZpGdc3EXzTdEonW/aUgfX782Z5F37ZyL9t9 # X4C626p+Nuw2TPYrbqgSUei/BQOj0XOmTTd0lBw0gg/wEPK3Rxjtp+iZfD9M269e # wvPV2HM9Q07BMzlMjgK8QmguEOqEUUbi0b1qGFphAXPKZ6Je1yh2AuIzGHLXpyDw # wvoSCtdjbwzJNmSLW6CmgyFdXzB0kZSU2LlQ+QuJYfM2BjUYhEfb3BvR/bLUHMVr # 9lxSUV0S2yW6r1AFemzFER1y7435UsSFF5PAPBXbGjfHCBUYP3irRbb1Hode2o+e # FnJpxq57t7c+auIurQIDAQABo4IB3TCCAdkwEgYJKwYBBAGCNxUBBAUCAwEAATAj # BgkrBgEEAYI3FQIEFgQUKqdS/mTEmr6CkTxGNSnPEP8vBO4wHQYDVR0OBBYEFJ+n # FV0AXmJdg/Tl0mWnG1M1GelyMFwGA1UdIARVMFMwUQYMKwYBBAGCN0yDfQEBMEEw # PwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9j # cy9SZXBvc2l0b3J5Lmh0bTATBgNVHSUEDDAKBggrBgEFBQcDCDAZBgkrBgEEAYI3 # FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAf # BgNVHSMEGDAWgBTV9lbLj+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBNMEugSaBH # hkVodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNS # b29DZXJBdXRfMjAxMC0wNi0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUF # BzAChj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0Nl # ckF1dF8yMDEwLTA2LTIzLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAnVV9/Cqt4Swf # ZwExJFvhnnJL/Klv6lwUtj5OR2R4sQaTlz0xM7U518JxNj/aZGx80HU5bbsPMeTC # j/ts0aGUGCLu6WZnOlNN3Zi6th542DYunKmCVgADsAW+iehp4LoJ7nvfam++Kctu # 2D9IdQHZGN5tggz1bSNU5HhTdSRXud2f8449xvNo32X2pFaq95W2KFUn0CS9QKC/ # GbYSEhFdPSfgQJY4rPf5KYnDvBewVIVCs/wMnosZiefwC2qBwoEZQhlSdYo2wh3D # YXMuLGt7bj8sCXgU6ZGyqVvfSaN0DLzskYDSPeZKPmY7T7uG+jIa2Zb0j/aRAfbO # xnT99kxybxCrdTDFNLB62FD+CljdQDzHVG2dY3RILLFORy3BFARxv2T5JL5zbcqO # Cb2zAVdJVGTZc9d/HltEAY5aGZFrDZ+kKNxnGSgkujhLmm77IVRrakURR6nxt67I # 6IleT53S0Ex2tVdUCbFpAUR+fKFhbHP+CrvsQWY9af3LwUFJfn6Tvsv4O+S3Fb+0 # zj6lMVGEvL8CwYKiexcdFYmNcP7ntdAoGokLjzbaukz5m/8K6TT4JDVnK+ANuOaM # mdbhIurwJ0I9JZTmdHRbatGePu1+oDEzfbzL6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNT # TY3ugm2lBRDBcQZqELQdVTNYs6FwZvKhggLUMIICPQIBATCCAQChgdikgdUwgdIx # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xLTArBgNVBAsTJE1p # Y3Jvc29mdCBJcmVsYW5kIE9wZXJhdGlvbnMgTGltaXRlZDEmMCQGA1UECxMdVGhh # bGVzIFRTUyBFU046MkFENC00QjkyLUZBMDExJTAjBgNVBAMTHE1pY3Jvc29mdCBU # aW1lLVN0YW1wIFNlcnZpY2WiIwoBATAHBgUrDgMCGgMVAGigUorMuMvOqZfF8ttg # iWRMRNrzoIGDMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0 # b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3Jh # dGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwDQYJ # KoZIhvcNAQEFBQACBQDo/6BFMCIYDzIwMjMxMTE2MDM1MzQxWhgPMjAyMzExMTcw # MzUzNDFaMHQwOgYKKwYBBAGEWQoEATEsMCowCgIFAOj/oEUCAQAwBwIBAAICFpYw # BwIBAAICEWswCgIFAOkA8cUCAQAwNgYKKwYBBAGEWQoEAjEoMCYwDAYKKwYBBAGE # WQoDAqAKMAgCAQACAwehIKEKMAgCAQACAwGGoDANBgkqhkiG9w0BAQUFAAOBgQBF # 0KJRc2Iz1tcWd6ovt9Q5j0rGtXIdDta5ed1ejyfoSezMJXnoXIgtyfmzdgyvD6N4 # TqEbE2h5XovJzsmnInpJv+ikOfw9Se5AW5WnUwj107Lthew+sdDXWnCC2HQc2dkb # hlu0DHPr377UfZhHuQQmYaDOutMC4j4a6qxCfiabsTGCBA0wggQJAgEBMIGTMHwx # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1p # Y3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAB3p5InpafKEQ9AAEAAAHe # MA0GCWCGSAFlAwQCAQUAoIIBSjAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQw # LwYJKoZIhvcNAQkEMSIEIH4o4K/XblSg6S3BbWh9af8gp5OP+NTvOVYgJTHi0ZUx # MIH6BgsqhkiG9w0BCRACLzGB6jCB5zCB5DCBvQQgjj4jnw3BXhAQSQJ/5gtzIK0+ # cP1Ns/NS2A+OB3N+HXswgZgwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMK # V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0 # IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0Eg # MjAxMAITMwAAAd6eSJ6WnyhEPQABAAAB3jAiBCCenvt5HVNfyJgyUC0UrVoiy47W # VyC9N0GLvPWoiNywWDANBgkqhkiG9w0BAQsFAASCAgCzgLSGAkeYTkYYSoaur3zd # tiDTi3CKBaPWvQn6LjjJlylPq7PP5ojlbVqjRpCrI1fyawJyZdV6ExfZbqWFtj9e # 9SpZK9y2k5pEmsoZJVxnBHM/a1lEMFeEcjCrjqIQfz1S1Hb7sLIUJj2gVLUkSKSJ # maTw6sjeS7rKU9b0kQP3cr+42lge59OLA9IHgC8npHs3XHT0avUOd+tdszd18jIY # DiyknzcVvZikMe/0Be9IbL7y/6DNcZAkC6HX/FXxy6feAcWtiNrAg+5ZRINm7Us5 # RcnTf0bpZTIMIo+l5jEB422mcnzxAjLCwE6KaNORq1h7u6tR3XZDcUkfpec9q9/F # wMxLxxLSP1JWxhhM1HtmHx/Xv8/NYatuE/82a6/8kP0hMm/FhzD6F71lrr1yGZ+m # gpU4/Ws02DGcXyRQC8Pr2Spm8Ld/BNNj7FIUgJ230ytSLISBUaf5ZkvNq7t+l9dw # nR+fJZJ6N89J7BnB8yLKrukDgkK1UgHC0bD1yoIrLk0/tJ4s7+9LyJ8DNVrsrQxB # 83tDHimwo4A02v/4EIJXjmsVR6sobb/nSmqREFQR53vtHw3AGTehi7bNyLMR1Beo # A6FkNyaTFQ8JeiFaBsEQmZ8PUlA88HZXjjU9JthkxnloW+j95wmL2FUdUOEq4unW # qqSIEwSU7DYqwcgl2IxgvA== # SIG # End signature block |