From 1f6447febad131ac9c5dd7dc0bddd8c78b97d80c Mon Sep 17 00:00:00 2001
From: Iaan D'Souza-Wiltshire <iaan.wiltshire@microsoft.com>
Date: Wed, 13 Sep 2017 17:09:23 -0700
Subject: [PATCH] update default options in ep

---
 .../customize-exploit-protection.md           |  57 ++++++++++++++++--
 .../images/check-no.png                       | Bin 0 -> 201 bytes
 .../images/ep-default.png                     | Bin 0 -> 14180 bytes
 3 files changed, 52 insertions(+), 5 deletions(-)
 create mode 100644 windows/threat-protection/windows-defender-exploit-guard/images/check-no.png
 create mode 100644 windows/threat-protection/windows-defender-exploit-guard/images/ep-default.png

diff --git a/windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md b/windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
index 86c947101d..0567af3379 100644
--- a/windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
@@ -50,7 +50,54 @@ It also describes how to enable or configure the mitigations using Windows Defen
 
 All mitigations can be configured for individual apps. Some mitigations can also be applied at the operating system level.
 
-You can set each of the mitigations to on, off, or to their default value as indicated in the following table. Some mitigations have additional options, these are indicated in the description in the table.
+
+You can set each of the mitigations to on, off, or to their default value as indicated in the table below. Some mitigations have additional options, these are indicated in the description in the table.
+
+>[!IMPORTANT]
+>If you add an app to the **Program settings** section and configure individual mitigation settings there, they will be honored above the configuration for the same mitigations specified in the **System settings** section. The following matrix and examples help to illustrate how defaults work:
+>
+>
+>Enabled in **Program settings** | Enabled in **System settings** | Behavior
+>:-: | :-: | :-:
+><svg width="1rem" height="1rem" xmlns='http://www.w3.org/2000/svg' viewBox='0 0 140 140'><path fill='#0E8915' d='M129 20L55 94 21 60 10 71l45 45 85-85z'/></svg> | <svg width="1rem" height="1rem" viewBox="0 0 140 140" xmlns="http://www.w3.org/2000/svg"><polygon fill='#d83b01' points="95.2 12.2 83 0 47.6 35.4 12.2 0 0 12.2 35.4 47.6 0 83 12.2 95.2 47.6 59.9 83 95.2 95.2 83 59.9 47.6 95.2 12.2"/></svg> | As defined in **Program settings**
+><svg width="1rem" height="1rem" xmlns='http://www.w3.org/2000/svg' viewBox='0 0 140 140'><path fill='#0E8915' d='M129 20L55 94 21 60 10 71l45 45 85-85z'/></svg> | <svg width="1rem" height="1rem" xmlns='http://www.w3.org/2000/svg' viewBox='0 0 140 140'><path fill='#0E8915' d='M129 20L55 94 21 60 10 71l45 45 85-85z'/></svg> | As defined in **Program settings**
+><svg width="1rem" height="1rem" viewBox="0 0 140 140" xmlns="http://www.w3.org/2000/svg"><polygon fill='#d83b01' points="95.2 12.2 83 0 47.6 35.4 12.2 0 0 12.2 35.4 47.6 0 83 12.2 95.2 47.6 59.9 83 95.2 95.2 83 59.9 47.6 95.2 12.2"/></svg> | <svg width="1rem" height="1rem" xmlns='http://www.w3.org/2000/svg' viewBox='0 0 140 140'><path fill='#0E8915' d='M129 20L55 94 21 60 10 71l45 45 85-85z'/></svg> | As defined in **System settings**
+><svg width="1rem" height="1rem" viewBox="0 0 140 140" xmlns="http://www.w3.org/2000/svg"><polygon fill='#d83b01' points="95.2 12.2 83 0 47.6 35.4 12.2 0 0 12.2 35.4 47.6 0 83 12.2 95.2 47.6 59.9 83 95.2 95.2 83 59.9 47.6 95.2 12.2"/></svg> | <svg width="1rem" height="1rem" viewBox="0 0 140 140" xmlns="http://www.w3.org/2000/svg"><polygon fill='#d83b01' points="95.2 12.2 83 0 47.6 35.4 12.2 0 0 12.2 35.4 47.6 0 83 12.2 95.2 47.6 59.9 83 95.2 95.2 83 59.9 47.6 95.2 12.2"/></svg> | Default as defined in **Use default** option
+>![](images/check-no.png)|XX|XX
+>
+>
+>  
+>- **Example 1**  
+>    
+>    You configure **Data Execution Prevention (DEP)** in the **System settings** section to be **Off by default**.
+>    
+>    You then add the app *test.exe* to the **Program settings** section. In the options for that app, under **Data Execution Prevention (DEP)** you enable the **Override system settings** option and set the switch to **On**. You don't have any other apps listed in the **Program settings** section.
+>    
+>The result will be that DEP only will be enabled for *test.exe*. All other apps will not have DEP applied.
+>  
+>  
+>- **Example 2**
+>  
+>    You configure **Data Execution Prevention (DEP)** in the **System settings** section to be **Off by default**.
+>
+>    You then add the app *test.exe* to the **Program settings** section. In the options for that app, under **Data Execution Prevention (DEP)** you enable the **Override system settings** option and set the switch to **On**. 
+>
+>    You also add the app *miles.exe* to the **Program settings** section and configure **Control flow guard (CFG)** to **On**. You don't enable the **Override system settings** option for DEP or any other mitigation for that app.
+>
+>The result will be that DEP will be enabled for *test.exe*. DEP will not be enabled for any other app, including *miles.exe*. CFG will be enabled for *miles.exe*.
+
+Default values are always specified in brackets at the **Use default** option for each mitigation. In the following example, the default for Data Execution Prevention is "On". 
+
+
+
+<svg width="1rem" height="1rem" viewBox="0 0 140 140" xmlns="http://www.w3.org/2000/svg"><polygon fill='#d83b01' points="95.2 12.2 83 0 47.6 35.4 12.2 0 0 12.2 35.4 47.6 0 83 12.2 95.2 47.6 59.9 83 95.2 95.2 83 59.9 47.6 95.2 12.2"/></svg>
+
+<svg width="1rem" height="1rem" xmlns='http://www.w3.org/2000/svg' viewBox='0 0 140 140'><path fill='#0E8915' d='M129 20L55 94 21 60 10 71l45 45 85-85z'/></svg>
+
+
+![](images/ep-default.png)
+
+The **Use default** configuration for each of the mitigation settings indicates our recommendation for a base level of protection for everyday usage for home users. Enterprise deployments should consider the protection required for their individual needs and may need to modify configuration away from the defaults.
 
 For the associated PowerShell cmdlets for each mitigation, see the [PowerShell reference table](#cmdlets-table) at the bottom of this topic.
 
@@ -89,10 +136,10 @@ Validate stack integrity (StackPivot) | Ensures that the stack has not been redi
 
     ![](images/wdsc-exp-prot.png)
         
-3.	Under the **System settings** section, find the mitigation you want to configure and select either:
-    - **On by default**
-    - **Off by default**
-    -**Use default**
+3.	Under the **System settings** section, find the mitigation you want to configure and select one of the following. Apps that aren't configured individually in the **Program settings** section will use the settings configured here:
+    - **On by default** - The mitigation is *enabled* for apps that don't have this mitigation set in the app-specific **Program settings** section
+    - **Off by default** - The mitigation is *disabled* for apps that don't have this mitigation set in the app-specific **Program settings** section
+    - **Use default** - The mitigation is either enabled or disabled, depending on the default configuration for Windows 10; the default value (**On** or **Off**) is always specified next to the **Use default** label for each of the mitigations
 
     >[!NOTE]
     >You may see a User Account Control window when changing some settings. Enter administrator credentials to apply the setting.
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/check-no.png b/windows/threat-protection/windows-defender-exploit-guard/images/check-no.png
new file mode 100644
index 0000000000000000000000000000000000000000..040c7d2f6362b5dd9013b55be714357696838b97
GIT binary patch
literal 201
zcmeAS@N?(olHy`uVBq!ia0vp^0wB!61|;P_|4#%`oCO|{#S9FL`#_jcJgiLwC|K?3
z;uvCadhO(kybTIGF7a~?1WFtglsG7O=SZN;!9baZe;Qj{7KZL<nZND3$HG>XgIY5R
zJvMMSN#0-;nj_{S5d2n^gTsmIM3cy~n!cz<jE31!tn;{|CS1Lp#QVrxdP4Z;BN?Sz
wFMREYy??{hW3k)M|3;#nZx34?&)LT~bH)3}(?QRV0-eF&>FVdQ&MBb@079rq<NyEw

literal 0
HcmV?d00001

diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/ep-default.png b/windows/threat-protection/windows-defender-exploit-guard/images/ep-default.png
new file mode 100644
index 0000000000000000000000000000000000000000..eafac1db7a92f9d9df56c286386ae26178d64171
GIT binary patch
literal 14180
zcmb`ubyQVf+b+Bj1w}$YLMa826a-0W*@Sd=mo!K>0wSd#N=PFhUD6GT2-1y!fQU4k
z?mYMYJ<s{$`^I?Q^S<Z%#(*Ktz1Cj$ob#U79oMzOloX`!aBkxu5D2`d(nu8q0%HVz
z@vdUQi1zSBCH!;EQCiy>fx!QU{>6x8!KZ*hY?r6<64<lX@Q84)s(M*o|7S=-%SFu9
z#nQnEkyqR;4MVstFoZOBHg&Rcbg^=<M-X4TO9$gP=y7oeM^7iKXO=FALW1tcFpB@r
zsFS%d`qDctR(9qH?gN5r@X0mwC#nt>F7C!o<_LYq3-smJ|M_w&XH#2axYP+z-BJ++
z!&lM6n#NA{R`$;jEffnOFoylF`(2$(%@KPSL974!GI0kxJ9B#%#C~^NGmK%OFH^H}
zu{B5Jt`9OG5O)wykz#5d$*3t`CADX%?3?V>3nfLdm!02}Q&3LZ^W=43qDOt(U*RL+
z;YxUo=`k5#nGik^D^2k57LVpt3%xN{kFMh9KXB87@0&<Cu04J78h=V#B`LV<edxqP
z(;nOJSdx~e83uIY6aFXXUj!9<`F)RL>Eu@rR3%6jQT%<Ly~{fSeH(&!OaY>I5VW+k
ziRBm3OE@<O38$FI)xttUalfX^AdzM_u+-thpoh6cgoL+Vip7S8cHF_uM<S6}#!B?G
zw47Iim<b7^#s1?h_wI^u)6+}rm3wTNsA*`JczEy;j$F%El##)ak&z)%iMK4&`fOsb
zl4JLtghk``?($HzZ*z6)@=(rakF7tR1^!Q;h6zg9+1b_EjgOALqTsc^Y?tFMgfrXw
z;|&Gx+oYt3s;Vkaeo0!K{URiakAVTZPvk-nVdUgQ<m>Cp=Xc8I<?XGkt$j=V*4*5j
zBOj&5pD>0}({}vU6--1|+=C=lPf0?%fw8fi#FEBaGi;r1{2rTkQvHstk{`R`h#Y<)
zSTMiX;`2S`I-jLE$0%vszpYVX@L+MK!PD7be`ah9JHG2mT3=40p}Kl-cefm(C5)Is
z$<Q#0m_fnF$Ov&T<(_6eH99)_c0NRa0fj<&953e>SL#Hkr8%qx5GtDmTt?g|)hWvN
z94j#-_|UU}c=4idF(N<t<HwJP7os*c1+#nFj6~YJsHPIb=BD&X8B04mJj7L8JUn`{
z3x0n7fc*UY(7k083J;-FWK*ewIV&7DkW7p^53@XH{otMt2GAIIqqq?-hL$fsoTPB(
zqtt5f;80OffyHC-wuPnDD!0Hxq&GEDGchr7`u>7t{`E^QL1((w`I(+;-SastQg(ya
zZ4qQ$sk57#58+O;aQR{7tT|>D77k(IVrFq~+|0~Ov3bib(q_yTUGpkM1@elkDDi{^
zwYYlcMTJ^}LX^{t@4*-A%1*23Q9;MwFKiv=IX|btjvIM+kn`IAdOIYOafYl<5%$%I
zi-%3c#K!M%mGE+Lak<H&QK(dzr)6MhNPqxK-xR*jE!ZY$U0Py<=c_aMD=ToF3_cPR
z#7*l90hf@p?d$B6(JIn#adVT@<GqRE$9S=r=I^IqPBcJykM<p%oP$)Yt)(TS5v)~?
zLJAJ-v&_i*y(6E1;$pU=ED<iQn>BuCUUzPM@KxD>WrdZ#!pzKk32~{hvGMtc)b4$x
z!%yo<EGH+YzfIj1&Mme)U5~RreY(<ZQU1$dxHdnZxqot!!qV0j7j9kNFN@tNHf(0g
z>9KG&vb2=m{~fzWB6M0&Q6Xw-YMNeMt+~E4oTr-aG&DGPiG+kCzY2FOX~-tNqJoQG
zakpg<Mh!|di-&&xB$t+zeZMF=+_$*%W9MVHB;({7+*pS9>eZ`D>gwwGri4QL&m$$M
zkSPrYCBL!@3S_C%s;ZavyfCe-tOAmglSMT(HPZ_USl-6P-Cw=c)3h7vy1TGkS?Q)-
zD5Q?!zjnEae<o}tk9eww)J2ITK=uZ&-t+RSvFGac41=b#D&G)+ele@MMH;v6#qfG?
z6g7B;C1s7R;^B12L<d^eRH^h5pC}1)={5W5ljO#H;s4dNJ0ao87V|~Mv+&KEH%=63
zePr7;b#--r`ETx#bbWJCP>5XL(oj>od?~;oFp>|u(=*WE#!xSDdj{@$2HPKxjPZC4
z35nqR6!8&;VNT_yZK-kU=-#joB`H$K9Xeyo*srw*)7}`}*;U8K$D8Z*8($Z9jLpn0
zBODjHZ;c>s7KxnB67adLk$-P*pLME5AZYv!jemZTn+T98&?tJ>TwPU_k)Dp|6Wqat
z4gPy4r7NBt^M#x^i|^Uqm{V<!MZ`+Y+}-`HzwZ@0J<;c=>11l7)0B+I_U8@fBicPy
zHFfpbU@`-xqMcz?#UC>zdbO8~c<9*&OTQNBR&Rd2&VJ{?1H6r<6E^VFt;v~l4R!yt
zK5RgX2?m7E-iT)YaxH$$Z5o=8aa&0@x2j}@;ymZY-nPb)lBQ#3%YJ1p(g!+Oi5mE7
zgZPONE(+hy9j59?oP|Oy?Mc;?NH%1<Iy(^v0rz#Jsw(kq3JPU?{WlS0>?SAsDB~_P
zWT9b9O-(Jms*1FvVLRNuf2gyk2k({(*#n)I;9tKQJc;3Yd>y})VWzC??ED3x<E2bK
z=LKBE?^N&gu$qft8A01$&V52!wNB>4bTYcSy6Ob?5v4B6Dv0t8A^`z``OuB<a2)kJ
z`MJ5GuCA5Vx_15Ax$BJw)9K31vy_4!Hvpl;P`7(9jdGo7r!N?GT%}?PN#&HNsHlQl
zXGOsS)+*tkezmUrL)LtF1@Ze&TLfX(^71mqru++h-rRdSCO4GS)kzW)6HA}ZNfsJ3
z>P%NySXj7tKQgHuTE<<OS|$|ZBQ>F+@!1SGJ?;Sj*j&y@`)bS6u9vD&6M`p1dnm7<
z@aorkh{);P#{vQaqoY^=6#M&bwXCo?baZsaj|e4ez>mN~9tsPyc^8=6P&GC-{x#2L
z*hJYLMH6MMAJU2e_Y@Zwf7mBnP6ns)M<4|Ef0}Z{$|9ZPOVhoU2kH3}T_NVAq@=(p
zZFTV5p%}N(2AmZ>+f}`F$Iy3AUHw+ZqVu0`*I0F{aHE8ebJw0$RaVXl%p66oyrQ!6
zeMu$Y_PZqj)3H`>359BVuP7Wg*B&)jyO`SgNjBc7e0+1ei@kN$@%Q$8msX`U37bJf
z=)iz7AY_Y0`Rs_MVcR}x^7+xWx!~Tg>LJR(KO!g93kM#=2oTagI2dT&6*mj_@_B3;
zDK!FknNh%&V_k9hOrVVYyqniyIwmu3QPt0{$r`!({S5_&kkA|686RRyOiYBuP~M-P
zfKO`e!~Oj)j*q=!Vq(xvh1fhl+33PfuncusX7@jm)obujJ_uNtk2n0jHP^1Jr}w(i
z``{A7z;m7?>(i%?fUoOw7rpLHm`3}?3X?&CZfhTW93Mlx^$||9e@rFXUujuBu9mmr
z_^ov@GfMcj^I4c>B+(WvSz-XWMY(pQhx)cxBOn<iKc6^1ry4+P%)CeAbj#lAn0h8p
zqk+RW!la4gP@1$p2B}b-i7!%soRO9!?HQDJGAOs0<08Ir0EQDrl~h;r0tjZ`_Q(*T
zZuDiu9zzN+%9QA5+*;13dO?TPAL_O0>!5;LI&dOv4k6f<jKf4*fL8OVfTAZJ%p|z5
zfINY9q9`Nd33oVuqVMvxJt6fiy2z&vzu!%Z(wjHZrMwq4a{E?G{!;?E!$N=K>Sf%>
zA*6dHgf$~LotsBK$_H$3I0Xe?bK8tUR9LFY=?`Nh4`Lp$yK~MLBJJ510-4V5t#%qI
z06@wRQRGg<zjCkZ3w<{s6{8pUKjvjCmj;K1=q}uz7j|1bf}c~r<}Z~vJsSt@X9vMH
z*4E$?CXR3Hn~@desc~_nHB;*^NAJFagLcJGiZ+w}UT!$W`$KJMnufBnvX?UtO-I0o
zCMI-Vzkc0f#z|lISlJU$a-hHe?UMDkd$%U}Zw0asq}((1S28?xP-~uv8XQy++-$*Q
zWMq_9bA6XMv(XOTN38!wfO;|^l=i8|@t7Is7mIRZh?6b0iUTOORtTiK=^uEKdba(G
z>Za_6hlg`J^YikemsK0>UW_vwq^45C*yT^#Fq`b09AzCH=ISl4#(V=;#s?1`I8m85
z#+(e;vk&Hc>|9@79(bUdS6GNk9fb|Sr>r;Qz=0>p+?%nBGpT12ZsLqVjSLNCK3<n*
zvYM}(@Ot$a%iOv&CkGq8DxXJfRB>Fv+}zxF=<kFn*`ltt=72(mp81*hr>sg8YZb`}
zQG13UmR+J&ZPTH?0F^uiOUX0y@rfOERaMNKp|J1Yzo)MXPB^o44%91T+KE(8QmH*d
zc`C2Vj^9Ur|4zvRk-<F@MgCb~8j*{mzM$TM=|*YK*PZ*SaRr5GRdT3jGD**s44!qG
zUUQwv^o$8@{$r@6m78d9Z;xN2S1fwx#?_d(I4l`i+4-{TWNf*k4)6gNFK?F<EKE=*
zUbVclvvYcB=|jiaufgf&CKnT&u|r;oNlBO^BO^{alo3^HbW)MIk@DJ60JfrlcfUKL
z>B?~D>(HMkXaJV~%3;*hrD^0LY5!#FtW5B^@x!PMCJMb$0$AoLQIz~djI69`@+@7r
zV+uMG$MEoi(MHGFCwlGqMdezW-hP#+;s*TK6QV^?+mc3$*or-()$lqnK7F5Xm03hL
zdUS+%{dVNAU+4bdN#P2rx~}eVZqE~63tD}{tvKTKosU9njaKH9Ob40nhD0%A3Rycv
zjlD2qOtyGgd#SM4&D8v{)!?CJwKH+^kk-5YH00!>s;cjkryD#U37;RDBFZmJog5u+
zw5$;)LM*SrLky3OcB(l;MPZ$gYBN?GtiSH^SbYOKA|k?dQRHN;9AS~RIc3kwN*YlZ
z^26-ig~&~WLaJccRK0uGvfX6W?Amy_@#@D4`17qf$<3Ppym{x#^;-6v32#$V*{aEg
zW+y~p6TQAW;qoNOSLrG%6ADrjAdt2>((Tl5#ti-S<Lo|bsiBB|Ec7JJZ#Xocx%Imm
z!AK+VXFbZOp9XTPjeRtflrMWM-fui_J5pVj8W*1J)vR&d^D3P!Holv<uj;4KXu!@&
zD%)`|*x6UyW}-Yrz)E_(>2zBb5nWQ^(KT@5!&t3fZBGT3Gvx?TM>V+ZMe0_#i-`rS
zcqvuc7#L7zXJ;dj!ZQ=A-4ISrk9M3MkAHvp%Zg}UK|MioWn)9rw}sl{H^x!@%tkyD
z>s=ussuo*OL6@Z)slNN#$%39L({inL#0BT)e&B<b5OwwSLDMJ4XMS05dZzAt^AQ>=
z)^8mt(EM!D7XJ1mB{4B@%3ialT#HqC>;wXaX6&bA(qe<g+peComQnh@C>OkN5wunB
zsT)lj^<&zFg@lSI7{B!h7-$yjg&ne0XJ<<aha!or^*MUQLS69M2YWmFR$5vRqeZ%8
zdsQFFpZkV6(fSI<9Ay3ZW8&$cEZn`SUFTxeFZf(2bn9NA<*M|eZbOC&kyuTAy)N6(
zw5FBcJ)d-yd-va8lb4sTQw+Rv<;n*z5)f*5IA-OV;4sf;&ICE~TeqTV5U5~l&V+|x
zQhmy_kI{a1v)K=#ks<nrC&olHUthn*U7K#4eEUWB)~#DLZYZ68Y}+62=$+YgSG(Ao
zk&=?Hew7fmJI;5;rdu^8#im-0J$mBh_4w4!UrB()p<_!6Z6@Yhr+zgkP$}_4);L~y
z$CGx|MHkO%F^UvSOgl8Zu50>p<nz;(r)J82q}7KD_6|Umpk;OMt9^CXN&48T`d(aX
z%Es=l%jt?{^B~>_m<^a7Ft#cIY5(wnHmAbZq2_2-NM<1Ex*HEkDiJ`CR<ob)@FX%L
z{xNYLrx186x0YyD@9x4gGc$nq+0X6NK|{+id3T<d6KWJ{1&D{>xB24Atd16``Wi`e
zPKAcxBl0mA;2X=xOulj4Bq0g5%aM*_)efwl@zYhH7|He;Eit6wvP2%0l9e<x2v$^A
zcU7c9wXk9p-h$fm3cB=hAB)OfzsPaSu@Eke%9M(Fg&J@Bn%gHWm=^W!9Z|A~zwn<U
zI|qmO=7<1E6W{qW<dMI-tc=Xp)Qwmc%|A;6nZ{91wHY|H!WX2zdgTu=v$1^#uTx+C
z17YgOJ|`>dvRl2-lD<Zb-B;~qKcO|ZdY{{B+1l1NHm(l$@$m4RUeX{uhx&UJ6&2g-
zH=3^hPMWTeHvE*6Q!q^;3~*56G#|b~{s-l|S}Eo4@83QDlCHD3s3_Kz>km0?rRu%5
zwl+S`?W}x1S|K~G#yRec93>^C7w~Y;2Rf{z>PAj{lx4mECMy;XglVAkU)tCps4q@M
z&p13hTuDbKe0_brrfQ6H<q=WeVkVR#_3j%QLfxx*MMWcx)HpaeZ=<6LUHWcxeNAzI
zI`+<_S^~ailWO)+tG|lE(;TQdp<>}J%#q&_&*GcI>%9JE+!p_2x(q&$jc0qaVk`{t
z{I>06)ti}l#Y@+P&t$W*cy*HBwSE*2q1|75Cjm46N!TsvR6n)pA&8s%)Z|N!|MGe^
z)!l23YNlm`K~7-(-Nq^;vDMfl_f_eNcp_{{dV*~KfBHka?Ehuw=fBr1di(NJ><o$?
zdXs7-l7oenRnCQkG3?%2^RVFQW^334H=(i`dM}Wg0q<~!n*TeEr+aHG+#+Wv&41nO
z_wN1DZKX0}#s6{Z>faN1N~R_h;`ZlFxOqMe9iPpZ(VuSbS1}}=8`G;V>#dySCSmM1
ze9GaFv$)F6HV1zm9!GRJvqgl42GXzf-TdCFU5}L~%lUc!kXOtY?)Jzux#hPR)%+zW
zs!-Yp_4=Ux;Bj=_J>shUkCQ6rV}^RK%H6naQLS3L=^O+MNThpt*0uapaRKx-ZEvL1
zcgi)+t|A@|E4xnyDrTIHRa#*Q&}Q6w$F)2oQWr(*?_0E9R;VuWb<FVemf`6Z>kEg$
z!e;Lh)$Gtr`Lwzuo-RAV5Vy`F2Q}8~G6WavjS4V>m#nh27fP#42RVA}V6MLlO&iUW
zl={hNc5`f=UgOOwOYFuvejCjT^ZJojp9aE0*DanBs!5dM#!qw4m$b#Fz3H&JSdv1#
zc+k#n+O^fS8Rd6#D`mO)!iIZ$Y^>And`XxYbC9krX)DKH<fG1o$OVcVhvlNgUK=bU
zrgPx#DjVh7H~w2>G4gmlyGLvHH)m}m(}g$Z;p9Zfru3GDpi09n-AKdpuAo-)5sn1j
zM%*!Wo?xMDrSp9$_0md$3v<KP{Fujtgl!B=fy@Y2ugyu0l8b7Q{C7i9Hyyr@i1-k>
zQS4;Ls|TE%h@8=%@61GEAj&S>6L5!H)=oM~nh(q6L~PzPjJ&2fopboR3wzT-*EX{o
z*L*mq-L04M(tMKrZ^Opv=9NP!5gh)vmIFauYOBwL&$*h;|MVG0!I4-{9Bfd1!|jp9
z_CrnnV()DE@buu>SNol@i=nK<^MW>lA7{dc9XM#yKJe{Om%%Q+PfJ$0^3+wIz00n`
z^+wnE$%StunBv@RrO8nvEfBR~5Ee?r&J?&}_(|xhQI$Ix^OZH4GseFHW3@{AZ!Z=$
zc>b)=2#by8)6Ak*6qc|j&sOz(B0WHJHZ-P;yr_W8C@hrm`8(RP`lT=C9$6lbBxmf$
z^v}WNJ}-T7=sRNJzHpr?Nj%>!CsdE(-Py|7k~$c8E2M1h8{jZ~<$7o8w&4Rm=~#ux
z?~BbMK^qsl@nxqMO-I4jo-6OV(@j6rKE5?192&~#2kwB;QidW!?>twy=I(T%z)a$f
zu;jFL9L5eD3{%)!^$mAeHlt3%>wO<n4wITE$*T&b!g)<|GZhpRlRXtlkP?rzy#+f7
z+r45of@9|~Tf}FyKi$UN19Mxmd&I9iqooa3RLSxW1~=;}NxvFFeOhHqr`dclWSBpg
zH*>Mf9^{pIv3f$WxpARWbo*geJ6M!oCk)QBAkSXlRZz8m_lWHM<@w+D8#z-d3t+O!
zwd>3Nhayf#Gv~QDX&2|OS^FB6%|C39y((G+e>J~Fi6MvN;zjq#AI=B}xvx|D&3hX)
zx!Z)!G>(P!`TO6`cK?WsN%niULyvR)I<Y>U4DHkR=lYB=^Y0hO=dX~OL7}0f=~*%t
z_urMf;i28-p@SFyUw758(53b7>9;=#pf+%b38S|@od0)P>i@>2YbU8I&BCq@8E*2(
zo3VYuC!7Q7>GxVw|LcDIe@5kZP(_T4+~ww0-^*-YcIlj_j$*LX73y?#h=<I4cx0rl
z;!Un|;pFm`hv40)G;sI(d4bk`e!}<f-+%b%5uHCijc_3aZngasPJCBzLc%RAR#Fc^
zY8Q9+F4Q{-eSNAmHv#C}lse1^w{|^yOHT`l$@#uR;mXR&+mw_y?$e%9+%p#C7>Fu|
znMmktAX@(Zy@&YyF@*Zv>d~2>nYnq7qB$NH2S-4q&Dj0A+eqZi;H>35H+Of__DHI_
zE?XW7u;lla$8VR%(ed%vh>or<aWD_QztnYALrzW(87tY-*B8$;c6M@r`2la(OXv^G
zEG9lagjF`d3BS_7)3a8OK}5u`S5aQR?f36HZm5Y*6V*<>cI>Jpkw-^Ij*nC7T+4Ne
zoCM~Z;8eMx5%6uP7VF(HCT8ZZ3~4@>l6qc!{>*`Bfo`p&l+<UKE2Xdxxwf`8;ZUwd
z0m<3f*@uLLFYqaR^%W=-fiZyGY4%$fasFQGl@l-r7azYfW+z)dsefv!NGGSEL2uN?
z!U9V|LW1)!d|AkQKX>pa)Go2Blc@btF`;DNll?FAPCtCZQicDGeJ?y^r>Nnn2?+^^
z7w`b6TCg1&_ec>&L)r4=l$0^6UV_xHoXc1zKYl!g{mE=@Hta1Qw`F8zR<RR-jy}$I
zWo0G$N+#O}5p98FhCa#)4nIpVfI)dq#R5bSi`8_Vf}C7;m!I7I_tuYvg!Hi<z|^7Z
z`E_oq#pLsEn9$EM^9XzXH2-scXdsxqAdMlw_G>oG&N7|d@-Ul-gCh}{wUif*AvN2y
z&dJ9Y+D_wtTD2x3AfS70Up=|?gCPy^LH;Z*Hnt~kEhB?=#L{9b6YqPV2Lbaa@v<&0
ztxQAK)qI#^=_Jb1#%4&r$^YW~t<_I0@RgC>gh$WR8oTf)cz(a(oqo|iC#I~d-0}OM
zU!1_$#DtddO@SOulHC0f7cMMpZ1n&&-I>C|!gSA_kuC<>x=DHor7ITLBd`-#c%9?T
z{vv2U@N(xT)2+6TZI0Ne0y?MDlh(1iveFoq^lld+W|H52d0O5|KCUBa#1+_XvG$u*
zE@ewhHmldW_kAvw)6SVz%8;aYh6VHh!3+j3t0T6fco>@%w!c$2yp)gsE_2EeHax5b
zyal>KE~~a35B%~)?1*YyY1(s<>UC69LDR8G^`!dh>&VFb(Wl^_uka|I#Ep-P&^MdB
zhb%AVoFpjq+qQavMljW1`oQMHV?yu;c69G)!8>QMH>I_eKtyn+p8NIE*;Hh+BNBPN
z{aKpttFK?b0zkc!9()au^-a^9Pc$?%w1QmC^o~kR2muX`nbJ+*1hrw{t(<=-`q&$)
z;Hd#8sMGNuNx%OLGXEF1yt|(p7awnWaegMY!@$50otPN@<HrxrJSl5yW<hGj;Z=bY
z1?XgcZ_sCSb#=`xD2VVB7*J5ic~pG1u(;SYCoL~8;pyqAH;<$PY&*~+CVb%XlvwTk
z2-J`0p6{bam=SFz9!CRM<7sDW&-i=}AKLQh%FRa@HJEpic6WDoq!kvjqMx9PDuu>Q
zDV#n}ZzbS9ae`Lt?gf4oClHG1_X4PcU23OP!bq>ExaqyW_9cS7DL1hhAmArzzs9R4
z+RVZNYPQVA#;MJ+uu%IP0nS|Jp_qvzzZ&!C&OzCf@YLi(LMvH71*n%0qEM)B@9ema
zX^wsYG~T-$)lOU{1$8PE4fb$oL*x_uwtq0dDU<zXnv$HXhMJk%GD16dIt~Sot*E<u
zbuuZ_@%Hw1`u>gmjTsts9Iw__cyOv;*H9A<JaKBjGIDzA1MsAk%@qGY_kR2*U;yIq
z@bO>yy2ry~0BSn+X1rD(jBEo;{GFfwvAf>gjr%X)y7q6ND_`zLL$#>4w*V~7-{YyN
zsprj$$q5MoQ}!WK_U!;aaO?)8Xl9|8Nua9%cnlVq2?dNB>8YvRbfSpv)o5awuCyU@
zTl*ORK?CjmT<frOq1Dq~EPn(RLa4p25)%{4VGt{;)XoL2eEW78FejNbzydr1&VK&Q
zr9S_2=Z3BC6m|1!GtD%Bl=-526E-DzqgD<M?WscEY8x^KYvaT>ePW?S9s(xu+f`3O
zf17IROPiICkDwWj&MtF(T^+arafKiY3rn`|ILd9D`d>#GifQGdonC<rBY@$_Y6pVx
z>wVqbNDU2A;fvFq5BrM97-@GsrK$2~1ce$l{Y%48lXY?B9gf$z+H^PpiSQcYRsI4~
z(A|d=E$)CM%+AmsAzanc)MQw{`0j>4kkX;G0Am~L>)+?Q;xk1=gV6KH%gg&&VWs+0
zObw>b5nIrWix72lbL$9s1uG72d54>un-L|CjCsBOA)WcsG^`n;x88)iSEpL>p>nps
z+($Wvh%^YR41bR^p4}g<oJ2WK_%|5%Y)RDUvDr@5ahr+CDk>737^r4B%u$W7UaFt6
zPuualL#uNY&Rns6Jt>Xvu5$k=)Sy!bej5!t_z>Y)y(57&ADR-r*|=A^fhaF41F|h4
zw`<o!u%ol{Ym@KEUqN%lelyN1d$?zQ{=@Sj?^05Vk|Zm&SRwL>X==vXI}BKq--T8F
z>%9oveGN4ZQjzL|Z;et_$l$kc$gffg#Ds0MR)N+4qx~%z;Co;zNfM9UyPXO;uQma(
zMwAe>Vu#ohXbEhiCaViZ2{R32SNT$UOEDc|f*g_+a`G7%y?i<!zmiqPEdL^+63)ZI
zay`vw`)S8~=kI*HLVbPxpOrS6N=6UZ+1n2fJvv^Hcb=b}e6}4gE5$5$;XrLv!Q@Vx
z5zPAk1W(ExH<OB@cffCdqN&6*gh%aGjZq}i!N~{M<`?4Oxi59XEY-w3_M@}&U7p<M
zW=I8YQ9}OlcT6d!QIIgXV!l?74X)Kz-0HtGs!9ER`rxTV0{B##YPkAjF?1^!)6rOm
znyAcwywnr%YM(ERXtumhSR5L(83kfb@8tzDw?R9F5|$%;l|Zzcw=sk;18Jo6Nz0dI
zfF%8B3;g~EHR=gLAwb?wa7j#NLV7B!k$NPgUO&|ip1fn-yGJ`HlNbQv4&-&J|F?SM
zX3o~u^Q^3_JD}M(V6g#azNI%sAR3ecW4fPBg7v0B91s(86PJJh+fG1GkhPjnq_(ye
z;_v%aN<K#fu!%q&@!I!csC4rwL5igC4=;B%)_m^TPop?qVMVORMh1$7zn1$TkoZ<X
zP%skCkm_*>u{j$;lK~P01X`QX0Nm*koCZa|ZQ|X%y`EX=4#u@SBEq(1;JJcFtl_5(
z2qyI|$gu#z`+xonjf})!`}rADz-_H%y!@HzL_4vf;N5DH3yf6=dof)X=NlK)K<2@A
zAO0c;U3d*_3L`$K7J!OjWM`N1^yK#urcp=}eh|;DQ*jmXd*=vu#vM4>)5fwgBE+Bb
z=58}qbl>C8=BnYvZN%n3obX2Tg|Odd5Dnr3o)1v>Xthbx@d``Bb|;HgqnB&<iSoXT
zVlrO<aIFoygR=Rqg&Hivr<>wnDP5}gUChrpGRT`DK=aXoZe@IYyrZ{QQb9qX-@B)&
zNw}h_>g&9daZe&QBNJ1Yr&4s+{1abap_SFu=b)vSRrEi8pPz$+2o4TD+#OO}^pWFo
zM+<W}9s}_Ub3rrO4ZzI;$@_@0bRE`4IE?^g0>CeFU_%0<arqKPZKIQ8jANhB!EfkC
zZ_(Vi^$NW#lIUq6()043`b~Yx%e#g^Q|nkoX^^DDD!aJ40>_TzeJD9NFo5Rb_$VXO
z(|uM)9{@4d_WYh17cf&9<a>L2cY$9mDk{oPgNrCd`~=Mux#;LHTWoK<Zl7-Se!jEN
zlkOkpvHpwS=b(NDGBQq5Y^Yt@(o0GRfQ>|gt^F<OkaB$l8^Db)fX@2tzF}}gHH024
zFDHinX8sp>gyY&zj%0pkNre)fN*VW=*w|Q)`B=^V;o+CisQ=+!kmh&H1TOblP%fMp
z{9PFr>2(0C{Z*a)IhqS{XaOI_`yY`VHI4uacGOg!k#UK=`P8XjG_$u?VZ_D8#-^jC
z4xTHx)BWgh(f|AzP_Ag5QjO=%eZSK=n!cl-mg|R#onfI*q+j`~7^tXRLXeY_OFPP6
zl{Qk`gVQTJTnzn^tJwIIEjej^;nC62NX_7L+PgyP8TI<Qx)k`-f{Ygvkt5a;c6LRl
ztr%SX6B83?4G}CH^i6jt`;-5zzcS3b`+v|}eFr&8>&8J}S5t$*M#H*d9&o%C<+tps
zy}t~H1=dd4f9SD5lrLsON>l7)ZEgK~&ugw&N?smMM@Ppc9&%@Gsf>EDCxQ9nwi;(I
zk42~D8w}Xty1y=BVi=N=l17{f3zgKgZzEs7POquas$^Amm5BjjZg+S0Ufu1xBxGdl
zq3mbP=f|s-mX?Tz6v#Qeb(zkP%cwKp<O`@T?FQCyeuxM`KB%57^4@?Lr|e4_92XZ?
zN)S7N+8re^52e}iTwPvP?jaa?^>GCY0VG`AWW=22c|YoXY3fQxN9ZXbjkHWdfo91x
zx7d5q;(!1QK1zK4shJt}4KgUOASc)k$ocpYLm@}C@@ybeYQEV7^99(KOFez&Cjt%h
zhuqvGWe381eB@kxt9vGpN7|0l_A_nxF7~CxciHhIB{w_G%S>ShE4f0L3TmBwJ1Ibk
zuP*9fZLNZew@<qge~!0TL7%GEMx0WU8>8sg$-p;1q@6qcY7!NvSlgK+V@_4U)Ni?h
z<Fk`h=v$^SDmy#|{HA?%>)ckyvGtJW#C8l#4XhfdfO02j^&Tsps1@3Ffhd75MPVw(
z);tC2i^Nfh$z;{l#zqNOE{b{TO}LolI_Ldj8-DMrt(_pJyIMq+_h4djvb8Fw%)Zl^
z2<6H;q3yXIgJRn+(u}L|+p{boGf(JryI$E?hKd>L><cPmSaPeM-SYz8G#p63^nE32
zajq{t%Pv^vGMC@~cnN$CcpErR>p#To4;%P%ZZ1kh!*0WoZxhW$%Q+L^<C~lv?*V(z
zxIQyjIc{s|;6RY*ztn%X(6Cw9tX4?qAFYTIHmzES$<g*a$B3Pm*X<~w{SV1(Y-|gy
z&oeF)0WGQI?gzO#nsRiitF7f%g6_aoPyqpxc^O(L;%o!}PVrszi@ZQ8?z^KY%(Gfx
zJ&lb&{!-8l`8Q)}<mIIkN9RYNsrfnO=OPdwzrO}w4_IEd8sYi$>66n88JnIGRafwJ
zvP<yayHOu2D%9d!|8@|LJg4M$LaN8@e~6tAcOz*>kEu^GF|FQ<R4!zhP#Jz&PXjBr
zL$_a2n6|AYo+A7CLK=8S^;M=x!Ne-1RQ95k6>Ie=WbJ3Y_UK-Hh|Nj@%#(WB_PMJP
zp2^V@x=%e%O$6pWiBCW>61SI@nyN7(o}8nUh9@-PrkP6o32q;GCP%3W9Bu!ziFv1G
z>iT^hc7RJyUvA)V`$Ecmo_BZdd@ORevdUZMV2sk%CY%2(p<C^Epl<HFyf34rsD5G~
zmc@f6<Z2bf#W4k`qpStyopOfqyatICvnP(w1v~}CP?40ER~@Vw_SR*etv?bYJkcwU
z`S`9v_8u5`Nm~KVG`fIKLh~srBL&fkIQG@L>eL8ewJ4tTrN#~cF+?o|wX;(FH3r4h
zZ|hU_^8f?^>l~7@73Cf>r0oYkO{0u~)3OvY+Go<+O~%5)Qqt9Bi3cEPHTm4JEWOB?
zD5eT!!S(^DG`eCY^(MZ8hs|wW*7qOKYlp3L@-#3=UAf)e)pcElj(HVe)xzg=tKE1t
zyU`$K%sp#gqqD2){n$@vngDY%-_#BznEg~;>7J4o2oNy3{Yd}Ce|EiHZ93bZgeFFK
zzMgXAVPRE8#pOMfE6@GJ_hKa2HGDK4kVe>N=L0PSw3X8_@JIP-m8oDssE}0jU7}lv
z`9&d>soS@2L+H54X@geWsk;R(*o!r&J^*S7vUs3lKGql4JO_@wU;%g{Z2eplee?cN
z*|Dpgz6SMf^4Z1TqW1OQXtC?*1J9O`)Pym-EZJDLr`PC30*nk^BF!>YWNKa>(=Y#v
zv$~U-l$hn_@82c)XEqM#*x41`lN=WZ%{V{S*HeJYK97=4mDSaQujM6|aHeXP(UqES
z4NnE&%eU_bIgCAVabqQrM1Nb+DUW&j&dC{{_kJPsl;zEmu?Wy<<f_IK2yVVO^@UIi
ztt(?pJ#lgI4zA6XmKV&y_4ZSbfy?EzYy?j*Gc)Vx6|GULRLR;Y@yV%!&(s}XXWN_n
zPHdgMdMw8{lNXLnStmr=EyC1%aeg9>bqxRm3gIg~L-n<x1g3)QbC5Nl8Q?DeCzKBQ
z@of6}-ln9A9U1lmkzNL6W?|N%K{r+ws1zh6vCyT3%aBf)+0$-wi7u2Iq+#OJ)srZV
zsT&oIqytsay`RY6uujjndG#(1l71`>&?=eJ(uZ}}bIf}N{A%gAZQaJI+<n!K{ZZ5M
zaWe$4wV+U=M@yn0qD*f0+8Y_&$)_$QC(l~zNszk_W=Y}h1G)Ac95^Vj#G_+G_+`XF
zmCR(79hwVs+*?ss?-RKR#{!xz>R5Eiz$A0=@O1jNt5n0EXeu)MEc!WVw<tZ#8))AV
zQJ}s_f7({PowQWtH_?q~BO24Z`>pMky`u`3>jP%ycR`FV#wlLZa4>l%Po!GsCh0zZ
z&H<&#%CgtN`V_~fnU}7sqj`g21|_^J45(TqVFV-QN}cPfnvf<$Mlawr^_U$BKZj;N
zC<aHWFPi4=9~vSabEW)&j%XXvSl<xkdG2uDCm-oF`FQ@^AJx6+|0oVx>MJiCRMJ>9
zi*ak^vr=972J|8fO32*m^<CFZl!2avqmES>1iAt9ehBAg4~JPyt*vo@om9S3+>^u$
z?FpeJ9sJmE*ZL_=Vlw%u3W6nQ%x&5EDrNVR$|;h3@ZC_+(72!W9W)3()g;8lgH{AA
z|9t=S0Q&>gJDQ&Nd%&bp#AFPwVgwfyaB}DUx`5pBAE}P=w55d6!=#?vq9Qz*fxUx+
zg3f}XqBkrzNXf|N0DbZaYao1c#1pRy3p{?Tw)phdW}9lIQvzqv?G-&ZU3f5wUR6I|
z+BmOZn+RwL!WMj8cFCx(7hv?TS-tPY`q`j8npM9}ZA3WQ{*TvKTCRB3{;1d5=XP|3
z0LdW6hem~*oE-6{=^Gm-AR>a6F^|JE<=*rC-QAaKdrVRELPEa1hSvxD@N&Q>dF}Kd
znX8{Fo?O5W5$6rcYB%GA-1pv+jz-gl`{R`S$6=<gtL!^hwY>d7i>5X;l+j3|vUYf(
zX7z=Mg{8H`Z;!=qiNiayLD&9;;D!r>*285(+TTexg&hjr$v_h{grLs|wif#Yoa>xh
zy}DJNC06)AN={A9VO8@OLn49P#XqWhxat3k1poiO8#g2KO@V+~@I&Yn)Lv^xi)o5z
za<&wz7NptRm%D0LgfWN)p0vHb-4-PDKX^^xor~DWtRuR_+{?@<DN$sjp{B;4(1>!H
znrxeOY?*cZ_HU-)7L0qIB7uE*N}>kA64d6AqId52gQVXzX!cQ`V9>{pcOg{(S?KN7
z*4Cx9wU|lz>mjY6iD!mkNYu#<go9WKqn|@V<1r=v--QJeBO_7nW~k{v2<Wk1yZE;O
z3SLCZ;3wJn21p(L{{7o6tN(@z9t15GXpCBZsfUAVryb8o3Qa>$yl!=}lq|6o6c)bh
zTWke6JV=ktHoJfP5VN;uqr}Hf^<21h=+l%tm<x3==llf7O^tYJmiI!b@Uh{AhbM8L
z<oH8$O0u$$#qXi2UIdjw%e>RarY3_*hxy|PgKPsTm?-*v1l?-T26mugPVUR_fUMN9
zeu{9+xqb>JnH+L^V2Y6`F#jqM1Oxn9s2tj$;cfQf3Ib%R5NAGSW@5tpI)3~J`yi<g
z>i%E$yq5wHP!&S;2;UvDwq^@$2ucArxk|qpBS`Pev;#yDPzdVvhtxuVgj&=o1%U6C
z4`u)YidG#E{#va;q5h;8-g6+~$qgBT;tv+Twgev6rj9@Gq#u-_JBxiGc!l=W6p%<u
ziHo-ij=o;MkLCrtbyupYtI6PN5ij7`P}=_K;hnjR5Ip$hoKLU@%Lsy0m!LCf#`M2;
zHaDj))F`m_Cfp5<H}JX!a<A;tN_gwy4M=1=mZ87ENltVoQPa}-LT2Z#Rbc*-@3cLH
z@%&|wxc*50B=-oj<+Ew~lk=PufWbQq3{qH@V*HSqK2RO}!;lz)%~8WhPk+T`v@oH%
z>aGlyS3oRA?1HSyWp$3<jK9Y8p+lijq~of)U*a>S1#fjcde)0(A|`CB_+#xVb<{Hx
z+M;;Kum2Is)l$rI2wS4){Kpa|ra)^qHy)@oOQBkvnuixF?hciHPK4}F{-WLgG=#au
z?pF;VHUafFm@l*nJAPM#kQ$sNovV0z84RRii)YC`h8j)%&d4Y)^tvsny~|v9iT<%q
z73?!|Q+m@ik8?X_2-+~<c)5~i5_1X9QlrtNL=$uvoKmm;@;+Es_kANJi)*VA$z^Y2
zqk5$VR58$DU|9M<`$mCO$lT5s16{juJ2I<i(_X)^LdB-cS&*M^BKpZQmP?G}#c3v9
zr~6wl6gP?OP3)m5(I4OW{(dE;arCP-usWb-Z;j)A`0xeneO}YCin{tIokci7`L6J8
z2*|X*zcp_<T1eVv;ei)Q#Fh;?mY%X+Odm9n?F$uMJ^!;Rg>--Cy<W=zd}Y0y%pDAW
zgQeeJf)F>H-u69V@ba&oW2Yn>`1*G3fJx@H1AX14ACf-muP|SRhDt|>abwX2PfkwS
zbfh!V($<wf%>8~R;rxaOAz@E**6m#AX;r-C_)qUDNk5Ug2xr$M20r83PgOM4D*fbK
t?k*wWKuYNU1i$|Oc{A#N1k0!Xwm1v%3^q3c;bk(!QwarR@e`xK{{<=GoLv9_

literal 0
HcmV?d00001