Microsoft.Entra.Beta.Reports.psm1
|
# ------------------------------------------------------------------------------ # Copyright (c) Microsoft Corporation. All Rights Reserved. # Licensed under the MIT License. See License in the project root for license information. # ------------------------------------------------------------------------------ Set-StrictMode -Version 5 function Get-EntraBetaApplicationSignInDetailedSummary { [CmdletBinding(DefaultParameterSetName = '')] param ( [Parameter(ParameterSetName = "GetQuery", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $Filter, [Parameter(ParameterSetName = "GetQuery", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [Alias("Limit")] [System.Nullable`1[System.Int32]] $Top, [Parameter(Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true)] [Alias("Select")] [System.String[]] $Property ) PROCESS { $params = @{} $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand if ($PSBoundParameters.ContainsKey("Top")) { $params["Top"] = $PSBoundParameters["Top"] } if ($null -ne $PSBoundParameters["Filter"]) { $params["Filter"] = $PSBoundParameters["Filter"] } if ($PSBoundParameters.ContainsKey("Verbose")) { $params["Verbose"] = $PSBoundParameters["Verbose"] } if ($PSBoundParameters.ContainsKey("Debug")) { $params["Debug"] = $PSBoundParameters["Debug"] } if ($null -ne $PSBoundParameters["WarningVariable"]) { $params["WarningVariable"] = $PSBoundParameters["WarningVariable"] } if ($null -ne $PSBoundParameters["InformationVariable"]) { $params["InformationVariable"] = $PSBoundParameters["InformationVariable"] } if ($null -ne $PSBoundParameters["InformationAction"]) { $params["InformationAction"] = $PSBoundParameters["InformationAction"] } if ($null -ne $PSBoundParameters["OutVariable"]) { $params["OutVariable"] = $PSBoundParameters["OutVariable"] } if ($null -ne $PSBoundParameters["OutBuffer"]) { $params["OutBuffer"] = $PSBoundParameters["OutBuffer"] } if ($null -ne $PSBoundParameters["ErrorVariable"]) { $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"] } if ($null -ne $PSBoundParameters["PipelineVariable"]) { $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"] } if ($null -ne $PSBoundParameters["ErrorAction"]) { $params["ErrorAction"] = $PSBoundParameters["ErrorAction"] } if ($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug Write-Debug("========================================================================= ") $response = Get-MgBetaReportApplicationSignInDetailedSummary @params -Headers $customHeaders $response | ForEach-Object { if ($null -ne $_) { $value = $_.Status | ConvertTo-Json | ConvertFrom-Json $_ | Add-Member -MemberType NoteProperty -Name Status -Value ($value) -Force } } $response } } function Get-EntraBetaApplicationSignInSummary { [CmdletBinding(DefaultParameterSetName = '')] param ( [Parameter(ParameterSetName = "GetQuery", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $Filter, [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.Nullable`1[System.Int32]] $Days, [Parameter(ParameterSetName = "GetQuery", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [Alias("Limit")] [System.Nullable`1[System.Int32]] $Top ) PROCESS { $params = @{} $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand $filterApplied = $null $topCount = $null if ($null -ne $PSBoundParameters["Days"]) { $params["Days"] = $PSBoundParameters["Days"] } if ($null -ne $PSBoundParameters["Filter"]) { $params["Filter"] = $PSBoundParameters["Filter"] $filterApplied = '?$filter=' + $params["Filter"] } if ($PSBoundParameters.ContainsKey("Top")) { $params["Top"] = $PSBoundParameters["Top"] $topCount = '?$top=' + $params["Top"] } $Method = "GET" Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug Write-Debug("=========================================================================`n") $URI = "https://graph.microsoft.com/beta/reports/getAzureADApplicationSignInSummary(period='D{0}'){1}{2}" -f $Days, $filterApplied, $topCount $response = (Invoke-GraphRequest -Headers $customHeaders -Uri $uri -Method $Method | ConvertTo-Json | ConvertFrom-Json).value $data = $response | ConvertTo-Json -Depth 10 | ConvertFrom-Json $targetList = @() foreach ($res in $data) { $targetType = New-Object Microsoft.Graph.Beta.PowerShell.Models.MicrosoftGraphApplicationSignInSummary $res.PSObject.Properties | ForEach-Object { $propertyName = $_.Name.Substring(0, 1).ToUpper() + $_.Name.Substring(1) $propertyValue = $_.Value $targetType | Add-Member -MemberType NoteProperty -Name $propertyName -Value $propertyValue -Force } $targetList += $targetType } $targetList } } function Get-EntraBetaAuditDirectoryLog { [CmdletBinding(DefaultParameterSetName = 'GetQuery')] param ( [Parameter(ParameterSetName = "GetQuery", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $Filter, [Parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [switch] $All, [Parameter(ParameterSetName = "GetQuery", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [Alias("Limit")] [System.Nullable`1[System.Int32]] $Top, [Parameter(Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true)] [Alias("Select")] [System.String[]] $Property ) PROCESS { $params = @{} $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand $keysChanged = @{} if ($null -ne $PSBoundParameters["Filter"]) { $TmpValue = $PSBoundParameters["Filter"] foreach ($i in $keysChanged.GetEnumerator()) { $TmpValue = $TmpValue.Replace($i.Key, $i.Value) } $Value = $TmpValue $params["Filter"] = $Value } if ($PSBoundParameters.ContainsKey("Top")) { $params["Top"] = $PSBoundParameters["Top"] } if ($PSBoundParameters.ContainsKey("Verbose")) { $params["Verbose"] = $PSBoundParameters["Verbose"] } if ($null -ne $PSBoundParameters["All"]) { if ($PSBoundParameters["All"]) { $params["All"] = $PSBoundParameters["All"] } } if ($PSBoundParameters.ContainsKey("Debug")) { $params["Debug"] = $PSBoundParameters["Debug"] } if ($null -ne $PSBoundParameters["WarningVariable"]) { $params["WarningVariable"] = $PSBoundParameters["WarningVariable"] } if ($null -ne $PSBoundParameters["InformationVariable"]) { $params["InformationVariable"] = $PSBoundParameters["InformationVariable"] } if ($null -ne $PSBoundParameters["InformationAction"]) { $params["InformationAction"] = $PSBoundParameters["InformationAction"] } if ($null -ne $PSBoundParameters["OutVariable"]) { $params["OutVariable"] = $PSBoundParameters["OutVariable"] } if ($null -ne $PSBoundParameters["OutBuffer"]) { $params["OutBuffer"] = $PSBoundParameters["OutBuffer"] } if ($null -ne $PSBoundParameters["ErrorVariable"]) { $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"] } if ($null -ne $PSBoundParameters["PipelineVariable"]) { $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"] } if ($null -ne $PSBoundParameters["ErrorAction"]) { $params["ErrorAction"] = $PSBoundParameters["ErrorAction"] } if ($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } if ($null -ne $PSBoundParameters["Property"]) { $params["Property"] = $PSBoundParameters["Property"] } Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug Write-Debug("========================================================================= ") $response = Get-MgBetaAuditLogDirectoryAudit @params -Headers $customHeaders $response | ForEach-Object { if ($null -ne $_) { $propsToConvert = @('InitiatedBy', 'TargetResources', 'AdditionalDetails') foreach ($prop in $propsToConvert) { $value = $_.$prop | ConvertTo-Json -Depth 10 | ConvertFrom-Json $_ | Add-Member -MemberType NoteProperty -Name $prop -Value ($value) -Force } } } $response } } function Get-EntraBetaAuditSignInLog { [CmdletBinding(DefaultParameterSetName = 'GetQuery')] param ( [Parameter(ParameterSetName = "GetQuery", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $Filter, [Parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [switch] $All, [Parameter(ParameterSetName = "GetQuery", ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [Alias("Limit")] [System.Nullable`1[System.Int32]] $Top, [Parameter(Mandatory = $false, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true)] [Alias("Select")] [System.String[]] $Property ) PROCESS { $params = @{} $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand $keysChanged = @{} if ($null -ne $PSBoundParameters["Filter"]) { $TmpValue = $PSBoundParameters["Filter"] foreach ($i in $keysChanged.GetEnumerator()) { $TmpValue = $TmpValue.Replace($i.Key, $i.Value) } $Value = $TmpValue $params["Filter"] = $Value } if ($PSBoundParameters.ContainsKey("Top")) { $params["Top"] = $PSBoundParameters["Top"] } if ($PSBoundParameters.ContainsKey("Verbose")) { $params["Verbose"] = $PSBoundParameters["Verbose"] } if ($null -ne $PSBoundParameters["All"]) { if ($PSBoundParameters["All"]) { $params["All"] = $PSBoundParameters["All"] } } if ($PSBoundParameters.ContainsKey("Debug")) { $params["Debug"] = $PSBoundParameters["Debug"] } if ($null -ne $PSBoundParameters["WarningVariable"]) { $params["WarningVariable"] = $PSBoundParameters["WarningVariable"] } if ($null -ne $PSBoundParameters["InformationVariable"]) { $params["InformationVariable"] = $PSBoundParameters["InformationVariable"] } if ($null -ne $PSBoundParameters["InformationAction"]) { $params["InformationAction"] = $PSBoundParameters["InformationAction"] } if ($null -ne $PSBoundParameters["OutVariable"]) { $params["OutVariable"] = $PSBoundParameters["OutVariable"] } if ($null -ne $PSBoundParameters["OutBuffer"]) { $params["OutBuffer"] = $PSBoundParameters["OutBuffer"] } if ($null -ne $PSBoundParameters["ErrorVariable"]) { $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"] } if ($null -ne $PSBoundParameters["PipelineVariable"]) { $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"] } if ($null -ne $PSBoundParameters["ErrorAction"]) { $params["ErrorAction"] = $PSBoundParameters["ErrorAction"] } if ($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } if ($null -ne $PSBoundParameters["Property"]) { $params["Property"] = $PSBoundParameters["Property"] } Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug Write-Debug("========================================================================= ") $response = Get-MgBetaAuditLogSignIn @params -Headers $customHeaders $response | ForEach-Object { if ($null -ne $_) { $_ | Add-Member -MemberType AliasProperty -Name RiskEventTypes -Value RiskEventTypesV2 -Force $propsToConvert = @('MfaDetail', 'AppliedConditionalAccessPolicies', 'NetworkLocationDetails', 'Location', 'DeviceDetail', 'Status', 'AuthenticationProcessingDetails') foreach ($prop in $propsToConvert) { $value = $_.$prop | ConvertTo-Json -Depth 10 | ConvertFrom-Json $_ | Add-Member -MemberType NoteProperty -Name $prop -Value ($value) -Force } } } $response } } function Get-EntraBetaCrossTenantAccessActivity { [CmdletBinding(DefaultParameterSetName = 'GetQuery')] param( [Parameter(ParameterSetName = "GetQuery", HelpMessage = "Specify the access direction: 'Inbound' for external users accessing your tenant, or 'Outbound' for your users accessing external tenants.")] [ValidateSet('Inbound', 'Outbound')] [string]$AccessDirection, [Parameter(ParameterSetName = "GetQuery", HelpMessage = "Specify the external tenant ID (GUID) to filter sign-ins by a specific external tenant.")] [ValidatePattern('^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$')] [guid]$ExternalTenantId, [Parameter(ParameterSetName = "GetQuery",HelpMessage = "Include summary statistics for sign-ins.")] [switch]$SummaryStats, [Parameter(ParameterSetName = "GetQuery",HelpMessage = "Resolve and display tenant details based on the provided tenant ID.")] [switch]$ResolveTenantId ) begin { $currentTenantId = (Get-EntraContext).TenantId #External Tenant ID check if ($ExternalTenantId) { Write-Verbose -Message "$(Get-Date -f T) - Checking supplied external tenant ID - $ExternalTenantId..." if ($ExternalTenantId -eq $currentTenantId) { Write-Error "$(Get-Date -f T) - Supplied external tenant ID ($ExternalTenantId) cannot match connected tenant ID ($currentTenantId))" -ErrorAction Stop } else { Write-Verbose -Message "$(Get-Date -f T) - Supplied external tenant ID OK" } } } process { $customHeaders = New-EntraBetaCustomHeaders -Command $MyInvocation.MyCommand $baseUri = "https://graph.microsoft.com/beta/auditLogs/signIns" $firstExecution=$true function Get-SignIns { param ( [string]$Filter ) $signIns = @() $uri = "$baseUri" + "?" + "`$filter=$Filter" try { do { # If it's the first time we are calling Invoke-GraphRequest, pass customHeaders if($firstExecution){ $response = Invoke-GraphRequest -Method GET -Uri $uri -Headers $customHeaders $firstExecution=$false }else{ # No need to pass customHeaders $response = Invoke-GraphRequest -Method GET -Uri $uri } if ($response -and $response.value) { $SignIns += $response.value } $uri = $response.'@odata.nextLink' # Get next page if available } while ($uri) # Group results by ResourceTenantID return $signIns } catch { return @() } } #Get filtered sign-in logs and handle parameters if ($AccessDirection -eq "Outbound") { try { if ($ExternalTenantId) { Write-Verbose -Message "$(Get-Date -f T) - Access direction 'Outbound' selected" Write-Verbose -Message "$(Get-Date -f T) - Outbound: getting sign-ins for local users accessing external tenant ID - $ExternalTenantId" $signIns = Get-SignIns -Filter "CrossTenantAccessType ne 'none' and ResourceTenantId eq '$ExternalTenantId'" } else { Write-Verbose -Message "$(Get-Date -f T) - Access direction 'Outbound' selected" Write-Verbose -Message "$(Get-Date -f T) - Outbound: getting external tenant IDs accessed by local users" $signIns = Get-SignIns -Filter "CrossTenantAccessType ne 'none' and ResourceTenantId ne '$currentTenantId'" } } catch { $_.Exception | ForEach-Object { $_ | Format-List * } } } elseif ($AccessDirection -eq 'Inbound') { try { if ($ExternalTenantId) { Write-Verbose -Message "$(Get-Date -f T) - Access direction 'Inbound' selected" Write-Verbose -Message "$(Get-Date -f T) - Inbound: getting sign-ins for users accessing local tenant from external tenant ID - $ExternalTenantId" $signIns = Get-SignIns -Filter "CrossTenantAccessType ne 'none' and HomeTenantId ne '$ExternalTenantId' and TokenIssuerType eq 'AzureAD'" | Group-Object HomeTenantID } else { Write-Verbose -Message "$(Get-Date -f T) - Access direction 'Inbound' selected" Write-Verbose -Message "$(Get-Date -f T) - Inbound: getting external tenant IDs for external users accessing local tenant" $signIns = Get-SignIns -Filter "CrossTenantAccessType ne 'none' and HomeTenantId ne '$currentTenantId' and TokenIssuerType eq 'AzureAD'" | Group-Object HomeTenantID } } catch { $_.Exception | ForEach-Object { $_ | Format-List * } } } else { $inBound = @() $outBound = $() if ($ExternalTenantId) { try { Write-Verbose -Message "$(Get-Date -f T) - Default access direction 'Both'" Write-Verbose -Message "$(Get-Date -f T) - Outbound: getting sign-ins for local users accessing external tenant ID - $ExternalTenantId" $outBound = Get-SignIns -Filter "CrossTenantAccessType ne 'none' and ResourceTenantId ne '$ExternalTenantId'" | Group-Object ResourceTenantID Write-Verbose -Message "$(Get-Date -f T) - Inbound: getting sign-ins for users accessing local tenant from external tenant ID - $ExternalTenantId" $inBound = Get-SignIns -Filter "CrossTenantAccessType ne 'none' and HomeTenantId ne '$ExternalTenantId' and TokenIssuerType eq 'AzureAD'" | Group-Object HomeTenantID } catch { $_.Exception | ForEach-Object { $_ | Format-List * } } } else { Write-Verbose -Message "$(Get-Date -f T) - Default access direction 'Both'" Write-Verbose -Message "$(Get-Date -f T) - Outbound: getting external tenant IDs accessed by local users" try { $outBound = Get-SignIns -Filter "CrossTenantAccessType ne 'none' and ResourceTenantId ne '$currentTenantId'" | Group-Object ResourceTenantID Write-Verbose -Message "$(Get-Date -f T) - Inbound: getting external tenant IDs for external users accessing local tenant" $inBound = Get-SignIns -Filter "CrossTenantAccessType ne 'none' and HomeTenantId ne '$currentTenantId' and TokenIssuerType eq 'AzureAD'" | Group-Object HomeTenantID } catch { $_.Exception | ForEach-Object { $_ | Format-List * } } } #Combine outbound and inbound results [array]$signIns = $outBound $signIns += $inBound } #Analyse sign-in logs Write-Verbose -Message "$(Get-Date -f T) - Checking for sign-ins..." if ($signIns) { Write-Verbose -Message "$(Get-Date -f T) - Sign-ins obtained" Write-Verbose -Message "$(Get-Date -f T) - Iterating Sign-ins..." foreach ($tenantId in $signIns) { #Handle resolving tenant ID if ($ResolveTenantId) { Write-Verbose -Message "$(Get-Date -f T) - Attempting to resolve external tenant - $($tenantId.Name)" #Nullify $ResolvedTenant value $resolvedTenant = $null #Attempt to resolve tenant ID try { $resolvedTenant = Resolve-EntraBetaTenant -TenantId $tenantId.Name -ErrorAction Stop } catch { Write-Warning $_.Exception.Message; Write-Verbose -Message "$(Get-Date -f T) - Issue resolving external tenant - $($tenantId.Name)" } if ($resolvedTenant) { if ($resolvedTenant.Result -eq 'Resolved') { $externalTenantName = $resolvedTenant.DisplayName $defaultDomainName = $resolvedTenant.DefaultDomainName } else { $externalTenantName = $resolvedTenant.Result $defaultDomainName = $resolvedTenant.Result } if ($resolvedTenant.oidcMetadataResult -eq 'Resolved') { $oidcMetadataTenantRegionScope = $resolvedTenant.oidcMetadataTenantRegionScope } else { $oidcMetadataTenantRegionScope = 'NotFound' } } else { $externalTenantName = "NotFound" $defaultDomainName = "NotFound" $oidcMetadataTenantRegionScope = 'NotFound' } } #Handle access direction if (($AccessDirection -eq 'Inbound') -or ($AccessDirection -eq 'Outbound')) { $direction = $AccessDirection } else { if ($tenantID.Name -eq $tenantID.Group[0].HomeTenantId) { $direction = "Inbound" } elseif ($tenantID.Name -eq $tenantID.Group[0].ResourceTenantId) { $direction = "Outbound" } } #Provide summary $totalAnalysis = $() if ($SummaryStats) { Write-Verbose -Message "$(Get-Date -f T) - Creating summary stats for external tenant - $($tenantId.Name)" #Handle resolving tenant ID if ($ResolveTenantId) { $analysis = [PSCustomObject]@{ ExternalTenantId = $tenantId.Name ExternalTenantName = $externalTenantName ExternalTenantRegionScope = $oidcMetadataTenantRegionScope AccessDirection = $direction SignIns = ($tenantId).count SuccessSignIns = ($tenantID.Group.Status | Where-Object { $_.ErrorCode -eq 0 } | Measure-Object).count FailedSignIns = ($tenantID.Group.Status | Where-Object { $_.ErrorCode -ne 0 } | Measure-Object).count UniqueUsers = ($tenantID.Group | Select-Object UserId -Unique | Measure-Object).count UniqueResources = ($tenantID.Group | Select-Object ResourceId -Unique | Measure-Object).count } } else { #Build custom output object $analysis = [PSCustomObject]@{ ExternalTenantId = $tenantId.Name AccessDirection = $direction SignIns = ($tenantId).count SuccessSignIns = ($tenantID.Group.Status | Where-Object { $_.ErrorCode -eq 0 } | Measure-Object).count FailedSignIns = ($tenantID.Group.Status | Where-Object { $_.ErrorCode -ne 0 } | Measure-Object).count UniqueUsers = ($tenantID.Group | Select-Object UserId -Unique | Measure-Object).count UniqueResources = ($tenantID.Group | Select-Object ResourceId -Unique | Measure-Object).count } } Write-Verbose -Message "$(Get-Date -f T) - Adding stats for $($tenantId.Name) to total analysis object" [array]$totalAnalysis += $analysis } else { #Get individual events by external tenant Write-Verbose -Message "$(Get-Date -f T) - Getting individual sign-in events for external tenant - $($TenantId.Name)" foreach ($event in $tenantID.group) { if ($ResolveTenantId) { $customEvent = [PSCustomObject]@{ ExternalTenantId = $tenantId.Name ExternalTenantName = $externalTenantName ExternalDefaultDomain = $defaultDomainName ExternalTenantRegionScope = $oidcMetadataTenantRegionScope AccessDirection = $direction UserDisplayName = $event.UserDisplayName UserPrincipalName = $event.UserPrincipalName UserId = $event.UserId UserType = $event.UserType CrossTenantAccessType = $event.CrossTenantAccessType AppDisplayName = $event.AppDisplayName AppId = $event.AppId ResourceDisplayName = $event.ResourceDisplayName ResourceId = $event.ResourceId SignInId = $event.Id CreatedDateTime = $event.CreatedDateTime StatusCode = $event.Status.Errorcode StatusReason = $event.Status.FailureReason } $customEvent } else { $customEvent = [PSCustomObject]@{ ExternalTenantId = $tenantId.Name AccessDirection = $direction UserDisplayName = $event.UserDisplayName UserPrincipalName = $event.UserPrincipalName UserId = $event.UserId UserType = $event.UserType CrossTenantAccessType = $event.CrossTenantAccessType AppDisplayName = $event.AppDisplayName AppId = $event.AppId ResourceDisplayName = $event.ResourceDisplayName ResourceId = $event.ResourceId SignInId = $event.Id CreatedDateTime = $event.CreatedDateTime StatusCode = $event.Status.Errorcode StatusReason = $event.Status.FailureReason } $customEvent } } } } } else { Write-Warning "$(Get-Date -f T) - No sign-ins matching the selected criteria found." } #Display summary table if ($SummaryStats) { #Show array of summary objects for each external tenant Write-Verbose -Message "$(Get-Date -f T) - Displaying total analysis object" if (!$AccessDirection) { $totalAnalysis | Sort-Object ExternalTenantId } else { $totalAnalysis | Sort-Object SignIns -Descending } } } } function New-EntraBetaCustomHeaders { <# .SYNOPSIS Creates a custom header for use in telemetry. .DESCRIPTION The custom header created is a User-Agent with header value "<PowerShell version> EntraPowershell/<EntraPowershell version> <Entra PowerShell command>" .EXAMPLE New-EntraBetaCustomHeaders -Command Get-EntraUser #> [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string] $Command ) $psVersion = $global:PSVersionTable.PSVersion $entraVersion = $ExecutionContext.SessionState.Module.Version.ToString() $userAgentHeaderValue = "PowerShell/$psVersion EntraPowershell/$entraVersion $Command" $customHeaders = New-Object 'system.collections.generic.dictionary[string,string]' $customHeaders["User-Agent"] = $userAgentHeaderValue $customHeaders }# ------------------------------------------------------------------------------ Export-ModuleMember -Function @('Get-EntraBetaApplicationSignInDetailedSummary', 'Get-EntraBetaApplicationSignInSummary', 'Get-EntraBetaAuditDirectoryLog', 'Get-EntraBetaAuditSignInLog', 'Get-EntraBetaCrossTenantAccessActivity', 'New-EntraBetaCustomHeaders') # Typedefs # ------------------------------------------------------------------------------ # Type definitions required for commands inputs # ------------------------------------------------------------------------------ $def = @" namespace Microsoft.Open.AzureAD.Graph.PowerShell.Custom { using System.Linq; public enum KeyType{ Symmetric = 0, AsymmetricX509Cert = 1, } public enum KeyUsage{ Sign = 0, Verify = 1, Decrypt = 2, Encrypt = 3, } } namespace Microsoft.Open.AzureAD.Model { using System.Linq; public class AlternativeSecurityId { public System.String IdentityProvider; public System.Byte[] Key; public System.Nullable<System.Int32> Type; } public class AppRole { public System.Collections.Generic.List<System.String> AllowedMemberTypes; public System.String Description; public System.String DisplayName; public System.String Id; public System.Nullable<System.Boolean> IsEnabled; public System.String Origin; public System.String Value; } public class AssignedLicense { public System.Collections.Generic.List<System.String> DisabledPlans; public System.String SkuId; } public class AssignedLicenses { public System.Collections.Generic.List<Microsoft.Open.AzureAD.Model.AssignedLicense> AddLicenses; public System.Collections.Generic.List<System.String> RemoveLicenses; } public class CertificateAuthorityInformation { public enum AuthorityTypeEnum{ RootAuthority = 0, IntermediateAuthority = 1, } public System.Nullable<AuthorityTypeEnum> AuthorityType; public System.String CrlDistributionPoint; public System.String DeltaCrlDistributionPoint; public System.Byte[] TrustedCertificate; public System.String TrustedIssuer; public System.String TrustedIssuerSki; } public class CrossCloudVerificationCodeBody { public System.String CrossCloudVerificationCode; public CrossCloudVerificationCodeBody() { } public CrossCloudVerificationCodeBody(System.String value) { CrossCloudVerificationCode = value; } } public class GroupIdsForMembershipCheck { public System.Collections.Generic.List<System.String> GroupIds; public GroupIdsForMembershipCheck() { } public GroupIdsForMembershipCheck(System.Collections.Generic.List<System.String> value) { GroupIds = value; } } public class KeyCredential { public System.Byte[] CustomKeyIdentifier; public System.Nullable<System.DateTime> EndDate; public System.String KeyId; public System.Nullable<System.DateTime> StartDate; public System.String Type; public System.String Usage; public System.Byte[] Value; } public class PasswordCredential { public System.Byte[] CustomKeyIdentifier; public System.Nullable<System.DateTime> EndDate; public System.String KeyId; public System.Nullable<System.DateTime> StartDate; public System.String Value; } public class PasswordProfile { public System.String Password; public System.Nullable<System.Boolean> ForceChangePasswordNextLogin; public System.Nullable<System.Boolean> EnforceChangePasswordPolicy; } public class PrivacyProfile { public System.String ContactEmail; public System.String StatementUrl; } public class RoleMemberInfo { public System.String DisplayName; public System.String ObjectId; public System.String UserPrincipalName; } public class SignInName { public System.String Type; public System.String Value; } } namespace Microsoft.Open.MSGraph.Model { using System.Linq; public class MsRoleMemberInfo{ public System.String Id; } public class AddIn { public System.String Id; public System.String Type; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.KeyValue> Properties; } public class ApiApplication { public System.Nullable<System.Int32> RequestedAccessTokenVersion; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.PermissionScope> Oauth2PermissionScopes; } public class ApplicationTemplateDisplayName { public System.String DisplayName; public ApplicationTemplateDisplayName() { } public ApplicationTemplateDisplayName(System.String value) { DisplayName = value; } } public class AppRole { public System.Collections.Generic.List<System.String> AllowedMemberTypes; public System.String Description; public System.String DisplayName; public System.String Id; public System.Nullable<System.Boolean> IsEnabled; public System.String Value; } public class AssignedLabel { public System.String LabelId; public System.String DisplayName; } public class AzureADMSPrivilegedRuleSetting { public System.String RuleIdentifier; public System.String Setting; } public class AzureADMSPrivilegedSchedule { public System.Nullable<System.DateTime> StartDateTime; public System.Nullable<System.DateTime> EndDateTime; public System.String Type; public System.String Duration; } public class ConditionalAccessApplicationCondition { public System.Collections.Generic.List<System.String> IncludeApplications; public System.Collections.Generic.List<System.String> ExcludeApplications; public System.Collections.Generic.List<System.String> IncludeUserActions; public System.Collections.Generic.List<System.String> IncludeAuthenticationContextClassReferences; } public class ConditionalAccessApplicationEnforcedRestrictions { public System.Nullable<System.Boolean> IsEnabled; public ConditionalAccessApplicationEnforcedRestrictions() { } public ConditionalAccessApplicationEnforcedRestrictions(System.Nullable<System.Boolean> value) { IsEnabled = value; } } public class ConditionalAccessCloudAppSecurity { public enum CloudAppSecurityTypeEnum{ McasConfigured = 0, MonitorOnly = 1, BlockDownloads = 2, } public System.Nullable<CloudAppSecurityTypeEnum> CloudAppSecurityType; public System.Nullable<System.Boolean> IsEnabled; } public class ConditionalAccessConditionSet { public Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition Applications; public Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition Users; public Microsoft.Open.MSGraph.Model.ConditionalAccessPlatformCondition Platforms; public Microsoft.Open.MSGraph.Model.ConditionalAccessLocationCondition Locations; public enum ConditionalAccessRiskLevel{ Low = 0, Medium = 1, High = 2, Hidden = 3, None = 4, UnknownFutureValue = 5, } public System.Collections.Generic.List<ConditionalAccessRiskLevel> UserRiskLevels; public System.Collections.Generic.List<ConditionalAccessRiskLevel> SignInRiskLevels; public enum ConditionalAccessClientApp{ All = 0, Browser = 1, MobileAppsAndDesktopClients = 2, ExchangeActiveSync = 3, EasSupported = 4, Other = 5, } public System.Collections.Generic.List<ConditionalAccessClientApp> ClientAppTypes; public Microsoft.Open.MSGraph.Model.ConditionalAccessDevicesCondition Devices; } public class ConditionalAccessDevicesCondition { public System.Collections.Generic.List<System.String> IncludeDevices; public System.Collections.Generic.List<System.String> ExcludeDevices; public Microsoft.Open.MSGraph.Model.ConditionalAccessFilter DeviceFilter; } public class ConditionalAccessFilter { public enum ModeEnum{ Include = 0, Exclude = 1, } public System.Nullable<ModeEnum> Mode; public System.String Rule; } public class ConditionalAccessGrantControls { public System.String _Operator; public enum ConditionalAccessGrantControl{ Block = 0, Mfa = 1, CompliantDevice = 2, DomainJoinedDevice = 3, ApprovedApplication = 4, CompliantApplication = 5, PasswordChange = 6, } public System.Collections.Generic.List<ConditionalAccessGrantControl> BuiltInControls; public System.Collections.Generic.List<System.String> CustomAuthenticationFactors; public System.Collections.Generic.List<System.String> TermsOfUse; } public class ConditionalAccessLocationCondition { public System.Collections.Generic.List<System.String> IncludeLocations; public System.Collections.Generic.List<System.String> ExcludeLocations; } public class ConditionalAccessPersistentBrowser { public enum ModeEnum{ Always = 0, Never = 1, } public System.Nullable<ModeEnum> Mode; public System.Nullable<System.Boolean> IsEnabled; } public class ConditionalAccessPlatformCondition { public enum ConditionalAccessDevicePlatforms{ Android = 0, IOS = 1, Windows = 2, WindowsPhone = 3, MacOS = 4, All = 5, } public System.Collections.Generic.List<ConditionalAccessDevicePlatforms> IncludePlatforms; public System.Collections.Generic.List<ConditionalAccessDevicePlatforms> ExcludePlatforms; } public class ConditionalAccessSessionControls { public Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationEnforcedRestrictions ApplicationEnforcedRestrictions; public Microsoft.Open.MSGraph.Model.ConditionalAccessCloudAppSecurity CloudAppSecurity; public Microsoft.Open.MSGraph.Model.ConditionalAccessSignInFrequency SignInFrequency; public Microsoft.Open.MSGraph.Model.ConditionalAccessPersistentBrowser PersistentBrowser; } public class ConditionalAccessSignInFrequency { public enum TypeEnum{ Days = 0, Hours = 1, } public System.Nullable<TypeEnum> Type; public System.Nullable<System.Int32> Value; public System.Nullable<System.Boolean> IsEnabled; } public class ConditionalAccessUserCondition { public System.Collections.Generic.List<System.String> IncludeUsers; public System.Collections.Generic.List<System.String> ExcludeUsers; public System.Collections.Generic.List<System.String> IncludeGroups; public System.Collections.Generic.List<System.String> ExcludeGroups; public System.Collections.Generic.List<System.String> IncludeRoles; public System.Collections.Generic.List<System.String> ExcludeRoles; } public enum CountriesAndRegion{ AD = 0, AE = 1, AF = 2, AG = 3, AI = 4, AL = 5, AM = 6, AN = 7, AO = 8, AQ = 9, AR = 10, AS = 11, AT = 12, AU = 13, AW = 14, AX = 15, AZ = 16, BA = 17, BB = 18, BD = 19, BE = 20, BF = 21, BG = 22, BH = 23, BI = 24, BJ = 25, BL = 26, BM = 27, BN = 28, BO = 29, BQ = 30, BR = 31, BS = 32, BT = 33, BV = 34, BW = 35, BY = 36, BZ = 37, CA = 38, CC = 39, CD = 40, CF = 41, CG = 42, CH = 43, CI = 44, CK = 45, CL = 46, CM = 47, CN = 48, CO = 49, CR = 50, CU = 51, CV = 52, CW = 53, CX = 54, CY = 55, CZ = 56, DE = 57, DJ = 58, DK = 59, DM = 60, DO = 61, DZ = 62, EC = 63, EE = 64, EG = 65, EH = 66, ER = 67, ES = 68, ET = 69, FI = 70, FJ = 71, FK = 72, FM = 73, FO = 74, FR = 75, GA = 76, GB = 77, GD = 78, GE = 79, GF = 80, GG = 81, GH = 82, GI = 83, GL = 84, GM = 85, GN = 86, GP = 87, GQ = 88, GR = 89, GS = 90, GT = 91, GU = 92, GW = 93, GY = 94, HK = 95, HM = 96, HN = 97, HR = 98, HT = 99, HU = 100, ID = 101, IE = 102, IL = 103, IM = 104, IN = 105, IO = 106, IQ = 107, IR = 108, IS = 109, IT = 110, JE = 111, JM = 112, JO = 113, JP = 114, KE = 115, KG = 116, KH = 117, KI = 118, KM = 119, KN = 120, KP = 121, KR = 122, KW = 123, KY = 124, KZ = 125, LA = 126, LB = 127, LC = 128, LI = 129, LK = 130, LR = 131, LS = 132, LT = 133, LU = 134, LV = 135, LY = 136, MA = 137, MC = 138, MD = 139, ME = 140, MF = 141, MG = 142, MH = 143, MK = 144, ML = 145, MM = 146, MN = 147, MO = 148, MP = 149, MQ = 150, MR = 151, MS = 152, MT = 153, MU = 154, MV = 155, MW = 156, MX = 157, MY = 158, MZ = 159, NA = 160, NC = 161, NE = 162, NF = 163, NG = 164, NI = 165, NL = 166, NO = 167, NP = 168, NR = 169, NU = 170, NZ = 171, OM = 172, PA = 173, PE = 174, PF = 175, PG = 176, PH = 177, PK = 178, PL = 179, PM = 180, PN = 181, PR = 182, PS = 183, PT = 184, PW = 185, PY = 186, QA = 187, RE = 188, RO = 189, RS = 190, RU = 191, RW = 192, SA = 193, SB = 194, SC = 195, SD = 196, SE = 197, SG = 198, SH = 199, SI = 200, SJ = 201, SK = 202, SL = 203, SM = 204, SN = 205, SO = 206, SR = 207, SS = 208, ST = 209, SV = 210, SX = 211, SY = 212, SZ = 213, TC = 214, TD = 215, TF = 216, TG = 217, TH = 218, TJ = 219, TK = 220, TL = 221, TM = 222, TN = 223, TO = 224, TR = 225, TT = 226, TV = 227, TW = 228, TZ = 229, UA = 230, UG = 231, UM = 232, US = 233, UY = 234, UZ = 235, VA = 236, VC = 237, VE = 238, VG = 239, VI = 240, VN = 241, VU = 242, WF = 243, WS = 244, YE = 245, YT = 246, ZA = 247, ZM = 248, ZW = 249, } public class DefaultUserRolePermissions { public System.Nullable<System.Boolean> AllowedToCreateApps; public System.Nullable<System.Boolean> AllowedToCreateSecurityGroups; public System.Nullable<System.Boolean> AllowedToReadOtherUsers; } public class DelegatedPermissionClassification { public enum ClassificationEnum{ Low = 0, Medium = 1, High = 2, } public System.Nullable<ClassificationEnum> Classification; public System.String Id; public System.String PermissionId; public System.String PermissionName; } public class DirectoryRoleDefinition { public System.String Id; public System.String OdataType; public System.String Description; public System.String DisplayName; public System.Nullable<System.Boolean> IsBuiltIn; public System.Collections.Generic.List<System.String> ResourceScopes; public System.Nullable<System.Boolean> IsEnabled; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.RolePermission> RolePermissions; public System.String TemplateId; public System.String Version; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.DirectoryRoleDefinition> InheritsPermissionsFrom; } public class DirectorySetting { public System.String Id; public System.String DisplayName; public System.String TemplateId; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.SettingValue> Values; public string this[string name] { get { SettingValue setting = this.Values.FirstOrDefault(namevaluepair => namevaluepair.Name.Equals(name)); return (setting != null) ? setting.Value : string.Empty; } set { SettingValue setting = this.Values.FirstOrDefault(namevaluepair => namevaluepair.Name.Equals(name)); if (setting != null) { // Capitalize the forst character of the value. if (string.IsNullOrEmpty(value)) { setting.Value = value; } else if (value.Length == 1) { setting.Value = value.ToUpper(); } else { setting.Value = char.ToUpper(value[0]) + value.Substring(1); } } } } } public class DirectorySettingTemplate { public System.String Id; public System.String DisplayName; public System.String Description; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.SettingTemplateValue> Values; public DirectorySetting CreateDirectorySetting() { DirectorySetting directorySetting = new DirectorySetting(); directorySetting.TemplateId = this.Id; directorySetting.Values = new System.Collections.Generic.List<SettingValue>(); foreach (var definition in this.Values) { SettingValue item = new SettingValue(); item.Name = definition.Name; string value = definition.DefaultValue; if (string.IsNullOrEmpty(value)) { item.Value = value; } else if (value.Length == 1) { item.Value = value.ToUpper(); } else { item.Value = char.ToUpper(value[0]) + value.Substring(1); } directorySetting.Values.Add(item); } return directorySetting; } } public class EmailAddress { public System.String Name; public System.String Address; } public class ImplicitGrantSettings { public System.Nullable<System.Boolean> EnableIdTokenIssuance; public System.Nullable<System.Boolean> EnableAccessTokenIssuance; } public class InformationalUrl { public System.String TermsOfServiceUrl; public System.String MarketingUrl; public System.String PrivacyStatementUrl; public System.String SupportUrl; public System.String LogoUrl; } public class InvitedUserMessageInfo { public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.Recipient> CcRecipients; public System.String CustomizedMessageBody; public System.String MessageLanguage; } public class IpRange { public System.String CidrAddress; public IpRange() { } public IpRange(System.String value) { CidrAddress = value; } } public class KeyCredential { public System.Byte[] CustomKeyIdentifier; public System.Nullable<System.DateTime> EndDateTime; public System.String KeyId; public System.Nullable<System.DateTime> StartDateTime; public System.String Type; public System.String Usage; public System.Byte[] Key; } public class KeyValue { public System.String Key; public System.String Value; } public class MsDirectoryObject { public System.String Id; public System.String OdataType; } public class MsFeatureRolloutPolicy { public enum FeatureEnum{ PassthroughAuthentication = 0, SeamlessSso = 1, PasswordHashSync = 2, EmailAsAlternateId = 3, } public System.Nullable<FeatureEnum> Feature; public System.String Id; public System.String DisplayName; public System.String Description; public System.Nullable<System.Boolean> IsEnabled; public System.Nullable<System.Boolean> IsAppliedToOrganization; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.MsDirectoryObject> AppliesTo; } public class OptionalClaim { public System.String Name; public System.String Source; public System.Nullable<System.Boolean> Essential; public System.Collections.Generic.List<System.String> AdditionalProperties; } public class OptionalClaims { public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.OptionalClaim> IdToken; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.OptionalClaim> AccessToken; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.OptionalClaim> SamlToken; } public class ParentalControlSettings { public enum LegalAgeGroupRuleEnum{ Allow = 0, RequireConsentForPrivacyServices = 1, RequireConsentForMinors = 2, RequireConsentForKids = 3, BlockMinors = 4, } public System.Nullable<LegalAgeGroupRuleEnum> LegalAgeGroupRule; public System.Collections.Generic.List<System.String> CountriesBlockedForMinors; } public class PasswordCredential { public System.Byte[] CustomKeyIdentifier; public System.Nullable<System.DateTime> EndDateTime; public System.String KeyId; public System.Nullable<System.DateTime> StartDateTime; public System.String SecretText; public System.String Hint; } public class PasswordSSOCredential { public System.String FieldId; public System.String Value; public System.String Type; } public class PasswordSSOCredentials { public System.String Id; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.PasswordSSOCredential> Credentials; } public class PasswordSSOObjectId { public System.String Id; public PasswordSSOObjectId() { } public PasswordSSOObjectId(System.String value) { Id = value; } } public class PermissionScope { public System.String AdminConsentDescription; public System.String AdminConsentDisplayName; public System.String Id; public System.Nullable<System.Boolean> IsEnabled; public System.String Type; public System.String UserConsentDescription; public System.String UserConsentDisplayName; public System.String Value; } public class PreAuthorizedApplication { public System.String AppId; public System.Collections.Generic.List<System.String> PermissionIds; } public class PublicClientApplication { public System.Collections.Generic.List<System.String> RedirectUris; public PublicClientApplication() { } public PublicClientApplication(System.Collections.Generic.List<System.String> value) { RedirectUris = value; } } public class Recipient { public Microsoft.Open.MSGraph.Model.EmailAddress EmailAddress; public Recipient() { } public Recipient(Microsoft.Open.MSGraph.Model.EmailAddress value) { EmailAddress = value; } } public class RequiredResourceAccess { public System.String ResourceAppId; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.ResourceAccess> ResourceAccess; } public class ResourceAccess { public System.String Id; public System.String Type; } public class RolePermission { public System.Collections.Generic.List<System.String> AllowedResourceActions; public System.String Condition; } public class SettingTemplateValue { public System.String Name; public System.String Description; public System.String Type; public System.String DefaultValue; } public class SettingValue { public System.String Name; public System.String Value; } public class SetVerifiedPublisherRequest { public System.String VerifiedPublisherId; public SetVerifiedPublisherRequest() { } public SetVerifiedPublisherRequest(System.String value) { VerifiedPublisherId = value; } } public class User { public System.String Id; public System.String OdataType; } public class WebApplication { public System.String LogoutUrl; public System.Nullable<System.Boolean> Oauth2AllowImplicitFlow; public System.Collections.Generic.List<System.String> RedirectUris; public Microsoft.Open.MSGraph.Model.ImplicitGrantSettings ImplicitGrantSettings; } } "@ # Extract namespaces and types from the type definitions $lines = $def -split "`n" $namespace = $null $types = @() foreach ($line in $lines) { # Check for a namespace declaration if ($line -match '^\s*namespace\s+([\w\.]+)') { $namespace = $matches[1] } # Check for public classes or enums within a namespace elseif ($line -match '^\s*public\s+(class|enum)\s+(\w+)') { if ($namespace) { $types += "$namespace.$($matches[2])" } } } # Check if each type exists in the currently loaded assemblies $missingTypes = @() foreach ($type in $types) { if (-not [Type]::GetType($type, $false, $false)) { $missingTypes += $type } } # Add the $def if any type is missing if ($missingTypes.Count -gt 0) { try { # Define parameters for dynamic compilation Add-Type -TypeDefinition $def } catch { } } #Don't add the types # ------------------------------------------------------------------------------ # End of Type definitions required for commands inputs # ------------------------------------------------------------------------------ # SIG # Begin signature block # MIIoQwYJKoZIhvcNAQcCoIIoNDCCKDACAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDJXTRSupE2Z7mS # fA3aPVC4fuB54B5i10PQtWgVU+bGVKCCDXYwggX0MIID3KADAgECAhMzAAAEBGx0 # Bv9XKydyAAAAAAQEMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjQwOTEyMjAxMTE0WhcNMjUwOTExMjAxMTE0WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQC0KDfaY50MDqsEGdlIzDHBd6CqIMRQWW9Af1LHDDTuFjfDsvna0nEuDSYJmNyz # NB10jpbg0lhvkT1AzfX2TLITSXwS8D+mBzGCWMM/wTpciWBV/pbjSazbzoKvRrNo # DV/u9omOM2Eawyo5JJJdNkM2d8qzkQ0bRuRd4HarmGunSouyb9NY7egWN5E5lUc3 # a2AROzAdHdYpObpCOdeAY2P5XqtJkk79aROpzw16wCjdSn8qMzCBzR7rvH2WVkvF # HLIxZQET1yhPb6lRmpgBQNnzidHV2Ocxjc8wNiIDzgbDkmlx54QPfw7RwQi8p1fy # 4byhBrTjv568x8NGv3gwb0RbAgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQU8huhNbETDU+ZWllL4DNMPCijEU4w # RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW # MBQGA1UEBRMNMjMwMDEyKzUwMjkyMzAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci # tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG # CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0 # MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAIjmD9IpQVvfB1QehvpC # Ge7QeTQkKQ7j3bmDMjwSqFL4ri6ae9IFTdpywn5smmtSIyKYDn3/nHtaEn0X1NBj # L5oP0BjAy1sqxD+uy35B+V8wv5GrxhMDJP8l2QjLtH/UglSTIhLqyt8bUAqVfyfp # h4COMRvwwjTvChtCnUXXACuCXYHWalOoc0OU2oGN+mPJIJJxaNQc1sjBsMbGIWv3 # cmgSHkCEmrMv7yaidpePt6V+yPMik+eXw3IfZ5eNOiNgL1rZzgSJfTnvUqiaEQ0X # dG1HbkDv9fv6CTq6m4Ty3IzLiwGSXYxRIXTxT4TYs5VxHy2uFjFXWVSL0J2ARTYL # E4Oyl1wXDF1PX4bxg1yDMfKPHcE1Ijic5lx1KdK1SkaEJdto4hd++05J9Bf9TAmi # u6EK6C9Oe5vRadroJCK26uCUI4zIjL/qG7mswW+qT0CW0gnR9JHkXCWNbo8ccMk1 # sJatmRoSAifbgzaYbUz8+lv+IXy5GFuAmLnNbGjacB3IMGpa+lbFgih57/fIhamq # 5VhxgaEmn/UjWyr+cPiAFWuTVIpfsOjbEAww75wURNM1Imp9NJKye1O24EspEHmb # DmqCUcq7NqkOKIG4PVm3hDDED/WQpzJDkvu4FrIbvyTGVU01vKsg4UfcdiZ0fQ+/ # V0hf8yrtq9CkB8iIuk5bBxuPMIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg # Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03 # a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr # rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg # OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy # 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9 # sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh # dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k # A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB # w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn # Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90 # lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w # ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o # ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG # AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV # HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG # AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl # AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb # C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l # hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6 # I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0 # wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560 # STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam # ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa # J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah # XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA # 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt # Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr # /Xmfwb1tbWrJUnMTDXpQzTGCGiMwghofAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp # Z25pbmcgUENBIDIwMTECEzMAAAQEbHQG/1crJ3IAAAAABAQwDQYJYIZIAWUDBAIB # BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIPeutKXln0X95aREcGuIw5PS # JGUrcdEoM13Mo8DOe9xdMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A # cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB # BQAEggEAgOatooYIKheupEZqsAEc7T+hJJPVShbsyA9bN2znJ30Fxn1IOZx6ujTM # obA0bzSIslG06Ojflhn5wcMNG5danbvzKOREUYmqQYCYrOjnP5yrPYVHuTNp9NUs # oM9RLaxrw7HSWMbTjwwTACgnBQ9Q4Ciu2c5ZqpSoqoFywiEbuOm7P/vok5eP11vG # KZa+wWBadjfYq8Li9mPIhwqfn9DG24sgYRL60qMfnpSvin+3M4Qjes5nNZlr6rzK # w6NRcLwyjn+aHUh3MA6Pkh/bSuhjjO/9RZ2fvg2GOsmhODsJzGJ2j/CTdwNzTQst # bA+Uk78KsrOhl2WMuuFdVwhO+F3JQqGCF60wghepBgorBgEEAYI3AwMBMYIXmTCC # F5UGCSqGSIb3DQEHAqCCF4YwgheCAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFaBgsq # hkiG9w0BCRABBKCCAUkEggFFMIIBQQIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCCH5D/CJc9aV52MIyGQKTdYOI1xmwI6R8E/UyKrv9WDjgIGZ7/AR92G # GBMyMDI1MDMxNDEyMTQxMC4zMTRaMASAAgH0oIHZpIHWMIHTMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJl # bGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJzAlBgNVBAsTHm5TaGllbGQgVFNTIEVT # Tjo2NTFBLTA1RTAtRDk0NzElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAg # U2VydmljZaCCEfswggcoMIIFEKADAgECAhMzAAAB9ZkJlLzxxlCMAAEAAAH1MA0G # CSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u # MRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRp # b24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMB4XDTI0 # MDcyNTE4MzEwMVoXDTI1MTAyMjE4MzEwMVowgdMxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9w # ZXJhdGlvbnMgTGltaXRlZDEnMCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOjY1MUEt # MDVFMC1EOTQ3MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNl # MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzO90cFQTWd/WP84IT7JM # IW1fQL61sdfgmhlfT0nvYEb2kvkNF073ZwjveuSWot387LjE0TCiG93e6I0HzIFQ # BnbxGP/WPBUirFq7WE5RAsuhNfYUL+PIb9jJq3CwWxICfw5t/pTyIOHjKvo1lQOT # WZypir/psZwEE7y2uWAPbZJTFrKen5R73x2Hbxy4eW1DcmXjym2wFWv10sBH40aj # Jfe+OkwcTdoYrY3KkpN/RQSjeycK0bhjo0CGYIYa+ZMAao0SNR/R1J1Y6sLkiCJO # 3aQrbS1Sz7l+/qJgy8fyEZMND5Ms7C0sEaOvoBHiWSpTM4vc0xDLCmc6PGv03CtW # u2KiyqrL8BAB1EYyOShI3IT79arDIDrL+de91FfjmSbBY5j+HvS0l3dXkjP3Hon8 # b74lWwikF0rzErF0n3khVAusx7Sm1oGG+06hz9XAy3Wou+T6Se6oa5LDiQgPTfWR # /j9FNk8Ju06oSfTh6c03V0ulla0Iwy+HzUl+WmYxFLU0PiaXsmgudNwVqn51zr+B # i3XPJ85wWuy6GGT7nBDmXNzTNkzK98DBQjTOabQXUZ884Yb9DFNcigmeVTYkyUXZ # 6hscd8Nyq45A3D3bk+nXnsogK1Z7zZj6XbGft7xgOYvveU6p0+frthbF7MXv+i5q # cD9HfFmOq4VYHevVesYb6P0CAwEAAaOCAUkwggFFMB0GA1UdDgQWBBRV4Hxb9Uo0 # oHDwJZJe22ixe2B1ATAfBgNVHSMEGDAWgBSfpxVdAF5iXYP05dJlpxtTNRnpcjBf # BgNVHR8EWDBWMFSgUqBQhk5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3Bz # L2NybC9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENBJTIwMjAxMCgxKS5jcmww # bAYIKwYBBQUHAQEEYDBeMFwGCCsGAQUFBzAChlBodHRwOi8vd3d3Lm1pY3Jvc29m # dC5jb20vcGtpb3BzL2NlcnRzL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0El # MjAyMDEwKDEpLmNydDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUF # BwMIMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEAcwxmVPaA9xHf # fuom0TOSp2hspuf1G0cHW/KXHAuhnpW8/Svlq5j9aKI/8/G6fGIQMr0zlpau8jy8 # 3I4zclGdJjl5S02SxDlUKawtWvgf7ida06PgjeQM1eX4Lut4bbPfT0FEp77G76hh # ysXxTJNHv5y+fwThUeiiclihZwqcZMpa46m+oV6igTU6I0EnneotMqFs0Q3zHgVV # r4WXjnG2Bcnkip42edyg/9iXczqTBrEkvTz0UlltpFGaQnLzq+No8VEgq0UG7W1E # LZGhmmxFmHABwTT6sPJFV68DfLoC0iB9Qbb9VZ8mvbTV5JtISBklTuVAlEkzXi9L # IjNmx+kndBfKP8dxG/xbRXptQDQDaCsS6ogLkwLgH6zSs+ul9WmzI0F8zImbhnZh # UziIHheFo4H+ZoojPYcgTK6/3bkSbOabmQFf95B8B6e5WqXbS5s9OdMdUlW1gTI1 # r5u+WAwH2KG7dxneoTbf/jYl3TUtP7AHpyck2c0nun/Q0Cycpa9QUH/Dy01k6tQo # mNXGjivg2/BGcgZJ0Hw8C6KVelEJ31xLoE21m9+NEgSKCRoFE1Lkma31SyIaynbd # YEb8sOlZynMdm8yPldDwuF54vJiEArjrcDNXe6BobZUiTWSKvv1DJadR1SUCO/Od # 21GgU+hZqu+dKgjKAYdeTIvi9R2rtLYwggdxMIIFWaADAgECAhMzAAAAFcXna54C # m0mZAAAAAAAVMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UE # CBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9z # b2Z0IENvcnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZp # Y2F0ZSBBdXRob3JpdHkgMjAxMDAeFw0yMTA5MzAxODIyMjVaFw0zMDA5MzAxODMy # MjVaMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH # EwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNV # BAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMIICIjANBgkqhkiG9w0B # AQEFAAOCAg8AMIICCgKCAgEA5OGmTOe0ciELeaLL1yR5vQ7VgtP97pwHB9KpbE51 # yMo1V/YBf2xK4OK9uT4XYDP/XE/HZveVU3Fa4n5KWv64NmeFRiMMtY0Tz3cywBAY # 6GB9alKDRLemjkZrBxTzxXb1hlDcwUTIcVxRMTegCjhuje3XD9gmU3w5YQJ6xKr9 # cmmvHaus9ja+NSZk2pg7uhp7M62AW36MEBydUv626GIl3GoPz130/o5Tz9bshVZN # 7928jaTjkY+yOSxRnOlwaQ3KNi1wjjHINSi947SHJMPgyY9+tVSP3PoFVZhtaDua # Rr3tpK56KTesy+uDRedGbsoy1cCGMFxPLOJiss254o2I5JasAUq7vnGpF1tnYN74 # kpEeHT39IM9zfUGaRnXNxF803RKJ1v2lIH1+/NmeRd+2ci/bfV+AutuqfjbsNkz2 # K26oElHovwUDo9Fzpk03dJQcNIIP8BDyt0cY7afomXw/TNuvXsLz1dhzPUNOwTM5 # TI4CvEJoLhDqhFFG4tG9ahhaYQFzymeiXtcodgLiMxhy16cg8ML6EgrXY28MyTZk # i1ugpoMhXV8wdJGUlNi5UPkLiWHzNgY1GIRH29wb0f2y1BzFa/ZcUlFdEtsluq9Q # BXpsxREdcu+N+VLEhReTwDwV2xo3xwgVGD94q0W29R6HXtqPnhZyacaue7e3Pmri # Lq0CAwEAAaOCAd0wggHZMBIGCSsGAQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUC # BBYEFCqnUv5kxJq+gpE8RjUpzxD/LwTuMB0GA1UdDgQWBBSfpxVdAF5iXYP05dJl # pxtTNRnpcjBcBgNVHSAEVTBTMFEGDCsGAQQBgjdMg30BATBBMD8GCCsGAQUFBwIB # FjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9y # eS5odG0wEwYDVR0lBAwwCgYIKwYBBQUHAwgwGQYJKwYBBAGCNxQCBAweCgBTAHUA # YgBDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU # 1fZWy4/oolxiaNE9lJBb186aGMQwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2Ny # bC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIw # MTAtMDYtMjMuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0w # Ni0yMy5jcnQwDQYJKoZIhvcNAQELBQADggIBAJ1VffwqreEsH2cBMSRb4Z5yS/yp # b+pcFLY+TkdkeLEGk5c9MTO1OdfCcTY/2mRsfNB1OW27DzHkwo/7bNGhlBgi7ulm # ZzpTTd2YurYeeNg2LpypglYAA7AFvonoaeC6Ce5732pvvinLbtg/SHUB2RjebYIM # 9W0jVOR4U3UkV7ndn/OOPcbzaN9l9qRWqveVtihVJ9AkvUCgvxm2EhIRXT0n4ECW # OKz3+SmJw7wXsFSFQrP8DJ6LGYnn8AtqgcKBGUIZUnWKNsIdw2FzLixre24/LAl4 # FOmRsqlb30mjdAy87JGA0j3mSj5mO0+7hvoyGtmW9I/2kQH2zsZ0/fZMcm8Qq3Uw # xTSwethQ/gpY3UA8x1RtnWN0SCyxTkctwRQEcb9k+SS+c23Kjgm9swFXSVRk2XPX # fx5bRAGOWhmRaw2fpCjcZxkoJLo4S5pu+yFUa2pFEUep8beuyOiJXk+d0tBMdrVX # VAmxaQFEfnyhYWxz/gq77EFmPWn9y8FBSX5+k77L+DvktxW/tM4+pTFRhLy/AsGC # onsXHRWJjXD+57XQKBqJC4822rpM+Zv/Cuk0+CQ1ZyvgDbjmjJnW4SLq8CdCPSWU # 5nR0W2rRnj7tfqAxM328y+l7vzhwRNGQ8cirOoo6CGJ/2XBjU02N7oJtpQUQwXEG # ahC0HVUzWLOhcGbyoYIDVjCCAj4CAQEwggEBoYHZpIHWMIHTMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJl # bGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJzAlBgNVBAsTHm5TaGllbGQgVFNTIEVT # Tjo2NTFBLTA1RTAtRDk0NzElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAg # U2VydmljZaIjCgEBMAcGBSsOAwIaAxUAJsAKu48NbR5YRg3WSBQCyjzdkvaggYMw # gYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYD # VQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDANBgkqhkiG9w0BAQsF # AAIFAOt+A/0wIhgPMjAyNTAzMTQwMTI1MTdaGA8yMDI1MDMxNTAxMjUxN1owdDA6 # BgorBgEEAYRZCgQBMSwwKjAKAgUA634D/QIBADAHAgEAAgIhrjAHAgEAAgIS7jAK # AgUA639VfQIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgorBgEEAYRZCgMCoAowCAIB # AAIDB6EgoQowCAIBAAIDAYagMA0GCSqGSIb3DQEBCwUAA4IBAQA1jYVwDFJNM6OE # ZK5sYns5uecODldOrGBVJKS6nAJPfiOAlvJ2Xi2pBK66FZBjAqkqHw6M/uUXqCWp # SfeF6aKAgTwlkY0wR2FBz0qLToEHmg94lHa9lxdiDnQuRupK7uRyKi2imd/rGLur # kE8AgylafHXbFTT0lMjxrtwYsRE8YKNx8cYlJa4OG5C2JDndm4os6Tqp6j0gMUwc # oI3RtO/VTvNcf1uDWrBOv86kfIldPF02mUbWVF2HgaM7RAxv6FlZV1u3TDuIc9TY # THaHEcQ3PYWvm1UhiORZP7HjUVhWkIgPcu6wsTxcqa7jovgFr2v+BuC2AprbEdkr # XmvmvNaEMYIEDTCCBAkCAQEwgZMwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldh # c2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBD # b3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIw # MTACEzMAAAH1mQmUvPHGUIwAAQAAAfUwDQYJYIZIAWUDBAIBBQCgggFKMBoGCSqG # SIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0BCQQxIgQgxb+1ju0DOWNv # 5oZpBZTdspyUxlVABAIjAWX2zVkzxSUwgfoGCyqGSIb3DQEJEAIvMYHqMIHnMIHk # MIG9BCDB1vLSFwh09ISu4kdEv4/tg9eR1Yk8w5x7j5GThqaPNTCBmDCBgKR+MHwx # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1p # Y3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAB9ZkJlLzxxlCMAAEAAAH1 # MCIEIJdN5HCivGCExWpPaHEX4Av06O7bf6fqBkyns9VthdUEMA0GCSqGSIb3DQEB # CwUABIICAMXsADlioQN55kwzzcvFegrCSf3RyPL7QxS2K0NDHPuOP8nV/CZQ0Vdh # zdAUlFWFEEoQ6GdZGZxxHxJoyFupy0Z5qZ36GIWruzzQ41DLZH03Jmp5g9zNurhZ # EVaH+Hrzc27EEYx7fOpW6f1MU5Bnxr3rMGWuEyJcJUu8gLGCJpM4MY70det98+Gn # LKdKok3dXYymTCfjl8PIQed6kDadmnVcNAlTnbGdjh2FWm3H5X3SMxD/YfsZRB2m # wpZRTejvzznCNoGWdZe22hVck7orUvDyLQXYfm/J7BIIhcBIwk3KotXYGxzhziDJ # BGkJqwGph+DlqgQNNaCM51W+kdIgHC104Qe2kpY9lOOUL9bZOGxMl8YtbpB2O3nm # tDKUTr2IMhffueGv0oHdDOPZqi6xjUgTH7GsoAOmjsDX3eS2DEBMvIMkyCe3qA/y # xbe9gt2YlrEQM4jqw6t+A6SDeZLkUHAeZlAXMfOtKrdFGTFI0KkFlwq9Ft9pIah9 # /Buss6pDD5SquiB5bDudme0mqtEU70KVaYC05CI7LQxXUpj476wpAmhXz8SunKJJ # QU930cFm2b6vl7evBt/dcHxyiG7nrG3eczALLyFkgSEGFxGauVK64QtVk00seF7Z # UtIaPUnrYhYHAiEIExIakh6qamdc9eGE6SaIjSCTBdqu9BwDwne7 # SIG # End signature block |