From 9c4a5e6193eb2fdcf8211738f6e5d169fe874561 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 27 Apr 2020 18:22:26 -0700 Subject: [PATCH 01/27] exception text --- .../tvm-security-recommendation.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index c3e900103b..0a890f34ba 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -127,12 +127,18 @@ There are many reasons why organizations create exceptions for a recommendation. Exceptions can be created for both Security update and Configuration change recommendations. -When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to **Exception**, and it no longer shows up in the security recommendations list. +When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes from **Active** to **Exception** (global and all machine groups) or **Partially active** (specific machine groups selected). 1. Select a security recommendation you would like create an exception for, and then **Exception options**. ![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-option.png) -2. Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration. +2. Select your exception scope. There are two types of exceptions: + - **Global exception**: Global admins will be able to create a global exception. It affects all current and future machine groups in your organization. It can only be cancelled by someone with admin privileges. + - **Exception by machine groups**: Apply the exception to all machine groups, or choose specific machine groups. Machine groups that already have an exception will not be displayed. If you have filtered by machine group, just your filtered machine groups will appear as options. + + If a recommendation is under global exception, then new exceptions for machine groups will be suspended until the global exception has expired. + +3. Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration. The following list details the justifications behind the exception options: From ae8ec06b5c176e2a8eaa0910c817ebcdb02cf52c Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 10 Jul 2020 21:05:56 -0700 Subject: [PATCH 02/27] devices --- .../tvm-security-recommendation.md | 25 +++++++++++-------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index 4dfbba217a..7dd13f87d6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -96,9 +96,9 @@ From the flyout, you can do any of the following: >[!NOTE] >When a change is made on a device, it may take up to two hours for the data to be reflected in the Microsoft Defender Security Center. -### Investigate changes in machine exposure or impact +### Investigate changes in device exposure or impact -If there is a large jump in the number of exposed machines, or a sharp increase in the impact on your organization exposure score and configuration score, then that security recommendation is worth investigating. +If there is a large jump in the number of exposed devices, or a sharp increase in the impact on your organization exposure score and configuration score, then that security recommendation is worth investigating. 1. Select the recommendation and **Open software page** 2. Select the **Event timeline** tab to view all the impactful events related to that software, such as new vulnerabilities or new public exploits. [Learn more about event timeline](threat-and-vuln-mgt-event-timeline.md) @@ -141,24 +141,27 @@ When an exception is created for a recommendation, the recommendation is no long ![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-option.png) 2. Select your exception scope. There are two types of exceptions: - - **Global exception**: Global admins will be able to create a global exception. It affects all current and future machine groups in your organization. It can only be cancelled by someone with admin privileges. - - **Exception by machine groups**: Apply the exception to all machine groups, or choose specific machine groups. Machine groups that already have an exception will not be displayed. If you have filtered by machine group, just your filtered machine groups will appear as options. + - **Global exception**: Global admins will be able to create a global exception. It affects all current and future device groups in your organization. It can only be cancelled by someone with admin privileges. + - **Exception by device groups**: Apply the exception to all device groups, or choose specific device groups. Device groups that already have an exception will not be displayed. If you have filtered by device group, just your filtered device groups will appear as options. - If a recommendation is under global exception, then new exceptions for machine groups will be suspended until the global exception has expired. + Some things to keep in mind: + - If a recommendation is under global exception, then newly created exceptions for device groups will be suspended until the global exception has expired. + - If a recommendation already has exceptions for specific device groups and a global exception is created, then the device group exception will be suspended until it expires or the global exception is cancelled before it expires. 3. Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration. The following list details the justifications behind the exception options: - - **Compensating/alternate control** - A 3rd party control that mitigates this recommendation exists, for example, if Network Firewall - - prevents access to a device, third party antivirus - - **Productivity/business need** - Remediation will impact productivity or interrupt business-critical workflow - - **Accept risk** - Poses low risk and/or implementing a compensating control is too expensive + - **Third party control** - A third party product or software already addresses this recommendation + - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced + - **Alternate mitigation** - An internal tool already addresses this recommendation + - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced + - **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive - **Planned remediation (grace)** - Already planned but is awaiting execution or authorization - - **Other** - False positive -3. Select **Submit**. A confirmation message at the top of the page indicates that the exception has been created. +4. Select **Submit**. A confirmation message at the top of the page indicates that the exception has been created. -4. Navigate to the [**Remediation**](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab to view all your exceptions (current and past). +5. Navigate to the [**Remediation**](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab to view all your exceptions (current and past). ## Report inaccuracy From 7255a9f4730b625545760cf13e8710fa7b17dbd1 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 24 Jul 2020 15:44:36 -0700 Subject: [PATCH 03/27] new images --- .../images/tvm-after-exceptions.png | Bin 0 -> 29069 bytes .../tvm-exception-cancel-device-group.png | Bin 0 -> 16894 bytes .../tvm-exception-cancel-global-400.png | Bin 0 -> 12719 bytes .../images/tvm-exception-cancel-global.png | Bin 0 -> 13617 bytes .../tvm-exception-device-group-hover.png | Bin 0 -> 11884 bytes .../images/tvm-exception-option.png | Bin 159108 -> 0 bytes .../images/tvm-exception-options.png | Bin 0 -> 4753 bytes .../images/tvm-exception-tab.png | Bin 0 -> 16105 bytes .../images/tvm-exception-tab400.png | Bin 0 -> 19531 bytes .../tvm-security-recommendation.md | 84 ++++++++++++++---- 10 files changed, 65 insertions(+), 19 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-after-exceptions.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-device-group.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-global-400.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-global.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-hover.png delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-option.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-options.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-tab.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-tab400.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-after-exceptions.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-after-exceptions.png new file mode 100644 index 0000000000000000000000000000000000000000..c4ae7c83186b37cbddfcb53477d4a6df5dcdfa70 GIT binary patch literal 29069 zcmb5VbyOU|*DVT3a19>Z-JM_w?jGFTU4jR92<{MqySsa^!CiyQ-~@Mg&F{PSyX(HU zp8YXv*7S6DRh_CjXYYMZMJOpqq9EcULP0^HNK1*SKtVx=0Uu|0Sl|lrSDZQE3&BxJ z%LNJwb>Qs-oy>qr09=G~m6jKW+l9l!p&=UHRi=l6B88F``>OUm>v-K?Qw@^+@AZ~; z#CXA#&9Y}{*QsSq-^Lo@{fUWM37W7gZd+}5X4TgbMhuT!G5ENQqSeUAkE>_q*rIIf zHs$-GYQ~x05cC@30;{memT_Q~61-{S_P(|R$e54$K7yT6t1l|Ep^52h$83--) zC3u{O>LHR5m;CGt%CKj>!q! z3@XrA6eoJwwyyLzqj&Gam z)PAe>w0Q5L+x7ATkxPwQj+~KE?hzMJ5T|LJjrH1_rg3Mrk2^7-b(QIhpbj!@%G0be z{Q@P&ydf$530JJXlZ6F;Q;3;CdStI5sWnK}w)|u!#q!ABFLN=W$oNhj=Cy6PXAPyt zdo0bG_3HAI3|cCxgVD%1ZA#KYJH)RhgzA&q__Gs3b`ue$mOlBxb1 z5`i`IdWzm?nOgok+W7jJB)#s1l%1F2s?}1?Q~kpAX)$_^T%Gdc?zxlN7`HP*<%J@A zY*t`87wEFNA+7}p4G-Zn$4}9}HpH!t{+_d_@-3Co%2?#r?S!PuPy%mcPp-6hHy_ZJ z9EEM8$3<;&$h`OacUAY%9_QeGg}ASG_amxYx8lQ+@S)xg>fRO_M{;^R@R)N_P?JKT za;CXNXkGvB)3Aj|WS9lI$MOdL?mv`fcHin#9O_jrLz_?~%s?J-S1RT0g$;9OY8M)I zDmOVtD)#sCm)?6kTvReI8UAWz8U7@!#bjKXTwy#uHZ|+Ri}djYbnSlmC%0+jg;hGr zS;HE;(S&BHh2IWr?bO`O#OVu8RWh)}4=S_^#n>gaJQ}nPj%~l;`)8E`KbNhYs>kZZ zWwI~FS~p4w@0k&!Jm_%w`IBG1=^iFkmX;?GS)kG%Wes=CloEP=3UOGZ1y#)Lm{+RI zuCKChcIZKred8f~yB(oRsMZjYNVa+3t_Q+mj+vy&>uj0&?wtkod@L&n83&m5DE5K4 z5%h$bvs`96t~A*^PQu+LB--Pm#echibEdR-`I3{pn4G&nr<1EuO~GNXl*efeacVY8 ztvlqawAEidZaP+Cw-7H|{LSM|r_&ir;d?T^v$8dr&Ag`pw?N0xee0h*>;7tyKjSOU z*ZJtSmrSCDYCQ4RrQWe&No0ngTng#vtnJ!X))!$l@Yz-W3_Js(+>fB#8OB|1#JfBF z2y9HP$8R;ZiWE2A*`^(fG8Ps@Iu`S_jOSdj?kz41{L`a#>u#Jce+H%(Inr8x#}<%q z&FD5pgHHI8vM<`I?~P&2va?;?-Df^X)mSVkG&k|)Vg|@+`p*Z&@kp7 z*PYSSbY_aGm=hK8D9o%ZkM<5G?tj(m-jaZY)8Rj;*o-_FXHU=dii`p&b2*h@fPg z5d&?4dusFNUO}Ld+l`@@6LLhAnBWj`W9@tV>cP4C*QCKl`=VkKR_yBQ@63$a%#|K2=j&Mi;7YjHIHzknnLNF={3o`0 zg}21pe*U^%7u+=?GvuA^>Oo9)GFk`K$T4vzOvb#kT5)&buyosx=r;}i7PM~#!9BCz zqp@?jZ~wOGqok)L%2t%&@#NAK{>8$ZMvyEoSg<`Mt6IcziIO^a zs|*wts>%CcE-3AQRZ63q7T>Ulq-o}#nSXscW(UlKVPy2c)fxtS4Tpyrv(;=rt59<= z=do^`w?T$zW6`^kMB(+qMt?GjMb7LnH&7h6rH}e>fyhp$+t*@?gTx zTG$~`_EZMbD9>oz#~$I+4g29Fzs5}LtQ4j!j>QjOX1?kIBcP*Av?#}^H6E_BzVBP6 zr8N|3^ZZkK%jUjF+M$X&0Cynur)7wq8uRN|Gkwh-8>?eyy_p%Lfy9u{6qQ4qKn$Oj z{FUNh!sW(EPbSF`vhha8VPyaGh$x~RS~OP|S_X9qfY#;+KIo57(NITE)uc0OWd-;u z3Z{Ck4x>FIObVUReEAL&x-UtxbVk^hR=*TpS&HPRF*$wt^U4dBxbiw)mF-=sZ4;E| z6**@_pb0c9bH?R`Hx=?PaK=Onm@B;#UPglMW25 zl<6K z5)q9a9}g7mZaO%{(6M?(p%fR|@{?-2xVF*yY5S@See(|d*+y59c?aFyF(}2mWq( zCGzP#`VgBnI{Q5tDg0?xle`r2yXtUdeghFNBI~#tFW_c!i!I>>{4t|lhfcOr%>Iy@ z(YHES^2hfh{ti#eG+5Z;2p3HVGJ1-7OGECO25S6OzMiQZiDAxqwyT?4>&x|8Kn|w( zE}_22Gyy*?Eo!0R^(yh>61m?;>ND_Ydn# zmRpl6Z{*YqVXHjD6gYd+CGbz)pKRqp2!6F`+o6AoI*;mPI)bR1n|>Kr$H$&@DcRI( zE-tRUw&YkRNsV`>OKq3|wovo%=DHsGCk*_j*0m^mJ<@}&X_$EQ6_IwdcXjp_eI*US^$-B3; z*%JEJhd1Xk8Ef@H4ovLwjr+CfyVQGZkf>V~U(zTejYpRrBw%p7arN}L4`tErThlV6 z9$yF*?EjdJ(Pi?lYs`K>Sx&_2P%f(S-=o#(e&u%Q>W*&R7(B6iMJ68;#&*1tK@$vS zw~}$}wsul|KXCL4p{jfJ!-Mn97vXu5b&Erq<1E+N^sZuT%2C;DD*4^Dk`^fgt+lh*DKAS)HNSY@Fja zJ0sEZvV|?G$fIAiuE~Og)hA87RX@QHD6m7WIpy^9mW~f0sD(&lwG?w!2QfvI;F^%% z{uPVK!|6Jd(oq~WSh$vp(aguMPT`Rz&r2NIKQy0b7%KecIar~BmUOIoKksdg;1_~T zV^mz6!xHl4dHmKYX;0in7hsMWHl){OCYlr9-L6U#aDwiN?tSxm^;SiPEJq2zP2}Q70m(wb!2F~q&oUF18@}xiw7;=WLal& z8r!g&;6EXSXOiYmqc3rp$rp&Gt_2|r2hgwr)IAu_DEa+2SN zZm6~v*RptZVOi?u16_0XIj5@`=~2|%pPcJMBR{EjDM6HW0TGif-OK~~-zIVTb@3Ur zALm`kU_mdZ7)9nos4pywa3}JxI8Eus%df^1G3D|>-`ak_9$bGi8kdtJ-)CZ{&)IhH>tR`a24m<{Dda7n-_2ZXz}qd=?fQOuK0pwe{plimqstD@<+^ zgt4`g$=~mUbJ;~%iMoB@6ig&4hX&VN2iU2F2ZU2rwuCm2G4&HJphy(zN9$r1V|ZCH zZKi3*#YmY0VCc62PCQ5c**Ca;QZ5DrvS2*<&}o)}5J2L<{cpVjkT`~eyh)iP1U-GI z2L73|;sq)&^nOK76T*`+L^r-u#Tumea)rZ4$r}!>+_B-dgN%wn8H|^c70`3N@_oGl z5KF|m58n5!w|lgDoaG$len21##q~wUSmJ*-I=$CgUBZAzUiS0OpQc4I_kC$8$p##! zXJ>cHq@xKSued009p$xw0c|-REieK1Aqa5apXV`Wpp(Pry6f&NRO$#k{p%OFni8#Y zS!ur^6%NGwI?IC%3~X|~0T{9t(Ek%JiT&MmEXKEPdYpWPXR8C+EuI8XU=R-c7zwf< zlPEF-=^>yRf9ddlq7KI63*_^s`u{2&g$h2FUgDwpuuHZ2_N4?~sx_dgxWAv?7*7a{ zDQJwWAsaUbI8h6x%}Z1+*8)R%nvP~y@mrhu|IrD zsDLctpJTyc(j26?t0>RBORxWv#ZEa$pnO~m;%Ed{*@M2{K+s;g%7wSi+A-c!0ke*D z2=n0vBHaHKBEGXNY1<0Vht|QF>v-|>AtB}60$kU*G987M$8^`-$IwXggp2%e!WH8P zeLx8lt?o?!#)YP;aYY5*hX_AYEkNIJyVbq)@PTtQUYSRILfsV0{k_-HK^cK{R|pz7 z#A8JQGB#b0f;XoEG~aDk{SH;}6N_t6AM78j9L%Lhi1f#TTd~)FEQb74pqHttld~Bb zmGX-Ws&5d-74G|0xubQexTG?r0KMgsT4?~+xJKNt_wc;qVZhq!;V(?9s8~?44a-eB z)2{pQyrrDzn!3pI{NYwe$RAr&{&C8;Nm(o~2+#TE(tm5JVwiVH=lA7F*0>L>S*g1d z@3b6fR#{B{DZF$+(vnH#Ol1D%7J*PMtDtC>g@69IbzK#bzIsz)(^{68sIHl?oLdxO z57sXJh2<;V{;N@m%?2Y~b*{&e^?@#FK)Q!UEeo*$RIJt@oL4!Enm+kUAg1Y1nqx)0?o(zL-pK@GY0Kctlf@I~va565gp2Tm;J*k-QeUOxVxdCA1ru5* z=6z9>UR@Lub;20+9l6lpzRME`2gbI z{v&qsE~2fHiE1%o;tCfJiaNe^&UZQsQ}Ay9cREp7Yh)gn{?|fIQeol`1^Rb>{+O%^ zt>u39i;x4R&JV%8)NkuAY~{fzP!WMDg`jFAFw#XEGup)y-o0nxg;m;*CCNieeaAD; zt*qHy73-PGp8>`SV<^1*kjVFu2vuC}xKm=c6ZOlZTMou`?=|O}ueyir_T{_0vruK|EAKfST{s?sKsD}1apmDs&uoFf9h&CIFX>+f|X+`AUU7*z5Lr(Tf3wJEFi+ zQ+@gv0y;-XFkipcRQH!jwU@zy;~+8Dig@HfI}F;VBZj7TUZ60|dY#+x_;?MsLYKx> zd-mn#N-T1vx_GiI_A53Zuw>QrRe3@y1@+`1HbA$smtQH3x4LP6Bmb2Jx zA|IgInErXiN7R?t@Iz{I>Jf}VGZrQMzjU~55Q!bC{U2l-sBNBC^h6^*WLNxj~B zFWjf(9BWqP88?$bG9I)B7~_Ku;@ZiHc={w%CrmhvX6j~t0!Aa>U}q;SIi|&Qq&T2l${>I-+v07w1hru!x$!e>0nr?W8|+seiNqgtxY!@ zGbkzo<3i8Q=N=W&YQGCYSD2}wlxP(6-Y}auOuc_T^PfBwJWI%Wa_c?-cWkY?NQc+T zS)&@O@$1~4jc49+B_wt$Oq6l}@zACuigF+v$W*YE0TC(gd}o-$@9De!X4^zRny|o} zIEJy<&y4@1B2-+^O-46g*0qWK?#SxuIX(&d5$+7fKo|_t`Q`>OjF;lKNQaVOkX~?` z9X8D;a}b$zAHuyo&T4rDlXoevzczkABvS+8S=z;ufgs$Mjq=UHy&V@zS$eGwt)d9>rZBF0tEl_FXqvu!bFxO$CTq`9nE^*t_7a z0m;8S3s~F?VmNyNiFI5X0CM7_&soU{rSi-;vJKM5IQm+Y$GacQvI$ zv;8_aFO2w*KM&pH#|L04J6=w7jdSkVH+7l|H;?q&7pAKX$pUirP z9XMUfcID3Q<;K5z$p7{BT4*-)q;!j+-u&XY-oO{C5YzZB5$I@TG7A$8A6>wG#6cFn zN3TOhyT{o@kpCT-|LZz=DHnVm1%NX0S3<9C*zj}7uUR2}TK8GrELxcVtm^0c zLjLN!Z*ZS$5c7BDUYlCc&$c9rVW7rH3HE_rmJJM~+?AL=P80exKb(ru_MfLb@b;=VJ+vGU@;Wol~kI#w|%3~vHUteDuuM>G* zUS4o;upuj+zy>1#!#U(i2^lEn3T39-6?ZiG)#S|8dO%dG2%n`ya zU##Qc<1=v*uKr2JcFx0-iw}rhC^Ftw?|E(HoVK+3J*^^7o+~g_hrqTH9Tmm(F;yet z{oKB;inLjd`|VNI+4e7XmXHaH+XNyTWADV|6JigU6;~aqdn)w`Dp0$n@Ac&9&C-|q zIP#AOl%V?QHP}Nxms2Fji;9h5GH692;#)ia#fHJl0+9`J#n|`Aw&3%C#5C1#cX>JU zbDnioqBBUF4K~$-;8O2j-LsX@rc7tPC%;+--{Hqr>m2#PfkOM= zIM-``svl62J@p%hp}3H2A|js3WUf1=KnQW#C6eja!$H!Eg!%l{9Si4wHXFwexz=AB za#meQ>H#xvzsq^uk9E1eY(h6oufI8|cOde+F*C^Bq=zW`(?$Ny@@A0mynaR%uO(5} z=h~wWJBi%RGO$(daHS1%X{Li@sREsy)oePrh&WFp$@JDd_@}*??3eU!3HPRdw7fMe z8C6^v)Va4&9Qj;xai{~qauXhE5qfQHHg51OD0w`pbXoE7KSGW1zCES$INSJUztK_Z zbF*wABP$!_{I?HgaC(FLpIr5``iSOY0s6m9J~O@kVwubCY>jA;r^B({yw4G*wm3Yc; zS*^R5)ATkl&m4l^-gwoTXjcq z_ORVQt9d&w!ZYo**jtxmO}!l8$wQ$@zQUzlH@VC;vy<=sncnGUncl1Vj|(oJ(F|W&o%_(Tz8;;r`mtW#Oa=3&^!4) zeOdp2%>1`LvDH~Srhj3U8^a>Z=02%@g>OMd4smRfdv?Y>R8_l@f_Xt~EwXcNMf=G@ zK;%Rx&$o$uNhw2tSKWHlW;v^DLUCQ}WY4^EC`lYd?&dGgF;p)=lkKQ92G z!Aw9Jbgd{QJ-!G!z_idEj^ux}Oql4J)u?KVEBiHLz3MaV8S6clbk6(Q zZ$X3U-;|EiquiM2+h&9O@xYcg+T*NV+-7Y|7xI-P@Zl*WXR(pZjTmJd^7>I%>|I3a zSnWHm)I?9Vcl(uay&W-xEN&!s`4hm#S065!a5&>Ew4ss0@y1`=@{~rnnYwB|wKO#x zo*CZ%y!~sd?K6?Cp(CQjc`P-~Z13MSEaU19QIi);sN;!PqiUf80SY2_f=2(0K3`ur z8=x^P=OU(TSCC_*DffqaD7Q^S%*QJZu=rm~yCQdq$X6E&i6qEVIBijGCAe$DD|>yQ zZ%LlGKBZYC(4!5wJbRoG&7*KcrOL2sGSN1fBks&%Wr(b0N7?DxKL2-MS#YSGp0a;lDJ_J8BOE8o}W|rD#OFLKV=@ z_tWLy7f5D5bMwCPIh4FhUiS9W;m`n!vrW~1rUg4svU6*%Rl;=svuCobowxSaS|)DC z%s;A6h0}2Pk$3-;zt+;CiMgDlT1UI&?a75_demkeI;jAb;j5y?fEriI=OSSeh#xrM*c~_ggsz#VImS^6-_^POox5qeRXv{N7!9_h|{u~oclfGPKk|9 zPFNYlPZOO3k^J(Wwtmv*B$Q>}kQ0iHj**4u_VEcNH(So*CyC<&1)tbcL7F5>m!78*uz{Uwh0x`@?Wk|fBTD0vySa)mo_IONwTPP>*C5E zNqwu`br}(OwxOr?Jr>Q2HDqdQhXT*Lk=GH8oGUp1m%@_`r45S;?`~%LZQ9_!RS>Za zb!h(lGE3ku4=Q>;_q^!VZS_`VG=O(GmD|~~dUj$w!BKgvl`glv`HHnlA~5?_a1>s< zpC{Fo)s>MwOh3|nk5l~`1({TMlb8lHxnB@4FuEfvk3xrS|Eqzgjs*#bo!##v;d{^P z>bt1oV()_ZO}@8AT-r}1JL-zQe<-vM!t(xjON?m3JZJL zhm9r>9w=1VG%_7K_cEEAOzB)ryQeqR1k}?OO*4O9ptyOROGzGiU}3|XuSYn4o-xtU0;S+vqGy;{w#>tl z9t?jSm=ojjv}28-SYX+&_nFs37Tm&3d;zTbI@yjsQ2?ef*j5M^*$mP1sB#$SLB8kt zg)1_ws@h1o#zu4y)Lqg$eV<%}9lc;o75DD?`-^=NxxKMrIDs!&J9^&R&xG#aBRres zTc6}`@w|u>KWCV_RN}xBX7NEs)b}I!k4l|HaPUG6e4!wTY7#)=H!Z>9N<9NTEtLFLVcuT6xNYPLd{T|V;7_$w1l=^J|^s68d-Z6 zTrMxcaB~PQZh5I-S`({m%?jNJeT)t_{ycGd;LPE)_weByZ?#XFg-Ihb*fACjWuW5k zU7v89~=*zrewrod1ltmX#d!TmfXxO9hlEN#TN29T8dgGHtfGP8WF5RVUk%pI7z z`w^-cLd~^bV9#qp`h{E~xn1ozN6b0636ji623U?m=hvA4dvb2h_0nk~KsJu3mTK=~JT#?@m+k^~vHR^>}LRvH-gl<`o zEAbHG%hb$HAXP0^|F9%+p{g2QpX{=>BpXjYL$|yxm(_(ZrmG+-WE;m-KiPWSXDwsg zup(kq$;}fb7-L5E2cKXIWabkg893 zt9k^~jL?N7T2veqx3>by0`UKjipghqR8;!QcgTL*b83Wh{1y^CaLJxULK`6z!RY;& z0GU!%WpkpM&1*L57hn~{s9Bhs^N+qd?Et1(S_wfV^$6qu>~5BM&(*@$I8#&0OmR3#D3iU z+orn6bXg_u>7&1H;lkbAn(BSR@oaImLUaF3o&K^Tg$ui!3Hg|6)!RS9Xl%Y>!0H4^ zzLM;G3I8_&O{XD+hPvftR7QFg7efe(_Q+KqmfMS!=IJ;SwRm=}Mg)a9$}p0h=_6lw zFnrEi1W0gs#!OJ$L~$l!IKvXzK6aeb4*ukRloMb0z>iZor&J|KQEo1n`8^+TMwaQA zt-Nsyw$gkX2mv~&+yK#VS8l2kYz!SRS!qK2HO^I+d3Mt@d^pzlk)ovWLWIH_|9x_E z$^`d`*2XF0O(p9`4{hN}AY+lDIq@)Nz8JC$$O1QeF@zrW7CfeqZ*7@jV-s`Z8mUAq z!4u*jGyU9Yo6eQKY^7h!t2>0TT)@&B=EhJ2cmUH(2CGO*MsmU>Qw8W&8$Vt_+N3Ra zJ}W5ymd${G(YFG@K<&_CGyG*1CRAuRaYNRAF{y-viKPI>)N|v!m|%h|r}BK6%!vjD@HXio@MlQE7%R*csn= z&1#l{Pz`)yc5jbV^;Mo?W`r%X#7bM#75R(6QL449iHc?{O8)SbLdNRU!lJM&GL0Zj z)P$LZBV*)@kZ7Athpq8=Me$D#y8}w7v@tz-XMi{1;g% zO>O?I|G`aQ*fI33@5^eLS-qdGC6o&io)b^=O>e%{f~deyX^uX;qKx`Cyn+heubWnQdHo3ZiWv_I70F!K$nLvvcFC>gu&SLu zJl!SA;`_L-^_6o3)a1(Y9~*BT_cuwWw7U65Vg;= zOv-S^2#>m|vn|DaDfM<15~Q?yYcUGMV&P?r=oA8V&dAeFAO@%f!E;#Kh>iH7eq2YF zD&bLXMN=CX=#P@(P#Sb;YbX?EWy(QpLM?ZO((`lTgModAt zrtwl_PPNv*q5wxqIdt#IbWF$Anz`EG`&+2*EacWA_y-rq*|qaHb)Ctr4DRj6KA<+A zeJ%u@BIq|QZDb#iDc(Og_&XFs0Mz|_yuULg&V0J-VNYJPSR(;EQ!#fU$5s!yM7bh= zl~MP?S4~YkOd17BPR^vCKhcq4-@^v=CM#ql|EG}Ooa(kgRm69*}+gPfqSf`K6cc3f8w?VloCA{5ZL6zjOBg=8m#X3 z(gJdR8{e=fj!4VBe~>Sw^rQvGeH={3O_ey11t?G*Hr{|(i~!n#e#hCWhGb6to~CZU zH6q&@%x5)+4rnR{}LBlCkd}1Og^5mh$Qm1G?pjj zAsUrwK#Cl#V34&43Hd#dB7TqVsTVQ&{{Xu!DV3CZ1U$?Ck#?*AR$f(zV$d+;;`hr= zKIUTFApD~YVB<8_8j}MPS0X1RN4;#~q@FD%fC6yB>Fe85SLq5<5StK)Nq!f;1CcK~ zyc{GQGgC7!3_u88wZik>(&d8Zm7lm{+;ANV{R3#V z*?89zinRgyU!Vpm^75QwB%p6VGM_Y<7^t z2T*}T@ioNCW)%evB#q@+0Ejp+1zo2AZ~S<$#LN= zT?D+{i{}E?U@0gq44D*qjGo;L9!`Bhx;>2Ax_@q`WzmNRcmdcPKV1eJl3#|d6B`mLf%FDU;!1mX zlPYZE++fX4a*w^Qv3Fw%Pyfn?Om)1VNm?$xylm0H>8@*B5AoI1>3NXzm0bYoOnoZU zDQl?Y({^KskAwW6p908S_~<~<{5CtLkuq+S-h+5Gb4^P}cI}`!b+}_^LMzgO!)nq`Pioeh%$WkCa;t`R4!bCOh}<-(e2( z=I@L_F5a~FOZJcvUi~-Acx>Htp#|3Jciu4c^jY}A6RCnp@Xh$;7DgKw6i@eU1vgK^ zcy5_VQ-$|JIYT+Xp;90%!|gHpZ69q{psn=}%5o$oCoh)McKY#YIUl(dVKgV*wty_g zjdQ)b@ld^AX^JSIsd79eGh_wBoLAW`q-5&BIl6l?H7)p^P_P|;(o8+4LhBb^yxyF|hnH z)VomK{V_k+?zFc87N`0i7`k^T*aKC5kg=h1PNBwm{b$rOu7T!>y^Li;&1dr|nPtUU zR?w7UvmrkLZ6$mxGwT&!&Xs=M^BQ&-3%%*{UbdQga=oWS>*-y%g>L{PM#;yMOFftL zomfGli8@QqU&T+oZXEem^cEZhdh(HC|3&x-c+1@D6g`3pU@N{0?=3c!xAP$xsQvM> zIN{jhp35v`&}hVH%>IitLit_T!m`XfSL^nkVn#adeBJ!&iP74QiT$PVA2KR{1D7=NRf$Tr0C$${ZU!YLw>*{>#+5E zhH^X9@S9?QkK@H7p1ocG0`h9OnE-P=)wcEd3HjN5;ssw5^KW^?aT^(R&c(g$)c9=I z3FNulEOJZgKd8@jCtjdhN5HftGud8CJFtUFYmVY=o~DV{E}hMtI$J|a7-%&d_m4QZ zGb^<4B{B4ktSkZ0=p4U7Q0YNr0aA#Li-bPu?9x%*F?_vB86_yXbV>iYJ1avI(+TR5 z+qpwcMD!n4q{8OzuB@t|23&yxP5tE#>3dNJLba4-P5aPe44W-*e3Nvf(TPl+WWdqNSy@>rGwZhe;$2yV%{ge?r2ll3fz{w2&(F+&TfM2C z@p{r>JU4NBce~(_tR5!^q8lu-8|4#T_UOnhALw#Zklhimf4hih*Y&$(SS|YE@R8`$ z?dpCRjiLHsY_m>2VnVRO)$$%&=LxIFPt$Y0fM5S4ELlVT)b2is>$YYlFZYJNe$&p< z%D~qq6G-m0sT__~+ATJAJ=ZudZMVyJzw`BDBmaL+c~R`(&d3j1yJ^(>G>6R3czCPT zHE)oX-o3-LpPt0;*RL~KABG2}N1#~CyQX5pu6o0clDRRhWC)8i=X%I`+jzp-%Yx}s zqq!sDE0@ZfaH)ruRKGM^vLRnB)D-`uR=Kdh=4bW!??(U_*i$pl518A%|R-4oFkiClBW>p=0qVEK}nQlC6zPI?V?KA-RG}&K>vv{s`?K2T*Mp(HIdC5|> z!Bs&c)jsZGbA9sL(b* zyKw-DGVrhf9e)Nu!RY-NoNoo9|F;KRquC5zE`(=)J=?vG7+h+=x%NLlRRvOQmi_0D ztjR>z6Z>e$$35=EmT5Zfa*Y6p(Wf7GgYo7;M3kwVU}5O^S$RSs zAH?hUhU`eLG2UR{nLshv&)NXA)d{etY_Y~L`yosA?!oyU*XjW>D1gfP=&&^GoP)=M z8f1iBv8)ISj5*xUP;W?ejw%{0YrsTm!EpvxKA(M3%$;uzr)WR4t)XtcIMm3@+ZHi% z(puCU{B65u)V=yITP0OnhB%Z-Cd)jJec)(rilP#Rz!~bA!`{NKDat$Ab}vF77@Yz{8VJUWS2(3HZs>}-Y@qe#VHpY|drZ8OJwP}Vz)7hYFmm@-;&QUa(9E_(dLhQL44;+@p zBfIJ~0&1hyI=xdfc^pvHPqDJQMn+PLda6*RvK7oB!(U-x1+V+;qAG_DF$w2-499Ax zln%3)2@O5-wbm_-xc&nP=tN^9mH$r&c)hx3tAxI&PM#+p5H9>wn}E0$=TyeM4CJ9L zo~gy`KCj5eTtd65vMuig%t&J<;`#0dG~lTpSMo^Fcl8A8e9$w2H%JPUx7k)Ut1Whl zS@E_ykdTrmt5V8t_G*rAQNzrH2AkEcU5}GxU1c$DtEVmTI8Y4B&aTfwft_#CZdKlw zbY_lML17ta%0~cuMS19dVP&n-;^Hs@9{Z{JdGXzyL{Hm`o%dsE`nhBS@2{p=QjeOI)T0q6;?N$QPqqI==eclEcO`Gq~>X1Rc5-wvebdE`9% zzsCLtXWK7Y`+;Eoi{O%6e9`_dRNS8cybjM6sPITG>5u+gcG19A`Z%m@?7T-d5OnqZ z!r-47AmmEGOlnxZH$>&cSPR1LDoF|z_bsmXig6>#cE~fTL7G*Q)78QP%m-9BHsaNr z*B-xmD+5(YeB{Fc&-%X#+t>&jK5jPgjQq#ThGxRwMN`pX70&tzW5@AB;c zqHYlA$n?3o$2GauA5K=!1&R43zi&7(OBJ;s;|P}t1vrFs*5L+xw-a$Ah2H`Iz+^%(CBY<82fbu|y8R)a^^ zakd)f9ckw(f02uW_ODeYd)XpVSwyi9*=a`2Z;SxtEsIn3Xg_N6t4BoCgzIP-NX3i9 z9q?q~t`r&L+x}m7?CC0{VhnD0@4(+Jg9Rl#JC!K!o^w{K&0000oE>QEAZ`7svt=1`S+lzaVBMVA z#y#f5;kwpK6kh$%`Z#v{mu-R95rNVGd*6UlzOT{g*K>|T*idy#J3d_)@n4LUOtih{ zt5)7h7%<2i2EopHTC*c;i_V9llADjJ(fB)rn#)z~;ht*Q*&Z|iJ$qE^exCYfxBl$_ zU`F@VDcZ6ZB^C5HI>~MtPM1si2@w4SNw%b zn1d?B`r~2zYx_=ab1M6D?Jusvl3{7UnZvrAUo|>}R9RUJ>bI;_5KnUa4)p0MuhuH6 zxwoy+;l{wu%SENJmiRS^t}qw92{|02I3 zm7p+wiCMiJ6-tcF+`V`*ugolh1N}nT{6Vk{8iCzqqnl!J$-#7>Y^MA0T~DK7J2FDm zffZg*8wVDB$nRMmzWW)hrFrPm*^%QX-akFRa233IB@_x%O!Nxo!{1-&I_sV&cAZxU zgCR@S^b3Jv4M%;4Er-5}4Z?f36y(`ipFFdy zWPf1()I{eUX#5ZE)De>N3XFIh+X-m6ZqS(jKk7Qms5qi-O(!8}pz+|65D4zB0RjYf zcXw;tgS)$j;O{CS`XbDV z{RWNvE9jppIHXa?sN%~xhgmrV4*7#N7_!wBC?0SvAp2}jl{_u6TMmy_v^F1toBi2f3B(n(t#zn54vWT|F!j<;L|a9sV{!&slU z9?quKCv`5MNkBY)c$R-(-PCF4XK8c)!%k=En~5!z(zDnt1pW7E~FI^(dR5;v8URq4&Q)kAB3Uunp7x$x%cHN~!jWtfhoS0sq zLvA>lviSDSL)14dULCPSd%htTv|V;kafFa}+2)FHBMsup60c@lh4&O>pOEBCgFpaUAkENxX%PJnO$x zEh&!$%>VfxRdP}I$J=N0Gb257YmNa{+Abc2oKLtZ-PUd5Us)0b1O^tj$AJE^t@$r@ zWMrJI*rnR=Y!z1uXP*Fn*ewZG7C69 z@IzrB0*`l|FHT#LlFU#G{`F;C>`>j`TD0C?2S4@QN{8|e!&|w5@v1K^DnI{i)0oSn z4KS?Nf;m*BwUSBof9Oy_S}ihMskOlP*Tpd+lP--<;t*(gzkH{6|D9XFFlaK-#OQuZ zFhU2IGD6inmh)J~@^|)6NSm%PhCxEOK688K4eI?yGF3oTN^;#VyWJX;Iu=O_kPvc1 zfx*0KS{KrFz|}cN=|5``dlA&yxv|;nc~8+nZg_@O}dQ;LkwzEFRtB z)HT5ySytnlYJ%rf&~?f6QLMlPS6{e7n|(-)Mm_d_1vFhH|&7-cl$$Jzz407S2g}er0PfIM=D7w zHi&ZuuQ0${AHt;elQ`oVznZ7@CvkK^Y!uNn)WenwqKwp?)8^o)V+g>Q(~(oS@UMeN zGwc+-jF>>zI`65Pa9`6lpu>5cJQ$ido2s@>Ng#N2+<9bq<)vPnWjR1c+8kCLplvOR zjeJ7{5V4m`G>9y(Ur18=G zPbH-7>tV>UDXwYb4kD{*+-BhIKhqu-eqP_u`AJ-qUdaTe)dZCSQNb3ovd#}0<#c>X!6_NPFT<49iZ4-oHs22k zra*BQn)aRNoP0iAb#_utyDl92ZHJdrqUyq1S?4$BCqh>i+cFD1n&yuDrOR0xSrsI> zn%Pw+&K#Ef2Tydh2Tch;E8W`3K9Zn2M;-+D$+;pLF}x8_mRmZn;v)vbG$_d3PaY-3>zKw8LncKZy z!rOBuXKks}JrmoP!b_u}-hz?Evq7G32p>4yw`ogWqp541nB16?@-r>Ly!!l5RCq+9 zt8RT{PqJ*mEl^qZC!b93w>YH^6IFOi3*NAsyfOPk%Y#ICeG%i76YMDmN?xroXP-x6 zVA@pImVH=Mw{u)Q$3um1n-`~4oqk^Ikr`6b3UC=L(h?1Kx0PnfJRszi%M%F}UBFwy zTrjS}aZGyZ>uYDAcpNOad=EKfszj0`Tdo#v79|@*!<sC&gqkxlB4>dNMf`m!{~rmYxrUN8^Lyi!)|T{tf_))W(s zag(rDO&1lHdla!+*7*F;IYBr@xtJzZU?Mt5{aub@C#InV`5ZjpNM$=MNR?S`RXRCH z99>La{B^X#0BnsnRGm8@u%kCxX^h%ZRmOa^MPok4#jIwy?7K4iWprbLH@PMQOs#N0 ziAXae(b@8zdEP`WTe&Z5DIvz4O+h0=xImgGH)1S_n2KV)QZIaA?!8HVv7X7Fn70M6 z^F6_JR@v_m;w9?%^LooZAo!6Y3sd9;78`pb*(%96y?ZT)AR-F#BSq+9{LBSxMd(J` zCjGltfpu4=C-8J`?HH}|kqwAUN+AAZf zQs6f`NMdUhmU$gs(uDJWB!gdf|75QfPt<8Yk~g{CmpVVzQcNFA8X>fglLduvIed{q z&d{vd*y{*jWd@^}pf!H6#SRb`w&Bo+)6?55;c+!BrYc#;N<+>-u_>{}Gg@LEC_DQW zLI1nIXeZ3RvDw~2zn44OQoH4%Ap*@7+;VS)r}R`6Hqr)8Tj<2sgd2l9)20})0)}y# z@Hs1twH%`k@N?oil~AbiEYbn7c1B)phje-l*OAb5f6cnT*InAP?$d6)nW=+m&59 z1{XO$vDOfENAt*9*j_nHaKQeQD=4S$)|n51uY%fs`*hKqk+tbkDy~U(8O1HZ+CC@_ zixsgLTtg~l`+TggVHheK6u5Zocy)U1lt1KG4fuTHAmS=g9e0;?)|1uYR42y>pz17I zP_AD;e?7h3r|uvP&MI)V$FW3>x11@Mr{kway{g$iyHOfrm%G^sr_g13;aESNn%E`8 ztF){`uFgVJKLaZY`lQ%jJV={JD#a}thg1}s?}F*q*eTM_y{%u z&^ty`=DuO`9H7J%kfoIlXDZ@xT#UKOw8H9vJ3LN&azw&9@-f!m$)4T$p-m*2z=goi zPFw%?Mvlfc+66n-ovPj+RU5}<`?)3<+umDjBKM_|SLP3H4Z-4tBo#QD#|j4S7Gd@r zN`cx$8^wq{l@(N=fITCbBP4W&VD1_>sd_%mi+RPOrHa5^E{9tTnvy8#jgU?mb8zlb zFu3STxgte;JQA?XgI?sEEGh;t&k9?vwl!j`-a>7aze$;^ee7LnV!#26!$ewG12y>C zq_!~sEzJnGw8B?xhT{!F?xbRKR4C<{e4?bPwH}7O z0+&cXqT0TI&KK~UQi37Wp}@9`YKqbvF~Vy)qkLvpn2flzAg7n$-s?*=TYD1Ja|N;R z_$lv|g$7bka?heft;2%3V2b@~=`S9j<8OA_r$Z>L%O!?Co^sL~%FNV6SIO==+TVW` z3vhfym(byo{J$ zc-G2W&Sizo`EO6p=%T1n^*0nSmmk)GaHV7UT%?Uo)f60aV*H&7;*RljeXFNB4KafvZpB z0=^Xb!^6W@W&=k2$UmO^?SB6q^&eoO={(cZlJU73Nuw(Z8c%O^)SCO)pM?e4geXdy z0nnuLP7voYJuU4U2x+q_5XtYw>+x;#>q+gg4l#CMGVLQHo#&Q%z}u^1zBiN<20#c4 z*todyOYqMM$6){+lzk_Bt$(l1C z%oB(xLckTE2m($I_}J%pd04@akX0$xso@mo_CW6^yY>5BW}_`qDcqdg;0X@A+Qo=o zgLf1ZaN)gvgGOC{&fpVfbPMch{h$X%jKeNZiq;lt9jX&^+-{htCVt_Nw&$ldS!7EgtV$ zwrJC$jY7+l78B;WyVCad?8nE)DvG68NZMl;$*0Z1SYtpkQ($?0M9#bq3k`k8&Yq-R zYjPvd#&p?h*bp%}f`uvTDdcBEKEw3rc7u5@M`C(ObNIBxw^`I#U&t}$7w8HAY|(J> zjNVsgh!OZ~goveo3jIs_6nmKL4|Vw^naCQi0~@`2qDdZ1L1y-=5A-zqIA^&&t|86y zZ2|L1hEM0}I#0jpvz{^(;_t$I#(XUSiFH!*9oOR8C$sgP+03`d_g&~VTQRqRh0V6l z*RyZaHs_OfevRDca7IIj16su!+P812tE+o@dzmcfXnX5s2!aPOAd10pMgbM?NGYP! z&(3=8giX*5X}9Wid3#B;b8BQj@Ku|P^k9;Z2xv$djGClij~B@ohSdtJ!=EIdo6Kf2 zDxiB9j4nL=8vB&FX~39f7>e2w#S*X1Bsx+(sWo1@C7ZoII!fUB_=(}^_r$38wjL`! z9xkpP@F&ze7*NM(o+3ptVp8jK+-Xp)$E3-KKgzf<-o??LAvFzCJybpDr!Hw*tyi7G zgeUcGhgOZgZLs!QpgSFBX7gI--NB4~n;+=JwRJ5-u}e@e&m z0B`#qcssSDUu}2qA$hMq4snv_^T{|74XI2ZBi$(*44E_n(Ocp+0~_APPlgOyh0<UO!Ty-}P$Awpe)Yq_{xJJTLF9MKk4NNJc{`u*oR>9p7O z!B5xo;KFF-2}x|#J*cexkv~Y6e;h}QF4(<%)tx-=2U%TZJ48aezD@W}D2Dc_9@Phh z0dk3~zQ#kW#6i9m-gYyB0l8}F)NS0f@VeYaw!nP2oTwQ0s0`SXUB6SGiX)6zyM+j# z9(gmTkETc!g#OU?@kw7^v+x6_cz;Q~|kwN|pNnc2Yn+S*C0 z=S|JY{mlhr?cvx3;X0RV$}A_@(p+4{aADM@5Pd3PhsI5&(YHy}RPMg!b8I zpm$O2)(K$qOWqxC=BBZn8!_r&=klO>w*cndi^&I)0aYt85tIbb58?pMs0 zZo$OCLrB!wOE~vV)7u1)?7fN;cz*~4!oQX;ne4eUo_+1)==dj!m=E8v-Hn&{d1S^9 zE^qm7wlLQ^I=(&+<__QdHjndR%E?TzA|zViabbRW`GA0s@HYwy3hc@WAc84Sjy4-7 zNIu`&5{sRz1|~L^ zsaAe7Ud;Ty_RdGXyYeDr)B4q~c|i5^mi5}gZS9=#fbjD0sovKuTPA4D*-nt*ZhpBq z4>>sLnhv#!w=_Pg7LNXYi%rL+Y-e5bm7BHmV)u+-Vk^B|ftxN^KCPFM8G6dss488hyFIIKGm8&@mVEZ~p^CYiELx={!TC@x=)%}{WU1++#}yiEo26e66C4qtM#_r9@WBe>0e_NeUO zkyOHGDz?G0QK5=Hbp+6T#sPFQ@d|1I(6T|9^YYG4K+-s7{T6zJyDFnqX{aBkHk2*j z&pEYo(<}8z?3xZ+R`W>Um+u-xdG8nD*Sjd^hG6Ucvd}rH)=Zlw=eW|(vnW8WotC%mL$v4LY>5RFx@J}X?;k&3iftU||12n-!P$O<*6fC*Q zpL9~8yu5`)6dXSYYP8=$m}g7~9K4zwhW*4$C0J9Im&aax!Wy<_FVrn}>+T-l%^v!U zW)S~Y08eK(r%P@FnmxHB5R!ZYTttRrIwCA?J?Y3`6VunQle03WDoAg9ot0c_Thecp z#4y8?ilZ!)*QNmE1GZE!(+S#W{~)!x8b2{(kL1{RRUAd}1*94x*Br(n=re=BtVcC$ zZ(l?c7}fH=hU`xjh%VSKb7}>>p?#jc&8qZ$?E>HZOYA(k*{f3zSEZ=zH@XRopQ-zI zE80ZQ;r15Q$KH#fV<*}q0gWeuttGsExa;^q-%n7IfHX?p8e8$n|TVs!7nD(pRt_tUxC9^8qGu**Z>zy+tHt(Le4 zXkJ|Tpb=C#b}9~LflAuu!!%TG!%_!Tes$prZM9pkYB4Xwnr>*>Z19*l!>t78leD+> z%em*vt|2}(SuoJuJAHU8iIJ@eI$u*x_A7MqxFnbLK$(q|t_Ha-*oZ5zxZp~ z%I*{pQnbIa@u^W1Jt|Dx$;q$o2h$L3uQ$pP9p!NyydoyPBqr#NJ^q$J2)5o1Yr99- z#yxsTxCHs;o@3SD+~7a8LQwSzfLV4>?9EkeN#EK;Yqod93}R-wi z^!{yx%-RwHh!#0=>hftJ?=M+eKxbF$MspM|C(B=uaIj2ZW-u!M5j}nFQtJfqS-IRE zPQKZSm)$)+hN5P>4`o08kz`=0tz!w)?9;~l z%g3UOWYE7C4oB8vu*>>Nd)Az$4^u3bVHVSluW$4+j2YY6#Q*^v;7!1n7qqtWm<=Ca z>v+bd+q8r()|z7C;D}jS(Te8AqW;(sy?z~>k_eC({5T}FWDOac(On0aF6Ai|kqVkr zCv>PP1^xwaq#s3M7%wKH3Ee$BngN!@n2lm+@=SWdWP?+s(rOc-#q>RqpKjsOG!uM2 zcK|}-yL)qdJ+T4X+Sc@ zPbDEvcdFG7Lh7yns|E;>DA`9GXAb+foYRXEC#n~jFJ7P{JU=5qWDH~M(9>6X{6}}+ zIHmkwHuY1F*4vB;^^89=W4j~z-3|NpeaTEmRLsAhVw_6tCvtfp6L?bon8`Z=R^~e7 zMqikeVqe89NOCyxbep4NZyJ z4Z0b9v)ud7PT*HB|1iR6lX~_;`AkB!g(rh&T25$163OsAaCejsatF(FsimGZrrVMI zPpm4;yr9pYxn+VRH;blk1=?2}xF=2c4^%Pe|G%Irh%qP*jX}?QI+l)%G40uT;3}Fw zce}Ycy@5-lV=O@^@p$bJSx6ygLnj~`3DItA3U{hmDhWzv5#lGSFK*0HvnO?I%FwFk z`+?HS-JE0n-RA-|zS2AW)b1!Y3v=T^7WWPFJ31)`WGgKvo`V(v(mTE16_sgPM`ZxR zdW|~E4xj2IVl_>q$}rs)0R&R=bUwOrHF;v!w0517Sm&e@n|uny?U&6BVTVa5dBtv3 z^@&hNtmO2`f51;@E6ikBl-o>>B7(Rj=Oso%KE{n?UAdv7E!nxpO-*Si z3sElT07#oM-+D6_n*u*sgE`%(i&AVedG84d-GD&tex;sf_`Y%Za3o7*7?#hE%bWd5 z!!I6x5U-RzMxfvUKn*w305?~_ymdH-Uv6r^8Cl?%xA@2264eS;m0RI|gE<7(Fv;;8 zx#70*Sa&h)jzD9Dm$13Fm?~;ZQHz zr>9_C)rSZtE@Sp{|K55tz0_Q?B=ApqPTv2gO8MUmFvR)tlN(R@HT>IH6xV+kurK0A zUG|HlJ(>Ew2UeJAesOv43q~DvJ|GL67iw&)8@r` z{Y6Y;h?sz<4;UNf6ChpGsc3)SrP}0kA!3P4?ncke03(~*Cm})Y+fr8y#h(2wq=}sh zpF2K!Y>`J1(K;|$s2jfUw)0R#lL)(51gk}>3CHrWewO20-z4?RO#qc|yR?{LQ<)-> zG_8gS?0ZUL0rP}Eqd~n*y#jxf$xO)gm+YXw$yE;9x=KDCXMOIS$kUwM=>3=Jk1Prm z+YO4!Ck6bffQ+uQgCHg6(rn*|j-3|T?NI}xpm@LE>tH9g_4%C|j;a4JTU6*AfM`a;a zW>cx>0o9~r@cJ6|&xfQ$WT-+C&uUPmnD+Ba!DtR4_rBR!<11JzXY6>(VYzV}SSTR? zR~J#nczYvWI!n0V6tSNp&n-9yc-6{ks(hXnH15$Kb&>z;8X(d*MlkL$(ysl@*TozM zocm_ZQIJpUql>s7RH<6uP!l<};8TgenyKL;z%L$rHYl7207c5L)(y@5Q7&eoh&7GP zwY4-v^>b;+u%$*_*f^4P2=V>Gy{QYELVQKWnkvp9Ek#67rwdfTldQa|iMr({r%Qnx zrbyurZ#fkk$FkPP!z_1_DS!`YwK#@G^WTPOz8%>#Iq(Fy)!xa;&iVGR=lS4AM;Dii zU|GIxS)cp-=K=1-XOFf&i9o)tkPwI!`%dC-QBe zW=4g6&Sy2n=g*D?>dxESTYyvL0Ns$s$2P}c?g#r-k24XQmOTn!0W@hXEkXb{;6{q_ z|IXSRS-coYWeM)-`Mj~Q!I(aZt0Vxze+JjhZ^PC_^UA}d(!-;a?sn}13D9U@58{dk zT4f;4Sz|zeuQ-}0FT&^xTMQ3AVw3xBp$Y_@<_ZdO)>0|;=%3qt&6r8ql!Y5r$DU?3 zx3f4=+-a&Xb({3g0eRD?FfiTnveHaPgM&&<3B12cLA-2uWyOjcINV>2>m^cTO!CBA z#L2v1M(HF7Y_eMvMrfghr=t1#zg_3wSdgGsFp0y?)L}_EQJJvzeG@a+#BTOTjFw8% z)L2Z?7;{)kj&{1!Q~Y&*HG$Yf&mnVZmyV?j;x;xGbdaPOZLM`%7I2&WEFu== z4v83}1H2P!)VDl~5Y zxN$#?W0B;5Bgsm@onF6(5lO(^9||GvC)0DcZPrXPRe_5}_#of^Fyo;TIB65b%ofW(COGuY zS{>c8p~+1uQ}*khu$!ZqZZ#8}d(M%7;qPA;6q3(W^wVor5eLn}>V>4K$jIuH8E(Ap?|%H(t(Gn^35 zyUvNcQS9U+UvKcke63%GD+hf|`{|Y8or-`39t4l0q8)uMOjfqV83Cr8?z?2l+?E|xT#N0_r2aq2lTwOA~^pW+5L_# zZ5xHNieL)WE{-bzQW=4<0-9Wnm|<7^=dT9@Q_#(bCXJZ&+0%jVe@9PmqehrJxqH%N z;D!-!mg9pytl5 z^VS4e!?a$F_EFxSef-zO&AnyyL#7?+O9v@Ow{eyZHxjh;PeKOoLto@w{2^#{CH(cr z`O$OU`uUQi@qamJxzAJ`;PZ1vq&|Ek; zIKbc_y~SkekKzxbeEeDXCmeNLPk{NgJ>m#tkHQ8iG66T7$|OnPu=__kRoP=Aep49E zs@Aynek}i?tVD?#c=zrv>Sg$_lC69;UGEYofe~OH?EGZTV7eqLP=h-h^6Y%(1W+R! z`A9RF4Ruz2s2J(8A||8~lYpF3Au(jGuS0S3`};-=R6Kdla^wM)sbMf%^@ea)qmuw$ zN00t=wVl4O$(#J{ao@)EI{RjW0Y)EZ^_C*KPR-R_h4<{JQ{RtqWs>-hdu_#_(fO0n zm|zMx0ntQP&XhHMR1o?B;pTCDh*pXzHo@Pw{btIVvqkn|f`=(%W<-{$HbfS9m;&o< z8EyoW6DWkfkot;A*j&Ruh&#XQ6R!R8Wq13dz#nv7ulwYm6(%vK#yAA1szRQx5C@-N z?kc(eaK7_h7QVm`Yr7v z@<>XAD5GZ8hw|?x!{PUP50YPn8t(TA?$4AP!$_q-xALEx+6@JPabDl$$t$3IZ@_FI zhuwb>47bq8kJxRw^UfAM+WQYb*In=~vNA24(*j{y^5j=R0)<9p`?dC!!K@^eZI6%! zYG9o=rQpSr3H!N#Jw=T!miuEI(Ku-eDT@adiv_b9UoOGl zP8zR19v_)@3}Yr8!#r;!GZ`WOx*tj6E^Bf8{LAeQB_|rvLc@aHH5uwAK4LBIyw3(X;U3 z0l!Ti+3(wPkH-wNKp+S8N7X!_p3+iP{PkG{&%;854Z)8XFn&;ipY6x{V){V9gYNlH zSHge#4W6sm!WQH%WWjcg;>N~g8r6!4>1mePUX0i4_UU`dYhu(ujVHwIR?)>}}Erz)SaIWC?|?KEJ{H zVXINA-mrrakQ%gT1vIJ9Om#7a;LFZG88ZS zxo>PYF&+mvdloOy94>g@-e<+e3p~LRlR8`xLPwaurToXz)juzSQ3a1s7oK$Jecbxx zAy2pbzxX$7)4F{)Jkx7wGK@xbJGx{?VK-?_##6fqSIpM_W|W7pE+ghpfLX(NiA~vX zS|1B4B7X&jxho|E!m0vm$S!1Hu)&$XGE}%3bsFbD7TqX3wSs!8cc#<8mniuD^p|1c z*5j-waoYj81S+9%cO%LAna@3~%a4rlH`u7Bc#r-m>Y>l4-}BJUdodtzx>QN5ze%=t zsHHwMEbAGW=He}_CG@^=>>*~VGEZ&>l&#a8mF&VdYKmd_a9vhFT9;jb`#v=hnZG$a z(EeK_=(oU88>!R>90r}XecrwjLU(#ygX1<>RXP{$994{*cDsQAL0p{MD7f!f0haxr rQxf}l!E(|J^JMPEj8l!EClYqZL(dsO#|iK##TVitGM_7i^!)x8@r=h+ literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-device-group.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-device-group.png new file mode 100644 index 0000000000000000000000000000000000000000..3227f3eb0c7d9dd4c249dbd8bbf62fb4a6c24f98 GIT binary patch literal 16894 zcmdVC1yCH(`z<&Gg1bAxA-KDf0Kp-+LvVK=+%*Jum*6hJ-66r<-Q8iE-}~=Yy?U=| z_ifc~?NZImFg@Me`EK9)o$s7;J4``N0tp@;9s~j*NlA(;fj}RqKp+TwSZLrK%FJ{m z;0ex7Qo|7hLhgP4g-D=7CIH@qagvh#0<#T+i%pC-j)WTq0(}BWiHm%9OFvohbkjEV zranK@Hcq3VMAYHH^`~s53_2}i42rc#Uzc=2Galo&BKSaOY(XG~pctq_vxF4>Rk6tm zLFqf%EyMsP2Arg*G&DnBiFF?ZF$a_?&aOG>f-~jTG@L(T5>4-=B%A3QcjMjiE?G=I z`OcF&e+);XwUb)@t^zm}uG4!v4?Wo>`#ouHpc!cJzU0h*T^XWh?n_W0@clQ~BEpvVwS z?tSMU-5A+IS8Nm++<2fliVMg7zq&=>KyDOLafC%BP?VM7-cWyZxAby?G0@Qd_7^~t zGt7svq%)$%gFZt3$|Ai9@;uM*(fe$)+Y$42yP$Qk>#!sPw3%R@>AZ~zjJ($M$L_qx zC$tp4H4g7R44NW4#xn48$yTr4t#^40_g^-3(=$uGl*2+p&B!q{dyO=!gfxR7|)7^WG2QbotMEIKW|Knxy}Ik1+q= z?aKcr4~#;>OwMPSocAs4hh}%C`l)fWTjqPc-mlX>YF5;0HC%4#bdscCt1R@7j`IW> zQAW*eQ+ykq(r2RR>E>lkzu=D3#ajY;NY2@3DQsK2&(vMxGj1}bmV#>~Y|6iWc-QB} zkX*BMiVAXN7=fhTpMjS(7rM(Ge!R7#X4EbN%HvE5?R9;;cJ=~VkOW&T_54Cf;zQ%AL7=;37T3U+9Gt-oCD@U{3PJ$QeZR-C%sUpW+y zV`zQ2?$&1?u`HH;V?g@Cw#3LA7&^cQc#4AJi6+}O;tDa_tHqx9oG&BoVK`i&i-Mdj z-CvvW%*yBMAxQ)6E%|f#|M|Uq^VB`vMkWpZS#LA=JC0BF&pHp5ZM{pdqm&=l4HV@5}a1CfH2F#+zsShHCQiA%59;<}7SUfZD3 zbw5PBgaz05+6f(6L>X0OM<@riB+)gWoE#+ig{r`NI*5l7%9j>|=)6TG;&yKT}yk!0yj#vCy-q2FG_2}^Jcu}j&h zo_3;It5AzG1F{l12Qb$lF&&8k!$-?AbpOy%Gt&*penu`M z21$7I_9;Yg5=SRbeJ`r`klhXhi6iV;E24>%0yI#4!3`-%LE=Z{XX;O#z5ESSt4y(m z>?kqZMd`=?viivp-8H*mz^yocPAm{ct?3$X^$CS*FI_j|58BKlOZ3*&Vaj^HmyLP# z<-jUyD$97fM44RgFcU__|DAs7&121NE67%xSvDLZE8wN{!9XtfG~;E&l5kW3Sv z1eo$Ah4!ys8Y@+3|G6eF>dgwe29Bo5GfGLF$ zanupdp0%ZzjecIf+++;vyfo9H%>9zz;(e3Ngnl&13+p}L0a1HcGoUFw5lvw@yCc&Z znN@lKKC9k3LSh+FH`5`f(g5yViq{OSs@Y{GgE8!OcK3RKD z(ffAcH525lt?#Wf7a-GHKe>_i-p_&incZ3N93v(~=-;QO4bmPPW6PCm9TI)V%c#Q5 zy5_V^8Whn=R(>~>T^qYlc%Ah+lky{rPkKkJcttMhjx$HB+3Nq$d-!rNa)6?Ap*ph1 z4U9i%C}Xb)gwG`;%k#@v$-*)R3tvVHQ4(W^>742eWO$CIRHm{VQl*o#ICUt4gjOog zS`Fc*oRs$e{JFlEZ8_4c%lNZu4=V;&t!gD8q_sIMW6hRtCZFT^=Vqs*x2j}{t?>Je zv-3A0eCghJrW|#YP3Fo2FzF_?uA{b);dfV>OF0dhj^C9eqSs@Jh^fIa(+x=2#dplp zDa8^#n$*}`<64HAs$cjVGSa$ub_5=yo7pYWdR-1Bdd(4G`EadQ;E%eqBb}+C;T9cI z56$dc`fI#SxPle`xzrgAO49OK71957XlDyE80iW+xec`6m(?vqjB_o`GHO$mT4G!@ zRgdqMG)$?74>n-n7=ivl*zre8aq0McnicOhXa{PVZ0a>npCO@#m9InhZ5huWcjH17 zVrEuzLo3%Sv2P-Pv`6!6L$SJ#et}PBFZk=4Ptt<`lSnn#?#nd2ZPp)jAg1hh>vGl~ zL(Ro*%xDAHsDng@F3Oy3AMb zXM-xroT|2W~?UTm5Hq=}((azuBdSwn)cYI8*<-|0= z_MVGgdUe*HFry_l?Zp$u87T;1=aB_qVYn#IyksQ?f~_fOG8NU^uk{01LQg)McI3G1 z8-6W?9DtuuN@yB|mdoPniPa}cNB$@}H?2uhCiJ7Y{3mV73VQHt(hNy2vRM|jm{1=0 zZ1_17N2QKr`5p+QRVCXoW;uxrDW!FEUElW-zZ>@E%@VC5cX&Os9;acvH7q`_0%gDUrg@X`jxRTLvMFWzaqiUf+`Xo|0*?XKY8Dh8P z!;uR;Mc{rcZC>Hz)W*p3_%TH?#{HI{$K~&G!4Z<#!-8h^=K)-v%REKB!l#c0z7w!q7m+6+%vDm&Q04PM3eZ1 z;mlLlKlf#Qu}b^a@S~+XfE{oL-r!3|-OTLG5t}Zizi!ajZCBSB;F=apywbQ9i{`l; z>TsIsMcx^@rUZ4;xw7MRBUeY8ekWO-tWgy0bUyXcM1c*5!net(;4|_qfaWAJTgWq2 z9?zIC^Go6$_jy?QD=1t|cTAts^N16pG?6huFVtgfkR;+@SYiDuq!ZqGvVUC*aW>JM zF|6XN(ck^caa`r#v$~vM%*Vy_N&%H|)+BNMby_3K$o$B6!b z!EzFzx5^ydY&}vsjFV?Sf>xkDNPUcZJ!KYEgdZ(S5FtO71>r5BEEl36XrD5kL0DV( zE65;rdZ=f%)A-|}fo|h$ZD3;cX&~rs*$B>^C-taGC0X_G#|NWt>&D2?8I49^2*q_; zgqOcm?)i-7b>WtM{-ti9&(&W{D{rXI+J*eAZx|E&gc=f!xTL)-#Bc->FUwI(ykJd) z0V!bgWpp$9HJ=s%X=}XBmKD){UXQm+`;!(kh$B7YyYQDs$kNO9y`9=W@qQS4_(dZ{ z84mQzs=sgZbN#~Z3kVlXBRl)1dLpqFKU^%kUDWYehxRmG%?eHSGnEg!kmD5|b=pC& zZ=v1mI_9i7z157fvS8ao?4WEVFC~iVr5)4_b)hR=1+#cnH+`euS8_!(N5uX2(oYJ} z*`!S_5jYqA#bpOMrFg1#x|tg_k(R@TONP9x@#4GRW5fsrF<$u5tb$!JozKbvgsTmRV$Yc0BAH*UWM@h*>Eh4& z;CFiM{rK-HC7{ei)XkyBKNK7!_90rWIbjaQJ_~U#h zU5uYymi?nep}EeobDWXe)!x%M8w@DZ=L0EXj5#anMheH&zouoQE9D7j1TeSZULLN*I$!3IV93YZJv>1;rW3KzAT8tpt)Ib7B|BEf4fWJg-v7ZR{mA~PY%jR83s}#hbY4e zr+2MTeUBnNcRA~>HC`i2d#b8^5qe^t!G!X^EQB<-haIZ}Da&VV+KXc!Hu*r?PSs;7 zZx*?@>{yamEwPGCBfF81phLHolcz*)cee|gnFH-tr9tc3wnLK=4vd=+!irRytS;qi zNIW*(P}*f~{e z?~-OTfYVC`V}09WYRd&`cm!065Ft`$lN?z}92yLAZnR8%6rvqE_C6;3Ljgi#_8QrT ze)|;dz~GprB}FV1m(O9{<kAB940F?D6ySi(^m;pu+RpC>FM2F^)}Gu1eSV6?{#wix&re5Ddq5A zb?Uma%%F4T{VIm<03_%fbne!A?#BPVd9(pr_ZsmD&k1x4GslCKn^fGjmSE*ud7J3& z&Eq<-U4?N~a_Siy`d+@avX-}U%kC7`3oBuZZ=k)Qr~MW@yik8le7o!1^0R+HjQBmF zrY8t@DI}Flb!|?2B%`AB1Z^1*8mg-Jg^lW<3!0sSGkfTAYM-FfsiV~@3dsz;Lbqvl zq;>X64=oN#(p^%C*j-9gcbGg2$Cl^hO?%u)tHyoQYh>?6i!sDYE+Z3Pf4lx|Cyj7) z`^ufCn5CXPY3hy1WrSeSz>D8DHQGHjai?DEHO}U+WyF%pc?BJi0qtZexbxr+jVKH&5Q=-=2FPw zi4N+Tn*VGfq$AY-*+@4uF8_-oRT$cH5bex^q2825l5_}epf|Us-xr+wB{zlh*r**fFNU$J74+w{mKD6>m{IBU_2h_ za@f(?3Vp?ta_+cL;zl^s?68_HQo|OECX66Coh?30P)n(4B917Dy|c9WFZZ&;OG{I; zdo!0uSkWJp7QH|isczFuc*$c#Wi*6|i)Ry2_%_DH0-|MUQm^xrQUBU=`TMB1^?6ek zHgbB6z1dR3j}q4e{4CH+XMX>S`mJa0S}4 zG`VbBLJ(Ojg}bCkT;vUjuae$|;&1vu4|FkxUJlDf(E~?8 z14n*yn)iJt;~n3m2qJCnpfx|ZI}4D=F}H@B7JvW<%A z1v?~ZuqBDBX)!5n8UZtLj??UBOSR|f=?gH)Gk7;B4-DhUk}_l2F!#mP)avzQ`g ze@r={6p^}p*I%KbyuSsG;6TJu;lp4?-HWI4z9j~q+D)}w$VQOC zaXpkEkc#GGc3vf2J*psNceBOWlX`V_vjGwfzx9LBGca18HnPMKWut;-1Kit?j4Ed{ z5#usuvwL&fRfy3QcpGzf$JgsvCvFLPK$n^jWzB=%iNWf?yKj-#)A^2%4i7638ZQ1u~>?hqSK4W&b$j>rdn$>e$*z(+$GF?wq|Q+>tskv zu5ksUkg$jBTmVz>p=ZKfCuqf9+fH5(YJ zy7F0XfWrTDOF20?y}LU3b$`&Puf^xZ8{?O9GWTjg=;JE6T!tG=G;O62nwnk)K-?f- zS)6u-NjWYB+yCG(I+=PA-79Z2GQ7lWX+)@upu9Fl-z&wgd7skFI?^dqlhZ#Z8xI3R z^$I7^Qncg^v~7UBM5(+)QD($*1!2(CH+{P$FmIAPs5;F_=lHq6(bMKD+&Wot+v2V} z+~op`W|Wj}@tMLA6?VcRykp28vywB^iPfRB!*APccEI53SAb1pn{F)r(qN&V4}%in zaGtXoDBPpHXW)wc(>o))8Z3?wj_4PRUNyfGm~CROm=dg7nv1i=$gs0ru13IO<4TsR zQrF@qb?losi?T-M=8GA9~pP4`x;h?^+y{j1zo|-1HbXoc}h$SBS$Fb zd}w@@TzJu()^h8l=*zyq*G{D9ey$iur9sC3P=I50loTO`Q#a?Xxl=J`SGAzNtXos?~zn|S=0tSp^=^8tB?8Liu+m3 zKuaI!Xx&~d&EP(dUu@(WFArZR`N*IxH7}0hT5l>!oL5f)hSy4ksS3MfrKOc?amE5O z^Vh+k7LPxPt6OukSXoIAXLjU67^A*wT8yj&T~+B!lULAgB^2V8@9Y6?CeyO6d#H&z z-X(tj>Q^36Z7D`vOpCNu0FFt*9LJmioi9$SF6Ad*2gO=`iXq4t3Xw}UeMan`kg%N! zpO5_N9aO!Czpv+D|2v!r!y!^;Qh?@>940`}n^E?@5tcBI$e$S5`k5r6i(T!jlH5>5 zAN+QL-T90^6|~Yzrf#p|-m2?P^vyRP6Aco5eTcx)qM}0VKr03q$;&=ck2L{tHwMQ3 zaSq&wX_%P(T|>$qvtNFOH{vt$x;FQgRt&2d-W;mw-MH0v%Py6+FD|!kYS0i@x?FkO z&<%OC>AHCfHsem0b`WdAF#ggP>NRq;sJ=KR7FcIlp59b0y0tuGXZc7y39mPUFqKj< zVA#G{j-AadZYwTs*?Z$BwL8R8{wiF_R_zk~wGgvTLA!)Ffndz=E8%RiU;$3IO(orl zlUkIno(+Ql~aQvk;E{`93bals5DdcD6kE9Q6mhe zQ11IQVO~c~J1Bw0w8ZL2Oi~^HcfYgs&6T9(C!7Z;0OeRduF+G~w zvB>_Q&6!!UBGIMfQ!d@VDtu4e$kh}_m{Dg&H*O=ajV4+Z9 zq0tb5M<_HzXjH_{J}@6(q5T(+{JXMmJ04wy-Bv5*_)vvA&*p44&$jPnG%&XmVlyXV z**TG7@dv|K3cEX3=GL>UvfVZJUWE;CZ;&*) zkuu_S{@QQk;0*#k-(KczxpoNef_8g=xh3$FMRC#Zm|CC@!%ZC(qZ?^WwJ>`xMP{aK zZZr{{Q>o)OSEieKyvC;fRD49s-yRorZ_}Pr?0&W`TJtl~F%F>w#T%qG-CRiWQ$g{H zek~4+{MGK|P*}=|su2CWLpI&Yg<=cjEBRLe0$L_y`A`n5;NNH`sYIU{iqGA)WrE_W z75Hq*A@6=`;N#X{xq}{BakGWr){gunE@^PS|6=2~tc#Cc1CFHaktBXGwBL+5!DEbv zHfZ`f7~UCA#G?0g4akmZ6C*-O#bvn8u%qXYLErwg3TAN{CV*vLS{b=Yzlzs+RZJvj zzs7DjX}C)k%`3=3tw;pbfLTq(fh5$ z=r{P|$+Zt(YW7HgRJtFuH9Q5Lc6zK~##B}6m*O6=*sf;x0tAi{uwjtH%Y#lFhqgaG>n<1ZriRdihRe*NkJX#vJ@wpY7xbH+k#8Zjun?;K{@ zDlCo?4*HrCb|hDbvGuE$?&vdAfCuN$nS^jgh(|4);PhzJ#9k7~6~Y2x7793vq~D<5 z_{U6WDB~{)R$V1WA~wB;`uUx@2<`fWL|M9HtV%T!o z9m@+55COVed2>mFy>u(7j0`B2{o)RT@x>j4^rrEb-71bZJMjTn^$ZRQn>RxuYUIQ! zjH7D9u7I9)sVx*Qb`Vc=yz6Tsmrt`DjCXI=d?&Ey;?>ig3NSB z0%EAz^OEIfL6yP|sOEsX&prHtl_)&6x(H_5`jT)m@pH)malUJnP*9?%`Ou0%{^%Tx zESP_Gk>=DD1JJXWLcCUsoV+D6yxm&|qFhh23xSFgpW0F5-XJ~Tes)A{*&ZW>P zHe8LT+03V>k~V(&wx*{j9I1GL+x9v1X}-@uV)Qu6%J?O2Xi_!I(X(V?ZQtz1PI&$t z*;ya+j2+Qpqavm>%7vx^@03wzDH*YT0F4PW{p$EBCT)AN|U_bC?Nq zR8P-yf_}NUvsTvzz}C$L-$U3tRE)n*RlP{D0I` zg~+T*{&z3H|3!`ce>}KWnQ$G2gw z$mPDRzmOPLZ$JzaHh&WS`xHlE?k6dj6|xueYNkT)^_1deN~r7ThL!uBE->JW&x59X z@FE7bW^LrI85_Ljf18_R&tRbdK#12w`xv1&ll{Zq-oAcOjIpt)DYT$~5-6Z&2?2Gz zkHkCkiQ6LfWfh_ZJLEq#N7Hxd=! zvfOWW{B#m=6k_^h9veY8b)A6+&rxFZ4yv}gl`JIc(ieGg@$a;Wx?hgt zFCX|56BA>{Opq#vOlpCmT9h$KOfXBYzW?7aMx!@llH>C2p#pMrp@#07E~t_#b>`LLMmpfG(TY6xL>dVT*-IZkCo4#p{a9$509mB<^BE*ucD%oI3;23jUHl$jg4*9 zNDGM$1WF1Bl*;ZnEiPg%@R>9&+x|k?wDr5EjjIRTG+d@$?B=dzj*VuEh;(x z)$x1zqZ^>6T82hPEims(USGuAL|r#4OG_5z*N3u%N;u#H{wU~hLbcwvcaiaw)gSYARBC^b zwR=8Ap;Tqxzr!3I^hF`VAlj@=JbK4Z$WTlEkbxT~99QR!bc>wUQAXunEe*L>xS zO00Z_5@KLI7&RmGUcyMm4HqR8hjXPB8PZ1A5vBSvM)>0^-(U9RuO15C6&OQ2_QU3g z0ORWI#jLYQ+J!pJaGVi;h`Kc7D89Cr=nNdmU+-`g>&d`bthz!cw8eHoL<@%x*w8%EGZaG{v-WS9V zW^$tRUF+t1qmQhP31PW4tsFSROt*tJl`EVC=Q-+9Tx}z|5NCDwZevnKyXgPOTD>4c z>zR+bbfn%CUR#kGB=yw|VPWA33fmHJP~cdJS)talGgJaU;~G*T;uWw=a#Gbn%rB*g z7gB}uZ3(YInuG8tVi5CQ_DKU15GN0GinizEsj6xxovad#H{DRiPmaVL7$XCI6-}-n z){$h?K-u~ddL0Wa-0~)cNP*GBDiRy$tgGjr4r$ z6;jg{if#y>;H6flye{a{@!o_tG_B$WV$fit0Oz6f>hix zp6{mI3@0m+vQ9H%(wQL?C~ZH0WU{(L&j~GZLucu_dcbXtC~Nb6)5k&nLA|&!C;%njmT6yma@FG$>)h$n%4h(l_F8o9c@3?*9+`A>Q@pAp?i{xS1wwdotDjd zw>Oe!^tFdYLaMb}-e+S}5Tl{Rv&QpPrQ)Ur5ACQROm_c)JI@nK?#h{P#L9@pVHFY^ z$anNXL)@ZqQO^2@UH~%#Xv}#Kv-F2l?_@kGNockUGVEL+>WW@Op?7DslrjFq*r)oo znYaZScA`ItHsw*6Hopq7or9fmL|1Mx`!gY3lJzu|L#*!`(Tk*kInX_UPp7F6S+DJe z`hGs??c<$p8=gsL z?Qxl*inmi5_u*nz5-kQmVWy(A|zVd0I@$n1-zLfIsVQ@(g2&hsVrizn3} znwrLn%=5a29L(>0VH_>2I_Zz?sm;|G9fdHkPGL>vArLuX0FC3g5dd=}e(~f%cX(;z zhGUi+Tl?dH+6Ib`E5fVYfaN(#*1fmasdc61Ed`(?XA7X!V&)dYJpIfBRC*S2X7AzT z6T8%1;2NMXe57q~l%gmSo3EBG6Qiy6o~s94G?i4TQsJBucXm}k0tHc`p7L7wEns;n zn5oGBNjQd?jtmm^76QrK8QJDSGJKJTL(Zd2WM!Ok`rvKWg*RQP!V3LBuWOJe%albbFuT?Q=cNz(%)EdNf=#jz{{a$H1*B@6&J ze0QM<0bF+btpA0%)cx==e%Aq-i%gj_Ij}<&g6+R^K_+4)7gJv*%kAelkG9G-TLW;B zLEEKYJdWbz>(MXwrLZozMmiuB7RH6^jb$hcW=Sw6P1)#Hs(Gf*QackcF)-jYFf;=C zNqM1hM#9x@01Vv_QY3LS55g&s>CrcK$Rodfg)Hb zkNmCmIG^(aEmKxlZM>GK4Q+_FE~9Vx@86;-DpMi}4tyuI^oRo!z~|9suPp#zrl=rzk%j zr_VC62qsX#31&@HMR8d#<{Qg?@B=|A{Rc2w%6JKq0Du1e{Tukd0FeCP=c^j>$>rN| zHYc>BZ!UCRmp&@6rEyyS18~;kyLmOikRUm>a5u(nSO@95vK?Q~x4T*1mUTm0|P3ey{YU3JW|?rvW?Z29q3r!HiJb8w#? zEUwV@X6Ah>{^D&7qh_)ps>$5tm6YSqf^g6JPWu7VYs8iR2`^?XorUMk9oA6$yfw-O zi#x&ol+s+AecQfut&ZL%bFe|%k2>=+*}*fC1yhfVDmfw{800C}@pjmw!fFyz`U!-k z@0MctkWmh?Ncod z=BD0LHlvkWkHXM_nmtK;uH7J~t?khg^kaMiAIAY8@L;5m6Rl=R0rTF{bcLhD<~Qok zLOw}4FM(6HZj1mBLj!dV{-j`?f^*lbhJwBew3>}5yMM&*(FwjmXL6U!ubc3*e*`>- zd{5W$JKyz_fX@K(lSa<0L=mJHEXHpsbTwJ$FVdx4x$bA}z<U@r=aVb4x;h{@oZiM6`q*r{odbn0hpiBw*gVvczsW2yIhN=)!zUducaEw(e1byh` zS6)Bs+OSsa#KGY_PsMM8d&+Do^erDLiZl|t;1^B+lk;khrA36?2-p*Vd}}!?5xqwJ z(Y4JV`7HGFIv>$jjT+m-=`MLD3p=pt$G%Xhlre;5D zK*Opr#KUmjvy@vnl6V>}myRM1W-;L-W+L>H%ZiIJo6$GyE5QSi^64*;YGv?M&I-dG zfNw%|;8yGCWmD?R$)i{(Ar(AtYN(8B1-e13lEk#k$A-g``&P4ar89T?B7p_-^%Pjo zgqW5Qi9-rDiS)?XmE;^xxh59hvW+#TBh{ErT_5nI-pkOPV25|zn{ez-AolD1SIU

BcV9daMn3)B0K?_$86%QqAzlrE;o^%<|UM# zmCV8FNG&Y?=y}Nd{gBiU<{NS{;Sw#Tt;yFdO`Rb)X9E6MPMayt4FMWs?}LdG6@OZe zt^9xCdQlAJ%X^(Bf5M$va*i}3QxKO#HS6zh{NsKqFB$)qr4^n?EjiNw>r08({VjV} z#-(}4WO|u>#iH^20aQ~?-2L374hb4`hTUC^7)BuF&7Vb#FL{m489R~aBR3a-g(TY- zv?vq$%Lj(x0PLl62J|^Uc!q6@PHyk#zy*`+{-;{quqQm();$$}5xaGi6Rnm0Jpu|O zivd9+$xN;M;$(2Zus5=3C|D^usYJFo%<#NPSu3(fYu80$Gi=9OS6>?k064DimXdlK zC~N)01);?oYanx`Uo<)ZPyfeC6TAN)Gwp!?EW`MJEfHFKEoktk;`ZOy4!dv} zcl#5L0smVM49oKk$$B^ZSWM`*y~_Fc%ytx#$4T#E!E+w36Sg-zHQi^H{{Domn9-Pv z!E63irC}%CRFTJP`UdCkWya#y4o0hc-y5^}W^#qHAbmBp|Fq%HfPNdT^i6) zGCsg;>_u=lauW=*s(=5A8MV9x+q8 zdSC$&^nr+TM^5sogt8HJoFm8qhgonwY~?3lqgnM8dPu|EJ-OxS22%h$&B_I)ufegk zmGGQdKX1(F-Fx`RQEtRtHhcsHQAP`xvju0}AaB7Yh&T@4JmE)CK+IYFVk<1x9-czK zdXJ@t%K$!OdOl`*Xu|MJ7RfBU6~&u6DdP{R=G|xPcUA6*Y)N;rhD=9D+7fg``uQO-8D|&BdZV0|< zXYPb+-q)Og2xII?{cR-A^qEm!5Y$TYn@d>>5ZYza=x9Hej9)Kmn_dWJxUX-hFT_9l zp-gLw&bnmfA&|Hc>OGYOXmp7H1P=RXiAFdMg^u&)uj3yjmmfPkD{-DV3S?MOF4NS!>NAL+g3%0%qaOv9`rd%PkW5INI!D`9-AbPG+ z<*SD68yg&X3PyFjY~h^u-4fV&Yf*m%J3W{OFVx0-@Hx+_wvIRmdnh^|e0wChzq-8x zMn$+me(!;?NtP(Kt;osI^}uhRry0=hMYr^$k&57j&f387MBY2NE9Ykj%bxkIo35?k2S_le>I(4HK$34q%E>-(oux-r)(Gd5YQK_SRG{UB>_~!r3R+!Gxud>XbVj>o0(8RZZ0BKp0cfK`~pm;L{JeVpqo$co> zYW>qY8MtTD_)!fvQ;GQjZ%VL;(4lQP0QcSrU4CMW-0_r~m{%ZR?+r<~3O>ya4u|*+ zxxbGKD|IbR^W4u`-e5fw=Hhz!{p)N*yd7~{ptNGxZpcLp<{APto@+&Kt=?H*R@)PF z>&r^xMov~6){5SPU#*^+4^rZ8C69ds1 zzVp=%Sfkskvz{f_wTL>VNEELM$hkt#3+l6$k9RP6_jUo7iwvaNysKfZZ700iZ|&e8 zMq>ALj-&)=o>R7O8cnWy@VN)xlSC1hx2CZHf%fo1vHM{ZoOD@t?T$)5RK}o#JJwI z;^g=o_nx|Xqe?L8AlNsm*n!(EtKZI(&LP$U?iH4h+@791F07W4&I?e2-I>4q=pmPi ztDB8_Um^OzP0HiF07d(st^)mEFF>_PlJj8*Ca2$XY2Ar8nTPveq)W@LXBOUx_?(%B z5K@yz;ZxMpNX?uEP|P6VCRcb(g?>})>ZAZDd+>LsMiyY1pEyjkteinEomE>${D5_^mZ`I8x04glibJ4>~#!X^HIDSOj&_(nU6 zMZ}S)0lP(BoIsl14}j$lE_K-6*8IuysJn684h=BWiH-^yv;g)YF8{Iy`7GYN5dQJq z_30E<`1AOCj2HZ|HgGNr_BNXq5?LSzlq=&=Fg0u5R91FKnwt6@WbK zH87D~mie7b^6dpFD+ye@`lm?O!m3HuAF3UDn&IbvJuf5^;OE?qQZvQOPSq$Jqw$&Wk8P*r0KtpzWeOKa+r0TB{GU*IJRF z?LBy{;zVrwti1t+^KknSmop?*5>roSSRpn{4)LO_2j{Jh3c4m=ON{+ zbjsc)?Y^-pa@f+xErvU4f?z4<1mUF6U=8_*-S!v$*pb4rskF-!eY@PwtJt#Io5CR% zL&vkG;}e)hfS%vxITH7Y+S`4|TGfe$8a;+wll+aSy&96657IG{jLid=yc%-xNa3A9 z#oHrCm&Lyu@H^F-uG5F*bNOO->II!F81z$Jl!UxIjI8CuR)Kh34QrnLbq-Lt$jDEV zptrB_Rn=;EvHG9Ne@!62V%9W_y+inz<+z%qeyjNIx{tv$bB4J+gQGoRs_~i1{IzG= zo|W3BP-UGgmyIIOq_WfzWPffJVqGfgiHx_Ts1L_Je0{c@x5I?TB~A4;#ovc?`6#8fkh4`8Kn0Tbte2zp zP|!NY|B}jUMIaP}P^A$Jyy}T`#&=}nHuWf8c231R={BuH&ZCkJRdZBx4 zbIid%{YnUOjFqma_3)E|_<2u@cv}5nhD8K<+*v&&mI$I^gWr+NtE;3#YnG%}+?GM- zp-EX03JN2=0k?i&WAyfMFyQ<+oye(D1hj16=+?UDnwAoSXjU_cN67N(6&PM9dAIkN zR2I`uMc>lu%^#D~x|$v2MXTV{hc${){>mL^3IO#u>B*~(+=(*Q3*k?#@&^qbpq%n` z^TG>~G^pzhuAbYSu6^$SfQ>(}1=x6ZIl;fs_7JsOfO=EDoB;?fTOZdH{0*Nla?~9d z!^q)AMywco-c&W0wsUfHmn%=!{x#_hel`QFS#r4Fx~^$S9hH1p2@!QXfSU;fz26t$ z1+Z{wNuyZ~UFXCD7W$xt_*jFX_0getv8R8M(I)X9=90JS)&HY7;1f5s%%s9lEgooD z->R$y1^$uCd9oVy7z;?HfsVObUl!cCXkb~lc({0B$xINdYY(yq#>cWifc044nu^o! zpj+zT2Z$$x*<@Hoqc>HhCDeWqd%Za~cm@{^s`u+Pt55glB}Sx}1&*|(LyVhlfZ3EV zT}EH4RVD52r)CJE>jtH;G=0#*-t}#Ktz3_eA;D(yN=5tZayza`CEP+8j{U+vTxnQ8 zhUREMPd6_o5CPl(%Rr^z3h9dc#k!UOm_H*|npkmM*nm1<%BY-h*S@-b0=T2V-+ncW zzSonsdFv#W)YE}gaTrZiUYh@SV#@4-F`Cid>G!&p_Zjyn$SxYGB?jf72xV#n|G(~0 lfV}gcyAu4b=c8Aly$>BE^P+jpz`YwlQeWi6D@67E|2HrOSjzwa literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-global-400.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-global-400.png new file mode 100644 index 0000000000000000000000000000000000000000..31e2ed052f1f255195283b75a1611f115981af4a GIT binary patch literal 12719 zcmd73Ra9F~*f)w6x8hE5m*Nnt#oda#Q`}vP6$?^*C;_e|!QHP8HHzG|u~;9ycn!< zATRa+Z*t69YN;hzj3pH@GhK`&nf!xG7zSJG^Xw%bVG5R~C zeS`Lxx~Fw%!x9TBP9`e6@N_*thx@zf$`Pf9zbDg@OcakWg$f;)G&afNjwy1>#ckxK zG7cqkZ)aZo?A*;Q(B#j3IU!!_8R|eexlq_z1ajYd*LJ>D-T_`u8fJK-RCT1N#ED%& ze|@3rTphlrb7x$cORf_x8y$Z2G{^a&0JO8kF7y)xq9-2%`6-~hi1Y37LoU>h9C_|^no%p%9adT5syFb z-1pXHz9a{UjPJwLU%Gb3v-DwmlN_PJC}dyIu@q0Xs`Qq1Nr>iaBoN|OxrPjTGs<}d^700K0levOYE-THc zc8g{Vc#`MRAMOo1d}}-J`myHPKXEvQn(_ziY{lC4MWQalOrPs*C=r(-dEiX0+-s(@ zwFZW>0d+NS=_8-fmM9|T#!wQaEj%bkia^weaFnS++s*X+tqBGalGNVRa?xXH&Pb1V zi)Z%>O}_I(kU(duS-VeIqBu>%oYRre&87I#9uTWO=w09YFOP#toTlx%`SbM|NT^uK z4OW8!pE-=0E96}yBgL0BUG-{>N|Wk3pzSJ>FLw;Jbc4kI>ZIv_p5`8sHa_?uuKKo0D~}Ethsyas0DK5b+kNG zdi*#!IxJ=Kd+IAzbOzq%szAD@8Xgd7EdVTVIfwD*Sk@ zQ=a>2JPf{?!j7uzM?NgJ^O$wEJzW69(#i`1^rl2_P4w$-$9oZxcgD4fy|)$Y++S39 zx+^~Tt~l=Q_MyG910`PCbnCR`ph;)WD9qJQ69s}Q1+T+WHZ6p6${FnA3_t*V*yHL) z?#X!*vBw>--@1nu1X!+nFNi3byvbP}`dI5L;k^2r%l&3J$|Oy^gq~=m7k5m?-i+*^ z2&Uo|m$(58u)NShBauaaN8m9e)=xkTjGM7A^G3qDA>?|qH^|64hsCKD9%uJHGI+8; z!njPMklRVG-Z$Xo8n=zVJ1Wk^W02VMX4(E2dV-Mb)8ODtgxyFlS`$AiCm+fDq+$I&rIFv%^$@yYRO?HzdD*N2p6`Jq3 zj0suP-IEG+C75Y;{9x&$jaGx0&+1hH345N_tH0+OZ8<%Ow@3!8_w$j*pIGHD^ z)9n+T42fVu%>ZbR^gC~Ko8~hTCtQVk-j8x#Eyx^9*Dh-@S)sA?$uPYviTDh{VA#_FW--WdB}@;wnUHNyb(9qe(a4jIV)GgUE_^voNS% z0s$;W{U^n_G3Y$l$-ymz%TTslZl3f*S`!dG3}*xHe9ao_2pPhGf&W$po?SW4+lVI> zFff|02d^Bt!pF%Z0cpcvQY+6sRMMj~0AYUgxQ055hRyflpKf`GJQbg+ zGo9p`Q{EMZR@Gv%vuwGXuC(m-^}H13g+3exQqhrw1oo6oeUUW4^lDmW9;newbo2Y5VmX8``~3BMR+o4>aisb#t)2x{HwWe<|cq)LCTzX+clr*14{a zw(Jfl(Jzu!sx)e;TDu&U8Ut}t*&CCE>d1&n3Da+L;(rs6xfqVd!EN`7WVP+-7?!qZ z)5nyge@m@mIg{_xniPU&ZS-RFY-+?AvXWXGn<@_b)IM!|R$@^Z;QLrnbCG>D$#}mn zRS0~-%)1tMdsSG>6?S_U7ItUpLjmXr>$%Q+db*rGLh;ZpF>LpCtlTcJz7=mD2c12a z?_Roh-#<8=zQ!!n?cUFP4AWQW=O5~mT!vtDy<{X&9E$fX(`i0GTzf4(E1^d0|5=jF zVE?qUuo_xlYgMNd`p`A2QKtT^he^U&VakP$ko>Zpz>~^S7&s?L?|Z;VKqYA#?d2|J zpXX6_Q8~?=-`9OZ}khN8S-I5r<7_;w1PkqoU2-C6C;c^>n2* z3!ZYSo8IJIGT^Ga-iN^BN~LGN-Pd%s25MT{sZss@9(EJ< z@@=cBO!CbAdI%DY!iskfLv0#ElEI4NF*A~_1)y1km5yZ;4|_~Uo4i;aFK|6LPt|C? za}^V?>(sn(_SY+Dv>lhX2h|$)sBfsS>6dLc{QG)p=STfRHIvg&d2wrke>ySqf|x_U zYUw;!163WwT@z5J&HpX(JHD>885Qb5u3LBN?Rt=K)r+n_J3}q+jTa|R=ogM=S<(xX zsQw;{zF@inxBT#gb(RVT_Es3kiUs%=;T^R0H~&O{Bu7Bv2uYeYzH> z{hnp~mH2O+{cOk^L#QCCS+l2Sc_TkSD|NliSe$QvR+PT&l5HPZ^L~$1o-iE>0TE;9RE@y*o5P}B%~VLxIfdMG zl`{@bUdw|I;5I(@rJZH*!1HUwY>$zS@i@~n>N~&5!i~}6v832rH5)vEvO5xX27#h= za@o1RGCX9P44gmAJlx7L%k#n!YJc*?08<(uLryAbdhaqeAEDjzGX{%2ujTgx8=ODUtHD|6&8y(g3r4YW>BSfF;N)TGKk64RVIn=4%(Z}`DU#J zJ(YMw*zpNw&p#CP5ReS%8w7gwKxTith~GaYY{Ec1e8NeBr0T6T@lb+ z>9~U*N&vZ_XNf#rN!U17&$lfG`Og8?=NT~hR*VhjbCZ6$-|2+iU7u$gOY@*c_aeOX zcAQG!g-fS@Qh@H!GD)UFX)d%C!ehQdsMzt&S%d=1= zkn(6NBoo@kZ-D*4mHdVWJuE9Q%|?2Lz{rK?F_R1~HiUD_n=J}0YKPNKj`;O?xNyCd1jAaz{R zbVWmOrdMn1s8SI8atEPu`DBk0vKNOuodAgw5Oo8$w|v$tmiOVJMJE7fuOXX8ns;PM zH2pa{35~sa-9!#4%p33ZtZ}%Y$r0?BlH-|fW8G!DpL7eYP6hf^pidmv-)2~ox0}o(CVtbt#NBnJ-Gw*j{O=(!gt-^{2U7y+abR{MH~o(ZQjh-O%c7tZ^fzQ^ zqpJRdTd;AS#R%I1)c%{m4M|vf!csQQr|#exQ+ewoz#Z(fjYeZq_$C5if~cP@s&Dob z6NiF?l}xwIph{0dg(EUnSr#ifGFyn_@JEeVi&4GIyE@IEk$NH;N-XLZnA}*TZ;#=l*Y#001YsYu7>OQUCTWQ=y)#uvC^C9twUbYTS6 z)C^;qUblaqcSb4sTI;Nt2qG?0T+fH`=DUShUd43AzsJivFzdSq2VzY@$o{aHBiOUp`(PTV1K;&Tt#e#CNtuk5`~&aZm5-FYsXyzrsF49`9B}*ihs_ z?o^^t%hYTg=MT4n2JWFEe1DYqI<>IrfP7x$0Ed;UoHl5kNAZx6UcY;fh*Kub!fJ~X zk3=A#vMD<|rBBGN{`%}W2b=o6?4U41e`KFR@s|Ch*f-|htgj~s>d!Hht~0J??YV`4 z59Dk{HQDNs;hwhRhjhO3bcx;eh-i}vK{OO3-K#jUYVG8Gq3z5O_NrNp3M@8lo~Q!s z&%MEbcv2qb!FW__hjh}R4-$!!_qX~}Uzup53fLL-ynx6PVldRmth<$-z{)sHM6wc_ z@RbDR!T5~kw81YgM>wf6t_B^xNxr0rTLE9U2mc|avr~IVTv+Y%WYhXcKG|uC|Nf*J zVG+o5U#YpJdTPF3%wROn#wH`l&rmVqI84N4#JHj+ZF}H*IVomF=;U3$Rf3C*wu7zk z#Y1EL=l0s%9|lflby*Q+tB4fYJP;<*ah#J;`&P5h4Usihst1WwF6QMhjrxj&lhK*c zgK!i5K5Bpn%!({@3Z3UmtF(Xu(f;k_OJ+wV2>8Zb9Y+q)`qQ0`9gHc1p9%GL7B3)anUk%cX2ql5|Ty zXB;%yD}NTTvZU{WjW{zE$lP-d>8O)*3Nw@5iA}X~hiVVpoUZQt(>F^EI_p*`Q!S{0 zW;Uu`^@n(!)fhH4<2Fs5a7q<7G&^`jfLAzF>CmYhg!h!H%1K`*^6r*h0 z6XzumMW;GoSg>kQ^A&OD;$oO)9)nkvnkBzT?)xc;D((-?_XFPq&RL|M@4gASSLFJ9 zUYxBv*NJv!pqrR*m@9Go3kO-KrPi@Gb3a~e=Njd_$c0Y$L&!y_$`oSkJ)@R){_I@~ zo9UzVssuM}fJ0+3IFS1&FUXyMEq(c7LRq_My1 zk}*X-BebmvXk2P}2z2pJAzWqH+t~2lbA75p(SkD&_ptFC+~aD!I$eUtgJR(OlkQD` z>adjipE~#V&^!-3c2Zmn20YGB0Q%vIhJu~w7}vVa2a~0Oo!@95{&dHo?_$j*5;MKV zlJgaoL6xz}h#$FIEW+HA$BjcdVQ4hp_;C+KTP^-z%vag`^52aoUKuN)7jj!SnTI@| zqw>#t1jI~u2EKOrT~n=leTm6Z*pQPyr>bv*DHFfVBiQ(O-rW`o8Pa!ri8wa(){=Oh z^ay#p%DAXoL)qZ2S-@Lc4}Fvpt3FV)=zVDkdsgYF^X44r(y2r2ggl)|hIGZDZD{kV z5wm7}jK%%e2y)*-dd~F_QJ-=f~F$+QxeIo^Ajxc)Wx=Rxi|E zgON7|uxS8_QhPzW83lp3)4T8YDanqD%#z6^jC!!PC=2kUsA_hRR{ie%mi_ShFo*83py042{I_~M}XcPwI+JrvS73{j8hjRG0r>5J)bF{R* zdx7|%N9ro2*?GCYg_GuAziep#3`P4<)h03<<~jr@#awIL;;sHNFz~Q0(HzX}wYWuf z7CV+m_Ff__^N_1`tq8f5*XKwV^nA0SlCZa^bi7bo@<<()0xb)z-XHw1&I_kVA?lvn zThszYsmxRjDx7MHodJF5iPlOVse?xjbjpmGCnHZ~RvZrrOC3W0D#Bqc(9e;Ph15NR z%P`F}I^lE=<72e*%n!@ve=&q@TQSEzm_o!^{OA<$ zAo!E2Yf^+w^`7@S*P|W_EWZ6nk2g)V1uN>0EyV-4_hc4kav2?L=u&J^Ff}BlByNhF z9sBik$QiZ4WIzvD3B4exF%m7-X)Xo_TbPkw|spO>lU+idnm9PJ#7qCMUb0?Ts)emgC?UL#6FunH0O^StUz!ah=l2u(CY zpypcpm9KxjPUW4~3^qu4L#QH()cGU_#lSr{dEvYa$$q0mXB(iv0I$|MF=Jfw-jX~l z9&EdfLy)+RV13Q}42&J^FwqClD8k~PFb$2=TCo-H%|n~{>;yh-uW_D zLC_BUj;#gkf=v+}tiHO(?hR`&Bhu%; z`zZOZb5`W@GJAHz8`<%J9ylWBu$DS0?xw;>S7RoeD3DMIo0ql<6b!i1G!b@LFM*~7 zZ9UIZU&q4v6t}RT1YfP#aR&9^^``(Mg%0o&U^;Y%-R2SHJ^c{am(;M)+x{J zdNr;31GnrPhe=xsoSQMp8b%hguJ_Fs3j{3gKQGi6s$90LOGp(^^RJwB+)C;v*Ck={ zEHcr{nVe(XVXYG%o?!KMpeIdk{kP8Y9IYS{}I6Y4k znUZ5%%XwJ{R)B@iGvTRD+KzH^+%RaHP!22YT7H)b`&CjsvCmg6g;k{cxQ9@ZS2V1D!C}@8;1P&~Ps{=WTU~^u3h019)?kah1TCCSEg|HYh6DFMQmn)rbRlrfUZ z{PTQH?CN!gv&ZAAAv&`^>D~u3um$!G5{-0N8UfT%t?R(IE*#t$++7iqH35Dq=}FJ7X!( zT_lFgdNF{NqK;Js8K30ix-N`c$K z4)_p9Bk)o0ek~=03;*fGQZQhBx{$=|d-4rarDOEwL!~eJpiMVPc7C(^uX9N@w3<#f z>Sqe!*MVpTHD2C2$RuxK-Z0y2^k6vg>jcZW7XB+U!qmC$;BDW-8GB}^gsK5&=l$sm zm7C11{!A$`+3I}zA0!isvsY(~!g5oGsbGDwV`seNiQPZgsVWIEWWg++mF1EH~lhlVqO1E z`!xU&U4b|>cp#T{;_60Y<_{yX~#Pp+E4>N;1<8Sw`gt%kO<{c^t{87yQCH=?9+3ynou9MnZ|1TG}|9?^2Q=Ntq$zwnNt>6aHQ^KtP z*bv1L!FdctxS~Zbh4Wu|WJECN=H%mkzMt7n`Tv*%$c5hgzu5w)viMTq8^2OxilGZS z{W^=YALbM>9#*1dNRbx)-?Gf!Dk*(E;Y)->aoB@kJ6Z&M@Awi4$N7j;;9`B%=|+z^ z?CE|w&1tKDgl0fQ@`O@MHx0I*1y}6}2?j*^sQ3}z9Z3V=5P~J>_AFxujV7f;F2P2> zR5{J4H2#w_B#dQ_DJN)}hE38ozRrzSKoLgD&KPjHmlO{-FR;W|v(usBQl)@9{Knzx zZt2p-D|bK^cgDXYiqUwddbLHdW@T3@uI>n=``^x~?L3`7j-A#+jWJ0%m{Bo_QUC!k z#j`abolvZ4jZ)ul9j=fyu2DD zD=_xZ>}E%OoTRpn&Tj9~KW%7+zV}9OE2majBBml-Wmc2MhM;(=qDC!jB~y#fVT|Mq zCE4oa3Td~wTM`o#;Zq{>C6l!OI%qG7X!IMzth{`>Y!5M;E?}pVOCS+MgokRvgEZw@ zEobBgm%2IHfc3pGb2Yln^vlOaXzx2E&se7Y(Nh$b#(}#}+rtaKrz=dWzg@olEmbKk z<1mNQD0G7=8QO^N`v2!u!|+$(ESfNgi~FWq4aVED(NSvSjYtjGXYuTvrgRY?ioQ16 z9D1l3R+@?RV2sui@z8mjyTJ8()Dj~gP5U$oJPtI&A-qV1K#M!a&Wn>2@y|Co5_1h< z@ii(Etgnt?WvZa+Dr^uaP1mP?*5#c2{%ZepTR=`{t?}_k&9VpG=Z@QsT93KOvltzd z2CHaHx6bEfu=`21e!ZmSeL2>xV6i4|RnP3r#5%h*$yvIDy4-_0n6WjqS=;sNQtP-51Dh>eO!O+TpU&DXB{kQ4 z)UP*dgwM#4bwaGg=bj!(Ru$6(F_vGS|0$CTelD4cK`NTGHz@(xjJ|z#Asebs_{L4= z{RyX_Nv*C{&%jlrJg)Ns%={h1p1t4W05JpIUJ7bg%1VN|^#~3H1B#QA);yGy0-8<_ zVS0bKeImaRdpBG|H_RpP?-(3cf7h=41tl0A&Xu;9gGX|ru}H>Bl)edgA~DPVr|yXU z$4|CelJ#(_w}+ps1!?NJtd=9C<*{TDX{e`l#MY&0gsm{+B^hzZ!S*wYrs~A1Q)-q& zrAfrJ*bI4bI<4Jw+9R#MCi|x;W3f9`Mji&XFzbX68P*J6^0FHeCR2oXH=*u^rEpE5@)B zDJ|h#Z2lUz)Z;K)>_DeH{2ou1O$j|Y;X(((A=cHiIjjpu8}L`qU_fV&l|BN z;?T~^ub#VOa-qz)>If{+^MjQ{-$k@wA_@)TE$X-b>S}d3?`Jq}pu{fV5KU%or3^j6 z1Vt?tn*H=iXc2a*6rM4Iz8)JR(8N?8a|dTgQ!=ONQ%B1bcZP=9_hv1#r@-RiD~M2~ zE}&l5S4&xbMq}gnpZ+e~o}o1xhc@MMzA1B5A}n4m6gc6q+#M2|7jm=Aj?fj@Rh8@k zT@RVUC>voZ3@*AgX*n{?X%&@vqJtYL(z}9g#^Cy#EnEp@*99cty*!#5wghH4gB#_B zfRy`G&z~!`ip$O@MXjO)T!S;@KQwIij_Pc#>DV01ywip&oG$mbr>hEjbw*68;TE5d z`8A}N1`|lL#xgjnr8^(b!~@rv{iLeF*HeI|$UVQA-U#+ck&9989D_62V!KJBM*j=? zfW7bbHsgDfIqPCsuLKM+)ruF`2d=pShm^#{Z<&-8`#zvDiGsqPAfWw{`3b^~C{g@GC(RV;(M#%tQo`#j`T_&1~oOQ z(AiS~Z9FlK(;^^13AA&gC`{t36g|=L%l&Q?HLVoB3Z-(zerbbC(q>{lM~rZ+|EyuGE1E=hcd|KEkaJyW4@JDsrT?;F+?dzjdbjy!H}PUm23( zHr7283c_;7t-AuR|Fe^55yZfgqEgF|;LZ@`s&ZDHDY%Ph769L^U5XqcX|tNUjzUo^ zhpND7?a&`rkD*Pz_BdzSGNJnQQ2;^Tu9}Si=}@y)<8tp$)?)SI^#-18MzH#~$QAP4zEBXEOoFuTo-s9NNtl|9NGKBj8I+ zh2k~zHDV%1RL8aJT8Nmls04>nSh3cqr3iOj!$oc)j*6r$Qz~GKA^_ZNzBl#n+18XX z5Kg|!y{=(TV{h#m+Mt3BWr_670!sIg+gt}?vW_Jfs5Hk)4S#+>4N>m|vVUUlxY9o~ z=i`NM96jbxOTxWgxIU9)E;75N59Z#CK4)d6^#~TNvS)c$8mk7jvO$x@7~NFCoTkSl zS&izvWQtIJ+i%{~%^$d`4GrKKHFbA9v-}tcj6TaUtM8`&7=t~_o&AYJe{4OZj|}}B zN2M>)F%{QJ2QYW~K5QM3?(+zy`F!b62HzxbNJiVp!$4cob)Dmacx^Jp``yiu|SWd0FQC&*qLdEAU%Tw z%CAqy3!bj0Uf0?5+!S#Vc$Ommykt_N*mD}-jH3drpA~UP(`-P(d5NG%`@@d+h!Grm zHU8}ooPiP1Ja5E4KLOF|U-H!8JhBpJFw4D(EK&ft(S4l}^qSD3T_f#!7%0PM*_kJE zDYQ?Np-|6VJk+LSr(3ND7H#WlbT%BCw`Eb!{xQ`JSMcT@9*#?u=F7Be92!Q}Cw{Kl zKmILkwP)3Qw0RS}}n% zt7%zcJdjr47M~!4`;*bb_ zJy7G+2j2#iPC1T#9>lVFAq{oR=MR6Gjiq(Ok~rBsDELVkpBdVRgnAA2*$VE-75kLQ zV@@N=?lmR#inK4%I-W?*uPduat1toUygVAqo-HoMEqHcX6SN*=CV7(qx2<@87jSG8 z^R%Gqn>NY;1T-c-c&4vCtjKQ-+V7ym;Jr>*?h&tP1D&fa_O6BZQsC6h9E0jZvX?f)*sN>N*=Ua?pq<8VsR*l zlf@noX%RVW`UP;VI{x#+rkb6yvp1*DZTe<(y3!{(&tvaA7UrPG-3^yY!=|$2SU53c%&uQm1NH|L zM`MvHE!LTuN>2TKO6N4xF2}=z)678|^yP)2?W*2TQ0Vgm1)s;-ilEbO*X?@71!VY8 zuq})k4?lv}m)~XOcCJFJ*g>|R$hQ5OyXOgZu%rTDH5bAf=WQe%es;5T>D;4G>N;dT zZIzmnD)aB`#UOCGBazr7BOrnON#wX`Nb2;I5)ljKN6(WA^Av!t@mLd~f<2rQ)F@;3 zrfn%7MczDl(c#n?&WQFV=CRO2&|n~3u7D})pgX`E8a-8;3?V%ER zN=`W0kkTgnQDQ2@Eo+``=RJrJJ0N3)@=FVxtC-y!hEE6qZQgFStw(}x;Vq5Yb5raj zB0~HD5f3=Tz2K7VCfS<~o=F-c9er_fkR3>f#eg^EkN7h+@`AEqvsjiM51VhR_|LgQ z65OwEo?IEO3HmA$2f)XBaYjYz_dV~2oA#-2%%q>*;$yv;Bp~?n<&2}~?f=sNVpRXD zjNEgvpR1DYws8_O)lfsYXOsaQJvy4oF^ym%;WQsHzAVy5*-m%=3*JO)46BGZ|BoV^ z54`__)$z~i-wO4Bd0+H{qx#-2z$4YLlLJrlKfR_USYVe+gaFqCvi3kcGw64Ibj!T?e;lr%$kcM5`nN{7TqOLr*X4-k+Bi4o~W zVu*pW`JYekr}x{r&YA0(0cLn+p1t?I?|ZFvuZh#qQX?g1B*wzRBGph=eu;&JLl1r* zAtC^ejclcr;KvCgq|9jDujOt>1o+nh#E_1v9Q>%G?W$e zeY18K`~s<=9g+tn>3dETJ=}OW?8@nsI&7g2IhuZ3@WgIN|11^e^tGitBZVn+(YU@_ z{`~}}5Q6(N_AV+OCt`<~I8p^)A(DcPOC5(jWz=!`m0lP;Ip7YV zS5{WGenbEPFV!;R5>Qf7zIuZl0bYC9AF2ReOSk%e=(HbTtfhNRt|%ORsDv4{iU>v@ zI@wr_RHVQM)1gbvPQ;-+=JS?I<7UApH}8fTk9`Xx;v(c5l9&OX^X_q$@?|ZU%|-5r zQR>+MYu5aXLa#2zDK1?9?Jf==~rw z&hIK1HQu5j);^%iu&<-lTG9K`ey|Y+$rU3n~&wp&Rt=_Ig~(4*c77 zs8w$4ow{{Mv6ZM*O8M9{*7ojL4IJDn#K+XUEk!yIi})|!A)}AZv-r(=W6VaxfrVW_ z#2Zhfpu^`ZVUfbdK@9I=8}w~AFGb?0=$^n)C;rPP(c}!qT`9_xsSlOXZS)eNM67v< z+2Zrf82Uoh5IFN(% z!ULk_RchpP@daHghiKerI+kQZa)!Aun9vrr%78^r%>G>>4wSKAc!Ww3$M|yi__C#T z*OD9u5d{rCl2?%iN>qRYrDUg%myJ+TZOZNLq@tXZg3udw|M#9>*y_R)b1`bsd(cCo zN6Ew#Ky$Wr1v@OlL5vhOB4$6IKYnD%{!&suWd| zpj>qadk7m>I2lffAFKEso6~fe=sLSn4hlV-G@L)2%0!@MYD^)F;zY@^*LbOEX;r6{ zl#?3ulJKFy|9T2k_BW^bAFDrMCL79ngzIQfHHBc355{51k!dzQt?w8mo9mk+fpxj| zuAFx59zH$vKM}To(1*E(rJ%|>IG&@o*%ccZOpO@#&X)iDT-Lqc;Y>oYEOa!X7|n(b zks^p2ef-vSfg3_EF<7Qoa?qFcXkd64AFCYJ$r6{ui27)o6E*z0^}hhyq?P{UmG>F2 zzMt7oQnIoV{SY@a_V)HPa%&T1dPXNdcxI|CWXV|NAXpot`MA;KtYKpxKdL`_)>0nS z;<ob-97DE@$TLAzU+y)VXKNFsZeDfy~hzX6oneZ!og!t5$0p6DTsk6S(MZeC_$-% zisBHv*P#^Lrf6fW9>N6I3I=HQ*N93P1q!x7uYa8Tf4(Oeopuu%Rl~7O1#R_{5B=MX zYW`RaeU#<-D-uJ_+V{H|VKG}vF8uFv#%Q71NNzpMum24ys!RxeufIYY@ySzOlxTSP{1-=H;Co@Jy|HMfW_vw;AQq(8 z_8s&Qkp?nbr#|gX3ocEjg5Z$O){@R9lV&En+1HY0){@TZNEqKd7FdVLU41W;H!#WQ zMIBd+=bKG8P@*?IAEU%8=QrcGV0&Ab;ZnJ|78{bIqod<(PSwP3Gc{I}R8$cJq>RfQ zmwRd>Ibkku1xy;2NAs0*t8UPTD@L8y9vFWI2R@dI{To%wLe=Wd$5J1j-bnra@655oespr#KL<&Yc5XCNoYAZIeY7dK8o2^ zyRQ-lcDQ7lYb>^SIYL+hNrJsbs`vsc8Lc#{t)vo!?0iw)twB*mER7a+PI>q7kba5+7%Ar|ZTj_EBAJrq$HXwYxEk|bS5Zk3 zVX-oAn2q2%q8NG;a=w~@M#Zo$yFapM?9Y3iA=rdDoj-(iUfusB>1@0yX9vRBJOm>V zn3Y|zL~HLkwVoUD#x^JT8Q2Ra(sk6SAU(J8yV(OQl*i{} zx5wGidivHa6*hyT`7IU3jiP2FgHH%D25l~e?(~DL7n3*j#<6M_e$jXrkKNjH@NJ>m zva2-TZgko1c9k~0FozDcklf{t-op>_OZqZUQ`5wqomKSJKQG^)DW~Jj@&03JD740F zo3>5dgBt|K$-J2$PsdCP4a|Az&AWH;W~ z<~ZA&AhN^5!;C{2nsT$R1Ycjbv%KU=&&^H#{5)g1mt6i^nzn45h}B-HtHFQE1;Yon zN;DV?g|celmr%+L1Kl=%qOsFgP#Rwub6**kabB9nc{<_WEH|+5=zDz^c~Rj=1d1er4Kk`zIxXIToWA^|aH!wEQ|N>^lnA z>jGJo?KaRs#9<_>rW0gaJzgZY+b=&2k}iB-^`L_Oa5cmH*EW9E^}4CPex&_)@t-fd z^GYlk;Oas0t8<<=Ag3R@xW3#!1QmJatF6zslSUE|ykTv;CF)?ijq3^?)yYe6w5} zE`5)TnwIvHi{rgDF`@gPlQ#Vo6tGRTY(Eoj%ynE}M4E9?GE2K+A%;Fu)rhv%)lqxA z9{H7UB;M+?-&a?rr-|wrSUFq@AXqL>kp^QMIA})DiQKg0+0z ze*L%sF>ipn!1-r@H)3Vcq5cx?>#*!IMxltaj(3==g?QF3Xy$xHc^pv)=w|`(B=*DPJ zaly4UtzPmoTQg{|xw&~j)_CS8+ELmHb<6FIitAE2h>6RqW`C9vo-WZ~iTBg-?gw`9CbC|7+MZ|<0blxbi71F{9$pkl zysVYjp>6*;yw zJyD#*$BvB{&i>MADCxWyE_Hpx{R!rwsXxMW&>nJg+Ii#1 z7rgVUo}U(DC2~7|Z?apf5B5W*&sYzW2pVWgihu?C~_%>&+LXD0zP1r@kd@}k34#jAa|GHaXL ztBFgvwbX!UKQXvE?YMj~cuy{nK10w92a8$O9}gCUc^?b|8};ybT)Qyn@{~e_5@f5U z?aEfy=>;Fdrrn|sror9wIN$u!kT9Su^kB(r$3hy5bj@=4IoyA z8t8CsS=UGsmN~C+3IoJI>ASA;mpEa)D`ZO?e~4W+4}8X(PF6A4eY++xP*9E}os19{ zk|E&Qta|o?V*pmc!n(^O(Gx+g^=;Y2Wh~liw(t9+8~uGL|4CS@7lQ zp2V(Fu3XTu%i}LFz0j)5)fF248h%@;hTy~d1Y~WGc1oFa-yK)xMUygF9xQj?qKyLo z#i!`A{dW)aMk`FDFcR~HYT7c_XsY6n+zOLMWv3dvK-BtMH5L_zR&NSC>Teb|K^L6-GmOz#pbju3;F92|9hCr6P26bAdvur@BgeQR0MQ4rqiDjHYF7(M%x3($DKiS1W8cY)Rg%R^P_NpYcL%wvi=+r_1X4*8mXfo{Ls^v z`-UyatE;PMkb-Lv`{sXF@AZxqs<|Eg)zBmPG5gilZLE6O?h!K?^CSOnp7Zb4bH0On zQk%Su4eukvyMCXq&xMW|L@Y`TDT3&9X)p=I77@{<^{$bTkbf!Du1ZEUybCUnqJ@@+vvW)xBZR4b_7`-W2#M-EB~y zFy5d*@6_6Q_>)Ahna`3l-}SMt4BB$rAh5=ZAHdufS<;l99cPQx``xbL+hxWL zb_}PX4vq5`U-82~Rk854gv@^`0=Wa-|0jgwNx-A@kYh?vh;HHUHRf{V3~bE@Aqthn zV76o9;+icl0UFnvsah^a0ybT*Td~VwpE)<>DSNgt7OSGa{_NQc3=(U!PUCxTkMfVe z(D5vJSh$$&PklE;A)VWqB=vu`c*)nX;xE4&={V$M_QG!RF?7r_;aVxLXYK}8 zFxB4#a)qW6S*`TY&fEzPeaoqay2ZZ$ zSW>um4z7NK-CRhT2b|CVItr`7eA%tjD6Ew?M}0xf)-ecm9`VgJB9f_iv_7Qo&efaf zSFO*?7!}otG*ZMceRe-8^1~!$iiZir(>B}!o1&=(cu`SZ*u%k##teX$E#@1X2Zn|q z=WDGV>slB{d}tL-L2bUx+h}GQ8k)=tZYoBu4c5>*(d5=x(lCD(m&PZ5ai!5w_MTU0 zxAKd>RG5ocO3p(7H8(Zq4K#mSH_nche|%&;oShk!336W>4U@5O;`-@m4?Z5+1UGSk zb1l?@?{uOV-w^vLHrrF(p)@ZBp^kI$M7?wpoqQae;|nr9L0$Y<|D+hAr(>+^0dm4x zpTb=8RatAd$o2b-src`6aos`(`L5hY9t7(nG5hAcLSn4?X^axcmlSqO9kMN6+tF2> zN0VI4k9{dX9Vvc`fA5L6atv8m#3fCDrV3j;2LXgWG#GQiezu`|tMu?2ly_~8hp|UH zPL+43@iPT zf!o`=;{88Ry)h>SN?m8oPFF7oLR}VGR8ANxZmEC+f<$$`VPmGIaI>Kq(H{4n-*9Wm z=)b|i8u!&_LqXe`*b?G zrj;w_+_DRloS9mi=ihd7WCNxqFu$7Iti}mVb#*B_$n~Hw%8KXRyxfwsfMSa;oK8-| zUOm>=k{`J2jat0VL1-*wJ-bFu>u!fC$ye>Ae;m%UBkKH|$e~{NrzSgb7$bS_2CXiP z`;$j(B!YcRN&my(2<09k9qhTf)7_J8mSn>DMrZQ#OtUs$%2xNGuY%q?6AzI2-k)yk z+p=aDJS8(T0c_eoUDuck=LkgecTb(lH`Dsk1-u-XIY*Jr{Fnoj8Y?QJleu7N{m|ES zZAe?UqQt61tGH(nB)p(-fkIZYd!my9MMXu+j3H9GW_i5CQ$ZbC`y9BTVYmoMFK8Ju z-fR0h0@WLhO7D)S-e^Bt_9STWKx`~7Tp^krGwh`iy1H-eUyp*kwbHVUBY^-3;jf+} zuIks;qrjhQa|0s`NM7{)~oim?YaW^r*5jG-UJiZffZtY7t|uq*LpXCd3lA&52+ zLiy{B=aqCq=HJ54{~eyUcwLAd-nr9s(lCEaz6aF6%=l)IlY|3KA2Q1ao5K2gqDWqR z_jy0tXk^X*iwJGd^4cK%dB zO->AJLpe!6s=_Ru(-nPlkhLNxPDP_WiNR+m_k}XW873d>vW+a>78Lm*RG}1 zsx2Co`gA(pZ$UDXRC1PJmYZn`A?7T!$A%pYLetCnn^Rwm-AF+sd1Zr;R|}9BV`@m7eyN8tyL^ zr+3_gg;e;E_wjJuCbHtG9{$5m@mxYeJvmC?5Ga*AaYFR&NIKFWmDrcgMvRzuvFPp#j~(0+-qa(33zz z@s*y5iHVKXI~rpAx2GyZ{5`qB2mC^e$Nwyt1iP&0^XJWBgrA>Z)7c_y`)sf_ab{+Q zxb+#MluKe=-Dxp*TNDW$9N-fyoN=wQtx1xPAFZkb&(*L3mrm0KF0lsFgD7f${{3tH z+ke}cX0KJmwA8qXLWTD_1^Z@$xWb^9o~$my>p&_5^P(gkN8zw%o2HJc?jqrd4R8D( z`DK0`D8pRcig{IfE>sD9C(-h-Lf-Y6-!2;m5l&mURCN{>5z_n>jxGh;kC*DMM+>wY zYj2fBw!W6BUP^6ytRyx4`{{;WjtId$m}G1N!}mRzH0-IA5)q+Hmb;(_m73x7I=;?j zfpMY5ESZ#P3irTE%I@NLFNtj0oau-jVA{95@!{Zw%y^34&533)kYJ5bqMralhWA9? zL7!$Kjx9<6(HhbmX;hjK`ze*9u|K7{F%Mp zPM-O3B)d{zh1#vk9!A)=a+@sZ+JL-So*Op7D%4~8MO>Wj>of0~w) z^TutZPo=FB`o*B>CXBF0tMC4xC`-VO8<62jdxDaallyPs$)^;4=GKKbYODc}&hueJ z;is!FqTMR*Qac@$rvz&uv#%pG(|a43@ftZknDF2bBCOcPjK!QJD^!#nHAjspox-N@ zdhd^J!IMV|D9fNqq6?MseVy4KK6HI&p~7vIZ9!fluZCItj&)z47xwuunfG~kR=}84 z5WP}0$XIX@nz#t!0N7Fo=7maLALi?kgx8~AWqxL^2+NJ!KhaJzOH;s=3jh?+7%C^@}&C}_&7q7hehFzk}tEfnl_Z?DPfq4|dk z9GBMJ(^yu2e0+TL-?W?Ysz%3*=xOs1(%oObbc}RDzuJ!UxFjp=%LN?(B=BdtlT7|< z`1Mzd<*v*zO!S^~z}~~)i%m$IxzJ~LexZ8p=vVO$BRa=lpFI^LW1wi zpX!b==-m{!`DG4A13q*+mZ$|5s?#L|I+hYWo_n1LS`von$8OE0Yd9w8&aUn6$>AZ? z8m{U@j0%>e&BD{Fc&ev(s%hwrLMccxNySMueiUU0T)6JBU15x}!tuz0g;8$jdqqjl z7&Ojvh^6JuwT_h-=AF%>9pORO0!-$Q+Qh~7OE@|frT)Sx^5{tP-Me>Bb*Z_yxeIJZ zATP4S?||`AgH;gPZePe#z;#+`AYCW@>I~S3I()>1Od$O)8 zNm9{Hy)KP~3W~U;I)J_uYkN-v+4y*Snzi!=6XCma*sr-y0;s%ziDc&DlL!KGvIpjE zYo8p2AB#~MXnFSh`N>J6<22c=1pjV5w|`^oqlG+fxcu|V=3;zMtzTbQ>b-m! zKA9U-tPP*4wornw%Jq2GHX)J!J;qmfs;G#gtQ$GF`s+q+ZhO6^pS9mAS^f=(wa6fh zxcx6Y055JeAVQ71BKE(O=p`K9ZT^E&;Cb%MQ1-@pP0SU> z9+9~;9k4YtGm<|i%9KJF5Rx$)IpRh`IkK^98cr(AH9?&f&$3*Q*DIF1lYUov^8@YU zh933$S#r0I=s^0%OzTa~ZsDPZx5If{TKwDY(usClL-?d`Ga902@)5UOChH z8{r%xfu`?0GD}fai#@)l(A~p}@_eE?arM+9?FO4g7RB%cxhJLUaCLJA^QwMUUp``b z2a^7&T1x^(x_5& z16fdmj&9_}Ne{n9iuEf*JJB8b>rgne9r7aM-^GX{{EW{tbJmaj;RrZq6HzYz)UU79LWv?43*j7jJlb@w=f_ zQFm7M`$8#y6H~g(?YVA~NvSmMABKmNB8gPSUawAQ$rTGR+!YLcN)lbbn{s7q{hsT= zC}Y87a_L$qiiwuV?z=E;nfV@>Db1YrhU;L{kX|o3Zm2{$m>vSqU*Q@E?H~4G#C3`_s_yS zj+`7w1ikQ;sHkYl*MO19#Ux_^X?lHX!NlY{WnYMla}QfYsL_=q{?&)|=8+_H7mUYC ziI>IrL=_3&x5?@H1nI0?iG4o#Vep(&i*nPrUOGZ3b%VMp;w=RBB2dC7fVEOc*-S>Qe|qSQa9v8#+G(i0yDtXZ(IkJFdSh* zLXUw1sD7kLrD*qpREIIy7^|q__M@ThKAElizFd%7g9t8xnS$XKmLr5ZgUTV1(=3oj zL5w_#RPZHfB~2VPAH85~EWL0kZR_udCXrHLnOM35gSHDQZ8OG+w@sk~irxwcA8C7 z9vT6kM}r`wfcUEnf6B&D%c!0H^#3()%m3ZJoiyxaN5r`~Q#iC@WAxsuIb}_?%imfuizMkb+XB!WcK27SJ@V0v+S(*yFU=Qf_2J zC{T=8xPbpg*g7_tRh~PJuLMVDx-yEFz+aLB_x^kM_w(V(cZuK1)Ch(Rtx892SXFpWxB|4P{4s;Izol4f)9Hh&8F4!yTHVdV)LkIH5m-6w1KmEDx6Xf4m#q#GC3*adIc8) z^nDTA?}1$W+oh33&L{>94O;((V@ysuLY~^@RrK)dhy|Az@W`b>q4IWVsB}?y3iQ`l zz#*OeGex+vJ%s)tc<(Q#aSe4T7S>;9f!G%V#`W#nw++l7*j~AI`{Wse_>J?M-zC2gaDh~{^$4a?2?kSwGWk2xddn|9ijb-cuv zCE?FqVAIcWTVwH_s1@k!-j$iJ;L<2&coG-ukoM)SaCk(7q&W2Q>7?L$d`OI%%Bjz1 z-@|{o2P?BrMY6bvo64MJ%o+SiFB;+qnG{PUN29YGszS(SxeMmXRqNn(R8CQ?$}e5J zBQ7(tzcsWyZ|bzYySV>8vOz-%*muh|8;#7{UOlz8#bR1!9FzVlr^7;~IQ? z3nQg461f~sXqCYnGgxT3|JT#g?zNnkaRPxTLCJl%o(n_pWw*u*7xvef`cTcgu7BE? zZvIWaGIh_qtY+O=pf@x5roTR3O6l(5ad?n>6S*n&8uZ9l9QL*9`5!#!=1k)$G^{fB z^*#FgrTq!0TdEZ#^hn~Nc>_p{$#)*|I+bUfCNrye*iD~6AwL;IC~II(Nvx|9M|aFP#YD@>QFM8b3rmslP}r z>G0>9uLEtB?7?oDkd6zhfaj-xLlCBM%f*5gIh*Yn%XkpKVP&;7lXdorU%!&e^JmX` zidX-lA_~OgY*M?nZ@wdB>iY-ZbxDRE6O;l;5^fQ`{$1zcV?HC zZQ^3L(u_e@+&s^|Es_3_jzx$jE<@UdxayDlLZAAc`<7}`$(qt<`=DQ|c>3$NwH-oK zh2$z>r!$kHI4j{#;SUQjr-!J;eSq89{=^LdTV?{IQR+=a!(QhbD4jWwGhAu ziTPJsE9|^Q0=lf;-_{-LHrjoHMg)4~Kz@~~7lhYoy>n~(7A0z!r|z+UO89Vm_~7@f z1m$k#jO$3J)^c_J6J=d&73kZ=Z-#|$;dF)x2FXKDyKw|U>F zt*lQs(Gohwf1hlL_OaWaHU#mi(3|%wi{ya|9Q$t^lRkGoQvf+&&(t5M|L1x7Bd}Mh zh&`QN4+~F#&HVNk_iC*w2k5?YeAaxXj`KwMy%l%w z-JXv2fWzeos+0a#?fc+Ni|NUbE-Y#~Iu!84=*nxaoW_tb6~}OJI-ATbDN z+H?lZ^}y>aSn5@%E^6Fg;1?eGz4iIQk&wyq#b2W<8|CM}Co3o|ZLn)dt=pbdN;I$v zsckDW*a+f#G*IUoZcEo4YJdBT>}q~)-t@l9lwPAIwQT;gD35m5L}$I)bAE^fqkM4q zrhn7&uObbq@ow+=44A=8IOu@s__k00M`+)t$uGTvVy8cAbobAiJ=S$VR5Og1SoIxm zvY!zWhF$J;vL?UCNd%GJ2dqFZDzFUp15~zuDSmXjd_UH(RI4&r9WoEJ_Covd*V2AR zk!6!yz!PHM3_2-wPGfhYN=OP9C4oKpc2&VNKM=t$jQ$z0>2 zKS*s7cTb6s_ZQWjDCe z7Yi(J?b2RJIL|@0rJR&szP!s!M)>+?mTr`-3#}%}f9ON1huJb)>qFa=fy?+v#8O&X z+88jZ4H^TChmonTOu)nHGo7YLCbNqVxc0*N+DM!KyCU+Tp8neRqGWBUTr;`EBpuh-(9+jXpXgbJskq{N^2FVrFpug&*TVt_F_ z(NK~$f0AE*c`+pSTj3Yt!wsZjqS3n;gDRGuXigjS->?Syv9kQl!*DF|xQx+)uyPpk zmuxDC!nicuhg?4l$0MQ{|m*&D!_UHz(KRNPgl8xfa^s8p<{4Utc1L2Bo{GyTK0kTu`(g# z+4Ck2TfN~S<_NG=EPrQP^^%!nf&2>!6^7|>uHNxj803O*x)RMVN9trrw63pTV-^(HBWfvef5_BcpJ)K8S)c)w(6vEET?=!Esyb|i;JR6bVZ z;ZVS3mHPANUp<#vy?3Jlkb=)ml%e-p5hwHM4};{n@T{$^H}Z8%42#lZV|cVx=O-G9 zcX@!;S-3h22jOxktcUyRC!=knb zR~+Thipu&-ld-gr73q+I3-tpS7TaP-*>%}UY;1WiH%@_ZqyVF`zKOm`7hD$qtrt3& zqu^7eajSY_R3>aB>kfeZ;CPj8aoYi(J+|*r(fu34JIQZ690iCAIL0?`<+y!qb@ivX zy#cZNYqrb39*1uD5bDx37E>MO&w$D<0({V0v4TxVig08!S51ZpmPS;9UVz&@lkn6Oc6^ z$^y=!$4}4&S2!^_P^YZG=j7%l02Q~`01~=S$ASEatN>|@OCx;vHSRJAb2qlqC47~T zd(y{vH>$=(W83(h%|`)xW&IVX(ooS-u2h7F|1TX?RZ;)| literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-hover.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-hover.png new file mode 100644 index 0000000000000000000000000000000000000000..64f731a46505ff363b85801c800f9140838425ed GIT binary patch literal 11884 zcmc(F^;g_6)9>OGcXvv0rxbU0ch{x3J4dE7EO@xOVlSsp1Qx^_6&$V#&`c}02pE;tHiD<)}~NO6sg=wUJ+N+c|J#YCT5 z#R#p!PrM|PG5VX~v2djzKiK9=y#{_1d}W2QXZbbNSSQvI^)$x!#oD(>jNdE&C#IseL!V{ptT%L;Zj~GX zu|vN|s{SEiDM(t6AkVJFWIXNY5#IqD?Ya19O(qlTX0gPbXy5=6wa-M|$4CJ$=;s@j zJSR@^_#0tK>U1+kU)pP?YY^mDimBDBF)mNAtAPS9&_@@_2q`Jf{%$42v9tegq3eEgrK;S$}?xjRn3$$ZJP z5FD#5+T(u^J%R*Z(z;2IZk4=A7v1XCaC2$KMM{4h1((t)>==)uDtm8sFr`RKdln7y z2-}tAXG;KeN$zpUOl}v9Pci2Y4m6PGvump9gw1fpPMKyT@%a_vrSLpE2ayb z9hiz^WtjEC(|!hz*$@ll45goYqnnyxzk|>U;Tz)oy-Ojj1rg^X`2yrU!#$-Y|2BiH z2m?@;;wiUA(^S7?F~&Gbj4T#c5_D-JImlc43xat;@QK~Fh^tNv;oe~w#Qi{~Gna0tPvAAJt^)^j{50aSQ6yUzFNnZidooOvmo z+(ay$_=2Egi~3V%{Jz1$mg&Du?xhE;+xXD(EYZ{qq(Tj~@UY5!#}yKb45 z4Ci0O+Phw|KGna{@_dZJaE^~1;c(?Vy5+6u|Lt@w1S<9ztzOJ3N9|)}+Y11&^VhUh zKV88byS3Rsm$_=CBXN3e@$)jp*=oD#v#RUCPhshHF2sJ5NFO5WHEwiGa>H@k+flm5 zh+j*YD9B)8t&6av93&8+C_&|l+k(cDg~Nrocdv5lYP*B)c^l#9c>q=hk_PkVJ5G`q z{YO)@RPJ5Jo~|C4<7H}r->VIK07f~s>taZN{ZC9xe7;q{qv7=XH9v1MtQ~mX4bG8& zI92b+db-3|(^uivpZt;e1v019r}=F%=KmaSeDi+Tvgn|c`CdbI6^@fkpY?m|$%94v zC_*Rqq}ld>e4FH2g{`;2`WEJnNO=;KbJM>Ulk(d>mhWq4>!13qDAk?m3fE5AcHr5E8 z<9{vfj#1`^a~)*E&CVHRF0ltA>BG7AfB>NM{?pFD^V1at#|ob}wZA~{Rp_>7hYX;e zPzb}c#QXv}nNnUzto3j2ndMdtX41bcS$m9YKam8H2*;129y#qPuml(dJQ-Ilj8I&` zhiCbpdi_bA;peb2Ave$+bq_~0cU@N8id?$<{RbF7Gk*eGBP@>lk_nE1IRLKL8l9mN zr$@(OXj$>67(Qt`jqqyHp#E*q z!PBr0=+@Bn?}rb2Ym(*N1BZ9YILBmwG22xT#u?_qL5`7xvuIe)!OPVC@ptn>i1hbA z_E8DPFDBj>)PXm5c%2z5TnqzkGG&8s94lCB1I-9rMfkQI&*yDX=-l~I)Oc8+>LaZ0 ztCD7e6airk5lwav5KRWTwl2<7B!KH#wPcinVr| z>5hVHEy*vFBAfi(Hw5wEMGkt0D62yW#oz%?Fk_u5+A;GltczFT@TK0&Ap=y-OE&8} zyi)03W8hyk8734?s%B-#lBwmj9p1C^jJJq~`;tmgtwN;LjB2+WjS&xj6}GKjxvqQw zaJ0cI?jh7&Z4U$ey2z9PVTxOJ{Y)D^N1g|Dfn7N3R!4=-_g>p0FxQzf`ihE4!uPcO zI2;3{-s4TtO=6jlo)eP5&iSYdhTd%Q*{Od4fX;YO=oDsY)<` zJGs(W>=zQNANh|ZK~@E5t;ese$m8)KIx@X^~qh*ejbZ zEcWr+Y#YzZ*BXg6)3IF>0bw zbG@%v^trm835%f!;sEMb&l4-L^)~ZeU|DqRs{zn9Nniqk4!m{SP!k1rv_dr)SCR9p!&izBf=j zTwU(~5#p~O`)n+WV9k!TQ|Zda3w5j_?pE>G&Ujn9G+}XwxR(Wksu`w3i9tjI;iLeO z1}Pc4cBKSk7>CXlGXD8_6D4K6)QR4bxha%QjT&} z1>M~=i8n;s|CDxq@d!JVMwX9S^E{pE)=jDv<+=5Jc40yX?O}ADU%RuB{yu0zu>aSu z>)H7_Lc*>3n*7nPDB0=Mv`$jg_B6Ft)ce~S(~hUTG3&6`)5pl`pyyrN#oj{86u#b& zuF~Aq-1l-JsU!DK7IQe%Rt}uhAoA4}K{)!((mSsT^lnxeIEIQB{#^<}@jUwm0Lzb| zp%@%3-WCg7z}+4kJ7JGEA|R&jLJux%iw@IX5Vo9|jr8Qa zZd$mNY>EExxK}SE>aZlv!LTQd0KxgZD+u)*n2k43p1x`Xo?U@-!0#I|z$Wtuylw6% zOTW+1Fx zZ`Y??f472xP_)~2{p*TyAjiWtfe|?U_LbZa(F@-88xW>;Eu8wV z7>eV^E3XiCq}i5uDC{nTYTUHhR^hC8Lae@=*+s<^e-r&Ju{Lhp{6F?rXc#c~)&`4; z%5G*lEU->EJq3mhllYk=}^^rL=NO$W77SJ4dt(g3 zO6ye);!g;6M-dtYQ)nje_4NKG3~3__b?ThihPO@{H=S1t1m7IuxMFUafHG{O;(Q$l z6z=oRP>btD93JyW&jMOk@A8+sYUA$;@bMKou*9dDou&w-N&~tM4gb#KE9N{eZC|Bf zBRZH##`m0w z2p(L+MPPIN1LK44Drmv(kuNLBK}WSUNA0V%lqL<5qTdT$MHlmElJPb+PWU0QY8n;waw4(y?9#s` zz`K@Wp@3PfYkAcBV&&*F#pA7Zpv<`Kut0lfr%OP$@>e&9$ufIVX^owgBb|<;o4`}i z`VY+~3zG*;&Aj@naF5S*qO_qa-+dh8f>dg?XSS~44zFzUF{8)IkwPO>Nk7-uK_L{5 zgYax9YM`&4`rlAoV*u7rwCZjNpW@PwTJ-OA#LSoEb`ka0_yovlf86%Khyzj_VHz@W=sUDkQA*VWg-3s>TQst`46)4Nnu z^V)^A=n5RY#lNQ;;a~m0l1!N^_M0qHa$(72JEKr($-zL?=noo|32EA)HkIT?po@r_ zF&E32`gSO;Sd-|`#{wl%ZlGwP5XjekRI_%U&pgb6$KqXqNN_IyQE)zA*D})H)@Bh$ zu#VZafKPI;D(J@M=U=tYv2awD(Lz-x`vXr8uydZC7UAtbDhW{i^CiklU}(;dBye_6 z3LNcpSp&jf%!go;auS8cyKm7OukqoA-8s9dFNA3)@E22;W7HybGY2r+_O`e`hFGN) zca>-%_h|3P4_^*i>p7wkW0Y7-L-DTJ4*e#&rGXPR$!+UhYkdsoZK}>(9^$TG_xcd& zagg?f&4k!*V%h9ayEbW{5bK&BEl}_@jtpyig0W?uF#w2~B!~`hnf7sq?OQahJ_YsE z^#Jx!EmRAInpfYmC9nM}9BCce|152p8*ou88vNvme8M_BxHe_!=Z+=wm&wdj7NA#p zw*XhY>-Oy)o##O@;uv_jyS+JA1W@^Vl=A8Ap3fD_X_R1?gzV&dZLhGJDAQ2pMn%)X zBHES6p-8!Gq|$7w;M<1=7F;n2f+q{IujTZlVVkFEqnkN*FOUw91T)ZUihNrjdcSOrDoWSO%L2YBBRRe*C;Tghj(EKgjru0c%X^ zH$#@_2kILwurfVq(W1d>BEdhdTwT>+0$u)^XS176(58uLs;a<%Es$q6UJ zkFKGv$8DORB$Z*f3*%4Y5KVj~O4ZO`${vwBS8zMN@41D+HL0E+r3{c5AnH$x+>t z`LH3_=j6vYl2{|YesG<^J-F^1o|nSDC$0!1T{}j39_lOg%+gZTNK3ww)lwENv)DmH zJ=fDU1N&Iwb;Tri$sdose5?^TN~o1Th)4`E2a0P^WPf=Wecvq)t#+X~6a%QN#yLN8 zl9YsOO|&~W(=T8cT471ZBqE34(=GbR=wUN*Art$@S;it#LvKm0iE>P5I%s928a4dC z62$*yDbuH!WO~+}{>$&}^4(T5!0X|?G;%=193m1oBj z9sjB$xuOC|#CT8K+p7wtkmg zMr;_z(_jXjbC}!=6AyrBvv+?JeJn)TiYOgj8w*h9{V-K%Cs1gwv*+ls-Cl+|_T_ka z;;+Y1ZRKKJ6+yk8F+{ny@Ib&rdBToN^RMY_(Gdxc^7My%hW#%zP}{A@8)DiSusMt^ zv@>yiGaPgS6M;(9rK}CKmgp;@(#kKUOQx>N+X`yZiv(X}PL}_P-%OXNm$FSSo{XC6 zQ|1^lfY-`Ny*`>J4@?yOmzyjow;Uz4mD<* zT$HnHmWLSB1x4MAF9d~qw+G1%k=S|V^>{>P<~i|v#zodJ+i$Pg)@317c!IM+3p4k{ zvg->h9`rFj9@ajxFqcvXrUy!DRujcA_MalCA2C>PNdvo0=32)+&;Xuq#ZYV>vE68N)n&E@aGG6zMSaguGAW&#&MyF0=Z6q zH4#*qw&U^-1(Mw=>Bs3Vr;Ze~AUZB{>*O>hW9M|^fBm6H?GcGjOCs%I27sGpKrDuf z!jKxI7YHtQLP*M9fNyz@pX})gzV{YOw@a^1|45Z!U8X;b@0mnd%F-|nv&A>$HfJI` z|5*}o!vJ;R%t>5P`{|PofX%rSyHP8UGIF)H*E`n660(tZ=QN>D<|mVm4IXXm#Fnd! zlmnds)0);!lR+SoZl7fCEfzN8CXF&szdf7j>p8iSDVQiVWu)b9I?KlI=AXU=^%F*& z1?LACfQ`jH;`(1qyLqAprL6EsO1E!62w1N=$ix-rRT_y1lso9Yp|HwU-}Ke%4B6q% zU3zzK8L&2u8=JQp{^}D1zW`&WyP_U47qa159MY}7qad+o{aB>C^=!j{Ly6c?G1 zIu?&{s8qgJ*4*Mh7Oz&j!Pg;Z+lLVnXawSA?|z9aB8k4(6%?B#ZdArLZ4TWS^wDWj zFtYD`@Va(vLScn8TVC80Y--F)v#hZRr0n3bZLWW6-dYk$Mmmztk{I{cnzt=0E(@rL{oB+TG~OSa!geCDSg$6>G)~a?etBtlo4G z;-m?5Mx_m|cDKZh!nn}g5T8u1V(8^bpWjsnBm0NY5{Cx(!yrUaI)SOxB=Y3u=ID>-49}1 zSVQdHLM-c*C^{A%z7>`PJydQg?N0;Y)=gNwMcLrQ?5u&EX!?mrkj=DPu9rjC%Z4D| zTLY1bN*n_C)+LjtbbF8M%`Z6XBKcK-wKJ~qK0&NpCE}k=FijU zeRMb?QQmuO!<*kO<=erP`?i^@jpW>4IL|6S09*)aS<=?#ckbjnd|dan-8|0n2OxhYq73EqvAY@fp&8zw%*QIK;YjUqiNXy!8Y-Sf4cA z@&iEWSMR?_UNc_`fX_vB8^4cpQeek2ro~bWcf`&_tn)-(xMCFDjew7_TQA?*j@~p| z3#$EUZza*UzhwL}V!-l!FlB=%q>z+Ga#rcU++%rRQJol-8cx+REMm5pS~iVntgKM& zI+%@>&O*8+p4S!4SsX74MKQt=xwfj7+vojin#(&9;fGJvd@k#RcYh$KJu#P}{ki;W z3guN=L`UHF4ZJ*tLHA*L2?dR{y-FVs3>35Nr8Rc{=>LqBJujZ#SN2=SUY~Dhec8A8 z*K9h_pXi@DhD7x84BZ!9e}A5(b|qU19$$mnGuzy07>fshtuD_%{2SFzEQC-W_foBu znA*kL+a#>OQMlr`b_&1AG2=}xQ_x8KXiPtsLYYXAQ}#nV4eTp4weGqbIV1jIT3z6l zdrYH+*}g`)V;{+1Wa8qJF9z8if=Rgn+-uBh$TLzT>$HLuC%(PyJYReAAhgF52-$@eFR;{CPM-1Rd zaJ-g{K2nBp_}{=05k*<-nCfhfv3C!gw5;X(efh-fYwuzuiQi?&vn=Q0%MISZzaW)X zR5PO0*ft#4ye6#+I&i?N+z~oQW@F8Z-=q(UX|~hIDO7UzKIJ>Z?LD zlA1K#UkbXqvl7zt&%+dr(N1QD))mnLA*K)orcnO!`i0zB9F}xyXDVW+PW_9@>2F4O^e zsy!uvRJ=f3wY?TKsfZ@=b(~ae&m2+7S%>1mMj^4^!{!9Qv`SOb>v69%NPThIM zr0%+z^)nqNtA055i@{HqQ5Rq zYF-aZHqRnNWoNv&Ia8x!#03Szzf-Ho9GQuci)XUVf+v^7Kr4j3`w0gLM;y1pKVs*#2gJoaGI*(b|pGWhRz2Pn>We|IIY! zjZae1!vX(=MKgLnDV^wm2|Sq48biqZp??d!P&(D>zBxc$YfDpu>v?}EnkNZ*?KYb( z8RM{N!n$LdUb>i)%fC=MZ3D5+&`fuSk%&AnJZ+@$xBZK>aqg zb5X#&M5z+_T)M+Mw&o zyXUonnAO!vpVv;yyW@tnVyoU;4T85M^@v;&_+7{LcuxIQI*rtT+DLR;uJcU=0;cHQ?+nvnhvc6*y*|@cgnQTp zeM|8A_7)&<{EaTTHHZ~)Dv1ykj zW#@umL8xW29oaWPuL10CZf6uHpWoEB3zx9`%J3RHeDVCfV7STt84w&v8H7A+fRW%< z4c%@@|0JMe2;D3etVdgeV(4{+BiXyKE{K1{vE6URx;~86K=pTG!pSH8Y864*)rf8y za6#AHt&=ww^!hZZd!9EqhJETsPka5w8)jfwNlL~|9sT8>^5wVKBYs!8+&p&=N@6~6 zX)!~Uc`poA7)GbYD1p+!hq(LYn*QC{mFNwR#r)_FaTWgClmZxdh5+|#xzVgSraho% zXYIGe#mE9pc73{#<$lG&6#h3%t0wr?nJ2Umr0R6Amovvd+ z?JK5kp|hEfYGGArjrlA$&7-ez4om^7^2y2v@Y0L=E;G%SwNq z&q2j-L;Q#8`+imaBPeck8xJV(j}fLS&?tFVAFLLyEFer>R}Wxn&e|uRt`7P5)SmSI z02*k1i-N-5F@;3&@#aj*72mgimd=L?4%6tx5=LnY{9`gjSS!PaJIl>)H6??Qly|cjAcBej$_N za@_eq8W9X#6dp~0{?4DH;{lt%DWx3w@p2p=9xA3PV)gwg9`fuO#&mM@><^);2MWX@ z=EtHUl+NBfJ*ZSOM(D>UQVgK~vf1@9dX8H?`oji*$9yp~Oa4G-0&ZiE5-u1YE~|pZ zcc5Ih5WXnE6Ckyx4VjN_x;LLY$@D&tx2b^5OTm3AZ;F)` z`Wg61XTCR{PKg;wYJF zk2bQVW@&Baa69s7Cf^cQk@iK=&pTFP#Lb?*4zg{2JiH_GyS#4ge!%&<{kOP& zl$rGZkXU%;C!kOR0xBx1+HI@>OO=!C7L&fr0MqP^3{^D+O=opm-=Er`?X`j-c9Zee z7II?0|$Wb6q>0MWRquIigA+$HLm}5U2iN zrr>gNnL*?DncG`F0v@SYS7qfr5f^F~*gJK43G%!} z?=ym9?{-dT*Fwf2YLO!i?cYgyMWD$sScaTVVrOp;i<5%t{^faThUMjGHAzM`h;EK` zM8ZT*{sYH1zFrgBPD}Eb3?98l?cFx51gn^zqdMECoFsj-bb9s%#WX;{{Mh^ZUpo!R zmY^oN#HX_1=0SgNr=j1G-@eoUnk^8^e%R@kmVfGcEb8o`Xy_LT)-30paR*-~9gi=A zn}&hx364X9!kasEWVOmZzNl_iIUGnpkLpbA-9JB^PLh)=A7FRAJ!m`}L{wOrdZPLB zkUbkMw&M04-js@iyRul(QRi5A&S#XX=M+_)@P zwb3W~KdEMw9slIt;oDdwyI+U@182C7s%K~I4jA|digcx!N*EG@X&(Kyl!Fb;)M_rq zDSK4M!9bsuXvIc|D*nvU=G8^bkkbWxC%9A3))JA2o(*UWR}bzo_&*GEDxo@d+q;SE zQ6LQAus(&>$TT?Z^6`uvh67!UUq_M9An4tw%GiqZV(a+6M*}o&zsmbYKQju^2#pSb zX~ZqUuxeT-vJ?O-XaN6sLN6H;V1ma!BE3xY7@2(sO=h+H;tIc-1AyN~D5{M2yP7Ny7G)ZKZF) zFT$v89gfrxR(bdX54mCJ4R&h@?Ek)Hr6afINfgL+V@QAc>~oB_buo=cUNjhk!b~#v zAeIWJR=Uek53Hj@b2WN2Ek)y#j&Nlu3E&pCS(8doe81Y^K5arSM*|y3;$};!rc{Lp zJ+-KW5Hw=ndK;>}@pp~HWh)~{^ix4+Xg-f2i*RFoX)YpR>bG2Vzm}4f^31b;hbtmv zKALfbq{Z=O`2U$`&4o5!-_()|_Hhh(zL(IoCxb*w|A#iJjIl~=*=3Q4FJCM+D4hyy zn|GNCn_e96sf0&ib8d=AO*Jl>WNZUFH#mf1Bdpo5DoK<+h1z($Sm=*`EV85E{FP?j zl$07JU@bpBx1Cgj87ZbNlk1b){jpd_-E)}FNI+#`>&X~r**ODx=}}xjwy-JhN$H!{ zK5|MUftKIXT|zca4pCTGSU7NuR+Sv0?&9e8=s#|=MbGXnnNhmfSlFk;zP$VkoBk8A z?-;LT;zb_oWkv}@sm5m0yM(7=?CW1+z7}`9(c-SW{{MUeP$EfBHpDsIFso zI^#Vv+=%*bNWe|4*&Ol0u-w1rD@5nClqzsSJ6NTaq= zerYRDRmk|ezPURz`v{GukvoZg9G-}&q$3JNpG=DZn;X*LKI_Nn^mN5(3?56%uLPFg2~vG)JJHl5b+C9 zs*bPF%{1Mv&KJir^(|BFubD?S$EC4EQN*VkxknOZbRT%;tTpF=5>`NrBJ%=1C44-R zK?EoOb(JLvi?G4KQ@1_(=c5%(4T@5VlqLQ{5_-tX`I@ci_h-g|R*~mBo#eZbxs@Qr zL1Luh+;~YK-&lsVy-KoqIm*2Drj0RFDTyK6ejE}Fp%H7qCE)-7il!upfX(;ZxsoQ1 z1nBPkye5*$-iQVj3uxLvGc4waoV}5UcYbu`bJA7=h@A#7g-#)Z3@LBm>l4~?vAF^F zxTnAB;e}73J&oF&hP*cL!o?htehm9rixOF0(Qhd&EaEF_&0bL;G20K7mC6o z^t7spE6&x7>9Q|Ai5C@-NezX!BKRm26`kUoIlNJq3kieoR1m&uDMzW|~iwz%Zo4WMI=apUAB^CNoLKA~mu7 zNGBDH8F1{#j!bojk|yF>G{gTO_^<(5OVJ7$=vY`1MNr5amK2xl!m+6*=aVYK@tOSQrDDD#6U5dNA7cK5CrMSCGp;*x3QV8x8cSw-Uz2D>c zzUO}T|NSF!Opat-Yt5{=&Y3ySL@FyvW1y0t!ok5|fMg_8;oy*H;o#nuAS1q7&{u$) zuP-Q0GCHnsa0GP!Jl=p*Y0qDcNNyknNu(V_bOJ2oKXi|=aBx&`APG@*ubktb{y7F3 z{%0>bwt2kyhZrSN*P{`%Q9bV%v5WGj;F{ko)B2bXBz;9F5R>Rn{=uT8Dw6W8x1|4THQTpxj~{VJKf5)LaXteR z6kvX=zrUW>qG&d|IfO(8E8@d*IEJnh+(w<+h+FXM*{8tUH$*OLnp=iuQU1|TY_W$P*0Kbcmv z0GAdNtXmzfD~-{tEB)NAITpxfsLRAqoS(vID0(VRKgOxG*2VmM|LB_W-R1$IPNU(( z_|;?9S=0(@T-gd-*^oMWy$hS2vs=&Y(ZVQ?VMsw?A$+qg5+5I5)TFmBL-CJhoQGHc zHV%Ja5h@jW;=0)#jbZRJqzvm4v=3Rno!1q$#i&mHL1_cJH~7%OknZ763z=_G$SPr% zY5{30E+K&uEuN!>g2ESE$na_lFk0iQR>}*Gi?0V&tfy;!Tg=|r7fw6nUHN>vy3j1z z1bbJTyPC_O6%f1!^q?|H!lU&tIWA^GOn>M0x)Fi6V-_fiXsBNPAoTbUc=_`m)}5NM2gnu-j*~d*8fyKT;6Wyys8L z?V{uQi%$3t!3Hb#;efP7e%R>I3Nuuw)^)A+p}VDLryUKBK6!CmfCWNu>L}s7MmyNd z(eqwn@$K|>x19$W^m(bpKKrcF9+HrSNB>DCwhd8qckxs1jyL@vFJwCC{R7Xa0sK|N zut(a{_jDRE$CedcAj35Gsd;O(?G^v}!$cH^kjuY<@sd8jwia{$yDK-h{cPuuesQJqL8Y#{O>O{2K;~4V>uoIBv-2ioch2Z z#O=7|A(;o0up&ozd}Ppi2`ad(z#cv3f|J1=#wa3sZT%Xxu=x^um;gbNVj2nTvOrzZ zAR(RoSQz+Fw8DVa<BM|4;sh2 zQHN7c)xUK|gMssE8v?*YMAgx*(oti|^lyeK8?Y{cr@m@8dg?}cTAnow(~Fs9{4UO= zK>|-QJELx~BT+|1f{W4Hg+A$FW_!1(i#F>*!w{{U*-h;h>X|mzWy8BMQ}Ju%y)l+M zXH$jmkimxxbCD#8#o(xJ4jpX@Px4fID^5>A4{-%^WvO0z z_7u0iC7-zZIxKa<<(Uq){H32KFp&P0jgH^N3(UmU8oJ}deSyXhw>@6=3>x~L;2*n= z{pQ(*talT_ogXR%BJO|pT#HC|Rq7?$9sq%eez=Dg#riZ1?IgNwjuin_0VXjjGHQ4{ zd5vN+dkw#&`UfxRx|hgR3D{Kc|4eEmdQ=N&F(XzwPL&#S{fHQ@hcOoC#2`ERm4^M` z@}@23n9}VfB3~Jpy!+jky$jyK)|bSy&@3{h3yrZ!Rh_ww)g(d8XNZ~B373F%PcKLF z*J|2@nvvDh4i-5-ZHI|_T?vht6={&M@V^5r+1RB(`J(VNP)GN)jvaSv{Se+#Cv(c7 z&NUG&BFYxC*1o!z4yB1B=-77t)SQ@jp(i%#T4A$DZK1@P8ek0>AX=p7WaL)T)2HO5 z1X!+{mTyxdp45wh5wK&1DfN+|+5k2ryaXTvF*fjsbwcUGp_~|J&t8T)g6d4v$aqHA z*#CLF*i>n!6+?rYh_{up8O%?4cLH2Uk6^4k*?gH z5}U=gwb_THkcfY?pYZn#JW=tHGr-XNxFqIBtM!tAx^oR3NVO^a35G3Y0KKBawcdM5 zFHtDk(oH5<9J~y9L+!J26XfO8&rmie&7Q>-7Fi>BA&$b$w>mKW>wG_%qeNzwYK$u; zF);~o*($Jp?f1WKZ?U&6_K@&TwhLbdqe|;{V|koTz4y~;kK%C9KtRk2Gi7F4SKN{W z^Y;6sKiS>Ze`)$Jv!{t0n1dF;a%GQS0jMKR%V5T$VU#dw4Lse9v@Vnr+MrI5V{n8B zPp&b5F4u~Ac~H_iGJ8h~cILg*)Cr)J{xX>8c^cl9z^*D{4ZOAswM}c~;6m+Ha}dtX zTOg6LwJJpA*nkbK{$RUI4qlMeWuiGrsph8UI2)3XK*N6^hG!|M#t1V*0|E<^wgPI8 z_a7S-))^2CB=%)5uu(Cl3GoxlxebcdRTdd4*g-!&=5@!stx2oe?Lf?9iaSqCpvD;o zfl`#>WG-bzZJQjE<(p#VT&L1w6vuXBSxnFCLP(t=pnU0WQkKeKL{M5G)C5Q@jZu2K z8BQ(6`ALOK|Ne4c*6X`PFE4?#xLnYIIewS0c$sSdH-U!nyi(-~yw!c-A?$WzGYe3f ztSE`XDoIS(7xo8aPz0CS9b9)2Zu7Ejw?)dRyce!h#uwn=lr!?yHktxk*nGctq zG5^iA!7xY1;h0c`t=2%ai-5ZsdDOfqyE+81Xh1qWNg0A&=J*wt-kB<(Dl9QZ##YDCp&9M(S+gjOvLRofnAv2}030f46&i$>ZnRdx(0 zpz0s7;VRyp+2bOXe1Vx=WU|8_nc($FmX&P(Zl$7L;3JPjxr}ftCE;0f2o~UZbVN|7 zin@Z?sxl=d%J3Q z#@ci=rhsw{)?vDKi4^Q*>L|>DZs%*0zmwnEZc#)XRvK+c;Zj^g3fOxYD?3zV9$l5TZ(!ir)lm<@1e z&qAiAY+(EueYx zuL8z{bW#Xb6)o|&frJTGSieW~@$osY4(x&_<+l43ghUa+HqK8fP2pXX;la{lyfix- z(s|a6HYt2Zwszany7@8hf%(~LG-cFphHJ2KQYgAuE^Q->@cR(-=18S--f2n{X>&(S zC~P~9|2-&aqj}M=|6xD(TOh2JaJ618ow;|0P7V(4#cki<^Ko5299-?~o$2(Jq}P4^ zx2g5@c;{{Krqatb&Hc5dQ0&CST~n1S8Nj+hS>O+J_Y9eah6Qz4o;5Y$jm$<-Nh%I^ zFmqmshN#q+)KD`CEL{46gsPZCo>haymEXr+u^pFl8A651IqC|62M#TS)HPfhU*@>E zp~_O^hceuZJF^jDQaLER)>p%WMihxUaS7woqdRIzy1g0JW{e>-4^UUeD{MzaMA-+T zyGT5%mayD}n1at}qQKn{`!lY2#m{Xrcj&x)s!<|5d#Dc*9QhPTx8L7K$M`ui0NQ`gu@oT@Vt`@sU~eX79XOY6|s*eC?`60GqTojKaH#Dslm z+Hy1K=9zbjX;Or%Qd4sbpL}$BOv}{`>Y&l#8w^0`lP@juM~u#M6DpcYur4BDE>YCy zK$be}oZB}E=c2J~CqEC8O~^&+Gz+`dmXJPOBHLo*n#th*n4#`77#40yr71C>Q{NG~XziO{n==_xx3rW|MpBQ{B-ydZCms6eewsT8UgO^@>2(y)|4a@sPL~*(@g> zaCO}X4GmLC<2%M;GaadL6Y#2+rz&eyLMWDi>{`V7djJs9Z>G{zM92}8fpr2XRQ$<~ zJQx=>U}Dad74ZmC_)EiSPKvK$Puw5?t@64%sm#F}RtLN{=duhFNIs#b>28ogAO6H8 zm+15wT~?#&0BU$(qzwla+Q?^2$dD`m2ff{GD(owlHL6-=ubB=7F+)5OH8I|8$cb;K z0x?3NJe6ki3=2eEHa_VqKEy0{B?NA`pk9ZC#uNxNFUqCYk+LIB{*{r18&T7`s_MxY zk>G}%paZDlT;F%5EoPG&3_&lztln_%V?=emHk~{*kf2-UPFQ5&$G0Rv8$rLg9y?uz zPYJa-OwAmHJ|v||*4Gxk{9gFA$2NJU+*Zt9ju>S%-GB!nh^W_>@zG(_)!8vfOAH|N zjvdo~XG3)(&syi2S!(Ro{oXE(*09?me=a4ll>TZd1?r!!$Va&mI7!{T(OUHrgk%RGMqxioN7d1`^F+!3=ZfW(>sK)Zd* zDoyDF+<2#-MLkVI50bToqX$u6T2H^I>}V5ImumrC^&Y=V7mYGh{N=LqHX+818H%zJ z1VYVtw+?CS-OQ*w&DHBw4LLJqhBNEz-vX`gTzBK4@)CPGZw}22(hzR$?vZe#=uwuz zQS7ai!SP%z=FAcmEHo)%nsX{b`pU%R2NY5at*%u1)gtd}GV>*PmPN#20^8gz!3xEv z9p&0q&?(9FWJ&EYFCN+$q-6Y3`6MLgEmv$toW3N^W1DR)e%Rx!}ZkCTHSLij4 z`6+hGhjG!)`RV|==w^NUcZ~vsEB$n0=V=A$jV_cU2Qrn$3LMpKf`lu)`2|NaRAQF@qaht%rJi}*=?mL`J-Cq-gw85d_q+celqpDsi-`M z9@U!u&iZt4bkzS(oaI$%2dzJydctjlZuBBi#%LLOBk-(x!3Ug&P^QeR!R#IT3HN@x zuJgR?2a4IoqTteRELr9ahGUSP&&aWD3Z7XD&R6VO3d4wfd^F+VgrN2Dn;RjR;i{-e zejD(w;Y?F++>iM9_*x#6C}f{M-}Usk`C+YUuUNHAf99xficn=du`R`&&jeark0qF+ zdiZ~41DmB3DG5ienvQ=l~Uo* zY)7cJf^^FwQ==X?`O}TElCX~>C$6Er1I;ZvH`!t-(*0$lPAp1jIx(RuQ~e5DAe@)w z-z-YGRIw?x>Sgd7Bjm*raE1(u&9wMha5c~d5m9+RTa!?HbIKXQs}IP(9uqqxY%PqL zK?h4&NXi5l4!A6Mrc&-JLM`S^l%rIE(q_Ig#MXg4%PC=|7nh463ofg&ZDrzp_6y9B z!@Cs$wKm_-zm7KetqvBzT=TR6F4aMo>0BIHg-7a%HTJctPX%rATCr3=yX3p8y5qcI zyRi0_CQMg}$U!kBSs}H@Q|jwbJhT$b-^Xqv_@;l5WT4J~z%;q}q^nwv_U;t9me3UXV z;Cso|nbO`s$xMYn$uYF-U(FIMxX%YaLY$z7uIIizcfN36Y2qJoA4lfO9iG4n*@k^- zEPCgaMlYk}ANObTJk$zLUr|)X>-&Sl!`{l;Zjz#0b7CJOuQ#s^HnGQ@4@}cmb}YL+ z*0XZrjQea0RnB>iJty2N0TBCQf5U)>!0lIvRViS2^e&V0tIF_~KGJjgkf3sb_g^zS z6vI?lf^f&oqX~6H(!5cM-D}WXR3Zf$Fr94umr{bQXhM0uy>1|m%}9Oo9|--}KztEg zC+b1d2B#u^73@8)DLawF+fANVOnuF7(IfjO@0mnWY{{(9Tlvf_aJMjbhLCy@cFHH5 z0G%l;75|UroKFg#?TUJ-Ij``LE-ALV>5xE;UThb%KbVxXj4DJ*vYTS|z4ajdhf>%( z21!O6IBLGp>h1DRO$pJA2XZf$ob?GGl^@yxbmi4WOi7f!vOu$%7rdrv_Tj}m^x`}h zib>!G>cdv)9Nx4Yexfh2*aO>GTDjP{HCs35ub)(xcW)^Svox-QZ2PI$-kJ77?E{6% zs5x1UCTAtbBA=5n$?l<<1#!bLER)A2fv7V6-G#HO{U8CyG2~bv#asleT;1DiIxSrT ze_srs9=$H^T@#FFmZz7G6!A%q1_&(0ZdPjnYfcC{B|V(cEoF_=YZhS-8^HbqyWF&1 zgv#mwNaJ|$o9cT!EE`xF3b_DlXoBm!;XoNptTpxpA2QP_Q`1s2)kH47Q0Ru z9xhKvG1jF6054esM=`4Tvx1(YXCZ%5qNtk|0I@hl{q!!%+E#@jO~fXA=<`J-ev{sg z(r2O%9|zS#J^ZD-9KO-3yu?SgWezWCO-ORtR{LD~AG*k>gaw2T3+8)><+Y z_B}!)T7>nz3tH-1rX3o^=HlEXPX3x(Pe&rdbQYE(wcuoJe^{vVSAxtSg2pkc-!i4J*JDybN4;+MrzDNbwN%R zL>#Nt{5_weJcD%!%|qw5V$!fKQeanmVuSi=%L8@SwC#7h(1l%)|Hx6hD(dJTB<#y( z^{XB<6`fsgf>Z+`<&7Gab1m$Ow@L`- zG`Z@D$@p5u{xk%@jq}6o{B9d9(Ont^iwX13U0i30J`^R)83(3Ro;Vg17IYVv z;P7l4?C1gv-Aep-lI(4EAyujZ{6JvqP@;yROj<$8JHykzqe99ZV(*7+wF#(yORbE! z6Da&{`-G~NEJmzRWyH9nkI$XAaHkD1`IX>kEltfid zH^nz8j6E}~yR0m`hqF)wY+5)KWPwgvq|knvOM2HF_kNDg=5(czjknvao}gf%W!+un zZ;=%|MslX#@+KAaM6qg;ML-vUUbN?WI7zdv%J%}tm5jM%BhzS$uc#2CTlfZaS=g0? zq3zh2bN$a0?t(KrFtaQ{x{rt$uPQ_!FH zCTsy$+3R1n1|s3U-krV}-a+~?1w%3a2QvwaN=qXlB3?#}q2R843wh61#wiG-ZDbbD zBB2GLCX=*M7n5pXrBtxX`%etOJkU@l* zAI!?j8lq2~d9L(OKo_4f3a0RO=Zvot1dD9^hU=#kWtTa&n#$$*D_j%hXbHk{+@7cg zjHuQgN%C}oW+uOgbLD)9BhlbS8H&m;W^=`4XUgoTNm^t@=t0d1ZbO9AIp7Ta&=PMx zFwud0|G}gFRLN%^yTD=Rqsu$fsaSC)Q=4Wn_DD{Af3uWP8YLR|xoq^2IN-vbpHV|Tl^LQaEAxUCsZhyM zaorn;Yu(nv;;{k@BzM{u`yDUJPj3%1%M=YpAI32Qd0~te@+&xzBZrw?C`WkJGG3j2 z{qGTZLhhG5|J&ZYmj|OSuQ3bvmGZUCb>E8_pxk~YEez%8y8C%n{aF19@u5dG{WpsS zTF{eo;b+rh;Q)ao+TOXsIPhKfo#5*p+I9YT_4#5zsqN`@*_Lh2=F_XK)qXsK z18ypfjAu&}+BTw%n8{z1Jl8ZbS>fi6ZjutlOP_IPMY0;~-eRrnu&ygR;3leJvkoc@Z1nmeE1$6*j(>=kwwrP#628azXo zXj9`=8&oBu??hyDd(~1ta)7H>Gw@G})LChoTM{dcA0#T@sI-rA&ZG^F4JR=)&NgMe zjxWl%u;vx@A(LSB7*eLjpVxABMS8!bBfNphZMSI4ycOaFpBhYz!VdhBkfg%LTBNDp zm3xSBvgJ{dK6fFR0IU;;Le!5Q4P>-t(pp7h$bmOn_cw|M`ecPyc#sAhcf<%U87VuvVv zt9An@ABLsbVLQno)-YNmvhz2`t?L0^f6I4!Z=degDf6C=i5(ah#ozP3n=Msh+ikvE z^WApM<45}k=G!edjo1f5AZy{KaSv)$I*s&y0>R^%ufPtk`)(toxZ(J2?QSbU{QcnN z?wD+kyNAbC%*Xw$4%^z^qv`89apSo%l`W|zLQ3wplWPJk*iItNPA>J#i~+Ty8pAT3 zj()S+u;K4SJr;(013BqZItk@tg_1hQzwhsT(*P+95e`<;JeidRv~MD02DPQa)XX}N zL3+s9--d^xQn?gzQ=C<_sNVwde3!>$m}En#oNqj{ch5u%y-;w`>a6@C5Sc*Mi=?7G zWj|sJWe^2-Y1#|;Al>e&oKf#n-|8^!78W$!P8(`g;6L!aIT$U?5wPJ_yYnS$f5pW% z$50x)yn3t~Z1wziT;N|t<)3*J7%1U+^~uY1DMCP0M<%>FxF?CdbiqYp$V}B&uI!*b z?g*GNvMR$nl}Zp!tF$T!{4QTsokEOgR@Md)F$#%H6E&Y=iC)^nsHC9Y+OMn58!J69 zt*+jvPL*gO?-3EIZkq<@M(f&gCBFk@QB@P)c}kX0@?_Zw5o`Q?#$Sw|33-pdNOqSH zZQr^j(6s$a8slh7muj+~+C}}t6yNW7kQyy$t7h=j2c50ooKgpySjes(mjAET!v|tP zA1+qd=<^3-trx(wj=+eAr4k!$!QXAj*4HL$$_<8dkncsOY z%Mmdu2s<`aays#AJQ?0FL&-*XJuG3JD9#}DrJa$Jvn$Au0M{IF=vXw=IsgcjLT>anpba?OE2G9zMxN94NoTV`ee%15{87U3NXuXjAZQp-B< zG!^CF^)2avfb<4#MHi}4vLkiVqhhKIBkUv<<~`92H8Rg5-D%iK5zt~;q7R_Y?&URD zNtql$@>6`0S@aJnV0;|0I7%H!$g}Ea@DbPO$%R*Zu^t(*4o;#9KWM~}?gt)+s*JAp z{xZC#4M85-Va8IN8h6E98wd9Lpa!q{eN!shW+T&iB}ZW4jNgtS7Cs||OdY1`un)vX z_O*08N=*z>U0J@GYxZ2(QxVph*D}O?YGY_l(5q$7ct4+3kJZ;wv+30|%M%R@yUN)Z z5bCp4)~DBE^>l!7-}>*?8n|Gr=&Eb#-Bm@9E$E8#oHVmaX6<3BsT;E8$fpnjf0#%# zdz}|UMKd-4NHAZ&-vrx}Qqr;jYnZ~3pX>$~=*KKqLgJ)4a>rB0VV1?$n_#P?*`6x8q*5g|yhe_UWy-NKRqX(v*TGH>B^s``_yLIhM1wwjdjA!&<;gNbC6;{L&`o4f}%$5jzlf3_>aVe(2dGttH_RZ_$l`xp`0GSd% zY`|8eAH6IXS73t=Ad(i=Yz|~_WL#z`Nlh46=4+v)e?w`{C>feV@sS`&N3$vLV+TRj z7xc8{TJ_1UXH6MdY-$?%-A>wW*0JH;d%id;->C&nGZ2t*Vam1Eq*G9M`@(9dz>biq zTry1Wwh(8gi+SynnOP-jxSfvdvTJWGkaU4R!5?&w^>xO>XRRvZnfDCBm88H;8R5MC z*M}(n5DPmo=j=_G70H4w>*Gp4#w!P4?6uugegyx@OStZBNgNZKF~Zc39Oy?bMnabm z?0T1KuY(4eMFq94m5bVp>BZzyReT=XD%Fxb*@X$&ZBy|z$jVBIsV>lzskyP*aJakt z3CxU^P>7D$dCRu-=#U5efT{U$JWeJJ5VN4glolFQV@@3Q6QSHanC(URnT|`nB|*$<064`#~{yH@kS%B*RyKuY~cE=r+}d zHQT?J32GjpgBcihUn}S-agc;2@`xtqOn^)L8#5E%@|fmnJtuSgYR^#WY+8 z<~{m)*`w4fsm!?uJU1|p(FiyC{Z=)_Axwn))x|Ol^wVLiweLjv*O+2BLIo$O+6-wc zd(N2FME>{<6kyK?i7-inEm2>CbzWVjZGk6UuWR7!lE|p_bp{TI=qtxbQf+C9 zimAd&5;aqPY^UaABml9P6$#K=Spt8(o!z+4#|B++6eYP>D*4>h~_1FRM%i6oC`Vk)(ch0r7<8ghM8RZqXX5}T3!X1#0P z@!ROsF)Rh7X4Y&&tohXL#r95z>=TL15`lkSvsHRUKv`04!*B8S@_hBbe@UulNzjHH z{K=b6Q*m&eY`=q#EIaC{pv!TC8(GSLhprS-{cEje+e%xbl{DvU#3xnfwG670F9S`? z>3&~mYqFngYAG*ny|Qg_JFB-InR34sD40pq^iZTjs#ZL_b^e900FFAZv`@GnZfb!} z#3<;D53(tR7jKEJ*9)@`Q-Omx4b%-E&=E-x0l-mGzx1<$fZN}Tl{e}Eno+|CO}%Dj zDH_VBZ5X7l#QBeaMjD*vNFq)Cj+2_Ql)$s=8@}4D0_Sg8mzzMtnjo? zri}4nwS#Tcr6M%}ee}SFL{eBvtYKInf-KcO84Z+Y!USX-tnyEHPsUCPs*}SZa(>pB z|73?bZB!hb=T)%PPB{0K^beU7IfRB@Wip2+ZZBYIh7>+C!uEEN&sOTuLz?a}J!7s_sVOm# zZuQ!&W%m1iK=oML2a*59;&{DOx}!t)h_*Vir^B%t0NI^A8S3Wf17K>sM(Eu8)khXN zH6saUQ;IDM5A^^bxFUXXY@XF;WOVov!%1(bS8{8Er{^0z&FWe)H^Gn=h%_69MIF4w zO;ojBIZDy$%LD`mB+mtl;A9Ev{u*PD zx3>HHckY#CT9Vk1G;7a)5nF~Gw(9!d_csdrI(QPAN|ev{=_Q4%e|0R+)ou7WL;t+O zU0_*eVl_qD%emS+rtK~cc@mQ8b|%-GpY2YPh(3G1%V%%<0}%>mWDi#j@4a1JYG~yX z!Ww-DZ}A>fYdW=pw09vLzIbf^WIX#DU={fNJ-xJE?4XUxn(mjuylwxAg1L$~QoEJr zqvRik$S}d0>==0p=GFYURt@rsIQtI+#}^tn%qfYi^HJB8fs{7 zYzQzaexxCd;(5mS3chBjLpjcR$b5Ol?>kx`=zlpriS`YDlq)UZ=I zIMLXi+B$q<<2C#DS;_eJ2O>YTL@ispiwmZ`e=Ya)ihpjavK)`)Cc1KnpTP2Wh^6H; zcGc#;X?Ul?j1P9p##>|ED647_`IW}ZZ3sW{aA6ZjIgr0GguFq+Y+Yo-~kRtc_XlF-3_c#J)c+oZ8AM7U0O&QAw~=NyY);I zd_;daLImHbX_Vy0C2Hb$DFunSU>01AIjp$d#A-io!GXyHNR7H4#oWl1*H;Ir&Hfw) zUh6+Tq%u8)muqc&YjrbTK~4|Zr}_`Cp7W6w)R4>RQl>8Hf)OzH9s~qPN=0egAoM)s zwlGy!*jGDjoylT^mMQjkOATyCXQ;;h?d|uo*DD9F^PQYLo}US7 zPEu`Vma|sF=h^ZtKdxBQe(mplt~a}}QdCUSF$Lg3m(oX5An3H1sovp4_xh(rAW;Yk zlDkPCrN`zU-1z?MNSbOIj}Nx>8_`k%T#drC?V6~*hyP!Fn!C9Gd*7+ zz<&u-9#h7z)+7en^k8yezWAQo4-XC6dA_6R%b0F+2pMVA+`p?yO1jw3FyNr@lpMHL z9_{3({PAbanJWcoWT4LOakidoFfxof;s*Bh||zMkHat zPJo!r9S3S5QH12ML+F1kTJ;z@jNuJg-{WvgY!=)_Ss)_?c$oWQ(0_a7hIO)xg6|G* zuXo??a+QtSupxNtaz$!vnQKM;Fvtae+3#0|wAf_hac)UdjjbFI$&w>Qe_5pnCqvP? z;EhX&f%$Y6&=j6P`fm--cJ>YM0laff9wk-3h9kOi1t-H@6xMJH$vs1{@scpE*Z7d~ zGS_)rbe_{q-da4Z;{PF%C-nAlH(S_?)xN70)V|%pVGcZ7x?fuvp)t@Fdp=6!u5(_s zxfXbOmnQTeH12yKA8I+_krVQNG#pFD;b&l*)IUTeIcu~$-zxt!{-sCgcVG@@>OTbz ze4qbd9$x83*K1a4lR8TnudL&NpeWyhCC^XeC>@pP_1Q$L;Y0kl{7Z|n5c8eT9Y;#A zLQ0~2IptJX^q%Kt0XOV=?PBPDJQt(Kcw(vFkX7t?>}t#Yv&)3Rx#fg)YA41n*?;sT zmkU4U=N!QqRwuQOog6wBr-AYDlz*4~PD%=sy@^a$DwphDwH9{{Mjl4lHDcZ2rmB^@ zXM>fRm4NAGf2~)F>&fDAg?6Xh0uw_vgVyMQSS5vqE!nQ~v6JA0Zn;_^@E`q*Bb}7I%x(2wDaX3vxDi*!-bF>hce$of z-Z-;}h=xlM-TRs*)2@Y56;?0JR$Ped->`6!91teS{!@(b%Q0jBjNqE?#82IHe!iEN zX+%%Vv+Z2dq%SgLeysYM!r4Gei~l1gSXS-B?-W&;*|`xRDx>}B)MBw3jS(3(xoFN} zLy6G_nWYb7Uzy>f{H~g=uA4O#nPq{zcmN&wB<<7jGW%B)hN@e5poM>8Dttz);`i#! z;qSu{C?i4Xi&Aa9&MY2-=SM?*~t1AhQ_;x}DU@57= z570?V6iH3EhJgUqG}vkYfO%+9Owl_ymO`@Bw=+%V293-ii8ys(w5ehfaysh-mvj(? zh57CV69tZB^Ql25B_(kn?r~)l-*EHNRtsvN_0JYa`GGaZTI&F~vSRJ7w+vyzv3E-5hhcM zKkGXzo%l7taq@mGVy$>pyUC5t$7iu1&{d_&Q=#wMvlacG{~?z=1sdGXw!?ncI%P7S zzk-vS!Qy5nPX|JGpY?x^I%fLp#yedN4K=?!6^cv>E^a|#>G@~P92q=;2os-)4xaY% z@5lWTA9EhOZXZWd&7H^dLi&$6)M|hE4++G~)~42%B|A-v-Gj zDUR#i6HRiBTh z?;p?FUttMlhl48|GTx%3{8p2^XR?5OGSvGEnyT#*$kXAgX}SsxGC3lW|9s#ipX&TU?|%0O*LhwS5SDC;=iGlM*lUgFXf&sNngW1E{3*3Cvzh|#^;4{fHD*+ zpHBn3N$*(NFyjU0sbhnLs(cO|l5I(|%DUy(^CCJz9cKv(yx;qwW>H+9dey7z z6Vy?M&5CGdKBr9OhhfFg&{SJRL*A5S$#PfXC0*b(dsL_us)HnK$Q6S~yR%@rnP^FP7UzctI){slGH z_B!OO(&eFC7YuaK$&$_L5uYS4-RR<9MBLUZaXtf)Ud*ep4PGu5@Ci1KL@RK0g!7+d z?z@>3h(X!DvrYzn-FF;F45B4yC){_K+-^1bn~J%)7mvA?$1nL}v*Q1d?(93C;a81$ z^!;!DjS@@W&35PcjiX`EAq*pJ7-y=aJSBMATiv|Cz1xT-hy!J2t~SzY(Y0x|c{yT0^JJ@}{F9DKiOaikyrzcl ziuXW-;%050hS(Uq>BJiOZl{)cvuFZ$rMkE-niJpA5nCm=J_1x%I5^UpLo{i?E{@ce2;Qw6ks^nizb`xgaudm52ETD zVCl(0Bg1x=yIPu74{QgYFA03d=%(?5Rmn%%&tGe;&!Q-<^X7<=W4mALYDK?10ZT-B zO-W;nAa~5wuY*T=kN2uP6a2f3RTT-pl7c?e_LqV^whrauE;(&o*&MPy4nlrEWfD%&g3a2u2;NRHJdBnR~E^RcnP zjfvsdQ*)`AE+%q0*vvH~%uRuR;k}A%5J5>|M`AL|RwC6QHzdW>y$t9SKcITPZ>H$2?xbOh8Cfsja(F|MvE3%@X=HJ z_YT;}&b^bDE^GWBpw<(QU5~=P?iSAsdDubOx(|Yh zJ2r23w)wpxykM)8smrxljx)^kl<#s@+5x3hdaVmb%Lo!1C71Q5G-x8((b@lU8=@2q zR)k-je7I_UG0H>Uz3eXC-2334{pdC#-uCcF+#kR~^FP~K0uPObEeaS?{Mg9Zuw+*- zZPm88P_0*QK1N`-+JT_ga=%FGI6Ue2Wh{-S?o|MHIeFP^j<&{d>%ASj)n?N9q)^i7 zezfp7|3^2)nDigDoW;k$);xQi)=$|EzNUKckd`p>^<}FswuM39g=z=A{@v;GhrwDF zz4~G=%s6|y!G&s}_*dO}xfZW0-zq{AZTfU4fut@SoP3kcTIo2OKpj;+A zKyF7MHNb^E^u+^a$pR^rs((&mgqRnA0tcJ;wJz);%qr}xD))xteBA#25yjQ%F6+yT zY?Xc&oZ-Hk$=YI#$fBqum$|C+K8L00nw#@*vaskR930ow)o^Y;R;CX^x99#+244W# z-`kR>14SDRxQzdB0px`aQFDCG6&IY58t z`W?xOtBa4$$BGIkpWhg05hVS!oZKvpA0G)D?fB*#uN{arWE7d*dMviBrpv<2@c%HSO0r#rg15kp;=|3*o=)4EIKo&wJG~k3(8}XfHyc#YxDFl1$ zD~rGSPl6XGc?FEv*oi|TKl~o7@`BElr*A|hM}I;{cFuslVl{%}IuidEX}{G>p|Y)e zrVIDQ32_qxhIKh%Gt zrp40NaAQBSdS~bNBq!Z2MC>}i+jg)cBU$^E3vL--m=V!RJh*S-MGbq2#AWwatA8ax|F zR=!zd9w|hYvkp623Wywr&is>+)|`q0O~=N_I~%{&esC;mN=6D%mD4BQyf``OH5{Xp zf9b8l7OHPy3(5xsyUqTuLWIEPw8YG8Ms6Yz8X=3<|3XL*OvKJ^nCGy->F9P5?$~=p z-$DG&un?wcN+rRzcEZ-cQz?09eyqe%KbqX`ds1gu`M0gx7UG-D)Brfsg@XNQC%yrl z50eu6r%@Cnf!y5z-syQ1?rtBz&3cWF-wp<1)Zzwj*jQcl(rUG1gARvG(7!(KYeq5r z=CkmpUhgiH|GZD4|9k-w8hirhzyA@qik460bE)dLGa?5mX};Linu24W>g0@}6+GZ_ zQy`YmE$)c`gUA~#)FsyGaM{hlv>TFaYYT#n1WzB7M7(!Z;4;F2NMU+>AIRQ+DPCva z{eRed%c!=xuV1uITMD!V3PmeWinmbQ3KVyDDDF<6comAfLvRg&;!fIP#U+FkhoVU! zXb1#5n@8UNd(Ij6!yWg2y7%nC7_dUNthuKC=3H~@E8i->Qg2MVqz|!0ONeIj3!pkb zOJBa3E4VUT^x2wjI?Q`=Lzz*#?qIw$RL-)HJVE@FmNGr#mQGKirTAsh z#uDeIOF5(Sp><-As%qD#{O!L#wVxl0>_ahR#Z4wPRTi5gCf}#1?%t^!t$DfhHC&e_ zSkQ*<+J3VHec zXRKdm{RcLSrI%BkpX3tO?E58~ui-Q-quUsr7uims6(O6bCre@dOQI2XZ|}M2y&neU zN)Oe@Bkpt=#&+%JE3U!or*JgzfQ+mnoql_*56SR48cSdcFY8M6Z4IPHplpWRPSY!9 z$SGIfebu(9yshy1I7hSk3<4jRVWR$%i5@)J$Wi2r<3}b|WcK|Fv(L)AD>b%T(Yr2u z{=h2>9s~C0>N1C9CL1jJ~vuc6v>AB2(-aJU~gz85`RbGB~gw&_KIh_Au=lu_s zuXJ3`hJ?LCkq$Eq-O3qX4DwUVtDwhY*6U5n`pUHMm~2tjH$Cf6HGVeM#cLde0-qeQ|9SQseVe$?muRxVy)^9eFgNZ_bO>*}T?|4Ml%{6F>*w zbuRnrFr$IiQtgld!eEHrO_G)-MhHVIDTLwLivzcTmQ|We_s)uS$$!ufUq>xw=E77j zjrb?K>Z&npNRRUSx>d0pP|(-sQgEtn1%;byUtgbC4@I!16R0(qN|<}#MXwWA9q;VeTBfBJ*4T#a4r!N8GjQFbuSJH4hI=it5gS6S zmiu#06EsfUyarL7e?*)jxFprKl2Q*sAytZRWE^79`ETblzrpYQx!HJy2d z=YV-Htt$Xa>@*^)X&65;tkJ;8Ug74_R@E=@kU|fxMO~-U6W0<-3@BU@zhzKZP!e zGRjs4#^Zjoe8z-n3~Ef!AS&gIjP00!8?5|Hdl1;8s$$eqT+JK!jh&jWh&(ptVe5&= zolAxF*mD&O_4*m(EXtbcy}j8Hi?O&#!Cm4ebBlpSd8}B&Jw%LhYjpQHNrPAPbXPw6 z!%$WLuOpKXdEXAU*55ts&_8)s`IX1@En=SY_3(Z~mDc5ve-VI7iG@}+ca+nA7O;-l zz}sdhD!#-j!zqfs#=iQbf+_v%L>|H!J;rfQS&~L>;V4XZ?|G+`g3Wu4ZZ)%X>lccW zGCVxsG3`F>gfDR)bQN{$&75xJ`%Me?(A1&xIbt${_)@hdg36sL!e zvCVC9rdyq#-;%)U^mhmDvbaMTzlLe8gxq)#+(Jw1^Y(UE%9+nAlV!&?eMHSEYC|*K z$nd;=UU@*=G$1&D`GNQvGO2T1ZQ=K62-IqQW=nc8q(?8$_Uo=4F!$V7Mj%G4f6(1y zqfw+%3O+f@eJT{p?D$DV>wNqBy#%kPy+ivyD&EeYJ`1Hy=K4{F%*z@R=Qv)Q(CY7o zw_}gzrJDq{XZq;Fqi344knahX696qgsPwJeLAk;#irH~F#60tv@WW5H3;S=W@UwYX>9oFH6!d*QbA&)S_ zxmAqO&RAE!Y8zWo4#@#40uiC|rCK?1S|(`i)rGtHYauc-_S&U8IryEwqNK&Aa&+Mx z;+e4M6L`!bZ$m|7rv|-A=+t`KtyDj$=lp)>E~MhYYe4r68_&H<{1pZtzoc-vX?*xD zNO!#R@Pm^>dE@P15Y}Y<2r5wzm_waC?yjFyo5`wl@09fkE9YLcx^3EYdsBuS?YoNi zoCSH7@7aC~rOG*OfF3Y>vd>Q4#Izrodr4q}vkpcrLqSqAghcyPK0~M9tvAiYm)N{2 zQF0x9Ikg`?q#Tdztw%N5+r#GZ3u%I$t;$d`;^DMU5Jr=Tvk(dIrM=lkREAP4qYx>t z8kl|`*L}3MP)*eJvJxtTN0|M@affHg4tH-X%^7Q5HS#Va^S*3ZL>FcMBiXtU{d0Q6 zayY+Rw!HZ`;B$X_efjC-OWXeba-%g7-xlJcIK5qdwAff2C;)!o zPh##ai_zq(j?M14FUT+qnYx5MzYRA2>qh2TA#$<$Na-84;i@F#0a>Sq*PR0fdPbFh z@MtTb(xI9-k8ZDyCM$D4d901c%J*|YLY%31vQ_?$AwjXEiFv5z2HL4Z^y`3C&@qpU#ib%*wMW2ALdk_bJoVd zwppI{V3DDpJzFKhgjX~EQRn=thun+djL=SNHNwrF54J8HYif;9ujNww@2frL=zYr% zlv3X1W}o-O>*bU0<3?XwUVA$9jLwS!t-rjoxti2S_$=+tcS*VJibQK6du$|*)kM&9 zUZ(Ms`I6mXbu>8203PBSKSo$g_366fWmemn)KFDHtCu~Ml_CJZRGud(R`*p~&`uo3 zKb`e$`&)fEn=3`H&+2s(nSOvfCu;#gfyCLhGlIr6@~VE&CaZpsGek=DdufB|*HTwq z_nN=dtjJYcuqR9MJo;%m?eP4U;oyym$1E=wa~@twK3vi>{sI&I!v^bE7e?FFW{dg$ zv{I%g;qYE_xC&`Mcu9A_cS-Pe3U||WlTV5r!bL%gG+tsy)?U-khmpyP1g(@sf^KM} z1j)Q`FqK-|^zW~Q^TwYG=bd0irv+((=s`iUm;cKBt&$g!s){8O;%s+VYc(}U_^XOd zPVU`|sk)+U^bmDDlgi2WF(mIO@z9Aqcey$IQ?im|hvMiiMTzdJNyuJ_Q3W8vB(+Bz`MCIv9`FL?{=h; z^0x2omlDQkt#ccyuRp4K{_GOD{wO6UQY#Jmm3G)8!ri$%JA$>0hEdPYBAz7v)96f| z+MsxsRXyR!?zfA2c!WA;{WUcIDzIs|1T?~*G?PXD&$1(TqBWZL9Vij_s5KAIq2m1EP4fdV5LIpbWvf9{0%^T!^itpsHxEG%Q z+vYypiA>Vp9aejLgoA1(BkT>l8*^3Nmv;ViPYK-i{(^Zn}y$`YNl_1 zfhH+cR*%_-Ee3aCT~3qFSUKH%TNOs9(w@ld&kDhU*WuCU*KCwI)iMkv-twQF^)8JZ zA71@CEp^)18zXibZc9(EDrU5ggBS1r36o>^K1K=I`PqCX`q2fLL1utpbb1hvYO46d zEZ2LM7ZM3)%1RA7y{&xId1dC^e1|?x8H`We3AIGuDqb8QkNG*LmKD)5P3PKkvPs4v zz12_h7P!t?jZmu3kbUY$>|>RznWG(}?cX9DJR5hHqJLf|4*qDsE&f3+52Jo+lCYgC zA$%JyG5IBp$R`iHVfPIBa8Itrebg-K$L`vMh4XlfR?$G`_(R@N(60>7+ZO-$tCRGJ z6I_wSmq1$i6Y7wM5=oB9zP@P=1<$@Hka!i%?n7iqCEtJt1dLl=lEdr;X6@pcT*qItu>ZYU-uThW}kr z^r$AE5BHy(rgt<@1DdH#zO_RL1G0L^1Ahj#&Uu>uqCp=G3I23FKZYTBx5v8H zI>Flh70vH@=m**S53(IW^C31GLpC)iw0Vq=y^VpOOxf6n*vS6HZ^zAbPdp#9K0VBg z9iLLkpm`=nVg76-%Pu=Uc0Zw|kB@OhyGrC4)871P>W50=yT2xMrN-9o-tK)T>bL9{ zTV`hqG<2h4Hf)_<*Er7DNGU^^00t+v;fZ3Ym=B3UHH7;6ZYb4t3`Rx7`q^LkqQ8m% z>n^L@fIUl&$4k8pqGgzYhCbx6GykZvR;rYu@a1VK`5X6w40KtU>iUooUh(CzaSBXK zbrW14UzBO|H;2S?N#D(}L%yqB3D-=-a8LOO^@dLH@aS*dLr7^RPb=wG%@yj`Xg1|T z#`YfGh$|C+OQ~DEiW{v^1C6e6X;#Pn@ODyveL;F?ZfpQ=0_oe?Pbq)OSi0(WZ2#2S zi&T@c{G-DGFUp8a1XPw7uMmGzBQ>L3>WA-R1IS~0;92i8eTl7&i`S9TB*NTX)xNFp zz0z8LS&JMV_N*>FpflC}-;v_Wi5oE|!NP-c{Jo9Ui*&)_ld4+zmZH z)V193t2yj%_wqtLii9UA>dHSXR8IP!5Ot$4H{#XWZTF& z#GV{4GsQE;8zk2RtNW^0cP}2A_mq|SVwnLxXt+Z@0y^bvT(~=Rk$(C6kz(n8^c9!Y z@lc*5LI)p6@i_Cde=aa1(qN}AurJIuY0*fQRHen_F&W+L-KB|t62tbGHJ@V1PJYLv z&(JI-SF!0gb#k#+5>Vauc!2%Hj> z0TDpQ_5m?Kq^D{}qR%Gw=RYRn!uf9Mgco*CZ}>n#-(qIDx^%Q|LSCr=8!dC|NGIYF zdnWC5?FVNp;nuZ}x?k z2Z-~W@@o}#=e=}6>SkM;>Iw>91U$tK%)sn#gi7tI^jH~h*Q~kyz;fOA4<7})ZxG^i zrrFI5rL7-oCrjEsjC{$7cTUkICQ8|gQIGAC(rPDr03=uWlR(b6CY_cy^sUrqLkJD%#$CUpPYQY$G?)LMYBR$YYBT;?h89vFU-BOw`RA`{ z%l}H({kvTMKW?P@|D@aN?s<*R+Kz?}{=8@YUZUhp9?~MKNo;21f zC|G%Qbtqlo*WF}fO;%`HOQ!!&lP#AI)^?_<~2SPTLZrI5Tlsh<8A+AVIE`2#Bo65ysRj}+tCe-A$SdoAu(q+f|& zJ=Z0A!X9<5tE)@%L(cQ=*q(6ENn>AsKWO9k%ca2cvr{$0BjEe${u&w@cP1~oMgM&~ z^0+B~<=?@juc-+tkUqFVSBUc%NW( zzUW~h;?vMB?p8Z->>cKu7aXIap0O$lmbMa2G${yn5~MyjfXJGZOQ!J0yp6sTJmirw zciODXT`o~VGJjg09j%8x@f_CJI#9v6W$QLKDb;dB<^`IyYDcbmFGUd@Q7- zZCCEp8yQV(A)7!>5t;e$SkE?aE82H*E=ULe?DKCIyymPA#AHc4qeR^6_65aNeKEEm z#3x3OR)9135~VZZyRS_8JCy}Q7h_w_L+mF+@AFt z>OE0FkE2CT%@IMTmcL}sDGT&YPGf?Kz`lYqW|&KHT}$v-iNFD>DPze?DP=w67teb? zsnDuqKhxf`J{^H$=tq*hvr3?O zk}dQqqVj&^g;G?d4a9ZkSvNPB9Qsqh__evO8!wF$id}W5mK?|TE9CgxkM2yClTJ$b zsj04ot?Z6;PZE}vD?uF+YwN3xI2LFx{UVC89s2kiPXvGssN??`ufs{*wiAcwFMfm_%`2>NfuQ>CcKH*p3<2 z`1JD_!+hC?2yYa^yojg-S(xR%+#`Fcqw7z_ z+E{oA^#_JvuQ-_{Ekkz4S;;m*Cex_lQeV~H=qzFTUWk%)ogs#M2~-QL!$Ckxk6i?R zhDyW(PL~Da>s0IM%8%~jKD@VT%v7b!r0w?Z()=xPJ5tOnnZA(V-ca!Q(e%b#If;y1 z+1xv_HN#!pjm_s!@Xb7fR@>i*GIRZW%ViEu9hoI+P;2d6%j=pjk>`6R3!u? z!u^r60ZdKq3SAEp{L@&+wv^2o_DU4hb7M|zkYc_#G(E6QQY5MH}JSdhpN}&y|87 z`4MGd5#V>^R}6ja>>yXczv0cDvgHf4o;^(Fe3v2JMof{&M12cjjLdEeDYgh!C|4x*uKrFEuf6hnbnerZZgE<4H0GBr{c}&wY1F!MurkEt< z9ok?Q47bGFKn6YfG6Ld%NOyHvSy{DYYWO9umYd?Vksg2Zv^5_ZuW1m2g%?$lr4m2s z`A}vFijGrkaP06?YcpeWTzX1qADRvwYG}zh-nS%HGjb@pZP_M5ZSWwlRHK48CaI4? zJkeXEb<9QAv@CBn-lC;cFT38Ms2f{Nbem$L-leQhSG#fgw}e}UbSKjcL{D$N+{d+1 zO-bU(-&{3Uj-Ig1xnZh@Q><3l^w)*KDvF(|OV>b%>HSTb5`i$2gJ1h@rq;jHp##jLh4kc$1 zub8QGOq$_U=oL$N<^E^MBfWbZBuGc|GN7?4s4Lt_0sDQeGb{$vfq+Ee8fF3#HVzil zIskidT{L>@rR*I>uFwwi4PH)Ot;*Kw*T6;gheWp4&yKM=*r~c^PrLMIssY9rWF=m4 z*rmboaNAtgl#Vo%hiA;XVfr-Mdd?NNhuG=9R=VJhdu4UGejNP^*Y=;KYMzF`wGvZO zsJ>OWHXS_+Z1k%GPKsLcMbFe!+RAql4%EHl=H`R+$*ieZ(Q0OdHeew5q=!Uz80;4a z6v(zt8JL=yjx^t#aA7|8Gj4ZEGZP;`T^F_mzcTf;{!nCX)w8-fGH_sX#JI8@gz@JJK!%p#oBP(M4J(RU zXe-@5#>IR6IEq5lcQs9&b&RG9kp9$SP&<8x?l-pC0}VFJ-VojbV>E!L`M!tsAMEe% z-)j!>J*-#qH1VJMCghqsBvaz;pgJ6&tVaKP(;Mbk4M*)C(|v(^O9wvqczUdn9dxoI z2kkvlmpD7jNA8A)-wq_8{5GfR;I07d;Ejf>Aptl2rz^cG-Q`|4gJX2j=al`iske-G ziYJBxO?P}qw4p`9UpI?PFT~T7%`h860)7-(ASS_}k)K+R5L>uE)mO%I>h?O`0%TwT z+AaoR?D*IuRw>^&JTPhtQqw4Vf$rLrgq?^*k&wJgLY(2EvgU|7v z=w(kaL>(R0)4IaUN1UyXH1$eLl(kBUu&z^i9&Nu@kR?dc%TkAq7wN}YPnP7GpW_U< z+I-8|+S#~bNsftLFsFLgrg>zXL71sthu4#tdH==rPvqlyY0F;eSHpiGnqA5!Fzadv z%+)%fH@ZLD{6OvkgVci3vk%Dsa;MZ`9La*XL!8s8tE{Orqx6uj97Yu}XQy$bLZlCmRkOuafR0La zySv1REiP^0cq;$v@#y{t=|546hJzm-4Lgn$4yqke1J2}Bt$o5h!OBvw9@MzBXiY%J zH0VQjBs~O>J$nkrZ@P1Si8YZ95RQGTy6gr=vbm3|>Mi|bf?Q9)_h9i5~t zrk1xB5D7H|13IOAvL>l!_32V;#xUk_&tvOBuydx5XUlfm>UFeaE8w#wa~ru7WCLH} zG^?M%_-*&G6ORip%lIB$PZx1*2Uv#o#cz5Sk-(Lt>#_!en?G%8j!Y5)&rfePY~DEL zxOR-sZ*Myunl@~;%jI`E9Cthl#&5zQN)H@m4l;!OYK6ZC?yqY=e+6mnt(|F2H@HT~ zgNMAYF?HA=RA5bNj#!$qHU6VBhrZm82GY3COSi<_9qD@tRM!{bo*VCj#MyKbU63IF zidVVmk*Ie)j>%`3cUTy%UVb)XZ@__jA!IETgI+)pNMy-c@2_c;wrYz+wyrwJ**A&2 z^_X-9d|MccY1a{P;!}!$fFyD@Ay?mr?ZvtN1YpeayH^?`* zm)s662?*EtY{9PCN4=&6-vfJpjw}fnwl3cjI-gLg8ckV0kg#_2@m)}XoqK1rBXyc< zEy>|y`dy|RD40ZvUwzB>y~QkLdZR4JpRkmp>%QSErbQWCjtp*D7!;O(jvI1-x1QN* zHM?)WU0Q5rn)Sdy2{t_f9)fgJO`gS5b*{zO*%qbva$Sg~mR8j3Y$oeSM%RHR?|x`Q zS$R2!-Ea~hYkU(x(XI**DhPH1f=)9{LhT0CdtdcT7owBm)&2(1Ac;&#C+c}U499H; z0T>3e@^9OoOYeGnd%Ld&K@er8ZGQG!b6b(MH%OXCZ*mA_sXEUzYS`OLM-goRh8_aM zB9i_JA!TY2U3o2AO+E7LFLxC4+XFCDfUCH_{?ftTnY9d^AYfNI(cgAY!@~5+j#pAJ$wsb8OkF)akig@E?jtgU%T?SX z2L6CXVQ)0Wi{acM0~OI88em*i?vKYhAltLN)34+#28H}QEw@t5aH%y1Vnv9b$qFuw z#2S!rK-e8Ow(Mh>b%jMXHhxgNGu4lG;@qp=mUV_nx|9WYY9WtAcPM7At)*gPwBs-`^~#Hgq40PjF zox*4IP42cSMO(@-F_+kr!;Qm(j@*Z#znj#^@UEB1oDfCyKZ5A*LyA=DAp^dzHN~zo zlZ*DuD88JgF}1V$Pd}eiOXRAIzQ9lIi23W010zuQ#BBI$sj^nOZKj~r|cX?r1%1l zd(YcHS4eZ}1F<>js|cl<+(!?<(B`lxCz^M|Dq~l9_mSpT`Iee5slBE#vWn9VIJC7K z9X7oz7tuU-8adbQpB}C&UfSYvn$&Gpui{F&$0&{Z8Nm(zl3uyl60KMjRhG;!^1-!` zSaZ6puHckKa}_QR(S=5aHhy6EJ@JasQdv0?crRC!^M#$zVb}9>=Ji-EF%`A4%hB%cG;Ggw%J9^P~Bb7*l7xY}%98gme8t6`TVL&om+6_Ectx6jk z^^F=_5VJn>PfMExVw;o`ij{Ar7Qs>Db6W=v8>yqF{Yy(rI);W0qJm^y#@X>LYl%W_ z{oF7q&B3*mg&&`~)iZ1aNEzt%jgbiHNg0|kPQyu~{{0w|v&)eec!^ds@Za(aCyK(2-bM7 z6fKsaYVI>K9uiT}bCJ5v2o=Li0ntWh#Q&+A2~a6j0L=f(+M=}pq}+75mx6`|-fust zuHwzoJQr!RYon)X2#?dDTYhNvS~^9!KyxvJSjSQN>2AuWEA>WdEjL2}2g1N0&9Kg4 zrLNVa<-nZi=AeT^@sHJa&WN(4bOEx;1}~H83b}8=5@;g;MtJoC=LcJfqTw6kL+;=D z7CK&K$pYG-J|rR$bO)@+;+~tSQUiLigOqZs4l+*2VF>DDQ!;Vb{jTfG8irWuR!_q& z%FxQRbiATBd<7558=OiQ>2Q4qzpxcyh?|d+5)(_MR49}~9}H@1*D6hucIsaD@OGR= z4tg1+Oj$QAV+IMiATl4Cs7 zRCuf~Ls&oEPOenip9vJJy^G@#>I40hY$e@!NeIGoP4;K3{}iwLY797`K{)@{)7~kH zqbcCbM@}UHNT!1T1MfuiaV1%aw2sk?mUh|grCql-J^i#8JQeRJULZ?DZ=%&w98Ka(4%9aN+FP~FHrFA1?3PxvGjb+@^>wqn(!(&{ zgl>|JGMr^lG0~R1W@gvp<34MT6SR)lRDV$c!i50~Rqzs~VcP6LGbl7KoktXRc7URC|-{J9h|0*K5@UWgQb^{6up0fay_RFBw zmsZv)IJy!&z2~`8&{-Ee@$Z!6P|p=Z>^zZYC$nqe9X!tL~&>!wtg zBqk)}U%pzA1QsqXpeTst3(a_o;go<7E6#{^?KaWNeV-Z7be^>i zC4FT`TWr%kBOm*G8@Ypr{hK}MB^o7`%=_wFhtE7VwhQXidN40OJ32DNy`5gwyupTdtL=8nv(}O9`OFaR>fQM~-^BUK9b$6B(8JU+zgHw{4{0HG zNszoWzLO?4kj2V&g;}=eL-*WW`tEiBiLr2qkf?t#{1^p}scv>6&Hh?te`;%_vM1%I zo2@^4&DFES=SPK)rjGiqO`HGKj)sf0jqQEMk2)Arj&PtaE1_Le`0Ffd} zwOE{|YD-O5Sx?+>4wh%tsj1ZYKIX-$S+)37}5gaQY_Ead1@ZB|nc!D${JaJg$;&m9>$kY^kfz00`XV7qPD03ITnl%p~KR`m@ zBESH;{1K6OF#?Yu;tF$a#b?6Z{00HJH3`HaOi?0qq(G>$iEQDcTdarU=gn65)Ep-^ zCQUmyLOt@3M{m!A76#U<#(HBq|lmuFWCUq`9;Rl;@J5KS} zXZT$wKD?&Y`Hl37U_Hg}%$ zE(KD5fy)Jp>~hMzKS)$R6@Mpkr+N+_$cgE8JdQoin-fH0dW{?#=Y0JX=LiK(*(%!E zzs}y1Uql6M-~IympA3KXH~@`dpNQc%gh6df8aT0&q;N>_?S#E=(uEQfrQ@t!*PGW| z>54y~h8^D$_AbZRpmx3`Q;3%{cgGXy9K|ksG%?NQH#PYWg+NPrMSx?02msKON#a;@OECAan{VB%2a1}?5M2OE1AX_! zwjRlDB?AxvO?I659anw0dJI_T@)lkCYMpa~%WNxyTZ02a(YwXushrqCL-sO*UyaGJ z_v5|5<4x(>wP`U$l#!UR*|#|#a4QjH7|?5o!^k_#c;$Ge3!U3d7Y9JaY49T2V?bA8 z8emyD4Rb+C@gg^Oep|xuWh`o9H)u6?wAUWq@aziTFhqJ@sNX@GJxABzqki6tFz7P; zHfV?mFY1F@Vwh-c^5k1PqG~;;)8|NkWnW#SmTj{Ue6*rx=dGK3?@^_5lT@ItD9XhB zi1Gp|3=a>F^zgqT2tK;2MPynGU>d%IK5R`_yMQP157fPCB55Q z9KZ?ef!qsV2Tq2zqCOF^H|cRRv#_uO@q(To*psm{E=(5xB z(Tid;q@$$D=J?Y>Gl{`$iDBy7zPpL6rh7XC(}cmF&MiMa6Yy7U>z^xd;Z+{Dz7eGk zlV>~f`{bP{1KHD=RUKE=qPX_J=lNz0|` z_D-sk(?hI`zWrva3|?71r@7qQr?>=5T77SY=qHbSMZ^?CFJjZWH4h7>_b`+=VB|tx z1%Uj1pL(5))u;|rDpv5~bBrUnp~fT-xz;N#0U)H;GkJMZ0iSdtN2w!2nl#RqA^yA@3;|X~~m+n3Gv5T8D zj7->;X=KC&dmoxw6t$m0DWmvRNH3V~E~FrW!(mLYEVt&yBdMG6HxdivVDIX3c|SDY z6q;fCi^SXHDMf26P3I?=f{?*JRFTSF_eJ1Nl0}mFk&aYOUwY$;ZB08>cI7YwwuDb4 z#;z}P9#g??xL&-JgyXSdf3HO*UH^AkLXK&s^Tpp+EbUa@T-ikLQ&LhEdeR7AXqSJE zA>;qGN=2bRh1+$VwqDz;)m%B^bE@->0k32T<=w%l6T3460y?#m65!h)v zz7!)dH!}I}1v7zZDbnycB+5q7ApY|);8_a(w2)YX*#4#qQNg@j15u3svq_WSPz8UHm}sI9ZbSA+~* zP{rZ(zZE;hP|{oUw8F%|hb5Q)CE3L_zfxa`zxe(4@g(H^MHKn>@xMOB|2&ERbK3v5 zuK(X635|f)#jD|g<2^hH2)4DnSHU!-H7py#OSp-+}dcjK9iiiD*|5jN} z&g-RM5y`;}fl4jm4Dsm_fqCN!chtl17zy7aASZ0g^)H3K-$IW!)dZbl{JrLU*X($qw+~~;2>W!YSoBI zp{uKla4_u(8uxt_KMBZ`?Y;lpzyS!1E1C%o1{@D??W;5-%{#IxX`%|idj>U9`kPB+ z`jhVsOXtf*y|URjA9u*EuI34B+jPV!tMVrUNTGA{%EUBU#Q)Nz1rFJNg{Z`q%J?os z1S=1pH+v^3BO~K5T3rYv$sV-6GGh!raa9=mK91q@8_>@RK0A_C>pD3RRTv|I(G`RS z?R}#Wa4CnH1(o`Go|n3|PgZyii|LUw_-cpg9gHwC_-peU$r+^cBLE89b!!Dr_;0mB z0sJ4AVw;`7bh=n2hdAA3A1_p*YC9PVpcnJgmIfX}3_n-QX%>*n^6X3@em{olyrNLa z3;_=gk~O0Uaygl;vXm2|BW*jI(hO`QT%{NCctd646(<{W%4p)L!U#;j9)Oz-oA-6Z zPPPR(&Dxdco#rdRVhMbUqw}RY5M2_@bASNj9;(u|e{;emLGrH7+Oc7Y^Ma00GE8xH z(Ad0 zUBI;h$d9e8IFEJqoR<(!8nH@`9)TX@^_do{a zF$Nt<1_!Mg%*OF+pA&-5i*?xNwf-dOp@)Y>ArCkW?K*!Ez4Dn;LXYHrLbihg)|{sb zn!JRyATJOFc1|Pk6o3J?50> zVoMF-(b4?%?3|oQOeV7}4Su+0MZo?_#$*982^M$_AqZf2)KB8+^?pvXlAK3o0;KH< zqobTas)EniL8JdtN1qFDPu~oFlv<2LZaXV$d_icBH9)!GF_;8FUO_>OSs{v6U?Q+1 z1md}-G+ys461dwNT%%jbeqEez|%sJ>)l)<^RR zOIwV4Q$>JuIgFRY$%<{~RNI`Zpq7I2iMhTa4(C|f>kowS zGoI3`9S(Kq*1e&GWw7noSZyhguv+nGa^UD_5A+8G)!2kb#0Vtw0RZbusKx$LOsLn% zp}RtSp}m%mo0g`wb|PRbwJoOrrrMDFk5mC-Y*@D|hQrPp(F=Qx#DtQT+Qav7hn-<) zZG^O@2mWiM%czuw#!ElK@bLQa77Up=84RC4KWi=?1F!shqa4w$+_m7=?T#WQBtTjraqAL#bE) zt!7mn`SFPeH`yIEwT&wFJ1RV)!DpQ7Bs_aS!uV1XAiQp91h+2G`WiRos8k1Q)aOc3 z`jYLcD=FC?%^+5WG&3r5h0Q`ehr)nZfLdY9cP*=ei^Z2qpw z7Y3oruXDo+0H74meY5ET_-q2UMU2qJed9A78!(sepZ;av@3*F!EJMM59?e5SYjkyv zNYnhDlb9PtMKscd^+5CyBeC=O?CfOEZ^I|1q`F$OKAIjkB25O-$d?7y6@Iwyeo-9C z)wHZBw!6ONwfKb!O`vrd5sDfb9b=B*6A#QZY;b{w!g(E%8UU3I&C5GS2lqrz9Ia(n z0%{)(Z>VJQA^Vl#3gn?+_1Z@5zw;idiLcbTMkI6c+4pI4`dNPfAN9j!&%gobVe~|s z|EV^^rAvZKG727FcuhqezWEl#GwK`TY*HUAOXPLlWUO}cj$fS?*Pd{OJ`E_~mC3ci zov4@A2@8BlM|gsr*w^gjGj7^k)V`7wyqQEH9sOKz@yBLdBcB;^0f;HkniHtlSdOXG zn>&;b&cAdw^&IpAn*9u#nIB!r!fN|k1sPVO_m4a8XPT5Gu@1fU3AgXpyJA`@QX@Y0 zyMhu3BGr9;n|A)Ux>-$>ssw=25jrem*nk{PR6q6n$Rtq0Yg<}U@;t-|N_AY5wDZ39 z5$rXPCG0br)M(+CJNp*4L>&3nYH@>UQ217lDD69>b>6e(ztY}_ldTrT#4K!$Q*b?x z-;lO>TS3e(OtAvH7=BmFDmcewZD@EkO%ZIu&6*{4V9Wkg%!rvJi!5`+(D7Ghnd8s? zj)Hr{v%%SsTOqbM+nma??NwnwQy88eFP*RF_R|VW0AwmryT*i(9_3nzZfqwYN1a3L zZo)3GQNgFoq|`;sj2R!5k0nOajeFaB_78vK&+Zn-@SpO%=&CR|cATU5%P4#feQy=G z?%swq6O?-Bdi{*V5||A$-V4@RKPd{=2WNtz_miHBh?z`wcaZHJOAVrhv?g5(*_(>} z)7FrCUuqIwIpo$ZU-l6enN!4{F?+|Fty2xDj+Hl5Cz&tzpJIa4zyq)WGX0QKY~X2w z&syEc^Lb^;bU6R%RLwHf%eqy^uDt&pq!VJ=>PK{l(95y(-O}3CZDyTsQ4aG>L1>w^ zgAD#C%tN?3Sb4>0fyr5R`Dph=n;`JKv>pZbItmck)cv<5Ov{gn?naApZl1q!Oe{MC zo2p;lk{rA;uScUL%t2>91M{C(O5YkDv@c-ySNnQ$eLyW%^w(Ziu6m6!z662)RkX#R z(^h?31wSmg)g_I!JrgJYaw;~TuUYruP*u4*OW~>vudID=8I-bdZL1_A~ z2HtRJy^%GkI3H~MX*E~}hjrwn=1~!1j$fJ&o-jM#i#pqzaf=Gt{&8b)sgGg;3y z*nk@p(4vV8Qh|p*aI1|B6<`H1V_xF2l%O+#y< z2Xi_Xj7?7)??`I@6Z+oXpK;9-sjM|6QBJ*9m+gBFUYhedy}SJzVSnOy6z}><=V!pfRwjqBBy&s;4BldSg>|_Y*GIK_t#TiO(?aZ3YFs1H! zjh;B5haPt0=gc!PgBE){*~evn1WZs0*yA_n{^aK??f7?K5OzfePq%s;?G|I+uC~L$ zJ6qWpvl65;FOnX;24eJjR@xqehbD~RbNJ@<{5H)_irB^Er?Srn1H>V_OaAAZ3Qre& zZk})50^?Wtm+e`=AXEI2IHomv#nTLU1;U&3Tp00}Uqtv(!K6cDB4e)XVV(C|Ure*} z?;?B*e6Jb#DadXlpkDCc}7TWu;vde53GT6so6)_iEnH+ zK43?h&6#WwhJ(-GBQk(H{hEZS32>}m?GG%1EiL2`l}xs6#yPjd6l)zrYpu-VlT+(k zVe)K~2~SnB4ExPnL+rf}nQ^(yY@p7YD^5Xg!o(E!dmZc-$Uop)&VM}isGMZ+#~N}z z%q&24PX$$Pa*tLZ#tK*hJPd1<(uEPPf@SkU)RK4v677CDV_UhXx8{mLL>aIC5Xzj5 zAeOehE{bej^2Jam*3(xgY}tieC?fco{Wq{?Dcr9%1ue2QxWSgCJ-B8Gy!2*5ftdH~ z`7T|4w9!1jEMD#On_uv7<%AeWgNb!K;1RIyLX3-VS8wF7SiD?tdOY=?^?ZIge?Ky1-6RpZvJvQ>%!+U$~vhCz)vXDo%%oTA>U5p(y+ z0@ymgR^9gqdmJI9pu}*fPP|L}O7bs7U%ds+e|+2fj{T^1#)IYIm$RP9&ySf~oC5?{B}qTr3-)OeB)?a~_wCR(q$yrS=K zfu9T>zF}@4abH_ok()WLMLo|5VXbqRo}hOU7g#Ownz}Q(eovuq^5p9jVMZ?l$=vO~ zg>3dI)70H6W7AvMlDgfj_5?p9=uDl>4lM8+1P&IpjB68HUlZ4W>XaCW$!Q0R%U&ZK zte@d+#uw7ispr28Ufg+ScDgtSL$4CE=>U!;E_^f!wpkg5C!Mgh4@T@(jO{F8p_OzZ zx-dJPQ^1;DD(1fukK@uHH)SYVjv?mDl{3VwOnTyqHJe(Ct9M69#rV(0^eWE*B*q-Bp(-tfI0Hx5|RM|k|l3Q23SsV6n*q%O60JU>4s|jpF zRMvN?ZEN6)_$9q>misB3)>X2FKI255q7qWX`)(qKG3y~--&pYwwIb#O$20>~b9YBE_1y8%>%$FFYEC878;x;<&ec9>0`e8G0ruj<4|> zN^rLRusiiDkp9;8(`yQfbY?lNJ6J~X7{xS;W^lHQ1-GuhLN=e5_|OXgF6y4gsuG_C z6B#}L2HUPRZ~Hq`@NdTMfFfV_Ux5lRZoTQ(H_F|m{U3zAbySpX*FHQ-Djk(B1hvx$pOR-{+5St&gQHxn>xy>x{jRz4vkK zlW~C~KAWlg7*Kg7HOwK9r%%?R%CJ*S-G;Opx{uh5&X6)UDz4B5z+jBVpm`u19jx0w zeKq|YFJDVjAK_{-s)yw4QM8T4Q|-^;t*AAn^un@jfj=o&invN6_tRAzd0Q^KV~M#} zlE|Bs*I3)c$rWPde3Nl}js`*dx$VCmbkwd;A9=(dg#}uHt*V5GP}N&`9ACqtk2^1C zmkc5p`ZBO%y|b@$rR(Z;O;qirKV1!y@)%|VrdNrceSiuIWhsdm;w9bQs=;kH%YgF7 zT%T^6$i?V0zc}-hWky?%FNcQ}>Je}c;~RE!lP~H7&)g(74}$KAVwY8Svp%L}B$Vvt z-RJ|;MDqe>lV|Y<#PQWOx<0%P3)bojfr)fi`JHWqjrEx4#5v_weJTYTf^GXJG8+N6 z->@}T*4Cem&PE-*e4=cD?JVFz46kKsSX}V;sS&Fjy1CVC;al75z?51ezdPd-0g_=fwB(;`Q5t6#SP#TMnibeS? z*CdChV@W{ZiRI}8!CTX8s|=&mqZQ?VuzIOH&i8RA)v}{#?tL60Zam*BGPgplJx^o~ zA3sE!F%?G0+*Dg!$>eW($(vgf=3c#Y>pRY7&vE0rYbvv=?#Bcw5(B7-bd}|R#b{*g z^fCP1s@Xt4A3m)lae!(>+SBgUOYroB6MQpiaQRsrl%i9_wRu7>6%(r0l9nt5d`LmT#E!vz zm0#qwE5qE)d-l&7lAtBkZm>tPoy!4Z$#x}sxP z@kn00{n)|D=4yt~t34zVqfB^I<(c|`ZAQ9RYXQOy(J5eUd}24Ga0^|Kf-@Jw%BRm6 ziC^zq{Y~DBv&URSMse?YURIdML$~zER|S-6?-hE475ABfKy1_Xy;bbZde77iP<+~4 zXup$WSV&%KFh3m77ufZHyCW0SainEyd-_Y&*O`xtWmWqtcS)?$#=S#yIXCWAPp`3R z5KAZ>tqoWv8bBbvK_MX&WUgz6m`GyS0Cqtj9AspVvNE1V@e2^~IWeyA9O!&rBlN@M za#2r3MCxudy!30emIXpyJ9>>lIjTiXJ>QcQ_KLG>IG_z!=eE?H-Of;-Wiq+G?x60q z_%@*@3}TpXAco=iye^Y<8?SN`b90-B@js;l$oEiF?!lA*R1WK997eKNa(|f8vhu)z z_Pzw8She0oMpyAeN6uLuey?me+RxsYX4wT!FSN)P*)KPzJKwe_VW&8qc;9>l370Y2 z|0J|QDnE=Q24FE>r|qPJ43d~{XGcRq?&+Z^Yj4?)jy2eCwNBnn1fmlJ;6)uv3Z*$% zYLWtrU5iB^KqV{Oo8lYgNN){wOF```+(S_RadLblafwPfXFazy^Q#l(4Tu1~3I9iL zxX5Uc>|NfyPDp#_MG1w2P}(_3d=_m#TMI8L+#y?0K|Q=1~TgSH^eK zr|4LCVGetgl8Oa)ZfBT|$)}Eu{D{I!kBbCan~VW^H$*w_(+xpV-7k{76%Yu;Vp_o9 z{k(uLn0-pjy3^RtK1_Vq#51Pr8GRha(%sEfzD1S4)cM&NkCE zaTeRV7E}d34zy~vjvn03q`}~<`~rpo8_2R;`=tdZ8Fr|z?OmgeAI3AgxLWGIsroUhtd3`k73qarS-c0L||d}CQ`kXU^)bEDkU}^lq-UgfEdhF<-+3i(ET-V zS3K#1u}P)hK}r+o1z;-~l2W_LE6z8%RTMKCh*Z-dj)fY*F%Cgy=Dj$2`#k^4dX|y@ z)d+lrkpd|~G}qC$&VTg-!e`~?0v7+9OZ#p<2(C|*C8uygo66KId!U|y5UgXnv%aG} za`Rnsd^|jpvo?KJRE0tuqe#^BT(BQ* zRxfIF&f{yfzjg~qIZ_hHgCVYwUs;TEWzM6O4aW9UC$sT20-6fW zlvSP240{}S>`fb6v^k*W3K*1{1ocIV1gH0D3=40gq)OI^LQXiJ-jl%hpadKT zSS&HIvEfbk8D&rz2AqP4u5iM5K$&KI5qkd}sGf!&4y5v_+d`M(67}@+#$h_{pil{y zo>I62+42`mn$K<02R@DFd0NlG`WNr`F@987 z$&=q78W$SiXqW^|{CDbEkQAPs5>bmZz2Vwo`1}vwz_mGn2lZL@pHT6e#?umZjBm<89j*u`6(ME2?Dm?&FZ9%YE@tAzFu{OWjNE!%?sCc)aF z-E&}10HMM1_hi*{gKh4}NI;)ql|&3GW`kNRt$Ykvp@0q7HgynABjfUGk_*&e0d*5M z3i;>vC=iL>f4%c_4cGgvW|wt1gUvsy7y1zSMQ zk?c@SYhj^IWtMS6$5%BKm7<&xwiQz!$JNymx(b3P-)8x>OI=&f{#1Mk_`-pmzR9;@ zc4AZc;|QnhrP<qZ$rlD|J8=?lQaRGWy zJv=* z7euK-&0hp_f50Am0u-oY3+0Ss5iD9urjE2SM%n(~V+<9HEP|z9`tUcWmEfE%b-;`K zJFjWTfSIG><<)kN{}T1G8aQoJxSU~Bdj`ly|4IkiCJ+7pkra3z4RG~+JcO@!1t>e1Tkrn^sA*2ka}~}xt`e&D*uce0Et~;j)B|5L zawJQTXe(3kcm0@k@$BpGi}hspDqcEugU1uef$8NWYh&%=S<+0(w>rXy#BvI3E{m0y ztyim=35~lRTkPi-`+GYZd{m%~MY&reRiZ77dT&0JY4q+o5c+M(O7n12>Hc2sbpx^T zf+m=zjUH2WxjJh=-O-=;2Ael>b`a1KrdI&HbQ91>%MNOkRaEk}V6B7aR<)K3a`&|! zP*xJSSWzYbl;nF^hx5GWkoDvM;Ns=t{neca^%UJsdW^K5TS6*t|zCD5!gc7*bxV-4II#?AIN2!65_( z*mSm@5`-xQrkS2y=rQ+9B=Ngj383ouJoaM=(xET`Z;Z)P*Zr6U>IOiYqEMmR8ppfO zD|y(AnvB9n`=xKo9OHj9Ac~?e=QfZ`UK!s_lPd%Ykxwf(_kuHUjBJ?O-C;j7;F|Vj zIX;I0Yx#O!ugrTe-4c_n*>WEhST|+E&3Cf0UaGq7h71S zbPlCenW@0FqHrKF5nYuYHF3#*0L{F`C>_HXq-2iGwdy@IKC@& ziyKln!gPD+v3sX>2}L~FRc%7@WID2`6#UUdfaH;lgz`unhl9RGvPO?yOZxX6<7;G0xz5ImRa(B3mH zO9lEE`dC`}M$?#GqLcy#ruLs2-hi9*98M!g?|DTBuHRFk=D1yK%KOa{Zq`!o7YX1{ z6GD~j?ot1z91m#zS9XY!4g zkNF=tKy){dW|X=ft?BN}UB4>dAov4@03^$nIgZ)^V4{HyqaIn}zhD6HOO?>@K+uOUpkFUCAPE^#@ z9nXFb&M%(b{E?A&K2ereJ#&Kdx0hJ_Z||X}B5pxdM%}N@RMpgS%E~a`@n-S6jhU%e zYUWo};c$6ugvxza%ivTnS!io@ISi)dr*wxkZCb$j9-ENk!l3htcAO*DmNM4$`X4#1 zv^<)QhDf%&Ugon=$h#gGXg(Wgk!Ga~`j~(+^YHDRYad-Z;oF-h;{7*FV*MgixWcbj zVXSUd3kwJNr@ell+THX6FTkZ!oS;?v3$S{Y{XgRp}gb~wUym#1}gbi&uxKHXENA*fvRhsR3VlOB zK#*1}V#1WhGs-=OSn8Cn^tgD-sMYjbUB~g8sVGg>-Bn`YW31&G(u*{P_>z*>Eqi%q zC^a~#wI3~s=DviJ@o2#aT0~N#^8Ji`WK-Fy)m8Oenpg(V<&VS9lupE$_pMK zpYF^B;xVWPz?xYQmfMrI8h|t}lPQSg?zH!VI#D;I>(1;KsHq)XcZGA?PlG&TaT4rC z1UIt#U}DCaXY{hqW83H@e#Kek8HDWSjLmIq{U>)C`TD%wd(T$3&I5loQ#WKY5#j$F zO#yltMYZ4v4}pqmQ-Sld2kJs8sj0)$(~sXVW3qE_@F?SRa&j*1Ht+pJ!WQ%cg>PDk z&xYW(#13-v^QkErn@~8(*Ykz^dl1yAy6B$s4iSEI#ad!Fzw2s3vY{PyWxo&1A7CYL z|2ZT{m|~Pc|H6_g=20)uo!awZeUzx2agE?OKS zobrhXk!q*Lvugc<$1ixRB!i-l5X|49^>a@k8P0vl4W_G7V__A-9Sijk2@Ht>oS0#= z=X-n`p67!j`I_X^zn@0{>wzy|!G145#C0wyDXH9#k+xY5*L(DaJ&0b$x_QS5ksh|W zkS~c(#A%fz9@iJBJ)~+)CboWZe8Yt9I+pt6q%}H=W^3s`TmZ1dnA+>1Ga&}=17B_J z|4e2(_;ThA3EkYPGF0@Cs0VOdn>!}ou(sXBgRaI4kEoo-+1xwVtuO}uZCUW}r zh{5#9RW`i2U%}6+T#r8OT>T}Q>Z8^VMv0j$`mEk5Ve0`g_#hcQmdreHGx$DT3zo$*Bn&_f{|;r#T)hcY5l3ANM6XKcHX>IkOsKnW&bp7_?SHwi~f zZJV1Gwcoz+crOV5GGx8pRByLygNIcN7d+eJh}(hb-BC?XPkV@?22jK8$46z7?W8K^ z_I&@$m7?TC{Cb}L?c28`hifWC`j;vVOiNN-LXAN1nfOO9e|P8nzGC`{Zr=tfBP<)| zk{V#!r5*mjeh45i2!J5xk#txh&O1mOTk7bDcbDnGUI=PB>_!hSzecp$Uz+=qxskjJ zH-naK=W|+12i#sK{d&AJH=o40Q~sjg_Y(h4Z?Gm|9UbBXCanm6j5WR)htY4KWh+gF zn?)ENaPI#j|;(>%bxyw-N8ISUFHFfpne!VsvZ<5_e)zVmd=D z%Q>dcG2xe@CKDR>mij?E#t1eGMQi!=hZF8DPTqCepx#SJzVQtS5*_6KTjpC^(AnV| zZI*?`w$2j@cA6Dm?{$e#Bd8jI8HiNDzA{?*=K?LF=@31QS8{QbFqHuAECZxJqonTk%}Qmg_^#S=VlC zi18lAYq0q=s_gRnVIJ7Msv0}Hjjxe6d7_KU%R5I*`gIVsg}ct15}c0H`X{<`fBr0{ z#3+~NT2?ea0o2C#bLNE>XQ@x&E3Sx)ud1bRKPl|<%nG(b+54qMJX~2_jf;j|w{({# z)Totv=l~at@)FuCkWEcHI{ZpH`-S*!I$E8?(a|xfUB9i=qo6&K<;>?W#4e18XM~6O z{-M*%?d&hEk_A0cUyQ?ZcWafaz;;X|!}xwSZwJt?X>*!TZ%p!Os}HvK|IN6aieU(A zFD3j};n8lJO5cS{zLEq@EQ~r@f?HZ${UvTNGB~$BeGh2V|GWMN>^>F5Hv|rRuqmOEP zVNq6YXX*1j0sq(h@0h$1BgV#$u%0YgTX>f2CB+H-UCAdTe-xg+ z?J60mjkjSeJgVg-;)Y~uF@|zPFNSM}+(EB(->3P1W{4+*j)7sz@+CUCI4iITz$hQ| zF);JZBmj)fCQDDg(vzoNV72;RdpL?Rvkjk|$MUq>z5M>LM09d0XU2Y!yoz+P|NYee z`Fx^Ag{c3WNcq1j;u!xq)qmZj~M;`f8>VnJz{Yz zOb>BagCRrMIXMka%R*V)Cq9^2Sutt|ZcPaIYJI+Vv2@__!|K%Z{>|Xh$Qwd&t#ll4 zpPrprZB9P_86n{8DdPhIP+Lw;wID()a3Z^_J`Gqf>eLZ|{W4eWIn)8uir7r zbE-(Ym|o+>n5Y+Xw<@n!n=ou)-m{kkC4C(`=_BM^!ss_*K?&dtV%NCdJ+0}R9!c? zX;iLr`{T>M^72CAmzRXv<`C{%4t92zy5Q;(!9Ei(Eyt5Oz~j({@1Ll*U+33dAF}?u zeN*p&0S%lEJE4*fEKQwOwTj)6nWx?Ear{(WLDE65f4_>D)2idmSWyZ))%vUX%~zoY zR(QS{mE|?`*8Tb0{-^oPj%k*>973Z9{(@(lwoYzFx^;&Gd@@r|=Z8a_I;}mY_T>nV z{TjTrrV~EFu*}Bm@ReoD?7atGa83D}bVARKY|Ht&9bIOOf7huvFQ3!)cW!P{93Tk0tcQKA@`J-k?Aap^XRu;99oP@r}hQS7V>!~M}==InMI>(BY@8Rtrd(G9^o;ZL~K-KXD%=T=P zF{{_vzNUKeM7cZFu|v_Dsux7uHV`cDg`Bx|0GlR3w+FTp===9bu;x<&#>Nvh$o`lz z_;#Y~V|Zt1;v(qVQ0cVO(Xi-?0ha#ot)jHJ{hp$h-7X2Rutv>>T0C9#9lu@k1yc!>*ZRA7VE+>NY3vTGr3s7seAG> zM8sf7Sz%h_(xiIzK#PZT^F(t!+N|lVd4IB$Ng@%9VU*{QI|)XWUzK{1hyAx`>8ba6 z>W8>1?)c58`e@R!BY}91Gok312=fY;Hu@WCD5|N z>97^NsHm$5`*t7eY@frQn5rz+LA6)`Tq-Im`hG;nwKTm2dk=+{mtumm?H&s#Rkq|1 z)gXQk?}m0SgMogwHl(*Gt9#{%%nwC5QGj{K7mE~zOJ>CXj5e9&|nbFd(U^6JR z69g;*ZT&qW`TElzO?gb%r_g*n-OqST()nGhm;dP*JaRw05e#(c(l!f&P`_|~f-=5! ztLGFwpKDX;bFse1)NP5?`j=zNr&~rasCXtH4m@U@-VQ(Z)1xuQLGO9|HaQ$+NIFfZ z{cT?^;@YpqLoCz3d?rn_;qzGRW~81ghNQf%Q4>yi3l;kG%_14s%XsrI_zqj_^c2Af)BrDph+QoKpLgq;#wk5Mna9|uO3Yl}XYZ+dzvJM%NAl=5TT*y?KDH^xN# z)KcaGw?}L!g_g!C=kxCk<4@hxJf-=T50uYzoWq0U)9La`XR<6o&655QTaeRgzR}^K zO&^Vp`0cHeHSh2r@4(%!9`%HGZH``RWV0#TO?{c&p43)1#c+y$?Ff|+0U@F7*_`v= zFKDD9A3mTMR^cZwek8g)2XQcC%L?wj;iwhS`1tWvN=k~G=pt?|^@lcDS=niNEfmAe zQOQ_2NYo46++jMgNP=(>i1Lm$KK^yPiyJN`a6%^fGv$CI0=rbL;^3St>Fw(C`#{0r z0!9&9RJ~yE*~)A|FpvX-@uZ@zS*V%)u(rnJi_gvOAszA72?BYgsv7{sC>MtEgh9KjbCC)9KOk^ZAs&2c#b=Al^$I z%*CmhvL(w<#LIlzB8wN1vcjNicIs2_@PgMFkErS$-jZoG%1FMRk+vQh`UGoRu@h_+ z+}!GQfR-Tm6FbkYr=2b}pI&jmQ#J^WZ``B%N*J6KTK$WaXXKa-2BkG-HaVu#E!m0$ z?OM6c3u0e5Ht8T-Oq%OGIF*XSWH~&!HalEM@Y?MKbjy+6v0ZZKt=}K&2-d}LZbZpU zqdlz?{T}skE?9$5C{&~UR&q%2V7Cj{aU0OPD1*Hf zm{f3lwQxrwcv^*#_BIoQWoi|gt1<|Jf5Cw1=15t(x59Te=FDvjUp+sq8F zX?k}PlYF*vOJIrxL2DVYOz;FzxxronB5!$J&~v^9LK6JD3goW6u7s_;3!g!34y&je z&R70&!|Yh3q;iAmNyS=jY)IYt_n$tn{4Vge=aIt9nxfue5HmuVcqj1{UcB}98HY5c z2BwNaA*;y9%_eX@MT%N%I7{y4bszb%DT5iZ^7?S*17E-X2oUUQp<87=rvKPrwxPMu(_L9n? zH@D!;LGdfBvKngwRtu@j$jVPd(|x zFheN?NRoi*lh5ZPFRR?fUz=)a02@-}FlDFhyu%SO$LxI}cKvr)==_q`_0YKGbkj14 zF1`u|dm^3qru!$#Q94xmbL;p)E3jF>+w!>H2daV>z4Cv*e?iK=X$21dtW0}j>%C+($No`M8NmCFGxf;a`#(z>Pt;Y%2L4f7gpz?te_9Gcu?t!}Zojl!$x zin0>Bc+c@oj-vAN56a5Q>xcI+P@MNwd6B8OID6}r++a86E46@;5jtJ(dL;FmUD=k( zLY>sz4vwz}NB%}OKUwqF*MpXAv@D(H1WG_(PBNcumAK8qu&3(|B6(`R9`SrIdRmax zrrQwH$`MpxgNC@-E`C_r8_`5kN5qtO`8L?_vO}b;`R$J1a_H+#bClpPc^dDZvdx=s z3k7t!REs2|#x6*@3R%nrZqI}BQE_B|iCN8S8VinnP13xZKF$7V)-bOZ=617zF3=~} z<`lQpv!4HVueZYM5Rcma8I{R_VjA05ov&{a^^^M-+i)&#Iv1;ZB#_&#tD zXg*sExV+RojkpgGknsAeFA?ayKi&uA)Ut<|-i`-^lFkNBM8vV~V7O1)c6o-M-_Uj~ z%`ON2kjww$b*{kd##bpx6Fb==q9-<7_KAReX7|7SnJbP&Mhvz{S)|1PN^iXfFZgUitsd{Zu zmJ@3f8g8S2#b)T(NB=%~w6q^GH`c?6i3T0(I}Br-q_t4zD>*g+v1+>~j7$u*zYh`ah$a?nNu{ zgg_GltK_42L(E>A4L#_+d+e|Q}a(-Zpgx&M5=JL&x{Gt=aGQ+Ww3u;D zz}iL3d`MJLLw&VLE7f=5pcf{CHWOy@Oi;2dxo^9QIXId^-|VAE9DC?Wh6mf0*M)2U zs#UL5VxJMOTGjF+ebh%WeH`UX!YhZ)cvMPg7_n=M7E$t=H33(JR;q1@LGt6D>yf>~ z@ykM@4i~~Nx$;owACa#FiBOgl59z2zsf=zRQ}fyHjR!+F4{kr3%+%5tD2c7me;iqR zS@JBtTTZP>8GBUF-o${N68Eve0M6;J8q{64w^PqD+lJf~?~;#bgoZ|LjjQo^v*QKi znBFW3I5!;;ml!29>C_omFiV}}<~;kVijz3Bogp4Ji!?%v37ruGd7F^XP(>i|i7kf} z&`j2aOPHHapZ@Krl#)_Nb46$~flJ^>9Cg!W2`b;1n3%L13USi^PA{yOtC;|J4XO+Q z_iiyc;-8aus9s*ClYJxzr+9?1;JMqXV3?QnjnaQl@QlQ(%?48{SCMMkO+IRyd4*Cp zq}X5d`)nOl+-mr7%%9L`m`@YceB%V$3WdaFaP-v4u~#ISIeK5ei46)@+@3|{cdDO# zSHGGv@r$3)IGn0B+ci3L^Es9W70S(?n_`3{NhsWJB>35Ty6cEvUZK=@v%l;Zdyei$dNoM6hK^N(frb z)M4q}Ov^%ifKU)kukk=EE+K)Jcs#>(?IYxSq?b$Kr~z~+L*RVkP5t6d{ems=dpFX# zBWdWf5JdVyjf4ZgT^r>ud$h}|hS^lAA%whBp5EX zg6hdL9KCkh%O=g5hu*KfN}9LosC%Q4pg@JS`lWtUAa!B9NMm!n&#cH@klQf=-lg|lq8Wz676TOq9XJ%2~O+u{PMK zHc8^LX8I(PxjXF)1ld;Z7kJkj8-=!Afdz(}8>Wj@-6V*(a#tlq#V>c)oy;Qn;bOV> z;k4}xwEnD8{T?RpC~c_w=9zrNSJ4hjmrZwB&rkS%ypUvzDai6VME=^16tb9|sA;p+ z*sX7m z`y2oGAXkx~Q!oD}S54z_WjU;L)lMxQT8;jk>aceeOY4))h3vyJwIbh(Y1@b5)fIis zt}Bi_%;S2FbNOWE6+-osD-03@eWoq2_vkTpE>eUZBj*{VWW~3#DX+W2yw-gJH4SVAiN^Q+2lB%N*OOIF8+~{d4oA5ct*t3viR^Cj)bkh(i81+S$raAS_SkDND!|k z3y#n2JDfwTdCn|zsRF)rSzn)e7 zz&viPOelY@zfDD3|8d-t;CD`*GA?|1cFbwqk?t@k0JU9a$D{k@c!KV>!Q2z$%jZ_p7dl7yD-j9OToiFC?tjqWwh!&#6T{zaPTv;4}H4sJM6U+J5tEm%Kbg%f6IOcj$cEqzWu(^FQM=cugH zz+SNx;3T8}wCz>mV*RIf+U-7n7Lpk~b* zo8p7=l)pua(c&Y5XJSv4SWFG_Cv>>D{ zc&_n^L~Yyk<2vnA?+1`!R->m2_1Jp?S43iKe-x>cWpav&BvPFf6>)HbMb96eJv-f= z`U-b$iNJ2TyP3W@LJYiDwr2wux2%@!|M6(X`hO~rdnKqIVtn6y;hcN%qrYouwSM{h z)_(7yO=$GO#hx<}D{it;d06>v58Dv`)^Q5j$X?QQ1saJ>a3Eaw=%Y;X+s@>}EzsF+ z@Sxd=W62p9TyTU(6X5FV_xwr(WMGqxj3%h}|Aw4;)mZo6ne64K8C; zKLiyKCL4-9I4ZwiB+~&SL(VJzhdfD0)={)(&r`J9%2??A+RL(XQH^AB=f)NjUiSo5 zn`j?T+TW@v)59BMD?Y$oqhZPtC-m@KZe_y|CRufd3+YeFm)ttvdnNO6Qhj~xBW5=g z`JnGg%#FxY2I0%iPZZ%&5Y@)dDw!RqjV-=;bfGJmYnRgG?gX<3@2zc^nOT)y&Fy?E z(?<2$tdYE~e?vw|qGcC78qs*uZ>9V-?PmdO*@s~Ll#jM)OAhPjV^*b>tsWOB+87V{ zum04lGxxgIn^V5~5D7H)CpNkSybazNFp##u)BIYtMOAXg(YhQHMDqMaEw6>Y3uN8U z=1j*D=s;cNmE+JeYr>uxv6CRJ`QQ8(h|Sb@Ge5ej)1H_vO%-Y-3OWAFoUVJm6J@2@ zs=s~Nn)AH-m=SNt^g?6dQgMshIJM6>c4+DLJw>z+bOxW@?CE{QOED@~^kI5>`rwJ8 zk`nIpC)YXi%GgKS=YvXVl^(AGWRie%vBmPGu3igr_xOU(VbkbiHB?*KCvjUPt*yk~ z=N-A+rd^m;9$rRz&F}w7ZakK0$E9-Aw)x4z=yGRs|JO8?QS5QFU6##mBVtiG^E&V7 z#t4xanF-SjPe^#NJ>N=b)TOfg>zO=q)b8q8Fazv60Le}xL#bTwkEB9g`~ldc5#WtG ze3Yv005)@9ZP)Bas_Qu-OMbcj%1fNp`?;R_KNp;_yTexMz3<+=zJ zvQz4>8(j(|a!_Q5=E(RD7vLBE6f?O?;{?Z-r$wBe3SWgv+M8-OE^CR>MbV{FkY;}n z@$Bc~U^=$W=sb89386u0i^8fcK6MbXT78%JMz;KQsFyicjj{xvO4GJ+da*Q?BgX`GWnx}JD|a48B>Iu@3Z_S2fc zUraVRrb-74#0TfE-YTh)<2sn4nmGGb{I$Bo{@FX+G1WRA8*UUM1Da7sx@J&o*+ zmdaPq)(#V;`0F7?5xrQf2ql#Dp7P<^ZA5$axvdw6@_~Mj-y`nb{?N*;2tM0cEUv80 z?V8&3YZXxh+uVZs>-a;w@hieQs8L5ic+isw!#;XtI*I#Z>->nm95V>NjhFg?%F@Qa zHE{`_*-yXoLR;Y3(-03r{%yE&ekfeYR(FYER8ks#1-2Bc)uaMsWB!OzJmPqVy4`e$ z!~?XbO`AW<6(hEkxmvruaal_?J^0Nw)KsVEG?hQtWMZ=5Y*fgVSEv>iM7m}e_e#6F zAtKTJovGlcxEm`f%EO0Lu;mBe@fu!IlK)*PeQajoGk+ZWJ4AGZ@&wbh|7XDhHlKQh zwS>?o{|?@np4+wBYcYvUdxxpRICV<9hI&bYu$_e3FvoRV+Gs(A7tqdc`Elw@sau*# zf;trTU9bj0N7EjtvSxi8B%4M9aqvO;3lR_Q!_~ z*T=DmY!5l01D?!(-WX=~2bL`ia!?^~Dd>t(#dLlaFPFy|D6CrUK1*;I`K?sa6>+t; zF^LODX3yMgf|n7P;bj;X<{oXuy+hv+q_q8OmQ3JE(=p#(uY_^yue|ev*Qmn5Y%S?QOvaSA> z3{$b1+&n;SA9sYab<@h{au=h=+L?0Mrn%$HgGRBY1U8A?XxTlP+o1$d|BLU_e z(QO}sA`N-RD!prV+|P0@{9h`7^k#ru+WM4`!;+|qTx!7DOWp5_%Uwp5Bf%QtwzjMw zc;n^eeHt#7z5{?5sOZx%F+KTM(q_6fQGR}Oca7cFQbh6iJ?$qK*u zPVC|^^@I>v_Ky5#b)LH)BX5YEbm;EwV#vkMnA?maj24rxu`!tn56iuB^0ssFwj&z` z$D65tosgmUo1`|iUs=`tFmb+nLwQxd<<9>#+3$G_NOOF5Wj+HgT?%)~kilAFq)3rs1TE`Iad%u9!sBvxn0sl&_mwq?j#RSIkH z{XBDI5T^h1r}*hBHL4}^g{|x1X~mHZ-WSPju^I2%*534kpfS;YXcxqgb%E*TIYxJ0 zaVo0hyQ9L?!_y&VjvTzFd)U+xA?C(>yu5$L$NiU<45?xz0Ted?P4|(cqGk_Aq$jIQ zFa$lv$K}K$@A-(8j$3Nl?mOS;LKO1;p&7hd2bOB24ocP3q@bl5!XT&-5vXfnd)oUj zPcp1!>Fa7y`DdWx5!_x98BBc`${@K!TX|sgT_~>HYXpXQhSm@JArY zPteTY9|*)%R8;gq5#SslbhokXeI4oT5E0&Kh|kGL*f8Dd&gHb{)v-Pb)Lm6>14ESn zmL)2@HtJnUJvMqB-*?K7I@=m4o1=|iHHe3gW4@X(&Sd+6uT2u?MYW!cVHj;s-Z>?+ zg3$QoW92THWYO>4k2t65wscbeOddY=H28{X$J1(}-cMH05VyemGFX&|Rs6;2FV^Uw z-U10Egqv+JTgvt5DFsYkS)sE!jx{<*cNA}@Ds_O3K|(Wus%h26`cH5U?-!N40}Pi9 z&oNR4Wc9`~&;4&v0@zc>yIY`fUdpGzr_WU%#|-q=`5&%H=3*R*9Q-(OE}AO92ydB(D8b zNdjQd{jG)T7n#kwnnP`-neI>C2Ve@z%H9LlgZmdiKJNb847W@3G@GA~JiLvqjq>>} zdxnZ7sFwJ(D2ksi)&_59{k4b5F=~1si+giF`J?2>1#qBle{6`!ud1w zFpaA=c%{1kqHo6pdb963Pl-vujt<}$_(M%i4e}h{K~K;Jd0W~o@*~xZm;}#>G+%jb zn&T^Jg>vm)Rk4PrOX!bvBlHzMn3xHLhJ-u~7EQy6?ls0uFu|f@#f306Z@<;%w!RgYm6AQiAvKer~+%WE-K)v!BlS#?`n_#n@Jp!@Dz{CCEY zZTH0aK{rpGrGHhGQuy1G+ ztm8;GP3Cs$CZmG4fB(s_0r<9Ra8`Y2{&SxLf~Gg9JogcHhIUuMj;6{{7dqFBMB zoL+LW#uR(z(r($cN3`YZ58D!7u2|s6DaF|1v7br&3iA?HvJV>QofR;AuM0<}c64&g z$tE+I3F?6-#Q_1ivvRIo6SDk(K>r@mMR4vR&s(_;TKI>xW_vW8Dvht+G_z-f>YRNG z>Y|sJB(}onj|zaVSdu-zBuOMo~#(lYE@( z+h<0$y9XUlt%br)I|7@QKS$n2sQ2j;H_^T}s)>=MM+IAM%7NsWq>q>svmx+o)*cw@ zV*YhHec4Jip(u*-ey{KACzBaNEWUXyx^#+4-&S#29Vn7iV3ke+tE#_x$|_1Uaze-l zr&x6(g`LKEZ7-5IS2&)&yR42HvfQP7Bm022oGiI_Y;SMqj-WRpDc=7hPtZ~?Uub@Zk%JYqb)-_a}I?UbKV zm5@d+&9mfb@g7~_8p9Q%P=#zw=zine(Y^C?aA**9snP}BJcnrBx#5nh9fc923Lvp_ zX5C2gXEYGVlf7yGxw9L5Jknbh{h6Y+Zo}M!hK?_U?Zi;#?p zyBP`5j}oC%`XfDg_-vwDgg`qNfAzT9r3j%r;H!+$TXB+W^OP6PZl! zuV&4_^XErbgvT|e^URy%9yapxBtc>l81`5JKQzRbMyvG!;nW01%=3=widl->Jw4p$|g%UF&#=K_-(= zE0gFc<8e+zoX3Xwu}zMLKAH}|t$DELYSiG39|nG%@sKVyZ!~Bl_g2n0K+%-v3l?6J ze3^)uf(nDP8zJHTHB`vEiw(yln^E}wF56JnW?7A09bvF&lmwN{x&ki=?x)8e z|J|l;sa`Wu0<#k#DsO`&DFgJE5thS~W5Em7LP0xw4i6!6f_2C*Gx>?SRTIAZhJ#%S zHtTG+E;fG%#Z)oNjo`Q=@x?XE;77>8T1xNCPM{hlE4qh)SWsg=Gc9E=(%t;|CMQ(# z@HyqUQ3twko51f;LIIJG*HW8@rx7$ZiBmD|fu+92obi>P(7AbZc{fZHdsRNcKg87F z7Z33rUmQ;r40Y>8Vcu%7MTV&yDIJaPz)iEU^X6a?!%C;gsAtMjXZv6*-9q|EU@Jb6Ojzj#Hql6*l{~}&2>(bAbkOkT zZe(RH=rhQdUK!!7H=6C1(U9W9Jc&!n5&T8J(^vSnc+g|~&vl}t3*Qt{D)`XRTVq#K z=WekS)tPIzlY1abj_Xdoz04nXoX@43s$XFc>BEE-|7h2-MS(2(Y=bCF3!=vTDSi{BqjglS&(;7Se>`cs@jy=Rtgz6T4 z+tBvv$N{m{K49HEAGm0#pzAQ&auVkPD0w#z=8neqTq&&KQ~RCOwdolx=@Mz*p3=cZ`rEoTNk%60!H3#K&Ggwm^3Y2u~+?q_o@Dro67+lf-#WqpI*#074;$^Q|! z(q&b;Re?Lscpx!lr1|!8nC0fD8s;^@Vx%iR>p*055-Uhq-wv=P;UpVMej$bzDm@{$ z(G*0`I*^IYktpqtu5NHX)AfltEm5n58%<`M7Fdo|e11$JMexwl|3!eRmhcZFqZ?Nk zTfe73->n5qk{)?u%4mzpDSS_OMOn|l->uzQ4o9SC*mrlT$i1K^lSXDpZ}`bulEjW0 zHCpb?Y2!ZOxk0Y=hF$a+ga60YTYy#BHEp09L8UvTOAw^Hy96XuLb^e^yFoyZ?o=sJ z>29UFrMtTuHk`G6U%&tR&NsilwW@gQrx#ymdYoyq1ZV|DOK?0plsyTay z8Bt;0h^W}o(-6MkPW24Jg0pZK5CB-qM~G0}Xd0n#!8HXj$qJH9q#GZRA*giT8m@Ae zzxD%O_lJ010mNeG4?G(~5Is^5n18Ymnq^AAHWLvDrHI1HyF+Ttl~B_Dt}Dh~EXdUR z)qm^5hHI1fhJ_RD?Si)J@JB0^>hBiLzKr}w!+O!2SMXoy#9j4{R*6NEoeX3~J}A8j zHD-;&bl{|tlzr8iq0PTNIaJ+>JnwSo8M!7Z>~pqi8&ERX<7M{!u$S7qVJGdJaPR2J zz1N_Otk_6=brxZ_8Q(vWZTv|Tz~^KdSRNzZw>C%PvPZFs^f{Z1}#xM6q`SRK5I%6c`rSQ~xu3O}_2szY;G5DDJF>n^-;r^}8a-b0vi@p5d zD#Y{xpCM{!)a4P0x_L9QwLE*O&RI8417CTRL7UF#(e`=6z$@|(F^v*r6Q8uDH7CY) z)uK?oWq1`$%;VN5OuW_*W2X7u*@$j;|DTBy(JF7SUA{|M99%Hx($8mAV({DbMn6p!SjmnB;ZN@0JMJGA^(>9&Mf zA)3mUSnPmr7ws5}t1fPU^LSv;hH__37IkR#_0#5@CvXDfSp4zCjc#O4*;*};t6dxO z6ItCC2dq?!h=`jJO;eiiWWdF;>KmCK!`5j|iU@gt=@& zF@OK)%iz^$wF%d6=Y8vEY_G)N(y9LV13}Snh!5prab(mFseK=b3!x#feJkE6Ej~Gr zd-QI~iCSlDuXeiIOawsH{AHR(P0u@3Vnql0%omy8-9LA2N}k57C7~nF(u2PGgE)jm z7aRWo`q?SE%~BUjxM9&EF<%^7&tpwmh5YdEzP>A>)C*f~t$hrbcXiPVTO`N-sv9C- z%O?u=_|`=M;FpbL496HOL1Qq*Ll@0GpVowX8YeauFYqb-(M%v*#Q!NefPaE45k%sC znjh2s?=9`)Y*{`AUyRl+eg3_Z;2&*9L~4y~uhw6GxUn*yz^Farx;Gu%%d8U$dx7?j z52rORx(+H`JmOe|XX_mvn(EpKj|&~&C@**hyzftAI|(=`H9ler?OYLxmC=ib*$BSa z&lLZ{5MfV9HgoKE20FxTZzW)CHn*G$l#X3vj z!1eX@?D5B7W~=5Q|5{pLa5zb(UUtPi&bOk455rL4d)Nw&*8t9sW7~A~^eHTZFj;Sg z;a8zg^ild|q&?s`_gd;w75Zi9CJodpIvi5;gkT(?T~w^DNGS8c7C!cWRw))t@;a8y zsACai2-?EaxR<~r*$i3`IC*%CW~vGab#)_QSFLy1YvF0O=K!O1V(i~y0Xosr{g{On zx{G_la?}2CWB~WH=i<8ThKf9bc-^5)80|NN!$Cj_w|b$9gvDkW0Yb=Qliqn3;W+T? zvqZ?@_#IT^d~W7wgVU7dCP8GgP!U|KLIiO`t(!k16a{&lXou< z9OSXqTf6qPBty{u!tJ)SQybLD$>i1666rN>eV?p%WdS8@A@abggl zhgU4xQBg0mmR?}|bY>3dnJRHFH<~CW`?C=5|8J4G6WfDPlBlgIjUfOTo?)Ry{Dd1I z8H^@Cm0-QAtyrF=_w7+9i2){r%y(A>tPSW#L3E~9H&4q9>Y52$7tSOm#!3f;Zhpi) zC5u`qgx=_!>&;dmS*k(Dcm}g(?~ORE=4T5X5WmT&uS68QDs?^3-34bhQ5TOH&GL=Q z4>4aNT%nsU)l-4kEuCc5kJB=5_vB7n^SKRG?j3cKqnt%{!9I!7 zvVRJboE(gerv7NGCm<>t8ET=mFx^bPx3_n>b3zP~IFOFt zV@~y`4CEQY@KGY?^dMIHVXwF$!1wMXt7AClOS%Ie0E}(Cpq6awB=<#)61ht*_nzf- zPX2*iv(RQzEsXkCstD7D0KYpr)n< z#F!7JE*+Czoi>(tzxRtTC8 z`5-@UUh)@cU4^N<-$v{n^j-4k%Wy3{C^dYYg*5lIcR%uc7U*A5&8=#uh>Biu<23_J z7m;x2-bLYTwH@&@rwTpxojN2KM3i&pe>3$M!aF&#oF1h;^s$Hp7?_@K-_ouBpkh&W zU%-k=fLIU>NmAhxFl$Ga1V{UaCRgDdBD*CdBwWsJ6uUMJrg9N;n5K^w-U2&x6e!@k zD!^3GBa=U9H0O^axl|QIT6coE18_Wr2R20Fc$|-eYg_E#)*ICMVZq) zIyF4}XFV0q-8U`tJHU?pyX^ln2@Fmr~v)?pBrLLG&v&uE9d?n+lOC+ zo9pru%h-1U^8-i0v+mY+x;uZ*Qagq-Qv#be>{&X2 zzx-Di|NRXjWlrZJqMT|pR;+{4rg&5hs=RVjd{QMPIBfuZa=7*?+#L?E~o znT5Iyn{7_Ovwt ziVJ~~+?}R8lFD3uix)cQQla`+j|h$H=dhoe2&8)K+9+9HEH#Rls1*sFwdxA|8Kria zZZ&1vMQk+oJf4+En&x+8=#grDs!}&nKp|(Bwwu zVklG2KymEOuFrV#cM3T`w4)V}#YWJ%#7C5pUyGn9CNIW3!NdX~MVsyR!Ua=-Cx%Vb z)Rh4_qOZ*Iu6G9gqf3Ma+UcbJ6f>P7hy|qHTD;}?TxHOrAf`tTlBmtYskN&ygPf%d zK4&rWV^B?jx>wcgR}oIT`<|PBuL~p)65HJuU+7RG5jSu(Rfy=dT%O-9+sTvlGlp52 zB0PE<`)O2PqM)RlR*~uny`1s(cv-p`{oCU6@zZ}EL3B1L zax4v#?4!__2XEpzKMLZ`Acs8>?0ypsfC2trax`~wcRYMw=S*oxC|#7Q3%&5}go52iiUtHRMS0~2~ERQS=_7sb-7~&|R z+?!bx zEp#zB8ZknH5k8DAZQC+hnY?ED}+}OaG4ciokfU|QdC$np$fSp2dsD-!GEmI(B|~VGR&0N z8NY(~9bTe2RLW!Fxw?Uurk0-wQ=q4LXaEIdZRaXPPfdeHisNXJRu^|&y>mP5UFUH@ za?n2{N30eRZ~fh{$UH5zO|D8SO1Q3$e|TyNX;Ks<_ElYw3m(9`CkcNYVNrYfNW0I0HF&Xfo#X$m|F6F$>uS~h)>MYj@17cM*Rd2`4{gv+gkVyxLASZ*WMRshBZB=um9STU!HuPU zgsJvyyg?v8rsWGU=`)rx3X9Z4PIWPMb2TIrqdMz^tJhL;-8f3bv&EwsMY}%PV!zoL z6NA2|RutKO7&O$n`zA+$Wo}j4g&aggVr9q6598#8LAg*4s0gl8TnwDJ><#Bp5n^KP!{vxbX#H~^H7$^HgQ*uQ27))@6P_qfmjg?IkH0z+1{*P9lH zWyst2s=Wyy={Jiv^RC!UcOQ#aJga>%ikq$(%ChUNwJ&N1mjd&>FlTgqh;}B5J3-cZ zE@}VI#ukkURIf;PQM5*PWM2xs3!y<~ghD?>IatNL?)9r;d-ot?8bi2H3T!z78QeE} zThFb)tdi(c93EP$reMWhFTOq>6~TBk$7(wn;<5 ztm91;Z`+gC473j;tTr0hY5*3^n8FTd%4CB(M@J;_j@5Ti8|!o;US-oA|E@9i8?$u(7;-56QypI+ zh<<03Z^Q@|^-zT+!L-XhDwAwgC7C41r-T|wf2rZka0P+h-)z+Oiy75+HHFqc5o0&9 ze1!*uZ>#_W7Qhvj?rwY|jHF2djiN|{4}31_H($^I@3~~Xl`<(t%=rthdCkEa!^ zdTqdUctv;KXCA=%zI`w1Ks!4l^Q@`*yDYJUy40d`{LYuF}kE8LQD&AfV4#JAsg}C>Gk)rBfX;g8< zGbr=~WZcwnUWLZ!3Z!DachFKNqJ0(_BjB0h6}`}3xLzEInjjGDeyh@p{IhD+6)Rar zuH`Hhex{t!=(X#oPO~JD9{cs-f+?@ExY%T~GrQ_JCOVX1wf=#11C#0RTd0$!LdW2U z!b@l=&B;#~7=qp|V0$0~a>Ag;QK;kxWzMgN!{Dq1FeJb%iGp9&&Ho+-zye zDif4DLC2>M{jSMU-U>5}d5`U95h)yW6;VfS0xv$uld!2ieL@=08uGT4pe8CzI(q|c!&b4%{RNqY;wu^;}8Y; z1sJoOtl}u?pMD)Szr4YRY*CDFzxl4c{5kntz9Fp))b5is8+D@JUT_S;N}~ZOfJUw1 zLs;cLu*kRjOO-{>w46snnKa7?U*)9-Oi#Z}(j&v_qnG_azOtOuwDx>z?^giLCxSAC zSLy|wH8N7$p2@x3qf!n^N^6SQ2o|e9<7s5SWj|@BA3pVD7^P+}pWmKe$UYyrNL;`{ z7`?KFi=-hEj~+wH*#D&FGMDi2<&XG1&vVlYM3u?1PY6y{1$ z4u|Z&be_VizW>I*X>3TZQ}fcP&RKp`)>*xL!lnv+wAfu)?`YAc{H;|nnG}ie*!y^E zqpl%?P_E{XWwCZ%m)BhAm6gkjzwmQ*aX(N=(HDP3Wm1m19178=!=CgQRlHo(as6yH zLIV-qi6nK~V$}O3r+3dU?X@YflyQ1RY9;l2QnuNs%zWr45)>F*(35BJbX2JmV0LtF z&`Egx)b+gaCUjggj-W;V>|ysU_}VOvOMNLd=XE>j2cU%iSETQrC}3#i23;~hgly0s2tr1XvrMu3%PgYrfrz`Z~f4Y%| zPf3MTI!HQn*pw};AYcND0AyR3M576}L{wGcTZw3RJJ>sbY)V!tK*47OnTyS?(R2x04d~ za!7U9I+>bLkWb~=@G-K+qG2(R!+FmG&~r%lr%b+*jEYK(<-!8-6J-t?5?C};X8uno zJ$heMtc-wAz$M*Y&%}flkTXIc0GQRjsgj+srRDrD&x^9_bOGZSfc^}3yBmUNiv)o$?e!uAX$2uiOkt37WX!@NbU~H7CpHpfN{Hu6%J8-=%)zp z;sv@4m#ERH#OgBk;MihtU6-@bxgs9z8}iCC)BJWBVpYGMEm!6wMn?1yjO1F+UgAKm zx@#3^QuWl7V^00kG3rJ!R@n2H|8><>0pO_bHd#T669y0F+|M>2hfW&ivk6vI2VeqaD z=jG4Rjr2fx-zyaK#v^HZ@{ojtUoWT3Z5)~{JvCoxJ;kzXA@08+O=K#%}PMf_d?_D zqDb3+r|2r8wAI5_e}?<+dSc^fOUWCXgN2tIEscj@%ttR#CA}5Iaar@GZkM0V9v9l` z-{0}T)j+*3=HP3bkE%~QY3k$#(b-Ba zsBQ>A{~L_vDT45PB>mLb*s8+RG+;xhKWIY15WI}$pxue34F_0K5D#pSABh6ROG(KI z<5RoJucX41*yhZVT{l zt`9Rk?n5XYlzF$XGuR^tsGAHyClv=wLwfb%>|NGPrvi{AEb5GB{4p79k`qr+W)#?* z14j2Sv>r_nryS!6xHQX9z~IcpWj3EP~Yg5f61}_jeePb;r$T<64sdhRMH7n(1v_ zXgyhLNjDJM4uOC!;T=l84k9pG70coq?Zu;@Qv{qS5wawmb6=HM_s7SR_Umw5LV(%a z96R+(76 z0eDz5@#lE#0Xk2WR9;R!RuMjHjMn}23QvTZ`9NV$L;eZc7N>BA!t7Zda%@rEal~Zb zzs_MqF{x=X_yKM6W@6?MbL_P5R8?IO z8r`m>HtG89bj?!Ij|C~a>UJ(4Nvcp>xwF-0>RsHvDlwkTpGjWM@jWPvO`>ILTEi{R z?8?{xuKtrSNh(5Jl`yvk(!CJ$rAd|Fgj$Xy9pfY+Mlx@*p|IkuJ=o{6G`tnq&z}AA zM9HqpV6tiubj?_h}klz16H{;|kByMKGGZHpKwD8{NI7uqPLp#~~c}rIJ9UK2^-mYr3qT zX2o}$u>3OqKvu~8?NxI&sEhzR=}NfXB?)>}#Ue#IG>$--_CS+kg1KW*qqk5 z%Sg;)GaD+;+=K{Ddu}_0c&3_|gSHkHzdrCR{7muXM*~UL5Rt*uFg>GU$N5s~Yme^k zxTl84Ibj+Vhr%FcHM2~M*lacTHpp>+AO2#_6QgB`6`aLO7SFFPdn?tm^YS{ZzBk=n zGn#0%E|1wjyyh@xu-#`~@?nSTvIL2zHAui=)x{3Tzb8W#!r3iM)uW0cjo2gz-J z%B=5vR9{98X?>s;4mS6cB)#_s&3Y{TI4fu4(ryIluINorX`g0_&;{!HLFGah{nO21 zdhNY=KOmiNYVNLyb8e84kxP~ft81-0Nj!hl3i{sdC5zmJG5%jjCtBjy6n7!x{W#}wD!ji9Kr*vO%Fd} zIGcu^UP3k|(u{!!!=(I$CyE2pzaotZWXgM`S5Jy}mQVW5`E`?QZI5?mQ;&J`_pE%v zBl%R)Y3MM-FcC_>Q+jeWu}wy7l7wD))TwIu_xvbi2a+&ph1)t=&&nM@YFDQkQNGJ-;GO zBtm%?T1eM+kX2FPWUj;YS}oCN##RauArM4|c_Z{yu^sANB;LJE-8gJHJEP}45WKB( zdZv1O62oVX3DMse6j_=G+j3*I-);jBca=6rd7tEvUi}sj|_fbd$DGG!hm@MMr=J&nD z$zdOQkOkfDsRVC_0&5Hgw8zGF+pMeS1Bz;Oj=GjR4_hyGj)np;zGzi@kqGz*LKdqF zVdRm)8;OnPO)bNs6V46Lab&?-W2BdSXPgm2r^-KWmmLLf`bN#)z3b34%L){@^8qGe zPc5Bu&zQvb_Nc3`hkXzuSe*B`EBoj|fI$DGxY_Ws>E=sL4uZ(tA^ZUE$@82%k75}^ zGCbVVPN55?7NhX{Ftg0J9}HUGQ}gf;00rXtP;J{OvR_N^`_1o~js5!QgoI$n0U->C zvd){}vjy)E8FEh&9d>qQFjWxN=+m=%92+a{whBzjrBRgO;!m-z{{Dv$*j$ZGO_#|p zW|g2i+pE4rftjxeQtffa*M(&DJ}h|%7!U+{lX+k zFVg!xdMh=CQ0UEmEwQ6*YKRPhNPzXsU5MwtR**hxC~U-*CA<9FCWc}6t9QQ{(w)AX z_20~_v;5qINB>E##D}LOQi%)ly^?1G?|x|2KjP`HCn6#mu7<-UAXwSMW3+4U)1+s9 z*0C%@#y#@{zuE;hhtXh!& zK~&?r z!jdVFN{WvwnueG6S;H=twAW{21iY*cTvewj_?0J3SORjUBy&)eB)P-<4u0h$JoBQFr5>#fdI^a7!AG}C&zfZoB6NG)4MFawgXGyC0g>5nTD zOe;(3(YTKZkIOaWl4s}S6y+rbD}>E$Yyb;94upb_kLYuBvt|S&+IRCa{ne!rY8ns5 zz3ZS5y;dzYB-(XIjF8)wtg0Dsk&rvbAK1mcQtcy(g+yoCxGrMv$vC_~9^k*R>Z`ru zZ-Ac9@Y=N4+Xr(Pw#kC!;-#UZTREhTY&#~cZs$++qc|P)Byinqe32jlm5Bl}#Rv-WY8U6moas=Y?%U~=BWOZZ1 zs3+`|wIL0rcgDVeZF6vI6z>CH!8KfjK(W(3PvmdkzaK5!`+UI3e<@{ZivP(%R$g98 z&83Pd!awlQXDuJ$@j|WerJMb5@+Q3~kbnRR(J54K+ZGzb>oY$!s5D?ZR<~em8JVl`_9GQ1ii%^i%~eqouh7F!G}7ARPrt^+{`tHR2;hn zbc(GX9gAe7+-sl7q7!qIm}NS1gPuri*4Nz{)h=jFSEgJ~6$IzY`{m^1y88OWSqUXy zIFu1_13H7am%MN*k$m{6c}ruXFFV078}lCcs0hl+%6D7R*0r8Cq%5@q*(cMw0L zNYbd^!ND4JPDtDDc3AIfkO&2hL)~>vO`i_bFN&Y;Okf0tp#HMes!p{=3r}(hq{T(H z-;=G%A%*j^@6^C?MHkw&yWJ4U`c&g45b%paI!YK~+YH4AE^tg@VkFmsPdFB}3>70I zO6$cO0qg}CD%282=ik)-p;Q0pj2Ye^^g*&e=i5l#iOWw99Td4oZML3!ha3yBJFnd^ zyobs_ATSg7yvAD?r1)yiOF+)=paF^x&KJQJqxorj%1aY^2L06wu@rK<_|X({tN}DN zbS?v7l$s8XRBpfO>7U80<*@m@>0PcJ$gb0*9N8CC6$qZ>U3FjM{Fbic`l6m(CONC& z<9lmnfQ!VTEQcpicO0YK!F$_D=57np8m|DkA(BQ071@vN=Z+OR#tjq&e}BT z4OGX)Fa5cV=DjMP=djczu4-qF1hZ_<^5KVF!Cb-uOnJ1M-7mChYVIO$Zu|V4`On_C z%7}lyl$1?me)y1{o*n{;i1v~%Tf9A4LFS>R#vvj~DJ=Ua`y52fT4DAOAl6VHv1Uyl zNxXa+`3yHFKc70DM4Y}VGaN4>7Iln#GAJ}{cOulii!6yoUhi$ZmD1eEA4Hw_kmIZC)oJ=A@BM+JLT zD~)odyWTy7`G$QB%k1E+6E)@AgiS5;@x@oPwgd9tJT!opk8N)?&VKZxV{}?tcz0aB zoi}-Y)q7g3z4s9dRW|M4i<<(@77AMk;VykNE4gylpA@|U8Vjzhyk8`$3=WOp0!V&>C%}fleUxJf>Z~O#GIt3DIIdwnU z?t0M5y#0x=M6Av^wRG7_hO@73y75j=O83<@$~(IU(~YfF_$1ST%jN#udB0}zn>%6m zz7q+{7{Bk}Xt>ZHyN$_i3>ADM(j$8I?e>y1;+V+eD2Q&y@k#GXZ*6Yj1lBED-HW@F zvmc-OMBZqlL)BR-s+#GMWBuxUU$oGOVfus(bZLbFL@Vl>-@n&gR%Y7H&V~<&w(BD8 zXucqKaP%`V0VB@d`kaYL>V*Tls;a8;P_xMK$qCy}2SLFYXb^|~y^DDiNn^trks=xaLenY>8NUa&Q7 z4kNOV%G|Bp&;@3+6S!^qqE_!|Ff&xTnqDNXolWSr%d;?b?oO#2P983ST1fK4>apD@iH$haPA9CKul;V;dR-o%;LR!IuoCPvdI6frEe;EUsbKxd1pk0&WQA zLqfP3r>^@JEiUe#c8McQ=`;>;RaVFeaaGcReqrK;zb!#`Aoz>)6w^94rwugDJ(_LSSGKdsE;g!oOipO zgudVGCL3P9DC^uY4cX?UettgK4SF)_E+ZqPpU`5m`p8AlAOZvT1&aBQThn)FJ}T~F zZuUN4J!?`VB4259w%Xy|@xwwm+JLtOb>a3c3jN)(CwJ&YYE3R%sJ=2Z!;$AGi2_la zMo5U%EZrU7Wp~nl`x}F!r_aTHS8s1COd~;KZlZ(68+75j%~rKebye*MIx=4paC&UJ zIcOyIW?I~YA1XIfLIoQfprYzcYWCaSW(aC!x?EkjmsT0ZSK8B5Q^UWr8~Sy5(MfJ_ z70v?4e-J?c^3lB4iZh8<7iCv>X|v1gj-UR4z?0JZ;dX-Nv^Db3a}O_rZMM>q?D(X9 zB^yJeEtP9wIh;kfvzLV_N`U2j(oyMjYxFVLY)F9P98$ESQNOO`b<+RN#6wgz1N)O7|fLONhKFkT4{Z*9n#6gU^= z@2uKp7}e~o`C%OXi$|UKE1l#%KMC}_A~!O=C9(VIPk(!D37Z^Z zh?cUBPH^?Y+h1X|2uGgpO=YpyT^-X^d_!`%XpSrK88#pS$C_M@O6edi{o}&$yB=Ne zJA`_!9>F_Xl(6$E?kx9LjeL5qw_H8YlHJJoJYb?4Ad6t=t5l^l?)pMO@As88wM}ur z*$B^Z-JJXrtrZ^wTBUiz9H)ls{V5d}^! zjmXG$z$YucjFGXMq9vflMAQeTwA5lgCy7zc+pP$WVJ;R77G_T}`7Eyo?(Xiq_buV9 z1}&0Lxs-?(8jYd5EN6cUKuF}xD_%M<8@ zx~|jSG#<~a8#S57BAm8o|C>-rD*DX@@+4i4+T--FPNkNM9RT1@CuVi)!X$BDRk>VG z`#sBMgdv0qTItm6#u5R?ptC(m`vaTrWuWa%Sy`FgNX3@M?Vt>+?f%D_wW_PxJ8(}*JyJv`r@BlbKHBAn3nrrqA& zX5CLVvLBY>z(hUf2wt(^0d9G?9GyZ(*+y2Y>rPXv^@(luo`}IQZo_2@`|U=YlHD=6 z(ywUm^QFis&qK@;=RRr~sfE|c;A9(@mle@Tt`i||svWvQm*EGF3=6O7Jr603N{_=? zN)DSmhk;d5$YlS0o-rHIr$FMk>o$9KAy5L6vb)vycgb8ggCi6A#0%*<;3(z>&W%I4 z@&pRWZVmZU+dx`H;XhS(N{|n`$9N0QDy7)*k9Q-*ny05DjDK^ao7(!FH?URFViv3< zQfy^1t`L%-jy2{vX&piiH!jyeYX*zDh+&4c$S(}Yd0BajFt7z)H=IYkzDd8XU=UNq z&rCXOY%4%6r@k(HNmY_&SHPb|;o|z*S@Z0Ph0a9(!687Koz!dX>dDK8Uro%;MgaCF z(9tSoCxp~Rqdqr^0@2WQ&0h+o)Mf9%9Q^q2MevtRttLlPQU>_U%{^A&w_Ywg01t$TnH zCqH6>^IMQowWAh!@ik%dM1EzP7JgT)1Z*`VwJ6fO394&42QE1tsaK8&H&^5hu0EA~ zN>$``Q%)+?;69WxDhc~0>}Ob$QY_XSZ#kkRGLI=8UUy{E4Bymnkhk^h_^nbAObCLXV3;G%jSrgT0@DZq6fX9%(KJ@% zq)-2t5sJ_`v;xHTfe)(~k#`k^a*>BD_lNg$$5mts__o@l-9?6U|4c*-v#kgbDfZuK ziQVoW(Q*@UP)upYgmKf0xnVtRY|8un%FEs-QeWLry(;6+ykJu+$KEuD|L0o&`|l-G zJb>o!;D5)3&DQ!+V_CxAzYoa8@uFsrsn}qY-Ez+V&)0%b!2|xgNdGm6WSSTU&7Z>x z7+^AY*ts!VkphwG*N~MK>}i3YOYi^s#(%B?-k5WMh56qp{`vSzKLtP%|9?LS{VE?=uyX9;iW3nKjf*l+jJbO2x=i5KaV>W4fVYb<{K*RBu?xezVW(xKw5x*3IC;mT|Th0N6CFN%QEkCBpRcfw@y)K74HR?{~ ztfniFL|;c}SH8m&zPUxgExLPT)DiJ3JDebGL!{1)&EtI2A`=i`6;C2422g}b+Ko?{ zt!(J|aL>>|VBH_yy|c8Nwa4KfVh2+3ICh#k7F1T8hra*!;-PcV6%`ec-2N1y2ogR) zIs`fsq}Aok9eOm_OFpejtQQj_BZfDCs6$*{9tHHYm|?PJ;I^9dYl2=IPL>!z{L<4& zB8Yj=8Rxxl2>O%#-+Wgyn6B88RaATkA+c|ZsoBb_g-ruQ)s9YBL{@qji`fS=xV@hU z-|uonkO|ebj!0s*9pF@Xr}A0igYJEYlSWYv*0?Yg8fFeK_VDoVl>DPoKq}g7LVK<`x!Wtb|t86<42a7ko6pl3l!03mhAJ4Pty> z8X8Cdn+Av-NP?cFebAe|Y7ybvLkZAFkcy5jU#R~nq9KnTDXxmHE;?l0??X$Acwfz? zI7AeD+wLA7Hk1PH6avSeR|Cr(&0utNd5Q!oBUNbTA6e?qL7razqR zOu&cw;2bBY>psH7BkznL3RKs1pTeb^DAtQ|U2xBD-K9k|yy!@#t+kpuaa&7B>Ys`M z;-pbwM=5-}X#{)NJPQttprxe>$l`t~DZ!ixuTCq@6kdto5a1_55Zes^0f7I#IEb1A zHqUu+tj}>0WXpVP>mJQFSXjDAy-^ahX8_U?RvJPQ0e}k2AR*8i6ow-(WC$d~HB!Ll z0gOCTqnugNh0ZqvBl#}!vqyt*|G|M3npfxaI*qpBXepM$Kqub~aQ=UZ;%1zD1g$KUcM&`Ni z4;~e`PkqlL7r`sgj>6%jf3_63Um>ugCaAI_bUjt6Qm@5E5OWLuKdp4J;8ff($ARf? z3k=No9r&0P7Nfa0JXVuGy?Go!XFZrwKJ2QroS?{-2c(?{Vim;iMQeeEv3i`EZ?R>| zL`g4g+m?X5XML?W=J`w%L z)c$#fSabl5R|BvGhx-Bt5D3V?hSoaTvYYYZWHKqp@4zTj` z#Zsz^Y%&}uS3p2JxOe=us&KRXf}BI z4l|q~y^4X_r{}2XHsZ+h1;9-Q^YCVqbgiwnU-4vtRDjQsJ# z%BjCs;@!K{Q?K*SeFyM1S^_WmN3FsmBNtGqw+~$bdniO$N+l0l-h zT&Z~a{R{sJ*F$W}aPrPfk;hF-eGwDv!t>*y8W~&DSGkoY)#dqfgIp)7=-7OtpR*-v zt3sEq7?dj>XDINR4*TR3DG(>T5M+hg) z3svBBy$;y-oJrHTZA8Jo>v6GVX%o(ryz?^K&;+BV1Ag-W`gy2cLLy3w_c%4mCms6- z>z0{|Y(w$FOhS*i8BX%FMD%Ik=yUCS$63iwk@V!&OVPVlmj&e+g_$m|$*N7)jbx^W z$PDTeutc1xGjHT%5>zznj9V-LKdIz~csf=$a_nxgLTG$~P<2z97W6|t`DU(Z=Zw=^K$^_r_Luf_d#~V;t9k7w1+K$z?#|(&d3D4LLZkq}v#_#qSpd5dl zr)dmq0OpiCaw#C30>}Q}-_=*j2ZaNRb~eWgiJvN_27y4A1+SDAH}$h;NOPX2k|4xt z!x_{yS-iazk4Kr|vyxjbqJNENew)*JU~ZZc*vn+~+xd9=7IWncCvl++OG)!xFOib2 zo#XsXWuRU)%G^4N$}T7KfbWKX$_C@X6cQ1fN_Ai`Pa_kH16pt z87eFgWsrfLa{E#^V&db206bj3{R3Vys1Eix-K0c2m{25+NytDGE$5SOGa=e-Ewq|S z*km=+O4iNr*`uWBUOwg?dAt64!l3rsoOPH?v=dHPx}==Q6-9V&xJ3V8mmM{k$iO3( zB|246e0vic}HrdF38=sQez{(B=97m zBQ&P&*Ov@z*5@}oCQ=9IC;+${gHn?9LoNU$$n>u*GzUU3OuFpX-n-1_!KX#J2Pd0?^Kdy#DNj3dpsjY)$ zhFxw@FvGl&QmT86;M1Gm=p{4ybDyL4NTO*Oj}ijqInbt4njk`xH5kYZcP5h*H?nZ3E4J&iFGGnubMQS*7zVQVkz z@-f3IDR_^EnU1(2CkAby*QNSKTq|tp?^fevBO9#%K|?#EXPo;yIpGJwXs;qTL5y4i z#H>$4(U~ZG^%)uG{4*OpPynoOR1%k}kzWzgl>sSqs^hhGZ0Uus)AR2tR(v_&TisBh zM_r4#1e|sC==k;}=P9IO?yxF8Yx$tiJv^1@Q)>-mnq!Zj7}QvoWUen{Af7x#rK?L2J%66^^=WIf za$e74VcTqj-t92L$X8mAO0J5lx(fuapJmw?=Jfd6T5+_=rfA4v`ZemA-b&s4#yXjp zeA-$t*kMDkV&eN|#&~J^`q-)l-QF#Xv1)kqf?kVSwr83=m*QEu%!u#E>)yz{nA#k{ zr}&fvxs!Rk87n?n5yhw}2KIwNg`PO!@1|-8Hx5n^%2-{TVMin+(8tXWJxH8V@)XfU zO`Vd1k+`71qN(LuVFBDHYRvzKv$qb5`fb~NLFw-9M!FlM8$?=4TDk`T0YxMvL>eWO z?uMa}Zcw_ryF+T<^Lw7>eb>A8-p8?y^@oK6^PQRdd&hO1=jX(D0@u!Aj_?FN+k0nq zt`szQxmvEDXiC%&TwGizX{z?DC{jf4jA<&UsC+&;{`WaKvxG*P7apv-tXDa?xtX9* z3C>}uEQV%gU%*a2hs5rOBHg4cb0#*qRvzjRH?Cr5KLu$(7spesCn?+4$IpaCX#HJ7 z=HWXy{d|P=MT&KARu!Af*J>Z=1Zmq@ODgwr+-cqtqBn`sq`nA8{lUUFfFG2Izig zbx=$F+vYidRo@?|reEN%fIqvIM8uXfx)|&UsYzWXTQmCZZ7n2yPBhsdm zU1{CYgGAN9k;NTbqSgyGfe(g|z;t_cqj|}aIw7*%J<#imc2z}x(nj;-0~{|e zua=2!0mZK$nN7t6Z3ZN|x(O(qr!1L!y~D%Oy4Hw5m)5Z9bw-e0y7$%rNQXhB{KGBv zb9Z-MPm`YAiGQfa7MsO}U?sXr+l*da0mRxdO)2Zkn$r5qS1^UNw;HIh>lMGn2PRfU zcNWsTbjUM>NRk=a%YUB^9$;feM_-@yYGZQ~bfOU1^h-OXktwYLWKUZk@41)&0h+A# zq`XwtGnHiElr*;6g$Cz%eb7~A6Xkrh&N+(3&W|RMf*zl#dAbd#(dEP@Ak2SaY7`II z%Oj{q&)t0}hv0RME6@8!IZgefuq=fdb*3qu-Eni9gO&gEQ7&u-NXU!TIXn{%wX&-= zL2i^DeVZ2CZt$x#DBFlsUj$2+?tL?+TRPz~gGxVV(f4gSd?PETSdV%=^jN_^eO*kN zZr{u++`5>R`cpp-3%WUM`tqx-JkSIeJkxw;%k~|uwzR@7W-)2{v?tLn*H~;L4x?tw z%+_($DLzM@Ec(TfoYl(bskYg}MJ%xi){5qsM^rnj_JoPKw{prt%&lkjYGfqZU4JAQ6lpj$bK3TBqt}oC+Tx zG&tq08kEBynNtt>c!9(JvsjKIB-Q9Kxkd}X&z4p5Zs{GuNlSkVx$SE9?Z>Z-bJb*6 zUa&eIJo9M9nG^hjbePifQ_6fgdry?^v*3KC09ocAm(ynor?)vw$3FD)*lD{T^+n@I zz&#$?f6AMkn@iiM$aS`;{jv$O?KNKeio!k%tAaaAaH-D?3L~>v$kgaO#CuR^Vv`SW4rad~seBEFYS(*A)y$C}hl>2)Hwg!n+i8>-#d zN*78?kzM+E0Ycjv61($QBt0eG0o}ohJiBj|;^ddp?NB@$F$Le!9fHldg=r1D6dhB( zHuxeHFnvau9a8A!$f{+LgqZZki2cw#2);{a{E`Hv{l;`@YMnbOOKN?jsc>0-MXVi< z+aF`D-Gp^C$?Gx64yR=vJ1y{HA*u6Hoq$n(T2dg;C4S1$9Pf31KnYVDNd7%4EpSX~iHvExx{{Sfv8-I@Wgaj&CQ&`py zb#M#}2}H6e3-`*tr~0))h%XozxQek}TA^jyR_t+;P1<@Glx-QP{Y}yND&#s?8FO*K z#t66@UYHnyA`^eM*G^FEs?!@g=jb6<47y|jIr~>+pt|`rZEiw05+Sq97lced=VnD+ zNhFF-NQ4X9)UuR)3er=*e*3mN(=FgI`5N@?b4mItmjZ5AK4LE}StInpC^@?Nme1|c zDyyn+fqYZyV|TYg@tr$kH6sR}W*Vk$A!f6aojsZh8bNEzACmx)QT$8E0FiBR4 zeu<@S@G)4+d>^0LTi&*+KzAMvirl9iyI4t%8XX(zeAJ#V90BbEQ`(F~Qf`@8mlDG5h5hIKzj~L(4Ew$bV+{C1g-kduFZa zSGuKey^ovFtFkVKHy)!Ad|}3`e24PIF$5?GnHwt5)PvV+h-RgoO_d8HBx3P5#e4k? zd3YG}r77AAFFA^KsUp}-4c}>8F=nNQNzPO^#%n=bs-spAm1_s# zxTmb!v$aZ5+c763R8tvu47MV@)EAhJ?>cbEgfnWOAOAJ0`p@ z47EaDyhH)VU>T<&4X|3$W-8)fAbd@W+q+qeOPeF~l_!N97ApXyUZsZx9|Id(xreR5 z=-3!+1Xo3IaM+v40UZn2(rp+aijp^!(&I%hMH_MWh7`r6PI`%#>oT9-rgd6d^5s*d_1&(bOjB>LwD znGtd<7N>2VGBc;ry)NC-xEx$+c=FlN&JaD__o|`K4(4lIQy5u|u0mc#>WKYDL~hBI zwls^%b^Ytc$E?;vO`?Sd9-$g%a5;TF<1mC4q~N0^_Dg42BJ|qYdJyNS#SQ&tgt&9s z2=(*;^O2R#T=y)ZLAzcx719qoT<2B_N}N=mZoMM4N^62UFGRolYj>Ls%0XerCn+zu zXbo#~M2J|9_G_V00jXZaQK>BXiBZ!`WY)^!-Q``viw6M~ zqCqwJ$pxyV5=)odUN5&0mHWa~w6vQ{Gvj8|;u2>Zi||ZEC$4)I+ZfL@(=U&uNdH!DFyp8 zGBY^Pgf4H<0@>%F>#IEdP1z$>M{&m%*=}4<*6(e*#d8Z!uQc)kA`Otc8dz(kECRd8 z;M%T?NU9Fpx&s8(;5384Lv@+DFcvC17Ljq(ExyDp@J%;Wl{!>Y51Z<*rBnN*^3DC) zZWj5bRGaa{#IZ~scf2yHxs_QaX8noxZ0Dx@O$gOqP_`rT_e>M`0J2u+1uCD+O2_BVs{$jUacCf#B2y>DR_@g`yJ?r%jb zy<4U!o%HUx1L_@!QD|_^y2FP_5;{UXo^;becZ(a3J7@4sD*E-+C~79Q-mmn!5xKH! zjiyt(OH0!#><&5#7R2>)*3G45Whx;Y>ZeOxO2g%HG=w~VPh7pPWJFe~zIyP)7Fy5Q z$Hyu6(|?&grdIQCL&h`v+YKinW0qTydB@h-AG8h}?~-yk+|dVr0lj2m3*1t2u{d?T z%V}%+N9(0-i#a!KxZggCx%?nqdE$OVSQ8Jam7S|K7GrsILuaJUx2uNn8F_NP#Yx}c zRq-_2WZ>HD?3fKPecCECmdzWK9FNK$iuJ3>=!&L?%Vkic-^%L>MoC5&idiHIWR>zF zM|i0V|EY31b$2>~&i)nY))F0@iD@WrEm1P2jJ)(Kkxm>ow4EwVhUau`5j(9wYwNsO zeKB+2TVedZelY}5bg759!}iFUY=7gI$Gg~DWjBZA$q}3{1_ks96&Mg4BjR?zUS&M|5YLBEQLpn zMWx}8SYT3`6dKP0e!GQ6bZY%Cs0py@)M?{}No#&7H&7VQobAjNwrwMfa30hCpf)5)mV@|EX z;paN4PDTy5&;`LfZinxKNV5FP!yh-8a1}{C{)mL}hd-ku^FH_`Qa)k*p;<7<%Z=Pd zGpYDa-e1_={FhQN(V4=ojG>1bJ~Q1lK7*lRJdp?Q4jjK_h_+)R5em&~rime~?nauf zQx~q#%e&XD6HG0;;oh%j@T?wEd>Bbzn9t;@D2~&z>dEq8R-WBB6|0U8qS#i1E|i9S zR4>h8oJsSm6rS%7o_VO)fEVSjDtWnQzX`vr3h$70-LI<3&A(g0XwZkKZ2998kL*k6 zO~0WuE6(rNYP`G%DsV4(3<+=&e7fT2-n5*VlQ>1KNb;whId6PoCATn8APr$>FYVp2 z$u+W;IV9T(HjoV?a$G)mkwh+=%72v7FrQM!8FvV_J&(oiaVW^OxTe4CkBcEMUz+u~ zX}s-H&OZ_SMUSR$27mV8f;}MKRuxrw8)i*BH`#~Gm~xLxJB#3TYy5}tX4zPA<{{Fi z)-XU$S@7^Jf`IZsq}&FH-q1SGx{8Vn(6+?}DFYSV_{8`Rqk!|9mds*;5ASV;f2gUdcw?4&lFwBnc&PG*>-mKuSL}B<*$r z!JrZ+iNeH$$@l0LqIaLO{rdn_20K6jHI_YFtvdi|m-%I7ut~9& z*rmrd!#@PbtAM|qj-LK0Oz!v|{%NscY)BRTB{_Lc?klT5xfKk>`ro0gNG56{7hTy4ne;TuE z8&jR^=KeA@P8*Cw!BBOFM2^D%C0B-Cse*;#|FUU*1yd6x&5#Z*>+ z=JFdy%lt_+(-n7GDPH49-%fXPv_8&2(=46nt%TTBouviQUUwyRCoj`?((RDpyH`|_ zV?OM-LI$>+ zu|chM4?1eC%bE+rsCcClezfh;CrWkSB#iONeL1lHR(dpMR%TK>&NU#y#Soy;GDF#b z02AjoKUk?=}Iv^_tPf|I&G$2avm&`tH7wF9g2HK3-Pbd#5@jleYWm((9LC2tTw zv`^dSkkJc6-A}+C1F63G*Yp{T3@b02oSnX?w&sI!fJRcY??ol0gSdEYb@dP6l>$Nl z*i-TH@ePFzyyotu#D+sb7@T<-!eYl>gk(@VsnsK@b<-*+!z(j|gEWZjnt=GS2jPf6 zMvO37pg{Kh!bnCIX^-7|CO4vdOFT!LRP^+4UoDC;n#}}Zdt<6n5~2+FXJ3sHHJ!2c zYY7;w-N-V--yn;fX{O%Oe-_ZFicPM#hZ8DXnjMG^(r+^ry4d!<^&;+Acd{*tH<>S= z0e48s=_-RtrPqL-DF4H^PLG9qVF4cozNen5uA^SJ?8-BSj!nA`NlI<<`7df6$~e(a zXufOFeg3L-pto^t75&wKfN*PqPu}SO@5l=xxcH_h3)5{se)~OKE))E3_MbePo>7V* zL|sb{|4=_Z9y(`CYU^mNRf}3-@l)E9#ZNuX`YpeNO=N8)E$3WE1hi%LsOpq^yo{Ft zg_M_P^m^ly63r{@%z>{;#rL1NKN@5*t8{=(qjfDu)k2EZQ)-Kod<4lBucw~Ush_Df z1!+du9Hms8q3X+c2+vQ1XCgJ+AbD{pJL3T!Prk3es@nT=#9TGS>YHwdEyTAd{wrN} zw8{MF%VcGz1*c2#7HSb!sc-i&v(hWKijxyJF$wgVmKEJaq3f_&2jOC7P}Qk)ch@pB zMS=r8-=rB+u)yl*#%KNfNhLzndX=0S8&p_`7TjSD>X<(wjtdgIyOF@Z#;2y}==sKy zO6+!a>TX=l%CG-)<(Cw+&1|LOL#cnz8@9X?k^FlsyAC<{EOo!5Ng{MeGRLDxj$hVzyioeYdf{Vetj&9l@mGmQf3sPm&G>J``X zwLLI11078VIOe--QmK|y;W#a`=-NL`^t9F*>$KjdaH)?Bx$eYT|d<- zW-3*PE}xT}c8RUYo}XQ}`}ogalwGu<-1{e$SgxBC$}Rax9I67{3hHA&5cv_R;i}); z9Bv%|&+9;d?FgP6#@Ar)>)zBC^WF@W0~$B9o2}c)#0nf5Kd zB`n!H#C z&!H%cJ*nVzm?(Qr)60%r=iAdsac|3}82gTAa_BGIVL*N%@~VXFpxBJRyq;c^FNaM{ z%7%?;XSPhwsiP^woIs4o(T#Ajpo}APovYzigWL0 zbUR6QE60rkJyav-D^{cL#cz^mXEw*N>;`!|o3zh87$gkgULU&IH|q5M4b+$lhDI%H z&ZqnCI_x#L-ZY1Q{bPMAaza;?AvDmkba@kpmHD%UDj{J51zJsmLoQB%8j7o?BBP<9 zpN-}s@1B|cmK+X~V@Q2F_G|clDy)!djcD%xp<|85c&>Owb=fwg@eb5dS!Q1bgA+bX zEM^2HTIs~k`-?{ZHGel^|7LvG<8+A&JG5i||6gkh8_&mIa_#tKd9}_Drm#1xbJD4F z6r(CzTz(CQ>`xRWi4=hvE$qL5TDpR}>&Ve=Gout40a@HbhXM<4(udX0mAJ#*ABQLv zERhyngfp`Br_u(izm@~LoZtwCo!GFi>rziUUF*oB{TsEH$ZDuixZBnCKd{+g+GenJ z!Ub8*aQ3=hlKHd=L)N1S8d>%e^#q4Bf~>|xHgq_xG)NODH_6C9?!Qr8z)CcaNtmO(D<6 z1U!~Q3PdY?a3e;pD++T4B$V&0#|~W0Do*1#&`$+*H+3dy&_cesnyBL!*QVNyam+=c zlr-cwq&qHF9`N1T+vzqgkB1!F=_dTyF2iU^4fkPm2rMR5*SMk$!nrM&^#35GkoqUv zj*Jd>s93Y1^eMbgiY*)aoS7@0bEX6;{Lc*bS$h1@>#+$heZpMtX~}E}4c$6N@?VEl zSIS;RB~Rmhe&QiIP4SbZ+$RmRZhsvSYR_?ZtF$(KHrRnO$^zqrlti!Pji;BL#GdEoV?Qr=Z8t`a64K>E@$A$gK}6gU(Oxp6Zyf+;9jO;kbJ zifPoBbvio)V*{mCJz;KrT}m}1{XHWk6{zu)9E8y6clr~A9gsZ3_j+$}R^L}go?(eg zzxQ$#cP}736``r$T)iOf;uPW;?dxM=vxR7lCSuCeC-#tsH`~tg1PtIzH86P~6wb;U zlGeCu+9CdM?e8z2S$n}un6OBcSh(1i_QO>v$*a^}fs{OCKb^k$F>L2`e~D9w5qEF+ z*HO|~g*)6L|M;9X<;d7X@5@)*UiyjN8X7KhkR30pDta5fH3Zv%TH4QH(WZ0F?bS1f zgO{FxFV>^9eb)#XqR#6UT5q^5>IrTW60}l&aHPp^F8^YNa9LTWIW46IXX3tI(ntQ7u>M9U)Ld(HGJ$+_CADbd5g{RWNtHv-$@8+-xwAl;50Uf6UuT-R zyD#`?Qa{#!LQJw@@Uilz2klJz`q>}D7=l12!Kzw697bKY@T+{e6&*cbM#Q6{{v%m; zkv2cOZsHbV1={`28G&pquWCNe1@z@4t#lSJd&THJ_`Loj12f8cFM0_9%`i}r0Ef-I z@RskqU?98#wd?cwlf=ZsU-#(5tJ5cIZrkReJ(O6|IEN$$gmClRww$1|BQ{M31g*sU zQ8r3U@v!j%&PA6J%B|;fmYT4I8xAL|8A)d7Y;K6WX`HVQ*<8F z@7g?x0V$Lk8=7ia_8E7=jlFR=!45|(N)6TWren@#Q!5O{;pSCSs*rb}4~QCT97WI{ z$*R_Xs?2Sa_h$0V<>la}5>dcHCqMmC*Wc{`u8OsH95;mOe5vai8!1wMn3UWF_td6$ z{l03GA0+C{+#5T}4iP-NMXwz!|HMVL9MX+9LHzHnOfHg#W!nK5c1Z_+n~ZDwu7}U6QTLrV~gv`yX83&pVoQxPS?5aTINbf z3^4=8oR0Y|F$26{Yty1;lXyhk!d1?d81+emlS@(Ugi$MSiclh9P=sk~N>KLo{UNRP zzrEOd9Rb0#hfKci=*AQ-udK{c2YULCJ^;&deU$guX7=FQoc942Xro_&)9Y)Xor}oM zX1Hsx%PQKY%d{iAe75cK`74}oPjji!FiJ-O*D${d|1(9_+vmGXzMat)(cWK1oX8^@ zKL&YaP9MaG@GYz+iUiJhrAQRMb9bjIkV8obgX4KbB=3AXpXT5m+N!@5W*o1RlVDW! zX$MhAYxHkA^B&3<5k}G#xv}bLhqnSGSZv?7iJ9m}PS70%Pd3vH<0rol);(k};z zH6pDB(&aE>K1<;7Xe40Qo^HPwv1-+@OIX?Pt)9JM!fkRqF^u}kYg*>@1$)wT$;v4~ zZQ9%^N{&vDC(LU(A}E_A*YUE#vm0tx65}m1UFexV%EjRkyGNJ4hImo4UK}+;W-`gp z&XB<*$-)`P2q`LMy>(#sDpOs5J#%GcRYgrcigk{dcv{>P2Q?T0vi8p&o5S)u zh`C$NI-_R=<&;~objrf8TPFc~cTZBq=82BREYEQKWD`9R#HMJ| zS~KLDvl%s#q?dlzrl}656tn@saLnZM6mJ7wY^s1eoxDT{0)3#3(O8Oi1K! zJVWAjJ}$%Wt7sFJlDExN8u#y7ue3^+>=8EsyP0C2tgkahjyR*Vf zZh&C=y7m65r+6k%0hl7-;pS@Zu~pMS)@;ii-oKr5gLUh8pfQBePzrcMi(O-y9P%KQ z{`BpCOthG=+2vNhv(k@Eyw}*#15XG zXhjpJ63bUDpioK`a4dayIxs>a?23aWmKxYxh`R}Fbh7gDh)9^T(BhTOT;omURvqJ6^i(?VVKmIF`z z;CnDJZM)44;7CuoTFNnYc1(_wT1}DR0PUm^7)e54w225C<4C|HXnL3}dV5%J>o%b~ z^}6f3%j=6>8CbO=$uvL&U zyUs4cT`T^cQ0fn(eLF>D&HIp{rZDa9vaFBoT_UvId7jD2?N{_ll>>)a)%5~9JkI&6 z8+&Rx>syFgsyG#L%9xdZE>2cAUJY=Ud3bg)1@+)(j0xbLbzKXbc8ATyf#*1pu*m3A zcU)eBLZ6o4(jTlqk-YP=wclx6ydb3~Zo#TG^})TE-m@Bv9rs#bQusWj%}Bx8)w|u6 z=oGzEzV*Rdn)e&F#zsfcb7p+aW*iV$K1)+IbwITamS*?0fdt@aSplj^x&$)Fv480A{EI~TC9@=_)xKz@dwA*lo zVF*3@BvH&bN-vIC852HtY!-t52iyBgM@dt6BJhzx+`#??jX6zt##pGOM(R0Gx4#W!#i`h@?)rsRFj8VLKLkd&nxt@{qQ- zf9BkBA(+jO2l(rc;d3sHgwP?g_usye!H{pl7u91t4|QwDOPY@n-MI=dvu=yuk-`bc z2nUR$%!WcT7{3SRd>yXeT3P!d*)B!xL&B_<9=XP>-rWzp;8i2yQGg4hI#vsA`$J<_ zv4#y0Gj>b#)7Msj>V8XV=pNj)2T;A`K1Nm7nT;gNjGrCHy|UP=Eq;gH9MHuOS!^*3 zmzEPz6&01=z&GspaG`&9Ij5Hzxbg`Qu#AmAeKK3CHFEAwmb!ya0s)pF3kS#`D96t8 z_=Y>PBBvmj(=%vgSsc;c0_J9DJJnq}KkVXH$ncf*KZfVqM1=b>J(`GboSol8ki)B%j-glVhQHp_y*3%pd#Z5fP-1LBBJ7TTN+9A)gs(`DKj5|(#O4;>(z*n zildg>l$Go}@3wI5yeDvz?`}C-?l;Nj-|acU)`a)lj_q9f0Uu!A=n=_Vf{qaE9)KQ; z0MqXIp+B#n%VK24!;zxhEbJTY_jX;^7?V;U`~rd&4^Gf0a4_`I@SKbJC@S;od7d5_ zfM@ZY-KldMzL>6aqX*)}aAH$~5Os2)ADS7G1~t2?=erZ+pg{c|=yLedf$XR0aj}s^ z_zjND@LxVyY1w}%;4F$)9o&2tRK))UB3iAFM5r+0{Xe2S)d83pV0X1XqQLzkwN3wo z2ps`{YFvd#ig0w!re1O9UF9*?wbVT=Ez{_R*;fQa0Z~PzEl4oP7u*l(v*v~Pbt?dN z0<%25ghVstOAQ=3KQN$~6*pU!!In@cczQAYqiQrY&?)%FWG%O$ckbj(Bz$Xk69M}*U%%o? z;&)g>tgtWj1g38-U%9ma$R-$z>p27>$gDIuG4T_CEdU856`vknIG2?KW3}mw>sRKd zEAvglq@RGdH~4UtKq6uv&#R6gZ2q`!Z2mIY1;V99K366@1} z*9}Ovfx6;x6~dfZ0R7q3r{uNO=5~I+*K`1!&S1k(}&iI@AC}q zp>x%XHC&AO{jX_&R`;sJqqb-_uOCV1>u?#%9#QKvjfr}VIZHpwp5C>WGe0mm%rBT) zNMldd;WIM!uL2LSUT|&9+0|C499wk|$t%s22{nZun|8cFo#fS;?87_aV^}L2(8vsM z=+Dpa*w|3n)VZRnosxz>!Rnk$|?YFSC4}+{)2sA?7I#NYQaK5X99w#=_ zCzyCapI_TnG1Qizx9p>Z8T3D2Bkx~u;{_JW|T9guC?WS zjB}lGjUPpR{$zfRaOyFXYD&2|C8^sKU^kG$<@90O*wa_OK#d_x6UC!eF=T71w$}W? z&u7RX)0W1EvOXif?$wwn6Vs8`w(nimBR;cfmp5gaoPQqgz8+Mxg9bIvRea=?y|wts z=;GB~Esi|CF1DEVW9YPi-5z{^>FNUEs>7EiH+zTq=m?>AgaOFWKG;Q0@^2=7DFo5X zhMu0fzpJrN5E)?MW5b8RH;!7bIDs?*c^-002?NK0H_Q-Y$-C}m_D}4p#Xp=%se8@q zovn=Hhufo-<&W6X;Nz)y48z@yO^;Tj@yEpdrDqIEP1G2E5hdITs^< zkddMh6C-D>m`U;5uV;pV_JAr5i`c}Ir{QY*gO|e;99*>UDN7^?51uBc&l4_oKdMk_ zHw2j19ahv55fK@!#-wiHYG1KEo?Z=HP4yT7$pk#GZl}lpO4GS~#`3H8Yt{<@5CW#< z*8toH&K=zD<19_(j-)VgJ!tLAf#Z(jNp^Pj>;37D@;58ZFrFB&Z7=hSEtr5&^EV|##0=l7P&!S8aHKbt#2e$st)Z2*>%l`*)Mbj;SfAh4~p zFQpc?!O#%9$ACds)I?4g2nYy%7@1N5U=uyNNhQM6NIfpx?;>v(7#P#o<01i^MfuDc z$uN-qKtXVQ%d&>}>9K6xNyr|&T*??IDE+%OT^Y)-sO7iWa zM5_CmU9Kye`(Q;69S+8Fy={8;eu_R&xnn1dq<$(jX?!+DfPqxuv86GX?t=)5_dIWY zFV^kuI=q1}NLS;Mrlbg4?LSs|AD-wEct1Yw_Z=`G-~|~6b)qTNjAjO%>fn^WB-9xX zDw&O_x!0YQ^hdFG04#8WoXJ|f7ju~<&>kZW7O9g-vp=Ug2v1jXGryp*GAKP^5SfpS zTTiWOmC}HW>>m!AYG{ul&s{&3gZ@piin8RtvSNf%do6uRvo z0^DHJwuR$dEnx)6S*Y4F2BC;Ck|9XXkD`xo@B*(%o8^45QVzY+`p)li9m07!o}`+I zuCkxaCLI!dkVuJ+{R~b!EdfWymzT}#9lWO0Jps|mb&9JLpkP%ja1zkaZ+J!~_35kC) zqG*FXnNlljh}+J_{kHpe*u)&j^3=Y>V5sDtO%Q5#Lxe7IV;2%yC?y;J5~cY|c`Kwg z?~v_(Eg{M*sxc2LTP?BIA3lJlH`D8nCKh1N)XRo+=(4cXLY|s;g9OXg0 zrMMcz{6_`Oxya9kpGhps#F$YAxZ0x4SDvjOU!n`-F1En zdxn3W=0Csr6aOd2^uNCzqwz85{~i8029h}c_ix|fuWY3I3U-yHO1YY`85v6pO#l3t za}@(*3CQcTl$aLejFn~pOfi8*JVr5oRWf)0nI8inB921U!GR56&Sz(58`xd`xhe+# z2Dun^upRkq^_QXWv-m&P>K5wt+Y)&)1$D>om~_!^C!Z!oiNP4L?_XmCc=fC zAqC|BEW+KsX2z53m{}99&~key}b)(eo=2%RnP8sjXRhuf^XRqtv;8l z%henV%KwBbuG1ARSEUPe2bXh0=Tw2Kr~r~I*6uW44)4uw9M-S?z2fq~E5D>jplcjN zv3!yGi{h|k8VbIC0^MM9eY|hYi+Qd@EqnQ{2m~tJUp-O<8nrx0_%3L9nL1Na) zMnm!>`=kl}^-er+&4v3sUeL4qFH7q<&qnHUwFZ5qSAJ^y$r++d<8eTNE2vlttI)jbsVGXdSh4zzmgkGU3Qo7t<%T=?vo? zdE4^t;U|}K>ZrEcT0LIrfF(II8Z+Rv^<=yQc(5T}s0ptFkseT<0P~pS5fNuY932C#Kgs`i z`#od&`&Gs#CoJx+Px`sLS$cu@>23EF*bhB@@9vq+qn;@&QJ4mEm{0#UAJzKu=M6!P zS4}#k7wn6>%YSxc%M{?2scajAfv{B_9UL<_iuYx8YHw@hGhs%@J|VMe5}V#TtX5Mg zY!0`rZH1XL4iK9Sl&o<~nu1V5Vq(idWy^P7O5o&91NQ@%M*Xf1<;~5_Llr*a%lJyp zEI7frDUMYi3V!(SVOeWvy%Iw1EC;;8p=)Pkl)#Aq%4A0GTRF^rQm8X@uXNAv zwIIW>aBy^uB2%4Hq!EP6m0R4P#gAlgEj)skmzCRq1XwSSeK3Ym?f2|Y@~j6&sVjOp* zu%~5A*IOdP{Q%6FPxoji$CcJ^_bU|P;igP)Df!rGvt54ulgtf9NsMV!uAOn6>y9Nl zZF3ZJ#@i=jAaN=;m&}u#qk0XX-@xd+BEW7|p!n2bKJPWPuz58PK0Exghdss8r2zii z)HDg(TF>}A+W5r^*PoU;n-N@1?`Iocu^YIOcPYsDN^d`1@bPB%61(Lv}7^5-Z$zpfhY49iGaZmzM&Ku z7KM($oVLZ0(egH* zn71Pszg@xD(20QMVs8qyM2it|c3LNy98R}-_Td#9R2YlepMec23|{;ByYpXG*p=e~ zsyCxT?(Mrc^%=(_gp-`J;ioa*8oas(Q*4mYZlU(5wEj;uX8s+KDw4bXChx1KqRWjs zv`QhgqDpN<)~mGf);JtueHws@N35tEy9g`IoBCboHeK!(B_0?-9Zv)h3)8@ya4-i2 zH&-cSpY0iEyTsKU8FZ-@4xMQuyRp`eEVj9 zW(Y>$@d-2aTC8D}_yLe@vvsHPBZ0XN5cs9RkVkS?MA_;4pK;W7bkWxZ^VOsSQ~?Nl zHpBdiXq;g3R!w3*p!jb+^R8%*Oh zF3r{trJ&aWa?g1H<47(`YuZBP$hrnwVJq%S@8$^={E4V8 z@*D5>ErWQMnS$L2%8q15lLCA>RO(-gcxMziz=N0h8BDqsE165K9#nwfD&HT=SCdv*Ot^HqQ`lr&ym5?nv|I?g~T0E-X zJ6@%FL6HmFQ<#KK@kwm+N#T#Umhm^PO0@afMn>ddFY(IAXlO}0S8b>A?gFW>u+VkMzqKP% z-rL5`=slINa9DPG(Vcf5gXTFZK_p|m*z#yH55)ZqDNPa=U9 z9kb7n`Nw8lM?dS~SAf|HGNlj+eSbeiyOlUqQV3LYok#&vE#|*L(4;uQpAf@Vs;m7%|N3zNRB9 zD&hUJK@y{&ol)K|D(Y%2f*{$WOi@pN3Hkd}*lnE!gH&{IzH}FHZ{E2SUP+)+%qaLg zP7y6OB`Z(kKu(lciav+WtIWGLu7>Swl{im5fw4KSiYbgevo+ESibJ9V;j@(!#+4WU2Pm?T`Zu?Wfqw-#s142+rfCi)v(;okN)q2 zOkC2VMXB?vXARC{xC|fB>JPWt>a5uHwU_Hy{(a%2&>u7@=8_BAA9oiTM@99fymSuc zKY+a3m7Xu$wXeuVSA`hUqKtV`H+SJQZC_EX3AbiS>t6;RzPa0pEv<`jK6+bLsVR1J zxyH->&GS;^$idTUJcRmAO(?O?kMm8y{z!?M8M>)P$9ltp)&XVNcM{fae|EFEV4P9> z@~OO!VPb_lb=D(((DQ@6OyQi*Q<`J}V>Jim57mOt-u2klj8*pFO6KFRt18x-O!oB> zsrWi7DwfWIaD!L31$+6c=h^|zeEhxbg{4jj63%lkd%S;84PYhyYuz~)VNtS)@%O5E z$-_$&0n5z;y=V?VA#m%V42|GwA^C`e8QZPh>_-gTwjkb(8)O;5^<5?>t#wK|73JDR zhvXNU@8;n;dzTtfuvk2uffy_LN=NMc?IP1lDy>zd=#7q^WsEHy>(JEPt#;fs53INfJw3ZnUwFwB~0Zso`lh0X9T3Xco?G-@R>n8J9B7s)&v#6sbT``^?`6vnf4APqEQ~ZNy478gW*r|@%98g(`=~!vJ@GpBE0W5T`u^n}+(rArBF1XI_KKpx zg+o$5E2c>(Cra$Iyo`!cJ2IJ{F|zR(pJWnU3*A9}*QiMEqHLjj$nHHscKWl2OO+nY zJeei0*Ct7mS?nvFUad#WCd7VeuOmexl@o{f2#@I-^tGi+BrI`@+%h1R~XC?~27n6Lrj za=GbjSQY}QtV0IS^8)QW3y_m83rtPlwV{8#zD*joZlg|B*7Qi?T zEjF>PQ=x#Ng+?Qkra5%M7gMab!ZQ|Yaa|B89}Qjl{^F@e2BI{hTy8D-;}|*Rj(~mF0A~u0UB#c4r7k4d zFwo>S77A8Mfm7B3lV=0cjK`t@Fnhn&;-!>Uwh4WP2^EDV(G(P8lg%++8jM28*1loq z9rTgtWTq`h`uLE{S-BalT`=RR4!xLVo@I#`p~}-8yU2&K?!JCD*WBrNCHPZ~=JGI^ zsY==Ar9u+0kZDBK=jHq2>3{j}K5xwm-4Du^;7p+@m|H!uPyH?v#-Y_ZOyw>85?W(7 z7bR*z=cyNQb&6~1jBS4rgHofq1Z^|S09B~yVoq4_Gw1oFz1!|x)l?C8F_ zhQ&UAnSbu?4CeD4iY8GvL-{_0*f0J!=Ow0evHA;Lf0v#$_3h4Eyb3^2Ry1i_{Mvmv z_fl}R;mBL3Q2Xok@CBLq7Es*3xgudQ%yQ-OsK>F}TeqRu!gy1mr4VyggqQaJF!t6# zRd@Z~Fe)gBbV^D$NH<6~h;+AvgmiC|&P_;2OM`U7rlcDbq)S@ZgoJdwYhTxW&ikC1 zGxI!uI3pwOSiiN_w?3iOmCfwv%fK>o6)C6h2#263_=<(ZOu+lpS9k*ry7F^>?|@jF z3(Wbxe*~C++EZjqN}=$(N0Hc=+fO3lzvF3;+=6RrkdTga$v~S9<@O4tfhAtv6c|%@ ztwr?z0IJ7%j*vWE zeXq+TOY%Dc*)8ft>Ps1gYPrUbDKB=WECdLWpotn1H!Hxw^t7{}Q;7$e9rH3GA!S?IgF)aDVfmyzu<MWdG zOq!w2UO~_$llp6+ZQ&or^sFiQPm-VxjRL9Z<>n@1wm2nlJ^JnF8jfz9sg~fr7tE6} zGtl4$|N7OlxU8ZaH$u}~_d50`>99;R&x$&eRQ_cZUGz_hF}|SBlu2!>5^Pg?3VKeB z`Z z9S<@j%!F60Gw?43qq8@C$1N-`$0*fq3kGuoie|xPfIMPxzS^;Ni)#C~O+<`O%l$1! z>Pgb|V@$GeAcX3#|hYsB%8(VJUL+_7<6 zw0xX>TgUfMLp1Awd`AR*BoUAY#dQ6g89=+KmV* zEffwC``*Q_u(9cozUh-cp(bM_aU2Xf!c0a_ILHjJ{HymaQ?!1KO_q5~uVwV?xNbhx zZ`&Z=bMZ}5OWD{~Rd4^_b)C3VT=g~~|K|GVy>)DGOae}S30&xF(V(p@dTEkf9L()J z8=I23BYTr2W5l?e!m0Dl-+f?oP-5^)=fL2odkn|)^yA+`$4}AYL8#5m{fP7-=m}~3 zr}U^o8aeE!UcZG#>v0N%QW7cfoUWOdGq6hw1sxScXTzY;v2)H^O_BTDNJ)f3j%Pj^ z?$m^XsQtlDz~P2wF%%fNI+pdU^>#?Q|8*3(n_VXs@sj7)MKn&aB?BcTxE_IN9@BY< zB$aZ801gmU>QCc+2UpBsFA`bK2AS*HVG&e{g=D+aS%ab6i@I1L2~gK> z!_9|efOwXv8qYe#%r7m!PFzGI&ihnh`g$%}<;M#TJi^vsg*hiq(P2I;&WX`geCb5Z zxdb6=s$s#Td>iMz@STgnmU;R)kB+eim)=QKu1_y36X#R#95T;9?iQ1O<)#R#M6%`KO=qt!YZ}3J5=s`>i)~ zkTNmBFQ})RdtWk>Zv2&8@3^Q?y~7OQvC$tWtv2QQ3Ol%0fs=_26&}s#`j1+`eG??u&5@@8MbySQJj~zS7w6r(ca*E2L(2A8 zgHKL=0ORW1k91k)v~d}`yr7%MB20Ru`wYa?2lB~UN<5JO

C9D}0ViFaitldvA?s z{OA0RWOpm~*S?iFv_0zGe%g}@T zuJVtLM1+B7ihO5tlN#lvJ!E^;mN;))+ume%(>79kZa*P_nSic>aunY7fs=JfpQwStx` z1lf1)X8 zfn-u;;|`zin}+aB`nBn;KR}6Z%{em8{C3dxQ(RRl`VT^aG@NO6Mg86JP!;nLQMu3d zLO#f7MsgAzlF}q_gl`a)l#=u5fEk&P8#bEg$FkRik&#be)9NyjkCR_HmG!T7hkft3 zN5Us)jE#%t0j*srkl(-h@eOx{ug@Haxd70}T6NQ9=1CT`0xsW!cQLirdjT9%gY;62 zBb^{82EQ5nbZP+^yuRLD;IMTE=|kkA0w$oI@GW$xeLf`m^i91nm52+z5T`I+|6 z2ag_qUWfwTPP-*VYnv%1vVfKWOac*VtO%)>+oxB0^QJYA9jW8p(nysQk$Fg3kK?1y zLJNgUN>Crb6U%d6%M*Juojpqqx7g<^B-vmJYiE=U*F_PaY;!}wQKeH>jIAxOO^&38 zPHQ9;%{#|eFxsl2=V0@g1(zzv)uq%gw`+t|f%MmiNR8iGBQy|DomeecEnrd4s7~u&mqf?-jTkf<&DS10tk&?!l zo=OOHop;zU81Z$Pc3E27)^4mux0`@v(dearpK2dvmlcAiQswV9nyZ%c2@NY4J0A0e z8$dM8OZ0hork8d#`go2yr4_6%XBVQjoD;6f!L>vCIZ{b`ruMOR-`rHsy0fLV6%Ao5 zRs8oKl~v-q=Z8{C@6fN#DL;U~g@1M!3!+aP2tutQ=kYNS(hp-W{@OSSMFv7b3W?E> zWO^Ur#Pbi(7o$T%e|d(jQg zvFS*5Z?PHg{Kk&+@iXENr4=xJ?`WWBXiL?DqZ9gXV@~u5C`Df|Fgz(QFQ1MP`m^kN zxSHWQRt-AMZ;Ji)>u28okRdVyau`SnG)yTRCeXQB>%6L}@2TPJd_7t*o_S{F2GSp) zPZI_y=Fy^vpFa(;hq_A)R4+Wv`(d9ARbXT_ptP4#{?21T{@wi@u@qJu??}wbSZJ+2 za6*77? z6-La|0=3_sK0VUSluav?NQrEP<*{0>eHK;W%$Smmh#;Jlj$afdPqpa9Dc@gQh>4F_ zIP2Zvse>-Ql--^SVdw9;kjmKzw_O)&NQpX9J22HSAzkC9a*xd?^Y7!9-1KuJrXtMC zZ?&@Bfvp-Ug~tCyp^?*3{ zuIed$x{@d-Y~Kt?`B7%eL1UJhF^;tWx!nes?E4Il;rH<1yqZq^YIwV?a1 z<})$JmmY`9F>Su*Yu&)Us+Y(FcwKq`WJ`6))5hOF__fa=-xXjLw1xTYcW7(0YKR^4|n zaelaOf>ab)MM-yviXc|s2IuJnuY^UTz*i+!r;|o{A{r~JbfEz43`rtZE33q!U9ZZl zg|iD<9O5}g4(lXFhOB_?ON>D7rut`=o14i{#l*y<@^#&u5lLBNDXL%|jQ6QryzY<% znVR4i#h3Ck-!2FVzEI&mbTi^!S2d2FzL`BV;gEPECON^x2SZPQxoI`2lU)*Ilh$A& z_xW2kE>XXVgiFXe5HFBP)&wxngXre?YA^WhPL;KPcIx=$&yUbzX$gi84+{U#4B0xm zyXgt-wA*QB4oP2I_UA7?@D`5`il(HUu z0v)v52f>nQf`MG(E#J7?L60$R3o_rKYXEoB%;I5%GEn22#KeNPlm>9vvV(WzEc} zJPsBkYRdcda^ZE7K`tMyh1e4fa zKc}LHj^R(L+J&Tb8!AD29=CYEo|sFF)Oc%Wr<*iIIJ<|Nr=5~n_DtDgw0q-nYCh9) z4Mti*`^Ni|ARFu1!d+A`@~i9SWO6v8Z+iT$3*ia#y=*M=sA>4NvXODt&TO|q1%_vl z;jtU~Wj*=3wzD@2lKQA=gn@5UCG|WG2PSyPDyA>ktjw86MtNfoF7bwEn#0H0rcRWU ztd?N|#|48!qwq`fmrJ8PcGXEh-E zE9bk!p~WwMpGifuthrOz($q_HP+P<_zeX5)L{Z-!(EIZED$qb^I?}WMxPsMxd_B{n zX!lFW)#oz%vJS1yEu$jbSglObJU`1B%-~+!O1V3$O&S*dbrQ@s2SySgnE`uTMK1P> zjVao^xx+=>TYj5 zHvomY#N=e5E<61iB3o8MsSe03c8sj^#sChOT&?V>q$ed=g<{!K(SCW9gItH4kW1_K z8}`SjPP!|D`Frwb_nvH~jS>=1CWf{n1A9h;8Bvn(K1e@mq2}R%C0PlMU7BgSyOHwn z=L&^)CNp2q@~-9^edddH2iaYX1xQb@yJ#J7C-LMQ24&snS~ZhzA~7G;c5;w8ZHzlQ zF{^wNTPhi0H}Xu*WNxiyXVd5wQ=$mT+V^qU_-s?^zci4t6ZvP=4|}-NS%^%$EN{B! zWr>C*TlxlFGAkwLV{2mv58JaHm}Ws~ful^wrvX7Oq*th@bn|kub|gFtb>+;;MWsKV z(>q_;RN*I|2-R+>Z1Lb8K0h*cHtr>tQttMlEXhm^C9hfFRzQ7Kv+W~)L6MIW<|RH$ z4z**j8+We2ksPRwE}+P_9fZ|aNHwY*X3D>ssXKGZ8D6ihG-#mX*IiHS+w@B*4JMmw znf8(^SRUO!Y98@fy<&c&tobYJNzv$;J7={2^n;yf4%kbIH;rm(zl>w6rZF-kv&!x) zD&e%lY8n1LCYegn-S0xtd~apyXp*p+Gr#9qoc(gK)W$DU2 z1?oeuMX=*TeUQGzziXG<+5M!YIu@o1Xzh1@D=n^0IfT11 zt_wI;C)<3F)=8au;&Qs*kMgc?iHAu2Q7V?EN$&~EK>tTen9Vcn_S&4}< z=Wr~stzg-02NMn&^lxIfQS@;6DjTJl_4U{nxkrK_I8MHXp|!ntly=r3^GtDy!%Vcq zZ87_~1-!9+m)N+q^z7>6dzTmyJE4-v6gTD+g`EAn*@rhDi*ryW=#(;YMflWB*TS;1ggWBawkp z?00-O5FSMNVlnXAdiyPZgZ*6e?$Xp}_niX3Wt3J?;bm{xJAUPCiQD1ed^BG#p1pq5 zWEIhCzBK`w0U%IdM(t8E7dged#k!Iw?X%uskeC~n~)$|qr{?#aa`9K_s;+rSU&KGW5 z)KDNDtl8Qiz^3|0kXh~n`HE->N@;W}$uT9C2EP!`U{%QAG zm|EtTT(>NZk&0_%^g&ntRazB#g7F#+qHgalPLH^c*+28FD1)&1o|gmCJAe0c9!Q%0^Wvv^=Cg*$PPN{!na_*NQ^(}aV$5cIpGJvla=@59v_ zzh}eZ6b=sMAO}W4+5lqY3=I5UhO2(k015l0m^ciJyk}MF$phNkhmRs7K`mwT;^XA6 zU_7y)qHLe111weiY{Btp&?%4An`CLIgscR}L2(^SgEom#_^JFaszMFx- zhU&I7m%h-B>Gc=?vAtc4+^pq=<~qL@mV;+Yk8F*o5x;?kDrxHLO?Nimq@ z^22Bd>Q7Q>+pG!3S?2s-M1GSM%&?I3sg-t2m&_v=Co~HXF zl}Y>~0~uqG0gGfGx9W{Imc`HuZ_9E`Unw(_d$$eQg$+4gy2I;~NT#LY+)B}}O0EIK z&o>lc-==E2%Grkg1E=yQML->*xxmmD03`d*X@lN)bXmUyKOzkpw|)SwN~~ZQT#Mrn zE}ipwp#I0sG-@K%V_s=Si=}e@>aYA&{@DaGkh+R~U1SA?D`PJ~jp+L!caR+;Q&pa} zPSo|kW3r~iBsuaDH@9St{{1~ZDj~PFf3!MzM2VSw9hLuR$O-Gv?e{aPH(O=6oYD%w zl-eUe?~Zg^Phh3SSIxt}MEd(i04K()nX)`u8Q~r;@*@U*`SJKgGx`9>CKDxD*kHn6 zn5Wgw!v6cGl?mz$fkuv!l{2Uck#QimbDxF3F%QE%YIgcryZ<+517huW=H6Jhe^J5@ zL$f*fOH|LeV^_g$lr-&C#8$A;HF@o96+w;es~uf7@I&Wc~BwWy+aqDEECX zF@Dcut$9bu$R&t+9KJ(*h!#1VT~TP?6;E$(jB~|X78#>o*cy&AF|2tmJrr#(8W=UtW`(vrkcrmN3+cW}Y7}M_}i>2{oy7yS-^F za!^|tE&NG!d@V^YKQCj_=$i&g%&oXKDXVMgz04a+_Z;YKPFLxA(yq~4B3-Ng>zW^q zv2tGGnOA#o$l9@03l`NxtO{hF=POix*NyCLL#0x%`Sy=Uf&I*(jMb&xfKDNK*g^vP zbRjwX)j!vEFd6)H+#Yi1GxE>}GBU*_6|%PgEsQtLaF;u4cKQ6jBLB@>{j6aQ)eSc1%diwmoQDbx3jkyczQF@2n>!21|wS-J3<;1)^AXMSi@GAO8fH3%#rhPy1m)CHQ0T@d!#(VRN8fod&V1sH z;uIZ;)}CIFonMP-k~84Zx*MJQjawc23ZcMq zYWV+>RyD4)?s9#tYuh^~tyL zKBlxVJoxiYs;YdU(ld(5Jxz9L?aEGQ$eN5 zKT&XJt@W_sl2!;(_RxJwZP?t_64bZw+zahPDwKa|y>;0ut`AIY|J4O(hKxmshVL!9 z^~iGEOp~_u=(|7HgP=5U7zJ+p2dj#JxDS3&cNq9^IqU3gg9a&hcvpCVvh^vBqiJyt^IMlc$d zNt}1LKaH#wg6c8exTivsJD819jcP=irYvAeiOPj+o z9dZc9!i-u(AA2}Y9JX{XzXc5H{_G|Kk#cCFD{Q9(QhHom^F!2sJv}z{9HFbFRBcHB{n>H|!y{#8W?cyQ(|r$csR0G)WlzT*DIN4TI2bsOw{`S>`}nA3 zA){`#Dd!M!t| z%=-~OS-FP$mn$`CqRK)?h0p0Hb1h&VZYU7p2UpB$W=3(3w5E>hUQcmOR5uoVPq(M* z!OBw;LIb{|yg*Os0TKY;!RB(?Re(O{-D$r#LMCoz^i~Y%3*g$cc+UxCT;n5pb#w zdhd@AZI8{9O8z3UrIvFIk*gH(ytPbEFx?B~v=EB|zxhB_)SVTe;8uXas+!o502u56 z*4B$f*e{QaJ)9JRr>5Z1NTy3Z=xuAXN3tvLg4?bYFJ zlMjV?az-a>Z=b}a9cv{48cQ|gR!F2~PYofs%ISCUeuSliqA1(>F|fTjs!fMP11K(4 zMs_R)!QrnI&-o3Q4azB-4FrXg$!WXKyFKWkv_nkZaD7_hltqv z!9wt{2HbhK0w+SGZ?TXI{|sJdYR7h~2jFY``ThvYbU1kwP;k35SlS~iA^VD!*4F8l z&AYo!zmEDTWTd1-K^qe;a36?Xb$WMQZL2{CCaE!$E2kP60I2iE*U9KTX;Ce}{7tY0 z!xoSd#L^1gz4J7Z-g?eXr2H@?ea;m9YD7~I3{v4ctf>u3R(T5z?H}5dZ$l4ld{R*t z^k%H+yJ6(n3JYMXpJEEVIUnpvs2~?*!ZK{Kv{N^l2|ktO18z7hDZn-teY_w1k=yKx zA?D0|W^y~9qWjb4b-BkFZL6S zi;=2{o{%9%)kgPs{OnD?Bt`BvG@4fXDA$)f8&^|{vL%6f(82Af6JkI5UEZMoIjs%o zZJJd5lnNE~Ju?NviKcyM$i;k;&gvmh32B^ZM?v~Hyc#flgU}UxwgtI=;&oh7#OZx3 z2*y~-pWoAq-TZk3#8Vz10kh*O|LbeSA*qHeEkG^wbJ;Eq&MUebD{t8m^DmRzE91q} z$?SE&v$@#Jj6y;RFg!zrAcDt9z%4MmUdK>^Ec<)19O%}eZfEk72lyZ8EkYI^8oCYA zUF?iQpl$WOM{DRTfR0#jc9y(jk9g#wfX0Uvr)t5L>BQiX%(gROv~mSUbNk6&y=SS4 zB(BlmK?gZbAH4p;vXkhmI*@{yJ$YA{uFddc>O3pn7&arV=CA!9UJMNLnx9rKh5`lY z;`oxtRKtpnBH%`yhuonHg=p;CU{QuS#Y{&)fZz7LAC{GsmB3}9MpaSaV~*Pu1g*8# z_pm(*41-yX{jmD{&T0{-=zhr1 zmm!nq@hg|$4Pp4qYHk!q=Y0Kr*X(!z#R_aoAJAz{FaEGpy_;e8JMExUJUJV?`di_V zF?)9_rDgoJ)N_4G$GGp}Xr0q{j0}|AYv2rGB$4u)!jsuP^IVc4ee1cuz{>F6(tAt# z?kZ)R-$B57Nb_d=z6=oZ+18E(5Cc$9-)(Ge3CVIrJ|h#r)(N;JWn^LL?oE02EsgiS zCydhX1CvG(3j34z++1_R+rLgoK*GGX`nZ><>h|{hwYGMsXQM;!7m0qey=`&CbtWJC zg9qdC((KhFVg!#MHrxYlj{tGRukDT|lzz$pk19<7?m6xm7a)69!f*g@JSk4cUZwPyfPIWGmg9i>h z6?#-zb29I=w8%Z&4Hs#Ss9sW#wdZVq!rVjGm$t+7;Tkv9ui`Wx9{C?Yt9x-f)pNiU zyN+aezfj(2`s>@r&%E$AN-a5GzI-ENv%P^b0LlQ~Y@08?;$zGn=b$I)*XZcz>aSma zxO(*D{m`~p7<>ytiHI3l-d9Y@_s5q_2e9VZdiV;kP465J@cGo63s==wZ8 z4=I*RFc64rBxb&U2!Q9#gJnvb7F#k1GMKK<{h{;CQNP8==W%NB4kX~*jxGz}9LOKa zUZc(l3Nk+DLA^dZl;R;lxR`+01#Gvuu#7#3i;uYgSi3t`oFZG$nHKUVh>|)n$%^7r zc6KZfmyt_Dgvk9yj&Fku+0hG!y1@Wox)^ZpzmxU&Npo}a$6+eK=$?UWw=`YBSH7XM zX#Xm?hde}lx%|OT2tHN!?fFs|1~_Ch9iFQOD_49xDz2h^V*~1WFTMVlvNr8wMqQ)> zY?}yC4iC96xTNALLRS#%;D0MTkb?#xT-l{$P?q&NC=Sa^V)qwTt<(~EZ?)|AbkLLvp*(aQ)?mOP-Sbz`z|zrlaX4)Z!CLR z@U9&ZBe*d-#>OGZgqQpn=|Hm9?UWJdW_<~foUO`vxX@5&4>0SXZQTXLvZ~zSgqnxT zGQvwM?jGM=E!G0Dx=PcHfp`JO?=M;}`$)Y&)^HSM;D~~hh)D?@hn!j7Z1nSg zDJdDu@Zbe%b2PGvs|UU3zhVQtP#c$T(2>4@eC=Zk(Mr&|T=Xk&Vob7q2|GFtJ%7(s zQoc3vVPbFFbJ^J3T-`Eo>XpJ0`H&8Ap}~zn23mq4ly`sRkUl7Jw2;ZgQuLy;B(Eo> z=&Tyd_>o$xrA1>kba0HOr;tB(^iJhGp+@?K5GL!mxx_hz&tP%CHAWag@1PE@$5MV& zdTSKfA$HDsXFW<{cr;bHnmF!1wkU22L@KP#$XKr@DV?ta4XS^qc%q0|*SH9rD{Zgl z-QQy8#JQ5m36S*#DW!aAZ>IoMk*@QK^r(pYBTA%%m2na4A^e-o@z`Ggv6(E$_H}_1 z@wotJE~EfdgLSSQ!K98ioR01850Y<>VlT!i{U`y{A^X0I=%JbhydMzOsPapHApLgB zIy3ZgL_7t_iJ-uZ>PPSq5a2JK9kvx`4fc5)byR~szO~xXGg5yDzqH+>QEO z$Hk%mw(_va_ec~#0p%I=5v0gdb_DTD;lGY5_$UL_{fN-+xv~`MTBt1J>WX)Fc4KnX z36$b4IULbwWhun`hzURzA3~IDu{9F)QupExG~}@*6aEKjJebTi_@w({JKbrmBirxc zD;K-@bSI+^3ZLk&p+IPPZQ11h=|Y2J@1{v=Olij*2J{$kJS1t~4^2~Gj$Z#VcnAx3z(r3bFA2lSBU%CjmSwQ0{>H#3-5n zpLIzP%Q@it@ZZ-N_+S6LpJ&eh#`^y+cGdr}qCyz|gFpSxe~(k8X=%ZDabS}+{U2cf z?1?$|0kGUxtabZp*yJ2_?mR5O0qXf_9I4iOa`X=-Vi z9j&#n^*+@VD-`;>s3n*{~Eg?sM^0`{xM8EP}#+6~kW*DBEGLTfvt#B*NE+;<@UK}5! zh(HVqDK6vT>A(+~rZeG{UU0Nka$LYN{$A-2S5#6OwUvyC_X2F=rp@H^qdo3%#-e-R z99*Xys~_-XxyFPy|fm=9`V(?MzX2vtyFJ9w3hIt(=A*35LwYAN666m1u zA!~e`hbe}BIDj5HB9f9a&OJOjo>+o`fq{6huGOl|4B}`~&on08hu>O{T}D_q&ZCKt z0M7swNz^5u5uB!prGIkOTpe4_bNhYUs1+`=Ip@_0UUbAsLq!YyirITbK(z$?SNnP* z@J7|$L*@BB_H?5KZKIhqr+;c%0Kov%uT-FFRTh=>uO87GSya9kiX#AemNk;6|7Nt5=}Fm&XL#U#=$w z>H)HVVhpqm913gS|DY}@2Psa^&E?E`q+l)iiY0P_xg{WePq(*?)ol(kWL0ha4Mb;` z-Ygvb{L<_py-HRz5a8m@0?HG9H-r73`SuOvmWcqzK33$o>iL=J#tTHw3bvqVNH-{& z30RUX)_Nj_PJX4Vt(k)__)NR)G@;pHG%dh<8%j@<)tM z$MIF~Rik?Kor8VF;s-2oFUstL5(%F9JsSEY!$5({QFmvwIBjg7pwCn+q~kU4{9{zv zKPM|XWH?Ki{aGFuh`hB&yym=o&nQElHZf{NC@*_|=O>O3x1T4wqZNhaj-r7Oi4MJk zvZGE>PJ@IY>|W?KdxSKRI2-DYz*;d35cG4aOsKk6U#eb=pn3W3>jUaHkd`n7O#dN( z0nLa&=g4^Qg6YBtQ1wAq=8?SW17Y7WFasw_zphLdo)Pf?dy`n5uSijfA+Uh6>#zq;jc2ls8z=!FL^C4r z7|f6JYe#=X%NkpcXIVr-CJX;jBG5p}@xHM^=C=)8k2mx;fQRo~x~N8INu zKsn--2^}CntGM$5WJbz?lY;}IM}#R$UA)|e9t0(g#<8+O4Lf05ebz5|&0*FOV8C-E zuY&$UQ6G95LeW$8?2E1bFP`2%#{K$HEUugJ&?N~_7}=gGa~VKW>vQr>3r_IyRVI;| zvP}^8;-})>k2|eVL9N{_aHEw^aAMKH2Ict)y~~>ZQboBLciPg|ZLJhjK^0h%H`J?FAqB)!3ea;Tz9N)dk5os%`kgE;PsnByai>W z8N0ztscRSoA$ak)6?Ju*f=RZ{&YXau4Mpq}a78TuMMEteBZsZq>VAq|z;{QJi#S@;nNRZ=}!iScAFtqmzQ^nkkbK3&1_wT z<5+Da7MYWTgoJ>GGv~gq^{vm|N(UukBPS%_id^q;gFzP}2zH9R1wlmj?=j03Pu1qh zwr`{tcuJu3;6^+uIo|L`bpnH?D6kBxq2h zR5NL;T5ii`*fC9NXqOO9@um;bWxmT}IX0L_ zy+PzP;rj4J?nrMmdcQzz@jn1RqB zrgu|+qPKTOFp7pEB}uRAjqFZhioO2K0i%lpQjwT2l`bjm@=Bmh>%c7>&~JrHtxmDAKTyV&lrZ-D6k zBMmxfk*t)1y$Y@|NxN8LOnLtl7jSX_^CrV*wVLL9s@%U6b#S{3 zSBw5XvDCxzjJF1eIDNiF-jBK?`COCbf6Z!UR{u6jvC;J6p_Gt$aBX8{V+@ydqNu;p z9Gy<^{@u`+6Qrl4ebHBGVP7j4ckP&{QUtT3-|e)u6ncagwsKMlKT}WW+>1A&8M|gr zN*>alL|jdHi16z81%^ zR)>PDjW+|VO{#780MclUE55m^O>`cqQ(w*^s{kul-8LlMo}q{p%u;_-l30(Tv9Rgz zNUK?QhCDfSLE}hIT<-^+yMo6XnzjsZDiFBK;C_Wq4C{YqOt@t_++MbO3*5GHJdlS3 z9i^|_5S|^XL70nyB=$Ln9)b_L^|SCl0v)Lh2=jLmo(zwx9S~D2%sM2WF*0-YegiM- z3e!eHh(8t3;O(y>>B@2%|3}M%UQK9WF#sqob%LzMiUNbmwfC6dVioIta#0L~qLD1_ zg^`xe{2i?NP2V{;OU(}5UAO;BlDpd6I~-Vq&@L*FYi^ zFNV)zA$b%ks}G8H@w+1|(BJ$OWpYCe%KGYndr0f?5X*nF?$rQp3n&W`$4E_uQ_nTm zhR5y0->x^_c2HWHe@Nk`B{ySYG|mkrRg}<~(a>0cJx#bH$EjIi7H%8Xb#h8yxNqqv z|H(-sJgr6skrwW7_98#rjDF*Qb<9S7KgN|*tLBit>nT@s_;5p`4n{Ty@zWoC+_eu& z@W}eZ$c@MwFtq%owPPD%H)<&@UQE-xIb_-9OJaivInTl26X!)`RzC7aUERz>jdIeE9^Q`&Rh&Ma!Fy0)XSzM@hrgzCqXWt#=IW6L9sJF_!Z4MTe#jp9twUnk^sUMJ3N^;djpTWqU9;ZWx) zj)N~AIw70OWmqvU`g~oGdwnIdJD@DH=aG*s_sjB89*kXUd&GejkvvS`XpT7@Uh)3I zr!DWwSN!EtN}5KF6cTKi>1LUml!CgYU3pCRBkugaumBw2B5*G7Xky$OkKf~c)Y>Nn z$f2&`v(jBtW4?jotz=60B}&4K()In>{-8+}AxtH_E`O3;o_?l$yRW|7OihYVb|QY9 zT^?p6S=RrbO3M;Kk@#W54RRNqy(nr9j&Xb%jN_9NoEX_01~(fj@1SxJS)Z|xW2y%$ zLbzYEDJq7@rxQQ749-puHy39w7MQ|W^gW#?oehm~F(Wd6KHn=ZFg)sX=^YWuTomKn zZrPSs0LAQ7|A8Yhp~Q2HOM5GjxLASGp~@9CNniD1$HY`+bCCI=Fqv|iDD)SfSHu#S zE)7vx{w4oQCV^XJJOkbS)Wbv{nZW!b6HyODDn{1@oPUP`fM|PI&pH2#NTsv7n+j67 z$iJ$-ORp#Eev%qe%Rk0p1PUf?m`7jVF$q8MnWd19RxWa6to_k`FolVGQZS@;toyCW zcyA_w2SP)kAY?8q>x5OxvWC0B7q^e~S}l2VSk-W-i@aw z0tHP}{0$=0-MSKB1Mw8}tWco;Zqc~0z(C8#z@SR!06nZ5w814<32Va>0L1_lF^ZfM zK)DeK+t&sD9S@DxZMB0^VuD^(NE6>HcFR@BD0)2ukOvzzeAWdDW}v-!_F zUFu>7-h_=&GgWMAx!iIyA-=;+#uGSm?%j6d$0}-ZZp%7%(h8Tiv(Gc1AeGWg8A?*Q zisC<2h{cfsjh~$ekcW?OaL8TWT();`OT(UMiOS&9SWPxY&i2YxJ7z2%F3$}*q(6^R z>L=H_flSEDMf2<{Y9;vvpB(fsz+c!*JNVE3rh9c&f?hh7UbfgOt?Zi>?H9gJ)%h^T z-|WVtdO>@pG3yZ7EiaFmcIH#tX#7x9IqMDD-kHl$F2~er?&xT^GzoTWFZR%oBw&O9 zyg!)`u>^2ChS(L0e<(W>z@&(N@zYopFe25}IWc8P069&a>$iZ(5g-Yr=#(SoCdusn zNT8kl-JLw0&!Ow^um$U6Xc&wyum#4KK!ex^75IJz&#_+*s_?IZ!mcjZ_T9VguUZ_d z0K+ZksLEc^x~rH0xq7~2j+nZD-T4^sV&DJ%F0t7Tn*882VZmoA8~vn?%Nv)wMpC&& z*Qeb(ITNaclyUbl6VKxI@Ap*`ewqv1TCIiYa?fFc7vNc?7-n~sarEXD=J6z8TF^Fb~n6Y;x7$r>YeSy)8J zGE~aBqm68@K_Ir4(DQMKdsXmc%3DhZegw+%7YJ#u`Fg?KD#VY-@QEO;#6L*AYx@Zqa+e zBH|$^9@kElLNL}P4~!W3){Y4GR&>G^GsqI3kwj-K z8qQppJ2-r(psB3F28csOW)k44;#Gws*xYO*; zA*m(+WMB>r>Je(3`R4g35~wajYGq+wXbIEzsZwqu1JdNxM0GYn>jn~mcsHBN=o$dLMYtB9KM0cc~j=)9anjJ)BBmMz3~u7cRYUQQC*!Vh^%e^ zpMF%g)HnRfqBAVvT}i>HeMY?}g5vJknwP}c#~1f|nZBQmwfqk|e8-iyG6xM^(ii1( z6~bNc!=I>D6GT6hQ7?6=`YYLNV^F>;5j0kqyHa!RcCOxMXvKRBqIfGxLW$-QR&`^EamoNTrOYcn-< z9&&ii$6oJUA&H>qhEJwJcqD;6X) z#t3^J^eCx`i{j8&jftEnFZ!RKZ^yh4*6LU1i`=0K&1AJ2&=a{Q<~ zgvUlfp2C=_<9M9Gs}~??Ux$_uF{gj2!8PryGG#eGQBcG=s-pulwCbjBzgnY-gprBO z9m#B&%R&a844*qXbTT>cMXu?_P`gRvbm=!^2b&ddR5n>NDFX2wTfz#@(#r}W8anrn zPpZ%y8?Fl3j0G#^BW*2T!{f9`Lz1R)zFT#mF3=xb{xtb1RTE3p|5zfJ5qCd`v05)6 z#Q+|edmCp~#O}3;=EN?+wSTcu#+-i1+{MSuAU5WrO07(vYf0i^rt(hU;Qu%x@YC8Rs0mF^|oAYB5|u>_>MyU)Fz=Y7Au_Za)HbIuqr z7{I#os(H=%i=W23tr_a->Yh)xk4=ArP+q_-6=G>t8pdqr__S?4_+soo?cOtxN7R|+MRc`yi zvToC4#W`!`cZF9E^~e-!aHP#IP}*NRgs?^Tk^EfNo0a)#r5`_yKrs5k$OXeJ%6q1F zf%Q$65ki+V9VweU_2_aPyW!!IhCqiuy0h! zhR0a5^lqoBTsD&n=}|WGQT9_(A@8l>?lir(wFr4_hL0~T;1G^yuEdo2wubqUlEK69t%lDBN%@_Yh8I{F?_z8 zGqJQpdM}iC7Atu4vk;Ji=;-LU_)AezKXB$vw?7uzw933VDhH*G#6Wxzgi0xuN;B2( z8)A)%)WeV*>a=z)ONyiuV?zF7V97@l?`HBMJha}?yQDoAw1ZAH!{U-@ZISi58XNvS z4gp8p>ayx2{dHvQXIZ-wl>3c$jQR9BZ8{8w`U}mfT^^UZ5cK!nKf0$D z#kPe$J=$ee9JO6Hu^(9)0-dg0m3axlj-owhlz&pxN9Bq^6E?B!-JZ1~d< z&o)~cTFIHA>TiR6!lFAJBek?dAnGJ;1;5Si{yN`s!3>wRwN>G3PDb~|1x|k~ zdC$+kiGSE&0#56J(yAvX)_qCFQETmpiJRps=NqBgKc#}MCojYFOJUc~`IDXXlg{1-?jYB#F^M0%x? zKMi)op_-^h$II>WjSl2FzGrf6t7r~C0T{#SWLn3x&gz)BgLX06Tm}XnLIgqjg1)@> zWKp|I51R-GkEYMRfLSNXGm&P)lzYC$XS{4p1p`421a_x4jS*1jk(0tOQ=y6tU*A~n zQFRilxdJH&*Vsi8=u}dPhto%^4J6Zm54=!@?3V;;J-pq6MMsog6s{g(QE_IQ>Wb)) z3dHK3`l_xe zqQWF@2xc{OnEsb7O_-gUdA1keYda0-sM)Jz*_rwv2+1c4&zY@p*lSMb% z&zpGyP1L@_dk`oLBUFqdsHV7a(sq9De6b-&Y_Y zc>*}9BTwf#E|xU^Y-~=={C_P?Y@wo}5xATgNWfnw)Ib$Ls-k_qPt=>M4 zuLFA515+xZF)ri6_h0kW;AJ=X&w(`RhirViWwxJ_Nf3c=&B(<~ehQ+^&?0M(NLRYnwso&*> z*O~P4dj;hw3Dr}QaFzy3FBfmM@+~9vm^T=Cxb(@s$0q;2)vgq+crJpwx8C#THXmy7 zR9HPSN6Wu##ST2rr0<1*n!BGaZmk9-%7=aZr|6*{ zf@bCH3<-}|v31&cGj>HKx^Xkx&c{$>9I-v>9^=&uATBU++~xR{Y;p33)8`cUW>?SY z`a5YxAj%%fhV;9&iIumlqr;!+XkW&?oi~T50RmZB8Cy040E+3JYo`M*;9%IS-@oN; z7wd)uquoE*+M)`2JP`wu$AK^h%Bt3f4L|;j+Jwk>v?A13XzgkEezkfPe$otMv2nAgz&=Z#ol3 z;j{K{Y*6?2_y1m5$-SsL+}V+heH#on=DoXSR zlnWP)!1+4PXi_|*aEc0kNv<%lr$ONaJTC_NOuI5tV?E=rp50H_)>8h9Ri%|oH=F4# zN)cdZ9J4pNq2aWUk?SCT2kjAaI0|M~D&I{anLw`53Sk7xSX$_%8}r=$H`Ot$>u+sx zqWxcgE7XfJGJ%dLn9ntfGYMf-lS$W&>oV;*Dbi+pQu1Kkb~ZoOGI;dOmWaFkV7nqj z)r9!{BV|mKNvLiasDH(&Vn)5fi956vJMG=_Zs*ypPOXZm8{dUo)B%#ggAjy{uJ4|HOfCmlkrCn4ZUGHeOO-4JF<_CB@-)D>zbaX#=9=1+5&zuq#)DM zDu08lfa4L?bTaK9YU9>sS^q?0o0tGR;H7GIH`@J!_z_tFYUr}7_lh%n z46j*;H+?y5%W1l4F`;L4N|iXFvzhw%G*ds+igQTp&53&b-x(TJ93V|i6%W|8S`axi zXdjUlCox4%$G*|&vUVRC+{L;5gBgk>C@{IQ2qp*}f>e5Rk^$N%7;D{Ev9tT2JeJDm zq5J8Ukev$}aUMbULg?hC(EY}bq`G31jWS1c@=QAjtVGA# zM;jmpl0`!iZva{XL5ee>QRTT~y_%Se1zjqWPG}+zqZ;1pt7CYKZ$g|geSVJw`ZYLk zYykULIhs_)VvY(9Q?rUgkk{hW;rZ&Bt<8hL!FMY2W|}&5JD50u}MJtYa)rV}$kcrv@T&S>-c=#IZVE zoBl-2&q{c(Aj%mG$_FPNM%khFXeTS$PWRFXZ&8Vm(MV-*O5#&X`G}HmEPU;U zIK)MKfR3T{6mcHHsT{&Aje8Rw&+_^^XD2dJB1>5Qyg7EMow!frQnQwJyasFA#)q1? zg7{-fttTA3O{Pu0^BkO!GtOST3L2rAv72A-haEP@DFyns)jR=!&!mv;F`=KNItD_C zX1SU$6o=Z*h-cDC8lp0fz^(O2jD!)O0u|x*W<0@cuIZKK&ua5FN~PajJjS`=2$A(E z=4y=T*q9-;+w5nMjXWfL>F_63b$^4URf!!d-p0Ff4=EL2Q*iE4URYRr$pzWmyog;` z7!6Ll&Jwew1rPUa`E)SQx~QluU8g4beEzmL?+@?^2=s$avFVWCWCfuS8-9j%Tyg(- zih*KM{JgS(Fq6Fcrzt2aY2h&H%euU4oIX9Dds>el6@}D0O_>7|2N7L=|C(V?tYNTI zaBUe9El&oeY>PD0n@D7}GcO$;JTd(DX9z<#TBNJRD2byOAd_-biH`}2STviLTuN41 zS3*}F(#;5RnYGfw{r15lMc#dby#hL)r$Z*V*a$#R6+s0!$^<3()JvNJf+}eDF=u&& zaxJN+-fQMH{i_}R%y`t7H)`15Uz-XmU~!o|r!&1$2rA&BQhRpcM}{uwNC9X@;omD( zUT(O4k_93H9FWQltOnbGbfa|fVrG30l5T143iD~oJv-3dMp&i6U(nMnaw3ml&3@B@ zTXo(c({Ze=7ta9W*7U8ezR2YfQ|5WdP=(#7lIpxVqRjpZP2Ot$$I9@n4iM z0Enx)PO~-l@Mg`a@K9dG%E?REdxBd#ena(?DpybRPPnn}`ZkaL!kqxePV(-GcFg%= z5NhU2G;m3QfB^{peIbY9zLf17WOH56?<9D$fs%Me&*9SQXguUTCyHBUEq`_C#?Pd0 zTws%HuT|xu68T$(WajXjxrJXa8DJGK*S59=?x14%|Mm>c>XM0tP6mv0VR11s+Wd^^c^93Wf z>6xbqL8Ou?tnzM060@gE3gGVb=X*t)$0|A%%4fNXfEFsVq?0C-}X-19ZBSiuxKSPwITJ_`0bh3qP)t`8F?|hR~PrCssx%_{^*KvuqtxKnhwpIUj;Ixc3$eg?G&mzW~HKPIXV2j zgQ3~M&b^g=xz=_geZ`i+goReaGb&R`aTB@Vg`JmFT^?Y;q=Y$v2p}e>^O7&K(;-NuSZid+Dshit85ySl!(Dd%2!M|SpwomWu0 zXXh})&cJpQxty$K|J_ic8#q76lwI%PjH0|MbLQPRuPCuxe%zZT`Ap<}NOni%Nhog9XmW1UeX@#~Hl4)eAkW)@BR6Apk6Ei4xjaSvr z$1RKa(irRT!xRVBqM{zS&ZR=|X)sra9SR^Tkz=nt4R=p0|6G*D7w8 zN<4yoUV(#l%p%r+RwtVcHfVpBZN`#lzdc7M$aL8aklcbjM!Y7_X-CTYd({Yb(7z=Pv_CEVcoThhPKw4a7{p3}lGFe;2*-i?`YhkiuP&OSbnZ;6PHIAG zKGicX?M5r$)2x4o-(6@yDslj%?PVj5cVs~?PUREMG#1>rDeLgXkSCshM#h4Iz?d{t?yYO^VlPh-pHPgJV=1g)IViHRCd+@G64dJY?0yU1QSHekN^A2S~- z6?)k*`00Ky)6t8fj_E=A<_FKm>-6qW43Y=wKJH*?@7TsNnQE0RFDP-137$^^wA*_6 zbd8fiD^39^(Ytzt2v;Z0ZgFVW*xJ+@qJwd~0ENQD7vfp#trpoF7vo?bF9ot2!U~j?#b&lyhtD&^i_U z;HorX4LuUT(EMCvd3?4@sa%a-JjO~CuQHGRYyF+9f1Uh8@@7)8_3K9-A zKHuR+oh6-~?^lPb2Eocfm6c;{9-C>~rSMXtLZz5keI|}awtwT4fBP~9M;Z+6|I22p ze1`{oXwQAf)5k<<>fd9*{68O)^?CnaYdH=Gzm7m%7Sk>@!l&YYZBxYYh*tH9|3U8m z_fBA^)@k}bSp@$)b{+84|GDn}d^SGy|7Kjr@jvM9|4f>|VY;vW55u*8{vkWElNBS| zKQLec%0QG;Q5o0&mqft93XljkU?c)OfJ873&Z8gx!}1*2XrdHI0oPJb60tO$=xM+$%Nlte6U!wgs)}YL~^$L!qizjc%nm zav~=uCvY@U4+apClai9wrt1!`v+7fAHWiT_+PIAiIO=OL=DZNK-yYF_@7t#p9}8& z4+!1Vut(YVzb{FlnK~pkJDb+21Ws`rU$dRmgfjOMt3vD!y ztJY}I7FzQuI3r83>4VRGmVZt5PjHDC-2 z3apSYWYq$(X7A$R)2gq27?v?x1JIOL?e_BZX2` zeDB*!w_?@_#u-w6Z^%g~Ap3^$PliaxNeekbhB;ah_gP- zZh}b-w9_kJ6_2vC#;i5DM%m{pM4PVb6q1Dv_&TYXu@mRr*(Plw%%sO%i$POb>1*V_ z#KdUIro!F0HSnbmX88Mvq*?(}Ztq8xQEX3FRc9W7KAh~s0^DpnT{*){X<^OqM9kg; z_)4ruV%#FXV)gnjn=M-nc2bKW4UT@3c_g3})@F;XFetiN{J-6v;~o}K!`R-T*CGaU z&8j%7rNXVMENRtO$!>6;t!G#+ZewGyN2Eg9D?;sNt6L1r`O2CyaNRKwG>s;&gxgd3 zYBT3|X04`|^HyT4`kmk^ydVw^c(tnCR0bnmZlW#=qfPE+yI5RBU|KrY<&OoI!Jc0yE;Yhk+1nti%Y~Sx00ET;lpJr z1*W}Vve*|q)EN;8_Kc8p&G&1R}YRe6~J_^!54T(ByTA8o6 zTWZH3AxjNIZ7)wC*CO;pnh8y3G6VxRe?~f{q0mlkvY}lDN1_c?Oe&IR!>5LvM^!ui zpaB2-#q`CJ{^R=xJKW2H${RP1+@2OoMZm{~W3EY3_LeoO;;zUcyIU)My2n*Sg4Auc zP2kbi*hcj0VUVv82Rd!%82GuB7W!&MAgR)SRnOg5;Fnp%zB7TQ5l0MCs+8%r1GP<} z+bUzle|jq(El>sN-Pk|?IxCrp4^WkhB^88KX>F>SUjcb~KF<@1j>}4i)wL+r{<4qd z6|0ZHUWgE?6=pJf z6=R|1G08O(;XS>$5C_&L@18;A@%p8i`$d`GWdlZ9f;I7;d4jcB-|>*@1}{fjcyz9# z{Ot`P?qHwCoHx#7_|H|9B+9X65~IVoEQ7=*Xp>`zt%0RE*4G6Z)ZKX zSLJTI#IEyKAzEU;dqY`(YdZ4|h`BY3MRT`X;^219JE~`VT%<_&^%ZVnX5sxla919* zv7hVWpOQFnv8{~@&HgFs&z#lq-B;r25*+EzJLD9$&5UPhge2D#5K%sd$Dk8m-h9+M zJ5kOoME&pkBZIv^&YqrG=>-7k41+KL_9SrG*-q|n(a?+l)`2I$WX=vU#gPJbXME`` zGlyL4eFT65m;?4e)0*2VmUE5wSBr>b^P3{1(&ycVxw(=wsRY!(0z@>E)^kanDaAqj zv&c2~4-saahR`az4s?MuQvY2}h@Srf;^bK_ORH_UR(!>ZSnBeK$aQ2ulfB?M0#)r) zu$2kztj{2ee69x8e1lVcg;(XVw z^o~lrM3#@44s%%#FK_@UjHEjaZF9Xjl}GPwouDjPgd!iIt2B(s^_O%8WmjH|rCPbV z8%^I6$?P$qS_=>{N>B-D>5N7)deMyp5_T6DIyf!FFD8aP`+(m@T_XNF_VB2HH}(_g zank6dt_PWt9v&W4(#YQ4-faB*5hX;FNQY=uz?50-J*o?5y{_(-p<#2s?s5=BhJooldsW$PICdk=BmO@LZk*CNN(tDs`}-NC$Iyj#2r!`HVx7W5`cSOlmZr5K>JPYCVmf10x;uh{HN)){MEMhb{-R zGqN4wCAG^Es+Oy!yxkxqcSqdR&}ZO@7`i$|>sVin{3cPiO{Zbka}GY{qI9RIKE7`c>;;<)i(L=QGAer z)!?vCW-yCF$<>I1jL0By9S0-Nu$hhs>tyQr!G|nCvb+MnC1z>!zGKjXIsbNzq<^5d zaNR^m;ySh*0~5jh<^2a9Rkw_Vsj`A!-Uc(Sr32+wnByN?ImcC!>-g?Az$3LIgt|#z zdW@|~$@S8agW!yC`tnQ>n^c`ENIDSM^HE~CA{ zG3m$4sa;J|{+MOI+@{`4p^2%6@qvk5tXNzq)8;@1SkB)Z44%VrxNIO+`BU+Nv06sK#2sUFlI^h{5TRHeaa>$e!)J-jwIHr7kO-wC5Kbv zh4gY;oVo3rcn=rFqJ1rw`&)}RYH(0NC5YY#=}QCB2H$;Q=Pc*8J9oXWmmTGth;qV) z>Ta9|_%rmE9~wVcb_6SBR)W;>krMP9KQc7y>Q9P#XQO^NAELc^6R13-VkK9HKW!?o ztd*C8Efq?Ue!Z*#X-=3o1?SN3+JpO6hum;7>36kq_Hn7FxNcDr57l{rdiuab4~Ra+ zo2|)ONiCQEM*z8ifPiYL;_BbPNA2mEFJ>cQzw0ek%{@2M2`M6fFU`Rcr$EO+goBmd z=JKQn$cZJI^{*O^f!^N-tYs(AG%#T8XgNZGS?kkisS+5(~4W1l*a%(exDQ=${x;B3IcGh})cx=YG&i zBUe+;8By`N8u4tLdt2@YndY#S<_p&4mmssxRIo@dW|6cwT4BRYHq9gydKterc$to< z_cTMNhI8C($0tp_Ek~3$5}4FEx+Ph=unE$b%U&T==FSzmc3O)#hqvN~-liO0Bp5@M zcw?83$mZm#Rk``<_5N6h#RI6A>s=>7NQ!TC7S{URf(%{xmHb-O4R@AiLtQacQA{oO zj_L68-#ct&%d~9o7L9=t0dZkmYKeVrwZpQ`1L)G1Dh^wL_$Z1nE5`9PVd`F43jd;Q z;p;c)ar(7>f}gd&QlG=85u|?%OIdD{<6}83!VNMdFb{C=y6Tusv*VFvwEo;6@P$(P zCE(p-h@TwHwbDa1Uhn;7mZdt~VwyArt^dB%y{>*K-acsx5A5w@!TT63Tc$3f${@eD zD?9ZGA2hR{X%H8iHr1vMY4ozVWaH`de38oDidts~Up zQe5-+t5WZ@;~LBfDH<2%5s1umxI>7IBOM46eZZ_(`9XP|)q4CSVt>D<<@kh%|97~2 zdFI2zC~7%U+~MMv&WCBb%2WSa1#oY>p!?q%08l7}-`-Ccs*k?mC^^r=()xhh_K=k( zc&;DP4Cvb(?~4JmTOA`TK>776+GPbm{5T!AUmF8q9L$(bKv00)+ZG2<_v;=UL;?zx zLDuz=QnCF}Ge&BaRAri~^#Y34Xu1d`uUbqx{KYtu#~b2 z0tj_U3`tEfHRWKI_lqHNn8ge{g~l7=nA8TV{D`7q`84B!CJMo$=?NAJI3Lj_gmEDc zgRZ)KXA5RpiR5^yYG|6+--RS)t|8VE55)$xOkrOY>eSz|RjJ@0Amx?(tRKdpDHKW? zPnorz(_m?IXCF6*p!B^fO%~LXc|{FR>iW8b+hDAY-e;0a_FDd%a1@5*?1grAm79?e_s9zcBuW>tRL`_&1Dnf(nT8%Y2_@(*6O9( z!<#boeP6tZZ|eOd-!&qz(M9JHNN`62(2}<@anaw(Yf%`rD!U@8*ZJISab`*)V}HN{ zh(hl13*fwB@Yi?|7(wx7+5FnIE@L& z@Oa4!xSeDU4axbg&gwb!r2wvxi8L;D=Kx~U&c9@Wd6co9fC_qgH(EVBI|WRossJoz>RIfY=b z2#<3}Qcey}w;TK9?76ko(#6sXp*QL<5-B9pW`y=Y#$^Bd4~JV7b{F4yH9cW#C7 z}FklXg6UP2mZqO@t_Og2)FVVa91 z{(KE7Q&~K%1NO+m7#ZM5?>sHWnmNq^>yXw5bcu68VSJ&54&PD z2dMLpmHPR6G9}~KD&?56LIvUk>&%ye&pH$+iHqm5KD1ql19$E7gXhvte`$du$7tZTua;g5>`3GOI z#nN6HS@ZVstW)z(N1FTAI&rT2at#8phR^Df?-lMP8|mIB(-#F^5LAAh(Pn1_78g7Nk(=*tSK$E!4507#H{g#iHc$>bxoYg} z@dB_8NWmDm8d(Fs5Cd+y-mYJ8j(xS^++xNzxXAdW8eaM7ALQdPzrOn|F0j>CY(V)w znZ|81Yizk0&#ra_eEcVV=LIg!A6Q2Y)kFujxmrfn&K#V70=vYru5y)oVACzW=rjKa zKG44d$CsT^o>s{_N^Dy%Q3Aqh$3=W%nKFn0fDcTg3lNfI=G#nGZyWOh!i-aZ75Wn5 ze_4()AoKqUwkrZcFSL3`WPw*KafTvgU0R7)|ElU;xDN56+Bz5NONwGjlX}qHcUB#G zAw1Q|X{D=3X(tRzar5}t&%mZYOamKKPT36?;UdOo7t-@H)u9rL>XL1<-wy-9YI&Ov z5;IHXtH+;o8ldNc2#oo*F}(J1akw$#-T;S zQc{!h%vZzQSlOW;pmgF$Yj@wSA}>lgp=T29=vQOza%2(C$;rh+>}sQ5>MR%c*i%~& zCEJH-q-W1SkpVNx##Jp}mw1{hie|>^42p8_N-q<5FhMUAbRhL)c+7kKFgRE)-}gG^ za{@ts)Tt@;or8m#$h4&;8buW)0L6`LG7x9)*r3x&b(FlC7xg z4o1g$_H$G@#9zgp;1EEM5)cr)2LhbgNVD;wF*U-{`4TSro!({L zkoxN48vkQ7XT{XcV((gM={p!B=J(u6+?1hjM$K_m>rwA%^}6RR}MS3x#axa zCaWJi@AFa1{+Kr08!^$5Sy=df*^ve%h3R{b) zLI4!<=9h&?Oq}1rdacM_ZGJv{ah5Z($oa0yIxsh+G0KbFAJpFbDi)2oet0^b!(DmU zVVK*xxVR#M($dm70xmxl`lWvQ!jWHw0i6pY%RY>&qot_ahYdP_7akBk*ZFh_C?z)D zVcvh+noEV+WqhT-ZJ(00?sNvNaC3j3N~eUtmr4}9ho9h%WHAW4uyBbUL3g9nE_K%| z=Vn(ZP>J?b%ObHB&|i};e|8NMy8_Q-7_Nxk>gAgY)OK_CVQJ+I4TPI*?rmnVR%QR- z)~V7cv?C0t-#3VvG+UxvuM=a6@=ZLaJH9XGcbc!_q;N<(AG~)jTf+3Z-B)(8My$9F zvNh3M-o4eHY2@!1D704@$@2}^9}~Rw^x`tnHKeN4*GRrJwboqHEDh_N=}K2G8g&~o zUt-^3diLfoKhH_a4M@lt*!3&i$kw0b9BEy2`Y9Xc-r>Y*!-)Nc3{a5v{( zP@6A7xVkX25CQD+KRrKfzkpLuN}7LuIM?1^$P8$>8By`WI&RrRZUaI%$Lpn)fjczf zlbq`|d^pEr;pAtf`36_z0-sg1QAZCVP92INeNhwuwK6<=>bY+PI++W=Vo{;IE6guLtlcL!NyvVsaOTJX-`BCYRQf-)E^3Xou&9_A;a^Vdp^ z@R@Zt94s7IVeCnv)0=g^;}l3QfKO)Qs>1@fk7wxlqy)soJpm5`tUs&(jkt$x(E$UG zM{-!&PDV=$9~NZ&&3(Sjya^V)f%_lG{GwIy>TdD%+RhHWvR$6`G=s9}I%-xx7h;pg z0Q#Sk;s8_%vce|+o>!ZEl<$Y~?{glm>0VF}#+1aNwgE$B^^CDfzB^tKYIAGe?ej1pkR8NV5*}@$+{Z zouUzGx#!LREFTXbEq4LKm|Z|1((gW}=N4c8TX=2v6R^S0N#qS`^F*l01~mI+oO}=X zctSj6IC;eC2eY(u9tn-+#mRWr%)_cQV}}kBU@_5wg5;#jqQ&dCeK~) zui3fzhmK{j#ATyyws?=b0i~SqeMsjEAlLm?^np#pyXW%e033i0NCfo*21$W)oky4R z9gjqCKl>m)2F^@y09F}i&VD6!fGkSz2}Y5>Dc7@ykxgNxi@1OX6Fwl6KA8b#EIsfQ z$3wqE8|L%j<1sv(zGv61=eFR=7n=r$+)G!7g&M?Tzm@we5X~2YTVQH@o5|}?B}j&x zsPt*!Y?EO5zOJUSwierFwt_ttH|7Q)!}LYrn>agT0n&dv$Hyu}%fJ*dblNROHDcGY zE>4E24y8X1o%mMA&62=Fxf%MMk7v4rm(KegfP=#*S$Q+{97KVOm(t&wDr5D~0QzOJ zzC6HvFAi;7KO?1#pvWu#La1E07&!JLW+~%?hN#sa9!%8^mLf|$!tEjSDxm@0_?%B} zd<#AwQT|M|5RGx@MM`;9EyO<{t4=!34|bq9k3GE&C?C?Vn=)t@3>W%)#k8?cO=Z5v>gK5P zD;@p$R15uOF%*jNKG~ZTzT|dq%;r9(a>I(b+Ss7u?G&5sh>oR-UEebuq<5sWRu^f^ zY5+YG`*$>*pCwJ|K10I|%-?;Qu^EXyJ&^4hC7Sg}h)dh$65QY|mbaQ|2 zmvy+YpH^wC6tYZTNXfNRAAQ5_EYFusP-EU+43Y8i6T~H&5~`gcpSrNT#d%%UM``;Z z;PN3QPDu?^FIGtd%5S@|%~XIf)DjE%y!ptynw)1c3P|-UHQBv4*Z@}1kKS{ixTuy^ zcEI&IMIKRIJxRO5uguKa8VmRh8=DRY6TySCIm?EBZY;?AD#1;-03_OR^P^V1f&bk< z>G}a+-QBG*g9*Gju72sXCpq6cA0KeJzgm3@X+;NeB>gE`h6%pN#RiUk5@!$Rti2L% zg+r>>2eR{D%vHo>2P`cuX?OT~)%dNroLVC4^y=0MT=Ju#qW*nAVePd8KgyqZY|U0S zJw%o}p8OPpW0RJ9SxV4oKB{Y55|JMq9K3V9KXA(KBAGXpT3o7-x#x^fpxb=GQ%R^Mwg1#YcW^Xd>9hRdk=tr#b+OuxgJ-b%6; zjil8?|AID^bTmj&=Ck*=iO(f`*doT6iEz-e}Gai`1F-np0&lzfZArHVA66 zp7MBWQ|Y7$to~Si<(Hi8L)BpaiNvB7hw?Iw&nz-wk4Lt10logc$P4%4q>-+5q9Gu6 z1~*f-60VmyC5eyIMzp z;&x%W7CQ08yK{)BgHk!F}pvI2jWB1V#jz$HP5&)=h%i`zXNMX zw)CBYma0PX`NtE%>n(`&E+B+(Da*{89o;cpYMVEg*lV`qG~}<rSS%(ho~L-spT3rhxLN9cZHF;e4S?ueg#o0YI|{VUB| zOhtt?$m|8I_~ti`4yte?tI}iu^bL9^%@{vSnoA8+MN%>Cu^2fUlK|T6pB#tO-~g#X z(AO-2fxII%gKK*knQ)KJd+WASC5LXnhB?|IhmeJ&Uw;Y+=$@Zeo=Iln{77c3aZ}`J zZhiU~4Fg@q_+JAcIN%Ggm!ScC5IF#1W4=C%34p4q8od^ej)wmXTM`XCmaLHU#1F8$ zalawQ#T|O%KpWbTfe|}@{UEaWCyK=zjiqIWdkASj1`u6<*PA>hTMU_8ZTG?Ufo1reBmWpXLi(X0#Af`iiF=9+ks5K+OZD7LKcHU^Lq~_`H5P zCGU(4c-k`HJM1ea+$GZGpH?FVFd3xjU%$SWkqL9di;yo2a&FewqC=nKr4Cq+ap<)W zIk$=?A?n)uSndQQg6Qs9{FnAmj>;iCvBH3%EzH*14RA`RhqUu8JeO&;69FOeTVQOZ zp?+$;m~5mrHf^Pp9D?PVL>!l1!}aFbaQ4c64l6x_2@KSnqcsU(+^mggj|ga(uReaGt_;qMJh!}v|dg}7cxNlH9R0> z)R*oNxcg8e`1R#|JN*0TpxCs-xe2p4r);iFjDl-L->i1uccf^a$S1xDt|C}_mX#Fp zy-qNcz}AV6v8HloP-C!?AR;62suHc0jP^1v*roVL>e(QKUve#076z3R51`B5_=9Rq zDOoK`NOM)>l}4iXn#ZD98wO!OX9~gKz;9Y!a&DJeHZK?5{Gz9k{Hr`*@KX2I&kCiO z%*Q3+(8V_GrDnIsX4Jcz!tWMQiKR4W=2ECA2ge%~0ye27JLl+bZ+dI88ypKTIG{x4 zgtBpN^?(GyqngOVJ>mrf_u>b_OV-KlRb}@ zp{fGHNb=i!(S8-Ohc`z{)$p+Rj~9@^xhe0wLnZUxq09<+`V#rKAZ`#_dH&FMXEtZ6O*AH*5IM_yU50PMaxO zUZc9JJ^eAnPOD$=0g1k&UhtB$!dA6H8jDmwCH6SyII0P-3`WjtGo%32*Eqm)M$cl} zR))u6Iobp4$NhAWPmT!Zdm=$@ANkKZM+B^MFa%@HVr}cY)po~q+GKfQAR8SCM-fj- z?-gX~EA)4-v8*BR5N(=COzP8q0%KG{{qz3b>ANt8d2-qIT&Z!VzJ5M~tL6FkslgO6 zJ@vvrvWkhT9_FV&XCsLXLN!3XafJ*0Cr!wXG73OUN$D@Dq&@1)b%&hPVtF(yxPZ>hDo!nY$eHa*TLe-c zVO1a-a+>#99@+0B@hCMIN;KDM8BL|D4kwLDID2FQdz{)T`qMZm(m|L^Q!tsO)LITe z@Je)rBhBx=6x+Mb8!zA$=Cfx|O7Efnou|IP7eh(}f^QtUHxl|1eMu@p5wL{|R{d=|ew?FTIjU2#1Imvm*>i@z>_rwuPWvlQ%z!`{1Kj&&{r)+J zRx~)rK3pvxrD%k;= z_t~7GXCLq(qzaPH53wPcU-&j1!zqF%olp@uZ-{+{r<*5E(vV9@MZ&E+Vs3$=z&lAN zzOzi3{$0uUXS{(bCfT<(j9LFDAH0>G6RS1GeOYhG9S+6wtFtp>wV8Fz>Hr{7K0O7&4lSNALL7~AFFGQ5_jg4L)^HbfF zN@_2c0*OqkFT_TC;;zDH@rs*o5#=)~skukx03F}JXF=G!*aDXp-0<2d@mW9;>{DJ6)ok(K5}NZMb{U)-yEM7$Z=UFjp)Vnm4uri-tmXO5LIxUfR60NYjx5ss?M+Xqz zV2L&|{N-d#01Wu3$nidu89s{vQk7%o)ciuoEGa3et&{(ON!@u{4bstbR$zJm8>R>{ zDjq|S!aI(S_!jpqi_3dugR-H#n@P4u063iPDx~0j+i$tx14H1-cw#F--?JnOdQ?@j4Dozw>I^QfwBR!Hst|%v-wprh3#I)5&ZBxVcF`73-M} z7$hf1#IbcaE6H}{No%!eZVLtV>sw*Ddj+x|u@MIdlbKn5MH_VMvMeNQ(YCO;)a6V} zvQszHK2z0MH&^K~*8O?UH?l9EEO}#zVwA-7^fx*F?$%@sqX7!i>kDO@O>fil~Yx9cuoC6^kSu3aTJ0It^naep3X=7 zm_HgZyWnbkDhwqCfNq zS8RQO5*6c{=jMG z#If;IBjBo9zx(ywI9=7!%>HbY6$5ZRt?tj+e<)Gw*w~Dib^@a*Ss$aTKJq#}9&l`g z2Wv)6$Ap<=Kqhdt1((jk$?0k2>&IlX^<(n5R|P?5{^p!AX6#S|`0+ThD6uRHQczv< zadbTEoLYh0XY*Gnss7j%F@*ERB_;0i6rU3bu1OL~kFcx_W)1gZCvAl#^ems~C}=A8 zxbOI8 z-F|hf@7QY+E(m_fv9x?|cfMW0FiR3U`$WgWt|(e-$f*N`>qD*zOHkMX|S;hl7w!Gu23`YWTKq8RtAKtLZF3x zFDfG`^v<~(YpQ8{AkDenW7kg#8BknNf53x_l43E(3)&k&jIBnp9gjCfe zzT9U+A!7{JOVpJONad1p#tEoD3U?qw5CZ(#-)q>ujlqFB5Jl>9?R~1}t@x z*eJ_-Vhv-veddIsR0rfQJ~#L2U9uMTzt#i`IefEp{ZGY6Nr&~yQ)y8Yk{jdlK@R1o zS>pE#WNXvj-P5ixW21R}eS<5><2!}iTVDDXCC|(j=>YDRWmHQz`YdcRL#(`W zOI&LQ9c}D{#=~Xk?acsQaeWb}UME^H+xwKrmY_2cWh8Q0vy#VeQ5I|v!e$?@+}3Ou z)QeWK?k~+GUGTHXrrM{^IG%EP#>nimkAx%N&q*PEO)Vg6rX2a$^mWZ0rSN<78J^NT1*4sOvB5%3(2P<}gSdE@;h6 zw=_b|u=hDDs#hWV%2_3NCq>pcW}}|9tES`8h3AA}agzIzIbt-#3Hl)`=7#uHUg@JL zZ$B$(kQ`$q?$D}1(QqNgoA_OIs8oiidg-HJQ^|>>PWQWswtqqQe^~{1i!Xj3o+LJeB7i|Z z;&{Kd%~>cG5VLpddD$yS7KvN6aY<<2mqn;L=zrm(?tp1C1MXhF&t&Af529xSX^&DX z2o5fu#cZ^jd`AIox|3GHpNA?!Of-A8v`J+eNzpfZv=@Uj1t7A2noMpMnu|s|RQ%CW z0tcXa3XpbPNxJA{t9U-GMDRFe1y>>AXqy9g+h?U;o4)>yw*AxY@XrAfGn~^;5aHP1 z;d@NYW2hc?__-Ua;HTz0H^YDKh{&6k_Fq8EjkoYMt*wHxI7F(y6#vE}!UtIuAwn1d z{_f5{pJ>(p^`n1(|G&|j{{j5_=O89nXr%ua?wDcAMvO&3kQ!o)LCVX^Yis@#awA>! z-u6RLFca}`s!m5(d>#Sml(uzuG!OaX`6p_5O3_U=HD-4*{|ZJ;jEMeqK|4mu(A^6Q z3)B9F0xS7oEe*a6H~R>~`$aoBKHLW;b@?<_^m(^wMFN%hKwsYvNcveQy4S$Y&aUqh z=r?d?@%#V4NdD6R;=TXh_w((4!7l$7WHxx9hV839Ds=PT$W}pdwN@ad$YNw_b!Fk@2c#zJFSnvH56c zlMr;5`pTd=2i1goT8&|E?@teQwRi!rwuq&+=nqN|M+cYVPw>Snq`v7xi@(&JspC$? ztP1Jpi>lW+=$mcV=L5`o8C&+1?ZeW?<>9=Xi%$xx5Oy5~{apUmYhQTj#1FnYo;V&t`O>V>-ryAC{uZ1(Vo zu;Y-ho)vH}m6Nthu%#6BR#I{Hb;pzJ8AUrxt+lXD7}tI{ zMHCHQseg>h_lDC9L}*(EohhapZMOZ0(C|>YovqT0)Y*g4G4Q~ec$_R0pA;7}n*0pv zTE;+Gan1Q$c$v(RNP?!J19X-@>D%SYe!`4yMH&kJq@j7+V=v?CW6oJ$y%^72$v8=` zHr-#UqUB&NmFVW)q91V~)LQn>B!z(hs>8cLKd7~LfxIk)I_z@MgFl_J1xQ^T`LfqP z0pNuyUlw3fb`B1@plbmA(n!k3=sr{b9o>-KDrBrtrfFQ}X@P#XZ=;Uhx<6OwxHMuB zRT^*Eu7X1K`|1XqRSP=1Gr43V$qZ7hUi37vCA`%ggNaq7wrtCZMf{WlRS`@owNN<` zD?58>y1K8+Dwy*7K#+irGm)eoSbLIsH8kEegWG0+-ioao*Y$PdWr$;TeG#m=fO#Zz z6Vf~P|9(oXPdzEo!m(Gtm0S9($m;d|)r`kRlMpR#yG%aw^F%E)Mt zFe`bOPu?|Rq%7~~+(=8!bkPzwT4NSI>s_a$QRl_w#cvS$5mwk^Q#(A1F`vS-m%+0B z%jVnP<2EfJK-dLr-xuIPCls z8nyQ)zwt8E7r3dC(3mpeIBfT_-LCCYg*wLQCFX(%oHrVgTyS|%+jmU3kkX=(_80eV6@A2;>e`A={NhZD# z5?&qXviF8M_R<{Q{ROtWSY(?*85y&#&$|ub zi2~njBa^N=iOe0;7d2rzJ(M?99+ehVsZlz{K1m#v4Fmjqwa^!$#^q)+c#-W%92@q( zdd5YQZfx*H+B%&Ns1zxmD|l+~P3$o)*A}6XfoF^rUL{!sovhu)IaJ2`Z2MO%m3Yr> zrtR3J?#)79zSfkmN+M#ucy^XN($HlCjz~|5AuqjHb<|Fqs^G7X`hoA2cRfE9jV9Xz zVI!xBe@?Tpm{%;nCQZhhUV$xNydwBgQ>pgJp$fBX#@S@NxY2pXRol=I8?bG>gN96~ z*dIV`5akWb3$RQ^d%4>-_2w(Aju;Ho4}~H^1fer}P4%fFu)-#Iyz0CjRn?$+(0B!5VdC;coDQXi2i1H&p&jL?&F) zXA5&*xddPP$F?%Ewuuw?`G$rW6Ee)Yz~uB+zWDj-3$al|gj1!tFH38U?xIfbtm|fw zbJ4@+ie78PAlOLN0U8wL?`2{#Dj!gL%98a;KN^(H)0P4LYQ9E){|SHCO`GbhP@&%+ zkk$+m2~8Y*r=j`zpD4B41+T9Q9j9DoQ&MdP&@=n#Y@zdkB?k#a3b$gmO7FH}as`C$ zQa;=I!_*>EO%|>jSQq>z7bS1P!pjQ2tRol4E{&C6j1cMGJ1X13=IiwlmZ))G%4OJT zI*>K9p^)O2AHh?x@wPUbD5cXdy=+eR%H-7Z=a@tz8Anp1KLMn@MI73BNeR~7*IARp zCuT!cH9doZxq~vY(o0*zt&gb<>|td;b59@mH!mFOM(3-d1}3Ii10pCTtX{)W`@hE5 z$Hce8_49;Ug?jn=g_7pLQ-mX)o*yl5)ZM@GbussGAiG}$2gCD63ZOBC_u0KB3N#@l zGATW?spD=~a2Y%dv)xUakxQPfsycFO8sT&qui6>o&Dpul%m3y|@24d4Tp6SR&nSyUI*MB#1)m%*1N`k}Z-h&tm) zid=2x?=V~<*TS6g=dsAvf<(j7%!mApusyTkg+%zdM#gZG9Npt_QSXeOYKE`%X6=2A za?wv5>Fw z@2YbEeTV8Dr64&9DLOawGL2X9W~PE`vRI*BwVjm>Iw@*EM4zb^4^Z!3-F;SopZ|b< zIt#<@^O;9fUg1tIFZJWDnb-S1mEabr^2%I$t|-Fp73F=aywfRR35{ergt|B-4b_op zo%})S7OpC-#g0+G43aNcxFFPhGdw@-X;+I8&q=3~d_L6d05mCyQwds@g<#}0KKNku zm%aa>VUEba&iwR>&va*3UR5y1FmYe-gZ~u?_{M1cckx>tlghab;}P z@=vV>RKVNYF2wHyTV~jw0u==JmofNfh7+oSOT7*01SUFBq!A>O$hHg$UWK@lMLj(D z2e@`=S=re;ef!x*;GYlcv^-3GK^QeIRpP)NU0AAsOS&00fyJ4J;-HWn8|8#mAxJIE zDWw(m{mHZvsHVQ0@Zr6+044@}>jvWxHF{8OMulfWtCBo5}7EzDo23!US-_5v;V!je5-)a}Zwj-T*8*Hgl2d&_rcNA z*cqnohlR-Yu3QEUYZ+(97xv-|d%saBkh|>>GLWhFX)NHjqjV%te?H%NTkEQ`yN4|j z9o@978Z1sRDXMCa=YsZl`t)4J14+elG@CP6%S?sR3x`4TM&3v$QJgX;OkP8R!E|@0 z?!;|l_FF9%V-V%*ArYK(o`8$l6W@09_3%Ka8W;ofz_HVpK2M!%>%wIx(;a45ak-{K z=eoqLz4e|`Q`3YO6}AJ+BJ-$GTVTXH#_?T{`vzY}46YAZuOWY3!bdvRVSEWQHJp03@LV#M+gVm567f+6R)k zhlhtfv$M(3UOrdC!Deth{M3labjTWkle&_d(Iv5RyU|gEOEDGS-tl=$DZDLqD`AUE zKAcsqX^r~nj0`^GB(zStQV+74xFQ*`>SK+eIMvo0abJ z>eSw}B2;6kXd)<_-YXL~C$FewlFAF|BOj04-ft2=ER{|cxCm>!Fgpna5eeIQ${CE} z*yr7X)>JtZ{sLN6>=h(D57l;BYe@R8_lhzUpL>7VwK!QMy}`=re6_l^D`vAv#~I>0 zD=aWV`n5+VzNg?iMS?A^ClWapxvbVud{Q5c<~HmiZRs{QQ910O2ubOKvd%>k2JZf@ zh@2e8^QNzXO3#^PMw55*v}IiIJPOT;FjVsPRc8Mt344Y!^4J=GkGnlSg)Cymzxgg{J3uSXD@&z2tj}=vi$0qSFaS#AV+rv$k+-p!zhO1Dz;x zFm}bdMo2!KfX^!;#l}Sd7X>R@z`uQNI9x7qNTM*#%POyip&+DfBpWVC?MmGS@hwTW zMRIbj1AI`T)};KWWbtrVGVYb$f^qV1$a$Oygb6+4FfA=@GjUu&yu1BaS|`^$)HKu) zy_@eTui}&!zlOH@F|zV_`}&F^Ae?11raifLbIZ*y5|s&Y)7MLT|4zjS=EY4|y2U3q zO3|n9vQ4B!E0p>;PB zYt(SH)G?1c20(8vJ3ExQ6K)hDCCVi!r~Ayj^(fMaqr2BtoVd z9Nqq`+pOpb)&+AY3MmOryL{4$gPo@OD-9f1J+7jvDq_hFe^=}D$Yx?0F1s&nm(ZBW zj9g5#vYGbi#H~|wf|)xU)NFeSX7LKnRB@4iQ1&jbu;IdrPT&?Ci7tgx!ZUXYVD1!^xvWqWsIiZXoUMT zo@`k*rw;p{b-_i+yRZPsAjPof@w18HPDoDO}W z7|FDf5)>c7ClpCmPXTX)$4XW49R|>L$t@VGD{@^F6L`}N0IHDLL)uV0oc39Ty?r1d zCnER?0i6Zn!v9})1h)Kc9%tZ7#cFTqbLp|0W^Pm-9(;y%?6D6jt@lRjOYwQ!g zjic;V%Y6)?L{i~fn7Z@t0sIle_n~)3>Vu;kPUN1W0l*eG*p?R)hi?NsipB7puaHD5 zxe{(<%O_JsPgA0H2TH%9+g686%DnJJU6ZNg4H^xY%IZp4a-Ze9%GcLE`PE>55{?2?H>d&=rQ71 zJZG2ZIvWK)+!n{Jq4T0KLw^($76c(O#P$-cXQhWGV!QIkC6mYYa!!Agm-m!=yiQ$( z0rfQiC6-=Og9SSCD%Rr*g2zoxYD+NI!Dy4LC>U_OLrXry#KiG6z`?v~^jQt%MiTn= zjpJ%U&1o^UAmts+Ghbidqh!m)AiToDs}@YlmcSUA&bJRKW*Cm{=QLaUyX`XUZdmcs zqEnjH#`5V$k`jYO$=t^w#fv^4D3ZQ@E^0t}`}S=XxtN5U!mX4~R$XDCOjqZ{#j|D3 zb3{bZ#JKspYuAT%Jddk1m=c3iLv`2gERNOSFgTsEJ6`j7u7ak$z|!nQ$TQdxl*i=Q zNt#o_l(F|SKfk4$A~kqs=9A9jQ5PeCQ8Rv?pslw*qPyEsX==f-toMwP2WP6^Bj}rJ>$7W8S1%Dp__|S-7&8nPa{Q8Yv`rLM5Hm^Vr?V zddY;rAQ>b}iP=NpnBwHlnm#~Yx!dOSUDzzA@=GD1EvS&oqG)~jl1EaqzK`rAEIGxQuXHRO^4mr#0rHc}K@FCl}T< zfKf!Aj4CrR#+NJf80vNev3FlPv>MeGMk~sGmLf?s1q8Y_=cW(QEx#Z27zV z=Ecn{j~yUAFg!C8 zn3HnjQL^KW3YncC4vfd+rH5bIvQGV>_a$Uu)0!p(b6mIhh(A9~yKr9QC{uoIU^F?9 zT)k2%b$lfBO17NJlE(cwX!BP_1v){~k|3>mIqb9Ls>})cJrB8LaQK0Khfel8p17J zT&~@$VZ-LgR}77vGz=C!NMWSEte(y)sX;SQOWN5rV1{grTndJXs*&w?_nHL}gsAMv zYweBq-I$2w98Zc#Ab*oT4UKv3uqb_TdR)Ejov?71w$uh^I|R=o{cbF1c@F^~P(w_q z*Pn<}30fHYx>f)hh}}y5YwQwft81!u4O-fxr6)-1q7Fnlyq zlFE73TPOX}XNWn33xq}=r{vwQTHe|u?bKeYgO%}mqFEI^o`lCLWS(f&K2&qZ3LxIY z=~TZ@`03dC%FuPGbtN|2jhy>U%dKWU{5vO=oT zN#D<6yR|b_dT-Nsa@{=h(Z_2lKKPI_PpGi-OCVycZ4Eptouu16N^L`j!{A!}Zk7TS zE1Qg%qY(_0_C?b7BTjirwDA3%wxuPg1l*>}j~a^K%qro*T3blyTO2un`xqM|ga4jA z6O&(Dq8ESKTp&|*-&$Dx=y_{hUi@m8q0Ve%JqJFF|AB*z|CTm;FwPS~nv|3Jz#nbP z=R9M=F|-iMFy};KI2a#vzRQ5f?_*0l{Gfa*oXD8QYRG)mll;h0WDQ()oyh?_W0QEl zsEHI(TwA;t4n0wp#+qX_<34?F`RqE6DjaxBxEeetzY%@*^)DDiejF+$*zk z7%d>Od4w;2*e*FzwtJamCbMHuxs`6gx@|q8lN+)6MI9|PknCG4_cs)lB}ugP#9Z}0 zQpj5(5tgj2wkyjji7j<%()W`hly-*A&Wy~4S~s`0dN-9Ma#w2}t-W;=si0o}Zg(qk zKcELDkT_fQ5p_Eh>0D3!1`%1n*>h#^BWO;=mA`UbFh{`%o^nSYpqrcX!oI^!(kI?66L;2Y-3 zSnUhKmnJ&WunX&ESV{`l@fc?JQ_+*`TAgokdSpMevb;16jHDX))SR`b#NdER*6)=` zD=fOX#U*;YLd5^`8)?f93!!qjzD_`F$1Hs+#fD#)k|h7EUm+f8JktC<^JMRs8@=^( zT!DSV%nX+k3l9hqr@KA!WdkF8hi2VaWuo{3O z1X0FjPj{us%#eLl954j{;L`_=$5nz(NIqjD@%FVJ)9~2j&;_CKxJaDrEXRuevm88Z3$`9<`uGcq$X4{v-1`cSE>C1M24Cc6`91`Dn{ z7h5Dygwmbe*<1RM3EY_f7yn!pn9b|YMx?5@vl&Pd`&V$Znxy3c|y`x`t7)`RnotG+mv!RTa{K-SXbpb6G!exKi={u{<;E$P|p#aZHs5M@#gFeuSTcDndR*Q zir6n}WScKtvySnn(+*1t#LVB%dh^()I`g6~#tAt4c{}mKx301WdUgwvqLMsMdl?ZW zepq1DYDd4g%P&pQlq`vEZrDPKLx-6Zt6PbaEe+9?<861ErtH?%O52($b*iG3g;B|o zFCe7a1m&QB=ZZ3;l%&fL6Z7j}d$W5}pb#2tQ^~fJ3A0g*h(B%0-Zle5YZz`RZIj)i z%UGv@8av*m$8Lf8^WL}!w69ixpxcX3H0TZ~R_txbef}F0j3&Ef3IPn#58Tt0Q%vt0 zCrA&v-{hkkAd>;n%_;gKDc!v8iOl3z>utgg(6@FiDGelOi@pIfDw2t!()GF-w2~N6 z7HvudrQ<$rvW5pFq}NC7q|x-^FD|B5f6eH@J9$Y=PUu?fy9Ng%=m7!)sP`HgA^G_` zYdTq87BLiUkkUcvWRZKZBHgA9Rc+RBmv@9}pvRCHyYrWk6V_ z;_5cCU1`!umV4iB&T-MP&;;%@Bd)3bDz4vfcyczV6W>jkhH_RLsN2im2MoM%%? zy)VHh5Mm^b?WIAA=&Ct{7xWuH);{Ag9za*lqzcRY9M2+P4u#{4N`v&&rFfANqrwx1 zLUN`kB+>{|s9@RKE0a?FI6bC9rP^>?FbRq#$PUW;Q21$zmB+^fA$bJ~ao^i#Msf7? z3tu|3%_|)HtKcKq%qD~XsRgLlIN{TnL4}J9Kb5yeZdObTnT+Un!!ploC?D2*WJ(xA3h|&c8|uH2F56+v;=#V^!~d)*^^8Z<}fsUBlyYLUx?Dr*OV?1|8D6TDk;Hh%4VMhhA$n zocMMs>>X+4Hng;cQ~mxOtQ6GL zeck-l?mpt^@0Pjy9g8JF?Q56sdc7O{kPTh>%v0dY4317wh6#37SQ2tiZT%do6jZt3 zY|RiHnI35Qd1H|jU^UQmwrT}BB@szr0d+O^c9NQeel^t5(SD_=@-g<90~t2AC_@ht z^LKPV%gFg8?ZZpXZiOmdlA;&1$&B2Kt z3d}I8fG_0NXO*LdMSzc8NyK4K&&z`Y7~<;H(Ag53c1fO_EfS7px5L&io5^8=S}urC zOK0{u5M|)F@c6jzbZWkX8nz+w(fYb;n}DwxpquD8@n4hncI|Q6f;lAmP=efGIo%O> zT{TcYU_+b5SvT4)g^b`9U8>Ne5#NQ~%57~UQ1T{;aGxnY-*%?;I|&eK9UWI~##O(hAFcZM&qt|i$xt0~oa^G232l#B5g{|dpB zdNR)nO67wj zb`neb>A$?i7SK5Os!VT|yaTICJvuiRoR9#C=(CQo|7f^}DxId4{p9kxlINCoX7<(6 z4Pq*cHfFzmGXtF2*<$E~vg<{D)62_Ac2)?vi{C3eQ8%Gy-wCR4q25Qy>P_saiV8&f zRNe9R3YAD>oW%Wx%*;BZkhvD>_s;lXCs@x6yK8$;T9s}qxNtOo4?Ao_l~c;5s%U5N zcyLW}S_zmc{bI{u{&V+|@QHSNPmI%18s%Voc(vPY@62r*d`)eh&T1&j!|Ha<6KLHF z(9KC^WZ+4Tw7oU2TE3XIc!mt;2P!IvE*eWP`ERG?tT*C~mb)p~mn&xvf3LI$LA=b= zhc${gZX^0i^G61#<|;~p>PL6=Djgw8QO&b}prfJISI=Of2a4VH=^@svQ_t}qLxTtv_vr@1I|Bo=95W86yAH-Oy!E9xrO+bBmWuYkgb8;$$0g5r>N@u`&{J5Q(RI0fLRf zJyPck jF0$>?GfBmF%-$yv&LFT`fZ1tm=7>p}mm-S1{(~v1 zS>@nP3@T#ie2Skxkm0d^k$Uq&zYH=VrTM>Q}l!$e6mr(=q8=?(W^tv^jx zuLcM49ZTE+t^*yh&wnkr%Qrhh)<{7t?K^}9Ohn{){?GAgY7oJ;sY$B*CWf1BDGr>s z>*~#vx?$_gXSSPt5cb9vJupbIL4aoKa|Z_&d(&kw@EG*J7k^TI#);2C?Q}{+mybjxw%=yv&@z>|o3rE%$Q{EEEZzKljAts_8*CyVWp~VS} zN7%^MZ-w$&W0xRG#D7h~j3kwyLve02KJ$Ql(mbjI-H%FLabBWQO4AXsY3z=Avj$oq zZaBm#>8%TfDF@6tc*c)Mq!^YHK6{}=pTLT#Oc_gGJCg^~c?{Z=R}mmL#u)2eTldN@ z4iN?)L~{b}O33b1B$(5bLmkrONtG4%+uChQrH)N%I2fo5>sO6O?TH1)V2oP7jRX_X z43$Ov?@m$mr#CKbVWb9vC+)H7fnWuTCM^a}dA((mgo!s=Q2`=*EF~b=@^~pGrvpyc z8j-dSbAdDZ4jJ0I;AGC@fkM+||E;?H`FP6%$ZNw8-0_2`cH7N)tWWCd8#;(GEF|R( ze6j#bi#cOn$D6ZlV`F0|sQT*-zP@A@6=a;zZB`Im0VQr&FC(LpLGW{>=Vwt1KXCD( zmV&fu^JsNR-+8UYMaWLBXn+(6aL?1rGM@4Bsv?|S>Vbj^C`dGErk0D9&5$vpMiqq^ z%M2~;@QasiTe+re@QR@IwykcDan5tymdt?25yNer!ZL~?on+zg=+;qAPW2W$&Q4ZS z<^ZSuz0nY5DJIV@V)2vRK;8|DrII#Iot4!~AD?p50CsiT()JCj(diGNi)OE3z6Vc9 zX;qTdd@QaST0DLruq&&>4gwG-i+6?AO6#d^H@cuA+v&H1S zO0v~cKGz+wqkR|lmz#5Tqp|1$;eIl+FQI6F=x3;fNuR#eu6dQ;Vm~yo&M+B%%Fp75 zB<6h@!q6%G3`PUH#an&-GS#z-cu+`3U#7b*nN(?kS828oTz625%07R#ex#NNqI_w2 z>Tq68YStU7MmkRVZ!Q-d2`020u%HNIdzZEFT@awGwzGD7$wi+wI}%m_6glX=rJBtL zMee}J;qh^wg_T>QW-p(qT6-E0mU}K=+SrKCV%SHS=(gHCk|lL~$-amH702%(Fx_$v zbrn@2Mu!qUxE?L)sHrdGU3hj~_ zhwk>gHqJ53y8RWHHABym_}_QnPZ{D!qLO^$@G1PLrrxeF>#VQ>-R)GDZYdUc+Y4k* zirC?zYW1=@WFYyIcdqxs3-l^tO;^sZ7~bWxp!>%*$t(mgCBu!6O6|g$%(7$b=Up+n zO&R@QocCy)OIS_l$snbn$$LCgYF9dtHvh1A2?A9u1|S2-mx}oS$QrKLnVG%R>HU_M zm#uCAhtpAYRv3qa4hivUwo)=>oLi-32yk9-e}V`B2#`JoL1=2bLV~qt%AHvav8~(D zJpuv)1KXAXt1<~jgI)wN8xj)IN+`EQrwFFoQ{cU|(^bs{<5*OqKpsC3Jg^#%@$k7N zxWb<(P(@7vyvv`|t(tvW*hy8ZK`2QPH2&u+L(m6SN^nMRI(`wiVN*PeSUMnel3MkGhGF6Wdw?gY0}VcE_qTMD`b4 zSZ8?|2!?sRQL#JJp1iCUzca4%{@#3=KJZTcoXbS8{Vt zYRYkb7%FHg8i4Z>`}KJf$sl2@`!^(=F_jUv1Of}`W`XjOyt=iFz_tM4mkTlUoeeT~cF6g(8i!_{hpY>xG`LF{VnpjMDe)44fRGho(u zI89y7r};)T#L#pX_}kYMV*&HSgj@$~pV(ytiUNf1KY^q%ywRd__DA_>DRHlZ?k0cL?IR`L3KY* zOF%Q}(#^-L;Je_50+i>akvj6#(S->1DHkQe9oLf_g5GEudy_&^63BWYz!cSH@o6>d z^_6t>smx|85y8TO3hhmR{t#?86%>xaTP$pEq7;}b_aBCSbv))78MwT$QeL|{8i5+? zEPAfa8i}G`cbdNGKZ?rF+0*d)A|9`r3I5p%V+(s7MC zW~>}IF*FnY)MCHhIiIe50n^KeHycyAB+|a25s*!gtrehd!D+JYyG%Kja6mXA=X1&r zdpIlzwvyA?hviK2+i^T0cJ8b*Z#q_ z+O*R__*B2a101uhB;cTd#Pu*?LF(_52p~s=YScLZCG-Pkd@YY{=esbLfj447{t9VS zY80G$*CAac+Ua5iDAe?$_am(F(C_c=OG6|WlbK=!!1S(L5dZT0vzJqypnY>5yv(%Z zUso>BH56T__*Fp+FO3$@EMQLk;Br-tDiQJ6^s9CZuSBP4$|U zoM?_WtxiZ)7#~;RxilaXH^Q|{t{kyvg)?=G1|LCAWGB+*c$I*fdu&!U^26r$%w(80nl8REEy8 z%Ub|R?$14>+ereX*k5;FKM!f$Y|2v9RNS3E?O|w#M;IAwnz$88)cG=NWA)>lU#3pY zj5hWQhLmc`6Zwant|jQot|*2N$W=2NF#{x?pHDs{Ne@ zKd?Y3s1F}LP*LUFf z&i9}^Exu$dz}NOL{|nIN6!7N0;y)j&d%-5T!UMLwyW^7vd! zs1A9_;(1aznP+x<|H-TbxKe`30#kM_u46 zU^(xE6c3CIp|=!wCH2?CRJ%7V$9s(Q*UR{VAA6e2WkM+*9*mR5@u??9 zPVdX0^m?rMi|JLNS=COaL%Vg0kr<+XEIAvOR6O*FA5x-G^wae(Ya$hd0yUVZu4CjPe_~d(6IrxLSL&)V$;~*XfSn?? z=oMHyPUY|N{v{2Ms)y%JC9DH^F;i^)m2{dK*ES&(^z>@=^ua!gZy8CZ53`gKMNus{ z#Wtcd3ToP-&Z@S&COUVdN}F1{tmkb<)&YS;_KVUt+tkueGY;3*6=GKh$J^y4DZ&Gg zNmOy!T%`8DZYen8B4*zO);(GqNKDF7i3~ZI<9M4xK{aM~hO!~HpDy1{+-OqajYYaU z{uN6G7VNKw3W+_YeX}%a?*eY}KH%3>X}UpoUF__OXR!v!9#9>liZjsIVELo8^fgEk z0fz?mau=8K&YjRE{ZufzRKG>vDPq?DwVI{%ws1Ebt;h?PR+fM(?Dn+4;`Np_>G0Jm zjZHMZ-l`Sm0UhOff7KtbqA8e)NUx_jKG_lDL0K#1v=`ZMGOZ-BW%=$p7rHkk67KGJ zOH*I$R#wQCZRwlWbEzl)kPyu$>s3Q{>?A<8{{i*21jkK7vRVSKPXb!v3xO@^%t5~~ z?n2g_;`!zKxmRWNmbTEn+oVsxsK#bJNUB_Q;-;l`$V@cIldcw4Mzwt_IXV0uvxrW1 z^0YSu%xI>KQx_o{SQZ6Z&!2o=wUSV=BWN8;8cBy=Bs*L?LB)iTN|k~sSLk^^;*9st z_})nl3WWojo1ferpR*Zwq`m*W(Vr*}>gRWh>X2e${$FWl9n=Qbw)wPBT#8e?#fukr zcPmz)SaElEiWGPEQVO(Ki#rsT(xAoN-Cg(OdEW2anVp^aW_J09BqSl3oSbvZ^}Ft5 z9$?<+cL$8#ORJzAS-j5G%lF`ppr;p?z0`Ub`l?_mU^SRNny&w$8p9NNOg2fw!Dnq6 zFY7PELo^vzSGK#ivY*(QDm!!Kx{ar|Qymjw{E@fcr8oE|HCDL0oyX4o=GgLz1Tlk( zCcOy;RFFWFFCIOnH-WF(!;yDx(*lmXsAOwj75~~p&tFF>)Vg}iqAe0fE9N(6OS$8e zjFWQylV|aR8qkqR+5HG_vKXn-=qAiN=dN>4?)SuC`qhYEurS~J-&*(JEE;TTY2+D5Zjzn zsQC(dFbp>oYOG`>n#l^+7>g-5g zGX(7c>>poA@Law5WPm|RboA1EYR;Fap}p{0B#?UB z&8ed2^|+H#`%@v>m$U#S!H7~Xs&j2PR@_~9KHDVgxgN)W%VT0#e6#I(2b~-r&y@|8 zJ3>YgwHtD8#2G)5(b#kxqg~Zif{jGLA8j)f+Gg4j3~Q3cqbmXO=&9nSg}?k{0n!s^Yu*-ItanwbZhJ zIMB|9^rg>Yr~%!tOJ7{Z^D-W`H^;XhBN3nHYMxZ3_|r6eWh*}*xr|~?{(3H-SZ`Kk zU47Y3C6Qq>p0j=QkT}+BfIVelr`b>)zjDINtgF^iLUQP#SO4D;42XGt|AL*IF(h0h z#1f$WODFZl${I8Qd63$cI_0;Ctw^OYjO~64kU+?H8cs|b(VxFrn}xD(v8tp;Z` zbt$Whl8<&A+M09li}Yr9?>8U66FOFqbVVk(d80iQVi6;f@XEZ}Bx}1T$xI{Y8X8DY zTAEnIe9-Ui6qf(uni})0)>pQxp6Yn(g7_4_co=Uok1|~G{Vm%1KoWVuS~UGVnGUyr zvddJ?GEI{dLm`c)8T`fR&_EKGUL~FE^R96zogyP6lROGAU*MkTXQW~Ip^UJ{i%&z& zB8#44nnj7WOJd18TpLOv#?(?LwQwqaeb+|VdmXl|2Wv#B>W`bT+do!^V$0)g*Xk0- zGhHpmdk>lAcAm+$mOgE4EUO)qlCoGVn5Z=SHaoL)_`Bj)Umq*z_&*{4R$MIB&hojA zHu6&s+UWL-gdyqvF5D8OhRPF2-{uKOvA$(;F;(b+JQNHa_yMzUGW_rX;#%X%b52>b zf|GkiWd(e4LxGs$pH0R18FGT@=c@cp55{aIV}Ld^=qf#@MnpgW*={tbhSQ3i+^%iw zB!;QJE~c==rc^{XO~jF=2?ue-c9}D4<```u)As$Yo2{|o@igCr13${e?shrOw-SI_RI!Bh$`xI$q$?eNwE_!u4yWBLVr z{OFhEd%??NJKu<0ne=ZKBl8sYQ5Vr#3vl_~xQvgFFLe_bbRh~IeLNygXuDfyf%%E{ ze%dEMX%7>JYQI8#*NhW*Uhj%Wd5w_Qf4IAXJA!ORBV8Q{Ct~xfBnGbm>rd7|vA9^S zkY;F|eiUx@l;g6rVTg5to=S#k#k6D++Wu>)FF2H_A!4O*6h^s5YS7$z--y#_XOnO1 zD*I(+(fo}R0z(@n*xB3%Vs%0S+PbHmlB#T@xZIx$N6d_~=2g7bPr8bF%`2?@jk$Dc zo|fg2@J3eRn`dP(b1GyWG4&RaA)55k=tL&;@~_F^P_Ih76?$u+R&Fyis|qhW5>Jer zpf5)vX>rri(2S_=J(%w$#UQg2!~SygQmxySB3TZ(BmY28{P~+pyScDb1HTubdyxh- zgM`&X*ax27T`~;^1(aUGR5(=A{GAs9%YB&$yBL!@tK0)ON?K0cWb;-mCI7l;VgY)J8r6_6vp1Zv~iI{(Mk#);1V(gOGaUTv9$ zxdE)Yk(8WGL*VMVwX-8;z3aakM1J=+{Ch4TSYrNm(=aBlPyypn`Dp+B)mXtR!|x)4UNKG=UKiN2x0ROsS2 zA3xGNX~)f(BTTKkK0CS8pcVS}w-W_QMjozo z1%ORP-7*wuJFX56&+(Fz`!=1nc$|<#;tulKMbXgFUuG-u&rShd@2X}gQnyTwM#;P7 zbaOwUb@+ba)(1Yn+X4Gy+7eCc*h3(@0lp3uU>Z26y7(Nyk;96#J=1dkN&9hOgaR0! z(qjx8UH}9M4m;nAU^Cplm41_`rH#zycmD!r?!bZvT$FEI9QrS7}F0*kD~(w}dWt zm=kQ1D7*(DU$VVKNUh~4{wD5dk@(?}Gv0Tb<8&xnvZmg3QZ6-(biu1P*6?I_6>4zg zKbT{_QenMvz2s1eO3HR@XFDK*9uxAypC6}Rd_NWo>x7Ya)aNVp8Hmdn4q4fqIo^BI zeX%sv$!ue_R?25{Be_K^+&8y`1>%?dX4^}PhI@oniOLL*LO?k>6)4!L-6Ar1%%b!b zWk=9UG{N5m-jyOuEJkV=d6!4mclPW7do-^Z=ZcTSpbqeI5qQ*j0`}8Q9rq-GDl zD?*}oguWS=3-_s^MFJRIqLODe?RUB_7RXXSoI;1opQ8Be z=Jxg&G)Nd=BRg!SD*uY-&?}&yT<43j*)r3$2p7-_e`bzxjMoY34Yv62fKg zW6+FQnU6qY{)tY2IGf3{2Mo+TwPxDTHnGWPufZ!|Gz#sL-9}DUk|y7s@6)@$i^tgFf_Yo z+;^iUFS;~8e__k;H0Q8$HRa?`Vbekh3<$SG85$EzO)Im*cqhcv&Oa!AeEQq)Cb;=b zHVTw%h)=7g)h9QQbEr$p^?dA{hS1$G9`}qQkFF6qz2Ux4Q7Si(n^#%tTq<#HhO`Pn zpl+nhLyDQvAgK|}8Wd*G3#8|HQ($oXtj9NIJLpX32daZ7ex_n-wM^*Oh+{~T6#R*Ds!MD z^#0KLc>9ohxN=XM6J|M9xEx||j~(J8>dpM01=m0!T8XBvp#h*Rt+{PD*d$Z>qO4b8 z@gfxJ53pgzV1`$9nQCMLJr}H<-QDg04k*@f?4h;|K9!02r$0jjB$InS z6XH4#WQHz&Cep)Ix^7amI8@8>P$a1DFQQE!W%CI*eiCkT$C*C)77A1RdMQd7gxws6 z9|};GNvs4$46|@djj(a#QJQS|RN*-+`q(p1?5R$uhNR{~Lq6uBuGHEs=637XDWQ$6 zrIqDV&AXH@7NHs>5t4YcdfD92Fc{Neq$-6d0ZX(v$oL19SIAb&Y};kghCWYK)+ zcBMsBedsKLJJdCaVH&qJ8e6igy zixZNOi5b{q60s{*7?QcqIeHvVw)M!fv;@~!Pky?MCE*PObKHa-{%UCUeqz&xN%s6e zw{Z3F;oz`FZTO86&oX?LFO>JHhr2cA`gFti;qDorut=rl|E*PrslEh@X?)@@ec;-! zB?xd6VD-MRIbQqn))RIJP7G>KHMz3@9e;)QrCpZyLBmv)IcALTgNORNN}bgTe|$$O zE0^MZKH+95H@mKy^fhZ+!CX%j+V>z?OyvpcY4vfc$U}FaJc{571n4sx4bYzjYfEJtr7qM$+F22nf* z58~qvPa0q5w$J;QN9~BIl&=ru(+z|>R;ge*ehKy%WR}>ebp^-T_hl3%#YKW(!i%C^ zo?k1&krFGa=EeQ}M3RQPNFTfrEJph-5FeAAwqBp~WE*>Pp_m3Zi=cRJ{(eQ#b(`o{8eEpSItK_V#;n0B0ujNhxX<0dfis-bX0xaJZdHUi_ zCs*mQ(~0%_tq5xwKDL@Hw{KYZkH$m(SBCl_6<$8lyshbRrIcyqrba>Mr)<;)e(sX{ zL=u)q0!nskofq{#r&X>6e@uwGe);&;$Xk^KF(wnYv#vUTFtAU7!mYCu7>!WSqN9VhxcEk#oZB^jw z0FzBWp0LC&D?gs8rLlGT-b{v@?b`bV!F(e^2z&%e#~%EL1cFix7CyB-?6zS@4n#zt zfED7&b2?ZB8-xa=1qLG&u1{(It!mNG!dwJ;deAE8=Q~<~1x1$6N&mO9GQ11SSTti$ z1OVm}9Xg1M9bj%K189vcttBc;`T7dZ%*_0B*&cOBqB>MCrPR=(l(gw8fZ+a$#lZTZ zjNxy|n-S71V@&*nis!je^r>7e^x)ev@kPF}FULv5JdUF}@#2*Er8a(&s{WGPvFD~} z#R$}nSGXgBoQ-3KBP{Ua&M^De_cFPAx~I)Dx(E=1RUS4(Qcvt;6;-9}@RTnP?FT_q z^4XaF97(2K$y8CYh*$!sXU8$$#aUC99!~C`868uOaB5jdl)+oR?(W62EPEIGrBR-T zksm(j4SuvqSnylFHlM|;QPKnDH;o@3(bI=s4~?<*U>lksEnVAWMg9&$@7LJ%9A&$X zy;VeE5wKU~6-N#v6uhJRx#deWk*+nLkyk={GGsb}( z8GG=~{8QWz`X1A-OAW04y9amwiS7{7N*#CGDb6k&{)K+hf~(q~r<&v|i+>GK^U^d6 zr!igJq(r4_RLMu1!j-FRRF8#9NXfg;!mfK#2`U7RE#p=hCh$Al^A8D@2qLa6`uJO; zK6z4=Wv1{|cQmY%j0q`gjm&bZj4PJ(jc>e16Dx7fH|0$ac~Ry%v`_YN{iZST=TC4@>1ca`p z3Cadj@_J4w={AJq9QntP_K|hZkRyIJN2qv%X7lY;sH!ZD+#9x0uE28Ky^gQ6vhPwv z6s})qnboT7XJJJ{IrU4zCsR{)KB2b|(r;oua^U7hji#);RZ`kwJ%0lBt|P$!azSio z*J^6PP?s3~ayKEeIwiNh7=N7_#fAeU;-{UGKMp~t0g|{{VSA>R`?gtI~w=Cj@fGP zT*XWp7DL~Qs;X1dqJLLMiB=o~hB!|kAaJMlQ34(!CQW>xLK{HSdnovBavbJ*Bb3`a zJWNseH}cg6_zjew2naD>TJv7UmjSfAexKZ~`yO*HHs9A*%YWKbt(;kn+m^`c{)5~- z*l5(>X}ruX7xndRiAw?exzD||I~aR<1-EdTbGgFuc*35>?|uOP{y)Hay{e6QbPdkU z)F$SSdooZR=Fe{Oy>;W@a(Z90)|(^97hrM_;>Z2e>T zI=?n&#p=aTr=)gHacdky;A(h*tU1dgf6aOb6CIJe#O)<(fAWYDcl! zs6|PfvX@H-ZX0u|&c)oSKZDbQC{!Fuc8o=17m3lg)j%P z>*?++CEh>y(ubR^@Eep;P92y(&$NJx9D69AoIG?nBzA6*pE7zEVmTb1V3i~5hI$U? zOsa03Ki3nkH2$JAc)L>Qy^G=YDVxakT|Ybw4LUebT65<8-^AR=I0u}ifo* zqd4LhJs=k_$tZ+_RL<-1%uGfO6k9=r%!X9>xo59{%RLK#e=#@x?^a=<*n*EUIgAvO zFigT3JMB0l9uv$xy>32A{k`7N_OBEK4HGkT795qKy-dFU?phK~0z>&&3F}6nN4~Yk zv$AHR*W%?`5B)zOF%S3vfdAo!c=Q(26^ronR@>TX7EewQ9s78+=AuYd;rd*W1&Glr zVPzB2&lGY%Id5IU6<+lmEgy^Nyb&EWpOAbN>cAw7{aUNi^8GaEB;g9M+?i#L=o?b& zi?H)nt(?fF3J1!xkETY9_N^-&=PGJNvM_MbX4~m(zQsPR|COxb>p6zXJ8CbYu)W2` zv+r^lTE_(4?g=K*jPJXf3v;v*O~t&S?~-6s)y2F^^!gah!szH}*BEN09pjfda;VO- zfdW+zVtOy_d_~?dLRsiU{kb18o6d5OWy?=Ei!JP+VvF!R;)@BDLa`~T+_aHDApe)8 zpHVeX^zWriOglbYlcFTp^pjG8T7;M%g6Alh_f0TzD{`5$zKeCox!2Gs`9){FV|jA_ z@PmHXS~u6Vm-evp4{zE|6Bh5>VEKL}MG+!VYzI8bb=y|E-@Ufj)a%BLE)k?Aa#&QZ z@`6qe+k5QO{j()yO*-(hyt*~|thGj8ttQrdFpEGBsm@JEO6n63HlRVim6uCtB;QsS z8)|L8N5eq-%r+Lhki!TdGsx365#vJSd+AsjY@Qd9_$_d;_ou?E$FyXjh?t=MFXTul zaqaQ1o56-d6X0_vbx%D7PL9Ma?1cj&SsHN7vyLl{u3)l4m`g%Rif8>XszDcJtUxf3 z;)dCoO2nfDnMOfn19u-$1>Z14XswhT3!`?F01FkUHz zQ9BUkya4Ig4Oq&V2V&g{04yC5rTEP|J`h5x0dJQ2xM4q%)*tN2pMDw*E7jwhSKoWH`>=H0FYtUVIEpX*`CMc`zFk)z@w$uGgjZz;&*a72Iu&Tvk_OjEG z=eoASD!)~;+6U}-Wx?h$-{kWJoseYm9|c_DKQsGiTP#aPZ^d@Em*aFUks3B{l}2{% zL8_4AGXzvaD6$FrCEgL9&^~8WRlt3oMbyk=i~qvq0?9J&uuWAehzH~rbW#YW8n~Nh zjv2oxBz*RZlki=0|HztRzj7UVR-4rAykMrLJsMIlL(C$Pfo&NfPpfotNqL}~sK=)} zpj>Uh*x7hX@gr1<0so{;`#YmHNi<*5-O@f?kNv55Z+QF&Z^j}Yt-^`n@etF)b@%M< zYdNbiBt;>4%a!bNvGi0w#P6(3JKx-APqTrZ04}>PQLbR=Wg6Kc&JNPWW-4Rjb`B|M zZyJ`IZrQBwHW%_`G45CzAW#b}>gFyR3Nq3#r#2eslF_?LGAr2%YI*hSLPuJR6Rn$? zufDl;;n;8?1bRWVw~A;@}Kp2e8#WH{i$ZQvTsyo zJQ33sp|7K=^%TbB3)~tJkIZQI-!b{de)tg6YQ#d@AG)1e}H& zFYk~MN669d&0ItX?1QqIZhp~ZFdq#}TB6g@z)k^>94xZUis&Osxy|ABAebXcIH*O1 zMB?YsW_B-&hj!k+OH>MdYRZ)8h2dhB1AI#Td3177bb+rCRBF-*~uZRYm6NZEz z1z>RC_30+RUX}l&Uo+_ZTy04UXYdGtt!J?L8ucx(%K#FscY!in%RrnJY((`LC81d@ z#JxOfLiWcD_O!Y#dqg~1w#>?CS}auq9Z8j5@zU~ZsT0EzBjD+_^-Z;#tID{a>iKc) zPRCDV0PK=045s8MrBa>hXa4gO?%LO!^a!i<}U^d~et|bx8Y8-6@h= z%RJuUxH}jx6q;uOdT{Kb%yoC}M=L8%HJXf8{R0__>Tq2?43a-4zUzZW$zIqi8JDzgy6pXNIfBj-`%pF* zreQ4i2^&aRj>>qKGV)xR2sB?s!OfIdt3BlU77`e zddfW;%PCAlUw+ha;|5rdS`KCiq5>Ya&#WpfTL})S(DaYV8*l|wtkCN|%IF?!ZT%V^ zj-y~T18m6o#Xmh7`cItRP!fO;mAKSy6({35g&Ae?7pbBC@<%+m& z(XY2Y_NMfI1oYPkS-qjUK$iql;JA?R?zt$Q4r;@o{ZY$fZ>&2c+(cI7sB8-4KXnQ= z=A-D+{3n$}y63VWv zuVND>?$GLRsmvl%>9QpqlR=_qgq?t_R3X^gP+2Uidv^N-S9BD=PVp%0f^zUx3B*7O zrXQwr%ap*^nPc9@zlfyeHK6S^eLYlY{?Sel>R8zM&dmlYB6M)|hL}Ze23`cm5o4MP z3Z<%*2yE+Qf9vTs74BR*K;a_G|h2Vt}e$p||80{o*tl<7m_u_J{_HXD^>xfHW1eiN!NV84#)wnvl zzUwoSY1Tq0yy4gTGB?OC*f4GIne6jMrz`N-?q2M(7y}9vMlFK^XE)eN2xHPrjsjQy z!+ZrF`fbk6&>JdV9KpbM$1z0%DVjtq_}2fX=#xV_!8#pqXL`}*c{~Yu>R3@%r-{Um z_IQiAlpxQ-KJ(b=@2f!EYDY8&?sv7^CiLk%RWDDW;AX9mHp=rU1xfrsWF#<_x*9Yu z@5(l~N3m{C&DW&U=j0ac7a&QoV;^&`0h{>B9pHVjq8iR3mX2LeS7z-kNh=_&; z9x(nKo=R(v+Axz0Gx>>?5U|DiMB-zhZ7Q5bl*#Ufl+W7d_(Cm(;gYlv9Q$0UBwX~^ zXiBB9QQk7w+42hp!MST{oW8Umg-Yvc3}T(}d2`oo^^=0nh*R+ZwHch28;lTMmPkrTStQlAO=WDZ+(p6NU9|1z5) zcUQ`~vT3Zv^|p1Z-%GV+(##x&Zy`oDaycSg1S0|S#l{ww396U0&Uif{+2d?P+M(liA@mf=PoCR$0mjvD?<#eID%eLLsv*2|VbQ5Y z%Wc{q%BSn^>I1wydJ41NdnW-PRA$?DVFLQU0MAo`Bo{&FxD5C(r^xumt993GoQ&}J z09up;WSNP`$zhpTrJtX66WqB}MoofBDCkSsr5nfPhq3f1Ko{AX~*VPl4E^zzFVsE z6Ukq*A-0oUr0m(LRLlhJtn{)wdil{M>RR$~6bsPmLE9$*Q}nz9Oz(q1rUZ*zVo3Q* z$7*(3UwY1L7r|U;kRMH+#J)t060kX2JGo@UEb=nF2;C%^!h~p5IB5{N{T8^lKo%mw zzxXdwe(1Zsg$Sq~jXaDg@sk2qL{$$`;=H~+K)F{@e1f@gfH)b0oGi6#Y!~Wa=WB~5?OX|zi$51ESQfeLPeqvn7OIj9{syLbK!1)Fo)3Q&IQlfwZQ?( zPRiVz*6$`U_rpO}!&L2k8w7swi_g--EzIaRkI-|3mbpV5Qy7inIZxX~O_KvyxxvQ= zb2T{1HePRV*>b1O)`AtM2dY5fzl=_snGKsl)Je{8_pe}zj`SRDM=J~~B(xhAn@^30C2LS)8fDu4dD#zmg6Nfjt&@pI9vFI0>z z!ReD;<2h#BR$nFe7Okw_)j*^*uoFBG@Z-(6l5%by=fMg083|D`EGdfp(=yS^ViWDC z>n2_C+cp25G%5dXx(hzjnMdgxAnEo$-YKymCz1_}Z4ar3PLReDzud0$pIe}AE<+A( zb=ut4((g3TwA##YimWJ~j5?Q*6=AgWiO!{1h+)mE0B|{LB?iRr`tH=Dmw(|Sh-O3b z_hCrs<6Nb7TKV5+Tqp60ri}nM1_ODWJ1jauJgk%B%Y{4j2?4PtAHlt?kr+fgMC>n2 zQB-?CJ`Q9eTmU^B8?$0b#o?3gz!BW~2I@vOnZsN$q4YR>b(|KVR*lEQ>Q6q%^$yLapKD zB3RN{@N(S5$OKm`PWOHba;d*tEa?bsd~9pEjVwDUU4=aG+a_Xvt{#^75R@Tq=pQ_4 zL&az{3}HSnGBaa_QsA1CbV1nJ<%at6v>exbLlWvw!G0kgZ8WLtb~| znxzDJgVSwjJ9D8fjHlBIm@LXqg8=oN#xs*>D}$JC~QdOQ>%VUro}{|DCwGPYadrOG|F9)fXneJ5&u)BlGM&V}aN}`4!(6LYBLk+wOF}MFMpVwoi)C_$aZ|V`yd-) z@?J0lqafp*?mOTXLIO+=a5kJuT?9uj3w67r+6p7rbw5YVGn_ExS?L{{W@CkeM%I{>XvkF^E z3W2wkLUSVh@9uS9vg*u^VBKCm{(SCXcW@A6YjADV3}6G{db^#S2)(9D+?lCXW9ib? z&4uE;#mb2Zo|CFv&8*%E-A7tY3)mxy+Nu~bGBa0?mMKSOZ+EX2qlu}1u#m~s%r&GW zek$7>dSvHvb?u&siSao9Ymj`_Fc;VGeI??LPMuxy9!riU`-+>!I^yFE1&9s^a&;Oi z2Q;31sQe*(p%t|uwc15&FEO;xf`t`NC40BM)*lu&RaIm@(a{$+dn$r~hSrr)W4$uh zP-R*|r#AV+AePu&C?5dR#BgwMY`{hBWs+{Ai)E=+h0(+fH*7xmDuHyYltfnxr;@Z5 zH2djGxDpUWL0H-UZp5n%aUx|J;w z!v-%gKsyio{+8+^L@q9_`6^S7JD;@@A2=V4EczE){gUxaSLh*u1-Iab(FS~7D*Wz0 zT^}HDV#_@J=fg>NB3~{B5ga7AgAUjeN$p2m%j~0QwGVt>)v#^1u?@uQ8<_at9`e6R?@o@wI z6}JE`|mp_dNGJ_jzuf^LgS7^fd2Kuu=d3fIHe+YDNG6!3w@DP6ou+t$yS_ zctH-+f_ei0pw8Q$AWay=hF6mMXg^aYT_I&=P+QVpz(1~lSsh9+0@8*QTjLrP8 zE$5;$ms(3Sh*Xhorz-8n{F;@_;ky!4Z52c#b@TrsPzfpoGP^rsUB0y~*R5={)w{ZM zR1{fLoBZJCTD4OT6&Upz8;OmdIt=%7*=i1^_Ee>#c(_vu+qxLf58Q789v|bszVuRo z_28HDlYb^c)^mdvl>TG~%_EW}x|C^%RcO?pLr6?SwsqH7qrs#@WQHW2#Pj50Mw zmqrcK&WxafU_A#zwk@5~V~dCnMISbq1S@r&D#^Ihd$1;znE|C`&H-A1M( z+3n>%*Km);Q53vSBN=Jo^{Hwuf9U=(T!{)ubPR8Ph_rIQT@FLfSUZg&9X)=!Sd9H^ zY^S}1pr@uzq?kl?EN8i5i}I!v)?Ol`|0O>{n>k72dHxH~e^!;ToK+uHlCjH!+b80z zNsfsv_T7?y=;MfGlXYge5-_P+{9ghcOO=6{+_CX$oA-p9x$}p}5Iw}zQ&fl^{%C=k zMRHon$XS{MW0p#D5x(D$to8p3XsA1>iXG7t_4TWexdmJ8Kt3T7K?8-Tr^p)#4F|W|=LL^`aOUB~ylYHb_ zny_p-8x?J8do07We`VZ?U_&mQ2>f~bJa|80t~KU{Lv=8fzO2uLcwWZ8l8FQG zd(_i?&ed?vwv@ejO<0T34i<-NRt^xZUpdjn7Xk2_oT!oi5b63L)AnqM0v*<#xW4WF zn-tY};1P!7-ZRp$)y1{d{C>o4dBSqNS*X%fy}NyOB>x1urF=K$Fk~q}QA}OqgR|#W zgc0?t)Hf618ihnj^UC$=#kTfj)``6G(%~q5NhI4UqlX1?#llo101$P#0jurc5-N+* z3R7U6xr+T66>!g1des-Snh5eZ-J=00w!O-B6B!&U=qXZ z?Mj`U4BSv7eSqq63>8re80wn}`af@_xOG@ojkBJN=ScvCI-h_7I41WHZmE z9GB5i+_<7Nqj>9Sk`PtM8Oh-1p9n(~T{cM`3|$wyFk7Ut{6{oGyY?@9pD&6jls;vi zZziKD`6!%x*2N}X-8lRA{b$|h2=Q?=je&^Wu|`*gx?4~3Zw+G(^gxv8w#LZfIbr$3EU0bF3JR_!pUTpW67RWU(>b#~N1{oOWr zA<@kl!tc5VYQ7NGo&pMF_NXIGvfnVW!U6A2r1deihQ3m`yi$5S^L)GbTiir=@-^Uc zSLnp>1Byzj7q`om9&O1J1+Lx*gNvxnAbicOZn#4an&Fs3ZuSvTG>W{mPy+@ve?DQ? zfc|^_#93ylLCc~gwMO`Zyh$!X-n5j1_bNX0p@=JDQ=yb&c-pk6qe8cqeb>Z9uA0XN zl*1T3AK$pvk6?7+5$mC&WJl)L$zybYO@|F?iymf)3_>SHEuX5kty#Tc%rh8t$%Zi$ zD_oRBDd&@2ll`E_>?<18zUlA3{OMB=1GeRZ+vOp@^=VV=dXWB7gX_@=&IWTt>bJbU zUg)VJ{i5tDIb_`iQnFL`^OW<9qw&FNM8`LeS47(^y;Znwy*0&sS_iX>Nij{Lo0grX z7n<#xSiwG%T>qMsU9TO-5HrfOWxny{R1Y)uTh;UwwtZ<274lQCGzPlxYqX|a^R)6s z)kzA7Y?W$P2crKzrN!^7wcJ+mhjV2j@7`^>?YaWUPwBv*_myYFjS|uY=HRnyGquN*TvM6gtS0Lz-=aa>;G?yl=EzNhVjC41 zIo|+$3__ndJ~ZeFOFjdoJ>a-g<(+nAreU~Bc9Pm>;Pv;eyi=klJ9g7uwvFt-R-}{Z@UiyvOU=gjqJi#zC7ikPoF_d4Is9kjiUt} z5BpB?2Q|;MY;rFIQ}#xVi^~>Vm(#qgw1j2y#in`%V}iFr_!twkLmYg39_D*wD+QTu zvHkE^cp0ar+U%jGF?C~A*JU5yKcVq<3QLRW>XbS?$Taj5Mdj5J4h0w?DQiWb-)n5D zd&X;*qe5NH?alr+@sDLz$1{&0HTVZU2}SNoL(sN4JH1;s?_I za>LN{`?O~*=4>17S(Un8Z7~Yr>Wri21MmjiFju_f_;T`&(z3FaK)FM*_;B0QuK#Hu zix{-|a7>Z|iA8*rbc5x)tlF`20Ral~3d4N{5UvXUv%y{$!t41CXE&Yb;N6lR_Tm97 z|NfSTFMxh;b-$WC9-+k?vb-%YSo&P34W|eLaqel|!jQwGERE$adjU#0nj*nA_vCVo8{_ z)hx&GKK8BqV!?D78_!PvhC}v%Wz6QmY#sWeVJ~5pH9h`)V&hC)}k!~zEPJ}uVV#JCF~bDZ2kU6 z`N+FFBJVk!J1;T*!-awR)<9K0*~%vJc?Le&gY=4I__rmOo&nS+x&beguuB|t zE7R=#Fh@Vlk(n<0dlNQ+k7cp+6 z)&bjyT7b^aHre*$jKZ$^3B?MZvU9OFCN6G~I0tD-c#Vr;68;JK#$46UBU3jtHWNj^ z4O}cGIwSR9a?Kh`Fl_m>B}pw}j;qI(Pz`qts`lZ}^}jo8tC}6aOdM5%K5%gAvui5Z z{A1}@CpYNZ3t>KHt9gEAB4|N%wt)muAl^F&r7oU&(IOq?_GW)n2*I=45a{fzx}8iw zY)aH;`UBwG`hcq?+1GuPVuGUf&hKLt^sj3_{ba)GQAtQ~IM47x@=05v=lM^SQ2j84 zTtxD+l5(T7fhr$!+UaY4<9c(}+%^|?QuxK(zBJL4ulejZ6N}-DZ;4lOz8Sp!3M;%v z1gBmwnm*GB!uxA&dEH)kOVRt`p7MuNLxC^Ja+VZVAvW#wxV3U^u&E-tfg+LKzgW`V2N%h4y=3DV2+KSOwR4v8U~cC z8O9XiS#U4a(Ld1#0t_Ef#hawYKO#+t1;j3{Z3ZQ)78jj$}ZSh*9 zNY8x+blHnaMzK$p=^1=cA5EG5p+mOTK8T&4|GX$QSvlTcUJh;ZZ(9`1)TD)T3FtWq zm(;;Q@ZhQyTIz;M#*(eGHi?rDy^oK-^m3`;EQ=3`Ja!3MelV7d6U+s@T6$p&y74?V z-U$-GdifYheKov)3gSu+RNRkwI%4*Z**6kJ&NN({_ojHx&Ti^auX)X{Xc@mR0*%M# zQJX34E(XeShj6vUg+@~IA3_6>&c!RjDzS$sr+@>TzyXs-*xRf_h|tGU*dwbuG1FC} z@lE7YP;%RwWbOv($B}NFWDR|znqL-Dl>fVsn&e$2_%l=(EXj_}C3(8c6GqoH&D744 z6}cAZoMqbP=ab9wrnH$n>DQ6+ zZ2Wi{wD;F@eTMR})ncq?A<+!MzBOw9mvantUv{uFCk!=~Lt!D<=b^Onq{IUNxGCFo zQ6U{yz-eLiZ?5`C&VG%YOq#bs@@qDejB!@BSZV5t&?nT^3dVJyYNH9lKd5&mjRZ!_ zl1R`9fA0{eH}v~6KWn!mm8KZKZ~pQ1>&6KmS0LDEu^9ks&YsCt=Y^-n3Z-q!h-ftI zMJ@rmGoavFN{z_X1)Xg6_)Ju~8OFH~k_WQntS2=+Qi4sU(MPK1Wt71J=es^SxF^Da zgHY1XQ;}t-V4q{^){;?d@2dlAZ}f#=%-*)e;F_Op_rQ|bE6 z9{hCb<2rmB%voy_HTC!1^&E?v=VKec7G7IHX?l_UaoNO8pyTOL)vxMwhxrbWeLi>? zPFMqQkyGAkx+X{gzOX*%>?C$yKqpmJN+?#jAboxcK$@fe92McAfjg&6l9E^gh{kBOJ7vtp*}g;M8+0f z9;YNd_eCrs1IVhk#rr*KYh9;s+vygo=|-rbc=_|eJxVCOck)vZ)J4AU<1Kchg;G_( zcu98WKOU5elV#Ja_OjtvaqDL;sjC&hGiztICVRH9+Z%9!{=FJGC;UJX0tTQab}Ub( z?$d;`a>Z z1AW9wLUgyZ54>gK&TQob9xc@@=bCbZ?vHpTRmZb@f^|7IW^OJPyNqXFJjIG<^^0ff z;_G2emENlZQu{U9^<;-iX8X#FV-yXZU-7^e*siJkeVi*1sgZCK?vGCnc(sQWC*b*B z`5`N2#qsX)vI8?4TL*_7&G@E|_{N<LmIW9G9tnZODvI2qhP0F*URdNh0sFC&1>dK&br|;3tBpQeX?BC4DMovzY?#tuT PNdRqiJ+(4b+lc=G{9FZB literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-tab.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-tab.png new file mode 100644 index 0000000000000000000000000000000000000000..9147d3e4a84e1694859f3d70d1faba43c92dea6f GIT binary patch literal 16105 zcmeI3Wl&r}wC4v1?(Xgm!QI^9)Cr5FYp_@ zi>&Tf003p^-wPs*5rq)k3F|JWBnA5y77quPkE$pP4geqn$VrNQ@yp7m|sHrR)DQAV8i8|pOCSB&PGB3IGq@QB;I-g)p(C=>1tl5PF5A(Q?$ zEolEG>k6q_t81oKtIJqurfDY7)W*gJP7-`@vV2%pB8vX|^o?B+9emLDu}OiOrGP;! za4Q88N#ox*1h)U8Co#*LFecK=etjhJed6%j?!1L;wFn>t_v{GhLRYl^4fUEwB>o|W zdb*^tz3mQa4R9XR;5C0x^!OPaZG*wCIM=+@(G8oFIWstS5T~*!3`;PXbGf*8M5Ng5 z(ybLv+B1)^VhH;Fp0AY~*bP_ito(u}D=Eo-J^YhJlsD1*=c+p4(H}b-T)V=zbaY<{ z?$7D==ylm+^J)&>E;YXyDk822mi>|QxoCz|#C{H(NZYq4ux&(eIBu*0WqFRMDJY7^ zc_!@2p0_)f5?T?tD!kpGw94y-YL7j=VahuVu%9ak%>*%B7| z+`(}31qZhLbG~-UjTbP;?_*1HrA{RB%?*>tYxt&185q)<5S3D!-~CzLos&`C)nDpp zvHEqID|hV!(qRthoJi1_5OwuDGKi_hKtYiWVdapicUi-En1S@ciVOqrc0+ZLiK{=! ztoMUK;0QeFVH5??e z6!CB9OdS6DB(9#|&IRFtKCF;St3k+*VMsrjhcVIk%5W?jT$V^%LzYG)y$Xqq5mea9 zbeuvX{@<#R56X|D@&vbit{pfY&Rhe>w|$7Bd6_VSo&H!(Y~qYZ3wvjdQ9oKCaQp;v zg@D;D4f_S{j^8djw{2Rt{F|^nWq1Uk06RM=)d~{#WfavMHt0$ZoHIYns=4(o7jC9K z3oT-{kO5m~Q7@Q`4!y^r8_Uqz7l)pv`8ebB^lVny$#-v@SAoY(CfZt0t8b+adpbSM zf+pg^M!jmW+vuf3yM_3!^+%r+;mw)x`V4U$m@f*i0t5_d*In+BlbX2%jk4kKPvT`& zmPNVt4>0;&S1v-&&g>Qqn+MKC62HKMFR@P%^bNk##gdw$IN8cH)2)ArJi9jZ{$158 z(r3HV{S&NFb02-X-^BU~vb8Y}!=^}5Y&+Ip&0NVC^5?F}XXoYZ(Jn^Q4ENNF3tO3+ z22W0H!iI-}B#HwFY_?TYnKNaJ*#;2z%#u9TMcp@6=RT-|I~v|Po+7Iy z)9$Cs%s6}zXC49+;{KxvlyHako|DjXGC0=ta$^c{Ld{6~8QZF0yGqDY?+b7Mb z4RVr$kgIO>^c|l2=Ag2YY8H()x~kYjz;f=@`3H;!$=b zNy(=AtQq?t*t@n*tV1oIzA-jEve_r2xB}bY>*IDW%tX6?_3fBck&gx1yqUEMy@y zmfYxQz+@xa-rHZne1@N4hpD!7Q&C1*%-a#W78P9|BLDMyYr$`A_4Ho0f=;8{U*}#;=(LtF%v_qS zVJDX;h$~M390O$)SK5uT*yc`IJ|@Ed zq|&(PSbLX6 z(OLgf>-+YBj7*08*re2S4z%~9O>~Xyz^sU?xHxfX`4;#rYy%wDkOa0s4He-MZPLV>}4Psx1YH5FCb3p z#^}cVgInW*^Mec@@P*(o{YAplm~|iOn(c0h>M(;bs5D_EkVKOQnsw}+^wqrVEZA}e zhNzR_t+|HR?|T47s;Bn24nDj4Hz>_#^Vo zly{vu*<=FUU)jZI<~AL(gsbzoH;y+0@9#dQN*d1`Q4z#jOV8@Bx3v8I0%m07Q0s`| zpXfy{HUeK)UOt^%^n?j~+f2u{`}moxfxZJ1%14knX|;W|UF(=|81<>J|Na0nbn#Lz z1FOg-&F0;yee`%iMp9Coqt(hz5ix!Y)B)>b{^xD+!Up#b#)Z_|@|P#(ee+A?PXx7_ z6ozP8fXM|4ONiNJ#sG3eU6}r!*RPzjWst>wPam%tb3vnl>rN&5yn&)Dispg^GF^g% z<1Spt2Nchq$HLfN3WG#BEdMJ@j%X3sl28)FOj!5_)Hwx&2o&l9awjJ zgrbaTfyk!^l{izfu&Eu#n>B_j@0QovkrV;yZ@8jwZ9%YSg4p}-odh7CZYTL)_*BZo zOE#Awe^};p3<>=ACgc&oE^7nl&EWR}s~UVu$KSkU?Jq~O=!mzhuwKCXx19{*3iZ!% z^&4z&;*y+ZKu37FS@BuT2@hB=w9e7Yhi~T%q)QlFs01_P0&Z2yL?d1M)$9VLD)e_N zg)vZMj>jkM$PZ*AbZxLb0}Nus&1&IhU_V5Mqcux~g(U0c{>h0kqcN>y$IL}S;q`3? z_$9rHBWP=2)j5ZNKuu=f2$4WQg1LcodEz48-jN*nozNiEJ-tbbs5Cdv@j6CBJnlPo z=s48DoO?jLO6dgwK^;OFs{zpy2YyVn&A?PK8#Gyecq&@k?mB~UFm*lVoj9dps3}Z0 zE`ypS;zCGQFJbz@F-5mf00Q`qG|Q%-lA`t{JXxw&2`K8`O`v=4X^K~sR9He0+*ugF?7?Ze5X8Df2b%7 z^ttd%t||Y)X2J(kzd@_q^OSBj6RF`iCGShikFE4d&dgT3ITv+bAJ3v9UP8kxfh(It z^yi_ccRdo;^V{aZ&Bf^K2`z7!>#JuD%wD10&k*Zn`kJ4V&ggw)j`MF;Th0-X?3V{K zJMk)ko~!FjHbDHRZ#NV;#T^Z29eKRO*3z|3!e82>Hcyl)e6O%h=LB1+jl#b3!b#J$ z?Wk_?~UFHmj_@wBlX8G8hxeUDI$}Z!(Jp zB)O9t@#ZkP7IwH{APBO9Z3yw}m4y{oAXB9y!DXLk5lk!ME|bGhvraDj;>3ud+t%ba zLKo?|MvZ!JWWXHvA4i$NhHU|=n-s46;Tbuxcai-PIo@k;5uyyrpGS)n7Z&tL10nk0 z8(ukCYb7kQR7~;R0gFq)XU-t-ljC6T&;hGU;cIr7?wg_dw=W z?7b1YJxWV9Czkl?7)Ewd*ay54omPZMWC5DyC&iXhth)R$;sgF>HqBho@zkthBMOZC5n*{s;RGC`^a9=Xd9X$590!Jd*LU3M ze%45hU$gZT?7FWS1);3>V!j~u+RdR52~ZJeGl>?%iwNn)!j_zs<{97x{ze!k%paM_ zF&e&id0`9o^$|`q_9ukZZtzKpw&BkX0GrdkWubckx+Cl!D$KpnYFH)qO1+nNCcpzh zai%-sv}VJmiEC%=#gn%Sid3Ok+}{l&m1K6Xf@h$f0(mV5QR5`p>zSdEpPBa~ zj;8td+S`OWx$u*ig~OQGW+$i37XUx4)i+LiqXE_rAThEvp-G1?^0e^9*mD!NNUY4t zA({v*-VE=h*hFjF;BSsU4+_X<1DuB|HD8SU(vl+`%j+n5S3*Y8rC0SjXO|X`XIz46 z+P$f0S^9T0r7dcHMLI#)mqbUGHL)TgBO@z$kb{GZXsb%ywMnp5NpkYxmHq3$GRdR> zAL_xTvEY_0L?r#cCiH)w{I9VHR=q%{)jF?14&Ehb^5Wmorgri^CiKd~jpm7SasfD} zdfBmt8G`Kkal1MU>C83Zl&{qssR!!p>CDWLKUg~-q?(MaUW9WuI$f>StzKxx z3(LnzcgSNIZj9F_8JJE zSwP?G_!7TlRrNR=s^{PCM?<9c=3?Xv<*f6^`*O_Gf(A)NB{Wb8;fph5mcqBP#^43{ zikaMlg_(?*6F$~uE7i>FZ~3b)Osi=v7!w8@d*P(gq41;5nIm^vGtLHp=EkGW4dO?a zwgERK*nl?jwSmVL+RN>=LtNT5R;LVXQEADWY5ALGStB;>&yIGn7(%!NQ(QKY=+A{m z42SvNh#%KOSlIS@96Kfp@R^Ze*4EVNj)pOYCWYC;?sOepGopSCUj0y5dDr+{{i27f`4iNP7`#fNJX@ZM)d}!Dk5&coqpJZ zmN(4m0fYY$W8j~T?3 zAGp%#4?Ur8HtoMf^g0!Wb-3q|`(h<@Lob34GtVxhZyL%k$6WXl7_XwMi69EL*NqfU`!#HBtLVccK|dn+dYIK3tBs9 z0716KMNBf^0P#-oCnom$Xp6=av zoA7xuPo|cacxT=VCd9SkZt=drtZ@@bKMMldrg!(OSnCgMzgI6jS`oVxGSmU?g#IZ& z-Iw;jquz^AmwXrFKm-xN)!26*ev9{dw4008-JLy+$2nL--c=XKGU$+#`+-0QOcX=d zR9q@@{I>1x-{G;LPPe^x+^y75l`jdaTBVUao$x3&Cad2gu(;Sh0yPhnjvWV*ZthFY zSPJE3#jeExP)@uckqFWrP;__Gfoh}V^}9-CgZ)=rUrer98sF_x*TVj8_y-_3u&7gq zI+R)OcX)08ji?!l&L>5$3ObA2bHjB)1@O0AtC*SjxYP_IU|~h@MMY2BzV8P7WNbe| zE1Ka+2Sw=kTT^T0)TF-aqvx-@_#eRQn`9&lgVzz3D;fA4AJgtJ0YbBjcJ&% z;Rmmri;<1g)4WzGkH^+vcyK_nCX(#EnEOp6$Nkg%!v)()f@{G|Jn!lvxh(;Xp+5SY zhxu|YWt3HXZPBkqY6%77bA)W)gPrN3A3qf$83Z8r{e8w~=kqR*Hd0u`J{#U{raW0J zTp;x{X*9kkmPjaQc%k&%_>IR>Ed)#m@GnwlIUYV-AYm)Cjf*Jh(a;{qRg~S_T5D>_$8ygNZ)Uwt<$~{Nsh{ujw)Le^!N*u zS8ZQ}9y+@R1#vHW_`c1~gC{7$dvi5A#-7|6SW)KZPI9u{{2wz-zYykee*r-=zAU5_ zy+wk52(nCM^@B9+$2~6aGgIB8$zfAbQPG^a^Z4xb#s$*bJ?lIEhnsW7+Yc__^;y?v z&d%uVr@exSOE2HsrgomiTTDaYY)^0e^vgQT2T;dYXz>mA=-tP?V!vcYx>Zvv zQ6K?$;a=%8M$mrt5GZiF9_*Nh;=hj7T{i@hcycAW&ZXgJm2^=?d=8A6j+^%pS0>%< z{wva!aPmU;2#l-4-1#iYQTNJ$ckrYxdJ8<9_Su}Tc_kA zPc&YFh(r>kdy{IgpuRSdT8GV_yUs-X+k1;aBI&zYAZNByHZ|rgY!iX}M2EFR$E+J8 z2&e_gGUy^|$^W_lk+!b8Q0fubAO}xzT@(KLu-EBKbiKaN)}Lr8ESpU(803|_|NYX& zQ9-ouN02!cx9rnffaCOK9K#_(zVs$!pT|A24vS{V0E|uC}Rh&i2Fi#|SCjCo^56JGC70PcY zdDfd-g#>ia`A{Gq^OdmLa$}LRqKGCzFRM^ptm}loMhv!SG8}Tu2Yk4<&msaCu>Eru zp-*~Y{EzLBITsqW?3(4=vwEvUH-Ecut(ymAymAdf97Js2C`nU!ZN=K9L9XDRcMGe( zFjZJy6|9f!5z4XkA!Jn3C^Z{i2cW%mo8x~xsgHXMdQCG9mW0l*zpvx(ykXvVvO~?J zkWY470fSky>U`@7(v=`IOWy^64*O|3RyfR}Yowxtvx0cYs7^tULHb`iTu>xLeVQK_ zdpNAx^>|$L{ss_2b{J~)B|{`!YJ&O=FWjIY$|=LNguOTe82y*JJo*N_-UI#}F=*^YsZi^?wXP}0_idpg zcDy5>H?KC+F!Uo3+7u=+=#JVu`_#x*Vjgdus~dHM{X(ah-+1J>b6ey>j;a=QDwXkTH#|`sooqY1_sA8ZsNJK2BO7dU zke8O(Z>^P8=UkM?AX^HNLeTdQM3yW~pDm<%@Sj69xD{29ttNr=Nt3!tPMsq4DkJ^- z4tTG77p4Sajwq6jTA#1%OF%vHf2#t9)=gqhmO=uttoX9AJH`}oG*?Q)MY2$CcToVM z33YIGy=93A-Z z+BN97$k^A(+oAo-u|Qs8(*Dfrj@kbx`S=?aXnqFo5B4JJZ~@#+e8+QZda313zp%(Gks? z@r@`ZA3VIf1&n#4ce>2RM1RLH^4iqzsHXot?~t8AC(qesQ}5#9hTXjM@=vn)Gk|uW zW_;FLO2d%tGm0?|jDGTjDJGf`9$8ko0BB87%FUe_L8CDSnxxKsKZd zpl2}@3#bq_qd>nkjy`Qdy#lJzzSzzn%Cz9$2?aY@qqmAQjIIP7|3&A#eYBS29B76E zFjer|BKzXxcXcdz4RB=^LT&Y^B2Sd}+aG%6%iJg(`L4U(*LdEdvf9rgPuMTHK+RTj zQ0Vdt7+i)6Na7r(0O0`BCC6#OmQXIn)zX82U@00rj6o)uN)WQw78=|!)}aS*;_t^d zE@NelcSQ3;(l6!##(Qr*#V@swb|crSQOsg(Pcq(#m#_)X#_;m@VvGZCp2*k;;=OGs zHKC>udiLZM32|1N4U+Y&#XU}Rf(KGdtSqT_lYL+RPNHf6+`H^kU>Q;JZiw|dm4IuN z%<~Nl{EX%=24&RHyf%R2Hu+Hm*FrmsjrTQ*4nk9oIwTU((wR_0{SyogE6z*84UeI_q!1K3%}rVCVDUwwhXfiDr7JWpUf|lXefgNu*13p1NzKe z-M98;2rNQB*H21?WM(rNF7jZ!yu5#_@cn@S+gdwxJjJ?Yt{dfs{H4|GbtXZjXy-7{ z!N&#)#qbU?=E?g!iXP&|_G(HKur+d&2fQP(LAeV+rL#WU)p?uUpK}woj^LS&4wG@C ztYgOGHjx?j(l(jsm(LB{!>UBV*}BsHBbtk@&!I8U8}!S^#AjMN$AEhzDQOm@{c-jj z(!#GGf8`sp)itk+Zx&BSET8@N;BsvGg#UZ)6s#R$=*%5BBG|y_uZJ5nJyq=Ee;wou z$LKaB(TPP=MI9H$8|^lS_XEc7bfQ1;vEClw{Z2rn;J75hABaEa;F6D$nUY@2L9AEs zgC1SUc6pUfbyiF$L>YMUev@WeH{CVmp9?7k=i*b-2o_=KE*wS=Sra~CCh|aZH6qkI z{56>#J>i*bH|%yhHCBM9ArkQ;oM?sVZY#tg&0qSp4vdls17*kh#=pha{6|3h2D}o3 zv>!FwSaE1JUcY>22gj?}ME=Ta*78xQgxZD7M)pj{#oAto z0`vVb%8i=}&wMcrRy3nk0@3)Q5Y^gcI|G@ojRYYK*mn1Lh!2zEqMVe_-8;8#N6cOS;O#0hvu%58ATZHZseu7`owncvKUilK~ zrdB{NfxqboLx=jO7VU+s(q|CiD=>b)6a9+Mxq7C-{8gmSdJVjP{vYA(ZzQP`OV4h+ z&9Riws%7}i{3Iu1_R~N8tqkG+CR^%f{wL^Co%R1$mIHzXBC_J~wj12@pDY6ho8zQ5 zWu0)6Sd?I*ra+?i_3ww02Rc|EMCQKv5ANnN0_@Ni{bczBZp|qUXaBb>_}|*7zu*~f z6PT=N47}4>S zrh`dR{!)jgn4WE7aFOWs3^e4O5{AOLoJgEb1Wq;&d$;WF-1T{Egf74$)<0v*96sS# z6|$+Z30;AwIqC4G=gQ_m+8!A#*tUjX4*MCmza0gNc5LXr zm*zwY&pJwnzRx$X!8GqWk49=Y?KKM-zD8N&7rI1IVa3}O`l?=E(~5J9o3wLl3Hw|W z34X}6ie$|Q({OrtGhxmlvHS5Cew4x58$Ee(CMsrz@hE6qj;)w=V6dLD3P+RX-M}bn zh+!W@Xk*lK3V;TF)X+B=_*n2WHaOVl`TL473;(IfdA&wUz)iBG$R@Xv;{XBH)*!>M zk~>eG&4@|?x5i=Abg~el1a8aa<5nKMjuBtkMowtKSdp!@XZTOhD}+p52qrMvS}Qq-uRptzPEBof;X7^)uC3XboND|u(SOvBCHa7Mtn|ev>d`+6S zwM-QEjQO__Pp+dD=h~Xd$Dui|-?Pk0W-?@r7NYq+&EMKN@<0^v2WI#$`oWeh5Fb2X zc@2|h2ns+{p{Ez@d*lbXf8_i->Eg^Wm6hj)`t{lcX0d1)43Jzn)Pyy=VpXB+W?<_M zJoq?q72TOJGTqC zjafaZ8y3Y=kP3S0AS3-)R7L1H6bdtH&#S5DGL+Dl;puelU~_XH8m8pCx+vtbAomJ` z?+j<>cAtf^p1{`8W2*OZAM{w^(M?N+JR2BhtC^5W7en+IGv|3_4-3R~aMmt4FUI!# z0Dhq^HMs&=QwHV0M@sgWi@=Xw>vZ>^aJF&|EYJTVsRH5uw3SsO9ZFfEE?W23R=cg1 zEn>wI(_lNdw5zHiOlWfM>t8x#ueG|D6*8O>JM75frTu zrZk8XJ`2c8#!g+b-Qln4QMIVYy%YRquSbJ)e%kuoxt$ZcGHW1>Swtyw94L`1R~BNv1jonVwA5i zNaWmeJ|#*drG?_tzCM7PKr^x7e#&~@y^FqJ*lGP5mrXmVL3HfYAa5+%e9q?q3nV&2 zFSmUB^-b*fZXp*E%>zZYF(>Im8GXkV6F6k%>-=?kB=!6gE;`n_$Ql*ZkrX%It?s2n zD`)j+{pRwkaxyxj#}orJu!b`l*+b$DN!&?}dv*1}`06AQPkKJ5kEB*}KFA$b0#&F1Ck%DVV?hY)$; zbr~Q!eS8P)D6ku+5Vm^lnXgwY6Qu0)qE%#AlNoYH;igyRg|d-vH54 zS8|p*W8|%ZLhht1nB9x2l-Ovr|M-@&A{(WT-b0d%)8j_rEaY~t44pq zqo#Jqs5xd6o_8EhJFzy%n%h{hcei`CSGGHwNl`}+Ilc^Rs3%6PU`L^-L%#9M?5a-F z5ZT3e25*WC2H2vKpnv*F2Br1owN8Fj@}+(y)G+4(JW`VL$jT*?KvG6QWcrixvvW`c z>5#VpJwP-GJ3VJUh9Ogn37^=}$A|z4=1IRNV{I1u{F!GZ_B(ya5~oEnSe6URNipRlJi9Wo4~T9=t&X&Y=rRE{6m?^3xPECN$NcToc|b58{34!bpPE#)rt^@@@^e zv1!T>C#@t#GFnZYNKa%G)A{9lCogUyug%e$+sS z@H1S{C29V6EWd-05dBD_ITprZ2;g?xnJzI}b6)^EzfQ!ZP>K%%YkNv1vnF}uh2s+^ zeLt;_|Kc|J;M4tN5}T$#{_+*zy-{EAJIN3nx{YWWCX67{nh;b4snW3a5{U#XWanmY6!3!iA#oCuk&W*vLCuz!K+SqtX?Pn8hgh^ZJ+YJvcDkD z(8aSGYC<#V)a>j`Fvj}R#Q!1dhzmA1Jr@Nv;yJ`1`Xe~%xF~o+g=G#so*v2xI=N^p z4j0%ynpoU_5A8vA*Y{kbZZr*CR&g^V*NnbTl;?DQfe_)!3X3B-ybWy&Xf!AABRd~Pjd2r6N(@Pr2J zXe7+`BiM$S4DQ*lI>F7!tv|t3vP3JFFdW7zZ~YjZ4}IQ0)CTyd2qJ@tB?H2IVHL!; z%S$BV#$V~506O(}&wB`dN|STsU7}&n+EgzkZPP`Q z97kX_zHX^T4c*{OQsTLngcXZhI_|EiT0&Y6p^%X%hriA1sL=LTF2M46 zt%nXP3`kb%5T1*%v7n=}(Cw(of61h^1>9coX7|xJZCu$;(&>}emAR|{Lq;YJ)TkXl zEB^^OK>Sp)CotTC28JE0XsN{*RK*EeYmngx13Y!0rxtzI6?djVH|m8M#G_igA~6=M zRmmEzoMf^I>L*@ib@iY;-0AgiZ!Rvl4!BY?j|-;GmL|yvg~}4+Uj@S7cGj|MqN^J| zLs?oq1+G;84iVpWJs2VVzzY0%|4g8hTOC4?&A`!Qb-eO{TOO*+W<1my6n%%80MUo| z(zO(79I88ucyik^EAk!kPwG9no%lCL(s|2X1H;4Tv_p#2kO4?rP?oJ(5&8*E?traa zU$fzbfTxKrMzJBC(tTC`$ayE#g-!QTw#O7htNGMV9Ym8YGOjOiAe){}93Z?s{k5o`U_3XOIHXQ^7irOI3;o zFo3&xcc$tGjET&UAfh<7ZtV>rSvYc&(+VN4J=*%fkY}e^nM^H`@pryM5r=$x*C(2% zHR1i_EimUPcWd7bFY@jLh8og7gkFo=IXu^2w4OEu!h*u}y~TNARoWNC5$10`wa}%m z@oXo*UOXNVn^r;MwL*j7-GGRR(yZjsnf3m5U!+1f1p?EW*jTI!VMIo@rfK z%V`q$7DJBf%EqCAA0+3|Wg^K~G-v_H*|3rehV2`;{k|>PXcO9E#B!p_W76-a5>eCO zstd3dJu+AYOt^5YljN|kil!N!MAY~=5?hz)C!X;teV+<<7kpS-9|~X?Dfxk3Gym-@ zZ_{;CinFB|=9|f6Hq9#W;FX*pmH4!tTyKNOpU41ldAtxgoi@*1l)v$OQ83bZTWXR3 z0O}v12KuOjh5J<|8}5!1oIhVMV!WB)?oyNxuy0j>u?4lr#?kL59=!EF)FeJqzlrN4 zu{I~|_g~scS>O0vLJ@w)z1u-*Eux-S`g|RF)OEe8BrHq#w)&l2?VN+c9(^nMcCg{q zp68yxy|4VtCUv=ec#pzx%{*w@paSp&mb-CUnUl;!rc`2qa_$(*XPqwc!eh2*Jj&X+ zGS9yaY-ruKw%Ltin@ z_2#G!MQg%$4H^FsewFcyqypzI#6Dp4c{+RG_$nV47sz&DrN8_^0kx^<6`tt9$6>@!Bi47>{$@H zAo(?h9j7heuh+;A3mj9wYSc!NfJi^Mjiz5q%(bYCAf9pD=O+RxakMhw4rEk!bI!Yt zxpnf)ZZi06xj-X@*HnYknyKN-VOZy~<&mk3ikn2pSXsPo2%OCg`Slwr(Tjz`kzBcvFb{JZxn>B8l>7K}vG> zbJM`0^E+{Zn3BJ-=sgtX+|8e`<%!UKNQl3JRwMVcp5agHQU2SjEGRk-A>{NVk&{T< zzC^4zTcfz0bF7^YJ=I^OcN|* ze0Eysk(Ofg!I_fdQtbQ&$Uzg4+>BpptZT3-nSCAt_78>PY*=E`&oU_=g9iNv=Ksjh zMwF{77%>y*;2c(yiT4}0rMC9o(bxrC$l^c$;MJ|e9@Q8I{mkj3w~cy1ZCcbwaz0fx zJ@}|w9m3nb`$k>1THN6FJMzS&7{PQ669ZZV7nCnT`cP3eAm8c=UoAEx+%IEKK$D8^ z@LRUELs=(9A{iA zCwRWFhM2k*W6Zm&ad9H3anddqiFJ&rxrY5)OzJ4ZU2=v^{CTBxJLkikz1gMcq=cop zrFp;ucTAv50(cB9x3gch$$z@$3Cl+~Ur5}J?03PV*2x;G-!Zx>J@~*8oW3>db7RMd zL5<6AD5e#?4~>0$5?d(bCBKXg@~Fi_^{_CN>8HU{Z^^tMOf$r)-Pp}Rs={v|{ zCbWK{wb_^^AmXL3(BwRo*mlGILN{PE=tGq1FZ!QgYGrV1u@C+j>wIyI9{IQn{yN{V8=g* z>~cq0Mc`B^p`ybf!kUbT<3$;P%l z>UKSXVX^#6rs}~ne;~d3E2RnvxM%`p?M!?27AW!hXHx3N7`jv6r^`+k-xv8sDr@qf z8=7kU6v(OWIkg#~g4W$`DVM?i(Ba2@?|ckVN%Sl+(_@Z5&k3cSTfH;GJhUcC=O+m} z#yeT~vofo!;x$2NM>eTE*!OxS9$=S=*RaB!?se3^*%A3lC$0;Hv-e1JXrpZhY$R~2 zpCnkk^OPz?c2K<|KYy3*oJ3oUWU?scs&F{prx|DU8edgcA5YpLMI>mDx~#yg14C9X zIjTSEbHBBo_dDhOrbV?5hFLGb3&c_oY;4=xtya<-+?M+Kgl=(&N*PePp$Bakg73o& zO-{nIh&sAAW|xr4la=yNYs2@y*x=8hKO{{b+XFZz{bM5NexntKI20%C`QWdRDi0C`|_!9K)vcuulrk zH~g^pGJ7V7Za~RlYu4e!N>q0?dPLH%_gNtsb2k2mo_aVf$1tj-@MY}Z0g`eFIgjW- zwz=qqqQ4dCgE%~fXFbF%#M_@q$j4#Mil1<#X zchhvk0sg$DsmH5X_iG}ULCD?(5X+N%6V6aexE+;`;Gy?s?GD!PloOKcM)zawjyvEv zra-x2Fm2Ms3G}^UCi;Um)lei3rkN?7#b4}T?zIX;jjmViRjChlABQnb!^Vb4Cm3va z^7{Oo)B3T>CPOadru_-(c$Uo82WZ+op4ew2X2=xzu$i z6_b&rmsz1JoJ|F1al;)eLU2*y z^tn^}Im%37B$#PmbG95zPD?zMBG1-ZqGuDj!D(#sESXx4w!c`Xo=_tf=7X0*Jv3b; zG}TFgas1w*YaGi{T>6gCs9&k3u?|8G)_b0 zKM_vrS8ekwMY+cR3Dol)>#(-~d4a)v@r6ojXN73kuT$CJB@O!?_0*-qDd{{Zc!p&o z8Ck;j*CAADjE#7}znW&cR|iSSkbjCLSx{?15z<8-8-062NVLs<7T*-Os#Q{Q0qy_J s{`^1HHH!(v{0F!_^j1{NhwR#ikpP~5AS9w9RL6T literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-tab400.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-tab400.png new file mode 100644 index 0000000000000000000000000000000000000000..29c6618677c0c3698dfebc4c7e0ebb50a8c1d512 GIT binary patch literal 19531 zcmce7RZtz#wk_^18+Uhiceh|03v3AP?hxE91PSg=VB_xYF2NP&g z!5RF3zq(8@^tpsZ=zOfe_tC(BEDi}S<4)OZr|*CuR_=*IRvyMIU`RecY*uv7xC)6&~{cCkKCelnCfg-en8hph@5sGp1h5kE+BmxH# z>_4QC&4>7h1N1om{R(~<)IY>1REPM7rZ`CCp%{{}l92x}QsY1HQFqjbS`nk9p$lAt z{?1JLT3$va^Z;d&!|O=ozo1Wu8;tQ5$k<)@1sx_aqpNTnuz%G8{X>Ec?L9ItrJ^p@V}4x@=& ztu7~n-$!_)X)Gm+^ILQX%$+$|b46nABvV+^rA0cTk-L&+kj9ORgB!#R1&X3CTgO1hilou z(pk!ZqDjQTh=zv5pIxlXsxb{m@cb?}XwfJ}R#2Kscq^@`jc&>+XFC>_tjd^@AIlx! zF8CyQ7+WDZenG*$sUajz1wBk)R?7E!0}IpPL7+NHxxDE`EV#Z)VoRrSN4s7?c5*Fr z$KL4U6{29OFC}-$>rM;zhvY(`p zkXtSRGS~F&N|ZiOjJK4WAo|DhY`Yo)#lCqb7!X;WLZU;`7VWuyKi~25wcB)mVQ~bD zkU}+1&}{l((W&`2@Ky(4K{@jXkfhqv$b*?U6PYcuwr#Ldhpj`R&7kx9<3R_sC)Mam){X(^u6 z>fVEHA%sj2)q9h^3Ts_75Fe7GwM_=A9OV*?DCUH>O+iF8q_2uU6ef&{mKW}q3y`0WOP%u`r3 zezOzZ4G?moaCOLZk~EU0rmGkCQ80~? zMP65C@dtDjzaWn*R;pneI;xoUPONn$Z=u46472_#(+`)J{5dO%)byV965gR2!wAT@ zNoU_JN#^HOyf7r#1wz$kf7eqR{8ld((Q|dwzx}^-s>KIVHh>)uiL5GPrE~j>Eka%I z7KA4)S{=ITSp;!psT2Lj@L*>3pW^+Z)E2p5r@Owx+`EA$m3H814DMTp3#7EckAyf^ z(V;G}J@**piR#*$D^$0;1rcXEWwg>y^>VE?`;f*bW#w<|T+PE*uwvWu zs*4nV3qez;u_vO4y=oimY&DA63M;NoI1_aR?6z+Z>#+;d&7Of|Lh*hvgvISc5=q!0 zW|=yBrQ^Nyrmw|1mG{rRUB--DVPVzqF98DRWMBqGo zN{i{O=%Xx3`o$`wo+gluMZ^Qy^iXrIXUMO+z$)A1#K81GW%y=JE)+SmocTt2H=t&o z-fKWD4{nLx_iK?l!acxyBptzXmD2*=g0N~~xa8OGR^4Lk<`0UY-;iK0=YbG6Vqi#3 zz=b5U?ZH)VNazmHdUN3Ya8*<7Ke2#a*{rPgv)*$`=RVfvGZVGasxce4x(d}DP% z0_NAu!K0H72L>u|+{_i$dS2sCtomd%F63;9{Q5ZJwwPFp9VUQ%+3q!4qi2{JN+B7q z{p&%9T1&o<>T3om-H%l7`q~V7jkkXS-5a71a6r;Q-5aS;f^i-kdyz~}) z^;FK~fqobC(k&Ytn$rPS1<+r8u5XgNxyZvq-?B5&%gY^VEcZ$ODqshjD-Z14a6QyDMXm5M^O`# zpySRSuqasdet@jSuqAf*j0UJOjA^u80!=NbvNs&(C}l^PDOv6rI@NWxCuZv(H2uCJ z5F}NyP?6qJozz2C98pq@GkEpfRX529Xv2#7NK2xA7)s=r=P-A34nRn-I-C;8(z=S@5oVdQavB8<;iNY$Z@gGhY zqmprp6^htZU)eDyZCZOrM-k)N10pf2Z4hB&0p-nVRMlm5P{2@|Y|-J1>~VItEA|P4 zYwYmn1=evG9jmp4i(r;^KGV0do%FURcx9r6-)E%ZIx%N6@?}pdmG#bE{g6cn)^!gK zL6>*|aV0!P?$$O-X5`^~x2!6fH|O;uCf1Cjsy&X6{da37-wE`~MoQ|CU)plk`V zJIk!GX3rdFmpIYuO7{;TUtZm|yUDKcZhF1&4$r$tvVxieQ!xx7OZ7#8?T`3N)A%8q zA!6pQji{NHfe`)J%=+#~4;L+=exMiYrQa&G7Q=uEd_H2Tt`{_ev_Qy1muA)In@h?X zyB<=CeN-+F%oF%R_@p}Kd_Ie-<@{v1bjpx}4EgB-b!3~q&7~iUw&YFg zQCK#2cCD0{&oU`)W>HnMV1I)ZWdBQ3E@bW+BNFpC6wL;kHP}V_`z@9qBQtrckR~0Ow+BMpJ9XpOr~z1W|YUb*A&Hx6p33 zy480F9U}u!Mlbg=sH=gDbxd@172z4AfRO~${$C+trXLG690h@DcNglqVFg@NHGX878i-m(mRv=LPU$ zq>bZpY+=#saxB|tc1Fjzs87s+uIw^6ff-}L__@R%t~9O3^t>oMrW2V9;TxJ%(E|qu z#XR?E{S-`hjHxOFVV>|P!@=4HP7l+W2r*{Iqa)%$9dGYMEL(XmzE(UVlPt`gTae{A z9$#6#+AwK;tn^QgOQf6f2NsDOrm0Wpoz7LQ9~OVnOqVx)zx4lC?zQm&#EVJ}j>Iek zOQy3T7L`i+=T!rnv*s(DK!@o3fb@JOCvUvm&bw3CIzor! zjc!tp`FmiyN!ho$Pxga=o7CEatpqcTroI3zK+meMx%0Cslci`0w&X|gCJ=&Qu;TN# zijT=^dOW)u(CTN@O063WY00te6F_H*ovU%F^H9NVgX6BghQocVLDASa@PVVl&iFh8 zN{82hJtf6`R{mUs!*pUmalXI1i% zNL)a=DQQ=yUW^yTewIlFwj08~JKGI;xwq{P_Lbp79r)7HwkBbNzg6{xl0g_t4V`*^ zj0%H52}wtG*kfp7U^X9_xSO(i_b2h)srrK!1>PfFlY>yaq|T=N`NqsFxJpcz zjTh>*21crSHdV*%nUyK74&yPfJ#uBP>!+^Vn7%|daaAY-Ih`PiZ%t_J(%if?V^1d) z9tPV)LtPD&&|#gOn!gJYon!cEIF4@otIf!jKvgs} z3~rV;dr(<|OQ5)VjS7VHyb`|+S zX;(R=Cxu%I*7VtWG!&69V-4iYFGYN7HG05$H%Qq8{OBK=^TKgALfl?;7_ zLTOG%k6d0jDHVYip_od-*U#&#R;PNYI+7#Z(_-}B*|A*RNVs+NaY}RgUW_dB zW=5`-X7pCtf^oaf_4A@Lp-}==Qa%~54Di&r?H&Md@#k>MhwmnfTPoE3LR1GPr*)%8 z3rzwQEq~IA6~^ZFPr_s;w}$eZH@3g9DwL?Q)LIRDpq#G)w2jWl&E+JhQ+r$W{X2y0 zC;@86!}?fk-RPXnsle9oziKfrwabnB((GV2>5vEi+KY%Vt3$&VU?7dO)q*c$7ych; z9uZ=SMbvz(-iba^(#6$=fMPsO@O58N%37`IoOpxnEXHpS-ZuZe(TS=Z?Mg_&`*-}c zc#^*1OD{1l#Tbm6%bPy|$T4K#pGjB|P$2H#^2|X7xQ;+!O-|>Lad~NrfYn4zY%V3Q zmi82Y?3;Ya`nn;`XiWZR6g7wPBn!yQ9$5)_-bKu-Oh!VVkrOHAo+@<3Q?S*$uj#B8 zjsAu!@y9PV6bankp62u!Hdb^rPB#-Zp<%E?u)Q8gz?$rTZj%vH52if2JfDKgD|w}Nu9nN#c4 zhOVF)oK?l# zL`l)jn<*)yZ*B6}zFEY79iP9si(xYVj@!l||EsN^|9?%U|Hw>%*xokGb2l+z43Zz8zUPqA zg%c7plbJ0H9S$2^Aq!A(wRi6GMj(hZu)q)Ty2^$nsF5Euq2($67p@c4mm*c}o!50EiQeXVAGm+9Cdm7SET3G>l z&OY=*{`>^_V|?y@jHOd?!{-L(hZvto@{Aa%U95!PXa>k>mYo*n!LBFrex2`F+{~As zDhu9GxHnwnl!*Euyqn}2P;VAVB2(N}X>KZN|9g=zXbc}IE1M6JiM0rEzGgG*(sE~| z|J%cF47p*H{&cFO7g)Ba`7#Uwk{Hvtt_Jn-`m6IJjh1BXqRfxxe`_x)+UDrma>HS7 z49>1*nfMz7d^-nx!z~Zv`O5ZD$8Jcdv)BeY8IY(=?BqANAw3&j>I_gvoY(ec9n4Y? zWydYqLQsv7I}99hMCZDnr^FOY$O!L3&AOYP-dQy#1x#NcxjuYN!i{ooPskUi7g0X1 zG+T;hD08@(wkZRM34}0cmhQFVR)Q~HdD@nzJ+VTIYm~4&Vza~dAV>S2_hKcsCnRhSq>JM=TN1T?32X6ORCB|rE z>z1HURq@kMPQIy%>PbQ&=^9kQiB z?@MLownL0liqi0}l)|)_day|UdU18gKS(08@Iwdjq*AcLX43Jg8I^a;ErXvDO+sac z$#u;jErpQrS&h1M+&@9|SlHN!EKL!Wjmp3R372#-$%5UaAF1)Xu?XuLi@n`v4HO4K%V#M~ADrJqIqzSLfQ@dYd5gb(Y{xwP!@uUCC5>QqwNdrlQ@& z%#oI^zsKs;YwusGsv>7oMUMz{YGJh>v{6dO3ETa%cp9kUC|qLZ0r^R$&}8T} zI3^qccSOqmV2oZHtteRHb&_X4(_1|jCSG9#HOkdDWdY)BViU>$_pma~QFPx+bJN)& zk#rshYB+SlU{4~!LUI8piJfcqX4ml6C>L)g%}+ z)uqJRB}oS#Vo9l7at0Cf5?(Y(*aC!vOE@XeIfS`BHK|CHbo>_>Un1Mc#j0X}8<8ct zVQ__w`^qmXlgsVk-717{*1)ewhxu*%cp7SwdI5tJRJxE%LcZyBx8LXKG4J^?oRM79 z0W`ZBRxmC~K%cX!&^Km@FK+mKl%|OpdJxFI@aYQ1Mi{y!!UNa7gnq&YR13fLaZx98 zP5Q&}-G~;jegp&8A0~s<4pZA))5VrJKwVx~*&|b(hQK!dUc)b`yuYcjdjoQtP7@lgEWW|Ww!;J`kGLXB zT&kE9M7>3!o$L&qz8g*f=SR#Z{v3NMSVhdrbfjfafGNZe+|;TGuh8u)erg)rzNJZm z66V&50_6=JkXc1fVGsELO;J$2i^+1jR`X<8ds<%ACK~E`RbuWBl4l# z`r6H*JY~eRSf7aiks+NN# zSY7RWCf96`7@2j+0%9oL7wu?L=qeh0JZBq$02;eC>R!Cpch{A}NpcC{CAN+52})dP zECyv2Y78Z1ld;t6W%u2b;uXIK4rGQZA3;OuEC|9#XR47P)IBb4N_cOfF?4YiK16H zHOp~U5y3O^-`GJ>Nmpw;DaUAMlhEx>Vgkl^erZ!1q3T_^(WPTUv*yT7bg=TRV6@YC zv0!~_i!B_1*C?>A4@kL$TgR&7ti| z0%Wl1-!IC!oRFFp)pE*R0DS=P;dgEXgRPF);M+5>%}a17fg~bVPyHJ_{9}OW7LPY3 z8nIXq$tmBS&HCwC&O9YwJIq}3Nxy8mCM|MA>2%NK$MG34yOi?;&BU)J%vqQBFXlEF z2g_+6&ghA$p>a3Vu+$x%T7V)sK+W7d zCQ7+^vY=M3?PBXm2p%Jw4s<(!AX*EHtR_>JtQn}HfU^8EN(;~G;c_Dyhr+BcVR|6k z_~QE_qn->mW{ibe?;wJIvsJ;C-WjkSX$=T**v)iy<59(bE#J%>l_D_Cw+T0Vz;sgw zl-cV(rhH>_s?pOpuyy)zM>X`{qkA zxTF4aU#&jcf>v+G#{;yj7`#+GXEBw)Tp=&M-*)dVC|lFc*6U08?=8vsuvz*!qt)r) zMBhYhYG!P!#q~I&+ZG-?>`-eKPq$;{3*~RL!zo3snR53BOGb*b{%T9fO6zp}I<5+K zls6+*4tL?F#JN;q3g|6KT)M7$Ht%@j^O7wb^=U50jHtTAFHDa+mPD=JK&6e=%`Hjq zmM#bNGl~GmMfQAH}|Kmhy4i z1`s3dEM%}dnBJxu=C;bU7^afxH)aX7SV1iN3;e;EXFNH()<&U&-7 zV%ko-*fa*ey6ypgD_u^vv^#reg|kc}3ruxh&W9NUaz<(biky+VywXku?HKT~D-RTJ zG+ST`+nqNobGM`Sch=8XjanF()SL(39#e6gS6%vlz1i%)o*!(Ua{UtWpHFM|Js0M) zog=)6a*ErhG5UKjy*Y)OQr3FpYTF7jKHICiYagd?8E1-c**XjCxltN4S{F`O^WZxE z*3Vu&Vm z>4u}XK2`(ox|OZAs3s;e5}<>E*sYw{d@bY5k1Yd!hZZzrM3ZdRo(+?cl6Z;XG6 zjVE^;O=$4`Vm+??huu@{kJ}B-45H?Tj0=7KW(QhNZt|#3rfsx9j-P8zA!?=3LhTNe zo=?AbURX-GG3};FNe*7n*ZYd=_S5!hoLvv5cXy+oPIK+^>5~oWoUrhI=}x2!fN$)t zu z0;V3y&i^tqH;c1eR?v?y{ccFp{Ymhh0h_MYKRx6YR%V3$Mt5;Z_}MV@xv>IVR==R=r=W<$m&KU?HtNCa8FhH)yuz) z?smR`xA{;~T%Ed}4gs_Om-1@NLz!3%pb7Z=e%67tA4Y@p*lc(G^|Ben1Uglkn0-5+ zszpPTrWPVw9d>v7B&0=AbaCcj$5owtEp*29=gURJV311smCjoN&7d&BJ0!6rO@*wISus$b#3tt^7vx}eLO+Y!8jl7cC@`IjbL4-E3Qv%4(}IBOYCMc8pkEhRI~<?mS zg0@@h^%Zc{-}Hp^pTggyVG1o`nrb=R;(lcmf*YZQ+EV6mEX^KWn&J?Xoerjqz8xSv zYU)+4w+ApGbbhIlFo9+x(hRjku(Yo3vN~{(uSPuKE{k~^ksrzR6l!9JS$?lmZ;$@> zPs`ynEi}YpXwa6OEk@Qm)e7C?X)oqq zU5R@pE|UG31(;3a1MTa^s0Z%**sXRThO{r?0zT-b1=9N@Qfo=r8I~=XlSS4_$74D_ zL}UZq;mp$fryoEfa6I6d$-_&`)eJpxeFvh?U-%D~DB{Uyw({eXG8o8kBpEHp;~#>L z0rg|?lS{cyXX}V=WuT~+_wN3DT;n`y6ZEe18v~Kk&LXgjwthuCR+}i`GN4#cqO{~O-dOqX_ zbx_AEg>IlQ-Qj_C*f@hG+0!Na>rJ|T(5DmnTR{#9gBC@nFbHn=L(||_Pp`TF6I((^ zQw3~;^UjC{!XaEcDRISO{}1=@TWg{R5}|18PQoMJQTV4Xc1E~DI@4eEh`%_V_4d?s z1<8Hlo(XP5CS?;L5C3+tXpT$eVcG7fjFog zT;q#Vu$hTS4oAt=@aYCwwTHf=Uq!5ax+J~5qcnmQqbHlvnKQYI2NvIZ$!WpEnrt$5 z5IXzD;aVQH0JAg(f{l(>MC%^DE`AhOv{rOl;f4 zeGd!t7%`Kt;1<_ru`whvV!yVI z$taE!qlu1YY~3=mfF@h2oAh!bPQbeN*0|b-V;#`XcZegb!phIo7VuC#U??uz0zv3F zJdqkzl-Nx(i^C;g~G_yUM|y#YyM35 zKCwRsx-D)v6MUXWHKih=LTP{IMHgd0^nHq} zACH&_Tx25!$=vEslc`v5VB8DWVPa)}xkgfGj}a@_>|3EQa(|SoPtL6sv}#q!opk#p#XucwqF3mREFJbjNzaTVQ^ot*@S>90 z`}jCs`&o;3rksO1p8D{Wxt3n9k`2L`;2Bp{zW&AkTJId{?e110mDa;9n04=vq^k-+ zVd$c@s%fm0h8|yLO65AhUuj3PMqQOsM~xs15?XAolU7+M`Y1xK)@IAhk3CN;qwxje z{1gCsZhMzsY}uZtaozsm1P3j4ln?~{YI-)-KEuz~-vG|WbT$=$OCXF{_`q8g?)c{7}pZG0Io&9=(2R3H{5?$J?``-Is&{Mci8xf~3nl)4NE!KiZ= zh~M04#*So4`w&;P&Mm!@ITOexhAX=s+S`B=mWavlUYh*>+Vlta|PBDa7x!!@3qv z=E0_i^!PxvZO*m;!92*{>J9I=>h5>H56WUa3)X`^>B#FFi$8r*XsNa3a}Zl7eO~V} zqp!V}G>Y*uG+Ew}>RwxM?<4CgGa8w&*Jv)`a@atW*81WTmd9MVM8G6kHyAW2w)-KK zYRRVxI{2W&zgr{+c3e?2^z0PBI>~vG!0kB4!*m+x2DVAu>qkBjQS`ko2L~py^K(O^ z5-x`;^EISQCR_H39U*oQHiWgO5L56$yHS06g4U_g)@%We_}qAjk@ zdj0$sKNPp&K7aF*JQUBjKmk>5BZ^iHxi{pBc>^-}mqCF>eX0qI-9xXia2sB%T^yjq zLR+IAsj|4taJHg?Wg%=dQcosVEuO_%+3b(zEdkiX67)AWIB+8*pBglvteX1IfBo-&0?uHGU}9fu4u%2LJXVs6%Oua_6wXasaHpNMk*pH_J{Pw)c z1$!vRCbpUzL!HBcor}U2B)q~_b8Q`V97^88P}s49S~GKL)pcy0eird;T9zFvR>`kE z#5vM5k_?<-zV|O>I~J2@#e~+gph!iFdz&Rf=lkE22Ww#DJr3IDj7Ztc=E4|v+8?)C zPL=xTJRQVt{bSxYXI{cS#PCz=kSc^c;tmTcMPnxgdZ>6CAC2r)Fv=i;E0Lb{WM z>+oVNF=9dCJBpk0lYE|kXDF$r{*a^$+X#TYa3U#bcu|#K84aN7dsSS8LsMY+=@Rgy z17;mHnqgcmg3)U0dt={9T7{lTR5Xipwcw%~3thE-d@Y37w`=II3F4VLZ+~E&esd7# z9^ys#apnC|{Nikj1a6VE=y&%N+Ozc97;#VgfkMUpk}Hp&6u)qTHN3;xYzN1hXfwF) z7d$0KHJ#_h4AW?p9^0-KiVA1IXf^_38~#5NFt*6Ql{Y2|EK2jt6aVC22y5;{eDm=8 zt`vWJ6;ulMOOa>bf#*ucjLpb9>Gp|R^n(L-t<+Q6P#S50lZo5m5B|f!3u_^YhiX}N zMgN9uG>(ouQwL#T8+3Op85CKp+;wXkQYsA-QO2^%9C~HoL~vRZ!O6m%q@*7vA#V*T z@`L$X*$g~Lq1LTBK77##lLQxXI)i!Zi6X0N5$BT{0(|_Y&a0{AxJ0b&W{#qsj+yXe zYQVicjVWvJ<$FYsb=mR|Q7iLznZJ0)H$Em?*I6he^fuTDichiz1Ut1FI!-D zWQTVf#BLo5*DH@t$-OB8Is8%pnob9@DNXMGsJzRNWBx~C?-};5H#Hc)^n&A-Q3EaR1CzBV``WtL zZVR(QJM?kHN4kTJgNX|R{5Jw0-*N}F7=u3>1p9C(97$m@Zff$DTH$#Me@sfseL$%5kGCU#jPmQte^18 zoyu+|YK(k*N>xg)QyIeuD}+U9x_7*LAg^RbhlYi|eLng?A-p0L>pV^yQ<^U4MM;OI zb>j$FE!bE!{Oy*9DUU)NsCjK$0_>huSOcB=$iis!(*>4>?s&EejWyA!9%A0Gi(yEH z7p$2ulZw9sEuvE24@~bTzSb5fLOqjR`#{Ot0EnB5DcbjI{Iz2;JX)^6bi^uQ1c6Dk zY-shv3B4)9$9=>(R9&05Lb5zyK#6g3Fu&i&Gd_$o{v4&`?e z-$?iS7PcbHSQuHNISZWLh8@AjK0nxvO+X13i)V@XbSL4F3_`d>MqJvF5M;gm92M$a79Zzm_;GVdtY{|FN7fj?gogLgcg~ z%O0(zpEuon^?BeADi^O5A6dla_Ypv7YW!omohW+MkVgphymg(>5|u-k6z&-?D*Y3y zOm`U#UGzHidAunOCqI4l7Tb_@JH}P1!CDhJAV6ZKj+~Oyy?1|cjpL2vG7Uv>x>ujn zvPoqin9LE8D+l{u8mIE!(KV2QHPTHPk;y~f5`6cXU-{#Z0-p{kgJ98rmE$n^v~~Dh znXm*eWCm{AP*gJ9FrUxdcg8zmy(F~!U|zpM4$=oI{}UK=KMom?4>F7%wa~ynE`C>| zg3ls6gCjatYQokMSP^k&Zd#9?aW`J|G{_77CtKIH;gjtS3YjfQrTP$VffD<`41KGjF0#Ny%!RI6@7MuR zLEBY;mUf@54k!knWn#dG3R$(mLbOu`k-Vxjz(za7VAHz$TNWdBj|Wq?iu1BuK+(oV zSotYiEza?(=L-_i&~wiW;xPQ?@N&Xl&##zB`H_&w;(CQsR($prF&lx-{Uhig{Ur2H zS2?Gr8&qmb94U+Q=+x}Z;k>Sm9Sdy_<+s4>c%DFN1WmiN4Y8i)%835K#KsIP!xwL! zfHsUOwQl)n9e=u=(_VXWF1zr?-8w92r|X267LQ9zmlQ^wkXqRdxXD@Ht6?jn4OyT@ zPk9pHB*JVMeJ23Osc3?fCRokBT_|C-+=Gg%_KW+Blm{9Qm*z!bx*2@Yj_8zzQ~$me zk*l^TA)62P+x?H(Q`yd0``P^|$4TVY)pfAcHqL5fP3(fwZ`rHFQ9M%O^#?kzdNF&AKUi&KcSeC@^?d)@IqT2?(+pAG7m?1x$)9A zokqrW(OSqg)lK+uTydM|oaAK_EhS58c%z}IPI!z|Ed|6if69^gt?)%L;svhKb{ohqH(0K4wu2 zIS;>tPP`C}f&>BFg>yj|gYN8bCZVn&Pv3tE1SXI%5s{~(+^fwOV#0R<9kB&?9?@Fn zttM!Z6aAe&K4Z}4D8!NDED+SQexLrVp(L+}T{6(>_zK#*WOz{ki*#*16Up+_n<*@k zZ+>zwRU5`-&W64G{Tn&J=|<3rP%roRJ!CZ|*qlIBJ9b74-E{E}i`UPOv#CsAtI5j3 z<<%g3HSknDv|!;ioyP*{g8BryY+xPDxOyc7Q*_ZyMc;eOU-{LP*f05hXS&G;y=n_g ztU~-;%q%}F(pMw2w3mjAu2E3Fe|Or65McLtznU*2@rC}uK|jctElm8{jp+-uRLDg? zhvNxe*`X=xgz`YNC){qNVW4Q9kJ{Ns6MFn_qi|RBh-_mLed!WO3X# zsy}h-l+4wJr)*8z5!a3s&zq33B;82i&K_~1UlX!51ykX?tM!9M)=I$vdxGmRzy0td zqNG$%2)R&myS4})0DaeUsoQTu0>F+(Mj>o`Y%UaF11xI4r`hvn=8HF+DUsW&9U>t1 z9LVbj{1xUZqzn4nr8L4;UbVUb`|7V-m~&U0`4XyiB|DvW*5bz;Gry&mCSYKqzLADb z+EFyKCa;W(gbbkn^LPttWa{bk_S9;`wvY<(m1Cu>`EgoKF9M-dsyZ~~ngXBDoiY+! zTm${B*vuQ*dG=Cc&{8*=(&@e;|LeG-s z9mam{e2<^eS4sx#{G7SF7CW!58f}2EVkOsD(oMt?N$*mIsbNRDY4Its zGiX?cw+56C$*b?$sD7Yy!f$(`!B%E1f_Psu9bRDKnBy$JsDuTeFHBCTNvT_wWAfH zU~yL;$h!M<0BNf@eR&2YXC_MzMn2eFH5=hGWO@*pEo|+o?42rRwb5~1?mRRfCYA!4 zg4tyRPyI5t_6Kci%CMw=?h8YWE^i@YiaDY}$mxnN#z|w*~lXKOwr# zwzM9dLv;3*wtH&eolQ;^x!rxQLm*OBHv8qYQ5(&5x;7qUtdjEYwiB^^$eQ;hL9D!k z2KH-x@r|?#Rpf@9UP1*o(X0BDE4uaxmk&9?HCxc@-L9nb@J&#a()C{y;$PQzw|&L} zGi_K&B1_?e# zFQe2|hRwK{-Im@WMO-#Q_&2gqnea>7I+5($Yh&2ZhmON>?H^aSopJW{V!cWc;ijJ?i(E{|_`=Z?KJ|H=kWOIMU?hIuwG zy>d^dnF8F!`#p+14&y>*YjYA-pbhDyD@ASJLdkAYb!F?^D6-T8}+i z<_tl|OHZqqRL94jbXX=1%QFmMM(y^lKCb)8Vo+vsmyC(Y->=D&H8Fzj75!uCJb|QO zrZ)78$T=b0uz)8nb$a0zEa479h(`8<)qy!U$IcBXT2mI&OQV5Ft$bc4F1Z?T@@#!R z9d#8uMrPag#>YFzviQ>>KBnhB0}OWiO{nq5HdrE>rszVo&rO(RBwd zOz;9p)ex0UDY+g!)nPRnH(55{pwz=^IqC0xtoDlF3yHtU7<%8O9Ms(-5sVj)|ba~TZ8_M zzVw3#q{qNd*jYxYq;If%dK4F1?J>TdtEXSd7veqIEG6Bzy`OGL+vOL-@3kZSFpyfm zw9E`z9Id=daql9lzY~jiT|8e6-c!R` zUmf#2PM6>0zKXhQ)vYPdXpb{G<3Ew+RcW)@pDIYnaAtqscp5z8+fu{sM+D!!!8P0E zzWUK*vw;V{i$b(ODH7o*L%75?+=eRZQ-d}!mThX`v8dh*G6O|t6IRI(|N5$f`CL;L z4V0m&u4E)p6L!RRYPVhReaG;oxK|osL=5VsraH-p5G_b%Vk}e-f~F0I12Yrb^pYzU@n#RfyPL)3;fQek`RT+ z%si26-I$)<*4t$$C098qoxh{=)w>Fcsvcb71XiTR3V5hjCT4fKV7{{kI%tuNmo^M9 z*IFOjDdP(PTs;lH-yCO3gyQeS!C;uz5ubA27dOS?ie^`)ZJ>J*9D~s@Q>bILUMly| zou4G7t@(7qa_zq1rF_Zv36Qws!^#xOJ6v-o$BY+u2w)_o`$oxhCrCMWSB@?4l-Hfm zE*e(VkQhB^UY?S%d!BC$>MaPH_D8kT1mrQ&1uHyj_WU7`qE)VOGiY0`Vz4^5H*Qi< z4OtOdcGi8qt2SaG-Dn-s|00R4NnYX9#E?I8-zuD&j@$8f@lufZ7Ek8~>kiLLrw;Rz zZryMd)U{i2W*C{yRGK^fbuK3tM+vSWqE3sDyz>yCxwC|I+eFegcl|!op<(pT1z==+Qw3wVAwZ^-F#Psc0uU-ZO@u(MA3A_bp?wr> zJwF4tDf^Xs_K}UUSUlb2jHoN_(dW_UU~#aNV{AFBUyVeLGw@c1S*npx)x5jCICbx% zbB%r}j@DFhWBfo+z+~I-t(oTWJeS8w~C)^SS7^KzT3tNn9U5)Ud z8aMMA@^Q4>T&FA6V7vXY3vK5RcCeIc4x9Z2Dq%?U$l&;4rE=Q0OxxkRxbuVA*}8KX zclShwn=FathQY@H7BA~c)XE&BJm&%^Oz)TBoAVQ#i!nyENQXhKAtN#ZK?$i{;H!2H z@59M#g^soOZ*m?&kXjtOCSY(o$+(DpP!$%8c;YRHsQF3rOW>saXS-Toygd;3#wAfj zeuB39WYHr2r;WpqaY(uF7f^6_gAD-s=T%tgvKIpQKVzPuE)$f>Zbxyka}OYLEZL%y zXJzznz`*YN{pz=gks?|pNJG%ZV$JCasx$2++&if5Z&vE^J!tg0P+q9f0TkcNIa0DS zCND}9mwh&&uUDatH$?JxBiHki$T&$e&(*smrKE<|_82_9PY~dwR$66_F*C*vD75*I z?l2I@E2)GTKJR8U1`QOGY+h2j1-rTkBX!2M>)tndfXi9_G}}Y|+CdaZLL_XcM7HIk zXl_6<6l*0)BaV9GhxMul`8JMPM3R24@G)I3-DcU_G@!clM ziR?4Q<$mK$LHbrQ^k1#q`9Bkm1IKaFK2kZ#Et<0=q$K)Sle-)lNn?bKQF0_En)cC3 zCdZcCX^vQtJJ;MJ2$Q>n>(UhWk_b(~nF; zd_Z*lYW%0=?cdn!O;<4Kdu?IuV3-!LQ8Hu7N(S)q)Z@+o+NZgsN%(%llk|yQG zF`=nj@h=HbeLsywFwPozP3A@Z<9l8+@Ch4TU?|-`QgStM0j(hlJZ>_T3A?Ud4rsEe+Hy@y|?WnM_u5 zc^ZP&bM3vA=i|RTXT9kg>5l8}4F_aulR{ANQps?zlPiQ1te!eZj2cFz!&? z&g5Qc-^KwEL{HZnWBrpt1|?B#bm#ns*Hlld9l_x;<*Kb+xo7To8}oBUkv4qaFTnB(#66LY~l2{Q8BzMnPYAz6lcKcoIVSF^{$-Cgzlr7rIw zmP1}^^egCZQ!}OYODNrt@Jg$DNCkT6!QP-y*aO7Z*;2WYVf&1BqP~OP{H{v9`=WQ) zec_1u@hgz(QIPg-6XQ8heOPL$r)~kd>v&<#j^cJ=Fle!YP&|Gy^)b4EHGS4}rR91h za$R{haoOg$x?bwTp7xaUyWH4oMI61^+fdZKTfD#j zjJGu>?hg(R5KsTPvp@a{61yHeI^9^bW&{YDT(ed&adz>EFT%=t_jY@*+_zJXDo#hf z_ll27cx%*hg5>+rVXIL?)j9a9$iST3YpfU13lM09KK$LO%ElV9D;*?Ct`f*Ck0?HP zFsvQ>leZ`^d+1d{cO-4>=}z0pj;GNU*@B{AoK%EGjy{Rp!OoaW9n+gwzsj7Yw9|wf}*2TNh8E1*_y>T zU1!aPbd(jG&BOTBSM>hjP@-jp?o^xjxiLB_YwAtwK>#Wx@=t*l?D5$t&v%+s z{Vn0pi!RplgN(C2ZO`8R&4&It?R=N@b{<}po~o>)A#%}DTj!kZa3JmYQp8G30pJ;4 z5;KJ==2$emQzADrg$;6g6PtbP?Cc5BZ3pLmt$dkHQLj1dDQs6wlkyK6dQ0A-F{ERYK_e2c#m-Ip`c*}1A_3(6VnJp8lX)g!AXO>+DKqEj z)qV)SRO~^cCBkU@6NExfy9wDZdJ?X)@8oa*O;9K{fl{HOG`_C=MEON>c4M-#vxakB z4h%k?_0fOkc2bzk^yd{R30Py^?n5CxRv%7oqD1<&lBMorKStWyrQ0zRt5PHIQ$9bj zQo3K}3Si}6e@Djgt*gl)bE~EFv=ZCT5x?7ElZ77HNA+PJ*4S|u?2l1CDfSEuSU-wU zd#yQg#7pGY?t|_gyOWs3w@wbUrs!75nvmMT9S2`78=oeCxul?rr7~_jjl1rh zwK_+ihhs=@ss>i(SB4~hRXe_cIcU?$OJ?{@Whw;nd7Ciq&Uu}0>3;mf!CT+DQ(3EQ zAELe@h5vGdpAeV=fa-KFB|l1v12~@TQ-72lwQX|D9o(=ZbccQrK_q%u_a}+-+Ypgm z(`)+k^YreK@;yH#R}^n_E^*UxiyNdA7`)1%YHlh&{fck{w?tiHBzXzZoo+uJEq7D65$4U zdyd(egHufmH$9!Eh`8dNVpiF*;N|Hz@yzYRtd$ O;Hu>{i!w8>$NvC!K9(f_ literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index bbfc235758..458bc46173 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -131,37 +131,83 @@ If you want to check how the ticket shows up in Intune, see [Use Intune to remed ## File for exception -As an alternative to a remediation request, you can create exceptions for recommendations. +As an alternative to a remediation request, you can create exceptions for recommendations. Only users with “exceptions handling” permissions can add exception. [Learn more about RBAC roles](user-roles.md) -There are many reasons why organizations create exceptions for a recommendation. For example, if there's a business justification that prevents the company from applying the recommendation, the existence of a compensating or alternative control that provides as much protection than the recommendation would, a false positive, among other reasons. +If your organization has device groups, you will now be able to scope the exception to specific groups. If you have global administrator permission (called Microsoft Defender ATP administrator), then you can choose to set the exception for all current and future device groups. -When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to **Exception**, and it no longer shows up in the security recommendations list. +When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state will change to **Full exception** or **Partial exception (by device group)**. -1. Select a security recommendation you would like create an exception for, and then **Exception options**. -![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-option.png) +### How to create an exception -2. Select your exception scope. There are two types of exceptions: - - **Global exception**: Global admins will be able to create a global exception. It affects all current and future device groups in your organization. It can only be cancelled by someone with admin privileges. - - **Exception by device groups**: Apply the exception to all device groups, or choose specific device groups. Device groups that already have an exception will not be displayed. If you have filtered by device group, just your filtered device groups will appear as options. +Select a security recommendation you would like create an exception for, and then select **Exception options**. - Some things to keep in mind: - - If a recommendation is under global exception, then newly created exceptions for device groups will be suspended until the global exception has expired. - - If a recommendation already has exceptions for specific device groups and a global exception is created, then the device group exception will be suspended until it expires or the global exception is cancelled before it expires. +![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-options.png) -3. Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration. +Then choose the scope and justification, set a date for the exception duration, and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab. - The following list details the justifications behind the exception options: +### Exception scope - - **Third party control** - A third party product or software already addresses this recommendation +Exceptions can either be created for selected device groups, or for all device groups past and present. + +#### Exception by device group + +Apply the exception to all device groups, or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.” + +If you have filtered by device group, just your filtered device groups will appear as options. + +If your organization has more than 20 device groups, select Edit next to the filtered device. + +A flyout will appear where you can search and choose device groups you want included. Select the check mark icon below Search to check/uncheck all. + +#### Global exceptions + +Some things to keep in mind: + +- If a recommendation is under global exception, then newly created exceptions for device groups will be suspended until the global exception has expired. +- If a recommendation already has exceptions for specific device groups and a global exception is created, then the device group exception will be suspended until it expires or the global exception is cancelled before it expires. + +### Justification + +Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration. + +The following list details the justifications behind the exception options: + +- **Third party control** - A third party product or software already addresses this recommendation - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced - - **Alternate mitigation** - An internal tool already addresses this recommendation +- **Alternate mitigation** - An internal tool already addresses this recommendation - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced - - **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive - - **Planned remediation (grace)** - Already planned but is awaiting execution or authorization +- **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive +- **Planned remediation (grace)** - Already planned but is awaiting execution or authorization -4. Select **Submit**. A confirmation message at the top of the page indicates that the exception has been created. +### How to cancel an exception -5. Navigate to the [**Remediation**](tvm-remediation.md) page under the **Threat and vulnerability management** menu and select the **Exceptions** tab to view all your exceptions (current and past). +To cancel an exception, navigate to the **Exceptions** tab in the **Remediation** page. Select the exception. + +![Showing the "Exceptions" tab in the Remediation page.](images/tvm-exception-tab400.png) + +#### Cancel the exception for a specific device group + +If the exception is per device group, then you will need to select a specific device group to cancel the exception for. + +![Showing how to select a specific device group.](images/tvm-exception-device-group-hover.png) + +A flyout will appear for the device group, and you can select **Cancel exception**. + +#### Cancel a global exception + +If it is a global exception, select an exception from the list and then select Cancel exception from the flyout. + +![Showing how to cancel the exception for a global exception.](images/tvm-exception-cancel-global-400.png) + +### View impact after exceptions are applied + +In the Security Recommendations page, select **Customize columns** and check the boxes for **Exposed devices (after exceptions)** and **Impact (after exceptions)**. + +![Showing customize columns options.](images/tvm-after-exceptions.png) + +The exposed devices (after exceptions) column shows the remaining devices that are still exposed to vulnerabilities after exceptions are applied. Exception justifications that affect the exposure include ‘third party control’ and ‘alternate mitigation’. Other justifications do not reduce the exposure of a device, and they are still considered exposed. + +The impact (after exceptions) shows remaining impact to exposure score or secure score after exceptions are applied. Exception justifications that affect the scores include ‘third party control’ and ‘alternate mitigation.’ Other justifications do not reduce the exposure of a device, and so the exposure score and secure score do not change. ## Report inaccuracy From 2ac3759958666b852e4faefb7249af4c9a608c19 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 24 Jul 2020 17:05:45 -0700 Subject: [PATCH 04/27] more images --- .../images/tvm-after-exceptions-table.png | Bin 0 -> 19211 bytes .../images/tvm-exception-cancel-global.png | Bin 13617 -> 0 bytes .../images/tvm-exception-device-filter.png | Bin 0 -> 20259 bytes .../images/tvm-exception-device-filter500.png | Bin 0 -> 26234 bytes .../images/tvm-exception-device-group-500.png | Bin 0 -> 18628 bytes .../tvm-exception-device-group-flyout-400.png | Bin 0 -> 12506 bytes .../tvm-exception-device-group-flyout.png | Bin 0 -> 14781 bytes .../images/tvm-exception-edit-groups.png | Bin 0 -> 2004 bytes .../images/tvm-exception-global.png | Bin 0 -> 16485 bytes .../tvm-security-recommendation.md | 26 +++++++++++++++--- 10 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-after-exceptions-table.png delete mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-cancel-global.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-filter.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-filter500.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-500.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-flyout-400.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-flyout.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-edit-groups.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-global.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-after-exceptions-table.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-after-exceptions-table.png new file mode 100644 index 0000000000000000000000000000000000000000..f62d8f66b631c3a4874273add18f989c89e8d1de GIT binary patch literal 19211 zcmcG$byQT{|Nf11r<9Ze64E6N3P?#PNF&`T-5{OPogyvW-JPQ#4Barm&^5pi&%yit ze1Feh&-$)seSWi+&aAVR=j^l3K6}5f>ve6zKPbuIU_Qe{KtRBela*3IKtMtVe&3^` z0)J;S&_)Aa7+++yoDdLj`yT&1Nn*jJ01l!#%PGD?+e9NHC3^~?F9}9Kc#a?^_4bo{ z=Khk8_os_2*n8sELg1n~M=&oXiA<#;B7(o4=e)B|!X7`e54p&1r5-=n^7wzh z`@a7d4sg={d;Xy<-cyL%%2rY!Cp#s(Ueg<61;kE;a5EdtBRl54U1uRLwrk`-m?JYg?UK_PS>@fDC$}iiI>W8u!{V_(;D8k%v zb{3oM;)zb{9i8iIa(WlCy@PEZ7Q1@I)07lA)Hxn+$TQ;(>Au=XMErecf2mp#@xlzh zhwY@UuYcV(#(<=|3`CJ`*>{;(Ur?c&}u)!B$XdCBzQaRc74JS z;nw3QRG|${5ruMPgT~<}mX)(4S_Xa%t~JNsCvhYql0Cg0tzO-!kM$gp?>61|VlX^B z=vh!&F?_@bXY%Q{I`kG3mUm<-ZXOHZyWULR8QZ}t+ooi_EN$+8vo)-x$71^u?sd4i zx)|DKjD${SwyaBdulw!5Duf(a46JI@vsIZV25ztE)B$_TxMDSjixz9N)Go6_snC)$ zk>d%Ss%E`38&M*an|J49mIY-HX+rnP2W4;L7zG7-guOtBoR<}y>*l1evx)xYS>G=g zJGXZ~Tgs5ipXzSUe@WboO-y}b7fvT|0!uv-Et<~!Wer30->ccfTk{uQAo_Y7r#IZC zs7h`w{)c4&wsXycuJ!KI_P~V^)1Bt6$}6lus-W|#_yk-MA3R%%&4u zyK`?`D(Sutpip$`D^HdOv(VI`)gU()`dXv+FLnbxX_jcGxHK;At;#b-Q)}DsRlk#4 zMKI;)$eZS3d@=GD+6|s=Z>-p=-b^n~^*L0It}5jV$qDun!=p1Y@#2>lTk7?I zJpZD>5&Qx{Kz^p@Mgnn#S$nRDEx25*;%xDw@>VO0@>Z)zVyl=f7=g9b1j;AI){^0M4 zgXZXX%Iz(+D$9=n@XX`;rKLF^MKQU^h?1fAE_VZBkZ^lzr6MQAo9HEpiaDc1auhzj z!Ih$ZMzr_e+{oA2ZQFcHqqp9|#WRkUhrQ-i7erV7n^WWF8W?031&K;cykO1$UO z6EKaA@;=~N8gtqS%68$?e%FUSZS95d_T<|cF8@(q`-65WL7Vfm5@Yh^YQ8^H0Tu;a zP?3{p5OL(gO(~SSTb?{}2_reDX3*{hSoMw5;;ULiP4#jNzBd z(QcQI+T((n@~6U?omrI>58#{}C)}O$h0dw#MjMDhC|fYfNw&Mt@{wTGrb)FW#A^E` z!|~#KDyZ(Q9(WnPb=0!!zOpq{bL0{Oz81RhQ@p8UEPG1tY2-#lBO~VvcR1B?_0adD zincDgi!$zB)OK}llD6;64c>El;(Hu9D9B@_Quz`MLBMPM44fsd9OlO0dEedy0%o8r zxL%aowuW$4(TaOdn*ITBq$sOW{P%tPR5K_o=Q!x>0`&Rp{`T8cR$-3s21e!Xp}oGd zkGT!J-)ErZ^MZp=)-;CzQI7l4ZmUV?f%kpO83cnv0M-n#UzxCkK$Y887a@y~F_`yJ z`w~dsZM)N<DR6oH915sbW7ZC>Doyg zQh3gO1igS@WOEzm@QCNOV;^_0!`jJ?)Xc708-y#SV7EKY2NX6FEA76;cN-;H6B=SR z51Q~n+liWi%7)6jr4G{ey-?&z|IbL!p&7C@|+0xYEN(6Cbr> z$N3RFOZwvX;^sXF1yb?NUT8%G3aRo&X&35aVs8wq=|kQ&CH|PUot8d~YTO~9QuB&Q z*sxzcQO-4KIJM(B-s|kI=ex|D;zR!d@Iyex`l@1CmA)V zCCDG@5pG&GJ1OSOAjknq1@VdoZ`#&V-gLp-GbTwA;#4DhLG_zg-=iXaOw$wB+cO)x zh6)Xo?!(NM^c19B>p_ABfn8fSbfub&bC@R%nvDyoXJHt{SXE-^ntm>M3Srrc9myv9io)5b?I44kG$9ZDSOMDvVH`m7l8es8;R2KFSWl*iRH1T6PD-C!aq{JYAS^KI@ ze3<3JOH9ft8L0fgmaEnbuMI>A1nfFZQ{bMQ6`fa~xElhYEkj0zN~}8Vp-&Z~Ufx)Q zCWWr_fVTHdo0}8iQ$$S(5D@?f7JxF+$v7;-#HaV4T`jd2v z-Pr3(12+Cb?}P=m%3ALoDic2^!VQbA%a42i&8jN)1*@fY zBlgYI{h5;QH2t|rYV&oziTmzx?D(er>a8g{6KeHU%01(1BfP&nvBEAp@SS_+3#X)B zz9vz&$?gNG*c+~Y5pbvqaXAV;nKg#N4u3`YAF@ol-D@(Z>c4kQvd-+7&YUU{1k?CI z@?E@0v98+9T0twDR>2$3yU1;nKJk2_^H;SLDn*h~50p2pF;>3W1*vabe;hFuE z>b1YU7IjQme+vsM@TAIeu$rRO>)9%B;|oU5%U;%nT#15pqiq%pMFMMnPu;8&bS92m zq)`g~WK_8c#T*eoW((X_u%j{5->s=5Of~u{@Rq%9FHn* z@0VqhF)oLxZyxv|b^NPg1tc3x7=4|Wnq zEO#YT!sGOMl`8btpNP9@!Dk3rl~WZJw) zmIUrCSsMtBkzq;-d@WAgGa3ohbGa;hrC}qoL{CW!&(gt3Y6HOgj4gMzw3M!uX5x%F zDRpzIwmG5v9K*njft+V)C7-yaJGrZ^Z@L0QdVBXL!ptm5?WQBtsWF{(Ze4V|o`ZRT zNK^9?==SNaUqCy>8OuiJD!#MG+hjm&?Dgu2%T+)6zA9q%ghv4BZnIxgcbd;QjIDzUwCZ7W}8M@tu5d0x#?8e7hdv+pv18r5%Tz=Kc@;t z0nnSFS3kJNk(~vWc{Hl)IoZ4F>k`YC&ss*e-T+Iwsx~!?ql%n7a?VPIKDkSt43-`fY#rdh{qh zyGfX)m(?og;wBN|EP zQP5{d`^ui}Y)t)?)17Y7lS2%oX(D`?kwjMGt1Jf>mogR+Q;ja?r9HlUzBFPTU2x!r z1vq?Y`q!Wz)42c3qOjSXiKS9n+HMm*$Om{>HUZ|(bZ^HPGoRpGw!oC>OuS~K=0j|i zJNw4iR>6i|Yo-25v5tGnm)HBL9nNo3s=G@Vb$eS#kUcCsD{;992?*jU*$?A1XLgC_ zG=}`Q=D4@7yu#EfgjBU(HC!X@;9Xr1sXLLFpglBCiygkjf0WsA{!*gow2vR74*}2r z{y=^CUpzo|+P|C79sQ4fzX``Ln%c#7#s7PqNpXv?xW5XYEb;l@@36NR0ss92hC{(v zqybccf6shQ^g^j7V`}2qZ-Q?;XI#a7Ey*%DlD^5A}QS zs%YJ1ptWm@lfxS`+$sLpjr;zw5uV|m_?r=wUe;Kb5m^FOm(@o(zWvq?7@B?;oy|L6 zkcD|4+p~-EZ@W!aXREImqna<&845%Yx~@TcSLfgOuTH0oGvTB9=vXvLJFzc2}wb}eKI-*C3vpZVrHD(!nM{m>)sf!B{zK|aA;Ul8 z@@+oy+m`bCUxw1Y2Zee%D^=CT74c1jbbPC$4>_KC=*Q|ED$E(};m!n6F8t6>kc1N9(Yv_TysPX; zNd9>tayQw^>#k@$`;gPt^`qo;|y+v_9ypxB|&hRZ65 z@$?Te-;XC<@^ATl?N`od-*}id#%2^7AC9_EyLv22(HDD<@H>4k{nJ`Dc2a({Xqr=T z)?E^c5s#02K)K*ddkV|iPpe8iXr5Qn>}4iTj>VfZ)6rn8k6s*4UsWlxKA6Vh@xt%EEmtmFiQI z{m#4DH_EtNr-jQDMt@dJ%G`4D)TUFXDsEX1XcY2E)oba+W*yF*`0D%INAlT9pL2ke zf0&!**;YF!*^Jj#|C;Jr69sQif6^_eLc^4iqi(RN+#osLmXr$k!I0yzpfalsv`>wh z1=sZ2lF0$^q!5*tn#4l*&P2n%CIwuZj?GQFTr(kQ;1LB0)I??*cSoJ*O@(k-mBBm9 zIrk6AbZy5;b4#H0eBjNqyG=^gL8P%S-oi&&9Vz4|9We?DciVxB+-B%O(MG3=V5jX- z&sBVQ8Nrxrd%~9xP7hDS4P5HgFI~HO^GYiB8Kz|(TXgKM4+gqCd)9b(d&s#7>E1c& zhNXfKOi!#f?az*^0z!5BfK3+FGuui$xWWtO1|HzGruC^0qYi`%pNr6-iPf3~*KB>+daYx8cw=hj=cz!_DZX`{JJFu+ci_6ZE z>u;dy;J>=0N~|4eN)87Z^^X~iSba@bd2Pz}dgSBdKXgs5HhvC%xt^y%qvD#l$;nZP zSa=(|^0cr?2TnD6sa|F2i)cMCa1z+*7u}fw<%_-xNJ_~mG1z{eA&1B5x#d1C^W_M! z5LMp%nYhsc{F{Q8JLZ?K1Cd0jA`^E@O%4hcwNpL)2vZALtPgG@*RPdDJQ>$S#jyib zMz7C!{TxEVDCjuE&k*V@KO$xz$eQ&hOH6vTF#xupiptNQT8M`)-qdn(=)XIxC7}$i zwpmQ>8IefPU{Nyk0%R^`W;x)_EM(N>g zpw8I6a3ioO{>gv~yRd9fNuxk{s;X3CO~H3fZ`%-m=)xoNJqV|0t?SH$$~Vi*ZzWVr z>X2XK;fD0$LX0TCQ&SZra%oe3A2+)B|En(}u#xwNapteN6s@ zyTTf}s6xe}i3($MdS?nze9zuQwd_c-5v!`SOZ%jTWg%|KPzhAUQEuER7(M0UVX4YO zKs~bU;VS@o{&fMdik8}VPBL!Zs=eP}xB6Fst$Z$4xXUg0l!dB)3^SGk{kDa5Pi3A z8=;Xj1_9Jdhxw0Fqf$2IKIhFRIDTHw<;+%g)zNovb1p1VHW=XPRZYJ&5n_QPb8$GZ zagBav|{499_<^I`{jZy2U+uEvAM@gCk5=YWG%@f&7@Tpdn zFEbKvIbqz}&5@BVAsb=gF;epP&Y^PAc@0Vn;SqAK<=rz51_dl0vE6yfdQL)C(yw@8 z%CJiSYsF-XOk96{Wv!q` zCG`yXy$VCKn;E*KM2yqv(+bwhKXTEbF$U6IyI%;%xa}wja&p#8L=_@;>Ls}>{?Lex z4P~68=GkR5N0f_tE)Tpk_8EkrQ)+s?DC@Ra_bFuxxKywEI{d^vds-H4<8AAX(%@qM z$M~s|l);bjGS`bLW1cg;F-%5{C$m!kSm*{I{JC1Im)#M?bDwWFO=P0}fms2qcY zbWr;07%>kh|4<{E`6Y?Q-si*SM`EbDJZCOeLPQJpGo48rW6+-2P&&uRS-U^LY;FW1 zm_VE~(s8GaATB3(%=Lr(-fdZ(Kg`WX{x%9(JWT=VDCL$P2X-IC7`2IDfZ3>c7m$u8 zRuD`Q?fYT8zscPWLtx2tC*S@o@9FI2!nXr^Q9{W(#!%D)il~+v%T}+=x}~0$A9n0d z$={z(Oxx^VsZ+EDn>Q3xxxB~R0<~n5hGk?87rJ!dxdK*^Tl)4oHQcfdrN>%ycSomYR_b$^Uo6jH%t=lmD#{#3Hh%b7gS|Je9<|zXX>+U zM+k>l!O)yELBFXln>i>N|>8`-)LF19%>%{U{1JNX5OU{4u9L+rvNpW)`_$ zfHV!ZmKsP=zSr}NSfttf!0AzY^dWC!!Q<#wROI#a%B9%Wv7v>)Ew}QKqjJmIg2;6w zS`!p4^6FgwJ}F7Lp3~%%-@`k%bcN-Ya|{Nv_;xiY2a;5Obi7IQ%xd#skuit!vSA^B zYG9f;r$54_g#INWAZln!Td@EcH~PvE!Wg@m9bes%nCem*K2b676k|@6(7n)vWV^1w zCN=(1#v#x{l8lsCOajY&(o6Y`NMbP-h-9^qvmx~B2Y|3DW7X3`meK*WAA@J~&PaVPRoTajkXLRHR1jTY(?Gow7y} z=hsv-EU7h2KdlZ?v-yUmdTYc@2sZNQ70Ha#Zw>#ID;Y?o64Q2F{?zVaSDDPmdIgW0GAD5svOwle zsp%LI#`Y%_wrtS$p}X8iHbrAA42tuS>YD1l03dv*WTk@s!H3xn8XKQNrQ_XoB{?Bp zdRv*pA+IWhiU&%gZX)v#FBfj9=OV+Uv@=5DLw`RqCp{FanLfXj(DOWOd)y6Wn+swG{8`mYxQGGqSULM z(NfGUdL~ja2*0NwgrnJgk2fgjm-i)WP|%m(4(UMo51foQTckhj4(`xU?@-d=Z>4osnpS7v8E=6OOFrGuJ-^<0}5+hq(6cGYDUozmcOFzzbYR8e<)Hi$F-hd zgTa4Vbte@zwd;&3jQ&^A?b7h}$v(=C|1L-V9~LbcK=oCZVxIl;`ecf}sP*#26}F#nYM-qWJXeZx=Z<8}3Qjvyxxs<1B5usG{vLgZbZaz({Iwk%saes^&< zy`k5Wm&^qG(%dF}=si85Q_kD0dB(r z=P`fq{z|mvM+>|I4TTKP#6;!$aQJ`C%uAd#JJr3`%fDEE$Ii#QYGX~eK0wj@K?CiL zwG)r6qN1+b**G?Za0td!FS&&Jf3g5YXZ2{Eqkwh{XmfkKl%t?LexCsx1fG4!SOLZj z{~CvY+ha_*p+_bHtH{g1EHdt*8}`-mU))o}zwjBhoW*l_f@ZN|tDwAo)1 ziusBFLmJg1=J7df$_M{5i^Q%9!cTIpZ5CcfcYKr>`jsnHROHm#4nyWE1jOdsr4C@Q z4b>}%qJxW-+3XGOT*TNQAg5kYHy(!x%8tvd>wmR$fC5GjU!k22^UT8?;_7CyjBi&E z{1D4k_VETLW0>AHg?OK=h3=0GZw+V-FWyh(APZAI4vyVW&)d++^cbz`RKK3aF?AR+ zT7z5Ub*KzLt^H@rC}m#Fo}cG!CJP``r4vOx=<8v@Ba%;4-bupq8%QQ7mlTIP%hn2N z5-OUX#ng7%&~dP@4EcWDR%TwQ3Q1CC+t}T*W}4qhk5N53UROQzsCau3id*f|Enzo4 z_Q7#AG><+szYlps|Lu4Zt8Kya!2rlu$D+p})3DoTy0=?YwMg$Lk`B+_m;*Evb_w^I z-h^ioQ9BOJ@kw7v|PLay>_r86~(5<|T)Hb`TZUyE;*m&gNSgv2Jx-$|yJ^vCter|XhdWMBlWPBY#VZ*(W-gtdB~i%W zqb&Ju6VTBS3E)frEI7ykDn|%7KFbWTHMk~Kgi#VYiV#v$62S2ylKv)zI@&n_xYR>%Pfk&Ftr0txxILVe~^YRnB(W| zz0=@Fic z^=tw5v6k zp@^a#RqqU<`Ni47(j{?|jLRM7ewDGUJ>dV6k)~9GCDvNcx+t}L+dHa3J4c-knVU9845@}ROEk@CiRJlZ=j{aNBWRVS-&6LA8y{@XTNQdUCIER(JG&e5II~uv^Ecx zT;s=c+r#B`gtYG2;r3UkPKsU3u)cwqt6uBSaG!nV?ep(0O`Y?1ZhjzOVH9k4Gbfv({OgSx*OMawHkmRPbFO|O8LKYlj`yhz0;i14K{wK$2O-n&H7|03sJD1 zl}TX`Sr5g8^1aB}EZe4CLp*hrOFv+mCO!q-KIT)#dfL2+n?c%No(|MF=wPy7DSk)* zwb?S;l)vg@%CLnGPrX2PGXd);@2y_N#UB3hyPu$5K(8~o-K-G0eDr1Gw}2e~HOB1V|J zfzV8Wx`?FaCo^CENS`jUwrB>PCoV}GwrDn}vrV56pU9YgKld-qexB(G@o~n}?8lyz1^tH^yY(f|uJmyxC&?*TycoKP!uN$H;+NCJ2X0 z9$1P}CUO{WLrxac)4Fk{j&NLuko4d@=+x?%+pV6MV_&B;B@dFyssJylq5qRQam!4S zQ(A#}g;8niyG}--!K1FpUKbpxtXD&$>QNQB>SdLM++x2(Dy~N&01>Qutu>Cpnh$sq zzP}QQj= zlKSPihB(piTB1h+1B0R`mVnNpeKxGN9w*Zls4BP*CoH9;q`4g~`5$XVmjp&4LPGhC zUDc?tsGwNDc2~2$B>xM*2vM3aWy3u3;gP}sAdGfkQ&eQm2s3^AJ&n#dd^xRuAl-Q- z!~0(?h$V7X7OWM#+c!R8vL+PCC4&C^6+@aLRblf}RrT7$Cig|jBJN?_U+=ID(z6lI z7D817hH;sVxDrVO9v2(^xQ=14A% z%9n1wV%2KzTc@oV9obaLnc82XgPsQwC0!yuSa}8Ih)|9Cb*u{i*}0nd%)8wBwM5k0 z`(|@ZlGiaFtj@8)2dlG8dl)m$)_uONL=8V_^ccS7u3Wr&8gp^-ArGjA23CCdUlDkc!Iu46NzQQnf$dhqLWj^3#5aOEV+h=4+h+^j_8H{Hu9m>ji6YnKIaHC>0 zQ_djN`b?GHL|JY%EnX{iD!HaR4C|3!6#*D;Mr?eVf(vUX=m3MB4KXKImC7jkVjcqU zwg2e6?=m2UW!TfoCBaN+%T7RD`sZ@9EEZ|NH2Y*TchJr?bI@-xrne`oqu5b8tw3zN z5~(oQ)-Pdag!ntlb66^$F3EqA;xSIiGy9fo9`|^j$DYSfj(ylTfJ)&=;IkI-K0azD zP+WE68peJR)uhrXPS((`!2B{kft#=-H;tP!@>~Axy0(!}+vyBsjxdnr33RyB;hj_k zb&|iM#~sUCvY^E0x`Hp!+u!|#Hjh7jfbuIz^{=8K6!}k9^H;Bo|GUR(&xBLu{{~_D z-;0Eh7o_aE=&sn0#USmZ^1ll99}IT?Rx;|bky8JaZ0Y}Kg8y{FW7t&oVQOYlVk4X= zbM~GcyyVRzkd;|cG2jgTjG!yxlb%Z_bJ`zD!*w&m{A;`Kewm#?A?Jxev-7=(WDnhy z(TbR~-yO70x2daSsg<0^<(2LDc-?Eh$9lVWtv4zn{K@K~zL-P#=qOcHgNjJ9d7zSnzL9bN=p!~-tl+bh+Slf8~VQoz3vLKJ~ zL|aFjOvsTwWsl;^{(_9GEILHIH1D@Bp@f8mwH1T&?1yK{*_#1NO0&mbo*giT1A^aq z=YxecoypDz35j0a9RJuChCw(qxG!FGiwZn;H@N9v^f$>b=6n6{wf5U~2&&l1J-ZOjxMF71aD_($X z7|R5Q%6zX+Iv$dhkdSPKX*~1|W!Pc5YCg7-yNl^98M4yB9Fh_v&lpNK?%#onD$u^| zj4yC;Z#S^y;8oR&A2)in+Md;o`&NqH;u9(^r93|B6FB^cXS<=K8&~pi6ruY6zmb#m zY8v~e^t;BVd?`r(a$;5Eh#$@lK;DehH!2zn--CVLjk=fo z=r*74-=O(;KT@f6JtE^zYP+cTdur6(v=i>MK)UZ^io=qlJuo#2{!jTdn|7o-Jt|NnJ&X&=+b#q7CJuM^0q?RycJ3Q| zMs*+HJ3_dhvnoZw{T^FD@_3+Uiue--ZvZ7!8Om3A1z1E&&T8CrwW2FR1px z`RAAmBk~>9i7Q{4Vw)6KQE$}$qff{!vdzlgUAK8Y;YQ#D6oO(4WFZU018?LS>qM%0 z`zQaT?Z%V*!Fs@3x*1a91#@wYAzOA~g1A<1tlExwIwykrklNJhvIZQ!)kR^}8DOD3 zKoxNt{2i=)j&1ee`xLk5bIuIH%iH|{536_fw^8H>YXnla*PoZgQ{J4C!EOiLYWauE z{{Z#}z!O<}D?7!S{IL*$flDVNF%&P4n=P|Y2gEKK}Lv=$ThSuQ4cU8GR(*<%+;^o9X zMI;I2>_+2_6eDb(yWY|U>cU3epb2X#n5w;4mH$JUu39qYlENHmQ#Pxj=$Q`<@yedt zyRWc!X~cH+MwnAOylG;{$$xj9|A~!n1i#a?mCSQC5MRdiw-amX?|vvZp55kkAhXHX zIn0zQc|}|H;Y6}8sJXDu#N;&4*8bzRC5Dw~mmld;*M=6%nSA&pt5qPuUEB@lEZdV2 z@8J%V>SZmpiXvWpJP&E)IzX+oBp`54wy;F$k>MIi$cbtR%`b7;U-GK)A$2==L3^Ud z;7o3~B2@3iu~E20(1(ti2SgloA8OO@>Z<;1Cg>PB)OV!n=RN0&R20_W0WHPPElaL0 zNlay_D^*@QJ<_-?A%Mn_wdsi8Dq0`aj}Fe4yqlS4HY=Sgy%@AFjs45t?uw@y>ccre zyv_jD9X2OWomZ)(Fa;m^Y+68UIw#cMo^Ot-J;!B*+LUQ#PfS-@A=)m;Ykg#(h#CFN=a)6~V$(~S z2b1kJck?s+py#?(DzS|*D1Hyu!4-%y{|3?!^|$_wLjBG_O-K_{m-{b z1!^V&dVP56fY1-$_1Hpkk2y-1 zU}Q5Q6jKN;)&ScKhQSYprA~g11|AJjf}>O62U7@0Jn=^dC5P%FX!W7o zhOM3X^U?=>pMIRpSH6`Q)*iyuyQRI8rb+Rq{##wSt~kmJ5VqGwQ5{Yo5F>B2S+?8(c9Qxj|CxZ7Yh| z&PJmdthT{Iqq%?K@{(k7Dw+Fc^9acv`mYd7Km<+7EdbK519!L6WC8~#(aUGL%9`#a zPKn6%B9elD{x}QAZE|CwSif6HO9x&|XHM(;`z#oq*pTiZJFZfD&LHi?2M3glBika^ zBg4}`JXEfLZsVyR$giKojzzEqR|NC{fb`x9W}i8RDctvD*h9-#TTs~P5e9>NLdJB1 z>3*pI2>FQBOwq^zURU->_PzPmBIWkWYIsW zm?KIEPcT*gGD34HOL-jyX(cw?A72$}M3<^hN=$5y2A(v@Gb}eo&_0JAL$5@JpZ+VR zKi|sX8#6`c7!#)GD4JG40UiYGLeQMm-dR%F`iDpqh(@(VPfl`+o!;Ea-7$%=QQ0b_ z3GBY`br0>Vj{j^c9FdyVU&b=bZP&pDjWCpdwK@+uZ7xWq!_e-xpj-f^R7a~hZ2>H% zZCM58BsB(bJ%rkGQ!n5@X=hwlo5&Xh_&YL?T-mB~HS(Qj=^H;&=0n#4N}t$Nmx3vt zmllWiM&A6yM$T(oRQ68cSSWxI1xhUa+jga97R|E0#ASlO$Pm}8^A zxzpqjlH+(+*J&of#JNYYNPc$Y?Ti}5C6(LAwXuw@HxFmun8@5bY{tM|%VL@HthB0{ z`y#YJM&R<2JRW&n=jzF0V%0jzurA%HxILbDW|IfBP2Oo)@EpSZ9;ADbgjqasB794~ z6R1&yd0Io9S9)sT!|c`sLMJAd`wJX{?p^@*uSJ zhx^XG-EI9Dd!sFFdlkBl(NAGZ1+#a046|SV*-_(1?nRL!KQN)Pmx|(EZzMfoG?7Rp zR+|oFgg3RYqW85&AZBq&$Apw|_l3$MT~`I4)SKYNHnbm8<`ULA%! zq(QPD%(K1jQ^wk#6q?@iC>JWMhEOnmIZZ&yv_yLLvslnwbYtMU!hBK`#%=gOGv|6w zZHDY&0xDVZBI7@pSViSZowF9?<{{B|WnECVGeY7x2h_upGmV9<#sj{-@}IGqI$Y$ndAgz)@3aP- z7_cJ0({fyJ+ebo^!m2l~JX{M36BT)k!+ZM5n)N_(vq0J*)QN*TYoFOvq;|q}ZVjIn z{G)>vX~QvcXjbbzRfV2)PWJf~tNPgaPy31hmREioDK#%j5f?E0^j+B(UZVSqQ?ezT0Sr@zj&T40cTf;)eGJRpql<4k2~qwK`v&B%&SvW-@M+`HvU6DI=? zS0I48o4QynqPqTt*jZY)0xd?-GFWVCUVm4GGe5o>~c-!*vqVwQu;X83**rk9)v2MmGVQwF1TF|$ zrePyRvH6YwZzS1Y!A=7oT2a2!lvJq$v1pmj~v6{)2vA4W*T^wkSli8 z1}x4GL_tqXj!u)l0#?M?g--Wwen&&{@9JuSg?V%;p{EiO0=0gf(3mX2tjve9=y0cw z{^C@NkSMa>mRS?YBoZO#_ZxI~!GuA}KmKket;i${5_4^-c{Te2Ti_qr9w76dIBLa> zLA^o?N|Cge?g!>5j z50r298t2m$G(wKcxz(#=FpJL?MXCW#v z!bBc)zun!5my8{@@`IzB!kAseP|mkGK8 zCxV7+y_R)3^gsjvhzjJEe~SeI0~k0?KBy8QK?JY81%iT*VXKe5th@1VpUbXXU2Q!C z)|Mx|$HDQwKg8|n`Pa$7W2C1KstQAwR!ScN(y3RcJ6s)?OGn&$+Zp5pe9XlTG0O7T zdzX*iLWSwxTQd4bGo{DeB~#ct71U^7WT!(;_k)3JJDC}qf|I^CwqTw{#`(qIL;&C(u zzKJ0U+BQ~a-Of2?tK~aZAboYE=7@;GhwvC(rGM%9kkQ@gjSkdq@r35brLYX2lt!H) zMTO@jrMAC%I)0e8efqu1bFh9A!{oOGF7w{X>xz7RSh%xm+E%l2*L;9=*-`U<7^%x7 z-`yYKwyQtf+3Y_H`^`}pnf(kOW4Cd4$e`VJFLHicZG1X1k+SX4EPK004kWNhqYG(( zilq2=%lm6+{khk<#Amk8SZZ0j>`@12v9aEX%C8Y)*aS=|F37 z`s@zcfM>W5k{q|x0qq{^Habe6!YA+hgnH>iE>LxGOpeUbKgzF4qoyor^4%l7nq=#2 z4`m3UOUl!bZ#UcCO$@ZZGQjzO+lBfuVc={JYI<8qen!5PU39nvo)a~42j^xk^hXCa zazTH8)FZ+>R{!n#Y>;n~`_-=iHp<&de!*GPf%1#)MvsG9`{OC|skD9f3{tH7Kv?Gq zj~POc4E_nk&Er8AaoBkAjAmtgxzd-<`=$A%-&hrwF_~S6LZi9LG&Q0s?0I!I7=wvtU{6<4Mk*0+bz+)?5 z0cAk&HSSwf+2-h&hLqs26cYYm{7L}U@-$|`% z{U{(tr|D->_T}EAjxU_4b~_rr{JdBn8rJ8P_RBQL2l^*lG%CYY1{hURR`P=JDT5=; zfZ$iA2-jed!cBHNmDB#D@J{dNZzCfqD4v^>AKfI#YOZv!|p+0LGgfV9>Zc*8-1_bu`(!Q62y9;6~2A#BF972 z%kGW1U$;d`eEE5@&{}NzMU}=wW1SytHAwU~WZF)xsCcLqyCKQ}?}|A6dhG6xPEE^h z70D&d#D{q4`Un<1z_yu-tr;5#WE<8MkICi6V!=I0!*MWLQOLoQ+&O|^Qu*x>{ zx0)4Sk&0L&K=G{rk3`PTfH?`uBR9cPQ1h$xLj>K+(o}9`ese`;neB-l6JT45=yba` z-&}(TPWX=EBXErc_1aIYzx8`)*sLw@D9x4ylzMy`&yxO2^bC^g-H-}q)2XMkaZ_rr zOSKQGed)}Rt6DVe?ELrQ+3JQsvhCVxuXuh%pM>YU%Dujq8;$C;&!EFC&g?`*uUy&(!`gKl0}G5* zRg~Xr!DeLUUzWHNe&kQyRhMDEPcL+0BIO;;)*hU#F~LqLwQ+$<+S@g-6UQo0tJAn2 zNAvy|d#`AK)GldSrIpkwj!Vhz?(y@vfp}%-D&^{}67H?9w_oQG%#FnP&hXs2{?Eq; z6GShDvvt7!{wc5Y<_1d7v6njn{iM7^Kq<<+f8A{+;Yo45q|>>*G{ir5n(E-|YlB!y zb#&}Is;;u+QYXc5JV~_lM`8U`^W=+}FWQqFvT1wbsx>T@lFLHUc zOw?6r1SaqW;DQyDV^&hSQ{Icr2Om1F-JvGaKjpSc^XE7;V|PCP<-(iO9yl1?(G613XS~p-IsFr1 zkH3zGEH*e2=4Nq-$`d*y9svQ1b#qMQFch~&PM0{0ZTvB*5G(MUpFdt~9ZXpBd@&#B zC@jxZTAs_=(IwKb7L{>sYwVrCkt;{v_^dWF$$Rt`&7zJ{DNP856ASFaSHkT#?^%=H zW8@S-wy&+JTtuf#K;UjSE0;)+Rbu^K!<>>Thr_#;pTAGre|w9_xYsk6&FSBm<)*Is zP7Lm&$B}w&L{V||R9)-I>nczSkuFk^u~UgXC#stHN6J$9GeIp8$8g_t=XvJ(x8K<8 zETW#{qN43iSpBT3S{W2)>4vh_QPpisv`DB~G3<{hRb zkOz49(9+4*|DV|fbFRE*$hPI7>;7|#ER4+V+Fur%3|#fLuc>Utvx66VZEtf`9*s+G zG1RV1@!V+X)>9e3@MVhb`DGhKBr4?eg)`?d$vh$L{w_kCoki_y4m0=VbpCf7LqcYXAJt_wO4GyuPyY=Oi36%DmC@ zG{Dx;r>}SEwJ8ggp86@69kqCt9KHQPso1TY1WBH*7mCT{1UJa^92)%l-RH{MU(u3YWL{nA~(%jC$L4F_0?`&{ihudvtk z*clYgd|$P~-@v~A_~V%`-F%|{yY`9ib3c)7=^Wj6E{K=4^+BVwuC7i`*P-+G=SQzy zs}u3h^_Tsw=6DANx&HQd&(fO0)*U#1e!jGL^p4`!V&?j>i~hfhWqNl0`Q?QRzm$~} zY~Mcpyv=7GN9{$GR+=v-#yI}Cv+Bppye6AVJyXvzE62Z>Iph4vM=Gn%hWaP}+?#Ww za=q#cKWocOR%TNV>z{8~it^9@Sv#%tb#2~Tvjy$-Wj5y?Z7AGU{%*_U$z`o;1h1Ef z9SxL9T(Wtm?9Dw1Yd>Brlm9-Iy_G$&zR=2Iljf0CQ!FOBPy2Pi@V$4#PAP>miqF44 zW30Qgr>2wjydC#nxvH3Oj+kvc=l9nAdCuCf-`?ErM?>qyiw{0txPI^4<@kFp4=ydW z5v!QZ%_c(XtRx(!p)0X!csI2q;v d41vG$uDfEUPwR8o4?M_FqCvi3kcGw64Ibj!T?e;lr%$kcM5`nN{7TqOLr*X4-k+Bi4o~W zVu*pW`JYekr}x{r&YA0(0cLn+p1t?I?|ZFvuZh#qQX?g1B*wzRBGph=eu;&JLl1r* zAtC^ejclcr;KvCgq|9jDujOt>1o+nh#E_1v9Q>%G?W$e zeY18K`~s<=9g+tn>3dETJ=}OW?8@nsI&7g2IhuZ3@WgIN|11^e^tGitBZVn+(YU@_ z{`~}}5Q6(N_AV+OCt`<~I8p^)A(DcPOC5(jWz=!`m0lP;Ip7YV zS5{WGenbEPFV!;R5>Qf7zIuZl0bYC9AF2ReOSk%e=(HbTtfhNRt|%ORsDv4{iU>v@ zI@wr_RHVQM)1gbvPQ;-+=JS?I<7UApH}8fTk9`Xx;v(c5l9&OX^X_q$@?|ZU%|-5r zQR>+MYu5aXLa#2zDK1?9?Jf==~rw z&hIK1HQu5j);^%iu&<-lTG9K`ey|Y+$rU3n~&wp&Rt=_Ig~(4*c77 zs8w$4ow{{Mv6ZM*O8M9{*7ojL4IJDn#K+XUEk!yIi})|!A)}AZv-r(=W6VaxfrVW_ z#2Zhfpu^`ZVUfbdK@9I=8}w~AFGb?0=$^n)C;rPP(c}!qT`9_xsSlOXZS)eNM67v< z+2Zrf82Uoh5IFN(% z!ULk_RchpP@daHghiKerI+kQZa)!Aun9vrr%78^r%>G>>4wSKAc!Ww3$M|yi__C#T z*OD9u5d{rCl2?%iN>qRYrDUg%myJ+TZOZNLq@tXZg3udw|M#9>*y_R)b1`bsd(cCo zN6Ew#Ky$Wr1v@OlL5vhOB4$6IKYnD%{!&suWd| zpj>qadk7m>I2lffAFKEso6~fe=sLSn4hlV-G@L)2%0!@MYD^)F;zY@^*LbOEX;r6{ zl#?3ulJKFy|9T2k_BW^bAFDrMCL79ngzIQfHHBc355{51k!dzQt?w8mo9mk+fpxj| zuAFx59zH$vKM}To(1*E(rJ%|>IG&@o*%ccZOpO@#&X)iDT-Lqc;Y>oYEOa!X7|n(b zks^p2ef-vSfg3_EF<7Qoa?qFcXkd64AFCYJ$r6{ui27)o6E*z0^}hhyq?P{UmG>F2 zzMt7oQnIoV{SY@a_V)HPa%&T1dPXNdcxI|CWXV|NAXpot`MA;KtYKpxKdL`_)>0nS z;<ob-97DE@$TLAzU+y)VXKNFsZeDfy~hzX6oneZ!og!t5$0p6DTsk6S(MZeC_$-% zisBHv*P#^Lrf6fW9>N6I3I=HQ*N93P1q!x7uYa8Tf4(Oeopuu%Rl~7O1#R_{5B=MX zYW`RaeU#<-D-uJ_+V{H|VKG}vF8uFv#%Q71NNzpMum24ys!RxeufIYY@ySzOlxTSP{1-=H;Co@Jy|HMfW_vw;AQq(8 z_8s&Qkp?nbr#|gX3ocEjg5Z$O){@R9lV&En+1HY0){@TZNEqKd7FdVLU41W;H!#WQ zMIBd+=bKG8P@*?IAEU%8=QrcGV0&Ab;ZnJ|78{bIqod<(PSwP3Gc{I}R8$cJq>RfQ zmwRd>Ibkku1xy;2NAs0*t8UPTD@L8y9vFWI2R@dI{To%wLe=Wd$5J1j-bnra@655oespr#KL<&Yc5XCNoYAZIeY7dK8o2^ zyRQ-lcDQ7lYb>^SIYL+hNrJsbs`vsc8Lc#{t)vo!?0iw)twB*mER7a+PI>q7kba5+7%Ar|ZTj_EBAJrq$HXwYxEk|bS5Zk3 zVX-oAn2q2%q8NG;a=w~@M#Zo$yFapM?9Y3iA=rdDoj-(iUfusB>1@0yX9vRBJOm>V zn3Y|zL~HLkwVoUD#x^JT8Q2Ra(sk6SAU(J8yV(OQl*i{} zx5wGidivHa6*hyT`7IU3jiP2FgHH%D25l~e?(~DL7n3*j#<6M_e$jXrkKNjH@NJ>m zva2-TZgko1c9k~0FozDcklf{t-op>_OZqZUQ`5wqomKSJKQG^)DW~Jj@&03JD740F zo3>5dgBt|K$-J2$PsdCP4a|Az&AWH;W~ z<~ZA&AhN^5!;C{2nsT$R1Ycjbv%KU=&&^H#{5)g1mt6i^nzn45h}B-HtHFQE1;Yon zN;DV?g|celmr%+L1Kl=%qOsFgP#Rwub6**kabB9nc{<_WEH|+5=zDz^c~Rj=1d1er4Kk`zIxXIToWA^|aH!wEQ|N>^lnA z>jGJo?KaRs#9<_>rW0gaJzgZY+b=&2k}iB-^`L_Oa5cmH*EW9E^}4CPex&_)@t-fd z^GYlk;Oas0t8<<=Ag3R@xW3#!1QmJatF6zslSUE|ykTv;CF)?ijq3^?)yYe6w5} zE`5)TnwIvHi{rgDF`@gPlQ#Vo6tGRTY(Eoj%ynE}M4E9?GE2K+A%;Fu)rhv%)lqxA z9{H7UB;M+?-&a?rr-|wrSUFq@AXqL>kp^QMIA})DiQKg0+0z ze*L%sF>ipn!1-r@H)3Vcq5cx?>#*!IMxltaj(3==g?QF3Xy$xHc^pv)=w|`(B=*DPJ zaly4UtzPmoTQg{|xw&~j)_CS8+ELmHb<6FIitAE2h>6RqW`C9vo-WZ~iTBg-?gw`9CbC|7+MZ|<0blxbi71F{9$pkl zysVYjp>6*;yw zJyD#*$BvB{&i>MADCxWyE_Hpx{R!rwsXxMW&>nJg+Ii#1 z7rgVUo}U(DC2~7|Z?apf5B5W*&sYzW2pVWgihu?C~_%>&+LXD0zP1r@kd@}k34#jAa|GHaXL ztBFgvwbX!UKQXvE?YMj~cuy{nK10w92a8$O9}gCUc^?b|8};ybT)Qyn@{~e_5@f5U z?aEfy=>;Fdrrn|sror9wIN$u!kT9Su^kB(r$3hy5bj@=4IoyA z8t8CsS=UGsmN~C+3IoJI>ASA;mpEa)D`ZO?e~4W+4}8X(PF6A4eY++xP*9E}os19{ zk|E&Qta|o?V*pmc!n(^O(Gx+g^=;Y2Wh~liw(t9+8~uGL|4CS@7lQ zp2V(Fu3XTu%i}LFz0j)5)fF248h%@;hTy~d1Y~WGc1oFa-yK)xMUygF9xQj?qKyLo z#i!`A{dW)aMk`FDFcR~HYT7c_XsY6n+zOLMWv3dvK-BtMH5L_zR&NSC>Teb|K^L6-GmOz#pbju3;F92|9hCr6P26bAdvur@BgeQR0MQ4rqiDjHYF7(M%x3($DKiS1W8cY)Rg%R^P_NpYcL%wvi=+r_1X4*8mXfo{Ls^v z`-UyatE;PMkb-Lv`{sXF@AZxqs<|Eg)zBmPG5gilZLE6O?h!K?^CSOnp7Zb4bH0On zQk%Su4eukvyMCXq&xMW|L@Y`TDT3&9X)p=I77@{<^{$bTkbf!Du1ZEUybCUnqJ@@+vvW)xBZR4b_7`-W2#M-EB~y zFy5d*@6_6Q_>)Ahna`3l-}SMt4BB$rAh5=ZAHdufS<;l99cPQx``xbL+hxWL zb_}PX4vq5`U-82~Rk854gv@^`0=Wa-|0jgwNx-A@kYh?vh;HHUHRf{V3~bE@Aqthn zV76o9;+icl0UFnvsah^a0ybT*Td~VwpE)<>DSNgt7OSGa{_NQc3=(U!PUCxTkMfVe z(D5vJSh$$&PklE;A)VWqB=vu`c*)nX;xE4&={V$M_QG!RF?7r_;aVxLXYK}8 zFxB4#a)qW6S*`TY&fEzPeaoqay2ZZ$ zSW>um4z7NK-CRhT2b|CVItr`7eA%tjD6Ew?M}0xf)-ecm9`VgJB9f_iv_7Qo&efaf zSFO*?7!}otG*ZMceRe-8^1~!$iiZir(>B}!o1&=(cu`SZ*u%k##teX$E#@1X2Zn|q z=WDGV>slB{d}tL-L2bUx+h}GQ8k)=tZYoBu4c5>*(d5=x(lCD(m&PZ5ai!5w_MTU0 zxAKd>RG5ocO3p(7H8(Zq4K#mSH_nche|%&;oShk!336W>4U@5O;`-@m4?Z5+1UGSk zb1l?@?{uOV-w^vLHrrF(p)@ZBp^kI$M7?wpoqQae;|nr9L0$Y<|D+hAr(>+^0dm4x zpTb=8RatAd$o2b-src`6aos`(`L5hY9t7(nG5hAcLSn4?X^axcmlSqO9kMN6+tF2> zN0VI4k9{dX9Vvc`fA5L6atv8m#3fCDrV3j;2LXgWG#GQiezu`|tMu?2ly_~8hp|UH zPL+43@iPT zf!o`=;{88Ry)h>SN?m8oPFF7oLR}VGR8ANxZmEC+f<$$`VPmGIaI>Kq(H{4n-*9Wm z=)b|i8u!&_LqXe`*b?G zrj;w_+_DRloS9mi=ihd7WCNxqFu$7Iti}mVb#*B_$n~Hw%8KXRyxfwsfMSa;oK8-| zUOm>=k{`J2jat0VL1-*wJ-bFu>u!fC$ye>Ae;m%UBkKH|$e~{NrzSgb7$bS_2CXiP z`;$j(B!YcRN&my(2<09k9qhTf)7_J8mSn>DMrZQ#OtUs$%2xNGuY%q?6AzI2-k)yk z+p=aDJS8(T0c_eoUDuck=LkgecTb(lH`Dsk1-u-XIY*Jr{Fnoj8Y?QJleu7N{m|ES zZAe?UqQt61tGH(nB)p(-fkIZYd!my9MMXu+j3H9GW_i5CQ$ZbC`y9BTVYmoMFK8Ju z-fR0h0@WLhO7D)S-e^Bt_9STWKx`~7Tp^krGwh`iy1H-eUyp*kwbHVUBY^-3;jf+} zuIks;qrjhQa|0s`NM7{)~oim?YaW^r*5jG-UJiZffZtY7t|uq*LpXCd3lA&52+ zLiy{B=aqCq=HJ54{~eyUcwLAd-nr9s(lCEaz6aF6%=l)IlY|3KA2Q1ao5K2gqDWqR z_jy0tXk^X*iwJGd^4cK%dB zO->AJLpe!6s=_Ru(-nPlkhLNxPDP_WiNR+m_k}XW873d>vW+a>78Lm*RG}1 zsx2Co`gA(pZ$UDXRC1PJmYZn`A?7T!$A%pYLetCnn^Rwm-AF+sd1Zr;R|}9BV`@m7eyN8tyL^ zr+3_gg;e;E_wjJuCbHtG9{$5m@mxYeJvmC?5Ga*AaYFR&NIKFWmDrcgMvRzuvFPp#j~(0+-qa(33zz z@s*y5iHVKXI~rpAx2GyZ{5`qB2mC^e$Nwyt1iP&0^XJWBgrA>Z)7c_y`)sf_ab{+Q zxb+#MluKe=-Dxp*TNDW$9N-fyoN=wQtx1xPAFZkb&(*L3mrm0KF0lsFgD7f${{3tH z+ke}cX0KJmwA8qXLWTD_1^Z@$xWb^9o~$my>p&_5^P(gkN8zw%o2HJc?jqrd4R8D( z`DK0`D8pRcig{IfE>sD9C(-h-Lf-Y6-!2;m5l&mURCN{>5z_n>jxGh;kC*DMM+>wY zYj2fBw!W6BUP^6ytRyx4`{{;WjtId$m}G1N!}mRzH0-IA5)q+Hmb;(_m73x7I=;?j zfpMY5ESZ#P3irTE%I@NLFNtj0oau-jVA{95@!{Zw%y^34&533)kYJ5bqMralhWA9? zL7!$Kjx9<6(HhbmX;hjK`ze*9u|K7{F%Mp zPM-O3B)d{zh1#vk9!A)=a+@sZ+JL-So*Op7D%4~8MO>Wj>of0~w) z^TutZPo=FB`o*B>CXBF0tMC4xC`-VO8<62jdxDaallyPs$)^;4=GKKbYODc}&hueJ z;is!FqTMR*Qac@$rvz&uv#%pG(|a43@ftZknDF2bBCOcPjK!QJD^!#nHAjspox-N@ zdhd^J!IMV|D9fNqq6?MseVy4KK6HI&p~7vIZ9!fluZCItj&)z47xwuunfG~kR=}84 z5WP}0$XIX@nz#t!0N7Fo=7maLALi?kgx8~AWqxL^2+NJ!KhaJzOH;s=3jh?+7%C^@}&C}_&7q7hehFzk}tEfnl_Z?DPfq4|dk z9GBMJ(^yu2e0+TL-?W?Ysz%3*=xOs1(%oObbc}RDzuJ!UxFjp=%LN?(B=BdtlT7|< z`1Mzd<*v*zO!S^~z}~~)i%m$IxzJ~LexZ8p=vVO$BRa=lpFI^LW1wi zpX!b==-m{!`DG4A13q*+mZ$|5s?#L|I+hYWo_n1LS`von$8OE0Yd9w8&aUn6$>AZ? z8m{U@j0%>e&BD{Fc&ev(s%hwrLMccxNySMueiUU0T)6JBU15x}!tuz0g;8$jdqqjl z7&Ojvh^6JuwT_h-=AF%>9pORO0!-$Q+Qh~7OE@|frT)Sx^5{tP-Me>Bb*Z_yxeIJZ zATP4S?||`AgH;gPZePe#z;#+`AYCW@>I~S3I()>1Od$O)8 zNm9{Hy)KP~3W~U;I)J_uYkN-v+4y*Snzi!=6XCma*sr-y0;s%ziDc&DlL!KGvIpjE zYo8p2AB#~MXnFSh`N>J6<22c=1pjV5w|`^oqlG+fxcu|V=3;zMtzTbQ>b-m! zKA9U-tPP*4wornw%Jq2GHX)J!J;qmfs;G#gtQ$GF`s+q+ZhO6^pS9mAS^f=(wa6fh zxcx6Y055JeAVQ71BKE(O=p`K9ZT^E&;Cb%MQ1-@pP0SU> z9+9~;9k4YtGm<|i%9KJF5Rx$)IpRh`IkK^98cr(AH9?&f&$3*Q*DIF1lYUov^8@YU zh933$S#r0I=s^0%OzTa~ZsDPZx5If{TKwDY(usClL-?d`Ga902@)5UOChH z8{r%xfu`?0GD}fai#@)l(A~p}@_eE?arM+9?FO4g7RB%cxhJLUaCLJA^QwMUUp``b z2a^7&T1x^(x_5& z16fdmj&9_}Ne{n9iuEf*JJB8b>rgne9r7aM-^GX{{EW{tbJmaj;RrZq6HzYz)UU79LWv?43*j7jJlb@w=f_ zQFm7M`$8#y6H~g(?YVA~NvSmMABKmNB8gPSUawAQ$rTGR+!YLcN)lbbn{s7q{hsT= zC}Y87a_L$qiiwuV?z=E;nfV@>Db1YrhU;L{kX|o3Zm2{$m>vSqU*Q@E?H~4G#C3`_s_yS zj+`7w1ikQ;sHkYl*MO19#Ux_^X?lHX!NlY{WnYMla}QfYsL_=q{?&)|=8+_H7mUYC ziI>IrL=_3&x5?@H1nI0?iG4o#Vep(&i*nPrUOGZ3b%VMp;w=RBB2dC7fVEOc*-S>Qe|qSQa9v8#+G(i0yDtXZ(IkJFdSh* zLXUw1sD7kLrD*qpREIIy7^|q__M@ThKAElizFd%7g9t8xnS$XKmLr5ZgUTV1(=3oj zL5w_#RPZHfB~2VPAH85~EWL0kZR_udCXrHLnOM35gSHDQZ8OG+w@sk~irxwcA8C7 z9vT6kM}r`wfcUEnf6B&D%c!0H^#3()%m3ZJoiyxaN5r`~Q#iC@WAxsuIb}_?%imfuizMkb+XB!WcK27SJ@V0v+S(*yFU=Qf_2J zC{T=8xPbpg*g7_tRh~PJuLMVDx-yEFz+aLB_x^kM_w(V(cZuK1)Ch(Rtx892SXFpWxB|4P{4s;Izol4f)9Hh&8F4!yTHVdV)LkIH5m-6w1KmEDx6Xf4m#q#GC3*adIc8) z^nDTA?}1$W+oh33&L{>94O;((V@ysuLY~^@RrK)dhy|Az@W`b>q4IWVsB}?y3iQ`l zz#*OeGex+vJ%s)tc<(Q#aSe4T7S>;9f!G%V#`W#nw++l7*j~AI`{Wse_>J?M-zC2gaDh~{^$4a?2?kSwGWk2xddn|9ijb-cuv zCE?FqVAIcWTVwH_s1@k!-j$iJ;L<2&coG-ukoM)SaCk(7q&W2Q>7?L$d`OI%%Bjz1 z-@|{o2P?BrMY6bvo64MJ%o+SiFB;+qnG{PUN29YGszS(SxeMmXRqNn(R8CQ?$}e5J zBQ7(tzcsWyZ|bzYySV>8vOz-%*muh|8;#7{UOlz8#bR1!9FzVlr^7;~IQ? z3nQg461f~sXqCYnGgxT3|JT#g?zNnkaRPxTLCJl%o(n_pWw*u*7xvef`cTcgu7BE? zZvIWaGIh_qtY+O=pf@x5roTR3O6l(5ad?n>6S*n&8uZ9l9QL*9`5!#!=1k)$G^{fB z^*#FgrTq!0TdEZ#^hn~Nc>_p{$#)*|I+bUfCNrye*iD~6AwL;IC~II(Nvx|9M|aFP#YD@>QFM8b3rmslP}r z>G0>9uLEtB?7?oDkd6zhfaj-xLlCBM%f*5gIh*Yn%XkpKVP&;7lXdorU%!&e^JmX` zidX-lA_~OgY*M?nZ@wdB>iY-ZbxDRE6O;l;5^fQ`{$1zcV?HC zZQ^3L(u_e@+&s^|Es_3_jzx$jE<@UdxayDlLZAAc`<7}`$(qt<`=DQ|c>3$NwH-oK zh2$z>r!$kHI4j{#;SUQjr-!J;eSq89{=^LdTV?{IQR+=a!(QhbD4jWwGhAu ziTPJsE9|^Q0=lf;-_{-LHrjoHMg)4~Kz@~~7lhYoy>n~(7A0z!r|z+UO89Vm_~7@f z1m$k#jO$3J)^c_J6J=d&73kZ=Z-#|$;dF)x2FXKDyKw|U>F zt*lQs(Gohwf1hlL_OaWaHU#mi(3|%wi{ya|9Q$t^lRkGoQvf+&&(t5M|L1x7Bd}Mh zh&`QN4+~F#&HVNk_iC*w2k5?YeAaxXj`KwMy%l%w z-JXv2fWzeos+0a#?fc+Ni|NUbE-Y#~Iu!84=*nxaoW_tb6~}OJI-ATbDN z+H?lZ^}y>aSn5@%E^6Fg;1?eGz4iIQk&wyq#b2W<8|CM}Co3o|ZLn)dt=pbdN;I$v zsckDW*a+f#G*IUoZcEo4YJdBT>}q~)-t@l9lwPAIwQT;gD35m5L}$I)bAE^fqkM4q zrhn7&uObbq@ow+=44A=8IOu@s__k00M`+)t$uGTvVy8cAbobAiJ=S$VR5Og1SoIxm zvY!zWhF$J;vL?UCNd%GJ2dqFZDzFUp15~zuDSmXjd_UH(RI4&r9WoEJ_Covd*V2AR zk!6!yz!PHM3_2-wPGfhYN=OP9C4oKpc2&VNKM=t$jQ$z0>2 zKS*s7cTb6s_ZQWjDCe z7Yi(J?b2RJIL|@0rJR&szP!s!M)>+?mTr`-3#}%}f9ON1huJb)>qFa=fy?+v#8O&X z+88jZ4H^TChmonTOu)nHGo7YLCbNqVxc0*N+DM!KyCU+Tp8neRqGWBUTr;`EBpuh-(9+jXpXgbJskq{N^2FVrFpug&*TVt_F_ z(NK~$f0AE*c`+pSTj3Yt!wsZjqS3n;gDRGuXigjS->?Syv9kQl!*DF|xQx+)uyPpk zmuxDC!nicuhg?4l$0MQ{|m*&D!_UHz(KRNPgl8xfa^s8p<{4Utc1L2Bo{GyTK0kTu`(g# z+4Ck2TfN~S<_NG=EPrQP^^%!nf&2>!6^7|>uHNxj803O*x)RMVN9trrw63pTV-^(HBWfvef5_BcpJ)K8S)c)w(6vEET?=!Esyb|i;JR6bVZ z;ZVS3mHPANUp<#vy?3Jlkb=)ml%e-p5hwHM4};{n@T{$^H}Z8%42#lZV|cVx=O-G9 zcX@!;S-3h22jOxktcUyRC!=knb zR~+Thipu&-ld-gr73q+I3-tpS7TaP-*>%}UY;1WiH%@_ZqyVF`zKOm`7hD$qtrt3& zqu^7eajSY_R3>aB>kfeZ;CPj8aoYi(J+|*r(fu34JIQZ690iCAIL0?`<+y!qb@ivX zy#cZNYqrb39*1uD5bDx37E>MO&w$D<0({V0v4TxVig08!S51ZpmPS;9UVz&@lkn6Oc6^ z$^y=!$4}4&S2!^_P^YZG=j7%l02Q~`01~=S$ASEatN>|@OCx;vHSRJAb2qlqC47~T zd(y{vH>$=(W83(h%|`)xW&IVX(ooS-u2h7F|1TX?RZ;)| diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-filter.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-filter.png new file mode 100644 index 0000000000000000000000000000000000000000..ebb2c939510d7cfdd693f9000b4ac3452eeec4e7 GIT binary patch literal 20259 zcmcG$2RzmP`~QEWXv-+cEXoR@jLeW7kz=pO-g}e0k&wt}7$IaH^T;NfB71MgI`-cF z*Qw9v^Zniax7+{s{oQW=@2_|763+2@J=b+z_s8RU1wB=ex^(`=c?1G+Nk&>i8G$&p z4Ij^+C4fH_j~%4ouXDE28V(4=X4Y4k=}L)_{M1qt1w zlza`_yQi98YMi<*vz<;o^zi`STWdrJ{@cJu1db_2Wz;=V+!?Z|vf1exX+LPwnRk46 z=@#x+Y4*{eCi%likMk zs-lvCq>$R$Gz6mg1&PPd&^V03nya9p&S0!H#{2cj1 z&e%97Lm0cYw|>Kw`4n#+t*p?9PJr*)>S}t(IuTJq{)0P-B3GKEDHn)Nt6=Z3jIFLR z*XCCoESIhBP&bzzN!;?~@R?WSUfAR~o-`Z56i{=gbp@4{KHS@2RZGQSj7>~1OWi#^ z6Y(C)oOjh2xZVWPx<5s-ml-ind$V4;c$!m~=gx^h-?pI?*T=d_4j-AKkr!M+_=-Z! zq*%WY}1M*iWf|$%nCM|ieXPKa1ePJ zMyTsvq1!Xd9&^D&^2ckv(u=6R%(AKohKahMDf^dwvpe+O^ZDjNuuj*%Xl4H%zcLxa z-pVV4xW~_L#`=yF%g0R;(26;QfTg>BT;;l7s4bjlX=>Y4XlYV;pwso4C2vJs+;839 zV645$8}C8YLj_sYFb#3T&vuL(!!8fC1alfwx8+CuC z$)iS`-K6zzoC-hL-kl1oop+q+_O>6f$%fTxzq)K+Vs9FxJ2 zciGs|D^WUn8X6QWt-QuwTvo%&snkWQjzZyV=^tKhfH%-Wwnk$VJ2wE>sZwad>SzM)WowG+QD zIYtfHm1y_pKKGmFQf-N7_qJdjlQ+^*LvI@fqS;~Shp$?9soaJ$N%N$4#4%=%fUOwc z#s2{PiCNmiFLy9fF>`iy))v!Jc=(SOw%5u+6YY6@B+J;LtcVu(BI?Ip1__~DKDr-1 zmb@WXOlZJMP~2ir`YQf<6AunH{jQ47h%CV%D%WMV+O*adGW@0eNIy;oFZaslwFKX_ z*%{u;>@^pwx390~A4Zm3QJmdk>N16qnx1ArY>{dzRl=~JiOcA+9D~bHX&vM@Huz{& zR3v@pJ)h5U`QaXVP?LYWFM0TF$1|5Qqh^z;4UL$%?PSlc6e%t87ROto_pcBWk5u+9 z26?eWiLFk{AXxE`rnb^;8*v}5OWg{8is5H`FC#d$(^^x)Amh3frA8+cA?V8WQQpAR z^q%4QpMTD|?I`>+Q6+~jkM-r3vhKP|AkKgD2~`!S?zGG`5tgXHt1hzWoA&*93!xfq z$!zI{dA?wUOyuu&M?)Iu%mcXY%{wU;TaoXD5=qRTuGmyp;vc2 z(}`PQ+|EN`9q1_DbV)ck+(e?Lu4HvH6B83>E5aCy2=k{>&wvI= zHww|ZegKevzsiUnZdoZj4N8{vL@U8WU4hZ+L>RSn^o`0uWR>t zc}+aW&Zl*q)3ZU9D^z%?<$L@@TaVlk`9+}5e@Uu@+Un@_(XS%-xA&K1bgd3SizT3M!dqhl_tqt&RVbR*z>}8}qDp4Ckc6whcWk z@22IQh9M|C&Mwoidu`1d-elUqaa!tDvi;Kps~j&}Iv}Rr1z(c&zwVQWd{%IVkVyC! zUOK!+#Szk_^%tAsD)OPY@9S}t!t}#c5fewT%>3&E1i?0Zr-a1qm%c){uPB|<*H^@S zLgm!;|NdKgpXk&6Ctc#aa?$uGHtWCgAe98Uh<_mT*OVCwI16nvrKY8=Nk~a4Vbv`Q z)Q6-QNcy+>lV3|n2IqU{+t6LFo2U(>lj+nXPZ^i+2yUFR(1~=C@p#)2?`N%+u5w<{ z(Q#GKPzjuuO#@ z&o0u3E4jK@@@D_zD)=^jnf)Jvz$;ab6oj6_UF{bh$Ld=LHt0!1M4apJMuWueV-tCV_PNbt8nqpM(i5zDQCFXilS=$hyD*`nDTMdPFyes|;%1xegOVI2i& z^xo@N^@rdt;7XqQ#aX?om%AygtL_zN#;lopP15&XaH_@2rd**pmzwt z6c!gJr>9epCwCOFlMp91`5x7qk~uj!eap#_eEj$f1m4X3vL+Svd8pRkCE`GgS6`kxW5lYBp)IVTL8gpjYm}pk5hUg`Jo?_Wr@=IdS(!trZ)0 zFNFi0g2QLYYkbZWafa(7B6-VV+u@c6;Y+dl&cnZ=xmg2yjIydaHW3x`Wrah)NaNpG$Up7^mQ~*&#JA9$5Kl?Wov$ zlYVb(kn23WO@*OH_QFP=_p0CK7PhZod1Y=+FSD1v_h!p(_xlrFq(Vi0u$Rwb$2GUl zk_YrH8N-PKEv`0<3m+N_o#yY(3RHCwjv3;mCluntkI=TA+gYZyZ1rN2Ln{tsS zdMe#TaI+=LMKE+>r-=4Y^tiaEv^QBzWRe^6Fsf0n>_pP&B3!d(;I4d`_QUKkV?Rd4 z)SaaRd-t(Q4wEc#8=s;^Y?PWV=ZFidmptmCv6U_=TWH%fIHN6p>p@gY&zpf zg}IJ9=6CX8rS4vxi2=Mwr#ozP?fxLq5|0GM)`E;pLcNK*5$B*PkNX(+!-VNlpZW!Q z_xw2SkT#6_tU)r@Oj%Zxg^KX(1J=kbOXu>UKDtaR`h@lCRzuQvuW?(}x;KjNeT3tt zFVXTyFiw|WxLw#oey87JC~MT4V#}&xBTQ*nAERkjbaa=4BaMi9Kf_$3;@CRnIHcDn zt&YO^>Qc~A6l+(%s#fsAf;pnPEshAG-rU?OB}mg)SH~BB?)0=E*Plqqk(!n|?U)c0 zWcRcE*VK!9-&%Mr4i9GwW)gHlBs+#XZ^cj}Dp#B6Q~j!Pv_DF^?Mb?c;8kO{jHju* zS8D?KAj%=F54e31@ILoAIWOyDay;*miG4ZwR{kWg))zA6yX>P8&tjF+$zCxkLUpBv z=@5uhxbJ6ZeBs%019-Er|n z>|B$k9^&^%mmg$f*KgeTxtDW1`17K>M^%z}+2Gcl_cHQ|PZG1Ub)3p+d=BlpoV1n< z2f6s-6bg%q)Auu#ble4LPVa{qxb8+C{==Z9SKuMPQaMX=|G|USlhKk5ype6=>1B`Q zM=pwrk{|0y<^Ps#bq1V0U0Gc(tmwDG{c!sKp@y7c4yorGeaez zy}kXpmX%dQ(OtdEf%tky3pac6$gNls?lX48N6iwT`hp>m$v~SIjc8#UAKF3rkzr8- zYvx6_L(Xy}A3gcwbBpy~G%#o6w1*=vF_V)gD~%|mEPlAP!_oJMA?hECi#v7xHiU*c z(4`n&J`cG$R4I7(P;z!ZuHqNNJ}qlh84~_mG~6B5&Q)1)Uy`F_S{$qpm^y8pasqP- z6PVfdd9bvvjFVJiEU%O!^Hh|a%>5ewO;p`{cztUb!mz8&6mPPFnj(mLm- znZRU@y^Y6bOzbl|6SnoO(DkODEesD=LU*jct@qdY+zM3qemyj)+>^egrDbvD#kHhI zWvs*Khov9PnwD~M3oo%Yk~UoospI51|HU`TnUC9{r|_;Sc5trD*(}Tly>DN}irYu6 zt*z+dGu4~BL0fOqtZwmk$y!&$38$(BT%zRprjXA&TJ~IBb*Y~2&zdiC;$TlzHL}oq zd3^5B;J&$g&6UF0C*ecoQ0yXT2|XxzEPo$)V`f@jovEyUXLa&sL@F{Xmiu%C8g(ci zJH|6oCR3~vOu4YP$FJ3TY5=9Q7u%Q5S(?tF`YvBH@<`&e1+1MLHz+asim^Lcg<;xe z8;gN~ikNct4wpK0a*Pk~ly!UO!3v$0@^!I7k@2=S-1bV5^Xwdw$xvhU4~?cC>^PXT z&pddn0;P4=O7MH_oKO|{qYu&yw&UrHdBqi%ezCDppfn<3S-hq8xCXgvsBQugyzjU4 zfr#)_eMvXvcC=89^|)0`hkxq3d}>8euMSA7qQ~w){a5=^Dp#}5{f*8^{nv74vaY1d zr~P0{`a{7>!L087#?6=8AO(eSkiQ^v+I_M)p9=|fdQIQZXD8~GG+8*@)Nrk|o;4)NL>rECT18o>NIk_`7J4sg2F*bF3 zeH_*Ejv3x#21O%nb^$tPd<+06!a@C3xQcd7E{6LUyEvQ>ZebqP)2BR`Mp;6#5fwlX zcn^ruZ1rbi#$j&y=Wu|xG+Fg{w6M;2UVHSihtaa$lOzVqDq2uVe(z&rfhqVC>*7 z@J(%YauyaA93v3y(&L;7BA2?>BSGb7>sps9j(HX+Su#3_EV^oJ zgc?KQEemdg z3T4I036kkXlU9nA%U>ZNoVm1EFVkyT_q{3X*H#^K<;sdcQVT1YLsziVn~zcov3xm$ zZJDS_7GB$>FUSckj`A;>#b@vSyll(BmC>^G;KpwrU;@ZgiCcI+W5kZm%Q1RUL3l<- zzAw$=A{d$-+JZ5q9`0PxattK96BekCy~$S%rpwVeQ)}NRuAk!U^l&#n@0a*4L!MF5 z8^7nlgA7bIjpF#!)YZ^Rqj_Y7k_HqrnW*wpG7)$CisJSuF8Z(59ISkfe$xCc`*MI7 zATPCFN%Zy>QB~)N!y18#U(eCg5SEFsovgF#aV8BqUAgt+!uq-@!NreJS_6$)To$c> zL4Xa0w?<^+Ho5~aj8t>INmr)Ui&=$@fFa6BJqTCoMw{Jho@V6aG{8!dxRt!CJu=JH zYth}N7|VCr#b4_IHmr#rsS6c(M@ZrMaLUhCISXR>skK*!0k5K+f7|g~3JrZ-xpgh)goRqlwv5$wrfjT! zvsT_T3><<3R4Ee!%7T>7I z*Db%ID6oqg2S`O($knQsa(<6E-+XO9*Aoa6;paOWAA`NB{*eN+yGDBb`ctBxh3>M7QvWy2@pJp*L)Z^nT5xVzj-d1w9I=R1J{tiZFyupK4rIGbMA46LBwCq59l$TV9 zT&GssoTgctaG8gDuC2o(>ofrFjf#i2b-njeVs{>w>AA?pKJUY+TsprWM6h$-OUYa+8GOu`7e6#j0as&?7bM^DE5RO|yczG=nOfQTxZ?!kl07D=XvsB$G}t4HBsk zkEE|3QJ-Paxpnl|rqY{xviQ;Fj1~KtluDl$@(~Q4yAy$rjc7a~jqQnyQ1BeRO z`qbvScTgRQXojTx4TaC*=#^o1S+A3(57%F7gp3*9EG4~aMB|Yp;M+A{2l#kmB9KPK zD<@`0&V`*b!GY`J®Cx4qS>mu(FGypTx%)`PySes=I96|N74|AIvy-iZGnQ=|VK zSklwSuc3>dn-gV;Vp(v8;sp0G1J@^~0Z?Of!i3DtG`Pc?zL}3nP!PPTDev_V_%Ghn zTgv2ezaw>OZC8`LzFYL(>wk-S=Mkb23{=9N-{`!0+xTD0)|%^#otN=w>$NB@ZrwYr zPHPm}I92MTnWe5Tv{*o4Wm(vJy&vT;DW)w;-Y)&({;WPD35CB)qw~m#Z2DVM|L^)) z4d;Yt!cdv-xjQtU>#6Hxy2U4V?lc#%i>C9BZ(Mcsf?~qkng;dvTKZs=Jr)CgG{GmoC>}w`Phi(Pw9S{2nY# zW5TA&Lz)3#zKCV$Q$m7P)Y6q~7fG+g-+jeBwgRyQY8!%T7fTvWsZec7D;>F`OV)l^flkUMuMmD7 z6?ObokjB6bGuBrs5>#5KNeENFjV`|VQ9dcHtkt$+u(U(2xzkz=HM)c6XZ=Ffzq*on$A-rYYeJ!*> z5NeKDu`CNvD0|+9^xCB8X2s8Ls?WP54VUP8I1cqn(WXapzByAkgj|kU|86=|9Oa;Z zuC(MqKV7j=ZL4rUD5Pn;e(iQHsHIREPW+U<4tX6hphv`S+Ou=)BAyFc5D|g^6XHNN zRLcw`=N7GOYGD&LV_$=$hgh8z5^{6u1QFpzKmY+|Jar6&pi9>NDme<3yr!k5yz(g$Pwz1=VV z+Y4apdK#x38d1>*8@VTuQ5#ImygICa7gpOG_u62}eZ+uFjBfKlwcT>CAB8$31PSW2 zlk>8agIsX=l341mziJ!(wczwq#Ud;7N<}FkBZ3w%?QU*rSqHrPXIooFZw#={;QFU} zdPIS>&%d_=D*Td>9Sirv6KxY2LvfaXnC9HnA(ni)s?mT`j?uR4Xg&~C5df9y)1sK7 zWyO-h5`1CWwvc}&>`SiPpi+*b{b%CYSi}x;GZWBY5325jb!SLtq9KU1@up0~f|VlN z_ulo76_xGiHp|U6H&F2py`-kyy9I=S_4cUg)l@sQXAb5&Cp`X4_$6cIDbqg?Xx&O6 zoZ$F;z3Khr5U8dhBmPoaI_RjE73&8(6r`0B>-szrn?8xExcE#GJJ<$*7K7c^vq>$FR<$^62I6*~EltRKnCkBfw z)^~6MCV-H+qvQo?tc<6e#*0{lP;S23W&xvp;6|2O401r?W z{a9b;dKrbD%(2ZJjOfEYhT^j%KIBv^@0cfkaBy+16P9PhDn*(3v|_wO!WgP_m;W#M zLa6T7{R_i={)^#I)^y2{az6XxenfewWbxx2_c_ISa|f3(hcNSm&Hbo8ED}Q?Ky|sW zsK_MSgL^OMnTIea8<41}G!B4_ota4qKX95-0f-68d+S{W+iPLeu!)`E*4yA#Ohk;s z!#I#%pN*Ww-+o2UI!gzn%CIpWDHMqtUJ!pH{kS?BBOl$!C0T^BQ38pK8jk+_=@arO zJ3XC0`SPaeMt0mEj|kVc-eOEXtpcAzVJtih5 zTyk(VHV*ZIE4?%|s1oIQFH)|e-^lSU}10qtxtP zNKRBiCwhh2b7DrU?O9V0eg?zxa$U7Tahcf8IqRIlgE?D1$oFQ8Xhml#;qdQ z@zTE;l-rofT>7x~N407dQ)4_?Fe7NIRv@He5fG9t*~o)9@&w;UKSdE1H1do}b;~m* zBYne7ow6gDp*y|eJ}j!ATZ{Cp`g8FRxrK!)x%vGXY3Sj}M`AGc=KM-w##?vx%ll0# zf-{`GWXqga+RmQJF0{BA2vsMDsUf$d~Q2hP4N*c-^sF?l-LcNAYtlvA>FRqh>AiQ$oFGxD#qyE zc4eZW3<&TcC6`(wOH3=ffLM<=dt4UQ5^N{Dx&631jM&a(i1w^LY;%}wa!a&doB*w; zD?>=dl2vIzUlsx8+_RrNxad~N{w#jgd1*8h$FJMkeqgt}sjlqMJ{ax=0SSYlR8mz< zJ#gt@gtA?Q`HC#4uc>22a{nIxf-V$rlZ!+NEgql!)nW7jd)=J9kL?h?356%$YWMpL zO4GG&=|Z<9o)9Ju{Yfep&KnOZ5|Q~1m)|r_t@9(V9NdZb+&_3r_fZ}M;1|RCfM=RZ zn%vFrqxQF8^(9LkAdi$d&i=#t1+-^zfIgO#d2rTUGcC&dR;rVZc6myv8O>P&2XAS*cs_qH0d*~_-!;DR zbnx~@4If3EL_>+S=&ICe&q@}IBBV0~{VCAKR@_cXUizNGz&Whlq zeaS_eCV#Owy!QdZbHX@acKg*OTQWXcT8)|O;UF&UHDG{%;*HCfntB6!TZt}eB7dt;EwMgl%XIlR zplgO5kr|Y^{hKxL1Bb4MJ*n@)$MAdL3c^GMm(x(M?p>+a<$-{bKT|kxlc43_cukZ1 z^Y&JeYlH!&C~e*8_{Wb|EJW?nut~bqng;eI(Cd+!KBwOF&20X)^v!J?TyVByZFpEv zL_hJ1cMO3j-&}XOh_6+^!|^t_w>Nue+L0%Bxf!$y64^wi-8=f7XAwRk8K@ zeT9a1ypj~*B4Sz|pIKJ(@=>Zoq5Aj5&%V>(P~Cquu)P%0mD{qEQw=^9uw4An z1d2NV=T6iTiPVi9jf`Ppg_WgCdV}LOVxtT{wih*;#wK3(Fjj-u5vxmYYI0vWXKayg z@XwI>Z0Ma>H0)l;^!j$?&xlp){-i$+8AILp#}z2mu-A^s-E8p?>G=3h%1^{o$-m># z5*;hke2{+8eQ(FfcqYSKv-B@s>#4rY*_WfwgUI`Ep7XmBYq<0{06Dsop%yx&OdROS z5U{r+c}CFWj&E2;mG3+gq)O7of2zqf<<4NBGmF^T&?(tTgByU>%n;E{;XMkxz|~i4 z`*iVF*RqHPY1>FPc0N(}DbFjGp!t{Rw9D$cER1Z)!Wx|#wU{=(Uno+@6r>@7sK`AC z?f`J1Vhr_4N|c=vuQfiU$fBfPfs*?@W7W-B2G*e1eiwt4@wk2g4I9&?E4;xi0}pY< z`PzY#%|CUdXwyx$5#MOY$*$8XV$nVy_(gEI(@_SAs>@ha#DSk(#GxY0FP4%?37mZSL=?Xi4EPq~2WK zP>c(Np^_4QPoKpD3eMOb;TN--u{MJ5QLkqEA#tPP?+nC613zMbX&(|2!~w^cL2Xa? zzXGkC7>+xsZVU6v5ga*jaR(ieGVc=(o86^u= zNA~ePl~6ATo*X)?S6zq--04acG4iw zJM7uNA`RX&!oQefP+$$_sNCd=7vA-GvFPHW80JY8y8dV>tLrTkQQ!(RE=(4#(zEUZ z!e9#|BEtyoodQ2Vh=zzD-a|KsS3jkKR>b=hKK}k}*na>Uxu<0Kay$*l8SjRwz?iy5 z>Jt>B=gn-Wv33ua`9It_(P$V0CnHp8$OD2bDtyePjOcuw;1yiC2)?E-{M)MgWoLgt z?qDMSxxZ_~|H+Q^54?o-!m&3S0a4D$!^iceDn;xS*iSu`hz|)T=e;V(ti%uMhUPYk zUZm-Uv^f~}5&W5RBE;Td)}eL67{_e(=b(B6ilb*`ieRI;GPe>~g;Mn9d+y9ezPN1! zp3paM&Vx>gO*PY)7xyo{h6*U_oOg6D;<-cMnmr>bdz*7LE4w1wls{S`)Bh;wd{AS7 zV^B@2?{Tuly6qcjARqwf%2`MwUi|2J9B_!&Rh1H{rr*0q50Jhp1gSU8mE1XF+{PlT=xZ~B&6qCx*2qCY) zsp`AkX~IVHWl2P2^n45~WE~0xLi*th=K_gnTfQeEb zuqyzNdD%5D@mE{~FBQ1gpz`_G*|jz~-zDfmOng;ZDZZbP8(tIF^rHEUNKlk97MrDN<1Gw6yMyiUNC@r1?`} zGm=5aWWcs>1_m@*Ti;xWb2Z9VGhV{lBy*l~-%1(g&5PIG)>$b7Yio-u8|tSVB%9oC z{h|!bBZsooq*{!M8hg#%KPXYZHu5MfgToRe<0rbKEqrhOS3_Bp61nQzK)znE&F5&_ z476mjz2`yxSa7|@>h-wf$2q&l9N|T9Cl-qui*WmmG_eS{=Z$SH4<>M!)#U#rM z7cOL2T~EoIi&KOyhov?E}x#j>VQ%S9O93`3y-5bkdG3G z-y8`(B+~P^1W^(E_LA@=92ol-==1D&lA;V1qwVq5h4qIAf5`6iCId69;a0uteR2Ds_VmhpJy-!rRcNYwO)DRrbvWy z0UUdPqZdSX4L`)14g%PtR?gU8A~v#eF=782gp3ycd3djF&LYFz?qaBVkl8K<27*(m z;vN?vcm!a{=1CH3ZbCj@V&zt$D`)g@d;^C(K?s3QBX#=uX&}+u>P@J#z_7@peKI-8Ms=Vl z)zQ<#7Bi+ZA&F{FJHNaX>+$n7At$bqFI|L9cylHBDz02Qsp6|*1L@u@;`FUs%B-&X zRpsR&_d7Gn4P_$kiSUL&rRM#H-KCU;1?&(y?5%chLCo0ye19v`Qn%aKhxZU*+s}w+*SIM|0%#XVx$1*T(MTnm0Z0sx=as>a4TZ@x zooIIo`Ytf^$Kda(y^!$@^?UrOq!+Zucp)|$#lWo$E3|QX`s;lCcD)|v6t)MoZ5C&{ zBee4chlfI(-=C)0~}_C^G;`b%4{FT49Q`eC-oqR{D&MSL;aQGMp{^5C18u zcygRmJ5ddd6-o0$g($V%mg-fci!- zL9d%CUlDGDwc`5)m&B|r`D6KuWR7L5Dy<6@l{_9|ndC3eO$PNJ9>y+gl$Mr;R5ya= zqGgr6+{FzI2Gu$fszN&XVl)!lnSGt^M&0b0UX$$c20?V9k!lnd=g+WeCRK)<@+tW8 zV{S6*C}(v0vD=nuaa1d3k+{uRA=U|g5MHNdo`)c~;ncllGZ+TZBjbaM&H3N=$nf8s zu{r^pdcWh!9mqh)UkoLoKID~F!I8NoDhBJf4%Q>s1hv>XayxS($A*eLc%e8=9~=OS z34Abb&8sy4Rue=_>+NDgfms^*zkNFpA&|V|k~yFa&!;mZ2PE8oaeG&JlEMfbFQATT zzlOJ|H-cXX@d8bK>sG!EayGAzz!c7|#-sS5;$r@p(~~lvl)Uh0$85Iw851FUay}$c)|pUHe*Y3wG-kaC4|8L9v6HM?7InFTX$;QwFo!x@qhMZgvpf zVZ;2zAVlYJXPZ&okpHT*x_1P1aQ!%T>6c;qVpNwrSjQ>))`vHu2XQH5UEO!~SdCruU%x#4Q=7Q;Mr# z;TgUxjf&(+-V~^Cc*#XQYj8h9fPhKOxlKs3rBHgw2Uq!lV_~ko7(+?U+31CSR3(cu zC(SMhryV%ki@UkC+1!ARF2gfKi>)m!w&cq#-$maHC_^i#)2tqFqrR!NFOYPCn}&tx zVYqbln2UtVwLnPv`0OUXn|nL_wcG^uVWScVSbP|uWn_Y)N+it_`PUH)z&<_Rx_-(o zBqZdUvPon~m4T+OivVC^zKh3D1skfim)6B(f8zk7N@ z{~Q%ypiziFB*?HZmv6n(&!0N^D{NgosK#58mt?RMG;k1kRj@r^_oS;6BgTv0zH_^8 z>UrRYOq~*M)@SUWiqein5tXB(v9DB;$Ml|>o16DizjON+^pNkfG4Ux{vIUFWW_RTL zip}enD*WUgkn-T%c&%@QPZSoZAvJC6bc|3P;NO{+8-9%y(uPJCROR}cjLLeB4i*z> z5->Bj?T(P%y4CWe#$hpvnI3p(MsQ-|R87f>7cIzmu;FV$R(iWFJA~F)i_puyLptG{ z_kJ;Plt70l0!%QdefhnXau{bIi@D%1td{-lbXcc1iHXt6&u#ozu8R^ZF1~&mXFi!~ zR2=7s_kL(N0CqYm*993Q9mKE*PFDYKLvYo&wutB!`|4S7*m-Vab;p+kcLZNX8LmSH z^9YiM4Ek_G>xQW{eGu`HMkwe$f;ZIHuiii0aDHnB=xx|_CBWS0RSjOPQy@VgBqX>h zrfW;nO40w8b%?~s12DZbg;$op4WtGaesTphe`m~=WWzThila}CJd>dsXvQi7(V33q zqYMYApwDh>IB59X>}ffM+kf<>iuSltcuz7f)%b$0`<_55?_Gn3&0u+PqlA@83?eC} z{{pmWL13)WnP7LlXE8hcp0$FRy(s5+!S@YF5VT{xZd$CpMzhT##Ka$^$!oy;-*vF< z#qV{rzh#gW-&=ygU>qAOz2-YQs&osuw5z;@j{1|?=GE__jg7u6_O_N7IBuf4s1LSN zpr#3~%r2Uv^Ib;zKfbQsqYS9yN>MV;0Oeb~m+UY|o<=sLmv(CX&B zKNP;3VpMQH+7s7~Z0N8~ji1OsFhH}qx2_px|L{4h$Ujg3_L5oAc-Y~6=_~@d4>!3z zVP<%l+(ZIV0m^Z_dUA)VlF;w6uyW@9eV&Emd#X8xbZ`9o;FOyD4ozDo#|^x=hA83@ zRaFdO1~@685&irB&bspd)i(8oN#tpi0)F4|a|(P?pWxa~=#q|& z-?ZZ{-Wz)4h6Okajf6|qs}s>44(~k<*X5$B$CC-(ud4bh&Q$4aQzBGf9i4b@;BUs2 z{G+;Je26*;CUhA=HnIKb>KZ9If1^LGtGd`{b7yxh!6#^$(1#Ylf^lklyZ5nN?C$8r z<&#C5i3xMHM4l(OALS?|qpkW4o*9sVdoBR0>D!|%pZzOcD{NCiBF94f-}LsI+ieer zkVa&i;d^y}}%=E23D6i*ZGj*RVxEEJ?99A0dcOk3+{ z_etFMv@oJL9{NG(KP-rwf)487E*&UZp>gfyD}rqp3A4j4!iW?j(vvB16|?x|Kkuky z4ez+J8yC7;)8kW(8^6@nij$KgZuTQr;)D@Lm;bunImei)T};*ZZV83uN!%sV(S_c) zG+p_iy&%1V2a5-u$p4HF>n@SXk;Fd#sR`!8iIc^;m>b^Y3Hxfa?ExEI2}h?+cKRP6 zs!vKhf|mt%a3d=5LazqjLm$(8w39kx2Sax_TH!KPz|5;Z0Z%F!Cy_k-uL=N^i)+iJ9znXjhAt|?5Vv`8}Ht4B%%G>{6dI-XQ3vK=n zp0-fUc%dY}%1uDCsRuV-i({i>-+Ld^!Sfu*?&lJ^-nw%u>2U24F>$z;eEm&mM*P3< zEQkM*+pr?Un{4q1RQex1y`|j#Z5M$R|>}pdEL7L>y9HWQs%}FgaUtAY5$gNN@ zg6g$Ez_16=bHicdZ@cz85wLMj45cYT*SYZ#`@q!SWV++qZ8_rnb;PItlJWoM#BKYMhgF z){E%0UjXxkYFYPp+hv2X&f#JV$6Yg#!GgQEXI8i-CDYSmZVv4%v71PI)p~t`o1ppR zFvpmy^EV7MjA$ya2Y!h`CsHMU;k_eP7Mm~FVt2`Ss9lmjTI`VA3(E#TQ5tD7@HQA- zS!mR~jMAluw36eeF`&DCAAH-?8tHyG#|Q#s$&`Z~=uel_(V@oC>%(7vpHKkc!P8uk z#m9Bbi*Nkkys+zuS8Gkh*@csFqT@@I>s2RGBgInCOUsA7lM5>a=LrI@I`le#;f6T4 z-k#=4hEw%yEi?msfgldHJzzrUSenkkQpTyWmhL!!Tod8yktj8qeW-4CJqe*{hzV8v*Og{I zHVIge+6%*aQsX!Rjv&y=p_{Z+5j(ZU2kSEr`c`V4RFKF-(3Yd4qwPnfSe^)!>$cVi z`ME>?aixCwA$d)s+r>IyVNR(=FUGpQuy@iHlbt0nz*!z;)>j1Sp>F}kiZfVW=0 zZ{m-=#U$ILlw0H6GDSBjadxN^aeuJ>Q~qx~^Nz4(a+v%~FU%Xm53cO_31vlIi z7CyrKf!b`pU#a_!Q1o(c0kL97{iXL2JZI(q;N+HF?Sngy7lZ9-O-xLHKeuiM*`gWu zRf|!K|00|fY*P(l0=ypAHr9CTl<$(;3II_(J-G;!5s)pHZ`2*;;(HYfS2W!^i@vQ;GQMy-(G6Af{|8zN9~Y>vaGC&;5^|J z5lM4jh{tY6!Xpb{jg7Cl;-0K?HtZipCj_YpR9SZB5A&5EKK`;zIjC4-FLptj<)JOIRCovR6_ z_d=ga1p)_~8ZOD^VG3)w&fxg5-_DrHQ$>lwfL_6?QWrm6^;0f70ey{Qj&4w_h1aNN zVW)r%=PuSLMwUR+ki$mlSVBU=vm>q3(W=T%BALY{ZFD2E77OB*ESM8gEi{hUURfHE z*_=DT0Sy5M z+ywYqX3r#EK4c4gBm@sU(A=ojoi?F7;|D@NG;XuB+g0@z;wk>8MW-mX*JSHJa?m?%&xe>9h=QS5M>kQ9~@dNXp&GGWP5PwwJjH|1we0fEnJ$?_$U zN&=Fi!}6v>0Ue=?bUvRVRGQqx=+B9K1-k)c3$>!5%Eln_b zpv~Xqzf)WwAJKq^Jh<+2RJP!zE;QRrpW_upLF^*5 zzP@&ADTo?a*a6cW?%aU}jrE}moOJ8UWg_p34k3C%t;LPz27@omj2av33>PgeWi2=} zaazzP&XE^z=g@+?TI_RBTw0K)&L$^F1KqyG6<$^YWu>K@LJv~*tpWTrzaJBIdh(=q z-H6rDhwjV%8Y5T%!QR_5yfWE;eMA}}Vg?Ssg2ae>%nkp&{oV^4-_TY@`t~=C3yFDy zRo~tYUk%(DY5doHy*b6-TP z`G!Amb=TX-YT$k(VDB0@M7yliHes%p{Cag4mv3t;`)n^}Z8X}kU8LiR!qfiP$Wq|m zGT<0)a=g3yL@!{C?sD|dfq7njpcp>wtu(P=|9g*X@v*w1Kz{^;hqnu>_eIOi76R^I z0+v)#_MoG_w)dAB_S*(3=HA`K%RaA42sjAz>N9XO-_Ks7boZv&UXQ<40oR7_^jHdP z9WP2s22Jm-wcayNK=9`A5E)Q|nc}m~h;JW%IO(+hL;k%!v8t&+m%F%3ISLBdz1Lbn rr;h;}@&=-yQ_yI6E*nm_{0e1|Zu6{1-oD!M<+$e4s literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-filter500.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-filter500.png new file mode 100644 index 0000000000000000000000000000000000000000..770141ad54cba4236f846e5af59aff2116c7f0c2 GIT binary patch literal 26234 zcmZs?Wl$Vl7d48zh2R7T5ZocSySv)}!GpV7@Zb(X26tz$;1Jy1-CYNlJJ0*w`|G>A zYNTtrx_VBZbJpH#tsSYNB#n+jgaQQxg)S>2p#}v7eFype2MGc4Ze;Wq2l4^!q9!c{ zRXy?L7;*q-DXJ(61yvV^`f36XIYxGr(RG1>!ua>!3p#}XgBS|R0#jB(RKpW+o(xxQInv2a90h5oND5t9Sx4smty; z^_AE4DE`B0k1gQcm+O_u~^HB*KrPY3c5$^K8K!s*AnO@^?ZL!>2^9- zcT3j((fLK#e=P^RpT@K|mcen5(gn6~Tkh~_Mk5r^@h9SxQ_AKuH?PralmmD@6?Jo@ zF&k3gGaJNHO2-b_q!^`~IJBFXcvD~~r_nKSSd7)a{1Vl@AY%>CSY5uE~rHQ zJfN?;b=mciipSJhy9@GKUuo2W%ovxwVH&yNhs}qD$%mV1X|g|}IMD^tadNZNif0=L z;M37*O6fPte$=POMHD>SR<`902RPsK$+x$ft+LO*9(>cE3G zHJVMG`gK1-1)J?Mxn>HaJ<19O;O@TiUERpDtO)w1G8_K9%kM-dnoBF!tRPT!tP~Hw zSIhI|)$Qyrad-QR8tACtBxSPpXriGw$Q)Bo89mEyLvM1jQMEl z$iK)gnd?E)*_T*ZAXz|dSI^eUZU7lKZ0M601-A8UaT3P)>gezN(er0a;YSgRa+9kW zc^3V>eAQj4daqk*%?(RC=GQbM|GIir*B;}QT)!9hpBk^^$^uV?W}~T!c#P?n!VL9> zF~rfiI(4SRe)kn>Hc$I$&WnZ~$A?OsI$HXm5I)HK)BiCLO=mq@)Nq*lFAw(c50_p3 zz=*5YMeAYFjZKa0&NtaJp=g#Pk!5^8{35U01F08d$M=Rwp%l#(56J&W(I`{1-el40 z3%+4VXX|OO>g$Gvy?dr)cR2t`oth0N5ucO!KboAPK2IK%x$zb6s|k01hc-88aRgX9 z51erMF0smHQ#U4i?;z{8IOY+NcfcYf|F>WD?LSJR_*Kxi3@1^K)+Etn?ud$NYqDUH z#|(nQQ7+}mX;lh^-@eOr^sLV)2->zkH`~m`m*mjf{kHFW2CFs7X=>u_?_DQSX@0Wj zVj;=R&GC8nD${L9om0Q$RQ&UuT^|=;uHoNqoV=~3YiJZs$DfGqP z566KtQTQyWl2Lea@S3Un3>xtza%l;aR-)Aau z1matD*i?HR4@9y|oZdJ4qldz$4Ycq%)^41?bCnY)B+Z^~%n$YtM$?Q=9Sykb)@b#c z?Nj{p9%jr(WYjo~e~ErDPV+4|Oo^P#RoQ?_bHQ1qpu-J%&5F=zz;Ub7E&@mIuR4=H zZ{2Eym4?aGl)vB;`Ek9*z0Q}52Ve)>^GP__i_G99pKjMcQy0{3%|xl9MEu!*x}m$8=rmYQP=_J>TKw&w*eA-{cAG%1JHh`<|YJdg57zSLPv zbt^?!ud;D{BQb6dpmsRkWzQ;Tz32_L%**)N>d#i^buC#h=0@RDGXA3#` zUq8BJg!HzB+4m#je>FBVNI}mDlD%XK9`(*7`qhqYo5?6 zre?-i@U!oF5oLBVRg(owbJ>VqY>I%rn)h2UOto;X70*NJ$x zV6T2paE|eT$6wcDMQD)iyqv}Bd$^zf+d22G1oR^N2BS5*I(?usl1(@a zRXn-4H*eAJ1)sMlXQaVRk4?Y(u^|}B?RdK5C@#0adf6oE#zLhOxt+l{hnyGCF-Il( zXBx%SMWdSh-yCC}$jZ<#I3#ioht=75np-Z$AO8IK{O*kEy=$vwE@@DH)F028p|uSb z(*-0lAAZ$W0dcJEWx3e`UWs3{S)6vm(AjMc6qf7VqUewSDPmgz zZ;Jf41MiQ!nCk5CC^#Tqtplg#%Oz$Ga86g;2UDEjeL4w{-!hi2@#*$(_!)dkrCn`M z?|!bA@wRAG@Atx`Pas9$QA3Y#5U2_WAQNWZ9f)as{=(}kQExV!zo@_(Ix65H2hOKa z%(B|AGN@AvizBdiX+$UDN|uPk9-b6_GyC0T@N|Rs_v3ugNYm>}{LMZ?X`IaI~hSSTECjm?%7E4J!WCh0nP|=^m3w+%Me||+}8G3uzbhyhd55rTZ^xbUmX-;O;9O->?Iix@Lpg%tx zR}Z!>*c-`S&AAM^oO8I|k>rwuV$$&mOk}A66?A!#ev0_fAEn=cO|9@P39LhKu03?M z-KWt5ObwIsDVF!d@N2U>&~$STz4BLYknTGi~6DZIAHNMhNV_q3MnEw~J+ zt40FvuE(>P&a^tU@vfKC>Jt@W#W^MOre_Ns;bxOLeG|Kq?BTK6vR)yc9A;xyD0Bi- zVeL;h!)lrqbZUk1%!X}*B#GARY{sNs-%9A*k9zV2#hya$E?W;tZEQTd8xA@70WA6* zKU2JFQy97|_QhbM^J+TZ^?q2BSi^3E$1*M(_=4BUee+-ul-^(AD@g$Q>_7E$$yA{P zULhG6QTCE6wd#(9J35$J%owCyKyLRJqzwW#HCex;5HgQ#-j03YCA}ABDE_Bj@U370 zUzyag-Eq5D?)0L`z1ylLO!|RTa8DG1L^ayY)nLj~dY#96x&GhpT;Y;{mV;rMoLX*t zTN88e$<0Yc3hcT2|Mu%IY`)FMh2Q3hxNOtybozd|Ltu3hdY7IQf?<25zkaWe;1j0iBf`YgN5D;l-+xwm&@@+N9Nt-=B9g8 z6#WvD-Q(4E6Vp$P?sDJyp|{1JiC@78=pZ`_2gGiM!Xv7bv#w85b(WK)H`mf+8+gaI z%cAjqsPE_LoHnV$sH^);ef&TS@iMj9ncejDszXYg&|eCVf8#Lc1bOVZ%W}+UH(?&-9_ASRoGHrzdLwmqHR8c3|kGGhRraK|rJXw(U|3qN0pdp&eW-Td4id9R?r zXu_j1;%RMgpy~d4I2lTZLICn(6(4 z+sq%5xRwbH_{=(8w*sC}weU?3g8Av(9@Tak>*bm@URyzkd*PQ|&4vZB_u( z0*#*f26HnJf25`?DdroK#nA{Jg{gS|DEhc;brPrd*Q$hm$N<#<8V1y2#dMnP?*iH7 z{(LLjAGb(jiAWWYbY4B+q;Kd`Ic`q;Xch0dY0hRl^tB0v{j>i4CK;V+LU0fftH&PcDd?7?Zln<_ zh0Ng7&83+t8~h64ZJc|m@VW>n*Yg!k1dOAa$s7v=nUn9<(N0L88yz+$#8_sFm1lkG z_17^=siH%lV)Vw(!Y63*njEgSdh{$9htsd^iFE>AuiJcA^ExCsmQZv27K1Y~Y=#Jx zvs)4V7#Er1IFj)0^82oeN}-XN4C^nshWf3yxn3|rh=^vJC8#j(_*XdZgeT_JV9XV# z#68G$f}@G~rBZ8j>|fT%rbQPZg(Yf{79rpcGs zYT@IO7;UWqdHh&rp#uA!FS}!ebhZA5LT!T21FSr3sx^ zRKgso+EK!iV8Y2aIc#>a`!1<0x0n=|rxa|~Ui2M(Bwb@KKZ?bO7YlTLbT&7Y)KIOo z9_IMOFe6QVrg?8dLP_;YER?m|^xR63_e?N2|CW{4NnjQ5`rZ}_KN$VKTt84}DU>se zb-sGB-lkv5Z4sS*VBO6>{)dar1ibD+V)v6ycIKOwmX+YLGO+YBxz>ri46}S{<$^Nj zhQIy|J}s6E#&_>KtBit0!9-Awby zhe!ZLE|s!7XAg7G%=R)_P1?^27=gZv0}p%BQX#B zVx%RjoirH+(f1*7L>ycO+r^_|vNh(au_ev8I1$5a* zow^&4$bI(TDorst<)2V+T7ct$4g z$X}tzU>>utMQ|{m5Y{^s%a`;B0b(25%arOz%9tQv7Qz)Wd#X1AO*~9U67qafbmU*k z;KRwx8gP`&q7Om2Uw`r%CFDBjZ*U}Dq}x{cWpR7H5?-Y>!wZl~*JktGev$I?_TWo{ zS>0uiaWu$bQ7P=_s!T{|R*?d>5_zBOj0FF%hHO49wgCBL-Zo51CJDd4&5hf9x#o>X zlWmg|uJ3oTeT=ues2c`5qvF?xhLI0RRQ%;eubTtpy+A0?G2%RLbQKUZN!TC&OEi(e zF&K^W95CY0B|Ds0RJ}xtwj71_-08uRlC~SoMesFFNN?<-U_(My>f<%(T8gWRq5c<~ zhU9M?P9f18%BX3ZD-KslJQY0Te|&z6vecy)zeMADRzPJx_W+=JAJ@wZ^&X2w-z$F(Ach%# zN$|RMg@qyzg}6fdbfF4nQrPDp+7AJv{SNJ9s>O-2!y+!_#XJhH69VHat%MvFkKT7j zCT>u#V5@ym!nwucwoBiYZFeQa&Kd{}(+L6mCk@?4qK=2^`N+S=#&?|4mSr#veBO6z zQnwu?i=u~-pJ|@wL~3`-*L<`2+)xC7{&^i_{#QW`8|_|N#q6my7BNIYT;5wNQZXB- z2GYxS2`HF0mJpQm{rL_4*?8dYxKml^>D$!e)CGixn)`ckSGEN%+o=;moN6*?tzTeX zd79vF^n<`Y$oc8+baAm{ME2=8ce>Z+BY{%-%z>5XzD!6PorQn!ZAvXAyvAVJ(yv_L zyoHFYlgOcKU%h8bUA+IH^S+gyi6OX2O4b&NQ+0t1zBL&~4 zj4p0e^t*;28_G|;S&3w`2NvRvwvWfPJb>3N-ZJ`HgDzk2dx z1O&WJOKTk(Pi=DAET}x6H*C`X^8@-nmw|(bBu6|N&UnCDumcZ%mm6A}7$hq%8WGF9 zxnTt{f)j@5 z&^ybRcjX*ox}DgH?(oYw0tbq{VBh!K*lM1wTIdOsHmY^Fx9-b$B1Okhlb!y4HJr!t zeS^+ePCs02=aU2+2w(mQLN%k$1$FgoguDMOLiJPY_$r_|VIoo~fg!Er4<& zMG{A5sdW3R$h_$N4q40fxJ1s#!by#50}fF4;7jrCWxhaTS6rzaULga-VUizm;09+p zTO1=-!efyw&N1TudOi4N*(YLn3`P|)U%jrC3^?lx`+@RvU*fwl`k&p%S|@@h@{Hy1yH4>RgHP;Ps#n5I{3j|>7HemCfAwXn zSE&#f|6PJpp{so<0*_-}M{4I=#n+SK4~Gf>DD-<2AJDp`M7)&OQZ;R@vc%0l#0+8TC$Bw6v7Z zO`=d?S2g@mR8|QvVoIe%@ZGMW2Jz92?ncim&G`{$st)B6dO&Z@)5%T|T0n$Yx5n`> z`7|Fl@%2D`<*Xp~b8PH|FWIWuOex7*Mac|Y0HoS!&pexdc9X+sFc znw&0>w#7n(4U#5f6~tQDfK#hlAx^#LBG{``{_{PO%^ix|Oy&<`*_-6k7j09@?>I6~ zpV;nOV&9R&Xl#kU+ZyN9di-3hKmMaaj&hq6#wjqRB(%ob%mxpd?napm==EXE8+VwmH*b0 z31@`K_Le%0a)z_iR0@;!L=G-W$d_J%zdyFfT?x_@Zs8tqd&6zE`ZCdr8&jDKE!27E zsDL*V0c--nry(Z8PM#e3OC?g!reE9HhUUT$J>gdhXjxaV(t94_OMus&JA25)yFK81 z;i|aCXg;@-69Qf;@aa4*_+OR4fE9ZcEPIrY*H;@YRA9JviHh;uSk_ZXXhT8?JQwxqIpF!s+bbd3s^`ncQa0>|?B z_pb=ZD5Qu7d1uQkyXcRIotX3R(UZwPUujhQ3&$iz3LLuLns^fuBq0-x)O{kWweTY_ z=w>(0uh5~(|KLurRhqfrVDS?mp(pEqK*J`N{s7R6Ji_b8u(CyQ*6x(?-+lpPr|Xv#T(mxra&oy# z4q;=$pG)Sk=GGv<$&}BP**SXgcwWV`eM9Tn`E=lz9(R2b#x1dYJX^vsioufbL_bM< zEwW5E2V0cgBU6cYcsy&V5aemjZZs}}DK(sr$#FvfUrBrFo>v?1x@`4X&W4ZOK2ONJ{ z>#F=_*-q&Y&xxdi$?q0Tqx8k1y?8;WTH{#rsaoAqzb5!lX(HfgNDrmvvcqbpv6~<_ zIt}2xY(~Z2puFjyitT-$wH(y6X|=@@D$TMIj(v!ZurVWgA#^38#i?g0?+gCk0Y*%K z$1tq=)5u7Kyg3l*=f?v4Yc>|II*~1CgODe!oyGOYn{$K3&W|(2*nWgCXy+G6)B;Hh z3!6CFz`7F9%GhqE)7gk-+^?gLUDErj!|F8qqIN)S?FH=q-?;kw!+uRd$l_UGro32m zbCT!kWMsVsY^MF7sdKQ1sqR=P zK8%jzz=QA8ZAEh{-<3T#xn!kvC7xJwPVFG}Hyi{{F1e7do{^;7ES%cS*BmFglO~R@ZyCbJqTVZE z{lul$s0}5Rz^+|-ez>Gz`w`ZNEFZVqrIcgqDoW12AC%jTEd_nuCKB|jJq2x1t=ISm zO{4E1VkX@OiPF?eApRWsc)pWC&D9+X1+is)>649!Qx3`z6m&hH@n4fXK!L?ul zj2+>ELq!a@EymJWDaBq89d`AG(pb9AHX2sNTmt*EL!xgPNHTt20hq*Oi?xd)>cnN< zPit0I8cI=Tzx1Gd&o{otlp=5?>zWm!;D{8P`8R0JwpMMb z<{+`-2|_=oggQV(QI3LAiO50o{og4A!tH$Au16|u82*>*6=`EC!LL9l@er=DbkZgs zjNCb0m4zCk&041-AoA|u=xF&`sd_@br1|auI@g5GmqCiwE0MzJcQf+OTYAa}2IvyU z5L1CkRBiWPw^M~4%Ds%0U;txSh!JhgWSp?fa3YmmCAsO5k`w~M2t^`B(~}CiN^@+7!;M!WOF$LbM7f!yx;zomdMhv})?;t-?ZJ{w z4@)!OUKRSrJu{ZX7j{kWo!GWYc z6Ns<{FDcseBe_Ar3KMEVs1Z&SpJ`+(Z-k@qt!ZimZ@B9t?&v*;kW{_Q8FWh7dHRS* z`g&=QG!B?d@aWyQxfiNtUooz{TST7B%H@53ME*G-BbW4ukFH#c_E%Os>X@YT*=n0|)!3H- z98c}FObSUke&BJA!pw17>;k|lgnNtw+ErYZPFu!7^R-f=3h<^FiOZ3S%+APJ2}tI0 z%~Leb@gIQ0HW!gUa0mL{lm%*rV+Gl>5};&oxt}l0Cv$00AP`pA>hiOS#2~I@a%fKk zZtn*5WD6U0b~jwMpDIP+)IO&?oxsu~sk-NA#%=jLCWPCC(m6mIw=R_FFFpnfiA`aW z3JhuSt0Nxdpx`pw9$udrX^6%-KdB@3pVnxz$&>Z}Losj9G9OJ__Ib}UVR%F#`m`XC z$D|&l090ij!6(P4I-;QR6w=ZbkiVDfmN)%Vkaj~;(S5yRGhc3Z_m4f! zMf!_=-8h2`D6=zU@Y5J?%Ag=11Tg|;4Hw&cP{-?Fxt=ffV5BxrJem8VuE{%3G$$B3 zRP3+b5>q7;zDD{hIZM}#obhW9OS|G!^JE-XoOYfse8p$uDyWfHX-+F-u+YOR>Pdoi zKzVqN0IAD6;ha7S!bprY{s0Wv)PUm+PB|O~z^h!o4UY;sJA^$K_1Z}h;ehkVC;@UI z20l~3eX^%@9so$3ioEC`{$hh7tLH+<=;1_CcaUruCOStni;+COIjF-O z-5rQ+jF3vAR*aD@v&j>KA5SO#?ig5AVl@NGi23{&gF9MzB2C9RyGuZSC4Uc5vN+%N zWRq+GK;Gw5ufQQT;Ef?N=bXSFs686GjJ|wrzSz&y^>wZ?r$DtQ6e8tJuK8yg0q^jg zTB5<^;d1XiDBsYm5cdrtSj;Pec9mLVXfW37@?{c@(#l#VcPioP6;P7k;e6g(z_>oR zk!q+(#q@Ilk$B4dDitY%iH#+XlrSq5f%eOM5(|L}&kxV-Ft zmD4FN+q^!+66P9Bi1oVkcI|rk)jamRnz2(-P{OPWX^em$4*RS{2*52BW5?cbQ1JWU z*P(3wN%I`mhgq)t;L00IzJ}*ahZUy{f_$a_G}mTF)`()|OzQoSH13=q3PgS&JAz4o z(eC+YlaT5m(*<$x(Z>27;$JM@-?Kxny!$^uy{E;WDIz~Ko;BcnPPMA``XHJ|`Qfgk z-B(tAS1XpulR)v7b=t26o|2VP<9}39Or&YBVj;U|v+vDuiM9lVfbsgn*|K`5GPRdp zOq=ok!v{=zPlYsrd}U-S$;q7q!T?T<2s`j{FGXAetBBV%`~xH6r|)82f!8-%w^0p| zmG9P}4-zEyj8|wM&o-%EcnXFFiW#4OlGfzVN5Ngg*(3H36UDHZN};xuW6?Q{yaHkU zhf>c)Z*xe#Q2hEx4p(YPaYV|KW?4IT^uxOO;ZKZ}L$T&oaEwS?pW--UHq7|t-UtrB zeOn)bi9BhjNLMd{C`66s(}v_z?3wNy$o)$^9b(99#`vK7|J-_p+iM#Cw|bQ&_J7M< zU-cMV0gV(S^cCTh!3~y^OTRt4i}9=Unm{2Kd0UOxY8!Q#>Jr^jlxN##=LmyBx7&6$ zM?riN-^viqO_PY#LcD=PO}sd^f3AC8#w&9^a6@J?V=NHR2(Y$7BVals7~i}wyE1Re zAGmsA5bTV@{|%k}>1VcrSfcub4~jmBbSxDDyia46L5E4oLUpFi*k>(IhJy|V2Q(9)`o;HXV->>d}*7|9A-c7;e*LeT-EMZyH!wQv^G>P8K19CoYC-W`(LoiefT%c^3huu zBXlGw_Z9J$`b+};qRV+eIa7k-tvAc1q{`|rYd zvE0bDFLgZAj$0&d1L=3yn|`|#!d{UDO~X)N_CJ+_1Wr;4l$F410>YwRovoZqD&Kqt zPru7POd%v&!Ev3DY=%Xq0Foqavf-z|tlr40lVC=E_q&062Is1Ne4`~7u^yM);h67V zp~D=?OB}MbD`SVuD*PS@N+=d-mC%W%f_X4ZZx*wP9@BHV9$e zWeTKXigX(u_Kz)d>TEr~rCehvuqZoa&3Gd)e9D21A^3U*ePL&VOp=TIFe7zITKzB* z(y0yWcV>wACa|K0F}Vw1Z}i$16Rt+L<6lI0;57G|-2XC}XM3^lz}m7wQx$K0fS#fE0+?%koS;#LRsI3L#MNoZ*rH@-^>PDRkT$;QW>7)O} zn(nF!&7A>lZUr}7wG5w7sy4@o>!ifcYIA6=4~37py1PXwo$HO0MN_r>VyoX z`oVLM*yc;H_Twq^ilv%w?{=#6x|a`KgZ--3L`rxljZbgDZj)xq=pPh(ThYpy7) z9hrN?e9N>?(+7v_rzP<;71Wo4hB!VSn$P(b0Y8#;wKe&4n9RzdA&SzENIIDgnLi5m z?9?U$YppJf3DB*rbV=D|OO4S6+X3&_;dXd^?}I(YHHO&3wKW_soi4(%bW0p*-$2$`e+&fXQ#xe#(T-;-G6v(iqCsSJ1;%otMr@e(S-;=0>O%4?NSe^ z95aWmpO~(+gpoO(JIJOjHC@jmTrc5u&v#GLYL^LB;Tj2rkKc4*ki{^{eg&G;G`&%R zbUJNY1@aJJ#DXpBKiGAHj$rTkEQGDG&885ilFw8L1UB7|z9P>B8;fHRq)n{>1Kv$u zSQ^CFOzE*`;{=ZeW5_JMD$|(sEp(@T3`EccL)ku%rr53=wkk*hU`M(Jv|GZ=?~H^)%!eZCyXbUC7+B!_PGo= z<}>B@S>=MU?jV{{?pF9xhCIc@>DmhX_Hojavs2}^%gMz3`nNV&jDJhI)eqB{NXYjU z)Yiy!ddmT%8=lQ3u%GFZF$3&2+GWGgNb|qz7Ck6(K#K`(#eC|M)^kvV=a3&CPC zkVctwx3MP};n-6*Z`UKkoJ2nHTUj)z;K~3$a^%)(+vS9r+tb;sa&(CdExXaGGC|6_ zF(aG3Y`gg8z@kmuX^SO`^Nh`k&dd#UG|+g`tTI6#YC}|ads+Wv4gOZKdOYJT?Y#ez za3S!}|8W~JbuH8hr31MtNdpc55r8sBwhQR)Z7Q>WvBG%u7NHC`RCL2+It$_4^T!Y9;4-cfdwp zjV}8#S-EjCK^$Q3TJI}n$_~I#+t_{*$h=9Y8tS1czl`Uf$}H4?P}H@S@iDCFmktCP z5z<6_NWKsu@pLw}ev=-~ukq)?9UbK}#J|4l1D=-?BJp%rO6j_U*mA+gB6XYP-~H5! z6|T!DuFF)e+>WL;O3vr+;(T+%x^Vz<_kpp2N2U4Txq(%gL6liL|X%za&ir zRHc;G^n&x*&SnUm+4kce2IMU(bs*+LI-}*Gqm) zEWYl>oxec*-FGk2_l#T9nkf*i$gaf>H4FpGDEJxd$M^M3x>ux?tbKEAB(!)$!#(R} z6=Z!r8?;9ZaWvG-dTbJsSSv$X2=shfnyr(l7h=(gxgJ-V9q@BWT(>wNod!VmM!&=N z?Y^)ljffS_o}DiCdX0G-|gXgKd>pDys9iJbO#BJ+Qqi4loWuw7T z8Hl1^@sMWJ#Oi;0<#!1X!Yy_;tVm_@tI}^onevC213Mo!d=@?Kjy|0RJY%V7#|`wT zh;G{~USvXbK&<*l6;-cN*?}luHt~T0_J`ZNHC-C5FA(pQ@f)hQwcosB<7M6!;0Udy z(_)-RNHeQ5Ne=a7!UMOoa}iK+rXIX}f)Yc-RZ5l{No2aP8O?pN-5C0AS?RQXpqP1= zgP?`CwbH!dJIlS_ym|Hn^m{IINCLplE!{TS%^slS7&hByUyh&5pL; zc_2A5b@QakVv^KXEX>yG&E?N|9s-_+X%xum+g@XkVtJ{H$@Yl-5$#Ctsft_n!fcnGe{Ht0Y%M5d)TnerG8HBSEHZoSWX-7QhPfDT{U>H_@i5o~}6o+<7^-J%bvxcB9Yo}>a&P&gk} z&^90Lzk1P^AW$+ui|;62P}==PX;qg@bPjq;aYxmYu;Ldqi)Th>F09?5*IZN+)_nKN zHy8>1czE4?_YMC=(#wyHDv$_Is%G=jlY~CWIQ(d4; z-^0D`@Ik?D9|_$1OJU=jPv%>^2~5#{^>Z$G>X;N+bU|C6Jfq?(@w0O=l9lI7-~Kjo z0ZKV?9-rM#VP4Ud#bK*yX1X7ZQBL)A+C3xpJRcJR6$+THxIYnex8$knQA#r# z(GIs(VwyD`k=#Y)eUy$egN^fC>I;Wqc4_L3Pxm1fQuv&>O32mXJTln+G3rMG=hSE^oX1&{3m znBPQ`qvpCLtXn3M_@`z@`3Bu8O;*~?Z_Qs}2@r=QPB=^l&~7gh1kD!oi(HM@8m!Wt zB+OD9m8cPYLWf23^UZuDsP`t4Xs#5Vxzc9tEhywrvj08xL{b`G8IzOhBf`SLV)dR% zU}o|A9M}fN|EyTrymGXB9qns2Kq>g7^?KD8r(ir+r9KF^40c@1_IT z5t|%KdLidn_65_`e%4~#mbDz;G_PMps+9=q?KgFwGG1dAEnt`LLY2Y9ZnoS9bs#o@nx0fO25V!k@O zXzHWRYijVZex>~7DY`G3##6Ve(;9-lX}2^LG9u5?VQbA&gLpwXw*=W)yiUqW_8^UF zNCc>PS10HbSwf~J+Nb<)8r83VAd1jN2$NSqCZ`=e#Ie)pvhlr_ki=+;i2z_EavDxH zLEdmUh7mH~p;4F@f&Y=X9h!LS37fYn;>FoW@8~R$#6{qUJ`$=z3B&L8d(WbKx(4Z5 zn_dg#-Kp1Fe?O>=_l|)O=3MZw(fHTdP!xBo2T4g%p5CYm^r20V%Qg$6fU8-4SDvB@ z5hLYpwJgTO)n^PByTp&= zwrc~m&+u_3B19&8o)VuJ#q+cciuyuP@u?I~zC#mfdxJGoLeD`Ta*s7=u#1CQ;*2eE zy-785Pu84YPZw((X1h;%5Yg<8PL8RdYT^q72$F|0ND4JW2NW85 zOs_t(=lMRNXaxujiKR{u4*UTz*i=MY2+< zrRwyUBpv;X9-M1N9>2&tMvM^bh093M-M)XINDS-Mef@>c{~=pXw3SJ@UK<#I0$kWn z4hWP)0EG)oWw*Je5YAc}Z2K9Yvyzj}L3+&6Af0z0-WiVfqyB5t1S50wp`p;hu~+N` z@7|Ee=vZ1Tp)uI$G~aZ2bByGtieK-olg3{oGQz<)Fe0^3f2Kbd%Gd_0hVBi$bboTZ(91fvwlX`T@QX2>5$8fQqa+N@l0*6K* zt30`VTz#WYYowU8lc&?fd`eGtzfm4nQk#h-gSbzEoY_RgL^D0zN|o06ETBaCJ}+J$ zLFIgkBDM~ewxke4vOB1?S*WzW4MC#OI)xcPK*(N{I_Z1OMszkFobNR0K-y+R3~1}X$=M_Sb0e`C)LcsS+JsWt8d3+^IhD8L0-K`1M~-_Si2 zY?u-{?CVLxAE<}tzAdIG22<|#8|}*<3}-1ER>*cv&#dJFM7P(`x|q=>3q`EO(5{w- z!Tt@KJ%NLyo?kN|zAPg*c+xv|ekBcTSR@gTg;j`sW1F2+!XBHX8|mMR6o$`Epi``A z_X9ewsIch}hlF5c_5{+yq$|T{od>UN=TIT?O@P{fqs@$(02HkJImL^|NPvue|(*~BD z7eRQS8`7g`=aj)c^^R=(4Nq&U=hI1Bj^jh%4gsfgVdE!q5uV?%F-Qx?U(G~u9_n=< zqlH-x_6ZM|o+T$nBH$YreqT~c4@1NY$FeU#JDSP!^NVUoqeF_)qGW-#H0A5_cN`Z_|k9!|TB;m`jWQR~pA?4sf^*4~Ks>@;`!J+FMF zZkO6LjH%Y?fiP~(oy7{h+Na!=X_h%&3y(#RE<56?+*wFrZ{7YWn((LYZlf4SZ@D>; z$>#jW^w{4TfvAeT<#PE$kQs zwh8eApE;O<#q!>-Mxi?nyaO?jx;}&R?57BV;h=+>5!dPBLc?s{YV?0teG%{!@qd4^ zET9yl<+%}kynMn3BqOf`RCX8Je}dnQu4Rr2J5qjzW!WsiL*SP4Zw(Ml@rZ_xQ;=09 z6T7=gDp?XRe$C_IQO;0ck-%dd;&-`^X5!n^rFGiF9U<103@I=xQ#&CaXpnRw;8wu( z6c~h|9{84kup%{-v&(2^P{BUAYxo=}*_u3Akzd#@dHwbFV#Yn!K+xnO$l&^L64(&x zlsx={(KE(M*91SMQuQDTlpd@^B=#k#%hnyh90 zF5*>pg|&gE^-QXB$17(Yhqko=X=Iay485H#9-W>9pT~)rYe<}K``hKu=__dP13leAu&~at{V@arP=q7B(w?X#$QfF+5)L7X@B^%^!5GF)B(rRRPLnzr zMc<3bIwVIzHJdQL@N^e{^`hP-hF3N_5#mHa#3Z$K{uSyOK!(YoQg#TbmTE)ixUp6B z_A#6|EISv)K&wsm9OP~0qZW+=QG}w{3xF4W57#p$xT z9035&YpMp%nL=5cTY{&X1CCx%;{&J;ETo0+E>FqfKTNNAyx2K*^1w>PfQnJEnV-3A^?LitBS*c zwoU2c!MGnxGTJOY8g=z{t7jxA&5|7JrXuk+1R5+~96XnKDOJXy4f2|`xD`O!=QvC^ ztkQUf?!nll>=wtRGM~Y``-ml3WfDNEB4yEKKU-c=I$+PkB-8rQaPbRTK6w{jQ((h@ z)m7N%J}X;3nI|EcL3?5a+EBF?BBrE48nlOsV~7>4@WF=%QdaeUvztt7*^tCV`2{8a z;Yg}!>ItM-sv)?^$Fl}a$MTV?1;>fTd4R3zr0on5VX}q9uP>I{29FNu zS?0(stFs0iu22NvF2z5Ga1K6AG_=NXOS3MdXEJEC#NUXj4gUc{XYQ`n`Uh9p&{e{q zcu!$O8wkMRe0$Z;74dK7-(8nt5b3yD8Kp-T_rg^%$|r)P;#abz=azb5e@zr>e~@fI zWIoFn=BcO`ol~)v?D^HH7@xdlIwM>|wb%LfI)^{_gZ1*RcV^!AdG7nVuj@B_E^R3Md+lPb$Hg@YHZ7_g1#@j* z(N9Q^JGx&uGqaTg%eBzE`J)2)c20wKQX!XIv`x2}NHIe4ov?4IYQ>pbK2J+Bx z=J-SV!mCEDmg6n-PG|RKr|sB*#q8d~0}PyJJCKAQMtWEqOY|C1v>Vm=U`IQWhkLd- z&B)$v;^wNSvgr&OV;Nx!=B%WFFosgR3ChNa=bpE!&(_Z-ZJF*_8O+zd+_WA z3(*>XK)G^Fzo$u#?TlJK%rS@X?>6S_~MU}VA0^yK`UkpT0_^X zXt%@#F{d|Uhu<(VV?+pjAVm5hrW4E%vXoXD{AYHwVs*eos45jc zeI;s_gl((M{Gn4)@k;i$g>tMubUp43p|im=1c-&I8&KC-}ly?xW#= zS>;4OMwiVwag5R5u|r5{WRI;pAHxQh7qJ>%qxpAn_!o<}AMqkpi|h9_lA1_AcfM^+ za4=%|e6YC@n&E}MgDiY`PGgagKd8396+$xwhV0oy9-k-0@KVK zxTtrnlKGsvFKkwfuPQ$|T5gXqmAg-KUx!C+PiF-s3%QJVN)s{;ig;XU6|~KwHY4tS zvnGfxhK6z(b#{ktjozBlpm*L!bu5J55G_;)&n%j8z9WT!0_1?Q&L0>-XD&LZ?(q-} z0Hr~;2<-h;$KBr57Be?1O<;6-Vfr;nyh|rR$fZ2{ZM+8e$9}UmgUuo8qe6)J;jIzK*88+pPm)`t4FZ z;kF0O3F48nl({<2;Y!yzWu1rE{?66oXWfOdEY}fp0+B0?p0`&jmsOKD(w3}otlBg{ zv>Npka+SnyDqgHah*Taox}9S(27}+dI#!LJx)$APG6H5mm%5kJwsATMjdm>v1yPSp zQT#xDyLFjU-i1hzGcZ}UFM-e2L{x8;dK(A=?8}KNazHZ(+e@_IQ)dp{qdPK9RPz*) zUQOEw#nn4(PyJf-ydDn^2m;KO-q|bNlJ?`P!!F8!(SRn9)?peQ$9KIt<);) zgr1Z5JLyzjv|ZIZ7XK)h+xaGz#%ooA2;p2(S6wuD8!uP<o`Mgs%RDPg;eY#`5hlKz9UFEg;nDcBV%d+A1*k?;A0Br;|*BF;?Nr;zqODR1UjAAMN-)P zO$&NJRiB$MNuD@%9R?o6&1mm>g%oUbVNkEWw;fj$e1i6I&NeHu&3CssI_LY`R~y3& zKR?mlzD^QKH)!Nv1gj*;n(0jfD=`(}kph1tc??KB}5TdzlkOR0*Y zxAG8I#^0{SjjKLiri~ZxZsSQ&yuWrxQ}V`3+pbscq`K|9WFbo_?Yy$c$r~|R{kmN6 zq^+%kB2qttY_UC2T}u?P0iqT$pt3L$Hyd)|R;JbOwJv|0b% zWh{p|!C;E0sn93b#NmUp-35AN^b<|wbBnD)ca(u8$}93LgQavIB5^nf!c(O2m^#)P z1sI)xP(%+sNP*vF#fxdn#_s2<k8}F7OLSG1`0(4B`bbKl6OG{LHaJ&GV4UHu|?jZ|4O6%7OU%u2XLeQw}gE zjLjxkH8UL#f9Q~>TCnM&AX?C^u`Fh~5)Z&c7rK*%xV$;rnEql zJWqSkD#Zs0_-d;A_wZ@%>VCuVyL^qk$M`=}EqTq(qIQpX#;DvbV>OXFWdPlUHOlWh@+R^X#+=9bd=!Jjv$by$XM#dc#KZA;0vC>B zgn6aI$yM|(X$UIu7QT|5;{YdVHcYG&oAjPxah7szx9v0$kK*UX`Eki+ACzXbhXf~b zAWQH?sr{+JO}0YPzTA7Jly4v=c!3V-NqHVol%-hpP9hLnL!^`@xJt3E6qu`)naw!? z&P(U#dC@cWF(#6Oo;0r;cJQcF3a^0h&PzWMzd+AqzC&XELaE>&y5MLOY&#IK*NFhU zuW!u#4XrRJ!5A>&?((*6fk!n8KpkYZ)$-SpF#`;q#PtER$s-J0#!=zl=TlC-Z&L(f zJvG>`)8}Kw~5JNVudNYs-yF349{@tNMW%cP#*OvW=Ux$x})JjvQytq zc()-7kp)D*`1BNk$K~pb`S1Wx!OH5cK+%x2K{OX`%zUDl$_JKIO2~ebpz6})P`qt8 zxd;tz;Zt$#hJ%~q?L&n7c;pvjADXEuyP!}K5h1Z4Lx~`nxa$fn;iq)+1|d7|m+C)! zp4ywK>&w;lymdGtJeA1jd>kcr*^i9LY7!D7SJ8Mz2E)t2F>?!vVJi8I^1AO95NO2D z2pCT>a(|;=QIs}->p5yV!U>r~?&YcFp!P6R^A>o*4WByH$-*6dLOgc8*5rP9H2dPw zo)OnVmgG0I&Ls2_THn8?EP*!tBwS%N2T}OfkH553v6^9{2J&~V3&O{^vRDX6RzP|w z3e=H{o~G&|?9hyc%Fojyp=UIbAwQm;N9u-6kx-x7|6~7{**wO=^IqyMMfy7FLW6|D z3{fdl687BHqDl@?5?;q;K_a-+b6PNg3^S_7NUGO*0P4!8iQU^4VNGOlO!~e?NP^P_ zuQV>Ir9N}2bDAjIb27UP3Z+CijNqbgA@D%9&}l_{8bv04AM7o~tbQ#M(_3NEC< z_#&MSquod?qw?7cGpfd0RY-f#<6|hH!;seyNAO6-44IX#RFGV0lWQWildyqS6`<+F zO6w%@xP>#F8XyOjZyLc8P)^SAETALVlj~sz57?9qq;G`&KI|ZdfF*_wu)@9*>pQ;| zsI(&fDs_0XbPY=pHpMG8cw$4!>sSQRL>*?TjaNx`JT%i4rtvS$HD(+5m2>Tv-!PN} zaxTcZPG8WB*#BLnfA(-Y=y^o^KoS!n)J0n=l*ID*v>5@ZUN9Wa3?Q06%pFO`J>Ind zKAPMQj4LAQXQ|4qzV%pl`Aq+M!t7D@0Dw%P_AkGXdVM9pj!DL`HW47L!?$=eORQnh z&r4l?Ezq$0AC8#3rT6kFdm@Axg!+NeR;Y2&^Hx2~JBH!sqt?tnOi8E$V_-2##i)s8 z(U`JY_XHKkCtnOyy>eqF{0~CtoVZ&qKGWqUJRHeRnTheI{&7JNuSAz;Sn~Y>BxhR(EC&abIJ_{;dHNc|y%vk8w#lRIA~150T!Cq^$%j<2m%t0gkhKZ))FC{Ho>4Ko)jdLL`rT*xR;2*7Q0Hu2Y zdeXd}13X%jsRO*DqrOs^6$XXSMXq;uYH+|W3_@yvCHTW0;xSxsL7Uvq$XepJMkMDh z?x9(~K!x`F=C@tfJM}U{@fcLW1{EH+!7ur0hlCYp+RFVj>@i$O)Q&}*uuvuQ`TEmr zg&hsYdC-9M;wuVKpXZMtVU)_B8%O765d#5jTo57?H}=`R83SZv2LW7 z+dRexRG(&cJ(8lO4s~X$`QinO-Muf2ygcG{rk%@gzHxL%D7CW?O);#Ev(2hnd@LRj=c{!e;S{V#7~4+f2D9 zMKGe+c0&OB#Z|J%*){~bHy5R05#WKK$`H)_Cg%FHy(X@DF+1l@^XKRIGg8XcpGG@N zKAkMMsoW0mBHP_W{LDB#Rut9oXu7*H&)2(7X((glMup1i+Lzg$x2{CoUEaSTj1jn%rZ0tW z2;C`1@!%kQUbWLj*%V(eUVu7-Dy-G-1pYQ-^^d2XM8LUJ^br|S1H*ctwz2=xBf=1z z@922nfSpAyt21o;Ywg*GU)=_6{)aPA;&E?Axai*peTb7$MxC3B7G&Iuhy{|eg9w)` z28ASjL-{vo#~T9`-Gmv=io?=`Z+>vvYt24wSYP=}^6%_~rz3xesX{qF^tK+_)Ui7fdkvPJSf3 z^;dSSid{q~a-y~{-@f)kEBK`=B-iT>^xW!n`~@2Oh5aO})tq?!@JMcSdFk z*J$@?KbPHiiGqALh$r;8^UG;|{AWJMXehaC%s+kXvl=B^u6(}DbTstsTOYS3Uo+ft z4&aeLjbKbj>P%u+-wtLxCq;Xx%372~brOD<0y@{SXdvGV6a6>e^bOPMKS`+f;?BQA z17!*Yc`j!v-idg;8{C2FzkmCLBYX~Tb{hSkIuHW)9yuyxr_aE#$doszUxr(n(KUt$ z`KUmzJ))b)KK>8vQ0wwK%?Kt1%>5#H;7BQuE{aw{h2QNi^G_JQ>bqnSj`j`9xbiw4 zx$QrAiv=V9`j<4?5w0V)>-IBSPd+1+<9=TFbKXkDr=1bB^bmO#mTF3z8OgbS9jieF zPLG<(qRNf+Yh{*W)=_5g0^c=To-?d@`rEEATJBK9KG4 zP_%XVCB_g;cAb{v3hImdpRYoh4ZpCL1}li!Wp)#|=r!btKmOC%e&MwY;GO?EP~-rj51`9F(qdwI zL>qS}$bRUs{iFg2R3+gK=94lS_lzk^Qr+(VD}L(#;fnqzpjCmmY0?GIFuDQJ4mjmF zo%VG}K}O9ZjsIA2Yq2yQ!tgGc@m_^PXs(ty!S&q+LF08JeMjc4X=Z2r z`C$|2rbn(O1ikj>_z~LoA61aSoLWE=07~TR73MP6LfP@h0HT;n5?5))3vpZHfr~bY zxY{X=;xrV$ybGcPB1KUYiza(8F-IyB0w|8NP?6g)sus@LM6vJW!meY8of*Cyxv!3r zs6hLQ2c{Rf-Kk%<;0mVrEDuMhCre8ya5 z=e@v>c#Q- zI#(g3z{9P@a}-h9prRaZ1_jQ{;c)&rXY%2@oyD3``P3IZ&a6V@qavI06+!(;g3mdt z0o(Wv@%6N>4IwPf=ek-(Czt%kmI8{!_$|%rSq|ncs&<8IShhm6R203U!}i_R4|# zFdoW^?X^2)bGllQ&_c7@EeY~hWG#q&U`i?&(m1V(GpF|0j$ zR7|25IiQi^CKWO(D;jkKbZcl7oh;-LmJwqUVjJDx!6Zo zDnJdE-gAWe06Ht%dYMM*I6~w~>D`Toc-$7xe$%z3cH`$NY)TQ`i4q+ayN&+u{LE#5 zlKHx@%ZWm;z$RAgUX|)~1z0pWm^L6HijeYIdrQh}7NWk-Ee9^~tN}w(8HGMmCE*WV+hSQW0-FIwEA2DJt|&2ly7F zz}H|%vpTK`eaTS{BB$MNnZE$+EX&K!6E74253A8pIHbAF4%YLHqlwO3ovTR61l%ur zzpL#NxpSA4=NLEJBtzud1L60G?KObguD+INO+FWU30ZKxW&>z$0hKH%1@(H_UGl&# zpt#dJ{1{WIu@t_~Vk(fPPsznGGuf#Pt3Vs(fiqM4XuZcS(L1|@@f}oCxsbim_C%p6j6cE{DQI&gW;#bvpJIQvWxF0(fSPr&oz;sN+k*#yRn zu>w7vZC*1fTv2y^isfLi*vS6++kve7h=y$rH|(I_@4NovlD*HNdIN6u7aO&}HM~|_ z^SK+&lMCX^?{J2G$V>nlH+R+%DurmPG96e)5u%nM;?mUbe())W5V3v0#N;psS#XA* zR<90(&I>j99Ct~!W~#oq{JcJgv)ihWB{3q{^LC-92p&UuZM2uFz8!o;9I%dK~1od}bMSXs^ z{p4YPBVu;_NZmR+be9y7W2NZliiWA|>5wt=)*IAv&v}6)yZzy;-#~U;$mR8IpC)-^ zH{Q+;TtMn~PE%Yl%kzoc(@rf`nFIzvuKD<8IUhMSR(j{FvW;*6M6(ZIbK2a{m{fD3 zXr*y(z9Pp9x>%+qKol$>9M(4DIeamVV&N^(Mh$w2cB zpCS{@`2Zw3#ERg@O1dAX$)bsK007eMdwxloL(1u7ycRJ; zPhZI5V%|u;EIyw+E!V`Qb^xgUQaLfUW9qW$}|m zmx0-QZgG(+ayGDYPo^NGe8~CAp!c%&t}4B6JglLC7pi!hZ0c<8t>U#~A#_SQQm_7& zr#@A)=^MqDH#MuI)2n?c%Uc zg_3gr_#mIasGKgpO^*GWePzBtX7c^*L(Hd&LPA40L>%SSt?dkruhe_hqy&2x|2D@T zDOEx?RSBxk$s1hTc7v-1Drrr6V}SMq?X!akmo6-z{O&~FSou@ez8N&^UoI2>>ISnCSvS~MT zuUFw=K)~~2DtA9Fx})Vqa~{SOJ^K1(s`j-be1R=kt%s0ZS4+U*YLI9yL*DDzOXj)p z@%}wZe%Ci2f1(4tAdYs`=U6st2~r{!4S4`4qfV;A4$snRmjGWZu-ooi4aP^^DC@{&mH~^Bi3QeBVIZ z#B<>c2(8^PBg2Ab*N%R1h;tq@3@l8E@!cNzC;Tz8E;k=zU+M1xmep#yYa9u(e+axu zFq#yd(QdsCgcD3*gFk!eYWHHIRUe1kv$Kg6Q$h&6`e*!tdP6Rg->0n=j8$9A=UT`T zX=M!9rN72ef6w?bT-ot2T`;{~{Yh>NWltjL;DijVFqa6kmKc94Wr&|O9Zaz4SeP8q zz7HA_$+(+_xDTZ^S|L1L>g7pQ_gP>4sRc4i;vBgD94TR)oC03UzQcP{zp{ud11zc3 z3)IdIGx5OtJ?;jtas^Q@l~naB^2sZ%fEF^WF<9@oo3=!m$E;%={O+3G>kjFx$lwVf zX(^hre)BMK=tVE`7Ed;Ae@XC?zxHBD?9-BxWRfN{Fc-{* zsN}K`@$%1kQoZ*j4=3hmav60#k#~DxIk(Dfw3C(zU2KY?H`h2W$qE5eTlGeG<5{k_ z^8)XekUZG+@Z&{~$x!N`S+bpplJCHfevG)EGEUbr*=^#~pkt(X9bRsX9QAQn_|Oy% zEV}OOkrnh?5r7wNG8}|O+_u<)?&lw74z_iRy#9M&Z=28YP!`wbd!iy2y-=EFQac!{ z8ZF(9a~n0upoEikZIv~|^#z(-oC8Kt!G>K0QIv9t>iT^Tj)4BV?=<^o%?KF}J7-#auJ=l%k|Fr^>Q6=>+#GPD214kowcsOA4>XZn8- kh5tWVx@9Qtcf><|%`2q$^PyJY`(hr*O1^tjB5vUOUm9okM*si- literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-500.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-device-group-500.png new file mode 100644 index 0000000000000000000000000000000000000000..8532d279bc5ec58c419b2cb5ef4c50fe81a8dafb GIT binary patch literal 18628 zcmZsiWmw!?w6<~A;!p-HP@uRJin|X^aWC#RxVw9?!QI`xIK_**ySsk#o^yVFKV~M$ zmE=k$J8Q3XKhFwRRFFhRAx43MftkPg1&_;+ae)AzNdAzNFYDZPRf!ZP*oG3 zk02{>X2SBqP*An8sIP|bkac8xDNQFRD2zY!lN_3r8 zpVRfu6?DR>jkAqzLHmLKIf_V0`S4&e+pSWo$=OsUH6>fwP%x5!8HMla!Vq%Q`5D69 z+E#xkss83)F#C$j>0&QBfNxm0#h&7F&KH$#Ya)xcHJL#Jp-P90Nw;lRBAWP!x54g$ zMvjoI#qz&vK8&LCJS*SzF3>@;k`eecE02|*)nr&oxR?7ofSDUp)u&8J1& zo^LIPB2!KH^j&9*feT#L8(q3X@IIS7K7+DvNup0{?Jlzi_)I!EJ7OQ^D=iMjduukl zVEIDdv*pHryxG20bt`qIkrIZGVcUxZ;4YZLo(O94eZ4|lkjJGAc+PU$aB&-my?DMm zIhn7}+?*HemKbXwe$pLen0;;3EpGU zYbjZO+y9%PGYRJJ3qI*|^nE{~O=VM~|7KT8NK40cE}zaZ@^;~?Z}BHj=3iM=^{wyl zX75b5>~bjS57(BI4d08HaA>Rw79~ZwvJ?zlf% zC))^6cB0scW^z9C*2X!`km|3fzQ zU0u|Cx-a4nW2&@25SeO!G*jeqBgUfy z=(+hg%#Yp6B3O%bIWD27bv|O#IA1bb<9}G)`9v+16VlW9uwFjtDO5V1+?33uGRSFu z*;KC5Tt&CKUDm*D^J$VZr{Vfwvf9S|tZ_kyUTMDDZnXqKSPXRDdeB(Wyk2&Jf=jnq zB%fUbHr^2Mo@*hWi@r*r@J48MUQ*7D*LTmqUAJ9SG-sLL`(%3T-xUSm*FsCCK3{uS zU*PJxK4$Q5pCILR9=<#OCmWrIk~jYKhs8{R?LY)xl~g<>lXwKKtv~1=A>GaX#6PQG z@mxe>$hfiH{u9pB-OwyO>!wq=+^Cx`5q--G;0#f-P?~|f{~EAHjiBdVl&rd;kLU8S z4DM`CU{tQh-Ek`l9s}I@J1kmi2s%ltX8l1+ASAv+0?X0&?ptO4hi4MIw(+$3mZzKj zQpXsyI+Ion^R=GN*HH#bDaZrY9pivZ8KR)oI1ykHUHnUzDT9)fu}*f^o6hlE>D_aF ztU#HJ*=&(KQzYFIpZj%*ksy79|49ep&y%;4YNzwvQk6E0cjYzS^MU2YKU5os7^DIf z7f@iyEoj`Ir;84AH=Xz~WIu|m-b$5=l>7akSuhmU4<_~P!J{%Me8G_<+*OfZA2dTT z)qmwmWm9xU60sMhBy(u8Jv4)=#b7W1d^r+mxh_6U)=Q@f5!=_#adO}R*shoJ_B(G( zP&r*U=<3`t9M)MngDdMD(_C$wM+fS<6VeDS~^9o6$FyG*6jfe27mp8hQacB;edps{X%eS0F_If!kt5{vdM01qN zRNrecBs?r8jbjC?ykFU|!VNk=;D;ROH}n`q9rRM=Vn>Ia0Tr!c=?sY#=f+xA$PD*` z2olSvU;yi4N>~*t#d2vgmHN#J{nHiA#h-#5A1^7Cd=T$6`Rs8um6hg$#(bYl8!~>l zfirllnoeemtLdSHG&=%W^y@tut6u7$Csm@vP!w@MYL*tW z1xn&hor_H_<@D6cx1peYBKBXZ)!+}Oz0tEl;P1oziHvGJ%NGn%-M%2?JN~3kG90)K z@B?02&(30KfI~^RUQx)%n2;jEg{5@{Np`gsOzFh=0tt_zye1SLS=x ze6hG~J8GiC#B}IjJ!Xq{hKTxMEs+!f4}?HU+|`YGGrRAmopu`now2=Qb5Ok0(h1+~ z7yipZdc*FL$uB(%{6#Xp$?QFBaF=NeOO!$Gt%Wep;352BvCI3%!)_w**yFh(jol@y zSu8w(@^YueVz%h0hWHUGk(|2emHONB@m-~Ez50Szv&~A84Bp;g`Xg)}6d8`4%R|+gtp_=yfbpO+x8(9) zUT&EvbQ`aE7hsW`2l_xSuONWwf!_|lM#<`WcZB$Qt-~TQgHZy-6Hd=(pql`yKL}md zS|s1s>EJIOkTYJEDg+h*V^B6Y0`H$EIzq%ZiKySiGy5w~UuFon!meJaVg-&PaNUOo zl3t95Vw8*nEI<0+`Sk+yi@J~#3>mBDk@36eTP8O=& zA_=~wu8BC)-rwKYxdu8c+f7LF zC2mJEg)*pvUnu*BA&oZzbr`kwp#xTdc09<6)CF1;5HwbUVT$C@IpsDj(} zBeGiANFuEh9=)owX1ysMMfWP{+f9iqn6Z^U^Ysa}WLvw*IV}a}q6$FOF9B9Y_D9*F(5pIn@tWfBsuj4Jd_)mR^Is|0_@#y_GT{yNvgweGx;25 z)JnDF7wVLF8+_kF?wCBAPTS(qFackpxg&%>y)I=GPo2z_mXoyIU#whM&X*OEG%2#s z&CYFm=SgvzeB&t7dE)7wu63=vrSQLPY@y#Y*p$DqjY#@B_gy-UysJty|20BDXKrse zO(m7_vQDE?>#ONUDcBlvrHzc{PLIQeZd`ncQ_p=kZMHzE|g6T3#cqX z@h&7ZB7}~jb?!&?-A{A0EeBm|H`}T#bG=;4YLuyd{dOTxy1|aCEVE(pl0DNLO6Ifp zMLt~)&*T1diStvvym@Ti$L=gJ8T`Lf@d_^)@7C6WzNcE}zjg2DkjnfIU#N@sw}*A7 zXku>HyW`H!EglC@zzq3NIvYyli>{lPNajJwX4^I9n|(Wkj{bnUgW)Z$CTmlfRmiia z^v~!Du?+)n5^8nfFh5_4wmGmW<+ZOt@*{`Y?z1k08O?GM`9i)uGZn@roV+%-{%xoKhmOEQ%j#d7Y zrziMPLCdp_W{_x`&7Q z60I?$KU#~knaU;Is&t#@T`s0o1clr6;$)oWN|gM&Z87b)iOdFWct{(_3+b|dx*X3f znT}>IeUbTm=QQ-y?&ICtBVAWjXeB{vCrk^Idqx-`x#5DcZ{_)cAVaY7}*kL%^=UO@_gtwU8Bm3Sl$o0kbtf8YsXiqYM z`dLt76~h9@G#)1~zooiZ=Xs{dhUDSg^TMJ@;@UmVuwLb0!sGM(-ToXT`Hd~=!6=+= z?8y}E6}cFm5C*T&UQ?B!5P8Q@TO^#E8>>2q&Hw@u29tCaKC2OXl)3?UM|jwN z4HNF!MF6wzY2jP5gg(9(CGRK`fs&XvN@gY5V*e$DzkJ-GbB5a-FWBWIt{Suu35AjU zpuhR~_@=;(Ta6MAj}1K_RTU}{jB@lu%nh?EPgmA?89=PPxmZiW?r5*7=lOPLFR3O8 zZ!#!{B`Cb;uy!!Yixp5Sij1Dy4bZw%IB=; z6qQK68!rh^f^U-k-DK5V<>B+Z%xSe697(WxY1q%vJF0NCdePmTLj$`-w4T9Z93q>= z8x78li5H?wScg>iv&HgG+V6|oOu8Mr9uG%n^Od^gUuEjeCUezQXs_OVGrsrACuNHS z1CYk75q|Sge>|3&0p$zooEDf;ne_$GyNx=TwA<#;Nw`#TidPel0I6)I^xmO$ZO-R; z$hz~D`WKFS<45NaWcp4Z%+KF@&`Eh!$MUl>4Pzce-W^1~Q-xqI2sqO4AnPGu67K>S zmBoU|!mZofF7|1{g5OW7cXXOgmzaN;q9YXQlJYhzz;RF;E-|FA@C@@rl173vPecp< zs?Y$H1H+N8mx{A3yQM<QBeIy(ku((&B8L`f0=H<(hu85mStl2I#1{`zvvP<;qWD8=ewm@S^1 zT7_!}XMI0w4j*mLECw!tF#mQvint%2F0u21#fEY=5Vj=ipxBD2<#`#v_ni-G#ilqu znY=C$G*WE|0W@mNqs5Sd@SGr*)Fl!BDe5-b6$aF--`zzlezQFC6D!?J@A_p@@NHKj z_I*G;i%kvZt1x@iTMQ{LoiE$F-;=nW9}HVpZw`h@_>czb{^V?bG?M(qO8ewDtq!RJ zG9|W0)L^)7`82*Im-AI=Q#6Z!kw+;0cExAjJs|SIThp*^j372t0vM0C?77&G?LKI8x!vj2D|HH6DRU4FCcI}mT8kR@ ziPyOtw|fyI&DUhb&*hR>LnJ`|Fa>o~O-Y^VOhyu9U{jz+ps~jnrmTBkpV;);~V+Z2Nb-Uo8psY zxUKg6@EJ`!nXgI|pmreoqjW3uLyB`vVOan|bGWrYtJ&7{!6APw1dXL0{Z%N*?i<^-ghUuB7w5A=m?B_3BCN>RI4z*SHf= ztmRRR{3Qsgt3MR;g_zU&Fma^h;g4l<_r`tr%q?>Mi;2;5L81pRC=VERiqpH3I8wDB zw8CZMl~-`;yphRM z@7?M7a2;;6;CTxS3VnY&Yu>OVGw;?|hty+U)!p}HK$>8^iHC{aB>qe`mmy#O9Rv=Y{Pezj_Y}aU_Q-mf`ayVGsxlNKz{-*& z@p}20!@bm&G#hDzWgUlVyxH@?He2qqKGl==N>inwsn7xP&XCp1QRsqttnVMGn>SwD z%y)$+2xPnshnjY@`d6`)!Q)gk|4n2~KNCqyfvej*WM!3DG zHWkVS3cN2i`@DI0PXy9w?)`X2oI>{TW7hJziGJ-At5z8V9myUjWHof!EWaLRaJiJN z!$x(|adf(UVJS|_Fyf%|rqd7d+&mZbJAfcnu@$I4bpKihJ@vhx3V~6cHkdBq(|b4r z72R&;8v@p^y>S$xUPf5(@6U*rYW2VL>9YKX`n#iu@wgPCn7x*(bhSIVMF(F)=PQ$A z{8&Tn(ny9wHT2yz5BLojA;I*=S@n0+t`NKKvmYL}CF?hXUBK-1u5cV$Oa3I}Z(_BF z>99MQ+K z1veIQguT51Lfyfr1au!C|1mkw08?aV(G-vq2jLVdFYAO6(*d{4eh>_EZ@rSc|XM!E?m|v z3cJ7go7MO>&49d_gxj*94!VcE(dwTnpwOmLyLo2gD=-RY1Cp%g*u3p$?02!|OP>6= zJk+-9JX&dWDsFm%B;+bfL!S+q$Vs5;k_Fa~^n)o!9oV^K7=L$@Gg{5>82Q&AD*W1>SM8kWW1mlKu_ghh^j5Go9F+8@T zfcte24rTcOjt+(%yB?YE&YO{NJw~Xh8wA+gElcOq!{(=ud#};k3`PuC?(&aDq6G~q z56b+7jd4M)=@6;3>Hr%7@nBNJ@sMgIMysl|)#v~r7qSYPh@k>- z1|ttqkj@bGIKW88Oo>9(y2xT8IknAlqJkJ>iz8y6F4#j!80NXKq0d7-l0f27sRz0@ z{Z6m3@UfDUKR^@(<)$4+g0j>PtBKNMeoS+~cQ3{>hzba zAxuITlfQZTvv|BEp4ybJdzEEC@d_n9qF<@e zO5m!!HLpAWEAP(9H4$SJ$oqKgtXGslD<00g~GkL04L zLcw0YqFq8v1k<4iB8H0UAQ}A%m7#wnN>rCYWGtUy{;JfGJ3GcL{}UB^lS-niWqG&w z@YG1th!TE%OeK+-ifV&MVkcmxm#CNX75wvApny661wodQ)p#H(ZV>qs4HA0}mbo0r z{&@GRT0!q^UbUR^;aZ)Vm0H{Ozas*~DN2Ra@9BB-!1}&)_iD>V%V%50(hU{B?cO;S zFWk;~PAB?QFxhe#R4y7W#a3(GWKyL4TV>5$w{Q^Vn}Ex41Jet+oOxjJp^%Qn#SwdP z0X9ibBbhCsVumiF!&YPiyAJ@~0)0sLc4nQG$f_YJND>xC_ zm{bLgYn0~im9E=cJ)h&68!w)V+ju-Kf_+QUaQLr8L5LW3zNEk6Z zyrF228E#gJ(kkQ+lb*l}8n1?1k0hmS8sz}ucV6vlpHoaDe^-78TkQalGyHHnE*R4b zs&_gVIolq5l62KY9sW8fNC@u8ue9bEq$tQDEF$xMt!2=<#n!b95@acHP(;P2FSvk% z-3fM{>g|zk!R|s4Pr~J0CqKcd^nL6_ClTm_R4U`q#CMTZrBwu&`&tINPLt>SWzI_m z{g~>6>Rb_s40M#_pZT^aK@>*a@35=)HY;lh1Ce(gEOZx~6c}H>L#qAKGX#=(J0u)? zkfP_qX>t>_YZ|-hyp;a}jSpR*YaT9k-2y5cf)W}H2h4+vP+Yywse3J5MKsB4whX!X z_MaFk(}9i(8y(3>ROy-9;3j&_Sj|49G)U=<^#Ar!hQF?Ls zrhLcn=d*7o?OP;A4JxPV$KAo4QuC*Zj!4RrR(k-PDcGHMQ?qAE609EgcQT2cYQTOn6SH(lCjdpXXMm?Rnhr@sgcXkvit(R5}b4* zwc5@VTRJ>i&1}z~HP0Xnq z8biuyDMj`v`~agHA=cZ3E9-h7tSQ*8%2~NG)A1R+^%i}xM zMuO*!q0_nit*Ea0L{AApqWOzPqhb*Dr?DA91`HR;=Cu0t-Hr#Bg$=-*QCg!_V~G@N zFuipaMaU{r>4orXFp7xRo``)t|BmvN9Ldmu@%wuB%XtuGW<7$;1FV%(EfT?~5Ua^3 zqa6Mv+lb8s|GF7F!Wg`DI=R?)>qEt6i6H6=Y#)CmrDF(;oS}m=)aA;$^fBqBrikKp z8O8mUif*~yd;(ZJt+P2%=XSp~@eYY*^?iAT1-4&J{AjQ%MnUvP*X8qQPoWOz z^?oP{%V0N=)~GKTNJ~M%5BhD+7MzT^=m_u`!%%$%YGWyF!silxMpB71l@Rs3)q@yn zFJ5+6?4qXy>)m7rQ{Rt#{I@5gCQH>Rlq8K9+&)%Fo+P^uCYKIn->m8AVe?SZ*bh3E z<$xY9Rdcx@%lisV4@^D7#Lr;78_%sic#o`FU6B1cx>)jyzT!vh$cg*B3gjbhLV@!uopsx)vi+u+# zn5PT!3w$g2o|xYl>Uv~<)sx;}KG))gSHaSq2Lz+E-LrjcVVj?9+@37BO~p*&&W2k@ zn6G~drwJH9kY5h6{^JlyuP+`%cjg!xXCX#Wzw%jl+h1{D1c&w?n~2|^ND|;TJi;(& zDSDXDkw0QIa=i~JH)7;gz(v?wmC-#U4|gp%iFj@ow@ZZvQ^hU}MM z)`8to!5&(5qtp}v8ekCCWP2hauJv(jlzWLjngh(Xo zdbZs#;lC<>RJn{@!j@>u;i!Gym7MlA!F zbL5Zor*?X^a(c2Uu6^pAvCK`YtdMBp6GC<)gINB15Ft<(oexM9MNk)2h=HbB z6?{#81EU$d1H?`jktL(_!z;V6g_=g_H!k%w{u*H~erZZ$*PEtkD$eG&F> z2uw8J9M9fp`43-|CweY<;3=qTM1@*IGq^s9PxIRT72_<7>53DxEnw~JHlsnUhGIGjJIZ-iCo^Q9f~@^ntP(F9#xX$JhrUtAbQ-y%R5veD(T<7UBOd{eP|&cDC43K&zu|M;?FP`GZnH8 z%M3Q|*Hr9EJl=L&X@(IBjs@7Rt34B1W>D`IcOU}#+=gf`G)?9gposr)j()d~M-Qrt z*GgV6iJ*_yrUFP&u$cDh^j}Z&R_4^7hp~0cV(K-dOC5oaQx$%peFbPRF|E**pr2jW zGY7CtlpebMi&BfhS>R}kPV-_8JRD#w*zR@#aIGMx<<^xhb#x>= z@E(dGZJi8-c=t+R5`YKvYE`Ewc#MQCIDomOX1i=Fz_(E`N(wRw|uHBmP@^Q|t0(u~Hj4-%DX6lJW2% z`ElLeG|sp?bQlxp?_h1y>bUoQcQG=?r>hS1fW53W`~8({Rg4NhMqqz=DNBVXQJrD}R<9b?hqpbX?Zu_$qF0vk_ zq_3k1AZxQis{%Jhb&pVmFjKfU{jRIs^b_cazO~!)fr*r5f`?W!_#v8UQ*%Oku)Ht- zHiiH_Wb&bzYJ~tTia<8)y*?S!Qd_ip$JBsl%zNqD)FX&|==F;6ja&ueZ2)#QAFq&c zbkAI{&P<8h#xM|l$YW+=>bh2)=Tp2fb!nudA~;F(J|BXIEOi^uJ^rS#YlDHM8~2|+ zp`DTS)MavdrqCpA230|X;FI{$&-K!57zul@=3+3vA#P2}?i^O*AQ-A!By+@}_G@nA zLDrz##0^Z8w+k|{-_JrLa&jF5gh|RHr+8D;yL2L&$ zm@Mwv)jT7>9ib~2pmRWcR@7N<%E*MIOGoAr#lu7v~sgoxASM(r_Kh<7{y@1{I^X7DKe9WD ze_7%9O2|D^eXusEA=Q0C=lU6E88e|<6~zXuvP8W{tkTp ziScuqD?-PQX59Gkn=@JgKQpk452*8P2?MG*Xj+3@L7?jA41UYm~!=Mrtn!+FZcs0ZSK1(vGmr+7e~>!n6!Ka9*iG0ZO&UUV?}4{kE~Tw zLm3}__fH3x{$u<24gLqx+;SOwOXtw;eTxo39N69Yl5aQvP6%#yc_)<~l1-2%-JPjA zzkSu`QBD?c7-zF79N(-BwKK;ViDhAIk>E8vJebbvVwvQrORin+_RWr|=H8#eTatVO zuWq^R)0nD+3@yx^C8N@17?*FEE_YZTvGL>cs4}lIifQI1{`kxs=j4V-CXjao#nT&+ z|AXhi_0Of@bEdB!&WU%}CvH6*{z#o*ja-pFjv<{3y-p5YurG@O!~^s)vG+GoGOccj z;P2~GX)r7HY9IoJbL$>JjOMe{J#~jMA&eEr?bs?-`{U@{HyQQ|@b%=|&Pam1`}n7Gwor)qu)WCZW+ z@m~t)foV`U5eL%NLJ+-?s<PP3v+{+Gn-Oek>XshAEk={U{puUvqer=H z0r_N7vvBqh@8{e3KTNa=;3?^7mP7=iTx)fVx=As2~S~RJx!uXwv;9ZXIxa2Sf5c6o26ghiZ@f0>6#3&t4 zQy|33HdJD~Sd+_}`h6vx?*rm7oUWxFL0_!f!{mNWRT@Q{^355?dkl5ss10w3cPg`R zDpnv}+lhUdL>fXmo@uS0C^s;Sz)I(I3VHWUy<|HuPE3nS>b%rx@xgVMN@TAU6OWKK z_siJ<_$FSYxlYke*cR(3q@eEOMKRU+IGjyV`L=EKOP0i=pi7gBZtO%(2Pn-~YHRS9 zlXf8?h~UAKs*IAi4nf>k$+SuyjIqMT>lESW2ry<@iKf_JBJwEUIXEN_6Fca9Ug4IR zcHwVe^n_FFZ69s{@S~@%zW#{0YRP-V-&OFbq|oz9$#`a-CFbz0g#7P5BytmQx+C zbZ8}h?!{ckZP*7V!!YqGX%V0BG*_Bf1u>kREIk?Y20RfXi#2^((xSA9CSp&S`c`<| zVRj1*a%+qF%Gd9*k7Z*3n10U{4K1S>xEL;%_0^xbSqpp$c;d_P_5Irt$`?>=h9a03 z#Og6c)G7|{og7YItTncv8TppCI3mjO6BO4vUf&Q{yQ?{&gsFZwjC{>t-}JiP>3Q1$ zipc}>xhF6sdvI(t9Jy5@5=qqIE#v6#|5M$v`iwh>6SxUcPSjit3gXca!3RlywF{^E zGlt@!qGE(-2%OW{Om&v(OxJdRd_GH1SVcbfOV_-cbZw|co!IzW_Rq_W`l`W0&oNQ6 zYW|cWM+q-47PUEJ!h=G?v9lh+x@T;xnPX3@5-IgfDm>eZhl~`)v@{81;vj+B(N~R~J(u!mn>qKgUl2 zgXY8lyC+j$UiXV^iZdR)`rN7f)T7pS@8_s%(u=P9<&$(yWMd$|F6%EDDRq|`a>_WV5NPzAX5f1~f&R*y5h*9!L_~rCQStg1^NGvj#?F_Z?`a>39wr(nMO1#0 zC;!Te`9ywP6(LWD1V)L+Wb!0k5J}<=vQH+>K9p%xQy`qL9amEEW&3tTH0*qZIP}#B zfTNNWhPbswkNX*R^xvdpL{OBWfbr%?)t@f~BN+4cl6QuHbQ@Hs^cp@Bl~{pESJ5S8 zB;2-Gdf&>FIFsmifS46H@vJRISW6rnShZaadA z-VxiRMIo3yAjYqN&m3jSg%L#|zibf#!;p;!UG}+l{8{@xAmQ;}(3jqjrMu1BBNckP zY>%>*a+(`FaS8q@4$qiV-USO1Hm}p)wa3Wp8gVX{d=kHE0(ZCUi1M%TMnj|dCCDeR zlxiET)UEVKD#Fl&!$X+x5?C=!-)Cg+8qjv#QiRG@3=D7$v67g+?JzlY)*Zq}Q9MRD zR}ABf zl-`R;{hLySb}t_7t14jC8ba}AzY-!;BMa4dUffmx0|{+0?AG*Fs zA*kHLG#!@QY$dYP_t#n1sOUupqtIBc3aumc$QjT>R*}{|W~Fv%EsMv@EO`+0(bL0JqJI7(YJa+pwR{=2tG8nV&;@zd;_k232t|iLTq6ao80$ zD_k-MMe-TuhZw^B-upXd**2MQvdfKnNnA33z=%_qi&3va%#W92S-kz+QIwvKU5rg0 zWiZeDRd{ek_L|f!p4a z5AK~RMKl^P2pc@4Lq!~P>PG|WBdocUSLGL~D{=RX`JGSLV*R+*2`v8!o1ykSmE zm3Ckj`Cw>C6yhOKe615Z_LpFca|O`T^Gz^T5$eLF;?u~6fA}zU$Fdkwlz)Jk;rFDI z1AVWpbPkK-=li3bE<97h(Z^ha8ou0ti-rDMMm!Mt=N;A%#CN9WVXE_kY|kTuc|2fH zW=A}{;qR16Evv(#a3raqt>^%@OZ+RYux~!kM`l&VLkiEc?Lhs9k>c#K97*H}JYlGM z8u6I>pbx=v+c0J|UG&EItDsRNQK}r}?_*s&@={nQ$nk$I*QR4w8CfN19p^=xlK7E3u zi3BPd5~y}R7(Yay7T6LTzfKFw?Ux2M8_>2ZzTeX76P9aEC7#NlGx31Rn?(4}Bi5B+^@3>R_ex z71KAGtxLO&TLbFNCPI+6PoNuqS>&mXDD&zCU5q@T^Yxx0lW|RBzyFaHJ`5o?hNL$x zzSd8o{Y3y!YUVKru3?fPG27sh`$Uz5%k~n;2z@f%?xx!{w*^g{^BR~c@>}TVFp|MF z)5T&d)i~521{4Hvx!GbbW{^LBp|Cd6Q`gPJkMjiwiLfnJB z`6Lu(9mdtnAR>m8>ZuLrb##<4okvh=?sRJTme!k4IF6Fg_fK^atXLFRTz4B(G~)^1I5kXHJVHL zU-hn&_c1Q&(dJIas#jZTjX6E9(U#t@!e0elI8)C^jB^7=xA9E3IJ5wi@LCKn0VTWX!Q*7-uY19>+I>65DR@dhVR>1%auC;D+g)uqb&hTLN`ICnXx;1#eUwf190nCYp#(-V)4>Kg z&@JW+Jrlgp{B+A^G3?N8H3}Z1y&#`@lE`K&md_}X5H6t<1sRcF0c=R_#!71TA{FgB zJ)+ZX5927b2sjMcH3nqxT=Ht}@M6Stw!()p;T^ze69~8K#%?;ottZ2ZA|sL>a+F z!u&Uo@{Jf)JyU25?sh}o^KDkhDfES~k#2skZO7dTI?HS1d~ z)ygdkVsUm@5H!mr?+pm4nip&Kc+erOU{gGQ9&fUEvcJ};PwI@tQx!`%9+JgKuq-fmJ6??iZsu1A8+5G zLODiFMzSPgwA0|{t9wx*A}Sb(YescO>IxC&xe5MJ6pT)HgKf$=i0?ONa+U`7+os#P zDa#Y7X>d>9@oY(O1J1tjrD(4QQ$PyuQd&eZQvX(XO*xTanlxdS)n?Ss)D<^tH!l?EmcG%~m3%w^{i_TTc8V(Yv zMLEG}K9hiUf5uJT7rnJI#a*|)-iCPI%hgGCvmk^h*qazu1MA;TUNec5J?#yX+Mjyu z-ytUWhu%=K5O!OrbvWmsW@wiyjEFQYi8;(iA{L49B?G;GO(N_TC&{2WV7m=*nus4I z1D_pYAdbN0emQ}7q&fKM30?2u$dSmZUndZ=gn&gO9O3$n?M{T@5J`W_-%zo>bS{#{ z-77HReRn5zHI&So(VMT_WmDMW1rI8whawmHI)Y2NYeC^KLIW|tJ^m_Bp3dwYBP%f1 zppsAve?F_z(RDp6mgj%Pv%pT>YNH8ymk}3N7!HnGrX#Tc*pA4DF^|A|^37 zDz-BX=D{d_HgB1}3^>B9K*M+XsnER?9 zrzVtJ-AY2Fyub9!*rhk~-Fj3=>}(#!ykN#|1@-tq_6@F>AH_k^wdpHU)QZx>Om7_K zt9w##h>{E!X?YuCjkY?4r)oUu5HlY_bJg788@D#iIs!dCmS$WamvZrA<3Zlb>jAAz zVo?J*$ZGI_H`^byeR)-<-L;=JRAPTtC`7tT574rST}ujg!{&~;!6q(xUMOa=D; zrA*2^@ya@DbWEY+ZaA=sa_Apfor?WBGG;w=hLmh_N(LlpU0J@b~pQUn)A9dUtTReaGDb@ac^NHsz->fCXkwHuX`$TVDa1jFT1fmqzn-Z!pHIeHrf(aYl z?jL@nvT(NL#^fU0rO5Y5^}JiA=NS8^7m+ygsf6X{G~eD+n;1`)Zf$AL+a?$dxP=Aj zOtuTM*2TZ|uA>2Ty7!>DxCfpQOr(C?vpf^uhh~SE&W_WdB&-jrkE{pv39=tR>HX}> zT@~1htT6#i(15_SAkguB-Ie(E!9C<{u>WURW`4ul{HqD6ZnNu*y`2rEgLQQ=M<%|G z>j?H(t@bH%FC#rtEAylsP5k{_$T^~lUUYF?^p|Z1dVv_ew%L=6(0waZM9>b9 ztMU&&tq#C*pKK6Gl2#!wN^-4ZiGk(M_E#6!E{MSH;DdGelVNZ%7`SK_sLj;b3FZr} znlabXK<-LQS2xN6{-{R)kpw9dZw158OR=B~k|FhzuYhH!?<}wl*}r;&5(SqWg9)nn9+;`R7zxp8k zNTm;+owO=@x_E*Gg8NF!GS+sZt284oy?n=?RPrGPBUG}2IP_#glRnHy{XV3OD9fR{ z$v(ByE~hcfPs!Q|PHQc5-anz$&|+G5dj$2}PC)mCTJlj$0|lz?n7YwE0!eS7%jVa9 ze!OHh0$d8L@Ll5td~n7nKrl&_S02Up`0-C$)b*+7VRx&?D&H(%$caGROCt(^hLbYtXyL24i_;B^OF8Ez zZvi0qC_rj^?nB&6gjbVGo4e=&2SqeN6!^-PI;(|}B85GvQ@9?c!|Z3IL_t- zBebbD4g+62a!7pk?IVF8(&@}-ujqmN?1ISk9#>DvMU34=7Zut zf)`70DAV?Pi}6yibME&1BalJa${%ECNfaS3!iG5WfX^D{*f}M#Y}0FY=l<=pL*Xf| qi~NW8&Qg6}3i+L-SQ@iKOsY_6d9yFcW)z% zJomYGeta``ejKSfR&`F*-fOMBPo$QH5R$UeesVW}#!4mzsjP0sy=z)Yp(EHDV{OvUX4H6QM%Nvla z4%qBy1>2u=2O)hrethU$-J~psl|a<3-ndgZ%#sJRs8dm`OP#ecF4HT~eX2L=E57wZ^YVb*_|t{N#i$(#F^l}et9zfG?R1~rbo=bs z_V%>^J3B)q5E20JmO|9?4G1*NqQ(FM+2E330RRi#XmTJ>Jx?$ZAd&OmRGXh^=0!|u zRpEa5g}L!(u&?s5%|hgo3kbY_=b0o!eRf%vx>c6t%Rl@jrYn@^!^2RTsI|n@X8Zhm zy5hw+hw^6P5}~8u2K%6g;}cD*;|YkH2Fa?3kMYBd_KDymB@t=Vo_dw1}*nflkB_BU66e&N* z9T$X6YPFLrsStL4=OyZK_v`9YHF&-TJBR)n9@B}+-5MG%Wfo1iX8h&p;f|eFm;;qP zE`qw!_W*I5yZ-s(A|g{6Dv3qH_98kFHBI8Vc`8yt7*pQNw|&Dt@Z(}719uoL8?ZCK1tPOoZqRlLfO1HW$LmQ`gy4( z*5kcreoE#nBu4aI(LzMm;EWn{$+oN_yrH57t>oivm(=xNb-EKXBa3P};%f@_ zx?BSTg>dLNx-P~gVhQUH75sNCG9MB2KMwLEPNy;gWa5JxABLlOMgBy$y>{t48jlpS zyo|5tdHCti;rl?wtloi?nk{4$%d%b41GOEu-dR+CS#jQ#oE?3@mJ`09t<+6(VIwnS ze6x{Ffs3Tc*M3p6w*GZ8VERn(drsd~v|f}TA?r8-eN5B|Eha%voX&R!h9~33VgvypFM!zQNCLjS7%Pn#{QRE2N@hs(>4^64WO-Dpn_b>aTNddK= z#vl-a_*gWn;h+u0hlc`+4GLJ3J%T{f)LUp7sHN*1KqJi2O63skKs0MAPOHIuN&Us) zq?P11o@ysz4nY}Tz8tFD{eBs7iJF$k0w=H@c^x#sA}krw{2BB2!omEd$po_9`X9q!4%Sh&`u#HJc$z;T&@{~ax*mDlB2&5h+ofU4Fc zY49E23sfdtq58sU#md1Am-+4v{&&7GFb0=ZHXd$Y%=FuD2512F-#-dx}K z?uQ}6;&vuKVUE5NXD|{AkSJVRY5k$ZrF-ROIa=JMnR*L;L;Qn3%&7wLVr~^7FifNH zSpvql9C*`q`}fJ1AxRNUJXJd6sr7+3#B#+_Jh(ve_NFaJ-qMu6dsRvVrjP43ZrZTX z-E=VjI(fi;zW(y<*RR5$6S%N0>AI%yY8aUUJ{C>-?W&8jj&<90w~w+%gjV|ox(Ph> z=|_D{7j1!s1zEk$PL$!GX(J+hgr`(VqI*NJ)aa9B_A6@P z!TqE(D)HdTy0hNg@))BU=!#)Cniia_`Gm~%T^KoTS4HA(^P>(XXh2@08{J+_My~>I zdt1G?Fj&+T?R(`zzUIW#n~CzJR?-pNk3?>bJXbO1o5ML-kt7av=SfBEeD)}I$Y*!|C)gKyR0Z@niZBL1EhK5^xIx@dOz>;c;E9Ot2UM)0G?REX=X>-q@f$Xgo8^ns2!)Xi z+$gB>E0x!wknt?YN$i^h{Eeq=(X%nb*3i`}0x1pv^4bTB!$^CEUw_Bb4*U8WZVKxz z52eyXDus<)><34L2xHxbXn)L#^FzfudWWoQ)~~^djCRQI2A7c5(9ke7HM&%qwwujU zX6sL88LfP*f!t&-Ile{CNip5v#SBk=kolCse*m)iZjAMnj`V{t&EIx@BbKP}o(P@%e5jZc+>?-+ zI_FFUA&nRLC1N+*s-3&b5WE6*F~y$kxE9#{Le69f+|B0M=EoqH$z3qv&(!dw|Iy~k z9Oi0Z$H7>|7Ea(IO;B|Sv&A?esJ+!0)DNC_ZJCzDQvI3y(>fCNI!S31c_V=?Vr!ym z7*0s8k6DqA{|#S!PuZPGXfOO@$=mX|K5muPa1mbAd)#u-6H+|73BorUzNF43p?h?V z$f>3slrxXxqR4=^;yEOBi#T_%D%%~8#^ZBXrBx0UrFISL=C*Z2_p8-1``|qagNQ-o5lwvt zO~flEd!A{Nk}7JNsMkgpGL=*cEOk65w)U3F&eg?n#M(_Mib1sjwg+BqvsGGM@RvoC zG{7Nee;2Y(P`Rl=TEPofwyXZuk*AoaM?c<2uelu8#eLF5BKemK)wJU5o_ef6F}0i= znc@1)xeLwyuR{aY_c7X)>lsU@X0pF<9M6gtZZ`z=tw7;Qj(wKPuaXmwzX{s}fDcks zPfthab1N&c6pSybpgRL+!{>h{b9XgHyLzqJiv5sUW;-Hp2%?a7sXpJW(P1wb@3p2$ zcuOUjYM>Q+TWrkCZ5(*dmRvaApXze>y0w9YvxEOC5%AK#=JF%aM_hZA8a1FRD0~?- z@4y(B@}d_?@d_MgbU06^OlL4tnvW+NN05wjJfSI|)0}RX&8??DV5~q-@zO+;M!h!s z@bc)!*E})l%$qb~J$JO9I-gd@mF6uOJZ8OlU(dBZOnb=CwVrpVc+TdlO<1G-E2Z7zDn+NyE$TdKQE8K;Ee!-t4YPLdeaPC zO_;>f$#|O`nXk<_a=z6@LI`Z($@^4Hn%yqtjd&hx+x2ERQ3BR07tyB!9g^Xao{Xj+ z-gG{wo^;Jfi<9rdAF)(ceUT_kp17wE3|9T7sKDFVUk25tHPP>`KiyKgOFjp17Rh zTP{51=26W$yA`kcol?z0e%qWe5GZ1(@$CeRH{|8R{tF$&se}~r zmdn1dgBsTjUE$3P^D!ke4c{d=7J=~n_KWByHu`uvMI=sO3QNIH>xokr%hfxIbyGDUuv!#WyiJ}P!)coq_$B>bJi*x0VokjoL_ zeeaDDt|39SmMx`%SBK0gE9_fXl@;aDE>3~UN4#-aV7XblkQS&W9Y%w|qM`eF1&ys@ z8|^};FpVtop~`w3X(#xNi`t+4Il2E@UR}Mcc|+1`wyAL|W#n@i_f~$Mk%*s-^{V0T zAKrPGS1r=Li>4Y^;?!b@Pipj(7e7i!c;Mu8WxJGln$$i^R;}o| zqWGhv(Jbtn(+AP)X<*e18!(UU&m}<&WQCMGx^im#x!UOA{I*Hk#^XDMr$#%2Io96> zepnEm*vIW8@y0oRoU7OgBmB9{`Ek6(x;q+0@-6;IdTwrH8*1AmWSfBW$0c4}f3yxoPj^Rap?qRl9khXM+RLG1Rgc8Wte}sa6X~zpFqT z;;_+XQ<~LxORrZsKk!E*cfVY!B_1EVrY8rMJ_TGsU(gp_bGKb%;0OnP{^k%>>3Co~ zKf^G#T8YUmaT7EDB<3~!y$wBMq*AUn==e*j)~qYo-0jaZ|DHCLiv?e0ORxX#XeFj% z%Zi(%a&D7n{^E)%1-{a?iKWMp|Cyj^ZbWdhy~e;TFAO=~3Jo%iD1OxDu~iWY(Um!h zAY7-XS8!eaT2#1DMXEqnmRery>OC%y>d zcM>^wC+2nUro42Y-3o3o2c6HqN#mQ3H>Riv;eHp#R(^{L>?yG7o;TTcF$x{;_}uqT zTLWT1nO=RI;O!jmANO?%;JV&SsauEot#3*c`TNGWZuf&W(_|I>89c7LjiUr1l_VcR z`#08SZ%*A5xWe(?_qU95ht5rY_M{JrfkqMGc)yr-3P#+~OuP#~$|*IC|I9`;-qAwv zI>#u|F!c$`XJLU-?0ShZ=`YE_D`%U_p|JcWVoatMt*ZlH|JD|&&?qxf{;#oMpZR#+ z023h$h(``b(pv{8jP_aGcb3`qAf<+UE`2g%CjFQBi>t$s+|!t^L$2&OjfjfI3wY)>_!_E zgFB8=t{69vmHp*&9R+)=g)K-A9NF(MN=-(PcMNK&ES=ze5;5Hu{)E-9nfWpeI$Wdg^R9E zgk^Jnn>W)5Q^~<)8+{TC^g51ry?*fF!CN2DH-P{oOK%=L!Mi!nY*Z&c0|Rpt^F_ph zb+Ek|oJdgwf{Gt_37aFt^e&gL+U6iLOr;zx*i?w%mWk zpOCyiX$__9m`Zt`S79izFPF3#SKGuB(`Iq0imL`(Obz0SL`-xXy1~#Oz59X*ZM%PN6nMCnnwKly<1Jk_!Y0qx{*S76{X9@rNv-_&rT#Z2$Bmlq*A*Gk3 zR?p@(kIMsu)}{dheVPXo{$Cs1d_^exC8)yh3P&qj{DaAg$bocP^e4ST;arad65LC;QQx^{*@a#>kghHW}emBl)Sz=^t znXV`WnmOgO!Y->Z85z_o#i)r$>^DvWyRkHt2Y;{T&35O+<8)p`3GL*!8@klb8ANu6 z0H+%ujA1BPVRF8h0V{Wiz}AQJ5fRt*&*i*ddMrsPD6FrbGas`c1mggm(^xjF&6n9sWW1p=_7}yyW|S$yq(g4N zTpiNCtCdsvQ)ApMaZ2Wg%l%1I zQBl$6e&*x|H7@IcxTDi*nU|HAU%nu36F?)t6-%Qwz|)39PB~d!{!FX3yR>5i2MteAMgSmYw!g%9PnYw1&-=SqZ&`6cn)5IW9K>uCA^Ihli)i#2AQG zt&Ci3@acm;A#Qj-Ofd@x2^IG;a(@^yjA;FF?Cu$8&a@0B!jBE)MM0%YRbq~2Xgy}` zWx4FP5JjaDMz&VOSN!Qu!ybzlL+%-%Eph)on&tzxnZV4EJOdgUO5G{EB~W|$6){N8 z9eBSR1K5+q*y`7mSu=a(>rzth@hY*kIE#|2e}TIlndO(0%jlGTvKpOnz2n;(iQUok z(7&3}ZGR*IKr#RNlVAa1Ve5rzTWG(vmsh_&EftGRWWPKEzbz0?)g*i;liTxS92~f7lVQTsE;P+s%4jrI=RH?V{ zme)GGwpw53IOJZ9mI_s57&_`H&m-=QHq>zOq5FmN<@@l2{k}4@NJeE_C6e-Cv}L-6 zBj;*7571R)D?!qR8EE@`GIN4(A^nv|rGt2aAQ2Uvw2BY~lUt{2?cqZBA~~g!euskyWk6wz_&CRWOmf591Ur*0!B3Cxz3ga2#G82i87}S0Imd1-0IrfaR z_rLE!=(kvac`mGGwQTx%e3&XxP+xl$Q zi@m`RZ-jZfbo@Z?8~Lh-tU465c|4 zO*Kk!ta9!R@yWmL@qJb5^cGoIXK{~A3HQS*w|ya)TKf-&ODout@E_(Yn2om-d)8ec z9l4cF$;PLN4E1d-C^RF`XW<%rKRNgIXbuj6D2q0?6M_f?Gb({re}4#Bn}^8j)CwhE z9T8{Ff2d1w5+^I{FNuB%_x578?$Yh(KE4DBa)b4*~Zv=O=%AF@l0j6cEKp+rmz=r)((FFhic*dkw{(Baf!UV<{LGC#U z9@vt-giSD6qM-)fB7$ctLZ2s61&c9u?}lslk-DNP(R^(KVBFC`#&a;3O8y-Wzc8}s z8Rw~>AQP<}H6!r88S0Ay80z`{H6%&$s?p{HmEH@i`gAAeU*NNW1;a+0Fl2LiNjb~5 zo^T5uBy*2sWsqgvvzMAQ2eB0F7rr3iWxkuK*AP)S__{Qk_g(os+HppeOcnHk`(7uj z*5~e{_Do^HdEvZD^s!+Oi}Pis#&7nWKo2}S8V3n?|LRyq^516Ljke;cmWAyQNF2GT z21B?w_J*BwT!5=^6hiN_(}+`J)&2wH?b`}FfqSD*PIGm&w_5tfEW{DYbX^Q6R@fNw zSP-W~P10`?pLm2oM0&x77!G8$e}t00N!S3R_QOcY-~3z|arr}5T_&aIthA&ss-bXV z=bixL1MKsrMantD`0P3?MK;`3x}<{Rt;`CgH7IKbf#zF zHsj)8uSM)i#*0FNGKHf`p+5*aE56XSZw#e~s6*{o`4nKw&;^7lnL4?2?$<&%WPg9I z4{Z~`{}oB9)L9Q%gm+aYV*u|oz?XI7WbIE^j>c$bAt~w(zPf=K8*!Z27#&%LCsKpT zl~P#=D=Sr6eoYia)Eawa#MFtRN%N1`G-DQ~JO3+#y$>B}HF$MtOfg9T8L4yIl%v~# ztTTuw>??G6mRQ{u1X4=nVkKge>*6u$J(M2<1qSWPv_76D`>%B=h%zYD0Th=+$tAY9aqQZjwKAvNwS9M9|4VJ3lS>J?ij#^e7Frm>Rg8v zYQv$@6Cj|NdZ9s$+~ z7jSF~l*3D@)+oK>%Yi#?U5lA9F_SB`S1E^QOohhR8XDb0Ljc+# zHaVlv2CC8>@gS;B-6E)Mkv-6=YLH)%;;hHSY7NoA8XZUe`c>iMRjf}s&$QLbZORtp zICXlYRAH^Oq+c~Hi$>m^XNPAR)~}GnCkL2EJWRv#pkTM3Bl74kL3$|FVx2zPxm467QTSs<>trAQC3uv3;%Fo+Sac2 zGqenE5E}XNErlP|NX!xY6pYBl+32;qZoM{K*YdH-0AT<-mnhcA>dCO(7i%&fm9sIe z%`zL!R{uD%NYPUEOupmvt{-2K0FYKzNvk${>k+Zw=3KJ?Vnpu`Ngn=z=xoKBG|}5j zad&trA#pLy-$_G=Px7+=l*+hNsX{wkKWHgOAJdU)xz8LnX?6A2WQNm9!MiY^>`iW+ z>1FFjR_2^zz6LUw3Hw2MYWsE@i6ESaACRhQ_Q(gb?VxKIk%)urzqI5Iejh%P&oxxo zSqk(9jcPq$p)CfAWjzakfpIUN0mr2993Vg~^ts&hZ*(~^ADj}sf7$HA1T>&D5nJ+e zYR9Dg#@@fE?kej4DCsR>_gXdra?((|<*0|{hhE|r=#{h!f zQ|3+@`uN|gOA#%?!aqu1h2`$E%)q)&gAc%9FKS;j*yJ|uKGQRxf)$KB-w>RTknkD4 z#?j~LK)wF=s*E;`j}KKd`&;Ct489SHrD>2&Mn(n^!HA2QaL2pZ2l8HnqlQ1JWbnThiV;7HOJip%n!ec{5^W=&Q`W@KGFd4MEbq#^ zX^0b5MriZ`JF4{q5ao}@U=P!4ZkVpBDKTJSZU=2sL#;2IaD>OtRxo2}p!OxEoyK6F z!96Lns7Xq(PP z3l;0EIXPqaF98&r+4X|h^X8KtgymqR@d1g!d5$ldg2^hHRCf8AvrR|lO5`(_^Y zxDKBvrP{*C6a+Ea3ag4!E!)XO8ES$AGxzHs#;*2n%3D^Tu<$a40K%5#iUIccnrD1d zogaN810o`pe$rV6E1$bkab-%D(XUFhaEG&@&_v%buAKx=a#ea02Drb_QHVME>gh!$ zpiqQT$gxxJukVbmV;H4y+>kQsbjF^yWM}-FvB7pi2sT|0Zm5V$M)Yyzjp3c|N;!lx zjO;tg5>%5+25z5y#H)%%mS@JO+i!kPBT5&b0n9s|eRc+ls;Wp=_<@l3Ukpk3+!hAW zzzP{64j;*nv(lrK^V7N@D>IK+v$Kl5fE9Uk6RK8E9w&AD7epiJoV(M99f$$TEY6<6mQv5ua8Qb=i6;vg+m*CG(33ivE5hv)$N{xW7OWG4gw?^ zFkZWkdvMjD;TN%nOw++WPF2&2#i6;C#hfeE#FA&1F?_9Ua7Kq(bNDqDIUy;Q>if6Pz|-JmI!O#sGoQef4i)BegDbxePfO3(tK#_s;xRL`Zj}y1o%M4`ze^%^ z?P;Yo5gQHt=5W20XNy@?(|5>~AA#v&CO{dAsKW}J6)fnfZTXa%hN#`=>}nqRkv1f! zsKoDMFyqT&#MuAi5&AApbtPGgW>VEsZ(&i>;R6c`zij%+=?sVbABOD(;~_ZRt|Xq% z2~+9VUtei?0e$SA%rAvbRplB$&{NI69N+kddSTTz&N1%5v@K$I>4K7gPZ6jf8A4k_ z_tQrT2=sGY0X=>4q_V3hR7@7(d&Nk%Muu&(&@XlvFXg(^`6}7H>Qi~}u5)u_yUQBg zE$V%h#iTi0>W{@s@+*A|6Nl#i}KC&J~v!5<^>Z}YGN+Ui-3nHUc= zcL8u!ZOfw{UCiSR>M0R3d5kH0=V_P2X8_BkZGlMYX_oOP)c^W*)i_V3e0av|w3GAR zuWAtON3ya*n`leIl^spG@+TTYHh3cbcHTYn^Cum_2JuOl^$rYJ55aA3mr_^{9kAq9 zuaz}jnOrQWAKg^gr{wTg?q$27PL_lJ&$8=BHQ5jbQF>0IDCg+-bBK9|``?CX`cn1^{cA5aF5A z+-!6uibG{M^SQ5b3C|=NKP3xY1;*0ws%&igOmAUVW+k<}X3QFWdwxVeiaIAfa~ddZ zo>xDkF$1FeJy!5oFK$*DZu538ImpUhDo;u%co65c8-#vR=%aD8DI2hQ#0%xFV|IT2 zJuA^0^u2LAj5ky=GvUR5CymiB<5b>!F}~BM_jq496EG~;1SB^cE`Gn17C1wHHzeED zIzHvgRg%Boq{Ge2`D{8BmWD3sT9|)9N3)#zrwreKKK+c#KqJOMU+ULxn-uC@#7f8u ztv?vV>HWCHKbTvl&r&tHOT^ngYc}&{G4mI`n?+0hxA%T`MoTwqflE_wBuOvJ6~M^P^}lt zW!>(KVU*;l36kJ5l@buXGwQIYH)AMbk4%|_Am*0Gr{=7wT)GuV-*rTfJ<}6J9#M^Mhd;nZQrH=me8C8r^W0C!`j!2r96Dy6jE z_WjD6%3~Jz?>heuOr7NR7^_18Q7aJVo1~KzH<aFbcT}C2XD6*H6 zIFj+Y#RTXB@fZOC6*^i>GiS#;&a#xI3P;S|8kzfjUsG@t1iTgg zNAUnsV&(VI2aB)9u4M@lsqS5MMTWjRo2&8Q5nPS`ZoU!`PZ&;wrJ%KfM|rR8H`@6D zefxdotm^O5+}EM?&0$+wC;j+PL!w-_@UdbX3hWdk%2+ol8onz0-Mtsb7TRQ+HMHUpQ zQtQ>Ud*E7#z#DL!$ps{^m7Fl2NH|)u2}u zqTYO45~nIH5>#%C-NRu#R~7~wSXylG$?2hODQ)PVSybdW_iVWP(#wpOuAT>LW(Gnr zOxrOx)iwG!$B%oRj59zI?pC|EY9`WM(ZBVMdzi$0ltlxkDzEp_PX%U6;AmcGD98eW zf*HaSSHyT23RHSG3fpZ&L%!I+xQt7cON6&0Q7j8ow{F$m%ld__E{v1v=kt*3GI9wz zhVczB#`DJu&sjIH%*4_~3(gAtvT-WW3pr-X0A1oKu>h+E{TSGvF%%1N@iN;GTH)Z< zAHiqQ(NXdX+1cG$nL^9k!}vmm6lOc-SWaLeOo*!|HX=v}ZO?{wLEE4!SB*g(st9&K zsY-eSQ+FdX6eP?1^KI5*X_w5a^CS6@rqnI7>WgXJSgdxw{V0W$B+v3V6t_>bQ5xi% z5v2_&`@x%NvrRL1+f6&>ume;{){<#sJ85^XpLR^Uzqt5=(;}J0E&xv39BSE`V`HP% zy0Rb}<5Us|L=Wo0&~iPyHK#gKSzUd!CzGVz+UVm<&PDCqIj0o_%0W%6!Oy8^Qb)m# zL?b5s<=f1Dznv@^@_r&N#qP(xY(~qXf@Ym2hU?W|jJSg&{VGU{Zyy7;l8n3uB6%x;Fop z;b7wuwSYJzyO`#JA6Tsl}x)0?4&E_UVI*)&r2h<%Z zXA#Aob#~=JbTh2G2D(wd5I#H2<$Q*}%p#p}KB5&HOA3k7e5e@&*-NRDJ8`SlJhOx& x2=O!53-CyvB7uhv_bknT|+JUCHkA}O2TB~ z_A~%+3!tm11`NsD#D_IkcWE-Uoz-`uqw6Tun*PmaTl?%jVT9(va;tFjD)Rmb8(0Yy{Kjq_tyFB%HyhV-<`kwHsP9v z`mOMM)ji}RkIj~V=bKDt3tQ{G_Uy4Pn+NV)C(7us41zqApEf)0t4CIHwD+GO+F54- zfG4jWUH||-0G`v7-Vy>`ps3;=NV@xM7C@9A?m z3Y5#2RcVaLtL>8+m!ZBkbl+5&Or%|{S8BkIyK=?Q1|;W`LwbrGmo10il(TW{F)|%W zb3=yAXo8rW|v57*d`E(=d1 z5zBY%_B$25e1r!_87s#oVH|n{|oEOL^TYza`V;=!wA0Mqrb}ya!QA_5A1FU+a6;n?1fm! zF;Ns5_|%PrFcjX|)M>rvc^?4ybY!lEJRBpiaYl}E<6Ha_qa?wB!;~I+Vsm@-6&Ko? zLm+~JtD|Ow9RG1Me8Xa+Z|l$3ikR*{L5A6BD19s{7ub62hv@{?Z=#s>Qu?chLAyIP zk=}ck6Sw1}y~Y~{>PAm`Zr1F~5^PilB9y8=mZ* z#&hBu!eH(?Jx}$)xt!P&y(CrZ${||>%AG3A=5gwmE9MCqDWk0~5^I&6RBwQsQ? z%1XlxQ|Joeek*n*Gr~R-HQU0!x?8)ZFhximzR5*&+x+-Xa~VSd`0hw~FOX-k*Q38uwX!}U?2#O851>}hzoy+S7n0fLs~^J? zdCg4{6ssy)ZOe6g3dc#ZG9ul&4jrv(qa`5Q@%zf#pJ+!@oXim^JSZS2w(L)iVt5CM zsy5<0)$%eGfiA4_EAHglU1uCBzGto)`HphkamL=Zm?{BjkR>Ntx3`+&Ao!{WsuGsw z)d{6tO*Y`+Zo44EdD3P>s(6B7?UYd$flv(Bm$95eO z!!S=-$2(_Ajb!R6E_SGob5s&)&_SJeUlg@yf$zS(9Bi;pA)oF#B2jP)u&8yBzAFSMR93aqD!1^o{H5wam3M*Dw-VAz<$xm@%5u&lY(udr&U|G(ppbXI zo~i->JY*wyckT36xVk%8N0xHjL2M88#R9H(OT~TjDTwwq#6e1{dT;wR=!+e`e#k89AQ`IHXhW^N(se{K+C_ zTC8c@U3yVu`w6bOu2?2;WAbg7mz+vveI3Zqp=n~S#U^k({x{zS+y=k*)7++en#Z?$ zA@roTJ4#E9#i4q=tM$n)eFwTcCuFhP4MPV$V&@(8(k4_9+2^tGCR0S+ru9>-alp(X z#FDFE%-B0`iYf+ocvR8L@~w7tY&o2oYaz?=p3Zn;cb^{HecD%^19GlWHK|wXwygZ^ zQ~YEQv2+Z+v-ZjTgm~Tl<7@?`Ft*fkNUq>vRFb$GCWcWu+!InA1^~R_iRtZYhMoRl zV^{~KQ?|f2s)D0)L(JSj_B(8mhh~nMGToSE#0DbsIMQ&{b(aevRHfX!hGFWl;z@_^ zmFPw?a}9a$PD;J}aqye_#EEcrCT1v9Jk z-|9h``d-~2d?|fmt)2{#M88AWjv*QsT9o2$K$M@}e!8DEDZ7ihbi(SUFI3zAzN-$^ z1>~54hkli%cGt!zyq54f<{bbjz%1m@g=*}4fLqC5lCo3E!1I?uad+KjpVU8^sIn}S zz)BNOr(KAryev~y_}Y~I^7!{J-QnxI(XH#*L+(}~@8IJpNPEo7?J2%4wH9*b2E*&(y+L(3##lY{ zqsf8M%P}sib>AIE)1H%70%L`Q?|ManiXDc2TIcvh83FG?Dj)GA96V zVwu(twAJX8)yarFmTryyNHmn$J^BYXu`zFGS*l-=OI&a6J1RZxxsT!S5UQ^lZOcLp z{gNSe+cSt~OR9i#;_^B*M(7|}&%zS0GL|NfI^QbNKL z#qb0n$L{W8J(eU9p}ljZ)Rze=+}I3LN8t4)D>!g-D1h~Z3DJqL8MqN;N`1H+VRw|j zzrdeFOU3zL;$U@jwFmnx$+4NMi+sWpLn{P$*TJ>LZ8hc77l@LH-@g`niq_xdC`U%T z9uAG>c(ikn%TNU5yxDq;9-2vW$=oTk-5KF$lqS}+sRhutoV?RQ29sXMe1r0x0~Gl% z;D)gH8l;lwg=31V5TtUd)M^)|Y1dLQ5Y?5MUHZ6E(WjLsgu?OmU|c#p%esO~9zcfLx{z)Ck$PqNO<^8L(Rtx`22 z?vU(9OxlWng7?sG$|=v1&^p4jJm^^Z%61abvrv5MRZuVL1#xGdPd`{Fmel!>o>YzT z8t@3(M&Wk8AQfw)J{s+!63ESNv7}InkaD2&(;*hXt2wqZNepJPW)po3q()Mlky0xb zJDhmgquEjY))gIz_*8vGA}9?0-wru02uJ8NuA-R}PM78`${d zUW@0HdaXWwzm^%FY*pR(REBC17cjHxY>$oL1h9Pq3~c4hX$G`ywSA}*s$JSS_s z<$>-ROA@x+GRjWBz^1hD*zuq{;Vn3+zw;l!tLqcVu`oh_%wb;B3HCx^n*nw%%3*NU zpd4;}5QKTFXIcu13=NswddoM6fk2+6=HL=kXX$4qj(gl|J0fGheEo7yuvU=W!5IjV zU29=SaKy}skKS9^Z!){%_N!d(4fTp#?Ff6lLm5)e21AH_eU9d}Emr%FQcuq16-a`b z2G!Q-dBBr==HQha zVPzdP8x(dHFsCEZ>z7v`=LW)exGnU4-O+8Y5R1^HZZ}En7L&Yef(bInZkTxQyGJj- zjkoB6jZa=2N9Z0RXTl=$3^F-+v#P~ULu~7>drXQ%*z2q0ZU(yB(qd8&Ze7K&$Bl$# z$MJQjW9M+_e!D{62dPIld3DF;T9DiEwjeB4SHF6BwK%=iwS+?e)#^4)SkR$rmeXg# ziLVrxG<=d$*X$_$Y(ukbEpl{ep?YkR6n?YXD0m=b2Da)P2Hp*&>j z3X|Tgz4r^qT(4VGZmw{Lk`7i5j;5hMKI#Ydif6d*wau;6=@}!{R6}oFE4wQwV;|6! z8vY=^d%lfp$7entgMN$IIhe}ZT4UVdb0Dr*wR~Qb3152=%}NXVXPF+0V^=TnVcOO? z;Q4;6$HeSpk} z{ytIPUjD00hSEAj(Orc8g5j2{bH>tdxwO%k= zHsm8s8Rtv0OvD}}8IDe@K`J>gCwcD$K`?!Cl)XzNMFLM<6+fXD$h6F_ULUB(iZ-Fs z3kuk$A1u_&vB@Aq3Hmv^Gxa-8OW;&q1$#bfE~g!3za=L$Ln7NvbI%Bwv|dR){b=Dc zTQPZVLDsSZ(N>tqSxbbpnP64_ydpuCEN5oZc;Zzl$DA1Z$Wk$M=<1g1(9@9jNc-b- z+JMCI{Ny*m9REKC7<-%2(Mwy8006T>{8U6WjpQ5( zNcJ?m+u-91E;CAMO8=h;(U5X9|Zjq^8 zV1FODDKnp`AfZkvsjmuFA2y}&ykypu=?H;5(h1xls&GAXzY7LmUY+k6hzUOfkk6?y z$iLN(?$%-vO=@pq1^`&u(qa23cs9~8Ds!?n6jU$kOpZ@Y3-4Ww%MQ5)c;)ySb@-Pm z7Ui=1Ut*H~ntB@f)>bdOZ7H}M)rTYAPQtzIKYDLU*^OSPbGuMSOgXQP&QH|8@)~ zHU+A59!PqLI;wo$H=WbHKBX!7mnc7IX21;BgJSpn#-xWVO6O(?kzHDH#tevpklnKw z5r|5q`uOkFJD{O_^W$aSxW9ZlPt(RyxhOrr2e|p;5!Xh9`7Xv0=q83kT46V>iqMfI znK5Me`0*qByM?-*0_6A|JaklOdh&a+*ucgfRy1>+-DrF%U>W9ZIg9A=*ENeFNhCEj zWO@+Q`jW{s1`lOKtxH3C?qKw3fxW}Nz#-Y?s|7~Xwm4@EO`k3zvsxf7y$;2+R=rsH z#cMPMN0LR%Ffq2xPG-T~baDnQbvc#Bwe5fJ36O1Wt$3tWYPWeMW9B4W zoe8;;*FF|wyR%jHvqM-$2fM!#9%Pz*7VuM3uF*n&R>G885*sR{G5y$YWs0D7D|zCh zQ(evtu|bEvc-Jr-SF5z?b$rnlPG&bJGI9iC^=Fz(MyW#B6cttNP@h{$JlVFa+M_7g z9KML@D3Uw+Y`diMF}Vev&#L?nj>K+R^>ShM8BRAKC~k7S6?NAu(q6cleKp{;iw%A< zc^0#?c`d-??_}D|!6G98p~BY1{MEs0+hZMW zIUOcrvjlGf%sP=+mQEa=>>t^a;q26Bz*Gcx!NO`yP85W{#MSYZTIePc-K8nEk?s8! zo$VTM2NL4@!|=)pN^q%ka1O;E6sbm2Rem}lXvXQ%0V8&j9y%aO%7S(&6AJIuJye2* zZD_3C&7egHN3akEbH?7IDH6weiFI|OJoE85`!S=%lPU=~%)SU>ZNqgv&_)J{v`TK;x-=hb5 z{&}mzuKN<4CC-)5A$YyRjSWas7&@=9CvXNPNmzCG2PQ)D7%TO`QI#wKx``bo>>kNo zJWAiyV#V_8uNO={x6EHh^mq!n{d#c6{Bf3cqUjJ)D{N|B4i_6zRz*{geD826Xxq33 zgE33M^mX>0z&PcsdU&dFxi&egqHm>*kG3oA<(DxrUqSm5Ag?@M#_}cQsipMd+C>h zSy9~WS~xkXeK<>ap}w@|MkuFTiHRr~cgT`hHJJ^HoIYmi>?k$VfVy+Nc66bho=^_a zkUDh4vJ||gW)Ni;5YTkGtx7e=+K1P^W#$QEwY><4HQk{KxB1MgbZ!qT!C|nzOJ*t3 zzCRz^g)GE|?P4rxYoUZp-0$pC;c^;AeTqyJ&75Jx?L~7+sHKWOj0O&Hg@vA2bVeF* zU0_9z6l?5eqa(DFl=rf7a&sM9-Mqag9g~zR{?6gNAfUIlBo3w=zUR6+Qq1`%#COh1 z8_ErfJlcbmmX`X^dnpvf2#t>jIZpp`iPJLOB^=PJ>Fiuyhg^qGJtka$Ro5Zmz5Q%} zj(N670Hs(XZb{y#ez90GJApF0DF5Q49(ZH)^u8`A6yY`lPgLqO1GO=J48mz|PA%@U zz&+Ejpp{^JIt%u*a(G~yQ(KQwc2RtW+|CwMd23IA;}o0oXihcR-eG>@#`mywch4~* z5$yJ9YFoNa*%dduOKfhcFVmh(!se1glu|xI>D~6TF(WlT$Bl}8SlxT zHt|EYBi*WHNom@4Ci!-A%^m&)$R&4TahA2O@2nJKd7>bU+@B;We$f zlmpCJt!H%boE%OJ7JI!6koPctZfO5COT^=Q_wLO!IO=RrXl~*))2!>*3&p%TbB+@A z^Xhf!!)W(>IU!s8^wh{weONdIrT5m7?o2h@?CV4YUNl8oeepis^U9Kvr}yGe>R)U7 z6CUpD4J(iRme6j2=`Hrqmsd8Ls(nz3ocNvRxNALb-;#M5TLu65sPwHqxdm~Psd}ec zzmi2X6AULW8t5z(*59vZ7d-78wv?e&%JHxp?v?vi5ms{_^rm<=qK$w$!t@A%lgxZl=@vx7;}y<#$MM+nJ8u0n7o zzqyQoGck8J%p7!vE?#bJmu}5K?ooQVepy85Re{E~&&z%>V`qMbfSMnslfCm_pQFDI zi5UFn^BB}u&VJPh0oUckwVNtU){hTAi`mEzUDR=3p}h2ZTG(lbDyykk5ifR686LOr znr$%R!k@M_nqpFH!e**jun*PvgXefm6qgw5*QgF9_rfIc<` zZ(gkeOd9KKG0+5b)rAbetfKp0S{p&-qFUtWv{TT3d;0m4)}8ocU0uLVq`! z_0^*FC|}@ZT1Dl~B9)m|&G>&P0=?Eu4Gu$3oqP3S(Vhc9wtV-6mAXhP!WabyZvX4D z(SM!b{U2*b>V(F_EFC73v8#Vh{M(bkpp<6_d6ePK~o=> zJZn!heG}eezva`@vVD>sLqOJN%Iab1juSrBY?Gka^i;7R8aSzmKmO@z7}c!Svdv#j z)9{zXYksQ^&k4Gf-5na$*nXgwB4orTI+R~Albix9mT)ZB)-|i1o4sB8GzwwC8Fv{< z+c~Jq1qSn!e)I&P#s3_poU@DYZc*S#`~4vd&p^dmLG3_{vn{*FR-;51jV-}H*gCK8 zzxD|1T`%_@p;^j}mSxym$r=L`{!&sTm(plkrCSi6t?&NR%n3k~UjP z8C|Vi0eGdOms<*94_4vKk19?=QcF}fp(41G2b*gujbG0IUVRZd2JCD}1s$r|L%8V# zu|I6=R1x;Oq~3V+T-Efz3Nog*Fmrj2`r-PDYQ0kMAQN3fVUtxP)PlS@a{YZ*We^J0 zSU7K24ml*HQp|OzINAys(Ei-L3X_SC#piJFqwYV-7^-0H*0}o)#s^}`$KzkaMcewj zUnc%6{x!EFuAo2IOEjL{QTX4@Ri2JTk!I-fe*emP|Ld}9QCVd=Wcp;K6hkB1uNJSR z|9>gM?i|Qxm&J*R3Y)tr)~0#&HO_vA@;?Z$ibE=5M(2u2zhr25u4py>TE)g|4UoO8 ziJy_zNQc@3`8_?_xf$sK1!kI zVG-b}yB$O4N+l^%w&GiNwvs~R=vIBh-_Iygz{t}Xd?O7c3Z(W4jOUwz!L3LXDo8$+ z_DMV2TZcnutNY48inDd2r#`}KpwV-h6ppiXv2MI;EwK`?^uv$4)kCT@;b`2C+c|Fo zZAE(F)4AxBwCJ@-&TK*vPH`#NdUtDkT&IV`99R8@STX^T-)Vuf5ONlFuAJQ$q_!dQ zm5swby^1=eL1}pjR$l<+RyvDb^&+}9^0HaVM7fU`6%uxghSFW;tQh+ub3embn|EN# zA){670h_|sHGSDnnqLz6{I`x5F9?cXB%o_UIk~;-3EeFnjFK}qq?g+P01lJCy#OBP z1!FC9pAUMrCLoaPH<-OoWl-2n>UjX5AUakM<@tfmDsE>4opW@v?2#Rk;sP0s60Uvi z3{#hRAU;6VS(tjhe4YPm$QjM}OQul%-o77w^8HTS3Zs@rt6L?y;(p)aJ6dPY9BZ?Q zRK*i4vJwU^1$@m1I~RXku^4nZFQ|GYXI>30N)Py1W?u9#eXJ<(9dio_Yk1i6{cBzex$6|-440RH;OJKbC#mR~Eauv0KU+%^P=$+ay@Sf>-CiL-+paeS z85=U61$pl0+uAfGXzYaq)~_#F`HS?jm_iqw=qvRbdBC0gi|Ir|!spHwTd71mvN{;L5pTE_N-K54d zn*G64Mo9Gb+GM)kY$7eezQI6*5v$U;K{G5G|Y{Kq6x_ohp{W9N#aW zp$&baOUhfemF=juRsAp)iP4bW{W2~CN|8K_nb6Tr`{6ICm46kF%2!S8dsE5a%RSxy z!_Tu%w)gsXzTRY~?}6FQ#&=Z1mzdNf25KYn!BNga9U@Tb!kd>D4fcK>|T_T*)%2bg9$enLZo zdy_qt_?;UU?ksMW7HELxVyCYeuXZ$e#a|LSM95{vRXo1PRMqGoot8;%EQYOwUkc|< zbtc>uILk(pPAot619h;^nW}HX!-bt@M>Cm#`T6|P=3bPA_eYDUJs}~P+An6{l{2c} zST(Lxc(A}60DNdmPoJu z6a_ACa&(}jT0v#EKP%9r(LOd`x*atk)$*rt!Q{zo)phh!b2nv*@nRqb7Kb^_>{Oge zlG?Mxohp+quTCEpBc(W;k*FqBDUKj8YMk4t@pV6OeSjmJl}Cx~D)OticcWpfu%dF% zA7^9sI^V`c`>1O@m?M;O^Seoa{ z$Mk^5W@;{v$tJcsnRJmK)w{Em)Ju<=jraT{n^auaOmzHWfEFPm?Ou;0ze9it&MukO z86v{_qr%f)trpmFh2DYEliVY8%z6>W%H&~K`xF_9QBCKq?!jN^ftIu)q3pOX1?#WG;%O>F7 zt`gNuV@dUd@+a$;)S=E7KHs*wQ73R=LH+dM9jUwRw#!Nl9XFltr{{gDIB<@yvpha6 zzOowoBg z#|Qp~RX2;S@mN?MsdQqk2g47}l3O-|P@9b`Ji`b0a1LtZ{nX9%f#3^56I#nb`MM0< z=;y%Vj>F=?ho!5zUC>I4eS$3R8P=~=xp zm;it|EG=a=>H%#mD#ikB1aUV*Hs$>#;D6bR6&4}ONBg6&$;GC_6y?>MwDzrUI&!q3|Knz@u!uZ^ zF^$ZObeMF$ML)vHn)ISKIaQ%X!!Cc_m23k3L#tu~OaiqoneTln782*GN|SVVQ!a98 z-5d=-Nv4#U>oAY5^k#afYqhI9^!#>`sXBP&q{mOIH+}&9{zd{3x@{4#jO z`07p_u;{EId?us5HkLPWC@xF7KM`la&S z+k(8DcX0>~<^mV~3@gQ620WI$fXYRSah08!ysf;`bb4M;cYO?_dh~wJ){RL-pAD|? z>AM_OnhMEb1Sq@e9-iivt$0z|Rn>=DDOWMvV-S0cZqtUT($NvpUb~L|f>hw8ik9 z?MEjByQEN0M=w$fQXI#mh2Z-+=phT~@4g|t%<3cncq~DS(dE(tb|o6MM?vOY5@ub^ zb!}yO9`&amUNVE(TV#oc7CNw6So|8tF>m96AVubnsQbI)a#cqXId zpU>LW`kCqZam3f7Mj`z~@X;G*^(VM#O;nNwO-Cp)bo~lo* zgAY0_%NgQyrC9g6?Pwh4-TyW$u>XGHOz))(CFu3QO%AdKu9thnKhu_mgBqQ(>04@w zN}TomMFdkXL7&^2-A8q{c0)q89imPdEI*43*k*DK{z4)}tWyX-jQQ+yMfIVnOb>cy zvdHKvPwQkRNA)T;@MCiIyYsTt%5vX}(lP05Z$A32Hbpz;UXY+shMLFEh3?_}o2$QP z{d#s_61n1|vsx;O3L?%#x=Y8TF%x5V$?KC$pa0ozwP7A;pj&qh-iiI1Y(2K>82Yt; z=sfhQ_uwtUk7RCPoS|#GsuYx4!QT_dBS#39u=#vY{bNnt@V!O+3k_fy+?kGXz_ruS z86_%(aB`8Hmetj6t&n)xzZxZlx-=xFscJ@97)^0jn8W>U^$0B%o3(Q*5C+C>eFf?X zDiP>Jgv}Zl=?wvZ_;T0O-~we5tDRERKibAOtDfIOWUR5Ce4Jr2Bc4`q72vVx22dh9OWdR{#gXgW=sm|Lm;>1Y5dQ%~P-r6sThnkfbeFIsUb+_~2tkmED`yUzRMvEDw2Wpskk7z@1stpV(3hMT{vD)V6h__F>BM8h)#Q`!U?RF+&VJDdEB048hEJv%ya=~3r@ zqxm&WPA1wReG6R}Uixf~SC??f>?PJpI!jZ0nnfR~WF&Mn9-Qftck4=6;yb#cjbF3w z_O4-ZDseF1)?)UAK{Uel>Ok@%3g zHn^~)siE(y`F$yEWU6#ZLVNUK$_fePn$_r~lbt{i-$xyGAVRRbw3b1vx4jO_yxY@o zFDX{7v+0)3jQH=avzJzbw)^-Z3&Oo=-a#lUXx`2T&!w>DT=<-6%fY~uAQ`sjUu|mf z^hGj9M#4K`9>WKO zcf!edx>cNl<0~%*@|(!xF5QOp}Fxo>^NOFCsoQ;^z|yRAI6u z9pLfjya^V?)9pg=1-=B6R5D|qDnJ<=I^1@bYABy~{&l~{V38|<`X1L>mN%@nuK=lVw zy-x^}9SP%_XpZT5zMF*)ZuMC$Z?5>%XVLls^=P$GR{hcYo3ya{>_~;jQ+$piMX%f} zS!tMZqs*Wk#2I@;_!Vu=LOyYHhU_#TQ*b=1u~*2E(wyhA&!)Ky z0t;;KeqHFTG05&s6iH%?1D4Uc;PkG3o%nNmf=D>|Owy=|XEH6;GdwuofIi&rxpFx0 z^(gj^9!omxx1ytGa%f)GAG1c0KCk!uIvI|K#d^?I<6z|Z!}%v=oEQyfp@|{4sL^Ea zkyUxACI&W!r+yAJ$k#ii%Tv)m5XVcTH7dVa%!{n~`-p(=BmRHiQNMHGNo(Wnab z;;Bnt^3k|zonzjYEr?adJsLk6$e^JdDZ#y8S zomU7IunoTBXARxijv@gXNr#OImcHHtEV_sG#a_6plN^)^O zqv7d*QrFQOLS(wp3B@K(eH#C^@<0~nO%SjZWVA;(_aW}$2GSUY*IMz6Uh(Zw9H254 z(1#AV!vQ$Cdy;{c``K2#yUeB$J8`YSdyRHBmIkVZ`*!l0eEpZl<|-m7n712`VfCFs zCYHdmw2TSsENy~|;8CyK7Ix-{pL=uSJ??&>{D4_i>jcwTiOP#!Tpj4^T!XhNj&oxz zLVKmZ{&Uo>6ZMaTu;WY1QqypTPV{yAxcGQ@f3F4Qz%QoJdS zd>!!Wj==w}KJ-$jknajNxs#0&o-cQEN%NmXqd@5o_;<7n5%K zi}d+NGbCFl|2aH29&n?51+1FIcBk*6*(mxYG5vZ;SR4A*6q?0UITm*C=7q&nBewe1 zNS4>bF0KLp7s6rfc*tjkua;LYllHsOzguZUbd*-*_?IA#HAs7>NRq8~>%4d`>SXZU zTGxAE;}?24IFR&bo9^Z!3uKllIF#P}=(UjRd%3zkpEs?qu^8-%nXPwFKcn#<3@nSr zpTxr0S3}YT1#vf8{g>o38eUs|lI+o^d9RXuH+z-;3((TB{jRW&sxa+VSrk1CGRYpi zlK&^!H05+vj5u~3-NnBqjmO5tPq3)ad{hxM2vaI;-OD`(?^OMUa2Do&fCEk792^&u zI!b46C1-L}B*?wQf?RJ!Y_tfN^(D_+2uFNWiRZXZxRBje*ZsTP2{o^-N`MTn4PW-T z(xpPqnRR3KC*5skg@RuC*l*OwOJ4v8)ctGNW}Zd&J^rnrl%_R86qhV%p^Yd@;4|{q z(5+H*j{TZ;bh~UtOqKw&EFs6_V!qhDm}{}>L63ae_T_(J%tJyjLRA06jK*xLCxVxZ z`4?L8UTq30A~y+z0b0c#18?PV7eV%^zk1ZQGLj1c0G&}?88;VO-06sB?rF6WEnc=B zO`G1oZV-~qb`oEc_ZVZIwGLvjbB3xGS6&4s*lmtX-KkedR>LdjDS|Jjji%p({XE3! zfc?H~GBX$(eH7!YxI@;+hmC&TJ7v9`p=4Sqs`OW7zf;(>Fc2)9Q2hDmv?2UJlE(bc zUf_N;SB!v~F;SnzMoG0+J0zuM@2cs?&AjI-yQ_6t#d-T1!bu6it>3um=_R66(Z2Fp z?j_i2SiW-hj@jJe8zib@-~M?oOVHd>u~Aj7FfdzkZsn=ZadrSgifa>uJl_7sZD}^5 zQmTYzc|}VK79)fQ!uLIU%8a{h#gD_cNH-p8r*^r>&(3Ynj7ZS2jJ2LJ7aim&}&fxCsJiDZqP!#{)^ z6N$(76l?1CBE#yNvi5&p7<@=eVUqZTl`UFhjdR{D6WzleB|`9a`}=c7As`Z+ggOXz zD@(rrCb@HO31;veRP`dqx9oZUv778{1gVIxYOtyJ`P94A&)*c(`s)pxAz>v=X)BCoopfou zD!R!^XHTBJuqfva9g^(T`F=r=S|`64c^drPaw?1gxLmH}EhsuGn$1-;`~I?B162%c zWg}o>ogsR)0stUuXkGsM#NmT3$CIbe|6(Q1fAdV@Z|a%M(69+5Pt7RW$pBp~Bh5PX HXVL!+&ziqx literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-edit-groups.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-edit-groups.png new file mode 100644 index 0000000000000000000000000000000000000000..64cfbd439f3d472bec33c8ed2b67db065434dfe1 GIT binary patch literal 2004 zcma)-`9Bkk1IOvf5sfF&oS8i4VHh25bLE&hCwnAWvnX>PQ8KwAw-|CxU%8it+(xq; zNjyZp4b#_l=ipYZz!>A4ftrx-u70oYgYM{LlzB)iLK7YA=FQYUtu)l424SRGmyHneD zGCX7q#LVyYvx8`NgzpTT{aWC2TVcYhHqwxZUHs8ndkd1bfxHbN#&3dIY9!3JBh~1*)@#u zX#K>xT^hX|yg#Q{G*A7Z_v1nF@fm)D(T&&XXO-8s!%29}{=Z)QdPMf@W2J8GJi3%CxD<%Z74Ch8qtB53vuePEIM1`r*bRK+PVPImB9Va?szc~of!uP?lR9R zIi%IKM!VhO6NxycA*VUHJ$&e{8x>?I8}*r;!Wr;cP0hcWaMULjxIY`DV8ktB8FfS) zfAX$imhjc|{{d@)=NJr8N6bHHk=5iDA7{Q=jQxDzKtEX6ayF?;&! zh6LI0N%qiIGP}4jTDd-nkOg+>zG!su?+mAf(5+^NbwW2nyE_FjJ9pId_a=9);>XLj zgw>pl?d zq8ZruWMBDqLXW9E=XTiP-hzj2yCy#sZa}$N6X7L_fDR zlJ7h6GjS0mvn73q*j=?gCA4evKt4Xr=;lY@qUQ=Xia1$`77lum>O2wZXX|c?gr(XD zbrwXKw|3TSUhr?+RE}Uu$>#aDYICjKss^{UC*H>7Jnpthlhhh0Zow)f>p0>Ss)QV@ zxd2a$=tx;h)h`}Rq8)J>K~oaV%}X3w6-B;(VbE^Rx)9>3^&JAKk<3?m{* zU5*I#fNI(3aSHqK<7*mjNs!{125z`85hrcuszLosku4U}ts3|HU`!^(%6XfI7mJkP z34xUqi8oJtJaR^2Xa~;g>UHIb)M`VFJS%9b5;t;PaKz5|xu#r{Z#f-T*)v$B6HLCHO8 z;+u+0!Rumz`h@ODZl2pVuE#+=%VJcPYvc{~ARrc}Kq@q+_TXuVL9; z+V3l~P*g^=PojYI)o1nW0{6rYq)+Lr>+%L^{k$(e6oaCt#NUndLDlbK zWFTkXD#*gPoD68(y)X71V8B$BF?qyMCB;fu9$wU!!-m8|he?4MQj}n=|CM;~_E^~~ z@-Ab;A8T&Z)j$RZbK*WRtT2%@qVK2u8BNSU&FOAPo7o_Ex>XaknFRB0MW95THn zF7*KyRBJ={-p2f-V69{X*2kk}rgnU_XVTSHCa)H%&G;e)Tj+&Zks2m@0(o@CJ*No& z+A7oR_r|Zp#B&tqe`VF{etP4XP)!`!k!!&@BL3@cz4>k?8#*zOITa;ESLBZ6Ml2$p zP&@54r0;f3bD^%;H|>stb$&bLpUTiprOrFL3qtX5r-bZ)-yY|jjh zeVHu$Kzq^XL+4OukI!?z zzjMBv=RNTOW;1)w+H2PS=XG6+?s6lU~#6P;E!CJj-v}PT* zu3_hg{7Q4;_%%Uw3i=zNd;~@yj>!EN#6hU}p7$S7;vO@xwJWbNX4Q zfM;=G0XvA3GZ0V}vc&!)5xd8j`~}^%K8Wpm4GRIe)>}CVcCKHrYK6+Ff*16D%>@16 zgD=9?4=(Ko?kRM!HGS~#{L6R;MOM%V*-+2?C}|TgG zi^bYQ-h)Y_99tZ|z88D7VV42Pom6|xpUma1_^#2QJEZcD_fGh*Wcz0+wT6C&`$_tD zx+B&~t9iz-0jRdpI37qJFZU-NSc3tv0BfCeI&`aKe+*iv1|%wSAlov`S)oGU*O zz5H=xR{n*}Ui2}DadC!&a@XztF+CFK`Mw~jpp5P{9#vk+&#D-5>OtibMZXe((Yo6v_7AkZ(nA; z)?|$^;GSevIuBT0VXQE~0KxsYORT@jbh>8PxPv;n> z*lV7<+wHO4Ab_6BuEvv&z2d5fTBhKbE^Al%r@}KJun?XSYb1`9HZAeWGd;`<)e!Lwa%Rqwp9tK!{sVg5^zkNCq+^RO9S+F;YyR1yzZbs)X z=6mZg;K8QTp*Bt4^>)O3??Zra>o%}t=&lMbfD1RyOVk8hZ2Y0QYW?Aq>-ii^n2Yd8 zfga)U_R@ENTSa$c|J!#X`uVse5%2ULgdo?#DRy2fwbm3ca6-oo7TQC?RGnIl@)VG6);JXkUfOJZ`5$dH^qvuGV`W zce`Y6y1Q;E-tLqIU+J}Bd#q5Q9yR8s*9IaYik-{On{S)_4fXdFwgdaNXOJKT&ILCk!-qVoRNg?U!r3aZCm;f#7w;t}2D?6Q>?& zGC)~fOc?Wg!mTjK@TDJMLA_@3&$mfaysDXpr;>mrH${W-NnJoY#EM&}9ya+RmkTL9 zh#uDUU@PkFa7fbaNR-WWZF`^feJ7=t<8gDtWj0;X)xyp3p*pmq{$UTu+4tF;k^&8OY|NNRXv%hD#!kV)&tyX0#{9vzn;86+HY)%1 z`s7EkFkOX#g5{$(7^;PFH~SLmk?^YFOz3kU$drMdB-cm1Ha)NSp`Do`-)b(_`mds_ zTad{;sl2Y)f%ocFroHk}Kq2YGJ~-3Ct*yQ^8+631Nu#XkRnX?hL~dnFpAT%ohR=%@ zOOgnzfN=X2r9nmO&+?aY`ZOkk-AV4eqsJ_HQ)?wZtTcM<%=xJjIE={bss;4qQXwu2 zt$v9CCkZ18xm9sy2fAlQ1MLCDiK#lO2v1=Y)@i5vz-m|y0x_{z9O|39qe1LBK^+sU zEALw|u*zORcqCUgVWb{(zh*vwEz6XsQ9;hmWWoV2T2h#iLJSt-wrHmZ-!N*u!3RAt z?bX=H?C8bIoSn~&7f1!wobLF&jhu+UmW&(*_0>67*0u&6dzF>qj_mdSWFch#;e1zg zZ7w*o(A(Dkk{WnoQgc=z9w#@4%kwT&qSp(}qzl(a*bWO?q9k%~RDC>^3KN9oJ|oOi~<=l_tXbPQ9{M z&_~0PoS9}HK6lgQ+zC;kVnu!T;|VuBaR~WFiPx!>Ggv`}eIBMNGA<{Eu+r3T%{2Ho zLx7t=+QQrqU7tSe^LdfB-}%DbMGqcKS?>DmU6wA}!v3^g8gb7J5OINSF~W_RKt2GP)`fyq{goNWb+ZZsJvG;p7&M6BZWW;)J~>3Hzi4#sOAjf^x21Chs!0 z;n@|Q*H+ZQT1CbUI-6%Uk>10;vf*mGx0u%@f!KHN8?DwWw_Q4Zxc^O(_C4PH{cqXh zV`MqJ0YMjriN{lG`mK6e4B2?ySGz3uUMn9TPzZZ${@en`oB{aVS1nDVUAf^-D>;1X zuYYF8cFly~WP^9zq82#54$!16sX?Mbt_Xft@G=VN;0}Ztc%1uD{(KwW=x!&x6O0H; z1h?NW8NQ#?tQJ?@7Cb>jMU9>4=SNoL6j%J^-Y4vp9;Y-v_LfTK&kk_JMimbc@wPC1 zq=_!$PQc^9UMzUju?852CP28{f$?tw!JSAd+(R4w8)1w7Dfs?l#MgN(ML!hcp7$~A zw+!8O*jJTOCt2EbGrZZNrsK3LK5@$z{-xkezu;nQ%i`=LQ=PiGcQQ*<+r`8ON%+ee5(WJ*k@sA!-6yyel#6`_0L2KigH9j~; ziBO^DmBhZW!q%E+Juv-{;RUC}rw#7VKY<4EJmX4Ggi|5|p1VmAnTdLfv93iCt4xx; zue3M+N~7Pp@LV^8ka8eu%Y|N4r}WUGBF%S4iy4iJsy9(P4VT-hJiTHumDqr9 zaLe~&#mvDRm!(KYGeK5RUXSM=bZ0-e#gWPAon@}+eWfL41<9MB9DYC8jLI5?7wBcE zjWR=c)m{(CSf|GF7YDipj71q0b$paDw??Ur52ukY2uX>UmmeT=WiGGCq17q~X=Wxl z+X!R)8sH{4sbkOj&Q-p30K6^4^Btd%lho0sOknDhI{|@%**o@v!Dm(06_1~>TDm|; zyMUxMbpbYWg#swj7p%s}|5C8twPx zVmo=ZP6_nB^40P_idOdI7q_$yu1o-H*m!Ox6=5_vZ9|$UKWPp~Koe}$9{&@d`=UMFU6Fb|m1HEW>d zDrmOZTWWeSF2xkGUWPd~+Y4C4Jd~0@-`oA*yrE0Su6oU8$6Ic$5vi-DDyoq%y0fA6 z<^AFFc}1zx!dlM_w80aB{tHualf-kntvcRwjFR&7GmGKT?fwEg3V62q?9ip=u12BB z3#vVr@yKB#*?7g_`8g8>nE7}VtD{k8aYcxR19MG<<51EUj&r;+=qmZ@!e!j+Qdj{6 zGepX>c~`HEPFZVCWwMrE_fVVnV66DBUpnD{&b9TeU+OyD&_tOu{TBP1upYP!eo@o_99I~1f6-o#bCs-7pRGI9B_(dA0V&*jT!Raj^tjH8 zIzc|wm~eMj&3Oa*Xe9X4byPndK}F-TF60?u%}kv)Nb>H*$AkIbtIErUY@69N7e?C( zT_pngw>3~?4jbC9;Ax<9AdDgBn(N{F(e2XiHuZiq;r1t4L-Dy0(v8>lC*D0zAPEjZjy(`zR#pos6R*W}-MOhm&=c5e<>SPQpbSA;H{6ipEL&{P|;p4I)C zBDiYI20B$_wOnAz5)@5*+}S$X6CfCbt86~{GT0O`7XGrz_8iCof_?$5rW?EJiQrQQh&(8o>&uvFUk1h9(jm+3%akr$Y8t z|6!Njt>0-GS%Jo1ryqC-bs)dtvvebI`=|HRZhVjwZrW#Vk9O&Il&Qrk8d`my5!SKK z5T9Em-Gs`0;|P53*usnxgbAXbgvC~oHjYc{Rt&vxF<$Leun z+vxV4#=d|o`v*`^bhiwTFG?IyO_-&}y<-P%Or?t4@!im-(*8mw;(8F^fnefH<~NU6a8UP>Y~9Crf@>?9M7S5u^biH| z#$yZ1(cOM_9@dC}WUh{`x-kMEr=()8!s`rYa)cw=w4iqOC0fjV-|T13&z*)c-!#J| zx6e>E%in>X9nQN(?VMHFj9Q9T>QjXA%VpZS1m$5~=;=4QNbheXa)9@>jU+5^sPK)D zzF0#ze1P;=UZ#gzC&EqVmBM_lHKyH#eMAw3+?Y1}h@y9+)Gb+I?& z8&d)VWe|!PdgHolY(O*r4v*)InmQH9X&k3T6<74SoWH*rUSVIL>VFO0Snum*% zYHiA@uoi@a%#$xg%&ePzkWmjk!Sr~pOb1mUbcsCclaClyEE7=;0cdR|O&xdmA8pn|Z$`yk% zDC6=J8B#xoX-Ul@UA1j)!1|2E;`NyRlYFkna&$zy-B`5uC?}`Q+XOlbKLfYPl6xJ$ z*t{lvKXR$O3`d`wS>;fYVTei7lhn7GN$Qy(ye#_M*P9ltEI74Jinrm6On8FV9hktT zFOMmi{+$t-OQ%D^4R24E%dyx!*THB9T_!i|Ji)fav36hrz&W(B>~$xez>s=4M8$lQ zGE~Oi|Hb%HCNvqFgN}zd;5l>2#C_^}B9?72nk*l~FTQU)AwFz3)Z?qwRvaDZ$dEd` zeXK+HI}$xE{D`Ho7}5UvS%c1yqP<_MLhE!gO4hcn=5P-! zQ_NT9F1t|>E3HU>SB4z27*1UH_hC_m{kf)~m-)QMbuk)^J5r&PG}oN1tG#Y*RgPrX zNIjj47yd{^xW%xMrY9<&Gt|$dB33;k##qzJJ|iIdYY}0LCrQK1CY1tMr?2dOY+8I< zC0(#%Q0^Li8g1Sbo!O>>M4~AaziC2(Rr$%p)Z4R2k*7Ep45|;x zMEJVHwPM?tL$oWmv6l|y>k>ScAbcNi!*L2w_!>oQnFzZTC@YNoDGl%7i;ks zyxJbfAAUB=RiFsp2Y+wcdy^CnOw<0i<>pH5FT1l7iknlD#Esy&@9FaJ<8GiJ{kC4( za{DI1_&U4AgIC+x<6y44$pOH%oY~AFESJgUOx|R!Kl@YCB3)C=sM#}lCd68t-ikU; zr!AdDvJB!RY}m)hpHPTIxal^^XG8`BR>v8wHFb=-a&-Oa_)09qm=f339BdwWkTJEF| z5n$+XOvhiLaZFa+mraAOS|4ynMhg|*8Wog5_M$8Y{bRlMLHe|?#-pS##f@C4%Oj_XfB;e%WMPDHOaaf38z+2CAd4gT5|L*92omVZj)GSqkv zm<^=}Os|x*&1a9{^}uvr0W1s|J*DoO8s+}prLXVHFbzREiz;l;o%kdw5;C4BUWjWl{ufuh&v|k3;xsxPzrbSg2dxwp>e^V{>4wvk5`YA$?L2i$fv}DZN z4=X78Im+)$%S;$5w}E~Ej>Zu{&ifOC{(y+XasRQ!^-9~D+AK@k3OvcIpZDH**ACzJ zNrPSwBrH}fkUHB~o;a1fk>iswn`tGJT;}$1A6_rF zXo)@2Qc5hG;&bVADLOE$5DTH~fD)U=6~+Tu%Ve4w`%$YuMhDIrVVqH#T>UsdM_b)& z%2cF%pRv4%`Q32zkuZBlV}COEoGqIj-m%=Sr|WcIm+A1 zq)w@oZ&R{vIcy4_aVWaZ8IN-Su!YiuQPJS70J zM8%nW(M)J&MR5%WV!udjSQQMj4)a5Ea6s}l>1wbN8*q))5!&!?0$-rDU=mTFLs&T1 z6~Wj$@r*i36D57WO|A78V{lc_2ddWT3-Yb{K>Y3O5S7Hw^$Z@Ur zrTbNPg%^dl%QY3w1%M)Cc+2BB#-9(}D{$tik%Y%A?fe(k? zBUx9iN^(crF(<*l(Gk=qCBYn3%IuA&f+tU;x9yJlf+RZ?{CQgYnaCIW_Newt?>jn_ zr}zZ`(tAFO;(_*iRe!S59b)&&14(P1sEKws+rJ6Ga#!B~=)3m`nqIGoH=i#hdr5-=6!3UNtXZ{b3|4drOXk!K?<_ATRD~F2;oCI;KswlioVpawSop+o;@;V zPpF9{z?1s~M93M>{9T>mT-B~H}^JyR?Cj#i>gd3+y1E5c?FQ^(J$jU;lV?zaLG`$cWIJ^Bc`@XY0Hrt3ZyOsQwd>%Flh|=*seGKFYe^ma2Wz7cBTT(!Qil$|>$H(LVUllV zJ;_eTow#2Ki@%gfv*+97JvP~$E!I`Mm^(137dJQL8(2BAcVK7XNaA;li_gP3L>_=Z zjbt%ry!t*tg4FY=E>2$X`@=$hedvk-eN{+)7ik_?e4po)EMs?g*u5eO?nm%m6Sq#3 z!FEG_VEUQZb~gW;q9~kBqkk=b24eX!KRkYZ8|qx~o9ww<`<0l3es=N2W@)9vSJGn` zCfvWs!3en)ulaE~6U&Ut6RSrZn`{?ISD=0M6mAKY9rJofJla+jwa1Kzif&zX9_D#Q z@`=ON2`a8KvV5TQP%F74#)Sb%Zn&exM*_J?5;|UZz4S3*;H@7U*-G96or!Apm3D)HqP@pD z|J;$rDBd8PkdU+fhm6LK^!I9<^gXp8&?cVDplS`r zS2`UDR|zm>eHM}LAF@U7u6A(8LTOg1!*F&}+j`Ao(v~`}Wi;Uw4p}+wc>5<$k+VCW zsc1-<{z93r#G>Aon2LXOb7eN7`S3EAA&*qp5H53WmgOxrhM6__o6Km(B+`){2p`FH z6?oT^)}DlVt=c{JQ6dYst+Z_3=fAGXlw0e|UbpB>5ONi8@UBX3*EA*2@P#Map>Lh@ z5Yvj%f32NqN4_J_z@4U}-!hrva|7CQCiP?qO>-z`c*V$^3ySb6eVCYUOOsQstB0J& zdpUEaTm!%aBrDhql2xW#E~MC-WA4w-Ry~2VSJEU#=x|orxTlA)W=g*WgQNL4h(`+r z9e-laAOn2RN||*q-0%?=!Js@u$X1diEV&3DTGjI~#%F)29&=^V z?%%@@sHc9H>L~}g$G)%kMiYMU9$JOqG~-D;r2vrhlNWIqy*JW8<#L>3q&Iwa3rA_Y z-9hA^8+HE64|fI56)d)3p$WDYHk%hfTQajP_bmvKJbN%H<~+VKR@k1 z8o;e6Ft~!1h=Si2e60*Wmh_2>su9(Fiih~%$%n-y#qon<_Dyvl)ujia3@#~dnFtf~ zG@g#vX1QYVg1!0q_+(|V@tCZaY!LxDj!oZOYqs`NlOV=A5Ih!FU)pT!$S#Ptt^i$s zLK{_hfVzFh6#z(mCE)+sH2oMsgiP_#s11M%&~hBZ3Ea=n5~RJKgmOX#kQE1*QM1;N z$GPv#8NWXL#!=@g$|*)LWN*T3ziDI~AR1_Izl9ZJhG*}rDrZPR#+#tSGG-)rAOh#! zC%}Jm#I&ouzSAez_tt(=tz4fy{gIUgc~fGktnYPlN8{<+0;3=~*oB}CZNwIU%UY9l z%MHldyjGWB;tOxv7VB>xlH&LbN*Fnn{K`pdC~ zBN!75+~jQs)my%{M4WBB;925Ms04UG?81?Jv*N@uX4NNvgu^-}LtJ_HX1 zR0@KLrmeS;ZYR{K^ex|+tm&j*c-KZqYbsuwo$Qc6RE9LP+mv8yZ`Gt3zKRqt@Il14 zYhNz9>=Hb!W^9T^At7xjgMFz!2F^kdVZ&?191R1OEh2%6x;M&#@$Zw#*Y#+PPb zauz5<2D5UiWA1r`ngj=7`YTT*l1w<)N-u^-=WFLj2TeTnclh_#JYw_rMTTZKYAt)^ z_P-X%ZI2qS_3!qgY5qUaBtk64--H3WL%PfEtXkI(Xk<$V%>F<=RtTLq^mtgh$`%*K zKqy@2=$mbZi*>DDmsFd%aVHx8HWOvvhWg)@TaE`<0Gtf#xsdsY?9e69ppJYDs%00b zjgm}F!97%8*PR9jJx-SL)BrP{SHTFB;JCYm+g%M#TXr*(qMO29FGWZ$Kku0xXbDbV z%r)i}IG4ma3Wx4!S1uS)tZljp{I()ND-hkCW@pj3fux&9I3CV1l&wixI2Upn2(a%$ z2qZjVeU)zyWGvU>+RM%B1;C|S!4S4TTO%os{H=75`uN4A=`?@~io#oIgPZt82ZvcL z&OtRFoYzfp>_hD-txhvf?bqJepNii=XmYtIV*o-S#Ha(OL(C`pUb@shT0XSD|mcs83ev3xnl2e^c6L^AwK zPMm&jnMVu;G=QK1bB%XI;TjEMzET9Xw(RFW!9Z{hYfMV;$Cnhb{4HWb8`SE~a~0W- z*W6t4`D#~d+E$);NZhNw?uac_f+bOHFK+-YO*2iVWVCRql_`1CP*?oU5t)zEH;nG{ z9~%0zb|XIppf59{`Y^vJha8}!Ty$V}(>5(<4K(uYgro{cZZ{g=lh2+Biuh_6VB;fb zk){MlWgKNW6=s56zE+sr(;(8xVle+7T}j&!;it<$>VtV6sHngj-dfZ3EnPG@AI8qP z5gC<*O&lgzz3qshHgq(SC>u07_ix@E~Djko7! zC8xm$8|4Oj@Irb68xDwqv^xTf)9<-3L_5C02~BZc08g_PlX*T;(3zqG_LIP820RCCY(v14gd!Hgep-G8!>M zSSXMeF+-a%-`GKo#TR3!&#W2+zQ>Ng1#hf-W;s>Z`M9`XH&gCy=*j^471|_x<@`(E z7$hv3;0Uuv-)|l(P`D#$d4aklmp*yT*MTGwTrBO+>-*f}|5)9L`p_wUK}LtIWh)*c z8t)mfVSR=V2MGmc3i!%@dr`YvR2!b+5A};Yaqpm#Vs}DfBp59cEO>^z=BMZfblKd~ zgG9JbnX@IRfj+o9`m-QG=Z~ZUu@F)TN_b|#xdfJE$!_{RO5X%tErrNr$#4LwD&yiD z+Rx?&R}13nHQ?owhzu?=>lO<@>JmD{Nh}z>b6@OopVulX1E6B{i72DS&57m_@28{K z0XV#T^}zB|QE*7nmlFBl$Nibj@>?~vX7+_e1e1oUEaj2@FHA^LdNy9yHH;z+vbtIF zOK!$E9{{?10RVE=&FH5S&QG2>Gom9kc5@Pd(7+vw9E#2Q4Z!vJ^E@cbN;oVg*Rc5< z&Dl~$Ym^|)wMF8R?l0OiHN~F_ot;yuN~gJ}boS5DvK4U7Jz=i=d$2dwwT6uVd$;u@ z8r0oUN#o%5$X@*gD0FM3C0NjLf!H>#)r)*z{oOW&g_E}CjXJYwfT$^7Tdx;Un@<@~ zq{0*Tejx*j%=$fVU4#npMF-r_wmxLb#L}dA1fNpoWQa6RJjB<-CXBSSeLueub zMok4j~4FDb4&E`pspExC)v3Dm4LYNHDHl6?| z4(Vm>2A7=B>|Vd`MAW3{e5KyE$xC+A{P9)EOHoZe(V8Ql+NB)>(hVe|fl;o{A!hxr zg9)P-_B(PuDW6e~>2)q>OP^~5;wm%uJ7%L)d~~j2aLXPr->i3+U2vFxH_t5Nzv2j_ zOqoCD_k!OSHpLRRf)eVk8?UMF_G|z&=yzWP{tu&Hj$4xcOmQR6s3Wv}N(hz!)Y*&3 zb9LUw>^)rOt1SgdTDVNyDbNs#KH|v`3I{x&ehY$|M8^BF7_dr5>w>R|`YiQ99>hQ8 zS^gqCtjQHL0jDJdzcW5)Ke%20!ngwJCUqKZKz_r6v~XI$)$i80lkfcqvypgnaxi0aL3M}WPsQ(3sp3~H- z-tgBHH-1T5V$*+V=Cb$WRLJHMX|j;Bg(8$FudTv$QcKd17^gIwJ*95FV)-x6v1qe0 zpCf!$Xw_q@hi9 zRGo1BR5aB2eudhQ{lSi2RI!u1h7|h@35zJKsA_^kK#=WnzP)dB!$GUezF;0ylX=1| zgIQKlzyOUdSITiN9rxGnDrp4uJ&nbCRDt+Fr7c|tr!1vBf)#NcKmcz%7zV?QD>*M= zvY2Rjm@{^+M{=$k!D+zS2N$vm4=APd2KSWS8OlmL75eWYZ4rfYxG^WN8BxuJ&v#kI zlh)vavoMcf-??`MwXDA~85ic;7lEl$ES)sh{V+X%sA|nV%9v4QrM*GFiS=xpcHPDs z1XtbD8^{b_X4$K|dl}4N0wN}zZJekiU}!+t`T6R37ilQTA*zJAF$mtqWR=P9Mp+p; zS6@~T5|%(vFMAGsxCk8)w1rDr&aXthDj;mY3HH;xwC)EUbdsxJ*uVPaW%72x z2b~~edrcl85^|`pbcy!07QQf=lPUd>RD7#+!idH|vo(A0pOZ`K*hZExww{^|)3fvx zDU2}Uh`JM}?0vo;H5St!88Vx4i;|k-)P)~88u*>mj77@a<+ZE?+QzE3SQl6{ysxeA z%b8PtW*q=)RWxF$FCroeJt~jyh&`daI(6&y8P! zU+bQWXp+xCtFU`7h~~Q0(0D1cQ;ajdEtrt+=54V4UaMU)z0}mX+{7(u)Go7BIOks6 z<4~SGM=sH2xqDL@TrV)VI|syoDcfnk;BqgPWJ&ak)27w;U7p?#Ynoe!)Mqg=@W;jAzb)ra9;{8EyUe%wRqX z)UmZg!H^MB!Rnf|Zu7zO%gG(3=rM=P{7emabV8J^_EJK@YbUlHS0F2^MLvP$u9r=Y zzVa6tu6Y2aQLXb3M^?AkZJsz}X;647*vem*2r4Lcn0TU`! z_Z3kDzaAiGFbw38Q=0GK8(>WYZ#=~=@M&(QB;xvR7XYN4`OZ{R#RC6A%V_&Irm0O% znE#SEIYN|M_fJR@Cb}KPNZ1x%*XLT(`{L5Kr1)3ewKPq+w_256G6@-`IIk&?+~fm# zDFjJ&QwWsT2+2{cdXs)>>oEgI0^48tuq?7-O=F1a%}w<0CwKN78v?RRzaQIc@k33w zdmFKl0@%?VDLYie_Q6SgCG~ZXb&auUiEA{Dyi0Wk3JtgfP|oA^`z)Df+Lp&Q3)5N| zUq@f9qFii-GU}#FRZQ0pnrl>_WlCwJ_xBB*vwW(l*DQ1$pvbojsGiiZOSB?kY8}#S z%SDQtta{(v`ZO(M&nVxi!f$;Ui5G;sehTO->KeoDkVp4?iti@f60Iz<3L@{e6k)oZ zR_W?JgK0VI6vAKm^pG>=hqI~RKqms8&kc$o>lm}m9ON%MltoZ-ig)lod35f>J�& z7a}_FPLnfy1WCxNlvhF!$|8wb=j^P8!Likg-?Dz+?6|&Bz*ej_sbAM-i$48Zo1GzD zf}YisE%6wlfAsCqf0A2IpN4ap#joCZMN~$hj@|5Rgq~K%oE^Yq>248mCaO}ez~ZCN zg}D*=cv#?Xoo&CkyNJ=++C^k@CnYocdEQCr?Byvk%X|;A9FF^tbe95m#EU!rz=p&x zPc4a0fL@=`;05fq;UaO+1$)Pm>O=UjIQva9W30Qhki(eop$oZ-D{^fN%0&f`Q!LO# z<&K~xX?yFhqA(Jx0TZJL(|^|2#$W6HT-K8{{X07BaTZW~`io<-V+G8Xl}Sq{sPG7T@*Wjl3i2z>uy+S2|5N$#URH=x~3 z9Bcb`fNUZgkWJXVVX5D2k*_ss7C4jqFICbr$(x*)QQiEt;Cb*HSuDH_#g1=72uTq? zw5+8VokGT&pI82`W{6Qz{ccw(?7Ym$;Ds9nTFjr9F!A1ELQZu#0~XBXj6v!%96Hyp z*b_Tht{lll*0O;JiI&TZgQ9B*hUpHl)5gA8Cq3NJG_cNkni%gU)%pve7TvqFi!Y)x zt3=ALfapH_*w)isHs%+iPSC}Fm-Jm%T;CB*%M0c*tQvD+S)>pbUqxXtY}PMu_jAt$ zyO2{<-3LX#HCjS=?=2QGAH_C-Bkprms4hI*J-ub^gIaA!V>1(dOrOFm$9)<6g9@)( zDb*;i7YLrF*T()qn0FBVnG&KA(mnwBO8`xBGKlK7xJ_y%DoC;D; zx~tD}jDs7_1Pg)PIE&&EFjX#D3f(h{E#i8wZAn8GpM4l9YUR_k-<@b#sEM|p3+n+k zREIKC8Ql_R7}09~V)031=7&c35^%DlbFz=5fa{_!(Z-t_Be8iZ=H4k)3jSq8J`W&t zNRJp$SyZLAx=72w*&GqWs}i!46!tuczW@{Zy+Kas1r)dJhIhN=5nf2mPNikfXo`1a z$h?ws13=+*AM3ue3oKG1Yy_YEJLY9MspS$u2*!aq2G{C5KPco5Slahx?caIK1Qd)^ zn$u_)JY>jv?kRu$is-A(!ulg)iRXS<3Yg|~h zWt{P|u$*PsaY=$Pp8>ZUy6}9zm@;8Z|DC`Ewd^T(5=5jbM8MO7*@$0&_(NaYTLvX= zfx;rY)NXFwxiWDvES%g+8Kep*`ZmqSE!&^FmP*?DUcJOO%0~tT+vz4L{# zJ`GWKS~m=+UbJOV8FKN?!>@t>j^lqWksYzte0k2K!2<@sh8H}lQY)B-74~(Vr9gQP z^Ua7<<)oPJ-Y?#Ab*-ngv8r>3o;O^EDBfOn@uadTOI2eA%Gqn92t!SR3QPDig=ZA& zdrW!F{WR~t$Izxi@|fibHwhXinmVZQw#U*ukRKt6X5n{5ievZsniDGY3G$tHOjh^J z>z|FHsv1ek25--#^42;A@y;wsPXe;s#O>xj#&>nq>3r*RzqygI+Z4;JD;{A$nt|4mLayeUgaSd zo1@vI!fHSDU`|H`%s<*4T~#5wH1gE#PrfKK8GP8dNAXwzG*q+&(Y|;RjwyvIOE{63 zUDsvCwUh~;&RQa~*?(>X1&=o;qxK1&%99?PHZ>LOO#-n*iL&@vP_(4pN0O+%G@`ES zDU4X9w5}rP<}-N>Y3o$ahPu@E@BF=pC2loHa~YRgoCb{3;4(vZMfb^XkQPNt?pVj7$9KNN?U9yqX)quSKBtpwZ*S(x zxJKIn~KZ?hx$_K=7jxb-mFfQ$-0DhW{ zcq)O3Do6hxvY{8X@^e>a04MU8bv;-3fj_qKR8HcrLW#x+p@{-`ga7`n)qhy(e}Mdd zw!KEwJ@nk%J1>26P6&u*NXv-wsF|k)v`|tvmnldL&m}^fuTCU>gR%d!Gzu}F|AXzd zPqS%0^z!Lx_L_@*jIwI?tMJ%^9fTrw??p$BeUe;vm*iyUkbCbu z-&j&_JLf%GCPQQKM-Uk4IdrK|*W6GcJ$J(F%76j?(T)dgOif|NwLP)ejxFyMWR>t} z^<%YlX^;Cj7qCe*y!O)qe0u)sT<_|QyA)!#s+`t#1|TP5%d^4Fyw^aV*eknYhW42Y z;Y(1RmR!eI5qVH%)^UClJ&FMx)xK_}4X6ogze75BxW+lEufDN7yfuD)`2cShAx#G4 z2`_Yj{S*}?GClU<0R!{!6x`92o*ptm&NLUAS1wj*gyx*?US)8Xi1k5=4g zZmcjdKSX&Ei#-OpkXd_CMLYR+66y79>3QH4>$zh>tjr63qaCeeHU`&wjg>#aJ#jeA z$b7o09_jsP=I-VFOdqjpp%c;475H$O!Ry$&hu!;3GT8Q$FwJ`OSp4-0>`={yojic_ zqwhl^s_!CXJdWwapU-yG?$xtvl$uY}R9A8!*}-P4e%uKf=&1!Rus$;1fTc{y#ti$k z)VJ4s>EnKRlwW;4kdBsFsk3G<7%Uo|3-3fs2?=VJ86AL&!`O#@G(5l5L$#)g?s;`H zGdq_H?881D%H@-yj5~J3qCL-9X$8e8yAtVDxbaDWmZ7Ov%pfYz@`DCCq}&tPmq-j* z%xBlTCD45Z#Y^W8g|*iMW5!+n#V3EbmdCg9)x~ZF#OvyCGH1 zhniBNGv%LwjcR|tZe%M}#Y3VAp2q>w8K2|?y$`l;X&z|f~U)5R}*{U z-OD!12umjPifE^k_)W7OGeQDv`s`o3TRqVxZinCH+$eX5U7-@TU$D?}|8*hYBn;36 z3SZcaP_OT79$)<3hrV7F^nbfy{U6uQ1$+hOeHo$jMIPa04B>$53n2uEA?m~_{}Lkp ix3@g~!yDdv*T^#|y}^7g2>gox&|7IGsd5Q@zyAS9!}oOn literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index 458bc46173..39dc1b16be 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -143,7 +143,7 @@ Select a security recommendation you would like create an exception for, and the ![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-options.png) -Then choose the scope and justification, set a date for the exception duration, and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab. +Then choose the scope and justification, set a date for the exception duration, and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab. ### Exception scope @@ -151,16 +151,32 @@ Exceptions can either be created for selected device groups, or for all device g #### Exception by device group -Apply the exception to all device groups, or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.” +Apply the exception to all device groups or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.” + +![Showing device group dropdown.](images/tvm-exception-device-group-500.png) + +##### Filtered If you have filtered by device group, just your filtered device groups will appear as options. -If your organization has more than 20 device groups, select Edit next to the filtered device. +![Showing filtered device group dropdown.](images/tvm-exception-device-filter500.png) -A flyout will appear where you can search and choose device groups you want included. Select the check mark icon below Search to check/uncheck all. +##### Large number of device groups + +If your organization has more than 20 device groups, select **Edit** next to the filtered device group option. + +![Showing how to edit large numbers of groups.](images/tvm-exception-edit-groups.png) + +A flyout will appear where you can search and choose device groups you want included. Select the check mark icon below Search to check/uncheck all. + +![Showing large device group flyout.](images/tvm-exception-device-group-flyout-400.png) #### Global exceptions +If you have global administrator permissions (called Microsoft Defender ATP administrator), you will be able to create and cancel a global exception. It affects all current and future device groups in your organization. The recommendation state will change from “active” to “full exception.” + +![Showing global exception option.](images/tvm-exception-global.png) + Some things to keep in mind: - If a recommendation is under global exception, then newly created exceptions for device groups will be suspended until the global exception has expired. @@ -209,6 +225,8 @@ The exposed devices (after exceptions) column shows the remaining devices that a The impact (after exceptions) shows remaining impact to exposure score or secure score after exceptions are applied. Exception justifications that affect the scores include ‘third party control’ and ‘alternate mitigation.’ Other justifications do not reduce the exposure of a device, and so the exposure score and secure score do not change. +![Showing the columns in the table.](images/tvm-after-exceptions-table.png) + ## Report inaccuracy You can report a false positive when you see any vague, inaccurate, incomplete, or already remediated security recommendation information. From 6b71ec0122e682dbce5ea84f33ef3c75373c7206 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 9 Oct 2020 14:55:30 -0700 Subject: [PATCH 05/27] updated text --- .../images/tvm-selected-device-groups.png | Bin 0 -> 6812 bytes .../tvm-security-recommendation.md | 40 +++++++++++------- 2 files changed, 25 insertions(+), 15 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-selected-device-groups.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-selected-device-groups.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-selected-device-groups.png new file mode 100644 index 0000000000000000000000000000000000000000..d4f3f506e5c535c50454f5026d49cb40fd13282f GIT binary patch literal 6812 zcmchc^;?utw}uf!Qa})CK?Fn)aHt_gkuHg$OBgyFItB?rP^5&B7%7pKl9HD07&@f8 zW9XE#{k}io{B+KBku&hlp1s$4p8HvEsJfc`ZDM+292}h6iV8BCI5;=7z|T^Ix4>6p zV(xkHjmSws-xUXktmWV5jaY6n2Jj$(o1&^L!4feMwJ_^bPHJi#9C~p@nHMmxr0r>M zBkhqt4cJ+_1ngS(Hx@3INJ1o)>{G`6;WEa}k;3n}mIhx}dij-0k#)VJs;w$X^234z z!_`n~$LDDLn;M^=Q`{lbQdxBhIU!%FWgWT^H8!(z?)U8S#>G}$O5O1U#>Bp;97_uq!; z>S~#o%xoO-@bDCumA&nMdh-Rv{agaIEFvPJTEX2`ouccVjS-b3k@XkN{}!BaUj&Ui zJ~2_eHlpk7;v$SpE-B#;gyutKvE5dtQ}g59e1=#hS-o+huCA^GL0f*u$zQ%UmPFFZXg0Kgo?d?iLTYMyI>IEovNA!~ z@opC9??~y)n1{1W4=$%f3r*`I<O(~vQ5aMi(6~Nmgw{I5?O$A@|C5zYAnTu-2 z#=br5w07H>qN_7`)wJCGK4jOzqoboGPNoEZ&s0W#`Epl~{x(i#W~PkHrINv)BY8%%gJCc?S={(EO>b+y!QT9-3c=@!|cB{qiLZFh#L%BXKQGqa_o?c2~gvwK4CkDQ#> z7rz|Y*xC7g<@(dfR>@l%8{f^%MMQ~_rqN}xvu{mR;mOO(bEtlGu)+T^Vnr zG0lKhX?q_^B|_sDDd}_E-(E^iOf}1awCRLp4@INVoyp>!^hPE+I&Hi4@iEcSjhV_q zy2SSO_Q>O{(5fo$u=-dI&pFFI9_8Vj7c47_g%+HN?MWc?&7S3(qZ6zQ7}=r zDj%#aE-aXz)~IE_Odr9W+nOqtovih{qJP}kd3b!7;d62y=koI4RSt~nzQ06(A}X79 zziqGK&Qzsy5Q3a(Dc;mC%eu%!fsOJ{#co4K^uq~SMwOPPnJcwZC@RAFk_%Y0Fi zZAlZZdrX3axn*ZHEbL%|CoAHIvelwdsGzz!NmRCq*`HzC@rlW?vwXGe#rOCY=e$bS(vqD(`sG9gf=?+kW~R>PV4s_006Opo)7xt~Ia-h;#T==b z+cGi|Yn|d7_gE{Xv8(IT=2+3e#`oa6)YQe;P1V!W(_#JV{>GrUmsojH#GW^eU)l; zyd_#&?FCWy4A|La_UlLsA`tc3V=1-jU0BvNfwbKBUZ<=%+2Ro9xL0lv92Q0bZ;!~M z(N$3)Lgo(E0*&v@qKc_*PStAPHt`vWp6-JN*SLL1xvqZSiBM96Q_RQJ8bKY!y{H-ZosqJ zmm*uBLq#is3o7r&j~^Yqb@&u(yuvo zjpOqtdG!h-MsQ$aP!Q+qb5df~jLgua+cBOVuq$h6Z!Koyjr7zhw75JaiYO%id^U;5 zM|x80#>6-|JEuj((^R;+PEb-x8#z2-_B(`-k&%V$|8kt}isN|@LZb44Ol@g-IXWgL zP$y4zK<5Q$n2yTmcLoJby}h>?3=Oxox1yCYc|PeEjk)eGDgOO!b=$6-xXLIpHdg53 zczb!Os+8v|gOR#=!^X(23xpLn;FsehSb6ho+;6#TwPbpuN4&go+T6M^iHTu}i406) zZY<*BiF~7l%LaB_-LnSoz}d~r_=@@*lis;gKUnYY|I$}iTlT$vi4ykrRP9lCv*&NSEiL_IXM68zjoHUON*ye>ALCf$ZyWiN2UA;KeX{mKy2*0?;9#>XiTR6SjIE;WV*;}Gqv(4mq!6_|gT0o+3}<9y zBbr1ao@<$IQlWRNhIzZ7|h*HWl-;CpNn6Azo zpw-gSDlRKo=!o83TiCFxoMV#mOG=lITG-m^**KYLZnwtK%>9y||76AoAr!y3I8p7c z97fL`A?mX9w205JEkh9nfkKP4+GZquyzExD5>|Frf{lW?Dn$G|5Q6e@dmjKvwI;tC3QB$07Z{IfBy~w=M8wH7~Xz^f|^><-CgL}Gdw4EcXkLQx~FHBbh6T8o4%^5 z>XelB`D$M>Lj-2L+OZRB*K<@R_&xo*lZS`ZjPk+lX#@!gNnl_gtw?{xfcvtGDBo`p za$P9&r7s}RgXWX$8wn?a%D}PgKjtaN^FGnvryms-mNBW8SwYkb{jyD0P2mr=PVpYy zGu|A`Bq_C$B!6v_yY40ivlGIh%pLB3`9*;Z;8QXglbE2s+>3XV5ppkq0B#=fc6WC_ z<|{I+2cG&+o{UNmehVPs(Jx(1&8Fak)#BoE%e8(pcV4%bA!P8+smxrlpAf>177M4@ zv?oh8GsuGoImCb>8>Lv;Zh%~R+PCKubJhlVBRoTYb`;IcS)X<1#l<)!~CioIsn4cdGy!ysZi_QhP3is=G^y4i68H(~AqJ_vSYUPbd(7RCM%>=gfS3TU%QjZ`)>OQc@&+ z0FO;LR0RhIFD*}}y(D;4TU)#N1f{^{<#SSS00poNup1{WE$w|sh;Zd}SC>+m0nhei z#VVh_cR0Z8n1s(CMn>0sJz*Dr`IC~9 zbASAh1{!N+6*9{r1xUCLP=sPlid=sW8oW6MUQN|pNo)Fz*y_s4z3usjA+x~Sor{a} z4eKL;zHZHwQvn-xaCE$#S{3u9C4yo7^n$$Y==Vi6=!ASPA9g^qEx9N&(7&Lo(dSd9 z&Tei?K_@y;TDYTwYVvHszz+++!xQE9kK%ca7yL)_bK@15g>qq^Fab9tM(d?O3mi0F z>{3xtHSZYL=+#;f0ons3b>pdD(|hD2xq>VM#KgqJ^Ik=MxAC91cH@lzy4!&LCzP`TOCfmDGqPsjb zruBZOWc0&x9>!wTEU3<>0s{Xku04{8U066S6vd$dP9OLX$XFnz+3`PvZ~kI$&x7cr z^>Gv|2XAe{I2wMEvd`h+q`>BGcftyET#tLAaKdTNWP<9TpgXfLgg>AWdlutF zI7vy#x9dti6liw}0$Kp*TqsdiJ(=}yZ)>{+IPT3G-o-Y_;3CB0bZOf#8O+PeZ84a} z#9==`UoQdf2oF-rmd_q4w=*@Mbai)kM_~bsF;Kd?+QAV$SCbF{f%NI=GauiJBlzD- z{N7(Jb+xrlo}Q1`+0nJN5`#lSogE!4oHkbJG!Ykz_JwZ@U25s!Lo$;8GPI__;P>r` zKjW{#i4C88&(sPH&(z6P&xN@gB=e)gu~ZySkv+7mtgPduK2T@p;@TQJcE>+uW=>S7 zJ$pV)>Sb!V_HXK(HhDSMf)+rI034+h8cVJX^~jd@JG%uTUjwFvesfS)WQn^ zb*HS7DD3FuvD2~PsS9zDc^xE`>U*wOcLd|2X7<0l^HBaKzwfzeXIB?;j>#rchV=zk zZcXAZVPO&Rv08Z+2&8fEi;VK{OuMpbogM9jqsqlG)7n%nmA7|=A`tfKTA!LEp3sS& zp72P|SHHP+3)KxYPuMV>ohx$4Y7NNcnE%8;ny-(Gt810Vwn5$Lj=z#J2WlW!OLf{v zwWLHd)Y!aR5Uu?GchBh1=%eiAW#+Uj0bkMxk1?xS0@*ivzv(P#UoVSxlc?? zyfN}hS{fHvcF#^Sh=)e?)yZ z1R)TJ#Ic@#ZMaudV6ppT%;HFbNgZ;2V?zn>((F{J>3^mN#i(J9TTd7k=H@_eP8UKn?`zi9icy|fB=k2q^5js0Jf9(1cBL^Hmaos zdj!od^}l|GgZqJC5YQpWa5TJ0*(D`|KU37Q1=x173|4U>Be&P5ssx~=B{}&ylVZJ~ zYsI*_oZbR&0_kiijBgaU&f4s3yVF1i2J?t@K^JH{_5e}IZe*a@)0U%=?o^LZ(zlew2bWy~R|hYWI29jf=Pq7Rb@JIjUtd#Q{ka?Lu9cix zcyDiAa7OG29L6Qo*vLRgHq$@n0t_wCs!!19ECqRP3r1l?BqZ?VF3;2bZaya$kF3g^ zkASX0ivQKQzmxol`u_bsjMQ~_Vxl;IRnOB`ZmtTwFuG8gf5E?_qwg@dXNY$1<}Q0 zXX;%<#BE?jV6qqbX1bc;s1O%Wt<_EZJIu`T;OK_3uc-|U4Tm@EfXjLWXw zO;@`w#s-s|U3?W{6rt$yob|O%pt_hu(20nN@poW~`ozjRdBKk2nCMr27QXFvwPWot z{cFifsI9d%c*1pM??lKRWCgbC%T@9amk=_hkktBmGu}eTPLyxsDQ zeL|9~)=n;U*{~0dUz{2FH|yG-GHQNF^H46*!6g+O_4-5}4P;{zZXb;;C74>+3sF>d7}*fmrQ{l8TA*U<#Ig7ZpXWm95%3d2uagv&*yle9aGp^2c0UO_h9Ed}oTrX??Bfczd#=rzgX>#^Z_c zITYwKwynfcZmi(L2ZBwg!&8Z)bRAtV2}ueLyLX3)$(RqV#75Z`mHIsDzU25XcW$Yx zLxEh~B69=+^YP9@w3wq^U85uz&Yho}KqM&NUJnVVLjJ4vtkDWyU=%ezDZY2qHdn(p zl)EybOC#Vs$oA~|QXqY^EO-3I`SEu5(qk=JAv?F^-2xfb`J$n0_#3mnlxd%i?wW|8 zAUqNpo~Eg(rhXFpj+}w?ggb&kbGI236crl*vaSzVKi#fcCAA!mT$%0ad;rFT5pqFb z{=nClXg#cD9v2r!$|M#JrcWyX%-uFedz~1Qlaj!zmCX|gfp*HywywK!SQEVr`ImIO z8Yr4D$;dc6Qd=M`?RI^tTX{G-7zLVlOcfEhIYr zfY2XCy}X=nP#&|lwAx&F@VR$efhbtO%2!&yBu#iil%Z5?~Y&e_FNVR)5xXi zkzMG;w}9gP{Wqm<>zWSv1!t$ISE@7ozBxs6zyZ_2@yK0&l;OJck98La1AhG45f1ly zav&A^-O&*EXQlT6#|JVdJC~iED|#f^>|G#t?NLmRBzYoMQ&S!HWr)Fy7){*N4Aa(b zJ$9U|jQL`rKmpthTxxIr19J>;L=Yz5ylJavyTWvhc~S^i^~^QA!{b5v=csTjmS_4e z9+F?1_n=gx49jG|7!C}FEJ2NO_|$J){T195pnmWFq3lpl*g-F#?tWYGJFD9JaPhGQ+~Ro6_74#Mp1|A;m>`gW zjI1oy`0n-T8YqbFW=$=j*SptJ3H?ZNcN`^(oAXk^mDc|s_elQN`!Sb%0pDj^&2g^& Q-EP8BlvR@{lztufKl~JZ-v9sr literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index afd2f918cb..2a5e336617 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -134,11 +134,9 @@ If you want to check how the ticket shows up in Intune, see [Use Intune to remed ## File for exception -As an alternative to a remediation request, you can create exceptions for recommendations. Only users with “exceptions handling” permissions can add exception. [Learn more about RBAC roles](user-roles.md) +As an alternative to a remediation request when a recommendation is not relevant at the moment, you can create exceptions for recommendations. Only users with “exceptions handling” permissions can add exception. [Learn more about RBAC roles](user-roles.md). If your organization has device groups, you will now be able to scope the exception to specific device groups. -If your organization has device groups, you will now be able to scope the exception to specific groups. If you have global administrator permission (called Microsoft Defender ATP administrator), then you can choose to set the exception for all current and future device groups. - -When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state will change to **Full exception** or **Partial exception (by device group)**. +When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state will change to **Full exception** or **Partial exception** (by device group). ### How to create an exception @@ -146,7 +144,7 @@ Select a security recommendation you would like create an exception for, and the ![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-options.png) -Then choose the scope and justification, set a date for the exception duration, and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab. +Choose the scope and justification, set a date for the exception duration, and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab. ### Exception scope @@ -154,13 +152,19 @@ Exceptions can either be created for selected device groups, or for all device g #### Exception by device group -Apply the exception to all device groups or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.” +Apply the exception to all device groups or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.” The state will change to “full exception” if you select all the device groups. ![Showing device group dropdown.](images/tvm-exception-device-group-500.png) ##### Filtered -If you have filtered by device group, just your filtered device groups will appear as options. +If you have filtered by device group on any of the threat and vulnerability management pages, only your filtered device groups will appear as options. + +Button to filter by device group on any of the threat and vulnerability management pages: + +![Showing selected device groups filter.](images/tvm-selected-device-groups.png) + +Exception view with filtered device groups: ![Showing filtered device group dropdown.](images/tvm-exception-device-filter500.png) @@ -176,13 +180,13 @@ A flyout will appear where you can search and choose device groups you want incl #### Global exceptions -If you have global administrator permissions (called Microsoft Defender ATP administrator), you will be able to create and cancel a global exception. It affects all current and future device groups in your organization. The recommendation state will change from “active” to “full exception.” +If you have global administrator permissions (called Microsoft Defender ATP administrator), you will be able to create and cancel a global exception. It affects **all** current and future device groups in your organization, and only a user with similar permission would be able to change it. The recommendation state will change from “active” to “full exception.” ![Showing global exception option.](images/tvm-exception-global.png) Some things to keep in mind: -- If a recommendation is under global exception, then newly created exceptions for device groups will be suspended until the global exception has expired. +- If a recommendation is under global exception, then newly created exceptions for device groups will be suspended until the global exception has expired or been cancelled. After that point, the new device group exceptions will go into effect until they expire. - If a recommendation already has exceptions for specific device groups and a global exception is created, then the device group exception will be suspended until it expires or the global exception is cancelled before it expires. ### Justification @@ -192,21 +196,27 @@ Select your justification for the exception you need to file instead of remediat The following list details the justifications behind the exception options: - **Third party control** - A third party product or software already addresses this recommendation - - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced + - Choosing this justification type will lower your exposure score and increase your secure score because your risk is reduced - **Alternate mitigation** - An internal tool already addresses this recommendation - - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced + - Choosing this justification type will lower your exposure score and increase your secure score because your risk is reduced - **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive - **Planned remediation (grace)** - Already planned but is awaiting execution or authorization +### View all exceptions + +Navigate to the **Exceptions** tab in the **Remediation** page. + +![Showing the "Exceptions" tab in the Remediation page.](images/tvm-exception-tab400.png) + +Select an exception to open a flyout with more details. Exceptions per devices group will have a list of every device group the exception covers, which you can Export. You can also view the related recommendation or cancel the exception. + ### How to cancel an exception To cancel an exception, navigate to the **Exceptions** tab in the **Remediation** page. Select the exception. -![Showing the "Exceptions" tab in the Remediation page.](images/tvm-exception-tab400.png) - #### Cancel the exception for a specific device group -If the exception is per device group, then you will need to select a specific device group to cancel the exception for. +If the exception is per device group, then you will need to select the specific device group to cancel the exception for it. ![Showing how to select a specific device group.](images/tvm-exception-device-group-hover.png) @@ -214,7 +224,7 @@ A flyout will appear for the device group, and you can select **Cancel exception #### Cancel a global exception -If it is a global exception, select an exception from the list and then select Cancel exception from the flyout. +If it is a global exception, select an exception from the list and then select **Cancel exception** from the flyout. ![Showing how to cancel the exception for a global exception.](images/tvm-exception-cancel-global-400.png) From 6cf756296e063e53048024942dc01b9d67d2891e Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 23 Oct 2020 18:58:41 -0700 Subject: [PATCH 06/27] new section --- .../microsoft-defender-atp/tvm-exception.md | 113 ++++++++++++++++++ 1 file changed, 113 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md index f8f6565174..76ce732c92 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md @@ -89,6 +89,119 @@ Select **Show exceptions** at the bottom of the **Top security recommendations** ![Screenshot of Show exceptions link in the Top security recommendations card in the dashboard.](images/tvm-exception-dashboard.png) +## File for exception + +As an alternative to a remediation request when a recommendation is not relevant at the moment, you can create exceptions for recommendations. Only users with “exceptions handling” permissions can add exception. [Learn more about RBAC roles](user-roles.md). If your organization has device groups, you will now be able to scope the exception to specific device groups. + +When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state will change to **Full exception** or **Partial exception** (by device group). + +### How to create an exception + +Select a security recommendation you would like create an exception for, and then select **Exception options**. + +![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-options.png) + +Choose the scope and justification, set a date for the exception duration, and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab. + +### Exception scope + +Exceptions can either be created for selected device groups, or for all device groups past and present. + +#### Exception by device group + +Apply the exception to all device groups or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.” The state will change to “full exception” if you select all the device groups. + +![Showing device group dropdown.](images/tvm-exception-device-group-500.png) + +##### Filtered + +If you have filtered by device group on any of the threat and vulnerability management pages, only your filtered device groups will appear as options. + +Button to filter by device group on any of the threat and vulnerability management pages: + +![Showing selected device groups filter.](images/tvm-selected-device-groups.png) + +Exception view with filtered device groups: + +![Showing filtered device group dropdown.](images/tvm-exception-device-filter500.png) + +##### Large number of device groups + +If your organization has more than 20 device groups, select **Edit** next to the filtered device group option. + +![Showing how to edit large numbers of groups.](images/tvm-exception-edit-groups.png) + +A flyout will appear where you can search and choose device groups you want included. Select the check mark icon below Search to check/uncheck all. + +![Showing large device group flyout.](images/tvm-exception-device-group-flyout-400.png) + +#### Global exceptions + +If you have global administrator permissions (called Microsoft Defender ATP administrator), you will be able to create and cancel a global exception. It affects **all** current and future device groups in your organization, and only a user with similar permission would be able to change it. The recommendation state will change from “active” to “full exception.” + +![Showing global exception option.](images/tvm-exception-global.png) + +Some things to keep in mind: + +- If a recommendation is under global exception, then newly created exceptions for device groups will be suspended until the global exception has expired or been cancelled. After that point, the new device group exceptions will go into effect until they expire. +- If a recommendation already has exceptions for specific device groups and a global exception is created, then the device group exception will be suspended until it expires or the global exception is cancelled before it expires. + +### Justification + +Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration. + +The following list details the justifications behind the exception options: + +- **Third party control** - A third party product or software already addresses this recommendation + - Choosing this justification type will lower your exposure score and increase your secure score because your risk is reduced +- **Alternate mitigation** - An internal tool already addresses this recommendation + - Choosing this justification type will lower your exposure score and increase your secure score because your risk is reduced +- **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive +- **Planned remediation (grace)** - Already planned but is awaiting execution or authorization + +### View all exceptions + +Navigate to the **Exceptions** tab in the **Remediation** page. + +![Showing the "Exceptions" tab in the Remediation page.](images/tvm-exception-tab400.png) + +Select an exception to open a flyout with more details. Exceptions per devices group will have a list of every device group the exception covers, which you can Export. You can also view the related recommendation or cancel the exception. + +### How to cancel an exception + +To cancel an exception, navigate to the **Exceptions** tab in the **Remediation** page. Select the exception. + +#### Cancel the exception for a specific device group + +If the exception is per device group, then you will need to select the specific device group to cancel the exception for it. + +![Showing how to select a specific device group.](images/tvm-exception-device-group-hover.png) + +A flyout will appear for the device group, and you can select **Cancel exception**. + +#### Cancel a global exception + +If it is a global exception, select an exception from the list and then select **Cancel exception** from the flyout. + +![Showing how to cancel the exception for a global exception.](images/tvm-exception-cancel-global-400.png) + +### View impact after exceptions are applied + +In the Security Recommendations page, select **Customize columns** and check the boxes for **Exposed devices (after exceptions)** and **Impact (after exceptions)**. + +![Showing customize columns options.](images/tvm-after-exceptions.png) + +The exposed devices (after exceptions) column shows the remaining devices that are still exposed to vulnerabilities after exceptions are applied. Exception justifications that affect the exposure include ‘third party control’ and ‘alternate mitigation’. Other justifications do not reduce the exposure of a device, and they are still considered exposed. + +The impact (after exceptions) shows remaining impact to exposure score or secure score after exceptions are applied. Exception justifications that affect the scores include ‘third party control’ and ‘alternate mitigation.’ Other justifications do not reduce the exposure of a device, and so the exposure score and secure score do not change. + +![Showing the columns in the table.](images/tvm-after-exceptions-table.png) +If there is a large jump in the number of exposed devices, or a sharp increase in the impact on your organization exposure score and Microsoft Secure Score for Devices, then that security recommendation is worth investigating. + +1. Select the recommendation and **Open software page** +2. Select the **Event timeline** tab to view all the impactful events related to that software, such as new vulnerabilities or new public exploits. [Learn more about event timeline](threat-and-vuln-mgt-event-timeline.md) +3. Decide how to address the increase or your organization's exposure, such as submitting a remediation request. + ## Related topics - [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md) From 54bcb53231b5f88622d15add7b4b8e6807172a89 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 23 Oct 2020 19:29:11 -0700 Subject: [PATCH 07/27] updated exceptions --- .../microsoft-defender-atp/tvm-exception.md | 96 ++++--------------- 1 file changed, 16 insertions(+), 80 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md index 76ce732c92..4421ece5a0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exception.md @@ -29,91 +29,27 @@ ms.topic: conceptual >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) -Sometimes, you may not be able to take the remediation steps suggested by a security recommendation. If that is the case, threat and vulnerability management gives you an avenue to create an exception. - -When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to **Exception**, and no longer shows up in the security recommendations list. - -## Create an exception - -1. Go to the threat and vulnerability management navigation menu in the Microsoft Defender Security Center, and select [**Security recommendations**](tvm-security-recommendation.md). - -2. Select a security recommendation you would like to create an exception for, and then **Exception options**. -![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-option.png) - -3. Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration. - - The following list details the justifications behind the exception options: - - - **Third party control** - A third party product or software already addresses this recommendation - - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced - - **Alternate mitigation** - An internal tool already addresses this recommendation - - Choosing this justification type will lower your exposure score and increase you secure score because your risk is reduced - - **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive - - **Planned remediation (grace)** - Already planned but is awaiting execution or authorization - -4. Select **Submit**. A confirmation message at the top of the page indicates that the exception has been created. - -## View your exceptions - -When you file for an exception from the security recommendations page, you create an exception for that security recommendation. You can file exceptions to exclude certain recommendation from showing up in reports and affecting your [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md). - -The exceptions you've filed will show up in the **Remediation** page, in the **Exceptions** tab. You can filter your view based on exception justification, type, and status. - -![Example of the exception page and filter options.](images/tvm-exception-filters.png) - -### Exception actions and statuses - -Once an exception exists, you can cancel it at any time by going to the exception in the **Remediation** page and selecting **Cancel exception**. - -The following statuses will be a part of an exception: - -- **Canceled** - The exception has been canceled and is no longer in effect -- **Expired** - The exception that you've filed is no longer in effect -- **In effect** - The exception that you've filed is in progress - -### Exception impact on scores - -Creating an exception can potentially affect the Exposure Score (for both types of weaknesses) and Microsoft Secure Score for Devices of your organization in the following manner: - -- **No impact** - Removes the recommendation from the lists (which can be reverse through filters), but will not affect the scores. -- **Mitigation-like impact** - As if the recommendation was mitigated (and scores will be adjusted accordingly) when you select it as a compensating control. -- **Hybrid** - Provides visibility on both No impact and Mitigation-like impact. It shows both the Exposure Score and Microsoft Secure Score for Devices results out of the exception option that you made. - -The exception impact shows on both the Security recommendations page column and in the flyout pane. - -![Screenshot identifying the impact sections which list score impacts in the full page security recommendations table, and the flyout.](images/tvm-exception-impact.png) - -### View exceptions in other places - -Select **Show exceptions** at the bottom of the **Top security recommendations** card in the dashboard. It will open a filtered view in the **Security recommendations** page of recommendations with an "Exception" status. - -![Screenshot of Show exceptions link in the Top security recommendations card in the dashboard.](images/tvm-exception-dashboard.png) - -## File for exception - -As an alternative to a remediation request when a recommendation is not relevant at the moment, you can create exceptions for recommendations. Only users with “exceptions handling” permissions can add exception. [Learn more about RBAC roles](user-roles.md). If your organization has device groups, you will now be able to scope the exception to specific device groups. +As an alternative to a remediation request when a recommendation is not relevant at the moment, you can create exceptions for recommendations. If your organization has device groups, you will now be able to scope the exception to specific device groups. Exceptions can either be created for selected device groups, or for all device groups past and present. When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state will change to **Full exception** or **Partial exception** (by device group). -### How to create an exception +## Permissions -Select a security recommendation you would like create an exception for, and then select **Exception options**. +Only users with “exceptions handling” permissions can add exception. [Learn more about RBAC roles](user-roles.md). + +## Create an exception + +Select a security recommendation you would like create an exception for, and then select **Exception options** and fill out the form. ![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-options.png) -Choose the scope and justification, set a date for the exception duration, and submit. To view all your exceptions (current and past), navigate to the [Remediation](tvm-remediation.md) page under the **Threat & Vulnerability Management** menu and select the **Exceptions** tab. - -### Exception scope - -Exceptions can either be created for selected device groups, or for all device groups past and present. - -#### Exception by device group +### Exception by device group Apply the exception to all device groups or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.” The state will change to “full exception” if you select all the device groups. ![Showing device group dropdown.](images/tvm-exception-device-group-500.png) -##### Filtered +#### Filtered views If you have filtered by device group on any of the threat and vulnerability management pages, only your filtered device groups will appear as options. @@ -125,7 +61,7 @@ Exception view with filtered device groups: ![Showing filtered device group dropdown.](images/tvm-exception-device-filter500.png) -##### Large number of device groups +#### Large number of device groups If your organization has more than 20 device groups, select **Edit** next to the filtered device group option. @@ -135,7 +71,7 @@ A flyout will appear where you can search and choose device groups you want incl ![Showing large device group flyout.](images/tvm-exception-device-group-flyout-400.png) -#### Global exceptions +### Global exceptions If you have global administrator permissions (called Microsoft Defender ATP administrator), you will be able to create and cancel a global exception. It affects **all** current and future device groups in your organization, and only a user with similar permission would be able to change it. The recommendation state will change from “active” to “full exception.” @@ -159,7 +95,7 @@ The following list details the justifications behind the exception options: - **Risk accepted** - Poses low risk and/or implementing the recommendation is too expensive - **Planned remediation (grace)** - Already planned but is awaiting execution or authorization -### View all exceptions +## View all exceptions Navigate to the **Exceptions** tab in the **Remediation** page. @@ -167,11 +103,11 @@ Navigate to the **Exceptions** tab in the **Remediation** page. Select an exception to open a flyout with more details. Exceptions per devices group will have a list of every device group the exception covers, which you can Export. You can also view the related recommendation or cancel the exception. -### How to cancel an exception +## How to cancel an exception To cancel an exception, navigate to the **Exceptions** tab in the **Remediation** page. Select the exception. -#### Cancel the exception for a specific device group +### Cancel the exception for a specific device group If the exception is per device group, then you will need to select the specific device group to cancel the exception for it. @@ -179,13 +115,13 @@ If the exception is per device group, then you will need to select the specific A flyout will appear for the device group, and you can select **Cancel exception**. -#### Cancel a global exception +### Cancel a global exception If it is a global exception, select an exception from the list and then select **Cancel exception** from the flyout. ![Showing how to cancel the exception for a global exception.](images/tvm-exception-cancel-global-400.png) -### View impact after exceptions are applied +## View impact after exceptions are applied In the Security Recommendations page, select **Customize columns** and check the boxes for **Exposed devices (after exceptions)** and **Impact (after exceptions)**. From d907ecdd8f30f39db98314e2a3681a70ffbc9275 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sat, 24 Oct 2020 19:10:38 +0530 Subject: [PATCH 08/27] removed REG_SZ added REG_DWORD as per user report #8526 , i removed **REG_SZ** and added **REG_DWORD** https://user-images.githubusercontent.com/3296790/97083291-8a530200-162c-11eb-83e6-a4cc001a18d5.JPG --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 956ca7dc78..13846802f8 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1659,7 +1659,7 @@ You can turn off **Enhanced Notifications** as follows: -or- -- Create a new REG_SZ registry setting named **DisableEnhancedNotifications** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\Reporting** to a value of **1**. +- Create a new REG_DWORD registry setting named **DisableEnhancedNotifications** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\Reporting** to a value of **1**. ### 24.1 Windows Defender SmartScreen From 270aff93e29a8fa322638e9af089674428257785 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Fri, 6 Nov 2020 23:19:11 +0500 Subject: [PATCH 09/27] Instructional updates As suggested, some of the information was missing and has been added. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8567 --- .../exposed-apis-create-app-nativeapp.md | 20 +++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md index c93c7f464b..aa97239067 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md @@ -56,12 +56,24 @@ This page explains how to create an AAD application, get an access token to Micr ![Image of Microsoft Azure and navigation to application registration](images/atp-azure-new-app2.png) -3. In the registration from, enter the following information then select **Register**. +3. When the **Register an application** page appears, enter your application's registration information: - ![Image of Create application window](images/nativeapp-create2.png) + - **Name** - Enter a meaningful application name that will be displayed to users of the app. + - **Supported account types** - Select which accounts you would like your application to support. - - **Name:** -Your application name- - - **Application type:** Public client + | Supported account types | Description | + |-------------------------|-------------| + | **Accounts in this organizational directory only** | Select this option if you're building a line-of-business (LOB) application. This option is not available if you're not registering the application in a directory.

This option maps to Azure AD only single-tenant.

This is the default option unless you're registering the app outside of a directory. In cases where the app is registered outside of a directory, the default is Azure AD multi-tenant and personal Microsoft accounts. | + | **Accounts in any organizational directory** | Select this option if you would like to target all business and educational customers.

This option maps to an Azure AD only multi-tenant.

If you registered the app as Azure AD only single-tenant, you can update it to be Azure AD multi-tenant and back to single-tenant through the **Authentication** blade. | + | **Accounts in any organizational directory and personal Microsoft accounts** | Select this option to target the widest set of customers.

This option maps to Azure AD multi-tenant and personal Microsoft accounts.

If you registered the app as Azure AD multi-tenant and personal Microsoft accounts, you cannot change this in the UI. Instead, you must use the application manifest editor to change the supported account types. | + + - **Redirect URI (optional)** - Select the type of app you're building, **Web** or **Public client (mobile & desktop)**, and then enter the redirect URI (or reply URL) for your application. + - For web applications, provide the base URL of your app. For example, `http://localhost:31544` might be the URL for a web app running on your local machine. Users would use this URL to sign in to a web client application. + - For public client applications, provide the URI used by Azure AD to return token responses. Enter a value specific to your application, such as `myapp://auth`. + + To see specific examples for web applications or native applications, check out our [quickstarts](/azure/active-directory/develop/#quickstarts). + + When finished, select **Register**. 4. Allow your Application to access Microsoft Defender ATP and assign it 'Read alerts' permission: From 342d51170c2026887adb68299555e459d5fc4500 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Fri, 6 Nov 2020 23:35:42 +0500 Subject: [PATCH 10/27] Update use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md Path values in rules were defined incorrectly. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8564 --- ...licy-to-control-specific-plug-ins-add-ins-and-modules.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md index 79a167e2a1..a6e3ec2b41 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md @@ -36,14 +36,14 @@ To work with these options, the typical method is to create a policy that only a For example, to create a WDAC policy that allows **addin1.dll** and **addin2.dll** to run in **ERP1.exe**, your organization's enterprise resource planning (ERP) application, run the following commands. Note that in the second command, **+=** is used to add a second rule to the **$rule** variable: ```powershell -$rule = New-CIPolicyRule -DriverFilePath '.\ERP1.exe' -Level FileName -AppID '.\temp\addin1.dll' -$rule += New-CIPolicyRule -DriverFilePath '.\ERP1.exe' -Level FileName -AppID '.\temp\addin2.dll' +$rule = New-CIPolicyRule -DriverFilePath '..\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe' +$rule += New-CIPolicyRule -DriverFilePath '.\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe' New-CIPolicy -Rules $rule -FilePath ".\AllowERPAddins.xml" -UserPEs ``` As another example, to create a WDAC policy that blocks **addin3.dll** from running in Microsoft Word, run the following command. You must include the `-Deny` option to block the specified add-ins in the specified application: ```powershell -$rule = New-CIPolicyRule -DriverFilePath '.\winword.exe' -Level FileName -Deny -AppID '.\temp\addin3.dll' +$rule = New-CIPolicyRule -DriverFilePath '.\temp\addin3.dll' -Level FileName -Deny -AppID '.\winword.exe' New-CIPolicy -Rules $rule -FilePath ".\BlockAddins.xml" -UserPEs ``` From 9cf77e70111abd7e62df26a76dde795b21bbe71b Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 7 Nov 2020 19:45:23 +0500 Subject: [PATCH 11/27] Update windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- ...l-policy-to-control-specific-plug-ins-add-ins-and-modules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md index a6e3ec2b41..a30934a529 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md @@ -33,7 +33,7 @@ As of Windows 10, version 1703, you can use WDAC policies not only to control ap To work with these options, the typical method is to create a policy that only affects plug-ins, add-ins, and modules, then merge it into your 'master' policy (merging is described in the next section). -For example, to create a WDAC policy that allows **addin1.dll** and **addin2.dll** to run in **ERP1.exe**, your organization's enterprise resource planning (ERP) application, run the following commands. Note that in the second command, **+=** is used to add a second rule to the **$rule** variable: +For example, to create a WDAC policy allowing **addin1.dll** and **addin2.dll** to run in **ERP1.exe**, your organization's enterprise resource planning (ERP) application, run the following commands. Note that in the second command, **+=** is used to add a second rule to the **$rule** variable: ```powershell $rule = New-CIPolicyRule -DriverFilePath '..\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe' From be9e630af24ee289711b5467e0b70bea0ee65213 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 7 Nov 2020 19:46:02 +0500 Subject: [PATCH 12/27] Update use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md minor changes. --- ...l-policy-to-control-specific-plug-ins-add-ins-and-modules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md index a30934a529..fc7de322fe 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md @@ -36,7 +36,7 @@ To work with these options, the typical method is to create a policy that only a For example, to create a WDAC policy allowing **addin1.dll** and **addin2.dll** to run in **ERP1.exe**, your organization's enterprise resource planning (ERP) application, run the following commands. Note that in the second command, **+=** is used to add a second rule to the **$rule** variable: ```powershell -$rule = New-CIPolicyRule -DriverFilePath '..\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe' +$rule = New-CIPolicyRule -DriverFilePath '.\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe' $rule += New-CIPolicyRule -DriverFilePath '.\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe' New-CIPolicy -Rules $rule -FilePath ".\AllowERPAddins.xml" -UserPEs ``` From a8b5947f4d25f55c561de1421f76f0607035b88e Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 7 Nov 2020 19:49:06 +0500 Subject: [PATCH 13/27] Update exposed-apis-create-app-nativeapp.md minor tweak. --- .../microsoft-defender-atp/exposed-apis-create-app-nativeapp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md index aa97239067..0767f473d0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md @@ -50,7 +50,7 @@ This page explains how to create an AAD application, get an access token to Micr ## Create an app -1. Log on to [Azure](https://portal.azure.com) with user that has **Global Administrator** role. +1. Log on to [Azure](https://portal.azure.com) with user account that has **Global Administrator** role. 2. Navigate to **Azure Active Directory** > **App registrations** > **New registration**. From 58e7b8d5bb2d1c7569c9276f39f3d7140aad3948 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Mon, 9 Nov 2020 21:04:34 +0500 Subject: [PATCH 14/27] Update windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/exposed-apis-create-app-nativeapp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md index 0767f473d0..f936483ccd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md @@ -50,7 +50,7 @@ This page explains how to create an AAD application, get an access token to Micr ## Create an app -1. Log on to [Azure](https://portal.azure.com) with user account that has **Global Administrator** role. +1. Log on to [Azure](https://portal.azure.com) with a user account that has the **Global Administrator** role. 2. Navigate to **Azure Active Directory** > **App registrations** > **New registration**. From 539c1ccd99ef48e314fb4178011a68ed470f801e Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 9 Nov 2020 17:37:05 -0800 Subject: [PATCH 15/27] updated zeroday --- .../microsoft-defender-atp/tvm-security-recommendation.md | 2 +- .../microsoft-defender-atp/tvm-zero-day-vulnerabilities.md | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index b4ffcd5ce4..cab17aed46 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -95,7 +95,7 @@ From the flyout, you can choose any of the following options: - **Open software page** - Open the software page to get more context on the software and how it's distributed. The information can include threat context, associated recommendations, weaknesses discovered, number of exposed devices, discovered vulnerabilities, names and detailed of devices with the software installed, and version distribution. -- [**Remediation options**](tvm-remediation.md) - Submit a remediation request to open a ticket in Microsoft Intune for your IT Administrator to pick up and address. +- [**Remediation options**](tvm-remediation.md) - Submit a remediation request to open a ticket in Microsoft Intune for your IT administrator to pick up and address. Track the remediation activity in the Remediation page. - [**Exception options**](tvm-exception.md) - Submit an exception, provide justification, and set exception duration if you can't remediate the issue yet. diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md index 62b6465eab..f1747bc294 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md @@ -84,10 +84,14 @@ Go to the security recommendation page and select a recommendation with a zero-d There will be a link to mitigation options and workarounds if they are available. Workarounds may help reduce the risk posed by this zero-day vulnerability until a patch or security update can be deployed. -Open remediation options and choose the attention type. An "attention required" remediation option is recommended for the zero-day vulnerabilities, since an update hasn't been released yet. If there are older vulnerabilities for this software you wish to remediation, you can override the "attention required" remediation option and choose “update.” +Open remediation options and choose the attention type. An "attention required" remediation option is recommended for the zero-day vulnerabilities, since an update hasn't been released yet. You won't be able to select a due date, since there is no specific action to perform. If there are older vulnerabilities for this software you wish to remediation, you can override the "attention required" remediation option and choose “update.” ![Zero day flyout example of Windows Server 2016 in the security recommendations page.](images/tvm-zero-day-software-flyout-400.png) +## Track zero-day remediation activities + +Go to the threat and vulnerability management [Remediation](tvm-remediation.md) page to view the remediation activity item. If you chose the "attention required" remediation option, there will be no progress bar or ticket status since there is no actual action we can monitor. + ## Patching zero-day vulnerabilities When a patch is released for the zero-day, the recommendation will be changed to “Update” and a blue label next to it that says “New security update for zero day.” It will no longer consider as a zero-day, the zero-day tag will be removed from all pages. From 209277d6a700975891e26100f5be51c5ca6148d8 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Wed, 11 Nov 2020 17:12:50 -0500 Subject: [PATCH 16/27] attempt to improve acrolinx score typo fixes, shorter sentences, misc other copyedits --- .../threat-protection/fips-140-validation.md | 704 +++++++++--------- 1 file changed, 354 insertions(+), 350 deletions(-) diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md index 867aadf0d5..755d20142f 100644 --- a/windows/security/threat-protection/fips-140-validation.md +++ b/windows/security/threat-protection/fips-140-validation.md @@ -1,6 +1,6 @@ --- title: Federal Information Processing Standard (FIPS) 140 Validation -description: This topic provides information on how Microsoft products and cryptographic modules comply with the U.S. Federal government standard FIPS 140. +description: Learn how Microsoft products and cryptographic modules follow the U.S. Federal government standard FIPS 140. ms.prod: w10 audience: ITPro author: dansimp @@ -16,41 +16,48 @@ ms.reviewer: ## FIPS 140-2 standard overview -The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard that defines minimum security requirements for cryptographic modules in information technology products, as defined in Section 5131 of the Information Technology Management Reform Act of 1996. +The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products. -The [Cryptographic Module Validation Program (CMVP)](https://csrc.nist.gov/Projects/cryptographic-module-validation-program), a joint effort of the U.S. National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS), validates cryptographic modules against the Security Requirements for Cryptographic Modules (part of FIPS 140-2) and related FIPS cryptography standards. The FIPS 140-2 security requirements cover eleven areas related to the design and implementation of a cryptographic module. The NIST Information Technology Laboratory operates a related program that validates the FIPS approved cryptographic algorithms in the module. +The [Cryptographic Module Validation Program (CMVP)](https://csrc.nist.gov/Projects/cryptographic-module-validation-program) is a joint effort of the U.S. National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS). It validates cryptographic modules against the Security Requirements for Cryptographic Modules (part of FIPS 140-2) and related FIPS cryptography standards. The FIPS 140-2 security requirements cover 11 areas related to the design and implementation of a cryptographic module. The NIST Information Technology Laboratory operates a related program that validates the FIPS approved cryptographic algorithms in the module. ## Microsoft’s approach to FIPS 140-2 validation -Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since the inception of the standard in 2001. Microsoft validates its cryptographic modules under the NIST CMVP, as described above. Multiple Microsoft products, including Windows 10, Windows Server, and many cloud services, use these cryptographic modules. +Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since it was first established in 2001. Microsoft validates its cryptographic modules under the NIST CMVP, as described above. Multiple Microsoft products, including Windows 10, Windows Server, and many cloud services, use these cryptographic modules. ## Using Windows in a FIPS 140-2 approved mode of operation -Windows 10 and Windows Server may be configured to run in a FIPS 140-2 approved mode of operation. This is commonly referred to as “FIPS mode.”  When this mode is enabled, the Cryptographic Primitives Library (bcryptprimitives.dll) and Kernel Mode Cryptographic Primitives Library (CNG.sys) modules will run self-tests before Windows cryptographic operations are run. These self-tests are run in accordance with FIPS 140-2 Section 4.9 and are utilized to ensure that the modules are functioning properly. The Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library are the only modules affected by this mode of operation. The FIPS 140-2 approved mode of operation will not prevent Windows and its subsystems from using non-FIPS validated cryptographic algorithms. For applications or components beyond the Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library, FIPS mode is merely advisory. +Windows 10 and Windows Server may be configured to run in a FIPS 140-2 approved mode of operation, commonly referred to as "FIPS mode."  If you turn on FIPS mode, the Cryptographic Primitives Library (bcryptprimitives.dll) and Kernel Mode Cryptographic Primitives Library (CNG.sys) modules will run self-tests before Windows runs cryptographic operations. These self-tests are run according to FIPS 140-2 Section 4.9. They ensure that the modules are functioning properly. -While US government regulations continue to mandate that FIPS mode be enabled on government computers running Windows, our recommendation is that it is each customer’s decision to make when considering enabling FIPS mode. There are many applications and protocols that look to the FIPS mode policy to determine which cryptographic functionality should be utilized in a given solution. We recommend that customers hoping to comply with FIPS 140-2 research the configuration settings of applications and protocols they may be using to ensure their solutions can be configured to utilize the FIPS 140-2 validated cryptography provided by Windows when it is operating in FIPS 140-2 approved mode.  +The Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library are the only modules affected by FIPS mode. FIPS mode won't prevent Windows and its subsystems from using non-FIPS validated cryptographic algorithms. FIPS mode is merely advisory for applications or components other than the Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library. + +US government regulations continue to mandate FIPS mode for government devices running Windows. Other customers should decide for themselves if FIPS mode is right for them. There are many applications and protocols that use FIPS mode policy to determine which cryptographic functionality to run. Customers seeking to follow the FIPS 140-2 standard should research the configuration settings of their applications and protocols. This research will help ensure that they can be configured to use FIPS 140-2 validated cryptography. Achieving this FIPS 140-2 approved mode of operation of Windows requires administrators to complete all four steps outlined below. ### Step 1: Ensure FIPS 140-2 validated cryptographic modules are installed -Administrators must ensure that all cryptographic modules installed are FIPS 140-2 validated. This is accomplished by cross-checking the version number of the cryptographic module with the table of validated modules at the end of this topic, organized by operating system release. +Administrators must ensure that all cryptographic modules installed are FIPS 140-2 validated. Tables listing validated modules, organized by operating system release, are available later in this article. ### Step 2: Ensure all security policies for all cryptographic modules are followed -Each of the cryptographic modules has a defined security policy that must be met for the module to operate in its FIPS 140-2 approved mode. The security policy may be found in each module’s published Security Policy Document (SPD). The SPDs for each module may be found by following the links in the table of validated modules at the end of this topic. Click on the module version number to view the published SPD for the module. - +Each of the cryptographic modules has a defined security policy that must be met for the module to operate in its FIPS 140-2 approved mode. The security policy may be found in each module’s published Security Policy Document (SPD). The SPDs for each module may be found in the table of validated modules at the end of this article. Select the module version number to view the published SPD for the module. + ### Step 3: Enable the FIPS security policy -Windows provides the security policy setting, “System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing,” which is used by some Microsoft products to determine whether to operate in a FIPS 140-2 approved mode. When this policy is enabled, the validated cryptographic modules in Windows will also operate in FIPS approved mode. The policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution. For more information on the policy, see [System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing). +Windows provides the security policy setting, *System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing*. This setting is used by some Microsoft products to determine whether to run in FIPS mode. When this policy is turned on, the validated cryptographic modules in Windows will also operate in FIPS mode. This policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution. For more information on the policy, see [System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing). -### Step 4: Ensure only FIPS validated cryptographic algorithms are used +### Step 4: Ensure that only FIPS validated cryptographic algorithms are used -Neither the operating system nor the cryptographic modules can enforce a FIPS approved mode of operation, regardless of the FIPS security policy setting. To run in a FIPS approved mode, an application or service must check for the policy flag and enforce the security policies of the validated modules. If an application or service uses a non-approved cryptographic algorithm or does not follow the security policies of the validated modules, it is not operating in a FIPS approved mode. +FIPS mode is enforced at the level of the application or service. It is not enforced by the operating system or by individual cryptographic modules. Applications or services running in FIPS mode must follow the security policies of validated modules. They must not use a cryptographic algorithm that isn't FIPS-compliant. + +In short, an application or service is running in FIPS mode if it: + +* Checks for the policy flag +* Enforces security policies of validated modules ## Frequently asked questions -### How long does it take to certify cryptographic modules? +### How long does it take to certify a cryptographic module? Microsoft begins certification of cryptographic modules after each major feature release of Windows 10 and Windows Server. The duration of each evaluation varies, depending on many factors. @@ -58,29 +65,29 @@ Microsoft begins certification of cryptographic modules after each major feature The cadence for starting module validation aligns with the feature updates of Windows 10 and Windows Server. As the software industry evolves, operating systems release more frequently. Microsoft completes validation work on major releases but, in between releases, seeks to minimize the changes to the cryptographic modules. -### What is the difference between “FIPS 140 validated” and “FIPS 140 compliant”? +### What is the difference between *FIPS 140 validated* and *FIPS 140 compliant*? -“FIPS 140 validated” means that the cryptographic module, or a product that embeds the module, has been validated (“certified”) by the CMVP as meeting the FIPS 140-2 requirements. “FIPS 140 compliant” is an industry term for IT products that rely on FIPS 140 validated products for cryptographic functionality. +*FIPS 140 validated* means that the cryptographic module, or a product that embeds the module, has been validated ("certified") by the CMVP as meeting the FIPS 140-2 requirements. *FIPS 140 compliant* is an industry term for IT products that rely on FIPS 140 validated products for cryptographic functionality. -### I need to know if a Windows service or application is FIPS 140-2 validated. +### How do I know if a Windows service or application is FIPS 140-2 validated? -The cryptographic modules leveraged in Windows are validated through the CMVP, not individual services, applications, hardware peripherals, or other solutions. For a solution to be considered compliant, it must call a FIPS 140-2 validated cryptographic module in the underlying OS and the OS must be configured to run in FIPS mode. Contact the vendor of the service, application, or product for information on whether it calls a validated cryptographic module. +The cryptographic modules used in Windows are validated through the CMVP. They aren't validated by individual services, applications, hardware peripherals, or other solutions. Any compliant solution must call a FIPS 140-2 validated cryptographic module in the underlying OS, and the OS must be configured to run in FIPS mode. Contact the vendor of the service, application, or product for information on whether it calls a validated cryptographic module. -### What does "When operated in FIPS mode" mean on a certificate? +### What does *When operated in FIPS mode* mean on a certificate? -This caveat identifies required configuration and security rules that must be followed to use the cryptographic module in a way that is consistent with its FIPS 140-2 security policy. Each module has its own security policy—a precise specification of the security rules under which it will operate—and employs approved cryptographic algorithms, cryptographic key management, and authentication techniques. The security rules are defined in the Security Policy Document (SPD) for each module. +This label means that certain configuration and security rules must be followed to use the cryptographic module in compliance with its FIPS 140-2 security policy. Each module has its own security policy—a precise specification of the security rules under which it will operate—and employs approved cryptographic algorithms, cryptographic key management, and authentication techniques. The security rules are defined in the Security Policy Document (SPD) for each module. ### What is the relationship between FIPS 140-2 and Common Criteria? -These are two separate security standards with different, but complementary, purposes. FIPS 140-2 is designed specifically for validating software and hardware cryptographic modules, while Common Criteria is designed to evaluate security functions in IT software and hardware products. Common Criteria evaluations often rely on FIPS 140-2 validations to provide assurance that basic cryptographic functionality is implemented properly. +FIPS 140-2 and Common Criteria are two separate security standards with different, but complementary, purposes. FIPS 140-2 is designed specifically for validating software and hardware cryptographic modules. Common Criteria are designed to evaluate security functions in IT software and hardware products. Common Criteria evaluations often rely on FIPS 140-2 validations to provide assurance that basic cryptographic functionality is implemented properly. ### How does FIPS 140 relate to Suite B? -Suite B is a set of cryptographic algorithms defined by the U.S. National Security Agency (NSA) as part of its Cryptographic Modernization Program. The set of Suite B cryptographic algorithms are to be used for both unclassified information and most classified information. The Suite B cryptographic algorithms are a subset of the FIPS Approved cryptographic algorithms as allowed by the FIPS 140-2 standard. +Suite B is a set of cryptographic algorithms defined by the U.S. National Security Agency (NSA) as part of its Cryptographic Modernization Program. The set of Suite B cryptographic algorithms are to be used for both unclassified information and most classified information. The Suite B cryptographic algorithms are a subset of the FIPS approved cryptographic algorithms allowed by the FIPS 140-2 standard. ### Is SMB3 (Server Message Block) FIPS 140 compliant in Windows? -When Windows is configured to operate in FIPS 140 approved mode on both client and server, SMB3 is FIPS 140 compliant and relies on the underlying Windows FIPS 140 validated cryptographic modules for cryptographic operations.  +SMB3 can be FIPS 140 compliant, if Windows is configured to operate in FIPS 140 mode on both client and server. In FIPS mode, SMB3 relies on the underlying Windows FIPS 140 validated cryptographic modules for cryptographic operations. ## Microsoft FIPS 140-2 validated cryptographic modules @@ -314,7 +321,7 @@ Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 10.0.15063 #3095 -

FIPS Approved algorithms: AES (Cert. #4624); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2522); SHS (Cert. #3790); Triple-DES (Cert. #2459)
+

FIPS approved algorithms: AES (Cert. #4624); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2522); SHS (Cert. #3790); Triple-DES (Cert. #2459)

Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #1281); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #1278)

@@ -324,7 +331,7 @@ Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile 10.0.15063 #3094

#3094

-

FIPS Approved algorithms: AES (Certs. #4624 and #4626); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2523); SHS (Cert. #3790); Triple-DES (Cert. #2459)
+

FIPS approved algorithms: AES (Certs. #4624 and #4626); CKG (vendor affirmed); CVL (Certs. #1278 and #1281); DRBG (Cert. #1555); DSA (Cert. #1223); ECDSA (Cert. #1133); HMAC (Cert. #3061); KAS (Cert. #127); KBKDF (Cert. #140); KTS (AES Cert. #4626; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2521 and #2523); SHS (Cert. #3790); Triple-DES (Cert. #2459)

Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert.#1133); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert.#2521); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert.#1281)

@@ -333,40 +340,40 @@ Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile Boot Manager 10.0.15063 #3089 -

FIPS Approved algorithms: AES (Certs. #4624 and #4625); CKG (vendor affirmed); HMAC (Cert. #3061); PBKDF (vendor affirmed); RSA (Cert. #2523); SHS (Cert. #3790)

+

FIPS approved algorithms: AES (Certs. #4624 and #4625); CKG (vendor affirmed); HMAC (Cert. #3061); PBKDF (vendor affirmed); RSA (Cert. #2523); SHS (Cert. #3790)

Other algorithms: PBKDF (vendor affirmed); VMK KDF (vendor affirmed)

Windows OS Loader 10.0.15063 #3090 -

FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)

+

FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790)

Other algorithms: NDRNG

Windows Resume[1] 10.0.15063 #3091 -FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790) +FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2523); SHS (Cert. #3790) BitLocker® Dump Filter[2] 10.0.15063 #3092 -FIPS Approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2522); SHS (Cert. #3790) +FIPS approved algorithms: AES (Certs. #4624 and #4625); RSA (Cert. #2522); SHS (Cert. #3790) Code Integrity (ci.dll) 10.0.15063 #3093 -

FIPS Approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)

+

FIPS approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282)

Secure Kernel Code Integrity (skci.dll)[3] 10.0.15063 #3096 -

FIPS Approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)

+

FIPS approved algorithms: AES (Cert. #4624); RSA (Certs. #2522 and #2523); SHS (Cert. #3790)

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. #1282)

@@ -401,7 +408,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 10.0.14393 #2937 -

FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
+

FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #886)

@@ -410,7 +417,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile Kernel Mode Cryptographic Primitives Library (cng.sys) 10.0.14393 #2936 -

FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
+

FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #922); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #887)

@@ -419,14 +426,14 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile Boot Manager 10.0.14393 #2931 -

FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)

+

FIPS approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: MD5; PBKDF (non-compliant); VMK KDF

BitLocker® Windows OS Loader (winload) 10.0.14393 #2932 -FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
+FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: NDRNG; MD5 @@ -434,7 +441,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile BitLocker® Windows Resume (winresume)[1] 10.0.14393 #2933 -FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
+FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: MD5 @@ -442,13 +449,13 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile BitLocker® Dump Filter (dumpfve.sys)[2] 10.0.14393 #2934 -FIPS Approved algorithms: AES (Certs. #4061 and #4064) +FIPS approved algorithms: AES (Certs. #4061 and #4064) Code Integrity (ci.dll) 10.0.14393 #2935 -

FIPS Approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)
+

FIPS approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: AES (non-compliant); MD5

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888)

@@ -457,7 +464,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile Secure Kernel Code Integrity (skci.dll)[3] 10.0.14393 #2938 -

FIPS Approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)
+

FIPS approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)

Other algorithms: MD5

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #888)

@@ -494,7 +501,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 10.0.10586 #2606 -

FIPS Approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888 and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)
+

FIPS approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs. #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888, and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)

Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #664)

@@ -503,7 +510,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub Kernel Mode Cryptographic Primitives Library (cng.sys) 10.0.10586 #2605 -

FIPS Approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs.  #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888 and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)
+

FIPS approved algorithms: AES (Certs. #3629); DRBG (Certs. #955); DSA (Certs.  #1024); ECDSA (Certs. #760); HMAC (Certs. #2381); KAS (Certs. #72; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #72); KTS (AES Certs. #3653; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1887, #1888, and #1889); SHS (Certs. #3047); Triple-DES (Certs. #2024)

Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #666); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #663)

@@ -512,7 +519,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub Boot Manager[4] 10.0.10586 #2700 -FIPS Approved algorithms: AES (Certs. #3653); HMAC (Cert. #2381); PBKDF (vendor affirmed); RSA (Cert. #1871); SHS (Certs. #3047 and #3048)
+FIPS approved algorithms: AES (Certs. #3653); HMAC (Cert. #2381); PBKDF (vendor affirmed); RSA (Cert. #1871); SHS (Certs. #3047 and #3048)

Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) @@ -520,7 +527,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub BitLocker® Windows OS Loader (winload)[5] 10.0.10586 #2701 -FIPS Approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048)
+FIPS approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048)

Other algorithms: MD5; NDRNG @@ -528,7 +535,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub BitLocker® Windows Resume (winresume)[6] 10.0.10586 #2702 -FIPS Approved algorithms: AES (Certs. #3653); RSA (Cert. #1871); SHS (Cert. #3048)
+FIPS approved algorithms: AES (Certs. #3653); RSA (Cert. #1871); SHS (Cert. #3048)

Other algorithms: MD5 @@ -536,13 +543,13 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub BitLocker® Dump Filter (dumpfve.sys)[7] 10.0.10586 #2703 -FIPS Approved algorithms: AES (Certs. #3653) +FIPS approved algorithms: AES (Certs. #3653) Code Integrity (ci.dll) 10.0.10586 #2604 -

FIPS Approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)
+

FIPS approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)

Other algorithms: AES (non-compliant); MD5

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665)

@@ -551,7 +558,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub Secure Kernel Code Integrity (skci.dll)[8] 10.0.10586 #2607 -

FIPS Approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)
+

FIPS approved algorithms: RSA (Certs. #1871); SHS (Certs. #3048)

Other algorithms: MD5

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #665)

@@ -592,7 +599,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 10.0.10240 #2606 -

FIPS Approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)
+

FIPS approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)

Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #575)

@@ -601,7 +608,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface Kernel Mode Cryptographic Primitives Library (cng.sys) 10.0.10240 #2605 -

FIPS Approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)
+

FIPS approved algorithms: AES (Certs. #3497); DRBG (Certs. #868); DSA (Certs. #983); ECDSA (Certs. #706); HMAC (Certs. #2233); KAS (Certs. #64; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. #66); KTS (AES Certs. #3507; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, and #1802); SHS (Certs. #2886); Triple-DES (Certs. #1969)

Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. #576)

@@ -610,7 +617,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface Boot Manager[9] 10.0.10240 #2600 -FIPS Approved algorithms: AES (Cert. #3497); HMAC (Cert. #2233); KTS (AES Cert. #3498); PBKDF (vendor affirmed); RSA (Cert. #1784); SHS (Certs. #2871 and #2886)
+FIPS approved algorithms: AES (Cert. #3497); HMAC (Cert. #2233); KTS (AES Cert. #3498); PBKDF (vendor affirmed); RSA (Cert. #1784); SHS (Certs. #2871 and #2886)

Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) @@ -618,7 +625,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface BitLocker® Windows OS Loader (winload)[10] 10.0.10240 #2601 -FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)
+FIPS approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)

Other algorithms: MD5; NDRNG @@ -626,7 +633,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface BitLocker® Windows Resume (winresume)[11] 10.0.10240 #2602 -FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)
+FIPS approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)

Other algorithms: MD5 @@ -634,13 +641,13 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface BitLocker® Dump Filter (dumpfve.sys)[12] 10.0.10240 #2603 -FIPS Approved algorithms: AES (Certs. #3497 and #3498) +FIPS approved algorithms: AES (Certs. #3497 and #3498) Code Integrity (ci.dll) 10.0.10240 #2604 -

FIPS Approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)
+

FIPS approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)

Other algorithms: AES (non-compliant); MD5

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572)

@@ -649,7 +656,7 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface Secure Kernel Code Integrity (skci.dll)[13] 10.0.10240 #2607 -

FIPS Approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)
+

FIPS approved algorithms: RSA (Certs. #1784); SHS (Certs. #2871)

Other algorithms: MD5

Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #572)

@@ -658,13 +665,13 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface -\[9\] Applies only to Home, Pro, Enterprise and Enterprise LTSB +\[9\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB -\[10\] Applies only to Home, Pro, Enterprise and Enterprise LTSB +\[10\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB -\[11\] Applies only to Home, Pro, Enterprise and Enterprise LTSB +\[11\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB -\[12\] Applies only to Pro, Enterprise and Enterprise LTSB +\[12\] Applies only to Pro, Enterprise, and Enterprise LTSB \[13\] Applies only to Enterprise and Enterprise LTSB @@ -690,25 +697,25 @@ Validated Editions: RT, Pro, Enterprise, Phone, Embedded Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 6.3.9600 6.3.9600.17031 #2357 -

FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)
+

FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)

-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)#2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)#2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. #323)

Kernel Mode Cryptographic Primitives Library (cng.sys) 6.3.9600 6.3.9600.17042 #2356 -

FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)
+

FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)

-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

+Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. #288); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289)

Boot Manager 6.3.9600 6.3.9600.17031 #2351 -FIPS Approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
+FIPS approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)

Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) @@ -716,7 +723,7 @@ Validated Editions: RT, Pro, Enterprise, Phone, Embedded BitLocker® Windows OS Loader (winload) 6.3.9600 6.3.9600.17031 #2352 -FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)
+FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)

Other algorithms: MD5; NDRNG @@ -724,7 +731,7 @@ Validated Editions: RT, Pro, Enterprise, Phone, Embedded BitLocker® Windows Resume (winresume)[14] 6.3.9600 6.3.9600.17031 #2353 -FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
+FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)

Other algorithms: MD5 @@ -732,7 +739,7 @@ Validated Editions: RT, Pro, Enterprise, Phone, Embedded BitLocker® Dump Filter (dumpfve.sys) 6.3.9600 6.3.9600.17031 #2354 -FIPS Approved algorithms: AES (Cert. #2832)
+FIPS approved algorithms: AES (Cert. #2832)

Other algorithms: N/A @@ -740,7 +747,7 @@ Validated Editions: RT, Pro, Enterprise, Phone, Embedded Code Integrity (ci.dll) 6.3.9600 6.3.9600.17031 #2355#2355 -

FIPS Approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)
+

FIPS approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)

Other algorithms: MD5

Validated Component Implementations: PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. #289)

@@ -767,9 +774,9 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) 6.2.9200 #1892 -FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert.); ECDSA (Cert.); HMAC (Cert.); KAS (Cert); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert.); ECDSA (Cert.); HMAC (Cert.); KAS (Cert); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

@@ -777,17 +784,17 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone Kernel Mode Cryptographic Primitives Library (cng.sys) 6.2.9200 #1891 -FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and); ECDSA (Cert.); HMAC (Cert.); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RNG (Cert.); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and); ECDSA (Cert.); HMAC (Cert.); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RNG (Cert.); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

-Other algorithms: AES (Cert., key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) +Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) Boot Manager 6.2.9200 #1895 -FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)
+FIPS approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: MD5 @@ -795,7 +802,7 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone BitLocker® Windows OS Loader (WINLOAD) 6.2.9200 #1896 -FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
+FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG @@ -803,7 +810,7 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone BitLocker® Windows Resume (WINRESUME)[15] 6.2.9200 #1898 -FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
+FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: MD5 @@ -811,7 +818,7 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone BitLocker® Dump Filter (DUMPFVE.SYS) 6.2.9200 #1899 -FIPS Approved algorithms: AES (Certs. #2196 and #2198)
+FIPS approved algorithms: AES (Certs. #2196 and #2198)

Other algorithms: N/A @@ -819,7 +826,7 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone Code Integrity (CI.DLL) 6.2.9200 #1897 -FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)
+FIPS approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: MD5 @@ -827,19 +834,19 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) 6.2.9200 #1893 -FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
+FIPS approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)

-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert.); Triple-DES MAC (Triple-DES Cert., vendor affirmed)
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert.); Triple-DES MAC (Triple-DES Certificate, vendor affirmed)

-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert., key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) +Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Certificate, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Enhanced Cryptographic Provider (RSAENH.DLL) 6.2.9200 #1894 -FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)
+FIPS approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)

-Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) +Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) @@ -870,11 +877,11 @@ Validated Editions: Windows 7, Windows 7 SP1

6.1.7600.16385

6.1.7601.17514

1329 -FIPS Approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); DSA (Cert. #386); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
+FIPS approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); DSA (Cert. #386); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)

-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and); SHS (Cert.); Triple-DES (Cert.)

-Other algorithms: AES (Cert., key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4 +Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4 Kernel Mode Cryptographic Primitives Library (cng.sys) @@ -887,16 +894,16 @@ Validated Editions: Windows 7, Windows 7 SP1

6.1.7601.21861

6.1.7601.22076

1328 -FIPS Approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
+FIPS approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)

-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4 +Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4 Boot Manager

6.1.7600.16385

6.1.7601.17514

1319 -FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #557); SHS (Cert. #1081)
+FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #557); SHS (Cert. #1081)

Other algorithms: MD5#1168 and); HMAC (Cert.); RSA (Cert.); SHS (Cert.)

@@ -913,7 +920,7 @@ Validated Editions: Windows 7, Windows 7 SP1

6.1.7601.21655

6.1.7601.21675

1326 -FIPS Approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #557); SHS (Cert. #1081)
+FIPS approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #557); SHS (Cert. #1081)

Other algorithms: MD5 @@ -932,7 +939,7 @@ Validated Editions: Windows 7, Windows 7 SP1

6.1.7601.21655

6.1.7601.21675

1332 -FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)
+FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)

Other algorithms: Elephant Diffuser @@ -945,7 +952,7 @@ Validated Editions: Windows 7, Windows 7 SP1

6.1.7601.17950

6.1.7601.22108

1327 -FIPS Approved algorithms: RSA (Cert. #557); SHS (Cert. #1081)
+FIPS approved algorithms: RSA (Cert. #557); SHS (Cert. #1081)

Other algorithms: MD5 @@ -954,7 +961,7 @@ Validated Editions: Windows 7, Windows 7 SP1 6.1.7600.16385
(no change in SP1) 1331 -FIPS Approved algorithms: DSA (Cert. #385); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)
+FIPS approved algorithms: DSA (Cert. #385); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4 @@ -963,9 +970,9 @@ Validated Editions: Windows 7, Windows 7 SP1 6.1.7600.16385
(no change in SP1) 1330 -FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #673); SHS (Cert. #1081); RSA (Certs. #557 and #559); Triple-DES (Cert. #846)
+FIPS approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #673); SHS (Cert. #1081); RSA (Certs. #557 and #559); Triple-DES (Cert. #846)

-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 256-bits of encryption strength; non-compliant less than 112 bits of encryption strength) +Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) @@ -993,13 +1000,13 @@ Validated Editions: Ultimate Edition Boot Manager (bootmgr) 6.0.6001.18000 and 6.0.6002.18005 978 -FIPS Approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #354); SHS (Cert. #753) +FIPS approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #354); SHS (Cert. #753) Winload OS Loader (winload.exe) 6.0.6001.18000, 6.0.6001.18027, 6.0.6001.18606, 6.0.6001.22125, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411 and 6.0.6002.22596 979 -FIPS Approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #354); SHS (Cert. #753)
+FIPS approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #354); SHS (Cert. #753)

Other algorithms: MD5 @@ -1007,37 +1014,37 @@ Validated Editions: Ultimate Edition Code Integrity (ci.dll) 6.0.6001.18000, 6.0.6001.18023, 6.0.6001.22120, and 6.0.6002.18005 980 -FIPS Approved algorithms: RSA (Cert. #354); SHS (Cert. #753)
+FIPS approved algorithms: RSA (Cert. #354); SHS (Cert. #753)

Other algorithms: MD5 Kernel Mode Security Support Provider Interface (ksecdd.sys) -6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.228696.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.22869 +6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.22869 1000 -

FIPS Approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)#739 and); ECDSA (Cert.); HMAC (Cert.); RNG (Cert.  and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

-

Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

+

FIPS approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)#739 and); ECDSA (Cert.); HMAC (Cert.); RNG (Cert.  and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

+

Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Cryptographic Primitives Library (bcrypt.dll) -6.0.6001.22202, 6.0.6002.18005, and 6.0.6002.228726.0.6001.22202, 6.0.6002.18005, and 6.0.6002.22872 +6.0.6001.22202, 6.0.6002.18005, and 6.0.6002.22872 1001 -

FIPS Approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)

-

Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)

+

FIPS approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)

+

Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)

Enhanced Cryptographic Provider (RSAENH) -6.0.6001.22202 and 6.0.6002.180056.0.6001.22202 and 6.0.6002.18005 +6.0.6001.22202 and 6.0.6002.18005 1002 -

FIPS Approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656)

-

Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

+

FIPS approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656)

+

Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) -6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.18005 +6.0.6001.18000 and 6.0.6002.18005 1003 -

FIPS Approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)

-

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4

+

FIPS approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)

+

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4

@@ -1059,23 +1066,23 @@ Validated Editions: Ultimate Edition Enhanced Cryptographic Provider (RSAENH) 6.0.6000.16386 893 -FIPS Approved algorithms: AES (Cert. #553); HMAC (Cert. #297); RNG (Cert. #321); RSA (Certs. #255 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
+FIPS approved algorithms: AES (Cert. #553); HMAC (Cert. #297); RNG (Cert. #321); RSA (Certs. #255 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)

-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) +Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 6.0.6000.16386 894 -FIPS Approved algorithms: DSA (Cert. #226); RNG (Cert. #321); SHS (Cert. #618); Triple-DES (Cert. #549); Triple-DES MAC (Triple-DES Cert. #549, vendor affirmed)
+FIPS approved algorithms: DSA (Cert. #226); RNG (Cert. #321); SHS (Cert. #618); Triple-DES (Cert. #549); Triple-DES MAC (Triple-DES Cert. #549, vendor affirmed)

-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 +Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 BitLocker™ Drive Encryption 6.0.6000.16386 947 -FIPS Approved algorithms: AES (Cert. #715); HMAC (Cert. #386); SHS (Cert. #737)
+FIPS approved algorithms: AES (Cert. #715); HMAC (Cert. #386); SHS (Cert. #737)

Other algorithms: Elephant Diffuser @@ -1083,9 +1090,9 @@ Validated Editions: Ultimate Edition Kernel Mode Security Support Provider Interface (ksecdd.sys) 6.0.6000.16386, 6.0.6000.16870 and 6.0.6000.21067 891 -FIPS Approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)
+FIPS approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5 +Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5 @@ -1111,22 +1118,22 @@ Validated Editions: Ultimate Edition Kernel Mode Cryptographic Module (FIPS.SYS) 5.1.2600.5512 997 -

FIPS Approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed)

+

FIPS approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed)

Other algorithms: DES; MD5; HMAC MD5

Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 5.1.2600.5507 990 -

FIPS Approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed)

-

Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4

+

FIPS approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed)

+

Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4

Enhanced Cryptographic Provider (RSAENH) 5.1.2600.5507 989 -

FIPS Approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed)

-

Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits)

+

FIPS approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed)

+

Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits)

@@ -1152,14 +1159,14 @@ Validated Editions: Ultimate Edition DSS/Diffie-Hellman Enhanced Cryptographic Provider 5.1.2600.2133 240 -

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #29)

+

FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #29)

Other algorithms: DES (Cert. #66); RC2; RC4; MD5; DES40; Diffie-Hellman (key agreement)

Microsoft Enhanced Cryptographic Provider 5.1.2600.2161 238 -

FIPS Approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)

+

FIPS approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)

Other algorithms: DES (Cert. #156); RC2; RC4; MD5

@@ -1186,7 +1193,7 @@ Validated Editions: Ultimate Edition Microsoft Enhanced Cryptographic Provider 5.1.2600.1029 238 -

FIPS Approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)

+

FIPS approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)

Other algorithms: DES (Cert. #156); RC2; RC4; MD5

@@ -1213,7 +1220,7 @@ Validated Editions: Ultimate Edition Kernel Mode Cryptographic Module 5.1.2600.0 241 -

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #35); HMAC-SHA-1 (Cert. #35, vendor affirmed)

+

FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #35); HMAC-SHA-1 (Cert. #35, vendor affirmed)

Other algorithms: DES (Cert. #89)

@@ -1240,7 +1247,7 @@ Validated Editions: Ultimate Edition Kernel Mode Cryptographic Module (FIPS.SYS) 5.0.2195.1569 106 -

FIPS Approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)

+

FIPS approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)

Other algorithms: DES (Certs. #89)

@@ -1250,7 +1257,7 @@ Validated Editions: Ultimate Edition

(DSS/DH Enh: 5.0.2195.3665 [SP3])

(Enh: 5.0.2195.3839 [SP3]

103 -

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

+

FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

@@ -1277,7 +1284,7 @@ Validated Editions: Ultimate Edition Kernel Mode Cryptographic Module (FIPS.SYS) 5.0.2195.1569 106 -

FIPS Approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)

+

FIPS approved algorithms: Triple-DES (Cert. #16); SHA-1 (Certs. #35)

Other algorithms: DES (Certs. #89)

@@ -1291,7 +1298,7 @@ Validated Editions: Ultimate Edition

(Enh:

5.0.2195.2228 [SP2])

103 -

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

+

FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

@@ -1321,7 +1328,7 @@ Validated Editions: Ultimate Edition

(DSS/DH Enh: 5.0.2150.1391 [SP1])

(Enh: 5.0.2150.1391 [SP1])

103 -

FIPS Approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

+

FIPS approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

@@ -1348,7 +1355,7 @@ Validated Editions: Ultimate Edition Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider 5.0.2150.1 76 -

FIPS Approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. #28 and 29); RSA (vendor affirmed)

+

FIPS approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. #28 and 29); RSA (vendor affirmed)

Other algorithms: DES (Certs. #65, 66, 67 and 68); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)

@@ -1375,7 +1382,7 @@ Validated Editions: Ultimate Edition Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider 5.0.1877.6 and 5.0.1877.7 75 -

FIPS Approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. #20 and 21); DSA/SHA-1 (Certs. #25 and 26); RSA (vendor- affirmed)

+

FIPS approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. #20 and 21); DSA/SHA-1 (Certs. #25 and 26); RSA (vendor- affirmed)

Other algorithms: DES (Certs. #61, 62, 63 and 64); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)

@@ -1396,7 +1403,7 @@ Validated Editions: Ultimate Edition Base Cryptographic Provider 5.0.1877.6 and 5.0.1877.7 68 -FIPS Approved algorithms: SHA-1 (Certs. #20 and 21); DSA/SHA- 1 (Certs. #25 and 26); RSA (vendor affirmed)
+FIPS approved algorithms: SHA-1 (Certs. #20 and 21); DSA/SHA- 1 (Certs. #25 and 26); RSA (vendor affirmed)

Other algorithms: DES (Certs. #61, 62, 63 and 64); Triple-DES (allowed for US and Canadian Government use); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement) @@ -1631,7 +1638,7 @@ Validated Editions: Standard, Datacenter, Storage Server Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 10.0.14393 2937 -FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
+FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt) @@ -1639,7 +1646,7 @@ Validated Editions: Standard, Datacenter, Storage Server Kernel Mode Cryptographic Primitives Library (cng.sys) 10.0.14393 2936 -FIPS Approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)
+FIPS approved algorithms: AES (Cert. #4064); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193, and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt) @@ -1647,14 +1654,14 @@ Validated Editions: Standard, Datacenter, Storage Server Boot Manager 10.0.14393 2931 -

FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)

+

FIPS approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: MD5; PBKDF (non-compliant); VMK KDF

BitLocker® Windows OS Loader (winload) 10.0.14393 2932 -FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
+FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: NDRNG; MD5 @@ -1662,7 +1669,7 @@ Validated Editions: Standard, Datacenter, Storage Server BitLocker® Windows Resume (winresume) 10.0.14393 2933 -FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)
+FIPS approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: MD5 @@ -1670,13 +1677,13 @@ Validated Editions: Standard, Datacenter, Storage Server BitLocker® Dump Filter (dumpfve.sys) 10.0.14393 2934 -FIPS Approved algorithms: AES (Certs. #4061 and #4064) +FIPS approved algorithms: AES (Certs. #4061 and #4064) Code Integrity (ci.dll) 10.0.14393 2935 -FIPS Approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)
+FIPS approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)

Other algorithms: AES (non-compliant); MD5 @@ -1684,7 +1691,7 @@ Validated Editions: Standard, Datacenter, Storage Server Secure Kernel Code Integrity (skci.dll) 10.0.14393 2938 -FIPS Approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)
+FIPS approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)

Other algorithms: MD5 @@ -1710,23 +1717,23 @@ Validated Editions: Server, Storage Server, Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) 6.3.9600 6.3.9600.17031 2357 -FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)
+FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)

-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt) +Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt) Kernel Mode Cryptographic Primitives Library (cng.sys) 6.3.9600 6.3.9600.17042 2356 -FIPS Approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)
+FIPS approved algorithms: AES (Cert. #2832); DRBG (Certs. #489); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493, and #1519); SHS (Cert. # 2373); Triple-DES (Cert. #1692)

-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt) +Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt) Boot Manager 6.3.9600 6.3.9600.17031 2351 -FIPS Approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
+FIPS approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)

Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant) @@ -1734,7 +1741,7 @@ Validated Editions: Server, Storage Server, BitLocker® Windows OS Loader (winload) 6.3.9600 6.3.9600.17031 2352 -FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)
+FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)

Other algorithms: MD5; NDRNG @@ -1742,7 +1749,7 @@ Validated Editions: Server, Storage Server, BitLocker® Windows Resume (winresume)[16] 6.3.9600 6.3.9600.17031 2353 -FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)
+FIPS approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. # 2373 and #2396)

Other algorithms: MD5 @@ -1750,7 +1757,7 @@ Validated Editions: Server, Storage Server, BitLocker® Dump Filter (dumpfve.sys)[17] 6.3.9600 6.3.9600.17031 2354 -FIPS Approved algorithms: AES (Cert. #2832)
+FIPS approved algorithms: AES (Cert. #2832)

Other algorithms: N/A @@ -1758,7 +1765,7 @@ Validated Editions: Server, Storage Server, Code Integrity (ci.dll) 6.3.9600 6.3.9600.17031 2355 -FIPS Approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)
+FIPS approved algorithms: RSA (Cert. #1494); SHS (Cert. # 2373)

Other algorithms: MD5 @@ -1766,9 +1773,9 @@ Validated Editions: Server, Storage Server, -\[16\] Does not apply to **Azure StorSimple Virtual Array Windows Server 2012 R2** +\[16\] Doesn't apply to **Azure StorSimple Virtual Array Windows Server 2012 R2** -\[17\] Does not apply to **Azure StorSimple Virtual Array Windows Server 2012 R2** +\[17\] Doesn't apply to **Azure StorSimple Virtual Array Windows Server 2012 R2** **Windows Server 2012** @@ -1786,27 +1793,27 @@ Validated Editions: Server, Storage Server Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) 6.2.9200 1892 -FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert.); HMAC (Cert. #); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert.); HMAC (Cert. #); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

-Other algorithms: AES (Cert., key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) +Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) Kernel Mode Cryptographic Primitives Library (cng.sys) 6.2.9200 1891 -FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
+FIPS approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

-Other algorithms: AES (Cert., key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) +Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt) Boot Manager 6.2.9200 1895 -FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)
+FIPS approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: MD5 @@ -1814,7 +1821,7 @@ Validated Editions: Server, Storage Server BitLocker® Windows OS Loader (WINLOAD) 6.2.9200 1896 -FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
+FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG @@ -1822,7 +1829,7 @@ Validated Editions: Server, Storage Server BitLocker® Windows Resume (WINRESUME) 6.2.9200 1898 -FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)
+FIPS approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: MD5 @@ -1830,7 +1837,7 @@ Validated Editions: Server, Storage Server BitLocker® Dump Filter (DUMPFVE.SYS) 6.2.9200 1899 -FIPS Approved algorithms: AES (Certs. #2196 and #2198)
+FIPS approved algorithms: AES (Certs. #2196 and #2198)

Other algorithms: N/A @@ -1838,7 +1845,7 @@ Validated Editions: Server, Storage Server Code Integrity (CI.DLL) 6.2.9200 1897 -FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)
+FIPS approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)

Other algorithms: MD5 @@ -1846,7 +1853,7 @@ Validated Editions: Server, Storage Server Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) 6.2.9200 1893 -FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
+FIPS approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) @@ -1854,9 +1861,9 @@ Validated Editions: Server, Storage Server Enhanced Cryptographic Provider (RSAENH.DLL) 6.2.9200 1894 -FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)
+FIPS approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)

-Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) +Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength) @@ -1874,65 +1881,65 @@ Validated Editions: Server, Storage Server Boot Manager (bootmgr) -6.1.7600.16385 or 6.1.7601.175146.1.7600.16385 or 6.1.7601.17514 +6.1.7600.16385 or 6.1.7601.17514 1321 -FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #568); SHS (Cert. #1081)
+FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #568); SHS (Cert. #1081)

Other algorithms: MD5 Winload OS Loader (winload.exe) -6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.216756.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675 +6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675 1333 -FIPS Approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #568); SHS (Cert. #1081)
+FIPS approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #568); SHS (Cert. #1081)

Other algorithms: MD5 Code Integrity (ci.dll) -6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.221086.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.22108 +6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.22108 1334 -FIPS Approved algorithms: RSA (Cert. #568); SHS (Cert. #1081)
+FIPS approved algorithms: RSA (Cert. #568); SHS (Cert. #1081)

Other algorithms: MD5 Kernel Mode Cryptographic Primitives Library (cng.sys) -6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.220766.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.22076 +6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.22076 1335 -FIPS Approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)
+FIPS approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)

--Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4 +-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4 Cryptographic Primitives Library (bcryptprimitives.dll) -66.1.7600.16385 or 6.1.7601.1751466.1.7600.16385 or 6.1.7601.17514 +66.1.7600.16385 or 6.1.7601.17514 1336 -FIPS Approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); DSA (Cert. #391); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)
+FIPS approved algorithms: AES (Certs. #1168 and #1177); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); DSA (Cert. #391); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)

-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4 +Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4 Enhanced Cryptographic Provider (RSAENH) 6.1.7600.16385 1337 -FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #687); SHS (Cert. #1081); RSA (Certs. #559 and #568); Triple-DES (Cert. #846)
+FIPS approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #687); SHS (Cert. #1081); RSA (Certs. #559 and #568); Triple-DES (Cert. #846)

-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) +Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 6.1.7600.16385 1338 -FIPS Approved algorithms: DSA (Cert. #390); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)
+FIPS approved algorithms: DSA (Cert. #390); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)

Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4 BitLocker™ Drive Encryption -6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.216756.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.21675 +6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.21675 1339 -FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)
+FIPS approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)

Other algorithms: Elephant Diffuser @@ -1952,61 +1959,61 @@ Validated Editions: Server, Storage Server Boot Manager (bootmgr) -6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.224976.0.6001.18000, 6.0.6002.18005 and 6.0.6002.22497 +6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.22497 1004 -FIPS Approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753)
+FIPS approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753)

Other algorithms: N/A Winload OS Loader (winload.exe) -6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.225966.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.22596 +6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.22596 1005 -FIPS Approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753)
+FIPS approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753)

Other algorithms: MD5 Code Integrity (ci.dll) -6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.18005 +6.0.6001.18000 and 6.0.6002.18005 1006 -FIPS Approved algorithms: RSA (Cert. #355); SHS (Cert. #753)
+FIPS approved algorithms: RSA (Cert. #355); SHS (Cert. #753)

Other algorithms: MD5 Kernel Mode Security Support Provider Interface (ksecdd.sys) -6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.228696.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.22869 +6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.22869 1007 -FIPS Approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
+FIPS approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)

-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert.); RNG (Cert.  and SP800-90 AES-CTR, vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert.); RNG (Cert.  and SP800-90 AES-CTR, vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)

-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) +Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) Cryptographic Primitives Library (bcrypt.dll) -6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.228726.0.6001.22202, 6.0.6002.18005 and 6.0.6002.22872 +6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.22872 1008 -FIPS Approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
+FIPS approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)

-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength) +Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength) Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) -6.0.6001.18000 and 6.0.6002.180056.0.6001.18000 and 6.0.6002.18005 +6.0.6001.18000 and 6.0.6002.18005 1009 -FIPS Approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)
+FIPS approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)

--Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 +-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 Enhanced Cryptographic Provider (RSAENH) -6.0.6001.22202 and 6.0.6002.180056.0.6001.22202 and 6.0.6002.18005 +6.0.6001.22202 and 6.0.6002.18005 1010 -FIPS Approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656)
+FIPS approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656)

-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) +Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength) @@ -2032,22 +2039,22 @@ Validated Editions: Server, Storage Server Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 5.2.3790.3959 875 -

FIPS Approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543)

-

Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4

+

FIPS approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543)

+

Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4

Kernel Mode Cryptographic Module (FIPS.SYS) 5.2.3790.3959 869 -

FIPS Approved algorithms: HMAC (Cert. #287); RNG (Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542)

+

FIPS approved algorithms: HMAC (Cert. #287); RNG (Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542)

Other algorithms: DES; HMAC-MD5

Enhanced Cryptographic Provider (RSAENH) 5.2.3790.3959 868 -

FIPS Approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544)

-

Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

+

FIPS approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544)

+

Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

@@ -2073,7 +2080,7 @@ Validated Editions: Server, Storage Server Kernel Mode Cryptographic Module (FIPS.SYS) 5.2.3790.1830 [SP1] 405 -

FIPS Approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])

+

FIPS approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])

Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)

[1] x86
[2] SP1 x86, x64, IA64

@@ -2082,7 +2089,7 @@ Validated Editions: Server, Storage Server Enhanced Cryptographic Provider (RSAENH) 5.2.3790.1830 [Service Pack 1]) 382 -

FIPS Approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])

+

FIPS approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])

Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5

[1] x86
[2] SP1 x86, x64, IA64

@@ -2091,7 +2098,7 @@ Validated Editions: Server, Storage Server Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 5.2.3790.1830 [Service Pack 1] 381 -

FIPS Approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)

+

FIPS approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)

Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40

[1] x86
[2] SP1 x86, x64, IA64

@@ -2120,7 +2127,7 @@ Validated Editions: Server, Storage Server Kernel Mode Cryptographic Module (FIPS.SYS) 5.2.3790.0 405 -

FIPS Approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])

+

FIPS approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])

Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)

[1] x86
[2] SP1 x86, x64, IA64

@@ -2129,7 +2136,7 @@ Validated Editions: Server, Storage Server Enhanced Cryptographic Provider (RSAENH) 5.2.3790.0 382 -

FIPS Approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])

+

FIPS approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Certs. #80[1] and #290[2]); SHS (Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])

Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5

[1] x86
[2] SP1 x86, x64, IA64

@@ -2138,7 +2145,7 @@ Validated Editions: Server, Storage Server Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) 5.2.3790.0 381 -

FIPS Approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)

+

FIPS approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)

Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40

[1] x86
[2] SP1 x86, x64, IA64

@@ -2169,15 +2176,15 @@ Validated Editions: Server, Storage Server Enhanced Cryptographic Provider 7.00.2872 [1] and 8.00.6246 [2] 2957 -

FIPS Approved algorithms: AES (Certs.#4433and#4434); CKG (vendor affirmed); DRBG (Certs.#1432and#1433); HMAC (Certs.#2946and#2945); RSA (Certs.#2414and#2415); SHS (Certs.#3651and#3652); Triple-DES (Certs.#2383and#2384)

-

Allowed algorithms: HMAC-MD5; MD5; NDRNG

+

FIPS approved algorithms: AES (Certs.#4433and#4434); CKG (vendor affirmed); DRBG (Certs.#1432and#1433); HMAC (Certs.#2946and#2945); RSA (Certs.#2414and#2415); SHS (Certs.#3651and#3652); Triple-DES (Certs.#2383and#2384)

+

Allowed algorithms: HMAC-MD5, MD5, NDRNG

Cryptographic Primitives Library (bcrypt.dll) 7.00.2872 [1] and 8.00.6246 [2] 2956 -

FIPS Approved algorithms: AES (Certs.#4430and#4431); CKG (vendor affirmed); CVL (Certs.#1139and#1140); DRBG (Certs.#1429and#1430); DSA (Certs.#1187and#1188); ECDSA (Certs.#1072and#1073); HMAC (Certs.#2942and#2943); KAS (Certs.#114and#115); RSA (Certs.#2411and#2412); SHS (Certs.#3648and#3649); Triple-DES (Certs.#2381and#2382)

-

Allowed algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength

+

FIPS approved algorithms: AES (Certs.#4430and#4431); CKG (vendor affirmed); CVL (Certs.#1139and#1140); DRBG (Certs.#1429and#1430); DSA (Certs.#1187and#1188); ECDSA (Certs.#1072and#1073); HMAC (Certs.#2942and#2943); KAS (Certs.#114and#115); RSA (Certs.#2411and#2412); SHS (Certs.#3648and#3649); Triple-DES (Certs.#2381and#2382)

+

Allowed algorithms: MD5, NDRNG, RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength

@@ -2204,7 +2211,7 @@ Validated Editions: Server, Storage Server Enhanced Cryptographic Provider 6.00.1937 [1] and 7.00.1687 [2] 825 -

FIPS Approved algorithms: AES (Certs. #516 [1] and #2024 [2]); HMAC (Certs. #267 [1] and #1227 [2]); RNG (Certs. #292 [1] and #1060 [2]); RSA (Cert. #230 [1] and #1052 [2]); SHS (Certs. #589 [1] and #1774 [2]); Triple-DES (Certs. #526 [1] and #1308 [2])

+

FIPS approved algorithms: AES (Certs. #516 [1] and #2024 [2]); HMAC (Certs. #267 [1] and #1227 [2]); RNG (Certs. #292 [1] and #1060 [2]); RSA (Cert. #230 [1] and #1052 [2]); SHS (Certs. #589 [1] and #1774 [2]); Triple-DES (Certs. #526 [1] and #1308 [2])

Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES

@@ -2229,9 +2236,9 @@ Validated Editions: Server, Storage Server Outlook Cryptographic Provider (EXCHCSP) -SR-1A (3821)SR-1A (3821) +SR-1A (3821) 110 -

FIPS Approved algorithms: Triple-DES (Cert. #18); SHA-1 (Certs. #32); RSA (vendor affirmed)

+

FIPS approved algorithms: Triple-DES (Cert. #18); SHA-1 (Certs. #32); RSA (vendor affirmed)

Other algorithms: DES (Certs. #91); DES MAC; RC2; MD2; MD5

@@ -2320,7 +2327,7 @@ The following tables are organized by cryptographic algorithms with their modes,
  • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
  • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
  • Plain Text Length: 0-32
    • -
  • AAD Length: 0-65536
    • +
  • Additional authenticated data length: 0-65536
  • AES-CFB128:
    • @@ -2393,7 +2400,7 @@ The following tables are organized by cryptographic algorithms with their modes,
    • Key Lengths: 128, 192, 256 (bits)
    • Tag Lengths: 96, 104, 112, 120, 128 (bits)
    • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
      • -
    • AAD Lengths: 0, 8, 1016, 1024 (bits)
      • +
    • Additional authenticated data lengths: 0, 8, 1016, 1024 (bits)
    • 96 bit IV supported
  • AES-XTS:
    • @@ -2426,7 +2433,7 @@ The following tables are organized by cryptographic algorithms with their modes,
  • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
  • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
  • Plain Text Length: 0-32
    • -
  • AAD Length: 0-65536
    • +
  • Additional authenticated data length: 0-65536
  • AES-CFB128:
    • @@ -2499,7 +2506,7 @@ The following tables are organized by cryptographic algorithms with their modes,
    • Key Lengths: 128, 192, 256 (bits)
    • Tag Lengths: 96, 104, 112, 120, 128 (bits)
    • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
      • -
    • AAD Lengths: 0, 8, 1016, 1024 (bits)
      • +
    • Additional authenticated data lengths: 0, 8, 1016, 1024 (bits)
    • 96 bit IV supported
  • AES-XTS:
    • @@ -2532,7 +2539,7 @@ The following tables are organized by cryptographic algorithms with their modes,
  • Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)
  • IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)
  • Plain Text Length: 0-32
    • -
  • AAD Length: 0-65536
    • +
  • Additional authenticated data length: 0-65536
  • AES-CFB128:
    • @@ -2606,7 +2613,7 @@ The following tables are organized by cryptographic algorithms with their modes,
    • Key Lengths: 128, 192, 256 (bits)
    • Tag Lengths: 96, 104, 112, 120, 128 (bits)
    • Plain Text Lengths: 0, 8, 1016, 1024 (bits)
      • -
    • AAD Lengths: 0, 8, 1016, 1024 (bits)
      • +
    • Additional authenticated data lengths: 0, 8, 1016, 1024 (bits)
    • 96 bit IV supported
  • AES-XTS:
    • @@ -2669,7 +2676,7 @@ The following tables are organized by cryptographic algorithms with their modes,
  • Tag Lengths: 128 (bits)
  • IV Lengths: 96 (bits)
  • Plain Text Length: 0-32
    • -
  • AAD Length: 0-65536
    • +
  • Additional authenticated data length: 0-65536

    • AES Val#4902

    Microsoft Surface Hub BitLocker(R) Cryptographic Implementations #4896

    @@ -2682,7 +2689,7 @@ The following tables are organized by cryptographic algorithms with their modes,
  • Tag Lengths: 128 (bits)
  • IV Lengths: 96 (bits)
  • Plain Text Length: 0-32
    • -
  • AAD Length: 0-65536
    • +
  • Additional authenticated data length: 0-65536

    • AES Val#4901

    Windows 10 Mobile (version 1709) BitLocker(R) Cryptographic Implementations #4895

    @@ -2695,7 +2702,7 @@ The following tables are organized by cryptographic algorithms with their modes,
  • Tag Lengths: 128 (bits)
  • IV Lengths: 96 (bits)
  • Plain Text Length: 0-32
    • -
  • AAD Length: 0-65536
    • +
  • Additional authenticated data length: 0-65536

    • AES Val#4897

    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations #4894

    @@ -2732,8 +2739,8 @@ The following tables are organized by cryptographic algorithms with their modes,

    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16)

    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)

    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)

    -

    IV Generated: (External); PT Lengths Tested: (0, 1024, 8, 1016); AAD Lengths tested: (0, 1024, 8, 1016); 96BitIV_Supported

    -

    GMAC_Supported

    +

    IV Generated: (External); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); 96 bit IV supported

    +

    GMAC supported

    XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))

    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #4624

    Version 10.0.15063

    @@ -2778,8 +2785,8 @@ The following tables are organized by cryptographic algorithms with their modes,

    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)

    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    -IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); AAD Lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96BitIV_Supported
    -GMAC_Supported

    +IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported
    +GMAC supported

    XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))

    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #4064

    Version 10.0.14393

    @@ -2830,8 +2837,8 @@ Version 10.0.10586

    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)

    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    -IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); AAD Lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96BitIV_Supported
    -GMAC_Supported

    +IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported
    +GMAC supported

    XTS((KS: XTS_128((e/d) (f)) KS: XTS_256((e/d) (f))

    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #3629

    @@ -2856,8 +2863,8 @@ GMAC_Supported

    CMAC(Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)

    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    -IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); AAD Lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested:  (0, 0); 96BitIV_Supported
    -GMAC_Supported

    +IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested:  (0, 0); 96 bit IV supported
    +GMAC supported

    XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))

    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #3497
    Version 10.0.10240 @@ -2881,7 +2888,7 @@ Version 10.0.10240

    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)

    AES Val#2832

    -

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 BitLocker� Cryptographic Implementations #2848

    +

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BitLocker Cryptographic Implementations #2848

    Version 6.3.9600

    @@ -2889,10 +2896,10 @@ Version 10.0.10240

    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)

    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)

    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)

    -

    IV Generated:  (Externally); PT Lengths Tested:  (0, 128, 1024, 8, 1016); AAD Lengths tested:  (0, 128, 1024, 8, 1016); IV Lengths Tested:  (8, 1024); 96BitIV_Supported;
    +

    IV Generated:  (Externally); PT Lengths Tested:  (0, 128, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 128, 1024, 8, 1016); IV Lengths Tested:  (8, 1024); 96 bit IV supported;
    OtherIVLen_Supported
    -GMAC_Supported

    -

    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2832

    +GMAC supported

    +

    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2832

    Version 6.3.9600

    @@ -2902,12 +2909,12 @@ AES Val#2197

    GCM(KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    -IV Generated: (Externally); PT Lengths Tested: (0, 128, 1024, 8, 1016); AAD Lengths tested: (0, 128, 1024, 8, 1016); IV Lengths Tested: (8, 1024); 96BitIV_Supported
    -GMAC_Supported

    +IV Generated: (Externally); PT Lengths Tested: (0, 128, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 128, 1024, 8, 1016); IV Lengths Tested: (8, 1024); 96 bit IV supported
    +GMAC supported

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #2216 -

    CCM (KS: 256) (Assoc. Data Len Range: 0 - 0, 2^16 ) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)

    +

    CCM (KS: 256) (Assoc. Data Len Range: 0 - 0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)

    AES Val#2196

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #2198 @@ -2927,13 +2934,13 @@ GMAC_Supported

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #2196 -CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 – 0, 2^16 ) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
    +CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 – 0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
    AES Val#1168

    Windows Server 2008 R2 and SP1 CNG algorithms #1187

    Windows 7 Ultimate and SP1 CNG algorithms #1178

    -CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )
    +CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16)
    AES Val#1168 Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #1177 @@ -2950,11 +2957,11 @@ AES #1168, vendor-affirmed -CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 ) +CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16) Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #760 -CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 - 0, 2^16 ) (Payload Length Range: 1 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 ) +CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 - 0, 2^16) (Payload Length Range: 1 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)

    Windows Server 2008 CNG algorithms #757

    Windows Vista Ultimate SP1 CNG algorithms #756

    @@ -2995,7 +3002,7 @@ AES CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#2832)] -

    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489

    +

    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489

    Version 6.3.9600

    @@ -3280,7 +3287,7 @@ Deterministic Random Bit Generator (DRBG)

    PQG(gen)PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)]

    PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]

    KeyPairGen:   [(2048,256); (3072,256)]

    -

    SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256); ]

    +

    SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]

    SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]

    SHS: Val#3790

    DRBG: Val# 1555

    @@ -3289,16 +3296,16 @@ Deterministic Random Bit Generator (DRBG) FIPS186-4:
    -PQG(ver)PARMS TESTED:       [(1024,160) SHA(1); ]
    -SIG(ver)PARMS TESTED:   [(1024,160) SHA(1); ]
    +PQG(ver)PARMS TESTED:   [(1024,160) SHA(1)]
    +SIG(ver)PARMS TESTED:   [(1024,160) SHA(1)]
    SHS: Val# 3649

    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1188

    Version 7.00.2872

    FIPS186-4:
    -PQG(ver)PARMS TESTED:       [(1024,160) SHA(1); ]
    -SIG(ver)PARMS TESTED:   [(1024,160) SHA(1); ]
    +PQG(ver)PARMS TESTED:   [(1024,160) SHA(1)]
    +SIG(ver)PARMS TESTED:   [(1024,160) SHA(1)]
    SHS: Val#3648

    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1187

    Version 8.00.6246

    @@ -3310,7 +3317,7 @@ PQG(gen)PARMS TESTED: [
    PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    KeyPairGen:    [(2048,256); (3072,256)]
    SIG(gen)PARMS TESTED:   [(2048,256)
    -SHA(256); (3072,256) SHA(256); ]
    +SHA(256); (3072,256) SHA(256)]
    SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]

    SHS: Val# 3347
    DRBG: Val# 1217

    @@ -3320,7 +3327,7 @@ DRBG:

    FIPS186-4:
    PQG(gen)    PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)] PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    -KeyPairGen:    [(2048,256); (3072,256)] SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256); ]
    +KeyPairGen:    [(2048,256); (3072,256)] SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]

    SHS: Val# 3047
    DRBG: Val# 955

    @@ -3332,7 +3339,7 @@ DRBG: Val# 2886
    DRBG: Val# 868

    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #983

    @@ -3345,11 +3352,11 @@ PQG(gen)PARMS TESTED:   [
    PQG(ver)PARMS TESTED:   [(2048,256)
    SHA(256); (3072,256) SHA(256)]
    KeyPairGen:    [(2048,256); (3072,256)]
    -SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256); ]
    +SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]

    SHS: Val# 2373
    DRBG: Val# 489

    -

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855

    +

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855

    Version 6.3.9600

    @@ -3361,11 +3368,11 @@ DRBG: #1903
    DRBG: #258
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#687.

    +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#687.

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #687 @@ -3374,7 +3381,7 @@ PQG(ver) MOD(1024);
    SIG(ver) MOD(1024);
    SHS: #1902
    DRBG: #258
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#686. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#686. Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 DSS and Diffie-Hellman Enhanced Cryptographic Provider (DSSENH) #686 @@ -3382,7 +3389,7 @@ Some of the previously validated components for this validation have been remove SIG(ver) MOD(1024);
    SHS: Val# 1773
    DRBG: Val# 193
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#645. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#645. Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #645 @@ -3390,7 +3397,7 @@ Some of the previously validated components for this validation have been remove SIG(ver) MOD(1024);
    SHS: Val# 1081
    DRBG: Val# 23
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#391. See Historical DSA List Val#386. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#391. See Historical DSA List Val#386.

    Windows Server 2008 R2 and SP1 CNG algorithms #391

    Windows 7 Ultimate and SP1 CNG algorithms #386

    @@ -3399,7 +3406,7 @@ Some of the previously validated components for this validation have been remove SIG(ver) MOD(1024);
    SHS: Val# 1081
    RNG: Val# 649
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#390. See Historical DSA List Val#385. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#390. See Historical DSA List Val#385.

    Windows Server 2008 R2 and SP1 Enhanced DSS (DSSENH) #390

    Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) #385

    @@ -3407,7 +3414,7 @@ Some of the previously validated components for this validation have been remove FIPS186-2:
    SIG(ver)     MOD(1024);
    SHS: Val# 753
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#284. See Historical DSA List Val#283. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#284. See Historical DSA List Val#283.

    Windows Server 2008 CNG algorithms #284

    Windows Vista Ultimate SP1 CNG algorithms #283

    @@ -3416,7 +3423,7 @@ Some of the previously validated components for this validation have been remove SIG(ver) MOD(1024);
    SHS: Val# 753
    RNG: Val# 435
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#282. See Historical DSA List Val#281. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#282. See Historical DSA List Val#281.

    Windows Server 2008 Enhanced DSS (DSSENH) #282

    Windows Vista Ultimate SP1 Enhanced DSS (DSSENH) #281

    @@ -3425,7 +3432,7 @@ Some of the previously validated components for this validation have been remove SIG(ver) MOD(1024);
    SHS: Val# 618
    RNG: Val# 321
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#227. See Historical DSA List Val#226. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#227. See Historical DSA List Val#226.

    Windows Vista CNG algorithms #227

    Windows Vista Enhanced DSS (DSSENH) #226

    @@ -3434,7 +3441,7 @@ Some of the previously validated components for this validation have been remove SIG(ver) MOD(1024);
    SHS: Val# 784
    RNG: Val# 448
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#292. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#292. Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #292 @@ -3442,7 +3449,7 @@ Some of the previously validated components for this validation have been remove SIG(ver) MOD(1024);
    SHS: Val# 783
    RNG: Val# 447
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#291. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#291. Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #291 @@ -3548,7 +3555,7 @@ SHS: SHA-1 (BYTE)

    Prerequisite: SHS #2373, DRBG #489

    -

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1263

    +

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1263

    Version 6.3.9600

    @@ -3892,7 +3899,7 @@ PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))

    SHS: Val#2373
    DRBG: Val# 489

    -

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505

    +

    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505

    Version 6.3.9600

    @@ -3900,7 +3907,7 @@ DRBG: #1903
    DRBG: #258
    -SIG(ver):CURVES(P-256 P-384 P-521)
    +SIG(ver): CURVES(P-256 P-384 P-521)
    SHS: #1903
    DRBG: #258

    FIPS186-4:
    @@ -3909,7 +3916,7 @@ PKG: CURVES    (P-256 P-384 P-521 ExtraRandomBits)
    SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
    SHS: #1903
    DRBG: #258
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#341.

    +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#341.

    Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #341 @@ -3926,7 +3933,7 @@ PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
    SHS: Val#1773
    DRBG: Val# 193
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#295.

    +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#295.

    Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #295 @@ -3937,7 +3944,7 @@ PKG: CURVES(P-256 P-384 P-521)
    SIG(ver): CURVES(P-256 P-384 P-521)
    SHS: Val#1081
    DRBG: Val# 23
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#142. See Historical ECDSA List Val#141. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#142. See Historical ECDSA List Val#141.

    Windows Server 2008 R2 and SP1 CNG algorithms #142

    Windows 7 Ultimate and SP1 CNG algorithms #141

    @@ -3947,7 +3954,7 @@ PKG: CURVES(P-256 P-384 P-521)
    SHS: Val#753
    SIG(ver): CURVES(P-256 P-384 P-521)
    SHS: Val#753
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#83. See Historical ECDSA List Val#82. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#83. See Historical ECDSA List Val#82.

    Windows Server 2008 CNG algorithms #83

    Windows Vista Ultimate SP1 CNG algorithms #82

    @@ -3959,7 +3966,7 @@ PKG: CURVES(P-256 P-384 P-521)
    SIG(ver): CURVES(P-256 P-384 P-521)
    SHS: Val#618
    RNG: Val# 321
    -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#60. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#60. Windows Vista CNG algorithms #60 @@ -4219,7 +4226,7 @@ SHS Val#2373

    HMAC-SHA512 (Key Size Ranges Tested:  KSBS)
    SHS Val#2373

    -

    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773

    +

    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773

    Version 6.3.9600

    @@ -4500,7 +4507,7 @@ SHS -
  • One Pass DH:
    • +
  • One-Pass DH:
    • Key Agreement Roles: Initiator, Responder
    • Parameter Sets:
      • @@ -4802,7 +4809,7 @@ SHS       [StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]

      SHS Val#2373 ECDSA Val#505 DRBG Val#489

      -

      Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #47

      +

      Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #47

      Version 6.3.9600

      @@ -5048,7 +5055,7 @@ SHS

      KAS (SP 800–56A)

      key agreement

      -

      key establishment methodology provides 80 to 256 bits of encryption strength

      +

      key establishment methodology provides 80 bits to 256 bits of encryption strength

      Windows 7 and SP1, vendor-affirmed

      Windows Server 2008 R2 and SP1, vendor-affirmed

      @@ -5205,7 +5212,7 @@ MAC

      CTR_Mode:  (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))

      DRBG Val#489 MAC Val#1773

      -

      Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #30

      +

      Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #30

      Version 6.3.9600

      @@ -6056,7 +6063,7 @@ Sig(Ver): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen 186-4KEY(gen): FIPS186-4_Fixed_e;
      PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)

      SHA Val#2373 DRBG: Val# 489

      -

      Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 RSA Key Generation Implementation #1487

      +

      Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 RSA Key Generation Implementation #1487

      Version 6.3.9600

      @@ -6071,7 +6078,7 @@ ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 25 ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
      SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))

      SHA Val#2373

      -

      Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1493

      +

      Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1493

      Version 6.3.9600

      @@ -6079,7 +6086,7 @@ SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, [RSASSA-PSS]: Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
      Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))

      SHA Val#2373

      -

      Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #1519

      +

      Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #1519

      Version 6.3.9600

      @@ -6089,7 +6096,7 @@ SIG(Ver) (1024 SHA(1, 256, 384, 512-256)) (2048 SHA(1, 256, 384, 512-256)) (3072 [RSASSA-PSS]: Sig(Gen): (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
      Sig(Ver): (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512, 512))
      SHA #1903

      -

      Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1134.

      +

      Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#1134.

      Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1134 @@ -6104,7 +6111,7 @@ SHA #258
      ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256#1902, SHA-384#1902, SHA-512#1902,
      SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1#1902, SHA-256#1902, SHA-#1902, SHA-512#1902,
      -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1132. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#1132. Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1132 @@ -6113,7 +6120,7 @@ ALG[ANSIX9.31]:
      SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1774
      ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
      SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1774, SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
      -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1052. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#1052. Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1052 @@ -6121,14 +6128,14 @@ Some of the previously validated components for this validation have been remove ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: Val# 193
      ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
      SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1773, SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
      -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1051. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#1051. Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1051 FIPS186-2:
      ALG[RSASSA-PKCS1_V1_5]:       SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
      SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
      -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#568. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#568. Windows Server 2008 R2 and SP1 Enhanced Cryptographic Provider (RSAENH) #568 @@ -6137,21 +6144,21 @@ ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
      ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
      SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
      -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#567. See Historical RSA List Val#560. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#567. See Historical RSA List Val#560.

      Windows Server 2008 R2 and SP1 CNG algorithms #567

      Windows 7 and SP1 CNG algorithms #560

      FIPS186-2:
      ALG[ANSIX9.31]:       Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: Val# 23
      -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#559. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#559. Windows 7 and SP1 and Server 2008 R2 and SP1 RSA Key Generation Implementation #559 FIPS186-2:
      ALG[RSASSA-PKCS1_V1_5]:       SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
      SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
      -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#557. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#557. Windows 7 and SP1 Enhanced Cryptographic Provider (RSAENH) #557 @@ -6159,7 +6166,7 @@ Some of the previously validated components for this validation have been remove ALG[ANSIX9.31]:
      ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
      SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#816, SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
      -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#395. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#395. Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #395 @@ -6167,7 +6174,7 @@ Some of the previously validated components for this validation have been remove ALG[ANSIX9.31]:
      SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#783
      ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#783, SHA-384Val#783, SHA-512Val#783,
      -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#371. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#371. Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #371 @@ -6176,7 +6183,7 @@ ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
      ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
      SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
      -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#358. See Historical RSA List Val#357. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#358. See Historical RSA List Val#357.

      Windows Server 2008 CNG algorithms #358

      Windows Vista SP1 CNG algorithms #357

      @@ -6186,20 +6193,20 @@ ALG[ANSIX9.31]:
      SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753
      ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
      SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
      -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#355. See Historical RSA List Val#354. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#355. See Historical RSA List Val#354.

      Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #355

      Windows Vista SP1 Enhanced Cryptographic Provider (RSAENH) #354

      FIPS186-2:
      ALG[ANSIX9.31]:       Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537
      -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#353. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#353. Windows Vista SP1 and Windows Server 2008 RSA Key Generation Implementation #353 FIPS186-2:
      ALG[ANSIX9.31]:       Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 RNG: Val# 321
      -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#258. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#258. Windows Vista RSA key generation implementation #258 @@ -6208,14 +6215,14 @@ ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
      ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
      SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
      -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#257. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#257. Windows Vista CNG algorithms #257 FIPS186-2:
      ALG[RSASSA-PKCS1_V1_5]:       SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
      SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
      -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#255. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#255. Windows Vista Enhanced Cryptographic Provider (RSAENH) #255 @@ -6224,7 +6231,7 @@ ALG[ANSIX9.31]:
      SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#613
      ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
      SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#613, SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
      -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#245. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#245. Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #245 @@ -6233,7 +6240,7 @@ ALG[ANSIX9.31]:
      SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#589
      ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
      SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#589, SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
      -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#230. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#230. Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #230 @@ -6242,14 +6249,14 @@ ALG[ANSIX9.31]:
      SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#578
      ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
      SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#578, SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
      -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#222. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#222. Windows CE and Windows Mobile 6 and Windows Mobile 6.1 Enhanced Cryptographic Provider (RSAENH) #222 FIPS186-2:
      ALG[RSASSA-PKCS1_V1_5]:
      SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#364
      -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#81. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#81. Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #81 @@ -6258,12 +6265,12 @@ ALG[ANSIX9.31]:
      SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#305
      ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
      SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#305, SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
      -Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#52. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#52. Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #52

      FIPS186-2:

      -

      – PKCS#1 v1.5, signature generation and verification

      +

      – PKCS#1 v1.5, signature generation, and verification

      – Mod sizes: 1024, 1536, 2048, 3072, 4096

      – SHS: SHA–1/256/384/512

      Windows XP, vendor-affirmed

      @@ -6452,7 +6459,7 @@ Version 6.3.9600 SHA-256 (BYTE-only)
      SHA-384 (BYTE-only)
      SHA-512 (BYTE-only) -Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2373
      +Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2373
      Version 6.3.9600 @@ -6638,71 +6645,71 @@ Version 6.3.9600

      Version 10.0.16299

      -TECB(KO 1 e/d,); TCBC(KO 1 e/d,); TCFB8(KO 1 e/d,); TCFB64(KO 1 e/d,) +TECB(KO 1 e/d); TCBC(KO 1 e/d); TCFB8(KO 1 e/d); TCFB64(KO 1 e/d)

      Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2459

      Version 10.0.15063

      -

      TECB(KO 1 e/d,);

      -

      TCBC(KO 1 e/d,)

      +

      TECB(KO 1 e/d);

      +

      TCBC(KO 1 e/d)

      Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2384

      Version 8.00.6246

      -

      TECB(KO 1 e/d,);

      -

      TCBC(KO 1 e/d,)

      +

      TECB(KO 1 e/d);

      +

      TCBC(KO 1 e/d)

      Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2383

      Version 8.00.6246

      -

      TECB(KO 1 e/d,);

      -

      TCBC(KO 1 e/d,);

      +

      TECB(KO 1 e/d);

      +

      TCBC(KO 1 e/d);

      CTR (int only)

      Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2382

      Version 7.00.2872

      -

      TECB(KO 1 e/d,);

      -

      TCBC(KO 1 e/d,)

      +

      TECB(KO 1 e/d);

      +

      TCBC(KO 1 e/d)

      Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2381

      Version 8.00.6246

      -

      TECB(KO 1 e/d,);

      -

      TCBC(KO 1 e/d,);

      -

      TCFB8(KO 1 e/d,);

      -

      TCFB64(KO 1 e/d,)

      +

      TECB(KO 1 e/d);

      +

      TCBC(KO 1 e/d);

      +

      TCFB8(KO 1 e/d);

      +

      TCFB64(KO 1 e/d)

      Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2227

      Version 10.0.14393

      -

      TECB(KO 1 e/d,);

      -

      TCBC(KO 1 e/d,);

      -

      TCFB8(KO 1 e/d,);

      -

      TCFB64(KO 1 e/d,)

      +

      TECB(KO 1 e/d);

      +

      TCBC(KO 1 e/d);

      +

      TCFB8(KO 1 e/d);

      +

      TCFB64(KO 1 e/d)

      Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #2024

      Version 10.0.10586

      -

      TECB(KO 1 e/d,);

      -

      TCBC(KO 1 e/d,);

      -

      TCFB8(KO 1 e/d,);

      -

      TCFB64(KO 1 e/d,)

      +

      TECB(KO 1 e/d);

      +

      TCBC(KO 1 e/d);

      +

      TCFB8(KO 1 e/d);

      +

      TCFB64(KO 1 e/d)

      Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #1969

      Version 10.0.10240

      -

      TECB(KO 1 e/d,);

      -

      TCBC(KO 1 e/d,);

      -

      TCFB8(KO 1 e/d,);

      -

      TCFB64(KO 1 e/d,)

      -

      Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1692

      +

      TECB(KO 1 e/d);

      +

      TCBC(KO 1 e/d);

      +

      TCFB8(KO 1 e/d);

      +

      TCFB64(KO 1 e/d)

      +

      Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1692

      Version 6.3.9600

      @@ -6770,7 +6777,7 @@ Version 6.3.9600 -#### SP 800-132 Password Based Key Derivation Function (PBKDF) +#### SP 800-132 Password-Based Key Derivation Function (PBKDF) @@ -6824,7 +6831,7 @@ Version 6.3.9600

      Prerequisite: DRBG #489

      - @@ -6856,7 +6863,7 @@ Version 6.3.9600
    • Modulus Size: 2048 (bits)
      • - @@ -7265,7 +7272,7 @@ Version 10.0.14393

      Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #894
      Version 10.0.14393icrosoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #666
      Version 10.0.10586

      -

      Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #288
      +

      Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #288
      Version 6.3.9600

      @@ -7282,7 +7289,7 @@ Version 10.0.15063

      Version 10.0.14393

      Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #888
      Version 10.0.14393

      -

      Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #665
      +

      Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #665
      Version 10.0.10586

      Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #572
      Version  10.0.10240

      @@ -7335,10 +7342,7 @@ fips@microsoft.com ## References -\[[FIPS 140](http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf)\] - FIPS 140-2, Security Requirements for Cryptographic Modules - -\[[FIPS FAQ](http://csrc.nist.gov/groups/stm/cmvp/documents/cmvpfaq.pdf)\] - Cryptographic Module Validation Program (CMVP) FAQ - -\[[SP 800-57](http://csrc.nist.gov/publications/pubssps.html#800-57-part1)\] - Recommendation for Key Management – Part 1: General (Revised) - -\[[SP 800-131A](http://csrc.nist.gov/publications/nistpubs/800-131a/sp800-131a.pdf)\] - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths +* [FIPS 140-2, Security Requirements for Cryptographic Modules](http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf)) +* [Cryptographic Module Validation Program (CMVP) FAQ](http://csrc.nist.gov/groups/stm/cmvp/documents/cmvpfaq.pdf) +* [SP 800-57 - Recommendation for Key Management – Part 1: General (Revised)]((http://csrc.nist.gov/publications/pubssps.html#800-57-part1)) +* [SP 800-131A - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths](http://csrc.nist.gov/publications/nistpubs/800-131a/sp800-131a.pdf) From fc61950ea7aff2dbf86262fcff5f71e845054133 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Wed, 11 Nov 2020 17:39:30 -0500 Subject: [PATCH 17/27] fixed one dead link in refs section --- windows/security/threat-protection/fips-140-validation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md index 755d20142f..0650fc3e25 100644 --- a/windows/security/threat-protection/fips-140-validation.md +++ b/windows/security/threat-protection/fips-140-validation.md @@ -7344,5 +7344,5 @@ fips@microsoft.com * [FIPS 140-2, Security Requirements for Cryptographic Modules](http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf)) * [Cryptographic Module Validation Program (CMVP) FAQ](http://csrc.nist.gov/groups/stm/cmvp/documents/cmvpfaq.pdf) -* [SP 800-57 - Recommendation for Key Management – Part 1: General (Revised)]((http://csrc.nist.gov/publications/pubssps.html#800-57-part1)) +* [SP 800-57 - Recommendation for Key Management – Part 1: General (Revised)](https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-5/final) * [SP 800-131A - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths](http://csrc.nist.gov/publications/nistpubs/800-131a/sp800-131a.pdf) From e9d9746c26d0154f4ecb10ee63f82caf8831b8e5 Mon Sep 17 00:00:00 2001 From: Marty Hernandez Avedon Date: Wed, 11 Nov 2020 17:53:22 -0500 Subject: [PATCH 18/27] val # -> validation number --- .../threat-protection/fips-140-validation.md | 744 +++++++++--------- 1 file changed, 372 insertions(+), 372 deletions(-) diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md index 0650fc3e25..98392dd180 100644 --- a/windows/security/threat-protection/fips-140-validation.md +++ b/windows/security/threat-protection/fips-140-validation.md @@ -2641,7 +2641,7 @@ The following tables are organized by cryptographic algorithms with their modes,
    • Key Lengths: 128, 192, 256 (bits)
    • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
      • -

      AES Val#4902

      +

      AES validation number 4902

       @@ -2653,7 +2653,7 @@ The following tables are organized by cryptographic algorithms with their modes,
    • Key Lengths: 128, 192, 256 (bits)
    • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
      • -

      AES Val#4901

      +

      AES validation number 4901

      @@ -2665,7 +2665,7 @@ The following tables are organized by cryptographic algorithms with their modes,
    • Key Lengths: 128, 192, 256 (bits)
    • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
      • -

      AES Val#4897

      +

      AES validation number 4897

      @@ -2678,7 +2678,7 @@ The following tables are organized by cryptographic algorithms with their modes,
    • Plain Text Length: 0-32
    • Additional authenticated data length: 0-65536
      • -

      AES Val#4902

      +

      AES validation number 4902

      @@ -2691,7 +2691,7 @@ The following tables are organized by cryptographic algorithms with their modes,
    • Plain Text Length: 0-32
    • Additional authenticated data length: 0-65536
      • -

      AES Val#4901

      +

      AES validation number 4901

      @@ -2704,7 +2704,7 @@ The following tables are organized by cryptographic algorithms with their modes,
    • Plain Text Length: 0-32
    • Additional authenticated data length: 0-65536
      • -

      AES Val#4897

      +

      AES validation number 4897

      @@ -2718,13 +2718,13 @@ The following tables are organized by cryptographic algorithms with their modes, +

      AES validation number 4624

      @@ -2801,25 +2801,25 @@ Version 10.0.14393 +

      AES validation number 4064

      +

      AES validation number 4064

      +

      AES validation number 3629

      +

      AES validation number 3629

      @@ -2847,13 +2847,13 @@ GMAC supported

      +

      AES validation number 3497

      +

      AES validation number 3497

      @@ -2887,7 +2887,7 @@ Version 10.0.10240 +

      AES validation number 2832

      @@ -2904,9 +2904,9 @@ GMAC supported

      +

      AES validation number 2196

      @@ -2935,13 +2935,13 @@ GMAC supported

      +AES validation number 1168 +AES validation number 1168 @@ -3080,70 +3080,70 @@ AES - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -3289,8 +3289,8 @@ AES Val#3790

      -

      DRBG: Val# 1555

      +

      SHS: validation number 3790

      +

      DRBG: validation number 1555

      @@ -3298,7 +3298,7 @@ AES Val# 3649 +SHS: validation number 3649 @@ -3306,7 +3306,7 @@ SHS: Val#3648 +SHS: validation number 3648 @@ -3319,8 +3319,8 @@ KeyPairGen:    [(2048,256); (3072,256)]
      SIG(gen)PARMS TESTED:   [(2048,256)
      SHA(256); (3072,256) SHA(256)]
      SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]

      -

      SHS: Val# 3347
      -DRBG: Val# 1217

      +

      SHS: validation number 3347
      +DRBG: validation number 1217

      @@ -3329,8 +3329,8 @@ DRBG: Val# 3047
      -DRBG: Val# 955

      +

      SHS: validation number 3047
      +DRBG: validation number 955

      @@ -3340,8 +3340,8 @@ PQG(gen)PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)]
      PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
      KeyPairGen:    [(2048,256); (3072,256)]
      SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)] SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]

      -

      SHS: Val# 2886
      -DRBG: Val# 868

      +

      SHS: validation number 2886
      +DRBG: validation number 868

      @@ -3354,8 +3354,8 @@ SHA(256); (3072,256) SHA(256)]
      KeyPairGen:    [(2048,256); (3072,256)]
      SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
      SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]

      -

      SHS: Val# 2373
      -DRBG: Val# 489

      +

      SHS: validation number 2373
      +DRBG: validation number 489

      @@ -3372,7 +3372,7 @@ PQG(gen)PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)]
      SIG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
      SHS: #1903
      DRBG: #258
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#687.

      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 687.

      @@ -3381,75 +3381,75 @@ PQG(ver) MOD(1024);
      SIG(ver) MOD(1024);
      SHS: #1902
      DRBG: #258
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#686. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 686. +SHS: validation number 1773
      +DRBG: validation number 193
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 645. +SHS: validation number 1081
      +DRBG: validation number 23
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 391. See Historical DSA List validation number 386. +SHS: validation number 1081
      +RNG: validation number 649
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 390. See Historical DSA List validation number 385. +SHS: validation number 753
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 284. See Historical DSA List validation number 283. +SHS: validation number 753
      +RNG: validation number 435
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 282. See Historical DSA List validation number 281. +SHS: validation number 618
      +RNG: validation number 321
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 227. See Historical DSA List validation number 226. +SHS: validation number 784
      +RNG: validation number 448
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 292. +SHS: validation number 783
      +RNG: validation number 447
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List validation number 291. @@ -3459,8 +3459,8 @@ PQG(gen) MOD(1024);
      KEYGEN(Y) MOD(1024);
      SIG(gen) MOD(1024);
      SIG(ver) MOD(1024);
      -SHS: Val# 611
      -RNG: Val# 314 +SHS: validation number 611
      +RNG: validation number 314 @@ -3470,7 +3470,7 @@ PQG(gen) MOD(1024);
      KEYGEN(Y) MOD(1024);
      SIG(gen) MOD(1024);
      SIG(ver) MOD(1024);
      -SHS: Val# 385 +SHS: validation number 385 @@ -3479,7 +3479,7 @@ PQG(ver) MOD(1024);
      KEYGEN(Y) MOD(1024);
      SIG(gen) MOD(1024);
      SIG(ver) MOD(1024);
      -SHS: Val# 181
      +SHS: validation number 181

      @@ -3801,8 +3801,8 @@ SHS: SHA-1 (BYTE)

      +SHS: validation number 3790
      +DRBG: validation number 1555 @@ -3812,8 +3812,8 @@ PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
      PKV: CURVES(P-256 P-384 P-521)
      SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
      SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
      -SHS: Val#3790
      -DRBG: Val# 1555 +SHS: validation number 3790
      +DRBG: validation number 1555 @@ -3823,8 +3823,8 @@ PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
      PKV: CURVES(P-256 P-384 P-521)
      SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
      SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
      -SHS: Val#3790
      -DRBG: Val# 1555 +SHS: validation number 3790
      +DRBG: validation number 1555 @@ -3834,8 +3834,8 @@ PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
      PKV: CURVES(P-256 P-384 P-521)
      SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
      SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512))
      -SHS:Val# 3649
      -DRBG:Val# 1430 +SHS:validation number 3649
      +DRBG:validation number 1430 @@ -3845,8 +3845,8 @@ PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
      PKV: CURVES(P-256 P-384 P-521)
      SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
      SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512))
      -SHS:Val#3648
      -DRBG:Val# 1429 +SHS:validation number 3648
      +DRBG:validation number 1429 @@ -3856,8 +3856,8 @@ PKG: CURVES(P-256 P-384 TestingCandidates)
      PKV: CURVES(P-256 P-384)
      SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) SIG(gen) with SHA-1 affirmed for use with protocols only.
      SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384))

      -

      SHS: Val# 3347
      -DRBG: Val# 1222

      +

      SHS: validation number 3347
      +DRBG: validation number 1222

      @@ -3867,8 +3867,8 @@ PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
      PKV: CURVES(P-256 P-384 P-521)
      SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
      SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))

      -

      SHS: Val# 3347
      -DRBG: Val# 1217

      +

      SHS: validation number 3347
      +DRBG: validation number 1217

      @@ -3877,8 +3877,8 @@ DRBG: Val# 3047
      -DRBG: Val# 955

      +

      SHS: validation number 3047
      +DRBG: validation number 955

      @@ -3887,8 +3887,8 @@ DRBG: Val# 2886
      -DRBG: Val# 868

      +

      SHS: validation number 2886
      +DRBG: validation number 868

      @@ -3897,8 +3897,8 @@ DRBG: Val#2373
      -DRBG: Val# 489

      +

      SHS: validation number 2373
      +DRBG: validation number 489

      @@ -3916,57 +3916,57 @@ PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
      SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
      SHS: #1903
      DRBG: #258
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#341.

      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 341.

      +SHS: validation number 1773
      +DRBG: validation number 193
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 295.

      +SHS: validation number 1081
      +DRBG: validation number 23
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 142. See Historical ECDSA List validation number 141. +SHS: validation number 753
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 83. See Historical ECDSA List validation number 82. +SHS: validation number 618
      +RNG: validation number 321
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List validation number 60. @@ -4129,111 +4129,111 @@ Some of the previously validated components for this validation have been remove

      Version 10.0.16299

      - + - + - + - + - + - + +SHS validation number 3347

      - + +SHS validation number 3047

      +SHSvalidation number 2886

      +SHS validation number 2373

      - + @@ -4261,133 +4261,133 @@ SHS 1345 - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -4929,9 +4929,9 @@ SHS +

      SHS validation number 3790
      +DSA validation number 1135
      +DRBG validation number 1556

      @@ -4939,16 +4939,16 @@ DRBG Val#3790
      -DSA Val#1223
      -DRBG Val#1555

      +SHS validation number 3790
      +DSA validation number 1223
      +DRBG validation number 1555

      ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES [EphemeralUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
      [OnePassDH (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
      [StaticUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]

      -SHS Val#3790
      -ECDSA Val#1133
      -DRBG Val#1555

      +SHS validation number 3790
      +ECDSA validation number 1133
      +DRBG validation number 1555

      @@ -4956,9 +4956,9 @@ DRBG Val# 3649
      -DSA Val#1188
      -DRBG Val#1430

      +SHS validation number 3649
      +DSA validation number 1188
      +DRBG validation number 1430

      ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES [EphemeralUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
      [OnePassDH (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
      [StaticUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]

      @@ -4970,23 +4970,23 @@ DRBG Val#3648
      -DSA Val#1187
      -DRBG Val#1429

      +SHS validation number 3648
      +DSA validation number 1187
      +DRBG validation number 1429

      ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES [EphemeralUnified (No_KC) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
      [OnePassDH (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
      [StaticUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]

      -SHS Val#3648
      -ECDSA Val#1072
      -DRBG Val#1429

      +SHS validation number 3648
      +ECDSA validation number 1072
      +DRBG validation number 1429

      +

      SHS validation number 3347 ECDSA validation number 920 DRBG validation number 1222

      @@ -4995,11 +4995,11 @@ DRBG Val# 3347 DSA Val#1098 DRBG Val#1217

      +

      SHS validation number 3347 DSA validation number 1098 DRBG validation number 1217

      ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]
      [OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
      [StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]

      -

      SHS Val# 3347 DSA Val#1098 ECDSA Val#911 DRBG Val#1217 HMAC Val#2651

      +

      SHS validation number 3347 DSA validation number 1098 ECDSA validation number 911 DRBG validation number 1217 HMAC validation number 2651

      @@ -5007,11 +5007,11 @@ DRBG Val# 3047 DSA Val#1024 DRBG Val#955

      +

      SHS validation number 3047 DSA validation number 1024 DRBG validation number 955

      ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]
      [OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
      [StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]

      -

      SHS Val# 3047 ECDSA Val#760 DRBG Val#955

      +

      SHS validation number 3047 ECDSA validation number 760 DRBG validation number 955

      @@ -5019,11 +5019,11 @@ DRBG Val# 2886 DSA Val#983 DRBG Val#868

      +

      SHS validation number 2886 DSA validation number 983 DRBG validation number 868

      ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]
      [OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
      [StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]

      -

      SHS Val# 2886 ECDSA Val#706 DRBG Val#868

      +

      SHS validation number 2886 ECDSA validation number 706 DRBG validation number 868

      @@ -5031,11 +5031,11 @@ DRBG Val#2373 DSA Val#855 DRBG Val#489

      +

      SHS validation number 2373 DSA validation number 855 DRBG validation number 489

      ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]
      [OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
      [StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]

      -

      SHS Val#2373 ECDSA Val#505 DRBG Val#489

      +

      SHS validation number 2373 ECDSA validation number 505 DRBG validation number 489

      @@ -5044,12 +5044,12 @@ DRBG #1903 DSA Val#687 DRBG #258

      +SHS #1903 DSA validation number 687 DRBG #258

      ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
      [OnePassDH(No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256 SHA256) (ED: P-384 SHA384) (EE: P-521 (SHA512, HMAC_SHA512)))]
      [StaticUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]

      -SHS #1903 ECDSA Val#341 DRBG #258

      +SHS #1903 ECDSA validation number 341 DRBG #258

      @@ -5169,55 +5169,55 @@ SP 800-108 Key-Based Key Derivation Functions (KBKDF) +KAS validation number 128
      +DRBG validation number 1556
      +MAC validation number 3062 +KAS validation number 127
      +AES validation number 4624
      +DRBG validation number 1555
      +MAC validation number 3061 +

      KAS validation number 93 DRBG validation number 1222 MAC validation number 2661

      +

      KAS validation number 92 AES validation number 4064 DRBG validation number 1217 MAC validation number 2651

      +

      KAS validation number 72 AES validation number 3629 DRBG validation number 955 MAC validation number 2381

      +

      KAS validation number 64 AES validation number 3497 RBG validation number 868 MAC validation number 2233

      +

      DRBG validation number 489 MAC validation number 1773

      +

      DRBG #258 HMAC validation number 1345

      @@ -5862,14 +5862,14 @@ ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384)) SIG(gen) with SIG(Ver) (1024 SHA(1, 256, 384)) (2048 SHA(1, 256, 384))
      [RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) SIG(gen) with SHA-1 affirmed for use with protocols only.
       Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48)))
      -SHA Val#3790 +SHA validation number 3790       +SHA validation number 3790 @@ -5881,8 +5881,8 @@ SHA Val#3790
      -DRBG: Val# 1555 +SHA validation number 3790
      +DRBG: validation number 1555       @@ -5894,65 +5894,65 @@ PGM(ProbRandom: (2048, 3072) PPTT:(C.2)
      SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
      [RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) SIG(gen) with SHA-1 affirmed for use with protocols only.
       Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
      -SHA Val#3790 +SHA validation number 3790       +SHA validation number 3652

       +SHA validation number 3651

       +SHA validation number 3649
      +DRBG: validation number 1430

       +SHA validation number 3648
      +DRBG: validation number 1429

       @@ -5962,7 +5962,7 @@ ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384)) SIG(gen) with SHA-1 SIG(Ver) (1024 SHA(1, 256, 384)) (2048 SHA(1, 256, 384))
      [RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) SIG(gen) with SHA-1 affirmed for use with protocols only.
      Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48)))

      -

      SHA Val# 3347

      +

      SHA validation number 3347

       @@ -5970,14 +5970,14 @@ Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA( +

      SHA validation number 3347 DRBG: validation number 1217

       +

      SHA validation number 3346

       @@ -5985,7 +5985,7 @@ ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 25 +

      SHA validation number 3347 DRBG: validation number 1217

       @@ -5993,7 +5993,7 @@ ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384 +

      SHA validation number 3347 DRBG: validation number 1217

       @@ -6001,14 +6001,14 @@ ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384 +

      SHA validation number 3047 DRBG: validation number 955

       +

      SHA validation number 3048

       @@ -6016,7 +6016,7 @@ ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 25 +

      SHA validation number 3047

       @@ -6024,7 +6024,7 @@ ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384 +

      SHA validation number 3047

       @@ -6032,21 +6032,21 @@ ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384 +

      SHA validation number 2886 DRBG: validation number 868

       +

      SHA validation number 2871

       +

      SHA validation number 2871

       @@ -6054,7 +6054,7 @@ ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 25 +

      SHA validation number 2886

       @@ -6062,14 +6062,14 @@ Sig(Ver): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen +

      SHA validation number 2373 DRBG: validation number 489

       +

      SHA validation number 2373

       @@ -6077,7 +6077,7 @@ ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 25 +

      SHA validation number 2373

       @@ -6085,7 +6085,7 @@ SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, +

      SHA validation number 2373

       @@ -6096,7 +6096,7 @@ SIG(Ver) (1024 SHA(1, 256, 384, 512-256)) (2048 SHA(1, 256, 384, 512-256)) (3072 [RSASSA-PSS]: Sig(Gen): (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
      Sig(Ver): (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512, 512))
      SHA #1903

      -

      Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#1134.

      +

      Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 1134.

       @@ -6111,161 +6111,161 @@ SHA #258
      ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256#1902, SHA-384#1902, SHA-512#1902,
      SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1#1902, SHA-256#1902, SHA-#1902, SHA-512#1902,
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#1132. +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 1132.       +SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1774
      +ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1774, SHA-384validation number 1774, SHA-512validation number 1774,
      +SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1774, SHA-256validation number 1774, SHA-384validation number 1774, SHA-512validation number 1774,
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 1052.       +ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: validation number 193
      +ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1773, SHA-384validation number 1773, SHA-512validation number 1773,
      +SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1773, SHA-256validation number 1773, SHA-384validation number 1773, SHA-512validation number 1773,
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 1051.       +ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
      +SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1081, SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 568.       +ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
      +SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1081, SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
      +ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081
      +SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1081, SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 567. See Historical RSA List validation number 560.       +ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: validation number 23
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 559.       +ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
      +SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 1081, SHA-256validation number 1081, SHA-384validation number 1081, SHA-512validation number 1081,
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 557.       +ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 816, SHA-384validation number 816, SHA-512validation number 816,
      +SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 816, SHA-256validation number 816, SHA-384validation number 816, SHA-512validation number 816,
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 395.       +SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 783
      +ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 783, SHA-384validation number 783, SHA-512validation number 783,
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 371.       +ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753,
      +SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 753, SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753,
      +ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753
      +SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 753, SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 358. See Historical RSA List validation number 357.       +SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 753
      +ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753,
      +SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 753, SHA-256validation number 753, SHA-384validation number 753, SHA-512validation number 753,
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 355. See Historical RSA List validation number 354.       +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 353. +ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 RNG: validation number 321
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 258.       +ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618,
      +SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 618, SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618,
      +ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618
      +SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 618, SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 257.       +ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618,
      +SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 618, SHA-256validation number 618, SHA-384validation number 618, SHA-512validation number 618,
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 255.       +SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 613
      +ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 613, SHA-384validation number 613, SHA-512validation number 613,
      +SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 613, SHA-256validation number 613, SHA-384validation number 613, SHA-512validation number 613,
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 245.       +SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 589
      +ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 589, SHA-384validation number 589, SHA-512validation number 589,
      +SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 589, SHA-256validation number 589, SHA-384validation number 589, SHA-512validation number 589,
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 230.       +SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 578
      +ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 578, SHA-384validation number 578, SHA-512validation number 578,
      +SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 578, SHA-256validation number 578, SHA-384validation number 578, SHA-512validation number 578,
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 222.       +SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 364
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 81.       +SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 305
      +ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256validation number 305, SHA-384validation number 305, SHA-512validation number 305,
      +SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 305, SHA-256validation number 305, SHA-384validation number 305, SHA-512validation number 305,
      +Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List validation number 52.       From e76065c56e01d3f949d7403154b2f0a51048dcb3 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Wed, 11 Nov 2020 15:45:29 -0800 Subject: [PATCH 19/27] attention required --- .../microsoft-defender-atp/tvm-remediation.md | 10 +++++++--- .../tvm-zero-day-vulnerabilities.md | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md index 83f4fa34f0..a61efd6251 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md @@ -44,11 +44,13 @@ See [Use Intune to remediate vulnerabilities identified by Microsoft Defender AT 2. Select a security recommendation you would like to request remediation for, and then select **Remediation options**. -3. Fill out the form, including what you are requesting remediation for, priority, due date, and optional notes. Select **Submit request**. Submitting a remediation request creates a remediation activity item within threat and vulnerability management, which can be used for monitoring the remediation progress for this recommendation. This will not trigger a remediation or apply any changes to devices. +3. Fill out the form, including what you are requesting remediation for, priority, due date, and optional notes. If you choose the "attention required" remediation option, selecting a due date will not be available since there is no specific action. -4. Notify your IT Administrator about the new request and have them log into Intune to approve or reject the request and start a package deployment. +4. Select **Submit request**. Submitting a remediation request creates a remediation activity item within threat and vulnerability management, which can be used for monitoring the remediation progress for this recommendation. This will not trigger a remediation or apply any changes to devices. -5. Go to the [**Remediation**](tvm-remediation.md) page to view the status of your remediation request. +5. Notify your IT Administrator about the new request and have them log into Intune to approve or reject the request and start a package deployment. + +6. Go to the [**Remediation**](tvm-remediation.md) page to view the status of your remediation request. If you want to check how the ticket shows up in Intune, see [Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP](https://docs.microsoft.com/intune/atp-manage-vulnerabilities) for details. @@ -63,6 +65,8 @@ Lower your organization's exposure from vulnerabilities and increase your securi When you submit a remediation request from the Security recommendations page, it kicks-off a remediation activity. A security task is created that can be tracked in the threat and vulnerability management **Remediation** page, and a remediation ticket is created in Microsoft Intune. +If you chose the "attention required" remediation option, there will be no progress bar, ticket status, or due date since there is no actual action we can monitor. + Once you are in the Remediation page, select the remediation activity that you want to view. You can follow the remediation steps, track progress, view the related recommendation, export to CSV, or mark as complete. ![Example of the Remediation page, with a selected remediation activity, and that activity's flyout listing the description, IT service and device management tools, and device remediation progress.](images/remediation_flyouteolsw.png) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md index f1747bc294..51fcf8acbc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-zero-day-vulnerabilities.md @@ -90,7 +90,7 @@ Open remediation options and choose the attention type. An "attention required" ## Track zero-day remediation activities -Go to the threat and vulnerability management [Remediation](tvm-remediation.md) page to view the remediation activity item. If you chose the "attention required" remediation option, there will be no progress bar or ticket status since there is no actual action we can monitor. +Go to the threat and vulnerability management [Remediation](tvm-remediation.md) page to view the remediation activity item. If you chose the "attention required" remediation option, there will be no progress bar, ticket status, or due date since there is no actual action we can monitor. You can filter by remediation type, such as "software update" or "attention required," to see all activity items in the same category. ## Patching zero-day vulnerabilities From da38b56a098794cbcae51f0ea93ad22a3bf06009 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Thu, 12 Nov 2020 11:22:11 -0800 Subject: [PATCH 20/27] Update docfx.json --- education/docfx.json | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/education/docfx.json b/education/docfx.json index 809a2da28f..8ba1394c6d 100644 --- a/education/docfx.json +++ b/education/docfx.json @@ -7,7 +7,8 @@ "**/**.yml" ], "exclude": [ - "**/obj/**" + "**/obj/**", + "**/includes/**" ] } ], @@ -19,7 +20,8 @@ "**/*.svg" ], "exclude": [ - "**/obj/**" + "**/obj/**", + "**/includes/**" ] } ], From 05f1ccbd0a84e802f19bab5bc5081568ac0d66c7 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Fri, 13 Nov 2020 10:37:22 -0800 Subject: [PATCH 21/27] Updated what's new for the new SurfaceHub CSP node --- .../mdm/change-history-for-mdm-documentation.md | 1 + .../mdm/new-in-windows-mdm-enrollment-management.md | 1 + 2 files changed, 2 insertions(+) diff --git a/windows/client-management/mdm/change-history-for-mdm-documentation.md b/windows/client-management/mdm/change-history-for-mdm-documentation.md index b1d4002955..556ff58e7a 100644 --- a/windows/client-management/mdm/change-history-for-mdm-documentation.md +++ b/windows/client-management/mdm/change-history-for-mdm-documentation.md @@ -21,6 +21,7 @@ This article lists new and updated articles for the Mobile Device Management (MD |New or updated article | Description| |--- | ---| | [Policy CSP](policy-configuration-service-provider.md) | Added the following new policy:
      - [Multitasking/BrowserAltTabBlowout](policy-csp-multitasking.md#multitasking-browseralttabblowout) | +| [SurfaceHub CSP](surfacehub-csp.md) | Added the following new node:
      -Properties/SleepMode | ## October 2020 diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index ee9ee3c5f7..15c29f831f 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -27,6 +27,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s |New or updated article|Description| |-----|-----| | [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 20H2:
      - [Experience/DisableCloudOptimizedContent](policy-csp-experience.md#experience-disablecloudoptimizedcontent)
      - [LocalUsersAndGroups/Configure](policy-csp-localusersandgroups.md#localusersandgroups-configure)
      - [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
      - [MixedReality/BrightnessButtonDisabled](policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
      - [MixedReality/FallbackDiagnostics](policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
      - [MixedReality/MicrophoneDisabled](policy-csp-mixedreality.md#mixedreality-microphonedisabled)
      - [MixedReality/VolumeButtonDisabled](policy-csp-mixedreality.md#mixedreality-volumebuttondisabled)
      - [Multitasking/BrowserAltTabBlowout](policy-csp-multitasking.md#multitasking-browseralttabblowout) | +| [SurfaceHub CSP](surfacehub-csp.md) | Added the following new node:
      -Properties/SleepMode | | [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) | Updated the description of the following node:
      - Settings/AllowWindowsDefenderApplicationGuard | ## What’s new in MDM for Windows 10, version 2004 From 91b3e607050566f388d91047328a959114925e75 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Fri, 13 Nov 2020 11:00:24 -0800 Subject: [PATCH 22/27] Additional notes on Big Sur --- .../threat-protection/microsoft-defender-atp/mac-exclusions.md | 3 +++ .../threat-protection/microsoft-defender-atp/mac-whatsnew.md | 3 +++ .../microsoft-defender-atp/microsoft-defender-atp-mac.md | 3 +++ 3 files changed, 9 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md index 04b95ce93b..2e17fbc6fd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md @@ -58,6 +58,9 @@ Wildcard | Description | Example | Matches | Does not match \* | Matches any number of any characters including none (note that when this wildcard is used inside a path it will substitute only one folder) | `/var/*/*.log` | `/var/log/system.log` | `/var/log/nested/system.log` ? | Matches any single character | `file?.log` | `file1.log`
      `file2.log` | `file123.log` +>[!NOTE] +>The product attempts to resolve firmlinks when evaluating exclusions. Firmlink resolution does not work when the exclusion contains wildcards or the target file (on the `Data` volume) does not exist. + ## How to configure the list of exclusions ### From the management console diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md index 719aa6fb32..b40f3ea88c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md @@ -23,6 +23,9 @@ ms.topic: conceptual [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +> [!IMPORTANT] +> On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [this page](mac-sysext-policies.md). + > [!IMPORTANT] > Extensive testing of MDE (Microsoft Defender for Endpoint) with new system extensions on macOS 11 (Big Sur) revealed an intermittent issue that impacts macOS devices with specific graphic cards models. In rare cases on impacted macOS devices calls into macOS system extensions were seen resulting in kernel panic. Microsoft is actively working with Apple engineering to clarify profile of impacted devices and to address this macOS issue. In the meantime, if you encounter such a kernel panic, please submit a feedback report to Apple through the Feedback Assistant app. diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index 0121869dec..44dd5225e9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -65,6 +65,9 @@ There are several methods and deployment tools that you can use to install and c The three most recent major releases of macOS are supported. +> [!IMPORTANT] +> On macOS 11 (Big Sur), Microsoft Defender for Endpoint requires additional configuration profiles. If you are an existing customer upgrading from earlier versions of macOS, make sure to deploy the additional configuration profiles listed on [this page](mac-sysext-policies.md). + > [!IMPORTANT] > Extensive testing of MDE (Microsoft Defender for Endpoint) with new system extensions on macOS 11 (Big Sur) revealed an intermittent issue that impacts macOS devices with specific graphic cards models. In rare cases on impacted macOS devices calls into macOS system extensions were seen resulting in kernel panic. Microsoft is actively working with Apple engineering to clarify profile of impacted devices and to address this macOS issue. In the meantime, if you encounter such a kernel panic, please submit a feedback report to Apple through the Feedback Assistant app. From 03cb3db29569f61c3f44d14ceedd7bc0f20feb07 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Fri, 13 Nov 2020 11:26:13 -0800 Subject: [PATCH 23/27] pencil edit --- .../microsoft-defender-atp/exposed-apis-create-app-nativeapp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md index f038690f96..fb00021426 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-nativeapp.md @@ -73,7 +73,7 @@ This page explains how to create an AAD application, get an access token to Micr To see specific examples for web applications or native applications, check out our [quickstarts](/azure/active-directory/develop/#quickstarts). - When finished, select **Register**. + When finished, select **Register**. 4. Allow your Application to access Microsoft Defender for Endpoint and assign it 'Read alerts' permission: From 96acfc092935e1cfcbe87c5456dae2cba0a2285d Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 13 Nov 2020 12:24:00 -0800 Subject: [PATCH 24/27] software page update --- .../microsoft-defender-atp/tvm-software-inventory.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md index c8bd26da4e..5193e38674 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md @@ -57,7 +57,7 @@ Select the software that you want to investigate. A flyout panel will open with ### Software that isn't supported -Software that isn't currently supported by threat & vulnerability management is still present in the Software inventory page. Because it is not supported, only limited data will be available. Filter by unsupported software with the "Not available" option in the "Weakness" section. +Software that isn't currently supported by threat & vulnerability management may still be present in the Software inventory page. Because it is not supported, only limited data will be available. Filter by unsupported software with the "Not available" option in the "Weakness" section. ![Unsupported software filter.](images/tvm-unsupported-software-filter.png) @@ -66,6 +66,7 @@ The following indicates that a software is not supported: - Weaknesses field shows "Not available" - Exposed devices field shows a dash - Informational text added in side panel and in software page +- The software page won't have the security recommendations, discovered vulnerabilities, or event timeline sections Currently, products without a CPE are not shown in the software inventory page, only in the device level software inventory. From 7bbcd7f6ffe532e13b72a76c8e7c8b5e7b748882 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Fri, 13 Nov 2020 12:25:29 -0800 Subject: [PATCH 25/27] remove still --- .../microsoft-defender-atp/tvm-software-inventory.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md index 5193e38674..d18b376b49 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md @@ -57,7 +57,7 @@ Select the software that you want to investigate. A flyout panel will open with ### Software that isn't supported -Software that isn't currently supported by threat & vulnerability management may still be present in the Software inventory page. Because it is not supported, only limited data will be available. Filter by unsupported software with the "Not available" option in the "Weakness" section. +Software that isn't currently supported by threat & vulnerability management may be present in the Software inventory page. Because it is not supported, only limited data will be available. Filter by unsupported software with the "Not available" option in the "Weakness" section. ![Unsupported software filter.](images/tvm-unsupported-software-filter.png) From 30332549290762473032b5de220be2f5992883f5 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sat, 14 Nov 2020 04:12:27 +0530 Subject: [PATCH 26/27] Update windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md accepted Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 13846802f8..c72bdf03e9 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1659,7 +1659,7 @@ You can turn off **Enhanced Notifications** as follows: -or- -- Create a new REG_DWORD registry setting named **DisableEnhancedNotifications** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\Reporting** to a value of **1**. +- Create a new REG_DWORD registry setting named **DisableEnhancedNotifications** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\Reporting** and enter the decimal value **1**. ### 24.1 Windows Defender SmartScreen From dc58f94421b588df90f1dc7a4cc17511e347fb45 Mon Sep 17 00:00:00 2001 From: Beth Levin Date: Mon, 16 Nov 2020 09:34:52 -0800 Subject: [PATCH 27/27] updated pages --- .../images/tvm-exception-permissions.png | Bin 0 -> 42899 bytes .../images/tvm-exception-view.png | Bin 0 -> 30511 bytes .../microsoft-defender-atp/tvm-exception.md | 30 ++++++++---------- 3 files changed, 14 insertions(+), 16 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-permissions.png create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-view.png diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-permissions.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-exception-permissions.png new file mode 100644 index 0000000000000000000000000000000000000000..748b97d6bbe42543c0d9ffa762d3c9d2ee533bfd GIT binary patch literal 42899 zcmYg%1yodB)HdB6Lw7io(k0!^kkUPLgCHW^T|-L4&`2X7(%lS5OQ({8fRx|h`+e*G z&$?4<-FxSreRiGa**gZLp@@q`iG_fGfUB$|r;UJsqyYcEf`J5op9rU9hkqb?X)DSg ze43&@g8x9VlUA2TKxjz9ey~J^|HgDzGW0?~!0Ug0Ar8A$*dQR31C`~Zb>Eqtd`162 zGyL`pe>jomemRkN)r08ZkI3F5@jZ)2OwCKJuVmG4R3Md8>v2o|XQfJ7%-{T>N}*rV ztcd;3P*E_5=rJ~tK5zU9vI`>XXFz!zQe=5Q1>H+kgBpW@pM*fJWGu!;hfb-WA4v<$|k=2 zy{5+I7>Y0Q4#_+$h}nh`s;gD8knfCa#@GK{`R8Q1O&(UpZ^fRvZ$I&C@l?f2b6m)a z)=^0LgFeWX-HJ7h=OSFW5kI|)f?SkZUjy@*#XRgau3T_$2B6&h_*W^rErC#{G5&yqg@af;hVI1hS| z<{$~DrM<~qw8{Il7KYdtYMk0w1<*14kMTB`4cRPxI49PuxZei)rWWI-4<@_S6E%yJ`SbyOB zap>}=GSpykT+Br7cA`XV)&(lFXPAzzal;=9cBS(i2k)Vx|-2O5`)@cnNZ#4Qks4h7LXMWsLb2nj+ba z4`rTt$M~eAbR1ksRzjQ8MsNH4#n_T`Y2$QD`3j1UZUWDq5A(!;9>?@-8;Yn0CZR9* zDqrgM>Y46#jYP-kMwY+9!;Yb1c(=2?`*Qby)GQw2Wj{H`S z?-oH?RILCdSpH}$(S}Wz_G~%#0B^l9%bd;8{@pDeBk0reKgKd zE*}|71*enNQ?h(Pb+)VCiiZTON~X8g$)F)2k5+IdFjk_^K@$G;qf5DWlTlKxq=JhnRxsug8^t}+YebgDvC_SI8{X_h z1@#r8sgQvC64G=MJUVtYmQ)g6OGeSJT>2D)M&MFL3Qf7Ou@r-yL`f&-iiTHg5>@>r z@`J!Rlc@h&^OFpf9D`H{7ZD$r0_b9*5w?%qSRk#6LU|Of+=HIpTQHFdPWh!f#5)#l zSMazPbUXUl)3Yl(?eeQzfYU_1<&1G-abK#5sHwI=g-o8aTi1hU-AhxIBrGuExYRhJ5wEIb55ioMgs7UIBZ3DKvTGubPo< z)7(6-lFA(VVsZFP4d&@c&&Gjgz(raoKX>-H{(N-v`vViWZgUOwG6W?Kw)VqR5=e*S z92|fsq76YBOm-)UH?HN^UyX+MqaIu)cb zP_p}>(q>H}d*EejXh11-##lyLOxD{x1vJftL@@C}C_T9C%PVsY1)>WSh)@{H>G z6EcLa(p$cC;)k8~g*_*rC5dh>**hK8aQxazGR?xtA;KhZMKLeLR!rZ}Cq8EM{r3MF zjNQU|plJ#2_j75(^P!yp_2IlLHwP$`<0t?(T;({|%>aRo@z{hk38-+-z^pw>}EGI4;$1nLmCrpUf5UTJQ9$>wdZmMa6#l z_3H1hpXPt>zTT|It>g$e1>VgSz|ObhUai+#BG+0qES-M;^4j;5+S}^-Y~$|;Q<4Ss zL=R%_sEyf&3wgZm#}hZnr`sLHL~3bapW~&;k3uh;%N&0F`gM186xMgs{rB-K@aD_q z!E`3|v#s&eBg5`{5gtHvLpI+@rUMuU2l1ju6AFb64i26# ze=_~T9dva#i-?T&;dU!(2KjKM<)`?~8nR@i7ewTEzLHoEG*YUZHk3s7cV0)66adi1 z{@mjFy`!Qcns;rXL=hj$UWN}HpSJk~c{^k)gUeXK81M4(l7oYTVZJ{KUo%&jP$X)k zz;8c0)9if=l4-vIzU0IC_^WOcZSBxf-?Q~h^T0p9_QpM^B4zPjZwuk}jC>qGD+?}=j<-MSxqL#x z(eP<;{23?&owM2$ug))q={9^;T~d_7d4qE)`R%1HfBo{rOGzTQSJx5I>?tMrwG|T)m^e+o~ z7t)N_!DL;+kl$Z-6-^MEpinYX?k)B_rj!g+nELN(42>AA@kp14lcN2-e?D~w{YrC# zYa7>#gW|ZCE1iCP*M-#DjEyW>*aJO*$4d?8#8)#=)lB%oNFtu>oZ_iPuoZHD)@`1I z8{xYVkogePm&&3FjQb(#eOT|Z+FH1t>@Yj~<6HG=vqPE+G?!)uZt&_K1$o+}!_eA0 z2_)upKv{1uwg=r;o2DgHYrQZxYuEC5tkG%!wv7Sz*I?EE1WOGUEb0b>mAM}Y^y~fg z>$rodmKF+CF2k^)ijs{%M^$}$ndW#uLBCg56Y*NCOge?jl5*+U4yKM17O^1%i)5jtMZeTmN2L=^CM%w zaf21A!U$|_PR4_F=mJH(&7~(8kx}V4wu7`avpavO&yV@apbN5~5W`jB;M|*kI(})v zcG4vAE`E^x_xvo8G5h6@@w$l|(Ql>O*CmtEeJEVL;%=Q6kxvMK#HYJU^5$mWGqcA4 z?BtN&KfaAuvL(ER8$MAgr%@YU+@E!ocSH3c#z>$mboWuXY3N4UuJ!j=4<~-TUU6b1f~wD~j-)Vc zVQOJ`e{1)$6E~e-Wg&i{5v~C|-stW&{_IL3XMr%zZT@qiHU;Fv%x^nE&MR|>J`Q&< z;j9HgPk-R1lpOj?Bsnv4vCYFe3m>~QW~Tn>2kQ`}kSp~k?HM}Q?%&Pcu*FZNs)&v@ zXIt>$vA^Y|y)wJ$YqP{iI-60iHA;0`z5wCqIa%N+FN`h|?HXTTI0y&RN zkSB4g%j!Z`!2Pjwk9Mt5OQ>7p@KEP@AGSf*r@~wY*+}{jY%PKi8c}bI{1Tm!m{yf3 z3*NWVedUq?DeqcbR(;^Etr&QXOC@O1>TJmPj-}LYI{&ab_5)!kHQY$?ez#(y@{h8@ zeHoefKkMQCprOK19p7gc6JJ>oKUwhFZRf|gV*W=4tiwG#gWam?Pj^E?T`6g4mvaSA z-luEr+=ybcaMeFq{VYqh9pBd{^VPUc(!?@67ju8JzO9Ws@!_x}X_J;DgVV6M8=4M* zNcnI4eY$CQfV*e<-d}JZ`t;lU?{B)NEjoh0^Imie9$xQ5P@783;zF%4Iv({cJPZ>@ z6g(c=)ph>DlBu`skG$9!PD4_`t#e1l77kwC8_x_nc)d|HDsqsEeE%at`5nLgkAK20 z+q#r|XH%_KN=QZ{p{=FOsKOMdO{;HacB&1$eovXL0RUKwZywNzb`RdQ<~-g2sifQ$qbxYk>i7;sM^c_)mS91ene(F*w-yORp-T=To zxRFC`|KPy*{zYI$wNV*VNE+eJJ%6Q-;v78+BV~klEzCpFxse`Co`R-@6r#HotomdU z8sU*8P=hm*3BI=C#2Pz6pgwK`iNAjbAGs;FVvvl{r5V~7L#rkVBVIkf<1FB$_(hn% z1%^lP{Y>+?b0Op503kAF@*#R#Xmx}xvo{?i(!peG&oP7+pZzbg240_Xx`Yyf{m*r? zUe@(7OUf!=!x<)(!Us)v{-b|O5g9V`m`x`Z3$tRoKb|e)rbvsHt4L66GR&mq3QbKV zx;fD~{vE{;pd3|;SIDnq!bl&Ym5T>v(F}cuiU~3%0Y+O_kW$4g5yVcIFh*04dmktf zRwxUEzeZI#8bM_XZ=d`pGaOkL$hCWuWpOjs*MjM8=F;@&K_-f{L>A}h&-@v!-J}Ui zPZFw!uk2pJ{Q`DvNrN0O*btbnL`v5}K}sMV{n>)D0pib$!64!&jX@RB4dhTun6b;E zq1h6dS%d29Rw`my3gC1^o}PI%!wPfX^mvp;!N)K~dTt9u+0ZHG5VV@pQ5x_n z{O_nkF{_@Xb~-D?XGvU@nxx@l&3OaaqS{!_TXU}ELe$o!3l;q5ktB+OqDuu$M}_F; zUhvNxwqDef6s$$gf1Ghp@GZ2wIg8v#W( z3`Xl9T7w3KYG3zSJBXUnVh~+x*)XO<>xqS{V!t&S14eClQ<@8GFF))*FUiFq0<2Qm zVG<3@#^rJ}F2OY+WiI%A>{oW%*uG^ifIv^ZLxp9hw_y3$ZgH(lveWNbS>DYHa6P|J~A3tVoCD+(b;X$FoJ{UfC+LqGju`GNss*a?+HK5#{p?hbDvqLA6&k+PGnz zTqCf;X8r+v2iUy7%H?w)s_-&UslM23@H?Y~03u+itcYw3Q9X&|Ui8+#;zxyig1CY8 zG`wZp*0H>0!Y){hM~$T}t|`i^51bSYF*)V@|K#1Fcmi3_fdG_^WmK}8fn4t_Hy~6^ z?QIYJ-(D+fnhSW3{UGEMOv-PMaG8i#cb=YF5_TP0IVi8o&-(JK{pMiWs9oU9p2UpV zRJELlmDoA|KVR^JwnfV*4DfxlpBf5Q<4sSr4dvvbEVYjq>TGlGPj+xZ+jXVp_4h4s zSiM)@5O-hbvh=#a&u(|>ndg!%ccFOgG`@87)2yKT0tADg1f{9k9HUp@lL3}oWz7ja zcSll66q9Uuv*AHZ4`rhq%6>D*_-Rvu`oz1BE_1=If^9}s8iDg*Z%?bIrV3%fM8sK< z?#7m`?ha<-*l_gzzc}7>;Q#@IU)qSGW=bnxtIAb`Lh{Y)J$jno26%qH&i>kc2{8== z(9*OOw$1H+H=u4uMGJ!;^Tz7$`Mg-<3;ni$K@!LilU z*vQMAqJ)B#LLGjD<$hQJoKQ~m1XjcgjHqpBAbs_S2H$F<9m#B@qvq0tHyBLttc?ag zYJR(TUesH@B0&}ZHt_T@nHBUZP!Yx~5<0~RrNMr(74+Cz=;ix-mEB%`(-|6wo%A-} zaEV8#`{yx}b6z>kp*Wx0eCl>DpO1!7r<>c5?OTE(Xmhy8hvw#*wbX=`k7^ki88RYw zV;q>Mhv+%dr%HISFtYPG6>n(c{SVHZ5e&5735g-GP>!p9Nob@Yn<{z}3k!?9y!_tY zURLO5d&a{rjDr#XWf+2v&}P6_%|ibBmO;{9Cz{cB-@=A7CD-|!PxHIH@UC+GD{lHy z?aIi!N5tm?)*D>CVml_qu8v<^R7Tit#+woY=$5Ds<6y;CTKZPXMv0dq&4Ez!5W?#dyX45Rqwr{oi^gE3$Mj9f#QZU+cSz?HGQapB z^0`VD>YQ`T&U7E8b%@#4S{K65`VZr$HXQPuv|~< zqH{SF1>4vr_Ncxblq6eW~G&k>}*n~OxPYw_0gMM zU(34`+9%T?MaLvM!0AuI z9W5~CT~7V7;`80FnTC>}>qEFx^cX5>MNh(SrA~(O4*&`N$~&;#Tl2|1_7BAuG$k-Q zFQul&eB_;e`Fi28pX<@?_>V9&>_3W24xG-8W{$g?99-qE6heskkF6oy7LHOuj) zwf+Hc3OMwBYKX&LUvk)&o9J2gD*@02T7S&ew=nyjdzAJCJ(5b`Z_l{{m6>TX@?K*V z3D>Pm&Da>$y*;6sW!(TqU$jC=a%{i|x!9G?FBE$63VG4@ujo*<@BoD`$24>XO3G74 zc&2C>uF#+{=gB>BGvqD&ip1?WjJ+7wd-)JHrUn|6nxlWgct=hCIToK+FMy18Z+|jq zU0>LjCM&4C?@+bY26I7Rf3xbH`aV8Ib%qaQkGKw_Jy#278+xSWH8o9`ezRe`Jyn1 z0a@9c@y=jMvG8101f#wjpvp8+CAiKkdCo*MSbr&M{XDrAUhnEC3urX|Wc#Iyw*$UGpvVPL%vk+cy0#jK3hc+*Vsfy4uIpdIg>ahNHu*%sT-~;SMnu)O{dGQeMj@z%G5i(uzFJbT)>d`j(oq0=F!=lRZ zSr@`w$)lJA#ZJt|2e?LliqtgYxBAg&S6=(U^=`$Z{ilMa>EyNZsnM5!=7(B&W80b) z4`Ew#Up3~if-KC&W^Sl7l}bD?O@qzP^OqFV=Nb!}>krCIQ7U&jq9=2y6TgDlVvgw&2?J!CBhaaNMxDl|Yc65)9p{U+Ic4?#t|c`$o)c)xQPyApca{&MVQJIn2{ z=jJg6HP-Tvs?$dF|Dp`zbB=X>2(0a-gbtQu#~L(qYB;}2v{BlL<;z%N57pFe`W$0w z-;^4^CmBCb+*>kE0F6)%MUo?WiGanOOf1?S<`SfmBl5QPUvip>T@d%|V-uiE9!B!S z8PyiNES4V3Z1+Y?#(ragCrbSEP1}uQJxEunL{RXto0YL=XmKBeX-M0aRawfwFd}%i zN@v9mMWIk(FK7xwW?8rQnuH`&?)05@bhy5fH%79}|AHBS=;;@J;&KoL`DmCGE5(D_ zTY_(xmn2Qoj7=W{!cau~KciwiCEE)9B`*9oQ*#3P%xM{i$|_EE2tC$!1P zC866S9V5}aSi@MA^4cd4l_qDh56b%WdHj6;63+8mVuYbT#}Kpxk^Hfx63C-hP9o|X zn)OC0^Z&aU0(tpR*sx*_t|tWWp^7t41)YwSm}!=I+-_{jqQ!ZVjXpwC?|*M*4R_lD z7{JLukZAfO3`qsMvDso=SIek{YrtS^x_OzsLaSi#Wo^T3COJujeW7xB<9~VcMK=7x zqZ=4~*0E-=E$sR?!9CuH2P?KtCNXX1YB>b+J|Xc4CAG2C&+B^3qunV|b3@R6Xq^EY z|0XMck;!+X=T8*+q~!byU(LU3G}BWXuf2c$cmr^i4CUxOs~+UGvsC863E<4>tCaj* zGp*i~>Dj`1hZMNU{3*E1C_>WfWK#k&kXP4fdje^NwK@>cQ>ld^gqc|#!oEn|)JXkA z{!SoVy~yOJJGF+^-g7L?2(B;)gZ+4;WyG)Q(5o42q|!7^o}@$eH@XU|#u%_0sd!TNR0Mi%iC0 z3}$sq2!KwidI{m@wKv_=gnsf$^!fN^!C_(6XAW!ifc8}IbLm-Vsu>@iPoQuAro%^b zgEo$hrLzParJi4gtVTwJ4U#K{CMFZKR@D?;)u@M#QI>6V=iUl4^JghCL*_f zTvCW&(44J$JA{Gg+K_Ng+n6z;tfHc9xn80rF=J`x!>=D@6XUm*SfoNJIYk>aahYlg$ z8vh%_7*2aSR)+V8>``0sg-2tSy2K0fMMXO=2+BTbqSn%XhoibQG9BBd2R`J$FJ{3U zB_?Tq8(E&Mv59s-R%R#W)kTnmO38u|CW&c!dMV$Lji@yp1FgnK%*$5%+!lPiFqr6v zX1AV);w`$&n>?MRy%N*&WmPApcK^x4BPw(AwmtW;z>5Zf)QSnYLpqii}4Gxe`D?W_4!u6ViIk-!0!s9V4ABV)ya_g`Y^-qxF8k= zTvX;M%YXBsL*chtbCobtW9K3wrG07GR6Af(kJ?|?H^uiMD z{NivP+P8+pS3c9(S!M5idM5;MVS#dBOT0=>lrL-^N$DJEuws0-V2@zML(~Xhc{$)@ z_1PW))1$k&nV%>IG{|66C^apWMDse57hIJ{Eh59^cx)M0T+GO?H8MUvK0WO_2~F}C z%YvFKB6Fi~$`AvS#ao1fS-&$JfIP1aWHpFatN{2aOeD)nhD09tsNVL`s)sYBa99o> z5ep|=HfIFa8~8dPC$3|c2o%Epr>95DR`{1-{Xc+!B^cT~=YMX`hWnKmI4M}1+{#Aj zgT-t6@L-B;OLHiAZ=WeLjK(Fl;y=`-LFarTd9b0sN4iI2d|b4FX56W0t2}UJr?l==Bb>IyjL+_jTD#X1v;1ph9yA&Whf$zGLXVc z(26V`NX(LnVvq12;~y5zu*C4*mCZsXDBe5_F?yT8Huf$w059*dIU*T2r-Di{k1cvQ zm-!VRgI5q&eXK%@g~k!FdBDIO;Uf-;00}})@c!+G!x@HU2wO1z(wkPr?j^!M&-iE3;@({s-7PJDNV-67ggwk0BjtP$w+*k+*gw$qP&u_CjJRpwM5Mj2ugS$9_ArA!?ty} zcueAMqN$u|?Cl7H3=RxSL=@2Aj zC%5qe%5s0rTuV2oeE+(b)MH|4L~gN$Y=5Xh<%=mz0B#pM&|6 zSlsjGZGI=Q3YDOw+u=lB9q05$9`B$uM+by$^^FuWink13uh9TObQAp{aTn$uJqK1> zh^)XC0S&o~bgn%fQtk1jtbC9G!AnA~Xhji{t)fERAuUShaMrJf1mLAmSsd+60tS*| z+4w@uv)i!ns(Kod3KMhq}e46aJsJRikBuoIN1=+CQK=!tqssz;!Ma=t%-UO-4|{R#EmUh z6V@M4taw0HuM(D%9PvqvO(;Z!F@>Xe%u}VjSF>YbT^;sQ7z~wNr8EskS74xe zkSZWJA}}F{^fY?cqirP9ct)dA4B$lx$Dlfizv~$(iUhQ|5etuz4-k*tDtBkeC}rcM zH{SI@#&l;1O?3(}WhS)a@Piq2$})HX2#!C#KgZM>`8@5MDmjOY_0SFdINM_~5e?Ip z`-nfQ3KJ_lJ|4ZnmBtE_tBXNn8S8Ye)L-d?4s!#*ZX0H>br?5O2Uf5bN`4enMvQV`p)t~m zI3NKHHHylkw=1X+J9=cX3zYkc1goPZ;^FeVRFO@j6cnJgm2C=VRhX}P)=fh^RfqB$ zqQ7iFuC|LLR=&aXqnrJ@K-V9!A!oJZ5-$BC4nJRTF7d$AuCB8WV(<4eQs#tk^E++( z9`caajjn#J;reOaD=3R`6N!zh5tqd57+}v~hLB@=M!3DO;Xi!+9$~(iN!z0xqs)YZ zpp~$L ze(d-aVdzxwvDI;67i?W#OUnoTRx!%KI%RSXs}azVST`YWse7%jumi6~YT&&$O<9<- zlNVMaZZjpQi_w`^`9z}fC!qvT1=M9qa`X{qCN9>y77nJg#YdVS1M;F~>s6B~e@S$g z+N;m0{{0LEs)W9~MHPFeYok8M9{*V1;-Y7e&)7podGFgO>)-`^SDRAX<~XjoBH2#E zshT>4GL*(@>Y%;HN|WM&9xCkJmk+E%x~G>H+4{mwP)q>O)|Yl>#x4#ieA^0W&q-$Q zwFCF+sAJ~w>MGVUky;p|>4qoEHg+hTzb~pTR`UhUd}(6Be@hHn zT+u6cSUa0PC70~J9S1G{&5OwSND_*xL+-tLu!H<>TU5vVBLh}Nek2UlQx2_FxkR!2 zW@|d?3d(t8JE=N#hQbvXuEOPou0XCO8OV_BD9+9>%bnl|0W=RZ&MMKb!Rz&*X^mC$ zA4@2vfqA>l&sIxWpzK;*B}hYC&fiKrQdb4g8@F=}gM}h_KL00vk|yeh6yX!P%u&xb z!JP7Xqs@jf{5+``o?oiCRBg9#TO6rm{yR|zx$(A`ZIZT%Igs&9wH0sqM25Tp-=?Io z)bkwSvviaKl>go2xlK*ttO-mGT(0Y{8tX?YZWM6L($irx#=(?dqrV z4L^;kaNBv+l?K=`fAO&A0QDGf-j;D-P2qtBFnqw7K}rCnrjwx`TNq!fi+ZlmnXA&LNl|HM+*v`*9F zjW!aeE+3M8XuwH`PK6IfRSUd^;Rg~Zz2c6M=%?HWZoIwR#b#V8%Pv6xh4+s)KzPzM%AC7r z8`Vh6CCrcMQIHv5(OV&*Hah=SCP4YR6T)fo)LCKsV_r&!XI`N9#1WOPo-B92vNu`a z!GbkWQ@*tWt6+A80{gW`3+|SUXOxB3e5mtVT<*(dZI_CL@0DM!;TCQMI)IeTvlsHO za#ygcWZeMj3i$nhk2rAT=e4*#)U=e8b5imA*|GC_BQELRf62EfDdh5PDJkPCkKG9b zN_9D|(`x+NDPchAN{aJ#C;-)a8*k5%kokiFM=7y_6oH_I)==44s3UT%CXX?0GZxa$ zL08-xbNUGz2u}nkN}HgRcxZID1*yq$$8~xD?K8@7cN|gSQP&(1Xy#DY-5m=efSf8E z(Ay%T=!jq`VAG;`j2bZ8L>c)_gY|DG=rRXTm0hc^-@Uv;>;$)mC*4iT8a|bNeJO{G zY4+vvo%9M_$}}9}3`&qY=hr@o6j4`o>DEGFf& zx?V+%Z{&0zSwsXNW%pPy624;7fB@2IxbOl&mr4%jt8;gb4{+j#NX}#vq&CYCVI)1^ zF%pYZ(T-$g!5LTMNZKc@lIjRf`4o;|2|hQrKjn7bvXN3;KtO%O2*#r+EfIHpU4+!} zx>VoslNy&Ob)SJ+N#HB>yI^)HJ!S;zGCIaWhA0vn6NPy>LFCnCB$;EKg%6BcXVg_S zvQ@cAW0v9H=CK`ND9wGc%D|FWG*ud`Z+a0iMYoTQEWcnPYBq9(wMu~gD(g zlg30Ai<<>9)T2j=CW=7A8t$M-#EKbyXBa$(c>3*!CAkJe%`q0e3EmfPUO#fnyg8Jz zuIS%8aJux5rNg1OWaf}1tg9r+Cky6W!GhXzm>5p+<(+w5_G@F!_1X77^6}>Iy+8W4 z4To-PG+~ME@Bhxy5w_QwJ!DaQ-~GjB`+?>@v;bi+<2P42f2ABdfTadG0`q~3gJUQ8 zTzUrmQR{ z9A#}HmCnKzo#;wrh>33+hJ=&Yt0MZr`GpZG^-xwKEa9WIH1!-%5Am@Qp0!9AQq+8L zjciAckQfAiB6v;_sT8?fJ2{Hv@CLs5wVCilaMIO6Aj$PW|BV5h3IEzrf-}z)<%rEM z)dKY;LD-Qolp*0)gJ`*b^?HXTLc}_WiI}qtQQC>;q-&x-Un14a z(ukppXoV|P;4W*A%s-#Tf0bSdfW7yjV!JGsD7yDacsV?BQEzFBvS8 zz`I$4iFrSQ*$<5X!n)1re8+^2!B^3!>6RqNph8kv*#skIerXKu(A5wo!VYUqF>pLT z#QK+z9Z!xZtG%rCX%Wfi2;Dw?)YKAc@s&`9(cN@8QoFDe~;L_1Ie&rdb8uR+Etk}n>Q41 zl)CYD|4F~yj|Ko~%`;r`QkKt*fO3`XzcmHj^_g926#0Rpjtai)M6lfZ4s${+$5%en zp+%=u6RJpUHbD7{o2+_r2@K8Qr`y#6T{a(5# zn~cwTaiAlh&1L3_2EG-OAh&U7jgy-%Wn`sM9%RRelUkD+U~VLk#$Z9gE5_79i|ONs z0B|N0SVB`6Nu+RTP$?HdMHK3cBw(5Jj$}N~bksp%Z{XZ(8z$6nh=T_4dtJo#%Q?YM zNDTNiIiMjDJY*S$oZB#I>V7)~2BuQEAA~eW6%UHUOiRNoWvJK~h&kShTvE#si{}Q> zM^_OvSQAtL0?%mGE2xNEB7U=s5=8|4`_=V^ev9vg=drxC$vS1`qkAu;Ft{Va14B9o zg($UI1df!IX?~GUSNS!K#Srp^Lp?==jvaQjk&+o)iLQS-e>W3$4P8 zO*(}Muhid{{9sl zH)0_2lj+vgvPc4j5CyzvE=793_SvmKm=uhgpg}?QH1oc2eVq+g^hjNzk(WgtcU&@z!R9wR}pmJZQTNVN%lZ7A!F~#W9BP8gc{?zjN=rlPRcq zGsZt(*(+?yRHRl;V*iQ#U#RU;QW+o6j%kMS8~j*q|AIEX`uAafB1+!&A!kgY-G6<> zCBtqa9JlPzf7M?t>KqGgYDpk)t1F~Eis&JQvLiz)m_mHW zHfI7@DoKK~i+#fq^uDJe7Q;LQ7O^u$TqPw= zRUoNQ!i$Q|KEGXHoYQPM_T&o*P#lVS0*wv?niS5OHAv@I5mK+1X2k!EV1^KU2gSOF z2vCvCl*dc26iY3N>P#Sm6=FS@-)V65kc?sMA?F|ryQ9&|g=9li@eE|MY1!u3Y(uK} zMM!3f$UwDRcqLMckUg%F!uW7@kjo<+0(@}L5`sj^!HFB7dXTCri+bMzp-5pfPm|!y z^mjo|ztQT~lc89A0vnw{J!)&or}_ScKd-{z_~6aR_r;*0`~v{Z5>=;`mH+2XgjCYK z<#N$ttYS072I*9Tn-&3%Ku%O9y`C1Pv(KU4ylOAD80|Ggo3@1~m znlaqdshN}XG0;|!G24*O^Qwj0TZPN26N2Ywdd2ae!F=8!)B^7_b3JC+&>TWR47A|I zFSaqQ#ddgFXus0L1!p1DObAT;mUYVg^sWd~^o6g(fuJ(QF@Cuy-ZJ|^v$<*q^rZnr zF!XAKJP*ulV4Fl38EGgs+vC8&ja9hGPCdB_KQ>aT48knEVB#4a1_ z^Wd@d-Z+)JDYjz?mpY(}Z=oi0T&as-B}PHd5T8Yzdu0|tuLEb9lj8=X(K)?t9NzjLpmJV^-(ElI?}@$G?q?v_SljcR1^ znMgAH4$;*lHMN;|(wu&Aa^=TBmdQA^G+vcC||6#QN&q*MxpD+Ed8`i{TqV{QQrS z_IHUF*f(sdUXVy|F|DPHmNrODH+!j2QY%HGZ=y z$2vFk4rz*KHyG)f=M-MtK)48aLV!UMKOlQEdMNp7MvBT&YgbYHr1R_q(W9Bm?>Bic zyc)p{6HmW6=v&!URE<^qt!MWe_=Ms|OeHyet?Ps`@g6qQdUXWjbH93BJv@e$yPe(4 zmJv4j#E*Qx-3~qR>)n7Ier0578YWDXV{gL8MvRgJY~%Tp0TDfY53ybfe#6SD%t19Q zi|;f_=g_T2I-RLR?C{xo#fh##tB>(>{HiO*Mg;oOFzBp7A*Y||};{;kI zW;X6Ti}E}C^U@r-3fs9n3`Ga_Hi|+&b-M~wC3kWm=F*}@78?CIyCk-Y2Cva0B}6A) zj;+cf)@M{7t*t^c4Hnu4dixu_#+FVJ4WhtiJ*HE}?P`|Y;&}|&o8JGF&uw?f5!agd zbiQ*?Ru|y9-ywa*Ng-+X^XK>_TK5<4wfXeA$yImZcO@w6(O~Pri#FL!uLgXARAHQ9 zh&y=|KsJPb`85;!4Eq|vOlyuIvt?er%*^+E`eX7zF#eY1!c~IN zCg4nNM3cMFan#NM7^5- z2y+k5c^+s8yMEKgi&Q8-r8RCxAE!Sa;ZW7?T0)bSg=~d{OZhco+2h?#PuYL)SEbeq zi0xY&Jd0V^Y<87?g{&SRJ<2D+&dMLc1mXeH+5$?C-gahbmN2 zA-tt5zh19*j0KzVVRji~tBgxI=>MzD?cagaLww%9x`5N*^-acw!DX#AjjN%5o$I7e zNtkzy=t}g?bqDRC9t_bi^fTim2 z_HvVF3G9^C>l+2H8zAK~e6$#s@U+1e60uB6#zp-PQkzDwhoV8n*PP#FzzRtakXft| zp$$b8=kd47N$AxE>JP*Z1uRVj1*pauNGucVudh8n4DE+Ihv@wuB4=AE?SPvjRy`dB zuQlDUXJg66$|uhFcuSa;X!{2}XIwYSJ4QKkl}=DqZ^g}b{wC5Udm@mIXp#xMH)?;L zp-5VA#8-Pa6cvo5&YyvCH!2lY*&H+Y`&-I8U%^Ky?j03W^VgNU_x9&}!_s>mhnMZk zVHULWC^NYi+Ho51Hc$OAH0e%}2OH}?on&LZ|4cgZA>Cgf@41FmSVy|EO4=cbKTv~? zB(BY^|HakvjJ}ncM^)#D9C5m0Y6c7j%*e8dQHJEmWh={t(*2E>Rmm;{bJ~X4vP<(S zW~sg4U{{HYgAv$}77)tfqf7D{a$wZF-0Y}p#>kuo>fU2v4pZN~#JojTHYjJ+E75nc z$B`t8ndhn-2zw=$AxSMN_)X{>Yf!J7X!9AKyxwfmGRk>h?AW+OlojxGy|j`wQw7B+ z@P4@QtxUjD(I((EKNVr3#(U|;*K zn6gkIa4G`Y9IrfF)ck8R$u5$aGn)rIDwmt(+|AFEr)Duaka`UzYK?`kX`&>(2*XJT zy0B-|hBrgl1}&LQl%8D>_knp38P>&J!g|)~pddVs0xb(h_tz7~!CE~FTczlz`|l_WN4iOS&^3B2UvzfvtKLCO~@)$R}l_a-e$4?lJn zMjm3-kNt%AsBd8N3eKNe8N>iW!;HPv4-a#IE9JsBL?Av=`qI#2X@WVY$ltFRXBIK# zbaBq%-80`JhYIPrGZQfDqhUHUeLRVsY_Az>`Y){bChA@wi*KKgMlU>*7!&=%E3Rncr_~%P5tMUX zYiocvZW*^ahamJh#0m#1{g8P`*|bY!OO}m?cdEfV5=n$fymGZLB(W!_r-QDS?QV{j zW!vE$LeKq9V@M?&TwGxKVj;yh%{h`mPXjT;LT>AvG1XNH;pJhD$8GRFDAJLD3%{8{ z={5#s8lUIpl#9WBcu^aA(uZ`CyFS`RM`&mVYyqWjWR-s`s;^ys=$Q8JU%E6-w98!QJIfp2@QFB<{&VAT-Frm?CkF*%|w@Fl}g2#Fx)@XjFaTpgP<_w*qal{AnXlKtV> zW?UiQxZg%o>;eTcWcg0zXRhKi718zX10@u-Abm>Ph|!cn=!nTfCreQMeNY>l)gR|3 zo{#Z=2C@>QEz@~c;|(cV^y*i_T+mm|rN?c8kl^jd>MwLS^lP&C9f;cdk{M)KHS^Uh z#C>qM;@~Zo-{1eNg?Fkw2HbrA?7ZA~_xq>0|4EC`n!D`%^~r3ufD=HON^JJCn|XZO zK(YVLDZEXLiLv`;-9OXRXZh`->CJgRep+ZWo0f$pZ!^4U>7{AM)$#IWhOw(**9Vb1 zKD#Noze7}R&hr(sPmcr*46m36H1kABWjcP1aY){7hQR?}iN~wCMH8<{Q{V4UTEtOe z$6LcXGjWJ=CxXmF_jW9YYxkoMwCIbE^o4D2DC#>UM9p>h(>`}s84QgkNj{M?$o7YP zbnS@gh0o`Anx;gra_WoK1fB#cp{~DA_p{w6t*hteeQY{q7Txg5mp1Qpzk|sv9$B2- z!?gC5M)3Hg(8dRNZy~SL)pzFPG@gtvXI=OBLAU*#ewVZ#&ZXz;r`6Gj<0^|}qsBC} zv5%U34naadl>8R=^M3yH zI0P=-d(An|ImTFS3z|B{%&Z>Z7j}^8&=sNm-btgcD&pqqC|2lPEIo*J^k2dFtG#It zd8kAq1NBSltQ-#3fvTST>dz(uZd2LS%2Mt)5x!qT&vU1@X--O8UfQ==e)eP9_NPKs zJEdM@RJ__9HMi4!(F{s!9u&V?tYO)%?oQ`Ct`8@q#y2`Vu;tOo-iABnvzu|5^uctJ z)OlWg%)bOKGrcC8FBw$78?EPLVoBs7iwXH1bM;ts>-T|4HLP>f@4+sJL1H+Ovo5nf zH$GBn*mS4wOMW}B0av>mO@4fb#MyG8yT5Ej&Qs;g9^A^~T^C7Op zJS()S@>#4FD+$S{!XhaU|A~HDt_?*cmat}Ls$vhvm<&is!RmbcJ$BrKeIsHsPfsEf z{u`M4^ct)!OwH|WwMeZX7*|37FS%$%*Fo`KQ1LUi6K{2ODB;5)B85(Gu^ zXJGx@dbO1H!Bgnj(_W_5u~TMX)26P$BEiDKHh$#KNIID-Nn+)yQ$)Vz`Z$1~Odgg+ zI!f>O0-4=!hM-;ZVd7uD7~47@#Q&C!3kz?<*+vYqu(oEvj8|1qEEH1>RSRFG$I##MK4o!&uAFYR)9>Ss{(XO1gYAge zivi(GgFT={#jK`@NysC?o0p0)PPyFTK>oSe^+cU?7uqaB{BMC|7#fpywUiuTW=+?9 zxvOzDhv|@NF7m26vWp{v>A~TlgaCWR-{`D}X_cTR_g{KwN8{gi}=3`48f0aSC5aMhvaa>ATlmCI{0Aiaa#LTf6HEE;Ui?qTMWClSk2^%ZN!r# znX3m-jJWbp1`S2QZp2!>T0gI(^R?dD-hAc(^6l-0x#HO_G6_YMOrcC+^r8g&N5Ad0 zqd#d+nVU>671w>p_pIIC$Ba5L26jyxr*ntTXa(p4EJcGFw4^HW=bg8|Ln^AjKPD=$ zww=|Fv3C94b(s_hvr^uEQ=SNiDR_Xd`k9)Ck~9zEOZ+Z|3*yTA7&76E{fNpha*XQK zYo*#XWN)3G{~aZnfU|{XSHfJt_zx&(p(ufj)c^X)pB;ZSEj^!mboZz0+qWH5cbu;R zcYU!jjxhTGlR96JkU9T0crM?(q2%sYY1wcmMm-^2z=Y0lLW(sc@%v_!sYWjFoWc}|;PZAMJT;DwQWk&0den{8 zXfnek(|JT^uHc=bI@TXKGM}@$it6^rnFKaYT-(LUUYhnfS42f)@WKN(IsIJZrxe1W z-@qhK;@?n$8!|x(5j~t8hNaX>=sc)zk8k`Voy*c$qD^+C)v179BVK{(bvGTyh6T3a z-2+>>R|EAFP37z}dq6V0aH2!)6s-fuFLV{{uhHeN;??KRzhR+Mjo7^}*xK1%q>rS( zq8oacztDX3$ZThz`2OR*>odDaY>^_fJqz%9yx5a2)-(&miv{@oEGrqtm7`s4v@XEE zk^VH`6yyNn1Q0tgpu+~PcKXBMf1&&v<(hgc$-MZj4C1E2dX5%fv91z|GUYI!Rv8;H zPhRoFD?1kk8RKpT+Tsf*?=3;hZ*cxr(5pzC$B=P~KpU4`!ujC2^X1h-o65m8jcAR% zg5_KszGDi*Q~U)}oVpe>r^j-f1tvNJn&HhET2oXXhxEO42})q|zPmcMv3YxNb?vy< z4#^HK?5veq>wFqKwPMX73F0Dm`s;XN#BNj27?!CRq8_WE7rGuzjhy{kuCbKaddu^3 z;giAx)NK3r>q7ri_Uo4ZyQgly%x8xqnwL436|apWqg5UcQ`Lw4fF*Vt`OxsM%4Eym z+poyag|yzweH-wVV7#gZRjSaa6xfb+RXW4t+S=MaMuF6gWX~#}&%4h7kkD39P>}7w zT`%Py{tkU^*cdpm6$7WEgZfH8RN{m1pAIb~s1-^xF-WB!mJfFqbjX;beT3}s&&o2c zL(i>Fd-S=AHgbZnD=;zjBq&7!Lqr13`=AI`QYvN(YNEe&f)EKXtyP>1i-(#_8Uj%X z`WSG6$au`h(|ORa%TRZ6Obo&Qu8+8I%>ttjioSkGG?0>TZ*|;}_`1DIN$SLut0q}Z zJ>dNhHdry&^)m9GCG)y`IA#ib|KjjSz(@-Lr}HExBGm{<(uhIAp#4g{vL%i{X<n>^&7b zn!KuU+1As!2WVPQm2RjIDUhPB!yg8WpjsaC&Bi~t&Pbz+{H3V6`S}9?`-lfn$(H)% z+f|EUDTuwpehp_KEP8ap$wZyMs0YZH?o+~{$TqMc|c-slZCtV4j1 zV~iouCnBHbb6FZOi0%FI?d2c&+fR#?ps(t*f+Zl8>;l$$w$7VbwE`KAom!km*9A>& zV53hBz4(5Oh7?E>wdTBehA^aWL7F1GnkZixavg_q{0raBX}?cw44YADH#w;9b*p3iu|zKv&iN?tI*-H zso6)f15Eq%XNjUK9y#o+%hKkpvas3;OsI3Wu<^r8B`Ww-D1n>ikV-tsm~I2_`SD~m zG>$Uj)vT+j@d@yS%Y|&}iV5L}3PzzOw|QYthKbDIzSj+7e8nT5O-f^4y~qa1cq3`a zMU6VEepg*jK6*~n;s|WKhY8he=j;|jx_TGdHNSq}lLlKZoL=4^Onvvdix>FXnDO5K zFABXKTgyKd_(a|5ko8F_LR1k9$G3Ps|FM^OOq-HMN}vsGM!rxtp&yxm+S-%vg8>U;i# z70zx#)!YBwjQgX1=8#6lD?O6k*yB>oP^z0P0s~SdRSw6XT0{5x+gW?LOf`qi4U^-i zY}w5<`)Ntiu)2-S?^_c}_v>p;uKhVvqVv}8gDpdOtd?HHzWDAXpotCEQ6+`0zb*RD z(K#=`T(t1lK(E0Bc)(}|lHaXK#gt1rJ>WO_GCbIFa+?a_oe7u;VLbxA8?^1R_+$6b zN>`eSOzC~{J@fylQdI9zZX-f@NZCG;=w(v{MCS9j^IVDmm8|Czsms z=aWjRyt~a=TEZAv)vNz0qtuRopY*!7poshLh+2kxzvKZeW`wj{gCe)ZH!_*vmVaZx zOOHEkI;&zH7zD(ctMnR~a>Yut=Av6Nk*O4G|EI4~JL0D)f_25sZ}hxejt^lnjZM*- zE`Dn+`t)AQeS9|MsYg>VM{ZD^HiP{tnjvC<{?tW2!t*`3{WUt-e~Pm%g3p3Qz4CS7 zB|=$G4QLy%q4>+wL~%D7Ud>!5FjPJZ#f{jdbJ`mFAIOv4*xgUoQbR5pWG*V2g{*)z zvyf|};A$Ra)IydUTg+(%p7-U-0WgR3_ZQehw$0}@%4U%HM~K?LD5oNbe8p2GiiZ70 zTGF`fV5vn`n@z7|gzS~oX=DFd;>gI{(Eb+D7J)5P*_Tcjp=(RpRn{WwZxt&Wl9dx;>bnV=M)c z$1vWpu9x{U@)n)X{{j|>3;w)uy7^$O=+&P8RxPLAaQUd<>~<{m{Hws+NuytDq8{$@ zo8)?o7@4ArkezP@1G%4|i0YRv^xL)H9PmYq}7X7d{3&=7z3MJe15jeYbZ%te@g8dt){L?3wl>wjuk1zNPvnqk2xC=mULFLhWfndrXV zN}aRzSANJAAZP!|4Kq+0^r5QHK*^ z^MOzVY2xT2WaN?4dU_TX8v1_h*!1-ajj#obP(lgJtk7iKt}d>ou@vt=}~po+7Nyf-XoJ(|i!VL04K z;#iQ{8?Je0aL0bDYpsNS-qlQ8;kX`(KnT@O}{y# z#%Jo1U-wyP`rR`=TP>?>4;Gn4Tff{WN+u4oWGx=u8l+#AO%A>oTKuA!xBOTZ`KDJ} zE|p|-ZS}iu!4J@)zs@3Hw&k;5w|XcGl4wIdeisZfxN0QDaK+aXAdv>_f57*FqEGI9 zoCngA)QFY01HyZGYKBl}!wg6%doh;rRZ4LmAzk=08s9;d7QHh#Ccq3guZza4GbUi& zA?C4p|ML9Qk5rD7>HLR>9xYpBXhW_7^*{acf1htiBu0v3jIlRZma2s&#s%=F}@38s3jXwZEvJK4<2E$JR;Y)1^%Rp$?9&`Y# z6`Vab@d#0vl?X@|BlmxF$~6xRnU4(mygf}LW^*8>*^Co(Hn&*!>i_E+*E=KEQ|ijU+wV`s|2X4`l3Brf(RRBTh8(+{h6=O^s(38 zg+ay>+Ms{y&L^Z;QwT|VdU{o_sT^Sy;ai-E6FtG5^*_wI9TTfgeB z@_33*{al`pZ$+*74k82R?x-n-U8zm|8qhnZ4CE^1ZF`yRFc7=)`RR+($y30rLS+7jy!4h}b~2b)y{6 zQqGlYGPQSH4H1)j?PEHzj80F1kTgNJpRT>I_^*R^a>5>*?ovffm-o}{l9Bt0IlAyo z{Q8Hk&t44{6RRx_{)4#Msur$K_qUQeAa)5vjcI@QunB^!E-(MAIape;v;KMIgqGiY zwRm?1eL%+ya?~uDZ#qnWpzQ-w&A|42nMQh16l;4a2zo2EX7;_mX*)>OpA@?Io+IoN zxtgy2b>lSxD65J82|lj(TaAQ7MQF1U#%#iNujycKNL%SeKDmd%m4_Yvv+o0qs8#1r zhYYr7>jL!2la9wg*y0slmxEJy7b4|Hld$zDxTzHko@uDha1pqL<3XrjP`}x))=4%ZW? zKs7%wbr|EUz({$?1wl2+=594wW1GvN1%ZGr$s*NZrkd~hXGqf+l;WlGJYH4ves<3pf3Mk z;UILoY~fC3uF#EmnkrvuW~3WizEH??d8m2JWF__kr=_U7&T~>p$&1gJb+_&9r0K=} z?IhRj2hoh{V+DVp)w>fM=eL|bYr+*@;>Y1SkXMM=kB9jRJ&SaYH?mTw_c2QgSk}8XnyL&U$R(pN5Gfbm29!!z+=`4Afena0fBm(fe|~C zUy$*s;NzKY2qUC;KP`)igux1GcJInT(5R%bLk7DtRxgxp`91ssP!z2^7>y7C_ApQw z^(qMm^$CE?kA(1PNLDG;cNbeKhX5H#t}Ka(RZX$K_HUEC^Wv$g<9_hn;K#hOYT(MW zz%+}ISFfWne=e9>y>Q)fndz`F7&Tb7JzyjIb~FCq^I_A0m8fISHiquSaOt1_g7+wT zJKH~{7hPgT_AHcRc9VQu$1lHVD994o>oG>DCC#k04VHK3_t5@;5J#gn=OTr7 zH@R5x2j8FXPZ^Ukdb~z^YUjYy(jz%02+|+Ji0ONfsJU;XTTA}*1VXcu6iTla!uz5j z(5d9S1%!4qUxfe}UB2143@k$Cq%`BFZEHIJZ2DZ7Bq^S@pH>IwyarQ(G{whPDE@=o z|GU`;mO4|B{h3p6psLTqua+&xe$?cIe)WkAp0x%`^d^#zcI&N9^pd|&U=Rb)PBO-^ zXiaNb^qUPjy_?E;?bpK%=3(!WaKI3p&EE3hlNtVBf%_yws!EhxK&~*SeX)iizdaB% z&%gO`y!&n~dCsQa!{@x?-k0lBH(}SxjgiUuXOknojENEJ=1U>rMZbc%`Yd+^Kdw(- zo+RVt&EBD}gr&~(7gN{NAJ?iU0U(EHzuas`EI$Qsf8|FpIY#CW-_t0nIVskILA8pU zRTcXDmt8)EjQ2I04V?Z(V###y;4H%TLir5mk_(*_L4ZA^olp$32i_ zJy$G#Icq(g+Y30MEh-_G+s}Eh@sqSZ=C+;<@e&I>+%JxfI_azTOjz;Rji5^-be;ci zcgielXl@O7sHHVt8UN_o++mhDv2zCVlg!)~BZoTXl9itqcLIN7v?`o)^b+T4s7h3r zOa4`7P5uMD)YDk4Fq5>kCm!2M(?|C^3sisqy{4lqm&ptN7oX01$ndj^?w4oqCZMfQ zILwzOaK?cbPxRk@5;$|neq+9op$L>VMn*ebsF3|LSEPW?5BJ*>Ae$WDKf1?|t4xfH zL|{)N5(S5ialfM=hn62iTNkZlg{VYmb^*cBLl2g1gn!nWY~e4cq_E!<$ixJRlY4Fl z4#f~(thZqcob~w)$5VDc-`2eT6rf}{_k|!9D($<(*FAT^@_z=K3Q)$4ObBgW_grS~ zvxV}2WQ&9BO!_4AKgToBk@+Zr!ngApui3F>U!ZQgL>7&i6O~6HGLJQGN9exg{uwiR zt_SNqE{kzh7S;bV;W8IxZz?>VY+rmh*3m!Nj{6@bvpbluF$>ZdN{Q@ z`L9G-;U)hmBa649d*$QIU5@TU(`J~9;K5Pj=6y`HkMpX7u*djwN=oy;I?v*__9wNR z?r%AuFrt0VWxXMx)i5;a%die|%Q(fq)k}0!GeR85*F)6QE>#dNh_PY7ty5%v6xU>^ zQSV0cj)i{%c7V7!@k${-SKac+Hhc&tz1oqxD|_?Q#c<|H(ZYO^#ZlwaXY$}^wrgb= z`G11ARS`8X$o^H|zF`1%t-$=JDYAUKV5{Fa~=8frT^|PDPHIQyQhLSP^)siYZf}~$Db1k zXRy25+S>cY;%P!&Le>yzH`a#&G5_rjnOLL^6n{wR@T?ihZw!Bm0g8+P@5CyQtr{`a z7m<+>&lX91^GRdEdZ9|659`gS34O}^hj?9zDbfis<;j2Sat)X1P$I*SlVs+%r>)aU zvEkUc0bQk&MZrV}@k;;IZ<5qm<%?d^1=*?{4B`~%cW)L~oxO4*E*kV{o5#`)hAO!% zGC7EY$TKMKXUFok!z>VbqH87fKEjj&!s$YJ>`uLtGNwFw&m^+ej0U8 zceVDaL{XwwQp@^VQLDg@M$j9XVrdl@R62&4l8DQzx%nWZ9g^UHRY0)u-rC-Fl|F8_m*Rx7Tak>6b?Ms0iio(?$eL0=`i;M{IPA#Q1)|W zhm6s?yC3h$94Dgxm?-ffmG@cDSn_6Z!tyN9uk(epp_d>N)#%AwmV7Ia!Tob&aM=`vR$Z-iGLf=8-XNjV*^f<%>ad=C3@e5M_&{834$ zo?^Rs9*tD6u&odBh%)z$Zf>qJ!%sL)%Gpeu|M-x1-g{4)x9 z{UpA^Buu#L z3$K%Zrqkl6F0{Kgr5Q}OvL2j~oEeql*Q)>A&$MO;fuOs!07btIrIlLZmffVKBe5(ga?KPknnxT3qm+i1brCBf$#W z)!z}cr(-0O2wR5J*;ynw1Be~mN?SNNR7VqjGUx4g@w%(|<6j~}I*~gVTc;&)Z5Rs( zV<*LyGV28mQ_uR>@j`>3WNswce@cAi@cDWKIRpJXrpc-;h~zQR%B}dh;7kHSg75RX zqY1K*ef2(>p_Ks<)N*so8Vd5`fJM`>SdY36rd5>E>LLo2Yk7jrMJZHfH5=p`b$5|B zy%a9tsuQGrW&xyp`|N4@sEh_<>r_)@A!0g95zzMe$FP)W?}e7+sOKrWvOhg#K?!CC zjG(h|5u)3iDTOlGGWTGnkn|`|oKKs~bDMAu>i6j8B3e{zxErIwukS;rTm@okW}0No zeaVE({m|C})#zNJV>lP-aMGmltg zPX5+{A;vAkFfComT$-V89DMdZa_X!75~pQ!F9*K?H)zu$YYOkFFU=Xd&S zPx2+2qSoE}-&WcF>PE$}o(r7rQ6%kQjYMTCKgk;CT#UL*b>x2N^ahyV5^Phwr-bh? zRE{RI*FZA3_x48wBe{V}b~mRlwXJH7GpP#6xa3`~u!e4|f{p?LA9i-NT@0NKKGAoa zhH=7eEJOt%*@#%r7M5w0sH?gb=SH!Rgqj%?I8H#Owjly0RP(@NM=`a~ag7l|+;_9f zcvL7>aucNc+VFRQxre_-uaEB@#SF;2So9h}iw~a&LbZ=uy6F_t*n#BEF(WA9ayQ}&WvJoAgK<=WPS$nbaU!_P6cc+MQQl7=@;C)D7gUB0 z+;B`5#y{^(%zLP6ikA5F5K1<=B!L6I~|^UE7Ff{KQs#dEr0&S@le83ZOY=l zYi)0DuiEGdCTHC%9D_=EmB|ttI@Aw6##oQJ8Y3@NU89-1z0=%+4_7v0fyi5Gj+k^UqCSQBR7-&hOnv6 zo8U$n7hw%QJkEx-A#!yg3r30_btO=e&urAbnmddH>w!M(NC1TanUxE>f99Q<5K1|Y zpr(aNNvwkz>XfaaC>`|u*$Jk0ULBAqaQFzy5`DqwVl$a~->R1o0$p6Ll#ON%NvA8C zM5jW=?`XW-m1W7vqy2MO4eB|!a`iGizQHoTRS-x@`gfB_y(`-w0*Y~vmuoEG9}vt{ znL;+ddF~=+P&{r2qYp(BYS{e_%=}D|_ZEKPw?JGCwN4E4H^F@F{l;2+R3*8Md|9Sg z+`9K3g%bzDE+bRV<=TGAcl|~ee(WV9bOLs~PnuKEXD%7l_iN{CFD_D>-L3|X%1eZ1 z)*T3Z2GnW0jQrlE$8shh+#a#FIf_E2-!h&gj8&^$NY{|kz~P)qRu-QH%VQ9UTde{p z{Q+;pN~4Bve>*>I7-_K6KD3_1hvp`KvC#7+QNdNt2R$;DK$>pnH1_8?5Za!E1 zQP49%FnW7tu>p(448C^Pu|}?dpWvI{D;vxm3A+J;2U^*>sEjPrg;9=dIuv6evpDyL z^gGpFfO;_&kjEw>HO0=CIX5jYbqbWod@wQM>KA#75dc-}ij>A}p`US1n{E9g7A`7C zY^4f50Jc3I+UDHGy22_v))Fc9_{%DLEk|$AXgMERp351xc{oW0aqLJiwu#fv?9)oXfi!|oGTspGWnvpWT9)b|x-V#mdO zw**~5B>b37qrzQKz)7%*PR8|vVS-ghA9u{JoEf{|z}=MfjN?J5>gz${diGo~#ZkJj zfC|eKpdHK3Wa&@+WJ31Y_GH66qP{gT%Fp6Zn)_f&ef@Wo1UgXy9^lC>qRYq>0oqSPYQv*-2*b$B>?&i zcck)VVu)sb7H8Uf-=CDU{amauipvH9(0|=858WMZr!oczKZ?Q8h2c^C{r4!4mBEf- zbpic|!4x>t*I#d40atCj0REepb(*@iqW~lrLCCBWLp!{DnNsl8V&$!z5tH#SJ~HC6 z)41s*uR^E?K6|`E2ak;a>Nl za*hALJIi|E$wNv`Vl&BL?f<5Yh^Mc;fQkq1Jbh-+&xy>X<)*St2XXXi+j44prxq+|7~7a(Gg#sGQ%!+7=+|uKl5? z?7aYj4$)7FzB~$@w+1JLJEd}SDPntD)^YR$mCz|rARm4BWU}GB*XPJT6CIoIj`atG zDal(;_G?A&Nb`&uAi~mQ7GQ08d7OHY3MZvTsRio^HXvdof4+nd87GsRHrgiOtO!5o zjj-TN`ykWHkS6HHh~}7X95XoLwJ&2f5RO^tE)yoAA-pALJ&lVNePaohq_j6VK^K{TCKd2fpj?Xb%1cW*yCiY0UNAWm@SDy9brGgHiaWXc@=y-1|_f zn?sTQXLUbvAx8(mTIu=j{1=>-sJIqBYPp0&v?0##coD;jhfP5+Ry61+q}AumQ9~Iv5*`LV z;5ldY#pGV9(hrMQz(=#)Xm2{VOu(*W5W_X728W}f)wZ_`p}VZ?UEw9)64yVNWSQC_ zVPWspHWxZ6s$fL~%yg*0ICfbwne;;`_hkjXZVVI`Ir;&Ly6A|YB`5h#u73j*NC8^l z;*&xMZ4U0YPI*#yhx1r{$5EWuQ-zq}3@+$sKj>cy+(Ajf8FowS1o}3OP$h@f9k_X8 zgg$bv@waa*a|k(y5FIa1!5crqE%6D)gGQY@Bz*uT>oknaTP`nE-fE@3$nPueswa5< zuhOr_ygW+KS1~+h8Mpv9BcP3G>aFBd-&aK5(V1^`JJtGF8lJa!+ux;C>(`hlFr$c8 ziO8}OoG)4kMPB3zieTcSLCpDhXv~c`BtOcy<3TUJ*&gu|-XYmUT z<7sB{B;jS0TvlzqxQwP*re(TG#~GC9#nbN*z$WiV<58yykYZ3945sHt(&Vi%E0fz@ zWhM2EegeR(B!yEZjeLVtBBWAtLcqgEu~@kg%qVVR){6)U@wW54bpxRm1L}G!n9-76 z9Zcg@zLw8xT-PpotRvP*TuOed6AJbbLReF3 z<6b5mJdo2^f{Do^XJ#$u@;BH?9*s#%E*>dcaF#~i8)%Lhwi!#rc5snV#D$@PD4u4K z%KJI7zPzQOQpA^-fRoAP5MIhRauy#Xov16+PjTJlmC!Su=%{YWnpY?YSO{1oz{_&h?JYRx{L1<8%rL z!Rv4w%RMNruR3x&)Xl3hVT!#(_gwX6d%6DlHWYEe%=+ijygx~ z+VU|{zK#+2wfHhstE8G?xN(BTdtb5_=^4qClqoe32@6A8?S*!$7>59h>Zs{Rij@=Z z(&^;3;W8!6x8XYX1^>gaAv@nZkZ0mI_L^UxHB32^-vR!e*!j#XwZ5~u26W=)P$8`B zhJI3-`NSjSUOR*MMkq}bbZO2;(Oj+rWU#Dn-{y&JFD}5!_2Go$!q9}}yFSQUlp&1K zw;~uiBW7dtawy<_?%|2{sio-sdX9m`(CT0=;duMnkes)l5^R9o`RgbY&xC;)E)qhl zt5LE(rS1bZ2Aq`MsdDPWzXaY$Lrz63?VJ3@meAA*>~jjBAOFSML=SylmM*4ysQfMS zqfGCoq^TVOfJO%W|0v?L#RgH-g?`ePQjqkfTh3F&3RUQS*toFo`e(t(MUOpZHXEV_ z7sa`)EPX;Ti9*00K#h9<8X%Ps>9dUcD(L=A662Tk}Hges!@VFyq}bz3gP`6p?gj(H{cX~tsIy(d2gbHct6f%YJyzj9I?|cH$$B;a=F`D8MSWaZe#I{*q0>SkW z@hO5Mj4;A8(U)t{hRxyG##-IF^*=iVihkV)l9K& zcwN zzEwDEh^U-IFjXTaM%yIA9A?W%$fu1XER0)68WtfmDxq3%2m0R~#A+-|oY3&{b~j@p0a%)D<6qZM(NvSU*)X=+VOz9Tjhi-F1^e6?$1-XdB!FlEO6mrBUGP?u? zePnft(U5cwtp!pPS86Tesm2DZG}NJC-vDoTs!tXwIP{cwI&k@t>U`w{u*z8LDO=N7 z6bg{wXcX+N$3sM$z8G1Io1`eNg@|`N?qhXPUN--kOudt`4$Y6A-BVV+i}&LoLm56| z)+0cb?(1jRms<=nc3gJ6Fq|}Q<&aSMn-U|qBFmFqN?i-Pp3~vmKFUo_B)tSvacd$X zvA%lQVGImT!DXV^{BeOVsoT`^Y4Y_l)Wc5W=0lZutywd@;mi`DGK86b(KWd~M03?u z3VZ(`KfiR0BQ(YAb8L@4A$r3!AHYPpAHat_0HzJ>!*Jh_wl$0lo+G^nbEwUK}HO2tj$D$^z zw|z9QAY~4sAPEyLRvV|a;0IBTDy;!$i(nOutOR2T&m&4I<#wnR?4KR3kNGHA!Y9dB zoJggyUUSJdR}ev*S9<0U-LqMJBa7(M%Yj@$K}f(_rpP1gTq-<=EF=Lp-X;?$GM9gY z8P+zn{nmLC@n)PrLYdsBXPSUbQOu}PXHm4ck+)TC`#YCFvh^ejj)z1gQ}r9+tpX2f zYRz3<`_*-tA&fK*5A58)S^@&jJHZU9bL})j+AQ;tTe*^Tmfm7j+A#u4orU_IeRfBk zFrJ>b00Z`ecdK`A2cW46eeP@mTC1d^vc&W}6~p>l%u45&>YOoX0~md$#xczjS8|7mb9$%X7&=A7Myo9#rw!?-`n zs`vRN%a->|RkwY|zP>Q}e&c%Lock|yx8PrgAmVN++ie(6YM@( z#kAao==ikK_=)<(HFzk6EYDGC=YQbVMz4dEeMTy2BEuzP(4 zV-aG6W$Zjhl;Q!)TUfAZB;sxbUIfI60as44N=$I}oWk8~*MLIbxMMINd ztq%Vrz!VGf+5FWjtK}Aleq0K$D$35HzQdP9N@^-vzBYr$WlM`{Fjhv(k?&I0J3d5{ ze#|EuPgKg!ogN|h=KZq_H21nHPKb(*C`o5SK}i|HNSEC22TB=Ez3`8s;*ow}&?K#JB1J>$02kXdNU4D#N+eFd6dj1>}%qfg!+=v4$5*7Xg*nBDqAfJQK?G>vL9 z_FOd0Y&5Ibwz@5}5e^ZrbujNAAbc+sMo*Da22p|5CL$a`N8{}Mve*KaS;Vbt_8q8U zP5}pbD%@O-%1BB5NaB!wxO?@J>FQZ#ILBg}fCulHsZ~VBLxK@IQnT=?{!^M43+3Uj zP-6R5FsWbZIuv~jR7lg5VtTvM>BDzNg`hS>(L#X|h&w3Z3-kxa;jsOkP;{72JhqFD z#G^L*W;<|8Y#(Njc+hlX2m&{cv!h}eJ_b}$3BO$a{h0^yS^q|*KRFRTH&nv4$p6wA zJ&Q?qV{qB4O%c6l+-F;>dGziM%K8KE(oP!M<9zOWTH@P$$o;@y;^U{>5-eb+{Y}V~ zG#PLGs6QIhJ07{xf~f-PE8Yi7bcv=>VhDVQ(;O&#YW&)e$T%@gF?>459UY3pdJmf* z{)q5O$v$i!#4EaZUHW)he;$7vabLF8 zKcipKAti(V@ZbyvHz!zpGOT8gqX;!pdKku1q1fH*y$>us?I7TeAD!?G|4Klg6IsS# z9>$F9Y<_(hyllJv%NTgzd(U>2RCMwYnIIhXUBfSCw)DPeU2T)6bu&oe#2Mh;!$)-)zM5YddLswpx^Yrp zQuUaO(aL$xNN@iW!*-{qP~6FvF#P3g z4veB^BlNaVq_v>~UW0N1u95`-47rlGRHA{!gP6F^N1^5G-yz$LCpA^^=b@0&oY8WF zF-KP3ER`L-b(Vuf3`XJ#tN;zzC-vMn7H`P9I7RU##pB5B57MduO? zJ%WqUrM5kRwu!<`1`zEQt`o@Wi%oe5R7(2za{TWJkFwX*VmqGuqlXs;H#G&2+le%h zrA(dC<&@*v(cB`+BS@epA@OY>Gi($t0{qN%cp?ah(jdISuO+!YMo{ zRtwu9bU%e`bz}OrvAdLwomi`oAusbZ&NT(Bet~)cQi${nV_ZFJ@#)gEHH zhF0P~8>x~_QL+xRhzJvk|IE6&B9~*L*!;wN!`SME!2Ka58`e9)sl~NP4g`(YA1Lu{ zyazTr;N>m%U$8`f+m&d1ki}ZG5;8v0pt;=i-qQaF8?jiY){7RnntWoOv_1+J;Qv`q zzd-CNPt$YNDd9$JZ`j(M8pI^{@6zo{Ale9;m3sS0YvU)p^TS450>#{}2$MVu4HgUm zla)T<<9Evld6$RO9zkcpCa-k2DAJ9UHBlAo|CATsP)k&-|M+6~TFZsco*6BDOs(dm z(Lq~g4EnmTq8iLLQFH$q3NJFywcQzmz0!l*_aiBzD&gI?@RDBn*{eEslg(9%Q2#OGKmj7ungQj*mwTSzZm&kwelE0t+7Xf6M_@4ZT>$w2eXUyFZ zw=$IDkLuT_OCI5m|8#2A)bLzGa)?$o&n!gIRizz1CI9DpdaE2WSHk@;&W`ulP|kQ_ zCf;{EO_5M>Ev6oalkfqa%bN-WTg4hn*-kf$?wDi${|`r)ny7qzi?QD;L{S;PzhSw--g)gzq4|2h|E8@e@aVNU2VcCeIS~uNRaxfv4IvdO z9L9*gsJ`O%@0&&Rxl(jYZK0|K5lF*d{l81lJs25=O_sEkS~r=XRR8Yb<((!|cEl;a zU@i@gs9w9Q+>1bdUoa0Dwc;Z zreZxrCeyG-n`WYR++p zb;C{n^&)-L_Sxs~X>zo1&%QilBsW+Tt&Vwtd2Iy*dU|!_*(oy5tnfKqQ7Le*AXb`U ziH=Kbc7A^T<>L~r4Qrta>eXe4?I3}Q3n4pw<-)(Gcw_{eeUqky**9ZrH9IvB{DXij z7O4_3(YMmeuQIA(_(+=~Ce?09ZE&9X>C6M0BcnZ~hbutP4pJ~tC4Ewm zpmcRjqO(y;sSu+5Y*8Gic)aAdqJ;rV15qh`+W1>$o)SfI=h4`G5g{QzJY$lERZHoT z5Wgc>$CEanQBf#+3kb88FJ`QMurCI?(UYBl8{EaOHz=KE|v-kd;A7@2(iFuYj-s>sCZR;^$y~4SdCk_Kn?b>Y=bcj(J!D_? zQ$-QV%@Eo8PlZ>8of*nuC(Pb^j%w>s1;mDzQIB@((6s4vB$vp89rF8m;+kp+NL(cD ztRI7f$wt1w=}~@VYr4c3r!#?r*qXW*N$#O`=f@kQhLQ+Y3!z4&!D0!i5yM&csBlrn zY(`1vr}FZ#wnxheb_eGwPc2-`L_atw70s$~za>)lJo#+m`*7j-Q{oO3ur& z`kgwiX0AHyPq)hoE_L5%dltG69`7KUwsH&*UpD4|hc{aM2NWD20MhXe6xu+K0CwNn z+d0NFzN?bJW8LB8o;46{DOmBmHFUUsrLPZ0zJB62Xiyc;als=pquDsLrO2ir34;L* z&3>+G8BClH#{dWccBL4Fzk#GrCt_t){%YT$ol^HQ*Z2TA&;e+ZPe94}55WViDfIFhP}$!TM-(oBap?d`p_TT;;{?E>&acipAEkHPyQ=L0u8ODbpN|4H<$8YL z#piQIo`>LR9o!F?qS)@Zto&=-$SBF!u=RN{Wg2O%zQZW_wc@L7t5C^SZPvGPC#j=r z#8)Gkqk2>Z>j+K9$1ke?~f%}ah1~sRd};5=_hvr zR846%sJhv=LSBcmS@A@-;x5mt$h9dBHhKBsZJbsy2k;9IB_O5>!!z>k4qK06?un~^ zz0As%3L0lg$@RIk)e;$Qagw5+I09fF(B@W3*A=j&|J&wJ*Twk+-iczoVr8lZEI|nmygGNl`|kskADPSDf+amC--~(k*nga;&z>M!7q)sxu!+Hf zRf@Xkxbp_ih%>h^@aDE)()ChL4#>3W{Ck}6&Kt>wq3wUSGn>&%*mWgyG9SAMnqt)X z@!5mu*jZX?YACm1oQgc)bjf+?9IWa;55@S60BinV;tjZ&04>Olq_TPS>p|3I1E}Z$ zI_u}$r%y39Q@}(7qCG1hZu2j;`Rp0GWG`si_y8GS%x1#RLpHi1wd$YtdiO79kXX!w z3^|C73spxT4neZ**a=u7h(c`$drUXofMNhrd;tIEg%E8(Y;pDCC}m8?{eF;Z?l-|C zwIo4lg8-6gE!jx|*ag<`C&-$Vx^jVxwvJ<62Mnc4lfpv~!Al8Qx7WrVMOQ{jT)aTFFFcHZTs7!4jNnTzZd+2xbM4uO2&b|=v zZ2^;l7Ca}NQ{dIN%5SrP>jjA+iTn%17tU8!Ho*A+x5?5z;ENG{FVXWP3$Qv4T?q)Y zp7wXIvkqA`yx>8G2=UQl-?y?Mig;CB2&2w=dgz{JaR6~KRO9E+EAU*)-vykjk&s|F zAmLP-iCP?rDn&E&xpWb%IrHr4Q1+Jw`*W+VQffTuqF5JVeWNhQ01}R*yNq99KSoj? z&Ru?>l}JVxT8z?v2N!Z7N_=p0umkpCsQY8L!`^ZbaHxdVU@-Dm|4cKm3L*5Lyjdgl zg{vT;C3KJ?)rSa(0ARJ`jXJI;O)BgRZt!DqA3B4fGx@6KFQ3Cy>W*Y_Rwi>}ibuzT zn!P5bI&51-b|&d1iA(OhCQ^<*58spsp0=OQ7>N5OaiF{^mwz&&mQdmXRz}kBu8?6r z1|&bVSC3wQQc_YkXN68Gy~7sS9*uy0P|ySsv!>!LXtp8a9sb%rcZ}~ur)v6P?0v4A z@^mfaWf))dtcHQ0%q9<6S9qHtZ3eg&S0&dnZK`CHRnvuvbj$Vdcqs$GgP`uug|!Q^vKtSw(9iya(Jhp} zeu%_3jr1GOMvss00Xb8eg&xX$wD@eS0Lk7zfX(>Pl3zi?jPkTI$`&KO08LsG9be|N?cJoLC;WtGWu!aH`j@6c?Z0KPVnq&!) z1Ax@bRuNX(aR&QQ&$oFv&4*zK_x$V@U(m9m-}Q;FA3o-VV2(Z@hzgKT;cKn$)hDEWb=nuazVkMv%&k_UOXF;r=7pB2~^p4 z!lWHz>&RT5+1i9py^VXR1V|L^!e&$9C(2t5LQWpJk}~_B&+g6^+}8+|eC8b&E^^%e z4n!M!*cqESr~kbY9PycX^G1E6S?2Adji3IfWjq4zzk5-L$O?F{OrMFM@HfuL1flX2 zK241s=fu*|;q(5!9+&RmvfT0=k{Ib#20efHheeMn+(X%Lh6)!u%V#LqlCx=jv_I9k zHCh0P+XdA`A%0Elv4YncNfJ+#p?$Lv=Nt0$wU7fcku^zuMhOSMun=qpIh>XjKS%z) zr}@-6{&7ru%O2y5BCLVO1AQ8+#gC&Vf^#S-cGDmAJifF0#|sgxh$ugd<6MnhsRqU~%%=U+2BOK+V$1{oo$$d%iq zVYnSf_3YvVEgw5#Tftg7>UrqyQ1<&gvt{;ke@Kd;kqUyF)sHC&f40R(gj!G{0u5`+ zYgEhw$Cm8=DEv3sPEDt0zeb71oGO>RxpZX09)=97qaL2_vA74RJha}9nm(K%U)~Ob zy?d)V0B0}=GvuMlMu<5`t$`(sE_#@&>9>K5)sJE+q2=64g1J{Xy^8!MX00UB{}z%C zW&-TXmA{7LEos)?HXBW3SmgXx3&QnZlbjAFA#u1&Q?#P9v~?VIc2&5`us~z3t8&&D zI)2qd(wM{l#Iu)}hPp9a%WC!bQCAQ)PV^A*S^O?5gk(Zx#6a!I_ygdq`i>i`L;2L+ zt2Rk5X>961oS|eRd}f@$=|$s58DFb4-A^elGVpQwwr!c#uWeW7((g*fKH*edE>JT2 zwDxeX?0;U+${3m2ozbsO!iUzjSSe6r4TBiC*6PWI+5Th!ZoOe*uV}u2BMoPH;*(Vn zdS7o(mKL8W#9I<}{FpeJ4K4(mk2a+h#ZDW}*ObX3>(r*EtSB{J{VJ6OF*?)joAx9w(ZCeFi#Exsn0KDrmBKb?A2pjb?g*6bi ze{CGxb6iT5Cbh(}XWF(T;?Sz%%+>O!pVrtN9eX$B%0!yoEWw4jlWbmlTRq@Zj^F&? ztO$b3(-SuQzFKj@6mL|9E)Kg!%3_^C)S*sU`)U97j&4lZAg4j4Q6bP=|Db41Yv+ zk34dx<95FT>VEep_RbyP3*x?aeu7$|b_3|m2Z@L;3s({=nL|b`YTcp!?k^WA^=CBU zQN1=+Xv4kyBMI954qLH8ZY#1=rV^o9Q@uR^u?(dBUQoAez z3#jK_QH8G5mp|)~>3qwqNIB~Ebkzf4=zSJebBr1yK8Ho6o)N*;D3KWfnOc#-1Pqc5 z%<>q%7@xIwK^SArBVANDFsr3+6Xckt5s+~sjA>3$V9KzsFMPGC=Vz$m-PLYb_Rm-d zGU_kB_0f^DkzZlVK=c3L-$T-`Cpb$?&MQRQS`?Boxe);|rbj4oXs9MR{;Whgw~McG~c zC)Q8yGn<9xHo>MD`}4d`IDJg5I6~OgQVk1Y!RZaLu19nPX5T&z8`xH z2Y>)9#%tDFA(5pCQPov;XQ9`Aon1N*TP#=r)hQ-=9EsgYGv$D^TRr6}-T=|c7Ot!q z?`i|$DcbLBR?0yhr**vF4#Hn#m5Ka?`y>P2;+^q0w4|#>@lcs<*3TJl#2JuHJ=16H z6(8p+rW=f+7mh=Vg4jZck;Lqt7(;vgoH*Stx>$^a%WGBTZ=#7agPu#xYONvU<70&K zSZO4bR3bSoR{5L3iu^w3j?Nt^-9MRnmxV1|_8jk1UBq#^2Mc`yubPA_q?_%-8zXE# z=Pc(SB+>`gKb$E^=;@xv3K52yC%{50UQ~LRNx6P5mFSrNAS>@&Eo;L6DopQ9S|&9O z#1%5=;h)31itiQ6@DiJ`GpLojbE&>*KfvQ#b}3U8T5)_|fpwr?Fu}b?_Y6g|%!FjD z-hl-LtXCG>NSu*Tv7Q}-UmfPXHM;4O33<|wv|ftL35sf7L##1KH#sHu5stc_hTUV- z17D~Z$>o;>7)c;fha|tXwYeRNogJmenX*7WY>mkvI0V?GioU1*`M62OuB2`CvfFU! z-R}$i(X0OHy1T0BpO;Rf6Kto<%cK_*vFFGx}9kl&&2%M_MQtscmyKq0- zyP=e7Oe-vGZSf-=w}z9In_HTMnnUn)BM7T$Ul-g;J%7924No?}?85FhYWN0%3QqA3 zV|>@hF|z&SONXOya_LstTu7Iel{cmQPho@O`@QTK z8)n;wOw2sft*v4Zb65ez{o^?g;#WK*3C? zm;zPgJtR$8PsV1FDL)4K4~iRHlKWwnrD1Cj5h{mIpao;NnS}fZg43RHnVFf9!c<{? z$M@H8$l6w^gXrQDRk5wk@zlA4+wqL4jx9hr=pMYNKq=iU7h0{1)g?WXCjA_0bpnV1 zoad$#4y2ZoXsi5WzPw}?=lq13y$_ea$4LOB@2@OF{yK_(sNytya0Wh$CU?Nmh4-JW zlC!I_2y0M(nNBGkqmw+(l2{%O?GmxW!vO!01NK1eu50Kl-1)&Sk&w$VB@7Qypepb; zKgX`NAI?~eM`$M6*-Sah+J&)n)Gg98NB;qz=8WdCwITaW%5xga7t)&{lg^&F;WMQ(bKP9^A-8-h3lsbioQcqH6abfZ z&nl_>C&PyQy%>9|I5oP=KQ{@uM@@0BoRwI(w&Zdjpz?KP4+`9>ToL)4tlboDP5oh9 z8w0V{ZBdc)!^y=ZBGoMNda@s=CsRhlh1UH1~W2uR&S_QU?^!V9yXYruOwU5aNj|IiqMj_n6e@MRUg~;3H7Lx=v;T9q7 z@>&3qXZK{};f}Mzj~DECUPL>giae?nuA&idGzH1^jL}jNP%QB@z3}~ zQ~CrkI)W_NKZzBy(I;;aptPnZfw^)N-|~luZDEHX;To4bn6q79#Vnhgw}+juaPFY}aT6EezR z?rBPUcGR*jD2P5TT9fmFrq#(c=|g^xmof0Nh;YC{l|Ku?W|x@B_CfY%WE0YurR^Dn z11Q%1W59m=;cL=5K9i%1!<~YB-adxatarGl#Z0U;ijF&8h+93@7}m2JH&vqmi-4}K zcRNu*BbMSdW&O2>Hut-5cGf|!qTlq8p?T38dYke!GC|M6yd@XjEF>w#tJ3Ro zivB{l#pLGaYY5LAtsAC@0!iWhr?E`d`2TTdiP?WTAo$3f)P-#mhqV}#26&0*J6y0e z@B+W;8JHe3#$IdiNa@%Pg$JuvcT}u&``U?LyvrE-^CHt@#pfXKZW=k+;hc7tXw~dH z?Tm_jTy?2NSRl;7c$qFutN45d=c14kMpLyQ{>Xm{0*BaW@)AQf&Wcy*cXo7V7)DB zSHpx6jJq)GsS>^R@2k|%Z^o5zlzQ_ce6}iwsHxa_lNrfp<2gURo2N?`#O2yh5EN-U z&-4=x|4FRvsJ7ctxKyA)*{F;|n-K9j_dab$>m3jh*biDoozPTsS5$LPNqUR#fG!eK zS9U`gCs{Rj&__L|G~ZHLVKfz$z((}I+QlBq1Iy|2ZsUULN78A`Zeq=m*0E}C{n@v> z)&re(86MfZ(S(F+KG`yToJzXI0(Cm42Te6ibwi_r%$L%Am&hM>53iDzVIltW!cu#K z8lLgF?pypeRw9jl?S|=JzKOy450+il`XhUzFO+M(&=!uibTe;GDY0cT#MeE{)wMFz zk6v|%zu}6{kUCf%<`rmkgVcT!a{P|Vz*x_aeJ^-B^pRa91`2@^QRIjkHwyo}6*VaI z`b#p7V{`z$p2-1y)i%r#H4keU^-<`G?pA-1Y}p|bi9$t)*XT_7xZFN^rGNTJk~ouS zr<+qp64-&4zsnUi)fH8G(7-A8!xNPIK;~R)}#; z=6?pSh-4gRmT+gE&isLA9xs;savh)E827M%pT3&5e%BCty_XHlzX4dwAC)>}rcqmy z^W5cgu1Cw(%a_qf@x5B8gWQ%`+e6A{eid8~%cB&{@rO@o`8{iqiNTR6$~i`zK1Ub2 zSJ0(fMfR9g1q}Rb3Pw9 znbf_Kj1_01Q8SQYeaX&Ns4Df+_H*fi1;(&>B0te=iXK-}A4NH%YPvN3)#4+Mu6M(` zbCWzfiIjBOgW2p-UF=GTO`C2t{THK2oV7{Cg4eE!_DjxghYMTZ7Jcse4c<8p8VL-U zLDwP|o0z$iIWj+}b{u&h-(sFKw_Ps0scO3{yCjwQY&NU1iB+U#AlAy|b86te*zTk> zcepIrvbj$9uzi;_R_tK1oO>v@4El;6QnJ@rXG7=?7$Pqv!Z;30+L>&`*mlAd<=1W5 zFv5M46TFY<>U?$T0Ng<6kwKSlxazU&l-&!tZA79Q-!rs(U3SNm3fM;RIC4gzm?Y+3 z`%RH7CGVtv6>=|fSgt?App!ten0{xyL=)*aH8q4KF1@GlB%{{%d1aM$@kVE|zjES0kl>E)iKQlz7pYK6 z#E0W(JWfu>F17mh&U)DOGem|y+G0I9iSQH^T;4uE=A-S}kX6bP`8uh{oO;il^F4R! zYcA@q9Qo?I;vJTa7W^>S_yRmzCndR;y+~h2S!)t+r2i+&3kBHg0fWE4_~#{JllK%P ziL_EGE)DbxN^lFcP-1gG27-9UZexH12h*eEG{YEvCWkT5uQiDHIIMC7Pbgb`S;z9= z;F(`_>Y_q;EyYCItwgG7kvZ>GGukXX+6VK>$5-(eWw`3|B7p(eJ=D{|oHOm+xuJHU zj2K0=r1up+>%)}+iA6O7+SZiUDcHdv<#R{9G7y_=SILyh-E>tW^EW=c?`?B~o{z8V z0W0Cvf;P&@wy%F_+KV5y5Jy?}SwvhEX6)Yw_~6lMa z0&t;jo##_e*Ho=k+44l<8G8+ui&w^jDl2xOT!>T!OWWsVLh;E?Rq|3MyEL)ADzQmP zG>k9x=5yI1Qk7t$R0-qhpTm=qT5G`x-Y_^>TM*obSguVmOkNIC!8g-VUT>^33*-;j z35Zid4&R#YS8Z=NF})K3ME(RZ>ZPLymoqMhF#T0-C1qDa67mIFD~%-zg?n1{c@e}J z6(1a@qVE+C+f1dOUkTfPRkOEzzTh(+fgLAA9k0V-c6y@SD0L%k3ymecUWK%d z#Fr#ykTJ=?H{Qj2FqrwE`INYpyA`QK*+%-2J9OdfTJv5_FtM6r$6HFh7Zbx297cM- zbDJjgs}|sMCr!(%I^QR`>i+$Zu}M}V@rBEEQN!@0#QnM1rwNeB)oI2gKJ9JjOnb)5 zzc!mq>b$))Hd5g$VDwBXcg!cE*iAO zohmQ7HBv7o+4~;DY=55c9lX4c2>dl4r_C39T&!P0#2Z0dw~0H8ZO~S>T2{EnP&<@# zdGfyF;=h+npYh_Y6xFTB<-@~pP|EM(#H4a3!(32ChTki8v>7fY8N+t zh0eZP>hRg>{4c~mwoB8!_4m08Ww@|>Gtor4$R6!k zBkI+nQGIUto@1Ut>PnyGP7eGdWxvLC-b*W$U!=;j-Xp!$ zvN0t~K=3z#@{8v>KB+tN5YGv8CJGlth+52Lmp)eav*>ju??5B6cUHfIQ2Y?QCVY+e zjf;de@L9^2!>=XJ+P;>2a=-uS(T>XXYzuA;#@Gb*C=&fnt81Z@fo72 zNL*@1s(X)J%>b9*9`n(0O0VF`Qb?1jgLM*e9E-cSunCA=TE^mV3-?KG2VTcd65q@u zu55~bP54*)3i<&0bM#jE-omv%hinQygny2{JXm7C!03ZPO}2Jud4=#pu` zBvC_2eSN37O!|$=gvf(U_n%}5b_O-|nwZcSHoaB7i%&$GUVpgD&!%WK?fC7z^dOfq z`2~|0RHe~GFK6Bs_M+C0Ed4VdG}AF_^b39G%@is}smxpSA@zv8(rch{iK#a(9m(dU zG=KObFT5py!cRJo5XJK^e7IHf>?$4#SDgF7!P225f)@lh8qevNG ztL7Q9DjPdh&!W%N8GXC+cq0;p=L=RH;61)d%)=>-TZ!0wRRC^5*D}TQnzC|iUhhGP z98XHdV?&o^1DJQg?uq)YyF#RL%@BPDu5ky@DX&oI996Pq4}(XpM%d5no1(+Hj_1A5!Awx#imcx=da85vceO?a z{NkBSN9ftIL%aI9Wgw_JLuOP>1D{+d48~O3iyhZYF&4*pj8(%&^EBqq%tyh(Mq95N{h8tYKwa2Y ziLb#rnDr9OayG}j5?~KFN7t`t2Nvl?v}iTgcPhXAqkGQwS(1(z`)7>IO@%0!7rpLm zRZ|Z?Z3iHOOys2dsCOU2){jIT!Hcz>hjL|V9*48#0+&Je|J|wFP$SO>2XfWQu z{>$J5w8|(&_S2Jy#EbHbZ9VNu^$fcymqIwltbR%3YsttOjK1x&83XK8Nak{Y2@SFm z)uhn^ZPlD}kYAl@`uuqL*~~MwSOZd4Uy$?IbIX)|%%-T?pv3%frhUzmaOqYUB$2F% zKJuolbTLsPpYF!Z#srjj!MJU*SHosDrnIUks=YoiHZJRZMaK5vY%EyTAEFN3cW^Sb z64TabULYn+#Y|>GFjSq?+GXtiJ4q_y6v2V&Pnx*E;g=@~WE(#wSDO$>1%vaBX z^E2T2ele-^NTTYic?j4h*X{2EN?#cnQO&?V>sJP@2>Jf$^Fal)R>#i)Io2@KRlt1? zM)~a2do@(P;FEdEbGB2JT|ivDpEbM6p`S=B|1y*RIR7$VIy9 z#S1`#5@N6f~R&WbnJGi3Y=Izo%V_8J<^O1*Bc{qZ~Kxe zNCfDV=4>uq1}(=}nO3}J1z|={o|o|z=qO(b&BVl7y?$n#czy^$JXGy_&|wmBcyT(r zz46dhg%n2$w;3a9t{N(s2whse!|5(n{koqNUeSTBX#(On_@EK#Ne;2rsoB{=JU&tZ zk76Tv!GAWNw<&Yeuk6FJk7o3XW1|Nu&p_<62>U80>uZGcgwllq4n4bPrm= zwv+U&>XkC{=B(%GimyYSw*niOhICzW!osKpSvv8=FueEa;(BCS02aRiEYe2ma z*DHUp&VSpfdB^JY*a!1MScWUrKlJ#)(x@(dtCUuSImi(@&@>pQTMgXoF4aGqq*z*S zRePz0I4_UXVl48EbQ&&d#eLJV+91_k8QYw^amy-TUc{m@`}V{NSVqLRD~BCa^<>IggxCG-SKFV-rPE+aYosknwIn>D(lH?o#hqch_ig2rBf%M;iRWp zL^6TZNpx&-J;BT659R$uObYBgO zCo`|o=$=$rE?+w>RnbazZ?R6T_-eA9!2vXGG=2B-<%12aZv9%Wnn{eferK6VaxQHp zY5%(EBo?mQiz|2-zK!VzRj3SK2}~{X4DN+&Mzcys$}Zq`k|xwjJr#e%uZUJ(F{%*8Q&((Dc$R)`Y6cWUUve3 z0|EfUatt|OPaT7lY{Yx(3PvO)gvk_s;Lamsvfu%KlxRY9WuLS+ao9^}u|7SYKX^;9 z`m|xra@^P>XRBe~!Y@AHGkv2>!kuMS^hI%9Tra5io36sQ?nu)BQ|yISjC)mSjnbiOar-GHQ)c9)#VS_#UH6LIMPi5}#PQ}I**;TjT~A|)P}N@Y2ok`QAH}(7 z8RuoM_<~o_lojOgY{HH<_jMwtxt)p67Wr;=24~}1;%8#y{R3JhxV`EsHf3>gzU^in ziZt+M(5(w5r(SRSnH7fuQO6iugtY#$An0u7fMV8AHy=?@ zGtKgN$>DVcnuoE-KZ$_>8qOF3h* zkkr=#pZsxyNUr1Kn=D;rB+Zfpn~DL;Chk$s?^%5{l{zAOJ8A|-7{gR!0&+FUTU}nx z7LNS*<8=RhO&Uc&1Nl1gg3_{`(=Jo4`S3T*xA?jKz`e@Ux8{p5r+1DOG9GJgc1&To zjF#(gq4g&I)#=3Oanp^@8`LpWQC^ROIqsh*&;+)62EA{2vAgBxPWs^$*%d-Gx8zsX zw<$DBY3J_LiOPIBeVnzrgGE4Rr<~MYd5+9nJ&(xsO}!lLse2CVn!bQ&eU@E2U1eEF zEI!Pt(&J4taYB_3rmlNg-l>9bFE%cFL7zuzbwzkN1Y4EMJzTi!1BkBIu6ej1>&EKX zKf*hA$7#3~14?bp)!PPm8(Wj4AEXk3hDj58_gd#z0UsX@{+bZ~mNR3R%AZK#jb3b) z7yN+y(mZx&0wXx|4l8L`T0F1)?JB=!4Y=ib`LWiSAfP_XwzpR3KEpJ?J=eD_Yo{p1 zOQOQ8?})B=@N)q0pRgFxIY^Vk=t&lWVxTP1zl%CL`3soxyhhM9Vafqy( z?UG($sSk?euK}vf)!O-k0HQ7J^BxcZ>;>rgSjQ6b&i=3InLUV5_F-3!6p%+HSFZMf zM@wkeHq77C&wNw4SUYI^PP{BU>zmYCqPtLPH@cdQQ$=51WFbB-RRS|da(M%)A3oUi zbeL>%_f-;S>HOj=m-(=&Hp=byie1b-aOrBe7L$Ff&$XYbt>iP>$Rn?xl$ik#zU(mo zSW)#GYctL3y6I*v4%ab^ZcY^rycAzOq!T%H_(Zx2Vqu_|gHJ~mThyLMTPEr#r=yc8 zO2XIZf9*OZsAFWlm#gtyTz)q^YC z!>UewlsxAw62HOu!Nw7&RtxULZx>`g0nnX#k&OfE?5lri6YN+~kCOY?n+0d=;pmj&=)6+B>@+YwBwSz)nhh);8Jnk)%8!LwwJV z5~k0HLjpTTkCfl2ma+Pr^mKl3h<7EuKTGepaNo(Lf9hdsqPgL5-H(dyR~zS+sI)KK z5qyMswo-Ib``!EE(siuU?yNKdqO(i+ksH=dq&%J zl6p-jPk5I$-P8ulJQgMG1(n@S{-rs4q-4Z`q5eRK&a73gs4fy** z%g}s@fr+pe3#Lo(D?ax34vd@aP{g^(z6P|Oq3LAqqTNCXyw41};-w)8?jJhwb{%ho z5}CB@H=0fM9h? zhH>@Pon=lrWTt;{(KO|EaE}B0S1gXF6H0EW0U0&=+Oe5uFAN!;Yy-!e<0&v=>i3kJepLfSvn&~Bqp=Z2nQ zT0of7U#1lD^goBhm%u@@clFgBp>OJ&>TQ!cjXw}2m!nKZ#@K3MK%LN(Wt0s8Gi9{r_D;85liuj8$G6#+LH=Vo#~m>yEE&FexP`w zgs$LqgQNbcp;1HPT`qk_WaPV`exxOh+?Sn+if>$#N`6}_Z{~@k&vyH`W0uZI#^68F zA16r3*GG$Zx8&W9FBCfC4`@uiA^k3svdJX2WM=%;AUmwbVJTYg{{LKpjV?d%+ZJq2akz6u4dq=Lvpotmq_r8 zRD_JhSt)C66-$XX%-h=&<1MVi@ya(LeRhNRGtEq@o}wv2j+R zF3HGcU1O|Vyi`(FT&Qw|x^X_Gs@95M(d+1M@fZ0-Hn|*};%Y}W>o1u>8$SV?mE4J} zUYqW4N`1Czp;``??BFlZ-08}}GtHdNXosdBwsoeYLk(3A_aIy|)bT3a$XL@Q?AIlk z@-<1)4rioxXA`<&H&lwS5;Yvegaub<=U7ALi!SEJyKn*%x*^*yibc($`(0%vs*Ceq zlQLu6k&4H@8IgzUeLaYbT2dFcUxIvl8Ga#%8cN`H2vuD;?~#2)Uu|v@EJ6d~Z3u>f z8$QLY3Y7Llmk6FCVPvHre}oD%SOdTWj@APqVXjcpA(@FF86Ezz6p&!z;u3Wa8{X+#ft$T1#nBiO|&&`)>YDe$I6 za>JsAZ>6l1<&gO6ng_Pz#pd9#V2Y)?+JgSOd0$r7Ao#hMhA{saDz=$-_$U={GeW z<3|+X*|0l2sAwwsbV?Dn@ZqK~Z^*V*M+?`y2q>Mww#akeaYNjllXFH(yJ+^tfkO7Q zd$uw@^2|LsiU`(zr-`i^K_$u$kI{>|j%)4pY`#WzhRN93_q96iA$cXvOWPcD2Y-OSPQ1 zwsyet7f3eKBOM$x0vq!D>NUDoJgj|C!>9sy-Q8adO_LM(79PsgNs{GYDBt0LC|JBA6$E2ek{4{7aQbtLPshM{*`}0y?X{*<$EgS-#T7m zTq?Ipx|z|)c<4(a?IeNJmS-`0m63CO7+fOyYGtXE_J?fuxNSk3mz>KnV0d_XIqDQGW9R) zd5=BSy4iDH4wl$&l1w^Td5H;wevRd%gTL)mR^}@ZYZSMQibw?@XUf(2XWMyNf~Vy-TyS zjd02N+10J`ln|y^ zRnt_OS03zut6n7w!i@ZeQ%4$p>i6}9JNAz@%=S$SmfU_kQ?Tnd#Mv)4P}-9-UbI`W z2DFFq$$JRERf({NZaX_O-zIry1Z+8ro=gP4elBM8(Jl$Y1#|{WW29^JaEw7*t~51iZUv8KMGDL`Dp`8#t2Fgh1$1^fCd>OcrTYfB zxyF8KsCX5_9K_pvX<>%h3-{wgY5@GBcUr;zY?&B-Xw~()AN~$$USYhDt6IW94-eLtN1{j@H9fG`-@kwaohS&Ac za*Rk_`#FP)Rt>NhtGE&?EHS7rAx;7mw8mrrV;++HyE~YIOSs0#B3%Xgy6{tk^_hC9 z>AO&Go|93TcquX0FZOB@FlOp`9waO0=8!LV4c)D{C7}U)v$AIkL22c5CY3+z{FP&0 zc>H4PR3?Hf9>|9c&C=;UwEin$hpT{Rve36OZq;M+c&kN*`u?7mQUNAm^$n1(WDlFJ z8#y(j&cR*DQKh#sX183)5_XtPEf}{NIyrxZMqS8wtwrH2`;2*`Y-^sTYxmLKFS(k< z&Ht)7S(`<#jdfe}x2erLV9J}ToggZ$CVFB@3wn$LFMh0r5*V^U-GbU9KVfBhY*QQ+h3 zkrZ22o|qL~jvm3RVHT(8z}8)+ParBFNPckf?#tru zVwY>$tEY2M2#m6rUxM}5QeH0k#c*{s-22u0Ej=?n$n$5a>SvJmPx{lHzxe--+AXG^ z{OX2()c;9oY@)<+o?sFD#PtF{tM6YV^^Tdl8t(kL^~2qTrC`iK(D1)!2p+E`nDNsv zY%BimKtQk&YWu&nF83!8Cirix^!;bVKeGLwsKx)Fv`QL+FB2IFY3nDA3$OQbReMEw z1@ik}xA&lQQ2#eF>(&$f>o*O=3+Fqx1KZ8{(56>h$jz%vpoZ7>RpZ?W9F(}EWgXS+ zunE2Vlwfn-xLx{aznyKq@%-)eV6TKni3_Gqt$P(A)AxN%S`3TGI;XOW5qZh1c3B9r z@Q;`qV5>{EY6alHxW>YKJ|g?6BgJoeb#~z|hZ~7oPj$2x&WdWzIjIoJV>oETH*3PH z?505K;~B5XyPEyVAR||H<#+PzE6rfzTiDlWrY+=%+49nt!^~*xv?Hx(z)h~sH+TGJ z3mfE9jyp~pSJV(<>OUuM{U%~*{UdmA!MPp)lRANJ4HWjC9Z~3Bz&C5TM2!sPD^2-C zOzSbFSs8 zhzO|oXaW+w4f9^N*+_ShE?zg4`5KJrmj<2A)}l?*Q`om}DpTwll=6bz`=T`p30vs`XyAA{&?{Bv!XWfS@$CCilXoM5_NUK5=YC=S| zrse6Cvc!Kgfxt~Mdwu=~j6SgO%iP}i`xbirlMLv1kONnR7I3=x34%AA9(wy8!GmW1)F4GoOnP%fEu-FWs!0eekYsN{7`Rz?d5 zcw_60MDdoqv#@Y&AN3w2UPxSR23tB(S>%zOY%$2`u;Z4W=a^8@C)Y~7gHJ9stY}P& zR<)>-I@oT7jMhW~+tbN)Vwg$CDVrd5Mw9tyRSTxC-49889h*`ZZmamOef8@Q2K#lnu>&M8LDKb(c@l?9PWo z7h59&Igw$zV`#UMLQMVS$uN)oHc7m-vii93Rc}Fz7jb;@z5wZ}zhCp-6|iUvvoluu z7=36Q^Q6~%mDeCs_|~{pL`{Fur-4TRY@HauAXT68Z1Q!XWxTpR1va8IiW*;rcZNT& zPf;%@Y3_GTC(m~+(2net?w-ZWUS7@RHKf71YN5T_VDA=V<>mWC8;8Bxpl5rv>iOk^ z%v%p7Msp{^?cAwKN8WpOVSguxU9;%RZ5PmMl~I?4rom9tGv-!LHEU0ZCM3NwmIHM+dlu1|^<;{IAAt&l9(sz<4$(K$P_3!IY#%$8Xtv{dfu@C`3+D}jo< zWkn2;z7RHIKj!<3L1l+Ugbt^8c+^xg4C9%1X1FSdPxRupSDA8Ovhk-yU z7XiMFgwTT9yY`96CVqO@fFsSss~m}D-A;*mHMdaSQCCbUXB-Y6fj<+bq18OFuLt?M=C^(x`%P37^U zpK_g%!Bm|JT)RAlvdo56QpayAI%d*bt}MYUPs@}SJxa!oyrgYgcPD>W!^^x=cTosP zA+LT>!_fZEl_0Qp&R|)yi6mLjjh-4&9XAf$1gBL+9<_*x$%ok4km^&P#M=&HL)gXH zZovEkuIAYs?}ZQ4!Ux=Z{jkL(n|a5Pak2g*aH8f2XRx!?dU-jE@^FgAjrVAUkjd1V zq(}et__uHJwjkWd2RkRbk+2>>f2I#LxjMCa#*73PnfUJ`w|5n4w`&|YkH#q^eunbo zO6(Dlo4y(|9`_)TWEz=6VMropF^Qcak7LsefDk#9sPOi2l1($zKVxd}>Jv+Evgz-# zcJUMTQWB+^J83c$v$Ae~Ig%?29=FK{uSU^Nj?o$(`_WHQ8LNy|%q#^sr#S=8wTm@U zSRqLPy7Yxdo*gprVvh_D%slY5s7I>H*3g}G2`U*BQU~_Bs%KAeSB#E0 zNsG8oho4hdJs)eFxP@t=BYwmV8&Op#U#c=Dh1nk|TSmz>ChVPf9ZO_5pH~N9KJZ|e zXmXE8JvGMOmn?ykWhPSS(*zWwTBP?}^BsV_Nj7OR%UaKk?gY)!2RLb91%zrsG{}oA z@*YMCr`wK)Na$V^Gf=goCP)~33h=Vt)wZ!ubtnZMctMtZK{4@ET^Ec4t9DZwZ9qw7l zP0_ku1*6zcF=*~MMqjG=A3{8ORvbtEVg5I~TaLDymxCMj zo{WZR{7Ao+DCCt%MJLxq2GbaQ#N%D!O&wy%6YFmD3sG8o z#Ig}->tbQW+SFS))Q2Q~6WhD7kXF3{jW|2I6>+a#af3@A69fjopJhRjcWM#LA^p{Q z)+sHT+bxp*D2v}rxI-z_gjx$|M-wADK4*(jb4P^mU~^jmtr$o2gp4fbtnX~@Ttew@xwbvn2qugRuN*V z-jP%rZ^;ys(Zf7kX=#sDzbdE&hl*;gt-rWY=Fuvu9=9~P=3@QEL)Ob5Q+tih4NZPX z3x2YdrPeo$m>9l1kaysTqy*cQ8p;+EmtfPwtA{aqNkrNa-E0%WUYTq2Gs7zn=~|AO zWhHscBNXhC#I@A2&&iB069ZBNZeB~n(uTCF$961uy#JV8<(N|_Gix}qy#4uXV?6PK zyryn7dyc)6N7U;>l$t*bBx>Isqd)s}G#B9_oolUd6esceH-8pA%vQh)^WYRVHpp{| z65V+ZIE!?}qU_ejk#6%z(8$_+_l5n&)pPTMS&iO{a`V&kA~1`fy#8p03te!KidOTM zEdOyc4z)gEg^*eb+mh9yV@t5>Gq&<+FR`Y!FbpRUf_B3yZ{rTLHMMHhA?L*{ z{<#lDs*ct37-B7P(5Iz0fRR&^x_!RV%{SRuI7?qD6-1J*B{{zinA|PZ8Wzh3P|hKe zZJ%(Lm%g32if4LvBwXj?mThCKHU?xPZA!dc{lrU0#nTZ_qtQ3sAkPk1baR078QF_D zd~vJ6;|_-%M~zz-@{Pd%gn;t&llc949~Ou}*%#3vw`hD?UvwjNAy)4{DvQk9A-wC% zCv3K>tk(Ky)9MyKB^x+Qj@^}H#)*2w-8WXz>SN>#&Z1wnV>&M`Y5s+ZupC*j)6tft zU}xEqXi?bCqR0AT(#%9iHp#zrtuCvynHjJ!Ak5cr`^O#ARC(7x|>=SMPc}rzrY35$d z>_uS&*|nk3TAMC-w8T8;a&j;=Gf*K-WGmj!uzpKI_%FM@(}eOL;1cMg zO9bV=7>zD$S)&e2ZJU%r^OZ^NSVrlHkvxrl?Il3|ZgMUnB>Y-DFeOo{WUG>~e0vAm zTPZk&S&}eC)!;o35r(g~Bvxh)bp2+cgimf1w@eB4UN z0vK9y@qX>eBA~f!aNjw3QD@;eeYlgpV#vVB1jrh7fL2ZZwzIC~vErAQMR2XW z_M1~zxqS2JTZ64fNUkH4OYG%Xj$p>Q%WlB>rv)NHKdhC;#Erm#r%m0U-f3vx(wE#8 zGPTAz&amxgLXL+FP>oCfykZrtz2)IPHw%c+8=@+}=IJTm4(kJZ6mdCgKisK8wfxy| zrSj=aW-k*FMyQAd!f*ST-xKrLrMPK^oP*EpqQMp_2LG# zZ}`!w1*hCAt|g3%2v%_w^c&BIe-Aqh7xB^!M8MzYF#!rEzgctd7UJ^u^*xz2gSM|( z%iaTDrtM}5P%?08dHJ1`siF(@v|yip)F|1!XDmJ1#o$d;((LHAVoCzl3Tu;#mQ`g` zqD8Xz=BX-ZW90H_$q^J<9mmP`6HAmcm z+}njfbVzt*#u^89ujMhNs!e2S7iD@!;g!%ijwR3Jw6jv)k8B#wq`8DRxPcNSP{rIZ z;Llt?L*P8XcOI1_Hy%(Mqz7D}6!P!h?FcU7|39G??ms8fYF3vCat) zkac?7s}U22L&!A8WQ?IqI&9>U6D~a?DwM1h|G=^MV}fOyDg*Rk16S|U&v1sGQJJP0 zyTr9`?6#;qJv*%?sb7u#cs|AO25d+eF`S!{oYi=iGSDWVCQeQZ^a0?W7bDYGBZJO* z4=B!NJc#2{>?4AB@v%~xj0USAb>9h#Ag6LYedLyH(Ry#XKjYGvSmPm+ic~=Qn)unq zC*g-`svstKiebj&d)&B{@J(yw*zq{rNagJ1RM$hb9kYMIG(S9mF^<|tRg3j1&Giov zbH$CXDTjZ6`BgZ%I8MDCeYQU^@ZerYW_o6LJ4*d+YDJSLti(FmjV_Al7Xmd5-qj4= z;^OdoB^W+lM%Hn9Ip+u8SeG@;s^47lNHGI!UEoa;(#;9QEv9OmYs!eoe~)v*mlJm2 zbq`is$~3wc3Uzt|$K&jMqFB__wVhuVV5ZV1G?*$#kvmz>$e z>;GM#_Wz{1{N|;zV)B%>9jZ&Hts?sX=GuU=bK%Z%ONn^{ zFP_~S&Ss%k3yi13j{c=A=gs7h^saTfX8Hk{jlo|95<%`?@0}cv!r(0p`g2OH2KWlh zHt-jC88ZqKg+!ojFQ@%MJ%hLSP#VCERxk1170HJb?tgb z++GrTUP9{N@8dlMT(%Zu9m3n*Xy{6i{AloWk!12qf4(rJ{tR6YO;=_d>fJD0N z_UQ%Z1g?)8MB$v>Y|Vta@O^hb2aEGc%Q4IQDX!e zYpjGqVoBf@I*MLjre_Z8P$dgaolB_Z%M z+ryMcgCL;_Z{q<%|c<8Tzf>9dLC@vmDd892K`$KzXBKQHN z(Z0shJ`lc-YTpM{mGHEGJ;3RmoE$!;4!nRsiQ*~6*DUt;`}FF|!KB@aSb8(#pP;IR z78KemKs2Zav|+|S-Nd?Qpjg`R2M2b)Wl+Q=)DT`Fd^p<)1x1#+ELhZGn)&0XA$*E` zf=xh6ubP|vg5ju+OQd8QDd%2gua8Toj3w^eD6CP5LMHa$bgGHGNy#J*2fJ61dRbPf~n zwUD*Rj(r?zI3_O3i%(2`9%nrnJ|ljJe`STF{zzIlUnfd2c#lo8y0|CLBWEGtj%2m{iROPP5K%ijB1m(AAaO(c3xN?b-9j=c&( zVR5l5AEzAfqt`Hn%%OO6&@n%!IX?b4yj`4yMfqK%G0VY<`fQAW!;C0AOi7Qf9uth7 z``#>y*Rkd84cN`eMxyE`vRdzrqY`@eWp=KbZy-)~`WmxLP+nZe;-K#0eZLm$urR7| zX`wucwy!TWhctcKmPclN48DO+C-NK(3LL-Gc(5%kI??JYeMuE)yAbgJpH6fdj=I`f zgn+{7@bY)Pv9XJbRrI6LJ)^_t8JQ#sv>5%&Pd@FT&+o?khK_2E)MRV=4Hu8PO1zK_E*3Dl7bF*^y8{4)QA3Yfv?tx> zNT6X#6$PSyffvwOU}eRfLG6_>6Uttox16_ryjG32M~$x+xEhby>P(JJx;KwH-V&Cu zG0Gdcl8$q?I*RAy7Ci3anI30gx^4knU{pws)rWai$0y%&dIuPyR;ji(39evK7B>Lm zk!+qG0S9;qudQ=w=?Z=3oLG?ljhJw(wz{w{@E+trshe9h<-4Sl;+k%2}?W)nL zc^%Dgn*ofSx{YG~x{{FDCJr}l=2L6^#;xuGk5O>%@scrnO7dsvh}GPW*eL0ct4L1^)z}jNF3ttB7T+F6GOeBSPExF<@C-&4{Ib!Z_rzi{8TU2BYrF7-S+NJLk0OmFE^ zO!s~YYz9rQ(_}cbO`Z36F6?V@%E~<85b40Ep~kCa!}3L zbbKMPX2D1s9${Yp@`A90fZP4Ay9|Lm`p?NK&O#Vxa^3DLxU~h8f7Z@6xGfG8N+9i$ z&40wM-j+~){LLq#>`~|9mo_RTO4+8Lo0}>vPqMun^Al4R3VWSQJ+K#U0fVW6>pSMn zZ5A!ey(-hp9%};wNl9r*f*~J&Hx7BXRmOY&wAaBu7yl3Z0JEgM8(c_Hwsn2+Z|gTO zAVjs`nxQKH&y#d6DXfqFX?>auO^^Q@e?&d;zDcl%GM(>YzC599xmdL-S>RX zLwt5{$j*)vD(FQ&@MOGM_R(dY%V(eCjDvAR#?SJQaZ2s~8f~D~ClG|}dWv>2T^uGS zEMs$tz_lT2O_#`PbN88%GQk;_Pd+lc5k&ow+sBUyp$fA{dxitA&aXiOtXSQlYfoJX z3COSR%3kO*F+o>k-TZ!vTsD}wvHVNJz$i@6hdOF$K{U!@wY9hl>knDN>7n`beU4Ma zTEd4t5No45@nD9!m^fe6VvK{~K5;qHyvt(7V4~$s5`oQwtx>^BGs2r+n&!@if(f^!USC@(1ROFMP(NEmY=oBD=dHrk=-tPk6y3<{`zm6}V4h zB}&9^HBS6g+%G2}ojpOD+hO77MuF%V-2J2=aa0VvRpP*&W({#BzC&f}Ztyto+9365 zt=eHlW<0iH417HBq*Lnf-ueb-4UbGVtVN`6kuzL%)q(6eOK)X;IP%HDH_A8U?Zdc# zu>i}$%8|`~X{1CfZ?{T+P`VK{c$#u`1eN&&tvjMVCw$ACBWpqa*5ZMN|J(GWtb7B` zR>4bi!C(R_K9wc}r7bMEBd>N@G_blSqjuWoW4hc-IR$&i8h>8@v@Ra%0#}C-gK!y!oF~2+07g~r&YQNvUnhyvzNzfd`*Wjf&-}x zq*XK3XI6seZ6EY!z01x>ZPtofPw^<*4XR=gyM^!6)BX5l zo{M;wb&bI7c))h$jsBPB!*_t&S$QLN2{56g&FAb3?a|rR{tS7lrkxYSbFWidvW5ry zxXuL{newufjH&f`zV|g=eMeqhGM-22BoLRJ@U|RbuR^X={8F{D20uh>KmPIQwFRWw zP~YxO-?e!i9tJOqhouGDrr(mmr8%wm<`Sk+kot@} zzTFkHb6a9KUf$v+@H_TN7W`Dojr@WAP?l3?xGuC{@_s!fgny#xmUT|v{v0=&V{ZHw z;!W2PCqhwj!I`n+z}QeGT(vTi_aH&Ods8~r=jidAeP=wt=R!Qwy`G!dR`=C5cOJt! z%&6T~74%rWvZnQ#uT9(2Sc&n#8;T5TcWt=ro}`6|W$kJ?=Tx|)81D}#;pO5A;`g$Y z>_gYMcY3t8)r2aqtFV_t-n8;Iv)0_p%NoKAe%Yl4I&uPW3L31&Y8KVvXtDWH*rP9- zc=j`um}b}7X*IG|mE=(#2-pmDmJRxxeH_2R4QA9PB|XV0%pkHXd-E4HHtr>azFy;N zN%H8KAbR7pRnBDQ>~9OGoT|fa$V?~wpwGepMJ6I&cSS*CsV$!ALU0x|;2Lz zYd47Fet+$6Q}*xGTd(?84!q90_*+^lh#FlXp(Q&8DnGxZy83BEy9i2)mF1~k?Rq~z zy`k$ zaxblg90IQL4@JOzg;?w*_hq7fOVjK@ofKva)+5-ygJL@v7~Z8ISQgvWTgshJ@>y9I zzZ|M;A*|#ze9MU=!C)K|C%fz}*hm`S;IOj8y>@|#^K0p+9Pi)7j}Ri&AKI2toziq~ zmcS1Nl;D@Qk4~%^<2jP^tX7!7Z!-4otFB(AlOWE>`Aszj1)lrpEQy zP?fI{!JBl1;Nu6(1|6&yQ`#>xi`*FYer!u57i2vmacAmDpBT852IaLR=xJ%DnPFT2 zrPL;!rx_tEuKH9@uaq7rH114`CqCHY9JP@(KU=OYd#`=l?@?Wk4owyUl6iTMzS(|F@apF1cHPMY*a(x#%Jh9MZQIS4 z|2-v`u$0>%ha5w?v|C_mW>z-!3H9OzFZtH`W{);E{tqZ7mQPDqIh^la%8Ui(Md=Pc z3_1_lOx~k5QGoj0yx|w_S*SFur1ZMlo#Db}*5MSl&D|+>h+q_-AFPrJT9=LQZ_y3D zu6!8%@uL8e%Sv`K=<*HEq5R0~F#R*}zpMD%jv4Nq-5%BENFk_^$6c9bJ>LMOeorKv zx}g-zk29jw{W}sFkQ{iJMG(OE!4?%baJ<;I2(FxGbb*0NF`v@!&svmRBy&w78(kUi z;=F6Tx8cA~ZY#=BR(IzH@b&=zBFwmw$4E8d$)K5)+uq-LR?C60K5OgOirc^sWqE#S zX@9;FoI+`^L}$m^{CvavC1gB_$=`daAqlv=%W8wISw;BE48@~X8%qKAPmu0kMh2OHtrEGL@U|O_cbiIFftbhO~COs``u&dFV*Pn zE<*O`iz8gGLJBb)T?G$lyEH%n4NeyYTbO(gVt1516*4E;<81I|_)Xh8yqNr!7|nyK z{8||8GJd>6y1-$v)a3>odCT>R^Rkhb#BC$QAcC944$z!$#W%Ddk_#r}3?thn5VN7H zzJA^&k&{T1+%C6%!=N;oZa`AiA)zGebf+D7 zF}_gTGiPAr{N=&c1v85pE|t8~jaV)Ii*1Zp0FLu>Y)#`z@zL)cL)BxSJ`2J>q<>%t z#5s|?+yx##AQPLdGgz^ttYB~8kMy@THNU630HKbOIutz@jwfZexgv)8tuP10t7JYkNU|g-w3xVtJIxokGCeV=B6d;DxN!(wAn=#?pnvmoEb*%g zlk^CFOjV_B(Jjqt2T5LVIGf+N4QS=wmYb*W4Hu%vTc>^t?IN6Hyr*9?#=Rd0aEBcX zXvcohDUs_RR2KNE7cNRpC$tno+mQ;IhGH%gVq$tbgEa0Q2?7pccB+Xnn3s|XlT4wz)C8HxzoF_V+^hKm_1oox zLO3UbtDWjwJ|jA7cz@srSgQHHfvM`&QJud$fXarTz=i0gFDp84a5C*D=$4@T$xiSH z3^AUARkG?NovS{q5g?q=pk00PHZNoF0D`G(Z6u>vnqKBCMrg)sE2ZWHI8b^wo290V zz>W07ZQTLaR{rj0@Vp!4kln$6O%fOnz(0J&VW*UA>jAnaj8bD|;Gvw5Eq9Tt761GG z8D_mxRFccyp=zx|E5wHFT`*{W?T1(Rn97K%eN;PR}^|rYayu1^L3Yf zB+^$Z5ZgFTSbp3ph4mOuTunC7LtV}g!@ljjKaqP{Vf)rU@%7bthUk~dfGM-vXH#)8Pun?3@g8R9+xN=0`YqJjaK5tZW(fZjUTjT zfrWAu!^3rxotg-OH-2qRS;AukHPwc-45kR}_hA-h8mneh;x7~Mo_N*G;^Obo&mmqX zugJ;#zc?PMvei)Mjxl&%@h}o0N5y}BcaXwY36yE;q?fPb zIIjH!rKV;Jn@qKCM==>Li!}obpMq}Aeu_|@>`u4;ax~AhiN_^g5cW&~83#=Ylz@kP zIib~CZ<;P1l-WjO;zXW+O`f>?_8!=)C*?JmUq1aj0=5E?nKQ)p1XK`dEK3B?PqG;m z`X{1qA&^pFqG64T>o)?GGNm1Dv`))kIjSbGc`blRQ^m&v81hi;M41K-);5wKZgGUk z&mfg8UZ;yR9v(pDerkZ89_=!;9Pb(roNu-sTu>4VHkAJiWq`CPKImR~@wCD?>+e>V zjCP#63iIN}t=bSWMSgyo_GgW_K1qVJ-H3ZjrZKAx+(l*FwY0{gcnh)4!kmVYEHb}B z46x)5(0Vy_EWB%XmO9#`I%;w1ezG>NOu}m1DFUpS`I@A>i7|uw6A)b3)&7+2R(N0# z^?wz2o?%UV+rI}9L_msEsRB|2>C&rIr3orEbVO=^fT4vhNC%OsH0dB6A@p7a=_NoY zQX_<3LJi#Uobx-+bKl%o|9kJt$;^}4vu5qJzU#Bs%z(u|kK8Y0T*_PLIr5bh4cX>8 z200h{TNW&=6F^2^q3K9TTJg4p-nmB|Y^b^UfL{JO83v@IvHCI6S_7P6?YA=G^g0(Y zbT=dGE$ymRp%slx4fAZ4N46u68mNUM)F9e+G@9SC?F%rcEQ%Ti-789g1BpFvbsr#K zh9zbV3M}yV*k5(MQ^=x9zj)t2zXaDv?e4^P%;Mi6#j&jYJ;1|w-ru*?a_6H5^7A~V z?Sqs2c`gsJ|8wl?9U8f?zpl%gl6GDVn2_X)jS2{o-SDB9p|?99_TcI4;Dsicl)x{W z6_N9;;+jJS^SI_zEOt#s?K9&me%q2yG3Y;6RQ*PGOTBKLl^!)N5}Z9o&%uc^eqxf+ zD(A>ngQDqocEx#zk-E&na5q6SmQGvonwtzPHm|l_$u3OUfA0Qam+d0aq`ga9*JxP8 zn_WYV41=s^Ym2?!J1Py&KX{($k}?MzGyJ-`1pDrwi32(^0`JzAge(WsaaBez{pEXnUE=_H7~04HE#ul&Z6RobxGm5@rE zc-T6gBDzW|GV4+ZE{@~k0+su;cAPHGKeY-|t~bmzjdc?>aO=~#>`2TbmJqk1SADr$ zOFZ{+&0PE5U0#M3`c)v5-TS?1%bL~nQ~GaOu&;!hk7Dv6!#t?f6AU97^W|A;-B7vL zF1LR|iEO=kYX%3)dV^`|0Q^)Er?0Frzfh2Q95Yr0pVI;NF9nKoMT6YF3MHYdt>oVD z_H2qa=a$_b}PrGXGtp2ON zgLq2!Gh8rk-%pOh+)kDLJiwJ+g4ZZw@I_{>QfBgf9se zNJ-{aoupIP6Z)rtlIvhzpw#;A4!I(_7J-HdqI3CJ<*(MtVl?JZdlX$`Xk(!fr#`<6 zBW_NA;Kna2q=(3u6Q75pE3d1u@s3VAz z-NrOj?1zC~pT)VbbiE9q>5iM16K4T{sy=r&cMncqM(er2O2bs_>~*5Wk%-kF+P_o&(iBq5?>t0c=z>qPJp%`QKwKGO_Ke^4-=; zH~h@Kb!TYv*3PV5EX9GmAMiA&f3#?a-dSNNWBt)HhUQhjeT|_N=vRP!akI~GuDzOt zsYc+DzO_x`Hv1)8lTL~H!V`nHRYT&sA3M+YW$79yMqQQ7eOC|TdzhLhu-FphSrU>7Ea{q_f|&^Z8o)Kb({g|3TGZ>_1R0Je>w*|KlHushmi4XYaqeg#RyY zOez5$T{RQ`@E_L4##R15ibwxvVJlc zoNjXyKi_hmQcW2-tZ9|ly>e3!RtORKt6^2L>Ew%a4|*8zPZ`RAhf&d$`Zu}) z*b-uEK!GxATJvctu_#`u3N;I?VH>f=gWr22;uDI78~1Vxy}+AzmYE--dPQa05EbSJ zyCM?i6G4{j{LJgGMe7;%%H91J3E9EtRf0KSE7O$NXTP704GtNvKP(YF`yTz{+7$Jz zc{-EMl7Hr#ET6lT_lXEAt%@Vj&U&!6vhG%|F%|X~jWUH=y|$j*6{c{ZHQ?sJ^vo@3 zPLzDl`DeOVbTW5UE9P|}JvLG*q!6`9pKc(x(##EQAE(?a*O&;#$t9uRQ6$11*(BQj z#n{58&6gxrqS8Snc;PO^suor3iSL5=xP+Qjd^sYgb3_QQw>qQ^a*iLX{45h8d?|gW zEQdCY9GBcA(W`;?ZaLEEx4A#Y1R;j_`k7|q$dBC{ zp@erF107$5LqgCz6fk?LE-u>T5W6p*2OXQ6NYmzW23~xV<3fb>fUi3z@#Q%MKGv1L0QE;Ha-Lt5d#8O@&XbT97W*3js!xZaj%1DVtonDJT8 zE83Ug2rWkObVlUp(fcLaKJT8A-(9}Q%8rFkJ)EB5CVB3ap=8Lygs>HK;#Iq18W~Zi zJoiwSG=W`s1uR`%rIH)i<4>9BlN24XEt-baHjUuMb2?RLq@d5$?QNM1q?al^7?Gu= zQhYUgsz|5hruodGPzq{&R6puT*{`Q<6@`|bQJ>&1-tBgO@nmIoULW^efRy!Q@E(|q z51&9Ew`?QAVaENzGnEwemTHQT)f zGV6#1Q4Uk9tU$-7c>y{qU1mMEv~uF~3o}>}O9hQ`lzmHasZj>L;0Xq1K0THJYn(Kv zxNPjA*R65c+9S?uh( z8^erfd-+smkIa^xLeSM)-laVbcYb+D0n>m!J?^Px!nNOHZEH-uZKpotu|>G`N-`1_ zDJ=f4i{!pANdI2ay&OI*kGN39$i*4%u5K++#X8Dl=CLrV)ocAx+B_+1$k8_HYn)<; zl(N(;$6N8aGID`YqMw{fsmIq@^8xpwCmy~Xu8<#>NaTM2PW zzR=nT4bQUEE&e5uIG>~XlRAU?6_iN~Gv&%MiZR;j!NIXa06y&NqKw%mZsGCw$EiE@ z7ggI3Mp;f&)PCdPrH@RRV7FJvc&h@F|L5k)z6t4(9+~7e-u#Fa#)a{f4G3rsxhS$y z9O}Y!xdB=B1uuh^Ugt%De3n`gixT8`3)5uzzu$P8IF2tl+uOoSUtCAq8cVc#K7mYJ zRqV$yyYOOL%9qk2H260kr;r^q&zG01K|j35N|!@z4L5|MtJ%#Qt(YaQ+uAXb=T{5m z0;lfqo}1l#WesqdZy8hDW@)aTYTWD=-*RdG9x-HULxrv7kP>DY?0vWf&3CkRT-z4_-P!2HJW4rx>g zNA*Bu_M?w?tueI)T_zM1h6X|R?en8NQ^Vkf8ZVTPr1o{k^aAxE40GanRB z3|=>Ru1!wk?p{5Oq1sEY2aVS$6izgxA+1ZPdNm_-s$;W+jPvixg75C2+eugBg0cFB zMm94#R?YksM3I=R1cUKMmvT7YsO}6QgO!SkaIMU{Gf+|FixN$*GfeysJBK-3YHEIr zkNd}R#E9xFx~_@yedeanH~u)_d8>}I=1axtuw|cyzBgggp7Nu2jAd^Ir1y>&BTk1v z1vPFI2kM2At}mOW2$REkd#-c~L(|B49EO)oE#FmCSaX?qGz}k9ztR74H+$|XKuGq) zQK=c)@{QomSXj^|j@!}kA&+{#Oe4`ZC+lMW9invyy>h)fi(eG-3SOD=_gv8!eDXFk zH$#!!p1wUKOnK8xHe+a+3A&1+^GFOMH>A}3Y(DC|bWwi`Atr6WH*gZ4OrS3{cuxP< zu1AI!L_5%+$qJhY52U5$jnfq|YVPw?$9SHl=KQT;b9~a6Xe+O`R9R1Z_t{uT6_5A> zx6GLoo$3}hPVuDG-B=fD_6)U*?cvxlf9vTMa>pnhh{XM_+usk|GW}1xj&aJ@XSbMP zUZYzP&(&gP_q?jQW|@^Qd&IPxHncjSPXe?nK-MpOoU8)+OYhW(t@f-}3b%`AJ5vt? zb^js;F`)lA8g|1?N-Ktv;A`k1L}c1sofO1+f|O zmA3**MpIr5s(+#=7vf4C(gAVA)ghwa#@!=K%d=E`l2*VK*h|XTJQc;gl3Gu#T<(9b z?)%o;O?sB@<)P3>^d#BAsVX70=!fuygL3gnXz+e(96SW4czA%P>!Zx&rTYj7I>&Wh zR!ibKB5k013{AA^>g(+>i%D@L8WV@Ju(s8)s(h_1E_&f(-^cXr*L6dw$!$}QYuEn4 zq|?-a0TsdVC?pP}wDCD9VlKCL%?oH;7UC2*APCQD?KxQ8lpz0b<0Z(rxg{Hmab zv2-AGhE}evi5%5)s^Laq&^r*|gN%bLCEC*ha)Y!i0mq_mmWr8vnLRTb92QttgIyl= zBdF?C1+xeP*iZA}XM@cjzOxlEfa?*AdEO~nL`2<#CK)0L6Q5#?KODLjGkhj2Em8P6 zb+@~Up0ZAzVxFL-YoZXkcrlXw$S~mvo$O+zv+jO#>->n(@$C_j(amZp(f?`_CAoq17lMYCi&23IaIcu0%=aeNK*m9SQp-{OdA z3Ew3?r&D;;NY*P#U}tl&!Z@c_KZ#g>)_m#BXp`Fh5j@q}8Nby>LIFe(OKh^`TZ=1Z zJ0QDJ!SK7-xh%KaP-^{8V19(jm%K1#4K0ho7bF$L)_Wk!L@ZB_0uc{|uM3W@=EM4O zdYeBz?WtmaOk)7CVM~7H^#&~fMP$Ez(68MrUmak1@mLNW@?ZS-TXI4!a@sq5_El$+ zr*p3lgt?OtqRVQwjWgUP9`@ihb~ARR?Q$`oUrt?CHYn9k9~Qf^5F?R}$c{xa4zpTi zMYM_pg`?u2$S1?cA=eCgGj@J&sk+!(B)Fq(?dUk%C zCeQ)~fxpL`9uMm@z#DZzF>jJL!tNxl{O)sGB;&oKypg*2Vz6hvzAyumhggm$wK$cL z)q7gfi@E2FgG2NE?>7SI1yG{d?oT3zdo2#XJX{h9$2=IW7Ym0I35p#tGjH~MEJ>Pf zy}wz?P(4uNC)Y>ddXJiWa6A?S2eh3x72qXRmZn6Kf4u#?Gk(CW@?EyYth|#5Sp(-~ zur4D0J}7q}$T)3x6}&C^Rs9{ZvaRhNnmt`yndFJk!o<{sOY1im`0!avMYp)%hP}y3 z8P@{o(VDC#UC(`cJhl?aex*+tjG^-u(ti`0?SvhCl87;s4>@q|(|$u$k6?hXK!bq=fvf#5b+@2%C0q0Bp&vZeFZe## zg5}p#r7D%SU40%Gb;rhjJ$B{+=|nKab3VO`uispYh(hD>7IfJ;kPr<l zE4C+3-?zlP1`Ye3PvIuNfbZs65tqId5VeS{>8ATz5sH&!yqgK#6RW zu0_I zFE6;!8T%l(S5`itPLi(D4en@A!1hS2eAIZ~w7$LsL1MQ+cHlHdr6#6fsp|&G1$`ii z;hO9yEb&>oUnf?qOLV%NSbo@gyo4_*!R?X5RL4?czy4}Q=E5qWuWVR((;BR9ws|<3 z2;_B!8cwxK%SHYNGj8|yQ1)aK@yw(_n`-09D5r*-n5zG75V>kkiQ5H3u$`maSMx)XhJZQLxTK8B(lMO>HHzy z<-4Q82>QO8mKuMU=WHi5$n{?3%!!P>~dH;){(F5%oJeWw0{Xh z7HnbMa)^*-;$BHFIo7+FYOE#3U!3d{sTn`|Y-YaYPSb|I{*(?=d~oF3AGIR&qc8&V zlD}(se>;sG#?p0ZoP0D)ArEUTR@4a*$bV5C=1tD$IP4>1GoUqX-;w9HdI&TsvVG;+ zx-&p7Ysakq=zc^Gv%;gVC0?FPUq}082>~i*x7%x6sc)E+IlfrLb0HVNW#ZCQ=q)-O z++seNmmfg4SKd|7`)t=+CGh|tIM9cuj|}q1Kg4|Sthuc+W;_`c89Fzb_#e7v7Y|4b z<5xN0-fLFI`v3F==Ge4>z+S7sT&1A9#8jNj$%zLpNGl6uhg!1`FBQI6;0_>fUDz8^0);qIhYp! zFkU`*OaPK;6dY&V8vm>pL&?sin^8MMVWc{)w@Xue)!Q`k+gIz(M>W+0)s9*#QC0fE!M{3cO3lT7gZRE<4tmJ%hb&`=|rg~sKgGGZ7nRkxWHB`dnElc z$=K+KMy-B0H9ev0WlMA~Mfs0%rex?>bE^!$06)3hoBGqM^Ybh_7RRdcsPpuhEK+L$ zT3v~MHT;w;iw|`HE_;6YQGN3a$ z)NjqexF;udXcW-*?}&jL$Ll8->zW~Szii1znv=1KkI0%}zlZeUxS{>WlA*cK+W4JD z!IezQL0&hEM_;Y`j2~$@z)M^&v#{=+M(3H{Df%}O@1Epd5H^c29>C1lZ^p!smz`Ve zd)DEoZ-p^_@6>)>HVWn}K;KC{ifVhqpZ9<%%igwI#e~BFq{p$|fK81xim4|@C?cJb z+2r^uN(MvN_+-s#$Dix&{_=e<=>qdUB7+lfG zfsv|Q1qES*(2T#5)}9$i0fuWOw}2uFW?Jtg+bVT<(^N`g!t_Mtk;kQ6tg`Z87r2{E zS~nZP5yV$v5%zuW5u63wG7hqmo{}oS@?iv`XZ;~P$<+%~bA)vdysJoEz!L@(nqgIl zB2PVVq3)h`*x2{*lqz+lS-CTyG0(A-7AON4=Lk(M=e>6icBOz3b)PSUx`B94j%ujw zmv^Q3OmE^o8AQtErB4I2d+N7u-rcmw?$#PLnAEh@N$&Ap>asePG}kYs>)&m8Lx0=y zhyfo3s8hdWvz-~9vyJI?9LSH@dE%MBihvla*ECqrkKaZstzOav^CQNxKXC_`YjU?1Uf)}V^6^Y`c>Kzr5j!ghSQ%dG zw&v4sx!GcEez#U^E6xA$b=bZr%*d;q<2m@)Fz3&i*3n2>AMt&@+zS>@0gf$zPStq2 za2gYZo&wk^#i6Wi&$L{NYRXJ~UZk_Z_c25OA~N>MFs=SQ;=FYY;5iw`i!I&x#yhZH zNZH=NLA`hLLtW3=i;baG{0KIY;YG`(CKKL_rbNz8&$W>V6klP`0|UL(h%|u6(5W`p zN-&^GZps3tnbrEvBh<)`h9$_bO}l-SSsy+*zgh$>O)VbL2EdGs&qc#(CgN;I@XpT^ zzeY2=C*vNuoHs>u4|V4QZ;3(K^&&Bi6nHkXRT&B1CMi$hKk}1SoA=DrC#i`Lp&C9C zo$(SAvnBKMO(tpFJn!3vckI~;O0W{KdqfA5vDWEn9&(tr9`yX9^|A}bn#13}lx)*` ze8R%}qsq+c>ZF~sgtpqptl^C)!*^S$lFK?9<@*3)Ew$Q?^0GYrP;Zh2m5I=2G^cE}zG*c`p6!jvm2%w4?k<+_|HdA*ZUyhz@?=J%7Sxh(>VQX!_1dXIbk^{37Bao@DnP@*ntXMY5hw0D^6 zbs1hgn6tvl%eizE^gdjaf7~p_m9IF%`eqWRN?^V(O@rR?H>#IGCIU&|AVO(5+$jCqM%y?&Q^&`kfmmlMMJ*SR$yHYQWWqhfrS-iu;R1)S%0<5k)P0)0LFW>x-QeAoetDY&FT#T)?{P~S4VQn-Et;jKUyL&Q9G4o zE#z~u=k5x2NY;l&ExZ`wArFy|$gl2R5Xn*!*YKP@ef)vyZ?&^l3@FS!J)=~Dzzi>= z`OatkB{~hG=E4S^kxSHoHNLhsg2B4ka5ts+ig)rnytEznbJOv4;6i^cw^y@HaTQri zA`2^h)bzBOAjuc60Xz0eh-bUR>wUcE-I}Ymme^apVT5S>T;cA{v9Q6Z{P{}tr1Zza z7V)YC+;M8{P!`%exw)E5>OWWVE2UIZc?=;G-jzn|hsu>Q&H00_ti>H9Ic+{-+xE7d z&pA8n_wU2snHh1=<5xev^&slDZuZrfba+?HhZ%^+BqH!DOUVcK2Sxijl`L6KrCkL% zoZr^SFd<#)agy->Un56Hdvmm4fk0DyGD<;nmHAf zbkC`J-w2GQV}uh{$kLZg!;fBBG=!&EYul%6(^bE^ZSb?AlynQPJXPUQ#Vf!0So+eP z%1{xee^H>WyB2*$SW6OT8?N!Z7S0*Sogz$p@6XK-ffwejgRiA**4e@%sM?$a1_6J) zm$OHzll-yBd*JU9qJ!T^f@1fuG1=6oL+es}M>MC*)-5)+4BZMG;{`W}Gk7lcM`YM# z;+=zC6eQ8|76V-Gl8Ea>%;q`-6Juq_@QZTMl)o;b~3xe_X;Cp0+=V5xR^ZrPfd-vG^3 zFvCm7EO~b)Td){YH}NFqV4xergY{VP>yd~=;AD!J=GbL~rSfr@c%xDpjQh`%tqXRC zZ?kRSL|;fNJSNSQ4Vl@Ml+&^ax(!e7-tXs@o1F>MDt|dM8*!?pD)i)9gg_dcyLljB zH9)?y0QKo9^t(w=ZNvKnf1i;VctLoogbeZW%A;i{*XP+=szYISX1*OMspm_aRq^da zlje=oy#73pnc>cf@^B*W5WOfgeW##K4_o*8`Vx6>IVN70BJ z7X8*0Fp=zeR&m?>eDV+LeDi!&-;=3R}woQ*m@}ZOYU~K zfed5;uMe+0bSOon_Zu@k={Y~8;++6kRr6fXuwgmeM}w$>gkdy9I~z+_dY5f{X1QT$ zcgvz!2h}6ws<+@DHsGlai8OP%b?o!>UHSXCoY$#O71b&#JvSeuR}?4ew`85o{HxQ- zpEhz5wW%=r^15gsm}P=8{0pyK?jN*{FX!I@m^g1}SZL`q^0LhZXy3FU!&Rd1%A5+@ zRi~V63NG%X7XEZHCb(7P{}`A*J=oe+!n#n3m)1r{-yKcSIzf}3)N{n*W>61dU|m4r zbK_%RrsjXh!Z>V#Vk~}2HcN+LuO>Hh$}F-pB*^GV7tck3g*pn`d}@Gae~zWM9DUX% zTP1V5Eb!jSK1dONobSD|K0p^|ACkIwJZS#`bzKE`8sm$J^D`18mc|&1A)9J9d&c4M zoQds}2zcL!4xQ%y7(^&eHoS{AG)6~2tb@;fZ9q73dI4o3x2fs}146fLX>%Iss;S-` zT?(^V)#vM-Pl0?LPMzxEEWItC_{%zZ<;wXyh;q;44?`5X4}8Cq$g}T6wN&UQj{9ej z9WhUpQlsjdT@;P6hQs=co$J9EmSHKyrlI=Ib3D-`*HFjX6P8a!Z!t{cTX+nIxERWF zQURoJ(I3q~5g%Nu>%~zH-iDUvC;`dlo^jpCF^G(V#7Q#Z^r+_E$a+kNQc=Hjm|>-+ zkfcqMUR@FXSTOc1Pw3sk{bH}P*A^P=q>IANKkb#DjM!8cTC`CW(vD@9-R}S1JGg;v zA&g8=5mm^#KG!nf-T&E2o;Nfkernle0=G9DD7fP~G*)2m*DnWZdstbnIM@d-`gd1V z5k+j8t&9#^h`1chpq3Q#;lqyt%}%^Zelzy|{wYS+i-o6GAbv;*isJVB__-1S$r>G9mA|aMNLC^vrWcX>2l@b zH{BYMkNJ&*T{=j+d#Qx8owgJeeHuwbd>@+PGRJJl>SFg8EbP+zbIxS4H9i+Kvw}WU zo#_2|e)!?>{KRv@E({JiE41d`)yZBRV?`2k{llKwD*M{h4YRcJ$i7djEB++Nh8JXN zmGZY0Z!~xEyN3q-S6z5%Lor&Get8+pDH^Zj2FM;C47j5>SFEIF#TgBfmT&bzOuOn# z*;UN!w=H-*BZuCW4OuS?Cj7XX8(C<5Rtjr?$fb6*TuHJRF3*SS^AMMlg}%7112sNI zbK0~LEvug_9WK1h2v7d-R4%m-{!=VIU z2WWrKqYyV1RiLTnP;ff9wlmUU-3(SddU`Hh6~`yC`M3O?ZB%;ez3rlsmsZi}Q4IVS zJWant to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) -As an alternative to a remediation request when a recommendation is not relevant at the moment, you can create exceptions for recommendations. If your organization has device groups, you will now be able to scope the exception to specific device groups. Exceptions can either be created for selected device groups, or for all device groups past and present. +As an alternative to a remediation request when a recommendation is not relevant at the moment, you can create exceptions for recommendations. If your organization has device groups, you will be able to scope the exception to specific device groups. Exceptions can either be created for selected device groups, or for all device groups past and present. -When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state will change to **Full exception** or **Partial exception** (by device group). +When an exception is created for a recommendation, the recommendation will not be active until the end of the exception duration. The recommendation state will change to **Full exception** or **Partial exception** (by device group). ## Permissions -Only users with “exceptions handling” permissions can add exception. [Learn more about RBAC roles](user-roles.md). +Only users with “exceptions handling” permissions can manage exceptions (including creating or canceling). [Learn more about RBAC roles](user-roles.md). + +![View of exception handling permission.](images/tvm-exception-permissions.png) ## Create an exception @@ -45,7 +47,7 @@ Select a security recommendation you would like create an exception for, and the ### Exception by device group -Apply the exception to all device groups or choose specific device groups. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.” The state will change to “full exception” if you select all the device groups. +Apply the exception to all current device groups or choose specific device groups. Future device groups won't be included in the exception. Device groups that already have an exception will not be displayed in the list. If you only select certain device groups, the recommendation state will change from “active” to “partial exception.” The state will change to “full exception” if you select all the device groups. ![Showing device group dropdown.](images/tvm-exception-device-group-500.png) @@ -53,7 +55,7 @@ Apply the exception to all device groups or choose specific device groups. Devic If you have filtered by device group on any of the threat and vulnerability management pages, only your filtered device groups will appear as options. -Button to filter by device group on any of the threat and vulnerability management pages: +This is the button to filter by device group on any of the threat and vulnerability management pages: ![Showing selected device groups filter.](images/tvm-selected-device-groups.png) @@ -97,23 +99,24 @@ The following list details the justifications behind the exception options: ## View all exceptions -Navigate to the **Exceptions** tab in the **Remediation** page. +Navigate to the **Exceptions** tab in the **Remediation** page. You can filter by justification, type, and status. -![Showing the "Exceptions" tab in the Remediation page.](images/tvm-exception-tab400.png) + Select an exception to open a flyout with more details. Exceptions per devices group will have a list of every device group the exception covers, which you can export. You can also view the related recommendation or cancel the exception. + + +![Showing the "Exceptions" tab in the Remediation page.](images/tvm-exception-view.png) -Select an exception to open a flyout with more details. Exceptions per devices group will have a list of every device group the exception covers, which you can Export. You can also view the related recommendation or cancel the exception. ## How to cancel an exception -To cancel an exception, navigate to the **Exceptions** tab in the **Remediation** page. Select the exception. +To cancel an exception, navigate to the **Exceptions** tab in the **Remediation** page. Select the exception. To cancel the exception for all device groups, select the **Cancel exception** button. You can also cancel the exception for a specific device group. ### Cancel the exception for a specific device group -If the exception is per device group, then you will need to select the specific device group to cancel the exception for it. +Select the specific device group to cancel the exception for it. A flyout will appear for the device group, and you can select **Cancel exception**. ![Showing how to select a specific device group.](images/tvm-exception-device-group-hover.png) -A flyout will appear for the device group, and you can select **Cancel exception**. ### Cancel a global exception @@ -132,11 +135,6 @@ The exposed devices (after exceptions) column shows the remaining devices that a The impact (after exceptions) shows remaining impact to exposure score or secure score after exceptions are applied. Exception justifications that affect the scores include ‘third party control’ and ‘alternate mitigation.’ Other justifications do not reduce the exposure of a device, and so the exposure score and secure score do not change. ![Showing the columns in the table.](images/tvm-after-exceptions-table.png) -If there is a large jump in the number of exposed devices, or a sharp increase in the impact on your organization exposure score and Microsoft Secure Score for Devices, then that security recommendation is worth investigating. - -1. Select the recommendation and **Open software page** -2. Select the **Event timeline** tab to view all the impactful events related to that software, such as new vulnerabilities or new public exploits. [Learn more about event timeline](threat-and-vuln-mgt-event-timeline.md) -3. Decide how to address the increase or your organization's exposure, such as submitting a remediation request. ## Related topics

      Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1540

      +

      Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1540

      Version 6.3.9600

      Microsoft Surface Hub MsBignum Cryptographic Implementations #1517

      +

      Microsoft Surface Hub MsBignum Cryptographic Implementations #1517

      Version 10.0.15063.674

      Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations #4900

      Version 10.0.15063.674

      Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations #4899

      Version 10.0.15254

      Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #4898

      Version 10.0.16299

      Microsoft Surface Hub BitLocker(R) Cryptographic Implementations #4896

      Version 10.0.15063.674

      Windows 10 Mobile (version 1709) BitLocker(R) Cryptographic Implementations #4895

      Version 10.0.15254

      Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations #4894

      Version 10.0.16299

      KW (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)

      -

      AES Val#4624

      Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #4626

      Version 10.0.15063

      CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)

      -

      AES Val#4624

      +

      AES validation number 4624

       

      Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile BitLocker(R) Cryptographic Implementations #4625

      Version 10.0.15063

      KW  (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 192, 256, 320, 2048)

      -

      AES Val#4064

      Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #4062

      Version 10.0.14393

      CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)

      -

      AES Val#4064

      Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BitLocker® Cryptographic Implementations #4061

      Version 10.0.14393

      KW  (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)

      -

      AES Val#3629

      Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #3652

      Version 10.0.10586

      CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)

      -

      AES Val#3629

      Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BitLocker® Cryptographic Implementations #3653

      Version 10.0.10586

      KW  (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)

      -

      AES Val#3497

      Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #3507

      Version 10.0.10240

      CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)

      -

      AES Val#3497

      Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BitLocker® Cryptographic Implementations #3498

      Version 10.0.10240

      CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)

      -

      AES Val#2832

      Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BitLocker Cryptographic Implementations #2848

      Version 6.3.9600

      CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
      -AES Val#2197

      +AES validation number 2197

      CMAC (Generation/Verification) (KS: 128; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16)
      -AES Val#2197

      +AES validation number 2197

      GCM(KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
      (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
      IV Generated: (Externally); PT Lengths Tested: (0, 128, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 128, 1024, 8, 1016); IV Lengths Tested: (8, 1024); 96 bit IV supported
      @@ -2915,7 +2915,7 @@ GMAC supported

      CCM (KS: 256) (Assoc. Data Len Range: 0 - 0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)

      -

      AES Val#2196

      		 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #2198
      CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 – 0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
      -AES Val#1168

      Windows Server 2008 R2 and SP1 CNG algorithms #1187

      Windows 7 Ultimate and SP1 CNG algorithms #1178
      CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16)
      -AES Val#1168      		 Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #1177
      CTR_DRBG: [Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#4627)]CTR_DRBG: [Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4627)]

      Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1556

      Version 10.0.15063
      CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#4624)]CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 4624)]

      Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1555

      Version 10.0.15063
      CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#4434)]CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4434)]

      Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1433

      Version 7.00.2872
      CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#4433)]CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4433)]

      Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1432

      Version 8.00.6246
      CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#4431)]CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4431)]

      Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1430

      Version 7.00.2872
      CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#4430)]CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4430)]

      Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1429

      Version 8.00.6246
      CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#4074)]CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 4074)]

      Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #1222

      Version 10.0.14393
      CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#4064)]CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 4064)]

      Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #1217

      Version 10.0.14393
      CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#3629)]CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 3629)]

      Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #955

      Version 10.0.10586
      CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#3497)]CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 3497)]

      Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #868

      Version 10.0.10240
      CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#2832)]CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 2832)]

      Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489

      Version 6.3.9600
      CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#2197)]CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES validation number 2197)] Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #258
      CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#2023)]CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 2023)] Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #193
      CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#1168)]CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES validation number 1168)] Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 RNG Library #23

      Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1223

      Version 10.0.15063

      Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1188

      Version 7.00.2872

      Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1187

      Version 8.00.6246

      Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #1098

      Version 10.0.14393

      Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #1024

      Version 10.0.10586

      Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #983

      Version 10.0.10240

      Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855

      Version 6.3.9600
      Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #687
      Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 DSS and Diffie-Hellman Enhanced Cryptographic Provider (DSSENH) #686
      FIPS186-2:
      SIG(ver)       MOD(1024);
      -SHS: Val# 1773
      -DRBG: Val# 193
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#645.      		 Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #645
      FIPS186-2:
      SIG(ver)       MOD(1024);
      -SHS: Val# 1081
      -DRBG: Val# 23
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#391. See Historical DSA List Val#386.

      Windows Server 2008 R2 and SP1 CNG algorithms #391

      Windows 7 Ultimate and SP1 CNG algorithms #386
      FIPS186-2:
      SIG(ver)       MOD(1024);
      -SHS: Val# 1081
      -RNG: Val# 649
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#390. See Historical DSA List Val#385.

      Windows Server 2008 R2 and SP1 Enhanced DSS (DSSENH) #390

      Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) #385
      FIPS186-2:
      SIG(ver)       MOD(1024);
      -SHS: Val# 753
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#284. See Historical DSA List Val#283.

      Windows Server 2008 CNG algorithms #284

      Windows Vista Ultimate SP1 CNG algorithms #283
      FIPS186-2:
      SIG(ver)       MOD(1024);
      -SHS: Val# 753
      -RNG: Val# 435
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#282. See Historical DSA List Val#281.

      Windows Server 2008 Enhanced DSS (DSSENH) #282

      Windows Vista Ultimate SP1 Enhanced DSS (DSSENH) #281
      FIPS186-2:
      SIG(ver)       MOD(1024);
      -SHS: Val# 618
      -RNG: Val# 321
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#227. See Historical DSA List Val#226.

      Windows Vista CNG algorithms #227

      Windows Vista Enhanced DSS (DSSENH) #226
      FIPS186-2:
      SIG(ver)       MOD(1024);
      -SHS: Val# 784
      -RNG: Val# 448
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#292.      		 Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #292
      FIPS186-2:
      SIG(ver)       MOD(1024);
      -SHS: Val# 783
      -RNG: Val# 447
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical DSA List Val#291.      		 Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #291
      Windows 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #221
      Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #146
      Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #95
      FIPS186-4:
      PKG: CURVES      (P-256 P-384 TestingCandidates)
      -SHS: Val#3790
      -DRBG: Val# 1555

      Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1136

      Version 10.0.15063

      Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1135

      Version 10.0.15063

      Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1133

      Version 10.0.15063

      Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1073

      Version 7.00.2872

      Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1072

      Version 8.00.6246

      Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #920

      Version 10.0.14393

      Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #911

      Version 10.0.14393

      Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #760

      Version 10.0.10586

      Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #706

      Version 10.0.10240

      Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505

      Version 6.3.9600
      Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #341

      FIPS186-2:
      PKG: CURVES      (P-256 P-384 P-521)
      -SHS: Val#1773
      -DRBG: Val# 193
      +SHS: validation number 1773
      +DRBG: validation number 193
      SIG(ver): CURVES(P-256 P-384 P-521)
      -SHS: Val#1773
      -DRBG: Val# 193

      +SHS: validation number 1773
      +DRBG: validation number 193

      FIPS186-4:
      PKG: CURVES      (P-256 P-384 P-521 ExtraRandomBits)
      SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
      SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
      -SHS: Val#1773
      -DRBG: Val# 193
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#295.

      		 Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #295
      FIPS186-2:
      PKG: CURVES      (P-256 P-384 P-521)
      -SHS: Val#1081
      -DRBG: Val# 23
      +SHS: validation number 1081
      +DRBG: validation number 23
      SIG(ver): CURVES(P-256 P-384 P-521)
      -SHS: Val#1081
      -DRBG: Val# 23
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#142. See Historical ECDSA List Val#141.

      Windows Server 2008 R2 and SP1 CNG algorithms #142

      Windows 7 Ultimate and SP1 CNG algorithms #141
      FIPS186-2:
      PKG: CURVES      (P-256 P-384 P-521)
      -SHS: Val#753
      +SHS: validation number 753
      SIG(ver): CURVES(P-256 P-384 P-521)
      -SHS: Val#753
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#83. See Historical ECDSA List Val#82.

      Windows Server 2008 CNG algorithms #83

      Windows Vista Ultimate SP1 CNG algorithms #82
      FIPS186-2:
      PKG: CURVES      (P-256 P-384 P-521)
      -SHS: Val#618
      -RNG: Val# 321
      +SHS: validation number 618
      +RNG: validation number 321
      SIG(ver): CURVES(P-256 P-384 P-521)
      -SHS: Val#618
      -RNG: Val# 321
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#60.      		 Windows Vista CNG algorithms #60

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#3790

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3790

      -

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3790

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3790

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3790

      +

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3790

      Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #3062

      Version 10.0.15063

      HMAC-SHA1(Key Sizes Ranges Tested: KSBS) SHS Val#3790

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3790

      -

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3790

      -

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS Val#3790

      HMAC-SHA1(Key Sizes Ranges Tested: KSBS) SHS validation number 3790

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3790

      +

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3790

      +

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 3790

      Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3061

      Version 10.0.15063

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#3652

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3652

      -

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3652

      -

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#3652

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3652

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3652

      +

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3652

      +

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3652

      Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2946

      Version 7.00.2872

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#3651

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3651

      -

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3651

      -

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#3651

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3651

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3651

      +

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3651

      +

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3651

      Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2945

      Version 8.00.6246

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val# 3649

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val# 3649

      -

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val# 3649

      -

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal# 3649

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3649

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3649

      +

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3649

      +

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3649

      Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2943

      Version 7.00.2872

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#3648

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3648

      -

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3648

      -

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#3648

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3648

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3648

      +

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3648

      +

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 3648

      Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2942

      Version 8.00.6246

      HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS)
      -SHS Val# 3347

      +SHS validation number 3347

      HMAC-SHA256 (Key Size Ranges Tested:  KSBS)
      -SHS Val# 3347

      +SHS validation number 3347

      HMAC-SHA384 (Key Size Ranges Tested:  KSBS)
      -SHS Val# 3347

      Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2661

      Version 10.0.14393

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val# 3347

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val# 3347

      -

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val# 3347

      -

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS Val# 3347

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 3347

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 3347

      +

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 3347

      +

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 3347

      Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2651

      Version 10.0.14393

      HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS)
      -SHS Val# 3047

      +SHS validation number 3047

      HMAC-SHA256 (Key Size Ranges Tested:  KSBS)
      -SHS Val# 3047

      +SHS validation number 3047

      HMAC-SHA384 (Key Size Ranges Tested:  KSBS)
      -SHS Val# 3047

      +SHS validation number 3047

      HMAC-SHA512 (Key Size Ranges Tested:  KSBS)
      -SHS Val# 3047

      Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #2381

      Version 10.0.10586

      HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS)
      -SHSVal# 2886

      +SHSvalidation number 2886

      HMAC-SHA256 (Key Size Ranges Tested:  KSBS)
      -SHSVal# 2886

      +SHSvalidation number 2886

      HMAC-SHA384 (Key Size Ranges Tested:  KSBS)
      - SHSVal# 2886

      + SHSvalidation number 2886

      HMAC-SHA512 (Key Size Ranges Tested:  KSBS)
      -SHSVal# 2886

      Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2233

      Version 10.0.10240

      HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS)
      -SHS Val#2373

      +SHS validation number 2373

      HMAC-SHA256 (Key Size Ranges Tested:  KSBS)
      -SHS Val#2373

      +SHS validation number 2373

      HMAC-SHA384 (Key Size Ranges Tested:  KSBS)
      -SHS Val#2373

      +SHS validation number 2373

      HMAC-SHA512 (Key Size Ranges Tested:  KSBS)
      -SHS Val#2373

      Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773

      Version 6.3.9600

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#2764

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#2764

      -

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#2764

      -

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS Val#2764

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS validation number 2764

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS validation number 2764

      +

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS validation number 2764

      +

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS validation number 2764

      Windows CE and Windows Mobile, and Windows Embedded Handheld Enhanced Cryptographic Provider (RSAENH) #2122

      Version 5.2.29344

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#1773

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#1773

      -

      Tinker HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#1773

      -

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#1773

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 1773

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 1773

      +

      Tinker HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 1773

      +

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 1773

      		 Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1364

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#1774

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#1774

      -

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#1774

      -

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#1774

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 1774

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 1774

      +

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 1774

      +

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 1774

      		 Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1227

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#1081

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#1081

      -

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#1081

      -

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#1081

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 1081

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 1081

      +

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 1081

      +

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 1081

      Windows Server 2008 R2 and SP1 CNG algorithms #686

      Windows 7 and SP1 CNG algorithms #677

      Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) #687

      Windows 7 Enhanced Cryptographic Provider (RSAENH) #673

      HMAC-SHA1(Key Sizes Ranges Tested: KSVal#1081

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSVal#1081

      HMAC-SHA1(Key Sizes Ranges Tested: KSvalidation number 1081

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 1081

      		 Windows 7 and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #675

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#816

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#816

      -

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#816

      -

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#816

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 816

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 816

      +

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 816

      +

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 816

      		 Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #452

      HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#753

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSVal#753

      HMAC-SHA1 (Key Sizes Ranges Tested: KSvalidation number 753

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 753

      		 Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #415

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#753

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#753

      -

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#753

      -

      HMAC-SHA512 (Key Size Ranges Tested: KSBS)SHS Val#753

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 753

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 753

      +

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 753

      +

      HMAC-SHA512 (Key Size Ranges Tested: KSBS)SHS validation number 753

      Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #408

      Windows Vista Enhanced Cryptographic Provider (RSAENH) #407

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)SHSVal#618

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#618

      -

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#618

      -

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#618

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)SHSvalidation number 618

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 618

      +

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 618

      +

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 618

      		 Windows Vista Enhanced Cryptographic Provider (RSAENH) #297
      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#785HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 785

      Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #429

      Windows XP, vendor-affirmed

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#783

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#783

      -

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#783

      -

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#783

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 783

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 783

      +

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 783

      +

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 783

      		 Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #428

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#613

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#613

      -

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#613

      -

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#613

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 613

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 613

      +

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 613

      +

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 613

      		 Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #289
      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#610HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 610 Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #287

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#753

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#753

      -

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#753

      -

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#753

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 753

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 753

      +

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 753

      +

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 753

      Windows Server 2008 CNG algorithms #413

      Windows Vista Ultimate SP1 CNG algorithms #412

      HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#737

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSVal#737

      HMAC-SHA1 (Key Sizes Ranges Tested: KSvalidation number 737

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 737

      		 Windows Vista Ultimate BitLocker Drive Encryption #386

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#618

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#618

      -

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#618

      -

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#618

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 618

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 618

      +

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 618

      +

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 618

      		 Windows Vista CNG algorithms #298

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#589

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSBS)SHSVal#589

      -

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#589

      -

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#589

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 589

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSBS)SHSvalidation number 589

      +

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 589

      +

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 589

      		 Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #267

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#578

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#578

      -

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#578

      -

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#578

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 578

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 578

      +

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 578

      +

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 578

      		 Windows CE and Windows Mobile 6.0 and Windows Mobil 6.5 Enhanced Cryptographic Provider (RSAENH) #260

      HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#495

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSVal#495

      HMAC-SHA1 (Key Sizes Ranges Tested: KSvalidation number 495

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSvalidation number 495

      		 Windows Vista BitLocker Drive Encryption #199
      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#364HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 364

      Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #99

      Windows XP, vendor-affirmed

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#305

      -

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#305

      -

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#305

      -

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#305

      HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSvalidation number 305

      +

      HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSvalidation number 305

      +

      HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSvalidation number 305

      +

      HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSvalidation number 305

      		 Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #31

      ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration) SCHEMES [FullUnified (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC)]

      -

      SHS Val#3790
      -DSA Val#1135
      -DRBG Val#1556

      Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #128

      Version 10.0.15063

      Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #127

      Version 10.0.15063

      Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #114

      Version 8.00.6246

      ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration)
      SCHEMES  [FullUnified  (No_KC  &lt; KARole(s): Initiator / Responder &gt; &lt; KDF: CONCAT &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC)]

      -

      SHS Val# 3347 ECDSA Val#920 DRBG Val#1222

      Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #93

      Version 10.0.14393

      Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #92

      Version 10.0.14393

      Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #72

      Version 10.0.10586

      Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #64

      Version 10.0.10240

      Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #47

      Version 6.3.9600
      Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #36
      CTR_Mode: (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32]))

      -KAS Val#128
      -DRBG Val#1556
      -MAC Val#3062

      Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #141

      Version 10.0.15063
      CTR_Mode: (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))

      -KAS Val#127
      -AES Val#4624
      -DRBG Val#1555
      -MAC Val#3061

      Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #140

      Version 10.0.15063

      CTR_Mode:  (Llength(Min20 Max64) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32]))

      -

      KAS Val#93 DRBG Val#1222 MAC Val#2661

      Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #102

      Version 10.0.14393

      CTR_Mode:  (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))

      -

      KAS Val#92 AES Val#4064 DRBG Val#1217 MAC Val#2651

      Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #101

      Version 10.0.14393

      CTR_Mode:  (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))

      -

      KAS Val#72 AES Val#3629 DRBG Val#955 MAC Val#2381

      Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #72

      Version 10.0.10586

      CTR_Mode:  (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))

      -

      KAS Val#64 AES Val#3497 RBG Val#868 MAC Val#2233

      Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #66

      Version 10.0.10240

      CTR_Mode:  (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))

      -

      DRBG Val#489 MAC Val#1773

      Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #30

      Version 6.3.9600

      CTR_Mode: (Llength(Min0 Max4) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))

      -

      DRBG #258 HMAC Val#1345

      		 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #3

      Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #2524

      Version 10.0.15063
      FIPS186-4:
      ALG[RSASSA-PKCS1_V1_5]       SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
      -SHA Val#3790

      Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile RSA32 Algorithm Implementations #2523

      Version 10.0.15063

      Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #2522

      Version 10.0.15063

      Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2521

      Version 10.0.15063

      FIPS186-2:
      ALG[ANSIX9.31]:
      -SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#3652
      -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256Val#3652, SHA-384Val#3652, SHA-512Val#3652
      -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#3652, SHA-256Val#3652, SHA-384Val#3652, SHA-512Val#3652

      +SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3652
      +ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256validation number 3652, SHA-384validation number 3652, SHA-512validation number 3652
      +SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3652, SHA-256validation number 3652, SHA-384validation number 3652, SHA-512validation number 3652

      FIPS186-4:
      ALG[ANSIX9.31]       Sig(Gen): (2048 SHA(1)) (3072 SHA(1))
      SIG(gen) with SHA-1 affirmed for use with protocols only.       Sig(Ver): (1024 SHA(1)) (2048 SHA(1)) (3072 SHA(1))
      ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
       SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
      -SHA Val#3652

      Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2415

      Version 7.00.2872

      FIPS186-2:
      ALG[ANSIX9.31]:
      -SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#3651
      -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256Val#3651, SHA-384Val#3651, SHA-512Val#3651
      -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#3651, SHA-256Val#3651, SHA-384Val#3651, SHA-512Val#3651

      +SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3651
      +ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256validation number 3651, SHA-384validation number 3651, SHA-512validation number 3651
      +SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3651, SHA-256validation number 3651, SHA-384validation number 3651, SHA-512validation number 3651

      FIPS186-4:
      ALG[ANSIX9.31]       Sig(Gen): (2048 SHA(1)) (3072 SHA(1))
      SIG(gen) with SHA-1 affirmed for use with protocols only.       Sig(Ver): (1024 SHA(1)) (2048 SHA(1)) (3072 SHA(1))
      ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
       SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
      -SHA Val#3651

      Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2414

      Version 8.00.6246

      FIPS186-2:
      -ALG[RSASSA-PKCS1_V1_5]:       SIG(gen) 4096, SHS: SHA-256Val# 3649, SHA-384Val# 3649, SHA-512Val# 3649
      -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val# 3649, SHA-256Val# 3649, SHA-384Val# 3649, SHA-512Val# 3649

      +ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256validation number 3649, SHA-384validation number 3649, SHA-512validation number 3649
      +SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3649, SHA-256validation number 3649, SHA-384validation number 3649, SHA-512validation number 3649

      FIPS186-4:
      186-4KEY(gen):       FIPS186-4_Fixed_e (10001);
      PGM(ProbRandom: (2048, 3072) PPTT:(C.2)
      ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
       SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
      -SHA Val# 3649
      -DRBG: Val# 1430

      Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2412

      Version 7.00.2872

      FIPS186-2:
      -ALG[RSASSA-PKCS1_V1_5]:       SIG(gen) 4096, SHS: SHA-256Val#3648, SHA-384Val#3648, SHA-512Val#3648
      -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#3648, SHA-256Val#3648, SHA-384Val#3648, SHA-512Val#3648

      +ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256validation number 3648, SHA-384validation number 3648, SHA-512validation number 3648
      +SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1validation number 3648, SHA-256validation number 3648, SHA-384validation number 3648, SHA-512validation number 3648

      FIPS186-4:
      186-4KEY(gen):       FIPS186-4_Fixed_e (10001);
      PGM(ProbRandom: (2048, 3072) PPTT:(C.2)
      ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
       SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
      -SHA Val#3648
      -DRBG: Val# 1429

      Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2411

      Version 8.00.6246

      Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2206

      Version 10.0.14393

      FIPS186-4:
      186-4KEY(gen):       FIPS186-4_Fixed_e (10001);
      PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)

      -

      SHA Val# 3347 DRBG: Val# 1217

      Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA Key Generation Implementation #2195

      Version 10.0.14393

      FIPS186-4:
      ALG[RSASSA-PKCS1_V1_5]       SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))

      -

      SHA Val#3346

      soft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #2194

      Version 10.0.14393

      FIPS186-4:
      ALG[RSASSA-PKCS1_V1_5]       SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
      SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))

      -

      SHA Val# 3347 DRBG: Val# 1217

      Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #2193

      Version 10.0.14393

      FIPS186-4:
      [RSASSA-PSS]: Sig(Gen):       (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))

      Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))

      -

      SHA Val# 3347 DRBG: Val# 1217

      Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #2192

      Version 10.0.14393

      FIPS186-4:
      186-4KEY(gen)      :  FIPS186-4_Fixed_e (10001);
      PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)

      -

      SHA Val# 3047 DRBG: Val# 955

      Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA Key Generation Implementation #1889

      Version 10.0.10586

      FIPS186-4:
      ALG[RSASSA-PKCS1_V1_5]       SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))

      -

      SHA Val#3048

      Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #1871

      Version 10.0.10586

      FIPS186-4:
      ALG[RSASSA-PKCS1_V1_5]       SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
      SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))

      -

      SHA Val# 3047

      Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub MsBignum Cryptographic Implementations #1888

      Version 10.0.10586

      FIPS186-4:
      [RSASSA-PSS]: Sig(Gen)      : (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
      Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))

      -

      SHA Val# 3047

      Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #1887

      Version 10.0.10586

      FIPS186-4:
      186-4KEY(gen):       FIPS186-4_Fixed_e (10001);
      PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)

      -

      SHA Val# 2886 DRBG: Val# 868

      Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA Key Generation Implementation #1798

      Version 10.0.10240

      FIPS186-4:
      ALG[RSASSA-PKCS1_V1_5]       SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))

      -

      SHA Val#2871

      Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #1784

      Version 10.0.10240

      FIPS186-4:
      ALG[RSASSA-PKCS1_V1_5]       SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))

      -

      SHA Val#2871

      Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #1783

      Version 10.0.10240

      FIPS186-4:
      [RSASSA-PSS]:       Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
      Sig(Ver): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))

      -

      SHA Val# 2886

      Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #1802

      Version 10.0.10240

      FIPS186-4:
      186-4KEY(gen):       FIPS186-4_Fixed_e;
      PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)

      -

      SHA Val#2373 DRBG: Val# 489

      Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 RSA Key Generation Implementation #1487

      Version 6.3.9600

      FIPS186-4:
      ALG[RSASSA-PKCS1_V1_5]       SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))

      -

      SHA Val#2373

      Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #1494

      Version 6.3.9600

      FIPS186-4:
      ALG[RSASSA-PKCS1_V1_5      ] SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
      SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))

      -

      SHA Val#2373

      Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1493

      Version 6.3.9600

      FIPS186-4:
      [RSASSA-PSS]:       Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
      Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))

      -

      SHA Val#2373

      Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #1519

      Version 6.3.9600
      Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1134
      Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1132
      FIPS186-2:
      ALG[ANSIX9.31]:
      -SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1774
      -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
      -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1774, SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#1052.      		Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1052
      FIPS186-2:
      -ALG[ANSIX9.31]:       Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: Val# 193
      -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
      -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1773, SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#1051.      		Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1051
      FIPS186-2:
      -ALG[RSASSA-PKCS1_V1_5]:       SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
      -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#568.      		Windows Server 2008 R2 and SP1 Enhanced Cryptographic Provider (RSAENH) #568
      FIPS186-2:
      -ALG[RSASSA-PKCS1_V1_5]:       SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
      -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
      -ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
      -SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#567. See Historical RSA List Val#560.

      Windows Server 2008 R2 and SP1 CNG algorithms #567

      Windows 7 and SP1 CNG algorithms #560
      FIPS186-2:
      -ALG[ANSIX9.31]:       Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: Val# 23
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#559.      		Windows 7 and SP1 and Server 2008 R2 and SP1 RSA Key Generation Implementation #559
      FIPS186-2:
      -ALG[RSASSA-PKCS1_V1_5]:       SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
      -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#557.      		Windows 7 and SP1 Enhanced Cryptographic Provider (RSAENH) #557
      FIPS186-2:
      ALG[ANSIX9.31]:
      -ALG[RSASSA-PKCS1_V1_5]:       SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
      -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#816, SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#395.      		Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #395
      FIPS186-2:
      ALG[ANSIX9.31]:
      -SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#783
      -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#783, SHA-384Val#783, SHA-512Val#783,
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#371.      		Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #371
      FIPS186-2:
      -ALG[RSASSA-PKCS1_V1_5]:       SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
      -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
      -ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
      -SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#358. See Historical RSA List Val#357.

      Windows Server 2008 CNG algorithms #358

      Windows Vista SP1 CNG algorithms #357
      FIPS186-2:
      ALG[ANSIX9.31]:
      -SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753
      -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
      -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#355. See Historical RSA List Val#354.

      Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #355

      Windows Vista SP1 Enhanced Cryptographic Provider (RSAENH) #354
      FIPS186-2:
      ALG[ANSIX9.31]:       Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#353.      		Windows Vista SP1 and Windows Server 2008 RSA Key Generation Implementation #353
      FIPS186-2:
      -ALG[ANSIX9.31]:       Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 RNG: Val# 321
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#258.      		Windows Vista RSA key generation implementation #258
      FIPS186-2:
      -ALG[RSASSA-PKCS1_V1_5]:       SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
      -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
      -ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
      -SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#257.      		Windows Vista CNG algorithms #257
      FIPS186-2:
      -ALG[RSASSA-PKCS1_V1_5]:       SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
      -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#255.      		Windows Vista Enhanced Cryptographic Provider (RSAENH) #255
      FIPS186-2:
      ALG[ANSIX9.31]:
      -SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#613
      -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
      -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#613, SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#245.      		Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #245
      FIPS186-2:
      ALG[ANSIX9.31]:
      -SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#589
      -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
      -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#589, SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#230.      		Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #230
      FIPS186-2:
      ALG[ANSIX9.31]:
      -SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#578
      -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
      -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#578, SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#222.      		Windows CE and Windows Mobile 6 and Windows Mobile 6.1 Enhanced Cryptographic Provider (RSAENH) #222
      FIPS186-2:
      ALG[RSASSA-PKCS1_V1_5]:
      -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#364
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#81.      		Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #81
      FIPS186-2:
      ALG[ANSIX9.31]:
      -SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#305
      -ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
      -SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#305, SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
      -Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See Historical RSA List Val#52.      		Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #52