Checks/check-ORCA118_2.ps1
|
using module "..\ORCA.psm1" class ORCA118_2 : ORCACheck { <# CONSTRUCTOR with Check Header Data #> ORCA118_2() { $this.Control="118-2" $this.Area="Transport Rules" $this.Name="Domain Whitelisting" $this.PassText="Domains are not being whitelisted in an unsafe manner" $this.FailRecommendation="Remove whitelisting on domains" $this.Importance="Emails coming from whitelisted domains bypass several layers of protection within Exchange Online Protection. If domains are whitelisted, they are open to being spoofed from malicious actors." $this.ExpandResults=$True $this.CheckType=[CheckType]::ObjectPropertyValue $this.ObjectType="Transport Rule" $this.ItemName="Condition" $this.DataType="Whitelisted Address" $this.ChiValue=[ORCACHI]::High $this.Links= @{ "Exchange admin center in Exchange Online"="https://outlook.office365.com/ecp/" "Using Exchange Transport Rules (ETRs) to allow specific senders"="https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/create-safe-sender-lists-in-office-365#using-exchange-transport-rules-etrs-to-allow-specific-senders-recommended" } } <# RESULTS #> GetResults($Config) { $Check = "Transport Rule SCL" # Look through Transport Rule for an action SetSCL -1 ForEach($TransportRule in $Config["TransportRules"]) { If($TransportRule.SetSCL -eq "-1") { #Rules that apply to the sender domain #From Address notmatch is to include if just domain name is value If($TransportRule.SenderDomainIs -ne $null -or ($TransportRule.FromAddressContainsWords -ne $null -and $TransportRule.FromAddressContainsWords -notmatch ".+@") -or ($TransportRule.FromAddressMatchesPatterns -ne $null -and $TransportRule.FromAddressMatchesPatterns -notmatch ".+@")) { #Look for condition that checks auth results header and its value If(($TransportRule.HeaderContainsMessageHeader -eq 'Authentication-Results' -and $TransportRule.HeaderContainsWords -ne $null) -or ($TransportRule.HeaderMatchesMessageHeader -like '*Authentication-Results*' -and $TransportRule.HeaderMatchesPatterns -ne $null)) { # OK } #Look for exception that checks auth results header and its value elseif(($TransportRule.ExceptIfHeaderContainsMessageHeader -eq 'Authentication-Results' -and $TransportRule.ExceptIfHeaderContainsWords -ne $null) -or ($TransportRule.ExceptIfHeaderMatchesMessageHeader -like '*Authentication-Results*' -and $TransportRule.ExceptIfHeaderMatchesPatterns -ne $null)) { # OK } elseif($TransportRule.SenderIpRanges -ne $null) { # OK } #Look for condition that checks for any other header and its value else { ForEach($RuleDomain in $($TransportRule.SenderDomainIs)) { # Check objects $ConfigObject = [ORCACheckConfig]::new() $ConfigObject.Object=$($TransportRule.Name) $ConfigObject.ConfigItem="From Domain" $ConfigObject.ConfigData=$($RuleDomain) if($TransportRule.State -eq "Disabled") { $ConfigObject.InfoText = "This rule is marked as disabled, while this rule will not apply, it is being flagged incase of accidental enablement." $ConfigObject.SetResult([ORCAConfigLevel]::Informational,"Fail") } else { $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail") } $this.AddConfig($ConfigObject) } ForEach($FromAddressContains in $($TransportRule.FromAddressContainsWords)) { # Check objects $ConfigObject = [ORCACheckConfig]::new() $ConfigObject.Object=$($TransportRule.Name) $ConfigObject.ConfigItem="From Contains" $ConfigObject."$($FromAddressContains)" if($TransportRule.State -eq "Disabled") { $ConfigObject.InfoText = "This rule is marked as disabled, while this rule will not apply, it is being flagged incase of accidental enablement." $ConfigObject.SetResult([ORCAConfigLevel]::Informational,"Fail") } else { $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail") } $this.AddConfig($ConfigObject) } ForEach($FromAddressMatch in $($TransportRule.FromAddressMatchesPatterns)) { # Check objects $ConfigObject = [ORCACheckConfig]::new() $ConfigObject.Object=$($TransportRule.Name) $ConfigObject.ConfigItem="From Matches" $ConfigObject."$($FromAddressMatch)" if($TransportRule.State -eq "Disabled") { $ConfigObject.InfoText = "This rule is marked as disabled, while this rule will not apply, it is being flagged incase of accidental enablement." $ConfigObject.SetResult([ORCAConfigLevel]::Informational,"Fail") } else { $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail") } $this.AddConfig($ConfigObject) } } } #No sender domain restriction, so check for IP restriction elseif($null -ne $TransportRule.SenderIpRanges) { ForEach($SenderIpRange in $TransportRule.SenderIpRanges) { # Check objects $ConfigObject = [ORCACheckConfig]::new() $ConfigObject.Object=$($TransportRule.Name) $ConfigObject.ConfigItem="IP Range" $ConfigObject.ConfigData=$SenderIpRange if($TransportRule.State -eq "Disabled") { $ConfigObject.InfoText = "This rule is marked as disabled, while this rule will not apply, it is being flagged incase of accidental enablement." $ConfigObject.SetResult([ORCAConfigLevel]::Informational,"Fail") } else { $ConfigObject.SetResult([ORCAConfigLevel]::Standard,"Fail") } $this.AddConfig($ConfigObject) } } #No sender restriction, so check for condition that checks auth results header and its value elseif(($TransportRule.HeaderContainsMessageHeader -eq 'Authentication-Results' -and $TransportRule.HeaderContainsWords -ne $null) -or ($TransportRule.HeaderMatchesMessageHeader -like '*Authentication-Results*' -and $TransportRule.HeaderMatchesPatterns -ne $null)) { # OK } #No sender restriction, so check for exception that checks auth results header and its value elseif(($TransportRule.ExceptIfHeaderContainsMessageHeader -eq 'Authentication-Results' -and $TransportRule.ExceptIfHeaderContainsWords -ne $null) -or ($TransportRule.ExceptIfHeaderMatchesMessageHeader -like '*Authentication-Results*' -and $TransportRule.ExceptIfHeaderMatchesPatterns -ne $null)) { # OK } } } } } # SIG # Begin signature block # MIIlxwYJKoZIhvcNAQcCoIIluDCCJbQCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCoR5dtyTetF6Ww # oHIOTQi1r5hYaYb631SKQdxUqR6O96CCC6EwggUGMIID7qADAgECAhMzAAAFOOjH # CijZN8SsAAEAAAU4MA0GCSqGSIb3DQEBCwUAMHkxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xIzAhBgNVBAMTGk1pY3Jvc29mdCBUZXN0aW5nIFBD # QSAyMDEwMB4XDTIyMDUwNTIwMDgwMFoXDTIzMDUwNDIwMDgwMFowfDELMAkGA1UE # BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc # BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdQ29kZSBTaWdu # IFRlc3QgKERPIE5PVCBUUlVTVCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK # AoIBAQCwv+PicJtDuojc1De/w9EuLQ0XPeNkVaqHYgyzJ03eKyND/kp9Gt81XJgz # KriQv46QHS68jWHOWSoEdPw/6IEAz1pv7j28Xu74W6pWHVcSgNXO9jq6KW3plLIL # L6wqqgMhuJIDKzz1FKSDzhoPB8J3LZP02mDVeSnYetA/UL7Gw4RCk0XwRN9tgbuz # WCDkIcQZs5zMVadziVwpkdfFNazuHBFP8Lg3K2AYEm7UppomsuWBtKV01zP2Minw # 0GOg3pozLFrRRB0zv07LIJ09++EhUxnFbV7TNh61cl8iaPappncOlL/2mx24j2YT # 13FyWEj29FzOL+y+49ZTIiSAVRlHAgMBAAGjggGCMIIBfjATBgNVHSUEDDAKBggr # BgEFBQcDAzAdBgNVHQ4EFgQUakHiBgUO5G2xepWghDob21BrWLwwUAYDVR0RBEkw # R6RFMEMxKTAnBgNVBAsTIE1pY3Jvc29mdCBPcGVyYXRpb25zIFB1ZXJ0byBSaWNv # MRYwFAYDVQQFEw0yMzAwNzIrNDcwMDQ1MB8GA1UdIwQYMBaAFL9loqtvdaNORZZX # Bc85h/TAFRwcMFwGA1UdHwRVMFMwUaBPoE2GS2h0dHA6Ly93d3cubWljcm9zb2Z0 # LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUyMFRlc3RpbmclMjBQQ0ElMjAyMDEw # KDEpLmNybDBpBggrBgEFBQcBAQRdMFswWQYIKwYBBQUHMAKGTWh0dHA6Ly93d3cu # bWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwVGVzdGluZyUy # MFBDQSUyMDIwMTAoMSkuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQAD # ggEBAIvhPmsZwiFZEgJF/to3hyyJy38xK+M7ugNESt+C2U+e9gygl0w8od+cfS70 # DtsZKW4CvB997EmHLGdyHax7GqpklOo8ASiBCIvnE6dxC5YpxlDJKeQeAz+/9prV # z00jiIn7fYFL2VlPASbENF4Rhme4TPqmJwTFkCeSaLa7dG9uSIyymrYiOEsN46FV # K2WZXLktjhor/dH/IVwx34obOKdrY6AuOZC6wGaFNL/LmMfWXeirgAERVAyDDtFX # Fp/0i5VUpS/BG/a5ElsglcKiB1bCRxlPPVVLfJX5tyTe/JHwlvGGpzGKpReOmn8a # RzAR6gufh/H2pI2ZualKV1FW3HQwggaTMIIEe6ADAgECAhMzAAAALTV6RojJB3HY # AAAAAAAtMA0GCSqGSIb3DQEBCwUAMIGQMQswCQYDVQQGEwJVUzETMBEGA1UECBMK # V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0 # IENvcnBvcmF0aW9uMTowOAYDVQQDEzFNaWNyb3NvZnQgVGVzdGluZyBSb290IENl # cnRpZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTIwMTIxMDIwNDMyMFoXDTM1MDYx # NzIxMDQxMVoweTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAO # BgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEj # MCEGA1UEAxMaTWljcm9zb2Z0IFRlc3RpbmcgUENBIDIwMTAwggEiMA0GCSqGSIb3 # DQEBAQUAA4IBDwAwggEKAoIBAQC/PGCBq77s/9cXY/KmQtETYpywF866Rhp7Ii5V # c5pUucbU0cqY/ndHDY6d8F7M+FTv8s8q1GLxqTQKBNfFBYbyEPVN05YIZoXbAn0Y # 3OJ6I6eaKV2ueRjPDGPwGv+BqalDP6kLuVHxs0g6/EQuXxHFVjr/yg7NiAjB/cfV # 9T7v6k4bcosjvUU3nh9wwafJuCBz7fNsPYshBc93Ev6h3AfpDVt4CWwyVRBH0DfI # x/f6c/5GNORWFqg3ZFPWNfvDgLaOtoaRoRDWwUr243rUEQqy3i6eEJfgga4SXYgB # XcykxChSnGDwCuaIr0vpV4rsow83Hin2XSHT19pdDslO241tAgMBAAGjggH6MIIB # 9jAOBgNVHQ8BAf8EBAMCAYYwEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3 # FQIEFgQU6p9fM7bQX56t6y2mwQK7QDjL57UwHQYDVR0OBBYEFL9loqtvdaNORZZX # Bc85h/TAFRwcMFQGA1UdIARNMEswSQYEVR0gADBBMD8GCCsGAQUFBwIBFjNodHRw # Oi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9yeS5odG0w # GQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV # HSMEGDAWgBSjAQR+MIgz67kxnMrrhXZn/GW00TBZBgNVHR8EUjBQME6gTKBKhkho # dHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNUZXNS # b29DZXJBdXRfMjAxMC0wNi0xNy5jcmwwgY0GCCsGAQUFBwEBBIGAMH4wTQYIKwYB # BQUHMAKGQWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljVGVz # Um9vQ2VyQXV0XzIwMTAtMDYtMTcuY3J0MC0GCCsGAQUFBzABhiFodHRwOi8vb25l # b2NzcC5taWNyb3NvZnQuY29tL29jc3AwDQYJKoZIhvcNAQELBQADggIBACe00IWy # nswPpCpTc9Vt2tcxAMj2/2PI9gERtRiS2ty0+a8m6PxKeb3BZ7CIA3llzzU1BViO # 4oMGlvW6fhJZUJvg8NU9nQnzu0bNh7104nfQRgZ6IhppK2QsuYs5gAzqgiciojBX # IiTZIT+raUa3w6/Bxl682Y+RViOTqfImLkR29LpyI9GZb1tFZFPilZTxtkhAv3fw # sTiUc5ACLGsBCJZ6zlLOnZTzkTSct1oOvnD8jbwn9nX7jNbU1qjWmtUI6quiyeg1 # R9V/WS+zB9bcVjaXU+IBinywbI7nsZrO1d0GgQ4FwMt519w+tr340t0QXfo2QTSD # 711uiQVjsrGFQnxakyIKY3jKP0soUu9Bty0Ywklj0TAcWJ+bamBqJpp8oXUbLP42 # u4nMQSCnKwyj9/0BUFD+oJ09BAYRandAMhp5/i2z1BPH5GYMoIEMxMUuAWaaFu1R # jQlaMuQqfuyjP8shwNSV7+nlOIUPhWF9mcBy9hAdd+6yWfKn7K6FbMBKcBA2c4g7 # p9zUkUjCQORwz6T9Oyl8BqPMeihIDBeSs5auNENXrAjRjMxUesTJDSFnk2chdsve # WtOQ4+N/c0G7WdpI0RrJJ25K0NsVWNXdNegQ0SdmK6AkphLCaHOhgczWeCKk3ms1 # 2omIrm6SnoTwsPOLeXn/tdy0lBjf5mAcMmiyMYIZfDCCGXgCAQEwgZAweTELMAkG # A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx # HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEjMCEGA1UEAxMaTWljcm9z # b2Z0IFRlc3RpbmcgUENBIDIwMTACEzMAAAU46McKKNk3xKwAAQAABTgwDQYJYIZI # AWUDBAIBBQCggbAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGC # NwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIAy3NXLB2gs+k6J5 # ZE7dmFOwkFetogbFrfeE+gITFs9IMEQGCisGAQQBgjcCAQwxNjA0oBSAEgBNAGkA # YwByAG8AcwBvAGYAdKEcgBpodHRwczovL3d3dy5taWNyb3NvZnQuY29tIDANBgkq # hkiG9w0BAQEFAASCAQBfOlb1LclQ0+eGPGry8YAkIpzT6olKUVxKEkJoPOpUT7xN # OylDrSOQLOCbupZCSl90MzvWCABT1+Nh/ZUNAHds/yYv0aZPF1ekrgRwoGLGzB5M # rUcaezHuL09KxqYrXtVhMcQI8pShgwRSmkSRh5qZpdFMdmdZYzc9Y0lRIFi8uqvd # zl9AofwYRtNbo5iujsD8/LTsN3FipIGK6nBJwyYOCscr1/8gvJ38KS51VtL4MmyN # NV6bOSQoaf12S5V13djGOLa71zkQN5a/+yqHfWuHHOl03w+jcxPomczQunt4ILTq # 0SZidIVWZm9MhO47p1YWROFfrt+2rUMMU4wCXfFboYIXCTCCFwUGCisGAQQBgjcD # AwExghb1MIIW8QYJKoZIhvcNAQcCoIIW4jCCFt4CAQMxDzANBglghkgBZQMEAgEF # ADCCAVUGCyqGSIb3DQEJEAEEoIIBRASCAUAwggE8AgEBBgorBgEEAYRZCgMBMDEw # DQYJYIZIAWUDBAIBBQAEIMVjfcbbP9CNJiRHvh0+Klu0ywynng7fY890ap+Y2YWR # AgZjxosbmz0YEzIwMjMwMjA2MTM0MTQxLjUzMVowBIACAfSggdSkgdEwgc4xCzAJ # BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25k # MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKTAnBgNVBAsTIE1pY3Jv # c29mdCBPcGVyYXRpb25zIFB1ZXJ0byBSaWNvMSYwJAYDVQQLEx1UaGFsZXMgVFNT # IEVTTjpGNzdGLUUzNTYtNUJBRTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3Rh # bXAgU2VydmljZaCCEVwwggcQMIIE+KADAgECAhMzAAABqqUxmwvLsggOAAEAAAGq # MA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5n # dG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9y # YXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMB4X # DTIyMDMwMjE4NTEyNloXDTIzMDUxMTE4NTEyNlowgc4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKTAnBgNVBAsTIE1pY3Jvc29mdCBPcGVyYXRp # b25zIFB1ZXJ0byBSaWNvMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjpGNzdGLUUz # NTYtNUJBRTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZTCC # AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKBP7HK51bWHf+FDSh9O7Yyr # QtkNMvdHzHiazvOdI9POGjyJIYrs1WOMmSCp3o/mvsuPnFSP5c0dCeBuUq6u6J30 # M81ZaNOP/abZrTwYrYN+N5nStrOGdCtRBum76hy7Tr3AZDUArLwvhsGlXhLlDU1w # ioaxM+BVwCNI7LmTaYKqjm58hEgsYtKIHk59LzOnI4aenbPLBP/VYYjI6a4KIcun # 0EZErAukt5PC/mKUaOphUMGYm0PxfpY9BkG5sPfczFyIfA13LLRS4sGhbUrcM54E # vE2FlWBQaJo7frKW7CVjITLEX4E2lxwQG/MuZ+1wDYg9OOErT5h+6zecj67eenwx # eUoaOEbKtiUxaJUYnyQKxCWTkNdWRXTKSmIxx0tbsP5irWjqXvT6t/zeJKw05NY8 # hPT56vW20q0DYK2NteOCDD0UD6ZNAFLV87GOkl0eBqXcToFVdeJwwOTE6aA4RqYo # Nr2QUPBIU6JEiUGBs9c4qC5mBHTY46VaR/odaFDLcxQI4OPkn5al/IPsd8/raDmM # fKik66xcNh2qN4yytYM3uiDenX5qeFdx3pdi43pYAFN/S1/3VRNk+/GRVUUYWYBj # DZSqxslidE8hsxC7K8qLfmNoaQ2aAsu13h1faTMSZIEVxosz1b9yIeXmtM6NlrjV # 3etwS7JXYwGhHMdVYEL1AgMBAAGjggE2MIIBMjAdBgNVHQ4EFgQUP5oUvFOHLthf # d0Wz3hGtnQVGpJ4wHwYDVR0jBBgwFoAUn6cVXQBeYl2D9OXSZacbUzUZ6XIwXwYD # VR0fBFgwVjBUoFKgUIZOaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9j # cmwvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSkuY3JsMGwG # CCsGAQUFBwEBBGAwXjBcBggrBgEFBQcwAoZQaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENBJTIw # MjAxMCgxKS5jcnQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDCDAN # BgkqhkiG9w0BAQsFAAOCAgEA3wyATZBFEBogrcwHs4zI7qX2y0jbKCI6ZieGAIR9 # 6RiMrjZvWG39YPA/FL2vhGSCtO7ea3iBlwhhTyJEPexLugT4jB4W0rldOLP5bEc0 # zwxs9NtTFS8Ul2zbJ7jz5WxSnhSHsfaVFUp7S6B2a1bjKmWIo/Svd3W1V3mcIYzh # bpLIUVlP3CbTJEE+cC3hX+JggnSYRETyo+mI7Hz/KMWFaRWBUYI4g0BrwiV2lYqK # yekjNp6rj7b8l6OhbgX/JP0bzNxv6io0Y4iNlIzz/PdIh/E2pj3pXPiQJPRlEkMk # sRecE8VnFyqhR4fb/F6c5ywY4+mEpshIAg2YUXswFqqbK9Fv+U8YYclYPvhK/wRZ # s+/5auK4FM+QTjywj0C5rmr8MziqmUGgAuwZQYyHRCopnVdlaO/xxSZCfaZR7w7B # 3OBEl8j+Voofs1Kfq9AmmQAWZOjt4DnNk5NnxThPvjQVuOU/y+HTErwqD/wKRCl0 # AJ3UPTJ8PPYp+jbEXkKmoFhU4JGer5eaj22nX19pujNZKqqart4yLjNUOkqWjVk4 # KHpdYRGcJMVXkKkQAiljUn9cHRwNuPz/Tu7YmfgRXWN4HvCcT2m1QADinOZPsO5v # 5j/bExw0WmFrW2CtDEApnClmiAKchFr0xSKE5ET+AyubLapejENr9vt7QXNq6aP1 # XWcwggdxMIIFWaADAgECAhMzAAAAFcXna54Cm0mZAAAAAAAVMA0GCSqGSIb3DQEB # CwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTIwMAYD # VQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxMDAe # Fw0yMTA5MzAxODIyMjVaFw0zMDA5MzAxODMyMjVaMHwxCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0 # YW1wIFBDQSAyMDEwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5OGm # TOe0ciELeaLL1yR5vQ7VgtP97pwHB9KpbE51yMo1V/YBf2xK4OK9uT4XYDP/XE/H # ZveVU3Fa4n5KWv64NmeFRiMMtY0Tz3cywBAY6GB9alKDRLemjkZrBxTzxXb1hlDc # wUTIcVxRMTegCjhuje3XD9gmU3w5YQJ6xKr9cmmvHaus9ja+NSZk2pg7uhp7M62A # W36MEBydUv626GIl3GoPz130/o5Tz9bshVZN7928jaTjkY+yOSxRnOlwaQ3KNi1w # jjHINSi947SHJMPgyY9+tVSP3PoFVZhtaDuaRr3tpK56KTesy+uDRedGbsoy1cCG # MFxPLOJiss254o2I5JasAUq7vnGpF1tnYN74kpEeHT39IM9zfUGaRnXNxF803RKJ # 1v2lIH1+/NmeRd+2ci/bfV+AutuqfjbsNkz2K26oElHovwUDo9Fzpk03dJQcNIIP # 8BDyt0cY7afomXw/TNuvXsLz1dhzPUNOwTM5TI4CvEJoLhDqhFFG4tG9ahhaYQFz # ymeiXtcodgLiMxhy16cg8ML6EgrXY28MyTZki1ugpoMhXV8wdJGUlNi5UPkLiWHz # NgY1GIRH29wb0f2y1BzFa/ZcUlFdEtsluq9QBXpsxREdcu+N+VLEhReTwDwV2xo3 # xwgVGD94q0W29R6HXtqPnhZyacaue7e3PmriLq0CAwEAAaOCAd0wggHZMBIGCSsG # AQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUCBBYEFCqnUv5kxJq+gpE8RjUpzxD/ # LwTuMB0GA1UdDgQWBBSfpxVdAF5iXYP05dJlpxtTNRnpcjBcBgNVHSAEVTBTMFEG # DCsGAQQBgjdMg30BATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29m # dC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9yeS5odG0wEwYDVR0lBAwwCgYIKwYB # BQUHAwgwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMA8G # A1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU1fZWy4/oolxiaNE9lJBb186aGMQw # VgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9j # cmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3JsMFoGCCsGAQUF # BwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3Br # aS9jZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcnQwDQYJKoZIhvcNAQEL # BQADggIBAJ1VffwqreEsH2cBMSRb4Z5yS/ypb+pcFLY+TkdkeLEGk5c9MTO1OdfC # cTY/2mRsfNB1OW27DzHkwo/7bNGhlBgi7ulmZzpTTd2YurYeeNg2LpypglYAA7AF # vonoaeC6Ce5732pvvinLbtg/SHUB2RjebYIM9W0jVOR4U3UkV7ndn/OOPcbzaN9l # 9qRWqveVtihVJ9AkvUCgvxm2EhIRXT0n4ECWOKz3+SmJw7wXsFSFQrP8DJ6LGYnn # 8AtqgcKBGUIZUnWKNsIdw2FzLixre24/LAl4FOmRsqlb30mjdAy87JGA0j3mSj5m # O0+7hvoyGtmW9I/2kQH2zsZ0/fZMcm8Qq3UwxTSwethQ/gpY3UA8x1RtnWN0SCyx # TkctwRQEcb9k+SS+c23Kjgm9swFXSVRk2XPXfx5bRAGOWhmRaw2fpCjcZxkoJLo4 # S5pu+yFUa2pFEUep8beuyOiJXk+d0tBMdrVXVAmxaQFEfnyhYWxz/gq77EFmPWn9 # y8FBSX5+k77L+DvktxW/tM4+pTFRhLy/AsGConsXHRWJjXD+57XQKBqJC4822rpM # +Zv/Cuk0+CQ1ZyvgDbjmjJnW4SLq8CdCPSWU5nR0W2rRnj7tfqAxM328y+l7vzhw # RNGQ8cirOoo6CGJ/2XBjU02N7oJtpQUQwXEGahC0HVUzWLOhcGbyoYICzzCCAjgC # AQEwgfyhgdSkgdEwgc4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u # MRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRp # b24xKTAnBgNVBAsTIE1pY3Jvc29mdCBPcGVyYXRpb25zIFB1ZXJ0byBSaWNvMSYw # JAYDVQQLEx1UaGFsZXMgVFNTIEVTTjpGNzdGLUUzNTYtNUJBRTElMCMGA1UEAxMc # TWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZaIjCgEBMAcGBSsOAwIaAxUA4G0m # 0J4eAlljcP/jvOv9/pm/68aggYMwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UE # CBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9z # b2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQ # Q0EgMjAxMDANBgkqhkiG9w0BAQUFAAIFAOeLZzMwIhgPMjAyMzAyMDYxNTQ2NTla # GA8yMDIzMDIwNzE1NDY1OVowdDA6BgorBgEEAYRZCgQBMSwwKjAKAgUA54tnMwIB # ADAHAgEAAgIIiDAHAgEAAgISwzAKAgUA54y4swIBADA2BgorBgEEAYRZCgQCMSgw # JjAMBgorBgEEAYRZCgMCoAowCAIBAAIDB6EgoQowCAIBAAIDAYagMA0GCSqGSIb3 # DQEBBQUAA4GBADONSp8mPnOL01CHRA+49E7rSISQ+Dh0HkSDBUf2Io72ajzHtjWV # QUpLMTD9I7u8DxkApLXWdMecsYYKpEikt3hXkPBezUeD3cJCuetQi12waG2ZFF63 # pyfEdUdy30GOcjk+WC9xSmwb0ZKdtixeuZBzRNiyUzfS9FVIbyzjEc3xMYIEDTCC # BAkCAQEwgZMwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAO # BgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEm # MCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTACEzMAAAGqpTGb # C8uyCA4AAQAAAaowDQYJYIZIAWUDBAIBBQCgggFKMBoGCSqGSIb3DQEJAzENBgsq # hkiG9w0BCRABBDAvBgkqhkiG9w0BCQQxIgQgZ2jUrl27AZFyEt9cmcCFIPKY8RBs # bsewOk7JZrwat9AwgfoGCyqGSIb3DQEJEAIvMYHqMIHnMIHkMIG9BCBWtQJDHFq8 # EeBz3TXugCqRhSI/JCZbATYEIwTG8bMewDCBmDCBgKR+MHwxCzAJBgNVBAYTAlVT # MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQK # ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1l # LVN0YW1wIFBDQSAyMDEwAhMzAAABqqUxmwvLsggOAAEAAAGqMCIEILQWSYnCu+yg # XMe0l61H0il1onsjKk2uf405TNZZkSloMA0GCSqGSIb3DQEBCwUABIICAAnU7War # GCngAS60WvR8Jq7W/FFJwyk4iCZT6LRKvTzK1iJ0NwEnmgfnmd8t811PmmU57sRN # SGwj4FLra+RE52rc/9o8eH1YvZzDAnkH3Fq+Pec2iavTqkDAEcEzh0LKkmmcQ5Ka # K0fnnhHHx2JeXZADNpaxrFLwBm9ynHde95KYoW9AGQRCy3rW4WEI7Us1MQxAyBi5 # JIhPcM8JO53X6zF8m37+lOojurni9wIJpzKvTMK+MWGMgrsXrbQJUuG1S79DZYqE # m77gxbCF+zCXAv2FnW8oXBsClEXkQkmO9RBMWAycJFSydhwoxPFdiUvrqsfz6PN3 # PErab2zVVu18MYaUVNySP1IBMu9jIbxE5oe8wHSmczlTm0wvcFYECD5mYNjrK+2v # gy4ZTOezXNS3tszF2SMjqPH9mjjYqqdNriGc8WP+IAoUuMhXOwzvF6VgbNyNH7qb # rzqVheHwezuFBJJT4JwoURob3TEWvnUE/Fktfqo+AVKWlfp8cr8/uV8CXw5Rfjdi # mtiHWgnplR5fo8DeGGem+43OIl8cLQ/fEfUf33oK3MGCVmdrtB32eoEYursE3FTV # +A+4iVrAHeZT9mmPkDq+RQC03UX/3WuQK5hbD1F4lgBFus3kXGvXDj/rJbMLiFC3 # u7QpqfE6ovbvC00eomzPl887Vj0Y1HjAxx/3 # SIG # End signature block |