From 794df59ad443ed9889d4d23100b2af44ac0e6f8c Mon Sep 17 00:00:00 2001 From: brbrahm <43386070+brbrahm@users.noreply.github.com> Date: Mon, 11 Nov 2019 16:33:02 -0800 Subject: [PATCH 01/73] Add ApplicationControl CSP mdm vs. non-mdm info --- .../mdm/applicationcontrol-csp.md | 28 +++++++++++++++---- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index cb636ce3ef..a67a565274 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -112,17 +112,35 @@ Scope is dynamic. Supported operation is Get. Value type is char. -## Usage guidance - +## MDM Usage Guidance To use ApplicationControl CSP, you must: - Know a generated policy’s GUID, which can be found in the policy xml as ``. - Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. -If you are using hybrid MDM management with System Center Configuration Manager or using Intune, ensure that you are using Base64 as the Data type when using Custom OMA-URI -functionality to apply the Code Integrity policy. +If you are using hybrid MDM management with System Center Configuration Manager or using Intune, the steps to use Custom OMA-URI functionality to apply the Code Integrity policy are: +- In the Intune portal, navigate to Device configuration, then Profiles, then create a profile with Custom OMA-URI Settings and add a row +- OMA-URI: ./Vendor/MSFT/ApplicationControl/Policies//Policy (filling in Policy GUID with your policy's ID) +- Data type: Base64 +- Certificate file: upload your binary format policy file +Intune handles the creation of a policy node and does all the below steps to deploy policies on your behalf, so you shouldn't do any of the below steps. + +## Non-MDM Usage Guidance +To use ApplicationControl CSP, you must: +- Know a generated policy’s GUID, which can be found in the policy xml as ``. +- Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. +- Create a policy node (a Base64-encoded blob of the binary policy representation) using the certutil -encode command line tool. + +Here is a sample certutil invocation: +``` +certutil -encode WinSiPolicy.p7b WinSiPolicy.cer +``` +An alternative to using certutil would be to use the following PowerShell invocation: +```powershell +[Convert]::toBase64String($(Get-Content -Encoding Byte -ReadCount 0 -Path )) +``` ### Deploy policies -To deploy a new base policy using the CSP, perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data}. Refer to the the Format section in the Example 1 below. +If not using Intune, in order to deploy a new base policy using the CSP, perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data}. Refer to the the Format section in the Example 1 below. To deploy base policy and supplemental policies: - Perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data} with the GUID and policy data for the base policy. From c69b3dfb6908113e16c9320f0a436c926036d7b7 Mon Sep 17 00:00:00 2001 From: brbrahm <43386070+brbrahm@users.noreply.github.com> Date: Mon, 11 Nov 2019 16:39:03 -0800 Subject: [PATCH 02/73] AppControl CSP formatting changes --- .../mdm/applicationcontrol-csp.md | 20 ++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index a67a565274..365c106a92 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -114,19 +114,21 @@ Value type is char. ## MDM Usage Guidance To use ApplicationControl CSP, you must: -- Know a generated policy’s GUID, which can be found in the policy xml as ``. +- Know a generated policy’s GUID, which can be found in the policy xml as `` or `` for pre-1903 systems. - Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. -If you are using hybrid MDM management with System Center Configuration Manager or using Intune, the steps to use Custom OMA-URI functionality to apply the Code Integrity policy are: -- In the Intune portal, navigate to Device configuration, then Profiles, then create a profile with Custom OMA-URI Settings and add a row -- OMA-URI: ./Vendor/MSFT/ApplicationControl/Policies//Policy (filling in Policy GUID with your policy's ID) +If you are using hybrid MDM management with System Center Configuration Manager (SCCM) or using Intune, the steps to use Custom OMA-URI functionality to apply the Code Integrity policy are: +- In the Intune portal, navigate to Device configuration, then Profiles, then create a profile with Custom OMA-URI Settings and add a row. +- OMA-URI: ./Vendor/MSFT/ApplicationControl/Policies/Policy GUID/Policy - Data type: Base64 -- Certificate file: upload your binary format policy file -Intune handles the creation of a policy node and does all the below steps to deploy policies on your behalf, so you shouldn't do any of the below steps. +- Certificate file: upload your binary format policy file. + +> ![Note] +> Intune handles the creation of a policy node and does all the below steps to deploy policies on your behalf, so you shouldn't do any of the below steps. ## Non-MDM Usage Guidance -To use ApplicationControl CSP, you must: -- Know a generated policy’s GUID, which can be found in the policy xml as ``. +If not using Intune or hybrid MDM management with SCCM, in order to use ApplicationControl CSP, you must: +- Know a generated policy’s GUID, which can be found in the policy xml as `` or `` for pre-1903 systems. - Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. - Create a policy node (a Base64-encoded blob of the binary policy representation) using the certutil -encode command line tool. @@ -140,7 +142,7 @@ An alternative to using certutil would be to use the following PowerShell invoca ``` ### Deploy policies -If not using Intune, in order to deploy a new base policy using the CSP, perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data}. Refer to the the Format section in the Example 1 below. +If not using Intune or hybrid MDM management with SCCM, in order to deploy a new base policy using the CSP, perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data}. Refer to the the Format section in the Example 1 below. To deploy base policy and supplemental policies: - Perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data} with the GUID and policy data for the base policy. From 7a272ab4a16dd8844ee60018a4537e0b40f5ef05 Mon Sep 17 00:00:00 2001 From: brbrahm <43386070+brbrahm@users.noreply.github.com> Date: Wed, 13 Nov 2019 14:52:18 -0800 Subject: [PATCH 03/73] Add OMA-URI info to WDAC policies through Intune Previously, the "Deploy WDAC policies by using Microsoft Intune" document only discussed using an endpoint protection profile. It didn't mention the option to use custom OMA-URI. --- .../mdm/applicationcontrol-csp.md | 12 ++---------- ...r-application-control-policies-using-intune.md | 15 ++++++++++++++- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index 365c106a92..9582765ad6 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -113,18 +113,10 @@ Scope is dynamic. Supported operation is Get. Value type is char. ## MDM Usage Guidance -To use ApplicationControl CSP, you must: -- Know a generated policy’s GUID, which can be found in the policy xml as `` or `` for pre-1903 systems. -- Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. - -If you are using hybrid MDM management with System Center Configuration Manager (SCCM) or using Intune, the steps to use Custom OMA-URI functionality to apply the Code Integrity policy are: -- In the Intune portal, navigate to Device configuration, then Profiles, then create a profile with Custom OMA-URI Settings and add a row. -- OMA-URI: ./Vendor/MSFT/ApplicationControl/Policies/Policy GUID/Policy -- Data type: Base64 -- Certificate file: upload your binary format policy file. +Refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) for more information. > ![Note] -> Intune handles the creation of a policy node and does all the below steps to deploy policies on your behalf, so you shouldn't do any of the below steps. +> Intune handles the creation of a policy node and does all the below steps to deploy policies on your behalf, so you shouldn't do any of the below steps if using Intune to leverage ApplicationControl CSP. ## Non-MDM Usage Guidance If not using Intune or hybrid MDM management with SCCM, in order to use ApplicationControl CSP, you must: diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index 8a2a80de85..6a5d1faf03 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -27,8 +27,21 @@ ms.date: 05/17/2018 - Windows 10 - Windows Server 2016 -You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). You can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps defined by the Intelligent Security Graph. +You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). Beginning in 1903, you can configure a custom profile using Custom OMA-URI to leverage the new ApplicationControl CSP. This CSP has support for [multiple policies](deploy-multiple-windows-defender-application-control-policies.md) and rebootless policies. Custom OMA-URI can also be used on pre-1903 systems to deploy custom policies. +Alternately, you can instead choose to configure an Endpoint Protection profile to deploy built-in Intune-managed WDAC policies on pre-1903 systems. Using Endpoint Protection, you can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps defined by the Intelligent Security Graph. +## Custom OMA-URI profile +To use ApplicationControl CSP through custom OMA-URI, you must: +- Know a generated policy’s GUID, which can be found in the policy xml as `` or `` for pre-1903 systems. +- Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. + +If you are using hybrid MDM management with System Center Configuration Manager (SCCM) or using Intune, the steps to use Custom OMA-URI functionality to apply the Code Integrity policy are: +- In the Intune portal, navigate to Device configuration, then Profiles, then create a profile with Custom OMA-URI Settings and add a row. +- OMA-URI: ./Vendor/MSFT/ApplicationControl/Policies/Policy GUID/Policy +- Data type: Base64 +- Certificate file: upload your binary format policy file. + +## Endpoint Protection profile 1. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**. 3. Type a name for the new profile, select **Windows 10 and later** as the **Platform** and **Endpoint protection** as the **Profile type**. From 9686b801df2c66ec2d30f8cc7eb11b09eb182ef3 Mon Sep 17 00:00:00 2001 From: brbrahm <43386070+brbrahm@users.noreply.github.com> Date: Wed, 13 Nov 2019 15:06:38 -0800 Subject: [PATCH 04/73] Deploy WDAC with Intune correct usage info Add info to differentiate custom OMA-URI with AppLocker CSP vs ApplicationControl CSP --- ...-defender-application-control-policies-using-intune.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index 6a5d1faf03..7b97d2c9fb 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -31,11 +31,13 @@ You can use Microsoft Intune to configure Windows Defender Application Control ( Alternately, you can instead choose to configure an Endpoint Protection profile to deploy built-in Intune-managed WDAC policies on pre-1903 systems. Using Endpoint Protection, you can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps defined by the Intelligent Security Graph. ## Custom OMA-URI profile -To use ApplicationControl CSP through custom OMA-URI, you must: -- Know a generated policy’s GUID, which can be found in the policy xml as `` or `` for pre-1903 systems. +For information on using a custom OMA-URI profile on pre-1903 systems to leverage the AppLocker CSP and deploy custom WDAC policies, refer to [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp). + +For 1903+ systems, in order to use ApplicationControl CSP through custom OMA-URI, you must: +- Know a generated policy’s GUID, which can be found in the policy xml as `` - Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. -If you are using hybrid MDM management with System Center Configuration Manager (SCCM) or using Intune, the steps to use Custom OMA-URI functionality to apply the Code Integrity policy are: +From there, the steps to use Custom OMA-URI functionality to apply the Code Integrity policy are: - In the Intune portal, navigate to Device configuration, then Profiles, then create a profile with Custom OMA-URI Settings and add a row. - OMA-URI: ./Vendor/MSFT/ApplicationControl/Policies/Policy GUID/Policy - Data type: Base64 From 60ed4d684740c59d752721d10eba399b1180bfdf Mon Sep 17 00:00:00 2001 From: brbrahm <43386070+brbrahm@users.noreply.github.com> Date: Wed, 13 Nov 2019 15:09:24 -0800 Subject: [PATCH 05/73] WDAC through Intune formatting changes --- ...ows-defender-application-control-policies-using-intune.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index 7b97d2c9fb..813faf52ec 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -28,16 +28,15 @@ ms.date: 05/17/2018 - Windows Server 2016 You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). Beginning in 1903, you can configure a custom profile using Custom OMA-URI to leverage the new ApplicationControl CSP. This CSP has support for [multiple policies](deploy-multiple-windows-defender-application-control-policies.md) and rebootless policies. Custom OMA-URI can also be used on pre-1903 systems to deploy custom policies. + Alternately, you can instead choose to configure an Endpoint Protection profile to deploy built-in Intune-managed WDAC policies on pre-1903 systems. Using Endpoint Protection, you can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps defined by the Intelligent Security Graph. ## Custom OMA-URI profile For information on using a custom OMA-URI profile on pre-1903 systems to leverage the AppLocker CSP and deploy custom WDAC policies, refer to [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp). -For 1903+ systems, in order to use ApplicationControl CSP through custom OMA-URI, you must: +For 1903+ systems, the steps to use Custom OMA-URI functionality to leverage ApplicationControl CSP and apply the Code Integrity policy are: - Know a generated policy’s GUID, which can be found in the policy xml as `` - Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. - -From there, the steps to use Custom OMA-URI functionality to apply the Code Integrity policy are: - In the Intune portal, navigate to Device configuration, then Profiles, then create a profile with Custom OMA-URI Settings and add a row. - OMA-URI: ./Vendor/MSFT/ApplicationControl/Policies/Policy GUID/Policy - Data type: Base64 From d32a3671602fae3228d9d1e0c12fd622891b4d7b Mon Sep 17 00:00:00 2001 From: brbrahm <43386070+brbrahm@users.noreply.github.com> Date: Wed, 13 Nov 2019 15:15:47 -0800 Subject: [PATCH 06/73] WDAC through Intune add rebootless info --- ...indows-defender-application-control-policies-using-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index 813faf52ec..c0f47983e9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -27,7 +27,7 @@ ms.date: 05/17/2018 - Windows 10 - Windows Server 2016 -You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). Beginning in 1903, you can configure a custom profile using Custom OMA-URI to leverage the new ApplicationControl CSP. This CSP has support for [multiple policies](deploy-multiple-windows-defender-application-control-policies.md) and rebootless policies. Custom OMA-URI can also be used on pre-1903 systems to deploy custom policies. +You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). Beginning in 1903, you can configure a custom profile using Custom OMA-URI to leverage the new ApplicationControl CSP. This CSP has support for [multiple policies](deploy-multiple-windows-defender-application-control-policies.md) and rebootless policies (policies that have the “Enabled:Update Policy No Reboot” option set don't require a reboot to take effect). Custom OMA-URI can also be used on pre-1903 systems to deploy custom policies. Alternately, you can instead choose to configure an Endpoint Protection profile to deploy built-in Intune-managed WDAC policies on pre-1903 systems. Using Endpoint Protection, you can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps defined by the Intelligent Security Graph. From 5547d56729c2d66219ad2788d39cbd757bafb1ca Mon Sep 17 00:00:00 2001 From: isbrahm <43386070+isbrahm@users.noreply.github.com> Date: Mon, 18 Nov 2019 16:06:56 -0800 Subject: [PATCH 07/73] ApplicationControl CSP to redirect Intune usage guidance --- .../mdm/applicationcontrol-csp.md | 24 +++++++------------ 1 file changed, 9 insertions(+), 15 deletions(-) diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index 9582765ad6..2f681f34f8 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -112,14 +112,11 @@ Scope is dynamic. Supported operation is Get. Value type is char. -## MDM Usage Guidance -Refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) for more information. - +## Usage Guidance > ![Note] -> Intune handles the creation of a policy node and does all the below steps to deploy policies on your behalf, so you shouldn't do any of the below steps if using Intune to leverage ApplicationControl CSP. +> If using Intune standalone or for hybrid management with Configuration Manager (SCCM) through Microsoft Endpoint Manager, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) for more information on deploying policies with ApplicationControl CSP. Microsoft Intune handles the creation of a policy node and does all the below steps to deploy policies on your behalf, so you shouldn't do any of the below steps if using Intune to leverage ApplicationControl CSP. -## Non-MDM Usage Guidance -If not using Intune or hybrid MDM management with SCCM, in order to use ApplicationControl CSP, you must: +In order to use ApplicationControl CSP, you must: - Know a generated policy’s GUID, which can be found in the policy xml as `` or `` for pre-1903 systems. - Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. - Create a policy node (a Base64-encoded blob of the binary policy representation) using the certutil -encode command line tool. @@ -134,13 +131,11 @@ An alternative to using certutil would be to use the following PowerShell invoca ``` ### Deploy policies -If not using Intune or hybrid MDM management with SCCM, in order to deploy a new base policy using the CSP, perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data}. Refer to the the Format section in the Example 1 below. - -To deploy base policy and supplemental policies: -- Perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data} with the GUID and policy data for the base policy. +In order to deploy a new base policy or supplemental policy using the CSP: +- Perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_{Policy GUID}_/Policy** using the Base64-encoded policy node as {Data} with the GUID and policy data for the base policy. Refer to the the Format section in the Example 1 below. - Repeat for each base or supplemental policy (with its own GUID and data). -The following example shows the deployment of two base policies and a supplemental policy (which already specifies the base policy it supplements and does not need that reflected in the ADD). +The following example shows the deployment of two base policies and a supplemental policy. Because the supplemental policy already specifies the base policy it supplements, that does not need to be repeated in the ADD. **Example 1: Add first base policy** ```xml @@ -216,10 +211,9 @@ The following is an example of Get command: ``` ### Delete policies -To delete an unsigned policy, perform a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy**. +To delete an unsigned policy, perform a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_{Policy GUID}_/Policy**. -> [!Note] -> Only signed things should be able to update signed policies. Hence, performing a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** is not sufficient to delete a signed policy. +Only signed things should be able to update signed policies. Hence, performing a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_{Policy GUID}_/Policy** is not sufficient to delete a signed policy. To delete a signed policy: 1. Replace it with a signed update allowing unsigned policy. @@ -236,4 +230,4 @@ The following is an example of Delete command: -``` \ No newline at end of file +``` From 67e957858613ac49d7543a88681221a5fc697752 Mon Sep 17 00:00:00 2001 From: brbrahm <43386070+brbrahm@users.noreply.github.com> Date: Thu, 12 Dec 2019 14:27:34 -0800 Subject: [PATCH 08/73] Resolve applicationcontrol csp merge conflicts --- .../mdm/applicationcontrol-csp.md | 50 ++++++++++++++----- 1 file changed, 38 insertions(+), 12 deletions(-) diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index dbbecb3b74..881b4476dc 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -80,6 +80,7 @@ This node specifies whether the policy is authorized to be loaded by the enforce Scope is dynamic. Supported operation is Get. Value type is bool. Supported values are as follows: + - True — Indicates that the policy is authorized to be loaded by the enforcement engine on the system. - False — Indicates that the policy is not authorized to be loaded by the enforcement engine on the system. This is the default. @@ -114,22 +115,38 @@ Value type is char. ## Usage guidance -To use ApplicationControl CSP, you must: -- Know a generated policy’s GUID, which can be found in the policy xml as ``. -- Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. +> ![Note] +> If using Intune standalone or for hybrid management with Configuration Manager (SCCM) through Microsoft Endpoint Manager, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) for more information on deploying policies with ApplicationControl CSP. Microsoft Intune handles the creation of a policy node and does all the below steps to deploy policies on your behalf, so you shouldn't do any of the below steps if using Intune to leverage ApplicationControl CSP. -If you are using hybrid MDM management with System Center Configuration Manager or using Intune, ensure that you are using Base64 as the Data type when using Custom OMA-URI functionality to apply the Code Integrity policy via uploading the binary file. +In order to use ApplicationControl CSP, you must: + +- Know a generated policy’s GUID, which can be found in the policy xml as `` or `` for pre-1903 systems. +- Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. +- Create a policy node (a Base64-encoded blob of the binary policy representation) using the certutil -encode command line tool. + +Here is a sample certutil invocation: + +```powershell +certutil -encode WinSiPolicy.p7b WinSiPolicy.cer +``` + +An alternative to using certutil would be to use the following PowerShell invocation: + +```powershell +[Convert]::toBase64String($(Get-Content -Encoding Byte -ReadCount 0 -Path )) +``` ### Deploy policies -To deploy a new base policy using the CSP, perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data}. Refer to the the Format section in the Example 1 below. -To deploy base policy and supplemental policies: -- Perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data} with the GUID and policy data for the base policy. +In order to deploy a new base policy or supplemental policy using the CSP: + +- Perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_{Policy GUID}_/Policy** using the Base64-encoded policy node as {Data} with the GUID and policy data for the base policy. Refer to the the Format section in the Example 1 below. - Repeat for each base or supplemental policy (with its own GUID and data). -The following example shows the deployment of two base policies and a supplemental policy (which already specifies the base policy it supplements and does not need that reflected in the ADD). +The following example shows the deployment of two base policies and a supplemental policy. Because the supplemental policy already specifies the base policy it supplements, that does not need to be repeated in the ADD. **Example 1: Add first base policy** + ```xml 1 @@ -144,7 +161,9 @@ The following example shows the deployment of two base policies and a supplement ``` + **Example 2: Add second base policy** + ```xml 1 @@ -159,7 +178,9 @@ The following example shows the deployment of two base policies and a supplement ``` + **Example 3: Add supplemental policy** + ```xml 1 @@ -174,6 +195,7 @@ The following example shows the deployment of two base policies and a supplement ``` + ### Get policies Perform a GET using a deployed policy’s GUID to interrogate/inspect the policy itself or information about it. @@ -191,6 +213,7 @@ The following table displays the result of Get operation on different nodes: |./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/FriendlyName|Friendly name per the policy| The following is an example of Get command: + ```xml 1 @@ -203,17 +226,20 @@ The following is an example of Get command: ``` ### Delete policies -To delete an unsigned policy, perform a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy**. + +To delete an unsigned policy, perform a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_{Policy GUID}_/Policy**. > [!Note] -> Only signed things should be able to update signed policies. Hence, performing a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** is not sufficient to delete a signed policy. - +> Only signed things should be able to update signed policies. Hence, performing a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_{Policy GUID}_/Policy** is not sufficient to delete a signed policy. + To delete a signed policy: + 1. Replace it with a signed update allowing unsigned policy. 2. Deploy another update with unsigned policy. 3. Perform delete. - + The following is an example of Delete command: + ```xml 1 From 2862f7232f533d506bb40c7ac41466ed8ddd5290 Mon Sep 17 00:00:00 2001 From: brbrahm <43386070+brbrahm@users.noreply.github.com> Date: Fri, 13 Dec 2019 15:26:35 -0800 Subject: [PATCH 09/73] Updates to using WDAC with Intune Add pictures and further descriptions --- ...plication-control-policies-using-intune.md | 71 ++++++++++++++---- .../images/policy-id.png | Bin 0 -> 20687 bytes .../images/wdac-intune-custom-assignments.png | Bin 0 -> 29021 bytes ...wdac-intune-custom-create-profile-name.png | Bin 0 -> 44316 bytes .../images/wdac-intune-custom-oma-uri.png | Bin 0 -> 78906 bytes 5 files changed, 56 insertions(+), 15 deletions(-) create mode 100644 windows/security/threat-protection/windows-defender-application-control/images/policy-id.png create mode 100644 windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-custom-assignments.png create mode 100644 windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-custom-create-profile-name.png create mode 100644 windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index c0f47983e9..48b33cfc5d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -27,31 +27,72 @@ ms.date: 05/17/2018 - Windows 10 - Windows Server 2016 -You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). Beginning in 1903, you can configure a custom profile using Custom OMA-URI to leverage the new ApplicationControl CSP. This CSP has support for [multiple policies](deploy-multiple-windows-defender-application-control-policies.md) and rebootless policies (policies that have the “Enabled:Update Policy No Reboot” option set don't require a reboot to take effect). Custom OMA-URI can also be used on pre-1903 systems to deploy custom policies. +Microsoft Intune can be used to configure Windows Defender Application Control (WDAC) on Windows 10 client computers. Intune includes both basic native support for WDAC as well as the option to use Custom OMA-URI for customized policies. -Alternately, you can instead choose to configure an Endpoint Protection profile to deploy built-in Intune-managed WDAC policies on pre-1903 systems. Using Endpoint Protection, you can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps defined by the Intelligent Security Graph. +Intune includes a limited number of default policies, which are available in both audit and enforce mode. You can use these default policies to only allow Windows components and Microsoft Store apps to run, or choose to also allow reputable apps defined by the [Intelligent Security Graph (ISG)](use-windows-defender-application-control-with-intelligent-security-graph.md). These policies are currently deployed using the [AppLocker CSP](windows\client-management\mdm\applocker-csp.md), which requires a reboot even for rebootless policies. -## Custom OMA-URI profile -For information on using a custom OMA-URI profile on pre-1903 systems to leverage the AppLocker CSP and deploy custom WDAC policies, refer to [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp). +Intune also allows you the option of using Custom OMA-URI to deploy customized policies. Note that beginning in 1903, Custom OMA-URI deployment leverages the new [ApplicationControl CSP](windows\client-management\mdm\applicationcontrol-csp.md), which offers support for [multiple policies](deploy-multiple-windows-defender-application-control-policies.md) and rebootless policies (policies that have the “Enabled:Update Policy No Reboot” option set don't require a reboot to take effect). -For 1903+ systems, the steps to use Custom OMA-URI functionality to leverage ApplicationControl CSP and apply the Code Integrity policy are: -- Know a generated policy’s GUID, which can be found in the policy xml as `` -- Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. -- In the Intune portal, navigate to Device configuration, then Profiles, then create a profile with Custom OMA-URI Settings and add a row. -- OMA-URI: ./Vendor/MSFT/ApplicationControl/Policies/Policy GUID/Policy -- Data type: Base64 -- Certificate file: upload your binary format policy file. +## Using Default Intune WDAC Policies -## Endpoint Protection profile 1. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**. -3. Type a name for the new profile, select **Windows 10 and later** as the **Platform** and **Endpoint protection** as the **Profile type**. +2. Type a name for the new profile, select **Windows 10 and later** as the **Platform** and **Endpoint protection** as the **Profile type**. ![Configure profile](images/wdac-intune-create-profile-name.png) -4. Click **Configure** > **Windows Defender Application Control**, choose from the following settings and then click **OK**: +3. Click **Configure** > **Windows Defender Application Control**, choose from the following settings and then click **OK**: - - **Application control code intergity policies**: Select **Audit only** to log events but not block any apps from running or select **Enforce** to allow only Windows components and Store apps to run. + - **Application control code integrity policies**: Select **Audit only** to log events but not block any apps from running or select **Enforce** to allow only Windows components and Store apps to run. - **Trust apps with good reputation**: Select **Enable** to allow reputable apps as defined by the Intelligent Security Graph to run in addition to Windows components and Store apps. ![Configure WDAC](images/wdac-intune-wdac-settings.png) + +## Using Custom OMA-URI with ApplicationControl CSP + +For systems running Windows 10 version 1903 and above, the steps to use Custom OMA-URI functionality to leverage the [ApplicationControl CSP](windows\client-management\mdm\applicationcontrol-csp.md) and apply a Code Integrity policy are: + + +1. Locate the policy’s GUID, which can be found in the policy xml as `` + + ![PolicyID](images/policy-id.png) + +2. Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet. The binary policy may be signed or unsigned. + + ```powershell + ConvertFrom-CIPolicy -XmlFilePath ".\Policy.xml" - BinaryFilePath "Policy.bin" + ``` + +3. In the Intune portal, navigate to Device configuration, then Profiles, then create a profile. + + ![Create profile](images/wdac-intune-custom-create-profile-name.png) + +4. Name your policy, set Platform to Windows 10 and later, and change profile type to Custom (OMA-URI). Add a row and use the following: + - OMA-URI: ./Vendor/MSFT/ApplicationControl/Policies/_{Policy GUID}_/Policy + - Data type: Base64 + - Certificate file: upload your binary format policy file + + ![Create Custom OMA-URI](images/wdac-intune-custom-oma-uri.png) + +5. Set Scope and Applicability Rules, then save your policy. + +6. Finally, assign your policy to the appropriate groups. + + ![Assign policy](wdac-intune-custom-assignment.png) + +## Using Custom OMA-URI with AppLocker CSP + +If you need to deploy your policies to clients running older versions of Windows 10, use Custom OMA-URI to leverage the [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp): + + +1. Convert the policy to binary format using the ConvertFrom-CIPolicy cmdlet. The binary policy may be signed or unsigned. +2. In the Intune portal, navigate to Device configuration, then Profiles, then create a profile. +3. Name your policy, set Platform to Windows 10 and later, and change profile type to Custom (OMA-URI). Add a row and use the following: + + - OMA-URI: ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/_Grouping_/EXE/Policy + - Data type: Base64 + - Certificate file: upload your binary format policy file + +4. Set Scope and Applicability Rules, then save your policy. +5. Finally, assign your policy to the appropriate groups. + diff --git a/windows/security/threat-protection/windows-defender-application-control/images/policy-id.png b/windows/security/threat-protection/windows-defender-application-control/images/policy-id.png new file mode 100644 index 0000000000000000000000000000000000000000..12ec2b924f6a78fd0a7774e86331562aa7f08f45 GIT binary patch literal 20687 zcmaI7c|26{`!`IIEF~49P=xG-l6CAt$P(F0WX;Z4XOv{izAGmCPDCTij5YhduVWiK zlVyxq%-o~zeZQXH^W4AZ_lI%L=bZU$=Q{7}eZ8-1B46lgT%lv9qoAO;qWMhKfP#X` zf_yxC`4aiFW=-WA`5&d1frc_g<=~wy^2tSeB^@OSit0Fe!W(MxIj#FMQ!fgNtL^81 zlwEGcwiFaEY&BJtjQp(j7QkQbZ20q^7BQP9^O{aF_SHC`-mB_*g)S>bKDhRDO4$AD zW^r*~&}HP$Kj8}$dAsWYS8*z14;3wy8TYS-SFc1U4(G{UPPekJXcawi)mV&(K03a< zE(oKN6cN6hSnd1tVPUv!O|@oElI5%&))W-o6P}Hhqu@4CKB~&8v^2E#zt+tu04Il93-zcD&iY>iMK{|8 z(SJuFAMY+*_;>W+^8elRY>0A-bOI*!8Ik^T)2?v_RV5gK6*$`mlYB~p&}GNdBUK~d zBg9!Y0W-Y%_7HK1B2*GE65$$KL#bd@H&GHIK=VICEfgdpf%Tw?y-^5hL;H9Wa4L6p zn54JaZe6m)YJo~!DHQ_au zxl@^lJTH?o@P_@*UuDM)u2!M~3+A21&u@@taU30*Snnvb@_J_te99>P<8T$@#|gf4 z*Nwa~cra<>ct#$QJGXzzu;7d5ICdmrV&}FdW%uL9vgcfj+N0) ziO){JVT!e+YaFwB-pf@qtkf=(zDG5rgm!OqzqIoFMe<1Tv4BnGAJn1oGD|B;;%o2) zz0ENwLbS*n=}oi8L|XKmd%uF3>wrVYs`h47Ak8~JkF6JgaTa{DFB3h6st`IrQp1;^ zQR-_ZLnD}a^Q`RMRL*_w&0n}vGfzJ@`*(43DV3wYQIEF*Pol({)dx^BAL16*d8LAz zddfCn8~GEamDWJ{=W+AFnO4ze)()H=INcHIfH+;a@FMi6{b**Yqv(~pb$@N&e)@^H zYhmCdy4h>$_$ztp6y~99-uI?IDm~+HKU@1Vv{fk&9oB&3RDZcP_YHZxcNu>C$RnB+ z>iRxnYc}Re0BQTu0^vZ+arMuYX75jBU=cwQUb92~J~!9F6t$MC%k>W}eMMXQJPnY) zN#R@D0?e=E>-EZ)b1Mnf4bM!}n(U!gJuDT0`-x!8FUz@w%u!5pD^`*yBCl==BrwcO}^~Ash?tefRq1ip}-lGJa%CA4AW997w{r~Ct?~AxcN6} z&atnEj2mgtDp4(#vco9_20jpmfd|5@&N)i~#W9r;Z$CRpg*V zV|P*rsuqo|wPa+fk7!vlO3JIy=oCu2{El;iayk@m>;Bfwq#33)b%8SRUTvKKUD4|P z>)F-AZat7O)bHSlp5=GUH%4~+iZu;%w@1=5I^)ky!^T67(Ya>)vWBW4`T5!F0B1Fo^-^1Q2brQ4&o7JHJgs<{wz)EKcD%!QxPws*d0XqiT)iL{ z*|P3DNIS{ZALjS>8ppmr#g#dbjLo<4mwjmvrU#xcx~mHbge32$B^wXOQ)^*a0>A4c zJ!e&9GN7@z%>{a1U=XQropOqEA<^fk$gSwBTXU9c1A5GRtf- ziQBANFv?|I1Vcav7}Que7ePMwexWt!FJ&;{2x5p~<+>Jp?A1_Rtpr>gk9oh`;C*mm zVby!*r$>l)9R7}RG0m1f_Icv|1%3#?)BNMw-CN=?1LyTA6EO=PD-6u?He;qoR3)dv z{a@I-95O*Ey3(QVToN0(3N_>ho_qKo-`$&YyPBD!AhhUiMwnN6xX(nHyf5yWRq%Z)3i7n`o-w(xEy0SjrpKyydh^ z!jX!3mS$70xu4&7Oh?H&9Y9x4goLqf8f;V@m-&&_Aad%AF+@fjvkTYddh$&a0bwEZ zF7nj>Tp7i+E99>j#2H*Zzd}JV^FMj=|HirhUrpVnCIp(6|4fI1;^sw4)_?sfD*ZQ2 z1{W>dMhOx_!xDdv_qdvLj!zgj=Z1p5p6a35@TewgD1cO$jeL{en)Itlb*=pgdOheF z4)LwX{;3yz4_r96*D%vFbzS1$0HFyrVa{T~$gg6<^kT(Zah#2iO=8z(oYg7M3Ltu8 zf!Lvf+k22*i!`NV>TFDu8p_Ji;AF{=9ezuH-q#PW9PMRS9}-n9 zreB%~HnW)TWzTsp7W!|TyIjE+Egp%8)M#fepj{V>$2aMv**$>RlK}C(1H3fVU1(RMjgSpW+ z0j=zSVjHW=1l(Y6fQ7(5SHQvvz&U?&MZaJgveWKxH=|siOmqkA9JLHncul{>s6b1QJDYR64>9yJcV{X{>cNcH_LbCb;%6PB!9=8M7m zVNz8S9j%3_4d2+X98aJ8n^&jcCR?S(CgVVqCqhKK@ft7upMAO}8YywNZk_Wcic3Wy zES2F7$_he9A`2Y4&x0AiF9m07TnW1SD-ZHv1q0I#pWlDS$vDy;w~55-YTT-Wn|RA) zCk!#q3^}8hbGo*Kj)QS5RY#2`o0LUiLWr|v*Ra3=*BHu?E<<0snVA zXvdzJ51x!tnZU~8t^l0V+N;k2h~im^q?75wzo;Q3YfUE;T&TtvbOSDM9y5hLmT}T= zJX6<%f3ht9ZvPL9$j$!+AzH7VT+?X^+5dFj)erwQ2@CBiSgG~Dut5>d2_^s!7+9Z) zFPXX29slpB#H7wlsfGHwy1>5;_&YN_Jq$))B4gTLhW`P1aF^>R9erz63lh`$(vAbM zrVx&oJE>#$k?=63A4d*1M&XhIN4lKsM{aS%QK+ON7uTbh!KgYmgZE&3JaPmcXHGm_ ze;u5vjy>IW^q%}mHInKu`l`~1op&fVa!c%la6aXS56DoVB3U7OoqR%A2cZc6I0vCMYkgF6bQxQTi_8Zh|6jnO_^3i`bP4VsaEWZ>u?Oa+104>e`R^RUev)U zUJV)Jc6T21Gk?Slg&Vp|tbR?qTJcMSolE3@d9e;t5o~vqt`Q?_VX^g7|{Koj!6XAmlGi|tww;FYC@PJue<+R0= zQ$*cggpE}hp90TfS>5rWt&jh&aEnSlg9NLhH(|ngCn~PiKcQm$2x5+a;H&sAnI_I#O=*VD7T0pf+atQVADuyS7NwvdaMUFl{%FU2J#6g* z=`^#iiwhySb>wEPLlmF99f-&AuD&fCL+Lb1W5>F;P!;nf@2C4N!2@SDn+};peS!kC zxhN3j!*uoJ(a92F15o}xoVc|$<#n_AwWHe&&cihenM~>nBfoYPlvE6B=N;oG z%C|Sf>(vSbwgWk!+KK5>67%=;AKd__I{GxITq)C`k3NGYUeVF%lU?B-m_umucgjA_ zoSaLuTq#C+`#Z&qm+Ydfct>AlvKcR|8$livQHM9a{cX8DE@?06)d7rL6E(3bjjNwS zNg5Y#H@-!b4-UI)47g3qs;3E)jvnnx{^+tSf0L+Tp2~zj?UDZd%quAONMng5-ZM+x z%nA1GoA|eH~Su%G%`I}CDu^2wW?dU};j`00Tx@bsm_pcI*!%%x0$9!dkUx5^cT?Dz(|QF zX3~5YI!-S5uQs#S?P}qMDcPA)hF<>EGg>+ls1O@fHZPxx7;gL6VWw>o64tB#)5bbS zx+rlstN(kI1BasVm0>Aj3d+a zYVV8O-ya@S^l$BXm?$JL$~g3o`WR#bN`;(EnUbHBnO>S7UKte2WY|?5uN&>dk+Dqt zVQ86pUJglln7W7iLZy$Hg~JX!DI!Y94O3nRO4aAuBP`SUx~?iLjhS9?jqa8F))3}EU+Z4CV`O=& zD0V?G*ZiJm!pW(sSy3Ic#P{bC@iOTx0#;-R7;PnjswI2rD44L$;LeEGf8tRQ=@ zQK!yHr}Q1|v%`my>Z_@))l2)ICZGC4&ZJQDb4hdD37^L*gk6$h{WTYbzs_ICrI9Yy zxxMh*F5W1w_!fU7F>a{WEcN=v5Q(|B)=#Xyuav>q2%}7%mvimwKlFtonqP(KVfr+I zY|}i;1aAL^Sl7uVvYhn8{4`YfBH2y|5*9UWW4Q?d(oNJFfE^}w`v`v|?y^Upv0bHF zoo^Q3rCFp#%(t$J%k$0sH|})5F4sZd@Lyo$;^zD$QrD|L6I|hBJAWP6*x&4I2l*yy z39|>P{(cd9eb!F-3fJOE?d6jk)M{SirdnMw8OHY&w&nC5^m$qh0G~taGb!yT6OzY1 z{^_coH3Hur@BSd~8y%B(G$aSo=C2PEe_Qru9;>#rv8&ZEw=zkqN=fm$D2lG~nzvHo zX^6G~u*QG*<2dCFljOC#Y+c^e7V?G@EFa7p)bDbRD*|68GOOuJr!s>PaYcN~Q9eJl zCJN!mF!R5=2+YXbvVe-vxAI-KzFtbnd2<5o)`lFjQt?<@PFfsC`hC5#4L3Vo=ynhC znBv;+i2yu6;e#k78<})y-ETr)hLv-VvUmRiI*Nlc!fFqa&4qq+!~GvS#8|lbrxdnd z!W8$Hw90++wk3en=z6U8jlbE`CqL~f_Ic-wKKF;WYOgcWlW>PMAX9t%PUpVj^^+%0j;)(ZjD^Ns;rgRuZ&5xVDiIDWjja`i;Ne z>k9+Bx_xKSU7>I1BIhN3pO!jF$9YRD>-?}^m(yeU&K!oX>4PL&(GIu)Q*t{w5DLIQ+F+g8u8T2$N1i5wz=cZQ zOyQJbvY+?I?;oCn9!b(Z7bS{8@DA<|j?T##yhlt~_Q1?5Q_*61hxcBl@dY-&<6>KQ zuP!Rl%X z;N3cho+(DmAN$}0ma_9c*Eg$oP^PW-#h2+rrX*N$mvzvOjlU#= zxv`eF_ylf@?}QlQ?{x1BAMX(EmF-lH_5-r46SiJ%C3Fo+g>8ge|2@SXbuEf*$Y*f* z1|*GDZF+y+)gTaQ$&POkCX0XvV`pDYO8`0#Rxtzb?PV2caiRca7vkn|BvzNbJr+{^ z1J~4;b$X`#%Bo1@sXvAXbeq-&1F*y;9>L=do$2L4GQsLN`7LcNxPbTB=VEL%Hmx0N z=yhZQr=)nOXg~OE%fG>Q&upp&*1z#EWRpeIKdr{1D8abnr|Ds(t%*FrCOIu}asHqt3F0{03o04f`z8F+KQhPS*G+fPz+Z{LCw_K*myJC5hJYNwW2e}grG0T`MoPdd-&f-yPNdN_ zFbXMk4!n-tl=_U;J+8 zR~z%C##~fMvbV9?#9-C)_TTc)YIU83Z19hUzW31i9_7z+S$^;kd?j#2XTUIY+sG|I z2oT!B%&f1M6EHKkpmE@oJq zPJtYHzvts#8fDauW>=b(jaH#KEfEb4ue(N|XeLVV3wcCxu;+P{X-e22rdU}c*t@>; z+RNLd2poY7xMDa>^%eZoJ!r`KEbae}tm>h(@>vjzlVJ}I$foka$<(qtp6#xDTS-eX$cr18VdtRifs}iWBBKgEs zzfpndNb%QYnIh+LtEWo*s=@b;o;l{`zNn1526cJ4Zf4{>n{8$C zjy1img13;G&5vyaT(V2*bGh)Z5>Rd&-H-6;xM_mG`l;%U1Xvsl2*#(4VaylTwo1&c z+K3yz#H~8QJE(WA?%r%|!@VCj1|c8s809x`y9K!v-Buz)El5CJzz7&+&ZFM4gc9ZD z8wSyWkn2-=G!5#Sa{js_~)CMDM(W=tZ{d1v^@!K)4`nPo0Q4Zz@5Z` zNMW9<`_|aNEHk-8rzLF%{Q)}CGcn#hyPnh!pLY_;6@NTr`T6)jpla0n8NF^o;)&SA zK}?586NgiIJyLA$aR0!#kIbywzXCcrA>Vqz`S~dOQ6jGxB`4HOFiEbei&!qa4TyrP%96myeE4S}Fwe^dBHF_?-aug63ehcU%8 z_tU$AW825Z0I_8PEydj2%ujo?^~@du4k?|WtDAF6J~samUEr`h+kCk9nTp~^;1c;Z zitl%q=-vP^J&m`SC|Y#GkN7EeZ_aB?>|A`U{D0hUOw5%t6Sv`lYc3AU|H-iZcWJo) zN2zmBZs~*%803z`TR*Uba1|&71h2! zIk`f3J0{NY;9uhJhYz`fmpOTlb5GiGt32y1(F-mAU;B6JrHD*F2RkME%}Mn*B| zEb@<6u2%Ho{@yKXC&$kHDHFddOlW~-E^WdiwkgFEmW3r$xQgego3>-Qf0`_nSg{X9 zVl}-!E3H9avnjHmY+V)Ck1>2D!ju?o1Fj1^S z|1QRF>;B`;#&^L_EBi8b4LU`*YgURCR;%IzQ(2Q{LRR(?nT-!>8$-i_)d#*>7~l)n z;|dv!FEZWzawz`p<1y$d{zXRKIlUN08#`1&w3_;Nm}HhD!z0cz9HYQwXw^q`++I6T z>5Uu0tz4*c9$V{I$8P@&B7+}=qE*zDdfUz_Euom$sz$>fbF4sGiN-(=yI)$aX(f}- zvU-X3Mwu@K2N=p+9kVX!2e*~Td4^5x)f5&==hetd)|D^1MSi;I9tM4mW&+}~{zMgj z3lJI{*k-r_948o8h&CQxRx@*m_PPCd zGpEF{x{fbPQn0XYvSzH58`CvJ`Vs?G*FEBHa~SL&J$GL#Ki^>Q3+?9`HyOli8BFEH z%Bj;!iVC9Njb7q)#cLwFT18BZL%-y5=LEe6Vb6^{r0s&JyrR;bnLTZjhi41TlT!|A zMy}YwMlXz&5sb?Dm?5NPVSYYJ*5v+PBgPXe%v0}U96FaPer03+f~4eQF`DRNspb^a z12V!h39jW^7HzjZ^*NOmHf1y!dV1yg?ulVCm!^+exlVX3h&-z6zfmblzK3WtvRn(? zu<*ee0Jq1VQ1dt-A`p6^{KGW%{8x#>rM^twTO1w zlhHZ7Krj73#YgSZB?0yaA9q`C5JI0stma;#u8r%F8PFXs*<;koP1P$y?C~c<3U2st zOWzE7nq2kqKQGSx+jZspcWa%->r@8@%gDmcN@elYXgGn)*gB8C^f*NT(es}t3e4OE zZo7#&%?$hW^=vn2){Yex#Utgvx=noCl1P)9YK1UY4G?|+Q00aoK4I%unaA{5>QjlR zqHe^GrY{yC#W|^qeT-aOh?5I1U@kNNaKWO{x1y?tOq-^xC5=mT3Pq*A z3{y{xaI0K9a5BrU!t=v($i)fMzsaKE8ufo0z?d&y*XiYA6dfr>g*#JHJfR{9Q$dmf zi2B~-jycx%$SHVuOA=_ST9a~0W+1loZd+E3W&Hv@Xujse_ptKjrvmHec|UEg4rLeU zBbuy23krG!A3L81Dz$Qt^AUA>Ie(-;p$*`}yN@q~V|1O)XotqeP>2!)Cfb~a9^xi{ z^1acOgoC?t`Skn$8OMp7vE`iL|1`PHYovl8)RSC?8QuYNfF3AUR@ccUTfddAUIO-O z{?uOA24qDi4~%ty1t*QMmK1K({8)Wk32=njxOFw|OOB?*ou27I!1`O!R$v2M4N}h? z^cov~Nalh9aEQkoSEgC&M*ca-_1qb()J|HFbA%Lm1d|uNhdgA3pBBM!r>jC-V8VeO zs0N6dLeItOyk9P@YdFl^v#6J_INhZOK~w5VQ^W6Nn*ACRvDywPZj|F)pLQA_#ZT`2 za>%zTG+2-7k*TPNc&v7|IL^AC|0p2s-4H6LI=sJ^-6Z+s`dK4aALSD*a8O3-)%`0a z!ycXQ#dJo(OS!LcJAv>tX~zuyygWp~akE*(t_VcnvsOZCiIin}eSb{QL%Y#LI%1Ba9NedG(QEKIv$g zynWEUq8`B2`Tnwla1G?9mlJLs>^f?X?E-nB@da z><}YEwt)&NJAfwJwR2qs>mB}EMEws%`eNa-=-*~tdCnR4!N{n<^d3I43vh>02Z zL(5Yv^X#HJWv)2MCs&i{@;JB<(Q8T|@*}N1afgG}aF-nnm{bFXHz9@y7_w*%SJ0Nw zA;--GkyB9%F7oSJh8sopp?o7dQeFw9XhE)1PLgu1wWu!Fk4rq8NVzmX)6mg*0PO4b zJV79GEPmJzi>F| zV;0nfs2J`5HmOxc(Ip$cNlhugEs1sG7JR9BM7_b5P!bpk@{<<-v7B0;16(X%%d7jm zh>b8lwZ_WzgnBQDiH($dxhcxlPx*sXb?*(8sBYVnY!&T{Uj-AlKR*bE7O|d~@(FMy#Dk4TrGx>iMUapIn&n_^45OM7o|;49#oQajsX`lp;%a+UHh- zU?vf)w^IyoYe|5Kg)7nY^=p=j!L4*xPrgf*?JuansAj9hdUv90hbzf}cJt+Mt2JE9 z5Q94+;O&jibO(8~I`(f@E&#^vI|m7y7syciFSD9VFek9?FX#u_wk3JjHr@%?FfmRX zL<|F$0r_Dmj4BNb;!F%dZ>y$xe$s!VyS5n)X7ykt1MMh5>O|shnuEt$YeYyyXY&P9KyEig!^s7}sZpi&?*UIe4$B!)%su;Vkkm%wNJ|vMp75>2S zNUD(VXI-xs%^yq}-Lvk-NN8i(GINppO{aGuRr4YI16b?P4^edaP42-F4dnQ?#d!Q| zEs11FDoNI|zWHI2)B$F>Ne|A@2{UJ|%55=>J$FdEK9S{~)p)~c4-%~EjS!K{wVrc=lkVy) zVD1eJvRmeZcD$BFSbpVWDNiK0A+$!_#j%XGxXT$kX_u`*Ob z9rv{#h-&5q;r|Bq|AF?;D@qVe_r2`xo38ts3 zKW^{-y_lg5yK7fh!;(~)^N1aqDakWBICLxC?P5j$sjg_4+^zkshLu1+^THgRG9nX~ zEl~N-jLM(l2CON}pry$rg>KQ=oabf&v7F zZ_^%yqS-koL~LJBWBxNYtXNdS-* zj{su(q`_3!B%d=F%6j%J8V6dh1JiDRL84_viq!usqD@N`Faq`ziy?WF5QG8q|5FTv z5WQ+G_wKW70{|Yd>F*=6uiQ5DC^EVj#9OKE$^~i;l7Ddo?dXhz_-kcWSsi#?vO7}A ze*ZA*5|M*hPnl=ZO>BsD*mL1VkUQqqkl^W{T}m-?;FP!=Iq^M0}v&R7Kpi?kvWe5>D4hVbc*(9Xw%Djw9`ycFd*p5mA*_v*?fBRO2H1XA`PI>R-b}sQsV~-w}-%|Ccj?`J7 z=m)W9 z*Pbo%=a0}F?R#s~|A{R^7%zx+(>L7wj}Y_!s((_tz=?Y$e?L}9maK^XpxJwn!q>@0 zE-!!WJeMC54Yt;Lxw7CG&pJqiqOAU|rq)4|FtD)yPuRdKef)^@!yf8Pa3~qj?Rr3M zg1Y47nfaynL%q+Bzt}|rrUGC~+Up^t%g?5N+ie=Vu)~ObF4MdRS({@-J*rI`Gqff0 zZTa92utk1j=`aS|iH`0f>c#ZIqbZ1_bu~2U44+XM)PVxy2--66VgX0ez)(H=3R+uG~%BKZWk+Rd1h8Fiq1yEjo-^i1fSI|WAqk`$R;pw~L z@vCTBir07F=lEts&NHa>CE&7?8zlS}V`FjUknW2t z;REaXVyrIl_72e3%^@l^%RgXSa?R{>-!_j0TXMThAC{w<)khG2)HP@lxc%nxrWHod zn4-^z{Za3xoXGZJ57xXe>>xIqe-wT_8?G5J2g)R@hRi*G`>KUg?0~Q&tMCEcHIT-< zOPhP30E1T}c|fEaM`DkH1rDW3$WGRpfO`uEEAJ8uPCJK%V~0V&Fy^zTapq$Aa4B`^$1c5eh!v6?V1qKZ zpHustX!=~`r|O0)({-#YF})G9ZWy4iU`O~Ap6w4HL~A@9Qpj``Ycd*Sp7B|&<3|mP zB`mcgYPQbNz~>jQ%uH196loQ?&;aT%pVVrqpW!Gyq|6O=!E?6a_l63{ykDborVLW%We7oe|h>2 zBjTxeX!G~Khv7R(j%Ah*3W{H;He_PnR!Ju2H)c7?OzZU4?Mjm{AG`U{Ng8{iG_9f> za)`Z}T)rb$IqUw?HQx+Ja+Sv&Fa0FotBOk;Njpo?8PCQd8iR_e6W!8c<3-JVImrbg zh67-!B%w##!6Qn}*L_%LjWSlxxJ%PQQz#2m%5u4pzDJKXjaf|j*~xi^zW*@x9`iQ| zDdp^S{h{x)GR2-Uvn0fgr^l5)?4e8Xa(V3hYAxb!pF@Umk?i4|d!zRaES3 z7s627PgkagEEeXH(A7~*o}$$Uq05YLGYZiI087{I@*j3pPdl@??vv?wFf?hMm9LXn zBmhn@Sa&nP#`HtHcjC^7cGKs%2^DN);|vd!Blt|eJ_X9bKEI5sov6|yBc;Y0%Csi> zLcMAI1!cM5@nF_Fu)FE3#lxZ;2^E43+R^&$sg~kF5TIBw&YudOTOLaLQ=B~@VT%eN z(Gon@zTL=OS3_?#HuLI~V^Xf0zN)^oBBIG1rCZvVQZTA1)4PzV{G@cBj%xzA9PZ#U zPq!uBUGMpVS=!$BgCXU|r;1F#gQRt#ASGjDk;*E){t(3`-Guj#wuuBg?+<@u7klGX z?r;^=v>Kka(j}0Yx1puGs*Y+Jf;QK2-!s`5K4-#xKuFG~EnCmJ-0 zZIu=!FzCz95iC@xB?T~mYJ!^PSNJ1x#1A&81Z?5cTuI6>h-q(J5T{GF!^gM}vVZ}! z#^{HS8}Gh+-WfA)R-mMC0Z>z0ls1~Oe4vkQlHIa$*Lu01xUzDiy5aH;_MKfX?DgD{ z-*r}Na8y5i>Bd!uS7{aTvhK~=`{F!DdHx13?;cZ6UU?PJ3XDNRnC9(6>a~-)lLj9S zd|EU$?wS(MgnhpHC4#v;s=`l1C$(geB_%p`M9pbS)h{|s#1Ry7_9bFatR1)e+%HVa z=wTWC>bS>+-ZjEOO{f9TbNlP>U2A2G;!q2f4Ocfpa6$u@|7oua3EAbeRcLSTL7QBD zJIcykuDpF6nSvS*PX_Qhg3@npMbkNq?t%eGv6sYm%YBf3vhN`l%)^IK_NjY)I~^A_ z-mTo4-bk;V;$nXAY2nL3JG#f&>z|?MDN&|@Zb3I>4RdRFL=|&W_pRKO8x-n+j=_1a zHCH|^jP%JQ1s|Z)Ch7cZ>XkT+q~s^wKfkIwV(EKp5C6`G zHMJa454*l$N-B5v6H=`)zk=x5^E&#ItmOcw=;>;Y$>`9i0{Xmj!T5G*%rjqAZ-DsX2`QXSoy%g}9p`BOim~k?Z zw#jmic$BzKgZ>IjKN~6_@FLxwv=X-7oSk6A&_uN$Ktb}{#!@>wKgv-AiPoT@+d7&j zn?P#)xe4&+rScA<)tr1f3yQUk^X5iS5%e#hZ}g#)qhiz^&Eg7qsns3KnzZKOX%>s7 zIc9MDtXO@pShM^p)#5Q5xt6ZjEP|I?wI3xZd;pv9@qNS~<~-5x*yBsC!p4GI#n`6V z`V*wH1c3Rsiwk?(k!GR%eX;)9{8<3a25{b<9J~H>C2bsnE=Z>4e|6W8j_J#>; zwbx`(!550<@yU_KysO3OY=pP?W$FB&G zmNPPyPWJebTu1qj3>U+a-4M7l1emnGx)EM(t?SX%t-Y?J4C_LHErBTwy@0 z-bB-kv05m&l3tBsBm_v3rdx68_DeqgP-aXPLl4***NhdK4Bbh(XLELP_?zrhqF7l} z?J};pf2io7oZ9K@!|}R^5bi|cD3?JE=4e;T*w1w`&8BlS6cMeKgYP~sQ1TkA><=O* zwiu|E6^GwhlY4+xSLcwnb?VG=eDN`fAlk-h3i5B=0(imv0yY;bT5oZ4(zkQO(2<4l z_#vLyJKZ;3JicFhd{ZtTik;#oOS)8)Q!KV5Sd9IHB^`qdXMG(;aLgNj%GW~i?XV+h z@ntBkt%Op4Sa9rXg?BJnFc&3f9nS^z78*;sdt(1{`mvHDE`0wbqx9QhdWvbfT_rKC z0!@$4WS%@d^F&~21pzcr3X$~}Yucxlekx|N^Hb6(|LsF1&1qt^qqlMY^30;-!MJn7 z+Hi9ni%+AaS+;mrk|)(8X`KMC>93@Knz5ppyqDDLVfl#c-GPouI07lZ+r(M0Yw93& z+n5;CHJk>nOyAouI8mO2loC3)z%2ejH?W85y6T*TPhkcw#QXu$(?y^3ouR6r&H=r~ z^2`fe5Bb1tqg=vN9&rrZQ z&i1_%y-CGH3ajNtoAbH$El#opSFNc%{+0Vc^!W{+T=g!^aH$6Zz2qXIIs88{e22{j zsxFdM=n7TiL3=W$^!k{YGda@{78$JLCm4-qcQ$emRIHY=mM6CPaYCz}uU<=6saz>F zoY6%L-xT@UcQEc4&r7^5S{Cj$EDaB%81 zeDgfjmqbAFZ=Ko$V4Aj_GM_Q0d~15!gt&K5!ifo`ZZGK+OXl9(-?{Px5~PSIt03H= z0AOTJPml{_$Iiku(VGc&twO-RPw#Z$ga;xH*@2v0XkOjLDRPSG?`_4Ff`-Ds3x`;k zpp;U!sNSE>)_qZfN~oGhj;`H?guW%P?XTtHU$n&UD=?l1V$ZiFbi+arH;#6Xbwp=& zdTW9qIaIl$HuI5{{acN{g3EuJX!EO0*nPVCG~Dndh1$C@CynOSdqS!=M@Lf);`++8 zoW+zlNe{OzypeT31y9C{?87D*5pcPwrSfqEzT|rEaCYlS8 zPteRDjpUkvero<(Zf*T=A=99(ZeZYtd6lGim_@JN{E0-=Gd&anV0efQrRoB?uB*19 z?UE|R$iISpQB9e)D`Zu`yl=oX%F%TnZ75bopB6Z>O8<&ntmm5cP4{i*7_XX>afzfv`6R;e+64c6bkcbh zb%LXVabK;>LeA%unzq|o3u;eZu0OT3`N@5@+^jUtVXP**i<}x?mgjpuHL$ZJ{6Kzw-D?U~1L{)zM zUSCKngF`^PKj|Z~i`kPPaR>2WpfuQpTzGw5uz&qPrxzlL<qjAl=v~ zGnQd9yb?1~zcC*l535CX5kRMnuufNm7=f^K@xI;67vvSc(bS>(*LtbV`8zbw+`1c~ z_7>KO$DYBI6d|>AWIdWg=Io1-5tIX}TnJ&+yxjXdXhfn4scD%iC+LM!p1RH~70u3p z|5#%F*xRn7T$q7eKdzMx)s8y-lJzb)eE2=(!v;Atlgs@CRd|6NY|KvrG~ji#4)@C+^@vOf(_7(qxNn#JjsXhCcnyqdtv7y_YRLnCBWG zBi1|mH%1&GcQe;TwSVP8Ase{7IB>)2?SUhP0dh4$&QN2=9mF$DEaWwr5Z80dsYq6h z6&bS{EMF0UkXwU-jLQ1;<-rku{)j;PtY(ip-Lv%*lb#NFXn#o{RnK7}M7b>Pne3p3 zPd}pAT5FMp3PVzQlCA!``_`E|;T;v#OdBQ^);Lzs`TmsC(bXFPQ|`YD6E2|^R$M&u z7Ar0g1p4=CzDg_j!E&Lft*!pHnH%$%_bK^T+!7!04AENJP>JUfw7~r|zCI&2uY$XU z^p>~uKa`1nG3=t9v`dlljr^b-jQ`plQl%Y!?I2MeP1qphSAlOwjrR+i7gq)LPMkl>XA z{SA#ihX78QhunujFV|{<61amM8}-CJ6qZJA?4tSKBjWc7uK}w-gDh}OvYtODE9H^g zMs;(H_Y@=X4)A3R-K0lw4|m@=P}T@OSTbO=WChwkH!8H1VgVi(fz-ch@nb(4J-}M% zbbH;N5AI~E=r<7<6+yhTya~_(P?sX-{J!rV? zRCw6a8va;!am=iDCwxXk+@v1%bmbf=;?2(0;l|;B?wR7K*P{zGl}^Jl`1DdyRaaJC z9jgwN2EoFK)k9Yk{y_1D6WivotP5P>r3Xz~hbKbb@?S~AIy_DB=(b6o+S$5%NfW!I6E z4EuuAxI?17>f*x+z-Rp4+&khn9c0`lIMWRN4klf%RWG4n&Iq1GQ|=%zLr-uN9nd7!Vtwioy;o2Tb*-P%&i=K)YMuq z*)bbzeYi;xC|4boNCHb~oK3&*AKLtZ|@w$FVbEH->}jP3JEfo)3ig5k~nLW^B!>enXcMXuIKcEK6&w-iPzAv)zBFZm1AHjOvi_-=FW zqiujU$OKbs?Z}FUMx5GwzEdyOC4eU65kiEqR3l?ara@!P5Js|-VT@%E&mH}K&+~h|o?g%W>%Pu*&pG$p zbHA_e_wzo=Qj664*Cw<9OOx>%3iUThd-iCY!Y8Ye=YZ{5{|u!|%zP^M2OAm)(lUc& z*kUm3N`Ags$=oGCgNm|{RMX6d)!g2cU}gi3W_K5sfu8HbR0Ccnds1DMRh(IR=|cJ~ z&As}O4S;9N0rScFVaZ9}r^(wAFJ-l?ywX+mZD3dvf6KPYxT}CaDr`D|KN89VR0r0MbwnQ=WMnmTk^# zgUq`i#ocu9h3%!r8m71IXJFdVr%%ftl5d`}32Xv1xYb5?2TxD>i3&BLbENrR064#< zzDZzfz)yD6EYo97juqpz^6u+!X%Cf@vH*Mn`!HF!S;q$oZ4<|1<$V%wDBkuPUW~r& zAcw8&6rEM}%s3k!U{TlSkMo_F_upffargfk#}>~3U?2xNsx*^sx7JD(TX8)*GfGl{ z&Vl059Hnag6b~NY|J`30GPln&p6~IDKCjQE#JNX2!`mdLJQ>uu=*DTkuU4uI@bncM z`NCCiwVt)OFwjNTu)n)?##lv_B2{YNKf+??F|=~e@#B8^c7w-ef)fL4@zKN0U-CXa zavDWF&L!y^<%t`#JTA$SD;|1f)jpu`Yqk$Zg9(`bu#(Kl1CjUG#eayI5TL)MNI1d& zJy+##L8mdEw{E1!O|+^soa zt05yfd!48~+;{UD_SnB*H}ViFVw=G3&6N7IylRu4i8cfziw6*Ub7L8m%dKX7y)o8h z519@SV}~o>N@Wq@l3`X@P`PzE(lFtNb$srxY%X@k3Q+;hPJ^yJB;>0^G?=W&439x- zf$fnBfxXFP9u5!`tKP%oK@&V+m`e*#p<)vL*2e_k6%j=lA{kpq z-Zl}Jb%X!ItNaFGVJ20yJjZOp&1PB?Hr*v54MF!8wP?}>j{PPf%LKUJ06gS;4b0DB zvi67nh^+{^&$1u6o;*>Rj?3w|Ame3!dB?Qg>qybNN{o#^bzYjij^7%kF|wVPpwyF! zY7k+Bp?lJT=LRcZQV$k&202?Sx?0WhL0a099obLqUC}ylVDejVNRHTCuJ9CrY(wwCSP>urGdjpZJ12kc*4EF#TA?ob-3>*v zeKj_8x}L6EsX(y$r{LQ+oyG&_m30HJ;CHJC$?{<=e#hNJPay?zd|r5Gp@M*Jpp#S< z!h-BG+yc>-y6}U(FSh-N7qCJ{6O|c=c|?g&GcA z(+b^Tq};u!fo2n8!o>#h2}*iU`mpaf4SDwRsC;s-A-{OA0vW?f^K%wnZ27QyJ=rFK z-ecpYwV`E1(lJ93RbSL3qx57I5Q(RLIwTM&7L3o6*Ah`+ts&Q~{qaP1v%0l-Fn*Iu zLdZSq3xrHf2}(c(g_fGxLq<7MUA*s4lp-i)GH%jK8c-yvK>%Z+b1x+c-_-_B`w<^Q zZ-J&LNSobSDDL%K9z<*r{kk+!7)7030o~QA;9di9tftjyGJfojs{KcJ7~w?fl1;;5 zMNkZL@dx}7Hn7?%G;(tTvNeS53xeU3e3xxQCh0aR2kr1#fwLo?%KW-cJR-%uJ1P?T z6Bmnm9rAvhlzh?aSQt?K(`3@iuOVS<{-NDWicUFHKzB>!;l8LZs2ay(+_hBikZ7l) zwsn`A`lH%RWLFDJ;4JSA?iB5}*6f-~S%NDQ=Tk+rH!p%QiuZ8pn+_U5qM9~!ikn&f z4Au`S6tJLO334otvjG%fx0I1*Q@vrWjPI3j+zQ)SKNs?l&S=*mh;;a5N@u&L&|h&? zV2G?myA|pLy`>JUUzgy0?}`8v>fXn|7!H?6V2^5qNGq`1aVya#wnMu;C`hYVY6;#5 zs*|2a4BY@R4(G!#tUl%=1%bFvhlH~(z2h(qcxE`zRED7R7SX-OuN>-cRld+YOVU%2 ztadzh_D|W8&&ky9SGeFTtJNJ0lQ5C`Nq@`BADz>v*qN$@+0o;*_jW425~Uo=G+cC7 zStay0s#2YOYMXct)R3tMeZ4G(YmTo?_w~N>S4^sWEV|*HK%7-geT0;9m1KL9X?`C@ z!w!3?1!1N7EB(du9t^g2YZ9b&NrIgm#AoPK&m3_X)l~N;ib5MDDw{BSx4r4NrP3|OM~%>YU-9Z~41UGfa-C!$7Hud4lIO+P2^0^)Q1<+`ncO> z$FLr(%R5NzKub$dICGm8pKF@yZQEab{!`v}zfHQgmXP{*?gHT3xCkaR(Haaynm4#q zuM215i)rx7Ftq&Qj?k$TQ!79BjSTZ%8!dsM^*1jMyne4mp00ad?oo7Wd0UXa!5*14)a>lpm83aOI zHk^zyGh4BhGU3=Z2?tAVtKsV6xeN%t0;v4=pz-)Q&QP)vy*z4ouWAh%N8{T-OQH8PFZF*ldI~JH9p^Srv+;%om|@9 z)B!hCOci&XS$q(@_O``Ouj|7%uWRQwJQ;u9fjN(Oxz9UUi+nV+hMOis-x+GxeR-a= zAomnmpCjd1nqiZm6g&LkTm-^bHs%Cwl?dUUI-XIIa8h^O!aRIwdVi1ij;m0PDLPIv z{OYe41H;+Xx*=(yQTHpQpRieU9jlRq#Gwj9Ox7>PIQI>X&gnBI4%xWaAH+l$NuoCh0eaOE!v% z9=$#O+9$~0au=?0qFFQWdfi5qqT?4!T+?y9-fmB@x`t}F@od*}jP#vt&HR&VH`WKq z)GV}^VGr-6(h*RON|0FuseMk?HkuYiXl+2mchdFMcKx2DNvo- zBPEBcJGMH)ZYR3QwP!EGzgLZg?hhWPx^|?jo1yZi`SgXYKhxX;WX@(A#aoL3l6Ke9 z0^nE)gsxpVERXX@kO6*3T*rD~{3AfJyUSMP)iQ(37y&r2jR-#J$gOn^k6 zjO^>gvsf@c2Z3cQoNe>2Y$V*0uSS2Ya6%^W4jV-d;e2DD>E&N#n8phib1edwRKZKn z`%@H<9MjyG{MO_{aQ%nPl9Dep2atx$a`Npz)J#tdug330AZGKq!(d!M1QrB3XJUD_ I+{h*R-=suB*8l(j literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-custom-assignments.png b/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-custom-assignments.png new file mode 100644 index 0000000000000000000000000000000000000000..c37d55910d2fd0e3ed0e695bcc7def75d90475c5 GIT binary patch literal 29021 zcmaI72UJsA6fKG(A}XNLu2d^rKtPcqH8w0D9i$gUIwADXgIEw1P!W(4dJjbiBtQre zQBWX+9v~z^ks2UCNJ2~U<9+Y_KgN6Gzl@P_a`xHTXVO)E-?&UzJ)!mysbpz5%+?zw*H%xEv@HC_y+keEzy%z|& z=Mc)nBh>Zxd!PqY`GkijX!HK<8#a-yt3&~J(K!}p!@NfG-$M5c6PxQILVSmALX=dF z*pD9iQ*FCl#rF)zQj}c>t)^@>PMo6p@jV|uI(Ag{-K)YQO%I)Jo|t>^$Ksud#+gFr zHqJsebP`Hjk9pEO9K02haadPx;4#k87dBa4>|9++v{%z=W^T(q_kVQ&_}7!=@Cpe%0`FTj_7l#b_$dX ze_Gy*G}+78OJ~wc(<$J_&2Hp~i}$DRbizli5{>B5K5fG@8Y( zl_RgKK!-}-r`zFyZnmYh*fyBAPSJgX)%fvyfB~IJ7lvV!-X&p!j|8O`WB^dO#1FXdNy=%Lj<9z=uY|zakO#h5|w4@hk z_L~88Eb(?zK3eA4Je+D-U8^UxIQnwUPkQdKCgOXUQdOW{%?F~@ourYEbMujbZTtSc z6Tn^~y%47v*eD>n9Ib3hdy;d)eEf%y7l$rKVP9kZ?cb`d2tD}Y=I)6v^Uq`oTKom3 znl05p0fit2wT?Ow7JLl4EIwArTi|bABJY>+z#=qOwPw$59~|B>wb_>5=MT!O%?e^EHy{QVd2ilg*_pA zQU~LcD-yo)3(;QddSyX+#SedPWQAe5AlC^jQrhvU_v&ubwp~2C3ap(caw<`{5;<6D94zRvdr#AG zQ0WH<@c5XHp1swt4)X!~+I)_B=c|+Y6{c;EH~r@7kUA0j?|v#*lqpWo`(5`Il-`De zj*`K+pXETMAa!91+wPfM|F`cbwWMbYK2|u$eK673otHZ$j_aLFkO7FifnF|bl++G5 zvpVf6U-$ztjR5bGyJSe4*NaX zBsaQ@u`4np_4o=XBfO-Re^3GW*9pzGG4&?dwcg$$aU-xE{Q^cx$+L^SUVzn{clS$oUt!XZw_J;i0Pb_P-E9m*X5{Mor}NAvEoM$_I0+ zJ@NUnb?XYg3lnku+AVpw_;mc^3Iv&7S zohlh->1{RQ(E--HE}p!n38!YM)#cB2!!Qz~hq7?K;%r`owfQ$j{tUu}5Z!6^Iin(Z zHC4PU9x-a~dg4*>7k4I%l_TSK^P0GE22G^C&pt@{E#!fzY3tJ0nVBmP_mh$ZBCj)R z(=))edUJ40bD89G)W!>IuZ%=_ZapUw=8L=~{QGBI&EE9acW4g^Jnk5x>$A4I4-EKc zXaj~+I2t3iKzs;9r-lo_Z@iN6_UP$;-j|pcE3&l$S2nY2dM5vmuFixQ7V$f>ukJ^*adSWAq!_wZ zFr+`!tL$0MEL1!G{OsGAGds_pch5G_noBioU2CZ5jpqzs8ChNtgZvAy7xn$CA&mDs zJQo^4(ykKC$7WMdiX-%Xkug3jCBiGQlAPsxLvd`Sa>Ibsl6&+;H+8!X+v02Um|V+U zy$P441|P(22v&r5%MD(DS#~|!t-ya@X>N9${0t0wYXXnh^`aScsB3Tgj$66RMVL5U zbeX8TQF&3mO|0jnB~BhLtIu3TF>VL?Kg;_>94-CpXTP`@u1#hmxLywal+T-V)XZSo z47}t)KaLghs`xjsY~`<`>$;QNfY?|Lu{*BkpS`MX%lPNf1|xXFH$7=@{-m%BpmI7+ zP*0^%`@B=+L0+cgN-;1cIp=_i{lX(6$LId!xP-_LQNo7Gyne`-((j40MWI_VJ^$|D zwXl>yrQi9s^Bv!G?YQmR4O~lEXfbJ++)(FbS9oM}_m#Fqi~Z;4tE!6&%MD?8B91%3 zcuN1TE2#RjVT0>khl0E;XjO`WK3xAxO>~;*7d(NJd;tnI@R3w?aCpI|MFT-tr1ZI{{y|$ zG^GL9*F=Aw_^%u8X)64~02rH?gu2dNbjt5t%CK`CdMPONIMWuiYXfF`q1T+HU@QNW zHOnm@4>j}FZ*a^L+3=J1>=l30EbIn!jMiL=71s<9eYy0BwaQhP;uyLh zdFny^^1xM9yhm?DN@%iS_vtp;*doyCV%hFa`n^)!_lz|nMFaN{Z!Cfds1GdI zZkQqun<2GA;nEwMX|+kR(f90J!ZXy>)u;1rPxw#PRj3A34gacWjj|jMupNO&kAs#c z=!a#7OVU8YyCj({3k8(xP>e?((|7Rs_-%+1gH74+hChl8`c@+ZOFJHabk3S?s;HjQ$eGbu-&g>C$V0aNL0>%OzCh^ zDIqsrVcEMfH{QDCUWd}n02X-&?uD_(*lH~f#XIco90l8IFFJ%KY{qlG)q#q1Dq_Y+ zI{chQC+Axq^dy|-F=-prM-I*4lsQEX+CX+JWlyNEMx_1WKM>g4tc9{gb%?Ra)v8lF zJ?g}$1!xWc(m~7Wx1Zava&+VkC%9AtR#R=`?IF7hmf`-E%sTB)La<0X-f$oB0oWq? z{uUZ`j2f&?T>^ntOVJ|4E$HFhomonF&(s7#4p6nS@XNleZAgSP1wLoQ3|B1Ga>P;wj8^!pt#AyeOk zn+NU0V*oLEGQ0j$Cs`|3(gC3`oqSMS#3ZHRr+&DRtI1XjoKSZcFA_&&)34E=r$z;k zMqc573!zQaDQh|&vP+Fxp*1pfw+-6}lg#g}3q#B^<1rwbG8o-J`IibmMU5xyza}9U zXIB{+cR>`lG~IHr;mLx@-q`r+kT_d&HtyCP^40L!I-CZkouaPD*qL1I!yta(Ty+Xw zgv67SjWgKUEt`JCmd9wVmz!FCaZ{RYZbQ%@7-o< zs}vm{BS%Nu&4d5!Pa31V^15B%#!SOD#dh@lV?C}VwwM?v6A&`IZRa$S!cgua+^*QB z@8GIdc2uNea?JFwrg2>hKD3_Qy5JSxIQpVIIBuk5Sudi<>7kY_-T5)d+b{;n>2DW? zYm)Uk?r#j}g^(+0sZ;g!I@+i}H}s~6cxp;@{bp4=bG(YIM;+;Y3BX*TDeH3X#?7rE zj$vbFGqa*N#eK0o$3gxh@&;3Qy;RP2@Nz>z(n#HqTk}l-C2$jsyVLG}@%_DKXyP$; zW_Ir(-2sN!ACPm~eKIMo{2_bypv+}oGq{z@mh<*gU93LOe%O*gPGDdCRpCsIeSNoo z?lr<;d>5xsEp{!A)#N~NpPaC!Pp=R=Ag@GB7;^hrZt*(5AnU8mVH(1^WEWPl>;@q0 zQ&PsBM8#6hG4s?G(l$OmKb|yA=mukv%@%jEfhE)tLn0$hM59MVZ=DhvZrks%&GfJC zi6=UeP5ldFdU6`22#W=5x_@q4_+9zEtUv1^TQMG_H{vRf$3<8Uui6!^EC=_cj>Rkk z>=eQSi>Yh6g;_-AHByvI_^&FZskjSGXwMmC;l+b-ak>~-yJ;z-n*Y=9b!T%>;6uth`3+0>VWF$@CO+Z1)}blBL|}8LKgmaU{0eEucGbDqI?SPXK?V)nXFXhA zkQvUSTyms#WXY@K?b(HEQyW@`RnrmRjx>!Ow}%+SK_(l!{q({2)*~$ms_m=iSWUD%_sL%Wt!dM==XGc2uc)sL z0)+dAz+*1VI*pw)7f(bA#Pq_cs?2nnaLs+!m&p7`-QoiMHZwtm?U4x9MH_b28pOa9 z!!Zl>Y>BdSjmf-IORC^20uFc0N#vJXMxa6I?%DA8+u!9TR}IHZU~!&U^AYecgW_3H z6H*mU8Q7bgQlAf*NHs&kqRp3Nj_U zpnY$~Jb5MS!RvU?W9Y4OimnDdn+7Us8KJI>{aZ|YAl@FcNI}=TzGjl_=A&ovmK!my z8O+)MG-B+r%{Q&Ni{vZNu*S8Pab*6tC>z$U;aF`4*%Voq+-&+JB)-lmuR3oK7rqsK zF(f{@^tItJTb9GIif<5k^^Y{@S~T+7wVz)Sv)IL|GU^{A;_oiW$zN8Fl5%Ayy>1IT zLgrsMJK}ct?Y^KIMQ%4$;CX+@om7Y2Bv;Z*h8V>K9_~Z9Z52hI`~!&aiF&%mN#5E! z4Sr6p@5#qkV%kMxG5wkm5ahM66kqaA>JwS^YJ?QtgnUJKwMds$WxR0e{7$cy{=O8e z4CUl)v;efeiO(%kuGhc^&7B~3NZIVK{mc4#=wlJust~AWZ~yML@-xqq1l2(k$VP^d+pX4~b?6(o>_X1H z3s$w|78WAC>v#3VK;gF`FJay4e{S6TnL4fq+{CKU3!o zvnikhtk$PjUoJVkli=D!?aX224DDzz)k25xVpO#GR&*b%q?#IK@P!baKy=r>*+<;=VPORB4Aof`$ z(DJCu>>c!enyO?-g--oxHNQ@QV_U!9F0#H>`7NA+1~|NrpPmzihV&{fZ_cVl|0085 z0%GQ%;AxL+KpF?`XPpgp6s;Scou_#KZfO|=0{E{WlsUUV8O*3I zvyF|Dg-`Fl9srPl={}LQNL-2~o<^2kP>*BpEcD`V_(|`AS`#(2#=O=Q>&0zT zdKcTbEoQ?NXuqEv^~vCT?8>XqEw!Er0Gn=-7ZlJkgV%*15GnKPT{4HsTWAJ zkiN%bQr@k_jbl#XzjCabb;F?EzF|>>yB}?7-fhLA8~J%6?BmxwJLW80HHn-Mz_DO1 zX1Hg|&i-*(m>K<$uU>RP0EU!RFf)7X~isRwb=D#obF1n%r8b#JNT-0JD^X(ef^uVNG7` z+po1m^F>XoeXBaLTvv2pwGP*XJ};5{`1QQd-TJ7OJfbJMuneZ~0mYiLu>IJ996 zxD_4dF#R7I$TqtS$W66>k$izBhXU*Dm}-{xJz_0Rx|q>ARB|~h5vJ5r@sYzk|7|5j_^+^7&s=CS4HFzl#)5yIVj#i`B+l zFF^{IzouGWgVv;~2>I92-lgxeQq1N7W=B(pt3Tzh)?@D&u&uYS#j%DF6-x)I^^1f`)F>1Te3`F?5{3eX=DE|x3s0`M;%0k zTVVF^sKGTCK+rgMyl)sRx-qR@a1q~6Ol-!>x2|<^#BKL&)^4Y}shq)ut@ug*ST0J8 zA=(Kp70U^--?tr4rp>s`g(jQLW!Q$1*m11BwRi}3cd)v97+XM%2M^ia(%6McZ1s4z z`Md&LuMMbP-(@M@l8L#5pJMj*sZsZd6rl_~r`@$|2od8v6g@fnJRO2s4CjP|y$08E z{jio*_L_Hw>AV8!>;4LbYq7D0mK6o{WB26+*^9?((E}1EZjV`#q8Z`dzFQ~)G&*nV z-gakkdsE1q@q*lLAhGTHB{empd~<77C4{$%cDfB_v;sVbW9qYhou|fXFY(b5PN7XB z37cypu5o0Pmo@IHM1Ffd9&)>fUGTR?+=ApTzzYW7H$w*Xo^{dl!fxdp_S|C%l;2*4x2tnP7$SGK ztg_^)(qrCsQulB87yJ;)Aoy!+IB&OI)vHR{ajSTM)K|I~sybBF-uQZefT@S*>?Jqv zcIiDM#!UU(C#{ok0fMXQ#6vT;&c}mnwQOTqGw4BAn*ynv(-xfLW)3Nf+xRZgG|CgyzRw(! z+)hP34%abpbH;yjIq>nydF6+Nje7S_qNQzq9X~)_<)y61^rH-+{hsLjhNigb&(frh~Y8&q3c=-f# z{Y#sXW7Ap!>LDhW8@sq}S~XtSefTmmJHhLPKmbE#_oj+eh5ypL`Bv_Cs!o*_I?{u8 zp_8>mkZ9F;l;qlODY)_s?_pgFcReeQQ#vD*hXNWI#3 z0*M+KeCa^-|B;M?k5yEq&-ztf#TnQw=q?@iW%{W^{|*#fp0-*@$*!%vQt(XJmu+p{ z8*@8$>8H1t%&jOPQG;sbsff`+6sH_%IIRqg$kZ9g)(xg6Iih`1k0M*8GL<)G$Kqi0 z>5tmeb1KmRUXwFT+>J{)e40tG5dmm2bw!smZ$^9X=8-GYub;_ReC+O&5Ppud|_v5P^N^iyKy*n~=rijQQrQR&kou zE^?viv*ho$>bm<W$*xBX&w&H$Gry9ulDMaUAOE%=d!ZGP7HRnIRy!|GVYiKmh4tpf0U#NCkLU!IJUJK{@HrH?kU0g}u7tbP zUPHlDgNr{@j(<|&49C(wPj5B$g}rx33HUi#oB^6TQdza@GJWxrn0d6d%Qm#iadWHL z%U?u~wJd8OM;CS8?S(6S#=X|ww}iBJ=J!kG&_lLH9#^s1Zwe|01HkiwIG>$%xhjYh z+28@F))26Z?jVp{)b2j+F%j%rV4F(yQ^o+1#(Y_~Qy5>J$z6OZo%s4|^>bCtg?A)ioD))k(!;+wFXhZlvP2idX}j1* z9Es!6`zks~Y#1K+X!klDiRBgWG2AyJKBnkwwY%E?!62;WaM2`bRsiwx;$s*6#lsbI z3n_{?qlhHJW=(!1X(h|hM%dumg#JT2+r%E&N2pRx{2S2QG#Qhy*vDYLzSpeKtwMI z@4uC$(ie`~>7+}!y=@zwV=l&`R<&hq=`W=+wx^}-E4+J{cI8yVC#lh@qqeJG+PpP8 zAmuq4pYiTJ&piD`LtTAWVuF1rr-<64go^i5^n$_{93{QUXG|T`Vh6a1KDW_U>Tup0 zZ3#Egi2r2FJD?}J}hPJK;68`w;Ykr%Q4|5TlHs>1g7C!+$$qN2w*HK&&}bvZEljz zj>t~!(_g!@qxUb;q8WnfxYzRCk{1@zW|RvC0ht6rXCu(H8<}8aFCmLQ4_fA z?gq}`9~m$R8<_?9;+D`Fzvpws+6B`nQ*WmHV{f0yO}Ir}WXH>dO#&e!PN=eD^;%5& zyz;1}+)}!EjL#r_VKQZFW#tFYTCI+`u8JM{j&oT=XU+2a^#!jIw*KNdmt5pM!a(cS zJh%>3c>rHGCN;M|3fhMsb_uK96bFvz*iHDiIoRc4OkmpG9H={W6-!hbA*y{`bblt> zwmbiRxt)1KP=?Vn6LX?Vf%C(b=`UVA`R;vNTj(vB?M0P2LCGROR`M2U2y|Fzbhf~? z2DaC1+r^u^^_7@Ki2)O%qjO$R3Z26kdYvbrcPd2Sy;0TSF-f z-K6j0gUbHkUO)kSl(52Cm0c5NL}l?)37?OJ`57@qczA5g3Uj8nr+dF#gs{P9 zAS_jFh5q@;MouoO7h83)Kws>#aMuA^m~`Z_NbZKCdw?~Z6mIn;|7WK};E_)g7YD;u z{1KNw`&rq+YY)cBalSZ!YjQ*vmq&wd&G2a}PaV^q2;plpJL*P$c{f@o%A2!gs;zJ$ zl2+lZ7qwveZ&>K@P$4aI?QbxHD*|%3^#SeJAGS~Ly8vDB31ESOe#zx&DX4E<%-zd4 z-IfrmGs?t3g7W&0!?`rCnF?F4_J^BxQI zUCtwqb!ua`FRYJ_G5%S4S_E&`hpj{O-Jf4F2hH|)Is1<;lR2`{fLuSnRJk^g)WNi^#_(N;7kc(nK@Yhu3^!NU zDvvaS`WiA_`F^qBo8x@&X`H!rs0 zwE^4nUMi6wq^mP(!~qe7cryjfY6?aqdvT*J!8&7gzH**=aK3$OGvOwr>&UUP;Yl4d zG+1N_&HrQIy?B7l zm8f48&5g16iP_n+`4uS^NgF%35WCCXMM|zvM6yV8LafMFF44E(5>xY{^|=N3-_1sx z9E{ZxIlJ_JR(1~)f;p?O2Sw)jR^d7r#`MduV40lyiu@+*6$B+4A2v3+niz2phwIe_ zw@cQxJ4sB{0en+NYxYc|NoM2k_TGBMkr7GlRd%cHBJ{C(2!$&7sZJHVZ{JC{>@)zp z_d{GIc0N2*%rv~ugGq5}*p);`RS{n1>_zzGyKZ!!P{~au&i-n`K8a zunP5p+;Kl|srOrnYun?IrrH2JLjm!KGCuH0y*aSLeM4qCLtb1TR8qDLw7P{|naM0zNeLt`!khvZe>aUzF)6?6 zQP?VPat-HLTw&LqoKDDSlnZ7?t`Wm$T(E<1++LfDLh>nyPBwlgkJYL#h}0(TafA3u zWmAcggxVE6>uT7romo(MV28J5vOFua1Rl^c^@ri(;&tkP9+n37#*{p|YIm)klokHa zEg=-q5$tJ4bF4N3p-aY0Xjl)=Hr2goqRH+cGT&YwDC$Ac>DRdhtNPddI{m9RuWk2AtKGOO#BW|6 zevFxOb9k%>h4%f$k95}tfaP0;4%uXRS0%&HtMA0!7hmX-9}Qw|0}{@;wye z*lLX;!S~gcUXFC(Lv{rbX&wdud(5tvW*>NY!WD z9y$>4=aBlIFyvR$M5MJYA@j6U`-HeOXk0^2&rzG^hoN*IzBZ=Gf@{xv&|z?T4V3Y~ z&gZ(%mwvuwsD}xsR$JDshHu{YT%0?^`{=K4(!+Y`3X6(+qQi8pl&}IkIvX_%rRHpO z5V~2aA4gUiOz6l3@xyYisQc@QJW; z5fMyXMRjP$Barcew%e$P`Ge8L{92DgLQb{}ts3iftvqF>md#iGDajpv&XFZ@@7U`6 zRm)xGf@vY@p4x<3mp(OOE*`d${le3?U&Q>A|9Y9*VZh#o4I?x?|B7>(*xFD}F1yxS z;rL)xOqQ}*Orf6aMVHfEa@N1{)0&saIKQt6*3ICk{6>C5`y2l61&-djs@}p_)okq< zXUofIEE34$$dYsc!)lYA{~Y6;=0loVT#exyU~PjNVrTl*T8{dko2D{TlMcwAnWj!1 z-&v;yWX#qdKl`L}9;M@gUu!8%k(G(OvDl}(iipT9b(uEdU7<}9(w465)#g~bRYwJL z&NhoMpP;weQtA+g4b#nG%IhbLwVA#%u{Yyq< z-t8i=>?qak^06iPpw?0Jd(-;C%Y-x#9kz>gn_sfPE6?@w1u?XrNcBD(z}z)gyNrtU zZmGLOozI;2&x8sLJinQqb=Nh?lp=?887$TILOWxxCVU@pnnWmn5-5$|fJ;EL;fW6} z@6AxTAZv0n@YZ)#3(i@yLohBi2z~uq>t374VeWn+6v9jlcrZe#lj@@)?0hr!rvswy z8U?~ky0o$ub7JNf--8Iv8IJUP71a<-0-|WjIV5E*oAxU4JM2%cVb?-zGxafbRosB_ zC4h`3R!s`)iw7v`9#;La3|xEFx~2fB=0D$&Ku>rr8)s!gY*yL;U#XpmKgg5NdtbM* zK}7{&`~9#A!$iv?&O8MR?|dy|m(J{#XR)BGW~2)u{gER#Vgfp9d*(S_8;2`w6?C!| z)xBr>@9zH4zZHhwlzIi6JJjdq>0nzDO1;~vL!YBV0{W~Cw@uS zYJvKJk+eL1jV>8ZVL9Ia9>)FQAy7osumXK_f994c?bpcGa;XV+cIE&p=J%W*;fL7< zMQ?yeYraYXR({<$HMG^{MoG)cVQ!XGX#8o9SO#py?2=|KX>xXnO8TP~S){#$J1@$A z`BfVZ%#=Z3g@raQcjsFU zq79z4n|74+@~m#X3nXQq#MHP3Ywd^!7YSuE*(CluwtiZTvd9My*Bq8~ZMLt{eMk?o zj&s3r%(L+Ol)f+wH79yHGAlZJX5p8cK>(Xza=xy5TnDGbY269y2-L;2Hs;Zq3tpIn zjf9r#v-|{GCdA35v|MlB&nj@{;)h((OR|L%GD0KabDX`5#(w^18ZEW*#bEq-}lGVo7sB!RG>$MDvri&NSC*jgp(Q@xgH zJ>~5dnGYlv^z@Z)x_hUhx*qrH7N(IPZd5|k?B^WkL347-ghxynA zu*8&%?tnk~SS_n|QeqKdL}}W7PYK^pL^b)0i<(CHLd}*V(6SEgW^dLu4?p6EvQm`C z#-wKli{Kd}da-G!IF@>uochk(;kV;=&|4p`wl*jGHhKU?wXj1+D(0S)NmcEWsST|&r;QCXpgnsNKAv2#T$|M& z$D*79>Y(82EME6^0p7P;MM&Q#&D|Qd+tW?G!=GJi>7D-bu~>son^Qu~OWI~Q^j=M! zwjAf7L)R#b&L54<%-)(x)mqkG(?Rd8(1S5Cis-&H4eHo^$q&Ifse$Uuhbp^Twrys##4(Uups2P)v}WI(&EKg~1tY89ZgoNir-Kc`9Cr_( z_lDh?pY$Z_HvA8iqkuJgIl%1`!u{ts z5LGt0p>>_rXbq8ytqY7?5+ydequ4fUkvX${MG~M<-&^^^MIC9BXGUZ|M6DK=&h)%M zwDR!Qq7da9Ztx-a=4-5_TKwnW>BsC-Mns^dN3O+7M^nxcX~Soi`iI);Wcf67ElPi4 zq8=hjp49&$pDW~YsRCRRv$Ny5pr>eAfT1KHZc+XkL~_#@s(@ES>al3|XG_RRuOp< zahY0?v&OEDMO~(<<71fEJ0LaodnG+*E?^vWyPsB7brjV8R?sm%elltR){~0cS^dCl zq7F(7*x(p?0e@-TGx;8;M(xwM;y(jABWYmM4il0%jQLRB<#s4fjT#U+oZLnk*6JP5 zA5rB0OaDgtq4%;qojhELp9wDMsh_TQn;m!Om85+6RbnRbpRlj;UM*sDLJ_(u5k9q{ z{*bCw0dwlJhN^l+th^PBSUGgSgv`0E+}{XQ!A6+F3I9>lmzpINT+R7yXrZ^)(K5DHSdV&Y`9wxrS@+Vb z<}?8AiSEL0X*IXyhE*dSqgwu4o`AxL=gXklPCR0G^I2!;h8&aPMlR3PnQsT*Hr$sm z&8`HxvP04zA>=g5k}{JV>sNH{){@U*Q-aZAQ19COIN_s?bfGLjD-eGLe4bg5gNZX725SYbqnYv^@%@7)}z_8aSs+t(7F2z4?$97G;#? zYit=5%EIe!kOOE6exEaQ-3OfauwFY9`F}q>P88wp0IO!Nz`Z}G%9_2icwb9!%&7*R z7$mkIPBREz*9t{@#r<|~M%;J-xL5fnD)Z!2w{%5Mh-om@bW#8Js2nZYK#U0Dj`pZi z^Qlo$Aequ0?bhz#K$?)!lT|oPKme^NnJRhsS~asltTwqOSE0R<6G(oPUl~(5ws{VC zm7_dGx~0?Mm7snj^(0)VAaXAjeYfTJnnB0fADs@vA2QUD-u&0a)yI-+N>C5P#QcB= z;rt{S?1Pg{SHM?pIp4+mo+gIFiBn=-sn7Hz62V(j~q&7h2 zQ3E4+K-rN^ewD<&eS7@T&C6=yK0{U^iR!R><;&^_Y_2l#ls-B6nG>qj^I}~7d};g0 z>t>KGMUDF3;IgYX3cJmYtW&8jzmIR#E7c3>$yQh)Iw}PM`@Uh*CKq;QK4m}T1wBlg zTXSQXZniyaUMAfltb7u#&+Z&yc~!jm2-%AafBtPkK^GTs9<~LKVoD2==EtrWMSOZ) zVhg6f1Eb}&?;J}Nd7v+@A5mG>y|yr_{r&mPx>8(dRHf0s^BuO8n6G=>Fj7J^>|sUN zop3nuXC~~fi=+nifvAO@mo;}1UXQa-_VBYv2^gF~Je*$909-lt&)-hecKn|Qo&MML ze^W63uk%pD<24RlxBprd9xHKf1dKj9)$BjU)ggnq?>!Sf#QGZn`#+CQ{r{BqzfM>E ze~+&TU2<)=&(#J+WHMJKXKT1s9+mJt(B*RYU19(ajX?lW2K1<52Xpx4VlBw5HSk!u zsTBCl#CV+xELBFY&0o`d(OPbCb(Npk-0M3$qwE;G7qvFE@$0F!;W!D08GPQC+p3eC z-4L5bQZsN~VsWL|!bkiPL?4bNbXV6F%C9QG==*{TKEGiojZ$k5L9U1tc>#g>lmwPK zL>!{{n_U-eVID;O*$%?D%b2-`a=wVSjW~Op3%KsVlnS}wVaj1R1gi4ztX~it)!$$5 zT051ntQE0h4^~7xIVcI!dL~Jjdi*TMa8>f*_8E}e49BXeCn^#Y23nou*CQ z72wlyy?(X&u83*N{(}no(XrWdb3@A|1vyGP?dr5N&-H3!-O8%P&STf-E^fl-Qc6y1 z`hA4Q<6XeMU!M#34VNavT~8+FcqqUBQXb8lb1`R-Wwyi?%bDoGR@*YR(_pK44w4!6 z(=H_e*Wr;vFh5dpS#;cNZeXD4ROQ9150^(fZ;jPfqwLpB;_8?->Awd_Q6D`?)U-^Pq@ep z!FOMmf$ko>IggHMxDOmv(H36T!Up=wZcqQVdBiJ4u)4b2Dt!K+l+@tyIKMX{gA<$I z9DQ_sYN+v-Fo0Xa!jy8+H*`PeufhpKT5ql_t>pp)Zq~G+jYvnWm)Ry&NMN9 zDjy@(Ut?<6P){M}E`o zpT(_yfWrC}sFV7mO4)(PGcCBh1CHw>_Tl*B5O-^p11S~e5J6|;^*4RauLN$deb{V| zvDt!ITyKf$K9Zu`N<>3&lszDHx`nCX1C?dNxAdH}LYqPX=P3?FWZ$RreA;ypPKJ?W z0sG!rVV_+Fs=fC>${1r>YYL@3-H2FXVRcvYwEX;d-!gN3-r*ZZP$?w0wtKnLtEWUN zQp<^&k)xivcz=Us!oXzo2t{p?IHGziP;c8g?(;XnI-bIOZq&@HFH>c=OO8ErfnYFC zg>X=Ydn;FwqF*)!%qRi;EQJrQnAYO=e}Ec(^GC6=pRae7IP&K;CU^4tC&hiXOV*kc zT-lt)PbY0$bkqR9>!7~ns{Ld%BAWJmsE14&5})RTTJ{|_)4ocu8XLQW*JtM6wl7{1 zzV889AY!zZM|xBF=qnZt?3EfKrw;loR$N| zC@o$5A@xpo&l1B(OiEiAfOx5(E-((2`?<>#IpVrnW%JQ8TX&_w^j)asVw3_QWEzj?);YtCR4plg($^`W&|Y$^G-B5_oMY zX!1U9e4*(Y{Z1+>xj8P1sgXZHAAR1z+J!AGRrDMW_~2iZENeYtZq}7CwUigCP2nZ* z2F!Y)A%RlbWX7o&lEk6OwZ|EDt-AY9@yDW>*W}Fjc{WCkEojTIdcUp3A>F+dI8nNa zE8uEdD$m^-Hc@NU$$-~Csd_!?qNAf@wwynCFJ-z>vH^r)Xqv73!Hl*b~DP3=)ZHcR!Z^$@H5y0dSu=Gg(HCL-rDnjsv+X1_G9}|K`l604t`hyn!hpP zLJyW*A$lf_@T~^3!fw3$dL;$e=}?hWaaY4(v?VhA;5KhAKWTdcTPsayRG*GGKx-TQ z9$q&UVP7$0QL?!A*})|9W6Fcx=@Io_67HhNDPQ9KRKRBklvgv?QeQ7`%mGg6*yYSb92GBu`mmbqM55600CYeX@5=G(Y)BrpKDfh zztPGDM8?N&k@iRxxnF^ zZ{VJ*S0e0t5$zcE>tP{(~Mpsp0r@lZ`QJtvxQVcAydMAZ=cZ z57A1ISFrfwMt&&z$?gf>P*7AYTf*LI-}f>(5Lr6$$FZ|9$N-TVb-){W0wkpdSiW{P zLeGs|@%`z=qS9fgxS!A5{^FVbPYdn^4?h(pyG8@f^4IJ)N!&0(NlFdDKFg^0WsIdE2 z5HGqB9TVa?0$BwPza;#p)E1kVmp8#6q8l|)#tcRuA%c)5 zT0*o@qm14ej54VvdUS&!qJ&|HGJ1LUB=`NC=bZC9?K$V;>x(vft+m(M>stSE{jV*j z%({V;rco9SWr6Gicd&ji>CjJp%YtCRb10X&e4&qKV{%ckwO_w~UJwwG`1Zg&=Xx}Y z3-6C%V;@yixl}YFu(~!bIlabmOwy$w^^QYo0htA>SqwXuT?=Ok(Dh#!J&vU}{qrIL5YHx&( zm2JJ`7UfsUt|a!(bca#-fEV-omfmssH}vraZ{LgNQ692kuBPn*%>IR%?kmJ*vAhw^ zp$X%hugS@y_OT5ndotPhy^;O%Ms*X%LBc{4J!XE8Mr5fHa%sK{aL#hexL}2q4$dSy z4F`}}Wa9hxN45Et((QWo-{_To6^JSv4&DYk;5!Czp#oo!@}mCFY9MDszfv8$7(}{^$NJE^c4nK|^|7>pENnK-e;*s}lbhK5I)y1GWPgmJ}0r1`y@o zamGVn_+8n*ZtFkgSf*|TzjYdmby+>}yf$#_t~>`YHX68AZD%m@+wFIZ&dyCf;MA?4 zsX2ypZzI%hhEJT9AMD#4O#yTALCK~kE8tFA4)z(X&$RbY*01hSY!~kGfTZHo9|g|q zHd}aur)`Np5LBio&7j~y*4*ds;V9gc50BcerVz#D@O(6B{L*EQ1N?K)W^u!szus~WSQ$7NoQbSEjo%vd>MKHc4lW0$u|@heS+95Dtf^r z_o_ z=1t7r=dSk6eE(t=7v%*>%q)hntvPbLF}3Cv=HnL7_ECL-3>|tVxlI|BkOyvyv6hk* z*W-m{#tfsaVjJBHgplc*Djy!34XDW}@H5eYb?B?jM9G4$VV#YLdwEN}$(cd+!7`@3 z-RY#AZw6aiB7l#mZFF6K;eC$M+Gh?Yqev~mf?gfLd6y{Z)J>klzS6&)p-0Jx>+&-= z)i0_MKEAQ4Z{0Z|_t2t@Y52)ep?I>4z9m0H+p_630psb$x#w07v;yD9m=>(E<)&cV z2nx}{`MkIXexvKja`;D%LY9I~I@NOwi=rvYx}wP;b6yNF7!f%$Mzjxa7a)H$2_jmkE zpVwEuyHm=n#nzq<^zx$eF}O@1#^(l?pb#pkZmct2>bAh~*WAzxXt%j~&#!0ecyZpO z&iUMugvGSye-nJcDRsj;JU0&H3^Mbi0!UVS9230TW7m{Nan~tj<`JdqwPbr@`tZiB zT6j>lamK5t(*n6(bV&uU=1JjV)DV$GRDrH=!$1(D2sPfd}+h*LMv9Z+UTdXlpz^{3&AxIKSir zn4|2Z-24~PIk?j*HaMZgs&M??A^3`Je55;bTvB48-gKnle&GK1!4#l)g}Ju%ILH+{ z8v2DnM?gr_B0s^4?g~vMq0$v;jSAWPIFE2TTy?K(cktD$c9^}4t>0NR>`!h$Aa9!l z%+SI$r;536ybtHda@mj}L>Mw_Z+M_5+Ub}>YIAk7LIA*-_s7}T8# zzo3GI7KFz~B-w1+<3{f+R7Ymgc*3CW0!=97jS1Lis8A5@`TW^?c22vh>J0aTftb38 zPLGM7qS(r@!sUsG_OJCR@p-E$uUXG-zP$oa;yn791#Ygkc41-t? z)q?z!T31|3f&||&w$D#Cd54$~8qBNpc-Z#jJ!Qi1?cPc04)dqFP9@0qR!BUTbu~53 zC!e6nA_31;Nv0k0SzyMXhFuWn$viK~6_av7x#Ep=$r}MII20ORjwmzkFZR5x+;6$+ zSlY>Wlqak3(FcfKTpJPch1~v7l|Pqy>8fCp$5Xmchv8{+M7n?w37+xd#x!(EfqPwj z?j%jo2h2+YmIE>8NmWHzgg$+|Y|AzCotDBgGOf{(dp_L8ZPs1Ve%ttNMZ704P?sv_ zXYJuQzWW$nKIX1e*SV*Avc;CJ(XPvLmg0RMLw**%w0Uk~ahFFKDJnA%SOZa9sowz* zuqrp4i#u1vhiu73Jdl0FdGeFqQ9t(aAp)~7P*O$Y3v#n}Agvw7ah-g^=e=K*kE)WM ze8su{z4L2JN7E2bDqo{0gbE|T+*dCS9`SClR{=#RIdKPq1kMX_ofDvphr8*8 z;_97WpR_>d$2eq%^ogko9qYJq5CKuAU)IKpNEobw)R=qq3`E(6t znZ7Nm>1iFgo1RlR3>qrIHO4des+l$@BVA`)r^@WFmXo6{n&&c*2JUAHJi$o$iI4t} z;KrOb1@rm=k=mF9I5S+up$bJhTw+I!9O*$*>=`toE2k%!@UFQYp}IP@wgVp<)7>0V z0#9)C<^gO$`r^N@j&k^$cXsF?2^JO+X8FF2CT*nzHet<{N;X5wJhWufZ{8B~qmbhp z+9w!s3|#(1P9vAp(!QtBMCpzJFQ`caAO#cU@Fx8p3r*^(BHO(4H`{p^VYNYUR5g6q2ywOO1FMTM#Hz- zHW-eeu(g>oE}XMPeI!sLcX+a^%C4Pz<$}Pe_Sk-Uxx`WIFz^VN9|viunwkS@D`&O< zdj(}m{w)ZSCHFro$@s4-HX!djlV}I{U5Cp|@i9C^&_M2aQL}>U;S9@wb_m5-U(FxT zuetmpGf>REcU8G*bT(^h`0#Vj@ntA~!ClCVHiUOCRg$FE*rOm6E zd_Zo=jmszfO?`}dRM>VeTn!+>8p~(t?b55jb{K^{;18-dcU19FQhS>w8Riz(1e#ch zlcCc+a|>LA=2QVOuVH|I&}^np>|uaeAnKVRZR3_AojhnaXjgn`;p5O_a_0@r%%&db zuW54kJL|}}Teg(CgmGtmBH)kT;Ky@_$g5k(RrlXHKiVbEeP#Cc&T{ZhL;o9N@uB$6)u~IL z5|q8tq?c}J2|A_pfdF1j36NY9cCA`Qvc8sbc|s8UA{@`?IG%{Qs9XV^#e$iEUYsJ( z>NN&rW#3nGEs56ezB<=9vzLDTq_(UC?C#+r@dByWPqiHN`=4a+gC>xwkuPCx{*`I4 z1_bk+mb0Ah#tDxu3VahrTEWw5I$4rwE-LHV_N%b;ZH35dkU{2=+1V(tXbccUZ=LgA z%W2GPSe%e!6WF$bB)WvP@hLh)I7e+@A}0O1cs=SFTl8k~yt;#zBV2qw9oEbMMx(z8 zP&xMD*>(OZ6AKHM`!5@Fuo)>dPWo>d<&@~dBf}IKyQ0`VGNVr0T(#S(wO`Z&`=*d% z617)kz9m~#xs=Hk;C5>`OIKLq<_-d|jBM7r!LVbDu%)!~5L?H-1G@H}So^TVd#td7 ztP^2l=MLU|;+GSOs5yL#&zmHy{QzNZ4y-;JjY8!S>QY(sXcD2MRK=obOAKunShZvf zG^W_fG|N(Tos}w2<#!##0J4>@5R1NGg0cCukl`E_tv4p_7IPNv7tv_AX`*=3!#m8T zQ>$!&ixlkK@lp`_w7pLnN_fEhuCgWod#F+u-WqdylVh>J=N4#@-NoycNu@#Rgg?h# zR3e+M!uQ$6H1;e{qBDOqGA!;k*#kFBtc#Z5wr?MHk280Fny6Cvd^p8nA5lY4F6fyb zbHFIj0{E2V2xhzZ1?QH=4RVa?uX-mPP%QWEOBm5%rUsJlhCgu zy&_RJzR1lk$p_FC@*!4mxZ&fq8|(5(LLM^@&O1kgqZlsJ;K!ZCZ7U4O9w8HC-Z?)& zaqL6JDc~EiC9P^t|NXe~O$W>Gv%@Sr1Dn?VX8@N{Mwn~hwreYtp)o1XNr{bZMuw9H zEDv*fRr5gRsKZO)JAZvGO+LVz% zunQBe*lPH3+A~ovVy1fKWzF7S^IVY{mjFRo) zd}DNW88vr$m-Y15*rb(VZ8oCWMQG!4d7*oh6eywBd4M(SahxKu!l@uyt1C!@Zdf&U zs#^*Rvu-1!RAp3J0ju_+GE6||7|9J`EKb$w0=*4=UEc44c_-uH)SK^n@jJo5dz+TS>h+OAF>UAYccQu}J zV@O}$-ZaRt!2}e`hs>7%T<9xrw%*6s81T}3s&c#`Pbu);_~VpX;H_NJ$-^*T8x-puz54&q9B%JuAJZm%Dz*i3QB zyS9F*5?90|xa1zy>joF{@{@y|8k-cw?;u>k4>Ct6N^UmGo2u9&>4+@Asz6aQ!=)CL z+2ik8nO!nM4g+j_do>Zul{dl0WF}bwaeW6SVA2>z#RSm}CDEhSavG4ISjm$*Mwy3P z^@zvpjprp&u9>hxRsL{mOOerF4(2-bV0VK%my$Zcif|OOlr<-x*f8bxCszN?h1pc6 z4`uzJ9AMt>KcJw_>euVGuR~&A244-VqNO2KtsUbIVb-@f=~8m;Bs}c;4TuoM#5Tgp zL~vw%J<}M2W;ljIk;{(V?wlL0)u3~{&$XUfQ*Oz0;%|el5$s*$tjZi>#fK0v?)^>* zwuL}uSlG+Sz6s=Z4`0b{`sWbs^P_h+Ds^WE7KM7zTn#{U3$9i24iI@e#VP%%t(X~D zz|ECW^!5BVBJ17rvwwtxGeN;cRrBS3}5Q-u+! zx(?AC{Q@f~94ZjF>3(yyO$nN&Um-dIR&DC;GUKCg%bG{JnNaa7&Zc zGtjX$oGnQ!xt|I(3LaiUW2L0qzH zu+=q+QiHB8O20RZd9#vn^U^ib4U3!2PF9*q4;)OIHkw+Io>uyC_ITW>I^yRh#61Jo zP9;?pRfEq495r}KKRxG5p8i`aI3N=v_Y}X z>~>?QU;j^fI=zY+4=JfBJdhpv<_&d8{dNkPVeeU`#&0_;(}-iNzteQ^9RB*@-0C7F zB%~WGe&MIeWB@R3Kc*`%%24dF@@AaiHJqdQw{P#m4JIO2TKFzVc{H!XdDMawe%@&_ zfHs2of@fx~N~phbHR#WPUz?x^}C4fV2w+Nki0`9n39gjqO{mG{8Yg?>s=8_%y z2@CrSr(GyI?UibNrw0AiZdpA;ze84{5}k6Py;xMi7{!RlO)FRh*pWc6)QJCj*E3ds z(#Ke&>og`EVc_0AR5AYH1!o^q>x>Iz`I_A|$9BP|$~l^ejeC3T#S*<(=>g$luj#q^hD1!dPQfYPE<1_lKx z-kUWp1niiB3=ir+%xE9GBnCs+LeS39LUWDo)RRx-HuH$uT^)<{DFk`@d$E%Dc7=rU zo=IMQ{-PbXKj~)#%fPpeo7ftC86HLNTje;rA~wT2<{fOY1rEhB{q7GH-L7D@)+0AwAH9Od=^rsL*tY_y;aJk{A(njQB z^CLTw;i#p~Mf2Zx|{;V4HCCnNbP1YCeGFyw2iTGH3>_ z22N4i!yT*9MsjE>zzibAS3i{Ne`;RW|1^B8L2*!WAxnS)I8|ou^wgqyP$@41h(?SW zhW2bKcpY(!x)NC!-~+(de_41B;|r;Y7fyd1=<-9GPbLpY%_>NIH3EA5AJ^{xb#N#8 zf_=VyNeZ;zk+4zrj}NZ$O|^X(l4BGxWaYJ|69h`bGWk(rzqbQjT6!jr7sk~ef?Y>NJ@uCx z_6vmYse3l0`ZQJ3j_?f}s+Z3njW$?nfCxLi_+RS`*k-S=MR|F1@!{I(2p3UgaM?!r z@nV1m@=C_*-J1kH<%P{*jKJ{A>Q%3UV9IS9oRS?gQH**gw?zsnWzw6S!cv6I)24Gd z&C`pyB^7M^B@e*3M?TLH%ex@rSYtx`ZswQ;PAb5(b~WKg-aQ9Ddm#1Br2v-(>_8qX;^J95-T@AlU< zO>f8Y<@2(AqNuNjP~@9S?e=5aaQ&rX6SdR@pqLn4?@AqGRd}rXvHV$aB^&+4oy%D= z25NWHdlU#=2{JOHWj!$_m9@?}b3L!0+4UNb%Pxp?S=xK62nb#H+rdFj`tFDhPz^Ub zr#-qoavqDI+!FVxOU?eFe`yLD_EM+soRyku?xEZVzT3BwQZyWF4SuVYt)D&k9+n^O zbi`Rim<$>BXOW8OT|N;=&dK*{mgp-#a#%~3@Q<(oYD{UsnLq--y07Y9XQlLTjYrV~ zI=`ZG18&w?1g;`ca(x_6ZudY zA9{|Tx80dlM0eUjeN!xPM4lD4N^&u3tERl96ZFPE%H{m;&Tv3yBN9%P)`&G$UKWLE zxC*8iGA6Llef(I$`K3U)cPuKS3+?y%mdu+3_c|!wwABX!$22<@v9m9d_)6oYn_i%` z8i-%g5DrQ693G8?gt&PSHNZfj#_m-x%A;G7yQtvJ9(U|c0;})M!#$L7mGNiVvvInqLj`qCnUGvB7We@TAcnZs3))wKh7@$7WAy?hmTxU#6*CGpFj zO-COGVN3-)2oe;akeOD$FHq57lgZ;(cjs&I&MqKRDJA)S10DRRSFcO7 z-w0Ss$v~^c4wZR)2hN)AXv_WJ`&&;<=9QZ8^TKGKn2ooiVD9r@cnX{+>vUbErz*!5bE9YLlSKfH;nqC3v&x=Scv z&O&#uEJ#j9B`P015=^eF&icIeZp{Y%5Q3HAhNL^@8y#j+cBNz@rxfr>9ze0qv}P?p z5|5zW~k^J*t0 z!T(}{zFWj${TmW@UH@@w zZk}*gt`t4O?1i~ptJu}IR}5AA14YU|*--iTG?{SM!W20{Xo(3&zK-{Z$z`r)$J2^rof9{isd+EX+tmo#B5|3}XTf zz3Ch*`C!e$Jy-USsa3&du<0D!%L|*F2h+3tIVilfTm2N9Niaj{MN7V6!b3$$p&5+n zQ4jo-c2q&mdWP#LM-ByQn|@{>KXvZhdks?(E?0e^h1dL(tI|P9EC$|aVR`i|jd!`< z+u|4v_8q*?U2)E%RY6vSCk0-zoLqG!7V*`&C2gOX#JKaLm=?tb+6`p%2?Jkzs5j&} z{yQ{gXqMPd-$f3T6O)eeJeFS4h8^qZzL0xHK*O>@;$p*$f$Za#Hecp*#n@hzM4W`T z7u9zI5t~~$>Y@AXftmYt{cBmtXhv0ScoR8LtN$eM=THdv(e-F)S(jUhOw7y)pq*uD zVzV?uH27C&5Bp4U8WHEJQy8H{9Y<~={1klr62EPdq;jNXa2a~GK73aOU+fy}1O@rf z33_CQ!V9T@s3D@uJaT4}hLrwS{uemwHAqE6zXf;--2Z#xI{(FU1ffQ9McsGSW~pS} zp&V^ifU)xTST!&VBXgtcETIE`ZkE4UcX48t^U+jJ!X2Pp8n6vjRLJ`3!_B2$ zbYBmUv)%IDcv6mSn6*;C=5wX{W;Zf?v#|JAng3h}{4}phL4Ia1q#P$}mGW??zTsC} z4}nAum#j;cl}EE_co|N|)nJ7*hkki1T1U4(`I!HC;6oaB?gRpM#D}%_&+dcN)(WdL zR%@S;h;tj#g(PBE*n4frEmC3A*}D4nDiG+8uLExWz`GjO4L5>BtHr5(h%PKcU583~ z6SrRa%|VsZn>u9-dUHiblXT>8q$=44g-go&c%2;^kXpPMJN1IWuLo}1Kc`53pEcZ7 z#6NbG(gWUweLOXRd=4=n1Z+0Iwu;mZ2_p zPS~%^b+7DsrRx?bj;ES#KNz5Ztfm^ifHFVbKmdBucogTmRjnDx4x6<)GU}kSN~e4$ zX2Rf8L(;IlmYW6vwQaoU@eh`$MYV4nQEda;WjpT^(*VZ|Bz@thBWs806w338(KRTl zO6!!7?@6<`VPi#6!Qv4Zi^$NY(^Qu~(dk&sMd3+TeI`9qWUGQW^Ni@QE6jTrn{o+e zAh@LwxKYm53PTVkRy5Z_yW0DzztPgJZ%Hvh4LV`5<6Fr3Ei&P6Dz*&G}btoBbbsK{-n$l={TSB%ZVzt_*dLTkjg>c&H3e8SUDIYGzryh+ipyrIwH>y9qt zCMychRB=x>BlC*(s2d6&n+v=TBXA*)G*Ft4k#{4{4WY|Of4n?Bj<7N?F9G1jw>qKp zUPHeuexVDb-S7SUGpzUL@GM99gbVWf;|Rz!!fN6H-`2nHS2XXRs^ZX)*KSS#N_q_e7)JrsleFmZP3kt@7{o#LPLqYYW4Ub zVzo|x|5wwi0t;Da_c08-clTlfI;5+sknvE$9){4>c8t{790+2opLv2|?Dm{vWDtC6 zGwr8Zy~p9YcE{sLuggoj`Hfw9W_n5|v2{t^^;YE`j{*VvuG1{iic}gBkUMm~5$bYyNeE!MFoS}P{A2?@F_zs2&9uo*w z0S1<(rmIu{8^e@BYSgsz7VLa{itJkJo!WcS(P>~nDSB3DQvT;e_ocZ6C-~5d`vIB+ ztL%NZpV-BKefLjx5!_fnc*bt?SOH> zRYb3pLr+@>Z|@=j#dXpJj%kEUXUE!Qw7W3_Z45jD9&M{?=V(lmd5Mhr*usochSy60 zo8A_^svXm$ytdD@gempU0E>rz{gaF$aK$eZ=i_r$^KwxJ_%w_Yf#_<#Ab+>vX|=5U zxxqI=<6>) zJ2PnWgDofuQeUe#+OqP>*p|rj3q*qQ&kKS9`rc)TSLesQ<1nHwadJ}pLlUy;b4^((DcaDD=N!E zU-1Y-J4JuJBzQykYZ`2h_5iVUSJ~l}-u#s7XDKI{gZEMHPhY^BJxd0#(&GH*2W>c8 z*1zyNhcT@@_!VmYF<*15p`-G%(y$9Bm;9hV@eIDCY)1x{fPdZhU5nUM?aPot}y;)Cl;&)rO&=?->&q zn=KJJs}AH%Xgo`RY5o(h)_Qg<-$op3M?PLlBGl+jpFMq6#kL}z3RX!b+QjpPZo0Rd zd?>;fayl*fKM;G;0Mtu(M@79*2cdss${1sw&9Vc$FB1I57l8eCqtuIcytr}MqMbL# zUN5^;a3W+kwU6o7uVg3yTK{je$YjPa%~McadxBarLCd$=D>Y@TTZpsw0pC)MW2+1 z3#Os}V6qg;>{`pnBJP&~?q=(V++i~ntVk~bu*x*~Pc4>MALQt4CkXXL&!OPnW~7hu z->JvBf=u;f%$V%_ZmP+6ZhUHFk?7rtFH~UG`t_!oD?){dTvvL6SDj-*{?J7PADiT( zyAn(F*gTsq70{A|e+O)D2WA690W6)wf6kHm=lI0`CsqIv$>f}sefBw7Yn{E<{;l6id}92N;TqR93JMB_ z$B%TMQczINQczsBrlGo!JgqGNUwmB(diwAIMb#+JpNo?#ZugDuQ&7~V(Vf4zdT~zc z|HwLsf`YO8@8?p#-*;yUii+CDy7!-j0d|&XBU#sp+WWAG>udV!Pwq1=-Mh^7=IhPx zqI`BU)l<5|XVy1(2nl4K?Aeh;t0W z+vH6>K?g2X1c-49#fJ#sE$vaVlJFgxkF3dk`6a!}KQYS@k*(THHtD8qm!{_<3(O)i zxeY*HizLbcR5Qcc)(S`t-;LcLuVu=vQT?iso3#2u>p#AmmM<{^D@40b|dUn_{1!;PD9&UOjK!LF}$Ia5!P;wGB8m8YV4yv zy93(${i_GJIrl8e5t7-(br&W@wl`8s(;#U+RIN);Jy5k zWrSd9dB76i8hg^`#(Fq_$-_jxNJu8A!YX>&V$rSM?_Z+^43w^XFqdqkuY=Cj7^UcW zOnSEc`Xy@2(g|OeD^O!4PJIQ>L#Wly=sRlZYX(z~`Tit+pLgn!^JD!*)SQiA!PQr3QJ-mexYBjlA(OQZbas=lVh z;GdFLl$3Fd%@xo;tt-H`+HdTm^6)-C+Q}X}MW*=KxEu}4_l$o*GTft14Xu+3P^M?UKSkL231Co;26`B5A^P!9&rP=@RG3GTA4W~nqgMN10T z*$)BLzqb+_%qsKneYSgO^}}H;oq$fJG(CG+_d>Xp{bOn1N56#{g1Q8NG5>C+jzqP1 zPn}j%u@$IfXN)L!eH$^K`odFFxMlGG;TT<8v`$iLQmvv5?7*?*T? zx*ejZ{>&ps@Ot#*A?n_` zC|fh#o6&5t+#EOd8>I`@l^rA{VC7JvXriv z>Frv;n%Di2(o5ib(_uwQS2z@{pdm|*KD8p4wm!rrr$1<*UPo#5!urPYlmg~^idW>wvdbK01fe=DPieO!L{=&*$pz?W z%?})}ga$}FfLDv29nB@_qpaS2#uArw0)Eomf+y{AiKR7ONBYo^`D9aD*_@L+*psO| z;hVJ&!RxQz<|&7%5BD!bEa)_+;~ltXd^*U9%ag>C&MnfK(33!YeuwGI0mU-G>!fcL zl7ORvA1t-I1Jw$kF}?lMz(ZL=u066*%xEBP)lCVxFyHvQ7^Fm9sJ zcy!p=Us7GQbuC%p6U(>GlA~K_r%4FB71|xhoNebYb>=gls#tegIY72j62)J&2I|VV zE#mLSyQD0Ofg~Fw+)xzx8|9ij3G_Z;OzjJ|Uw0$=PdtqY-97Y=tSl- z)xMU1@~twRxlE=Rx=N#5-FtkR+T5!^ByzmNJLG9JMP{8qnWR1`bC-{f{LFl4DpY=X zWgoZK9T>FFc|&7cYe52}x${a^r?+TJztU9&H}N@ju-LjuvmqB~O8Q-JcYi7Ns<_LX zCo(%RChQekvS06T3_okJ3&eg=n@h6E+PC@9bCZp~>YC!KO9bz%8Gab)bO{Q`Az|$O z99FYep1(6kn*NxFz}2V1;&zF%+rDX^SE2@V&RA;&T)FBezn7r=i7k^@r zf!;4t_W7s{rmcE>Tz?1dNp$Xb`P5{$|8=j|q1W@);4y#~J|vQ5Og2;Xds6gY743V^ zAnSIr+6C3lD3Nmxhc-kCg!?e|q_2(5u zuKVukqIt^ISVbU{E%l_=RccQ;F~!%vtePGsxI}f;JqMN7`OKI!U74)~s#{dfB{g6- z!ikOJ*u}U64D(#_Qu8Q@U!hBi{q{uLs|EHGMBT#ivd^04?4_oXCx~W^4R;BS1)(JEVP;tRXg6sIMqgf&?0k99V_{jfDmDRu@=T) ze8MR;gBjiHnxU(-%6|JH*=eE63X_EKerQTXC!^ycW?SnyW?B4hJE8euo@X|7anDxE zJQY%|`y6jbjRfUuO(_^D(jg@fSH>m0y504)5PMp??>AQBKD(~!Px>>Dk?kLi9E7x8 zf2j=)C<@VSCqRrAL~NDCf4PPJ^@j8!`YHqavnS<^O4RV(=`uW^%};?gx*TxD<)`v) zXGy^Pd)`uyyVv<6=_fwtGD}nUrS1JGXQr<*pStp~UO#zz+jr03fQ2V4M^_4N1=X}V z;&*D}L(*H|MW{#0gZ*6^Hdwdif4j3u0vY**FU#Eg-dm?xTamVtzimBa^R&bUgtD@# zD!P3@)fHJ(dkd#jHEyqbvB32l@TK=Jo!l214ixAb;cno4)xY4mP}!WG_UCEZJ2^fk z7b1-mF~BaJZ}MB#H~lxu{Vz}LyJ5bZM*Af-m-&Du)9sctiy1Hu=RR5oa@K9tF+Q-M|Eqwb(cu+$kC;r=Vz~4~v;;-)w zH%1d9>|-PcUkq|EkqrKOqc67HO5WFN>!HW+Gxi=UGfc(evPdl7y@hx~h@x z|8`zO&$orw&*<99UG}~R@&D6m1AOM{^m<0WD9(P6^&S=a@BN-sRoXOrjtBY2j4bE= z4G=DN2@zGh3(ZL!^IA1Zq#OUaPr4>Nl~=uiX8!I#=6|;j%*=Wlp5ET9vJKibslwn? z1xP(`w-N5Ynkeddr#)n~NxOntiZ_Y+srgK&MKj|=NDUoFBx@!q^16QcjxIc)U*UPd z{;UmcnD$`@Wr1S>i!)MhD1?7#cQH;@Ik`)k>PI;5)TtH=t>9>XQvciez2!n~^Fpch@<{c^1SQdf$+pj!Qxc3r>Eycv2)OS9~$<13nmMRHc3s6!zm>JlMbK0)edQc z`6Bo4+xmB2^>1CeE6NpUGlNRR_B#;15zPVD0|J!xTcS>ijGG|8Ts6)&xhmA6B>1M< z^M!c1RUx#Kbnz>;pPVX#cu*m{W{RcTf~6A=Q0 zNp~8Fey^ZdDIN02qULQi+t+S#xo}O?^-EG&28<^pDyBSKGONZ&zO7WcPUh zAQqNpU_Aoy3M)-W&|CJtlw**T?-s2Ij}}Y8pV`nU?3Q8wHyu1VQ&NS1=U)D0TiMz~ zBJMvJJ8d#T))(&pn-04bZ9-5+LG4C$3%)_^N1@%J?FT;ig2mB?(0-Rv7cVM|-(*Da zCN@#9kq8l=$c3&JuEUpe*Q<4FrF#_1z*ddOWBjRrgfZdk_CvHFOKFqZ_q9@49;^{q&D1uGfpj_s-chCb(axwda}Sfk89L z26;XY_9I1wSw+fjPxb_6+V>rMjOMG#f=mZ|R3F<$E*(Xi4KyfXe6F)=5&b7boPg8E z*)v0JyKazXn08w2NGb6Jv`ANOH-n^ybgcErJqkPsR$8{NB7(P>)1eLpVVaXCbYB*P zGQ!NR_!{ijGPB?KvVO&{Ief8{2kFI^@5Hs=uK6cS!ET(19D!_uRl*JSyof44PuBv* zkHh!1YSfP9w3~JtrGyrNy}qEK^GE%XCr3@$rPMGlKBfpGr>M(_`r0I4K6(GQe1TG+a#4Omll=rAUOKOFZFRG8&|A>qz9E znXweEC1I`>_^n5$l7JTL)#rRw0kP@YdlY-JMHxO%munkFnR3uyN#MR<3O*#E^CX(y zsOk&xz2cPio|czb^iG~H7D21Umx&zTaPkb2h^%G~k)?jnCa?0N1 z(3s2S^TD3Ay8X;^%APgQ=4p=}zEQksMF5rbkAV>w!^<8mM@opMKX{XBs_jZ&ZX zaIr-J92KTaWbu4a;QN!w5b}#FQZFchzME z?P0|3&VGF!x_|&@bK`xWfPazI$C6Us3MWs1rDTBu1>AQ&#d2D<$)=jF53e(lNo-$d zgM-o%QPl4JGPzFtL&x)J9a1s5AP z=6P&3TuR;?O}sv~L)_d4gK&bOBI?GafR?_TY7cFg}s& zkE-vN_22W0)|YT^3`*fs6U^YGbOtV@Ps@=bZOpJ#Rje6Jo@>J?x_~MbK&O5 znO=q$R3!}{y5*)#u|{XuER(HNp6Zx|O}<<|e#?DhS^w(sER zkp})QUK<}`hRn>dx?ETbN4uM{@``HKS$-T((yTU~#2RKK&)vOGyyPF){IuOyY^E!gr-K?(lKZES1Tlo;I8Q z7Z`GO#z|mEVx18#Sy3@>0>}9IKH<}IMsA!wS5`LxYk*yc8$`Z3x_f>NO7AJhc4v2~ zl^v!{)=1SRg&7v8O$QcstbvGY9;-v1y-MeLHW>YnZ9y~}1(Ki_jDUwY|NSOvnA0d- za}m|*IGOX!C(i|tsas*0CP7&xr!3w^>1j*t$DsXG5BK(3>F!GSJ=?$u-?rOn_m`wJ zqMw4yS+2L)h4gF9?=o2G+oXkm^{`miZ>id)#ZezoyTpEK3uQSdUPhduA zxp_a%KG-5ahQ`rlqHG8`*1>jo|G>8$Q|q; zhiZ8VR$45bld1RKsj$tsaED{H0OQ|I_}Ot`U`+C|%RDZej!#+GhnN!hI^#5$=%S0) z6i3(}wd%#F-itB@u5@AJms=uAa=_DQgs6scQTw$o}NZ07z2-uF3^igA^Qd&J) z*;wkF&CmTbP_-3r?4PsJCuCHwmfCm7s8yEG@SN(WrS11rQ#q-&uD9rCl{HPiDx6Lk zBSQlk0g_zPhs(FijJn#^fsMg-T7EY?3+3V23!m_+Toy?yYjgo`w^iGIMJNKI_MB}4 z30C>%CkCr0kXKoJOn}r2>koeH$>~x0%s85+HV8^Tc!4dyV+i%kL#HUD7J@A!PZg7- zWi$&C7JNXwOoqVYo%=2>!f{Oesdvmutwx=4BCEBphZ+XG*i%=>uB$KTIs`Y68!2bT zHN0_2wc&jBfH%b30J7h_5`)$74M*lR^;eK z4RMn~fp$u%j^sH<5}bSg)LWIWf#)Iw$oNO#0v5Y!lBASKUYmGvK)w1Q1HUrrrhJ-f z06E@?7}lQSA2_)%cGd42_HBI)?itvtvaZ7%yKu|$@SP7Qux72j`n0~C^=(<-L^^!o zI#b0k?j$}I-ppBDIVP=ej^ns<5PcwO?NrZnG@s=}xG?Swvd5sZcfI$rLR3Ma=>mRz zVL=8N0>GVgYM07IogQy}cH(*g(Y>VwJXNx-7o^R~UxTre=e)B5cAVxAG%gL;>;)4# zJLO7Sab>mKr&ke(^vd;aK}Ig|cJNCaKAI0|q>qI)?QygNYT<*uoU`G9 zB-L`^MQce}{0s^AR2+zw6*?30gn;TFs`V!@OZ^^c% zLCni5Qao_8ouS~ck&ongbsOyCY#+$-Z&X7NkuuM4a=Ibrc9X~Ng|mP$Gx;s$W8L2l zsyr+8f@ax755DFiwll8zfI}nYGDelMwx;Vi(WRtcQG^;;)|Nl!>#5aAZa(_5tsH@6 z@e~b@9BK>c?#-5-u}IdH)l?azeKjd{vS5&{NydlWqx)$d4%b))6%8G@+OMh~v)jsX z7ZFML6A3*(#^_FAQPgM>re`qA_H&B-#iqepc*uBkKJS6a;+NAL%hc|n*k*wv<)cl3 ziQc?4ed4E5>5uNeGk22{%nme#BkUni=x(Yzd zI4vifi*(jL1GR~KT}_^4{aTs3jnXB%ML+iYyUrtytW*FM<$e*~{j`7}+vDv)`W1H;4=g70=gG&Is{|MjJXHvLv;7rSOP(pg&Q11hzdOvQo1ET$ zj-k#wO2f|fALLL(teV8;MdI}5@p8T7u(u|EoklAo1S3#RM7G0h_QURRsj>1?SCc0@ zhVG*mI^@>W=0UJ_k;^-e>zp1V&*gYu{XywbK)TL=Mk4qI7VN>}R{z>szCfD*p5yo^ zG6%t{k}ccd)uj0i%&GYHA?kD4(Y;g<_byVsvtQ`&BpZGwj5v&1fgyQ;#^F9Ik%qql zBgSL{oz6aG$bi1^DY%g!e4w)($HUEW9RoVIHi;QH6eMKCWc<_tAhLJP;_tQvYjnyw z#S_C$*VNO0{%$>~*ZxAnhh2OAy;@0M-Z(ZK{hg zn}#;C<2CDV77Y+4%o#6IvzH5@i3w`2%NrX%U4Tu_+tX#1%U!UkgqH^a?k#~aTmovd zAe)qS0Dmq23_2HD6P5W_I{|ADa3TYQv{V(uyaSZ7BH~pKC@O{@7fQbATI=g_! zeE$b1yFjlj?d*8HYW~}8KGCQr@zjpl@fiHX;WUNg6Zh4n`6|2t}}14}@$ z@4$)O$cfjLxqn4dA@nsD*95(n%%HFPcbxCL7f4ZXkbaEMmBs&bQM%~zAB>5ogCg%c zw>d#mj}mEzwl_9rtFbGKnQENL6$`CFIPpA%btK{R)fqc7B|o} zm!kr)gG{N;r?~r|KU_Y)wsW(dQC;Bjs|f}%kW~cjSyqW5%U@ zk@nxb$Z>z}Ov*^E8!l#bFni!WsLROW@Ky&)FS1{bAE|&8{O=hh&A$W63WSlb(*|t} zca{}J|Loft40nYUR`#jILx6b4kz7UI4~{qeNpeqNmpGK7xuT;n;#TdNsb9?4Rq=W= z$-<$Ax*M3R<<@SImEvt!zk5K4ZD9Z4NoNE9a!=mRsmMfE+C7z1>g?lKmUNmtha&(+ z)qz9Ao+zU=``tD0{d#Eefch!*Rs zJS`DfC>rgPRh9l}e^%Z100Z@}Rr+#Gx$tAkX?Dsx82|l^dp>b*%s#Q2ltodJldmYL$1Z#;czZ_RuW#Mdc5!j> zxfZ=p>;}7ln*5?m`UG(W&C)AoGcUfv7DfjmSSTw>?;Rr}Rdn z(#-{`-PnHTPRjV5mdO~WiSy;Y<3~JAYJi?o^CNhUhr{0c^t+iL(vVu`G^xaO5sg*# z+Nus6Gf;w!=j47CIWoZ*Li>6eNF+$wJJoyNlYJD4j+AN-igTY!tvNTg#a=HZ?Xyjl z60ed^_g#sECo>NA2XDX>ecz+G@g`knSNxYmKR1Y9n!nP$#Ol&Wa0XVfb z!v1u&hBrlo=Ooavqo!!NX#Qr$wMF&&8%75}n>!>DbcZ*#Hmy~0=6*rQQ% z+bS&%jcBU9DCHXY+>Kz&>Poq&Q_T!E^-&a+(*fDM{Ku~pMO*-C?FGk}S<%B*x7|Ls zmF=uYOUjZq;KwGm#W3X+MAl)jg2>cpZa<3LXPHVe^*whs{;R{b1b!iCHMJP(|>W_5Gzt{L&#=%a|3a28m zJxyw6<{xl!-f^onM!78}g|f83i;bmJ2KE>`8=sk(QO-?863>q2!90LE=R_qQjS*EH z|3ACRj$jVY=m3GtY{bk+A^Q^0o6U*B|JOUK5!>z&*>p#t1jF_^(w6f`SA{sU_mKyHt=@N>ae`VlMq z9wa-xVx}7AZYXY>%=BPG@wh;(|I}*7Y%<&zMIDMV3^z7IKiE}YMo(Ubii;o<*fl&& zJcm-_1K2;3&!w`IqL{8$bn8zILuK9h^AP-0lM%aB;j_&nn$)+Q`jA>lkrKQgUS^+J zAevZG4ysRQBMN(_pNqPXh;uvP452U%{(T6iKcbmv%&I>4ETluK{`#?e>0HVu7@I>b z7Lbm+4eP?4e~L*+PEpMl+^~7AE>f77S7aN<#}cG_>e$YI+=&iGZcV;TS-rgZ^)Y;9 z{36*n@FTD=Nrum6A6sJS(3O3e__`IT;+*6HQ@wA$@g`{P7a(mXKu1=}hMt>+%DBr# zkbJgn(jO3E?A@dpznG}qx!RfKu%RdV1;00P0(MplB$fKX0?Lx=r1NecLtkDV9S4YW zqs}}yWeGc=(VjneZ@shiITfRdePh^zMgLLW(pyd?U@Z;WvZZsLnN-N5g^lephF(iL z^y+Zp#_52^#;sQMEAWZGxu4PveHQ@Z*Whc0dvL4K|P$0-$erEPbQAC!!~Rs z4tMlmk5}8|aJP3N9jNNa=P9`*ydmu|>QZ;RTGff%*xuI*{x~x)nYH{JM@Ua-hX>`@ z3AP06{ZlQTH}uy4ls;o><)8?;Yg};_9xxG{wu<6?=;)c6O)kcEWTrLZ`?FsQe|d#- zBge{{K&fper5`p$*Y$RBkJ5r9cpD-LqANa3^iwM?08+KdYn~b{ef$$!7$V)1hJCu7 z$x(u;3UD89B>*Eh+7cofiN?vKA+c3ALn~tQpKO0U+RVsMjZrwl5{>FH60cF)$PfZ-oGN7oYZFGJy`}s{^}L4GHMfLwMa^Tizr`j13#zd ze1L0@Je2VJFs#0!kKyKi<{Gn(2=@rgx$QR*Am5fYjd^RAF;S^>0=s ziMDz5N13WmKHkA)!EmL6*Z|Ps%vL=O5aI>@$-Zc@SCD?&-swGl>uu?$S)1*GtirF5 zzNz^3XE~1IRhhU4!{u`HtHF)L3?-9_;46JWSLXI0y*B z2KI!4S_k3pt8XTC;IeL_&OdGxl=-|?!_&8Qd7Y{JX8IcXGvDu|8p5AwiqcRxhX)!q z?rngG`7oK(=gfq=SMk(p z;pCRl&|y8!SAHx)NGRjNZ?{cC*!wVIjGYQB?;^|k1Av6b)dCz(wa-kN+JnB6qgIpO zfz=qz6R>BzPOH{q2*O4ND zz;+}JDA7aW?8&+2aaeNZq~*DE)vq%^TU}(Um?Uj?+zU8-^$%Z-sXF_{XKVpu!CFH*?H=?I<#R^N7;XJc95Lyro9{t7j{iVUM)L z$>Dki;E48A+b@C^@4Ly%`kX(a=iaAW{MKl9T(s?o9nUj&5t)S$uMqbIFmZR zei0*`&44$_EBfR?wz6$e8*irO%lc+sL2^r5EHf-wn>f724begz^t5Gz z2gn`oV!L$**fz(yc~lk(lo`sXy?=R+YF@iD>H7fNrMM|C%-xJ2i>_Vqi=H6%KLW-KM)Ko)ij<0-oot>{#)mPK}otL)e^h-av16&{EPs|UudIn|Y zAC;vZ{tY&~5)GN>=g-$*JcDmDHmrmu-ZPEv6CrMyYk<0MA1)qf{Zp0q+VmmAy@<|o z2liVR8}M|s+Z}zIIpFZPlb=;~F;_uS{YfK_v$6F4My|WOBI6#H_97J>BY9X5#-xr5FuRQyA=2S`PRlK#RxY?q148f zY$N)Gyu)8DA*#`WQms36?_ZJzEA;(y?c!Y%Ih-x4=94G3f-^m$GNRvlD~{wla|TSG zbH1Z18hbt3kmt7gOw+R2i=xk%DGF&Hk^>%tyKvtdFv_O<6=WG`X`&h#uhOGJ`M~JFiToph4*GHuY+f*bodQWGP^e_<8Pfu z?UB2_KS@mup98+wJB&aXfcl6Bz|b+_Y!Ut<@nRpy&TV=gkW#eiFA8X2()e!Ci%;H8 z;SnNhm@8p~X7IM~eWk<3}wf@-HJrQ@*U!$@TbXg44+n;9h#%SsZ2q9wzhO` zEnH~xgUM!&-QSTRIAVidG66(r4!xSso~I3@IFr(#%Q0JRqDFZwDs1|FfjaF$Ht;0< zwnH?b5zt9(C&zF$`Da1kCv5h4q(w=@2uAZp1}ISZF5fT1)Gr||TPg1^pd!kbPhupi z1fnAq*H~I}^YUc(f0bjMg0VL$A1kv7;lZ~RERk;?>s;*HdbPV@(IK)TOzJFny_0~5 z2_L3aDxbNQlg{@qZO`kAUTidstE_wwtx^4>vPMElxi{xV1wh4s3Z)|-U6R6$p)~j~ zT@tOe3Q-puy8P*+yQu85vJ#3mz+5(B-q444BL18rs61~R_*)YUvRL~imahWvd)~5& zAJB*@4J)uO{wMD`b>G#yg`JI@>?k*O`;_=KlGdiU;`F&e*r7|{Mv z(e?fB>6|j_Z;Ow2-G{g89G}a!?#a;V@8@1*1w+P*g5}je}Le4_=}tQPjg=ax_zbIpWOD6xhDr^ zpxxd3N5|iBL&%DEBbL3^yKFSv=hLCnITShMvykf6Lu&ve=1j_*z2U~L({}csIpSdcqIDKZEKQXObt$$<@F=7mG^|#}QT7#youhsg1+Z zOLXQ5W%W5FN#k4SayWMNCH-lqEfIhQ?mg59eGzHY<->%CL46p;L}BgZ&aT)V^tj&U z%}N3-1~(m3>JW5soL)U%@Pf^}Qb<}g5U?h?QjEJipL>2+{X2zb;~EWcZ_D6Ew)a9+=Y0A z%nvA{+Xr(WVTMDFMOb9vtd9iw+ITZhGy6C1VstRs5fr7dRr1GzzSAhYc4pP|f!1kA z+3!T7)(B>0;czLA&|_E|6Qre&d#tk|O+$JZ2ap?$1aP1=)yX-Z`F`}~>thfcn-EiA z7bCzIKUsE{puG)h7Xj@u;!R`n<=4LehIu<~N{Asv#Ef+hX zNDLTc8By6D_p4b$Gd9`YxW*JAGsgaZFReI|G=D|6eS< zfckFw6W?XNI`_`!{1lFP-ATkkH= zZqqKBXbDUIcLb+j-@A_tv}n7r!icke?R}v1Qd5a@BVOf?YNTy_2EBxUsMqY3WIcI#YISIV`&$SW%(kceb&l^!VNk9t z{}NiaX#OSzzQpo6xJiGf{nH@diY4|7yH?v ziebvXWA`#qdKdeCm%s9#oQ55Py6S&9tN$<6Y5&KPwf~C{ytTE}=9!)Fi?$lRZE&&Q zbocNWe~Ljsrg{F&Sg?v`fjeAdjHX7iW4&@1c~m}Mo!y?P)cNP1cezOkVo#!?qFP6p z7n;1E>P(sQh95d8UPN`8wTb^_=cfPfs=D-l(%=6dp(*>(s5)l3yt;iNE_7%1O9~4! zXIScmiw5#ts7mS)Kn!&Dr;I~2@N3A*`NewSe!&NRDp(|>W!q|h!6V*XKbw9R!&fL>46&Qt+S zqkeRBw5#^edtrh^R{~(L_x>f!90vCDEKKIlZtG zYM*b{cCcA*P_6dvKo#wDEKO2<+2?6*UieK@)jFj0QlW!1WKSxNOAzDpZCPhibe5c_ zL&tJD;56>DY8w{_?Z|YLKH_i))spLoCY+_K1ike8#8O}a$Mjl*$k!I=`hVtEx%IIi z6Yl-GiIY}mEZOs^Aa2Z)bqonn?454uz*vecOyjTDNc!?6;WANh)2nMzu2 zqdcr^Y>piHb z3#KI^gTwS#ri!C#!zbRIa>su}FC}T;eIsC|RV@EROyB&YlLh;`5`;CxhVHr(ZJmq1 zWGsvzr9qYT_1L^+{5@emWVzi%OsymcV{%H0a2vsgVYgN|#&Az|;}iTFj{^BqdBVVK z$^E?-1w>y}lVWO{SKnT(Um2F#=IQ_3dUdvqI`2E3DsEW5G532vKggCFifJc2dG_q< z^fP8=ERR5CuRK(RA6@A7RU0Lw*sCh%4xxorn3qr&%x;LXp=_C-NRzhLIZ_9~I0jDJ z@%%dp6eJJ|~3kDx3s^zp*6o}9Kr6sA-Q>ALI}#gHRyX(pY+{VtLiPO+cqosC*q zMfuv)^AZIy-i*=Y_=U*MM%Ev9+VU-x*t3S7(=CZ+6eC=*g~SCx+c2bDb%u6(lO@h)uYUM_Rgzt|h1go!CX`k(qVJ1ze z;~x*tUT?b(g!>gmu)afFgWnMKFNzE-;sy<-ZcrCi*SfA-C3AhzAH3~eH1m?gCh~W- zx`nztA9f|JEhZChcZ2!y(h(1KylAg4ck!u)qc5H2d7$l=>9wEF(P@RfDRr&{cG!dJ z7$tZZ_4GeOuJHEUeOy2_{S^H7I;PJt^3{ZGI$2aGg2~J{=JV0mhnCDGU(NMnPFx;t z{k(I#$=y63YC+Jc(Pp|L37Q)L4<8V{(k>~Pvb)&c<6cu?PXBUIle*>v zUW3e7{D}=FG&n07i4Y!!MZLkZ7bSUhA>1WikBP?E59Rt)-f5(Nj(ei^&z0}beej%N zXg;%LVkb6i_&cq%8ha9*-YtpC#}5%;ZuF||+NZ>G^}~?a<8>?9%J@fV>s6f?!&eQ{ z5miweBImwFRen*?+CS;x9-R%|jC{YeLL6;iO&NIS`G4KS8pv+IX4DVse&#orv>yqp z47)!a_X*73^Uc&&CjJKd0*I1iS^h0Q)p8?&4kJAItnwR=vi;ZvS=x|={U9jjMx#{G z)H$DkWI3-ZyR$lr?ShK065G_G^kpM+mLKzJP#YCWPyn*p57-+XhJtV0>TiIt4O@hd zrZ1?kWEXl$M7X8y-7HNE`(DilVy!lWc3Pr5AtQCxQJW-M1a%z^A&PAe!g@loIa+oq z#k)r8&OfY+56PK#TB`v1)A990w#eF#^jGu0Ea~w?CLVTG@~u%{y`VHumaZ3pXka#c z{6K2S4nS*&BEx#6%Hl=HctO()=e&F% zf)seY)yx0xPHjT4rg~1bMRy5RB_!#T>2mXVHJJ}C|E}jPuDE&rx_?5FPYF+D=F?=D z1v^5ZF|!kwTb2{A9;Z5>G=S)GVye=+F6edmOwz#{YBs>HV@U8`v%bC}h^U=+3#f52 z5vSr|26C{rJPu#hI#t}0z3QCaq-wRVmC(?(1RQ*3JV21va+Z(45rzz@X6lOw76#+A zi)Ezw&GhUeXmb~?`83QnvStaN1A0cY7%Jqp6hmjpMYx-bySLw-Hgcb~##L2gOAPluboyUkmx;jhuOTkWNc+P2%mi+73cR!oxCMj4N#ygW|) zlb^=cni`ciicE%!5g)kF)y>SpZ`*jq@uo(prZaRWuuOlhG*v!RJnW=-C-%F0+u7Z{A*jzBkK%SC9mU^%)d6L)7OnSkFfwp8fhLF;`{VX zYuS5vR7N`NEq?AW%B;*5)+!!ZIFD59JYFmW6}9qzztj`NPG^7Uh_U*B;F#uCJ42W^&OsdOm3_K`BcO%9q0MAC(hNo zC1KRa%AMJ=PX0^5@Rju}dkfWCkAt>&E<;@li_AzjG7Xx0Ms_Jbgol;sC%++DgIh+8c*v{=diC-A@GD1+J#EgcUA_ zzaFrbdt{f4cPgK_X*`u@QCWU=$81lyv`>%vd8y&N&K zrXi_p=cqRY>Gi)QbNQM>^SULGEeM0UPj8&B%pHWIf&g=$ufqMv-p+=+!*gezTBMDf zR65P(hbN}@Lj>JO`Tcl}v6V|r-UoMhqYlUC?d8L<-iB$@Rdz-yA>Z3%rg>2z-7D&k zF7HlAI|xDhA|h)^9Qms=Xj|xxro!P(_K|tLhWm!vc9ni#=}_P8;m$<%RmG(-i$@R1?3rcaTT9d1S4o_%r1#o2PzAfd^PW?~dt7=VoPy#uyu7KOD0(o(v2 z9K1JifM<5VJVU$SxFEvN6$801Rcg4ZUKz${E-6;3OIcOv+B_7S5g(VGT~OAfGQ&BG zF~46NbUfXF1Pl!W&^LOk_EHOE^Jf%_a`bGj4M^*lP(;-V3iw zb3;QB6JRZU<+v9A+#URr9?ha4hUk=y%c_BPXu~GDSZ%RI0~yT2jB%GfxU~)Og7SwN zKi`CiA}H-+yIMGXHH{VDk3`|^-!ZE!8k^!jxeAQAo$MW(p3cjJM?_7_%zXaOMC>z{ zLkiOU?hyyifWXWV8r_=BrGE~k}AV_t=!>r}4c*NE4+-rhAq9yTJ!EkLaiNuQffg)VB9q&Uz(J)HLvQRFjo$P*)S7ubCudG;O8dbuPB)rfJ1rarK=k>dj*3 zs!=2wg#e?kNKm$zB=FeZ)vE84rx>5l*>c`oWg%bk>p=`48}u1HgWv70V*KT_PbTbg z++cKd$>P{pa{EWic}bCaGsf}HoVD1`S@UM@#b@L*oqLePU9r1G5Lzr7RZ~p;JuY^C zbJ$$OO6hk4m9wqURrC3)l>0awCH7IM>&u@X*q=&|jy*ThsKo2U6(eOi(v2 z02_7+`B)cE>&Y{K=8x(A zK^W=w3X!piEWM5N@tvieFj1*C(2{LBJdX?58l@M7Ui=TP>i>po`O9zpANiZ6wYOt* z=(ZRD{U~E>oF4-)L>_=*p+Kb)_0y+MMl{6fUjeR!z$$dI+>k`QuwV?X_g$85E=haZt!P8M(`Tl~kS^r#ZRbYh4XZD}(jOh8NP z1FRc5$$EhG@^n<2=@Ag6e2gVxG6-i5@u!#sR3&Vy_(un5+)ZOd$ypsO&KGm`^tRiwAS{FNJUQhj z_ufReU)SQ8%sXOLu1RcXH9zJS{O0iyqTsJ4o?rKK2+)Px<* z8WRP&u$rX27vJrPp5v^?lcHIEVYVqW5qph$a0_4nWQnD9(6FAv*>l)yC6W9 zf?~%$alUXXwu^A-{Ha#8Qm9sSk#PXAxp1zv-1{8ja9dVyBu>1IBw%5RT8hS;Lhhea zze-Z0TUfKZE6R1Fj4*Abh%mv=&mYGC7LIc+zacquLC-FTCI<(siI2nU_m?caqwyLQ&_LAHW<9ZylAp7RJH8I`sA^=!q%#*{ZGPIj z7t2Q2YM*EOv)7Hp7xJkz7+pvVq)rkyXWUVuHqAtDwwvnV*t*9K1QuEvxN{wd^I@XB z{Zh~#qD9jVicm;@p+k2W_LcdyyCG@%n6_ zLe;YGAkH?i$!@uk^hJ#?r9tp?17mR05;PC=<-$w0L`!Fo);qCW+6Q#vM(L`AtqP+z z;A?pMDN&a~#j6f;X!=44^AD)$Gz~lRO{jkko&`YeTHU~Ll$U>3eOHO_duu->j+x;F ze55Me)#u9HR=oU~=~uFi7PeQ?2*Mmj(tcfhxzL~yQIIg7)RLo@|8y&5l^F)QWCQx4 zrXfxV>et2wE5!*UV30bwyH+H3)U2T!IeGU^fAYGl;G6N>DcfH`D>-+N5rddy)mu|< zPxO#&QWg^so5v<^!Umzjs)0wnNo#`#vJT1I^)$2UQHx%|Ts60@@>Hps(bhW$;qaxN zr<7ux?^#yUIO0M4e95r&b4)%IFnKGHeWh|^^fl5z^axsx%6=yJ?!F)Keyf9XTD#h^ z)S4;!fqwO_a|wn0>}l|fVbmGr#4qacYIwS$1?7cngXFAaqtM^{nllf^1*SSDhZQEV z1T(IJd}An8ZT#5^D3vo}aw<|JG%4P9>*a7?bok!ran$0}oxH4Ph7)+pp0E#79OYZ-C@7%MKTdWq+|0K?0?wI4Q^EL1*Ri3NL^BowyJvRX>UM%luk35RcW8vUij3zcvlW6&7K{mRQkY zkK5i?q{+Pn3k}B8&?Kz27gRNg<)1nPu2Y!pR1(tAQhi6~87;hlrL0%K;~8|Y8md_x8h$ZtY^>J4@(M5tA9W~X1dV60d%LPh=qO&O`Z=lionn5O+5?hrA>P2k!7;j-)=!ZLxK$UzOj-cN@6dku+ba6eexPI9IN4m zBcojJ1fjLXOd)qjc~7k0ov^c^4qMG6%v4S+01O|T0e2n%kJfn)U-;qs#Dvg|%D3!f zx`tjhR9f8jpw7RVM9uoh!q>Y*?D zG-{8&*PMRLq`MJx2Bm3RYqzU<;*n$gmqDRsy0Plp z?Xl4@Q3h?d`B$T^sE9?7FfzZ1JjG>%{A8Zir0xK&{%vcJ0>&+?+Q84(`&UU#RHuEO$mb4&x}kjGl6tfB)R5e z40^d9j~&`nieGjJ?m<47ZuvHrcSFHgHYyn|=fN}+WRYGJwDAI1BZ#*a8o8NGr*k@h z6Tk7xsP`8E!f}<`l9NlFU0Bbb3EHjK9M_t+YQnPl(ZYG>+@hP}XOD0CASu z&r`{^;0?hS?`E)8?JUzV*IHffk8&rzo~BI$7cKG=ANpAlV2IO@qv)5$X_?X8?AKr0l5R6BJObCkS!XP{XBW~>c`?*;d( z$gqQUWWDq+-^>5;+DF?VO!Zj+vTc6}zy*rQ+JAqQk^unqzlW{Df9SRXZVPa9!To>y zONy^=k5y@^_)R?9Gd=-&O{>=%fNWXkUxKi4^g+COYwK9M(;h%T!p_RJMUMW)c zQ1{EO>`8}s#gh`xk^zhGUmR+Sv%keEgzagPjMcs^R?jFbEE{Q_k@cl&ot=(5U-Xqc z_IoAK-p?pds@a7o)vRD4DOWQZEBAdt`RR2mgCqS%Rk{p#OhAI>H-u>;#fVw z)7F0^ZF#JI+?16`<@K|SX8F!}N9W#8J5&>nKR=N@EIu(8A?5o{AtWxK7U6zhN_7(U z{7(@PIywaV@osH11am?Z< zg?m-5>oHYWez+$Yvu2EtEEf|bT$nXY%Q=pe znY^N;^!Yv()FptitBXDqh+l8&q!^zWeJ<9Xf9x`|JTjd(W2s}3fGazj6?|R*yBsxD z_+6kNiLamHNLFFKurC6T?5#i(n53d&&N@tEV1y_`uJ6QnSRo`xWm!eomz7b~?4TB% zzKudX3YB$HPwx2%I4OE<&kD=Mn4HWB?5S`AZ_2Min53;geN$9_t_;eG1VJn3?C@ay zP*$+P&E`KL%T^LlF;T$5i8!j0yE)J|ap0MvZ=|3u_r~>LEiczWNeR+JXOw*B=_bct zg}aM1UF!y{31pVYCERzXGKB$E1RvWZK-tOZCwZxi6 z1=EedSuojS6)La;y#XR!2hg`SWGymGa_tn9(YfEd6b3ldItqtJP_Z-6cj-xrL>x?F z`@Jebj+kC&Ks!GkBN%^-Ieq=lRa8`lftEQS=%oGmgZ^(xCWj!P`S3xH#WleZZ9ExZ zSC+Bhm6D1$SC}yAbuJ4z9aqpWyrPe|pdgJU>2%SM;zjL=BpDa}hmxaRQ1z)vhBe~~ zmobh-uU5PQ(6vnJNPEuxa5cz08>Hq_S1>&^ZDh|CBfp+rFjSRISrt&}$l;I>JSBJX zDT0A&+Gl4pL|+7f{^Ih}Mg(N1h$;%F-X2%Vy~$;r2!8BZwtKCuJd&p4yL|88Q%YsO zjeWviWzC4g*PFErBxI>Et5qgs_sc=F9fX<+a%p`xRRvcCjB0R$mEW$v zebSB`JRmmP)yKqt5Of@_s(|^StFXPtpQj%0Dl-dJwtSwmzc)a0x)K#OZ-DIFU|HIm z+BkP~WTad?QrFsYYAW95;qJn?`E16#k-%?J`8aK0VMpoJ2;BrjX`z58Qp4v~1ZX_P z8P+fHvrC*JP-Vf33l{WPv8KOWvN`z{98ED|jcYnpx<7f!>kgFHyBC$`t>^X^*;E-1 zE&4lKOY=R&1uempFZcHA&m(v$Os>^l=uUA==To9}ud&{fEh}RHAOm)6Q^LMocW6JM z!y???ym69Qdg_EhJlMJ;wehC%i3;=cSh3c% zm6{~vBHR7j%tQICElv|Wv7$A`KchkPP-wzT$Zfi+EcQp^QGMdhijFU3<#6o~rMv=N z*=Gwcl9d8|mzB|V{g9DP!M)bFX_XW#Zb+}MtbX-XQwYHQ9IsoN5X3I$kiwRgN57n3 zM|*s#QC+I)Q|eP%rRUcLWdkD#zP+e}%l3n|@2@BdsT^%-p6>Z(?$QOdLZ!^hWJ8fK~eI&uLHLRw!Pgx)D~j%x#W=Kn2W~3ErxT#Ai|(Xj+JkU9EM=~vif{xh%9ZqdDtmw6BTj#hxv|Ipn{P@((p4ZZPd714K}KQHn4c=fewZ%?;k#gBtv-n?GO~)3=(n zBD#ylv)O=Al0XZ>r1E>yKca0#>DP1$s!H8yC&`8jR5okg$ zrN-zzryQEon)NLoV+dV0ltp>xQRV$pE$GFt~114z; zZ!;jC{~nj%zrh$s7WgvJANZS3CqOA~ljTV+JCnsCk}@JoCa1s$1zN)ck@53=Aoqe?YfI`1__KS!_+R{O1IVJZiRV(sM>p z(;heB{y0x8DFJi(`@w_xe1}!_(7&Kw235j{a##NQlt)?^4$7o#d%5fOf0P zFp^A6n)gUbLxbqTnoqYhtL$|y3V)8sz*EY8kWWW>W|u;4`qsf~zF&yLJHbH(kBJ*ZoDRh2>xEz&{q`-#$ZlR^8!- zjQXVYptZ^MjoDNhG%6Bo5nqWkDl!h(ZjoH?A!F63dxBL8?U{;+%(ySJr-+PMHJ+E^ z$YPLkFrx#8_~~s?k6}}HYBr2h0>KOUmPcC8kkqP|vJLa|uanx7pzwU(wNoJH#vGJe z3Ug+&k__cP_F*g&TkE;9lKL&EOxCV&}6J4>AhGYitRieBgX7OI+tdN+3cSVwu>&=B^uEP9znuJK){Ad8hv%g7(rr9cO zA)j)yXwZCX;nOq=IGx`fp9tDf?o~|c)HA-96fpJk$NQK3&1a!q&?1)`E8eMS^qmTU z&m&v`JaQ@Xebbf6(ez`!oyIpGr@kxwE=_W}v*=Vla8=#M);$_l=L`4;>-_~iPB!b; z`zcitO5^B!DZ0@GmpV!b(aJ(K`IEsD1p=d!e69Q~xN^N^pE#uygq=$^2S>+;a@8`V zH3WZ2fw39f!XaDaS@P2LO5C-)kh1LGbiTM-itF}HH&hj$Oq9gy-8S#bvkstad+n?B zQ?DulVB-)7GQuwLnK`fWQ2VLQ(isY$bmx7yk~gKtEf>!%0LL(=RWXZz7HoeJvzPeF zH6BcGa~>+qIvvU;>k-*Jk4X)FX)9=cX$3zO3&>RkKHqX#k~C6ak3a98E|2eep+S<& zs$e`|UZAsh8y~0gs{X2+|HeSSl9r%7_ick|U=~%j`og_p?^orufEDGG(WVUp3{r}7 zV(~Gb5^PK2!0drxpfDp_y0Np$hDmB-4)v^e!a!#Y`D>Jm`5aAH4=b%^PHZs1zlP?q zCc&rsovU&Rnxu5@l&r^b6A$=!lmvW{!v2XQ)|Qx^Jkys`6YT-PKnden% zSYy$|V|J5n*0)5qTpGiM4B6VsDH7++JU~Z%jBPa3*kIzG^9_uM$Tz`t`@if5aVbX$?Xh-sfv4Z`&Qz1MU?P*Nx51%7Pa^bsw(j zudW4v86~wv3wlmyTY>!;l3T8`^kj>scSTYPYazM=k%rI)c%uNt?ldQo3bT3t%tl1F z8*8PLS^4}w+oLbuF)D{VdIKx@%U~RBbq$=cU|dj9RyyculL?0?m-}k}R>0Ow`E*SE z84;_?FuFAD+gqv`DiW{b_~+wYg=5*&LWTU0B(S9ZMt4^kY0!J;S^XUcvR6Sbdb(Wc>F{zaV`-bXBGD64*}Qi%Z!zt~ER*X4hUd0Z;AW41a>aNft(@PAEG z^GrobxdBzL zQVt$26dW9`zff1jtYn9Aya6p-vGereG9q=JjuQ>Obp{Z0ndwQ@%Q$jOt*vD|OzAkI?!X`^i#@UvU6Wfi^9>CKv^Y_f~(YJyftsAz}>|3E2$e4W;g_lK)+#FfI1 z*@UZjmD3OWQd{<}9r;k2sI8WADF2Vp7>34|-!fDp%pme>E-yLLUYEIyMyxK6I17ZCeUnxFvlqN8!I%8C zHRgaGsFypep8&=f1%)w?iS;p-ElE@5-P`0O(~vx+3OPE{w>E;>Zffy;pb0=c<0t{g z>QaskOJWpOEIbPBzf~}4@R#hnP@U2E&{KM=71ul{r)DMO#>5!)8j7{ZH84}fckacY zGl`^8sBg zgR#06u5`)H4+0#VMXz!4Vh=tmU~1(~G%J}5)IWSuJsXpd!?28a>O`X8=uNibvl~X0 zlKYrs1oSP551?Yzw=zDs&Q|A+8Yuy+0nZbe41eMVrt$$^@93mtT!=89lmk}(XRAs= zDsem#<+Iz~*>QxWWiPz}{0(~wczJs=I3BlP zn4RoPtx}QJ&_K8YE$#%`B*ri`&v&QdfNla@lJxVO+*~Q%rS7o$h`%Z3f97kBos%|@ zfD3j8iV+HGwr`bxX6O9*TJJ=rwKG6wg5GV?mr^V#FQ3)npTqg)LzCOX9a@R|gBu8o zfYm*Wkkev9Nk0$R*y-IPS?aT4f^pOuxk$j+&ag*F|AJj2E_fnx@F@F_%(xfdn3~CC z37kr$SqPiyWR;Z2LV;SoFmR&)Mj(l8mvFZpQF+KEO)kV%K(5QWI$R-B03%TK;#HJ` zmtVjem3%0kg~)g4*u?5gHcs_jIDk!#fDJ*8vtwoa zcVszc{o)B9xkH$faJZIw_K!e$9aiq+q_4p8Jg4CIY!Xo!&M~f%Er#4-@9cGCLm%beEYbmb}yc0nSV98MD3O2<;Va z2_}F{W)!g)(&oZZB?nkAn|UK4wNKxq9&d*5GOi|znZtAThUyp2m8xD`{XPa9E+|eR zsp+J#>;(N8lgtO#ZC9BSJ6*L^H3|i2kij_< zZi_+%xUAc|4GRmzPo+R3;`_J6tMair5nH@E7mh!#KBNljq`M5>kO^El()WlDHrrG( zdv_$KhIzcyl0mU=V(mG%)z-Z3t5tQ>M!EYoXf3~EK9BZm170KEZsP}CF^nV`i*BQC zn*VcNygAp1bmvRc9?+TU;dZwmFfy6_=YFSi9KVT>{GfZF54Fmps7FMAM>$hnWh~s= zO3pbtJ~?Qc?cuGF9DjV(elqH)ZE=UpPtSsBZ6*VV7zzb${sw^HNpI_xpO(XlblpUV zrG41RS%xAf5L;wbB3jDPm*MzwU-53)mY-Gr}=dKjD3;BwqWV+7JFumtF zQRR4lo#)Hb9=+KItb5SGZ?|QZls`PjL)7t< zTLa+M({EJ;c%QW?ea%!=7s+gBn&0Qpw?%!an?NJYYe`+YTA`GJv8#~^O!1uj0Kn?a zdB=UY>|*rGX$ic+8L$#nFM{`q@y+M$X&cOMaSIQ%HAL!Y(()yx$Y>7N^LoGREz3V& zV0cZNFNs}j)u4*GhN!_MucZzrS=UrmVnf0xgX;5%h3~gxJ5z>BwRlduaK2%};u(5S zRA7+eg53{{Ted9Qmkx911+-GT2p8fl-+8YC8#!e|Qw!?terErE4Q{|)MM@>NryMa> zFybk|lH6E*vMtCek^FA_Wx&!&x+RHwE)t)0PsDEiTjsJGmv*ax7oFQDM)oO@UQlku zMVoxAr=AWCFphe^`RK__cqa1F^|{>X?#z!P-s0A=2o{5@OeD%of~+G7Tbq#a6A6kvr^U&((yJ<6EG%sEcPJsyl-DqWh2`C zSXX5S${kw4w7VR96Y;O+^y%9l@P?y(mAxPSYcLR^9Slz+8t zL;B$P>`vjc(!LAJndA*^(sMc6s*{Mh9TdR;kIh0aL~pjX#i64z6#@F*j3vZWC2v z2jgfU(jM^0Mb{ArOPYBou7~hNgKI8IDQQ28?m4S`scztlFrA(Yu9P=NK`L4^B^ek~ z_rth4`RM*5pPGuVux5dcksal^(sQAcWIFBJI@vWJ8&!FQWV6`;0^iY85v5TocaHGZ zW-#7HwZXF@nbQrDlfRe2X<3bUGb=ODddOQe=8I;z*ZI)EicC|Uw$`Ne|fFbhiVCqM1x8t}wM>0gDH5QK|#*w6( zN{)a&x3oMo0DoV$z;q`up!yhH=-8oTkGx&;g3DbDQqbLCu&b#Xg7afkkTBP3g?xGA z6Cyt37d$GZ$Ea3;#iUt#_!GS5yQJ>L3dQzw_+q5cvK3cTV;4N)0x5Ys}mY01KA< zYKF!N5a(*o35MeyV2fV2J}jpu;;-Cp*Q7X!49Qp7>V9;TPe>}cW~ z6Co`v->5Vi@Kq{Iq-1PduTKH1=u7}eR0#iglK6%Ies@0@Cb^Sx05p{tQk_7p_o(wp zE&F4Y5>s7uzZq5y6+TBAc-+IK>*aq1sQ&xV>;LChR@Hgo+VMF$vd%m0Q11fP=h?}2 z2{D!6UM!%pZs7iK*~z^u$bB6VBf&TDGqud1>wgKO05bk>*=xxG#cobv$HHJ+_cX-; z%gBz%_Zq&w#IfnfBH4!RT0A-QV!>Ub|2yB@6kufrK+4DXvgm+vZhn9IiG znY3beDop-JnB4XJsoPn;M(!uR)!%$M&G*~+#dMlYPx?|g@n8iZqrHUNr7PErZE0<}p+4X#lX>w~Fb#>MsW`SmemqH!MB8ZPvCtM4RUF!XJ_ z*3kVpNb9)lt~1He?}hcn&gThz3J1j}Dqgcp?0F!awQs8KlKF{#U&T65ZJO5;beID4 zS*MFr@57zn%NNHa!Jw5phJra5_vKF|=dV#ny4HsxG}X@-_4=Axe2|X-@#*sY%|RF? z>o){w_gWWyGB2*QLS7o1BHM^DvguO;oG%l^oN6IIQP8&YMkBW6GmgkY5BiSrnLch7 z2gGNhP*k`M!k&jd_Qext^Porwl$k+MmRg zjk5Np1d2j3o^gvuh!tv!<9T(xgE!_Rdu2RXPJ|jv7SmBhW}_Zkd`_)6bRORmB&&Cb zhAqB}z1v1&YO8=sKZhB|hb{cjMY^`BTo6rm4P}-6O+* zvBt_OlrN9NoOD(9EH%}uQ!M??1To3})vwftChI^~oQVx4R(Gr($-+CNJZPV<(uKth zsb=l&fVFmo-)gB*cm=e zPg&LOEy77@Mkq_qpkp2V*#3Z=(}<#oKW5FREWYY8U+ApfZIZz|i}jC2jx%F|b1$&D z=&kdD>ji(bw$@FGjf5a-n?B9*245^&B~mrG85AftwDRQ)u4MQqHTE6XjIy=q=ZJw% zzrd5Jqq?J8!mGH2p~Pd9GY8n{!Fq7fc`n73W9x|MXz~+TK`YwxrIVGNW}NAF_ehm4 zNs3p+K=gO*jTu*#|Q>-N#yYsm-1h_TEe?~46vK*h=Hy|O1ax*DflQfPsicT`X zKi-%;08`l6w6_6i5b~iCQS$(4V)D_A1?GU7l=bbApr-i@HkKXe2^~N+?1^-qinTDN77G@) zqK#*f%HBY>ar18Q(~DCz zc(vzSka2Ko!RS5VT)y8q^o3K%&nsDTt=qqJ%^9#No}&_~am(U{V54;~c1jW)Mm`{L&a_ah>-hJz47I!%uWUDXK#!N_#% zbKM4EE@U<9*ES*}xdfC6;=RYy5Xl4TC|;mDsZTJ__!`^H$*l@jxcJ2eCk-}8hKF25Fl=zf&_}uu4I#fS~2C8&1v61}q|_cLH=Nt!(3v6-)T0>|YT8XIu?3dDCKkhjV?hJF?t|p0 z?<`tZG0Kk;4shv@Cf%k>Oqd&7R%rT!2+~7j3Rd~`0bH2=0yT&IFJ*L-i5wo2aF**2*ra{@CgGbZL)ShV5`jD%+O);U4fgX`jPPjZX#8=N4-oJ-oI|qzw3UPpJ z+guci0$Nt0;{H*KsDl2p<;E8Av91h!>i-QFw>VwnNCIp%KK2~uCc>2!X>SWdnfb!}SS)AKK2+_Afu@z}SrG*T&N#Mb1^?8H7Fc`jvcp&{;`A@u;ZJIn zo=px6d$Uq^oo1dKLC1}(5|h0VnayFvq+xMG&^?Nro@J&44R$S4sf+Mz`Lm@A&0T^)JwDkU5c;VOU&VEjZFx!+NJF!Gg6| zN@QQ7qehi|0{m=!r`TL_=V(16E-Pz?8^7x|b@{tX-d&u<*d7Dp2phLi0wG7SBgZBv zYfYP0U9E&?*T0VWN8T~vi+?CMlvyTF|6<3j})Q?PM z>MOy^OqG8jE4-uAs&Bdmo_RdaicdV;yS9$~ypvcJ3qY-IFBNbg7Z-jNov1VyL=IBV zT80_wvnFm`K=;=@?=+Me&fdAg&j(s^rq6KweNb&!fStNV5H_`Xz2oHz;|K5Vo%!|` z!chUr2yr8x} z4YBtJXMml=`VDTE-C#R?wZ`xLwOiVr1&GlDdRw!KVnJGy*(!9vDTw;|Y$yBq1jCTH zu&}iCmk)2vH2887=#2Zr$yX{<^GuSwk=<*a6dO<{em+{2D6=Ty`ruzp#aL@qI2o-K zeZUuPc;RG9Vw~>UUkA}!8V-d1nglb3yENZqKBsNf_P5%i;=QNe9!vbN z(^>3lzP?$&<85KbiHYvq99x%8a^Yx*1y)@*;Pi+-}mu4wRG`kGPkv17#IEq0PO; z9m_1>ws*f~pP={9&DGXlo~Qceeh-u1tT9~6)0$d!?)xEe)UtD(Z^SKRz&jk^cJE+H zWJ>@e-WT6|Di#J`y&FAllVpGFKKU9T2sk_ehwT$!StYqSZ~3=nb!=p3khTe^JCtu7 z&+o*lyYb(AR&yEldB}cFMyu-^FO;e#k(^QBXB79S+EhM~gax z4?!avvtHayjiH_=sopbgXfm|Rp34x|v9l<-XTHNQn47D$;UM{Q=^H|ZDQs8=GQz^^ z9a^rPkeVx}vdZ0s1`BAf<-++qt*D6b`*+TAOC|5Q$;lkh+f;|1Pe$TaQ7*qH&=i(p z6AyIuELkj8hrOj_WHLHhPMqo+K62*+5cD0r_K)*;(MQoyP(kLvH&Z9Jy!=tgEo%O( z7+Uxx-LcHIbWy&k``h!8Ug|-^rV*F%Xl``K_xek>um@IPk)yC|UnAU=1vcGsoBg7Z z;IfTIzgNI`R8|KtiQ`V3IR(`;an^VpnOR0FtK~qr8bm(&l&B}89~}vgF5IdRu&4Cn zcw1FhKi`s9E@dKVR;VGtpb)1D*^%^G!?b32eHO~6idKZ2=eg~rTg4#ES4BM;ox7(0 zo|cyP)>NMnwk-$ow%zh{kOSS6PL(J_2_c6;IBi(cpG&*??-eOyCpA+{iEM@cDyj?G zn%QX?%rc&*fUJYknzWf+ZMOcv{geI^BL%a_f?VXqkmOuarn zPZPocN*&n632Vas@ZL(tDRg(Y0C%h1nm0kWHhbfJea(}T;Pshl*Xg}{tx&=E$4U4G zR>;dK_kb2DRj?C@e72T~$z=N|LIa3Rq}wKNs$MRKh!5a@iiF_^3RzXcQGPxGT1(h} z0smWI0I+=Mr0F!C07jum`3p`s{<_%#lZw^jv4<7->HpZ|`(M9uu$c^~`7g0frn(#l z;1UyOizP69M`=e)^#&@e04E2(tJa@*q`D{ej^!f;_d9x#wKr0AAHM-I!GNH@Tpp}t z&y5Sw`J83BHo3QLf%?l(jbQIVA`?Ema|q7^Ne8j@uIc8ujt7hggXs&8+WuBr1rM5I zKohBMHy`Cqop8kZja{1|C!BVBGua)}B4~taaG&5w2|?BU3{u-?=}a;q zWK1U&U3Y73_kZ7!Zm~?LX+ArSwv#Z>vJW5MaGGi!_EoM`Pa{x`EfDYaBHZaS(4^Cc ztMYgPVm1e08R;ck0!;UtCtMp}2uZk3pgo)nU^kQ-Yp^GV>c<4WXU7KnkRB?GIZ6IR zS8i2{-uUKQ%~nZ?R`jY`)j+H`37SKCL93%yM5#$%VU zdei^c8^Y$!TNJ#4$~H6*NkT`vWi!cfTAaX$n3KFi_#A?##D zGNLmFK&WJ@-6IdAbu<>Df&~r#oHA=58QzKuI!v^F@aCx(%)_5k&~WvU;J%X;0Z{nQ z7(2k+FsmXJ5XMm`%J-*3vL+a)eWav5Cw`9&KpOp<=r3i;?Um_jm{HWTm={;R0a9{a zf}&ToP}@-R8|-M3e!H81WkI)d&IPlU=irBq>XTT3=y$rX^%US4W1UL`QIk9zm3l2Y zHkGCw4t|r+YqdP1RsW`Z$gySkB95&4sPi`d|$5&aw&$c8&&d^90MXmfB$6|@!h6#v$VjS7|fyv zo+O)4x5rmX+z_S_6!(6pp5-I>&Wzr8IwC@Uc8mO{#@!{K8!YJ7_5ZZ@ok3A`+qMJ+ z13?r)iPA)g%4dUQ5d*;IFRvG>}0%{As+V~m*)Rv}cv@n@GmE2nj90x{LPMLZe1k7^nm zRZBhKM(*>=%Y)8_)tao$s(r^wZFYzRgTD%IR}!<{Zd!>qoIub;(seyfcugCwpR_Y+ zSFFoxRQsxcqT1KL3A+Quy|&ahcJY#geBW}|^Yo97bG;2nZ z!i$RF>g=CZy%@8EfYwPX$YO5updp{-_}?+GkH%3|yl-?NpwXs$tEgZ1o!-pTi?JQk zJf%I3LKLIgUk^&}m!j{5*?+;k(=Hdm%AY0G0?3b4hrd})#n7lPK`52Mps%hMhc<=Q zo8N>KFhOkZYmg04)VVy#2yjm9-XBBThb!rDWAhTXJkrY(q16$JlFN5*Kc9fb zx4OW`MZGGoTpR1=DhlUN5l^qZ)gF-<&Ahud2|3=8rO|hFXuq%{ZkbN9Cvj^N z=*%AmV>dg5vt_7EBAZrVJtzVHk;ycqY`Doy{RtS>RC) zJeE{s6R3>a4D!PfT`e44R;pcZ%i73sB$n-AZs->;gcr=(4Qmz~>ezNvFw=U^&C#6w zhEo^?g8Frp9mxw`AT(6-Gli}z&c>JC--C`e^R;f5+`9Bxu+m!|{P+Hw<<%(b;E>9< z=hB)wEp*u6pjL5lu~9<^g{7^nG|n%VOB}SgAs72|jjY&n%4#XBlDV%x<~LQ>T0`WY z=*WEed?^Z8GlDn&Tw0DB`zD;=LKPML4fxO9?klJyBPD#MX%E>-F*U~rF5pH)8-ZZ+TM(^D**WPfN%a$HoD)+y?y#9l@({BA}!5w?~Gmtp74Lq zO!(me-Kxjd{M1&Lgtmzf*uSJHwZ)`~NjQNvTn}GO`Xv(J_6on5cRVwZ?q~1tX4Hj&f+re&0i^m749-vN^ZT;f)3vP$IjzF~w9SKGl4T`^k^-FEr)dMmH1yY?H6l-iZAh;&Yd>lQ`KFTnH^msw8jcQ) zblfO`|4-Hiudi_o|Ifu77RO zO$hQg9TY#yS}A(!`Bo@_eb41BgF}h^QAVwjpC`ublemj5OHog5B zh3P_CZsCQKP+M|&{>L`uIh%UT_q5%#=juN(#YIDB-aw}u4bo#r>)yLm(CEY_P5|h~ zdbWT9OCpM0JYAwer4Alz?(TEyl8il&4DJ&w{VN0~+xUM%aE+9+X850mkN7|N=XIQ6 zm5|EFa$+!mWR{Yyg<9@K1*`_iaLv>-Zu&+i&5#v18O4-*s0xDp*vWsD}H+n8_@d>KhA^v z)?$u$iUV7Ed1G;Tg6OlrB*TVsYExxmUd_G|GiN^1{~)Q2{~KRfzwTRMX!vfxjleRS zi8t|olP(wjoibDVptyu0oqQr-7JgXloRz3Dj3dgNfhw})OC42|GEYiu*$mhqwq30+ zX3a;Sv!yxVrF`1tC^G}r4|CF8^V0f#V7Gj7-}MGB$Dv?na@~XMhC64JN@3u>v|3#) zItp8_snvM)%pZl~H(VYmD-f7C(ZYz1RxI0i)H$PUd+i>K4O$~{j1~lqjt!eZNWz>| zVMIYd+-^#?yp174tsbM`v%VbT%7LVi7|Jp#0W+kll^5d7Wh=({WFKaegUcET~(mmV#!Yd-igHo=*y+2H#&*1pHsS2VXGDiam0+SF;Fse*6-fPi zt!ka$O@r-WXijD@^Y+&zH0yqQhSm7zbO5wIFLdeKKWxqew^u}wQFmLy$Q@Bmn;23C?Vkc*%~lBjj~oT;4`Jewzi#Q@ruORUom&~%dA-1@Q;|(1K zWw*YX&I6~-tMmI(8`+|m1RWUC(c(Zvps%$93jf8}wz9lpc&^LJQa=Mq_WfCEw}e;S zZB>Nj=N{%{r;#kx&QB3x6h-OHUcAN1_^9O<1i{!G3D#UXxo_6H+r<{_R6%rI&COYH zu)u|HIw2$5;n75@WJa5hnpMfN|` z{oeygQPHng%PfH6J>zpGy*0(PEg)kR5vtmsPr47LboaeGnsd)M&SXZz=(j)<1BPD& z6nk8l-l+yC?PP-`g@3|1S@-t9R>?czD`%aKf0%%l25Rg~>pcRed-Z3`DUPE5IWVx* zu9vlz6FhCbvGEzT-pqo4h9B! zYNCH@Z|U;tW9btU`m{%qHdH8_leT8dNh&)$_#0)2YH+ymH}Mrx+>rWmZKvr zG@Gllwe7LpYr@#XoS3ow<}Qt&;`8&a}zp9|)5I3J`fd5J_r)IbtS*t~C$cK?T{)>-|-h9?d2t#pGw1=j6Bg?K=$N|5aW%m zg1HJ#X&05?OGQP^)JvgOS2t4wu?ZMRR(_+rFC|?N$Uv-x?wabTSNMz6U8)!mDByal z9O){Cd-Fm<7L6Pqe6KyMp2D~K@w(=fT~mr*^@y?v5p$&CmFDQX)@wy_>H$USN;M_( zgY#s)!@ty{jIEn^l462qaP|Ymrf~SXXATt0{leb_otNcZu_D*h&&GUtb=s4>bXDwV z1^Z^#2pwt)b@*e7_aZ1%;9^oXvaFz`gitI%dk!p!poehxA{r0N5OdWGf3xsDhnlC?`=|Yl|fg90}xe)ydUlJ{rQ!*_jH{ zS|Jt0V#P;8mUSnx?4IqI6c*d=WKaXLrfd&$fEEHskwql(8)`;u2eh0B7?N2@u$hr6 zTMfjV>!af}u#J9ol__kT;iJt6;q$s=%-;3F=)ai0QH}?_><_&&f_?yFyC?RT+z7ae zH1o7=^4;jh#3w7Z^8|T=SmUJjo`5BX-vYu8{?C~r5sh0aq#jvVO@TbIY1<3)RbM=| z9rXp8cA@v1h03UNpHjTffJ>GL3M=SEM|WU>avII2u-EUuaYcBH+>yTMRCuKnJa;v> z$<0>R4zkxby}kxHZxx8D!J0}cE|*uI9@K`(zHBC!*#X?^yB1f>7Fy7KZ

VTW6IEn+In!XgF8fQqM@ zXDztOB`$b`$!QP4mMB6$D5u1!uk?&)$Ax=1^XqtRG$b{sdqu#lLF71Op zJ${lC4*i=^k!yiKV08H@e;wBUKrc(N??sw(#IObKMOhBTO--I+p^nyDZ_O^U6VK*V z*g$x1`V4oVBTrwNG5zQM;Ff4&pS}F9rQ4=8jZS)+Tk>>%39} zG1mH{tNxz_O~?F^j@kXywYnBBhlsE){^SJminCFAAc=K=KEC}JSxqhwZMUrvnW*6|;Xl=yzX3T-t*s#_~-wO#q4 zxE86Cw03L%vuB^ve9mT++6OHp`W3Kj^FlD_nFE5{aDTdy=9AmKP6+0`bWX;e%NXilQdwh!DEfU?3CweFGrSUitT+>7w$B+H26 z-#w~<44n28?*}Nv3SAS(E07~?ENQ;7n8Q5!XEA~Ymk`+f*NO?yUjnD7;SaO!e)K6< zZkj;~m4HvkkT>+P&*hvS)dVT-ZzvvCeoR0HB6jAit&4gY zi*%eaAvLZUROMFqF3M!@WiPoeH!S{{bSZ)i);|}l5HmJJKPYH=W7mBl&c?j#)IU%+ zZj!%Y_9!hSf~^B&_s~3*W}nMInZn&i&i^q}w#pF1w5%MQv+92>vS8)r7uvN~ls=ZQ zfh8hK3-cjzTfJ+fAiL1R8E(3(2s?CCsCkm5-q)U2LAd8HM^5!AlS#yvySLcSkSJ*i zp1%Io)m};?ZH%hQ<>Si{MpTn7pDbcB;F4dPdWM>B zCOL=23;o0w+LqqXrzY5A?j>5mv<4x9Bf{0C1x3XmhiNbcIm}H@iK5PMU{PPO%g~?E zvi%9a&OHzCvPwvIk_X4_LS#swQ>81{rSe{DGJxtT&R2eZaVq54ke=6%9KP1?1GYNS zq;c{#;m^7C$_epruws!KLL2NhywPS(FVm4lRK;59MsOv~^g+eyYk!%MqRgae&nQ~_ zX`!n5k-5h)lEpNn5W=H#<*@z<=?Zu2 zl|4!3US}!T&QzUy2oJWCTEUniQ0UwiW1{~ex0-mr6B$r+D+*I_;m z&=kAN(5a;@MGjJ{D@HY^!1c`SGeO%cpe9$$bDr0uOvh`n9tT44M8UK8iz@EyBOp^P zU%G!jSy3Q!QjYld0uVBf`n;Laf69-%nw2{lJQtbhEVqC3^-{aYB9M2dc;LxE&OxSb zBCQ;a?+DmX1io)K!XDJXvI+_!56`N+ABzCPS~zBPc6C0uUfKq=T z%VSajwS@+nRm*cSwkQ}g{YwCThq8meq@}0+_gXSdUpHDGtI~#P&HJ7n8s_SJlbKuI zcdRZg6}a>Fb_z$25RFln&%xEBdB!l+!+pm;>l2JWgGi;GJ-cq;gH<}(J2hxrXw$ab zmkJ`e+-z9xmBa~*Z*d35eehF3?07&JJ4s`AeL$hpf-;VCF;eF6>o=3^6nrZ9Uc7i67i>jC3#PxJTAAOi;F{dbqpHWq+;)02dawkefN1M{Uom*>FV? z5Ebb`nIuXrzBjp1(@#+FjxJE7G6vdyO_tCkpHB+N{AmlS`mHTw@K9+j~+(0mafEMm1FWw}4J z&G(jC(?nU&H|uq+$X?;hZ-uv|{GJ2~s+E=g z$084~bGIqzkSr!C?2s%a@gf%o%=!+=Z<efOo?~6Qz0Yt!l9|&(w7$^ zWqO6V<_~u#rM1deFGm*K{+vars?d2mIX{`)2g26HJ5Qn$-1!v(=U=#pXo`y*xIuv=wo67S>cHWaHdTjjvq|I@#Y@S4ZdF z+}zwE78{uiasZ=tcmu0%!C%aF$mcz7KHQGTSV zpU5aAoaPmeRZ1m7F?Ff*Ev4Jto8fl(qnVU5fy>7> zUy}OPXh!TuXzM}+1-!KJ{A!fG6TMh#3a7ol`%9u>if=7Og74(8Ek3^Dn{n0dr1Ab< zr^4fjjF8A)ICh0ujqU|`RK~_*z!R!K!|wB*-V;%Ub$po!>zVo(k3{M{6w`bkZJ}bZ zGKc=0WIH!ZVs%R?j49tB@}u?o0bAhhXvz@9|&aHC4uTSHF3VS=Qed$ zlc^H^FP@QPdhgs)?}Nj=KNJ%;@r(*63g5)a2ZvASef zvN~{6Dwj0v>EdD5^@k>}9$tPkkgP>qW~Ka4DPZayL%Q%S>+$ z-}-al6j|pcBxBAtGwc~P_IPHiZ}{C)IenP2bxx@RBDJGM9}(J8yZfyWcI3=LQH9X= z!1}b8;^R5r!KbxEKG6Fj?8134!P!u=VA!@JAa#9bdEQ8+pD(X0V;H)&^;Kc-rU|D~ zT!zhkq3%Lw!(?YF-w%-cHjh!GWPQ^DcR_2N7G z_KM~sAbB_Ua8+5AS?BvUCkwfxMMO7jodG4~ujj-%_QN-SjNaK`o%$!^Tfa zMtb&+Y353*Fm{A^mc9f6-Hx)64B_jwJ2mCLlb>u={$epMv?p^lXvDe%+z5MZW^ZYC zXri%`qBPW z)NwYzR&eza?(r?&dWv`8vLjFl@j1j4nedr0P9ZOYXZ?s>r`f;+I<2+ak@Up^eCT3U z0B(?e%3h@_xCc~3Y$j^SfimG3Z7Yboal^WhQ$n4eb6#-4k{7rSo<32Q&VOv=|8LIa B_80&F literal 0 HcmV?d00001 diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png b/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png new file mode 100644 index 0000000000000000000000000000000000000000..360e07f63fa27bfe51781933e4d05406f122da79 GIT binary patch literal 78906 zcma&N2~?6@)IVyYuUT5z=vZ&1nVFTEIUtsmnNvB>ROU!Zi8BJ0l}&1cBMxXP=7{r* zWR{i#4k#!NWTvQyqzEVoTzcQ{{qFzXweDJXuf=-SKAiJBo3o#@&u{@vT8#a2RMdx?a^X4GHX#Vtj@ykO$XCaA61Wr=cv;=EYd>U+uRl7vKMqV&d{ zZDL*O!F3m?goI4{pU@-qo5e=`D-;tw zuGW8wME}BHj+_3|a(Z`{{%=Q^ z$8K(u@H=U2DDDcoT=8d~|CPXJxBra$S16Y65UaLXhC9V-&K6fLLwo$Fgv8!db{w+F zRHDDJ=g_bj3=AYmOB#njDd=2*$g~7&Wa=f!35Nb0tKdJ!OjeVXVyQ_}Y5`55gg6fH zk~TBkc&w*#!j1oSX)L(H!(9^d+9{q{SQ#5t1i~(brKcEi%i*45DD}Qw2csQ{X57lS zU3SLM4a>v5;3D0d)&H5=@1K_QwVHYu_29@yO|cldd$REnxqT@BF&kNBq7?+GGe~faFFwmB(IN30F&k6^F zG?(6)*(PBb^J%N}4s?_SI83>U^*Q}^Tv0O7QMaV0G80npxsW<2%?A#($pS04JnF_j zM0p7JyU8>`>x|_V(~XO=bC(}UAlWUP}Of8=X1zyP}9B;}Q%Pa9s zbo~C8c8GH$5aGb3G$PQp4}}jj*D`e*!1#BLL)%%a<*Em8xjSI39Cd)UO9p<jY zUfg*F+mW^{_5wlQDHj$0WhLFNG1{#7oz3y^^Q$Oc7}l%x@hS*zJ%7tLlLCBGzc_$j zFmpn0+=b&Qscn4K8$@4$T$6d=7VDfdh%G-#M=a}B!#V4(&Kf_{|XMs3;fn% zLc3J4!^D^Dxy8|wg%lVM_sZC(-8O;ka*Wh1ZuyajKB(wgAv7tGjO}S;ql&e?=RnRg z)>7U9TKkO|LzWrm7r!_r+N9k^Nv(c02%mLzZe|G_W!KWz68t%REf@AmC8baMCDcn< z*X=`Xdfo2^?Ak~&T-07W?s0dsgVHVDZo`}2kL}HYVVfOPFFJ*H@AhC2_S!_bs+<@z zRhxTPbF%YKpi=6RL&993cm(3eP49de{b7PzwSRNQ`vy~3*g{)j{r16G$917o2^_+) z1#Olt%g3u))BPT`$+Cr0SFmrN^^9GCFzP(jnnOP+g?7YZ(U{g}mb>fOo^cWqHIRA$ zw|wG>Ck(u|U#HSXc>^*cfanzpRs!s=mPC3zR`j7b$UUZNxW?+IV%#z4Q*w(h4w{^M zbjt2kZx3?#38D<4ls4_dgTE{Y7RAX^u%T}CXLXx;D$fdFCtUNohjwajx?FwV!at;< z>&g*@_muiXdsaeHX4JdE3B|tQgK)?1OlRW6!%oRA4N7i4$FpQ%2;;tpwzV#<-6#*Q zz1UGHj%y~JcTghj55w8#Hr*$d+KZG5=3*7dW@)|vYo$>BC@iqNEb8~wZ6Kg()`SggGT5{5l8+}S zM&kgTz2>{C8WbnVU341L3ELuJ!XH%L;)pr$u4vCa+rQf$$Ewr>$vs5OrajdI(dvCV zk6IlT`iGZ>rU_fcL8xEGHXSqH;%cs%b~nH!9g)(KGG#g1YovPCYcp8YZy05H^SozS zbF--TL3B!Fu#ZimjOgxNLSI9}2 zXPszj$TPmIN|BZ|xz4{JvDJtwn zo-K@PJ9BjSiC%c>q|;&Eb-G4k)8WeWPp|Obarr7ta#T1ful_*3^57L1O76|WlyjGk zgr^%$I`lrjRGh&;96i4&&jL1fNehydc+qabgEP6`P-j_7WwhNooinF#)i9~K`&U}d zo8*IqK54|QIip-z`#p>i`<8{2@A-mL_1eI}pM}wn>YjWtIHRKPT{HLv?+lrw+Bh!X z_LUMx9i8z)Sk`T>&Hi3IFl0$V;X~gGT)v*HpVLU9CPR{kc^2p4b}x;`FuqORA!U>k z4t^UwZ|^^%PQcNpj;R!rP&QsYI-uK~cxABi^c!})=I+ zEs^cqc4TWF6ZV+DM%pA`CEW?S&Dg@IC#7G&2&dnEG=<5`{dfQoplzvgaN1sRU>sB3 z)SkXFd?3HW5_Z5qsV>ADBPw(P1M3pwI>F`r(!4a26#RiV`sF_9`m)=$xCefhwoezf zx@zC_P7CC3sZ%|)U-{$t4>K7ElIsq*C$;!*uwLQ% zi+x_WfiBwXr!Q@vwH4lwOiY78k?TsT62G2_eqgla!6IIAN%w{@j|}E(R$FDX9+FuyplG(o(tU>f2@}0 zdtJo^qnbn{+h0f8VLDQ>xK*cQRffk{H{59{T3b_+et2 zwvw(&;T?3mdYm{uA}bBUcvq)kZBh6UFF-0zpm)l z;R6xFQID^sQF8V($8=N9pHV7na(lLQ%heaB$M%KAp9c#Zn2ne6W$j(PNepELycq2S zNY+g{SYLl|=GH)>#md3BvEl2CRY4ymQtUfFBjU~{G~zqY4v ztSFbaQ(LM5Lbjf(>Q{xo@5#;B)$gf5j% zo$krFaQe{6zpzvL{&AJ>V_9Er)fR}&(!(WxujIB#$D|n3vnKD>ggW^~%U@3-heFL# zwDKQb?k zU{Uo)OKTLR>wbx%>g_#c&r*xly~NmymG&bhwP)@10DRGBsmVZYt}!4QXod4l%<$rE zf>FC<5vk{BV^nfV(b0PeCG&m7n&~+%Zrh7@%KcU}JQ>0G3XTf)6Nw(gWlp6;Gj3L& zlGnO;55DOEs?D&}Y_kJ`a=Gk0a#44J>~^C5wWCW!#m8;#fR1&geBkY0Y!&YWtNud! z=%-T0pAIJkY;T+07yErxB+jd1o@qZS9#a|5X(Vb@fN!R^7Fj-6c;)ZAU`A~n5svw( z$qY8O!~FZ)2(tB-AY+1Qn8xTOX??4P^#GG}pYF}Ikc8-*Slls{Sw2nnc^X;j?iE?f zFV2vpmC?l?G5()}Y;yeD`_He{?N?qsyGdEgWblokQtXw7S2d6|p`9nuMY&g#pOQ;@FeBJDx#+%(Wf$s-vkXp&jiD9E~>qV?~l*&-+Zz}Ye z68%Zqth}zJoSDGqf=fh6>^MEFWx_HlW5qBa%f0x_6Y z*6ZDJVdzn6*ce`&l+KG-LE5z5H;i@CoS|mLwd4NKhRb2-6(rsk+xEBL?q~hN-^x}nwFy`cp zcIG&y1i(LJn{DI&r2;`= z{Up5kk>UZ2c{fwCnwj7H>CeCjTkqi-p($tgA3?JjP147hd=5xT7AVGk3T%AantTZ zOWiBYdjQyC9JAw5z05O$g7TN&MM#|I`UZSEt`wR5lQXmL0=B4auixX|Q+;Q#^M+s~ zL5ZZX+t2UYpU@Y_S$w^S{g&dqj)U&0jeeF)1_=@Ar&XD~0795sh|1|*jn{f2xsPKX zro7q>nXC}}1)vUa038oyeLW5eT0UVqU8yrctVe_uH}*)-)veiznDkG-eS|%gMme!l zf`oL5aW_FJ{jG{{lSIGr76*h7Bhe|dVSju4xSYw^O`D1MH;45$p-4Wiloerz#iUW$ z*R9T${lA`WQ5m_U4o&bnN9?H_Yv4Z@)Sm!vKk+$}$dw-e*+b7?GJ?V*dsR_h&TFe~ zVSyS@Wh<+a$Np+#o!yq&-ki-C&BJ~cgNdHS(75KBf3o!F?OlT9lAt#Q#~7O0?*s3X^=pu zkd42?fhFqr*stDp^h%>d_aQ%?BW`q7ZL5p5)}+gdLgFNHSpLjMr-&P9|GSzkhfSt` zNOm$PmsB6z7NUF@J=D5MSvwi1kyXX?DEQf^cK}%RjW40P=!MVYQa;)syV1NtFweWG9ER3mNhtUp^~lO-$6ymF|_Yj}-jALL}8fj8vU;%jd~yPI-N+x4cn8ZQ7`g(#X3OMNK^dqj5al{Gs1LBGWY%QUb9M0p7w5i+ieP;#O(M$X7z-1sUwU0gt zZWfZRd%bz1Rie7QAL&I|7upRF@8ggZnd>Mo?}T)zm2||gYe}N!V+Zk)HIXzEvw{7G zwufMAiZ1Evk!`2icPdOqtbzXbo1CI|lL$V;q_^1b`(Glu zl#2Mr{Ex{0J)adm`QmWt`OhMG;hq1QC2}g?O~Sbo26EBozf)JysVxr^k%#{GTfdk2 zNC6!b>UsN=QDn;!c#!_!*Bs|+F90Z8l%nGa9<4$`*8lk1rAWiWg7X z-^MYw?HbM|;06q6C4$VNr;@!J<_iXEfCjJ&aljXBo_8Ir0-@PjxirJ{M)Ej>gE6|v7 z@{ByOuoE~vM)@Ca5PXyt&+X-p;& zgg_=uYJ?DHaI4kLVgADI0UFateI?4TWGH*`*ao?sB;7pkTS6VkKFK69xWs=#^ zs@fE4n7^*a7(SL4CkZ-8Wfq_gL|D}nLaDB_56Wt$CaYpud`Epq0Ncwqdm7C3a!>yTsVb*(- zfQ?#k0RT_b)PlQF5&rPaou8X%H9@XkOjygj59OjDm=23#0`veOb%+#WU@p|;@3+^F z?|pIQpG#4w?VzMe^lhj3fa~$a5xQlMCy89?Nrwe)9N2S2E4iH|TJ7&{T0G(FT!?Vg zie~Q92Zn{xa4q%9h~FN8wZX0M_3IP4VhIR^*ArBpa`M;9RxAYJ5M)9A9;(zT6QKAIYg`#xHZ>8$)*}7iawDjQI&> zi_`Z;_ZX?prm|%ZW|w0dyarOWy+?HZiIsspInMy|H~YRfa?!hQzk7M%%XX4N@{*}`ubon?>j=F#6263i zSD-yr&H}>miD#gom}zma_Cl;w*n&n*Lh5)JNr5?)35AZ-d@~a9O7|~3jb~+YB{f6? zSd~E~&L%0hrQ`yXd*+9D!XIoYKHJ**2<0$fd*s9ZWBAs4eIOg*k`*ju)KINt1$mAB zJlQeJwxm*4Wu=#2iKr^dNXeL|E|vg|YAoQMOTK;d*Z6X^iAZ$xnuFk1QX8Qr63+g8 zjOkZzs5ww`yKOUoGvXyBx-qiY{jEriUaTYzPWSY12|}kn4=K;R?`nwf5uKZ!Iz?T-bNpBYDW8zNZ=khkX<-s^CB1 zo0t0UA%>L{Wq^95#zSY1EJS_AKJE9~>kU|{sWT`PR#D~`5lsta$D(=wot0he+H>$) zc2?q+Zov8qUKe2r_gEV>RmQ~-oe#1yt6e*RW6=Kw-yKj0;Z-ae+uWg`{zQV0C zK9-k6Mc@S^;gj+leQ4CTxN z@3yZJ_1=|E&o&qks+P zZ|k5T+Ju#9P-`aeI2UBYf-efa7#~*-86E`= zjL@@d3gLkr4!m{)--fXz`4jPaUndx+eZ%hFtJ04DH|G2sdTfdB1Uc=gEmG{66Dh`| zMCQlA7u$p(CfscpJoam!>bz4by7-U^gHRrVLIYRY56SNU$1 zyfHTQGgn~8E9QRc#rNH!#fN3KO#iTXahja84-xbs`RLnyU_fA`^>o3-ne#KUiXd%} zihyg+Y>84QHA21#J3P$J{dfMuwm{4cJ;Z*MA zsvv7%R?3P)k1_#yZ}%im@sqEw?=@$8NXNs=w%L8gzNiNdz8Y9Dwf*(*xrgvsCjVKB zs^t#NICy;P3>sLKSq5$0Ytsw!{8^9^g)JNB!cpM$rO#TbZ|L20(Cr2i`dlUG1a{yKbHeI>Vp@_SM5uLn3{u znw9_CZ2ob)mH8gH<5zj^%3d3DTU#y7CPa<###3MxX4IV21ZU+p;cv*C3AY^PU<-RI z^dRtQpEWPRT*4`M)2DnKZ@^6$Nw-l!tmP^r*6w6I>^R)?J(M_tK zd{$b>Ao$;F4L?1dT!Qz>gkJ&o>W@S^YY>dT3!X-;A-)=LUo1gdLUlNqWIatvl$-|% z*lXUbxAc%p%-`br_IHzfGji&COVDGcRd|+CpmKHe@662V+*DGJLQc}Bn%|)rEwdMe zJ{LK<2L$YF=YZefyCzy$a;!tBeXTa0o{QkdJG9oL*cZS3(Sz6N?pHwdspLVLM&-~7 z?JH23seLRu9n&)TxfA~V48A`5_b+PD1Em*mf-9NaZI+~iLGuj+HD?YJtz>Zs1%^t+um?$RHcyxa|N=Ds@596 z$92ZPu;2HC;abH}^}3nCFUqe+T~B08mUSu{m}v)HAJ*3(xzdr9Daq>@ur zbv_Hhn>P?`u<{6Uy4&igAYfWb{!@iXqK1O7V81W&OatT1d0w2?#=B9V%@J(&^u0h4 zmt%~^X=`vdRNj)H&nUr0Mn3HFMs0SlBsR%Rt~*0J zR%OdO@snw^)=hi`sFKx1+QY)DZjjegJPc!`@SGt(!0a~AhL{<_in9dIf}2|R1zQvT z^4!AFp*}c*O;13MgO7I5aoIx+mC zrwe{bOVS-hjjzHPPq5mP5##>s7G(VbtP5>l^Wat8X~jHGT-2!lYk=oIBQw>T`#$>5 z%&afj(KD2@qlxbzYbB)Y>YHBWg7=W98g^Emy&X$K-KB_j|JJYu_TxfkI?4AFSqGY+ zD?%5ue=2G#*ZseIe!|e%`-#nOX>^KTl~CKF^E(rJm=>L{V!Y;D^4#HhBJMU5i*hgPQ*vP(sa`wk^k-k;Mcw3Kb&bGxcVgDYt) zUgwxF6Sdk^-P}&_2h12WV?&iTEU1$McG?7)SvS$w5iRDp-aRDU#q3yLj-10OfCi7JMEK=_3y~k zzd%j6iv2)_s&R2jb#Uri00uKrqxKdrO(yHwky+uW} zEci=A*1pqTa~p5Tcl`8Goa}-AeUNoOB8tA&*?QnEesa11)1vy0U~H-a66ptuK#*p~ zsFUU{OJR9`UM0v6F)jgLUMK*egHN7?z&j`NQ-GjlyY8&i2<&%f^39rQY7NG67s|8 zt%XLdK8>o;+8T?BCp738ay8NMaxq;Ed~ZP%KP2nHXQ?n(ZPu-lmbPg(>gw-%PiDR6 z;_xYmiwi&oH1#33Gio(cB_OG}b$$$4mdYgjML?gkquqbonm)s^Nj`r=t`wPP+rs`o za@iMG0)lzJ-rFoJLYB*$n%>-!c)rxD$9_7NxIn`jnS!9zF?Gx1Hq zZAT0y@nS+%%)%LZkxN%z$q($X5Ywx&wQG;UYrn2e&xp(Z3^xDQhyOlAOnU`5Zu&^} z5;dEq-VZl>4Yek!Q5R_m5`m1I^7ZeA^15i0gUQAJhQJQ~p%(uWSBop!G5;wNCSdbo zX)rg@N8%q7{Qj?yaWf*SzzqNT15`mA!Lqm4Vmi6RMcP5S@ zf$P8I7^Br@$IKE!XyRdWQ4MC|hhOhmnrI%z!NOq;ZuLPoZrrGniy>VS8)9I@`temn zh8+@@j`b%$Ox!9V@#Z2FeQznX<&Fp>p_zDle~fh-Qf><0_~&k2|K81VO%}G%F5#;D zhc11|J@QOJTrC)LWa+KA&(CRul%Lx_q~*V6|3f&=>1^Pmr<~4;n`Hj!w$KTX>#zI6 z^oBI#id&z50f=h~OrpoNHU-B0L&^R-nzFO4Scd+Q18@|d^1(FJ)y;8d*2==tTYCHa zSgmWn(BxTt`RxQhxO*u1pu8XI(bf`y}-+HQXh@R^r6}C zzFbttP7w&BH^=UIg zE(~j3C9bI0ubsgP>a+oGCH>8~fkR48*@d}<7lAj=7ID?RbOQaK8k$M}tllO;u`g^i zt5Sroz<96u`WJBLR0zGrchF-J5=WYZ0zP;^-tBuKr@djJxI_m!+tZ*YKe?-8b)Gnp$tlpBq;rfy zON3C@mzdK*zHck?#@Kx9PU1I>puxO8d^tBN&Ff*6wb4plHgZ+f<6Ll>kD&6}x#?SG zDnsxRFQYG%6-iA5K`CKoZn{b230XG_WyWF~+smfEypMC{g9rT=*mvTy)mtxn6^<7( z;y-4Fgz)crq#0Z#3zj2sJf=-E9pDlLi_0F}XfkyAdDm0Bc8uNmc;0}S1m3?g|IJrg zqNa%OAo175;!Y;s>5&Z$reaS=7<7^{|4d`{Sguc4t{kxp;{E>ZMrjU5%OE10wSd1p;(1Ai5RFmM8YG06*GFf_Y=9dR zfx)f%S=x7N1mp`m13-9#bsW0cy45|$^sL_L5+`gzWZu-o?S1?9`E|TL928_Yc#Ro4 zCaSm@4z$aQRcSuVxLnqSN4{<4e;FJ6eh@tHj6CkOoFao~o>6q69Z?yCBQ;XgS6cMpiVdo~&P80xPV(e<+$F zq&B3HdxV|rj11*r)|5&@be)7r#=>vz^=!&;Q{Van(l$a|wQ^vuEbStS2~`l+45e6$ zC-F$m*H{O)6nE^q`hx8FSF7aS@P(Cg0`Ccav$g%gO!$J?!R9=PrW$8Gd8MiCv0MYR zrbP%2dbVb+$c)|oJvO%U1MRkza4IiqRn6D+SaQ=mt>oAiTU_6OzRyZtc#+P=QPO~# zLoi>%ma@-k{dLB{Tt{S7g}Yg3Q~5?OB%~nn2xt5TfOJjvOH?*Aeir$4r_wOTV^^7H zJxDapFgn@1ra;ua7;(!bF1QNOc%)rvi$sWz(z^0@JAR?0L(p9ZC*d{xL*vZasxsru zX+H|>g7`$nDr-tv%H*cBWJ&e_d^Yz3VJLBlmrGa%+ys>;^7c=V@-Guuw zK>0hlCJC|NO_5^`+r;)YU#OwJ&*RrDCx~{=YhbwQw0VkI3kE}47;~IVdz#EiTS8CO zSQ&F1Bjb-Ml|^1zC)$n+9iob;x54X@CHw04k`ml>Np5`^$bmBLIK#2}uC((kN5PC$ zxN*B4lY;^-bWLGIZy}N>cLP^e1Hu^k+WH(nXqFCt+2KqdnG3zoJOi9Y_^t{M6QaY= zYQo@)@4W(s5Sz=6Y+TFp8o#Zxh&$s5y6TCjkj>Ad)Gy0;M0(D_C|FCqt9O{&lBGLG zh=QyHd}C;1Ih%cOxP*E;D?BhlWha6EL16p~DOv!yYeNLDddA2ZHV6Dr0#9$!+a;Jy zd{8G5d@tdes02dV_$ZlINDwT^>I};pG({D3{r$m#wm{i-&>4v)0%YTq^YRj@TEr&m zHnMxsxggIcl=EfofxumMq(<7QZupS{t>q-Bvzd&(sp zH?Jr9iT8}6C!Ny{rFXyy>o1|bBV_U11{*6e$va_@^}vdgXiZ@s9iBKtH>%gtgu-Wm z^P>Lhw7yw4-%|x3E#K@ZqW$mu(6Uj%lQq7gHav6PnAYoS*L5E-?n!yRIpzZC9P_PF z?J2iL3eU*E!^tPB1X^8Q12zVR_qE@`*DDr9^*6;m1oka5?eS!e*V32Wv!3&gy{pEC zmejO$n`>q1Sq;wUF-QP?1spngn@Y1E2|vkXEo+m3)3b;A=!L#%>%e134j7N`&*pxn zvMxzVnAn9Z!j4NIG!;rIw{op!Gd|Bd&6UVymOg1&Re(=-0RwD)JJ#tixyp)Ht zFy@XzZ@F>82BGCTd4w)s)=HWiVALlIbQFq2@ zhDy0p=Jiq+fmOdu9YA>}um5dF{}eoX6_ZK!Bl%TJzVKf`Y}V{S<_#PTIxEljbV|(Y z+c23fbT0%38D5&M?gi_*f#w7s!cajkKTk^YY#MqHS`9vf{+zW8Futr>&AqHS8~Cx$ z{Y{`1zo}zR34kQ;mpA+y#Bsa(oWc8gB6Y5u+c!+sQpCt5E)Jlc9-KFnZpBJh-B?|2 z)aUU=)fVPpZl&BIh@W|8Lm$vH__8v{065{)e7a|zHvf0CRijfa5}ze^x1U_){n;To z9GI_Zol@Xf!i4qnuBf(}G#_(&_REeBa=R#!GgOPBDOvk<|hmU6+{aClb zC*cM!mldtw#Hl({(ZK{_=Lv0HjSW-GrVq#nDV_;t1-W}9E9rY=}Y&gK~X{uXE{EW{rf8N5uUNMBsQ8!ow z?2Xy2N%c)$PJchtsbqO&IJVDk4W~ta;E}Z;JUhYrTy=%&>6~i=TCVUMZFLN%!t0mL zOypZ#J$T&=J*;Js9e!ZZ(A>fkVb_d4v#ZArkrye?s}nYKtahNw8y$sxTEO;f4;qNp z6P~wjTWM<1io3ZV-FjITU*!R|5{my1Q&V*Ppfd=NE%1IZUiPJK+Gfy3l&hyvdOpRt zYyw+4kgS#=`T7>c5F2%~ZztYKOQnuexg?7!*KG1msTJe_l3VAP1cOor5XawNc1}Zo z<%y84XR|OjpWZZZYAlpySfVd7up=~wdii_+1*7f&A2|+UK|m#=h@0Yb>QE@9aeFIy zn5MEnqcmL0e>HxFV!zPhh(5QcBv*)m<(`jB)fJ2;vr>`YLrj8NVep; z)0ur*sjT^k*7E99{4Mc{XyJ6FHxUJ=rQB6Ww3RJ3P58ak;KCKAp4DZ92Uj?4;aNhLkO0kA_T5ES~ol+))#uG0$ zcSQDyfnG9beGT;M9)w60-52OXpJ4`$9+!~l#k2#=Ht+rr`q-f}VO}o$>>e{BvXt6m zKKx>7tz1pHDnqpx{^R_viVXJ$gX!dStkEDC+h`?|g(x3n>j}z#7lnbc?8~UxSF4kG)Ob@TtvMc_~ z4ZkMDMuz^4U5md|lSdgoaI;s4hy?6~&qXL9NN*&ILKZR&3Qt=NDDtIh&LWcokq%2? z*hkDz_Ti9@2YlS^&R*(Za(y}3qSnlt7cC!MtPQ}3U|macm+eGm_{^n@Mw&iKbc~jI zwGXh8&#(BR?LhXN$8lGO8qwj$fv8Pv%%`Y2M#r zEM#ZfDFu)*=L^lhF?-00pg1=*#IjqH!Q#~Tk16Y9tS$>*x-lav#9=riFG%dkGzk@n z5L+ddvVWX%m~mz-@OWi}E*jJrp3LkF78Mp|W*idyFgxf%ed10M^v#T>HXJ)cHaB*`H5xMTGf zFt2+$c_DKBZ%x$QqfDJ&1rupsBuB6!X8KLgf$}Y0AQ-t?VdT->Ft!^e+B=U;z!NitWB8F}Gmw3-GRT z=I8_?`XYUn^%&i2PMcWVcraUQ=peuLKMX|eGWjtt1*8P@~Dc6d*?ULAK) z4{eb<#6o<0*j8gvI-ch$stKjqHs8Y3;<4`0xo29|GzJIQ=SQ&usvYGH{9Rw#ft{0^ zBw{+|E5wY%-!=CuijkNqD{bp2>!(0a#)J4QWk6H2X|4>{!hz(SI$!lWM0ggwz-oeL z`*RjT1V5I^t4J`@aaq=v{<-qpdSzri7VcNF4&%*R3I9IOpCs7odVOuzv%(3gpUw*IjD495jwZ7`vsg>` zpf(K8*TSu>Ds?G6w1kn|3tyFc(1%ir`dalq2iUkUZ#cMR-6p)bq`9}{EFmkj)>0{* z0)q^^{Mgo<7bVmK*7K7W(%1xo?|??dOa_8Y7%DGS(bn?1(4fIxLZ|A}RT>sw;Zd}yCM=2BP6 z&-3W6qnQ^zg<2Y zs%?iI`Gl^f+TftSqO7}aKC5-B?K8rbWn}lGbsP@A=a-0n?F4^Yb*uG2A~`PL4hx;$ zAWt!#)NwRx74KF>Pct?xV$*^60pWhp7#EZ)MRi}&@tVc+qU2i`G+*mGtz>;zctcVz^z=C<#A2?9Q$hBm7&Sv;!dyl>d7^D*eOF#c zFUCsW(Z7)lL$K9v*TTjz)HTH8@DTo9!Ou(880}mBxM_Up*r-_h=$@=@&q8Y8>?No5W60yS#Uyh}2ymWXSGO+@rzIIEHqOK)`x+gBQ zeHde-bXT(=U;Izg)*Zr3x^*OL0;ryh3Azn`HKJ9@ba(;j)LFDVLlkYinh6;Q&GVry zW=l_BPfigzO=6Y)rzs>sy zwGF=8Z&N@%!k`9dJJ_r@r`*kInUz%f)Jc!mPu;bT8rzN^P*nI)y2qOM4m%N#m{)<<{CteZ~)J2|`OP zw(-{xPeW&cHSaZ{_2(JJ#-}X(6lrAf3@5g4hvvpc(G9dv2~IQAM_t&kw`vHAb!)%f zf^omU#0j6nyf*JzCxq+3e;yai4%>{`30mTOqkf#Ssv+qLx~Q%e9v{(X@V07hpckhO zAUq2(HuZIPc&+l~c53d0yI$CPUBqF9Jkhm_Gu`Q!w=}I9LrG(OZdfn2{@jWb3ds*= zOz#_S9qrWCofg&)vufNYSVZZpU_Eo~MYaCT;u^fYtnKa76Mp*+9B9&Kn3+z}3F}?n zVZCBrg)saVOJ0Y0@V)Xo+pPI)cZIGi;EshIGOWO^2YyFRO}hV>DX_@AOQ|DxBQ{5;nk(z}gRX%K)* z_k0k4=9RWcyC9sR`qIUCdHmL14y9UG?|vG2jw z2Jl;b3!(6ta7yQkYn?=T&z{2Z|>`a?0B*Ljad^>PDuYCXyiDV$1OirW?xW=XRq zdwJ4)Q(8;gTTHB5DB-H`AU{PzO+tR#yx~HbCa$k<1ACm4+>1w`f-ZJl&3BOMob5;& zsCnuwc5SnUt9B1pXBS&;-c`A0#aEkK6C|v8`_$a9^rl>|XijG|^Iq^{(X3#}wq=8& zZSyhLV996_SYj4B0nw0nKkm)q&g5RhMOUk{AZ14HDx4ljnkB=Q?SPdEK4^z;u7CKz zl=S-TdimIK@^SWr(GD2h*ne(kV^M}k^jw(j*r{grJQ675^?~0i-5haEg-dMx@UYyE+AQy>5Lz)Gd$QtwcjJdUR-7M|*%KJ;(3ZV3m*&sa|1SL~ zY@O@(+j~W`Qf7w7R;lZqa>jDz$HfLn`5c!CXaVHd^R--m!R)35+-#gOwQu8%dB7&q z@NZS7B-K5w)S&267o(5t+4~EF$cK36(d>s72ZWjrJ0U?ooo?531w3SO*~`%i{;a=) z3sBwnzYTB9Vi@*&sHzOUyk|F>XC^3{QALjzskJGs)$KZjfAD>1daMMPs3ZsoT0^bE*lV;E}t z%Q_DU<9@a|hiS&1Va7o(Floj=sJWp}y4(prl0b)tFfb&mpsuyJKrVrt%ql8^_nK3y0(U8%OP=k)VN|e>Z1Io{l%!X z1)|>U!Lt|UK6OLk%+XcOOAX|`!h}jDNSD1*7|nX0s{koBk5pB{G&h`%tW+pc`*uBW ztJbA&po=q0`*>vOV9Zo^Hpomuel^T%Y(B8Y2X>g>DTfc=9+@2tsEO>82&%j7@#B%jL5U)xw*~({cw{Tn7fl;1GHWPF*1Q`>jtZ45#~k4pMs> zC<#YyOyX!(OqSY{pNFRvFUNJtm4^qWZvrxE(!7GNDY?NloSAwQqEZIm83 zleWOOBbOW7&6Gs_?qHM)PsZ(|7-|oZorjwyq}ik`<1KrH*5w_6LoXEs@F0#Z_j>NJ z)jAHGQ}EmLfN9Yk_1cck=6;&h;hS*gI1jXqW#s2;b;<8LDd&}nuemmC&HwI-p?LYY zX#B~-sFm0W-0sz`3_%O@J{COaKAgT9LV7yhs39G6@Fg`W>1axR_x}F&60tev)>t_O z;mX5-g%O^P?!$+<3;DtF*~d;_nSPw2`23e}{bE+>mFK^+ywH;!4rti>@Fo)b1&=78 z=6rwrPFAn>kg_bAmwVU39&f=;pLCA^huI1FO3|(CWxp0*&*7I=Ac)b^>VKJTFlXQ8 zA+R?#I;bi0mv+u*yME$t168xgNeQgjj2K|+&mP{^QApk2y0TSAe`T|Qbw!rp@3(TE z3Ir(G)wyVZkG_5p$j~V$-ez}!GMsh(JL&vCylc+=ak}~YaRNKQU3cF%S>f&5J6wKK zx{wC{+DJb@ezo-qbk3H<=aJgsN|qa#OT#a}`TpL*JraQ{5}&orUTz}!b9nFr1n|RB z3o`xK{yCZNm9B0}76o77%b(HIO9dT8*z;99Xki5ky$+uD~4J||rI^dnZu#r8_kwIkDP&waeI zU+H+Zj3*vgl3XlWgIWH=>yzs7G@8I}m@T4|b=o=UiT#A#VBWK^(o4Tj>yrdpkVS>p z^@dnw6zs7Y$WkZggJ?%;?XqQI4fg#0+2fjfB8oG!l@cPnGjb`%HQyyZk{?Y9l zm!o$*^LN_JR}$(>R@Q>3oPsVa?)MiaEmMEYI=bl7%?&C*UBqcRmnMR zb6*L=|71t6AA6Pxdt8#o)T6_BF47KCxM499c zmwe_9_t8G`K}CNs6R~c;#=nZga&37MxYQ7>D1f^c>(5w26;8-@4;J7}s2#p?lfHnR zjz_LdTQyIVsV%>FJ70tp?YgNPR4-GHYD((=#dfvXZDZy0%on0djcZ-q;Y`!_-XpxU z<>BY4$1_Tub*H@QoVrW44lWMPGQg=wPoKXpiy-3)o>f$uW#8Dp0Qv2QU;8@Gao}5g z0OoMT!^aeN5(ZzLDfu2~U+j9U2rq{(S^@7$P|~$;=c3%=gqtg*hG+MmxBsRERA$&i za+$p)dgB&H^v=|^W2ToJP7_d;!O#o=l;yJM=;EjLXn&l4w5M%Q!HoX5z!r*$z&7Q> z?qH@V{z?0~LtT}XKUd!Q^5n{sXw{PH`mRU|*@rbIKi?2~N;Yu*+|&>t|G0A_TxlI7 zvJ00;y59M+OGYJgcgCu7c1d={s^bVxBesg-&oxdtbmRJE>J~|z?;ezw+&qI~Wc z@U+icfpGf8`GHHg{)w@0=nMST#&2q%^Gi_n?zC|F+6^V# zS`w--r@cZ{sN;|!J};ijW=#7qFrCCIxpQW}ibLCE<@xdj+^_F(Ki!f~i79+APEf;h zmx%+OMxI`EAX4C?YK~{Meck?&z%$JdJ+a5?s5^SFDo0*KX@;(Onus;C*+(?Vw(t7? zNcehZb^6?^na3t&2Vz4NCoW)LQn;PmSi{g{Mmo#opq)S3NAQu?^hz;s=BrGQvS&^2a+eD#?Tqzi2uV zqppEk#|`rM_k-=3G=ZW!FOTki@4LD)#zg7p8(j-@CQjTm+PVJXAW#R`GdzPO6z;k; znccbmi?Z>e^@O*vgqW*wLx-ou#r>c>tDR@SRVmt?xN)Hxe$#Rgy7Go>t_VFTYMhcN zm=%@RBkm*zF{W4$srURif+NQ^(|6jeh&JyxoNPWcGL04-o=NpHt+(26YFwJaSUNwg z7nvxfFV%Qr)F#t;1|gHW^bmWB67V8S-Die@iN7`8q6k|!s|4(*s68|~5n4SXv`zDY_cm&-s z>gQm3b}B=lgyhdz55(-AbJzbpPYOUsb@I@FG@zya1x<-n19jvTiB7GC*9^q=B+-(m z-|4(h7EcD*A7MQ^WKt1JA1B1rYTS%+-`MOeBvrOGJk1sO6%hnJl-oZ#NxCyv+ zrbwaW11sq0=)^qco=6y?gsoq*3Yt67;DOR*Vdf;;F?)!m#+Hr-V2^4q*pW+e(>}uu z@TuD@&Id;U-k4nV$H7IW2gpBto#zW(a`a<)rwxsGzjKrx<-cS0#55afnLNnJGAg!> zY>eWB)1YPVblvV^kQmJvDz+ouzJ7A1DFzG%W**1YsDP%6mEwpzi08OK?UP1S_-I}} zj^9kzvoh$Sd3CFub!c8Fi-uIFuLP!!%fjW@6P=8Ln&Sm{SYGP)xFO&E?OV(kYaZc8 zOjq1O7D@974sp^ZYhxe6r$i;$TS+DP;bozaz-IPi3p!}>ZA*E)kKXC_z90P1dhARzLiWd<5aPaRe`X!sa z{0K44SMQ1mQ9p$nKJKrAIy>sQ&t+z>U8|Xph=LZ|I(7w9 z&sx;h!F9VSKf84A@p}hud)d9FDh6&JAXzL>1>JofrhmsC@?>$QDK-;E3gAw1XE}WC z7a3s~sp|=lv>FkKWy-r$x(=4m*jR&(2x-^d(M!|02q_|_xI~0!z5W1L#411+x46^b zd7XC{i`t;&^WCx{w#EZw&;&LEt&SjVRreZ-enw+-=h42J$+X)Q1@EMJ=B`}$md9(L z1j~2hqrZ8E-|GkW0~z{iPoq42DBIzy%fV*&oEF$wuHuE8yb7)Uil!~T!=`0YUI(0W zPsMAL8LTt-9Q!R1d77Te>GEEYpg1jA=MSlDR_mIe&WQf2Kb~}?$qjLq+Exp-?bWLK z2Z%;}IdYV8Ki5;JPu5=8LQUNh`PTVtcEYCsX^`WXCh>f|A7!VRzgF;PNp>^dew<9! zIM=G)hMSb-k>P^ZEM%#}RPp^WxGI>hEk5eKaVsPTb6OOQ{nVH0qFvm`hKlr`8n2p$ zLVhMAQ*xZ}@9i_6t&D%GwL{ghc00vB0*U*2{pP_UJVd z0;s)gAZpzMIF%v#5+RctN`l4tKT`s75d98G`>}=Gv%Fmj%gp{}_*|*B4=IM9MkAVc zfP$cWqrja|R@%#XrW-+UEL?b56X-Es5M*_{#q?0Le6@72JefwbtKB_U1tRi(?q>vs$Re`gNV^oC)+b+~?^ zo6hwiKl)tRPiN<-!F{pNZ}Jt}=#7k|my}OZ>-s+7^mC|AKLHOL$DsS{KZ6?h)6KIi zr*W3g_@vsRmW`zHQJzra7_71IX}y@AI6kh*ZR8G$Uflii@GmQ);y~M^H?~LbRgpJz zgj+d4Rd4INZ7z4(1o;>@_kLh&-D_$o#vps}yFBuo7nyzqEwTP$aB8 zFFwco30kO?!0(0H64l%RBbmRb_g6udE2{J_z!f6MRBQU1!dMU#u+hlx&8X`$6gXd$5 z3cMCXd;!i`9M%g(GX`=%UJp7((Cf!8=L>2XTZ@L~UBb8LGgjsDw-t^z(WxZ6^IJf& zMwKm=o@BfjG`Vv4kew1kL71{ce0OGic31(DXuvWcFjgulYmr^wu*Q(+7GjD#9=R`_ zH~d9b)x!AXF@{97Y+4}D2l0a?xr;RI%g-7T!;e^6EiRQ*+^<_4DlW0@Kz)$Mpf!@7 z&icDlE{RuO<6|B?jncdR#`?6LL!MX2E#G+NX4<6!5OPy7rO81=u#F-1cALH`UHK88 z*B#T5+;Ptb);s0X*lI*dt}+>HPcs#u$%QPy=zC=v>VdrU!XrT{FD;i^;}66T&R#Fn z)>=8(*W6w>OP}^@!|}{n3eV1 zqKTLwc+g`))G?p~RJl#Ukik#K80u}Qf?Wfx&Ms{L*%FWr^}zV`l4=+98n@cg z;jh9ZDr_N*MIzHk8*0>IM8DX;NsP2J>mSP%hz}7hq9qulpaqxC2%Wu%#2Y*L+fxbOGIz7~>sle4vTG<>{(-CmI>@hF%KV*6#N`~e`)}<gI(HJ| z@VIlLHG1HqVZ9qD?75?1MBBxJ9MW}msF8kN*iR0bFXrrL3r}&rqgAU8^l`mz`5=QX zgr{ZiI^I3}REEkrN>%a?M!_kA*8U$L1rXX;mt%$n^5x2d-Dv=-!9WNO#_Y}7g5#x906aCpN;<6S9vek_-l9|Oe9b_XHh@1k_jzXk%Ay8 zdgY0m$XGS9EotaYe|oj;^F}qHKDD2fZ{m$1$%qWRKbLjPivv2fjQz89a(YT>Jg(kR z+uDw)=I9M}st(0`n;@fX2lCAp#;Ys+Hs`Ep3MxIxtY>Y`*!wQkocQz#)E|Tmi4}{w zj7rKdToKn0wd*|RfC93X4DQiq4GezULv|1o6ZkP0oUg$Z3L;!3R+&{?ntR+Lq-g{V zzPX2`6L(0kp?MOf#6#59^}8R*Wj7Xj6fc4-4;1w!7wSgEvsA=xVVGB0oo1Itz=M8|$){Y#U9refabn7THO*6Eqru=Nn!kzPE(FRqv&v)z56G+&-9Y zRZG>51W}v<66x;AHSA>P^+mRD0jHJmY7jp^K?Yn4Xss7(U(Y{$I@K8Ib-qnjY<>L{ z#oQY}n=f5U!Z?R)X9u_dQPVMXMN`pVsRNV&&j2o7>CcOZ$D3<7aDnEDleu`m2zh{L6|rTJ#Ml@rL78%d~$mgZD((6Mh=`riP}Y> zwbS#%!oog;^u1>nCHSm8l?efRF6c}AabXxfMXoebg2k|21l*84l!3H7Lu&BU)m+;T zJA5-03r={AHSmz-V?#ffQoLoXPWI0*^_<+wY_5I!M?gSM?(TU;8B9}W0D7z!q@F^7 zXj;r2^LX%VXh8?kVU&-wbJR|%xuId%YQ3(po@nc%k$ypp_AKx=W-KKI;bK#4DIXsm z!U3Zo-xD0j_DRiM3lN48&mNzW+W{*F@!l=1fl}t=JlcJCvq1*@T?(3%iYL%XG(d`7 za^kC>&=>PT&das-d$1SBW7Q$tMSCB-mOET#c85*9Ywz#E;pL%K7Ymm5+X`qo%d&kZ z!L_)_bxVf))m9TPO;PXRZ$E!_L!n+vVy=ER6w5XH%fy4-jWOYHT64`Lk?)-DiN5Vs zfA)@24F!Xlrm*CBEZ_j+0Cb0h+yOSG*v(Iz+rvs35ve!oF*@}02$PHEl^D}Inh`rnDLt>*sav{^5D^xmnB`4R&N?87%RW?qNgBXM?I(SvXVvB4=g;l)pHVIDq#j% z-TBRMMY*gh1}l6MeEjA|QUY@yy+-lvSr#bq@aMq!kxK6Z8GQvHMx5L>VACy%U1-*%n!ZTdvnywmkb-uGdR-^lqVm2ll z++vBw_wrZ1jt;K5|2h?V|IP=(klFL!J|DZMU;K2v1%s7hB>YcZ7aiks57;i+bpX*X zraO#xb@io1jM~~r9Zqd&(hHgpc2nJcA^Ts6ci6K_xTF{qm~-k@w)SB}LV1aXh}lm2Vkih=X_XXnAk>DGF8_b4vG>EP$0|JO51QE&+u&=K5O`G# z#hejpzdCd2+PB0YlrBM}Qd;DV&7L;s@-%gr@(YkxhMip|<{`^qa4Jf3GBj!RM|2FC zIy~!nYf-Tfznb-4r20_a*EbnSqC=af5P2dN>=)?`UbzUmRVz&re@05!pe_h>y-9OD ztyfU9hXIPH(W|-aih5Iy+lxakQTj$k_QzXYfS&ka@AjW^o0I0>8dA)-XkA^iGKe=* zb1g{`VhdA?^9=IZ@Z?TX7w#DL)tuc$6zD$kD|EfX1Hs;{zK?w>zMFuDPz$|CwZ{xgnWT>+|Nv@a%XgXUPmsSVuqrx6w7E4%s8w_yfw%UUn*Iqj!fq?%)B zZ#O8P6w-$R!yx z+_26pGDK7E^o+Oske5~}X#cUPm~Jq>hnJPfVv|q%@*dU?!klxl?&pUmFN={s@eW2O z=#2;ryCmCEBmmwfRP?Na9f!UedLegCGC62XK>6Mlc~Didb?$2St|V zE3xN;LTG9PtwvHvKY+|E{pkDE61N0305UELPR@TYcXq|Un0t3<|0hYFAm;G3{}iD9 z-iVB?6SpmoyVLH~wnr)Gqjll}{O9?c&xPD(4Kgh(FfF&u5zLBkgRt#_kyLe&etFeP2+N_?7L*F^V^(8_}&E%rjDkd z^j~)exby27*kb+M(|)p*yxO5PYi%?%uwPFq9uwXJu9+bCO1l=IOKP%%g9Ao8ly2^A zE~4RGhwoVfxAY~Np8xLNUp~)~?VVn;{Dk;VcN_4zVS^DMmzPzaM?gYRnqaa42>(fK zn7ug$k+X=izYup$0DDi@uLZPAzMABD*FTfh_A%eUF7}L6VDd{!%==%LLqU%hJxkJN z_*LA@Gu`+MFp*wVX5Fd5soB*fh-JW>YDv2%omL;*n3>&F@~hnYA0&mNfRhqi6fYp? z^OF*-3d;croDaeDbVi8fG-AfAk=lYi7)1i;@~C=eQMQah6c*S~4SqQqysy*$C`pcJ z>U&8iR>|fxBSdIX(Q^knNYae&I2ON(CC~bn6e}6LRn4(hG>Xfg|*lNeo6+27$-@I@i&P z*GIJQS>(iy8mr6J5VZJ~fRf`zsF2~_CqGo}MxLvg4g#J((w;H4sOlL55=~XqZp4`) ze00G7r|ihiipS}|-r&(+6uIY@_kPBM#hDY;ds-J46pL@RiNqod=SCzR?_w@avyuk- zu1mkDE)o2ql6hADpLd4hVh>{&q~>}Qtwv7H@TsU@I$GCrPpbKzFv%OeXP$HAwp8&; zsKxT@vGWGU6trr8?|cd0@2kwWcf{!PS}fsz$+FB;)Js~#g->Ha2(!8V_=vGStL)bE znaaDoS^}R=Y6Ray$ag+CzsnNg>uMBE#Fkg$$(4LlEa)9UX!7hW>7vMj(cJJdwhC*; zf7d)k$o-Oc02uR)7pOY&uSk7Pt{N%7XM3Kfjxo)rgAxhX33>%u*E_A*mt!=w9(MPF zCUv7;R|UtdC!(#C?nMZMRiihi(ZU~e-yLzo>_NZFQeFk@?SL-)!#M$djK0$INHc$| z$azZ@JG;}muGhw|oHaU`Eb;dcyDtNH(`9JZh-?H3OmZg&Vb>AY3Ti>V9fRekF6)W% zRjc*8YwR zmUU^fKW*K?iTxr=8BX}iDFxz0av&x3s#`$wYp^)<)<}#r%E{%)71$#wh ze-Ub^&kmij2yRt}8PdQ-hfbwNSPC@(21fd-49j9Q=iWwGkmi8mxm?4cX4pKmF5N*@ z2!Eg3;T4@L_xaRxS|ixUP99*chT@A&!y$oe$e*zQGxxzhAsE+3fIGMMsNgt3YZiRC z6cb+3nvgcUmL~IOwRh`q_a`k#3;Y_GjbES{aUT`-pqh4%BRCoeg`B-l99>~B?`Syb zqx}zvdB|LBP*nq`>9cxtinXK zQYES(eB3)68b)hysJV9l+xt52Vu1D0mPrrL-KPmOW{Z?>>439W?{9jBqoV%e=RoLq zJXYy#7|kWOcx}#`OcGeN4*b)Ei_+HodEUi}mb5|1>%aPRqT5Q!>}+7kyE*8d;QTC{ng8To9#BvM?Yz|pLOIn z^uA#}eJam~2nCEE4XU>f8io({EH$e(O;eYtk(j*zrDD~Zg4{GevlqJi7)-02WUle< zYz2Moc9p@QoKN>2x}yHB%yD3<7ix2loZg#Jb2s2Rjw(i)UB zo-w7ce~jNU2YeFkO_n}(fjpeh*Z4LbBq{=hoZ{Eseb7{@3JCl;HgLt^P^Q|`p+dB! z4+%Q_NecqzV{mG;`R>28?AY=lR=gQFUIqjJFTHAbQiGNg5X0W-;tI#8@sTwNh{H#; z?3|ISwJyla8+(8^M`UhqUNQQmdBlBmD+QM6;bhA}B*AjhJ& z+(Mk}9cEk%6#~{FaG0_Df!8w_Oy$sJo8?`O8-Ld2$s~_>VRWsWfE+$L7BJwYa=B)} zf(X~2I@g#=f>55;NHE9gc>S8Y9l2M<{Kl_BUH!01A*0VQ@77pd|DzY+PX!)xhdZ0& zH3M5g6EW&rPoXsqQ8gT5iG`P>UjsHrjsSqq0i>d-uNkhOlSJ(tzelkA;Y<|wRsZ-m z+It>)&c6Z7MHzFw;sGYu5PWNI!4bgvmvqW!?r=M}l*tPi6a{_;E< z$ZPS=Bc%>qX>t`nt*LKp>_Ah{E(=^HkWKsq1Okd;o5sLc8^Pg^U6{=qm`eTDtu3AD zO)IdPA268&hTbVn-fP3H?tO}7O%BSV{+2{~u#bx!(e6J|vLM|*)YM*4=$JQb72DeB zYtvP;(AOdcTg;I)$W!>Xv>i`|in*teeiQS>p#F0s2y7U+Y=9UxR}A7}UTo2SD>Gx? zbvT1sXSLU-PjChLn^6kEHMZ@ElQSI_ z*EfLu&;wf2^V8&@+`|PQSxNwx_jFgL=x6J2FHWRtO2(FpB50gIBC*zE2F8R(94rdY z=qFoT!@W&N!xF1~aRFl zJP6Ji_)t1jh^KPs0xp6_eKi+A@ykdw?clFq||9#sKui;*6y4YXu*O zk>O zb+w5SN2i(xWJxKD94y)zIyGYjCPp265?`j9A;x1OzQXzI<&W0yL9uZzmE@9;!wydgN&cykaUQR-It6riR5j%a^`Ckb4cm^Lb^GQxxXTl?&q*} zU6=3bcuB;MU*R5Nn2!K&^}oreDCy~XAQAJ{izvr z(`;%vcNEU6t#4?S>3Ztqi10v19(NLFDnzD->qX$uct?xO5uBbev_@B1ny`+qth8`;6gS7GrhhnT2fm{SJ$Cm2l5b+OAt(53@y2;hi(v zz?CYPJgJZIkCIx&LW|{FQ1L_5p`fhRd& zc)aEH#~6Kx<)B{v10Y+@V|%Y|p!%8(Swv!Kj=tmJ=VorD_JhB4)mfdrtu@}HsFm%* zI(~%mS62L3UzU12ty3nwj8m9yi#iu!f|1UbvHH0phos_jYh_w00;-u2&CnMjepc&M zF(blLZCFVOVB?cXri8CZPtJ0&t+x|E3-2-CooEd7Dqee6Sfh}L!Y1TiKUGD`(1Lie+ zTLuk7eH+ootAt}pTH5F@z>+@s8n8QxJH&zAER$uN^&<76J~&H)zf}2hqG?rJ12f5D z8KZcAmpd8{8?-XifR_^9wkiBU@F5?;=CMgAv=szXVRW>9g|xTL)Jsu`i7=E`o{787KLz2K2~d^@gI z+qG;+x!Bx-7W@w$bJ%jYWO)o(Q2(P0Lqh`A*SXRLHKijY)DdO>Zsaa*1VbE{uPcPv=~hgN;F5#Oy)ha;uV$*<3`Kc> z+gT~d)5~=PsBf<{TH7Sw?pF``SQo4%5Z)P$E^xuii^BcMDL49^um+`1lK`HbdMqyar?mHF3hCP`^hf^@RRa>9?viKGeZ3l*_|uV?D6adbp$)w`kHN0v zvflg^D&S;-=2V#G*icyDV=2V@l$vDBn0-{#2EgI}O*dgiF8?n<3lLeQWlwSe ziu*sg@^UWVltHqHbfVM7FUcEG#$>ZUn2J=f83{*@s;8ai24_*Q~ z3%afTbpiqgXYm-viHIWR(cSW8z+$rdU$im0soy!NLl|4CB9l(chhzYai$;3D`rGZL zk=&SD4=db(6Yvliy>%*e0(c5zHz?*tXF8H+|F4xJCzd}zrZJMmt_a+ezsDaT=f6ML zi>4|Vm3WuCHAd^zt9n;uqAE_3!N12-$4Se6RhIYHa%rvd02P*VuU&sPFB|+NhA;~ewGC5{ zun#0ThoTHCUDD?%eZrV4|%HH^#r*P=}V&?XN(&PxZExFFXzBshfrS@^fkU&C7 z#a69_ivTT!z4J=-PFl@Q^~$_p@b0^0;)DK6@Ta=5Gswy*hW@^3lMAy|@P+Q#>NC|f z!_4O7lRMg7PIy$Pt`g2Sw5L~WS3p=Z7r+C|vy_XG!+O70NK=~aMi>;?;%?IvT?KPV zyTy|treAEg|5ewRm_?l@dn>CI1!LN2tq3Xv_F6Ph_%@QwMvi)I$>C<-Oap9Oouf=X@EF z+=&O%p1EZW^kvm4JL~1Z)VNxg(J9vHt66KqWAKwHniSnO&dj*s%8{e5X|hhAwwHxf zAW-QxxVS4CY4E60<7KO}NcZwotA_gs(H;2+S>mIA>ovo3V6=f8=1CAE(>;^eo$DL# zMLVC^+Mp1I4IOlr(|JaAw?gFjcqpwSWO35B9d1E?91PKujDT? z>vjDuw}k_2S*ondAGNNRMFZknXL~>`MW;SG`D_{*Z;`pV>5*px8FbT(H<>|}K_AR7 z9am%IQg_}Pmy?bWnDuLgCn^N1>Z9Ufpp79eS7w=;>E#zxP zQHwFX7n+B@dEI&YHmI56CN{fAWS7GI7&l~|PR2S!ud1R6pv7_`eqRoGIXwd^yJ;cS z(i0wob$`j zNQJwVFk39n+M{7S=%wNq=R+2ZcGncI-S+Gpv((k`v=8Z$Tj5T!DsgT15Ay`n4x&rf zA696{f|Peb@MTjLq-`72WX`SQj63+!QBDXdY+Vk=r~{IV{Wz5DiPQ+v7PvI$Y?{yF zpHt1}LO33NeU5n6TgWY`8v6NWjMu?c;EfwtvTlVg?~p(Ck*7*?M#8^885nj0UA<CI03YIzURp>QslUymc;TKDxMNQNw;j2a zW(k^(|DC1f_2E|8lUKIeLep4v98vT!dy6kftgWQ^GrmV!kGt8asly?9cmOWfARo=b zH$c_-utUrJ96chz^myOzX~m3xg~h(~iE$i7$V@M&9%EM4<&pfmxc79P4_UmNC6_-A z@@2s<(#TuoS=vM!!%-h)GEItSr59`rty?L27oLPKn~$v%5iRkEPEruQRrGPfzYPM* z`yw_-)89Qb;d$DM;B;FK=<20m(6M7JM~mI zsC$VjL+Z9iCmaL99~0v_*s&slPb@x&GzX>9I1WpJi{0!VNWB1m2i>JL=i7E;;bXzI zGegPfdZqWV8i2BxVmxgmh(IVC@SEGco4{-+)>L@3v-Q%WXUC&<+pF_W!0E_-^#XF| z(r$Rz{J zp96pw?ldH3#C!WjtNfX{brB@uy9;AsfXfdncU@at5d6K(5DPdU1$BjSHnTj>cUrDW zE5>0GfAipx6x2c!vG_sN(d}U4lD%|i>Wu2OpVasH=d+(`D874V?%xV2CQ1|MBP8X# zy6c^lJDq0)9dWHL2A$sc!4;+>^sES>9bav&`@&k&C6Y7PSw<|RmbY$oBXM=#Z+ z4<{^*6`u#Hc1s&d)EQF(u|uT&Oh^00X=FK5N{8N*sv8$7mnQkchOSJ3Ko5(g63wiV zSKw@mSchG-%mvEIXw;WeF|Uix+|^{^rXWHd%vUxu%QVmRDPoPv)!gaTl^tuSq%=2@ zY6=eq-j?%UbkMygn_(rPlOPXzqSD#Lh{oQhGQ%l+MAM5?87+bb?2DKKEp`UJcnr<9 zeE0vma})!rUkc|IXU4*hw|@)u`X+J)th(-K6OEQtHVz)tG!0IF7v5`KkXC>Ec}3ky(u!WMe5 zQI|u7%BVlo(zczDooZbM1~QBWCCgG>-Cwgdn`>Tv?ef1|d966&B0~TE%1SHz^t}KS zanr8K_G&7HdSQ~%yRnoE&*9?YENX1n{&}oxbyTK+Iay0DWVf}<8q%4hbr3k_Fbp1C zK@j6DDOTpU9N)R0h;=FKD?UnZxNA_%)m2#_uPFqLYBfc15_!@CvI6(F9ey>(ESoNc z&Rcl6eUNJqyb5i^thdf`Haus4X6bahN*mybH=-4kVCweP&CPA`KxUO4gX|1?P{mLLCIE{PaT45#puikv?QCKGBY^;`O5?b~Beg)w{ z4bNbK-K)sTf)&*2Kt)rfmvVlj+IB_2_s?C<8A3hd=~Wv}`O&X15qn4dL4@QDF1OJt zxP0e+#X*5K{Asgi95yRUeR|(Q!R$b8tl%(ZV;egKq|f#^i*#o844RP6xf5<66Il!& zxaYYtZYJlqS(rSwOv0OF@Vfr>#AJ-75w_>wP$bHJ30V8iwl(g*;u%Ae6jT2(|06uj z{n>aWS7-T)6E(MJJ%;21w7CI8tjEbfVeI_wq@XY(0sJtKMBQ0it$_bX@zzY)$q)bg zP&rR(3B?3kF8i9j1*~lIqO#bg;QQ^*;O*yl*a^(6ws!b;`V2c*#I zHNCA1m)`I^0QS`ERuA4vG1)|$KBMIJ9(DL#n+jv?POTi{7scWasXr)lbKvNbn;2ss z!Ms91eua)5D6m%~=KDLgN-3?hNhWg^R#wO64>wS9{-wz;PMUl|@P7skXaj;tZjPm5m zS$qXeG|LNndW=HpH1bblbRo|Tf+qrZhDtC8fczZGtB3w#%_th3#P-HAEX%!Z2^GfN zPyq9W5|b>+_rdcy7w^6^Hq>o*JCX9l1_Nlt&JB0nUQ@V(4AD4TFey-?sV;pso%Q^5 z;$R!N?YT%mQ!C~7WWQ0_j`DjlZ&qYfnN=pVO$^_|`40SOKi-d4I@6`%e$`^4WZJZ8 ze2e1}8MUo3gc<&Fk zC-9!-UGcx>RZUl~h&y#hu<(rvKdcQp9KBIjp!%H(0fHu4Rr9++K8tRu-#byO8n2NV zN~0{LIOo+1&IMO<%z(-7_>(EZ%w&4X1;HRdkZ3#DqFpaNs>`+$YH`koe-T z>UBcHQ|Igq5yNtwHsbv|U(DI?jdnM`hDmBd6QVieAN6#8{qY&ghaiD@3oqRI(Ptks z@Xq@l_T9&W6l&^$i&9>i@-;^yGU;*;`mIX5tj*vCLH+zI0r9*73OtKOudDB!{<;B= zUr04117aCf>Ne;|qoJ}w8-)kM$@>W$oQg$+a;Qh^JZLb- z%q?vlRivQPdI1Mx&yh{lii~joiZTGB{7jQg;x~Rh>g3aRd37vTnfm6g`>$EUcDTT= z-#l>r3Yj^PbQlPvYvdJwa1I8jw6#i-%bg#4A9+S?lME`XDJm`kFbi;mbT$Navlh@+ zH`9b}tF$XFfp!v>jyNven+>%>?o-GbYfXb(RRA`)U%XIP?lW5G$l^E`doz^71l_2A z^AwiN+^3%NbXa>y%FKgojUQk@TvTO`;QXC5-M3f>C;Eiy2kZGULrkwa*$RH#6`l}b zeuo{^Fl^pCP%^Vib)S7L9?Gh#m5|4fgsiAz*8VEVO7f^f}ndA*bh!9{<^bki?{_yw~(;% zsWhWqu48g7L!x4TuJ&9mw)e%M@aZ|}zYslz^o0%bdc+)QX9J=j^!7y;9W~=hW-a3`Q;g?)&><9aMR2XE-xhp zDJ{!q&^Z0l0UPrqhd^RwB42#1J2E+)?9Z79OW}~Th2|MxzI93{=Sp=%?w&ctg1HKD z)Z9QR(hKJDs1&;e)`OYV)*NN26MsA}DKeBU80b#Wv)63&Gj~MZonCbn%|hl_IcF<^ zJa_bNbQFJ2W{srv0ETUPmAH@Meo-~3pacnLmThYTHQ80~caRlmdb+UO3;wye!sJMZ z!LjF)3BSXqW`d0S)pBE%S{y~@+KU_KZAe$9!FoW#?*P+5((@G`4xLAj!#i~3CG-#v z=*I@4Af&7Cyf@d(zO|O22LoZo1#clF--yxAwk2iad(n3RIf*?@Jq9474A3GL!(Mf% zeaneOF1j5zyb0x;m>zT^uJ-dER7f#54p*hSK_SV#d4n)tCts}lAjend+85~(tO(*_ zwgG~94y0SMU)b}gAGAK8_Vx$mDfO>=$9FB_3nC-RVsmetun8DDn7%uUrm`s=t}Z3RNZO;Q z6jL&%-0F1NOa^lKEJ=EymXrcDp~}Xb3B>hZngt%T!?);rPp7ZUgkRi-KP7>%i(6F7 zDBCH%o%zY7SIdbn6j>;4wfNlvMrtOH{TE)$%1nXLS$Px}KibrRF|v97Ip-;z1g?A^d9u?>+Gu% zCe6ER38Dd4)&^Miul{a2oF=f*vrI!DIaRNrjk9SBBuKvN1tUC@TYImqQ^WnD3eq=f z%&h_`6PNDuy5BEvub47}f8Lg96`6P6ij08yHFGiuDSSO!WzJb|J!wmzU`~-P-+5x@ zrKO}Cig{f-0Pf5;tLy{Ji|UlI>L+CGxTS_U%IfP zW)_~O1VinM*7GtKifEqFN|PPRhp~+FUzbk!#`WX1oQ6d_rb8!9*`KMG_^v7gx6xfG zBDB1Q@9Nx+mT7Aay1atd14W1kY}N-1N_P<6xV`SM9zgQb@)gL8L2D$Xx&+dh?S(ta zoIA0!W)ELdwpx{%2!R$))hZ-TE!zF~@?g=f%3-|pu;J+cA@04Sn)+elSDvK9hekf}kq{T;1pR?N< zVbt3eu!d$n4Q6U!JX%E>Z1jm zc3z0qbtEExTsP?m`s41hbA*+-=-_+rA)b9RCcE#b0_h3Q&cTQ4wh9NiAX5+6o~{gY z#qAKrkNqhzF%JF{M@0JPhLF3N1KDzz5p$xq!_fhipPnkTj`U5#T! zs+^>L`jCdTT)wxu$`4OmAw)ZuY}F7RG@s&6C~JqiJfB}Ya)K+L_JAWM&o|WEoZrv|UpVe46$s7cV<#l>~sQ)BBv?!;>rs zs$nrBbpt705*~SxT+Pr&X+pjsc}&(vI}8$RKD8T0u|IjcZ!BRbMkRO-b5rU;zC8YN+G)ghW@){?Xb z{4cv>G?)wkodFYcn62@OaOY;<&|9e9dBeKT!#4axdwa1lf-*Y2myR_l`AOgN+@_Yb z)AYh14wZxg*pFl~;-KaBw@aeA%k9pMAbxw9z3ZnnlmAKf!n9)HVCCQ>fV1GqKBslb zuJhw@t&g+-Wb%HuM(|Sph&0#oyN(-T{g43e-aFnKu!KE*IXfP9FS%nU88n=&ueUIz z`&b?{a_Aq#)|hjg%3GJgIcrmcNcHV%i8rU4IXsm8sXGNY$y%K&HH%*Fm5WnFQO@x2 zaRR~Z%gR}73yYq$c1sM_daZ>bG2gDSmEuk~I+RFLjytQ7&qb#>{xu6~K9P_TuCw&H z__KY!S{|ov-S{u+TGIl)?@y^CI>?Cc!Pgr{DG!m*IM5hkH(!O^ibOw6Y^W7zlGiAO8syWd0aE$ z2!qO%>8ZH%^a^<61yv4HzRS04pNK5UF8_XRY+1_eNaI$!uPRVm7r z4Cp)0+R$Ttczm8Mz;Y*2aUY(PD{k)}P5uPG4?SFDzZ18dDi>g&gf_?xAO5#EmwWW+ z(G19{-|M?h_G>`PSmrndXl5)*6GkBgl_CrJ+=mHF2pD6U?g+=6aQ&A?!ARY6R$3lP%#G- z12L69G_F4fI(pm`Q|i}4yM?kT`xRWwmITR4Y~Kydb;DNZGN+$+HvKL897-N(ZpAik zXsGELNXyjX-)8)Wdnzo+!Yy#XCT20n`g6O(K)d4$e)%mXM|l1_7)-7FKaT>2oWKfF zIvHn2xi0G&V=5Cr+E@a>&FUI6QFxBo`ju1uvT0Uw?hICp32Xo7gZ?37S@7cBzEBV` z6GZGuT3Evz1D90}G#pj8p4fTK^VlgO0KljMAX;dK*LZBd%_xTs<}}Zoe7ziXh|&cQ zx=K!pD*TwMY>|YL)YWx^C^c)p8}>2!M234+@W3)a%Iol!vZgP0K9<-zv+5Qxt(vcq z_yGq%)StTVCl22++VmI`jD%t{1dD^A`8bEt?y-o!Pp<_i;5(o7zW&ugPf%P)O-*h3 z_U&0?Oq<>O{N~a)TpT_dEln<_Ggzc{SWM?$5QeMwOE?OG(~p!@0flTjSbrD88T$8j zs@p%}23mER*HD^=DS5$zRy3Nu2b5*4J<7Za_r)TFjP9%yzRHwj?(nlc3%NevO(cg~8nvn|c z0#N1EVW{{qsBzK@{Em35_KRd48iT{(1GFv4asNcAKet&Q*uFzuCSV`J+le}!_7)N%?sVI7>s8A_U$_OE)&GJEVonoK89plt)9(ES3YWR}nI)rFPGl9@xH!?q^a9U*;Y?A1}OTvcKPvqS@?N-lrg80S+Vok2=85s_e==Q2ui; z>+O?5WhCT0G_%$4E~SM6;i_f>8Rxkg`K=4`Mi>3y0Tn~(@-2r_lhZg56~FvL(; zk>Dts-KJ;sXyQr4jY%691EllZkB<>f4^vEA>|o=}7X2U`4jh8^j5$8gw_W-9amL8Q zT*OjRCLcy?;>(z9^DCl@W_SW@!akoYMqhMGavmq1(qj3SC-Ak*QyNztHm9DKOXIh% zSe2~XCez`5z6f5YwiDIoo{C`roeciHMiZ$NBJY$Hpamm!>pWHA$=A7^kot8^xBPj4 zAeCe_xBFUd(o)WW9jb-}V<0Zj^BET-vOahH@B$(fQG<8Rgyg32yOMM{thn??@Rv1% zAdfk70<)TEXTSSjlqk4o+(^%ZG(Q$qyA`04J7*A@NxQD>T`;yma{V^uFrXp+P)=Ak zP`?QMG*8Ir>YZ~s7HFpcikOzwFze@{p>Kdk%l|pk5$eC-#?v;6Zpm`sl%Z1Dxz1q$ z`To@?xY+8g#zFQ_+0 zL)iX}5L$qfIjgrkrYyss2A@N0jv7>H?`6&rOi(d&DWov|+fA=SKdoDUJkcd0Pf+4J zJ^_g16AVZZy6&^apqwfJr;o<#=E_0SCJ1dHouhR+y=gG*Q78h|njmAeG3=fI*hyL` zUy1A#!RPc^qXp{N<)TE)qaPFp-0|hjSR7Ej((S1AvKF}f zR~Q3aT8n?Btog3W6i110vX5{WFwYdW6rZI}-W=4{hse)A1yL7kkOgq1bq^_xQI1DL zEn>{+vK<1m8ZskpKab->jF}Eg4q`U|sE8g>kjSal&CwfCc;lberBmK_W{_^^7?DN> zRt6L%Xzk^l=q2QsYy)(&$r>QU}I-FD;jf=A4WjtZY zG3fwL>#s@PTzN%raOb9o9;2UbGbJgQ$L#y_`^xSfr>I{4g;6@W!(^=5E=aUf=eI~s z&G;Z-dy^LpX6(A07T(Ru@@CM&UA!-9CQp|Qj2|tzXQx0DV8qza-qQsU8C0k+G{k+y zjo0EJQYN3}*_^cE9W`zCLLpf7GH95%axm#LM719$d{Qa+oF7%kncXAYn%z;dOnx4J z9J?JFw(p?opV)e-jaSNkzG7RQ&2PsP7WVGj0UDeStk5?uFrC@W>sCxJ)bjAv$@*o|^=>pftatdw(a;92c2GsT)P0JsJ4{xOqIgEmC8t5n>}2b? z*!=F8QNp~}XRoN!Tn4#D-&BO-_-z@ZZV!6f+fD?PJpGwi zpMr^LxWP;>eETimIsrG3K`AnNJALCzJr+83XF;T7@s7b5mO~f__qgIuw2DYQ9mjp# z4cFYF%%dzAlW&GkaVDlwt)`T2y4|dgf!ff~^=U?VypPv>x+^tC#3^3lC`CwDmj?0I zuVOQm$%1j;{|i|1kGF2r9SgTua3=2FFD-EmiAg6^R_KMUnArvHTOK*$N)0lQivAr3 zR@cz@1deUX17YC*N+wfEklR31l8fs~z1mdQiwT>q-+O+a4`@&n16+Rwhr-$&Km*ad zhJyhrw@aSt=V#Ib-g977{eA-Y*II~o#EQwUZ7x4y4=2%ci=1KuQr-_uxU#BJm{6p0 z7uU7zGBJPw?2*h@^Q~BsH(2ZF8;XmRO91dq+fHMkcpv?XY^9yr1uCBAhrL$Wd74qJGdlZJU-Wd{Fu04HSOru>R}aZIKmq+zfpHA1S%;uQRr7b({wG$m|0TWK zU+yvT1OE%M^iW0p|Mx|Bha6il{{X@IB6!{-z(LEuV3(Ski2F{OD5%8j>}L#P`#?yG z+!E0zFG^+r<`CFsR3{s}> zGbdYC@L%ZOmg7ceigq(g4 zKmd1CC;{%k^^C)y74%KTfDn%k6;@Pfz-^}jo?|mL8{ze9Tg&dIQawD(m)RPQ7Wyz` zNkM-jmZDpkH$rG0S4UlRFZSeLzO+YS*Onc-IWS#ax`nI&$Drc*cxU7 z>l@wfzm*oM|Hu*NWuE5am<9>L6!gnTiK%(|>pj@l)83C!c5F>sHdVRZ-4>sfA0`O> z4EVEj#^JGEhI2PoM0#&~TNEyrjKDwL?u`8*+&9VT-N~BYy12%Y+cXoUqx<5FZu)5_ z_Pbm35L#FjEqVZhAuc)9-r>`c2*BE?~QmmboBBC6d`(mDIMUgjK^? zHHinl-W!zXE!=+W9WYmOKUmZl{QT-=4E;ImRlMownIk2*T8tLhJ0)4_BQM_3XB9A6 z_m$4PJBnjsmN(>%#ON^RP|_Ve;4Zvu?N;{kChZjsyNZ9V8h)KSh_h-FT4^!26nw;q ze6+lWZ}iNXEK!cX)$+lm&6OziOeKR&wrHo)V_@t_n7$Q0H$%C|FLZdH93d$kdk5-M zlfN_%Pm9gFF?#xVY{RkABSW~wNN7LECBjjXZb-B8<~H^If^OK%&U0*M^%0GyFGy8D zZom4i0kno;OM+TN)mdWZPvI1q?Q$i2(G6;YNwM?qV=X!E{(7dkHslh#Gr(<7ep$5{ zQz+Uu(X$noW_6->jI)$IPSP{)`N7WU>)^+308CcaEOlrvg+$O6f^KyzS=^5HU8kmC zkKW)HC6P$O8v6R!(o%6K42JPN*oSk2HINn9uJ8y}suQr{sFCx!?CyqjJKPC(ld*QQ zbd)|zsF`_cR_Z5juyPT?GcCK^hD6ADQt5ED=tCSoVXP*}aXl^5sbg8GE{dUa@*>K+ zo3RE_`@y0i;+YGsEPd#>@fL8UVxk`a& z{%r~@wg0}7a>C^I#E`FQy!s7SI{YP9Sm%$N?nfK@JHFkQdb8b)j#P^R#`@9yb@!n@ zbAhS`WpsA7yOM)LCddr{na^lYMR_n2+**20`Woo_^{jt?V0dU~lH+h`Np>2AwYLK+ zY;XN-qgzd4O;c-Yz7mD2+YUEm_4Q=$bSW}__EYcw^J50^Y_cn7h$aH_kfMogK zXkqfp#2d))w%<**2@J^J|6H~>PWA%+ZXX5z+W}BMb^`mZ!1%|Op1QqNZ2hcv@I~ID zd;`65?;6Cvo;-JrXaZe&u_7#Rm5IxDmDS+Zv%uQObE9eWLoYGvLGbym&$ZQKAsqkU zXmTxCmo9c`5x3M$oa;~5 zDO8jK1hCtX#!GEyt1`MC*WLEq6pe`N7ftrbR-}LMtrf%CpPAa6VpN*>sljGAIH~$8 z-ZDmC{GnQ`o9b5T9b1%v)%`4^xU&1B1xZ0RO9gEbT$7uSk9R81iY7RBuQodnp*R{5 z#h|%;&iA(Pg_k=`S|I5@NvRp8nuW4YdGf)rjW*ut*IMC(;g@sc(fyiu+eri~X(+ni zE{<4e)G$V)ZEG`+@OS8Y-_?+?DaSRsl^HWuW|>mv;U7^Y&jc3g@0M87bs5*xTc1q# zq9%NLo?qk!Fz>GQ&mU0{J$rF#lgWCW-(k^2&jzjKk9k*M`t}~_0uZF)B&py&X1-E2 zv%bpn$35c4C!^*WE*d32cx2(fZnV=B*Kh1R!Jci=)U3$n=JZ|UhAT*$v|GMv^pz1_ z@jz)oUQ&g$2lc$~FA$Z;jh@ga-9V}1J}>r1G{dVR9} zEofF=*E3efypu*9x!Lwb4W;z4+}fNQ?|28i*uGGIaBApiA}oH}3nv}b<@~s`&fW7F zB?PrBtyw8;v`d?fdlK>epBA&MK8D%P$KNA}ZuwTFKb5pJH?9^=uy@1hryRXgBj*c) zI=MEfusic*9}*9BXwZ)iTbt7`nt-G+-hpU|T6n5eY29FE9)j~i-Vspwf-u81;Kkpw z6jG%I5{#H^H$|;>#wsA}lc;19O73p?5kyz;zCcV&P2mr^TmA-j6QgPr>Wik!*d7L! z{&Fe%-Gx_{mp~WJ5AD;cIGQNDTKz=>lb4sL{wo#zU`iiynvTk`MR}Utr70eN!0WA^ zN+b3za`=l?ZR)UI>D8Vgw1Rvb7D*<+X-E4Q8z_woh=(i z1b;@NRJ6cu=siQDmcMzL7m8adsg01?Hh#g2jVWb*8|2&4(0F&!oD!RtC-~y89G1me z+!md6?HWc*vd6fu@WQib!56$>Qxf(LuHsP5J$It~ZmLUsC+5e!{Moz2;=!%-YkkNq zXDM-k9;V^%-YTRU2VRT=aoHtyRNav1#l0o+K(CN=06v?UcJjIlv-Ii!dp;KfWcxl0W2D1-#QfmX*s2*vB$zS9(j$inQUP3vwmV0l^5qbxEk7NCM6vG?=PW*Rc zhshVP-C}u!aGRm&*gE~M(?HLvz0pxA!`zwV@?S2r+MSNz`IdD`cH6c)2cw;B=mo&} z{bCd!6_qxo@ZFX6hdDmr-CRCpYPGyruS;M>;TeBwo(KvGl53u95Y7T} zXq7q;-aUohzX}4Gm)TRdg*04hF;(+=*{EZ)@3*agSWJ?z@T^==x@CJ~HKKSBpHwy9 z<+WjsTDjo$La}HcYQ!$CRf6P_<_F%FM=d!sMGM%UJLxn5X+b+{u141k4(2qq_Loi% z7tc$TT_0+sr*rN4JUovV3(e62!TT1qDF$u6`pJ5!se~pr+qN|ygs_md9KX=r2wg(g3MEBin8)~n3Ge5^U6(>O zW%zVK~2>oj9@37Q4SqNP_S9&oE}v^lDSNnNJ|+T8g#&UA8cTEs)T|L6w+} zeyM*CS>5zrmnk#)obJUU>2yO1)Zfoet@Ns-bxT1R8n5+jxK?kCs%E=&c^h?FOvb{L z5~jjtlu^dZNjihkM8wgiVaczTIOR7T(s-&9j%1C92eBPk_MBw;&6&oRo&|D1B6+b8Dr=x6EMKJu1)y?5r9 zAE3i!bm*8%_KZd){;}{K&-PmI%RYHl9p54fgAZqQM5__J3vKOe z+*%xlhy)3$=3b|Wd>dJ}U&T5{kR>HEF4c|)BeYFHpEOH$e})rLLB8T6B~%n0XcR(m z5RY>vOB=FmzfG<((HG6NwzlSo&dh`YPYS36K&bNdEd#oOY~QCpl3|A)tF=waTJu`q zj*@>L2zuMcNNV4F&x}oFhRi;>Z0)s|oiJGP) zN37xt$nMPF%|MRrHI(S(YI<3VF2Ziry2N1kUOl~IN9hYOFRw|y%+lrSWq7xyOBD@b zMT0#fVttJVWrGN*-TAWl)lfM?+v*W_z;N=rfi)`4i)|QA?}N`fH+Q?Fq>k%f(xI_X z>x86_$OpnJ13c%V+^3gzUGN8it&YtYtB3DlO9vGrS%;tk@LoDjJxeI&+v7GzZEzm*o~PfQ&Of+ zFNh&IZjAbmt3CO7K_JD$zldkKoQh-j!WoHmjt^3wYmJynGSSLd%oX?DSiZfzFgWj@ z-c!g+M!cNHMDKfl*7BoUY(#uSfWj=E#k3U=Il2>4<$y^)+5RbFEkL|8jO*w6Z<+J?8Ox=z+|_g$K~5| zYm$fZ-Xyzdx|_(hT)~$Rhw_z{eDU#5KOF_kv=21`zYuIvlK;IV^_yqu0=wRK%>yIu z9S5XSlwretP{i@&i~RZz*31K|DDj|%`mAkJ9A$+4&={OX$36zSC08IC<1(A9*3$FQ_W&pXGQVLuT~QnLiq{XK z_`o;bn-;BSbYKs>XR`y|7175YuU{L0`NEVThJ?XYvsOkaTMftA`y%DvUK(aMYM!IJ z)j{*)d(MRM>GcTo7gf&j?}t6Vyysz*vAI=c{WfkRYJ1zO=)V3#Fo@x+Hz_o(@iyS- z#^J~!eNZB#)}hn9*x=Z?_g(c#7dK-p%Ruq%+CF#VB|0hABIat1z_p$zDdprim;TML zV+C2pA?1d9k{n7GX@egZ*k?+FM3$)ph5Y#p-Ct4Bp+@#zE1`iO-~FC5j^~f6aumT* znUM}2uDCzCR(g^L1+?41h8#uZq;r|bWFI5um&`nxE!EuK%Pq3ixA%QiPNXTem9(5s z|1?|{A!DnPJU;m$ERv>di!Hsr#>IXl_i$y%dI=eQ-rSnpGs15wnJW-mHOWf^ytP*8 z)r!g6!r-N|z_@qhA5m*uY>jA{SB`<7mL<(vmA0 z^sF}1k5Ejf;_+I4{5-%7avDZ~m#W1SH?2*5;V!tnQTb*m4Jfg$rq6?swanx)GFN;a zP=0DWAiNcs^9>fB^A$E#p`y@ee+ebCAisiI#(-dy%uA@iS$(@zbS6w4`@k#W>Onq=d`?q=f<(1e z*Ds6h8pV2akE}3Z?+-TUPx#VMq}ylV z&Qz?lN#KDV`G$N(S%Co<+Y9{o`=r_x>S~l&o6XP0Zgij_lHWvz+p~^!z1b*uyP>=l zB=b?QdxB*pt-@{JL3wFrxr&lP!wImy2iG2U;nHCjR_t2NF7UrRJmjaBSkU&(*StIv zP`O@+aXN!|&G=puLZd`N=YY&cmpkVv?GS@rR$vCqHG4rN#XW?Th~xDR7rK^LkHMD|Sfyf&C9-V5dDtBc9T=U_T$2a>Y}wLB zuiF(Ib)atX4F&@0H~KAtH}!Q-!>+V?7$H5{HO&RuBR6d0`B&lq+oW#LIbP=tFc-3> z1GjP8bBrHIFYX3J#Ku}hfpX*P+FDbm+B3V|gsl2GGA9p$OfiS9K?RZNMHVhg9i}3- z>I%s7RSr*vyrD=PDz!qFQ0cC$(E~%Li}-v5f3FOKP{e&6?Lz*WbUnU{Y|Px)vD6=T z5OYgZHC>JVfgv4BW+?6E8G57VpV~@x6;YRjI^{5j-3&V@Syqd+YNp4MU0CF!+|QEE zwY>j9OH>y%lwwyo2v|E1334!Q6ZvtPV@@ck`xkmUJ*gkFy|Mr;@5?%AM#Y6ne`Y!O zO?xWNurpGP;JzJ6B0dzswhZ$p&a^uz1j4IEx+-NB!rz9dvU;R8AnH;caQ=v~r9!8* zV|CZ&hH(YHk!>ZCPoE#$#%Jpv6FQ%yTLmD4}Lk4)Yb5B7PHpED}6wBY=| zd=G8CGLmOrytS=~|2Zu*2R#3>lMnv9g>g^IW6N`lpW@A_`MA zmF6zfmZL;jD7D355$}cTsfg9m&raCidA+^Ypf;xmroHV(upTUe)cJOj^uph;M5P|C zvchCnQ%zR&P&6H;H>-H(oj{bAW1svqy#aD6`iGe03Ux_>e=uJvN<3y4+`K>plaUytRoaT8M%wA z)Iu2f4A8;J@tt-O?les?7a|HIGbuk_=Z4`rK(wLX+}Pp;B!9SKW5g~B+)6=V%Eh{i z6qJc_gd6&92DiJ;PBzZuC8v{`UIluY5kC}UZyqSTuKFk~;tvgY?$N&l+3t@D?-%OT z7Sm;QCO}J@v>%+B;#gx%?9>j9M4qr8SGjR@VEt`x=a88&NB`Op3O_CH9hCd+sTcG^ z)ezoV%oxq@6H-`gknfqfTIa8OLZ|x`A*Pj^g^Rs9MDE+qelX~z59^7K=oVfM_h8~* zEOcr5!bB%rp67Nh7C}WC9`8b=&8f#%-HW>06? zPlTA%>pe}zf42)RSeb;h#D9iLEOhGtuPv)p|5cGCjjiN9Yex{@awsw&JDVAl5`nv0 za5~CzuVNfO->~9VGjZDAYj~^IRq42^{Sqa&ZxH0S)6aS!Cw_Q1Q4!hJq8$?9Wi^vA zev&lU*VajMu*;7*XlmTX&6`_TB5tx1?ez`#5o7lHld}?UvVf;ccJe0;41EgQw1MeS zEmTH>r4WnJ;f_?u_Z5>jybdd#k`6Z5`ONPJIiAUX;q>vcH0l>w)jn4nkBDdg7yqx{ zW~J9JkLktEt{StHWVV#?Ql<2`jCa?VNx^%g-TS2%5bAwOvGYg{#D1V_3T#`n4wWU<$G>c*FU2*d9PkZ8WD|t4qC1HG0xos zd$&Kj8nR{rh072JzD@k~9PilWVJn{yZ`+p3Q_$RgEt6BaP`Ps)Lted!G;QLpd9Iu1 z(UO{8Kkp;pQ`URS`yAVZ8DGt%`Fn_`t`#TY*gm6!5hd|en?&yFjWVURHdnXuY-d5} zEy1(9n=T0rdAH4fO?&l`?kuWl9Gqh~PP~v`wTeNTbvvSe)ZVO#7K8bp-1~O1xqtqP z(<@5+I|q1)%bA7vkx{-=qmxk7{4R*sxWa5Y7>tdGpoHkexs6;a;Bqb)CA*w+Gq1|i zr+uc;p%`1D1VkBE|IDmE>Y?;0JZ}5fdGxjpB4^=x#oqIP{pY`=_A=LGL%P)JuM8e@24=Du(7T5ER%vj0;~lh_2-=^OhQ z>ikb7iMM9x3FKi#Wn-*f}*Me;>~!nLwiJwR%Z9S=VL zb}I9Qj19Wh1ltL(j~L|1DL*1|uTE8R#XQl;dU(U|P_kgY_0NCT92GX$&h)(Zv+fB^ zA$P3F%uS&Co`N(Msek|&l^HCP&UJ0FjU+9R2K}|J(n@6={L)wC`q%%9Q~2BNIA>z= zN~PdZ)pn3)VY&8-4-!-$NtoK2OmHvyK#Wvt>ngCi7#V^M4RKRkzar(aDaaJXgc*F+ zC=uj+Gaq9pBRTn)p#>qwAQht7z+#k9IdNaAOliCS)rP&w^E9Q(ear~{u2adk(8j7E zk<25kQi7TXJ3V*m+wfjC)l>AT+6cFptgRP2@)x`9Wi*fnb}#Za8wCvxQ2SZ=1`)of z1rN(h?p;Ss1hUDqZqAv(>RLl%a|XsjmR!4MBEIV~y?nvJ-y*m?+46Y)Q}7*8!7E)1 zdXrfKBuf9t)5i;vXN0N5ir2RtVGrB5Ab*ZO zZaJP`$Usvw`PxHUyi1?z@UzCMLDtU_8!KUJiEZi=HkT9{dlef+iK}Y(wJ;a_c=G-X zY*ZyGe)Ay_Rjwx9-~Th^#PrK~%vR!u{jCFUZHaxjsQTk*9g`4W&tIz|Ze#N*1OMFE z6G-Y3Q5(usxpUija_xo`@y_78jBA!3nZB#~=4Dpw4kBUDJuKB)S+h#t%ixV^VPpJ* za|&f_2A6>QAfr6dw$Uy-^)ZMqH(w_EV6DB;`|t1T1h!Rshg=O}R`+bzcBzAm%j`?5 zGbgO0L&WwqEiOQ>u^UW=>!BZ3XvR&?GpIgG`_TGPbvCPAMheQ0c#`eQ6)e2(FLNO; z=t*c&s1uvW1&F$(vD~x)|I1~1d?aM?4(23{w&8G^Z)LaIDf`7NW(E0pwePvg?tvqo z+cVkE`_MD@q29bD${*KSWgGnnW$q;Pn(4<`RNBd**B}&M`mhB@QLVo4zd9MQ>L~(8^Zq3oI(4Fa@@AgL zxE7drrNgkhtO78GK(5@buZeQ~q4hd_6U1x&(^vzW2`nA<|IcCi2LW}eRI;zlft{#f zWV8@DFrY^u5YTyf8hbk%MfzY=U3o!2wY0QSY&6rqizS*Z$0vU^jptgC^aQ3{78>0d zdQEts#4a6hemdEK?~=W0O-7FXZhqlc$Q}LN{wE*-i1(PQ10t#2fD7rS{|@VbXkyGA zw|6Kian1#?cRUkF!S=8XALMjQ3@f{sMlz}l4)PGU3Xi7b2l17DRXrk0s#tE~hC>8) zPg2$%8rlEzAkIX$FxR*4IkU)a3nV-v*KC{ANam zl3VrT<=xA3`*kz}dqXtaMw-1wiB&kZ^Ed5|&G_zy~oBa8>~sYlxt?WHW9_Snz^h(y1(g~MI^Yy4bubc>$yK0gu=Ku zz#{sfC-xU)5rki^8V;|uf$Iu%f1c}i+hqowZVQMcKm;*IY2bs{#E+T)x80@2L5}Ix zA#9kc__wwK)yuw$*E29Tu#_JSRV&oZDi08dQEoFntr0Ywz2nGV)JV!{#!AVpUt!zR zYQ8f^VRH^0iFaAWT{FnUqp1jE;xLxX*(DBsG1mpVMXN=57ix?|I_X=X+#(ef6InX`W{BU3$_0_w`-a&FJfJ2iDfWZ7pF;DvHX_qLG&W)G6POo+jq8~lKwalL3eQycD+@;vJOtrME;rphnDCN~0}DvN7D!NT0Is~29{9@ zo}QkVjEtx0j3sc!;}({dr5u761Xm>BvmM=PGIPBqO;rawRb?`L2aBf;{=xO_mU}lo zx}Edp9Db|4?+K}DpH#(}Nx1ZB;e+pP^3KJ5;Fi$@ffj>-(L5}}4SnzncorFD~jrS`o= zVzQ*ICo#~xZ-#Z6gHV)A-m{y;Cw6xyjQnS8N``+5c zMRu#YSSWll?LPg~y)}DC=raEaYBO4_mnK{MKw@$F$FFzh-v5DIU1qp{6sm26D3IP= zlq)OT^VyzGpZB~jl(XF+Qkit@qKE85cDHZ|Cqv>Wim`er;UT)|vJp?hmv$WqNGy zYbupv(6^jW!<%apu}-Dgp)0Lx>w`{qAop2(Z?$_k=Q<%oY~nmQkw}D~z(M(2F(YvEtZSJ#YQexYsca*7)p6H0G+9f_PiP#dGyQM0nRMG5i{Qzsx8@L^k@TwZwHYXIdBoj;Lniq%nM4p@QDtO22rz{NGtW zYLTwUL*FMLRHJ0F1l^|mR?2?))!yUR>=R?2z@C3WH>xUq#^?2~8pOnLw&HTY>F^x?%$U@4<7?M*#|2YuNJfOOBrG`?iXJc(02 zN?y7Z4Uw~nO)JaI{3LS0ablFwd|Pa!R9drG_KujZi1&o_W?A)0w$dwqs$-@8<5Qi< zjC8n`5;o52r59*0cTinjT}KLw5&iCaGi09PGJ}+_b{ntt)1qw_DnuG@nRJ5XPHMZ+ zz0!K`gwm_snEB%IkbIXbmPp;cUge^s2`j)* zc+G2nYjSNH6bcvaLR!U7hisWYzgSj|SeTKutmJ#&s~tBu@Rfw&>ya|nDe|c4Rr2qZ zV>Y-wP~_lIvl9G^d6mC3G~F7zPRq<_`r?|3y^Szu_8{ri$Cku z2JEtJzPvd-U#>fHA@pv<)^dv(Wo7SCn7<C{RX_wJ< zbj;c@j7h96*G@ahs2=^#%!2Ph*^V@4tzCinJs#hGCItMQT<#gU$Q;a#?yHE5cqDsQ zUG$o|QY75hgVuyXp-kl;WVXJk4Z)rmZuqAu)hJlXFyfFa?>3~}rlNsP#Xq|-c zBBE8qJFLv_>vU=}2hS!`8TNS%qGZbKXHNI>8eZ~^@=A;7#kMVL$LXmY7t}zUw9gyd z*5|c=RLOb~GB^ALSE?KX7^@)c82F3}o5mV^T{Q6>2H~|Ko2GiZk>p*fxlz{k?2I`j zSJ6o;ah~J(yP3^r&W!J`?v*ZMi*~a5hm4Fi{7qDfD7{dciPD7ip&>7-%<>`eI}tZs zo@$P()|d6g-*4}89C`2;Q>l?rS!oFHKX5(-a%I&wY4C!uurRr_I-5GmW9;obmX<WAwvUM|+7%nGN;gDd8*T0I2{St^z$pZqm-Yx9 z`G8#4JB8$%Z(&~GJRxYb85=3jdEJIPjf7`5^65leQZaTL@to`z&h;FJA&r}Mm5~(9 z)LNXoOCPkEg52j`^;>~rJdW&O%lX<#F}@K_cY81LD$<76;+_fPKnzK+QE0MPYr~)O z$Kty1xZPg2%wCwc;nGNYmNf_VB80u9qB>SDf=CdlaQA!8(mv-W3N2^9rBD~o0 zjXoYBQu#br_vppBo9(?E%nur%=^*wY%kFcC>r>niDCiiwiTC#iB z8P=Z{uWjpjLMzb2$I3hSUKMW)*sg7H9{Vd7>5%-EHBxEo7hUNz6|8!4uR@t!1cS0Z#rX+9YKPMl7~`-CR!t33GmU34v!5 z+$z%us%I-|de3D3g1Zh+A!PR0(_p)PtP0+(_l^1<;M}Ay6usRIjv$vlc{odSM&0XE zc2gZmHCC%Vamp4j*blFe#?gH7F{w_w6u z<*Kr}t)6=Q87Bk4Osp1=cM9_)V0CZdLua&r|MK2~(dRJtU08M@ADRyBrI{V6b&T?A z-w}r*UdJKRnBnNGUq_qyMz33~6q+?=&Ul-qo&3JqFjvbj#NFlrjb!`bF-*Nq=vxtr zKwh$zI(PhyAn}QHqP%u89~C1LabI-fX@JlkhR^i_W0}6xU{}*{AO61GsZ6oaUx#)y zP_7gNR%kM(E!(MK6G3ps6Ue&<_WRGXLa3LC zm<2JD@rxE~xxA5>lW0A}3xfliwKlD^K8tv^<0VRL`A5`~_hRejviOYxR+#Ls5aYEI ze29%~*^uuM@eKY$k-8iMzfRc>CAQLMU{)vQsbe7~!sKz*M!{MAgIO7w`g{Z~sRds)O5ZtSf-Lj3M48EoRHFM#>)(s2! ztpQtKnrL2gJ&qfIWXv2NnnJ%#Y(fYJRrKANSkP;uzDGWcMo%yfL~rTlTb7Vi{@LtK z*zYlLd>*eX;+nP=+P8cY7L*t{P~wu#mT{d`i)Er*xml1A;x(>}ToE3wM4F~aEoBY6 za#+s@ta+A~wu;x;+v$mWZZwAb?)CY)HGX^7P?lin>$D>S?1^~<;AZ$gw7q9olUv&@ ziXb2&q9P(laalk?M7nfrpwgs-k`NG(8ajmD?b1|w?=6tf34|shAT6OKp#@Zg(2)|5 zzMsHyz29~A_rBjg=UjXK$Yml=ne!?0p5q>4+`AGP2}A2Z@CC==?Aam>oGLa7gjN|3 z27ikDWvA;TP^?=&BRK-o^i=9k$Ij ze@V2b-ZUN7@W~LexGCw)MoVG9HS<^_3Stf3j?PUbJB_s4*fa;yuJkf4jTG?5KeZih z?l7vjv-0qiGsc6Qt0f$JV8r{k$uM!a>0yw=#N zWv)hO#@|p}carotp+`(0#r@;9CC2t@ne+F%3Tr+0JT$hezX6#Jk)Pv%`~DlI@p-;a zEE{&D)jJcXs;4tU*E)oX2Wx_)(`2;r)_8yme6hpNa*8?MuXt%em|(EQjwz-S$ll}_ zR!$V30C5WMLM;?0)&QS4>{V>VdvW0%jOP-s{emr6FJXKJATYt(l-2Yq#sxHN+ZFGK zh6tu#R*Q@U#jyK8E>n0e=yBfr!2n{qz3RI~Q8~n&0d}mHaFJu}LX`(AB8+I_t07Xq zrt|t3;-l~{5zGW5D42p(`^Bydiys#+_zkuAoDazM^0TwQEQs}=1p*gIfqc8byxF@U zg6?-`ddnV`Z%e>KD0;~CcJdp zT4NRLa>Pa$OkHeNAoT)OfPAPd9Tht*{;qd-4c6D*dURtX$(^5e zA6?AS;k;+CYnyUBPleBdNqO7GwiEHpZUbN|2t@N+=(F_hgfmO(B)KQaS>Xe1lAseF zWVABS4VK}b(P@$HRW-FbY`li38EbmlYz?L8oZ9CNzQ@6RIn)m|r3RtgQ`}tBo_>YY;dGm0BLvAo= zC?FxZphjh{=ar%LvzZ%t1pk<-z4F`{u94)quF&Hta1U7_RiAA$4a#fl!@~og4}l`X zh4S|#_P^W8swJ(J#hprU+_j(MM}M)AiE+QT*P@U*k_a2H+5PJ9?q5jPvqzC7b|Zn) zHv{`~I*!*P%Lg{Xp3LP6)KRtr^YD-Cr_LG$re8Iv{%ckJ>7>2Bwrw2En<-T7{ynW7 zkIEE)sBqBIZEgF@?D|8Lr2`#}p5)H3?mu2UrG0PjL8Q8zP(=W^)cw`aggR8uD|Rfv z3!{SFN?Dgq)OxSm$dp;P6=?K)&6(zQjXXoHn9NvV0VIjLei}jj+p{pGkvX^iWCVs zywCr{wETYs);$DZ8UWYp(N4hKrW%~P74&`_7ofs+Ip5(H;!Mff!4&g#s{(i&}nvXeG0mAAFV0C394kQt&&{t4Z48RzD@duMV0>E_#uua8D z5)G}5xH}V&FF$BD0O==4Dh|&7{L|r_MnjVc@E3Zl)TM)zQvK_1*01qpMnL|#JE(ts z=de^Ku>HfM!1wIS|CF=6@($qY=$!ti^l;+k|8jL`Fd}$$i79pp0R1MK${ZUY z5D+MoW=u@X?091%iP}@xBZ_r4kT3hMDUnt61aiA?LzlaTMtB5wK`$06M*$|&E&^~8 zLHB#gjw|=w@SRq&)&6s$Hs^q0cqAS;)_Ce)XLEJoGorqc7pdE@Hu;2eGktv+jzk-< zhMgFY`_VdsowHGRU)S+x7-)LbZO`i0r_VL6S+bb83boh-w9>@JK|j2=M3vnY5uVK)?rFxy+=&L62s$N30PG5E)Li4 ztpt=7XLdqb&Nk>f4Z->L{F7FQH=ONYC&`1JkN0O51B+Fp5UVaTT&+~<%VC2yf0)q3 zXY}9fVf1gC-YsvKJ9n_~O_ks(M=<$H&(079X3-ljb#eogwkiWMtk?W*(a35w{?1~0 zN2`K0%3j?gJDA3^KSyqx2L8;k1kNU*yf{T|fYoswZua}L&aQgsT3VB=Nbexbl-Pga z;i1d`IJk`nKuhz@3aJ8(FI?l<>3F$y8~3o&q-(9V6>h=eWae(V zphZV=RSoeXrsR5)OwW0HJ;%91KmTqlKS*a*Q7imavyXo;!#3u~&fbK_LH2~&KO1Q_ z0nHP!*q>>EYZLl0Ro@sud8~MA|ArjgYHPt%#Sw&3F1kFoX}2)}B}19p+JRY6h71~J z9FzFX@Ynn|>Ofl?rqaE$`31^C3F<+X0+9K-2g8dVN6rh1FhIbEci)w7h)IC|%^cf} zK2ahx+!O?YJ8AijHp zqKK;H!cclR@=UWuG&g-P?sVs;J+#m)z1J7d>ne(j=FfF!s#(o(ki9LQ(9a*<{J8!i z!jw{+aV}q7gYrK2iO%)eU^#;!+pM&e=Fb&hDcTYUwu5^jJwZL+#ZyT^;-;#MOm0|z z?g!Y2NQuwfNfsO@N^Y!dH3gi|u|-0vc!T<&Ig_4|J)x_~8*aaOX3wC{(e!<}w;Je} zM@ua{^^#qyXmZAGEZi+*a@39CMR(FlZxG+?^WuHwz`1?8-Nk0^dWbU;D3RQ@m||?j zjS%sfoc=m9?m9&)T+kJGE^NkvfAszAJE!Dq>s<0M9II%`8LeWWPf04^*l*Bi{GA4S zPMWH*Bv}f&zAl)}GfLtmvhuPb`Rb+~J8XoT;a!2}KT_(3+uYs<_wv9lLDTptB;UB6 z?wverqY~;!lfQb6cG5gR2m)HrZ-(huBmRM3uOB$gM98o{B9hXjaC(?@4OaQ=fbvAU zh3FHOKGx`zqcjzvphA6mH3Qx8p7f86eA?}drne{Gcr*syhf}1kKQ6z;-R zij-hny$fCmZME_8; z#X9NKSVzavrwtBUyEe~@FDU8~>$z;nv}OqgXx+%iYg+^xV;+4^oe5ogaw(CaK}gj|l!nj>s2x*68*ZC!d%kFN2^V5j&W+usC) z+C|8=qQ_(<^6YF%U(dxTt(ty^vwEDW5!)YUHRUhg$QPU32;3X=mlQ56(~@arDN=tj z=@4gS2EusVA)1yyRyv;)rVlx|Ofk*mKpW1tg$LF)fNlPg*9qkFIJoVe9>#_@y z(5}g!HW4azFGw9;b{JyHH~IS8=CMw7S=`W#N;2KtRDFK(HDUA^#=^_SlpMI4n{>9D z+bLVhn{*Z%Wz}-br)qDb(C5eg16K7e*K$Q3c}f4&brbZJ4#OwC#gqcF>A)M&bw{YA z%5F#YhY4Ca*7MRj-!<}6``kD7VrrmrCq0w8UN&0GOz`S7)@Fr2U|*^a-%xxJph%Nm zm{i`Op%P*quE7rTmY>-nC)*lLvLZe&-F3zD;dLo(YaY4wrzUxC+;Rv(2)k|77E3FF zc&j2xIx2x_Zw)gmJ_#o0k)5ix?;PH+XWKUuLlX4P2THqI4p$J?*=}Dn*zMr$^RJR5 zKs@EsIq0H}Se>|mo(#7oO&H|9u1iVv85?SY)!+v~olCJ(2~WGsBCH`yHIy-h&oYzK z*7ow-qs-wAU&U9gytlj__mda!aOwMB;H4<|hMeGB+?)rG7d}2p zH($0;NO3Ve3F0{&%&}{hP3`cu;%{n)Lm^_K&6@OIxRL}3E4kToX>Jrv+sJgmE2os{ zPg>=r>=*sMql5yW_YK=e-Dz@X zvv%e0U*We-<`pdOOqxJUVj!zOr4Yw`dI`2_zdKZROn>H>KCx7Qr}55udPXn)&NMFc zPLt4?U@*=R-IcOk(6!ow3EoEajo2FapW}_chN|R;1!$TNG z#e@bz5Z_=O%NTZdIuTD>@!M@47eJd4_7P<6zx0WLrST$*yoNreJ`A9np#2P%WFA+zwP!tL$A5`rd~50 zhtzR|*lfhLtfueS%HT*vuW=y5ULB>S(5+dS3J~KT`}@~J>|ijEfk9qJ$79OU__!kw zN%mA`1F}hN?GL#cDdyy$h;}Nm#XGla^{0ZV6(%=VMKxl;hKx#~CWNhE59xB}8Y@lv z>129818ft_s}ZM0g`x*BGsk}sAWnc}e?)12x-HRjf?H0&!OyH*1u8a*rQaE^*w=M`o-2;c5 z8_560xsiPhG7uK&C++g~Re$%CAn^bNAXB253NOKPOAwO7mx>Te9?>UL74=M$SKvIG z9Tz2^aZlc0IjVn?yc%r=*5ldTAi8&{?yDKnUz9w+^M~~TXymkhhWIalG4X?5Z)`Qj z#0*bED)UC7m?KmvnNz(8AaJh`XEWrHU7+=MF|V@I>HtA;#fZJ>F~=wPg-}7blAp2y zVvHdAx&!`WyI9l;;64FOnY&Ttz#DRh7 zuOGM;Mk{rdc4u(*RMpDE`$<(r@79AO0O1IgkABcTrTmUXKx{D!}ZyIjoVSuMi8XR-X$(3E{@Ic2u;YJtPoAb_5MV_(Lo-NmF9@}x8FQM;|_Z9 zH(Ww9-1WWrH6>4Jw;lUZJUHe$Fvo}g*(XW}RsC5L7{Us^KbQ6Bb3s}m;29nJvv*AO z*C50$U12ZAf7QyN!M`G9BYsjy@-hxfJAG+>>8PpE(D#7TzXJj%yL%q*FO~J88Bwsw z6O#{6YR4KcOmO=9{>DWZ$d2Kj5byro)1H@`&kM%)_clBP*@N)`3rZ7Kk{y6RMti%` zXUds{&#@x~k^Jjvw6dH|;;Y-fv9^7`9)YXcx^9!bR!=$9_Sc{ubyf)2^L#XGMrNcX zIW(kYJsSO4@i$AJCg|ytN!Fs_5url;xv;n5UmE=xPdPq!OsN5HzdivXe=XlA%4*|C7oyKeF=xh-UTruS{b>Pj4ai$^DciCaJhet4Hj7(7#s zDf@)52N-;sJxI~S2QT0YXYI|*AUa`EP+NLJ0?1ojUu9{leZjS}ki4$B(jwhMKR=Xd zu+G~1WV=Ud&;Mxv$7s=Cvbt=%Yq2tkep8TDxho|O@0~~;oI@TN-z$F~S87wPAH#f# z6~#$gk!--JRz+c6#p(uOxffcmEhzrL65f-=Fa)U&K0axvpA~5F>OWva8mb@y{BcawA9h>K+z*K|@K`HNreD z(%2R+FFj|$;Kvt6kQb7XXZ)vM>*Biaxm)RLK9!^42`b*Mi*IE0 zI}>owiKMDT?ykXd^}?!@>*&Yjj{A1Vin;Y0kV*R?^-`=fC)^W0<$uECvJChh?idMI zvZ1u1Fo_HEh~hN^eLohC2Y2&$C1tisnn916WU1Eg9SL<}o{M$LM1LlY4J~Sq`vjKf zlmVgDT>r)j3j(3S6VENz85B zQT3hL0OIiMm=g0q}zsWWB`nA-gKO_yyh ze7^C1;%eB!JEz>y`M#q%(kQ%P@!Tg#x9qD1TbRBPWRB(KyQB?o(tOSKqtI^Gyc@h^ zZgIPPU;2(2n1F>CnMXEYZ}BSFEOI&OYVC9KdS|ju%u$agn^|a^f~jfS+Hpj?)Tz0o ztesDX4q(b0Xw^jhA?DHyr6mLziiT?*j&kwVGweJ-47Jn0KU7)uV7bZFOos`|*)c;)QF z2gwk?+9l*p^hk)^#u{d3*K1eohfK_(x60Jt!td|LIpgDg!8Y8+U;VTm7B1F z#L1<8VCm_Sl^csO@+>s5y<^~iaECT8{3v#P^GXk;^V`{M8MbNGvj z9`?Vs-IWM<>$*hBd4SR2s20u$;FSu9p0Qd2EL>)0Kx2dYxxV#6l`aF~VEFPm>-})9 z$|)v#F;ox6bT;@T3G|=_vE%mRKA!R!<*iB4K zf2{xpkid@+Z8Od~-ZAyp~yF)?5TSj0_hU@_)zI+eZo( z&995q$k^4N?k(ZhJc*9!cZ^vmUlpAfauXE(`e6i;K0!78g7Np`90@m%<(yf% zxF|`-Gm`lrbPb?44F3VT9-u-u*(wnqs7gzV07_Se_lfzXRaSvp8rj7t3$#hoS5^s!tF zB4k`pu3%77O3@mwD0(dCIG10Uc!8i~midm7PjtxO6qyrH)6=>2xQX}p<+CEycjj8V zujJp&>#6m0au_Omd5)S+q_!Xcl5a6Am=$#`Sj6UgAirLdr$wM+7FKcKz{}2KZBsG3j{wE zHS_ii&kpl0%3lFSrA=PY)C4(i6<{p)SW$gef%=!z0Beo-vps4-=kLSO+@)^H6apj* z4w~{M;QJMxJBKqB4b4SuATay*?q4QM+|=){{`K9MljWow3k|Z&ruPyBsO~^|F8Kc+ z)R%M`^Ml;m5+#p-r#2n|#pZq1=L-Om$4E{$5h$D`2Mh#8_D=+yd%!0HKH9$>K8G(r z?ErgnW6=RH)hE#?N-NysZ|{quueq`M_KZ`aG_ED_gOC)(zIikE?IFS>5Pzr}Zs z5=Xyhk%(PQ)(y)VnK4UNHCEGerT%q3mk7wp(8Ig@rwFu zd&zvPFvZa&PN<})s!CIU&$EaGAja-`fUaiufgD!&&CpAe%Q>Nvy%k@|pbSz)d`rll zA5Gqvnb9YnA-;<;a$75~)F&o}PbnogI}NjzJ^Y)u+~B&YO4As1r_u7Z#YPiM7jyYz zN*oUv@kwqoo;>wcxTi*L?}uEj)+p>9+`jQQ`TRn|T0$*J1}k9;e(IfW2GOPbCQ91u zm^${I1WIyK+eIeLPB{okasNIahzBT12$D7Qf5^znqZ6ZhGC>E5oV|xfxW*cQc=T{# zKDE{so8?5Cwulxk7+JxBW2q;i<%8P73QusEl}7`V>jwdCRdtE@LIg*gm(1{~Yd(s- zS|R^rz9t;XZG294(NOs0h?Jgz{M(c)fgR&!f~rE^?~mSLJ-($XrL27Wyf4RBdvJG( zCU0&ebM1G%fcY8kZ>lP6cx{Ncie4bHZTn0>btil>_roxm$<|&Z6WdwdtB=0>DQy1q zV;?rka^8!=mMLG~x)TANwOCJB8p+b;k=eSVoquva_fCVXIWGpWDJST$phA5#jVX_xh;8MS+ z(7hS_E@Y%_m_y@Hl4xNfjyOBpr$z_;rQn(8I4mk$B-b=r;|8~#0W0*{YzmUH1kTRJ zIK5vSDwiLK8PAcPOTEJi3x8CoUXLXdPWikY$l+3QP)%2Bv_XE(OaWZytlMmb&#fk! z^Nfg$d6X`OrkrHk0Ml)_XgjBruTS|VAE?fO)iQVeR)7XeS|DOV>+8U>f>w{q6y-&# z?D`9~QP-|z1$bEb&h&)V6LeODcGHY$sjmuGA!k%}3=xZ$t^E?C1ko)=+riccex3Sa zlv?ino`FToGNVI)bo%ti_^q<}3e%q}#xV-!b2T10WgH9*10qJUV+5XSL{!m}mJUm7 zO*sC?%f8R~ZAfRVQUz|bg!wIhubcaAVy#u%M8`4~9}UUYo_f}ei6@^`6OTMi#%NTF zRnCKJabCj0OgAF2o{@eVBVW7Q`v@;RNa?^uUz?Qr#Cg*JPEILVvC_AN8*dNHvNwYco#=Gur_kO8+VAfRFawN}TLF6T>=Sp2#Iar$lDHPV3O@d)nRN&SjRGe2aOagE?@ z1D|HKNRQEMdD9Kg+>N^YA1M&|<#n~S!R0F0%9g)5KB~w6@I`1-GoiWraaL(posUm8 zJF+m@wWPzr5(Mw5Kp_ZC2s<8E6IKvk-}hNNN{3B}uZk|J>`nS*z#qo8Q%rc|63c~2 zwWp6`?QDOIZ0N**1|JCpuIt%OK7Mc`qRcOa;7y5+ma#q+&g9WSdGqLG>q%k{GHHQh zf3Cvb@{70Ry&vTG;vr9Uoz2g0Xu8JeHhAfq-+aLq)U>_vCs|0!`{p<@<%qv^Tk@=O z4aoy%l;xY=R)Lsg=1ef!_KbFWG+Z@L_U(d&!@FWfpW6`67N(w8%3|8Ru@&GkqL&ch zwu{GXp_GQb3+JV`!rL>9*=3zSY5KS}Ae)v@r5Sg^Wc7;7izCW*eTbS2n{#jAb)TJV zf2}LYN^-XNtQgt;LTh|v+l`kQ=e?n@{VaN6*F43kXi`xWD_%OmP(9)psH5c=+0b2! z4Y#Wpt!Evvcx^ND**{H-n9wT%9U;mW_P6aTi|S{kWIr-w&+(P-f2T^cF)n)c<%L|6 z<1ApXW)5%UI6L&CK(BWEJ(hB&2r$fzT-d@2jc71u*^qfxM=xPcgq?*o0#ifuw1>u9 z1Ffu$8Igm)3wW)5%xn{F%ZI2);}Lh-DDyM179`h@2p5w`#XT?UEiZCq9!73teU_wV zWGXwfnDWN2#t7efCdS^qU(ouIL`_Hg3O#hQ9IlGJoLJk7^)(mXc;UafG;sr0W%eXM zvr5qK`n^X+HD#{gU;dhISkb`fSC$U=DHQ?2UE$j*U2{?!Me?fRb&FG(?zZQnd>i>n zk*`-`qEd1mMKaDZ!Rt9--euz8aMP2{kGwOTpH>bw5e9A(78fl^cQ;%LiBCu zegY6vJJMNrPQ0m@Vd!y}+$g!ZdQ}rg@{V%vuAWAEr6w&h2dNW%JXZRa6RRfpHP%?B z^)OzgspZhE%{dXMytZ^o?Zb>4)~_8g;^y^>z1@I?@ioe;`|b-IbE9GTPzG>!b#DF- z2adUh!I@hc_^j8J7pqZvp&VcArVc~U9{Ieo^w%1qO(;sv zjZVBV(yB;%dz*MREA_WhR;dKp8oj`d-7nQ-t>O|>k8@uV{7@u#3;S^fycCJqy19R{ zbk4@F?n{lC{;g@zrY9rt6tWWTMI;OyWm~&9;-IlUjvaU^>1YfpQgY-ga`Ltf4NR*T zP>mb6ymzUe-F$F+)NmQ9;U0DVXCd+WaxLqPft}jq+Mnxkks1fg@u>P0jt zPU2bFD$}|Ja}r0no!_s9qo2$8XNTM(&l*c>g8>2OVWcC|5KT0Nzb@1>7*Dt8z6}Ca zuJIFEJ=#^E7+Y<8v-g6_=(6nWpaq_+mNyI7%~$xohU|Dn@GggwERJGmM)N-zEL;@} zFXZq3rK-HSc>b>@s#_U3CGx6G(>0LZi{oN zl>_fqou?=AmKmoQTbWnR1_*t>RWL72Wc>VGDL_qY3-aYY@^b5PV%G1Q-GS@wyMrvZ z9iOCmUfve5Kaz(nEZz^lYkhW7o=x5{o%z##6+EV00(BP!*9Pj4@IJbKM-Q_z+j?Dn zIVxju<#=&}@e*p8Pl@!qtw=U~xfHBO&pwCR9uM~+egE86^e!oQGP$6?`EGgB!Z>X) z-J_(Ej{5>`Xn{e0Xi2R+XeR;U(Mog08X*NZV{x+Lk zxaxOa@tuI}8se!3MU$xe5hE|GOkrof)blHi<7{-voSWrIT>S5A?qHT?-+a5)b2VkA z6=n2psc&~=``UZH`-PXcmM_)rhR&b6mH1TIgF@NL+L|U!QTmB53^%TRm`Ef%!zxto zpp?^pMAs&Jv+Tt>e3+c5#0c&Lx2EkCrK(@yRA-#3WA$2c<8INK9qJDpy$>sx8b)n9 zluX9*gT3IE05=T&w8pJ+HdWev=v#|ul9ZCPf|izXc?WUf;=z+dvlB4`|ERdX#w2*MNar2+DaAh3xg8_3%B#Qed}~1;B9Ex?Xcojd!w9>Vlg9+;y9D?%yUpI46M1v zg)t`SVji#fCG8~3G~ISbOlx)6b0d}~{Exf}+|-E)Ffjxhh#*>>JsxXYx#rhcbI(Sx?_4V*M5 z1)J+BsLF|)@o>zq;^%r_J@IUF2|dZ}W;eL~v;{n-Q;MyxS#l{{3|>k!$Ft2@ODuY; zY!1PzjJWM%*kQ8m$BPM*ODdecU)>*ZICx9EeA#d+_sKYypRyzNEHc8dt6Hxs zJX6?4^!v}7TP|WDy!-K>Qf$8n!KK?vlQ9+V7ntr!@l){qM4U8zk`Pcn1%>WeY=rbz zgFr`D$JR@i+>Egl(ngWy{&J+`;7!{YYQ$6U7PWuoo?*fRE}562!l zC@Qe7gMP(e`Rt(ruolis^UK7s24;#VDimGTEZAJr#Rse>a4GKV$*v?I3K8z+=vVQ= zg_pv46!qAfZqg{^3Vk}x!lOuVc#xUFOeg%p-l+eh(}a#rQ}Bd;Sv2QpXRT9S;VjXO-vBLdra`c$OZM9rQmAlLXK}_JEx5$%VO5(vXphUJK|Y9oOh>Intdx%}m<7iq^vK`%d8&-QR4|1|m8_zS9R`3!bco zVh5s-$Adm z2DeH(KcW3#usqMWcu&imbOZo-*6smj8O^KvFMAK2Pd^J@ma+DuWZ<`?b#a0HGhxg}*go zfRX~fp_Ew{JU*Zl##cP*Ci3Kabtj1!Y;n`g)a`Yohp9MYAf!BS)t7~DhrLz+Fr;{M za3EmE@1-Kn5NdZ5?(R3=&0P8$9bIQ#jc+Lq+iFZiC zNI}wytJ~U>GGe+BjDOZpK@~0?#1+uSjDYOk3w56H)uTMtCR)=47FxHPgxk2sb=z)t z0_&-xaJkv@?8#$ayg+o0y+r{cvn>JT!_w7{@GilcO$?9k@r2hCWIB^*wjA zpo0mma+C%ez=rFYjk!SE-#hyxqQhWF)(S=7lvZU>rXod76^@NYnDXA0L2|v=|ArI1 zwYKlC66aSLvT9scg(`xh_>*n(`oF${z^x~bYOIVIZVcYlqT%6=#RP8P9XF(IE>}v=Y-hK%L2QoPE8hJfS~2KV|T3Y9uY3m1Kuc zpYU0C?<{qcxzl#LSd}lZPTaq4by$}aDWg*Fv!O$X)2#AU6<2n&s#q7UuOw)MCtqbc z?;I)>7gNx6u2?{+A8DFz(D=r2y-TqvMpzyN3vwJX&h0j7F%UKwnu5<ZX@#NxPJ zKM5y2Cv%OmPOrH}!>w{U{Fz=b84IErbdz#lzSKNYI(LjmL}dHKLh-fo&K!lw7+GFqEYL8KtgW*@X-WTt8ni6_O~X2PdBrj#woCbH;hi6K@((kFXP=W=M`4?Ex?E6L;zy3 zCg;ZcEfUYMoK&B^2jS-@t{PYj6yF%I>u`8P!8&?kEZZn`IdZRX{bO^E&e$(9akV+# z%}dU)KCbSh8@3TLXm9N1C^YwKBHL{PYsEGa>-3JwctAP!7&`NiGN-sCL0KIFO|7->ZMt z(x{ah*$*9_lx7VzdQCl+)6!xQ20_RRD{4$Sd(Ep~s6rgIk>q^qsGzg!`(_r;N=H3-9 z2s_6k-KCqTsD-KRx&rD?k!ciDkZ5~lprx<`FiU?`2X6*+Xxu(eC!6`{ye6BF6+eEOsv^DL7IQXi54srE8G8k&Uuzwv32~>;e>}FPv$y0;$917*3!SP9Oq)XP{?7s9WAcvdw&sB>C)J z$Yjp-f8Gf%b={cPS~3LjQWDcy&vUQF=q7JIe@#090?8D=Mij#HXW9I9Ksjt;v!rtd zz0jNss7`Gx9QGXg6QDy%nyYt0c(0%(Cb!G7~iMq0o z8b!#VQwo&zPaz|w+d}8pMam$bY(kC<{dzQv5C;v_1#Bgrnrpb?YTTbVubv|Fy-C^Y zM>J!KHw&j7^S&{PL-q(Y#<^bJY=p zr%wOCObH|$gth>KxHJ~&C*19m<2o~S{-u^2ATt7~H zVA8`Y3;`7|N!M~D1CKXt)5PqEhT3&gm7LF0i%pOJM6qf3vK4Yw6a%3Exp%;&&~ZP`~B*jRl#*<=FAMiHi}s z>^AJ6DvxZbaAtVRM(m?P*SpZYgw24q5Q_s6m}X9staKaSPekWe8|Oh=n(6mcqvhFuQ@HFZ z;H>rT-8%_~*|Tzt?&^mDt!1jf(xzBHV7?&hnyn(|xiIi=sex4{<4qj4KQ)x_|HpB5 zeJ8rQp9Yf%Fzzg?^s5AE9;@)sfB~Cl<=5nW=B(=n)IOj9oL;V_H(LR zZXB-LRiGw#WV!xBCfI=wc#?upmwS3e4jw4#$9r1abNW14GbGCV@Sye=wwSI61mP5E@PO zdWD%YpUEyg;J10s0EYBnPm7Ot<^OCKB=JEX@RSD#VSJJxT@`j4XjwmE{yMmFl}Q6z zwc38BaO?`7$o3EI4ugUY8__>$ej3>ifN=9&rME+{3N)GLm=&SnyxoJJaEFa)hYZK% zI>qH5$kot!UR(-#gfULly1|ObLZA-5=kJ zSWzvu^(#6yDdM2_sOg#vx=lvI4cTC!g59o}o0nm%H8@eRwi1iZZuzIz%3|4ChLavg zY?|Ze&A9OSLZ3)ru+-;;GfR~KYp-#gVf?)2GU0)45&cBmL$}n@?Jm8D+PWv9U3CUH zfKT;ZsTJ@#W#Vg&LbeyC_RiB@ALn+$8}_IHB?p#mu8^NS#spg z$urP+i_uW$zg4RZwlB6_t_ErhB)k7Z#PS36B_;jgOVC{5cla#WPoM4~((6egCG&SpLO^QY_!R*!O;sKXTc`KSezF7=Q~my$CAh)=fxLgLln2eEEpro$!IK3IIw zy?xihvblOic({7R^XBPM(ZWR@@@P`HPeHedSVJz6@=86tSJ(lY{!i7$j_DGPFUqe( zd@e|YmO#|*b=RFSIAwQd@?5`c;V<%H#YmssML?VR_nw0W01UL9O}ty{Z6cSB4h`?`pJsd!Cs*HGz2RsU|WjpUs~?=b$O zt&=`al!mGy7O&gF5!^$G^Bz1lwY=`QKy=4CJpqI4%luj;oFBqzuz6fzwzC!>1buoe zxGYEuw(ZS);Ir1NN;P#pY#M5zB^@jfuF9K&1HWAMP&CZZ5D&HV(1r^{%!HEg@x@b4 z(6c}xwAnEiK_l0kg_Wf{F*2ddc}H6dTx&0l7QKlDb<3;7+e76M7oF?g3jI_uaWn|2 z1(o?GCw3uDpy4r`&9hSMa%876At(95Zda?!>i~5~O1OI7gClJGTGW?>bI%s*bVp;K zy)`{{iU`nwiUE!2znCze#kjaVWc_1`d%i4RkhJS&vy-UMt%KVljUzSdbS|hWWPy0* zz64iO`7mb9uWFj`R5nasmF53n82D`ObpQXr_x`sa2C&@hakUk*0&(ayJh#j`;_Nk(rW>j{JjoZ-BnkUoW*YFKc+(bDE zusTl%3eskFiZmKW320TR{du5{QTamrhxWSEE#3mN@q729hiL(-%ob1(Km6OD82E2x zH{bvdxk3Qc;-D$JQU5;?xG4Ynshs*JiS*3p{;LQV`58gZwZ3+_Id%p&l+zn+xBPUx zD))rR{0)r(x5QLY(x#I+K-GzWG|DVBg|f+EAO@kh+UptHV!zWG$#p07L-O$JKy6TG zonk6_bI{xwY}xb^PLais2KVkghY;l4H0YK435-<^HiKEd?olg07>tD}$%}O}#>jC+ zgBp)V*=li1y^>n$_Lt6!9Wi>fl3K0eJ1>c`>@{__{-{~&zI>nL?)Z(@aUVA>19)ml z6CV9hw$o$>15dsE#flvrIT5JOszRTJC;#BqbptmJji|A~l(ks7oKTMGa9>CL>8{Ln zd^IdvfY7SA<<>9K-`r0q{7Y;N<6h$zN3wg4}yFL~4jW7TtEn3TD8 z{jqc)P9w6v@@YCgiYRGnQ?7&bzl*Ulp6>cwyUfgUS^B;H1J+JpK$@DLyW_ewa&%6U zF1&&#SrY)Y{|B3Is%v_`(PbmxoY&2`UC;=nE-7sgWM!ljEzr%N4? zP@p!!Vfz*Zs8vlXCPqWzN%N8mG8&EZW*U&QwS^6X>ZjZi#;UC&7ZRQ7-4mn z6UOXbF|juZ_xowP<~}>^dewgZ07-ZA+-Z5Gbh?Yef>CMc5<2e2>)qtIqdw%;&DO!p zT;wsGTPMloL@Z8QFS+T)mIc13 zjtl4o`?V8?=lazANpw@Q^XJe<-J(%=Ho4rF@R#v&o-uA#TGs|@zg;Aiw;g?OB)9O( zowx4(HghIt>spPwp_B74@)`DX46XG}AKJ>vc0lotznlEbY5mF66vOE=X2U+kFMCgt z+^r4y+`G#s_$N0pMYZ#0wemWP#t!3d;i+HCp(9s)9=iFLf}!4{1cMJvh99rwEZ(t` z;MOnNCd3l|xgTU>!Wg2~vy(Z;zq&hd*hxOaj9!q}23IP8i2=bkSNF=k!Za+`8`Z%} zX_5K3u%-&DI<8R`zq#%edTW^0z{LFmfos7Q4D{HIx3G1a+Tu#>^KQJ3@V(vcfJKd- zQRDpzwCoOV!g2+_U5tVX8}WSAjgFevq~dFB5uW3jP_?>+VEq+L(*GrZS8;n@ycS@h zRkQ*XW2NQr6o6o0Sr&EznoE)5X6h2TEvH}2#;Gs!nfBvX=WDl?A{f~@^@n=e!-@xf z8=n3v+%0Sd>=?=Ea?+()^0iT#XOxFJGc-%c(E6uLB9uXBNhH*qQRVF`P&lfWS8ZeP z*R@-G+W`+`JVv((1Is}_SN>ZJRp+R330JTcx5DRiZcL|2-(>c<&LNlo z?t9-PSZTowD&i(RH z?tyhJ;K}+Az#Iz#&|sR2LpDY)2VKc_cm=1ybC6yIX_9*e8ZmJcl$+Gh$xEnM{^xy9 zbFuPR;hFbxp0!**!YbWoR$fiPjRqIhJ4K2M6?I3O>O-LC4{z3r7(ktK$q+cP%)g3e z&vbbieuw_^#=orpCOXWy-Lwtx)bpkCH%|ex(7}U~9vXTgmpa`j`yQA8Q#*Fc_!8Aj zV&RYQC!Klq^`rLV3FdfU58tBVR->7ZW49_?#q-~Ce#_k7s@2cP1Dwb|il{D+Fq z{8R@1k@S0F|Dm4q|6!_UV|-r-Lf0dyo+Q<+dE^b5Y7?jX_WRIX17OW}kQEVSKP<(T z1<33!72UNyVD&QR*O5a@jzd#6@7C9tex`$JsHL)%;{cyo8*&g9Hr18z2M7l`6EyG# zTLixRCzs~`w)YojTBlJCBNg2S`nZm$6)Rgx6<#bV*rCpr=HcjIi(G}pvY{NAv#>>u zVB-<+vm(uCaeht+)}^vpUYXnOpCl5v&Nc2m1zZ0ygblP{GIc@$&)1(ig24GC<@Z=b zy|VfGUOC~{Cth0|UE-~0Azja`W2Ir0RSvak7V~x1UH_}K>x^o0+qMz00-|(16dQ;L zN)>5>APQ1M>4DHf=ta7Kp$e#oh*E<XkrwH92gG~sdEl>>KWH zWvg45P&Qb8BPQmZjkUOGZ;IA>8AUkMfxhA|>|^~<3l!=1g~i0F9wSN5uwfMmEig-k z>|4`Aw{FR2SWOa|D|8Hk`y(RTXvcr5ID(-ugtael-3V7h<&&lubO-p=##dh(O-pf0 zQ#(bId%p#Fg%-_(R6f|Rtcuik@44XYDLVx-os3(ET{*x1{$X#<*u%86YH3jDU%sUT`^#ETQWPR=H3%ulA6EN-80T4yY zXW%RPDya1ma#{Y$o|_o?QST}9SSxUz`5#aaHQ%t1`ph8IA~S}mm9!WlAD5MNS7LI6 zO^%*>x+^Nf{1wPljqBt~47sk8+>d;9`=hv<*a6ER+RDQYT%3q#^GMvKzOLEmI)%2? zzSx!h{zC0ahp@Ie>Gb%qc1{X(|NC$qg`d$~`2paXi?ctuMM6Z`b?i^7$Qq9CkyUf! z7Qg0^%db^PFf)%3<+e#4{S;S0beMnr+UHU~QRK_=vb(V*DW-DRv0~(#h~i3IKS_!P zJI=bIA1TQo6B1ny$`KU>*S(GIbY`&)>dGQ4mjm+3^;Z;^4mSI~+r|V2FPkupe+}x*p$FG*M zOu@C#L~5ay3gV2@RhdF|-?i_hYjcf@z8kHZg(~t*fDh5GlV|R_bu6~N+3&_hNzM14 z)@rr&Q44p=(H|XiSY)T!+b1vHc`4d;8Va|x0+3M?-2fK?u{qE=>NybCHrbu!hLZBh zyrF8F`Q0U_^oc|s(Dq9)B?vNkQ0-BM zMzV{GAqF%!#$gq=^p;U+++w|&*jP4z)@w`A<&;W8T7V7Lfy$+iJ*b>7HaxE*BIKb!4b}=@lC;4Qp&Quz+!d!3ZnIN_( zCha;|)?kxy4s)u*Sz{j0SwT%;82#~#>~&&`41KTxO$gt)GvaMS)?cfy!EbUKXEyM? zj#B8%I>aqpV8fRoyi8q#E(jK%YM0B2t@4YpUW1La&!!oQ^?GdJL|C5^-&tj~i`&%oj zH%Oz&q_iJ_*SrPBID7p*&=f$OpENY+G+|``GkQwhijBYbV`EGl+7wTC?wqw_s$&N`8Kv~U5k@<_4zfsF^(q{z|0C^yYbx;U>y zS&xdsZ%4o8k>RvsUMv>LfBF8EYj%vP0j6!QfrHSv&d1wf9%+v490!V8Y{KeUpkH~{ z{IxZ&ME&a7PC-eHwR%7Yri?1>5T3c#eGXsxQkxkk*-;V}UH8O`XG3T#US#ki*6*a! zabm4gMe=88-}c6$Cs@;xs!cSytdgQ+wRG_G80STs^^+5G59Ymna4Z!sxP6UGff;Z( z0Jypz`b{`5LWbTdfKG{Omkv!!dl6suk0-$)4(g}gRoT~5+v`Lx#r+M+OJsR>HkLk% z9Ufw9RdWM2N&jRoEIW!>L99Ht`eY|vQt;l=jnHKC@w>3H*YdnWd8MWt^Fw=a5Q!1z8FYhVk zWyi1W!c>or@n)Cv524y4VxMMZq8t8c6``pz@x|}8Dke5oeG#^R;=;N!ZJcr==TZxf zZ2RJiy?8%~Dt~&d?%?d&Dl)SlOo<&vMPZt1)zK z_~X5}lHL#@?agbDL>Cuiu_-ML!f z5aOE@!&)=GS9p#yE^nEqyGrODENAuD#s-@OGLp>um}v2+A+T=lq1$v}UKjIdEY3^y za4dgV((|-9B5Y--Z=)^PAs8iskPbP6*$>c@0#j&!xAuN)cwjXg{^;Go~e~~FX`|2s+;mx=Z zZm?Uk`}z8z%W&P2+}tC>zD+EK*Y`#27LLc@c&v~ zEpX**qd9B>9!5c@J9s74Q*D0P=M*UIHWvoeu^5u`C6voe1zZDg4D}wCA*BO;921OrYF*?-(gg1^ZkjKP3zl)9l8t%ggO>&V~W)=l2QuX z8|R#hrS*PMl?7V=@hFb)bEG3PGItsTIx-5~k!P;{J1AyfM#;EkV9&GXr*gYT+yKl( zQ5`8qCqC#aA9ETAl;X*}H+Z}mX32V#TLtq;_VdS`Vm0v0vp;()>NQf#UtzV(&(+x* zBFY~8VGG^7I?mH(&phI0{I+|qp?ebX<@6rwOlE}~a+T#bvzZM^L?P>mi*DiX%b01W zSr*rAwpE$HHG%V^lT}mQg$<*fou^VnWURAXL&p=Rp`8;Ghoo@rdICQ8VzGB&`_D(F z?cL32ne?LBeOU+5e)}9YcIHY|Y01)tr1)I`Zp9U*n)SmOwPf;44e~Inp1Ihe3gamd zRc`$Vc%n8R<&9Mi%GA&oypq}0U=ZCfb+*7flapu@n6t)?h_4!P>b-3_sF5z2f6+1t zfh}n(ZSI+{J8G2~bj=L6FZ!r%ll=jVhQd^`9~-$Fi}yPH=`CEYkDQJC(@O5`|Exh5 zZZ|g)%rVLrS}#cjT21WFz`zlX9dJ_Vu2QkO4Qv80oigC{4$tpuI9OI*(=oihlN$kl z^9h3hatqEI4l^%(6n{F`FiqoeM5^g4yEnX>Y%1IcK0;fh8#h7X?u@^q;n`EZSc~}O zK6Zp>KXoa2KvneJUX!qa7*Vgve{U&rz)aKKiZuNWV^pwa>%rq;^po;=@}m+S)Ogv; z%A+)-p5wL&W2JCC83(f44ZWd&`?2Jzl5iqT1-a_1hteO-YDRBW&xt9Amo++TC2BNg zF$i!}YK-E@+_Tt}*43!?F9n^Dwi9v2@U%|^LRl&ntK;V8mi14Wmu+oqTt}3`+^2go zS7$b(azRZu+MA+uG4lN8#Jhc5MJgRNdIAGN+6clE-I2pe9PfafjN4+Du5DASkh`*3 z2YLN#cR4w53;Vb|-T!U6L#a)&nd6gC8RY89pN#&yG{SZZG{>|5JB3u~=7up55d2t` zkdl0jZeCtaNl*}mAs4%jiC8>NP@$c<-YYZ%i2DD2>yt%bDF8VNGzf_Ko%JHCrL3)MhSRxoNO4S_yduF*h~0hs=`2zJ^I{?DgpOWxUt zBEJlsls3kQiLGpItXB5h?}B_Rv?WZg;NRj9q@I=#E+4i3Cwfg-tD!`J zfL20LqKi3!i;i7&-|Cx^R%e* zkP2kqW+@N}Pg{3ioDp@K(2^p!tLh=BvN&bD?gwc@dVYF+%=^FGa6BY;DZe6Asdm2^ zQ!6u#(zlFJoTh;&H4SGcwz&~tmSCO$1DhJifd>JfalJcWy!Mwt@@(X*mycWJr^S*4 z=DJ{xZx77f+zm1F`X(MuNi4eOO~n@QK^rNC+D3c>{LRb-|GzMA{jo_nGvHdJ>)1n+ zS?-i&xM2;Elh@g(tP{1x^Mk?MP*Jhg-;?rqVRQFOsrsWl`>A7qRUpcW>R0pRO#=P} DTq2(@ literal 0 HcmV?d00001 From d71cca8254f6be86ec1e5a612362708ade1848db Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 14:04:33 -0800 Subject: [PATCH 10/73] Added new TVM API topics --- .../get-all-recommendations.md | 104 ++++++++++++++++++ .../get-all-vulnerabilities.md | 92 ++++++++++++++++ .../get-machines-by-software.md | 89 +++++++++++++++ .../get-machines-by-vulnerability.md | 88 +++++++++++++++ .../get-recommendation-by-id.md | 93 ++++++++++++++++ .../get-recommendation-machines.md | 81 ++++++++++++++ .../get-recommendation-software.md | 81 ++++++++++++++ .../get-recommendation-vulnerabilities.md | 90 +++++++++++++++ .../get-software-by-id.md | 83 ++++++++++++++ .../get-software-ver-distribution.md | 86 +++++++++++++++ .../microsoft-defender-atp/get-software.md | 84 ++++++++++++++ .../get-vuln-by-software.md | 93 ++++++++++++++++ .../get-vulnerability-by-id.md | 86 +++++++++++++++ 13 files changed, 1150 insertions(+) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-software.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md new file mode 100644 index 0000000000..34c6863e7d --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-recommendations.md @@ -0,0 +1,104 @@ +--- +title: List all recommendations +description: Retrieves a list of all security recommendations affecting the organization. +keywords: apis, graph api, supported apis, get, security recommendations, mdatp tvm api, threat and vulnerability management, threat and vulnerability management api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List all recommendations +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a list of all security recommendations affecting the organization. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information' +Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information' + +## HTTP request +``` +GET /api/recommendations +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the list of security recommendations in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/recommendations +``` + +**Response** + +Here is an example of the response. + + +``` +Content-type: json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations", + "value": [ + { + "id": "va-_-microsoft-_-windows_10", + "productName": "windows_10", + "recommendationName": "Update Windows 10", + "weaknesses": 397, + "vendor": "microsoft", + "recommendedVersion": "", + "recommendationCategory": "Application", + "subCategory": "", + "severityScore": 0, + "publicExploit": true, + "activeAlert": false, + "associatedThreats": [ + "3098b8ef-23b1-46b3-aed4-499e1928f9ed", + "40c189d5-0330-4654-a816-e48c2b7f9c4b", + "4b0c9702-9b6c-4ca2-9d02-1556869f56f8", + "e8fc2121-3cf3-4dd2-9ea0-87d7e1d2b29d", + "94b6e94b-0c1d-4817-ac06-c3b8639be3ab" + ], + "remediationType": "Update", + "status": "Active", + "configScoreImpact": 0, + "exposureImpact": 7.674418604651163, + "totalMachineCount": 37, + "exposedMachinesCount": 7, + "nonProductivityImpactedAssets": 0, + "relatedComponent": "Windows 10" + }, +… +} +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md new file mode 100644 index 0000000000..01869cd89b --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-all-vulnerabilities.md @@ -0,0 +1,92 @@ +--- +title: Get all vulnerabilities +description: Retrieves a list of all the vulnerabilities affecting the organization +keywords: apis, graph api, supported apis, get, vulnerability information, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get all vulnerabilities +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a list of all the vulnerabilities affecting the organization. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information' +Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information' + +## HTTP request +``` +GET /api/vulnerabilities +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the list of vulnerabilities in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Vulnerabilities +``` + +**Response** + +Here is an example of the response. + + +``` +Content-type: json +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities", + "value": [ + { + "id": "CVE-2019-0608", + "name": "CVE-2019-0608", + "description": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the user to interact with content on the website.The update addresses the vulnerability by correcting how Microsoft Browsers parses HTTP responses.", + "severity": "Medium", + "cvssV3": 4.3, + "exposedMachines": 4, + "publishedOn": "2019-10-08T00:00:00Z", + "updatedOn": "2019-12-16T16:20:00Z", + "publicExploit": false, + "exploitVerified": false, + "exploitInKit": false, + "exploitTypes": [], + "exploitUris": [] + }, + { +.. +} +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md new file mode 100644 index 0000000000..dd922cae08 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-software.md @@ -0,0 +1,89 @@ +--- +title: List machines by software +description: Retrieve a list of machines that has this software installed. +keywords: apis, graph api, supported apis, get, list machines, machines list, list machines by software, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List machines by software + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieve a list of machines that has this software installed + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information' +Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information' + +## HTTP request +``` +GET /api/Software/{Id}/machineReferences +``` + +## Request headers + +| Name | Type | Description +|:--------------|:-------|:--------------| +| Authorization | String | Bearer {token}.**Required**. + +## Request body +Empty + +## Response +If successful, this method returns 200 OK and a list of machines with the software installed in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/machineReferences +``` + +**Response** + +Here is an example of the response. + +```json + +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#MachineReferences", + "value": [ + { + "id": "7c7e1896fa39efb0a32a2cf421d837af1b9bf762", + "computerDnsName": "dave_desktop", + "osPlatform": "Windows10", + "rbacGroupId": 9 + }, + { + "id": "7d5cc2e7c305e4a0a290392abf6707f9888fda0d", + "computerDnsName": "jane_PC", + "osPlatform": "Windows10", + "rbacGroupId": 9 + }, +… +} +``` + diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md new file mode 100644 index 0000000000..37a235d516 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machines-by-vulnerability.md @@ -0,0 +1,88 @@ +--- +title: List machines by vulnerability +description: Retrieves a list of machines affected by a vulnerability. +keywords: apis, graph api, supported apis, get, machines list, vulnerable machines, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List machines by vulnerability +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a list of machines affected by a vulnerability. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application |Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information' +Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information' + +## HTTP request +``` +GET /api/vulnerabilities/{cveId}/machineReferences +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the vulnerability information in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/vulnerabilities/CVE-2019-0608/machineReferences +``` + +**Response** + +Here is an example of the response. + + +``` +Content-type: json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences", + "value": [ + { + "id": "235a2e6278c63fcf85bab9c370396972c58843de", + "computerDnsName": "h1mkn_PC", + "osPlatform": "Windows10", + "rbacGroupId": 1268 + }, + { + "id": "afb3f807d1a185ac66668f493af028385bfca184", + "computerDnsName": "chat_Desk ", + "osPlatform": "Windows10", + "rbacGroupId": 410 + } + ] + } +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md new file mode 100644 index 0000000000..86f7eef853 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-by-id.md @@ -0,0 +1,93 @@ +--- +title: Get recommendation by Id +description: Retrieves a security recommendation by its ID. +keywords: apis, graph api, supported apis, get, security recommendation, security recommendation by ID, threat and vulnerability management, threat and vulnerability management api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get recommendation by ID +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a security recommendation by its ID. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information' +Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information' + +## HTTP request +``` +GET /api/recommendations/{id} +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the security recommendations in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome +``` + +**Response** + +Here is an example of the response. + +``` +Content-type: json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations/$entity", + "id": "va-_-google-_-chrome", + "productName": "chrome", + "recommendationName": "Update Chrome", + "weaknesses": 38, + "vendor": "google", + "recommendedVersion": "", + "recommendationCategory": "Application", + "subCategory": "", + "severityScore": 0, + "publicExploit": false, + "activeAlert": false, + "associatedThreats": [], + "remediationType": "Update", + "status": "Active", + "configScoreImpact": 0, + "exposureImpact": 3.9441860465116285, + "totalMachineCount": 6, + "exposedMachinesCount": 5, + "nonProductivityImpactedAssets": 0, + "relatedComponent": "Chrome" +} +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md new file mode 100644 index 0000000000..772dc4e34b --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md @@ -0,0 +1,81 @@ +--- +title: Get recommendation machines +description: Retrieves a list of machines associated with the security recommendation. +keywords: apis, graph api, supported apis, get, security recommendation for vulnerable machines, threat and vulnerability management, threat and vulnerability management api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get recommendation machines +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a list of machines associated with the security recommendation. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information' +Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information' + +## HTTP request +``` +GET /api/recommendations/{id}/machineReferences +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the list of machines associated with the security recommendation. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/machineReferences +``` + +**Response** + +Here is an example of the response. + +``` +Content-type: json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineReferences", + "value": [ + { + "id": "e058770379bc199a9c179ce52a23e16fd44fd2ee", + "computerDnsName": "niw_pc", + "osPlatform": "Windows10", + "rbacGroupId": 2154 + }, +… +} +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md new file mode 100644 index 0000000000..4032adfef3 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md @@ -0,0 +1,81 @@ +--- +title: Get recommendation software +description: Retrieves a security recommendation related to a specific software. +keywords: apis, graph api, supported apis, get, security recommendation, security recommendation for software, threat and vulnerability management, threat and vulnerability management api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get recommendation software +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a security recommendation related to a specific software. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information' +Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information' + +## HTTP request +``` +GET /api/recommendations/{id}/software +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the software associated with the security recommendations in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/software +``` + +**Response** + +Here is an example of the response. + +``` +Content-type: json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Analytics.Contracts.PublicAPI.PublicProductDto", + "id": "google-_-chrome", + "name": "chrome", + "vendor": "google", + "weaknesses": 38, + "publicExploit": false, + "activeAlert": false, + "exposedMachines": 5, + "impactScore": 3.94418621 +} +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md new file mode 100644 index 0000000000..954479aad6 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md @@ -0,0 +1,90 @@ +--- +title: Get recommendation vulnerabilities +description: Retrieves a list of vulnerabilities associated with the security recommendation. +keywords: apis, graph api, supported apis, get, list of vulnerabilities, security recommendation, security recommendation for vulnerabilities, threat and vulnerability management, threat and vulnerability management api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get recommendation vulnerabilities +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a list of vulnerabilities associated with the security recommendation. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information' +Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information' + +## HTTP request +``` +GET /api/recommendations/{id}/vulnerabilities +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK, with the list of vulnerabilities associated with the security recommendation. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/recommendations/va-_-google-_-chrome/vulnerabilities +``` + +**Response** + +Here is an example of the response. + +``` +Content-type: json +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", + "value": [ + { + "id": "CVE-2019-13748", + "name": "CVE-2019-13748", + "description": "Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", + "severity": "Medium", + "cvssV3": 6.5, + "exposedMachines": 0, + "publishedOn": "2019-12-10T00:00:00Z", + "updatedOn": "2019-12-16T12:15:00Z", + "publicExploit": false, + "exploitVerified": false, + "exploitInKit": false, + "exploitTypes": [], + "exploitUris": [] + }, +… +} +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md new file mode 100644 index 0000000000..663bac6747 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-by-id.md @@ -0,0 +1,83 @@ +--- +title: Get software by Id +description: Retrieves a list of exposure scores by machine group. +keywords: apis, graph api, supported apis, get, software, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get software by Id + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves software details by ID + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information' +Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information' + +## HTTP request +``` +GET /api/Software/{Id} +``` + +## Request headers + +| Name | Type | Description +|:--------------|:-------|:--------------| +| Authorization | String | Bearer {token}.**Required**. + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the specified software data in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge +``` + +**Response** + +Here is an example of the response. + +```json + +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Software/$entity", + "id": "microsoft-_-edge", + "name": "edge", + "vendor": "microsoft", + "weaknesses": 467, + "publicExploit": true, + "activeAlert": false, + "exposedMachines": 172, + "impactScore": 2.39947438 +} +``` + diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md new file mode 100644 index 0000000000..39a3275bf2 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software-ver-distribution.md @@ -0,0 +1,86 @@ +--- +title: List software version distribution +description: Retrieves a list of your organization's software version distribution +keywords: apis, graph api, supported apis, get, software version distribution, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List software version distribution + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a list of your organization's software version distribution + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information' +Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information' + +## HTTP request +``` +GET /api/Software/{Id}/distributions +``` + +## Request headers + +| Name | Type | Description +|:--------------|:-------|:--------------| +| Authorization | String | Bearer {token}.**Required**. + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with a list of software distributions data in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/distributions +``` + +**Response** + +Here is an example of the response. + +```json + +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Distributions", + "value": [ + { + "version": "11.0.17134.1039", + "installations": 1, + "vulnerabilities": 11 + }, + { + "version": "11.0.18363.535", + "installations": 750, + "vulnerabilities": 0 + }, +… +} + diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-software.md new file mode 100644 index 0000000000..67bfa09292 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-software.md @@ -0,0 +1,84 @@ +--- +title: List software +description: Retrieves a list of software inventory +keywords: apis, graph api, supported apis, get, list, file, information, software inventory, threat & vulnerability management api, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List software inventory API +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves the organization software inventory + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application |Software.Read.All | 'Read Threat and Vulnerability Management Software information' +Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information' + +## HTTP request +``` +GET /api/Software +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the software inventory in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Software +``` + +**Response** + +Here is an example of the response. + + +``` +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Software", + "value": [ + { + "id": "microsoft-_-edge", + "name": "edge", + "vendor": "microsoft", + "weaknesses": 467, + "publicExploit": true, + "activeAlert": false, + "exposedMachines": 172, + "impactScore": 2.39947438 + }, +…. +} \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md new file mode 100644 index 0000000000..6984c10ec6 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-vuln-by-software.md @@ -0,0 +1,93 @@ +--- +title: List vulnerabilities by software +description: Retrieve a list of vulnerabilities in the installed software. +keywords: apis, graph api, supported apis, get, vulnerabilities list, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List vulnerabilities by software + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieve a list of vulnerabilities in the installed software. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Software.Read.All | 'Read Threat and Vulnerability Management Software information' +Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information' + +## HTTP request +``` +GET /api/Software/{Id}/vulnerabilities +``` + +## Request headers + +| Name | Type | Description +|:--------------|:-------|:--------------| +| Authorization | String | Bearer {token}.**Required**. + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with a a list of vulnerabilities exposed by the specified software. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Software/microsoft-_-edge/vulnerabilities +``` + +**Response** + +Here is an example of the response. + +```json + +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", + "value": [ + { + "id": "CVE-2017-0140", + "name": "CVE-2017-0140", + "description": "A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins. The vulnerability allows Microsoft Edge to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.The security update addresses the vulnerability by modifying how affected Microsoft Edge handles different-origin requests.", + "severity": "Medium", + "cvssV3": 4.2, + "exposedMachines": 1, + "publishedOn": "2017-03-14T00:00:00Z", + "updatedOn": "2019-10-03T00:03:00Z", + "publicExploit": false, + "exploitVerified": false, + "exploitInKit": false, + "exploitTypes": [], + "exploitUris": [] + }, + +… +} +``` + diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md new file mode 100644 index 0000000000..f87c04ae43 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-vulnerability-by-id.md @@ -0,0 +1,86 @@ +--- +title: Get vulnerability by Id +description: Retrieves vulnerability information by its ID. +keywords: apis, graph api, supported apis, get, vulnerability information, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get vulnerability by ID +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves vulnerability information by its ID. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information' +Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information' + +## HTTP request +``` +GET /api/vulnerabilities/{cveId} +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the vulnerability information in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/Vulnerabilities/CVE-2019-0608 +``` + +**Response** + +Here is an example of the response. + +``` +Content-type: json +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#Vulnerabilities/$entity", + "id": "CVE-2019-0608", + "name": "CVE-2019-0608", + "description": "A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries. The specially crafted website could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services.To exploit the vulnerability, the user must click a specially crafted URL. In an email attack scenario, an attacker could send an email message containing the specially crafted URL to the user in an attempt to convince the user to click it.In a web-based attack scenario, an attacker could host a specially crafted website designed to appear as a legitimate website to the user. However, the attacker would have no way to force the user to visit the specially crafted website. The attacker would have to convince the user to visit the specially crafted website, typically by way of enticement in an email or instant message, and then convince the user to interact with content on the website.The update addresses the vulnerability by correcting how Microsoft Browsers parses HTTP responses.", + "severity": "Medium", + "cvssV3": 4.3, + "exposedMachines": 4, + "publishedOn": "2019-10-08T00:00:00Z", + "updatedOn": "2019-12-16T16:20:00Z", + "publicExploit": false, + "exploitVerified": false, + "exploitInKit": false, + "exploitTypes": [], + "exploitUris": [] +} +``` From 0218a6ca9fe3f9ed025fac09d1ccf367e047ca8a Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 14:51:26 -0800 Subject: [PATCH 11/73] Added TVM API --- .../threat-protection/microsoft-defender-atp/preview.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md index c06d033182..b5bc9edc17 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md @@ -43,6 +43,8 @@ Turn on the preview experience setting to be among the first to try upcoming fea ## Preview features The following features are included in the preview release: +- [Threat & Vulnerability Management API support](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list)
Run Threat & Vulnerability Management-related API calls such as get your organization's threat exposure score or device secure score, software and machine vulnerability inventory, software version distribution, machine vulnerability information, security recommandation information. + - [Threat & Vulnerability supported operating systems and platforms](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os)
Ensure that you meet the operating system or platform requisites for Threat & Vulnerability Management so the activities in your devices are properly accounted for. Threat & Vulnerability Management supports Windows 7, Windows 10 1607-1703, Windows 10 1709+, Windows Server 2008R2, Windows Server 2012R2, Windows Server 2016, Windows Server 2019. - [Threat & Vulnerability Management role-based access controls](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
You can now use the new permissions to allow maximum flexibility to create SecOps-oriented roles, Threat & Vulnerability Management-oriented roles, or hybrid roles so only authorized users are accessing specific data to do their task. You can also achieve even further granularity by specifying whether a Threat & Vulnerability Management role can only view vulnerability-related data, or can create and manage remediation and exceptions. From 2f0a51cdd0b644c2f906ba30d92e03a72be08888 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 14:53:17 -0800 Subject: [PATCH 12/73] Added TVM API updates --- .../microsoft-defender-atp/exposed-apis-list.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md index c91de23386..8c836888bb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list.md @@ -57,6 +57,10 @@ Machines | Run API calls such as get machines, get machines by ID, information a Machine Actions | Run API call such as Isolation, Run anti-virus scan and more. Indicators | Run API call such as create Indicator, get Indicators and delete Indicators. Users | Run API calls such as get user related alerts and user related machines. +Score | Run API calls such as get exposure score or get device secure score. +Software | Run API calls such as list vulnerabilities by software. +Vulnerability | Run API calls such as list machines by vulnerability. +Recommendation | Run API calls such as Get recommendation by Id. ## Related topic - [Microsoft Defender ATP APIs](apis-intro.md) From 3e3f11677650c357e737dea21639ad9b7f40177f Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 15:14:52 -0800 Subject: [PATCH 13/73] Added TVM API updates --- .../threat-protection/microsoft-defender-atp/machine.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index a4227c1113..9c68f4125d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -28,6 +28,9 @@ Method|Return Type |Description [Get machine](get-machine-by-id.md) | [machine](machine.md) | Get a [machine](machine.md) by its identity. [Get logged on users](get-machine-log-on-users.md) | [user](user.md) collection | Get the set of [User](user.md) that logged on to the [machine](machine.md). [Get related alerts](get-machine-related-alerts.md) | [alert](alerts.md) collection | Get the set of [alert](alerts.md) entities that were raised on the [machine](machine.md). +[Get installed software](get-installed-software.md) | [Software](software.md) collection | Retrieves a list of software inventory in your organization. +[Get discovered vulnerabilities](get-discovered-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. +[Get security recommendations](get-security-recommendation.md) | [Recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. [Add or Remove machine tags](add-or-remove-machine-tags.md) | [machine](machine.md) | Add or Remove tag to a specific machine. [Find machines by IP](find-machines-by-ip.md) | [machine](machine.md) collection | Find machines seen with IP. @@ -50,3 +53,4 @@ rbacGroupName | String | RBAC Group Name. riskScore | Nullable Enum | Risk score as evaluated by Microsoft Defender ATP. Possible values are: 'None', 'Low', 'Medium' and 'High'. aadDeviceId | Nullable Guid | AAD Device ID (when [machine](machine.md) is Aad Joined). machineTags | String collection | Set of [machine](machine.md) tags. +exposureLevel | Nullable Enum | Exposure level as evaluated by Microsoft Defender ATP. Possible values are: 'None', 'Low', 'Medium' and 'High'. From c3e3a1371041006e50653c3b157b5636724e84cb Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 15:15:29 -0800 Subject: [PATCH 14/73] Added pre rel statement --- .../security/threat-protection/microsoft-defender-atp/machine.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index 9c68f4125d..304e43abbd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -20,6 +20,7 @@ ms.topic: article **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +[!include[Prerelease information](../../includes/prerelease.md)] ## Methods Method|Return Type |Description From 4555f820e4f70b9ee3b4449e5f0f8be938582f09 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 15:30:35 -0800 Subject: [PATCH 15/73] Added new topics for TVM API --- .../get-device-secure-score.md | 85 +++++++++++++++++ .../get-exposure-score.md | 91 ++++++++++++++++++ .../get-machine-group-exposure-score.md | 94 +++++++++++++++++++ .../microsoft-defender-atp/recommendation.md | 57 +++++++++++ .../microsoft-defender-atp/score.md | 75 +++++++++++++++ .../microsoft-defender-atp/software.md | 45 +++++++++ .../microsoft-defender-atp/vulnerability.md | 48 ++++++++++ 7 files changed, 495 insertions(+) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/recommendation.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/score.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/software.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/vulnerability.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md new file mode 100644 index 0000000000..7a81fe0182 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md @@ -0,0 +1,85 @@ +--- +title: Get Device Secure score +description: Retrieves the organizational device secure score. +keywords: apis, graph api, supported apis, get, alerts, recent +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get Device Secure score + +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +Retrieves the organizational device secure score. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Score.Read.Alll | 'Read Threat and Vulnerability Management score' +Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability Management score' + +## HTTP request +``` +GET /api/configurationScore +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK, with the with device secure score data in the response body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/configurationScore +``` + +[!include[Improve request performance](improve-request-performance.md)] + + +**Response** + +Here is an example of the response. + +>[!NOTE] +>The response list shown here may be truncated for brevity. + + +```json +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ConfigurationScore/$entity", + "time": "2019-12-03T09:15:58.1665846Z", + "score": 340, + "rbacGroupId": null +} +``` + +## Related topics +- [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md new file mode 100644 index 0000000000..2ce5adf1e0 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md @@ -0,0 +1,91 @@ +--- +title: Get exposure score +description: Retrieves the organizational exposure score. +keywords: apis, graph api, supported apis, get, exposure score, organizational exposure score +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get exposure score + +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +Retrieves the organizational exposure score. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Score.Read.All | 'Read Threat and Vulnerability Management score' +Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability Management score' + + +## HTTP request +``` +GET /api/exposureScore +``` + +## Optional query parameters +Method supports $top, $select, $filter, $expand and $skip query parameters. +
$expand is available on Files, IPs and Domains. e.g. $expand=files,domains + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK, with the exposure data in the response body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/exposureScore +``` + +[!include[Improve request performance](improve-request-performance.md)] + + +**Response** + +Here is an example of the response. + +>[!NOTE] +>The response list shown here may be truncated for brevity. + + +```json +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore/$entity", + "time": "2019-12-03T07:23:53.280499Z", + "score": 33.491554051195706, + "rbacGroupId": null +} + +``` + +## Related topics +- [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md new file mode 100644 index 0000000000..42995a2265 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md @@ -0,0 +1,94 @@ +--- +title: List exposure score by machine group +description: Retrieves a list of exposure scores by machine group. +keywords: apis, graph api, supported apis, get, exposure score, machine group, machine group exposure score +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# List exposure score by machine group + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +Retrieves a collection of alerts related to a given domain address. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | Score.Read.All | 'Read Threat and Vulnerability Management score' +Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability Management score' + +## HTTP request +``` +GET /api/exposureScore/ByMachineGroups +``` + +## Request headers + +| Name | Type | Description +|:--------------|:-------|:--------------| +| Authorization | String | Bearer {token}.**Required**. + +## Request body +Empty + +## Response +If successful, this method returns 200 OK, with a list of exposure score per machine group data in the response body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/exposureScore/ByMachineGroups +``` + +**Response** + +Here is an example of the response. + +```json + +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore", + "value": [ + { + "time": "2019-12-03T09:51:28.214338Z", + "score": 41.38041766305988, + "rbacGroupId": 10 + }, + { + "time": "2019-12-03T09:51:28.2143399Z", + "score": 37.403726933165366, + "rbacGroupId": 11 + }, + { + "time": "2019-12-03T09:51:28.2143407Z", + "score": 26.390921344426033, + "rbacGroupId": 9 + }, + { + "time": "2019-12-03T09:51:28.2143414Z", + "score": 23.58823563070858, + "rbacGroupId": 5 + } + ] +} +``` \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md new file mode 100644 index 0000000000..c9dfd44b5f --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -0,0 +1,57 @@ +--- +title: Recommendation methods and properties +description: Retrieves top recent alerts. +keywords: apis, graph api, supported apis, get, alerts, recent +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Recommendation resource type + +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +## Methods +Method |Return Type |Description +:---|:---|:--- +[List all recommendations](get-all-recommendations.md) | Recommendation collection | +[Get recommendation by Id](get-recommendation-by-id.md) | Recommendation | +[Get recommendation software](get-recommendation-software.md)| [Software](software.md) | +[Get recommendation machines](get-recommendation-machines.md)|MachineRef collection | +[Get recommendation vulnerabilities](get-recommendation-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | + + +## Properties +Property | Type | Description +:---|:---|:--- +id | String | +productName | String | +recommendationName | String | +Weaknesses | Long | +Vendor | String | +recommendedVersion | String | +recommendationCategory | String | +subCategory | String | +severityScore | Double | +publicExploit | Boolean | +activeAlert | Boolean | +associatedThreats | String collection | +remediationType | String | +Status | String | Enum +configScoreImpact | Double | +exposureImpacte | Double| +totalMachineCount | Long | +exposedMachinesCount | Long | +nonProductivityImpactedAssets | Long | +relatedComponent | String | diff --git a/windows/security/threat-protection/microsoft-defender-atp/score.md b/windows/security/threat-protection/microsoft-defender-atp/score.md new file mode 100644 index 0000000000..06f002a203 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/score.md @@ -0,0 +1,75 @@ +--- +title: Score methods and properties +description: Retrieves your organization's exposure score, device secure score, and exposure score by machine group +keywords: apis, graph api, supported apis, score, exposure score, device secure score, exposure score by machine group +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Score resource type + +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +## Methods +Method |Return Type |Description +:---|:---|:--- +[Get exposure score](get-exposure-score.md) | [Score](score.md) | Get the organizational exposure score. +[Get device secure score](get-device-secure-score.md) | [Score](score.md) | Get the organizational device secure score. +[List exposure score by machine group](get-machine-group-exposure-score.md)| [Score](score.md) | List scores by machine group. + + +## Properties +Property | Type | Description +:---|:---|:--- +Score | Double | The current score. +Time | DateTime | The date and time in which the call for this API was made. +RbacGroupId | Nullable Int | RBAC Group ID. + + +### Response example for getting machine groups score: + +``` +GET https://api.securitycenter.windows.com/api/exposureScore/byMachineGroups +``` + +```json +{ + "@odata.context": "https://api-us.securitycenter.windows.com/api/$metadata#ExposureScore", + "value": [ + { + "time": "2019-12-03T07:26:49.9376328Z", + "score": 41.38041766305988, + "rbacGroupId": 10 + }, + { + "time": "2019-12-03T07:26:49.9376375Z", + "score": 23.58823563070858, + "rbacGroupId": 5 + }, + { + "time": "2019-12-03T07:26:49.9376382Z", + "score": 37.403726933165366, + "rbacGroupId": 11 + }, + { + "time": "2019-12-03T07:26:49.9376388Z", + "score": 26.323200116475423, + "rbacGroupId": 9 + } + ] +} + + +``` diff --git a/windows/security/threat-protection/microsoft-defender-atp/software.md b/windows/security/threat-protection/microsoft-defender-atp/software.md new file mode 100644 index 0000000000..36aba64d20 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/software.md @@ -0,0 +1,45 @@ +--- +title: Software methods and properties +description: Retrieves top recent alerts. +keywords: apis, graph api, supported apis, get, alerts, recent +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Software resource type + +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +## Methods +Method |Return Type |Description +:---|:---|:--- +[List software](get-software.md) | Software collection | List the organizational software inventory. +[Get software by Id](get-software-by-id.md) | Software | Get a specific software by its software ID. +[List software version distribution](get-software-ver-distribution.md)| Distribution collection | List software version distribution by software ID. +[List machines by software](get-machines-by-software.md)| MachineRef collection | Retrieve a list of machines that are associated with the software ID. +[List vulnerabilities by software](get-vuln-by-software.md) | [Vulnerability](vulnerability.md) collection | Retrieve a list of vulnerabilities associated with the software ID. + +## Properties +Property | Type | Description +:---|:---|:--- +id | String | +Name | String | +Vendor | String | +Weaknesses | Long | +publicExploit | Boolean | +activeAlert | Boolean | +exposedMachines | Long | +impactScore | Double | + diff --git a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md new file mode 100644 index 0000000000..3be61d9006 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md @@ -0,0 +1,48 @@ +--- +title: Vulnerability methods and properties +description: Retrieves vulnerability information +keywords: apis, graph api, supported apis, get, vulnerability +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Vulnerability resource type + +**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +## Methods +Method |Return Type |Description +:---|:---|:--- +[Get all vulnerabilities](get-all-vulnerabilities.md) | Vulnerability collection | +[Get vulnerability by Id](get-vulnerability-by-id.md) | Vulnerability | +[List machines by vulnerability](get-machines-by-vulnerability.md)| MachineRef collection | Retrieve a list of machines that are associated with the vulnerability ID + + +## Properties +Property | Type | Description +:---|:---|:--- +id | String | +Name | String | +Description | String | +Severity | String | +cvssV3 | Double | +exposedMachines | Long | +publishedOn | DateTime | +updatedOn | DateTime | +publicExploit | Boolean | +exploitVerified | Boolean | +exploitInKit | Boolean | +exploitTypes | String collection | +exploitUris | String collection | From 50f256b8ff4452751800c2765d732d9d72462ebc Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 15:47:18 -0800 Subject: [PATCH 16/73] Update get-device-secure-score.md --- .../microsoft-defender-atp/get-device-secure-score.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md index 7a81fe0182..d2f1bb53f5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md @@ -61,9 +61,6 @@ Here is an example of the request. GET https://api.securitycenter.windows.com/api/configurationScore ``` -[!include[Improve request performance](improve-request-performance.md)] - - **Response** Here is an example of the response. @@ -82,4 +79,4 @@ Here is an example of the response. ``` ## Related topics -- [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md) \ No newline at end of file +- [OData queries with Microsoft Defender ATP](exposed-apis-odata-samples.md) From 3ca2208e18c820f3d4a17169a5e5e2c3d8c845dd Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 15:47:58 -0800 Subject: [PATCH 17/73] Update get-exposure-score.md --- .../microsoft-defender-atp/get-exposure-score.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md index 2ce5adf1e0..b71e4ee8ec 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md @@ -66,9 +66,6 @@ Here is an example of the request. GET https://api.securitycenter.windows.com/api/exposureScore ``` -[!include[Improve request performance](improve-request-performance.md)] - - **Response** Here is an example of the response. From f6c235d9a57adfbe729be5f1b0a1766beec6b689 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 15:54:44 -0800 Subject: [PATCH 18/73] Update machine.md --- .../threat-protection/microsoft-defender-atp/machine.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index 304e43abbd..99a215e8c1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -29,9 +29,9 @@ Method|Return Type |Description [Get machine](get-machine-by-id.md) | [machine](machine.md) | Get a [machine](machine.md) by its identity. [Get logged on users](get-machine-log-on-users.md) | [user](user.md) collection | Get the set of [User](user.md) that logged on to the [machine](machine.md). [Get related alerts](get-machine-related-alerts.md) | [alert](alerts.md) collection | Get the set of [alert](alerts.md) entities that were raised on the [machine](machine.md). -[Get installed software](get-installed-software.md) | [Software](software.md) collection | Retrieves a list of software inventory in your organization. -[Get discovered vulnerabilities](get-discovered-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. -[Get security recommendations](get-security-recommendation.md) | [Recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. +[Get installed software](get-software.md) | [Software](software.md) collection | Retrieves a list of software inventory in your organization. +[Get discovered vulnerabilities](get-all-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. +[Get security recommendations](get-all-recommendation.md) | [Recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. [Add or Remove machine tags](add-or-remove-machine-tags.md) | [machine](machine.md) | Add or Remove tag to a specific machine. [Find machines by IP](find-machines-by-ip.md) | [machine](machine.md) collection | Find machines seen with IP. From 7cb440f17418effaa820a15a90cc10732c5b18c8 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 15:58:02 -0800 Subject: [PATCH 19/73] Added descriptions --- .../threat-protection/microsoft-defender-atp/vulnerability.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md index 3be61d9006..f024339c3e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md +++ b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md @@ -25,8 +25,8 @@ ms.topic: article ## Methods Method |Return Type |Description :---|:---|:--- -[Get all vulnerabilities](get-all-vulnerabilities.md) | Vulnerability collection | -[Get vulnerability by Id](get-vulnerability-by-id.md) | Vulnerability | +[Get all vulnerabilities](get-all-vulnerabilities.md) | Vulnerability collection | Retrieves a list of all the vulnerabilities affecting the organization +[Get vulnerability by Id](get-vulnerability-by-id.md) | Vulnerability | Retrieves vulnerability information by its ID [List machines by vulnerability](get-machines-by-vulnerability.md)| MachineRef collection | Retrieve a list of machines that are associated with the vulnerability ID From d030104010b31f5ce85f03043acaee902fe1f3bd Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:00:26 -0800 Subject: [PATCH 20/73] Added descriptions --- .../microsoft-defender-atp/recommendation.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index c9dfd44b5f..ea8cfbf381 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -25,11 +25,11 @@ ms.topic: article ## Methods Method |Return Type |Description :---|:---|:--- -[List all recommendations](get-all-recommendations.md) | Recommendation collection | -[Get recommendation by Id](get-recommendation-by-id.md) | Recommendation | -[Get recommendation software](get-recommendation-software.md)| [Software](software.md) | -[Get recommendation machines](get-recommendation-machines.md)|MachineRef collection | -[Get recommendation vulnerabilities](get-recommendation-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | +[List all recommendations](get-all-recommendations.md) | Recommendation collection | Retrieves a list of all security recommendations affecting the organization +[Get recommendation by Id](get-recommendation-by-id.md) | Recommendation | Retrieves a security recommendation by its ID +[Get recommendation software](get-recommendation-software.md)| [Software](software.md) | Retrieves a security recommendation related to a specific software +[Get recommendation machines](get-recommendation-machines.md)|MachineRef collection | Retrieves a list of machines associated with the security recommendation +[Get recommendation vulnerabilities](get-recommendation-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | Retrieves a list of vulnerabilities associated with the security recommendation ## Properties From 85fe93712636fca7b17cf9e1354d39f636335eaf Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:01:53 -0800 Subject: [PATCH 21/73] Update recommendation.md --- .../threat-protection/microsoft-defender-atp/recommendation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index ea8cfbf381..2e38f54fca 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -48,7 +48,7 @@ publicExploit | Boolean | activeAlert | Boolean | associatedThreats | String collection | remediationType | String | -Status | String | Enum +Status | Enum | Recommendation exception status. Possible values are: “Active” and “Exception” configScoreImpact | Double | exposureImpacte | Double| totalMachineCount | Long | From 9f7a62f14ba66223605a1eb4b11886c49305e4d4 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:06:25 -0800 Subject: [PATCH 22/73] Update get-exposure-score.md --- .../microsoft-defender-atp/get-exposure-score.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md index b71e4ee8ec..fadf3a064a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md @@ -38,10 +38,6 @@ Delegated (work or school account) | Score.Read | 'Read Threat and Vulnerability GET /api/exposureScore ``` -## Optional query parameters -Method supports $top, $select, $filter, $expand and $skip query parameters. -
$expand is available on Files, IPs and Domains. e.g. $expand=files,domains - ## Request headers Name | Type | Description From c6210ba9ef8a75be5cba467926fd670ada08ca4a Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:23:43 -0800 Subject: [PATCH 23/73] Added TVM API topics --- windows/security/threat-protection/TOC.md | 28 +++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index a483760fe8..e754cac2b3 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -435,6 +435,34 @@ ####### [Get user related alerts](microsoft-defender-atp/get-user-related-alerts.md) ####### [Get user related machines](microsoft-defender-atp/get-user-related-machines.md) +###### [Score]() +####### [Score methods and properties](microsoft-defender-atp/score.md) +####### [List exposure score by machine group](microsoft-defender-atp/get-machine-group-exposure-score.md) +####### [Get exposure score](microsoft-defender-atp/get-exposure-score.md) +####### [Get device secure score](microsoft-defender-atp/get-device-secure-score.md) + +###### [Software]() +####### [Software methods and properties](microsoft-defender-atp/software.md) +####### [List software](get-software.md) +####### [Get software by Id](get-software-by-id.md) +####### [List software version distribution](get-software-ver-distribution.md) +####### [List machines by software](get-machines-by-software.md) +####### [List vulnerabilities by software](get-vuln-by-software.md) + +###### [Vulnerability]() +####### [Vulnerability methods and properties](microsoft-defender-atp/vulnerability.md) +####### [Get all vulnerabilities](get-all-vulnerabilities.md) +####### [Get vulnerability by Id](get-vulnerability-by-id.md) +####### [List machines by vulnerability](get-machines-by-vulnerability.md) + +###### [Recommendation]() +####### [Recommendation methods and properties](microsoft-defender-atp/recommendation.md) +####### [List all recommendations](get-all-recommendations.md) +####### [Get recommendation by Id](get-recommendation-by-id.md) +####### [Get recommendation by software](get-recommendation-software.md) +####### [Get recommendation by machines](get-recommendation-machines.md) +####### [Get recommendation by vulnerabilities](get-recommendation-vulnerabilities.md) + ##### [How to use APIs - Samples]() ###### [Microsoft Flow](microsoft-defender-atp/api-microsoft-flow.md) ###### [Power BI](microsoft-defender-atp/api-power-bi.md) From 9ce89bfd00b09866c447fb98304751ecc86f6cba Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:34:24 -0800 Subject: [PATCH 24/73] Update machine.md --- .../threat-protection/microsoft-defender-atp/machine.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index 99a215e8c1..5ae61b0e70 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -31,7 +31,7 @@ Method|Return Type |Description [Get related alerts](get-machine-related-alerts.md) | [alert](alerts.md) collection | Get the set of [alert](alerts.md) entities that were raised on the [machine](machine.md). [Get installed software](get-software.md) | [Software](software.md) collection | Retrieves a list of software inventory in your organization. [Get discovered vulnerabilities](get-all-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. -[Get security recommendations](get-all-recommendation.md) | [Recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. +[Get security recommendations](get-all-recommendations.md) | [Recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. [Add or Remove machine tags](add-or-remove-machine-tags.md) | [machine](machine.md) | Add or Remove tag to a specific machine. [Find machines by IP](find-machines-by-ip.md) | [machine](machine.md) collection | Find machines seen with IP. From 576d40493fc63dda1a05f074d0983f09fd96446d Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:35:01 -0800 Subject: [PATCH 25/73] Update machine.md --- .../threat-protection/microsoft-defender-atp/machine.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index 5ae61b0e70..a488cd488b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -29,9 +29,9 @@ Method|Return Type |Description [Get machine](get-machine-by-id.md) | [machine](machine.md) | Get a [machine](machine.md) by its identity. [Get logged on users](get-machine-log-on-users.md) | [user](user.md) collection | Get the set of [User](user.md) that logged on to the [machine](machine.md). [Get related alerts](get-machine-related-alerts.md) | [alert](alerts.md) collection | Get the set of [alert](alerts.md) entities that were raised on the [machine](machine.md). -[Get installed software](get-software.md) | [Software](software.md) collection | Retrieves a list of software inventory in your organization. -[Get discovered vulnerabilities](get-all-vulnerabilities.md) | [Vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. -[Get security recommendations](get-all-recommendations.md) | [Recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. +[Get installed software](get-software.md) | [software](software.md) collection | Retrieves a list of software inventory in your organization. +[Get discovered vulnerabilities](get-all-vulnerabilities.md) | [vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. +[Get security recommendations](get-all-recommendations.md) | [recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. [Add or Remove machine tags](add-or-remove-machine-tags.md) | [machine](machine.md) | Add or Remove tag to a specific machine. [Find machines by IP](find-machines-by-ip.md) | [machine](machine.md) collection | Find machines seen with IP. From d7de8b4d66cbd49980bd4dfe4b095ce41be237e8 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:35:49 -0800 Subject: [PATCH 26/73] Added pre rel info --- .../threat-protection/microsoft-defender-atp/software.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/software.md b/windows/security/threat-protection/microsoft-defender-atp/software.md index 36aba64d20..5d4dd015b2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/software.md @@ -22,6 +22,8 @@ ms.topic: article - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Prerelease information](../../includes/prerelease.md)] + ## Methods Method |Return Type |Description :---|:---|:--- From fb05538330bcadabacbe2ed30abc4854133b88c6 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:36:34 -0800 Subject: [PATCH 27/73] Added pre rel info --- .../threat-protection/microsoft-defender-atp/vulnerability.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md index f024339c3e..1ab9f93f8a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md +++ b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md @@ -22,6 +22,8 @@ ms.topic: article - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Prerelease information](../../includes/prerelease.md)] + ## Methods Method |Return Type |Description :---|:---|:--- From 66291fb62ada8b1c4c8e3a6f628cd580b77d1f54 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:37:03 -0800 Subject: [PATCH 28/73] Added pre rel info --- .../threat-protection/microsoft-defender-atp/recommendation.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index 2e38f54fca..b5169fbe69 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -22,6 +22,8 @@ ms.topic: article - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Prerelease information](../../includes/prerelease.md)] + ## Methods Method |Return Type |Description :---|:---|:--- From bb15be19a76bebd5c0724a0c2237ca2c49adc353 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 7 Jan 2020 16:42:16 -0800 Subject: [PATCH 29/73] Updated file paths for TVM API topics --- windows/security/threat-protection/TOC.md | 26 +++++++++++------------ 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index e754cac2b3..1d0ce5d117 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -443,25 +443,25 @@ ###### [Software]() ####### [Software methods and properties](microsoft-defender-atp/software.md) -####### [List software](get-software.md) -####### [Get software by Id](get-software-by-id.md) -####### [List software version distribution](get-software-ver-distribution.md) -####### [List machines by software](get-machines-by-software.md) -####### [List vulnerabilities by software](get-vuln-by-software.md) +####### [List software](microsoft-defender-atp/get-software.md) +####### [Get software by Id](microsoft-defender-atp/get-software-by-id.md) +####### [List software version distribution](microsoft-defender-atp/get-software-ver-distribution.md) +####### [List machines by software](microsoft-defender-atp/get-machines-by-software.md) +####### [List vulnerabilities by software](microsoft-defender-atp/get-vuln-by-software.md) ###### [Vulnerability]() ####### [Vulnerability methods and properties](microsoft-defender-atp/vulnerability.md) -####### [Get all vulnerabilities](get-all-vulnerabilities.md) -####### [Get vulnerability by Id](get-vulnerability-by-id.md) -####### [List machines by vulnerability](get-machines-by-vulnerability.md) +####### [Get all vulnerabilities](microsoft-defender-atp/get-all-vulnerabilities.md) +####### [Get vulnerability by Id](microsoft-defender-atp/get-vulnerability-by-id.md) +####### [List machines by vulnerability](microsoft-defender-atp/get-machines-by-vulnerability.md) ###### [Recommendation]() ####### [Recommendation methods and properties](microsoft-defender-atp/recommendation.md) -####### [List all recommendations](get-all-recommendations.md) -####### [Get recommendation by Id](get-recommendation-by-id.md) -####### [Get recommendation by software](get-recommendation-software.md) -####### [Get recommendation by machines](get-recommendation-machines.md) -####### [Get recommendation by vulnerabilities](get-recommendation-vulnerabilities.md) +####### [List all recommendations](microsoft-defender-atp/get-all-recommendations.md) +####### [Get recommendation by Id](microsoft-defender-atp/get-recommendation-by-id.md) +####### [Get recommendation by software](microsoft-defender-atp/get-recommendation-software.md) +####### [Get recommendation by machines](microsoft-defender-atp/get-recommendation-machines.md) +####### [Get recommendation by vulnerabilities](microsoft-defender-atp/get-recommendation-vulnerabilities.md) ##### [How to use APIs - Samples]() ###### [Microsoft Flow](microsoft-defender-atp/api-microsoft-flow.md) From 11e09a543c94c199032751bddb8d41dd98ba0026 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Wed, 8 Jan 2020 14:48:27 -0800 Subject: [PATCH 30/73] Update software.md --- .../threat-protection/microsoft-defender-atp/software.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/software.md b/windows/security/threat-protection/microsoft-defender-atp/software.md index 5d4dd015b2..48647a6c93 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/software.md @@ -36,7 +36,7 @@ Method |Return Type |Description ## Properties Property | Type | Description :---|:---|:--- -id | String | +id | String | Software ID Name | String | Vendor | String | Weaknesses | Long | From 24ec826bf44e0a7563f65c59f4d17f4be2cdb403 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 13 Jan 2020 16:38:31 -0800 Subject: [PATCH 31/73] Added TVM API topics --- .../get-discovered-vulnerabilities.md | 89 +++++++++++++++++ .../get-installed-software.md | 85 ++++++++++++++++ .../get-security-recommendations.md | 97 +++++++++++++++++++ 3 files changed, 271 insertions(+) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md new file mode 100644 index 0000000000..bc067f116f --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md @@ -0,0 +1,89 @@ +--- +title: Get discovered vulnerabilities +description: Retrieves a collection of discovered vulnerabilities related to a given machine ID. +keywords: apis, graph api, supported apis, get, list, file, information, discovered vulnerabilities, threat & vulnerability management api, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get discovered vulnerabilities +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a collection of discovered vulnerabilities related to a given machine ID. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application |Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information' +Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information' + +## HTTP request +``` +GET /api/machines/{machineId}/vulnerabilities +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the discovered vulnerability information in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/machines/ ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities +``` + +**Response** + +Here is an example of the response. + + +``` +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Collection(Analytics.Contracts.PublicAPI.PublicVulnerabilityDto)", + "value": [ + { + "id": "CVE-2019-1348", + "name": "CVE-2019-1348", + "description": "Git could allow a remote attacker to bypass security restrictions, caused by a flaw in the --export-marks option of git fast-import. By persuading a victim to import specially-crafted content, an attacker could exploit this vulnerability to overwrite arbitrary paths.", + "severity": "Medium", + "cvssV3": 4.3, + "exposedMachines": 1, + "publishedOn": "2019-12-13T00:00:00Z", + "updatedOn": "2019-12-13T00:00:00Z", + "publicExploit": false, + "exploitVerified": false, + "exploitInKit": false, + "exploitTypes": [], + "exploitUris": [] + } +} +``` \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md new file mode 100644 index 0000000000..171a32a275 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md @@ -0,0 +1,85 @@ +--- +title: Get installed software +description: Retrieves a collection of installed software related to a given machine ID. +keywords: apis, graph api, supported apis, get, list, file, information, software inventory, installed software per machine, threat & vulnerability management api, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get installed software +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a collection of installed software related to a given machine ID. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application |Software.Read.All | 'Read Threat and Vulnerability Management Software information' +Delegated (work or school account) | Software.Read | 'Read Threat and Vulnerability Management Software information' + +## HTTP request +``` +GET /api/machines/{machineId}/software +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the installed software information in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/machines/ ac233fa6208e1579620bf44207c4006ed7cc4501/software +``` + +**Response** + +Here is an example of the response. + + +``` +{ +"@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Software", +"value": [ + { +"id": "microsoft-_-internet_explorer", +"name": "internet_explorer", +"vendor": "microsoft", +"weaknesses": 67, +"publicExploit": true, +"activeAlert": false, +"exposedMachines": 42115, +"impactScore": 46.2037163 + } + ] +} +``` \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md new file mode 100644 index 0000000000..4256ba1c8c --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/get-security-recommendations.md @@ -0,0 +1,97 @@ +--- +title: Get security recommendations +description: Retrieves a collection of security recommendations related to a given machine ID. +keywords: apis, graph api, supported apis, get, list, file, information, security recommendation per machine, threat & vulnerability management api, mdatp tvm api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dolmont +author: DulceMontemayor +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: article +--- + +# Get security recommendations +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +[!include[Prerelease information](../../includes/prerelease.md)] + +Retrieves a collection of security recommendations related to a given machine ID. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) + +Permission type | Permission | Permission display name +:---|:---|:--- +Application | SecurityRecommendation.Read.All | 'Read Threat and Vulnerability Management security recommendation information' +Delegated (work or school account) | SecurityRecommendation.Read | 'Read Threat and Vulnerability Management security recommendation information' + +## HTTP request +``` +GET /api/machines/{machineId}/recommendations +``` + +## Request headers + +Name | Type | Description +:---|:---|:--- +Authorization | String | Bearer {token}. **Required**. + + +## Request body +Empty + +## Response +If successful, this method returns 200 OK with the security recommendations in the body. + + +## Example + +**Request** + +Here is an example of the request. + +``` +GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/recommendations +``` + +**Response** + +Here is an example of the response. + + +``` +{ + "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Recommendations", + "value": [ + { + "id": "va-_-git-scm-_-git", + "productName": "git", + "recommendationName": "Update Git to version 2.24.1.2", + "weaknesses": 3, + "vendor": "git-scm", + "recommendedVersion": "2.24.1.2", + "recommendationCategory": "Application", + "subCategory": "", + "severityScore": 0, + "publicExploit": false, + "activeAlert": false, + "associatedThreats": [], + "remediationType": "Update", + "status": "Active", + "configScoreImpact": 0, + "exposureImpact": 0, + "totalMachineCount": 0, + "exposedMachinesCount": 1, + "nonProductivityImpactedAssets": 0, + "relatedComponent": "Git" + }, +… +} +``` \ No newline at end of file From b3b2ea7db50fdc8f67b07ab2683a4545480bf6c0 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 13 Jan 2020 16:42:05 -0800 Subject: [PATCH 32/73] Update machine.md --- .../threat-protection/microsoft-defender-atp/machine.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index a488cd488b..4bda3515a4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -29,9 +29,9 @@ Method|Return Type |Description [Get machine](get-machine-by-id.md) | [machine](machine.md) | Get a [machine](machine.md) by its identity. [Get logged on users](get-machine-log-on-users.md) | [user](user.md) collection | Get the set of [User](user.md) that logged on to the [machine](machine.md). [Get related alerts](get-machine-related-alerts.md) | [alert](alerts.md) collection | Get the set of [alert](alerts.md) entities that were raised on the [machine](machine.md). -[Get installed software](get-software.md) | [software](software.md) collection | Retrieves a list of software inventory in your organization. -[Get discovered vulnerabilities](get-all-vulnerabilities.md) | [vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. -[Get security recommendations](get-all-recommendations.md) | [recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. +[Get installed software](get-installed-software.md) | [software](software.md) collection | Retrieves a list of software inventory in your organization. +[Get discovered vulnerabilities](get-discovered-vulnerabilities.md) | [vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. +[Get security recommendations](get-security-recommendations.md) | [recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. [Add or Remove machine tags](add-or-remove-machine-tags.md) | [machine](machine.md) | Add or Remove tag to a specific machine. [Find machines by IP](find-machines-by-ip.md) | [machine](machine.md) collection | Find machines seen with IP. From 41e94fd838c2db6d70ea66e0b1b35149ae130c8f Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 13 Jan 2020 16:45:59 -0800 Subject: [PATCH 33/73] Update machine.md --- .../threat-protection/microsoft-defender-atp/machine.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/machine.md b/windows/security/threat-protection/microsoft-defender-atp/machine.md index 4bda3515a4..8592e1cfde 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/machine.md +++ b/windows/security/threat-protection/microsoft-defender-atp/machine.md @@ -29,9 +29,9 @@ Method|Return Type |Description [Get machine](get-machine-by-id.md) | [machine](machine.md) | Get a [machine](machine.md) by its identity. [Get logged on users](get-machine-log-on-users.md) | [user](user.md) collection | Get the set of [User](user.md) that logged on to the [machine](machine.md). [Get related alerts](get-machine-related-alerts.md) | [alert](alerts.md) collection | Get the set of [alert](alerts.md) entities that were raised on the [machine](machine.md). -[Get installed software](get-installed-software.md) | [software](software.md) collection | Retrieves a list of software inventory in your organization. -[Get discovered vulnerabilities](get-discovered-vulnerabilities.md) | [vulnerability](vulnerability.md) collection | Retrieves a list of all the vulnerabilities affecting the organization. -[Get security recommendations](get-security-recommendations.md) | [recommendation](recommendation.md) collection | Retrieves a list of all security recommendations affecting the organization. +[Get installed software](get-installed-software.md) | [software](software.md) collection | Retrieves a collection of installed software related to a given machine ID. +[Get discovered vulnerabilities](get-discovered-vulnerabilities.md) | [vulnerability](vulnerability.md) collection | Retrieves a collection of discovered vulnerabilities related to a given machine ID. +[Get security recommendations](get-security-recommendations.md) | [recommendation](recommendation.md) collection | Retrieves a collection of security recommendations related to a given machine ID. [Add or Remove machine tags](add-or-remove-machine-tags.md) | [machine](machine.md) | Add or Remove tag to a specific machine. [Find machines by IP](find-machines-by-ip.md) | [machine](machine.md) collection | Find machines seen with IP. From 9b63bbc0f8eb21f42278a8669a14ff5ffa0def12 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 13 Jan 2020 16:49:49 -0800 Subject: [PATCH 34/73] Added TVM APIs --- windows/security/threat-protection/TOC.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 1d0ce5d117..2af50f3e0e 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -390,6 +390,9 @@ ####### [Get machine by ID](microsoft-defender-atp/get-machine-by-id.md) ####### [Get machine log on users](microsoft-defender-atp/get-machine-log-on-users.md) ####### [Get machine related alerts](microsoft-defender-atp/get-machine-related-alerts.md) +####### [Get installed software](get-installed-software.md) +####### [Get discovered vulnerabilities](get-discovered-vulnerabilities.md) +####### [Get security recommendation](get-security-recommendations.md) ####### [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md) ####### [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md) From f527ab00a00e245469a5b50a1ad2ee8903080a98 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 13 Jan 2020 16:59:05 -0800 Subject: [PATCH 35/73] Update get-recommendation-software.md --- .../microsoft-defender-atp/get-recommendation-software.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md index 4032adfef3..e8473ba5f8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-software.md @@ -1,5 +1,5 @@ --- -title: Get recommendation software +title: Get recommendation by software description: Retrieves a security recommendation related to a specific software. keywords: apis, graph api, supported apis, get, security recommendation, security recommendation for software, threat and vulnerability management, threat and vulnerability management api search.product: eADQiWindows 10XVcnh @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Get recommendation software +# Get recommendation by software **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) From a28e30170e2b4d0d2ed367ed8db168e197d33d91 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 13 Jan 2020 17:00:09 -0800 Subject: [PATCH 36/73] Update get-recommendation-vulnerabilities.md --- .../get-recommendation-vulnerabilities.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md index 954479aad6..48f13ed4b9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-vulnerabilities.md @@ -1,5 +1,5 @@ --- -title: Get recommendation vulnerabilities +title: Get recommendation by vulnerabilities description: Retrieves a list of vulnerabilities associated with the security recommendation. keywords: apis, graph api, supported apis, get, list of vulnerabilities, security recommendation, security recommendation for vulnerabilities, threat and vulnerability management, threat and vulnerability management api search.product: eADQiWindows 10XVcnh @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Get recommendation vulnerabilities +# Get recommendation by vulnerabilities **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) From 5f669542aa3ed186f109adcad4f5995375858c10 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 13 Jan 2020 17:01:35 -0800 Subject: [PATCH 37/73] Update get-recommendation-machines.md --- .../microsoft-defender-atp/get-recommendation-machines.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md index 772dc4e34b..0060478641 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-recommendation-machines.md @@ -1,5 +1,5 @@ --- -title: Get recommendation machines +title: Get recommendation by machines description: Retrieves a list of machines associated with the security recommendation. keywords: apis, graph api, supported apis, get, security recommendation for vulnerable machines, threat and vulnerability management, threat and vulnerability management api search.product: eADQiWindows 10XVcnh @@ -16,7 +16,7 @@ ms.collection: M365-security-compliance ms.topic: article --- -# Get recommendation machines +# Get recommendation by machines **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) From a702eca096f7bf5e027ccf369bf6281be55199a0 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 13:50:44 -0800 Subject: [PATCH 38/73] Added property descriptions --- .../microsoft-defender-atp/software.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/software.md b/windows/security/threat-protection/microsoft-defender-atp/software.md index 48647a6c93..31c8ef62c0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/software.md @@ -37,11 +37,11 @@ Method |Return Type |Description Property | Type | Description :---|:---|:--- id | String | Software ID -Name | String | -Vendor | String | -Weaknesses | Long | -publicExploit | Boolean | -activeAlert | Boolean | -exposedMachines | Long | -impactScore | Double | +Name | String | Software name +Vendor | String | Software vendor name +Weaknesses | Long | Number of discovered vulnerabilities +publicExploit | Boolean | Public exploit is available for some of the vulnerabilities +activeAlert | Boolean | Active alert is associated with this software +exposedMachines | Long | Number of exposed machines +impactScore | Double | Exposure score impact of this software From b9e4a040a95cf2e980cac30c67ee612925552bb7 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 13:53:45 -0800 Subject: [PATCH 39/73] Added property descriptions --- .../microsoft-defender-atp/vulnerability.md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md index 1ab9f93f8a..7d023c0efc 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md +++ b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md @@ -35,16 +35,16 @@ Method |Return Type |Description ## Properties Property | Type | Description :---|:---|:--- -id | String | -Name | String | -Description | String | -Severity | String | -cvssV3 | Double | -exposedMachines | Long | -publishedOn | DateTime | -updatedOn | DateTime | -publicExploit | Boolean | -exploitVerified | Boolean | -exploitInKit | Boolean | -exploitTypes | String collection | -exploitUris | String collection | +id | String | Vulnerability ID +Name | String | Vulnerability title +Description | String | Vulnerability description +Severity | String | Vulnerability Severity. Possible values are: “Low”, “Medium”, “High”, “Critical” +cvssV3 | Double | CVSS v3 score +exposedMachines | Long | Number of exposed machines +publishedOn | DateTime | Date when vulnerability was published +updatedOn | DateTime | Date when vulnerability was updated +publicExploit | Boolean | Public exploit is available +exploitVerified | Boolean | Exploit is verified to work +exploitInKit | Boolean | Exploit is part of an exploit kit +exploitTypes | String collection | Exploit Impact. Possible values are: “Denial of service”, “Local privilege escalation”, “Denial of service” +exploitUris | String collection | Exploit source URLs From 7b30a81026b1a9daf1526c6096534868d6eab9d1 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 14:00:07 -0800 Subject: [PATCH 40/73] Update recommendation.md --- .../microsoft-defender-atp/recommendation.md | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index b5169fbe69..a2ad1dbf57 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -37,23 +37,23 @@ Method |Return Type |Description ## Properties Property | Type | Description :---|:---|:--- -id | String | -productName | String | -recommendationName | String | -Weaknesses | Long | -Vendor | String | -recommendedVersion | String | -recommendationCategory | String | -subCategory | String | -severityScore | Double | -publicExploit | Boolean | -activeAlert | Boolean | -associatedThreats | String collection | -remediationType | String | +id | String | Recommendation ID +productName | String | Related software name +recommendationName | String | Recommendation name +Weaknesses | Long | Number of discovered vulnerabilities +Vendor | String | Related vendor name +recommendedVersion | String | Recommended version +recommendationCategory | String | Recommendation category. Possible values are: “Accounts”, “Application”, “Network”, “OS”, “SecurityStack +subCategory | String | Recommendation sub-category +severityScore | Double | Number of secure score points given +publicExploit | Boolean | Public exploit is available +activeAlert | Boolean | Active alert is associated with this recommendation +associatedThreats | String collection | Threat analytics report is associated with this recommendation +remediationType | String | Remedation Type. Possible values are: “ConfigurationChange”,“Update”,“Upgrade”,”Uninstall” Status | Enum | Recommendation exception status. Possible values are: “Active” and “Exception” -configScoreImpact | Double | -exposureImpacte | Double| -totalMachineCount | Long | +configScoreImpact | Double | Secure score impact +exposureImpacte | Double | Exposure score impact +totalMachineCount | Long | Number of installed machines exposedMachinesCount | Long | nonProductivityImpactedAssets | Long | relatedComponent | String | From 1eb9706a82e457ede829d389739217756fd48e30 Mon Sep 17 00:00:00 2001 From: brbrahm <43386070+brbrahm@users.noreply.github.com> Date: Tue, 21 Jan 2020 16:10:52 -0800 Subject: [PATCH 41/73] Add custom OMA-URI info Previously, only had instructions for using built-in Intune WDAC policies --- .../mdm/applicationcontrol-csp.md | 57 +++++++++++++----- ...plication-control-policies-using-intune.md | 38 ++++++++++-- .../images/wdac-intune-custom-oma-uri.png | Bin 0 -> 78906 bytes 3 files changed, 74 insertions(+), 21 deletions(-) create mode 100644 windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index 5a4fd15cf0..3d6869c047 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -112,24 +112,43 @@ Scope is dynamic. Supported operation is Get. Value type is char. -## Usage guidance +## Microsoft Endpoint Manager (MEM) Intune Usage Guidance -To use ApplicationControl CSP, you must: -- Know a generated policy’s GUID, which can be found in the policy xml as ``. -- Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. +For customers using Intune standalone or hybrid management with Configuration Manager (MEMCM) to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) -If you are using hybrid MDM management with System Center Configuration Manager or using Intune, ensure that you are using Base64 as the Data type when using Custom OMA-URI functionality to apply the Code Integrity policy via uploading the binary file. +## Non-Intune Usage Guidance + +In order to leverage the ApplicationControl CSP without using Intune, you must: + +1. Know a generated policy’s GUID, which can be found in the policy xml as or for pre-1903 systems. +2. Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. +3. Create a policy node (a Base64-encoded blob of the binary policy representation) using the certutil -encode command line tool. + +Below is a sample certutil invocation: + +```cmd +certutil -encode WinSiPolicy.p7b WinSiPolicy.cer +``` + +An alternative to using certutil would be to use the following PowerShell invocation: + +```powershell +[Convert]::toBase64String($(Get-Content -Encoding Byte -ReadCount 0 -Path )) +``` + +### Deploy Policies -### Deploy policies To deploy a new base policy using the CSP, perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data}. Refer to the the Format section in the Example 1 below. To deploy base policy and supplemental policies: -- Perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data} with the GUID and policy data for the base policy. -- Repeat for each base or supplemental policy (with its own GUID and data). + +1. Perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data} with the GUID and policy data for the base policy. +2. Repeat for each base or supplemental policy (with its own GUID and data). The following example shows the deployment of two base policies and a supplemental policy (which already specifies the base policy it supplements and does not need that reflected in the ADD). -**Example 1: Add first base policy** +#### Example 1: Add first base policy** + ```xml 1 @@ -144,7 +163,9 @@ The following example shows the deployment of two base policies and a supplement ``` -**Example 2: Add second base policy** + +#### Example 2: Add second base policy** + ```xml 1 @@ -159,7 +180,9 @@ The following example shows the deployment of two base policies and a supplement ``` -**Example 3: Add supplemental policy** + +#### Example 3: Add supplemental policy** + ```xml 1 @@ -174,6 +197,7 @@ The following example shows the deployment of two base policies and a supplement ``` + ### Get policies Perform a GET using a deployed policy’s GUID to interrogate/inspect the policy itself or information about it. @@ -203,17 +227,20 @@ The following is an example of Get command: ``` ### Delete policies + To delete an unsigned policy, perform a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy**. -> [!Note] -> Only signed things should be able to update signed policies. Hence, performing a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** is not sufficient to delete a signed policy. - +> [!NOTE] +> Only signed things should be able to update signed policies. Hence, performing a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** is not sufficient to delete a signed policy. + To delete a signed policy: + 1. Replace it with a signed update allowing unsigned policy. 2. Deploy another update with unsigned policy. 3. Perform delete. - + The following is an example of Delete command: + ```xml 1 diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index 5fa737a5b4..b94d7ddead 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -27,20 +27,46 @@ ms.date: 05/17/2018 - Windows 10 - Windows Server 2016 +You can use Microsoft Endpoint Manager (MEM) Intune to configure Windows Defender Application Control (WDAC). Intune includes native support for WDAC, which allows you to configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or to also allow reputable apps as defined by the Intelligent Security Graph (ISG). Using the built-in policies can be a helpful starting point, but many customers may find the available circle-of-trust options to be too limited. Additionally, the native policies are currently deployed via the AppLocker CSP, which requires a reboot even for 'rebootless' policies (which have the 'Update Policy No Reboot' option enabled). -You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). You can either configure an Endpoint Protection profile for WDAC, or create a custom profile with an OMA-URI setting. By using an Endpoint Protection profile, you can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps as defined by the Intelligent Security Graph. +In order to deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI. Beginning in 1903, Custom OMA-URI policy deployment leverages the [ApplicationControl CSP](https://docs.microsoft.com/windows/client-management/mdm/applicationcontrol-csp), which has support for multiple policies and rebootless policies. Custom OMA-URI can also be used on pre-1903 systems to deploy custom policies via the [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp). + +## Using Intune's Built-In Policies 1. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**. -3. Type a name for the new profile, select **Windows 10 and later** as the **Platform** and **Endpoint protection** as the **Profile type**. +2. Type a name for the new profile, select **Windows 10 and later** as the **Platform** and **Endpoint protection** as the **Profile type**. ![Configure profile](images/wdac-intune-create-profile-name.png) -4. Click **Configure** > **Windows Defender Application Control**, choose from the following settings and then click **OK**: +3. Click **Configure** > **Windows Defender Application Control**, choose from the following settings and then click **OK**: - **Application control code integrity policies**: Select **Audit only** to log events but not block any apps from running or select **Enforce** to allow only Windows components and Store apps to run. - **Trust apps with good reputation**: Select **Enable** to allow reputable apps as defined by the Intelligent Security Graph to run in addition to Windows components and Store apps. - ![Configure WDAC](images/wdac-intune-wdac-settings.png) - -To add a custom profile with an OMA-URI see, [Use custom settings for Windows 10 devices in Intune](https://docs.microsoft.com/intune/configuration/custom-settings-windows-10). + ![Configure built-in WDAC](images/wdac-intune-wdac-settings.png) + +## Using a Custom OMA-URI Profile + +For 1903+ systems, the steps to use Intune's Custom OMA-URI functionality to leverage the [ApplicationControl CSP](https://docs.microsoft.com/windows/client-management/mdm/applicationcontrol-csp) and deploy a custom WDAC policy are: + +1. Know a generated policy’s GUID, which can be found in the policy xml as `` +2. Convert the policy XML to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. +3. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**. +4. Type a name for the new profile, select **Windows 10 and later** as the **Platform** and **Custom** as the **Profile type**. +5. Add a row, then give your policy a name and use the following settings: + - **OMA-URI**: ./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy + - **Data type**: Base64 + - **Certificate file**: upload your binary format policy file + + ![Configure custom WDAC](images/wdac-intune-custom-oma-uri.png) + +For pre-1903 systems, the steps to use Intune's Custom OMA-URI functionality to leverage the [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp) and deploy a custom WDAC policy are: + +1. Convert the policy XML to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. +2. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**. +3. Type a name for the new profile, select **Windows 10 and later** as the **Platform** and **Custom** as the **Profile type**. +4. Add a row, then give your policy a name and use the following settings: + - **OMA-URI**: ./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity/Policy) + - **Data type**: Base64 + - **Certificate file**: upload your binary format policy file \ No newline at end of file diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png b/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png new file mode 100644 index 0000000000000000000000000000000000000000..1ba4774163c7c6c11be23370ac7ce9ebd0e0aeb3 GIT binary patch literal 78906 zcma&Nd0f(4@HbAYm6o^6%yOwL&B~~(%$0V_jmj6MM(Pc;}7-I{*N{ z&fB-H-va=)Gy?z|4{X~iX_*g-J}CLKA?Tj*RX{OTi7NT9+2e}&6#$?NDZT!1i{$h6 zr?>2a0DxUBe||Q!`+t250L(CNU%z4%=Da|XhRJiX#9|1a=(6-G#kcbHk&lLlC$>cO zqB@I@*HxIm*-Ywc&r!k-<>3L{X?r7s^#L1|Naj+GylP7yg_%ewDDdkaT|Bj|1{tE(6Bn{?e~Ew z8!ET*hZBEDX5TS~DxcerrJu?DCG~F;K<4o=hibnNHB$34oo4_48h<>v^WB$NwRywS z|I=W#{Oh3q(H9e&e{A@#?Zxem4F4wT&8F?o{^zw@Gu~H|BQp+N`mf7_J15qrRmHdd zQu?pq%<&{2a+6^K5Mb21X$A=r)ffq>;QCxhW1+W*8bX~qCw%%%xuV2(xBzUx%MKpU zsF?FMrft>_`$(^Mwf`C!wvh8BOIDR2E4Yy*^}Fe$)ezjLiVZ#hpFIv2-qQD#r6EwU z8$PEX723BrRr{B`g+rM}pS+Eh;BTGT(s0A&o5#pueT!#Wa)3C7?*}3} z<4%(zDeArkg=W%YQuDC(UvJ3y1^nq1ozPnqqJTH`A!fcP%CvBW$EjFcD=k?;vfJg1 zRO_IpXGYr_F(fB}8Ly#EJe^Tx8#CY3KzRO$gLd^_=~<$I+TC0h#4yxZ{U&L0IoM$M z6Hv1qc6+2s|B`_tSna;8woyBG+QHwGri|#1AQn0j6ZaO|Rz)!NN&1j1*Yn(Ml>H<$ zLwY%@4E%(-n~a~YLI-nVL+_+JPWRLRqvJ_oa2@*hKb%-V8rj^t_ZbOaaP@4HVVj0I zmVWqfDfjP5!FNX}qtdT1&(=BoSRkzG-o3zQzcA%a;$@2go-7B587*2e=3*F}&KMeu z4oFf?I*`m7-W##NZ#m1vo)uCG+i9e&4o$(&L`&GWb#t@xR4H(Wf$FL?6-@YhVy)DV z*1m$2ZOk#>jhD9xWKEBcGm9hDjaJLD>gMz_I1{%uz8ERks(uUu!qoZrGFIXAAS&Jz z#S}xv`vzDIpWXvU>gqWlE7@1Y)lU5EkYr&aWY=H{Iot)jHO52pA7=6EA36lC*>ST* zu=?U}z|C_`kO5<-0$Y>{YNH7O=Y;m*E5KQ8KzbLj_|yZJOWaJXx#y}c?!x$+gCz)O zZt*yrkSqZAfs$P;d(VEnbA0cP=&PUZ92c0!D&4;mkbU!r>aCwGsIaFwySz(hu@9bk zqUX;03^9P1oS+4s?p!l(7IYL15hUUfUx`^U9{!oyE;E~gRs%^P1bN{ZkE+=ZIYxO1 z-XQi(Kt^`>HQDUouNL85WaoOrsE94q!b}e%GxKTxpa+P@WU$5dg~XNvqK_IIr$1A) z>EYMJ_R9&P$z2}2{vs@Yqfpk}52=Zj3*%S4M80L0qG~f2L!|`er!;D@@E|ihmS`DI zz?$wF#E4GR;Bx40tCbKXM(|usjliHm_H%rrqVw45O`sZ~_PsA6V{$FtAq>vi{3`~% zb2Vm&O3+|rYR#=vJ6A&*H{)W4b&Y9V{z5w>W%M-qIss>ff)e|2jY^cO@i=Hxe-f@$ zPPXZj0y_Jv2Uhp^h4uNI3*5cMpHM*dN56#ly5QX%6+01Z*^;NpgB=NvLddlyQVJxj;#`h)39mdJAVtGJ~LFFKh6t{!L5yQ?J_b z?QrHsxE=6Bljem}H4QD;TEh_d(^t6gpD5<`9^C~c5))TV4b9S~Y}b$fqb2_+i_GGb zLBkgNNQ$>m`4n>{{1t}Ztqz~eQX3S3HK=g(DUesa1@sW-qr;TJB5AR^y<+$cW+41b z6C&qT6RbwRh=7W?51oo41h?F651*b>Dv(lv8JCO(MDJst;SReZ<<}*8(172TGm`Q zF4Vw7%wB|qbZN%WS>q8d$Pw4fB4-q6?M@Mtk~0GXH>`V@Us`+0-M=qzA#P;cr|UPo z_%V_EiG6sgCOV~_=gOkH;NxBSkzEmQNJ0E-!ui=viCrfoIySnROSAUT^s5gX1d5Gz zg?fM#z9Yt^wc6n7puc-CyAcy*6>v5UnKv&Dj07`Sm=bQ*_nMgv!ouxtM0ln@ ztfuDS;*T0zM6l#FEYV#;>$+%VRtq${HEVSzutvBRC$bRN{oGpT^0x5t^L%FEILuw` zS8GGSe+Fpp4z~vi>}Rvw8d--MNywEVqJHpGcxgj1>S#Nww+M5pkBeE+Y+ESBIR$<@ zjqpU<978L3 z;SFCO{Pgaj(4qBl7{pJ7n+SP@I@iq;oyTyMo_%TSjxp7R@A&ffmb0Xtgx_*a zno+UUpaItBSLmc};k!mro08y>kzC#vLW`j>d4~nc4%ejX9G#MFc)HfaA3nZOaF|dQ zLI+)Uv%{#hu;rHw1*;Y$mq#G9V*6(v4qotujPLFb;Iof~It1;bWQu>?Z+zMhJ>W4X zOsVFW1Ullf^wZjZl4GJBG19uKfhnJxJY2%fxOCHkH@c)U6Er>2aP>7PGRaSvydpeC z_(FsBi1D+2hw9%g?Y==@DGHFHPrPV6SNJ$q1Z$@(@VaN=%=nn#HLwZ?%LXI+UXnxV z+82`AnYJA%O-FrUgIUbMxBV$6TtjvLSK@~hbhc$LY`@vgPToWDoB{Nppzn=%ex;XW zdylD>7ac5HI6-Z0zfTz0)Iztr z>Z`QBZI!Fb{OX+jOE#AOC=3;5s4%VOJ~CS=P84O3~2>+?QN$FrcB=B zTl=&TwA4)g%7%zAY~KmQuPaBn_Mx~xP5Mx=IkLU^cHB>zlfKI_ZlIJn z{na*@`p@ZI1N$lWuLFsyL&WyN(tbhvv0)TlU(EmvG4h`jT@IkLfEtd^>E>EFr7Szj zdc+z$DHB#B%vAZp28&Xeh!Jq?9!@RJ1~>7v#6o1)6Gu_`7~-kbU9P2OZGw9n&dy$M zvM3V2u&Hh7fsJ6Z7S9E7CQ^)U$-etP5y*!Pj+rrEE+1<6`bgBJju|| zuSP7{uDig*J#HOaDF$H_wI02-zXt-JclAUp#0`&s>ze;{7N>jKtJbcL{TAw3Xfgiu ztFwt8r7S(kn_m%N2(zG^^lYEu4d_n9O9yMjaC$|!@Y9di8Yr5Q2wCZCnK1@!?ELzG zhiU0}$3r`s%Sst=PJ1^EIFcK$6SM$@+;>qb8Oz1Ro7y9)STcwPGPwumPy@0v6M_cd z2SeTBp;SXHUH-Gjg^pZMb^SZm2xO2q5MwVGP*+|QJBN04_=)xT5Jb3QTcN3Om_Au_ z3)A(zs4O2fq-HFBb^sU|UawBe=xuJ`# z+fSB!ogScKAwMV=;K|xT41@+LH$yxz`Zv~;?EiCzy4o`-uYT{2-b+EaGnHD9y*JR2 zU;W3qHp}Q{B$->c50$>-VqRVk!9QizKuIvYLrZjRY`!mtWMg(0|M(nx4c-62mr--wv zf=5+4xN~)3-Q~!xZyEJtGrXzzGW~9uGSUr{oMD(m=veW0ENdNjz8JlVm=ndHZpJ~G z{Ty6tRNZRkwMrfZNbh{`gHu$!a*ZhI76E#kkC}u}j8>zWQYBxH!bf3(CKl4xo!U74 zUZ9B7*J;^QQ*Hrl=3uqaU2bDOFy-aiIR5r~zdO8@hfA3ioE72x6GH#i+Ni3ACai+ak6P?(kbTzhd#^~PyNO~sTC zJ`J-H|H3wuI;$hwo0?+=$;Q3b)Lr!`1qo`pLu%U3>KfhWPoyvNTI>y$+eJw;N%e6U`SZ-Z%>7=b~01CG}kaUC4W~%vuvDv|jL+ zPUJf8_foA%1U$Z12WNO$Z#J=xIX~~&PltZ?3n!Ma)D0I5V6V`(%`?0~jfEv^#D!B7 ziU#VdDsjR)KtLG4Tqirun+e#bWM|ytA49@2$;!^ys5(E|oocu2{1&%k*YNg{?k?CS zy*$;3kZQV8{ll-$A_^F-j349ZUB!df?sy~htmHc$PBLB_t+x62uet>bwUY$*Hxszu zRg6aRy#rwZ?KLwWa)M277sONX9@#Ne&iwd=oZwWciP6h~Bt59Q8) zh&4{p8bjH{8`SnW+huaJ!Q8BT4(mMbr$T|KFnTWqr1t% z7?|E?IgXExH0-XT-G_f*uP<>4`*gzmz96gHbSXg6gtAmg!)a@D)mcHUoRLaeyT*O= zQ{i)AZ3!6;H4k5(Y)cRGw4UGJW)(uct`#{f?PI&nb0aPPjOO#&LCoYBG>A5!Q;A@| zl~quK-;Ztzk6Y;}a|uE^wIM6uDB_gI$r zIpeH_p$+u3;n*rbFp8kRJ~-Yt?EPf>u9pG-_8&7@Ws*$)uiOy4TO|D_BO#$5AFuuI z7f+IoDpmc-q>HCjPL2drR`G_OJhatNrHY4Kn+ilg%pvC8I1pMQ#QF z-W~ii)-G9yq;J|kqyK&L|60=S&8+HBPr55dkNfhPl_dYNNnL#FU{C1xPI-Jg!OYyoh4<%N(S)!(({umBXVCz*iuVSP_Yr4S~%#1-n8{K zy|~^2BV_pdx`eu?+m*YIG)4aH?es%Ht0{3-$PUQd1v*p-#MYELb3+>Z(c2eQ{mgYI zx+0ExcXO;sBHPfq_xQa+SiLD2CIm9hE6_ZMjEN&Nk!9Wa4|7gsAJ}(FO3Aq( zh|aVOOH^I^uG92RYQ@RHmcH7B?fsq80D`3l{=Tb0AB*-4eeK)|kp?VSzL-<#D5J-g z(18r@aJ17}AoFe;+fR|WZO6K#|X;tWz6~lYT&CL*BxLHs;+#a=Nl9(Mq z^=(8fCLB0Bbziwk;M=&mj$0W_$#y4KaRmXD5a|VbHv#)esF_oE5{0dOpmdU!MUn% zz>*a)X=ARX??C2_up<~asgYR~%|_w-Y}2jp$EVh**Xm1UwV=c%rlNTtv$$TjaHU!Bi^r3sb7Ox|&AY zE^l8Gkh05Y)tGFFX% zJVwVGbqEO|{W>cP(Cv-f1)aV7cgSp;yUOdmChOMtY)zq<&yR2l?z<8C1oRzQ90FXY z8wh#%H6nqU{zsSL;-NwuKB;g#IX*LQ4eVbgn9^$GHt#buM5M+PaY_qY+*dxMpWg;GK2OR!j>OCDd?*;ZN122xxzsMiy%!&I|fZakYd2UHH0(>*6ZB z{As#wIU_(gp^v1kEvBfEwE(5yojmAK@@mYA9IMMNu@UHDIGW;u)m<6mUX+v@P8!0I z1B^qwQB|xpo7n$uc`d@PN15N>Vf?!mUAoI=B!$^a2A4MiR=r0~KiD)m886vrqpDuT z)!OI99mbp<&Gy{Yws+I#XETtrzJnIQ5u=_?vsHi6M?e*_+F(e^;HC8c!)tW)uP`N_E`E zod5v;9(Y_WM0=a)L*%39@_Kg>2#QXK*Tkfu$q6w{`n7oBT-MWDw

(>h~f_Ehxz< z#hc8Usy6K+1b8?mW!r`lY>JwM-k!B#vbr=GC(cK4qQH2?&11NOJxVeXt{ee!iJm%L z;=8Vdfu!^<(Mlx~DeOyI=>2&#M59FWo@?(M;Y7l&8_Wx@O&K2nDfeDlGm z!W0Pa#*EX#WUf=!ih0xg)s@7M4LWTDuYe0TJL4c2IppIpJZ;lAd zDW~;^ZiF9#Z8*4J7SiTK|33SCH3l7M#_As$tfqh0?l18q>v(>=MtHs&u2Dbz0vHz& zM0(^T|GORjW3rw4rtqik=|=izsPYbH%r4z4cz=;>S{ES$yxI9DG%S1~{Qx7^#o$!A zPCT#EyiPsPL#B^v>s%6)S?naMWodeI?|QIP2=DA2zRx9BJ6;+Fj?VtH&T7YG3O*=5GAKb@8aETC?ASFPNU(y8=0lclNC7TG zRt603ai32BE2)Y>Qs>t9!2Le!d_4pdU3O_$@EH978z$!}_=!$tEk~;hDH|+TW=|IP z%4=IB4UzLrEeiXcA~!u3+ZT8@E%}eGw~J;=C_^ zQ=TP)n#u1nyse$7hw`w$t!H6?8({C~xzyovlQ^ABKX1 z{1HCV`)cLdHygTGX<6U*%s*PGrXJbcxX&?QsLW5CfrQzi&DLKtVImACC9yCoKw zeyBDt@-C=*H&|4n(0GUDg0fS2vQzckx=a>jZYa#0SXFziUq%3{G~3@GZ0C9x>HIEp zk`>MvQ4UUSbkfy^o>?2rh0yL&$df77)L@E>_=-N<4o(q@?|*fOqz22R71KH&xokXl zT>&eI!WsKk_~sn>_)Sn!Dr? zZ`ifQm6n?wWM0prU_sZ`n(Rfvh_~vnrR~Zg36RJJ@haP^puhqSq?;QCwr$QbWIb#H zUHSn}V0T-N56Yr(y|R)18fDIng(hgH{x9e%M^*cdI3y$vzTJG`!l9Gi&YLpeU5dhwZw_JE?(bjf%OxQsmc^PeE6#a zPTUUyDM})?Aeg0F1;QuqV3xogL6GS&BF8KP6kKmpou2dtPZ4!?O9Iup9Ajp}9@5g( zdg~>R-3N3)OP`fLbj7jTk9D7jk zc)8m0+8%|m@?%R;%9&x)ldW#X5iLOI@GcHo`P|Wfg%#+Yd|K5p8h9m73q{Vhe^uTl z>k|5?C6G@1ENUYIY`|=Rj8|elu<>bkpD7hx9J-t-F^nvjWymF zD>*tGHR8|bv=%$n?_puYk&oKrm1B1vyf~~GVV6MA6SMXGBKZT8xJpEk9u-Aw-0(}v zVUNQ`6zR8{(9`Y_|1a(JTOM{%v7jg5ZlLOv1!&Ej_-=&U?^>k6lY@SAUi2HZtq9cG-hgKLy4H82nT;Vxr_2`M`IrQia7P zmyoROPK%ZvsPON_I%`g$X+buduV<1wSbY_&_XBGI*encpYvrJZ#d-YB+Cu@jWUIDu z!60XR@y8OI9@4QXYG)Wumn?j}3E;SirqaKT0mBTk>3Rwsb9szaBP@u~N zfiN@MAYrsxbC1|t>)V-?6S)~8n-o&RJ)j?X)_|gno;I3& zi=z?1b-Fqsl4KDIC}U;DC@7DZJ83&l?{Lff zh$&ule#`4KPQcu@U{5mN%*}0pb~8ICx0#FUfw~t)KI@A(+p9wc3y~r#Oz)~PTqF(XM2Bw8sZz@XFGTFzdXCC)i^Q7`AD#Diqo z$xqcjDv;-d>%vKI(an%JL{U#(rJxzR=Ik>a4%pwib72M;?4Wm1_jY7IcPyNmA zqCwC};SlXWc(o0V)~wN;HAvOt9$~j}GP9jL=7v9u!y25fHJx{1<3hc7W95NTn8k+d zz^0EeF3Y-{3FNj7fMI`5>p!tX%PY^9YusELVZq<04r*AhSF(?1eHY{)#}F~Lz+NGj zjIt{>7*zI;++pO^U0YYT^w3vt#;hk5n&Fp!dXeH*4|-ppJUM9pS7p4QOAgMsM76h0|<&(gfI^&$#BS zP!h7H6hKvu2o&8okV~d|unU4aT_Ue)m|+b4ou9y0J}K-sWIo|eo_lg@WOFSt8WCYj zwNsDB_uWnD!Wft}?`MhmahOu45x7@P^+#(=*snt44-DWu$h;!_cm4sPr~jSdcQ~iK zl1sP*B5N&Qgq6tmoH% ziqyB7S3V{k{IVQE^joh|Id|7joC+4Xw}y~3*&y_z@&tt`pscA_`Z8~Q5raYEhHr~a zCoMgvs#WltY%K;hu+~k?U34vTi~?#p=_-k06B)oTdFOBFQCEhLU&fvNmVvzm*Gb6? zNaRYbX+fTNE_bb|!RJY>*U2fHXCop{+-qVnkPRlf)i#O{n-dumTgHSS0N98N^O!$f zv>qKq{tmA+8%o4kWEAA%jZQM`HMPUKN>Br)Se>;SlswUKNwTIc56w)dQ`ijpd~XnM zUOHuW0VYUz?yz6n=CTeXCNUdZx~w?SzmHSgQbEOtYi{F6wk4i1O@)=_@_HcKjS+xhu*@*@XuIUtAB2!UKU3;@johOa z{7s@7D8mUM?c}TzLx!~AgKN0Eyxx&E6v_{Ehjr}z_>9FU@_#&Lm+zVd^+FQU~&+`8_}c)hw(DdjWV^5_LHZC30_(%whsx z<{<<(s|P2EpvLQRK&J&^Cb`kof@JqV}Cu2tc?krXq2*fD7j9-~#4)hG&p4IDei1p)r5{B1uM0LavWcB+o=Q?xH zw)2X^oS(8BlA!y&h1INGPGi(aW^nQ8z?_?)Ap5Q>+aPcqbrut%y zD!KVBBc~mkM8bErW0ihZX(>{lr$;y)F@;XRu_9GbJ)_Loz8YKGsoQ;RWT3>muisyD zZp9Dr(DkNQ9I1X2;(3rt(^%>{P>d2C9)8nNt1em;$m%O!3$|!WYgE{q6_#`W7^HFt zBD_b)49VYzsWA*G8mY7{^l!SXFg9bbOIDM>6;b;$IjOw15w(iT@kNrF4^`)C`CGj)65y692=fmxjq*M|+{Pi*(C-%s?6(XK@}N@>|UC zob8EOQr_+5JNcpZiEO7){;*TTgB-@rTlyaTu&;=76M2}m3Ew(3 zt@zR#z;8sFa>@&1+8bb`LltcPQ^kIX z3&6vsjY{{f?J_lMn0VbPZ)>HI7q2(0IEVQ`=f=)?j+-t7^{Yq z!CY?3?`ugJNr_X=ywqklv;|S$3m+jI#6G1&wksMP4H#~f&J1x(_?oTP3D-4wuxchU zZFz-Cy|nbe0Yl4=y(^XBrWx?q+;lnm@m=74wlIIzq#m`-5fGnL<*PG}ok{>^$JvMe ziaT3hCb4pL>&sno*tU*UHxFmO3CA%X6dKX6lE3KfwColo^5}I0?m7wn5aV3&#E2q= zOs6^Hx;Yai$V%Yrx=BJu3h0>2olBDSy4dRDyS&PafC*bp0R40s?V&HIDeu{b8)Iha**j?=-gtUl} z&+6jeRJL2wezrnT10BA2{L8R`20h>Bs|mV88>A_D5Di%_J7Ya14jPG| z=wcTS#~#M=9w?8cMC}TArQcOMfo@n+1f02)$}(pE?7G@H8Kde)p*1nb)NW9t4%JW^ z&B5xCE7fR?_{uB$xp{NLiF+))S+~Dc;;MCDoK*F>ZD1(=+s4>YJqWJ$KZP> z?gT9+1v-U|YXCi}CA85+B-Ke67V&}SAWnZmU{`~7I3-4$+~#+Qz#xxVW~3gd z8A^S?qap-3t$1qE;$u4sD%l(vc3);oGw6O&4Q(49as7ycj6uQ^(*e|zJjM5^P2YN@ zaNIpWaYL`~Z_ydw=WCGcX=Q)0Y)bS1MFOLm^L> zxEA*+KaIR38=SXAVn*6V2;5tR#hq*^FJlK`Ec5)eJfNxQAz@4-%MT;h;BkT?(pavY z+ery$eZGF`DL5pTP3m**6`BN)iA?r9G80-p0U4wsGI)J>hjW<1b(Y0W@Ytfaes_Y` zn-GgBESVSu0DN>gepVdRG?UO}sza|xq~ycLV2wPYf2V0M;A2T@*9T4Pi)@F`jP-Ts z>J$1<(E)AuH(5I_W6J2e;cKOFD|jc$JeCZ~Em?~l-T*Ls4LvHUiv0}M){r30FZT-U z2|TCTlI~PkndlYZAMp7DRkdxqB(dE5F;c{8z=7~z(R`XMhW0@^C ze`<|Cnyy(q1qfBvPD{dra{+$}es}iUKmR{Kcr8iA@Lzg%CGLOm@V!SQvkL!KUw`Ff z^@vIlo@D!yf6#_jee&SIy924V{BzLpy84n{65R*cvf>gDZJAlOI^(5Q?MfouU`T4C zXWseZJGVknlgW-;^P#FFubL@851-B|826rg_C(KHwGh=uLvmlQ1?pK=uW)$pxi>8| zSDTLcJ8b}5#{8+ME??sBr*d?Ba2F|2l$y)py2{au0naV;G0q%{Z22bcVeY5p9Yw=) zR{hmXKhmedU@i$#_;AXe)Cg1^J)-hp1K`JHx92#Hy?$A9Bkrkb%k`on+09K^4(}_q zK23yl*+arQ_0q1`*B8?f-$2Z(6qS~N$rJE7os;J_v93fx)hxe{w`^fKY$UbtyWpyl zlIwm+ne?~o@XOfIIfD<1#35bq6FEyEeaH{rx*dD%9hpA@zigl8wOjs4c$QZ{aCLW3 zHm*W_+2P2VR?3jB?Bme4*zX&QGP}bL&d2-Io?n0s>a(5C_O0qy`4aPRW|1=2#-|dNKgON)Q&_=Wi5b9dUWMR-tz4 zsvNEgva6-QD)+&ih^!#-nZ7mP4_~W^FaA(Kl5+o3)}(Vj_q~RK91% zoEVYHmdYI7rdh{N{}4RcVATb zmC<6^D!f<5m0TbBNRiaZpEa0$ByMgX_tIO`^<<4KFyX)Lsx7=pqIWo}4rsCBoWV-? zhJ^>-K5|OgJjIfe@S5;j>u>bC5!=S9m?6qRH~hR7$E}j|-LOjz7}>>}FT&mR!k6h=8oibCB~os}I*Md8`@i+X(0tN53E$v6WH# zlu&o_W4#?R^*1H1&g@T9?aRHywZx1R7}FXBQALr`j1UNvyUk*0dO&w1`1qVG>*Nkk zH(!Jy;c52{oxidfO-DD1_chl_Demj$H2UV+tp7T1RVqy0 zejd7k`?H4Ygx%TWU;zP>QXXSmPB2v@CUZqeV!G~Zqa5}hwkbJQ)zzSdr{c2Qk3P7X zdwR@$`Bp>`;(cvJmXtx_#x{TI<48TaVbD(eOV`YpJlBR$O1>Yv+au_20_fiTzl=(m z{7N}_{+93DkD)QuqObdip5J|qU;du0%Xe#lrTf>&=2x{PS%&S~40!PIY(B2I{|shJ zr6wd56J`8G?QG8%gex=G2a^QDyiPJa_PV^d@Kw0hubv1R!RygAt5G@NM5OT{5aiY6 zlkAhs;XLV*OD^aeq?FA}hoLR?jk%9gW+U_Gp%Sy+>uR!R7jY**_`cRG?K_0!T)i;f z=m1?^=o>0>xZvKsUti)1e~6-?U!s0|i8*-)tSfN^*8ky3KB9db^0yK{ukWb#G}s`~ z>D3DoOFz$jGW!SS5&N$%lHgwcGx%qo?EZg|A^)|%*e9`c|I&|-*54ntY;}IK{i6%p zg+GJgbu=t?e0U*iG;AU9C#B-aKd_UJXO3Za%1Is)wAQnlyz2v{jmEa9E`}})fBJ)G z$(M|^3Y>&~A=N|bxwj;@xMu%6C8HPpE8+9IU4O2&{h|L~)4B2gAXB7zfliW}KUM#M zaekk6QHniu=~-ku=IQQj|3YmppN?)#*e2nE?N5bM8zm<05B+`b$-f=d!amh8s)#-* z!IE1pBd7oU_7GG_^Tc1y@1G9)0p=}PO@d;^GEX7@tF*19WugQLL{FB~0BYPMY5zao zUta|Pcz|$KnKfHtC4{oZ8RKfcq`D;N(FcIq*@0Zi+_vV?T~a;kBW%wGe3>}&LNY

6W7Vr9Yg07QDGRs=0Y{v*5(D%>ct9V9CR_)`Xuew_`SbB>!FaRIz$IqLA_5 zMY`|p37=od{VTVRG3#qM#L%y|2M2q5Cz8Y2bJSI$KS7e#_C`yV0xz}Q*DVK5wS7lDI8rbp7My|8Ywn)yPZDCWBGn;}VqinJ`8nCx9K^pdAH+B-rs%hV@EICz!C)efX?5RrrYVyrBC;2fYxs7 zTQN&bfsIy)8sH(V>aj;L8v)On`g5)~q-WJQ8SOU6 zcsQjt>gl~4zzg$5*{9>Gw5{{9_7ZrO@rwzHa7D$uRv6<)_s8#8f5U>?%FB}d+wHBb z^)Rkce%o}UWbZrq+rL3~cF$B4TC-Mxp<>RjjO5wKlR+f|=nIMWFfV|%tZuRAn3+q4W%=}*Bhx3S8Li>t53?b)tXP}&HHFthsh zwYPs-x7j6pez!7Y+^RZtY$6S7-BM&dS~KCG=y}&5qtbK0*S_Ab(ILHH#taI!FZl3Q z`l4rnzUX3>zkM<;wbI1-$vQNg8G(*@KJ!Ny&)~q*gF4V=e>s^F z|L-m3`MpOx>gGCqHdNK5CnK#rj(mElsfe%2FLt(1SF-*5epdSk+BeIope{gbyawx~ zm64YAx~<_a?bMBJXKI^UHn3jo()%5{A-XX2Zcdfk$&D1JG2znn+KXSZ;)=R5to{18 z*LJJMEv&J!3DZ`#2l}q+j(_2=9vG|uB6+9Memu=jwua;-<8^J6`&9Le%kW&CeE87F z@xdFgp(r7VW}7@*9F;2(e;$Y19ANKU&KkSG+ zq+WD8b-2oMpDw9#e8Mr4s&|lRt(c~2kT-gx(mg->wPL~DdcF5@$%O&=%B=VxK4l~? z!xLZS6(01!@tet@eR4v6ZmNQF`ZL`-dxI>hwrm;?@O_GHr3LiZXUm*{QoKT}lO+iT zlmb`QfI~&4)Wqi5;_wZ$(7~8=qiSri71R~Y4v;yeZBsaUswguEtm-$YOalvMfB97Y z>H%IjG3X;ezRn^g(?u1YC`5htbHr?d)3>VT5egN>S)lLS;qSqR<=sHs?25F+ zeCyi8N9t#1;_;qFPbK|`2SUDzF;_y)Freglx zPu_yxKc4kubkDX_?B(J=nGt^O@|?~iG)SC*gf`iK3(Y?upQSoxt}rR}ZR~-)?Z~0b z`pkPezTv5!lTNn|!Mc*Qs-%zKG;{6Rw1G7=>s3;GkMZU}r2sJ!3;EjEU_bI`;*m1+u;&k@utwy)BbV&qD%N*HE~2vE{>4@>Rix%uYsz=rD${MNJ?0!8*T%< zZSxOVK5vp=zwE$x7nR$N|FqZ7igT%g0W4 z0e9vn&;6qnQK#}oFQ|if-7D*jMdj9Y-}I7pwe8Fcu|9F*x$V&7FDH?m9N+#NrLc*p zDx9nH2Sr%8`kmC&f`YEZ4gPZHm2KxTUzU}1{E%EZB3&&0R&&`47M$BtHyq`DugyTm+$7&T=A7lAlb@vS%KKJ9 zy_5O=7=$J9ON^~`tVZs5MTLgCRE?th^OD z`;?2kazWIPmlT*WN;65Mgys`Lo zMBe!HBiNR3Q2Dry=H2wHEH}|#XNy0AoB@rv&2{8R|Dbb!8QtGFaWj_PZ1GR*B1uq` zJJse!hNkz9H$p2ta4K*2pS`Ldy3m_?)^)*3vMxc&gfKy~9>NM`C06;7It}}c+&50D zPxx+}Y>APDyco~3=1GEr+W;j+Ki!c0V#LEdMpsY6owBAz#{%c{h_x@_`H$fBoz_LU z9m!pDvu`*Dh-oGy*FejZ^Z_N&8AwwZ&CHvjWQ+fD&-cl#-{#G}dHFsz=5Y+2DRZya z9^ty~SZbpiuyEBmGwm+w%LCKfLr#BU%LVoy0QSmO{8Z=q zSk0$T&06fa9z3I(oV_aNCUI2b5Bjql5kiiA>4PXiiRWRzSGxhmkXoRX58L^1+Dy|z zzw-WV?gyI{>XL_**75=VD_#2=$ENe5zZX7A*pv0vO9z-z(WRNDY3&v_JeO&dH@X!q zs+tYwmuQ613pPEnoyC3$ikw zgRBGQoYN}q#=P=OaN9VYml|^yAvr*7y1OX)J9*;AkHM6p<9(P^o2f33l^*Rqy$%vU zJK%*yX~=WUNrRA3SaEetDoV<|n?hQj$pm(MQ#%22ei~Mjowu2CcG^QT&K2(adB^j8<2~p1x&G)t2ie!o-fOQl*PL_1YBdoKjd4>5gx$t}C2g`KE=lj> z3_bEr1M>Cks@txTct7z)QMV!LZygMheM|t15afX0YN)Vi+Pw#y>g=SA)phy{>-)E* zteA^fq6!e0gOi?K70)oMu{a31A~omHE9x9%sD^=McvEGc4P=E!i)eBE{`jB3{Z(&x zd1Yt4<+Vw1-ky7D$3msVAEW4Sb%UglGrd%GpTYb!qLZ6IF8xdr>vb5$xx$(7p&X1> z&s;oVA^0#k*DeR$h9`iv4GJA?UH!}^35!-?i8>QSC(FyQ!vs-(-AVb>^g3|! zy}**Ov8J#Dm|WPDJf>o=!k5Y7z?sZv#T>?5eVxb$%PHs-)Ue!=gjU%1Yi| zYoh{w*a0CtNb}qf68Ozv8Zf(PrYU7k$IA%}614Xu%1HF~?>@30hd{;UR|hVys}?<9 z;1xf7@{)caVEV%nUoKn-LszH85^iXqWq#`ISk3JK87;}TvK;-2G~17M*QiglrrVh^ zZOhjz6pm4rCto`SL*nx7^g~AEG02Z;D~gZ{nr{|rVN)k(4YlY~X6GMBT!yt;p^i{< zHe-vooxHQzVA@{s+9==5s$#CkCwZO!_hI{!I|-amdq}ujs~eQawj7$0s5P!K>SEvJ z;Sg@6S!Yn7imzw7KlR#PmpF_Yp7h8xknYj7B0JTJEW-~Xy++#_6I$#nc`nk@JRqBE zwT6w?(6!7jJ4YuJMh4jyD@t8GZHmV@`jEK?gH>EHw~G409fGjm6Z@XouMH;7-!eaQ z>ivv)5TQ3!!_S*3JW)eC10}-JKZq-6jCXw7u)VU_o0N0ByEHByA?LXxak(o&%lV6* zj!x6a$o>=rqInl^C{sssm!`^{o5j!H=0_b(*|?O$^TDR+0Y)yv3;fi}ZzD@mTcLh- z-)NVJqRR-Z%b=dkiwWSwTdKjQyxDzek)90M-TBhZYZxhqH0oQ7IkEEx*+e72K2N~* z`~<{OQ&kQV8Sul^ne+Eew-mVj*9#C0!i9Y9niRNvqy|XRf$|bW_;dRFwv>bMbcX*! zKmTx`$ioX}a=(Y3t=8<$4=l{%j7qEV`APaBhsb&YwDXA&8eT|_yh%>v)hcC{*-n^} z=?)$3r?`0mFV`j~3RB`!(9DaKWVlHZkb~fIu4bKatUd{$g}f%^%?M8NJ7l~(k}+^- zCUE^6N4AjSHtA^eX~lEzkIaN`AQ}$V8P(=xwpOh*QB!!Gx^n}?uOy%JtccWhfeveD9ArL-eABR3wq#nA33VN0ycrtb z9$RTCZIPt-!}I)P-|htlV)&KzmY>A&e3YHBX!3)9%Kls8fFk7w#o|H)5Ka*sYI0vV zH%RDO3!?(rULs2LyLMi64KMVvA&PDi^xJ+D@w|u0>!K?kd|5Dn2-Z+9tSjS&ayy>w zO~XEYh2!W7Zg7CP1@m%tdka@5OE2a=uij*x=G{%TVU4$Qds2`ULBQ_aQGT zu+O)_OER_$w_6#Hy#)9VnYVxD5lX%1c@XBb`WP=A76J8Q`YDXG&zd>+k zt)xavJOKdd+dAkTOrD_=_lj~+>!iJF$*=tL+O4`~Tnu-wZZ$q`8~dPfAu@0-HY(EA|cYglV)U4yueR^=JCn zXtz47Cy#-T$(j>;LgMUy+ z2YV^%q+G-$URJA&K1@Ay-6%F#4wwG)z^b-}%iZ@ipmzej_`AR9@{E#K6J7DJe^sQ2 zG+%qa$~=4W6o4gr7xIg`?obxJ%X+O4mWV~`MRe$JMCC788bWJVrIjl6Ai+Qe#K8ti zWz`;^9)u-mSB1Qk!pd1$*$zBLvvKzah!vKbI8{-5*=y@f2RXRXu4o|x3WwyP0vezl z&SglLXYD#Z$k@U1j1q6F=x?<(!slp>(H4hoyx7{8Qr-dwJ~=7@(^^9doqlfE9rG~u5TU>h7QmR`joWxt z>8yIhFCB{n8=xRsa3Q!h&ys5=Qu_#30U&>PRnx^0YGfjnMoDeXEz6uIlD zw!(I8eu&mFNDA0aUg(X-g#Xj70+2jvZ;I;zB?gVzuKEn?e2MQ(8vOn2y`+<@F#gA( zQD4&N4cVgE=s)uNyO!Og7YmQ6hP8xzK*vQ#=OXQr!8?oiDnn1Q4SePfTC#_+4WOc4 zGD450RUMxUB14N}?+4eWak~x#`kS^VMu)RoCaj1uHwJ7f0zq{;nTHo6# zDG2P>t7pyrgyn`E{$%%RoZJVE+ml~u7tP}Kt+*JI%7)528x5=mB91Jj!EpuEqA?NU z>?u}?gbg3^Z5?6_bRP*QRdP*c!Dn}3Ox4n9`E2t^<~RAdW)%rmNX+7R8)euCUe~Pl zwAnG8iKrw?gZ>3wPgBHi26*CaR`74WiIv;vem>!!&gA~$jqDfsIIRNS{#Rr3lw5uB z9o=G+YXXjFz`unE)hN6KP*>T6>a8tdBS@h)|%f%rotD6?vH` zupXR$JZxRlK}OOg&`|lf!7Xxqr>@dDczsoF)2j8ZN-i^U`GdqR!Fk$DMGkrW=>Xe# z#+<5B&5_Ig@G3d2NACJ+!~a!#0R2rGmz!bCZyw$tVC{7l(dTzbjr-(@O~I{`gQW4({a!&J|E#n>a~8 zT!iYZN#5dt!O3ZXMEX%6S6*pvIB&QJI0favRX!DLHStURjAz1TqzFs}D%moX=*%XK+h zGHOq{`{M0Vic9=DRtWg`j|oifMg-qLKXUdL_T}ua`Iiyo zww26NN6o9`mw5~1;>ID2x#9r&lFU#!X9g9$th1#|O@+_*mvVPr%zS8HR<#}C=iQ}( zq%s8Oukk(=QrON4J7n;*L1c^Jc?E_u?JW%2n=*dF9w-h6`kJ4S;$XCOkLm?I_Mx3lQ4g-t~)pX$Zhn zLIW_Da}1m{rvpCMpwc-2pT_Gq@XY`_Lj38Gzg517)RJ3W{y^+yNoy8D-zPFrrg3Ru z&viG*SHE)dfzG*KXJ$;r!qidDei$QgeoFL}yGc~f%I&KJxZ zrg%selOmw>;T%3~r@Sp;5ii1F;zPvMju}y;s8;W-=+h`_NAczFN6sJe!W)3vxqH8M zAy&@?7`o-z(YC8>4X^^$RRq(R@6vQMy#_k@_@k1Y#FK?UJI{p(m@-NG)m>HO9q9Kdmt0m)$soFig1}cvFae8#%QPM>7J0x?G4gq!_R3 zAHb3;TdV*0c&Ze7hF3Vca=3IefL+Xevh_y5(w*Cyb}5CCUFJi`$H?3kGAtlTztP}x z?oml_lpSYi73|&`YOH$pM}~3esrWXrQmW`ES+iuR(e-8{BSb88JS#n082eLt&xjLM zHvLgPOrkw}3Su~N5?e(kgym@aG$sZ5+7iNzJHF08pT6pGbG5Q$0@)$UH#ITGm9z8A z$(Qyz3xS(*nZd9X^#-?Ge)z%}O2Frvd^hohU#i!Nfh}zEdi{CbB)>#eg;novUe;vr z19n@Nr4l?R`YqSpFPFWSe@a9Qhq=~xH1M|8$V4nd!-vSAqANpq=aOxYo`9_e^{3{2 z!bKhVl-PjOlQn8Enr?=mcVY(Kqy2(c4r}A<{)MHQH-V{w*Vj6VC1ED22Qb@mOGw{t zHf!&Ffwrnwf@Y%}1c>Av3{@ObCU?9Oy2Ir&cQDR<)rC!gI1iIQnKD4_lF+Ug(%f_1 zT5oViQD0>J+dbY5+BRO9*U!wyQfIx$+bb>qew5crr9`VTWNyctKLn8(`@XtrbuHr^ za=_%CgxTlz9z3=6md>7XYOm(3Ww1q57Y^3%BwFdsZZvjkPae0Ev$4EeU%IA3i5B)e zT7ir7KLY-kJTea1PXFLy=+xkFGiv5UqSH}Xj>OM%E}*bUEDy%h@jfjtK0UF*4E&z? zcVU@=mOxRPHSrWK?>L`!DlpfP=d1|wdQ>9oGq>%Ieymj?kdJ1V1n^Limg^}>O+ zM6enEGFhmbJmfT_qd?e^Z0s&F_EFwfCd`z2WEM zP8FYl1DIkrP;#FB2qY^tpxJYEwep^NTkP57>0!U5%3xv`g$FvlaTOLoO`t!x)Xypz z5{N2c(_*J&iW?icZSiH@a_CGr&oPg2K0Gg@h1^Y~Tb?W;Qe0en{2SG`zUOty=-m1@ ze7)WH{u@oDN7A^@1>~C4AobIe;L7$QgIPV z0jyJ8T*CuqZ-dRzbP%D)RhR{GGrQ!j$nRE30l$=()$?oS`?%PU&;I-%b=CLq_&$9$ zaU1>DX*@w^P&hMSZ#02wGU$3srHx!Raf`8AXuApx+!i~`u6M%|azXtH1})YIk-A@0?4 zDb*FDj>iPUD{wHk)COcw$R(imXIELc#1C9==`E(p5KkTwTAI+Mn*-+C6v!rGEyB$V%Ru+aLFUfKgodK*R$WH@&##>2(U07S_1pZV>a zA9~Jb`Q~izX?}lbBL7ftgnNi79onQ;i5|n`;+|Rs)*}h~oP#KUx|%&>N((c9@EF0k zcj1aa#3FT&z@0#!F>xk|GYvqn9q7ILz{j73urj@5n@y|YY+4#B%f@CydFR`~n_hbt zx9U+-JtLjbL3Vxyc?kI2!vh$}&8v~nM1MMa^JV>23E9b%D2uTXF>N z%SphgYnM*(I-8!9pRc%ubOo>UQ;Wo0|YqwzMBCY?dV)uJb!+m#J>xF~F0{Eoij9>`sB z5AtNXS}i~FoN!15GlZB><0yisGkG}4*l~G{x<=z;PHFI zr(~d0$#naDzBty#wg0sy02TWZPckNydLG&xidzCb2EeKW|2Hs?w$z|oihxgWi9vlq zzo7a(U|Sr}UhNG795{mGITF@xTyF-54gY>R4U*7@!fV&0H~EF(eu1rTNsWlazyI`O zYSo;=t9!zu7%`<*n}!6|@D^0&NZNyB>oW>dGIF}+r1$_5k8;##Qdz75t#ql_c*TIYkT?X zQM`653(ONM8ZB79-6TJl#|hAv--xy=-FKp@+$m~9B?GL91Aq>?iZ!~dxtNo>B)8N^_g z$lLv?AjhkX^nUG}zE3fR+bkASg_P)1Dw_|=lUd#A#-G{9cV-TpYWU;a7?(Xcxh4kZ^Jb2r1rAFAo`6U?e5%z2grCYjOU%jzWd~}o3+FAT^NXrhN!o|o} z7}rXs5%qX-qv3c(Yb=*dDdkbveX|F|UFxhVXC_mxE!Cr|&MUR$*o&aME}px;Vr)1j z84$Kks{;mRk2c7D81wPvTNa>ua%0nCM>1Y$sdEaRQ>7^R54XX~%{|yrdrW#B3iH3I zasopcnT}5zFFi$GgR7m)On=NDHeS|?c&FvR%R;@q+w_whiR|@Bjx6+B1*NO|w&qj62O8XX(rw@CsC-a&0qwESy z47<6YOtwB&aqeDe{;rC;Iv)pCRvJa zLGOszf<8cJ3E(1|zpGpS*Bftf@reN3@S~7P^xJV%4~*ZsGxF6=f;<27s*c4i*Tq`v zAWeQ9AATy8SWs5rqO5(C?ShA;1dI7T}GhYo^xec-P2h z{tA^vTlji>mEYo%NJATG&0tKdm9(_giRQQ7>+I}9Yn2-=BYI<4yiV`l>oNg&chZQX zI``siQ{vKT*p^ev$HD0jR!()D=Nm)g&P-zUCE z+W-6TTole$GcF?JWETqj>F&Gh`noTC=aEAT^DBPu{xxlfyAYx(Aw6k=)tWXau7k@yR6tm zn><33{6eLmlnfseqe;O&LbwT?^=!;SSRw@Sr5b;2uW(muM7!v%uPM;QXBtg?;7{-3 zMDXfF>Dyy%7J>U#;cq7A=83u)D9fGZ1};PutZfs6_I6o}ws@dq2}68TlNo{^>i_J< z2|V9lT~QpO=KOk!=8kYfid-`0l=je69s3bp9DSelK}9v*+5$(8^n4Z!*k&0L$U#xM zHB^|%^NB0lKhbw_KvoZ+tS^g))10RTPsSl)=kCa^Q_rB$;9~@qU{nPGtk?B;;D9!E zST?7?TrZHeR309snwDaQSXw&J(Q7KhUu`R}Ic?nF9A{V}-MzLDYv4NeGqd5&JEJP` zyoH+X&UgvrBogGlcv5fs`L8+XwEpWG&QWy65!Wx?Y#u#BV`i4h_m+Mm1A}t}bBYR% z63?{RqE<3E@B2$ng}D7Djfrh@V$3nUNh*SR%jZl8W?1-87AlDdv0Jxo6A+ZC(WedW zAT=M;q~o8EGrfgTLfjVA!C<9d5Xb~kjSjcN?=iGiaE1mpl1bhUU{!1BD4E83xatF) zDWK>6M}({WI!KT$(o${FzBusK-DdzFAnfv$*xj(zM_e>Isq)z~aXynZ&c4$Gy!9a6 zhB;GQ6f-m(=*3Is?FVxRycjpQ?LTp@_1ezD=s?2IopW(Kws&OhWDyyA!fN<65*hbX zxGk9~C~Nozk^F=vF!(6WlR%8bK%VaYscyr{hC=ph%N_J^d~=ZDNMIvH31-gJQ3=P7 z^uR$X%S!y5^3Kj|zh?+K)$!g404T($vHrxFr2EfuR)yy~=N$vt3KMtC4Koh*5xx@# z`;P?r+>)%oHVqs1J6I=Qia_fynsnOj0II-8IcX9UEsJea8!d37730mZQn?;GOP=lw(@Ikz*gmJ*boMfl3 zdI2bjORwH!AvA+e2ZLJ`7Z^B04lh@Yfa8+~zW(6yi14^Wn5o;*NtsZv3ON zf9Zr{m!QmR77MAVDYVOCk?0ex9B=KV8TCo`24+%5eCXh5atndncky zNMbRMdFN!vcQ0u!wPNbbS-b;k(A<~9%d=jWr}p7P?P@?;+WA@HgF)YL*d=A11drL_ z#>9sA08nzAj*8v!)3+1i+l}x9+O7JREs6l{{4aEEoJQ*<<*+BfqH1#OQRC^v<{pre zZ9K(`>|xr!FufFAoUYpR6-mpdT zb^S=6i;Aq#0duqQx1dN_xJMXiZ<_eOH%ItXo4>9zK8e+{`vY4_$pHw%;}2I-y>{fp zwtwACl<;j}2=M<5blQQw|Mlk1D{LL~_fVT7Dv>?AhCe4-cmmbPKI>{KTPGJKpKPh8 z9`@u;$`Du^oH1JHN~crZHI5y+R~=uKxH_(7Xy@sTD#ealYoZ(UEkjnR?(UHdmYXG) zeJOK(K7~AZAnxT324MgSF$CzKJ?X-ctb>8w^$gc%0G?CBb-KLl_5(ri9aQnM`E=nf zaAKqOLRm||g^r8%MfU117RBt6H3cMiG575g^UQ{Z=tj(m-Z|b4MWp7yhSu{V!c*Oh z+HMWy8ZZb^UE&}_sST#P_ZY=Ikn6kgmOV%sjCowv<)2??;Pl7mT;fFl9v2fWIERT` zC+A!oA)1k(Ip*o8#_q%kv2GpnG-hoD6Ln?HFSYB%3V5kcN2oQ=sLeUE7Hytn(X=x}3Itr_sxjjygNozh&epq)o5EtV^Ciq0PQ-4l$vQ(qvMUn%)1l@>fr(HYySPyftB?H}xhnq{y-w$b$%#xg0>I~FQZ?;`60DwSFl>GGU z#GLEMHehC7$<_T`L99SrK@Hm@NxOhxNbrBbR!*Y#&U7+mq_k?bGuZMX;D z$V=0Z?b;ra7yqHD{EHd(BwCwi4J??Rmj^f-+FQt8%>F1VF^EY}18<&{O}tN-n_ZI4)>fw z_2P)cv3cuGR56aBhuK32juHd>e|jMxNePOm;m7mh=QLr2A+d^|` z#TKdQ=D;>~o`+?Fxu)gpi+MO=NXQB1<2?hnyKX-LYB7XO()yRxf?XuN!!3OxMFzC^ zuC9xjfzY9hKI(}ar<&BCSHIfXX!yhJZ=BaXVH&9dkfSGeLNv`zYgsxf=7pY?A{w!$ zPfr2Ib@OoNhR?gg>$|G`{PC7!XmM=AJKI33v73Sdr%eofy#tHu>lOCKKzk6k&;_2d=l4HqBuLZP`Bf|(zEwF4-H4I?VpDRj>r%3QK7eIfQy7#@aW&X|<|k^+uK&>tck> z$_S^5b9UoTW2~o2k>f**AN0w=etS)~TQQpN|wvW$S{W9aeGXO52gv z`Zd>9DekA5>FuQ56*8TWcw6DjYS50`Td~d!#kRk93jC7Cr+cF=m_wQvg;(35Vg}0J zwHtTtifz3LT;IL*2~?#vd%yqV`tz~>K}N%f2il>(bs?<$gJf*7I!jp2^Fr~43ozHM z>uS`c*$Q!1i;7F(dE`I!Dp9Tri@wM4IOW>GiF?#Q*2~c(c>@FU|A7A_zVm0DcPpEIg2zi&(&3=*4YAiJfArw)^ zd%J=FR+XI}A{(JUStUQz4L75WJBDqoQV1LAK?+QdLzm;oSn%E8WGp=P;zYpp4i*!6 zwHTNZcKkl$l;3Atg)Xg#Yr{ZD_+1@aos!3tQw=w@hHeh=R$V%+_vw${6MKGg|7Lfo zvapLayJq`^4ji#C}IN7Tq+?g*bCbopA)~n3S-fB znSaQskLyB#9H7Bcf;7EZ9PjUz~G#X(=$HM?rI!xkm5hQi{#GsWWcffY6 zPGcLAs+J>Sk}Dt8eTx%fk%tmyUsSxkbK+6{bKKl>t;Pu%@8j(qa@H9f8*62;g!Nzl ztxYX6=JCn$)q?wRft=Bzt}y$7;p++VKfX^6br;3upF2Yaebn18$coUqmc~=2qnF4> zQ(UIC->zhZG&BG;^VE#OOTq-~1@PopmH|#Vi%}JEXc}xW!A^j%A^=~O7EiF11Xa^K z@-B*{mkXV^{M#~7UuqcXxXr@Xw%*M!F)3$v5@yVh5l5LDN1LjBxIu7qv#3@;@<~i@ zz9sQ365FW09{T;@VwA=DKq?Rrza;@jW)JkB!ppZuR{ZGdfF-D+BE9uh(1`b8`@4ZV%G6#JyaqSDxwgD zj&Or32K6})EkFz1!aJ_}iur@wPk8#&*C<3X{A!+dh%EdZNC6*)mNjskvOcS0xckX< zH39i?=Jx4Scyp6Lyt5E47d<73+L%89oa6%tNHD&Lh7&6{8oaIZ5SSDo`6Br2bb^T% zWr0K_xmEEbbpK^vfdz+9v7IH zLgxitlC^%s?{dy#)EAqb^|bp->ci{3B|XVYUJbUtw_(348dAL;nm33Zy{Q8DQu)tn z%~jjNPI8|d)gVDm`B0?om-}{q7;Nwugiw1)v464I+iGa4MTxEYmcVh} zt-T)ZHl%0n0yeHDw;UuaYn6$7&m0b)ax{41Ib7Kt+`83#$_)GsU&p8-<9dJN{E1ns zq?E$e%Zlt$+pzmK3B5g8OoDm_Jt3?gJb;@! ztX)#v5`u)YJ}{ymheYPK?{hZuj_jYD7HU~X76E?O)MfOjyL2rLCukx%}K)xLRg%UdDP>Unv!e)uK%Ag;9(1cbe<1z{$ zCcoNKqws<-L1i@)zdh?%MrZFVmfdCK^$GZ7s}~0jhY4kgz(E~e;Ox~w-iwozg(WLu zpPr*K%^KeFB7tyad!f|&=Pa@|!R4ZvBN0Lh7pH9KxZ}`C)%4zy;QYOB0&8BJlOfNe zxSD$~DpDPxm0Yc%$<(J&J2TY((cKzf{sE{luMf9M<@Y!N$uR&Tz5s~K0JHmr!?uYc zj`{-QW&t4I2qwXkD~+Ig660WGx3tM=B_7mn*b85d)fDZD`S zG|s+IASbv3x{|^IuUv#vDV&DkF6X149Q~G z?!?5$>q!5Ft^@N_sqcd2c!ZjVGg>o<|3+IiucdrD2fAd#0e1by!PDQgN$tqR?F2 zUU#O32rHbI$6Bui8?O0hUF~t<_|h_(7HRh&vPKs^B{*M@Up zSF{b+vDYTw%LqlxT>&0&xqGWfLAi~2)GSbr${};xNq>v9Zq|y_OYjiMC*hD`bD{K_ zU~G+M_n=M3LjFH@7)bi!oH#rHgBPPZx(NoOmlP~RDg2!@kpHR2$03|ia*P@`)7*I$#F27RLNMj zl_t<(pVM5FiHRyDi0W0~phq@m@pQ^+nP?yj$Jrl z8Zch3GFAg+$6Wzo+|T+l{2uN$3O~_Vt3=(LiU4)sng-l+wVpt=N3w2b9vHp6B;-T zKvdk~#b<&!5WLplcMc#?Y zijlMWn#}(-p)r0Xu!h%ugu}4z-CRe+2m!VJ4;7!CDA!!fl>mxGCH3cj6i{ma^Gp9P zIl9fCMJGO2xM6Cl1?^IgI?poQH-u56Ax>e3f2C=f0`RRR!WOx(YamHiz)V59#g*E2 zrX?tm7ZSdX|AL0YphlAyfLCI&pNf9EcLiQnSS`rl+)@NTIV^!hD@NiB5Ra@!Pn6nwkXkuv_ zdYLyEcI+v2-hUvdIJv3ty!vq=L6w}hQ@<2ZbsNO#Q<5bD&_9S=$M59Kc|Nqy1qjq= zKzqoBx=)mJGG77Wn%zj}dh^^smU>>ZXa*{FwL{+8s$R{q^m;S;6A(l_ zgYu~e@Ml?y>;n2{j-8e0sS-yNYrQ^E%er|g*rQ?U_2GtjI5GE(@hYjL$X`>DnD zN9%08k%ISKRzoUP8kwG%{-Y~fp zJ)mL8bcMb)*I_juqu{mOb%N=>n_aa4)C|U3&vWxdOy83!eKvh1ky%O=$wH*NF3Czy56qxP~M%C(UQ<04Ry3E{0QligCvr z@X$PN&+B=cqSTEY4B=&uk#~*Ei?>8;S-e#$i%ojw4ycO5l5YR;z)(9+9VZMdE^;3Z zujIUugQ%z8yK`d-*iq{()7o&M?h)&C;T#Mdx`jUD8d~hv^`=d_Y@*&8MaRJ56@IR2 z4R%{M?IddKCoS~e5Be1!r6l1lKuRo-&klbnnkBR?;(199YGN`otPu4+*{kz+xC;_M zPk3MpU4J*pTrnX*FQ(g)R)_RI1ojt})ekavB0V_s9do{__8@PwnGfc|UHrcdor@q(b$_`OG^VLhKW!?{>7|)vU$&uaR`de&rSJEr7pvcqf~tune$!1E{vJlcQ%i;dCG+ z3wf3O-twOfhp8wP@w_m40rUAA9n%#+=byi7?ZC2A!(V&6QrmI?>Qn4lzKV!SJafc0 zFiV{NUOia>)719TH+Us#A9HpKT&fqCWFlE6;dr7?tS44`rMefN~9XC@4sbCvekSKB=Db?i8p5ZerG&Vq(8F8 zB$ZApM_t4Ro{wKx%l;CfHhEU2x2uTTl4METMY_GTd8#;q8>}=OP};8|x%ywSQI+Sy zt9gVPOx2@cd={SoY26s9%M{SUu(VWBBy-^Hxz1zWo45d1ZZ?MKsj1K)LUfeSN}U3- z;e!jLzzb`jhK^CAz{@-#b3N6@=27B^D}Blo|jX?uf6v93`5^1pDb4CV(Q9UrOcY@ScoL%+-9R6%yIq`}2c^ z2v57G;z<;6mCT{h-Mv&1w<5dh1u6kV0ZtgcXtYLtO{lrCLXMh9J*kQ-4Ov+6w8m1# z3r=tlGiDmNw8B}VA+`VIF5LQkFoR8WZwzA~e|J21C|!%?X8p6m_u96#v+1DL4T%n7>-h5&?CaCt;b`V1i z^Wf8xTbim7SLog!uD1x-j=jvqpC@48A&@k`RrSnn-;0xHMcn87>zyS#DdIr0JuRjwHzMZ+LD_d46EfImCD##h^9jU{aBH_O=+iQ;_lWXNhtxnK1E|gME8ITPsQTf7N2P zmYy0B=X1LrZsVs{8C~mBhU_RVL8+%k?g0z~wKcmYJ$6LRczZ@^N57uh=r~?|%APM! zfB#dCjYDwxKiSn0|9>(A|83&^A7cZu&;RBq{@*5rS8wuPuk!z=|4xV)eWGkxE_V8R zu`N;Pech_gxKE*WJzC-qE3dun&9HIm(!r;hlc0Y3I_v(PCrP%xH%1=q`Aw1rxSc*G z^|}o?W!m!(PdigYi0^#{REfZ|=eZ5|K8sagSh;gNBYAtmL!vz{_7rr|qy+#Qrp3lT zx+ch>{Shm(QGKy0yZTsVi59Z;8UQ}b$-zdAn{y^u&Rs9CAN-XNlJZd8^VTb=>-MKS z!Sn^#z>c5bKfxRx)u~&82%kJN_QP@inId*!S|K;rz;T zq-1hY?U;h2ZB!=3>WB@x&+C2%{W?Fo3YXdww?9l8N&?q zKQT+H4YnLM2{Ruk3=YrI0+;t;&|8Si9N75$aJk>y*K-Adz-cwc7L(^0tdm5K&szc3 zwb!w%2y)ZLx4QNG@Lb}odHuqnLpjGYNdz!L1nQlL!gnluI`U9kWmafSim#68mw+VW z&X3lVX{XuM0&seTeOXH3m@W9OLoU38SceeQ4jg(C>x@R?{tbBELTkJ&8|4|NN_ctSb) z+syx-&lstCq94;Ij^3V$P4!`@^V6{KF0z4=v1N%%1#zHf2xWjfi6j0JuQYcLHTKKj zHLkTxd@C}3q&dcullzdCl0L62Cq`(zL=G|f@Hu2^s+bMFtCakl!wDk`xE_xfXT3E$ zSNKed>O22Rt*Y-GLFF24iQ+(rGxvq(+kgLBik#Yrj7fhmFM#Jthef(q`c}-%@b4shN^>DldH}!rO?EmeP zC5>USPJpK{+?dbi?u*Ey`fhDsIM7ajMyE0hJpY>o_z%uea~Z|j&{~3D!7uY+SbM`26|I1uHMXrtC-QdDH&|-sZzm-9&INd4mfoY;c%8kEv1^?=X+K`Y zB}7yz3%H6ch$L{jN^47$w~Qj4`OM}yynFMOx@t>v1l(;kg3A~(U$z|7LL1)un;4yb z#Z1Jrj0jFyB@9KRx+=eAsE_^QKa8-u#{*Zp_{gl{p!d2%z^uSl+#uI;(pf0$hp?+H z(Ekli(NQ5#H@^pcWG3{Sy{No9#3G)S8)f?kGXZZCs(3OY{#oD6?NDLxfV!?{&l|ja zeE;IUiyJ*axYVd&g{E{L@x76>0;5|njr{lAyqhnw$&EsFd*Tk}d$?vO~7|?j9$1kdPIHy_kOy^Lb{9#2BtA#;uLrlJqZKikt`3j1XBPv zqz$mWgY4VlryPTi)HNDr3H1j8q*!FFMQYoOMwEP}&9k02VmL-GM|jQhVei7(t=CGw z2~!uunN(YA+k06S*x8jykh6p!6wE~B425?eskpvL4cO@>JEE&q(#=n zhqCXqQ}P)a|32_@x$aGtP-{CQ5AW*2^O$LDRs`x5{OTjRpY7MJ={LDFLG3K`Z>iv z&~rb|RDG+=mi)$Cj(7qKtxA%NEToy*Gf% zaTj!$BxNIrnsvAgr!VTvt=fZXesirChbH-RFn<2bl|I`u z5~!uz8P!^an?QkBTGN2PZebqJ3ZXya8kmcf-D*XUZ1)HR8ifTKpG#a0OHNOW8c}np zf^R)!9T99L+*Xow95g_Av{vU#9DQ{0F`s6xlw=##Y^`Utk|itK-!z%nP3dOQ>Qr*> zHU)1box=j*D_#(X9?dcJXDMC|t* z3rKsXxzx(p6|FaN$unB3{Z7!7XS4o~78;I!_be?KRAqXf^`{HZolZe7NnQV0dtYv6 zVxm)Ln)3TR%{kD?3;z#oZygt9*S(LTB8mzKsHg}iARW@uC`floj?#^EgNjOnba%JX z4N7-2z|ajt*8oGDJ>c`a@AH0t?>WEo`sr^kcGh%+dVjJGFPX`^ zJ{}3~o?ePpcs{H+zcYzrbsUELh2BzIYUK3P_A|77a6T40pYbrqssX*;M9Rc6Ln|xW zbU3)G`eOxw0OIO_)>^XizG}-?k8JkDhsLfO>4unWXB{u?0N4Ha1kIYMQVzkhR5*k2 zY`s>)sWi(nD!GBGVl~KJQ*)H0>4b^eIbikdm#KtI96s;9NNHlHUU~xj>mcu{^>_a| zJ`SlJg{22}6Aoq}>|@f2lzWH1OeyDh3sgH2RUbwfMo`8KZ64QE?PL}%JGk0)*t+_CR1KuUVb4&AnDD>27ZBf(xsAYh1dTNIo5!T;_jSL{u zO7+~a;!Wj@9S26HGZGl|jtX^eUGHfXaJs2b9s3J3Q4CA9#Z^Rsye)>06DIr{ztR5S{%-<&ZE2(@th+|aYz4aEArAqI|jFn&y zv^jjc6deAwUNvKv>F4VfI%s+PcN29VUdqZ!h?SX6zTP4iba$8+wv^~)=2b48dRD&x zrIctVO}u?fN9oW98GCQMf;INWwvX1N@|XAM%%_6e%E()f-l+5 z>!lw{<~HQJmwJODAS>7X4E&&-$)r6L_Z!T(_$z?bE^njTbe`P(0VB1qj+b{zDeT<8 z4_P{K(uo?aVDj)%P!(GhE64PG>#*q0j8NE#L=z#P6(DvL9GO#q@=W*)cR-ldU#^1mHC zeYw&$f4$COsF)aA{^~MGb@_C*(XVnM*;rIsyz&u{Tgtzvj_S3&2tOV^F>T-ou}bl@ z^1lZD`s9>zlI-R^kjD9V1t`aYs(2_MEu!L;3+bG{D)vz$ECBhd%Ie<(r~jL1gGMY8 z>TTbrZc&rfqNXFXd!GHf;GGKu7!Yo*ve8oJrw#P*OjjEfGY!qpR+A?#w$}DG#aHf!m30Ua~JQ z+xsW`Rjs}vD_QS{_VR^8;Q!K;Wo!4d-Gma$Ibk+d)^fec zYRAgc1K9prQO_7P0Gc2D;Xisn*YGlm$KqX+hO%CZW#0mthO>JSlE(5pJoyEBdA=+0 zpzMcRslWlKm)QW3yvkQw0PIl%^@1oOXE)ETq}ga;6P8bm5%^NfzrIway6v`GAiceK z=SuwiouWBX6t>)W`&N}+Y2||$>>J-{i>ZQolWz^I1Nyrv8$IUp;X#^k_I%n({M?O| z%6kUevrUir-KrVNr?0y1gd`LTE?`&f^-Hih?&zZG6YZ$b&?W|OJf?G$_%Fh<$>d1K zoD$ul^@)OoF@iNpRL^*f`{>DArzt`gL*+AINA_<@4S!-%L>Q~uUX=WBwPdHXs2jGF zB;}3!w{1Ej^BMk|<}8}i>jJRbLIa_lvcp6MQBbq_ytB{a;XIXwdlp;u zv)8v8U~rs-y{ZBnF``GL%HljVO*!?=D2kwrAHjFm-g@Theywx z#6dc8CWHQGQyiQ5@FT7GpuGH7Ux7}`cfH3I;XxM#?f=0>1(=cwXiSDA@KTlP?x0t5 zz*m&|4bA#Z?7V&+XWf6yYy4%M&|$p(>?1WA`|XPC-CuFJRL``@3KLO9TTDI1Mk>bX4Q_~c8huE;2J_ijMDyLGj7Fu%JE0| z%F{3o+85Zlc8=?gmR zFEU=j`ZYM!^FTV(`>obST3QiBmBPc zcJ-)g0)Kz8EMh6)JFf%p&W@g1)dn{g3{>`?r70Wb>mSj>GF;wRw||Ba2bb1*aoOoW zbnll)7vWHV@bUt3-kNWhl$}ao9}(wKtotD04iFwPkxKqYo%e4du1(|c?tPc$UT5V- zm5M%G)9#P{;*H?a3mVXbV`2N+XHM7&v%K1|V(TvYH2XFzyM*q$Dku~hoFClCSMDlM zc&7@aKqK=bjR~%YLzo2Fr2V-`Q+kh9$L=@L4WL7zx+WhI6gzJ-O4UCBB(7D!ej#I} zdAO%}db=qjE~O(wnYy;^n;1u3w!Pjr(oxL*3GhFaw*&&bu-3s%M5XUgf8r7YYr?2S@43s_J2(6 z|M2-JD>cP(EHM=}%|L97slZS%jf%!(va-qc)wE_#VJ){bmdOZCH*v7-yEidb*Z(X! z>)TcdfkTUp`Y8%(j!j}>Cv}A;ArPqPrzU1n`XWA{|TtPaAfzvhb9*(xg;t=h`E zpB8}gvFlWkt=6nkIlAX|(>DikTxn?T65sg<0VkGkyg*s3_e}ou7Q zVEt|dV-stGs|?>!Y78aM$yF&ZV97F{r`ta6u0o8J)-+<|8&j{Z^rk~4dq**veZvdF z>;@h9->wy$vzb}JS>FJe=M@z&hr=Ku4d}n6vcJPp;h#Bw_`Xw*b?zj&+For+`yN1O zO*!dl@*(9bqPM~3*nj#qLSA518X|;_HH1nPA(WVuv;k1wO)Z`OSwd;H-MalD7-g6W@YKI1faVtzqg^ zyQGrzvW3w(n|-hKI^5&UcZ0can_|XWK<+UhxLBYbXDt^vywHWZ6_s$VvPtj?Uu+@8 zVWGtC@0LuhrZ>EH9)Sjz73dmYB%HEe&w6)D_fY*kz6@{Y-7KI+P+Z zEj3m3?I=#gfJ_gv0Mn@_j$5T{+{zb-j;>*|yt3K_lpEfpK)~^>chnJi0WEEqPuO^I zt!G7^c!e4Z$4L5QOqV7wBR#!LJHG!N^ydK#mC5r8fRm+Z@br`Snt!S1A7e~Fez8AjfjU|F>sel#_(zgw$^M7x9GdQ_ox z;nvcR&NfmzBQ}QOd7W9c8*i?U{1nt__WOwv++2hFH`Yd4&jou8^-#24=wEpKfB0%S zfYjK4%`ItBv!4#=0=-Rhaa^mJGNXJKw*f>S4#YgmPR5ani(p`}60Rp6eJN`AROT*J3IpkN!7>9@aygQvs!B3>fU*gw80I7Q3`i z7x;77&@SE-cbnaQJ}N>09Xeug(W^F^fNKEq{wc(TK&r7eWF6_~j`KO>|IP6fAK_cq z&LV_~x9f_+QH4pDEj|{_(T|XnR~SFge=#S)S~YZVbyf#ps#?|trYo-^p96}JT*L0_@5(iv$t|yS ztc{*&x9+=>?kgSQ{5N9pGIjGUi7iI6bRwn7v6CDN%_ZVpznh!}b#&&6e5i0NwrgMCNrPPe{=1gz7G0jG{D2_HV_GF{o~g7FU?UM~;| zKRUh zMc$o9>2*mK*!$NJE4;?-H=V2gxNYTcMpq`dBgX&D2Y1=o5ai|8DbscU){QN^#O4^+&Jba$CBHtn zF1&Ah;)3iT+Nj$+pTRLlcyiluO~A(Aqk8Q{c~mh5#k&U}GcS;{c?YN`Z)Hak&JP#f z@BU6VOE}1$Pj}bGH^*p^S&1=EDT*i<)Jcc~q0FI9uT0JHVrd-o8!W>_3aXQ$5C+XG zXHcbfLk%c6ua2Z+ae7Q^q8QHaujb4(XOn#wPK%sQLx==r*B7QOwr76KqJ);4ca+d; z0`#cDowTgXOD{cc_p7;J^HLHwtT(;V$tcV0)yCOxGC1Rds{^HjFJT)N)=5wTv?hn+ zA;g5hp%>X%Su>HffG`th!;R#4BTOyZnBjc&&F~vb;N9$qu%{{EJm7r(I}9TS;0aJiH@)A+v4luHmCeE?Da7+s9FM1u-0R45ewRHEy|BYHlQoVz>AZ9rMGSE6r!sk^oPmH&w-YuiBaO~`@Sa&x)_qy z{v8bNM8OT#rV?k?q`tApmR384g^@{@j!vs?f=aBJ9>Fs+LzROGSrjAc!TirLjG&QxS|^Yn@w z14r48 zgm^)T;r~I2PfPhL!hWm8CA@)=*8`>31PJ!Tq_-{(ae>L7a7WK#RA!hYRohUe?>i`j zVM@mc9Exhz4(@TYfTP4fK1olPxuZgv_EdSfOqmlNMf`}4#PNuk_a*csGe=yiyI6uT zA-AJ$F*j8wEMB@fUj-0v`j?HCUY2a7uC5OO4$`l8uJ7UOTK{&$3~HVJIM41)?*5sL zQyd%*fdc8)eqGuj`7-`}d0u?9gsikAf*Z|4ic_XLugRBK=;NiLy~Lzs<{w57ud!S( zh0Fwn8Uphwz7ta2_$fbNdRsQky zCuV*aklDi-t4w3r*XG;(-He5WOCKghJUz{WSu!XJU@n8Px;Cb6)qtYTbb)sqlZu;z z?@gc9n`hq-q8xW^(~Vn1?v{4jADcdoNVZAY(4WKzA>fSs-GDnrk$}+da8$h-RIw^o zUum_D!;vTTE|x{c)!IKCMhUR$eqw=0{L4b7fRx&Pg=iY-N?RZ{ajV2N?VT zetqRJPDnkwkQ?!ix!{XTv(K|hHjHhL;(m5Jj?J}TpWshB3B<^B&Izb$Xh;K_YQ_rwy^u#7%7tsZRv=hXdD(udFk)SLAB|J2oN}V91?s z6P3MNdJB84uHB9eBLgS)+Qzo{0%IF*zR3JoxXY3d`_X|+0I1_V0J))VYrZM=`9q$2 zu70iy#!sqvR1?|{nzde&iTcB|DGWa6or%9{F8QBzDk3aKpAOxh(`ngPdIU+ zOg=)~EZQVY>3$2ydHuotjba^aFAZe~6=0I5$yj~P zuvGB0F`U85ijc3QR%}mSS<}AS&K}qHyXn&tnj8Y!4kUG6c|UWwACJgDY-MicjC3Ad z3@v|^w*^Q_%X8Lms?97?+h?rwUy|#=(SjzStGC>Yh(CTxQ7V#vr{)?tpzYmAG2a;6 zOE{}t)?Os^I_A5%QG2q(9yj$Ka5@Mlk|chHV= zfcLs;^~kF-3R~~4mv|3e81{96Kr$4?_aZldp@ouR>m|G;<=G!{OheRuapIj%8IIa# z1SNZy*ihK~0S3y}0f6?EVI9`zm-Bs_c|+uYaBU<81^58f1&2LKB8AfaKNuz+4?KU!y`eMH`*oo06v2q$!Gx)-#lsjTLx zxJ_WMXkLV7l?)d}H7EoYNk>_Z8HtN_0|RH^YBe{(r2-vVV%;;;fwmXdyNjb@FF*f_ zQ1%}I>VG3`9lyA6|4?VixmC#JtVhn~0XNy0e$>?Y)9K)Ua+bkKd#DR2gUbO~oV*N^ zp<>Tsy9uWPI+8Rg&A`vsKA>3o0~sy4lyO8>DRks)Tu3Xnn7TZhd;m=gt0}C7H_SOJLa>Tmc9_ zZ(aO~(O&0XHJiRuEy<9~fJIM%vlGU<9*-#=ELKm^;OQ2T&7i?wEep$^CiK0{5EEAK z5~L4BY>|tBQxV)wCxc}D=Y7uen5tn}TF#?}>>+M0gA?86r-7n&iRCN1<<03(?)UMv zyc1|xIzXCa$Ajb~@g3>7)JOia!#Pw2t?18q8Dis-{|f9t1guB!?^4tYax{p246XLnsWCsQ`;}-ma6Ej#*jk#_i@%D zC^t^MPMQ(sVhDJrihTU_5zeo8Gn2T}^pg2aN7 z7$@k>vt1!OuPWw7?0LP{OV^HF%Thy@?KAL~SB_pFudFJ_l8(oqoqO;fUNd-fIcmM8 z;LE05J&GgS`qx9|y=B@=)DBV&+kzidxWV38WhhY$c;A}`@`6X+u{y4o;QCww8EbOIQd=7KMSh+MJz91+ahRWxAAx9AN{oTb>ehm`R%tRUZQgjC`9NE$`mvwmK}Xk`A)sMOv( z*vLHkqBbY9b}nUOsl*iCbG|=OX}Kzz;F^nY+<2xGWsCr(A)EI7Xs1nEt1$&p62nkvT20M_>2+W#G^(K@W9;ngvGCNA zl9JZ^AXdzcI|5uzW%GGLS!BPQDbp4{kwm_d;+6>+wwEexZS+Rw?5xjRJhQaQVLLgB zMw6B7vY@9c$&g!X;IR0U+J6KIQY6@0ba(~pZvnYJSB~;9!7HTQZdFKeyTncsASduP^eK>qmVwI z$de9>chLBjkE3>WEo!6yb9vl~yg<@Ta9)BUUuxdlB7O5&39>$y$F5iFDN^ru0I!ok z%MSwn{NQ75w}f#vYG&35zFGp3@`)9IysX^`o<>cek2`t#n_crn&xn=}%XE!Pq`qyi zzY#n*%?go~u6gi6a%|#2!aOT%!fN^>QJGoAMAyWP1z}E#sogbXvj^k>Wu2MD{!iF? zTy8A|ztu4MO-qgE`%7=bpyOBv6K2`~T9VGB!bF|9*)dvF5W|V)&k)8%z3F~_qZ2iQ z@4i;I6DlozZCfW(6JB^;N25?<-hUz;rFP%(c?f;CxCM+9D)OC&VWIr>sC^v^*NL~Y zl>7B_W^k)j}um~=P4d*E?hmdoVqSVrICJL~T9f5(i zwbzl{?0RAEn7+Vw`c#Tb51Od?KwlD6M-gio&l#dz@VdUx;nFu6!v}aE1{vyPe>2 z7Sd*Fc)7zAtmaz-=j%Udjz&-G*HyIOvK!^GRZXPYC(Y5+)G3H;glxL6o!Lw+YTOh9 zYm-J^3@YbnU<3DQFy>Bc8be7t;51Leh75vhe z5iv-LBiTss16iLjkF9W)dhRuR3i_%PHVL6oS4*>(*BU*4idy(~cfmYedno+ZI~OZl z%-iJOqJM9*SHJ(g%{D$jz0k!aU>fxQ#gCuU#YACz6pedn`CIaSdR_W>X-UcRn3$MC z6DWf!1QKy@U{?gl;sVy&S|moWk&zGiA;ZJNq!q%^(b3Ebpx>jgu&|=C#wssX9T9jv z?r*3Cb1}5sVd#OYf&ehjl#$cIQ4B`Ucydvp1RC(Pl;$y}+u67(%k`(yle@Kun5;4F zzi-^YSDQ_Aq5_aLUbjJETxXQ`iP?1w&)%}dAG1Dm^ODM$;9qOB2 zSaZ}2XMIfnjh=?F_E0;sw76K8o`FG)v3l$CK9Dd{?cv$=({nE`QdU-$lmXB0GB7de z7#kli&ey2W)~t0It+ZJQE~%|09%bvFpHGdVF*P;qlw6R`ae>c1Q0RHQeZ)G;6p^jm z^HcehJ>*}HAAx@|F8?s|deq+vI8I=OL`#t4b$hY6-igM+D~pU4ml9P;mY|T=uNAUI zxV$!O)L~G{i`U6J#>)GRFyW8r zwy!YoF~!I+)~V6D{4R|Vnm=7waB0dwznT80O64L%4n?(V+s0t_T2xtM^b}bR7SHMv zfrX2O0M=u7A>9(~$nir~67mO3w>`S8+~HQM0_7=+HF*NwH|d`-ElX`j9S#$(811)2 z4BIa+&F!hbdUQMEj_|gQ+QVY#iZ#6~JJ|`-QUFo&{O#wu&`%Ti)T=kO2fra+9se&d4h)2J+f%BS~vvMl^ROYT3zlzq%DMlW{f414H zabzSiN_@BHhS6cE2DlxT?`BLF4_{ zwTH2I_|K5+?VLBBTgEr!?l}go=q7YxJW)Ut*O*tTr|P|Za67asb1$;W`G&5(ITBMf zGA8Jg7Ew-Yuy;N&E|F9$r{^? z@pkCv-qfR$kDY$fq7*He-dtS`##de6O=?YdPSLIu6Ak z{R$yXS6b%%;-w>pl};RP56mqGdw*S{+LN3uu2R9!Uo0g;jCX!awVrO#Rc>DRj{Iy( z61?60sIR($SjS1IE~y~IIhSjlxX#{P>$-5olEN_@Pde+=&c@5{$>dq8JpL&&3`$8P zq5sNT+-ahrI)PwOxA`n8ibS+dpVQ}5W3)i#+%&-tC-R7NZ+u1ShRNyJA&JMA(e%*| z(gK&Kb<0{u5B8%6@zKN$D;p|C^EdO8=w@i|IWAY1R?FivSFVX=E~a>orm1o+>K^oy znY73_;Vn%}EI<{ySGaR>mlSSE3ELgCoh8cE)#`{#*@y+Y#!E-z*6k9J^*{dp=76NA z{oGA07#ErK#8&t&POD^KOzdX(TqmsO9r>%qaZh0)Cj`ifLMWm~e5&t#8^ZLYz~6b}R-B-_pF5w|dC7Lq zjcp5jef~4E*#{{DW4GcsP`?lz*Pi`rRVpQVe|_C{o#;A)ba3%KYE{+MR!Gm=kgBNT z_OYwMd3rPlF4-Ax4s_cMQt`9qL_ArRvYegx-WA(raTU25&nkwqaERLkj{?#^OJ09l zA74nGOdf;8Qv7(xls3s)A%+Qm)SP%Au}nmTQP9lF+BOoA(KfjT4>RLTX}AAKEa)&{ zWyoXCTCTvQ`*cNOHAe0*DkFUJRLvh+qn=JLBM(E0P%f41P^{lR*Py>s+HN}4hbLZ= z8fJ&xu!|tn=P%(37Y=i)vy_g0^k<*RuFq3?(iuaJ)gaYt^!a6sz(hAhr$Qhr% ze(p(6+8FCIBMPEdEh@`T6h$Rsy&g%eh4QxrytOcbw?10WlRx-n_wq(0@tci1FYMaQ z_w>76&6BGrGxBXZwvw0j+e@3|S@M|q>fkqDsbO|wmL!IAy zKNXn7mrAbhJQuqy7MN*UW)^hnN=kM*TG^82?Tshgve>@PO*^%l75!R|wlqu}Q(W3y z#s-7P+OdD>Eq-c+w}Or%oAt&z3sp`>+$=V>eTV6?*Y=)2tJ!UjelA!9y{C4U#5>iM zyKKL55Kl~=aX;p9xL4laH~QYf?a_uUq8;Hj3|$#n3#Rig=30_bhkNlRJlam!ToSLt zd_gulPQ^k5o$E9w$%1s7%mre?Jk9485*R5u-A-VQ^ujCEr7kB-uUrqC=qbAYvM{)c zz9q7*$_o&PsdEWF6W4m_Q**OfZ5wpU91EemfG2#T9JF}{K50?JMsY*;v{pVJAJ8lu zp?Bov)x20Hx?+Zxo>!Y%K=Ijm%{s)UVQl<|I@=jpcBw#Y*{$%x$q<8 z8X{KHAoS2nH`|TwN$C;~rn7>6ihC)UD_Iwsbn>v|(oH#hjqAJ_>m4V0B0jgF7VlU3 zrVpG8>yb3E{aW@Vr>AQbxH-FAdT`$iSX(TV`EV)w%{PJ?rtnT2uREPL0tXqFo*Y9x zM<>l*?S6GAqqcRvpYbrxPW{>0ep9K6rLT9+m(y#ScE{%@6-D|qUk0XvWNX$vM5C&uIieYNU(Eo=t1)} z3u|i`*4NkdX~FiqI9tQlU;6Xsj0R<1Ufvrke^xfO=YoQQ`V4it%tq-x1B7;2@kPQbb9ICq<+>i%8;6@U1+?&B&UiDgFX^=Dr~s zGNN5=z3zgfB~ARa?#_>$Nb&BMEi{ua2O_Aq`#Jd-h{%er6u7&E@wT`W$Vo(PLJHQG zy2XSG$a#DCmrt_SThjVBp?fxGP~N9@Fr;ukmnuWeWSOAT@6H(vtA=&b%XA?O^KTkw$cr|y>4PJKmzZX)@oDX+!026mPWFcy%= z^o9479qTcanAn4NP&VP?@lp+6_7eHa=r`t1xGKL)95&d>;ChVLTUA9(O?6Zgh zw%&Tnj$nn<8D$8X3I~DYN6!xvl=Cx`VjnLO%e}3Y8C{74c++SfAA3_^y6x5l!RDze zHV+EgiuC0I4C*M#CeADeY-08@H&;k}PCn?%nj<@>S~;v2>&P-}$q&~P!bD_X+ueID z3$%ghByn!F(GvqJBK$Ec=L3*aHTLe&z$%EdrqeT&Lk6y=6v;W53_a~C<|H8*u`96o zGs<&~*iSRksv#sD=h}-2r>iXsd_T*OCnYl-NnX-DtvC~0bJ2<e3BzUIGl2PrDiy(jsv;X$$iRw>IjW0uRE_EH8_6Tk4)+_lylr}A`mP| zOM7l&Y1!vA^OYbM90S_zv>0VThir%|DJ;}>0@#}&pSrsGFbK457uxT`cNRK^fmT{B zpuB?6nu3zDOYyyqj*dQ!z1o7h$Q`EacpY)2Za%MP6bV+x&%QlWl9pt8UvMKE$UxlI zD>H0QnlD#9)7BT@BbRA&x1_B>9Wj-jrbcynwn9m;D0!@$ z9?JRr@=#lmw8t<}Vh0_f{0 zW_UjTDUl=Vj}H!xC#MN#1ug5YOO;2v(KpLDklWF!R~vg&YLD5XPOC(^{-7?sPe=(d z&jt+-FhZl8Cb-6ti~JE5ST0mmZqwzhC66uRPP%Jx^enzqnDLQUxl4VhI(1)Zfp&Oy z(rjX}Y&x&9SDf!khgm%hKU;G@#o6(!Wp#VwTv|T;7n7kj65Lw7AXux7yA%I zVuX1=W34Sw@_dWEf*nusg~o@W2h z(DNKmx~R>EL1$OVe&f~%pJ?{-nzhM23cHW2lXGs5-e5OD3(dw1p62L)=!(b79-zyT z{|3wGE}IlyKtKRj;H%wN*|;d*%KyV|%i)qoBd_p%!u!jCn5zvI8QO|$2|d5Z{qA(i zNR)*OuBe7@hj88Ep(c`8*`M%iexn~~Mu?@=&ZohBKV^20xYx)GYrm@A&3(V;pe<=d zu%83QcvhG5WuwL8vOn{wLDW4GaM`L)Zi#`ro=$6DLUS4H+v6X^X#}NxO1%RwE^dwQ z#x@#Q31?qK?RE5Av72^L!3OO`kv?-L){! z(@*4*FDwj|w#!hCNE>MTR@E`lrliUql1XyHfEG<4_90PBv)V!KtSqTV%pP%0=jwhU zq7R7dXtIRS4*hbG=2zSKNm3u9e3%8`AFMVoZZN(75xAyxy z+N^m&$+AK%Midj4_DO47uB3CQs9;rJf_8JvlZ4-arr=-aADtU~9sgbqvi_$Bfi#`07K+4S! zH1{6lq(!!L zebC0%KR6hA2jC19C&6tXHkY<&PeaXcYd^JzlA=9e-&7xf3A-RIyHU+TpQ*l^lI%lG zv9>S3W+~ylm;4`0(1U_QIp<*l3mmRAL|6lhC9-<6VUE zvU(E(oE~Mvo=ARVU z%^s$&tm2&aY7A*$F&5R*DSg@_$vd;YjNgnUBqWAsXOs7T-)4Nzmw<=& z3(T`(mkkxZr<&IG?X!dh9WmzIdp9@N~@0sGsr0!UE$Yudh_%vZyijE4qxQMR{ixR4+;BcbvH4QI%H&Ju(}t<<>ddFevJzg`f@%b@y;tQZ zV!%$a8%R$o8wqiv8rsen|5GBHe<@5&qr9vOs-~dmXF|dUxA_r3IF-#W0KY zAbv+9#WO()%=2uQ(=9ocJoE2_*1>yc`&UZ$FR~)7BKYB4PEaY0<0X%~3UQGyPMF>w zk7PYe+a254Zb9FlAyE2{1*j>tMacJj%5_flXtpDvGZe>i44-$ABHYQk!=fX>g}bWO zWJ6kYZ}2ALRNhYSE(PZ1-lZDZeA&daqk^DJOzAt9ixdEM?cUT%DWQUW|3Hih7&LAUO*+Bp;U`DC!xh#`xkUy& zY6ji0Ki6>VhuhnIR=}_(9+{e%sRCqtIE+>$wK8&s#z$Agib8%~5QzOy_2Hx4r9A7UZdHSx z_!1xjr~{&8Ra#owbV~3}i$x_RdS>S4YAX2}KN%pkrka&DZE6rm;M!v&E31CV`ygkx z$WsZ8IwGD}S0rmL7x&)g$5TK)RLMgKN?Ny2ZQA4=;4AsHc^P=b0~!6jpV-et)>ci4eZ|7%rqeah3p^DYeRQK zS#H7p1b>+oLZmZ(%mXcnM^8~x@xtVgQdCBkKl>k(8?@^0IiJbdQ5ajG3D@a$x%-bU z8W)NHDSfX!_dT*5LUXvgkaUz1_rhVO>ywnJAhOf=xt-F!IsK0IRD?oYEvlaq-m3tQLIo1IuzYuGqsp!>zd=XP^Hwk`S5z^9HMRO=P7g0$rq5s3ozM89H%m4W;Iw0 zL3TEWjYhc0ZoIS${C?wd6Y{4314%uY^12|fDgb)7ivhSJfm$Idx^*Y&GSZGypQ`lA zq9!q0>g*-Wc@8t=<5=yPkn0D)(eikq4aUdzqU`XV(s{Z)%lLJ$3b@~a)6Iq zV=B<96gS#Y9Hy@O_#A!YzYr6o_N`2h&X!&AA~CwD!}=*j#<{3lHanBr#{6!*;S)aa1XLkT1rNFw?q`R#T?KXBTnG8R?4@73;YzoeB}2vxBRbVTga zleW|no}7SC3|t={8>S0UewPtq`-KqO0f;JYe%pHs?c;L418JWpF5{u(N1+-8zHEK2 zn@klA^hwP2vbsCcGGakWQBLbX7X-g-+zX$QIjLiv{pZxA!8@X0_6oO%s7{GM?y7S_ z70LzNqCiH;eEooR324TAn9avnuAKl($k!x)VQ||IwM%+~PRr}(0=keo{6v0kiM7|Rg zf*ayJT$BtUrsrOFNQ$5tT3t1mOIa$ z<^qnA#>%8s^xSwbBN30)Kmr+2lQ#UN#i*!x*PF-<`-2rf0Ys=E_4948veD2i=Z8~m zkASlv=trt=pySh|WWwKc7ypR@Rk!BmM0)Q5!#R5+tAS)Jc`lXwS<7aKTm>X}Bhx%@ z)YU@#+oJx$M;_AC^d~+FT=RpLoD9gd^ZpKX;=@;5(jBpTeAHz(nqHo!No0^Wv6#&U zoGhDjPH(`HN@_Q8Ez2w&5lIsPZbIJ_K>tf66O4FLbZi#lv^es`lb7K$;jj!Qac*tOBX?Yx-^7mqZImcPS&-*qGHAfR_gTLE-?Gh>(!5o2`FrOpP2W zs-OT;`>eW)I|K0EAA1yXZ0#Vo?4v!(JD5j(Z}( zX-R^twV&eh;fdR`3s@mD7k;kF+?(#V1a=`4z_y*aW38n-06iYrOTnfTy+5{B)QL!p|BHh-DPz0=+Lih z)8qW(X&FoN$HGNR{VB^BA_u}H)tVAKK*Dqvih0U%f!Ha>1M_7Aw_{IQXaPD6#T zn!390{9_|yWASg_zIAH2wdn$MLF=gVjn2ItAjhqYfVB}^TS@W zEr&{`7B$J&WGH?mKm46YzUb6(?r}}*!{FTu@a5l@7|NXiQJ3oX1~MY%O|eEhlE(y( zI86((+(Cw2m6%_V9CreMPeS^EX`MV5oeYYSGC;mUCa>KJq(p-n>5*v#)~d?8^M1DT zZ9j%c@O&Yt8oK4pqkSRl;oAgt}{M;CRfDqwmE7x_tK5dx%|Y zbxgzze(@r^!p=DtU}cb`_0oh0qltv!gs7EmGe{=MRHcqS)1N1^CIZ|WJ$#-@mQP6H zLvg-nKmE1BA5U*jOdJ$97q^Rwl*T(4YrmFnK9ofg?i#2;rb{>(JqQ(4!MU)U1^F0F&o<4qO+vusz% zY&F;6*^z4F3HPkWX-|B#ScfK0K0d#;tKV$f|9Eq)xLGDzwIF0pIRia+z)iP)2N60s zSvL+luV(v^$FIp4ZvA%5VyV1_+{8^FR~oAqblwh8OiJfcsKr#bWz3S2VU^3$n-#9j z3dRFa;&Pb4FZ<^I`zY$GQWd|FQ35y7rjm^7pQiPBLO5OV6sDN8!kUpvDRstsGb(v} zIYTmhB^!1B3bo!SV5jK?+AtJ|FB^{nu-2haMqm9}yX|2|cIKcD-F5n&zGr5fgvFxj zo~?!IfqF(lYP@;^#Xh2muUnKwlgfV}8HzRgmNtV55@eTfQIkMCBZ1dODEh*{rT;KS zWYDZzXUx^CW)+Cfoo4qz*p9boGi0<^xtnwP9l&d;`174)4;hpkw`B~Uwnzb3;sQXH z`kWEamb>SjF=)pi^_Uy78AGsw8Dx5ZsPnHoa}ZaKc*8Z`=>QUrtPo0@7zI4?<&j-t zb#dkJlQz3R7t5oAbppF8?OXdr>$Yk^&si?;2Jm+N6w&16HWHiletQngqqjXp_RK?m zr34UQ@Om#i7#%R8sB+eOXC!pYYhOG#2E7fy+-jDx^Fg6HKO1u1{pJYW`5zWFejU%~ z!-#qxEb}iM1H#I3JbHq<(ZkHE#9I|Y(`6TTscjv zOdSy!Jz=f=Vxf}a;#BYgsX9srR_RU}IijCN7 zdK2U(9pI}wyzfii(iF3V^4vdKEpy23TYp0hrO{-h&F8n!H1!XKoG$J&N@E6x4yUHZ zdVDffzgq~(SX@_3%1&8a4-Y^5Mnn*gv%j$L4r}|A`gN16+Ul4*omj_#L?xxict1oY z4;dKK8ay2xOr&*(st%W2fxWRf*8Tp#xvc*10(qfFxU-Fn0aSg!?n?yYWKr##qG>YE z0sa%mK>Ft^PaNWxl-jM^*VH4N16j_Q%+(1#Xcbn`^~!Wx0${6*m&Aqv3a$j9 z<7DYMFge&%^zmvgO3_@j8FSgwTuK-f3x2oK4z(wb<<>N`(cnaS)1-fwKb8O-qMjYF zT&7OqK;mimBb_L^!z1UEZrqX+F354E46Odj)4-f(ZLg30BqzwbQveCOPI&OOg__aAv?CNq0x z_qBfOxAroN*E4>%f~aWEA@IWw@eSo$XKB0|*E~$Hm7V#Q}&GVn~w65v*r=JzLW*4U^E zgWagvYmIrQWtg?|hkZJj!2Wu(sUrT;I+~o5Ba3l%IeVKwG4_@z#ItVH0OJ2BFlmJ% zwSRY1ShO3bFKMpOL;=G=jN0e>pbO5z*Gt$8t81zWl<>@@i*eK_PUY`$&epT#(8? zKsW!=qb$&$Tx*SOd=b`l>3o<6a+5ASP!zpTsNcrQMoEbkoK6js?>u)O-99yXg`(}X z#A9NlV&@Pdyysu$uFFFvMX{1$qGygZja64tC`Z+NYc+Fn#O;d+~i zdzZ0;)7o2$igXX=kQoAblhR)0>fW+&^!vzQvZPw&h7#$(K#T$6EKE5Zhq$f$r zHc`x_rC4VC{}m!>k>#8XN`)ClZfjWke6}I#sri4uHUkEZfhqhw9SzWpHlsmm{>I0= z7&3>tws=9Vaut2~+2_l?16HMU<%wDTMH|w9mXoq}tmObA9-_$ol2ncg~gc&S${v2*==)+Gby0~-FE;`{JHzMk?x7gGySA{N?M~Sz7xNh3#UPnrT9ue2$7>>pZ#>AP*P-myU&!j~ZoRN=H*#7!IyO zViWffi?%X>4+jP()$>M9B!61{y$Fqw1XM2)Sm3eJB)cDc3}pkL868k(A*R1hv;EJd zEDKTsI%rs1O%;07=RU06qtheu0_=Nk|0>39L(-VZ0-wf@o4ON?X z-u;7O?|zQ^jFbyINcB@vfKY$ESDh3XYK5ptXlhK6DDJg~QfunD&&Ax_6wBJnFi`eY zVh`^Lnb|BF^_X0OQX?!lKRHcuJ9(pp1~-(L!u9B*pR9`dqpr4l;DftByL&^2#2o)} z^%n9jA5zGB+UDXc^ZM9=PhK*0;&T6TSPcfwrvr^B0eNrU7Z-hIA!02&O1I97J$3h9 zN`wa!J*GsGmjh;&ikp*A0Eox7&}YeM?FSlP(tE6$&%`c_N<)fD5Bopnss&3tEAE|F zJ|Ti0FA(4NCYKb=MI2qNIek&n%m9^vVM{8U?=Pw+9HMkWUM-E$+hd`!UV0GDoVw?d zVV35vvm1IvIbLrX4DoM{95&i)r6vC}?X?vhvsGKdu2@oW;|4Ya9thI@rrG-iFh<>o z9k1?p+L%Teh2+mEU$gTssJO(jLS%33B`OPY&@4T&f$518&9r{N&DFE-gMW3xj0-^) zd!ZeU_7$-7iLe60KQ06>;;&d^qh7FDGg+!h8CMG@rx3*(ttN;n2UgZgpED!Jjk(y+KN9@K$t<821Z8G_(9GL3KJV2ADf3>+S`k-(E3f$b{%i(-2K7! zE+B3>Qf-q`A9t?qy(zV0tNz9r2Rl2}F)X%Q=lHIG)4Tp)#=w=o_733iUr6}>UzhXW znF|iEdGD=sx_Rqo?DNKfZ~sH^0K(!y30~29B&;k4!ly<7001kls^SDJ0R0ma_T})z zpYD^N3m9cMjwT~{O3oYC>_Ly7NgrSdUz(0q&shNCd=5ME3j;OgDG7;OLE0CW4r_r#F>;>*X`1eTcgBhi$&3FYtdO!+vVeXqw!{S122DOvs@tT z$}1fVAih3akJ7sUATBHhcg~Q!DqMU(;Ri|bHRIA$8F4&ZGxoxSg>-YG0z56}D zSN~GsQ+0Z!i(;s^Vo0(dFMtiGDZci1hvAYS;mrv#`@UynOa1h|*6*p|-$Kw|^)jOT z?m~|?%UvhSln)2*ckG(SR>)i{uUXf!PCO!50PcXY3CGn<(uk@Zm*_3BAS_&1UZZt$GdI zU4vSybtde|-3&bn@*tN7gs|@v$9*Z~1}yq~J>YX33uRRTeCF+OygZ2yjiQILaa8Q; zfjVM(N3pyWV!|!mDB3s3uf?CXNlC6>WNtUxU#!k(KKw=OsE_g7>QFcTLGxv`dS5gE zD9p#J$S*+MaxNAyc7O;`2s5Z3>ZadMn79*A2wWVm=U3}`U#R$*!^Sv+jd+VuhnscN zoFlX(a(33xo6A={++Fu;^gc&AoFA+Rt>L>G`^jgw@NTeO{)P zho|2AZI^qTJlrMv{^6>G`BV{0dqr1T-Vtxpj7*sf-C*E>inqgyc z?84WB`m+1iO%xox7pzt%QLCkrM!f zpReTYT|EkSqw?P=jvafnO)kEKG!hbAwDbH?pe2y7BfPUA!0-GPU_`33O-(GfhxFZ& z4IvmDC@*!2#sY%Lb5(;oqm>FkQ~WdNKvkmzi2a{t&Ka7{oCCa_%Nm3=O=lP=NM6kk z8l4)kfpU_--<{fEfkW2vKgcI=Y!dX}Tqb15HL8&0SQ2){{B%0EWNO~}TL2Btjr`Kl zdfYO7@Oh&N_nHl;#YHydyFc-Mt4tPTvQm5F^`3kz>m9#V-4D1Iu-;{{0DIV}Nm$eK z_$yhxC^{{&&ZO}E3u=yxd&8F|34*F}-B(mW3=#4t#?6W2z zsx-EqE*S^OE_Odh7JV1j`k2iJhaS32rD``7@M<@mqZPRb7g!9vm)UDXS<;TM#WP@EI(-{kTM!tW-O=%Ei!eE94-~JrEMr$tQ$yoRmTIC2{#9tZ zcj)aP&#bPEpHfB^sH`jn#n3@3JTh^2LEYcN_UXB-rTQ|XfpcPgjaPwf3EyKK>ZS7J zBNs0I0(|((T$r#jNAs<5?lX)M9Ckj&B??f1@gCCs$ugFaT*pxdAlmlfuAfA-Bze7a zs`Orm=vMOrE$PjN$;sp69p^!z!7O%^_XQI$ria^H#x$=6S@VEyWu>2c7%Zn7(DUv1 z(`cW2qQT-HKwuue0o(y|f8~_B5RQq7gd{P70&yFbRR|XzyPXFoxJ6t^lGZj#Scfs~ zbg&AWG0xt!(PlazVqCivkCb&uS%ohkfTkGJfy>;vu9GVGD=EEgnpAsY zBht`#hy+*cnUAClRoqIO>w^Q(MyVjRE|d7mSzjlUavSvy5ENYiKb)Vie?GJl#08V_ zk(Gi^4D)~JfKBfe@LSNF^c`9JTGT3CQhEYo!8L7Q>Dk8Q*D2IadV@Gt{2#@dqZfX= zA1b%jACzvO6k4MXq6LTt4N%K+ek_&FiTZk+3F|`W;qtkP*}>esB#gC#%*stcyQo+g zb0gQuD~^9ME*YP`@AyRXec=fZb9_v~8Q%A!a6l>g%NOHp5>^8N|E(C5N^U`cyRw~K z{^H`Iww_+@;lUpEm_dn(()L&2;^OKr&DC0F?B(}FYnbt)BRrF8@SQ4{!NK{qFAOW= zWm+-^3+R`}5iOs}#h2%O+I}7SIQ6;8-|zjFa!VHY?=)qo#JiolK(f+cn;!}1wFfTt zYXFtqcbQfE96{{UeM5}@#0Jgic&Ns6!|w7zYl4Gq>?B8QZ0zD_N%j>M>6g)G1Nmh{wX#(DKGAUh-dUJd z2&PM=HS+1}In&*QR>waPeRcX>Bx4B_@S8l448Wh;NOaPtMB*y2BCmG%t3okfZ*#$PGIwlkiU5%xsjEPYCsj1vixn<^KZG% z0?sGB6Mu6@Rkpo?ADlz5WeLUH|RpKil2= z?1)g@S3!=noxLsu6m#fsnl7@ z@sjDQaZ`S3a=cw#a=Oy^&r*dy*}r=6eD-SI7?vBMvlJXC_`Tkj{F?n+`@|~9-iJ#d zd>i0{n%1Ru)-h9E7gYC{nmnn1vPQrupkoED&1v`}q4mw=LSJCr#(Feqvs>pd1tW(T z?6j8&fz4zii@(8N#_E97dh_|?iC% zdb4OR>GEhAc>8MK^Sxe?L*EyEwBvdIh-*y$K6sUlMvu?HABgpt$WGHyO1F`2Y)XP;7SNm-x&Y7>> ztL6oLau^sdn<@3^BMNy&N)-sZL=>FuHZ;Z4(u{@ZXFK-!GE{GqeF2{ox02N!I|kj2fC;!RFse$fxq1i{Fqid&8wl>t})M8WNwe;Iq1Deqjy z8sWa?TzwBO6U}7;!n5y1?l`W^m31Twg4zSq<1}+PT`rc|3tFGfKJ$wr^TQI{!p52r z{`K~UY&ClYSk=z+^#>5&>Vtl#CLLnX4{-Si-)r2CV1!+rQCFv1)=LDX7P|Y1tA&o* z3kedYR|R`DG4)q{sQgX}5nmq1*fmn3f+$bqtaw&pe`J$iy0m>?fA;05N>Ps}JyVV4EVb;FKGScoXYn)0`&XBA zdL{772?o|HL45@*Cqp`gd$dp!fv&7_B0@x!-Q)am(mq)_go@61yZHR3n-yE6uS%mu zRcI6Sa-GBP2`v#HDSFTCFb#=_Sj{d9jz?*D3bHQ-0~MkJ`m!G3`##Zi&95|Ch`t2= zJjiXr@*Fqy^zU;SCOmZYa&a5ME1w*)#+UogYlEY^bM}2^Jfon^kvD0_f-Q%s0G>(Q?{Jk3VjQ*>&Q|>vzulRj8F}9A`A&L; zRqoupb@e2?UF6zQeER;k(;Zi2X)6>v?L~36I}nwhW(!>hG|sm`l}3ur3B84arm-v3KJ?6fpOH-c%W5}jA%n66) zJhm*}&kW(>j7jG-l<^&H5`xQe@obEV&{&mM^jGxY_~jHO+${I(EJJs~&f+j;%H&P!0P~%I^Mx)t7swaamje7iuVXO_JX# zg~j90zUAQuUF3@rGZy;M5=mb!_jZX(OhoFrBMhw{fqhSUXw%Acf%C`r+DOgcj>dbS zSQx@r-8a>$i+IlNpY#Uf?12x~2SR><&IDYhJW7?ek|))VS;Q}5!GchIOL1WVG%=!+ zfvw%NJPKhbo1-8VK=z`H7Nb5Mq&bEG;@l_Q)ug7c2Hy5r%HM9?#V2G( z07Z}3RcSMSQ@k(MvxAC^wd)YNGcA5bsC%D5Fte_1f(O_p1&%;ynVVkfm1SBHQ{?O7Tmxq}H70dJ>-?R7)%Uj-pMe3r4LwUUYK!vtQRvdDM>Y z*Vx!xU{~P9UsFwPoFqc%kJs;P0uBpfVkw@G-3`Ir?QRCt5G@eC)7zd-ob&d#$KJ|e zQK06E9TdT3nOiFmb2%9+H38uPL@iLBiDkcC{!dsno_8`Wq?%G_(S#2=mLI}5>idbM zuOIiCKc^;2H5J&}udk3@?Mg-DfPLgj$p-&2w+k0f+ZU{U3ij-M)^)nq!v<3qX=8aW zWKt1WSB1|pVbkP;Hs{mB#>D=t#!soUuq}c*w&o9V9*Zl*+mm2$R@DQ7vn`t4+mL_E z)%)Pyt+{6Hk>%C3zt(d!08HzUL>-juVe*0PDHsI zIFkO$tgnVsZ^@RD$;c$CkCo;dUd-EU<}L+D+10H4EE!IwQuM~ zb4MD)g^`u%Iv^jNCaNK^CN9CGp&o6wTyT!Og!@9-3#G^4H?rhUUi?+Ho}TAHkd)H@ zTM4pSfbdgVwfvII?8FO{M7Ax6ug)s_)!Ym|d*h$Hv%MBqm?d*KwX){dJNbaE!@^fI z|GbXm@$sV+Z~h9&vbTZryG)P%%E_!6fME9ZQ_5daxtHv2F9DYi;mmKkYjw}HsO%{^zB!ikLX zH#byb@$KGqU9PICA)$=9eLYYKVTTDH{U^Kpcr0X&sAOT0<+Z(>3q;b!W_Dw0z1<~% zia?3~m4LIZ9V-FAPy3J4arh3@PJ!?uuG-;&W(7y-;7FuJrJm5!m#g^q@UGB3qrIxr z@}rrnY~xE;*=0jUTRUZ`>;?LP#G|a|3nrICU2vy$!z1jr9{kP_;Gwlfi5N#xc=HbI z{;1c45W3i8#;v*03qA2YL%S<3k+#utDAyfk=*D-sOdOk(Xl)be+mkF(T;d(~YQ-}F zH{z=^txG=zi$M=por$m?F`eU>@u_qirmJCc_PWPVACd%ZPdbwiqj&#$4FD>lVSL!GGuLUgLVu*;2wgccr5+)5mG|Q~s zYDp<+(r23u9T0vy(Ys1F8j4*>!kE9%1$$&dBu6lbFC3xY*9(zLHLIIlh>GqXA9bD| z!ssswD{u{sab(!G1oTJ`SIv_3!(*Ux&2?G2t)Vv@s#}QWRbmt7SCy|C-7NC0@wz>n zUlw%Q%fJ38O(+>$2||M=U$mSToOvmn)5Ei6?-b2lm{(q|#=+vAhoc5U6lhyh=^V&Q z^zeKf4KTcu3D9CozZXNvMDkb&`MuK(o~VWK=k9O3SH&cD*KL!Y8|uE;D&+0dOQt*ze}VXJ*3`~E8>r~RLmLakFmA18ez#{y#NR~!O~>-s(= zzsjT;sdXh*6PmyHWC-pY1qLx`ql3MwElqbyFjlRh%?!49DN|ZPZ)o!u<&|}&*ToiY zbx?-s;R=iL+n9HJXw0&3s#i_Z`5v}X$>+;eAy7txo8qgwJXf$H+F;4R#B`2*gQj6c zsqEihJ%f9_ixi5kvK%o7Om6g|ALY&R5)&AXy58CP7#!^=N)bJXf-U^FFw}cqGf=G= zue76JR9b?i2hPxXk(o_t%13JFrw`4TUb^F9cu%n`=kB9W=%VR%ECHLY!6df(NF(RU zQP!h6aT8{AzG#c5oEV`JyC;vud@LKc>GM=@T(WX~a#474nPp2s%zcAgUJWO2leXw) zfgS}v&UP5~B=QfJ#m@F2bDe5erMh=se|m#$9ivrMiswhfp)re#{mSQ{zogu=?Z^0e z@+2Ano;=KY0V36BwZnx==eV&L>F{}Vv_x_+axznNDe2Kw+Ylv$N^Q?DV$LgYFq1*X zPBBHf-YUN_Eis-OY}snfb8{okgbB+x;a0R7lz4@j2suY|(r`>H*`D)GkT~X~0NOHR z?XI8dOjC$MPnv{C4)7;j(B=PNc)Z@-wYf`Y_lKuG^_2(7op&AVfMn&EV3<&!0 zj7Ut+ka+d?NEv;tk_sE!?ZIEyzUw8Gcz!0kEMT76!GXJe{cFr_@p7rr&vk=HDU+ot zx6EQ%vbsS&J@JWQrh6D<-t*=T^PZ}Zq3MAB#+=rC#~ztd^mrjqAVnMe9t* zTF+2~eul=JSvM*Me?wU?>^dH$S}9Pr45>zY@bFOF59@Ic^C4o}y4(AQ1Ke;aK%;NY zihQHzwS(c~sSYQCD>#!aEN%cd=LGsyu&Yjsi4l#f{G^^P&-yf88%z&o4Xuu&-M&$OJU{% zYwqC&g)fFOX3gr9&KmpVryEppJp_9-DTld@XGj_m-Lr@_In#;yl55+_nk(7zBK>tDg0y_A5$>uuA;fq_>rV*;vA8gwCUsb zp4_U|kG?olVM*^ydx}iKKo^30Ik2rNB(*rl=%IqXVOr)4xpnV&w_6>X2@rS0HU!oc zHU8ELa|4k?CzDQbaDUg&4XYjN=W;NF+C|EYc_NlYcSG7!4QRw2zo~gS*X1`5kVUDF zg2lD-ObSAa54KwLsp5k_t#Xn53B30?g_Ce9k0ELHT__<(CC}2j*0E#gJLm~h=JB4S$>`L z#0(`}noMuWflrDUD}y|<@9!iU>=&sn1en0;X>W{9=W16^e(u?#%6mk#3R~Ij;l`>` zrd#2eH^y(HE(PDPtp}Edh8c5LKXSab%4uKNvNu$eVr7#Qvy@$ zxf562*W+!%Lwx7ELzuabE;oMer&iA8!}&x>ud3J?^2=AvrH9`?;=Q@u(3}Ft@ME5b z3SCPg#5_qw!J5^%G*@f7aPNASqWll*k>QD%N@3)S6tG%aTTiO*4~Z7_t=)Cx{7B9( zUgO?3f77eZOD3+=CgTP>HItOS+abb+kbRhU@FyTPW0#(9Rjc2~~l zdnCoLQod5bc)6|juf>(mu&Zufp4Ucs6eX2FcXyWfppqJ*iPcY2?^}MbM+utLuJ(0j z71Z3@dN1d?Lc25`oC76;bXR8OOxw{e)r~AXP#sGDP{vw`)DEKkZZmf(g7!*g&u)WT z@X5JZbq#i)tyKC7IQ$uTq6q{7KusVuFWW}0%L3M{KVhGs*%N#$m^H( zy`yKlm6&V%Y50ZJ@^nBQ-%nM_e=G~kzZjugA**?7Ex+mO^xiUT;qc3%!r04QaW^lr zPKR9|+;`EI*ZVE=bld64Cndq(rtexui zWY6FWVS57*5MYNT&%x6=$UnJsP%(Pa{K@SB8k3Q|aoshjs%tpiPXvZ@t@`Ty!Tsul z>YuP%9`!5p- z>j(XPk5J~d5S;0G6v=qbH}DFZKnQ}p`}GQwt_3ca{fu`?X>9rwm5^TSoaV1+o)?d>1zXsrdIw8H zXxZz37MdABdbEDz7!mIfi|p1vm+zg%DDh3k0u-C2FyVj^x0{Hg$yBb^?ewJ*Lu$S8 zR4;XL2#nd1+ljqE?WD@T7`P|Mpj-mXt(q?`Wv`LXk+)E;-|*v}dXT#;iXm@&E90lE zzN`OTF8@x;T3q^X-fsVG*MpJE5AB~PyWiR4dwC|i2T^bo^4RjmtR%IheG28bqjFee zyAbj*5~e{yBE+mD_edMHzu3a5vKF4Yx_+^s&VYbiW0ArAZp{-)IyJJ3iZbLGnzKIi2>LJ$?5U3WZXZg2wl{Nx<_PlZF{)& zE)nn6T{{>X=Eip_gU98%_vpcQG9YD_FYnH$SS!s&JOQau1cO1dHOz42a4KAVQwbEQ z)|TV0Zy+y-xy-vi^@iS-Ls>7JxuT)ziqvYC?Yv`k2nBrgvpxNdOK^sjjo)|8%~ktn zY=`GVb2{&!^z=o+lob~3$>5l8dE*#SLo=}L7if{NX0i5+oh;P_Zir)O7D%u8`Q@v) z1cf)oEh%ebdG{mZrLR*0}^cn0>*RgX}F#g9Mk^|B={v>^395&93Xd-p!G$RY0RuHCLa2wJ}RAnt{%+t$`@ z`tCdqh{23`r%Pn}G7~p!)+1H9kCaWBj;K!XynGmC_hojb48^tox+VEAFG=Mty$bnU z%~cPA3uCkT;^=_?xSVb7+!%7tu5dPr9pV8qx4xkRdr{?5wwNU9I{KrTKVC#eR7zdl zpriw{!g?%wl923&F2KG@AMLvg4N44@lY+u#yx^@xQbQ{vGlMG+vl+c>v_fI672@m8o1Z!^Su-c6X1(gxQg3c~X4rz8eNH($!{^EwvmHXkETfCf$li-) z$b@E5Pi+;!39Z!0Z3MKh&E8c#wV0f0GK=0k=szht&DHIS; zcP;DrB!iEveb0^jP~BF9<2J>6G4^GOU}D7Q#+_X!fj7)YF`%NJ0ls0UZVxr`q#+;w z6z44;DerHXS)=E%ekF5I=%Fd`%|Imxbbe!EyNKXo(6faj=BXX6g$a-FT1OsBJh_3$ zBdRC5k$0r@4*JI%bxT{IU`xqX??GPquZJGvN5~(ciZx=5!Ne|n}r=?P!<9YW| zZ{Vu~R@p^JSoZ_HoOKN!Nhe56r>c>mHYQ5Kq9h0VAuMPxZ6nYeXCP|OVMqt}Zv~zJ&YC0bwc%%`Tpt-`z8>#!wDj*H4}EhE>LMQ~=fkeC#(T%6eg4 zat2a$pp@qr#vkTiER_~7gxXFUIWho1E)sy>tBdBLEJpbaWuNvg9h5^%g@6^swqt(R|v#>GE=SveV zH}tv$<#i+X3%U9ol6@fA3C>>=g9t^LqH+`nl`t#Y&EFZ$JTIqop8#l_>}C}Tss$gJI`jX&}O8f7-o@7H=`jxQj%>@aHwvAI|G0`n@@B}Q<^r8 z0{U*8STP&9Sm|r<_ljdIKNZ4Pnz#UKChWh=d9lrSNVI-ORRZJVzdMk8Z1t4wCsoKi zRf3Ltz2>VZ5Q(_tQN6uT0B{5tOY_ctZ8+sDSm{M3oLnOVxC2+vN3;sZ&>_GcL%cFO zHtU-taW=w-KO8^Bj5>3grz|ASbwHiU3lRO7Zv8c&_jkaEGHErhCkJJMSqjEo_?}Ny zcH%IvO?h36Tt0-k83~g6>zDX%cwc7Or>W)uF!PTmF9I_DEE2jjs7!}NAyJ|EahHX&%m6-?r`iO+gbzO# z@HkcO6a$tU;HZ$LPxjB+B@<+ip|?alg4yS~2UQ!qHZLoKiSJaJt|S3%m2NXo$Th~A zapPiu$tjrAmv9IK*k02slZFHOA{^mbxcm7Evv>wqHlsi$3NrKo4w}7R02j|mqTg~u zk02q2S;e#9Q86?KVpy(Map_}%T9P)CXbR5~*;xBLw#;*5g~84;q_4ukEsC_GgWl6E zH*6H|Hpv{a*ftOxnJT^?Pj;+TOIA$K;jhou%-9oX?TqdWJ0s-r^bPsxeV6I;vE7Fn z4iPS*mU*s=hPmu;d!xBHaF64}!ZjDW*GmpPTQPR=C=vbSg38wR_|(X5IQd^4>Q$*z z2WA~aT;LEte5b-RxpAJ!(olUq*Hrys15YdCq*m+0PC%bJ50hA=qe+lT16eKyHWk#T8dDzoxRrb2}(16wZ_M_)(*K7b9<-9q3zp z9@+sO6}LbR(~ByS$sQv`4yE?>dZ?1V^$~on!2b;=2()}TP%g->Fltf1tq7HdgtI4D zXAiW!*N0ioo>yI;&?S!PENz>6FTXJ}Li^<>E#Qu(;>2Dj zz7+2$47e)DwBoY@0@ThFEnQ&ZweA3xSzX}H0;&W(4CxP=NxAqm%bBDe1ktP~hz=!21i-6*XJg_=w|e<>%_p&-x1 z8ys27>R1s1uuA}CKPmmevO~_)KodOI!BHRNYt@nuhxb3qj)~IA0`@7=x}pPK2oFOH zrk5*#hKAe-_sD_=p4#<~RU|A_42x^s8FIaojVSe5fsIMHk)DOXy(yh3w^ZN>uekDB@jx|JD`^aZ^5f_7%%}~Qw_>?iH!m>C63!jsH z49z74l?Q`vQ2Y*BaOzmJ^pe*fA2!oZ$PF5-bQ&VF!->c}sWoe^SC1Pjc^S!-sC>nh zlAbdbVUH3L09o*txm1g`Gvba3)+dU(}8Y;mb1{c{IW-AeSwe!WOZubJxf{S z?t;A3QADEu(iN#+CZTmYKU4^QislE-I2|=`$U?U2Rge6v$2_^gHrYjnmJpj!s>!>-TQT{Sp>u%YZfBoaEXe< zTv?rK`JwZzLCf2G#rof@-kcfzr8EW?1dZ1C?Z#bOs=MoKFc7z_k|+j*>GYV6AW!tX zOmCxaw&RhHR6zHB7u4ald7J6Vzw3s3*|Rnr3CXAU^tCqgmsk0M+O3yWZ1$+3m~w*_okk%zJg zR)~h*&~4zo-w- z;8%ENYo!0B``81cP;0}ogwK?}f|D{RA`yc*ufrD_dB)bQ6vDOx9;6Gqw)s_wX_bnb zFcsuI-g|2tO5uHWMvCn_r3NHk9nfw+!IJ!nLTy`C#_A!02UG38Vj;DY7D7iMeqT;cs- zx}v);;J>!J|BGXHdZ0<%q@`&0zYyP%41$l%8<4*x*$ucTLnLU1wBlAnwP>tpK;>>3 zA|aHpW@3~Q!uc`uFm}i9&Mqll-_HOI5E*yux4h@2@iFQPbsu&YR=X=Ip;ymB6RjIE z{t+eDCy6a~R!G8zK+SKz1<{+2#?g%*SuFG@*|$+2t2YBl=5emsFNt2M;wHE9v9;pk z-QieY!>$dLAC>7JuJj!$JPKL3=ve<=NDZMf=?SR?q7XLM|A=7l-FrJVmAK)TKPDn4 zs(4EU-o8Y^62|3dq;Gmc0#nOu5EpG_`3diAvvM464J%;tdIMSCvzN);x)Wup=-aEG#VUoS`7$zB2eWw+{%F@h5#gYkgCP#Zg^OJ~w5xR)@ROV^-S^=8Cbirb{ zj?PB@C(MpGZ-HRy4H$11vD0?`qug04r8IeO&T4q0|MJD z*dOyV)DnYW1i8t>&~?QEYoELevwU{iN)7kKDq6)Z$>w0Y24~OpCxmGzCjjcz!z~sc-o#=Om-UkOA(YX~K<5GaXy~EjXZB zx<-qOV4`GaGYR&Lnb}~~K$NNq`-5r?$jbujwaT)%r3BZ1iC8|M{`mOQ`4MQAyXKxRxMiV~*>GG!I=ozp5_lvxR8yf5fhHiB>+TfoW`ZYt(5G1^6;J`E-f|s|vbC zi&zzXy9I~|`*EJZ?B`o%y`IaAR_dF6Xbpigj>av!FU zZ|K207o`?Es{umLw`W{yTxTKHeQEMun|+Eae|CT-AyHKhD(twd&rrt8HTcWv5J^HA zq3@=g5>$5!gPM`yxwv}G0eWLpt8{U~iA&Epb7h_IC{iqlGW&c>u5YEZFvLR=U8QUxrMzG+c}Mgs3p%QfB0QDL zZnVLZ_rkx&-ZWdS(Hf633pBcL4Fk}D3IICEe=uPh1sE9J#C;tkN(V75eSckf%!e^zsMY^@i)u|FSN?3!XCkr}N|g zc5JWA3(gz2jt2tBm1b!#i<7=+yyvZKgenxBSs98Ys_gh`btf_Tk zui*vq!B3vN)gP8{Q6-ff7$z^bvl>bFb`4*jCNtpKN?5H~Fvy>j23NT$Whh4z`h?Y0 zUf!k?IHUJ|J*iT`ds!G|-e=@$`BkmjbxjWEYX5`T{s=uOR)7^29acJJSOIU$cnysD zm#n4xni70auMMewRd@E0T~4qIt!nthNaALcL}n1}e2BNb&U{x|`%tBA2FGxV^sdVQ z-$2vAFybG9O_XbuPc+WvZ4Z0m-w{v3r1&44oF@t6PAH4sTVuGiP0nYc{%F;(fwC7V zL*W=y#h0u|EG^wt&Kt(vKM9e3+JEZ%ZB*8X50 zzsMw0Xf&ZJQ96?)>5kjP-zGfzF3h{_-iaAJC~o!Z8Rb~6ELx4fUSyvSz4W&}e}uCe z4;hutjK7J&Eeo%Rsn#zWtLopVM%0a{Tyu$?sI&}QiF2rRjTIf%$~`QeF`)5?jN%=Z z8#vpw)aY>FQQi1OKgGp;zxln)^{%bUD22K%?u#zWo(=ZLeFDP0&On@B=CF6RvAu#Hq09iS9(Ka4)5V(z`oB?R zAxFwCVW%7q;FD2rN&!+Z8*^QkZB>b^B_Z&V71ic=B1(y91#)!ERu=Xf3zd!b>x1~T zW5$;Hm3?vN<`$Q4R-AW!F7D1q%dXl;beP~*2GH6UeD5RBhz-i^cJHd|Hm?RpgmAvr7u9o$fA zQNu8P*=MPHoz&7+eQ-uDm*d`RQ!>&XVxaA|Rdqp`2AvDDJ?!wH+iz91ciiBpv_gEJ zId-j--6m2>ff_?se!rvY1Fqm+YpDBV8dSMv<+aW_D*pcvz$?ACELaUN(Mnq;54S}n zhPD8Lfq8N8C1}=`2qQ%o-$MzVN@{u?vBtAs+Z^vbAcT_B(Cdu$wg(ps{?@(zPl!wK z0>nOy-suY9y!Jsa**)A%g%X<1t!w#HEDlP>P2dYMAy)`|4+=r{F)I^Ce%*V(vgao+ z<~F`JJh=Ai=lXvagXOCF1F@0<;b2cZQPf~k)`Av8nVrP>BvD>UH%?lKoKI8zvk;jT zW2lHn(K8yla3#^%(Ovdu7?qM+3V+PCKgzRIz$qW<4MM6FUOUB%kCtpHI40!D#>~vB zW!fe?hVt{eT?5#uFE7+9ROHb+EIIag?s=(tKP;6d1lpFiO2{G}Vk$YN{qC=a{WFxX zHyh|a87B_-44x)g*<)g=zI{+mz15d`H`QldE5)C%~_c~Dk-T_^K!>Ds^ZJqc^s1q9V+ z3HNG->EJTgh4uGyFujpgl}^3_gtXRpL+u+V-DzhnjRd@NZtDWymiABHB2|}%?iBRj z8UK#X$B1CZcB57x3ZnNhfAbo!3Y`=qB`D}p*70&9>wWt#BJ{xEb`Fr~%3sHy6v~Yc zO6?b8O@@F)?Aql&polCjExig`y6}zHzyk2}#$Tx9&6K9V8?LJ-7tjB_XwZHME}5lP z0K8HTfZtCm5LnG3{-RL871@rzYBzAgYJMz9Fp!Af{Xa)%T`ECKm)HU?gJc1)c5v_| zpkk)J?jTzKJGgwVhw;z>@u*`Mxc!w}skP{t(avI~kW zT|u^Gx>d;x2K^YW@QOMiiVoxr{WnC>D(=eruH!9_OaWHJ-6EIGcgeORyE*t9Mgn2i zz4)d{bJqwOzoo7oFn))uI-_&f&?=R5{}j?}jnClFbgi3gd16eTnG3 zv=H{!Jx`V@q;HeuS(s{E0e*!FJaJ!jVXxS5Rf0|Oyi*hryBy#ZR7&_z|M3E_p`M=G z7@xDJ%nH2P5sz*>InP!qM`ydY1tBB2dBCnWZrkX8rBsBhdwkT0>#y*|WmRL{%v3sm&(rpq?&~mHDbSR0FBbN~9%w=h=q%s`yJSaQ!F#Uu2z<+7C(5j-N(s%B{A&bBwAC;!0xi zcCvHSzP^D`(waym!Q1+u|H0ARxG|F3Vv>L7&vZpH7Gh0LmEQd6)`Rm9S2+h`6JjDw zZRXP)P@vYEZi8iM)5oxQ(BVy9<9yZstF(~-AiZP_eHW>SiEk(vyvP4Yw?;g_gJRQgTe!a){&42eC z_uR)^zw5fr^E%J-cmD45lrX2j1DUmk0V}0S$Hy8fG7KfH3Td_1heU~ei)xtNp*C$+ z@umR%(1UVtytw{g@mbOweE|riQ!B}bFTg@m0>L&<9>}~~NJ&)cuO9J}LY*2WppSj= zZtl#7t{SfJ>9ATa3cY4DaCJQRK|quz%)pk-_0Vf?7!^g!yRPB1X#P`nNsfR&3)!PB zZ?|r*`r&{KS$z~&r(!?MII5w6)II0{nWUY3v?D&p?gfyk8aF9Y9`;$IBlnLXet+H5 z+X2bxbe`JapDB!sv0``LyEApm9kRxD^gqUrv9nro%3k;RSFeK3 zzVDU$xU__XI?xlVK6zA*e3sK$PJT~U<-m{gFPq1y98ix;XaLF)l`k*(Tixu$9vU*$ zfIBRO781;tbr#uMP;a+5f#C`ktoTN#rDKBxvu5~bwM4EP>qn|6&lYH;7msnB$ zP6~8|;~G!918fm2y!$d$b_o)^@M1yHMB%2(%_7EtT0 z8^wBB&9WtA*G{pyOHN7nhL+$fiYhnWb*(wOvr*Qj}UNNBUcMHrmF?4&prIp6QLZk%;k>`^hBAZOZr_+@t;V74ck3DJ} zUj-|~t9$7V+zl=J2LdGr+8Ss@A{1pc4XCzQ&l=AVh374+xMYHVkNTOjH^P|=y=DkU zsLhj-So^h_-lmE{j9F8Pf>l)U&{Ktsb}rw=ryWW@Q=UuH+5?_(XjC*-+_dZBrM*h} zdm9xFweBj5>Z6 zC4iqd+s)IIofd>$nW=*ELwx>aW)073*@TpD6*8IZKBxZ)JL((D57Y!cVH!_pT&u;GQ6%mY@FXu5ilSfKy{~FAP z=Dhso@UYI{K5pQ*=xaE?*LWRdnIlU{pw(nr*0->W{!*ht{lR~7yaanilSn4bc=gs+ zYDWFCbBO-~sJMSxpvY5CS5pG)Paao6xL0%HP8)a}Z1=b6_6#qBdwrF(`My;zlej`o zm=xpk$m^?n*6&_aWh4NgT(h(87CImAM3aYIPk1G!F67F)@LI0u`MVcBd5QWKxHdKm zcbRdM#_JD#vpm`b_mq;IA2#rT$HZ4djBlKe|IxFZfmR)D^#u=3Syj2h{R*50+&>Ov zw(v{}pq1^r1C(CRMsnCc%Q*#KyP3%)gm=o6E1Kaf>rcW=@MopfSQ~abrp0R*nNYZK zUJK4^$0z3Q&ie-u`6{1@qO5EH7>GoGaCIl@vuxpGb#BK{E?t%#CLHAUQpvn;(GijE zS4G}dyEU-7nItSG|1T^rxuuZGb(An|ykDl6Rgyr@c*22&SIfe9P3aVT&vi9XcJvp_p-lx~6 zQs%MJ2>qmw9MY>z!fmNCFxPMJ2ko;nM&faLtaZ)oO%jUY_mc7UK8}!So8s^N;nUsQ2ZnZ;xCt34*Xn~C&kQ3`GD7XtCapBaNHO@T9dDj6h+wHYtKSdfg z%|0{O3ad*5Cs%64lCoLB;3Xq9zT(R917vyPeF4>`ssa6{d>4`3O;M|#?u4h^c;uvj zKPp{g>gZqM_U$$FA^8OQ0=fOPSK<=6TRE5uy;`pbkrnGn&oQsRd7;uh5|x(7Upvkw zJ13M}xFpt7EfWCAUpcbAe#kyBjv@Y_*Zw{!tbXnuV!F7no0pbEysf`4>D0rt*sSD0 zp@7-*s?;5{Rtj1*!=mntn@vw#QEv!)mpF%ZwygK4K5!BiO#4sj3U`dhCekB~WmtA$ zq9&f$#ESrjKK0ajUF&Cg_D3piMe?a^xHJ;S%=FE4euybN8S|6!_2>B-W3dZ!QWgfr z$-9D;eD|F<=HC_?03FR;RFgihePF6)FQ|?7!%Z^7k!=$O*!oAZhq>(S41t2lYM4N_ z?JV=%kv?$~t-3loI_Up)%0TH(jo!A4JIdLagZ___63jt=(-PF>e13W#zy#VP5Y-t4 z><3a}kD`H=*n2P8Q$m;pn==@o6P6iG1XFC9|6Ne=5B-gQ#AJ<*(js9jn!87ZN6zww zMFNlC35~blXu)3byKWBqVrG8;_pkTap&Epek0UhLH$%Vw_ z3BGV+g0R~=f-qo307ez`(2XxTKypk|<;sEsz)JC9W0uzl!6bhob9UU`a$I7rtP0jf zY46cy6XuT_X_dnNk8#;PS!6NtbI<-$F81_(UPp~3bfwr=q0eS={pKB3b3^VLr;En7~*1K84EAIa80^YbVF4pG8JA#0g^{`nY(|Vsz?{doJ)y`*BJAAgC zSyzD<^B+@0#JsEE<(%eQSaU{gTW(jMn#9mcm zyO~r_Kob5I^PXJnWH1VX%;kkz9(&uyANEQjCDT$YMxkA0pVfm{9@Tb)y zp8eMyh77Y+iWD8v;P^Lf^u7@3S!!OzrcPAV+ZFbv(Gt{0+4?e``!BcMk(NzZ1 z9AM-H{%t4szyDy!72`TL5+O*FjA~F}0a{JmPCx(`jvw^Y>#5drybfRjE1$9u_m3&+ zCb3r#YCAryZRbXS{~CQjDsYp|8w0T`zyI`)0?RDJ2ahvtUbvQsZyeGSg-cS~;t--# z6>8CxeOW0Q=PuJY=zT|BQbx;RX6o(?#1*sQ&^t+t>NhdH9F>e}318jcTMVqq z^iL{Wj;Uz!GDUGqbNe#*v!>Q4xBl~m(-!>=9Ar`t#U7C|*ke6*c7;9ra1V-2< z_i<~w|82TMw@sx*uuG-_bYb~#p#PK{`U|>EYs_qc7JTx5myjyoScmok0zZy#=xHdc zYv-0SQnY0ufeYP7X(_>{VS$d(?WXax4x@-HIk)*zhe48pn`Ybdq0@? z{6HtzqzPbOqySVt+KNPeQ(LpQ903+7b>a6$aK8z}ND^--8lO zj>pW`&6EmlU-M{5<+Bvo%oE|jZI0)dP6GG@^T{q5VK$#%x}C_=47H^(yUzh@era2X zhto=$m#M*oS=ycev;^1?&fLN1?KA}DFu{<-kyDPC+!WYpW8dmf|8J(J$vns&CFiu{G7cS z3UnJrEoeYTab&*&pgN8|GXJc50+5Kx4j5{t_Bgbf�lexX6nkS6C2lHgheoIKmW%z+rt;)k_}sQu0J*Cy0Q0-mOta6%|Lda-sKK_4D(S&Y#ngtdYd5 z0mzTdGHE5(7yjYk_y(zBgLy;hP^&Mga`O+8F<9c@9b*L~kpiK+(+_%}K$^Cxwpu#5J+#ykCnggWU{3$QB4MBxC0P_SWuo(b3@Ni(w_}m(VuKqMgvGt;>gmK5B ztR%YBTsOp{Y|q@aogmxWpOs>miA7}LRMJaHa1#@#Eygzh)XbTXpOm+L-=Llt^eHv< z=;O#Gcw#Nroj{seChJx8@-CE9z+kTE={cG2%6RZ~W9M_#hQngNu_gkj{1CYNAE^Ey AIsgCw literal 0 HcmV?d00001 From 9c8993c5e5dec0fe7b2c6beb36a03748df1b2a3a Mon Sep 17 00:00:00 2001 From: brbrahm <43386070+brbrahm@users.noreply.github.com> Date: Tue, 21 Jan 2020 16:14:13 -0800 Subject: [PATCH 42/73] Correct minor typos --- windows/client-management/mdm/applicationcontrol-csp.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index 3d6869c047..26145df9b5 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -147,7 +147,7 @@ To deploy base policy and supplemental policies: The following example shows the deployment of two base policies and a supplemental policy (which already specifies the base policy it supplements and does not need that reflected in the ADD). -#### Example 1: Add first base policy** +#### Example 1: Add first base policy ```xml @@ -164,7 +164,7 @@ The following example shows the deployment of two base policies and a supplement ``` -#### Example 2: Add second base policy** +#### Example 2: Add second base policy ```xml @@ -181,7 +181,7 @@ The following example shows the deployment of two base policies and a supplement ``` -#### Example 3: Add supplemental policy** +#### Example 3: Add supplemental policy ```xml From 4f2f7963259174c15cf1ba2b8c1aa91d2af4927e Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 17:35:32 -0800 Subject: [PATCH 43/73] Added property description --- .../microsoft-defender-atp/recommendation.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index a2ad1dbf57..7117f61a03 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -54,6 +54,6 @@ Status | Enum | Recommendation exception status. Possible values are: “Active configScoreImpact | Double | Secure score impact exposureImpacte | Double | Exposure score impact totalMachineCount | Long | Number of installed machines -exposedMachinesCount | Long | -nonProductivityImpactedAssets | Long | -relatedComponent | String | +exposedMachinesCount | Long | Number of installed machines that are exposed to vulnerabilities +nonProductivityImpactedAssets | Long | Number of machines which are not affected +relatedComponent | String | Related software component From 3a2901f1491df2936bb4bd8e4e6b1d3eb53014f4 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 19:57:38 -0800 Subject: [PATCH 44/73] Update get-installed-software.md --- .../microsoft-defender-atp/get-installed-software.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md index 171a32a275..1b2a634eff 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-installed-software.md @@ -58,7 +58,7 @@ If successful, this method returns 200 OK with the installed software informatio Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/machines/ ac233fa6208e1579620bf44207c4006ed7cc4501/software +GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/software ``` **Response** @@ -82,4 +82,4 @@ Here is an example of the response. } ] } -``` \ No newline at end of file +``` From 13b94a5695695a5cf6dcab4b86337d03126446f9 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 19:58:48 -0800 Subject: [PATCH 45/73] Update get-discovered-vulnerabilities.md --- .../microsoft-defender-atp/get-discovered-vulnerabilities.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md index bc067f116f..e20da5c5b7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-discovered-vulnerabilities.md @@ -58,7 +58,7 @@ If successful, this method returns 200 OK with the discovered vulnerability info Here is an example of the request. ``` -GET https://api.securitycenter.windows.com/api/machines/ ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities +GET https://api.securitycenter.windows.com/api/machines/ac233fa6208e1579620bf44207c4006ed7cc4501/vulnerabilities ``` **Response** @@ -86,4 +86,4 @@ Here is an example of the response. "exploitUris": [] } } -``` \ No newline at end of file +``` From bfb085cc3d7f9c5eb156f255f7053f9b5e79ee14 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 20:10:36 -0800 Subject: [PATCH 46/73] Update TOC.md --- windows/security/threat-protection/TOC.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 2af50f3e0e..addc5617ed 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -479,7 +479,6 @@ #### [Common Vulnerabilities and Exposures (CVE) to KB map]() ##### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md) - #### [Pull detections to your SIEM tools]() ##### [Learn about different ways to pull detections](microsoft-defender-atp/configure-siem.md) ##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md) From 19108ca43ae510996853081740b2e61b90d1301a Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 20:17:01 -0800 Subject: [PATCH 47/73] Update software.md --- .../threat-protection/microsoft-defender-atp/software.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/software.md b/windows/security/threat-protection/microsoft-defender-atp/software.md index 31c8ef62c0..49e8e4c12d 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/software.md +++ b/windows/security/threat-protection/microsoft-defender-atp/software.md @@ -40,7 +40,7 @@ id | String | Software ID Name | String | Software name Vendor | String | Software vendor name Weaknesses | Long | Number of discovered vulnerabilities -publicExploit | Boolean | Public exploit is available for some of the vulnerabilities +publicExploit | Boolean | Public exploit exists for some of the vulnerabilities activeAlert | Boolean | Active alert is associated with this software exposedMachines | Long | Number of exposed machines impactScore | Double | Exposure score impact of this software From 4af7d0783ee4549601c0bc86a12145e79dfadfc4 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 20:18:15 -0800 Subject: [PATCH 48/73] Update vulnerability.md --- .../threat-protection/microsoft-defender-atp/vulnerability.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md index 7d023c0efc..0ede996269 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md +++ b/windows/security/threat-protection/microsoft-defender-atp/vulnerability.md @@ -43,8 +43,8 @@ cvssV3 | Double | CVSS v3 score exposedMachines | Long | Number of exposed machines publishedOn | DateTime | Date when vulnerability was published updatedOn | DateTime | Date when vulnerability was updated -publicExploit | Boolean | Public exploit is available +publicExploit | Boolean | Public exploit exists exploitVerified | Boolean | Exploit is verified to work exploitInKit | Boolean | Exploit is part of an exploit kit -exploitTypes | String collection | Exploit Impact. Possible values are: “Denial of service”, “Local privilege escalation”, “Denial of service” +exploitTypes | String collection | Exploit impact. Possible values are: “Denial of service”, “Local privilege escalation”, “Denial of service” exploitUris | String collection | Exploit source URLs From de04d48b36c73054b6d966c073637b0eae99f266 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Tue, 21 Jan 2020 20:19:49 -0800 Subject: [PATCH 49/73] Update recommendation.md --- .../threat-protection/microsoft-defender-atp/recommendation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index 7117f61a03..d41c53fd57 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -49,7 +49,7 @@ severityScore | Double | Number of secure score points given publicExploit | Boolean | Public exploit is available activeAlert | Boolean | Active alert is associated with this recommendation associatedThreats | String collection | Threat analytics report is associated with this recommendation -remediationType | String | Remedation Type. Possible values are: “ConfigurationChange”,“Update”,“Upgrade”,”Uninstall” +remediationType | String | Remedation type. Possible values are: “ConfigurationChange”,“Update”,“Upgrade”,”Uninstall” Status | Enum | Recommendation exception status. Possible values are: “Active” and “Exception” configScoreImpact | Double | Secure score impact exposureImpacte | Double | Exposure score impact From c0fae4f9ca3de1c3448973b62d02edab8d04dc62 Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Wed, 22 Jan 2020 09:05:05 -0800 Subject: [PATCH 50/73] Removed rebootless comment --- ...dows-defender-application-control-policies-using-intune.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index b94d7ddead..4447a187fc 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -27,7 +27,7 @@ ms.date: 05/17/2018 - Windows 10 - Windows Server 2016 -You can use Microsoft Endpoint Manager (MEM) Intune to configure Windows Defender Application Control (WDAC). Intune includes native support for WDAC, which allows you to configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or to also allow reputable apps as defined by the Intelligent Security Graph (ISG). Using the built-in policies can be a helpful starting point, but many customers may find the available circle-of-trust options to be too limited. Additionally, the native policies are currently deployed via the AppLocker CSP, which requires a reboot even for 'rebootless' policies (which have the 'Update Policy No Reboot' option enabled). +You can use Microsoft Endpoint Manager (MEM) Intune to configure Windows Defender Application Control (WDAC). Intune includes native support for WDAC, which allows you to configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or to also allow reputable apps as defined by the Intelligent Security Graph (ISG). Using the built-in policies can be a helpful starting point, but many customers may find the available circle-of-trust options to be too limited. In order to deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI. Beginning in 1903, Custom OMA-URI policy deployment leverages the [ApplicationControl CSP](https://docs.microsoft.com/windows/client-management/mdm/applicationcontrol-csp), which has support for multiple policies and rebootless policies. Custom OMA-URI can also be used on pre-1903 systems to deploy custom policies via the [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp). @@ -69,4 +69,4 @@ For pre-1903 systems, the steps to use Intune's Custom OMA-URI functionality to 4. Add a row, then give your policy a name and use the following settings: - **OMA-URI**: ./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity/Policy) - **Data type**: Base64 - - **Certificate file**: upload your binary format policy file \ No newline at end of file + - **Certificate file**: upload your binary format policy file From eeac6857a3e8bd658a2826ad901f005b129e430c Mon Sep 17 00:00:00 2001 From: brbrahm <43386070+brbrahm@users.noreply.github.com> Date: Wed, 22 Jan 2020 14:55:08 -0800 Subject: [PATCH 51/73] Merge changes from Pr/10 branch --- .../mdm/applicationcontrol-csp.md | 57 +++++++------ ...plication-control-policies-using-intune.md | 80 ++++++------------ .../images/wdac-intune-custom-oma-uri.png | Bin 78906 -> 78906 bytes 3 files changed, 59 insertions(+), 78 deletions(-) diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index 473a90c729..ef81d89611 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -1,11 +1,13 @@ --- title: ApplicationControl CSP -description: ApplicationControl CSP +description: The ApplicationControl CSP allows you to manage multiple Windows Defender Application Control (WDAC) policies from a MDM server. +keywords: whitelisting, security, malware ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows author: ManikaDhiman +ms.reviewer: jsuther1974 ms.date: 05/21/2019 --- @@ -61,7 +63,8 @@ This node specifies whether a policy is actually loaded by the enforcement engin Scope is dynamic. Supported operation is Get. -Value type is bool. Supported values are as follows: +Value type is bool. Supported values are as follows: + - True — Indicates that the policy is actually loaded by the enforcement engine and is in effect on a system. - False — Indicates that the policy is not loaded by the enforcement engine and is not in effect on a system. This is the default. @@ -70,7 +73,8 @@ This node specifies whether a policy is deployed on the system and is present on Scope is dynamic. Supported operation is Get. -Value type is bool. Supported values are as follows: +Value type is bool. Supported values are as follows: + - True — Indicates that the policy is deployed on the system and is present on the physical machine. - False — Indicates that the policy is not deployed on the system and is not present on the physical machine. This is the default. @@ -79,7 +83,7 @@ This node specifies whether the policy is authorized to be loaded by the enforce Scope is dynamic. Supported operation is Get. -Value type is bool. Supported values are as follows: +Value type is bool. Supported values are as follows: - True — Indicates that the policy is authorized to be loaded by the enforcement engine on the system. - False — Indicates that the policy is not authorized to be loaded by the enforcement engine on the system. This is the default. @@ -113,20 +117,21 @@ Scope is dynamic. Supported operation is Get. Value type is char. -## Usage Guidance +## Microsoft Endpoint Manager (MEM) Intune Usage Guidance -> ![Note] -> If using Intune standalone or for hybrid management with Configuration Manager (SCCM) through Microsoft Endpoint Manager, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) for more information on deploying policies with ApplicationControl CSP. Microsoft Intune handles the creation of a policy node and does all the below steps to deploy policies on your behalf, so you shouldn't do any of the below steps if using Intune to leverage ApplicationControl CSP. +For customers using Intune standalone or hybrid management with Configuration Manager (MEMCM) to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) -In order to use ApplicationControl CSP, you must: +## Non-Intune Usage Guidance -- Know a generated policy’s GUID, which can be found in the policy xml as `` or `` for pre-1903 systems. -- Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. -- Create a policy node (a Base64-encoded blob of the binary policy representation) using the certutil -encode command line tool. +In order to leverage the ApplicationControl CSP without using Intune, you must: -Here is a sample certutil invocation: +1. Know a generated policy’s GUID, which can be found in the policy xml as or for pre-1903 systems. +2. Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. +3. Create a policy node (a Base64-encoded blob of the binary policy representation) using the certutil -encode command line tool. -``` +Below is a sample certutil invocation: + +```cmd certutil -encode WinSiPolicy.p7b WinSiPolicy.cer ``` @@ -136,16 +141,18 @@ An alternative to using certutil would be to use the following PowerShell invoca [Convert]::toBase64String($(Get-Content -Encoding Byte -ReadCount 0 -Path )) ``` -### Deploy policies +### Deploy Policies -In order to deploy a new base policy or supplemental policy using the CSP: +To deploy a new base policy using the CSP, perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data}. Refer to the the Format section in the Example 1 below. -- Perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_{Policy GUID}_/Policy** using the Base64-encoded policy node as {Data} with the GUID and policy data for the base policy. Refer to the the Format section in the Example 1 below. -- Repeat for each base or supplemental policy (with its own GUID and data). +To deploy base policy and supplemental policies: -The following example shows the deployment of two base policies and a supplemental policy. Because the supplemental policy already specifies the base policy it supplements, that does not need to be repeated in the ADD. +1. Perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data} with the GUID and policy data for the base policy. +2. Repeat for each base or supplemental policy (with its own GUID and data). -**Example 1: Add first base policy** +The following example shows the deployment of two base policies and a supplemental policy (which already specifies the base policy it supplements and does not need that reflected in the ADD). + +#### Example 1: Add first base policy ```xml @@ -162,7 +169,7 @@ The following example shows the deployment of two base policies and a supplement ``` -**Example 2: Add second base policy** +#### Example 2: Add second base policy ```xml @@ -179,7 +186,7 @@ The following example shows the deployment of two base policies and a supplement ``` -**Example 3: Add supplemental policy** +#### Example 3: Add supplemental policy ```xml @@ -212,7 +219,7 @@ The following table displays the result of Get operation on different nodes: |./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Status|Was the deployment successful| |./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/FriendlyName|Friendly name per the policy| -The following is an example of Get command: +The following is an example of Get command: ```xml @@ -227,10 +234,10 @@ The following is an example of Get command: ### Delete policies -To delete an unsigned policy, perform a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_{Policy GUID}_/Policy**. +To delete an unsigned policy, perform a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy**. -> [!Note] -> Only signed things should be able to update signed policies. Hence, performing a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_{Policy GUID}_/Policy** is not sufficient to delete a signed policy. +> [!NOTE] +> Only signed things should be able to update signed policies. Hence, performing a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** is not sufficient to delete a signed policy. To delete a signed policy: diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index 48b33cfc5d..ea44562376 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -1,6 +1,6 @@ --- title: Deploy Windows Defender Application Control (WDAC) policies by using Microsoft Intune (Windows 10) -description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core. +description: You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide. keywords: whitelisting, security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.prod: w10 @@ -18,22 +18,20 @@ ms.date: 05/17/2018 --- > [!NOTE] -> For WDAC enhancements see [Delivering major enhancements in Windows Defender Application Control with the Windows 10 May 2019 Update](https://www.microsoft.com/security/blog/2019/07/01/). +> For WDAC enhancements see [Delivering major enhancements in Windows Defender Application Control with the Windows 10 May 2019 Update](https://www.microsoft.com/security/blog/2019/07/01/). # Deploy Windows Defender Application Control policies by using Microsoft Intune **Applies to:** -- Windows 10 -- Windows Server 2016 +- Windows 10 +- Windows Server 2016 -Microsoft Intune can be used to configure Windows Defender Application Control (WDAC) on Windows 10 client computers. Intune includes both basic native support for WDAC as well as the option to use Custom OMA-URI for customized policies. +You can use Microsoft Endpoint Manager (MEM) Intune to configure Windows Defender Application Control (WDAC). Intune includes native support for WDAC, which allows you to configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or to also allow reputable apps as defined by the Intelligent Security Graph (ISG). Using the built-in policies can be a helpful starting point, but many customers may find the available circle-of-trust options to be too limited. -Intune includes a limited number of default policies, which are available in both audit and enforce mode. You can use these default policies to only allow Windows components and Microsoft Store apps to run, or choose to also allow reputable apps defined by the [Intelligent Security Graph (ISG)](use-windows-defender-application-control-with-intelligent-security-graph.md). These policies are currently deployed using the [AppLocker CSP](windows\client-management\mdm\applocker-csp.md), which requires a reboot even for rebootless policies. +In order to deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI. Beginning in 1903, Custom OMA-URI policy deployment leverages the [ApplicationControl CSP](https://docs.microsoft.com/windows/client-management/mdm/applicationcontrol-csp), which has support for multiple policies and rebootless policies. Custom OMA-URI can also be used on pre-1903 systems to deploy custom policies via the [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp). -Intune also allows you the option of using Custom OMA-URI to deploy customized policies. Note that beginning in 1903, Custom OMA-URI deployment leverages the new [ApplicationControl CSP](windows\client-management\mdm\applicationcontrol-csp.md), which offers support for [multiple policies](deploy-multiple-windows-defender-application-control-policies.md) and rebootless policies (policies that have the “Enabled:Update Policy No Reboot” option set don't require a reboot to take effect). - -## Using Default Intune WDAC Policies +## Using Intune's Built-In Policies 1. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**. @@ -46,53 +44,29 @@ Intune also allows you the option of using Custom OMA-URI to deploy customized p - **Application control code integrity policies**: Select **Audit only** to log events but not block any apps from running or select **Enforce** to allow only Windows components and Store apps to run. - **Trust apps with good reputation**: Select **Enable** to allow reputable apps as defined by the Intelligent Security Graph to run in addition to Windows components and Store apps. - ![Configure WDAC](images/wdac-intune-wdac-settings.png) + ![Configure built-in WDAC](images/wdac-intune-wdac-settings.png) -## Using Custom OMA-URI with ApplicationControl CSP +## Using a Custom OMA-URI Profile -For systems running Windows 10 version 1903 and above, the steps to use Custom OMA-URI functionality to leverage the [ApplicationControl CSP](windows\client-management\mdm\applicationcontrol-csp.md) and apply a Code Integrity policy are: +For 1903+ systems, the steps to use Intune's Custom OMA-URI functionality to leverage the [ApplicationControl CSP](https://docs.microsoft.com/windows/client-management/mdm/applicationcontrol-csp) and deploy a custom WDAC policy are: - -1. Locate the policy’s GUID, which can be found in the policy xml as `` +1. Know a generated policy’s GUID, which can be found in the policy xml as `` +2. Convert the policy XML to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. +3. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**. +4. Type a name for the new profile, select **Windows 10 and later** as the **Platform** and **Custom** as the **Profile type**. +5. Add a row, then give your policy a name and use the following settings: + - **OMA-URI**: ./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy + - **Data type**: Base64 + - **Certificate file**: upload your binary format policy file - ![PolicyID](images/policy-id.png) + ![Configure custom WDAC](images/wdac-intune-custom-oma-uri.png) -2. Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet. The binary policy may be signed or unsigned. - - ```powershell - ConvertFrom-CIPolicy -XmlFilePath ".\Policy.xml" - BinaryFilePath "Policy.bin" - ``` - -3. In the Intune portal, navigate to Device configuration, then Profiles, then create a profile. - - ![Create profile](images/wdac-intune-custom-create-profile-name.png) - -4. Name your policy, set Platform to Windows 10 and later, and change profile type to Custom (OMA-URI). Add a row and use the following: - - OMA-URI: ./Vendor/MSFT/ApplicationControl/Policies/_{Policy GUID}_/Policy - - Data type: Base64 - - Certificate file: upload your binary format policy file - - ![Create Custom OMA-URI](images/wdac-intune-custom-oma-uri.png) - -5. Set Scope and Applicability Rules, then save your policy. - -6. Finally, assign your policy to the appropriate groups. - - ![Assign policy](wdac-intune-custom-assignment.png) - -## Using Custom OMA-URI with AppLocker CSP - -If you need to deploy your policies to clients running older versions of Windows 10, use Custom OMA-URI to leverage the [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp): - - -1. Convert the policy to binary format using the ConvertFrom-CIPolicy cmdlet. The binary policy may be signed or unsigned. -2. In the Intune portal, navigate to Device configuration, then Profiles, then create a profile. -3. Name your policy, set Platform to Windows 10 and later, and change profile type to Custom (OMA-URI). Add a row and use the following: - - - OMA-URI: ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/_Grouping_/EXE/Policy - - Data type: Base64 - - Certificate file: upload your binary format policy file - -4. Set Scope and Applicability Rules, then save your policy. -5. Finally, assign your policy to the appropriate groups. +For pre-1903 systems, the steps to use Intune's Custom OMA-URI functionality to leverage the [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp) and deploy a custom WDAC policy are: +1. Convert the policy XML to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. +2. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**. +3. Type a name for the new profile, select **Windows 10 and later** as the **Platform** and **Custom** as the **Profile type**. +4. Add a row, then give your policy a name and use the following settings: + - **OMA-URI**: ./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity/Policy) + - **Data type**: Base64 + - **Certificate file**: upload your binary format policy file diff --git a/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png b/windows/security/threat-protection/windows-defender-application-control/images/wdac-intune-custom-oma-uri.png index 360e07f63fa27bfe51781933e4d05406f122da79..1ba4774163c7c6c11be23370ac7ce9ebd0e0aeb3 100644 GIT binary patch delta 59138 zcma&Nd0diB)HiOcm6mszndMShnw3#mnJev<8DXF>T zzLKe#8>pzLh`1vlU?PGb@T2>_pZ9s+|9-s$ji7hP>5*rU}+bXVE2#P+Kc=$Xp%ea00ie;G7B2fx1$Icds zpge-}@0Y2*Rj-bGFgQH9C8`hERdT$(((Lt)>Y*k3h5?tNst;;F_b?IZS?_3H8M}{K zn7oY`+7i(sb+rC*@yJm9vCFP<*DxpUA9u31?khR|M99is!{`Lf_teeZ+~WjMaZcyM z$$|4d@MQx4snJhDr`-Vuagn5Nj+e1q=JWV(j^Y9SDXZ!#6{3y*{+Bqj@ZM*lQD>^G z>0TLO8)wu1RNr~uxH{(T_nsgVD!cM$YJZCKzGL>)KDQr9J(c}S^4}^6=|{)xYy3h~ zi7ijHTm1j61SGz@-1+89sNTHc$$!nhyI3y&Jm`P)`Q+yB8~&?%e!DZ%znOBgdHd7< z`R>-tcQvHQ%tM#{YvOX}#M+FC=+<9~|5cnhp6o+vHb?|X81`+NO#lmP4FwcPLmsrL z$XiGWp-i6>JoySJRhIgW6hid5Il+VKmGj<4)XjQfA7~A(c3&dH7IQym%c$UG_&2g8 ze>I=997gz5vmgf$bH@>aTYA1SQ~(*f;ZtgYe8(2Y8voKa2pGfgqqpI2#2Y7;6vANn z<}p&(pV9m(o+Uy_y$YMLh78AEUvBPA=a6S5hF!Y?0k?zA{+jp8E+a+jWVyKZ#kW_} ze8U~V25b9$(cCk7ryjLhD+P#Rcz$4l6ZSMQlC0*dUt}sZF1Y~j`1zVtP{^BE(GI;; zDGYes5Mt_!B+m#|xa`WMwX)Kc1XhQvp-MgM^z2wi6PoDAH{~|gi)J#bZDJOh8}ZK` zvQdDm|4Q#~D!9YVc~JyMp4DrXB2_^2M?QiyI^efQtMxAFJ3v(L+h`efaAxfNJ*i5- zKm?)4fsnMf#HKoep-0q%X1ku}Y$NX{qUch~+2xSOjNK&MLNzLw9UFQl!(pbk78D&% z3`1zszWtHKVuGRdy?dV$5R0y!?a~0tB+Q}g{rgLKe^2qhIl$;uent5v&McZ4LdKgQ86xOJ{~)vR<2%r3eFGb8Df6UMo;t=w0YhUI%worXoFNnZZyVY9Z^0! zc?7c^MC%5XoN@u2FLAOkW}d6Q*b5V{50(N>oRSFyK7|kI2d6k&^qu{1=lI?o(N{m- zInFnWRlI*EAm`>0m0Lerkzr4AcX^l1VO*YiqUO*04AVjA+@M9S&U_1Z4tx{^1kO}03Uz5oR{$d{9O>$~5h>F-! zBgpbFG&P&?4{`w>ks#*V7n52K2tTNAocTo7qJ>`**)1mur*?U82Z}MgjRF~WzXT18 zY#6WlMZz0a8L}>GDO8eQaZ0@og9tLkVF(uSc#O%eA++#BEjE|twps;MqzBK}*7Efm zWj@6NO$tuqt2aTa__}w#K<3n1ynPsgx%p=dYUgUqFa@tp&(fS&8UHd&eGkMgLTFCG}3;}_N!axZZ9;nAb<4qVPxrHS7j$yvegy&z-7%q^vzw#K~j*UC9(do^Mx-Nzc_AUQHZj;p(d z4)2bYayB&~JE+nyRZ%5?@gl)!78<;i=B~4^Gvu>M#|o{+g2&Bx*p=U*V%Z7Edt33_ z<=IUHZMWCJL(Bu+#WST@L9p=`wYXLP=HCU=FFSA@2*yT)E$BqE#)VV0jjfnEgAl}% zm)P(hNXGVFokc|=16xB0&DJ7s*Ngw7DgP*p^wP9`;}*L}vbR9#6k{d)C7RcxhM3A$ z9TGy+DG1aluvddQ3^>I8U_Y(DL|p3Ws2q8X9t=Oz4CKCShS%y9Qoi*97J|x-e0l!{?E!OL8S$$R^)2u*U=<`sIIL23IR5g^{ztKaRI!Bcbit4bTGA` zgu&8hf>gx^so74ZCo3(X+>uKi(+jz(sj`Oh1DxA!fs3_>5Yy)&A>A4=H0DHvbHb== zR3b*LQ1n8p%&`ZZW2RP zL2cbw{Bci}$~Qc^*44Sk<4CcxxhEJ})BME9i-!nm+yOEG9PY7AmPNqZ>udSdVkQ>U1c>MgeK?t+V8euc@SN*r^}<6JB9q88*nZBq95~ zYRH?Nev)VvTvvY#E$$d5QYtI1Wl#7Yg-T&Atni`}Zg`Q%&5<1Th4%M0?2%0a@+Vzi zSw-HBm@KbEu&4?73sRs+2%U*8yY-aq?Tckt$H1?r0Z)|mF_gl)1Hkfw`tcQH zP^~tGF1nTNpGgT_0Qyrm&KQQIHCry{CHnwD}V{ zR5vPe9PM8Jkq3~u9Ydhec*I#kCPHB?A>1b3em>BwXrUXx<#$?bqy=|J)z81X3}{pP z*>u9kqD}bxBJJyDNlxR~D$oA(b%&UmqPIM`d&}8Uj)Jdw#x2O$8t@?V(@RuxkKk>S zuw9Y=&`>u2GrrZph_u5TX^U;vaf(jOF*sdk?2nk($UlrP521mtyV;^uTUm0y4fw0( zMCXTK6rj-YiHk)PekS311_F4jW1;pz`^Z_MpZA-d48RU}%nMR$*v5el*lfM@jvu6$ zXa}^Ej!Izar)Cf5a8nM=r0}&4vD_F%i!@k$1&&Pi6QryNj^RI3VZ9>UoZq2_x4(Da zpsf@KNYW;sH=Qeb6f1;xkQcc%cK#pDi#O=oKJQD68_ zHe=|`K^+WR7+j17S-|S$e>>+#3O7tRO?+m$qWtU|7j;T}>Cp3C?Z3ORL zeMz@Q5yrZM`M7zSHc^Gb%$6K{o)y#coT^P@UIQm!Yz(=Rn+%q|Z_)*X+?fmE%d@{c z2TZ&Kd1PIg_aMP-DPjck4i2Y+TQA7Zv#yPAVJub0ptkSou0qE5Ws?lAjRA~8V)wA?u-4egC#B{>gWfo@@`n&l&7KNPRV!ocn{Zandb4@4=(%-WYcG5h zlf85u)5-Tw(m-fwWoiuru`P~(?}!ftJc-NgxeA1m$4y6BAF)z^#JL_JMDj5~=OuCldH z&r21pAw_phOyXY3sFY}7^|b;se!X)5M7!&S<9m8xJjbTx6=db?dr1CpwsnUKG$qBR z#q(Y3@}jzj09r?Ye>IL27VhKXLZPCUCQsmDV^=$(`9bl7)Qzi+z5>_a(Z>Z!=!AY^MNhZ zd8HgQueF;B8qJH>4qAjk?>j4&j^|V5nO>jAEdv z!+ZLu$bkc{X?V*Vg${9n!5BOKpqkQ>$SJhD(@&(wg970S?L{U=VR|ItEp+#{;_?FI zu&R;Zt~!b1=f(TZbvSmBeTk^3A6oa{sw<|Fc|;WcJzz7_SY@Zje5CZ``vyOqQM$jW zlB(=e^J-~Mj7DF!2fTLk&-N08c|w*hMBSOqjQV}I8_=_I%g>9rZR&<9vFbQk`ekO2 zf`NV~UqGa23D8g~w89j4Z1`^gDz*dX4s~~AkzfAW9le(fxHA-66Z&qTBER@gaIBY6 zEeRw}{XS&Ij*I#Ey?FoBIekU`%nnWAwef}iT%xt(1RF>vNNu*9ZP`3^w+vWuZ?I=2Z9(tF^J` z>ce^}61u-;HjK}5r{l}@dZf#VH;{m=L6~^qF`{o6<~rzn32GIX7sj7%!NM2=Y;0Rp z{c6^=DlQpB>vH+dF0NU*Mi4iP06!`~PeI9stI-U}(l195V{m>mGr`84(lqmqua$m+ zLVn9ae?LzofbR+lrUykP$oDy8@0~=c)n31_;DO$#K_#&ux_|Kv0R8~X4!)vZHHCx> z#B>IJIv5;zsWzuF@B;=+k??T#8=8rlN&pLtihIk8k?58C96M2K&BhseZRNBNE*-rR z|J){&GN&!mmzHY^&B4CX&{_2;1M_QpLTWqC>KNYVO=c`}TkZ6JyZdsNt|8J+9Sml* zwMTFRw0g-Q{a=A9-n@)51jFJc%X^hu*rQNSe@{KU`8k2V?wIg+c$&Eo<2Ok-&Flu7 zW|Q5+D^43L^Rdq7O+aw6Uc`gfsk~X1e0HI~6W1&|qMuBR{9jF3GO^Qr|IlQ<)oOm} zl?h}Z*GO>NRrK2pF|HxsEV$hS_nd6GSP8s#5Xj9(tw2i~x&yis?#VFfjA5__{$JXW z>)cx?51@qOA@gUh;eN%f3{1mL6I8kR*;a>7K_`%&-IxaAbIx*fZQvx{^GoH5P1 z`6>}1H8jPB2Vb0oWC%(LH_q0*ii51(@lMdSlJ}`}O6K3+jOTn) zHXJSR4ul7E)Xu)o4K}%57*D}@mM4VKTENui%TcN7Y^6O*`mD4-a z@1vdwo(bwoNeGx(`1(|PMwqA7!v1#45XyDU$Pp%wJCge_*JmW$z4Nt9^SEpDH(S zj%ACU(a)M2Si?>mjIT=Y#{k-^gA@HDfcN9=yIutR`@*>KDuZb9e*s8{9--79%tBng zf4KI)4<08URjfYv?*oaaSE9v(__sX0QuL_x<<82@{|ECj{(No2nL}wN$r>;YBSb{3 z@JP7mJNEgk>(3Dl@jJjOcwAMCa?Kj)?v)Vagny6{(!jIgibZU#kr;V9E`8;R#HOoD zhp~HEZ^fOKp=Xr0OGq37Kbw@;x>vLT3rzkI1m~9cr|z%+{jA;QmJQPTTT;v_1I4{8 zJxSOsA@TO$pT2gZ!m{yFp+NvNP`dRx+rfgU!|fHo8%!W@0f>HHp6WrMPac_#d>VOM8#zC8n0+ee zz`j$GicUab5RG9GmZY-wO}qK6)AuX45e&}={B>8IHXiL8`pT&dDkZUK z@qAvnvz!)NN(0e3Bhij)fsDKD2>(qIPahj82E4%Nkh7k>O0Pz(tQg!&*xUm3MVJP4 zAncH9#z{F56yGLbDe=JB>HA96eBY+kb?nLr0E}+u|5}xg%;!mA`|jH893SpS-{-kD z(bx4Dde}mGq6#e$8F@_|QE2J9D`i(sSjNq;qz#*Xk_1GOCvSzK19A~Y(|$;SDzEWU z5dp=7mDyh2SY4hje>igA0}}fggSUA6P2H?s#L60YfrviCpT4EEE+j+<`i=i-L1dJfT3dS7{e#jpaeNFgB5*Y)cMEJ83!d*bbgFFS;P-*P-$aZ z;*ROk7c<#cxN=c$Z_xlGL-B`j(?baPGrWL4yiL zj(L^-M$PsTF31DYoLf1L5$h-paD0sp$0Dc%fAV6)GVGwlQ$epMDm&jE`Ba1(;u zPiC)52x&qil?dn~RJ>uQ03R}-y|M_~-o#nd-n)N?^tSn{+`elvfLqhkHTe=AFTydn z|3>Iz@VA7L5YReJU%)M>74lW}J~)q*3>RT>$wd<>@mcw65dU)iv}O~hWuJiokP$yf zh*-MV&_MUX6~t)%LeD=jSpLsQm}cgCoY++5X`73JZp_mf2o6 z!4asGmn!j4gOBrDN^i|zhDQO<7`KrU09|U;aNZ$RFezEzqyHG(V46VBm82g=If;>S zZ=gPu68)xKsOXXzDJtYh7}De9skMW*=N7v(cx2iM9~B9gGY5ZhZZ*?Ikw`l;>Gf|a z3z8G56)E&05LvOF)3j4Uf_D!xp&FvKP53_Y;WIhiy8uAe4)L0tGB7?NqDs9IEuPDM za_jbFyL!W3pv;_{qFl1cw7GiIE_{Fo;E%Tcp<2YlMwCY$fI^W#{@v&r zh*yB;Og#->Y%(X`k`~WiS`Mmw8II#OXmvCUnrB_jn9N^ zcKQJe3!lt5K+kj5KUJX(#B;mM>eT{0r28p0PNhLvC5|$h7A80Mt_M4Y5Fe3A9wD4f z6#irU3^=(n@Z8#~?%;1qDGy+ADF(BKZbj4;oRynOWotK8k4X_^JK_I+(ApUP3}Kf` zH-vNfZ|qXZM+Ec0W^C%U;K5E@2#Z=g@w+PkQ%j!cWX&S|x0MImO!l1$KHIr{Y-1rlb7PNiNd0O#Oa7c8{$8}~0I*b2a>7jlpaB0F+ zl)7WrL?GT0I#vMveM3^>GIV9o;2!7MB&dp_5F~kSeGkI#llGTGAmL@_#zl{@_wW%? zp1hy%WcG5jnt;5)VrA}RNuQjSdGau+z{I?0z!8Yt^h{(|=-vF=e{7|IbslGGA;9ax zJ6QEBsiY8rh1%vPUon9%fd`+=end`(*Z*)FzO6e*A+mq;@`@~)Kje$_FIzM(N~0gX zG#`o}hIe`v8kZc6A!4a7JIR!MP1Iv|w&fdM98?Yn%faY@PawzRcrEfE9QNKpPrN7` zxS+r8%qv^m=ph)&h!{k&-&MS>$QHs(<#rj|*2>aFdf468HP^=uvUc=d>h!ttpuQ>l zGDynl`_{HrN1M`+@LJG!1O7qYC@;bLYSr3TYnn)LS=#O3gr@ zsgGdS7hR|;v{lJAw2;pVEDLRF7_Q5YybJEx4H1^gH{GE+BW;x*?^HRrE}c!D9}Y7k zRM%Y_kmkdyO!qemIym0N+P}&jWdyT^~M) zY!PIE=>8Y`NJ_ADdI`1bq4UOb*X1$%D2)Dyj>?$uiYz$fSv~-Bo9(V2cNOAEeFFQg z;3ysWl1ny5{*m`tn4C$37~lVf$nv{ng8znu?53jsu@j)k>w< zdYb5~pV4UM84r^j0xHQ!_u zQb9J4!(iE%25Nxbm9Ev{qHI`Rc*G@P)ULDzeQ>Y-H9+M81pj&|)pYkKbWJw10)+e& z>s)7n6>*%szSV&mCLd9h$hNrfmj@g<@A;DCBurs2Q>Pk?OWDCFML2+=GvfrdX(l+h z!MY|R`8AF#?CKFmul2b`jKn>}-_z@DmppbK&<6khr1ZW!j@5Cj=R}OO&c(BWoK#un z=#&r$jIW)IYC9PE_IFo;S_4i7J%yimN)qY*Ug_?vbD)dh@AP_i2Sq-J`8=H4tz3QW zwY)5=L#H*q_UP}+JmWn{y_K#0w??WSE!S9F+ao_-aqM@LQdZc^RGXVoL@Nk3vWtyU zI(IZ+aRs)gfLeWw3R%h5M3QpsURJcrIEQ`)YIfQb8}9pz>I~2^Zp?|MSn-+Ss3C75x2?pnVGk26ihS4+uN1rU;KdP* z2-`%wu85`Q7s(r(!d3yrx)da#X~R!R`#ts>k;Gqa0#DnAyuY;8Z+X~8#eyG0dO(26 zv^jXqsB|O>6VgS2rcQnBX!r?#%VqCWuWubl{cSvLl+@(eovFK6W}1jcNw3;{4v2j; zB%mcXsEFR*zepSm3HyO=Q;!5ZrWHNb-%`4>%6GFG)^)ee2bFkfOKZ29n-12DUfHt5 z0l1gK*V&RaS{D{4RgI3`e0^r_R~yjcp1I5L*xiN`Vg0>Ox) zj%$}as14H)Oo09m1w#f>mRSF{zxJ8LBTuRiC|8-2zT#Jox)y4qjl z&(Ey(xmYqFm@r<6&b6Q&*ZF-g5dY0BE_2@@lxlOKxBHerfD}o+iV*Bzr3(Ir2R3xE zi&c8=*#@d2@5W_)RPslX;m!>r`UnJ&+%1PM@rVnlYSvgQemj^*Y)iVn7KAk~Y?)peuaBfrIi1c~dqEv`)9I59pF5r#IYwqeS#=bJi5&_5Az>SP!FX zYMYs;0i<(b^pl>Dy}c%6s3<{bi4J}V%oS3q+XG*uD)$lRAI{gD4_ec>>(p=1jpS^t zTemzDb?>rnL9o%n(#LA8NkNS>&bu^yxq1Q+4W+CDI3S4 zxTMTvU9fPa1P_PJXlXimWtBSR+D5&YmlO?=s3$+x_$Wi4;jas(yoEPI;(+2_Ais*= zf?0F&nF*KJ-?nw$V8A5eJ3lbg;v;w6*{dlK8<^Le4HT<4W$t$ramYH5t0_SuRvwk* zn;;h!$?GWXxQB&ELi*(0<0}lJJ2_1PntE@;&7R^R@JYci^+0%yHI~|<-jh8<(d8Ur zwX?Hw96jboK8eB_9j`T?cLrG4P%rLyMW7^lsWB(8`9qBJvJQJPVcQ0Y5r1~uKfy)o zOV1Z;oIGnm;oqkYs#~pBv5sedv@OveQu2@7Vd&LUS6~18fv@hY zX>S@V)34z464|W*{H`HoYRK-ds(60s`?crU^qvk{0Gm~Y|0*~j@btek@)qluUwR3fNMNoND3hwJMG-|T2}B!- zDg`9%$bVVfBt8iKyjh)Etg%<|-rw5#txX9oF?508SD6SMw{zrGj5nKnZ^9)yn7Y z`iasYLie^1q6Q0$dRUPtKMj&G5lLOUv+$J0I!41rHV>4$R zi(JEi+Af-MlE_$EVuZBw7wo7jUBD~n%ze$o+(KxlW(6d1B-b>dk3E;W*HjS;#J20C z)Xl(LMC6Hk%}jbiqp?nnwF1=oMCRm{aRFEYV#tAeESxT0j}9VzLsXd#Ct=Mq3kz_D zC+T(?T4CL#$Uzf~_Sy|{zVNsh(5cTyF%s+LH-kUj8^W2DP1|08^An%h?-#W@uY(B5 zjHcFZOLjD9L24>+{OesMaV5}jI!S=WPy)%Y*HtFI6ThTENM z;R4~|(l~s5FrkX&NJwAN5DaOn3={#u%3YBG4PG~y!}&4jkF1i2Hg94k78usPTHKUf zbgx4fbW8u?{nE`h-rzjoH}cJxtFUI&u|#0+NFEtj^40d|ynVGJJ6SW|VAkJK3vWA6 z!e5z$MwY;w63w&t&$=43Rn;VQq@ul+D@;;R!V2lwFGp_LT0sP;CN zXjAGL(_B<#CZ`Lw*%%=)0+Akp9qkaq0zrV>`PnkpYouP);IDvKKad8K0_w>*N4hj| z(FfajcX_=teK?dC>JIPR`{5~*UhMy9+_u0q8|IM=kDY&8al&%SXLuErgRl3nrjSD7 zPvk3pRL!@%9mI1aQ-JS&-wR zAd6Jv-QWZ?GEX3YWIA^G^K!*_42RAc|DclJ^k5lL+#pakmZu?k2?ngm*9a~sW2uY}UH||t#2HtjFVTAodhE3%6yfe3) zv(0Ua8qEqWIUSgL6FjUhBGXH>*}r7`f;OEoasq-&e!@02l&DwBE^HY+?a(X~ytNsx z^0Q1&mHad_%I=IQas-VRs|XwDy(wyD=DA;~1wMUhg+R)lUy?O)iM_QdF3Jm#kB7RKe zzUldJY(tf>MF3%SCAP5xio7c zPYYTtmy?j#TiU@)^zj3h{J4k8=b|#&${AAE8mF7WW=Gl{grNKZtokj_gn{JQ^_4CY2T9koYA>w+o?T?6L}&3QbyHBGWGYcCklO z3u5m|X1ZwvJTfy`j(&6(w4Ws?m@{rbuCw`s$JGUD^kb(IK{;`Dp+Do!Hk6C)UH$rU zw=AZ;bJfkm$#2qO+y{vQ8dnOIyd9U_qJ$oO4xn8pA@5_HDjyq?B@;5JPS_syWNAVb z=vDm`zB3hk3~;`4Njzg`8$Dc)_wSb=eH^SjDJc8kg{rZ1(X+O;*2Xm%!wQY185pAjvI8t7aYL-4dSfdtpSL+BqJ!15en&=mW<<`8P zB_GsCLoD6+8u>40L&$Nc34Ov(;x3>jy`9L>hY!= z1UG%RH=n%mF1l&I)^wg@hq62Ey!Zr_EaaG!l?cy5n@MUJo;YXa40={Tv!ZP3sIMM( zFS)UC(qC4p7p~*8?bLo5c{g9nc_pn9omM53dslcfdQF zNA~ggO-+9t<3e*I9Mb=*1;?tjy;Uw zx+smOM(qlCsn=aMiE3O^kT`QGjcLUC0d!yOnu<~JBU76h090%@oSS1m6bMtcTO116MWcR{(5v6>Jp#3A_Ji912!j6i-o z7}A*KaQnsOr!Mp{m1C!uH{oO2vvl>dN8asI?Nr{ZJpo%I$Bq@0KYH7KO4Un1-2Mz2 zt``+q2yAXKh<2d$c$BfCPFh@{s6rrvCFg)e6OjYDcEw*7CAl#tMhO-%?GLP+B=6X_ zbOknziE9Kuti!j{ghZ7oI0gXTbL~YLkMXP;@D9hMh?Cp=F5&5 ze18eg_&!^M=FBMhi)3=6x3q}fKNeBm#7dc~BwiX2J{Vd*%N@aifLr7H*M&jp^-c-_ zm>2Qk!$CjcZ-&*d-G^hcQ)^q{I-%;@{2G53wXMgkGcR}`P|oRLA1Vw4Tphw%+{=P= z(r=mI{4HX8(msmk+$t*RVo7=#*$ZMB=db01OoR{cv#O!J+P@g;A)og0N7D+GVMpOmb#e7ez}ithvz!h zmG-2;%Y`o`{-L(JsHkq+C64bFju9hP0}h1$jOI~o(A4)*AwTaT2ikzgxRS$j86r?c z$g}J{;y_U1DI)q0DSqM8HLHlOCzNF81x5oiv@6$6G&Q9wcy^G@A{iF@=jgVXi}Q(q zIJ4P&&HRakKzZ%7I9@mx@F!DvXTROE|HHG_6sH>hEl;n+{V(0V?}&I<;a?jXuAHnH zRW8O6ZC>yWT2pII9vpmoAkBt%4mMHWP})bN`6RTiI0r;qWYw?Eda2g95{WnH;;ibK zx4yWptpE%;mEyoL8?H|Fs-5=p@ad|CbMCq4O!mG}4N-YGEc@kJpsq#D3Y+_mbJJX7 zwfUI8;|7V#=s(HWXu(Yl3czmeF=>qe-E zv$gxh8P;E}BQIjd=Jnqz5QcRik7X?cv|&G7+jh*gw8rBXYUr-kLd!gtI}zDIqBH$#pznaM<>a`GsYB77#>Tjpp7%@kv->+1YDr(&415ZRPGg7JOJ^wNgP)-@9gpgIV z{d|@GO3)eG*(TF)0@9uLR6A?SrHZ*TEd?btjW4C>5pNz=tKJK%GY49ubur=hn+f4( zvL;V?x1X(^yWe`&&Rb<`ji27nbmop4abAAKd0vLzabx_EbdXU z*IxtW~w^5=`6#blN z$WlV?Q$*e=i1oJ5(%Y1@I=eqzr9bZy#{xZCXhdz|M-@j((LYI_$NI(0PVkW=*>q&S^zCY&a~neb%!buiv#QNFQ^T$sE}RQteF&?Jza5%c@RG6~QJOsPYGclh-f87> zv}UONp=fHO@7#{gYB3$_jOG=Omp+8ud2i>Gp$`tlEXYLzbQ3X)0AiZ<1-m{UzcQ#y zV^|ARTP>4^2S)3lX8{}vpYkYDmu3*O6ZgV3D<{QMo{ry53gB{$$};$ zjShjKFE5{Don(yUOO;-7M%^H$Zf4jIZ)s@Cdz3mCS+D>ToA^Fg<2}0wJ0%3~>P*wW zL77f9ixW-uu+_!>;bQv>?mheU#E$X1FdFtb>ig%IlZPNWVz*%RA35a%%E!K7D?s?P zzN5xde}h=FS1*XI{sQOm+#jw;?7xmlOrQDB_@8;a`~Rhv{8#^cpV;R8TfTp=`u3o8 ztJCZ4ADmgvyje82vvH~O{c{<^5p%I`DHBco;jVl*a}2XnR{Rpbt$_(Ndp8718IEsJ zSqfbo`S^zxQy}ha6*L9=Ol*KQaBhjOjLrRdOD2_E)L`*tn$gq$K0O3e)Hv~%)4L}lei927%w~QGeVHp?@I}hT!Xin`D59l^ za|X3;;xxgZXh2U{Lc#@bRh~2b%}fjhm=p8~RbOI#GVG{}MBUtAo_KUy^J&g$o(&N; zX9GS@o_Q`FAwrEhE!TWY!Tr)7VLuJt+!EE&vblwS;^}4ygJMwWgZ8$>AFa1zHhv)e zUH?R(W+I}9{@=a5ZykxBUdsNvbRS~Y*Tj&^&o>8$`uZkQ!ddeGWtHHM7lYv5DDh+v z#Wv3-mB4H1PKbrwgntBbIm$itQr^(2^eJW|E1uEBanjxv$sV#PYHoI7k+Jx6kDLNc z`|8>&0b1fr{DQr~fz2dgU<{wh2e{7(f~ojybIwI*TBWUtdpy2v`;gtY(Ouszf(k-k zlD-U8tBB(dv0@-&wZmJO<#Xn-I>e-`2cZrb*1e}S?sk68|GVFP{OE-n7(9O;$m#3v znGV`BsndPx;I-R&mW(nJP?KenI%HV0X8d8yMv14*1G!h0s+Tg0j;A;GVZ>;61%3>1{~YUG*Mu$ZqD`xmQqd&h118QW<1 zQvA|XEAeR!R$8kaIuTB;i+XY|SK_(ZlFX9{73$Un89Oo6%jo$eS+JsPRwsz@qxs`@ ztiNU=Y~*A}{vCE!R=Q}{D8Fsmk}~%l{q0_(x_V|Si>#QdpimL}XJ*P=L#&ihptJ?}knaN(`Y{Tw>q>1-Zs!XoFuFgpV!(?4*Csut?wJ6o4H&Ni&bQO%V5}S4b42+)p(!~gjN|=YB64#nd#}T+8h7UO550ermm%R1M~SV-Cv;_qKne*=2p9%+(>pD z7yQ0ncky#}Tyb}%mEXYjx*nA{U~!F^gP*aqInaMqXW}z&^}tXiD1mz_{ri)G6f0L zH!`yt9r*Nma4r>6PQ-k+D9RFbRB4=%tVa$YGE z-fhr*C!10fP@u$&58{zW^D{kh)n4I2E)HLfhwM@k3-Z$Boid*4+}RssUcF`0M1b!T zOdBuD+r?EH>5;`@aKN|RQ>D)T{to1BXqH%N=sd55>sfxN>3!v(DO_TDmZ?vZW$$0 zknBa;&K>?9Jb3;M;AVHE1^R3ECSHPGPG(*&f#6H}4*c1%2`ajl9&k|u1Kq+nZgIe` zJ7=F8`%UM{G1*f42a-1x3hsXN=KuQsv^TS7uC;P62lvqw|6`ZuOg_F*>=?vllikW|4`nrE-P86BPxG8|ymbiPouXMSb^NBOYxkxN%;7n&(vo}h z*9WQqJ}?>!{nFHEH~Mh$w04@Z^kRf&m)WGgwUuUG)kW;o6XXwY8k#g!|?8IGQj z+aB5{sP8K{VqJ70b{|v5GC!oc7xd5&pG<$#=^S49y2!%Q?oq>%bNF6WQABPY7GLo4 zT+n{6!Ro_hC^M-@a#*Mvb_1e)^LH5@cZ$~lEZfuHM&)(jKJN81KBw6=Z5I0W!Ny5^ zao<`^1jWpBM^ef1#%Z^Vit*Fkpq&LN^Z#f@)T#Wj3u<6)&&qmJafMa=SKZ`Y?K|^B ztWMl`W;6Wg^T~uRw(mf$V%TIHMsU+zwm+_e=1zR$}NmU%4}UhWeOERgrm`Qx(ql_qC~yQkD?MtAC9@z^}MO=i-#zPtCQO3hn=hP@^!$$`zR{% z-hCH6^kAu>G3{r8o7ss4BAb1)*Q4ZQwHtcvT3fAxpW1O3XL~^xWaYcm&T6dI{*9AA zn|D6b8?QWGP1qm4#yO8VmHcB?Bc$nAEny74=J3WT!1qK`m*c>wD*f@FCHp>kr~DTJ z>3*+WU)#*Mz%1sR#gL=lb_P(z{aQ)6llATxlqvR7^sV*GCeB1AAFp1K>&G0qKmNmKRIR4o*9rcn3fGgp+XPg0L|^IWTjKYMew4Eg*nN)pvH~xpWqd zP+Cn7jq`_Ip1=ipq2hMv8*RyGIKnMTxbg9Ounqp8(s6B#yBXQpZbIO%vn3zEP7+Pn z&Gn>6|Dbb!8Q$MGc{7&PV*XDwBZe?49P9ETLo@m&nqXBPSmihS&tBCFUF=Ic>$+$u zo*6%NQjn<80A+?UldAoQT?PY&?i;7nCVe+fwZ_OmpHJjlam7KxZ3#sMKb??*65v5T zy}P&ZPI+^aL!lFp5wZ3;yx<|Cq06c`uQR24e(p8<03qF&=o)B|nlY#-JOgbmrV^z@A*Ey^~d@Wx9Ulv>%Xk*;Co7B@1VWtcy<6(y{m3+I(;nNE%%JEY#juB`0n^?qNYbkWGT z{Rsb_v0l@`H1nI|Fo+G_zWj^D8@dp5+qg=+tJS=7YeoHi#{!8TN8~*FT^Fe~-2va}g5K)U z1nKe+Z@GMg7vq!w!ofAStUNM-z^HR!>|{2Ut?dUrldz7pQ+Yh<>H_-=od3N0(Riw4 z1F}jb&$=#RA}`N!?cd@!2_kzS=6!^YbLO#EmZoJz^JQ@FAv7=G*iZ4Tl}4nS4#XLJ ztZ|!kq~{GfcEDYpnYgZ^T5E1~_ok>ReJ(>tcHZdTQD>LDOMvNc1e{ccg7x4PMS8Kn zvbITJeOb3Te2GJqV1D)f$Zzl6Wj9nwSzC?Cm2n|x=beN@-a^8UKnT@ELLs7SM=e^> ztv!2%;OIISVm}kXy6y+CF0n>^D1l*=Qs$2s@IH*sv`8Yhp-nBDs3@44c8-mOgNNZb ze(o|dT74|{XmJs_A0^`2^~zV5j1 z=Utr&UzT$;%L1B_s%xdF{Z=^sUV_USFZVAR1Fz|MLlsdYDkv-1 zO32QW5M6Pbh^i`a{bzG zd2%a?^=T&&ds9WNEXjs-eGG;2WuTo8EDrdw%TC)tyyXFxBu|Q!opvE4J1XXpfj8A7 z;7YEgLTReb2mUVIP319FW`<0AF)4(W730tO!K9M4ld^T!z|s! z8GC)@Y+*NYy92F#u-~J*pINQ+MbF+aIsef5*Qv}`(Oxbf%T1{Xv({5>qcQ7#aK7U7u{AzT{fqhQfD6nu}NY269I zE;MN!Sz-+2nNCV9)<1v0qU|Q%B{zeQTxkNr|;`;NV9vc0@-=B zd^wy>Dr6TCN+lS)gSjUJ|HtI%O;KyT$z;!m9-e_<0*K>F=X3`%U7^yE<(-qs8j?`y z{)6~MI)T|3Wa|??A~1)v_&O`!al2@TBD=M%0=dDW>%#Dt8eLhozWpRD7~2iP^GUZ{W^Z@8k$R1 zD&|=(vBew})>6;MsIT}Cvv`i&41FSIQe6 z!iTdVmU;rQ5B|aeH-tdlOCs6)Tu@wqX&#HByhMP})!MGuQR(kqWF;$fJT zXF}L|b|Thq*qtkpt+8n}C(Ch`rVkXjenPgPx{J?BvClVQ3vVq-C4Kd;jO~xRR$GAF(J z7g+eFy`C<{-mrR9ux#($@QF~SyN@G4xhc9&enhq>#oau8ps$6q>SAW&A|1vex{;!D z#XO%6znpXuqk~f^Jq?jEdR0omYJgFcgD84Ob`#cb^i!#`I1>>~=eAV1EE4AzR$Faf z(SqYGY!}xuN zwS4WxK(S8`Osgu{oPgJ$vI_Fz&+fYYv%63gOzFd(W&T{^EVbQoqqK407z8l8=CX3z zZ{5v(m-<>dAR3F&3~E(p3CUV8(Lq!#i^-O0!hOM*h=mCf&!{#s*@ui$EBAXTij_1q zwdj3}VPfy`63i*lw=Jh|wNlfZ^s#oJTv9Fe%ITL3@v23%+7%TeU8+`bA$ry(CwFl+ za{pAA<+&fM&{}{M0|2D*?uyE7fWw>M%6Lvkzm9g=FeRtydj8D`C*R?Y>@ZgRHCyi` zcfH}y9RZ&F(B`bHG%%aRvAwO5rzjT0Sz@WIT~pjwT%4cNBx|iN1%9{*_69!0p8PRQoW;;TqVpeuVSM zW)7=sTS0HYwcEozUEXU_wSTV7!x6h>6u|7q>)px#S|hx194RlHRtoy5ZX9I}rb=`6 zcvof_GA#M49$jPx#fh#JR1x^fDaEGlalM~ZSxgmWw{77v?A7EO0o&$@0@XAk+!o_! znj>L>z~3Sli1<;skzM63(5_2!(4tx8jDD|Q>*-UroN@+E;Q1A$3F{1?QY!WQOfTZ)t!q#ljWRp;Z!fwZ*L1as@PO0y@>;PvVz_3B zJKnJzA^Ac1=J;32dBccZQ#RU|qW+S$I&IV5paT;zSVVROAP^Qb!W?HRgJ1h0%fdQb zTjLS8Y#G~lDr$Nw%s?@TlG7rKXm*{8ZCVCziO4VlTKAR-?{(#JXR{^U3BP=-7~~&( z_Bc-Hx|a*idMVfXn{dgsj^|^ZNpwyx-bj3ricrml_PiRNz01}e+1epEzQTQeG1TEH z!_3OSW#oC6A`P9T|J{uerCoX)+$q4;;6FWgD^I51<`!Ga>u#v$#@9l#i#4T(G)%oE z^kDp&Tl1dp95pHUv~*>`A5Fx^-ju~wstne>!0h4NyK%H-S7SNGHxj0~OhHSyI##8A z0ZM(_alomse+ft5AL*~UfQH$@O$OrKEJWlL5u`A!pEJwfR;&uMy2x+qCH+?GB4+A|X3s9cSVT zarTj`SYGh{AEW4;bn(7H64Q6*IDhbqZU}XNkvXUvC9SpHdf3}SQwhgXAJr1-$@9YI z9AZbLMz5C3Mu%F}%!WFq{-!OP@pqlsr)>h{&#A*`m`;;sp44D>tdNI>t1moPMDktV zw#pG#9S}uNg-W*aVb11}7B;PaAmuHKpnN_Dww)+E9uj?SA0T8Bjpk&w_ny;T47;4l zd&FLoU^7JIdDo0jPZvoM*btou8!kGo@<+1@T>|LUuy#^aAElYJ)vWU%QVXDre&V2E zne;q!j#Nm`k2XUHL}+4Z%4Q4^0_W8hcjMzxvpt3EZD&&-S{4;7`njOnenr zQ(o!K)PQ{&7xTO{K^*5^&_NAuFtdELT$27gUb&9GWcRE;;bCEhLEf)m8XEUR5p9XK+pMLNrz}%*gTAcCZ+H} z;5*u3?@Y-T?}|+wB)=Gy4UZ?=!^c-ZSeRzaWxd9d>|{ARPtDD(X1+Ti545&W2CeUG zyr+$*z#D6q*?HmKbNvOr9B^I;Jw5O=&EgkbaIDVi4L>hv0#fs|+=HXv)-BBKIBfd> zT4m!8)K}H4T!;PGwgdL@cfYuA>UXksn;lw}E`y#+cDPfSu@mlc>muWp01O%+vriHh z$1VHe6g6onw<&BK$|?J^`o682_gOD^>mnjUpO)%!Nv!R|X(k-^+{gsJ4IWzsVraouozI2qkd0LL^kPZn z%#;#89?SZl;N%P~?Jr#SVit57Z@T8SaOTPa+-}rg{J1!ykpv4W;;+@ZpE{S} z9i&C*nEE<3`Rgg1{C-Q@|5Rv`P&Qs*h@?TJQ1@zsu5Mm9Vk9*wjSu@nY)6+BT{QVo zDnPg;a00F~cobev!i!~T{xmEK`P%5mezBLGem;KH>F8i;LI<%dE?HL@JuI7^rH=*9 zt<>kd*CkVYkxNRoju~92xf3+E`!}f$!ZVL}*ClNW7%HGqbfr+hEQBFyDx?!M0dtH>+H5dv z>3V@Nt&v5fp{=ebG+@d-HrBb#=?Yb*+>b)=QRDP$t1+$u{78$>W&Z}mc zeOoeG{Hx#YK-Vanp>JP5Ga8Pcb|q~oGx_sTN;Up2Mu8?}Gwk#sghUSjUR_qm7IF4j zkdjXVtTMXxo?5txrA^qjRIpajSmagY^wn%dn`%z4)wQXOAGVM(F}zz{xFUZS!{>6a zgyQdc1pXL5(DU0&`e3hPTWftiWa>z`%|=d=$irpEE2myC6Uou~J|QzQDZ11U_MZM% zPLZ@KcW$#8;RG0n0MOG(+iW9sDb`XS*GB~s?lYTCn8&K6+*uf!aS%G?Z@gN7O-nO6 zh=v(*Et2>rWHaENaFoRJF9p!vss5h0k9bBGg?K_Dz?{z*O zw#mEq?jdD5z?xw6lSk$&I9r{2fvxLBT>oY9rsszjZ&amcwM! zyy5KX!1Y|KFO*FbPF`!S-srvB$^M5}bxGs)%i?Xy9AJ#3eR_A7)s&sJ)jOxvv1M1L zgAcH?ZG|Tc&`iok;AUt&au-ePPI}QTR2N_o+p=SUrj;A6-X&8+EiNeozpn}xxl#sjh#O= z?73crnDR^zFRUqcxCV&OX!zDSM-tE+izK@HE**=gDd?iyGod!8buJEMZyI&BchrX9 zbNs7|+h+TpbDF$4*?F4P;~&k{-xcKKXF!F~uac!6rL%X6FNbLo1$<7=%SJdDKBG$r z(1vs9BH6c5GT_ohY%P4T9eo~+(2t&~1()64uG_!^cTWcVvZR7dCe_lDNil>36O;Mf zTi^EHbXnOuRtyZ%X*F>}#K!C|M)&R|onUpD1l=%);&-Su1PctH9(@x5O0ky+lI0EW00P7kXZq*vXvI%;ki%)4uf_c;{NxNX!sqBJ0sa0m@al2 z>5a2rp_k+Z$xHG==G(~dIdJQxq>06MZg2D<;=BkYBf7A#iCe(nLpYu$r;Cp6L^6Vb z)Il$nyAwOmqZDVTOJx!nAtv;}_T!D1Z*y~z{C5F{FmVHL2|o-m)U_;kZ#dJMkpZ0C zZpZpI*B=ZHW;f^B8=GW)a;S|rtPp|5i6Hhge^*j4620B(pQmDIm`Da8=pniQ zkp5oy|4t|bvLCTxz{#;kc{xM0FW{34<|KaA+SLY-8u8EV?-k>_leuo|cg4QY z+06zlfPzYX;eY;@II(O*=327+)PL}&!csTRT$glK9N+k2-+z%{{_ILfZ~V5S?Hxv7 zYi!NJ)O5IYZXYw<60!{s=fhe=>L2^{j~!kDpWt_%s&%J}MQzat@|4NIY|_KcOPgM? zw!l&1f5L~(%9rZ}Vt^6@Bhv?L8EdTY`QT;;B)2I7#uu{Tly|V{RFvySVb7z@tb&zW z_`yO?BV}A;lGAcJmnRp4%9}p@r_CPIJ5q8R-{JBYV}vor4Ap%#EU&*kYb2PpnfrO< z8eX9KM1~)QgkAV?&ad<+%KJv~OR$Uz=bjt7``_mMfx?vg)D-5upv|V^oqi8~PWPJV ztkkeUr02@_2)6AjJ6TF0P|Kw``mrVDMl9!cj0e*B2(0U`g<2Nw+LD)TZLE^<8 z$T3~U>Yi7g%?O`0kqpT<$Gpr;eO;t^*}tI5HF7-xf5(PaBq8tYV>chzc4wva>U(y; zEa6w)^Pk)n;c62pJ~W2W(2h^p>8{Ph_p4^K-1A4-4Z}yvi-o&oi)MW?-!5-;;7+Y& z+0lDX)c&@s3%)OGIG`0Ua9vPU!fe%lSG-%;d2PSinNK-RuxltXP`;OgM+x~>Sfjutj_ z_1TaDd#7fvzA*T(T^GliTh&U+qC=OeKg{|wFTUPFH*E0r2H9mj&%E^`k7j~Ye)P=ak&$#&5*wS`jz`J#g|Iy(VLH5wutJQ^ZZT88H1xKG2h$hnNx|Uu@X; z(F7ObYmC^ae-ZLcHB#T!DCnhg-?b4u$f;t?ve7NFC0Tcm*@KxNbwk6nvpL6BUSfPdc7qoP=D2DZZP7#SyWLg)Rembhg0x&Yrr9r~Vt^OI|}hfAu%8BDTqj{@!+J|JvYVw6A8pLlJe z6k2{-rY6api`cez+5Q=3&N5DuXJNbCt8MsbjU-WzlQYXC8`BA7geQa#CcjWsV&yp{ zkCXKrXhxM7IWwbo=roo?yZ?ZShD4PFk-9FryTWOPy=?}q_Z*x7p9 z23B{}Vbx_Lw^t3EAv!I-RTe-`NeTAKxz#_xh+@pVis~W=2r3&ewoyEep9bd8eVnH6 zV61SHrS08|DtcU4nZ@Fu=!QFDl-Y>qZJKO{+Et+{=5SuIc2(`W9X8sepCtl<$Mq-v zoaZiyo?`KWNIyK|AtheN7jvYIv4i8Jp{WK*#9v=o}~@k?jh zLw>y!^8-hL8aFhQs)0hi^<5pO(JOQ+WzOr7WiI1S{I$)*m3?91reb2IM=IaCt}-+C zuap66_Jf+kSe!PuuB&goaBd|KhDJ_G0%X}7IGtP;*4>`>TQd=*QrOfMx%C4ESXS2! z5~zIUa$knrzSg43%sc+}?|g5`8MAO4ON|w z0*8_1<+QX?9n0!EN6kC?*&o*MGi&PM?|uO0vD@bgX73lG^{8%g6C@8=ZWN46| zO2XhyBKShV<@d$A9SO40>cw7Z#B?Zjw${FvYsW!Gv1zMXAMxA)@el8%Sl2$f6|6QWtgV;7$x-@`mC-jIAAIBHiT!3|r_deMk%^lG-4iQK>t`J^a4+{DD1idsbu^=ea^ z$#(4;>j=#P@%ELuaBYX-A1SrB-szSLWzJQ0v_%RRj~7Fn=8tMDKL0U-9M^n(!#adX zK4AL^P2h(_&PcHFl3R zYM0ie(_WiwVFrN61|OY4?>e%A(HR39*$c|0^9Aa%D9gnvWoO6qYYMMT3Fi$r2vZE{ zX^owTIQ=MLlzzT-+S;2YJ$B1TCwXr-4;b6qeZ<}E7-I@EuU)&}$~gX#A5lH3LZ#LM z!Va8w$1S<nUaa_aS4P}Q zlS5eE80GKv(H*S0qn=qkts@ooIClxT>i6Md3-ru;{60DYQZJPM7Z}dx9K9fv0RPD- zIrVf)nk)}j$QBG~D(gKRa`ijDCB`2Y;5XRUmr+rn9S~=xLcNW$uv(F+&Cf?Td|?`) z?yqQ>H+Imxe}v&b-DHqu%2DR%)Oir;Agt&0Fg@1xtELxP_}sNCmKQ_g-b&+G&ISYb zll}8$-LpABmjku>;QRppu$7Ol!^Tz)pW8axpjY*AcS29$m`yv++Y`eeGxjC+72erc zb@Ug*L5f^?(+X7oW^~qF&qGXWRWF*c>ZJZ?W{u0gV{~4pa6PEPQ1cuWNnX8Yx71$E zP@VwyIa*!de{lBW_{8q%>gcc8=gbN;`+pdiZzJ4*t)L=a;rUGZt)qTmCuSzTbmGKL zs1>2z(47wDSgp=f{P3Y_*()L8^d$O09}tK2}Wy&IRTt%Yk)( zXFmR)YBL8o46f7Rh{$6*%-(?!3us*kxdCHV&$Y*Wj3T=;B5d8cFMogkl(h9C9&S#2 z0uqxyg-?oD{i)OR!mU4h3>Mp@HyW_rz*$kL`A{;5jdBkGC!4L4r{k=aR zfkcmv`Wb6O)!nPQ<$!h4>XjZ^x9Qsn`P$9wNUq~6|COH*XVD$3+*$xwL4&nFc{ST; z(8TWd+g%XTQ37kEsN=i>5Ge!^-`}k2x^4(t9()Ec@W(GaWw<7Ekzf(%y?DWvbeRJ5 zoa3zr;lCjh7=PTw7Sb}nFDRWxj22v~<^=#b*US^1nsG_3oV-A+^$NKL5dAiiZgbMK<-+6c{Bsw;N3rLYqWijJ}vb7 zAcm0DQ#VJbM-v)OV;@$Z_eO-dlkhxIXw#Yz7%xC& zE;}6Hj>xWLdL&}$)nP&1dxhwKV9=C_R%$r>$b!L2A3c)z?Y4<><{W%!;I~=TN%Z1h zWS4)y#m;CmqtxCxgVPc(I~^-yiL>d%q5|!(C`H)%NzvH*sF~^Idn3VGMi)@!QOA#W zq4$BcaI|<>wm9+H7YnZjPhB&ElcR?_*w3$d(iDoPmn|dp^e=hH1N|Tm+44=SOR`&7EdLuaMojM7$UR@ez=0subm58U;gzUFEzeVUI487boU=igJ<5{6obr#!7vzmtYnvF#km1hv*g*y~+ToR1=A z*4!R)}xC2*_*Aip@3j^k-RO-F~F+#|u)4UUII>uy(~*jaJ_&QUDnA0vmE{ zbm-ni?G9eQ3%kRU*GX&JKEmIN3*Thu(o)N5sSkP{{HV2AMKcCw)a;)@DL79-H3KuZ zblETJ%P=Tmp3l5sm-roxe!QdYc-!#@$XSLniJ1K~owE$4w!Wc7AVY%@+Saf))aKoP ztA&0d$*L&&`_<1Drh8n0R=~B>>L+xAz!+jRIk5BG6BO?OxC{OW3{l^$4EyqJ0Sc=QdaBA{Us zMjoTYbdNQ?U2^JEt`O^37qsIu>TgkbA2Vn5JgUP>P~Q5PFXqJx9JTkWi4fUg8mqpE z9E7uKnp5CI_er6-kKA*}CK5|+3_TMywPc|Yna(CTjdh;C1fQoNkVU3OuVYVaFnoe! z_dDM?${5a=!z1j|*5=jeJ;Te9QGBH)VrWu0#bB5j5Lv%mUa)*ERgrN%$b4y#Ro*VG z?uQ=MMLySNEZhvxtaO&Mw>y7rX?3$hhJS%*?2~`D7!DSSIRHMcrprK15`$=S>zM2M zNhsf4^P*Tm+vRCU48!Sll4pbX)Me?&YQBTR|o zOYWA-SXawhAky0C-hdQU;kSvuvZcj)Sl*f;FvIM?>B8>sWLvkGoo56OoD#vMg~AYD zH~vclBa#UZ*O0PK?b>JVwyt5a12b8yc}Ug=6NBOJS~H_BN%o)xuHrki9-{)Mo+9Se zDcW-%Fcjp}nz?(kx_P|-&G+jH;^))J(g;UkU*1Uaz6KRZw1XOhUF;o=AOUQ9g|LiX z2`DF|raBQWtUzi61I2!4cv7b4Vb8M%dPRJg$kWc=Euel9raHB8KCe1KNRV_FupV}Q zVX5Chi|vzNBncge1{x-uJ6c0S;cM!kq*okHq0 zsiRQ(BJK8G+eR3mLoyK#l8JbkDX1s5G!1X6IygN8e%@eZ)5xW~=}8?zG6yQJ zRK6F9J@Fx+a@NtB!aZY%cc4|P==Hdhscd(GCo~Rc(%cz|6&9Q1Fj>Agn`3KhyXmJ!gwsR zY7{Ap9l1|C;qlo*x?MHs$^f`D{Hh2C@&8P^^a_-L8DhO3T7GW3+O0KmNAUU4{p%ft za(3G2Qr32aTsf{5CAPby^Q+d#1M)xPu^q*@!B@8D1oFmkj6|and|j~}k?E1E%SZ+_ z``L%|yFSWTqU#m!^ z!_~^0@OZ^^e*Fxokd7OyaN|rgAM?D-&8;Knk{=^RE-RI`#gXoAZhj|izTx4f#tT@_ z)n959Z-<>fnY@~FI?R^To!8)F-qU$KM*16gvac~OB=y`5-si5=az>Ji(J;}QFc>;7 zel)>mQ1$In$9V4^$o4!o1jt;4^Ght>PAW z64sSvLU@D7BBZ;Mde=AK{HvyV?&(b`_!U$dbsrgJIoGS>Ztc7kfc90aO;MPuXqHQL zFz~a3^Ld)4=tk^Fuo-QtL9Xy1hh3a>MJabHM@VaDTvrSm61_0-$xDco^7zReiS7#R zimMAm_A$c6q0f~OH#?y0DPNaVSdJ?GICb-QBCw&JJJOE#B0xPR3R#;y0)6nk06d~mAg}hw)bSq9#;G4t6x5gD zeYQOs4HaO32gNv+b3}FgVO~P|`jInZKF#{!)tq3KM5RMo8ss0|noVOh-Cy7o9WFj> zM8#BScm-unfl3?tIW4g7r~EZP*uEaIvCQwi`qqwcMK}bX ziN_6?yl)+({(>sTOe^SD3F{&Hi}}`S!uiy^jIh+>N`_bq?ZnB&m!qIY7#|6tQL6*1(G1_cynyqYSN zBJ@8kz#_hzxjx*kO-k7YEob#_SPPp}$q@j+iS_r2Ol8#fw`>A~M{)pbjg zulCf<9vL=?h)Qp~EKMu42)J)fqa7Q!?8>lfE6a9Qa!Mw9v9E)-$@4HjiSIF-jz?3w z(~t3kGk64vnSGpNln-C(=egH8cIo5HwiEC5I6T+NCPrdiGjUk!FS7*5k#`0_p`To~ z<8A+}`5FPn&$!^^$XRgvh&|K(nI+YCtu4H-cKyv)8*328W6-ZpBQVMh3;VHicc>JC zU~qZ78FsSBg#1X61IKtC-+zdFB6SK$Z!C4JcYJW}Too37OFEK?K3|UV@8_S{ywBPI z9o#)S((BlKh1G|dulKnC>rrbP0{pv2SRe79^vfJ8#_%tPe-QY#=@deFk^$2M8%2l@ ziTC^~VlP4raCv^Uqe$ior$b1nM1OnMx`;{JnlHLd3w8JUWT6=W3q9jIAm*z;$M1Sz4PB7!{+t=MxoRWD=2mb(Z&}b zMH*y{zp&oam$@L&AlVr}csPiT=jc)$?cw*RTAT%-Jq`t=`=Or1R{21of>eRmR+xe}h~H8w3F= zb3l41E0wx>GJY?h=*WC>zT$60*{mswBYjWo9zgs3Hd{{|>GlwhJouTNPtPkW14u9~acbhvE-^O>nFfNL_;$Qqt z>s9ioa!Z%qRy0FG&n!aA7$r znRKPs%@Kc#q>H*>xl|+wdf3pKncG(#*{gm@1ce?}t$rIALLWp^q9a}PsWit?#B2Tz zyxT5ChlqK;(aPa9`-XpYzwkx(bE~i@Nju-NfPVwIoiQz`KV3ErW{H@=kyMI_3Vqs< z1@OS*QQ7j

$k}cPH zb?_Vy+_nwLwBdfn=_}vH`{V4NT?HC&QZG}t%P9=@I__W%r@ZO(IjgeyvJFUz zzHviyc-;Q{^L~FTc*cS=1@B*k1%jW*YBv4|q)>@)u+~qE?bWVgC;q8%_XM5(hsyrH ziR}M%Oveswk#sE3YwEIr=3ieNcUebxPl7;J$ubtp37omcfl|4Q(!u+%U~)332yU!&?Gm%J;XR)Z`$)$e9ng9h;^ zv=Zgrw?Z5;MlYpS4D#_m{-w22yaxO&%kR}(s^R~y7~cH%ye+2#N+&+vm~x?0iDQxK zTb^#6&V`~6_fkGJ0is|F_>GbQS0Ew|prM0UqXUJ-RHIKc6dt&W`{EvpcBKjwjxKfs z>+)qs478T9|2^>jC+-H;HL4tPF1!jBW5Z)3d_+oaim`=IEE1#c~!7kx+#%Z_rZ7 zDB?W+cwQ?%CRO25WwVp7kFg4JzC_zOt-1bw9NggP%;J=F7#+v@Tf0qrE!`*}I6xUXNx=Z!;D@dag zp}OQ9;EHXW8Czd%nCVSb%4`rwMu#uAN|~9~D4G;rZNPj2ms1y?EOI>DX@*=&uO49P z&`y?`JbF;3%Jmb4grkeJxq`r&jC$t$R*Qjx(D+M9P*4o}Rf zyg$5vicW7vN3vYlJp?YZGU%=5Sy;@tBuHa+mV_qZjqQ#?+# z1KZ~ZWe$^a2+oW&!KfOG%NB*lJaYo&%mFbse>;y-*i9Tp_0G?;?++}czmbG1#oxJg zZ33KEtBsRtC|;mr&}@}2eUu8*NS%BIBlz=b{W?_|L06@WjrYJ37h8ogvxTEt3_}zqh1Q6@^13GoRdQ8=?ryB1>BBysy(f5L%1U-fS< zS#FRQlg%;9{aPQqdvc0u`smw=omsPN(!VNn7T;t7jQTQ=$n0t6aFbF0m50_CC08*` zCW(Yi+wRv!a@HYRvlR>RMQ#s5Xiw^KNsHYcY$tb4c0dbg@3BjzSfn%mG36iS{ImApzvP~9h*Mg6 z^J)}Qv5HQQG|^^wB6V!rrOPF^#J&Nt;r4H(-ODKgz34y&FY@T%*@b4?`z`}%xz*0% z?=|a*5P6}@0BUZd*=wznr66;F3n*XNGig)yR2wN%GnqrU=ev|F=Y>R{*kEhvg^zzN zA1%S|RdrF7tK?;- zJXpqcH`^27RVWTxZs-whG~9u3|LbWY^_ac`w?=~bdx9(V%rEm4$4`nhw`DG7CP@r?u0|JSroshZ4p|roD*cy>*?L|wk(XqkDmZv+ z4U|HVoW`F(CEqZy{RCL_FfoyrA+d&bUga?Aik?HsHR!=L73J^c`KildWZSqU0{iBO z!6#Nm_a6f2A@FgYkT@KxVKeVu&|mOV-o~exz|zvY?DH&oTkaASFPXVdo^UNys(^M< zi8`FCE_l`Ty{W=qOjO2~8g2W!R)s|i0%g&?IQFV4bOQGvb&JV5{}Qq4AxcSa z+U`6m{Xtm$r}wThNUl5JEGa~gZKx}iq##g=DQ8P4&MAFbY4X+; zg|`+wRE?5v6Q%=+JNEP4?WUu4${$qGz& z5+icXeAJlu$f}WTah~Cmq9{CsFIR=4Ngl#+mWW|&hn^_(ehIQ*4W^iusVu&{mDW(d zFB;B!*TlxpB$PE!hUv1>J7=D?73rynweNB+cME&oQhPT4_np64O;+60g zqeZ@c!%lBOuN^&OUvI_(-gnaB$ zoonyaD%orse%BTz+3i8q(C<`tx4qYz+jO{n4{=5ME3`96Jx(t%x1_6y)QBUJ1dJ(%VUV%Oayn3lkURpwpRcXTWjf_%h0CdP=!rvbY{FLQ&ZFG-Vvp zLtSmw)A=OE0=PE#Xvbrm*vs+wF|q4S_%Yp%XJEpKOrFrrXHW+TUOO(EpjowG=_tU+ zp6(J1?F{q_bw1mXR!watK7x(WDni>vi36@*dgv$vxlB`yOIAeM`He|$z zHOge>YPMD1&nUmRhe9qlUWs0{I_B`D&c=GT{($}VWpS>E-{8q}&oo5snH4@r3g(mV z?M~`jZtS=b)SVVtdEASAFI5=GB?rt9cbC>B+rQUNvYFDr?89@nxlPa0OW6r94B~u+5{51T@NMri`UJ8il)>3Q{j__)idi>IUwC7h95L* z1XH1)oOcYI>QV>`IYvZf9H4IS#Vbay?W5V!jg~tY1S7W2qx+EPYlxnp)CN<_>JKRz`wdXkX{>ue%dk`YQLLfh3lZNVBLR^sW}7 z`;_-rZ7n15IN#c`R8M}L_EUDcT^Z?(dV;R1&kn3);}bt>mW)nE7L|+V+R{hECxc>- zHF9c?sQAe*JJ6~>_dCqgJSgSK)D6GuW_fC-2u`t4+~}r|1Ee7bI>2crG}3Fx*n<9dQ~RT;`}2AD#IM<84oG%QfC&Whw+XS zNahVad=8(O$Y(-r%f>!uu^p8FjhYAbQpF8Vr9Ts+yHA0y6bf2yLF5jhCTNyCA^PsX zEUWKdb6wW#klUE-Vs^40EaidP@6^{$r&g=Btyt+cXc%3!z-VVc7imBX7ve9el$BL= z5Q&)m6Mp}g&Us9GjIE;d0ymDu;w5w^b&JODMj^~cL-z=Yk*upn5!Ih~7W9@YXLTLb z-^vpi0KaFJ6sk$ZeUs5kjdjHdT_=wmx;&ne(H+DiL*D1ixg{Nb z#*vilXp7&YW2k1{(kFvLpS2tv_oe&xD5^Vm++d4`_s{OzJ5qxjPUT8QL|n%K=Nl1I z7^ZQwj_Z!2TfDzi=E~NNgk;M!TRe9n-gQhi@m9>O;{!^B|M@q`I)A(Aw zUZM;VX8cvnx`VRrlSZk}>qc3I&Ih4}S;%*R%w{Wv-}nHE>`24t$&l@8ZFAS(#QFpl zIzOt^QU{hS9b1_MX$qvu3|Fr&o#f$RL|i)p9v-NYv~!}Z+ANja76&qRe#GqVFs0`< zKiD_;)_X^oWQucq+xK|0F}F`}qGF|Neix&dn$E+R`v57-jYK>XT6S4O>YpX*?*){h z7oE$4kJkYhw*^|ZZDtxzXw0wzNAdRl=Dt;~jiT+339jDG`w%&+yZ)D=O1|9}Hr%op#5k%0S&ZaYYR&8Y3 z;#2vHZ8hIN#*>Bi^JliCzHScjU#{aadSi7SRkZa0%kGPuI$^CXx3 zdV_?1>^@{DLAFLOfspCYGkpnNl-cY4e@J`lfT+5zZ5$O*R6syQML+>b0cmLzq&p=? z=|;LaDk>!)-QBHpqte|B4bm`l4KT#F2fXj+xu5s_;{E;3KaRtknX_x{wXSuoYxfE` zD`l-(In3U8Lgk?>(-K@)_LZ9`n=|a5-iILvKWCa;yPWVEif=Lwl{`gsw=Q$ma&y)) z3Y-oKPK^)4h?wNmZ#<%fKdZyqloqt=*XneJ>dMo{_dnXY8%$A@3epWL)m77)h~XCQ zuIr3%$F@-^w@BNx>8Wo-A3J%ZEx8)LZRh*#lPx-7H+S3UCI6geDJlKrbVs zK9!|uxn!{}F)a&smYZs&nlr9kgOodR?;lxRE(TBfV&*cZ!Zmu6bonSuU-$4z@^p1mH6!vyi}KnN zIhV&qQ9m)8YD$cqAKHC@xAxD*K)88K``OlYm_JOVO|8`F2H16593C;t`+v`Ic?I`qlDtN^dDHKzHoN9nFI| zMr0DGclLdmlTQieXtpFP-wrblq0Jh`EWQy*^x!kAZJmMWB76(UMqCEX2Y1VztqeMU z-@yO5;>rS!x0ejdDark&*j1ywLHp!e4I`Y(Qzy)r_{Z(hp*~bp5+e+)jj*;XDu-$*P5ES<5hg$kJ z^Y<4`PvB*7UrjZ9_^2x?VAkfkdHVC*@a;jq(S-yrbFVU)l#?IO9GqIRl|144;S*}d z9@xm6lPgP~`(;_je6?k@tIm1=MN(?FlB=xl6l=U`()Q)@)>hCtk$Sb{UGdDCLgzwv zU^r~)@)yG|@b)C~E~?vg=G+41z<`&vJXv>{*#0(3?obt{;GA60zIz+CaOA8TIb6={ z;kDqFe;N7~uKkEY%SVG;+vin?s-3E}Q`)XgXw(NL_~?;jBwKSNgK_mSMYPH6^yTmE zu$C*xSVbQm&TGLaP2BlP`x2lqjC3cF`>{af3`JnLOz}DpOMO25ivQ@_Y1QCq=5ZyR z+7-h}HdQ<FgO2{+Za_Kdps);Cx|jL>i?GaLd5R)o`X+^$V`gRZHcJ)^n9%fTy) zH9;Ti>>Yj@tm}skGsZ*{nWouX_)_jvzEU*5!0Nx99dmuo2P~D6c^%i>cFB9~U9nOu z?np!F%_&b#cE7e+-D`fnqfUI0bu3{^C31L!mjq#Ir53TPtsRLp7D)ZPy8zT{K~X*&&>+!)%$btUnPR}1{wf$|LD*jvUH=|a{U5>* zI`Ig&w?mJHWp!qgy80M&;f8BnfPi)|^=UE65=OI=TQkox7hdgxH0g@tyU(oi@t^X( z;CU78f%YvlL47WM3zBGyw*ZjZoBMFTy6r@ou#KAb4t=o@#tl6U_fr?X!3qUf^%lZj zZ2g?kdEVkbIkPH_B{``dUof6Mb&R+(b*8|3W}LwD^8>x2vuXU_w*|sjw1G~xl%<6K)6+R{T;MB39}V2tuykqZ*3-mkRRDh{{ck2AjM-|769OfK}7PA*0_Uv)gL zerq{*Eydjp0CTfR_vz5@D6tS!smtcl^c59~R*Yv3HkG*S>U0z_WY!rgNJ-k{e=0V9 zf1E`UMeu;k%+2C+df07~&8lIwc!Ay`Ipjk8S3XC+tu1}^$~7MDQJ^evlB!~yXK=tU zn(q42ruD-pDHK#vS3)8z@EK`U_1!B)LfO=!LRZ4C$o?}RYSE=@`Bm__(3egII zd+oQcA}>wh@$Gz-;aO$lLD#3=UD4@{`sj`1)(`B{Lg3)~I%JI7i?BZ5vS#lrd_Vmv zG^_Z@S2a+P)IZz5mZ#E@ulQOGXqHCgMVJs>hQeUXLhLerJmksU2g@V38=mxG!r^+R zZ{wBPuQN&icmN1t%YZ~f!A5s?N9*`{Lwam-Te=EuP0MF-&e|-;VYYJSjTKXYv^m92d{obtf>O(UQ zNP1vgWhq-3itX21;C#N8R9IA1B2KJJO;c=4!A^(3`Dwu5WTI41^Lur*v!Ba*%KVLf}xJw#dF1c4ttNM_4=wi$nG2`YV zl{BjoR-R~%dg&_)%W3!4NoJJpY*s-=>RzZ!ISFtgL-~$~mWzF4+9!uc?>B&?_YfmE zbtE0I7b)!aiVF08jHd8;``xGYyZd;Ujh1RLhLi@Et}iCqOmLuxPE~UvNyT*YVrnCo zh_-tw>qI!0y996ppa!O@AKwd4dNx&q5%418UaI`+L(}M(2|eKn7z}PU0p02n+h);G zGJ#TvGuwzS{+uaVWv{4UvTiBue3%c;1+P^@HQTUBXX~BXPhIWDbEBiXNqXZQ3>?X$gIN?h6kLQCIeTDW)8IN@E*r_LK3Y>%PX zOgjYJ8JFa|h9`yJh;(Iun1GwT)84S*>dkVd2DUmkS^k5RXlmZ0i_&1sl4L(jwY=M2 zhM6d@Xhtj4r(9m@PJ>Hz4`Vg@hUJIa_d5!_TFF0UH@8NxK`((g^^z)>$)PaOI?P|v zSzkv}5Ffa{`M%bOacL*J*ji;q{{|p!4cTd_3c+PdV%I_~VS4gA+~&?9vpa3JPDCE- zi%#wjk30pA9$h#S*^#^L8?tDojEJ`uR7T^8pL`WN3RU4(G?+&>-^UEB?F+se z%@ME|v_!D!n@C;H*MJgUfvGqPgr03iHE6cUr5NN2qO#X}Ug)<$aTeP_JlD;z<1Asf z7?IqpaF3IwGu&SIOmvGzBuB+GXo)|jfNH-$a{E_PhE)&Khc5$pn`s)eHKD9er5z97 zLQ=)13J5DhJRA*0jc5+p!-_9vb~tUy;Tcw1Y6kXH(6Kns4MOE(J9owMsFsdd`vQH` z6HqYFq+ODolh>wOLT zY}{1I8NxQx)-`ba+{0g`E}RaCo8S;ly@&s^Ssd_?p-oqMd7zf+GvNw~&69Tnsyy?AzV0(MMt2z;Zh%*FJN08HT6pX}o>C3Z@ki#u(w_2+>(w8x@HZdyh z#Lb~srg}_aKT%Ni`==lf9`4`Q^vSMlTIrjrxQKcTxJL4I+snTyR(K~iyjF46x~AMa zZ%#l(`HSX(f#ACUy2&8Iu*w6ulVwzm6EdyIdG!%*jRr1&WoW{;3f%+;e6hUHjHBV9#~(BL}r7(>Am!d-q#zsW5a1bs=V2)4cn5- zDu}7}RkQR5Vl(aR{FOa5@C`MA`Y~$PD3FfzVqA|8Of~NK&4=V&-GQa9(lnKF2hrE3 zP^5l`RK9~>Eve!Q{9dz}s&|{#e&$a~g|@^6KARq0im=nLUiXMWbd^Ka@seuDm;UG? zD;sm6&MprMYq#6#vr_352bne(1Z%h3=tY*JTH>2&K!<#FFW9SHRq_xOzyaCH zHvV+y@&{L-UmRNMkaAh{wnH2-kTd+=xOe5Hzi(y<2jHaNlV^2SUw|8H`r-^W0Y%FD z>|OE2AfMkBU0lTzSd)aXnD!4f0rjGnjr?Baj!Bzn<;_QZR{GK3-;=ou`MAn&} zFZKvqi+^+D3yYi`>(v?v#0$HOFdh*zFkB^SMLHFC!vdAJVs@HcwW?wLS{RU8c-pGm|o*gW> z-TC#&G;u#i-jkcQzS+j}EXqu|%8?{NpcF#_=y?vbdu3=rV?{D}m{(W_Nfgy4#9)kC znJ(F3oLAI=?DX#hnCV65*?i+(@YPM&b8=7!!Yqy3vi7Ie@cL|-C8>#M%%c03tcV@qj zU=0-MqZ(ek9sx&uw3KUN@cqR6m9KFiqW6fpjD2gx_&xPk7#2Zk{`fI)<9Z$K?tMj%~*W2;>(BBbX%95 zp;u7ZgtmCT&>IB*dOFgmbydJt1BzCeGIU+9%yQg!KhLb~ae|{SDxTw5T$hn`&Yp~@ zYMfei4YKi`%l&GofIdQM``~pGW(2Ks3OM*l@;xZd&C(?{69Pva=V^yS^ zCPG!V)M>kpilNvt(SrM8S~dMUJgnf9G?0YS*JEibSD`;vSu9oILPV0@dqU=Pz{2+o zew2|dA>COd$rPW{Ry&`Qq8l0~)0n3U_&dFe#tYAiH&T{Y2LPGr=WDk&2oCLkJ1_^m zT)&-WbtiRx&%!GTii5!+pflU6M?auYDzK}-M~D%hnVLv+rEx%M(roJmw3Z0G;Hq}JeA&}4hQWPiq&v(lx*!0N~D?6IR7rYASigAPD${~>g|7h7?fobx}x^d*Cx4!WG^jeR=*(q;+1Ws;A0<{02Hxnmz%m9Lo;{Sy|PfU72iM zdD&IzUU{x@b1e^_MQ4x}D)Ytf6HM{SpMIvkqa4^Og9UNe}$3MS%;_*I8L zLKTnHX>(G$7zmXw%m1jbUd7|gm3|$=D(hzBm!yy{%ChisYc4Z4iX`J5sLQ!9tU2Q> zmS?`S%+)h@9IOkBf1iMX$_N+i2Zyjb>6V4i(+u+u(}}iBE%#!-cRG#CG~r-ebf&sm zGd-fG{&nPbT5+-QW-JR@)Mvnk!;(d{6PF?8cRFQc9`uQ%R|Fg{e<96iaE!%Vb61k{ zajQw+4c@ysU5OEP(0`^|s;1P>3uM4qE(2ysQx+4yl_d4^F+Gg6Zh``tRv`U&vea3m zGEcQDq+~h~VG_=fH69P2rIw9mifQ7y#k)qEmg-=bK$_NWOKLoR71Gg^eou6JFkrRl z!YX5Hd7dV)XhYKeMm%}8ky+a%*Kk*ATkYAg((z(0t!+xoF}3jJiO!CMxh@EE9PG*Z z+t4ERKtie0hJTV{cAxi_+ZVSvlLwW&YVoamjoQyFFup1TJ%yH6S%UBARorQ`=o@L~ zRE??{hSTvQA2IA|K(F#^`=22F;dSM9vc9r$p+_l#cST_NdY*#{G`noOT|B5`H z0nf#d>{{R*M$HT^oB5#{or6q*LE+jWf*(KbSoWsKtw9)W6r)I+mQw8kt+;xmOs^&E z^vB-qwIW?yFHIE~4WOx~%36O&w^H=9HTsQ{8Lm)4tJIpdw4!sdl_R$0SHt@UblF7o zZ7AB@vR;<3FTA3CF%>x#zh!ctMAHjYdRxvwA6yi;eypqio~Lz4U+O(4?}O75O+%Ki zxf_$dd!MXaD2YhPF?Ph*xsq(L*1r>fQnRQtPwaKbe|4?qXp19u^1C1ridN}JWzyc~ z*Lh}!M67{jlTjZhC7|j^g6S=vZj}L5@_>w1jY_H?35hXN{f=K=(3(UVPbQ?GSm57~ zd&cem%BWH)g01d-(L)Y+xkpu77>C)wr(L$b=T#AjtAEo=qKhCD_p)FB1)4j2mQ29X zMoYwX6JL||>KvHvbh!2F$?qQ*=9-3xkREzT=I^43tSO(-{ zL~8m8!MkVqho{|vxR-zM15JGJF|;z>YPK!FtrJckkw~C59sW(xZG;HT3wu|C7OMSo zkpr3LKQC{nk4t!N4Qf~}e-FEZgkfBo+?WY~&$d9TC!<85JODf@I&T03_(2N9B7P3D z7IGM_HP$(xY|u%yzY4?~+SZ}`CUw>2Y*qJh+$F8Eu&sjetat~Ywf3kd)MeNa_!w8P z@cJ%R@erNs<6$J!K0=@0dv^WL7+MghcKD-C0Pen9bolgY&7Y(4+{@*&S0ko#f%j~} zFl^@X{FT)KTj&AOY3jhRM5of)JGI_^MTs&pL`M)~j;|Z{tMIU9k6N`O z-c5S^5W9=d>|S0T@`d3RVb=d{P{x019a>$4BX*G^EEeO==`+GW1g80?i)-X9{%XXz z+88}A2Clt-#_!GXhBb-C=VL(WOMF3?0AFp~lJQRaP8GX>a}C*mY@a36mG9z=^}5Sr zk{5@~Q!HqzNpwB1|7X+O;`?y}Z*%0h_3L<J|_K6;ADRWop>w! zGh{}%_>?~b+90I=YPi5Q)ej*a#$=?AR9SM9>=+Zuev&~{mY2psEc!;ra9fZJm6i<2 zQtl4B63H&L_ zKZSPPUrgdL1$MJi+Vz|iw$yt@CY$C0#RC(W#vulaEH~KJ^YWP?2R`rBl9fZZ(v;vu zhjhZlrGuxa3(JafQ`u0)|S3g{H(q5`Y)jk(r`lG3L@RgTqyMwq8^16iM zmB)?m_pJ$k16chg_Mdh2uc0a9jJl!>jkzJ{6(7wb*B>k~=Z^ZPh6TaE3bh#X_l{!^} zVipXZhaV`*%qNexrlGOt;!7PgtG;CEZqH|RWj=GqQbPJ$GKL34v-ah6*a}Vh{o^Oe z4z0nZ0*p(j*K5I*cs^3bk+*Cf7c&`Kd^Rp|un01?h&rnQ%BY!1URx+OLv)?)j#pSM zi^aR;Af478DMy+hfr-eXe>2=}+fw7a-?nui1R2j`)IWzp1mM&%F;5jgE#=denwy)q z%+IH-j1)@_!r`ga)#GNDfz8mYf{TuDaB##RQi_X?@8eq&fECEvl@q^u1s_55Dj`?O{Wp2ozF z^32pcB#){ZL~-)bFvab^ui6)^U^94Ipjle2m^Pchn>HHfsQEb$PyOUlEf4yr4rK_xLe(S{Al&{u&~( zvhgJV&aB)BnnKT_cU!pz>m9Qsk4P5xOZ7~Or9ZE6ycF6y&J325slM}6YGiy*(jqf- z+q3|)B zy>W9LfIrD(&|sqv7i}9Z%#Y^6@M8?+rd@|lue77*@y!<+_QEA4FYIb%tHTOTYv~lL zEqae+BGqp@Jq~8*l&~Bnhl_sYWt=N}G3-#w%6;VRA`M+WWdXOE>%9yFZwsrsp+s;8(YQ5vBgHzfZ|AC*2A`2U* zhO6GrChsT~gTo#&Wo+$9-~9=s*z(j&TEBPoh{H^)IcGt8DU;~EV<#>*vS4DqO|XC2 zhR!C?OMptg$6{!ZE2PWCt^cX`hTGD|0!5cm5*GI(e2A-nK10(B8dbEOZ4Q|I@m^~< zYRaItya}JfIG4S0JjEe#hOW9+QFJYM9a=fDot)RaDh`$?oq{+)Ow<%;8^$}YmEhU2 z=jEG2d}%9Q<2AHf-+zpKt6ufKGUwl3;?UY}S^*aFGZQ9cKRKRMJ<&JRkMvnw#gmj% zufbyobXUpf1dL8YJ=H-$d-(Jr+5p(!1haMJuE<|cU8Hz6dy{^N{k`j6{QCEXTdZRo%M_~R$hky!7JQbT>LmXI=a9V&Zq{1h41az7XrqF zpv|T>neph*(A&J=!NEcDa*?R0C>BM~^^rI@IFXqn6=#c&1Uw(lXY{f;8(p4I%z$Mf z0Iz4r%0t?CNs zqN1@)Wexp>BCh;aE;t|hm$^9V%Cn2DJ0CIEXE^(33MYTTg!`ryR39`V*zPlYW}suL z+1JS^DJs%qU}RKhs@nLl3q+OFpf29+FZxhfp^A!%lq`6F4ntGZwvn;1qCCxV9jzMI z;R@TOpyHYu(qZ=A+1ZpxIx{n~cBwg;Y*)ne9mTHun+I&u%;8xoUEfuXIfDQ7`$LHL zCS`AbzZmwj2CfvCB~g-;1f5>2Za1Rv2udTOB&5YulO(Ai1%n!4JEZFiqk3IN<=i;k z+(Vq)Ur19vnuP}hLSM2LBA!v4i&+T@Nwx@|`cUS+yl27e`>x{l9LnxF79qAcCDtk} zM#qV8OvahwQ z*VAu^Z0f4tErKuEFvxLG95FAXqguF98QsQN=&Kf3W^IrU9OlbI5~~(o9kJ8p!}L2} zCN9iWEqLr%>Rg)4Z*YWp^y(P8teCq%Dk%(;8QbOps@hA(ShMaW?t%{ouTGKEb!>1us>W%^KKZ#SBqK-9P7oc*^eP0e1zg? z<+}3NDy}YP$0=Y*FTNe?fg-Y~+M+@uMgP^E>meN(I}w$T%N0EX3lz3mM0DVLZIbMm zAn!aMRxZ!_o5{;uRC#|onmk;J%7&C!YiObHt)npa{PmCz-6;o0 z@7ljWGGbIs8Q$C-btV_xUQcLGnyQ4*WUTW_KyJ46IRf5`S_ZPnCvE%UuwKRBh6_!z zU*cpU29=K-ulLO?26=y4q1lm|E~-?;GMFzRL5{V*OR<@1(o<=i`-=KtM;5f%d9SCc zoK)9YxHd6A*d>R1m9*9Y(!MNGzMy!BAdty~j_qx|zC4&XNl_p?W*LQ3lSmpo_m*%T zud9kDn%8SQiHsx@t2N;AIo2G`mpwI$|AH5BK)y4!Bz?v7cx0c<l%fP01<3T$b#|N^IBM1(3YfFrvkCVSqrAkB{Q{an_r#R@@RAbzjY;?1rro0fzI z0w?Cvcar-?uElbq{~$J|GyT`%R8H{z^rGc5$z?{FprTu}YHG_+Gpy@XaAo9S>&V5R zTz$Gd*R1rHdwQ*gDTJ9bqMob^nJ&)!uZ!$6xeMJ)rj^22IVEg^hCx*UYi@5#4}Wm3 zY%ZhZLflyJqz>6i0hXyivoDyn} zTepoQHV`Q04igD=ueFkiy7y<($@-D2{GdIW5~ohO+xWw?XuqjPbfBy%HkO;{VFh7}0zWTFq71`)U8|N(AZ4wHr_ETP=1B zI^8UiDyh@+Y}+=H7Is@p8WdRblxInWXw^SgC;yZts9c0UxK<5oa~t=V?8?+Fj1%Ba z4c;q^d^B^}J?{=ys_49=J0DnsZw^olCGqN{k`yylY@C05sHnbr4=PMaalw7vUpwCw zA!dn%;>%l)#jlG8WZ0FO2OhhTQydRhG-Y~w6Nog;x32QgPi|*Mz0jvG36;Q>kg<@p z#UinB>Rot6m{RVosO!XTv$o1glie0Ojf?BhX13_Hx#P!Xe%+&&do-NEQ>R1nwc656 z_Mh3v2d0mB?(;g{D(meTeq-r=Z_N(biiF$;;Y&j+K~MaOxEEwK5MF%o_cr6#7bI%2 zpHfVZ(Xf)hXWA{uGGU#jGXdD6o)$B6@k~_h?nk5b3?fTaC9X%z&)xPL7^ph`GBx;0 zzQuBGDswQHnM*MtGxuuALksh19a~JRY)j!>{|EfTobNiLWZq~+G6v5aHHtJkVzVpTDU4tsCk($eYNdKU)1M1-15y* z&(xkv!4DK&Os}>>@$vCWIfS3R&8?5{O&@KEfwSx{WWD@MRLvaLj^}lw{YpST)53#8 zxaaVM`Sa~hj-|AAF1OR~#@cHoCk4dd$SssTONuIHz#`Fl&gfB&sXotvBc(%O%Wo&B+pkdOgmtsaYUnol3GeP&rh zO0Z3G!9t3_@60wENqw<}vKY;s{@}gdkDI?a)MECij$Jo7q=%#(JQ0;U3x(B_otwc0 z&teL~yM}q<1Md}DzlKgyR_?75aVSr%mq|NOX9ON zouzE5hjpL)wF^sptR~I)>`TNHmD&3;7?Trw0}*`s5VEpy?kNm#7tK3Pej&cmx3y@9 zHHSi_&Ap*+TaBj1#_hj>whiwN7pnQQ7AT)Zz2vxXFGixBDR}>e*yl^XLr+ODep?>yg*Q_udU7Jqk^mF{k?Nbg7>BACK>ci)=|+kLw> zaCDZoe0?v!rO-g$->{adbo|7s&o+7|V||It=jg40oCT_VvYFFnzLp~0j&grBK2%h8 zbhC4(X^uW1jV#u^CThHINmL+u>9h}atj+=Ie*-FEE?Uly&`uh-9#SP`V>5QOs#=f* zr^hUf&Yn=8YR0_(Eu$7p)^@5hAAh{uG{^tF6m?YmyDia6rmGomoO>opiOfwJiw`lT z@FeQyY2Q7o!Q)P-I6YuJJBNeorcekFa>dAiCJ@QajGixYm35THbR-(MC`3XbLc)*R zFTVKDrA3I)dL|J`>$`0G!P|^Zhq-qGs|Q5|www^yE+?s{JDz(*oh~D_@det>x-Ex? zwUef9(*g{U&nAz&X%U2E2SNx0_1IGNU}7yNYNMU!nCI9D9$8jiYrT!w znrj;bI&L|DNed!xDr)Kur8l~|x(0L(>T?>RH<+{HbS0EK`Mn-d#akaf`g~VeMvD1O z{*^4CMR8rf)TlLawoL6r$3T#uQnm%Mq7PfVx<-BaJkDA}iK5W*1hO%NkdtYt>NMvE zL=*>!QO3yYqdn4(cXgEbnnJQ-+-?d<@z3oDf!~UW5FwH#I2z7xQLSqD5lgJ^E@rPq zZ#{k`AO2#J1(7FkOyb1$?X9EJ(Q*7qe$%SkLdC&$)YVc>)Mk|0#riJQnnU);<4Vzv zKfp{k^njcg`=sA!4=W_nd7OI;H7^iuiQ`IB={{A~Tzuau_NcQ4Pv7!mxj8>&B_#c} z@)%lbg133L)2-vMuDdLAl%HNWMnO|)D`F*)m}OSu zWXE<>746oFq>l|xDrB4M)=D~U4;#ZF+{r5c9eWhCA0QB+ZPYfNUoKC5QxUC0a&!#E zQQ+f(g+%g3Eo__J6dgLeIO}jq_D5QK92K#n6;uiabM|v99uWosYF~fWCmf%yN+78H zK-Y0G`&nEu`5?Ng=ESCmKo#*G&fPos?YY;o?ijQoSorYln`0q14i1B~-lOg3UXMfu zbfrv^BnfiqgNmL|Tg{ftN@P=3P*K9@ss@|p$kR4;?_li)(2=`f?RhPt%-_1uRjHu% zC_YDsz%j+&29g%iEMYm%+h%yr!LB^HxU(P z;i4`oM@693I{^5<*`7}#*Y5_NT%`DgUoCQ^)y-$#B7ZORHmX+Mr8R1e!xSSV3p;3v zvkj&v5hu5YDM$GWtfrgn(ggng{@el2x1VR>qunjPx7$to3m)}+BDaZeF9u*Q*IB0P zD6z+P{Tlmnqg__AG)!noEo?KG`x-ATiR9AmxM$-_11P|p7)QI6Uz6u{^7IaAx3M|S zZsiYmXt!&xC2>ipmvfZqq&EBGT9e0lm*&xepnS;xyj}0z69Tq9omW1Fj#fQYT^J!Al+U2< zS$;>7hWDVGZdzL88YFNl6cmKW*r%(6r}njcu524`QC8y!&LBHt#E2pif14n#Rplsu zQkvK$?tnaf;szaw8UUI+h8%H}W3POK#l=}25AcLgj z$lT={Flp1tbiCx}>e;x1rUVJeFQ8{;>{Nb(M$W{yEH;t!aTPDf?fdF&=8pS)g?k*YYND(#P}8bF=#eJ41cBg>Kd?UD7v99W=|mTA=a2Z&X%dex5YK$z0D? z@lpA?&)J@SO)&XtFb33xny^eWLDYK_8e}~^W}hp`&1D!K8w=5@vx2=g7(jN%ULVY>?@jfmO`xp@b|1RUA$INxx@+1uNPlh52cTNt&Oo$7eY&nF^ z_DE}*e#OTk_=I1;RzMC+XczM*HVLj<)kbuq(Uw&*$vrwlNn6vtOrK38B_#)^r;~Pn zU1xgL#fOa9ZD;LzwdcuWs;}R$0~mDOt|cWUIUOC+h}Ka0!MV2ZT*+`oH3R|?s6`7Gx{UAJ4!}Rd?S7BAmxZG{-~ttpg*0Gn#m1uX{$TepyJxz zgxKI&7H!#2U#(L$XP4QC|0=+O_UoTCzt-tKIkivS4Hmh<>;qb@#O(JZigG`D^6M$I zzgoT3;L%VpK5R`jDw(>-&0rZsDjzp7ukA!vxOS=6Zc=iq*Nu}0!H+DmSjbbIc;<3k zH~CeAwEsfEx?vIun4df?4_ui!>r## z^?-%-7*+gTJW@)=To0i;9;~S>ub`>?W=WUz5J>gy*Al8I%gzwio{}L{ne80qFIZ6R zVXjkoUCwExENQ5KJ;4BHvte98X)Tn$QhlmssI|6ey$Uq)Cfh4GCmmHRVu*`f=s#7j z*O5brdVzS8 ziDy|Si*!3QUqRN*imh`?vFIApL#H@QjID2d)o?MqgoVX7M(6UXMdt+gHT6PlzY9CD z8|#cog_&C_+=*478QvRjZ$97Q<*qx=l$1?W;b6$Q;fD%|hm+w~8|%*-1UL2}(=2J6 z5MN!b@-=37R>2Bkfb9Af=2%1LLoHVW1)PkPPK2niPqSR1;|+P%T#K*7HbFZlyBA7! z&k`xkqJ&}G&TwhX!v&9rhL2gP8yEq}z6(n%PXAS=$=t2(Z7S^bonzxbp$RBzDvq+c zvZi!0r>$vi+t0Gila+a7Ei}Dd9X*W&86lhn9lNaCz(TBZfLQXy5yICzKgkE1V4%kP zkqExf7dq-R`NuiedQl5qvFwUCi%TxCm`Bmd;suvBx8ji1lTrhN4ZcLcX*@KQ7#$o8 z>jS}7Y{_4d7Fz#ee!5m<1dSmF{*56AB_=*%4TrHrvMDw!;gsJ33%RV}%s!vlZ>dLU z5A%^3DXmyA)zA2_uH#nfmj*D-r5OF!`$z1S(r+=Gr0_}G!ALPb zR>ze`pCR-bI=i>0p&sWP(h;OQ+asbNv;jriC(vf_3{*0IAO^W4Jr=bM{N2oMM4jnX z3}ypm!8&6$^&@p9uyfqZs@@&c7(Ccs$hBGMR5R>~D+Urbx*&#Dqo=1&qehQ+VR5m( zxrK$gYMv(aoe@@Jrd46vq7H)vtlT%Yw(ga>4RU?+ycO`s1JdzTC5px}3GYn-0!7qa z)m)^IluZ-Ox^3?{}vTO?yaqmYcrZ zYrM{TpD_OsMm-_ec+nS)hXV%oC5h?x@S70EwD&o3o-of=o{?-ePMHiaJH95G@y67? ziGzo8E1nU{jYjnKl{G=fH~Yr^-JSZi^IXcU>A!ZHSastf5a8-qm_dUuFQs;Mt~Hb+ zsz+~)Ow3JwJ{zbEkpS=Dj{{N=Erek=H{IZS=Gdf~gXDuTm>)74|46dHD9p{wp25XT zO-%zeDWs*PTe`cyMz%5ioeL5DGfH4Z5^DYFjv-!!n_$T8&x7$TFpHPj(X(MXTRv#& zEFuM60oLC?(nny*|L{*l@BM-YM{u!zOzQLJJ>RB6vgBJ67he)$tax1~V*F?V$p2w> zCr3_*v2vTi;X=b)pg8zH^G2Y5cSp`9Fqm$_M2cD8;Fkt&hOk~6{Sz2wlnayp{=(AN zlyLA6Js;0(4>?suMA@VNGQ~l={+{_6Tx|t0`C16wZr7Xt=%g{>a6k!wymp`+iY;Ob z1SBjIsmwFCpW*f(c`}gVIBsUEq-VyUtu+Oy7+Zs$HVN`)i<9m2KfWnOI2aR->A0R! z#Jh3HX;ZjDddy;QHDm_avhn?xCGhAYNdEbot|g4on6t1M&IhB~8$*Y~UFFuE*#|&h zubgj5epFyEY5S93rG9DT1a?!cgOmmDe!4;| zn*%dycFn_ls~*{WM&UP-IV}FyW(pRrJ->(s|AEdJ=rAQt@REB(6<(R_PCtyt+;N+b zvxo90avUOeXlA~5vgk$-fz?SH+Dk1u#!cI_-bO3iyPo&9q_mW0T5X-gAeNA*sB31c zT9=#wP9#}J7TzNzV80#mmdh@Msjv##soB|lMlU-TqG}c3gxqByZ>k|aIs#D|xZd42 zN)x93Dl5$X6Dht0z*qddmN%9&)eK42diba(Y`b zvf_ctkn7$GixsSrXe;IlfO$7``S6;wX0yk8GC=;Hf+%R;8Z9FAQLk$}{j^ zm4v6yhT6W1;ob^od3y1?D@lB1RAA9lU+OzcF=8?dNC~h8HyI( z-&}7cEP$P~OW#?aphm5U%>DnFD*bAAej~_EA*gh=lD9=pY8{mnQwnh1yBbzL`D9d8;C$odC!y(MWHR2V% zG)kL&bdPikvtcJE;QCTV*g{L9!>0q0<$yk;~jl9cq-2=$ksy8Nyy6GR?M`8aA7_&a@OrCYRzG9>5CvTM2PnBCRpJZ7*?}`DRu|Ic@X+SZeXbE z)1YiB&~TIRfg(+(*7|r__a5UZM?IUNR18F!L!)rgv>q&94hve#u*e;Dvy}KeZ!q_c zm;5;GfsZ2hY`+y3BWmTew@rg||2elzTg(nWZRwSUXUD0M>68tu=F|R1ixyl{Yom$9 zHS73RrB+VJ#BqOj;m?X-2&9vUhCHd-)(h~OocQA?O9`3qT74@53G?;U*Gl7wZ$f<4 zggbd!l_2we$)Kh4oU9=QNgI!jj98BV465%RL=a$-h>3|i*?UJu)G6U&ii&_5z@|69 z)raW*wnL@$*CzPyHiRSK7G(it8I@n*h&5p&7lIGrYBf<`LY1wt=gVsanGL8pBuC#Y zO%3i{nj78IH~MfG4L8(%P($hHJQ4DIxE8kd%z(_73yb=vIqs^6OY8$lE-Nxrjl(3j z4{z*_z5i0NY%1aO4_uJ!{ctp~ejMkzW)q(sEqop|{+rqLrF3LC2p*Wrm~UQ5YD%W) zs(l1kg{-RtZ})4E$DlW%Gm}dRcq)SZ_a9@|Tw?!;sINiw*;R_R(Mq{%`j-{g%!NES z_?1%CYhUU5MD_z}f01vi{zNtqqsbqY3Ojs!&;$Shr^Q6i732o~UsNlv{CN^=?Lb@U zP3rcT(iQCPtIPVr&(0VHt0{1AJ z-HH;R%D@x&d&_Cy6G<<=eaJaLHWP1&g+>-OyM^!qp+6eqUii{_oQf=!XP84G^qT?= zuYl_&le0&gK}Cx`*B|H0L`EP6Ay%xwpMnAjtml6@ei>y=G_mlo0Pv#$Wq%k0ULR|< zjlV}t{oAUTwMg!>ps%m38QQZ7{zfi!05RR5N-=C~ztQf?K5lLRYF3jZfx7eTEC`Dt z^tBJiM36Bd4ZjnL=hOkb7_+0^R{&1;0r2B7x#%{pWdZ>alQ!^L0eQ z|3G9;?;Gpt)|HE>YiRh+-ZwTek@)=ibGxQ{iyrXv(jP-de{K3_KIR`k7wy>ViNB@x zt_o_WtT7E{%L{$lvKS(jQrMtSov!qWa{pHX<-Bv-smCSpxBWNI@R@&GX=n!r1Y~Mo z>nKQA*2U}X$?g-~<1)+7gg}B`jZ{F15`P>ZRKf-UsZcxbSwDmFr*x3vkj-ti2HDiW zdInT#zKxp7_UsqC*)olOzQDUXlx=qP#g$`~ouyT#zqF@&@dqkm`71_kTZB7nsu2V% z5yNjJ{5yPhR=Y^uYIIG-4S({XIzmsm=0;0liK`{?;l|_fgYl6|o93_#vdIcv17`5c zXZ%~X1OSs`hRxE*@e517Ey@$?Ww=!E?cw$D@x7wPqE<1{k~l{bofisqD1Ez8YfBtU z>6N|aFE^T9(_~Q*&h_o-sMuATw!+0dbS{cCTE;~pXqJz|kjgN>QV1 zlv;l9j7mCYPM^Epk1b@##6<1b=xG)Ew_E`&rZAgVBbEzg)s&|0kYJ7sPB-YkEt2Tu z_Jt73$xf^21!bd3*M*l$-0S5`d!UkLKVCrY<^RV3>;Dj6eNwIzfRv5nc}UikW!?TX zuE!I`$u?VAZQoo>}8eWrRjGhbrnII9Q7ez-xOE~~T5)0o}s z2%byTkN+rZz_9qRC4KO?NgCi5XK1tZhjjmzoE`7vdI@fj!SMAgTAG4kT z65#RtsG=y#Y$ex!eA#hi8NTi*x?>UiGufXAi_d%R&TyYGRi%smYh&R@LnukNW!Tzeuwa*i86C8Um5@ger=>vtT`TJZ83s6nVi#h>n2vaaI4yzElL!i#=YJK-FN zYkH9WgmJ9m-l}+}sExN6B8}#-7zKaD4vTM$?2n5SvD$sS>SysQYIQ{k(EfIgsom!h zanhq0j63{Rr$xKxW4vNtAw|Ei|5!k~_L@(ayafHQchZEGl-TZzCq4IdlMZvU(-cfJ9ik@Xg# zaA3Oyn#{<~THCo9|E_0AL>Yeg?- zd*HeVOA&%Zw2Sp#ILAPADp$a0ed3ip!}X52bS55X~L>6=OjPN3x15lFM}$q z2=k{EPHoI5D3)vuK4Z-Xw>G2a^F(ajlY{nF@^*jo0n$W`8p~|Xnr}S7$=HBfD2Cs= z8SN#Wa0YeT-BO($D3cj}dDRGrk!bVasrj~+2-vF6_vL<*_TL_;ti@7KjJAzO-grDs zEceohxkkz%K6!JH&ctc_qX(gtQLot4nB92E-)dota(iK=oPOyB)1rStxgSe>i@-=i zmSXnBejFg?Sb=!$gUNo)UGS?)RvGoDsO&EbXZ?L@Nr0U|=nA-1wz*#O+_-u{a&*Zy z$&0cvm}eN-zq(~ee)B^%u-gZ!`2yZW#0ldFZCXtT|H9I3>SvECV^7AX(33v19a>dg z1nM{m=IQ0-ErP>eji{PJ(nypj6h0ive{ZryOHoq|8S_a*#8ae!1utTHnWk|>Hw~ys zD?GZffToE767M<9I%qc>6I!5P6*jK)UGufqqAmMWxvJ>GCyt&jm*1ldVpKhT>mlTn6)MGyXR@V(o&g+N2aotloAQQ*qHlJx-8A1bAd_Ie5oH-zbbSu*EA6?uYQa? zuHv>UQbSEvq_T(RDeb>4=VV|0p>^En^V5CWu0eb+l%7NvCTHKQkO^TC4WNw0pIaH{ z5Fm6yQtq5Tv^s;)czZ2w`VEeV+0GG#t64o}A;M;Id573JW*2`2&K}Wbr2H|t(!QtW zdRWWutzq7IOyRV^Q#AT(i^d}oyLR=c45o(ZQ@6;`ng+V~`5GUb(PiPzXUt(gjVoG; z6+@gl^}q66Ryb($CFA0+$Hu%jdxf2s&VsV)VhB!>e2zWIys#sOzUNmNoXhr2{{fzY zF!R4+rs5hh>*e>{S$WBY6VI)1P4!V%hAnadpp-B%x43^6n z+deA)0W)gmjIxiw8@dV3m}+rUFIP%dKQKsbDtOc9epCdu*Cb86 zS~}pT&F3E$XW^i0aBKT~j4luCq}mVoGR2<0V^(kSB{Ok1g-05eGPj9M%|Rg}Ntl@k zUNOJ-Eol0DU?3l$-e53qK$u0}n$A{pxEX5eY()f z6S`t>qFlh`<6%X2-$+(dGoS&W4#vvMfb62to|pfyi}`!f!WhkBtSzyyElJZcQQhqw zN&D-6#V-F2y0pu@mt~gfVTD_|WbYU5z(Sfpb$f>ppbet=Q{nxPI^ZpRa?17XW-kD~2(QbM1!9s?M$8(NoNKyZ;0r#4(>QTVc8nzBviqsP;Vsvjf*>k_68GEN#j{KTI7RDRP({0HW} z8Xgy(rx&)KiZwJa7mPe!o)j2*n^=)h3)Q5YA-#7(30_8ejm92es%Ns(EsgvQC8OFx zhL{Ci-rpusf3Dbd~{ z2RjSTDoA+!uW3q$o94`D4$RfTHeo|1u|4mR`Y#1 zs)J38b;zqxqrG>b{F2>L(=5rF_bek7sr{4Z96XR3EZZynxoCKn9AcL0apSd_9Xqty z#i_(2tuHL!>c<|1>+$^dP*2SDBlaS!W{+OcliM@gRVa)643k;KmLF2hW?M& zeDxTu(k_8vPg6ZH7U^pWafqY8GQ7cW|4#wsAk9enDTKJOB;6{f?KkqyxO>9CIA`#mzp zX(RvGNCY7#uhc+BZ1ZG6-}lMTO)-3V(J>;>u~nmiMy-2Rx%O5u-p67rk4f%BgNwS>s0zSfJ5sfx zz}H`+-ZUiPlZ$&LE4|ill=XH)3Jf(OPYS_(sp#2a7wf`A0bXJbpQ*V-{>tu(x23e- z8O{>h!C2KdTyG~vo}Q0E?f{^SnB_4Z*!|ZNC-|`DNze`BJcn{)r%Jj*VTKe=QW*JFx#yCxL5mSPijCe3_oy2p^VN zDR$K4n}tmhwWF-v3<5c1ODQ4rNY2=ZROi|?-;QNxE6053LXsD0NND61LybE9*(2oL zMq$+Hs@2S%5h#XCoXT;`pjzQg%7i9%!H$0R!MRg==IiE{_Ba^jSKZ}s66XgJ^4BOv zk_K4gGFqiHD%c6Unq2F-W<7qcSE5=mZ?bWUINbZht^a7J<*`nJq53+FREEVB6~{|- z76*-zA#&ca()<|BQ)qJZWZnnaRF4%TrMh<;8~W+~Z4YdJ;u7au42K+(M4MB@OQ4~* z<#UMEin6)NdknVTflyA6H?Ka(%j)>J4wbUc1HZKj>~bur5p@(^qq~}Z9U_b8^ZL(dPC{M57m}NCr#riBZ!_ocwBcPe` zwNp>Pbe`?WivZ@8p2$DkY{rNo+M=*!2e88)8m?d(y>SXYk@i*oC=H&CnmEgac)Kp= z1C&AOFG4WAyY{F9Q+vF<+}A3Q;W+259VMX^GJ6s*S-^o(%wvHAD!u(~sdb6!e2QUN zcV4$u0DF)+???INDrDsqVwsj!!s!xpSw$lYPSK(fN?RJ>9C1Ko-Wv9KK!F|cb#5Bh zu9TOr!aQp6iqp?^!^>^VoIwv1h&7e8ym-k`s2$QS))wA)(Gt9t>s<@3IQW1Y+xA-3 zkO=h1^{QgIpKlttVCc7JzLm`so#lL4m@g#vw1mio1VM__b~vZdHgr7K^UVl3e%N8m z08fvUoQQMG!zHiTqPm?bQA?)>=o{FZaMZ{Wp(KBTtq(^E!K#^^(Oex?7N8~@0Z{+) z)hj~`ro1cHQvg~a5xUPU@oG%wS)Wvyxa-rOe?>WAMRjFCS?S&*ps|EY4D?Mkg?#u$ z2MS?Wt{Y8KPZ2<>Vrp!8tgF-jtj4b$&H@#Npd5HUw8hG1XbaeAU0kht*=FbvAME~k zhxK;~9LyA!`}jM33z|pBKQL0zz8Umy-Hdd-nv1aPTZ~n8>^175cEuye4y?Is9u(2s zz+IgWx#QM-UKI-{yPXn7;=^Ou84~;`18w`aG_93Scn`MF!>j<9GPJN delta 58630 zcma&Nd0bLk^ge8(*Q~r{qZ4&2&CIOS%mJ~i%$&+OCn|F!wVV~!0)4`|NXA?sfLFpY`lz)9mJ^+0BPv zT(>scu}xu{l$6vC^Q)I^rKGl&NJ(u({jpWjQ}oLd{`RmAATBV!biqE-V_{q-#(qdB z7Dqh9_HFwkz`-Qxvi#={w`IyKy8a^9y-;~~y^@iAt-C&M zl+t;!)_od4D@!_K=;EcQTGph)RcHa z*|~9hb1hY5NS~xICw+^47uAm!P!nY8P7)S$m}|i8msyslzx}G!mA`v4=DQSbeyhE= z&8!doplWXtn@+N>>==Ei{$4*kS=x9oGtPrD2Er-~d z^2KrcN`bah8RoozqT0fYkboJ#9fSV_&Y+=vu#`{Fs68PhdBay}AY}ev?j{}20ewCY zs%0=H{jmHo%0bFNTfX9W!|Yuv96YGG^!D@?Da(hSHp^~9M_a(cRjSyZ({IHUC6gR= zOS&sFg9<(u(gtJ&kik|tNadzSU4#cHchO$golPNi#_|j4#>H6W1?|?oAt!gp-#>G~ zME+y+#{|Zzx;2c1Jp1~OWVGo;f@;J^x$+h1?!|I82(xe_L|Xt z1oa$aVuu0OYk9E_@$pwgV@)}uc_luHj^F>#4s~vXARTzrMkLzyf#|;GYNl=jjPTBJ za4UPITy-BVcN-kfRR?R|%plAfMIHz4#+_BP9d6xZFBJBkxC!!GQr7JprOyD8FE_{C z*SDg0en_v@+p{1TfA)q?CKd9gexaW*Z{~!&iDpnni7?jAmKq0v^+D{50D$kY{I&KPGY2g*&Mtg$OteY6g_2qMY7jBw z;@r#@I?Ao4uO|3$dt1)!mPtyV@=d6hv98;L+VHy171Ft$WVoQcder^SMhE2^{67t^ zdp)){hlFo*P(AMy(e0ipBbvN~efz9?^imMB z&O@y^?2~d>dn^`>!9TP7v!3G-CnZ%AR1fBrk3aE%!*=)SRC=qd2Mr5@^a_Q`{`Qwk zqC6ifc~c$aAJa4dmstH&j2i}hLVn@Jev>ngPT0Nb=>~?LAj^=-X;a>O#LI$Uahw7b z8|GSnTDPgY^0W|s%q6dDaJ%+~i`Dlm{6Z@_FC9{RPpwb1XD1|OM!y>vSLz+wk8u3X zawd&G=#cKzpyuXtJxb;WF>VWJTkGQ5_40_?^X-)qfHMI)ZllE7ABM8eZYTlpOIi^p zF9b2kp3U$%3sO5H_&rfM2fvuVFYMPQ<%MyZ*gqT(?-MA@6+D@jId^vgbG`~{vp83P zwNfm96dq7s7XAD37AQnDYupAt5$sWT!P^7+P-7p1v+A>>8X70fTW}iH3Ew1TA{bEF za0$FZQAK=}vAnY5>RP33BEN{zurv`~f<}EiZPPJxEiUG& zX?Of@rXy2YQYI}&dW=+0dv1iO`VOHiub=fOtFF0#D~&R~-{I1+uq0$o{oHcM>QnDv z<~Dk7{igS1#>ZocAcSLMrni(FYzb=J_gL#hX=5`WI??R)=AC%C+#kPs(`%5lJ%{ie zoHwJ@oNUXzFnq3i<<|Sy$*#>A3ZVsZH^vKEvDPBY`cF;8dlP-^An+2gFszc0GHmz& zbtW`JDyddZU*TSW+QRUYWQ|X!Vi%_N8F^g!b;e@7p>MkcqfK;n_-*~26&vTkzx1@6 z5c4tvke_dFrZ6xpx1R|^y@SQk3*SuKja8Q^NtkCHXjvR=zYUSk`81n@+A$fX}4mfIDgrvE6Ly}VvTs<=@W9f$(DK?$g(|?^!n9M~ZsRnMtQ_UWhtWv23JWQu(_OgG z54wb~%$_AKxA`)!bvHv{i71#Z9Bg822eZzkzWQsTMI`(KYBt3?Q&V&SE(qdS%toH? zQn^mk+T3e(lw_Z$n}{&loes)5Xd>lqAz25f9nlULKOFz4iy}sUaQrMauuLNxxHRKu zt@`lJMokR%SfW0`Zxei^gQNr^h2Aa*%eJZ*INdRnDb5wzRBUo$K9bptdiX{LQ#+%t zJE~JFXgP#x6utg!T=bcZ^9IF@y96Za)wfehQQ_C}Y~eiH>BB=$^deFxoDTA@GBgsK z4pydrdPVq-%LlP2(GjS;`hEF;%D^Q!O8(7*lrt9&MWh=}IP^TfP@KU;9zMGv&jLPr zK`SUL@x0x>*)XZO>sMONo8YjWtI0e%8su}n~a1NTF**GrU@{y6ikIq;jJnI$@u-V%~fP^k8 zDt_pFfy>vE^K}|d)MQHYG0)=MUGJvxnZ~y$+hmM#B4BT0=Is53)rmO9h? zonVl<#JCPvd7msl%_N1e?~Q)Bce=jZmQ8K}-(~I7MR*tO>t1OAf=zX*2llFbJo{lf z14(w-hH!j3%6o>awYVnwsU8SeqivUdO$?Mr%wzktBOfB~`k!G^K_5AH@eRL{*9ba5 z{#Uux$EJ(GSzTaczZ=1IYy4`aeA>Z2(xP_pj8zc0wuw@D=&e^qK4F_x875+9(O@Y+ zgS!NwHf~qSxIUMTwtL3W%QupF73MZkwaMwq;H`s_s49HfToQcBnu3Z?4oqmt zJN2Yx&deO0O`5d+^dkxi(l_HW3XW`A(Zx!ZY%M_bL^)S4qxGz|ZdI89a(Ic6!p-To z?d-n7hXcsOJs*b#pz_Sy>>RP_Q1R zG}FRJ%I4GH?!2L6#RNJlJ%P z90l+wp;fWIoRj+{3;G6E>pniuGNioYQrgs7ZpildBei^=tDu`0)g%(d{wiRHX-~=G zRh^In4Wh^Alr%OjD~P@D zto$CUH8J#e?9^h~kvn4%*;ZvahlS!iz&#TV)F{8Sfg#^Qg7;#Rf&6Tve+$=?8{b;==A&(KF{l$4^w zcN0qHdW$vFb8fnBE#5BwTgmWvB=ajQI@nh%z8{x4nG(aiUVTDA>-=5BhWn^i!&0-2 z4oK?7va`T~?l{HuSp93j@n&Sj$1QH)_BG{v$gN)-kXM3LU!i@>Q<*mx->PBF-z43;Yh!ItLQGC9?g(f`K$m--Mv=L5NzM}Z;vAH;JhJfPq2K2~ zn;gHkzO$=!dsS9WZ&1-P8F(YClmzC%WeuPvtm8PkC^!7~)iQV4<9(O1z(Ex$_7;n# zILg(lQmO}(UN^g?@n?376Z&8pWIUxgF?3zZqzr&F^0R(gk4|_lSI9Fzy?Fn)RjO?>#!}x3?P&MRQ17tnM=!qX*+-?^ zKANMe;cBZ|QxK!|O^Dy)NW}>8sNadDIQ4MN6QqT_4kf2TG=?{xS$D>3wXiH081#O0 zqRq`zb=W5j)}^C)Q1jOG7IF*YK6h1gc*CceD`4HM^! z6&Nbmsyk>=PSy}x4{F(0mh;*X z{#O6U0-v4a$Gyj>>rkx_X9gwBQ?kiDOcSkn2OPQ{)?U;KQYny7Y!$tpP3Hz5rG}3p zK>C@OwQis-hLo5*C#!zG=Qf?-pdo;zkKaq@Tpnf8zVBR*Y%A~M4Ek479$#2(*>zz% zI+~&wUwewD4y?9Fdr5Bf`syTdB#fcV5* znd^07pZYg1S!#kq0@AA_;R2Mb@G{rajpQ@We*e`Y{^=8n)(x`A^>*0qA-?(@Es(Go z`O@$5vn>Ax?2H|-*QZ^kVROnsr3KFuEdji$N*&cqFQf5qLL7*I^G{lAz$xFOr?B3_&cnnwGQI zbzsRuwsUhm`Gfio(nxWG>TR3?JA{y7#N1kIeek1Bqt#d3(fETC8rSWPwbZ@RybFde z#If2R)$e>pR8;x$y9mH}tgR!q;!1(+pWNv^=deYsyL}(`oajA`odXPE08yE&@u#ov zx4%I!j=S)B0sAe*c?}n`t2X9YG6gC^rk_-0^?-@tuA!ilI~uQaNAVuVK1g}>XV652 z@DDJpp9^k(Am`)0U)b^q)8Rs!4rD(fF1vDu121pRR>Guz`t2?1t~APtofIadOO3e- zOBruLq771gDw`YtqzEI`v2)%2*4R;blhYeEk_c}O>TN)gy3KvzMvkG;CY7BT{+qycrL6z2HSe?{uxtCJ>@mcdSPVA_yZ)@2m{_x#fci$Yjg|gLT>*I|A90GkSf~8w@w_0z6ck~B z!XLbF80aWH+;Pn1rX&|^Y6_znw<*6Qu9$@_?Z0xa7;>UUP4#rJ2_kQ^ra=O+LN5L` z7oMo&ZNGBM(KC%2(+hk&Lt5{s+EN#5t;vuRhsH_eu>Dw%PLS5oes?rm4w_8;knUho zFR0$XB|>>KyJ>Y3a&|jIjI1iAMqtlIy!>IRz#AW8bi;Xl88q-8JIo%Ppq8m6ZV&axhS_J`1}St=dD66b zP-)T7QPty|stM4!35t_L*|`h_sE>gCa8;t`&6e(#v5yk|zCn?JgfQ6ik z@IM^WJ?qx1NDEXCOuH5Q52^86Sw19CdeN4oa}}xXFh2=((LvZl4SP42kQdM2)!X&_ z>db1IXJkfLY4_4uN}5w%@5&7?lt`OCqN6UIL386kG$!d^RA8B|N{qj!R< zg|y3VFaAiCxGwKUdQsN7HUs4QIDoqID$3ILqNFBNnUePIgHLCSQ+jhl?$W`e7-pMI?H-Qu|O?rxb zzyBd-$bck&&HtFfUvpUz6E6;yp8YIV5Z(T-TPmmW-2{N(jT^|voc&H)L8rDnNCXc2 z?`_|g`GAlC4fD8l!YHccHXzxq|Hu05&1-9G!$d!l^cFz8zq!f(7|LP*&cZp-w-mPA z{lfo$=Uyi@pGN}-#LXYpFQ|(vIv{^bxBnO*r4yHL8n<)g#>d}>985PlaIAt@D!}@K ztT6J;aQ~YuKap7J%_*y)cQ*nZT}K;j(1>3Zp`AXpYY-dqeZA&97%l|$F+6fHPo`1D zy6;{1jhUUn3%mES4`c|}Q?JBCq~Rl~41=`&0ql#NAD;H^r*Da;)Uo2r;7sG9HM9^& zzH$%gLVFdRXG;tH$D_W9W6Ju$`9x6WHZg29uI+0!H@jRb#_348aybkA(|hF3bbZ-q z5WyWPpi+`DGZ$u#eqQL>Fb?s~@z(->?~$zzLGvLiZ;|~(F6DuJ#8|CavueS7xZr{l zg5GWk$uE7}%CE|hcNd)RurdG&7t^Mmghz`|uB)6rM`{OW>JNenDq8c4VY?=Q77w?I z%&ZbGSVh?5IJa=DEjxy?iMW0PdWkSIweGx#gKHm~lVom)<+mr?%g=Xh`9ci>kdgX3 zfSWxl=h2BlxB^+$dTL!`-phK(hRNxd4#YZA4UA%7M&Z>H`(uj%91gF+HFu|p_r-sV zyh4MJdbaHfYDy1}8g5i9gnn_`|IeiO%8tK#_wKH3ecn!!g?#Bu>CY?N@j?J$)tE(5Kw&UzdXgK)*z8QZUo#;3AkXui%=3gBO;@Hlsx3=(! zRv+l);LIrukV%3ffusqIP|`GRrMfxXPt?^V zSDUql8`J(n?Dr=A>$R`~FoC40g>a=I{SX^FJ~z>80$n^=@Rm7m>Um)>10Kx+>w!b- zkSWHH+z^w$-d;Vr`^BYyE=6Is1Ja{_EgbW4E<`$N#jy71L&C%8xR!bql+RS3DDxC0EosgQYy*}0GyJ?@G!dv^M42Y=>$Pt<}} z?_Rg^!k2Ai#i+%evpYsf%QNg`T*eFB=sI$Tv9j4qfEl0O6 zpuv^96e^))xBf1lnZ$_KZS{NUF3;J~HkaBwyZbH#|1Il*(qTGkdxzz=L07{xEXGPgD(kRCj^6^p=D{6Jak7NFGwRV znP&IeDaE>u*n=YzN|*#i`csuG2!fD!Dg^p)N`l*-$mI%K=`gN*B9askRM^Fus9{F`t}j>I-ULOJx?9{RBN2myb$ z7iuF~w1S6@7^;;l16LT&lO3~cODg3+%RPchWK~f{O2!;*p#)-7V}bBk^yy{1CX}m< zN1#EZ=%V&HkEOtsBAIVNV(Hwc&-XZ$)a1VrB6_kSUUbxcW*D zI69~3X}q_JP{|Wo3K#5yRA|OfJ(KUd*v~+PrcH~vfiBb5hRYDsmD-P^zqKgP2vP4X z_vAr~`tE8B0{&6703v)KG%xnuMGh$|?S$x&8xNd5G#~vL`?Swn9f|G+cT{$AYR@2QIa!IDy1>BNGC>z<2@xo%1}`c~+#v4~ySxZ%X)BLAPS=dV zbu}yZgDw(1XCJ(ZN?^kHM}*vIn=Ry_H;lpug8e6*OzqmZ8Xjx&kap4JFy-O`1^%Jv zHui<7OMM;|89rGkQFCl-rv7YR-(kqx5oPrxsqI=aDPgY4FqU24vv$o0&=p6?q-cd2 zb?WY!TGd=S4k=%g?6s*I21CDD)s;c&!+0#_eaUfJPsZVl~N#mO#Bm7~BVRTX9SiIiXapp;%@H=;_wB!E; zpMNpPmh?`T)0WyI!AYz#^}7W{Tt#7fJNn^}0pFqf4< zo3;I_a~+B_xnH=dN%wIdl{;Aq#@N))JfR)GnD?oN(0hX(AD-DV^~2`HNlMZlWZ;M7 z!@%1;FmOPW^;E(6>9f;vN>FVmNXWBiwM46v8-u=y+C9vK^p-Pp&0ySjJDa+c9cV4b zl9zP3GqH${prY#|` zR6?PxC-TZOEy}~*k$Sng+@riOg$Jh;L``y-J~&EWp%j2lF2cs{y0aHk?mD?^&5ab(Geim*;5b?`tDg)D~?s~rPa z$8Ncl2oV6QQ@(%gZgf(98UF$Gg~8G#wH|YqT!6Ob5E1>0kB_GN_uyGK=mrp2emlWA z0A1~*0>5gW3O&W72K3g$Q$wS?tD05*+j;&8zLohdgyUBQ-tul6b6Z<2%_d}x@%mFp z7G}hp+=O5Q`AvjtJ5NPe4so%CJr#OEh$-(?PvLCB2}IMUd>p^uRTRar0U=j&RgkN< zvmUe`Z2Iw7_5)EK^?1}KJ-o`BwVIkjokl{xDmMA`Kb=YKo%C9fi(|o8jYKVx9Yusi z{@3rt!8{?{P{`JqUVWw}UWx1?*H1hvEo2h??gIFTlT*nh1n*45C0LLCaFnwK(fGUY zY4j@cs{!xDVo*z%4mXpcr%8>LcPB%7%$xNVAMi-|n_S-hZc=ClCcn1?K4w`(WGM%z zRLA_z%&g8$C3h?4Bz>y+9hT8Db6(_qo~yf0$jNs0{|&oiqLn4jK7iVTxAE{;fHmHx z1Ng((7r*_`16LVtm!S2jlmWU%<=`^?D@28*eIzCw(=ze71M&S7p+5WfFIwPz=TDL0KW89bXXg>+b+^>fppdkb{HKZ&Bn?GT z!CoKWR0H$PS$>@7`nwT`%^_^|)ZG9vk86y^4niB=U zT{gZe0F|*mz4MnuV2>@=il~@@a$K*&8W-WDjYs5m8sLN0+<2I7n%;ZfMcxST$`v<&r4MCbJ_$4dNa1=MbieNs$YEMLt`Ego+`gu6e ziMFq~|Elh!Ql1Acdc^NF*kg~8ndz?Jp_d(G$ zoUA;1JGO@U%_91}8$%k{kMo)7WS>tIosa}wF}j%ZQ%PH;?*9|_V}{ONPi%h6qEmdU zMA{Y|-&xp$^q71AWW4H_W1iUoGRm2zZ;svA8pTkIpwzbVejIQ81-^Ii%$+B~k{`b8 zFW1PxqvfN}RsEi*xrbLE@AF*?x5n-fMLlktoCX(nM4XpnK4wQ2iKg~gVpLnrqDPQ@ zgDX>t*`?xzJqHph@6GBITFNyDc%9Yaf#ozdzhhLCiCO_VtDD=1e&A_?W^9=9x&>{b z-%gvjbH-Ktby$lvrgs-$+%!AV8@1r~)~lMLm^M)na*v*_6w%O1xuoqu;v8cT(z;y5 zPpx3(Q=q7pJT)-`jPzfJ{j_Vk?GM!iet01$paW41P0a@#W#SJK&N{8vGPz1O?w|T` z^w?7(;7Y3u60-NEyDYYR0j###&FbD2(lZMEI@G9F;*HxeEq3WOnt3SMUt$j#shxKESNU2U#?ILT&H)h zqQKVwSH?0|l))B)`Cl-YZ*hm-t{tQ)m6_SBrCt#(cxBxxmcl>@!SnPdwCL5R!gLwuv$X|NpuIjX@@ zDKih|pW8+=1AHbTJLbT`!unovw90`H%wl-#(H(|(%(^*$(iS!$eaGm$w#DXWZG};7 zlZ>^beQv`YqJn1iwq$d}MSt5b9yYF7q{Pgs=24~E>O>FG^v%O`9b_XPHZub9>rzJ~ z@A@W7!_Lz2hXsmo<#@pAD`dZji7VChEUns#(OUqN)UpsSky(3Add{xDrQG(_M{%?J z`}PE_`I1nK)eii=JA{d;0!)kQJEE~E2rAYO5JQ8S9ixw%-&_pO`}=ze`XM1Iu#58r zP;~I|(?N)iiTo4@bjhwOD>V}P-I;Q|W{Orrab1nPs&Lw*H!f8S6qvP51esE9cODP` zA>1Y9INjTpgj;1N4H4IFdPe)LCCs8>s>f^$EfTX4&LmuL8e+(ge}0iOrHrL497^3~ zFm6TG758KjqwWuEP&aHyti)#hX77qZu6u3MLIXx3K?DO|XoUA}RE^QrSWr5q!N`!W ziHVng*x4ZP5=IL`v+jSE33t(E-vCNlTBlrTE5GkPnem#9BcveD&qJ6YsSkJ^(JPrC z|Dnu3gp?gaQ=@>_r)duVE(W7HuDQXOXW>X zZ*E9EU+mH2JRMD(rxT1!p&``|>q4&6*5(WqqJ%eH?iXilIRqF?5G2~GM6EOQq?9hd zQt01iAyH!GYF8gc)P7x=nwHcN8f^S;jNpB!L>%*X-0+d&DQ-4Ry%%BjI>ef!Mq8jK zNChx+%GbUdD(Iq74kqXSdj!7!Zw>N4bFsLj{qVnrlnKlnD3*os61}DV@!{_qeJ+3f zA3C84ELT##@t@VC=Vuv4*#2*=pOjRD~giyNV zvDxSbGs&-C?Oq&j9>T#R;0>2zAswez20^BrLMzPdjEi7Xu2kSpna{skZLX)SF8ef^{Ytlv$0o0#C;YeKZ==i{>Dbo7o$bzdqg~yYg99 ztHHA}J!+;qeJY{Ww1u*!bYm!X3ko@Li^JG!w2yA3)fekvHWn4r5_esd!>=Q^zm8uZ zD?>x+778V^y}1eV-&u(EET1NkGr;iHGg+5*Hwts+17RaQQIwND1glm7Remb4hosG%(iZVFnsRlz19_p)N~n zB8kcg)3Z}eVvnFTvoKaHwy~{j>dX5$X8~-$Z=Q2IK3g4s(X()@m>K^uGc;6i$34y9 zGDWx)h2yhqni=4m(eSwJk@Y4+r=NE`v};E>9gpV>SV^$G!1CNTA6coIBI5nTU+0TE zSOlj>Hgq`1o`E#zAZPwPi=n!n9SK9#y~Y{W&$7>@5C8R@JA`RyLhPcjVB7!j`qg_81m8O)vQu*O74FkU}P`%aCJ za*l5R1|k})R$~N|;g=OpyyWhg?bZ&%B=~bW zt3GYgBxo{3ADu#*tRdq)&p(875Yc@uoVopOz^xv2FkGBRWm@|0tzH~~F|p=?l^NQ8 zbzEU+&Ce^snWbmOoZ_K*wAdM_HOBIxOAkHZ6eY9jiTagAnBvO&2jWR$YC{^OThzhH z$WR$#Pl6I+>ZD9E=7009W>bfnde`ogw-Dp1RRVhC=;u+a5JgGxQHr%>8V}`s1!5gs zQ{1rc>I<^xUae4iBIcLR2))Jy&DQqw(-HG#`6>er>P37x7L7@dvz#;C~H8A;#+?VL=koXzk>vrWKuKSKMk9w$hjA?Yd zc~z05dp`2U&A8wyWaFVW|55&R5MSd=E34HgJ>M-P6_|W>&wH>UiUkno-@X=r8JEbNG zIqyZ4XARlJ_BNlZp}o%&)GQ^4x6f%{cUWb9Ty@E=y%|7%nRcAvXnkkeS+=8a+A6}hO^?Mz zLFPLrG2*vD(kM3r7l7S>G!A)feMS&C!$7=jcV-OFhTUVGf=nTORzwGhG2v)6QSkZq zp8kW#jb(?{ujF}--O^dWopOX;_CQw1<>yiBmv*{GdCbD8SWCUjw^>_~WjlsR!mI>B zV_0K3hqHgEgmx<{A|Mj9ohbMqH2wvM=fQ5;LBdzvqm&H5W}h!g=;1|vy9l?559}bp z?j~Fjmjsd5KT78n5`~L$IztKuP0PE&r`STcLvZTuw0xad2Gp6_W*md3mk9km^Z+v);e1`SbsP=?w zBb9Gt;O^v|RT5HNUIR0RMD(`ZAk-@rMfWuUaStH93oLsAh3mQa<0KVumdHgStaw;zr;&SEcVQy^0_2YMNWK51)^BLEjhAoOMPKGWD2 zq@_&kLKomirI4D6rPLd_Rx=r&=bUCsif`#^!hU5oC%)P9<$;a_xTYw~gQJ5Ib&5V8<+-)=hwI%S-6!%p39FUQx%1{=@ z+)?BuKSo?9wp^tQGZf13_Ob&b+Jpijj#mmer8{dDE$d2S{$ zxb{~7U!fzS5QL`J!>pvWLT0!99l$h7M zZZcKqRtO0+yf9VW1JiYd&I&(-qXJ)ko{;6+G;|}i8oUSmxT_g3fKXPg=2q664f)vX z_9nne(9}Mw3wnF|*SPtFN z%jaB;_DD7g|69*Me2EeLakWS_)4)v|z#ID)vbg%8j{MvkUg|L z?Dm!4=!wJq&4P~87kD*yXHE)d(2FO_#|gay!x}F+-6HLky>J1v|7H-gZ;>}Hsl8NY zseG?)wvW&U5j%s8GqX^=$q|g)-*R;2SGrycd&%JL(SZutWFd2VmPb1FRXJiT>+r`q zU|m4Q4O}cMTDy)@b*7<%iKLEW+PWI+rkD*MfIwHY56#$Bz8r7S3tE4D>NL*_3Oa)G zL{Mt*rt#l^cG2x`v*zhsuo)Bc^46b$T~pDY63mAD?VhH(mc&ncAMxYQ@9&Y&${clr z1@P{Ne`?Zvl9$ro4|XV9UK)z+^<4#UT8#VdS@WXP79L2uX7s5Y-FC>lCh9cCqx{M$`U(bfIVP;j=;>%~~vm%1sN0l-F_tEW+V zHpRGX99!C-td=4D`Ucey8-2ZZJHbf{RL8AcltYzkHhHDg3iH6p_*oXwpp*&03HFwq z(a>LhB4X&-%+JoHH}#(w4Wk>D=!*^Ph|OW1-XEaBsN0Z7jssXIMA<0vy5x{MEQH#) z6;BzWgZ5^WMrir1#7_fM`}r0}G_vuUUPhde1igLSL?Hs)kHyA0Tc&uPs0@~ z9`zMr<5u!gPh5U^4ji_^xij8y(&)5%QKC=aKo_~Cz=lv-xZurCnC~A|8Ca9MS6NR8 z7laGRm)?{{fuirE9(>NoH(uJPJwB8dXLz9Jx01VFb>T`U4se;qspGggiyjDju#dM! zc(+fzimTrQD+?Mp+9G`iyMBY=qV7^VkILnS8HUcP8*nTLWDT|KvX-!j`HUU$4hQqF zBy9)9n&WI8j?RTIpHIdcaWeZ90&8KMSbeg-ji5jz>QqgpvY4>iC{FEskh_dUs!=}m zJjIgl#sFBoTB+>0NPKy9D&dA?VYF~N)0;@blQM1~GJScIO%q`^Ex2%*rDt^!>CO{P zSvi!}lAG%;Vj;$^h&Ciw^fRQFDhT;H|`eJ-9lPbnJI;HhizsC-uoWdD?Ay98bw!Y9+d5G~@hp=+zqUw4B@H1R#5e#kRS|KX!jQazY9u-V2xKZHGY=tuzOO&OXLnR&xZNK}r=(+z24L7mtDRZM@&S&Xu>6N%XZpD- zrqVnT9hhH_F5~8mrkI{=&h9fMUI`s}_~YC=Vhd4p$1C7V;7*Nl5v_k+ACJFjomI|q z_r#Z7@?)+0HX+wD^snt$_ywpYk1)LvX0MQu3D|R=i%=q{-f$L`B4Qa7p0w&$63En? z29g5+hsAL0BUTvaU}*b&0q#~u4{ad1zMNuFYv#p|QHUwl24lqV&PDl)c49L^=3+)8 zT^}VrLQlQi3tr9_RD98Ppm@yTcq@aA=!hc_C+%mrP@(6L?MR4q%K!Z-5#GZ+7W_m43IVc zvsv%YwX-d%e%y(T!_PP zhhLC66KPT)sZd*Gwu)bzO1N=mEaYfqq%IoT7?I2ZI)cT8g_#)#gg?yo-=sZpBMW<{ zM^YP(oTBjx(FiU5RpH#1rKXc=J<8^m2=u6!moz6!8gmia=GHs1r^j5tg=PyN|I89U z?QUrblr!d7{RPJFno6FJTKh{Abtm~Zw)Z=6Le!F7X`Ew2_*vrLer-*XQ{7bN>i><$ zfMThF&Q;THn({P1WRpv(V%E~J9T9Qyo*>|!7z`GKgID@Y-_AADhe=lQSKF>wlX$Pl zzBVkjE`vY1!nnuYdwfHOaSAS(R2>Gd2{2l5*LQs}^}4lH%f8%L4biT=P20c}x^3Lt zM{t9j8*&BKvgQiE&UrF6Px<@XIs}M!JS(bFp5WeZ9{k2@;;)EjvZDR_x9=dm;!k}( znI%l`^WSYQHAG?I*o77FgDF=T6`1 zJ2I9Mw;0ZMk7jyj(Pb}YMO4e9;7p?JmgZOYQO{~KKC|DAo-CyiCSGxgj4h+Y=L$wG z!B$!G#_OpbEfE-NB>MtlijA>39dRd*Gx+00NT|=(401G~Ttx0KYgnSY1bnzLp-=b` zcVmK5Rx?}T|6#o^xhMAe#{QRJxBo^ zqKfUhA~id2@C*E|a{BN%Gv+*FhW!}bV@@AmSie70Yv`b`dSB!W($_oF&$3wmi2(d_ z_{Q~+@NHh>E|_gl5!Zy#Y@2UjY6$?=EhhI=%c{meKj-WS zR!Fm>-bTFZP20D9VuRGf_PGj)X7N|ey^3N0Q)Q)X9c}#-0?oJ|pQQqBYBtT?$+K`E zd!^1*{SFnKhRw5^5ZQj*`B34HCCUl_V>vF#`7l0Lo_Tz^QfaYpu=Mz7!$M4Y*_XXH zN`8J6E!if6R{)TB7uUYrOz!e{7qIxs$a*xww`2{@pR*GEwXZKpxY_0E>W*iH<1}BL zW!x$IvYj~k&aIinTB7^4;RJyeZgoYuQ~7}*Zb^mbCY$=!8Pj^ z@y!Lz-7TkySz)!7%IQ>iQ2)!1t<8DSB0WgGAbCFhEs$$odB+A!C>>*z=_(_xCyuQ= zTtr+pVDn2ta}D(e_LT|p)?S3!WQ9`y+;Q-yP2t?p>MSZ`eo_rL8%NS99p96ky5N0V zId<#F;j1{uI`yi$p+!i^7*XlYo#cMb0`^RZ<2*pmI*CINX1am=bpLX${c>iBml(f3 z8z|HU@;e6)Du9;ofd$x1`Q~#j8qc?{Di6TL!O~#x`>?sJy#}j`Dnd@{M)xruI6$4) zcWlYv>ZXUMKD137xmi~#$aC+iqnj5#MVyoC_mgD#qSXq!R|d0S(6RkYkQ5bWf|FhXdQ=x?*%2| zU)y2dR$Ob{0f2iG)^4HG6X+o!nL3VUc*)*X^fY6`0yZ5&=ojr3kMf|oGBmeE9nWcf zmy%SK7Dqz#XXV7(q5PwQ!>&vmr2idLggs+c!%2YGepf+~YHs<=l^_x0YG|{1pk(2& zn)99^vyR8mmsbj5@2YnR@4gr$JCMyqqZnr;_a3w#`U z17wXh>o*BiG}qo6{-johl>nSmK4;`?POWFBB#WHClYN<7_gz*^%7!zt$u^yDlnvor z0>@6=`?!qvvE_+9mx!{tu_xPe|t)ZAQD$v93=?`pID5zjqZWhvX){5W`EU+n_V&%?THs*$lInEjSK5n1)2`X^?oe`4DO! ztGbx3zvd#oUv90f+-rQlmMF5+;uwDo^)Pf6TJv8M@jp*7*FRAx zu&N>J3Oi{o7VaO>rwF!cuFw}J_8~nAF*fyexA}O5ayvD*!W}Q{JmDA__tC=##r{6CC+c{r5s+qV{kPzh1A zN(Nbn?4%@FvW#UcLmAsx%D&%dQ3_dRWb9;Q%peBYN!j;d>{POjea-&f>id1)=l8tN z@gDE>hvRT?&)nB_U-xyM=jZ&KpL0uA*M+*zW$OU^CS5>n&1fjCufpvr1(Lk?h0C0Z zt9iO7J@L4))!48OCEa@nK-nl|k1MIiC4a=;XVD@H)%=Bj&9j3XyHn#Ue1ckXOY-7c6>s%6p~g14)S{z&+e)xH zt13`T>)Mg&LD@BhZi&qHNVaX@fkZlRt7XBkV8dd>1-KPSfl5!o$6%V$Z%4h@-B{hK zcp0m8XJyQpT*OiWC{tAAf-SgRp}Vc9wUu}8SmR&5UMU?pNI1wCGv0*a>U&QDo2zqj zWU|NXRNH1Ho5#LziGVk%7ZD@Ts-wP-Us-`?PFN4_u_gp0#M+~&c@qT%>*zQ9CLk=H zIzE(d^$e$-gnj7Ho~nBfh&X;p?+txU>oZ(!+)Z*WK5K2rB?%?H{@vYjCt|I%t4ws! zV&vhX+l|%lZaGpy*tD*INPD0qV{MINXHP*r3YOL{U+uBKik;Tr&AGk7hX8SSs zh)%;9_Yk|Js&|_~fj=FuRdx8^V|Cun)CN8oY!dv{cKoiP>eHDAeeVHkx1r~@ZHKeX zMdVW}n26%l*2UF&9eb#E9&dR&naVLQ+$V?5YK`io(h4D}5RqA?SKFfIf_F#$o#ywL~vv2sQTL;9c?^Xb{1faN8%S$gk zdAzo(G@Z*;=l-*+ZylIIN8)F%W;Jzn^(kcFnX7wC+V@DKzBZYA$tE5lCV|iJ$tK_F z_}~va+(_T!A$xnH^5(Y&eG!3+9_8ef$NWh+x9W9Mr{4{Na7<^y;FAfnsa@^dC^L5ni z{J3&fScjcT2>nWri!dcRn^IB4Iz58@ZR;u0Rak7@8XPuL|#x4lKVTQx#bI$XsGFZ7i>E!lWAbs!h0q`-8Xi5+8Sq{Cp){D{^C?jMQNS$}X7vYwe$jNkHQ{M!a^XTu zyFzJbK*}1((5B2N`Iu4bTw;YXI0+>?o0^ICH7fPl&5S;0+(tmsbGc)B;c!@NW) zVF$}xy@zSvTQj9h#jl&J+o843Z3^#ss-nSXv45`HW1F+uq3@)U@0vSOn{mI}W_T*= z@)Q z4jjL*em_F<>2I#~vw68^w%_K$Y*$7o$dKy{?S-Q|gNk=p;bT5ZI zSVtZ`EKvc6`C;Ccrt`L^-7*kc%k7(-CxX}4?tPwOIBnPAF1$T5+^;3~H));Pa_LZR z2d<9DObjSn3+v`RXOVg2HGW*gQ&~c}s zd7aS#Np;fwuNmwAP|`UG{1M*ydp(H@%zSs=F!Z zBIusf=0a8In@%P!y!!SQ;TDc26i7|kWGpmL{J7nPz~u40Vg!|GWap&Zw{jQPc|_h9 z)WRnm-F)7nMYGU&b?K+$i>j@j{>T%pw#^)6JUZV;8vzaGN|)>s!r>iU0qdKBu5*h% zlwEo$R{&H?_DffJyxGt>m-i{|?8ooXD$X|N3oh=PWq9lmZ~GRHX2^LE!F|cguHB#R zH@NacBbHtZJQp*>Rnm_-#Xqzgv+d7*5>kBj_fZ3ia1*8=|C0Uyhn$jKjwYtq(P=l* zflj9cSP;|X%I%#xsJbbxJULY^EiN#rka$q_OsIu;G7H>RzyIzYpx8opA3)K2WwyvIw-15lXY_V93t1(?% z4y1JqJUzG5n;*YG_aS}%jCUs=Bp*|06CwvV4^#uyib_@$3XU6m=j>O11L1SdC8u{z z3;0)3yldg}J3C1W-qU4s^Vo4a^w{noH<-P1qXcw~DFIG)-|NdbOKr+t%awYuJS&Lh z1D5P^JPt%_x2GN-{B9___&)!x)l;Gx_Xm~bNB57>IV_Ep+}h+-Oxxt!-@)81>jeN- za?MVaUj?`2^1=^rvO(GrVD4YCH+31CKPKPVpGP#Mv;V?J`3!YD7`ixN)i_q7zVPhz zOaVrs~>7?qIsqzouG&$zsE8ur_lxcp^?d)KFM7s~BIM2#qK#`V8A zR`e~vuF&N`8C8m!vjSh4!1#+_Pe!=Lh&7hU3{LGlZT-yvQr2?zs3mrmxYeuNk(=We z4_KdbJC4EG`-4-3v6c%G!*d^7BmD?|ksdaId6NcT1Da^Y0$OhGbpov8LckBZnms+$ z#Xoaze||Xkcn0-AR>;tl?@Z#)-(6Cm&SABJmpx1+8#(R5fCl;2Ex+$^U#>4roP06) zz_es{q`eU3X8)#{d$|w3&xD(dz)Q4vb~r1okfYUsNx$}+ zOP=_u)1Nv0X#Sq$Yl7F3JK`c|-!)GmkPIRx78s&v0F4$m;9wY{#w`Z(e$~8=wmw9v*9j`z0 zc+AU0TGGX&uFV5+W+yP)YV!#=FJ;?9l`w4GZw78sNA`gAdC`Xj_2bfcQxb~$95I-Iw6EXmib7O+}%te+ppTRJ_e6(1{RD%N~x z+#=V03@w*5e=p|<`xQ#yozotbo-twC0IN$sYs@f0)bzD2m}PdC#5Ikfpp7|E*4;^y zB@kWg4~gE0edmSD;ipEa2RcS`I2xjpxm;s*FtS)b|1KM226S`kc>TiK`bG9yBNP=Y zw~5*YpmBDNq@6S1jx;>TFU0ge8Ww^6<^>B5X{PT)&k8Mw(zvTnI{l>=&GdhId`Pe& zxr`}>Uy$ie0xRrNQ9pRIuZp%^;qQ#(0K=iD<(~6;n+qV$e~*=qk1reK8*LzBXh`xP zYYO~Okl(bCXOw2DO64xca|J^V_1}UHwZG&8p#qM3eI(Oy@{@>Q$h$Mq!dpRX4#fd6C8`qwH^Da3>_ zuf<$m1;F=)fIt(kG@x~~b0wM}auXyjx!diBieBfD^K1<~Rrueg3Rcx$I-KGaV_MQ> z>=BSI^>_S#-{8srG#ce`-Sie%}A9obx`u@N*qa=jHekv6zU9O3qmzKV>FH zN3p9aU`NvRm%7(Ya0zo?_+3j~-C38(TsTGJ?yS_GJkC;-_`UAWqkyG z`4!Nya1Xq0+{?}S!g>RMo`qi2h}fUY&qzu)X-q7rHxzg+S_m8G1Ip*6oqJ|` zbBdgXqz;*DM&=%9h@jy7cXa$=1?jW{9BK^PaYgTKHd6D3>Mm9SjohOyQzj+z@F)pw zwt8FC-Tun0QT74D{qVu*h(o3qh!kKS@vB22BN|PVr8|NhNgU~BZdwOt*xqDlN|CSQ zZ_T<2yR;|DU=;&^GDb#5N%!f8(neUZ$1gcVEF9^HU{EtVdFcO`-^-!PDIWIE*{?or zOD)Pu{)93lCT*}g?e6<~;j=Uz00m~dm_Nm&r}CXM4Wb1mjEn`oaTo9BzG3sgHyUZ1 z-px!mF0=`+kKjSkYT|K;?SHyA|GnhPZfJ&*kgy++)k%j zEABlOUTEXc0nkk$s%ubsoyR{pcWw)L1#EcQzN9S#R}dsY=BYt$JPk3pZU=ifH`x%K zhNSrO#k;ZZJ@pL_GYZ%90Q0+=VedPCOPI++~lRheBEGHGGfu^iib{k22!r}F1a6VcI3>#&6 zZ)EwW&!7I9EnujE%ykuHx^hg&^E=;NIi^Yv<7@*s=iZBRfH^U<33-CIaQ2FTQnR13 zS(DG8S&5A2F32s}(Isdsy#or2o$Sgtpz6%7W5;ibe{Fv}YtjtM#2=Nw<$UZ( za@HxV=fsBljgMALz+pcVFo~It#J6^7PZmeNR@-80I657p?+H{EK$f^anw03--@V)2 zt{gGaY~yK2QosKa0|S|3)-d(XK7#51Q<13YWfhUa+@Fd5ndn~o_?_r{zA1qYr3E%W zb7GcE%ezFt=;Lr$<0cp>l&0sPnNqLB&V+U6D&)yZ{Mi<=q+b;k?A zFz7e704*;h{%f1dXU2&vZ|eO|<-Lry4w`&tfPCK{FF1!Ur^Y`&{xGSg=Oe)&llJIC z=%7gyuE*{Zq)sTsBHeO=VEIH)rX^y*SSAGdHB-b#153*(r?N_~jNX?mX4r;`FqgX6h`Ne~k>Ac{6f> z1~9*$BYo`s=ceFEnz+TMg(ulQ!t=G`ggmk95?Y&34BKao-U`@4S%twlLg}AE_vyxH zbjg4u62mrFVYFqINoZw}I%aHi9T92F{L4kE?L*^aMf&<(B$oE1%ZAJRVA0{ZCPyb3 zYMqILeP+*gAn6Y@YqWO~%t|~hw*UzGS9^h=@b$09Kg@X;*L69Z!GWHVF+nGQ8iqG> z(@z{U-JlZ7)Y0+Usr(_E}5<<$@-hmSHSqG=6*#_h)T7iG=Sw=O)Xdmp;b-i$a~ zRCcFkZlJKprVaZ}5s%Z1e>COiTs|*Veo>IE|0q`f(yPZu_3g7ggRc6-vNbZy=Rq)Q z%83p3;vy}~(brlG)EI%%eL>IbWs9HRQ%a=tlsR}$^y`AmJenfr~Y98pyMrxW%fbI(h`K78{PA7bQDo~C-E1#;aG z(});-FoZ^JhsDrjZjxri>hbiPsiX+B-+fHN!M_bszCpoLp}?aN=2{zCz$L)y#QZAg zK!F}o7g9(+zIxW6{&u-f&DoN8;svC1nGLMIKzssYO^2Ne>y_*~w3yaSXFv;j=|ia! z`5wASq6m)>LGbDhG1`esztXpWWt&O6K9cq+aWikdq#eW~zl>!N>Pz2cg#F4op1XOL zypYLx=QUs_E}HC1={*;W)xG{chDbOmQKb*vAJo5$%{jS0h;BKPmr1$A1vfUx4*AI~ z_t}E$ME((;Hw@~P0p2c`Ebpc=2Jts-Un07N9!XVQ!K&T*17h&V;dK53#Q<$G$3oPg zi2k!?P+h6UVXps^=M#sOUrm6gu;5Xc-77?jKK`O($J2(NPqCPmJW&<)ym$?=PIR`@ z`z8eF!FjG_1 z0Ti06$r}tIT_9Hg=4EH6A2f+-8N-1q+c}I<_Howq4?|S=$vS$zcfxsXM}qfb#WAG; z5xTV@J>M+8UD_o5p_sf)Kd0SX@jJq zQo-pzzoEq>0D`6Xf(@Dt<2?==@)bo~0g54_GM+su^ z2({c;1sTP022^l%zYTipsWSaXE@auf+Z3EEn{^~=E<*<_9~k)}Rbnlpbu)g3Xk=!U zXYlSY-3RS+LTA^L;{bh)A>@I6phhAMx&fHW8gak-WMEbo)@GcGv31aiuez*h+5C7# zbLG8_w`R&|Nrn^POPM+!A4rH!v^oA@Zx01Z7x^4wMK%wsZXh6d79v+{Vpbcn6e4h= zxC(weGxPq|n=5s4&~GyE_#`5UQMwLR=$si_`H-nl5OzwTx!0YmFg8a6##gWnyz^XW zbDrE9H1n#yvxP#H23MTPo8M{4W8f*t@c99)Cj3~jWX@e`Hucn!@EZL3^Jga-};$o6CQvxXo>ANKHEDAc?1oODfHpJ5d*}U%Hrr@nJ?cGy+0EtChLJt;I zxx%8kPRjP4)iJO^M&U=W=9%#9GhSGk2)B7g=XO$AS!4SfR$h7FTo)&LCIeEz!OoNT z$9borAs(vtNW!$x5HzmmeQ@#;_XF?%Itwp{*yMk-Niu9EHd)h$89JC-n&as7@?YxS zHor&vxd=OqbTi<-YInAM>n_4$LnHG&QZ>X-yEC^DrL2%%!E8lrK#gAcK#61PVbUzT zHpLDn@BIY&P7RfN<;fW+fd=Dn<-qf|AbPe{r^B={uS38il;%)NJzd zc*DH=T)$YrN)!KJiA#!F#D$sm-e}FvkIEVN3}}-jj@T_!{xTA%y7Mv#e&_l-(t!EX z-`*cOC!YOuxr#&<sm}ArlhST z*I$_47gB9@T++^ohItk|dgaYMc=2EXvJraf1*b)4qKq2}jF_ZBO|*#2`Nb$2l4No@ z%`^nNDx)X#UqbMm(8`fA52oElPURNVvLy^v5k)g?jNPeBo4@$=eIORlBZ-&Gioden z)`6UxpbNSE4C0w;Ynz6@$KDSlVYPk)$1i=4jH1$orax^iC=?Y^f4m*8F_8V`RcgG% zz}gXXwm5?843pstXA##*l^^7v;nLRF)50CEl3kAK=T&Xv!SHJMLKc^@{PB6s%}yl?Mu>X)VVq!)%c1F&=@Qs~&vu8e(mO zK3Y>-=sdmqzWFZK`C&OXD(~bxlG=(R5a!n2DJH*Nxx0mLOk$V#9s7wOq@e`YHQtdF zv&M1H6V&@|_|Z#93YJ{?;8QmVig>M*b{+LqD^SZc0_<%272|_?uu#93e&yD~Q&$A&QG<_j@l~j7@3e^UtMvG?_lr0S^2I3a+?gDTG46_2` z)97etWO6U9{n+0H$+?jL!+fwy&@yrK zx9$08>IYpv^zPtQ{-xXN)G6&h=nA-d_3Y?QDd$lA+i23YUPwOe7sb(`88qXAdO`4J z{(H}_rkHuSA?SqB@bG|O2)O>QGq{xhV)UKCy&rG!2eO4O|4-)X?^2|$AF6=4-7o#<2upuc1>6K=GGa^Pp;ae;GzfLMZc}Wr{SH6&js@L83b|n=8Lu7v2O&`o zrECNk#w+*WO=?5KJ;$zY>FE|pl`CxYfoDvF2636YO$*Zb(IHO)V0+kPaNoH*?rz?fQ09v1x(NOfO)axIxg*%VucuqmAu!#51<2W^BCPesD z5WcHDOfs_`Kk^u(BhrNjlu3|t!y4@c8FGdZIpE=H_{+iYZH>W)Thy?Ip685`<(!U_ zqNFBOeK)X7CE4V!MM)L#?SJb7~$@5Q!vZoqB>9+FKX;f8vph z^jLx}@)Z&HS($HUVf$w+REq7rMpyIPta9O%7V&7b(e#k?gDw1-2@XnM&n4Msl|>?- z0oAk<2LHS|G-tY4LSR*wA{aC?GY5}E{L*UkZNAb^-B{*q^(EUUeRhzXs@fuPN&dt<{!daN>@763`a@ zco;kQ?7_YXqJ*61Nne&C2;zW^fb_%jxn?<#Hzd&?C$7pCgy#)sg_dxZJ!biL=hFn; zDS86}HeUt6a3uG<%%_Bkq0*Z+r}%4FlD*rGV^F$*FCZ)WN40t~jmK9)Zk*PltJm)+ z{eE>eFp%OsjkE(IM`&ze~rf7YR+_s^ZE@0>6kP)TqX z=!}cD+9nq4-&r$ackI3?kPTX2t(5!iXa9K3oed^lsY;n|k9$c4y#5 z23+t-1kkL3G@?gI3>--cvlMLrKuskBHRc7$s*|t75R_>!wl3AQuNt%nu1T?16D8i^ zvwy+p!gneug~1s4p`9P>52E~R&1gV41NNt}!Q>sNcM#s?J}4{hH7qhp(w>6u%}0e6 zHOD0nE+@k*ExGHznJVLP%e!w5N9ke44 zM#{a6B6$_&E>3$70z^S37ePo@Ei?lcN(qmS$Nn2!uKRlBGHZx3Q2yS zz8mJw4s*dVDE9zwKwmFa!M@xQZGUvhZ4eovDSjj?dAm0f(ObFDv({?uwEvS~<4Id? zUH2=tqers6$#77e(y(%4w{CEE+fu7y%`9nw4ujwJS1DAh%F9ajHGihJgU2^3+{!Z9 znkr+e-l#C#Q}FKG#+B9HkUI!S^2DxfQ&YNAt6UtaO90b=dk%wf_i{3C8-l@vlUDvqn+vehYpClBkrQ$>fQIsV34Q$rF#c5o}>zaeu@rQwBM7f^sq0J zXzIa0_I@%zz&;;5nk_y%&n?^5y~$;-`VJOA0>N|7D*mLvg*fz}SBjL<0d{m~SsG^l z0q1iB5U9+zVL~rE=+*662QW7CpK-9p*#GXE{RUVuu=wAE;83xLdYbIcq9+ANh9r(4&_;Q2h z^>y8eH7lsPFW6)SiQ6nr*lr;#ZGVjBNC?cP`x;NVyF-W`(&^n-K~V1OY3VE~wapkc zORjJBwCDlq2m@_0fS9IgQpbrc$(tU`Wz&zseaB`BA-yMu&^aO0l0I_CbRmS7ZLZ1S zwcMm#$KE7%g~QH(Db58ft;Q+=RW_~fe@s3vn=c+BftZY3(2Mp^MKFy-3*M(YvoJRp zd{H{Lc)x-)3VpCJJ~vqb&NrC%fxQTns0UJ9SRpp%UvnGzj8g36NYlL z2rsNGa3r?28r}7c0*b;7gc)ONg(Ia$EV|8Y!P5rk?SmN>HyJoRvFSn{{OEG=N*|B# zCEM*x@nC$KYG|2^c45%o_IhDV!yjH4F_<+?)Fc`6|5N}|1UwwOQ z&~W1=opnTvQi;}uep~@@hZwBFt(08?8$HH-%RV}K=T?j<5H8Sg{@9lYwxHrW`Ha)t z(|@TdollXidd}Z8h&fNyTBdL}l!&bi6qqdvsr@PO{scBb09~q5A&W@GYDr zO&R5g_9mq=PH?JcUROG$zOt%SqUWKTDb5ccdeBauEEAs?tQAMWV;vA_Lj-*jc$MC5 zS<(s-C>JsUa}`8|6UdN<`^xA~U^0zp{OJpi+wWsW)9EagX~$+W6nEMXDXO6!A9Y;T zJ?~{m93eWTwLr^N@!2vTV(-T{O9mGzHeq82=z<|FX?3AJSzfzWL8FPi_~&4tQRdgp zh4IZm;L~)W(S@-@%S#XN1~AKh{oK1-fSztP=UWX!wU?Zj0t$O$xjBDJizZ#5JC^&^4H$4k>6?84 zzd#d;rL(cKpzQX%d)5nsM~o&_0?}XskB4AHa#CZ$eX}_P>;J*(-C-6^X~DLc>hz=U zICEtkr~HDs^q=81k)DIsG@BDY{`?Hh<<3x(6FkH0e|N~HF2n{5 zA^QS0N2VfVGz)`%fE*3;azhE5)+Y^}?6e_z0d#h$0DhfS?xCA{DC>F@`DYTtFGqBJ zg3WJ&WK|@-q<6Zr<|#I|``)v;-6fl?FPKkR4aSks5`kw7nw4TTn&G&O zVXJa8;2CMm@!IUR>1Pg*UjHf#w8r2_RTbY;%zQt&R$+4xn`Tmah_#QF>)+BphQBR0 zZ>jrR910Q9k#uD*Bd(OjTLl*y4?EFqlN}lhR0?f7DE~W{4og}r1y9AfK!TBe!48(npS}Gd$F2wBReB9+$dNs0nk`PsSJ(DY9lAh5 z3g!HHozrh7eD2LLLN!J6!SgLu)ZGAFBqYYx0VWLcM$?Pg%cApB+iMDAT|cTp=|gIH z^5ScPl)nQFoVOU+KE36e^c_~rZs(rPy>Tty+TqSt@s9+Ks;XlybF2}ev>43;QyUq- zVT*fDQs&qDp(VpunDbYm!EJgO7?=Z9791bq10P!%X^Ybz69l`uHZ!0#@Ob7VBe4nf zr6W#i>Mn!ei#E>p{E|SS(idb~REf;3w%1(oTdKe@E8W!s3@wI9M8|d1hJVb$>Q}*a zOZI?)C7%rRH!JMkP_a|O%adG>=(Dyr7xS|9vmC(8xo0wiO}tO%i@QA>vyY|GUa9rY zD3Nn>V!a88mwO#^3{!qtuQM<}?lRtFJL{ofXmRPC^(|Poe=y&e)Gk>lc%7%;W|M!S zw?-VS5}-j1;$~HAmGysb2!#^HznfmUXG_uzgnfCuj@C|f< zI*Xn}_H=7%5s!xBBY5u|h1YdwK7hK6%6kcwsX`M-TH_&FBLg7;4`k496RQ&NBX$wl zFRVfJbhQL20A{LBZ&FyMHB0+DPE2bdUNI*roXB?!Sey5X5)uL$_OylU@!+TYXXKv8wbRp8g1M zJ7R}=UC{>({V&uDb86|ov=~4hG_yaLqY-Za%!8#1omQs_z~A5s>`VWh>AJZsax=H+yHmT>t$C8WPDc+XVV^yLYev@JNW^ zu(jU{d5Z0XpUz2hGjMP!c~T%Z`cTXK{|JtY6$MHJ#kh1|?aR`jE_8=gI$Ibs6B554 zFTuq~3lEjFS`Zrz>!+4E(EQY~hkOaa1L{zV@^Mwe5!ZEvRlC+az#GzF8e2~m=^3!pd!V~xt4Q)Z5P zOO1Yf;1V}UTya2}J96Z|N7^`K=k{H_4p1H1&QEF=%#{U1-XyKM=#dz8YiEW)HU$y! z{dnTbc8i(g-LaXEQ1F?#w2fVrA4AZVgc?J;!r*eix%xrbfN)$<*?Kj?S(t&w&S|l7 zGr4NBa&blk*m{#dzT0~i^++#z5>r0T+}kr@dU~n?HQPB=d91Q(kj;X6xTu|_r2F|A zs-c1d+xmsJd8B0vVIr8emT@+=U+MJ>YDl(O4S{2t+^icSE0E5~SNRhq4GL{{zUY~d zfpofT`K!6rvZ4ViiB#xq>YC=2qLeGe=L5D*_l^CGC1X*|-ze<{^HC*CG-U;c&ZVAS z_Z{}W&nCIppRWz~&6WuTTkq-PmG+k-=jr2}c9aXv++tdNSheQ2YTfTu@(y*#c$KQW z`tHLD%=;}e+{d2V$63a9cwiEY9ox8oW|?~w(({|wrnpazsZIN^VEEqePIzRM)G?J* zCT^~jf<5u7orlLcCN88e500P?yM@wpT05~32Fr)`za+~$e%x3PQ-#50TToIiIE>-_ za?R(>PU4*ldC3iyYCEUY(8qc< zr5*FF3~FW8PElT;?BQleEhPo!H!pHf$7|V+W=i|n5 z&9gaC8gJniG^gw_81w}GiV{EJzNk((Ud^ZI{H%2ww=OmP3Xo+pKyH}}&DatU7&JMT zsPtQO_&B>b>}M|~za*jiXYjLP8{S9T7p;9;k7=#GD^yT#7Y}~PI8Vw8zBQHY59I2t zWTrbz?NZRl1X>}R__Gr^>b)C94~glz3)dbjahu@m*waJEs(JChD%!L!wUre#6YLXK zzfhk&cj*&yIcl1AB_41!`2Y~fmZHW_#4cHVzDCD}Hv7oIK9oY8VkEm@A8q@+ zHf^_)Oz1eXgB{;TWs`noh#lEOSv#7b$!hp@_t9)`s#Ga^mQW1r^Q>>U zv6t$T*@gH_t z4>CE0-7j9^N5#Gt{J?3SR<2%<^rIb7rM|^J16jFlBSbnzk51ERmP_(x6&h-*YyD*~ zV8!Hib5=pe;$cg46u(^HFF;ryJ0&H;;XBg9X??;%)yD1a>%Pv{{myF>LOdYHa&zT~i#$ZU6K@PmqIVdSffl;j-j#U<{RX+gU?I5S$}Y%GXk~*_ zakVOMqcuUwGRyZ-Sk zrDDvmL=8RGDFa#W7^ee{f<21_&iyEOP8>>}{3UZlIIeu*-Q7_0`5_B$pAc$MAKNE? z@Vz?Q-O5eRh7gE)YdydY^-si}XPHVX&Gwm4sL+nG z|3SR6dtU~Q&;rnN@6;SzcURBa$+jm=s$Kj^cSmR@QAI&9FkUEO{pEmV#$z zt<&vxr%4e9LbJ1ByBD#4k#!$8B~EH3RzB8y_E^g~oCk1{lMJdBs99QlzqI4)SdsN7 zpDddrH3J6qme$9y$IM9NHu2VDZLMb}Fr}=CZTjPYnkz3hi$3Aqs-9e)a2NY675XU^ z&w!~W$u`?axzoqXBe9>4M7=CHc0-GukA@7pJ5%1sCf7LKqnu-0s_w?5aoeGaRz_%?%TH`rrpIrf40AjQ6v-`kQ z(>Fia!~7>rY9UA`rg3U=V#)t-?YC&R&wC#KC6`SdvhjlI>h9gDhW?3fV%yELvKkK_ z%%5#{uRo|<4CvrNsdy?Gur~|4?Zkw+B|C&o(RIX)JWmvS6wl4h$#21W{oHUqMle5D z451$#aV}W2gzjB6L(5^BRK3H{P>#j0Xh8<(==_qt)>!rYONZaN@{5IGXV3T%JchN$Ywre( z*bhSc7t!QcOPa-*b%!@@ha_McyRr|mt8SV!(=`1kVK6vJw(%mh4q*Zl@bU>^1VB1}EZ+vL~g1_@FL|WR2j}HyOj}j`ZZAY8a9h^L6 zkLzs>{|Uu>3x`7A?J)(q1fnW%#%%g4>?cAqcP8hLwyL&(l6^zkfpKQ8uU%bT=XT{5 zE65A^2M2rA2U%l#3tp#JrNX^{z`Y8$dA4zR6V7Km-%p6Pk!W*M@;!#gXP<_9Q?&&p z+P;+bz4I_P;lz|zF0CBzLpdxvw!^1P72V5(e_>tw7KZ}ED_QNMc7|^c?kAQH4@#=w z)ZXrtk?vOU_vhKZ2rtiD#4h!fHI#ea&J9=JDD(gJslzE%v}-h_V%0Ghh!W^)9#Qo1 zQMDg(KcJG`o{R$JyzQmW4yoc2wRnm*SXBo$?;fRsakJB#!$`xN0w$M1zv}w(QW@%d zqL)_UW^U-;2g`F9WGKhk@Y+>v&*sQC&fUH>WzIGQwnt6O$hqaclnOFwQ=g9457_tT zTVZ9~aE1iqAMJ+$<;$5GkGe+R}Xj9y!o3AlOp#SJ+BkWw(A2OffOExbL3?ow=^ZN zK~j)<(gJTb&KMpG35VpXX=El*_I`b7(`y|=+}e}Ge15D~7KWD={O!jKc=M6B_lY#2blgNLhjli+?y(x3KqPf?3OKiD|}Xm#b}xupDi>mK8T)-Day4eK%!op$X^lV^oe z_vqf;=Hn(XCN!`_-$!}|L45Na+OSa1aQwG7oaHjw$v;>v*f}^H8sA;UD)<#AJUc8V z3d#+#WbcG_{^jnc?zQ~O4KJGpQ_5TE{&K)OcD-c*8Jz^;!~@1K*tiXsy}jOkdZP_3 zD$I=}E@x_QwfqU|A(%P$0{-4SJLJ&;7OPt?G=bNHJv9Wz0yYPV@Vg+nJx4$v_xUl4 zL}WbYE6b2{x0ZQq2wPnq(hE+Gx1`>I&Sajs@y5hRuhsRC5)=)9aK`3kH@$Aa3}r7z zHVGAp50GxCNtsIFI5qLUzXjUzRNTLz`S`a4-(mT-(wlOx7Uk5~RL68ojozXJcYPT? z+=)~<)}iWl0WnrIVb(CZ&V7~&UqzIk&U^f(vg*c^fTYq|h13uqGYvC{>mKfy&LchQ zw0zp{nvWA1!$x*NKN%LC3+CT%1Piep$M~WduaPtoaDEyZFP2swiVn+K?4>{zl4j| zk{;8*iS)fij(W$t29TfaRlJO=d*qanDsEJ&+d{r`{j&upvEKH|mylap@VH2x*!x}W zU%r3J5kym<0{N$}e($l1>U-mLGw02R-9$RNzB4kOT8dTs;&LepcYCdhJRh5*3&*@062hBgp_?&0^bgt#UjE@{rB(lQ=@%gj z#-^Mxle(9=z7bjk)_r(=47{FC`&_io6$|)<^G63QEc-xGWAT2a8gK^kaY9l zf(Fhn4iw6hUfpo}HD%O_68`m@A7xM`H!Yrmgh2F+J!5xIB0&bYc2Pp9(*rMH-y>p! zVp#T=rtA!e#DF8Hy)LkmBafl7kv@1swN-f@vKcqO&wcjhRIn9hheqB+djjI33Z{~K zrSkO@KH)_75eHd0SAw}sarFjQj^uD!c-QhA4QVY(oV=T%`5g+flq&4dJip^7dgk&` zWba@DK;M@QW_H2RM&tw7|7lE|?M=?GrcvYeu8O&BlH1fvsbCI0?YL~_cue&T(MV{V zsRR-u=llt!J1LkIkDt4PxoRQ&VDoqEPUJIb=%}QUS5?h5)Wr-*GDo+6T9Q4c#o#q3 z4ePHh3amrsm9K@Ca%Ormjm@*Z^W}ugeJZW%YGIz0Ut>Fc>mtm1fYnn{I*q=SD4Fdo ziCGc1bf_U}L7FgGTaTmXr5Os17nhBCxsQ~z>X;kN{ia0YjZ18qpt%IsAAmH;dkv%b zgbjbPDJqfLj=TYKQtaq!@n8ze5GRfp^sGthS$JRItk-tgi&V;k@50p+sz3cfj+C=v z2o-v(G`INHE|X?z6btq4X8Pz}{486PBaS|kVTfj%hUgXThe9o#twj?^UpO zXu`<<2A4V5Xz;p=_hVv*8`|(jk1_TvPDLY6<})uSKhkV?AJcI%(Eg^dFicxJLXP4- z8u#{pVt4>aITO3oq>{rHkU?NS-YM;;q1asFV$@)weV70rqW0!5HyFptseBOBVwA+o z_KQ_*A$^+LZ;$0QKU@89lQH1j^lP*0(e`*j^1(Hk5}{eC-JIe+6mKr2tsDOVhGpNN zA&a)rfS5g*MbF%$7sf5;Nl0?p{&>jsPM`tIK>nclIAanSWV`mV7EAvsNBiVEwIR5D zD`{7l3X8gXw#8W2=ldT1s#|SDQKWC8xct^FmTox0`?p(BAWM-=lo4S|a^0SKtv7lu zkMHVlSy-#jh1Zy?@F$Iak*|v*&dv+HElTOaZN1F6AZ^;XwHznme}1`-edogOhCSea zarV}6QFYP#D5(OXuOgx#V1Y7}lyoSfNDItRQqrx&&>Rr45D@7G>6xL2ZV*tqkrr^M zp}VNb*K&sM zOlIh|S?qX=~Y(u2tTaXfyAe!)Cxo6Swb-)b}Lo&Q$0z z)*4NiVu@&CMM}3-bdgFA9{Ql(Ru2fYXX}>t0_pqB*{=F?LP&gn8-&kML8tfx4=SHo^Pmwn4d;7O-Mg!p- z6zn;oquNzM!X2CmH0C^Q#Ww9|3f(7fAhKq|BAt7%1>$PS$f*UhUnMdNW)&7=MThlA zYx|Uo-0v!xdJdlNl+ zX2wFppWH_{j*Mune#R9_OuKdsKiRUBJP$VOMW<83;bys z9~78RYksOzH^Jgdhh7BZ^AAS`qI$xlyq8gT#UB?~U(Fo4IvW9NSmM5mfL5-@o8#_z zx}~0uHd!xG^g1;}rl>L0e$81@aa{K3@RJ}XeNU`mRJX@Wtpv5{aahi!kca{`i@ElZ zX`zm0rJsgmK-xw;`=z3-XBRDBw z^jc}DB$LM~d+<^7^YKE28XRK7H(VYG54#ynukgq|jFJR@??J^CACxI_aknKaV%{VE zD)AZfI|68hl?Fc9DZVC)#0W`q0>c4oI?QU-E7+!AaMyYy+PP<+ z0{>h$F!QR}z(zgo%sUYNRx1pB(LrYvQ+b?}FL+AGZeE}g0Ku!IIKUrCCQuey z`F}7A<*ju<_Dvx6d!4a+!kpIU9Ai;hi9motKoa0;aO7N8XSVA4d`A5<1)!>YI;iDk zE*O(wTl?5~M|cqC%ie$AeH)Q*s3UE~!RRJ^`W&^Yz4`4{+H?=o<0clJxo zt_D}gw(81 z#cnZ%<eSd$s(~)Q7$;_g66vr<|YuR20%;xj5tQ( znH53{&nPLoUo3(jF%38!P5h~_O{(X0znA*etW!wZQw?6s|gZOOpKiN$$ z6{6V_N!d>}&UL3xPiH2;1;HmP?N5@JUDYxI)D8!U>7)N?+NGa9eL4@a`VR+g6Oa#h zxlAr)933GF>K)!h;3GzzE+Oiq1zZjh$=C43%e62^J;LDz0!2*zXad{<48<&Dw;AnC z>fRCsl9RIlp|6P!;1{BoVOF*$L9k@P-$3i61P-v2zdec6QyPEx)HE5Wj|RUcoaFb$ zj@v^_x@CSI%TdpGLeK+!KmZmMk+!r}i(k(v<@UW?|fDqEhFlbjGX$o0;AdodOVP6ni zkiC+>-y)J%B7_Y`wC0~+x*&*q7wl@CFo3cUI7WG-f*=nzOiL?ezD%S~E0f@b^CUw$ zf7ndx{e7GTMZc7yPO^LMREy}aJA8x#AFd6g_Y{(vA&z{v-vmCf+0P+lQD*A4fg(zwoj{{_2$+hzyWvJG!f&2C)~Qac%P(PGNIO1*(Zb zn6sQ5UwR%Tj^5Ybahc=|hoduiO9J2p7@M-5$*_NKUkB*L_rGd?|JN}+OLQ$YHMRN2 zk5^66?N&=mJF8Pj5#&Oo1fe+4aIx}9aiE9(D7OA@p->zQqZ2Nr2nzFb(*G&$GxDEb zRs9jMEhxE6BH2yexkj-0=3nV)XMUq^Cb3feU1WbK!M}rfQhkt)G zCj%?c`xM`ym8&Av;0LJ_V+1~j$6q^OL|K7=Bnj|u!Urfdv)!MqExuJSvsg{kc{NUA z^^)$(#X%AALv_J)T&Ec=C>4YtHg`I~BmQ1cU8-zRcPtNI^YaCX)U(g^&@MganxUE1 zIa{SaeB*!hIcB}}h7T_LfLcY-na?)Ij&3bo@oxVFCYJF16EXh$UqviD35y!ES)o4& zW$jp{dm*T4Yco>v43ul>2LL73tb>W*TB9%+tgnVCfj5vS{`WHTW6O_m*ZVRY*;#bz zX|lwewcp#fIqgTBN&5f`6tRQ&O?Th6E)Rs7Fqr*Or1)P2DHhd$+TyEXKMvh8_4VmC zhbE$$XWH7R*w|~%n7N^{^%YK?q7rHFd__LPIx^>sxuHF#%t2b^&^7jv3mVS~Ln9Uf zT@-2v*=mBP?}T;0Ayv~4_ALZk)#lIEyhdTwoKIbB+D2dgIE+HhRUzK+H9Wqq?jiM6 z-baAhg>>lDI@pU-Mz6_l4kKM7*m3eqhDDX}{fRNmo$JPp#2 ztWQkvR)*Txt+0+TUisJwUOd{mw?^%gcQAz}?I%ceb6RY0(3Ysh=yd)Ue*qpAeV@;o z0FqU3WFM-S7|#CiyhtGmb_Jf*ruTrvM7HmyS|foxx)J`P5NQ!*7h$O`#?uhck&3=6 zN7T9@4>Zn>=;3KU01~%1_`_%q%eyWCoXG#qXyx+;BShqVF7Yu8A_zyAl=i>Oi%CcX zLI_!!nNCO=PXU;ofLx!gR8G6L{?qB_VRvRM9CV}X7k_;YvwM>AqSXp9MQ1VyqUiuQ zw5G}RfPd&ND2O$PI>~-4!)I}!)Th5qO0~SjIjDsuAf~Mg2nO|aj~MG2+C`vh^WgwCRgB))>U)J@YXu8>qy`ayf;qsiWH5zgf9?L|28^j^E!I8@ zmY2ruh}U8$&&HI-%O)~9#iK1IKLd?B{g5Lw&%g2kBnCxG= zH7>gCMkHF{zRtE=yUmvZ`$E8@he7Zn-U5a>;V}V>xz= zG0mxB1g9qOxMX*2Iml#&nx;9n*dDnS?VZ3%AQLGpmuB@Mkf=il_w2Po9=4|IU{Xz z>CMAwPlG)XZ3&Y4+oR42KqsY*+D6Et036Q944hKD*kavDGxgwXwX4NqHzr95>~b2V6ps?}|c!m9d{vkm(k*FbMQj6lIy=YH132 z>*B?u$e6?2PO>5*qvf}EMy`JrPowSFv3$VU-n~bzrvg^zW!Z)?Y?j~;DVwmX?d22<6-7d*Y>X?^a|=TDeQQKBOBLds06VJG*76tcc=@e<5cPeNe6# z;Zj&XZ?Vs9I(QbM$v_V>UOU}+bCMi$Abl)Z%#3i2pfV*P~NzE;~NDxO-v;tnlC%zJ4|CxQn zi{;-l|HnRCHK{*Y3%5Qx?zIDvXy#znD3aWIt)zQ@T&}ioqD{jn#Ex-46RZQ4-rua zz<-4)4Ppe&$p>8aChfd2v_;S&`)NtUOw@bVPm17165Si ze`Ezzd4lNS?|q{qrhoE0w9@fo)ox|Vxi8EHtLa$It$juz&Xo^V4%0?rolCu{ zx#Z~}B_`Bh>Jd@*eOj}p5gcQelhfcvR#FXY4Bq#RND%H@3pZ5AuY;^6!WTw__5Ng% zMp139cq*Fp=!GE58GcFq9v3Q0e!D)!e4Y6ikHYCWr0#q_a_8DS+>U= zJSr=742(|itE$uvUN^GxJAzD!i5)pOskZ_0*?Y*}Fod5~>C&#<;>M{ghxI#DEt-W$#Kq~AND^P|i*JX4!I|oK$ z!=)1dCDgLZ0Qlpl{^iS3%pL%@Pc7(h!L_pZ_&q4}7}qjKqudplbABLlu6`6;Maba- zZlj}%*n8lW{;e`O2^Ox6{~!PJPv`zO!L|R7+H?P^q7iQRKj^9_e(V3!gP^v*`z7JW z|Gy$~|8;!-k56jD+T>b-H2`?AuLG7`d~MWy3J=I2b{ys>e!8#F--dnzqMg(y}8;2pRE-1?GTa3-+^Dub?Y|+whgLM1tW-*6p zB*zTJa0-s2j_tk;x-Dj!Ekwhu(miDuswKzcPGZ95#nAus&eaJCioeP17Wg#+{BQW3 zb_2)fY^4_7*4)B?*MK(Emuc$||3x}Y;IZ0kxi;PKw;=KDuVe`cH6#7OtNDLbOU(a6 zwS-X@XgmoyHaE~G!4_Tn+ExZN|Iwyuu^IyQ7ge@_RP(opTU$7oS)kW(#bYq2VW-Tn z8Ge>4dLb?PG%Xgq_skmXi|3^HIK?_{)5uckDq~D3xj`*V#VVr@x-mc)LS#8y|E^J+ z^pZMZ@}$ZO|A!VGZ6D8r1cEXXLRU8~1ob2nHE1Q)XKp4_1~H0Sx!Y)jgLE)+f+)`) zjv!)EaJl|y_SnxtqU`5~wMN@T9Z>_V8^?>%*^yYdal5Qxqk znaLM4VoF4HCx)m;fisM62~$s2{4nO+zfx{bLvF3v_OPJ3yS4ZVXC!@bn$_1G86mG6 zj2^m{PS^ZSkMoJ8NhJNR3U+SBX&$y|Fn?6xprp94va65w<0Ea2qi6-&wzRbuiu^t8 z@!16-yzs9;*GqE>8RMq6cxPR(pWof2XsvV%`GvnL=9j?046Az=eL>sG=GDCB`3Oy| z*B7`hPm@q@YFe#di(QgSBs&gT3ly(kZy8w3XL*@@eJXR3;}gK`pm>{6sl2)@CSJ@%pet9&K`c{ z)@PH@4#j6)+EF@FFmQBGU{;PlNiH)T^0(T20nQ@8x3{zsOHmZ>Y1PA61OhU2GloO8 zP`4bd?Kh1_QC!NR$4zVf7>fAPS_)GJDQI``{`v^zLz7i`>$nf1E-MDIJy0VAayM^U zKHJ0tRc|oYQcng%YEe#tWYN7XI%bwn$gKqYe!3VLR8deVFhFf~-*Rs(sqjk+a4hUM zb*`LEpxN8%a;@I;I~8)fRo?qBK z@HJ5&t9N6!R~-jwhjNdXeF+OTd<*cI*5V^@1}l_%PAj0TuCK+Ad;`z_Ah#_KmP@`c z8slOGes zd(8TPuAG@hZB2Kh+1EbI#~zMfztIBRg(s4aV;sm3UjjMT9RCOCxP4bExf`5n@M~*h}7Z|+juP_?T3=ceBG z#p77BcE0siV^iLztWi(b4zW$H*)ydI@%LJT9NHam;;$4l7^I5#t6YXApNHs}Ve>K+ zioJtJj|ef9vdNF2EH~j*p?oX_I{(i2g)=dYr^|>(Fe~BkL6EhCA;I5~py$kM?*9$n zwpdtV*~=cl8O&W1uY~cx{o@g|g`i9QTZL4vMlYSm$kAEli9(r;%EL)9OP^v)Sswg; zCAT@^5U@YQu3K?ksRdOeG%($}8=Gc!wttefj4@WsHQ(!apLP6Qz%wU6O)GB^KRHST zhEWuOj&-h@@JB*hWJHXS+uTC{CRUrti9~YVN!82ixWyNIT43n!25` zajI;-7P{F5@d?fVg!tcZPPK`(&24Q3@iU$@M2RK0>F;L>dX~wm(g(8N3ux#4m2*%Mm%u#Iyu*Yl_0@v*?e7 z2ETT-Rjkco8W!9Gm^h0IbhRtoYd!zt%EenaL-^|Jbpf86v~17@z3#nNes$rO$J3}r z-k?uM$gS^mMw=;ah2kQ6(ne15NjX1@YF6Fs*%7E!u!d`|U}?fHLu@>P`y zK?|K@PX7|1<58<#syB2OhgR5MxR~s+u8o`7D0E;9VyL0^cqZ&Xxo}arlqt@|*KwJv zvZ#k`d)jhtXSnz4TO%n3&AbQReJmD_sdV46;vcUo!{LrvWU`to6B zg+;Zf#}?{K+BWA{?>7up6iFp>wIiW)=`7a;$5l#2EN95g^3(jB#Uz~J3jS%8NQ?JS zWwk(r788p7EBUih2Qj-;i&fmB00N!6TCZ{u3g zcYl*RB_rH~81aw%%GfjF>mz6$hqRh=F>_rpVD(rp+AJ;utd8&D4zfCfgM-jep_Rr+ zO*0iL-gWwFob#9~lI?Hji4^61dC+^XCg%1_)fwH->iJ!Fgu=oHg_1pTQSq_mrQ-!e|u>`}IUZ26<{!X$r-)xvgBwwWE+ z=lfNcgc9s~Hd<_Oa12B)DCfU;#QMn+x%_6oSsf(dC&{-Ul(OTjQ=SLewo}C0{oX8^ z*86sODsoT_YdPadj~|H~w2H+Q={HW2Ygk$=dHUE4eClpY*pX%%-_44iEH_Olckv0U zmZ1fU@lQ)E?Y@p_?r%t@d|ewlx5O=Y2b{!i4K5KYLPD3AW_M`Kx43Oq47DvX)qPMO z3txPAh`$C*oCsb#V1SOROxb9l>dG0H*r}O_C2A)9lLz*V;zlCAH-v-7)O(c9*q)9=j7u`X^bql#hIVBP-6IpoIhjV#En zv9q~v<;P(t{*)H$=hZFt-mh_daMQBd^|B_bw1wE`VL$(AHOd~KUif?=O`HC7!stpd+1@78elYzDbjuLy@9&$W*hk z`r)j6Pu6Ss#Gs%?-#pup8+Y$&V6`&HETXmC5i;AKtb{Sn#3dV&u=mJ}d3FaJ@kB@0 z7X6~U=cD@|F``zsp?I#G;fY__Z-??feRyli4Ek_o#BU)>Y_01xsJYWhKRd@miDHNW4sgLaf<5To9Mqtu3WHlffJ5dEv*Za+%tI1iHmTkvgZA!~3$X>n?>~(Z zAyWu3+`IbJ(`lZ(bN9j@4R`RHwpmA$t$c>DJ>KDe{Lp4~A&lck_Ias2%br}6Mvk5v zVB8N16MdGG-=4+xR9T-S@PLQ2d6X;HaiZOrhjj<qE%JHV%b?Pzx7{bVsAKwCL~sVxWK7E{uGNPjy=X`upCFq4OQG)A|qZl(Sz4yQf>; z(WefVJZ-n6y7mUs*C<+z1g6V!yK&onM)f-Cx?fV?UWh`bEry1MX8f(0!pqA`sF||e zcL~TyE7pTT8|O2RZi2Amb;i^^K2?W0R5i4uofCI@;nSY^FOwNO8kwC3iofh_Z-kW$ zW0R_vy4|*oES8BryLCA;rbsSC7zob}|=$t$m zVa{$t#K>%TVwA6&C<)zAJ1r*c78^g6Wb9b?aGjDPq)QFq(RZ%#l#OWDq4s1Kt?2aqt zICZ=0cbUw@AmkHfL*^CY4Azn~ha+*Grxjw`a23>a(3Vx%F5O}APpvLXp9`uLI{@G1mT;4URZ!bmLHp0#4vOW_>5V**X(xGj6wQLixV8u6_{ z2;^vXXQXnUdy%D;g;T4|2(C|*w58uJtiVFb>34}Haa3vPyhDxc@fbz3{}(l=^k52_5L6Bpqtw8c zzZPPj3a!3}&)#%fW{;5h zWFY+RaY>`6K-22Hjnx~tlw}t+FkGO$GJ!eYCHOS2D%G#{-)tsR;^h3ZxS)Sm7x-U^ zeP2dVW$W1PQ=OOoOd9y36n=xsi8zwuzfIR^fT-_7scS|X7;9X?-M z56t^Xk6HHh5u`-k8xwv{y{>X2hS~6bl%f+Qw_B8iqRU6R?tNW69mv7U#`f%QK@SsS z;|!o&u!LqK8e%e}^*+blr%zBWNV)ar$Pt)JDa%<#OcoKqM0^`!KGJeP^U)RM5=egAb2kfz5n{5lq?8zs@>T%^* z_P^vDAX+d~$xyT4|AbAy9A4DXN?x`evolLMoRu(;&z3KP*jX#Jiu*AtzoBb3`ufh4 z(;?kFS7+!4o{PLasQGev1u7`LFdA>WJ?=B5{CwgXPl}6AF~?d3Da*mNi=taBLE>NQ z^l3}8G8NFM8_owYT!)7tNY4Lwftm2jMu;#Dww{;8xV{ef>?u_Z%S@8dgQ$K@|E8#a zevlysqbr(QMMXjAoR0cjZ&zgI%&Dw(ZKqMucH#E0XVO^<&<`L5B~0GlE5wN`(iPYp zjuxvI{=O98#umv#YqhS;2KC;X;UIZ9!zh&QB)BJC_$|<;V!gFMWa`U=Esv4Li4Wi% zh)zoKd6=Yf_Y$RF_owb9a7_Ei0_zf@-gX`qw0-lspdrY7Zi%Gr2p4K_S6#>?aIFv# zWAsM+nJcuZkS9Q=)VDyAiRGw0I!*P&9D}qXE?RHc0?}3g@sC*S*}#nx944L zx}TL9*xu@>qaM}0z9F&1domQCkG^^ic88kppFICzk|VBL!mw|M;q~Z5o352MchqI| z8@s}ui|T8k5n&?7qgkm_mDxMlz1^d#Poc!)TCz))&9Nk5)+3Wha!u=K_^x!JP_)BB zvT|$hXXqGg`;vc1G~E%~4RW`SBe=j@KAaP3ps``}duXu_9u_vh7_U?3i~2^JAsmH3 zDrK*aleFngF%E>wd|)1B)Nfg&yw^$o>u2t?!G*1`%x_ApQ$J6-ejPe=(a+e~tv3G< zyB)E&=T`hk=Ls0c(2cu9s<${BF_crtsA3&ZLZr^7%eX}M^yN?84M|Kp(Wd2~mUrEN zv%xB*IDIi)jjG>fZ-lr)a;(GPPRQxPY=giGy+bh;c_xa0XNA^TqJiP%ivEFr-$Uzn zL}akOwcC2IAN2X-pLt{PdRm<;2iD8HM8Ig}qw&qMa~yHNb@gk^l~YK%oE4Sqp-=aQ zjzg`rhTVOwRjP*n$V2gLnp}Hn>y`8`qvc_emYT^^GeIHYiudO@Le5Wcm+h&(Gg0`-0*-NlYD79?)xCP2n7f% zLIN)oNr_ZD-oOcZ$Zz4M(I7A+`3BB&iCakDVL*h2ysPZ`Z462Ghg|_v$`h;hX5}h{ zEYmVN#5_mugW$5_zCP$jgO!#Er6FzS(HTNaiLmi_Tp$I7i|Wj7Ul%^mk8$Z4Tc<@o z8gA5qrXg~ol%V2qub6PS6eaMTXIENtc+_@I+{-tFcXZK@0R>dprc2k;4)gOMd3wY9w$DtL6)qUWB(VZ6R1vBaBk%)o2e#kF+)uy%xiDMwm9)0I$;U6S zbJZwLqh+2--|I_zDRdwg$IRCyjXLRQ$Z_eKa*SCE6`Fuo5%z9xQ%c8*!N;u;-DGg0 z0|kG8tHDGGp|PE)&vPt`d`UgOGxySy22p$K%kYYU>~lt>Y;ozYOoxAH%*N_LQtXMM_J)?d+(v&~ej_sZi?D~#m>f|NG$P+CY> z98TeyScZW#MwTKLNOL)OVx;xzQC_4L@V?p|Y1DUc3h|!)dl-Ur@M(lV#B zZQ)y$DQ3=(EyUkqXU^wT)KG#Ov_1JV6td?J^ZN#{25zGR-R8?miytq`3Jh)CS{#~F zDA(N(Zt*8IdVJL+r#c%o<{37M$!(^4BQR6(g0gQLT5WGj@>HJZbk5*R5$Art_At|Y zeJtO&WOq*uJ2A(%2mpAgna6)0LvyI^vgidfA^qoZ%>tHlox|spV@m*G;&g9L}*TM?LvPeGPW=CK;K^S1r*udm9 ztYEZqd(0{VTuMarf{p$lidQni7O4mA1avqq%rwpCC#U0^-}<>3;erZtc8+D=RezQc z^nv?AUM_>Hu)V>E&_TX_4Ph;M`#yMCv&Q4|vn-qRiCr22;ZbL;rxfqp9NPNO-!)<+ zz%sZ=OysTZz8~kzKl_?$qz1-Whngh+vtJ4b4|BaTR_^-!knh5v9PCBaPSHxgCXSu| z)h}x8^ige*F|DHOp)R!CD@6{?-)JcXDxiF)%Q2p$_|Z`hr+pN0S?I!oH4yq`w>7|# z!#l**KedZ4iEx4>Yo!M(f`q1cDjB$PYIJvso?ZcQB zpWeQHsg%e9=D6Yk%4usZF6jatxwe6fM%HLde7Bl1dGp(1R0^sXJCRAv8$zJg&KZwa zc@C`(S=kzdoic>y-Opi6zj~AiGi=a)nT-8u6;QZ718a@{3Kw1O(F8axz1iSR!By4W ziC!Y(zgJJn8K@Npa6?RS(v<7mA~0$9|rKMa{dGI{e$>=?^L<{hFs=Wy1HwPQj!@`rpn~gV>3S9qQeIqj`tju zUGr2KkdIl4V(~okb4)?(3DrksYfSUBd$nCm-xn+Pm&zHgxzQfpW`b|0?3+T0Us3#- zm)-r(cy0dMH{tp?{fS|-4R4yohu{+)jI4oe8p4s1xS=1@|ANK)R{3bC>N$?zvOCi)>gVve#^v%Wt+jI#uM@^TO}(UOL!uNNCLGH~u~6Hh{msqO5v+nfeUwT0!*& zD$}UPHuG2A-P%ZDgb#G?@CQ@N;LO6etc`;HPqlFY-MuW=hZFVB$&1)y4Cn6xkN7;SsaO$2zetS`S(J{OGwpZ@ z(KPt)EyXrc^ME&y;O*}xIPi~yDb~c~^(x-g>OFtgq6&?5k0?-wBw==UCc(Kl2p6v0 z-d$+M6ds5U4s?>+x*_he!%G`MiyD5_BspeDaK9+U(JHSPx zB_N7Y!}6PEw;>vYVvI;bJ27L(_BENy+_7u%+d$_uv5uL^N4Z9i1?i+xVQ>sk-@=fFGhsH_KZT2i^p1&j}b{A77R&XV7H^;AKWdqGgj+PU20}wA_U@| zdGzU#reAxFd*DrfIu+Lr4TpNzl;n|w3SGihW}xtqn#nczEk@m$Q0>eom1?nbOVmoQ z(t_Hc&q@o~9g^a3ZqMgA5LL(WcGskG&nBaHt*bKYpS^Crp~*~g`gDrJnSnh&okz99K~nCAhX@mc3VAY+9s?1 ziBXHogt85{&;LQ3iKHk?eEK4s=f`Na@O{!x=B5tyyY$C}bx+F`Y#3?<-uLqOv?R8r zJNmMj%k#@Kt8L(T&Uy^-V?Z6Xh%xBc4tb6!rMp{PWD(0fEKIPHHH|c5PSR-TJFGv| ztZE@NiyjIo)bdwymu67P!0MzXQ`)$HV6ChDUyClN_|Yjd|Z@pz}V zLwlaQcE`A#2dt4mtdo5L=KfnGeD-X`%-wvKDRnUU@+SdwDOqq90$FVbkfB1u$pLom zE{N3p*U_ff1!pF}D`0Gl=;S75J&CXrPW>qgkA3TvNTuExN0iYLGjpk{tEX6~rT-L8 zG+K*K{{AAKZC%V2oWQa(GrNLs2@I85r2{!mJ1cOh)J^jUFD7EX2y+;*ur5f%+buek zQsB>3_Fais3SYU_%#MWd9GoMmJ2|}mFMR`Dn~!XzYiK*PzbduIlkkdAA8kf8nWb8J zhmq_}GJ{k^4HGdPATLluJ!wV=&yCuBBqdQ@oX5Nc61917*qHu83@nO20i91;f4>ev zrLb)e9#eSJHy0kMnVLwr)QnWi304gz=-JxA^~Ixl@}a{K@;!aEe*MI148xVXR;TBo zBfLj(#pc4U+x(bEIY80PIsXMqYYZXn_BfY4vN)Hm6`*lm{=2@23`%@WB9D7xe#2Hk#Nwvj=w>_kU6%6ijlKCD<}=eR zfr0{vyyeOd1qo08s`Yg`SZx|+nQI$ChbW2sXfIT{4#`2cGf;QXB%k$^DpicCjy*lc z*^Ri=$1;(Ooy30+FGML9XsX0^e~0YNDMRz85Q{dQi4W*S95V>AoT;7$xKT7gz)A%C zkHv1pJqmS_2XKR^C_5dqIHzzqIXTB)H9iJfMb=Te!>b1q=b=tT!BOKGl7a0R$zv_( zcqi!CJmR~qU6ECLVa%f9heoofoQgHM+;e<3;Zci+PVT9x+k$Hzi+{Km#bfk1 zx!VvI(6!ACqzku-_p&sQ9w}ZCpPt2!rZnv7rJ%FRn#28j2e@n*Je|7W$xce#q72gG z{@L9!hIcNSNIHxyJvNPVKJwueX(WaeDt$b^&ZRm$-k-nf8CdXbX$n2eo)_4K{l0Fq z=S8-&^dQH9zby0c;$T`FSa)EVf;CRT?eU|dV*o@qN4c*J4<8?N9MAfmm*`|mkNwi` z6DBOVtmk=%*C*6P)ETV<(U~w66`aDIXn34MyRhx*qjo`@KX+9pC{GLl6%%H`M-@Ah z{zj+x=9UQ6v{)jZznDn@dSN<1YO2>HLf14x*45P&m67o>ou(8?bH>Efw2X!K8t=L& za-p+FS#q)8u(|qpzq(v<;CSWy@jsY>g9`Vir~J9^FJpH*2A<=qkMPy3S$)i3mV=;! z)}cj~~0C{(tD`3wr4|3j}{Z5SRWng8l8?zz>2 zX=29j9Ol=4mDIM&nk;S2zidXUhO0GHX*}FyT46M+kAWj+ptMI+vky0|VZm$MXUU8x z&~9oB@k5Cv>7T#fU;OkZyhL=J`q3%4hQ4Q^#KDSmdC{TA-dy^U>utW=y+*;Rq|;0; zQcoD2LPhQLpiQ)XX^T!>Y{c%xjuG}C3XB33y8j)i;%WE?R=D2X&FL7svYg=cw#}_! zJ1dasD*_#E^o-`-?h6#2zCuVV8!cnmqBXLx$P5(U`uWS<_#rAwr+8jofA5Q^U3g5c zC6M}Gs?f(+2|7i3_g#W!P3CzGgLg~IXX4!#RObleJe2A*H0nH_MWZD2V0^dTdEsJ8 zOozn20_mxT2R~uz0>{iu=EK=1NdIrUzObIf=%zPUv(8}@P7xMxWn=h4V)Oc13pbun-y0X9 zztkQRE}qsRoU<S$&-erVp;ArDaQG zGN#k>aGs#%Tdte(9kSYfr;`?Gv0N$GbkDF0EP8zVon}a~ts_D>=llLni~do!c)Y7E zv&Ty98||_N_k^;WJ*cIUslWn<8>UfO1N{ocNz-OPx9^tQ(eBLV9w^H#&>dwKKNq-b z?8Q`G;ki67Wm?7csb3>@c<4JG#nmfrpjqrv+b{3aFHNTl@edW-xD>k?QpdTyn-3g{ z(}Vk+`%d+eq*mRj;f6j@-|()kYL;}KHg(h?djD>(5c?%tIK0Fntl-;xSgJ(S=?z;4 z-^`5dJ8RKxo>v#1KTTVEBGU2#`Cyg?VQ1|8KK^^ZcGr^AxBC=vIpw)+|6x);OJ?vA ziqSz*_4}%#+D|X9`?+FXyuR&V``C&U4cKFPF@kpeD--pbLsmH!-`-zXs?Zv{7W^P= zcdgZkq^kcE!pD{bykJO4>_QJrg?nq93JXBNFFbaA1Mlsxg@(+Gr7&)C>9v#%~XTK;j|S& zlDj{YM-b2Twtdp%Yh_I(X)saiAGal(WTvkQEcbwlZ}lYX1gq|38dGHaupgLDE2t%$ zlTfFH_qtZ+~^sn1rqPoS6v6nSz6?mWvms zjy4X<*3iZK*@Gkc`rAH+ip3;uacYSYeOn_VZlqZiBO>?1?mE0wn^I~hABca{Fsem?otSVL*4q~BX?QH1zDJiQv!a31nCr}-K%VOqBFdooKp~2#g-o6GU^PgC*57&Y z?VuSbXk*Km771BER^l}81=5{93BC=t;52z?NHY|T=WXJf=~v(OVg0qTB`{@m*duuu z;;y$kmY!`6@c6yi607P9Y%Vr@O@hpDmpDN`iPRxpwySE@@5| zU0Fk)b80cuVP6asF;Fd()AQ^RM%7~%>;tDxsa$wXcqi1}=kmkac_})ti79x4DyLnD z6rDG%kCDi+KmdBJdddGgFCWh7UgT%Z?IuV4pJp#N`d=76+z)Kc>EEK>@+#Tf({_bd zW}K}mTV7MZtk+4{?|lOMsb_oQHcB%SZWlRi#u5FIA1jR9`U6Ci~Rs^r7NBu zIZMMD*{^T4L98l z?vO+*=bYJy5kJ;9N=fLdJ;XT#se*g4x5qM>_AF1g5vYgKVlgfKsWL^cPM;&Wbk`R4lbs z8ZO%D0s&uT-~98a=e`?<%Rya{JU(lO%lcnKoDUE=MO>MbnQm%1;p(SJZVnLJ6m!~+ zyoer+%>I3NS0@v zJZsLhgA6h4kEA&p_25{o0sEaNDQI_1=<0*8CNjkKn7f_-YZzD{dz(2BW3iPWjb@aM z_BX23Niz6!U+j}@rlyjd#UFSjTU>LP?LRLbGW0|@NqU7*ctQ$POxzfr(XQPnk)wkd z$@1aGXr_(61yq^< z7ZCWaHO=?^_q~7K-{su%a?ZWyJI%N|NKIF* ze-s#)+#Gd}>fo*?-gez$FZxZHv$F-%3Qy+kfX?kKjLi(cH|~y zfuSk+fRTbu*%AV0W>Jzc`4YkgIH8O7Wna~)f)`+@P+)&xfO4ODMN8Eq@4hx~|({ncjLxu{KLLy!{2 zrjfbQdj%AXK~f{laE9gHwc*(M$~3-3VJLgmt;UzcwBNSUmk$X0J%eNO?4T$-H;wk~ zpi5Fg<`5~Ycu&cGW#`>94R-BE6d+NPb~$W=(WabBc=Nw2Mo|a+8M@ra26CrKOCZwS zByzbe9T3m}blbP?(Pm$NOcXVT`tvRZ~XrM z&&XrLm2Tje~6=P93#wzSNg^sVntgrC`x9PtrI4^;o3Q)^wc0A>XbKC^C)h zl_r{!Fi}2E_ok4^sEpI0OM+CJ^vX0};W33kDFUJcrTxltph6=om2VMDDRPX zYk8=baCTq&thw5l{@m8&-i+pR6|ylgSa0gpxNI?z=MJkZl#BS)}Q0~ZkP z&N<_BQ0Iegv$A!r9oMi&e6%>K8xJYiXPcS{%TSE+*vH+w$9ebhzocQCjo8sVuJsRq z7F3j8*DedLU#JV0C)}rbMceB%a?ah^M0lwERfjye5q5*yW&2gp3Yk5wSGwYP`E3c9 zcUDqV^lsq@(6<8&R17pq0)S%1v3LmT7`?aJW*9{)xiwUj##?O#(sXKMJ};>$lP*5O z=?>eSd0$3%UwoNv&a5ZfI5JBo*7VIolQ_1OJ{f`S<%mA#rLQfa&^>gO5U+_-d{+_N z9%EF+cH4K-21^M{DzidrvyA-g+3wfG{k7d)#6h;Aw%i%825CeSNtSV>}5@mMm*<4vWH?`VIj8SkKAuS)vu_huqLqdVVUZj#Ph6LG^qE-A_uQ$X@;eP`ull z-Rt2K1j&rO#BjSJQ98b%wI-Aynr;a}P8C`SEI&eI6Wn}3l%5u9-?wk+Gsqf$H~RYo z=T14orPbCIC~7exh{WhN0Yh+OQFI7nZF30OQz*A4#F8iYA*9On-|Rn`n*h5FZqyD= z-Ez6{IzXiPKFV|#a4DG@guekBjLmsmO0pLA+&=Gjg|1ah#bne8Yw&dC;m6F5BpDn! z+(h$a6yMvPd&lp`^Vb&)uu$)Fv*Y@rF9;J`ET=kaTTZYbkf~05=Wm>WIxc)~o;RF} z?DrRZ2ul1{U=?@ebZS+=Ffexr=zB&1WE#tB`j_vYVd6C!xO|{^;B?^34mY6Sfa|N@ z*mf7E16|G{vc&GrRMd-(JFbPl#DO&bcPl_3`lLt4LratO<`X8s)zxI_Lvn98z%R6 z&ki<8i2rFYNd~Al+f{$B0x`GmwqNV%8}H&ri%;dph)#Py2*>Fs`x4PFlrqKrGePQJ zFsV3c5Y~z&&wwA3Ppu9XTz%7lsQ;%-1jX^WhUi3`WY%4X_-^2TAh=T?CIepYIh)gM zw0^R8SZVLWagB8_?%9`Y*g_E2Wn)|6P~|{`SsAe#(hq9vt&%v50b3E5Z&3T+PA6o- zhVb>)+WqRL8lZDfVba`Jd4C+<{d{jV$a5D2fimY`wEqEhfxq3IBDo-*Mlf+-H-bKfzV+O4Bv68?Iq%^<7%-TXn3Oq^jB zTK(qhA4`>(SRqLC_xRdD<1F(qjfWaJYK18t|IUW>yN@3KQPC1?;M4~2Leai|YrpPK z1hp;aw*OnIH+SFv42Bpver5wqBR?t^7hwKKihT^=_T>vZs9-yBfA&<%Sbfrpp0h-p z{rNEeouDhH^?jvmUSZGbM1l}rk0vy$WKOF7v?j11;HGkFDlHeOU=Bq)jwY8o z&|UE}aR^M%wFQBVJ~SQl80NmSvrJtZu zt^e*tLE5m1*Q>L|BNGOz)ornF1~ukiZAYt@-U74EewdYCnz}dao|h%dCi&j*92n~! zj~`vhsm847DXZ)}-&m24K{mDyahn^%Gn!b^HUfR*qZ&bXcVDC>SX5g!q}+$mCYgU!yCxu1h_Bm}g7cq{G0IzC%45F>P~#nkMGX z?_1P7edQX$=4dE`PSaozmv5cJ$6E4U#y;`m#2gkgaco|Bx;at8y34JIEu0O4XDi+; z=fi=iXFgzea%w7Zw*B(KOK9(vx90?QKoTeajfqb0XC$1~x98M9n?n!>)&bR6(NE*+ zVB-r1_pVWH@r;l~gl^^Mj(os1KUTnZ$SH7Sw>{?}vy7RCt`T*I@h8s@=)h+iy$U1d z1D%7J&tov1UFxuN3=7BP+bvO;8`6BT_?mDs{5xr|?w~(ZK?88ulG!zt4{#=3GU_Iz zVa4(Tewe0b-R#!VnObpzC7xJ=ep2We@I2MK#?fqT>8R_>G7Xsh0 zG_=!B34q5S;+j72Qk2PR)6&keZJgdrH6{P{c?okpffm=IqF$NI?NKU*7wI^xMv+mH zyXL|jiE_PvEbel$&>1OVb{5+DGL>c{fy-y4=6}2b-F;=$8Oy8-c(sNmE0M~U_9ey* zQ`bSn)BJBOZ)-nr&*~EtzR!z-9J`Wh5tioqhfW$Bpr|PZIm_a@fjV#xKO3VxQg}X9K~-66@8JZYcteWz+P4vE;D$ z>5(w$gih?Y-Z(YJ%}S9Kz!XUe7F$#rJ+796Wr5okaTk152s%;Ib06sAp)(TNr5(V| z`}E7|BM%sfA&-mv@UuhcE(`eXbnDA5Tx_Y5sL8&0B_DZnbcWH`VAQ_3iI!>ZEc zRprao8fI*QmXo~)fKc#5kZPzE#uTQZYJd(1JbR{GZQR-EXmMAwWrg?~j2-DLb{>?# zfEKqRJ(uaG-v9N^i4b~o0n}I*kT*E(Xs=M|0gr)R`i=ZAtr-~dJS$bQ06^;|JLg-wI zBl_Cny~U-_uJYgZd4lTGBR8C{6C>4b-#V)<2A22K?;C8nyfnIPj6&IPu_=fr@V{BP z$HIx$sEnAE@Xm21I;Glhc(iVr0X35Fl+5lNydBFwCRidiC%bj<(uXm3R6j@KGT#M|c22u@n#;XxO`OZ^ z4pgH$x0f}0>`Q;jr1BQS&Nm8qzb7;j0aExAMJ{HOXcbhGmX)`a+00tbG8ni|J-x5m?Ret~BE5!vLX4|;6hNZxgu zzS)HVH1yAR=ob~}Wm5<Nk85Ge3;$fJiNX?B8Z3wbi#6Cn{SxYDt6*RPlv{ zSxYM4%J-F3D@RzK`X>lEM_E`5NocS(JsP|m7Y!R4S$l(0@C#M%`=;*qSQS#!j-4b- zlRel|h6I_YUMj+Ng<`!1pLzyA;{%wZ^HmuU5$TI7g%_Sj=IfuEl)msxS73-(aPk!* zA%|Iy^af&$&$7ohip>QKAv*}DwXlk&y*CNL26qM)YHq%Xqlg0Bodv?=RAng`-qh+R z%~;FHT)aMUBKg&@vCC~4TC*|Bcj(Z5&S3*I+SiM3RHy!#Pbfnhm% zrX$8One+vTcgxVDZ2+N(bd{?~zR7nDUECfo*WF@CilGh!nfqqI$pT|qtTv(OsU^Rj z?CNUb)4W~q%Y1B&*Yt?Pe*k{4YH0uf From bbdd5bb9e44144b953d5367c62ca07c20878558b Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Fri, 24 Jan 2020 10:12:45 -0800 Subject: [PATCH 52/73] Updated description based on SME feedback --- .../microsoft-defender-atp/recommendation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index d41c53fd57..2da5fe1030 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -45,13 +45,13 @@ Vendor | String | Related vendor name recommendedVersion | String | Recommended version recommendationCategory | String | Recommendation category. Possible values are: “Accounts”, “Application”, “Network”, “OS”, “SecurityStack subCategory | String | Recommendation sub-category -severityScore | Double | Number of secure score points given +severityScore | Double | Potential impact of the configuration to the organization’s configuration score (1-10) publicExploit | Boolean | Public exploit is available activeAlert | Boolean | Active alert is associated with this recommendation associatedThreats | String collection | Threat analytics report is associated with this recommendation remediationType | String | Remedation type. Possible values are: “ConfigurationChange”,“Update”,“Upgrade”,”Uninstall” Status | Enum | Recommendation exception status. Possible values are: “Active” and “Exception” -configScoreImpact | Double | Secure score impact +configScoreImpact | Double | Configuration score impact exposureImpacte | Double | Exposure score impact totalMachineCount | Long | Number of installed machines exposedMachinesCount | Long | Number of installed machines that are exposed to vulnerabilities From 9d2341f1b5fc04c5a157fc7ca98b6e5c31880f73 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Sat, 25 Jan 2020 15:31:41 -0800 Subject: [PATCH 53/73] Update landing page & TOC --- devices/surface/TOC.md | 5 +++-- devices/surface/get-started.md | 3 ++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md index bc26815d56..faefd0d8fc 100644 --- a/devices/surface/TOC.md +++ b/devices/surface/TOC.md @@ -28,7 +28,7 @@ ### [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md) ### [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md) ### [Surface Pro X app compatibility](surface-pro-arm-app-performance.md) -### [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) +### [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) ### [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md) ### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md) ### [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md) @@ -40,13 +40,14 @@ ## Manage +### [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) ### [Optimize Wi-Fi connectivity for Surface devices](surface-wireless-connect.md) ### [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md) ### [Surface Dock Firmware Update](surface-dock-firmware-update.md) ### [Battery Limit setting](battery-limit.md) ### [Surface Brightness Control](microsoft-surface-brightness-control.md) ### [Surface Asset Tag](assettag.md) -### [Manage Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) + ## Secure ### [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md) diff --git a/devices/surface/get-started.md b/devices/surface/get-started.md index af2bc13af9..c81e994d70 100644 --- a/devices/surface/get-started.md +++ b/devices/surface/get-started.md @@ -46,9 +46,10 @@ Harness the power of Surface, Windows, and Office connected together through the From 51b7cc02616b183004229b9eb2a773c568bc4b6b Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Sat, 25 Jan 2020 15:35:30 -0800 Subject: [PATCH 54/73] Update .gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 4d2ce285a9..10c1b78366 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,4 @@ packages.config wdav-pm-sln.csproj wdav-pm-sln.csproj.user wdav-pm-sln.sln +devices/surface-hub/surface-hub-account-overview.md From ebf48163f309e5fe8c73e36ec937d7db90780a36 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Sun, 26 Jan 2020 22:33:25 -1000 Subject: [PATCH 55/73] Remove old file & redirect Includes updated links --- .openpublishing.redirection.json | 5 + devices/surface/change-history-for-surface.md | 18 ++- ...irmware-and-drivers-for-surface-devices.md | 105 ------------------ ...timal-power-settings-on-Surface-devices.md | 4 +- ...icrosoft-surface-deployment-accelerator.md | 2 +- .../surface/surface-pro-arm-app-management.md | 2 +- 6 files changed, 21 insertions(+), 115 deletions(-) delete mode 100644 devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index f8f2090d66..1737cf2bbc 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -15572,6 +15572,11 @@ "redirect_document_id": false }, { +"source_path": "devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md", +"redirect_url": "/surface/manage-surface-driver-and-firmware-updates.md", +"redirect_document_id": true +}, +{ "source_path": "windows/deployment/planning/windows-10-1809-removed-features.md", "redirect_url": "https://docs.microsoft.com/windows/deployment/planning/windows-10-removed-features", "redirect_document_id": false diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md index ebbb3fc3b5..f99bfa549c 100644 --- a/devices/surface/change-history-for-surface.md +++ b/devices/surface/change-history-for-surface.md @@ -18,6 +18,12 @@ ms.date: 10/21/2019 This topic lists new and updated topics in the Surface documentation library. +## January 2020 +| **New or changed topic** | **Description** | +| ------------------------ | --------------- | +| [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md)| Updated with the latest information and links to related articles.| + + ## October 2019 | **New or changed topic** | **Description** | @@ -37,7 +43,7 @@ This topic lists new and updated topics in the Surface documentation library. | **New or changed topic** | **Description** | | ------------------------ | --------------- | | [Optimizing wireless connectivity for Surface devices](surface-wireless-connect.md) | New document highlights key wireless connectivity considerations for Surface devices in mobile scenarios. | -| [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Updated to reflect minor changes in the file naming convention for Surface MSI files. | +| [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Updated to reflect minor changes in the file naming convention for Surface MSI files. | ## July 2019 @@ -76,14 +82,14 @@ New or changed topic | Description --- | --- [Surface Brightness Control](microsoft-surface-brightness-control.md) | New [Maintain optimal power settings on Surface devices](maintain-optimal-power-settings-on-Surface-devices.md) | New -|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface Studio 2 | +|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added Surface Studio 2 | ## November 2018 New or changed topic | Description --- | --- -|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface Pro 6 | +|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added Surface Pro 6 | [Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md) | New [Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md) | New [Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md) | New @@ -93,7 +99,7 @@ New or changed topic | Description New or changed topic | Description --- | --- [Battery Limit setting](battery-limit.md) | New -|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface GO | +|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added Surface GO | ## May 2018 @@ -121,7 +127,7 @@ New or changed topic | Description |New or changed topic | Description | | --- | --- | -|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface Book 2, Surface Laptop, Surface Pro, and Surface Pro with LTE Advanced information | +|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added Surface Book 2, Surface Laptop, Surface Pro, and Surface Pro with LTE Advanced information | ## October 2017 @@ -160,7 +166,7 @@ New or changed topic | Description |New or changed topic | Description | | --- | --- | -|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added driver info for Surface Studio; updated info for Surface Book and Surface Pro 4 (Windows 10 .zip cumulative update), Surface Pro 3 (Windows8.1-KB2969817-x64.msu), and Surface 3 (UEFI Asset Tag management tool)| +|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added driver info for Surface Studio; updated info for Surface Book and Surface Pro 4 (Windows 10 .zip cumulative update), Surface Pro 3 (Windows8.1-KB2969817-x64.msu), and Surface 3 (UEFI Asset Tag management tool)| ## November 2016 diff --git a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md deleted file mode 100644 index 92527470f2..0000000000 --- a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md +++ /dev/null @@ -1,105 +0,0 @@ ---- -title: Deploy the latest firmware and drivers for Surface devices (Surface) -description: This article provides a list of the available downloads for Surface devices and links to download the drivers and firmware for your device. -ms.assetid: 7662BF68-8BF7-43F7-81F5-3580A770294A -ms.reviewer: dansimp -manager: kaushika -keywords: update Surface, newest, latest, download, firmware, driver, tablet, hardware, device -ms.localizationpriority: medium -ms.prod: w10 -ms.mktglfcycl: deploy -ms.pagetype: surface, devices -ms.sitesec: library -author: dansimp -ms.audience: itpro -ms.date: 11/25/2019 -ms.author: dansimp -ms.topic: article ---- - -# Deploy the latest firmware and drivers for Surface devices - -> **Home users:** This article is only intended for technical support agents and IT professionals, and applies only to Surface devices. If you're looking for help to install Surface updates or firmware on a home device, please see [Update Surface firmware and Windows 10](https://support.microsoft.com/help/4023505). - -Under typical conditions, Windows Update automatically keeps Windows Surface devices up-to-date by downloading and installing the latest device drivers and firmware. However, you may sometimes have to download and install updates manually. For example, you may have to manually manage updates when you deploy a new version of Windows. - -## Downloading MSI files - -[Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface) provides links to download installation files for the following: - -- Administrative tools -- Drivers for accessories -- For some devices, updates for Windows - -## Deploying MSI files - -Specific versions of Windows 10 have separate MSI files. Each MSI file contains all required cumulative driver and firmware updates for Surface devices. - -The MSI file names contain useful information, including the minimum supported Windows build number that is required to install the drivers and firmware. For example, to install the drivers that are contained in SurfaceBook_Win10_17763_19.080.2031.0.msi on a Surface Book, the device must be running Windows 10 Fall Creators Update, version 1709 or later. - -For more information about build numbers for each Windows version, see [Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information). - -### Surface MSI naming convention - -Beginning in August, 2019, MSI files have used the following naming convention: - -> *Product*\_*Windows release*\_*Windows build number*\_*Version number*\_*Revision of version number (typically zero)*. - -**Example** - -Consider the following MSI file: - -> SurfacePro6_Win10_18362_19.073.44195_0.msi - -This file name provides the following information: - -- **Product:** SurfacePro6 -- **Windows release:** Win10 -- **Build:** 18362 -- **Version:** 19.073.44195 – This shows the date and time that the file was created, as follows: - - **Year:** 19 (2019) - - **Month and week:** 073 (third week of July) - - **Minute of the month:** 44195 -- **Revision of version:** 0 (first release of this version) - -### Legacy Surface MSI naming convention - -Legacy MSI files (files that were built before August, 2019) followed the same overall naming formula, but used a different method to derive the version number. - -**Example** - -Consider the following MSI file: - -> SurfacePro6_Win10_16299_1900307_0.msi - -This file name provides the following information: - -- **Product:** SurfacePro6 -- **Windows release:** Win10 -- **Build:** 16299 -- **Version:** 1900307 – This shows the date that the file was created and its position in the release sequence, as follows: - - **Year:** 19 (2019) - - **Number of release:** 003 (third release of the year) - - **Product version number:** 07 (Surface Pro 6 is officially the seventh version of Surface Pro) -- **Revision of version:** 0 (first release of this version) - -Use the **version** number to determine the latest files that contain the most recent security updates. For example, consider the following list: - -- SurfacePro6_Win10_16299_1900307_0.msi -- SurfacePro6_Win10_17134_1808507_3.msi -- SurfacePro6_Win10_17763_1808707_3.msi - -In this list, the newest file is the first file (SurfacePro6_Win10_16299_1900307_0.msi). Its **Version** field has the newest date (2019). The other files are from 2018. - -## Supported devices - -For downloadable MSI files for devices that run Surface Pro 2 and later versions, see [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface). This article contains information about MSI files for the newest Surface devices such as Surface Pro 7, Surface Pro X, and Surface Laptop 3, as they are released. - -> [!NOTE] -> There are no downloadable firmware or driver updates available for Surface devices that run Windows RT, including Surface RT and Surface 2. To update these devices, use Windows Update. - -For more information about how to deploy Surface drivers and firmware, see the following articles: - -- [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates) - -- [Surface for Business help](https://www.microsoft.com/surface/support/business) diff --git a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md index e43a14a63b..b1f8eced7e 100644 --- a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md +++ b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md @@ -28,7 +28,7 @@ low power idle state (S0ix). To ensure Surface devices across your organization fully benefit from Surface power optimization features: -- Install the latest drivers and firmware from Windows Update or the Surface Driver and Firmware MSI. This creates the balanced power plan (aka power profile) by default and configures optimal power settings. For more information, refer to [Deploying the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md). +- Install the latest drivers and firmware from Windows Update or the Surface Driver and Firmware MSI. This creates the balanced power plan (aka power profile) by default and configures optimal power settings. For more information, refer to [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md). - Avoid creating custom power profiles or adjusting advanced power settings not visible in the default UI (**System** > **Power & sleep**). - If you must manage the power profile of devices across your network (such as in highly managed organizations), use the powercfg command tool to export the power plan from the factory image of the Surface device and then import it into the provisioning package for your Surface devices. @@ -178,4 +178,4 @@ To learn more, see: - [Battery saver](https://docs.microsoft.com/windows-hardware/design/component-guidelines/battery-saver) -- [Deploying the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) +- [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) \ No newline at end of file diff --git a/devices/surface/microsoft-surface-deployment-accelerator.md b/devices/surface/microsoft-surface-deployment-accelerator.md index 7fbd031cf5..8fbc32d7df 100644 --- a/devices/surface/microsoft-surface-deployment-accelerator.md +++ b/devices/surface/microsoft-surface-deployment-accelerator.md @@ -80,7 +80,7 @@ For environments where the SDA server will not be able to connect to the Interne *Figure 2. Specify a local source for Surface driver and app files* -You can find a full list of available driver downloads at [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) +You can find a full list of available driver downloads at [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) >[!NOTE] >Downloaded files do not need to be extracted. The downloaded files can be left as .zip files as long as they are stored in one folder. diff --git a/devices/surface/surface-pro-arm-app-management.md b/devices/surface/surface-pro-arm-app-management.md index c5869a15d4..fd98f72368 100644 --- a/devices/surface/surface-pro-arm-app-management.md +++ b/devices/surface/surface-pro-arm-app-management.md @@ -73,7 +73,7 @@ Surface Pro X was designed to use Windows Update to simplify the process of keep - Use Windows Update or Windows Update for Business for maintaining the latest drivers and firmware. For more information, see [Deploy Updates using Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb). - If your procedures require using a Windows Installer .msi file, contact [Surface for Business support](https://support.microsoft.com/help/4037645). -- For more information about deploying and managing updates on Surface devices, see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md). +- For more information about deploying and managing updates on Surface devices, see [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md). - Note that Windows Server Update Services (WSUS) does not support the ability to deliver drivers and firmware to Surface Pro X. ## Running apps on Surface Pro X From a109f8f5be9790be3b3287c0f35db9e3e649d2a3 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 09:22:05 -0800 Subject: [PATCH 56/73] Added pre rel info --- .../security/threat-protection/microsoft-defender-atp/score.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/score.md b/windows/security/threat-protection/microsoft-defender-atp/score.md index 06f002a203..9a903d296f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/score.md @@ -22,6 +22,8 @@ ms.topic: article - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Prerelease information](../../includes/prerelease.md)] + ## Methods Method |Return Type |Description :---|:---|:--- From 5e3621cf0517e3124711ac430dccf120f200b655 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 09:22:43 -0800 Subject: [PATCH 57/73] Update get-machine-group-exposure-score.md --- .../get-machine-group-exposure-score.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md index 42995a2265..5664ee56dd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-machine-group-exposure-score.md @@ -22,6 +22,8 @@ ms.topic: article - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) +[!include[Prerelease information](../../includes/prerelease.md)] + Retrieves a collection of alerts related to a given domain address. ## Permissions @@ -91,4 +93,4 @@ Here is an example of the response. } ] } -``` \ No newline at end of file +``` From e8d128ae4f186881f887710a45a7197c495a09fb Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 09:23:33 -0800 Subject: [PATCH 58/73] Added pre rel info --- .../microsoft-defender-atp/get-exposure-score.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md index fadf3a064a..389758df52 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-exposure-score.md @@ -22,6 +22,8 @@ ms.topic: article - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Prerelease information](../../includes/prerelease.md)] + Retrieves the organizational exposure score. ## Permissions From 81165d62ab174dc92a930151e2e57d5e45252ffd Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 09:24:35 -0800 Subject: [PATCH 59/73] Added pre rel info --- .../microsoft-defender-atp/get-device-secure-score.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md index d2f1bb53f5..8a00435973 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md @@ -22,6 +22,8 @@ ms.topic: article - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +[!include[Prerelease information](../../includes/prerelease.md)] + Retrieves the organizational device secure score. ## Permissions From 92693e8cc85939b6262213cb2fbf5bb7b275c88d Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 09:25:12 -0800 Subject: [PATCH 60/73] Update get-device-secure-score.md --- .../microsoft-defender-atp/get-device-secure-score.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md index 8a00435973..dfd844de6b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-device-secure-score.md @@ -27,7 +27,7 @@ ms.topic: article Retrieves the organizational device secure score. ## Permissions -One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md) for details. Permission type | Permission | Permission display name :---|:---|:--- From c1e2b40a1e8d1dd5ac92941092d1615be2b4929d Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 09:32:09 -0800 Subject: [PATCH 61/73] Update TOC.md --- windows/security/threat-protection/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index ba2038ad57..5fefcfbc9a 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -499,7 +499,7 @@ ##### [Raw data streaming (preview)](microsoft-defender-atp/raw-data-export.md) ##### [Stream advanced hunting events to Azure Events hub](microsoft-defender-atp/raw-data-export-event-hub.md) ##### [Stream advanced hunting events to your storage account](microsoft-defender-atp/raw-data-export-storage.md) - + #### [SIEM integration]() ##### [Understand threat intelligence concepts](microsoft-defender-atp/threat-indicator-concepts.md) From 29da516e02ec9b354e5b8a0823001c7c31f02492 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Mon, 27 Jan 2020 07:45:45 -1000 Subject: [PATCH 62/73] Update maintain-optimal-power-settings-on-Surface-devices.md --- .../maintain-optimal-power-settings-on-Surface-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md index b1f8eced7e..135851cb06 100644 --- a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md +++ b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md @@ -166,7 +166,7 @@ To learn more, see: | Check app usage | Your apps | Close apps.| | Check your power cord for any damage.| Your power cord | Replace power cord if worn or damaged.| -# Learn more +## Learn more - [Modern standby](https://docs.microsoft.com/windows-hardware/design/device-experiences/modern-standby-wake-sources) From 09cc860c6bb00c06b23b8493446952a9b99cca39 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 09:48:34 -0800 Subject: [PATCH 63/73] fixed file path issue --- windows/security/threat-protection/TOC.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 5fefcfbc9a..a49cb4bec8 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -400,9 +400,9 @@ ####### [Get machine by ID](microsoft-defender-atp/get-machine-by-id.md) ####### [Get machine log on users](microsoft-defender-atp/get-machine-log-on-users.md) ####### [Get machine related alerts](microsoft-defender-atp/get-machine-related-alerts.md) -####### [Get installed software](get-installed-software.md) -####### [Get discovered vulnerabilities](get-discovered-vulnerabilities.md) -####### [Get security recommendation](get-security-recommendations.md) +####### [Get installed software](microsoft-defender-atp/get-installed-software.md) +####### [Get discovered vulnerabilities](microsoft-defender-atp/get-discovered-vulnerabilities.md) +####### [Get security recommendation](microsoft-defender-atp/get-security-recommendations.md) ####### [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md) ####### [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md) From 5ee026b828b03ed53a1ed30e42b8b42dc30b346a Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Mon, 27 Jan 2020 07:54:19 -1000 Subject: [PATCH 64/73] Revert "Update .gitignore" This reverts commit 51b7cc02616b183004229b9eb2a773c568bc4b6b. --- .gitignore | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitignore b/.gitignore index 10c1b78366..4d2ce285a9 100644 --- a/.gitignore +++ b/.gitignore @@ -17,4 +17,3 @@ packages.config wdav-pm-sln.csproj wdav-pm-sln.csproj.user wdav-pm-sln.sln -devices/surface-hub/surface-hub-account-overview.md From 99db46cd4490f827e54213795e2ba7a58d30f27b Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Mon, 27 Jan 2020 09:48:20 -1000 Subject: [PATCH 65/73] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 1737cf2bbc..12475ff7c6 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -15573,7 +15573,7 @@ }, { "source_path": "devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md", -"redirect_url": "/surface/manage-surface-driver-and-firmware-updates.md", +"redirect_url": "/surface/manage-surface-driver-and-firmware-updates", "redirect_document_id": true }, { From 8db6694234d804bb12a30caa932c74d70512e53e Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Mon, 27 Jan 2020 11:53:38 -0800 Subject: [PATCH 66/73] update with hybrid support --- windows/deployment/windows-autopilot/user-driven.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/user-driven.md b/windows/deployment/windows-autopilot/user-driven.md index e8fdb8a2c2..45520df78e 100644 --- a/windows/deployment/windows-autopilot/user-driven.md +++ b/windows/deployment/windows-autopilot/user-driven.md @@ -28,7 +28,7 @@ Windows Autopilot user-driven mode is designed to enable new Windows 10 devices After completing those simple steps, the remainder of the process is completely automated, with the device being joined to the organization, enrolled in Intune (or another MDM service), and fully configured as defined by the organization. Any additional prompts during the Out-of-Box Experience (OOBE) can be suppressed; see [Configuring Autopilot Profiles](profiles.md) for options that are available. -Today, Windows Autopilot user-driven mode supports joining devices to Azure Active Directory. Support for Hybrid Azure Active Directory Join (with devices joined to an on-premises Active Directory domain) will be available in a future Windows 10 release. See [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction) for more information about the differences between these two join options. +Today, Windows Autopilot user-driven mode supports Azure Active Directory and Hybrid Azure Active Directory joined devices. See [What is a device identity](https://docs.microsoft.com/azure/active-directory/devices/overview) for more information about these two join options. ## Available user-driven modes From 5ca81d0afa05bacbf17e488ac0bf171463fc962d Mon Sep 17 00:00:00 2001 From: John Liu <49762389+ShenLanJohn@users.noreply.github.com> Date: Mon, 27 Jan 2020 11:58:29 -0800 Subject: [PATCH 67/73] CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20200127110202 (#1945) Co-authored-by: Direesh Kumar Kandakatla --- .../resolved-issues-windows-10-1903.yml | 14 -------------- ...us-windows-7-and-windows-server-2008-r2-sp1.yml | 4 ++-- 2 files changed, 2 insertions(+), 16 deletions(-) diff --git a/windows/release-information/resolved-issues-windows-10-1903.yml b/windows/release-information/resolved-issues-windows-10-1903.yml index f6f7b30864..0554cb4e28 100644 --- a/windows/release-information/resolved-issues-windows-10-1903.yml +++ b/windows/release-information/resolved-issues-windows-10-1903.yml @@ -37,7 +37,6 @@ sections:
Unable to discover or connect to Bluetooth devices using some Realtek adapters
Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.

See details >OS Build 18362.116

May 21, 2019
KB4505057Resolved External
November 15, 2019
05:59 PM PT
Updates may fail to install and you may receive Error 0x80073701
Installation of updates may fail and you may receive error code 0x80073701.

See details >OS Build 18362.145

May 29, 2019
KB4497935Resolved
November 12, 2019
08:11 AM PT
Intel Audio displays an intcdaud.sys notification
Devices with a range of Intel Display Audio device drivers may experience battery drain.

See details >OS Build 18362.116

May 21, 2019
KB4505057Resolved External
November 12, 2019
08:04 AM PT -
Gamma ramps, color profiles, and night light settings do not apply in some cases
Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

See details >OS Build 18362.116

May 21, 2019
KB4505057Resolved
KB4505903July 26, 2019
02:00 PM PT
Unable to discover or connect to Bluetooth devices using some Qualcomm adapters
Microsoft has identified compatibility issues with some versions of Qualcomm Bluetooth radio drivers.

See details >OS Build 18362.116

May 21, 2019
KB4505057Resolved
KB4517389October 08, 2019
10:00 AM PT
Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters
Some devices with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards may experience compatibility issues.

See details >N/A

Resolved
KB4522355October 24, 2019
10:00 AM PT
dGPU occasionally disappear from device manager on Surface Book 2
Some apps or games may close or fail to open on Surface Book 2 devices with Nvidia dGPU.

See details >OS Build 18362.145

May 29, 2019
KB4497935Resolved
October 18, 2019
04:33 PM PT @@ -54,8 +53,6 @@ sections:
Windows Sandbox may fail to start with error code “0x80070002”
Windows Sandbox may fail to start on devices in which the operating system language was changed between updates.

See details >OS Build 18362.116

May 21, 2019
KB4505057Resolved
KB4512941August 30, 2019
10:00 AM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using PXE images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >OS Build 18362.175

June 11, 2019
KB4503293Resolved
KB4512941August 30, 2019
10:00 AM PT
MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices
You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.

See details >OS Build 18362.175

June 11, 2019
KB4503293Resolved External
August 09, 2019
07:03 PM PT -
Display brightness may not respond to adjustments
Devices configured with certain Intel display drivers may experience a driver compatibility issue.

See details >OS Build 18362.116

May 21, 2019
KB4505057Resolved
KB4505903July 26, 2019
02:00 PM PT -
RASMAN service may stop working and result in the error “0xc0000005”
The RASMAN service may stop working with VPN profiles configured as an Always On VPN connection.

See details >OS Build 18362.145

May 29, 2019
KB4497935Resolved
KB4505903July 26, 2019
02:00 PM PT " @@ -116,15 +113,6 @@ sections: " -- title: June 2019 -- items: - - type: markdown - text: " - - -
DetailsOriginating updateStatusHistory
RASMAN service may stop working and result in the error “0xc0000005”
The Remote Access Connection Manager (RASMAN) service may stop working and you may receive the error “0xc0000005” on devices where the diagnostic data level is manually configured to the non-default setting of 0. You may also receive an error in the Application section of Windows Logs in Event Viewer with Event ID 1000 referencing “svchost.exe_RasMan” and “rasman.dll”.

This issue only occurs when a VPN profile is configured as an Always On VPN (AOVPN) connection with or without device tunnel. This does not affect manual only VPN profiles or connections.

Affected platforms
  • Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4505903.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Resolved
KB4505903		Resolved:
July 26, 2019
02:00 PM PT

Opened:
June 28, 2019
05:01 PM PT
- " - - title: May 2019 - items: - type: markdown @@ -133,8 +121,6 @@ sections:
Intermittent loss of Wi-Fi connectivity
Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).

To safeguard your upgrade experience, we have applied a hold on devices with affected Qualcomm driver from being offered Windows 10, version 1903 or Windows 10, version 1909, until the updated driver is installed.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903
Resolution: This issue was resolved with an updated Qualcomm Wifi driver and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved External
Last updated:
November 22, 2019
04:10 PM PT

Opened:
May 21, 2019
07:13 AM PT
Unable to discover or connect to Bluetooth devices using some Realtek adapters
Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.

Affected platforms:
  • Client: Windows 10, version 1909; Windows 10, version 1903
  • Server: Windows 10, version 1909; Windows Server, version 1903
Resolution: This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved External
Last updated:
November 15, 2019
05:59 PM PT

Opened:
May 21, 2019
07:29 AM PT
Intel Audio displays an intcdaud.sys notification
Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain. If you see an intcdaud.sys notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).
  
To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until updated device drivers have been installed.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809
Resolution: This issue was resolved with updated drivers from your device manufacturer (OEM) or Intel. The safeguard hold has been removed.

Note If you are still experiencing the issue described, please contact your device manufacturer (OEM).

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved External
Last updated:
November 12, 2019
08:04 AM PT

Opened:
May 21, 2019
07:22 AM PT -
Gamma ramps, color profiles, and night light settings do not apply in some cases
Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

Microsoft has identified some scenarios in which these features may have issues or stop working, for example:
  • Connecting to (or disconnecting from) an external monitor, dock, or projector
  • Rotating the screen
  • Updating display drivers or making other display mode changes
  • Closing full screen applications
  • Applying custom color profiles
  • Running applications that rely on custom gamma ramps
Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4505903 and the safeguard hold has been removed.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved
KB4505903Resolved:
July 26, 2019
02:00 PM PT

Opened:
May 21, 2019
07:28 AM PT
Windows Sandbox may fail to start with error code “0x80070002”
Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4512941.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved
KB4512941Resolved:
August 30, 2019
10:00 AM PT

Opened:
May 24, 2019
04:20 PM PT -
Display brightness may not respond to adjustments
Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers. After updating to Windows 10, version 1903, brightness settings may sometime appear as if changes applied took effect, yet the actual display brightness doesn't change.

To safeguard your update experience, we have applied a compatibility hold on devices with certain Intel drivers from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4505903 and the safeguard hold has been removed. Please ensure you have applied the resolving update before attempting to update to the Windows 10 May 2019 Update (version 1903). Please note, it can take up to 48 hours for the safeguard to be removed.

Back to topOS Build 18362.116

May 21, 2019
KB4505057Resolved
KB4505903Resolved:
July 26, 2019
02:00 PM PT

Opened:
May 21, 2019
07:56 AM PT " diff --git a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml index f88f58ac4c..1db3c602ad 100644 --- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml +++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml @@ -60,7 +60,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -79,7 +79,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Custom wallpaper displays as black
Using a custom image set to \"Stretch\" might not display as expected.

See details >		January 14, 2020
KB4534310		Mitigated
January 24, 2020
09:15 AM PT
Custom wallpaper displays as black
Using a custom image set to \"Stretch\" might not display as expected.

See details >		January 14, 2020
KB4534310		Mitigated
January 26, 2020
06:01 PM PT
MSRT might fail to install and be re-offered from Windows Update or WSUS
The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.

See details >
Resolved
January 23, 2020
02:08 PM PT
TLS connections might fail or timeout
Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.

See details >		October 08, 2019
KB4519976		Mitigated External
November 05, 2019
03:36 PM PT
IA64 and x64 devices may fail to start after installing updates
After installing updates released on or after August 13, 2019, IA64 and x64 devices using EFI Boot may fail to start.

See details >		August 13, 2019
KB4512506		Mitigated
August 17, 2019
12:59 PM PT
- +
DetailsOriginating updateStatusHistory
Custom wallpaper displays as black
After installing KB4534310, your desktop wallpaper when set to \"Stretch\" might display as black.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Workaround: To mitigate the issue, you can do one of the following:
  • Set your custom image to an option other than \"Stretch\", such as “Fill”, “Fit”, “Tile”, or “Center”, or
  • Choose a custom wallpaper that matches the resolution of your desktop.
Next steps: We are working on a resolution and estimate a solution will be available in mid-February for organizations who have purchased Windows 7 Extended Security Updates (ESU).

Back to top		January 14, 2020
KB4534310		Mitigated
Last updated:
January 24, 2020
09:15 AM PT

Opened:
January 24, 2020
09:15 AM PT
Custom wallpaper displays as black
After installing KB4534310, your desktop wallpaper when set to \"Stretch\" might display as black.

Affected platforms:
  • Client: Windows 7 SP1
  • Server: Windows Server 2008 R2 SP1
Workaround: To mitigate the issue, you can do one of the following:
  • Set your custom image to an option other than \"Stretch\", such as “Fill”, “Fit”, “Tile”, or “Center”, or
  • Choose a custom wallpaper that matches the resolution of your desktop.
Next steps: We are working on a resolution and estimate a solution will be available mid-February, which will be released to all customers running Windows 7 and Windows Server 2008 R2 SP1.

Back to top		January 14, 2020
KB4534310		Mitigated
Last updated:
January 26, 2020
06:01 PM PT

Opened:
January 24, 2020
09:15 AM PT
" From 7583518cdc2d301344c35a968b0a5b11f6bd9b04 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Mon, 27 Jan 2020 10:25:53 -1000 Subject: [PATCH 68/73] Update .openpublishing.redirection.json --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 12475ff7c6..7713cc7237 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -58,7 +58,7 @@ { "source_path": "devices/surface/manage-surface-pro-3-firmware-updates.md", "redirect_url": "https://docs.microsoft.com/surface/manage-surface-driver-and-firmware-updates", -"redirect_document_id": true +"redirect_document_id": false }, { "source_path": "devices/surface/update.md", From 9652500324aec4990118e4e097ef83e60d71e15a Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 12:40:36 -0800 Subject: [PATCH 69/73] Update preview.md --- .../threat-protection/microsoft-defender-atp/preview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md index a605c4517f..4cde145e4c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md @@ -43,7 +43,7 @@ Turn on the preview experience setting to be among the first to try upcoming fea ## Preview features The following features are included in the preview release: -- [Threat & Vulnerability Management API support](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list)
Run Threat & Vulnerability Management-related API calls such as get your organization's threat exposure score or device secure score, software and machine vulnerability inventory, software version distribution, machine vulnerability information, security recommandation information. +- [Threat & Vulnerability Management API support](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list)
Run Threat & Vulnerability Management-related API calls such as get your organization's threat exposure score or device secure score, software and machine vulnerability inventory, software version distribution, machine vulnerability information, security recommendation information. - [Threat & Vulnerability supported operating systems and platforms](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os)
Ensure that you meet the operating system or platform requisites for Threat & Vulnerability Management so the activities in your devices are properly accounted for. Threat & Vulnerability Management supports Windows 7, Windows 10 1607-1703, Windows 10 1709+, Windows Server 2008R2, Windows Server 2012R2, Windows Server 2016, Windows Server 2019. From a5f51f1e5e99c0c4cd4cdf08b7186090e84f9469 Mon Sep 17 00:00:00 2001 From: Dulce Montemayor Date: Mon, 27 Jan 2020 12:43:22 -0800 Subject: [PATCH 70/73] Fixed spelling error --- .../threat-protection/microsoft-defender-atp/recommendation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md index 2da5fe1030..221645d516 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/recommendation.md @@ -49,7 +49,7 @@ severityScore | Double | Potential impact of the configuration to the organizati publicExploit | Boolean | Public exploit is available activeAlert | Boolean | Active alert is associated with this recommendation associatedThreats | String collection | Threat analytics report is associated with this recommendation -remediationType | String | Remedation type. Possible values are: “ConfigurationChange”,“Update”,“Upgrade”,”Uninstall” +remediationType | String | Remediation type. Possible values are: “ConfigurationChange”,“Update”,“Upgrade”,”Uninstall” Status | Enum | Recommendation exception status. Possible values are: “Active” and “Exception” configScoreImpact | Double | Configuration score impact exposureImpacte | Double | Exposure score impact From 7e7f2b1055ab134af49da4bf52402e05195e40be Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 27 Jan 2020 14:02:39 -0800 Subject: [PATCH 71/73] Indented a note in a list item --- .../maintain-optimal-power-settings-on-Surface-devices.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md index 135851cb06..2631b5f837 100644 --- a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md +++ b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md @@ -32,8 +32,8 @@ To ensure Surface devices across your organization fully benefit from Surface po - Avoid creating custom power profiles or adjusting advanced power settings not visible in the default UI (**System** > **Power & sleep**). - If you must manage the power profile of devices across your network (such as in highly managed organizations), use the powercfg command tool to export the power plan from the factory image of the Surface device and then import it into the provisioning package for your Surface devices. ->[!NOTE] ->You can only export a power plan across the same type of Surface device. For example, you cannot export a power plan from Surface Laptop and import it on Surface Pro. For more information, refer to [Configure power settings](https://docs.microsoft.com/windows-hardware/customize/power-settings/configure-power-settings). + >[!NOTE] + >You can only export a power plan across the same type of Surface device. For example, you cannot export a power plan from Surface Laptop and import it on Surface Pro. For more information, refer to [Configure power settings](https://docs.microsoft.com/windows-hardware/customize/power-settings/configure-power-settings). - Exclude Surface devices from any existing power management policy settings. @@ -178,4 +178,4 @@ To learn more, see: - [Battery saver](https://docs.microsoft.com/windows-hardware/design/component-guidelines/battery-saver) -- [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) \ No newline at end of file +- [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) From 97570ddcf62f66f95532bdbff5b148f5774acdc4 Mon Sep 17 00:00:00 2001 From: isbrahm <43386070+isbrahm@users.noreply.github.com> Date: Mon, 27 Jan 2020 14:27:34 -0800 Subject: [PATCH 72/73] Add information about policy deletion --- ...nder-application-control-policies-using-intune.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index c3ccef8510..128fb4d3a3 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -48,7 +48,8 @@ In order to deploy a custom policy through Intune and define your own circle of ## Using a Custom OMA-URI Profile -For 1903+ systems, the steps to use Intune's Custom OMA-URI functionality to leverage the [ApplicationControl CSP](https://docs.microsoft.com/windows/client-management/mdm/applicationcontrol-csp) and deploy a custom WDAC policy are: +### For 1903+ systems +The steps to use Intune's Custom OMA-URI functionality to leverage the [ApplicationControl CSP](https://docs.microsoft.com/windows/client-management/mdm/applicationcontrol-csp) and deploy a custom WDAC policy to 1903+ systems are: 1. Know a generated policy’s GUID, which can be found in the policy xml as `` 2. Convert the policy XML to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. @@ -61,7 +62,11 @@ For 1903+ systems, the steps to use Intune's Custom OMA-URI functionality to lev ![Configure custom WDAC](images/wdac-intune-custom-oma-uri.png) -For pre-1903 systems, the steps to use Intune's Custom OMA-URI functionality to leverage the [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp) and deploy a custom WDAC policy are: +> [!NOTE] +> Upon deletion, policies deployed through Intune via the ApplicationControl CSP are removed from the system but stay in effect until the next reboot. In order to functionally do a rebootless delete, replace the existing policy with an Allow All policy (found at C:\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml) and then delete the updated policy. This will immediately prevent anything from being blocked and fully deactive the policy on the next reboot. + +### For pre-1903 systems +The steps to use Intune's Custom OMA-URI functionality to leverage the [AppLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/applocker-csp) and deploy a custom WDAC policy to pre-1903 systems are: 1. Convert the policy XML to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. 2. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**. @@ -70,3 +75,6 @@ For pre-1903 systems, the steps to use Intune's Custom OMA-URI functionality to - **OMA-URI**: ./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/_Grouping_/CodeIntegrity/Policy) - **Data type**: Base64 - **Certificate file**: upload your binary format policy file + +> [!NOTE] +> Policies deployed through Intune via the AppLocker CSP cannot be deleted through the Intune console. In order to disable WDAC policy enforcement, either deploy an audit-mode policy and/or use a script to delete the existing policy. From 777eadaf98117cb4c85b6b8e23b930acfee515b9 Mon Sep 17 00:00:00 2001 From: isbrahm <43386070+isbrahm@users.noreply.github.com> Date: Mon, 27 Jan 2020 14:56:35 -0800 Subject: [PATCH 73/73] Add deletion information to AppControl CSP --- .../client-management/mdm/applicationcontrol-csp.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index ef81d89611..121f28dad6 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -234,15 +234,23 @@ The following is an example of Get command: ### Delete policies +#### Rebootless Deletion + +Upon deletion, policies deployed via the ApplicationControl CSP are removed from the system but stay in effect until the next reboot. In order to functionally do a rebootless delete, first replace the existing policy with an Allow All policy (found at C:\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml) and then delete the updated policy. This will immediately prevent anything from being blocked and fully deactive the policy on the next reboot. + +#### Unsigned Policies + To delete an unsigned policy, perform a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy**. +#### Signed Policies + > [!NOTE] -> Only signed things should be able to update signed policies. Hence, performing a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** is not sufficient to delete a signed policy. +> A signed policy by default can only be replaced by another signed policy. Hence, performing a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** is not sufficient to delete a signed policy. To delete a signed policy: 1. Replace it with a signed update allowing unsigned policy. -2. Deploy another update with unsigned policy. +2. Deploy another update with unsigned Allow All policy. 3. Perform delete. The following is an example of Delete command:

Deploy

+

Manage and deploy Surface driver and firmware updates

Autopilot and Surface devices

Deploying, managing, and servicing Surface Pro X

-

Deploy the latest firmware and drivers

+